From 8daa83a594a2e98f39d764422bfbdbc62c9efd44 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Fri, 19 Apr 2024 19:20:00 +0200
Subject: Adding upstream version 2:4.20.0+dfsg.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 source4/.clang_complete                            |    10 +
 source4/.valgrind_suppressions                     |   147 +
 source4/auth/auth.h                                |   215 +
 source4/auth/gensec/gensec_gssapi.c                |  1731 +
 source4/auth/gensec/gensec_gssapi.h                |    69 +
 source4/auth/gensec/gensec_krb5.c                  |  1133 +
 source4/auth/gensec/gensec_krb5.h                  |    10 +
 source4/auth/gensec/gensec_krb5_heimdal.c          |   102 +
 source4/auth/gensec/gensec_krb5_helpers.c          |    72 +
 source4/auth/gensec/gensec_krb5_helpers.h          |    32 +
 source4/auth/gensec/gensec_krb5_internal.h         |    47 +
 source4/auth/gensec/gensec_krb5_mit.c              |   102 +
 source4/auth/gensec/gensec_tstream.c               |   616 +
 source4/auth/gensec/gensec_tstream.h               |    40 +
 source4/auth/gensec/pygensec.c                     |   779 +
 source4/auth/gensec/wscript_build                  |    41 +
 source4/auth/kerberos/kerberos-notes.txt           |   760 +
 .../kerberos/kerberos-porting-to-mit-notes.txt     |   803 +
 source4/auth/kerberos/kerberos.h                   |    89 +
 source4/auth/kerberos/kerberos_credentials.h       |    38 +
 source4/auth/kerberos/kerberos_pac.c               |   539 +
 source4/auth/kerberos/kerberos_util.c              |   721 +
 source4/auth/kerberos/krb5_init_context.c          |   885 +
 source4/auth/kerberos/krb5_init_context.h          |    79 +
 source4/auth/kerberos/srv_keytab.c                 |   407 +
 source4/auth/kerberos/wscript_build                |    26 +
 source4/auth/ntlm/auth.c                           |   869 +
 source4/auth/ntlm/auth_anonymous.c                 |   166 +
 source4/auth/ntlm/auth_developer.c                 |   224 +
 source4/auth/ntlm/auth_sam.c                       |  1417 +
 source4/auth/ntlm/auth_server_service.c            |    29 +
 source4/auth/ntlm/auth_simple.c                    |   221 +
 source4/auth/ntlm/auth_util.c                      |   183 +
 source4/auth/ntlm/auth_winbind.c                   |   326 +
 source4/auth/ntlm/wscript_build                    |    51 +
 source4/auth/pyauth.c                              |   507 +
 source4/auth/pyauth.h                              |    29 +
 source4/auth/sam.c                                 |  1900 +
 source4/auth/samba_server_gensec.c                 |   152 +
 source4/auth/session.c                             |   828 +
 source4/auth/session.h                             |   152 +
 source4/auth/system_session.c                      |   577 +
 source4/auth/tests/heimdal_unwrap_des.c            |  1244 +
 source4/auth/tests/kerberos.c                      |   123 +
 source4/auth/tests/sam.c                           |  2746 ++
 source4/auth/unix_token.c                          |   228 +
 source4/auth/wscript_build                         |    96 +
 source4/auth/wscript_configure                     |     4 +
 source4/cldap_server/cldap_server.c                |   260 +
 source4/cldap_server/cldap_server.h                |    35 +
 source4/cldap_server/rootdse.c                     |   183 +
 source4/cldap_server/wscript_build                 |    17 +
 source4/client/cifsdd.c                            |   733 +
 source4/client/cifsdd.h                            |   109 +
 source4/client/cifsddio.c                          |   524 +
 source4/client/client.c                            |  3552 ++
 source4/client/tests/test_cifsdd.sh                |    77 +
 source4/client/tests/test_smbclient.sh             |   154 +
 source4/cluster/cluster.c                          |    86 +
 source4/cluster/cluster.h                          |    51 +
 source4/cluster/cluster_private.h                  |    43 +
 source4/cluster/local.c                            |   121 +
 source4/cluster/wscript_build                      |     8 +
 source4/dns_server/TODO                            |    12 +
 source4/dns_server/dlz_bind9.c                     |  2219 +
 source4/dns_server/dlz_minimal.h                   |   317 +
 source4/dns_server/dns_crypto.c                    |   448 +
 source4/dns_server/dns_query.c                     |  1176 +
 source4/dns_server/dns_server.c                    |   965 +
 source4/dns_server/dns_server.h                    |   124 +
 source4/dns_server/dns_update.c                    |   879 +
 source4/dns_server/dns_utils.c                     |   130 +
 source4/dns_server/dnsserver_common.c              |  1594 +
 source4/dns_server/dnsserver_common.h              |   139 +
 source4/dns_server/pydns.c                         |   445 +
 source4/dns_server/wscript_build                   |    98 +
 source4/dsdb/common/dsdb_access.c                  |   183 +
 source4/dsdb/common/dsdb_dn.c                      |   571 +
 source4/dsdb/common/dsdb_dn.h                      |    21 +
 source4/dsdb/common/rodc_helper.c                  |   284 +
 source4/dsdb/common/tests/dsdb.c                   |    93 +
 source4/dsdb/common/tests/dsdb_dn.c                |   374 +
 source4/dsdb/common/util.c                         |  6796 +++
 source4/dsdb/common/util.h                         |   101 +
 source4/dsdb/common/util_groups.c                  |   200 +
 source4/dsdb/common/util_links.c                   |   229 +
 source4/dsdb/common/util_links.h                   |    48 +
 source4/dsdb/common/util_samr.c                    |   593 +
 source4/dsdb/common/util_trusts.c                  |  3443 ++
 source4/dsdb/dns/dns_update.c                      |   464 +
 source4/dsdb/kcc/garbage_collect_tombstones.c      |   347 +
 source4/dsdb/kcc/garbage_collect_tombstones.h      |    34 +
 source4/dsdb/kcc/kcc_connection.c                  |   252 +
 source4/dsdb/kcc/kcc_connection.h                  |    39 +
 source4/dsdb/kcc/kcc_drs_replica_info.c            |   911 +
 source4/dsdb/kcc/kcc_periodic.c                    |   825 +
 source4/dsdb/kcc/kcc_service.c                     |   364 +
 source4/dsdb/kcc/kcc_service.h                     |   101 +
 source4/dsdb/kcc/scavenge_dns_records.c            |   531 +
 source4/dsdb/kcc/scavenge_dns_records.h            |    36 +
 source4/dsdb/pydsdb.c                              |  1837 +
 source4/dsdb/repl/drepl_extended.c                 |   211 +
 source4/dsdb/repl/drepl_fsmo.c                     |   147 +
 source4/dsdb/repl/drepl_notify.c                   |   485 +
 source4/dsdb/repl/drepl_out_helpers.c              |  1356 +
 source4/dsdb/repl/drepl_out_helpers.h              |    26 +
 source4/dsdb/repl/drepl_out_pull.c                 |   260 +
 source4/dsdb/repl/drepl_partitions.c               |   665 +
 source4/dsdb/repl/drepl_periodic.c                 |   157 +
 source4/dsdb/repl/drepl_replica.c                  |    62 +
 source4/dsdb/repl/drepl_ridalloc.c                 |   265 +
 source4/dsdb/repl/drepl_secret.c                   |   146 +
 source4/dsdb/repl/drepl_service.c                  |   545 +
 source4/dsdb/repl/drepl_service.h                  |   251 +
 source4/dsdb/repl/replicated_objects.c             |  1283 +
 source4/dsdb/samdb.pc.in                           |    10 +
 source4/dsdb/samdb/cracknames.c                    |  1804 +
 source4/dsdb/samdb/ldb_modules/acl.c               |  2892 ++
 source4/dsdb/samdb/ldb_modules/acl_read.c          |  1302 +
 source4/dsdb/samdb/ldb_modules/acl_util.c          |   376 +
 source4/dsdb/samdb/ldb_modules/anr.c               |   440 +
 source4/dsdb/samdb/ldb_modules/audit_log.c         |  1913 +
 source4/dsdb/samdb/ldb_modules/audit_util.c        |   697 +
 source4/dsdb/samdb/ldb_modules/count_attrs.c       |   644 +
 source4/dsdb/samdb/ldb_modules/descriptor.c        |  2069 +
 source4/dsdb/samdb/ldb_modules/dirsync.c           |  1381 +
 source4/dsdb/samdb/ldb_modules/dns_notify.c        |   450 +
 source4/dsdb/samdb/ldb_modules/dsdb_notification.c |   262 +
 source4/dsdb/samdb/ldb_modules/encrypted_secrets.c |  1401 +
 source4/dsdb/samdb/ldb_modules/extended_dn_in.c    |   801 +
 source4/dsdb/samdb/ldb_modules/extended_dn_out.c   |   672 +
 source4/dsdb/samdb/ldb_modules/extended_dn_store.c |   830 +
 source4/dsdb/samdb/ldb_modules/group_audit.c       |  1555 +
 source4/dsdb/samdb/ldb_modules/instancetype.c      |   173 +
 source4/dsdb/samdb/ldb_modules/lazy_commit.c       |   128 +
 source4/dsdb/samdb/ldb_modules/linked_attributes.c |  1587 +
 source4/dsdb/samdb/ldb_modules/netlogon.c          |   516 +
 source4/dsdb/samdb/ldb_modules/new_partition.c     |   213 +
 source4/dsdb/samdb/ldb_modules/objectclass.c       |  1477 +
 source4/dsdb/samdb/ldb_modules/objectclass_attrs.c |   752 +
 source4/dsdb/samdb/ldb_modules/objectguid.c        |   252 +
 source4/dsdb/samdb/ldb_modules/operational.c       |  1920 +
 source4/dsdb/samdb/ldb_modules/paged_results.c     |   888 +
 source4/dsdb/samdb/ldb_modules/partition.c         |  1721 +
 source4/dsdb/samdb/ldb_modules/partition.h         |    64 +
 source4/dsdb/samdb/ldb_modules/partition_init.c    |   885 +
 .../dsdb/samdb/ldb_modules/partition_metadata.c    |   596 +
 source4/dsdb/samdb/ldb_modules/password_hash.c     |  5220 ++
 source4/dsdb/samdb/ldb_modules/password_modules.h  |     3 +
 source4/dsdb/samdb/ldb_modules/proxy.c             |   415 +
 source4/dsdb/samdb/ldb_modules/ranged_results.c    |   295 +
 source4/dsdb/samdb/ldb_modules/repl_meta_data.c    |  8764 ++++
 source4/dsdb/samdb/ldb_modules/resolve_oids.c      |   710 +
 source4/dsdb/samdb/ldb_modules/ridalloc.c          |   829 +
 source4/dsdb/samdb/ldb_modules/rootdse.c           |  1802 +
 source4/dsdb/samdb/ldb_modules/samba3sam.c         |   977 +
 source4/dsdb/samdb/ldb_modules/samba3sid.c         |   207 +
 source4/dsdb/samdb/ldb_modules/samba_dsdb.c        |   611 +
 source4/dsdb/samdb/ldb_modules/samba_secrets.c     |   103 +
 source4/dsdb/samdb/ldb_modules/samldb.c            |  5736 +++
 source4/dsdb/samdb/ldb_modules/schema_data.c       |   691 +
 source4/dsdb/samdb/ldb_modules/schema_load.c       |   657 +
 source4/dsdb/samdb/ldb_modules/schema_util.c       |   345 +
 source4/dsdb/samdb/ldb_modules/secrets_tdb_sync.c  |   532 +
 source4/dsdb/samdb/ldb_modules/show_deleted.c      |   220 +
 source4/dsdb/samdb/ldb_modules/subtree_delete.c    |   142 +
 source4/dsdb/samdb/ldb_modules/subtree_rename.c    |   202 +
 .../samdb/ldb_modules/tests/possibleinferiors.py   |   265 +
 .../dsdb/samdb/ldb_modules/tests/test_audit_log.c  |  2305 +
 .../ldb_modules/tests/test_audit_log_errors.c      |   639 +
 .../dsdb/samdb/ldb_modules/tests/test_audit_util.c |  1261 +
 .../ldb_modules/tests/test_encrypted_secrets.c     |   973 +
 .../samdb/ldb_modules/tests/test_group_audit.c     |  2022 +
 .../ldb_modules/tests/test_group_audit.valgrind    |    19 +
 .../ldb_modules/tests/test_group_audit_errors.c    |   266 +
 .../ldb_modules/tests/test_unique_object_sids.c    |   514 +
 .../dsdb/samdb/ldb_modules/tombstone_reanimate.c   |   423 +
 .../dsdb/samdb/ldb_modules/unique_object_sids.c    |   262 +
 source4/dsdb/samdb/ldb_modules/update_keytab.c     |   510 +
 source4/dsdb/samdb/ldb_modules/util.c              |  1921 +
 source4/dsdb/samdb/ldb_modules/util.h              |    43 +
 source4/dsdb/samdb/ldb_modules/vlv_pagination.c    |   946 +
 source4/dsdb/samdb/ldb_modules/wscript             |    38 +
 source4/dsdb/samdb/ldb_modules/wscript_build       |    60 +
 .../dsdb/samdb/ldb_modules/wscript_build_server    |   539 +
 source4/dsdb/samdb/samdb.c                         |   344 +
 source4/dsdb/samdb/samdb.h                         |   410 +
 source4/dsdb/samdb/samdb_privilege.c               |   134 +
 source4/dsdb/schema/dsdb_dn.c                      |   102 +
 source4/dsdb/schema/prefixmap.h                    |    54 +
 source4/dsdb/schema/schema.h                       |   351 +
 source4/dsdb/schema/schema_convert_to_ol.c         |   377 +
 source4/dsdb/schema/schema_description.c           |   397 +
 source4/dsdb/schema/schema_filtered.c              |   101 +
 source4/dsdb/schema/schema_inferiors.c             |   347 +
 source4/dsdb/schema/schema_info_attr.c             |   235 +
 source4/dsdb/schema/schema_init.c                  |  1038 +
 source4/dsdb/schema/schema_prefixmap.c             |   710 +
 source4/dsdb/schema/schema_query.c                 |   620 +
 source4/dsdb/schema/schema_set.c                   |  1191 +
 source4/dsdb/schema/schema_syntax.c                |  2811 ++
 source4/dsdb/schema/tests/schema_syntax.c          |   271 +
 source4/dsdb/tests/python/acl.py                   |  5795 +++
 source4/dsdb/tests/python/acl_modify.py            |   179 +
 .../dsdb/tests/python/ad_dc_medley_performance.py  |   523 +
 source4/dsdb/tests/python/ad_dc_multi_bind.py      |    88 +
 source4/dsdb/tests/python/ad_dc_performance.py     |   340 +
 .../tests/python/ad_dc_provision_performance.py    |   131 +
 .../dsdb/tests/python/ad_dc_search_performance.py  |   296 +
 source4/dsdb/tests/python/asq.py                   |   225 +
 source4/dsdb/tests/python/attr_from_server.py      |   149 +
 source4/dsdb/tests/python/confidential_attr.py     |  1137 +
 source4/dsdb/tests/python/deletetest.py            |   565 +
 source4/dsdb/tests/python/dirsync.py               |  1107 +
 source4/dsdb/tests/python/dsdb_schema_info.py      |   203 +
 source4/dsdb/tests/python/large_ldap.py            |   338 +
 source4/dsdb/tests/python/ldap.py                  |  3332 ++
 source4/dsdb/tests/python/ldap_modify_order.py     |   371 +
 source4/dsdb/tests/python/ldap_schema.py           |  1597 +
 source4/dsdb/tests/python/ldap_syntaxes.py         |   388 +
 source4/dsdb/tests/python/linked_attributes.py     |   839 +
 source4/dsdb/tests/python/login_basics.py          |   273 +
 source4/dsdb/tests/python/ndr_pack_performance.py  |   215 +
 source4/dsdb/tests/python/notification.py          |   367 +
 source4/dsdb/tests/python/password_lockout.py      |  1704 +
 source4/dsdb/tests/python/password_lockout_base.py |   785 +
 source4/dsdb/tests/python/password_settings.py     |   876 +
 source4/dsdb/tests/python/passwords.py             |  1451 +
 source4/dsdb/tests/python/priv_attrs.py            |   392 +
 source4/dsdb/tests/python/rodc.py                  |   254 +
 source4/dsdb/tests/python/rodc_rwdc.py             |  1324 +
 source4/dsdb/tests/python/sam.py                   |  3874 ++
 source4/dsdb/tests/python/sec_descriptor.py        |  2705 ++
 source4/dsdb/tests/python/sites.py                 |   637 +
 source4/dsdb/tests/python/sort.py                  |   379 +
 source4/dsdb/tests/python/subtree_rename.py        |   422 +
 ...rder_account_locality_device-non-admin.expected |    31 +
 .../modify_order_account_locality_device.expected  |    34 +
 ...modify_order_container_flags-non-admin.expected |   129 +
 .../testdata/modify_order_container_flags.expected |   134 +
 ...r_container_flags_multivalue-non-admin.expected |   127 +
 ...odify_order_container_flags_multivalue.expected |   138 +
 .../modify_order_inapplicable-non-admin.expected   |    31 +
 .../testdata/modify_order_inapplicable.expected    |    34 +
 .../modify_order_member-non-admin.expected         |   127 +
 .../python/testdata/modify_order_member.expected   |   190 +
 .../testdata/modify_order_mixed-non-admin.expected |   128 +
 .../python/testdata/modify_order_mixed.expected    |   143 +
 .../modify_order_mixed2-non-admin.expected         |   128 +
 .../python/testdata/modify_order_mixed2.expected   |   143 +
 .../modify_order_objectclass-non-admin.expected    |    31 +
 .../testdata/modify_order_objectclass.expected     |    35 +
 .../modify_order_objectclass2-non-admin.expected   |   726 +
 .../testdata/modify_order_objectclass2.expected    |   735 +
 .../modify_order_singlevalue-non-admin.expected    |   727 +
 .../testdata/modify_order_singlevalue.expected     |   740 +
 ...order_sometimes_inapplicable-non-admin.expected |   127 +
 .../modify_order_sometimes_inapplicable.expected   |   127 +
 .../modify_order_telephone-non-admin.expected      |   727 +
 .../testdata/modify_order_telephone.expected       |   752 +
 ...rder_telephone_delete_delete-non-admin.expected |   727 +
 .../modify_order_telephone_delete_delete.expected  |   736 +
 .../dsdb/tests/python/testdata/simplesort.expected |     8 +
 .../tests/python/testdata/unicodesort.expected     |    16 +
 source4/dsdb/tests/python/token_group.py           |   738 +
 source4/dsdb/tests/python/tombstone_reanimation.py |   958 +
 source4/dsdb/tests/python/unicodepwd_encrypted.py  |   151 +
 source4/dsdb/tests/python/urgent_replication.py    |   339 +
 source4/dsdb/tests/python/user_account_control.py  |  1298 +
 source4/dsdb/tests/python/vlv.py                   |  1786 +
 source4/dsdb/wscript_build                         |    83 +
 source4/echo_server/echo_server.c                  |   336 +
 source4/echo_server/echo_server.h                  |    33 +
 source4/echo_server/wscript_build                  |    10 +
 source4/include/includes.h                         |    72 +
 source4/kdc/ad_claims.c                            |  1225 +
 source4/kdc/ad_claims.h                            |    36 +
 source4/kdc/authn_policy_util.c                    |  1316 +
 source4/kdc/authn_policy_util.h                    |   228 +
 source4/kdc/db-glue.c                              |  3872 ++
 source4/kdc/db-glue.h                              |   113 +
 source4/kdc/hdb-samba4-plugin.c                    |    85 +
 source4/kdc/hdb-samba4.c                           |  1267 +
 source4/kdc/kdc-glue.c                             |    92 +
 source4/kdc/kdc-glue.h                             |    62 +
 source4/kdc/kdc-heimdal.c                          |   550 +
 source4/kdc/kdc-proxy.c                            |   596 +
 source4/kdc/kdc-proxy.h                            |    45 +
 source4/kdc/kdc-server.c                           |   623 +
 source4/kdc/kdc-server.h                           |    83 +
 source4/kdc/kdc-service-mit.c                      |   395 +
 source4/kdc/kdc-service-mit.h                      |    27 +
 source4/kdc/kpasswd-helper.c                       |   264 +
 source4/kdc/kpasswd-helper.h                       |    48 +
 source4/kdc/kpasswd-service-heimdal.c              |   326 +
 source4/kdc/kpasswd-service-mit.c                  |   402 +
 source4/kdc/kpasswd-service.c                      |   395 +
 source4/kdc/kpasswd-service.h                      |    43 +
 source4/kdc/kpasswd_glue.c                         |    88 +
 source4/kdc/kpasswd_glue.h                         |    31 +
 source4/kdc/ktutil.c                               |   122 +
 source4/kdc/mit-kdb/kdb_samba.c                    |   178 +
 source4/kdc/mit-kdb/kdb_samba.h                    |   182 +
 source4/kdc/mit-kdb/kdb_samba_change_pwd.c         |    59 +
 source4/kdc/mit-kdb/kdb_samba_common.c             |   103 +
 source4/kdc/mit-kdb/kdb_samba_masterkey.c          |    69 +
 source4/kdc/mit-kdb/kdb_samba_pac.c                |   115 +
 source4/kdc/mit-kdb/kdb_samba_policies.c           |   397 +
 source4/kdc/mit-kdb/kdb_samba_principals.c         |   397 +
 source4/kdc/mit-kdb/wscript_build                  |    22 +
 source4/kdc/mit_kdc_irpc.c                         |   204 +
 source4/kdc/mit_kdc_irpc.h                         |    20 +
 source4/kdc/mit_samba.c                            |  1065 +
 source4/kdc/mit_samba.h                            |   106 +
 source4/kdc/pac-blobs.c                            |   253 +
 source4/kdc/pac-blobs.h                            |    83 +
 source4/kdc/pac-glue.c                             |  3248 ++
 source4/kdc/pac-glue.h                             |   202 +
 source4/kdc/samba_kdc.h                            |    83 +
 source4/kdc/sdb.c                                  |   195 +
 source4/kdc/sdb.h                                  |   150 +
 source4/kdc/sdb_to_hdb.c                           |   359 +
 source4/kdc/sdb_to_kdb.c                           |   332 +
 source4/kdc/wdc-samba4.c                           |   937 +
 source4/kdc/wscript_build                          |   194 +
 source4/ldap_server/ldap_backend.c                 |  1637 +
 source4/ldap_server/ldap_bind.c                    |   783 +
 source4/ldap_server/ldap_extended.c                |   263 +
 source4/ldap_server/ldap_server.c                  |  1694 +
 source4/ldap_server/ldap_server.h                  |   133 +
 source4/ldap_server/wscript_build                  |    13 +
 source4/lib/events/events.h                        |     6 +
 source4/lib/events/tevent_s4.c                     |    41 +
 source4/lib/events/wscript_build                   |     9 +
 source4/lib/messaging/irpc.h                       |    87 +
 source4/lib/messaging/messaging.c                  |  1521 +
 source4/lib/messaging/messaging.h                  |    72 +
 source4/lib/messaging/messaging_handlers.c         |   135 +
 source4/lib/messaging/messaging_internal.h         |    50 +
 source4/lib/messaging/messaging_send.c             |   115 +
 source4/lib/messaging/pymessaging.c                |   576 +
 source4/lib/messaging/tests/irpc.c                 |   308 +
 source4/lib/messaging/tests/messaging.c            |   694 +
 source4/lib/messaging/wscript_build                |    33 +
 source4/lib/policy/gp_filesys.c                    |   723 +
 source4/lib/policy/gp_ini.c                        |   133 +
 source4/lib/policy/gp_ldap.c                       |  1130 +
 source4/lib/policy/gp_manage.c                     |   330 +
 source4/lib/policy/policy.h                        |   125 +
 source4/lib/policy/pypolicy.c                      |   174 +
 source4/lib/policy/samba-policy.pc.in              |    12 +
 source4/lib/policy/wscript_build                   |    22 +
 source4/lib/registry/Doxyfile                      |    24 +
 source4/lib/registry/README                        |    42 +
 source4/lib/registry/TODO                          |     5 +
 source4/lib/registry/hive.c                        |   176 +
 source4/lib/registry/interface.c                   |   298 +
 source4/lib/registry/ldb.c                         |  1018 +
 source4/lib/registry/local.c                       |   408 +
 source4/lib/registry/man/regdiff.1.xml             |   100 +
 source4/lib/registry/man/regpatch.1.xml            |    89 +
 source4/lib/registry/man/regshell.1.xml            |   189 +
 source4/lib/registry/man/regtree.1.xml             |   101 +
 source4/lib/registry/patchfile.c                   |   543 +
 source4/lib/registry/patchfile_dotreg.c            |   435 +
 source4/lib/registry/patchfile_preg.c              |   387 +
 source4/lib/registry/pyregistry.c                  |   494 +
 source4/lib/registry/regf.c                        |  2319 +
 source4/lib/registry/regf.idl                      |   167 +
 source4/lib/registry/registry.h                    |   531 +
 source4/lib/registry/rpc.c                         |   578 +
 source4/lib/registry/samba.c                       |   100 +
 source4/lib/registry/tests/diff.c                  |   291 +
 source4/lib/registry/tests/generic.c               |   179 +
 source4/lib/registry/tests/hive.c                  |   440 +
 source4/lib/registry/tests/registry.c              |   645 +
 source4/lib/registry/tools/common.c                |    88 +
 source4/lib/registry/tools/regdiff.c               |   182 +
 source4/lib/registry/tools/regpatch.c              |   119 +
 source4/lib/registry/tools/regshell.c              |   708 +
 source4/lib/registry/tools/regtree.c               |   209 +
 source4/lib/registry/util.c                        |   302 +
 source4/lib/registry/wine.c                        |    45 +
 source4/lib/registry/wscript_build                 |    69 +
 source4/lib/samba3/README                          |     5 +
 source4/lib/samba3/samba3.h                        |    29 +
 source4/lib/samba3/smbpasswd.c                     |   111 +
 source4/lib/samba3/wscript_build                   |     9 +
 source4/lib/socket/access.c                        |   129 +
 source4/lib/socket/connect.c                       |   158 +
 source4/lib/socket/connect_multi.c                 |   392 +
 source4/lib/socket/interface.c                     |   525 +
 source4/lib/socket/netif.h                         |    24 +
 source4/lib/socket/socket.c                        |   640 +
 source4/lib/socket/socket.h                        |   256 +
 source4/lib/socket/socket_ip.c                     |  1033 +
 source4/lib/socket/socket_unix.c                   |   436 +
 source4/lib/socket/testsuite.c                     |   194 +
 source4/lib/socket/wscript_build                   |    29 +
 source4/lib/stream/packet.c                        |   614 +
 source4/lib/stream/packet.h                        |    65 +
 source4/lib/stream/wscript_build                   |     8 +
 source4/lib/tls/tls.h                              |   105 +
 source4/lib/tls/tls_tstream.c                      |  1550 +
 source4/lib/tls/tlscert.c                          |   159 +
 source4/lib/tls/wscript_build                      |    15 +
 source4/libcli/cliconnect.c                        |   284 +
 source4/libcli/clideltree.c                        |   146 +
 source4/libcli/clifile.c                           |   767 +
 source4/libcli/clilist.c                           |   348 +
 source4/libcli/climessage.c                        |   104 +
 source4/libcli/clireadwrite.c                      |   167 +
 source4/libcli/clitrans2.c                         |   224 +
 source4/libcli/composite/composite.c               |   199 +
 source4/libcli/composite/composite.h               |    99 +
 source4/libcli/dgram/browse.c                      |   114 +
 source4/libcli/dgram/dgramsocket.c                 |   242 +
 source4/libcli/dgram/libdgram.h                    |   153 +
 source4/libcli/dgram/mailslot.c                    |   229 +
 source4/libcli/dgram/netlogon.c                    |   140 +
 source4/libcli/finddc.h                            |    41 +
 source4/libcli/finddcs_cldap.c                     |   483 +
 source4/libcli/ldap/ldap_bind.c                    |   545 +
 source4/libcli/ldap/ldap_client.c                  |  1069 +
 source4/libcli/ldap/ldap_client.h                  |   149 +
 source4/libcli/ldap/ldap_controls.c                |  1288 +
 source4/libcli/ldap/ldap_ildap.c                   |   133 +
 source4/libcli/ldap/libcli_ldap.h                  |    31 +
 source4/libcli/ldap/wscript_build                  |    11 +
 source4/libcli/libcli.h                            |   362 +
 source4/libcli/rap/rap.c                           |  1692 +
 source4/libcli/rap/rap.h                           |    76 +
 source4/libcli/rap/wscript_build                   |     7 +
 source4/libcli/raw/README                          |     5 +
 source4/libcli/raw/clierror.c                      |    73 +
 source4/libcli/raw/clioplock.c                     |    66 +
 source4/libcli/raw/clisession.c                    |   310 +
 source4/libcli/raw/clisocket.c                     |   459 +
 source4/libcli/raw/clitransport.c                  |   673 +
 source4/libcli/raw/clitree.c                       |   228 +
 source4/libcli/raw/interfaces.h                    |  2867 ++
 source4/libcli/raw/libcliraw.h                     |   343 +
 source4/libcli/raw/rawacl.c                        |   163 +
 source4/libcli/raw/rawdate.c                       |    82 +
 source4/libcli/raw/raweas.c                        |   371 +
 source4/libcli/raw/rawfile.c                       |  1052 +
 source4/libcli/raw/rawfileinfo.c                   |   810 +
 source4/libcli/raw/rawfsinfo.c                     |   431 +
 source4/libcli/raw/rawioctl.c                      |   173 +
 source4/libcli/raw/rawlpq.c                        |    48 +
 source4/libcli/raw/rawnegotiate.c                  |   183 +
 source4/libcli/raw/rawnotify.c                     |   122 +
 source4/libcli/raw/rawreadwrite.c                  |   345 +
 source4/libcli/raw/rawrequest.c                    |  1055 +
 source4/libcli/raw/rawsearch.c                     |   842 +
 source4/libcli/raw/rawsetfileinfo.c                |   506 +
 source4/libcli/raw/rawshadow.c                     |    82 +
 source4/libcli/raw/rawtrans.c                      |   446 +
 source4/libcli/raw/request.h                       |    78 +
 source4/libcli/raw/signing.h                       |    39 +
 source4/libcli/raw/smb.h                           |   322 +
 source4/libcli/raw/smb_signing.c                   |   275 +
 source4/libcli/raw/trans2.h                        |   309 +
 source4/libcli/resolve/bcast.c                     |   117 +
 source4/libcli/resolve/dns_ex.c                    |   671 +
 source4/libcli/resolve/host.c                      |    60 +
 source4/libcli/resolve/lmhosts.c                   |   133 +
 source4/libcli/resolve/nbtlist.c                   |   223 +
 source4/libcli/resolve/resolve.c                   |   342 +
 source4/libcli/resolve/resolve.h                   |    53 +
 source4/libcli/resolve/resolve_lp.c                |    52 +
 source4/libcli/resolve/testsuite.c                 |    92 +
 source4/libcli/resolve/wins.c                      |    83 +
 source4/libcli/smb2/break.c                        |    74 +
 source4/libcli/smb2/cancel.c                       |    45 +
 source4/libcli/smb2/close.c                        |    80 +
 source4/libcli/smb2/connect.c                      |   483 +
 source4/libcli/smb2/create.c                       |   446 +
 source4/libcli/smb2/find.c                         |   181 +
 source4/libcli/smb2/flush.c                        |    70 +
 source4/libcli/smb2/getinfo.c                      |   239 +
 source4/libcli/smb2/ioctl.c                        |   151 +
 source4/libcli/smb2/keepalive.c                    |    68 +
 source4/libcli/smb2/lease_break.c                  |    81 +
 source4/libcli/smb2/lock.c                         |    82 +
 source4/libcli/smb2/logoff.c                       |    67 +
 source4/libcli/smb2/notify.c                       |   116 +
 source4/libcli/smb2/read.c                         |    89 +
 source4/libcli/smb2/request.c                      |   717 +
 source4/libcli/smb2/session.c                      |   477 +
 source4/libcli/smb2/setinfo.c                      |   123 +
 source4/libcli/smb2/signing.c                      |   139 +
 source4/libcli/smb2/smb2.h                         |   204 +
 source4/libcli/smb2/smb2_calls.h                   |    99 +
 source4/libcli/smb2/tcon.c                         |    52 +
 source4/libcli/smb2/tdis.c                         |    65 +
 source4/libcli/smb2/transport.c                    |   557 +
 source4/libcli/smb2/util.c                         |   363 +
 source4/libcli/smb2/write.c                        |    81 +
 source4/libcli/smb2/wscript_build                  |    10 +
 source4/libcli/smb_composite/appendacl.c           |   313 +
 source4/libcli/smb_composite/connect.c             |   528 +
 source4/libcli/smb_composite/connect_nego.c        |   211 +
 source4/libcli/smb_composite/fetchfile.c           |   194 +
 source4/libcli/smb_composite/fsinfo.c              |   214 +
 source4/libcli/smb_composite/loadfile.c            |   293 +
 source4/libcli/smb_composite/savefile.c            |   288 +
 source4/libcli/smb_composite/sesssetup.c           |   867 +
 source4/libcli/smb_composite/smb2.c                |   447 +
 source4/libcli/smb_composite/smb_composite.h       |   283 +
 source4/libcli/util/clilsa.c                       |   548 +
 source4/libcli/util/pyerrors.h                     |    79 +
 source4/libcli/wbclient/wbclient.c                 |   193 +
 source4/libcli/wbclient/wbclient.h                 |    25 +
 source4/libcli/wbclient/wscript_build              |    10 +
 source4/libcli/wrepl/winsrepl.c                    |  1174 +
 source4/libcli/wrepl/winsrepl.h                    |   110 +
 source4/libcli/wscript_build                       |    96 +
 source4/libnet/composite.h                         |    56 +
 source4/libnet/groupinfo.c                         |   384 +
 source4/libnet/groupinfo.h                         |    54 +
 source4/libnet/groupman.c                          |   139 +
 source4/libnet/groupman.h                          |    35 +
 source4/libnet/libnet.c                            |    55 +
 source4/libnet/libnet.h                            |    86 +
 source4/libnet/libnet_become_dc.c                  |  3281 ++
 source4/libnet/libnet_become_dc.h                  |   152 +
 source4/libnet/libnet_domain.c                     |  1304 +
 source4/libnet/libnet_domain.h                     |    70 +
 source4/libnet/libnet_export_keytab.c              |   206 +
 source4/libnet/libnet_export_keytab.h              |    32 +
 source4/libnet/libnet_group.c                      |   764 +
 source4/libnet/libnet_group.h                      |    74 +
 source4/libnet/libnet_join.c                       |  1021 +
 source4/libnet/libnet_join.h                       |   101 +
 source4/libnet/libnet_lookup.c                     |   448 +
 source4/libnet/libnet_lookup.h                     |    69 +
 source4/libnet/libnet_passwd.c                     |  1108 +
 source4/libnet/libnet_passwd.h                     |   144 +
 source4/libnet/libnet_rpc.c                        |  1037 +
 source4/libnet/libnet_rpc.h                        |    73 +
 source4/libnet/libnet_samsync.h                    |    32 +
 source4/libnet/libnet_share.c                      |   215 +
 source4/libnet/libnet_share.h                      |    70 +
 source4/libnet/libnet_site.c                       |   292 +
 source4/libnet/libnet_site.h                       |    35 +
 source4/libnet/libnet_time.c                       |   125 +
 source4/libnet/libnet_time.h                       |    46 +
 source4/libnet/libnet_unbecome_dc.c                |   792 +
 source4/libnet/libnet_unbecome_dc.h                |    31 +
 source4/libnet/libnet_user.c                       |  1241 +
 source4/libnet/libnet_user.h                       |   156 +
 source4/libnet/libnet_vampire.c                    |   838 +
 source4/libnet/libnet_vampire.h                    |    58 +
 source4/libnet/prereq_domain.c                     |   144 +
 source4/libnet/py_net.c                            |   950 +
 source4/libnet/py_net.h                            |    24 +
 source4/libnet/py_net_dckeytab.c                   |   121 +
 source4/libnet/userinfo.c                          |   382 +
 source4/libnet/userinfo.h                          |    54 +
 source4/libnet/userman.c                           |   922 +
 source4/libnet/userman.h                           |   106 +
 source4/libnet/wscript_build                       |    29 +
 source4/librpc/dcerpc.pc.in                        |    11 +
 source4/librpc/dcerpc_samr.pc.in                   |    11 +
 source4/librpc/gen_ndr/README                      |     4 +
 source4/librpc/idl/IDL_LICENSE.txt                 |     9 +
 source4/librpc/idl/irpc.idl                        |   221 +
 source4/librpc/idl/ntp_signd.idl                   |    40 +
 source4/librpc/idl/opendb.idl                      |    46 +
 source4/librpc/idl/sasl_helpers.idl                |    20 +
 source4/librpc/idl/winbind.idl                     |    35 +
 source4/librpc/idl/winsif.idl                      |   342 +
 source4/librpc/idl/winsrepl.idl                    |   174 +
 source4/librpc/idl/wscript_build                   |    17 +
 source4/librpc/ndr/py_auth.c                       |    76 +
 source4/librpc/ndr/py_lsa.c                        |    77 +
 source4/librpc/ndr/py_misc.c                       |   165 +
 source4/librpc/ndr/py_security.c                   |   743 +
 source4/librpc/ndr/py_xattr.c                      |   100 +
 source4/librpc/rpc/dcerpc.c                        |  2630 +
 source4/librpc/rpc/dcerpc.h                        |   264 +
 source4/librpc/rpc/dcerpc.py                       |    18 +
 source4/librpc/rpc/dcerpc_auth.c                   |   556 +
 source4/librpc/rpc/dcerpc_connect.c                |  1252 +
 source4/librpc/rpc/dcerpc_roh.c                    |   914 +
 source4/librpc/rpc/dcerpc_roh.h                    |   111 +
 source4/librpc/rpc/dcerpc_roh_channel_in.c         |   303 +
 source4/librpc/rpc/dcerpc_roh_channel_out.c        |   582 +
 source4/librpc/rpc/dcerpc_schannel.c               |   623 +
 source4/librpc/rpc/dcerpc_secondary.c              |   431 +
 source4/librpc/rpc/dcerpc_smb.c                    |   310 +
 source4/librpc/rpc/dcerpc_sock.c                   |   499 +
 source4/librpc/rpc/dcerpc_util.c                   |   811 +
 source4/librpc/rpc/pyrpc.c                         |   651 +
 source4/librpc/rpc/pyrpc.h                         |    60 +
 source4/librpc/rpc/pyrpc_util.c                    |   555 +
 source4/librpc/rpc/pyrpc_util.h                    |    74 +
 source4/librpc/scripts/build_idl.sh                |    37 +
 source4/librpc/tests/binding_string.c              |   327 +
 source4/librpc/tests/claims_CLAIMS_SET_NDR.dat     |    23 +
 source4/librpc/tests/claims_CLAIMS_SET_NDR.txt     |    55 +
 source4/librpc/tests/compressed_claims.txt         |    96 +
 .../tests/dns-decode_dns_name_packet-hex.dat       |     7 +
 .../tests/dns-decode_dns_name_packet-hex.txt       |    35 +
 source4/librpc/tests/dnsp-DnssrvRpcRecord.txt      |    32 +
 .../tests/fuzzed_drsuapi_DsAddEntry_1.b64.txt      |     1 +
 .../librpc/tests/fuzzed_drsuapi_DsAddEntry_1.txt   |   785 +
 .../librpc/tests/fuzzed_drsuapi_DsGetNCChanges.txt |    76 +
 .../fuzzed_drsuapi_DsReplicaAttribute.b64.txt      |     1 +
 .../tests/fuzzed_drsuapi_DsReplicaAttribute.txt    |    60 +
 ...fuzzed_drsuapi_DsaAddressListItem_V1-in.b64.txt |     1 +
 .../fuzzed_ntlmssp-AUTHENTICATE_MESSAGE.b64.txt    |     1 +
 .../tests/fuzzed_ntlmssp-AUTHENTICATE_MESSAGE.txt  |   167 +
 .../tests/fuzzed_ntlmssp-CHALLENGE_MESSAGE.txt     |    89 +
 source4/librpc/tests/gmsa_MANAGEDPASSWORD_BLOB.txt |    28 +
 source4/librpc/tests/krb5pac-PAC_DATA.dat          |   Bin 0 -> 768 bytes
 .../librpc/tests/krb5pac_upn_dns_info_ex.b64.txt   |     1 +
 source4/librpc/tests/krb5pac_upn_dns_info_ex.txt   |   281 +
 .../krb5pac_upn_dns_info_ex_not_supported.b64.txt  |     1 +
 .../krb5pac_upn_dns_info_ex_not_supported.txt      |   282 +
 source4/librpc/tests/misc-GUID.dat                 |     1 +
 source4/librpc/tests/samr-CreateUser-in.dat        |   Bin 0 -> 60 bytes
 source4/librpc/tests/samr-CreateUser-out.dat       |   Bin 0 -> 32 bytes
 source4/librpc/tests/uncompressed_claims.txt       |    66 +
 source4/librpc/tests/xattr_NTACL.dat               |    20 +
 source4/librpc/tests/xattr_NTACL.txt               |   107 +
 source4/librpc/wscript_build                       |   554 +
 source4/nbt_server/defense.c                       |    79 +
 source4/nbt_server/dgram/browse.c                  |    85 +
 source4/nbt_server/dgram/netlogon.c                |   286 +
 source4/nbt_server/dgram/ntlogon.c                 |   121 +
 source4/nbt_server/dgram/request.c                 |   150 +
 source4/nbt_server/interfaces.c                    |   426 +
 source4/nbt_server/irpc.c                          |   210 +
 source4/nbt_server/nbt_server.c                    |   117 +
 source4/nbt_server/nbt_server.h                    |    94 +
 source4/nbt_server/nodestatus.c                    |   182 +
 source4/nbt_server/packet.c                        |   387 +
 source4/nbt_server/query.c                         |   102 +
 source4/nbt_server/register.c                      |   310 +
 source4/nbt_server/wins/wins_dns_proxy.c           |    99 +
 source4/nbt_server/wins/wins_hook.c                |    94 +
 source4/nbt_server/wins/wins_ldb.c                 |   127 +
 source4/nbt_server/wins/winsclient.c               |   284 +
 source4/nbt_server/wins/winsdb.c                   |  1027 +
 source4/nbt_server/wins/winsdb.h                   |    81 +
 source4/nbt_server/wins/winsserver.c               |  1074 +
 source4/nbt_server/wins/winsserver.h               |    67 +
 source4/nbt_server/wins/winswack.c                 |   387 +
 source4/nbt_server/wscript_build                   |    54 +
 source4/ntp_signd/README                           |     7 +
 source4/ntp_signd/ntp-dev-4.2.5p125.diff           |   579 +
 source4/ntp_signd/ntp_signd.c                      |   592 +
 source4/ntp_signd/wscript_build                    |    11 +
 source4/ntvfs/README                               |    26 +
 source4/ntvfs/cifs/README                          |    40 +
 source4/ntvfs/cifs/vfs_cifs.c                      |  1263 +
 source4/ntvfs/common/brlock.c                      |   136 +
 source4/ntvfs/common/brlock.h                      |    55 +
 source4/ntvfs/common/brlock_tdb.c                  |   775 +
 source4/ntvfs/common/init.c                        |    34 +
 source4/ntvfs/common/notify.c                      |   687 +
 source4/ntvfs/common/ntvfs_common.h                |    32 +
 source4/ntvfs/common/opendb.c                      |   200 +
 source4/ntvfs/common/opendb.h                      |    59 +
 source4/ntvfs/common/opendb_tdb.c                  |   886 +
 source4/ntvfs/common/wscript_build                 |     9 +
 source4/ntvfs/ipc/README                           |     5 +
 source4/ntvfs/ipc/ipc_rap.c                        |   511 +
 source4/ntvfs/ipc/rap_server.c                     |    95 +
 source4/ntvfs/ipc/vfs_ipc.c                        |  1356 +
 source4/ntvfs/ntvfs.h                              |   338 +
 source4/ntvfs/ntvfs_base.c                         |   249 +
 source4/ntvfs/ntvfs_generic.c                      |  1648 +
 source4/ntvfs/ntvfs_interface.c                    |   702 +
 source4/ntvfs/ntvfs_util.c                         |   197 +
 source4/ntvfs/posix/posix_eadb.c                   |   299 +
 source4/ntvfs/posix/posix_eadb.h                   |    20 +
 source4/ntvfs/posix/pvfs_acl.c                     |  1083 +
 source4/ntvfs/posix/pvfs_acl_nfs4.c                |   199 +
 source4/ntvfs/posix/pvfs_acl_xattr.c               |   104 +
 source4/ntvfs/posix/pvfs_dirlist.c                 |   411 +
 source4/ntvfs/posix/pvfs_fileinfo.c                |   158 +
 source4/ntvfs/posix/pvfs_flush.c                   |    80 +
 source4/ntvfs/posix/pvfs_fsinfo.c                  |   224 +
 source4/ntvfs/posix/pvfs_ioctl.c                   |    82 +
 source4/ntvfs/posix/pvfs_lock.c                    |   404 +
 source4/ntvfs/posix/pvfs_mkdir.c                   |   196 +
 source4/ntvfs/posix/pvfs_notify.c                  |   300 +
 source4/ntvfs/posix/pvfs_open.c                    |  2094 +
 source4/ntvfs/posix/pvfs_oplock.c                  |   307 +
 source4/ntvfs/posix/pvfs_qfileinfo.c               |   468 +
 source4/ntvfs/posix/pvfs_read.c                    |   103 +
 source4/ntvfs/posix/pvfs_rename.c                  |   675 +
 source4/ntvfs/posix/pvfs_resolve.c                 |   826 +
 source4/ntvfs/posix/pvfs_search.c                  |   865 +
 source4/ntvfs/posix/pvfs_seek.c                    |    65 +
 source4/ntvfs/posix/pvfs_setfileinfo.c             |   884 +
 source4/ntvfs/posix/pvfs_shortname.c               |   699 +
 source4/ntvfs/posix/pvfs_streams.c                 |   556 +
 source4/ntvfs/posix/pvfs_sys.c                     |   662 +
 source4/ntvfs/posix/pvfs_unlink.c                  |   276 +
 source4/ntvfs/posix/pvfs_util.c                    |   206 +
 source4/ntvfs/posix/pvfs_wait.c                    |   212 +
 source4/ntvfs/posix/pvfs_write.c                   |   145 +
 source4/ntvfs/posix/pvfs_xattr.c                   |   488 +
 source4/ntvfs/posix/python/pyposix_eadb.c          |   140 +
 source4/ntvfs/posix/python/pyxattr_native.c        |   129 +
 source4/ntvfs/posix/python/pyxattr_tdb.c           |   177 +
 source4/ntvfs/posix/vfs_posix.c                    |   426 +
 source4/ntvfs/posix/vfs_posix.h                    |   290 +
 source4/ntvfs/posix/wscript_build                  |    61 +
 source4/ntvfs/posix/xattr_system.c                 |   145 +
 source4/ntvfs/simple/README                        |    10 +
 source4/ntvfs/simple/svfs.h                        |    38 +
 source4/ntvfs/simple/svfs_util.c                   |   189 +
 source4/ntvfs/simple/vfs_simple.c                  |  1112 +
 source4/ntvfs/sysdep/README                        |     5 +
 source4/ntvfs/sysdep/inotify.c                     |   398 +
 source4/ntvfs/sysdep/sys_lease.c                   |   152 +
 source4/ntvfs/sysdep/sys_lease.h                   |    66 +
 source4/ntvfs/sysdep/sys_lease_linux.c             |   215 +
 source4/ntvfs/sysdep/sys_notify.c                  |   151 +
 source4/ntvfs/sysdep/sys_notify.h                  |    54 +
 source4/ntvfs/sysdep/wscript_build                 |    31 +
 source4/ntvfs/sysdep/wscript_configure             |    13 +
 source4/ntvfs/unixuid/vfs_unixuid.c                |   724 +
 source4/ntvfs/unixuid/wscript_build                |     9 +
 source4/ntvfs/wscript_build                        |    40 +
 source4/param/loadparm.c                           |    77 +
 source4/param/provision.c                          |   571 +
 source4/param/provision.h                          |    72 +
 source4/param/pyparam.c                            |   746 +
 source4/param/pyparam.h                            |    28 +
 source4/param/pyparam_util.c                       |    81 +
 source4/param/secrets.c                            |   152 +
 source4/param/secrets.h                            |    51 +
 source4/param/share.c                              |   156 +
 source4/param/share.h                              |   149 +
 source4/param/share_classic.c                      |   385 +
 source4/param/tests/loadparm.c                     |   271 +
 source4/param/tests/share.c                        |   207 +
 source4/param/wscript_build                        |    62 +
 source4/rpc_server/backupkey/dcesrv_backupkey.c    |  1867 +
 source4/rpc_server/browser/dcesrv_browser.c        |   169 +
 source4/rpc_server/common/common.h                 |    44 +
 source4/rpc_server/common/forward.c                |   130 +
 source4/rpc_server/common/loadparm.c               |    45 +
 source4/rpc_server/common/server_info.c            |   319 +
 source4/rpc_server/common/share_info.c             |   123 +
 source4/rpc_server/dcerpc_server.c                 |   726 +
 source4/rpc_server/dcerpc_server.h                 |    41 +
 source4/rpc_server/dcerpc_server.pc.in             |    12 +
 source4/rpc_server/dnsserver/dcerpc_dnsserver.c    |  2410 +
 source4/rpc_server/dnsserver/dnsdata.c             |  1121 +
 source4/rpc_server/dnsserver/dnsdb.c               |  1272 +
 source4/rpc_server/dnsserver/dnsserver.h           |   264 +
 source4/rpc_server/dnsserver/dnsutils.c            |   414 +
 source4/rpc_server/drsuapi/addentry.c              |   240 +
 source4/rpc_server/drsuapi/dcesrv_drsuapi.c        |  1070 +
 source4/rpc_server/drsuapi/dcesrv_drsuapi.h        |    84 +
 source4/rpc_server/drsuapi/drsutil.c               |   237 +
 source4/rpc_server/drsuapi/getncchanges.c          |  3861 ++
 source4/rpc_server/drsuapi/updaterefs.c            |   416 +
 source4/rpc_server/drsuapi/writespn.c              |   263 +
 source4/rpc_server/echo/rpc_echo.c                 |   206 +
 source4/rpc_server/epmapper/rpc_epmapper.c         |   315 +
 source4/rpc_server/eventlog/dcesrv_eventlog6.c     |   331 +
 source4/rpc_server/lsa/dcesrv_lsa.c                |  5361 ++
 source4/rpc_server/lsa/lsa.h                       |    70 +
 source4/rpc_server/lsa/lsa_init.c                  |   356 +
 source4/rpc_server/lsa/lsa_lookup.c                |  2275 +
 source4/rpc_server/netlogon/dcerpc_netlogon.c      |  4672 ++
 source4/rpc_server/remote/README                   |    38 +
 source4/rpc_server/remote/dcesrv_remote.c          |   524 +
 source4/rpc_server/samr/dcesrv_samr.c              |  5371 ++
 source4/rpc_server/samr/dcesrv_samr.h              |    88 +
 source4/rpc_server/samr/samr_password.c            |   841 +
 source4/rpc_server/service_rpc.c                   |   224 +
 source4/rpc_server/srvsvc/dcesrv_srvsvc.c          |  2300 +
 source4/rpc_server/srvsvc/srvsvc_ntvfs.c           |   139 +
 .../tests/rpc_dns_server_dnsutils_test.c           |   304 +
 source4/rpc_server/unixinfo/dcesrv_unixinfo.c      |   191 +
 source4/rpc_server/winreg/README                   |     3 +
 source4/rpc_server/winreg/rpc_winreg.c             |   744 +
 source4/rpc_server/wkssvc/dcesrv_wkssvc.c          |   403 +
 source4/rpc_server/wscript_build                   |   221 +
 source4/samba/process_model.c                      |   137 +
 source4/samba/process_model.h                      |    96 +
 source4/samba/process_prefork.c                    |   919 +
 source4/samba/process_single.c                     |   169 +
 source4/samba/process_standard.c                   |   626 +
 source4/samba/server.c                             |  1000 +
 source4/samba/server_util.c                        |    94 +
 source4/samba/server_util.h                        |    33 +
 source4/samba/service.c                            |   140 +
 source4/samba/service.h                            |   111 +
 source4/samba/service_named_pipe.c                 |   290 +
 source4/samba/service_stream.c                     |   413 +
 source4/samba/service_stream.h                     |    80 +
 source4/samba/service_task.c                       |   140 +
 source4/samba/service_task.h                       |    39 +
 source4/samba/wscript_build                        |    58 +
 source4/script/buildtree.pl                        |    40 +
 source4/script/depfilter.py                        |    53 +
 source4/script/extract_allparms.sh                 |     2 +
 source4/script/find_unused_options.sh              |    37 +
 source4/script/minimal_includes.pl                 |   171 +
 source4/script/mkproto.pl                          |   252 +
 source4/script/update-proto.pl                     |   242 +
 source4/scripting/bin/enablerecyclebin             |    53 +
 source4/scripting/bin/findprovisionusnranges       |    78 +
 source4/scripting/bin/gen_error_common.py          |    84 +
 source4/scripting/bin/gen_hresult.py               |   205 +
 source4/scripting/bin/gen_ntstatus.py              |   153 +
 source4/scripting/bin/gen_output.py                |    53 +
 source4/scripting/bin/gen_werror.py                |   147 +
 source4/scripting/bin/gen_wsp_props.py             |   202 +
 source4/scripting/bin/get-descriptors              |   154 +
 source4/scripting/bin/ktpass.sh                    |   122 +
 source4/scripting/bin/machineaccountccache         |    30 +
 source4/scripting/bin/machineaccountpw             |    42 +
 source4/scripting/bin/nsupdate-gss                 |   352 +
 source4/scripting/bin/rebuildextendeddn            |   135 +
 source4/scripting/bin/renamedc                     |   191 +
 source4/scripting/bin/samba-gpupdate               |   140 +
 source4/scripting/bin/samba-tool                   |    36 +
 source4/scripting/bin/samba3dump                   |   180 +
 source4/scripting/bin/samba_dnsupdate              |   965 +
 source4/scripting/bin/samba_downgrade_db           |   135 +
 source4/scripting/bin/samba_kcc                    |   345 +
 source4/scripting/bin/samba_spnupdate              |   253 +
 source4/scripting/bin/samba_upgradedns             |   589 +
 source4/scripting/bin/samba_upgradeprovision       |  1848 +
 source4/scripting/bin/setup_dns.sh                 |    43 +
 source4/scripting/bin/subunitrun                   |    87 +
 source4/scripting/bin/wscript_build                |    14 +
 source4/scripting/devel/addlotscontacts            |    95 +
 source4/scripting/devel/chgkrbtgtpass              |    60 +
 source4/scripting/devel/chgtdcpass                 |    63 +
 source4/scripting/devel/config_base                |    39 +
 source4/scripting/devel/crackname                  |    77 +
 source4/scripting/devel/demodirsync.py             |   159 +
 source4/scripting/devel/drs/fsmo.ldif.template     |    75 +
 source4/scripting/devel/drs/named.conf.ad.template |     6 +
 source4/scripting/devel/drs/revampire_ad.sh        |    23 +
 source4/scripting/devel/drs/unvampire_ad.sh        |    14 +
 source4/scripting/devel/drs/vampire_ad.sh          |    28 +
 source4/scripting/devel/drs/vars                   |    12 +
 source4/scripting/devel/enumprivs                  |    58 +
 source4/scripting/devel/getncchanges               |   143 +
 source4/scripting/devel/nmfind                     |    15 +
 source4/scripting/devel/pfm_verify.py              |   192 +
 source4/scripting/devel/rebuild_zone.sh            |   109 +
 source4/scripting/devel/rodcdns                    |    43 +
 source4/scripting/devel/speedtest.py               |   235 +
 source4/scripting/devel/tmpfs.sh                   |    16 +
 source4/scripting/devel/watch_servers.sh           |    14 +
 source4/scripting/man/samba-gpupdate.8.xml         |   128 +
 source4/scripting/wscript_build                    |    24 +
 source4/selftest/test_samba3dump.sh                |    14 +
 source4/selftest/test_w2k3.sh                      |    48 +
 source4/selftest/test_w2k3_file.sh                 |    44 +
 source4/selftest/test_win.sh                       |    42 +
 source4/selftest/tests.py                          |  2182 +
 source4/selftest/tests_win.sh                      |    30 +
 source4/selftest/tests_win2k3_dc.sh                |    22 +
 source4/selftest/win/README                        |    72 +
 source4/selftest/win/VMHost.pm                     |   359 +
 source4/selftest/win/common.exp                    |   521 +
 source4/selftest/win/test_win.conf                 |    83 +
 source4/selftest/win/vm_get_ip.pl                  |    48 +
 source4/selftest/win/vm_load_snapshot.pl           |    46 +
 source4/selftest/win/wintest_2k3_dc.sh             |   120 +
 source4/selftest/win/wintest_base.sh               |    68 +
 source4/selftest/win/wintest_client.exp            |    95 +
 source4/selftest/win/wintest_client.sh             |    26 +
 source4/selftest/win/wintest_functions.sh          |    54 +
 source4/selftest/win/wintest_net.sh                |    63 +
 source4/selftest/win/wintest_raw.sh                |    69 +
 source4/selftest/win/wintest_remove.exp            |    71 +
 source4/selftest/win/wintest_rpc.sh                |    67 +
 source4/selftest/win/wintest_setup.exp             |   104 +
 .../AD_DS_Attributes_Windows_Server_v1903.ldf      | 30936 ++++++++++++
 .../AD_DS_Attributes__Windows_Server_2012_R2.ldf   | 30374 ++++++++++++
 .../AD_DS_Attributes__Windows_Server_2016.ldf      | 30912 ++++++++++++
 .../AD_DS_Attributes__Windows_Server_v1803.ldf     | 30936 ++++++++++++
 .../AD_DS_Classes_Windows_Server_v1903.ldf         |  8469 ++++
 .../AD_DS_Classes__Windows_Server_2012_R2.ldf      |  8875 ++++
 .../AD_DS_Classes__Windows_Server_2016.ldf         |  9031 ++++
 .../AD_DS_Classes__Windows_Server_v1803.ldf        |  9036 ++++
 ...ttributes_for_AD_DS__Windows_Server_2008_R2.ldf | 26925 ++++++++++
 .../Attributes_for_AD_DS__Windows_Server_2012.ldf  | 29357 +++++++++++
 .../Classes_for_AD_DS__Windows_Server_2008_R2.ldf  |  7934 +++
 .../Classes_for_AD_DS__Windows_Server_2012.ldf     |  8624 ++++
 .../ad-schema/MS-AD_Schema_2K8_Attributes.txt      | 15638 ++++++
 .../setup/ad-schema/MS-AD_Schema_2K8_Classes.txt   |  3473 ++
 .../ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt   | 16060 ++++++
 .../ad-schema/MS-AD_Schema_2K8_R2_Classes.txt      |  3577 ++
 source4/setup/ad-schema/licence.txt                |     7 +
 source4/setup/adprep/README.txt                    |    43 +
 .../Domain-Wide-Updates.md.unused                  |    58 +
 .../WindowsServerDocs/Forest-Wide-Updates.md       |    98 +
 source4/setup/adprep/WindowsServerDocs/LICENSE     |   395 +
 .../setup/adprep/WindowsServerDocs/LICENSE-CODE    |    17 +
 .../Read-Only-Domain-Controller-Updates.md.unused  |    16 +
 .../setup/adprep/WindowsServerDocs/Sch49.ldf.diff  |    29 +
 .../setup/adprep/WindowsServerDocs/Sch50.ldf.diff  |   107 +
 .../setup/adprep/WindowsServerDocs/Sch51.ldf.diff  |   225 +
 .../setup/adprep/WindowsServerDocs/Sch57.ldf.diff  |   105 +
 .../setup/adprep/WindowsServerDocs/Sch59.ldf.diff  |    26 +
 .../adprep/WindowsServerDocs/Schema-Updates.md     | 48573 +++++++++++++++++++
 source4/setup/adprep/fix-forest-rev.ldf            |     6 +
 .../adprep/samba-4.7-missing-for-schema45.ldif     |   112 +
 source4/setup/aggregate_schema.ldif                |     5 +
 .../DisplaySpecifiers-Win2k0.txt                   | 23573 +++++++++
 .../DisplaySpecifiers-Win2k3.txt                   | 29548 +++++++++++
 .../DisplaySpecifiers-Win2k3R2.txt                 | 29549 +++++++++++
 .../DisplaySpecifiers-Win2k8.txt                   | 32733 +++++++++++++
 .../DisplaySpecifiers-Win2k8R2.txt                 | 32758 +++++++++++++
 source4/setup/dns_update_list                      |    56 +
 source4/setup/extended-rights.ldif                 |   835 +
 source4/setup/idmap_init.ldif                      |     8 +
 source4/setup/krb5.conf                            |    12 +
 source4/setup/named.conf                           |    39 +
 source4/setup/named.conf.dlz                       |    37 +
 source4/setup/named.conf.update                    |     4 +
 source4/setup/named.txt                            |    49 +
 source4/setup/prefixMap.txt                        |    41 +
 source4/setup/provision.ldif                       |   871 +
 source4/setup/provision.reg                        |    45 +
 source4/setup/provision.zone                       |    50 +
 source4/setup/provision_basedn.ldif                |    10 +
 source4/setup/provision_basedn_modify.ldif         |    94 +
 source4/setup/provision_basedn_options.ldif        |     2 +
 source4/setup/provision_basedn_references.ldif     |    30 +
 source4/setup/provision_computers_add.ldif         |     4 +
 source4/setup/provision_computers_modify.ldif      |    13 +
 source4/setup/provision_configuration.ldif         |   576 +
 source4/setup/provision_configuration_basedn.ldif  |     9 +
 source4/setup/provision_configuration_modify.ldif  |   509 +
 .../setup/provision_configuration_references.ldif  |    14 +
 source4/setup/provision_dns_accounts_add.ldif      |    12 +
 source4/setup/provision_dns_add_samba.ldif         |    16 +
 source4/setup/provision_dnszones_add.ldif          |    43 +
 source4/setup/provision_dnszones_modify.ldif       |    21 +
 source4/setup/provision_dnszones_partitions.ldif   |    11 +
 source4/setup/provision_group_policy.ldif          |    57 +
 source4/setup/provision_init.ldif                  |    34 +
 source4/setup/provision_partitions.ldif            |     7 +
 source4/setup/provision_privilege.ldif             |    78 +
 source4/setup/provision_rootdse_add.ldif           |    29 +
 source4/setup/provision_rootdse_modify.ldif        |     7 +
 source4/setup/provision_schema_basedn.ldif         |     9 +
 source4/setup/provision_schema_basedn_modify.ldif  |    10 +
 source4/setup/provision_self_join.ldif             |    34 +
 source4/setup/provision_self_join_config.ldif      |    33 +
 source4/setup/provision_self_join_modify.ldif      |    26 +
 .../setup/provision_self_join_modify_config.ldif   |     9 +
 .../setup/provision_self_join_modify_schema.ldif   |     4 +
 source4/setup/provision_users.ldif                 |   443 +
 source4/setup/provision_users_add.ldif             |     4 +
 source4/setup/provision_users_modify.ldif          |    13 +
 source4/setup/provision_well_known_sec_princ.ldif  |   137 +
 source4/setup/schema_samba4.ldif                   |   405 +
 source4/setup/secrets.ldif                         |    10 +
 source4/setup/secrets_dns.ldif                     |    12 +
 source4/setup/secrets_init.ldif                    |    16 +
 source4/setup/share.ldif                           |    46 +
 source4/setup/spn_update_list                      |    30 +
 source4/setup/tests/blackbox_group.sh              |   261 +
 source4/setup/tests/blackbox_newuser.sh            |    41 +
 source4/setup/tests/blackbox_provision.sh          |   108 +
 source4/setup/tests/blackbox_s3upgrade.sh          |    99 +
 source4/setup/tests/blackbox_setpassword.sh        |    32 +
 source4/setup/tests/blackbox_spn.sh                |    31 +
 source4/setup/tests/blackbox_start_backup.sh       |    82 +
 source4/setup/tests/blackbox_supported_features.sh |    86 +
 source4/setup/tests/blackbox_upgradeprovision.sh   |    87 +
 source4/setup/tests/provision_fileperms.sh         |    68 +
 source4/setup/wscript_build                        |    17 +
 source4/setup/ypServ30.ldif                        |   507 +
 source4/smb_server/blob.c                          |   810 +
 source4/smb_server/handle.c                        |   142 +
 source4/smb_server/management.c                    |   138 +
 source4/smb_server/service_smb.c                   |   110 +
 source4/smb_server/session.c                       |   166 +
 source4/smb_server/smb/negprot.c                   |   564 +
 source4/smb_server/smb/nttrans.c                   |   815 +
 source4/smb_server/smb/receive.c                   |   679 +
 source4/smb_server/smb/reply.c                     |  2379 +
 source4/smb_server/smb/request.c                   |   779 +
 source4/smb_server/smb/search.c                    |   283 +
 source4/smb_server/smb/service.c                   |   202 +
 source4/smb_server/smb/sesssetup.c                 |   646 +
 source4/smb_server/smb/signing.c                   |   147 +
 source4/smb_server/smb/srvtime.c                   |    82 +
 source4/smb_server/smb/trans2.c                    |  1562 +
 source4/smb_server/smb/wscript_build               |    10 +
 source4/smb_server/smb2/fileinfo.c                 |   377 +
 source4/smb_server/smb2/fileio.c                   |   547 +
 source4/smb_server/smb2/find.c                     |   167 +
 source4/smb_server/smb2/keepalive.c                |    71 +
 source4/smb_server/smb2/negprot.c                  |   327 +
 source4/smb_server/smb2/receive.c                  |   710 +
 source4/smb_server/smb2/sesssetup.c                |   326 +
 source4/smb_server/smb2/smb2_server.h              |   192 +
 source4/smb_server/smb2/tcon.c                     |   446 +
 source4/smb_server/smb2/wscript_build              |     9 +
 source4/smb_server/smb_server.c                    |   203 +
 source4/smb_server/smb_server.h                    |   522 +
 source4/smb_server/tcon.c                          |   196 +
 source4/smb_server/wscript_build                   |    21 +
 source4/torture/auth/ntlmssp.c                     |   163 +
 source4/torture/auth/pac.c                         |   741 +
 source4/torture/auth/smbencrypt.c                  |    70 +
 source4/torture/basic/aliases.c                    |   397 +
 source4/torture/basic/attr.c                       |   437 +
 source4/torture/basic/base.c                       |  2090 +
 source4/torture/basic/charset.c                    |   209 +
 source4/torture/basic/cxd_known.h                  |  8670 ++++
 source4/torture/basic/delaywrite.c                 |  3095 ++
 source4/torture/basic/delete.c                     |  2624 +
 source4/torture/basic/denytest.c                   |  2819 ++
 source4/torture/basic/dir.c                        |   171 +
 source4/torture/basic/disconnect.c                 |   182 +
 source4/torture/basic/locking.c                    |   811 +
 source4/torture/basic/mangle_test.c                |   208 +
 source4/torture/basic/misc.c                       |  1003 +
 source4/torture/basic/properties.c                 |   118 +
 source4/torture/basic/rename.c                     |    98 +
 source4/torture/basic/scanner.c                    |   623 +
 source4/torture/basic/secleak.c                    |    77 +
 source4/torture/basic/unlink.c                     |    91 +
 source4/torture/basic/utable.c                     |   202 +
 source4/torture/dfs/common.c                       |    71 +
 source4/torture/dfs/domaindfs.c                    |   540 +
 source4/torture/dns/dlz_bind9.c                    |  2514 +
 source4/torture/dns/internal_dns.c                 |   189 +
 source4/torture/dns/wscript_build                  |    19 +
 source4/torture/drs/drs_init.c                     |    80 +
 source4/torture/drs/drs_util.c                     |   167 +
 source4/torture/drs/python/cracknames.py           |   204 +
 source4/torture/drs/python/delete_object.py        |   376 +
 source4/torture/drs/python/drs_base.py             |   632 +
 source4/torture/drs/python/fsmo.py                 |   152 +
 source4/torture/drs/python/getnc_exop.py           |  1304 +
 source4/torture/drs/python/getnc_schema.py         |   304 +
 source4/torture/drs/python/getnc_unpriv.py         |   306 +
 source4/torture/drs/python/getncchanges.py         |  1427 +
 source4/torture/drs/python/link_conflicts.py       |   763 +
 .../torture/drs/python/linked_attributes_drs.py    |   162 +
 source4/torture/drs/python/repl_move.py            |  2608 +
 source4/torture/drs/python/repl_rodc.py            |   735 +
 source4/torture/drs/python/repl_schema.py          |   444 +
 source4/torture/drs/python/repl_secdesc.py         |   400 +
 source4/torture/drs/python/replica_sync.py         |   747 +
 source4/torture/drs/python/replica_sync_rodc.py    |   155 +
 source4/torture/drs/python/ridalloc_exop.py        |   802 +
 source4/torture/drs/python/samba_tool_drs.py       |   410 +
 .../torture/drs/python/samba_tool_drs_critical.py  |    98 +
 .../torture/drs/python/samba_tool_drs_no_dns.py    |   174 +
 .../torture/drs/python/samba_tool_drs_showrepl.py  |   377 +
 source4/torture/drs/rpc/dssync.c                   |  1072 +
 source4/torture/drs/rpc/msds_intid.c               |   792 +
 source4/torture/drs/unit/prefixmap_tests.c         |   900 +
 source4/torture/drs/unit/schemainfo_tests.c        |   740 +
 source4/torture/drs/wscript_build                  |    12 +
 source4/torture/gentest.c                          |  3463 ++
 source4/torture/gpo/apply.c                        |   390 +
 source4/torture/gpo/gpo.c                          |    35 +
 source4/torture/gpo/wscript_build                  |    13 +
 source4/torture/krb5/kdc-canon-heimdal.c           |  1091 +
 source4/torture/krb5/kdc-heimdal.c                 |  1065 +
 source4/torture/krb5/kdc-mit.c                     |   795 +
 source4/torture/krb5/wscript_build                 |    19 +
 source4/torture/ldap/basic.c                       |  1004 +
 source4/torture/ldap/cldap.c                       |   179 +
 source4/torture/ldap/cldapbench.c                  |   233 +
 source4/torture/ldap/common.c                      |   135 +
 source4/torture/ldap/ldap_sort.c                   |   158 +
 source4/torture/ldap/nested_search.c               |   206 +
 source4/torture/ldap/netlogon.c                    |   668 +
 source4/torture/ldap/schema.c                      |   408 +
 source4/torture/ldap/session_expiry.c              |   122 +
 source4/torture/ldap/uptodatevector.c              |   173 +
 source4/torture/ldb/ldb.c                          |  1794 +
 source4/torture/libnet/domain.c                    |   117 +
 source4/torture/libnet/groupinfo.c                 |   128 +
 source4/torture/libnet/groupman.c                  |    97 +
 source4/torture/libnet/grouptest.h                 |    20 +
 source4/torture/libnet/libnet.c                    |    70 +
 source4/torture/libnet/libnet_BecomeDC.c           |   191 +
 source4/torture/libnet/libnet_domain.c             |   440 +
 source4/torture/libnet/libnet_group.c              |   210 +
 source4/torture/libnet/libnet_lookup.c             |   191 +
 source4/torture/libnet/libnet_rpc.c                |   230 +
 source4/torture/libnet/libnet_share.c              |   285 +
 source4/torture/libnet/libnet_user.c               |   520 +
 source4/torture/libnet/python/samr-test.py         |    59 +
 source4/torture/libnet/userinfo.c                  |   192 +
 source4/torture/libnet/userman.c                   |   473 +
 source4/torture/libnet/usertest.h                  |    42 +
 source4/torture/libnet/utils.c                     |   556 +
 source4/torture/libnetapi/libnetapi.c              |    94 +
 source4/torture/libnetapi/libnetapi_group.c        |   522 +
 source4/torture/libnetapi/libnetapi_server.c       |    76 +
 source4/torture/libnetapi/libnetapi_user.c         |   487 +
 source4/torture/libnetapi/wscript_build            |    11 +
 source4/torture/libsmbclient/libsmbclient.c        |  1617 +
 source4/torture/libsmbclient/wscript_build         |    14 +
 source4/torture/local/dbspeed.c                    |   268 +
 source4/torture/local/fsrvp_state.c                |   492 +
 source4/torture/local/local.c                      |   105 +
 source4/torture/local/mdspkt.c                     |   104 +
 source4/torture/local/nss_tests.c                  |  1061 +
 source4/torture/local/smbtorture_fullname.c        |    31 +
 source4/torture/local/torture.c                    |    85 +
 source4/torture/local/verif_trailer.c              |    99 +
 source4/torture/local/wscript_build                |    45 +
 source4/torture/locktest.c                         |   700 +
 source4/torture/man/gentest.1.xml                  |   162 +
 source4/torture/man/locktest.1.xml                 |   160 +
 source4/torture/man/masktest.1.xml                 |   142 +
 source4/torture/man/smbtorture.1.xml               |   253 +
 source4/torture/masktest.c                         |   418 +
 source4/torture/nbench/nbench.c                    |   309 +
 source4/torture/nbench/nbio.c                      |   994 +
 source4/torture/nbt/dgram.c                        |   699 +
 source4/torture/nbt/nbt.c                          |    69 +
 source4/torture/nbt/query.c                        |   115 +
 source4/torture/nbt/register.c                     |   176 +
 source4/torture/nbt/wins.c                         |   545 +
 source4/torture/nbt/winsbench.c                    |   300 +
 source4/torture/nbt/winsreplication.c              |  9884 ++++
 source4/torture/ndr/README                         |    21 +
 source4/torture/ndr/atsvc.c                        |   215 +
 source4/torture/ndr/backupkey.c                    |   163 +
 source4/torture/ndr/cabinet.c                      |  4335 ++
 source4/torture/ndr/charset.c                      |    91 +
 source4/torture/ndr/clusapi.c                      |   390 +
 source4/torture/ndr/dcerpc.c                       |   148 +
 source4/torture/ndr/dfs.c                          |   115 +
 source4/torture/ndr/dfsblob.c                      |    85 +
 source4/torture/ndr/dnsp.c                         |   389 +
 source4/torture/ndr/drsblobs.c                     |   558 +
 source4/torture/ndr/drsuapi.c                      |   309 +
 source4/torture/ndr/epmap.c                        |    80 +
 source4/torture/ndr/krb5pac.c                      |   705 +
 source4/torture/ndr/lsa.c                          |  2229 +
 source4/torture/ndr/nbt.c                          |   253 +
 source4/torture/ndr/ndr.c                          |   831 +
 source4/torture/ndr/ndr.h                          |   249 +
 source4/torture/ndr/negoex.c                       |   100 +
 source4/torture/ndr/netlogon.c                     |   825 +
 source4/torture/ndr/ntlmssp.c                      |   296 +
 source4/torture/ndr/ntprinting.c                   |   655 +
 source4/torture/ndr/odj.c                          |   210 +
 source4/torture/ndr/samr.c                         |   355 +
 source4/torture/ndr/spoolss.c                      |  2064 +
 source4/torture/ndr/string.c                       |   223 +
 source4/torture/ndr/svcctl.c                       |    88 +
 source4/torture/ndr/winreg.c                       |   620 +
 source4/torture/ndr/winspool.c                     |   173 +
 source4/torture/ndr/witness.c                      |   411 +
 source4/torture/ntp/ntp_signd.c                    |   306 +
 source4/torture/rap/printing.c                     |   711 +
 source4/torture/rap/rap.c                          |   275 +
 source4/torture/rap/rpc.c                          |   100 +
 source4/torture/rap/sam.c                          |   376 +
 source4/torture/raw/acls.c                         |  2556 +
 source4/torture/raw/chkpath.c                      |   390 +
 source4/torture/raw/close.c                        |   178 +
 source4/torture/raw/composite.c                    |   417 +
 source4/torture/raw/context.c                      |   893 +
 source4/torture/raw/eas.c                          |   594 +
 source4/torture/raw/ioctl.c                        |   191 +
 source4/torture/raw/lock.c                         |  3586 ++
 source4/torture/raw/lockbench.c                    |   447 +
 source4/torture/raw/lookuprate.c                   |   318 +
 source4/torture/raw/missing.txt                    |   160 +
 source4/torture/raw/mkdir.c                        |   171 +
 source4/torture/raw/mux.c                          |   342 +
 source4/torture/raw/notify.c                       |  2297 +
 source4/torture/raw/offline.c                      |   514 +
 source4/torture/raw/open.c                         |  2253 +
 source4/torture/raw/openbench.c                    |   502 +
 source4/torture/raw/oplock.c                       |  4672 ++
 source4/torture/raw/pingpong.c                     |   248 +
 source4/torture/raw/qfileinfo.c                    |  1084 +
 source4/torture/raw/qfsinfo.c                      |   340 +
 source4/torture/raw/raw.c                          |    87 +
 source4/torture/raw/read.c                         |  1039 +
 source4/torture/raw/rename.c                       |   692 +
 source4/torture/raw/samba3hide.c                   |   326 +
 source4/torture/raw/samba3misc.c                   |  1137 +
 source4/torture/raw/search.c                       |  1653 +
 source4/torture/raw/seek.c                         |   242 +
 source4/torture/raw/session.c                      |   446 +
 source4/torture/raw/setfileinfo.c                  |  1152 +
 source4/torture/raw/streams.c                      |  2091 +
 source4/torture/raw/tconrate.c                     |   208 +
 source4/torture/raw/unlink.c                       |   470 +
 source4/torture/raw/write.c                        |   799 +
 source4/torture/rpc/alter_context.c                |   112 +
 source4/torture/rpc/async_bind.c                   |    86 +
 source4/torture/rpc/atsvc.c                        |   138 +
 source4/torture/rpc/backupkey.c                    |  2431 +
 source4/torture/rpc/bench.c                        |   152 +
 source4/torture/rpc/bind.c                         |   245 +
 source4/torture/rpc/browser.c                      |   124 +
 source4/torture/rpc/clusapi.c                      |  4185 ++
 source4/torture/rpc/countcalls.c                   |   131 +
 source4/torture/rpc/dfs.c                          |   651 +
 source4/torture/rpc/drsuapi.c                      |  1049 +
 source4/torture/rpc/drsuapi.h                      |    94 +
 source4/torture/rpc/drsuapi_cracknames.c           |  1087 +
 source4/torture/rpc/drsuapi_w2k8.c                 |   334 +
 source4/torture/rpc/dsgetinfo.c                    |   452 +
 source4/torture/rpc/dssetup.c                      |    64 +
 source4/torture/rpc/echo.c                         |   474 +
 source4/torture/rpc/epmapper.c                     |   679 +
 source4/torture/rpc/eventlog.c                     |   501 +
 source4/torture/rpc/forest_trust.c                 |   914 +
 source4/torture/rpc/frsapi.c                       |   276 +
 source4/torture/rpc/fsrvp.c                        |   973 +
 source4/torture/rpc/handles.c                      |   622 +
 source4/torture/rpc/initshutdown.c                 |   116 +
 source4/torture/rpc/iremotewinspool.c              |  1090 +
 source4/torture/rpc/iremotewinspool_common.c       |   269 +
 source4/torture/rpc/iremotewinspool_common.h       |   110 +
 source4/torture/rpc/iremotewinspool_driver.c       |   840 +
 source4/torture/rpc/join.c                         |    86 +
 source4/torture/rpc/lsa.c                          |  5645 +++
 source4/torture/rpc/lsa_lookup.c                   |   428 +
 source4/torture/rpc/mdssvc.c                       |  1056 +
 source4/torture/rpc/mgmt.c                         |   328 +
 source4/torture/rpc/netlogon.c                     |  6038 +++
 source4/torture/rpc/netlogon.h                     |    37 +
 source4/torture/rpc/netlogon_crypto.c              |   274 +
 source4/torture/rpc/ntsvcs.c                       |   189 +
 source4/torture/rpc/object_uuid.c                  |    85 +
 source4/torture/rpc/remote_pac.c                   |  1425 +
 source4/torture/rpc/rpc.c                          |   661 +
 source4/torture/rpc/samba3rpc.c                    |  4729 ++
 source4/torture/rpc/samlogon.c                     |  2121 +
 source4/torture/rpc/samr.c                         |  9466 ++++
 source4/torture/rpc/samr_accessmask.c              |  1197 +
 source4/torture/rpc/samr_handletype.c              |   217 +
 source4/torture/rpc/samr_priv.c                    |   580 +
 source4/torture/rpc/samsync.c                      |  1798 +
 source4/torture/rpc/scanner.c                      |   187 +
 source4/torture/rpc/schannel.c                     |  1338 +
 source4/torture/rpc/session_key.c                  |   250 +
 source4/torture/rpc/spoolss.c                      | 11705 +++++
 source4/torture/rpc/spoolss_access.c               |   905 +
 source4/torture/rpc/spoolss_notify.c               |   636 +
 source4/torture/rpc/spoolss_win.c                  |   612 +
 source4/torture/rpc/srvsvc.c                       |  1206 +
 source4/torture/rpc/svcctl.c                       |   828 +
 source4/torture/rpc/testjoin.c                     |   915 +
 source4/torture/rpc/torture_rpc.h                  |   126 +
 source4/torture/rpc/unixinfo.c                     |   149 +
 source4/torture/rpc/winreg.c                       |  3335 ++
 source4/torture/rpc/witness.c                      |   911 +
 source4/torture/rpc/wkssvc.c                       |  1458 +
 source4/torture/shell.c                            |   326 +
 source4/torture/smb2/acls.c                        |  3340 ++
 source4/torture/smb2/attr.c                        |   710 +
 source4/torture/smb2/bench.c                       |  1376 +
 source4/torture/smb2/block.c                       |   446 +
 source4/torture/smb2/block.h                       |    43 +
 source4/torture/smb2/charset.c                     |   235 +
 source4/torture/smb2/compound.c                    |  2595 +
 source4/torture/smb2/connect.c                     |   257 +
 source4/torture/smb2/create.c                      |  3629 ++
 source4/torture/smb2/credits.c                     |   268 +
 source4/torture/smb2/delete-on-close.c             |   762 +
 source4/torture/smb2/deny.c                        |   526 +
 source4/torture/smb2/dir.c                         |  1606 +
 source4/torture/smb2/dosmode.c                     |   254 +
 source4/torture/smb2/durable_open.c                |  2872 ++
 source4/torture/smb2/durable_v2_open.c             |  2371 +
 source4/torture/smb2/ea.c                          |   152 +
 source4/torture/smb2/getinfo.c                     |   951 +
 source4/torture/smb2/ioctl.c                       |  7552 +++
 source4/torture/smb2/lease.c                       |  4819 ++
 source4/torture/smb2/lease_break_handler.c         |   161 +
 source4/torture/smb2/lease_break_handler.h         |   134 +
 source4/torture/smb2/lock.c                        |  3513 ++
 source4/torture/smb2/mangle.c                      |   341 +
 source4/torture/smb2/max_allowed.c                 |   248 +
 source4/torture/smb2/maxfid.c                      |   149 +
 source4/torture/smb2/maxwrite.c                    |   137 +
 source4/torture/smb2/mkdir.c                       |   105 +
 source4/torture/smb2/multichannel.c                |  2743 ++
 source4/torture/smb2/notify.c                      |  2786 ++
 source4/torture/smb2/notify_disabled.c             |   120 +
 source4/torture/smb2/oplock.c                      |  5405 +++
 source4/torture/smb2/oplock_break_handler.c        |   169 +
 source4/torture/smb2/oplock_break_handler.h        |    57 +
 source4/torture/smb2/read.c                        |   573 +
 source4/torture/smb2/read_write.c                  |   361 +
 source4/torture/smb2/rename.c                      |  1751 +
 source4/torture/smb2/replay.c                      |  5515 +++
 source4/torture/smb2/samba3misc.c                  |   189 +
 source4/torture/smb2/scan.c                        |   265 +
 source4/torture/smb2/secleak.c                     |    91 +
 source4/torture/smb2/sessid.c                      |   100 +
 source4/torture/smb2/session.c                     |  5670 +++
 source4/torture/smb2/setinfo.c                     |   410 +
 source4/torture/smb2/sharemode.c                   |   755 +
 source4/torture/smb2/smb2.c                        |   230 +
 source4/torture/smb2/streams.c                     |  2424 +
 source4/torture/smb2/tcon.c                        |   146 +
 source4/torture/smb2/timestamps.c                  |  1344 +
 source4/torture/smb2/util.c                        |  1045 +
 source4/torture/smb2/wscript_build                 |    59 +
 source4/torture/smbtorture.c                       |   770 +
 source4/torture/smbtorture.h                       |   146 +
 source4/torture/tests/test_gentest.sh              |    35 +
 source4/torture/tests/test_locktest.sh             |    28 +
 source4/torture/tests/test_masktest.sh             |    28 +
 source4/torture/torture.c                          |    59 +
 source4/torture/unix/unix.c                        |    40 +
 source4/torture/unix/unix_info2.c                  |   503 +
 source4/torture/unix/whoami.c                      |   433 +
 source4/torture/util.h                             |   121 +
 source4/torture/util_smb.c                         |  1020 +
 source4/torture/vfs/acl_xattr.c                    |   281 +
 source4/torture/vfs/fruit.c                        |  8839 ++++
 source4/torture/vfs/vfs.c                          |   123 +
 source4/torture/winbind/struct_based.c             |  1190 +
 source4/torture/winbind/winbind.c                  |   335 +
 source4/torture/winbind/wscript_build              |    10 +
 source4/torture/wscript_build                      |   361 +
 source4/utils/oLschema2ldif/lib.c                  |   621 +
 source4/utils/oLschema2ldif/lib.h                  |    45 +
 source4/utils/oLschema2ldif/main.c                 |   140 +
 source4/utils/oLschema2ldif/oLschema2ldif.1.xml    |    82 +
 source4/utils/oLschema2ldif/test.c                 |   207 +
 source4/utils/oLschema2ldif/wscript_build          |    20 +
 source4/utils/tests/test_nmblookup.sh              |    38 +
 source4/utils/tests/test_samba_tool.sh             |    46 +
 source4/utils/tests/test_smbclient.sh              |    35 +
 source4/winbind/idmap.c                            |   860 +
 source4/winbind/idmap.h                            |    38 +
 source4/winbind/winbindd.c                         |   119 +
 source4/winbind/wscript_build                      |    18 +
 source4/wrepl_server/wrepl_apply_records.c         |  1503 +
 source4/wrepl_server/wrepl_in_call.c               |   589 +
 source4/wrepl_server/wrepl_in_connection.c         |   476 +
 source4/wrepl_server/wrepl_out_helpers.c           |  1146 +
 source4/wrepl_server/wrepl_out_helpers.h           |    37 +
 source4/wrepl_server/wrepl_out_pull.c              |   142 +
 source4/wrepl_server/wrepl_out_push.c              |   144 +
 source4/wrepl_server/wrepl_periodic.c              |   118 +
 source4/wrepl_server/wrepl_scavenging.c            |   570 +
 source4/wrepl_server/wrepl_server.c                |   558 +
 source4/wrepl_server/wrepl_server.h                |   321 +
 source4/wrepl_server/wscript_build                 |    11 +
 source4/wscript_build                              |    13 +
 1363 files changed, 1194921 insertions(+)
 create mode 100644 source4/.clang_complete
 create mode 100644 source4/.valgrind_suppressions
 create mode 100644 source4/auth/auth.h
 create mode 100644 source4/auth/gensec/gensec_gssapi.c
 create mode 100644 source4/auth/gensec/gensec_gssapi.h
 create mode 100644 source4/auth/gensec/gensec_krb5.c
 create mode 100644 source4/auth/gensec/gensec_krb5.h
 create mode 100644 source4/auth/gensec/gensec_krb5_heimdal.c
 create mode 100644 source4/auth/gensec/gensec_krb5_helpers.c
 create mode 100644 source4/auth/gensec/gensec_krb5_helpers.h
 create mode 100644 source4/auth/gensec/gensec_krb5_internal.h
 create mode 100644 source4/auth/gensec/gensec_krb5_mit.c
 create mode 100644 source4/auth/gensec/gensec_tstream.c
 create mode 100644 source4/auth/gensec/gensec_tstream.h
 create mode 100644 source4/auth/gensec/pygensec.c
 create mode 100644 source4/auth/gensec/wscript_build
 create mode 100644 source4/auth/kerberos/kerberos-notes.txt
 create mode 100644 source4/auth/kerberos/kerberos-porting-to-mit-notes.txt
 create mode 100644 source4/auth/kerberos/kerberos.h
 create mode 100644 source4/auth/kerberos/kerberos_credentials.h
 create mode 100644 source4/auth/kerberos/kerberos_pac.c
 create mode 100644 source4/auth/kerberos/kerberos_util.c
 create mode 100644 source4/auth/kerberos/krb5_init_context.c
 create mode 100644 source4/auth/kerberos/krb5_init_context.h
 create mode 100644 source4/auth/kerberos/srv_keytab.c
 create mode 100644 source4/auth/kerberos/wscript_build
 create mode 100644 source4/auth/ntlm/auth.c
 create mode 100644 source4/auth/ntlm/auth_anonymous.c
 create mode 100644 source4/auth/ntlm/auth_developer.c
 create mode 100644 source4/auth/ntlm/auth_sam.c
 create mode 100644 source4/auth/ntlm/auth_server_service.c
 create mode 100644 source4/auth/ntlm/auth_simple.c
 create mode 100644 source4/auth/ntlm/auth_util.c
 create mode 100644 source4/auth/ntlm/auth_winbind.c
 create mode 100644 source4/auth/ntlm/wscript_build
 create mode 100644 source4/auth/pyauth.c
 create mode 100644 source4/auth/pyauth.h
 create mode 100644 source4/auth/sam.c
 create mode 100644 source4/auth/samba_server_gensec.c
 create mode 100644 source4/auth/session.c
 create mode 100644 source4/auth/session.h
 create mode 100644 source4/auth/system_session.c
 create mode 100644 source4/auth/tests/heimdal_unwrap_des.c
 create mode 100644 source4/auth/tests/kerberos.c
 create mode 100644 source4/auth/tests/sam.c
 create mode 100644 source4/auth/unix_token.c
 create mode 100644 source4/auth/wscript_build
 create mode 100644 source4/auth/wscript_configure
 create mode 100644 source4/cldap_server/cldap_server.c
 create mode 100644 source4/cldap_server/cldap_server.h
 create mode 100644 source4/cldap_server/rootdse.c
 create mode 100644 source4/cldap_server/wscript_build
 create mode 100644 source4/client/cifsdd.c
 create mode 100644 source4/client/cifsdd.h
 create mode 100644 source4/client/cifsddio.c
 create mode 100644 source4/client/client.c
 create mode 100755 source4/client/tests/test_cifsdd.sh
 create mode 100755 source4/client/tests/test_smbclient.sh
 create mode 100644 source4/cluster/cluster.c
 create mode 100644 source4/cluster/cluster.h
 create mode 100644 source4/cluster/cluster_private.h
 create mode 100644 source4/cluster/local.c
 create mode 100644 source4/cluster/wscript_build
 create mode 100644 source4/dns_server/TODO
 create mode 100644 source4/dns_server/dlz_bind9.c
 create mode 100644 source4/dns_server/dlz_minimal.h
 create mode 100644 source4/dns_server/dns_crypto.c
 create mode 100644 source4/dns_server/dns_query.c
 create mode 100644 source4/dns_server/dns_server.c
 create mode 100644 source4/dns_server/dns_server.h
 create mode 100644 source4/dns_server/dns_update.c
 create mode 100644 source4/dns_server/dns_utils.c
 create mode 100644 source4/dns_server/dnsserver_common.c
 create mode 100644 source4/dns_server/dnsserver_common.h
 create mode 100644 source4/dns_server/pydns.c
 create mode 100644 source4/dns_server/wscript_build
 create mode 100644 source4/dsdb/common/dsdb_access.c
 create mode 100644 source4/dsdb/common/dsdb_dn.c
 create mode 100644 source4/dsdb/common/dsdb_dn.h
 create mode 100644 source4/dsdb/common/rodc_helper.c
 create mode 100644 source4/dsdb/common/tests/dsdb.c
 create mode 100644 source4/dsdb/common/tests/dsdb_dn.c
 create mode 100644 source4/dsdb/common/util.c
 create mode 100644 source4/dsdb/common/util.h
 create mode 100644 source4/dsdb/common/util_groups.c
 create mode 100644 source4/dsdb/common/util_links.c
 create mode 100644 source4/dsdb/common/util_links.h
 create mode 100644 source4/dsdb/common/util_samr.c
 create mode 100644 source4/dsdb/common/util_trusts.c
 create mode 100644 source4/dsdb/dns/dns_update.c
 create mode 100644 source4/dsdb/kcc/garbage_collect_tombstones.c
 create mode 100644 source4/dsdb/kcc/garbage_collect_tombstones.h
 create mode 100644 source4/dsdb/kcc/kcc_connection.c
 create mode 100644 source4/dsdb/kcc/kcc_connection.h
 create mode 100644 source4/dsdb/kcc/kcc_drs_replica_info.c
 create mode 100644 source4/dsdb/kcc/kcc_periodic.c
 create mode 100644 source4/dsdb/kcc/kcc_service.c
 create mode 100644 source4/dsdb/kcc/kcc_service.h
 create mode 100644 source4/dsdb/kcc/scavenge_dns_records.c
 create mode 100644 source4/dsdb/kcc/scavenge_dns_records.h
 create mode 100644 source4/dsdb/pydsdb.c
 create mode 100644 source4/dsdb/repl/drepl_extended.c
 create mode 100644 source4/dsdb/repl/drepl_fsmo.c
 create mode 100644 source4/dsdb/repl/drepl_notify.c
 create mode 100644 source4/dsdb/repl/drepl_out_helpers.c
 create mode 100644 source4/dsdb/repl/drepl_out_helpers.h
 create mode 100644 source4/dsdb/repl/drepl_out_pull.c
 create mode 100644 source4/dsdb/repl/drepl_partitions.c
 create mode 100644 source4/dsdb/repl/drepl_periodic.c
 create mode 100644 source4/dsdb/repl/drepl_replica.c
 create mode 100644 source4/dsdb/repl/drepl_ridalloc.c
 create mode 100644 source4/dsdb/repl/drepl_secret.c
 create mode 100644 source4/dsdb/repl/drepl_service.c
 create mode 100644 source4/dsdb/repl/drepl_service.h
 create mode 100644 source4/dsdb/repl/replicated_objects.c
 create mode 100644 source4/dsdb/samdb.pc.in
 create mode 100644 source4/dsdb/samdb/cracknames.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/acl.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/acl_read.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/acl_util.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/anr.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/audit_log.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/audit_util.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/count_attrs.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/descriptor.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/dirsync.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/dns_notify.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/dsdb_notification.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/extended_dn_in.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/extended_dn_out.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/extended_dn_store.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/group_audit.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/instancetype.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/lazy_commit.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/linked_attributes.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/netlogon.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/new_partition.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/objectclass.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/objectguid.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/operational.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/paged_results.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/partition.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/partition.h
 create mode 100644 source4/dsdb/samdb/ldb_modules/partition_init.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/partition_metadata.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/password_hash.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/password_modules.h
 create mode 100644 source4/dsdb/samdb/ldb_modules/proxy.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/ranged_results.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/repl_meta_data.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/resolve_oids.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/ridalloc.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/rootdse.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/samba3sam.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/samba3sid.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/samba_dsdb.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/samba_secrets.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/samldb.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/schema_data.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/schema_load.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/schema_util.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/secrets_tdb_sync.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/show_deleted.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/subtree_delete.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/subtree_rename.c
 create mode 100755 source4/dsdb/samdb/ldb_modules/tests/possibleinferiors.py
 create mode 100644 source4/dsdb/samdb/ldb_modules/tests/test_audit_log.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/tests/test_audit_log_errors.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/tests/test_audit_util.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/tests/test_encrypted_secrets.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/tests/test_group_audit.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/tests/test_group_audit.valgrind
 create mode 100644 source4/dsdb/samdb/ldb_modules/tests/test_group_audit_errors.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/tests/test_unique_object_sids.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/tombstone_reanimate.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/unique_object_sids.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/update_keytab.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/util.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/util.h
 create mode 100644 source4/dsdb/samdb/ldb_modules/vlv_pagination.c
 create mode 100644 source4/dsdb/samdb/ldb_modules/wscript
 create mode 100644 source4/dsdb/samdb/ldb_modules/wscript_build
 create mode 100644 source4/dsdb/samdb/ldb_modules/wscript_build_server
 create mode 100644 source4/dsdb/samdb/samdb.c
 create mode 100644 source4/dsdb/samdb/samdb.h
 create mode 100644 source4/dsdb/samdb/samdb_privilege.c
 create mode 100644 source4/dsdb/schema/dsdb_dn.c
 create mode 100644 source4/dsdb/schema/prefixmap.h
 create mode 100644 source4/dsdb/schema/schema.h
 create mode 100644 source4/dsdb/schema/schema_convert_to_ol.c
 create mode 100644 source4/dsdb/schema/schema_description.c
 create mode 100644 source4/dsdb/schema/schema_filtered.c
 create mode 100644 source4/dsdb/schema/schema_inferiors.c
 create mode 100644 source4/dsdb/schema/schema_info_attr.c
 create mode 100644 source4/dsdb/schema/schema_init.c
 create mode 100644 source4/dsdb/schema/schema_prefixmap.c
 create mode 100644 source4/dsdb/schema/schema_query.c
 create mode 100644 source4/dsdb/schema/schema_set.c
 create mode 100644 source4/dsdb/schema/schema_syntax.c
 create mode 100644 source4/dsdb/schema/tests/schema_syntax.c
 create mode 100755 source4/dsdb/tests/python/acl.py
 create mode 100755 source4/dsdb/tests/python/acl_modify.py
 create mode 100644 source4/dsdb/tests/python/ad_dc_medley_performance.py
 create mode 100644 source4/dsdb/tests/python/ad_dc_multi_bind.py
 create mode 100644 source4/dsdb/tests/python/ad_dc_performance.py
 create mode 100644 source4/dsdb/tests/python/ad_dc_provision_performance.py
 create mode 100644 source4/dsdb/tests/python/ad_dc_search_performance.py
 create mode 100644 source4/dsdb/tests/python/asq.py
 create mode 100644 source4/dsdb/tests/python/attr_from_server.py
 create mode 100755 source4/dsdb/tests/python/confidential_attr.py
 create mode 100755 source4/dsdb/tests/python/deletetest.py
 create mode 100755 source4/dsdb/tests/python/dirsync.py
 create mode 100644 source4/dsdb/tests/python/dsdb_schema_info.py
 create mode 100644 source4/dsdb/tests/python/large_ldap.py
 create mode 100755 source4/dsdb/tests/python/ldap.py
 create mode 100644 source4/dsdb/tests/python/ldap_modify_order.py
 create mode 100755 source4/dsdb/tests/python/ldap_schema.py
 create mode 100755 source4/dsdb/tests/python/ldap_syntaxes.py
 create mode 100644 source4/dsdb/tests/python/linked_attributes.py
 create mode 100755 source4/dsdb/tests/python/login_basics.py
 create mode 100644 source4/dsdb/tests/python/ndr_pack_performance.py
 create mode 100755 source4/dsdb/tests/python/notification.py
 create mode 100755 source4/dsdb/tests/python/password_lockout.py
 create mode 100644 source4/dsdb/tests/python/password_lockout_base.py
 create mode 100644 source4/dsdb/tests/python/password_settings.py
 create mode 100755 source4/dsdb/tests/python/passwords.py
 create mode 100644 source4/dsdb/tests/python/priv_attrs.py
 create mode 100755 source4/dsdb/tests/python/rodc.py
 create mode 100644 source4/dsdb/tests/python/rodc_rwdc.py
 create mode 100755 source4/dsdb/tests/python/sam.py
 create mode 100755 source4/dsdb/tests/python/sec_descriptor.py
 create mode 100755 source4/dsdb/tests/python/sites.py
 create mode 100644 source4/dsdb/tests/python/sort.py
 create mode 100644 source4/dsdb/tests/python/subtree_rename.py
 create mode 100644 source4/dsdb/tests/python/testdata/modify_order_account_locality_device-non-admin.expected
 create mode 100644 source4/dsdb/tests/python/testdata/modify_order_account_locality_device.expected
 create mode 100644 source4/dsdb/tests/python/testdata/modify_order_container_flags-non-admin.expected
 create mode 100644 source4/dsdb/tests/python/testdata/modify_order_container_flags.expected
 create mode 100644 source4/dsdb/tests/python/testdata/modify_order_container_flags_multivalue-non-admin.expected
 create mode 100644 source4/dsdb/tests/python/testdata/modify_order_container_flags_multivalue.expected
 create mode 100644 source4/dsdb/tests/python/testdata/modify_order_inapplicable-non-admin.expected
 create mode 100644 source4/dsdb/tests/python/testdata/modify_order_inapplicable.expected
 create mode 100644 source4/dsdb/tests/python/testdata/modify_order_member-non-admin.expected
 create mode 100644 source4/dsdb/tests/python/testdata/modify_order_member.expected
 create mode 100644 source4/dsdb/tests/python/testdata/modify_order_mixed-non-admin.expected
 create mode 100644 source4/dsdb/tests/python/testdata/modify_order_mixed.expected
 create mode 100644 source4/dsdb/tests/python/testdata/modify_order_mixed2-non-admin.expected
 create mode 100644 source4/dsdb/tests/python/testdata/modify_order_mixed2.expected
 create mode 100644 source4/dsdb/tests/python/testdata/modify_order_objectclass-non-admin.expected
 create mode 100644 source4/dsdb/tests/python/testdata/modify_order_objectclass.expected
 create mode 100644 source4/dsdb/tests/python/testdata/modify_order_objectclass2-non-admin.expected
 create mode 100644 source4/dsdb/tests/python/testdata/modify_order_objectclass2.expected
 create mode 100644 source4/dsdb/tests/python/testdata/modify_order_singlevalue-non-admin.expected
 create mode 100644 source4/dsdb/tests/python/testdata/modify_order_singlevalue.expected
 create mode 100644 source4/dsdb/tests/python/testdata/modify_order_sometimes_inapplicable-non-admin.expected
 create mode 100644 source4/dsdb/tests/python/testdata/modify_order_sometimes_inapplicable.expected
 create mode 100644 source4/dsdb/tests/python/testdata/modify_order_telephone-non-admin.expected
 create mode 100644 source4/dsdb/tests/python/testdata/modify_order_telephone.expected
 create mode 100644 source4/dsdb/tests/python/testdata/modify_order_telephone_delete_delete-non-admin.expected
 create mode 100644 source4/dsdb/tests/python/testdata/modify_order_telephone_delete_delete.expected
 create mode 100644 source4/dsdb/tests/python/testdata/simplesort.expected
 create mode 100644 source4/dsdb/tests/python/testdata/unicodesort.expected
 create mode 100755 source4/dsdb/tests/python/token_group.py
 create mode 100755 source4/dsdb/tests/python/tombstone_reanimation.py
 create mode 100644 source4/dsdb/tests/python/unicodepwd_encrypted.py
 create mode 100755 source4/dsdb/tests/python/urgent_replication.py
 create mode 100755 source4/dsdb/tests/python/user_account_control.py
 create mode 100644 source4/dsdb/tests/python/vlv.py
 create mode 100644 source4/dsdb/wscript_build
 create mode 100644 source4/echo_server/echo_server.c
 create mode 100644 source4/echo_server/echo_server.h
 create mode 100644 source4/echo_server/wscript_build
 create mode 100644 source4/include/includes.h
 create mode 100644 source4/kdc/ad_claims.c
 create mode 100644 source4/kdc/ad_claims.h
 create mode 100644 source4/kdc/authn_policy_util.c
 create mode 100644 source4/kdc/authn_policy_util.h
 create mode 100644 source4/kdc/db-glue.c
 create mode 100644 source4/kdc/db-glue.h
 create mode 100644 source4/kdc/hdb-samba4-plugin.c
 create mode 100644 source4/kdc/hdb-samba4.c
 create mode 100644 source4/kdc/kdc-glue.c
 create mode 100644 source4/kdc/kdc-glue.h
 create mode 100644 source4/kdc/kdc-heimdal.c
 create mode 100644 source4/kdc/kdc-proxy.c
 create mode 100644 source4/kdc/kdc-proxy.h
 create mode 100644 source4/kdc/kdc-server.c
 create mode 100644 source4/kdc/kdc-server.h
 create mode 100644 source4/kdc/kdc-service-mit.c
 create mode 100644 source4/kdc/kdc-service-mit.h
 create mode 100644 source4/kdc/kpasswd-helper.c
 create mode 100644 source4/kdc/kpasswd-helper.h
 create mode 100644 source4/kdc/kpasswd-service-heimdal.c
 create mode 100644 source4/kdc/kpasswd-service-mit.c
 create mode 100644 source4/kdc/kpasswd-service.c
 create mode 100644 source4/kdc/kpasswd-service.h
 create mode 100644 source4/kdc/kpasswd_glue.c
 create mode 100644 source4/kdc/kpasswd_glue.h
 create mode 100644 source4/kdc/ktutil.c
 create mode 100644 source4/kdc/mit-kdb/kdb_samba.c
 create mode 100644 source4/kdc/mit-kdb/kdb_samba.h
 create mode 100644 source4/kdc/mit-kdb/kdb_samba_change_pwd.c
 create mode 100644 source4/kdc/mit-kdb/kdb_samba_common.c
 create mode 100644 source4/kdc/mit-kdb/kdb_samba_masterkey.c
 create mode 100644 source4/kdc/mit-kdb/kdb_samba_pac.c
 create mode 100644 source4/kdc/mit-kdb/kdb_samba_policies.c
 create mode 100644 source4/kdc/mit-kdb/kdb_samba_principals.c
 create mode 100644 source4/kdc/mit-kdb/wscript_build
 create mode 100644 source4/kdc/mit_kdc_irpc.c
 create mode 100644 source4/kdc/mit_kdc_irpc.h
 create mode 100644 source4/kdc/mit_samba.c
 create mode 100644 source4/kdc/mit_samba.h
 create mode 100644 source4/kdc/pac-blobs.c
 create mode 100644 source4/kdc/pac-blobs.h
 create mode 100644 source4/kdc/pac-glue.c
 create mode 100644 source4/kdc/pac-glue.h
 create mode 100644 source4/kdc/samba_kdc.h
 create mode 100644 source4/kdc/sdb.c
 create mode 100644 source4/kdc/sdb.h
 create mode 100644 source4/kdc/sdb_to_hdb.c
 create mode 100644 source4/kdc/sdb_to_kdb.c
 create mode 100644 source4/kdc/wdc-samba4.c
 create mode 100644 source4/kdc/wscript_build
 create mode 100644 source4/ldap_server/ldap_backend.c
 create mode 100644 source4/ldap_server/ldap_bind.c
 create mode 100644 source4/ldap_server/ldap_extended.c
 create mode 100644 source4/ldap_server/ldap_server.c
 create mode 100644 source4/ldap_server/ldap_server.h
 create mode 100644 source4/ldap_server/wscript_build
 create mode 100644 source4/lib/events/events.h
 create mode 100644 source4/lib/events/tevent_s4.c
 create mode 100644 source4/lib/events/wscript_build
 create mode 100644 source4/lib/messaging/irpc.h
 create mode 100644 source4/lib/messaging/messaging.c
 create mode 100644 source4/lib/messaging/messaging.h
 create mode 100644 source4/lib/messaging/messaging_handlers.c
 create mode 100644 source4/lib/messaging/messaging_internal.h
 create mode 100644 source4/lib/messaging/messaging_send.c
 create mode 100644 source4/lib/messaging/pymessaging.c
 create mode 100644 source4/lib/messaging/tests/irpc.c
 create mode 100644 source4/lib/messaging/tests/messaging.c
 create mode 100644 source4/lib/messaging/wscript_build
 create mode 100644 source4/lib/policy/gp_filesys.c
 create mode 100644 source4/lib/policy/gp_ini.c
 create mode 100644 source4/lib/policy/gp_ldap.c
 create mode 100644 source4/lib/policy/gp_manage.c
 create mode 100644 source4/lib/policy/policy.h
 create mode 100644 source4/lib/policy/pypolicy.c
 create mode 100644 source4/lib/policy/samba-policy.pc.in
 create mode 100644 source4/lib/policy/wscript_build
 create mode 100644 source4/lib/registry/Doxyfile
 create mode 100644 source4/lib/registry/README
 create mode 100644 source4/lib/registry/TODO
 create mode 100644 source4/lib/registry/hive.c
 create mode 100644 source4/lib/registry/interface.c
 create mode 100644 source4/lib/registry/ldb.c
 create mode 100644 source4/lib/registry/local.c
 create mode 100644 source4/lib/registry/man/regdiff.1.xml
 create mode 100644 source4/lib/registry/man/regpatch.1.xml
 create mode 100644 source4/lib/registry/man/regshell.1.xml
 create mode 100644 source4/lib/registry/man/regtree.1.xml
 create mode 100644 source4/lib/registry/patchfile.c
 create mode 100644 source4/lib/registry/patchfile_dotreg.c
 create mode 100644 source4/lib/registry/patchfile_preg.c
 create mode 100644 source4/lib/registry/pyregistry.c
 create mode 100644 source4/lib/registry/regf.c
 create mode 100644 source4/lib/registry/regf.idl
 create mode 100644 source4/lib/registry/registry.h
 create mode 100644 source4/lib/registry/rpc.c
 create mode 100644 source4/lib/registry/samba.c
 create mode 100644 source4/lib/registry/tests/diff.c
 create mode 100644 source4/lib/registry/tests/generic.c
 create mode 100644 source4/lib/registry/tests/hive.c
 create mode 100644 source4/lib/registry/tests/registry.c
 create mode 100644 source4/lib/registry/tools/common.c
 create mode 100644 source4/lib/registry/tools/regdiff.c
 create mode 100644 source4/lib/registry/tools/regpatch.c
 create mode 100644 source4/lib/registry/tools/regshell.c
 create mode 100644 source4/lib/registry/tools/regtree.c
 create mode 100644 source4/lib/registry/util.c
 create mode 100644 source4/lib/registry/wine.c
 create mode 100644 source4/lib/registry/wscript_build
 create mode 100644 source4/lib/samba3/README
 create mode 100644 source4/lib/samba3/samba3.h
 create mode 100644 source4/lib/samba3/smbpasswd.c
 create mode 100644 source4/lib/samba3/wscript_build
 create mode 100644 source4/lib/socket/access.c
 create mode 100644 source4/lib/socket/connect.c
 create mode 100644 source4/lib/socket/connect_multi.c
 create mode 100644 source4/lib/socket/interface.c
 create mode 100644 source4/lib/socket/netif.h
 create mode 100644 source4/lib/socket/socket.c
 create mode 100644 source4/lib/socket/socket.h
 create mode 100644 source4/lib/socket/socket_ip.c
 create mode 100644 source4/lib/socket/socket_unix.c
 create mode 100644 source4/lib/socket/testsuite.c
 create mode 100644 source4/lib/socket/wscript_build
 create mode 100644 source4/lib/stream/packet.c
 create mode 100644 source4/lib/stream/packet.h
 create mode 100644 source4/lib/stream/wscript_build
 create mode 100644 source4/lib/tls/tls.h
 create mode 100644 source4/lib/tls/tls_tstream.c
 create mode 100644 source4/lib/tls/tlscert.c
 create mode 100644 source4/lib/tls/wscript_build
 create mode 100644 source4/libcli/cliconnect.c
 create mode 100644 source4/libcli/clideltree.c
 create mode 100644 source4/libcli/clifile.c
 create mode 100644 source4/libcli/clilist.c
 create mode 100644 source4/libcli/climessage.c
 create mode 100644 source4/libcli/clireadwrite.c
 create mode 100644 source4/libcli/clitrans2.c
 create mode 100644 source4/libcli/composite/composite.c
 create mode 100644 source4/libcli/composite/composite.h
 create mode 100644 source4/libcli/dgram/browse.c
 create mode 100644 source4/libcli/dgram/dgramsocket.c
 create mode 100644 source4/libcli/dgram/libdgram.h
 create mode 100644 source4/libcli/dgram/mailslot.c
 create mode 100644 source4/libcli/dgram/netlogon.c
 create mode 100644 source4/libcli/finddc.h
 create mode 100644 source4/libcli/finddcs_cldap.c
 create mode 100644 source4/libcli/ldap/ldap_bind.c
 create mode 100644 source4/libcli/ldap/ldap_client.c
 create mode 100644 source4/libcli/ldap/ldap_client.h
 create mode 100644 source4/libcli/ldap/ldap_controls.c
 create mode 100644 source4/libcli/ldap/ldap_ildap.c
 create mode 100644 source4/libcli/ldap/libcli_ldap.h
 create mode 100644 source4/libcli/ldap/wscript_build
 create mode 100644 source4/libcli/libcli.h
 create mode 100644 source4/libcli/rap/rap.c
 create mode 100644 source4/libcli/rap/rap.h
 create mode 100644 source4/libcli/rap/wscript_build
 create mode 100644 source4/libcli/raw/README
 create mode 100644 source4/libcli/raw/clierror.c
 create mode 100644 source4/libcli/raw/clioplock.c
 create mode 100644 source4/libcli/raw/clisession.c
 create mode 100644 source4/libcli/raw/clisocket.c
 create mode 100644 source4/libcli/raw/clitransport.c
 create mode 100644 source4/libcli/raw/clitree.c
 create mode 100644 source4/libcli/raw/interfaces.h
 create mode 100644 source4/libcli/raw/libcliraw.h
 create mode 100644 source4/libcli/raw/rawacl.c
 create mode 100644 source4/libcli/raw/rawdate.c
 create mode 100644 source4/libcli/raw/raweas.c
 create mode 100644 source4/libcli/raw/rawfile.c
 create mode 100644 source4/libcli/raw/rawfileinfo.c
 create mode 100644 source4/libcli/raw/rawfsinfo.c
 create mode 100644 source4/libcli/raw/rawioctl.c
 create mode 100644 source4/libcli/raw/rawlpq.c
 create mode 100644 source4/libcli/raw/rawnegotiate.c
 create mode 100644 source4/libcli/raw/rawnotify.c
 create mode 100644 source4/libcli/raw/rawreadwrite.c
 create mode 100644 source4/libcli/raw/rawrequest.c
 create mode 100644 source4/libcli/raw/rawsearch.c
 create mode 100644 source4/libcli/raw/rawsetfileinfo.c
 create mode 100644 source4/libcli/raw/rawshadow.c
 create mode 100644 source4/libcli/raw/rawtrans.c
 create mode 100644 source4/libcli/raw/request.h
 create mode 100644 source4/libcli/raw/signing.h
 create mode 100644 source4/libcli/raw/smb.h
 create mode 100644 source4/libcli/raw/smb_signing.c
 create mode 100644 source4/libcli/raw/trans2.h
 create mode 100644 source4/libcli/resolve/bcast.c
 create mode 100644 source4/libcli/resolve/dns_ex.c
 create mode 100644 source4/libcli/resolve/host.c
 create mode 100644 source4/libcli/resolve/lmhosts.c
 create mode 100644 source4/libcli/resolve/nbtlist.c
 create mode 100644 source4/libcli/resolve/resolve.c
 create mode 100644 source4/libcli/resolve/resolve.h
 create mode 100644 source4/libcli/resolve/resolve_lp.c
 create mode 100644 source4/libcli/resolve/testsuite.c
 create mode 100644 source4/libcli/resolve/wins.c
 create mode 100644 source4/libcli/smb2/break.c
 create mode 100644 source4/libcli/smb2/cancel.c
 create mode 100644 source4/libcli/smb2/close.c
 create mode 100644 source4/libcli/smb2/connect.c
 create mode 100644 source4/libcli/smb2/create.c
 create mode 100644 source4/libcli/smb2/find.c
 create mode 100644 source4/libcli/smb2/flush.c
 create mode 100644 source4/libcli/smb2/getinfo.c
 create mode 100644 source4/libcli/smb2/ioctl.c
 create mode 100644 source4/libcli/smb2/keepalive.c
 create mode 100644 source4/libcli/smb2/lease_break.c
 create mode 100644 source4/libcli/smb2/lock.c
 create mode 100644 source4/libcli/smb2/logoff.c
 create mode 100644 source4/libcli/smb2/notify.c
 create mode 100644 source4/libcli/smb2/read.c
 create mode 100644 source4/libcli/smb2/request.c
 create mode 100644 source4/libcli/smb2/session.c
 create mode 100644 source4/libcli/smb2/setinfo.c
 create mode 100644 source4/libcli/smb2/signing.c
 create mode 100644 source4/libcli/smb2/smb2.h
 create mode 100644 source4/libcli/smb2/smb2_calls.h
 create mode 100644 source4/libcli/smb2/tcon.c
 create mode 100644 source4/libcli/smb2/tdis.c
 create mode 100644 source4/libcli/smb2/transport.c
 create mode 100644 source4/libcli/smb2/util.c
 create mode 100644 source4/libcli/smb2/write.c
 create mode 100644 source4/libcli/smb2/wscript_build
 create mode 100644 source4/libcli/smb_composite/appendacl.c
 create mode 100644 source4/libcli/smb_composite/connect.c
 create mode 100644 source4/libcli/smb_composite/connect_nego.c
 create mode 100644 source4/libcli/smb_composite/fetchfile.c
 create mode 100644 source4/libcli/smb_composite/fsinfo.c
 create mode 100644 source4/libcli/smb_composite/loadfile.c
 create mode 100644 source4/libcli/smb_composite/savefile.c
 create mode 100644 source4/libcli/smb_composite/sesssetup.c
 create mode 100644 source4/libcli/smb_composite/smb2.c
 create mode 100644 source4/libcli/smb_composite/smb_composite.h
 create mode 100644 source4/libcli/util/clilsa.c
 create mode 100644 source4/libcli/util/pyerrors.h
 create mode 100644 source4/libcli/wbclient/wbclient.c
 create mode 100644 source4/libcli/wbclient/wbclient.h
 create mode 100644 source4/libcli/wbclient/wscript_build
 create mode 100644 source4/libcli/wrepl/winsrepl.c
 create mode 100644 source4/libcli/wrepl/winsrepl.h
 create mode 100644 source4/libcli/wscript_build
 create mode 100644 source4/libnet/composite.h
 create mode 100644 source4/libnet/groupinfo.c
 create mode 100644 source4/libnet/groupinfo.h
 create mode 100644 source4/libnet/groupman.c
 create mode 100644 source4/libnet/groupman.h
 create mode 100644 source4/libnet/libnet.c
 create mode 100644 source4/libnet/libnet.h
 create mode 100644 source4/libnet/libnet_become_dc.c
 create mode 100644 source4/libnet/libnet_become_dc.h
 create mode 100644 source4/libnet/libnet_domain.c
 create mode 100644 source4/libnet/libnet_domain.h
 create mode 100644 source4/libnet/libnet_export_keytab.c
 create mode 100644 source4/libnet/libnet_export_keytab.h
 create mode 100644 source4/libnet/libnet_group.c
 create mode 100644 source4/libnet/libnet_group.h
 create mode 100644 source4/libnet/libnet_join.c
 create mode 100644 source4/libnet/libnet_join.h
 create mode 100644 source4/libnet/libnet_lookup.c
 create mode 100644 source4/libnet/libnet_lookup.h
 create mode 100644 source4/libnet/libnet_passwd.c
 create mode 100644 source4/libnet/libnet_passwd.h
 create mode 100644 source4/libnet/libnet_rpc.c
 create mode 100644 source4/libnet/libnet_rpc.h
 create mode 100644 source4/libnet/libnet_samsync.h
 create mode 100644 source4/libnet/libnet_share.c
 create mode 100644 source4/libnet/libnet_share.h
 create mode 100644 source4/libnet/libnet_site.c
 create mode 100644 source4/libnet/libnet_site.h
 create mode 100644 source4/libnet/libnet_time.c
 create mode 100644 source4/libnet/libnet_time.h
 create mode 100644 source4/libnet/libnet_unbecome_dc.c
 create mode 100644 source4/libnet/libnet_unbecome_dc.h
 create mode 100644 source4/libnet/libnet_user.c
 create mode 100644 source4/libnet/libnet_user.h
 create mode 100644 source4/libnet/libnet_vampire.c
 create mode 100644 source4/libnet/libnet_vampire.h
 create mode 100644 source4/libnet/prereq_domain.c
 create mode 100644 source4/libnet/py_net.c
 create mode 100644 source4/libnet/py_net.h
 create mode 100644 source4/libnet/py_net_dckeytab.c
 create mode 100644 source4/libnet/userinfo.c
 create mode 100644 source4/libnet/userinfo.h
 create mode 100644 source4/libnet/userman.c
 create mode 100644 source4/libnet/userman.h
 create mode 100644 source4/libnet/wscript_build
 create mode 100644 source4/librpc/dcerpc.pc.in
 create mode 100644 source4/librpc/dcerpc_samr.pc.in
 create mode 100644 source4/librpc/gen_ndr/README
 create mode 100644 source4/librpc/idl/IDL_LICENSE.txt
 create mode 100644 source4/librpc/idl/irpc.idl
 create mode 100644 source4/librpc/idl/ntp_signd.idl
 create mode 100644 source4/librpc/idl/opendb.idl
 create mode 100644 source4/librpc/idl/sasl_helpers.idl
 create mode 100644 source4/librpc/idl/winbind.idl
 create mode 100644 source4/librpc/idl/winsif.idl
 create mode 100644 source4/librpc/idl/winsrepl.idl
 create mode 100644 source4/librpc/idl/wscript_build
 create mode 100644 source4/librpc/ndr/py_auth.c
 create mode 100644 source4/librpc/ndr/py_lsa.c
 create mode 100644 source4/librpc/ndr/py_misc.c
 create mode 100644 source4/librpc/ndr/py_security.c
 create mode 100644 source4/librpc/ndr/py_xattr.c
 create mode 100644 source4/librpc/rpc/dcerpc.c
 create mode 100644 source4/librpc/rpc/dcerpc.h
 create mode 100644 source4/librpc/rpc/dcerpc.py
 create mode 100644 source4/librpc/rpc/dcerpc_auth.c
 create mode 100644 source4/librpc/rpc/dcerpc_connect.c
 create mode 100644 source4/librpc/rpc/dcerpc_roh.c
 create mode 100644 source4/librpc/rpc/dcerpc_roh.h
 create mode 100644 source4/librpc/rpc/dcerpc_roh_channel_in.c
 create mode 100644 source4/librpc/rpc/dcerpc_roh_channel_out.c
 create mode 100644 source4/librpc/rpc/dcerpc_schannel.c
 create mode 100644 source4/librpc/rpc/dcerpc_secondary.c
 create mode 100644 source4/librpc/rpc/dcerpc_smb.c
 create mode 100644 source4/librpc/rpc/dcerpc_sock.c
 create mode 100644 source4/librpc/rpc/dcerpc_util.c
 create mode 100644 source4/librpc/rpc/pyrpc.c
 create mode 100644 source4/librpc/rpc/pyrpc.h
 create mode 100644 source4/librpc/rpc/pyrpc_util.c
 create mode 100644 source4/librpc/rpc/pyrpc_util.h
 create mode 100755 source4/librpc/scripts/build_idl.sh
 create mode 100644 source4/librpc/tests/binding_string.c
 create mode 100644 source4/librpc/tests/claims_CLAIMS_SET_NDR.dat
 create mode 100644 source4/librpc/tests/claims_CLAIMS_SET_NDR.txt
 create mode 100644 source4/librpc/tests/compressed_claims.txt
 create mode 100644 source4/librpc/tests/dns-decode_dns_name_packet-hex.dat
 create mode 100644 source4/librpc/tests/dns-decode_dns_name_packet-hex.txt
 create mode 100644 source4/librpc/tests/dnsp-DnssrvRpcRecord.txt
 create mode 100644 source4/librpc/tests/fuzzed_drsuapi_DsAddEntry_1.b64.txt
 create mode 100644 source4/librpc/tests/fuzzed_drsuapi_DsAddEntry_1.txt
 create mode 100644 source4/librpc/tests/fuzzed_drsuapi_DsGetNCChanges.txt
 create mode 100644 source4/librpc/tests/fuzzed_drsuapi_DsReplicaAttribute.b64.txt
 create mode 100644 source4/librpc/tests/fuzzed_drsuapi_DsReplicaAttribute.txt
 create mode 100755 source4/librpc/tests/fuzzed_drsuapi_DsaAddressListItem_V1-in.b64.txt
 create mode 100644 source4/librpc/tests/fuzzed_ntlmssp-AUTHENTICATE_MESSAGE.b64.txt
 create mode 100644 source4/librpc/tests/fuzzed_ntlmssp-AUTHENTICATE_MESSAGE.txt
 create mode 100644 source4/librpc/tests/fuzzed_ntlmssp-CHALLENGE_MESSAGE.txt
 create mode 100644 source4/librpc/tests/gmsa_MANAGEDPASSWORD_BLOB.txt
 create mode 100644 source4/librpc/tests/krb5pac-PAC_DATA.dat
 create mode 100644 source4/librpc/tests/krb5pac_upn_dns_info_ex.b64.txt
 create mode 100644 source4/librpc/tests/krb5pac_upn_dns_info_ex.txt
 create mode 100644 source4/librpc/tests/krb5pac_upn_dns_info_ex_not_supported.b64.txt
 create mode 100644 source4/librpc/tests/krb5pac_upn_dns_info_ex_not_supported.txt
 create mode 100644 source4/librpc/tests/misc-GUID.dat
 create mode 100644 source4/librpc/tests/samr-CreateUser-in.dat
 create mode 100644 source4/librpc/tests/samr-CreateUser-out.dat
 create mode 100644 source4/librpc/tests/uncompressed_claims.txt
 create mode 100644 source4/librpc/tests/xattr_NTACL.dat
 create mode 100644 source4/librpc/tests/xattr_NTACL.txt
 create mode 100644 source4/librpc/wscript_build
 create mode 100644 source4/nbt_server/defense.c
 create mode 100644 source4/nbt_server/dgram/browse.c
 create mode 100644 source4/nbt_server/dgram/netlogon.c
 create mode 100644 source4/nbt_server/dgram/ntlogon.c
 create mode 100644 source4/nbt_server/dgram/request.c
 create mode 100644 source4/nbt_server/interfaces.c
 create mode 100644 source4/nbt_server/irpc.c
 create mode 100644 source4/nbt_server/nbt_server.c
 create mode 100644 source4/nbt_server/nbt_server.h
 create mode 100644 source4/nbt_server/nodestatus.c
 create mode 100644 source4/nbt_server/packet.c
 create mode 100644 source4/nbt_server/query.c
 create mode 100644 source4/nbt_server/register.c
 create mode 100644 source4/nbt_server/wins/wins_dns_proxy.c
 create mode 100644 source4/nbt_server/wins/wins_hook.c
 create mode 100644 source4/nbt_server/wins/wins_ldb.c
 create mode 100644 source4/nbt_server/wins/winsclient.c
 create mode 100644 source4/nbt_server/wins/winsdb.c
 create mode 100644 source4/nbt_server/wins/winsdb.h
 create mode 100644 source4/nbt_server/wins/winsserver.c
 create mode 100644 source4/nbt_server/wins/winsserver.h
 create mode 100644 source4/nbt_server/wins/winswack.c
 create mode 100644 source4/nbt_server/wscript_build
 create mode 100644 source4/ntp_signd/README
 create mode 100644 source4/ntp_signd/ntp-dev-4.2.5p125.diff
 create mode 100644 source4/ntp_signd/ntp_signd.c
 create mode 100644 source4/ntp_signd/wscript_build
 create mode 100644 source4/ntvfs/README
 create mode 100644 source4/ntvfs/cifs/README
 create mode 100644 source4/ntvfs/cifs/vfs_cifs.c
 create mode 100644 source4/ntvfs/common/brlock.c
 create mode 100644 source4/ntvfs/common/brlock.h
 create mode 100644 source4/ntvfs/common/brlock_tdb.c
 create mode 100644 source4/ntvfs/common/init.c
 create mode 100644 source4/ntvfs/common/notify.c
 create mode 100644 source4/ntvfs/common/ntvfs_common.h
 create mode 100644 source4/ntvfs/common/opendb.c
 create mode 100644 source4/ntvfs/common/opendb.h
 create mode 100644 source4/ntvfs/common/opendb_tdb.c
 create mode 100644 source4/ntvfs/common/wscript_build
 create mode 100644 source4/ntvfs/ipc/README
 create mode 100644 source4/ntvfs/ipc/ipc_rap.c
 create mode 100644 source4/ntvfs/ipc/rap_server.c
 create mode 100644 source4/ntvfs/ipc/vfs_ipc.c
 create mode 100644 source4/ntvfs/ntvfs.h
 create mode 100644 source4/ntvfs/ntvfs_base.c
 create mode 100644 source4/ntvfs/ntvfs_generic.c
 create mode 100644 source4/ntvfs/ntvfs_interface.c
 create mode 100644 source4/ntvfs/ntvfs_util.c
 create mode 100644 source4/ntvfs/posix/posix_eadb.c
 create mode 100644 source4/ntvfs/posix/posix_eadb.h
 create mode 100644 source4/ntvfs/posix/pvfs_acl.c
 create mode 100644 source4/ntvfs/posix/pvfs_acl_nfs4.c
 create mode 100644 source4/ntvfs/posix/pvfs_acl_xattr.c
 create mode 100644 source4/ntvfs/posix/pvfs_dirlist.c
 create mode 100644 source4/ntvfs/posix/pvfs_fileinfo.c
 create mode 100644 source4/ntvfs/posix/pvfs_flush.c
 create mode 100644 source4/ntvfs/posix/pvfs_fsinfo.c
 create mode 100644 source4/ntvfs/posix/pvfs_ioctl.c
 create mode 100644 source4/ntvfs/posix/pvfs_lock.c
 create mode 100644 source4/ntvfs/posix/pvfs_mkdir.c
 create mode 100644 source4/ntvfs/posix/pvfs_notify.c
 create mode 100644 source4/ntvfs/posix/pvfs_open.c
 create mode 100644 source4/ntvfs/posix/pvfs_oplock.c
 create mode 100644 source4/ntvfs/posix/pvfs_qfileinfo.c
 create mode 100644 source4/ntvfs/posix/pvfs_read.c
 create mode 100644 source4/ntvfs/posix/pvfs_rename.c
 create mode 100644 source4/ntvfs/posix/pvfs_resolve.c
 create mode 100644 source4/ntvfs/posix/pvfs_search.c
 create mode 100644 source4/ntvfs/posix/pvfs_seek.c
 create mode 100644 source4/ntvfs/posix/pvfs_setfileinfo.c
 create mode 100644 source4/ntvfs/posix/pvfs_shortname.c
 create mode 100644 source4/ntvfs/posix/pvfs_streams.c
 create mode 100644 source4/ntvfs/posix/pvfs_sys.c
 create mode 100644 source4/ntvfs/posix/pvfs_unlink.c
 create mode 100644 source4/ntvfs/posix/pvfs_util.c
 create mode 100644 source4/ntvfs/posix/pvfs_wait.c
 create mode 100644 source4/ntvfs/posix/pvfs_write.c
 create mode 100644 source4/ntvfs/posix/pvfs_xattr.c
 create mode 100644 source4/ntvfs/posix/python/pyposix_eadb.c
 create mode 100644 source4/ntvfs/posix/python/pyxattr_native.c
 create mode 100644 source4/ntvfs/posix/python/pyxattr_tdb.c
 create mode 100644 source4/ntvfs/posix/vfs_posix.c
 create mode 100644 source4/ntvfs/posix/vfs_posix.h
 create mode 100644 source4/ntvfs/posix/wscript_build
 create mode 100644 source4/ntvfs/posix/xattr_system.c
 create mode 100644 source4/ntvfs/simple/README
 create mode 100644 source4/ntvfs/simple/svfs.h
 create mode 100644 source4/ntvfs/simple/svfs_util.c
 create mode 100644 source4/ntvfs/simple/vfs_simple.c
 create mode 100644 source4/ntvfs/sysdep/README
 create mode 100644 source4/ntvfs/sysdep/inotify.c
 create mode 100644 source4/ntvfs/sysdep/sys_lease.c
 create mode 100644 source4/ntvfs/sysdep/sys_lease.h
 create mode 100644 source4/ntvfs/sysdep/sys_lease_linux.c
 create mode 100644 source4/ntvfs/sysdep/sys_notify.c
 create mode 100644 source4/ntvfs/sysdep/sys_notify.h
 create mode 100644 source4/ntvfs/sysdep/wscript_build
 create mode 100644 source4/ntvfs/sysdep/wscript_configure
 create mode 100644 source4/ntvfs/unixuid/vfs_unixuid.c
 create mode 100644 source4/ntvfs/unixuid/wscript_build
 create mode 100644 source4/ntvfs/wscript_build
 create mode 100644 source4/param/loadparm.c
 create mode 100644 source4/param/provision.c
 create mode 100644 source4/param/provision.h
 create mode 100644 source4/param/pyparam.c
 create mode 100644 source4/param/pyparam.h
 create mode 100644 source4/param/pyparam_util.c
 create mode 100644 source4/param/secrets.c
 create mode 100644 source4/param/secrets.h
 create mode 100644 source4/param/share.c
 create mode 100644 source4/param/share.h
 create mode 100644 source4/param/share_classic.c
 create mode 100644 source4/param/tests/loadparm.c
 create mode 100644 source4/param/tests/share.c
 create mode 100644 source4/param/wscript_build
 create mode 100644 source4/rpc_server/backupkey/dcesrv_backupkey.c
 create mode 100644 source4/rpc_server/browser/dcesrv_browser.c
 create mode 100644 source4/rpc_server/common/common.h
 create mode 100644 source4/rpc_server/common/forward.c
 create mode 100644 source4/rpc_server/common/loadparm.c
 create mode 100644 source4/rpc_server/common/server_info.c
 create mode 100644 source4/rpc_server/common/share_info.c
 create mode 100644 source4/rpc_server/dcerpc_server.c
 create mode 100644 source4/rpc_server/dcerpc_server.h
 create mode 100644 source4/rpc_server/dcerpc_server.pc.in
 create mode 100644 source4/rpc_server/dnsserver/dcerpc_dnsserver.c
 create mode 100644 source4/rpc_server/dnsserver/dnsdata.c
 create mode 100644 source4/rpc_server/dnsserver/dnsdb.c
 create mode 100644 source4/rpc_server/dnsserver/dnsserver.h
 create mode 100644 source4/rpc_server/dnsserver/dnsutils.c
 create mode 100644 source4/rpc_server/drsuapi/addentry.c
 create mode 100644 source4/rpc_server/drsuapi/dcesrv_drsuapi.c
 create mode 100644 source4/rpc_server/drsuapi/dcesrv_drsuapi.h
 create mode 100644 source4/rpc_server/drsuapi/drsutil.c
 create mode 100644 source4/rpc_server/drsuapi/getncchanges.c
 create mode 100644 source4/rpc_server/drsuapi/updaterefs.c
 create mode 100644 source4/rpc_server/drsuapi/writespn.c
 create mode 100644 source4/rpc_server/echo/rpc_echo.c
 create mode 100644 source4/rpc_server/epmapper/rpc_epmapper.c
 create mode 100644 source4/rpc_server/eventlog/dcesrv_eventlog6.c
 create mode 100644 source4/rpc_server/lsa/dcesrv_lsa.c
 create mode 100644 source4/rpc_server/lsa/lsa.h
 create mode 100644 source4/rpc_server/lsa/lsa_init.c
 create mode 100644 source4/rpc_server/lsa/lsa_lookup.c
 create mode 100644 source4/rpc_server/netlogon/dcerpc_netlogon.c
 create mode 100644 source4/rpc_server/remote/README
 create mode 100644 source4/rpc_server/remote/dcesrv_remote.c
 create mode 100644 source4/rpc_server/samr/dcesrv_samr.c
 create mode 100644 source4/rpc_server/samr/dcesrv_samr.h
 create mode 100644 source4/rpc_server/samr/samr_password.c
 create mode 100644 source4/rpc_server/service_rpc.c
 create mode 100644 source4/rpc_server/srvsvc/dcesrv_srvsvc.c
 create mode 100644 source4/rpc_server/srvsvc/srvsvc_ntvfs.c
 create mode 100644 source4/rpc_server/tests/rpc_dns_server_dnsutils_test.c
 create mode 100644 source4/rpc_server/unixinfo/dcesrv_unixinfo.c
 create mode 100644 source4/rpc_server/winreg/README
 create mode 100644 source4/rpc_server/winreg/rpc_winreg.c
 create mode 100644 source4/rpc_server/wkssvc/dcesrv_wkssvc.c
 create mode 100644 source4/rpc_server/wscript_build
 create mode 100644 source4/samba/process_model.c
 create mode 100644 source4/samba/process_model.h
 create mode 100644 source4/samba/process_prefork.c
 create mode 100644 source4/samba/process_single.c
 create mode 100644 source4/samba/process_standard.c
 create mode 100644 source4/samba/server.c
 create mode 100644 source4/samba/server_util.c
 create mode 100644 source4/samba/server_util.h
 create mode 100644 source4/samba/service.c
 create mode 100644 source4/samba/service.h
 create mode 100644 source4/samba/service_named_pipe.c
 create mode 100644 source4/samba/service_stream.c
 create mode 100644 source4/samba/service_stream.h
 create mode 100644 source4/samba/service_task.c
 create mode 100644 source4/samba/service_task.h
 create mode 100644 source4/samba/wscript_build
 create mode 100755 source4/script/buildtree.pl
 create mode 100755 source4/script/depfilter.py
 create mode 100755 source4/script/extract_allparms.sh
 create mode 100755 source4/script/find_unused_options.sh
 create mode 100755 source4/script/minimal_includes.pl
 create mode 100755 source4/script/mkproto.pl
 create mode 100755 source4/script/update-proto.pl
 create mode 100755 source4/scripting/bin/enablerecyclebin
 create mode 100755 source4/scripting/bin/findprovisionusnranges
 create mode 100644 source4/scripting/bin/gen_error_common.py
 create mode 100755 source4/scripting/bin/gen_hresult.py
 create mode 100755 source4/scripting/bin/gen_ntstatus.py
 create mode 100755 source4/scripting/bin/gen_output.py
 create mode 100755 source4/scripting/bin/gen_werror.py
 create mode 100755 source4/scripting/bin/gen_wsp_props.py
 create mode 100755 source4/scripting/bin/get-descriptors
 create mode 100755 source4/scripting/bin/ktpass.sh
 create mode 100755 source4/scripting/bin/machineaccountccache
 create mode 100755 source4/scripting/bin/machineaccountpw
 create mode 100755 source4/scripting/bin/nsupdate-gss
 create mode 100755 source4/scripting/bin/rebuildextendeddn
 create mode 100755 source4/scripting/bin/renamedc
 create mode 100755 source4/scripting/bin/samba-gpupdate
 create mode 100755 source4/scripting/bin/samba-tool
 create mode 100755 source4/scripting/bin/samba3dump
 create mode 100755 source4/scripting/bin/samba_dnsupdate
 create mode 100755 source4/scripting/bin/samba_downgrade_db
 create mode 100755 source4/scripting/bin/samba_kcc
 create mode 100755 source4/scripting/bin/samba_spnupdate
 create mode 100755 source4/scripting/bin/samba_upgradedns
 create mode 100755 source4/scripting/bin/samba_upgradeprovision
 create mode 100755 source4/scripting/bin/setup_dns.sh
 create mode 100755 source4/scripting/bin/subunitrun
 create mode 100644 source4/scripting/bin/wscript_build
 create mode 100644 source4/scripting/devel/addlotscontacts
 create mode 100644 source4/scripting/devel/chgkrbtgtpass
 create mode 100755 source4/scripting/devel/chgtdcpass
 create mode 100755 source4/scripting/devel/config_base
 create mode 100755 source4/scripting/devel/crackname
 create mode 100755 source4/scripting/devel/demodirsync.py
 create mode 100644 source4/scripting/devel/drs/fsmo.ldif.template
 create mode 100644 source4/scripting/devel/drs/named.conf.ad.template
 create mode 100755 source4/scripting/devel/drs/revampire_ad.sh
 create mode 100755 source4/scripting/devel/drs/unvampire_ad.sh
 create mode 100755 source4/scripting/devel/drs/vampire_ad.sh
 create mode 100644 source4/scripting/devel/drs/vars
 create mode 100755 source4/scripting/devel/enumprivs
 create mode 100755 source4/scripting/devel/getncchanges
 create mode 100755 source4/scripting/devel/nmfind
 create mode 100755 source4/scripting/devel/pfm_verify.py
 create mode 100755 source4/scripting/devel/rebuild_zone.sh
 create mode 100755 source4/scripting/devel/rodcdns
 create mode 100755 source4/scripting/devel/speedtest.py
 create mode 100755 source4/scripting/devel/tmpfs.sh
 create mode 100644 source4/scripting/devel/watch_servers.sh
 create mode 100644 source4/scripting/man/samba-gpupdate.8.xml
 create mode 100644 source4/scripting/wscript_build
 create mode 100755 source4/selftest/test_samba3dump.sh
 create mode 100755 source4/selftest/test_w2k3.sh
 create mode 100755 source4/selftest/test_w2k3_file.sh
 create mode 100755 source4/selftest/test_win.sh
 create mode 100755 source4/selftest/tests.py
 create mode 100755 source4/selftest/tests_win.sh
 create mode 100755 source4/selftest/tests_win2k3_dc.sh
 create mode 100644 source4/selftest/win/README
 create mode 100644 source4/selftest/win/VMHost.pm
 create mode 100644 source4/selftest/win/common.exp
 create mode 100644 source4/selftest/win/test_win.conf
 create mode 100644 source4/selftest/win/vm_get_ip.pl
 create mode 100644 source4/selftest/win/vm_load_snapshot.pl
 create mode 100755 source4/selftest/win/wintest_2k3_dc.sh
 create mode 100755 source4/selftest/win/wintest_base.sh
 create mode 100644 source4/selftest/win/wintest_client.exp
 create mode 100755 source4/selftest/win/wintest_client.sh
 create mode 100755 source4/selftest/win/wintest_functions.sh
 create mode 100755 source4/selftest/win/wintest_net.sh
 create mode 100755 source4/selftest/win/wintest_raw.sh
 create mode 100644 source4/selftest/win/wintest_remove.exp
 create mode 100755 source4/selftest/win/wintest_rpc.sh
 create mode 100644 source4/selftest/win/wintest_setup.exp
 create mode 100644 source4/setup/ad-schema/AD_DS_Attributes_Windows_Server_v1903.ldf
 create mode 100644 source4/setup/ad-schema/AD_DS_Attributes__Windows_Server_2012_R2.ldf
 create mode 100644 source4/setup/ad-schema/AD_DS_Attributes__Windows_Server_2016.ldf
 create mode 100644 source4/setup/ad-schema/AD_DS_Attributes__Windows_Server_v1803.ldf
 create mode 100644 source4/setup/ad-schema/AD_DS_Classes_Windows_Server_v1903.ldf
 create mode 100644 source4/setup/ad-schema/AD_DS_Classes__Windows_Server_2012_R2.ldf
 create mode 100644 source4/setup/ad-schema/AD_DS_Classes__Windows_Server_2016.ldf
 create mode 100644 source4/setup/ad-schema/AD_DS_Classes__Windows_Server_v1803.ldf
 create mode 100644 source4/setup/ad-schema/Attributes_for_AD_DS__Windows_Server_2008_R2.ldf
 create mode 100644 source4/setup/ad-schema/Attributes_for_AD_DS__Windows_Server_2012.ldf
 create mode 100644 source4/setup/ad-schema/Classes_for_AD_DS__Windows_Server_2008_R2.ldf
 create mode 100644 source4/setup/ad-schema/Classes_for_AD_DS__Windows_Server_2012.ldf
 create mode 100644 source4/setup/ad-schema/MS-AD_Schema_2K8_Attributes.txt
 create mode 100644 source4/setup/ad-schema/MS-AD_Schema_2K8_Classes.txt
 create mode 100644 source4/setup/ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt
 create mode 100644 source4/setup/ad-schema/MS-AD_Schema_2K8_R2_Classes.txt
 create mode 100644 source4/setup/ad-schema/licence.txt
 create mode 100644 source4/setup/adprep/README.txt
 create mode 100644 source4/setup/adprep/WindowsServerDocs/Domain-Wide-Updates.md.unused
 create mode 100644 source4/setup/adprep/WindowsServerDocs/Forest-Wide-Updates.md
 create mode 100644 source4/setup/adprep/WindowsServerDocs/LICENSE
 create mode 100644 source4/setup/adprep/WindowsServerDocs/LICENSE-CODE
 create mode 100644 source4/setup/adprep/WindowsServerDocs/Read-Only-Domain-Controller-Updates.md.unused
 create mode 100644 source4/setup/adprep/WindowsServerDocs/Sch49.ldf.diff
 create mode 100644 source4/setup/adprep/WindowsServerDocs/Sch50.ldf.diff
 create mode 100644 source4/setup/adprep/WindowsServerDocs/Sch51.ldf.diff
 create mode 100644 source4/setup/adprep/WindowsServerDocs/Sch57.ldf.diff
 create mode 100644 source4/setup/adprep/WindowsServerDocs/Sch59.ldf.diff
 create mode 100644 source4/setup/adprep/WindowsServerDocs/Schema-Updates.md
 create mode 100644 source4/setup/adprep/fix-forest-rev.ldf
 create mode 100644 source4/setup/adprep/samba-4.7-missing-for-schema45.ldif
 create mode 100644 source4/setup/aggregate_schema.ldif
 create mode 100644 source4/setup/display-specifiers/DisplaySpecifiers-Win2k0.txt
 create mode 100644 source4/setup/display-specifiers/DisplaySpecifiers-Win2k3.txt
 create mode 100644 source4/setup/display-specifiers/DisplaySpecifiers-Win2k3R2.txt
 create mode 100644 source4/setup/display-specifiers/DisplaySpecifiers-Win2k8.txt
 create mode 100644 source4/setup/display-specifiers/DisplaySpecifiers-Win2k8R2.txt
 create mode 100644 source4/setup/dns_update_list
 create mode 100644 source4/setup/extended-rights.ldif
 create mode 100644 source4/setup/idmap_init.ldif
 create mode 100644 source4/setup/krb5.conf
 create mode 100644 source4/setup/named.conf
 create mode 100644 source4/setup/named.conf.dlz
 create mode 100644 source4/setup/named.conf.update
 create mode 100644 source4/setup/named.txt
 create mode 100644 source4/setup/prefixMap.txt
 create mode 100644 source4/setup/provision.ldif
 create mode 100644 source4/setup/provision.reg
 create mode 100644 source4/setup/provision.zone
 create mode 100644 source4/setup/provision_basedn.ldif
 create mode 100644 source4/setup/provision_basedn_modify.ldif
 create mode 100644 source4/setup/provision_basedn_options.ldif
 create mode 100644 source4/setup/provision_basedn_references.ldif
 create mode 100644 source4/setup/provision_computers_add.ldif
 create mode 100644 source4/setup/provision_computers_modify.ldif
 create mode 100644 source4/setup/provision_configuration.ldif
 create mode 100644 source4/setup/provision_configuration_basedn.ldif
 create mode 100644 source4/setup/provision_configuration_modify.ldif
 create mode 100644 source4/setup/provision_configuration_references.ldif
 create mode 100644 source4/setup/provision_dns_accounts_add.ldif
 create mode 100644 source4/setup/provision_dns_add_samba.ldif
 create mode 100644 source4/setup/provision_dnszones_add.ldif
 create mode 100644 source4/setup/provision_dnszones_modify.ldif
 create mode 100644 source4/setup/provision_dnszones_partitions.ldif
 create mode 100644 source4/setup/provision_group_policy.ldif
 create mode 100644 source4/setup/provision_init.ldif
 create mode 100644 source4/setup/provision_partitions.ldif
 create mode 100644 source4/setup/provision_privilege.ldif
 create mode 100644 source4/setup/provision_rootdse_add.ldif
 create mode 100644 source4/setup/provision_rootdse_modify.ldif
 create mode 100644 source4/setup/provision_schema_basedn.ldif
 create mode 100644 source4/setup/provision_schema_basedn_modify.ldif
 create mode 100644 source4/setup/provision_self_join.ldif
 create mode 100644 source4/setup/provision_self_join_config.ldif
 create mode 100644 source4/setup/provision_self_join_modify.ldif
 create mode 100644 source4/setup/provision_self_join_modify_config.ldif
 create mode 100644 source4/setup/provision_self_join_modify_schema.ldif
 create mode 100644 source4/setup/provision_users.ldif
 create mode 100644 source4/setup/provision_users_add.ldif
 create mode 100644 source4/setup/provision_users_modify.ldif
 create mode 100644 source4/setup/provision_well_known_sec_princ.ldif
 create mode 100644 source4/setup/schema_samba4.ldif
 create mode 100644 source4/setup/secrets.ldif
 create mode 100644 source4/setup/secrets_dns.ldif
 create mode 100644 source4/setup/secrets_init.ldif
 create mode 100644 source4/setup/share.ldif
 create mode 100644 source4/setup/spn_update_list
 create mode 100755 source4/setup/tests/blackbox_group.sh
 create mode 100755 source4/setup/tests/blackbox_newuser.sh
 create mode 100755 source4/setup/tests/blackbox_provision.sh
 create mode 100755 source4/setup/tests/blackbox_s3upgrade.sh
 create mode 100755 source4/setup/tests/blackbox_setpassword.sh
 create mode 100755 source4/setup/tests/blackbox_spn.sh
 create mode 100755 source4/setup/tests/blackbox_start_backup.sh
 create mode 100755 source4/setup/tests/blackbox_supported_features.sh
 create mode 100755 source4/setup/tests/blackbox_upgradeprovision.sh
 create mode 100755 source4/setup/tests/provision_fileperms.sh
 create mode 100644 source4/setup/wscript_build
 create mode 100644 source4/setup/ypServ30.ldif
 create mode 100644 source4/smb_server/blob.c
 create mode 100644 source4/smb_server/handle.c
 create mode 100644 source4/smb_server/management.c
 create mode 100644 source4/smb_server/service_smb.c
 create mode 100644 source4/smb_server/session.c
 create mode 100644 source4/smb_server/smb/negprot.c
 create mode 100644 source4/smb_server/smb/nttrans.c
 create mode 100644 source4/smb_server/smb/receive.c
 create mode 100644 source4/smb_server/smb/reply.c
 create mode 100644 source4/smb_server/smb/request.c
 create mode 100644 source4/smb_server/smb/search.c
 create mode 100644 source4/smb_server/smb/service.c
 create mode 100644 source4/smb_server/smb/sesssetup.c
 create mode 100644 source4/smb_server/smb/signing.c
 create mode 100644 source4/smb_server/smb/srvtime.c
 create mode 100644 source4/smb_server/smb/trans2.c
 create mode 100644 source4/smb_server/smb/wscript_build
 create mode 100644 source4/smb_server/smb2/fileinfo.c
 create mode 100644 source4/smb_server/smb2/fileio.c
 create mode 100644 source4/smb_server/smb2/find.c
 create mode 100644 source4/smb_server/smb2/keepalive.c
 create mode 100644 source4/smb_server/smb2/negprot.c
 create mode 100644 source4/smb_server/smb2/receive.c
 create mode 100644 source4/smb_server/smb2/sesssetup.c
 create mode 100644 source4/smb_server/smb2/smb2_server.h
 create mode 100644 source4/smb_server/smb2/tcon.c
 create mode 100644 source4/smb_server/smb2/wscript_build
 create mode 100644 source4/smb_server/smb_server.c
 create mode 100644 source4/smb_server/smb_server.h
 create mode 100644 source4/smb_server/tcon.c
 create mode 100644 source4/smb_server/wscript_build
 create mode 100644 source4/torture/auth/ntlmssp.c
 create mode 100644 source4/torture/auth/pac.c
 create mode 100644 source4/torture/auth/smbencrypt.c
 create mode 100644 source4/torture/basic/aliases.c
 create mode 100644 source4/torture/basic/attr.c
 create mode 100644 source4/torture/basic/base.c
 create mode 100644 source4/torture/basic/charset.c
 create mode 100644 source4/torture/basic/cxd_known.h
 create mode 100644 source4/torture/basic/delaywrite.c
 create mode 100644 source4/torture/basic/delete.c
 create mode 100644 source4/torture/basic/denytest.c
 create mode 100644 source4/torture/basic/dir.c
 create mode 100644 source4/torture/basic/disconnect.c
 create mode 100644 source4/torture/basic/locking.c
 create mode 100644 source4/torture/basic/mangle_test.c
 create mode 100644 source4/torture/basic/misc.c
 create mode 100644 source4/torture/basic/properties.c
 create mode 100644 source4/torture/basic/rename.c
 create mode 100644 source4/torture/basic/scanner.c
 create mode 100644 source4/torture/basic/secleak.c
 create mode 100644 source4/torture/basic/unlink.c
 create mode 100644 source4/torture/basic/utable.c
 create mode 100644 source4/torture/dfs/common.c
 create mode 100644 source4/torture/dfs/domaindfs.c
 create mode 100644 source4/torture/dns/dlz_bind9.c
 create mode 100644 source4/torture/dns/internal_dns.c
 create mode 100644 source4/torture/dns/wscript_build
 create mode 100644 source4/torture/drs/drs_init.c
 create mode 100644 source4/torture/drs/drs_util.c
 create mode 100644 source4/torture/drs/python/cracknames.py
 create mode 100644 source4/torture/drs/python/delete_object.py
 create mode 100644 source4/torture/drs/python/drs_base.py
 create mode 100644 source4/torture/drs/python/fsmo.py
 create mode 100644 source4/torture/drs/python/getnc_exop.py
 create mode 100644 source4/torture/drs/python/getnc_schema.py
 create mode 100644 source4/torture/drs/python/getnc_unpriv.py
 create mode 100644 source4/torture/drs/python/getncchanges.py
 create mode 100644 source4/torture/drs/python/link_conflicts.py
 create mode 100644 source4/torture/drs/python/linked_attributes_drs.py
 create mode 100644 source4/torture/drs/python/repl_move.py
 create mode 100644 source4/torture/drs/python/repl_rodc.py
 create mode 100644 source4/torture/drs/python/repl_schema.py
 create mode 100644 source4/torture/drs/python/repl_secdesc.py
 create mode 100644 source4/torture/drs/python/replica_sync.py
 create mode 100644 source4/torture/drs/python/replica_sync_rodc.py
 create mode 100644 source4/torture/drs/python/ridalloc_exop.py
 create mode 100644 source4/torture/drs/python/samba_tool_drs.py
 create mode 100644 source4/torture/drs/python/samba_tool_drs_critical.py
 create mode 100644 source4/torture/drs/python/samba_tool_drs_no_dns.py
 create mode 100644 source4/torture/drs/python/samba_tool_drs_showrepl.py
 create mode 100644 source4/torture/drs/rpc/dssync.c
 create mode 100644 source4/torture/drs/rpc/msds_intid.c
 create mode 100644 source4/torture/drs/unit/prefixmap_tests.c
 create mode 100644 source4/torture/drs/unit/schemainfo_tests.c
 create mode 100644 source4/torture/drs/wscript_build
 create mode 100644 source4/torture/gentest.c
 create mode 100644 source4/torture/gpo/apply.c
 create mode 100644 source4/torture/gpo/gpo.c
 create mode 100644 source4/torture/gpo/wscript_build
 create mode 100644 source4/torture/krb5/kdc-canon-heimdal.c
 create mode 100644 source4/torture/krb5/kdc-heimdal.c
 create mode 100644 source4/torture/krb5/kdc-mit.c
 create mode 100644 source4/torture/krb5/wscript_build
 create mode 100644 source4/torture/ldap/basic.c
 create mode 100644 source4/torture/ldap/cldap.c
 create mode 100644 source4/torture/ldap/cldapbench.c
 create mode 100644 source4/torture/ldap/common.c
 create mode 100644 source4/torture/ldap/ldap_sort.c
 create mode 100644 source4/torture/ldap/nested_search.c
 create mode 100644 source4/torture/ldap/netlogon.c
 create mode 100644 source4/torture/ldap/schema.c
 create mode 100644 source4/torture/ldap/session_expiry.c
 create mode 100644 source4/torture/ldap/uptodatevector.c
 create mode 100644 source4/torture/ldb/ldb.c
 create mode 100644 source4/torture/libnet/domain.c
 create mode 100644 source4/torture/libnet/groupinfo.c
 create mode 100644 source4/torture/libnet/groupman.c
 create mode 100644 source4/torture/libnet/grouptest.h
 create mode 100644 source4/torture/libnet/libnet.c
 create mode 100644 source4/torture/libnet/libnet_BecomeDC.c
 create mode 100644 source4/torture/libnet/libnet_domain.c
 create mode 100644 source4/torture/libnet/libnet_group.c
 create mode 100644 source4/torture/libnet/libnet_lookup.c
 create mode 100644 source4/torture/libnet/libnet_rpc.c
 create mode 100644 source4/torture/libnet/libnet_share.c
 create mode 100644 source4/torture/libnet/libnet_user.c
 create mode 100644 source4/torture/libnet/python/samr-test.py
 create mode 100644 source4/torture/libnet/userinfo.c
 create mode 100644 source4/torture/libnet/userman.c
 create mode 100644 source4/torture/libnet/usertest.h
 create mode 100644 source4/torture/libnet/utils.c
 create mode 100644 source4/torture/libnetapi/libnetapi.c
 create mode 100644 source4/torture/libnetapi/libnetapi_group.c
 create mode 100644 source4/torture/libnetapi/libnetapi_server.c
 create mode 100644 source4/torture/libnetapi/libnetapi_user.c
 create mode 100644 source4/torture/libnetapi/wscript_build
 create mode 100644 source4/torture/libsmbclient/libsmbclient.c
 create mode 100644 source4/torture/libsmbclient/wscript_build
 create mode 100644 source4/torture/local/dbspeed.c
 create mode 100644 source4/torture/local/fsrvp_state.c
 create mode 100644 source4/torture/local/local.c
 create mode 100644 source4/torture/local/mdspkt.c
 create mode 100644 source4/torture/local/nss_tests.c
 create mode 100644 source4/torture/local/smbtorture_fullname.c
 create mode 100644 source4/torture/local/torture.c
 create mode 100644 source4/torture/local/verif_trailer.c
 create mode 100644 source4/torture/local/wscript_build
 create mode 100644 source4/torture/locktest.c
 create mode 100644 source4/torture/man/gentest.1.xml
 create mode 100644 source4/torture/man/locktest.1.xml
 create mode 100644 source4/torture/man/masktest.1.xml
 create mode 100644 source4/torture/man/smbtorture.1.xml
 create mode 100644 source4/torture/masktest.c
 create mode 100644 source4/torture/nbench/nbench.c
 create mode 100644 source4/torture/nbench/nbio.c
 create mode 100644 source4/torture/nbt/dgram.c
 create mode 100644 source4/torture/nbt/nbt.c
 create mode 100644 source4/torture/nbt/query.c
 create mode 100644 source4/torture/nbt/register.c
 create mode 100644 source4/torture/nbt/wins.c
 create mode 100644 source4/torture/nbt/winsbench.c
 create mode 100644 source4/torture/nbt/winsreplication.c
 create mode 100644 source4/torture/ndr/README
 create mode 100644 source4/torture/ndr/atsvc.c
 create mode 100644 source4/torture/ndr/backupkey.c
 create mode 100644 source4/torture/ndr/cabinet.c
 create mode 100644 source4/torture/ndr/charset.c
 create mode 100644 source4/torture/ndr/clusapi.c
 create mode 100644 source4/torture/ndr/dcerpc.c
 create mode 100644 source4/torture/ndr/dfs.c
 create mode 100644 source4/torture/ndr/dfsblob.c
 create mode 100644 source4/torture/ndr/dnsp.c
 create mode 100644 source4/torture/ndr/drsblobs.c
 create mode 100644 source4/torture/ndr/drsuapi.c
 create mode 100644 source4/torture/ndr/epmap.c
 create mode 100644 source4/torture/ndr/krb5pac.c
 create mode 100644 source4/torture/ndr/lsa.c
 create mode 100644 source4/torture/ndr/nbt.c
 create mode 100644 source4/torture/ndr/ndr.c
 create mode 100644 source4/torture/ndr/ndr.h
 create mode 100644 source4/torture/ndr/negoex.c
 create mode 100644 source4/torture/ndr/netlogon.c
 create mode 100644 source4/torture/ndr/ntlmssp.c
 create mode 100644 source4/torture/ndr/ntprinting.c
 create mode 100644 source4/torture/ndr/odj.c
 create mode 100644 source4/torture/ndr/samr.c
 create mode 100644 source4/torture/ndr/spoolss.c
 create mode 100644 source4/torture/ndr/string.c
 create mode 100644 source4/torture/ndr/svcctl.c
 create mode 100644 source4/torture/ndr/winreg.c
 create mode 100644 source4/torture/ndr/winspool.c
 create mode 100644 source4/torture/ndr/witness.c
 create mode 100644 source4/torture/ntp/ntp_signd.c
 create mode 100644 source4/torture/rap/printing.c
 create mode 100644 source4/torture/rap/rap.c
 create mode 100644 source4/torture/rap/rpc.c
 create mode 100644 source4/torture/rap/sam.c
 create mode 100644 source4/torture/raw/acls.c
 create mode 100644 source4/torture/raw/chkpath.c
 create mode 100644 source4/torture/raw/close.c
 create mode 100644 source4/torture/raw/composite.c
 create mode 100644 source4/torture/raw/context.c
 create mode 100644 source4/torture/raw/eas.c
 create mode 100644 source4/torture/raw/ioctl.c
 create mode 100644 source4/torture/raw/lock.c
 create mode 100644 source4/torture/raw/lockbench.c
 create mode 100644 source4/torture/raw/lookuprate.c
 create mode 100644 source4/torture/raw/missing.txt
 create mode 100644 source4/torture/raw/mkdir.c
 create mode 100644 source4/torture/raw/mux.c
 create mode 100644 source4/torture/raw/notify.c
 create mode 100644 source4/torture/raw/offline.c
 create mode 100644 source4/torture/raw/open.c
 create mode 100644 source4/torture/raw/openbench.c
 create mode 100644 source4/torture/raw/oplock.c
 create mode 100644 source4/torture/raw/pingpong.c
 create mode 100644 source4/torture/raw/qfileinfo.c
 create mode 100644 source4/torture/raw/qfsinfo.c
 create mode 100644 source4/torture/raw/raw.c
 create mode 100644 source4/torture/raw/read.c
 create mode 100644 source4/torture/raw/rename.c
 create mode 100644 source4/torture/raw/samba3hide.c
 create mode 100644 source4/torture/raw/samba3misc.c
 create mode 100644 source4/torture/raw/search.c
 create mode 100644 source4/torture/raw/seek.c
 create mode 100644 source4/torture/raw/session.c
 create mode 100644 source4/torture/raw/setfileinfo.c
 create mode 100644 source4/torture/raw/streams.c
 create mode 100644 source4/torture/raw/tconrate.c
 create mode 100644 source4/torture/raw/unlink.c
 create mode 100644 source4/torture/raw/write.c
 create mode 100644 source4/torture/rpc/alter_context.c
 create mode 100644 source4/torture/rpc/async_bind.c
 create mode 100644 source4/torture/rpc/atsvc.c
 create mode 100644 source4/torture/rpc/backupkey.c
 create mode 100644 source4/torture/rpc/bench.c
 create mode 100644 source4/torture/rpc/bind.c
 create mode 100644 source4/torture/rpc/browser.c
 create mode 100644 source4/torture/rpc/clusapi.c
 create mode 100644 source4/torture/rpc/countcalls.c
 create mode 100644 source4/torture/rpc/dfs.c
 create mode 100644 source4/torture/rpc/drsuapi.c
 create mode 100644 source4/torture/rpc/drsuapi.h
 create mode 100644 source4/torture/rpc/drsuapi_cracknames.c
 create mode 100644 source4/torture/rpc/drsuapi_w2k8.c
 create mode 100644 source4/torture/rpc/dsgetinfo.c
 create mode 100644 source4/torture/rpc/dssetup.c
 create mode 100644 source4/torture/rpc/echo.c
 create mode 100644 source4/torture/rpc/epmapper.c
 create mode 100644 source4/torture/rpc/eventlog.c
 create mode 100644 source4/torture/rpc/forest_trust.c
 create mode 100644 source4/torture/rpc/frsapi.c
 create mode 100644 source4/torture/rpc/fsrvp.c
 create mode 100644 source4/torture/rpc/handles.c
 create mode 100644 source4/torture/rpc/initshutdown.c
 create mode 100644 source4/torture/rpc/iremotewinspool.c
 create mode 100644 source4/torture/rpc/iremotewinspool_common.c
 create mode 100644 source4/torture/rpc/iremotewinspool_common.h
 create mode 100644 source4/torture/rpc/iremotewinspool_driver.c
 create mode 100644 source4/torture/rpc/join.c
 create mode 100644 source4/torture/rpc/lsa.c
 create mode 100644 source4/torture/rpc/lsa_lookup.c
 create mode 100644 source4/torture/rpc/mdssvc.c
 create mode 100644 source4/torture/rpc/mgmt.c
 create mode 100644 source4/torture/rpc/netlogon.c
 create mode 100644 source4/torture/rpc/netlogon.h
 create mode 100644 source4/torture/rpc/netlogon_crypto.c
 create mode 100644 source4/torture/rpc/ntsvcs.c
 create mode 100644 source4/torture/rpc/object_uuid.c
 create mode 100644 source4/torture/rpc/remote_pac.c
 create mode 100644 source4/torture/rpc/rpc.c
 create mode 100644 source4/torture/rpc/samba3rpc.c
 create mode 100644 source4/torture/rpc/samlogon.c
 create mode 100644 source4/torture/rpc/samr.c
 create mode 100644 source4/torture/rpc/samr_accessmask.c
 create mode 100644 source4/torture/rpc/samr_handletype.c
 create mode 100644 source4/torture/rpc/samr_priv.c
 create mode 100644 source4/torture/rpc/samsync.c
 create mode 100644 source4/torture/rpc/scanner.c
 create mode 100644 source4/torture/rpc/schannel.c
 create mode 100644 source4/torture/rpc/session_key.c
 create mode 100644 source4/torture/rpc/spoolss.c
 create mode 100644 source4/torture/rpc/spoolss_access.c
 create mode 100644 source4/torture/rpc/spoolss_notify.c
 create mode 100644 source4/torture/rpc/spoolss_win.c
 create mode 100644 source4/torture/rpc/srvsvc.c
 create mode 100644 source4/torture/rpc/svcctl.c
 create mode 100644 source4/torture/rpc/testjoin.c
 create mode 100644 source4/torture/rpc/torture_rpc.h
 create mode 100644 source4/torture/rpc/unixinfo.c
 create mode 100644 source4/torture/rpc/winreg.c
 create mode 100644 source4/torture/rpc/witness.c
 create mode 100644 source4/torture/rpc/wkssvc.c
 create mode 100644 source4/torture/shell.c
 create mode 100644 source4/torture/smb2/acls.c
 create mode 100644 source4/torture/smb2/attr.c
 create mode 100644 source4/torture/smb2/bench.c
 create mode 100644 source4/torture/smb2/block.c
 create mode 100644 source4/torture/smb2/block.h
 create mode 100644 source4/torture/smb2/charset.c
 create mode 100644 source4/torture/smb2/compound.c
 create mode 100644 source4/torture/smb2/connect.c
 create mode 100644 source4/torture/smb2/create.c
 create mode 100644 source4/torture/smb2/credits.c
 create mode 100644 source4/torture/smb2/delete-on-close.c
 create mode 100644 source4/torture/smb2/deny.c
 create mode 100644 source4/torture/smb2/dir.c
 create mode 100644 source4/torture/smb2/dosmode.c
 create mode 100644 source4/torture/smb2/durable_open.c
 create mode 100644 source4/torture/smb2/durable_v2_open.c
 create mode 100644 source4/torture/smb2/ea.c
 create mode 100644 source4/torture/smb2/getinfo.c
 create mode 100644 source4/torture/smb2/ioctl.c
 create mode 100644 source4/torture/smb2/lease.c
 create mode 100644 source4/torture/smb2/lease_break_handler.c
 create mode 100644 source4/torture/smb2/lease_break_handler.h
 create mode 100644 source4/torture/smb2/lock.c
 create mode 100644 source4/torture/smb2/mangle.c
 create mode 100644 source4/torture/smb2/max_allowed.c
 create mode 100644 source4/torture/smb2/maxfid.c
 create mode 100644 source4/torture/smb2/maxwrite.c
 create mode 100644 source4/torture/smb2/mkdir.c
 create mode 100644 source4/torture/smb2/multichannel.c
 create mode 100644 source4/torture/smb2/notify.c
 create mode 100644 source4/torture/smb2/notify_disabled.c
 create mode 100644 source4/torture/smb2/oplock.c
 create mode 100644 source4/torture/smb2/oplock_break_handler.c
 create mode 100644 source4/torture/smb2/oplock_break_handler.h
 create mode 100644 source4/torture/smb2/read.c
 create mode 100644 source4/torture/smb2/read_write.c
 create mode 100644 source4/torture/smb2/rename.c
 create mode 100644 source4/torture/smb2/replay.c
 create mode 100644 source4/torture/smb2/samba3misc.c
 create mode 100644 source4/torture/smb2/scan.c
 create mode 100644 source4/torture/smb2/secleak.c
 create mode 100644 source4/torture/smb2/sessid.c
 create mode 100644 source4/torture/smb2/session.c
 create mode 100644 source4/torture/smb2/setinfo.c
 create mode 100644 source4/torture/smb2/sharemode.c
 create mode 100644 source4/torture/smb2/smb2.c
 create mode 100644 source4/torture/smb2/streams.c
 create mode 100644 source4/torture/smb2/tcon.c
 create mode 100644 source4/torture/smb2/timestamps.c
 create mode 100644 source4/torture/smb2/util.c
 create mode 100644 source4/torture/smb2/wscript_build
 create mode 100644 source4/torture/smbtorture.c
 create mode 100644 source4/torture/smbtorture.h
 create mode 100755 source4/torture/tests/test_gentest.sh
 create mode 100755 source4/torture/tests/test_locktest.sh
 create mode 100755 source4/torture/tests/test_masktest.sh
 create mode 100644 source4/torture/torture.c
 create mode 100644 source4/torture/unix/unix.c
 create mode 100644 source4/torture/unix/unix_info2.c
 create mode 100644 source4/torture/unix/whoami.c
 create mode 100644 source4/torture/util.h
 create mode 100644 source4/torture/util_smb.c
 create mode 100644 source4/torture/vfs/acl_xattr.c
 create mode 100644 source4/torture/vfs/fruit.c
 create mode 100644 source4/torture/vfs/vfs.c
 create mode 100644 source4/torture/winbind/struct_based.c
 create mode 100644 source4/torture/winbind/winbind.c
 create mode 100644 source4/torture/winbind/wscript_build
 create mode 100644 source4/torture/wscript_build
 create mode 100644 source4/utils/oLschema2ldif/lib.c
 create mode 100644 source4/utils/oLschema2ldif/lib.h
 create mode 100644 source4/utils/oLschema2ldif/main.c
 create mode 100644 source4/utils/oLschema2ldif/oLschema2ldif.1.xml
 create mode 100644 source4/utils/oLschema2ldif/test.c
 create mode 100644 source4/utils/oLschema2ldif/wscript_build
 create mode 100755 source4/utils/tests/test_nmblookup.sh
 create mode 100755 source4/utils/tests/test_samba_tool.sh
 create mode 100755 source4/utils/tests/test_smbclient.sh
 create mode 100644 source4/winbind/idmap.c
 create mode 100644 source4/winbind/idmap.h
 create mode 100644 source4/winbind/winbindd.c
 create mode 100644 source4/winbind/wscript_build
 create mode 100644 source4/wrepl_server/wrepl_apply_records.c
 create mode 100644 source4/wrepl_server/wrepl_in_call.c
 create mode 100644 source4/wrepl_server/wrepl_in_connection.c
 create mode 100644 source4/wrepl_server/wrepl_out_helpers.c
 create mode 100644 source4/wrepl_server/wrepl_out_helpers.h
 create mode 100644 source4/wrepl_server/wrepl_out_pull.c
 create mode 100644 source4/wrepl_server/wrepl_out_push.c
 create mode 100644 source4/wrepl_server/wrepl_periodic.c
 create mode 100644 source4/wrepl_server/wrepl_scavenging.c
 create mode 100644 source4/wrepl_server/wrepl_server.c
 create mode 100644 source4/wrepl_server/wrepl_server.h
 create mode 100644 source4/wrepl_server/wscript_build
 create mode 100644 source4/wscript_build

(limited to 'source4')

diff --git a/source4/.clang_complete b/source4/.clang_complete
new file mode 100644
index 0000000..bfaf852
--- /dev/null
+++ b/source4/.clang_complete
@@ -0,0 +1,10 @@
+-I../bin/default
+-I../bin/default/include
+-I../bin/default/include/public/
+-I../bin/default/source4
+-I../lib
+-I../lib/popt
+-I../lib/replace
+-I..
+-I./include
+-I.
diff --git a/source4/.valgrind_suppressions b/source4/.valgrind_suppressions
new file mode 100644
index 0000000..bf19027
--- /dev/null
+++ b/source4/.valgrind_suppressions
@@ -0,0 +1,147 @@
+# add valgrind suppressions for the build farm here. Get the format
+# from the build farm log
+
+{
+   samba_dlopen1
+   Memcheck:Cond
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/tls/libc-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   fun:_dl_open
+}
+
+{
+   samba_dlopen2
+   Memcheck:Cond
+   obj:/lib/ld-2.3.6.so
+   fun:_dl_open
+}
+
+{
+   samba_dlopen3
+   Memcheck:Addr4
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/tls/libc-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   fun:_dl_open
+}
+
+{
+   samba_dlopen4
+   Memcheck:Cond
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/tls/libc-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   fun:_dl_open
+ }
+
+{
+   samba_dlopen5
+   Memcheck:Addr4
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/tls/libc-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   fun:_dl_open
+}
+
+{
+   samba_dlopen6
+   Memcheck:Cond
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/tls/libc-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   fun:_dl_open
+}
+
+{
+   samba_dlopen7
+   Memcheck:Addr4
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/tls/libc-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   fun:_dl_open
+}						
+
+{
+   samba_libc_dlsym1
+   Memcheck:Addr4
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/tls/libc-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   fun:__libc_dlsym
+}
+
+#
+# Tests from valgrind-python.supp (distributed with python):
+# 
+# These try and suppress these errors
+#
+
+# all tool names: Addrcheck,Memcheck,cachegrind,helgrind,massif
+{
+   ADDRESS_IN_RANGE/Invalid read of size 4
+   Memcheck:Addr4
+   fun:Py_ADDRESS_IN_RANGE
+}
+
+{
+   ADDRESS_IN_RANGE/Invalid read of size 4
+   Memcheck:Value4
+   fun:Py_ADDRESS_IN_RANGE
+}
+
+{
+   ADDRESS_IN_RANGE/Invalid read of size 8 (x86_64 aka amd64)
+   Memcheck:Value8
+   fun:Py_ADDRESS_IN_RANGE
+}
+
+{
+   ADDRESS_IN_RANGE/Conditional jump or move depends on uninitialised value
+   Memcheck:Cond
+   fun:Py_ADDRESS_IN_RANGE
+}
+
+#
+# Leaks (including possible leaks)
+#    Hmmm, I wonder if this masks some real leaks.  I think it does.
+#    Will need to fix that.
+#
+
+{
+   Handle PyMalloc confusing valgrind (possibly leaked)
+   Memcheck:Leak
+   fun:realloc
+   fun:_PyObject_GC_Resize
+   fun:COMMENT_THIS_LINE_TO_DISABLE_LEAK_WARNING
+}
+
+{
+   Handle PyMalloc confusing valgrind (possibly leaked)
+   Memcheck:Leak
+   fun:malloc
+   fun:_PyObject_GC_New
+   fun:COMMENT_THIS_LINE_TO_DISABLE_LEAK_WARNING
+}
+
+{
+   Handle PyMalloc confusing valgrind (possibly leaked)
+   Memcheck:Leak
+   fun:malloc
+   fun:_PyObject_GC_NewVar
+   fun:COMMENT_THIS_LINE_TO_DISABLE_LEAK_WARNING
+}
+
diff --git a/source4/auth/auth.h b/source4/auth/auth.h
new file mode 100644
index 0000000..1ea4f11
--- /dev/null
+++ b/source4/auth/auth.h
@@ -0,0 +1,215 @@
+/*
+   Unix SMB/CIFS implementation.
+   Standardised Authentication types
+   Copyright (C) Andrew Bartlett   2001
+   Copyright (C) Stefan Metzmacher 2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _SAMBA_AUTH_H
+#define _SAMBA_AUTH_H
+
+#include "librpc/gen_ndr/ndr_krb5pac.h"
+#include "librpc/gen_ndr/auth.h"
+#include "../auth/common_auth.h"
+
+extern const char *krbtgt_attrs[];
+extern const char *server_attrs[];
+extern const char *user_attrs[];
+
+union netr_Validation;
+struct netr_SamBaseInfo;
+struct netr_SamInfo3;
+struct loadparm_context;
+
+/* modules can use the following to determine if the interface has changed
+ * please increment the version number after each interface change
+ * with a comment and maybe update struct auth_critical_sizes.
+ */
+/* version 1 - version from samba 3.0 - metze */
+/* version 2 - initial samba4 version - metze */
+/* version 3 - subsequent samba4 version - abartlet */
+/* version 4 - subsequent samba4 version - metze */
+/* version 0 - till samba4 is stable - metze */
+#define AUTH4_INTERFACE_VERSION 0
+
+struct auth_method_context;
+struct auth4_context;
+struct auth_session_info;
+struct ldb_dn;
+struct smb_krb5_context;
+
+struct auth_operations {
+	const char *name;
+
+	/* Given the user supplied info, check if this backend want to handle the password checking */
+
+	NTSTATUS (*want_check)(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx,
+			       const struct auth_usersupplied_info *user_info);
+
+	/* Given the user supplied info, check a password */
+
+	struct tevent_req *(*check_password_send)(TALLOC_CTX *mem_ctx,
+				struct tevent_context *ev,
+				struct auth_method_context *ctx,
+				const struct auth_usersupplied_info *user_info);
+	NTSTATUS (*check_password_recv)(struct tevent_req *subreq,
+				TALLOC_CTX *mem_ctx,
+				struct auth_user_info_dc **interim_info,
+				const struct authn_audit_info **client_audit_info,
+				const struct authn_audit_info **server_audit_info,
+				bool *authoritative);
+};
+
+struct auth_method_context {
+	struct auth_method_context *prev, *next;
+	struct auth4_context *auth_ctx;
+	const struct auth_operations *ops;
+	int depth;
+	void *private_data;
+};
+
+/* this structure is used by backends to determine the size of some critical types */
+struct auth_critical_sizes {
+	int interface_version;
+	int sizeof_auth_operations;
+	int sizeof_auth_methods;
+	int sizeof_auth_context;
+	int sizeof_auth_usersupplied_info;
+	int sizeof_auth_user_info_dc;
+};
+
+ NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth4_context *auth_context,
+			   enum auth_password_state to_state,
+			   const struct auth_usersupplied_info *user_info_in,
+			   const struct auth_usersupplied_info **user_info_encrypted);
+
+#include "auth/session.h"
+#include "auth/unix_token_proto.h"
+#include "auth/system_session_proto.h"
+#include "libcli/security/security.h"
+
+struct ldb_message;
+struct ldb_context;
+struct gensec_security;
+struct cli_credentials;
+
+NTSTATUS auth_get_challenge(struct auth4_context *auth_ctx, uint8_t chal[8]);
+NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx,
+			    struct ldb_context *sam_ctx,
+			    uint32_t logon_parameters,
+			    struct ldb_dn *domain_dn,
+			    struct ldb_message *msg,
+			    const char *logon_workstation,
+			    const char *name_for_logs,
+			    bool allow_domain_trust,
+			    bool password_change);
+
+struct auth_session_info *system_session(struct loadparm_context *lp_ctx);
+NTSTATUS authsam_make_user_info_dc(TALLOC_CTX *mem_ctx, struct ldb_context *sam_ctx,
+					   const char *netbios_name,
+					   const char *domain_name,
+					   const char *dns_domain_name,
+					   struct ldb_dn *domain_dn,
+					   const struct ldb_message *msg,
+					   DATA_BLOB user_sess_key, DATA_BLOB lm_sess_key,
+				  struct auth_user_info_dc **_user_info_dc);
+NTSTATUS authsam_update_user_info_dc(TALLOC_CTX *mem_ctx,
+			struct ldb_context *sam_ctx,
+			struct auth_user_info_dc *user_info_dc);
+NTSTATUS authsam_shallow_copy_user_info_dc(TALLOC_CTX *mem_ctx,
+					   const struct auth_user_info_dc *user_info_dc_in,
+					   struct auth_user_info_dc **user_info_dc_out);
+NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx,
+					   struct loadparm_context *lp_ctx,
+					   struct auth_session_info **_session_info) ;
+
+NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char * const *methods,
+				     struct tevent_context *ev,
+				     struct imessaging_context *msg,
+				     struct loadparm_context *lp_ctx,
+				     struct ldb_context *sam_ctx,
+				     struct auth4_context **auth_ctx);
+const char **auth_methods_from_lp(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx);
+
+NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx,
+			     struct tevent_context *ev,
+			     struct imessaging_context *msg,
+			     struct loadparm_context *lp_ctx,
+			     struct auth4_context **auth_ctx);
+NTSTATUS auth_context_create_for_netlogon(TALLOC_CTX *mem_ctx,
+					  struct tevent_context *ev,
+					  struct imessaging_context *msg,
+					  struct loadparm_context *lp_ctx,
+					  struct auth4_context **auth_ctx);
+
+NTSTATUS auth_check_password(struct auth4_context *auth_ctx,
+			     TALLOC_CTX *mem_ctx,
+			     const struct auth_usersupplied_info *user_info, 
+			     struct auth_user_info_dc **user_info_dc,
+			     uint8_t *pauthoritative);
+NTSTATUS auth4_init(void);
+NTSTATUS auth_register(TALLOC_CTX *mem_ctx, const struct auth_operations *ops);
+NTSTATUS server_service_auth_init(TALLOC_CTX *ctx);
+struct tevent_req *authenticate_ldap_simple_bind_send(TALLOC_CTX *mem_ctx,
+					struct tevent_context *ev,
+					struct imessaging_context *msg,
+					struct loadparm_context *lp_ctx,
+					struct tsocket_address *remote_address,
+					struct tsocket_address *local_address,
+					bool using_tls,
+					const char *dn,
+					const char *password);
+NTSTATUS authenticate_ldap_simple_bind_recv(struct tevent_req *req,
+					TALLOC_CTX *mem_ctx,
+					struct auth_session_info **session_info);
+NTSTATUS authenticate_ldap_simple_bind(TALLOC_CTX *mem_ctx,
+				       struct tevent_context *ev,
+				       struct imessaging_context *msg,
+				       struct loadparm_context *lp_ctx,
+				       struct tsocket_address *remote_address,
+				       struct tsocket_address *local_address,
+				       bool using_tls,
+				       const char *dn,
+				       const char *password,
+				       struct auth_session_info **session_info);
+
+struct tevent_req *auth_check_password_send(TALLOC_CTX *mem_ctx,
+					    struct tevent_context *ev,
+					    struct auth4_context *auth_ctx,
+					    const struct auth_usersupplied_info *user_info);
+NTSTATUS auth_check_password_recv(struct tevent_req *req,
+				  TALLOC_CTX *mem_ctx,
+				  struct auth_user_info_dc **user_info_dc,
+				  uint8_t *pauthoritative);
+
+NTSTATUS auth_context_set_challenge(struct auth4_context *auth_ctx, const uint8_t chal[8], const char *set_by);
+
+NTSTATUS samba_server_gensec_start(TALLOC_CTX *mem_ctx,
+				   struct tevent_context *event_ctx,
+				   struct imessaging_context *msg_ctx,
+				   struct loadparm_context *lp_ctx,
+				   struct cli_credentials *server_credentials,
+				   const char *target_service,
+				   struct gensec_security **gensec_context);
+NTSTATUS samba_server_gensec_krb5_start(TALLOC_CTX *mem_ctx,
+					struct tevent_context *event_ctx,
+					struct imessaging_context *msg_ctx,
+					struct loadparm_context *lp_ctx,
+					struct cli_credentials *server_credentials,
+					const char *target_service,
+					struct gensec_security **gensec_context);
+
+#endif /* _SMBAUTH_H_ */
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
new file mode 100644
index 0000000..cc0491f
--- /dev/null
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -0,0 +1,1731 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Kerberos backend for GENSEC
+   
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
+   Copyright (C) Stefan Metzmacher <metze@samba.org> 2004-2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <tevent.h>
+#include "lib/util/tevent_ntstatus.h"
+#include "lib/events/events.h"
+#include "system/kerberos.h"
+#include "system/gssapi.h"
+#include "auth/kerberos/kerberos.h"
+#include "librpc/gen_ndr/krb5pac.h"
+#include "auth/auth.h"
+#include <ldb.h>
+#include "auth/auth_sam.h"
+#include "librpc/gen_ndr/dcerpc.h"
+#include "auth/credentials/credentials.h"
+#include "auth/credentials/credentials_krb5.h"
+#include "auth/gensec/gensec.h"
+#include "auth/gensec/gensec_internal.h"
+#include "auth/gensec/gensec_proto.h"
+#include "auth/gensec/gensec_toplevel_proto.h"
+#include "param/param.h"
+#include "auth/session_proto.h"
+#include "gensec_gssapi.h"
+#include "lib/util/util_net.h"
+#include "auth/kerberos/pac_utils.h"
+#include "auth/kerberos/gssapi_helper.h"
+#include "lib/util/smb_strtox.h"
+
+#ifndef gss_mech_spnego
+gss_OID_desc spnego_mech_oid_desc =
+		{ 6, discard_const_p(void, "\x2b\x06\x01\x05\x05\x02") };
+#define gss_mech_spnego (&spnego_mech_oid_desc)
+#endif
+
+_PUBLIC_ NTSTATUS gensec_gssapi_init(TALLOC_CTX *);
+
+static size_t gensec_gssapi_max_input_size(struct gensec_security *gensec_security);
+static size_t gensec_gssapi_max_wrapped_size(struct gensec_security *gensec_security);
+static size_t gensec_gssapi_sig_size(struct gensec_security *gensec_security, size_t data_size);
+
+static int gensec_gssapi_destructor(struct gensec_gssapi_state *gensec_gssapi_state)
+{
+	OM_uint32 min_stat;
+
+	if (gensec_gssapi_state->delegated_cred_handle != GSS_C_NO_CREDENTIAL) {
+		gss_release_cred(&min_stat,
+				 &gensec_gssapi_state->delegated_cred_handle);
+	}
+
+	if (gensec_gssapi_state->gssapi_context != GSS_C_NO_CONTEXT) {
+		gss_delete_sec_context(&min_stat,
+				       &gensec_gssapi_state->gssapi_context,
+				       GSS_C_NO_BUFFER);
+	}
+
+	if (gensec_gssapi_state->server_name != GSS_C_NO_NAME) {
+		gss_release_name(&min_stat,
+				 &gensec_gssapi_state->server_name);
+	}
+	if (gensec_gssapi_state->client_name != GSS_C_NO_NAME) {
+		gss_release_name(&min_stat,
+				 &gensec_gssapi_state->client_name);
+	}
+
+	return 0;
+}
+
+static NTSTATUS gensec_gssapi_setup_server_principal(TALLOC_CTX *mem_ctx,
+						     const char *target_principal,
+						     const char *service,
+						     const char *hostname,
+						     const char *realm,
+						     const gss_OID mech,
+						     char **pserver_principal,
+						     gss_name_t *pserver_name)
+{
+	char *server_principal = NULL;
+	gss_buffer_desc name_token;
+	gss_OID name_type;
+	OM_uint32 maj_stat, min_stat = 0;
+
+	if (target_principal != NULL) {
+		server_principal = talloc_strdup(mem_ctx, target_principal);
+		name_type = GSS_C_NULL_OID;
+	} else {
+		server_principal = talloc_asprintf(mem_ctx,
+						   "%s/%s@%s",
+						   service, hostname, realm);
+		name_type = GSS_C_NT_USER_NAME;
+	}
+	if (server_principal == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	name_token.value = (uint8_t *)server_principal;
+	name_token.length = strlen(server_principal);
+
+	maj_stat = gss_import_name(&min_stat,
+				   &name_token,
+				   name_type,
+				   pserver_name);
+	if (maj_stat) {
+		DBG_WARNING("GSS Import name of %s failed: %s\n",
+			    server_principal,
+			    gssapi_error_string(mem_ctx,
+						maj_stat,
+						min_stat,
+						mech));
+		TALLOC_FREE(server_principal);
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	*pserver_principal = server_principal;
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
+{
+	struct gensec_gssapi_state *gensec_gssapi_state;
+	krb5_error_code ret;
+#ifdef SAMBA4_USES_HEIMDAL
+	const char *realm;
+#endif
+
+	gensec_gssapi_state = talloc_zero(gensec_security, struct gensec_gssapi_state);
+	if (!gensec_gssapi_state) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	gensec_security->private_data = gensec_gssapi_state;
+
+	gensec_gssapi_state->gssapi_context = GSS_C_NO_CONTEXT;
+
+	/* TODO: Fill in channel bindings */
+	gensec_gssapi_state->input_chan_bindings = GSS_C_NO_CHANNEL_BINDINGS;
+
+	gensec_gssapi_state->server_name = GSS_C_NO_NAME;
+	gensec_gssapi_state->client_name = GSS_C_NO_NAME;
+	
+	gensec_gssapi_state->gss_want_flags = 0;
+	gensec_gssapi_state->expire_time = GENSEC_EXPIRE_TIME_INFINITY;
+
+	if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "delegation_by_kdc_policy", true)) {
+		gensec_gssapi_state->gss_want_flags |= GSS_C_DELEG_POLICY_FLAG;
+	}
+	if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "mutual", true)) {
+		gensec_gssapi_state->gss_want_flags |= GSS_C_MUTUAL_FLAG;
+	}
+	if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "delegation", false)) {
+		gensec_gssapi_state->gss_want_flags |= GSS_C_DELEG_FLAG;
+	}
+	if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "replay", true)) {
+		gensec_gssapi_state->gss_want_flags |= GSS_C_REPLAY_FLAG;
+	}
+	if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "sequence", true)) {
+		gensec_gssapi_state->gss_want_flags |= GSS_C_SEQUENCE_FLAG;
+	}
+
+	if (gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) {
+		gensec_gssapi_state->gss_want_flags |= GSS_C_INTEG_FLAG;
+	}
+	if (gensec_security->want_features & GENSEC_FEATURE_SIGN) {
+		gensec_gssapi_state->gss_want_flags |= GSS_C_INTEG_FLAG;
+	}
+	if (gensec_security->want_features & GENSEC_FEATURE_SEAL) {
+		gensec_gssapi_state->gss_want_flags |= GSS_C_INTEG_FLAG;
+		gensec_gssapi_state->gss_want_flags |= GSS_C_CONF_FLAG;
+	}
+	if (gensec_security->want_features & GENSEC_FEATURE_DCE_STYLE) {
+		gensec_gssapi_state->gss_want_flags |= GSS_C_DCE_STYLE;
+	}
+
+	gensec_gssapi_state->gss_got_flags = 0;
+
+	switch (gensec_security->ops->auth_type) {
+	case DCERPC_AUTH_TYPE_SPNEGO:
+		gensec_gssapi_state->gss_oid = gss_mech_spnego;
+		break;
+	case DCERPC_AUTH_TYPE_KRB5:
+	default:
+		gensec_gssapi_state->gss_oid =
+			discard_const_p(void, gss_mech_krb5);
+		break;
+	}
+
+	ret = smb_krb5_init_context(gensec_gssapi_state,
+				    gensec_security->settings->lp_ctx,
+				    &gensec_gssapi_state->smb_krb5_context);
+	if (ret) {
+		DEBUG(1,("gensec_gssapi_start: smb_krb5_init_context failed (%s)\n",
+			 error_message(ret)));
+		talloc_free(gensec_gssapi_state);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	gensec_gssapi_state->client_cred = NULL;
+	gensec_gssapi_state->server_cred = NULL;
+
+	gensec_gssapi_state->delegated_cred_handle = GSS_C_NO_CREDENTIAL;
+
+	gensec_gssapi_state->sasl = false;
+	gensec_gssapi_state->sasl_state = STAGE_GSS_NEG;
+	gensec_gssapi_state->sasl_protection = 0;
+
+	gensec_gssapi_state->max_wrap_buf_size
+		= gensec_setting_int(gensec_security->settings, "gensec_gssapi", "max wrap buf size", 65536);
+	gensec_gssapi_state->gss_exchange_count = 0;
+	gensec_gssapi_state->sig_size = 0;
+
+	talloc_set_destructor(gensec_gssapi_state, gensec_gssapi_destructor);
+
+#ifdef SAMBA4_USES_HEIMDAL
+	realm = lpcfg_realm(gensec_security->settings->lp_ctx);
+	if (realm != NULL) {
+		ret = gsskrb5_set_default_realm(realm);
+		if (ret) {
+			DEBUG(1,("gensec_gssapi_start: gsskrb5_set_default_realm failed\n"));
+			talloc_free(gensec_gssapi_state);
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+	}
+
+	/* don't do DNS lookups of any kind, it might/will fail for a netbios name */
+	ret = gsskrb5_set_dns_canonicalize(false);
+	if (ret) {
+		DEBUG(1,("gensec_gssapi_start: gsskrb5_set_dns_canonicalize failed\n"));
+		talloc_free(gensec_gssapi_state);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+#endif
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS gensec_gssapi_server_start(struct gensec_security *gensec_security)
+{
+	NTSTATUS nt_status;
+	int ret;
+	struct gensec_gssapi_state *gensec_gssapi_state;
+	struct cli_credentials *machine_account;
+	struct gssapi_creds_container *gcc;
+
+	nt_status = gensec_gssapi_start(gensec_security);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		return nt_status;
+	}
+
+	gensec_gssapi_state = talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state);
+
+	machine_account = gensec_get_credentials(gensec_security);
+	
+	if (!machine_account) {
+		DEBUG(3, ("No machine account credentials specified\n"));
+		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+	} else {
+		ret = cli_credentials_get_server_gss_creds(machine_account, 
+							   gensec_security->settings->lp_ctx, &gcc);
+		if (ret) {
+			DEBUG(1, ("Acquiring acceptor credentials failed: %s\n",
+				  error_message(ret)));
+			return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+		}
+	}
+
+	gensec_gssapi_state->server_cred = gcc;
+	return NT_STATUS_OK;
+
+}
+
+static NTSTATUS gensec_gssapi_sasl_server_start(struct gensec_security *gensec_security)
+{
+	NTSTATUS nt_status;
+	struct gensec_gssapi_state *gensec_gssapi_state;
+	nt_status = gensec_gssapi_server_start(gensec_security);
+
+	if (NT_STATUS_IS_OK(nt_status)) {
+		gensec_gssapi_state = talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state);
+		gensec_gssapi_state->sasl = true;
+	}
+	return nt_status;
+}
+
+static NTSTATUS gensec_gssapi_client_creds(struct gensec_security *gensec_security,
+					   struct tevent_context *ev)
+{
+	struct gensec_gssapi_state *gensec_gssapi_state;
+	struct gssapi_creds_container *gcc;
+	struct cli_credentials *creds = gensec_get_credentials(gensec_security);
+	const char *error_string;
+	int ret;
+
+	gensec_gssapi_state = talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state);
+
+	/* Only run this the first time the update() call is made */
+	if (gensec_gssapi_state->client_cred) {
+		return NT_STATUS_OK;
+	}
+
+	ret = cli_credentials_get_client_gss_creds(creds,
+						   ev,
+						   gensec_security->settings->lp_ctx, &gcc, &error_string);
+	switch (ret) {
+	case 0:
+		break;
+	case EINVAL:
+		DEBUG(3, ("Cannot obtain client GSS credentials we need to contact %s : %s\n", gensec_gssapi_state->target_principal, error_string));
+		return NT_STATUS_INVALID_PARAMETER;
+	case KRB5KDC_ERR_PREAUTH_FAILED:
+	case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN:
+	case KRB5KRB_AP_ERR_BAD_INTEGRITY:
+		DEBUG(1, ("Wrong username or password: %s\n", error_string));
+		return NT_STATUS_LOGON_FAILURE;
+	case KRB5KDC_ERR_CLIENT_REVOKED:
+		DEBUG(1, ("Account locked out: %s\n", error_string));
+		return NT_STATUS_ACCOUNT_LOCKED_OUT;
+	case KRB5_REALM_UNKNOWN:
+	case KRB5_KDC_UNREACH:
+		DEBUG(3, ("Cannot reach a KDC we require to contact %s : %s\n", gensec_gssapi_state->target_principal, error_string));
+		return NT_STATUS_NO_LOGON_SERVERS;
+	case KRB5_CC_NOTFOUND:
+	case KRB5_CC_END:
+		DEBUG(2, ("Error obtaining ticket we require to contact %s: (possibly due to clock skew between us and the KDC) %s\n", gensec_gssapi_state->target_principal, error_string));
+		return NT_STATUS_TIME_DIFFERENCE_AT_DC;
+	default:
+		DEBUG(1, ("Acquiring initiator credentials failed: %s\n", error_string));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	gensec_gssapi_state->client_cred = gcc;
+	if (!talloc_reference(gensec_gssapi_state, gcc)) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_security)
+{
+	struct gensec_gssapi_state *gensec_gssapi_state;
+	struct cli_credentials *creds = gensec_get_credentials(gensec_security);
+	NTSTATUS nt_status;
+	const char *target_principal = NULL;
+	const char *hostname = gensec_get_target_hostname(gensec_security);
+	const char *service = gensec_get_target_service(gensec_security);
+	const char *realm = cli_credentials_get_realm(creds);
+
+	target_principal = gensec_get_target_principal(gensec_security);
+	if (target_principal != NULL) {
+		goto do_start;
+	}
+
+	if (!hostname) {
+		DEBUG(3, ("No hostname for target computer passed in, cannot use kerberos for this connection\n"));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+	if (is_ipaddress(hostname)) {
+		DEBUG(2, ("Cannot do GSSAPI to an IP address\n"));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+	if (strcmp(hostname, "localhost") == 0) {
+		DEBUG(2, ("GSSAPI to 'localhost' does not make sense\n"));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (realm == NULL) {
+		char *cred_name = cli_credentials_get_unparsed_name(creds,
+								gensec_security);
+		DEBUG(3, ("cli_credentials(%s) without realm, "
+			  "cannot use kerberos for this connection %s/%s\n",
+			  cred_name, service, hostname));
+		TALLOC_FREE(cred_name);
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+do_start:
+
+	nt_status = gensec_gssapi_start(gensec_security);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		return nt_status;
+	}
+
+	gensec_gssapi_state = talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state);
+
+	if (cli_credentials_get_impersonate_principal(creds)) {
+		gensec_gssapi_state->gss_want_flags &= ~(GSS_C_DELEG_FLAG|GSS_C_DELEG_POLICY_FLAG);
+	}
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS gensec_gssapi_sasl_client_start(struct gensec_security *gensec_security)
+{
+	NTSTATUS nt_status;
+	struct gensec_gssapi_state *gensec_gssapi_state;
+	nt_status = gensec_gssapi_client_start(gensec_security);
+
+	if (NT_STATUS_IS_OK(nt_status)) {
+		gensec_gssapi_state = talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state);
+		gensec_gssapi_state->sasl = true;
+	}
+	return nt_status;
+}
+
+static NTSTATUS gensec_gssapi_update_internal(struct gensec_security *gensec_security,
+					      TALLOC_CTX *out_mem_ctx,
+					      struct tevent_context *ev,
+					      const DATA_BLOB in, DATA_BLOB *out)
+{
+	struct gensec_gssapi_state *gensec_gssapi_state
+		= talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state);
+	NTSTATUS nt_status;
+	OM_uint32 maj_stat, min_stat;
+	OM_uint32 min_stat2;
+	gss_buffer_desc input_token = { 0, NULL };
+	gss_buffer_desc output_token = { 0, NULL };
+	struct cli_credentials *cli_creds = gensec_get_credentials(gensec_security);
+	const char *target_principal = gensec_get_target_principal(gensec_security);
+	const char *hostname = gensec_get_target_hostname(gensec_security);
+	const char *service = gensec_get_target_service(gensec_security);
+	gss_OID gss_oid_p = NULL;
+	OM_uint32 time_req = 0;
+	OM_uint32 time_rec = 0;
+	struct timeval tv;
+
+	time_req = gensec_setting_int(gensec_security->settings,
+				      "gensec_gssapi", "requested_life_time",
+				      time_req);
+
+	input_token.length = in.length;
+	input_token.value = in.data;
+
+	switch (gensec_gssapi_state->sasl_state) {
+	case STAGE_GSS_NEG:
+	{
+		switch (gensec_security->gensec_role) {
+		case GENSEC_CLIENT:
+		{
+			const char *client_realm = NULL;
+#ifdef SAMBA4_USES_HEIMDAL
+			struct gsskrb5_send_to_kdc send_to_kdc;
+			krb5_error_code ret;
+#else
+			bool fallback = false;
+#endif
+
+			nt_status = gensec_gssapi_client_creds(gensec_security, ev);
+			if (!NT_STATUS_IS_OK(nt_status)) {
+				return nt_status;
+			}
+
+#ifdef SAMBA4_USES_HEIMDAL
+			send_to_kdc.func = smb_krb5_send_and_recv_func;
+			send_to_kdc.ptr = ev;
+
+			min_stat = gsskrb5_set_send_to_kdc(&send_to_kdc);
+			if (min_stat) {
+				DEBUG(1,("gensec_gssapi_update: gsskrb5_set_send_to_kdc failed\n"));
+				return NT_STATUS_INTERNAL_ERROR;
+			}
+#endif
+
+			/*
+			 * With credentials for
+			 * administrator@FOREST1.EXAMPLE.COM this patch changes
+			 * the target_principal for the ldap service of host
+			 * dc2.forest2.example.com from
+			 *
+			 *   ldap/dc2.forest2.example.com@FOREST1.EXAMPLE.COM
+			 *
+			 * to
+			 *
+			 *   ldap/dc2.forest2.example.com@FOREST2.EXAMPLE.COM
+			 *
+			 * Typically
+			 * ldap/dc2.forest2.example.com@FOREST1.EXAMPLE.COM
+			 * should be used in order to allow the KDC of
+			 * FOREST1.EXAMPLE.COM to generate a referral ticket
+			 * for krbtgt/FOREST2.EXAMPLE.COM@FOREST1.EXAMPLE.COM.
+			 *
+			 * The problem is that KDCs only return such referral
+			 * tickets if there's a forest trust between
+			 * FOREST1.EXAMPLE.COM and FOREST2.EXAMPLE.COM. If
+			 * there's only an external domain trust between
+			 * FOREST1.EXAMPLE.COM and FOREST2.EXAMPLE.COM the KDC
+			 * of FOREST1.EXAMPLE.COM will respond with
+			 * S_PRINCIPAL_UNKNOWN when being asked for
+			 * ldap/dc2.forest2.example.com@FOREST1.EXAMPLE.COM.
+			 *
+			 * In the case of an external trust the client can
+			 * still ask explicitly for
+			 * krbtgt/FOREST2.EXAMPLE.COM@FOREST1.EXAMPLE.COM and
+			 * the KDC of FOREST1.EXAMPLE.COM will generate it.
+			 *
+			 * From there the client can use the
+			 * krbtgt/FOREST2.EXAMPLE.COM@FOREST1.EXAMPLE.COM
+			 * ticket and ask a KDC of FOREST2.EXAMPLE.COM for a
+			 * service ticket for
+			 * ldap/dc2.forest2.example.com@FOREST2.EXAMPLE.COM.
+			 *
+			 * With Heimdal we'll get the fallback on
+			 * S_PRINCIPAL_UNKNOWN behavior when we pass
+			 * ldap/dc2.forest2.example.com@FOREST2.EXAMPLE.COM as
+			 * target principal. As _krb5_get_cred_kdc_any() first
+			 * calls get_cred_kdc_referral() (which always starts
+			 * with the client realm) and falls back to
+			 * get_cred_kdc_capath() (which starts with the given
+			 * realm).
+			 *
+			 * MIT krb5 only tries the given realm of the target
+			 * principal, if we want to autodetect support for
+			 * transitive forest trusts, would have to do the
+			 * fallback ourself.
+			 */
+			client_realm = cli_credentials_get_realm(cli_creds);
+#ifndef SAMBA4_USES_HEIMDAL
+			if (gensec_gssapi_state->server_name == NULL) {
+				nt_status = gensec_gssapi_setup_server_principal(gensec_gssapi_state,
+										 target_principal,
+										 service,
+										 hostname,
+										 client_realm,
+										 gensec_gssapi_state->gss_oid,
+										 &gensec_gssapi_state->target_principal,
+										 &gensec_gssapi_state->server_name);
+				if (!NT_STATUS_IS_OK(nt_status)) {
+					return nt_status;
+				}
+
+				maj_stat = gss_init_sec_context(&min_stat,
+								gensec_gssapi_state->client_cred->creds,
+								&gensec_gssapi_state->gssapi_context,
+								gensec_gssapi_state->server_name,
+								gensec_gssapi_state->gss_oid,
+								gensec_gssapi_state->gss_want_flags,
+								time_req,
+								gensec_gssapi_state->input_chan_bindings,
+								&input_token,
+								&gss_oid_p,
+								&output_token,
+								&gensec_gssapi_state->gss_got_flags, /* ret flags */
+								&time_rec);
+				if (maj_stat != GSS_S_FAILURE) {
+					goto init_sec_context_done;
+				}
+				if (min_stat != (OM_uint32)KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN) {
+					goto init_sec_context_done;
+				}
+				if (target_principal != NULL) {
+					goto init_sec_context_done;
+				}
+
+				fallback = true;
+				TALLOC_FREE(gensec_gssapi_state->target_principal);
+				gss_release_name(&min_stat2, &gensec_gssapi_state->server_name);
+			}
+#endif /* !SAMBA4_USES_HEIMDAL */
+			if (gensec_gssapi_state->server_name == NULL) {
+				const char *server_realm = NULL;
+
+				server_realm = smb_krb5_get_realm_from_hostname(gensec_gssapi_state,
+										hostname,
+										client_realm);
+				if (server_realm == NULL) {
+					return NT_STATUS_NO_MEMORY;
+				}
+
+#ifndef SAMBA4_USES_HEIMDAL
+				if (fallback &&
+				    strequal(client_realm, server_realm)) {
+					goto init_sec_context_done;
+				}
+#endif /* !SAMBA4_USES_HEIMDAL */
+
+				nt_status = gensec_gssapi_setup_server_principal(gensec_gssapi_state,
+										 target_principal,
+										 service,
+										 hostname,
+										 server_realm,
+										 gensec_gssapi_state->gss_oid,
+										 &gensec_gssapi_state->target_principal,
+										 &gensec_gssapi_state->server_name);
+				if (!NT_STATUS_IS_OK(nt_status)) {
+					return nt_status;
+				}
+			}
+
+			maj_stat = gss_init_sec_context(&min_stat, 
+							gensec_gssapi_state->client_cred->creds,
+							&gensec_gssapi_state->gssapi_context, 
+							gensec_gssapi_state->server_name, 
+							gensec_gssapi_state->gss_oid,
+							gensec_gssapi_state->gss_want_flags, 
+							time_req,
+							gensec_gssapi_state->input_chan_bindings,
+							&input_token, 
+							&gss_oid_p,
+							&output_token, 
+							&gensec_gssapi_state->gss_got_flags, /* ret flags */
+							&time_rec);
+			goto init_sec_context_done;
+			/* JUMP! */
+init_sec_context_done:
+			if (gss_oid_p) {
+				gensec_gssapi_state->gss_oid = gss_oid_p;
+			}
+
+#ifdef SAMBA4_USES_HEIMDAL
+			send_to_kdc.func = smb_krb5_send_and_recv_func;
+			send_to_kdc.ptr = NULL;
+
+			ret = gsskrb5_set_send_to_kdc(&send_to_kdc);
+			if (ret) {
+				DEBUG(1,("gensec_gssapi_update: gsskrb5_set_send_to_kdc failed\n"));
+				return NT_STATUS_INTERNAL_ERROR;
+			}
+#endif
+			break;
+		}
+		case GENSEC_SERVER:
+		{
+			maj_stat = gss_accept_sec_context(&min_stat, 
+							  &gensec_gssapi_state->gssapi_context, 
+							  gensec_gssapi_state->server_cred->creds,
+							  &input_token, 
+							  gensec_gssapi_state->input_chan_bindings,
+							  &gensec_gssapi_state->client_name, 
+							  &gss_oid_p,
+							  &output_token, 
+							  &gensec_gssapi_state->gss_got_flags, 
+							  &time_rec,
+							  &gensec_gssapi_state->delegated_cred_handle);
+			if (gss_oid_p) {
+				gensec_gssapi_state->gss_oid = gss_oid_p;
+			}
+			break;
+		}
+		default:
+			return NT_STATUS_INVALID_PARAMETER;
+			
+		}
+
+		gensec_gssapi_state->gss_exchange_count++;
+
+		if (maj_stat == GSS_S_COMPLETE) {
+			*out = data_blob_talloc(out_mem_ctx, output_token.value, output_token.length);
+			gss_release_buffer(&min_stat2, &output_token);
+			
+			if (gensec_gssapi_state->gss_got_flags & GSS_C_DELEG_FLAG &&
+			    gensec_gssapi_state->delegated_cred_handle != GSS_C_NO_CREDENTIAL) {
+				DEBUG(5, ("gensec_gssapi: credentials were delegated\n"));
+			} else {
+				DEBUG(5, ("gensec_gssapi: NO credentials were delegated\n"));
+			}
+
+			tv = timeval_current_ofs(time_rec, 0);
+			gensec_gssapi_state->expire_time = timeval_to_nttime(&tv);
+
+			/* We may have been invoked as SASL, so there
+			 * is more work to do */
+			if (gensec_gssapi_state->sasl) {
+				gensec_gssapi_state->sasl_state = STAGE_SASL_SSF_NEG;
+				return NT_STATUS_MORE_PROCESSING_REQUIRED;
+			} else {
+				gensec_gssapi_state->sasl_state = STAGE_DONE;
+
+				if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
+					DEBUG(5, ("GSSAPI Connection will be cryptographically sealed\n"));
+				} else if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
+					DEBUG(5, ("GSSAPI Connection will be cryptographically signed\n"));
+				} else {
+					DEBUG(5, ("GSSAPI Connection will have no cryptographic protection\n"));
+				}
+
+				return NT_STATUS_OK;
+			}
+		} else if (maj_stat == GSS_S_CONTINUE_NEEDED) {
+			*out = data_blob_talloc(out_mem_ctx, output_token.value, output_token.length);
+			gss_release_buffer(&min_stat2, &output_token);
+			
+			return NT_STATUS_MORE_PROCESSING_REQUIRED;
+		} else if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
+			gss_cred_id_t creds = NULL;
+			gss_name_t name;
+			gss_buffer_desc buffer;
+			OM_uint32 lifetime = 0;
+			gss_cred_usage_t usage;
+			const char *role = NULL;
+
+			switch (gensec_security->gensec_role) {
+			case GENSEC_CLIENT:
+				creds = gensec_gssapi_state->client_cred->creds;
+				role = "client";
+				break;
+			case GENSEC_SERVER:
+				creds = gensec_gssapi_state->server_cred->creds;
+				role = "server";
+				break;
+			}
+
+			DBG_ERR("GSS %s Update(krb5)(%d) failed, credentials "
+				"expired during GSSAPI handshake!\n",
+				role,
+				gensec_gssapi_state->gss_exchange_count);
+
+			maj_stat = gss_inquire_cred(&min_stat, 
+						    creds,
+						    &name, &lifetime, &usage, NULL);
+
+			if (maj_stat == GSS_S_COMPLETE) {
+				const char *usage_string = NULL;
+				switch (usage) {
+				case GSS_C_BOTH:
+					usage_string = "GSS_C_BOTH";
+					break;
+				case GSS_C_ACCEPT:
+					usage_string = "GSS_C_ACCEPT";
+					break;
+				case GSS_C_INITIATE:
+					usage_string = "GSS_C_INITIATE";
+					break;
+				}
+				maj_stat = gss_display_name(&min_stat, name, &buffer, NULL);
+				if (maj_stat) {
+					buffer.value = NULL;
+					buffer.length = 0;
+				}
+				if (lifetime > 0) {
+					DEBUG(0, ("GSSAPI gss_inquire_cred indicates expiry of %*.*s in %u sec for %s\n", 
+						  (int)buffer.length, (int)buffer.length, (char *)buffer.value, 
+						  lifetime, usage_string));
+				} else {
+					DEBUG(0, ("GSSAPI gss_inquire_cred indicates %*.*s has already expired for %s\n", 
+						  (int)buffer.length, (int)buffer.length, (char *)buffer.value, 
+						  usage_string));
+				}
+				gss_release_buffer(&min_stat, &buffer);
+				gss_release_name(&min_stat, &name);
+			} else if (maj_stat != GSS_S_COMPLETE) {
+				DEBUG(0, ("inquiry of credential lifetime via GSSAPI gss_inquire_cred failed: %s\n",
+					  gssapi_error_string(out_mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
+			}
+			return NT_STATUS_INVALID_PARAMETER;
+		} else if (smb_gss_oid_equal(gensec_gssapi_state->gss_oid,
+					     gss_mech_krb5)) {
+			switch (min_stat) {
+			case (OM_uint32)KRB5KRB_AP_ERR_TKT_NYV:
+				DEBUG(1, ("Error with ticket to contact %s: possible clock skew between us and the KDC or target server: %s\n",
+					  gensec_gssapi_state->target_principal,
+					  gssapi_error_string(out_mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
+				return NT_STATUS_TIME_DIFFERENCE_AT_DC; /* Make SPNEGO ignore us, we can't go any further here */
+			case (OM_uint32)KRB5KRB_AP_ERR_TKT_EXPIRED:
+				DEBUG(1, ("Error with ticket to contact %s: ticket is expired, possible clock skew between us and the KDC or target server: %s\n",
+					  gensec_gssapi_state->target_principal,
+					  gssapi_error_string(out_mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
+				return NT_STATUS_INVALID_PARAMETER; /* Make SPNEGO ignore us, we can't go any further here */
+			case (OM_uint32)KRB5_KDC_UNREACH:
+				DEBUG(3, ("Cannot reach a KDC we require in order to obtain a ticket to %s: %s\n",
+					  gensec_gssapi_state->target_principal,
+					  gssapi_error_string(out_mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
+				return NT_STATUS_NO_LOGON_SERVERS; /* Make SPNEGO ignore us, we can't go any further here */
+			case (OM_uint32)KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN:
+				DEBUG(3, ("Server %s is not registered with our KDC: %s\n",
+					  gensec_gssapi_state->target_principal,
+					  gssapi_error_string(out_mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
+				return NT_STATUS_INVALID_PARAMETER; /* Make SPNEGO ignore us, we can't go any further here */
+			case (OM_uint32)KRB5KRB_AP_ERR_MSG_TYPE:
+				/* garbage input, possibly from the auto-mech detection */
+				return NT_STATUS_INVALID_PARAMETER;
+			default:
+				DEBUG(1, ("GSS %s Update(krb5)(%d) Update failed: %s\n",
+					  gensec_security->gensec_role == GENSEC_CLIENT ? "client" : "server",
+					  gensec_gssapi_state->gss_exchange_count,
+					  gssapi_error_string(out_mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
+				return NT_STATUS_LOGON_FAILURE;
+			}
+		} else {
+			DEBUG(1, ("GSS %s Update(%d) failed: %s\n",
+				  gensec_security->gensec_role == GENSEC_CLIENT ? "client" : "server",
+				  gensec_gssapi_state->gss_exchange_count,
+				  gssapi_error_string(out_mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
+			return NT_STATUS_LOGON_FAILURE;
+		}
+		break;
+	}
+
+	/* These last two stages are only done if we were invoked as SASL */
+	case STAGE_SASL_SSF_NEG:
+	{
+		switch (gensec_security->gensec_role) {
+		case GENSEC_CLIENT:
+		{
+			uint8_t maxlength_proposed[4]; 
+			uint8_t maxlength_accepted[4]; 
+			uint8_t security_supported;
+			int conf_state;
+			gss_qop_t qop_state;
+			input_token.length = in.length;
+			input_token.value = in.data;
+
+			/* As a client, we have just send a
+			 * zero-length blob to the server (after the
+			 * normal GSSAPI exchange), and it has replied
+			 * with it's SASL negotiation */
+			
+			maj_stat = gss_unwrap(&min_stat, 
+					      gensec_gssapi_state->gssapi_context, 
+					      &input_token,
+					      &output_token, 
+					      &conf_state,
+					      &qop_state);
+			if (GSS_ERROR(maj_stat)) {
+				DEBUG(1, ("gensec_gssapi_update: GSS UnWrap of SASL protection negotiation failed: %s\n", 
+					  gssapi_error_string(out_mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
+				return NT_STATUS_ACCESS_DENIED;
+			}
+			
+			if (output_token.length < 4) {
+				gss_release_buffer(&min_stat, &output_token);
+				return NT_STATUS_INVALID_PARAMETER;
+			}
+
+			memcpy(maxlength_proposed, output_token.value, 4);
+			gss_release_buffer(&min_stat, &output_token);
+
+			/* first byte is the proposed security */
+			security_supported = maxlength_proposed[0];
+			maxlength_proposed[0] = '\0';
+			
+			/* Rest is the proposed max wrap length */
+			gensec_gssapi_state->max_wrap_buf_size = MIN(RIVAL(maxlength_proposed, 0), 
+								     gensec_gssapi_state->max_wrap_buf_size);
+			gensec_gssapi_state->sasl_protection = 0;
+			if (security_supported & NEG_SEAL) {
+				if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
+					gensec_gssapi_state->sasl_protection |= NEG_SEAL;
+				}
+			}
+			if (security_supported & NEG_SIGN) {
+				if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
+					gensec_gssapi_state->sasl_protection |= NEG_SIGN;
+				}
+			}
+			if (security_supported & NEG_NONE) {
+				gensec_gssapi_state->sasl_protection |= NEG_NONE;
+			}
+			if (gensec_gssapi_state->sasl_protection == 0) {
+				DEBUG(1, ("Remote server does not support unprotected connections\n"));
+				return NT_STATUS_ACCESS_DENIED;
+			}
+
+			/* Send back the negotiated max length */
+
+			RSIVAL(maxlength_accepted, 0, gensec_gssapi_state->max_wrap_buf_size);
+
+			maxlength_accepted[0] = gensec_gssapi_state->sasl_protection;
+			
+			input_token.value = maxlength_accepted;
+			input_token.length = sizeof(maxlength_accepted);
+
+			maj_stat = gss_wrap(&min_stat, 
+					    gensec_gssapi_state->gssapi_context, 
+					    false,
+					    GSS_C_QOP_DEFAULT,
+					    &input_token,
+					    &conf_state,
+					    &output_token);
+			if (GSS_ERROR(maj_stat)) {
+				DEBUG(1, ("GSS Update(SSF_NEG): GSS Wrap failed: %s\n", 
+					  gssapi_error_string(out_mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
+				return NT_STATUS_ACCESS_DENIED;
+			}
+			
+			*out = data_blob_talloc(out_mem_ctx, output_token.value, output_token.length);
+			gss_release_buffer(&min_stat, &output_token);
+
+			/* quirk:  This changes the value that gensec_have_feature returns, to be that after SASL negotiation */
+			gensec_gssapi_state->sasl_state = STAGE_DONE;
+
+			if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
+				DEBUG(3, ("SASL/GSSAPI Connection to server will be cryptographically sealed\n"));
+			} else if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
+				DEBUG(3, ("SASL/GSSAPI Connection to server will be cryptographically signed\n"));
+			} else {
+				DEBUG(3, ("SASL/GSSAPI Connection to server will have no cryptographic protection\n"));
+			}
+
+			return NT_STATUS_OK;
+		}
+		case GENSEC_SERVER:
+		{
+			uint8_t maxlength_proposed[4]; 
+			uint8_t security_supported = 0x0;
+			int conf_state;
+
+			/* As a server, we have just been sent a zero-length blob (note this, but it isn't fatal) */
+			if (in.length != 0) {
+				DEBUG(1, ("SASL/GSSAPI: client sent non-zero length starting SASL negotiation!\n"));
+			}
+			
+			/* Give the client some idea what we will support */
+			  
+			RSIVAL(maxlength_proposed, 0, gensec_gssapi_state->max_wrap_buf_size);
+			/* first byte is the proposed security */
+			maxlength_proposed[0] = '\0';
+			
+			gensec_gssapi_state->sasl_protection = 0;
+			if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
+				security_supported |= NEG_SEAL;
+			} 
+			if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
+				security_supported |= NEG_SIGN;
+			}
+			if (security_supported == 0) {
+				/* If we don't support anything, this must be 0 */
+				RSIVAL(maxlength_proposed, 0, 0x0);
+			}
+
+			/* TODO:  We may not wish to support this */
+			security_supported |= NEG_NONE;
+			maxlength_proposed[0] = security_supported;
+			
+			input_token.value = maxlength_proposed;
+			input_token.length = sizeof(maxlength_proposed);
+
+			maj_stat = gss_wrap(&min_stat, 
+					    gensec_gssapi_state->gssapi_context, 
+					    false,
+					    GSS_C_QOP_DEFAULT,
+					    &input_token,
+					    &conf_state,
+					    &output_token);
+			if (GSS_ERROR(maj_stat)) {
+				DEBUG(1, ("GSS Update(SSF_NEG): GSS Wrap failed: %s\n", 
+					  gssapi_error_string(out_mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
+				return NT_STATUS_ACCESS_DENIED;
+			}
+			
+			*out = data_blob_talloc(out_mem_ctx, output_token.value, output_token.length);
+			gss_release_buffer(&min_stat, &output_token);
+
+			gensec_gssapi_state->sasl_state = STAGE_SASL_SSF_ACCEPT;
+			return NT_STATUS_MORE_PROCESSING_REQUIRED;
+		}
+		default:
+  			return NT_STATUS_INVALID_PARAMETER;
+			
+		}
+	}
+	/* This is s server-only stage */
+	case STAGE_SASL_SSF_ACCEPT:
+	{
+		uint8_t maxlength_accepted[4]; 
+		uint8_t security_accepted;
+		int conf_state;
+		gss_qop_t qop_state;
+		input_token.length = in.length;
+		input_token.value = in.data;
+			
+		maj_stat = gss_unwrap(&min_stat, 
+				      gensec_gssapi_state->gssapi_context, 
+				      &input_token,
+				      &output_token, 
+				      &conf_state,
+				      &qop_state);
+		if (GSS_ERROR(maj_stat)) {
+			DEBUG(1, ("gensec_gssapi_update: GSS UnWrap of SASL protection negotiation failed: %s\n", 
+				  gssapi_error_string(out_mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
+			return NT_STATUS_ACCESS_DENIED;
+		}
+			
+		if (output_token.length < 4) {
+			gss_release_buffer(&min_stat, &output_token);
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		memcpy(maxlength_accepted, output_token.value, 4);
+		gss_release_buffer(&min_stat, &output_token);
+		
+		/* first byte is the proposed security */
+		security_accepted = maxlength_accepted[0];
+		maxlength_accepted[0] = '\0';
+
+		/* Rest is the proposed max wrap length */
+		gensec_gssapi_state->max_wrap_buf_size = MIN(RIVAL(maxlength_accepted, 0), 
+							     gensec_gssapi_state->max_wrap_buf_size);
+
+		gensec_gssapi_state->sasl_protection = 0;
+		if (security_accepted & NEG_SEAL) {
+			if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
+				DEBUG(1, ("Remote client wanted seal, but gensec refused\n"));
+				return NT_STATUS_ACCESS_DENIED;
+			}
+			gensec_gssapi_state->sasl_protection |= NEG_SEAL;
+		}
+		if (security_accepted & NEG_SIGN) {
+			if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
+				DEBUG(1, ("Remote client wanted sign, but gensec refused\n"));
+				return NT_STATUS_ACCESS_DENIED;
+			}
+			gensec_gssapi_state->sasl_protection |= NEG_SIGN;
+		}
+		if (security_accepted & NEG_NONE) {
+			gensec_gssapi_state->sasl_protection |= NEG_NONE;
+		}
+
+		/* quirk:  This changes the value that gensec_have_feature returns, to be that after SASL negotiation */
+		gensec_gssapi_state->sasl_state = STAGE_DONE;
+		if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
+			DEBUG(5, ("SASL/GSSAPI Connection from client will be cryptographically sealed\n"));
+		} else if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
+			DEBUG(5, ("SASL/GSSAPI Connection from client will be cryptographically signed\n"));
+		} else {
+			DEBUG(5, ("SASL/GSSAPI Connection from client will have no cryptographic protection\n"));
+		}
+
+		*out = data_blob(NULL, 0);
+		return NT_STATUS_OK;	
+	}
+	default:
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+}
+
+struct gensec_gssapi_update_state {
+	NTSTATUS status;
+	DATA_BLOB out;
+};
+
+static struct tevent_req *gensec_gssapi_update_send(TALLOC_CTX *mem_ctx,
+						    struct tevent_context *ev,
+						    struct gensec_security *gensec_security,
+						    const DATA_BLOB in)
+{
+	struct tevent_req *req = NULL;
+	struct gensec_gssapi_update_state *state = NULL;
+	NTSTATUS status;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct gensec_gssapi_update_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	status = gensec_gssapi_update_internal(gensec_security,
+					       state, ev, in,
+					       &state->out);
+	state->status = status;
+	if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+		tevent_req_done(req);
+		return tevent_req_post(req, ev);
+	}
+	if (tevent_req_nterror(req, status)) {
+		return tevent_req_post(req, ev);
+	}
+
+	tevent_req_done(req);
+	return tevent_req_post(req, ev);
+}
+
+static NTSTATUS gensec_gssapi_update_recv(struct tevent_req *req,
+					  TALLOC_CTX *out_mem_ctx,
+					  DATA_BLOB *out)
+{
+	struct gensec_gssapi_update_state *state =
+		tevent_req_data(req,
+		struct gensec_gssapi_update_state);
+	NTSTATUS status;
+
+	*out = data_blob_null;
+
+	if (tevent_req_is_nterror(req, &status)) {
+		tevent_req_received(req);
+		return status;
+	}
+
+	*out = state->out;
+	talloc_steal(out_mem_ctx, state->out.data);
+	status = state->status;
+	tevent_req_received(req);
+	return status;
+}
+
+static NTSTATUS gensec_gssapi_wrap(struct gensec_security *gensec_security, 
+				   TALLOC_CTX *mem_ctx, 
+				   const DATA_BLOB *in, 
+				   DATA_BLOB *out)
+{
+	struct gensec_gssapi_state *gensec_gssapi_state
+		= talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state);
+	OM_uint32 maj_stat, min_stat;
+	gss_buffer_desc input_token, output_token;
+	int conf_state;
+	input_token.length = in->length;
+	input_token.value = in->data;
+
+	maj_stat = gss_wrap(&min_stat, 
+			    gensec_gssapi_state->gssapi_context, 
+			    gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL),
+			    GSS_C_QOP_DEFAULT,
+			    &input_token,
+			    &conf_state,
+			    &output_token);
+	if (GSS_ERROR(maj_stat)) {
+		DEBUG(1, ("gensec_gssapi_wrap: GSS Wrap failed: %s\n", 
+			  gssapi_error_string(mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	*out = data_blob_talloc(mem_ctx, output_token.value, output_token.length);
+	gss_release_buffer(&min_stat, &output_token);
+
+	if (gensec_gssapi_state->sasl) {
+		size_t max_wrapped_size = gensec_gssapi_max_wrapped_size(gensec_security);
+		if (max_wrapped_size < out->length) {
+			DEBUG(1, ("gensec_gssapi_wrap: when wrapped, INPUT data (%u) is grew to be larger than SASL negotiated maximum output size (%u > %u)\n",
+				  (unsigned)in->length, 
+				  (unsigned)out->length, 
+				  (unsigned int)max_wrapped_size));
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+	}
+	
+	if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)
+	    && !conf_state) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS gensec_gssapi_unwrap(struct gensec_security *gensec_security, 
+				     TALLOC_CTX *mem_ctx, 
+				     const DATA_BLOB *in, 
+				     DATA_BLOB *out)
+{
+	struct gensec_gssapi_state *gensec_gssapi_state
+		= talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state);
+	OM_uint32 maj_stat, min_stat;
+	gss_buffer_desc input_token, output_token;
+	int conf_state;
+	gss_qop_t qop_state;
+	input_token.length = in->length;
+	input_token.value = in->data;
+	
+	if (gensec_gssapi_state->sasl) {
+		size_t max_wrapped_size = gensec_gssapi_max_wrapped_size(gensec_security);
+		if (max_wrapped_size < in->length) {
+			DEBUG(1, ("gensec_gssapi_unwrap: WRAPPED data is larger than SASL negotiated maximum size\n"));
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+	}
+	
+	/*
+	 * FIXME: input_message_buffer is marked const, but gss_unwrap() may
+	 * modify it (see calls to rrc_rotate() in _gssapi_unwrap_cfx()).
+	 */
+	maj_stat = gss_unwrap(&min_stat, 
+			      gensec_gssapi_state->gssapi_context, 
+			      &input_token,
+			      &output_token, 
+			      &conf_state,
+			      &qop_state);
+	if (GSS_ERROR(maj_stat)) {
+		DEBUG(1, ("gensec_gssapi_unwrap: GSS UnWrap failed: %s\n", 
+			  gssapi_error_string(mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	*out = data_blob_talloc(mem_ctx, output_token.value, output_token.length);
+	gss_release_buffer(&min_stat, &output_token);
+	
+	if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)
+	    && !conf_state) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+	return NT_STATUS_OK;
+}
+
+/* Find out the maximum input size negotiated on this connection */
+
+static size_t gensec_gssapi_max_input_size(struct gensec_security *gensec_security) 
+{
+	struct gensec_gssapi_state *gensec_gssapi_state
+		= talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state);
+	OM_uint32 maj_stat, min_stat;
+	OM_uint32 max_input_size;
+
+	maj_stat = gss_wrap_size_limit(&min_stat, 
+				       gensec_gssapi_state->gssapi_context,
+				       gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL),
+				       GSS_C_QOP_DEFAULT,
+				       gensec_gssapi_state->max_wrap_buf_size,
+				       &max_input_size);
+	if (GSS_ERROR(maj_stat)) {
+		TALLOC_CTX *mem_ctx = talloc_new(NULL); 
+		DEBUG(1, ("gensec_gssapi_max_input_size: determining signature size with gss_wrap_size_limit failed: %s\n",
+			  gssapi_error_string(mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
+		talloc_free(mem_ctx);
+		return 0;
+	}
+
+	return max_input_size;
+}
+
+/* Find out the maximum output size negotiated on this connection */
+static size_t gensec_gssapi_max_wrapped_size(struct gensec_security *gensec_security) 
+{
+	struct gensec_gssapi_state *gensec_gssapi_state = talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state);;
+	return gensec_gssapi_state->max_wrap_buf_size;
+}
+
+static NTSTATUS gensec_gssapi_seal_packet(struct gensec_security *gensec_security, 
+					  TALLOC_CTX *mem_ctx, 
+					  uint8_t *data, size_t length, 
+					  const uint8_t *whole_pdu, size_t pdu_length, 
+					  DATA_BLOB *sig)
+{
+	struct gensec_gssapi_state *gensec_gssapi_state
+		= talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state);
+	bool hdr_signing = false;
+	size_t sig_size = 0;
+	NTSTATUS status;
+
+	if (gensec_security->want_features & GENSEC_FEATURE_SIGN_PKT_HEADER) {
+		hdr_signing = true;
+	}
+
+	sig_size = gensec_gssapi_sig_size(gensec_security, length);
+
+	status = gssapi_seal_packet(gensec_gssapi_state->gssapi_context,
+				    gensec_gssapi_state->gss_oid,
+				    hdr_signing, sig_size,
+				    data, length,
+				    whole_pdu, pdu_length,
+				    mem_ctx, sig);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("gssapi_seal_packet(hdr_signing=%u,sig_size=%zu,"
+			  "data=%zu,pdu=%zu) failed: %s\n",
+			  hdr_signing, sig_size, length, pdu_length,
+			  nt_errstr(status)));
+		return status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS gensec_gssapi_unseal_packet(struct gensec_security *gensec_security, 
+					    uint8_t *data, size_t length, 
+					    const uint8_t *whole_pdu, size_t pdu_length,
+					    const DATA_BLOB *sig)
+{
+	struct gensec_gssapi_state *gensec_gssapi_state
+		= talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state);
+	bool hdr_signing = false;
+	NTSTATUS status;
+
+	if (gensec_security->want_features & GENSEC_FEATURE_SIGN_PKT_HEADER) {
+		hdr_signing = true;
+	}
+
+	status = gssapi_unseal_packet(gensec_gssapi_state->gssapi_context,
+				      gensec_gssapi_state->gss_oid,
+				      hdr_signing,
+				      data, length,
+				      whole_pdu, pdu_length,
+				      sig);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("gssapi_unseal_packet(hdr_signing=%u,sig_size=%zu,"
+			  "data=%zu,pdu=%zu) failed: %s\n",
+			  hdr_signing, sig->length, length, pdu_length,
+			  nt_errstr(status)));
+		return status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS gensec_gssapi_sign_packet(struct gensec_security *gensec_security, 
+					  TALLOC_CTX *mem_ctx, 
+					  const uint8_t *data, size_t length, 
+					  const uint8_t *whole_pdu, size_t pdu_length, 
+					  DATA_BLOB *sig)
+{
+	struct gensec_gssapi_state *gensec_gssapi_state
+		= talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state);
+	bool hdr_signing = false;
+	NTSTATUS status;
+
+	if (gensec_security->want_features & GENSEC_FEATURE_SIGN_PKT_HEADER) {
+		hdr_signing = true;
+	}
+
+	status = gssapi_sign_packet(gensec_gssapi_state->gssapi_context,
+				    gensec_gssapi_state->gss_oid,
+				    hdr_signing,
+				    data, length,
+				    whole_pdu, pdu_length,
+				    mem_ctx, sig);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("gssapi_sign_packet(hdr_signing=%u,"
+			  "data=%zu,pdu=%zu) failed: %s\n",
+			  hdr_signing, length, pdu_length,
+			  nt_errstr(status)));
+		return status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS gensec_gssapi_check_packet(struct gensec_security *gensec_security, 
+					   const uint8_t *data, size_t length, 
+					   const uint8_t *whole_pdu, size_t pdu_length, 
+					   const DATA_BLOB *sig)
+{
+	struct gensec_gssapi_state *gensec_gssapi_state
+		= talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state);
+	bool hdr_signing = false;
+	NTSTATUS status;
+
+	if (gensec_security->want_features & GENSEC_FEATURE_SIGN_PKT_HEADER) {
+		hdr_signing = true;
+	}
+
+	status = gssapi_check_packet(gensec_gssapi_state->gssapi_context,
+				     gensec_gssapi_state->gss_oid,
+				     hdr_signing,
+				     data, length,
+				     whole_pdu, pdu_length,
+				     sig);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("gssapi_check_packet(hdr_signing=%u,sig_size=%zu,"
+			  "data=%zu,pdu=%zu) failed: %s\n",
+			  hdr_signing, sig->length, length, pdu_length,
+			  nt_errstr(status)));
+		return status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/* Try to figure out what features we actually got on the connection */
+static bool gensec_gssapi_have_feature(struct gensec_security *gensec_security, 
+				       uint32_t feature) 
+{
+	struct gensec_gssapi_state *gensec_gssapi_state
+		= talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state);
+	if (feature & GENSEC_FEATURE_SIGN) {
+		/* If we are going GSSAPI SASL, then we honour the second negotiation */
+		if (gensec_gssapi_state->sasl 
+		    && gensec_gssapi_state->sasl_state == STAGE_DONE) {
+			return ((gensec_gssapi_state->sasl_protection & NEG_SIGN) 
+				&& (gensec_gssapi_state->gss_got_flags & GSS_C_INTEG_FLAG));
+		}
+		return gensec_gssapi_state->gss_got_flags & GSS_C_INTEG_FLAG;
+	}
+	if (feature & GENSEC_FEATURE_SEAL) {
+		/* If we are going GSSAPI SASL, then we honour the second negotiation */
+		if (gensec_gssapi_state->sasl 
+		    && gensec_gssapi_state->sasl_state == STAGE_DONE) {
+			return ((gensec_gssapi_state->sasl_protection & NEG_SEAL) 
+				 && (gensec_gssapi_state->gss_got_flags & GSS_C_CONF_FLAG));
+		}
+		return gensec_gssapi_state->gss_got_flags & GSS_C_CONF_FLAG;
+	}
+	if (feature & GENSEC_FEATURE_SESSION_KEY) {
+		/* Only for GSSAPI/Krb5 */
+		if (smb_gss_oid_equal(gensec_gssapi_state->gss_oid,
+				      gss_mech_krb5)) {
+			return true;
+		}
+	}
+	if (feature & GENSEC_FEATURE_DCE_STYLE) {
+		return gensec_gssapi_state->gss_got_flags & GSS_C_DCE_STYLE;
+	}
+	if (feature & GENSEC_FEATURE_NEW_SPNEGO) {
+		NTSTATUS status;
+		uint32_t keytype;
+
+		if (!(gensec_gssapi_state->gss_got_flags & GSS_C_INTEG_FLAG)) {
+			return false;
+		}
+
+		if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "force_new_spnego", false)) {
+			return true;
+		}
+		if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "disable_new_spnego", false)) {
+			return false;
+		}
+
+		status = gssapi_get_session_key(gensec_gssapi_state,
+						gensec_gssapi_state->gssapi_context, NULL, &keytype);
+		/* 
+		 * We should do a proper sig on the mechListMic unless
+		 * we know we have to be backwards compatible with
+		 * earlier windows versions.  
+		 * 
+		 * Negotiating a non-krb5
+		 * mech for example should be regarded as having
+		 * NEW_SPNEGO
+		 */
+		if (NT_STATUS_IS_OK(status)) {
+			switch (keytype) {
+			case ENCTYPE_DES_CBC_CRC:
+			case ENCTYPE_DES_CBC_MD5:
+			case ENCTYPE_ARCFOUR_HMAC:
+			case ENCTYPE_DES3_CBC_SHA1:
+				return false;
+			}
+		}
+		return true;
+	}
+	/* We can always do async (rather than strict request/reply) packets.  */
+	if (feature & GENSEC_FEATURE_ASYNC_REPLIES) {
+		return true;
+	}
+	if (feature & GENSEC_FEATURE_SIGN_PKT_HEADER) {
+		return true;
+	}
+	return false;
+}
+
+static NTTIME gensec_gssapi_expire_time(struct gensec_security *gensec_security)
+{
+	struct gensec_gssapi_state *gensec_gssapi_state =
+		talloc_get_type_abort(gensec_security->private_data,
+		struct gensec_gssapi_state);
+
+	return gensec_gssapi_state->expire_time;
+}
+
+/*
+ * Extract the 'session key' needed by SMB signing and ncacn_np
+ * (for encrypting some passwords).
+ * 
+ * This breaks all the abstractions, but what do you expect...
+ */
+static NTSTATUS gensec_gssapi_session_key(struct gensec_security *gensec_security, 
+					  TALLOC_CTX *mem_ctx,
+					  DATA_BLOB *session_key) 
+{
+	struct gensec_gssapi_state *gensec_gssapi_state
+		= talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state);
+	return gssapi_get_session_key(mem_ctx, gensec_gssapi_state->gssapi_context, session_key, NULL);
+}
+
+/* Get some basic (and authorization) information about the user on
+ * this session.  This uses either the PAC (if present) or a local
+ * database lookup */
+static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_security,
+					   TALLOC_CTX *mem_ctx,
+					   struct auth_session_info **_session_info) 
+{
+	NTSTATUS nt_status;
+	TALLOC_CTX *tmp_ctx;
+	struct gensec_gssapi_state *gensec_gssapi_state
+		= talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state);
+	struct auth_session_info *session_info = NULL;
+	OM_uint32 maj_stat, min_stat;
+	DATA_BLOB pac_blob, *pac_blob_ptr = NULL;
+
+	gss_buffer_desc name_token;
+	char *principal_string;
+	
+	tmp_ctx = talloc_named(mem_ctx, 0, "gensec_gssapi_session_info context");
+	NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
+
+	maj_stat = gss_display_name (&min_stat,
+				     gensec_gssapi_state->client_name,
+				     &name_token,
+				     NULL);
+	if (GSS_ERROR(maj_stat)) {
+		DEBUG(1, ("GSS display_name failed: %s\n",
+			  gssapi_error_string(tmp_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
+		talloc_free(tmp_ctx);
+		return NT_STATUS_FOOBAR;
+	}
+
+	principal_string = talloc_strndup(tmp_ctx,
+					  (const char *)name_token.value,
+					  name_token.length);
+
+	gss_release_buffer(&min_stat, &name_token);
+
+	if (!principal_string) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	nt_status = gssapi_obtain_pac_blob(tmp_ctx,  gensec_gssapi_state->gssapi_context,
+					   gensec_gssapi_state->client_name,
+					   &pac_blob);
+	
+	/* IF we have the PAC - otherwise we need to get this
+	 * data from elsewhere - local ldb, or (TODO) lookup of some
+	 * kind... 
+	 */
+	if (NT_STATUS_IS_OK(nt_status)) {
+		pac_blob_ptr = &pac_blob;
+	}
+	nt_status = gensec_generate_session_info_pac(tmp_ctx,
+						     gensec_security,
+						     gensec_gssapi_state->smb_krb5_context,
+						     pac_blob_ptr, principal_string,
+						     gensec_get_remote_address(gensec_security),
+						     &session_info);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(tmp_ctx);
+		return nt_status;
+	}
+
+	nt_status = gensec_gssapi_session_key(gensec_security, session_info, &session_info->session_key);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(tmp_ctx);
+		return nt_status;
+	}
+
+	if (gensec_gssapi_state->gss_got_flags & GSS_C_DELEG_FLAG &&
+	    gensec_gssapi_state->delegated_cred_handle != GSS_C_NO_CREDENTIAL) {
+		krb5_error_code ret;
+		const char *error_string;
+
+		DEBUG(10, ("gensec_gssapi: delegated credentials supplied by client\n"));
+
+		/*
+		 * Create anonymous credentials for now.
+		 *
+		 * We will update them with the provided client gss creds.
+		 */
+		session_info->credentials = cli_credentials_init_anon(session_info);
+		if (session_info->credentials == NULL) {
+			talloc_free(tmp_ctx);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		ret = cli_credentials_set_client_gss_creds(session_info->credentials, 
+							   gensec_security->settings->lp_ctx,
+							   gensec_gssapi_state->delegated_cred_handle,
+							   CRED_SPECIFIED, &error_string);
+		if (ret) {
+			talloc_free(tmp_ctx);
+			DEBUG(2,("Failed to get gss creds: %s\n", error_string));
+			return NT_STATUS_NO_MEMORY;
+		}
+		
+		/* This credential handle isn't useful for password authentication, so ensure nobody tries to do that */
+		cli_credentials_set_kerberos_state(session_info->credentials,
+						   CRED_USE_KERBEROS_REQUIRED,
+						   CRED_SPECIFIED);
+
+		/* It has been taken from this place... */
+		gensec_gssapi_state->delegated_cred_handle = GSS_C_NO_CREDENTIAL;
+	} else {
+		DEBUG(10, ("gensec_gssapi: NO delegated credentials supplied by client\n"));
+	}
+
+	*_session_info = talloc_steal(mem_ctx, session_info);
+	talloc_free(tmp_ctx);
+
+	return NT_STATUS_OK;
+}
+
+static size_t gensec_gssapi_sig_size(struct gensec_security *gensec_security, size_t data_size)
+{
+	struct gensec_gssapi_state *gensec_gssapi_state
+		= talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state);
+	size_t sig_size;
+
+	if (gensec_gssapi_state->sig_size > 0) {
+		return gensec_gssapi_state->sig_size;
+	}
+
+	sig_size = gssapi_get_sig_size(gensec_gssapi_state->gssapi_context,
+				       gensec_gssapi_state->gss_oid,
+				       gensec_gssapi_state->gss_got_flags,
+				       data_size);
+
+	gensec_gssapi_state->sig_size = sig_size;
+	return gensec_gssapi_state->sig_size;
+}
+
+static const char *gensec_gssapi_final_auth_type(struct gensec_security *gensec_security)
+{
+	struct gensec_gssapi_state *gensec_gssapi_state
+		= talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state);
+	/* Only return the string for GSSAPI/Krb5 */
+	if (smb_gss_oid_equal(gensec_gssapi_state->gss_oid,
+			      gss_mech_krb5)) {
+		return GENSEC_FINAL_AUTH_TYPE_KRB5;
+	} else {
+		return "gensec_gssapi: UNKNOWN MECH";
+	}
+}
+
+static const char *gensec_gssapi_krb5_oids[] = { 
+	GENSEC_OID_KERBEROS5_OLD,
+	GENSEC_OID_KERBEROS5,
+	NULL 
+};
+
+static const char *gensec_gssapi_spnego_oids[] = { 
+	GENSEC_OID_SPNEGO,
+	NULL 
+};
+
+/* As a server, this could in theory accept any GSSAPI mech */
+static const struct gensec_security_ops gensec_gssapi_spnego_security_ops = {
+	.name		= "gssapi_spnego",
+	.sasl_name	= "GSS-SPNEGO",
+	.auth_type	= DCERPC_AUTH_TYPE_SPNEGO,
+	.oid            = gensec_gssapi_spnego_oids,
+	.client_start   = gensec_gssapi_client_start,
+	.server_start   = gensec_gssapi_server_start,
+	.magic  	= gensec_magic_check_krb5_oid,
+	.update_send	= gensec_gssapi_update_send,
+	.update_recv	= gensec_gssapi_update_recv,
+	.session_key	= gensec_gssapi_session_key,
+	.session_info	= gensec_gssapi_session_info,
+	.sign_packet	= gensec_gssapi_sign_packet,
+	.check_packet	= gensec_gssapi_check_packet,
+	.seal_packet	= gensec_gssapi_seal_packet,
+	.unseal_packet	= gensec_gssapi_unseal_packet,
+	.max_input_size	  = gensec_gssapi_max_input_size,
+	.max_wrapped_size = gensec_gssapi_max_wrapped_size,
+	.wrap           = gensec_gssapi_wrap,
+	.unwrap         = gensec_gssapi_unwrap,
+	.have_feature   = gensec_gssapi_have_feature,
+	.expire_time    = gensec_gssapi_expire_time,
+	.final_auth_type = gensec_gssapi_final_auth_type,
+	.enabled        = false,
+	.kerberos       = true,
+	.priority       = GENSEC_GSSAPI
+};
+
+/* As a server, this could in theory accept any GSSAPI mech */
+static const struct gensec_security_ops gensec_gssapi_krb5_security_ops = {
+	.name		= "gssapi_krb5",
+	.auth_type	= DCERPC_AUTH_TYPE_KRB5,
+	.oid            = gensec_gssapi_krb5_oids,
+	.client_start   = gensec_gssapi_client_start,
+	.server_start   = gensec_gssapi_server_start,
+	.magic  	= gensec_magic_check_krb5_oid,
+	.update_send	= gensec_gssapi_update_send,
+	.update_recv	= gensec_gssapi_update_recv,
+	.session_key	= gensec_gssapi_session_key,
+	.session_info	= gensec_gssapi_session_info,
+	.sig_size	= gensec_gssapi_sig_size,
+	.sign_packet	= gensec_gssapi_sign_packet,
+	.check_packet	= gensec_gssapi_check_packet,
+	.seal_packet	= gensec_gssapi_seal_packet,
+	.unseal_packet	= gensec_gssapi_unseal_packet,
+	.max_input_size	  = gensec_gssapi_max_input_size,
+	.max_wrapped_size = gensec_gssapi_max_wrapped_size,
+	.wrap           = gensec_gssapi_wrap,
+	.unwrap         = gensec_gssapi_unwrap,
+	.have_feature   = gensec_gssapi_have_feature,
+	.expire_time    = gensec_gssapi_expire_time,
+	.final_auth_type = gensec_gssapi_final_auth_type,
+	.enabled        = true,
+	.kerberos       = true,
+	.priority       = GENSEC_GSSAPI
+};
+
+/* As a server, this could in theory accept any GSSAPI mech */
+static const struct gensec_security_ops gensec_gssapi_sasl_krb5_security_ops = {
+	.name		  = "gssapi_krb5_sasl",
+	.sasl_name        = "GSSAPI",
+	.client_start     = gensec_gssapi_sasl_client_start,
+	.server_start     = gensec_gssapi_sasl_server_start,
+	.update_send      = gensec_gssapi_update_send,
+	.update_recv      = gensec_gssapi_update_recv,
+	.session_key	  = gensec_gssapi_session_key,
+	.session_info	  = gensec_gssapi_session_info,
+	.max_input_size	  = gensec_gssapi_max_input_size,
+	.max_wrapped_size = gensec_gssapi_max_wrapped_size,
+	.wrap             = gensec_gssapi_wrap,
+	.unwrap           = gensec_gssapi_unwrap,
+	.have_feature     = gensec_gssapi_have_feature,
+	.expire_time      = gensec_gssapi_expire_time,
+	.final_auth_type = gensec_gssapi_final_auth_type,
+	.enabled          = true,
+	.kerberos         = true,
+	.priority         = GENSEC_GSSAPI
+};
+
+_PUBLIC_ NTSTATUS gensec_gssapi_init(TALLOC_CTX *ctx)
+{
+	NTSTATUS ret;
+
+	ret = gensec_register(ctx, &gensec_gssapi_spnego_security_ops);
+	if (!NT_STATUS_IS_OK(ret)) {
+		DEBUG(0,("Failed to register '%s' gensec backend!\n",
+			gensec_gssapi_spnego_security_ops.name));
+		return ret;
+	}
+
+	ret = gensec_register(ctx, &gensec_gssapi_krb5_security_ops);
+	if (!NT_STATUS_IS_OK(ret)) {
+		DEBUG(0,("Failed to register '%s' gensec backend!\n",
+			gensec_gssapi_krb5_security_ops.name));
+		return ret;
+	}
+
+	ret = gensec_register(ctx, &gensec_gssapi_sasl_krb5_security_ops);
+	if (!NT_STATUS_IS_OK(ret)) {
+		DEBUG(0,("Failed to register '%s' gensec backend!\n",
+			gensec_gssapi_sasl_krb5_security_ops.name));
+		return ret;
+	}
+
+	return ret;
+}
diff --git a/source4/auth/gensec/gensec_gssapi.h b/source4/auth/gensec/gensec_gssapi.h
new file mode 100644
index 0000000..d788b5e
--- /dev/null
+++ b/source4/auth/gensec/gensec_gssapi.h
@@ -0,0 +1,69 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Kerberos backend for GENSEC
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
+   Copyright (C) Stefan Metzmacher <metze@samba.org> 2004-2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/* This structure described here, so the RPC-PAC test can get at the PAC provided */
+
+enum gensec_gssapi_sasl_state
+{
+	STAGE_GSS_NEG,
+	STAGE_SASL_SSF_NEG,
+	STAGE_SASL_SSF_ACCEPT,
+	STAGE_DONE
+};
+
+#define NEG_SEAL 0x4
+#define NEG_SIGN 0x2
+#define NEG_NONE 0x1
+
+struct gensec_gssapi_state {
+	gss_ctx_id_t gssapi_context;
+	gss_name_t server_name;
+	gss_name_t client_name;
+	OM_uint32 gss_want_flags, gss_got_flags;
+
+	gss_cred_id_t delegated_cred_handle;
+
+	NTTIME expire_time;
+
+	/* gensec_gssapi only */
+	gss_OID gss_oid;
+
+	struct gss_channel_bindings_struct *input_chan_bindings;
+	struct smb_krb5_context *smb_krb5_context;
+	struct gssapi_creds_container *client_cred;
+	struct gssapi_creds_container *server_cred;
+
+	bool sasl; /* We have two different mechs in this file: One
+		    * for SASL wrapped GSSAPI and another for normal
+		    * GSSAPI */
+	enum gensec_gssapi_sasl_state sasl_state;
+	uint8_t sasl_protection; /* What was negotiated at the SASL
+				  * layer, independent of the GSSAPI
+				  * layer... */
+
+	size_t max_wrap_buf_size;
+	int gss_exchange_count;
+	size_t sig_size;
+
+	char *target_principal;
+};
diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
new file mode 100644
index 0000000..5b4fd09
--- /dev/null
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -0,0 +1,1133 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Kerberos backend for GENSEC
+   
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004
+   Copyright (C) Andrew Tridgell 2001
+   Copyright (C) Luke Howard 2002-2003
+   Copyright (C) Stefan Metzmacher 2004-2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <tevent.h>
+#include "lib/util/tevent_ntstatus.h"
+#include "system/kerberos.h"
+#include "auth/kerberos/kerberos.h"
+#include "auth/auth.h"
+#include "lib/tsocket/tsocket.h"
+#include "librpc/gen_ndr/dcerpc.h"
+#include "auth/credentials/credentials.h"
+#include "auth/credentials/credentials_krb5.h"
+#include "auth/kerberos/kerberos_credentials.h"
+#include "auth/gensec/gensec.h"
+#include "auth/gensec/gensec_internal.h"
+#include "auth/gensec/gensec_proto.h"
+#include "auth/gensec/gensec_toplevel_proto.h"
+#include "param/param.h"
+#include "auth/auth_sam_reply.h"
+#include "lib/util/util_net.h"
+#include "../lib/util/asn1.h"
+#include "auth/kerberos/pac_utils.h"
+#include "gensec_krb5.h"
+#include "gensec_krb5_internal.h"
+#include "gensec_krb5_helpers.h"
+
+_PUBLIC_ NTSTATUS gensec_krb5_init(TALLOC_CTX *);
+
+static int gensec_krb5_destroy(struct gensec_krb5_state *gensec_krb5_state)
+{
+	if (!gensec_krb5_state->smb_krb5_context) {
+		/* We can't clean anything else up unless we started up this far */
+		return 0;
+	}
+	if (gensec_krb5_state->enc_ticket.length) { 
+		smb_krb5_free_data_contents(gensec_krb5_state->smb_krb5_context->krb5_context,
+					    &gensec_krb5_state->enc_ticket); 
+	}
+
+	if (gensec_krb5_state->ticket) {
+		krb5_free_ticket(gensec_krb5_state->smb_krb5_context->krb5_context, 
+				 gensec_krb5_state->ticket);
+	}
+
+	/* ccache freed in a child destructor */
+
+	krb5_free_keyblock(gensec_krb5_state->smb_krb5_context->krb5_context, 
+			   gensec_krb5_state->keyblock);
+		
+	if (gensec_krb5_state->auth_context) {
+		krb5_auth_con_free(gensec_krb5_state->smb_krb5_context->krb5_context, 
+				   gensec_krb5_state->auth_context);
+	}
+
+	return 0;
+}
+
+static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security, bool gssapi)
+{
+	krb5_error_code ret;
+	struct gensec_krb5_state *gensec_krb5_state;
+	struct cli_credentials *creds;
+	const struct tsocket_address *tlocal_addr, *tremote_addr;
+	krb5_address my_krb5_addr, peer_krb5_addr;
+	
+	creds = gensec_get_credentials(gensec_security);
+	if (!creds) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	gensec_krb5_state = talloc_zero(gensec_security, struct gensec_krb5_state);
+	if (!gensec_krb5_state) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	gensec_security->private_data = gensec_krb5_state;
+	gensec_krb5_state->gssapi = gssapi;
+
+	talloc_set_destructor(gensec_krb5_state, gensec_krb5_destroy); 
+
+	if (cli_credentials_get_krb5_context(creds, 
+					     gensec_security->settings->lp_ctx, &gensec_krb5_state->smb_krb5_context)) {
+		talloc_free(gensec_krb5_state);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	ret = krb5_auth_con_init(gensec_krb5_state->smb_krb5_context->krb5_context, &gensec_krb5_state->auth_context);
+	if (ret) {
+		DEBUG(1,("gensec_krb5_start: krb5_auth_con_init failed (%s)\n", 
+			 smb_get_krb5_error_message(gensec_krb5_state->smb_krb5_context->krb5_context, 
+						    ret, gensec_krb5_state)));
+		talloc_free(gensec_krb5_state);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	ret = krb5_auth_con_setflags(gensec_krb5_state->smb_krb5_context->krb5_context, 
+				     gensec_krb5_state->auth_context,
+				     KRB5_AUTH_CONTEXT_DO_SEQUENCE);
+	if (ret) {
+		DEBUG(1,("gensec_krb5_start: krb5_auth_con_setflags failed (%s)\n", 
+			 smb_get_krb5_error_message(gensec_krb5_state->smb_krb5_context->krb5_context, 
+						    ret, gensec_krb5_state)));
+		talloc_free(gensec_krb5_state);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	tlocal_addr = gensec_get_local_address(gensec_security);
+	if (tlocal_addr) {
+		ssize_t sockaddr_ret;
+		struct samba_sockaddr addr;
+		bool ok;
+
+		addr.sa_socklen = sizeof(addr.u);
+		sockaddr_ret = tsocket_address_bsd_sockaddr(
+			tlocal_addr, &addr.u.sa, addr.sa_socklen);
+		if (sockaddr_ret < 0) {
+			talloc_free(gensec_krb5_state);
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+		addr.sa_socklen = sockaddr_ret;
+		ok = smb_krb5_sockaddr_to_kaddr(&addr.u.ss, &my_krb5_addr);
+		if (!ok) {
+			DBG_WARNING("smb_krb5_sockaddr_to_kaddr (local) failed\n");
+			talloc_free(gensec_krb5_state);
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+	}
+
+	tremote_addr = gensec_get_remote_address(gensec_security);
+	if (tremote_addr) {
+		ssize_t sockaddr_ret;
+		struct samba_sockaddr addr;
+		bool ok;
+
+		addr.sa_socklen = sizeof(addr.u);
+		sockaddr_ret = tsocket_address_bsd_sockaddr(
+			tremote_addr, &addr.u.sa, addr.sa_socklen);
+		if (sockaddr_ret < 0) {
+			talloc_free(gensec_krb5_state);
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+		addr.sa_socklen = sockaddr_ret;
+		ok = smb_krb5_sockaddr_to_kaddr(&addr.u.ss, &peer_krb5_addr);
+		if (!ok) {
+			DBG_WARNING("smb_krb5_sockaddr_to_kaddr (remote) failed\n");
+			talloc_free(gensec_krb5_state);
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+	}
+
+	ret = krb5_auth_con_setaddrs(gensec_krb5_state->smb_krb5_context->krb5_context, 
+				     gensec_krb5_state->auth_context,
+				     tlocal_addr ? &my_krb5_addr : NULL,
+				     tremote_addr ? &peer_krb5_addr : NULL);
+	if (ret) {
+		DEBUG(1,("gensec_krb5_start: krb5_auth_con_setaddrs failed (%s)\n", 
+			 smb_get_krb5_error_message(gensec_krb5_state->smb_krb5_context->krb5_context, 
+						    ret, gensec_krb5_state)));
+		talloc_free(gensec_krb5_state);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS gensec_krb5_common_server_start(struct gensec_security *gensec_security, bool gssapi)
+{
+	NTSTATUS nt_status;
+	struct gensec_krb5_state *gensec_krb5_state;
+
+	nt_status = gensec_krb5_start(gensec_security, gssapi);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		return nt_status;
+	}
+	
+	gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data;
+	gensec_krb5_state->state_position = GENSEC_KRB5_SERVER_START;
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS gensec_krb5_server_start(struct gensec_security *gensec_security)
+{
+	return gensec_krb5_common_server_start(gensec_security, false);
+}
+
+static NTSTATUS gensec_fake_gssapi_krb5_server_start(struct gensec_security *gensec_security)
+{
+	return gensec_krb5_common_server_start(gensec_security, true);
+}
+
+static NTSTATUS gensec_krb5_common_client_start(struct gensec_security *gensec_security, bool gssapi)
+{
+	const char *hostname;
+	struct gensec_krb5_state *gensec_krb5_state;
+	NTSTATUS nt_status;
+	hostname = gensec_get_target_hostname(gensec_security);
+	if (!hostname) {
+		DEBUG(3, ("No hostname for target computer passed in, cannot use kerberos for this connection\n"));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+	if (is_ipaddress(hostname)) {
+		DEBUG(2, ("Cannot do krb5 to an IP address\n"));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+	if (strcmp(hostname, "localhost") == 0) {
+		DEBUG(2, ("krb5 to 'localhost' does not make sense\n"));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+			
+	nt_status = gensec_krb5_start(gensec_security, gssapi);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		return nt_status;
+	}
+
+	gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data;
+	gensec_krb5_state->state_position = GENSEC_KRB5_CLIENT_START;
+	gensec_krb5_state->ap_req_options = AP_OPTS_USE_SUBKEY;
+
+	if (gensec_krb5_state->gssapi) {
+		/* The Fake GSSAPI model emulates Samba3, which does not do mutual authentication */
+		if (gensec_setting_bool(gensec_security->settings, "gensec_fake_gssapi_krb5", "mutual", false)) {
+			gensec_krb5_state->ap_req_options |= AP_OPTS_MUTUAL_REQUIRED;
+		}
+	} else {
+		/* The wrapping for KPASSWD (a user of the raw KRB5 API) should be mutually authenticated */
+		if (gensec_setting_bool(gensec_security->settings, "gensec_krb5", "mutual", true)) {
+			gensec_krb5_state->ap_req_options |= AP_OPTS_MUTUAL_REQUIRED;
+		}
+	}
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_security,
+						struct tevent_context *ev)
+{
+	struct gensec_krb5_state *gensec_krb5_state;
+	krb5_error_code ret;
+	struct ccache_container *ccache_container;
+	const char *error_string;
+	const char *principal;
+	const char *hostname;
+	krb5_data in_data = { .length = 0 };
+	krb5_data *in_data_p = NULL;
+#ifdef SAMBA4_USES_HEIMDAL
+	struct tevent_context *previous_ev;
+#endif
+
+	if (lpcfg_parm_bool(gensec_security->settings->lp_ctx,
+			    NULL, "gensec_krb5", "send_authenticator_checksum", true)) {
+		in_data_p = &in_data;
+	}
+	
+	gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data;
+
+	principal = gensec_get_target_principal(gensec_security);
+	hostname = gensec_get_target_hostname(gensec_security);
+
+	ret = cli_credentials_get_ccache(gensec_get_credentials(gensec_security), 
+				         ev,
+					 gensec_security->settings->lp_ctx, &ccache_container, &error_string);
+	switch (ret) {
+	case 0:
+		break;
+	case KRB5KDC_ERR_PREAUTH_FAILED:
+	case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN:
+		return NT_STATUS_LOGON_FAILURE;
+	case KRB5_KDC_UNREACH:
+		DEBUG(3, ("Cannot reach a KDC we require to contact %s: %s\n", principal, error_string));
+		return NT_STATUS_INVALID_PARAMETER; /* Make SPNEGO ignore us, we can't go any further here */
+	case KRB5_CC_NOTFOUND:
+	case KRB5_CC_END:
+		DEBUG(3, ("Error preparing credentials we require to contact %s : %s\n", principal, error_string));
+		return NT_STATUS_INVALID_PARAMETER; /* Make SPNEGO ignore us, we can't go any further here */
+	default:
+		DEBUG(1, ("gensec_krb5_start: Acquiring initiator credentials failed: %s\n", error_string));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	
+#ifdef SAMBA4_USES_HEIMDAL
+	/* Do this every time, in case we have weird recursive issues here */
+	ret = smb_krb5_context_set_event_ctx(gensec_krb5_state->smb_krb5_context, ev, &previous_ev);
+	if (ret != 0) {
+		DEBUG(1, ("gensec_krb5_start: Setting event context failed\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
+#endif
+	if (principal) {
+		krb5_principal target_principal;
+		ret = krb5_parse_name(gensec_krb5_state->smb_krb5_context->krb5_context, principal,
+				      &target_principal);
+		if (ret == 0) {
+			krb5_creds this_cred;
+			krb5_creds *cred;
+
+			ZERO_STRUCT(this_cred);
+			ret = krb5_cc_get_principal(gensec_krb5_state->smb_krb5_context->krb5_context,
+						    ccache_container->ccache,
+						    &this_cred.client);
+			if (ret != 0) {
+				krb5_free_principal(gensec_krb5_state->smb_krb5_context->krb5_context,
+						    target_principal);
+				return NT_STATUS_UNSUCCESSFUL;
+			}
+
+			ret = krb5_copy_principal(gensec_krb5_state->smb_krb5_context->krb5_context,
+						  target_principal,
+						  &this_cred.server);
+			krb5_free_principal(gensec_krb5_state->smb_krb5_context->krb5_context,
+					    target_principal);
+			if (ret != 0) {
+				krb5_free_cred_contents(gensec_krb5_state->smb_krb5_context->krb5_context,
+							&this_cred);
+				return NT_STATUS_UNSUCCESSFUL;
+			}
+			this_cred.times.endtime = 0;
+
+			ret = krb5_get_credentials(gensec_krb5_state->smb_krb5_context->krb5_context,
+						   0,
+						   ccache_container->ccache,
+						   &this_cred,
+						   &cred);
+			krb5_free_cred_contents(gensec_krb5_state->smb_krb5_context->krb5_context,
+						&this_cred);
+			if (ret != 0) {
+				return NT_STATUS_UNSUCCESSFUL;
+			}
+
+			ret = krb5_mk_req_extended(gensec_krb5_state->smb_krb5_context->krb5_context,
+						   &gensec_krb5_state->auth_context,
+						   gensec_krb5_state->ap_req_options,
+						   in_data_p,
+						   cred,
+						   &gensec_krb5_state->enc_ticket);
+		}
+	} else {
+		ret = krb5_mk_req(gensec_krb5_state->smb_krb5_context->krb5_context, 
+				  &gensec_krb5_state->auth_context,
+				  gensec_krb5_state->ap_req_options,
+				  discard_const_p(char, gensec_get_target_service(gensec_security)),
+				  discard_const_p(char, hostname),
+				  in_data_p, ccache_container->ccache, 
+				  &gensec_krb5_state->enc_ticket);
+	}
+
+#ifdef SAMBA4_USES_HEIMDAL
+	smb_krb5_context_remove_event_ctx(gensec_krb5_state->smb_krb5_context, previous_ev, ev);
+#endif
+
+	switch (ret) {
+	case 0:
+		return NT_STATUS_OK;
+	case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN:
+		DEBUG(3, ("Server [%s] is not registered with our KDC: %s\n", 
+			  hostname, smb_get_krb5_error_message(gensec_krb5_state->smb_krb5_context->krb5_context, ret, gensec_krb5_state)));
+		return NT_STATUS_INVALID_PARAMETER; /* Make SPNEGO ignore us, we can't go any further here */
+	case KRB5_KDC_UNREACH:
+		DEBUG(3, ("Cannot reach a KDC we require to contact host [%s]: %s\n",
+			  hostname, smb_get_krb5_error_message(gensec_krb5_state->smb_krb5_context->krb5_context, ret, gensec_krb5_state)));
+		return NT_STATUS_INVALID_PARAMETER; /* Make SPNEGO ignore us, we can't go any further here */
+	case KRB5KDC_ERR_PREAUTH_FAILED:
+	case KRB5KRB_AP_ERR_TKT_EXPIRED:
+	case KRB5_CC_END:
+		/* Too much clock skew - we will need to kinit to re-skew the clock */
+	case KRB5KRB_AP_ERR_SKEW:
+	case KRB5_KDCREP_SKEW:
+		DEBUG(3, ("kerberos (mk_req) failed: %s\n", 
+			  smb_get_krb5_error_message(gensec_krb5_state->smb_krb5_context->krb5_context, ret, gensec_krb5_state)));
+		FALL_THROUGH;
+	/* just don't print a message for these really ordinary messages */
+	case KRB5_FCC_NOFILE:
+	case KRB5_CC_NOTFOUND:
+	case ENOENT:
+		
+		return NT_STATUS_UNSUCCESSFUL;
+		break;
+		
+	default:
+		DEBUG(0, ("kerberos: %s\n", 
+			  smb_get_krb5_error_message(gensec_krb5_state->smb_krb5_context->krb5_context, ret, gensec_krb5_state)));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+}
+
+static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security)
+{
+	return gensec_krb5_common_client_start(gensec_security, false);
+}
+
+static NTSTATUS gensec_fake_gssapi_krb5_client_start(struct gensec_security *gensec_security)
+{
+	return gensec_krb5_common_client_start(gensec_security, true);
+}
+
+
+/*
+  generate a krb5 GSS-API wrapper packet given a ticket
+*/
+static DATA_BLOB gensec_gssapi_gen_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *ticket, const uint8_t tok_id[2])
+{
+	struct asn1_data *data;
+	DATA_BLOB ret = data_blob_null;
+
+	data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
+	if (!data || !ticket->data) {
+		return ret;
+	}
+
+	if (!asn1_push_tag(data, ASN1_APPLICATION(0))) goto err;
+	if (!asn1_write_OID(data, GENSEC_OID_KERBEROS5)) goto err;
+
+	if (!asn1_write(data, tok_id, 2)) goto err;
+	if (!asn1_write(data, ticket->data, ticket->length)) goto err;
+	if (!asn1_pop_tag(data)) goto err;
+
+
+	if (!asn1_extract_blob(data, mem_ctx, &ret)) {
+		goto err;
+	}
+	asn1_free(data);
+
+	return ret;
+
+  err:
+
+	DEBUG(1, ("Failed to build krb5 wrapper at offset %d\n",
+		  (int)asn1_current_ofs(data)));
+	asn1_free(data);
+	return ret;
+}
+
+/*
+  parse a krb5 GSS-API wrapper packet giving a ticket
+*/
+static bool gensec_gssapi_parse_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, DATA_BLOB *ticket, uint8_t tok_id[2])
+{
+	bool ret = false;
+	struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
+	int data_remaining;
+
+	if (!data) {
+		return false;
+	}
+
+	if (!asn1_load(data, *blob)) goto err;
+	if (!asn1_start_tag(data, ASN1_APPLICATION(0))) goto err;
+	if (!asn1_check_OID(data, GENSEC_OID_KERBEROS5)) goto err;
+
+	data_remaining = asn1_tag_remaining(data);
+
+	if (data_remaining < 3) {
+		asn1_set_error(data);
+	} else {
+		if (!asn1_read(data, tok_id, 2)) goto err;
+		data_remaining -= 2;
+		*ticket = data_blob_talloc(mem_ctx, NULL, data_remaining);
+		if (!asn1_read(data, ticket->data, ticket->length)) goto err;
+	}
+
+	if (!asn1_end_tag(data)) goto err;
+
+	ret = !asn1_has_error(data);
+
+  err:
+
+	asn1_free(data);
+
+	return ret;
+}
+
+static NTSTATUS gensec_krb5_update_internal(struct gensec_security *gensec_security,
+					    TALLOC_CTX *out_mem_ctx,
+					    struct tevent_context *ev,
+					    const DATA_BLOB in, DATA_BLOB *out)
+{
+	struct gensec_krb5_state *gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data;
+	krb5_error_code ret = 0;
+	NTSTATUS nt_status;
+
+	switch (gensec_krb5_state->state_position) {
+	case GENSEC_KRB5_CLIENT_START:
+	{
+		DATA_BLOB unwrapped_out;
+		
+		nt_status = gensec_krb5_common_client_creds(gensec_security, ev);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			return nt_status;
+		}
+
+		if (gensec_krb5_state->gssapi) {
+			unwrapped_out = data_blob_talloc(out_mem_ctx, gensec_krb5_state->enc_ticket.data, gensec_krb5_state->enc_ticket.length);
+			
+			/* wrap that up in a nice GSS-API wrapping */
+			*out = gensec_gssapi_gen_krb5_wrap(out_mem_ctx, &unwrapped_out, TOK_ID_KRB_AP_REQ);
+		} else {
+			*out = data_blob_talloc(out_mem_ctx, gensec_krb5_state->enc_ticket.data, gensec_krb5_state->enc_ticket.length);
+		}
+		if (gensec_krb5_state->ap_req_options & AP_OPTS_MUTUAL_REQUIRED) {
+			gensec_krb5_state->state_position = GENSEC_KRB5_CLIENT_MUTUAL_AUTH;
+			nt_status = NT_STATUS_MORE_PROCESSING_REQUIRED;
+		} else {
+			gensec_krb5_state->state_position = GENSEC_KRB5_DONE;
+			nt_status = NT_STATUS_OK;
+		}
+		return nt_status;
+	}
+		
+	case GENSEC_KRB5_CLIENT_MUTUAL_AUTH:
+	{
+		DATA_BLOB unwrapped_in;
+		krb5_data inbuf;
+		krb5_ap_rep_enc_part *repl = NULL;
+		uint8_t tok_id[2];
+
+		if (gensec_krb5_state->gssapi) {
+			if (!gensec_gssapi_parse_krb5_wrap(out_mem_ctx, &in, &unwrapped_in, tok_id)) {
+				DEBUG(1,("gensec_gssapi_parse_krb5_wrap(mutual authentication) failed to parse\n"));
+				dump_data_pw("Mutual authentication message:\n", in.data, in.length);
+				return NT_STATUS_INVALID_PARAMETER;
+			}
+		} else {
+			unwrapped_in = in;
+		}
+		/* TODO: check the tok_id */
+
+		inbuf.data = (char *)unwrapped_in.data;
+		inbuf.length = unwrapped_in.length;
+		ret = krb5_rd_rep(gensec_krb5_state->smb_krb5_context->krb5_context, 
+				  gensec_krb5_state->auth_context,
+				  &inbuf, &repl);
+		if (ret) {
+			DEBUG(1,("krb5_rd_rep (mutual authentication) failed (%s)\n",
+				 smb_get_krb5_error_message(gensec_krb5_state->smb_krb5_context->krb5_context, ret, out_mem_ctx)));
+			dump_data_pw("Mutual authentication message:\n", (uint8_t *)inbuf.data, inbuf.length);
+			nt_status = NT_STATUS_ACCESS_DENIED;
+		} else {
+			*out = data_blob(NULL, 0);
+			nt_status = NT_STATUS_OK;
+			gensec_krb5_state->state_position = GENSEC_KRB5_DONE;
+		}
+		if (repl) {
+			krb5_free_ap_rep_enc_part(gensec_krb5_state->smb_krb5_context->krb5_context, repl);
+		}
+		return nt_status;
+	}
+
+	case GENSEC_KRB5_SERVER_START:
+	{
+		DATA_BLOB unwrapped_in;
+		DATA_BLOB unwrapped_out = data_blob(NULL, 0);
+		krb5_data inbuf, outbuf;
+		uint8_t tok_id[2];
+		struct keytab_container *keytab;
+		krb5_principal server_in_keytab;
+		const char *error_string;
+		enum credentials_obtained obtained;
+
+		if (!in.data) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}	
+
+		/* Grab the keytab, however generated */
+		ret = cli_credentials_get_keytab(gensec_get_credentials(gensec_security), 
+						 gensec_security->settings->lp_ctx, &keytab);
+		if (ret) {
+			return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+		}
+		
+		/* This ensures we lookup the correct entry in that
+		 * keytab.  A NULL principal is acceptable, and means
+		 * that the krb5 libs should search the keytab at
+		 * accept time for any matching key */
+		ret = principal_from_credentials(out_mem_ctx, gensec_get_credentials(gensec_security), 
+						 gensec_krb5_state->smb_krb5_context, 
+						 &server_in_keytab, &obtained, &error_string);
+
+		if (ret) {
+			DEBUG(2,("Failed to make credentials from principal: %s\n", error_string));
+			return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+		}
+
+		if (keytab->password_based || obtained < CRED_SPECIFIED) {
+			/* 
+			 * Use match-by-key in this case (matches
+			 * cli_credentials_get_server_gss_creds()
+			 * behaviour).  No need to free the memory,
+			 * this is handled with a talloc destructor.
+			 */
+			server_in_keytab = NULL;
+		}
+
+		/* Parse the GSSAPI wrapping, if it's there... (win2k3 allows it to be omitted) */
+		if (gensec_krb5_state->gssapi
+		    && gensec_gssapi_parse_krb5_wrap(out_mem_ctx, &in, &unwrapped_in, tok_id)) {
+			inbuf.data = (char *)unwrapped_in.data;
+			inbuf.length = unwrapped_in.length;
+		} else {
+			inbuf.data = (char *)in.data;
+			inbuf.length = in.length;
+		}
+
+		ret = smb_krb5_rd_req_decoded(gensec_krb5_state->smb_krb5_context->krb5_context,
+					      &gensec_krb5_state->auth_context,
+					      &inbuf,
+					      keytab->keytab,
+					      server_in_keytab,
+					      &outbuf,
+					      &gensec_krb5_state->ticket,
+					      &gensec_krb5_state->keyblock);
+
+		if (ret) {
+			DBG_WARNING("smb_krb5_rd_req_decoded failed\n");
+			return NT_STATUS_LOGON_FAILURE;
+		}
+		unwrapped_out.data = (uint8_t *)outbuf.data;
+		unwrapped_out.length = outbuf.length;
+		gensec_krb5_state->state_position = GENSEC_KRB5_DONE;
+		/* wrap that up in a nice GSS-API wrapping */
+		if (gensec_krb5_state->gssapi) {
+			*out = gensec_gssapi_gen_krb5_wrap(out_mem_ctx, &unwrapped_out, TOK_ID_KRB_AP_REP);
+		} else {
+			*out = data_blob_talloc(out_mem_ctx, outbuf.data, outbuf.length);
+		}
+		smb_krb5_free_data_contents(gensec_krb5_state->smb_krb5_context->krb5_context,
+					    &outbuf);
+		return NT_STATUS_OK;
+	}
+
+	case GENSEC_KRB5_DONE:
+	default:
+		/* Asking too many times... */
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+}
+
+struct gensec_krb5_update_state {
+	NTSTATUS status;
+	DATA_BLOB out;
+};
+
+static struct tevent_req *gensec_krb5_update_send(TALLOC_CTX *mem_ctx,
+						  struct tevent_context *ev,
+						  struct gensec_security *gensec_security,
+						  const DATA_BLOB in)
+{
+	struct tevent_req *req = NULL;
+	struct gensec_krb5_update_state *state = NULL;
+	NTSTATUS status;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct gensec_krb5_update_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	status = gensec_krb5_update_internal(gensec_security,
+					     state, ev, in,
+					     &state->out);
+	state->status = status;
+	if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+		tevent_req_done(req);
+		return tevent_req_post(req, ev);
+	}
+	if (tevent_req_nterror(req, status)) {
+		return tevent_req_post(req, ev);
+	}
+
+	tevent_req_done(req);
+	return tevent_req_post(req, ev);
+}
+
+static NTSTATUS gensec_krb5_update_recv(struct tevent_req *req,
+					TALLOC_CTX *out_mem_ctx,
+					DATA_BLOB *out)
+{
+	struct gensec_krb5_update_state *state =
+		tevent_req_data(req,
+		struct gensec_krb5_update_state);
+	NTSTATUS status;
+
+	*out = data_blob_null;
+
+	if (tevent_req_is_nterror(req, &status)) {
+		tevent_req_received(req);
+		return status;
+	}
+
+	*out = state->out;
+	talloc_steal(out_mem_ctx, state->out.data);
+	status = state->status;
+	tevent_req_received(req);
+	return status;
+}
+
+static NTSTATUS gensec_krb5_session_key(struct gensec_security *gensec_security, 
+					TALLOC_CTX *mem_ctx,
+					DATA_BLOB *session_key) 
+{
+	struct gensec_krb5_state *gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data;
+	krb5_context context = gensec_krb5_state->smb_krb5_context->krb5_context;
+	krb5_auth_context auth_context = gensec_krb5_state->auth_context;
+	krb5_error_code err = -1;
+	bool remote = false;
+	bool ok;
+
+	if (gensec_krb5_state->state_position != GENSEC_KRB5_DONE) {
+		return NT_STATUS_NO_USER_SESSION_KEY;
+	}
+
+	switch (gensec_security->gensec_role) {
+	case GENSEC_CLIENT:
+		remote = false;
+		break;
+	case GENSEC_SERVER:
+		remote = true;
+		break;
+	}
+
+	ok = smb_krb5_get_smb_session_key(mem_ctx,
+					  context,
+					  auth_context,
+					  session_key,
+					  remote);
+	if (!ok) {
+		DEBUG(10, ("KRB5 error getting session key %d\n", err));
+		return NT_STATUS_NO_USER_SESSION_KEY;
+	}
+
+	return NT_STATUS_OK;
+}
+
+#ifdef SAMBA4_USES_HEIMDAL
+static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security,
+					 TALLOC_CTX *mem_ctx,
+					 struct auth_session_info **_session_info) 
+{
+	NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
+	struct gensec_krb5_state *gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data;
+	krb5_context context = gensec_krb5_state->smb_krb5_context->krb5_context;
+	struct auth_session_info *session_info = NULL;
+
+	krb5_principal client_principal;
+	char *principal_string = NULL;
+	
+	DATA_BLOB pac_blob, *pac_blob_ptr = NULL;
+	krb5_data pac_data;
+
+	krb5_error_code ret;
+
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	if (!tmp_ctx) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	
+	ret = krb5_ticket_get_client(context, gensec_krb5_state->ticket, &client_principal);
+	if (ret) {
+		DEBUG(5, ("krb5_ticket_get_client failed to get client principal: %s\n", 
+			  smb_get_krb5_error_message(context, 
+						     ret, tmp_ctx)));
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+	
+	ret = krb5_unparse_name(gensec_krb5_state->smb_krb5_context->krb5_context, 
+				client_principal, &principal_string);
+	if (ret) {
+		DEBUG(1, ("Unable to parse client principal: %s\n",
+			  smb_get_krb5_error_message(context, 
+						     ret, tmp_ctx)));
+		krb5_free_principal(context, client_principal);
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ret = krb5_ticket_get_authorization_data_type(context, gensec_krb5_state->ticket, 
+						      KRB5_AUTHDATA_WIN2K_PAC, 
+						      &pac_data);
+	
+	if (ret) {
+		/* NO pac */
+		DEBUG(5, ("krb5_ticket_get_authorization_data_type failed to find PAC: %s\n", 
+			  smb_get_krb5_error_message(context, 
+						     ret, tmp_ctx)));
+	} else {
+		/* Found pac */
+		pac_blob = data_blob_talloc(tmp_ctx, pac_data.data, pac_data.length);
+		smb_krb5_free_data_contents(context, &pac_data);
+		if (!pac_blob.data) {
+			free(principal_string);
+			krb5_free_principal(context, client_principal);
+			talloc_free(tmp_ctx);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		/* decode and verify the pac */
+		nt_status = kerberos_decode_pac(gensec_krb5_state,
+						pac_blob,
+						gensec_krb5_state->smb_krb5_context->krb5_context,
+						NULL, gensec_krb5_state->keyblock,
+						client_principal,
+						gensec_krb5_state->ticket->ticket.authtime, NULL);
+
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			free(principal_string);
+			krb5_free_principal(context, client_principal);
+			talloc_free(tmp_ctx);
+			return nt_status;
+		}
+
+		pac_blob_ptr = &pac_blob;
+	}
+
+	nt_status = gensec_generate_session_info_pac(tmp_ctx,
+						     gensec_security,
+						     gensec_krb5_state->smb_krb5_context,
+						     pac_blob_ptr, principal_string,
+						     gensec_get_remote_address(gensec_security),
+						     &session_info);
+
+	free(principal_string);
+	krb5_free_principal(context, client_principal);
+
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(tmp_ctx);
+		return nt_status;
+	}
+
+	nt_status = gensec_krb5_session_key(gensec_security, session_info, &session_info->session_key);
+
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(tmp_ctx);
+		return nt_status;
+	}
+
+	*_session_info = talloc_steal(mem_ctx, session_info);
+
+	talloc_free(tmp_ctx);
+	return NT_STATUS_OK;
+}
+#else /* MIT KERBEROS */
+static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security,
+					 TALLOC_CTX *mem_ctx,
+					 struct auth_session_info **psession_info)
+{
+	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+	struct gensec_krb5_state *gensec_krb5_state =
+		(struct gensec_krb5_state *)gensec_security->private_data;
+	krb5_context context = gensec_krb5_state->smb_krb5_context->krb5_context;
+	struct auth_session_info *session_info = NULL;
+
+	krb5_principal client_principal;
+	char *principal_string = NULL;
+
+	krb5_authdata **auth_pac_data = NULL;
+	DATA_BLOB pac_blob, *pac_blob_ptr = NULL;
+
+	krb5_error_code code;
+
+	TALLOC_CTX *tmp_ctx;
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	code = krb5_copy_principal(context,
+				   gensec_krb5_state->ticket->enc_part2->client,
+				   &client_principal);
+	if (code != 0) {
+		DBG_INFO("krb5_copy_principal failed to copy client "
+			 "principal: %s\n",
+			 smb_get_krb5_error_message(context, code, tmp_ctx));
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	code = krb5_unparse_name(context, client_principal, &principal_string);
+	if (code != 0) {
+		DBG_WARNING("Unable to parse client principal: %s\n",
+			    smb_get_krb5_error_message(context, code, tmp_ctx));
+		krb5_free_principal(context, client_principal);
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	code = krb5_find_authdata(context,
+				  gensec_krb5_state->ticket->enc_part2->authorization_data,
+				  NULL,
+				  KRB5_AUTHDATA_WIN2K_PAC,
+				  &auth_pac_data);
+	if (code != 0) {
+		/* NO pac */
+		DBG_INFO("krb5_find_authdata failed to find PAC: %s\n",
+			 smb_get_krb5_error_message(context, code, tmp_ctx));
+	} else {
+		krb5_timestamp ticket_authtime =
+			gensec_krb5_state->ticket->enc_part2->times.authtime;
+
+		/* Found pac */
+		pac_blob = data_blob_talloc(tmp_ctx,
+					    auth_pac_data[0]->contents,
+					    auth_pac_data[0]->length);
+		krb5_free_authdata(context, auth_pac_data);
+		if (pac_blob.data == NULL) {
+			free(principal_string);
+			krb5_free_principal(context, client_principal);
+			talloc_free(tmp_ctx);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		/* decode and verify the pac */
+		status = kerberos_decode_pac(gensec_krb5_state,
+					     pac_blob,
+					     context,
+					     NULL,
+					     gensec_krb5_state->keyblock,
+					     client_principal,
+					     ticket_authtime,
+					     NULL);
+
+		if (!NT_STATUS_IS_OK(status)) {
+			free(principal_string);
+			krb5_free_principal(context, client_principal);
+			talloc_free(tmp_ctx);
+			return status;
+		}
+
+		pac_blob_ptr = &pac_blob;
+	}
+	krb5_free_principal(context, client_principal);
+
+	status = gensec_generate_session_info_pac(tmp_ctx,
+						  gensec_security,
+						  gensec_krb5_state->smb_krb5_context,
+						  pac_blob_ptr,
+						  principal_string,
+						  gensec_get_remote_address(gensec_security),
+						  &session_info);
+	SAFE_FREE(principal_string);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(tmp_ctx);
+		return status;
+	}
+
+	status = gensec_krb5_session_key(gensec_security,
+					 session_info,
+					 &session_info->session_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(tmp_ctx);
+		return status;
+	}
+
+	*psession_info = talloc_steal(mem_ctx, session_info);
+	talloc_free(tmp_ctx);
+
+	return NT_STATUS_OK;
+}
+#endif /* SAMBA4_USES_HEIMDAL */
+
+static NTSTATUS gensec_krb5_wrap(struct gensec_security *gensec_security, 
+				   TALLOC_CTX *mem_ctx, 
+				   const DATA_BLOB *in, 
+				   DATA_BLOB *out)
+{
+	struct gensec_krb5_state *gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data;
+	krb5_context context = gensec_krb5_state->smb_krb5_context->krb5_context;
+	krb5_auth_context auth_context = gensec_krb5_state->auth_context;
+	krb5_error_code ret;
+	krb5_data input, output;
+	input.length = in->length;
+	input.data = (char *)in->data;
+	
+	if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
+		ret = krb5_mk_priv(context, auth_context, &input, &output, NULL);
+		if (ret) {
+			DEBUG(1, ("krb5_mk_priv failed: %s\n", 
+				  smb_get_krb5_error_message(gensec_krb5_state->smb_krb5_context->krb5_context, 
+							     ret, mem_ctx)));
+			return NT_STATUS_ACCESS_DENIED;
+		}
+		*out = data_blob_talloc(mem_ctx, output.data, output.length);
+		
+		smb_krb5_free_data_contents(context, &output);
+	} else {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS gensec_krb5_unwrap(struct gensec_security *gensec_security, 
+				     TALLOC_CTX *mem_ctx, 
+				     const DATA_BLOB *in, 
+				     DATA_BLOB *out)
+{
+	struct gensec_krb5_state *gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data;
+	krb5_context context = gensec_krb5_state->smb_krb5_context->krb5_context;
+	krb5_auth_context auth_context = gensec_krb5_state->auth_context;
+	krb5_error_code ret;
+	krb5_data input, output;
+	krb5_replay_data replay;
+	input.length = in->length;
+	input.data = (char *)in->data;
+	
+	if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
+		ret = krb5_rd_priv(context, auth_context, &input, &output, &replay);
+		if (ret) {
+			DEBUG(1, ("krb5_rd_priv failed: %s\n", 
+				  smb_get_krb5_error_message(gensec_krb5_state->smb_krb5_context->krb5_context, 
+							     ret, mem_ctx)));
+			return NT_STATUS_ACCESS_DENIED;
+		}
+		*out = data_blob_talloc(mem_ctx, output.data, output.length);
+		
+		smb_krb5_free_data_contents(context, &output);
+	} else {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+	return NT_STATUS_OK;
+}
+
+static bool gensec_krb5_have_feature(struct gensec_security *gensec_security,
+				     uint32_t feature)
+{
+	struct gensec_krb5_state *gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data;
+	if (feature & GENSEC_FEATURE_SESSION_KEY) {
+		return true;
+	} 
+	if (gensec_krb5_state->gssapi) {
+		return false;
+	}
+
+	/*
+	 * krb5_mk_priv provides SIGN and SEAL
+	 */
+	if (feature & GENSEC_FEATURE_SIGN) {
+		return true;
+	}
+	if (feature & GENSEC_FEATURE_SEAL) {
+		return true;
+	}
+
+	return false;
+}
+
+static const char *gensec_krb5_final_auth_type(struct gensec_security *gensec_security)
+{
+	return GENSEC_FINAL_AUTH_TYPE_KRB5;
+}
+
+static const char *gensec_krb5_oids[] = { 
+	GENSEC_OID_KERBEROS5,
+	GENSEC_OID_KERBEROS5_OLD,
+	NULL 
+};
+
+static const struct gensec_security_ops gensec_fake_gssapi_krb5_security_ops = {
+	.name		= "fake_gssapi_krb5",
+	.auth_type	= DCERPC_AUTH_TYPE_KRB5,
+	.oid            = gensec_krb5_oids,
+	.client_start   = gensec_fake_gssapi_krb5_client_start,
+	.server_start   = gensec_fake_gssapi_krb5_server_start,
+	.update_send	= gensec_krb5_update_send,
+	.update_recv	= gensec_krb5_update_recv,
+	.magic   	= gensec_magic_check_krb5_oid,
+	.session_key	= gensec_krb5_session_key,
+	.session_info	= gensec_krb5_session_info,
+	.have_feature   = gensec_krb5_have_feature,
+	.final_auth_type = gensec_krb5_final_auth_type,
+	.enabled        = false,
+	.kerberos       = true,
+	.priority       = GENSEC_KRB5,
+};
+
+static const struct gensec_security_ops gensec_krb5_security_ops = {
+	.name		= "krb5",
+	.client_start   = gensec_krb5_client_start,
+	.server_start   = gensec_krb5_server_start,
+	.update_send	= gensec_krb5_update_send,
+	.update_recv	= gensec_krb5_update_recv,
+	.session_key	= gensec_krb5_session_key,
+	.session_info	= gensec_krb5_session_info,
+	.have_feature   = gensec_krb5_have_feature,
+	.wrap           = gensec_krb5_wrap,
+	.unwrap         = gensec_krb5_unwrap,
+	.final_auth_type = gensec_krb5_final_auth_type,
+	.enabled        = true,
+	.kerberos       = true,
+	.priority       = GENSEC_KRB5
+};
+
+_PUBLIC_ NTSTATUS gensec_krb5_init(TALLOC_CTX *ctx)
+{
+	NTSTATUS ret;
+
+	ret = gensec_register(ctx, &gensec_krb5_security_ops);
+	if (!NT_STATUS_IS_OK(ret)) {
+		DEBUG(0,("Failed to register '%s' gensec backend!\n",
+			gensec_krb5_security_ops.name));
+		return ret;
+	}
+
+	ret = gensec_register(ctx, &gensec_fake_gssapi_krb5_security_ops);
+	if (!NT_STATUS_IS_OK(ret)) {
+		DEBUG(0,("Failed to register '%s' gensec backend!\n",
+			gensec_fake_gssapi_krb5_security_ops.name));
+		return ret;
+	}
+
+	return ret;
+}
diff --git a/source4/auth/gensec/gensec_krb5.h b/source4/auth/gensec/gensec_krb5.h
new file mode 100644
index 0000000..ee684be
--- /dev/null
+++ b/source4/auth/gensec/gensec_krb5.h
@@ -0,0 +1,10 @@
+/* See gensec_krb5_util.c for the license */
+
+krb5_error_code smb_krb5_rd_req_decoded(krb5_context context,
+					krb5_auth_context *auth_context,
+					const krb5_data *inbuf,
+					krb5_keytab keytab,
+					krb5_principal acceptor_principal,
+					krb5_data *outbuf,
+					krb5_ticket **ticket,
+					krb5_keyblock **keyblock);
diff --git a/source4/auth/gensec/gensec_krb5_heimdal.c b/source4/auth/gensec/gensec_krb5_heimdal.c
new file mode 100644
index 0000000..bc0d970
--- /dev/null
+++ b/source4/auth/gensec/gensec_krb5_heimdal.c
@@ -0,0 +1,102 @@
+/*
+ * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* This file for code taken from the Heimdal code, to preserve licence */
+/* Modified by Andrew Bartlett <abartlet@samba.org> */
+
+#include "includes.h"
+#include "system/kerberos.h"
+#include "auth/kerberos/kerberos.h"
+#include "gensec_krb5.h"
+
+/* Taken from  accept_sec_context.c,v 1.65 */
+krb5_error_code smb_krb5_rd_req_decoded(krb5_context context,
+					krb5_auth_context *auth_context,
+					const krb5_data *inbuf,
+					krb5_keytab keytab,
+					krb5_principal acceptor_principal,
+					krb5_data *outbuf,
+					krb5_ticket **ticket,
+					krb5_keyblock **keyblock)
+{
+	krb5_rd_req_in_ctx in = NULL;
+	krb5_rd_req_out_ctx out = NULL;
+	krb5_error_code kret;
+
+	*keyblock = NULL;
+	*ticket = NULL;
+	outbuf->length = 0;
+	outbuf->data = NULL;
+
+	kret = krb5_rd_req_in_ctx_alloc(context, &in);
+	if (kret == 0)
+	    kret = krb5_rd_req_in_set_keytab(context, in, keytab);
+	if (kret) {
+	    if (in)
+		krb5_rd_req_in_ctx_free(context, in);
+	    return kret;
+	}
+
+	kret = krb5_rd_req_ctx(context,
+			       auth_context,
+			       inbuf,
+			       acceptor_principal,
+			       in, &out);
+	krb5_rd_req_in_ctx_free(context, in);
+	if (kret) {
+	    return kret;
+	}
+
+	/*
+	 * We need to remember some data on the context_handle.
+	 */
+	kret = krb5_rd_req_out_get_ticket(context, out,
+					  ticket);
+	if (kret == 0) {
+	    kret = krb5_rd_req_out_get_keyblock(context, out,
+						keyblock);
+	}
+	krb5_rd_req_out_ctx_free(context, out);
+
+	if (kret == 0) {
+		kret = krb5_mk_rep(context, *auth_context, outbuf);
+	}
+
+	if (kret) {
+		krb5_free_ticket(context, *ticket);
+		krb5_free_keyblock(context, *keyblock);
+		krb5_data_free(outbuf);
+	}
+
+	return kret;
+}
diff --git a/source4/auth/gensec/gensec_krb5_helpers.c b/source4/auth/gensec/gensec_krb5_helpers.c
new file mode 100644
index 0000000..21f2f1e
--- /dev/null
+++ b/source4/auth/gensec/gensec_krb5_helpers.c
@@ -0,0 +1,72 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Kerberos backend for GENSEC
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004
+   Copyright (C) Andrew Tridgell 2001
+   Copyright (C) Luke Howard 2002-2003
+   Copyright (C) Stefan Metzmacher 2004-2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "auth/auth.h"
+#include "auth/gensec/gensec.h"
+#include "auth/gensec/gensec_internal.h"
+#include "gensec_krb5_internal.h"
+#include "gensec_krb5_helpers.h"
+#include "system/kerberos.h"
+#include "auth/kerberos/kerberos.h"
+
+static struct gensec_krb5_state *get_private_state(const struct gensec_security *gensec_security)
+{
+	struct gensec_krb5_state *gensec_krb5_state = NULL;
+
+	if (strcmp(gensec_security->ops->name, "krb5") != 0) {
+		/* We require that the krb5 mechanism is being used. */
+		return NULL;
+	}
+
+	gensec_krb5_state = talloc_get_type(gensec_security->private_data,
+					    struct gensec_krb5_state);
+	return gensec_krb5_state;
+}
+
+/*
+ * Returns 1 if our ticket has the initial flag set, 0 if not, and -1 in case of
+ * error.
+ */
+int gensec_krb5_initial_ticket(const struct gensec_security *gensec_security)
+{
+	struct gensec_krb5_state *gensec_krb5_state = NULL;
+
+	gensec_krb5_state = get_private_state(gensec_security);
+	if (gensec_krb5_state == NULL) {
+		return -1;
+	}
+
+	if (gensec_krb5_state->ticket == NULL) {
+		/* We don't have a ticket */
+		return -1;
+	}
+
+#ifdef SAMBA4_USES_HEIMDAL
+	return gensec_krb5_state->ticket->ticket.flags.initial;
+#else /* MIT KERBEROS */
+	return (gensec_krb5_state->ticket->enc_part2->flags & TKT_FLG_INITIAL) ? 1 : 0;
+#endif /* SAMBA4_USES_HEIMDAL */
+}
diff --git a/source4/auth/gensec/gensec_krb5_helpers.h b/source4/auth/gensec/gensec_krb5_helpers.h
new file mode 100644
index 0000000..d7b694d
--- /dev/null
+++ b/source4/auth/gensec/gensec_krb5_helpers.h
@@ -0,0 +1,32 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Kerberos backend for GENSEC
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004
+   Copyright (C) Andrew Tridgell 2001
+   Copyright (C) Luke Howard 2002-2003
+   Copyright (C) Stefan Metzmacher 2004-2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+struct gensec_security;
+
+/*
+ * Returns 1 if our ticket has the initial flag set, 0 if not, and -1 in case of
+ * error.
+ */
+int gensec_krb5_initial_ticket(const struct gensec_security *gensec_security);
diff --git a/source4/auth/gensec/gensec_krb5_internal.h b/source4/auth/gensec/gensec_krb5_internal.h
new file mode 100644
index 0000000..0bb796f
--- /dev/null
+++ b/source4/auth/gensec/gensec_krb5_internal.h
@@ -0,0 +1,47 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Kerberos backend for GENSEC
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004
+   Copyright (C) Andrew Tridgell 2001
+   Copyright (C) Luke Howard 2002-2003
+   Copyright (C) Stefan Metzmacher 2004-2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "auth/gensec/gensec.h"
+#include "system/kerberos.h"
+#include "auth/kerberos/kerberos.h"
+
+enum GENSEC_KRB5_STATE {
+	GENSEC_KRB5_SERVER_START,
+	GENSEC_KRB5_CLIENT_START,
+	GENSEC_KRB5_CLIENT_MUTUAL_AUTH,
+	GENSEC_KRB5_DONE
+};
+
+struct gensec_krb5_state {
+	enum GENSEC_KRB5_STATE state_position;
+	struct smb_krb5_context *smb_krb5_context;
+	krb5_auth_context auth_context;
+	krb5_data enc_ticket;
+	krb5_keyblock *keyblock;
+	krb5_ticket *ticket;
+	bool gssapi;
+	krb5_flags ap_req_options;
+};
diff --git a/source4/auth/gensec/gensec_krb5_mit.c b/source4/auth/gensec/gensec_krb5_mit.c
new file mode 100644
index 0000000..f7b3129
--- /dev/null
+++ b/source4/auth/gensec/gensec_krb5_mit.c
@@ -0,0 +1,102 @@
+
+#include "includes.h"
+#include "system/kerberos.h"
+#include "auth/kerberos/kerberos.h"
+#include "gensec_krb5.h"
+
+static krb5_error_code smb_krb5_get_longterm_key(krb5_context context,
+						 krb5_const_principal server,
+						 krb5_kvno kvno,
+						 krb5_enctype etype,
+						 krb5_keytab keytab,
+						 krb5_keyblock **keyblock_out)
+{
+	krb5_error_code code = EINVAL;
+
+	krb5_keytab_entry kt_entry;
+
+	code = krb5_kt_get_entry(context,
+				 keytab,
+				 server,
+				 kvno,
+				 etype,
+				 &kt_entry);
+	if (code != 0) {
+		return code;
+	}
+
+	code = krb5_copy_keyblock(context,
+				  &kt_entry.key,
+				  keyblock_out);
+	krb5_free_keytab_entry_contents(context, &kt_entry);
+
+	return code;
+}
+
+krb5_error_code smb_krb5_rd_req_decoded(krb5_context context,
+					krb5_auth_context *auth_context,
+					const krb5_data *request,
+					krb5_keytab keytab,
+					krb5_principal acceptor_principal,
+					krb5_data *reply,
+					krb5_ticket **pticket,
+					krb5_keyblock **pkeyblock)
+{
+	krb5_error_code code;
+	krb5_flags ap_req_options = 0;
+	krb5_ticket *ticket = NULL;
+	krb5_keyblock *keyblock = NULL;
+
+	*pticket = NULL;
+	*pkeyblock = NULL;
+	reply->length = 0;
+	reply->data = NULL;
+
+	code = krb5_rd_req(context,
+			   auth_context,
+			   request,
+			   acceptor_principal,
+			   keytab,
+			   &ap_req_options,
+			   &ticket);
+	if (code != 0) {
+		DBG_ERR("krb5_rd_req failed: %s\n",
+			error_message(code));
+		return code;
+	}
+
+	/*
+	 * Get the long term key from the keytab to be able to verify the PAC
+	 * signature.
+	 *
+	 * FIXME: Use ticket->enc_part.kvno ???
+	 * Getting the latest kvno with passing 0 fixes:
+	 * make -j test TESTS="samba4.winbind.pac.ad_member"
+	 */
+	code = smb_krb5_get_longterm_key(context,
+					 ticket->server,
+					 0, /* kvno */
+					 ticket->enc_part.enctype,
+					 keytab,
+					 &keyblock);
+	if (code != 0) {
+		DBG_ERR("smb_krb5_get_longterm_key failed: %s\n",
+			error_message(code));
+		krb5_free_ticket(context, ticket);
+
+		return code;
+	}
+
+	code = krb5_mk_rep(context, *auth_context, reply);
+	if (code != 0) {
+		DBG_ERR("krb5_mk_rep failed: %s\n",
+			error_message(code));
+		krb5_free_ticket(context, ticket);
+		krb5_free_keyblock(context, keyblock);
+	}
+
+	*pticket = ticket;
+	*pkeyblock = keyblock;
+
+	return code;
+}
diff --git a/source4/auth/gensec/gensec_tstream.c b/source4/auth/gensec/gensec_tstream.c
new file mode 100644
index 0000000..cc7c83c
--- /dev/null
+++ b/source4/auth/gensec/gensec_tstream.c
@@ -0,0 +1,616 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   tstream based generic authentication interface
+
+   Copyright (c) 2010 Stefan Metzmacher
+   Copyright (c) 2010 Andreas Schneider <asn@redhat.com>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/network.h"
+#include "auth/gensec/gensec.h"
+#include "auth/gensec/gensec_proto.h"
+#include "auth/gensec/gensec_tstream.h"
+#include "lib/tsocket/tsocket.h"
+#include "lib/tsocket/tsocket_internal.h"
+#include "auth/gensec/gensec_toplevel_proto.h"
+
+static const struct tstream_context_ops tstream_gensec_ops;
+
+struct tstream_gensec {
+	struct tstream_context *plain_stream;
+
+	struct gensec_security *gensec_security;
+
+	int error;
+
+	struct {
+		size_t max_unwrapped_size;
+		size_t max_wrapped_size;
+	} write;
+
+	struct {
+		off_t ofs;
+		size_t left;
+		DATA_BLOB unwrapped;
+	} read;
+};
+
+_PUBLIC_ NTSTATUS _gensec_create_tstream(TALLOC_CTX *mem_ctx,
+					 struct gensec_security *gensec_security,
+					 struct tstream_context *plain_stream,
+					 struct tstream_context **_gensec_stream,
+					 const char *location)
+{
+	struct tstream_context *gensec_stream;
+	struct tstream_gensec *tgss;
+
+	gensec_stream = tstream_context_create(mem_ctx,
+					       &tstream_gensec_ops,
+					       &tgss,
+					       struct tstream_gensec,
+					       location);
+	if (gensec_stream == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	tgss->plain_stream = plain_stream;
+	tgss->gensec_security = gensec_security;
+	tgss->error = 0;
+
+	if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN) &&
+	    !gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
+		talloc_free(gensec_stream);
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	tgss->write.max_unwrapped_size = gensec_max_input_size(gensec_security);
+	tgss->write.max_wrapped_size = gensec_max_wrapped_size(gensec_security);
+
+	ZERO_STRUCT(tgss->read);
+
+	*_gensec_stream = gensec_stream;
+	return NT_STATUS_OK;
+}
+
+static ssize_t tstream_gensec_pending_bytes(struct tstream_context *stream)
+{
+	struct tstream_gensec *tgss =
+		tstream_context_data(stream,
+		struct tstream_gensec);
+
+	if (tgss->error != 0) {
+		errno = tgss->error;
+		return -1;
+	}
+
+	return tgss->read.left;
+}
+
+struct tstream_gensec_readv_state {
+	struct tevent_context *ev;
+	struct tstream_context *stream;
+
+	struct iovec *vector;
+	int count;
+
+	struct {
+		bool asked_for_hdr;
+		uint8_t hdr[4];
+		bool asked_for_blob;
+		DATA_BLOB blob;
+	} wrapped;
+
+	int ret;
+};
+
+static void tstream_gensec_readv_wrapped_next(struct tevent_req *req);
+
+static struct tevent_req *tstream_gensec_readv_send(TALLOC_CTX *mem_ctx,
+						    struct tevent_context *ev,
+						    struct tstream_context *stream,
+						    struct iovec *vector,
+						    size_t count)
+{
+	struct tstream_gensec *tgss =
+		tstream_context_data(stream,
+		struct tstream_gensec);
+	struct tevent_req *req;
+	struct tstream_gensec_readv_state *state;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct tstream_gensec_readv_state);
+	if (!req) {
+		return NULL;
+	}
+
+	if (tgss->error != 0) {
+		tevent_req_error(req, tgss->error);
+		return tevent_req_post(req, ev);
+	}
+
+	state->ev = ev;
+	state->stream = stream;
+	state->ret = 0;
+
+	/*
+	 * we make a copy of the vector so we can change the structure
+	 */
+	state->vector = talloc_array(state, struct iovec, count);
+	if (tevent_req_nomem(state->vector, req)) {
+		return tevent_req_post(req, ev);
+	}
+	memcpy(state->vector, vector, sizeof(struct iovec) * count);
+	state->count = count;
+
+	tstream_gensec_readv_wrapped_next(req);
+	if (!tevent_req_is_in_progress(req)) {
+		return tevent_req_post(req, ev);
+	}
+
+	return req;
+}
+
+static int tstream_gensec_readv_next_vector(struct tstream_context *unix_stream,
+					    void *private_data,
+					    TALLOC_CTX *mem_ctx,
+					    struct iovec **_vector,
+					    size_t *_count);
+static void tstream_gensec_readv_wrapped_done(struct tevent_req *subreq);
+
+static void tstream_gensec_readv_wrapped_next(struct tevent_req *req)
+{
+	struct tstream_gensec_readv_state *state =
+		tevent_req_data(req,
+		struct tstream_gensec_readv_state);
+	struct tstream_gensec *tgss =
+		tstream_context_data(state->stream,
+		struct tstream_gensec);
+	struct tevent_req *subreq;
+
+	/*
+	 * copy the pending buffer first
+	 */
+	while (tgss->read.left > 0 && state->count > 0) {
+		uint8_t *base = (uint8_t *)state->vector[0].iov_base;
+		size_t len = MIN(tgss->read.left, state->vector[0].iov_len);
+
+		memcpy(base, tgss->read.unwrapped.data + tgss->read.ofs, len);
+
+		base += len;
+		state->vector[0].iov_base = (char *) base;
+		state->vector[0].iov_len -= len;
+
+		tgss->read.ofs += len;
+		tgss->read.left -= len;
+
+		if (state->vector[0].iov_len == 0) {
+			state->vector += 1;
+			state->count -= 1;
+		}
+
+		state->ret += len;
+	}
+
+	if (state->count == 0) {
+		tevent_req_done(req);
+		return;
+	}
+
+	data_blob_free(&tgss->read.unwrapped);
+	ZERO_STRUCT(state->wrapped);
+
+	subreq = tstream_readv_pdu_send(state, state->ev,
+					tgss->plain_stream,
+					tstream_gensec_readv_next_vector,
+					state);
+	if (tevent_req_nomem(subreq, req)) {
+		return;
+	}
+	tevent_req_set_callback(subreq, tstream_gensec_readv_wrapped_done, req);
+}
+
+static int tstream_gensec_readv_next_vector(struct tstream_context *unix_stream,
+					    void *private_data,
+					    TALLOC_CTX *mem_ctx,
+					    struct iovec **_vector,
+					    size_t *_count)
+{
+	struct tstream_gensec_readv_state *state =
+		talloc_get_type_abort(private_data,
+		struct tstream_gensec_readv_state);
+	struct iovec *vector;
+	size_t count = 1;
+
+	/* we need to get a message header */
+	vector = talloc_array(mem_ctx, struct iovec, count);
+	if (!vector) {
+		return -1;
+	}
+
+	if (!state->wrapped.asked_for_hdr) {
+		state->wrapped.asked_for_hdr = true;
+		vector[0].iov_base = (char *)state->wrapped.hdr;
+		vector[0].iov_len = sizeof(state->wrapped.hdr);
+	} else if (!state->wrapped.asked_for_blob) {
+		uint32_t msg_len;
+
+		state->wrapped.asked_for_blob = true;
+
+		msg_len = RIVAL(state->wrapped.hdr, 0);
+
+		/*
+		 * I got a Windows 2012R2 server responding with
+		 * a message of 0x1b28a33.
+		 */
+		if (msg_len > 0x0FFFFFFF) {
+			errno = EMSGSIZE;
+			return -1;
+		}
+
+		if (msg_len == 0) {
+			errno = EMSGSIZE;
+			return -1;
+		}
+
+		state->wrapped.blob = data_blob_talloc(state, NULL, msg_len);
+		if (state->wrapped.blob.data == NULL) {
+			return -1;
+		}
+
+		vector[0].iov_base = (char *)state->wrapped.blob.data;
+		vector[0].iov_len = state->wrapped.blob.length;
+	} else {
+		*_vector = NULL;
+		*_count = 0;
+		return 0;
+	}
+
+	*_vector = vector;
+	*_count = count;
+	return 0;
+}
+
+static void tstream_gensec_readv_wrapped_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req =
+		tevent_req_callback_data(subreq,
+		struct tevent_req);
+	struct tstream_gensec_readv_state *state =
+		tevent_req_data(req,
+		struct tstream_gensec_readv_state);
+	struct tstream_gensec *tgss =
+		tstream_context_data(state->stream,
+		struct tstream_gensec);
+	int ret;
+	int sys_errno;
+	NTSTATUS status;
+
+	ret = tstream_readv_pdu_recv(subreq, &sys_errno);
+	TALLOC_FREE(subreq);
+	if (ret == -1) {
+		tgss->error = sys_errno;
+		tevent_req_error(req, sys_errno);
+		return;
+	}
+
+	status = gensec_unwrap(tgss->gensec_security,
+			       state,
+			       &state->wrapped.blob,
+			       &tgss->read.unwrapped);
+	if (!NT_STATUS_IS_OK(status)) {
+		tgss->error = EIO;
+		tevent_req_error(req, tgss->error);
+		return;
+	}
+
+	data_blob_free(&state->wrapped.blob);
+
+	talloc_steal(tgss, tgss->read.unwrapped.data);
+	tgss->read.left = tgss->read.unwrapped.length;
+	tgss->read.ofs = 0;
+
+	tstream_gensec_readv_wrapped_next(req);
+}
+
+static int tstream_gensec_readv_recv(struct tevent_req *req, int *perrno)
+{
+	struct tstream_gensec_readv_state *state =
+		tevent_req_data(req,
+		struct tstream_gensec_readv_state);
+	int ret;
+
+	ret = tsocket_simple_int_recv(req, perrno);
+	if (ret == 0) {
+		ret = state->ret;
+	}
+
+	tevent_req_received(req);
+	return ret;
+}
+
+struct tstream_gensec_writev_state {
+	struct tevent_context *ev;
+	struct tstream_context *stream;
+
+	struct iovec *vector;
+	int count;
+
+	struct {
+		off_t ofs;
+		size_t left;
+		DATA_BLOB blob;
+	} unwrapped;
+
+	struct {
+		uint8_t hdr[4];
+		DATA_BLOB blob;
+		struct iovec iov[2];
+	} wrapped;
+
+	int ret;
+};
+
+static void tstream_gensec_writev_wrapped_next(struct tevent_req *req);
+
+static struct tevent_req *tstream_gensec_writev_send(TALLOC_CTX *mem_ctx,
+					struct tevent_context *ev,
+					struct tstream_context *stream,
+					const struct iovec *vector,
+					size_t count)
+{
+	struct tstream_gensec *tgss =
+		tstream_context_data(stream,
+		struct tstream_gensec);
+	struct tevent_req *req;
+	struct tstream_gensec_writev_state *state;
+	size_t i;
+	int total;
+	int chunk;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct tstream_gensec_writev_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	if (tgss->error != 0) {
+		tevent_req_error(req, tgss->error);
+		return tevent_req_post(req, ev);
+	}
+
+	state->ev = ev;
+	state->stream = stream;
+	state->ret = 0;
+
+	/*
+	 * we make a copy of the vector so we can change the structure
+	 */
+	state->vector = talloc_array(state, struct iovec, count);
+	if (tevent_req_nomem(state->vector, req)) {
+		return tevent_req_post(req, ev);
+	}
+	memcpy(state->vector, vector, sizeof(struct iovec) * count);
+	state->count = count;
+
+	total = 0;
+	for (i = 0; i < count; i++) {
+		/*
+		 * the generic tstream code makes sure that
+		 * this never wraps.
+		 */
+		total += vector[i].iov_len;
+	}
+
+	/*
+	 * We may need to send data in chunks.
+	 */
+	chunk = MIN(total, tgss->write.max_unwrapped_size);
+
+	state->unwrapped.blob = data_blob_talloc(state, NULL, chunk);
+	if (tevent_req_nomem(state->unwrapped.blob.data, req)) {
+		return tevent_req_post(req, ev);
+	}
+
+	tstream_gensec_writev_wrapped_next(req);
+	if (!tevent_req_is_in_progress(req)) {
+		return tevent_req_post(req, ev);
+	}
+
+	return req;
+}
+
+static void tstream_gensec_writev_wrapped_done(struct tevent_req *subreq);
+
+static void tstream_gensec_writev_wrapped_next(struct tevent_req *req)
+{
+	struct tstream_gensec_writev_state *state =
+		tevent_req_data(req,
+		struct tstream_gensec_writev_state);
+	struct tstream_gensec *tgss =
+		tstream_context_data(state->stream,
+		struct tstream_gensec);
+	struct tevent_req *subreq;
+	NTSTATUS status;
+
+	data_blob_free(&state->wrapped.blob);
+
+	state->unwrapped.left = state->unwrapped.blob.length;
+	state->unwrapped.ofs = 0;
+
+	/*
+	 * first fill our buffer
+	 */
+	while (state->unwrapped.left > 0 && state->count > 0) {
+		uint8_t *base = (uint8_t *)state->vector[0].iov_base;
+		size_t len = MIN(state->unwrapped.left, state->vector[0].iov_len);
+
+		memcpy(state->unwrapped.blob.data + state->unwrapped.ofs, base, len);
+
+		base += len;
+		state->vector[0].iov_base = (char *) base;
+		state->vector[0].iov_len -= len;
+
+		state->unwrapped.ofs += len;
+		state->unwrapped.left -= len;
+
+		if (state->vector[0].iov_len == 0) {
+			state->vector += 1;
+			state->count -= 1;
+		}
+
+		state->ret += len;
+	}
+
+	if (state->unwrapped.ofs == 0) {
+		tevent_req_done(req);
+		return;
+	}
+
+	state->unwrapped.blob.length = state->unwrapped.ofs;
+
+	status = gensec_wrap(tgss->gensec_security,
+			     state,
+			     &state->unwrapped.blob,
+			     &state->wrapped.blob);
+	if (!NT_STATUS_IS_OK(status)) {
+		tgss->error = EIO;
+		tevent_req_error(req, tgss->error);
+		return;
+	}
+
+	RSIVAL(state->wrapped.hdr, 0, state->wrapped.blob.length);
+
+	state->wrapped.iov[0].iov_base = (void *)state->wrapped.hdr;
+	state->wrapped.iov[0].iov_len = sizeof(state->wrapped.hdr);
+	state->wrapped.iov[1].iov_base = (void *)state->wrapped.blob.data;
+	state->wrapped.iov[1].iov_len = state->wrapped.blob.length;
+
+	subreq = tstream_writev_send(state, state->ev,
+				      tgss->plain_stream,
+				      state->wrapped.iov, 2);
+	if (tevent_req_nomem(subreq, req)) {
+		return;
+	}
+	tevent_req_set_callback(subreq,
+				tstream_gensec_writev_wrapped_done,
+				req);
+}
+
+static void tstream_gensec_writev_wrapped_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req =
+		tevent_req_callback_data(subreq,
+		struct tevent_req);
+	struct tstream_gensec_writev_state *state =
+		tevent_req_data(req,
+		struct tstream_gensec_writev_state);
+	struct tstream_gensec *tgss =
+		tstream_context_data(state->stream,
+		struct tstream_gensec);
+	int sys_errno;
+	int ret;
+
+	ret = tstream_writev_recv(subreq, &sys_errno);
+	TALLOC_FREE(subreq);
+	if (ret == -1) {
+		tgss->error = sys_errno;
+		tevent_req_error(req, sys_errno);
+		return;
+	}
+
+	tstream_gensec_writev_wrapped_next(req);
+}
+
+static int tstream_gensec_writev_recv(struct tevent_req *req,
+				   int *perrno)
+{
+	struct tstream_gensec_writev_state *state =
+		tevent_req_data(req,
+		struct tstream_gensec_writev_state);
+	int ret;
+
+	ret = tsocket_simple_int_recv(req, perrno);
+	if (ret == 0) {
+		ret = state->ret;
+	}
+
+	tevent_req_received(req);
+	return ret;
+}
+
+struct tstream_gensec_disconnect_state {
+	uint8_t _dummy;
+};
+
+static struct tevent_req *tstream_gensec_disconnect_send(TALLOC_CTX *mem_ctx,
+							 struct tevent_context *ev,
+							 struct tstream_context *stream)
+{
+	struct tstream_gensec *tgss =
+		tstream_context_data(stream,
+		struct tstream_gensec);
+	struct tevent_req *req;
+	struct tstream_gensec_disconnect_state *state;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct tstream_gensec_disconnect_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	if (tgss->error != 0) {
+		tevent_req_error(req, tgss->error);
+		return tevent_req_post(req, ev);
+	}
+
+	/*
+	 * The caller is responsible to do the real disconnect
+	 * on the plain stream!
+	 */
+	tgss->plain_stream = NULL;
+	tgss->error = ENOTCONN;
+
+	tevent_req_done(req);
+	return tevent_req_post(req, ev);
+}
+
+static int tstream_gensec_disconnect_recv(struct tevent_req *req,
+				       int *perrno)
+{
+	int ret;
+
+	ret = tsocket_simple_int_recv(req, perrno);
+
+	tevent_req_received(req);
+	return ret;
+}
+
+static const struct tstream_context_ops tstream_gensec_ops = {
+	.name                   = "gensec",
+
+	.pending_bytes          = tstream_gensec_pending_bytes,
+
+	.readv_send             = tstream_gensec_readv_send,
+	.readv_recv             = tstream_gensec_readv_recv,
+
+	.writev_send            = tstream_gensec_writev_send,
+	.writev_recv            = tstream_gensec_writev_recv,
+
+	.disconnect_send        = tstream_gensec_disconnect_send,
+	.disconnect_recv        = tstream_gensec_disconnect_recv,
+};
diff --git a/source4/auth/gensec/gensec_tstream.h b/source4/auth/gensec/gensec_tstream.h
new file mode 100644
index 0000000..18389d4
--- /dev/null
+++ b/source4/auth/gensec/gensec_tstream.h
@@ -0,0 +1,40 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   tstream based generic authentication interface
+
+   Copyright (c) 2010 Stefan Metzmacher
+   Copyright (c) 2010 Andreas Schneider <asn@redhat.com>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _GENSEC_TSTREAM_H_
+#define _GENSEC_TSTREAM_H_
+
+struct gensec_context;
+struct tstream_context;
+
+NTSTATUS _gensec_create_tstream(TALLOC_CTX *mem_ctx,
+				struct gensec_security *gensec_security,
+				struct tstream_context *plain_tstream,
+				struct tstream_context **gensec_tstream,
+				const char *location);
+#define gensec_create_tstream(mem_ctx, gensec_security, \
+			      plain_tstream, gensec_tstream) \
+	_gensec_create_tstream(mem_ctx, gensec_security, \
+			       plain_tstream, gensec_tstream, \
+			       __location__)
+
+#endif /* _GENSEC_TSTREAM_H_ */
diff --git a/source4/auth/gensec/pygensec.c b/source4/auth/gensec/pygensec.c
new file mode 100644
index 0000000..97ced8f
--- /dev/null
+++ b/source4/auth/gensec/pygensec.c
@@ -0,0 +1,779 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2009
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "lib/replace/system/python.h"
+#include "python/py3compat.h"
+#include "includes.h"
+#include "python/modules.h"
+#include "param/pyparam.h"
+#include "auth/gensec/gensec.h"
+#include "auth/gensec/gensec_internal.h" /* TODO: remove this */
+#include "auth/credentials/pycredentials.h"
+#include "libcli/util/pyerrors.h"
+#include "python/modules.h"
+#include <pytalloc.h>
+#include <tevent.h>
+#include "librpc/rpc/pyrpc_util.h"
+
+static PyObject *py_get_name_by_authtype(PyObject *self, PyObject *args)
+{
+	int type;
+	const char *name;
+	struct gensec_security *security;
+
+	if (!PyArg_ParseTuple(args, "i", &type))
+		return NULL;
+
+	security = pytalloc_get_type(self, struct gensec_security);
+
+	name = gensec_get_name_by_authtype(security, type);
+	if (name == NULL)
+		Py_RETURN_NONE;
+
+	return PyUnicode_FromString(name);
+}
+
+static struct gensec_settings *settings_from_object(TALLOC_CTX *mem_ctx, PyObject *object)
+{
+	struct gensec_settings *s;
+	PyObject *py_hostname, *py_lp_ctx;
+
+	if (!PyDict_Check(object)) {
+		PyErr_SetString(PyExc_ValueError, "settings should be a dictionary");
+		return NULL;
+	}
+
+	s = talloc_zero(mem_ctx, struct gensec_settings);
+	if (!s) return NULL;
+
+	py_hostname = PyDict_GetItemString(object, "target_hostname");
+	if (!py_hostname) {
+		PyErr_SetString(PyExc_ValueError, "settings.target_hostname not found");
+		return NULL;
+	}
+
+	py_lp_ctx = PyDict_GetItemString(object, "lp_ctx");
+	if (!py_lp_ctx) {
+		PyErr_SetString(PyExc_ValueError, "settings.lp_ctx not found");
+		return NULL;
+	}
+
+	s->target_hostname = PyUnicode_AsUTF8(py_hostname);
+	s->lp_ctx = lpcfg_from_py_object(s, py_lp_ctx);
+	return s;
+}
+
+static PyObject *py_gensec_start_client(PyTypeObject *type, PyObject *args, PyObject *kwargs)
+{
+	NTSTATUS status;
+	PyObject *self;
+	struct gensec_settings *settings;
+	const char *kwnames[] = { "settings", NULL };
+	PyObject *py_settings = Py_None;
+	struct gensec_security *gensec;
+	TALLOC_CTX *frame;
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|O", discard_const_p(char *, kwnames), &py_settings))
+		return NULL;
+
+	frame = talloc_stackframe();
+
+	if (py_settings != Py_None) {
+		settings = settings_from_object(frame, py_settings);
+		if (settings == NULL) {
+			PyErr_NoMemory();
+			TALLOC_FREE(frame);
+			return NULL;
+		}
+	} else {
+		settings = talloc_zero(frame, struct gensec_settings);
+		if (settings == NULL) {
+			PyErr_NoMemory();
+			TALLOC_FREE(frame);
+			return NULL;
+		}
+
+		settings->lp_ctx = loadparm_init_global(true);
+		if (settings->lp_ctx == NULL) {
+			PyErr_NoMemory();
+			TALLOC_FREE(frame);
+			return NULL;
+		}
+	}
+
+	status = gensec_init();
+	if (!NT_STATUS_IS_OK(status)) {
+		PyErr_SetNTSTATUS(status);
+		TALLOC_FREE(frame);
+		return NULL;
+	}
+
+	status = gensec_client_start(frame, &gensec, settings);
+	if (!NT_STATUS_IS_OK(status)) {
+		PyErr_SetNTSTATUS(status);
+		TALLOC_FREE(frame);
+		return NULL;
+	}
+
+	self = pytalloc_steal(type, gensec);
+	TALLOC_FREE(frame);
+
+	return (PyObject *)self;
+}
+
+static PyObject *py_gensec_start_server(PyTypeObject *type, PyObject *args, PyObject *kwargs)
+{
+	NTSTATUS status;
+	PyObject *self;
+	struct gensec_settings *settings = NULL;
+	const char *kwnames[] = { "settings", "auth_context", NULL };
+	PyObject *py_settings = Py_None;
+	PyObject *py_auth_context = Py_None;
+	struct gensec_security *gensec;
+	struct auth4_context *auth_context = NULL;
+	TALLOC_CTX *frame;
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|OO", discard_const_p(char *, kwnames), &py_settings, &py_auth_context))
+		return NULL;
+
+	frame = talloc_stackframe();
+
+	if (py_settings != Py_None) {
+		settings = settings_from_object(frame, py_settings);
+		if (settings == NULL) {
+			PyErr_NoMemory();
+			TALLOC_FREE(frame);
+			return NULL;
+		}
+	} else {
+		settings = talloc_zero(frame, struct gensec_settings);
+		if (settings == NULL) {
+			PyErr_NoMemory();
+			TALLOC_FREE(frame);
+			return NULL;
+		}
+
+		settings->lp_ctx = loadparm_init_global(true);
+		if (settings->lp_ctx == NULL) {
+			PyErr_NoMemory();
+			TALLOC_FREE(frame);
+			return NULL;
+		}
+	}
+
+	if (py_auth_context != Py_None) {
+		bool ok = py_check_dcerpc_type(py_auth_context,
+					       "samba.auth",
+					       "AuthContext");
+		if (!ok) {
+			return NULL;
+		}
+
+		auth_context = pytalloc_get_type(py_auth_context,
+						 struct auth4_context);
+		if (!auth_context) {
+			PyErr_Format(PyExc_TypeError,
+				     "Expected auth.AuthContext for auth_context argument, got %s",
+				     pytalloc_get_name(py_auth_context));
+			return NULL;
+		}
+	}
+
+	status = gensec_init();
+	if (!NT_STATUS_IS_OK(status)) {
+		PyErr_SetNTSTATUS(status);
+		TALLOC_FREE(frame);
+		return NULL;
+	}
+
+	status = gensec_server_start(frame, settings, auth_context, &gensec);
+	if (!NT_STATUS_IS_OK(status)) {
+		PyErr_SetNTSTATUS(status);
+		TALLOC_FREE(frame);
+		return NULL;
+	}
+
+	self = pytalloc_steal(type, gensec);
+	TALLOC_FREE(frame);
+
+	return self;
+}
+
+static PyObject *py_gensec_set_target_hostname(PyObject *self, PyObject *args)
+{
+	struct gensec_security *security = pytalloc_get_type(self, struct gensec_security);
+	char *target_hostname;
+	NTSTATUS status;
+
+	if (!PyArg_ParseTuple(args, "s", &target_hostname))
+		return NULL;
+
+	status = gensec_set_target_hostname(security, target_hostname);
+	if (!NT_STATUS_IS_OK(status)) {
+		PyErr_SetNTSTATUS(status);
+		return NULL;
+	}
+	
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_gensec_set_target_service(PyObject *self, PyObject *args)
+{
+	struct gensec_security *security = pytalloc_get_type(self, struct gensec_security);
+	char *target_service;
+	NTSTATUS status;
+
+	if (!PyArg_ParseTuple(args, "s", &target_service))
+		return NULL;
+
+	status = gensec_set_target_service(security, target_service);
+	if (!NT_STATUS_IS_OK(status)) {
+		PyErr_SetNTSTATUS(status);
+		return NULL;
+	}
+	
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_gensec_set_target_service_description(PyObject *self, PyObject *args)
+{
+	struct gensec_security *security = pytalloc_get_type(self, struct gensec_security);
+	char *target_service_description;
+	NTSTATUS status;
+
+	if (!PyArg_ParseTuple(args, "s", &target_service_description))
+		return NULL;
+
+	status = gensec_set_target_service_description(security,
+						       target_service_description);
+	if (!NT_STATUS_IS_OK(status)) {
+		PyErr_SetNTSTATUS(status);
+		return NULL;
+	}
+
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_gensec_set_credentials(PyObject *self, PyObject *args)
+{
+	PyObject *py_creds = Py_None;
+	struct cli_credentials *creds;
+	struct gensec_security *security = pytalloc_get_type(self, struct gensec_security);
+	NTSTATUS status;
+
+	if (!PyArg_ParseTuple(args, "O", &py_creds))
+		return NULL;
+
+	creds = PyCredentials_AsCliCredentials(py_creds);
+	if (!creds) {
+		PyErr_Format(
+			PyExc_TypeError,
+			"Expected samba.credentials for credentials argument, "
+			"got %s", pytalloc_get_name(py_creds));
+		return NULL;
+	}
+
+	status = gensec_set_credentials(security, creds);
+	if (!NT_STATUS_IS_OK(status)) {
+		PyErr_SetNTSTATUS(status);
+		return NULL;
+	}
+
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_gensec_session_info(PyObject *self,
+		PyObject *Py_UNUSED(ignored))
+{
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+	PyObject *py_session_info;
+	struct gensec_security *security = pytalloc_get_type(self, struct gensec_security);
+	struct auth_session_info *info;
+	if (security->ops == NULL) {
+		PyErr_SetString(PyExc_RuntimeError, "no mechanism selected");
+		return NULL;
+	}
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		return PyErr_NoMemory();
+	}
+
+	status = gensec_session_info(security, mem_ctx, &info);
+	if (NT_STATUS_IS_ERR(status)) {
+		talloc_free(mem_ctx);
+		PyErr_SetNTSTATUS(status);
+		return NULL;
+	}
+
+	py_session_info = py_return_ndr_struct("samba.dcerpc.auth", "session_info",
+						 info, info);
+	talloc_free(mem_ctx);
+	return py_session_info;
+}
+
+static PyObject *py_gensec_session_key(PyObject *self,
+		PyObject *Py_UNUSED(ignored))
+{
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+	struct gensec_security *security = pytalloc_get_type(self, struct gensec_security);
+	DATA_BLOB session_key = data_blob_null;
+	static PyObject *session_key_obj = NULL;
+
+	if (security->ops == NULL) {
+		PyErr_SetString(PyExc_RuntimeError, "no mechanism selected");
+		return NULL;
+	}
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		return PyErr_NoMemory();
+	}
+
+	status = gensec_session_key(security, mem_ctx, &session_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(mem_ctx);
+		PyErr_SetNTSTATUS(status);
+		return NULL;
+	}
+
+	session_key_obj = PyBytes_FromStringAndSize((const char *)session_key.data,
+						     session_key.length);
+	talloc_free(mem_ctx);
+	return session_key_obj;
+}
+
+static PyObject *py_gensec_start_mech_by_name(PyObject *self, PyObject *args)
+{
+	char *name;
+	struct gensec_security *security = pytalloc_get_type(self, struct gensec_security);
+	NTSTATUS status;
+
+	if (!PyArg_ParseTuple(args, "s", &name))
+		return NULL;
+
+	status = gensec_start_mech_by_name(security, name);
+	if (!NT_STATUS_IS_OK(status)) {
+		PyErr_SetNTSTATUS(status);
+		return NULL;
+	}
+
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_gensec_start_mech_by_sasl_name(PyObject *self, PyObject *args)
+{
+	char *sasl_name;
+	struct gensec_security *security = pytalloc_get_type(self, struct gensec_security);
+	NTSTATUS status;
+
+	if (!PyArg_ParseTuple(args, "s", &sasl_name))
+		return NULL;
+
+	status = gensec_start_mech_by_sasl_name(security, sasl_name);
+	if (!NT_STATUS_IS_OK(status)) {
+		PyErr_SetNTSTATUS(status);
+		return NULL;
+	}
+
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_gensec_start_mech_by_authtype(PyObject *self, PyObject *args)
+{
+	int authtype, level;
+	struct gensec_security *security = pytalloc_get_type(self, struct gensec_security);
+	NTSTATUS status;
+	if (!PyArg_ParseTuple(args, "ii", &authtype, &level))
+		return NULL;
+
+	status = gensec_start_mech_by_authtype(security, authtype, level);
+	if (!NT_STATUS_IS_OK(status)) {
+		PyErr_SetNTSTATUS(status);
+		return NULL;
+	}
+
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_gensec_want_feature(PyObject *self, PyObject *args)
+{
+	int feature;
+	struct gensec_security *security = pytalloc_get_type(self, struct gensec_security);
+	/* This is i (and declared as an int above) by design, as they are handled as an integer in python */
+	if (!PyArg_ParseTuple(args, "i", &feature))
+		return NULL;
+
+	gensec_want_feature(security, feature);
+
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_gensec_have_feature(PyObject *self, PyObject *args)
+{
+	int feature;
+	struct gensec_security *security = pytalloc_get_type(self, struct gensec_security);
+	/* This is i (and declared as an int above) by design, as they are handled as an integer in python */
+	if (!PyArg_ParseTuple(args, "i", &feature))
+		return NULL;
+
+	if (gensec_have_feature(security, feature)) {
+		Py_RETURN_TRUE;
+	} 
+	Py_RETURN_FALSE;
+}
+
+static PyObject *py_gensec_set_max_update_size(PyObject *self, PyObject *args)
+{
+	struct gensec_security *security = pytalloc_get_type(self, struct gensec_security);
+	unsigned int max_update_size = 0;
+
+	if (!PyArg_ParseTuple(args, "I", &max_update_size))
+		return NULL;
+
+	gensec_set_max_update_size(security, max_update_size);
+
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_gensec_max_update_size(PyObject *self,
+		PyObject *Py_UNUSED(ignored))
+{
+	struct gensec_security *security = pytalloc_get_type(self, struct gensec_security);
+	unsigned int max_update_size = gensec_max_update_size(security);
+
+	return PyLong_FromLong(max_update_size);
+}
+
+static PyObject *py_gensec_update(PyObject *self, PyObject *args)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx;
+	DATA_BLOB in, out;
+	PyObject *py_bytes, *result, *py_in;
+	struct gensec_security *security = pytalloc_get_type(self, struct gensec_security);
+	PyObject *finished_processing;
+	char *data = NULL;
+	Py_ssize_t len;
+	int err;
+
+	if (!PyArg_ParseTuple(args, "O", &py_in))
+		return NULL;
+
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		return PyErr_NoMemory();
+	}
+
+	err = PyBytes_AsStringAndSize(py_in, &data, &len);
+	if (err) {
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	/*
+	 * Make a copy of the input buffer, as gensec_update may modify its
+	 * input argument.
+	 */
+	in = data_blob_talloc(mem_ctx, data, len);
+	if (!in.data) {
+		talloc_free(mem_ctx);
+		return PyErr_NoMemory();
+	}
+
+	status = gensec_update(security, mem_ctx, in, &out);
+
+	if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)
+	    && !NT_STATUS_IS_OK(status)) {
+		PyErr_SetNTSTATUS(status);
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+	py_bytes = PyBytes_FromStringAndSize((const char *)out.data,
+					     out.length);
+	talloc_free(mem_ctx);
+
+	if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+		finished_processing = Py_False;
+	} else {
+		finished_processing = Py_True;
+	}
+
+	result = PyTuple_Pack(2, finished_processing, py_bytes);
+	Py_XDECREF(py_bytes);
+	return result;
+}
+
+static PyObject *py_gensec_wrap(PyObject *self, PyObject *args)
+{
+	NTSTATUS status;
+
+	TALLOC_CTX *mem_ctx;
+	DATA_BLOB in, out;
+	PyObject *ret, *py_in;
+	struct gensec_security *security = pytalloc_get_type(self, struct gensec_security);
+
+	if (!PyArg_ParseTuple(args, "O", &py_in))
+		return NULL;
+
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		return PyErr_NoMemory();
+	}
+
+	if (!PyBytes_Check(py_in)) {
+		talloc_free(mem_ctx);
+		PyErr_Format(PyExc_TypeError, "bytes expected");
+		return NULL;
+	}
+	in.data = (uint8_t *)PyBytes_AsString(py_in);
+	in.length = PyBytes_Size(py_in);
+
+	status = gensec_wrap(security, mem_ctx, &in, &out);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		PyErr_SetNTSTATUS(status);
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	ret = PyBytes_FromStringAndSize((const char *)out.data, out.length);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+
+static PyObject *py_gensec_unwrap(PyObject *self, PyObject *args)
+{
+	NTSTATUS status;
+
+	TALLOC_CTX *mem_ctx;
+	DATA_BLOB in, out;
+	PyObject *ret, *py_in;
+	struct gensec_security *security = pytalloc_get_type(self, struct gensec_security);
+	char *data = NULL;
+	Py_ssize_t len;
+	int err;
+
+	if (!PyArg_ParseTuple(args, "O", &py_in))
+		return NULL;
+
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		return PyErr_NoMemory();
+	}
+
+	err = PyBytes_AsStringAndSize(py_in, &data, &len);
+	if (err) {
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	/*
+	 * Make a copy of the input buffer, as gensec_unwrap may modify its
+	 * input argument.
+	 */
+	in = data_blob_talloc(mem_ctx, data, len);
+	if (!in.data) {
+		talloc_free(mem_ctx);
+		return PyErr_NoMemory();
+	}
+
+	status = gensec_unwrap(security, mem_ctx, &in, &out);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		PyErr_SetNTSTATUS(status);
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	ret = PyBytes_FromStringAndSize((const char *)out.data, out.length);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static PyObject *py_gensec_sig_size(PyObject *self, PyObject *args)
+{
+	struct gensec_security *security = pytalloc_get_type(self, struct gensec_security);
+	Py_ssize_t data_size = 0;
+	size_t sig_size = 0;
+
+	if (!PyArg_ParseTuple(args, "n", &data_size)) {
+		return NULL;
+	}
+
+	sig_size = gensec_sig_size(security, data_size);
+
+	return PyLong_FromSize_t(sig_size);
+}
+
+static PyObject *py_gensec_sign_packet(PyObject *self, PyObject *args)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = NULL;
+	Py_ssize_t data_length = 0;
+	Py_ssize_t pdu_length = 0;
+	DATA_BLOB data, pdu, sig;
+	PyObject *py_sig;
+	struct gensec_security *security = pytalloc_get_type(self, struct gensec_security);
+
+	if (!PyArg_ParseTuple(args, "z#z#", &data.data, &data_length, &pdu.data, &pdu_length)) {
+		return NULL;
+	}
+	data.length = data_length;
+	pdu.length = pdu_length;
+
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		return PyErr_NoMemory();
+	}
+
+	status = gensec_sign_packet(security, mem_ctx,
+				    data.data, data.length,
+				    pdu.data, pdu.length, &sig);
+	if (!NT_STATUS_IS_OK(status)) {
+		PyErr_SetNTSTATUS(status);
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	py_sig = PyBytes_FromStringAndSize((const char *)sig.data, sig.length);
+	talloc_free(mem_ctx);
+	return py_sig;
+}
+
+static PyObject *py_gensec_check_packet(PyObject *self, PyObject *args)
+{
+	NTSTATUS status;
+	Py_ssize_t data_length = 0;
+	Py_ssize_t pdu_length = 0;
+	Py_ssize_t sig_length = 0;
+	DATA_BLOB data, pdu, sig;
+	struct gensec_security *security = pytalloc_get_type(self, struct gensec_security);
+
+	if (!PyArg_ParseTuple(args, "z#z#z#",
+			      &data.data, &data_length,
+			      &pdu.data, &pdu_length,
+			      &sig.data, &sig_length)) {
+		return NULL;
+	}
+	data.length = data_length;
+	pdu.length = pdu_length;
+	sig.length = sig_length;
+
+	status = gensec_check_packet(security,
+				     data.data, data.length,
+				     pdu.data, pdu.length, &sig);
+	if (!NT_STATUS_IS_OK(status)) {
+		PyErr_SetNTSTATUS(status);
+		return NULL;
+	}
+
+	Py_RETURN_NONE;
+}
+
+static PyMethodDef py_gensec_security_methods[] = {
+	{ "start_client", PY_DISCARD_FUNC_SIG(PyCFunction,
+					      py_gensec_start_client),
+		METH_VARARGS|METH_KEYWORDS|METH_CLASS,
+		"S.start_client(settings) -> gensec" },
+	{ "start_server", PY_DISCARD_FUNC_SIG(PyCFunction,
+					      py_gensec_start_server),
+		METH_VARARGS|METH_KEYWORDS|METH_CLASS,
+		"S.start_server(auth_ctx, settings) -> gensec" },
+	{ "set_credentials", (PyCFunction)py_gensec_set_credentials, METH_VARARGS, 
+		"S.set_credentials(credentials)" },
+	{ "set_target_hostname", (PyCFunction)py_gensec_set_target_hostname, METH_VARARGS, 
+		"S.set_target_hostname(target_hostname) \n This sets the Kerberos target hostname to obtain a ticket for." },
+	{ "set_target_service", (PyCFunction)py_gensec_set_target_service, METH_VARARGS, 
+		"S.set_target_service(target_service) \n This sets the Kerberos target service to obtain a ticket for.  The default value is 'host'" },
+	{ "set_target_service_description", (PyCFunction)py_gensec_set_target_service_description, METH_VARARGS,
+		"S.set_target_service_description(target_service_description) \n This description is set server-side and used in authentication and authorization logs.  The default value is that provided to set_target_service() or None."},
+	{ "session_info", (PyCFunction)py_gensec_session_info, METH_NOARGS,
+		"S.session_info() -> info" },
+	{ "session_key", (PyCFunction)py_gensec_session_key, METH_NOARGS,
+		"S.session_key() -> key" },
+	{ "start_mech_by_name", (PyCFunction)py_gensec_start_mech_by_name, METH_VARARGS,
+		"S.start_mech_by_name(name)" },
+	{ "start_mech_by_sasl_name", (PyCFunction)py_gensec_start_mech_by_sasl_name, METH_VARARGS,
+		"S.start_mech_by_sasl_name(name)" },
+	{ "start_mech_by_authtype", (PyCFunction)py_gensec_start_mech_by_authtype, METH_VARARGS,
+		"S.start_mech_by_authtype(authtype, level)" },
+	{ "get_name_by_authtype", (PyCFunction)py_get_name_by_authtype, METH_VARARGS,
+		"S.get_name_by_authtype(authtype) -> name\nLookup an auth type." },
+	{ "want_feature", (PyCFunction)py_gensec_want_feature, METH_VARARGS,
+		"S.want_feature(feature)\n Request that GENSEC negotiate a particular feature." },
+	{ "have_feature", (PyCFunction)py_gensec_have_feature, METH_VARARGS,
+		"S.have_feature()\n Return True if GENSEC negotiated a particular feature." },
+	{ "set_max_update_size",  (PyCFunction)py_gensec_set_max_update_size, METH_VARARGS,
+		"S.set_max_update_size(max_size) \n Some mechs can fragment update packets, needs to be use before the mech is started." },
+	{ "max_update_size",  (PyCFunction)py_gensec_max_update_size, METH_NOARGS,
+		"S.max_update_size() \n Return the current max_update_size." },
+	{ "update",  (PyCFunction)py_gensec_update, METH_VARARGS,
+		"S.update(blob_in) -> (finished, blob_out)\nPerform one step in a GENSEC dance.  Repeat with new packets until finished is true or exception." },
+	{ "wrap",  (PyCFunction)py_gensec_wrap, METH_VARARGS,
+		"S.wrap(blob_in) -> blob_out\nPackage one clear packet into a wrapped GENSEC packet." },
+	{ "unwrap",  (PyCFunction)py_gensec_unwrap, METH_VARARGS,
+		"S.unwrap(blob_in) -> blob_out\nPerform one wrapped GENSEC packet into a clear packet." },
+	{ "sig_size",  (PyCFunction)py_gensec_sig_size, METH_VARARGS,
+		"S.sig_size(data_size) -> sig_size\nSize of the DCERPC packet signature" },
+	{ "sign_packet",  (PyCFunction)py_gensec_sign_packet, METH_VARARGS,
+		"S.sign_packet(data, whole_pdu) -> sig\nSign a DCERPC packet." },
+	{ "check_packet",  (PyCFunction)py_gensec_check_packet, METH_VARARGS,
+		"S.check_packet(data, whole_pdu, sig)\nCheck a DCERPC packet." },
+	{0}
+};
+
+static struct PyModuleDef moduledef = {
+    PyModuleDef_HEAD_INIT,
+    .m_name = "gensec",
+    .m_doc = "Generic Security Interface.",
+    .m_size = -1,
+};
+
+static PyTypeObject Py_Security = {
+	.tp_name = "gensec.Security",
+	.tp_flags = Py_TPFLAGS_DEFAULT,
+	.tp_methods = py_gensec_security_methods,
+};
+
+MODULE_INIT_FUNC(gensec)
+{
+	PyObject *m;
+
+	if (pytalloc_BaseObject_PyType_Ready(&Py_Security) < 0)
+		return NULL;
+
+	m = PyModule_Create(&moduledef);
+	if (m == NULL)
+		return NULL;
+
+	PyModule_AddObject(m, "FEATURE_SESSION_KEY",     PyLong_FromLong(GENSEC_FEATURE_SESSION_KEY));
+	PyModule_AddObject(m, "FEATURE_SIGN",            PyLong_FromLong(GENSEC_FEATURE_SIGN));
+	PyModule_AddObject(m, "FEATURE_SEAL",            PyLong_FromLong(GENSEC_FEATURE_SEAL));
+	PyModule_AddObject(m, "FEATURE_DCE_STYLE",       PyLong_FromLong(GENSEC_FEATURE_DCE_STYLE));
+	PyModule_AddObject(m, "FEATURE_ASYNC_REPLIES",   PyLong_FromLong(GENSEC_FEATURE_ASYNC_REPLIES));
+	PyModule_AddObject(m, "FEATURE_DATAGRAM_MODE",   PyLong_FromLong(GENSEC_FEATURE_DATAGRAM_MODE));
+	PyModule_AddObject(m, "FEATURE_SIGN_PKT_HEADER", PyLong_FromLong(GENSEC_FEATURE_SIGN_PKT_HEADER));
+	PyModule_AddObject(m, "FEATURE_NEW_SPNEGO",      PyLong_FromLong(GENSEC_FEATURE_NEW_SPNEGO));
+
+	Py_INCREF(&Py_Security);
+	PyModule_AddObject(m, "Security", (PyObject *)&Py_Security);
+
+	return m;
+}
diff --git a/source4/auth/gensec/wscript_build b/source4/auth/gensec/wscript_build
new file mode 100644
index 0000000..2885eb0
--- /dev/null
+++ b/source4/auth/gensec/wscript_build
@@ -0,0 +1,41 @@
+#!/usr/bin/env python
+
+bld.SAMBA_SUBSYSTEM('gensec_util',
+                    source='gensec_tstream.c',
+                    deps='tevent-util tevent samba-util LIBTSOCKET',
+                    autoproto='gensec_proto.h')
+
+gensec_krb5_sources = 'gensec_krb5_heimdal.c'
+if bld.CONFIG_SET('SAMBA_USES_MITKDC'):
+    gensec_krb5_sources = 'gensec_krb5_mit.c'
+
+bld.SAMBA_MODULE('gensec_krb5',
+	source='gensec_krb5.c ' + gensec_krb5_sources,
+	subsystem='gensec',
+	init_function='gensec_krb5_init',
+	deps='samba-credentials authkrb5 com_err',
+	internal_module=False,
+        enabled=bld.AD_DC_BUILD_IS_ENABLED()
+	)
+
+bld.SAMBA_SUBSYSTEM('gensec_krb5_helpers',
+    source='gensec_krb5_helpers.c',
+    deps='talloc authkrb5',
+    enabled=bld.AD_DC_BUILD_IS_ENABLED())
+
+bld.SAMBA_MODULE('gensec_gssapi',
+	source='gensec_gssapi.c',
+	subsystem='gensec',
+	init_function='gensec_gssapi_init',
+	deps='gssapi samba-credentials authkrb5 com_err'
+	)
+
+
+pytalloc_util = bld.pyembed_libname('pytalloc-util')
+pyparam_util = bld.pyembed_libname('pyparam_util')
+
+bld.SAMBA_PYTHON('pygensec',
+        source='pygensec.c',
+        deps='gensec %s %s' % (pytalloc_util, pyparam_util),
+        realname='samba/gensec.so'
+        )
diff --git a/source4/auth/kerberos/kerberos-notes.txt b/source4/auth/kerberos/kerberos-notes.txt
new file mode 100644
index 0000000..cb8f0a9
--- /dev/null
+++ b/source4/auth/kerberos/kerberos-notes.txt
@@ -0,0 +1,760 @@
+Copyright Andrew Bartlett <abartlet@samba.org> 2005-2009
+Copyright Donald T. Davis <don@mit.edu>  
+
+Released under the GPLv3
+
+Important context for porting to MIT
+------------------------------------
+
+This document should be read in conjunction with the Samba4 source code.  
+DAL and KDC requirements are expressed (as an implementation against Heimdal's 
+HDB abstraction layer) in Samba4's source4/kdc/hdb-samba4.c in particular.
+hbd-samba4.c is the biggest piece of samba-to-krb glue layer, so the main
+part of the port to MIT is to replace hdb-samba4 with a similar glue layer
+that's designed for MIT's code.
+
+PAC requirements are implemented in source4/kdc/pac-glue.c
+
+The plugins (both of the above are Heimdal plugins) for the above are loaded 
+in source4/kdc/kdc.c
+
+For GSSAPI requirements, see auth/gensec/gensec_gssapi.c (the consumer of 
+GSSAPI in Samba4)
+
+For Kerberos requirements, see auth/kerberos/krb5_init_context.c .
+
+Samba has its own credentials system, wrapping GSS creds, just as GSS 
+creds wrap around krb5 creds.  For the interaction between Samba4 credentials
+system and GSSAPI and Kerberos see auth/credentials/credentials_krb5.c .
+
+AllowedWorkstationNames and Krb5
+--------------------------------
+
+Microsoft uses the clientAddresses *multiple value* field in the krb5
+protocol (particularly the AS_REQ) to communicate the client's netbios 
+name (legacy undotted name, <14 chars)
+
+This is (my guess) to support the userWorkstations field (in user's AD record).
+The idea is to support client-address restrictions, as was standard in NT:
+The AD authentication server I imagine checks the netbios address against 
+this userWorkstations value (BTW, the NetLogon server does this, too).
+
+The checking of this field implies a little of the next question:
+
+Is a DAL the layer we need?
+---------------------------
+
+Looking at what we need to pass around, I don't think
+the DAL is even the right layer; what we really want 
+is to create an account-authorization abstraction layer 
+(e.g., is this account permitted to login to this computer,
+at this time?).  
+Here is how we ended up doing this in Heimdal:
+  * We created a separate plugin, with this API:
+      typedef struct hdb_entry_ex {
+         void *ctx;
+         hdb_entry entry;
+         void (*free_entry)(krb5_context, struct hdb_entry_ex *);
+      } hdb_entry_ex;
+
+  * The void *ctx is a "private pointer," provided by the 'get' method's
+    hdb_entry_ex retval.  The APIs below use the void *ctx so as to find 
+    additional information about the user, not contained in the hdb_entry 
+    structure.  Both the provider and the APIs below understand how to cast 
+    the private void *ctx pointer. 
+
+       typedef krb5_error_code
+            (*krb5plugin_windc_pac_generate)(void *, krb5_context,
+				             struct hdb_entry_ex *, krb5_pac*);
+       typedef krb5_error_code
+            (*krb5plugin_windc_pac_verify)(void *, krb5_context,
+			                   const krb5_principal,
+			                   struct hdb_entry_ex *,
+			                   struct hdb_entry_ex *,
+			                   krb5_pac *);
+       typedef krb5_error_code
+            (*krb5plugin_windc_client_access)(void *, 
+                                              krb5_context, 
+                                              struct hdb_entry_ex *, 
+                                              KDC_REQ *, krb5_data *);
+                                              
+  * (The krb5_data* here is critical, so that samba's KDC can return 
+    the right NTSTATUS code in the 'error string' returned to the client.
+    Otherwise, the windows client won't get the right error message to 
+    the user (such as 'password expired' etc).  The pure Kerberos error 
+    is not enough)
+
+       typedef struct krb5plugin_windc_ftable {
+            int			minor_version;
+            krb5_error_code	(*init)(krb5_context, void **);
+            void		(*fini)(void *);
+            rb5plugin_windc_pac_generate	pac_generate;
+            krb5plugin_windc_pac_verify		pac_verify;
+            krb5plugin_windc_client_access	client_access;
+       } krb5plugin_windc_ftable;
+      This API has some heimdal-specific stuff, that'll have to change when we port the plugin to MIT krb.
+   * 1st callback (pac_generate) creates an initial PAC from the user's AD record.
+   * 2nd callback (pac_verify) check that a PAC is correctly signed, add additional groups (for cross-realm tickets) and re-sign with the key of the target kerberos service's account
+   * 3rd callback (client_access) perform additional access checks, such as allowedWorkstations and account expiry.
+   * for example, to register this plugin, use the kdc's standard 
+     plugin-system at Samba4's initialisation:
+        /* first, setup the table of callback pointers */
+      	/* Registar WinDC hooks */
+	ret = krb5_plugin_register(krb5_context, 
+				   PLUGIN_TYPE_DATA, "windc",
+				   &windc_plugin_table);
+	/* once registered, the KDC will invoke the callbacks */
+	/* while preparing each new ticket (TGT or app-tkt)   */
+   * an alternate way to register the plugin is with a config-file that names
+     a DSO (Dynamically Shared Object).
+
+ 
+This plugin helps bridge an important gap:  The user's AD record is much 
+richer than the Heimdal HDB format allows, so we do AD-specific access 
+control checks in an AD-specific layer (ie, the plugin), not in the 
+DB-agnostic KDC server.
+
+In Novell's pure DAL approach, the DAL only read in the principalName as 
+the key, so it had trouble performing access-control decisions on things 
+other than the name (like the addresses).
+
+There is another, currently unhandled challenge in this area - the need to handle
+bad password counts (and good password notification), so that a single policy can
+be applied against all means of checking a password (NTLM, Kerberos, LDAP Simple 
+bind etc)
+
+The Original work by Novell in creating a DAL did not seem to provide a way to 
+update the PW counts information.  Nevertheless, we know that this is very much
+required (and may have been addressed in Simo's subsequent IPA-KDC design), 
+because in Samba3+eDirectory, great lengths are taken to update this information. 
+
+GSSAPI layer requirements
+-------------------------
+
+Welcome to the wonderful world of canonicalisation
+
+The MIT Krb5 libs (including GSSAPI) do not support kinit returning a different
+realm to what the client asked for, even just in case differences.
+
+Heimdal has the same problem, and this too applies to the krb5 layer, not
+just gssapi.
+
+there's two kinds of name-canonicalization that can occur:
+   * lower-to-upper case conversion, because Windows domain names are
+     usually in upper case;
+   * an unrecognizable substitution of names, such as might happen when 
+     a user requests a ticket for a NetBIOS domain name, but gets back
+     a ticket for the corresponding FQDN.
+
+As developers, we should test if the AD KDC's name-canonicalisation 
+can be turned off with the KDCOption flags in the AS-REQ or TGS-REQ;  
+Windows clients always send the Canonicalize flags as KDCOption values.
+
+Old Clients (samba3 and HPUX clients) use 'selfmade' gssapi/krb5 tokens
+for use in the CIFS session setup.  these hand-crafted ASN.1 packets don't
+follow rfc1964 perfectly, so server-side krblib code has to be flexible 
+enough to accept these bent tokens.  
+It turns out that Windows' GSSAPI server-side code is sloppy about checking
+some GSSAPI tokens' checksums.  During initial work to implement an AD client,
+it was easier to make an acceptable solution (to Windows servers) than to 
+correctly implement the GSSAPI specification, particularly on top of the 
+(inflexible) MIT Kerberos API.  It did not seem possible to write a correct, 
+separate GSSAPI implementation on top of MIT Kerberos's public krb5lib API,
+and at the time, the effort did not need to extend beyond what Windows would 
+require.  
+
+The upshot is that old Samba3 clients send GSSAPI tokens bearing incorrect
+checksums, which AD's Krb5lib cheerfully accepts (but accepts the good checksums,
+too).  Similarly, Samba4's heimdal krb5lib accepts these incorrect checksums.  
+Accordingly, if MIT's krb5lib wants to interoperate with the old Samba3 clients, 
+then MIT's library will have to do the same.
+
+Because these old clients use krb5_mk_req()
+the app-servers get a chksum field depending on the encryption type, but that's 
+wrong for GSSAPI (see rfc 1964 section 1.1.1). The Checksum type 8003 should 
+be used in the Authenticator of the AP-REQ! That (correct use of the 8003 type) 
+would allows the channel bindings, the GCC_C_* req_flags and optional delegation
+tickets to be passed from the client to the server.  However windows doesn't 
+seem to care whether the checksum is of the wrong type, and for CIFS SessionSetups, 
+it seems that the req_flags are just set to 0.
+This deviant checksum can't work for LDAP connections with sign or seal, or 
+for any DCERPC connection, because those connections do not require the 
+negotiation of GSS-Wrap paraemters (signing or sealing of whole payloads).  
+Note:  CIFS has an independent SMB signing mechanism, using the Kerberos key.
+
+see heimdal/lib/gssapi/krb5/accept_sec_context.c, lines 390-450 or so.
+
+This bug-compatibility is likely to be controversial in the kerberos community, 
+but a similar need for bug-compatibility arose around MIT's & Heimdal's both 
+failing to support TGS_SUBKEYs correctly, and there are numerous other cases.
+see https://lists.anl.gov/pipermail/ietf-krb-wg/2009-May/007630.html
+
+So MIT's krb5lib needs to also support old clients!
+
+Principal Names, long and short names
+-------------------------------------
+
+As far as servicePrincipalNames are concerned, these are not
+canonicalised by AD's KDC, except as regards the realm in the reply.
+That is, the client gets back the principal it asked for, with 
+the realm portion 'fixed' to uppercase, long form.  
+Heimdal doesn't canonicalize names, but Samba4 does some canonicalization:
+For hostnames and usernames, Samba4 canonicalizes the requested name only 
+for the LDAP principal-lookup, but then Samba4 returns the retrieved LDAP 
+record with the request's original, uncanonicalized hostname replacing the 
+canonicalized name that actually was retrieved.
+AB says that for usernames, Samba4 used to return the canonicalized username, 
+as retrieved from LDAP.  The reason for the different treatment was that 
+the user needs to present his own canonicalized username to servers, for
+ACL-matching.  For hostnames this isn't necessary.
+So, for bug-compatibility, we may need to optionally disable any
+namne-canonicalization that MIT's KDC does.
+
+The short name of the realm seems to be accepted for at least AS_REQ
+operations, but the AD KDC always performs realm-canonicalisation, 
+which converts the short realm-name to the canonical long form.  
+So, this causes pain for current krb client libraries. 
+
+The canonicalisation of names matters not only for the KDC, but also
+for code that has to deal with keytabs.
+With credential-caches, when canonicalization leads to cache-misses,
+the client just asks for new credentials for the variant server-name.
+This could happen, for example, if the user asks to access the server
+twice, using different variants of the server-name.
+
+We also need to handle type 10 names (NT-ENTERPRISE), which are a full
+principal name in the principal field, unrelated to the realm.
+The principal field contains both principal & realm names, while the 
+realm field contains a realm name, too, possibly different.
+For example, an NT-ENTERPRISE principal name might look like:
+joeblow@microsoft.com@NTDEV.MICROSOFT.COM ,
+<--principal field-->|<----realm name--->|
+
+Where joe@microsoft.com is the leading portion, and NTDEV.MICROSOFT.COM is 
+the realm.  This is used for the 'email address-like login-name' feature of AD.
+
+HOST/ Aliases
+-------------
+
+There is another post somewhere (ref lost for the moment) that details
+where in active directory the list of stored aliases for HOST/ is.
+This list is read & parsed by the AD KDC, so as to allow any of these
+aliased ticket-requests to use the HOST/ key.
+
+Samba4 currently has set:
+sPNMappings: host=ldap,dns,cifs,http  (but dns's presence is a bug, somehow)
+
+AD actually has ~50 entries:
+
+sPNMappings: host=alerter,appmgmt,cisvc,clipsrv,browser,dhcp,dnscache,replicat
+ or,eventlog,eventsystem,policyagent,oakley,dmserver,dns,mcsvc,fax,msiserver,i
+ as,messenger,netlogon,netman,netdde,netddedsm,nmagent,plugplay,protectedstora
+ ge,rasman,rpclocator,rpc,rpcss,remoteaccess,rsvp,samss,scardsvr,scesrv,seclog
+ on,scm,dcom,cifs,spooler,snmp,schedule,tapisrv,trksvr,trkwks,ups,time,wins,ww
+ w,http,w3svc,iisadmin,msdtc
+ 
+Domain members that expect the longer list will break in damb4, as of 6/09.
+AB says he'll try to fix this right away.
+
+For example, this is how HTTP/, and CIFS/ can use HOST/ without
+any explicit entry in the servicePrincipalName attribute
+
+
+For example, the application-server might have (on its AD record):
+servicePrincipalName: HOST/my.computer@MY.REALM
+
+but the client asks for a ticket to cifs/my.computer@MY.REALM
+AD looks in LDAP for both name-variants
+AD then transposes cifs -> host after performing the lookup in the 
+directory (for the original name), then looks for host/my.computer@MY.REALM
+
+for hostnames & usernames, alternate names appear as extra values in 
+the multivalued "principal name" attributes:
+ - For hostnames, the other names (other than it's short name, implied 
+   from the CN), is stored in the servicePrincipalName
+ - For usernames, the other names are stored in the userPrincipalName 
+   attribute, and can be full e-mail address like names, such as 
+   joe@microsoft.com (see above).
+   
+Jean-Baptiste.Marchand@hsc.fr reminds me:
+> This is the SPNMappings attribute in Active Directory:
+> http://msdn.microsoft.com/library/en-us/adschema/adschema/a_spnmappings.asp
+
+We implement this in hdb-ldb.
+
+Implicit names for Win2000 Accounts
+-----------------------------------
+AD's records for servers are keyed by CN or by servicePrincipalName,
+but for win2k boxes, these records don't include servicePrincipalName, 
+so, the CN attribute is used instead.
+Despite not having a servicePrincipalName on accounts created 
+by computers running win2000, it appears we are expected 
+to have an implicit mapping from host/computer.full.name and
+host/computer to the computer's entry in the AD LDAP database 
+(ie, be able to obtain tickets for that host name in the KDC).
+
+Returned Salt for PreAuthentication
+-----------------------------------
+
+When the KDC replies for pre-authentication, it returns the Salt,
+which may be in the form of a principalName that is in no way
+connected with the current names.  (ie, even if the userPrincipalName
+and samAccountName are renamed, the old salt is returned).
+
+This is the kerberos standard salt, kept in the 'Key'.  The
+AD generation rules are found in a Mail from Luke Howard dated
+10 Nov 2004.  The MIT glue layer doesn't really need to care about
+these salt-handling details;  the samba4 code & the LDAP backend 
+will conspire to make sure that MIT's KDC gets correct salts.
+
+
+From: Luke Howard <lukeh@padl.com>
+Organization: PADL Software Pty Ltd
+To: lukeh@padl.com
+Date: Wed, 10 Nov 2004 13:31:21 +1100
+Cc: huaraz@moeller.plus.com, samba-technical@lists.samba.org
+Subject: Re: Samba-3.0.7-1.3E Active Directory Issues
+-------
+
+Did some more testing, it appears the behaviour has another
+explanation. It appears that the standard Kerberos password salt
+algorithm is applied in Windows 2003, just that the source principal
+name is different.
+
+Here is what I've been able to deduce from creating a bunch of
+different accounts:  
+[SAM name in this mail means the AD attribute samAccountName .
+ E.g., jbob for a user and jbcomputer$ for a computer.]
+
+[UPN is the AD userPrincipalName attribute.  For example, jbob@mydomain.com]
+
+Type of account		        Principal for Salting
+========================================================================
+Computer Account                host/<SAM-Name-Without-$>.realm@REALM
+User Account Without UPN        <SAM-Name>@REALM
+User Account With UPN           <LHS-Of-UPN>@REALM
+
+Note that if the computer account's SAM account name does not include
+the trailing '$', then the entire SAM account name is used as input to
+the salting principal. Setting a UPN for a computer account has no
+effect.
+
+It seems to me odd that the RHS of the UPN is not used in the salting
+principal. For example, a user with UPN foo@mydomain.com in the realm
+MYREALM.COM would have a salt of MYREALM.COMfoo. Perhaps this is to
+allow a user's UPN suffix to be changed without changing the salt. And
+perhaps using the UPN for salting signifies a move away SAM names and
+their associated constraints.
+
+For more information on how UPNs relate to the Kerberos protocol,
+see:
+
+http://www.ietf.org/proceedings/01dec/I-D/draft-ietf-krb-wg-kerberos-referrals-02.txt
+
+-- Luke
+
+
+
+Heimdal oddities
+----------------
+
+Heimdal is built such that it should be able to serve multiple realms
+at the same time.  This isn't relevant for Samba's use, but it shows
+up in a lot of generalisations throughout the code.
+
+Samba4's code originally tried internally to make it possible to use
+Heimdal's multi-realms-per-KDC ability, but this was ill-conceived,
+and AB has recently (6/09) ripped the last of that multi-realms
+stuff out of samba4.  AB says that in AD, it's not really possible
+to make this work;  several AD components structurally assume that
+there's one realm per KDC.  However, we do use this to support
+canonicalization of realm-names:  case variations, plus long-vs-short
+variants of realm-names.
+
+Other odd things:
+ - Heimdal supports multiple passwords on a client account:  Samba4
+   seems to call hdb_next_enctype2key() in the pre-authentication 
+   routines to allow multiple passwords per account in krb5.  
+   (I think this was intended to allow multiple salts).
+   AD doesn't support this, so the MIT port shouldn't bother with 
+   this.
+
+State Machine safety when using Kerberos and GSSAPI libraries
+-------------------------------------------------------------
+
+Samba's client-side & app-server-side libraries are built on a giant 
+state machine, and as such have very different
+requirements to those traditionally expressed for kerberos and GSSAPI
+libraries. 
+
+Samba requires all of the libraries it uses to be state machine safe in
+their use of internal data.  This does not mean thread safe, and an
+application could be thread safe, but not state machine safe (if it
+instead used thread-local variables).
+
+So, what does it mean for a library to be state machine safe?  This is
+mostly a question of context, and how the library manages whatever
+internal state machines it has.  If the library uses a context
+variable, passed in by the caller, which contains all the information
+about the current state of the library, then it is safe.  An example
+of this state is the sequence number and session keys for an ongoing
+encrypted session).
+
+The other issue affecting state machines is 'blocking' (waiting for a
+read on a network socket).  Samba's non-blocking I/O doesn't like
+waiting for libkrb5 to go away for awhile to talk to the KDC.
+
+Samba4 provides a hook 'send_to_kdc', that allows Samba4 to take over the 
+IO handling, and run other events in the meantime.  This uses a 
+'nested event context' (which presents the challenges that the kerberos 
+library might be called again, while still in the send_to_kdc hook).
+
+Heimdal has this 'state machine safety' in parts, and we have modified
+the lorikeet branch to improve this behaviour, when using a new,
+non-standard API to tunnelling a ccache (containing a set of tickets)
+through the gssapi, by temporarily casting the ccache pointer to a 
+gss credential pointer.  
+This new API is Heimdal's samba4-requested gss_krb5_import_cred() fcn;
+this will have to be rewritten or ported in the MIT port.
+
+This replaces an older scheme using the KRB5_CCACHE
+environment variable to get the same job done.  This tunnelling trick 
+enables a command-line app-client to run kinit tacitly, before running 
+GSSAPI for service-authentication.  This tunnelling trick avoids the 
+more usual approach of keeping the ccache pointer in a global variable.
+
+No longer true;  the krb5_context global is gone now:
+[Heimdal uses a per-context variable for the 'krb5_auth_context', which
+controls the ongoing encrypted connection, but does use global
+variables for the ubiquitous krb5_context parameter.] 
+
+The modification that has added most to 'state machine safety' of
+GSSAPI is the addition of the gss_krb5_acquire_creds() function.  This
+allows the caller to specify a keytab and ccache, for use by the
+GSSAPI code.  Therefore there is no need to use global variables to
+communicate this information about keytab & ccache. 
+
+At a more theoretical level (simply counting static and global
+variables) Heimdal is not state machine safe for the GSSAPI layer.
+(Heimdal is now (6/09) much more nearly free of globals.)
+The Krb5 layer alone is much closer, as far as I can tell, blocking
+excepted. .
+
+
+As an alternate to fixing MIT Kerberos for better safety in this area, 
+a new design might be implemented in Samba, where blocking read/write 
+is made to the KDC in another (fork()ed) child process, and the results 
+passed back to the parent process for use in other non-blocking operations. 
+
+To deal with blocking, we could have a fork()ed child per context,
+using the 'GSSAPI export context' function to transfer
+the GSSAPI state back into the main code for the wrap()/unwrap() part
+of the operation.  This will still hit issues of static storage (one
+gss_krb5_context per process, and multiple GSSAPI encrypted sessions
+at a time) but these may not matter in practice.
+
+This approach has long been controversial in the Samba team. 
+An alternate way would be to be implement E_AGAIN in libkrb5:  similar
+to the way to way read() works with incomplete operations.  to do this
+in libkrb5 would be difficult, but valuable.
+
+In the short-term, we deal with blocking by taking over the network
+send() and recv() functions, therefore making them 'semi-async'.  This
+doesn't apply to DNS yet.These thread-safety context-variables will
+probably present porting problems, during the MIT port.  This will
+probably be most of the work in the port to MIT.
+
+
+
+GSSAPI and Kerberos extensions
+------------------------------
+
+This is a general list of the other extensions we have made to / need from
+the kerberos libraries
+
+ - DCE_STYLE : Microsoft's hard-coded 3-msg Challenge/Response handshake
+   emulates DCE's preference for C/R.  Microsoft calls this DCE_STYLE.
+   MIT already has this nowadays (6/09).
+
+ - gsskrb5_get_initiator_subkey() (return the exact key that Samba3
+   has always asked for.  gsskrb5_get_subkey() might do what we need
+   anyway).  This is necessary, because in some spots, Microsoft uses
+   raw Kerberos keys, outside the Kerberos protocols, and not using Kerberos 
+   wrappings etc.  Ie, as a direct input to MD5 and ARCFOUR, without using 
+   the make_priv() or make_safe() calls.
+
+ - gsskrb5_acquire_creds() (takes keytab and/or ccache as input
+   parameters, see keytab and state machine discussion in prev section)
+
+Not needed anymore, because MIT's code now handles PACs fully:
+ - gss_krb5_copy_service_keyblock() (get the key used to actually
+   encrypt the ticket to the server, because the same key is used for
+   the PAC validation).
+ - gsskrb5_extract_authtime_from_sec_context (get authtime from
+   kerberos ticket)
+ - gsskrb5_extract_authz_data_from_sec_context (get authdata from
+   ticket, ie the PAC.  Must unwrap the data if in an AD-IFRELEVENT)]
+The new function to handle the PAC fully
+ - gsskrb5_extract_authz_data_from_sec_context()
+
+Samba still needs this one:
+ - gsskrb5_wrap_size (find out how big the wrapped packet will be,
+   given input length).
+
+Keytab requirements
+-------------------
+
+Because windows machine account handling is very different to the
+traditional 'MIT' keytab operation.
+This starts when we look at the basics of the secrets handling:
+
+Samba file-servers can have many server-name simultaneously (kindof
+like web servers' software virtual hosting), but since these servers
+are running in AD, these names are free to be set up to all share
+the same secret key.  In AD, host-sharing server names almost always 
+share a secret key like this.  In samba3, this key-sharing was optional, so
+some samba3 hosts' keytabs did hold multiple keys.  samba4 abandons this
+traditional "old MIT" style of keytab, and only supports one key per keytab,
+and multiple server-names can use that keytab key in common.
+Heimdal offered "in-memory keytabs" for servers that use passwords. 
+These server-side passwords were held in a Samba LDB database called secrets.ldb,
+and the heimdal library would be supplied the password from the ldb file and 
+would construct an in-memory keytab struct containing the password, 
+just as if the library had read an MIT-style keytab file.
+Unfortunately, only later, at recv_auth() time, would the heimdal library
+convert the PW into a salted-&-hashed AES key, by hashing 10,000 times with
+SHA-1.  So, nowadays, this password-based in-memory keytab is seen as too
+slow, and is falling into disuse.
+
+Traditional 'MIT' behaviour is to use a keytab, containing salted key
+data, extracted from the KDC.  (In this model, there is no 'service
+password', instead the keys are often simply application of random
+bytes).  Heimdal also implements this behaviour.
+
+The windows model is very different - instead of sharing a keytab with
+each member server, a random utf-16 pseudo-textual password is stored 
+for the whole machine.  
+The password is set with non-kerberos mechanisms (particularly SAMR, 
+a DCE-RPC service) and when interacting on a kerberos basis, the
+password is salted by the member server (ie, an AD server-host).  
+(That is, no salt information appears to be conveyed from the AD KDC 
+to the member server.  ie, the member server must use the rule's 
+described in Luke's mail above).
+
+pre-win7 AD and samba3/4 both use SAMR, an older protocol, to jumpstart
+the member server's PW-sharing with AD (the "windows domain-join process").  
+This PW-sharing transfers only the PW's utf-16 text, without any salting 
+or hashing, so that non-krb security mechanisms can use the same utf-16
+text PW.  for windows 7, this domain-joining uses LDAP for PW-setting.
+
+In dealing with this model, we use both the traditional file
+keytab and in-MEMORY keytabs.  
+
+When dealing with a windows KDC, the behaviour regarding case
+sensitivity and canonacolisation must be accomidated.  This means that
+an incoming request to a member server may have a wide variety of
+service principal names.  These include:
+
+machine$@REALM (samba clients)
+HOST/foo.bar@realm (win2k clients)
+HOST/foo@realm (win2k clients, using netbios)
+cifs/foo.bar@realm (winxp clients)
+cifs/foo@realm (winxp clients, using netbios)
+
+as well as all case variations on the above.  
+
+Heimdal's GSSAPI expects to get a principal-name & a keytab, possibly containing
+multiple principals' different keys.  However, AD has a different problem to
+solve, which is that the client may know the member-server by a non-canonicalized
+principal name, yet AD knows the keytab contains exactly one key, indexed by
+the canonical name.  So, GSSAPI is unprepared to canonicalize the server-name
+that the cliet requested, and is also overprepared to do an unnecessary search
+through the keytab by principal-name.  So samba's server-side GSSAPI calls game 
+the GSSAPI, by supplying the server's known canonical name, and the one-key keytab.
+this doesn't really affect the port to mit-krb.
+
+Because the number of U/L case combinations got 'too hard' to put into a keytab in the
+traditional way (with the client to specify the name), we either
+pre-compute the keys into a traditional keytab or make an in-MEMORY
+keytab at run time.  In both cases we specify the principal name to
+GSSAPI, which avoids the need to store duplicate principals.
+
+We use a 'private' keytab in our private dir, referenced from the
+secrets.ldb by default.
+
+Extra Heimdal functions used
+----------------------------
+these fcns didn't exist in the MIT code, years ago, when samba started.
+AB will try to build a final list of these fcns.
+
+(an attempt to list some of the Heimdal-specific functions I know we use)
+
+krb5_free_keyblock_contents()
+
+also a raft of prinicpal manipulation functions:
+
+Prncipal Manipulation
+---------------------
+
+Samba makes extensive use of the principal manipulation functions in
+Heimdal, including the known structure behind krb_principal and
+krb5_realm (a char *).  for example,
+krb5_parse_name_flags(smb_krb5_context->krb5_context, name, 
+                      KRB5_PRINCIPAL_PARSE_MUST_REALM, &principal);
+krb5_princ_realm(smb_krb5_context->krb5_context, principal);
+krb5_unparse_name_flags(smb_krb5_context->krb5_context, principal, 
+                        KRB5_PRINCIPAL_UNPARSE_NO_REALM, &new_princ);
+These are needed for juggling the AD variant-structures for server names.
+
+Authz data extraction
+---------------------
+
+We use krb5_ticket_get_authorization_data_type(), and expect it to
+return the correct authz data, even if wrapped in an AD-IFRELEVENT container.
+
+KDC/hdb Extensions
+--------------
+
+We have modified Heimdal's 'hdb' interface to specify the 'class' of
+Principal being requested.  This allows us to correctly behave with
+the different 'classes' of Principal name.  This is necessary because
+of the AD structure, which uses very different record-structures 
+for user-principals, trust principals & server-principals.
+
+We currently define 3 classes:
+ - client (kinit)
+ - server (tgt)
+ - krbtgt (kinit, tgt) the kdc's own ldap record
+
+I also now specify the kerberos principal as an explicit parameter to LDB_fetch(), 
+not an in/out value on the struct hdb_entry parameter itself.
+
+Private Data pointer (and windc hooks) (see above):
+ In addition, I have added a new interface hdb_fetch_ex(), which
+ returns a structure including a private data-pointer, which may be used 
+ by the windc plugin interface functions.  The windc plugin provides 
+ the hook for the PAC, as well as a function for the main access control routines.
+
+ A new windc plugin function should be added to increment the bad password counter
+ on failure.
+
+libkdc (doesn't matter for IPA; Samba invokes the Heimdal kdc as a library call,
+but this is just a convenience, and the MIT port can do otherwise w/o trouble.)
+------
+
+Samba4 needs to be built as a single binary (design requirement), and
+this should include the KDC.  Samba also (and perhaps more
+importantly) needs to control the configuration environment of the
+KDC.  
+
+The interface we have defined for libkdc allow for packet injection
+into the post-socket layer, with a defined krb5_context and
+kdb5_kdc_configuration structure.  These effectively redirect the
+kerberos warnings, logging and database calls as we require.
+
+Using our socket lib (para 3 does matter for the send_to_kdc() plugin).  
+See also the discussion about state machine safety above)
+--------------------
+
+An important detail in the use of libkdc is that we use samba4's own socket
+lib.  This allows the KDC code to be as portable as the rest of samba
+(this cuts both ways), but far more importantly it ensures a
+consistency in the handling of requests, binding to sockets etc.
+
+To handle TCP, we use of our socket layer in much the same way as
+we deal with TCP for CIFS.  Tridge created a generic packet handling
+layer for this.
+
+For the client, samba4 likewise must take over the socket functions, 
+so that our single thread smbd will not lock up talking to itself.  
+(We allow processing while waiting for packets in our socket routines).
+send_to_kdc() presents to its caller the samba-style socket interface,
+but the MIT port will reimplement send_to_kdc(), and this routine will
+use internally the same socket library that MIT-krb uses.
+
+Kerberos logging support  (this will require porting attention)
+------------------------
+
+Samba4 now (optionally in the main code, required for the KDC) uses the
+krb5_log_facility from Heimdal.  This allows us to redirect the
+warnings and status from the KDC (and client/server kerberos code) to
+Samba's DEBUG() system.
+
+Similarly important is the Heimdal-specific krb5_get_error_string()
+function, which does a lot to reduce the 'administrator pain' level,
+by providing specific, english text-string error messages instead of
+just error code translations.  (this isn't necessarty for the port,
+but it's more useful than MIT's default err-handling;  make sure 
+this works for MIT-krb)
+
+
+Short name rules
+----------------
+
+Samba is highly likely to be misconfigured, in many weird and
+interesting ways.  As such, we have a patch for Heimdal that avoids
+DNS lookups on names without a . in them.  This should avoid some
+delay and root server load.   (this may need to be ported to MIT.)
+
+PAC Correctness
+---------------
+
+We now put the PAC into the TGT, not just the service ticket.  
+
+Forwarded tickets
+-----------------
+
+We extract forwarded tickets from the GSSAPI layer, and put
+them into the memory-based credentials cache.  
+We can then use them for proxy work.
+
+
+Kerberos TODO
+=============
+
+(Feel free to contribute to any of these tasks, or ask
+abartlet@samba.org about them).
+
+Lockout Control  (still undone in samba4 on heimdal)
+--------------
+
+We need to get (either if PADL publishes their patch, or write our
+own) access control hooks in the Heimdal KDC.  We need to lockout
+accounts (eg, after 10 failed PW-attemps), and perform other controls.
+This is standard AD behavior, that samba4 needs to get right, whether
+heimdal or MIT-krb is doing the ticket work.
+
+Gssmonger
+---------
+
+Microsoft has released a krb-specific testsuite called gssmonger, 
+which tests interop.  We should compile it against lorikeet-heimdal, 
+MIT and see if we can build a 'Samba4' server for it.
+GSSMonger wasn't intended to be Windows-specific.
+
+Kpasswd server (kpasswd server is now finished, but not testsuite)
+--------------
+
+I have a partial kpasswd server which needs finishing, and a we need a
+client testsuite written, either via the krb5 API or directly against
+GENSEC and the ASN.1 routines.
+Samba4 likes to test failure-modes, not just successful behavior.
+
+Currently it only works for Heimdal, not MIT clients.  This may be due
+to call ordering constraints.
+
+
+Correct TCP support
+-------------------
+
+Samba4 socket-library's current TCP support does not send back 'too large' 
+error messages if the high bit is set.  This is needed for a proposed extension
+mechanism (SSL-armored kinit, by Leif Johansson <leifj@it.su.se>), 
+but is likewise unsupported in both current Heimdal and MIT.
+
+=========================================================================
+AB says MIT's 1.7 announcement about AD support covers Luke Howard's 
+changes.  It all should be easy for IPA to exploit/use during the port
+of Samba4 to MIT.
+AB says Likewise software will likely give us their freeware NTLM/MIT-krb
+implementation.
diff --git a/source4/auth/kerberos/kerberos-porting-to-mit-notes.txt b/source4/auth/kerberos/kerberos-porting-to-mit-notes.txt
new file mode 100644
index 0000000..9df3a13
--- /dev/null
+++ b/source4/auth/kerberos/kerberos-porting-to-mit-notes.txt
@@ -0,0 +1,803 @@
+Copyright Andrew Bartlett <abartlet@samba.org> 2005-2009
+Copyright Donald T. Davis <don@mit.edu>        2009
+
+Released under the GPLv3
+"Porting Samba4 to MIT-Krb"
+
+
+         From Idmwiki
+
+
+IPA v3 will use a version of Samba4 built on top of MIT's Kerberos
+implementation, instead of Heimdal's version of Kerberos.
+
+Task list summary for porting changes needed, from Andrew Bartlett:
+
+      * Rewrite or extend the LDAP driver that MIT-KDC will use.
+      * MIT KDC changes:  rewrite DAL, add TGS-KBAC, enable PACs,...
+      * Full thread-safety for MIT's library code,
+      * Many small changes
+
+Task list, without explanations (the list with explanations is in the
+later sections of this document):
+
+Porting Samba4 to MIT-krb comprises four main chunks of work:
+     1. Rewrite or extend the LDAP driver that MIT-KDC will use:
+          a. Our LDAP driver for the KDB needs to know how to do
+             Samba4's intricate canonicalization of server names,
+             user-names, and realm names.
+          b. AD-style aliases for HOST/ service names.
+          c. Implicit names for Win2k accounts.
+          d. Principal "types":  client / server / krbtgs
+          e. Most or all of this code is in 3 source files,
+             ~1000 lines in all;
+     2. MIT KDC changes
+          a. Rewrite the MIT KDC's Data-Abstraction Layer (DAL),
+             mostly because he MIT KDC needs to see&   manipulate
+             more LDAP detail, on Samba4's behalf;
+          b. Add HBAC to the KDC's TGT-issuance, so that Samba4
+             can refuse TGTs to kinit, based on time-of-day&
+             IP-addr constraints;
+          c. turn on MIT-krb 1.7's PAC handling
+          d. add bad-password counts, for unified account-lockouts
+             across all authT methods (Krb, NTLM, LDAP simple bind,
+             etc)
+     3. Make sure MIT's library code is more fully thread-safe,
+        by replacing all global and static variables with context
+        parameters for the library routines.  This may already be
+        done.
+     4. Many small changes (~15)
+          a. some extensions to MIT's libkrb5&   GSSAPI libraries,
+             including GSSAPI ticket-forwarding
+          b. some refitting in Samba4's use of the MIT libraries;
+          c. make sure Samba4's portable socket API works,
+             including "packet too large" errors;
+          d. MIT's GSSAPI code should support some legacy Samba3
+             clients that present incorrectly-calculated checksums;
+          e. Samba4 app-server-host holds aUTF-16 PW, plus a
+             key bitstring;
+          f. in-memory-only credentials cache;
+          g. in-memory-only keytab (nice to have);
+          h. get OSS NTLM authT library (Likewise Software?);
+          i. special Heimdal-specific functions;
+          j. principal-manipulation functions;
+          k. special check for misconfigured Samba4 hostnames;
+          l. improved krb error-messages;
+          m. improved krb logging
+          n. MS GSSMonger test-suite
+          o. testsuite for kpasswd daemon
+
+0. Introduction: This document should be read alongside the Samba4
+source code, as follows:
+
+    * For DAL and KDC requirements, please see Samba4's
+      source4/kdc/hdb-samba4.c in particular.  This file
+      is an implementation against Heimdal's HDB abstraction
+      layer, and is the biggest part of the samba-to-krb
+      glue layer, so the main part of the port to MIT is
+      to replace hdb-samba4 with a similar glue layer
+      that's designed for MIT's code.
+    * Samba4's PAC requirements are implemented in
+      source4/kdc/pac-glue.c
+    * Both of the above two layers are Heimdal plugins, and
+      both get loaded in source4/kdc/kdc.c
+    * For GSSAPI requirements, see auth/gensec/gensec_gssapi.c
+      (the consumer of GSSAPI in Samba4)
+    * For Kerberos library requirements, see
+      auth/kerberos/krb5_init_context.c
+    * Samba has its own credentials system, wrapping GSS creds,
+      just as GSS creds wrap around krb5 creds.  For the
+      interaction between Samba4 credential system and GSSAPI
+      and Kerberos, see auth/credentials/credentials_krb5.
+
+1. Rewrite or extend the LDAP driver that MIT-KDC will use.
+
+     a. IPA'sLDAP driver for the KDB needs to know how to do
+        Samba4's intricate canonicalization of server names,
+        user-names, and realm names.
+        For hostnames&   usernames, alternate names appear in
+        LDAP as extra values in the multivalued "principal name"
+        attributes:
+          * For a hostname, the alternate names (other than
+            the short name, implied from the CN), are stored in
+            the servicePrincipalName
+          * For a username, the alternate names are stored in
+            the userPrincipalName attribute, and can be long
+            email-address-like names, such as joe@microsoft.com
+            (see "Type 10 names," below).
+        GSSAPI layer requirements:  Welcome to the wonderful
+        world of canonicalisation.  The MIT Krb5 libs (including
+        GSSAPI) do not enable the AS to send kinit a TGT containing
+        a different realm-name than what the client asked for,
+        even in U/L case differences.  Heimdal has the same problem,
+        and this applies to the krb5 layer too, not just GSSAPI.
+        There are two kinds of name-canonicalization that can
+        occur on Windows:
+          * Lower-to-upper case conversion, because Windows domain
+            names are usually in upper case;
+          * An unrecognizable substitution of names, such as might
+            happen when a user requests a ticket for a NetBIOS domain
+            name, but gets back a ticket for the corresponding FQDN.
+        As developers, we should test if the AD KDC's name-canonical-
+        isation can be turned off with the KDCOption flags in the
+        AS-REQ or TGS-REQ;  Windows clients always send the
+        Canonicalize flags as KDCOption values.
+        Principal Names, long and short names:
+        AD's KDC does not canonicalize servicePrincipalNames, except
+        for the realm in the KDC reply.  That is, the client gets
+        back the principal it asked for, with the realm portion
+        'fixed' to uppercase, long form.
+        Samba4 does some canonicalization, though Heimdal doesn't
+        canonicalize names itself:  For hostnames and usernames,
+        Samba4 canonicalizes the requested name only for the LDAP
+        principal-lookup, but then Samba4 returns the retrieved LDAP
+        record with the request's original, uncanonicalized hostname
+        replacing the canonicalized name that actually was found.
+        Usernames:  AndrewB says that Samba4 used to return
+        the canonicalized username exactly as retrieved from LDAP.
+        The reason Samba4 treated usernames differently was that
+        the user needs to present his own canonicalized username
+        to servers, for ACL-matching.  For hostnames this isn't
+        necessary.
+        Realm-names:  AD seems to accept a realm's short name
+        in krb-requests, at least for AS_REQ operations, but the
+        AD KDC always performs realm-canonicalisation, which
+        converts the short realm-name to the canonical long form.
+        So, this causes pain for current krb client libraries.
+        Punchline:  For bug-compatibility, we may need to
+        selectively or optionally disable the MIT-KDC's name-
+        canonicalization.
+        Application-code:
+        Name-canonicalisation matters not only for the KDC, but
+        also for app-server-code that has to deal with keytabs.
+        Further, with credential-caches, canonicalization can
+        lead to cache-misses, but then the client just asks for
+        new credentials for the variant server-name.  This could
+        happen, for example, if the user asks to access the
+        server twice, using different variants of the server-name.
+        Doubled realm-names:  We also need to handle type 10
+        names (NT-ENTERPRISE), which are a full principal name
+        in the principal field, unrelated to the realm.  The
+        principal field contains both principal&   realm names,
+        while the realm field contains a realm name, too, possibly
+        different.  For example, an NT-ENTERPRISE principal name
+        might look like:  joeblow@microsoft.com@NTDEV.MICROSOFT.COM ,
+                          <--principal field-->|<----realm name--->|
+        Where joe@microsoft.com is the leading portion, and
+        NTDEV.MICROSOFT.COM is the realm.  This is used for the
+        'email address-like login-name' feature of AD.
+     b.AD-style aliases for HOST/ service names.
+        AD keeps a list of service-prefixed aliases for the host's
+        principal name.  The AD KDC reads&   parses this list, so
+        as to allow the aliased services to share the HOST/ key.
+        This means that every ticket-request for a service-alias
+        gets a service-ticket encrypted in the HOST/ key.
+        For example, this is how HTTP/ and CIFS/ can use the
+        HOST/ AD-LDAP entry, without any explicitly CIFS-prefixed
+        entry in the host's servicePrincipalName attribute. In the
+        app-server host's AD record, the servicePrincipalName says
+        only HOST/my.computer@MY.REALM , but the client asks
+        for  CIFS/my.omputer@MY.REALM tickets.  So, AD looks in
+        LDAP for both name-variants, and finds the HOST/ version,
+        In AD's reply, AD replaces the HOST/ prefix with CIFS/ .
+        We implement this in hdb-ldb.
+        (TBD: Andrew, is this correct?:)
+        List of HOST/ aliases:  Samba4 currently uses only a small
+        set of  HOST/ aliases: sPNMappings: host=ldap,dns,cifs,http .
+        Also, dns's presence in this list is a bug, somehow.
+        AD's real list has 53 entries:
+        sPNMappings: host=alerter,appmgmt,cisvc,clipsrv,browser,
+          dhcp,dnscache,replicator,eventlog,eventsystem,policyagent,
+          oakley,dmserver,dns,mcsvc,fax,msiserver,ias,messenger,
+          netlogon,netman,netdde,netddedsm,nmagent,plugplay,
+          protectedstorage,rasman,rpclocator,rpc,rpcss,remoteaccess,
+          rsvp,samss,scardsvr,scesrv,seclogon,scm,dcom,cifs,spooler,
+          snmp,schedule,tapisrv,trksvr,trkwks,ups,time,wins,www,
+          http,w3svc,iisadmin,msdtc
+        Domain members that expect the longer list will break in
+        Samba4, as of 6/09.  AB says he'll try to fix this right
+        away.  There is another post somewhere (ref lost for the
+        moment) that details where in active directory the long
+        list  of stored  aliases for HOST/ is.
+     c.Implicit names for Win2000 Accounts:  AD keys its
+        server-records by CN or by servicePrincipalName, but a
+        win2k box's server-entry in LDAP doesn't include the
+        servicePrincipalName attribute,  So, win2k server-accounts
+        are keyed by the CN attribute instead.  Because AD's LDAP
+        doesn't have a servicePrincipalName for win2k servers'
+        entries, Samba4 has to have an implicit mapping from
+        host/computer.full.name and from host/computer, to the
+        computer's CN-keyed entry in the AD LDAP database, so to
+        be able to find the win2k server's host name in the KDB.
+     d.Principal "types":
+        We have modified Heimdal's 'hdb' interface to specify
+        the 'class' of Principal being requested.  This allows
+        us to correctly behave with the different 'classes' of
+        Principal name.  This is necessary because of AD's LDAP
+        structure, which uses very different record-structures
+        for user-principals, trust principals&   server-principals.
+        We currently define 3 classes:
+           * client (kinit)
+           * server (tgt)
+           * krbtgt  the TGS's own ldap record
+        Samba4 also now specifies the kerberos principal as an
+        explicit parameter to LDB_fetch(), not an in/out value
+        on the struct hdb_entry parameter itself.
+     e. Most or all of this LDAP driver code is in three source
+        files, ~1000 lines in all.  These files are in
+        samba4/kdc :
+           * hdb-samba4.c  (samba4-to-kdb glue-layer plugin)
+           * pac-glue.c    (samba4's pac  glue-layer plugin)
+           * kdc.c         (loads the above two plugins).
+
+2. MIT KDC changes
+
+     a.Data-Abstraction Layer (DAL): It would be good to
+        rewrite or circumvent the MIT KDC's DAL, mostly because
+        the MIT KDC needs to see&   manipulate more LDAP detail,
+        on Samba4's behalf.  AB says the MIT DAL may serve well-
+        enough, though, mostly as is.  AB says Samba4 will need
+        the private pointer part of the KDC plugin API, though,
+        or the PAC generation won't work (see sec.2.c, below).
+        * MIT's DAL calls lack context parameters (as of 2006),
+          so presumably they rely instead on global storage, and
+          aren't fully thread-safe.
+        * In Novell's pure DAL approach, the DAL only read in the
+          principalName as the key, so it had trouble performing
+          access-control decisions on things other than the user's
+          name (like the addresses).
+        * Here's why Samba4 needs more entry detail than the DAL
+          provides:  The AS needs to have ACL rules that will allow
+          a TGT to a user only when the user logs in from the
+          right desktop addresses, and at the right times of day.
+          This coarse-granularity access-control could be enforced
+          directly by the KDC's LDAP driver, without Samba having
+          to see the entry's pertinent authZ attributes.  But,
+          there's a notable exception:  a user whose TGT has
+          expired, and who wants to change his password, should
+          be allowed a restricted-use TGT that gives him access
+          to the kpasswd service.  This ACL-logic could be buried
+          in the LDAP driver, in the same way as the TGS ACL could
+          be enforced down there, but to do so would just be even
+          uglier than it was to put the TGS's ACL-logic in the driver.
+        * Yet another complaint is that the DAL always pulls an
+          entire LDAP entry, non-selectively.  The current DAL
+          is OK for Samba4's purposes, because Samba4 only reads,
+          and doesn't write, the KDB.  But this all-or-nothing
+          retrieval hurts the KDC's performance, and would do so
+          even more, if Samba had to use the DAL to change KDB
+          entries.
+     b.Add HBAC to the KDC's TGT-issuance, so that Samba4 can
+        refuse TGTs to kinit, based on time-of-day&   IP-address
+        constraints.  AB asks, "Is a DAL the layer we need?"
+        Looking at what we need to pass around, AB doesn't think
+        the DAL is the right layer; what we really want instead
+        is to create an account-authorization abstraction layer
+        (e.g., is this account permitted to login to this computer,
+        at this time?).  Samba4 ended up doing account-authorization
+        inside Heimdal, via a specialized KDC plugin.  For a summary
+        description of this plugin API, see Appendix 2.
+     c. Turn on MIT-krb 1.7'sPAC handling.
+        In addition, I have added a new interface hdb_fetch_ex(),
+        which returns a structure including a private data-pointer,
+        which may be used by the windc plugin interface functions.
+        The windc plugin provides the hook for the PAC.
+     d. Samba4 needsaccess control hooks in the Heimdal&   MIT
+        KDCs.  We need to lockout accounts (eg, after 10 failed PW-
+        attempts), and perform other controls.  This is standard
+        AD behavior, that Samba4 needs to get right, whether
+        Heimdal or MIT-krb is doing the ticket work.
+        - If PADL doesn't publish their patch for this,
+          we'll need to write our own.
+        - The windc plugin proivides a function for the main
+          access control routines.  A new windc plugin function
+          should be added to increment the bad password counter
+          on failure.
+        - Samba4 doesn't yet handle bad password counts (or good
+          password notification), so that a single policy can be
+          applied against all means of checking a password (NTLM,
+          Kerberos, LDAP Simple Bind, etc).  Novell's original DAL
+          did not provide a way to update the PW counts information.
+        - Nevertheless, we know that this is very much required in
+          AD, because Samba3 + eDirectory goes to great lengths to
+          update this information.  This may have been addressed in
+          Simo's subsequent IPA-KDC design),
+        * AllowedWorkstationNames and Krb5:  Microsoft uses the
+          clientAddresses *multiple value* field in the krb5
+          protocol (particularly the AS_REQ) to communicate the
+          client's netbios name (legacy undotted name,<14 chars)
+          AB guesses that this is to support the userWorkstations
+          field (in user's AD record).  The idea is to support
+          client-address restrictions, as was standard in NT:
+          The AD authentication server probably checks the netbios
+          address against this userWorkstations value (BTW, the
+          NetLogon server does this, too).
+
+3. State Machine safety
+when using Kerberos and GSSAPI libraries
+
+    * Samba's client-side&   app-server-side libraries are built
+      on a giant state machine, and as such have very different
+      requirements to those traditionally expressed for kerberos
+      and GSSAPI libraries.
+    * Samba requires all of the libraries it uses to be "state
+      machine safe" in their use of internal data.  This does not
+      necessarily mean "thread safe," and an application could be
+      thread safe, but not state machine safe (if it instead used
+      thread-local variables).  so, if MIT's libraries were made
+      thread-safe only by inserting spinlock() code, then the MIT
+      libraries aren't yet "state machine safe."
+    * So, what does it mean for a library to be state machine safe?
+      This is mostly a question of context, and how the library manages
+      whatever internal state machines it has.  If the library uses a
+      context variable, passed in by the caller, which contains all
+      the information about the current state of the library, then it
+      is safe.  An example of this state is the sequence number and
+      session keys for an ongoing encrypted session).
+    * The other issue affecting state machines is 'blocking' (waiting for a
+      read on a network socket).  Samba's non-blocking I/O doesn't like
+      waiting for libkrb5 to go away for awhile to talk to the KDC.
+    * Samba4 provides a hook 'send_to_kdc', that allows Samba4 to take over the
+      IO handling, and run other events in the meantime.  This uses a
+      'nested event context' (which presents the challenges that the kerberos
+      library might be called again, while still in the send_to_kdc hook).
+    * Heimdal has this 'state machine safety' in parts, and we have modified
+      Samba4's lorikeet branch to improve this behaviour, when using a new,
+      non-standard API to tunnelling a ccache (containing a set of tickets)
+      through the gssapi, by temporarily casting the ccache pointer to a
+      gss credential pointer.  This new API is Heimdal's samba4-requested
+      gss_krb5_import_cred() fcn;  this will have to be rewritten or ported
+      in the MIT port.
+    * This tunnelling trick replaces an older scheme using the KRB5_CCACHE
+      environment variable to get the same job done.  The tunnelling trick
+      enables a command-line app-client to run kinit tacitly, before running
+      GSSAPI for service-authentication.  The tunnelling trick avoids the
+      more usual approach of keeping the ccache pointer in a global variable.
+    * [Heimdal uses a per-context variable for the 'krb5_auth_context',
+      which controls the ongoing encrypted connection, but does use global
+      variables for the ubiquitous krb5_context parameter. (No longer true,
+      because the krb5_context global is gone now.)]
+    * The modification that has added most to 'state machine safety' of
+      GSSAPI is the addition of the gss_krb5_acquire_creds() function.
+      This allows the caller to specify a keytab and ccache, for use by
+      the GSSAPI code.  Therefore there is no need to use global variables
+      to communicate this information about keytab&   ccache.
+    * At a more theoretical level (simply counting static and global
+      variables) Heimdal is not state machine safe for the GSSAPI layer.
+      (But Heimdal is now (6/09) much more nearly free of globals.)
+      The Krb5 layer alone is much closer, as far as I can tell, blocking
+      excepted. .
+    * As an alternate to fixing MIT Kerberos for better safety in this area,
+      a new design might be implemented in Samba, where blocking read/write
+      is made to the KDC in another (fork()ed) child process, and the results
+      passed back to the parent process for use in other non-blocking operations.
+    * To deal with blocking, we could have a fork()ed child per context,
+      using the 'GSSAPI export context' function to transfer
+      the GSSAPI state back into the main code for the wrap()/unwrap() part
+      of the operation.  This will still hit issues of static storage (one
+      gss_krb5_context per process, and multiple GSSAPI encrypted sessions
+      at a time) but these may not matter in practice.
+    * This approach has long been controversial in the Samba team.
+      An alternate way would be to be implement E_AGAIN in libkrb5:  similar
+      to the way to way read() works with incomplete operations.  to do this
+      in libkrb5 would be difficult, but valuable.
+    * In the short-term, we deal with blocking by taking over the network
+      send() and recv() functions, therefore making them 'semi-async'.  This
+      doesn't apply to DNS yet.These thread-safety context-variables will
+      probably present porting problems, during the MIT port.  This will
+      probably be most of the work in the port to MIT.
+      This may require more thorough thread-safe-ing work on the MIT libraries.
+
+4. Many small changes (~15)
+
+   a. Some extensions to MIT'slibkrb5&   GSSAPI libraries, including
+      GSSAPI ticket-forwarding:  This is a general list of the other
+      extensions Samba4 has made to / need from the kerberos libraries
+      * DCE_STYLE : Microsoft's hard-coded 3-msg Challenge/Response handshake
+        emulates DCE's preference for C/R.  Microsoft calls this DCE_STYLE.
+        MIT already has this nowadays (6/09).
+      * gsskrb5_get_initiator_subkey() (return the exact key that Samba3
+        has always asked for.  gsskrb5_get_subkey() might do what we need
+        anyway).  This routine is necessary, because in some spots,
+        Microsoft uses raw Kerberos keys, outside the Kerberos protocols,
+        as a direct input to MD5 and ARCFOUR, without using the make_priv()
+        or make_safe() calls, and without GSSAPI wrappings etc.
+      * gsskrb5_acquire_creds() (takes keytab and/or ccache as input
+        parameters, see keytab and state machine discussion in prev section)
+      * The new function to handle the PAC fully
+        gsskrb5_extract_authz_data_from_sec_context()
+        need to test that MIT's PAC-handling code checks the PAC's signature.
+      * gsskrb5_wrap_size (Samba still needs this one, for finding out how
+        big the wrapped packet will be, given input length).
+   b. Some refitting in Samba4's use of the MIT libraries;
+   c. Make sure Samba4'sportable socket API   works:
+      * An important detail in the use of libkdc is that we use samba4's
+        own socket lib.  This allows the KDC code to be as portable as
+        the rest of samba, but more importantly it ensures consistency
+        in the handling of requests, binding to sockets etc.
+      * To handle TCP, we use of our socket layer in much the same way as
+        we deal with TCP for CIFS.  Tridge created a generic packet handling
+        layer for this.
+      * For the client, samba4 likewise must take over the socket functions,
+        so that our single thread smbd will not lock up talking to itself.
+        (We allow processing while waiting for packets in our socket routines).
+        send_to_kdc()  presents to its caller the samba-style socket interface,
+        but the MIT port will reimplement send_to_kdc(), and this routine will
+        use internally the same socket library that MIT-krb uses.
+      * The interface we have defined for libkdc allows for packet injection
+        into the post-socket layer, with a defined krb5_context and
+        kdb5_kdc_configuration structure.  These effectively redirect the
+        kerberos warnings, logging and database calls as we require.
+      * Samba4 socket-library's current TCP support does not send back
+        'too large' error messages if the high bit is set.  This is
+        needed for a proposed extension mechanism (SSL-armored kinit,
+        by Leif Johansson<leifj@it.su.se>), but is currently unsupported
+        in both Heimdal and MIT.
+   d. MIT's GSSAPI code should support some legacy Samba3
+      clients that presentincorrectly-calculated checksums.
+    * Old Clients (samba3 and HPUX clients) use 'selfmade'
+      gssapi/krb5 tokens for use in the CIFS session setup.
+      These hand-crafted ASN.1 packets don't follow rfc1964
+      (GSSAPI) perfectly, so server-side krblib code has to
+      be flexible enough to accept these bent tokens.
+    * It turns out that Windows' GSSAPI server-side code is
+      sloppy about checking some GSSAPI tokens' checksums.
+      During initial work to implement an AD client, it was
+      easier to make an acceptable solution (acceptable to
+      Windows servers) than to correctly implement the
+      GSSAPI specification, particularly on top of the
+      (inflexible) MIT Kerberos API.  It did not seem
+      possible to write a correct, separate GSSAPI
+      implementation on top of MIT Kerberos's public
+      krb5lib API, and at the time, the effort did not
+      need to extend beyond what Windows would require.
+    * The upshot is that old Samba3 clients send GSSAPI
+      tokens bearing incorrect checksums, which AD's
+      GSSAPI library cheerfully accepts (but accepts
+      the good checksums, too).  Similarly, Samba4's
+      Heimdal krb5lib accepts these incorrect checksums.
+      Accordingly, if MIT's krb5lib wants to interoperate
+      with the old Samba3 clients, then MIT's library will
+      have to do the same.
+    * Because these old clients use krb5_mk_req()
+      the app-servers get a chksum field depending on the
+      encryption type, but that's wrong for GSSAPI (see
+      rfc 1964 section 1.1.1). The Checksum type 8003
+      should be used in the Authenticator of the AP-REQ!
+      That (correct use of the 8003 type) would allow
+      the channel bindings, the GCC_C_* req_flags and
+      optional delegation tickets to be passed from the
+      client to the server.  However windows doesn't seem
+      to care whether the checksum is of the wrong type,
+      and for CIFS SessionSetups, it seems that the
+      req_flags are just set to 0.  This deviant checksum
+      can't work for LDAP connections with sign or seal,
+      or for any DCERPC connection, because those
+      connections do not require the negotiation of
+      GSS-Wrap paraemters (signing or sealing of whole
+      payloads).  Note:  CIFS has an independent SMB
+      signing mechanism, using the Kerberos key.
+    * For the code that handles the incorrect&   correct
+      checksums, see heimdal/lib/gssapi/krb5/accept_sec_context.c,
+      lines 390-450 or so.
+    * This bug-compatibility is likely to be controversial
+      in the kerberos community, but a similar need for bug-
+      compatibility arose around MIT's&   Heimdal's both
+      failing to support TGS_SUBKEYs correctly, and there
+      are numerous other cases.
+      seehttps://lists.anl.gov/pipermail/ietf-krb-wg/2009-May/007630.html
+    * So, MIT's krb5lib needs to also support old clients!
+   e. Samba4 app-server-host holds aUTF-16 PW, plus a key bitstring;
+      See Appendix 1, "Keytab Requirements."
+   f.In-memory-only credentials cache   for forwarded tickets
+      Samba4 extracts forwarded tickets from the GSSAPI layer,
+      and puts them into the memory-based credentials cache.
+      We can then use them for proxy work.  This needs to be
+      ported, if the MIT library doesn't do it yet.
+   g.In-memory-only keytab   (nice to have):
+      Heimdal used to offer "in-memory keytabs" for servers that use
+      passwords.  These server-side passwords were held in a Samba LDB
+      database called secrets.ldb .  The heimdal library would fetch
+      the server's password from the ldb file and would construct an
+      in-memory keytab struct containing the password, somewhat as if
+      the library had read an MIT-style keytab file.  Unfortunately,
+      only later, at recv_auth() time, would the Heimdal library convert
+      the server-PW into a salted-&-hashed AES key, by hashing 10,000
+      times with SHA-1.  Naturally, this is really too slow for recv_auth(),
+      which runs when an app-server authenticates a client's app-service-
+      request.  So, nowadays, this password-based in-memory keytab  is
+      falling into disuse.
+   h. Get OSSNTLM   authT library: AB says Likewise software
+      probably will give us their freeware "NTLM for MIT-krb"
+      implementation.
+   i. Special Heimdal-specific functions;  These functions didn't
+      exist in the MIT code, years ago, when Samba started.  AB
+      will try to build a final list of these functions:
+      * krb5_free_keyblock_contents()
+      *
+   j.Principal-manipulation functions:  Samba makes extensive
+      use of the principal manipulation functions in Heimdal,
+      including the known structure behind krb_principal and
+      krb5_realm (a char *).  For example,
+      * krb5_parse_name_flags(smb_krb5_context->krb5_context, name,
+                              KRB5_PRINCIPAL_PARSE_REQUIRE_REALM,&principal);
+      * krb5_unparse_name_flags(smb_krb5_context->krb5_context,    principal,
+                              KRB5_PRINCIPAL_UNPARSE_NO_REALM,&new_princ);
+      * krb5_principal_get_realm()
+      * krb5_principal_set_realm()
+      These are needed for juggling the AD variant-structures
+      for server names.
+   k. SpecialShort name rules   check for misconfigured Samba4
+      hostnames;  Samba is highly likely to be misconfigured, in
+      many weird and interesting ways.  So, we have a patch for
+      Heimdal that avoids DNS lookups on names without a "." in
+      them.  This should avoid some delay and root server load.
+      (This errors need to be caught in MIT's library.)
+   l.Improved krb error-messages;
+      krb5_get_error_string():  This Heimdal-specific function
+      does a lot to reduce the 'administrator pain' level, by
+      providing specific, English text-string error messages
+      instead of just error code translations.  (This isn't
+      necessary for the port, but it's more useful than MIT's
+      default err-handling;  Make sure this works for MIT-krb)
+   m.Improved Kerberos logging support:
+      krb5_log_facility(): Samba4 now uses this Heimdal function,
+      which allows us to redirect the warnings and status from
+      the KDC (and client/server Kerberos code) to Samba's DEBUG()
+      system.  Samba uses this logging routine optionally in the
+      main code, but it's required for KDC errors.
+   n. MSGSSMonger   test-suite:  Microsoft has released a krb-specific
+      testsuite called gssmonger, which tests interoperability.  We
+      should compile it against lorikeet-heimdal&   MIT and see if we
+      can build a 'Samba4' server for it.  GSSMonger wasn't intended
+      to be Windows-specific.
+   o.Testsuite for kpasswd daemon:  I have a partial kpasswd server
+      which needs finishing, and a Samba4 needs a client testsuite
+      written, either via the krb5 API or directly against GENSEC and
+      the ASN.1 routines.  Samba4 likes to test failure-modes, not
+      just successful behavior.  Currently Samba4's kpasswd only works
+      for Heimdal, not MIT clients.  This may be due to call-ordering
+      constraints.
+
+
+Appendix 1: Keytab Requirements
+
+    Traditional 'MIT' keytab operation is very different from AD's
+    account-handling for application-servers:
+    a. Host PWs vs service-keys:
+       * Traditional 'MIT' behaviour is for the app-server to use a keytab
+         containing several named random-bitstring service-keys, created
+         by the KDC.  An MIT-style keytab holds a different service-key
+         for every kerberized application-service that the server offers
+         to clients.  Heimdal also implements this behaviour.  MIT's model
+         doesn't use AD's UTF-16 'service password', and no salting is
+         necessary for service-keys, because each service-key is random
+         enough to withstand an exhaustive key-search attack.
+       * In the Windows model, the server key's construction is very
+         different:  The app-server itself, not the KDC, generates a
+         random UTF-16 pseudo-textual password, and sends this password
+         to the KDC using SAMR, a DCE-RPC "domain-joining" protocol (but
+         for windows 7, see below).  Then, the KDC shares this server-
+         password with every application service on the whole machine.
+       * Only when the app-server uses kerberos does the password get
+         salted by the member server (ie, an AD server-host).  (That
+         is, no salt information appears to be conveyed from the AD KDC
+         to the member server, and the member server must use the rules
+         described in Luke's mail, in Appendix 3, below).  The salted-
+         and-hashed version of the server-host's PW gets stored in the
+         server-host's keytab.
+       * Samba file-servers can have many server-names simultaneously
+         (kind of like web servers' software-virtual-hosting), but since
+         these servers are running in AD, these names can be set up to
+         all share the same secret key.  In AD, co-located server names
+         almost always share a secret key like this.  In samba3, this
+         key-sharing was optional, so some samba3 hosts' keytabs did
+         hold multiple keys.  Samba4 abandons this traditional "old MIT"
+         style of keytab, and only supports one key per keytab, and
+         multiple server-names can use that keytab key in common.  In
+         dealing with this model, Samba4 uses both the traditional file
+         keytab and an in-MEMORY keytabs.
+       * Pre-Windows7 AD and samba3/4 both use SAMR, an older protocol,
+         to jumpstart the member server's PW-sharing with AD (the "windows
+         domain-join process").  This PW-sharing transfers only the PW's
+         UTF-16 text, without any salting or hashing, so that non-krb
+         security mechanisms can use the same utf-16 text PW.  For
+         Windows 7, this domain-joining uses LDAP for PW-setting.
+    b. Flexible server-naming
+       * The other big difference between AD's keytabs and MIT's is that
+         Windows offers a lot more flexibility about service-principals'
+         names. When the kerberos server-side library receives Windows-style tickets
+         from an app-client, MIT's krb library (or GSSAPI) must accommodate
+         Windows' flexibility about case-sensitivity and canonicalization.
+         This means that an incoming application-request to a member server
+         may use a wide variety of service-principal names.  These include:
+               machine$@REALM      (samba clients)
+           HOST/foo.bar@realm      (win2k clients)
+           cifs/foo.bar@realm      (winxp clients)
+               HOST/foo@realm      (win2k clients, using netbios)
+               cifs/foo@realm      (winxp clients, using netbios),
+         as well as all upper/lower-case variations on the above.
+    c. Keytabs&   Name-canonicalization
+       * Heimdal's GSSAPI expects to to be called with a principal-name&   a keytab,
+         possibly containing multiple principals' different keys.  However, AD has
+         a different problem to solve, which is that the client may know the member-
+         server by a non-canonicalized principal name, yet AD knows the keytab
+         contains exactly one key, indexed by the canonical name.  So, GSSAPI is
+         unprepared to canonicalize the server-name that the cliet requested, and
+         is also overprepared to do an unnecessary search through the keytab by
+         principal-name.  So Samba's server-side GSSAPI calls have to "game" the
+         GSSAPI, by supplying the server's known canonical name, with the one-key
+         keytab. This doesn't really affect IPA's port of Samba4 to MIT-krb.
+       * Because the number of U/L case combinations got 'too hard' to put into
+         a keytab in the traditional way (with the client to specify the name),
+         we either pre-compute the keys into a traditional keytab or make an
+         in-MEMORY keytab at run time.  In both cases we specify the principal
+         name to GSSAPI, which avoids the need to store duplicate principals.
+       * We use a 'private' keytab in our private dir, referenced from the
+         secrets.ldb by default.
+
+Appendix 2: KDC Plugin for Account-Authorization
+
+Here is how Samba4 ended up doing account-authorization in
+Heimdal, via a specialized KDC plugin.  This plugin helps
+bridge an important gap:  The user's AD record is much richer
+than the Heimdal HDB format allows, so we do AD-specific
+access-control checks in the plugin's AD-specific layer,
+not in the DB-agnostic KDC server:
+    * We created a separate KDC plugin, with this API:
+      typedef struct
+           hdb_entry_ex { void     *ctx;
+                          hdb_entry entry;
+                          void    (*free_entry)(krb5_context, struct hdb_entry_ex *);
+           } hdb_entry_ex;
+      The void *ctx is a "private pointer," provided by the
+      'get' method's hdb_entry_ex retval.  The APIs below use
+      the void *ctx so as to find additional information about
+      the user, not contained in the hdb_entry structure.
+      Both the provider and the APIs below understand how to
+      cast the private void *ctx pointer.
+      typedef krb5_error_code
+            (*krb5plugin_windc_pac_generate)(void * krb5_context,
+                                          struct hdb_entry_ex *,
+                                                    krb5_pac*);
+      typedef krb5_error_code
+            (*krb5plugin_windc_pac_verify)(void *  krb5_context,
+                                        const   krb5_principal,
+                                        struct  hdb_entry_ex *,
+                                        struct  hdb_entry_ex *,
+                                                krb5_pac *);
+      typedef krb5_error_code
+            (*krb5plugin_windc_client_access)(void * krb5_context,
+                                              struct hdb_entry_ex *,
+                                                     KDC_REQ *,
+                                                     krb5_data *);
+      The krb5_data* here is critical, so that samba's KDC can return
+      the right NTSTATUS code in the 'error string' returned to the
+      client.  Otherwise, the windows client won't get the right error
+      message to the user (such as 'password expired' etc).  The pure
+      Kerberos error is not enough)
+      typedef struct
+              krb5plugin_windc_ftable { int                            minor_version;
+                                        krb5_error_code                (*init)(krb5_context, void **);
+                                        void                           (*fini)(void *);
+                                        krb5plugin_windc_pac_generate   pac_generate;
+                                        krb5plugin_windc_pac_verify     pac_verify;
+                                        krb5plugin_windc_client_access  client_access;
+              } krb5plugin_windc_ftable;
+      This API has some Heimdal-specific stuff, that'll
+      have to change when we port this KDC plugin to MIT krb.
+    * 1st callback (pac_generate)  creates an initial PAC from the user's AD record.
+    * 2nd callback (pac_verify)    checks that a PAC is correctly signed,
+                                   adds additional groups (for cross-realm tickets)
+                                   and re-signs with the key of the target kerberos
+                                   service's account
+    * 3rd callback (client_access) performs additional access checks, such as
+                                   allowedWorkstations and account expiry.
+    * For example, to register this plugin, use the kdc's standard
+      plugin-system at Samba4's initialisation:
+         /* first, setup the table of callback pointers */
+        /* Registar WinDC hooks */
+         ret = krb5_plugin_register(krb5_context, PLUGIN_TYPE_DATA,
+                                    "windc",&windc_plugin_table);
+         /* once registered, the KDC will invoke the callbacks */
+         /* while preparing each new ticket (TGT or app-tkt)   */
+    * An alternative way to register the plugin is with a
+      config-file that names a DSO (Dynamically Shared Object).
+
+Appendix 3: Samba4 stuff that doesn't need to get ported.
+
+Heimdal oddities
+* Heimdal is built such that it should be able to serve multiple realms
+    at the same time.  This isn't relevant for Samba's use, but it shows
+    up in a lot of generalisations throughout the code.
+* Samba4's code originally tried internally to make it possible to use
+    Heimdal's multi-realms-per-KDC ability, but this was ill-conceived,
+    and AB has recently (6/09) ripped the last of that multi-realms
+    stuff out of samba4.  AB says that in AD, it's not really possible
+    to make this work;  several AD components structurally assume that
+    there's one realm per KDC.  However, we do use this to support
+    canonicalization of realm-names:  case variations, plus long-vs-short
+    variants of realm-names.  No MIT porting task here, as long as MIT kdc
+    doesn't refuse to do some LDAP lookups (eg, alias' realm-name looks
+    wrong).
+* Heimdal supports multiple passwords on a client account:  Samba4
+    seems to call hdb_next_enctype2key() in the pre-authentication
+    routines, to allow multiple passwords per account in krb5.
+    (I think this was intended to allow multiple salts).  AD doesn't
+    support this, so the MIT port shouldn't bother with this.
+Not needed anymore, because MIT's code now handles PACs fully:
+* gss_krb5_copy_service_keyblock() (get the key used to actually
+    encrypt the ticket to the server, because the same key is used for
+    the PAC validation).
+* gsskrb5_extract_authtime_from_sec_context (get authtime from
+    kerberos ticket)
+* gsskrb5_extract_authz_data_from_sec_context (get authdata from
+    ticket, ie the PAC.  Must unwrap the data if in an AD-IFRELEVANT)]
+Authz data extraction
+* We use krb5_ticket_get_authorization_data_type(), and expect
+    it to return the correct authz data, even if wrapped in an
+    AD-IFRELEVANT container.  This doesn't need to be ported to MIT.
+    This should be obsoleted by MIT's new PAC code.
+libkdc
+* Samba4 needs to be built as a single binary (design requirement),
+    and this should include the KDC.  Samba also (and perhaps more
+    importantly) needs to control the configuration environment of
+    the KDC.
+* But, libkdc doesn't matter for IPA; Samba invokes the Heimdal kdc
+    as a library call, but this is just a convenience, and the MIT
+    port can do otherwise w/o trouble.)
+Returned Salt for PreAuthentication
+    When the AD-KDC replies to pre-authentication, it returns the
+    salt, which may be in the form of a principalName that is in no
+    way connected with the current names.  (ie, even if the
+    userPrincipalName and samAccountName are renamed, the old salt
+    is returned).
+    This is the kerberos standard salt, kept in the 'Key'.  The
+    AD generation rules are found in a Mail from Luke Howard dated
+    10 Nov 2004.  The MIT glue layer doesn't really need to care about
+    these salt-handling details;  the samba4 code&   the LDAP backend
+    will conspire to make sure that MIT's KDC gets correct salts.
+    >
+    >    From: Luke Howard<lukeh@padl.com>
+    >    Organization: PADL Software Pty Ltd
+    >    To: lukeh@padl.com
+    >    Date: Wed, 10 Nov 2004 13:31:21 +1100
+    >    Cc: huaraz@moeller.plus.com, samba-technical@lists.samba.org
+    >    Subject: Re: Samba-3.0.7-1.3E Active Directory Issues
+    >    -------
+    >
+    >    Did some more testing, it appears the behaviour has another
+    >    explanation. It appears that the standard Kerberos password salt
+    >    algorithm is applied in Windows 2003, just that the source principal
+    >    name is different.
+    >
+    >    Here is what I've been able to deduce from creating a bunch of
+    >    different accounts:
+    >    [SAM name in this mail means the AD attribute samAccountName .
+    >     E.g., jbob for a user and jbcomputer$ for a computer.]
+    >
+    >    [UPN is the AD userPrincipalName attribute.  For example, jbob@mydomain.com]
+    >    Type of account                        Principal for Salting
+    >    ========================================================================
+    >    Computer Account                host/<SAM-Name-Without-$>.realm@REALM
+    >    User Account Without UPN<SAM-Name>@REALM
+    >    User Account With UPN<LHS-Of-UPN>@REALM
+    >
+    >    Note that if the computer account's SAM account name does not include
+    >    the trailing '$', then the entire SAM account name is used as input to
+    >    the salting principal. Setting a UPN for a computer account has no
+    >    effect.
+    >
+    >    It seems to me odd that the RHS of the UPN is not used in the salting
+    >    principal. For example, a user with UPN foo@mydomain.com in the realm
+    >    MYREALM.COM would have a salt of MYREALM.COMfoo. Perhaps this is to
+    >    allow a user's UPN suffix to be changed without changing the salt. And
+    >    perhaps using the UPN for salting signifies a move away SAM names and
+    >    their associated constraints.
+    >
+    >    For more information on how UPNs relate to the Kerberos protocol,
+    >    see:
+    >
+    >    http://www.ietf.org/proceedings/01dec/I-D/draft-ietf-krb-wg-kerberos-referrals-02.txt
+    >
+    >    -- Luke
diff --git a/source4/auth/kerberos/kerberos.h b/source4/auth/kerberos/kerberos.h
new file mode 100644
index 0000000..5b13f56
--- /dev/null
+++ b/source4/auth/kerberos/kerberos.h
@@ -0,0 +1,89 @@
+/* 
+   Unix SMB/CIFS implementation.
+   simple kerberos5 routines for active directory
+   Copyright (C) Andrew Tridgell 2001
+   Copyright (C) Luke Howard 2002-2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _AUTH_KERBEROS_H_
+#define _AUTH_KERBEROS_H_
+
+#if defined(HAVE_KRB5)
+
+#include "system/kerberos.h"
+#include "auth/auth.h"
+#include "auth/kerberos/krb5_init_context.h"
+#include "librpc/gen_ndr/krb5pac.h"
+#include "lib/krb5_wrap/krb5_samba.h"
+
+struct auth_user_info_dc;
+struct cli_credentials;
+
+struct ccache_container {
+	struct smb_krb5_context *smb_krb5_context;
+	krb5_ccache ccache;
+};
+
+struct keytab_container {
+	struct smb_krb5_context *smb_krb5_context;
+	krb5_keytab keytab;
+	bool password_based;
+};
+
+/* not really ASN.1, but RFC 1964 */
+#define TOK_ID_KRB_AP_REQ	((const uint8_t *)"\x01\x00")
+#define TOK_ID_KRB_AP_REP	((const uint8_t *)"\x02\x00")
+#define TOK_ID_KRB_ERROR	((const uint8_t *)"\x03\x00")
+#define TOK_ID_GSS_GETMIC	((const uint8_t *)"\x01\x01")
+#define TOK_ID_GSS_WRAP		((const uint8_t *)"\x02\x01")
+
+#define ENC_ALL_TYPES (ENC_RC4_HMAC_MD5 |	\
+		       ENC_HMAC_SHA1_96_AES128 | ENC_HMAC_SHA1_96_AES256)
+
+#ifndef HAVE_KRB5_SET_DEFAULT_TGS_KTYPES
+krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc);
+#endif
+
+#if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY)
+krb5_error_code krb5_auth_con_setuseruserkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock);
+#endif
+
+krb5_error_code smb_krb5_princ_component(krb5_context context,
+					 krb5_const_principal principal,
+					 int i,
+					 krb5_data *data);
+
+/* Samba wrapper function for krb5 functionality. */
+ krb5_error_code kerberos_encode_pac(TALLOC_CTX *mem_ctx,
+				    struct PAC_DATA *pac_data,
+				    krb5_context context,
+				    const krb5_keyblock *krbtgt_keyblock,
+				    const krb5_keyblock *service_keyblock,
+				    DATA_BLOB *pac);
+ krb5_error_code kerberos_create_pac(TALLOC_CTX *mem_ctx,
+				     struct auth_user_info_dc *user_info_dc,
+				     krb5_context context,
+				     const krb5_keyblock *krbtgt_keyblock,
+				     const krb5_keyblock *service_keyblock,
+				     krb5_principal client_principal,
+				     time_t tgs_authtime,
+				     DATA_BLOB *pac);
+
+#include "auth/kerberos/proto.h"
+
+#endif /* HAVE_KRB5 */
+
+#endif /* _AUTH_KERBEROS_H_ */
diff --git a/source4/auth/kerberos/kerberos_credentials.h b/source4/auth/kerberos/kerberos_credentials.h
new file mode 100644
index 0000000..9aeeb38
--- /dev/null
+++ b/source4/auth/kerberos/kerberos_credentials.h
@@ -0,0 +1,38 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Kerberos utility functions for GENSEC
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+krb5_error_code kinit_to_ccache(TALLOC_CTX *parent_ctx,
+				struct cli_credentials *credentials,
+				struct smb_krb5_context *smb_krb5_context,
+				struct loadparm_context *lp_ctx,
+				struct tevent_context *event_ctx,
+				krb5_ccache ccache,
+				enum credentials_obtained *obtained,
+				const char **error_string);
+
+/* Manually prototyped here to avoid needing krb5 headers in most callers */
+krb5_error_code principal_from_credentials(TALLOC_CTX *parent_ctx,
+				struct cli_credentials *credentials,
+				struct smb_krb5_context *smb_krb5_context,
+				krb5_principal *princ,
+				enum credentials_obtained *obtained,
+				const char **error_string);
diff --git a/source4/auth/kerberos/kerberos_pac.c b/source4/auth/kerberos/kerberos_pac.c
new file mode 100644
index 0000000..c33dc2f
--- /dev/null
+++ b/source4/auth/kerberos/kerberos_pac.c
@@ -0,0 +1,539 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Create and parse the krb5 PAC
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005,2008
+   Copyright (C) Andrew Tridgell 2001
+   Copyright (C) Luke Howard 2002-2003
+   Copyright (C) Stefan Metzmacher 2004-2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/kerberos.h"
+#include "auth/auth.h"
+#include "auth/kerberos/kerberos.h"
+#include "librpc/gen_ndr/ndr_krb5pac.h"
+#include <ldb.h>
+#include "auth/auth_sam_reply.h"
+#include "auth/credentials/credentials.h"
+#include "auth/kerberos/kerberos_util.h"
+#include "auth/kerberos/pac_utils.h"
+
+ krb5_error_code kerberos_encode_pac(TALLOC_CTX *mem_ctx,
+				    struct PAC_DATA *pac_data,
+				    krb5_context context,
+				    const krb5_keyblock *krbtgt_keyblock,
+				    const krb5_keyblock *service_keyblock,
+				    DATA_BLOB *pac)
+{
+	NTSTATUS nt_status;
+	krb5_error_code ret;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB zero_blob = data_blob(NULL, 0);
+	DATA_BLOB tmp_blob = data_blob(NULL, 0);
+	struct PAC_SIGNATURE_DATA *kdc_checksum = NULL;
+	struct PAC_SIGNATURE_DATA *srv_checksum = NULL;
+	uint32_t i;
+
+	/* First, just get the keytypes filled in (and lengths right, eventually) */
+	for (i=0; i < pac_data->num_buffers; i++) {
+		if (pac_data->buffers[i].type != PAC_TYPE_KDC_CHECKSUM) {
+			continue;
+		}
+		kdc_checksum = &pac_data->buffers[i].info->kdc_cksum,
+		ret = smb_krb5_make_pac_checksum(mem_ctx,
+						 &zero_blob,
+						 context,
+						 krbtgt_keyblock,
+						 &kdc_checksum->type,
+						 &kdc_checksum->signature);
+		if (ret) {
+			DEBUG(2, ("making krbtgt PAC checksum failed: %s\n",
+				  smb_get_krb5_error_message(context, ret, mem_ctx)));
+			talloc_free(pac_data);
+			return ret;
+		}
+	}
+
+	for (i=0; i < pac_data->num_buffers; i++) {
+		if (pac_data->buffers[i].type != PAC_TYPE_SRV_CHECKSUM) {
+			continue;
+		}
+		srv_checksum = &pac_data->buffers[i].info->srv_cksum;
+		ret = smb_krb5_make_pac_checksum(mem_ctx,
+						 &zero_blob,
+						 context,
+						 service_keyblock,
+						 &srv_checksum->type,
+						 &srv_checksum->signature);
+		if (ret) {
+			DEBUG(2, ("making service PAC checksum failed: %s\n",
+				  smb_get_krb5_error_message(context, ret, mem_ctx)));
+			talloc_free(pac_data);
+			return ret;
+		}
+	}
+
+	if (!kdc_checksum) {
+		DEBUG(2, ("Invalid PAC constructed for signing, no KDC checksum present!\n"));
+		return EINVAL;
+	}
+	if (!srv_checksum) {
+		DEBUG(2, ("Invalid PAC constructed for signing, no SRV checksum present!\n"));
+		return EINVAL;
+	}
+
+	/* But wipe out the actual signatures */
+	memset(kdc_checksum->signature.data, '\0', kdc_checksum->signature.length);
+	memset(srv_checksum->signature.data, '\0', srv_checksum->signature.length);
+
+	ndr_err = ndr_push_struct_blob(&tmp_blob, mem_ctx,
+				       pac_data,
+				       (ndr_push_flags_fn_t)ndr_push_PAC_DATA);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		nt_status = ndr_map_error2ntstatus(ndr_err);
+		DEBUG(1, ("PAC (presig) push failed: %s\n", nt_errstr(nt_status)));
+		talloc_free(pac_data);
+		return EINVAL;
+	}
+
+	/* Then sign the result of the previous push, where the sig was zero'ed out */
+	ret = smb_krb5_make_pac_checksum(mem_ctx,
+					 &tmp_blob,
+					 context,
+					 service_keyblock,
+					 &srv_checksum->type,
+					 &srv_checksum->signature);
+
+	if (ret) {
+		DBG_WARNING("making krbtgt PAC srv_checksum failed: %s\n",
+			    smb_get_krb5_error_message(context, ret, mem_ctx));
+		talloc_free(pac_data);
+		return ret;
+	}
+
+	/* Then sign Server checksum */
+	ret = smb_krb5_make_pac_checksum(mem_ctx,
+					 &srv_checksum->signature,
+					 context,
+					 krbtgt_keyblock,
+					 &kdc_checksum->type,
+					 &kdc_checksum->signature);
+	if (ret) {
+		DBG_WARNING("making krbtgt PAC kdc_checksum failed: %s\n",
+			    smb_get_krb5_error_message(context, ret, mem_ctx));
+		talloc_free(pac_data);
+		return ret;
+	}
+
+	/* And push it out again, this time to the world.  This relies on deterministic pointer values */
+	ndr_err = ndr_push_struct_blob(&tmp_blob, mem_ctx,
+				       pac_data,
+				       (ndr_push_flags_fn_t)ndr_push_PAC_DATA);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		nt_status = ndr_map_error2ntstatus(ndr_err);
+		DEBUG(1, ("PAC (final) push failed: %s\n", nt_errstr(nt_status)));
+		talloc_free(pac_data);
+		return EINVAL;
+	}
+
+	*pac = tmp_blob;
+
+	return ret;
+}
+
+
+ krb5_error_code kerberos_create_pac(TALLOC_CTX *mem_ctx,
+				     struct auth_user_info_dc *user_info_dc,
+				     krb5_context context,
+				     const krb5_keyblock *krbtgt_keyblock,
+				     const krb5_keyblock *service_keyblock,
+				     krb5_principal client_principal,
+				     time_t tgs_authtime,
+				     DATA_BLOB *pac)
+{
+	NTSTATUS nt_status;
+	krb5_error_code ret;
+	struct PAC_DATA *pac_data = talloc(mem_ctx, struct PAC_DATA);
+	struct netr_SamInfo3 *sam3;
+	union PAC_INFO *u_LOGON_INFO;
+	struct PAC_LOGON_INFO *LOGON_INFO;
+	union PAC_INFO *u_LOGON_NAME;
+	struct PAC_LOGON_NAME *LOGON_NAME;
+	union PAC_INFO *u_KDC_CHECKSUM;
+	union PAC_INFO *u_SRV_CHECKSUM;
+
+	char *name;
+
+	enum {
+		PAC_BUF_LOGON_INFO = 0,
+		PAC_BUF_LOGON_NAME = 1,
+		PAC_BUF_SRV_CHECKSUM = 2,
+		PAC_BUF_KDC_CHECKSUM = 3,
+		PAC_BUF_NUM_BUFFERS = 4
+	};
+
+	if (!pac_data) {
+		return ENOMEM;
+	}
+
+	pac_data->num_buffers = PAC_BUF_NUM_BUFFERS;
+	pac_data->version = 0;
+
+	pac_data->buffers = talloc_array(pac_data,
+					 struct PAC_BUFFER,
+					 pac_data->num_buffers);
+	if (!pac_data->buffers) {
+		talloc_free(pac_data);
+		return ENOMEM;
+	}
+
+	/* LOGON_INFO */
+	u_LOGON_INFO = talloc_zero(pac_data->buffers, union PAC_INFO);
+	if (!u_LOGON_INFO) {
+		talloc_free(pac_data);
+		return ENOMEM;
+	}
+	pac_data->buffers[PAC_BUF_LOGON_INFO].type = PAC_TYPE_LOGON_INFO;
+	pac_data->buffers[PAC_BUF_LOGON_INFO].info = u_LOGON_INFO;
+
+	/* LOGON_NAME */
+	u_LOGON_NAME = talloc_zero(pac_data->buffers, union PAC_INFO);
+	if (!u_LOGON_NAME) {
+		talloc_free(pac_data);
+		return ENOMEM;
+	}
+	pac_data->buffers[PAC_BUF_LOGON_NAME].type = PAC_TYPE_LOGON_NAME;
+	pac_data->buffers[PAC_BUF_LOGON_NAME].info = u_LOGON_NAME;
+	LOGON_NAME = &u_LOGON_NAME->logon_name;
+
+	/* SRV_CHECKSUM */
+	u_SRV_CHECKSUM = talloc_zero(pac_data->buffers, union PAC_INFO);
+	if (!u_SRV_CHECKSUM) {
+		talloc_free(pac_data);
+		return ENOMEM;
+	}
+	pac_data->buffers[PAC_BUF_SRV_CHECKSUM].type = PAC_TYPE_SRV_CHECKSUM;
+	pac_data->buffers[PAC_BUF_SRV_CHECKSUM].info = u_SRV_CHECKSUM;
+
+	/* KDC_CHECKSUM */
+	u_KDC_CHECKSUM = talloc_zero(pac_data->buffers, union PAC_INFO);
+	if (!u_KDC_CHECKSUM) {
+		talloc_free(pac_data);
+		return ENOMEM;
+	}
+	pac_data->buffers[PAC_BUF_KDC_CHECKSUM].type = PAC_TYPE_KDC_CHECKSUM;
+	pac_data->buffers[PAC_BUF_KDC_CHECKSUM].info = u_KDC_CHECKSUM;
+
+	/* now the real work begins... */
+
+	LOGON_INFO = talloc_zero(u_LOGON_INFO, struct PAC_LOGON_INFO);
+	if (!LOGON_INFO) {
+		talloc_free(pac_data);
+		return ENOMEM;
+	}
+	nt_status = auth_convert_user_info_dc_saminfo3(LOGON_INFO, user_info_dc,
+						       AUTH_INCLUDE_RESOURCE_GROUPS,
+						       &sam3, NULL);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		DEBUG(1, ("Getting Samba info failed: %s\n", nt_errstr(nt_status)));
+		talloc_free(pac_data);
+		return EINVAL;
+	}
+
+	u_LOGON_INFO->logon_info.info		= LOGON_INFO;
+	LOGON_INFO->info3 = *sam3;
+
+	ret = krb5_unparse_name_flags(context, client_principal,
+				      KRB5_PRINCIPAL_UNPARSE_NO_REALM |
+				      KRB5_PRINCIPAL_UNPARSE_DISPLAY,
+				      &name);
+	if (ret) {
+		return ret;
+	}
+	LOGON_NAME->account_name	= talloc_strdup(LOGON_NAME, name);
+	free(name);
+	/*
+	  this logon_time field is absolutely critical. This is what
+	  caused all our PAC troubles :-)
+	*/
+	unix_to_nt_time(&LOGON_NAME->logon_time, tgs_authtime);
+
+	ret = kerberos_encode_pac(mem_ctx,
+				  pac_data,
+				  context,
+				  krbtgt_keyblock,
+				  service_keyblock,
+				  pac);
+	talloc_free(pac_data);
+	return ret;
+}
+
+static krb5_error_code kerberos_pac_buffer_present(krb5_context context,
+						   const krb5_const_pac pac,
+						   uint32_t type)
+{
+#ifdef SAMBA4_USES_HEIMDAL
+	return krb5_pac_get_buffer(context, pac, type, NULL);
+#else /* MIT */
+	krb5_error_code ret;
+	krb5_data data;
+
+	/*
+	 * MIT won't let us pass NULL for the data parameter, so we are forced
+	 * to allocate a new buffer and then immediately free it.
+	 */
+	ret = krb5_pac_get_buffer(context, pac, type, &data);
+	if (ret == 0) {
+		krb5_free_data_contents(context, &data);
+	}
+	return ret;
+#endif /* SAMBA4_USES_HEIMDAL */
+}
+
+krb5_error_code kerberos_pac_to_user_info_dc(TALLOC_CTX *mem_ctx,
+					     krb5_const_pac pac,
+					     krb5_context context,
+					     struct auth_user_info_dc **user_info_dc,
+					     const enum auth_group_inclusion group_inclusion,
+					     struct PAC_SIGNATURE_DATA *pac_srv_sig,
+					     struct PAC_SIGNATURE_DATA *pac_kdc_sig,
+					     struct PAC_DOMAIN_GROUP_MEMBERSHIP **resource_groups)
+{
+	NTSTATUS nt_status;
+	enum ndr_err_code ndr_err;
+	krb5_error_code ret;
+
+	DATA_BLOB pac_logon_info_in, pac_srv_checksum_in, pac_kdc_checksum_in;
+	krb5_data k5pac_logon_info_in, k5pac_srv_checksum_in, k5pac_kdc_checksum_in;
+	DATA_BLOB pac_upn_dns_info_in;
+	krb5_data k5pac_upn_dns_info_in;
+
+	union PAC_INFO info;
+	union PAC_INFO _upn_dns_info;
+	struct PAC_UPN_DNS_INFO *upn_dns_info = NULL;
+	struct auth_user_info_dc *user_info_dc_out;
+	const struct PAC_DOMAIN_GROUP_MEMBERSHIP *resource_groups_in = NULL;
+	struct PAC_DOMAIN_GROUP_MEMBERSHIP *resource_groups_out = NULL;
+
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+
+	if (!tmp_ctx) {
+		return ENOMEM;
+	}
+
+	if (pac == NULL) {
+		talloc_free(tmp_ctx);
+		return EINVAL;
+	}
+
+	ret = krb5_pac_get_buffer(context, pac, PAC_TYPE_LOGON_INFO, &k5pac_logon_info_in);
+	if (ret != 0) {
+		talloc_free(tmp_ctx);
+		return EINVAL;
+	}
+
+	pac_logon_info_in = data_blob_const(k5pac_logon_info_in.data, k5pac_logon_info_in.length);
+
+	ndr_err = ndr_pull_union_blob(&pac_logon_info_in, tmp_ctx, &info,
+				      PAC_TYPE_LOGON_INFO,
+				      (ndr_pull_flags_fn_t)ndr_pull_PAC_INFO);
+	smb_krb5_free_data_contents(context, &k5pac_logon_info_in);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		nt_status = ndr_map_error2ntstatus(ndr_err);
+		DEBUG(0,("can't parse the PAC LOGON_INFO: %s\n", nt_errstr(nt_status)));
+		talloc_free(tmp_ctx);
+		return EINVAL;
+	}
+	if (info.logon_info.info == NULL) {
+		DEBUG(0,("can't parse the PAC LOGON_INFO: missing info pointer\n"));
+		talloc_free(tmp_ctx);
+		return EINVAL;
+	}
+
+	ret = krb5_pac_get_buffer(context, pac, PAC_TYPE_UPN_DNS_INFO,
+				  &k5pac_upn_dns_info_in);
+	if (ret == ENOENT) {
+		ZERO_STRUCT(k5pac_upn_dns_info_in);
+		ret = 0;
+	}
+	if (ret != 0) {
+		talloc_free(tmp_ctx);
+		return EINVAL;
+	}
+
+	pac_upn_dns_info_in = data_blob_const(k5pac_upn_dns_info_in.data,
+					      k5pac_upn_dns_info_in.length);
+
+	if (pac_upn_dns_info_in.length != 0) {
+		ndr_err = ndr_pull_union_blob(&pac_upn_dns_info_in, tmp_ctx,
+					      &_upn_dns_info,
+					      PAC_TYPE_UPN_DNS_INFO,
+					      (ndr_pull_flags_fn_t)ndr_pull_PAC_INFO);
+		smb_krb5_free_data_contents(context, &k5pac_upn_dns_info_in);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			nt_status = ndr_map_error2ntstatus(ndr_err);
+			DEBUG(0,("can't parse the PAC UPN_DNS_INFO: %s\n",
+				 nt_errstr(nt_status)));
+			talloc_free(tmp_ctx);
+			return EINVAL;
+		}
+		upn_dns_info = &_upn_dns_info.upn_dns_info;
+	}
+
+	/* Pull this right into the normal auth system structures */
+	nt_status = make_user_info_dc_pac(tmp_ctx,
+					 info.logon_info.info,
+					 upn_dns_info,
+					 group_inclusion,
+					 &user_info_dc_out);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		DBG_ERR("make_user_info_dc_pac() failed - %s\n",
+			nt_errstr(nt_status));
+		NDR_PRINT_DEBUG(PAC_LOGON_INFO, info.logon_info.info);
+		if (upn_dns_info != NULL) {
+			NDR_PRINT_DEBUG(PAC_UPN_DNS_INFO, upn_dns_info);
+		}
+		talloc_free(tmp_ctx);
+		return EINVAL;
+	}
+
+	if (pac_srv_sig) {
+		ret = krb5_pac_get_buffer(context, pac, PAC_TYPE_SRV_CHECKSUM, &k5pac_srv_checksum_in);
+		if (ret != 0) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+
+		pac_srv_checksum_in = data_blob_const(k5pac_srv_checksum_in.data, k5pac_srv_checksum_in.length);
+
+		ndr_err = ndr_pull_struct_blob(&pac_srv_checksum_in, pac_srv_sig,
+					       pac_srv_sig,
+					       (ndr_pull_flags_fn_t)ndr_pull_PAC_SIGNATURE_DATA);
+		smb_krb5_free_data_contents(context, &k5pac_srv_checksum_in);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			nt_status = ndr_map_error2ntstatus(ndr_err);
+			DEBUG(0,("can't parse the server signature: %s\n",
+				 nt_errstr(nt_status)));
+			return EINVAL;
+		}
+	}
+
+	if (pac_kdc_sig) {
+		ret = krb5_pac_get_buffer(context, pac, PAC_TYPE_KDC_CHECKSUM, &k5pac_kdc_checksum_in);
+		if (ret != 0) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+
+		pac_kdc_checksum_in = data_blob_const(k5pac_kdc_checksum_in.data, k5pac_kdc_checksum_in.length);
+
+		ndr_err = ndr_pull_struct_blob(&pac_kdc_checksum_in, pac_kdc_sig,
+					       pac_kdc_sig,
+					       (ndr_pull_flags_fn_t)ndr_pull_PAC_SIGNATURE_DATA);
+		smb_krb5_free_data_contents(context, &k5pac_kdc_checksum_in);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			nt_status = ndr_map_error2ntstatus(ndr_err);
+			DEBUG(0,("can't parse the KDC signature: %s\n",
+				 nt_errstr(nt_status)));
+			return EINVAL;
+		}
+	}
+
+	/*
+	 * Based on the presence of a REQUESTER_SID PAC buffer, ascertain
+	 * whether the ticket is a TGT. This helps the KDC and kpasswd service
+	 * ensure they do not accept tickets meant for the other.
+	 *
+	 * This heuristic will fail for older Samba versions and Windows prior
+	 * to Nov. 2021 updates, which lack support for the REQUESTER_SID PAC
+	 * buffer.
+	 */
+	ret = kerberos_pac_buffer_present(context, pac, PAC_TYPE_REQUESTER_SID);
+	if (ret == ENOENT) {
+		/* This probably isn't a TGT. */
+		user_info_dc_out->ticket_type = TICKET_TYPE_NON_TGT;
+	} else if (ret != 0) {
+		talloc_free(tmp_ctx);
+		return ret;
+	} else {
+		/* This probably is a TGT. */
+		user_info_dc_out->ticket_type = TICKET_TYPE_TGT;
+	}
+
+	/*
+	 * If we have resource groups and the caller wants them returned, we
+	 * oblige.
+	 */
+	resource_groups_in = &info.logon_info.info->resource_groups;
+	if (resource_groups != NULL && resource_groups_in->groups.count != 0) {
+		resource_groups_out = talloc(tmp_ctx, struct PAC_DOMAIN_GROUP_MEMBERSHIP);
+		if (resource_groups_out == NULL) {
+			talloc_free(tmp_ctx);
+			return ENOMEM;
+		}
+
+		*resource_groups_out = (struct PAC_DOMAIN_GROUP_MEMBERSHIP) {
+			.domain_sid = talloc_steal(resource_groups_out, resource_groups_in->domain_sid),
+			.groups = {
+				.count = resource_groups_in->groups.count,
+				.rids = talloc_steal(resource_groups_out, resource_groups_in->groups.rids),
+			},
+		};
+	}
+
+	*user_info_dc = talloc_steal(mem_ctx, user_info_dc_out);
+	if (resource_groups_out != NULL) {
+		*resource_groups = talloc_steal(mem_ctx, resource_groups_out);
+	}
+
+	return 0;
+}
+
+
+NTSTATUS kerberos_pac_blob_to_user_info_dc(TALLOC_CTX *mem_ctx,
+					   DATA_BLOB pac_blob,
+					   krb5_context context,
+					   struct auth_user_info_dc **user_info_dc,
+					   struct PAC_SIGNATURE_DATA *pac_srv_sig,
+					   struct PAC_SIGNATURE_DATA *pac_kdc_sig)
+{
+	krb5_error_code ret;
+	krb5_pac pac;
+	ret = krb5_pac_parse(context,
+			     pac_blob.data, pac_blob.length,
+			     &pac);
+	if (ret) {
+		return map_nt_error_from_unix_common(ret);
+	}
+
+
+	ret = kerberos_pac_to_user_info_dc(mem_ctx,
+					   pac,
+					   context,
+					   user_info_dc,
+					   AUTH_INCLUDE_RESOURCE_GROUPS,
+					   pac_srv_sig,
+					   pac_kdc_sig,
+					   NULL);
+	krb5_pac_free(context, pac);
+	if (ret) {
+		return map_nt_error_from_unix_common(ret);
+	}
+	return NT_STATUS_OK;
+}
diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c
new file mode 100644
index 0000000..ba8d822
--- /dev/null
+++ b/source4/auth/kerberos/kerberos_util.c
@@ -0,0 +1,721 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Kerberos utility functions for GENSEC
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/kerberos.h"
+#include "auth/kerberos/kerberos.h"
+#include "auth/credentials/credentials.h"
+#include "auth/credentials/credentials_krb5.h"
+#include "auth/kerberos/kerberos_credentials.h"
+#include "auth/kerberos/kerberos_util.h"
+
+struct principal_container {
+	struct smb_krb5_context *smb_krb5_context;
+	krb5_principal principal;
+	const char *string_form; /* Optional */
+};
+
+static krb5_error_code free_principal(struct principal_container *pc)
+{
+	/* current heimdal - 0.6.3, which we need anyway, fixes segfaults here */
+	krb5_free_principal(pc->smb_krb5_context->krb5_context, pc->principal);
+
+	return 0;
+}
+
+
+static krb5_error_code parse_principal(TALLOC_CTX *parent_ctx,
+				       const char *princ_string,
+				       struct smb_krb5_context *smb_krb5_context,
+				       krb5_principal *princ,
+				       const char **error_string)
+{
+	int ret;
+	struct principal_container *mem_ctx;
+	if (princ_string == NULL) {
+		 *princ = NULL;
+		 return 0;
+	}
+
+	/*
+	 * Start with talloc(), talloc_reference() and only then call
+	 * krb5_parse_name(). If any of them fails, the cleanup code is simpler.
+	 */
+	mem_ctx = talloc(parent_ctx, struct principal_container);
+	if (!mem_ctx) {
+		(*error_string) = error_message(ENOMEM);
+		return ENOMEM;
+	}
+
+	mem_ctx->smb_krb5_context = talloc_reference(mem_ctx,
+						     smb_krb5_context);
+	if (mem_ctx->smb_krb5_context == NULL) {
+		(*error_string) = error_message(ENOMEM);
+		talloc_free(mem_ctx);
+		return ENOMEM;
+	}
+
+	ret = krb5_parse_name(smb_krb5_context->krb5_context,
+			      princ_string, princ);
+
+	if (ret) {
+		(*error_string) = smb_get_krb5_error_message(
+						smb_krb5_context->krb5_context,
+						ret, parent_ctx);
+		talloc_free(mem_ctx);
+		return ret;
+	}
+
+	/* This song-and-dance effectively puts the principal
+	 * into talloc, so we can't lose it. */
+	mem_ctx->principal = *princ;
+	talloc_set_destructor(mem_ctx, free_principal);
+	return 0;
+}
+
+/* Obtain the principal set on this context.  Requires a
+ * smb_krb5_context because we are doing krb5 principal parsing with
+ * the library routines.  The returned princ is placed in the talloc
+ * system by means of a destructor (do *not* free). */
+
+krb5_error_code principal_from_credentials(TALLOC_CTX *parent_ctx,
+				struct cli_credentials *credentials,
+				struct smb_krb5_context *smb_krb5_context,
+				krb5_principal *princ,
+				enum credentials_obtained *obtained,
+				const char **error_string)
+{
+	krb5_error_code ret;
+	const char *princ_string;
+	TALLOC_CTX *mem_ctx = talloc_new(parent_ctx);
+	*obtained = CRED_UNINITIALISED;
+
+	if (!mem_ctx) {
+		(*error_string) = error_message(ENOMEM);
+		return ENOMEM;
+	}
+	princ_string = cli_credentials_get_principal_and_obtained(credentials,
+								  mem_ctx,
+								  obtained);
+	if (!princ_string) {
+		*princ = NULL;
+		return 0;
+	}
+
+	ret = parse_principal(parent_ctx, princ_string,
+			      smb_krb5_context, princ, error_string);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+/* Obtain the principal set on this context.  Requires a
+ * smb_krb5_context because we are doing krb5 principal parsing with
+ * the library routines.  The returned princ is placed in the talloc
+ * system by means of a destructor (do *not* free). */
+
+static krb5_error_code impersonate_principal_from_credentials(
+				TALLOC_CTX *parent_ctx,
+				struct cli_credentials *credentials,
+				struct smb_krb5_context *smb_krb5_context,
+				krb5_principal *princ,
+				const char **error_string)
+{
+	return parse_principal(parent_ctx,
+			cli_credentials_get_impersonate_principal(credentials),
+			smb_krb5_context, princ, error_string);
+}
+
+krb5_error_code smb_krb5_create_principals_array(TALLOC_CTX *mem_ctx,
+						 krb5_context context,
+						 const char *account_name,
+						 const char *realm,
+						 uint32_t num_spns,
+						 const char *spns[],
+						 uint32_t *pnum_principals,
+						 krb5_principal **pprincipals,
+						 const char **error_string)
+{
+	krb5_error_code code;
+	TALLOC_CTX *tmp_ctx;
+	uint32_t num_principals = 0;
+	krb5_principal *principals;
+	uint32_t i;
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		*error_string = "Cannot allocate tmp_ctx";
+		return ENOMEM;
+	}
+
+	if (realm == NULL) {
+		*error_string = "Cannot create principal without a realm";
+		code = EINVAL;
+		goto done;
+	}
+
+	if (account_name == NULL && (num_spns == 0 || spns == NULL)) {
+		*error_string = "Cannot create principal without an account or SPN";
+		code = EINVAL;
+		goto done;
+	}
+
+	if (account_name != NULL && account_name[0] != '\0') {
+		num_principals++;
+	}
+	num_principals += num_spns;
+
+	principals = talloc_zero_array(tmp_ctx,
+				       krb5_principal,
+				       num_principals);
+	if (principals == NULL) {
+		*error_string = "Cannot allocate principals";
+		code = ENOMEM;
+		goto done;
+	}
+
+	for (i = 0; i < num_spns; i++) {
+		code = krb5_parse_name(context, spns[i], &(principals[i]));
+		if (code != 0) {
+			*error_string = smb_get_krb5_error_message(context,
+								   code,
+								   mem_ctx);
+			goto done;
+		}
+	}
+
+	if (account_name != NULL && account_name[0] != '\0') {
+		code = smb_krb5_make_principal(context,
+					       &(principals[i]),
+					       realm,
+					       account_name,
+					       NULL);
+		if (code != 0) {
+			*error_string = smb_get_krb5_error_message(context,
+								   code,
+								   mem_ctx);
+			goto done;
+		}
+	}
+
+	if (pnum_principals != NULL) {
+		*pnum_principals = num_principals;
+
+		if (pprincipals != NULL) {
+			*pprincipals = talloc_steal(mem_ctx, principals);
+		}
+	}
+
+	code = 0;
+done:
+	talloc_free(tmp_ctx);
+	return code;
+}
+
+/**
+ * Return a freshly allocated ccache (destroyed by destructor on child
+ * of parent_ctx), for a given set of client credentials
+ */
+
+ krb5_error_code kinit_to_ccache(TALLOC_CTX *parent_ctx,
+				 struct cli_credentials *credentials,
+				 struct smb_krb5_context *smb_krb5_context,
+				 struct loadparm_context *lp_ctx,
+				 struct tevent_context *event_ctx,
+				 krb5_ccache ccache,
+				 enum credentials_obtained *obtained,
+				 const char **error_string)
+{
+	krb5_error_code ret;
+	const char *password;
+	const char *self_service;
+	const char *target_service;
+	time_t kdc_time = 0;
+	krb5_principal princ;
+	krb5_principal impersonate_principal;
+	int tries;
+	TALLOC_CTX *mem_ctx = talloc_new(parent_ctx);
+	krb5_get_init_creds_opt *krb_options;
+	struct cli_credentials *fast_creds;
+
+	if (!mem_ctx) {
+		(*error_string) = strerror(ENOMEM);
+		return ENOMEM;
+	}
+
+	ret = principal_from_credentials(mem_ctx, credentials, smb_krb5_context, &princ, obtained, error_string);
+	if (ret) {
+		talloc_free(mem_ctx);
+		return ret;
+	}
+
+	if (princ == NULL) {
+		(*error_string) = talloc_asprintf(credentials, "principal, username or realm was not specified in the credentials");
+		talloc_free(mem_ctx);
+		return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
+	}
+
+	ret = impersonate_principal_from_credentials(mem_ctx, credentials, smb_krb5_context, &impersonate_principal, error_string);
+	if (ret) {
+		talloc_free(mem_ctx);
+		return ret;
+	}
+
+	self_service = cli_credentials_get_self_service(credentials);
+	target_service = cli_credentials_get_target_service(credentials);
+
+	password = cli_credentials_get_password(credentials);
+
+	/* setup the krb5 options we want */
+	if ((ret = krb5_get_init_creds_opt_alloc(smb_krb5_context->krb5_context, &krb_options))) {
+		(*error_string) = talloc_asprintf(credentials, "krb5_get_init_creds_opt_alloc failed (%s)\n",
+						  smb_get_krb5_error_message(smb_krb5_context->krb5_context,
+									     ret, mem_ctx));
+		talloc_free(mem_ctx);
+		return ret;
+	}
+
+#ifdef SAMBA4_USES_HEIMDAL /* Disable for now MIT reads defaults when needed */
+	/* get the defaults */
+	krb5_get_init_creds_opt_set_default_flags(smb_krb5_context->krb5_context, NULL, NULL, krb_options);
+#endif
+	/* set if we want a forwardable ticket */
+	switch (cli_credentials_get_krb_forwardable(credentials)) {
+	case CRED_AUTO_KRB_FORWARDABLE:
+		break;
+	case CRED_NO_KRB_FORWARDABLE:
+		krb5_get_init_creds_opt_set_forwardable(krb_options, FALSE);
+		break;
+	case CRED_FORCE_KRB_FORWARDABLE:
+		krb5_get_init_creds_opt_set_forwardable(krb_options, TRUE);
+		break;
+	}
+
+#ifdef SAMBA4_USES_HEIMDAL /* FIXME: MIT does not have this yet */
+	/*
+	 * In order to work against windows KDCs even if we use
+	 * the netbios domain name as realm, we need to add the following
+	 * flags:
+	 * KRB5_INIT_CREDS_NO_C_CANON_CHECK;
+	 * KRB5_INIT_CREDS_NO_C_NO_EKU_CHECK;
+	 *
+	 * On MIT: Set pkinit_eku_checking to none
+	 */
+	krb5_get_init_creds_opt_set_win2k(smb_krb5_context->krb5_context,
+					  krb_options, true);
+	krb5_get_init_creds_opt_set_canonicalize(smb_krb5_context->krb5_context,
+						 krb_options, true);
+#else /* MIT */
+	krb5_get_init_creds_opt_set_canonicalize(krb_options, true);
+#endif
+
+	fast_creds = cli_credentials_get_krb5_fast_armor_credentials(credentials);
+
+	if (fast_creds != NULL) {
+#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_FAST_CCACHE
+		struct ccache_container *fast_ccc = NULL;
+		const char *fast_error_string = NULL;
+		ret = cli_credentials_get_ccache(fast_creds, event_ctx, lp_ctx, &fast_ccc, &fast_error_string);
+		if (ret != 0) {
+			(*error_string) = talloc_asprintf(credentials,
+							  "Obtaining the Kerberos FAST armor credentials failed: %s\n",
+							  fast_error_string);
+			return ret;
+		}
+		krb5_get_init_creds_opt_set_fast_ccache(smb_krb5_context->krb5_context,
+							krb_options,
+							fast_ccc->ccache);
+#else
+		*error_string = talloc_strdup(credentials,
+					      "Using Kerberos FAST "
+					      "armor credentials not possible "
+					      "with this Kerberos library.  "
+					      "Modern MIT or Samba's embedded "
+					      "Heimdal required");
+		return EINVAL;
+#endif
+	}
+
+#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_FAST_FLAGS
+	{
+		bool require_fast;
+		/*
+		 * This ensures that if FAST was required, but no armor
+		 * credentials cache was specified, we proceed with (eg)
+		 * anonymous PKINIT
+		 */
+		require_fast = cli_credentials_get_krb5_require_fast_armor(credentials);
+		if (require_fast) {
+			krb5_get_init_creds_opt_set_fast_flags(smb_krb5_context->krb5_context,
+							       krb_options,
+							       KRB5_FAST_REQUIRED);
+		}
+	}
+#endif
+
+	tries = 2;
+	while (tries--) {
+#ifdef SAMBA4_USES_HEIMDAL
+		struct tevent_context *previous_ev;
+		/* Do this every time, in case we have weird recursive issues here */
+		ret = smb_krb5_context_set_event_ctx(smb_krb5_context, event_ctx, &previous_ev);
+		if (ret) {
+			talloc_free(mem_ctx);
+			krb5_get_init_creds_opt_free(smb_krb5_context->krb5_context, krb_options);
+			return ret;
+		}
+#endif
+		if (password) {
+			if (impersonate_principal) {
+				ret = smb_krb5_kinit_s4u2_ccache(smb_krb5_context->krb5_context,
+								 ccache,
+								 princ,
+								 password,
+								 impersonate_principal,
+								 self_service,
+								 target_service,
+								 krb_options,
+								 NULL,
+								 &kdc_time);
+			} else {
+				ret = smb_krb5_kinit_password_ccache(smb_krb5_context->krb5_context,
+								     ccache,
+								     princ,
+								     password,
+								     target_service,
+								     krb_options,
+								     NULL,
+								     &kdc_time);
+			}
+		} else if (impersonate_principal) {
+			talloc_free(mem_ctx);
+			(*error_string) = "INTERNAL error: Cannot impersonate principal with just a keyblock.  A password must be specified in the credentials";
+			krb5_get_init_creds_opt_free(smb_krb5_context->krb5_context, krb_options);
+#ifdef SAMBA4_USES_HEIMDAL
+			smb_krb5_context_remove_event_ctx(smb_krb5_context, previous_ev, event_ctx);
+#endif
+			return EINVAL;
+		} else {
+			/* No password available, try to use a keyblock instead */
+
+			krb5_keyblock keyblock;
+			const struct samr_Password *mach_pwd;
+			mach_pwd = cli_credentials_get_nt_hash(credentials, mem_ctx);
+			if (!mach_pwd) {
+				talloc_free(mem_ctx);
+				(*error_string) = "kinit_to_ccache: No password available for kinit\n";
+				krb5_get_init_creds_opt_free(smb_krb5_context->krb5_context, krb_options);
+#ifdef SAMBA4_USES_HEIMDAL
+				smb_krb5_context_remove_event_ctx(smb_krb5_context, previous_ev, event_ctx);
+#endif
+				return EINVAL;
+			}
+			ret = smb_krb5_keyblock_init_contents(smb_krb5_context->krb5_context,
+						 ENCTYPE_ARCFOUR_HMAC,
+						 mach_pwd->hash, sizeof(mach_pwd->hash),
+						 &keyblock);
+
+			if (ret == 0) {
+				ret = smb_krb5_kinit_keyblock_ccache(smb_krb5_context->krb5_context,
+								     ccache,
+								     princ,
+								     &keyblock,
+								     target_service,
+								     krb_options,
+								     NULL,
+								     &kdc_time);
+				krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &keyblock);
+			}
+		}
+
+#ifdef SAMBA4_USES_HEIMDAL
+		smb_krb5_context_remove_event_ctx(smb_krb5_context, previous_ev, event_ctx);
+#endif
+
+		if (ret == KRB5KRB_AP_ERR_SKEW || ret == KRB5_KDCREP_SKEW) {
+			/* Perhaps we have been given an invalid skew, so try again without it */
+			time_t t = time(NULL);
+			krb5_set_real_time(smb_krb5_context->krb5_context, t, 0);
+		} else {
+			/* not a skew problem */
+			break;
+		}
+	}
+
+	krb5_get_init_creds_opt_free(smb_krb5_context->krb5_context, krb_options);
+
+	if (ret == KRB5KRB_AP_ERR_SKEW || ret == KRB5_KDCREP_SKEW) {
+		(*error_string) = talloc_asprintf(credentials, "kinit for %s failed (%s)\n",
+						  cli_credentials_get_principal(credentials, mem_ctx),
+						  smb_get_krb5_error_message(smb_krb5_context->krb5_context,
+									     ret, mem_ctx));
+		talloc_free(mem_ctx);
+		return ret;
+	}
+
+	/* cope with ticket being in the future due to clock skew */
+	if ((unsigned)kdc_time > time(NULL)) {
+		time_t t = time(NULL);
+		int time_offset =(unsigned)kdc_time-t;
+		DEBUG(4,("Advancing clock by %d seconds to cope with clock skew\n", time_offset));
+		krb5_set_real_time(smb_krb5_context->krb5_context, t + time_offset + 1, 0);
+	}
+
+	if (ret == KRB5KDC_ERR_PREAUTH_FAILED && cli_credentials_wrong_password(credentials)) {
+		ret = kinit_to_ccache(parent_ctx,
+				      credentials,
+				      smb_krb5_context,
+				      lp_ctx,
+				      event_ctx,
+				      ccache, obtained,
+				      error_string);
+	}
+
+	if (ret) {
+		(*error_string) = talloc_asprintf(credentials, "kinit for %s failed (%s)\n",
+						  cli_credentials_get_principal(credentials, mem_ctx),
+						  smb_get_krb5_error_message(smb_krb5_context->krb5_context,
+									     ret, mem_ctx));
+		talloc_free(mem_ctx);
+		return ret;
+	}
+
+	DEBUG(10,("kinit for %s succeeded\n",
+		cli_credentials_get_principal(credentials, mem_ctx)));
+
+
+	talloc_free(mem_ctx);
+	return 0;
+}
+
+static krb5_error_code free_keytab_container(struct keytab_container *ktc)
+{
+	return krb5_kt_close(ktc->smb_krb5_context->krb5_context, ktc->keytab);
+}
+
+krb5_error_code smb_krb5_get_keytab_container(TALLOC_CTX *mem_ctx,
+				struct smb_krb5_context *smb_krb5_context,
+				krb5_keytab opt_keytab,
+				const char *keytab_name,
+				struct keytab_container **ktc)
+{
+	krb5_keytab keytab;
+	krb5_error_code ret;
+
+	/*
+	 * Start with talloc(), talloc_reference() and only then call
+	 * krb5_kt_resolve(). If any of them fails, the cleanup code is simpler.
+	 */
+	*ktc = talloc(mem_ctx, struct keytab_container);
+	if (!*ktc) {
+		return ENOMEM;
+	}
+
+	(*ktc)->smb_krb5_context = talloc_reference(*ktc, smb_krb5_context);
+	if ((*ktc)->smb_krb5_context == NULL) {
+		TALLOC_FREE(*ktc);
+		return ENOMEM;
+	}
+
+	if (opt_keytab) {
+		keytab = opt_keytab;
+	} else {
+		ret = krb5_kt_resolve(smb_krb5_context->krb5_context,
+						keytab_name, &keytab);
+		if (ret) {
+			DEBUG(1,("failed to open krb5 keytab: %s\n",
+				 smb_get_krb5_error_message(
+					smb_krb5_context->krb5_context,
+					ret, mem_ctx)));
+			TALLOC_FREE(*ktc);
+			return ret;
+		}
+	}
+
+	(*ktc)->keytab = keytab;
+	(*ktc)->password_based = false;
+	talloc_set_destructor(*ktc, free_keytab_container);
+
+	return 0;
+}
+
+/*
+ * Walk the keytab, looking for entries of this principal name,
+ * with KVNO other than current kvno -1.
+ *
+ * These entries are now stale,
+ * we only keep the current and previous entries around.
+ *
+ * Inspired by the code in Samba3 for 'use kerberos keytab'.
+ */
+krb5_error_code smb_krb5_remove_obsolete_keytab_entries(TALLOC_CTX *mem_ctx,
+							krb5_context context,
+							krb5_keytab keytab,
+							uint32_t num_principals,
+							krb5_principal *principals,
+							krb5_kvno kvno,
+							bool *found_previous,
+							const char **error_string)
+{
+	TALLOC_CTX *tmp_ctx;
+	krb5_error_code code;
+	krb5_kt_cursor cursor;
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		*error_string = "Cannot allocate tmp_ctx";
+		return ENOMEM;
+	}
+
+	*found_previous = true;
+
+	code = krb5_kt_start_seq_get(context, keytab, &cursor);
+	switch (code) {
+	case 0:
+		break;
+#ifdef HEIM_ERR_OPNOTSUPP
+	case HEIM_ERR_OPNOTSUPP:
+#endif
+	case ENOENT:
+	case KRB5_KT_END:
+		/* no point enumerating if there isn't anything here */
+		code = 0;
+		goto done;
+	default:
+		*error_string = talloc_asprintf(mem_ctx,
+						"failed to open keytab for read of old entries: %s\n",
+						smb_get_krb5_error_message(context, code, mem_ctx));
+		goto done;
+	}
+
+	do {
+		krb5_kvno old_kvno = kvno - 1;
+		krb5_keytab_entry entry;
+		bool matched = false;
+		uint32_t i;
+
+		code = krb5_kt_next_entry(context, keytab, &entry, &cursor);
+		if (code) {
+			break;
+		}
+
+		for (i = 0; i < num_principals; i++) {
+			krb5_boolean ok;
+
+			ok = smb_krb5_kt_compare(context,
+						&entry,
+						principals[i],
+						0,
+						0);
+			if (ok) {
+				matched = true;
+				break;
+			}
+		}
+
+		if (!matched) {
+			/*
+			 * Free the entry, it wasn't the one we were looking
+			 * for anyway
+			 */
+			krb5_kt_free_entry(context, &entry);
+			/* Make sure we do not double free */
+			ZERO_STRUCT(entry);
+			continue;
+		}
+
+		/*
+		 * Delete it, if it is not kvno - 1.
+		 *
+		 * Some keytab files store the kvno only in 8bits. Limit the
+		 * compare to 8bits, so that we don't miss old keys and delete
+		 * them.
+		 */
+		if ((entry.vno & 0xff) != (old_kvno & 0xff)) {
+			krb5_error_code rc;
+
+			/* Release the enumeration.  We are going to
+			 * have to start this from the top again,
+			 * because deletes during enumeration may not
+			 * always be consistent.
+			 *
+			 * Also, the enumeration locks a FILE: keytab
+			 */
+			krb5_kt_end_seq_get(context, keytab, &cursor);
+
+			code = krb5_kt_remove_entry(context, keytab, &entry);
+			krb5_kt_free_entry(context, &entry);
+
+			/* Make sure we do not double free */
+			ZERO_STRUCT(entry);
+
+			/* Deleted: Restart from the top */
+			rc = krb5_kt_start_seq_get(context, keytab, &cursor);
+			if (rc != 0) {
+				krb5_kt_free_entry(context, &entry);
+
+				/* Make sure we do not double free */
+				ZERO_STRUCT(entry);
+
+				DEBUG(1, ("failed to restart enumeration of keytab: %s\n",
+					  smb_get_krb5_error_message(context,
+								     code,
+								     tmp_ctx)));
+
+				talloc_free(tmp_ctx);
+				return rc;
+			}
+
+			if (code != 0) {
+				break;
+			}
+
+		} else {
+			*found_previous = true;
+		}
+
+		/* Free the entry, we don't need it any more */
+		krb5_kt_free_entry(context, &entry);
+		/* Make sure we do not double free */
+		ZERO_STRUCT(entry);
+	} while (code == 0);
+
+	krb5_kt_end_seq_get(context, keytab, &cursor);
+
+	switch (code) {
+	case 0:
+		break;
+	case ENOENT:
+	case KRB5_KT_END:
+		break;
+	default:
+		*error_string = talloc_asprintf(mem_ctx,
+						"failed in deleting old entries for principal: %s\n",
+						smb_get_krb5_error_message(context,
+									   code,
+									   mem_ctx));
+	}
+
+	code = 0;
+done:
+	talloc_free(tmp_ctx);
+	return code;
+}
diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c
new file mode 100644
index 0000000..e8114af
--- /dev/null
+++ b/source4/auth/kerberos/krb5_init_context.c
@@ -0,0 +1,885 @@
+/*
+   Unix SMB/CIFS implementation.
+   Wrapper for krb5_init_context
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
+   Copyright (C) Andrew Tridgell 2005
+   Copyright (C) Stefan Metzmacher 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/kerberos.h"
+#include <tevent.h>
+#include "auth/kerberos/kerberos.h"
+#include "lib/socket/socket.h"
+#include "lib/stream/packet.h"
+#include "system/network.h"
+#include "param/param.h"
+#include "libcli/resolve/resolve.h"
+#include "../lib/tsocket/tsocket.h"
+#include "krb5_init_context.h"
+#ifdef SAMBA4_USES_HEIMDAL
+#include "../lib/dbwrap/dbwrap.h"
+#include "../lib/dbwrap/dbwrap_rbt.h"
+#include "../lib/util/util_tdb.h"
+#include <krb5/send_to_kdc_plugin.h>
+#endif
+
+/*
+  context structure for operations on cldap packets
+*/
+struct smb_krb5_socket {
+	struct socket_context *sock;
+
+	/* the fd event */
+	struct tevent_fd *fde;
+
+	NTSTATUS status;
+	DATA_BLOB request, reply;
+
+	struct packet_context *packet;
+
+	size_t partial_read;
+#ifdef SAMBA4_USES_HEIMDAL
+	krb5_krbhst_info *hi;
+#endif
+};
+
+static krb5_error_code smb_krb5_context_destroy(struct smb_krb5_context *ctx)
+{
+#ifdef SAMBA4_USES_HEIMDAL
+	if (ctx->pvt_log_data) {
+		/* Otherwise krb5_free_context will try and close what we
+		 * have already free()ed */
+		krb5_set_warn_dest(ctx->krb5_context, NULL);
+		krb5_closelog(ctx->krb5_context,
+				(krb5_log_facility *)ctx->pvt_log_data);
+	}
+#endif
+	krb5_free_context(ctx->krb5_context);
+	return 0;
+}
+
+#ifdef SAMBA4_USES_HEIMDAL
+/* We never close down the DEBUG system, and no need to unreference the use */
+static void smb_krb5_debug_close(void *private_data) {
+	return;
+}
+#endif
+
+#ifdef SAMBA4_USES_HEIMDAL
+static void smb_krb5_debug_wrapper(
+#ifdef HAVE_KRB5_ADDLOG_FUNC_NEED_CONTEXT
+		krb5_context ctx,
+#endif /* HAVE_KRB5_ADDLOG_FUNC_NEED_CONTEXT */
+		const char *timestr, const char *msg, void *private_data)
+{
+	DEBUGC(DBGC_KERBEROS, 3, ("Kerberos: %s\n", msg));
+}
+#endif
+
+#ifdef SAMBA4_USES_HEIMDAL
+/*
+  handle recv events on a smb_krb5 socket
+*/
+static void smb_krb5_socket_recv(struct smb_krb5_socket *smb_krb5)
+{
+	TALLOC_CTX *tmp_ctx = talloc_new(smb_krb5);
+	DATA_BLOB blob;
+	size_t nread, dsize;
+
+	smb_krb5->status = socket_pending(smb_krb5->sock, &dsize);
+	if (!NT_STATUS_IS_OK(smb_krb5->status)) {
+		talloc_free(tmp_ctx);
+		return;
+	}
+
+	blob = data_blob_talloc(tmp_ctx, NULL, dsize);
+	if (blob.data == NULL && dsize != 0) {
+		smb_krb5->status = NT_STATUS_NO_MEMORY;
+		talloc_free(tmp_ctx);
+		return;
+	}
+
+	smb_krb5->status = socket_recv(smb_krb5->sock, blob.data, blob.length, &nread);
+	if (!NT_STATUS_IS_OK(smb_krb5->status)) {
+		talloc_free(tmp_ctx);
+		return;
+	}
+	blob.length = nread;
+
+	if (nread == 0) {
+		smb_krb5->status = NT_STATUS_UNEXPECTED_NETWORK_ERROR;
+		talloc_free(tmp_ctx);
+		return;
+	}
+
+	DEBUG(4,("Received smb_krb5 packet of length %d\n",
+		 (int)blob.length));
+
+	talloc_steal(smb_krb5, blob.data);
+	smb_krb5->reply = blob;
+	talloc_free(tmp_ctx);
+}
+
+static NTSTATUS smb_krb5_full_packet(void *private_data, DATA_BLOB data)
+{
+	struct smb_krb5_socket *smb_krb5 = talloc_get_type(private_data, struct smb_krb5_socket);
+	talloc_steal(smb_krb5, data.data);
+	smb_krb5->reply = data;
+	smb_krb5->reply.length -= 4;
+	smb_krb5->reply.data += 4;
+	return NT_STATUS_OK;
+}
+
+/*
+  handle request timeouts
+*/
+static void smb_krb5_request_timeout(struct tevent_context *event_ctx,
+				  struct tevent_timer *te, struct timeval t,
+				  void *private_data)
+{
+	struct smb_krb5_socket *smb_krb5 = talloc_get_type(private_data, struct smb_krb5_socket);
+	DEBUG(5,("Timed out smb_krb5 packet\n"));
+	smb_krb5->status = NT_STATUS_IO_TIMEOUT;
+}
+
+static void smb_krb5_error_handler(void *private_data, NTSTATUS status)
+{
+	struct smb_krb5_socket *smb_krb5 = talloc_get_type(private_data, struct smb_krb5_socket);
+	smb_krb5->status = status;
+}
+
+/*
+  handle send events on a smb_krb5 socket
+*/
+static void smb_krb5_socket_send(struct smb_krb5_socket *smb_krb5)
+{
+	NTSTATUS status;
+
+	size_t len;
+
+	len = smb_krb5->request.length;
+	status = socket_send(smb_krb5->sock, &smb_krb5->request, &len);
+
+	if (!NT_STATUS_IS_OK(status)) return;
+
+	TEVENT_FD_READABLE(smb_krb5->fde);
+
+	TEVENT_FD_NOT_WRITEABLE(smb_krb5->fde);
+	return;
+}
+
+
+/*
+  handle fd events on a smb_krb5_socket
+*/
+static void smb_krb5_socket_handler(struct tevent_context *ev, struct tevent_fd *fde,
+				 uint16_t flags, void *private_data)
+{
+	struct smb_krb5_socket *smb_krb5 = talloc_get_type(private_data, struct smb_krb5_socket);
+	switch (smb_krb5->hi->proto) {
+	case KRB5_KRBHST_UDP:
+		if (flags & TEVENT_FD_READ) {
+			smb_krb5_socket_recv(smb_krb5);
+			return;
+		}
+		if (flags & TEVENT_FD_WRITE) {
+			smb_krb5_socket_send(smb_krb5);
+			return;
+		}
+		/* not reached */
+		return;
+	case KRB5_KRBHST_TCP:
+		if (flags & TEVENT_FD_READ) {
+			packet_recv(smb_krb5->packet);
+			return;
+		}
+		if (flags & TEVENT_FD_WRITE) {
+			packet_queue_run(smb_krb5->packet);
+			return;
+		}
+		/* not reached */
+		return;
+	case KRB5_KRBHST_HTTP:
+		/* can't happen */
+		break;
+	}
+}
+
+static krb5_error_code smb_krb5_send_and_recv_func_int(struct smb_krb5_context *smb_krb5_context,
+						       struct tevent_context *ev,
+						       krb5_krbhst_info *hi,
+						       struct addrinfo *ai,
+						       smb_krb5_send_to_kdc_func func,
+						       void *data,
+						       time_t timeout,
+						       const krb5_data *send_buf,
+						       krb5_data *recv_buf)
+{
+	krb5_error_code ret;
+	NTSTATUS status;
+	const char *name;
+	struct addrinfo *a;
+	struct smb_krb5_socket *smb_krb5;
+
+	DATA_BLOB send_blob;
+
+	TALLOC_CTX *frame = talloc_stackframe();
+	if (frame == NULL) {
+		return ENOMEM;
+	}
+
+	send_blob = data_blob_const(send_buf->data, send_buf->length);
+
+	for (a = ai; a; a = a->ai_next) {
+		struct socket_address *remote_addr;
+		smb_krb5 = talloc(frame, struct smb_krb5_socket);
+		if (!smb_krb5) {
+			TALLOC_FREE(frame);
+			return ENOMEM;
+		}
+		smb_krb5->hi = hi;
+
+		switch (a->ai_family) {
+		case PF_INET:
+			name = "ipv4";
+			break;
+#ifdef HAVE_IPV6
+		case PF_INET6:
+			name = "ipv6";
+			break;
+#endif
+		default:
+			TALLOC_FREE(frame);
+			return EINVAL;
+		}
+
+		status = NT_STATUS_INVALID_PARAMETER;
+		switch (hi->proto) {
+		case KRB5_KRBHST_UDP:
+			status = socket_create(smb_krb5, name,
+					       SOCKET_TYPE_DGRAM,
+					       &smb_krb5->sock, 0);
+			break;
+		case KRB5_KRBHST_TCP:
+			status = socket_create(smb_krb5, name,
+					       SOCKET_TYPE_STREAM,
+					       &smb_krb5->sock, 0);
+			break;
+		case KRB5_KRBHST_HTTP:
+			TALLOC_FREE(frame);
+			return EINVAL;
+		}
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(smb_krb5);
+			continue;
+		}
+
+		remote_addr = socket_address_from_sockaddr(smb_krb5, a->ai_addr, a->ai_addrlen);
+		if (!remote_addr) {
+			talloc_free(smb_krb5);
+			continue;
+		}
+
+		status = socket_connect_ev(smb_krb5->sock, NULL, remote_addr, 0, ev);
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(smb_krb5);
+			continue;
+		}
+
+		/* Setup the FDE, start listening for read events
+		 * from the start (otherwise we may miss a socket
+		 * drop) and mark as AUTOCLOSE along with the fde */
+
+		/* This is equivalent to EVENT_FD_READABLE(smb_krb5->fde) */
+		smb_krb5->fde = tevent_add_fd(ev, smb_krb5->sock,
+					      socket_get_fd(smb_krb5->sock),
+					      TEVENT_FD_READ,
+					      smb_krb5_socket_handler, smb_krb5);
+		/* its now the job of the event layer to close the socket */
+		tevent_fd_set_close_fn(smb_krb5->fde, socket_tevent_fd_close_fn);
+		socket_set_flags(smb_krb5->sock, SOCKET_FLAG_NOCLOSE);
+
+		tevent_add_timer(ev, smb_krb5,
+				 timeval_current_ofs(timeout, 0),
+				 smb_krb5_request_timeout, smb_krb5);
+
+		smb_krb5->status = NT_STATUS_OK;
+		smb_krb5->reply = data_blob(NULL, 0);
+
+		switch (hi->proto) {
+		case KRB5_KRBHST_UDP:
+			TEVENT_FD_WRITEABLE(smb_krb5->fde);
+			smb_krb5->request = send_blob;
+			break;
+		case KRB5_KRBHST_TCP:
+
+			smb_krb5->packet = packet_init(smb_krb5);
+			if (smb_krb5->packet == NULL) {
+				talloc_free(smb_krb5);
+				return ENOMEM;
+			}
+			packet_set_private(smb_krb5->packet, smb_krb5);
+			packet_set_socket(smb_krb5->packet, smb_krb5->sock);
+			packet_set_callback(smb_krb5->packet, smb_krb5_full_packet);
+			packet_set_full_request(smb_krb5->packet, packet_full_request_u32);
+			packet_set_error_handler(smb_krb5->packet, smb_krb5_error_handler);
+			packet_set_event_context(smb_krb5->packet, ev);
+			packet_set_fde(smb_krb5->packet, smb_krb5->fde);
+
+			smb_krb5->request = data_blob_talloc(smb_krb5, NULL, send_blob.length + 4);
+			RSIVAL(smb_krb5->request.data, 0, send_blob.length);
+			memcpy(smb_krb5->request.data+4, send_blob.data, send_blob.length);
+			packet_send(smb_krb5->packet, smb_krb5->request);
+			break;
+		case KRB5_KRBHST_HTTP:
+			TALLOC_FREE(frame);
+			return EINVAL;
+		}
+		while ((NT_STATUS_IS_OK(smb_krb5->status)) && !smb_krb5->reply.length) {
+			if (tevent_loop_once(ev) != 0) {
+				TALLOC_FREE(frame);
+				return EINVAL;
+			}
+
+                        if (func) {
+				/* After each and every event loop, reset the
+				 * send_to_kdc pointers to what they were when
+				 * we entered this loop.  That way, if a
+				 * nested event has invalidated them, we put
+				 * it back before we return to the heimdal
+				 * code */
+				ret = smb_krb5_set_send_to_kdc_func(smb_krb5_context,
+								    NULL, /* send_to_realm */
+								    func,
+								    data);
+				if (ret != 0) {
+					TALLOC_FREE(frame);
+					return ret;
+				}
+			}
+		}
+		if (NT_STATUS_EQUAL(smb_krb5->status, NT_STATUS_IO_TIMEOUT)) {
+			talloc_free(smb_krb5);
+			continue;
+		}
+
+		if (!NT_STATUS_IS_OK(smb_krb5->status)) {
+			struct tsocket_address *addr = socket_address_to_tsocket_address(smb_krb5, remote_addr);
+			const char *addr_string = NULL;
+			if (addr) {
+				addr_string = tsocket_address_inet_addr_string(addr, smb_krb5);
+			} else {
+				addr_string = NULL;
+			}
+			DEBUG(2,("Error reading smb_krb5 reply packet: %s from %s\n", nt_errstr(smb_krb5->status),
+				 addr_string));
+			talloc_free(smb_krb5);
+			continue;
+		}
+
+		ret = krb5_data_copy(recv_buf, smb_krb5->reply.data, smb_krb5->reply.length);
+		if (ret) {
+			TALLOC_FREE(frame);
+			return ret;
+		}
+		talloc_free(smb_krb5);
+
+		break;
+	}
+	TALLOC_FREE(frame);
+	if (a) {
+		return 0;
+	}
+	return KRB5_KDC_UNREACH;
+}
+
+krb5_error_code smb_krb5_send_and_recv_func(struct smb_krb5_context *smb_krb5_context,
+					    void *data,
+					    krb5_krbhst_info *hi,
+					    time_t timeout,
+					    const krb5_data *send_buf,
+					    krb5_data *recv_buf)
+{
+	krb5_error_code ret;
+	struct addrinfo *ai;
+
+	struct tevent_context *ev;
+	TALLOC_CTX *frame = talloc_stackframe();
+	if (frame == NULL) {
+		return ENOMEM;
+	}
+
+	if (data == NULL) {
+		/* If no event context was available, then create one for this loop */
+		ev = samba_tevent_context_init(frame);
+		if (ev == NULL) {
+			TALLOC_FREE(frame);
+			return ENOMEM;
+		}
+	} else {
+		ev = talloc_get_type_abort(data, struct tevent_context);
+	}
+
+	ret = krb5_krbhst_get_addrinfo(smb_krb5_context->krb5_context, hi, &ai);
+	if (ret) {
+		TALLOC_FREE(frame);
+		return ret;
+	}
+
+	ret = smb_krb5_send_and_recv_func_int(smb_krb5_context,
+					      ev, hi, ai,
+					      smb_krb5_send_and_recv_func,
+					      data, timeout, send_buf, recv_buf);
+	TALLOC_FREE(frame);
+	return ret;
+}
+
+krb5_error_code smb_krb5_send_and_recv_func_forced_tcp(struct smb_krb5_context *smb_krb5_context,
+						       struct addrinfo *ai,
+						       time_t timeout,
+						       const krb5_data *send_buf,
+						       krb5_data *recv_buf)
+{
+	krb5_error_code k5ret;
+	krb5_krbhst_info hi = {
+		.proto = KRB5_KRBHST_TCP,
+	};
+	struct tevent_context *ev;
+	TALLOC_CTX *frame = talloc_stackframe();
+	if (frame == NULL) {
+		return ENOMEM;
+	}
+
+	/* no event context is passed in, create one for this loop */
+	ev = samba_tevent_context_init(frame);
+	if (ev == NULL) {
+		TALLOC_FREE(frame);
+		return ENOMEM;
+	}
+
+	/* No need to pass in send_and_recv functions, we won't nest on this private event loop */
+	k5ret = smb_krb5_send_and_recv_func_int(smb_krb5_context, ev, &hi, ai, NULL, NULL,
+						timeout, send_buf, recv_buf);
+	TALLOC_FREE(frame);
+	return k5ret;
+}
+
+static struct db_context *smb_krb5_plugin_db;
+
+struct smb_krb5_send_to_kdc_state {
+	intptr_t key_ptr;
+	struct smb_krb5_context *smb_krb5_context;
+	smb_krb5_send_to_realm_func send_to_realm;
+	smb_krb5_send_to_kdc_func send_to_kdc;
+	void *private_data;
+};
+
+static int smb_krb5_send_to_kdc_state_destructor(struct smb_krb5_send_to_kdc_state *state)
+{
+	TDB_DATA key = make_tdb_data((uint8_t *)&state->key_ptr, sizeof(state->key_ptr));
+	struct db_record *rec = NULL;
+	NTSTATUS status;
+
+	rec = dbwrap_fetch_locked(smb_krb5_plugin_db, state, key);
+	if (rec == NULL) {
+		return 0;
+	}
+
+	status = dbwrap_record_delete(rec);
+	TALLOC_FREE(rec);
+	if (!NT_STATUS_IS_OK(status)) {
+		return -1;
+	}
+
+	state->smb_krb5_context = NULL;
+	return 0;
+}
+
+krb5_error_code smb_krb5_set_send_to_kdc_func(struct smb_krb5_context *smb_krb5_context,
+					      smb_krb5_send_to_realm_func send_to_realm,
+					      smb_krb5_send_to_kdc_func send_to_kdc,
+					      void *private_data)
+{
+	intptr_t key_ptr = (intptr_t)smb_krb5_context->krb5_context;
+	TDB_DATA key = make_tdb_data((uint8_t *)&key_ptr, sizeof(key_ptr));
+	intptr_t value_ptr = (intptr_t)NULL;
+	TDB_DATA value = make_tdb_data(NULL, 0);
+	struct db_record *rec = NULL;
+	struct smb_krb5_send_to_kdc_state *state = NULL;
+	NTSTATUS status;
+
+	rec = dbwrap_fetch_locked(smb_krb5_plugin_db, smb_krb5_context, key);
+	if (rec == NULL) {
+		return ENOMEM;
+	}
+
+	value = dbwrap_record_get_value(rec);
+	if (value.dsize != 0) {
+		SMB_ASSERT(value.dsize == sizeof(value_ptr));
+		memcpy(&value_ptr, value.dptr, sizeof(value_ptr));
+		state = talloc_get_type_abort((const void *)value_ptr,
+					      struct smb_krb5_send_to_kdc_state);
+		if (send_to_realm == NULL && send_to_kdc == NULL) {
+			status = dbwrap_record_delete(rec);
+			TALLOC_FREE(rec);
+			if (!NT_STATUS_IS_OK(status)) {
+				return EINVAL;
+			}
+			return 0;
+		}
+		state->send_to_realm = send_to_realm;
+		state->send_to_kdc = send_to_kdc;
+		state->private_data = private_data;
+		TALLOC_FREE(rec);
+		return 0;
+	}
+
+	if (send_to_kdc == NULL && send_to_realm == NULL) {
+		TALLOC_FREE(rec);
+		return 0;
+	}
+
+	state = talloc_zero(smb_krb5_context,
+			    struct smb_krb5_send_to_kdc_state);
+	if (state == NULL) {
+		TALLOC_FREE(rec);
+		return ENOMEM;
+	}
+	state->key_ptr = key_ptr;
+	state->smb_krb5_context = smb_krb5_context;
+	state->send_to_realm = send_to_realm;
+	state->send_to_kdc = send_to_kdc;
+	state->private_data = private_data;
+
+	value_ptr = (intptr_t)state;
+	value = make_tdb_data((uint8_t *)&value_ptr, sizeof(value_ptr));
+
+	status = dbwrap_record_store(rec, value, TDB_INSERT);
+	TALLOC_FREE(rec);
+	if (!NT_STATUS_IS_OK(status)) {
+		return EINVAL;
+	}
+	talloc_set_destructor(state, smb_krb5_send_to_kdc_state_destructor);
+
+	return 0;
+}
+
+static krb5_error_code smb_krb5_plugin_init(krb5_context context, void **pctx)
+{
+	*pctx = NULL;
+	return 0;
+}
+
+static void smb_krb5_plugin_fini(void *ctx)
+{
+}
+
+static void smb_krb5_send_to_kdc_state_parser(TDB_DATA key, TDB_DATA value,
+					      void *private_data)
+{
+	struct smb_krb5_send_to_kdc_state **state =
+		(struct smb_krb5_send_to_kdc_state **)private_data;
+	intptr_t value_ptr;
+
+	SMB_ASSERT(value.dsize == sizeof(value_ptr));
+	memcpy(&value_ptr, value.dptr, sizeof(value_ptr));
+	*state = talloc_get_type_abort((const void *)value_ptr,
+				       struct smb_krb5_send_to_kdc_state);
+}
+
+static struct smb_krb5_send_to_kdc_state *
+smb_krb5_send_to_kdc_get_state(krb5_context context)
+{
+	intptr_t key_ptr = (intptr_t)context;
+	TDB_DATA key = make_tdb_data((uint8_t *)&key_ptr, sizeof(key_ptr));
+	struct smb_krb5_send_to_kdc_state *state = NULL;
+	NTSTATUS status;
+
+	status = dbwrap_parse_record(smb_krb5_plugin_db, key,
+				     smb_krb5_send_to_kdc_state_parser,
+				     &state);
+	if (!NT_STATUS_IS_OK(status)) {
+		return NULL;
+	}
+
+	return state;
+}
+
+static krb5_error_code smb_krb5_plugin_send_to_kdc(krb5_context context,
+						   void *ctx,
+						   krb5_krbhst_info *ho,
+						   time_t timeout,
+						   const krb5_data *in,
+						   krb5_data *out)
+{
+	struct smb_krb5_send_to_kdc_state *state = NULL;
+
+	state = smb_krb5_send_to_kdc_get_state(context);
+	if (state == NULL) {
+		return KRB5_PLUGIN_NO_HANDLE;
+	}
+
+	if (state->send_to_kdc == NULL) {
+		return KRB5_PLUGIN_NO_HANDLE;
+	}
+
+	return state->send_to_kdc(state->smb_krb5_context,
+				  state->private_data,
+				  ho, timeout, in, out);
+}
+
+static krb5_error_code smb_krb5_plugin_send_to_realm(krb5_context context,
+						     void *ctx,
+						     krb5_const_realm realm,
+						     time_t timeout,
+						     const krb5_data *in,
+						     krb5_data *out)
+{
+	struct smb_krb5_send_to_kdc_state *state = NULL;
+
+	state = smb_krb5_send_to_kdc_get_state(context);
+	if (state == NULL) {
+		return KRB5_PLUGIN_NO_HANDLE;
+	}
+
+	if (state->send_to_realm == NULL) {
+		return KRB5_PLUGIN_NO_HANDLE;
+	}
+
+	return state->send_to_realm(state->smb_krb5_context,
+				    state->private_data,
+				    realm, timeout, in, out);
+}
+
+static krb5plugin_send_to_kdc_ftable smb_krb5_plugin_ftable = {
+	KRB5_PLUGIN_SEND_TO_KDC_VERSION_2,
+	smb_krb5_plugin_init,
+	smb_krb5_plugin_fini,
+	smb_krb5_plugin_send_to_kdc,
+	smb_krb5_plugin_send_to_realm
+};
+#endif
+
+krb5_error_code
+smb_krb5_init_context_basic(TALLOC_CTX *tmp_ctx,
+			    struct loadparm_context *lp_ctx,
+			    krb5_context *_krb5_context)
+{
+	krb5_error_code ret;
+#ifdef SAMBA4_USES_HEIMDAL
+	char **config_files;
+	const char *config_file, *realm;
+#endif
+	krb5_context krb5_ctx;
+
+	ret = smb_krb5_init_context_common(&krb5_ctx);
+	if (ret) {
+		return ret;
+	}
+
+	/* The MIT Kerberos build relies on using the system krb5.conf file.
+	 * If you really want to use another file please set KRB5_CONFIG
+	 * accordingly. */
+#ifdef SAMBA4_USES_HEIMDAL
+	config_file = lpcfg_config_path(tmp_ctx, lp_ctx, "krb5.conf");
+	if (!config_file) {
+		krb5_free_context(krb5_ctx);
+		return ENOMEM;
+	}
+
+	/* Use our local krb5.conf file by default */
+	ret = krb5_prepend_config_files_default(config_file, &config_files);
+	if (ret) {
+		DEBUG(1,("krb5_prepend_config_files_default failed (%s)\n",
+			 smb_get_krb5_error_message(krb5_ctx, ret, tmp_ctx)));
+		krb5_free_context(krb5_ctx);
+		return ret;
+	}
+
+	ret = krb5_set_config_files(krb5_ctx, config_files);
+	krb5_free_config_files(config_files);
+	if (ret) {
+		DEBUG(1,("krb5_set_config_files failed (%s)\n",
+			 smb_get_krb5_error_message(krb5_ctx, ret, tmp_ctx)));
+		krb5_free_context(krb5_ctx);
+		return ret;
+	}
+
+	/*
+	 * This is already called in smb_krb5_init_context_common(),
+	 * but krb5_set_config_files() may resets it.
+	 */
+	krb5_set_dns_canonicalize_hostname(krb5_ctx, false);
+
+	realm = lpcfg_realm(lp_ctx);
+	if (realm != NULL) {
+		ret = krb5_set_default_realm(krb5_ctx, realm);
+		if (ret) {
+			DEBUG(1,("krb5_set_default_realm failed (%s)\n",
+				 smb_get_krb5_error_message(krb5_ctx, ret, tmp_ctx)));
+			krb5_free_context(krb5_ctx);
+			return ret;
+		}
+	}
+
+	if (smb_krb5_plugin_db == NULL) {
+		/*
+		 * while krb5_plugin_register() takes a krb5_context,
+		 * plugins are registered into a global list, so
+		 * we only do that once
+		 *
+		 * We maintain a separate dispatch table for per
+		 * krb5_context state.
+		 */
+		ret = krb5_plugin_register(krb5_ctx, PLUGIN_TYPE_DATA,
+				     KRB5_PLUGIN_SEND_TO_KDC,
+				     &smb_krb5_plugin_ftable);
+		if (ret) {
+			DEBUG(1,("krb5_plugin_register(KRB5_PLUGIN_SEND_TO_KDC) failed (%s)\n",
+				 smb_get_krb5_error_message(krb5_ctx, ret, tmp_ctx)));
+			krb5_free_context(krb5_ctx);
+			return ret;
+		}
+		smb_krb5_plugin_db = db_open_rbt(NULL);
+		if (smb_krb5_plugin_db == NULL) {
+			DEBUG(1,("db_open_rbt() failed\n"));
+			krb5_free_context(krb5_ctx);
+			return ENOMEM;
+		}
+	}
+#endif
+	*_krb5_context = krb5_ctx;
+	return 0;
+}
+
+krb5_error_code smb_krb5_init_context(void *parent_ctx,
+				      struct loadparm_context *lp_ctx,
+				      struct smb_krb5_context **smb_krb5_context)
+{
+	krb5_error_code ret;
+	TALLOC_CTX *tmp_ctx;
+	krb5_context kctx;
+#ifdef SAMBA4_USES_HEIMDAL
+	krb5_log_facility *logf;
+#endif
+
+	tmp_ctx = talloc_new(parent_ctx);
+	*smb_krb5_context = talloc_zero(tmp_ctx, struct smb_krb5_context);
+
+	if (!*smb_krb5_context || !tmp_ctx) {
+		talloc_free(tmp_ctx);
+		return ENOMEM;
+	}
+
+	ret = smb_krb5_init_context_basic(tmp_ctx, lp_ctx, &kctx);
+	if (ret) {
+		DEBUG(1,("smb_krb5_context_init_basic failed (%s)\n",
+			 error_message(ret)));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+	(*smb_krb5_context)->krb5_context = kctx;
+
+	talloc_set_destructor(*smb_krb5_context, smb_krb5_context_destroy);
+
+#ifdef SAMBA4_USES_HEIMDAL
+	/* TODO: Should we have a different name here? */
+	ret = krb5_initlog(kctx, "Samba", &logf);
+
+	if (ret) {
+		DEBUG(1,("krb5_initlog failed (%s)\n",
+			 smb_get_krb5_error_message(kctx, ret, tmp_ctx)));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+	(*smb_krb5_context)->pvt_log_data = logf;
+
+	ret = krb5_addlog_func(kctx, logf, 0 /* min */, -1 /* max */,
+			       smb_krb5_debug_wrapper,
+				smb_krb5_debug_close, NULL);
+	if (ret) {
+		DEBUG(1,("krb5_addlog_func failed (%s)\n",
+			 smb_get_krb5_error_message(kctx, ret, tmp_ctx)));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+	krb5_set_warn_dest(kctx, logf);
+#endif
+	talloc_steal(parent_ctx, *smb_krb5_context);
+	talloc_free(tmp_ctx);
+
+	return 0;
+}
+
+#ifdef SAMBA4_USES_HEIMDAL
+krb5_error_code smb_krb5_context_set_event_ctx(struct smb_krb5_context *smb_krb5_context,
+					       struct tevent_context *ev,
+					       struct tevent_context **previous_ev)
+{
+	int ret;
+	if (!ev) {
+		return EINVAL;
+	}
+
+	*previous_ev = smb_krb5_context->current_ev;
+
+	smb_krb5_context->current_ev = talloc_reference(smb_krb5_context, ev);
+	if (!smb_krb5_context->current_ev) {
+		return ENOMEM;
+	}
+
+	/* Set use of our socket lib */
+	ret = smb_krb5_set_send_to_kdc_func(smb_krb5_context,
+					    NULL, /* send_to_realm */
+					    smb_krb5_send_and_recv_func,
+					    ev);
+	if (ret) {
+		TALLOC_CTX *tmp_ctx = talloc_new(NULL);
+		DEBUG(1,("smb_krb5_set_send_recv_func failed (%s)\n",
+			 smb_get_krb5_error_message(smb_krb5_context->krb5_context, ret, tmp_ctx)));
+		talloc_free(tmp_ctx);
+		talloc_unlink(smb_krb5_context, smb_krb5_context->current_ev);
+		smb_krb5_context->current_ev = NULL;
+		return ret;
+	}
+	return 0;
+}
+
+krb5_error_code smb_krb5_context_remove_event_ctx(struct smb_krb5_context *smb_krb5_context,
+						  struct tevent_context *previous_ev,
+						  struct tevent_context *ev)
+{
+	int ret;
+	talloc_unlink(smb_krb5_context, ev);
+	/* If there was a mismatch with things happening on a stack, then don't wipe things */
+	smb_krb5_context->current_ev = previous_ev;
+	/* Set use of our socket lib */
+	ret = smb_krb5_set_send_to_kdc_func(smb_krb5_context,
+					    NULL, /* send_to_realm */
+					    smb_krb5_send_and_recv_func,
+					    previous_ev);
+	if (ret) {
+		TALLOC_CTX *tmp_ctx = talloc_new(NULL);
+		DEBUG(1,("smb_krb5_set_send_recv_func failed (%s)\n",
+			 smb_get_krb5_error_message(smb_krb5_context->krb5_context, ret, tmp_ctx)));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+	return 0;
+}
+#endif
diff --git a/source4/auth/kerberos/krb5_init_context.h b/source4/auth/kerberos/krb5_init_context.h
new file mode 100644
index 0000000..c7f7cfd
--- /dev/null
+++ b/source4/auth/kerberos/krb5_init_context.h
@@ -0,0 +1,79 @@
+/* 
+   Unix SMB/CIFS implementation.
+   simple kerberos5 routines for active directory
+   Copyright (C) Andrew Bartlett 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _KRB5_INIT_CONTEXT_H_
+#define _KRB5_INIT_CONTEXT_H_
+
+struct smb_krb5_context {
+	krb5_context krb5_context;
+	void *pvt_log_data;
+	struct tevent_context *current_ev;
+};
+
+struct tevent_context;
+struct loadparm_context;
+
+krb5_error_code
+smb_krb5_init_context_basic(TALLOC_CTX *tmp_ctx,
+			    struct loadparm_context *lp_ctx,
+			    krb5_context *_krb5_context);
+
+krb5_error_code smb_krb5_init_context(void *parent_ctx,
+				      struct loadparm_context *lp_ctx,
+				      struct smb_krb5_context **smb_krb5_context); 
+
+#ifdef SAMBA4_USES_HEIMDAL
+typedef krb5_error_code (*smb_krb5_send_to_realm_func)(struct smb_krb5_context *smb_krb5_context,
+						       void *,
+						       krb5_const_realm realm,
+						       time_t,
+						       const krb5_data *,
+						       krb5_data *);
+typedef krb5_error_code (*smb_krb5_send_to_kdc_func)(struct smb_krb5_context *smb_krb5_context,
+						     void *,
+						     krb5_krbhst_info *,
+						     time_t,
+						     const krb5_data *,
+						     krb5_data *);
+
+krb5_error_code smb_krb5_set_send_to_kdc_func(struct smb_krb5_context *smb_krb5_context,
+					      smb_krb5_send_to_realm_func send_to_realm,
+					      smb_krb5_send_to_kdc_func send_to_kdc,
+					      void *private_data);
+
+krb5_error_code smb_krb5_send_and_recv_func(struct smb_krb5_context *smb_krb5_context,
+					    void *data,
+					    krb5_krbhst_info *hi,
+					    time_t timeout,
+					    const krb5_data *send_buf,
+					    krb5_data *recv_buf);
+krb5_error_code smb_krb5_send_and_recv_func_forced_tcp(struct smb_krb5_context *smb_krb5_context,
+						       struct addrinfo *ai,
+						       time_t timeout,
+						       const krb5_data *send_buf,
+						       krb5_data *recv_buf);
+krb5_error_code smb_krb5_context_set_event_ctx(struct smb_krb5_context *smb_krb5_context,
+					       struct tevent_context *ev,
+					       struct tevent_context **previous_ev);
+krb5_error_code smb_krb5_context_remove_event_ctx(struct smb_krb5_context *smb_krb5_context,
+						  struct tevent_context *previous_ev,
+						  struct tevent_context *ev);
+#endif
+
+#endif /* _KRB5_INIT_CONTEXT_H_ */
diff --git a/source4/auth/kerberos/srv_keytab.c b/source4/auth/kerberos/srv_keytab.c
new file mode 100644
index 0000000..8eaa150
--- /dev/null
+++ b/source4/auth/kerberos/srv_keytab.c
@@ -0,0 +1,407 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Kerberos utility functions
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/**
+ * @file srv_keytab.c
+ *
+ * @brief Kerberos keytab utility functions
+ *
+ */
+
+#include "includes.h"
+#include "system/kerberos.h"
+#include "auth/credentials/credentials.h"
+#include "auth/kerberos/kerberos.h"
+#include "auth/kerberos/kerberos_util.h"
+#include "auth/kerberos/kerberos_srv_keytab.h"
+
+static void keytab_principals_free(krb5_context context,
+				   uint32_t num_principals,
+				   krb5_principal *set)
+{
+	uint32_t i;
+
+	for (i = 0; i < num_principals; i++) {
+		krb5_free_principal(context, set[i]);
+	}
+}
+
+static krb5_error_code keytab_add_keys(TALLOC_CTX *parent_ctx,
+				       uint32_t num_principals,
+				       krb5_principal *principals,
+				       krb5_principal salt_princ,
+				       int kvno,
+				       const char *password_s,
+				       krb5_context context,
+				       krb5_enctype *enctypes,
+				       krb5_keytab keytab,
+				       const char **error_string)
+{
+	unsigned int i, p;
+	krb5_error_code ret;
+	krb5_data password;
+	char *unparsed;
+
+	password.data = discard_const_p(char, password_s);
+	password.length = strlen(password_s);
+
+	for (i = 0; enctypes[i]; i++) {
+		krb5_keytab_entry entry;
+
+		ZERO_STRUCT(entry);
+
+		ret = smb_krb5_create_key_from_string(context,
+						      salt_princ,
+						      NULL,
+						      &password,
+						      enctypes[i],
+						      KRB5_KT_KEY(&entry));
+		if (ret != 0) {
+			*error_string = talloc_strdup(parent_ctx,
+						      "Failed to create key from string");
+			return ret;
+		}
+
+                entry.vno = kvno;
+
+		for (p = 0; p < num_principals; p++) {
+			unparsed = NULL;
+			entry.principal = principals[p];
+			ret = krb5_kt_add_entry(context, keytab, &entry);
+			if (ret != 0) {
+				char *k5_error_string =
+					smb_get_krb5_error_message(context,
+								   ret, NULL);
+				krb5_unparse_name(context,
+						principals[p], &unparsed);
+				*error_string = talloc_asprintf(parent_ctx,
+					"Failed to add enctype %d entry for "
+					"%s(kvno %d) to keytab: %s\n",
+					(int)enctypes[i], unparsed,
+					kvno, k5_error_string);
+
+				free(unparsed);
+				talloc_free(k5_error_string);
+				krb5_free_keyblock_contents(context,
+							    KRB5_KT_KEY(&entry));
+				return ret;
+			}
+
+			DEBUG(5, ("Added key (kvno %d) to keytab (enctype %d)\n",
+				  kvno, (int)enctypes[i]));
+		}
+		krb5_free_keyblock_contents(context, KRB5_KT_KEY(&entry));
+	}
+	return 0;
+}
+
+static krb5_error_code create_keytab(TALLOC_CTX *parent_ctx,
+				     const char *samAccountName,
+				     const char *realm,
+				     const char *saltPrincipal,
+				     int kvno,
+				     const char *new_secret,
+				     const char *old_secret,
+				     uint32_t supp_enctypes,
+				     uint32_t num_principals,
+				     krb5_principal *principals,
+				     krb5_context context,
+				     krb5_keytab keytab,
+				     bool add_old,
+				     const char **perror_string)
+{
+	krb5_error_code ret;
+	krb5_principal salt_princ = NULL;
+	krb5_enctype *enctypes;
+	TALLOC_CTX *mem_ctx;
+	const char *error_string = NULL;
+
+	if (!new_secret) {
+		/* There is no password here, so nothing to do */
+		return 0;
+	}
+
+	mem_ctx = talloc_new(parent_ctx);
+	if (!mem_ctx) {
+		*perror_string = talloc_strdup(parent_ctx,
+			"unable to allocate tmp_ctx for create_keytab");
+		return ENOMEM;
+	}
+
+	/* The salt used to generate these entries may be different however,
+	 * fetch that */
+	ret = krb5_parse_name(context, saltPrincipal, &salt_princ);
+	if (ret) {
+		*perror_string = smb_get_krb5_error_message(context,
+							   ret,
+							   parent_ctx);
+		talloc_free(mem_ctx);
+		return ret;
+	}
+
+	ret = ms_suptypes_to_ietf_enctypes(mem_ctx, supp_enctypes, &enctypes);
+	if (ret) {
+		*perror_string = talloc_asprintf(parent_ctx,
+					"create_keytab: generating list of "
+					"encryption types failed (%s)\n",
+					smb_get_krb5_error_message(context,
+								ret, mem_ctx));
+		goto done;
+	}
+
+	ret = keytab_add_keys(mem_ctx,
+			      num_principals,
+			      principals,
+			      salt_princ, kvno, new_secret,
+			      context, enctypes, keytab, &error_string);
+	if (ret) {
+		*perror_string = talloc_steal(parent_ctx, error_string);
+		goto done;
+	}
+
+	if (old_secret && add_old && kvno != 0) {
+		ret = keytab_add_keys(mem_ctx,
+				      num_principals,
+				      principals,
+				      salt_princ, kvno - 1, old_secret,
+				      context, enctypes, keytab, &error_string);
+		if (ret) {
+			*perror_string = talloc_steal(parent_ctx, error_string);
+		}
+	}
+
+done:
+	krb5_free_principal(context, salt_princ);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+/**
+ * @brief Update a Kerberos keytab and removes any obsolete keytab entries.
+ *
+ * If the keytab does not exist, this function will create one.
+ *
+ * @param[in] parent_ctx	Talloc memory context
+ * @param[in] context		Kerberos context
+ * @param[in] keytab_name	Keytab to open
+ * @param[in] samAccountName	User account to update
+ * @param[in] realm		Kerberos realm
+ * @param[in] SPNs		Service principal names to update
+ * @param[in] num_SPNs		Length of SPNs
+ * @param[in] saltPrincipal	Salt used for AES encryption.
+ * 				Required, unless delete_all_kvno is set.
+ * @param[in] old_secret	Old password
+ * @param[in] new_secret	New password
+ * @param[in] kvno		Current key version number
+ * @param[in] supp_enctypes	msDS-SupportedEncryptionTypes bit-field
+ * @param[in] delete_all_kvno	Removes all obsolete entries, without
+ * 				recreating the keytab.
+ * @param[out] _keytab		If supplied, returns the keytab
+ * @param[out] perror_string	Error string on failure
+ *
+ * @return			0 on success, errno on failure
+ */
+krb5_error_code smb_krb5_update_keytab(TALLOC_CTX *parent_ctx,
+				krb5_context context,
+				const char *keytab_name,
+				const char *samAccountName,
+				const char *realm,
+				const char **SPNs,
+				int num_SPNs,
+				const char *saltPrincipal,
+				const char *new_secret,
+				const char *old_secret,
+				int kvno,
+				uint32_t supp_enctypes,
+				bool delete_all_kvno,
+			        krb5_keytab *_keytab,
+				const char **perror_string)
+{
+	krb5_keytab keytab = NULL;
+	krb5_error_code ret;
+	bool found_previous = false;
+	TALLOC_CTX *tmp_ctx = NULL;
+	krb5_principal *principals = NULL;
+	uint32_t num_principals = 0;
+	char *upper_realm;
+	const char *error_string = NULL;
+
+	if (keytab_name == NULL) {
+		return ENOENT;
+	}
+
+	ret = krb5_kt_resolve(context, keytab_name, &keytab);
+	if (ret) {
+		*perror_string = smb_get_krb5_error_message(context,
+							   ret, parent_ctx);
+		return ret;
+	}
+
+	DEBUG(5, ("Opened keytab %s\n", keytab_name));
+
+	tmp_ctx = talloc_new(parent_ctx);
+	if (!tmp_ctx) {
+		*perror_string = talloc_strdup(parent_ctx,
+					      "Failed to allocate memory context");
+		ret = ENOMEM;
+		goto done;
+	}
+
+	upper_realm = strupper_talloc(tmp_ctx, realm);
+	if (upper_realm == NULL) {
+		*perror_string = talloc_strdup(parent_ctx,
+					      "Cannot allocate memory to upper case realm");
+		ret = ENOMEM;
+		goto done;
+	}
+
+	ret = smb_krb5_create_principals_array(tmp_ctx,
+					       context,
+					       samAccountName,
+					       upper_realm,
+					       num_SPNs,
+					       SPNs,
+					       &num_principals,
+					       &principals,
+					       &error_string);
+	if (ret != 0) {
+		*perror_string = talloc_asprintf(parent_ctx,
+			"Failed to load principals from ldb message: %s\n",
+			error_string);
+		goto done;
+	}
+
+	ret = smb_krb5_remove_obsolete_keytab_entries(tmp_ctx,
+						      context,
+						      keytab,
+						      num_principals,
+						      principals,
+						      kvno,
+						      &found_previous,
+						      &error_string);
+	if (ret != 0) {
+		*perror_string = talloc_asprintf(parent_ctx,
+			"Failed to remove old principals from keytab: %s\n",
+			error_string);
+		goto done;
+	}
+
+	if (!delete_all_kvno) {
+		/* Create a new keytab.  If during the cleanout we found
+		 * entries for kvno -1, then don't try and duplicate them.
+		 * Otherwise, add kvno, and kvno -1 */
+		if (saltPrincipal == NULL) {
+			*perror_string = talloc_strdup(parent_ctx,
+						       "No saltPrincipal provided");
+			ret = EINVAL;
+			goto done;
+		}
+
+		ret = create_keytab(tmp_ctx,
+				    samAccountName, upper_realm, saltPrincipal,
+				    kvno, new_secret, old_secret,
+				    supp_enctypes,
+				    num_principals,
+				    principals,
+				    context, keytab,
+				    found_previous ? false : true,
+				    &error_string);
+		if (ret) {
+			*perror_string = talloc_steal(parent_ctx, error_string);
+		}
+	}
+
+	if (ret == 0 && _keytab != NULL) {
+		/* caller wants the keytab handle back */
+		*_keytab = keytab;
+	}
+
+done:
+	keytab_principals_free(context, num_principals, principals);
+	if (ret != 0 || _keytab == NULL) {
+		krb5_kt_close(context, keytab);
+	}
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+/**
+ * @brief Wrapper around smb_krb5_update_keytab() for creating an in-memory keytab
+ *
+ * @param[in] parent_ctx	Talloc memory context
+ * @param[in] context		Kerberos context
+ * @param[in] new_secret	New password
+ * @param[in] samAccountName	User account to update
+ * @param[in] realm		Kerberos realm
+ * @param[in] salt_principal	Salt used for AES encryption.
+ * 				Required, unless delete_all_kvno is set.
+ * @param[in] kvno		Current key version number
+ * @param[out] keytab		If supplied, returns the keytab
+ * @param[out] keytab_name	Returns the created keytab name
+ *
+ * @return			0 on success, errno on failure
+ */
+krb5_error_code smb_krb5_create_memory_keytab(TALLOC_CTX *parent_ctx,
+				krb5_context context,
+				const char *new_secret,
+				const char *samAccountName,
+				const char *realm,
+				const char *salt_principal,
+				int kvno,
+				krb5_keytab *keytab,
+				const char **keytab_name)
+{
+	krb5_error_code ret;
+	TALLOC_CTX *mem_ctx = talloc_new(parent_ctx);
+	const char *rand_string;
+	const char *error_string = NULL;
+	if (!mem_ctx) {
+		return ENOMEM;
+	}
+
+	rand_string = generate_random_str(mem_ctx, 16);
+	if (!rand_string) {
+		talloc_free(mem_ctx);
+		return ENOMEM;
+	}
+
+	*keytab_name = talloc_asprintf(mem_ctx, "MEMORY:%s", rand_string);
+	if (*keytab_name == NULL) {
+		talloc_free(mem_ctx);
+		return ENOMEM;
+	}
+
+	ret = smb_krb5_update_keytab(mem_ctx, context,
+				     *keytab_name, samAccountName, realm,
+				     NULL, 0, salt_principal, new_secret, NULL,
+				     kvno, ENC_ALL_TYPES,
+				     false, keytab, &error_string);
+	if (ret == 0) {
+		talloc_steal(parent_ctx, *keytab_name);
+	} else {
+		DEBUG(0, ("Failed to create in-memory keytab: %s\n",
+			  error_string));
+		*keytab_name = NULL;
+	}
+	talloc_free(mem_ctx);
+	return ret;
+}
diff --git a/source4/auth/kerberos/wscript_build b/source4/auth/kerberos/wscript_build
new file mode 100644
index 0000000..a26cfaf
--- /dev/null
+++ b/source4/auth/kerberos/wscript_build
@@ -0,0 +1,26 @@
+#!/usr/bin/env python
+
+bld.SAMBA_SUBSYSTEM('KRB_INIT_CTX',
+		    source='krb5_init_context.c',
+		    deps='gssapi krb5samba dbwrap samba-util'
+		   )
+
+bld.SAMBA_LIBRARY('authkrb5',
+                  source='kerberos_pac.c',
+                  autoproto='proto.h',
+                  public_deps='ndr-krb5pac krb5samba samba_socket LIBCLI_RESOLVE',
+                  deps='common_auth tevent LIBPACKET ndr ldb krb5samba KRB_INIT_CTX KRB5_PAC samba-errors',
+                  private_library=True
+                  )
+
+bld.SAMBA_SUBSYSTEM('KERBEROS_UTIL',
+	autoproto='kerberos_util.h',
+	source='kerberos_util.c',
+	deps='authkrb5 krb5samba com_err CREDENTIALS_KRB5',
+	)
+
+bld.SAMBA_SUBSYSTEM('KERBEROS_SRV_KEYTAB',
+	autoproto='kerberos_srv_keytab.h',
+	source='srv_keytab.c',
+	deps='authkrb5',
+	)
diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c
new file mode 100644
index 0000000..3ad18bd
--- /dev/null
+++ b/source4/auth/ntlm/auth.c
@@ -0,0 +1,869 @@
+/*
+   Unix SMB/CIFS implementation.
+   Password and authentication handling
+   Copyright (C) Andrew Bartlett         2001-2002
+   Copyright (C) Stefan Metzmacher       2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <tevent.h>
+#include "../lib/util/tevent_ntstatus.h"
+#include "../lib/util/dlinklist.h"
+#include "auth/auth.h"
+#include "auth/ntlm/auth_proto.h"
+#include "param/param.h"
+#include "dsdb/samdb/samdb.h"
+#include "libcli/wbclient/wbclient.h"
+#include "lib/util/samba_modules.h"
+#include "auth/credentials/credentials.h"
+#include "system/kerberos.h"
+#include "auth/kerberos/kerberos.h"
+#include "auth/kerberos/kerberos_util.h"
+#include "libds/common/roles.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
+static NTSTATUS auth_generate_session_info_wrapper(struct auth4_context *auth_context,
+						   TALLOC_CTX *mem_ctx,
+                                                  void *server_returned_info,
+						   const char *original_user_name,
+						   uint32_t session_info_flags,
+						   struct auth_session_info **session_info);
+
+/***************************************************************************
+ Set a fixed challenge
+***************************************************************************/
+_PUBLIC_ NTSTATUS auth_context_set_challenge(struct auth4_context *auth_ctx, const uint8_t chal[8], const char *set_by)
+{
+	auth_ctx->challenge.set_by = talloc_strdup(auth_ctx, set_by);
+	NT_STATUS_HAVE_NO_MEMORY(auth_ctx->challenge.set_by);
+
+	auth_ctx->challenge.data = data_blob_talloc(auth_ctx, chal, 8);
+	NT_STATUS_HAVE_NO_MEMORY(auth_ctx->challenge.data.data);
+
+	return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ Try to get a challenge out of the various authentication modules.
+ Returns a const char of length 8 bytes.
+****************************************************************************/
+_PUBLIC_ NTSTATUS auth_get_challenge(struct auth4_context *auth_ctx, uint8_t chal[8])
+{
+
+	if (auth_ctx->challenge.data.length == 8) {
+		DEBUG(5, ("auth_get_challenge: returning previous challenge by module %s (normal)\n",
+			  auth_ctx->challenge.set_by));
+		memcpy(chal, auth_ctx->challenge.data.data, 8);
+		return NT_STATUS_OK;
+	}
+
+	if (!auth_ctx->challenge.set_by) {
+		generate_random_buffer(chal, 8);
+
+		auth_ctx->challenge.data		= data_blob_talloc(auth_ctx, chal, 8);
+		NT_STATUS_HAVE_NO_MEMORY(auth_ctx->challenge.data.data);
+		auth_ctx->challenge.set_by		= "random";
+	}
+
+	DEBUG(10,("auth_get_challenge: challenge set by %s\n",
+		 auth_ctx->challenge.set_by));
+
+	return NT_STATUS_OK;
+}
+
+/**
+ * Check a user's Plaintext, LM or NTLM password.
+ * (sync version)
+ *
+ * Check a user's password, as given in the user_info struct and return various
+ * interesting details in the user_info_dc struct.
+ *
+ * The return value takes precedence over the contents of the user_info_dc
+ * struct.  When the return is other than NT_STATUS_OK the contents
+ * of that structure is undefined.
+ *
+ * @param auth_ctx Supplies the challenges and some other data.
+ *                  Must be created with auth_context_create(), and the challenges should be
+ *                  filled in, either at creation or by calling the challenge generation
+ *                  function auth_get_challenge().
+ *
+ * @param user_info Contains the user supplied components, including the passwords.
+ *
+ * @param mem_ctx The parent memory context for the user_info_dc structure
+ *
+ * @param user_info_dc If successful, contains information about the authentication,
+ *                    including a SAM_ACCOUNT struct describing the user.
+ *
+ * @return An NTSTATUS with NT_STATUS_OK or an appropriate error.
+ *
+ **/
+
+_PUBLIC_ NTSTATUS auth_check_password(struct auth4_context *auth_ctx,
+			     TALLOC_CTX *mem_ctx,
+			     const struct auth_usersupplied_info *user_info,
+			     struct auth_user_info_dc **user_info_dc,
+			     uint8_t *pauthoritative)
+{
+	struct tevent_req *subreq;
+	struct tevent_context *ev;
+	bool ok;
+	NTSTATUS status;
+
+	/*TODO: create a new event context here! */
+	ev = auth_ctx->event_ctx;
+
+	/*
+	 * We are authoritative by default
+	 */
+	*pauthoritative = 1;
+
+	subreq = auth_check_password_send(mem_ctx,
+					  ev,
+					  auth_ctx,
+					  user_info);
+	if (subreq == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ok = tevent_req_poll(subreq, ev);
+	if (!ok) {
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	status = auth_check_password_recv(subreq, mem_ctx,
+					  user_info_dc, pauthoritative);
+	TALLOC_FREE(subreq);
+
+	return status;
+}
+
+struct auth_check_password_state {
+	struct tevent_context *ev;
+	struct auth4_context *auth_ctx;
+	const struct auth_usersupplied_info *user_info;
+	struct auth_user_info_dc *user_info_dc;
+	struct auth_method_context *method;
+	const struct authn_audit_info *client_audit_info;
+	const struct authn_audit_info *server_audit_info;
+	uint8_t authoritative;
+};
+
+static void auth_check_password_next(struct tevent_req *req);
+
+/**
+ * Check a user's Plaintext, LM or NTLM password.
+ * async send hook
+ *
+ * Check a user's password, as given in the user_info struct and return various
+ * interesting details in the user_info_dc struct.
+ *
+ * The return value takes precedence over the contents of the user_info_dc
+ * struct.  When the return is other than NT_STATUS_OK the contents
+ * of that structure is undefined.
+ *
+ * @param mem_ctx The memory context the request should operate on
+ *
+ * @param ev The tevent context the request should operate on
+ *
+ * @param auth_ctx Supplies the challenges and some other data.  Must
+ *                 be created with make_auth_context(), and the
+ *                 challenges should be filled in, either at creation
+ *                 or by calling the challenge generation function
+ *                 auth_get_challenge().
+ *
+ * @param user_info Contains the user supplied components, including the passwords.
+ *
+ * @return The request handle or NULL on no memory error.
+ *
+ **/
+
+_PUBLIC_ struct tevent_req *auth_check_password_send(TALLOC_CTX *mem_ctx,
+				struct tevent_context *ev,
+				struct auth4_context *auth_ctx,
+				const struct auth_usersupplied_info *user_info)
+{
+	struct tevent_req *req;
+	struct auth_check_password_state *state;
+	/* if all the modules say 'not for me' this is reasonable */
+	NTSTATUS nt_status;
+	uint8_t chal[8];
+
+	DEBUG(3,("auth_check_password_send: "
+		 "Checking password for unmapped user [%s]\\[%s]@[%s]\n",
+		 user_info->client.domain_name, user_info->client.account_name,
+		 user_info->workstation_name));
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct auth_check_password_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	/*
+	 * We are authoritative by default.
+	 */
+	state->ev		= ev;
+	state->auth_ctx		= auth_ctx;
+	state->user_info	= user_info;
+	state->authoritative	= 1;
+
+	if (user_info->mapped.account_name == NULL) {
+		struct auth_usersupplied_info *user_info_tmp;
+
+		/*
+		 * We don't really do any mapping here.
+		 *
+		 * It's up to the backends to do mappings
+		 * for their authentication.
+		 */
+		user_info_tmp = talloc_zero(state, struct auth_usersupplied_info);
+		if (tevent_req_nomem(user_info_tmp, req)) {
+			return tevent_req_post(req, ev);
+		}
+
+		/*
+		 * The lifetime of user_info is longer than
+		 * user_info_tmp, so we don't need to copy the
+		 * strings.
+		 */
+		*user_info_tmp = *user_info;
+		user_info_tmp->mapped.domain_name = user_info->client.domain_name;
+		user_info_tmp->mapped.account_name = user_info->client.account_name;
+
+		user_info = user_info_tmp;
+		state->user_info = user_info_tmp;
+	}
+
+	DEBUGADD(3,("auth_check_password_send: "
+		    "user is: [%s]\\[%s]@[%s]\n",
+		    user_info->mapped.domain_name,
+		    user_info->mapped.account_name,
+		    user_info->workstation_name));
+
+	nt_status = auth_get_challenge(auth_ctx, chal);
+	if (tevent_req_nterror(req, nt_status)) {
+		DEBUG(0,("auth_check_password_send: "
+			 "Invalid challenge (length %u) stored for "
+			 "this auth context set_by %s - cannot continue: %s\n",
+			(unsigned)auth_ctx->challenge.data.length,
+			auth_ctx->challenge.set_by,
+			nt_errstr(nt_status)));
+		return tevent_req_post(req, ev);
+	}
+
+	if (auth_ctx->challenge.set_by) {
+		DEBUG(10,("auth_check_password_send: "
+			  "auth_context challenge created by %s\n",
+			  auth_ctx->challenge.set_by));
+	}
+
+	DEBUG(10, ("auth_check_password_send: challenge is: \n"));
+	dump_data(5, auth_ctx->challenge.data.data,
+		  auth_ctx->challenge.data.length);
+
+	state->method = state->auth_ctx->methods;
+	auth_check_password_next(req);
+	if (!tevent_req_is_in_progress(req)) {
+		return tevent_req_post(req, ev);
+	}
+
+	return req;
+}
+
+static void auth_check_password_done(struct tevent_req *subreq);
+
+static void auth_check_password_next(struct tevent_req *req)
+{
+	struct auth_check_password_state *state =
+		tevent_req_data(req, struct auth_check_password_state);
+	struct tevent_req *subreq = NULL;
+	NTSTATUS status;
+
+	if (state->method == NULL) {
+		state->authoritative = 0;
+		tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
+		return;
+	}
+
+	/* check if the module wants to check the password */
+	status = state->method->ops->want_check(state->method, state,
+						state->user_info);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) {
+		DEBUG(11,("auth_check_password_send: "
+			  "%s doesn't want to check\n",
+			  state->method->ops->name));
+		state->method = state->method->next;
+		auth_check_password_next(req);
+		return;
+	}
+
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	subreq = state->method->ops->check_password_send(
+		state, state->ev, state->method, state->user_info);
+	if (tevent_req_nomem(subreq, req)) {
+		return;
+	}
+	tevent_req_set_callback(subreq, auth_check_password_done, req);
+}
+
+static void auth_check_password_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req =
+		tevent_req_callback_data(subreq,
+		struct tevent_req);
+	struct auth_check_password_state *state =
+		tevent_req_data(req,
+		struct auth_check_password_state);
+	bool authoritative = true;
+	NTSTATUS status;
+
+	status = state->method->ops->check_password_recv(subreq, state,
+							 &state->user_info_dc,
+							 &state->client_audit_info,
+							 &state->server_audit_info,
+							 &authoritative);
+	TALLOC_FREE(subreq);
+	if (!authoritative ||
+	    NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) {
+		DEBUG(11,("auth_check_password_send: "
+			  "%s passes to the next method\n",
+			  state->method->ops->name));
+		state->method = state->method->next;
+		auth_check_password_next(req);
+		return;
+	}
+
+	/* the backend has handled the request */
+
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	tevent_req_done(req);
+}
+
+/**
+ * Check a user's Plaintext, LM or NTLM password.
+ * async receive function
+ *
+ * The return value takes precedence over the contents of the user_info_dc
+ * struct.  When the return is other than NT_STATUS_OK the contents
+ * of that structure is undefined.
+ *
+ *
+ * @param req The async request state
+ *
+ * @param mem_ctx The parent memory context for the user_info_dc structure
+ *
+ * @param user_info_dc If successful, contains information about the authentication,
+ *                    including a SAM_ACCOUNT struct describing the user.
+ *
+ * @return An NTSTATUS with NT_STATUS_OK or an appropriate error.
+ *
+ **/
+
+_PUBLIC_ NTSTATUS auth_check_password_recv(struct tevent_req *req,
+				  TALLOC_CTX *mem_ctx,
+				  struct auth_user_info_dc **user_info_dc,
+				  uint8_t *pauthoritative)
+{
+	struct auth_check_password_state *state =
+		tevent_req_data(req, struct auth_check_password_state);
+	NTSTATUS status = NT_STATUS_OK;
+
+	*pauthoritative = state->authoritative;
+
+	if (tevent_req_is_nterror(req, &status)) {
+		/*
+		 * Please try not to change this string, it is probably in use
+		 * in audit logging tools
+		 */
+		DEBUG(2,("auth_check_password_recv: "
+			 "%s authentication for user [%s\\%s] "
+			 "FAILED with error %s, authoritative=%u\n",
+			 (state->method ? state->method->ops->name : "NO_METHOD"),
+			 state->user_info->mapped.domain_name,
+			 state->user_info->mapped.account_name,
+			 nt_errstr(status), state->authoritative));
+
+		log_authentication_event(state->auth_ctx->msg_ctx,
+					 state->auth_ctx->lp_ctx,
+					 &state->auth_ctx->start_time,
+					 state->user_info, status,
+					 NULL, NULL, NULL,
+					 state->client_audit_info,
+					 state->server_audit_info);
+		tevent_req_received(req);
+		return status;
+	}
+
+	DEBUG(5,("auth_check_password_recv: "
+		 "%s authentication for user [%s\\%s] succeeded\n",
+		 state->method->ops->name,
+		 state->user_info_dc->info->domain_name,
+		 state->user_info_dc->info->account_name));
+
+	log_authentication_event(state->auth_ctx->msg_ctx,
+				 state->auth_ctx->lp_ctx,
+				 &state->auth_ctx->start_time,
+				 state->user_info, status,
+				 state->user_info_dc->info->domain_name,
+				 state->user_info_dc->info->account_name,
+				 &state->user_info_dc->sids[PRIMARY_USER_SID_INDEX].sid,
+				 state->client_audit_info,
+				 state->server_audit_info);
+
+	/*
+	 * Release our handle to state->user_info_dc.
+	 * state->{client,server}_audit_info, if non-NULL, becomes the new
+	 * parent.
+	*/
+	*user_info_dc = talloc_reparent(state, mem_ctx, state->user_info_dc);
+	state->user_info_dc = NULL;
+
+	tevent_req_received(req);
+	return NT_STATUS_OK;
+}
+
+struct auth_check_password_wrapper_state {
+	uint8_t authoritative;
+	struct auth_user_info_dc *user_info_dc;
+};
+
+static void auth_check_password_wrapper_done(struct tevent_req *subreq);
+
+static struct tevent_req *auth_check_password_wrapper_send(TALLOC_CTX *mem_ctx,
+					struct tevent_context *ev,
+					struct auth4_context *auth_ctx,
+					const struct auth_usersupplied_info *user_info)
+{
+	struct tevent_req *req = NULL;
+	struct auth_check_password_wrapper *state = NULL;
+	struct tevent_req *subreq = NULL;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct auth_check_password_wrapper_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	subreq = auth_check_password_send(state, ev, auth_ctx, user_info);
+	if (tevent_req_nomem(subreq, req)) {
+		return tevent_req_post(req, ev);
+	}
+	tevent_req_set_callback(subreq,
+				auth_check_password_wrapper_done,
+				req);
+
+	return req;
+}
+
+static void auth_check_password_wrapper_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req =
+		tevent_req_callback_data(subreq,
+		struct tevent_req);
+	struct auth_check_password_wrapper_state *state =
+		tevent_req_data(req,
+		struct auth_check_password_wrapper_state);
+	NTSTATUS status;
+
+	status = auth_check_password_recv(subreq, state,
+					  &state->user_info_dc,
+					  &state->authoritative);
+	TALLOC_FREE(subreq);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	tevent_req_done(req);
+}
+
+static NTSTATUS auth_check_password_wrapper_recv(struct tevent_req *req,
+					TALLOC_CTX *mem_ctx,
+					uint8_t *pauthoritative,
+					void **server_returned_info,
+					DATA_BLOB *user_session_key,
+					DATA_BLOB *lm_session_key)
+{
+	struct auth_check_password_wrapper_state *state =
+		tevent_req_data(req,
+		struct auth_check_password_wrapper_state);
+	struct auth_user_info_dc *user_info_dc = state->user_info_dc;
+	NTSTATUS status = NT_STATUS_OK;
+
+	*pauthoritative = state->authoritative;
+
+	if (tevent_req_is_nterror(req, &status)) {
+		tevent_req_received(req);
+		return status;
+	}
+
+	talloc_steal(mem_ctx, user_info_dc);
+	*server_returned_info = user_info_dc;
+
+	if (user_session_key) {
+		DEBUG(10, ("Got NT session key of length %u\n",
+			   (unsigned)user_info_dc->user_session_key.length));
+		*user_session_key = user_info_dc->user_session_key;
+		talloc_steal(mem_ctx, user_session_key->data);
+		user_info_dc->user_session_key = data_blob_null;
+	}
+
+	if (lm_session_key) {
+		DEBUG(10, ("Got LM session key of length %u\n",
+			   (unsigned)user_info_dc->lm_session_key.length));
+		*lm_session_key = user_info_dc->lm_session_key;
+		talloc_steal(mem_ctx, lm_session_key->data);
+		user_info_dc->lm_session_key = data_blob_null;
+	}
+
+	tevent_req_received(req);
+	return NT_STATUS_OK;
+}
+
+ /* Wrapper because we don't want to expose all callers to needing to
+  * know that session_info is generated from the main ldb, and because
+  * we need to break a dependency loop between the DCE/RPC layer and the
+  * generation of unix tokens via IRPC */
+static NTSTATUS auth_generate_session_info_wrapper(struct auth4_context *auth_context,
+						   TALLOC_CTX *mem_ctx,
+						   void *server_returned_info,
+						   const char *original_user_name,
+                                                  uint32_t session_info_flags,
+                                                  struct auth_session_info **session_info)
+{
+	NTSTATUS status;
+	struct auth_user_info_dc *user_info_dc = talloc_get_type_abort(server_returned_info, struct auth_user_info_dc);
+
+	if (!(user_info_dc->info->user_flags & NETLOGON_GUEST)) {
+		session_info_flags |= AUTH_SESSION_INFO_AUTHENTICATED;
+	}
+
+	status = auth_generate_session_info(mem_ctx,
+					    auth_context->lp_ctx,
+					    auth_context->sam_ctx,
+					    user_info_dc,
+					    session_info_flags,
+					    session_info);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if ((session_info_flags & AUTH_SESSION_INFO_UNIX_TOKEN)
+	    && NT_STATUS_IS_OK(status)) {
+		status = auth_session_info_fill_unix(auth_context->lp_ctx,
+						     original_user_name,
+						     *session_info);
+		if (!NT_STATUS_IS_OK(status)) {
+			TALLOC_FREE(*session_info);
+		}
+	}
+	return status;
+}
+
+/* Wrapper because we don't want to expose all callers to needing to
+ * know anything about the PAC or auth subsystem internal structures
+ * before we output a struct auth session_info */
+static NTSTATUS auth_generate_session_info_pac(struct auth4_context *auth_ctx,
+					       TALLOC_CTX *mem_ctx,
+					       struct smb_krb5_context *smb_krb5_context,
+					       DATA_BLOB *pac_blob,
+					       const char *principal_name,
+					       const struct tsocket_address *remote_address,
+					       uint32_t session_info_flags,
+					       struct auth_session_info **session_info)
+{
+	NTSTATUS status;
+	struct auth_user_info_dc *user_info_dc;
+	TALLOC_CTX *tmp_ctx;
+
+	if (!pac_blob) {
+		/*
+		 * This should already have been caught at the main
+		 * gensec layer, but better check twice
+		 */
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	tmp_ctx = talloc_named(mem_ctx, 0, "gensec_gssapi_session_info context");
+	NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
+
+	/*
+	 * FIXME: To correctly create the security token, we also need to get the
+	 * claims info, device info, and device claims info from the PAC. For now,
+	 * we support claims only in the KDC.
+	 */
+	status = kerberos_pac_blob_to_user_info_dc(tmp_ctx,
+						   *pac_blob,
+						   smb_krb5_context->krb5_context,
+						   &user_info_dc, NULL, NULL);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(tmp_ctx);
+		return status;
+	}
+
+	if (!(user_info_dc->info->user_flags & NETLOGON_GUEST)) {
+		session_info_flags |= AUTH_SESSION_INFO_AUTHENTICATED;
+	}
+
+	status = auth_generate_session_info_wrapper(auth_ctx, mem_ctx,
+						    user_info_dc,
+						    user_info_dc->info->account_name,
+						    session_info_flags, session_info);
+	talloc_free(tmp_ctx);
+	return status;
+}
+
+/***************************************************************************
+ Make a auth_info struct for the auth subsystem
+ - Allow the caller to specify the methods to use, including optionally the SAM to use
+***************************************************************************/
+_PUBLIC_ NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char * const *methods,
+					      struct tevent_context *ev,
+					      struct imessaging_context *msg,
+					      struct loadparm_context *lp_ctx,
+					      struct ldb_context *sam_ctx,
+					      struct auth4_context **auth_ctx)
+{
+	int i;
+	struct auth4_context *ctx;
+
+	auth4_init();
+
+	if (!ev) {
+		DEBUG(0,("auth_context_create: called with out event context\n"));
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	ctx = talloc_zero(mem_ctx, struct auth4_context);
+	NT_STATUS_HAVE_NO_MEMORY(ctx);
+	ctx->challenge.data		= data_blob(NULL, 0);
+	ctx->methods			= NULL;
+	ctx->event_ctx			= ev;
+	ctx->msg_ctx			= msg;
+	ctx->lp_ctx			= lp_ctx;
+	ctx->start_time                 = timeval_current();
+
+	if (sam_ctx) {
+		ctx->sam_ctx = sam_ctx;
+	} else {
+		ctx->sam_ctx = samdb_connect(ctx,
+					     ctx->event_ctx,
+					     ctx->lp_ctx,
+					     system_session(ctx->lp_ctx),
+					     NULL,
+					     0);
+	}
+
+	for (i=0; methods && methods[i] ; i++) {
+		struct auth_method_context *method;
+
+		method = talloc(ctx, struct auth_method_context);
+		NT_STATUS_HAVE_NO_MEMORY(method);
+
+		method->ops = auth_backend_byname(methods[i]);
+		if (!method->ops) {
+			DEBUG(1,("auth_context_create: failed to find method=%s\n",
+				methods[i]));
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+		method->auth_ctx	= ctx;
+		method->depth		= i;
+		DLIST_ADD_END(ctx->methods, method);
+	}
+
+	ctx->check_ntlm_password_send = auth_check_password_wrapper_send;
+	ctx->check_ntlm_password_recv = auth_check_password_wrapper_recv;
+	ctx->get_ntlm_challenge = auth_get_challenge;
+	ctx->set_ntlm_challenge = auth_context_set_challenge;
+	ctx->generate_session_info = auth_generate_session_info_wrapper;
+	ctx->generate_session_info_pac = auth_generate_session_info_pac;
+
+	*auth_ctx = ctx;
+
+	return NT_STATUS_OK;
+}
+
+const char **auth_methods_from_lp(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx)
+{
+	char **auth_methods = NULL;
+
+	switch (lpcfg_server_role(lp_ctx)) {
+	case ROLE_STANDALONE:
+		auth_methods = str_list_make(mem_ctx, "anonymous sam_ignoredomain", NULL);
+		break;
+	case ROLE_DOMAIN_MEMBER:
+	case ROLE_DOMAIN_BDC:
+	case ROLE_DOMAIN_PDC:
+	case ROLE_ACTIVE_DIRECTORY_DC:
+	case ROLE_IPA_DC:
+		auth_methods = str_list_make(mem_ctx, "anonymous sam winbind sam_ignoredomain", NULL);
+		break;
+	}
+	return discard_const_p(const char *, auth_methods);
+}
+
+/***************************************************************************
+ Make a auth_info struct for the auth subsystem
+ - Uses default auth_methods, depending on server role and smb.conf settings
+***************************************************************************/
+_PUBLIC_ NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx,
+			     struct tevent_context *ev,
+			     struct imessaging_context *msg,
+			     struct loadparm_context *lp_ctx,
+			     struct auth4_context **auth_ctx)
+{
+	NTSTATUS status;
+	const char **auth_methods;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	if (!tmp_ctx) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	auth_methods = auth_methods_from_lp(tmp_ctx, lp_ctx);
+	if (!auth_methods) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+	status = auth_context_create_methods(mem_ctx, auth_methods, ev, msg, lp_ctx, NULL, auth_ctx);
+	talloc_free(tmp_ctx);
+	return status;
+}
+
+_PUBLIC_ NTSTATUS auth_context_create_for_netlogon(TALLOC_CTX *mem_ctx,
+						   struct tevent_context *ev,
+						   struct imessaging_context *msg,
+						   struct loadparm_context *lp_ctx,
+						   struct auth4_context **auth_ctx)
+{
+	NTSTATUS status;
+	char **_auth_methods = NULL;
+	const char **auth_methods = NULL;
+
+	/*
+	 * Here we only allow 'sam winbind' instead of
+	 * the 'anonymous sam winbind sam_ignoredomain'
+	 * we typically use for authentication from clients.
+	 */
+	_auth_methods = str_list_make(mem_ctx, "sam winbind", NULL);
+	if (_auth_methods == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	auth_methods = discard_const_p(const char *, _auth_methods);
+
+	status = auth_context_create_methods(mem_ctx, auth_methods, ev, msg,
+					     lp_ctx, NULL, auth_ctx);
+	talloc_free(_auth_methods);
+	return status;
+}
+
+/* the list of currently registered AUTH backends */
+static struct auth_backend {
+	const struct auth_operations *ops;
+} *backends = NULL;
+static int num_backends;
+
+/*
+  register a AUTH backend.
+
+  The 'name' can be later used by other backends to find the operations
+  structure for this backend.
+*/
+_PUBLIC_ NTSTATUS auth_register(TALLOC_CTX *mem_ctx,
+			const struct auth_operations *ops)
+{
+	struct auth_operations *new_ops;
+
+	if (auth_backend_byname(ops->name) != NULL) {
+		/* its already registered! */
+		DEBUG(0,("AUTH backend '%s' already registered\n",
+			 ops->name));
+		return NT_STATUS_OBJECT_NAME_COLLISION;
+	}
+
+	backends = talloc_realloc(mem_ctx, backends,
+				  struct auth_backend, num_backends+1);
+	NT_STATUS_HAVE_NO_MEMORY(backends);
+
+	new_ops = (struct auth_operations *)talloc_memdup(backends, ops, sizeof(*ops));
+	NT_STATUS_HAVE_NO_MEMORY(new_ops);
+	new_ops->name = talloc_strdup(new_ops, ops->name);
+	NT_STATUS_HAVE_NO_MEMORY(new_ops->name);
+
+	backends[num_backends].ops = new_ops;
+
+	num_backends++;
+
+	DEBUG(3,("AUTH backend '%s' registered\n",
+		 ops->name));
+
+	return NT_STATUS_OK;
+}
+
+/*
+  return the operations structure for a named backend of the specified type
+*/
+const struct auth_operations *auth_backend_byname(const char *name)
+{
+	int i;
+
+	for (i=0;i<num_backends;i++) {
+		if (strcmp(backends[i].ops->name, name) == 0) {
+			return backends[i].ops;
+		}
+	}
+
+	return NULL;
+}
+
+/*
+  return the AUTH interface version, and the size of some critical types
+  This can be used by backends to either detect compilation errors, or provide
+  multiple implementations for different smbd compilation options in one module
+*/
+const struct auth_critical_sizes *auth_interface_version(void)
+{
+	static const struct auth_critical_sizes critical_sizes = {
+		AUTH4_INTERFACE_VERSION,
+		sizeof(struct auth_operations),
+		sizeof(struct auth_method_context),
+		sizeof(struct auth4_context),
+		sizeof(struct auth_usersupplied_info),
+		sizeof(struct auth_user_info_dc)
+	};
+
+	return &critical_sizes;
+}
+
+_PUBLIC_ NTSTATUS auth4_init(void)
+{
+	static bool initialized = false;
+#define _MODULE_PROTO(init) extern NTSTATUS init(TALLOC_CTX *);
+	STATIC_auth4_MODULES_PROTO;
+	init_module_fn static_init[] = { STATIC_auth4_MODULES };
+
+	if (initialized) return NT_STATUS_OK;
+	initialized = true;
+
+	run_init_functions(NULL, static_init);
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/auth/ntlm/auth_anonymous.c b/source4/auth/ntlm/auth_anonymous.c
new file mode 100644
index 0000000..328347a
--- /dev/null
+++ b/source4/auth/ntlm/auth_anonymous.c
@@ -0,0 +1,166 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Anonymous Authentication
+
+   Copyright (C) Stefan Metzmacher            2004-2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <tevent.h>
+#include "auth/auth.h"
+#include "auth/ntlm/auth_proto.h"
+#include "param/param.h"
+#include "lib/util/tevent_ntstatus.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
+_PUBLIC_ NTSTATUS auth4_anonymous_init(TALLOC_CTX *);
+
+/**
+ * Return a anonymous logon for anonymous users (username = "")
+ *
+ * Typically used as the first module in the auth chain, this allows
+ * anonymou logons to be dealt with in one place.  Non-anonymou logons 'fail'
+ * and pass onto the next module.
+ **/
+static NTSTATUS anonymous_want_check(struct auth_method_context *ctx,
+			      	     TALLOC_CTX *mem_ctx,
+				     const struct auth_usersupplied_info *user_info)
+{
+	if (user_info->client.account_name && *user_info->client.account_name) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	switch (user_info->password_state) {
+	case AUTH_PASSWORD_PLAIN:
+		if (user_info->password.plaintext != NULL &&
+		    strlen(user_info->password.plaintext) > 0)
+		{
+			return NT_STATUS_NOT_IMPLEMENTED;
+		}
+		break;
+	case AUTH_PASSWORD_HASH:
+		if (user_info->password.hash.lanman != NULL) {
+			return NT_STATUS_NOT_IMPLEMENTED;
+		}
+		if (user_info->password.hash.nt != NULL) {
+			return NT_STATUS_NOT_IMPLEMENTED;
+		}
+		break;
+	case AUTH_PASSWORD_RESPONSE:
+		if (user_info->password.response.lanman.length == 1) {
+			if (user_info->password.response.lanman.data[0] != '\0') {
+				return NT_STATUS_NOT_IMPLEMENTED;
+			}
+		} else if (user_info->password.response.lanman.length > 1) {
+			return NT_STATUS_NOT_IMPLEMENTED;
+		}
+		if (user_info->password.response.nt.length > 0) {
+			return NT_STATUS_NOT_IMPLEMENTED;
+		}
+		break;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/**
+ * Return a anonymous logon for anonymous users (username = "")
+ *
+ * Typically used as the first module in the auth chain, this allows
+ * anonymou logons to be dealt with in one place.  Non-anonymou logons 'fail'
+ * and pass onto the next module.
+ **/
+
+struct anonymous_check_password_state {
+	struct auth_user_info_dc *user_info_dc;
+};
+
+static struct tevent_req *anonymous_check_password_send(
+	TALLOC_CTX *mem_ctx,
+	struct tevent_context *ev,
+	struct auth_method_context *ctx,
+	const struct auth_usersupplied_info *user_info)
+{
+	struct tevent_req *req = NULL;
+	struct anonymous_check_password_state *state = NULL;
+	NTSTATUS status;
+
+	req = tevent_req_create(
+		mem_ctx,
+		&state,
+		struct anonymous_check_password_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	status = auth_anonymous_user_info_dc(
+		state,
+		lpcfg_netbios_name(ctx->auth_ctx->lp_ctx),
+		&state->user_info_dc);
+	if (tevent_req_nterror(req, status)) {
+		return tevent_req_post(req, ev);
+	}
+	tevent_req_done(req);
+	return tevent_req_post(req, ev);
+}
+
+static NTSTATUS anonymous_check_password_recv(
+	struct tevent_req *req,
+	TALLOC_CTX *mem_ctx,
+	struct auth_user_info_dc **interim_info,
+	const struct authn_audit_info **client_audit_info,
+	const struct authn_audit_info **server_audit_info,
+	bool *authoritative)
+{
+	struct anonymous_check_password_state *state = tevent_req_data(
+		req, struct anonymous_check_password_state);
+	NTSTATUS status;
+
+	*client_audit_info = NULL;
+	*server_audit_info = NULL;
+
+	if (tevent_req_is_nterror(req, &status)) {
+		tevent_req_received(req);
+		return status;
+	}
+	*interim_info = talloc_move(mem_ctx, &state->user_info_dc);
+	tevent_req_received(req);
+	return NT_STATUS_OK;
+}
+
+
+static const struct auth_operations anonymous_auth_ops = {
+	.name			= "anonymous",
+	.want_check		= anonymous_want_check,
+	.check_password_send	= anonymous_check_password_send,
+	.check_password_recv	= anonymous_check_password_recv,
+};
+
+_PUBLIC_ NTSTATUS auth4_anonymous_init(TALLOC_CTX *ctx)
+{
+	NTSTATUS ret;
+
+	ret = auth_register(ctx, &anonymous_auth_ops);
+	if (!NT_STATUS_IS_OK(ret)) {
+		DEBUG(0,("Failed to register 'anonymous' auth backend!\n"));
+		return ret;
+	}
+
+	return ret;
+}
diff --git a/source4/auth/ntlm/auth_developer.c b/source4/auth/ntlm/auth_developer.c
new file mode 100644
index 0000000..89db15d
--- /dev/null
+++ b/source4/auth/ntlm/auth_developer.c
@@ -0,0 +1,224 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Generic authentication types
+   Copyright (C) Andrew Bartlett         2001-2002
+   Copyright (C) Jelmer Vernooij              2002
+   Copyright (C) Stefan Metzmacher            2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <tevent.h>
+#include "auth/auth.h"
+#include "auth/ntlm/auth_proto.h"
+#include "libcli/security/security.h"
+#include "lib/util/tevent_ntstatus.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
+#undef strncasecmp
+
+_PUBLIC_ NTSTATUS auth4_developer_init(TALLOC_CTX *);
+
+static NTSTATUS name_to_ntstatus_want_check(struct auth_method_context *ctx,
+			      		    TALLOC_CTX *mem_ctx,
+					    const struct auth_usersupplied_info *user_info)
+{
+	return NT_STATUS_OK;
+}
+
+/** 
+ * Return an error based on username
+ *
+ * This function allows the testing of obscure errors, as well as the generation
+ * of NT_STATUS -> DOS error mapping tables.
+ *
+ * This module is of no value to end-users.
+ *
+ * The password is ignored.
+ *
+ * @return An NTSTATUS value based on the username
+ **/
+
+static NTSTATUS name_to_ntstatus_check_password(struct auth_method_context *ctx,
+			      		        TALLOC_CTX *mem_ctx,
+					        const struct auth_usersupplied_info *user_info, 
+					        struct auth_user_info_dc **_user_info_dc,
+						bool *authoritative)
+{
+	NTSTATUS nt_status;
+	struct auth_user_info_dc *user_info_dc;
+	struct auth_user_info *info;
+	uint32_t error_num;
+	const char *user;
+
+	user = user_info->client.account_name;
+
+	if (strncasecmp("NT_STATUS", user, strlen("NT_STATUS")) == 0) {
+		nt_status = nt_status_string_to_code(user);
+	} else {
+		error_num = strtoul(user, NULL, 16);
+		DEBUG(5,("name_to_ntstatus_check_password: Error for user %s was 0x%08X\n", user, error_num));
+		nt_status = NT_STATUS(error_num);
+	}
+	NT_STATUS_NOT_OK_RETURN(nt_status);
+
+	user_info_dc = talloc_zero(mem_ctx, struct auth_user_info_dc);
+	NT_STATUS_HAVE_NO_MEMORY(user_info_dc);
+
+	/* This returns a pointer to a struct dom_sid, which is the
+	 * same as a 1 element list of struct dom_sid */
+	user_info_dc->num_sids = 1;
+	user_info_dc->sids = talloc(user_info_dc, struct auth_SidAttr);
+	NT_STATUS_HAVE_NO_MEMORY(user_info_dc->sids);
+
+	user_info_dc->sids->sid = global_sid_Anonymous;
+	user_info_dc->sids->attrs = SE_GROUP_DEFAULT_FLAGS;
+
+	/* annoying, but the Anonymous really does have a session key, 
+	   and it is all zeros! */
+	user_info_dc->user_session_key = data_blob_talloc(user_info_dc, NULL, 16);
+	NT_STATUS_HAVE_NO_MEMORY(user_info_dc->user_session_key.data);
+
+	user_info_dc->lm_session_key = data_blob_talloc(user_info_dc, NULL, 16);
+	NT_STATUS_HAVE_NO_MEMORY(user_info_dc->lm_session_key.data);
+
+	data_blob_clear(&user_info_dc->user_session_key);
+	data_blob_clear(&user_info_dc->lm_session_key);
+
+	user_info_dc->info = info = talloc_zero(user_info_dc, struct auth_user_info);
+	NT_STATUS_HAVE_NO_MEMORY(user_info_dc->info);
+
+	info->account_name = talloc_asprintf(user_info_dc, "NAME TO NTSTATUS %s ANONYMOUS LOGON", user);
+	NT_STATUS_HAVE_NO_MEMORY(info->account_name);
+
+	info->domain_name = talloc_strdup(user_info_dc, "NT AUTHORITY");
+	NT_STATUS_HAVE_NO_MEMORY(info->domain_name);
+
+	info->full_name = talloc_asprintf(user_info_dc, "NAME TO NTSTATUS %s Anonymous Logon", user);
+	NT_STATUS_HAVE_NO_MEMORY(info->full_name);
+
+	info->logon_script = talloc_strdup(user_info_dc, "");
+	NT_STATUS_HAVE_NO_MEMORY(info->logon_script);
+
+	info->profile_path = talloc_strdup(user_info_dc, "");
+	NT_STATUS_HAVE_NO_MEMORY(info->profile_path);
+
+	info->home_directory = talloc_strdup(user_info_dc, "");
+	NT_STATUS_HAVE_NO_MEMORY(info->home_directory);
+
+	info->home_drive = talloc_strdup(user_info_dc, "");
+	NT_STATUS_HAVE_NO_MEMORY(info->home_drive);
+
+	info->last_logon = 0;
+	info->last_logoff = 0;
+	info->acct_expiry = 0;
+	info->last_password_change = 0;
+	info->allow_password_change = 0;
+	info->force_password_change = 0;
+
+	info->logon_count = 0;
+	info->bad_password_count = 0;
+
+	info->acct_flags = ACB_NORMAL;
+
+	info->user_flags = 0;
+
+	*_user_info_dc = user_info_dc;
+
+	return nt_status;
+}
+
+struct name_to_ntstatus_check_password_state {
+	struct auth_user_info_dc *user_info_dc;
+	bool authoritative;
+};
+
+static struct tevent_req *name_to_ntstatus_check_password_send(
+	TALLOC_CTX *mem_ctx,
+	struct tevent_context *ev,
+	struct auth_method_context *ctx,
+	const struct auth_usersupplied_info *user_info)
+{
+	struct tevent_req *req = NULL;
+	struct name_to_ntstatus_check_password_state *state = NULL;
+	NTSTATUS status;
+
+	req = tevent_req_create(
+		mem_ctx,
+		&state,
+		struct name_to_ntstatus_check_password_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	status = name_to_ntstatus_check_password(
+		ctx,
+		state,
+		user_info,
+		&state->user_info_dc,
+		&state->authoritative);
+	if (tevent_req_nterror(req, status)) {
+		return tevent_req_post(req, ev);
+	}
+	tevent_req_done(req);
+	return tevent_req_post(req, ev);
+}
+
+static NTSTATUS name_to_ntstatus_check_password_recv(
+	struct tevent_req *req,
+	TALLOC_CTX *mem_ctx,
+	struct auth_user_info_dc **interim_info,
+	const struct authn_audit_info **client_audit_info,
+	const struct authn_audit_info **server_audit_info,
+	bool *authoritative)
+{
+	struct name_to_ntstatus_check_password_state *state = tevent_req_data(
+		req, struct name_to_ntstatus_check_password_state);
+	NTSTATUS status;
+
+	*authoritative = state->authoritative;
+	*client_audit_info = NULL;
+	*server_audit_info = NULL;
+
+	if (tevent_req_is_nterror(req, &status)) {
+		tevent_req_received(req);
+		return status;
+	}
+	*interim_info = talloc_move(mem_ctx, &state->user_info_dc);
+	tevent_req_received(req);
+	return NT_STATUS_OK;
+}
+
+static const struct auth_operations name_to_ntstatus_auth_ops = {
+	.name		= "name_to_ntstatus",
+	.want_check	= name_to_ntstatus_want_check,
+	.check_password_send	= name_to_ntstatus_check_password_send,
+	.check_password_recv	= name_to_ntstatus_check_password_recv,
+};
+
+_PUBLIC_ NTSTATUS auth4_developer_init(TALLOC_CTX *ctx)
+{
+	NTSTATUS ret;
+
+	ret = auth_register(ctx, &name_to_ntstatus_auth_ops);
+	if (!NT_STATUS_IS_OK(ret)) {
+		DEBUG(0,("Failed to register 'name_to_ntstatus' auth backend!\n"));
+		return ret;
+	}
+
+	return ret;
+}
diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c
new file mode 100644
index 0000000..d12045d
--- /dev/null
+++ b/source4/auth/ntlm/auth_sam.c
@@ -0,0 +1,1417 @@
+/*
+   Unix SMB/CIFS implementation.
+   Password and authentication handling
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2001-2009
+   Copyright (C) Gerald Carter                             2003
+   Copyright (C) Stefan Metzmacher                         2005-2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/time.h"
+#include <ldb.h>
+#include "libcli/ldap/ldap_ndr.h"
+#include "libcli/security/security.h"
+#include "auth/auth.h"
+#include "../libcli/auth/ntlm_check.h"
+#include "auth/ntlm/auth_proto.h"
+#include "auth/auth_sam.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+#include "dsdb/common/util.h"
+#include "param/param.h"
+#include "librpc/gen_ndr/ndr_irpc_c.h"
+#include "librpc/gen_ndr/ndr_winbind_c.h"
+#include "lib/messaging/irpc.h"
+#include "libcli/auth/libcli_auth.h"
+#include "libds/common/roles.h"
+#include "lib/util/tevent_ntstatus.h"
+#include "system/kerberos.h"
+#include "auth/kerberos/kerberos.h"
+#include "kdc/authn_policy_util.h"
+#include "kdc/db-glue.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
+NTSTATUS auth_sam_init(void);
+
+extern const char *user_attrs[];
+extern const char *domain_ref_attrs[];
+
+/****************************************************************************
+ Do a specific test for an smb password being correct, given a smb_password and
+ the lanman and NT responses.
+****************************************************************************/
+static NTSTATUS authsam_password_ok(struct auth4_context *auth_context,
+				    TALLOC_CTX *mem_ctx,
+				    const struct samr_Password *nt_pwd,
+				    struct smb_krb5_context *smb_krb5_context,
+				    const DATA_BLOB *stored_aes_256_key,
+				    const krb5_data *salt,
+				    const struct auth_usersupplied_info *user_info,
+				    DATA_BLOB *user_sess_key,
+				    DATA_BLOB *lm_sess_key)
+{
+	NTSTATUS status;
+
+	switch (user_info->password_state) {
+	case AUTH_PASSWORD_PLAIN:
+	{
+		const struct auth_usersupplied_info *user_info_temp;
+
+		if (nt_pwd == NULL && stored_aes_256_key != NULL && user_info->password.plaintext != NULL) {
+			bool pw_equal;
+			int krb5_ret;
+			DATA_BLOB supplied_aes_256_key;
+			krb5_keyblock key;
+			krb5_data cleartext_data = {
+				.data = user_info->password.plaintext,
+				.length = strlen(user_info->password.plaintext)
+			};
+
+			*lm_sess_key = data_blob_null;
+			*user_sess_key = data_blob_null;
+
+			krb5_ret = smb_krb5_create_key_from_string(smb_krb5_context->krb5_context,
+								   NULL,
+								   salt,
+								   &cleartext_data,
+								   ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+								   &key);
+			if (krb5_ret) {
+				DBG_ERR("generation of a aes256-cts-hmac-sha1-96 key for password comparison failed: %s\n",
+					smb_get_krb5_error_message(smb_krb5_context->krb5_context,
+								   krb5_ret, mem_ctx));
+				return NT_STATUS_INTERNAL_ERROR;
+			}
+
+			supplied_aes_256_key = data_blob_const(KRB5_KEY_DATA(&key),
+							       KRB5_KEY_LENGTH(&key));
+
+			pw_equal = data_blob_equal_const_time(&supplied_aes_256_key,
+							      stored_aes_256_key);
+
+			krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &key);
+			if (!pw_equal) {
+				return NT_STATUS_WRONG_PASSWORD;
+			}
+			return NT_STATUS_OK;
+		}
+
+		status = encrypt_user_info(mem_ctx, auth_context,
+					   AUTH_PASSWORD_HASH,
+					   user_info, &user_info_temp);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(1, ("Failed to convert plaintext password to password HASH: %s\n", nt_errstr(status)));
+			return status;
+		}
+		user_info = user_info_temp;
+
+		FALL_THROUGH;
+	}
+	case AUTH_PASSWORD_HASH:
+		*lm_sess_key = data_blob(NULL, 0);
+		*user_sess_key = data_blob(NULL, 0);
+		status = hash_password_check(mem_ctx,
+					     false,
+					     lpcfg_ntlm_auth(auth_context->lp_ctx),
+					     NULL,
+					     user_info->password.hash.nt,
+					     user_info->mapped.account_name,
+					     NULL, nt_pwd);
+		NT_STATUS_NOT_OK_RETURN(status);
+		break;
+
+	case AUTH_PASSWORD_RESPONSE:
+		status = ntlm_password_check(mem_ctx,
+					     false,
+					     lpcfg_ntlm_auth(auth_context->lp_ctx),
+					     user_info->logon_parameters,
+					     &auth_context->challenge.data,
+					     &user_info->password.response.lanman,
+					     &user_info->password.response.nt,
+					     user_info->mapped.account_name,
+					     user_info->client.account_name,
+					     user_info->client.domain_name,
+					     NULL, nt_pwd,
+					     user_sess_key, lm_sess_key);
+		NT_STATUS_NOT_OK_RETURN(status);
+		break;
+	}
+
+	return NT_STATUS_OK;
+}
+
+static void auth_sam_trigger_zero_password(TALLOC_CTX *mem_ctx,
+					   struct imessaging_context *msg_ctx,
+					   struct tevent_context *event_ctx,
+					   struct netr_SendToSamBase *send_to_sam)
+{
+	struct dcerpc_binding_handle *irpc_handle;
+	struct winbind_SendToSam r;
+	struct tevent_req *req;
+	TALLOC_CTX *tmp_ctx;
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		return;
+	}
+
+	irpc_handle = irpc_binding_handle_by_name(tmp_ctx, msg_ctx,
+						  "winbind_server",
+						  &ndr_table_winbind);
+	if (irpc_handle == NULL) {
+		DEBUG(1,(__location__ ": Unable to get binding handle for winbind\n"));
+		TALLOC_FREE(tmp_ctx);
+		return;
+	}
+
+	r.in.message = *send_to_sam;
+
+	/*
+	 * This seem to rely on the current IRPC implementation,
+	 * which delivers the message in the _send function.
+	 *
+	 * TODO: we need a ONE_WAY IRPC handle and register
+	 * a callback and wait for it to be triggered!
+	 */
+	req = dcerpc_winbind_SendToSam_r_send(tmp_ctx,
+					      event_ctx,
+					      irpc_handle,
+					      &r);
+
+	/* we aren't interested in a reply */
+	talloc_free(req);
+	TALLOC_FREE(tmp_ctx);
+
+}
+
+/*
+  send a message to the drepl server telling it to initiate a
+  REPL_SECRET getncchanges extended op to fetch the users secrets
+ */
+static void auth_sam_trigger_repl_secret(TALLOC_CTX *mem_ctx,
+					 struct imessaging_context *msg_ctx,
+					 struct tevent_context *event_ctx,
+					 struct ldb_dn *user_dn)
+{
+	struct dcerpc_binding_handle *irpc_handle;
+	struct drepl_trigger_repl_secret r;
+	struct tevent_req *req;
+	TALLOC_CTX *tmp_ctx;
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		return;
+	}
+
+	irpc_handle = irpc_binding_handle_by_name(tmp_ctx, msg_ctx,
+						  "dreplsrv",
+						  &ndr_table_irpc);
+	if (irpc_handle == NULL) {
+		DEBUG(1,(__location__ ": Unable to get binding handle for dreplsrv\n"));
+		TALLOC_FREE(tmp_ctx);
+		return;
+	}
+
+	r.in.user_dn = ldb_dn_get_linearized(user_dn);
+
+	/*
+	 * This seem to rely on the current IRPC implementation,
+	 * which delivers the message in the _send function.
+	 *
+	 * TODO: we need a ONE_WAY IRPC handle and register
+	 * a callback and wait for it to be triggered!
+	 */
+	req = dcerpc_drepl_trigger_repl_secret_r_send(tmp_ctx,
+						      event_ctx,
+						      irpc_handle,
+						      &r);
+
+	/* we aren't interested in a reply */
+	talloc_free(req);
+	TALLOC_FREE(tmp_ctx);
+}
+
+static const struct samr_Password *hide_invalid_nthash(const struct samr_Password *in)
+{
+	/*
+	 * This is the result of:
+	 *
+	 * E_md4hash("", zero_string_hash.hash);
+	 */
+	static const struct samr_Password zero_string_hash = {
+		.hash = {
+			0x31, 0xd6, 0xcf, 0xe0, 0xd1, 0x6a, 0xe9, 0x31,
+			0xb7, 0x3c, 0x59, 0xd7, 0xe0, 0xc0, 0x89, 0xc0,
+		}
+	};
+
+	if (in == NULL) {
+		return NULL;
+	}
+
+	/*
+	 * Skip over any all-zero hashes in the history.  No known software
+	 * stores these but just to be sure
+	 */
+	if (all_zero(in->hash, sizeof(in->hash))) {
+		return NULL;
+	}
+
+	/*
+	 * This looks odd, but the password_hash module in the past has written
+	 * this in the rare situation where (somehow) we didn't have an old NT
+	 * hash (one of the old LM-only set paths)
+	 *
+	 * mem_equal_const_time() is used to avoid a timing attack
+	 * when comparing secret data in the server with this constant
+	 * value.
+	 */
+	if (mem_equal_const_time(in->hash, zero_string_hash.hash, 16)) {
+		in = NULL;
+	}
+
+	return in;
+}
+
+/*
+ * Check that a password is OK, and update badPwdCount if required.
+ */
+
+static NTSTATUS authsam_password_check_and_record(struct auth4_context *auth_context,
+						  TALLOC_CTX *mem_ctx,
+						  struct ldb_dn *domain_dn,
+						  struct ldb_message *msg,
+						  const struct auth_usersupplied_info *user_info,
+						  DATA_BLOB *user_sess_key,
+						  DATA_BLOB *lm_sess_key,
+						  bool *authoritative)
+{
+	NTSTATUS nt_status;
+	NTSTATUS auth_status;
+	TALLOC_CTX *tmp_ctx;
+	int i, ret;
+	int history_len = 0;
+	struct ldb_context *sam_ctx = auth_context->sam_ctx;
+	const char * const attrs[] = { "pwdHistoryLength", NULL };
+	struct ldb_message *dom_msg;
+	struct samr_Password *nt_pwd;
+	DATA_BLOB _aes_256_key = data_blob_null;
+	DATA_BLOB *aes_256_key = NULL;
+	krb5_data _salt = { .data = NULL, .length = 0 };
+	krb5_data *salt = NULL;
+	DATA_BLOB salt_data = data_blob_null;
+	struct smb_krb5_context *smb_krb5_context = NULL;
+	const struct ldb_val *sc_val;
+	uint32_t userAccountControl = 0;
+	uint32_t current_kvno = 0;
+	bool am_rodc;
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/*
+	 * This call does more than what it appears to do, it also
+	 * checks for the account lockout.
+	 *
+	 * It is done here so that all parts of Samba that read the
+	 * password refuse to even operate on it if the account is
+	 * locked out, to avoid mistakes like CVE-2013-4496.
+	 */
+	nt_status = samdb_result_passwords(tmp_ctx, auth_context->lp_ctx,
+					   msg, &nt_pwd);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		TALLOC_FREE(tmp_ctx);
+		return nt_status;
+	}
+
+	userAccountControl = ldb_msg_find_attr_as_uint(msg,
+						       "userAccountControl",
+						       0);
+
+	sc_val = ldb_msg_find_ldb_val(msg, "supplementalCredentials");
+
+	if (nt_pwd == NULL && sc_val == NULL) {
+		if (samdb_rodc(auth_context->sam_ctx, &am_rodc) == LDB_SUCCESS && am_rodc) {
+			/*
+			 * we don't have passwords for this
+			 * account. We are an RODC, and this account
+			 * may be one for which we either are denied
+			 * REPL_SECRET replication or we haven't yet
+			 * done the replication. We return
+			 * NT_STATUS_NOT_IMPLEMENTED which tells the
+			 * auth code to try the next authentication
+			 * mechanism. We also send a message to our
+			 * drepl server to tell it to try and
+			 * replicate the secrets for this account.
+			 *
+			 * TODO: Should we only trigger this is detected
+			 * there's a chance that the password might be
+			 * replicated, we should be able to detect this
+			 * based on msDS-NeverRevealGroup.
+			 */
+			auth_sam_trigger_repl_secret(auth_context,
+						     auth_context->msg_ctx,
+						     auth_context->event_ctx,
+						     msg->dn);
+			TALLOC_FREE(tmp_ctx);
+			return NT_STATUS_NOT_IMPLEMENTED;
+		}
+	}
+
+	/*
+	 * If we don't have an NT password, pull a kerberos key
+	 * instead for plaintext.
+	 */
+	if (nt_pwd == NULL &&
+	    sc_val != NULL &&
+	    user_info->password_state == AUTH_PASSWORD_PLAIN)
+	{
+		krb5_error_code krb5_ret;
+
+		krb5_ret = smb_krb5_init_context(tmp_ctx,
+						 auth_context->lp_ctx,
+						 &smb_krb5_context);
+		if (krb5_ret != 0) {
+			DBG_ERR("Failed to setup krb5_context: %s!\n",
+				error_message(krb5_ret));
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+
+		/*
+		 * Get the current salt from the record
+		 */
+
+		krb5_ret = dsdb_extract_aes_256_key(smb_krb5_context->krb5_context,
+						    tmp_ctx,
+						    msg,
+						    userAccountControl,
+						    NULL, /* kvno */
+						    &current_kvno, /* kvno_out */
+						    &_aes_256_key,
+						    &salt_data);
+		if (krb5_ret == 0) {
+			aes_256_key = &_aes_256_key;
+
+			_salt.data = (char *)salt_data.data;
+			_salt.length = salt_data.length;
+			salt = &_salt;
+		}
+	}
+
+	auth_status = authsam_password_ok(auth_context,
+					  tmp_ctx,
+					  nt_pwd,
+					  smb_krb5_context,
+					  aes_256_key,
+					  salt,
+					  user_info,
+					  user_sess_key, lm_sess_key);
+
+	if (NT_STATUS_IS_OK(auth_status)) {
+		if (user_sess_key->data) {
+			talloc_steal(mem_ctx, user_sess_key->data);
+		}
+		if (lm_sess_key->data) {
+			talloc_steal(mem_ctx, lm_sess_key->data);
+		}
+		TALLOC_FREE(tmp_ctx);
+		return NT_STATUS_OK;
+	}
+	*user_sess_key = data_blob_null;
+	*lm_sess_key = data_blob_null;
+
+	if (!NT_STATUS_EQUAL(auth_status, NT_STATUS_WRONG_PASSWORD)) {
+		TALLOC_FREE(tmp_ctx);
+		return auth_status;
+	}
+
+	/*
+	 * We only continue if this was a wrong password
+	 * and we'll always return NT_STATUS_WRONG_PASSWORD
+	 * no matter what error happens.
+	 */
+
+	/* pull the domain password property attributes */
+	ret = dsdb_search_one(sam_ctx, tmp_ctx, &dom_msg, domain_dn, LDB_SCOPE_BASE,
+			      attrs, 0, "objectClass=domain");
+	if (ret == LDB_SUCCESS) {
+		history_len = ldb_msg_find_attr_as_uint(dom_msg, "pwdHistoryLength", 0);
+	} else if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+		DEBUG(3,("Couldn't find domain %s: %s!\n",
+			 ldb_dn_get_linearized(domain_dn),
+			 ldb_errstring(sam_ctx)));
+	} else {
+		DEBUG(3,("error finding domain %s: %s!\n",
+			 ldb_dn_get_linearized(domain_dn),
+			 ldb_errstring(sam_ctx)));
+	}
+
+	for (i = 1; i < MIN(history_len, 3); i++) {
+		const struct samr_Password *nt_history_pwd = NULL;
+		NTTIME pwdLastSet;
+		struct timeval tv_now;
+		NTTIME now;
+		int allowed_period_mins;
+		NTTIME allowed_period;
+
+		/* Reset these variables back to starting as empty */
+		aes_256_key = NULL;
+		salt = NULL;
+
+		/*
+		 * Obtain the i'th old password from the NT password
+		 * history for this user.
+		 *
+		 * We avoid issues with salts (which are not
+		 * recorded for historical AES256 keys) by using the
+		 * ntPwdHistory in preference.
+		 */
+		nt_status = samdb_result_passwords_from_history(tmp_ctx,
+							auth_context->lp_ctx,
+							msg, i,
+							NULL,
+							&nt_history_pwd);
+
+		/*
+		 * Belts and braces: note that
+		 * samdb_result_passwords_from_history() currently
+		 * does not fail for missing attributes, it only sets
+		 * nt_history_pwd = NULL, so "break" and fall down to
+		 * the bad password count update if this happens
+		 */
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			break;
+		}
+
+		nt_history_pwd = hide_invalid_nthash(nt_history_pwd);
+
+		/*
+		 * We don't have an NT hash from the
+		 * ntPwdHistory, but we can still perform the
+		 * password check with the AES256
+		 * key.
+		 *
+		 * However, this is the second preference as
+		 * it will fail if the account was renamed
+		 * prior to a password change (as we won't
+		 * have the correct salt available to
+		 * calculate the AES256 key).
+		 */
+
+		if (nt_history_pwd == NULL && sc_val != NULL &&
+		    user_info->password_state == AUTH_PASSWORD_PLAIN &&
+		    current_kvno >= i)
+		{
+			krb5_error_code krb5_ret;
+			const uint32_t request_kvno = current_kvno - i;
+
+			/*
+			 * Confirm we have a krb5_context set up
+			 */
+			if (smb_krb5_context == NULL) {
+				/*
+				 * We get here if we had a unicodePwd
+				 * for the current password, no
+				 * ntPwdHistory, a valid previous
+				 * Kerberos history AND are processing
+				 * a simple bind.
+				 *
+				 * This really is a corner case so
+				 * favour cleaner code over trying to
+				 * allow for an old password.  It is
+				 * more likely this is just a new
+				 * account.
+				 *
+				 * "break" out of the loop and fall down
+				 * to the bad password update
+				 */
+				break;
+			}
+
+			/*
+			 * Get the current salt from the record
+			 */
+
+			krb5_ret = dsdb_extract_aes_256_key(smb_krb5_context->krb5_context,
+							    tmp_ctx,
+							    msg,
+							    userAccountControl,
+							    &request_kvno, /* kvno */
+							    NULL, /* kvno_out */
+							    &_aes_256_key,
+							    &salt_data);
+			if (krb5_ret != 0) {
+				break;
+			}
+
+			aes_256_key = &_aes_256_key;
+
+			_salt.data = (char *)salt_data.data;
+			_salt.length = salt_data.length;
+			salt = &_salt;
+
+		} else if (nt_history_pwd == NULL) {
+			/*
+			 * If we don't find element 'i' in the
+			 * ntPwdHistory and can not fall back to the
+			 * kerberos hash, we won't find 'i+1' ...
+			 */
+			break;
+		}
+
+		auth_status = authsam_password_ok(auth_context, tmp_ctx,
+						  nt_history_pwd,
+						  smb_krb5_context,
+						  aes_256_key,
+						  salt,
+						  user_info,
+						  user_sess_key,
+						  lm_sess_key);
+
+		if (!NT_STATUS_IS_OK(auth_status)) {
+			/*
+			 * If this was not a correct password, try the next
+			 * one from the history
+			 */
+			*user_sess_key = data_blob_null;
+			*lm_sess_key = data_blob_null;
+			continue;
+		}
+
+		if (i != 1) {
+			/*
+			 * The authentication was OK, but not against
+			 * the previous password, which is stored at index 1.
+			 *
+			 * We just return the original wrong password.
+			 * This skips the update of the bad pwd count,
+			 * because this is almost certainly user error
+			 * (or automatic login on a computer using a cached
+			 * password from before the password change),
+			 * not an attack.
+			 */
+			TALLOC_FREE(tmp_ctx);
+			return NT_STATUS_WRONG_PASSWORD;
+		}
+
+		if (user_info->flags & USER_INFO_INTERACTIVE_LOGON) {
+			/*
+			 * The authentication was OK against the previous password,
+			 * but it's not a NTLM network authentication,
+			 * LDAP simple bind or something similar.
+			 *
+			 * We just return the original wrong password.
+			 * This skips the update of the bad pwd count,
+			 * because this is almost certainly user error
+			 * (or automatic login on a computer using a cached
+			 * password from before the password change),
+			 * not an attack.
+			 */
+			TALLOC_FREE(tmp_ctx);
+			return NT_STATUS_WRONG_PASSWORD;
+		}
+
+		/*
+		 * If the password was OK, it's a NTLM network authentication
+		 * and it was the previous password.
+		 *
+		 * Now we see if it is within the grace period,
+		 * so that we don't break cached sessions on other computers
+		 * before the user can lock and unlock their other screens
+		 * (resetting their cached password).
+		 *
+		 * See http://support.microsoft.com/kb/906305
+		 * OldPasswordAllowedPeriod ("old password allowed period")
+		 * is specified in minutes. The default is 60.
+		 */
+		allowed_period_mins = lpcfg_old_password_allowed_period(auth_context->lp_ctx);
+		/*
+		 * NTTIME uses 100ns units
+		 */
+		allowed_period = (NTTIME) allowed_period_mins *
+				 60 * 1000*1000*10;
+		pwdLastSet = samdb_result_nttime(msg, "pwdLastSet", 0);
+		tv_now = timeval_current();
+		now = timeval_to_nttime(&tv_now);
+
+		if (now < pwdLastSet) {
+			/*
+			 * time jump?
+			 *
+			 * We just return the original wrong password.
+			 * This skips the update of the bad pwd count,
+			 * because this is almost certainly user error
+			 * (or automatic login on a computer using a cached
+			 * password from before the password change),
+			 * not an attack.
+			 */
+			TALLOC_FREE(tmp_ctx);
+			return NT_STATUS_WRONG_PASSWORD;
+		}
+
+		if ((now - pwdLastSet) >= allowed_period) {
+			/*
+			 * The allowed period is over.
+			 *
+			 * We just return the original wrong password.
+			 * This skips the update of the bad pwd count,
+			 * because this is almost certainly user error
+			 * (or automatic login on a computer using a cached
+			 * password from before the password change),
+			 * not an attack.
+			 */
+			TALLOC_FREE(tmp_ctx);
+			return NT_STATUS_WRONG_PASSWORD;
+		}
+
+		/*
+		 * We finally allow the authentication with the
+		 * previous password within the allowed period.
+		 */
+		if (user_sess_key->data) {
+			talloc_steal(mem_ctx, user_sess_key->data);
+		}
+		if (lm_sess_key->data) {
+			talloc_steal(mem_ctx, lm_sess_key->data);
+		}
+
+		TALLOC_FREE(tmp_ctx);
+		return auth_status;
+	}
+
+	/*
+	 * If we are not in the allowed period or match an old password,
+	 * we didn't return early. Now update the badPwdCount et al.
+	 */
+	nt_status = authsam_update_bad_pwd_count(auth_context->sam_ctx,
+						 msg, domain_dn);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		/*
+		 * We need to return the original
+		 * NT_STATUS_WRONG_PASSWORD error, so there isn't
+		 * anything more we can do than write something into
+		 * the log
+		 */
+		DEBUG(0, ("Failed to note bad password for user [%s]: %s\n",
+			  user_info->mapped.account_name,
+			  nt_errstr(nt_status)));
+	}
+
+	if (samdb_rodc(auth_context->sam_ctx, &am_rodc) == LDB_SUCCESS && am_rodc) {
+		*authoritative = false;
+	}
+
+	TALLOC_FREE(tmp_ctx);
+
+	if (NT_STATUS_IS_OK(nt_status)) {
+		nt_status = NT_STATUS_WRONG_PASSWORD;
+	}
+	return nt_status;
+}
+
+static NTSTATUS authsam_check_netlogon_trust(TALLOC_CTX *mem_ctx,
+					     struct ldb_context *sam_ctx,
+					     struct loadparm_context *lp_ctx,
+					     const struct auth_usersupplied_info *user_info,
+					     const struct auth_user_info_dc *user_info_dc,
+					     struct authn_audit_info **server_audit_info_out)
+{
+	TALLOC_CTX *tmp_ctx = NULL;
+
+	static const char *authn_policy_silo_attrs[] = {
+		"msDS-AssignedAuthNPolicy",
+		"msDS-AssignedAuthNPolicySilo",
+		"objectClass", /* used to determine which set of policy
+				* attributes apply. */
+		NULL,
+	};
+
+	const struct authn_server_policy *authn_server_policy = NULL;
+
+	struct dom_sid_buf netlogon_trust_sid_buf;
+	const char *netlogon_trust_sid_str = NULL;
+	struct ldb_dn *netlogon_trust_dn = NULL;
+	struct ldb_message *netlogon_trust_msg = NULL;
+
+	int ret;
+
+	/* Have we established a secure channel? */
+	if (user_info->netlogon_trust_account.secure_channel_type == SEC_CHAN_NULL) {
+		return NT_STATUS_OK;
+	}
+
+	if (!authn_policy_silos_and_policies_in_effect(sam_ctx)) {
+		return NT_STATUS_OK;
+	}
+
+	/*
+	 * We have established a secure channel, and we should have the machine
+	 * account’s SID.
+	 */
+	SMB_ASSERT(user_info->netlogon_trust_account.sid != NULL);
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	netlogon_trust_sid_str = dom_sid_str_buf(user_info->netlogon_trust_account.sid,
+						 &netlogon_trust_sid_buf);
+
+	netlogon_trust_dn = ldb_dn_new_fmt(tmp_ctx, sam_ctx,
+					   "<SID=%s>",
+					   netlogon_trust_sid_str);
+	if (netlogon_trust_dn == NULL) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/*
+	 * Look up the machine account to see if it has an applicable
+	 * authentication policy.
+	 */
+	ret = dsdb_search_one(sam_ctx,
+			      tmp_ctx,
+			      &netlogon_trust_msg,
+			      netlogon_trust_dn,
+			      LDB_SCOPE_BASE,
+			      authn_policy_silo_attrs,
+			      0,
+			      NULL);
+	if (ret) {
+		talloc_free(tmp_ctx);
+		return dsdb_ldb_err_to_ntstatus(ret);
+	}
+
+	ret = authn_policy_server(sam_ctx,
+				  tmp_ctx,
+				  netlogon_trust_msg,
+				  &authn_server_policy);
+	if (ret) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	if (authn_server_policy != NULL) {
+		struct authn_audit_info *server_audit_info = NULL;
+		NTSTATUS status;
+
+		/*
+		 * An authentication policy applies to the machine
+		 * account. Carry out the access check.
+		 */
+		status = authn_policy_authenticate_to_service(tmp_ctx,
+							      sam_ctx,
+							      lp_ctx,
+							      AUTHN_POLICY_AUTH_TYPE_NTLM,
+							      user_info_dc,
+							      NULL /* device_info */,
+							      /*
+							       * It seems that claims go ignored for
+							       * SamLogon (see SamLogonTests —
+							       * test_samlogon_allowed_to_computer_silo).
+							       */
+							      (struct auth_claims) {},
+							      authn_server_policy,
+							      (struct authn_policy_flags) {},
+							      &server_audit_info);
+		if (server_audit_info != NULL) {
+			*server_audit_info_out = talloc_move(mem_ctx, &server_audit_info);
+		}
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(tmp_ctx);
+			return status;
+		}
+	}
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS authsam_authenticate(struct auth4_context *auth_context,
+				     TALLOC_CTX *mem_ctx,
+				     struct ldb_dn *domain_dn,
+				     struct ldb_message *msg,
+				     const struct auth_usersupplied_info *user_info,
+				     const struct auth_user_info_dc *user_info_dc,
+				     DATA_BLOB *user_sess_key, DATA_BLOB *lm_sess_key,
+				     struct authn_audit_info **client_audit_info_out,
+				     struct authn_audit_info **server_audit_info_out,
+				     bool *authoritative)
+{
+	NTSTATUS nt_status;
+	int ret;
+	bool interactive = (user_info->password_state == AUTH_PASSWORD_HASH);
+	uint32_t acct_flags = samdb_result_acct_flags(msg, NULL);
+	struct netr_SendToSamBase *send_to_sam = NULL;
+	const struct authn_ntlm_client_policy *authn_client_policy = NULL;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	if (!tmp_ctx) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* You can only do an interactive login to normal accounts */
+	if (user_info->flags & USER_INFO_INTERACTIVE_LOGON) {
+		if (!(acct_flags & ACB_NORMAL)) {
+			TALLOC_FREE(tmp_ctx);
+			return NT_STATUS_NO_SUCH_USER;
+		}
+		if (acct_flags & ACB_SMARTCARD_REQUIRED) {
+			if (acct_flags & ACB_DISABLED) {
+				DEBUG(2,("authsam_authenticate: Account for user '%s' "
+					 "was disabled.\n",
+					 user_info->mapped.account_name));
+				TALLOC_FREE(tmp_ctx);
+				return NT_STATUS_ACCOUNT_DISABLED;
+			}
+			DEBUG(2,("authsam_authenticate: Account for user '%s' "
+				 "requires interactive smartcard logon.\n",
+				 user_info->mapped.account_name));
+			TALLOC_FREE(tmp_ctx);
+			return NT_STATUS_SMARTCARD_LOGON_REQUIRED;
+		}
+	}
+
+	/* See whether an authentication policy applies to the client. */
+	ret = authn_policy_ntlm_client(auth_context->sam_ctx,
+				       tmp_ctx,
+				       msg,
+				       &authn_client_policy);
+	if (ret) {
+		TALLOC_FREE(tmp_ctx);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	nt_status = authn_policy_ntlm_apply_device_restriction(mem_ctx,
+							       authn_client_policy,
+							       client_audit_info_out);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		/*
+		 * As we didn’t get far enough to check the server policy, only
+		 * the client policy will be referenced in the authentication
+		 * log message.
+		 */
+		TALLOC_FREE(tmp_ctx);
+		return nt_status;
+	}
+
+	nt_status = authsam_password_check_and_record(auth_context, tmp_ctx,
+						      domain_dn, msg,
+						      user_info,
+						      user_sess_key, lm_sess_key,
+						      authoritative);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		TALLOC_FREE(tmp_ctx);
+		return nt_status;
+	}
+
+	nt_status = authsam_check_netlogon_trust(mem_ctx,
+						 auth_context->sam_ctx,
+						 auth_context->lp_ctx,
+						 user_info,
+						 user_info_dc,
+						 server_audit_info_out);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		TALLOC_FREE(tmp_ctx);
+		return nt_status;
+	}
+
+	nt_status = authsam_account_ok(tmp_ctx, auth_context->sam_ctx,
+				       user_info->logon_parameters,
+				       domain_dn,
+				       msg,
+				       user_info->workstation_name,
+				       user_info->mapped.account_name,
+				       false, false);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		TALLOC_FREE(tmp_ctx);
+		return nt_status;
+	}
+
+	nt_status = authsam_logon_success_accounting(auth_context->sam_ctx,
+						     msg, domain_dn,
+						     interactive,
+						     tmp_ctx,
+						     &send_to_sam);
+
+	if (send_to_sam != NULL) {
+		auth_sam_trigger_zero_password(tmp_ctx,
+					       auth_context->msg_ctx,
+					       auth_context->event_ctx,
+					       send_to_sam);
+	}
+
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		TALLOC_FREE(tmp_ctx);
+		return nt_status;
+	}
+
+	if (user_sess_key && user_sess_key->data) {
+		talloc_steal(mem_ctx, user_sess_key->data);
+	}
+	if (lm_sess_key && lm_sess_key->data) {
+		talloc_steal(mem_ctx, lm_sess_key->data);
+	}
+
+	TALLOC_FREE(tmp_ctx);
+	return nt_status;
+}
+
+
+
+static NTSTATUS authsam_check_password_internals(struct auth_method_context *ctx,
+						 TALLOC_CTX *mem_ctx,
+						 const struct auth_usersupplied_info *user_info,
+						 struct auth_user_info_dc **user_info_dc,
+						 struct authn_audit_info **client_audit_info_out,
+						 struct authn_audit_info **server_audit_info_out,
+						 bool *authoritative)
+{
+	NTSTATUS nt_status;
+	int result;
+	const char *account_name = user_info->mapped.account_name;
+	struct ldb_message *msg;
+	struct ldb_dn *domain_dn;
+	DATA_BLOB user_sess_key, lm_sess_key;
+	TALLOC_CTX *tmp_ctx;
+	const char *p = NULL;
+	struct auth_user_info_dc *reparented = NULL;
+	struct authn_audit_info *client_audit_info = NULL;
+	struct authn_audit_info *server_audit_info = NULL;
+
+	if (ctx->auth_ctx->sam_ctx == NULL) {
+		DEBUG(0, ("No SAM available, cannot log in users\n"));
+		return NT_STATUS_INVALID_SYSTEM_SERVICE;
+	}
+
+	if (!account_name || !*account_name) {
+		/* 'not for me' */
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (!tmp_ctx) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	domain_dn = ldb_get_default_basedn(ctx->auth_ctx->sam_ctx);
+	if (domain_dn == NULL) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_SUCH_DOMAIN;
+	}
+
+	/*
+	 * If we have not already mapped this user, then now is a good
+	 * time to do so, before we look it up.  We used to do this
+	 * earlier, but in a multi-forest environment we want to do
+	 * this mapping at the final domain.
+	 *
+	 * However, on the flip side we may have already mapped the
+	 * user if this was an LDAP simple bind, in which case we
+	 * really, really want to get back to exactly the same account
+	 * we got the DN for.
+	 */
+	if (!user_info->cracknames_called) {
+		p = strchr_m(account_name, '@');
+	} else {
+		/*
+		 * This is slightly nicer than double-indenting the
+		 * block below
+		 */
+		p = NULL;
+	}
+
+	if (p != NULL) {
+		const char *nt4_domain = NULL;
+		const char *nt4_account = NULL;
+		bool is_my_domain = false;
+
+		nt_status = crack_name_to_nt4_name(mem_ctx,
+						   ctx->auth_ctx->sam_ctx,
+						   /*
+						    * DRSUAPI_DS_NAME_FORMAT_UPN_FOR_LOGON ?
+						    */
+						   DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
+						   account_name,
+						   &nt4_domain, &nt4_account);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			talloc_free(tmp_ctx);
+			return NT_STATUS_NO_SUCH_USER;
+		}
+
+		is_my_domain = lpcfg_is_mydomain(ctx->auth_ctx->lp_ctx, nt4_domain);
+		if (!is_my_domain) {
+			/*
+			 * This is a user within our forest,
+			 * but in a different domain,
+			 * we're not authoritative
+			 */
+			talloc_free(tmp_ctx);
+			return NT_STATUS_NOT_IMPLEMENTED;
+		}
+
+		/*
+		 * Let's use the NT4 account name for the lookup.
+		 */
+		account_name = nt4_account;
+	}
+
+	nt_status = authsam_search_account(tmp_ctx, ctx->auth_ctx->sam_ctx, account_name, domain_dn, &msg);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(tmp_ctx);
+		return nt_status;
+	}
+
+	nt_status = authsam_make_user_info_dc(tmp_ctx, ctx->auth_ctx->sam_ctx,
+					     lpcfg_netbios_name(ctx->auth_ctx->lp_ctx),
+					     lpcfg_sam_name(ctx->auth_ctx->lp_ctx),
+					     lpcfg_sam_dnsname(ctx->auth_ctx->lp_ctx),
+					     domain_dn,
+					     msg,
+					     data_blob_null, data_blob_null,
+					     user_info_dc);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(tmp_ctx);
+		return nt_status;
+	}
+
+	result = dsdb_is_protected_user(ctx->auth_ctx->sam_ctx,
+					(*user_info_dc)->sids,
+					(*user_info_dc)->num_sids);
+	/*
+	 * We also consider an error result (a negative value) as denying the
+	 * authentication.
+	 */
+	if (result != 0) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_ACCOUNT_RESTRICTION;
+	}
+
+	nt_status = authsam_authenticate(ctx->auth_ctx,
+					 tmp_ctx,
+					 domain_dn,
+					 msg,
+					 user_info,
+					 *user_info_dc,
+					 &user_sess_key,
+					 &lm_sess_key,
+					 &client_audit_info,
+					 &server_audit_info,
+					 authoritative);
+	if (client_audit_info != NULL) {
+		*client_audit_info_out = talloc_move(mem_ctx, &client_audit_info);
+	}
+	if (server_audit_info != NULL) {
+		*server_audit_info_out = talloc_move(mem_ctx, &server_audit_info);
+	}
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(tmp_ctx);
+		return nt_status;
+	}
+
+	(*user_info_dc)->user_session_key = data_blob_talloc(*user_info_dc,
+							     user_sess_key.data,
+							     user_sess_key.length);
+	if (user_sess_key.data) {
+		if ((*user_info_dc)->user_session_key.data == NULL) {
+			TALLOC_FREE(tmp_ctx);
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
+	(*user_info_dc)->lm_session_key = data_blob_talloc(*user_info_dc,
+							   lm_sess_key.data,
+							   lm_sess_key.length);
+	if (lm_sess_key.data) {
+		if ((*user_info_dc)->lm_session_key.data == NULL) {
+			TALLOC_FREE(tmp_ctx);
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
+	/*
+	 * Release our handle to *user_info_dc. {client,server}_audit_info_out,
+	 * if non-NULL, becomes the new parent.
+	 */
+	reparented = talloc_reparent(tmp_ctx, mem_ctx, *user_info_dc);
+	if (reparented == NULL) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	talloc_free(tmp_ctx);
+
+	return NT_STATUS_OK;
+}
+
+struct authsam_check_password_state {
+	struct auth_user_info_dc *user_info_dc;
+	struct authn_audit_info *client_audit_info;
+	struct authn_audit_info *server_audit_info;
+	bool authoritative;
+};
+
+static struct tevent_req *authsam_check_password_send(
+	TALLOC_CTX *mem_ctx,
+	struct tevent_context *ev,
+	struct auth_method_context *ctx,
+	const struct auth_usersupplied_info *user_info)
+{
+	struct tevent_req *req = NULL;
+	struct authsam_check_password_state *state = NULL;
+	NTSTATUS status;
+
+	req = tevent_req_create(
+		mem_ctx, &state, struct authsam_check_password_state);
+	if (req == NULL) {
+		return NULL;
+	}
+	/*
+	 * authsam_check_password_internals() sets this to false in
+	 * the rodc case, otherwise it leaves it untouched. Default to
+	 * "we're authoritative".
+	 */
+	state->authoritative = true;
+
+	status = authsam_check_password_internals(
+		ctx,
+		state,
+		user_info,
+		&state->user_info_dc,
+		&state->client_audit_info,
+		&state->server_audit_info,
+		&state->authoritative);
+	if (tevent_req_nterror(req, status)) {
+		return tevent_req_post(req, ev);
+	}
+
+	tevent_req_done(req);
+	return tevent_req_post(req, ev);
+}
+
+static NTSTATUS authsam_check_password_recv(
+	struct tevent_req *req,
+	TALLOC_CTX *mem_ctx,
+	struct auth_user_info_dc **interim_info,
+	const struct authn_audit_info **client_audit_info,
+	const struct authn_audit_info **server_audit_info,
+	bool *authoritative)
+{
+	struct authsam_check_password_state *state = tevent_req_data(
+		req, struct authsam_check_password_state);
+	NTSTATUS status;
+
+	*authoritative = state->authoritative;
+
+	*client_audit_info = talloc_reparent(state, mem_ctx, state->client_audit_info);
+	state->client_audit_info = NULL;
+
+	*server_audit_info = talloc_reparent(state, mem_ctx, state->server_audit_info);
+	state->server_audit_info = NULL;
+
+	if (tevent_req_is_nterror(req, &status)) {
+		tevent_req_received(req);
+		return status;
+	}
+	/*
+	 * Release our handle to state->user_info_dc.
+	 * {client,server}_audit_info, if non-NULL, becomes the new parent.
+	 */
+	*interim_info = talloc_reparent(state, mem_ctx, state->user_info_dc);
+	state->user_info_dc = NULL;
+
+	tevent_req_received(req);
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS authsam_ignoredomain_want_check(struct auth_method_context *ctx,
+						TALLOC_CTX *mem_ctx,
+						const struct auth_usersupplied_info *user_info)
+{
+	if (!user_info->mapped.account_name || !*user_info->mapped.account_name) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/****************************************************************************
+Check SAM security (above) but with a few extra checks.
+****************************************************************************/
+static NTSTATUS authsam_want_check(struct auth_method_context *ctx,
+				   TALLOC_CTX *mem_ctx,
+				   const struct auth_usersupplied_info *user_info)
+{
+	const char *effective_domain = user_info->mapped.domain_name;
+	bool is_local_name = false;
+	bool is_my_domain = false;
+	const char *p = NULL;
+	struct dsdb_trust_routing_table *trt = NULL;
+	const struct lsa_TrustDomainInfoInfoEx *tdo = NULL;
+	NTSTATUS status;
+
+	if (!user_info->mapped.account_name || !*user_info->mapped.account_name) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	if (effective_domain == NULL) {
+		effective_domain = "";
+	}
+
+	is_local_name = lpcfg_is_myname(ctx->auth_ctx->lp_ctx,
+					effective_domain);
+
+	/* check whether or not we service this domain/workgroup name */
+	switch (lpcfg_server_role(ctx->auth_ctx->lp_ctx)) {
+	case ROLE_STANDALONE:
+		return NT_STATUS_OK;
+
+	case ROLE_DOMAIN_MEMBER:
+		if (is_local_name) {
+			return NT_STATUS_OK;
+		}
+
+		DBG_DEBUG("%s is not one of my local names (DOMAIN_MEMBER)\n",
+			  effective_domain);
+		return NT_STATUS_NOT_IMPLEMENTED;
+
+	case ROLE_ACTIVE_DIRECTORY_DC:
+		/* handled later */
+		break;
+
+	default:
+		DBG_ERR("lpcfg_server_role() has an undefined value\n");
+		return NT_STATUS_INVALID_SERVER_STATE;
+	}
+
+	/*
+	 * Now we handle the AD DC case...
+	 */
+
+	is_my_domain = lpcfg_is_my_domain_or_realm(ctx->auth_ctx->lp_ctx,
+						   effective_domain);
+	if (is_my_domain) {
+		return NT_STATUS_OK;
+	}
+
+	if (user_info->cracknames_called) {
+		/*
+		 * The caller already did a cracknames call.
+		 */
+		DBG_DEBUG("%s is not own domain name (DC)\n",
+			  effective_domain);
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	if (!strequal(effective_domain, "")) {
+		DBG_DEBUG("%s is not own domain name (DC)\n",
+			  effective_domain);
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	p = strchr_m(user_info->mapped.account_name, '@');
+	if (p == NULL) {
+		/*
+		 * An empty to domain name should be handled
+		 * as the local domain name.
+		 */
+		return NT_STATUS_OK;
+	}
+
+	effective_domain = p + 1;
+	is_my_domain = lpcfg_is_my_domain_or_realm(ctx->auth_ctx->lp_ctx,
+						   effective_domain);
+	if (is_my_domain) {
+		return NT_STATUS_OK;
+	}
+
+	if (strequal(effective_domain, "")) {
+		DBG_DEBUG("authsam_check_password: upn without realm (DC)\n");
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	/*
+	 * as last option we check the routing table if the
+	 * domain is within our forest.
+	 */
+	status = dsdb_trust_routing_table_load(ctx->auth_ctx->sam_ctx,
+					       mem_ctx, &trt);
+	if (!NT_STATUS_IS_OK(status)) {
+		DBG_ERR("authsam_check_password: dsdb_trust_routing_table_load() %s\n",
+			 nt_errstr(status));
+		return status;
+	}
+
+	tdo = dsdb_trust_routing_by_name(trt, effective_domain);
+	if (tdo == NULL) {
+		DBG_DEBUG("%s is not a known TLN (DC)\n",
+			  effective_domain);
+		TALLOC_FREE(trt);
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	if (!(tdo->trust_attributes & LSA_TRUST_ATTRIBUTE_WITHIN_FOREST)) {
+		DBG_DEBUG("%s is not a TLN in our forest (DC)\n",
+			  effective_domain);
+		TALLOC_FREE(trt);
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	/*
+	 * This principal is within our forest.
+	 * we'll later do a crack_name_to_nt4_name()
+	 * to check if it's in our domain.
+	 */
+	TALLOC_FREE(trt);
+	return NT_STATUS_OK;
+}
+
+static const struct auth_operations sam_ignoredomain_ops = {
+	.name		           = "sam_ignoredomain",
+	.want_check	           = authsam_ignoredomain_want_check,
+	.check_password_send	   = authsam_check_password_send,
+	.check_password_recv	   = authsam_check_password_recv,
+};
+
+static const struct auth_operations sam_ops = {
+	.name		           = "sam",
+	.want_check	           = authsam_want_check,
+	.check_password_send	   = authsam_check_password_send,
+	.check_password_recv	   = authsam_check_password_recv,
+};
+
+_PUBLIC_ NTSTATUS auth4_sam_init(TALLOC_CTX *);
+_PUBLIC_ NTSTATUS auth4_sam_init(TALLOC_CTX *ctx)
+{
+	NTSTATUS ret;
+
+	ret = auth_register(ctx, &sam_ops);
+	if (!NT_STATUS_IS_OK(ret)) {
+		DEBUG(0,("Failed to register 'sam' auth backend!\n"));
+		return ret;
+	}
+
+	ret = auth_register(ctx, &sam_ignoredomain_ops);
+	if (!NT_STATUS_IS_OK(ret)) {
+		DEBUG(0,("Failed to register 'sam_ignoredomain' auth backend!\n"));
+		return ret;
+	}
+
+	return ret;
+}
diff --git a/source4/auth/ntlm/auth_server_service.c b/source4/auth/ntlm/auth_server_service.c
new file mode 100644
index 0000000..7fbb1fe
--- /dev/null
+++ b/source4/auth/ntlm/auth_server_service.c
@@ -0,0 +1,29 @@
+/*
+   Unix SMB/CIFS implementation.
+   Password and authentication handling
+   Copyright (C) Andrew Bartlett         2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "auth/auth.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
+NTSTATUS server_service_auth_init(TALLOC_CTX *ctx)
+{
+	return auth4_init();
+}
diff --git a/source4/auth/ntlm/auth_simple.c b/source4/auth/ntlm/auth_simple.c
new file mode 100644
index 0000000..605ed9e
--- /dev/null
+++ b/source4/auth/ntlm/auth_simple.c
@@ -0,0 +1,221 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   auth functions
+
+   Copyright (C) Simo Sorce 2005
+   Copyright (C) Andrew Tridgell 2005
+   Copyright (C) Andrew Bartlett 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <tevent.h>
+#include "lib/util/tevent_ntstatus.h"
+#include "auth/auth.h"
+#include "dsdb/samdb/samdb.h"
+#include "lib/param/param.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
+struct authenticate_ldap_simple_bind_state {
+	bool using_tls;
+	struct auth4_context *auth_context;
+	struct auth_usersupplied_info *user_info;
+	struct auth_session_info *session_info;
+};
+
+static void authenticate_ldap_simple_bind_done(struct tevent_req *subreq);
+
+_PUBLIC_ struct tevent_req *authenticate_ldap_simple_bind_send(TALLOC_CTX *mem_ctx,
+					struct tevent_context *ev,
+					struct imessaging_context *msg,
+					struct loadparm_context *lp_ctx,
+					struct tsocket_address *remote_address,
+					struct tsocket_address *local_address,
+					bool using_tls,
+					const char *dn,
+					const char *password)
+{
+	struct tevent_req *req = NULL;
+	struct authenticate_ldap_simple_bind_state *state = NULL;
+	struct auth_usersupplied_info *user_info = NULL;
+	const char *nt4_domain = NULL;
+	const char *nt4_username = NULL;
+	struct tevent_req *subreq = NULL;
+	NTSTATUS status;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct authenticate_ldap_simple_bind_state);
+	if (req == NULL) {
+		return NULL;
+	}
+	state->using_tls = using_tls;
+
+	status = auth_context_create(state, ev, msg, lp_ctx,
+				     &state->auth_context);
+	if (tevent_req_nterror(req, status)) {
+		return tevent_req_post(req, ev);
+	}
+
+	user_info = talloc_zero(state, struct auth_usersupplied_info);
+	if (tevent_req_nomem(user_info, req)) {
+		return tevent_req_post(req, ev);
+	}
+	state->user_info = user_info;
+
+	user_info->client.account_name = dn;
+	/* No client.domain_name, use account_name instead */
+	/* user_info->mapped.* will be filled below */
+
+	user_info->workstation_name = lpcfg_netbios_name(lp_ctx);
+
+	user_info->remote_host = remote_address;
+	user_info->local_host = local_address;
+
+	user_info->service_description = "LDAP";
+
+	if (using_tls) {
+		user_info->auth_description = "simple bind/TLS";
+	} else {
+		user_info->auth_description = "simple bind";
+	}
+
+	user_info->password_state = AUTH_PASSWORD_PLAIN;
+	user_info->password.plaintext = talloc_strdup(user_info, password);
+	if (tevent_req_nomem(user_info->password.plaintext, req)) {
+		return tevent_req_post(req, ev);
+	}
+
+	user_info->flags = USER_INFO_CASE_INSENSITIVE_USERNAME |
+		USER_INFO_DONT_CHECK_UNIX_ACCOUNT;
+
+	user_info->logon_parameters =
+		MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT |
+		MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT |
+		MSV1_0_CLEARTEXT_PASSWORD_ALLOWED |
+		MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED;
+
+	status = crack_auto_name_to_nt4_name(state, state->auth_context->sam_ctx,
+					     dn, &nt4_domain, &nt4_username);
+	if (!NT_STATUS_IS_OK(status)) {
+		log_authentication_event(msg, lp_ctx,
+					 &state->auth_context->start_time,
+					 user_info, status,
+					 NULL, NULL, NULL,
+					 NULL /* client_audit_info */,
+					 NULL /* server_audit_info */);
+	}
+	if (tevent_req_nterror(req, status)) {
+		return tevent_req_post(req, ev);
+	}
+
+	user_info->orig_client = user_info->client;
+	user_info->client.account_name = nt4_username;
+	user_info->client.domain_name = nt4_domain;
+	user_info->cracknames_called = true;
+
+	subreq = auth_check_password_send(state, ev,
+					  state->auth_context,
+					  state->user_info);
+	if (tevent_req_nomem(subreq, req)) {
+		return tevent_req_post(req, ev);
+	}
+	tevent_req_set_callback(subreq, authenticate_ldap_simple_bind_done, req);
+
+	return req;
+}
+
+static void authenticate_ldap_simple_bind_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req =
+		tevent_req_callback_data(subreq,
+		struct tevent_req);
+	struct authenticate_ldap_simple_bind_state *state =
+		tevent_req_data(req,
+		struct authenticate_ldap_simple_bind_state);
+	struct auth4_context *auth_context = state->auth_context;
+	struct auth_usersupplied_info *user_info = state->user_info;
+	const char *nt4_username = user_info->mapped.account_name;
+	const struct tsocket_address *remote_address = user_info->remote_host;
+	const struct tsocket_address *local_address = user_info->local_host;
+	const char *transport_protection = AUTHZ_TRANSPORT_PROTECTION_NONE;
+	struct auth_user_info_dc *user_info_dc = NULL;
+	uint8_t authoritative = 1;
+	uint32_t flags = 0;
+	NTSTATUS nt_status;
+
+	if (state->using_tls) {
+		transport_protection = AUTHZ_TRANSPORT_PROTECTION_TLS;
+	}
+
+	nt_status = auth_check_password_recv(subreq, state,
+					     &user_info_dc,
+					     &authoritative);
+	TALLOC_FREE(subreq);
+	if (tevent_req_nterror(req, nt_status)) {
+		return;
+	}
+
+	flags = AUTH_SESSION_INFO_DEFAULT_GROUPS;
+	if (!(user_info_dc->info->user_flags & NETLOGON_GUEST)) {
+		flags |= AUTH_SESSION_INFO_AUTHENTICATED;
+	}
+
+	nt_status = auth_context->generate_session_info(auth_context,
+							state,
+							user_info_dc,
+							nt4_username,
+							flags,
+							&state->session_info);
+	if (tevent_req_nterror(req, nt_status)) {
+		return;
+	}
+
+	log_successful_authz_event(auth_context->msg_ctx,
+				   auth_context->lp_ctx,
+				   remote_address,
+				   local_address,
+				   "LDAP",
+				   "simple bind",
+				   transport_protection,
+				   state->session_info,
+				   NULL /* client_audit_info */,
+				   NULL /* server_audit_info */);
+
+	tevent_req_done(req);
+}
+
+_PUBLIC_ NTSTATUS authenticate_ldap_simple_bind_recv(struct tevent_req *req,
+					TALLOC_CTX *mem_ctx,
+					struct auth_session_info **session_info)
+{
+	struct authenticate_ldap_simple_bind_state *state =
+		tevent_req_data(req,
+		struct authenticate_ldap_simple_bind_state);
+	NTSTATUS status;
+
+	*session_info = NULL;
+
+	if (tevent_req_is_nterror(req, &status)) {
+		tevent_req_received(req);
+		return status;
+	}
+
+	*session_info = talloc_move(mem_ctx, &state->session_info);
+	tevent_req_received(req);
+	return NT_STATUS_OK;
+}
diff --git a/source4/auth/ntlm/auth_util.c b/source4/auth/ntlm/auth_util.c
new file mode 100644
index 0000000..58e97fb
--- /dev/null
+++ b/source4/auth/ntlm/auth_util.c
@@ -0,0 +1,183 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Authentication utility functions
+   Copyright (C) Andrew Tridgell 1992-1998
+   Copyright (C) Andrew Bartlett 2001
+   Copyright (C) Jeremy Allison 2000-2001
+   Copyright (C) Rafal Szczesniak 2002
+   Copyright (C) Stefan Metzmacher 2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "auth/auth.h"
+#include "libcli/auth/libcli_auth.h"
+#include "param/param.h"
+#include "auth/ntlm/auth_proto.h"
+#include "librpc/gen_ndr/drsuapi.h"
+#include "dsdb/samdb/samdb.h"
+#include "lib/crypto/gnutls_helpers.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
+/****************************************************************************
+ Create an auth_usersupplied_data structure after appropriate mapping.
+****************************************************************************/
+
+NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth4_context *auth_context, 
+			   enum auth_password_state to_state,
+			   const struct auth_usersupplied_info *user_info_in,
+			   const struct auth_usersupplied_info **user_info_encrypted)
+{
+	int rc;
+	NTSTATUS nt_status;
+	struct auth_usersupplied_info *user_info_temp;
+	switch (to_state) {
+	case AUTH_PASSWORD_RESPONSE:
+		switch (user_info_in->password_state) {
+		case AUTH_PASSWORD_PLAIN:
+		{
+			const struct auth_usersupplied_info *user_info_temp2;
+			nt_status = encrypt_user_info(mem_ctx, auth_context, 
+						      AUTH_PASSWORD_HASH, 
+						      user_info_in, &user_info_temp2);
+			if (!NT_STATUS_IS_OK(nt_status)) {
+				return nt_status;
+			}
+			user_info_in = user_info_temp2;
+
+			FALL_THROUGH;
+		}
+		case AUTH_PASSWORD_HASH:
+		{
+			uint8_t chal[8];
+			DATA_BLOB chall_blob;
+			user_info_temp = talloc_zero(mem_ctx, struct auth_usersupplied_info);
+			if (!user_info_temp) {
+				return NT_STATUS_NO_MEMORY;
+			}
+			if (!talloc_reference(user_info_temp, user_info_in)) {
+				return NT_STATUS_NO_MEMORY;
+			}
+			*user_info_temp = *user_info_in;
+			user_info_temp->password_state = to_state;
+			
+			nt_status = auth_get_challenge(auth_context, chal);
+			if (!NT_STATUS_IS_OK(nt_status)) {
+				return nt_status;
+			}
+			
+			chall_blob = data_blob_talloc(mem_ctx, chal, 8);
+			if (lpcfg_client_ntlmv2_auth(auth_context->lp_ctx)) {
+				DATA_BLOB names_blob = NTLMv2_generate_names_blob(mem_ctx,  lpcfg_netbios_name(auth_context->lp_ctx), lpcfg_workgroup(auth_context->lp_ctx));
+				DATA_BLOB lmv2_response, ntlmv2_response, lmv2_session_key, ntlmv2_session_key;
+				
+				if (!SMBNTLMv2encrypt_hash(user_info_temp,
+							   user_info_in->client.account_name, 
+							   user_info_in->client.domain_name, 
+							   user_info_in->password.hash.nt->hash,
+							   &chall_blob,
+							   NULL, /* server_timestamp */
+							   &names_blob,
+							   &lmv2_response, &ntlmv2_response, 
+							   &lmv2_session_key, &ntlmv2_session_key)) {
+					data_blob_free(&names_blob);
+					return NT_STATUS_NO_MEMORY;
+				}
+				data_blob_free(&names_blob);
+				user_info_temp->password.response.lanman = lmv2_response;
+				user_info_temp->password.response.nt = ntlmv2_response;
+				
+				data_blob_free(&lmv2_session_key);
+				data_blob_free(&ntlmv2_session_key);
+			} else {
+				DATA_BLOB blob = data_blob_talloc(mem_ctx, NULL, 24);
+				rc = SMBOWFencrypt(user_info_in->password.hash.nt->hash, chal, blob.data);
+				if (rc != 0) {
+					return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
+				}
+				user_info_temp->password.response.nt = blob;
+				if (lpcfg_client_lanman_auth(auth_context->lp_ctx) && user_info_in->password.hash.lanman) {
+					DATA_BLOB lm_blob = data_blob_talloc(mem_ctx, NULL, 24);
+					rc = SMBOWFencrypt(user_info_in->password.hash.lanman->hash, chal, blob.data);
+					if (rc != 0) {
+						return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
+					}
+					user_info_temp->password.response.lanman = lm_blob;
+				} else {
+					/* if not sending the LM password, send the NT password twice */
+					user_info_temp->password.response.lanman = user_info_temp->password.response.nt;
+				}
+			}
+
+			user_info_in = user_info_temp;
+
+			FALL_THROUGH;
+		}
+		case AUTH_PASSWORD_RESPONSE:
+			*user_info_encrypted = user_info_in;
+		}
+		break;
+	case AUTH_PASSWORD_HASH:
+	{	
+		switch (user_info_in->password_state) {
+		case AUTH_PASSWORD_PLAIN:
+		{
+			struct samr_Password lanman;
+			struct samr_Password nt;
+			
+			user_info_temp = talloc_zero(mem_ctx, struct auth_usersupplied_info);
+			if (!user_info_temp) {
+				return NT_STATUS_NO_MEMORY;
+			}
+			if (!talloc_reference(user_info_temp, user_info_in)) {
+				return NT_STATUS_NO_MEMORY;
+			}
+			*user_info_temp = *user_info_in;
+			user_info_temp->password_state = to_state;
+			
+			if (E_deshash(user_info_in->password.plaintext, lanman.hash)) {
+				user_info_temp->password.hash.lanman = talloc(user_info_temp,
+									      struct samr_Password);
+				*user_info_temp->password.hash.lanman = lanman;
+			} else {
+				user_info_temp->password.hash.lanman = NULL;
+			}
+			
+			E_md4hash(user_info_in->password.plaintext, nt.hash);
+			user_info_temp->password.hash.nt = talloc(user_info_temp,
+								   struct samr_Password);
+			*user_info_temp->password.hash.nt = nt;
+			
+			user_info_in = user_info_temp;
+
+			FALL_THROUGH;
+		}
+		case AUTH_PASSWORD_HASH:
+			*user_info_encrypted = user_info_in;
+			break;
+		default:
+			return NT_STATUS_INVALID_PARAMETER;
+			break;
+		}
+		break;
+	}
+	default:
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/auth/ntlm/auth_winbind.c b/source4/auth/ntlm/auth_winbind.c
new file mode 100644
index 0000000..2b1cc51
--- /dev/null
+++ b/source4/auth/ntlm/auth_winbind.c
@@ -0,0 +1,326 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Winbind authentication mechanism
+
+   Copyright (C) Tim Potter 2000
+   Copyright (C) Andrew Bartlett 2001 - 2002
+   Copyright (C) Stefan Metzmacher 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <tevent.h>
+#include "../lib/util/tevent_ntstatus.h"
+#include "auth/auth.h"
+#include "auth/ntlm/auth_proto.h"
+#include "librpc/gen_ndr/ndr_winbind_c.h"
+#include "lib/messaging/irpc.h"
+#include "param/param.h"
+#include "nsswitch/libwbclient/wbclient.h"
+#include "auth/auth_sam_reply.h"
+#include "libcli/security/security.h"
+#include "dsdb/samdb/samdb.h"
+#include "auth/auth_sam.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
+_PUBLIC_ NTSTATUS auth4_winbind_init(TALLOC_CTX *);
+
+static NTSTATUS winbind_want_check(struct auth_method_context *ctx,
+				   TALLOC_CTX *mem_ctx,
+				   const struct auth_usersupplied_info *user_info)
+{
+	if (!user_info->mapped.account_name || !*user_info->mapped.account_name) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	/* TODO: maybe limit the user scope to remote users only */
+	return NT_STATUS_OK;
+}
+
+struct winbind_check_password_state {
+	struct auth_method_context *ctx;
+	const struct auth_usersupplied_info *user_info;
+	struct winbind_SamLogon req;
+	struct auth_user_info_dc *user_info_dc;
+	bool authoritative;
+};
+
+static void winbind_check_password_done(struct tevent_req *subreq);
+
+/*
+ Authenticate a user with a challenge/response
+ using IRPC to the winbind task
+*/
+static struct tevent_req *winbind_check_password_send(TALLOC_CTX *mem_ctx,
+				struct tevent_context *ev,
+				struct auth_method_context *ctx,
+				const struct auth_usersupplied_info *user_info)
+{
+	struct tevent_req *req = NULL;
+	struct winbind_check_password_state *state = NULL;
+	NTSTATUS status;
+	struct dcerpc_binding_handle *irpc_handle;
+	const struct auth_usersupplied_info *user_info_new;
+	struct netr_IdentityInfo *identity_info;
+	struct imessaging_context *msg_ctx;
+	struct tevent_req *subreq = NULL;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct winbind_check_password_state);
+	if (req == NULL) {
+		return NULL;
+	}
+	state->ctx = ctx;
+	state->user_info = user_info;
+	state->authoritative = true;
+
+	msg_ctx = imessaging_client_init(state, ctx->auth_ctx->lp_ctx, ev);
+	if (msg_ctx == NULL) {
+		DEBUG(1, ("imessaging_init failed\n"));
+		tevent_req_nterror(req, NT_STATUS_INVALID_SERVER_STATE);
+		return tevent_req_post(req, ev);
+	}
+
+	irpc_handle = irpc_binding_handle_by_name(state, msg_ctx,
+						  "winbind_server",
+						  &ndr_table_winbind);
+	if (irpc_handle == NULL) {
+		DEBUG(0, ("Winbind authentication for [%s]\\[%s] failed, " 
+			  "no winbind_server running!\n",
+			  user_info->client.domain_name, user_info->client.account_name));
+		tevent_req_nterror(req, NT_STATUS_NO_LOGON_SERVERS);
+		return tevent_req_post(req, ev);
+	}
+
+	/*
+	 * 120 seconds should be enough even for trusted domains.
+	 *
+	 * Currently winbindd has a much lower limit.
+	 * And tests with Windows RODCs show that it
+	 * returns NO_LOGON_SERVERS after 90-100 seconds
+	 * if it can't reach any RWDC.
+	 */
+	dcerpc_binding_handle_set_timeout(irpc_handle, 120);
+
+	if (user_info->flags & USER_INFO_INTERACTIVE_LOGON) {
+		struct netr_PasswordInfo *password_info;
+
+		status = encrypt_user_info(state, ctx->auth_ctx, AUTH_PASSWORD_HASH,
+					   user_info, &user_info_new);
+		if (tevent_req_nterror(req, status)) {
+			return tevent_req_post(req, ev);
+		}
+		user_info = user_info_new;
+
+		password_info = talloc_zero(state, struct netr_PasswordInfo);
+		if (tevent_req_nomem(password_info, req)) {
+			return tevent_req_post(req, ev);
+		}
+
+		password_info->lmpassword = *user_info->password.hash.lanman;
+		password_info->ntpassword = *user_info->password.hash.nt;
+
+		identity_info = &password_info->identity_info;
+		state->req.in.logon_level	= 1;
+		state->req.in.logon.password= password_info;
+	} else {
+		struct netr_NetworkInfo *network_info;
+		uint8_t chal[8];
+
+		status = encrypt_user_info(state, ctx->auth_ctx, AUTH_PASSWORD_RESPONSE,
+					   user_info, &user_info_new);
+		if (tevent_req_nterror(req, status)) {
+			return tevent_req_post(req, ev);
+		}
+		user_info = user_info_new;
+
+		network_info = talloc_zero(state, struct netr_NetworkInfo);
+		if (tevent_req_nomem(network_info, req)) {
+			return tevent_req_post(req, ev);
+		}
+
+		status = auth_get_challenge(ctx->auth_ctx, chal);
+		if (tevent_req_nterror(req, status)) {
+			return tevent_req_post(req, ev);
+		}
+
+		memcpy(network_info->challenge, chal, sizeof(network_info->challenge));
+
+		network_info->nt.length = user_info->password.response.nt.length;
+		network_info->nt.data	= user_info->password.response.nt.data;
+
+		network_info->lm.length = user_info->password.response.lanman.length;
+		network_info->lm.data	= user_info->password.response.lanman.data;
+
+		identity_info = &network_info->identity_info;
+		state->req.in.logon_level	= 2;
+		state->req.in.logon.network = network_info;
+	}
+
+	identity_info->domain_name.string	= user_info->client.domain_name;
+	identity_info->parameter_control	= user_info->logon_parameters; /* see MSV1_0_* */
+	identity_info->logon_id			= user_info->logon_id;
+	identity_info->account_name.string	= user_info->client.account_name;
+	identity_info->workstation.string	= user_info->workstation_name;
+
+	state->req.in.validation_level = 6;
+
+	subreq = dcerpc_winbind_SamLogon_r_send(state, ev, irpc_handle,
+						&state->req);
+	if (tevent_req_nomem(subreq, req)) {
+		return tevent_req_post(req, ev);
+	}
+	tevent_req_set_callback(subreq,
+				winbind_check_password_done,
+				req);
+
+	return req;
+}
+
+static void winbind_check_password_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req =
+		tevent_req_callback_data(subreq,
+		struct tevent_req);
+	struct winbind_check_password_state *state =
+		tevent_req_data(req,
+		struct winbind_check_password_state);
+	struct auth_method_context *ctx = state->ctx;
+	const struct auth_usersupplied_info *user_info = state->user_info;
+	struct ldb_dn *domain_dn = NULL;
+	const char *nt4_domain = NULL;
+	const char *nt4_account = NULL;
+	struct ldb_message *msg = NULL;
+	NTSTATUS status;
+
+	status = dcerpc_winbind_SamLogon_r_recv(subreq, state);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
+		status = NT_STATUS_NO_LOGON_SERVERS;
+	}
+	TALLOC_FREE(subreq);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	status = state->req.out.result;
+	if (!NT_STATUS_IS_OK(status)) {
+		if (!state->req.out.authoritative) {
+			state->authoritative = false;
+		}
+		tevent_req_nterror(req, status);
+		return;
+	}
+
+	status = make_user_info_dc_netlogon_validation(state,
+						      user_info->client.account_name,
+						      state->req.in.validation_level,
+						      &state->req.out.validation,
+						      true, /* This user was authenticated */
+						      &state->user_info_dc);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	nt4_domain = state->user_info_dc->info->domain_name;
+	nt4_account = state->user_info_dc->info->account_name;
+
+	if (lpcfg_is_mydomain(ctx->auth_ctx->lp_ctx, nt4_domain)) {
+		domain_dn = ldb_get_default_basedn(ctx->auth_ctx->sam_ctx);
+	}
+
+	if (domain_dn != NULL) {
+		/*
+		 * At best, reset the badPwdCount to 0 if the account exists.
+		 * This means that lockouts happen at a badPwdCount earlier than
+		 * normal, but makes it more fault tolerant.
+		 */
+		status = authsam_search_account(state, ctx->auth_ctx->sam_ctx,
+						nt4_account, domain_dn, &msg);
+		if (NT_STATUS_IS_OK(status)) {
+			status = authsam_logon_success_accounting(
+				ctx->auth_ctx->sam_ctx, msg,
+				domain_dn,
+				user_info->flags & USER_INFO_INTERACTIVE_LOGON,
+				NULL, NULL);
+			if (tevent_req_nterror(req, status)) {
+				return;
+			}
+		}
+	}
+
+	/*
+	 * We need to expand group memberships within our local domain,
+	 * as the token might be generated by a trusted domain, unless we're
+	 * an RODC.
+	 */
+	status = authsam_update_user_info_dc(state->user_info_dc,
+					     ctx->auth_ctx->sam_ctx,
+					     state->user_info_dc);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	tevent_req_done(req);
+}
+
+static NTSTATUS winbind_check_password_recv(struct tevent_req *req,
+					    TALLOC_CTX *mem_ctx,
+					    struct auth_user_info_dc **user_info_dc,
+					    const struct authn_audit_info **client_audit_info,
+					    const struct authn_audit_info **server_audit_info,
+					    bool *pauthoritative)
+{
+	struct winbind_check_password_state *state =
+		tevent_req_data(req,
+		struct winbind_check_password_state);
+	NTSTATUS status = NT_STATUS_OK;
+
+	*pauthoritative = state->authoritative;
+	*client_audit_info = NULL;
+	*server_audit_info = NULL;
+
+	if (tevent_req_is_nterror(req, &status)) {
+		tevent_req_received(req);
+		return status;
+	}
+
+	*user_info_dc = talloc_move(mem_ctx, &state->user_info_dc);
+
+	tevent_req_received(req);
+	return NT_STATUS_OK;
+}
+
+static const struct auth_operations winbind_ops = {
+	.name			= "winbind",
+	.want_check		= winbind_want_check,
+	.check_password_send	= winbind_check_password_send,
+	.check_password_recv	= winbind_check_password_recv
+};
+
+_PUBLIC_ NTSTATUS auth4_winbind_init(TALLOC_CTX *ctx)
+{
+	NTSTATUS ret;
+
+	ret = auth_register(ctx, &winbind_ops);
+	if (!NT_STATUS_IS_OK(ret)) {
+		DEBUG(0,("Failed to register 'winbind' auth backend!\n"));
+		return ret;
+	}
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/auth/ntlm/wscript_build b/source4/auth/ntlm/wscript_build
new file mode 100644
index 0000000..0698f6b
--- /dev/null
+++ b/source4/auth/ntlm/wscript_build
@@ -0,0 +1,51 @@
+#!/usr/bin/env python
+
+bld.SAMBA_MODULE('auth4_sam_module',
+	source='auth_sam.c',
+	subsystem='auth4',
+	init_function='auth4_sam_init',
+	deps='samdb auth4_sam NTLMSSP_COMMON samba-hostconfig RPC_NDR_IRPC MESSAGING db-glue authn_policy_util',
+	enabled=bld.AD_DC_BUILD_IS_ENABLED()
+	)
+
+
+bld.SAMBA_MODULE('auth4_anonymous',
+	source='auth_anonymous.c',
+	subsystem='auth4',
+	init_function='auth4_anonymous_init',
+	deps='tevent'
+	)
+
+
+bld.SAMBA_MODULE('auth4_winbind',
+	source='auth_winbind.c',
+	subsystem='auth4',
+	init_function='auth4_winbind_init',
+	deps='RPC_NDR_WINBIND MESSAGING wbclient'
+	)
+
+
+bld.SAMBA_MODULE('auth4_developer',
+	source='auth_developer.c',
+	subsystem='auth4',
+	init_function='auth4_developer_init',
+	deps='tevent',
+        enabled=bld.env.DEVELOPER_MODE
+	)
+
+
+bld.SAMBA_LIBRARY('auth4',
+	source='auth.c auth_util.c auth_simple.c',
+	autoproto='auth_proto.h',
+	deps='samba-util samba-security samdb samba-credentials tevent-util LIBWBCLIENT_OLD auth_unix_token samba-modules KERBEROS_UTIL',
+	private_library=True
+	)
+
+bld.SAMBA_MODULE('service_auth',
+	source='auth_server_service.c',
+	subsystem='service',
+	init_function='server_service_auth_init',
+	deps='auth4',
+	internal_module=True
+	)
+
diff --git a/source4/auth/pyauth.c b/source4/auth/pyauth.c
new file mode 100644
index 0000000..498b52e
--- /dev/null
+++ b/source4/auth/pyauth.c
@@ -0,0 +1,507 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2008
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2011
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "lib/replace/system/python.h"
+#include "python/py3compat.h"
+#include "includes.h"
+#include "python/modules.h"
+#include "libcli/util/pyerrors.h"
+#include "param/param.h"
+#include "pyauth.h"
+#include "pyldb.h"
+#include "auth/system_session_proto.h"
+#include "auth/auth.h"
+#include "auth/auth_util.h"
+#include "param/pyparam.h"
+#include "libcli/security/security.h"
+#include "auth/credentials/pycredentials.h"
+#include <tevent.h>
+#include "librpc/rpc/pyrpc_util.h"
+#include "lib/events/events.h"
+
+static PyTypeObject PyAuthContext;
+
+static PyObject *PyAuthSession_FromSession(struct auth_session_info *session)
+{
+	return py_return_ndr_struct("samba.dcerpc.auth", "session_info", session, session);
+}
+
+static PyObject *py_copy_session_info(PyObject *module,
+				      PyObject *args,
+				      PyObject *kwargs)
+{
+	PyObject *py_session = Py_None;
+	PyObject *result = Py_None;
+	struct auth_session_info *session = NULL;
+	struct auth_session_info *session_duplicate = NULL;
+	TALLOC_CTX *frame;
+	int ret = 1;
+
+	const char * const kwnames[] = { "session_info", NULL };
+
+	ret = PyArg_ParseTupleAndKeywords(args,
+					  kwargs,
+					  "O",
+					  discard_const_p(char *, kwnames),
+					  &py_session);
+	if (!ret) {
+		return NULL;
+	}
+
+	ret = py_check_dcerpc_type(py_session,
+				   "samba.dcerpc.auth",
+				   "session_info");
+	if (!ret) {
+		return NULL;
+	}
+	session = pytalloc_get_type(py_session,
+				    struct auth_session_info);
+	if (!session) {
+		PyErr_Format(PyExc_TypeError,
+			     "Expected auth_session_info for session_info "
+			     "argument got %s",
+			     pytalloc_get_name(py_session));
+		return NULL;
+	}
+
+	frame = talloc_stackframe();
+	if (frame == NULL) {
+		return PyErr_NoMemory();
+	}
+
+	session_duplicate = copy_session_info(frame, session);
+	if (session_duplicate == NULL) {
+		TALLOC_FREE(frame);
+		return PyErr_NoMemory();
+	}
+
+	result = PyAuthSession_FromSession(session_duplicate);
+	TALLOC_FREE(frame);
+	return result;
+}
+
+static PyObject *py_system_session(PyObject *module, PyObject *args)
+{
+	PyObject *py_lp_ctx = Py_None;
+	struct loadparm_context *lp_ctx = NULL;
+	struct auth_session_info *session;
+	TALLOC_CTX *mem_ctx;
+	if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
+		return NULL;
+
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
+	if (lp_ctx == NULL) {
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	session = system_session(lp_ctx);
+
+	talloc_free(mem_ctx);
+
+	return PyAuthSession_FromSession(session);
+}
+
+
+static PyObject *py_admin_session(PyObject *module, PyObject *args)
+{
+	PyObject *py_lp_ctx;
+	const char *sid;
+	struct loadparm_context *lp_ctx = NULL;
+	struct auth_session_info *session;
+	struct dom_sid *domain_sid = NULL;
+	TALLOC_CTX *mem_ctx;
+
+	if (!PyArg_ParseTuple(args, "Os", &py_lp_ctx, &sid))
+		return NULL;
+
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
+	if (lp_ctx == NULL) {
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	domain_sid = dom_sid_parse_talloc(mem_ctx, sid);
+	if (domain_sid == NULL) {
+		PyErr_Format(PyExc_RuntimeError, "Unable to parse sid %s", sid);
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+	session = admin_session(NULL, lp_ctx, domain_sid);
+	talloc_free(mem_ctx);
+
+	return PyAuthSession_FromSession(session);
+}
+
+static PyObject *py_user_session(PyObject *module, PyObject *args, PyObject *kwargs)
+{
+	NTSTATUS nt_status;
+	struct auth_session_info *session;
+	TALLOC_CTX *mem_ctx;
+	const char * const kwnames[] = { "ldb", "lp_ctx", "principal", "dn", "session_info_flags", NULL };
+	struct ldb_context *ldb_ctx;
+	PyObject *py_ldb = Py_None;
+	PyObject *py_dn = Py_None;
+	PyObject *py_lp_ctx = Py_None;
+	struct loadparm_context *lp_ctx = NULL;
+	struct ldb_dn *user_dn;
+	char *principal = NULL;
+	int session_info_flags = 0; /* This is an int, because that's
+				 * what we need for the python
+				 * PyArg_ParseTupleAndKeywords */
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "O|OzOi",
+					 discard_const_p(char *, kwnames),
+					 &py_ldb, &py_lp_ctx, &principal, &py_dn, &session_info_flags)) {
+		return NULL;
+	}
+
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	ldb_ctx = pyldb_Ldb_AsLdbContext(py_ldb);
+	if (ldb_ctx == NULL) {
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	if (py_dn == Py_None) {
+		user_dn = NULL;
+	} else {
+		if (!pyldb_Object_AsDn(ldb_ctx, py_dn, ldb_ctx, &user_dn)) {
+			talloc_free(mem_ctx);
+			return NULL;
+		}
+	}
+
+	lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
+	if (lp_ctx == NULL) {
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	nt_status = authsam_get_session_info_principal(mem_ctx, lp_ctx, ldb_ctx, principal, user_dn,
+						       session_info_flags, &session);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(mem_ctx);
+		PyErr_NTSTATUS_IS_ERR_RAISE(nt_status);
+	}
+
+	talloc_steal(NULL, session);
+	talloc_free(mem_ctx);
+
+	return PyAuthSession_FromSession(session);
+}
+
+static PyObject *py_session_info_fill_unix(PyObject *module,
+					   PyObject *args,
+					   PyObject *kwargs)
+{
+	NTSTATUS nt_status;
+	char *user_name = NULL;
+	struct loadparm_context *lp_ctx = NULL;
+	struct auth_session_info *session_info;
+	PyObject *py_lp_ctx = Py_None;
+	PyObject *py_session = Py_None;
+	TALLOC_CTX *frame;
+
+	const char * const kwnames[] = { "session_info",
+					 "user_name",
+					 "lp_ctx",
+					 NULL };
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "Oz|O",
+					 discard_const_p(char *, kwnames),
+					 &py_session,
+					 &user_name,
+					 &py_lp_ctx)) {
+		return NULL;
+	}
+
+	if (!py_check_dcerpc_type(py_session,
+				  "samba.dcerpc.auth",
+				  "session_info")) {
+		return NULL;
+	}
+	session_info = pytalloc_get_type(py_session,
+					 struct auth_session_info);
+	if (!session_info) {
+		PyErr_Format(PyExc_TypeError,
+			     "Expected auth_session_info for session_info argument got %s",
+			     pytalloc_get_name(py_session));
+		return NULL;
+	}
+
+	frame = talloc_stackframe();
+	
+	lp_ctx = lpcfg_from_py_object(frame, py_lp_ctx);
+	if (lp_ctx == NULL) {
+		TALLOC_FREE(frame);
+		return NULL;
+	}
+
+	nt_status = auth_session_info_fill_unix(lp_ctx,
+					       user_name,
+					       session_info);
+	TALLOC_FREE(frame);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		PyErr_NTSTATUS_IS_ERR_RAISE(nt_status);
+	}
+
+	Py_RETURN_NONE;
+}
+
+
+static PyObject *py_session_info_set_unix(PyObject *module,
+					  PyObject *args,
+					  PyObject *kwargs)
+{
+	NTSTATUS nt_status;
+	char *user_name = NULL;
+	int uid = -1;
+	int gid = -1;
+	struct loadparm_context *lp_ctx = NULL;
+	struct auth_session_info *session_info;
+	PyObject *py_lp_ctx = Py_None;
+	PyObject *py_session = Py_None;
+	TALLOC_CTX *frame;
+
+	const char * const kwnames[] = { "session_info",
+					 "user_name",
+					 "uid",
+					 "gid",
+					 "lp_ctx",
+					 NULL };
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "Ozii|O",
+					 discard_const_p(char *, kwnames),
+					 &py_session,
+					 &user_name,
+					 &uid,
+					 &gid,
+					 &py_lp_ctx)) {
+		return NULL;
+	}
+
+	if (!py_check_dcerpc_type(py_session,
+				  "samba.dcerpc.auth",
+				  "session_info")) {
+		return NULL;
+	}
+	session_info = pytalloc_get_type(py_session,
+					 struct auth_session_info);
+	if (!session_info) {
+		PyErr_Format(PyExc_TypeError,
+			     "Expected auth_session_info for session_info "
+			     "argument got %s",
+			     pytalloc_get_name(py_session));
+		return NULL;
+	}
+
+	frame = talloc_stackframe();
+
+	lp_ctx = lpcfg_from_py_object(frame, py_lp_ctx);
+	if (lp_ctx == NULL) {
+		TALLOC_FREE(frame);
+		return NULL;
+	}
+
+	nt_status = auth_session_info_set_unix(lp_ctx,
+					       user_name,
+					       uid,
+					       gid,
+					       session_info);
+	TALLOC_FREE(frame);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		PyErr_NTSTATUS_IS_ERR_RAISE(nt_status);
+	}
+
+	Py_RETURN_NONE;
+}
+
+
+static PyObject *PyAuthContext_FromContext(struct auth4_context *auth_context)
+{
+	return pytalloc_reference(&PyAuthContext, auth_context);
+}
+
+static PyObject *py_auth_context_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
+{
+	PyObject *py_lp_ctx = Py_None;
+	PyObject *py_ldb = Py_None;
+	PyObject *py_auth_context = Py_None;
+	PyObject *py_methods = Py_None;
+	TALLOC_CTX *mem_ctx;
+	struct auth4_context *auth_context;
+	struct loadparm_context *lp_ctx;
+	struct tevent_context *ev;
+	struct ldb_context *ldb = NULL;
+	NTSTATUS nt_status;
+	const char *const *methods;
+
+	const char *const kwnames[] = {"lp_ctx", "ldb", "methods", NULL};
+
+	if (!PyArg_ParseTupleAndKeywords(args,
+					 kwargs,
+					 "|OOO",
+					 discard_const_p(char *, kwnames),
+					 &py_lp_ctx,
+					 &py_ldb,
+					 &py_methods))
+		return NULL;
+
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	if (py_ldb != Py_None) {
+		ldb = pyldb_Ldb_AsLdbContext(py_ldb);
+		if (ldb == NULL) {
+			talloc_free(mem_ctx);
+			return NULL;
+		}
+	}
+
+	lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
+	if (lp_ctx == NULL) {
+		talloc_free(mem_ctx);
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	ev = s4_event_context_init(mem_ctx);
+	if (ev == NULL) {
+		talloc_free(mem_ctx);
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	if (py_methods == Py_None && py_ldb == Py_None) {
+		nt_status = auth_context_create(
+		    mem_ctx, ev, NULL, lp_ctx, &auth_context);
+	} else {
+		if (py_methods != Py_None) {
+			methods = (const char * const *)PyList_AsStringList(mem_ctx, py_methods, "methods");
+			if (methods == NULL) {
+				talloc_free(mem_ctx);
+				return NULL;
+			}
+		} else {
+			methods = auth_methods_from_lp(mem_ctx, lp_ctx);
+		}
+		nt_status = auth_context_create_methods(
+		    mem_ctx, methods, ev, NULL, lp_ctx, ldb, &auth_context);
+	}
+
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(mem_ctx);
+		PyErr_NTSTATUS_IS_ERR_RAISE(nt_status);
+	}
+
+	if (!talloc_reference(auth_context, lp_ctx)) {
+		talloc_free(mem_ctx);
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	if (!talloc_reference(auth_context, ev)) {
+		talloc_free(mem_ctx);
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	py_auth_context = PyAuthContext_FromContext(auth_context);
+
+	talloc_free(mem_ctx);
+
+	return py_auth_context;
+}
+
+static PyTypeObject PyAuthContext = {
+	.tp_name = "AuthContext",
+	.tp_flags = Py_TPFLAGS_DEFAULT,
+	.tp_new = py_auth_context_new,
+};
+
+static PyMethodDef py_auth_methods[] = {
+	{ "system_session", (PyCFunction)py_system_session, METH_VARARGS, NULL },
+	{ "admin_session", (PyCFunction)py_admin_session, METH_VARARGS, NULL },
+	{ "user_session", PY_DISCARD_FUNC_SIG(PyCFunction,py_user_session),
+			  METH_VARARGS|METH_KEYWORDS, NULL },
+	{ "session_info_fill_unix",
+	  PY_DISCARD_FUNC_SIG(PyCFunction,py_session_info_fill_unix),
+	  METH_VARARGS|METH_KEYWORDS,
+	  NULL },
+	{ "session_info_set_unix",
+	  PY_DISCARD_FUNC_SIG(PyCFunction,py_session_info_set_unix),
+	  METH_VARARGS|METH_KEYWORDS,
+	  NULL },
+	{ "copy_session_info",
+	  PY_DISCARD_FUNC_SIG(PyCFunction,py_copy_session_info),
+	  METH_VARARGS|METH_KEYWORDS,
+	  NULL },
+	{0},
+};
+
+static struct PyModuleDef moduledef = {
+	PyModuleDef_HEAD_INIT,
+	.m_name = "auth",
+	.m_doc = "Authentication and authorization support.",
+	.m_size = -1,
+	.m_methods = py_auth_methods,
+};
+
+MODULE_INIT_FUNC(auth)
+{
+	PyObject *m;
+
+	if (pytalloc_BaseObject_PyType_Ready(&PyAuthContext) < 0)
+		return NULL;
+
+	m = PyModule_Create(&moduledef);
+	if (m == NULL)
+		return NULL;
+
+	Py_INCREF(&PyAuthContext);
+	PyModule_AddObject(m, "AuthContext", (PyObject *)&PyAuthContext);
+
+#define ADD_FLAG(val)  PyModule_AddIntConstant(m, #val, val)
+	ADD_FLAG(AUTH_SESSION_INFO_DEFAULT_GROUPS);
+	ADD_FLAG(AUTH_SESSION_INFO_AUTHENTICATED);
+	ADD_FLAG(AUTH_SESSION_INFO_SIMPLE_PRIVILEGES);
+	ADD_FLAG(AUTH_SESSION_INFO_NTLM);
+
+	return m;
+}
diff --git a/source4/auth/pyauth.h b/source4/auth/pyauth.h
new file mode 100644
index 0000000..c01144d
--- /dev/null
+++ b/source4/auth/pyauth.h
@@ -0,0 +1,29 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2008
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _PYAUTH_H_
+#define _PYAUTH_H_
+
+#include <pytalloc.h>
+#include "auth/session.h"
+
+#define PyAuthSession_AsSession(obj) pytalloc_get_type(obj, struct auth_session_info)
+struct auth_session_info *PyObject_AsSession(PyObject *obj);
+
+#endif /* _PYAUTH_H */
diff --git a/source4/auth/sam.c b/source4/auth/sam.c
new file mode 100644
index 0000000..33956c1
--- /dev/null
+++ b/source4/auth/sam.c
@@ -0,0 +1,1900 @@
+/*
+   Unix SMB/CIFS implementation.
+   Password and authentication handling
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2001-2010
+   Copyright (C) Gerald Carter                             2003
+   Copyright (C) Stefan Metzmacher                         2005
+   Copyright (C) Matthias Dieter Wallnöfer                 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/time.h"
+#include "auth/auth.h"
+#include <ldb.h>
+#include "dsdb/samdb/samdb.h"
+#include "libcli/security/security.h"
+#include "auth/auth_sam.h"
+#include "dsdb/common/util.h"
+#include "libcli/ldap/ldap_ndr.h"
+#include "param/param.h"
+#include "librpc/gen_ndr/ndr_winbind_c.h"
+#include "lib/dbwrap/dbwrap.h"
+#include "cluster/cluster.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
+#define KRBTGT_ATTRS				\
+	/* required for the krb5 kdc */		\
+	"objectClass",				\
+	"sAMAccountName",			\
+	"userPrincipalName",			\
+	"servicePrincipalName",			\
+	"msDS-KeyVersionNumber",		\
+	"msDS-SecondaryKrbTgtNumber",		\
+	"msDS-SupportedEncryptionTypes",	\
+	"supplementalCredentials",		\
+	"msDS-AllowedToDelegateTo",		\
+	"msDS-AllowedToActOnBehalfOfOtherIdentity", \
+						\
+	/* passwords */				\
+	"unicodePwd",				\
+						\
+	"userAccountControl",	                \
+	"msDS-User-Account-Control-Computed",	\
+	"objectSid",				\
+						\
+	"pwdLastSet",				\
+	"msDS-UserPasswordExpiryTimeComputed",	\
+	"accountExpires",			\
+						\
+	/* Needed for RODC rule processing */	\
+	"msDS-KrbTgtLinkBL"
+
+#define AUTHN_POLICY_ATTRS                     \
+	/* Required for authentication policies / silos */ \
+	"msDS-AssignedAuthNPolicy",             \
+	"msDS-AssignedAuthNPolicySilo"
+
+const char *krbtgt_attrs[] = {
+	/*
+	 * Authentication policies will not be enforced on the TGS
+	 * account. Don’t include the relevant attributes in the account search.
+	 */
+	KRBTGT_ATTRS, NULL
+};
+
+const char *server_attrs[] = {
+	KRBTGT_ATTRS,
+	AUTHN_POLICY_ATTRS,
+	NULL
+};
+
+const char *user_attrs[] = {
+	/*
+	 * This ordering (having msDS-ResultantPSO first) is
+	 * important.  By processing this attribute first it is
+	 * available in the operational module for the other PSO
+	 * attribute calculations to use.
+	 */
+	"msDS-ResultantPSO",
+
+	KRBTGT_ATTRS,
+	AUTHN_POLICY_ATTRS,
+
+	"logonHours",
+
+	/*
+	 * To allow us to zero the badPwdCount and lockoutTime on
+	 * successful logon, without database churn
+	 */
+	"lockoutTime",
+
+	/*
+	 * Needed for SendToSAM requests
+	 */
+	"objectGUID",
+
+	/* check 'allowed workstations' */
+	"userWorkstations",
+
+	/* required for user_info_dc, not access control: */
+	"displayName",
+	"scriptPath",
+	"profilePath",
+	"homeDirectory",
+	"homeDrive",
+	"lastLogon",
+	"lastLogonTimestamp",
+	"lastLogoff",
+	"accountExpires",
+	"badPwdCount",
+	"logonCount",
+	"primaryGroupID",
+	"memberOf",
+	"badPasswordTime",
+	"lmPwdHistory",
+	"ntPwdHistory",
+	NULL,
+};
+
+/****************************************************************************
+ Check if a user is allowed to logon at this time. Note this is the
+ servers local time, as logon hours are just specified as a weekly
+ bitmask.
+****************************************************************************/
+
+static bool logon_hours_ok(struct ldb_message *msg, const char *name_for_logs)
+{
+	/* In logon hours first bit is Sunday from 12AM to 1AM */
+	const struct ldb_val *hours;
+	struct tm *utctime;
+	time_t lasttime;
+	const char *asct;
+	uint8_t bitmask, bitpos;
+
+	hours = ldb_msg_find_ldb_val(msg, "logonHours");
+	if (!hours) {
+		DEBUG(5,("logon_hours_ok: No hours restrictions for user %s\n", name_for_logs));
+		return true;
+	}
+
+	if (hours->length != 168/8) {
+		DEBUG(5,("logon_hours_ok: malformed logon hours restrictions for user %s\n", name_for_logs));
+		return true;
+	}
+
+	lasttime = time(NULL);
+	utctime = gmtime(&lasttime);
+	if (!utctime) {
+		DEBUG(1, ("logon_hours_ok: failed to get gmtime. Failing logon for user %s\n",
+			name_for_logs));
+		return false;
+	}
+
+	/* find the corresponding byte and bit */
+	bitpos = (utctime->tm_wday * 24 + utctime->tm_hour) % 168;
+	bitmask = 1 << (bitpos % 8);
+
+	if (! (hours->data[bitpos/8] & bitmask)) {
+		struct tm *t = localtime(&lasttime);
+		if (!t) {
+			asct = "INVALID TIME";
+		} else {
+			asct = asctime(t);
+			if (!asct) {
+				asct = "INVALID TIME";
+			}
+		}
+
+		DEBUG(1, ("logon_hours_ok: Account for user %s not allowed to "
+			  "logon at this time (%s).\n",
+			  name_for_logs, asct ));
+		return false;
+	}
+
+	asct = asctime(utctime);
+	DEBUG(5,("logon_hours_ok: user %s allowed to logon at this time (%s)\n",
+		name_for_logs, asct ? asct : "UNKNOWN TIME" ));
+
+	return true;
+}
+
+/****************************************************************************
+ Do a specific test for a SAM_ACCOUNT being valid for this connection
+ (ie not disabled, expired and the like).
+****************************************************************************/
+_PUBLIC_ NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx,
+				     struct ldb_context *sam_ctx,
+				     uint32_t logon_parameters,
+				     struct ldb_dn *domain_dn,
+				     struct ldb_message *msg,
+				     const char *logon_workstation,
+				     const char *name_for_logs,
+				     bool allow_domain_trust,
+				     bool password_change)
+{
+	uint16_t acct_flags;
+	const char *workstation_list;
+	NTTIME acct_expiry;
+	NTTIME must_change_time;
+	struct timeval tv_now = timeval_current();
+	NTTIME now = timeval_to_nttime(&tv_now);
+
+	DEBUG(4,("authsam_account_ok: Checking SMB password for user %s\n", name_for_logs));
+
+	acct_flags = samdb_result_acct_flags(msg, "msDS-User-Account-Control-Computed");
+
+	acct_expiry = samdb_result_account_expires(msg);
+
+	/* Check for when we must change this password, taking the
+	 * userAccountControl flags into account */
+	must_change_time = samdb_result_nttime(msg,
+			"msDS-UserPasswordExpiryTimeComputed", 0);
+
+	workstation_list = ldb_msg_find_attr_as_string(msg, "userWorkstations", NULL);
+
+	/* Quit if the account was disabled. */
+	if (acct_flags & ACB_DISABLED) {
+		DEBUG(2,("authsam_account_ok: Account for user '%s' was disabled.\n", name_for_logs));
+		return NT_STATUS_ACCOUNT_DISABLED;
+	}
+
+	/* Quit if the account was locked out. */
+	if (acct_flags & ACB_AUTOLOCK) {
+		DEBUG(2,("authsam_account_ok: Account for user %s was locked out.\n", name_for_logs));
+		return NT_STATUS_ACCOUNT_LOCKED_OUT;
+	}
+
+	/* Test account expire time */
+	if (now > acct_expiry) {
+		DEBUG(2,("authsam_account_ok: Account for user '%s' has expired.\n", name_for_logs));
+		DEBUG(3,("authsam_account_ok: Account expired at '%s'.\n",
+			 nt_time_string(mem_ctx, acct_expiry)));
+		return NT_STATUS_ACCOUNT_EXPIRED;
+	}
+
+	/* check for immediate expiry "must change at next logon" (but not if this is a password change request) */
+	if ((must_change_time == 0) && !password_change) {
+		DEBUG(2,("sam_account_ok: Account for user '%s' password must change!.\n",
+			 name_for_logs));
+		return NT_STATUS_PASSWORD_MUST_CHANGE;
+	}
+
+	/* check for expired password (but not if this is a password change request) */
+	if ((must_change_time < now) && !password_change) {
+		DEBUG(2,("sam_account_ok: Account for user '%s' password expired!.\n",
+			 name_for_logs));
+		DEBUG(2,("sam_account_ok: Password expired at '%s' unix time.\n",
+			 nt_time_string(mem_ctx, must_change_time)));
+		return NT_STATUS_PASSWORD_EXPIRED;
+	}
+
+	/* Test workstation. Workstation list is comma separated. */
+	if (logon_workstation && workstation_list && *workstation_list) {
+		bool invalid_ws = true;
+		int i;
+		char **workstations = str_list_make(mem_ctx, workstation_list, ",");
+
+		for (i = 0; workstations && workstations[i]; i++) {
+			DEBUG(10,("sam_account_ok: checking for workstation match '%s' and '%s'\n",
+				  workstations[i], logon_workstation));
+
+			if (strequal(workstations[i], logon_workstation)) {
+				invalid_ws = false;
+				break;
+			}
+		}
+
+		talloc_free(workstations);
+
+		if (invalid_ws) {
+			return NT_STATUS_INVALID_WORKSTATION;
+		}
+	}
+
+	if (!logon_hours_ok(msg, name_for_logs)) {
+		return NT_STATUS_INVALID_LOGON_HOURS;
+	}
+
+	if (!allow_domain_trust) {
+		if (acct_flags & ACB_DOMTRUST) {
+			DEBUG(2,("sam_account_ok: Domain trust account %s denied by server\n", name_for_logs));
+			return NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT;
+		}
+	}
+	if (!(logon_parameters & MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT)) {
+		if (acct_flags & ACB_SVRTRUST) {
+			DEBUG(2,("sam_account_ok: Server trust account %s denied by server\n", name_for_logs));
+			return NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT;
+		}
+	}
+	if (!(logon_parameters & MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT)) {
+		/* TODO: this fails with current solaris client. We
+		   need to work with Gordon to work out why */
+		if (acct_flags & ACB_WSTRUST) {
+			DEBUG(4,("sam_account_ok: Wksta trust account %s denied by server\n", name_for_logs));
+			return NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT;
+		}
+	}
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS authsam_domain_group_filter(TALLOC_CTX *mem_ctx,
+					    char **_filter)
+{
+	char *filter = NULL;
+
+	*_filter = NULL;
+
+	filter = talloc_strdup(mem_ctx, "(&(objectClass=group)");
+	if (filter == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/*
+	 * Skip all builtin groups, they're added later.
+	 */
+	talloc_asprintf_addbuf(&filter,
+			       "(!(groupType:"LDB_OID_COMPARATOR_AND":=%u))",
+			       GROUP_TYPE_BUILTIN_LOCAL_GROUP);
+	if (filter == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	/*
+	 * Only include security groups.
+	 */
+	talloc_asprintf_addbuf(&filter,
+			       "(groupType:"LDB_OID_COMPARATOR_AND":=%u))",
+			       GROUP_TYPE_SECURITY_ENABLED);
+	if (filter == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	*_filter = filter;
+	return NT_STATUS_OK;
+}
+
+_PUBLIC_ NTSTATUS authsam_make_user_info_dc(TALLOC_CTX *mem_ctx,
+					   struct ldb_context *sam_ctx,
+					   const char *netbios_name,
+					   const char *domain_name,
+					   const char *dns_domain_name,
+					   struct ldb_dn *domain_dn,
+					   const struct ldb_message *msg,
+					   DATA_BLOB user_sess_key,
+					   DATA_BLOB lm_sess_key,
+					   struct auth_user_info_dc **_user_info_dc)
+{
+	NTSTATUS status;
+	int ret;
+	struct auth_user_info_dc *user_info_dc;
+	struct auth_user_info *info;
+	const char *str = NULL;
+	char *filter = NULL;
+	/* SIDs for the account and his primary group */
+	struct dom_sid *account_sid;
+	struct dom_sid_buf buf;
+	const char *primary_group_dn_str = NULL;
+	DATA_BLOB primary_group_blob;
+	struct ldb_dn *primary_group_dn = NULL;
+	struct ldb_message *primary_group_msg = NULL;
+	unsigned primary_group_type;
+	/* SID structures for the expanded group memberships */
+	struct auth_SidAttr *sids = NULL;
+	uint32_t num_sids = 0;
+	unsigned int i;
+	struct dom_sid *domain_sid;
+	TALLOC_CTX *tmp_ctx;
+	struct ldb_message_element *el;
+	static const char * const group_type_attrs[] = { "groupType", NULL };
+
+	if (msg == NULL) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	user_info_dc = talloc_zero(mem_ctx, struct auth_user_info_dc);
+	NT_STATUS_HAVE_NO_MEMORY(user_info_dc);
+
+	tmp_ctx = talloc_new(user_info_dc);
+	if (tmp_ctx == NULL) {
+		TALLOC_FREE(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/*
+	 * We'll typically store three SIDs: the SID of the user, the SID of the
+	 * primary group, and a copy of the latter if it's not a resource
+	 * group. Allocate enough memory for these three SIDs.
+	 */
+	sids = talloc_zero_array(user_info_dc, struct auth_SidAttr, 3);
+	if (sids == NULL) {
+		TALLOC_FREE(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	num_sids = 2;
+
+	account_sid = samdb_result_dom_sid(tmp_ctx, msg, "objectSid");
+	if (account_sid == NULL) {
+		TALLOC_FREE(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	status = dom_sid_split_rid(tmp_ctx, account_sid, &domain_sid, NULL);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(user_info_dc);
+		return status;
+	}
+
+	sids[PRIMARY_USER_SID_INDEX].sid = *account_sid;
+	sids[PRIMARY_USER_SID_INDEX].attrs = SE_GROUP_DEFAULT_FLAGS;
+	sids[PRIMARY_GROUP_SID_INDEX].sid = *domain_sid;
+	sid_append_rid(&sids[PRIMARY_GROUP_SID_INDEX].sid, ldb_msg_find_attr_as_uint(msg, "primaryGroupID", ~0));
+	sids[PRIMARY_GROUP_SID_INDEX].attrs = SE_GROUP_DEFAULT_FLAGS;
+
+	/*
+	 * Filter out builtin groups from this token. We will search
+	 * for builtin groups later, and not include them in the PAC
+	 * or SamLogon validation info.
+	 */
+	status = authsam_domain_group_filter(tmp_ctx, &filter);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(user_info_dc);
+		return status;
+	}
+
+	primary_group_dn_str = talloc_asprintf(
+		tmp_ctx,
+		"<SID=%s>",
+		dom_sid_str_buf(&sids[PRIMARY_GROUP_SID_INDEX].sid, &buf));
+	if (primary_group_dn_str == NULL) {
+		TALLOC_FREE(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* Get the DN of the primary group. */
+	primary_group_dn = ldb_dn_new(tmp_ctx, sam_ctx, primary_group_dn_str);
+	if (primary_group_dn == NULL) {
+		TALLOC_FREE(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/*
+	 * Do a search for the primary group, for the purpose of checking
+	 * whether it's a resource group.
+	 */
+	ret = dsdb_search_one(sam_ctx, tmp_ctx,
+			      &primary_group_msg,
+			      primary_group_dn,
+			      LDB_SCOPE_BASE,
+			      group_type_attrs,
+			      0,
+			      NULL);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(user_info_dc);
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	/* Check the type of the primary group. */
+	primary_group_type = ldb_msg_find_attr_as_uint(primary_group_msg, "groupType", 0);
+	if (primary_group_type & GROUP_TYPE_RESOURCE_GROUP) {
+		/*
+		 * If it's a resource group, we might as well indicate that in
+		 * its attributes. At any rate, the primary group's attributes
+		 * are unlikely to be used in the code, as there's nowhere to
+		 * store them.
+		 */
+		sids[PRIMARY_GROUP_SID_INDEX].attrs |= SE_GROUP_RESOURCE;
+	} else {
+		/*
+		 * The primary group is not a resource group. Make a copy of its
+		 * SID to ensure it is added to the Base SIDs in the PAC.
+		 */
+		sids[REMAINING_SIDS_INDEX] = sids[PRIMARY_GROUP_SID_INDEX];
+		++num_sids;
+	}
+
+	primary_group_blob = data_blob_string_const(primary_group_dn_str);
+
+	/* Expands the primary group - this function takes in
+	 * memberOf-like values, so we fake one up with the
+	 * <SID=S-...> format of DN and then let it expand
+	 * them, as long as they meet the filter - so only
+	 * domain groups, not builtin groups
+	 *
+	 * The primary group is still treated specially, so we set the
+	 * 'only childs' flag to true
+	 */
+	status = dsdb_expand_nested_groups(sam_ctx, &primary_group_blob, true, filter,
+					   user_info_dc, &sids, &num_sids);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(user_info_dc);
+		return status;
+	}
+
+	/* Expands the additional groups */
+	el = ldb_msg_find_element(msg, "memberOf");
+	for (i = 0; el && i < el->num_values; i++) {
+		/* This function takes in memberOf values and expands
+		 * them, as long as they meet the filter - so only
+		 * domain groups, not builtin groups */
+		status = dsdb_expand_nested_groups(sam_ctx, &el->values[i], false, filter,
+						   user_info_dc, &sids, &num_sids);
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(user_info_dc);
+			return status;
+		}
+	}
+
+	user_info_dc->sids = sids;
+	user_info_dc->num_sids = num_sids;
+
+	user_info_dc->info = info = talloc_zero(user_info_dc, struct auth_user_info);
+	if (user_info_dc->info == NULL) {
+		talloc_free(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	str = ldb_msg_find_attr_as_string(msg, "sAMAccountName", NULL);
+	info->account_name = talloc_strdup(info, str);
+	if (info->account_name == NULL) {
+		TALLOC_FREE(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	str = ldb_msg_find_attr_as_string(msg, "userPrincipalName", NULL);
+	if (str == NULL && dns_domain_name != NULL) {
+		info->user_principal_name = talloc_asprintf(info, "%s@%s",
+					info->account_name,
+					dns_domain_name);
+		if (info->user_principal_name == NULL) {
+			TALLOC_FREE(user_info_dc);
+			return NT_STATUS_NO_MEMORY;
+		}
+		info->user_principal_constructed = true;
+	} else if (str != NULL) {
+		info->user_principal_name = talloc_strdup(info, str);
+		if (info->user_principal_name == NULL) {
+			TALLOC_FREE(user_info_dc);
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
+	info->domain_name = talloc_strdup(info, domain_name);
+	if (info->domain_name == NULL) {
+		TALLOC_FREE(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (dns_domain_name != NULL) {
+		info->dns_domain_name = talloc_strdup(info, dns_domain_name);
+		if (info->dns_domain_name == NULL) {
+			TALLOC_FREE(user_info_dc);
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
+	str = ldb_msg_find_attr_as_string(msg, "displayName", "");
+	info->full_name = talloc_strdup(info, str);
+	if (info->full_name == NULL) {
+		TALLOC_FREE(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	str = ldb_msg_find_attr_as_string(msg, "scriptPath", "");
+	info->logon_script = talloc_strdup(info, str);
+	if (info->logon_script == NULL) {
+		TALLOC_FREE(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	str = ldb_msg_find_attr_as_string(msg, "profilePath", "");
+	info->profile_path = talloc_strdup(info, str);
+	if (info->profile_path == NULL) {
+		TALLOC_FREE(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	str = ldb_msg_find_attr_as_string(msg, "homeDirectory", "");
+	info->home_directory = talloc_strdup(info, str);
+	if (info->home_directory == NULL) {
+		TALLOC_FREE(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	str = ldb_msg_find_attr_as_string(msg, "homeDrive", "");
+	info->home_drive = talloc_strdup(info, str);
+	if (info->home_drive == NULL) {
+		TALLOC_FREE(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	info->logon_server = talloc_strdup(info, netbios_name);
+	if (info->logon_server == NULL) {
+		TALLOC_FREE(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	info->last_logon = samdb_result_nttime(msg, "lastLogon", 0);
+	info->last_logoff = samdb_result_last_logoff(msg);
+	info->acct_expiry = samdb_result_account_expires(msg);
+	info->last_password_change = samdb_result_nttime(msg,
+		"pwdLastSet", 0);
+	info->allow_password_change
+		= samdb_result_allow_password_change(sam_ctx, mem_ctx,
+			domain_dn, msg, "pwdLastSet");
+	info->force_password_change = samdb_result_nttime(msg,
+		"msDS-UserPasswordExpiryTimeComputed", 0);
+	info->logon_count = ldb_msg_find_attr_as_uint(msg, "logonCount", 0);
+	info->bad_password_count = ldb_msg_find_attr_as_uint(msg, "badPwdCount",
+		0);
+
+	info->acct_flags = samdb_result_acct_flags(msg, "msDS-User-Account-Control-Computed");
+
+	user_info_dc->user_session_key = data_blob_talloc(user_info_dc,
+							 user_sess_key.data,
+							 user_sess_key.length);
+	if (user_sess_key.data) {
+		if (user_info_dc->user_session_key.data == NULL) {
+			TALLOC_FREE(user_info_dc);
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+	user_info_dc->lm_session_key = data_blob_talloc(user_info_dc,
+						       lm_sess_key.data,
+						       lm_sess_key.length);
+	if (lm_sess_key.data) {
+		if (user_info_dc->lm_session_key.data == NULL) {
+			TALLOC_FREE(user_info_dc);
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
+	if (info->acct_flags & ACB_SVRTRUST) {
+		/* the SID_NT_ENTERPRISE_DCS SID gets added into the
+		   PAC */
+		user_info_dc->sids = talloc_realloc(user_info_dc,
+						   user_info_dc->sids,
+						   struct auth_SidAttr,
+						   user_info_dc->num_sids+1);
+		if (user_info_dc->sids == NULL) {
+			TALLOC_FREE(user_info_dc);
+			return NT_STATUS_NO_MEMORY;
+		}
+		user_info_dc->sids[user_info_dc->num_sids].sid = global_sid_Enterprise_DCs;
+		user_info_dc->sids[user_info_dc->num_sids].attrs = SE_GROUP_DEFAULT_FLAGS;
+		user_info_dc->num_sids++;
+	}
+
+	if ((info->acct_flags & (ACB_PARTIAL_SECRETS_ACCOUNT | ACB_WSTRUST)) ==
+	    (ACB_PARTIAL_SECRETS_ACCOUNT | ACB_WSTRUST)) {
+		/* the DOMAIN_RID_ENTERPRISE_READONLY_DCS PAC */
+		user_info_dc->sids = talloc_realloc(user_info_dc,
+						   user_info_dc->sids,
+						   struct auth_SidAttr,
+						   user_info_dc->num_sids+1);
+		if (user_info_dc->sids == NULL) {
+			TALLOC_FREE(user_info_dc);
+			return NT_STATUS_NO_MEMORY;
+		}
+		user_info_dc->sids[user_info_dc->num_sids].sid = *domain_sid;
+		sid_append_rid(&user_info_dc->sids[user_info_dc->num_sids].sid,
+			    DOMAIN_RID_ENTERPRISE_READONLY_DCS);
+		user_info_dc->sids[user_info_dc->num_sids].attrs = SE_GROUP_DEFAULT_FLAGS;
+		user_info_dc->num_sids++;
+	}
+
+	info->user_flags = 0;
+
+	talloc_free(tmp_ctx);
+	*_user_info_dc = user_info_dc;
+
+	return NT_STATUS_OK;
+}
+
+_PUBLIC_ NTSTATUS authsam_update_user_info_dc(TALLOC_CTX *mem_ctx,
+			struct ldb_context *sam_ctx,
+			struct auth_user_info_dc *user_info_dc)
+{
+	char *filter = NULL;
+	NTSTATUS status;
+	uint32_t i;
+	uint32_t n = 0;
+
+	/*
+	 * This function exists to expand group memberships
+	 * in the local domain (forest), as the token
+	 * may come from a different domain.
+	 */
+
+	/*
+	 * Filter out builtin groups from this token. We will search
+	 * for builtin groups later.
+	 */
+	status = authsam_domain_group_filter(mem_ctx, &filter);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	/*
+	 * We loop only over the existing number of
+	 * sids.
+	 */
+	n = user_info_dc->num_sids;
+	for (i = 0; i < n; i++) {
+		struct dom_sid *sid = &user_info_dc->sids[i].sid;
+		struct dom_sid_buf sid_buf;
+		char dn_str[sizeof(sid_buf.buf)*2];
+		DATA_BLOB dn_blob = data_blob_null;
+
+		snprintf(dn_str,
+			sizeof(dn_str),
+			"<SID=%s>",
+			dom_sid_str_buf(sid, &sid_buf));
+		dn_blob = data_blob_string_const(dn_str);
+
+		/*
+		 * We already have the SID in the token, so set
+		 * 'only childs' flag to true and add all
+		 * groups which match the filter.
+		 */
+		status = dsdb_expand_nested_groups(sam_ctx, &dn_blob,
+						   true, filter,
+						   user_info_dc,
+						   &user_info_dc->sids,
+						   &user_info_dc->num_sids);
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(filter);
+			return status;
+		}
+	}
+
+	talloc_free(filter);
+	return NT_STATUS_OK;
+}
+
+/*
+ * Make a shallow copy of a talloc-allocated user_info_dc structure, holding a
+ * reference to each of the original fields.
+ */
+NTSTATUS authsam_shallow_copy_user_info_dc(TALLOC_CTX *mem_ctx,
+					   const struct auth_user_info_dc *user_info_dc_in,
+					   struct auth_user_info_dc **user_info_dc_out)
+{
+	struct auth_user_info_dc *user_info_dc = NULL;
+	NTSTATUS status = NT_STATUS_OK;
+
+	if (user_info_dc_in == NULL) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (user_info_dc_out == NULL) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	user_info_dc = talloc_zero(mem_ctx, struct auth_user_info_dc);
+	if (user_info_dc == NULL) {
+		status = NT_STATUS_NO_MEMORY;
+		goto out;
+	}
+
+	*user_info_dc = *user_info_dc_in;
+
+	if (user_info_dc->info != NULL) {
+		if (talloc_reference(user_info_dc, user_info_dc->info) == NULL) {
+			status = NT_STATUS_NO_MEMORY;
+			goto out;
+		}
+	}
+
+	if (user_info_dc->user_session_key.data != NULL) {
+		if (talloc_reference(user_info_dc, user_info_dc->user_session_key.data) == NULL) {
+			status = NT_STATUS_NO_MEMORY;
+			goto out;
+		}
+	}
+
+	if (user_info_dc->lm_session_key.data != NULL) {
+		if (talloc_reference(user_info_dc, user_info_dc->lm_session_key.data) == NULL) {
+			status = NT_STATUS_NO_MEMORY;
+			goto out;
+		}
+	}
+
+	if (user_info_dc->sids != NULL) {
+		/*
+		 * Because we want to modify the SIDs in the user_info_dc
+		 * structure, adding various well-known SIDs such as Asserted
+		 * Identity or Claims Valid, make a copy of the SID array to
+		 * guard against modification of the original.
+		 *
+		 * It’s better not to make a reference, because anything that
+		 * tries to call talloc_realloc() on the original or the copy
+		 * will fail when called for any referenced talloc context.
+		 */
+		user_info_dc->sids = talloc_memdup(user_info_dc,
+						   user_info_dc->sids,
+						   talloc_get_size(user_info_dc->sids));
+		if (user_info_dc->sids == NULL) {
+			status = NT_STATUS_NO_MEMORY;
+			goto out;
+		}
+	}
+
+	*user_info_dc_out = user_info_dc;
+	user_info_dc = NULL;
+
+out:
+	talloc_free(user_info_dc);
+	return status;
+}
+
+NTSTATUS sam_get_results_principal(struct ldb_context *sam_ctx,
+				   TALLOC_CTX *mem_ctx, const char *principal,
+				   const char **attrs,
+				   struct ldb_dn **domain_dn,
+				   struct ldb_message **msg)
+{
+	struct ldb_dn *user_dn;
+	NTSTATUS nt_status;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	int ret;
+
+	if (!tmp_ctx) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	nt_status = crack_user_principal_name(sam_ctx, tmp_ctx, principal,
+					      &user_dn, domain_dn);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(tmp_ctx);
+		return nt_status;
+	}
+
+	/* pull the user attributes */
+	ret = dsdb_search_one(sam_ctx, tmp_ctx, msg, user_dn,
+			      LDB_SCOPE_BASE, attrs,
+			      DSDB_SEARCH_SHOW_EXTENDED_DN | DSDB_SEARCH_NO_GLOBAL_CATALOG,
+			      "(objectClass=*)");
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+	talloc_steal(mem_ctx, *msg);
+	talloc_steal(mem_ctx, *domain_dn);
+	talloc_free(tmp_ctx);
+
+	return NT_STATUS_OK;
+}
+
+/* Used in the gensec_gssapi and gensec_krb5 server-side code, where the PAC isn't available, and for tokenGroups in the DSDB stack.
+
+ Supply either a principal or a DN
+*/
+NTSTATUS authsam_get_user_info_dc_principal(TALLOC_CTX *mem_ctx,
+					   struct loadparm_context *lp_ctx,
+					   struct ldb_context *sam_ctx,
+					   const char *principal,
+					   struct ldb_dn *user_dn,
+					   struct auth_user_info_dc **user_info_dc)
+{
+	NTSTATUS nt_status;
+	DATA_BLOB user_sess_key = data_blob(NULL, 0);
+	DATA_BLOB lm_sess_key = data_blob(NULL, 0);
+
+	struct ldb_message *msg;
+	struct ldb_dn *domain_dn;
+
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	if (!tmp_ctx) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (principal) {
+		nt_status = sam_get_results_principal(sam_ctx, tmp_ctx, principal,
+						      user_attrs, &domain_dn, &msg);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			talloc_free(tmp_ctx);
+			return nt_status;
+		}
+	} else if (user_dn) {
+		struct dom_sid *user_sid, *domain_sid;
+		int ret;
+		/* pull the user attributes */
+		ret = dsdb_search_one(sam_ctx, tmp_ctx, &msg, user_dn,
+				      LDB_SCOPE_BASE, user_attrs,
+				      DSDB_SEARCH_SHOW_EXTENDED_DN | DSDB_SEARCH_NO_GLOBAL_CATALOG,
+				      "(objectClass=*)");
+		if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+			talloc_free(tmp_ctx);
+			return NT_STATUS_NO_SUCH_USER;
+		} else if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+
+		user_sid = samdb_result_dom_sid(msg, msg, "objectSid");
+
+		nt_status = dom_sid_split_rid(tmp_ctx, user_sid, &domain_sid, NULL);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			talloc_free(tmp_ctx);
+			return nt_status;
+		}
+
+		domain_dn = samdb_search_dn(sam_ctx, mem_ctx, NULL,
+					  "(&(objectSid=%s)(objectClass=domain))",
+					    ldap_encode_ndr_dom_sid(tmp_ctx, domain_sid));
+		if (!domain_dn) {
+			struct dom_sid_buf buf;
+			DEBUG(3, ("authsam_get_user_info_dc_principal: Failed to find domain with: SID %s\n",
+				  dom_sid_str_buf(domain_sid, &buf)));
+			talloc_free(tmp_ctx);
+			return NT_STATUS_NO_SUCH_USER;
+		}
+
+	} else {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	nt_status = authsam_make_user_info_dc(tmp_ctx, sam_ctx,
+					     lpcfg_netbios_name(lp_ctx),
+					     lpcfg_sam_name(lp_ctx),
+					     lpcfg_sam_dnsname(lp_ctx),
+					     domain_dn,
+					     msg,
+					     user_sess_key, lm_sess_key,
+					     user_info_dc);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(tmp_ctx);
+		return nt_status;
+	}
+
+	talloc_steal(mem_ctx, *user_info_dc);
+	talloc_free(tmp_ctx);
+
+	return NT_STATUS_OK;
+}
+
+/*
+ * Returns the details for the Password Settings Object (PSO), if one applies
+ * the user.
+ */
+static int authsam_get_user_pso(struct ldb_context *sam_ctx,
+				TALLOC_CTX *mem_ctx,
+				struct ldb_message *user_msg,
+				struct ldb_message **pso_msg)
+{
+	const char *attrs[] = { "msDS-LockoutThreshold",
+				"msDS-LockoutObservationWindow",
+				NULL };
+	struct ldb_dn *pso_dn = NULL;
+	struct ldb_result *res = NULL;
+	int ret;
+
+	/* check if the user has a PSO that applies to it */
+	pso_dn = ldb_msg_find_attr_as_dn(sam_ctx, mem_ctx, user_msg,
+					 "msDS-ResultantPSO");
+
+	if (pso_dn != NULL) {
+		ret = dsdb_search_dn(sam_ctx, mem_ctx, &res, pso_dn, attrs, 0);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		*pso_msg = res->msgs[0];
+	}
+
+	return LDB_SUCCESS;
+}
+
+/*
+ * Re-read the bad password and successful logon data for a user.
+ *
+ * The DN in the passed user record should contain the "objectGUID" in case the
+ * object DN has changed.
+ */
+NTSTATUS authsam_reread_user_logon_data(
+	struct ldb_context *sam_ctx,
+	TALLOC_CTX *mem_ctx,
+	const struct ldb_message *user_msg,
+	struct ldb_message **current)
+{
+	const struct ldb_val *v = NULL;
+	struct ldb_result *res = NULL;
+	uint16_t acct_flags = 0;
+	const char *attr_name = "msDS-User-Account-Control-Computed";
+
+	int ret;
+
+	/*
+	 * Re-read the account details, using the GUID in case the DN
+	 * is being changed (this is automatic in LDB because the
+	 * original search also used DSDB_SEARCH_SHOW_EXTENDED_DN)
+	 *
+	 * We re read all the attributes in user_attrs, rather than using a
+	 * subset to ensure that we can reuse existing validation code.
+	 */
+	ret = dsdb_search_dn(sam_ctx,
+			     mem_ctx,
+			     &res,
+			     user_msg->dn,
+			     user_attrs,
+			     DSDB_SEARCH_SHOW_EXTENDED_DN);
+	if (ret != LDB_SUCCESS) {
+		DBG_ERR("Unable to re-read account control data for %s\n",
+			ldb_dn_get_linearized(user_msg->dn));
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	/*
+	 * Ensure the account has not been locked out by another request
+	 */
+	v = ldb_msg_find_ldb_val(res->msgs[0], attr_name);
+	if (v == NULL || v->data == NULL) {
+		DBG_ERR("No %s attribute for %s\n",
+			attr_name,
+			ldb_dn_get_linearized(user_msg->dn));
+		TALLOC_FREE(res);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+	acct_flags = samdb_result_acct_flags(res->msgs[0], attr_name);
+	if (acct_flags & ACB_AUTOLOCK) {
+		DBG_WARNING(
+			"Account for user %s was locked out.\n",
+			ldb_dn_get_linearized(user_msg->dn));
+		TALLOC_FREE(res);
+		return NT_STATUS_ACCOUNT_LOCKED_OUT;
+	}
+	*current = talloc_steal(mem_ctx, res->msgs[0]);
+	TALLOC_FREE(res);
+	return NT_STATUS_OK;
+}
+
+static struct db_context *authsam_get_bad_password_db(
+	TALLOC_CTX *mem_ctx,
+	struct ldb_context *sam_ctx)
+{
+	struct loadparm_context *lp_ctx = NULL;
+	const char *db_name = "bad_password";
+	struct db_context *db_ctx =  NULL;
+
+	lp_ctx = ldb_get_opaque(sam_ctx, "loadparm");
+	if (lp_ctx == NULL) {
+		DBG_ERR("Unable to get loadparm_context\n");
+		return NULL;
+	}
+
+	db_ctx = cluster_db_tmp_open(mem_ctx, lp_ctx, db_name, TDB_DEFAULT);
+	if (db_ctx == NULL) {
+		DBG_ERR("Unable to open bad password attempts database\n");
+		return NULL;
+	}
+	return db_ctx;
+}
+
+static NTSTATUS get_object_sid_as_tdb_data(
+	TALLOC_CTX *mem_ctx,
+	const struct ldb_message *msg,
+	struct dom_sid_buf *buf,
+	TDB_DATA *key)
+{
+	struct dom_sid *objectsid = NULL;
+
+	/*
+	 * Convert the objectSID to a human readable form to
+	 * make debugging easier
+	 */
+	objectsid = samdb_result_dom_sid(mem_ctx, msg, "objectSID");
+	if (objectsid == NULL) {
+		DBG_ERR("Unable to extract objectSID\n");
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+	dom_sid_str_buf(objectsid, buf);
+	key->dptr = (unsigned char *)buf->buf;
+	key->dsize = strlen(buf->buf);
+
+	talloc_free(objectsid);
+
+	return NT_STATUS_OK;
+}
+
+/*
+ * Add the users objectSID to the bad password attempt database
+ * to indicate that last authentication failed due to a bad password
+ */
+static NTSTATUS authsam_set_bad_password_indicator(
+	struct ldb_context *sam_ctx,
+	TALLOC_CTX *mem_ctx,
+	const struct ldb_message *msg)
+{
+	NTSTATUS status = NT_STATUS_OK;
+	struct dom_sid_buf buf;
+	TDB_DATA key = {0};
+	TDB_DATA value = {0};
+	struct db_context *db = NULL;
+
+	TALLOC_CTX *ctx = talloc_new(mem_ctx);
+	if (ctx == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	db = authsam_get_bad_password_db(ctx, sam_ctx);
+	if (db == NULL) {
+		status = NT_STATUS_INTERNAL_ERROR;
+		goto exit;
+	}
+
+	status = get_object_sid_as_tdb_data(ctx, msg, &buf, &key);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto exit;
+	}
+
+	status = dbwrap_store(db, key, value, 0);
+	if (!NT_STATUS_IS_OK(status)) {
+		DBG_ERR("Unable to store bad password indicator\n");
+	}
+exit:
+	talloc_free(ctx);
+	return status;
+}
+
+/*
+ * see if the users objectSID is in the bad password attempt database
+ */
+static NTSTATUS authsam_check_bad_password_indicator(
+	struct ldb_context *sam_ctx,
+	TALLOC_CTX *mem_ctx,
+	bool *exists,
+	const struct ldb_message *msg)
+{
+	NTSTATUS status = NT_STATUS_OK;
+	struct dom_sid_buf buf;
+	TDB_DATA key = {0};
+	struct db_context *db = NULL;
+
+	TALLOC_CTX *ctx = talloc_new(mem_ctx);
+	if (ctx == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	db = authsam_get_bad_password_db(ctx, sam_ctx);
+	if (db == NULL) {
+		status = NT_STATUS_INTERNAL_ERROR;
+		goto exit;
+	}
+
+	status = get_object_sid_as_tdb_data(ctx, msg, &buf, &key);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto exit;
+	}
+
+	*exists = dbwrap_exists(db, key);
+exit:
+	talloc_free(ctx);
+	return status;
+}
+
+/*
+ * Remove the users objectSID to the bad password attempt database
+ * to indicate that last authentication succeeded.
+ */
+static NTSTATUS authsam_clear_bad_password_indicator(
+	struct ldb_context *sam_ctx,
+	TALLOC_CTX *mem_ctx,
+	const struct ldb_message *msg)
+{
+	NTSTATUS status = NT_STATUS_OK;
+	struct dom_sid_buf buf;
+	TDB_DATA key = {0};
+	struct db_context *db = NULL;
+
+	TALLOC_CTX *ctx = talloc_new(mem_ctx);
+	if (ctx == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	db = authsam_get_bad_password_db(ctx, sam_ctx);
+	if (db == NULL) {
+		status = NT_STATUS_INTERNAL_ERROR;
+		goto exit;
+	}
+
+	status = get_object_sid_as_tdb_data(ctx, msg, &buf, &key);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto exit;
+	}
+
+	status = dbwrap_delete(db, key);
+	if (NT_STATUS_EQUAL(NT_STATUS_NOT_FOUND, status)) {
+		/*
+		 * Ok there was no bad password indicator this is expected
+		 */
+		status = NT_STATUS_OK;
+	}
+	if (NT_STATUS_IS_ERR(status)) {
+		DBG_ERR("Unable to delete bad password indicator, %s %s\n",
+			nt_errstr(status),
+			get_friendly_nt_error_msg(status));
+	}
+exit:
+	talloc_free(ctx);
+	return status;
+}
+
+NTSTATUS authsam_update_bad_pwd_count(struct ldb_context *sam_ctx,
+				      struct ldb_message *msg,
+				      struct ldb_dn *domain_dn)
+{
+	const char *attrs[] = { "lockoutThreshold",
+				"lockOutObservationWindow",
+				"lockoutDuration",
+				"pwdProperties",
+				NULL };
+	int ret;
+	NTSTATUS status;
+	struct ldb_result *domain_res;
+	struct ldb_message *msg_mod = NULL;
+	struct ldb_message *current = NULL;
+	struct ldb_message *pso_msg = NULL;
+	bool txn_active = false;
+	TALLOC_CTX *mem_ctx;
+
+	mem_ctx = talloc_new(msg);
+	if (mem_ctx == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ret = dsdb_search_dn(sam_ctx, mem_ctx, &domain_res, domain_dn, attrs, 0);
+	if (ret != LDB_SUCCESS) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	ret = authsam_get_user_pso(sam_ctx, mem_ctx, msg, &pso_msg);
+	if (ret != LDB_SUCCESS) {
+
+		/*
+		 * fallback to using the domain defaults so that we still
+		 * record the bad password attempt
+		 */
+		DBG_ERR("Error (%d) checking PSO for %s\n",
+			ret, ldb_dn_get_linearized(msg->dn));
+	}
+
+	/*
+	 * To ensure that the bad password count is updated atomically,
+	 * we need to:
+	 *    begin a transaction
+	 *       re-read the account details,
+	 *         using the <GUID= part of the DN
+	 *       update the bad password count
+	 *    commit the transaction.
+	 */
+
+	/*
+	 * Start a new transaction
+	 */
+	ret = ldb_transaction_start(sam_ctx);
+	if (ret != LDB_SUCCESS) {
+		status = NT_STATUS_INTERNAL_ERROR;
+		goto error;
+	}
+	txn_active = true;
+
+	/*
+	 * Re-read the account details, using the GUID in case the DN
+	 * is being changed.
+	 */
+	status = authsam_reread_user_logon_data(
+		sam_ctx, mem_ctx, msg, &current);
+	if (!NT_STATUS_IS_OK(status)) {
+		/* The re-read can return account locked out, as well
+		 * as an internal error
+		 */
+		if (NT_STATUS_EQUAL(status, NT_STATUS_ACCOUNT_LOCKED_OUT)) {
+			/*
+			 * For NT_STATUS_ACCOUNT_LOCKED_OUT we want to commit
+			 * the transaction. Again to avoid cluttering the
+			 * audit logs with spurious errors
+			 */
+			goto exit;
+		}
+		goto error;
+	}
+
+	/*
+	 * Update the bad password count and if required lock the account
+	 */
+	status = dsdb_update_bad_pwd_count(
+		mem_ctx,
+		sam_ctx,
+		current,
+		domain_res->msgs[0],
+		pso_msg,
+		&msg_mod);
+	if (!NT_STATUS_IS_OK(status)) {
+		status = NT_STATUS_INTERNAL_ERROR;
+		goto error;
+	}
+
+	/*
+	 * Write the data back to disk if required.
+	 */
+	if (msg_mod != NULL) {
+		struct ldb_request *req;
+
+		ret = ldb_build_mod_req(&req, sam_ctx, sam_ctx,
+					msg_mod,
+					NULL,
+					NULL,
+					ldb_op_default_callback,
+					NULL);
+		if (ret != LDB_SUCCESS) {
+			TALLOC_FREE(msg_mod);
+			status = NT_STATUS_INTERNAL_ERROR;
+			goto error;
+		}
+
+		ret = ldb_request_add_control(req,
+					      DSDB_CONTROL_FORCE_RODC_LOCAL_CHANGE,
+					      false, NULL);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(req);
+			status = NT_STATUS_INTERNAL_ERROR;
+			goto error;
+		}
+
+		/*
+		 * As we're in a transaction, make the ldb request directly
+		 * to avoid the nested transaction that would result if we
+		 * called dsdb_autotransaction_request
+		 */
+		ret = ldb_request(sam_ctx, req);
+		if (ret == LDB_SUCCESS) {
+			ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+		}
+		talloc_free(req);
+		if (ret != LDB_SUCCESS) {
+			status = NT_STATUS_INTERNAL_ERROR;
+			goto error;
+		}
+		status = authsam_set_bad_password_indicator(
+			sam_ctx, mem_ctx, msg);
+		if (!NT_STATUS_IS_OK(status)) {
+			goto error;
+		}
+	}
+	/*
+	 * Note that we may not have updated the user record, but
+	 * committing the transaction in that case is still the correct
+	 * thing to do.
+	 * If the transaction was cancelled, this would be logged by
+	 * the dsdb audit log as a failure. When in fact it is expected
+	 * behaviour.
+	 */
+exit:
+	TALLOC_FREE(mem_ctx);
+	ret = ldb_transaction_commit(sam_ctx);
+	if (ret != LDB_SUCCESS) {
+		DBG_ERR("Error (%d) %s, committing transaction,"
+			" while updating bad password count"
+			" for (%s)\n",
+			ret,
+			ldb_errstring(sam_ctx),
+			ldb_dn_get_linearized(msg->dn));
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+	return status;
+
+error:
+	DBG_ERR("Failed to update badPwdCount, badPasswordTime or "
+		"set lockoutTime on %s: %s\n",
+		ldb_dn_get_linearized(msg->dn),
+		ldb_errstring(sam_ctx) != NULL ?
+			ldb_errstring(sam_ctx) :nt_errstr(status));
+	if (txn_active) {
+		ret = ldb_transaction_cancel(sam_ctx);
+		if (ret != LDB_SUCCESS) {
+			DBG_ERR("Error rolling back transaction,"
+				" while updating bad password count"
+				" on %s: %s\n",
+				ldb_dn_get_linearized(msg->dn),
+				ldb_errstring(sam_ctx));
+		}
+	}
+	TALLOC_FREE(mem_ctx);
+	return status;
+
+}
+
+/*
+ * msDS-LogonTimeSyncInterval is an int32_t number of days.
+ *
+ * The docs say: "the initial update, after the domain functional
+ * level is raised to DS_BEHAVIOR_WIN2003 or higher, is calculated as
+ * 14 days minus a random percentage of 5 days", but we aren't doing
+ * that. The blogosphere seems to think that this randomised update
+ * happens every time, but [MS-ADA1] doesn't agree.
+ *
+ * Dochelp referred us to the following blog post:
+ * http://blogs.technet.com/b/askds/archive/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works.aspx
+ *
+ * when msDS-LogonTimeSyncInterval is zero, the lastLogonTimestamp is
+ * not changed.
+ */
+
+static NTSTATUS authsam_calculate_lastlogon_sync_interval(
+	struct ldb_context *sam_ctx,
+	TALLOC_CTX *ctx,
+	struct ldb_dn *domain_dn,
+	NTTIME *sync_interval_nt)
+{
+	static const char *attrs[] = { "msDS-LogonTimeSyncInterval",
+					NULL };
+	int ret;
+	struct ldb_result *domain_res = NULL;
+	TALLOC_CTX *mem_ctx = NULL;
+	uint32_t sync_interval;
+
+	mem_ctx = talloc_new(ctx);
+	if (mem_ctx == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ret = dsdb_search_dn(sam_ctx, mem_ctx, &domain_res, domain_dn, attrs,
+			     0);
+	if (ret != LDB_SUCCESS || domain_res->count != 1) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	sync_interval = ldb_msg_find_attr_as_int(domain_res->msgs[0],
+						 "msDS-LogonTimeSyncInterval",
+						 14);
+	DEBUG(5, ("sync interval is %d\n", sync_interval));
+	if (sync_interval >= 5){
+		/*
+		 * Subtract "a random percentage of 5" days. Presumably this
+		 * percentage is between 0 and 100, and modulus is accurate
+		 * enough.
+		 */
+		uint32_t r = generate_random() % 6;
+		sync_interval -= r;
+		DBG_INFO("randomised sync interval is %d (-%d)\n", sync_interval, r);
+	}
+	/* In the case where sync_interval < 5 there is no randomisation */
+
+	/*
+	 * msDS-LogonTimeSyncInterval is an int32_t number of days,
+	 * while lastLogonTimestamp (to be updated) is in the 64 bit
+	 * 100ns NTTIME format so we must convert.
+	 */
+	*sync_interval_nt = sync_interval * 24LL * 3600LL * 10000000LL;
+	TALLOC_FREE(mem_ctx);
+	return NT_STATUS_OK;
+}
+
+
+/*
+ * We only set lastLogonTimestamp if the current value is older than
+ * now - msDS-LogonTimeSyncInterval days.
+ *
+ * lastLogonTimestamp is in the 64 bit 100ns NTTIME format
+ */
+static NTSTATUS authsam_update_lastlogon_timestamp(struct ldb_context *sam_ctx,
+						   struct ldb_message *msg_mod,
+						   struct ldb_dn *domain_dn,
+						   NTTIME old_timestamp,
+						   NTTIME now,
+						   NTTIME sync_interval_nt)
+{
+	int ret;
+	DEBUG(5, ("old timestamp is %lld, threshold %lld, diff %lld\n",
+		  (long long int)old_timestamp,
+		  (long long int)(now - sync_interval_nt),
+		  (long long int)(old_timestamp - now + sync_interval_nt)));
+
+	if (sync_interval_nt == 0){
+		/*
+		 * Setting msDS-LogonTimeSyncInterval to zero is how you ask
+		 * that nothing happens here.
+		 */
+		return NT_STATUS_OK;
+	}
+	if (old_timestamp > now){
+		DEBUG(0, ("lastLogonTimestamp is in the future! (%lld > %lld)\n",
+			  (long long int)old_timestamp, (long long int)now));
+		/* then what? */
+
+	} else if (old_timestamp < now - sync_interval_nt){
+		DEBUG(5, ("updating lastLogonTimestamp to %lld\n",
+			  (long long int)now));
+
+		/* The time has come to update lastLogonTimestamp */
+		ret = samdb_msg_add_int64(sam_ctx, msg_mod, msg_mod,
+					  "lastLogonTimestamp", now);
+
+		if (ret != LDB_SUCCESS) {
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+	return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ Look for the specified user in the sam, return ldb result structures
+****************************************************************************/
+
+NTSTATUS authsam_search_account(TALLOC_CTX *mem_ctx, struct ldb_context *sam_ctx,
+					 const char *account_name,
+					 struct ldb_dn *domain_dn,
+					 struct ldb_message **ret_msg)
+{
+	int ret;
+	char *account_name_encoded = NULL;
+
+	account_name_encoded = ldb_binary_encode_string(mem_ctx, account_name);
+	if (account_name_encoded == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* pull the user attributes */
+	ret = dsdb_search_one(sam_ctx, mem_ctx, ret_msg, domain_dn, LDB_SCOPE_SUBTREE,
+			      user_attrs,
+			      DSDB_SEARCH_SHOW_EXTENDED_DN,
+			      "(&(sAMAccountName=%s)(objectclass=user))",
+			      account_name_encoded);
+	if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+		DEBUG(3,("authsam_search_account: Couldn't find user [%s] in samdb, under %s\n",
+			 account_name, ldb_dn_get_linearized(domain_dn)));
+		return NT_STATUS_NO_SUCH_USER;
+	}
+	if (ret != LDB_SUCCESS) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+/* Reset the badPwdCount to zero and update the lastLogon time. */
+NTSTATUS authsam_logon_success_accounting(struct ldb_context *sam_ctx,
+					  const struct ldb_message *msg,
+					  struct ldb_dn *domain_dn,
+					  bool interactive_or_kerberos,
+					  TALLOC_CTX *send_to_sam_mem_ctx,
+					  struct netr_SendToSamBase **send_to_sam)
+{
+	int ret;
+	NTSTATUS status;
+	int badPwdCount;
+	int dbBadPwdCount;
+	int64_t lockoutTime;
+	struct ldb_message *msg_mod;
+	TALLOC_CTX *mem_ctx;
+	struct timeval tv_now;
+	NTTIME now;
+	NTTIME lastLogonTimestamp;
+	int64_t lockOutObservationWindow;
+	NTTIME sync_interval_nt = 0;
+	bool am_rodc = false;
+	bool txn_active = false;
+	bool need_db_reread;
+
+	mem_ctx = talloc_new(msg);
+	if (mem_ctx == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/*
+	 * Any update of the last logon data, needs to be done inside a
+	 * transaction.
+	 * And the user data needs to be re-read, and the account re-checked
+	 * for lockout.
+	 *
+	 * Howevver we have long-running transactions like replication
+	 * that could otherwise grind the system to a halt so we first
+	 * determine if *this* account has seen a bad password,
+	 * otherwise we only start a transaction if there was a need
+	 * (because a change was to be made).
+	 */
+
+	status = authsam_check_bad_password_indicator(
+		sam_ctx, mem_ctx, &need_db_reread, msg);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(mem_ctx);
+		return status;
+	}
+
+	if (interactive_or_kerberos == false) {
+		/*
+		 * Avoid calculating this twice, it reads the PSO.  A
+		 * race on this is unimportant.
+		 */
+		lockOutObservationWindow
+			= samdb_result_msds_LockoutObservationWindow(
+				sam_ctx, mem_ctx, domain_dn, msg);
+	}
+
+	ret = samdb_rodc(sam_ctx, &am_rodc);
+	if (ret != LDB_SUCCESS) {
+		status = NT_STATUS_INTERNAL_ERROR;
+		goto error;
+	}
+
+	if (!am_rodc) {
+		/*
+		 * Avoid reading the main domain DN twice.  A race on
+		 * this is unimportant.
+		 */
+		status = authsam_calculate_lastlogon_sync_interval(
+			sam_ctx, mem_ctx, domain_dn, &sync_interval_nt);
+
+		if (!NT_STATUS_IS_OK(status)) {
+			status = NT_STATUS_INTERNAL_ERROR;
+			goto error;
+		}
+	}
+
+get_transaction:
+
+	if (need_db_reread) {
+		struct ldb_message *current = NULL;
+
+		/*
+		 * Start a new transaction
+		 */
+		ret = ldb_transaction_start(sam_ctx);
+		if (ret != LDB_SUCCESS) {
+			status = NT_STATUS_INTERNAL_ERROR;
+			goto error;
+		}
+
+		txn_active = true;
+
+		/*
+		 * Re-read the account details, using the GUID
+		 * embedded in DN so this is safe against a race where
+		 * it is being renamed.
+		 */
+		status = authsam_reread_user_logon_data(
+			sam_ctx, mem_ctx, msg, &current);
+		if (!NT_STATUS_IS_OK(status)) {
+			/*
+			 * The re-read can return account locked out, as well
+			 * as an internal error
+			 */
+			if (NT_STATUS_EQUAL(status, NT_STATUS_ACCOUNT_LOCKED_OUT)) {
+				/*
+				 * For NT_STATUS_ACCOUNT_LOCKED_OUT we want to commit
+				 * the transaction. Again to avoid cluttering the
+				 * audit logs with spurious errors
+				 */
+				goto exit;
+			}
+			goto error;
+		}
+		msg = current;
+	}
+
+	lockoutTime = ldb_msg_find_attr_as_int64(msg, "lockoutTime", 0);
+	dbBadPwdCount = ldb_msg_find_attr_as_int(msg, "badPwdCount", 0);
+	tv_now = timeval_current();
+	now = timeval_to_nttime(&tv_now);
+
+	if (interactive_or_kerberos) {
+		badPwdCount = dbBadPwdCount;
+	} else {
+		/*
+		 * We get lockOutObservationWindow above, before the
+		 * transaction
+		 */
+		badPwdCount = dsdb_effective_badPwdCount(
+			msg, lockOutObservationWindow, now);
+	}
+	lastLogonTimestamp =
+		ldb_msg_find_attr_as_int64(msg, "lastLogonTimestamp", 0);
+
+	DEBUG(5, ("lastLogonTimestamp is %lld\n",
+		  (long long int)lastLogonTimestamp));
+
+	msg_mod = ldb_msg_new(mem_ctx);
+	if (msg_mod == NULL) {
+		status = NT_STATUS_NO_MEMORY;
+		goto error;
+	}
+
+	/*
+	 * By using the DN from msg->dn directly, we allow LDB to
+	 * prefer the embedded GUID form, so this is actually quite
+	 * safe even in the case where DN has been changed
+	 */
+	msg_mod->dn = msg->dn;
+
+	if (lockoutTime != 0) {
+		/*
+		 * This implies "badPwdCount" = 0, see samldb_lockout_time()
+		 */
+		ret = samdb_msg_add_int(sam_ctx, msg_mod, msg_mod, "lockoutTime", 0);
+		if (ret != LDB_SUCCESS) {
+			status = NT_STATUS_NO_MEMORY;
+			goto error;
+		}
+	} else if (badPwdCount != 0) {
+		ret = samdb_msg_add_int(sam_ctx, msg_mod, msg_mod, "badPwdCount", 0);
+		if (ret != LDB_SUCCESS) {
+			status = NT_STATUS_NO_MEMORY;
+			goto error;
+		}
+	}
+
+	if (interactive_or_kerberos ||
+	    (badPwdCount != 0 && lockoutTime == 0)) {
+		ret = samdb_msg_add_int64(sam_ctx, msg_mod, msg_mod,
+					  "lastLogon", now);
+		if (ret != LDB_SUCCESS) {
+			status = NT_STATUS_NO_MEMORY;
+			goto error;
+		}
+	}
+
+	if (interactive_or_kerberos) {
+		int logonCount;
+
+		logonCount = ldb_msg_find_attr_as_int(msg, "logonCount", 0);
+
+		logonCount += 1;
+
+		ret = samdb_msg_add_int(sam_ctx, msg_mod, msg_mod,
+					"logonCount", logonCount);
+		if (ret != LDB_SUCCESS) {
+			status = NT_STATUS_NO_MEMORY;
+			goto error;
+		}
+	} else {
+		/* Set an unset logonCount to 0 on first successful login */
+		if (ldb_msg_find_ldb_val(msg, "logonCount") == NULL) {
+			ret = samdb_msg_add_int(sam_ctx, msg_mod, msg_mod,
+						"logonCount", 0);
+			if (ret != LDB_SUCCESS) {
+				TALLOC_FREE(mem_ctx);
+				return NT_STATUS_NO_MEMORY;
+			}
+		}
+	}
+
+	if (!am_rodc) {
+		status = authsam_update_lastlogon_timestamp(
+			sam_ctx,
+			msg_mod,
+			domain_dn,
+			lastLogonTimestamp,
+			now,
+			sync_interval_nt);
+		if (!NT_STATUS_IS_OK(status)) {
+			status = NT_STATUS_NO_MEMORY;
+			goto error;
+		}
+	} else {
+		/* Perform the (async) SendToSAM calls for MS-SAMS */
+		if (dbBadPwdCount != 0 && send_to_sam != NULL) {
+			struct netr_SendToSamBase *base_msg;
+			struct GUID guid = samdb_result_guid(msg, "objectGUID");
+
+			base_msg = talloc_zero(send_to_sam_mem_ctx,
+					       struct netr_SendToSamBase);
+			if (base_msg == NULL) {
+				status = NT_STATUS_NO_MEMORY;
+				goto error;
+			}
+
+			base_msg->message_type = SendToSamResetBadPasswordCount;
+			base_msg->message_size = 16;
+			base_msg->message.reset_bad_password.guid = guid;
+			*send_to_sam = base_msg;
+		}
+	}
+
+	if (msg_mod->num_elements > 0) {
+		unsigned int i;
+		struct ldb_request *req;
+
+		/*
+		 * If it turns out we are going to update the DB, go
+		 * back to the start, get a transaction and the
+		 * current DB state and try again
+		 */
+		if (txn_active == false) {
+			need_db_reread = true;
+			goto get_transaction;
+		}
+
+		/* mark all the message elements as LDB_FLAG_MOD_REPLACE */
+		for (i=0;i<msg_mod->num_elements;i++) {
+			msg_mod->elements[i].flags = LDB_FLAG_MOD_REPLACE;
+		}
+
+		ret = ldb_build_mod_req(&req, sam_ctx, sam_ctx,
+					msg_mod,
+					NULL,
+					NULL,
+					ldb_op_default_callback,
+					NULL);
+		if (ret != LDB_SUCCESS) {
+			status = NT_STATUS_INTERNAL_ERROR;
+			goto error;
+		}
+
+		ret = ldb_request_add_control(req,
+					      DSDB_CONTROL_FORCE_RODC_LOCAL_CHANGE,
+					      false, NULL);
+		if (ret != LDB_SUCCESS) {
+			TALLOC_FREE(req);
+			status = NT_STATUS_INTERNAL_ERROR;
+			goto error;
+		}
+		/*
+		 * As we're in a transaction, make the ldb request directly
+		 * to avoid the nested transaction that would result if we
+		 * called dsdb_autotransaction_request
+		 */
+		ret = ldb_request(sam_ctx, req);
+		if (ret == LDB_SUCCESS) {
+			ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+		}
+		TALLOC_FREE(req);
+		if (ret != LDB_SUCCESS) {
+			status = NT_STATUS_INTERNAL_ERROR;
+			goto error;
+		}
+	}
+	status = authsam_clear_bad_password_indicator(sam_ctx, mem_ctx, msg);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto error;
+	}
+
+	/*
+	 * Note that we may not have updated the user record, but
+	 * committing the transaction in that case is still the correct
+	 * thing to do.
+	 * If the transaction was cancelled, this would be logged by
+	 * the dsdb audit log as a failure. When in fact it is expected
+	 * behaviour.
+	 *
+	 * Thankfully both TDB and LMDB seem to optimise for the empty
+	 * transaction case
+	 */
+exit:
+	TALLOC_FREE(mem_ctx);
+
+	if (txn_active == false) {
+		return status;
+	}
+
+	ret = ldb_transaction_commit(sam_ctx);
+	if (ret != LDB_SUCCESS) {
+		DBG_ERR("Error (%d) %s, committing transaction,"
+			" while updating successful logon accounting"
+			" for (%s)\n",
+			ret,
+			ldb_errstring(sam_ctx),
+			ldb_dn_get_linearized(msg->dn));
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+	return status;
+
+error:
+	DBG_ERR("Failed to update badPwdCount, badPasswordTime or "
+		"set lockoutTime on %s: %s\n",
+		ldb_dn_get_linearized(msg->dn),
+		ldb_errstring(sam_ctx) != NULL ?
+			ldb_errstring(sam_ctx) :nt_errstr(status));
+	if (txn_active) {
+		ret = ldb_transaction_cancel(sam_ctx);
+		if (ret != LDB_SUCCESS) {
+			DBG_ERR("Error rolling back transaction,"
+				" while updating bad password count"
+				" on %s: %s\n",
+				ldb_dn_get_linearized(msg->dn),
+				ldb_errstring(sam_ctx));
+		}
+	}
+	TALLOC_FREE(mem_ctx);
+	return status;
+}
diff --git a/source4/auth/samba_server_gensec.c b/source4/auth/samba_server_gensec.c
new file mode 100644
index 0000000..b5d436d
--- /dev/null
+++ b/source4/auth/samba_server_gensec.c
@@ -0,0 +1,152 @@
+/* 
+   Unix SMB/CIFS implementation.
+ 
+   Generic Authentication Interface for Samba Servers
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2009
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/* This code sets up GENSEC in the way that all Samba servers want
+ * (because they have presumed access to the sam.ldb etc */
+
+#include "includes.h"
+#include "auth/auth.h"
+#include "auth/gensec/gensec.h"
+#include "param/param.h"
+
+static NTSTATUS samba_server_gensec_start_settings(TALLOC_CTX *mem_ctx,
+				   struct tevent_context *event_ctx,
+				   struct imessaging_context *msg_ctx,
+				   struct loadparm_context *lp_ctx,
+				   struct gensec_settings *settings,
+				   struct cli_credentials *server_credentials,
+				   const char *target_service,
+				   struct gensec_security **gensec_context)
+{ 
+	NTSTATUS nt_status;
+	struct gensec_security *gensec_ctx;
+	struct auth4_context *auth_context;
+
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	if (!tmp_ctx) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	
+	nt_status = auth_context_create(tmp_ctx,
+					event_ctx, 
+					msg_ctx, 
+					lp_ctx,
+					&auth_context);
+	
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		DEBUG(1, ("Failed to start auth server code: %s\n", nt_errstr(nt_status)));
+		talloc_free(tmp_ctx);
+		return nt_status;
+	}
+
+	nt_status = gensec_server_start(tmp_ctx,
+					settings,
+					auth_context,
+					&gensec_ctx);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(tmp_ctx);
+		DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(nt_status)));
+		return nt_status;
+	}
+	
+	gensec_set_credentials(gensec_ctx, server_credentials);
+
+	if (target_service) {
+		gensec_set_target_service(gensec_ctx, target_service);
+	}
+	*gensec_context = talloc_steal(mem_ctx, gensec_ctx);
+	talloc_free(tmp_ctx);
+	return nt_status;
+}
+
+NTSTATUS samba_server_gensec_start(TALLOC_CTX *mem_ctx,
+				   struct tevent_context *event_ctx,
+				   struct imessaging_context *msg_ctx,
+				   struct loadparm_context *lp_ctx,
+				   struct cli_credentials *server_credentials,
+				   const char *target_service,
+				   struct gensec_security **gensec_context)
+{
+	struct gensec_settings *settings = NULL;
+	NTSTATUS status;
+
+	settings = lpcfg_gensec_settings(mem_ctx, lp_ctx);
+	if (settings == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	status = samba_server_gensec_start_settings(mem_ctx, event_ctx,
+						    msg_ctx, lp_ctx,
+						    settings, server_credentials,
+						    target_service,
+						    gensec_context);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(settings);
+		return status;
+	}
+
+	talloc_reparent(mem_ctx, *gensec_context, settings);
+	return NT_STATUS_OK;
+}
+
+NTSTATUS samba_server_gensec_krb5_start(TALLOC_CTX *mem_ctx,
+					struct tevent_context *event_ctx,
+					struct imessaging_context *msg_ctx,
+					struct loadparm_context *lp_ctx,
+					struct cli_credentials *server_credentials,
+					const char *target_service,
+					struct gensec_security **gensec_context)
+{
+	struct gensec_settings *settings = NULL;
+	const struct gensec_security_ops **backends = NULL;
+	size_t idx = 0;
+	NTSTATUS status;
+
+	settings = lpcfg_gensec_settings(mem_ctx, lp_ctx);
+	if (settings == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	backends = talloc_zero_array(settings,
+				     const struct gensec_security_ops *, 3);
+	if (backends == NULL) {
+			TALLOC_FREE(settings);
+		return NT_STATUS_NO_MEMORY;
+	}
+	settings->backends = backends;
+
+	gensec_init();
+
+	backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_KERBEROS5);
+
+	backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_SPNEGO);
+
+	status = samba_server_gensec_start_settings(mem_ctx, event_ctx,
+						    msg_ctx, lp_ctx,
+						    settings, server_credentials,
+						    target_service,
+						    gensec_context);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(settings);
+		return status;
+	}
+
+	talloc_reparent(mem_ctx, *gensec_context, settings);
+	return NT_STATUS_OK;
+}
diff --git a/source4/auth/session.c b/source4/auth/session.c
new file mode 100644
index 0000000..9c9d8c4
--- /dev/null
+++ b/source4/auth/session.c
@@ -0,0 +1,828 @@
+/*
+   Unix SMB/CIFS implementation.
+   Authentication utility functions
+   Copyright (C) Andrew Tridgell 1992-1998
+   Copyright (C) Andrew Bartlett 2001-2010
+   Copyright (C) Jeremy Allison 2000-2001
+   Copyright (C) Rafal Szczesniak 2002
+   Copyright (C) Stefan Metzmacher 2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "auth/auth.h"
+#include "auth/auth_sam.h"
+#include "auth/credentials/credentials.h"
+#include "auth/credentials/credentials_krb5.h"
+#include "libcli/security/security.h"
+#include "libcli/security/claims-conversions.h"
+#include "libcli/auth/libcli_auth.h"
+#include "librpc/gen_ndr/claims.h"
+#include "librpc/gen_ndr/ndr_claims.h"
+#include "dsdb/samdb/samdb.h"
+#include "auth/session_proto.h"
+#include "system/kerberos.h"
+#include <gssapi/gssapi.h>
+#include "libcli/wbclient/wbclient.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
+_PUBLIC_ struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx,
+					    struct loadparm_context *lp_ctx)
+{
+	NTSTATUS nt_status;
+	struct auth_session_info *session_info = NULL;
+	nt_status = auth_anonymous_session_info(mem_ctx, lp_ctx, &session_info);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		return NULL;
+	}
+	return session_info;
+}
+
+_PUBLIC_ NTSTATUS auth_generate_security_token(TALLOC_CTX *mem_ctx,
+					       struct loadparm_context *lp_ctx, /* Optional, if you don't want privileges */
+					       struct ldb_context *sam_ctx, /* Optional, if you don't want local groups */
+					       const struct auth_user_info_dc *user_info_dc,
+					       const struct auth_user_info_dc *device_info_dc,
+					       const struct auth_claims auth_claims,
+					       uint32_t session_info_flags,
+					       struct security_token **_security_token)
+{
+	struct security_token *security_token = NULL;
+	NTSTATUS nt_status;
+	uint32_t i;
+	uint32_t num_sids = 0;
+	uint32_t num_device_sids = 0;
+	const char *filter = NULL;
+	struct auth_SidAttr *sids = NULL;
+	struct auth_SidAttr *device_sids = NULL;
+
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	sids = talloc_array(tmp_ctx, struct auth_SidAttr, user_info_dc->num_sids);
+	if (sids == NULL) {
+		TALLOC_FREE(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	num_sids = user_info_dc->num_sids;
+
+	for (i=0; i < user_info_dc->num_sids; i++) {
+		sids[i] = user_info_dc->sids[i];
+	}
+
+	/*
+	 * Finally add the "standard" sids.
+	 * The only difference between guest and "anonymous"
+	 * is the addition of Authenticated_Users.
+	 */
+
+	if (session_info_flags & AUTH_SESSION_INFO_DEFAULT_GROUPS) {
+		sids = talloc_realloc(tmp_ctx, sids, struct auth_SidAttr, num_sids + 2);
+		if (sids == NULL) {
+			TALLOC_FREE(tmp_ctx);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		sid_copy(&sids[num_sids].sid, &global_sid_World);
+		sids[num_sids].attrs = SE_GROUP_DEFAULT_FLAGS;
+		num_sids++;
+
+		sid_copy(&sids[num_sids].sid, &global_sid_Network);
+		sids[num_sids].attrs = SE_GROUP_DEFAULT_FLAGS;
+		num_sids++;
+	}
+
+	if (session_info_flags & AUTH_SESSION_INFO_AUTHENTICATED) {
+		sids = talloc_realloc(tmp_ctx, sids, struct auth_SidAttr, num_sids + 1);
+		if (sids == NULL) {
+			TALLOC_FREE(tmp_ctx);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		sid_copy(&sids[num_sids].sid, &global_sid_Authenticated_Users);
+		sids[num_sids].attrs = SE_GROUP_DEFAULT_FLAGS;
+		num_sids++;
+	}
+
+	if (session_info_flags & AUTH_SESSION_INFO_NTLM) {
+		sids = talloc_realloc(tmp_ctx, sids, struct auth_SidAttr, num_sids + 1);
+		if (sids == NULL) {
+			TALLOC_FREE(tmp_ctx);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		if (!dom_sid_parse(SID_NT_NTLM_AUTHENTICATION, &sids[num_sids].sid)) {
+			TALLOC_FREE(tmp_ctx);
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+		sids[num_sids].attrs = SE_GROUP_DEFAULT_FLAGS;
+		num_sids++;
+	}
+
+
+	if (num_sids > PRIMARY_USER_SID_INDEX && dom_sid_equal(&global_sid_Anonymous, &sids[PRIMARY_USER_SID_INDEX].sid)) {
+		/* Don't expand nested groups of system, anonymous etc*/
+	} else if (num_sids > PRIMARY_USER_SID_INDEX && dom_sid_equal(&global_sid_System, &sids[PRIMARY_USER_SID_INDEX].sid)) {
+		/* Don't expand nested groups of system, anonymous etc*/
+	} else if (sam_ctx != NULL) {
+		filter = talloc_asprintf(tmp_ctx, "(&(objectClass=group)(groupType:"LDB_OID_COMPARATOR_AND":=%u))",
+					 GROUP_TYPE_BUILTIN_LOCAL_GROUP);
+
+		/* Search for each group in the token */
+		for (i = 0; i < num_sids; i++) {
+			struct dom_sid_buf buf;
+			const char *sid_dn;
+			DATA_BLOB sid_blob;
+
+			sid_dn = talloc_asprintf(
+				tmp_ctx,
+				"<SID=%s>",
+				dom_sid_str_buf(&sids[i].sid, &buf));
+			if (sid_dn == NULL) {
+				TALLOC_FREE(tmp_ctx);
+				return NT_STATUS_NO_MEMORY;
+			}
+			sid_blob = data_blob_string_const(sid_dn);
+
+			/* This function takes in memberOf values and expands
+			 * them, as long as they meet the filter - so only
+			 * builtin groups
+			 *
+			 * We already have the SID in the token, so set
+			 * 'only childs' flag to true */
+			nt_status = dsdb_expand_nested_groups(sam_ctx, &sid_blob, true, filter,
+							      tmp_ctx, &sids, &num_sids);
+			if (!NT_STATUS_IS_OK(nt_status)) {
+				talloc_free(tmp_ctx);
+				return nt_status;
+			}
+		}
+	}
+
+	if (device_info_dc != NULL) {
+		/*
+		 * Make a copy of the device SIDs in case we need to add extra SIDs on
+		 * the end. One can never have too much copying.
+		 */
+		num_device_sids = device_info_dc->num_sids;
+		device_sids = talloc_array(tmp_ctx,
+				    struct auth_SidAttr,
+				    num_device_sids);
+		if (device_sids == NULL) {
+			TALLOC_FREE(tmp_ctx);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		for (i = 0; i < num_device_sids; i++) {
+			device_sids[i] = device_info_dc->sids[i];
+		}
+
+		if (session_info_flags & AUTH_SESSION_INFO_DEVICE_DEFAULT_GROUPS) {
+			device_sids = talloc_realloc(tmp_ctx,
+						     device_sids,
+						     struct auth_SidAttr,
+						     num_device_sids + 2);
+			if (device_sids == NULL) {
+				TALLOC_FREE(tmp_ctx);
+				return NT_STATUS_NO_MEMORY;
+			}
+
+			device_sids[num_device_sids++] = (struct auth_SidAttr) {
+				.sid = global_sid_World,
+				.attrs = SE_GROUP_DEFAULT_FLAGS,
+			};
+			device_sids[num_device_sids++] = (struct auth_SidAttr) {
+				.sid = global_sid_Network,
+				.attrs = SE_GROUP_DEFAULT_FLAGS,
+			};
+		}
+
+		if (session_info_flags & AUTH_SESSION_INFO_DEVICE_AUTHENTICATED) {
+			device_sids = talloc_realloc(tmp_ctx,
+						     device_sids,
+						     struct auth_SidAttr,
+						     num_device_sids + 1);
+			if (device_sids == NULL) {
+				TALLOC_FREE(tmp_ctx);
+				return NT_STATUS_NO_MEMORY;
+			}
+
+			device_sids[num_device_sids++] = (struct auth_SidAttr) {
+				.sid = global_sid_Authenticated_Users,
+				.attrs = SE_GROUP_DEFAULT_FLAGS,
+			};
+		}
+	}
+
+	nt_status = security_token_create(mem_ctx,
+					  lp_ctx,
+					  num_sids,
+					  sids,
+					  num_device_sids,
+					  device_sids,
+					  auth_claims,
+					  session_info_flags,
+					  &security_token);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		TALLOC_FREE(tmp_ctx);
+		return nt_status;
+	}
+
+	talloc_steal(mem_ctx, security_token);
+	*_security_token = security_token;
+	talloc_free(tmp_ctx);
+	return NT_STATUS_OK;
+}
+
+_PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,
+					     struct loadparm_context *lp_ctx, /* Optional, if you don't want privileges */
+					     struct ldb_context *sam_ctx, /* Optional, if you don't want local groups */
+					     const struct auth_user_info_dc *user_info_dc,
+					     uint32_t session_info_flags,
+					     struct auth_session_info **_session_info)
+{
+	struct auth_session_info *session_info;
+	NTSTATUS nt_status;
+
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
+
+	session_info = talloc_zero(tmp_ctx, struct auth_session_info);
+	if (session_info == NULL) {
+		TALLOC_FREE(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	session_info->info = talloc_reference(session_info, user_info_dc->info);
+	if (session_info->info == NULL) {
+		TALLOC_FREE(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	session_info->torture = talloc_zero(session_info, struct auth_user_info_torture);
+	if (session_info->torture == NULL) {
+		TALLOC_FREE(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+	session_info->torture->num_dc_sids = user_info_dc->num_sids;
+	session_info->torture->dc_sids = talloc_reference(session_info, user_info_dc->sids);
+	if (session_info->torture->dc_sids == NULL) {
+		TALLOC_FREE(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* unless set otherwise, the session key is the user session
+	 * key from the auth subsystem */
+	session_info->session_key = data_blob_talloc(session_info, user_info_dc->user_session_key.data, user_info_dc->user_session_key.length);
+	if (!session_info->session_key.data && user_info_dc->user_session_key.length) {
+		TALLOC_FREE(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	nt_status = auth_generate_security_token(session_info,
+						 lp_ctx,
+						 sam_ctx,
+						 user_info_dc,
+						 NULL /*device_info_dc */,
+						 (struct auth_claims) {},
+						 session_info_flags,
+						 &session_info->security_token);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		TALLOC_FREE(tmp_ctx);
+		return nt_status;
+	}
+
+	session_info->unique_session_token = GUID_random();
+
+	session_info->credentials = NULL;
+
+	session_info->ticket_type = user_info_dc->ticket_type;
+
+	talloc_steal(mem_ctx, session_info);
+	*_session_info = session_info;
+	talloc_free(tmp_ctx);
+	return NT_STATUS_OK;
+}
+
+
+/* Fill out the auth_session_info with a cli_credentials based on the
+ * auth_session_info we were forwarded over named pipe forwarding.
+ *
+ * NOTE: The structure members of session_info_transport are stolen
+ * with talloc_move() into auth_session_info for long term use
+ */
+struct auth_session_info *auth_session_info_from_transport(TALLOC_CTX *mem_ctx,
+							   struct auth_session_info_transport *session_info_transport,
+							   struct loadparm_context *lp_ctx,
+							   const char **reason)
+{
+	struct auth_session_info *session_info;
+	session_info = talloc_steal(mem_ctx, session_info_transport->session_info);
+	/*
+	 * This is to allow us to check the type of this pointer using
+	 * talloc_get_type()
+	 */
+	talloc_set_name(session_info, "struct auth_session_info");
+#ifdef HAVE_GSS_IMPORT_CRED
+	if (session_info_transport->exported_gssapi_credentials.length) {
+		struct cli_credentials *creds;
+		OM_uint32 minor_status;
+		gss_buffer_desc cred_token;
+		gss_cred_id_t cred_handle;
+		const char *error_string;
+		int ret;
+		bool ok;
+
+		DEBUG(10, ("Delegated credentials supplied by client\n"));
+
+		cred_token.value = session_info_transport->exported_gssapi_credentials.data;
+		cred_token.length = session_info_transport->exported_gssapi_credentials.length;
+
+		ret = gss_import_cred(&minor_status,
+				      &cred_token,
+				      &cred_handle);
+		if (ret != GSS_S_COMPLETE) {
+			*reason = "Internal error in gss_import_cred()";
+			return NULL;
+		}
+
+		creds = cli_credentials_init(session_info);
+		if (!creds) {
+			*reason = "Out of memory in cli_credentials_init()";
+			return NULL;
+		}
+		session_info->credentials = creds;
+
+		ok = cli_credentials_set_conf(creds, lp_ctx);
+		if (!ok) {
+			*reason = "Failed to load smb.conf";
+			return NULL;
+		}
+
+		/* Just so we don't segfault trying to get at a username */
+		cli_credentials_set_anonymous(creds);
+
+		ret = cli_credentials_set_client_gss_creds(creds,
+							   lp_ctx,
+							   cred_handle,
+							   CRED_SPECIFIED,
+							   &error_string);
+		if (ret) {
+			*reason = talloc_asprintf(mem_ctx,
+						  "Failed to set pipe forwarded "
+						  "creds: %s\n", error_string);
+			return NULL;
+		}
+
+		/* This credential handle isn't useful for password
+		 * authentication, so ensure nobody tries to do that */
+		cli_credentials_set_kerberos_state(creds,
+						   CRED_USE_KERBEROS_REQUIRED,
+						   CRED_SPECIFIED);
+
+	}
+#endif
+	return session_info;
+}
+
+
+/* Create a auth_session_info_transport from an auth_session_info.
+ *
+ * NOTE: Members of the auth_session_info_transport structure are
+ * talloc_referenced() into this structure, and should not be changed.
+ */
+NTSTATUS auth_session_info_transport_from_session(TALLOC_CTX *mem_ctx,
+						  struct auth_session_info *session_info,
+						  struct tevent_context *event_ctx,
+						  struct loadparm_context *lp_ctx,
+						  struct auth_session_info_transport **transport_out)
+{
+
+	struct auth_session_info_transport *session_info_transport
+		= talloc_zero(mem_ctx, struct auth_session_info_transport);
+	if (!session_info_transport) {
+		return NT_STATUS_NO_MEMORY;
+	};
+	session_info_transport->session_info = talloc_reference(session_info_transport, session_info);
+	if (!session_info_transport->session_info) {
+		return NT_STATUS_NO_MEMORY;
+	};
+#ifdef HAVE_GSS_EXPORT_CRED
+	if (session_info->credentials) {
+		struct gssapi_creds_container *gcc;
+		OM_uint32 gret;
+		OM_uint32 minor_status;
+		gss_buffer_desc cred_token;
+		const char *error_string;
+		int ret;
+
+		ret = cli_credentials_get_client_gss_creds(session_info->credentials,
+							   event_ctx,
+							   lp_ctx,
+							   &gcc, &error_string);
+		if (ret != 0) {
+			*transport_out = session_info_transport;
+			return NT_STATUS_OK;
+		}
+
+		gret = gss_export_cred(&minor_status,
+				       gcc->creds,
+				       &cred_token);
+		if (gret != GSS_S_COMPLETE) {
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+
+		if (cred_token.length) {
+			session_info_transport->exported_gssapi_credentials
+				= data_blob_talloc(session_info_transport,
+						   cred_token.value,
+						   cred_token.length);
+			gss_release_buffer(&minor_status, &cred_token);
+			NT_STATUS_HAVE_NO_MEMORY(session_info_transport->exported_gssapi_credentials.data);
+		}
+	}
+#endif
+	*transport_out = session_info_transport;
+	return NT_STATUS_OK;
+}
+
+
+/* Produce a session_info for an arbitrary DN or principal in the local
+ * DB, assuming the local DB holds all the groups
+ *
+ * Supply either a principal or a DN
+ */
+NTSTATUS authsam_get_session_info_principal(TALLOC_CTX *mem_ctx,
+					    struct loadparm_context *lp_ctx,
+					    struct ldb_context *sam_ctx,
+					    const char *principal,
+					    struct ldb_dn *user_dn,
+					    uint32_t session_info_flags,
+					    struct auth_session_info **session_info)
+{
+	NTSTATUS nt_status;
+	struct auth_user_info_dc *user_info_dc;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	if (!tmp_ctx) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	nt_status = authsam_get_user_info_dc_principal(tmp_ctx, lp_ctx, sam_ctx,
+						      principal, user_dn,
+						      &user_info_dc);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(tmp_ctx);
+		return nt_status;
+	}
+
+	nt_status = auth_generate_session_info(tmp_ctx, lp_ctx, sam_ctx,
+					       user_info_dc,
+					       session_info_flags,
+					       session_info);
+
+	if (NT_STATUS_IS_OK(nt_status)) {
+		talloc_steal(mem_ctx, *session_info);
+	}
+	talloc_free(tmp_ctx);
+	return nt_status;
+}
+
+/**
+ * prints a struct auth_session_info security token to debug output.
+ */
+void auth_session_info_debug(int dbg_lev,
+			     const struct auth_session_info *session_info)
+{
+	if (!session_info) {
+		DEBUG(dbg_lev, ("Session Info: (NULL)\n"));
+		return;
+	}
+
+	security_token_debug(DBGC_AUTH, dbg_lev,
+			     session_info->security_token);
+}
+
+NTSTATUS encode_claims_set(TALLOC_CTX *mem_ctx,
+			   struct CLAIMS_SET *claims_set,
+			   DATA_BLOB *claims_blob)
+{
+	TALLOC_CTX *tmp_ctx = NULL;
+	enum ndr_err_code ndr_err;
+	struct CLAIMS_SET_NDR *claims_set_info = NULL;
+	struct CLAIMS_SET_METADATA *metadata = NULL;
+	struct CLAIMS_SET_METADATA_NDR *metadata_ndr = NULL;
+
+	if (claims_blob == NULL) {
+		return NT_STATUS_INVALID_PARAMETER_3;
+	}
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	metadata_ndr = talloc(tmp_ctx, struct CLAIMS_SET_METADATA_NDR);
+	if (metadata_ndr == NULL) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	metadata = talloc(metadata_ndr, struct CLAIMS_SET_METADATA);
+	if (metadata == NULL) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	claims_set_info = talloc(metadata, struct CLAIMS_SET_NDR);
+	if (claims_set_info == NULL) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	*metadata_ndr = (struct CLAIMS_SET_METADATA_NDR) {
+		.claims.metadata = metadata,
+	};
+
+	*metadata = (struct CLAIMS_SET_METADATA) {
+		.claims_set = claims_set_info,
+		.compression_format = CLAIMS_COMPRESSION_FORMAT_XPRESS_HUFF,
+	};
+
+	*claims_set_info = (struct CLAIMS_SET_NDR) {
+		.claims.claims = claims_set,
+	};
+
+	ndr_err = ndr_push_struct_blob(claims_blob, mem_ctx, metadata_ndr,
+				       (ndr_push_flags_fn_t)ndr_push_CLAIMS_SET_METADATA_NDR);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
+		DBG_ERR("CLAIMS_SET_METADATA_NDR push failed: %s\n",
+			nt_errstr(nt_status));
+
+		talloc_free(tmp_ctx);
+		return nt_status;
+	}
+
+	talloc_free(tmp_ctx);
+	return NT_STATUS_OK;
+}
+
+/*
+ * Construct a ‘claims_data’ structure from a claims blob, such as is found in a
+ * PAC.
+ */
+NTSTATUS claims_data_from_encoded_claims_set(TALLOC_CTX *claims_data_ctx,
+					     const DATA_BLOB *encoded_claims_set,
+					     struct claims_data **out)
+{
+	struct claims_data *claims_data = NULL;
+	DATA_BLOB data = {};
+
+	if (out == NULL) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	*out = NULL;
+
+	claims_data = talloc(claims_data_ctx, struct claims_data);
+	if (claims_data == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (encoded_claims_set != NULL) {
+		/*
+		 * We make a copy of the data, for it might not be
+		 * talloc�allocated — we might have obtained it directly with
+		 * krb5_pac_get_buffer().
+		 */
+		data = data_blob_dup_talloc(claims_data, *encoded_claims_set);
+		if (data.length != encoded_claims_set->length) {
+			talloc_free(claims_data);
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
+	*claims_data = (struct claims_data) {
+		.encoded_claims_set = data,
+		.flags = CLAIMS_DATA_ENCODED_CLAIMS_PRESENT,
+	};
+
+	*out = claims_data;
+
+	return NT_STATUS_OK;
+}
+
+/*
+ * Construct a ‘claims_data’ structure from a talloc�allocated claims set, such
+ * as we might build from searching the database. If this function returns
+ * successfully, it assumes ownership of the claims set.
+ */
+NTSTATUS claims_data_from_claims_set(TALLOC_CTX *claims_data_ctx,
+				     struct CLAIMS_SET *claims_set,
+				     struct claims_data **out)
+{
+	struct claims_data *claims_data = NULL;
+
+	if (out == NULL) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	*out = NULL;
+
+	claims_data = talloc(claims_data_ctx, struct claims_data);
+	if (claims_data == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	*claims_data = (struct claims_data) {
+		.claims_set = talloc_steal(claims_data, claims_set),
+		.flags = CLAIMS_DATA_CLAIMS_PRESENT,
+	};
+
+	*out = claims_data;
+
+	return NT_STATUS_OK;
+}
+
+/*
+ * From a ‘claims_data’ structure, return an encoded claims blob that can be put
+ * into a PAC.
+ */
+NTSTATUS claims_data_encoded_claims_set(TALLOC_CTX *mem_ctx,
+					struct claims_data *claims_data,
+					DATA_BLOB *encoded_claims_set_out)
+{
+	uint8_t *data = NULL;
+	size_t len;
+
+	if (encoded_claims_set_out == NULL) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	*encoded_claims_set_out = data_blob_null;
+
+	if (claims_data == NULL) {
+		return NT_STATUS_OK;
+	}
+
+	if (!(claims_data->flags & CLAIMS_DATA_ENCODED_CLAIMS_PRESENT)) {
+		NTSTATUS status;
+
+		/* See whether we have a claims set that we can encode. */
+		if (!(claims_data->flags & CLAIMS_DATA_CLAIMS_PRESENT)) {
+			return NT_STATUS_OK;
+		}
+
+		status = encode_claims_set(claims_data,
+					   claims_data->claims_set,
+					   &claims_data->encoded_claims_set);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+
+		claims_data->flags |= CLAIMS_DATA_ENCODED_CLAIMS_PRESENT;
+	}
+
+	if (claims_data->encoded_claims_set.data != NULL) {
+		data = talloc_reference(mem_ctx, claims_data->encoded_claims_set.data);
+		if (data == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+	len = claims_data->encoded_claims_set.length;
+
+	*encoded_claims_set_out = data_blob_const(data, len);
+	return NT_STATUS_OK;
+}
+
+/*
+ * From a ‘claims_data’ structure, return an array of security claims that can
+ * be put in a security token for access checks.
+ */
+NTSTATUS claims_data_security_claims(TALLOC_CTX *mem_ctx,
+				     struct claims_data *claims_data,
+				     struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 **security_claims_out,
+				     uint32_t *n_security_claims_out)
+{
+	struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 *security_claims = NULL;
+	uint32_t n_security_claims;
+	NTSTATUS status;
+
+	if (security_claims_out == NULL) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (n_security_claims_out == NULL) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	*security_claims_out = NULL;
+	*n_security_claims_out = 0;
+
+	if (claims_data == NULL) {
+		return NT_STATUS_OK;
+	}
+
+	if (!(claims_data->flags & CLAIMS_DATA_SECURITY_CLAIMS_PRESENT)) {
+		struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 *decoded_claims = NULL;
+		uint32_t n_decoded_claims = 0;
+
+		/* See whether we have a claims set that we can convert. */
+		if (!(claims_data->flags & CLAIMS_DATA_CLAIMS_PRESENT)) {
+
+			/*
+			 * See whether we have an encoded claims set that we can
+			 * decode.
+			 */
+			if (!(claims_data->flags & CLAIMS_DATA_ENCODED_CLAIMS_PRESENT)) {
+				/* We don’t have anything. */
+				return NT_STATUS_OK;
+			}
+
+			/* Decode an existing claims set. */
+
+			if (claims_data->encoded_claims_set.length) {
+				TALLOC_CTX *tmp_ctx = NULL;
+				struct CLAIMS_SET_METADATA_NDR claims;
+				const struct CLAIMS_SET_METADATA *metadata = NULL;
+				enum ndr_err_code ndr_err;
+
+				tmp_ctx = talloc_new(claims_data);
+				if (tmp_ctx == NULL) {
+					return NT_STATUS_NO_MEMORY;
+				}
+
+				ndr_err = ndr_pull_struct_blob(&claims_data->encoded_claims_set,
+							       tmp_ctx,
+							       &claims,
+							       (ndr_pull_flags_fn_t)ndr_pull_CLAIMS_SET_METADATA_NDR);
+				if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+					status = ndr_map_error2ntstatus(ndr_err);
+					DBG_ERR("Failed to parse encoded claims set: %s\n",
+						nt_errstr(status));
+					talloc_free(tmp_ctx);
+					return status;
+				}
+
+				metadata = claims.claims.metadata;
+				if (metadata != NULL) {
+					struct CLAIMS_SET_NDR *claims_set_ndr = metadata->claims_set;
+					if (claims_set_ndr != NULL) {
+						struct CLAIMS_SET **claims_set = &claims_set_ndr->claims.claims;
+
+						claims_data->claims_set = talloc_move(claims_data, claims_set);
+					}
+				}
+
+				talloc_free(tmp_ctx);
+			}
+
+			claims_data->flags |= CLAIMS_DATA_CLAIMS_PRESENT;
+		}
+
+		/*
+		 * Convert the decoded claims set to the security attribute
+		 * claims format.
+		 */
+		status = token_claims_to_claims_v1(claims_data,
+						   claims_data->claims_set,
+						   &decoded_claims,
+						   &n_decoded_claims);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+
+		claims_data->security_claims = decoded_claims;
+		claims_data->n_security_claims = n_decoded_claims;
+
+		claims_data->flags |= CLAIMS_DATA_SECURITY_CLAIMS_PRESENT;
+	}
+
+	if (claims_data->security_claims != NULL) {
+		security_claims = talloc_reference(mem_ctx, claims_data->security_claims);
+		if (security_claims == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+	n_security_claims = claims_data->n_security_claims;
+
+	*security_claims_out = security_claims;
+	*n_security_claims_out = n_security_claims;
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/auth/session.h b/source4/auth/session.h
new file mode 100644
index 0000000..3258c80
--- /dev/null
+++ b/source4/auth/session.h
@@ -0,0 +1,152 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Process and provide the logged on user's authorization token
+   Copyright (C) Andrew Bartlett   2001
+   Copyright (C) Stefan Metzmacher 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _SAMBA_AUTH_SESSION_H
+#define _SAMBA_AUTH_SESSION_H
+
+#include "lib/util/data_blob.h"
+#include "librpc/gen_ndr/security.h"
+#include "libcli/util/werror.h"
+#include "lib/util/time.h"
+#include "librpc/gen_ndr/netlogon.h"
+#include "librpc/gen_ndr/auth.h"
+
+struct loadparm_context;
+struct tevent_context;
+struct ldb_context;
+struct ldb_dn;
+/* Create a security token for a session SYSTEM (the most
+ * trusted/privileged account), including the local machine account as
+ * the off-host credentials */
+struct auth_session_info *system_session(struct loadparm_context *lp_ctx) ;
+
+enum claims_data_present {
+	CLAIMS_DATA_ENCODED_CLAIMS_PRESENT = 0x01,
+	CLAIMS_DATA_CLAIMS_PRESENT = 0x02,
+	CLAIMS_DATA_SECURITY_CLAIMS_PRESENT = 0x04,
+};
+
+struct claims_data {
+	DATA_BLOB encoded_claims_set;
+	struct CLAIMS_SET *claims_set;
+	/*
+	 * These security claims are here treated as only a product — the result
+	 * of conversion from another format — and ought not to be treated as
+	 * authoritative.
+	 */
+	struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 *security_claims;
+	uint32_t n_security_claims;
+	enum claims_data_present flags;
+};
+
+struct auth_claims {
+	struct claims_data *user_claims;
+	struct claims_data *device_claims;
+};
+
+NTSTATUS auth_anonymous_user_info_dc(TALLOC_CTX *mem_ctx,
+					     const char *netbios_name,
+					     struct auth_user_info_dc **interim_info);
+NTSTATUS auth_generate_security_token(TALLOC_CTX *mem_ctx,
+				       struct loadparm_context *lp_ctx, /* Optional, if you don't want privileges */
+				       struct ldb_context *sam_ctx, /* Optional, if you don't want local groups */
+				       const struct auth_user_info_dc *user_info_dc,
+				       const struct auth_user_info_dc *device_info_dc,
+				       const struct auth_claims auth_claims,
+				       uint32_t session_info_flags,
+				       struct security_token **_security_token);
+NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,
+				    struct loadparm_context *lp_ctx, /* Optional, if you don't want privileges */
+				    struct ldb_context *sam_ctx, /* Optional, if you don't want local groups */
+				    const struct auth_user_info_dc *user_info_dc,
+				    uint32_t session_info_flags,
+				    struct auth_session_info **session_info);
+NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx, 
+				     struct loadparm_context *lp_ctx,
+				     struct auth_session_info **session_info);
+struct auth_session_info *auth_session_info_from_transport(TALLOC_CTX *mem_ctx,
+							   struct auth_session_info_transport *session_info_transport,
+							   struct loadparm_context *lp_ctx,
+							   const char **reason);
+NTSTATUS auth_session_info_transport_from_session(TALLOC_CTX *mem_ctx,
+						  struct auth_session_info *session_info,
+						  struct tevent_context *event_ctx,
+						  struct loadparm_context *lp_ctx,
+						  struct auth_session_info_transport **transport_out);
+
+/* Produce a session_info for an arbitrary DN or principal in the local
+ * DB, assuming the local DB holds all the groups
+ *
+ * Supply either a principal or a DN
+ */
+NTSTATUS authsam_get_session_info_principal(TALLOC_CTX *mem_ctx,
+					    struct loadparm_context *lp_ctx,
+					    struct ldb_context *sam_ctx,
+					    const char *principal,
+					    struct ldb_dn *user_dn,
+					    uint32_t session_info_flags,
+					    struct auth_session_info **session_info);
+
+struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx, 
+					    struct loadparm_context *lp_ctx);
+
+struct auth_session_info *admin_session(TALLOC_CTX *mem_ctx,
+					struct loadparm_context *lp_ctx,
+					struct dom_sid *domain_sid);
+
+NTSTATUS encode_claims_set(TALLOC_CTX *mem_ctx,
+			   struct CLAIMS_SET *claims_set,
+			   DATA_BLOB *claims_blob);
+
+/*
+ * Construct a ‘claims_data’ structure from a claims blob, such as is found in a
+ * PAC.
+ */
+NTSTATUS claims_data_from_encoded_claims_set(TALLOC_CTX *claims_data_ctx,
+					     const DATA_BLOB *encoded_claims_set,
+					     struct claims_data **out);
+
+/*
+ * Construct a ‘claims_data’ structure from a talloc�allocated claims set, such
+ * as we might build from searching the database. If this function returns
+ * successfully, it assumes ownership of the claims set.
+ */
+NTSTATUS claims_data_from_claims_set(TALLOC_CTX *claims_data_ctx,
+				     struct CLAIMS_SET *claims_set,
+				     struct claims_data **out);
+
+/*
+ * From a ‘claims_data’ structure, return an encoded claims blob that can be put
+ * into a PAC.
+ */
+NTSTATUS claims_data_encoded_claims_set(TALLOC_CTX *mem_ctx,
+					struct claims_data *claims_data,
+					DATA_BLOB *encoded_claims_set_out);
+
+/*
+ * From a ‘claims_data’ structure, return an array of security claims that can
+ * be put in a security token for access checks.
+ */
+NTSTATUS claims_data_security_claims(TALLOC_CTX *mem_ctx,
+				     struct claims_data *claims_data,
+				     struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 **security_claims_out,
+				     uint32_t *n_security_claims_out);
+
+#endif /* _SAMBA_AUTH_SESSION_H */
diff --git a/source4/auth/system_session.c b/source4/auth/system_session.c
new file mode 100644
index 0000000..31a4517
--- /dev/null
+++ b/source4/auth/system_session.c
@@ -0,0 +1,577 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Authentication utility functions
+   Copyright (C) Andrew Tridgell 1992-1998
+   Copyright (C) Andrew Bartlett 2001-2010
+   Copyright (C) Jeremy Allison 2000-2001
+   Copyright (C) Rafal Szczesniak 2002
+   Copyright (C) Stefan Metzmacher 2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/security/security.h"
+#include "auth/credentials/credentials.h"
+#include "param/param.h"
+#include "auth/auth.h" /* for auth_user_info_dc */
+#include "auth/session.h"
+#include "auth/system_session_proto.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
+/*
+  prevent the static system session being freed
+ */
+static int system_session_destructor(struct auth_session_info *info)
+{
+	return -1;
+}
+
+/* Create a security token for a session SYSTEM (the most
+ * trusted/privileged account), including the local machine account as
+ * the off-host credentials
+ */ 
+_PUBLIC_ struct auth_session_info *system_session(struct loadparm_context *lp_ctx)
+{
+	static struct auth_session_info *static_session;
+	NTSTATUS nt_status;
+
+	if (static_session) {
+		return static_session;
+	}
+
+	/*
+	 * Use NULL here, not the autofree context for this
+	 * static pointer. The destructor prevents freeing this
+	 * memory anyway.
+	 */
+	nt_status = auth_system_session_info(NULL,
+					     lp_ctx,
+					     &static_session);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		TALLOC_FREE(static_session);
+		return NULL;
+	}
+	talloc_set_destructor(static_session, system_session_destructor);
+	return static_session;
+}
+
+NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx, 
+				  struct loadparm_context *lp_ctx,
+				  struct auth_session_info **_session_info) 
+{
+	NTSTATUS nt_status;
+	struct auth_user_info_dc *user_info_dc = NULL;
+	struct auth_session_info *session_info = NULL;
+	TALLOC_CTX *mem_ctx = NULL;
+	bool ok;
+
+	mem_ctx = talloc_new(parent_ctx);
+	if (mem_ctx == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	
+	nt_status = auth_system_user_info_dc(mem_ctx, lpcfg_netbios_name(lp_ctx),
+					    &user_info_dc);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(mem_ctx);
+		return nt_status;
+	}
+
+	/* references the user_info_dc into the session_info */
+	nt_status = auth_generate_session_info(parent_ctx,
+					       lp_ctx,
+					       NULL /* sam_ctx */,
+					       user_info_dc,
+					       AUTH_SESSION_INFO_SIMPLE_PRIVILEGES,
+					       &session_info);
+	talloc_free(mem_ctx);
+
+	NT_STATUS_NOT_OK_RETURN(nt_status);
+
+	session_info->credentials = cli_credentials_init(session_info);
+	if (!session_info->credentials) {
+		talloc_free(session_info);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ok = cli_credentials_set_conf(session_info->credentials, lp_ctx);
+	if (!ok) {
+		talloc_free(session_info);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	cli_credentials_set_machine_account_pending(session_info->credentials, lp_ctx);
+	*_session_info = session_info;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS auth_system_user_info_dc(TALLOC_CTX *mem_ctx, const char *netbios_name,
+				 struct auth_user_info_dc **_user_info_dc)
+{
+	struct auth_user_info_dc *user_info_dc;
+	struct auth_user_info *info;
+
+	user_info_dc = talloc_zero(mem_ctx, struct auth_user_info_dc);
+	NT_STATUS_HAVE_NO_MEMORY(user_info_dc);
+
+	/* This returns a pointer to a struct dom_sid, which is the
+	 * same as a 1 element list of struct dom_sid */
+	user_info_dc->num_sids = 1;
+	user_info_dc->sids = talloc(user_info_dc, struct auth_SidAttr);
+	if (user_info_dc->sids == NULL) {
+		talloc_free(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	user_info_dc->sids->sid = global_sid_System;
+	user_info_dc->sids->attrs = SE_GROUP_DEFAULT_FLAGS;
+
+	/* annoying, but the Anonymous really does have a session key, 
+	   and it is all zeros! */
+	user_info_dc->user_session_key = data_blob_talloc(user_info_dc, NULL, 16);
+	if (user_info_dc->user_session_key.data == NULL) {
+		talloc_free(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	user_info_dc->lm_session_key = data_blob_talloc(user_info_dc, NULL, 16);
+	if (user_info_dc->lm_session_key.data == NULL) {
+		talloc_free(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	data_blob_clear(&user_info_dc->user_session_key);
+	data_blob_clear(&user_info_dc->lm_session_key);
+
+	user_info_dc->info = info = talloc_zero(user_info_dc, struct auth_user_info);
+	if (user_info_dc->info == NULL) {
+		talloc_free(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	};
+
+	info->account_name = talloc_strdup(info, "SYSTEM");
+	if (info->account_name == NULL) {
+		talloc_free(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	};
+
+	info->domain_name = talloc_strdup(info, "NT AUTHORITY");
+	if (info->domain_name == NULL) {
+		talloc_free(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	};
+
+	info->full_name = talloc_strdup(info, "System");
+	if (info->full_name == NULL) {
+		talloc_free(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	};
+
+	info->logon_script = talloc_strdup(info, "");
+	if (info->logon_script == NULL) {
+		talloc_free(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	};
+
+	info->profile_path = talloc_strdup(info, "");
+	if (info->profile_path == NULL) {
+		talloc_free(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	};
+
+	info->home_directory = talloc_strdup(info, "");
+	if (info->home_directory == NULL) {
+		talloc_free(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	};
+
+	info->home_drive = talloc_strdup(info, "");
+	if (info->home_drive == NULL) {
+		talloc_free(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	};
+
+	info->logon_server = talloc_strdup(info, netbios_name);
+	if (info->logon_server == NULL) {
+		talloc_free(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	};
+
+	info->last_logon = 0;
+	info->last_logoff = 0;
+	info->acct_expiry = 0;
+	info->last_password_change = 0;
+	info->allow_password_change = 0;
+	info->force_password_change = 0;
+
+	info->logon_count = 0;
+	info->bad_password_count = 0;
+
+	info->acct_flags = ACB_NORMAL;
+
+	info->user_flags = 0;
+
+	*_user_info_dc = user_info_dc;
+
+	return NT_STATUS_OK;
+}
+
+
+static NTSTATUS auth_domain_admin_user_info_dc(TALLOC_CTX *mem_ctx,
+					      const char *netbios_name,
+					      const char *domain_name,
+					      struct dom_sid *domain_sid,
+					      struct auth_user_info_dc **_user_info_dc)
+{
+	struct auth_user_info_dc *user_info_dc;
+	struct auth_user_info *info;
+
+	user_info_dc = talloc_zero(mem_ctx, struct auth_user_info_dc);
+	NT_STATUS_HAVE_NO_MEMORY(user_info_dc);
+
+	user_info_dc->num_sids = 8;
+	user_info_dc->sids = talloc_array(user_info_dc, struct auth_SidAttr, user_info_dc->num_sids);
+
+	user_info_dc->sids[PRIMARY_USER_SID_INDEX].sid = *domain_sid;
+	sid_append_rid(&user_info_dc->sids[PRIMARY_USER_SID_INDEX].sid, DOMAIN_RID_ADMINISTRATOR);
+	user_info_dc->sids[PRIMARY_USER_SID_INDEX].attrs = SE_GROUP_DEFAULT_FLAGS;
+
+	user_info_dc->sids[PRIMARY_GROUP_SID_INDEX].sid = *domain_sid;
+	sid_append_rid(&user_info_dc->sids[PRIMARY_GROUP_SID_INDEX].sid, DOMAIN_RID_USERS);
+	user_info_dc->sids[PRIMARY_GROUP_SID_INDEX].attrs = SE_GROUP_DEFAULT_FLAGS;
+
+	/* Add the primary group again. */
+	user_info_dc->sids[2] = user_info_dc->sids[PRIMARY_GROUP_SID_INDEX];
+
+	user_info_dc->sids[3].sid = global_sid_Builtin_Administrators;
+	user_info_dc->sids[3].attrs = SE_GROUP_DEFAULT_FLAGS;
+
+	user_info_dc->sids[4].sid = *domain_sid;
+	sid_append_rid(&user_info_dc->sids[4].sid, DOMAIN_RID_ADMINS);
+	user_info_dc->sids[4].attrs = SE_GROUP_DEFAULT_FLAGS;
+	user_info_dc->sids[5].sid = *domain_sid;
+	sid_append_rid(&user_info_dc->sids[5].sid, DOMAIN_RID_ENTERPRISE_ADMINS);
+	user_info_dc->sids[5].attrs = SE_GROUP_DEFAULT_FLAGS;
+	user_info_dc->sids[6].sid = *domain_sid;
+	sid_append_rid(&user_info_dc->sids[6].sid, DOMAIN_RID_POLICY_ADMINS);
+	user_info_dc->sids[6].attrs = SE_GROUP_DEFAULT_FLAGS;
+	user_info_dc->sids[7].sid = *domain_sid;
+	sid_append_rid(&user_info_dc->sids[7].sid, DOMAIN_RID_SCHEMA_ADMINS);
+	user_info_dc->sids[7].attrs = SE_GROUP_DEFAULT_FLAGS;
+
+	/* What should the session key be?*/
+	user_info_dc->user_session_key = data_blob_talloc(user_info_dc, NULL, 16);
+	if (user_info_dc->user_session_key.data == NULL) {
+		talloc_free(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	};
+
+	user_info_dc->lm_session_key = data_blob_talloc(user_info_dc, NULL, 16);
+	if (user_info_dc->lm_session_key.data == NULL) {
+		talloc_free(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	};
+
+	data_blob_clear(&user_info_dc->user_session_key);
+	data_blob_clear(&user_info_dc->lm_session_key);
+
+	user_info_dc->info = info = talloc_zero(user_info_dc, struct auth_user_info);
+	if (user_info_dc->info == NULL) {
+		talloc_free(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	};
+
+	info->account_name = talloc_strdup(info, "Administrator");
+	if (info->account_name == NULL) {
+		talloc_free(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	};
+
+	info->domain_name = talloc_strdup(info, domain_name);
+	if (info->domain_name == NULL) {
+		talloc_free(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	};
+
+	info->full_name = talloc_strdup(info, "Administrator");
+	if (info->full_name == NULL) {
+		talloc_free(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	};
+
+	info->logon_script = talloc_strdup(info, "");
+	if (info->logon_script == NULL) {
+		talloc_free(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	};
+
+	info->profile_path = talloc_strdup(info, "");
+	if (info->profile_path == NULL) {
+		talloc_free(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	};
+
+	info->home_directory = talloc_strdup(info, "");
+	if (info->home_directory == NULL) {
+		talloc_free(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	};
+
+	info->home_drive = talloc_strdup(info, "");
+	if (info->home_drive == NULL) {
+		talloc_free(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	};
+
+	info->logon_server = talloc_strdup(info, netbios_name);
+	if (info->logon_server == NULL) {
+		talloc_free(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	};
+
+	info->last_logon = 0;
+	info->last_logoff = 0;
+	info->acct_expiry = 0;
+	info->last_password_change = 0;
+	info->allow_password_change = 0;
+	info->force_password_change = 0;
+
+	info->logon_count = 0;
+	info->bad_password_count = 0;
+
+	info->acct_flags = ACB_NORMAL;
+
+	info->user_flags = 0;
+
+	*_user_info_dc = user_info_dc;
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS auth_domain_admin_session_info(TALLOC_CTX *parent_ctx,
+					       struct loadparm_context *lp_ctx,
+					       struct dom_sid *domain_sid,
+					       struct auth_session_info **session_info)
+{
+	NTSTATUS nt_status;
+	struct auth_user_info_dc *user_info_dc = NULL;
+	TALLOC_CTX *mem_ctx = talloc_new(parent_ctx);
+
+	NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
+
+	nt_status = auth_domain_admin_user_info_dc(mem_ctx,
+						   lpcfg_netbios_name(lp_ctx),
+						   lpcfg_workgroup(lp_ctx),
+						   domain_sid,
+						   &user_info_dc);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(mem_ctx);
+		return nt_status;
+	}
+
+	nt_status = auth_generate_session_info(mem_ctx,
+					       lp_ctx,
+					       NULL /* sam_ctx */,
+					       user_info_dc,
+					       AUTH_SESSION_INFO_SIMPLE_PRIVILEGES|AUTH_SESSION_INFO_AUTHENTICATED|AUTH_SESSION_INFO_DEFAULT_GROUPS,
+					       session_info);
+	/* There is already a reference between the session_info and user_info_dc */
+	if (NT_STATUS_IS_OK(nt_status)) {
+		talloc_steal(parent_ctx, *session_info);
+	}
+	talloc_free(mem_ctx);
+	return nt_status;
+}
+
+_PUBLIC_ struct auth_session_info *admin_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, struct dom_sid *domain_sid)
+{
+	NTSTATUS nt_status;
+	struct auth_session_info *session_info = NULL;
+	nt_status = auth_domain_admin_session_info(mem_ctx,
+						   lp_ctx,
+						   domain_sid,
+						   &session_info);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		return NULL;
+	}
+	return session_info;
+}
+
+_PUBLIC_ NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx, 
+					      struct loadparm_context *lp_ctx,
+					      struct auth_session_info **_session_info) 
+{
+	NTSTATUS nt_status;
+	struct auth_user_info_dc *user_info_dc = NULL;
+	struct auth_session_info *session_info = NULL;
+	TALLOC_CTX *mem_ctx = talloc_new(parent_ctx);
+	bool ok;
+
+	if (mem_ctx == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	
+	nt_status = auth_anonymous_user_info_dc(mem_ctx,
+						lpcfg_netbios_name(lp_ctx),
+						&user_info_dc);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(mem_ctx);
+		return nt_status;
+	}
+
+	/* references the user_info_dc into the session_info */
+	nt_status = auth_generate_session_info(parent_ctx,
+					       lp_ctx,
+					       NULL /* sam_ctx */,
+					       user_info_dc,
+					       AUTH_SESSION_INFO_SIMPLE_PRIVILEGES,
+					       &session_info);
+	talloc_free(mem_ctx);
+
+	NT_STATUS_NOT_OK_RETURN(nt_status);
+
+	session_info->credentials = cli_credentials_init(session_info);
+	if (!session_info->credentials) {
+		talloc_free(session_info);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ok = cli_credentials_set_conf(session_info->credentials, lp_ctx);
+	if (!ok) {
+		talloc_free(session_info);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+	cli_credentials_set_anonymous(session_info->credentials);
+	
+	*_session_info = session_info;
+
+	return NT_STATUS_OK;
+}
+
+_PUBLIC_ NTSTATUS auth_anonymous_user_info_dc(TALLOC_CTX *mem_ctx,
+				    const char *netbios_name,
+				    struct auth_user_info_dc **_user_info_dc)
+{
+	struct auth_user_info_dc *user_info_dc;
+	struct auth_user_info *info;
+	user_info_dc = talloc_zero(mem_ctx, struct auth_user_info_dc);
+	NT_STATUS_HAVE_NO_MEMORY(user_info_dc);
+
+	/* This returns a pointer to a struct dom_sid, which is the
+	 * same as a 1 element list of struct dom_sid */
+	user_info_dc->num_sids = 1;
+	user_info_dc->sids = talloc(user_info_dc, struct auth_SidAttr);
+	if (user_info_dc->sids == NULL) {
+		talloc_free(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	};
+
+	user_info_dc->sids->sid = global_sid_Anonymous;
+	user_info_dc->sids->attrs = SE_GROUP_DEFAULT_FLAGS;
+
+	/* annoying, but the Anonymous really does have a session key... */
+	user_info_dc->user_session_key = data_blob_talloc(user_info_dc, NULL, 16);
+	if (user_info_dc->user_session_key.data == NULL) {
+		talloc_free(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	};
+
+	user_info_dc->lm_session_key = data_blob_talloc(user_info_dc, NULL, 16);
+	if (user_info_dc->lm_session_key.data == NULL) {
+		talloc_free(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	};
+
+	/*  and it is all zeros! */
+	data_blob_clear(&user_info_dc->user_session_key);
+	data_blob_clear(&user_info_dc->lm_session_key);
+
+	user_info_dc->info = info = talloc_zero(user_info_dc, struct auth_user_info);
+	if (user_info_dc->info == NULL) {
+		talloc_free(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	};
+
+	info->account_name = talloc_strdup(info, "ANONYMOUS LOGON");
+	if (info->account_name == NULL) {
+		talloc_free(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	};
+
+	info->domain_name = talloc_strdup(info, "NT AUTHORITY");
+	if (info->domain_name == NULL) {
+		talloc_free(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	};
+
+	info->full_name = talloc_strdup(info, "Anonymous Logon");
+	if (info->full_name == NULL) {
+		talloc_free(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	};
+
+	info->logon_script = talloc_strdup(info, "");
+	if (info->logon_script == NULL) {
+		talloc_free(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	};
+
+	info->profile_path = talloc_strdup(info, "");
+	if (info->profile_path == NULL) {
+		talloc_free(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	};
+
+	info->home_directory = talloc_strdup(info, "");
+	if (info->home_directory == NULL) {
+		talloc_free(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	};
+
+	info->home_drive = talloc_strdup(info, "");
+	if (info->home_drive == NULL) {
+		talloc_free(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	};
+
+	info->logon_server = talloc_strdup(info, netbios_name);
+	if (info->logon_server == NULL) {
+		talloc_free(user_info_dc);
+		return NT_STATUS_NO_MEMORY;
+	};
+
+	info->last_logon = 0;
+	info->last_logoff = 0;
+	info->acct_expiry = 0;
+	info->last_password_change = 0;
+	info->allow_password_change = 0;
+	info->force_password_change = 0;
+
+	info->logon_count = 0;
+	info->bad_password_count = 0;
+
+	info->acct_flags = ACB_NORMAL;
+
+	/* The user is not authenticated. */
+	info->user_flags = NETLOGON_GUEST;
+
+	*_user_info_dc = user_info_dc;
+
+	return NT_STATUS_OK;
+}
+
diff --git a/source4/auth/tests/heimdal_unwrap_des.c b/source4/auth/tests/heimdal_unwrap_des.c
new file mode 100644
index 0000000..fbfe778
--- /dev/null
+++ b/source4/auth/tests/heimdal_unwrap_des.c
@@ -0,0 +1,1244 @@
+/*
+ * Unit tests for third_party/heimdal/lib/gssapi/krb5/unwrap.c
+ *
+ * Copyright (C) Catalyst.NET Ltd 2022
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+/*
+ * from cmocka.c:
+ * These headers or their equivalents should be included prior to
+ * including
+ * this header file.
+ *
+ * #include <stdarg.h>
+ * #include <stddef.h>
+ * #include <setjmp.h>
+ *
+ * This allows test applications to use custom definitions of C standard
+ * library functions and types.
+ *
+ */
+
+#include <stdarg.h>
+#include <stddef.h>
+#include <setjmp.h>
+
+#include <cmocka.h>
+
+#include "includes.h"
+#include "replace.h"
+
+#include "../../../third_party/heimdal/lib/gssapi/gssapi/gssapi.h"
+#include "gsskrb5_locl.h"
+
+/******************************************************************************
+ * Helper functions
+ ******************************************************************************/
+
+const uint8_t *valid_range_begin;
+const uint8_t *valid_range_end;
+const uint8_t *invalid_range_end;
+
+/*
+ * 'array_len' is the size of the passed in array. 'buffer_len' is the size to
+ * report in the resulting buffer.
+ */
+static const gss_buffer_desc get_input_buffer(TALLOC_CTX *mem_ctx,
+					      const uint8_t array[],
+					      const size_t array_len,
+					      const size_t buffer_len)
+{
+	gss_buffer_desc buf;
+
+	/* Add some padding to catch invalid memory accesses. */
+	const size_t padding = 0x100;
+	const size_t padded_len = array_len + padding;
+
+	uint8_t *data = talloc_size(mem_ctx, padded_len);
+	assert_non_null(data);
+
+	memcpy(data, array, array_len);
+	memset(data + array_len, 0, padding);
+
+	assert_in_range(buffer_len, 0, array_len);
+
+	buf.value = data;
+	buf.length = buffer_len;
+
+	valid_range_begin = buf.value;
+	valid_range_end = valid_range_begin + buf.length;
+	invalid_range_end = valid_range_begin + padded_len;
+
+	return buf;
+}
+
+static void assert_mem_in_valid_range(const uint8_t *ptr, const size_t len)
+{
+	/* Ensure we've set up the range pointers properly. */
+	assert_non_null(valid_range_begin);
+	assert_non_null(valid_range_end);
+	assert_non_null(invalid_range_end);
+
+	/*
+	 * Ensure the length isn't excessively large (a symptom of integer
+	 * underflow).
+	 */
+	assert_in_range(len, 0, 0x1000);
+
+	/* Ensure the memory is in our valid range. */
+	assert_in_range(ptr, valid_range_begin, valid_range_end);
+	assert_in_range(ptr + len, valid_range_begin, valid_range_end);
+}
+
+/*
+ * This function takes a pointer to volatile to allow it to be called from the
+ * ct_memcmp() wrapper.
+ */
+static void assert_mem_outside_invalid_range(const volatile uint8_t *ptr,
+					     const size_t len)
+{
+	const LargestIntegralType _valid_range_end
+		= cast_ptr_to_largest_integral_type(valid_range_end);
+	const LargestIntegralType _invalid_range_end
+		= cast_ptr_to_largest_integral_type(invalid_range_end);
+	const LargestIntegralType _ptr = cast_ptr_to_largest_integral_type(ptr);
+	const LargestIntegralType _len = cast_to_largest_integral_type(len);
+
+	/* Ensure we've set up the range pointers properly. */
+	assert_non_null(valid_range_begin);
+	assert_non_null(valid_range_end);
+	assert_non_null(invalid_range_end);
+
+	/*
+	 * Ensure the length isn't excessively large (a symptom of integer
+	 * underflow).
+	 */
+	assert_in_range(len, 0, 0x1000);
+
+	/* Ensure the memory is outside the invalid range. */
+	if (_ptr < _invalid_range_end && _ptr + _len > _valid_range_end) {
+		fail();
+	}
+}
+
+/*****************************************************************************
+ * wrapped functions
+ *****************************************************************************/
+
+krb5_keyblock dummy_key;
+
+krb5_error_code __wrap_krb5_auth_con_getlocalsubkey(krb5_context context,
+						    krb5_auth_context auth_context,
+						    krb5_keyblock **keyblock);
+krb5_error_code __wrap_krb5_auth_con_getlocalsubkey(krb5_context context,
+						    krb5_auth_context auth_context,
+						    krb5_keyblock **keyblock)
+{
+	*keyblock = &dummy_key;
+	return 0;
+}
+
+void __wrap_krb5_free_keyblock(krb5_context context,
+			krb5_keyblock *keyblock);
+void __wrap_krb5_free_keyblock(krb5_context context,
+			krb5_keyblock *keyblock)
+{
+	assert_ptr_equal(&dummy_key, keyblock);
+}
+
+struct krb5_crypto_data dummy_crypto;
+
+krb5_error_code __wrap_krb5_crypto_init(krb5_context context,
+					const krb5_keyblock *key,
+					krb5_enctype etype,
+					krb5_crypto *crypto);
+krb5_error_code __wrap_krb5_crypto_init(krb5_context context,
+					const krb5_keyblock *key,
+					krb5_enctype etype,
+					krb5_crypto *crypto)
+{
+	static const LargestIntegralType etypes[] = {ETYPE_DES3_CBC_NONE, 0};
+
+	assert_ptr_equal(&dummy_key, key);
+	assert_in_set(etype, etypes, ARRAY_SIZE(etypes));
+
+	*crypto = &dummy_crypto;
+
+	return 0;
+}
+
+krb5_error_code __wrap_krb5_decrypt(krb5_context context,
+				    krb5_crypto crypto,
+				    unsigned usage,
+				    void *data,
+				    size_t len,
+				    krb5_data *result);
+krb5_error_code __wrap_krb5_decrypt(krb5_context context,
+				    krb5_crypto crypto,
+				    unsigned usage,
+				    void *data,
+				    size_t len,
+				    krb5_data *result)
+{
+	assert_ptr_equal(&dummy_crypto, crypto);
+	assert_int_equal(KRB5_KU_USAGE_SEAL, usage);
+
+	assert_mem_in_valid_range(data, len);
+
+	check_expected(len);
+	check_expected_ptr(data);
+
+	result->data = malloc(len);
+	assert_non_null(result->data);
+	result->length = len;
+
+	memcpy(result->data, data, len);
+
+	return 0;
+}
+
+krb5_error_code __wrap_krb5_decrypt_ivec(krb5_context context,
+					 krb5_crypto crypto,
+					 unsigned usage,
+					 void *data,
+					 size_t len,
+					 krb5_data *result,
+					 void *ivec);
+krb5_error_code __wrap_krb5_decrypt_ivec(krb5_context context,
+					 krb5_crypto crypto,
+					 unsigned usage,
+					 void *data,
+					 size_t len,
+					 krb5_data *result,
+					 void *ivec)
+{
+	assert_ptr_equal(&dummy_crypto, crypto);
+	assert_int_equal(KRB5_KU_USAGE_SEQ, usage);
+
+	assert_mem_in_valid_range(data, len);
+
+	assert_int_equal(8, len);
+	check_expected_ptr(data);
+	check_expected_ptr(ivec);
+
+	result->data = malloc(len);
+	assert_non_null(result->data);
+	result->length = len;
+
+	memcpy(result->data, data, len);
+
+	return 0;
+}
+
+krb5_error_code __wrap_krb5_verify_checksum(krb5_context context,
+					    krb5_crypto crypto,
+					    krb5_key_usage usage,
+					    void *data,
+					    size_t len,
+					    Checksum *cksum);
+krb5_error_code __wrap_krb5_verify_checksum(krb5_context context,
+					    krb5_crypto crypto,
+					    krb5_key_usage usage,
+					    void *data,
+					    size_t len,
+					    Checksum *cksum)
+{
+	assert_ptr_equal(&dummy_crypto, crypto);
+	assert_int_equal(KRB5_KU_USAGE_SIGN, usage);
+
+	assert_mem_in_valid_range(data, len);
+
+	check_expected(len);
+	check_expected_ptr(data);
+
+	assert_non_null(cksum);
+	assert_int_equal(CKSUMTYPE_HMAC_SHA1_DES3, cksum->cksumtype);
+	assert_int_equal(20, cksum->checksum.length);
+	check_expected_ptr(cksum->checksum.data);
+
+	return 0;
+}
+
+krb5_error_code __wrap_krb5_crypto_destroy(krb5_context context,
+					   krb5_crypto crypto);
+krb5_error_code __wrap_krb5_crypto_destroy(krb5_context context,
+					   krb5_crypto crypto)
+{
+	assert_ptr_equal(&dummy_crypto, crypto);
+
+	return 0;
+}
+
+
+int __wrap_der_get_length(const unsigned char *p,
+			  size_t len,
+			  size_t *val,
+			  size_t *size);
+int __real_der_get_length(const unsigned char *p,
+			  size_t len,
+			  size_t *val,
+			  size_t *size);
+int __wrap_der_get_length(const unsigned char *p,
+			  size_t len,
+			  size_t *val,
+			  size_t *size)
+{
+	assert_mem_in_valid_range(p, len);
+
+	return __real_der_get_length(p, len, val, size);
+}
+
+int __wrap_ct_memcmp(const volatile void * volatile p1,
+		     const volatile void * volatile p2,
+		     size_t len);
+int __real_ct_memcmp(const volatile void * volatile p1,
+		     const volatile void * volatile p2,
+		     size_t len);
+int __wrap_ct_memcmp(const volatile void * volatile p1,
+		     const volatile void * volatile p2,
+		     size_t len)
+{
+	assert_mem_outside_invalid_range(p1, len);
+	assert_mem_outside_invalid_range(p2, len);
+
+	return __real_ct_memcmp(p1, p2, len);
+}
+
+void *__wrap_malloc(size_t size);
+void *__real_malloc(size_t size);
+void *__wrap_malloc(size_t size)
+{
+	/*
+	 * Ensure the length isn't excessively large (a symptom of integer
+	 * underflow).
+	 */
+	assert_in_range(size, 0, 0x10000);
+
+	return __real_malloc(size);
+}
+
+/*****************************************************************************
+ * Mock implementations
+ *****************************************************************************/
+
+/*
+ * Set the globals used by the mocked functions to a known and consistent state
+ *
+ */
+static void init_mock_results(TALLOC_CTX *mem_ctx)
+{
+	dummy_key.keytype = KRB5_ENCTYPE_DES3_CBC_MD5;
+	dummy_key.keyvalue.data = NULL;
+	dummy_key.keyvalue.length = 0;
+
+	dummy_crypto = (struct krb5_crypto_data) {0};
+
+	valid_range_begin = NULL;
+	valid_range_end = NULL;
+	invalid_range_end = NULL;
+}
+
+/*****************************************************************************
+ * Unit test set up and tear down
+ *****************************************************************************/
+
+struct context {
+	gss_ctx_id_t context_handle;
+};
+
+static int setup(void **state) {
+	struct context *ctx = NULL;
+	krb5_context context = NULL;
+	OM_uint32 major_status;
+	OM_uint32 minor_status;
+	krb5_error_code code;
+
+	ctx = talloc_zero(NULL, struct context);
+	assert_non_null(ctx);
+
+	init_mock_results(ctx);
+
+	code = _gsskrb5_init(&context);
+	assert_int_equal(0, code);
+
+	major_status = _gsskrb5_create_ctx(&minor_status,
+					   &ctx->context_handle,
+					   context,
+					   GSS_C_NO_CHANNEL_BINDINGS,
+					   ACCEPTOR_START);
+	assert_int_equal(GSS_S_COMPLETE, major_status);
+
+	*state = ctx;
+	return 0;
+}
+
+static int teardown(void **state) {
+	struct context *ctx = *state;
+	OM_uint32 major_status;
+	OM_uint32 minor_status;
+
+	major_status = _gsskrb5_delete_sec_context(&minor_status,
+						   &ctx->context_handle,
+						   GSS_C_NO_BUFFER);
+	assert_int_equal(GSS_S_COMPLETE, major_status);
+
+	TALLOC_FREE(ctx);
+	return 0;
+}
+
+/*****************************************************************************
+ * _gsskrb5_unwrap unit tests
+ *****************************************************************************/
+
+static void test_unwrap_dce_style_missing_payload(void **state) {
+	struct context *ctx = *state;
+	OM_uint32 major_status;
+	OM_uint32 minor_status;
+	gsskrb5_ctx gss_ctx;
+	gss_buffer_desc input = {0};
+	gss_buffer_desc output = {0};
+	int conf_state;
+	gss_qop_t qop_state;
+
+	/* See RFC 1964 for token format. */
+	static const uint8_t data[] = {
+		0x60, /* ASN.1 Application tag */
+		0x37, /* total length */
+		0x06, /* OBJECT IDENTIFIER */
+		0x09, /* mech length */
+		0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x01, 0x02, 0x02, /* GSS KRB5 mech */
+		0x02, 0x01, /* TOK_ID */
+		0x04, 0x00, /* SGN_ALG (HMAC SHA1 DES3-KD) */
+		0xff, 0xff, /* SEAL_ALG (none) */
+		0xff, 0xff, /* Filler */
+		0xa0, 0xa1, 0xa2, 0xa3, /* encrypted sequence number */
+		0x00, 0x00, 0x00, 0x00, /* sequence number direction (remote) */
+		/* checksum */
+		0xa4, 0xa5, 0xa6, 0xa7, 0xa8,
+		0xa9, 0xaa, 0xab, 0xac, 0xad,
+		0xae, 0xaf, 0xb0, 0xb1, 0xb2,
+		0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
+	};
+
+	input = get_input_buffer(ctx, data, sizeof(data), 22);
+
+	gss_ctx = (gsskrb5_ctx) ctx->context_handle;
+	gss_ctx->flags |= GSS_C_DCE_STYLE;
+
+	major_status = _gsskrb5_unwrap(&minor_status,
+				       ctx->context_handle,
+				       &input,
+				       &output,
+				       &conf_state,
+				       &qop_state);
+	assert_int_equal(GSS_S_BAD_MECH, major_status);
+}
+
+static void test_unwrap_dce_style_valid(void **state) {
+	struct context *ctx = *state;
+	OM_uint32 major_status;
+	OM_uint32 minor_status;
+	gsskrb5_ctx gss_ctx;
+	gss_buffer_desc input = {0};
+	gss_buffer_desc output = {0};
+	int conf_state;
+	gss_qop_t qop_state;
+
+	/* See RFC 1964 for token format. */
+	static const uint8_t data[] = {
+		0x60, /* ASN.1 Application tag */
+		0x37, /* total length */
+		0x06, /* OBJECT IDENTIFIER */
+		0x09, /* mech length */
+		0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x01, 0x02, 0x02, /* GSS KRB5 mech */
+		0x02, 0x01, /* TOK_ID */
+		0x04, 0x00, /* SGN_ALG (HMAC SHA1 DES3-KD) */
+		0xff, 0xff, /* SEAL_ALG (none) */
+		0xff, 0xff, /* Filler */
+		0xa0, 0xa1, 0xa2, 0xa3, /* encrypted sequence number */
+		0x00, 0x00, 0x00, 0x00, /* sequence number direction (remote) */
+		/* checksum */
+		0xa4, 0xa5, 0xa6, 0xa7, 0xa8,
+		0xa9, 0xaa, 0xab, 0xac, 0xad,
+		0xae, 0xaf, 0xb0, 0xb1, 0xb2,
+		0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
+		/* unused */
+		0xb8, 0xb9, 0xba, 0xbb,
+		0xbc, 0xbd, 0xbe,
+		0x00, /* padding byte */
+	};
+
+	input = get_input_buffer(ctx, data, sizeof(data), 57);
+
+	gss_ctx = (gsskrb5_ctx) ctx->context_handle;
+	gss_ctx->flags |= GSS_C_DCE_STYLE;
+
+	expect_value(__wrap_krb5_decrypt_ivec, data, (uint8_t *)input.value + 21);
+	expect_memory(__wrap_krb5_decrypt_ivec, ivec,
+		      (uint8_t *)input.value + 29, DES_CBLOCK_LEN);
+
+	expect_value(__wrap_krb5_verify_checksum, len, 16);
+	expect_value(__wrap_krb5_verify_checksum, data, (uint8_t *)input.value + 41);
+	expect_memory(__wrap_krb5_verify_checksum, cksum->checksum.data,
+		      (uint8_t *)input.value + 29, 20);
+
+	major_status = _gsskrb5_unwrap(&minor_status,
+				       ctx->context_handle,
+				       &input,
+				       &output,
+				       &conf_state,
+				       &qop_state);
+	assert_int_equal(GSS_S_COMPLETE, major_status);
+
+	assert_int_equal(0, conf_state);
+	assert_int_equal(GSS_C_QOP_DEFAULT, qop_state);
+
+	assert_int_equal(output.length, 0);
+
+	major_status = gss_release_buffer(&minor_status, &output);
+	assert_int_equal(GSS_S_COMPLETE, major_status);
+}
+
+static void test_unwrap_dce_style_with_seal_missing_payload(void **state) {
+	struct context *ctx = *state;
+	OM_uint32 major_status;
+	OM_uint32 minor_status;
+	gsskrb5_ctx gss_ctx;
+	gss_buffer_desc input = {0};
+	gss_buffer_desc output = {0};
+	int conf_state;
+	gss_qop_t qop_state;
+
+	/* See RFC 1964 for token format. */
+	static const uint8_t data[] = {
+		0x60, /* ASN.1 Application tag */
+		0x37, /* total length */
+		0x06, /* OBJECT IDENTIFIER */
+		0x09, /* mech length */
+		0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x01, 0x02, 0x02, /* GSS KRB5 mech */
+		0x02, 0x01, /* TOK_ID */
+		0x04, 0x00, /* SGN_ALG (HMAC SHA1 DES3-KD) */
+		0x02, 0x00, /* SEAL_ALG (DES3-KD) */
+		0xff, 0xff, /* Filler */
+		0xa0, 0xa1, 0xa2, 0xa3, /* encrypted sequence number */
+		0x00, 0x00, 0x00, 0x00, /* sequence number direction (remote) */
+		/* checksum */
+		0xa4, 0xa5, 0xa6, 0xa7, 0xa8,
+		0xa9, 0xaa, 0xab, 0xac, 0xad,
+		0xae, 0xaf, 0xb0, 0xb1, 0xb2,
+		0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
+	};
+
+	input = get_input_buffer(ctx, data, sizeof(data), 22);
+
+	gss_ctx = (gsskrb5_ctx) ctx->context_handle;
+	gss_ctx->flags |= GSS_C_DCE_STYLE;
+
+	major_status = _gsskrb5_unwrap(&minor_status,
+				       ctx->context_handle,
+				       &input,
+				       &output,
+				       &conf_state,
+				       &qop_state);
+	assert_int_equal(GSS_S_BAD_MECH, major_status);
+}
+
+static void test_unwrap_dce_style_with_seal_valid(void **state) {
+	struct context *ctx = *state;
+	OM_uint32 major_status;
+	OM_uint32 minor_status;
+	gsskrb5_ctx gss_ctx;
+	gss_buffer_desc input = {0};
+	gss_buffer_desc output = {0};
+	int conf_state;
+	gss_qop_t qop_state;
+
+	/* See RFC 1964 for token format. */
+	static const uint8_t data[] = {
+		0x60, /* ASN.1 Application tag */
+		0x37, /* total length */
+		0x06, /* OBJECT IDENTIFIER */
+		0x09, /* mech length */
+		0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x01, 0x02, 0x02, /* GSS KRB5 mech */
+		0x02, 0x01, /* TOK_ID */
+		0x04, 0x00, /* SGN_ALG (HMAC SHA1 DES3-KD) */
+		0x02, 0x00, /* SEAL_ALG (DES3-KD) */
+		0xff, 0xff, /* Filler */
+		0xa0, 0xa1, 0xa2, 0xa3, /* encrypted sequence number */
+		0x00, 0x00, 0x00, 0x00, /* sequence number direction (remote) */
+		/* checksum */
+		0xa4, 0xa5, 0xa6, 0xa7, 0xa8,
+		0xa9, 0xaa, 0xab, 0xac, 0xad,
+		0xae, 0xaf, 0xb0, 0xb1, 0xb2,
+		0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
+		/* unused */
+		0xb8, 0xb9, 0xba, 0xbb,
+		0xbc, 0xbd, 0xbe,
+		0x00, /* padding byte */
+	};
+
+	input = get_input_buffer(ctx, data, sizeof(data), 57);
+
+	gss_ctx = (gsskrb5_ctx) ctx->context_handle;
+	gss_ctx->flags |= GSS_C_DCE_STYLE;
+
+	expect_value(__wrap_krb5_decrypt, len, 8);
+	expect_value(__wrap_krb5_decrypt, data, (uint8_t *)input.value + 49);
+
+	expect_value(__wrap_krb5_decrypt_ivec, data, (uint8_t *)input.value + 21);
+	expect_memory(__wrap_krb5_decrypt_ivec, ivec,
+		      (uint8_t *)input.value + 29, DES_CBLOCK_LEN);
+
+	expect_value(__wrap_krb5_verify_checksum, len, 16);
+	expect_value(__wrap_krb5_verify_checksum, data, (uint8_t *)input.value + 41);
+	expect_memory(__wrap_krb5_verify_checksum, cksum->checksum.data,
+		      (uint8_t *)input.value + 29, 20);
+
+	major_status = _gsskrb5_unwrap(&minor_status,
+				       ctx->context_handle,
+				       &input,
+				       &output,
+				       &conf_state,
+				       &qop_state);
+	assert_int_equal(GSS_S_COMPLETE, major_status);
+
+	assert_int_equal(1, conf_state);
+	assert_int_equal(GSS_C_QOP_DEFAULT, qop_state);
+
+	assert_int_equal(output.length, 0);
+
+	major_status = gss_release_buffer(&minor_status, &output);
+	assert_int_equal(GSS_S_COMPLETE, major_status);
+}
+
+static void test_unwrap_missing_8_bytes(void **state) {
+	struct context *ctx = *state;
+	OM_uint32 major_status;
+	OM_uint32 minor_status;
+	gss_buffer_desc input = {0};
+	gss_buffer_desc output = {0};
+	int conf_state;
+	gss_qop_t qop_state;
+
+	/* See RFC 1964 for token format. */
+	static const uint8_t data[] = {
+		0x60, /* ASN.1 Application tag */
+		0x2f, /* total length */
+		0x06, /* OBJECT IDENTIFIER */
+		0x09, /* mech length */
+		0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x01, 0x02, 0x02, /* GSS KRB5 mech */
+		0x02, 0x01, /* TOK_ID */
+		0x04, 0x00, /* SGN_ALG (HMAC SHA1 DES3-KD) */
+		0xff, 0xff, /* SEAL_ALG (none) */
+		0xff, 0xff, /* Filler */
+		0xa0, 0xa1, 0xa2, 0xa3, /* encrypted sequence number */
+		0x00, 0x00, 0x00, 0x00, /* sequence number direction (remote) */
+		/* checksum */
+		0xa4, 0xa5, 0xa6, 0xa7, 0xa8,
+		0xa9, 0xaa, 0xab, 0xac, 0xad,
+		0xae, 0xaf, 0xb0, 0xb1, 0xb2,
+		0xb3, 0xb4, 0xb5, 0xb6, 0x00, /* padding byte */
+	};
+
+	input = get_input_buffer(ctx, data, sizeof(data), 49);
+
+	/*
+	 * A fixed unwrap_des3() should fail before these wrappers are called,
+	 * but we want the wrappers to have access to any required values in the
+	 * event that they are called. Specifying WILL_RETURN_ONCE avoids a test
+	 * failure if these values remain unused.
+	 */
+	expect_value_count(__wrap_krb5_decrypt_ivec, data,
+			   (uint8_t *)input.value + 21,
+			   WILL_RETURN_ONCE);
+	expect_memory_count(__wrap_krb5_decrypt_ivec, ivec,
+			    (uint8_t *)input.value + 29, DES_CBLOCK_LEN,
+			    WILL_RETURN_ONCE);
+
+	expect_value_count(__wrap_krb5_verify_checksum, len, 8, WILL_RETURN_ONCE);
+	expect_value_count(__wrap_krb5_verify_checksum, data,
+			   (uint8_t *)input.value + 41,
+			   WILL_RETURN_ONCE);
+	expect_memory_count(__wrap_krb5_verify_checksum, cksum->checksum.data,
+			    (uint8_t *)input.value + 29, 20,
+			    WILL_RETURN_ONCE);
+
+	major_status = _gsskrb5_unwrap(&minor_status,
+				       ctx->context_handle,
+				       &input,
+				       &output,
+				       &conf_state,
+				       &qop_state);
+	assert_int_equal(GSS_S_BAD_MECH, major_status);
+}
+
+static void test_unwrap_missing_payload(void **state) {
+	struct context *ctx = *state;
+	OM_uint32 major_status;
+	OM_uint32 minor_status;
+	gss_buffer_desc input = {0};
+	gss_buffer_desc output = {0};
+	int conf_state;
+	gss_qop_t qop_state;
+
+	/* See RFC 1964 for token format. */
+	static const uint8_t data[] = {
+		0x60, /* ASN.1 Application tag */
+		0x14, /* total length */
+		0x06, /* OBJECT IDENTIFIER */
+		0x09, /* mech length */
+		0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x01, 0x02, 0x02, /* GSS KRB5 mech */
+		0x02, 0x01, /* TOK_ID */
+		0x04, 0x00, /* SGN_ALG (HMAC SHA1 DES3-KD) */
+		0xff, 0xff, /* SEAL_ALG (none) */
+		0xff, 0xff, /* Filler */
+		0x00, 0xa1, 0xa2, 0xa3, /* padding byte / encrypted sequence number */
+		0x00, 0x00, 0x00, 0x00, /* sequence number direction (remote) */
+		/* checksum */
+		0xa4, 0xa5, 0xa6, 0xa7, 0xa8,
+		0xa9, 0xaa, 0xab, 0xac, 0xad,
+		0xae, 0xaf, 0xb0, 0xb1, 0xb2,
+		0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
+	};
+
+	input = get_input_buffer(ctx, data, sizeof(data), 22);
+
+	major_status = _gsskrb5_unwrap(&minor_status,
+				       ctx->context_handle,
+				       &input,
+				       &output,
+				       &conf_state,
+				       &qop_state);
+	assert_int_equal(GSS_S_BAD_MECH, major_status);
+}
+
+static void test_unwrap_truncated_header_0(void **state) {
+	struct context *ctx = *state;
+	OM_uint32 major_status;
+	OM_uint32 minor_status;
+	gss_buffer_desc input = {0};
+	gss_buffer_desc output = {0};
+	int conf_state;
+	gss_qop_t qop_state;
+
+	/* See RFC 1964 for token format. */
+	static const uint8_t data[] = {
+		0x60, /* ASN.1 Application tag */
+		0x00, /* total length */
+		0x06, /* OBJECT IDENTIFIER */
+	};
+
+	input = get_input_buffer(ctx, data, sizeof(data), 2);
+
+	major_status = _gsskrb5_unwrap(&minor_status,
+				       ctx->context_handle,
+				       &input,
+				       &output,
+				       &conf_state,
+				       &qop_state);
+	assert_int_equal(GSS_S_DEFECTIVE_TOKEN, major_status);
+}
+
+static void test_unwrap_truncated_header_1(void **state) {
+	struct context *ctx = *state;
+	OM_uint32 major_status;
+	OM_uint32 minor_status;
+	gss_buffer_desc input = {0};
+	gss_buffer_desc output = {0};
+	int conf_state;
+	gss_qop_t qop_state;
+
+	/* See RFC 1964 for token format. */
+	static const uint8_t data[] = {
+		0x60, /* ASN.1 Application tag */
+		0x02, /* total length */
+		0x06, /* OBJECT IDENTIFIER */
+		0x09, /* mech length */
+		0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, /* GSS KRB5 mech */
+	};
+
+	input = get_input_buffer(ctx, data, sizeof(data), 4);
+
+	major_status = _gsskrb5_unwrap(&minor_status,
+				       ctx->context_handle,
+				       &input,
+				       &output,
+				       &conf_state,
+				       &qop_state);
+	assert_int_equal(GSS_S_BAD_MECH, major_status);
+}
+
+static void test_unwrap_valid(void **state) {
+	struct context *ctx = *state;
+	OM_uint32 major_status;
+	OM_uint32 minor_status;
+	gss_buffer_desc input = {0};
+	gss_buffer_desc output = {0};
+	int conf_state;
+	gss_qop_t qop_state;
+
+	/* See RFC 1964 for token format. */
+	static const uint8_t data[] = {
+		0x60, /* ASN.1 Application tag */
+		0x37, /* total length */
+		0x06, /* OBJECT IDENTIFIER */
+		0x09, /* mech length */
+		0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x01, 0x02, 0x02, /* GSS KRB5 mech */
+		0x02, 0x01, /* TOK_ID */
+		0x04, 0x00, /* SGN_ALG (HMAC SHA1 DES3-KD) */
+		0xff, 0xff, /* SEAL_ALG (none) */
+		0xff, 0xff, /* Filler */
+		0xa0, 0xa1, 0xa2, 0xa3, /* encrypted sequence number */
+		0x00, 0x00, 0x00, 0x00, /* sequence number direction (remote) */
+		/* checksum */
+		0xa4, 0xa5, 0xa6, 0xa7, 0xa8,
+		0xa9, 0xaa, 0xab, 0xac, 0xad,
+		0xae, 0xaf, 0xb0, 0xb1, 0xb2,
+		0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
+		/* unused */
+		0xb8, 0xb9, 0xba, 0xbb,
+		0xbc, 0xbd, 0xbe,
+		0x00, /* padding byte */
+	};
+
+	input = get_input_buffer(ctx, data, sizeof(data), 57);
+
+	expect_value(__wrap_krb5_decrypt_ivec, data, (uint8_t *)input.value + 21);
+	expect_memory(__wrap_krb5_decrypt_ivec, ivec,
+		      (uint8_t *)input.value + 29, DES_CBLOCK_LEN);
+
+	expect_value(__wrap_krb5_verify_checksum, len, 16);
+	expect_value(__wrap_krb5_verify_checksum, data, (uint8_t *)input.value + 41);
+	expect_memory(__wrap_krb5_verify_checksum, cksum->checksum.data,
+		      (uint8_t *)input.value + 29, 20);
+
+	major_status = _gsskrb5_unwrap(&minor_status,
+				       ctx->context_handle,
+				       &input,
+				       &output,
+				       &conf_state,
+				       &qop_state);
+	assert_int_equal(GSS_S_COMPLETE, major_status);
+
+	assert_int_equal(0, conf_state);
+	assert_int_equal(GSS_C_QOP_DEFAULT, qop_state);
+
+	assert_int_equal(output.length, 0);
+
+	major_status = gss_release_buffer(&minor_status, &output);
+	assert_int_equal(GSS_S_COMPLETE, major_status);
+}
+
+static void test_unwrap_with_padding_truncated_0(void **state) {
+	struct context *ctx = *state;
+	OM_uint32 major_status;
+	OM_uint32 minor_status;
+	gss_buffer_desc input = {0};
+	gss_buffer_desc output = {0};
+	int conf_state;
+	gss_qop_t qop_state;
+
+	/* See RFC 1964 for token format. */
+	static const uint8_t data[] = {
+		0x60, /* ASN.1 Application tag */
+		0x37, /* total length */
+		0x06, /* OBJECT IDENTIFIER */
+		0x09, /* mech length */
+		0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x01, 0x02, 0x02, /* GSS KRB5 mech */
+		0x02, 0x01, /* TOK_ID */
+		0x04, 0x00, /* SGN_ALG (HMAC SHA1 DES3-KD) */
+		0xff, 0xff, /* SEAL_ALG (none) */
+		0xff, 0xff, /* Filler */
+		0xa0, 0xa1, 0xa2, 0xa3, /* encrypted sequence number */
+		0x00, 0x00, 0x00, 0x00, /* sequence number direction (remote) */
+		/* checksum */
+		0xa4, 0xa5, 0xa6, 0xa7, 0xa8,
+		0xa9, 0xaa, 0xab, 0xac, 0xad,
+		0xae, 0xaf, 0xb0, 0xb1, 0xb2,
+		0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
+		/* unused */
+		0xb8, 0xb9, 0xba, 0xbb,
+		0x04, 0x04, 0x04, 0x04, /* padding bytes */
+	};
+
+	input = get_input_buffer(ctx, data, sizeof(data), 57);
+
+	/*
+	 * A fixed unwrap_des3() should fail before these wrappers are called,
+	 * but we want the wrappers to have access to any required values in the
+	 * event that they are called. Specifying WILL_RETURN_ONCE avoids a test
+	 * failure if these values remain unused.
+	 */
+	expect_value_count(__wrap_krb5_decrypt_ivec, data,
+			   (uint8_t *)input.value + 21,
+			   WILL_RETURN_ONCE);
+	expect_memory_count(__wrap_krb5_decrypt_ivec, ivec,
+			    (uint8_t *)input.value + 29, DES_CBLOCK_LEN,
+			    WILL_RETURN_ONCE);
+
+	expect_value_count(__wrap_krb5_verify_checksum, len, 16, WILL_RETURN_ONCE);
+	expect_value_count(__wrap_krb5_verify_checksum, data,
+			   (uint8_t *)input.value + 41,
+			   WILL_RETURN_ONCE);
+	expect_memory_count(__wrap_krb5_verify_checksum, cksum->checksum.data,
+			    (uint8_t *)input.value + 29, 20,
+			    WILL_RETURN_ONCE);
+
+	major_status = _gsskrb5_unwrap(&minor_status,
+				       ctx->context_handle,
+				       &input,
+				       &output,
+				       &conf_state,
+				       &qop_state);
+	assert_int_equal(GSS_S_BAD_MECH, major_status);
+}
+
+static void test_unwrap_with_padding_truncated_1(void **state) {
+	struct context *ctx = *state;
+	OM_uint32 major_status;
+	OM_uint32 minor_status;
+	gss_buffer_desc input = {0};
+	gss_buffer_desc output = {0};
+	int conf_state;
+	gss_qop_t qop_state;
+
+	/* See RFC 1964 for token format. */
+	static const uint8_t data[] = {
+		0x60, /* ASN.1 Application tag */
+		0x37, /* total length */
+		0x06, /* OBJECT IDENTIFIER */
+		0x09, /* mech length */
+		0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x01, 0x02, 0x02, /* GSS KRB5 mech */
+		0x02, 0x01, /* TOK_ID */
+		0x04, 0x00, /* SGN_ALG (HMAC SHA1 DES3-KD) */
+		0xff, 0xff, /* SEAL_ALG (none) */
+		0xff, 0xff, /* Filler */
+		0x00, 0xa1, 0xa2, 0xa3, /* padding byte / encrypted sequence number */
+		0x00, 0x00, 0x00, 0x00, /* sequence number direction (remote) */
+		/* checksum */
+		0xa4, 0xa5, 0xa6, 0xa7, 0xa8,
+		0xa9, 0xaa, 0xab, 0xac, 0xad,
+		0xae, 0xaf, 0xb0, 0xb1, 0xb2,
+		0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
+		/* padding bytes */
+		0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08,
+	};
+
+	input = get_input_buffer(ctx, data, sizeof(data), 57);
+
+	/*
+	 * A fixed unwrap_des3() should fail before these wrappers are called,
+	 * but we want the wrappers to have access to any required values in the
+	 * event that they are called. Specifying WILL_RETURN_ONCE avoids a test
+	 * failure if these values remain unused.
+	 */
+	expect_value_count(__wrap_krb5_decrypt_ivec, data,
+			   (uint8_t *)input.value + 21,
+			   WILL_RETURN_ONCE);
+	expect_memory_count(__wrap_krb5_decrypt_ivec, ivec,
+			    (uint8_t *)input.value + 29, DES_CBLOCK_LEN,
+			    WILL_RETURN_ONCE);
+
+	expect_value_count(__wrap_krb5_verify_checksum, len, 16, WILL_RETURN_ONCE);
+	expect_value_count(__wrap_krb5_verify_checksum, data,
+			   (uint8_t *)input.value + 41,
+			   WILL_RETURN_ONCE);
+	expect_memory_count(__wrap_krb5_verify_checksum, cksum->checksum.data,
+			    (uint8_t *)input.value + 29, 20,
+			    WILL_RETURN_ONCE);
+
+	major_status = _gsskrb5_unwrap(&minor_status,
+				       ctx->context_handle,
+				       &input,
+				       &output,
+				       &conf_state,
+				       &qop_state);
+	assert_int_equal(GSS_S_BAD_MECH, major_status);
+}
+
+static void test_unwrap_with_padding_valid(void **state) {
+	struct context *ctx = *state;
+	OM_uint32 major_status;
+	OM_uint32 minor_status;
+	gss_buffer_desc input = {0};
+	gss_buffer_desc output = {0};
+	int conf_state;
+	gss_qop_t qop_state;
+
+	/* See RFC 1964 for token format. */
+	static const uint8_t data[] = {
+		0x60, /* ASN.1 Application tag */
+		0x3f, /* total length */
+		0x06, /* OBJECT IDENTIFIER */
+		0x09, /* mech length */
+		0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x01, 0x02, 0x02, /* GSS KRB5 mech */
+		0x02, 0x01, /* TOK_ID */
+		0x04, 0x00, /* SGN_ALG (HMAC SHA1 DES3-KD) */
+		0xff, 0xff, /* SEAL_ALG (none) */
+		0xff, 0xff, /* Filler */
+		0xa0, 0xa1, 0xa2, 0xa3, /* encrypted sequence number */
+		0x00, 0x00, 0x00, 0x00, /* sequence number direction (remote) */
+		/* checksum */
+		0xa4, 0xa5, 0xa6, 0xa7, 0xa8,
+		0xa9, 0xaa, 0xab, 0xac, 0xad,
+		0xae, 0xaf, 0xb0, 0xb1, 0xb2,
+		0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
+		/* unused */
+		0xb8, 0xb9, 0xba, 0xbb,
+		0xbc, 0xbd, 0xbe, 0xbf,
+		/* padding bytes */
+		0x08, 0x08, 0x08, 0x08,
+		0x08, 0x08, 0x08, 0x08,
+	};
+
+	input = get_input_buffer(ctx, data, sizeof(data), 65);
+
+	expect_value(__wrap_krb5_decrypt_ivec, data, (uint8_t *)input.value + 21);
+	expect_memory(__wrap_krb5_decrypt_ivec, ivec,
+		      (uint8_t *)input.value + 29, DES_CBLOCK_LEN);
+
+	expect_value(__wrap_krb5_verify_checksum, len, 24);
+	expect_value(__wrap_krb5_verify_checksum, data, (uint8_t *)input.value + 41);
+	expect_memory(__wrap_krb5_verify_checksum, cksum->checksum.data,
+		      (uint8_t *)input.value + 29, 20);
+
+	major_status = _gsskrb5_unwrap(&minor_status,
+				       ctx->context_handle,
+				       &input,
+				       &output,
+				       &conf_state,
+				       &qop_state);
+	assert_int_equal(GSS_S_COMPLETE, major_status);
+
+	assert_int_equal(0, conf_state);
+	assert_int_equal(GSS_C_QOP_DEFAULT, qop_state);
+
+	assert_int_equal(output.length, 0);
+
+	major_status = gss_release_buffer(&minor_status, &output);
+	assert_int_equal(GSS_S_COMPLETE, major_status);
+}
+
+static void test_unwrap_with_seal_empty_token_valid(void **state) {
+	struct context *ctx = *state;
+	OM_uint32 major_status;
+	OM_uint32 minor_status;
+	gss_buffer_desc input = {0};
+	gss_buffer_desc output = {0};
+	int conf_state;
+	gss_qop_t qop_state;
+
+	/* See RFC 1964 for token format. */
+	static const uint8_t data[] = {
+		0x60, /* ASN.1 Application tag */
+		0x37, /* total length */
+		0x06, /* OBJECT IDENTIFIER */
+		0x09, /* mech length */
+		0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x01, 0x02, 0x02, /* GSS KRB5 mech */
+		0x02, 0x01, /* TOK_ID */
+		0x04, 0x00, /* SGN_ALG (HMAC SHA1 DES3-KD) */
+		0x02, 0x00, /* SEAL_ALG (DES3-KD) */
+		0xff, 0xff, /* Filler */
+		0xa0, 0xa1, 0xa2, 0xa3, /* encrypted sequence number */
+		0x00, 0x00, 0x00, 0x00, /* sequence number direction (remote) */
+		/* checksum */
+		0xa4, 0xa5, 0xa6, 0xa7, 0xa8,
+		0xa9, 0xaa, 0xab, 0xac, 0xad,
+		0xae, 0xaf, 0xb0, 0xb1, 0xb2,
+		0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
+		/* unused */
+		0xb8, 0xb9, 0xba, 0xbb,
+		0xbc, 0xbd, 0xbe,
+		0x00, /* padding byte */
+	};
+
+	input = get_input_buffer(ctx, data, sizeof(data), 57);
+
+	expect_value(__wrap_krb5_decrypt, len, 8);
+	expect_value(__wrap_krb5_decrypt, data, (uint8_t *)input.value + 49);
+
+	expect_value(__wrap_krb5_decrypt_ivec, data, (uint8_t *)input.value + 21);
+	expect_memory(__wrap_krb5_decrypt_ivec, ivec,
+		      (uint8_t *)input.value + 29, DES_CBLOCK_LEN);
+
+	expect_value(__wrap_krb5_verify_checksum, len, 16);
+	expect_value(__wrap_krb5_verify_checksum, data, (uint8_t *)input.value + 41);
+	expect_memory(__wrap_krb5_verify_checksum, cksum->checksum.data,
+		      (uint8_t *)input.value + 29, 20);
+
+	major_status = _gsskrb5_unwrap(&minor_status,
+				       ctx->context_handle,
+				       &input,
+				       &output,
+				       &conf_state,
+				       &qop_state);
+	assert_int_equal(GSS_S_COMPLETE, major_status);
+
+	assert_int_equal(1, conf_state);
+	assert_int_equal(GSS_C_QOP_DEFAULT, qop_state);
+
+	assert_int_equal(output.length, 0);
+
+	major_status = gss_release_buffer(&minor_status, &output);
+	assert_int_equal(GSS_S_COMPLETE, major_status);
+}
+
+static void test_unwrap_with_seal_missing_payload(void **state) {
+	struct context *ctx = *state;
+	OM_uint32 major_status;
+	OM_uint32 minor_status;
+	gss_buffer_desc input = {0};
+	gss_buffer_desc output = {0};
+	int conf_state;
+	gss_qop_t qop_state;
+
+	/* See RFC 1964 for token format. */
+	static const uint8_t data[] = {
+		0x60, /* ASN.1 Application tag */
+		0x14, /* total length */
+		0x06, /* OBJECT IDENTIFIER */
+		0x09, /* mech length */
+		0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x01, 0x02, 0x02, /* GSS KRB5 mech */
+		0x02, 0x01, /* TOK_ID */
+		0x04, 0x00, /* SGN_ALG (HMAC SHA1 DES3-KD) */
+		0x02, 0x00, /* SEAL_ALG (DES3-KD) */
+		0xff, 0xff, /* Filler */
+		0xa0, 0xa1, 0xa2, 0xa3, /* encrypted sequence number */
+		0x00, 0x00, 0x00, 0x00, /* sequence number direction (remote) */
+		/* checksum */
+		0xa4, 0xa5, 0xa6, 0xa7, 0xa8,
+		0xa9, 0xaa, 0xab, 0xac, 0xad,
+		0xae, 0xaf, 0xb0, 0xb1, 0xb2,
+		0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
+	};
+
+	input = get_input_buffer(ctx, data, sizeof(data), 22);
+
+	major_status = _gsskrb5_unwrap(&minor_status,
+				       ctx->context_handle,
+				       &input,
+				       &output,
+				       &conf_state,
+				       &qop_state);
+	assert_int_equal(GSS_S_BAD_MECH, major_status);
+}
+
+static void test_unwrap_with_seal_valid(void **state) {
+	struct context *ctx = *state;
+	OM_uint32 major_status;
+	OM_uint32 minor_status;
+	gss_buffer_desc input = {0};
+	gss_buffer_desc output = {0};
+	int conf_state;
+	gss_qop_t qop_state;
+
+	/* See RFC 1964 for token format. */
+	static const uint8_t data[] = {
+		0x60, /* ASN.1 Application tag */
+		0x3e, /* total length */
+		0x06, /* OBJECT IDENTIFIER */
+		0x09, /* mech length */
+		0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x01, 0x02, 0x02, /* GSS KRB5 mech */
+		0x02, 0x01, /* TOK_ID */
+		0x04, 0x00, /* SGN_ALG (HMAC SHA1 DES3-KD) */
+		0x02, 0x00, /* SEAL_ALG (DES3-KD) */
+		0xff, 0xff, /* Filler */
+		0xa0, 0xa1, 0xa2, 0xa3, /* encrypted sequence number */
+		0x00, 0x00, 0x00, 0x00, /* sequence number direction (remote) */
+		/* checksum */
+		0xa4, 0xa5, 0xa6, 0xa7, 0xa8,
+		0xa9, 0xaa, 0xab, 0xac, 0xad,
+		0xae, 0xaf, 0xb0, 0xb1, 0xb2,
+		0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
+		/* unused */
+		0xb8, 0xb9, 0xba, 0xbb,
+		0xbc, 0xbd, 0xbe, 0xbf,
+		0xc0, 0xc1, 0xc2, 0xc3,
+		0xc4, 0xc5,
+		0x00, /* padding byte */
+	};
+
+	input = get_input_buffer(ctx, data, sizeof(data), 64);
+
+	expect_value(__wrap_krb5_decrypt, len, 15);
+	expect_value(__wrap_krb5_decrypt, data, (uint8_t *)input.value + 49);
+
+	expect_value(__wrap_krb5_decrypt_ivec, data, (uint8_t *)input.value + 21);
+	expect_memory(__wrap_krb5_decrypt_ivec, ivec,
+		      (uint8_t *)input.value + 29, DES_CBLOCK_LEN);
+
+	expect_value(__wrap_krb5_verify_checksum, len, 23);
+	expect_value(__wrap_krb5_verify_checksum, data, (uint8_t *)input.value + 41);
+	expect_memory(__wrap_krb5_verify_checksum, cksum->checksum.data,
+		      (uint8_t *)input.value + 29, 20);
+
+	major_status = _gsskrb5_unwrap(&minor_status,
+				       ctx->context_handle,
+				       &input,
+				       &output,
+				       &conf_state,
+				       &qop_state);
+	assert_int_equal(GSS_S_COMPLETE, major_status);
+
+	assert_int_equal(1, conf_state);
+	assert_int_equal(GSS_C_QOP_DEFAULT, qop_state);
+
+	assert_int_equal(output.length, 7);
+	assert_memory_equal((uint8_t *)input.value + 57, output.value, output.length);
+
+	major_status = gss_release_buffer(&minor_status, &output);
+	assert_int_equal(GSS_S_COMPLETE, major_status);
+}
+
+int main(int argc, const char **argv)
+{
+	static const struct CMUnitTest tests[] = {
+		cmocka_unit_test_setup_teardown(
+			test_unwrap_dce_style_missing_payload, setup, teardown),
+		cmocka_unit_test_setup_teardown(
+			test_unwrap_dce_style_valid, setup, teardown),
+		cmocka_unit_test_setup_teardown(
+			test_unwrap_dce_style_with_seal_missing_payload, setup, teardown),
+		cmocka_unit_test_setup_teardown(
+			test_unwrap_dce_style_with_seal_valid, setup, teardown),
+		cmocka_unit_test_setup_teardown(
+			test_unwrap_missing_8_bytes, setup, teardown),
+		cmocka_unit_test_setup_teardown(
+			test_unwrap_missing_payload, setup, teardown),
+		cmocka_unit_test_setup_teardown(
+			test_unwrap_truncated_header_0, setup, teardown),
+		cmocka_unit_test_setup_teardown(
+			test_unwrap_truncated_header_1, setup, teardown),
+		cmocka_unit_test_setup_teardown(
+			test_unwrap_valid, setup, teardown),
+		cmocka_unit_test_setup_teardown(
+			test_unwrap_with_padding_truncated_0, setup, teardown),
+		cmocka_unit_test_setup_teardown(
+			test_unwrap_with_padding_truncated_1, setup, teardown),
+		cmocka_unit_test_setup_teardown(
+			test_unwrap_with_padding_valid, setup, teardown),
+		cmocka_unit_test_setup_teardown(
+			test_unwrap_with_seal_empty_token_valid, setup, teardown),
+		cmocka_unit_test_setup_teardown(
+			test_unwrap_with_seal_missing_payload, setup, teardown),
+		cmocka_unit_test_setup_teardown(
+			test_unwrap_with_seal_valid, setup, teardown),
+	};
+
+	cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
+	return cmocka_run_group_tests(tests, NULL, NULL);
+}
diff --git a/source4/auth/tests/kerberos.c b/source4/auth/tests/kerberos.c
new file mode 100644
index 0000000..d9be356
--- /dev/null
+++ b/source4/auth/tests/kerberos.c
@@ -0,0 +1,123 @@
+#include <time.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <setjmp.h>
+#include <stdint.h>
+#include <cmocka.h>
+
+#include "includes.h"
+#include "system/kerberos.h"
+#include "auth/kerberos/kerberos.h"
+#include "auth/credentials/credentials.h"
+#include "auth/credentials/credentials_krb5.h"
+#include "auth/kerberos/kerberos_credentials.h"
+#include "auth/kerberos/kerberos_util.h"
+
+static void internal_obsolete_keytab_test(int num_principals, int num_kvnos,
+					  krb5_kvno kvno, const char *kt_name)
+{
+	krb5_context krb5_ctx;
+	krb5_keytab keytab;
+	krb5_keytab_entry kt_entry;
+	krb5_kt_cursor cursor;
+	krb5_error_code code;
+
+	int i,j;
+	char princ_name[] = "user0";
+	char expect_princ_name[] = "user0@samba.example.com";
+	bool found_previous;
+	const char *error_str;
+
+	TALLOC_CTX *tmp_ctx = talloc_new(NULL);
+	krb5_principal *principals = talloc_zero_array(tmp_ctx,
+						       krb5_principal,
+						       num_principals);
+	krb5_init_context(&krb5_ctx);
+	krb5_kt_resolve(krb5_ctx, kt_name, &keytab);
+	ZERO_STRUCT(kt_entry);
+
+	for(i=0; i<num_principals; i++) {
+		princ_name[4] = (char)i+48;
+		smb_krb5_make_principal(krb5_ctx, &(principals[i]),
+				    "samba.example.com", princ_name, NULL);
+		kt_entry.principal = principals[i];
+		for (j=0; j<num_kvnos; j++) {
+			kt_entry.vno = j+1;
+			krb5_kt_add_entry(krb5_ctx, keytab, &kt_entry);
+		}
+	}
+
+	code = krb5_kt_start_seq_get(krb5_ctx, keytab, &cursor);
+	assert_int_equal(code, 0);
+#ifdef SAMBA4_USES_HEIMDAL
+	for (i=0; i<num_principals; i++) {
+		expect_princ_name[4] = (char)i+48;
+		for (j=0; j<num_kvnos; j++) {
+			char *unparsed_name;
+			code = krb5_kt_next_entry(krb5_ctx, keytab,
+						  &kt_entry, &cursor);
+			assert_int_equal(code, 0);
+			assert_int_equal(kt_entry.vno, j+1);
+#else
+	/* MIT - For MEMORY type keytabs, krb5_kt_add_entry() adds an
+	 * entry to the beginning of the keytab table, not the end */
+	for (i=num_principals-1; i>=0; i--) {
+		expect_princ_name[4] = (char)i+48;
+		for (j=num_kvnos; j>0; j--) {
+			char *unparsed_name;
+			code = krb5_kt_next_entry(krb5_ctx, keytab,
+						  &kt_entry, &cursor);
+			assert_int_equal(code, 0);
+			assert_int_equal(kt_entry.vno, j);
+#endif
+			krb5_unparse_name(krb5_ctx, kt_entry.principal,
+					  &unparsed_name);
+			assert_string_equal(expect_princ_name, unparsed_name);
+		}
+	}
+
+	smb_krb5_remove_obsolete_keytab_entries(tmp_ctx, krb5_ctx, keytab,
+						num_principals, principals,
+						kvno, &found_previous,
+						&error_str);
+
+	code = krb5_kt_start_seq_get(krb5_ctx, keytab, &cursor);
+	assert_int_equal(code, 0);
+#ifdef SAMBA4_USES_HEIMDAL
+	for (i=0; i<num_principals; i++) {
+#else /* MIT - reverse iterate through entries */
+	for (i=num_principals-1; i>=0; i--) {
+#endif
+		char *unparsed_name;
+		expect_princ_name[4] = (char)i+48;
+		code = krb5_kt_next_entry(krb5_ctx, keytab, &kt_entry, &cursor);
+		assert_int_equal(code, 0);
+		assert_int_equal(kt_entry.vno, kvno-1);
+		krb5_unparse_name(krb5_ctx, kt_entry.principal, &unparsed_name);
+		assert_string_equal(expect_princ_name, unparsed_name);
+	}
+	code = krb5_kt_next_entry(krb5_ctx, keytab, &kt_entry, &cursor);
+	assert_int_not_equal(code, 0);
+}
+
+static void test_krb5_remove_obsolete_keytab_entries_many(void **state)
+{
+	internal_obsolete_keytab_test(5, 4, (krb5_kvno)5, "MEMORY:LOL2");
+}
+
+static void test_krb5_remove_obsolete_keytab_entries_one(void **state)
+{
+	internal_obsolete_keytab_test(1, 2, (krb5_kvno)3, "MEMORY:LOL");
+}
+
+int main(int argc, const char **argv)
+{
+	const struct CMUnitTest tests[] = {
+		cmocka_unit_test(test_krb5_remove_obsolete_keytab_entries_one),
+		cmocka_unit_test(test_krb5_remove_obsolete_keytab_entries_many),
+	};
+
+	cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
+	return cmocka_run_group_tests(tests, NULL, NULL);
+}
diff --git a/source4/auth/tests/sam.c b/source4/auth/tests/sam.c
new file mode 100644
index 0000000..a2bc4a5
--- /dev/null
+++ b/source4/auth/tests/sam.c
@@ -0,0 +1,2746 @@
+/*
+ * Unit tests for source4/auth/sam.c
+ *
+ * Copyright (C) Catalyst.NET Ltd 2021
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+/*
+ * from cmocka.c:
+ * These headers or their equivalents should be included prior to
+ * including
+ * this header file.
+ *
+ * #include <stdarg.h>
+ * #include <stddef.h>
+ * #include <setjmp.h>
+ *
+ * This allows test applications to use custom definitions of C standard
+ * library functions and types.
+ *
+ */
+
+#include <time.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <setjmp.h>
+#include <stdint.h>
+#include <cmocka.h>
+
+#include "includes.h"
+#include "auth/sam.c"
+#include "ldb.h"
+#include "libcli/util/ntstatus.h"
+#include "librpc/gen_ndr/ndr_security.h"
+
+/*****************************************************************************
+ * wrapped functions
+ *
+ *****************************************************************************/
+int __wrap_samdb_msg_add_int64(
+	struct ldb_context *sam_ldb,
+	TALLOC_CTX *mem_ctx,
+	struct ldb_message *msg,
+	const char *attr_name,
+	int64_t v);
+int __real_samdb_msg_add_int64(
+	struct ldb_context *sam_ldb,
+	TALLOC_CTX *mem_ctx,
+	struct ldb_message *msg,
+	const char *attr_name,
+	int64_t v);
+int __wrap_samdb_msg_add_int64(
+	struct ldb_context *sam_ldb,
+	TALLOC_CTX *mem_ctx,
+	struct ldb_message *msg,
+	const char *attr_name,
+	int64_t v)
+{
+
+	int ret;
+	ret = (int)mock();
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	return __real_samdb_msg_add_int64(sam_ldb, mem_ctx, msg, attr_name, v);
+}
+/*****************************************************************************
+ * Mock implementations
+ *****************************************************************************/
+
+static int check_dn(const LargestIntegralType left_value,
+		    const LargestIntegralType right_value)
+{
+	/*
+	 * We have to cast away const so we can get the linearized form with
+	 * ldb_dn_get_extended_linearized().
+	 */
+	struct ldb_dn *left_dn = (void *)left_value;
+	struct ldb_dn *right_dn = (void *)right_value;
+	char *left_dn_string = NULL;
+	char *right_dn_string = NULL;
+	bool ok;
+
+	if (left_dn == NULL && right_dn == NULL) {
+		return true;
+	}
+
+	if (left_dn != NULL) {
+		left_dn_string = ldb_dn_get_extended_linearized(NULL, left_dn, 1);
+		assert_non_null(left_dn_string);
+	}
+
+	if (right_dn != NULL) {
+		right_dn_string = ldb_dn_get_extended_linearized(NULL, right_dn, 1);
+		assert_non_null(right_dn_string);
+	}
+
+	if (left_dn_string == NULL || right_dn_string == NULL) {
+		ok = false;
+		print_error("\"%s\" != \"%s\"\n",
+			    left_dn_string != NULL ? left_dn_string : "<NULL>",
+			    right_dn_string != NULL ? right_dn_string : "<NULL>");
+	} else {
+		ok = (strcmp(left_dn_string, right_dn_string) == 0);
+		if (!ok) {
+			print_error("\"%s\" != \"%s\"\n",
+				    left_dn_string,
+				    right_dn_string);
+		}
+
+	}
+
+	TALLOC_FREE(right_dn_string);
+	TALLOC_FREE(left_dn_string);
+
+	return ok;
+}
+
+int __wrap_dsdb_search_dn(struct ldb_context *ldb,
+			  TALLOC_CTX *mem_ctx,
+			  struct ldb_result **_result,
+			  struct ldb_dn *basedn,
+			  const char * const *attrs,
+			  uint32_t dsdb_flags);
+int __wrap_dsdb_search_dn(struct ldb_context *ldb,
+			  TALLOC_CTX *mem_ctx,
+			  struct ldb_result **_result,
+			  struct ldb_dn *basedn,
+			  const char * const *attrs,
+			  uint32_t dsdb_flags)
+{
+	check_expected(basedn);
+
+	*_result = talloc_steal(mem_ctx, mock_ptr_type(struct ldb_result *));
+
+	return mock();
+}
+
+int ldb_transaction_start_ret = LDB_SUCCESS;
+bool in_transaction = false;
+int ldb_transaction_start(struct ldb_context *ldb) {
+	assert_false(in_transaction);
+	if (ldb_transaction_start_ret == LDB_SUCCESS) {
+		in_transaction = true;
+	}
+	return ldb_transaction_start_ret;
+}
+
+int ldb_transaction_cancel_ret = LDB_SUCCESS;
+bool transaction_cancelled = false;
+int ldb_transaction_cancel(struct ldb_context *ldb) {
+	assert_true(in_transaction);
+	if (ldb_transaction_cancel_ret == LDB_SUCCESS) {
+		in_transaction = false;
+		transaction_cancelled = true;
+	}
+	return ldb_transaction_cancel_ret;
+}
+
+int ldb_transaction_commit_ret = LDB_SUCCESS;
+bool transaction_committed = false;
+int ldb_transaction_commit(struct ldb_context *ldb) {
+	assert_true(in_transaction);
+	if (ldb_transaction_commit_ret == LDB_SUCCESS) {
+		in_transaction = false;
+		transaction_committed = true;
+	}
+	return ldb_transaction_commit_ret;
+}
+
+NTSTATUS dsdb_update_bad_pwd_count_ret = NT_STATUS_OK;
+struct ldb_message *dsdb_update_bad_pwd_count_res = NULL;
+NTSTATUS dsdb_update_bad_pwd_count(TALLOC_CTX *mem_ctx,
+				   struct ldb_context *sam_ctx,
+				   struct ldb_message *user_msg,
+				   struct ldb_message *domain_msg,
+				   struct ldb_message *pso_msg,
+				   struct ldb_message **_mod_msg) {
+
+	*_mod_msg = talloc_move(mem_ctx, &dsdb_update_bad_pwd_count_res);
+	return dsdb_update_bad_pwd_count_ret;
+}
+
+int ldb_build_mod_req_ret = LDB_SUCCESS;
+struct ldb_request *ldb_build_mod_req_res = NULL;
+int ldb_build_mod_req(struct ldb_request **ret_req,
+			struct ldb_context *ldb,
+			TALLOC_CTX *mem_ctx,
+			const struct ldb_message *message,
+			struct ldb_control **controls,
+			void *context,
+			ldb_request_callback_t callback,
+			struct ldb_request *parent)
+{
+	*ret_req = talloc_move(mem_ctx, &ldb_build_mod_req_res);
+	return ldb_build_mod_req_ret;
+}
+
+int ldb_request_add_control_ret = LDB_SUCCESS;
+int ldb_request_add_control(struct ldb_request *req,
+			    const char *oid,
+			    bool critical,
+			    void *data)
+{
+	return ldb_request_add_control_ret;
+}
+
+int ldb_request_ret = LDB_SUCCESS;
+int ldb_request(struct ldb_context *ldb,
+		struct ldb_request *req)
+{
+	return ldb_request_ret;
+}
+
+int ldb_wait_ret = LDB_SUCCESS;
+int ldb_wait(struct ldb_handle *handle,
+	     enum ldb_wait_type type)
+{
+	return ldb_wait_ret;
+}
+bool ldb_msg_new_fail = false;
+struct ldb_message *ldb_msg_new(TALLOC_CTX *mem_ctx)
+{
+	if (ldb_msg_new_fail) {
+		return NULL;
+	} else {
+		return talloc_zero(mem_ctx, struct ldb_message);
+	}
+}
+
+int samdb_rodc_ret = LDB_SUCCESS;
+bool samdb_rodc_res = false;
+
+int samdb_rodc(
+	struct ldb_context *sam_ctx,
+	bool *am_rodc)
+{
+
+	*am_rodc = samdb_rodc_res;
+	return samdb_rodc_ret;
+}
+
+struct loadparm_context *ldb_get_opaque_ret = NULL;
+void *ldb_get_opaque(struct ldb_context *ldb, const char *name)
+{
+	return ldb_get_opaque_ret;
+}
+
+struct db_context {};
+struct db_context *cluster_db_tmp_open_ret = NULL;
+struct db_context *cluster_db_tmp_open(
+	TALLOC_CTX *mem_ctx,
+	struct loadparm_context *lp_ctx,
+	const char *dbbase,
+	int flags)
+{
+	return cluster_db_tmp_open_ret;
+}
+
+NTSTATUS dbwrap_store_ret = NT_STATUS_OK;
+NTSTATUS dbwrap_store(struct db_context *db, TDB_DATA key,
+		      TDB_DATA data, int flags)
+{
+	return dbwrap_store_ret;
+}
+bool dbwrap_exists_ret = true;
+
+bool dbwrap_exists(struct db_context *db, TDB_DATA key)
+{
+	return dbwrap_exists_ret;
+}
+
+NTSTATUS dbwrap_delete_ret = NT_STATUS_OK;
+NTSTATUS dbwrap_delete(struct db_context *db, TDB_DATA key)
+{
+	return dbwrap_delete_ret;
+}
+
+/*
+ * Set the globals used by the mocked functions to a known and consistent state
+ *
+ */
+static void init_mock_results(TALLOC_CTX *mem_ctx)
+{
+	ldb_transaction_start_ret = LDB_SUCCESS;
+	in_transaction = false;
+
+	ldb_transaction_cancel_ret = LDB_SUCCESS;
+	transaction_cancelled = false;
+
+	ldb_transaction_commit_ret = LDB_SUCCESS;
+	transaction_committed = false;
+
+	dsdb_update_bad_pwd_count_ret = NT_STATUS_OK;
+	dsdb_update_bad_pwd_count_res = NULL;
+
+	ldb_build_mod_req_ret = LDB_SUCCESS;
+	ldb_build_mod_req_res = NULL;
+
+	ldb_request_add_control_ret = LDB_SUCCESS;
+	ldb_request_ret = LDB_SUCCESS;
+	ldb_wait_ret = LDB_SUCCESS;
+
+	ldb_msg_new_fail = false;
+
+	samdb_rodc_ret = LDB_SUCCESS;
+	samdb_rodc_res = false;
+
+	ldb_get_opaque_ret = loadparm_init(mem_ctx);
+
+	cluster_db_tmp_open_ret = talloc_zero(mem_ctx, struct db_context);
+
+	dbwrap_store_ret = NT_STATUS_OK;
+
+	dbwrap_exists_ret = true;
+
+	dbwrap_delete_ret = NT_STATUS_OK;
+
+}
+
+/*****************************************************************************
+ * Unit test set up and tear down
+ *****************************************************************************/
+struct context {
+};
+
+static int setup(void **state) {
+	struct context *ctx = talloc_zero(NULL, struct context);
+	init_mock_results(ctx);
+
+	*state = ctx;
+	return 0;
+}
+
+static int teardown(void **state) {
+	struct context *ctx = *state;
+	TALLOC_FREE(ctx);
+	return 0;
+}
+
+/******************************************************************************
+ * Helper functions
+ ******************************************************************************/
+
+/*
+ * Build the "Original" user details record, i.e. the user being
+ * authenticated
+ */
+static struct ldb_message *create_message(TALLOC_CTX *ctx)
+{
+
+	int ret;
+	struct timeval tv_now = timeval_current();
+	NTTIME now = timeval_to_nttime(&tv_now);
+
+	struct ldb_message *msg = ldb_msg_new(ctx);
+
+	assert_non_null(msg);
+	ret = samdb_msg_add_int(ctx, msg, msg, "badPwdCount", 10);
+	assert_int_equal(LDB_SUCCESS, ret);
+	ret = __real_samdb_msg_add_int64(ctx, msg, msg, "badPasswordTime", now);
+	assert_int_equal(LDB_SUCCESS, ret);
+	ret = __real_samdb_msg_add_int64(ctx, msg, msg, "lockoutTime", now);
+	assert_int_equal(LDB_SUCCESS, ret);
+	return msg;
+}
+
+/*
+ * Add a binary objectSID from string form to the supplied message
+ *
+ *
+ */
+static void add_sid(
+	struct ldb_message *msg,
+	const char *sid_str)
+{
+	struct ldb_val v;
+	enum ndr_err_code ndr_err;
+	struct dom_sid *sid = NULL;
+
+	sid = talloc_zero(msg, struct dom_sid);
+	assert_non_null(sid);
+	assert_true(string_to_sid(sid, sid_str));
+	ndr_err = ndr_push_struct_blob(
+		&v, msg, sid, (ndr_push_flags_fn_t)ndr_push_dom_sid);
+	assert_true(NDR_ERR_CODE_IS_SUCCESS(ndr_err));
+	assert_int_equal(0, ldb_msg_add_value(msg, "objectSID", &v, NULL));
+}
+
+/*
+ * Build an ldb_result, for the re-reading of a user record
+ *
+ * if account_control < 0 then the msDS-User-Account-Control-Computed
+ * element is not included
+ * otherwise it is set to the value passed in account_control.
+ *
+ */
+static struct ldb_result *build_reread_result(
+	struct ldb_context *ldb,
+	TALLOC_CTX *ctx,
+	int account_control)
+{
+	struct ldb_message *msg = NULL;
+	int ret;
+
+	struct ldb_result *res = talloc_zero(ctx, struct ldb_result);
+
+	assert_non_null(res);
+	res->count = 1;
+	res->msgs = talloc_array(res, struct ldb_message *, 1);
+
+	msg = create_message(res);
+	add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
+	if (account_control >= 0) {
+		ret = samdb_msg_add_int(
+			ldb,
+			msg,
+			msg,
+			"msDS-User-Account-Control-Computed",
+			account_control);
+		assert_int_equal(LDB_SUCCESS, ret);
+	}
+
+	res->msgs[0] = msg;
+	return res;
+}
+
+/*
+ * Build a mock domain pso ldb_result
+ */
+static struct ldb_result *build_domain_pso_result(
+	struct ldb_context *ldb,
+	TALLOC_CTX *ctx)
+{
+	struct ldb_message *msg = NULL;
+	struct ldb_result *res = talloc_zero(ctx, struct ldb_result);
+
+	assert_non_null(res);
+	res->count = 1;
+	res->msgs = talloc_array(res, struct ldb_message *, 1);
+	assert_non_null(res->msgs);
+	msg = talloc_zero(res, struct ldb_message);
+	assert_non_null(msg);
+	res->msgs[0] = msg;
+	return res;
+}
+
+/*****************************************************************************
+ * authsam_reread_user_logon_data unit tests
+ *****************************************************************************/
+/*
+ * authsam_reread_user_logon_data unable to re-read the user record.
+ *
+ */
+static void test_reread_read_failure(void **state) {
+	struct ldb_context *ldb = NULL;
+	struct ldb_message *msg = NULL;
+	struct ldb_message *cur = NULL;
+	TALLOC_CTX *ctx = NULL;
+	size_t before = 0;
+	size_t after = 0;
+	NTSTATUS status;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	msg = create_message(ctx);
+	add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
+
+	msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
+	assert_non_null(msg->dn);
+
+	before = talloc_total_size(ctx);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, msg->dn);
+	will_return(__wrap_dsdb_search_dn, NULL);
+	will_return(__wrap_dsdb_search_dn, LDB_ERR_NO_SUCH_OBJECT);
+
+	status = authsam_reread_user_logon_data(ldb, ctx, msg, &cur);
+	assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * authsam_reread_user_logon_data account control flags missing from
+ * re-read data
+ *
+ */
+static void test_reread_missing_account_control(void **state) {
+	struct ldb_context *ldb = NULL;
+	struct ldb_message *msg = NULL;
+	struct ldb_message *cur = NULL;
+	TALLOC_CTX *ctx = NULL;
+	size_t before = 0;
+	size_t after = 0;
+	NTSTATUS status;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	msg = create_message(ctx);
+	add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
+
+	msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
+	assert_non_null(msg->dn);
+
+	before = talloc_total_size(ctx);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, msg->dn);
+	will_return(__wrap_dsdb_search_dn, build_reread_result(ldb, ctx, -1));
+	will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
+
+	status = authsam_reread_user_logon_data(ldb, ctx, msg, &cur);
+	assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * authsam_reread_user_logon_data account locked
+ * re-read data
+ *
+ */
+static void test_reread_account_locked(void **state) {
+	struct ldb_context *ldb = NULL;
+	struct ldb_message *msg = NULL;
+	struct ldb_message *cur = NULL;
+	TALLOC_CTX *ctx = NULL;
+	size_t before = 0;
+	size_t after = 0;
+	NTSTATUS status;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	msg = create_message(ctx);
+	add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
+
+	msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
+	assert_non_null(msg->dn);
+
+	before = talloc_total_size(ctx);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, msg->dn);
+	will_return(__wrap_dsdb_search_dn, build_reread_result(ldb, ctx, UF_LOCKOUT));
+	will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
+
+	status = authsam_reread_user_logon_data(ldb, ctx, msg, &cur);
+	assert_true(NT_STATUS_EQUAL(status, NT_STATUS_ACCOUNT_LOCKED_OUT));
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * authsam_reread_user_logon_data account is not locked
+ * re-read data
+ *
+ */
+static void test_reread_account_not_locked(void **state) {
+	struct ldb_context *ldb = NULL;
+	struct ldb_message *msg = NULL;
+	struct ldb_message *cur = NULL;
+	TALLOC_CTX *ctx = NULL;
+	size_t before = 0;
+	size_t after = 0;
+	size_t result_size = 0;
+	NTSTATUS status;
+	struct ldb_result *res = NULL;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	msg = create_message(ctx);
+	add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
+
+	msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
+	assert_non_null(msg->dn);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, msg->dn);
+	/*
+	 * authsam_reread_user_logon_data returns the ldb_message portion
+	 * of the ldb_result created by build_reread_result.
+	 * So the tests for memory leaks will need to adjust for that
+	 */
+	res = build_reread_result(ldb, ctx, 0);
+	will_return(__wrap_dsdb_search_dn, res);
+	will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
+
+	result_size = talloc_total_size(res) -
+		      talloc_total_size(res->msgs[0]);
+	before = talloc_total_size(ctx) - result_size;
+
+	status = authsam_reread_user_logon_data(ldb, ctx, msg, &cur);
+	assert_true(NT_STATUS_IS_OK(status));
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+
+/*****************************************************************************
+ * authsam_update_bad_pwd_count unit tests
+ *****************************************************************************/
+
+/*
+ * authsam_update_bad_pwd_account
+ *
+ * Unable to read the domain_dn record
+ *
+ */
+static void test_update_bad_domain_dn_search_failed(void **state) {
+	struct ldb_context *ldb = NULL;
+	struct ldb_message *msg = NULL;
+	struct ldb_dn *domain_dn = NULL;
+	TALLOC_CTX *ctx = NULL;
+	size_t before = 0;
+	size_t after = 0;
+	NTSTATUS status;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
+	assert_non_null(domain_dn);
+
+	msg = talloc_zero(ctx, struct ldb_message);
+	assert_non_null(msg);
+
+	msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
+	assert_non_null(msg->dn);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, domain_dn);
+	will_return(__wrap_dsdb_search_dn, NULL);
+	will_return(__wrap_dsdb_search_dn, LDB_ERR_NO_SUCH_OBJECT);
+
+	before = talloc_total_size(ctx);
+
+	status = authsam_update_bad_pwd_count(ldb, msg, domain_dn);
+	assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_DB_CORRUPTION));
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * authsam_update_bad_pwd_account
+ *
+ * authsam_get_user_pso failure
+ *
+ */
+static void test_update_bad_get_pso_failed(void **state) {
+	struct ldb_context *ldb = NULL;
+	struct ldb_message *msg = NULL;
+	struct ldb_dn *domain_dn = NULL;
+	struct ldb_dn *pso_dn = NULL;
+	const char *pso_dn_str = "CN=PSO";
+	TALLOC_CTX *ctx = NULL;
+	size_t before = 0;
+	size_t after = 0;
+	NTSTATUS status;
+	int ret;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
+	assert_non_null(domain_dn);
+
+	pso_dn = ldb_dn_new(ctx, ldb, pso_dn_str);
+	assert_non_null(pso_dn);
+
+	msg = talloc_zero(ctx, struct ldb_message);
+	assert_non_null(msg);
+	ret = ldb_msg_add_string(msg, "msDS-ResultantPSO", pso_dn_str);
+	assert_int_equal(LDB_SUCCESS, ret);
+
+	msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
+	assert_non_null(msg->dn);
+
+	before = talloc_total_size(ctx);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, domain_dn);
+	will_return(__wrap_dsdb_search_dn, build_domain_pso_result(ldb, ctx));
+	will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, pso_dn);
+	will_return(__wrap_dsdb_search_dn, NULL);
+	will_return(__wrap_dsdb_search_dn, LDB_ERR_NO_SUCH_OBJECT);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, msg->dn);
+	will_return(__wrap_dsdb_search_dn, build_reread_result(ldb, ctx, 0));
+	will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
+
+	status = authsam_update_bad_pwd_count(ldb, msg, domain_dn);
+	assert_true(NT_STATUS_IS_OK(status));
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+
+/*
+ * authsam_update_bad_pwd_account
+ *
+ * start_transaction failure
+ *
+ */
+static void test_update_bad_start_txn_failed(void **state) {
+	struct ldb_context *ldb = NULL;
+	struct ldb_message *msg = NULL;
+	struct ldb_dn *domain_dn = NULL;
+	TALLOC_CTX *ctx = NULL;
+	size_t before = 0;
+	size_t after = 0;
+	NTSTATUS status;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
+	assert_non_null(domain_dn);
+
+	msg = talloc_zero(ctx, struct ldb_message);
+	assert_non_null(msg);
+
+	before = talloc_total_size(ctx);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, domain_dn);
+	will_return(__wrap_dsdb_search_dn, build_domain_pso_result(ldb, ctx));
+	will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
+
+	ldb_transaction_start_ret = LDB_ERR_OPERATIONS_ERROR;
+
+	status = authsam_update_bad_pwd_count(ldb, msg, domain_dn);
+	assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * authsam_update_bad_pwd_account
+ *
+ * User details re-read failed
+ *
+ */
+static void test_update_bad_reread_failed(void **state) {
+	struct ldb_context *ldb = NULL;
+	struct ldb_message *msg = NULL;
+	struct ldb_dn *domain_dn = NULL;
+	TALLOC_CTX *ctx = NULL;
+	size_t before = 0;
+	size_t after = 0;
+	NTSTATUS status;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
+	assert_non_null(domain_dn);
+
+	msg = talloc_zero(ctx, struct ldb_message);
+	assert_non_null(msg);
+
+	msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
+	assert_non_null(msg->dn);
+
+	before = talloc_total_size(ctx);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, domain_dn);
+	will_return(__wrap_dsdb_search_dn, build_domain_pso_result(ldb, ctx));
+	will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, msg->dn);
+	will_return(__wrap_dsdb_search_dn, NULL);
+	will_return(__wrap_dsdb_search_dn, LDB_ERR_NO_SUCH_OBJECT);
+
+	status = authsam_update_bad_pwd_count(ldb, msg, domain_dn);
+	assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
+	assert_true(transaction_cancelled);
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * authsam_update_bad_pwd_account
+ *
+ * User details re-read reported locked out.
+ *
+ */
+static void test_update_bad_reread_locked_out(void **state) {
+	struct ldb_context *ldb = NULL;
+	struct ldb_message *msg = NULL;
+	struct ldb_dn *domain_dn = NULL;
+	TALLOC_CTX *ctx = NULL;
+	size_t before = 0;
+	size_t after = 0;
+	NTSTATUS status;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
+	assert_non_null(domain_dn);
+
+	msg = create_message(ctx);
+	add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
+
+	msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
+	assert_non_null(msg->dn);
+
+	before = talloc_total_size(ctx);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, domain_dn);
+	will_return(__wrap_dsdb_search_dn, build_domain_pso_result(ldb, ctx));
+	will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, msg->dn);
+	will_return(__wrap_dsdb_search_dn, build_reread_result(ldb, ctx, UF_LOCKOUT));
+	will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
+
+	status = authsam_update_bad_pwd_count(ldb, msg, domain_dn);
+	assert_true(NT_STATUS_EQUAL(status, NT_STATUS_ACCOUNT_LOCKED_OUT));
+	assert_false(transaction_cancelled);
+	assert_true(transaction_committed);
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * authsam_update_bad_pwd_account
+ *
+ * Transaction cancel failure
+ */
+static void test_update_bad_txn_cancel_failed(void **state) {
+	struct ldb_context *ldb = NULL;
+	struct ldb_message *msg = NULL;
+	struct ldb_dn *domain_dn = NULL;
+	TALLOC_CTX *ctx = NULL;
+	size_t before = 0;
+	size_t after = 0;
+	NTSTATUS status;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
+	assert_non_null(domain_dn);
+
+	msg = talloc_zero(ctx, struct ldb_message);
+	assert_non_null(msg);
+
+	msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
+	assert_non_null(msg->dn);
+
+	before = talloc_total_size(ctx);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, domain_dn);
+	will_return(__wrap_dsdb_search_dn, build_domain_pso_result(ldb, ctx));
+	will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, msg->dn);
+	will_return(__wrap_dsdb_search_dn, NULL);
+	will_return(__wrap_dsdb_search_dn, LDB_ERR_NO_SUCH_OBJECT);
+
+	ldb_transaction_cancel_ret = LDB_ERR_OPERATIONS_ERROR;
+
+	status = authsam_update_bad_pwd_count(ldb, msg, domain_dn);
+	assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
+	assert_true(in_transaction);
+	assert_false(transaction_cancelled);
+	assert_false(transaction_committed);
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * The following tests all expect the same setup, that is a normal
+ * good user object and empty domain object.
+ *
+ * returns the talloc size after result array setup for leak tests
+ */
+static size_t setup_bad_password_search_results(TALLOC_CTX *ctx,
+						struct ldb_context *ldb,
+						struct ldb_dn *domain_dn,
+						struct ldb_dn *user_dn)
+{
+	size_t before = 0;
+
+	before = talloc_total_size(ctx);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, domain_dn);
+	will_return(__wrap_dsdb_search_dn, build_domain_pso_result(ldb, ctx));
+	will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, user_dn);
+	will_return(__wrap_dsdb_search_dn, build_reread_result(ldb, ctx, 0));
+	will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
+
+	return before;
+}
+
+
+/*
+ * authsam_update_bad_pwd_account
+ *
+ * dsdb_update_bad_pwd_count failure
+ *
+ */
+static void test_update_bad_update_count_failed(void **state) {
+	struct ldb_context *ldb = NULL;
+	struct ldb_message *msg = NULL;
+	struct ldb_dn *domain_dn = NULL;
+	TALLOC_CTX *ctx = NULL;
+	size_t before = 0;
+	size_t after = 0;
+	NTSTATUS status;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
+	assert_non_null(domain_dn);
+
+	msg = create_message(ctx);
+	add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
+
+	msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
+	assert_non_null(msg->dn);
+
+	before = setup_bad_password_search_results(ctx, ldb,
+						   domain_dn,
+						   msg->dn);
+
+	dsdb_update_bad_pwd_count_ret = NT_STATUS_INTERNAL_ERROR;
+
+	status = authsam_update_bad_pwd_count(ldb, msg, domain_dn);
+	assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
+	assert_true(transaction_cancelled);
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * authsam_update_bad_pwd_account
+ *
+ * No need to update the bad password stats
+ *
+ */
+static void test_update_bad_no_update_required(void **state) {
+	struct ldb_context *ldb = NULL;
+	struct ldb_message *msg = NULL;
+	struct ldb_dn *domain_dn = NULL;
+	TALLOC_CTX *ctx = NULL;
+	size_t before = 0;
+	size_t after = 0;
+	NTSTATUS status;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
+	assert_non_null(domain_dn);
+
+	msg = create_message(ctx);
+	add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
+
+	msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
+	assert_non_null(msg->dn);
+
+	before = setup_bad_password_search_results(ctx, ldb,
+						   domain_dn,
+						   msg->dn);
+
+	status = authsam_update_bad_pwd_count(ldb, msg, domain_dn);
+	assert_true(NT_STATUS_IS_OK(status));
+	assert_true(transaction_committed);
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * authsam_update_bad_pwd_account
+ *
+ * Transaction commit failure
+ *
+ */
+static void test_update_bad_commit_failed(void **state) {
+	struct ldb_context *ldb = NULL;
+	struct ldb_message *msg = NULL;
+	struct ldb_dn *domain_dn = NULL;
+	TALLOC_CTX *ctx = NULL;
+	size_t before = 0;
+	size_t after = 0;
+	NTSTATUS status;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
+	assert_non_null(domain_dn);
+
+	msg = create_message(ctx);
+	add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
+
+	msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
+	assert_non_null(msg->dn);
+
+	before = setup_bad_password_search_results(ctx, ldb,
+						   domain_dn,
+						   msg->dn);
+
+	ldb_transaction_commit_ret = LDB_ERR_OPERATIONS_ERROR;
+
+	status = authsam_update_bad_pwd_count(ldb, msg, domain_dn);
+	assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
+	assert_true(in_transaction);
+	assert_false(transaction_cancelled);
+	assert_false(transaction_committed);
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * authsam_update_bad_pwd_account
+ *
+ * ldb_build_mod_req failed building the user update details
+ *
+ */
+static void test_update_bad_build_mod_request_failed(void **state) {
+	struct ldb_context *ldb = NULL;
+	struct ldb_message *msg = NULL;
+	struct ldb_dn *domain_dn = NULL;
+	TALLOC_CTX *ctx = NULL;
+	size_t before = 0;
+	size_t after = 0;
+	NTSTATUS status;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
+	assert_non_null(domain_dn);
+
+	msg = create_message(ctx);
+	add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
+
+	msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
+	assert_non_null(msg->dn);
+
+	before = setup_bad_password_search_results(ctx, ldb,
+						   domain_dn,
+						   msg->dn);
+
+	dsdb_update_bad_pwd_count_res = talloc_zero(ctx, struct ldb_message);
+	ldb_build_mod_req_ret = LDB_ERR_OPERATIONS_ERROR;
+
+	status = authsam_update_bad_pwd_count(ldb, msg, domain_dn);
+	assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
+	assert_true(transaction_cancelled);
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * authsam_update_bad_pwd_account
+ *
+ * ldb_request_add_control failed to add DSDB_CONTROL_FORCE_RODC_LOCAL_CHANGE
+ * to the user update record.
+ *
+ */
+static void test_update_bad_add_control_failed(void **state) {
+	struct ldb_context *ldb = NULL;
+	struct ldb_message *msg = NULL;
+	struct ldb_dn *domain_dn = NULL;
+	TALLOC_CTX *ctx = NULL;
+	size_t before = 0;
+	size_t after = 0;
+	NTSTATUS status;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
+	assert_non_null(domain_dn);
+
+	msg = create_message(ctx);
+	add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
+
+	msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
+	assert_non_null(msg->dn);
+
+	before = setup_bad_password_search_results(ctx, ldb,
+						   domain_dn,
+						   msg->dn);
+
+	dsdb_update_bad_pwd_count_res = talloc_zero(ctx, struct ldb_message);
+	ldb_build_mod_req_res = talloc_zero(ctx, struct ldb_request);
+	ldb_request_add_control_ret = LDB_ERR_OPERATIONS_ERROR;
+
+	status = authsam_update_bad_pwd_count(ldb, msg, domain_dn);
+	assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
+	assert_true(transaction_cancelled);
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * authsam_update_bad_pwd_account
+ *
+ * call to ldb_request failed
+ *
+ */
+static void test_update_bad_ldb_request_failed(void **state) {
+	struct ldb_context *ldb = NULL;
+	struct ldb_message *msg = NULL;
+	struct ldb_dn *domain_dn = NULL;
+	TALLOC_CTX *ctx = NULL;
+	size_t before = 0;
+	size_t after = 0;
+	NTSTATUS status;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
+	assert_non_null(domain_dn);
+
+	msg = create_message(ctx);
+	add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
+
+	msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
+	assert_non_null(msg->dn);
+
+	before = setup_bad_password_search_results(ctx, ldb,
+						   domain_dn,
+						   msg->dn);
+
+	dsdb_update_bad_pwd_count_res = talloc_zero(ctx, struct ldb_message);
+	ldb_build_mod_req_res = talloc_zero(ctx, struct ldb_request);
+	ldb_request_ret = LDB_ERR_OPERATIONS_ERROR;
+
+	status = authsam_update_bad_pwd_count(ldb, msg, domain_dn);
+	assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
+	assert_true(transaction_cancelled);
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * authsam_update_bad_pwd_account
+ *
+ * call to ldb_wait failed
+ *
+ */
+static void test_update_bad_ldb_wait_failed(void **state) {
+	struct ldb_context *ldb = NULL;
+	struct ldb_message *msg = NULL;
+	struct ldb_dn *domain_dn = NULL;
+	TALLOC_CTX *ctx = NULL;
+	size_t before = 0;
+	size_t after = 0;
+	NTSTATUS status;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
+	assert_non_null(domain_dn);
+
+	msg = create_message(ctx);
+	add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
+
+	msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
+	assert_non_null(msg->dn);
+
+	before = setup_bad_password_search_results(ctx, ldb,
+						   domain_dn,
+						   msg->dn);
+
+	dsdb_update_bad_pwd_count_res = talloc_zero(ctx, struct ldb_message);
+	ldb_build_mod_req_res = talloc_zero(ctx, struct ldb_request);
+	ldb_wait_ret = LDB_ERR_OPERATIONS_ERROR;
+
+	status = authsam_update_bad_pwd_count(ldb, msg, domain_dn);
+	assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
+	assert_true(transaction_cancelled);
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+/*****************************************************************************
+ * authsam_logon_success_accounting unit tests
+ *****************************************************************************/
+/*
+ * authsam_logon_success_accounting
+ *
+ * start_transaction failure
+ *
+ */
+static void test_success_accounting_start_txn_failed(void **state) {
+	struct ldb_context *ldb = NULL;
+	struct ldb_message *msg = NULL;
+	struct ldb_dn *domain_dn = NULL;
+	TALLOC_CTX *ctx = NULL;
+	size_t before = 0;
+	size_t after = 0;
+	NTSTATUS status;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
+	assert_non_null(domain_dn);
+
+	msg = create_message(ctx);
+	add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
+
+	msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
+	assert_non_null(msg->dn);
+
+	before = talloc_total_size(ctx);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, domain_dn);
+	will_return(__wrap_dsdb_search_dn, build_domain_pso_result(ldb, ctx));
+	will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
+
+	ldb_transaction_start_ret = LDB_ERR_OPERATIONS_ERROR;
+
+	status = authsam_logon_success_accounting(
+		ldb, msg, domain_dn, true, NULL, NULL);
+	assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * authsam_logon_success_accounting
+ *
+ * User details re-read failed
+ *
+ */
+static void test_success_accounting_reread_failed(void **state) {
+	struct ldb_context *ldb = NULL;
+	struct ldb_message *msg = NULL;
+	struct ldb_dn *domain_dn = NULL;
+	TALLOC_CTX *ctx = NULL;
+	size_t before = 0;
+	size_t after = 0;
+	NTSTATUS status;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
+	assert_non_null(domain_dn);
+
+	msg = create_message(ctx);
+	add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
+
+	msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
+	assert_non_null(msg->dn);
+
+	before = talloc_total_size(ctx);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, domain_dn);
+	will_return(__wrap_dsdb_search_dn, build_domain_pso_result(ldb, ctx));
+	will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, msg->dn);
+	will_return(__wrap_dsdb_search_dn, NULL);
+	will_return(__wrap_dsdb_search_dn, LDB_ERR_NO_SUCH_OBJECT);
+
+	status = authsam_logon_success_accounting(
+		ldb, msg, domain_dn, true, NULL, NULL);
+	assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
+	assert_true(transaction_cancelled);
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * authsam_logon_success_accounting
+ *
+ * ldb_msg_new failed
+ *
+ */
+static void test_success_accounting_ldb_msg_new_failed(void **state) {
+	struct ldb_context *ldb = NULL;
+	struct ldb_message *msg = NULL;
+	struct ldb_dn *domain_dn = NULL;
+	TALLOC_CTX *ctx = NULL;
+	size_t before = 0;
+	size_t after = 0;
+	NTSTATUS status;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
+	assert_non_null(domain_dn);
+
+	msg = create_message(ctx);
+	add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
+
+	msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
+	assert_non_null(msg->dn);
+
+	before = talloc_total_size(ctx);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, domain_dn);
+	will_return(__wrap_dsdb_search_dn, build_domain_pso_result(ldb, ctx));
+	will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, msg->dn);
+	will_return(__wrap_dsdb_search_dn, build_reread_result(ldb, ctx, 0));
+	will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
+
+	ldb_msg_new_fail = true;
+
+	status = authsam_logon_success_accounting(
+		ldb, msg, domain_dn, true, NULL, NULL);
+	assert_true(NT_STATUS_EQUAL(status, NT_STATUS_NO_MEMORY));
+	assert_true(transaction_cancelled);
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * authsam_logon_success_accounting
+ *
+ * samdb_rodc failed
+ *
+ */
+static void test_success_accounting_samdb_rodc_failed(void **state) {
+	struct ldb_context *ldb = NULL;
+	struct ldb_message *msg = NULL;
+	struct ldb_dn *domain_dn = NULL;
+	TALLOC_CTX *ctx = NULL;
+	size_t before = 0;
+	size_t after = 0;
+	NTSTATUS status;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
+	assert_non_null(domain_dn);
+
+	msg = create_message(ctx);
+	add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
+
+	msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
+	assert_non_null(msg->dn);
+
+	before = talloc_total_size(ctx);
+
+	samdb_rodc_ret = LDB_ERR_OPERATIONS_ERROR;
+
+	status = authsam_logon_success_accounting(
+		ldb, msg, domain_dn, true, NULL, NULL);
+	assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
+	assert_false(in_transaction);
+	assert_false(transaction_cancelled);
+	assert_false(transaction_committed);
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * authsam_logon_success_accounting
+ *
+ * authsam_update_lastlogon_timestamp failed
+ *
+ */
+static void test_success_accounting_update_lastlogon_failed(void **state) {
+	struct ldb_context *ldb = NULL;
+	struct ldb_message *msg = NULL;
+	struct ldb_dn *domain_dn = NULL;
+	TALLOC_CTX *ctx = NULL;
+	size_t before = 0;
+	size_t after = 0;
+	NTSTATUS status;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
+	assert_non_null(domain_dn);
+
+	msg = create_message(ctx);
+	add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
+
+	msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
+	assert_non_null(msg->dn);
+
+	ldb_build_mod_req_res = talloc_zero(ctx, struct ldb_request);
+
+	before = talloc_total_size(ctx);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, domain_dn);
+	will_return(__wrap_dsdb_search_dn, build_domain_pso_result(ldb, ctx));
+	will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, msg->dn);
+	will_return(__wrap_dsdb_search_dn, build_reread_result(ldb, ctx, 0));
+	will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
+
+	will_return(__wrap_samdb_msg_add_int64, LDB_ERR_OPERATIONS_ERROR);
+
+	status = authsam_logon_success_accounting(
+		ldb, msg, domain_dn, true, NULL, NULL);
+	assert_true(NT_STATUS_EQUAL(status, NT_STATUS_NO_MEMORY));
+	assert_true(transaction_cancelled);
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * authsam_logon_success_accounting
+ *
+ * ldb_build_mod_req failed
+ *
+ */
+static void test_success_accounting_build_mod_req_failed(void **state) {
+	struct ldb_context *ldb = NULL;
+	struct ldb_message *msg = NULL;
+	struct ldb_dn *domain_dn = NULL;
+	TALLOC_CTX *ctx = NULL;
+	size_t before = 0;
+	size_t after = 0;
+	NTSTATUS status;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
+	assert_non_null(domain_dn);
+
+	msg = create_message(ctx);
+	add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
+
+	msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
+	assert_non_null(msg->dn);
+
+	before = talloc_total_size(ctx);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, domain_dn);
+	will_return(__wrap_dsdb_search_dn, build_domain_pso_result(ldb, ctx));
+	will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, msg->dn);
+	will_return(__wrap_dsdb_search_dn, build_reread_result(ldb, ctx, 0));
+	will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
+
+	ldb_build_mod_req_ret = LDB_ERR_OPERATIONS_ERROR;
+
+	will_return(__wrap_samdb_msg_add_int64, LDB_SUCCESS);
+	will_return(__wrap_samdb_msg_add_int64, LDB_SUCCESS);
+
+	status = authsam_logon_success_accounting(
+		ldb, msg, domain_dn, true, NULL, NULL);
+	assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
+	assert_true(transaction_cancelled);
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * authsam_logon_success_accounting
+ *
+ * ldb_request_add_control failed
+ *
+ */
+static void test_success_accounting_add_control_failed(void **state) {
+	struct ldb_context *ldb = NULL;
+	struct ldb_message *msg = NULL;
+	struct ldb_dn *domain_dn = NULL;
+	TALLOC_CTX *ctx = NULL;
+	size_t before = 0;
+	size_t after = 0;
+	NTSTATUS status;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
+	assert_non_null(domain_dn);
+
+	msg = create_message(ctx);
+	add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
+
+	msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
+	assert_non_null(msg->dn);
+
+	before = talloc_total_size(ctx);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, domain_dn);
+	will_return(__wrap_dsdb_search_dn, build_domain_pso_result(ldb, ctx));
+	will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, msg->dn);
+	will_return(__wrap_dsdb_search_dn, build_reread_result(ldb, ctx, 0));
+	will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
+
+	ldb_build_mod_req_res = talloc_zero(ldb, struct ldb_request);
+	ldb_request_add_control_ret = LDB_ERR_OPERATIONS_ERROR;
+
+	will_return(__wrap_samdb_msg_add_int64, LDB_SUCCESS);
+	will_return(__wrap_samdb_msg_add_int64, LDB_SUCCESS);
+
+	status = authsam_logon_success_accounting(
+		ldb, msg, domain_dn, true, NULL, NULL);
+	assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
+	assert_true(transaction_cancelled);
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * authsam_logon_success_accounting
+ *
+ * ldb_request failed
+ *
+ */
+static void test_success_accounting_ldb_request_failed(void **state) {
+	struct ldb_context *ldb = NULL;
+	struct ldb_message *msg = NULL;
+	struct ldb_dn *domain_dn = NULL;
+	TALLOC_CTX *ctx = NULL;
+	size_t before = 0;
+	size_t after = 0;
+	NTSTATUS status;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
+	assert_non_null(domain_dn);
+
+	msg = create_message(ctx);
+	add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
+
+	msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
+	assert_non_null(msg->dn);
+
+	before = talloc_total_size(ctx);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, domain_dn);
+	will_return(__wrap_dsdb_search_dn, build_domain_pso_result(ldb, ctx));
+	will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, msg->dn);
+	will_return(__wrap_dsdb_search_dn, build_reread_result(ldb, ctx, 0));
+	will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
+
+	ldb_build_mod_req_res = talloc_zero(ldb, struct ldb_request);
+	ldb_request_ret = LDB_ERR_OPERATIONS_ERROR;
+
+	will_return(__wrap_samdb_msg_add_int64, LDB_SUCCESS);
+	will_return(__wrap_samdb_msg_add_int64, LDB_SUCCESS);
+
+	status = authsam_logon_success_accounting(
+		ldb, msg, domain_dn, true, NULL, NULL);
+	assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
+	assert_true(transaction_cancelled);
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * authsam_logon_success_accounting
+ *
+ * ldb_wait failed
+ *
+ */
+static void test_success_accounting_ldb_wait_failed(void **state) {
+	struct ldb_context *ldb = NULL;
+	struct ldb_message *msg = NULL;
+	struct ldb_dn *domain_dn = NULL;
+	TALLOC_CTX *ctx = NULL;
+	size_t before = 0;
+	size_t after = 0;
+	NTSTATUS status;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
+	assert_non_null(domain_dn);
+
+	msg = create_message(ctx);
+	add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
+
+	msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
+	assert_non_null(msg->dn);
+
+	before = talloc_total_size(ctx);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, domain_dn);
+	will_return(__wrap_dsdb_search_dn, build_domain_pso_result(ldb, ctx));
+	will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, msg->dn);
+	will_return(__wrap_dsdb_search_dn, build_reread_result(ldb, ctx, 0));
+	will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
+
+	ldb_build_mod_req_res = talloc_zero(ldb, struct ldb_request);
+	ldb_wait_ret = LDB_ERR_OPERATIONS_ERROR;
+
+	will_return(__wrap_samdb_msg_add_int64, LDB_SUCCESS);
+	will_return(__wrap_samdb_msg_add_int64, LDB_SUCCESS);
+
+	status = authsam_logon_success_accounting(
+		ldb, msg, domain_dn, true, NULL, NULL);
+	assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
+	assert_true(transaction_cancelled);
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * authsam_logon_success_accounting
+ *
+ * ldb_transaction_commit failed
+ *
+ */
+static void test_success_accounting_commit_failed(void **state) {
+	struct ldb_context *ldb = NULL;
+	struct ldb_message *msg = NULL;
+	struct ldb_dn *domain_dn = NULL;
+	TALLOC_CTX *ctx = NULL;
+	size_t before = 0;
+	size_t after = 0;
+	NTSTATUS status;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
+	assert_non_null(domain_dn);
+
+	msg = create_message(ctx);
+	add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
+
+	msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
+	assert_non_null(msg->dn);
+
+	before = talloc_total_size(ctx);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, domain_dn);
+	will_return(__wrap_dsdb_search_dn, build_domain_pso_result(ldb, ctx));
+	will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, msg->dn);
+	will_return(__wrap_dsdb_search_dn, build_reread_result(ldb, ctx, 0));
+	will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
+
+	ldb_build_mod_req_res = talloc_zero(ldb, struct ldb_request);
+	ldb_transaction_commit_ret = LDB_ERR_OPERATIONS_ERROR;
+
+	will_return(__wrap_samdb_msg_add_int64, LDB_SUCCESS);
+	will_return(__wrap_samdb_msg_add_int64, LDB_SUCCESS);
+
+	status = authsam_logon_success_accounting(
+		ldb, msg, domain_dn, true, NULL, NULL);
+	assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
+	assert_true(in_transaction);
+	assert_false(transaction_cancelled);
+	assert_false(transaction_committed);
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * authsam_logon_success_accounting
+ *
+ * ldb_wait failed and then ldb_transaction_cancel failed
+ *
+ */
+static void test_success_accounting_rollback_failed(void **state) {
+	struct ldb_context *ldb = NULL;
+	struct ldb_message *msg = NULL;
+	struct ldb_dn *domain_dn = NULL;
+	TALLOC_CTX *ctx = NULL;
+	size_t before = 0;
+	size_t after = 0;
+	NTSTATUS status;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
+	assert_non_null(domain_dn);
+
+	msg = create_message(ctx);
+	add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
+
+	msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
+	assert_non_null(msg->dn);
+
+	before = talloc_total_size(ctx);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, domain_dn);
+	will_return(__wrap_dsdb_search_dn, build_domain_pso_result(ldb, ctx));
+	will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, msg->dn);
+	will_return(__wrap_dsdb_search_dn, build_reread_result(ldb, ctx, 0));
+	will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
+
+	ldb_build_mod_req_res = talloc_zero(ldb, struct ldb_request);
+	ldb_wait_ret = LDB_ERR_OPERATIONS_ERROR;
+	ldb_transaction_cancel_ret = LDB_ERR_OPERATIONS_ERROR;
+
+	will_return(__wrap_samdb_msg_add_int64, LDB_SUCCESS);
+	will_return(__wrap_samdb_msg_add_int64, LDB_SUCCESS);
+
+	status = authsam_logon_success_accounting(
+		ldb, msg, domain_dn, true, NULL, NULL);
+	assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
+	assert_true(in_transaction);
+	assert_false(transaction_cancelled);
+	assert_false(transaction_committed);
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * authsam_logon_success_accounting
+ *
+ * The bad password indicator is set, but the account is not locked out.
+ *
+ */
+static void test_success_accounting_spurious_bad_pwd_indicator(void **state) {
+	struct ldb_context *ldb = NULL;
+	struct ldb_message *msg = NULL;
+	struct ldb_dn *domain_dn = NULL;
+	TALLOC_CTX *ctx = NULL;
+	size_t before = 0;
+	size_t after = 0;
+	NTSTATUS status;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
+	assert_non_null(domain_dn);
+
+	msg = create_message(ctx);
+	add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
+
+	msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
+	assert_non_null(msg->dn);
+
+	before = talloc_total_size(ctx);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, domain_dn);
+	will_return(__wrap_dsdb_search_dn, build_domain_pso_result(ldb, ctx));
+	will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
+
+	expect_check(__wrap_dsdb_search_dn, basedn, check_dn, msg->dn);
+	will_return(__wrap_dsdb_search_dn, build_reread_result(ldb, ctx, 0));
+	will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
+
+	will_return_count(__wrap_samdb_msg_add_int64, LDB_SUCCESS, 2);
+
+        /*
+         * Set the bad password indicator.
+	 */
+	status = authsam_set_bad_password_indicator(ldb, ctx, msg);
+	assert_true(NT_STATUS_EQUAL(NT_STATUS_OK, status));
+
+	ldb_build_mod_req_res = talloc_zero(ctx, struct ldb_request);
+
+	status = authsam_logon_success_accounting(
+		ldb, msg, domain_dn, true, NULL, NULL);
+	assert_true(NT_STATUS_EQUAL(status, NT_STATUS_OK));
+	assert_false(in_transaction);
+	assert_false(transaction_cancelled);
+	assert_true(transaction_committed);
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * get_bad_password_db
+ *
+ * ldb_get_opaque failure.
+ */
+static void test_get_bad_password_get_opaque_failed(void **state) {
+	struct ldb_context *ldb = NULL;
+	TALLOC_CTX *ctx = NULL;
+	struct db_context *db = NULL;
+	size_t before = 0;
+	size_t after = 0;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	/*
+	 * clear the mock ldb_get_opaque return value, so that we get a null
+	 * response.
+	 */
+	TALLOC_FREE(ldb_get_opaque_ret);
+
+	before = talloc_total_size(ctx);
+
+	db = authsam_get_bad_password_db(ctx, ldb);
+	assert_null(db);
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * get_bad_password_db
+ *
+ * cluster_db_tmp_open failure.
+ */
+static void test_get_bad_password_db_open_failed(void **state) {
+	struct ldb_context *ldb = NULL;
+	TALLOC_CTX *ctx = NULL;
+	struct db_context *db = NULL;
+	size_t before = 0;
+	size_t after = 0;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	/*
+	 * Clear the mock cluster_db_tmp_open return value so that
+	 * it returns NULL
+	 */
+	TALLOC_FREE(cluster_db_tmp_open_ret);
+	before = talloc_total_size(ctx);
+
+	db = authsam_get_bad_password_db(ctx, ldb);
+	assert_null(db);
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * set_bad_password_indicator
+ *
+ * set_bad_password_indicator failure.
+ */
+static void test_set_bad_password_indicator_get_db_failed(void **state) {
+	struct ldb_context *ldb = NULL;
+	TALLOC_CTX *ctx = NULL;
+	NTSTATUS status;
+	size_t before = 0;
+	size_t after = 0;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	/*
+	 * Clear the mock cluster_db_tmp_open return value so that
+	 * it returns NULL
+	 */
+	TALLOC_FREE(cluster_db_tmp_open_ret);
+	before = talloc_total_size(ctx);
+
+	status = authsam_set_bad_password_indicator(ldb, ctx, NULL);
+	assert_true(NT_STATUS_EQUAL(NT_STATUS_INTERNAL_ERROR, status));
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * set_bad_password_indicator
+ *
+ * get_object_sid_as_tdb_data failure.
+ */
+static void test_set_bad_password_indicator_get_object_sid_failed(
+	void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_message *msg = NULL;
+	TALLOC_CTX *ctx = NULL;
+	NTSTATUS status;
+	size_t before = 0;
+	size_t after = 0;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	/*
+	 * The created message does not contain an objectSid, so
+	 * get_object_sid_as_tdb_data will fail.
+	 */
+	msg = create_message(ctx);
+
+	before = talloc_total_size(ctx);
+
+	status = authsam_set_bad_password_indicator(ldb, ctx, msg);
+	assert_true(NT_STATUS_EQUAL(NT_STATUS_INTERNAL_ERROR, status));
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * set_bad_password_indicator
+ *
+ * dbwrap_store failure.
+ */
+static void test_set_bad_password_indicator_dbwrap_store_failed(
+	void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_message *msg = NULL;
+	TALLOC_CTX *ctx = NULL;
+	NTSTATUS status;
+	size_t before = 0;
+	size_t after = 0;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	msg = create_message(ctx);
+	add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1010");
+
+	dbwrap_store_ret = NT_STATUS_INTERNAL_DB_CORRUPTION;
+
+	before = talloc_total_size(ctx);
+
+	status = authsam_set_bad_password_indicator(ldb, ctx, msg);
+	assert_true(NT_STATUS_EQUAL(NT_STATUS_INTERNAL_DB_CORRUPTION, status));
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * check_bad_password_indicator
+ *
+ * set_bad_password_indicator failure.
+ */
+static void test_check_bad_password_indicator_get_db_failed(void **state) {
+	struct ldb_context *ldb = NULL;
+	TALLOC_CTX *ctx = NULL;
+	NTSTATUS status;
+	size_t before = 0;
+	size_t after = 0;
+	bool exists = false;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	/*
+	 * Clear the mock cluster_db_tmp_open return value so that
+	 * it returns NULL
+	 */
+	TALLOC_FREE(cluster_db_tmp_open_ret);
+	before = talloc_total_size(ctx);
+
+	status = authsam_check_bad_password_indicator(ldb, ctx, &exists, NULL);
+	assert_true(NT_STATUS_EQUAL(NT_STATUS_INTERNAL_ERROR, status));
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * check_bad_password_indicator
+ *
+ * get_object_sid_as_tdb_data failure.
+ */
+static void test_check_bad_password_indicator_get_object_sid_failed(
+	void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_message *msg = NULL;
+	TALLOC_CTX *ctx = NULL;
+	NTSTATUS status;
+	size_t before = 0;
+	size_t after = 0;
+	bool exists = false;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	/*
+	 * The created message does not contain an objectSid, so
+	 * get_object_sid_as_tdb_data will fail.
+	 */
+	msg = create_message(ctx);
+
+	before = talloc_total_size(ctx);
+
+	status = authsam_check_bad_password_indicator(ldb, ctx, &exists, msg);
+	assert_true(NT_STATUS_EQUAL(NT_STATUS_INTERNAL_ERROR, status));
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * clear_bad_password_indicator
+ *
+ * set_bad_password_indicator failure.
+ */
+static void test_clear_bad_password_indicator_get_db_failed(void **state) {
+	struct ldb_context *ldb = NULL;
+	TALLOC_CTX *ctx = NULL;
+	NTSTATUS status;
+	size_t before = 0;
+	size_t after = 0;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	/*
+	 * Clear the mock cluster_db_tmp_open return value so that
+	 * it returns NULL
+	 */
+	TALLOC_FREE(cluster_db_tmp_open_ret);
+	before = talloc_total_size(ctx);
+
+	status = authsam_clear_bad_password_indicator(ldb, ctx, NULL);
+	assert_true(NT_STATUS_EQUAL(NT_STATUS_INTERNAL_ERROR, status));
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * clear_bad_password_indicator
+ *
+ * get_object_sid_as_tdb_data failure.
+ */
+static void test_clear_bad_password_indicator_get_object_sid_failed(
+	void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_message *msg = NULL;
+	TALLOC_CTX *ctx = NULL;
+	NTSTATUS status;
+	size_t before = 0;
+	size_t after = 0;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	/*
+	 * The created message does not contain an objectSid, so
+	 * get_object_sid_as_tdb_data will fail.
+	 */
+	msg = create_message(ctx);
+
+	before = talloc_total_size(ctx);
+
+	status = authsam_clear_bad_password_indicator(ldb, ctx, msg);
+	assert_true(NT_STATUS_EQUAL(NT_STATUS_INTERNAL_ERROR, status));
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * clear_bad_password_indicator
+ *
+ * dbwrap_delete failure.
+ */
+static void test_clear_bad_password_indicator_dbwrap_store_failed(
+	void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_message *msg = NULL;
+	TALLOC_CTX *ctx = NULL;
+	NTSTATUS status;
+	size_t before = 0;
+	size_t after = 0;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	msg = create_message(ctx);
+	add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1010");
+
+	dbwrap_delete_ret = NT_STATUS_INTERNAL_DB_CORRUPTION;
+
+	before = talloc_total_size(ctx);
+
+	status = authsam_clear_bad_password_indicator(ldb, ctx, msg);
+	assert_true(NT_STATUS_EQUAL(NT_STATUS_INTERNAL_DB_CORRUPTION, status));
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * clear_bad_password_indicator
+ *
+ * dbwrap_delete returns NT_STATUS_NOT_FOUND.
+ */
+static void test_clear_bad_pwd_indicator_dbwrap_store_not_found(
+	void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_message *msg = NULL;
+	TALLOC_CTX *ctx = NULL;
+	NTSTATUS status;
+	size_t before = 0;
+	size_t after = 0;
+
+	ctx = talloc_new(*state);
+	assert_non_null(ctx);
+
+	ldb = ldb_init(ctx, NULL);
+	assert_non_null(ldb);
+
+	msg = create_message(ctx);
+	add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1010");
+
+	dbwrap_delete_ret = NT_STATUS_NOT_FOUND;
+
+	before = talloc_total_size(ctx);
+
+	status = authsam_clear_bad_password_indicator(ldb, ctx, msg);
+	assert_true(NT_STATUS_IS_OK(status));
+
+	/*
+	 * Check that all allocated memory was freed
+	 */
+	after = talloc_total_size(ctx);
+	assert_int_equal(before, after);
+
+	/*
+	 * Clean up
+	 */
+	TALLOC_FREE(ctx);
+}
+
+int main(int argc, const char **argv)
+{
+	const struct CMUnitTest tests[] = {
+		cmocka_unit_test_setup_teardown(
+			test_reread_read_failure, setup, teardown),
+		cmocka_unit_test_setup_teardown(
+			test_reread_missing_account_control, setup, teardown),
+		cmocka_unit_test_setup_teardown(
+			test_reread_account_locked, setup, teardown),
+		cmocka_unit_test_setup_teardown(
+			test_reread_account_not_locked, setup, teardown),
+		cmocka_unit_test_setup_teardown(
+			test_update_bad_domain_dn_search_failed,
+			setup,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_update_bad_get_pso_failed, setup, teardown),
+		cmocka_unit_test_setup_teardown(
+			test_update_bad_start_txn_failed, setup, teardown),
+		cmocka_unit_test_setup_teardown(
+			test_update_bad_reread_failed, setup, teardown),
+		cmocka_unit_test_setup_teardown(
+			test_update_bad_reread_locked_out, setup, teardown),
+		cmocka_unit_test_setup_teardown(
+			test_update_bad_update_count_failed, setup, teardown),
+		cmocka_unit_test_setup_teardown(
+			test_update_bad_no_update_required, setup, teardown),
+		cmocka_unit_test_setup_teardown(
+			test_update_bad_build_mod_request_failed,
+			setup,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_update_bad_add_control_failed, setup, teardown),
+		cmocka_unit_test_setup_teardown(
+			test_update_bad_ldb_request_failed, setup, teardown),
+		cmocka_unit_test_setup_teardown(
+			test_update_bad_ldb_wait_failed, setup, teardown),
+		cmocka_unit_test_setup_teardown(
+			test_update_bad_txn_cancel_failed, setup, teardown),
+		cmocka_unit_test_setup_teardown(
+			test_update_bad_commit_failed, setup, teardown),
+		cmocka_unit_test_setup_teardown(
+			test_success_accounting_start_txn_failed,
+			setup,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_success_accounting_reread_failed,
+			setup,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_success_accounting_ldb_msg_new_failed,
+			setup,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_success_accounting_samdb_rodc_failed,
+			setup,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_success_accounting_update_lastlogon_failed,
+			setup,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_success_accounting_build_mod_req_failed,
+			setup,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_success_accounting_add_control_failed,
+			setup,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_success_accounting_ldb_request_failed,
+			setup,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_success_accounting_ldb_wait_failed,
+			setup,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_success_accounting_commit_failed,
+			setup,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_success_accounting_rollback_failed,
+			setup,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_success_accounting_spurious_bad_pwd_indicator,
+			setup,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_get_bad_password_get_opaque_failed,
+			setup,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_get_bad_password_db_open_failed,
+			setup,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_set_bad_password_indicator_get_db_failed,
+			setup,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_set_bad_password_indicator_get_object_sid_failed,
+			setup,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_set_bad_password_indicator_dbwrap_store_failed,
+			setup,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_check_bad_password_indicator_get_db_failed,
+			setup,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_check_bad_password_indicator_get_object_sid_failed,
+			setup,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_clear_bad_password_indicator_get_db_failed,
+			setup,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_clear_bad_password_indicator_get_object_sid_failed,
+			setup,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_clear_bad_password_indicator_dbwrap_store_failed,
+			setup,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_clear_bad_pwd_indicator_dbwrap_store_not_found,
+			setup,
+			teardown),
+	};
+
+	cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
+	return cmocka_run_group_tests(tests, NULL, NULL);
+}
diff --git a/source4/auth/unix_token.c b/source4/auth/unix_token.c
new file mode 100644
index 0000000..97b8292
--- /dev/null
+++ b/source4/auth/unix_token.c
@@ -0,0 +1,228 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Deal with unix elements in the security token
+
+   Copyright (C) Andrew Tridgell 2004
+   Copyright (C) Andrew Bartlett 2011
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "auth/auth.h"
+#include "libcli/wbclient/wbclient.h"
+#include "param/param.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
+/*
+  form a security_unix_token from the current security_token
+*/
+NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
+				      struct security_token *token,
+				      struct security_unix_token **sec)
+{
+	uint32_t s, g;
+	NTSTATUS status;
+	struct id_map *ids;
+	bool match;
+
+	match = security_token_is_system(token);
+	if (match) {
+		/*
+		 * SYSTEM user uid and gid is 0
+		 */
+
+		*sec = talloc_zero(mem_ctx, struct security_unix_token);
+		if (*sec == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		return NT_STATUS_OK;
+	}
+
+	/* we can't do unix security without a user and group */
+	if (token->num_sids < PRIMARY_SIDS_COUNT) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	*sec = talloc_zero(mem_ctx, struct security_unix_token);
+	if (*sec == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ids = talloc_zero_array(mem_ctx, struct id_map, token->num_sids);
+	NT_STATUS_HAVE_NO_MEMORY(ids);
+
+	for (s=0; s < token->num_sids; s++) {
+		ids[s].sid = &token->sids[s];
+		ids[s].status = ID_UNKNOWN;
+	}
+
+	status = wbc_sids_to_xids(ids, token->num_sids);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	g = token->num_sids;
+	if (ids[PRIMARY_USER_SID_INDEX].xid.type != ID_TYPE_BOTH) {
+		g--;
+	}
+	(*sec)->ngroups = g;
+	(*sec)->groups = talloc_array(*sec, gid_t, (*sec)->ngroups);
+	NT_STATUS_HAVE_NO_MEMORY((*sec)->groups);
+
+	g=0;
+	if (ids[PRIMARY_USER_SID_INDEX].xid.type == ID_TYPE_BOTH) {
+		(*sec)->uid = ids[0].xid.id;
+		(*sec)->groups[g] = ids[0].xid.id;
+		g++;
+	} else if (ids[PRIMARY_USER_SID_INDEX].xid.type == ID_TYPE_UID) {
+		(*sec)->uid = ids[0].xid.id;
+	} else {
+		struct dom_sid_buf buf;
+		DEBUG(0, ("Unable to convert first SID (%s) in user token to a UID.  Conversion was returned as type %d, full token:\n",
+			  dom_sid_str_buf(ids[PRIMARY_USER_SID_INDEX].sid, &buf),
+			  (int)ids[PRIMARY_USER_SID_INDEX].xid.type));
+		security_token_debug(DBGC_AUTH, 0, token);
+		return NT_STATUS_INVALID_SID;
+	}
+
+	if (ids[PRIMARY_GROUP_SID_INDEX].xid.type == ID_TYPE_BOTH ||
+	    ids[PRIMARY_GROUP_SID_INDEX].xid.type == ID_TYPE_GID) {
+		(*sec)->gid = ids[PRIMARY_GROUP_SID_INDEX].xid.id;
+		(*sec)->groups[g] = ids[PRIMARY_GROUP_SID_INDEX].xid.id;
+		g++;
+	} else {
+		struct dom_sid_buf buf;
+		DEBUG(0, ("Unable to convert second SID (%s) in user token to a GID.  Conversion was returned as type %d, full token:\n",
+			  dom_sid_str_buf(ids[PRIMARY_GROUP_SID_INDEX].sid, &buf),
+			  (int)ids[PRIMARY_GROUP_SID_INDEX].xid.type));
+		security_token_debug(DBGC_AUTH, 0, token);
+		return NT_STATUS_INVALID_SID;
+	}
+
+	for (s=REMAINING_SIDS_INDEX; s < token->num_sids; s++) {
+		if (ids[s].xid.type == ID_TYPE_BOTH ||
+		    ids[s].xid.type == ID_TYPE_GID) {
+			(*sec)->groups[g] = ids[s].xid.id;
+			g++;
+		} else {
+			struct dom_sid_buf buf;
+			DEBUG(0, ("Unable to convert SID (%s) at index %u in user token to a GID.  Conversion was returned as type %d, full token:\n",
+				  dom_sid_str_buf(ids[s].sid, &buf),
+				  (unsigned int)s, (int)ids[s].xid.type));
+			security_token_debug(DBGC_AUTH, 0, token);
+			return NT_STATUS_INVALID_SID;
+		}
+	}
+
+	DEBUG(5, ("Successfully converted security token to a unix token:"));
+	security_token_debug(0, 5, token);
+	TALLOC_FREE(ids);
+
+	return NT_STATUS_OK;
+}
+
+/*
+ * Fill in the unix_info elements in a struct session_info
+ */
+NTSTATUS fill_unix_info(struct loadparm_context *lp_ctx,
+			const char *original_user_name,
+			struct auth_session_info *session_info)
+{
+	session_info->unix_info = talloc_zero(session_info,
+					      struct auth_user_info_unix);
+	NT_STATUS_HAVE_NO_MEMORY(session_info->unix_info);
+
+	session_info->unix_info->unix_name =
+		talloc_asprintf(session_info->unix_info,
+				"%s%s%s", session_info->info->domain_name,
+				lpcfg_winbind_separator(lp_ctx),
+				session_info->info->account_name);
+	NT_STATUS_HAVE_NO_MEMORY(session_info->unix_info->unix_name);
+
+	if (original_user_name == NULL) {
+		original_user_name = session_info->unix_info->unix_name;
+	}
+
+	session_info->unix_info->sanitized_username =
+		talloc_alpha_strcpy(session_info->unix_info,
+				    original_user_name,
+				    ". _-$");
+	NT_STATUS_HAVE_NO_MEMORY(session_info->unix_info->sanitized_username);
+
+	return NT_STATUS_OK;
+}
+
+/*
+  Fill in the auth_user_info_unix and auth_unix_token elements in a struct session_info
+*/
+NTSTATUS auth_session_info_fill_unix(struct loadparm_context *lp_ctx,
+				     const char *original_user_name,
+				     struct auth_session_info *session_info)
+{
+	NTSTATUS status = NT_STATUS_OK;
+
+	status = security_token_to_unix_token(session_info,
+					      session_info->security_token,
+					      &session_info->unix_token);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	status = fill_unix_info(lp_ctx,
+				original_user_name,
+				session_info);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+ * Set the given auth_user_info_unix and auth_unix_token elements in a
+ * struct session_info, similar auth_session_info_fill_unix().
+ * Receives the uid and gid for the unix token as parameters and does
+ * not query the unix token from winbind (via security_token_to_unix_token()).
+ * This is useful to fill a user session info manually if winbind is not
+ * available.
+ */
+NTSTATUS auth_session_info_set_unix(struct loadparm_context *lp_ctx,
+				    const char *original_user_name,
+				    int uid,
+				    int gid,
+				    struct auth_session_info *session_info)
+{
+	NTSTATUS status;
+
+	session_info->unix_token = talloc_zero(session_info,
+					       struct security_unix_token);
+	if (session_info->unix_token == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	session_info->unix_token->uid = uid;
+	session_info->unix_token->gid = gid;
+
+	status = fill_unix_info(lp_ctx,
+				original_user_name,
+				session_info);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/auth/wscript_build b/source4/auth/wscript_build
new file mode 100644
index 0000000..57bb9f7
--- /dev/null
+++ b/source4/auth/wscript_build
@@ -0,0 +1,96 @@
+#!/usr/bin/env python
+
+bld.RECURSE('gensec')
+bld.RECURSE('kerberos')
+bld.RECURSE('ntlm')
+
+bld.SAMBA_SUBSYSTEM('auth_session',
+	source='session.c',
+	autoproto='session_proto.h',
+	public_deps='samba-credentials',
+	public_headers='session.h',
+	header_path='samba',
+	deps='samdb auth4_sam'
+	)
+
+bld.SAMBA_LIBRARY('auth_unix_token',
+                  source='unix_token.c',
+                  autoproto='unix_token_proto.h',
+                  public_deps='LIBWBCLIENT_OLD',
+                  private_library=True,
+                  )
+
+
+bld.SAMBA_SUBSYSTEM('samba_server_gensec',
+	source='samba_server_gensec.c',
+	public_deps='samba-credentials gensec auth4'
+	)
+
+
+bld.SAMBA_SUBSYSTEM('auth_system_session',
+	source='system_session.c',
+	autoproto='system_session_proto.h',
+	public_deps='samba-credentials',
+	deps='auth_session',
+	)
+
+
+bld.SAMBA_SUBSYSTEM('auth4_sam',
+	source='sam.c',
+	autoproto='auth_sam.h',
+	public_deps='samdb samba-security ldb tevent',
+	deps=''
+	)
+
+bld.SAMBA_BINARY('test_kerberos',
+        source='tests/kerberos.c',
+        deps='cmocka authkrb5 krb5samba com_err CREDENTIALS_KRB5',
+        local_include=False,
+        for_selftest=True
+        )
+
+bld.SAMBA_BINARY('test_auth_sam',
+        source='tests/sam.c',
+        deps='cmocka samdb samba-security ldb tevent',
+        local_include=False,
+        for_selftest=True,
+        ldflags='''
+            -Wl,--wrap,dsdb_search_dn
+            -Wl,--wrap,samdb_msg_add_int64
+        '''
+        )
+
+bld.SAMBA_BINARY('test_heimdal_gensec_unwrap_des',
+                 source='tests/heimdal_unwrap_des.c',
+                 deps='cmocka talloc gssapi-subsystem',
+                 local_include=False,
+                 for_selftest=True,
+                 enabled=(bld.CONFIG_SET('SAMBA4_USES_HEIMDAL') and
+                          not bld.CONFIG_SET('USING_SYSTEM_GSSAPI')),
+                 ldflags='''
+                 -Wl,--wrap,ct_memcmp
+                 -Wl,--wrap,der_get_length
+                 -Wl,--wrap,krb5_auth_con_getlocalsubkey
+                 -Wl,--wrap,krb5_crypto_destroy
+                 -Wl,--wrap,krb5_crypto_init
+                 -Wl,--wrap,krb5_decrypt
+                 -Wl,--wrap,krb5_decrypt_ivec
+                 -Wl,--wrap,krb5_free_keyblock
+                 -Wl,--wrap,krb5_verify_checksum
+                 -Wl,--wrap,malloc
+                 '''
+)
+
+pytalloc_util = bld.pyembed_libname('pytalloc-util')
+pyparam_util = bld.pyembed_libname('pyparam_util')
+pyldb_util = bld.pyembed_libname('pyldb-util')
+pycredentials = 'pycredentials'
+libpython = bld.pyembed_libname('LIBPYTHON')
+
+bld.SAMBA_PYTHON('pyauth',
+        source='pyauth.c',
+        public_deps='auth_system_session',
+        deps=f'samdb {pytalloc_util} {pyparam_util} {pyldb_util} {pycredentials} {libpython} auth4',
+        realname='samba/auth.so'
+        )
+
diff --git a/source4/auth/wscript_configure b/source4/auth/wscript_configure
new file mode 100644
index 0000000..d25cc0b
--- /dev/null
+++ b/source4/auth/wscript_configure
@@ -0,0 +1,4 @@
+#!/usr/bin/env python
+
+conf.CHECK_HEADERS('security/pam_appl.h')
+conf.CHECK_FUNCS_IN('pam_start', 'pam', checklibc=True)
diff --git a/source4/cldap_server/cldap_server.c b/source4/cldap_server/cldap_server.c
new file mode 100644
index 0000000..c5d0c68
--- /dev/null
+++ b/source4/cldap_server/cldap_server.c
@@ -0,0 +1,260 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   CLDAP server task
+
+   Copyright (C) Andrew Tridgell	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <talloc.h>
+#include "lib/messaging/irpc.h"
+#include "samba/service_task.h"
+#include "samba/service.h"
+#include "cldap_server/cldap_server.h"
+#include "system/network.h"
+#include "lib/socket/netif.h"
+#include <ldb.h>
+#include <ldb_errors.h>
+#include "dsdb/samdb/samdb.h"
+#include "ldb_wrap.h"
+#include "auth/auth.h"
+#include "param/param.h"
+#include "../lib/tsocket/tsocket.h"
+#include "libds/common/roles.h"
+
+NTSTATUS server_service_cldapd_init(TALLOC_CTX *);
+
+/*
+  handle incoming cldap requests
+*/
+static void cldapd_request_handler(struct cldap_socket *cldap,
+				   void *private_data,
+				   struct cldap_incoming *in)
+{
+	struct cldapd_server *cldapd = talloc_get_type(private_data,
+				       struct cldapd_server);
+	struct ldap_SearchRequest *search;
+
+	if (in->ldap_msg->type == LDAP_TAG_AbandonRequest) {
+		DEBUG(10,("Got (and ignoring) CLDAP AbandonRequest from %s.\n",
+			  tsocket_address_string(in->src, in)));
+		talloc_free(in);
+		return;
+	}
+
+	if (in->ldap_msg->type != LDAP_TAG_SearchRequest) {
+		DEBUG(0,("Invalid CLDAP request type %d from %s\n",
+			 in->ldap_msg->type,
+			 tsocket_address_string(in->src, in)));
+		cldap_error_reply(cldap, in->ldap_msg->messageid, in->src,
+				  LDAP_OPERATIONS_ERROR, "Invalid CLDAP request");
+		talloc_free(in);
+		return;
+	}
+
+	search = &in->ldap_msg->r.SearchRequest;
+
+	if (strcmp("", search->basedn) != 0) {
+		DEBUG(0,("Invalid CLDAP basedn '%s' from %s\n",
+			 search->basedn,
+			 tsocket_address_string(in->src, in)));
+		cldap_error_reply(cldap, in->ldap_msg->messageid, in->src,
+				  LDAP_OPERATIONS_ERROR, "Invalid CLDAP basedn");
+		talloc_free(in);
+		return;
+	}
+
+	if (search->scope != LDAP_SEARCH_SCOPE_BASE) {
+		DEBUG(0,("Invalid CLDAP scope %d from %s\n",
+			 search->scope,
+			 tsocket_address_string(in->src, in)));
+		cldap_error_reply(cldap, in->ldap_msg->messageid, in->src,
+				  LDAP_OPERATIONS_ERROR, "Invalid CLDAP scope");
+		talloc_free(in);
+		return;
+	}
+
+	cldapd_rootdse_request(cldap, cldapd, in,
+			       in->ldap_msg->messageid,
+			       search, in->src);
+	talloc_free(in);
+}
+
+
+/*
+  start listening on the given address
+*/
+static NTSTATUS cldapd_add_socket(struct cldapd_server *cldapd, struct loadparm_context *lp_ctx,
+				  const char *address)
+{
+	struct cldap_socket *cldapsock;
+	struct tsocket_address *socket_address;
+	NTSTATUS status;
+	int ret;
+
+	ret = tsocket_address_inet_from_strings(cldapd,
+						"ip",
+						address,
+						lpcfg_cldap_port(lp_ctx),
+						&socket_address);
+	if (ret != 0) {
+		status = map_nt_error_from_unix_common(errno);
+		DEBUG(0,("invalid address %s:%d - %s:%s\n",
+			 address, lpcfg_cldap_port(lp_ctx),
+			 gai_strerror(ret), nt_errstr(status)));
+		return status;
+	}
+
+	/* listen for unicasts on the CLDAP port (389) */
+	status = cldap_socket_init(cldapd,
+				   socket_address,
+				   NULL,
+				   &cldapsock);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("Failed to bind to %s - %s\n", 
+			 tsocket_address_string(socket_address, socket_address),
+			 nt_errstr(status)));
+		talloc_free(socket_address);
+		return status;
+	}
+	talloc_free(socket_address);
+
+	cldap_set_incoming_handler(cldapsock, cldapd->task->event_ctx,
+				   cldapd_request_handler, cldapd);
+
+	return NT_STATUS_OK;
+}
+
+/*
+  setup our listening sockets on the configured network interfaces
+*/
+static NTSTATUS cldapd_startup_interfaces(struct cldapd_server *cldapd, struct loadparm_context *lp_ctx,
+					  struct interface *ifaces)
+{
+	int i, num_interfaces;
+	TALLOC_CTX *tmp_ctx = talloc_new(cldapd);
+	NTSTATUS status;
+
+	num_interfaces = iface_list_count(ifaces);
+
+	/* if we are allowing incoming packets from any address, then
+	   we need to bind to the wildcard address */
+	if (!lpcfg_bind_interfaces_only(lp_ctx)) {
+		size_t num_binds = 0;
+		char **wcard = iface_list_wildcard(cldapd);
+		NT_STATUS_HAVE_NO_MEMORY(wcard);
+		for (i=0; wcard[i]; i++) {
+			status = cldapd_add_socket(cldapd, lp_ctx, wcard[i]);
+			if (NT_STATUS_IS_OK(status)) {
+				num_binds++;
+			}
+		}
+		talloc_free(wcard);
+		if (num_binds == 0) {
+			return NT_STATUS_INVALID_PARAMETER_MIX;
+		}
+	}
+
+	/* now we have to also listen on the specific interfaces,
+	   so that replies always come from the right IP */
+	for (i=0; i<num_interfaces; i++) {
+		const char *address = talloc_strdup(tmp_ctx, iface_list_n_ip(ifaces, i));
+		status = cldapd_add_socket(cldapd, lp_ctx, address);
+		NT_STATUS_NOT_OK_RETURN(status);
+	}
+
+	talloc_free(tmp_ctx);
+
+	return NT_STATUS_OK;
+}
+
+/*
+  startup the cldapd task
+*/
+static NTSTATUS cldapd_task_init(struct task_server *task)
+{
+	struct cldapd_server *cldapd;
+	NTSTATUS status;
+	struct interface *ifaces;
+	
+	load_interface_list(task, task->lp_ctx, &ifaces);
+
+	if (iface_list_count(ifaces) == 0) {
+		task_server_terminate(task, "cldapd: no network interfaces configured", false);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	switch (lpcfg_server_role(task->lp_ctx)) {
+	case ROLE_STANDALONE:
+		task_server_terminate(task, "cldap_server: no CLDAP server required in standalone configuration", 
+				      false);
+		return NT_STATUS_INVALID_DOMAIN_ROLE;
+	case ROLE_DOMAIN_MEMBER:
+		task_server_terminate(task, "cldap_server: no CLDAP server required in member server configuration",
+				      false);
+		return NT_STATUS_INVALID_DOMAIN_ROLE;
+	case ROLE_ACTIVE_DIRECTORY_DC:
+		/* Yes, we want an CLDAP server */
+		break;
+	}
+
+	task_server_set_title(task, "task[cldapd]");
+
+	cldapd = talloc(task, struct cldapd_server);
+	if (cldapd == NULL) {
+		task_server_terminate(task, "cldapd: out of memory", true);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	cldapd->task = task;
+	cldapd->samctx = samdb_connect(cldapd,
+				       task->event_ctx,
+				       task->lp_ctx,
+				       system_session(task->lp_ctx),
+				       NULL,
+				       0);
+	if (cldapd->samctx == NULL) {
+		task_server_terminate(task, "cldapd failed to open samdb", true);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	/* start listening on the configured network interfaces */
+	status = cldapd_startup_interfaces(cldapd, task->lp_ctx, ifaces);
+	if (!NT_STATUS_IS_OK(status)) {
+		task_server_terminate(task, "cldapd failed to setup interfaces", true);
+		return status;
+	}
+
+	irpc_add_name(task->msg_ctx, "cldap_server");
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  register ourselves as a available server
+*/
+NTSTATUS server_service_cldapd_init(TALLOC_CTX *ctx)
+{
+	static const struct service_details details = {
+		.inhibit_fork_on_accept = true,
+		.inhibit_pre_fork = true,
+		.task_init = cldapd_task_init,
+		.post_fork = NULL
+	};
+	return register_server_service(ctx, "cldap", &details);
+}
diff --git a/source4/cldap_server/cldap_server.h b/source4/cldap_server/cldap_server.h
new file mode 100644
index 0000000..0725284
--- /dev/null
+++ b/source4/cldap_server/cldap_server.h
@@ -0,0 +1,35 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   CLDAP server structures
+
+   Copyright (C) Andrew Tridgell	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "libcli/cldap/cldap.h"
+#include "libcli/ldap/libcli_ldap.h"
+
+/*
+  top level context structure for the cldap server
+*/
+struct cldapd_server {
+	struct task_server *task;
+	struct ldb_context *samctx;
+};
+
+struct ldap_SearchRequest;
+
+#include "cldap_server/proto.h"
diff --git a/source4/cldap_server/rootdse.c b/source4/cldap_server/rootdse.c
new file mode 100644
index 0000000..aff5946
--- /dev/null
+++ b/source4/cldap_server/rootdse.c
@@ -0,0 +1,183 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   CLDAP server - rootdse handling
+
+   Copyright (C) Stefan Metzmacher	2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <tevent.h>
+#include <ldb.h>
+#include <ldb_errors.h>
+#include "samba/service_task.h"
+#include "cldap_server/cldap_server.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "dsdb/samdb/samdb.h"
+#include "ldb_wrap.h"
+
+static void cldapd_rootdse_fill(struct cldapd_server *cldapd,
+				TALLOC_CTX *mem_ctx,
+				struct ldap_SearchRequest *search,
+				struct ldap_SearchResEntry **response,
+				struct ldap_Result *result)
+{
+	struct ldap_SearchResEntry *ent = NULL;
+	struct ldb_result *res = NULL;
+	struct ldb_request *lreq;
+	const char **attrs = NULL;
+	const char *errstr = NULL;
+	int ret = LDAP_SUCCESS, ldb_ret;
+
+	if (search->num_attributes >= 1) {
+		size_t i;
+
+		attrs = talloc_array(mem_ctx, const char *, search->num_attributes+1);
+		if (attrs == NULL) goto nomem;
+
+		for (i=0; i < search->num_attributes; i++) {
+			attrs[i] = search->attributes[i];
+		}
+		attrs[i] = NULL;
+	}
+
+	res = talloc_zero(mem_ctx, struct ldb_result);
+	if (res == NULL) goto nomem;
+
+	ldb_ret = ldb_build_search_req_ex(&lreq, cldapd->samctx, mem_ctx,
+					  NULL, LDB_SCOPE_BASE,
+					  search->tree, attrs,
+					  NULL,
+					  res, ldb_search_default_callback,
+					  NULL);
+
+	if (ldb_ret != LDB_SUCCESS) {
+		goto reply;
+	}
+
+	/* Copy the timeout from the incoming call */
+	ldb_set_timeout(cldapd->samctx, lreq, search->timelimit);
+
+	ldb_ret = ldb_request(cldapd->samctx, lreq);
+	if (ldb_ret != LDB_SUCCESS) {
+		goto reply;
+	}
+
+	ldb_ret = ldb_wait(lreq->handle, LDB_WAIT_ALL);
+	if (ldb_ret != LDB_SUCCESS) {
+		goto reply;
+	}
+
+	if (res->count > 1) {
+		errstr = "Internal error: to much replies";
+		ldb_ret = LDB_ERR_OTHER;
+		goto reply;
+	} else if (res->count == 1) {
+		int j;
+
+		ent = talloc(mem_ctx, struct ldap_SearchResEntry);
+		if (ent == NULL) goto nomem;
+
+		ent->dn = ldb_dn_alloc_linearized(ent, res->msgs[0]->dn);
+		if (ent->dn == NULL) goto nomem;
+		ent->num_attributes = 0;
+		ent->attributes = NULL;
+		if (res->msgs[0]->num_elements == 0) {
+			goto reply;
+		}
+		ent->num_attributes = res->msgs[0]->num_elements;
+		ent->attributes = talloc_array(ent, struct ldb_message_element,
+					       ent->num_attributes);
+		if (ent->attributes == NULL) goto nomem;
+		for (j=0; j < ent->num_attributes; j++) {
+			ent->attributes[j].name = talloc_steal(ent->attributes,
+							       res->msgs[0]->elements[j].name);
+			ent->attributes[j].num_values = 0;
+			ent->attributes[j].values = NULL;
+			if (search->attributesonly && (res->msgs[0]->elements[j].num_values == 0)) {
+				continue;
+			}
+			ent->attributes[j].num_values = res->msgs[0]->elements[j].num_values;
+			ent->attributes[j].values = res->msgs[0]->elements[j].values;
+			talloc_steal(ent->attributes, res->msgs[0]->elements[j].values);
+		}
+	}
+
+reply:
+	if (ret != LDAP_SUCCESS) {
+		/* nothing ... */
+	} else if (ldb_ret == LDB_SUCCESS) {
+		ret = LDAP_SUCCESS;
+		errstr = NULL;
+	} else {
+		ret = ldb_ret;
+		errstr = ldb_errstring(cldapd->samctx);
+	}
+	goto done;
+nomem:
+	talloc_free(ent);
+	ret = LDAP_OPERATIONS_ERROR;
+	errstr = "No memory";
+done:
+	*response = ent;
+	result->resultcode = ret;
+	result->errormessage = (errstr?talloc_strdup(mem_ctx, errstr):NULL);
+}
+
+/*
+  handle incoming cldap requests
+*/
+void cldapd_rootdse_request(struct cldap_socket *cldap, 
+			    struct cldapd_server *cldapd,
+			    TALLOC_CTX *tmp_ctx,
+			    uint32_t message_id,
+			    struct ldap_SearchRequest *search,
+			    struct tsocket_address *src)
+{
+	NTSTATUS status;
+	struct cldap_reply reply;
+	struct ldap_Result result;
+
+	ZERO_STRUCT(result);
+
+	reply.messageid		= message_id;
+	reply.dest		= src;
+	reply.response		= NULL;
+	reply.result		= &result;
+
+	/* Note: The remoteAddress should rather be set on a ldb request.
+	 * We can set this safely on the context here,
+	 * since cldapd_rootdse_fill operates synchronously. */
+	ldb_set_opaque(cldapd->samctx, "remoteAddress", src);
+
+	cldapd_rootdse_fill(cldapd, tmp_ctx, search, &reply.response,
+			    reply.result);
+
+	/*
+	 * We clear this after cldapd_rootdse_fill as this is shared ldb
+	 * and if it was not cleared the audit logging would report changes
+	 * made by internal processes as coming from the last cldap requester
+	 */
+	ldb_set_opaque(cldapd->samctx, "remoteAddress", NULL);
+
+	status = cldap_reply_send(cldap, &reply);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(2,("cldap rootdse query failed '%s' - %s\n",
+			 ldb_filter_from_tree(tmp_ctx, search->tree), nt_errstr(status)));
+	}
+
+	return;
+}
diff --git a/source4/cldap_server/wscript_build b/source4/cldap_server/wscript_build
new file mode 100644
index 0000000..928b91b
--- /dev/null
+++ b/source4/cldap_server/wscript_build
@@ -0,0 +1,17 @@
+#!/usr/bin/env python
+
+bld.SAMBA_MODULE('service_cldap',
+	source='cldap_server.c',
+	subsystem='service',
+	init_function='server_service_cldapd_init',
+	internal_module=False,
+	deps='CLDAPD process_model netif'
+	)
+
+
+bld.SAMBA_SUBSYSTEM('CLDAPD',
+	source='rootdse.c',
+	autoproto='proto.h',
+	deps='cli_cldap ldbsamba'
+	)
+
diff --git a/source4/client/cifsdd.c b/source4/client/cifsdd.c
new file mode 100644
index 0000000..dc75db9
--- /dev/null
+++ b/source4/client/cifsdd.c
@@ -0,0 +1,733 @@
+/*
+   CIFSDD - dd for SMB.
+   Main program, argument handling and block copying.
+
+   Copyright (C) James Peach 2005-2006
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "auth/gensec/gensec.h"
+#include "lib/cmdline/cmdline.h"
+#include "libcli/resolve/resolve.h"
+#include "libcli/raw/libcliraw.h"
+#include "lib/events/events.h"
+
+#include "cifsdd.h"
+#include "param/param.h"
+
+const char * const PROGNAME = "cifsdd";
+
+#define SYNTAX_EXIT_CODE	 1	/* Invocation syntax or logic error. */
+#define EOM_EXIT_CODE		 9	/* Out of memory error. */
+#define FILESYS_EXIT_CODE	10	/* File manipulation error. */
+#define IOERROR_EXIT_CODE	11	/* Error during IO phase. */
+
+struct	dd_stats_record dd_stats;
+
+static int dd_sigint;
+static int dd_sigusr1;
+
+static void dd_handle_signal(int sig)
+{
+	switch (sig)
+	{
+		case SIGINT:
+			++dd_sigint;
+			break;
+		case SIGUSR1:
+			++dd_sigusr1;
+			break;
+		default:
+			break;
+	}
+}
+
+/* ------------------------------------------------------------------------- */
+/* Argument handling.							     */
+/* ------------------------------------------------------------------------- */
+
+static const struct {
+	enum argtype arg_type;
+	const char * arg_name;
+} names [] = {
+	{ ARG_NUMERIC, "COUNT" },
+	{ ARG_SIZE, "SIZE" },
+	{ ARG_PATHNAME, "FILE" },
+	{ ARG_BOOL, "BOOLEAN" },
+};
+
+static const char * argtype_str(enum argtype arg_type)
+{
+	int i;
+
+	for (i = 0; i < ARRAY_SIZE(names); ++i) {
+		if (arg_type == names[i].arg_type) {
+			return(names[i].arg_name);
+		}
+	}
+
+	return("<unknown>");
+}
+
+static struct argdef args[] =
+{
+	{
+		.arg_name = "bs",
+		.arg_type = ARG_SIZE,
+		.arg_help = "force ibs and obs to SIZE bytes",
+	},
+	{
+		.arg_name = "ibs",
+		.arg_type = ARG_SIZE,
+		.arg_help = "read SIZE bytes at a time",
+	},
+	{
+		.arg_name = "obs",
+		.arg_type = ARG_SIZE,
+		.arg_help = "write SIZE bytes at a time",
+	},
+
+	{
+		.arg_name = "count",
+		.arg_type = ARG_NUMERIC,
+		.arg_help = "copy COUNT input blocks",
+	},
+	{
+		.arg_name = "seek",
+		.arg_type = ARG_NUMERIC,
+		.arg_help = "skip COUNT blocks at start of output",
+	},
+	{
+		.arg_name = "skip",
+		.arg_type = ARG_NUMERIC,
+		.arg_help = "skip COUNT blocks at start of input",
+	},
+
+	{
+		.arg_name = "if",
+		.arg_type = ARG_PATHNAME,
+		.arg_help = "read input from FILE",
+	},
+	{
+		.arg_name = "of",
+		.arg_type = ARG_PATHNAME,
+		.arg_help = "write output to FILE",
+	},
+
+	{
+		.arg_name = "direct",
+		.arg_type = ARG_BOOL,
+		.arg_help = "use direct I/O if non-zero",
+	},
+	{
+		.arg_name = "sync",
+		.arg_type = ARG_BOOL,
+		.arg_help = "use synchronous writes if non-zero",
+	},
+	{
+		.arg_name = "oplock",
+		.arg_type = ARG_BOOL,
+		.arg_help = "take oplocks on the input and output files",
+	},
+
+/* FIXME: We should support using iflags and oflags for setting oplock and I/O
+ * options. This would make us compatible with GNU dd.
+ */
+};
+
+static struct argdef * find_named_arg(const char * arg)
+{
+	int i;
+
+	for (i = 0; i < ARRAY_SIZE(args); ++i) {
+		if (strwicmp(arg, args[i].arg_name) == 0) {
+			return(&args[i]);
+		}
+	}
+
+	return(NULL);
+}
+
+int set_arg_argv(const char * argv)
+{
+	struct argdef *	arg;
+
+	char *	name;
+	char *	val;
+
+	if ((name = strdup(argv)) == NULL) {
+		return(0);
+	}
+
+	if ((val = strchr(name, '=')) == NULL) {
+		fprintf(stderr, "%s: malformed argument \"%s\"\n",
+				PROGNAME, argv);
+		goto fail;
+	}
+
+	*val = '\0';
+	val++;
+
+	if ((arg = find_named_arg(name)) == NULL) {
+		fprintf(stderr, "%s: ignoring unknown argument \"%s\"\n",
+				PROGNAME, name);
+		goto fail;
+	}
+
+	/* Found a matching name; convert the variable argument. */
+	switch (arg->arg_type) {
+		case ARG_NUMERIC:
+			if (!conv_str_u64(val, &arg->arg_val.nval)) {
+				goto fail;
+			}
+			break;
+		case ARG_SIZE:
+			if (!conv_str_size_error(val, &arg->arg_val.nval)) {
+				goto fail;
+			}
+			break;
+		case ARG_BOOL:
+			if (!conv_str_bool(val, &arg->arg_val.bval)) {
+				goto fail;
+			}
+			break;
+		case ARG_PATHNAME:
+			if (!(arg->arg_val.pval = strdup(val))) {
+				goto fail;
+			}
+			break;
+		default:
+			fprintf(stderr, "%s: argument \"%s\" is of "
+				"unknown type\n", PROGNAME, name);
+			goto fail;
+	}
+
+	free(name);
+	return(1);
+
+fail:
+	free(name);
+	return(0);
+}
+
+void set_arg_val(const char * name, ...)
+{
+	va_list		ap;
+	struct argdef * arg;
+
+	va_start(ap, name);
+	if ((arg = find_named_arg(name)) == NULL) {
+		goto fail;
+	}
+
+	/* Found a matching name; convert the variable argument. */
+	switch (arg->arg_type) {
+		case ARG_NUMERIC:
+		case ARG_SIZE:
+			arg->arg_val.nval = va_arg(ap, uint64_t);
+			break;
+		case ARG_BOOL:
+			arg->arg_val.bval = va_arg(ap, int);
+			break;
+		case ARG_PATHNAME:
+			arg->arg_val.pval = va_arg(ap, char *);
+			if (arg->arg_val.pval) {
+				arg->arg_val.pval = strdup(arg->arg_val.pval);
+			}
+			break;
+		default:
+			fprintf(stderr, "%s: argument \"%s\" is of "
+				"unknown type\n", PROGNAME, name);
+			goto fail;
+	}
+
+	va_end(ap);
+	return;
+
+fail:
+	fprintf(stderr, "%s: ignoring unknown argument \"%s\"\n",
+			PROGNAME, name);
+	va_end(ap);
+	return;
+}
+
+bool check_arg_bool(const char * name)
+{
+	struct argdef * arg;
+
+	if ((arg = find_named_arg(name)) &&
+	    (arg->arg_type == ARG_BOOL)) {
+		return(arg->arg_val.bval);
+	}
+
+	DEBUG(0, ("invalid argument name: %s\n", name));
+	SMB_ASSERT(0);
+	return(false);
+}
+
+uint64_t check_arg_numeric(const char * name)
+{
+	struct argdef * arg;
+
+	if ((arg = find_named_arg(name)) &&
+	    (arg->arg_type == ARG_NUMERIC || arg->arg_type == ARG_SIZE)) {
+		return(arg->arg_val.nval);
+	}
+
+	DEBUG(0, ("invalid argument name: %s\n", name));
+	SMB_ASSERT(0);
+	return(-1);
+}
+
+const char * check_arg_pathname(const char * name)
+{
+	struct argdef * arg;
+
+	if ((arg = find_named_arg(name)) &&
+	    (arg->arg_type == ARG_PATHNAME)) {
+		return(arg->arg_val.pval);
+	}
+
+	DEBUG(0, ("invalid argument name: %s\n", name));
+	SMB_ASSERT(0);
+	return(NULL);
+}
+
+static void dump_args(void)
+{
+	int i;
+
+	DEBUG(10, ("dumping argument values:\n"));
+	for (i = 0; i < ARRAY_SIZE(args); ++i) {
+		switch (args[i].arg_type) {
+			case ARG_NUMERIC:
+			case ARG_SIZE:
+				DEBUG(10, ("\t%s=%llu\n", args[i].arg_name,
+					(unsigned long long)args[i].arg_val.nval));
+				break;
+			case ARG_BOOL:
+				DEBUG(10, ("\t%s=%s\n", args[i].arg_name,
+					args[i].arg_val.bval ? "yes" : "no"));
+				break;
+			case ARG_PATHNAME:
+				DEBUG(10, ("\t%s=%s\n", args[i].arg_name,
+					args[i].arg_val.pval ?
+						args[i].arg_val.pval :
+						"(NULL)"));
+				break;
+			default:
+				SMB_ASSERT(0);
+		}
+	}
+}
+
+static void cifsdd_help_message(poptContext pctx,
+		enum poptCallbackReason preason,
+		struct poptOption * poption, 
+		const char * parg,
+		void * pdata)
+{
+	static const char notes[] = 
+"FILE can be a local filename or a UNC path of the form //server/share/path.\n";
+
+	char prefix[24];
+	int i;
+
+	if (poption->shortName != '?') {
+		poptPrintUsage(pctx, stdout, 0);
+		fprintf(stdout, "        [dd options]\n");
+		exit(0);
+	}
+
+	poptPrintHelp(pctx, stdout, 0);
+	fprintf(stdout, "\nCIFS dd options:\n");
+
+	for (i = 0; i < ARRAY_SIZE(args); ++i) {
+		if (args[i].arg_name == NULL) {
+			break;
+		}
+
+		snprintf(prefix, sizeof(prefix), "%s=%-*s",
+			args[i].arg_name,
+			(int)(sizeof(prefix) - strlen(args[i].arg_name) - 2),
+			argtype_str(args[i].arg_type));
+		prefix[sizeof(prefix) - 1] = '\0';
+		fprintf(stdout, "  %s%s\n", prefix, args[i].arg_help);
+	}
+
+	fprintf(stdout, "\n%s\n", notes);
+	exit(0);
+}
+
+/* ------------------------------------------------------------------------- */
+/* Main block copying routine.						     */
+/* ------------------------------------------------------------------------- */
+
+static void print_transfer_stats(void)
+{
+	if (DEBUGLEVEL > 0) {
+		printf("%llu+%llu records in (%llu bytes)\n"
+			"%llu+%llu records out (%llu bytes)\n",
+			(unsigned long long)dd_stats.in.fblocks,
+			(unsigned long long)dd_stats.in.pblocks,
+			(unsigned long long)dd_stats.in.bytes,
+			(unsigned long long)dd_stats.out.fblocks,
+			(unsigned long long)dd_stats.out.pblocks,
+			(unsigned long long)dd_stats.out.bytes);
+	} else {
+		printf("%llu+%llu records in\n%llu+%llu records out\n",
+				(unsigned long long)dd_stats.in.fblocks,
+				(unsigned long long)dd_stats.in.pblocks,
+				(unsigned long long)dd_stats.out.fblocks,
+				(unsigned long long)dd_stats.out.pblocks);
+	}
+}
+
+static struct dd_iohandle * open_file(struct resolve_context *resolve_ctx, 
+				      struct tevent_context *ev,
+				      const char * which, const char **ports,
+				      struct smbcli_options *smb_options,
+				      const char *socket_options,
+				      struct smbcli_session_options *smb_session_options,
+				      struct gensec_settings *gensec_settings)
+{
+	int			options = 0;
+	const char *		path = NULL;
+	struct dd_iohandle *	handle = NULL;
+
+	if (check_arg_bool("direct")) {
+		options |= DD_DIRECT_IO;
+	}
+
+	if (check_arg_bool("sync")) {
+		options |= DD_SYNC_IO;
+	}
+
+	if (check_arg_bool("oplock")) {
+		options |= DD_OPLOCK;
+	}
+
+	if (strcmp(which, "if") == 0) {
+		path = check_arg_pathname("if");
+		handle = dd_open_path(resolve_ctx, ev, path, ports,
+				      check_arg_numeric("ibs"), options,
+				      socket_options,
+				      smb_options, smb_session_options,
+				      gensec_settings);
+	} else if (strcmp(which, "of") == 0) {
+		options |= DD_WRITE;
+		path = check_arg_pathname("of");
+		handle = dd_open_path(resolve_ctx, ev, path, ports,
+				      check_arg_numeric("obs"), options,
+				      socket_options,
+				      smb_options, smb_session_options,
+				      gensec_settings);
+	} else {
+		SMB_ASSERT(0);
+		return(NULL);
+	}
+
+	if (!handle) {
+		fprintf(stderr, "%s: failed to open %s\n", PROGNAME, path);
+	}
+
+	return(handle);
+}
+
+static int copy_files(struct tevent_context *ev, struct loadparm_context *lp_ctx)
+{
+	uint8_t *	iobuf;	/* IO buffer. */
+	uint64_t	iomax;	/* Size of the IO buffer. */
+	uint64_t	data_size; /* Amount of data in the IO buffer. */
+
+	uint64_t	ibs;
+	uint64_t	obs;
+	uint64_t	count;
+
+	struct dd_iohandle *	ifile;
+	struct dd_iohandle *	ofile;
+
+	struct smbcli_options options;
+	struct smbcli_session_options session_options;
+
+	ibs = check_arg_numeric("ibs");
+	obs = check_arg_numeric("obs");
+	count = check_arg_numeric("count");
+
+	lpcfg_smbcli_options(lp_ctx, &options);
+	lpcfg_smbcli_session_options(lp_ctx, &session_options);
+
+	/* Allocate IO buffer. We need more than the max IO size because we
+	 * could accumulate a remainder if ibs and obs don't match.
+	 */
+	iomax = 2 * MAX(ibs, obs);
+	if ((iobuf = malloc_array_p(uint8_t, iomax)) == NULL) {
+		fprintf(stderr,
+			"%s: failed to allocate IO buffer of %llu bytes\n",
+			PROGNAME, (unsigned long long)iomax);
+		return(EOM_EXIT_CODE);
+	}
+
+	options.max_xmit = MAX(ibs, obs);
+
+	DEBUG(4, ("IO buffer size is %llu, max xmit is %d\n",
+			(unsigned long long)iomax, options.max_xmit));
+
+	if (!(ifile = open_file(lpcfg_resolve_context(lp_ctx), ev, "if",
+				lpcfg_smb_ports(lp_ctx), &options,
+				lpcfg_socket_options(lp_ctx),
+				&session_options, 
+				lpcfg_gensec_settings(lp_ctx, lp_ctx)))) {
+		SAFE_FREE(iobuf);
+		return(FILESYS_EXIT_CODE);
+	}
+
+	if (!(ofile = open_file(lpcfg_resolve_context(lp_ctx), ev, "of",
+				lpcfg_smb_ports(lp_ctx), &options,
+				lpcfg_socket_options(lp_ctx),
+				&session_options,
+				lpcfg_gensec_settings(lp_ctx, lp_ctx)))) {
+		SAFE_FREE(iobuf);
+		return(FILESYS_EXIT_CODE);
+	}
+
+	/* Seek the files to their respective starting points. */
+	ifile->io_seek(ifile, check_arg_numeric("skip") * ibs);
+	ofile->io_seek(ofile, check_arg_numeric("seek") * obs);
+
+	DEBUG(4, ("max xmit was negotiated to be %d\n", options.max_xmit));
+
+	for (data_size = 0;;) {
+
+		/* Handle signals. We are somewhat compatible with GNU dd.
+		 * SIGINT makes us stop, but still print transfer statistics.
+		 * SIGUSR1 makes us print transfer statistics but we continue
+		 * copying.
+		 */
+		if (dd_sigint) {
+			break;
+		}
+
+		if (dd_sigusr1) {
+			print_transfer_stats();
+			dd_sigusr1 = 0;
+		}
+
+		if (ifile->io_flags & DD_END_OF_FILE) {
+			DEBUG(4, ("flushing %llu bytes at EOF\n",
+					(unsigned long long)data_size));
+			while (data_size > 0) {
+				if (!dd_flush_block(ofile, iobuf,
+							&data_size, obs)) {
+					SAFE_FREE(iobuf);
+					return(IOERROR_EXIT_CODE);
+				}
+			}
+			goto done;
+		}
+
+		/* Try and read enough blocks of ibs bytes to be able write
+		 * out one of obs bytes.
+		 */
+		if (!dd_fill_block(ifile, iobuf, &data_size, obs, ibs)) {
+			SAFE_FREE(iobuf);
+			return(IOERROR_EXIT_CODE);
+		}
+
+		if (data_size == 0) {
+			/* Done. */
+			SMB_ASSERT(ifile->io_flags & DD_END_OF_FILE);
+		}
+
+		/* Stop reading when we hit the block count. */
+		if (dd_stats.in.bytes >= (ibs * count)) {
+			ifile->io_flags |= DD_END_OF_FILE;
+		}
+
+		/* If we wanted to be a legitimate dd, we would do character
+		 * conversions and other shenanigans here.
+		 */
+
+		/* Flush what we read in units of obs bytes. We want to have
+		 * at least obs bytes in the IO buffer but might not if the
+		 * file is too small.
+		 */
+		if (data_size && 
+		    !dd_flush_block(ofile, iobuf, &data_size, obs)) {
+			SAFE_FREE(iobuf);
+			return(IOERROR_EXIT_CODE);
+		}
+	}
+
+done:
+	SAFE_FREE(iobuf);
+	print_transfer_stats();
+	return(0);
+}
+
+/* ------------------------------------------------------------------------- */
+/* Main.								     */
+/* ------------------------------------------------------------------------- */
+
+struct poptOption cifsddHelpOptions[] = {
+	{
+		.longName   = NULL,
+		.shortName  = '\0',
+		.argInfo    = POPT_ARG_CALLBACK,
+		.arg        = (void *)&cifsdd_help_message,
+		.val        = '\0',
+	},
+	{
+		.longName   = "help",
+		.shortName  = '?',
+		.val        = '?',
+		.descrip    = "Show this help message",
+	},
+	{
+		.longName   = "usage",
+		.shortName  = '\0',
+		.val        = 'u',
+		.descrip    = "Display brief usage message",
+	},
+	POPT_TABLEEND
+};
+
+int main(int argc, char *argv[])
+{
+	const char **const_argv = discard_const_p(const char *, argv);
+	int i;
+	const char ** dd_args;
+	TALLOC_CTX *mem_ctx = NULL;
+	struct loadparm_context *lp_ctx = NULL;
+	struct tevent_context *ev;
+	bool ok;
+	int rc;
+
+	poptContext pctx;
+	struct poptOption poptions[] = {
+		/* POPT_AUTOHELP */
+		{ NULL, '\0', POPT_ARG_INCLUDE_TABLE, cifsddHelpOptions,
+			0, "Help options:", NULL },
+		POPT_COMMON_SAMBA
+		POPT_COMMON_CONNECTION
+		POPT_COMMON_CREDENTIALS
+		POPT_LEGACY_S4
+		POPT_COMMON_VERSION
+		POPT_TABLEEND
+	};
+
+	/* Block sizes. */
+	set_arg_val("bs", (uint64_t)4096);
+	set_arg_val("ibs", (uint64_t)4096);
+	set_arg_val("obs", (uint64_t)4096);
+	/* Block counts. */
+	set_arg_val("count", (uint64_t)-1);
+	set_arg_val("seek", (uint64_t)0);
+	set_arg_val("skip", (uint64_t)0);
+	/* Files. */
+	set_arg_val("if", NULL);
+	set_arg_val("of", NULL);
+	/* Options. */
+	set_arg_val("direct", false);
+	set_arg_val("sync", false);
+	set_arg_val("oplock", false);
+
+	mem_ctx = talloc_init("cifsdd.c/main");
+	if (mem_ctx == NULL) {
+		d_printf("Not enough memory\n");
+		exit(1);
+	}
+
+	ok = samba_cmdline_init(mem_ctx,
+				SAMBA_CMDLINE_CONFIG_CLIENT,
+				false /* require_smbconf */);
+	if (!ok) {
+		DBG_ERR("Failed to init cmdline parser!\n");
+		TALLOC_FREE(mem_ctx);
+		exit(1);
+	}
+
+	pctx = samba_popt_get_context(getprogname(), argc, const_argv, poptions, 0);
+	if (pctx == NULL) {
+		DBG_ERR("Failed to setup popt context!\n");
+		TALLOC_FREE(mem_ctx);
+		exit(1);
+	}
+
+	while ((i = poptGetNextOpt(pctx)) != -1) {
+		switch (i) {
+		case POPT_ERROR_BADOPT:
+			fprintf(stderr, "\nInvalid option %s: %s\n\n",
+				poptBadOption(pctx, 0), poptStrerror(i));
+			poptPrintUsage(pctx, stderr, 0);
+			exit(1);
+		}
+	}
+
+	for (dd_args = poptGetArgs(pctx); dd_args && *dd_args; ++dd_args) {
+
+		if (!set_arg_argv(*dd_args)) {
+			fprintf(stderr, "%s: invalid option: %s\n",
+					PROGNAME, *dd_args);
+			exit(SYNTAX_EXIT_CODE);
+		}
+
+		/* "bs" has the side-effect of setting "ibs" and "obs". */
+		if (strncmp(*dd_args, "bs=", 3) == 0) {
+			uint64_t bs = check_arg_numeric("bs");
+			set_arg_val("ibs", bs);
+			set_arg_val("obs", bs);
+		}
+	}
+
+	poptFreeContext(pctx);
+	samba_cmdline_burn(argc, argv);
+
+	ev = s4_event_context_init(mem_ctx);
+	lp_ctx = samba_cmdline_get_lp_ctx();
+
+	gensec_init();
+	dump_args();
+
+	if (check_arg_numeric("ibs") == 0 || check_arg_numeric("obs") == 0) {
+		fprintf(stderr, "%s: block sizes must be greater that zero\n",
+				PROGNAME);
+		talloc_free(mem_ctx);
+		exit(SYNTAX_EXIT_CODE);
+	}
+
+	if (check_arg_pathname("if") == NULL) {
+		fprintf(stderr, "%s: missing input filename\n", PROGNAME);
+		talloc_free(mem_ctx);
+		exit(SYNTAX_EXIT_CODE);
+	}
+
+	if (check_arg_pathname("of") == NULL) {
+		fprintf(stderr, "%s: missing output filename\n", PROGNAME);
+		talloc_free(mem_ctx);
+		exit(SYNTAX_EXIT_CODE);
+	}
+
+	CatchSignal(SIGINT, dd_handle_signal);
+	CatchSignal(SIGUSR1, dd_handle_signal);
+	rc = copy_files(ev, lp_ctx);
+
+	talloc_free(mem_ctx);
+	return rc;
+}
+
+/* vim: set sw=8 sts=8 ts=8 tw=79 : */
diff --git a/source4/client/cifsdd.h b/source4/client/cifsdd.h
new file mode 100644
index 0000000..4e9cb9d
--- /dev/null
+++ b/source4/client/cifsdd.h
@@ -0,0 +1,109 @@
+/*
+   CIFSDD - dd for SMB.
+   Declarations and administrivia.
+
+   Copyright (C) James Peach 2005-2006
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+extern const char * const PROGNAME;
+
+enum argtype
+{
+	ARG_NUMERIC,
+	ARG_SIZE,
+	ARG_PATHNAME,
+	ARG_BOOL,
+};
+
+struct argdef
+{
+	const char *	arg_name;
+	enum argtype	arg_type;
+	const char *	arg_help;
+
+	union
+	{
+		bool		bval;
+		uint64_t	nval;
+		const char *	pval;
+	} arg_val;
+};
+
+int set_arg_argv(const char * argv);
+void set_arg_val(const char * name, ...);
+
+bool check_arg_bool(const char * name);
+uint64_t check_arg_numeric(const char * name);
+const char * check_arg_pathname(const char * name);
+
+typedef bool (*dd_seek_func)(void * handle, uint64_t offset);
+typedef bool (*dd_read_func)(void * handle, uint8_t * buf,
+				uint64_t wanted, uint64_t * actual);
+typedef bool (*dd_write_func)(void * handle, uint8_t * buf,
+				uint64_t wanted, uint64_t * actual);
+
+struct dd_stats_record
+{
+	struct
+	{
+		uint64_t	fblocks;	/* Full blocks. */
+		uint64_t	pblocks;	/* Partial blocks. */
+		uint64_t	bytes;		/* Total bytes read. */
+	} in;
+	struct
+	{
+		uint64_t	fblocks;	/* Full blocks. */
+		uint64_t	pblocks;	/* Partial blocks. */
+		uint64_t	bytes;		/* Total bytes written. */
+	} out;
+};
+
+extern struct dd_stats_record dd_stats;
+
+struct dd_iohandle
+{
+	dd_seek_func	io_seek;
+	dd_read_func	io_read;
+	dd_write_func	io_write;
+	int		io_flags;
+};
+
+#define DD_END_OF_FILE		0x10000000
+
+#define DD_DIRECT_IO		0x00000001
+#define DD_SYNC_IO		0x00000002
+#define DD_WRITE		0x00000004
+#define DD_OPLOCK		0x00000008
+
+struct smbcli_options;
+struct smbcli_session_options;
+struct tevent_context;
+
+struct dd_iohandle * dd_open_path(struct resolve_context *resolve_ctx, 
+				  struct tevent_context *ev,
+				  const char * path,
+				  const char **ports,
+				uint64_t io_size, int options, 
+				const char *socket_options,
+				struct smbcli_options *smb_options,
+				struct smbcli_session_options *smb_session_options,
+				struct gensec_settings *gensec_settings);
+bool dd_fill_block(struct dd_iohandle * h, uint8_t * buf,
+		uint64_t * buf_size, uint64_t need_size, uint64_t block_size);
+bool dd_flush_block(struct dd_iohandle * h, uint8_t * buf,
+		uint64_t * buf_size, uint64_t block_size);
+
+/* vim: set sw=8 sts=8 ts=8 tw=79 : */
diff --git a/source4/client/cifsddio.c b/source4/client/cifsddio.c
new file mode 100644
index 0000000..0163daa
--- /dev/null
+++ b/source4/client/cifsddio.c
@@ -0,0 +1,524 @@
+/*
+   CIFSDD - dd for SMB.
+   IO routines, generic and specific.
+
+   Copyright (C) James Peach 2005-2006
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "libcli/libcli.h"
+#include "lib/cmdline/cmdline.h"
+
+#include "cifsdd.h"
+
+/* ------------------------------------------------------------------------- */
+/* UNIX file descriptor IO.						     */
+/* ------------------------------------------------------------------------- */
+
+struct fd_handle
+{
+	struct dd_iohandle	h;
+	int			fd;
+};
+
+#define IO_HANDLE_TO_FD(h) (((struct fd_handle *)(h))->fd)
+
+static bool fd_seek_func(void * handle, uint64_t offset)
+{
+	ssize_t ret;
+
+	ret = lseek(IO_HANDLE_TO_FD(handle), offset, SEEK_SET);
+	if (ret < 0) {
+		fprintf(stderr, "%s: seek failed: %s\n",
+				PROGNAME, strerror(errno));
+		return(false);
+	}
+
+	return(true);
+}
+
+static bool fd_read_func(void * handle,
+			uint8_t * buf,
+			uint64_t wanted,
+			uint64_t * actual)
+{
+	ssize_t ret;
+
+	ret = read(IO_HANDLE_TO_FD(handle), buf, wanted);
+	if (ret < 0) {
+		fprintf(stderr, "%s: %llu byte read failed: %s\n",
+				PROGNAME, (unsigned long long)wanted,
+				strerror(errno));
+		return(false);
+	}
+
+	*actual = (uint64_t)ret;
+	return(true);
+}
+
+static bool fd_write_func(void * handle,
+			uint8_t * buf,
+			uint64_t wanted,
+			uint64_t * actual)
+{
+	ssize_t ret;
+
+	ret = write(IO_HANDLE_TO_FD(handle), buf, wanted);
+	if (ret < 0) {
+		fprintf(stderr, "%s: %llu byte write failed: %s\n",
+				PROGNAME, (unsigned long long)wanted,
+				strerror(errno));
+		return(false);
+	}
+
+	*actual = (uint64_t)ret;
+	return(true);
+}
+
+static struct dd_iohandle * open_fd_handle(const char * path,
+					uint64_t io_size,
+					int options)
+{
+	struct fd_handle * fdh;
+	int oflags = 0;
+
+	DEBUG(4, ("opening fd stream for %s\n", path));
+	if ((fdh = talloc_zero(NULL, struct fd_handle)) == NULL) {
+		return(NULL);
+	}
+
+	fdh->h.io_read = fd_read_func;
+	fdh->h.io_write = fd_write_func;
+	fdh->h.io_seek = fd_seek_func;
+
+	if (options & DD_DIRECT_IO) {
+#ifdef HAVE_OPEN_O_DIRECT
+		oflags |= O_DIRECT;
+#else
+		DEBUG(1, ("no support for direct IO on this platform\n"));
+#endif
+	}
+
+	if (options & DD_SYNC_IO)
+		oflags |= O_SYNC;
+
+	oflags |= (options & DD_WRITE) ?  (O_WRONLY | O_CREAT) : (O_RDONLY);
+
+	fdh->fd = open(path, oflags, 0644);
+	if (fdh->fd < 0) {
+		fprintf(stderr, "%s: %s: %s\n",
+			PROGNAME, path, strerror(errno));
+		talloc_free(fdh);
+		return(NULL);
+	}
+
+	if (options & DD_OPLOCK) {
+		DEBUG(2, ("FIXME: take local oplock on %s\n", path));
+	}
+
+	SMB_ASSERT((void *)fdh == (void *)&fdh->h);
+	return(&fdh->h);
+}
+
+/* ------------------------------------------------------------------------- */
+/* CIFS client IO.							     */
+/* ------------------------------------------------------------------------- */
+
+struct cifs_handle
+{
+	struct dd_iohandle	h;
+	struct smbcli_state *	cli;
+	int			fnum;
+	uint64_t		offset;
+};
+
+#define IO_HANDLE_TO_SMB(h) ((struct cifs_handle *)(h))
+
+static bool smb_seek_func(void * handle, uint64_t offset)
+{
+	IO_HANDLE_TO_SMB(handle)->offset = offset;
+	return(true);
+}
+
+static bool smb_read_func(void * handle, uint8_t * buf, uint64_t wanted,
+			  uint64_t * actual)
+{
+	NTSTATUS		ret;
+	union smb_read		r;
+	struct cifs_handle *	smbh;
+
+	ZERO_STRUCT(r);
+	smbh = IO_HANDLE_TO_SMB(handle);
+
+	r.generic.level		= RAW_READ_READX;
+	r.readx.in.file.fnum	= smbh->fnum;
+	r.readx.in.offset	= smbh->offset;
+	r.readx.in.mincnt	= wanted;
+	r.readx.in.maxcnt	= wanted;
+	r.readx.out.data	= buf;
+
+	/* FIXME: Should I really set readx.in.remaining? That just seems
+	 * redundant.
+	 */
+	ret = smb_raw_read(smbh->cli->tree, &r);
+	if (!NT_STATUS_IS_OK(ret)) {
+		fprintf(stderr, "%s: %llu byte read failed: %s\n",
+				PROGNAME, (unsigned long long)wanted,
+				nt_errstr(ret));
+		return(false);
+	}
+
+	/* Trap integer wrap. */
+	SMB_ASSERT((smbh->offset + r.readx.out.nread) >= smbh->offset);
+
+	*actual = r.readx.out.nread;
+	smbh->offset += r.readx.out.nread;
+	return(true);
+}
+
+static bool smb_write_func(void * handle, uint8_t * buf, uint64_t wanted,
+			   uint64_t * actual)
+{
+	NTSTATUS		ret;
+	union smb_write		w;
+	struct cifs_handle *	smbh;
+
+	ZERO_STRUCT(w);
+	smbh = IO_HANDLE_TO_SMB(handle);
+
+	w.generic.level		= RAW_WRITE_WRITEX;
+	w.writex.in.file.fnum	= smbh->fnum;
+	w.writex.in.offset	= smbh->offset;
+	w.writex.in.count	= wanted;
+	w.writex.in.data	= buf;
+
+	ret = smb_raw_write(smbh->cli->tree, &w);
+	if (!NT_STATUS_IS_OK(ret)) {
+		fprintf(stderr, "%s: %llu byte write failed: %s\n",
+				PROGNAME, (unsigned long long)wanted,
+				nt_errstr(ret));
+		return(false);
+	}
+
+	*actual = w.writex.out.nwritten;
+	smbh->offset += w.writex.out.nwritten;
+	return(true);
+}
+
+static struct smbcli_state * init_smb_session(struct resolve_context *resolve_ctx,
+					      struct tevent_context *ev,
+					      const char * host,
+					      const char **ports,
+					      const char * share,
+					      const char *socket_options,
+					      struct smbcli_options *options,
+					      struct smbcli_session_options *session_options,
+					      struct gensec_settings *gensec_settings)
+{
+	NTSTATUS		ret;
+	struct smbcli_state *	cli = NULL;
+
+	/* When we support SMB URLs, we can get different user credentials for
+	 * each connection, but for now, we just use the same one for both.
+	 */
+	ret = smbcli_full_connection(NULL, &cli, host, ports, share,
+				NULL /* devtype */,
+				socket_options,
+				samba_cmdline_get_creds(),
+				resolve_ctx,
+				ev, options,
+				session_options,
+				gensec_settings);
+
+	if (!NT_STATUS_IS_OK(ret)) {
+		fprintf(stderr, "%s: connecting to //%s/%s: %s\n",
+			PROGNAME, host, share, nt_errstr(ret));
+		return(NULL);
+	}
+
+	return(cli);
+}
+
+static int open_smb_file(struct smbcli_state * cli,
+			const char * path,
+			int options)
+{
+	NTSTATUS	ret;
+	union smb_open	o;
+
+	ZERO_STRUCT(o);
+
+	o.ntcreatex.level = RAW_OPEN_NTCREATEX;
+	o.ntcreatex.in.fname = path;
+
+	/* TODO: It's not clear whether to use these flags or to use the
+	 * similarly named NTCREATEX flags in the create_options field.
+	 */
+	if (options & DD_DIRECT_IO)
+		o.ntcreatex.in.flags |= FILE_FLAG_NO_BUFFERING;
+
+	if (options & DD_SYNC_IO)
+		o.ntcreatex.in.flags |= FILE_FLAG_WRITE_THROUGH;
+
+	o.ntcreatex.in.access_mask |=
+		(options & DD_WRITE) ? SEC_FILE_WRITE_DATA
+					: SEC_FILE_READ_DATA;
+
+	/* Try to create the file only if we will be writing to it. */
+	o.ntcreatex.in.open_disposition =
+		(options & DD_WRITE) ? NTCREATEX_DISP_OPEN_IF
+					: NTCREATEX_DISP_OPEN;
+
+	o.ntcreatex.in.share_access =
+		NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+
+	if (options & DD_OPLOCK) {
+		o.ntcreatex.in.flags |= NTCREATEX_FLAGS_REQUEST_OPLOCK;
+	}
+
+	ret = smb_raw_open(cli->tree, NULL, &o);
+	if (!NT_STATUS_IS_OK(ret)) {
+		fprintf(stderr, "%s: opening %s: %s\n",
+			PROGNAME, path, nt_errstr(ret));
+		return(-1);
+	}
+
+	return(o.ntcreatex.out.file.fnum);
+}
+
+static struct dd_iohandle * open_cifs_handle(struct resolve_context *resolve_ctx,
+					     struct tevent_context *ev,
+					     const char * host,
+					const char **ports,
+					const char * share,
+					const char * path,
+					uint64_t io_size,
+					int options,
+					const char *socket_options,
+					struct smbcli_options *smb_options,
+					struct smbcli_session_options *smb_session_options,
+					struct gensec_settings *gensec_settings)
+{
+	struct cifs_handle * smbh;
+
+	if (path == NULL  || *path == '\0') {
+		fprintf(stderr, "%s: missing path name within share //%s/%s\n",
+			PROGNAME, host, share);
+	}
+
+	DEBUG(4, ("opening SMB stream to //%s/%s for %s\n",
+		host, share, path));
+
+	if ((smbh = talloc_zero(NULL, struct cifs_handle)) == NULL) {
+		return(NULL);
+	}
+
+	smbh->h.io_read = smb_read_func;
+	smbh->h.io_write = smb_write_func;
+	smbh->h.io_seek = smb_seek_func;
+
+	if ((smbh->cli = init_smb_session(resolve_ctx, ev, host, ports, share,
+					  socket_options,
+					  smb_options, smb_session_options,
+					  gensec_settings)) == NULL) {
+		return(NULL);
+	}
+
+	DEBUG(4, ("connected to //%s/%s with xmit size of %u bytes\n",
+		host, share, smbh->cli->transport->negotiate.max_xmit));
+
+	smbh->fnum = open_smb_file(smbh->cli, path, options);
+	return(&smbh->h);
+}
+
+/* ------------------------------------------------------------------------- */
+/* Abstract IO interface.						     */
+/* ------------------------------------------------------------------------- */
+
+struct dd_iohandle * dd_open_path(struct resolve_context *resolve_ctx, 
+				  struct tevent_context *ev,
+				  const char * path,
+				  const char **ports,
+				uint64_t io_size,
+				int options,
+				const char *socket_options,
+				struct smbcli_options *smb_options,
+				struct smbcli_session_options *smb_session_options,
+				struct gensec_settings *gensec_settings)
+{
+	if (file_exist(path)) {
+		return(open_fd_handle(path, io_size, options));
+	} else {
+		char * host;
+		char * share;
+
+		if (smbcli_parse_unc(path, NULL, &host, &share)) {
+			const char * remain;
+			remain = strstr(path, share) + strlen(share);
+
+			/* Skip over leading directory separators. */
+			while (*remain == '/' || *remain == '\\') { remain++; }
+
+			return(open_cifs_handle(resolve_ctx, ev, host, ports,
+						share, remain,
+						io_size, options, 
+						socket_options, smb_options,
+						smb_session_options,
+						gensec_settings));
+		}
+
+		return(open_fd_handle(path, io_size, options));
+	}
+}
+
+/* Fill the buffer till it has at least need_size bytes. Use read operations of
+ * block_size bytes. Return the number of bytes read and fill buf_size with
+ * the new buffer size.
+ *
+ * NOTE: The IO buffer is guaranteed to be big enough to fit
+ * need_size + block_size bytes into it.
+ */
+bool dd_fill_block(struct dd_iohandle * h,
+		uint8_t * buf,
+		uint64_t * buf_size,
+		uint64_t need_size,
+		uint64_t block_size)
+{
+	uint64_t read_size;
+
+	SMB_ASSERT(block_size > 0);
+	SMB_ASSERT(need_size > 0);
+
+	while (*buf_size < need_size) {
+
+		if (!h->io_read(h, buf + (*buf_size), block_size, &read_size)) {
+			return(false);
+		}
+
+		if (read_size == 0) {
+			h->io_flags |= DD_END_OF_FILE;
+			break;
+		}
+
+		DEBUG(6, ("added %llu bytes to IO buffer (need %llu bytes)\n",
+			(unsigned long long)read_size,
+			(unsigned long long)need_size));
+
+		*buf_size += read_size;
+		dd_stats.in.bytes += read_size;
+
+		if (read_size == block_size) {
+			dd_stats.in.fblocks++;
+		} else {
+			DEBUG(3, ("partial read of %llu bytes (expected %llu)\n",
+				(unsigned long long)read_size,
+				(unsigned long long)block_size));
+			dd_stats.in.pblocks++;
+		}
+	}
+
+	return(true);
+}
+
+/* Flush a buffer that contains buf_size bytes. Use writes of block_size to do it,
+ * and shift any remaining bytes back to the head of the buffer when there are
+ * no more block_size sized IOs left.
+ */
+bool dd_flush_block(struct dd_iohandle * h,
+		uint8_t * buf,
+		uint64_t * buf_size,
+		uint64_t block_size)
+{
+	uint64_t write_size;
+	uint64_t total_size = 0;
+
+	SMB_ASSERT(block_size > 0);
+
+	/* We have explicitly been asked to write a partial block. */
+	if ((*buf_size) < block_size) {
+
+		if (!h->io_write(h, buf, *buf_size, &write_size)) {
+			return(false);
+		}
+
+		if (write_size == 0) {
+			fprintf(stderr, "%s: unexpectedly wrote 0 bytes\n",
+					PROGNAME);
+			return(false);
+		}
+
+		total_size += write_size;
+		dd_stats.out.bytes += write_size;
+		dd_stats.out.pblocks++;
+	}
+
+	/* Write as many full blocks as there are in the buffer. */
+	while (((*buf_size) - total_size) >= block_size) {
+
+		if (!h->io_write(h, buf + total_size, block_size, &write_size)) {
+			return(false);
+		}
+
+		if (write_size == 0) {
+			fprintf(stderr, "%s: unexpectedly wrote 0 bytes\n",
+					PROGNAME);
+			return(false);
+		}
+
+		if (write_size == block_size) {
+			dd_stats.out.fblocks++;
+		} else {
+			dd_stats.out.pblocks++;
+		}
+
+		total_size += write_size;
+		dd_stats.out.bytes += write_size;
+
+		DEBUG(6, ("flushed %llu bytes from IO buffer of %llu bytes (%llu remain)\n",
+			(unsigned long long)block_size,
+			(unsigned long long)block_size,
+			(unsigned long long)(block_size - total_size)));
+	}
+
+	SMB_ASSERT(total_size > 0);
+
+	/* We have flushed as much of the IO buffer as we can while
+	 * still doing block_size'd operations. Shift any remaining data
+	 * to the front of the IO buffer.
+	 */
+	if ((*buf_size) > total_size) {
+		uint64_t remain = (*buf_size) - total_size;
+
+		DEBUG(3, ("shifting %llu remainder bytes to IO buffer head\n",
+			(unsigned long long)remain));
+
+		memmove(buf, buf + total_size, remain);
+		(*buf_size) = remain;
+	} else if ((*buf_size) == total_size) {
+		(*buf_size) = 0;
+	} else {
+		/* Else buffer contains buf_size bytes that we will append
+		 * to next time round.
+		 */
+		DEBUG(3, ("%llu unflushed bytes left in IO buffer\n",
+			(unsigned long long)(*buf_size)));
+	}
+
+	return(true);
+}
+
+/* vim: set sw=8 sts=8 ts=8 tw=79 : */
diff --git a/source4/client/client.c b/source4/client/client.c
new file mode 100644
index 0000000..1a4e538
--- /dev/null
+++ b/source4/client/client.c
@@ -0,0 +1,3552 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB client
+   Copyright (C) Andrew Tridgell 1994-1998
+   Copyright (C) Simo Sorce 2001-2002
+   Copyright (C) Jelmer Vernooij 2003-2004
+   Copyright (C) James J Myers   2003 <myersjj@samba.org>
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/* 
+ * TODO: remove this ... and don't use talloc_append_string()
+ *
+ * NOTE: I'm not changing the code yet, because I assume there're
+ *       some bugs in the existing code and I'm not sure how to fix
+ *	 them correctly.
+ */
+#define TALLOC_DEPRECATED 1
+
+#include "includes.h"
+#include "version.h"
+#include "libcli/libcli.h"
+#include "lib/events/events.h"
+#include "lib/cmdline/cmdline.h"
+#include "librpc/gen_ndr/ndr_srvsvc_c.h"
+#include "librpc/gen_ndr/ndr_lsa.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "libcli/util/clilsa.h"
+#include "system/dir.h"
+#include "system/filesys.h"
+#include "../lib/util/dlinklist.h"
+#include "system/readline.h"
+#include "auth/credentials/credentials.h"
+#include "auth/gensec/gensec.h"
+#include "system/time.h" /* needed by some systems for asctime() */
+#include "libcli/resolve/resolve.h"
+#include "libcli/security/security.h"
+#include "../libcli/smbreadline/smbreadline.h"
+#include "librpc/gen_ndr/ndr_nbt.h"
+#include "param/param.h"
+#include "libcli/raw/raw_proto.h"
+
+/* the default pager to use for the client "more" command. Users can
+ *    override this with the PAGER environment variable */
+#ifndef DEFAULT_PAGER
+#define DEFAULT_PAGER "more"
+#endif
+
+#undef strncasecmp
+
+struct smbclient_context {
+	char *remote_cur_dir;
+	struct smbcli_state *cli;
+	char *fileselection;
+	time_t newer_than;
+	bool prompt;
+	bool recurse;
+	int archive_level;
+	bool lowercase;
+	int printmode;
+	bool translation;
+	int io_bufsize;
+};
+
+/* timing globals */
+static uint64_t get_total_size = 0;
+static unsigned int get_total_time_ms = 0;
+static uint64_t put_total_size = 0;
+static unsigned int put_total_time_ms = 0;
+
+/* Unfortunately, there is no way to pass a context to the completion function as an argument */
+static struct smbclient_context *rl_ctx; 
+
+/* totals globals */
+static double dir_total;
+
+/*******************************************************************
+ Reduce a file name, removing .. elements.
+********************************************************************/
+static void dos_clean_name(char *s)
+{
+	char *p=NULL,*r;
+
+	DEBUG(3,("dos_clean_name [%s]\n",s));
+
+	/* remove any double slashes */
+	all_string_sub(s, "\\\\", "\\", 0);
+
+	while ((p = strstr(s,"\\..\\")) != NULL) {
+		*p = '\0';
+		if ((r = strrchr(s,'\\')) != NULL)
+			memmove(r,p+3,strlen(p+3)+1);
+	}
+
+	trim_string(s,NULL,"\\..");
+
+	all_string_sub(s, "\\.\\", "\\", 0);
+}
+
+/****************************************************************************
+write to a local file with CR/LF->LF translation if appropriate. return the 
+number taken from the buffer. This may not equal the number written.
+****************************************************************************/
+static int writefile(int f, const void *_b, int n, bool translation)
+{
+	const uint8_t *b = (const uint8_t *)_b;
+	int i;
+
+	if (!translation) {
+		return write(f,b,n);
+	}
+
+	i = 0;
+	while (i < n) {
+		if (*b == '\r' && (i<(n-1)) && *(b+1) == '\n') {
+			b++;i++;
+		}
+		if (write(f, b, 1) != 1) {
+			break;
+		}
+		b++;
+		i++;
+	}
+  
+	return(i);
+}
+
+/****************************************************************************
+  read from a file with LF->CR/LF translation if appropriate. return the 
+  number read. read approx n bytes.
+****************************************************************************/
+static int readfile(void *_b, int n, FILE *f, bool translation)
+{
+	uint8_t *b = (uint8_t *)_b;
+	int i;
+	int c;
+
+	if (!translation)
+		return fread(b,1,n,f);
+  
+	i = 0;
+	while (i < (n - 1)) {
+		if ((c = getc(f)) == EOF) {
+			break;
+		}
+      
+		if (c == '\n') { /* change all LFs to CR/LF */
+			b[i++] = '\r';
+		}
+      
+		b[i++] = c;
+	}
+  
+	return(i);
+}
+ 
+
+/****************************************************************************
+send a message
+****************************************************************************/
+static void send_message(struct smbcli_state *cli, const char *desthost)
+{
+	char msg[1600];
+	int total_len = 0;
+	int grp_id;
+	struct cli_credentials *creds = samba_cmdline_get_creds();
+
+	if (!smbcli_message_start(cli->tree,
+			desthost,
+			cli_credentials_get_username(creds),
+			&grp_id)) {
+		d_printf("message start: %s\n", smbcli_errstr(cli->tree));
+		return;
+	}
+
+
+	d_printf("Connected. Type your message, ending it with a Control-D\n");
+
+	while (!feof(stdin) && total_len < 1600) {
+		int maxlen = MIN(1600 - total_len,127);
+		int l=0;
+		int c;
+
+		for (l=0;l<maxlen && (c=fgetc(stdin))!=EOF;l++) {
+			if (c == '\n')
+				msg[l++] = '\r';
+			msg[l] = c;   
+		}
+
+		if (!smbcli_message_text(cli->tree, msg, l, grp_id)) {
+			d_printf("SMBsendtxt failed (%s)\n",smbcli_errstr(cli->tree));
+			return;
+		}      
+		
+		total_len += l;
+	}
+
+	if (total_len >= 1600)
+		d_printf("the message was truncated to 1600 bytes\n");
+	else
+		d_printf("sent %d bytes\n",total_len);
+
+	if (!smbcli_message_end(cli->tree, grp_id)) {
+		d_printf("SMBsendend failed (%s)\n",smbcli_errstr(cli->tree));
+		return;
+	}      
+}
+
+
+
+/****************************************************************************
+check the space on a device
+****************************************************************************/
+static int do_dskattr(struct smbclient_context *ctx)
+{
+	uint32_t bsize;
+	uint64_t total, avail;
+
+	if (NT_STATUS_IS_ERR(smbcli_dskattr(ctx->cli->tree, &bsize, &total, &avail))) {
+		d_printf("Error in dskattr: %s\n",smbcli_errstr(ctx->cli->tree)); 
+		return 1;
+	}
+
+	d_printf("\n\t\t%llu blocks of size %u. %llu blocks available\n",
+		 (unsigned long long)total, 
+		 (unsigned)bsize, 
+		 (unsigned long long)avail);
+
+	return 0;
+}
+
+/****************************************************************************
+show cd/pwd
+****************************************************************************/
+static int cmd_pwd(struct smbclient_context *ctx, const char **args)
+{
+	d_printf("Current directory is %s\n", ctx->remote_cur_dir);
+	return 0;
+}
+
+/*
+  convert a string to dos format
+*/
+static void dos_format(char *s)
+{
+	string_replace(s, '/', '\\');
+}
+
+/****************************************************************************
+change directory - inner section
+****************************************************************************/
+static int do_cd(struct smbclient_context *ctx, const char *newdir)
+{
+	char *dname;
+      
+	/* Save the current directory in case the
+	   new directory is invalid */
+	if (newdir[0] == '\\')
+		dname = talloc_strdup(ctx, newdir);
+	else
+		dname = talloc_asprintf(ctx, "%s\\%s", ctx->remote_cur_dir, newdir);
+
+	dos_format(dname);
+
+	if (*(dname+strlen(dname)-1) != '\\') {
+		dname = talloc_append_string(NULL, dname, "\\");
+	}
+	dos_clean_name(dname);
+	
+	if (NT_STATUS_IS_ERR(smbcli_chkpath(ctx->cli->tree, dname))) {
+		d_printf("cd %s: %s\n", dname, smbcli_errstr(ctx->cli->tree));
+		talloc_free(dname);
+	} else {
+		ctx->remote_cur_dir = dname;
+	}
+	
+	return 0;
+}
+
+/****************************************************************************
+change directory
+****************************************************************************/
+static int cmd_cd(struct smbclient_context *ctx, const char **args)
+{
+	int rc = 0;
+
+	if (args[1]) 
+		rc = do_cd(ctx, args[1]);
+	else
+		d_printf("Current directory is %s\n",ctx->remote_cur_dir);
+
+	return rc;
+}
+
+
+static bool mask_match(struct smbcli_state *c, const char *string, 
+		const char *pattern, bool is_case_sensitive)
+{
+	int ret;
+
+	if (ISDOTDOT(string))
+		string = ".";
+	if (ISDOT(pattern))
+		return false;
+
+	ret = ms_fnmatch_protocol(pattern, string,
+				  c->transport->negotiate.protocol,
+				  is_case_sensitive);
+	return (ret == 0);
+}
+
+
+
+/*******************************************************************
+  decide if a file should be operated on
+  ********************************************************************/
+static bool do_this_one(struct smbclient_context *ctx, struct clilist_file_info *finfo)
+{
+	if (finfo->attrib & FILE_ATTRIBUTE_DIRECTORY) return(true);
+
+	if (ctx->fileselection && 
+	    !mask_match(ctx->cli, finfo->name,ctx->fileselection,false)) {
+		DEBUG(3,("mask_match %s failed\n", finfo->name));
+		return false;
+	}
+
+	if (ctx->newer_than && finfo->mtime < ctx->newer_than) {
+		DEBUG(3,("newer_than %s failed\n", finfo->name));
+		return(false);
+	}
+
+	if ((ctx->archive_level==1 || ctx->archive_level==2) && !(finfo->attrib & FILE_ATTRIBUTE_ARCHIVE)) {
+		DEBUG(3,("archive %s failed\n", finfo->name));
+		return(false);
+	}
+	
+	return(true);
+}
+
+/****************************************************************************
+  display info about a file
+  ****************************************************************************/
+static void display_finfo(struct smbclient_context *ctx, struct clilist_file_info *finfo)
+{
+	if (do_this_one(ctx, finfo)) {
+		time_t t = finfo->mtime; /* the time is assumed to be passed as GMT */
+		char *astr = attrib_string(NULL, finfo->attrib);
+		d_printf("  %-30s%7.7s %8.0f  %s",
+			 finfo->name,
+			 astr,
+			 (double)finfo->size,
+			 asctime(localtime(&t)));
+		dir_total += finfo->size;
+		talloc_free(astr);
+	}
+}
+
+
+/****************************************************************************
+   accumulate size of a file
+  ****************************************************************************/
+static void do_du(struct smbclient_context *ctx, struct clilist_file_info *finfo)
+{
+	if (do_this_one(ctx, finfo)) {
+		dir_total += finfo->size;
+	}
+}
+
+static bool do_list_recurse;
+static bool do_list_dirs;
+static char *do_list_queue = 0;
+static long do_list_queue_size = 0;
+static long do_list_queue_start = 0;
+static long do_list_queue_end = 0;
+static void (*do_list_fn)(struct smbclient_context *, struct clilist_file_info *);
+
+/****************************************************************************
+functions for do_list_queue
+  ****************************************************************************/
+
+/*
+ * The do_list_queue is a NUL-separated list of strings stored in a
+ * char*.  Since this is a FIFO, we keep track of the beginning and
+ * ending locations of the data in the queue.  When we overflow, we
+ * double the size of the char*.  When the start of the data passes
+ * the midpoint, we move everything back.  This is logically more
+ * complex than a linked list, but easier from a memory management
+ * angle.  In any memory error condition, do_list_queue is reset.
+ * Functions check to ensure that do_list_queue is non-NULL before
+ * accessing it.
+ */
+static void reset_do_list_queue(void)
+{
+	SAFE_FREE(do_list_queue);
+	do_list_queue_size = 0;
+	do_list_queue_start = 0;
+	do_list_queue_end = 0;
+}
+
+static void init_do_list_queue(void)
+{
+	reset_do_list_queue();
+	do_list_queue_size = 1024;
+	do_list_queue = malloc_array_p(char, do_list_queue_size);
+	if (do_list_queue == 0) { 
+		d_printf("malloc fail for size %d\n",
+			 (int)do_list_queue_size);
+		reset_do_list_queue();
+	} else {
+		memset(do_list_queue, 0, do_list_queue_size);
+	}
+}
+
+static void adjust_do_list_queue(void)
+{
+	if (do_list_queue == NULL) return;
+
+	/*
+	 * If the starting point of the queue is more than half way through,
+	 * move everything toward the beginning.
+	 */
+	if (do_list_queue_start == do_list_queue_end)
+	{
+		DEBUG(4,("do_list_queue is empty\n"));
+		do_list_queue_start = do_list_queue_end = 0;
+		*do_list_queue = '\0';
+	}
+	else if (do_list_queue_start > (do_list_queue_size / 2))
+	{
+		DEBUG(4,("sliding do_list_queue backward\n"));
+		memmove(do_list_queue,
+			do_list_queue + do_list_queue_start,
+			do_list_queue_end - do_list_queue_start);
+		do_list_queue_end -= do_list_queue_start;
+		do_list_queue_start = 0;
+	}
+	   
+}
+
+static void add_to_do_list_queue(const char* entry)
+{
+	char *dlq;
+	long new_end;
+
+	if (entry == NULL) {
+		entry = "";
+	}
+
+	new_end = do_list_queue_end + ((long)strlen(entry)) + 1;
+	while (new_end > do_list_queue_size)
+	{
+		do_list_queue_size *= 2;
+		DEBUG(4,("enlarging do_list_queue to %d\n",
+			 (int)do_list_queue_size));
+		dlq = realloc_p(do_list_queue, char, do_list_queue_size);
+		if (! dlq) {
+			d_printf("failure enlarging do_list_queue to %d bytes\n",
+				 (int)do_list_queue_size);
+			reset_do_list_queue();
+		}
+		else
+		{
+			do_list_queue = dlq;
+			memset(do_list_queue + do_list_queue_size / 2,
+			       0, do_list_queue_size / 2);
+		}
+	}
+	if (do_list_queue)
+	{
+		strlcpy(do_list_queue + do_list_queue_end, entry,
+			    do_list_queue_size - do_list_queue_end);
+		do_list_queue_end = new_end;
+		DEBUG(4,("added %s to do_list_queue (start=%d, end=%d)\n",
+			 entry, (int)do_list_queue_start, (int)do_list_queue_end));
+	}
+}
+
+static char *do_list_queue_head(void)
+{
+	return do_list_queue + do_list_queue_start;
+}
+
+static void remove_do_list_queue_head(void)
+{
+	if (do_list_queue_end > do_list_queue_start)
+	{
+		do_list_queue_start += strlen(do_list_queue_head()) + 1;
+		adjust_do_list_queue();
+		DEBUG(4,("removed head of do_list_queue (start=%d, end=%d)\n",
+			 (int)do_list_queue_start, (int)do_list_queue_end));
+	}
+}
+
+static int do_list_queue_empty(void)
+{
+	return (! (do_list_queue && *do_list_queue));
+}
+
+/****************************************************************************
+a helper for do_list
+  ****************************************************************************/
+static void do_list_helper(struct clilist_file_info *f, const char *mask, void *state)
+{
+	struct smbclient_context *ctx = (struct smbclient_context *)state;
+
+	if (f->attrib & FILE_ATTRIBUTE_DIRECTORY) {
+		if (do_list_dirs && do_this_one(ctx, f)) {
+			do_list_fn(ctx, f);
+		}
+		if (do_list_recurse && 
+		    !ISDOT(f->name) &&
+		    !ISDOTDOT(f->name)) {
+			char *mask2;
+			char *p;
+
+			mask2 = talloc_strdup(NULL, mask);
+			p = strrchr_m(mask2,'\\');
+			if (!p) return;
+			p[1] = 0;
+			mask2 = talloc_asprintf_append_buffer(mask2, "%s\\*", f->name);
+			add_to_do_list_queue(mask2);
+		}
+		return;
+	}
+
+	if (do_this_one(ctx, f)) {
+		do_list_fn(ctx, f);
+	}
+}
+
+
+/****************************************************************************
+a wrapper around smbcli_list that adds recursion
+  ****************************************************************************/
+static void do_list(struct smbclient_context *ctx, const char *mask,uint16_t attribute,
+	     void (*fn)(struct smbclient_context *, struct clilist_file_info *),bool rec, bool dirs)
+{
+	static int in_do_list = 0;
+
+	if (in_do_list && rec)
+	{
+		fprintf(stderr, "INTERNAL ERROR: do_list called recursively when the recursive flag is true\n");
+		exit(1);
+	}
+
+	in_do_list = 1;
+
+	do_list_recurse = rec;
+	do_list_dirs = dirs;
+	do_list_fn = fn;
+
+	if (rec)
+	{
+		init_do_list_queue();
+		add_to_do_list_queue(mask);
+		
+		while (! do_list_queue_empty())
+		{
+			/*
+			 * Need to copy head so that it doesn't become
+			 * invalid inside the call to smbcli_list.  This
+			 * would happen if the list were expanded
+			 * during the call.
+			 * Fix from E. Jay Berkenbilt (ejb@ql.org)
+			 */
+			char *head;
+			head = do_list_queue_head();
+			smbcli_list(ctx->cli->tree, head, attribute, do_list_helper, ctx);
+			remove_do_list_queue_head();
+			if ((! do_list_queue_empty()) && (fn == display_finfo))
+			{
+				char* next_file = do_list_queue_head();
+				char* save_ch = 0;
+				if ((strlen(next_file) >= 2) &&
+				    (next_file[strlen(next_file) - 1] == '*') &&
+				    (next_file[strlen(next_file) - 2] == '\\'))
+				{
+					save_ch = next_file +
+						strlen(next_file) - 2;
+					*save_ch = '\0';
+				}
+				d_printf("\n%s\n",next_file);
+				if (save_ch)
+				{
+					*save_ch = '\\';
+				}
+			}
+		}
+	}
+	else
+	{
+		if (smbcli_list(ctx->cli->tree, mask, attribute, do_list_helper, ctx) == -1)
+		{
+			d_printf("%s listing %s\n", smbcli_errstr(ctx->cli->tree), mask);
+		}
+	}
+
+	in_do_list = 0;
+	reset_do_list_queue();
+}
+
+/****************************************************************************
+  get a directory listing
+  ****************************************************************************/
+static int cmd_dir(struct smbclient_context *ctx, const char **args)
+{
+	uint16_t attribute = FILE_ATTRIBUTE_DIRECTORY | FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN;
+	char *mask;
+	int rc;
+	
+	dir_total = 0;
+	
+	mask = talloc_strdup(ctx, ctx->remote_cur_dir);
+	if(mask[strlen(mask)-1]!='\\')
+		mask = talloc_append_string(ctx, mask,"\\");
+	
+	if (args[1]) {
+		mask = talloc_strdup(ctx, args[1]);
+		if (mask[0] != '\\')
+			mask = talloc_append_string(ctx, mask, "\\");
+		dos_format(mask);
+	}
+	else {
+		if (ctx->cli->tree->session->transport->negotiate.protocol <= 
+		    PROTOCOL_LANMAN1) {	
+			mask = talloc_append_string(ctx, mask, "*.*");
+		} else {
+			mask = talloc_append_string(ctx, mask, "*");
+		}
+	}
+
+	do_list(ctx, mask, attribute, display_finfo, ctx->recurse, true);
+
+	rc = do_dskattr(ctx);
+
+	DEBUG(3, ("Total bytes listed: %.0f\n", dir_total));
+
+	return rc;
+}
+
+
+/****************************************************************************
+  get a directory listing
+  ****************************************************************************/
+static int cmd_du(struct smbclient_context *ctx, const char **args)
+{
+	uint16_t attribute = FILE_ATTRIBUTE_DIRECTORY | FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN;
+	int rc;
+	char *mask;
+	
+	dir_total = 0;
+	
+	if (args[1]) {
+		if (args[1][0] == '\\')
+			mask = talloc_strdup(ctx, args[1]);
+		else
+			mask = talloc_asprintf(ctx, "%s\\%s", ctx->remote_cur_dir, args[1]);
+		dos_format(mask);
+	} else {
+		mask = talloc_asprintf(ctx, "%s\\*", ctx->remote_cur_dir);
+	}
+
+	do_list(ctx, mask, attribute, do_du, ctx->recurse, true);
+
+	talloc_free(mask);
+
+	rc = do_dskattr(ctx);
+
+	d_printf("Total number of bytes: %.0f\n", dir_total);
+
+	return rc;
+}
+
+
+/****************************************************************************
+  get a file from rname to lname
+  ****************************************************************************/
+static int do_get(struct smbclient_context *ctx, char *rname, const char *p_lname, bool reget)
+{  
+	int handle = 0, fnum;
+	bool newhandle = false;
+	uint8_t *data;
+	struct timeval tp_start;
+	int read_size = ctx->io_bufsize;
+	uint16_t attr;
+	size_t size;
+	off_t start = 0;
+	off_t nread = 0;
+	int rc = 0;
+	char *lname;
+
+
+	GetTimeOfDay(&tp_start);
+
+	if (ctx->lowercase) {
+		lname = strlower_talloc(ctx, p_lname);
+	} else {
+		lname = talloc_strdup(ctx, p_lname);
+	}
+
+	fnum = smbcli_open(ctx->cli->tree, rname, O_RDONLY, DENY_NONE);
+
+	if (fnum == -1) {
+		d_printf("%s opening remote file %s\n",smbcli_errstr(ctx->cli->tree),rname);
+		return 1;
+	}
+
+	if(!strcmp(lname,"-")) {
+		handle = fileno(stdout);
+	} else {
+		if (reget) {
+			handle = open(lname, O_WRONLY|O_CREAT, 0644);
+			if (handle >= 0) {
+				start = lseek(handle, 0, SEEK_END);
+				if (start == -1) {
+					d_printf("Error seeking local file\n");
+					close(handle);
+					return 1;
+				}
+			}
+		} else {
+			handle = open(lname, O_WRONLY|O_CREAT|O_TRUNC, 0644);
+		}
+		newhandle = true;
+	}
+	if (handle < 0) {
+		d_printf("Error opening local file %s\n",lname);
+		return 1;
+	}
+
+
+	if (NT_STATUS_IS_ERR(smbcli_qfileinfo(ctx->cli->tree, fnum, 
+			   &attr, &size, NULL, NULL, NULL, NULL, NULL)) &&
+	    NT_STATUS_IS_ERR(smbcli_getattrE(ctx->cli->tree, fnum, 
+			  &attr, &size, NULL, NULL, NULL))) {
+		d_printf("getattrib: %s\n",smbcli_errstr(ctx->cli->tree));
+		if (newhandle) {
+			close(handle);
+		}
+		return 1;
+	}
+
+	DEBUG(2,("getting file %s of size %.0f as %s ", 
+		 rname, (double)size, lname));
+
+	if(!(data = (uint8_t *)malloc(read_size))) { 
+		d_printf("malloc fail for size %d\n", read_size);
+		smbcli_close(ctx->cli->tree, fnum);
+		if (newhandle) {
+			close(handle);
+		}
+		return 1;
+	}
+
+	while (1) {
+		int n = smbcli_read(ctx->cli->tree, fnum, data, nread + start, read_size);
+
+		if (n <= 0) break;
+ 
+		if (writefile(handle,data, n, ctx->translation) != n) {
+			d_printf("Error writing local file\n");
+			rc = 1;
+			break;
+		}
+      
+		nread += n;
+	}
+
+	if (nread + start < size) {
+		DEBUG (0, ("Short read when getting file %s. Only got %ld bytes.\n",
+			    rname, (long)nread));
+
+		rc = 1;
+	}
+
+	SAFE_FREE(data);
+	
+	if (NT_STATUS_IS_ERR(smbcli_close(ctx->cli->tree, fnum))) {
+		d_printf("Error %s closing remote file\n",smbcli_errstr(ctx->cli->tree));
+		rc = 1;
+	}
+
+	if (newhandle) {
+		close(handle);
+	}
+
+	if (ctx->archive_level >= 2 && (attr & FILE_ATTRIBUTE_ARCHIVE)) {
+		smbcli_setatr(ctx->cli->tree, rname, attr & ~(uint16_t)FILE_ATTRIBUTE_ARCHIVE, 0);
+	}
+
+	{
+		struct timeval tp_end;
+		int this_time;
+		
+		GetTimeOfDay(&tp_end);
+		this_time = 
+			(tp_end.tv_sec - tp_start.tv_sec)*1000 +
+			(tp_end.tv_usec - tp_start.tv_usec)/1000;
+		get_total_time_ms += this_time;
+		get_total_size += nread;
+		
+		DEBUG(2,("(%3.1f kb/s) (average %3.1f kb/s)\n",
+			 nread / (1.024*this_time + 1.0e-4),
+			 get_total_size / (1.024*get_total_time_ms)));
+	}
+	
+	return rc;
+}
+
+
+/****************************************************************************
+  get a file
+  ****************************************************************************/
+static int cmd_get(struct smbclient_context *ctx, const char **args)
+{
+	const char *lname;
+	char *rname;
+
+	if (!args[1]) {
+		d_printf("get <filename>\n");
+		return 1;
+	}
+
+	rname = talloc_asprintf(ctx, "%s\\%s", ctx->remote_cur_dir, args[1]);
+
+	if (args[2]) 
+		lname = args[2];
+	else 
+		lname = args[1];
+	
+	dos_clean_name(rname);
+	
+	return do_get(ctx, rname, lname, false);
+}
+
+/****************************************************************************
+ Put up a yes/no prompt.
+****************************************************************************/
+static bool yesno(char *p)
+{
+	char ans[4];
+	printf("%s",p);
+
+	if (!fgets(ans,sizeof(ans)-1,stdin))
+		return(false);
+
+	if (*ans == 'y' || *ans == 'Y')
+		return(true);
+
+	return(false);
+}
+
+/****************************************************************************
+  do a mget operation on one file
+  ****************************************************************************/
+static void do_mget(struct smbclient_context *ctx, struct clilist_file_info *finfo)
+{
+	char *rname;
+	char *quest;
+	char *mget_mask;
+	char *saved_curdir;
+	char *l_fname;
+	int ret;
+
+	if (ISDOT(finfo->name) || ISDOTDOT(finfo->name))
+		return;
+
+	if (finfo->attrib & FILE_ATTRIBUTE_DIRECTORY)
+		quest = talloc_asprintf(ctx, "Get directory %s? ",finfo->name);
+	else
+		quest = talloc_asprintf(ctx, "Get file %s? ",finfo->name);
+
+	if (ctx->prompt && !yesno(quest)) return;
+
+	talloc_free(quest);
+
+	if (!(finfo->attrib & FILE_ATTRIBUTE_DIRECTORY)) {
+		rname = talloc_asprintf(ctx, "%s%s",ctx->remote_cur_dir,
+					finfo->name);
+		do_get(ctx, rname, finfo->name, false);
+		talloc_free(rname);
+		return;
+	}
+
+	/* handle directories */
+	saved_curdir = talloc_strdup(ctx, ctx->remote_cur_dir);
+
+	ctx->remote_cur_dir = talloc_asprintf_append_buffer(NULL, "%s\\", finfo->name);
+
+	if (ctx->lowercase) {
+		l_fname = strlower_talloc(ctx, finfo->name);
+	} else {
+		l_fname = talloc_strdup(ctx, finfo->name);
+	}
+	
+	string_replace(l_fname, '\\', '/');
+
+	if (!directory_exist(l_fname) &&
+	    mkdir(l_fname, 0777) != 0) {
+		d_printf("failed to create directory %s\n", l_fname);
+		return;
+	}
+	
+	if (chdir(l_fname) != 0) {
+		d_printf("failed to chdir to directory %s\n", l_fname);
+		return;
+	}
+
+	mget_mask = talloc_asprintf(ctx, "%s*", ctx->remote_cur_dir);
+	
+	do_list(ctx, mget_mask, FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_DIRECTORY,do_mget,false, true);
+	ret = chdir("..");
+	if (ret == -1) {
+		d_printf("failed to chdir to '..': %s\n", strerror(errno));
+		return;
+	}
+	talloc_free(ctx->remote_cur_dir);
+
+	ctx->remote_cur_dir = saved_curdir;
+}
+
+
+/****************************************************************************
+view the file using the pager
+****************************************************************************/
+static int cmd_more(struct smbclient_context *ctx, const char **args)
+{
+	char *rname;
+	char *pager_cmd;
+	char *lname;
+	char *pager;
+	int fd;
+	int rc = 0;
+	mode_t mask;
+
+	lname = talloc_asprintf(ctx, "%s/smbmore.XXXXXX",tmpdir());
+	mask = umask(S_IRWXO | S_IRWXG);
+	fd = mkstemp(lname);
+	umask(mask);
+	if (fd == -1) {
+		d_printf("failed to create temporary file for more\n");
+		return 1;
+	}
+	close(fd);
+
+	if (!args[1]) {
+		d_printf("more <filename>\n");
+		unlink(lname);
+		return 1;
+	}
+	rname = talloc_asprintf(ctx, "%s%s", ctx->remote_cur_dir, args[1]);
+	dos_clean_name(rname);
+
+	rc = do_get(ctx, rname, lname, false);
+
+	pager=getenv("PAGER");
+
+	pager_cmd = talloc_asprintf(ctx, "%s %s",(pager? pager:DEFAULT_PAGER), lname);
+	rc = system(pager_cmd);
+	if (rc == -1) {
+		d_printf("failed to call pager command\n");
+		return 1;
+	}
+	unlink(lname);
+	
+	return rc;
+}
+
+
+
+/****************************************************************************
+do a mget command
+****************************************************************************/
+static int cmd_mget(struct smbclient_context *ctx, const char **args)
+{
+	uint16_t attribute = FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN;
+	char *mget_mask = NULL;
+	int i;
+
+	if (ctx->recurse)
+		attribute |= FILE_ATTRIBUTE_DIRECTORY;
+	
+	for (i = 1; args[i]; i++) {
+		mget_mask = talloc_strdup(ctx, ctx->remote_cur_dir);
+		if(mget_mask[strlen(mget_mask)-1]!='\\')
+			mget_mask = talloc_append_string(ctx, mget_mask, "\\");
+		
+		mget_mask = talloc_strdup(ctx, args[i]);
+		if (mget_mask[0] != '\\')
+			mget_mask = talloc_append_string(ctx, mget_mask, "\\");
+		do_list(ctx, mget_mask, attribute,do_mget,false,true);
+
+		talloc_free(mget_mask);
+	}
+
+	if (mget_mask == NULL) {
+		mget_mask = talloc_asprintf(ctx, "%s\\*", ctx->remote_cur_dir);
+		do_list(ctx, mget_mask, attribute,do_mget,false,true);
+		talloc_free(mget_mask);
+	}
+	
+	return 0;
+}
+
+
+/****************************************************************************
+make a directory of name "name"
+****************************************************************************/
+static NTSTATUS do_mkdir(struct smbclient_context *ctx, char *name)
+{
+	NTSTATUS status;
+
+	if (NT_STATUS_IS_ERR(status = smbcli_mkdir(ctx->cli->tree, name))) {
+		d_printf("%s making remote directory %s\n",
+			 smbcli_errstr(ctx->cli->tree),name);
+		return status;
+	}
+
+	return status;
+}
+
+
+/****************************************************************************
+ Exit client.
+****************************************************************************/
+static int cmd_quit(struct smbclient_context *ctx, const char **args)
+{
+	talloc_free(ctx);
+	exit(0);
+	/* NOTREACHED */
+	return 0;
+}
+
+
+/****************************************************************************
+  make a directory
+  ****************************************************************************/
+static int cmd_mkdir(struct smbclient_context *ctx, const char **args)
+{
+	char *mask, *p;
+  
+	if (!args[1]) {
+		if (!ctx->recurse)
+			d_printf("mkdir <dirname>\n");
+		return 1;
+	}
+
+	mask = talloc_asprintf(ctx, "%s%s", ctx->remote_cur_dir,args[1]);
+
+	if (ctx->recurse) {
+		dos_clean_name(mask);
+
+		trim_string(mask,".",NULL);
+		for (p = strtok(mask,"/\\"); p; p = strtok(p, "/\\")) {
+			char *parent = talloc_strndup(ctx, mask, PTR_DIFF(p, mask));
+			
+			if (NT_STATUS_IS_ERR(smbcli_chkpath(ctx->cli->tree, parent))) { 
+				do_mkdir(ctx, parent);
+			}
+
+			talloc_free(parent);
+		}	 
+	} else {
+		do_mkdir(ctx, mask);
+	}
+	
+	return 0;
+}
+
+/****************************************************************************
+show 8.3 name of a file
+****************************************************************************/
+static int cmd_altname(struct smbclient_context *ctx, const char **args)
+{
+	const char *p;
+	char *altname;
+	char *name;
+  
+	if (!args[1]) {
+		d_printf("altname <file>\n");
+		return 1;
+	}
+
+	name = talloc_asprintf(ctx, "%s%s", ctx->remote_cur_dir, args[1]);
+
+	if (!NT_STATUS_IS_OK(smbcli_qpathinfo_alt_name(ctx->cli->tree, name, &p))) {
+		d_printf("%s getting alt name for %s\n",
+			 smbcli_errstr(ctx->cli->tree),name);
+		return(false);
+	}
+	altname = discard_const_p(char, p);
+	d_printf("%s\n", altname);
+
+	SAFE_FREE(altname);
+
+	return 0;
+}
+
+
+/****************************************************************************
+  put a single file
+  ****************************************************************************/
+static int do_put(struct smbclient_context *ctx, char *rname, char *lname, bool reput)
+{
+	int fnum;
+	FILE *f;
+	size_t start = 0;
+	off_t nread = 0;
+	uint8_t *buf = NULL;
+	int maxwrite = ctx->io_bufsize;
+	int rc = 0;
+	
+	struct timeval tp_start;
+	GetTimeOfDay(&tp_start);
+
+	if (reput) {
+		fnum = smbcli_open(ctx->cli->tree, rname, O_RDWR|O_CREAT, DENY_NONE);
+		if (fnum >= 0) {
+			if (NT_STATUS_IS_ERR(smbcli_qfileinfo(ctx->cli->tree, fnum, NULL, &start, NULL, NULL, NULL, NULL, NULL)) &&
+			    NT_STATUS_IS_ERR(smbcli_getattrE(ctx->cli->tree, fnum, NULL, &start, NULL, NULL, NULL))) {
+				d_printf("getattrib: %s\n",smbcli_errstr(ctx->cli->tree));
+				return 1;
+			}
+		}
+	} else {
+		fnum = smbcli_open(ctx->cli->tree, rname, O_RDWR|O_CREAT|O_TRUNC, 
+				DENY_NONE);
+	}
+  
+	if (fnum == -1) {
+		d_printf("%s opening remote file %s\n",smbcli_errstr(ctx->cli->tree),rname);
+		return 1;
+	}
+
+	/* allow files to be piped into smbclient
+	   jdblair 24.jun.98
+
+	   Note that in this case this function will exit(0) rather
+	   than returning. */
+	if (!strcmp(lname, "-")) {
+		f = stdin;
+		/* size of file is not known */
+	} else {
+		f = fopen(lname, "r");
+		if (f && reput) {
+			if (fseek(f, start, SEEK_SET) == -1) {
+				d_printf("Error seeking local file\n");
+				fclose(f);
+				return 1;
+			}
+		}
+	}
+
+	if (!f) {
+		d_printf("Error opening local file %s\n",lname);
+		return 1;
+	}
+
+  
+	DEBUG(1,("putting file %s as %s ",lname,
+		 rname));
+  
+	buf = (uint8_t *)malloc(maxwrite);
+	if (!buf) {
+		d_printf("ERROR: Not enough memory!\n");
+		fclose(f);
+		return 1;
+	}
+	while (!feof(f)) {
+		int n = maxwrite;
+		int ret;
+
+		if ((n = readfile(buf,n,f,ctx->translation)) < 1) {
+			if((n == 0) && feof(f))
+				break; /* Empty local file. */
+
+			d_printf("Error reading local file: %s\n", strerror(errno));
+			rc = 1;
+			break;
+		}
+
+		ret = smbcli_write(ctx->cli->tree, fnum, 0, buf, nread + start, n);
+
+		if (n != ret) {
+			d_printf("Error writing file: %s\n", smbcli_errstr(ctx->cli->tree));
+			rc = 1;
+			break;
+		} 
+
+		nread += n;
+	}
+
+	if (NT_STATUS_IS_ERR(smbcli_close(ctx->cli->tree, fnum))) {
+		d_printf("%s closing remote file %s\n",smbcli_errstr(ctx->cli->tree),rname);
+		fclose(f);
+		SAFE_FREE(buf);
+		return 1;
+	}
+
+	
+	if (f != stdin) {
+		fclose(f);
+	}
+
+	SAFE_FREE(buf);
+
+	{
+		struct timeval tp_end;
+		int this_time;
+		
+		GetTimeOfDay(&tp_end);
+		this_time = 
+			(tp_end.tv_sec - tp_start.tv_sec)*1000 +
+			(tp_end.tv_usec - tp_start.tv_usec)/1000;
+		put_total_time_ms += this_time;
+		put_total_size += nread;
+		
+		DEBUG(1,("(%3.1f kb/s) (average %3.1f kb/s)\n",
+			 nread / (1.024*this_time + 1.0e-4),
+			 put_total_size / (1.024*put_total_time_ms)));
+	}
+
+	if (f == stdin) {
+		talloc_free(ctx);
+		exit(0);
+	}
+	
+	return rc;
+}
+
+ 
+
+/****************************************************************************
+  put a file
+  ****************************************************************************/
+static int cmd_put(struct smbclient_context *ctx, const char **args)
+{
+	char *lname;
+	char *rname;
+	
+	if (!args[1]) {
+		d_printf("put <filename> [<remotename>]\n");
+		return 1;
+	}
+
+	lname = talloc_strdup(ctx, args[1]);
+  
+	if (args[2]) {
+		if (args[2][0]=='\\')
+			rname = talloc_strdup(ctx, args[2]);
+		else
+			rname = talloc_asprintf(ctx, "%s\\%s", ctx->remote_cur_dir, args[2]);
+	} else {
+		rname = talloc_asprintf(ctx, "%s\\%s", ctx->remote_cur_dir, lname);
+	}
+	
+	dos_clean_name(rname);
+
+	/* allow '-' to represent stdin
+	   jdblair, 24.jun.98 */
+	if (!file_exist(lname) && (strcmp(lname,"-"))) {
+		d_printf("%s does not exist\n",lname);
+		return 1;
+	}
+
+	return do_put(ctx, rname, lname, false);
+}
+
+/*************************************
+  File list structure
+*************************************/
+
+static struct file_list {
+	struct file_list *prev, *next;
+	char *file_path;
+	bool isdir;
+} *file_list;
+
+/****************************************************************************
+  Free a file_list structure
+****************************************************************************/
+
+static void free_file_list (struct file_list * list)
+{
+	struct file_list *tmp;
+	
+	while (list)
+	{
+		tmp = list;
+		DLIST_REMOVE(list, list);
+		SAFE_FREE(tmp->file_path);
+		SAFE_FREE(tmp);
+	}
+}
+
+/****************************************************************************
+  seek in a directory/file list until you get something that doesn't start with
+  the specified name
+  ****************************************************************************/
+static bool seek_list(struct file_list *list, char *name)
+{
+	while (list) {
+		trim_string(list->file_path,"./","\n");
+		if (strncmp(list->file_path, name, strlen(name)) != 0) {
+			return(true);
+		}
+		list = list->next;
+	}
+      
+	return(false);
+}
+
+/****************************************************************************
+  set the file selection mask
+  ****************************************************************************/
+static int cmd_select(struct smbclient_context *ctx, const char **args)
+{
+	talloc_free(ctx->fileselection);
+	ctx->fileselection = talloc_strdup(ctx, args[1]);
+
+	return 0;
+}
+
+/*******************************************************************
+  A readdir wrapper which just returns the file name.
+ ********************************************************************/
+static const char *readdirname(DIR *p)
+{
+	struct dirent *ptr;
+	char *dname;
+
+	if (!p)
+		return(NULL);
+  
+	ptr = (struct dirent *)readdir(p);
+	if (!ptr)
+		return(NULL);
+
+	dname = ptr->d_name;
+
+#ifdef HAVE_BROKEN_READDIR
+	/* using /usr/ucb/cc is BAD */
+	dname = dname - 2;
+#endif
+
+	{
+		static char *buf;
+		int len = NAMLEN(ptr);
+		buf = talloc_strndup(NULL, dname, len);
+		dname = buf;
+	}
+
+	return(dname);
+}
+
+/****************************************************************************
+  Recursive file matching function act as find
+  match must be always set to true when calling this function
+****************************************************************************/
+static int file_find(struct smbclient_context *ctx, struct file_list **list, const char *directory, 
+		      const char *expression, bool match)
+{
+	DIR *dir;
+	struct file_list *entry;
+        struct stat statbuf;
+        int ret;
+        char *path;
+	bool isdir;
+	const char *dname;
+
+        dir = opendir(directory);
+	if (!dir) return -1;
+	
+        while ((dname = readdirname(dir))) {
+		if (ISDOT(dname) || ISDOTDOT(dname)) {
+			continue;
+		}
+		
+		if (asprintf(&path, "%s/%s", directory, dname) <= 0) {
+			continue;
+		}
+
+		isdir = false;
+		if (!match || !gen_fnmatch(expression, dname)) {
+			if (ctx->recurse) {
+				ret = stat(path, &statbuf);
+				if (ret == 0) {
+					if (S_ISDIR(statbuf.st_mode)) {
+						isdir = true;
+						ret = file_find(ctx, list, path, expression, false);
+					}
+				} else {
+					d_printf("file_find: cannot stat file %s\n", path);
+				}
+				
+				if (ret == -1) {
+					SAFE_FREE(path);
+					closedir(dir);
+					return -1;
+				}
+			}
+			entry = malloc_p(struct file_list);
+			if (!entry) {
+				d_printf("Out of memory in file_find\n");
+				closedir(dir);
+				return -1;
+			}
+			entry->file_path = path;
+			entry->isdir = isdir;
+                        DLIST_ADD(*list, entry);
+		} else {
+			SAFE_FREE(path);
+		}
+        }
+
+	closedir(dir);
+	return 0;
+}
+
+/****************************************************************************
+  mput some files
+  ****************************************************************************/
+static int cmd_mput(struct smbclient_context *ctx, const char **args)
+{
+	int i;
+	
+	for (i = 1; args[i]; i++) {
+		int ret;
+		struct file_list *temp_list;
+		char *quest, *lname, *rname;
+
+		printf("%s\n", args[i]);
+	
+		file_list = NULL;
+
+		ret = file_find(ctx, &file_list, ".", args[i], true);
+		if (ret) {
+			free_file_list(file_list);
+			continue;
+		}
+		
+		quest = NULL;
+		lname = NULL;
+		rname = NULL;
+				
+		for (temp_list = file_list; temp_list; 
+		     temp_list = temp_list->next) {
+
+			SAFE_FREE(lname);
+			if (asprintf(&lname, "%s/", temp_list->file_path) <= 0)
+				continue;
+			trim_string(lname, "./", "/");
+			
+			/* check if it's a directory */
+			if (temp_list->isdir) {
+				/* if (!recurse) continue; */
+				
+				SAFE_FREE(quest);
+				if (asprintf(&quest, "Put directory %s? ", lname) < 0) break;
+				if (ctx->prompt && !yesno(quest)) { /* No */
+					/* Skip the directory */
+					lname[strlen(lname)-1] = '/';
+					if (!seek_list(temp_list, lname))
+						break;		    
+				} else { /* Yes */
+	      				SAFE_FREE(rname);
+					if(asprintf(&rname, "%s%s", ctx->remote_cur_dir, lname) < 0) break;
+					dos_format(rname);
+					if (NT_STATUS_IS_ERR(smbcli_chkpath(ctx->cli->tree, rname)) && 
+					    NT_STATUS_IS_ERR(do_mkdir(ctx, rname))) {
+						DEBUG (0, ("Unable to make dir, skipping...\n"));
+						/* Skip the directory */
+						lname[strlen(lname)-1] = '/';
+						if (!seek_list(temp_list, lname))
+							break;
+					}
+				}
+				continue;
+			} else {
+				SAFE_FREE(quest);
+				if (asprintf(&quest,"Put file %s? ", lname) < 0) break;
+				if (ctx->prompt && !yesno(quest)) /* No */
+					continue;
+				
+				/* Yes */
+				SAFE_FREE(rname);
+				if (asprintf(&rname, "%s%s", ctx->remote_cur_dir, lname) < 0) break;
+			}
+
+			dos_format(rname);
+
+			do_put(ctx, rname, lname, false);
+		}
+		free_file_list(file_list);
+		SAFE_FREE(quest);
+		SAFE_FREE(lname);
+		SAFE_FREE(rname);
+	}
+
+	return 0;
+}
+
+
+/****************************************************************************
+  print a file
+  ****************************************************************************/
+static int cmd_print(struct smbclient_context *ctx, const char **args)
+{
+	char *lname, *rname;
+	char *p;
+
+	if (!args[1]) {
+		d_printf("print <filename>\n");
+		return 1;
+	}
+
+	lname = talloc_strdup(ctx, args[1]);
+	if (lname == NULL) {
+		d_printf("Out of memory in cmd_print\n");
+		return 1;
+	}
+
+	if (strequal(lname, "-")) {
+		rname = talloc_asprintf(ctx, "stdin-%d", (int)getpid());
+	} else {
+		p = strrchr_m(lname, '/');
+		if (p) {
+			rname = talloc_asprintf(ctx, "%s-%d", p + 1,
+						(int)getpid());
+		} else {
+			rname = talloc_strdup(ctx, lname);
+		}
+	}
+
+	if (rname == NULL) {
+		d_printf("Out of memory in cmd_print (stdin)\n");
+		return 1;
+	}
+
+	return do_put(ctx, rname, lname, false);
+}
+
+
+static int cmd_rewrite(struct smbclient_context *ctx, const char **args)
+{
+	d_printf("REWRITE: command not implemented (FIXME!)\n");
+	
+	return 0;
+}
+
+/****************************************************************************
+delete some files
+****************************************************************************/
+static int cmd_del(struct smbclient_context *ctx, const char **args)
+{
+	char *mask;
+	
+	if (!args[1]) {
+		d_printf("del <filename>\n");
+		return 1;
+	}
+	mask = talloc_asprintf(ctx, "%s%s", ctx->remote_cur_dir, args[1]);
+
+	if (NT_STATUS_IS_ERR(smbcli_unlink(ctx->cli->tree, mask))) {
+		d_printf("%s deleting remote file %s\n",smbcli_errstr(ctx->cli->tree),mask);
+	}
+	
+	return 0;
+}
+
+
+/****************************************************************************
+delete a whole directory tree
+****************************************************************************/
+static int cmd_deltree(struct smbclient_context *ctx, const char **args)
+{
+	char *dname;
+	int ret;
+
+	if (!args[1]) {
+		d_printf("deltree <dirname>\n");
+		return 1;
+	}
+
+	dname = talloc_asprintf(ctx, "%s%s", ctx->remote_cur_dir, args[1]);
+	
+	ret = smbcli_deltree(ctx->cli->tree, dname);
+
+	if (ret == -1) {
+		printf("Failed to delete tree %s - %s\n", dname, smbcli_errstr(ctx->cli->tree));
+		return -1;
+	}
+
+	printf("Deleted %d files in %s\n", ret, dname);
+	
+	return 0;
+}
+
+typedef struct {
+	const char  *level_name;
+	enum smb_fsinfo_level level;
+} fsinfo_level_t;
+
+fsinfo_level_t fsinfo_levels[] = {
+	{"dskattr", RAW_QFS_DSKATTR},
+	{"allocation", RAW_QFS_ALLOCATION},
+	{"volume", RAW_QFS_VOLUME},
+	{"volumeinfo", RAW_QFS_VOLUME_INFO},
+	{"sizeinfo", RAW_QFS_SIZE_INFO},
+	{"deviceinfo", RAW_QFS_DEVICE_INFO},
+	{"attributeinfo", RAW_QFS_ATTRIBUTE_INFO},
+	{"unixinfo", RAW_QFS_UNIX_INFO},
+	{"volume-information", RAW_QFS_VOLUME_INFORMATION},
+	{"size-information", RAW_QFS_SIZE_INFORMATION},
+	{"device-information", RAW_QFS_DEVICE_INFORMATION},
+	{"attribute-information", RAW_QFS_ATTRIBUTE_INFORMATION},
+	{"quota-information", RAW_QFS_QUOTA_INFORMATION},
+	{"fullsize-information", RAW_QFS_FULL_SIZE_INFORMATION},
+	{"objectid", RAW_QFS_OBJECTID_INFORMATION},
+	{"sector-size-info", RAW_QFS_SECTOR_SIZE_INFORMATION},
+	{NULL, RAW_QFS_GENERIC}
+};
+
+
+static int cmd_fsinfo(struct smbclient_context *ctx, const char **args)
+{
+	union smb_fsinfo fsinfo;
+	NTSTATUS status;
+	fsinfo_level_t *fsinfo_level;
+	
+	if (!args[1]) {
+		d_printf("fsinfo <level>, where level is one of following:\n");
+		fsinfo_level = fsinfo_levels;
+		while(fsinfo_level->level_name) {
+			d_printf("%s\n", fsinfo_level->level_name);
+			fsinfo_level++;
+		}
+		return 1;
+	}
+	
+	fsinfo_level = fsinfo_levels;
+	while(fsinfo_level->level_name && !strequal(args[1],fsinfo_level->level_name)) {
+		fsinfo_level++;
+	}
+  
+	if (!fsinfo_level->level_name) {
+		d_printf("wrong level name!\n");
+		return 1;
+	}
+  
+	fsinfo.generic.level = fsinfo_level->level;
+	status = smb_raw_fsinfo(ctx->cli->tree, ctx, &fsinfo);
+	if (!NT_STATUS_IS_OK(status)) {
+		d_printf("fsinfo-level-%s - %s\n", fsinfo_level->level_name, nt_errstr(status));
+		return 1;
+	}
+
+	d_printf("fsinfo-level-%s:\n", fsinfo_level->level_name);
+	switch(fsinfo.generic.level) {
+	case RAW_QFS_DSKATTR:
+		d_printf("\tunits_total:                %hu\n", 
+			 (unsigned short) fsinfo.dskattr.out.units_total);
+		d_printf("\tblocks_per_unit:            %hu\n", 
+			 (unsigned short) fsinfo.dskattr.out.blocks_per_unit);
+		d_printf("\tblocks_size:                %hu\n", 
+			 (unsigned short) fsinfo.dskattr.out.block_size);
+		d_printf("\tunits_free:                 %hu\n", 
+			 (unsigned short) fsinfo.dskattr.out.units_free);
+		break;
+	case RAW_QFS_ALLOCATION:
+		d_printf("\tfs_id:                      %lu\n", 
+			 (unsigned long) fsinfo.allocation.out.fs_id);
+		d_printf("\tsectors_per_unit:           %lu\n", 
+			 (unsigned long) fsinfo.allocation.out.sectors_per_unit);
+		d_printf("\ttotal_alloc_units:          %lu\n", 
+			 (unsigned long) fsinfo.allocation.out.total_alloc_units);
+		d_printf("\tavail_alloc_units:          %lu\n", 
+			 (unsigned long) fsinfo.allocation.out.avail_alloc_units);
+		d_printf("\tbytes_per_sector:           %hu\n", 
+			 (unsigned short) fsinfo.allocation.out.bytes_per_sector);
+		break;
+	case RAW_QFS_VOLUME:
+		d_printf("\tserial_number:              %lu\n", 
+			 (unsigned long) fsinfo.volume.out.serial_number);
+		d_printf("\tvolume_name:                %s\n", fsinfo.volume.out.volume_name.s);
+		break;
+	case RAW_QFS_VOLUME_INFO:
+	case RAW_QFS_VOLUME_INFORMATION:
+		d_printf("\tcreate_time:                %s\n",
+			 nt_time_string(ctx,fsinfo.volume_info.out.create_time));
+		d_printf("\tserial_number:              %lu\n", 
+			 (unsigned long) fsinfo.volume_info.out.serial_number);
+		d_printf("\tvolume_name:                %s\n", fsinfo.volume_info.out.volume_name.s);
+		break;
+	case RAW_QFS_SIZE_INFO:
+	case RAW_QFS_SIZE_INFORMATION:
+		d_printf("\ttotal_alloc_units:          %llu\n", 
+			 (unsigned long long) fsinfo.size_info.out.total_alloc_units);
+		d_printf("\tavail_alloc_units:          %llu\n", 
+			 (unsigned long long) fsinfo.size_info.out.avail_alloc_units);
+		d_printf("\tsectors_per_unit:           %lu\n", 
+			 (unsigned long) fsinfo.size_info.out.sectors_per_unit);
+		d_printf("\tbytes_per_sector:           %lu\n", 
+			 (unsigned long) fsinfo.size_info.out.bytes_per_sector);
+		break;
+	case RAW_QFS_DEVICE_INFO:
+	case RAW_QFS_DEVICE_INFORMATION:
+		d_printf("\tdevice_type:                %lu\n", 
+			 (unsigned long) fsinfo.device_info.out.device_type);
+		d_printf("\tcharacteristics:            0x%lx\n", 
+			 (unsigned long) fsinfo.device_info.out.characteristics);
+		break;
+	case RAW_QFS_ATTRIBUTE_INFORMATION:
+	case RAW_QFS_ATTRIBUTE_INFO:
+		d_printf("\tfs_attr:                    0x%lx\n", 
+			 (unsigned long) fsinfo.attribute_info.out.fs_attr);
+		d_printf("\tmax_file_component_length:  %lu\n", 
+			 (unsigned long) fsinfo.attribute_info.out.max_file_component_length);
+		d_printf("\tfs_type:                    %s\n", fsinfo.attribute_info.out.fs_type.s);
+		break;
+	case RAW_QFS_UNIX_INFO:
+		d_printf("\tmajor_version:              %hu\n", 
+			 (unsigned short) fsinfo.unix_info.out.major_version);
+		d_printf("\tminor_version:              %hu\n", 
+			 (unsigned short) fsinfo.unix_info.out.minor_version);
+		d_printf("\tcapability:                 0x%llx\n", 
+			 (unsigned long long) fsinfo.unix_info.out.capability);
+		break;
+	case RAW_QFS_QUOTA_INFORMATION:
+		d_printf("\tunknown[3]:                 [%llu,%llu,%llu]\n", 
+			 (unsigned long long) fsinfo.quota_information.out.unknown[0],
+			 (unsigned long long) fsinfo.quota_information.out.unknown[1],
+			 (unsigned long long) fsinfo.quota_information.out.unknown[2]);
+		d_printf("\tquota_soft:                 %llu\n", 
+			 (unsigned long long) fsinfo.quota_information.out.quota_soft);
+		d_printf("\tquota_hard:                 %llu\n", 
+			 (unsigned long long) fsinfo.quota_information.out.quota_hard);
+		d_printf("\tquota_flags:                0x%llx\n", 
+			 (unsigned long long) fsinfo.quota_information.out.quota_flags);
+		break;
+	case RAW_QFS_FULL_SIZE_INFORMATION:
+		d_printf("\ttotal_alloc_units:          %llu\n", 
+			 (unsigned long long) fsinfo.full_size_information.out.total_alloc_units);
+		d_printf("\tcall_avail_alloc_units:     %llu\n", 
+			 (unsigned long long) fsinfo.full_size_information.out.call_avail_alloc_units);
+		d_printf("\tactual_avail_alloc_units:   %llu\n", 
+			 (unsigned long long) fsinfo.full_size_information.out.actual_avail_alloc_units);
+		d_printf("\tsectors_per_unit:           %lu\n", 
+			 (unsigned long) fsinfo.full_size_information.out.sectors_per_unit);
+		d_printf("\tbytes_per_sector:           %lu\n", 
+			 (unsigned long) fsinfo.full_size_information.out.bytes_per_sector);
+		break;
+	case RAW_QFS_OBJECTID_INFORMATION:
+		d_printf("\tGUID:                       %s\n", 
+			 GUID_string(ctx,&fsinfo.objectid_information.out.guid));
+		d_printf("\tunknown[6]:                 [%llu,%llu,%llu,%llu,%llu,%llu]\n", 
+			 (unsigned long long) fsinfo.objectid_information.out.unknown[0],
+			 (unsigned long long) fsinfo.objectid_information.out.unknown[1],
+			 (unsigned long long) fsinfo.objectid_information.out.unknown[2],
+			 (unsigned long long) fsinfo.objectid_information.out.unknown[3],
+			 (unsigned long long) fsinfo.objectid_information.out.unknown[4],
+			 (unsigned long long) fsinfo.objectid_information.out.unknown[5] );
+		break;
+	case RAW_QFS_SECTOR_SIZE_INFORMATION:
+		d_printf("\tlogical_bytes_per_sector:			%u\n",
+			 (unsigned)fsinfo.sector_size_info.out.logical_bytes_per_sector);
+		d_printf("\tphys_bytes_per_sector_atomic:		%u\n",
+			 (unsigned)fsinfo.sector_size_info.out.phys_bytes_per_sector_atomic);
+		d_printf("\tphys_bytes_per_sector_perf:			%u\n",
+			 (unsigned)fsinfo.sector_size_info.out.phys_bytes_per_sector_perf);
+		d_printf("\tfs_effective_phys_bytes_per_sector_atomic:	%u\n",
+			 (unsigned)fsinfo.sector_size_info.out.fs_effective_phys_bytes_per_sector_atomic);
+		d_printf("\tflags:					0x%x\n",
+			 (unsigned)fsinfo.sector_size_info.out.flags);
+		d_printf("\tbyte_off_sector_align:			%u\n",
+			 (unsigned)fsinfo.sector_size_info.out.byte_off_sector_align);
+		d_printf("\tbyte_off_partition_align:			%u\n",
+			 (unsigned)fsinfo.sector_size_info.out.byte_off_partition_align);
+		break;
+	case RAW_QFS_GENERIC:
+		d_printf("\twrong level returned\n");
+		break;
+	}
+  
+	return 0;
+}
+
+/****************************************************************************
+show as much information as possible about a file
+****************************************************************************/
+static int cmd_allinfo(struct smbclient_context *ctx, const char **args)
+{
+	char *fname;
+	union smb_fileinfo finfo;
+	NTSTATUS status;
+	int fnum;
+
+	if (!args[1]) {
+		d_printf("allinfo <filename>\n");
+		return 1;
+	}
+	fname = talloc_asprintf(ctx, "%s%s", ctx->remote_cur_dir, args[1]);
+
+	/* first a ALL_INFO QPATHINFO */
+	finfo.generic.level = RAW_FILEINFO_ALL_INFO;
+	finfo.generic.in.file.path = fname;
+	status = smb_raw_pathinfo(ctx->cli->tree, ctx, &finfo);
+	if (!NT_STATUS_IS_OK(status)) {
+		d_printf("%s - %s\n", fname, nt_errstr(status));
+		return 1;
+	}
+
+	d_printf("\tcreate_time:    %s\n", nt_time_string(ctx, finfo.all_info.out.create_time));
+	d_printf("\taccess_time:    %s\n", nt_time_string(ctx, finfo.all_info.out.access_time));
+	d_printf("\twrite_time:     %s\n", nt_time_string(ctx, finfo.all_info.out.write_time));
+	d_printf("\tchange_time:    %s\n", nt_time_string(ctx, finfo.all_info.out.change_time));
+	d_printf("\tattrib:         0x%x\n", finfo.all_info.out.attrib);
+	d_printf("\talloc_size:     %lu\n", (unsigned long)finfo.all_info.out.alloc_size);
+	d_printf("\tsize:           %lu\n", (unsigned long)finfo.all_info.out.size);
+	d_printf("\tnlink:          %u\n", finfo.all_info.out.nlink);
+	d_printf("\tdelete_pending: %u\n", finfo.all_info.out.delete_pending);
+	d_printf("\tdirectory:      %u\n", finfo.all_info.out.directory);
+	d_printf("\tea_size:        %u\n", finfo.all_info.out.ea_size);
+	d_printf("\tfname:          '%s'\n", finfo.all_info.out.fname.s);
+
+	/* 8.3 name if any */
+	finfo.generic.level = RAW_FILEINFO_ALT_NAME_INFO;
+	status = smb_raw_pathinfo(ctx->cli->tree, ctx, &finfo);
+	if (NT_STATUS_IS_OK(status)) {
+		d_printf("\talt_name:       %s\n", finfo.alt_name_info.out.fname.s);
+	}
+
+	/* file_id if available */
+	finfo.generic.level = RAW_FILEINFO_INTERNAL_INFORMATION;
+	status = smb_raw_pathinfo(ctx->cli->tree, ctx, &finfo);
+	if (NT_STATUS_IS_OK(status)) {
+		d_printf("\tfile_id         %.0f\n", 
+			 (double)finfo.internal_information.out.file_id);
+	}
+
+	/* the EAs, if any */
+	finfo.generic.level = RAW_FILEINFO_ALL_EAS;
+	status = smb_raw_pathinfo(ctx->cli->tree, ctx, &finfo);
+	if (NT_STATUS_IS_OK(status)) {
+		int i;
+		for (i=0;i<finfo.all_eas.out.num_eas;i++) {
+			d_printf("\tEA[%d] flags=%d len=%d '%s'\n", i,
+				 finfo.all_eas.out.eas[i].flags,
+				 (int)finfo.all_eas.out.eas[i].value.length,
+				 finfo.all_eas.out.eas[i].name.s);
+		}
+	}
+
+	/* streams, if available */
+	finfo.generic.level = RAW_FILEINFO_STREAM_INFO;
+	status = smb_raw_pathinfo(ctx->cli->tree, ctx, &finfo);
+	if (NT_STATUS_IS_OK(status)) {
+		int i;
+		for (i=0;i<finfo.stream_info.out.num_streams;i++) {
+			d_printf("\tstream %d:\n", i);
+			d_printf("\t\tsize       %ld\n", 
+				 (long)finfo.stream_info.out.streams[i].size);
+			d_printf("\t\talloc size %ld\n", 
+				 (long)finfo.stream_info.out.streams[i].alloc_size);
+			d_printf("\t\tname       %s\n", finfo.stream_info.out.streams[i].stream_name.s);
+		}
+	}	
+
+	/* dev/inode if available */
+	finfo.generic.level = RAW_FILEINFO_COMPRESSION_INFORMATION;
+	status = smb_raw_pathinfo(ctx->cli->tree, ctx, &finfo);
+	if (NT_STATUS_IS_OK(status)) {
+		d_printf("\tcompressed size %ld\n", (long)finfo.compression_info.out.compressed_size);
+		d_printf("\tformat          %ld\n", (long)finfo.compression_info.out.format);
+		d_printf("\tunit_shift      %ld\n", (long)finfo.compression_info.out.unit_shift);
+		d_printf("\tchunk_shift     %ld\n", (long)finfo.compression_info.out.chunk_shift);
+		d_printf("\tcluster_shift   %ld\n", (long)finfo.compression_info.out.cluster_shift);
+	}
+
+	/* shadow copies if available */
+	fnum = smbcli_open(ctx->cli->tree, fname, O_RDONLY, DENY_NONE);
+	if (fnum != -1) {
+		struct smb_shadow_copy info;
+		int i;
+		info.in.file.fnum = fnum;
+		info.in.max_data = ~0;
+		status = smb_raw_shadow_data(ctx->cli->tree, ctx, &info);
+		if (NT_STATUS_IS_OK(status)) {
+			d_printf("\tshadow_copy: %u volumes  %u names\n",
+				 info.out.num_volumes, info.out.num_names);
+			for (i=0;i<info.out.num_names;i++) {
+				d_printf("\t%s\n", info.out.names[i]);
+				finfo.generic.level = RAW_FILEINFO_ALL_INFO;
+				finfo.generic.in.file.path = talloc_asprintf(ctx, "%s%s", 
+									     info.out.names[i], fname); 
+				status = smb_raw_pathinfo(ctx->cli->tree, ctx, &finfo);
+				if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_PATH_NOT_FOUND) ||
+				    NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+					continue;
+				}
+				if (!NT_STATUS_IS_OK(status)) {
+					d_printf("%s - %s\n", finfo.generic.in.file.path, 
+						 nt_errstr(status));
+					return 1;
+				}
+				
+				d_printf("\t\tcreate_time:    %s\n", nt_time_string(ctx, finfo.all_info.out.create_time));
+				d_printf("\t\twrite_time:     %s\n", nt_time_string(ctx, finfo.all_info.out.write_time));
+				d_printf("\t\tchange_time:    %s\n", nt_time_string(ctx, finfo.all_info.out.change_time));
+				d_printf("\t\tsize:           %lu\n", (unsigned long)finfo.all_info.out.size);
+			}
+		}
+	}
+	
+	return 0;
+}
+
+
+/****************************************************************************
+shows EA contents
+****************************************************************************/
+static int cmd_eainfo(struct smbclient_context *ctx, const char **args)
+{
+	char *fname;
+	union smb_fileinfo finfo;
+	NTSTATUS status;
+	int i;
+
+	if (!args[1]) {
+		d_printf("eainfo <filename>\n");
+		return 1;
+	}
+	fname = talloc_strdup(ctx, args[1]);
+
+	finfo.generic.level = RAW_FILEINFO_ALL_EAS;
+	finfo.generic.in.file.path = fname;
+	status = smb_raw_pathinfo(ctx->cli->tree, ctx, &finfo);
+	
+	if (!NT_STATUS_IS_OK(status)) {
+		d_printf("RAW_FILEINFO_ALL_EAS - %s\n", nt_errstr(status));
+		return 1;
+	}
+
+	d_printf("%s has %d EAs\n", fname, finfo.all_eas.out.num_eas);
+
+	for (i=0;i<finfo.all_eas.out.num_eas;i++) {
+		d_printf("\tEA[%d] flags=%d len=%d '%s'\n", i,
+			 finfo.all_eas.out.eas[i].flags,
+			 (int)finfo.all_eas.out.eas[i].value.length,
+			 finfo.all_eas.out.eas[i].name.s);
+		fflush(stdout);
+		dump_data(0, 
+			  finfo.all_eas.out.eas[i].value.data,
+			  finfo.all_eas.out.eas[i].value.length);
+	}
+
+	return 0;
+}
+
+
+/****************************************************************************
+show any ACL on a file
+****************************************************************************/
+static int cmd_acl(struct smbclient_context *ctx, const char **args)
+{
+	char *fname;
+	union smb_fileinfo query;
+	NTSTATUS status;
+	int fnum;
+
+	if (!args[1]) {
+		d_printf("acl <filename>\n");
+		return 1;
+	}
+	fname = talloc_asprintf(ctx, "%s%s", ctx->remote_cur_dir, args[1]);
+
+	fnum = smbcli_nt_create_full(ctx->cli->tree, fname, 0, 
+				     SEC_STD_READ_CONTROL,
+				     0,
+				     NTCREATEX_SHARE_ACCESS_DELETE|
+				     NTCREATEX_SHARE_ACCESS_READ|
+				     NTCREATEX_SHARE_ACCESS_WRITE, 
+				     NTCREATEX_DISP_OPEN,
+				     0, 0);
+	if (fnum == -1) {
+		d_printf("%s - %s\n", fname, smbcli_errstr(ctx->cli->tree));
+		return -1;
+	}
+
+	query.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	query.query_secdesc.in.file.fnum = fnum;
+	query.query_secdesc.in.secinfo_flags = 0x7;
+
+	status = smb_raw_fileinfo(ctx->cli->tree, ctx, &query);
+	if (!NT_STATUS_IS_OK(status)) {
+		d_printf("%s - %s\n", fname, nt_errstr(status));
+		return 1;
+	}
+
+	NDR_PRINT_DEBUG(security_descriptor, query.query_secdesc.out.sd);
+
+	return 0;
+}
+
+/****************************************************************************
+lookup a name or sid
+****************************************************************************/
+static int cmd_lookup(struct smbclient_context *ctx, const char **args)
+{
+	NTSTATUS status;
+	struct dom_sid *sid;
+
+	if (!args[1]) {
+		d_printf("lookup <sid|name>\n");
+		return 1;
+	}
+
+	sid = dom_sid_parse_talloc(ctx, args[1]);
+	if (sid == NULL) {
+		const char *sidstr;
+		status = smblsa_lookup_name(ctx->cli, args[1], ctx, &sidstr);
+		if (!NT_STATUS_IS_OK(status)) {
+			d_printf("lsa_LookupNames - %s\n", nt_errstr(status));
+			return 1;
+		}
+
+		d_printf("%s\n", sidstr);
+	} else {
+		const char *name;
+		status = smblsa_lookup_sid(ctx->cli, args[1], ctx, &name);
+		if (!NT_STATUS_IS_OK(status)) {
+			d_printf("lsa_LookupSids - %s\n", nt_errstr(status));
+			return 1;
+		}
+
+		d_printf("%s\n", name);
+	}
+
+	return 0;
+}
+
+/****************************************************************************
+show privileges for a user
+****************************************************************************/
+static int cmd_privileges(struct smbclient_context *ctx, const char **args)
+{
+	NTSTATUS status;
+	struct dom_sid *sid;
+	struct lsa_RightSet rights;
+	unsigned i;
+
+	if (!args[1]) {
+		d_printf("privileges <sid|name>\n");
+		return 1;
+	}
+
+	sid = dom_sid_parse_talloc(ctx, args[1]);
+	if (sid == NULL) {
+		const char *sid_str;
+		status = smblsa_lookup_name(ctx->cli, args[1], ctx, &sid_str);
+		if (!NT_STATUS_IS_OK(status)) {
+			d_printf("lsa_LookupNames - %s\n", nt_errstr(status));
+			return 1;
+		}
+		sid = dom_sid_parse_talloc(ctx, sid_str);
+	}
+
+	status = smblsa_sid_privileges(ctx->cli, sid, ctx, &rights);
+	if (!NT_STATUS_IS_OK(status)) {
+		d_printf("lsa_EnumAccountRights - %s\n", nt_errstr(status));
+		return 1;
+	}
+
+	for (i=0;i<rights.count;i++) {
+		d_printf("\t%s\n", rights.names[i].string);
+	}
+
+	return 0;
+}
+
+
+/****************************************************************************
+add privileges for a user
+****************************************************************************/
+static int cmd_addprivileges(struct smbclient_context *ctx, const char **args)
+{
+	NTSTATUS status;
+	struct dom_sid *sid;
+	struct lsa_RightSet rights;
+	int i;
+
+	if (!args[1]) {
+		d_printf("addprivileges <sid|name> <privilege...>\n");
+		return 1;
+	}
+
+	sid = dom_sid_parse_talloc(ctx, args[1]);
+	if (sid == NULL) {
+		const char *sid_str;
+		status = smblsa_lookup_name(ctx->cli, args[1], ctx, &sid_str);
+		if (!NT_STATUS_IS_OK(status)) {
+			d_printf("lsa_LookupNames - %s\n", nt_errstr(status));
+			return 1;
+		}
+		sid = dom_sid_parse_talloc(ctx, sid_str);
+	}
+
+	ZERO_STRUCT(rights);
+	for (i = 2; args[i]; i++) {
+		rights.names = talloc_realloc(ctx, rights.names, 
+					      struct lsa_StringLarge, rights.count+1);
+		rights.names[rights.count].string = talloc_strdup(ctx, args[i]);
+		rights.count++;
+	}
+
+
+	status = smblsa_sid_add_privileges(ctx->cli, sid, ctx, &rights);
+	if (!NT_STATUS_IS_OK(status)) {
+		d_printf("lsa_AddAccountRights - %s\n", nt_errstr(status));
+		return 1;
+	}
+
+	return 0;
+}
+
+/****************************************************************************
+delete privileges for a user
+****************************************************************************/
+static int cmd_delprivileges(struct smbclient_context *ctx, const char **args)
+{
+	NTSTATUS status;
+	struct dom_sid *sid;
+	struct lsa_RightSet rights;
+	int i;
+
+	if (!args[1]) {
+		d_printf("delprivileges <sid|name> <privilege...>\n");
+		return 1;
+	}
+
+	sid = dom_sid_parse_talloc(ctx, args[1]);
+	if (sid == NULL) {
+		const char *sid_str;
+		status = smblsa_lookup_name(ctx->cli, args[1], ctx, &sid_str);
+		if (!NT_STATUS_IS_OK(status)) {
+			d_printf("lsa_LookupNames - %s\n", nt_errstr(status));
+			return 1;
+		}
+		sid = dom_sid_parse_talloc(ctx, sid_str);
+	}
+
+	ZERO_STRUCT(rights);
+	for (i = 2; args[i]; i++) {
+		rights.names = talloc_realloc(ctx, rights.names, 
+					      struct lsa_StringLarge, rights.count+1);
+		rights.names[rights.count].string = talloc_strdup(ctx, args[i]);
+		rights.count++;
+	}
+
+
+	status = smblsa_sid_del_privileges(ctx->cli, sid, ctx, &rights);
+	if (!NT_STATUS_IS_OK(status)) {
+		d_printf("lsa_RemoveAccountRights - %s\n", nt_errstr(status));
+		return 1;
+	}
+
+	return 0;
+}
+
+
+/****************************************************************************
+open a file
+****************************************************************************/
+static int cmd_open(struct smbclient_context *ctx, const char **args)
+{
+	char *filename;
+	union smb_open io;
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx;
+
+	if (!args[1]) {
+		d_printf("open <filename>\n");
+		return 1;
+	}
+	tmp_ctx = talloc_new(ctx);
+
+	filename = talloc_asprintf(tmp_ctx, "%s%s", ctx->remote_cur_dir, args[1]);
+
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = filename;
+
+	status = smb_raw_open(ctx->cli->tree, tmp_ctx, &io);
+	talloc_free(tmp_ctx);
+
+	if (NT_STATUS_IS_OK(status)) {
+		d_printf("Opened file with fnum %u\n", (unsigned)io.ntcreatex.out.file.fnum);
+	} else {
+		d_printf("Opened failed: %s\n", nt_errstr(status));
+	}
+
+	return 0;
+}
+
+/****************************************************************************
+close a file
+****************************************************************************/
+static int cmd_close(struct smbclient_context *ctx, const char **args)
+{
+	union smb_close io;
+	NTSTATUS status;
+	uint16_t fnum;
+
+	if (!args[1]) {
+		d_printf("close <fnum>\n");
+		return 1;
+	}
+
+	fnum = atoi(args[1]);
+
+	ZERO_STRUCT(io);
+	io.generic.level = RAW_CLOSE_CLOSE;
+	io.close.in.file.fnum = fnum;
+
+	status = smb_raw_close(ctx->cli->tree, &io);
+
+	if (NT_STATUS_IS_OK(status)) {
+		d_printf("Closed file OK\n");
+	} else {
+		d_printf("Close failed: %s\n", nt_errstr(status));
+	}
+
+	return 0;
+}
+
+
+/****************************************************************************
+remove a directory
+****************************************************************************/
+static int cmd_rmdir(struct smbclient_context *ctx, const char **args)
+{
+	char *mask;
+  
+	if (!args[1]) {
+		d_printf("rmdir <dirname>\n");
+		return 1;
+	}
+	mask = talloc_asprintf(ctx, "%s%s", ctx->remote_cur_dir, args[1]);
+
+	if (NT_STATUS_IS_ERR(smbcli_rmdir(ctx->cli->tree, mask))) {
+		d_printf("%s removing remote directory file %s\n",
+			 smbcli_errstr(ctx->cli->tree),mask);
+	}
+	
+	return 0;
+}
+
+/****************************************************************************
+ UNIX hardlink.
+****************************************************************************/
+static int cmd_link(struct smbclient_context *ctx, const char **args)
+{
+	char *src,*dest;
+  
+	if (!(ctx->cli->transport->negotiate.capabilities & CAP_UNIX)) {
+		d_printf("Server doesn't support UNIX CIFS calls.\n");
+		return 1;
+	}
+
+	
+	if (!args[1] || !args[2]) {
+		d_printf("link <src> <dest>\n");
+		return 1;
+	}
+
+	src = talloc_asprintf(ctx, "%s%s", ctx->remote_cur_dir, args[1]);
+	dest = talloc_asprintf(ctx, "%s%s", ctx->remote_cur_dir, args[2]);
+
+	if (NT_STATUS_IS_ERR(smbcli_unix_hardlink(ctx->cli->tree, src, dest))) {
+		d_printf("%s linking files (%s -> %s)\n", smbcli_errstr(ctx->cli->tree), src, dest);
+		return 1;
+	}  
+
+	return 0;
+}
+
+/****************************************************************************
+ UNIX symlink.
+****************************************************************************/
+
+static int cmd_symlink(struct smbclient_context *ctx, const char **args)
+{
+	char *src,*dest;
+  
+	if (!(ctx->cli->transport->negotiate.capabilities & CAP_UNIX)) {
+		d_printf("Server doesn't support UNIX CIFS calls.\n");
+		return 1;
+	}
+
+	if (!args[1] || !args[2]) {
+		d_printf("symlink <src> <dest>\n");
+		return 1;
+	}
+
+	src = talloc_asprintf(ctx, "%s%s", ctx->remote_cur_dir, args[1]);
+	dest = talloc_asprintf(ctx, "%s%s", ctx->remote_cur_dir, args[2]);
+
+	if (NT_STATUS_IS_ERR(smbcli_unix_symlink(ctx->cli->tree, src, dest))) {
+		d_printf("%s symlinking files (%s -> %s)\n",
+			smbcli_errstr(ctx->cli->tree), src, dest);
+		return 1;
+	} 
+
+	return 0;
+}
+
+/****************************************************************************
+ UNIX chmod.
+****************************************************************************/
+
+static int cmd_chmod(struct smbclient_context *ctx, const char **args)
+{
+	char *src;
+	mode_t mode;
+  
+	if (!(ctx->cli->transport->negotiate.capabilities & CAP_UNIX)) {
+		d_printf("Server doesn't support UNIX CIFS calls.\n");
+		return 1;
+	}
+
+	if (!args[1] || !args[2]) {
+		d_printf("chmod mode file\n");
+		return 1;
+	}
+
+	src = talloc_asprintf(ctx, "%s%s", ctx->remote_cur_dir, args[2]);
+	
+	mode = (mode_t)strtol(args[1], NULL, 8);
+
+	if (NT_STATUS_IS_ERR(smbcli_unix_chmod(ctx->cli->tree, src, mode))) {
+		d_printf("%s chmod file %s 0%o\n",
+			smbcli_errstr(ctx->cli->tree), src, (unsigned)mode);
+		return 1;
+	} 
+
+	return 0;
+}
+
+/****************************************************************************
+ UNIX chown.
+****************************************************************************/
+
+static int cmd_chown(struct smbclient_context *ctx, const char **args)
+{
+	char *src;
+	uid_t uid;
+	gid_t gid;
+  
+	if (!(ctx->cli->transport->negotiate.capabilities & CAP_UNIX)) {
+		d_printf("Server doesn't support UNIX CIFS calls.\n");
+		return 1;
+	}
+
+	if (!args[1] || !args[2] || !args[3]) {
+		d_printf("chown uid gid file\n");
+		return 1;
+	}
+
+	uid = (uid_t)atoi(args[1]);
+	gid = (gid_t)atoi(args[2]);
+	src = talloc_asprintf(ctx, "%s%s", ctx->remote_cur_dir, args[3]);
+
+	if (NT_STATUS_IS_ERR(smbcli_unix_chown(ctx->cli->tree, src, uid, gid))) {
+		d_printf("%s chown file %s uid=%d, gid=%d\n",
+			smbcli_errstr(ctx->cli->tree), src, (int)uid, (int)gid);
+		return 1;
+	} 
+
+	return 0;
+}
+
+/****************************************************************************
+rename some files
+****************************************************************************/
+static int cmd_rename(struct smbclient_context *ctx, const char **args)
+{
+	char *src,*dest;
+  
+	if (!args[1] || !args[2]) {
+		d_printf("rename <src> <dest>\n");
+		return 1;
+	}
+
+	src = talloc_asprintf(ctx, "%s%s", ctx->remote_cur_dir, args[1]);
+	dest = talloc_asprintf(ctx, "%s%s", ctx->remote_cur_dir, args[2]);
+
+	if (NT_STATUS_IS_ERR(smbcli_rename(ctx->cli->tree, src, dest))) {
+		d_printf("%s renaming files\n",smbcli_errstr(ctx->cli->tree));
+		return 1;
+	}
+	
+	return 0;
+}
+
+
+/****************************************************************************
+toggle the prompt flag
+****************************************************************************/
+static int cmd_prompt(struct smbclient_context *ctx, const char **args)
+{
+	ctx->prompt = !ctx->prompt;
+	DEBUG(2,("prompting is now %s\n",ctx->prompt?"on":"off"));
+	
+	return 1;
+}
+
+
+/****************************************************************************
+set the newer than time
+****************************************************************************/
+static int cmd_newer(struct smbclient_context *ctx, const char **args)
+{
+	struct stat sbuf;
+
+	if (args[1] && (stat(args[1],&sbuf) == 0)) {
+		ctx->newer_than = sbuf.st_mtime;
+		DEBUG(1,("Getting files newer than %s",
+			 asctime(localtime(&ctx->newer_than))));
+	} else {
+		ctx->newer_than = 0;
+	}
+
+	if (args[1] && ctx->newer_than == 0) {
+		d_printf("Error setting newer-than time\n");
+		return 1;
+	}
+
+	return 0;
+}
+
+/****************************************************************************
+set the archive level
+****************************************************************************/
+static int cmd_archive(struct smbclient_context *ctx, const char **args)
+{
+	if (args[1]) {
+		ctx->archive_level = atoi(args[1]);
+	} else
+		d_printf("Archive level is %d\n",ctx->archive_level);
+
+	return 0;
+}
+
+/****************************************************************************
+toggle the lowercaseflag
+****************************************************************************/
+static int cmd_lowercase(struct smbclient_context *ctx, const char **args)
+{
+	ctx->lowercase = !ctx->lowercase;
+	DEBUG(2,("filename lowercasing is now %s\n",ctx->lowercase?"on":"off"));
+
+	return 0;
+}
+
+
+
+
+/****************************************************************************
+toggle the recurse flag
+****************************************************************************/
+static int cmd_recurse(struct smbclient_context *ctx, const char **args)
+{
+	ctx->recurse = !ctx->recurse;
+	DEBUG(2,("directory recursion is now %s\n",ctx->recurse?"on":"off"));
+
+	return 0;
+}
+
+/****************************************************************************
+toggle the translate flag
+****************************************************************************/
+static int cmd_translate(struct smbclient_context *ctx, const char **args)
+{
+	ctx->translation = !ctx->translation;
+	DEBUG(2,("CR/LF<->LF and print text translation now %s\n",
+		 ctx->translation?"on":"off"));
+
+	return 0;
+}
+
+
+/****************************************************************************
+do a printmode command
+****************************************************************************/
+static int cmd_printmode(struct smbclient_context *ctx, const char **args)
+{
+	if (args[1]) {
+		if (strequal(args[1],"text")) {
+			ctx->printmode = 0;      
+		} else {
+			if (strequal(args[1],"graphics"))
+				ctx->printmode = 1;
+			else
+				ctx->printmode = atoi(args[1]);
+		}
+	}
+
+	switch(ctx->printmode)
+	{
+		case 0: 
+			DEBUG(2,("the printmode is now text\n"));
+			break;
+		case 1: 
+			DEBUG(2,("the printmode is now graphics\n"));
+			break;
+		default: 
+			DEBUG(2,("the printmode is now %d\n", ctx->printmode));
+			break;
+	}
+	
+	return 0;
+}
+
+/****************************************************************************
+ do the lcd command
+ ****************************************************************************/
+static int cmd_lcd(struct smbclient_context *ctx, const char **args)
+{
+	char d[PATH_MAX];
+	
+	if (args[1]) {
+		int ret;
+
+		ret = chdir(args[1]);
+		if (ret == -1) {
+			d_printf("failed to chdir to dir '%s': %s\n",
+				 args[1], strerror(errno));
+			return 1;
+		}
+	}
+
+	DEBUG(2,("the local directory is now %s\n",getcwd(d, PATH_MAX)));
+
+	return 0;
+}
+
+/****************************************************************************
+history
+****************************************************************************/
+static int cmd_history(struct smbclient_context *ctx, const char **args)
+{
+#if defined(HAVE_LIBREADLINE) && defined(HAVE_HISTORY_LIST)
+	HIST_ENTRY **hlist;
+	int i;
+
+	hlist = history_list();
+	
+	for (i = 0; hlist && hlist[i]; i++) {
+		DEBUG(0, ("%d: %s\n", i, hlist[i]->line));
+	}
+#else
+	DEBUG(0,("no history without readline support\n"));
+#endif
+
+	return 0;
+}
+
+/****************************************************************************
+ get a file restarting at end of local file
+ ****************************************************************************/
+static int cmd_reget(struct smbclient_context *ctx, const char **args)
+{
+	char *local_name;
+	char *remote_name;
+
+	if (!args[1]) {
+		d_printf("reget <filename>\n");
+		return 1;
+	}
+	remote_name = talloc_asprintf(ctx, "%s\\%s", ctx->remote_cur_dir, args[1]);
+	dos_clean_name(remote_name);
+	
+	if (args[2]) 
+		local_name = talloc_strdup(ctx, args[2]);
+	else
+		local_name = talloc_strdup(ctx, args[1]);
+	
+	return do_get(ctx, remote_name, local_name, true);
+}
+
+/****************************************************************************
+ put a file restarting at end of local file
+ ****************************************************************************/
+static int cmd_reput(struct smbclient_context *ctx, const char **args)
+{
+	char *local_name;
+	char *remote_name;
+	
+	if (!args[1]) {
+		d_printf("reput <filename>\n");
+		return 1;
+	}
+	local_name = talloc_asprintf(ctx, "%s\\%s", ctx->remote_cur_dir, args[1]);
+  
+	if (!file_exist(local_name)) {
+		d_printf("%s does not exist\n", local_name);
+		return 1;
+	}
+
+	if (args[2]) 
+		remote_name = talloc_strdup(ctx, args[2]);
+	else
+		remote_name = talloc_strdup(ctx, args[1]);
+	
+	dos_clean_name(remote_name);
+
+	return do_put(ctx, remote_name, local_name, true);
+}
+
+
+/*
+  return a string representing a share type
+*/
+static const char *share_type_str(uint32_t type)
+{
+	switch (type & 0xF) {
+	case STYPE_DISKTREE: 
+		return "Disk";
+	case STYPE_PRINTQ: 
+		return "Printer";
+	case STYPE_DEVICE: 
+		return "Device";
+	case STYPE_IPC: 
+		return "IPC";
+	default:
+		return "Unknown";
+	}
+}
+
+
+/*
+  display a list of shares from a level 1 share enum
+*/
+static void display_share_result(struct srvsvc_NetShareCtr1 *ctr1)
+{
+	int i;
+
+	for (i=0;i<ctr1->count;i++) {
+		struct srvsvc_NetShareInfo1 *info = ctr1->array+i;
+
+		printf("\t%-15s %-10.10s %s\n", 
+		       info->name, 
+		       share_type_str(info->type), 
+		       info->comment);
+	}
+}
+
+
+
+/****************************************************************************
+try and browse available shares on a host
+****************************************************************************/
+static bool browse_host(struct loadparm_context *lp_ctx,
+			struct tevent_context *ev_ctx,
+			const char *query_host)
+{
+	struct dcerpc_pipe *p;
+	char *binding;
+	NTSTATUS status;
+	struct srvsvc_NetShareEnumAll r;
+	struct srvsvc_NetShareInfoCtr info_ctr;
+	uint32_t resume_handle = 0;
+	TALLOC_CTX *mem_ctx = talloc_init("browse_host");
+	struct srvsvc_NetShareCtr1 ctr1;
+	uint32_t totalentries = 0;
+	struct cli_credentials *creds = samba_cmdline_get_creds();
+
+	binding = talloc_asprintf(mem_ctx, "ncacn_np:%s", query_host);
+
+	status = dcerpc_pipe_connect(mem_ctx, &p, binding, 
+					 &ndr_table_srvsvc,
+					 creds,
+					 ev_ctx,
+				     lp_ctx);
+	if (!NT_STATUS_IS_OK(status)) {
+		d_printf("Failed to connect to %s - %s\n", 
+			 binding, nt_errstr(status));
+		talloc_free(mem_ctx);
+		return false;
+	}
+
+	info_ctr.level = 1;
+	info_ctr.ctr.ctr1 = &ctr1;
+
+	r.in.server_unc = talloc_asprintf(mem_ctx,"\\\\%s",dcerpc_server_name(p));
+	r.in.info_ctr = &info_ctr;
+	r.in.max_buffer = ~0;
+	r.in.resume_handle = &resume_handle;
+	r.out.resume_handle = &resume_handle;
+	r.out.totalentries = &totalentries;
+	r.out.info_ctr = &info_ctr;
+
+	d_printf("\n\tSharename       Type       Comment\n");
+	d_printf("\t---------       ----       -------\n");
+
+	do {
+		ZERO_STRUCT(ctr1);
+		status = dcerpc_srvsvc_NetShareEnumAll_r(p->binding_handle, mem_ctx, &r);
+
+		if (NT_STATUS_IS_OK(status) && 
+		    (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA) ||
+		     W_ERROR_IS_OK(r.out.result)) &&
+		    r.out.info_ctr->ctr.ctr1) {
+			display_share_result(r.out.info_ctr->ctr.ctr1);
+			resume_handle += r.out.info_ctr->ctr.ctr1->count;
+		}
+	} while (NT_STATUS_IS_OK(status) && W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA));
+
+	talloc_free(mem_ctx);
+
+	if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
+		d_printf("Failed NetShareEnumAll %s - %s/%s\n", 
+			 binding, nt_errstr(status), win_errstr(r.out.result));
+		return false;
+	}
+
+	return false;
+}
+
+/****************************************************************************
+try and browse available connections on a host
+****************************************************************************/
+static bool list_servers(const char *wk_grp)
+{
+	d_printf("REWRITE: list servers not implemented\n");
+	return false;
+}
+
+/* Some constants for completing filename arguments */
+
+#define COMPL_NONE        0          /* No completions */
+#define COMPL_REMOTE      1          /* Complete remote filename */
+#define COMPL_LOCAL       2          /* Complete local filename */
+
+static int cmd_help(struct smbclient_context *ctx, const char **args);
+
+/* This defines the commands supported by this client.
+ * NOTE: The "!" must be the last one in the list because it's fn pointer
+ *       field is NULL, and NULL in that field is used in process_tok()
+ *       (below) to indicate the end of the list.  crh
+ */
+static struct
+{
+  const char *name;
+  int (*fn)(struct smbclient_context *ctx, const char **args);
+  const char *description;
+  char compl_args[2];      /* Completion argument info */
+} commands[] = 
+{
+  {"?",cmd_help,"[command] give help on a command",{COMPL_NONE,COMPL_NONE}},
+  {"addprivileges",cmd_addprivileges,"<sid|name> <privilege...> add privileges for a user",{COMPL_NONE,COMPL_NONE}},
+  {"altname",cmd_altname,"<file> show alt name",{COMPL_NONE,COMPL_NONE}},
+  {"acl",cmd_acl,"<file> show file ACL",{COMPL_NONE,COMPL_NONE}},
+  {"allinfo",cmd_allinfo,"<file> show all possible info about a file",{COMPL_NONE,COMPL_NONE}},
+  {"archive",cmd_archive,"<level>\n0=ignore archive bit\n1=only get archive files\n2=only get archive files and reset archive bit\n3=get all files and reset archive bit",{COMPL_NONE,COMPL_NONE}},
+  {"cancel",cmd_rewrite,"<jobid> cancel a print queue entry",{COMPL_NONE,COMPL_NONE}},
+  {"cd",cmd_cd,"[directory] change/report the remote directory",{COMPL_REMOTE,COMPL_NONE}},
+  {"chmod",cmd_chmod,"<src> <mode> chmod a file using UNIX permission",{COMPL_REMOTE,COMPL_REMOTE}},
+  {"chown",cmd_chown,"<src> <uid> <gid> chown a file using UNIX uids and gids",{COMPL_REMOTE,COMPL_REMOTE}},
+  {"del",cmd_del,"<mask> delete all matching files",{COMPL_REMOTE,COMPL_NONE}},
+  {"delprivileges",cmd_delprivileges,"<sid|name> <privilege...> remove privileges for a user",{COMPL_NONE,COMPL_NONE}},
+  {"deltree",cmd_deltree,"<dir> delete a whole directory tree",{COMPL_REMOTE,COMPL_NONE}},
+  {"dir",cmd_dir,"<mask> list the contents of the current directory",{COMPL_REMOTE,COMPL_NONE}},
+  {"du",cmd_du,"<mask> computes the total size of the current directory",{COMPL_REMOTE,COMPL_NONE}},
+  {"eainfo",cmd_eainfo,"<file> show EA contents for a file",{COMPL_NONE,COMPL_NONE}},
+  {"exit",cmd_quit,"logoff the server",{COMPL_NONE,COMPL_NONE}},
+  {"fsinfo",cmd_fsinfo,"query file system info",{COMPL_NONE,COMPL_NONE}},
+  {"get",cmd_get,"<remote name> [local name] get a file",{COMPL_REMOTE,COMPL_LOCAL}},
+  {"help",cmd_help,"[command] give help on a command",{COMPL_NONE,COMPL_NONE}},
+  {"history",cmd_history,"displays the command history",{COMPL_NONE,COMPL_NONE}},
+  {"lcd",cmd_lcd,"[directory] change/report the local current working directory",{COMPL_LOCAL,COMPL_NONE}},
+  {"link",cmd_link,"<src> <dest> create a UNIX hard link",{COMPL_REMOTE,COMPL_REMOTE}},
+  {"lookup",cmd_lookup,"<sid|name> show SID for name or name for SID",{COMPL_NONE,COMPL_NONE}},
+  {"lowercase",cmd_lowercase,"toggle lowercasing of filenames for get",{COMPL_NONE,COMPL_NONE}},  
+  {"ls",cmd_dir,"<mask> list the contents of the current directory",{COMPL_REMOTE,COMPL_NONE}},
+  {"mask",cmd_select,"<mask> mask all filenames against this",{COMPL_REMOTE,COMPL_NONE}},
+  {"md",cmd_mkdir,"<directory> make a directory",{COMPL_NONE,COMPL_NONE}},
+  {"mget",cmd_mget,"<mask> get all the matching files",{COMPL_REMOTE,COMPL_NONE}},
+  {"mkdir",cmd_mkdir,"<directory> make a directory",{COMPL_NONE,COMPL_NONE}},
+  {"more",cmd_more,"<remote name> view a remote file with your pager",{COMPL_REMOTE,COMPL_NONE}},  
+  {"mput",cmd_mput,"<mask> put all matching files",{COMPL_REMOTE,COMPL_NONE}},
+  {"newer",cmd_newer,"<file> only mget files newer than the specified local file",{COMPL_LOCAL,COMPL_NONE}},
+  {"open",cmd_open,"<mask> open a file",{COMPL_REMOTE,COMPL_NONE}},
+  {"close",cmd_close,"<fnum> close a file",{COMPL_NONE,COMPL_NONE}},
+  {"privileges",cmd_privileges,"<user> show privileges for a user",{COMPL_NONE,COMPL_NONE}},
+  {"print",cmd_print,"<file name> print a file",{COMPL_NONE,COMPL_NONE}},
+  {"printmode",cmd_printmode,"<graphics or text> set the print mode",{COMPL_NONE,COMPL_NONE}},
+  {"prompt",cmd_prompt,"toggle prompting for filenames for mget and mput",{COMPL_NONE,COMPL_NONE}},  
+  {"put",cmd_put,"<local name> [remote name] put a file",{COMPL_LOCAL,COMPL_REMOTE}},
+  {"pwd",cmd_pwd,"show current remote directory (same as 'cd' with no args)",{COMPL_NONE,COMPL_NONE}},
+  {"q",cmd_quit,"logoff the server",{COMPL_NONE,COMPL_NONE}},
+  {"queue",cmd_rewrite,"show the print queue",{COMPL_NONE,COMPL_NONE}},
+  {"quit",cmd_quit,"logoff the server",{COMPL_NONE,COMPL_NONE}},
+  {"rd",cmd_rmdir,"<directory> remove a directory",{COMPL_NONE,COMPL_NONE}},
+  {"recurse",cmd_recurse,"toggle directory recursion for mget and mput",{COMPL_NONE,COMPL_NONE}},  
+  {"reget",cmd_reget,"<remote name> [local name] get a file restarting at end of local file",{COMPL_REMOTE,COMPL_LOCAL}},
+  {"rename",cmd_rename,"<src> <dest> rename some files",{COMPL_REMOTE,COMPL_REMOTE}},
+  {"reput",cmd_reput,"<local name> [remote name] put a file restarting at end of remote file",{COMPL_LOCAL,COMPL_REMOTE}},
+  {"rm",cmd_del,"<mask> delete all matching files",{COMPL_REMOTE,COMPL_NONE}},
+  {"rmdir",cmd_rmdir,"<directory> remove a directory",{COMPL_NONE,COMPL_NONE}},
+  {"symlink",cmd_symlink,"<src> <dest> create a UNIX symlink",{COMPL_REMOTE,COMPL_REMOTE}},
+  {"translate",cmd_translate,"toggle text translation for printing",{COMPL_NONE,COMPL_NONE}},
+  
+  /* Yes, this must be here, see crh's comment above. */
+  {"!",NULL,"run a shell command on the local system",{COMPL_NONE,COMPL_NONE}},
+  {NULL,NULL,NULL,{COMPL_NONE,COMPL_NONE}}
+};
+
+
+/*******************************************************************
+  lookup a command string in the list of commands, including 
+  abbreviations
+  ******************************************************************/
+static int process_tok(const char *tok)
+{
+	size_t i = 0, matches = 0;
+	size_t cmd=0;
+	size_t tok_len = strlen(tok);
+
+	while (commands[i].fn != NULL) {
+		if (strequal(commands[i].name,tok)) {
+			matches = 1;
+			cmd = i;
+			break;
+		} else if (strncasecmp(commands[i].name, tok, tok_len) == 0) {
+			matches++;
+			cmd = i;
+		}
+		i++;
+	}
+  
+	if (matches == 0)
+		return(-1);
+	else if (matches == 1)
+		return(cmd);
+	else
+		return(-2);
+}
+
+/****************************************************************************
+help
+****************************************************************************/
+static int cmd_help(struct smbclient_context *ctx, const char **args)
+{
+	int i=0,j;
+	
+	if (args[1]) {
+		if ((i = process_tok(args[1])) >= 0)
+			d_printf("HELP %s:\n\t%s\n\n",commands[i].name,commands[i].description);
+	} else {
+		while (commands[i].description) {
+			for (j=0; commands[i].description && (j<5); j++) {
+				d_printf("%-15s",commands[i].name);
+				i++;
+			}
+			d_printf("\n");
+		}
+	}
+	return 0;
+}
+
+static int process_line(struct smbclient_context *ctx, const char *cline);
+/****************************************************************************
+process a -c command string
+****************************************************************************/
+static int process_command_string(struct smbclient_context *ctx, const char *cmd)
+{
+	char **lines;
+	int i, rc = 0;
+
+	lines = str_list_make(NULL, cmd, ";");
+	for (i = 0; lines[i]; i++) {
+		rc |= process_line(ctx, lines[i]);
+	}
+	talloc_free(lines);
+
+	return rc;
+}	
+
+#define MAX_COMPLETIONS 100
+
+typedef struct {
+	char *dirmask;
+	char **matches;
+	int count, samelen;
+	const char *text;
+	int len;
+} completion_remote_t;
+
+static void completion_remote_filter(struct clilist_file_info *f, const char *mask, void *state)
+{
+	completion_remote_t *info = (completion_remote_t *)state;
+
+	if ((info->count < MAX_COMPLETIONS - 1) && (strncmp(info->text, f->name, info->len) == 0) && (!ISDOT(f->name)) && (!ISDOTDOT(f->name))) {
+		if ((info->dirmask[0] == 0) && !(f->attrib & FILE_ATTRIBUTE_DIRECTORY))
+			info->matches[info->count] = strdup(f->name);
+		else {
+			char *tmp;
+
+			if (info->dirmask[0] != 0)
+				tmp = talloc_asprintf(NULL, "%s/%s", info->dirmask, f->name);
+			else
+				tmp = talloc_strdup(NULL, f->name);
+			
+			if (f->attrib & FILE_ATTRIBUTE_DIRECTORY)
+				tmp = talloc_append_string(NULL, tmp, "/");
+			info->matches[info->count] = tmp;
+		}
+		if (info->matches[info->count] == NULL)
+			return;
+		if (f->attrib & FILE_ATTRIBUTE_DIRECTORY)
+			smb_readline_ca_char(0);
+
+		if (info->count == 1)
+			info->samelen = strlen(info->matches[info->count]);
+		else
+			while (strncmp(info->matches[info->count], info->matches[info->count-1], info->samelen) != 0)
+				info->samelen--;
+		info->count++;
+	}
+}
+
+static char **remote_completion(const char *text, int len)
+{
+	char *dirmask;
+	int i, ret;
+	completion_remote_t info;
+
+	info.samelen = len;
+	info.text = text;
+	info.len = len;
+	info.count = 0;
+
+	if (len >= PATH_MAX)
+		return(NULL);
+
+	info.matches = malloc_array_p(char *, MAX_COMPLETIONS);
+	if (!info.matches) return NULL;
+	info.matches[0] = NULL;
+
+	for (i = len-1; i >= 0; i--)
+		if ((text[i] == '/') || (text[i] == '\\'))
+			break;
+	info.text = text+i+1;
+	info.samelen = info.len = len-i-1;
+
+	if (i > 0) {
+		info.dirmask = talloc_strndup(NULL, text, i+1);
+		info.dirmask[i+1] = 0;
+		ret = asprintf(&dirmask, "%s%*s*", rl_ctx->remote_cur_dir, i-1,
+			       text);
+	} else {
+		ret = asprintf(&dirmask, "%s*", rl_ctx->remote_cur_dir);
+	}
+	if (ret < 0) {
+		goto cleanup;
+	}
+
+	if (smbcli_list(rl_ctx->cli->tree, dirmask, 
+		     FILE_ATTRIBUTE_DIRECTORY | FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN, 
+		     completion_remote_filter, &info) < 0)
+		goto cleanup;
+
+	if (info.count == 2)
+		info.matches[0] = strdup(info.matches[1]);
+	else {
+		info.matches[0] = malloc_array_p(char, info.samelen+1);
+		if (!info.matches[0])
+			goto cleanup;
+		strncpy(info.matches[0], info.matches[1], info.samelen);
+		info.matches[0][info.samelen] = 0;
+	}
+	info.matches[info.count] = NULL;
+	return info.matches;
+
+cleanup:
+	for (i = 0; i < info.count; i++)
+		free(info.matches[i]);
+	free(info.matches);
+	return NULL;
+}
+
+static char **completion_fn(const char *text, int start, int end)
+{
+	smb_readline_ca_char(' ');
+
+	if (start) {
+		const char *buf, *sp;
+		int i;
+		char compl_type;
+
+		buf = smb_readline_get_line_buffer();
+		if (buf == NULL)
+			return NULL;
+		
+		sp = strchr(buf, ' ');
+		if (sp == NULL)
+			return NULL;
+		
+		for (i = 0; commands[i].name; i++)
+			if ((strncmp(commands[i].name, text, sp - buf) == 0) && (commands[i].name[sp - buf] == 0))
+				break;
+		if (commands[i].name == NULL)
+			return NULL;
+
+		while (*sp == ' ')
+			sp++;
+
+		if (sp == (buf + start))
+			compl_type = commands[i].compl_args[0];
+		else
+			compl_type = commands[i].compl_args[1];
+
+		if (compl_type == COMPL_REMOTE)
+			return remote_completion(text, end - start);
+		else /* fall back to local filename completion */
+			return NULL;
+	} else {
+		char **matches;
+		size_t i, len, samelen = 0, count=1;
+
+		matches = malloc_array_p(char *, MAX_COMPLETIONS);
+		if (!matches) return NULL;
+		matches[0] = NULL;
+
+		len = strlen(text);
+		for (i=0;commands[i].fn && count < MAX_COMPLETIONS-1;i++) {
+			if (strncmp(text, commands[i].name, len) == 0) {
+				matches[count] = strdup(commands[i].name);
+				if (!matches[count])
+					goto cleanup;
+				if (count == 1)
+					samelen = strlen(matches[count]);
+				else
+					while (strncmp(matches[count], matches[count-1], samelen) != 0)
+						samelen--;
+				count++;
+			}
+		}
+
+		switch (count) {
+		case 0:	/* should never happen */
+		case 1:
+			goto cleanup;
+		case 2:
+			matches[0] = strdup(matches[1]);
+			break;
+		default:
+			matches[0] = malloc_array_p(char, samelen+1);
+			if (!matches[0])
+				goto cleanup;
+			strncpy(matches[0], matches[1], samelen);
+			matches[0][samelen] = 0;
+		}
+		matches[count] = NULL;
+		return matches;
+
+cleanup:
+		for (i = 0; i < count; i++) {
+			free(matches[i]);
+		}
+		free(matches);
+		return NULL;
+	}
+}
+
+/****************************************************************************
+make sure we swallow keepalives during idle time
+****************************************************************************/
+static void readline_callback(void)
+{
+	static time_t last_t;
+	time_t t;
+
+	t = time(NULL);
+
+	if (t - last_t < 5) return;
+
+	last_t = t;
+
+	smbcli_transport_process(rl_ctx->cli->transport);
+
+	if (rl_ctx->cli->tree) {
+		smbcli_chkpath(rl_ctx->cli->tree, "\\");
+	}
+}
+
+static int process_line(struct smbclient_context *ctx, const char *cline)
+{
+	char **args;
+	int i;
+
+	/* and get the first part of the command */
+	args = str_list_make_shell(ctx, cline, NULL);
+	if (!args || !args[0])
+		return 0;
+
+	if ((i = process_tok(args[0])) >= 0) {
+		const char **a = discard_const_p(const char *, args);
+		i = commands[i].fn(ctx, a);
+	} else if (i == -2) {
+		d_printf("%s: command abbreviation ambiguous\n",args[0]);
+	} else {
+		d_printf("%s: command not found\n",args[0]);
+	}
+
+	talloc_free(args);
+
+	return i;
+}
+
+/****************************************************************************
+process commands on stdin
+****************************************************************************/
+static int process_stdin(struct smbclient_context *ctx)
+{
+	int rc = 0;
+	while (1) {
+		/* display a prompt */
+		char *the_prompt = talloc_asprintf(ctx, "smb: %s> ", ctx->remote_cur_dir);
+		char *cline = smb_readline(the_prompt, readline_callback, completion_fn);
+		talloc_free(the_prompt);
+
+		if (!cline) break;
+
+		/* special case - first char is ! */
+		if (*cline == '!') {
+			int ret;
+			ret = system(cline + 1);
+			free(cline);
+			if (ret == -1) {
+				rc |= ret;
+			}
+			continue;
+		}
+
+		rc |= process_command_string(ctx, cline);
+		free(cline);
+
+	}
+
+	return rc;
+}
+
+
+/***************************************************** 
+return a connection to a server
+*******************************************************/
+static bool do_connect(struct smbclient_context *ctx, 
+		       struct tevent_context *ev_ctx,
+		       struct resolve_context *resolve_ctx,
+		       const char *specified_server, const char **ports, 
+		       const char *specified_share, 
+			   const char *socket_options,
+		       struct cli_credentials *cred, 
+		       struct smbcli_options *options,
+		       struct smbcli_session_options *session_options,
+			   struct gensec_settings *gensec_settings)
+{
+	NTSTATUS status;
+	char *server, *share;
+
+	rl_ctx = ctx; /* Ugly hack */
+
+	if (strncmp(specified_share, "\\\\", 2) == 0 ||
+	    strncmp(specified_share, "//", 2) == 0) {
+		bool ok;
+
+		ok = smbcli_parse_unc(specified_share, ctx, &server, &share);
+		if (!ok) {
+			d_printf("Failed to parse UNC\n");
+			talloc_free(ctx);
+			return false;
+		}
+	} else {
+		share = talloc_strdup(ctx, specified_share);
+		server = talloc_strdup(ctx, specified_server);
+		if (share == NULL || server == NULL) {
+			d_printf("Failed to allocate memory for server and share\n");
+			talloc_free(ctx);
+			return false;
+		}
+	}
+
+	ctx->remote_cur_dir = talloc_strdup(ctx, "\\");
+	if (ctx->remote_cur_dir == NULL) {
+		talloc_free(ctx);
+		return false;
+	}
+
+	status = smbcli_full_connection(ctx, &ctx->cli, server, ports,
+					share, NULL, 
+					socket_options,
+					cred, resolve_ctx, 
+					ev_ctx, options, session_options,
+					gensec_settings);
+	if (!NT_STATUS_IS_OK(status)) {
+		d_printf("Connection to \\\\%s\\%s failed - %s\n", 
+			 server, share, nt_errstr(status));
+		talloc_free(ctx);
+		return false;
+	}
+
+	return true;
+}
+
+/****************************************************************************
+handle a -L query
+****************************************************************************/
+static int do_host_query(struct loadparm_context *lp_ctx,
+			 struct tevent_context *ev_ctx,
+			 const char *query_host,
+			 const char *workgroup)
+{
+	browse_host(lp_ctx, ev_ctx, query_host);
+	list_servers(workgroup);
+	return(0);
+}
+
+
+/****************************************************************************
+handle a message operation
+****************************************************************************/
+static int do_message_op(const char *netbios_name, const char *desthost,
+			 const char **destports, const char *destip,
+			 int name_type,
+			 struct tevent_context *ev_ctx,
+			 struct resolve_context *resolve_ctx,
+			 struct smbcli_options *options,
+             const char *socket_options)
+{
+	struct nbt_name called, calling;
+	const char *server_name;
+	struct smbcli_state *cli;
+	bool ok;
+
+	make_nbt_name_client(&calling, netbios_name);
+
+	nbt_choose_called_name(NULL, &called, desthost, name_type);
+
+	server_name = destip ? destip : desthost;
+
+	cli = smbcli_state_init(NULL);
+	if (cli == NULL) {
+		d_printf("smbcli_state_init() failed\n");
+		return 1;
+	}
+
+	ok = smbcli_socket_connect(cli, server_name, destports,
+				   ev_ctx, resolve_ctx, options,
+				   socket_options,
+				   &calling, &called);
+	if (!ok) {
+		d_printf("Connection to %s failed\n", server_name);
+		return 1;
+	}
+
+	send_message(cli, desthost);
+	talloc_free(cli);
+
+	return 0;
+}
+
+
+/****************************************************************************
+  main program
+****************************************************************************/
+int main(int argc, char *argv[])
+{
+	const char **const_argv = discard_const_p(const char *, argv);
+	char *base_directory = NULL;
+	const char *dest_ip = NULL;
+	int opt;
+	const char *query_host = NULL;
+	bool message = false;
+	char *desthost = NULL;
+	poptContext pc;
+	const char *service = NULL;
+	int port = 0;
+	char *p;
+	int rc = 0;
+	int name_type = 0x20;
+	TALLOC_CTX *mem_ctx;
+	struct tevent_context *ev_ctx;
+	struct smbclient_context *ctx;
+	const char *cmdstr = NULL;
+	struct smbcli_options smb_options;
+	struct smbcli_session_options smb_session_options;
+	struct cli_credentials *creds = NULL;
+	struct loadparm_context *lp_ctx = NULL;
+	bool ok;
+
+	struct poptOption long_options[] = {
+		POPT_AUTOHELP
+
+		{
+			.longName   = "message",
+			.shortName  = 'M',
+			.argInfo    = POPT_ARG_STRING,
+			.arg        = NULL,
+			.val        = 'M',
+			.descrip    = "Send message",
+			.argDescrip = "HOST",
+		},
+		{
+			.longName   = "ip-address",
+			.shortName  = 'I',
+			.argInfo    = POPT_ARG_STRING,
+			.arg        = NULL,
+			.val        = 'I',
+			.descrip    = "Use this IP to connect to",
+			.argDescrip = "IP",
+		},
+		{
+			.longName   = "stderr",
+			.shortName  = 'E',
+			.argInfo    = POPT_ARG_NONE,
+			.arg        = NULL,
+			.val        = 'E',
+			.descrip    = "Write messages to stderr instead of stdout",
+		},
+		{
+			.longName   = "list",
+			.shortName  = 'L',
+			.argInfo    = POPT_ARG_STRING,
+			.arg        = NULL,
+			.val        = 'L',
+			.descrip    = "Get a list of shares available on a host",
+			.argDescrip = "HOST",
+		},
+		{
+			.longName   = "directory",
+			.shortName  = 'D',
+			.argInfo    = POPT_ARG_STRING,
+			.arg        = NULL,
+			.val        = 'D',
+			.descrip    = "Start from directory",
+			.argDescrip = "DIR",
+		},
+		{
+			.longName   = "command",
+			.shortName  = 'c',
+			.argInfo    = POPT_ARG_STRING,
+			.arg        = &cmdstr,
+			.val        = 'c',
+			.descrip    = "Execute semicolon separated commands",
+		},
+		{
+			.longName   = "send-buffer",
+			.shortName  = 'b',
+			.argInfo    = POPT_ARG_INT,
+			.arg        = NULL,
+			.val        = 'b',
+			.descrip    = "Changes the transmit/send buffer",
+			.argDescrip = "BYTES",
+		},
+		{
+			.longName   = "port",
+			.shortName  = 'p',
+			.argInfo    = POPT_ARG_INT,
+			.arg        = &port,
+			.val        = 'p',
+			.descrip    = "Port to connect to",
+			.argDescrip = "PORT",
+		},
+		POPT_COMMON_SAMBA
+		POPT_COMMON_CONNECTION
+		POPT_COMMON_CREDENTIALS
+		POPT_LEGACY_S4
+		POPT_COMMON_VERSION
+		POPT_TABLEEND
+	};
+	
+	mem_ctx = talloc_init("client.c/main");
+	if (!mem_ctx) {
+		d_printf("\nclient.c: Not enough memory\n");
+		exit(1);
+	}
+
+	ctx = talloc_zero(mem_ctx, struct smbclient_context);
+	ctx->io_bufsize = 64512;
+
+	ok = samba_cmdline_init(mem_ctx,
+				SAMBA_CMDLINE_CONFIG_CLIENT,
+				false /* require_smbconf */);
+	if (!ok) {
+		DBG_ERR("Failed to init cmdline parser!\n");
+		TALLOC_FREE(ctx);
+		exit(1);
+	}
+
+	pc = samba_popt_get_context(getprogname(),
+				    argc,
+				    const_argv,
+				    long_options,
+				    0);
+	if (pc == NULL) {
+		DBG_ERR("Failed to setup popt context!\n");
+		TALLOC_FREE(ctx);
+		exit(1);
+	}
+	poptSetOtherOptionHelp(pc, "[OPTIONS] service <password>");
+
+	while ((opt = poptGetNextOpt(pc)) != -1) {
+		switch (opt) {
+		case 'M':
+			/* Messages are sent to NetBIOS name type 0x3
+			 * (Messenger Service).  Make sure we default
+			 * to port 139 instead of port 445. srl,crh
+			 */
+			name_type = 0x03; 
+			desthost = strdup(poptGetOptArg(pc));
+			if( 0 == port ) port = 139;
+ 			message = true;
+ 			break;
+		case 'I':
+			dest_ip = poptGetOptArg(pc);
+			break;
+		case 'L':
+			query_host = strdup(poptGetOptArg(pc));
+			break;
+		case 'D':
+			base_directory = strdup(poptGetOptArg(pc));
+			break;
+		case 'b':
+			ctx->io_bufsize = MAX(1, atoi(poptGetOptArg(pc)));
+			break;
+		case POPT_ERROR_BADOPT:
+			fprintf(stderr, "\nInvalid option %s: %s\n\n",
+				poptBadOption(pc, 0), poptStrerror(opt));
+			poptPrintUsage(pc, stderr, 0);
+			exit(1);
+		}
+	}
+
+	gensec_init();
+
+	if(poptPeekArg(pc)) {
+		char *s = strdup(poptGetArg(pc)); 
+
+		/* Convert any '/' characters in the service name to '\' characters */
+		string_replace(s, '/','\\');
+
+		service = s;
+
+		if (count_chars(s,'\\') < 3) {
+			d_printf("\n%s: Not enough '\\' characters in service\n",s);
+			poptPrintUsage(pc, stderr, 0);
+			exit(1);
+		}
+	}
+
+	creds = samba_cmdline_get_creds();
+	lp_ctx = samba_cmdline_get_lp_ctx();
+
+	if (poptPeekArg(pc)) { 
+		cli_credentials_set_password(creds,
+			poptGetArg(pc), CRED_SPECIFIED);
+	}
+
+	if (!query_host && !service && !message) {
+		poptPrintUsage(pc, stderr, 0);
+		exit(1);
+	}
+
+	poptFreeContext(pc);
+	samba_cmdline_burn(argc, argv);
+
+	lpcfg_smbcli_options(lp_ctx, &smb_options);
+	lpcfg_smbcli_session_options(lp_ctx, &smb_session_options);
+
+	ev_ctx = s4_event_context_init(ctx);
+
+	DEBUG( 3, ( "Client started (version %s).\n", SAMBA_VERSION_STRING ) );
+
+	if (query_host && (p=strchr_m(query_host,'#'))) {
+		*p = 0;
+		p++;
+		sscanf(p, "%x", &name_type);
+	}
+  
+	if (query_host) {
+		rc = do_host_query(lp_ctx, ev_ctx, query_host,
+				   lpcfg_workgroup(lp_ctx));
+		return rc;
+	}
+
+	if (message) {
+		rc = do_message_op(lpcfg_netbios_name(lp_ctx), desthost,
+				   lpcfg_smb_ports(lp_ctx), dest_ip,
+				   name_type, ev_ctx,
+				   lpcfg_resolve_context(lp_ctx),
+				   &smb_options, 
+                   lpcfg_socket_options(lp_ctx));
+		return rc;
+	}
+	
+	if (!do_connect(ctx, ev_ctx, lpcfg_resolve_context(lp_ctx),
+			desthost, lpcfg_smb_ports(lp_ctx), service,
+			lpcfg_socket_options(lp_ctx),
+			creds,
+			&smb_options, &smb_session_options,
+			lpcfg_gensec_settings(ctx, lp_ctx)))
+		return 1;
+
+	if (base_directory) {
+		do_cd(ctx, base_directory);
+		free(base_directory);
+	}
+	
+	if (cmdstr) {
+		rc = process_command_string(ctx, cmdstr);
+	} else {
+		rc = process_stdin(ctx);
+	}
+
+	free(desthost);
+	talloc_free(mem_ctx);
+
+	return rc;
+}
diff --git a/source4/client/tests/test_cifsdd.sh b/source4/client/tests/test_cifsdd.sh
new file mode 100755
index 0000000..21a8840
--- /dev/null
+++ b/source4/client/tests/test_cifsdd.sh
@@ -0,0 +1,77 @@
+#!/bin/sh
+
+# Basic script to make sure that cifsdd can do both local and remote I/O.
+
+if [ $# -lt 4 ]; then
+	cat <<EOF
+Usage: test_cifsdd.sh SERVER USERNAME PASSWORD DOMAIN
+EOF
+	exit 1
+fi
+
+SERVER=$1
+USERNAME=$2
+PASSWORD=$3
+DOMAIN=$4
+
+. $(dirname $0)/../../../testprogs/blackbox/subunit.sh
+
+samba4bindir="$BINDIR"
+DD="$samba4bindir/cifsdd"
+
+SHARE=tmp
+DEBUGLEVEL=1
+
+runcopy()
+{
+	message="$1"
+	shift
+
+	testit "$message" $VALGRIND $DD $CONFIGURATION --debuglevel=$DEBUGLEVEL -W "$DOMAIN" -U "$USERNAME"%"$PASSWORD" \
+		"$@" || failed=$(expr $failed + 1)
+}
+
+compare()
+{
+	testit "$1" cmp "$2" "$3" || failed=$(expr $failed + 1)
+}
+
+sourcefile=tempfile.src.$$
+sourcepath=${SELFTEST_TMPDIR}/$sourcefile
+destfile=tempfile.dst.$$
+destpath=${SELFTEST_TMPDIR}/$destfile
+
+# Create a source file with arbitrary contents
+dd if=$DD of=$sourcepath bs=1024 count=50 >/dev/null
+
+ls -l $sourcepath
+
+for bs in 512 4k 48k; do
+
+	echo "Testing $bs block size ..."
+
+	# Check whether we can do local IO
+	runcopy "Testing local -> local copy" if=$sourcepath of=$destpath bs=$bs
+	compare "Checking local differences" $sourcepath $destpath
+
+	# Check whether we can do a round trip
+	runcopy "Testing local -> remote copy" \
+		if=$sourcepath of=//$SERVER/$SHARE/$sourcefile bs=$bs
+	runcopy "Testing remote -> local copy" \
+		if=//$SERVER/$SHARE/$sourcefile of=$destpath bs=$bs
+	compare "Checking differences" $sourcepath $destpath
+
+	# Check that copying within the remote server works
+	runcopy "Testing local -> remote copy" \
+		if=//$SERVER/$SHARE/$sourcefile of=//$SERVER/$SHARE/$sourcefile bs=$bs
+	runcopy "Testing remote -> remote copy" \
+		if=//$SERVER/$SHARE/$sourcefile of=//$SERVER/$SHARE/$destfile bs=$bs
+	runcopy "Testing remote -> local copy" \
+		if=//$SERVER/$SHARE/$destfile of=$destpath bs=$bs
+	compare "Checking differences" $sourcepath $destpath
+
+done
+
+rm -f $sourcepath $destpath
+
+exit $failed
diff --git a/source4/client/tests/test_smbclient.sh b/source4/client/tests/test_smbclient.sh
new file mode 100755
index 0000000..121de17
--- /dev/null
+++ b/source4/client/tests/test_smbclient.sh
@@ -0,0 +1,154 @@
+#!/bin/sh
+# Blackbox tests for smbclient
+# Copyright (C) 2006-2007 Jelmer Vernooij <jelmer@samba.org>
+# Copyright (C) 2006-2007 Andrew Bartlett <abartlet@samba.org>
+
+if [ $# -lt 5 ]; then
+	cat <<EOF
+Usage: test_smbclient.sh SERVER USERNAME PASSWORD DOMAIN PREFIX SMBCLIENT
+EOF
+	exit 1
+fi
+
+SERVER=$1
+USERNAME=$2
+PASSWORD=$3
+DOMAIN=$4
+PREFIX=$5
+smbclient=$6
+shift 6
+failed=0
+
+. $(dirname $0)/../../../testprogs/blackbox/subunit.sh
+
+runcmd()
+{
+	name="$1"
+	cmd="$2"
+	shift
+	shift
+	echo "test: $name"
+	$VALGRIND $smbclient $CONFIGURATION //$SERVER/tmp -c "$cmd" -W "$DOMAIN" -U"$USERNAME%$PASSWORD" "$@"
+	status=$?
+	if [ x$status = x0 ]; then
+		echo "success: $name"
+	else
+		echo "failure: $name"
+	fi
+	return $status
+}
+
+testit "share and server list" $VALGRIND $smbclient -L $SERVER $CONFIGURATION -W "$DOMAIN" -U"$USERNAME%$PASSWORD" "$@" || failed=$(expr $failed + 1)
+
+testit "share and server list anonymously" $VALGRIND $smbclient -N -L $SERVER $CONFIGURATION "$@" || failed=$(expr $failed + 1)
+
+# Use the smbclient binary as our test file
+cat $smbclient >$PREFIX/tmpfile
+
+# put that file
+runcmd "MPutting file" "lcd $PREFIX; mput tmpfile" || failed=$(expr $failed + 1)
+# check file info
+runcmd "Getting alternative name" 'altname tmpfile' || failed=$(expr $failed + 1)
+# run allinfo on that file
+runcmd "Checking info on file" 'allinfo tmpfile' || failed=$(expr $failed + 1)
+# get that file
+mv $PREFIX/tmpfile $PREFIX/tmpfile-old
+runcmd "MGetting file" "lcd $PREFIX; mget tmpfile" || failed=$(expr $failed + 1)
+# remove that file
+runcmd "Removing file" 'rm tmpfile' || failed=$(expr $failed + 1)
+# compare locally
+testit "Comparing files" diff $PREFIX/tmpfile-old $PREFIX/tmpfile || failed=$(expr $failed + 1)
+# create directory
+# cd to directory
+# cd to top level directory
+# remove directory
+runcmd "Creating directory, Changing directory, Going back" 'mkdir bla; cd bla; cd ..; rmdir bla' || failed=$(expr $failed + 1)
+# enable recurse, create nested directory
+runcmd "Creating nested directory" 'mkdir bla/bloe' || failed=$(expr $failed + 1)
+# remove child directory
+runcmd "Removing directory" 'rmdir bla/bloe' || failed=$(expr $failed + 1)
+# remove parent directory
+runcmd "Removing directory" 'rmdir bla' || failed=$(expr $failed + 1)
+# enable recurse, create nested directory
+runcmd "Creating nested directory" 'mkdir bla' || failed=$(expr $failed + 1)
+# rename bla to bla2
+runcmd "rename of nested directory" 'rename bla bla2' || failed=$(expr $failed + 1)
+# deltree
+runcmd "deltree of nested directory" 'deltree bla2' || failed=$(expr $failed + 1)
+# run fsinfo
+runcmd "Getting file system info" 'fsinfo allocation' || failed=$(expr $failed + 1)
+runcmd "Getting file system info" 'fsinfo volume' || failed=$(expr $failed + 1)
+runcmd "Getting file system info" 'fsinfo volumeinfo' || failed=$(expr $failed + 1)
+runcmd "Getting file system info" 'fsinfo sizeinfo' || failed=$(expr $failed + 1)
+runcmd "Getting file system info" 'fsinfo deviceinfo' || failed=$(expr $failed + 1)
+runcmd "Getting file system info" 'fsinfo attributeinfo' || failed=$(expr $failed + 1)
+runcmd "Getting file system info" 'fsinfo volume-information' || failed=$(expr $failed + 1)
+runcmd "Getting file system info" 'fsinfo size-information' || failed=$(expr $failed + 1)
+runcmd "Getting file system info" 'fsinfo device-information' || failed=$(expr $failed + 1)
+runcmd "Getting file system info" 'fsinfo attribute-information' || failed=$(expr $failed + 1)
+runcmd "Getting file system info" 'fsinfo quota-information' || failed=$(expr $failed + 1)
+runcmd "Getting file system info" 'fsinfo fullsize-information' || failed=$(expr $failed + 1)
+runcmd "Getting file system info" 'fsinfo objectid' || failed=$(expr $failed + 1)
+
+# put that file
+runcmd "Putting file" "lcd $PREFIX; put tmpfile" || failed=$(expr $failed + 1)
+# get that file
+mv $PREFIX/tmpfile $PREFIX/tmpfile-old
+runcmd "Getting file" "lcd $PREFIX; get tmpfile" || failed=$(expr $failed + 1)
+runcmd "Getting file EA info" 'eainfo tmpfile' || failed=$(expr $failed + 1)
+# remove that file
+runcmd "Removing file" 'rm tmpfile' || failed=$(expr $failed + 1)
+# compare locally
+testit "Comparing files" diff $PREFIX/tmpfile-old $PREFIX/tmpfile || failed=$(expr $failed + 1)
+# put that file
+runcmd "Putting file with different name" "lcd $PREFIX; put tmpfile tmpfilex" || failed=$(expr $failed + 1)
+# get that file
+runcmd "Getting file again" "lcd $PREFIX; get tmpfilex" || failed=$(expr $failed + 1)
+# compare locally
+testit "Comparing files" diff $PREFIX/tmpfilex $PREFIX/tmpfile || failed=$(expr $failed + 1)
+# remove that file
+runcmd "Removing file" 'rm tmpfilex' || failed=$(expr $failed + 1)
+
+runcmd "Lookup name" "lookup $DOMAIN\\$USERNAME" || failed=$(expr $failed + 1)
+
+#Fails unless there are privileges
+#runcmd "Lookup privs of name" "privileges $DOMAIN\\$USERNAME" || failed=`expr $failed + 1`
+
+# do some simple operations using old protocol versions
+runcmd "List directory with LANMAN1" 'ls' -m LANMAN1 --option=clientntlmv2auth=no || failed=$(expr $failed + 1)
+runcmd "List directory with LANMAN2" 'ls' -m LANMAN2 --option=clientntlmv2auth=no || failed=$(expr $failed + 1)
+
+runcmd "Print current working directory" 'pwd' || failed=$(expr $failed + 1)
+
+(
+	echo "password=$PASSWORD"
+	echo "username=$USERNAME"
+	echo "domain=$DOMAIN"
+) >$PREFIX/tmpauthfile
+
+testit "Test login with --authentication-file" $VALGRIND $smbclient -c 'ls' $CONFIGURATION //$SERVER/tmp --authentication-file=$PREFIX/tmpauthfile || failed=$(expr $failed + 1)
+
+PASSWD_FILE="$PREFIX/tmppassfile"
+echo "$PASSWORD" >$PASSWD_FILE
+export PASSWD_FILE
+testit "Test login with PASSWD_FILE" $VALGRIND $smbclient -c 'ls' $CONFIGURATION //$SERVER/tmp -W "$DOMAIN" -U"$USERNAME" || failed=$(expr $failed + 1)
+PASSWD_FILE=""
+export PASSWD_FILE
+unset PASSWD_FILE
+
+PASSWD="$PASSWORD"
+export PASSWD
+testit "Test login with PASSWD" $VALGRIND $smbclient -c 'ls' $CONFIGURATION //$SERVER/tmp -W "$DOMAIN" -U"$USERNAME" || failed=$(expr $failed + 1)
+
+oldUSER=$USER
+USER="$USERNAME"
+export USER
+testit "Test login with USER and PASSWD" $VALGRIND $smbclient --use-kerberos=disabled -c 'ls' $CONFIGURATION //$SERVER/tmp -W "$DOMAIN" || failed=$(expr $failed + 1)
+PASSWD=
+export PASSWD
+unset PASSWD
+USER=$oldUSER
+export USER
+
+rm -f $PREFIX/tmpfile $PREFIX/tmpfile-old $PREFIX/tmpfilex $PREFIX/tmpauthfile $PREFIX/tmppassfile
+exit $failed
diff --git a/source4/cluster/cluster.c b/source4/cluster/cluster.c
new file mode 100644
index 0000000..11c4194
--- /dev/null
+++ b/source4/cluster/cluster.c
@@ -0,0 +1,86 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   core clustering code
+
+   Copyright (C) Andrew Tridgell 2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "cluster/cluster.h"
+#include "cluster/cluster_private.h"
+#include "librpc/gen_ndr/misc.h"
+#include "librpc/gen_ndr/server_id.h"
+
+static struct cluster_ops *ops;
+
+/* set cluster operations */
+void cluster_set_ops(struct cluster_ops *new_ops)
+{
+	ops = new_ops;
+}
+
+/*
+  an ugly way of getting at the backend handle (eg. ctdb context) via the cluster API
+*/
+void *cluster_backend_handle(void)
+{
+	return ops->backend_handle(ops);
+}
+
+/* by default use the local ops */
+static void cluster_init(void)
+{
+	if (ops == NULL) cluster_local_init();
+}
+
+/*
+  create a server_id for the local node
+*/
+struct server_id cluster_id(uint64_t pid, uint32_t task_id)
+{
+	cluster_init();
+	return ops->cluster_id(ops, pid, task_id);
+}
+
+/*
+  open a temporary tdb in a cluster friendly manner
+*/
+struct db_context *cluster_db_tmp_open(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, const char *dbbase, int flags)
+{
+	cluster_init();
+	return ops->cluster_db_tmp_open(ops, mem_ctx, lp_ctx, dbbase, flags);
+}
+
+
+/*
+  register a callback function for a messaging endpoint
+*/
+NTSTATUS cluster_message_init(struct imessaging_context *msg, struct server_id server,
+			      cluster_message_fn_t handler)
+{
+	cluster_init();
+	return ops->message_init(ops, msg, server, handler);
+}
+
+/*
+  send a message to another node in the cluster
+*/
+NTSTATUS cluster_message_send(struct server_id server, DATA_BLOB *data)
+{
+	cluster_init();
+	return ops->message_send(ops, server, data);
+}
diff --git a/source4/cluster/cluster.h b/source4/cluster/cluster.h
new file mode 100644
index 0000000..2bbbea2
--- /dev/null
+++ b/source4/cluster/cluster.h
@@ -0,0 +1,51 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   structures for clustering
+
+   Copyright (C) Andrew Tridgell 2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __CLUSTER_H__
+#define __CLUSTER_H__ 
+
+#include "librpc/gen_ndr/server_id.h"
+
+/*
+  test for same cluster id
+*/
+#define cluster_id_equal(id_1, id_2) ((id_1)->pid == (id_2)->pid \
+				    && (id_1)->task_id == (id_2)->task_id \
+				    && (id_1)->vnn == (id_2)->vnn)
+
+/*
+  test for same cluster node
+*/
+#define cluster_node_equal(id1, id2) ((id1)->vnn == (id2)->vnn)
+
+struct imessaging_context;
+typedef void (*cluster_message_fn_t)(struct imessaging_context *, DATA_BLOB);
+
+/* prototypes */
+struct server_id cluster_id(uint64_t id, uint32_t task_id);
+struct db_context *cluster_db_tmp_open(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, const char *dbbase, int flags);
+void *cluster_backend_handle(void);
+
+NTSTATUS cluster_message_init(struct imessaging_context *msg, struct server_id server,
+			      cluster_message_fn_t handler);
+NTSTATUS cluster_message_send(struct server_id server, DATA_BLOB *data);
+
+#endif
diff --git a/source4/cluster/cluster_private.h b/source4/cluster/cluster_private.h
new file mode 100644
index 0000000..2b79922
--- /dev/null
+++ b/source4/cluster/cluster_private.h
@@ -0,0 +1,43 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   private structures for clustering
+
+   Copyright (C) Andrew Tridgell 2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _CLUSTER_PRIVATE_H_
+#define _CLUSTER_PRIVATE_H_
+
+struct cluster_ops {
+	struct server_id (*cluster_id)(struct cluster_ops *ops, uint64_t id, uint32_t id2);
+	struct db_context *(*cluster_db_tmp_open)(struct cluster_ops *,
+						 TALLOC_CTX *,
+						 struct loadparm_context *,
+						 const char *, int);
+	void *(*backend_handle)(struct cluster_ops *);
+	NTSTATUS (*message_init)(struct cluster_ops *ops, 
+				 struct imessaging_context *msg, struct server_id server,
+				 cluster_message_fn_t handler);
+	NTSTATUS (*message_send)(struct cluster_ops *ops,
+				 struct server_id server, DATA_BLOB *data);	
+	void *private_data; /* backend state */
+};
+
+void cluster_set_ops(struct cluster_ops *new_ops);
+void cluster_local_init(void);
+
+#endif
diff --git a/source4/cluster/local.c b/source4/cluster/local.c
new file mode 100644
index 0000000..ea36663
--- /dev/null
+++ b/source4/cluster/local.c
@@ -0,0 +1,121 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   local (dummy) clustering operations
+
+   Copyright (C) Andrew Tridgell 2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "cluster/cluster.h"
+#include "cluster/cluster_private.h"
+#include "dbwrap/dbwrap.h"
+#include "system/filesys.h"
+#include "param/param.h"
+#include "librpc/gen_ndr/server_id.h"
+
+/*
+  server a server_id for the local node
+*/
+static struct server_id local_id(struct cluster_ops *ops, uint64_t pid, uint32_t task_id)
+{
+	struct server_id server_id;
+	ZERO_STRUCT(server_id);
+	server_id.pid = pid;
+	server_id.task_id = task_id;
+	server_id.vnn = NONCLUSTER_VNN;
+	/* This is because we are not in the s3 serverid database */
+	server_id.unique_id = SERVERID_UNIQUE_ID_NOT_TO_VERIFY;
+	return server_id;
+}
+
+
+/*
+  open a tmp tdb for the local node. By using smbd_tmp_path() we don't need
+  TDB_CLEAR_IF_FIRST as the tmp path is wiped at startup
+*/
+static struct db_context *local_db_tmp_open(struct cluster_ops *ops,
+					    TALLOC_CTX *mem_ctx,
+					    struct loadparm_context *lp_ctx,
+					    const char *dbbase, int flags)
+{
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	char *path, *dbname;
+	struct db_context *db;
+	int hash_size, tdb_flags;
+
+	dbname = talloc_asprintf(mem_ctx, "%s.tdb", dbbase);
+
+	path = smbd_tmp_path(tmp_ctx, lp_ctx, dbname);
+
+	hash_size = lpcfg_tdb_hash_size(lp_ctx, path);
+	tdb_flags = lpcfg_tdb_flags(lp_ctx, flags);
+
+	db = dbwrap_local_open(
+		mem_ctx,
+		path,
+		hash_size,
+		tdb_flags,
+		O_RDWR|O_CREAT,
+		0600,
+		DBWRAP_LOCK_ORDER_NONE,
+		DBWRAP_FLAG_NONE);
+	talloc_free(tmp_ctx);
+	return db;
+}
+
+/*
+  dummy backend handle function
+*/
+static void *local_backend_handle(struct cluster_ops *ops)
+{
+	return NULL;
+}
+
+/*
+  dummy message init function - not needed as all messages are local
+*/
+static NTSTATUS local_message_init(struct cluster_ops *ops,
+				   struct imessaging_context *msg,
+				   struct server_id server,
+				   cluster_message_fn_t handler)
+{
+	return NT_STATUS_OK;
+}
+
+/*
+  dummy message send
+*/
+static NTSTATUS local_message_send(struct cluster_ops *ops,
+				   struct server_id server, DATA_BLOB *data)
+{
+	return NT_STATUS_INVALID_DEVICE_REQUEST;
+}
+
+static struct cluster_ops cluster_local_ops = {
+	.cluster_id           = local_id,
+	.cluster_db_tmp_open  = local_db_tmp_open,
+	.backend_handle       = local_backend_handle,
+	.message_init         = local_message_init,
+	.message_send         = local_message_send,
+	.private_data         = NULL
+};
+
+void cluster_local_init(void)
+{
+	cluster_set_ops(&cluster_local_ops);
+}
+
diff --git a/source4/cluster/wscript_build b/source4/cluster/wscript_build
new file mode 100644
index 0000000..b8a91cc
--- /dev/null
+++ b/source4/cluster/wscript_build
@@ -0,0 +1,8 @@
+#!/usr/bin/env python
+
+bld.SAMBA_LIBRARY('cluster',
+                  source='cluster.c local.c',
+                  deps='dbwrap samba-hostconfig talloc',
+                  private_library=True
+                  )
+
diff --git a/source4/dns_server/TODO b/source4/dns_server/TODO
new file mode 100644
index 0000000..1949650
--- /dev/null
+++ b/source4/dns_server/TODO
@@ -0,0 +1,12 @@
+DNS server todo list
+--------------------
+
+Just so we don't forget the required features for an AD-compatible DNS server:
+
+- Symmetric Bind-style TKEY handling (not strictly needed for AD, but needed for
+  integration to other name servers / tools)
+(- Command line tools that unix admins are used to)
+- Zone transfer support (XFER, IFER) (look at AD for permission settings)
+- Caching
+- dynamic zone reloading
+- Tests, tests, tests
diff --git a/source4/dns_server/dlz_bind9.c b/source4/dns_server/dlz_bind9.c
new file mode 100644
index 0000000..409e2f3
--- /dev/null
+++ b/source4/dns_server/dlz_bind9.c
@@ -0,0 +1,2219 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   bind9 dlz driver for Samba
+
+   Copyright (C) 2010 Andrew Tridgell
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "talloc.h"
+#include "param/param.h"
+#include "lib/events/events.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
+#include "auth/auth.h"
+#include "auth/session.h"
+#include "auth/gensec/gensec.h"
+#include "librpc/gen_ndr/security.h"
+#include "auth/credentials/credentials.h"
+#include "system/kerberos.h"
+#include "auth/kerberos/kerberos.h"
+#include "gen_ndr/ndr_dnsp.h"
+#include "gen_ndr/server_id.h"
+#include "messaging/messaging.h"
+#include <popt.h>
+#include "lib/util/dlinklist.h"
+#include "dlz_minimal.h"
+#include "dnsserver_common.h"
+#include "lib/util/smb_strtox.h"
+#include "lib/util/access.h"
+
+#undef strcasecmp
+
+struct b9_options {
+	const char *url;
+	const char *debug;
+};
+
+struct b9_zone {
+	char *name;
+	struct b9_zone *prev, *next;
+};
+
+struct dlz_bind9_data {
+	struct b9_options options;
+	struct ldb_context *samdb;
+	struct tevent_context *ev_ctx;
+	struct loadparm_context *lp;
+	int *transaction_token;
+	uint32_t soa_serial;
+	struct b9_zone *zonelist;
+
+	/* Used for dynamic update */
+	struct smb_krb5_context *smb_krb5_ctx;
+	struct auth4_context *auth_context;
+	struct auth_session_info *session_info;
+	char *update_name;
+
+	/* helper functions from the dlz_dlopen driver */
+	log_t *log;
+	dns_sdlz_putrr_t *putrr;
+	dns_sdlz_putnamedrr_t *putnamedrr;
+	dns_dlz_writeablezone_t *writeable_zone;
+};
+
+static struct dlz_bind9_data *dlz_bind9_state = NULL;
+static int dlz_bind9_state_ref_count = 0;
+
+static const char *zone_prefixes[] = {
+	"CN=MicrosoftDNS,DC=DomainDnsZones",
+	"CN=MicrosoftDNS,DC=ForestDnsZones",
+	"CN=MicrosoftDNS,CN=System",
+	NULL
+};
+
+/*
+ * Get a printable string representation of an isc_result_t
+ */
+static const char *isc_result_str( const isc_result_t result) {
+	switch (result) {
+	case ISC_R_SUCCESS:
+		return "ISC_R_SUCCESS";
+	case ISC_R_NOMEMORY:
+		return "ISC_R_NOMEMORY";
+	case ISC_R_NOPERM:
+		return "ISC_R_NOPERM";
+	case ISC_R_NOSPACE:
+		return "ISC_R_NOSPACE";
+	case ISC_R_NOTFOUND:
+		return "ISC_R_NOTFOUND";
+	case ISC_R_FAILURE:
+		return "ISC_R_FAILURE";
+	case ISC_R_NOTIMPLEMENTED:
+		return "ISC_R_NOTIMPLEMENTED";
+	case ISC_R_NOMORE:
+		return "ISC_R_NOMORE";
+	case ISC_R_INVALIDFILE:
+		return "ISC_R_INVALIDFILE";
+	case ISC_R_UNEXPECTED:
+		return "ISC_R_UNEXPECTED";
+	case ISC_R_FILENOTFOUND:
+		return "ISC_R_FILENOTFOUND";
+	default:
+		return "UNKNOWN";
+	}
+}
+
+/*
+  return the version of the API
+ */
+_PUBLIC_ int dlz_version(unsigned int *flags)
+{
+	return DLZ_DLOPEN_VERSION;
+}
+
+/*
+   remember a helper function from the bind9 dlz_dlopen driver
+ */
+static void b9_add_helper(struct dlz_bind9_data *state, const char *helper_name, void *ptr)
+{
+	if (strcmp(helper_name, "log") == 0) {
+		state->log = ptr;
+	}
+	if (strcmp(helper_name, "putrr") == 0) {
+		state->putrr = ptr;
+	}
+	if (strcmp(helper_name, "putnamedrr") == 0) {
+		state->putnamedrr = ptr;
+	}
+	if (strcmp(helper_name, "writeable_zone") == 0) {
+		state->writeable_zone = ptr;
+	}
+}
+
+/*
+ * Add a trailing '.' if it's missing
+ */
+static const char *b9_format_fqdn(TALLOC_CTX *mem_ctx, const char *str)
+{
+	size_t len;
+	const char *tmp;
+
+	if (str == NULL || str[0] == '\0') {
+		return str;
+	}
+
+	len = strlen(str);
+	if (str[len-1] != '.') {
+		tmp = talloc_asprintf(mem_ctx, "%s.", str);
+	} else {
+		tmp = str;
+	}
+	return tmp;
+}
+
+/*
+ * Format a record for bind9.
+ *
+ * On failure/error returns false, OR sets *data to NULL.
+ * Callers should check for both!
+ */
+static bool b9_format(struct dlz_bind9_data *state,
+		      TALLOC_CTX *mem_ctx,
+		      struct dnsp_DnssrvRpcRecord *rec,
+		      const char **type, const char **data)
+{
+	uint32_t i;
+	char *tmp;
+	const char *fqdn;
+
+	switch (rec->wType) {
+	case DNS_TYPE_A:
+		*type = "a";
+		*data = rec->data.ipv4;
+		break;
+
+	case DNS_TYPE_AAAA:
+		*type = "aaaa";
+		*data = rec->data.ipv6;
+		break;
+
+	case DNS_TYPE_CNAME:
+		*type = "cname";
+		*data = b9_format_fqdn(mem_ctx, rec->data.cname);
+		break;
+
+	case DNS_TYPE_TXT:
+		*type = "txt";
+		tmp = talloc_asprintf(mem_ctx, "\"%s\"", rec->data.txt.str[0]);
+		for (i=1; i<rec->data.txt.count; i++) {
+			talloc_asprintf_addbuf(&tmp, " \"%s\"", rec->data.txt.str[i]);
+		}
+		*data = tmp;
+		break;
+
+	case DNS_TYPE_PTR:
+		*type = "ptr";
+		*data = b9_format_fqdn(mem_ctx, rec->data.ptr);
+		break;
+
+	case DNS_TYPE_SRV:
+		*type = "srv";
+		fqdn = b9_format_fqdn(mem_ctx, rec->data.srv.nameTarget);
+		if (fqdn == NULL) {
+			return false;
+		}
+		*data = talloc_asprintf(mem_ctx, "%u %u %u %s",
+					rec->data.srv.wPriority,
+					rec->data.srv.wWeight,
+					rec->data.srv.wPort,
+					fqdn);
+		break;
+
+	case DNS_TYPE_MX:
+		*type = "mx";
+		fqdn = b9_format_fqdn(mem_ctx, rec->data.mx.nameTarget);
+		if (fqdn == NULL) {
+			return false;
+		}
+		*data = talloc_asprintf(mem_ctx, "%u %s",
+					rec->data.mx.wPriority, fqdn);
+		break;
+
+	case DNS_TYPE_NS:
+		*type = "ns";
+		*data = b9_format_fqdn(mem_ctx, rec->data.ns);
+		break;
+
+	case DNS_TYPE_SOA: {
+		const char *mname;
+		*type = "soa";
+
+		/* we need to fake the authoritative nameserver to
+		 * point at ourselves. This is how AD DNS servers
+		 * force clients to send updates to the right local DC
+		 */
+		mname = talloc_asprintf(mem_ctx, "%s.%s.",
+					lpcfg_netbios_name(state->lp),
+					lpcfg_dnsdomain(state->lp));
+		if (mname == NULL) {
+			return false;
+		}
+		mname = strlower_talloc(mem_ctx, mname);
+		if (mname == NULL) {
+			return false;
+		}
+
+		fqdn = b9_format_fqdn(mem_ctx, rec->data.soa.rname);
+		if (fqdn == NULL) {
+			return false;
+		}
+
+		state->soa_serial = rec->data.soa.serial;
+
+		*data = talloc_asprintf(mem_ctx, "%s %s %u %u %u %u %u",
+					mname, fqdn,
+					rec->data.soa.serial,
+					rec->data.soa.refresh,
+					rec->data.soa.retry,
+					rec->data.soa.expire,
+					rec->data.soa.minimum);
+		break;
+	}
+
+	default:
+		state->log(ISC_LOG_ERROR, "samba_dlz b9_format: unhandled record type %u",
+			   rec->wType);
+		return false;
+	}
+
+	return true;
+}
+
+static const struct {
+	enum dns_record_type dns_type;
+	const char *typestr;
+	bool single_valued;
+} dns_typemap[] = {
+	{ DNS_TYPE_A,     "A"     , false},
+	{ DNS_TYPE_AAAA,  "AAAA"  , false},
+	{ DNS_TYPE_CNAME, "CNAME" , true},
+	{ DNS_TYPE_TXT,   "TXT"   , false},
+	{ DNS_TYPE_PTR,   "PTR"   , false},
+	{ DNS_TYPE_SRV,   "SRV"   , false},
+	{ DNS_TYPE_MX,    "MX"    , false},
+	{ DNS_TYPE_NS,    "NS"    , false},
+	{ DNS_TYPE_SOA,   "SOA"   , true},
+};
+
+
+/*
+  see if a DNS type is single valued
+ */
+static bool b9_single_valued(enum dns_record_type dns_type)
+{
+	int i;
+	for (i=0; i<ARRAY_SIZE(dns_typemap); i++) {
+		if (dns_typemap[i].dns_type == dns_type) {
+			return dns_typemap[i].single_valued;
+		}
+	}
+	return false;
+}
+
+/*
+  get a DNS_TYPE_* value from the corresponding string
+ */
+static bool b9_dns_type(const char *type, enum dns_record_type *dtype)
+{
+	int i;
+	for (i=0; i<ARRAY_SIZE(dns_typemap); i++) {
+		if (strcasecmp(dns_typemap[i].typestr, type) == 0) {
+			*dtype = dns_typemap[i].dns_type;
+			return true;
+		}
+	}
+	return false;
+}
+
+
+#define DNS_PARSE_STR(ret, str, sep, saveptr) do {	\
+	(ret) = strtok_r(str, sep, &saveptr); \
+	if ((ret) == NULL) return false; \
+	} while (0)
+
+#define DNS_PARSE_UINT(ret, str, sep, saveptr) do {  \
+	char *istr = strtok_r(str, sep, &saveptr); \
+	int error = 0;\
+	if ((istr) == NULL) return false; \
+	(ret) = smb_strtoul(istr, NULL, 10, &error, SMB_STR_STANDARD); \
+	if (error != 0) {\
+		return false;\
+	}\
+	} while (0)
+
+/*
+  parse a record from bind9
+ */
+static bool b9_parse(struct dlz_bind9_data *state,
+		     const char *rdatastr,
+		     struct dnsp_DnssrvRpcRecord *rec)
+{
+	char *full_name, *dclass, *type;
+	char *str, *tmp, *saveptr=NULL;
+	int i;
+
+	str = talloc_strdup(rec, rdatastr);
+	if (str == NULL) {
+		return false;
+	}
+
+	/* parse the SDLZ string form */
+	DNS_PARSE_STR(full_name, str, "\t", saveptr);
+	DNS_PARSE_UINT(rec->dwTtlSeconds, NULL, "\t", saveptr);
+	DNS_PARSE_STR(dclass, NULL, "\t", saveptr);
+	DNS_PARSE_STR(type, NULL, "\t", saveptr);
+
+	/* construct the record */
+	for (i=0; i<ARRAY_SIZE(dns_typemap); i++) {
+		if (strcasecmp(type, dns_typemap[i].typestr) == 0) {
+			rec->wType = dns_typemap[i].dns_type;
+			break;
+		}
+	}
+	if (i == ARRAY_SIZE(dns_typemap)) {
+		state->log(ISC_LOG_ERROR, "samba_dlz: unsupported record type '%s' for '%s'",
+			   type, full_name);
+		return false;
+	}
+
+	switch (rec->wType) {
+	case DNS_TYPE_A:
+		DNS_PARSE_STR(rec->data.ipv4, NULL, " ", saveptr);
+		break;
+
+	case DNS_TYPE_AAAA:
+		DNS_PARSE_STR(rec->data.ipv6, NULL, " ", saveptr);
+		break;
+
+	case DNS_TYPE_CNAME:
+		DNS_PARSE_STR(rec->data.cname, NULL, " ", saveptr);
+		break;
+
+	case DNS_TYPE_TXT:
+		rec->data.txt.count = 0;
+		rec->data.txt.str = talloc_array(rec, const char *, rec->data.txt.count);
+		tmp = strtok_r(NULL, "\t", &saveptr);
+		while (tmp) {
+			rec->data.txt.str = talloc_realloc(rec, rec->data.txt.str, const char *,
+							rec->data.txt.count+1);
+			if (tmp[0] == '"') {
+				/* Strip quotes */
+				rec->data.txt.str[rec->data.txt.count] = talloc_strndup(rec, &tmp[1], strlen(tmp)-2);
+			} else {
+				rec->data.txt.str[rec->data.txt.count] = talloc_strdup(rec, tmp);
+			}
+			rec->data.txt.count++;
+			tmp = strtok_r(NULL, " ", &saveptr);
+		}
+		break;
+
+	case DNS_TYPE_PTR:
+		DNS_PARSE_STR(rec->data.ptr, NULL, " ", saveptr);
+		break;
+
+	case DNS_TYPE_SRV:
+		DNS_PARSE_UINT(rec->data.srv.wPriority, NULL, " ", saveptr);
+		DNS_PARSE_UINT(rec->data.srv.wWeight, NULL, " ", saveptr);
+		DNS_PARSE_UINT(rec->data.srv.wPort, NULL, " ", saveptr);
+		DNS_PARSE_STR(rec->data.srv.nameTarget, NULL, " ", saveptr);
+		break;
+
+	case DNS_TYPE_MX:
+		DNS_PARSE_UINT(rec->data.mx.wPriority, NULL, " ", saveptr);
+		DNS_PARSE_STR(rec->data.mx.nameTarget, NULL, " ", saveptr);
+		break;
+
+	case DNS_TYPE_NS:
+		DNS_PARSE_STR(rec->data.ns, NULL, " ", saveptr);
+		break;
+
+	case DNS_TYPE_SOA:
+		DNS_PARSE_STR(rec->data.soa.mname, NULL, " ", saveptr);
+		DNS_PARSE_STR(rec->data.soa.rname, NULL, " ", saveptr);
+		DNS_PARSE_UINT(rec->data.soa.serial, NULL, " ", saveptr);
+		DNS_PARSE_UINT(rec->data.soa.refresh, NULL, " ", saveptr);
+		DNS_PARSE_UINT(rec->data.soa.retry, NULL, " ", saveptr);
+		DNS_PARSE_UINT(rec->data.soa.expire, NULL, " ", saveptr);
+		DNS_PARSE_UINT(rec->data.soa.minimum, NULL, " ", saveptr);
+		break;
+
+	default:
+		state->log(ISC_LOG_ERROR, "samba_dlz b9_parse: unhandled record type %u",
+			   rec->wType);
+		return false;
+	}
+
+	/* we should be at the end of the buffer now */
+	if (strtok_r(NULL, "\t ", &saveptr) != NULL) {
+		state->log(ISC_LOG_ERROR, "samba_dlz b9_parse: unexpected data at end of string for '%s'",
+		           rdatastr);
+		return false;
+	}
+
+	return true;
+}
+
+/*
+  send a resource record to bind9
+ */
+static isc_result_t b9_putrr(struct dlz_bind9_data *state,
+			     void *handle, struct dnsp_DnssrvRpcRecord *rec,
+			     const char **types)
+{
+	isc_result_t result;
+	const char *type, *data;
+	TALLOC_CTX *tmp_ctx = talloc_new(state);
+
+	if (!b9_format(state, tmp_ctx, rec, &type, &data)) {
+		return ISC_R_FAILURE;
+	}
+
+	if (data == NULL) {
+		talloc_free(tmp_ctx);
+		return ISC_R_NOMEMORY;
+	}
+
+	if (types) {
+		int i;
+		for (i=0; types[i]; i++) {
+			if (strcmp(types[i], type) == 0) break;
+		}
+		if (types[i] == NULL) {
+			/* skip it */
+			return ISC_R_SUCCESS;
+		}
+	}
+
+	result = state->putrr(handle, type, rec->dwTtlSeconds, data);
+	if (result != ISC_R_SUCCESS) {
+		state->log(ISC_LOG_ERROR, "Failed to put rr");
+	}
+	talloc_free(tmp_ctx);
+	return result;
+}
+
+
+/*
+  send a named resource record to bind9
+ */
+static isc_result_t b9_putnamedrr(struct dlz_bind9_data *state,
+				  void *handle, const char *name,
+				  struct dnsp_DnssrvRpcRecord *rec)
+{
+	isc_result_t result;
+	const char *type, *data;
+	TALLOC_CTX *tmp_ctx = talloc_new(state);
+
+	if (!b9_format(state, tmp_ctx, rec, &type, &data)) {
+		return ISC_R_FAILURE;
+	}
+
+	if (data == NULL) {
+		talloc_free(tmp_ctx);
+		return ISC_R_NOMEMORY;
+	}
+
+	result = state->putnamedrr(handle, name, type, rec->dwTtlSeconds, data);
+	if (result != ISC_R_SUCCESS) {
+		state->log(ISC_LOG_ERROR, "Failed to put named rr '%s'", name);
+	}
+	talloc_free(tmp_ctx);
+	return result;
+}
+
+/*
+   parse options
+ */
+static isc_result_t parse_options(struct dlz_bind9_data *state,
+				  unsigned int argc, const char **argv,
+				  struct b9_options *options)
+{
+	int opt;
+	poptContext pc;
+	struct poptOption long_options[] = {
+		{ "url", 'H', POPT_ARG_STRING, &options->url, 0, "database URL", "URL" },
+		{ "debug", 'd', POPT_ARG_STRING, &options->debug, 0, "debug level", "DEBUG" },
+		{0}
+	};
+
+	pc = poptGetContext("dlz_bind9", argc, argv, long_options,
+			POPT_CONTEXT_KEEP_FIRST);
+	while ((opt = poptGetNextOpt(pc)) != -1) {
+		switch (opt) {
+		default:
+			state->log(ISC_LOG_ERROR, "dlz_bind9: Invalid option %s: %s",
+				   poptBadOption(pc, 0), poptStrerror(opt));
+			poptFreeContext(pc);
+			return ISC_R_FAILURE;
+		}
+	}
+
+	poptFreeContext(pc);
+	return ISC_R_SUCCESS;
+}
+
+
+/*
+ * Create session info from PAC
+ * This is called as auth_context->generate_session_info_pac()
+ */
+static NTSTATUS b9_generate_session_info_pac(struct auth4_context *auth_context,
+					     TALLOC_CTX *mem_ctx,
+					     struct smb_krb5_context *smb_krb5_context,
+					     DATA_BLOB *pac_blob,
+					     const char *principal_name,
+					     const struct tsocket_address *remote_addr,
+					     uint32_t session_info_flags,
+					     struct auth_session_info **session_info)
+{
+	NTSTATUS status;
+	struct auth_user_info_dc *user_info_dc;
+	TALLOC_CTX *tmp_ctx;
+
+	tmp_ctx = talloc_new(mem_ctx);
+	NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
+
+	status = kerberos_pac_blob_to_user_info_dc(tmp_ctx,
+						   *pac_blob,
+						   smb_krb5_context->krb5_context,
+						   &user_info_dc,
+						   NULL,
+						   NULL);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(tmp_ctx);
+		return status;
+	}
+
+	if (!(user_info_dc->info->user_flags & NETLOGON_GUEST)) {
+		session_info_flags |= AUTH_SESSION_INFO_AUTHENTICATED;
+	}
+
+	session_info_flags |= AUTH_SESSION_INFO_SIMPLE_PRIVILEGES;
+
+	status = auth_generate_session_info(mem_ctx, auth_context->lp_ctx, NULL, user_info_dc,
+					    session_info_flags, session_info);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(tmp_ctx);
+		return status;
+	}
+
+	talloc_free(tmp_ctx);
+	return status;
+}
+
+/* Callback for the DEBUG() system, to catch the remaining messages */
+static void b9_debug(void *private_ptr, int msg_level, const char *msg)
+{
+	static const int isc_log_map[] = {
+		ISC_LOG_CRITICAL, /* 0 */
+		ISC_LOG_ERROR,    /* 1 */
+		ISC_LOG_WARNING,   /* 2 */
+		ISC_LOG_NOTICE    /* 3 */
+	};
+	struct dlz_bind9_data *state = private_ptr;
+	int     isc_log_level;
+
+	if (msg_level >= ARRAY_SIZE(isc_log_map) || msg_level < 0) {
+		isc_log_level = ISC_LOG_INFO;
+	} else {
+		isc_log_level = isc_log_map[msg_level];
+	}
+	state->log(isc_log_level, "samba_dlz: %s", msg);
+}
+
+static int dlz_state_debug_unregister(struct dlz_bind9_data *state)
+{
+	/* Stop logging (to the bind9 logs) */
+	debug_set_callback(NULL, NULL);
+	return 0;
+}
+
+/*
+  called to initialise the driver
+ */
+_PUBLIC_ isc_result_t dlz_create(const char *dlzname,
+				 unsigned int argc, const char **argv,
+				 void **dbdata, ...)
+{
+	struct dlz_bind9_data *state;
+	const char *helper_name;
+	va_list ap;
+	isc_result_t result;
+	struct ldb_dn *dn;
+	NTSTATUS nt_status;
+	int ret;
+	char *errstring = NULL;
+
+	if (dlz_bind9_state != NULL) {
+		dlz_bind9_state->log(ISC_LOG_ERROR,
+				     "samba_dlz: dlz_create ignored, #refs=%d",
+				     dlz_bind9_state_ref_count);
+		*dbdata = dlz_bind9_state;
+		dlz_bind9_state_ref_count++;
+		return ISC_R_SUCCESS;
+	}
+
+	state = talloc_zero(NULL, struct dlz_bind9_data);
+	if (state == NULL) {
+		return ISC_R_NOMEMORY;
+	}
+
+	talloc_set_destructor(state, dlz_state_debug_unregister);
+
+	/* fill in the helper functions */
+	va_start(ap, dbdata);
+	while ((helper_name = va_arg(ap, const char *)) != NULL) {
+		b9_add_helper(state, helper_name, va_arg(ap, void*));
+	}
+	va_end(ap);
+
+	/* Do not install samba signal handlers */
+	fault_setup_disable();
+
+	/* Start logging (to the bind9 logs) */
+	debug_set_callback(state, b9_debug);
+
+	state->ev_ctx = s4_event_context_init(state);
+	if (state->ev_ctx == NULL) {
+		result = ISC_R_NOMEMORY;
+		goto failed;
+	}
+
+	result = parse_options(state, argc, argv, &state->options);
+	if (result != ISC_R_SUCCESS) {
+		goto failed;
+	}
+
+	state->lp = loadparm_init_global(true);
+	if (state->lp == NULL) {
+		result = ISC_R_NOMEMORY;
+		goto failed;
+	}
+
+	if (state->options.debug) {
+		lpcfg_do_global_parameter(state->lp, "log level", state->options.debug);
+	} else {
+		lpcfg_do_global_parameter(state->lp, "log level", "0");
+	}
+
+	if (smb_krb5_init_context(state, state->lp, &state->smb_krb5_ctx) != 0) {
+		result = ISC_R_NOMEMORY;
+		goto failed;
+	}
+
+	nt_status = gensec_init();
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		result = ISC_R_NOMEMORY;
+		goto failed;
+	}
+
+	state->auth_context = talloc_zero(state, struct auth4_context);
+	if (state->auth_context == NULL) {
+		result = ISC_R_NOMEMORY;
+		goto failed;
+	}
+
+	if (state->options.url == NULL) {
+		state->options.url = talloc_asprintf(state,
+						     "%s/dns/sam.ldb",
+						     lpcfg_binddns_dir(state->lp));
+		if (state->options.url == NULL) {
+			result = ISC_R_NOMEMORY;
+			goto failed;
+		}
+
+		if (!file_exist(state->options.url)) {
+			state->options.url = talloc_asprintf(state,
+							     "%s/dns/sam.ldb",
+							     lpcfg_private_dir(state->lp));
+			if (state->options.url == NULL) {
+				result = ISC_R_NOMEMORY;
+				goto failed;
+			}
+		}
+	}
+
+	ret = samdb_connect_url(state,
+				state->ev_ctx,
+				state->lp,
+				system_session(state->lp),
+				0,
+				state->options.url,
+				NULL,
+				&state->samdb,
+				&errstring);
+	if (ret != LDB_SUCCESS) {
+		state->log(ISC_LOG_ERROR,
+			   "samba_dlz: Failed to connect to %s: %s",
+			   errstring, ldb_strerror(ret));
+		result = ISC_R_FAILURE;
+		goto failed;
+	}
+
+	dn = ldb_get_default_basedn(state->samdb);
+	if (dn == NULL) {
+		state->log(ISC_LOG_ERROR, "samba_dlz: Unable to get basedn for %s - %s",
+			   state->options.url, ldb_errstring(state->samdb));
+		result = ISC_R_FAILURE;
+		goto failed;
+	}
+
+	state->log(ISC_LOG_INFO, "samba_dlz: started for DN %s",
+		   ldb_dn_get_linearized(dn));
+
+	state->auth_context->event_ctx = state->ev_ctx;
+	state->auth_context->lp_ctx = state->lp;
+	state->auth_context->sam_ctx = state->samdb;
+	state->auth_context->generate_session_info_pac = b9_generate_session_info_pac;
+
+	*dbdata = state;
+	dlz_bind9_state = state;
+	dlz_bind9_state_ref_count++;
+
+	return ISC_R_SUCCESS;
+
+failed:
+	state->log(ISC_LOG_INFO,
+		   "samba_dlz: FAILED dlz_create call result=%d #refs=%d",
+		   result,
+		   dlz_bind9_state_ref_count);
+	talloc_free(state);
+	return result;
+}
+
+/*
+  shutdown the backend
+ */
+_PUBLIC_ void dlz_destroy(void *dbdata)
+{
+	struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data);
+
+	dlz_bind9_state_ref_count--;
+	if (dlz_bind9_state_ref_count == 0) {
+		state->log(ISC_LOG_INFO, "samba_dlz: shutting down");
+		talloc_unlink(state, state->samdb);
+		talloc_free(state);
+		dlz_bind9_state = NULL;
+	} else {
+		state->log(ISC_LOG_INFO,
+			   "samba_dlz: dlz_destroy called. %d refs remaining.",
+			   dlz_bind9_state_ref_count);
+	}
+}
+
+
+/*
+  return the base DN for a zone
+ */
+static isc_result_t b9_find_zone_dn(struct dlz_bind9_data *state, const char *zone_name,
+				    TALLOC_CTX *mem_ctx, struct ldb_dn **zone_dn)
+{
+	int ret;
+	TALLOC_CTX *tmp_ctx = talloc_new(state);
+	const char *attrs[] = { NULL };
+	int i;
+
+	for (i=0; zone_prefixes[i]; i++) {
+		const char *casefold;
+		struct ldb_dn *dn;
+		struct ldb_result *res;
+		struct ldb_val zone_name_val
+			= data_blob_string_const(zone_name);
+
+		dn = ldb_dn_copy(tmp_ctx, ldb_get_default_basedn(state->samdb));
+		if (dn == NULL) {
+			talloc_free(tmp_ctx);
+			return ISC_R_NOMEMORY;
+		}
+
+		/*
+		 * This dance ensures that it is not possible to put
+		 * (eg) an extra DC=x, into the DNS name being
+		 * queried
+		 */
+
+		if (!ldb_dn_add_child_fmt(dn,
+					  "DC=X,%s",
+					  zone_prefixes[i])) {
+			talloc_free(tmp_ctx);
+			return ISC_R_NOMEMORY;
+		}
+
+		ret = ldb_dn_set_component(dn,
+					   0,
+					   "DC",
+					   zone_name_val);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ISC_R_NOMEMORY;
+		}
+
+		/*
+		 * Check if this is a plausibly valid DN early
+		 * (time spent here will be saved during the
+		 * search due to an internal cache)
+		 */
+		casefold = ldb_dn_get_casefold(dn);
+
+		if (casefold == NULL) {
+			talloc_free(tmp_ctx);
+			return ISC_R_NOTFOUND;
+		}
+
+		ret = ldb_search(state->samdb, tmp_ctx, &res, dn, LDB_SCOPE_BASE, attrs, "objectClass=dnsZone");
+		if (ret == LDB_SUCCESS) {
+			if (zone_dn != NULL) {
+				*zone_dn = talloc_steal(mem_ctx, dn);
+			}
+			talloc_free(tmp_ctx);
+			return ISC_R_SUCCESS;
+		}
+		talloc_free(dn);
+	}
+
+	talloc_free(tmp_ctx);
+	return ISC_R_NOTFOUND;
+}
+
+
+/*
+  return the DN for a name. The record does not need to exist, but the
+  zone must exist
+ */
+static isc_result_t b9_find_name_dn(struct dlz_bind9_data *state, const char *name,
+				    TALLOC_CTX *mem_ctx, struct ldb_dn **dn)
+{
+	const char *p;
+
+	/* work through the name piece by piece, until we find a zone */
+	for (p=name; p; ) {
+		isc_result_t result;
+		result = b9_find_zone_dn(state, p, mem_ctx, dn);
+		if (result == ISC_R_SUCCESS) {
+			const char *casefold;
+
+			/* we found a zone, now extend the DN to get
+			 * the full DN
+			 */
+			bool ret;
+			if (p == name) {
+				ret = ldb_dn_add_child_fmt(*dn, "DC=@");
+				if (ret == false) {
+					talloc_free(*dn);
+					return ISC_R_NOMEMORY;
+				}
+			} else {
+				struct ldb_val name_val
+					= data_blob_const(name,
+							  (int)(p-name)-1);
+
+				if (!ldb_dn_add_child_val(*dn,
+							  "DC",
+							  name_val)) {
+					talloc_free(*dn);
+					return ISC_R_NOMEMORY;
+				}
+			}
+
+			/*
+			 * Check if this is a plausibly valid DN early
+			 * (time spent here will be saved during the
+			 * search due to an internal cache)
+			 */
+			casefold = ldb_dn_get_casefold(*dn);
+
+			if (casefold == NULL) {
+				return ISC_R_NOTFOUND;
+			}
+
+			return ISC_R_SUCCESS;
+		}
+		p = strchr(p, '.');
+		if (p == NULL) {
+			break;
+		}
+		p++;
+	}
+	return ISC_R_NOTFOUND;
+}
+
+
+/*
+  see if we handle a given zone
+ */
+_PUBLIC_ isc_result_t dlz_findzonedb(void *dbdata, const char *name,
+				     dns_clientinfomethods_t *methods,
+				     dns_clientinfo_t *clientinfo)
+{
+	struct timeval start = timeval_current();
+	struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data);
+	isc_result_t result = ISC_R_SUCCESS;
+
+	result = b9_find_zone_dn(state, name, NULL, NULL);
+	 DNS_COMMON_LOG_OPERATION(
+		isc_result_str(result),
+		&start,
+		NULL,
+		name,
+		NULL);
+	return result;
+}
+
+
+/*
+  lookup one record
+ */
+static isc_result_t dlz_lookup_types(struct dlz_bind9_data *state,
+				     const char *zone, const char *name,
+				     dns_sdlzlookup_t *lookup,
+				     const char **types)
+{
+	TALLOC_CTX *tmp_ctx = talloc_new(state);
+	struct ldb_dn *dn;
+	WERROR werr = WERR_DNS_ERROR_NAME_DOES_NOT_EXIST;
+	struct dnsp_DnssrvRpcRecord *records = NULL;
+	uint16_t num_records = 0, i;
+	struct ldb_val zone_name_val
+		= data_blob_string_const(zone);
+	struct ldb_val name_val
+		= data_blob_string_const(name);
+
+	for (i=0; zone_prefixes[i]; i++) {
+		int ret;
+		const char *casefold;
+		dn = ldb_dn_copy(tmp_ctx, ldb_get_default_basedn(state->samdb));
+		if (dn == NULL) {
+			talloc_free(tmp_ctx);
+			return ISC_R_NOMEMORY;
+		}
+
+		/*
+		 * This dance ensures that it is not possible to put
+		 * (eg) an extra DC=x, into the DNS name being
+		 * queried
+		 */
+
+		if (!ldb_dn_add_child_fmt(dn,
+					  "DC=X,DC=X,%s",
+					  zone_prefixes[i])) {
+			talloc_free(tmp_ctx);
+			return ISC_R_NOMEMORY;
+		}
+
+		ret = ldb_dn_set_component(dn,
+					   1,
+					   "DC",
+					   zone_name_val);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ISC_R_NOMEMORY;
+		}
+
+		ret = ldb_dn_set_component(dn,
+					   0,
+					   "DC",
+					   name_val);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ISC_R_NOMEMORY;
+		}
+
+		/*
+		 * Check if this is a plausibly valid DN early
+		 * (time spent here will be saved during the
+		 * search due to an internal cache)
+		 */
+		casefold = ldb_dn_get_casefold(dn);
+
+		if (casefold == NULL) {
+			talloc_free(tmp_ctx);
+			return ISC_R_NOTFOUND;
+		}
+
+		werr = dns_common_wildcard_lookup(state->samdb, tmp_ctx, dn,
+					 &records, &num_records);
+		if (W_ERROR_IS_OK(werr)) {
+			break;
+		}
+	}
+	if (!W_ERROR_IS_OK(werr)) {
+		talloc_free(tmp_ctx);
+		return ISC_R_NOTFOUND;
+	}
+
+	for (i=0; i < num_records; i++) {
+		isc_result_t result;
+
+		result = b9_putrr(state, lookup, &records[i], types);
+		if (result != ISC_R_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return result;
+		}
+	}
+
+	talloc_free(tmp_ctx);
+	return ISC_R_SUCCESS;
+}
+
+/*
+  lookup one record
+ */
+_PUBLIC_ isc_result_t dlz_lookup(const char *zone, const char *name,
+				 void *dbdata, dns_sdlzlookup_t *lookup,
+				 dns_clientinfomethods_t *methods,
+				 dns_clientinfo_t *clientinfo)
+{
+	struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data);
+	isc_result_t result = ISC_R_SUCCESS;
+	struct timeval start = timeval_current();
+
+	result = dlz_lookup_types(state, zone, name, lookup, NULL);
+	DNS_COMMON_LOG_OPERATION(
+		isc_result_str(result),
+		&start,
+		zone,
+		name,
+		NULL);
+
+	return result;
+}
+
+
+/*
+  see if a zone transfer is allowed
+ */
+_PUBLIC_ isc_result_t dlz_allowzonexfr(void *dbdata, const char *name, const char *client)
+{
+	struct dlz_bind9_data *state = talloc_get_type(
+		dbdata, struct dlz_bind9_data);
+	isc_result_t ret;
+	const char **authorized_clients, **denied_clients;
+	const char *cname="";
+
+	/* check that the zone is known */
+	ret = b9_find_zone_dn(state, name, NULL, NULL);
+	if (ret != ISC_R_SUCCESS) {
+		return ret;
+	}
+
+	/* default is to deny all transfers */
+
+	authorized_clients = lpcfg_dns_zone_transfer_clients_allow(state->lp);
+	denied_clients = lpcfg_dns_zone_transfer_clients_deny(state->lp);
+
+	/* The logic of allow_access() when both allow and deny lists are given
+	 * does not match our expectation here: it would allow clients that are
+	 * neither allowed nor denied.
+	 * Here, we want to deny clients by default.
+	 * Using the allow_access() function is still useful as it takes care of
+	 * parsing IP addresses and subnets in a consistent way with other options
+	 * from smb.conf.
+	 *
+	 * We will then check the deny list first, then the allow list, so that
+	 * we accept only clients that are explicitly allowed AND not explicitly
+	 * denied.
+	 */
+	if ((authorized_clients == NULL) && (denied_clients == NULL)) {
+		/* No "allow" or "deny" lists given. Deny by default. */
+		return ISC_R_NOPERM;
+	}
+
+	if (denied_clients != NULL) {
+		bool ok = allow_access(denied_clients, NULL, cname, client);
+		if (!ok) {
+			/* client on deny list. Deny. */
+			return ISC_R_NOPERM;
+		}
+	}
+
+	if (authorized_clients != NULL) {
+		bool ok = allow_access(NULL, authorized_clients, cname, client);
+		if (ok) {
+			/*
+			 * client is not on deny list and is on allow list.
+			 * This is the only place we should return "allow".
+			 */
+			return ISC_R_SUCCESS;
+		}
+	}
+	/* We shouldn't get here, but deny by default. */
+	return ISC_R_NOPERM;
+}
+
+/*
+  perform a zone transfer
+ */
+_PUBLIC_ isc_result_t dlz_allnodes(const char *zone, void *dbdata,
+				   dns_sdlzallnodes_t *allnodes)
+{
+	struct timeval start = timeval_current();
+	struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data);
+	const char *attrs[] = { "dnsRecord", NULL };
+	int ret = LDB_ERR_NO_SUCH_OBJECT;
+	size_t i, j;
+	struct ldb_dn *dn = NULL;
+	struct ldb_result *res;
+	TALLOC_CTX *tmp_ctx = talloc_new(state);
+	struct ldb_val zone_name_val = data_blob_string_const(zone);
+	isc_result_t result = ISC_R_SUCCESS;
+
+	for (i=0; zone_prefixes[i]; i++) {
+		const char *casefold;
+
+		dn = ldb_dn_copy(tmp_ctx, ldb_get_default_basedn(state->samdb));
+		if (dn == NULL) {
+			talloc_free(tmp_ctx);
+			result = ISC_R_NOMEMORY;
+			goto exit;
+		}
+
+		/*
+		 * This dance ensures that it is not possible to put
+		 * (eg) an extra DC=x, into the DNS name being
+		 * queried
+		 */
+
+		if (!ldb_dn_add_child_fmt(dn,
+					  "DC=X,%s",
+					  zone_prefixes[i])) {
+			talloc_free(tmp_ctx);
+			result = ISC_R_NOMEMORY;
+			goto exit;
+		}
+
+		ret = ldb_dn_set_component(dn,
+					   0,
+					   "DC",
+					   zone_name_val);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			result = ISC_R_NOMEMORY;
+			goto exit;
+		}
+
+		/*
+		 * Check if this is a plausibly valid DN early
+		 * (time spent here will be saved during the
+		 * search due to an internal cache)
+		 */
+		casefold = ldb_dn_get_casefold(dn);
+
+		if (casefold == NULL) {
+			result = ISC_R_NOTFOUND;
+			goto exit;
+		}
+
+		ret = ldb_search(state->samdb, tmp_ctx, &res, dn, LDB_SCOPE_SUBTREE,
+				 attrs, "objectClass=dnsNode");
+		if (ret == LDB_SUCCESS) {
+			break;
+		}
+	}
+	if (ret != LDB_SUCCESS || dn == NULL) {
+		talloc_free(tmp_ctx);
+		result = ISC_R_NOTFOUND;
+		goto exit;
+	}
+
+	for (i=0; i<res->count; i++) {
+		struct ldb_message_element *el;
+		TALLOC_CTX *el_ctx = talloc_new(tmp_ctx);
+		const char *rdn, *name;
+		const struct ldb_val *v;
+		WERROR werr;
+		struct dnsp_DnssrvRpcRecord *recs = NULL;
+		uint16_t num_recs = 0;
+
+		el = ldb_msg_find_element(res->msgs[i], "dnsRecord");
+		if (el == NULL || el->num_values == 0) {
+			state->log(ISC_LOG_INFO, "failed to find dnsRecord for %s",
+				   ldb_dn_get_linearized(dn));
+			talloc_free(el_ctx);
+			continue;
+		}
+
+		v = ldb_dn_get_rdn_val(res->msgs[i]->dn);
+		if (v == NULL) {
+			state->log(ISC_LOG_INFO, "failed to find RDN for %s",
+				   ldb_dn_get_linearized(dn));
+			talloc_free(el_ctx);
+			continue;
+		}
+
+		rdn = talloc_strndup(el_ctx, (char *)v->data, v->length);
+		if (rdn == NULL) {
+			talloc_free(tmp_ctx);
+			result = ISC_R_NOMEMORY;
+			goto exit;
+		}
+
+		if (strcmp(rdn, "@") == 0) {
+			name = zone;
+		} else {
+			name = talloc_asprintf(el_ctx, "%s.%s", rdn, zone);
+		}
+		name = b9_format_fqdn(el_ctx, name);
+		if (name == NULL) {
+			talloc_free(tmp_ctx);
+			result = ISC_R_NOMEMORY;
+			goto exit;
+		}
+
+		werr = dns_common_extract(state->samdb, el, el_ctx, &recs, &num_recs);
+		if (!W_ERROR_IS_OK(werr)) {
+			state->log(ISC_LOG_ERROR, "samba_dlz: failed to parse dnsRecord for %s, %s",
+				   ldb_dn_get_linearized(dn), win_errstr(werr));
+			talloc_free(el_ctx);
+			continue;
+		}
+
+		for (j=0; j < num_recs; j++) {
+			isc_result_t rc;
+
+			rc = b9_putnamedrr(state, allnodes, name, &recs[j]);
+			if (rc != ISC_R_SUCCESS) {
+				continue;
+			}
+		}
+
+		talloc_free(el_ctx);
+	}
+
+	talloc_free(tmp_ctx);
+exit:
+	DNS_COMMON_LOG_OPERATION(
+		isc_result_str(result),
+		&start,
+		zone,
+		NULL,
+		NULL);
+	return result;
+}
+
+
+/*
+  start a transaction
+ */
+_PUBLIC_ isc_result_t dlz_newversion(const char *zone, void *dbdata, void **versionp)
+{
+	struct timeval start = timeval_current();
+	struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data);
+	isc_result_t result = ISC_R_SUCCESS;
+
+	state->log(ISC_LOG_INFO, "samba_dlz: starting transaction on zone %s", zone);
+
+	if (state->transaction_token != NULL) {
+		state->log(ISC_LOG_INFO, "samba_dlz: transaction already started for zone %s", zone);
+		result = ISC_R_FAILURE;
+		goto exit;
+	}
+
+	state->transaction_token = talloc_zero(state, int);
+	if (state->transaction_token == NULL) {
+		result = ISC_R_NOMEMORY;
+		goto exit;
+	}
+
+	if (ldb_transaction_start(state->samdb) != LDB_SUCCESS) {
+		state->log(ISC_LOG_INFO, "samba_dlz: failed to start a transaction for zone %s", zone);
+		talloc_free(state->transaction_token);
+		state->transaction_token = NULL;
+		result = ISC_R_FAILURE;
+		goto exit;
+	}
+
+	*versionp = (void *)state->transaction_token;
+exit:
+	DNS_COMMON_LOG_OPERATION(
+		isc_result_str(result),
+		&start,
+		zone,
+		NULL,
+		NULL);
+	return result;
+}
+
+/*
+  end a transaction
+ */
+_PUBLIC_ void dlz_closeversion(const char *zone, isc_boolean_t commit,
+			       void *dbdata, void **versionp)
+{
+	struct timeval start = timeval_current();
+	struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data);
+	const char *data = NULL;
+
+	data = commit ? "commit" : "cancel";
+
+	if (state->transaction_token != (int *)*versionp) {
+		state->log(ISC_LOG_INFO, "samba_dlz: transaction not started for zone %s", zone);
+		goto exit;
+	}
+
+	if (commit) {
+		if (ldb_transaction_commit(state->samdb) != LDB_SUCCESS) {
+			state->log(ISC_LOG_INFO, "samba_dlz: failed to commit a transaction for zone %s", zone);
+			goto exit;
+		}
+		state->log(ISC_LOG_INFO, "samba_dlz: committed transaction on zone %s", zone);
+	} else {
+		if (ldb_transaction_cancel(state->samdb) != LDB_SUCCESS) {
+			state->log(ISC_LOG_INFO, "samba_dlz: failed to cancel a transaction for zone %s", zone);
+			goto exit;
+		}
+		state->log(ISC_LOG_INFO, "samba_dlz: cancelling transaction on zone %s", zone);
+	}
+
+	talloc_free(state->transaction_token);
+	state->transaction_token = NULL;
+	*versionp = NULL;
+
+exit:
+	DNS_COMMON_LOG_OPERATION(
+		isc_result_str(ISC_R_SUCCESS),
+		&start,
+		zone,
+		NULL,
+		data);
+}
+
+
+/*
+  see if there is a SOA record for a zone
+ */
+static bool b9_has_soa(struct dlz_bind9_data *state, struct ldb_dn *dn, const char *zone)
+{
+	TALLOC_CTX *tmp_ctx = talloc_new(state);
+	WERROR werr;
+	struct dnsp_DnssrvRpcRecord *records = NULL;
+	uint16_t num_records = 0, i;
+	struct ldb_val zone_name_val
+		= data_blob_string_const(zone);
+
+	/*
+	 * This dance ensures that it is not possible to put
+	 * (eg) an extra DC=x, into the DNS name being
+	 * queried
+	 */
+
+	if (!ldb_dn_add_child_val(dn,
+				  "DC",
+				  zone_name_val)) {
+		talloc_free(tmp_ctx);
+		return false;
+	}
+
+	/*
+	 * The SOA record is always stored under DC=@,DC=zonename
+	 * This can probably be removed when dns_common_lookup makes a fallback
+	 * lookup on @ pseudo record
+	 */
+
+	if (!ldb_dn_add_child_fmt(dn,"DC=@")) {
+		talloc_free(tmp_ctx);
+		return false;
+	}
+
+	werr = dns_common_lookup(state->samdb, tmp_ctx, dn,
+				 &records, &num_records, NULL);
+	if (!W_ERROR_IS_OK(werr)) {
+		talloc_free(tmp_ctx);
+		return false;
+	}
+
+	for (i=0; i < num_records; i++) {
+		if (records[i].wType == DNS_TYPE_SOA) {
+			talloc_free(tmp_ctx);
+			return true;
+		}
+	}
+
+	talloc_free(tmp_ctx);
+	return false;
+}
+
+static bool b9_zone_add(struct dlz_bind9_data *state, const char *name)
+{
+	struct b9_zone *zone;
+
+	zone = talloc_zero(state, struct b9_zone);
+	if (zone == NULL) {
+		return false;
+	}
+
+	zone->name = talloc_strdup(zone, name);
+	if (zone->name == NULL) {
+		talloc_free(zone);
+		return false;
+	}
+
+	DLIST_ADD(state->zonelist, zone);
+	return true;
+}
+
+static bool b9_zone_exists(struct dlz_bind9_data *state, const char *name)
+{
+	struct b9_zone *zone = state->zonelist;
+	bool found = false;
+
+	while (zone != NULL) {
+		if (strcasecmp(name, zone->name) == 0) {
+			found = true;
+			break;
+		}
+		zone = zone->next;
+	}
+
+	return found;
+}
+
+
+/*
+  configure a writeable zone
+ */
+_PUBLIC_ isc_result_t dlz_configure(dns_view_t *view, dns_dlzdb_t *dlzdb,
+				    void *dbdata)
+{
+	struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data);
+	TALLOC_CTX *tmp_ctx;
+	struct ldb_dn *dn;
+	int i;
+
+	state->log(ISC_LOG_INFO, "samba_dlz: starting configure");
+	if (state->writeable_zone == NULL) {
+		state->log(ISC_LOG_INFO, "samba_dlz: no writeable_zone method available");
+		return ISC_R_FAILURE;
+	}
+
+	tmp_ctx = talloc_new(state);
+
+	for (i=0; zone_prefixes[i]; i++) {
+		const char *attrs[] = { "name", NULL };
+		int j, ret;
+		struct ldb_result *res;
+
+		dn = ldb_dn_copy(tmp_ctx, ldb_get_default_basedn(state->samdb));
+		if (dn == NULL) {
+			talloc_free(tmp_ctx);
+			return ISC_R_NOMEMORY;
+		}
+
+		if (!ldb_dn_add_child_fmt(dn, "%s", zone_prefixes[i])) {
+			talloc_free(tmp_ctx);
+			return ISC_R_NOMEMORY;
+		}
+
+		ret = ldb_search(state->samdb, tmp_ctx, &res, dn, LDB_SCOPE_SUBTREE,
+				 attrs, "objectClass=dnsZone");
+		if (ret != LDB_SUCCESS) {
+			continue;
+		}
+
+		for (j=0; j<res->count; j++) {
+			isc_result_t result;
+			const char *zone = ldb_msg_find_attr_as_string(res->msgs[j], "name", NULL);
+			struct ldb_dn *zone_dn;
+
+			if (zone == NULL) {
+				continue;
+			}
+			/* Ignore zones that are not handled in BIND */
+			if ((strcmp(zone, "RootDNSServers") == 0) ||
+			    (strcmp(zone, "..TrustAnchors") == 0)) {
+				continue;
+			}
+			zone_dn = ldb_dn_copy(tmp_ctx, dn);
+			if (zone_dn == NULL) {
+				talloc_free(tmp_ctx);
+				return ISC_R_NOMEMORY;
+			}
+
+			if (!b9_has_soa(state, zone_dn, zone)) {
+				continue;
+			}
+
+			if (b9_zone_exists(state, zone)) {
+				state->log(ISC_LOG_WARNING, "samba_dlz: Ignoring duplicate zone '%s' from '%s'",
+					   zone, ldb_dn_get_linearized(zone_dn));
+				continue;
+			}
+
+			if (!b9_zone_add(state, zone)) {
+				talloc_free(tmp_ctx);
+				return ISC_R_NOMEMORY;
+			}
+
+			result = state->writeable_zone(view, dlzdb, zone);
+			if (result != ISC_R_SUCCESS) {
+				state->log(ISC_LOG_ERROR, "samba_dlz: Failed to configure zone '%s'",
+					   zone);
+				talloc_free(tmp_ctx);
+				return result;
+			}
+			state->log(ISC_LOG_INFO, "samba_dlz: configured writeable zone '%s'", zone);
+		}
+	}
+
+	talloc_free(tmp_ctx);
+	return ISC_R_SUCCESS;
+}
+
+/*
+  authorize a zone update
+ */
+_PUBLIC_ isc_boolean_t dlz_ssumatch(const char *signer, const char *name, const char *tcpaddr,
+				    const char *type, const char *key, uint32_t keydatalen, uint8_t *keydata,
+				    void *dbdata)
+{
+	struct timeval start = timeval_current();
+	struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data);
+	TALLOC_CTX *tmp_ctx;
+	DATA_BLOB ap_req;
+	struct cli_credentials *server_credentials;
+	char *keytab_name;
+	char *keytab_file = NULL;
+	int ret;
+	int ldb_ret;
+	NTSTATUS nt_status;
+	struct gensec_security *gensec_ctx;
+	struct auth_session_info *session_info;
+	struct ldb_dn *dn;
+	isc_result_t rc;
+	struct ldb_result *res;
+	const char * attrs[] = { NULL };
+	uint32_t access_mask;
+	struct gensec_settings *settings = NULL;
+	const struct gensec_security_ops **backends = NULL;
+	size_t idx = 0;
+	isc_boolean_t result = ISC_FALSE;
+	NTSTATUS status;
+	bool ok;
+
+	/* Remove cached credentials, if any */
+	if (state->session_info) {
+		talloc_free(state->session_info);
+		state->session_info = NULL;
+	}
+	if (state->update_name) {
+		talloc_free(state->update_name);
+		state->update_name = NULL;
+	}
+
+	tmp_ctx = talloc_new(state);
+	if (tmp_ctx == NULL) {
+		state->log(ISC_LOG_ERROR, "samba_dlz: no memory");
+		result = ISC_FALSE;
+		goto exit;
+	}
+
+	ap_req = data_blob_const(keydata, keydatalen);
+	server_credentials = cli_credentials_init(tmp_ctx);
+	if (!server_credentials) {
+		state->log(ISC_LOG_ERROR, "samba_dlz: failed to init server credentials");
+		talloc_free(tmp_ctx);
+		result = ISC_FALSE;
+		goto exit;
+	}
+
+	status = cli_credentials_set_krb5_context(server_credentials,
+						  state->smb_krb5_ctx);
+	if (!NT_STATUS_IS_OK(status)) {
+		state->log(ISC_LOG_ERROR,
+			   "samba_dlz: failed to set krb5 context");
+		talloc_free(tmp_ctx);
+		result = ISC_FALSE;
+		goto exit;
+	}
+
+	ok = cli_credentials_set_conf(server_credentials, state->lp);
+	if (!ok) {
+		state->log(ISC_LOG_ERROR,
+			   "samba_dlz: failed to load smb.conf");
+		talloc_free(tmp_ctx);
+		result = ISC_FALSE;
+		goto exit;
+	}
+
+	keytab_file = talloc_asprintf(tmp_ctx,
+				      "%s/dns.keytab",
+				      lpcfg_binddns_dir(state->lp));
+	if (keytab_file == NULL) {
+		state->log(ISC_LOG_ERROR, "samba_dlz: Out of memory!");
+		talloc_free(tmp_ctx);
+		result = ISC_FALSE;
+		goto exit;
+	}
+
+	if (!file_exist(keytab_file)) {
+		keytab_file = talloc_asprintf(tmp_ctx,
+					      "%s/dns.keytab",
+					      lpcfg_private_dir(state->lp));
+		if (keytab_file == NULL) {
+			state->log(ISC_LOG_ERROR, "samba_dlz: Out of memory!");
+			talloc_free(tmp_ctx);
+			result = ISC_FALSE;
+			goto exit;
+		}
+	}
+
+	keytab_name = talloc_asprintf(tmp_ctx, "FILE:%s", keytab_file);
+	if (keytab_name == NULL) {
+		state->log(ISC_LOG_ERROR, "samba_dlz: Out of memory!");
+		talloc_free(tmp_ctx);
+		result = ISC_FALSE;
+		goto exit;
+	}
+
+	ret = cli_credentials_set_keytab_name(server_credentials, state->lp, keytab_name,
+						CRED_SPECIFIED);
+	if (ret != 0) {
+		state->log(ISC_LOG_ERROR, "samba_dlz: failed to obtain server credentials from %s",
+			   keytab_name);
+		talloc_free(tmp_ctx);
+		result = ISC_FALSE;
+		goto exit;
+	}
+	talloc_free(keytab_name);
+
+	settings = lpcfg_gensec_settings(tmp_ctx, state->lp);
+	if (settings == NULL) {
+		state->log(ISC_LOG_ERROR, "samba_dlz: lpcfg_gensec_settings failed");
+		talloc_free(tmp_ctx);
+		result = ISC_FALSE;
+		goto exit;
+	}
+	backends = talloc_zero_array(settings,
+				     const struct gensec_security_ops *, 3);
+	if (backends == NULL) {
+		state->log(ISC_LOG_ERROR, "samba_dlz: talloc_zero_array gensec_security_ops failed");
+		talloc_free(tmp_ctx);
+		result = ISC_FALSE;
+		goto exit;
+	}
+	settings->backends = backends;
+
+	gensec_init();
+
+	backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_KERBEROS5);
+	backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_SPNEGO);
+
+	nt_status = gensec_server_start(tmp_ctx, settings,
+					state->auth_context, &gensec_ctx);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		state->log(ISC_LOG_ERROR, "samba_dlz: failed to start gensec server");
+		talloc_free(tmp_ctx);
+		result = ISC_FALSE;
+		goto exit;
+	}
+
+	gensec_set_credentials(gensec_ctx, server_credentials);
+
+	nt_status = gensec_start_mech_by_oid(gensec_ctx, GENSEC_OID_SPNEGO);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		state->log(ISC_LOG_ERROR, "samba_dlz: failed to start spnego");
+		talloc_free(tmp_ctx);
+		result = ISC_FALSE;
+		goto exit;
+	}
+
+	/*
+	 * We only allow SPNEGO/KRB5 and make sure the backend
+	 * to is RPC/IPC free.
+	 *
+	 * See gensec_gssapi_update_internal() as
+	 * GENSEC_SERVER.
+	 *
+	 * It allows gensec_update() not to block.
+	 *
+	 * If that changes in future we need to use
+	 * gensec_update_send/recv here!
+	 */
+	nt_status = gensec_update(gensec_ctx, tmp_ctx, ap_req, &ap_req);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		state->log(ISC_LOG_ERROR, "samba_dlz: spnego update failed");
+		talloc_free(tmp_ctx);
+		result = ISC_FALSE;
+		goto exit;
+	}
+
+	nt_status = gensec_session_info(gensec_ctx, tmp_ctx, &session_info);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		state->log(ISC_LOG_ERROR, "samba_dlz: failed to create session info");
+		talloc_free(tmp_ctx);
+		result = ISC_FALSE;
+		goto exit;
+	}
+
+	/* Get the DN from name */
+	rc = b9_find_name_dn(state, name, tmp_ctx, &dn);
+	if (rc != ISC_R_SUCCESS) {
+		state->log(ISC_LOG_ERROR, "samba_dlz: failed to find name %s", name);
+		talloc_free(tmp_ctx);
+		result = ISC_FALSE;
+		goto exit;
+	}
+
+	/* make sure the dn exists, or find parent dn in case new object is being added */
+	ldb_ret = ldb_search(state->samdb, tmp_ctx, &res, dn, LDB_SCOPE_BASE,
+				attrs, "objectClass=dnsNode");
+	if (ldb_ret == LDB_ERR_NO_SUCH_OBJECT) {
+		ldb_dn_remove_child_components(dn, 1);
+		access_mask = SEC_ADS_CREATE_CHILD;
+		talloc_free(res);
+	} else if (ldb_ret == LDB_SUCCESS) {
+		access_mask = SEC_STD_REQUIRED | SEC_ADS_SELF_WRITE;
+		talloc_free(res);
+	} else {
+		talloc_free(tmp_ctx);
+		result = ISC_FALSE;
+		goto exit;
+	}
+
+	/* Do ACL check */
+	ldb_ret = dsdb_check_access_on_dn(state->samdb, tmp_ctx, dn,
+						session_info->security_token,
+						access_mask, NULL);
+	if (ldb_ret != LDB_SUCCESS) {
+		state->log(ISC_LOG_INFO,
+			"samba_dlz: disallowing update of signer=%s name=%s type=%s error=%s",
+			signer, name, type, ldb_strerror(ldb_ret));
+		talloc_free(tmp_ctx);
+		result = ISC_FALSE;
+		goto exit;
+	}
+
+	/* Cache session_info, so it can be used in the actual add/delete operation */
+	state->update_name = talloc_strdup(state, name);
+	if (state->update_name == NULL) {
+		state->log(ISC_LOG_ERROR, "samba_dlz: memory allocation error");
+		talloc_free(tmp_ctx);
+		result = ISC_FALSE;
+		goto exit;
+	}
+	state->session_info = talloc_steal(state, session_info);
+
+	state->log(ISC_LOG_INFO, "samba_dlz: allowing update of signer=%s name=%s tcpaddr=%s type=%s key=%s",
+		   signer, name, tcpaddr, type, key);
+
+	talloc_free(tmp_ctx);
+	result = ISC_TRUE;
+exit:
+	DNS_COMMON_LOG_OPERATION(
+		isc_result_str(result),
+		&start,
+		NULL,
+		name,
+		NULL);
+	return result;
+}
+
+
+/*
+  see if two dns records match
+ */
+static bool b9_record_match(struct dnsp_DnssrvRpcRecord *rec1,
+			    struct dnsp_DnssrvRpcRecord *rec2)
+{
+	if (rec1->wType != rec2->wType) {
+		return false;
+	}
+	/* see if this type is single valued */
+	if (b9_single_valued(rec1->wType)) {
+		return true;
+	}
+
+	return dns_record_match(rec1, rec2);
+}
+
+/*
+ * Update session_info on samdb using the cached credentials
+ */
+static bool b9_set_session_info(struct dlz_bind9_data *state, const char *name)
+{
+	int ret;
+
+	if (state->update_name == NULL || state->session_info == NULL) {
+		state->log(ISC_LOG_ERROR, "samba_dlz: invalid credentials");
+		return false;
+	}
+
+	/* Do not use client credentials, if we're not updating the client specified name */
+	if (strcmp(state->update_name, name) != 0) {
+		return true;
+	}
+
+	ret = ldb_set_opaque(
+		state->samdb,
+		DSDB_SESSION_INFO,
+		state->session_info);
+	if (ret != LDB_SUCCESS) {
+		state->log(ISC_LOG_ERROR, "samba_dlz: unable to set session info");
+		return false;
+	}
+
+	return true;
+}
+
+/*
+ * Reset session_info on samdb as system session
+ */
+static void b9_reset_session_info(struct dlz_bind9_data *state)
+{
+	ldb_set_opaque(
+		state->samdb,
+		DSDB_SESSION_INFO,
+		system_session(state->lp));
+}
+
+/*
+  add or modify a rdataset
+ */
+_PUBLIC_ isc_result_t dlz_addrdataset(const char *name, const char *rdatastr, void *dbdata, void *version)
+{
+	struct timeval start = timeval_current();
+	struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data);
+	struct dnsp_DnssrvRpcRecord *rec;
+	struct ldb_dn *dn;
+	isc_result_t result = ISC_R_SUCCESS;
+	bool tombstoned = false;
+	bool needs_add = false;
+	struct dnsp_DnssrvRpcRecord *recs = NULL;
+	uint16_t num_recs = 0;
+	uint16_t first = 0;
+	uint16_t i;
+	WERROR werr;
+
+	if (state->transaction_token != (void*)version) {
+		state->log(ISC_LOG_INFO, "samba_dlz: bad transaction version");
+		result = ISC_R_FAILURE;
+		goto exit;
+	}
+
+	rec = talloc_zero(state, struct dnsp_DnssrvRpcRecord);
+	if (rec == NULL) {
+		result = ISC_R_NOMEMORY;
+		goto exit;
+	}
+
+	rec->rank        = DNS_RANK_ZONE;
+
+	if (!b9_parse(state, rdatastr, rec)) {
+		state->log(ISC_LOG_INFO, "samba_dlz: failed to parse rdataset '%s'", rdatastr);
+		talloc_free(rec);
+		result = ISC_R_FAILURE;
+		goto exit;
+	}
+
+	/* find the DN of the record */
+	result = b9_find_name_dn(state, name, rec, &dn);
+	if (result != ISC_R_SUCCESS) {
+		talloc_free(rec);
+		goto exit;
+	}
+
+	/* get any existing records */
+	werr = dns_common_lookup(state->samdb, rec, dn,
+				 &recs, &num_recs, &tombstoned);
+	if (W_ERROR_EQUAL(werr, WERR_DNS_ERROR_NAME_DOES_NOT_EXIST)) {
+		needs_add = true;
+		werr = WERR_OK;
+	}
+	if (!W_ERROR_IS_OK(werr)) {
+		state->log(ISC_LOG_ERROR, "samba_dlz: failed to parse dnsRecord for %s, %s",
+			   ldb_dn_get_linearized(dn), win_errstr(werr));
+		talloc_free(rec);
+		result = ISC_R_FAILURE;
+		goto exit;
+	}
+
+	if (tombstoned) {
+		/*
+		 * we need to keep the existing tombstone record
+		 * and ignore it
+		 */
+		first = num_recs;
+	}
+
+	/* there may be existing records. We need to see if this will
+	 * replace a record or add to it
+	 */
+	for (i=first; i < num_recs; i++) {
+		if (b9_record_match(rec, &recs[i])) {
+			break;
+		}
+	}
+	if (i == UINT16_MAX) {
+		state->log(ISC_LOG_ERROR,
+			   "samba_dlz: failed to find record to modify, and "
+			   "there are already %u dnsRecord values for %s",
+			   i, ldb_dn_get_linearized(dn));
+		talloc_free(rec);
+		result = ISC_R_FAILURE;
+		goto exit;
+	}
+
+	if (i == num_recs) {
+		/* set dwTimeStamp before increasing num_recs */
+		if (dns_name_is_static(recs, num_recs)) {
+			rec->dwTimeStamp = 0;
+		} else {
+			rec->dwTimeStamp = unix_to_dns_timestamp(time(NULL));
+		}
+		/* adding space for a new value */
+		recs = talloc_realloc(rec, recs,
+				      struct dnsp_DnssrvRpcRecord,
+				      num_recs + 1);
+		if (recs == NULL) {
+			talloc_free(rec);
+			result = ISC_R_NOMEMORY;
+			goto exit;
+		}
+		num_recs++;
+	} else {
+		/*
+		 * We are updating a record. Depending on whether aging is
+		 * enabled, and how old the old timestamp is,
+		 * dns_common_replace() will work out whether to bump the
+		 * timestamp or not. But to do that, we need to tell it the
+		 * old timestamp.
+		 */
+		if (! dns_name_is_static(recs, num_recs)) {
+			rec->dwTimeStamp = recs[i].dwTimeStamp;
+		}
+	}
+
+	recs[i] = *rec;
+
+	if (!b9_set_session_info(state, name)) {
+		talloc_free(rec);
+		result = ISC_R_FAILURE;
+		goto exit;
+	}
+
+	/* modify the record */
+	werr = dns_common_replace(state->samdb, rec, dn,
+				  needs_add,
+				  state->soa_serial,
+				  recs, num_recs);
+	b9_reset_session_info(state);
+	if (!W_ERROR_IS_OK(werr)) {
+		state->log(ISC_LOG_ERROR, "samba_dlz: failed to %s %s - %s",
+			   needs_add ? "add" : "modify",
+			   ldb_dn_get_linearized(dn), win_errstr(werr));
+		talloc_free(rec);
+		result = ISC_R_FAILURE;
+		goto exit;
+	}
+
+	state->log(ISC_LOG_INFO, "samba_dlz: added rdataset %s '%s'", name, rdatastr);
+
+	talloc_free(rec);
+exit:
+	DNS_COMMON_LOG_OPERATION(
+		isc_result_str(result),
+		&start,
+		NULL,
+		name,
+		rdatastr);
+	return result;
+}
+
+/*
+  remove a rdataset
+ */
+_PUBLIC_ isc_result_t dlz_subrdataset(const char *name, const char *rdatastr, void *dbdata, void *version)
+{
+	struct timeval start = timeval_current();
+	struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data);
+	struct dnsp_DnssrvRpcRecord *rec;
+	struct ldb_dn *dn;
+	isc_result_t result = ISC_R_SUCCESS;
+	struct dnsp_DnssrvRpcRecord *recs = NULL;
+	uint16_t num_recs = 0;
+	uint16_t i;
+	WERROR werr;
+
+	if (state->transaction_token != (void*)version) {
+		state->log(ISC_LOG_ERROR, "samba_dlz: bad transaction version");
+		result = ISC_R_FAILURE;
+		goto exit;
+	}
+
+	rec = talloc_zero(state, struct dnsp_DnssrvRpcRecord);
+	if (rec == NULL) {
+		result = ISC_R_NOMEMORY;
+		goto exit;
+	}
+
+	if (!b9_parse(state, rdatastr, rec)) {
+		state->log(ISC_LOG_ERROR, "samba_dlz: failed to parse rdataset '%s'", rdatastr);
+		talloc_free(rec);
+		result = ISC_R_FAILURE;
+		goto exit;
+	}
+
+	/* find the DN of the record */
+	result = b9_find_name_dn(state, name, rec, &dn);
+	if (result != ISC_R_SUCCESS) {
+		talloc_free(rec);
+		goto exit;
+	}
+
+	/* get the existing records */
+	werr = dns_common_lookup(state->samdb, rec, dn,
+				 &recs, &num_recs, NULL);
+	if (!W_ERROR_IS_OK(werr)) {
+		talloc_free(rec);
+		result = ISC_R_NOTFOUND;
+		goto exit;
+	}
+
+	for (i=0; i < num_recs; i++) {
+		if (b9_record_match(rec, &recs[i])) {
+			recs[i] = (struct dnsp_DnssrvRpcRecord) {
+				.wType = DNS_TYPE_TOMBSTONE,
+			};
+			break;
+		}
+	}
+	if (i == num_recs) {
+		talloc_free(rec);
+		result = ISC_R_NOTFOUND;
+		goto exit;
+	}
+
+	if (!b9_set_session_info(state, name)) {
+		talloc_free(rec);
+		result = ISC_R_FAILURE;
+		goto exit;
+	}
+
+	/* modify the record */
+	werr = dns_common_replace(state->samdb, rec, dn,
+				  false,/* needs_add */
+				  state->soa_serial,
+				  recs, num_recs);
+	b9_reset_session_info(state);
+	if (!W_ERROR_IS_OK(werr)) {
+		state->log(ISC_LOG_ERROR, "samba_dlz: failed to modify %s - %s",
+			   ldb_dn_get_linearized(dn), win_errstr(werr));
+		talloc_free(rec);
+		result = ISC_R_FAILURE;
+		goto exit;
+	}
+
+	state->log(ISC_LOG_INFO, "samba_dlz: subtracted rdataset %s '%s'", name, rdatastr);
+
+	talloc_free(rec);
+exit:
+	DNS_COMMON_LOG_OPERATION(
+		isc_result_str(result),
+		&start,
+		NULL,
+		name,
+		rdatastr);
+	return result;
+}
+
+
+/*
+  delete all records of the given type
+ */
+_PUBLIC_ isc_result_t dlz_delrdataset(const char *name, const char *type, void *dbdata, void *version)
+{
+	struct timeval start = timeval_current();
+	struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data);
+	TALLOC_CTX *tmp_ctx;
+	struct ldb_dn *dn;
+	isc_result_t result = ISC_R_SUCCESS;
+	enum dns_record_type dns_type;
+	bool found = false;
+	struct dnsp_DnssrvRpcRecord *recs = NULL;
+	uint16_t num_recs = 0;
+	uint16_t ri = 0;
+	WERROR werr;
+
+	if (state->transaction_token != (void*)version) {
+		state->log(ISC_LOG_ERROR, "samba_dlz: bad transaction version");
+		result = ISC_R_FAILURE;
+		goto exit;
+	}
+
+	if (!b9_dns_type(type, &dns_type)) {
+		state->log(ISC_LOG_ERROR, "samba_dlz: bad dns type %s in delete", type);
+		result = ISC_R_FAILURE;
+		goto exit;
+	}
+
+	tmp_ctx = talloc_new(state);
+
+	/* find the DN of the record */
+	result = b9_find_name_dn(state, name, tmp_ctx, &dn);
+	if (result != ISC_R_SUCCESS) {
+		talloc_free(tmp_ctx);
+		goto exit;
+	}
+
+	/* get the existing records */
+	werr = dns_common_lookup(state->samdb, tmp_ctx, dn,
+				 &recs, &num_recs, NULL);
+	if (!W_ERROR_IS_OK(werr)) {
+		talloc_free(tmp_ctx);
+		result = ISC_R_NOTFOUND;
+		goto exit;
+	}
+
+	for (ri=0; ri < num_recs; ri++) {
+		if (dns_type != recs[ri].wType) {
+			continue;
+		}
+
+		found = true;
+		recs[ri] = (struct dnsp_DnssrvRpcRecord) {
+			.wType = DNS_TYPE_TOMBSTONE,
+		};
+	}
+
+	if (!found) {
+		talloc_free(tmp_ctx);
+		result = ISC_R_FAILURE;
+		goto exit;
+	}
+
+	if (!b9_set_session_info(state, name)) {
+		talloc_free(tmp_ctx);
+		result = ISC_R_FAILURE;
+		goto exit;
+	}
+
+	/* modify the record */
+	werr = dns_common_replace(state->samdb, tmp_ctx, dn,
+				  false,/* needs_add */
+				  state->soa_serial,
+				  recs, num_recs);
+	b9_reset_session_info(state);
+	if (!W_ERROR_IS_OK(werr)) {
+		state->log(ISC_LOG_ERROR, "samba_dlz: failed to modify %s - %s",
+			   ldb_dn_get_linearized(dn), win_errstr(werr));
+		talloc_free(tmp_ctx);
+		result = ISC_R_FAILURE;
+		goto exit;
+	}
+
+	state->log(ISC_LOG_INFO, "samba_dlz: deleted rdataset %s of type %s", name, type);
+
+	talloc_free(tmp_ctx);
+exit:
+	DNS_COMMON_LOG_OPERATION(
+		isc_result_str(result),
+		&start,
+		NULL,
+		name,
+		type);
+	return result;
+}
diff --git a/source4/dns_server/dlz_minimal.h b/source4/dns_server/dlz_minimal.h
new file mode 100644
index 0000000..b7e36e7
--- /dev/null
+++ b/source4/dns_server/dlz_minimal.h
@@ -0,0 +1,317 @@
+/*
+ * Copyright (C) 2010 Andrew Tridgell
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the
+ * above copyright notice and this permission notice appear in all
+ * copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR
+ * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+ * THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
+ * OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
+ * USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* This header is updated based on BIND 9.10.1 source.
+ *    contrib/dlz/modules/include/dlz_minimal.h
+ */
+
+#ifndef DLZ_MINIMAL_H
+#define DLZ_MINIMAL_H 1
+
+#include <stdint.h>
+#include <stdbool.h>
+
+#if defined (BIND_VERSION_9_8)
+# error Bind 9.8 is not supported!
+#elif defined (BIND_VERSION_9_9)
+# error Bind 9.9 is not supported!
+#elif defined (BIND_VERSION_9_10)
+# define DLZ_DLOPEN_VERSION 3
+# define DNS_CLIENTINFO_VERSION 1
+# define ISC_BOOLEAN_AS_BOOL 0
+#elif defined (BIND_VERSION_9_11)
+# define DLZ_DLOPEN_VERSION 3
+# define DNS_CLIENTINFO_VERSION 2
+# define ISC_BOOLEAN_AS_BOOL 0
+#elif defined (BIND_VERSION_9_12)
+# define DLZ_DLOPEN_VERSION 3
+# define DNS_CLIENTINFO_VERSION 2
+# define ISC_BOOLEAN_AS_BOOL 0
+#elif defined (BIND_VERSION_9_14)
+# define DLZ_DLOPEN_VERSION 3
+# define DNS_CLIENTINFO_VERSION 2
+#elif defined (BIND_VERSION_9_16)
+# define DLZ_DLOPEN_VERSION 3
+# define DNS_CLIENTINFO_VERSION 2
+#elif defined (BIND_VERSION_9_18)
+# define DLZ_DLOPEN_VERSION 3
+# define DNS_CLIENTINFO_VERSION 2
+#else
+# error Unsupported BIND version
+#endif
+
+#ifndef ISC_BOOLEAN_AS_BOOL
+#define ISC_BOOLEAN_AS_BOOL 1
+#endif
+
+# define DLZ_DLOPEN_AGE 0
+
+typedef unsigned int isc_result_t;
+#if ISC_BOOLEAN_AS_BOOL == 1
+typedef bool isc_boolean_t;
+#else
+typedef int isc_boolean_t;
+#endif
+typedef uint32_t dns_ttl_t;
+
+/* return these in flags from dlz_version() */
+#define DNS_SDLZFLAG_THREADSAFE		0x00000001U
+#define DNS_SDLZFLAG_RELATIVEOWNER	0x00000002U
+#define DNS_SDLZFLAG_RELATIVERDATA	0x00000004U
+
+/* result codes */
+#define ISC_R_SUCCESS			0
+#define ISC_R_NOMEMORY			1
+#define ISC_R_NOPERM			6
+#define ISC_R_NOSPACE			19
+#define ISC_R_NOTFOUND			23
+#define ISC_R_FAILURE			25
+#define ISC_R_NOTIMPLEMENTED		27
+#define ISC_R_NOMORE			29
+#define ISC_R_INVALIDFILE		30
+#define ISC_R_UNEXPECTED		34
+#define ISC_R_FILENOTFOUND		38
+
+/* boolean values */
+#if ISC_BOOLEAN_AS_BOOL == 1
+#define ISC_TRUE	true
+#define ISC_FALSE	false
+#else
+#define ISC_TRUE	1
+#define ISC_FALSE	0
+#endif
+
+/* log levels */
+#define ISC_LOG_INFO		(-1)
+#define ISC_LOG_NOTICE		(-2)
+#define ISC_LOG_WARNING 	(-3)
+#define ISC_LOG_ERROR		(-4)
+#define ISC_LOG_CRITICAL	(-5)
+#define ISC_LOG_DEBUG(level)	(level)
+
+/* opaque structures */
+typedef void *dns_sdlzlookup_t;
+typedef void *dns_sdlzallnodes_t;
+typedef void *dns_view_t;
+typedef void *dns_dlzdb_t;
+
+/*
+ * Method and type definitions needed for retrieval of client info
+ * from the caller.
+ */
+typedef struct isc_sockaddr {
+	union {
+		struct sockaddr         sa;
+		struct sockaddr_in      sin;
+		struct sockaddr_in6     sin6;
+		struct sockaddr_un      sunix;
+	}                               type;
+	unsigned int                    length;
+	void *                          link;
+} isc_sockaddr_t;
+
+#if DNS_CLIENTINFO_VERSION == 1
+
+typedef struct dns_clientinfo {
+	uint16_t version;
+	void *data;
+} dns_clientinfo_t;
+
+typedef isc_result_t (*dns_clientinfo_sourceip_t)(dns_clientinfo_t *client,
+						  isc_sockaddr_t **addrp);
+
+#define DNS_CLIENTINFOMETHODS_VERSION 1
+#define DNS_CLIENTINFOMETHODS_AGE 0
+
+typedef struct dns_clientinfomethods {
+	uint16_t version;
+	uint16_t age;
+	dns_clientinfo_sourceip_t sourceip;
+} dns_clientinfomethods_t;
+
+#elif DNS_CLIENTINFO_VERSION == 2
+
+typedef struct dns_clientinfo {
+	uint16_t version;
+	void *data;
+	void *dbversion;
+} dns_clientinfo_t;
+
+typedef isc_result_t (*dns_clientinfo_sourceip_t)(dns_clientinfo_t *client,
+						  isc_sockaddr_t **addrp);
+
+typedef isc_result_t (*dns_clientinfo_version_t)(dns_clientinfo_t *client,
+						 void **addrp);
+
+#define DNS_CLIENTINFOMETHODS_VERSION 2
+#define DNS_CLIENTINFOMETHODS_AGE 1
+
+typedef struct dns_clientinfomethods {
+	uint16_t version;
+	uint16_t age;
+	dns_clientinfo_sourceip_t sourceip;
+	dns_clientinfo_version_t dbversion;
+} dns_clientinfomethods_t;
+
+#endif /* DNS_CLIENTINFO_VERSION */
+
+
+/*
+ * Method definitions for callbacks provided by the dlopen driver
+ */
+
+typedef void log_t(int level, const char *fmt, ...);
+
+typedef isc_result_t dns_sdlz_putrr_t(dns_sdlzlookup_t *lookup,
+				      const char *type,
+				      dns_ttl_t ttl,
+				      const char *data);
+
+typedef isc_result_t dns_sdlz_putnamedrr_t(dns_sdlzallnodes_t *allnodes,
+					   const char *name,
+					   const char *type,
+					   dns_ttl_t ttl,
+					   const char *data);
+
+typedef isc_result_t dns_dlz_writeablezone_t(dns_view_t *view,
+					     dns_dlzdb_t *dlzdb,
+					     const char *zone_name);
+
+
+/*
+ * prototypes for the functions you can include in your module
+ */
+
+/*
+ * dlz_version() is required for all DLZ external drivers. It should
+ * return DLZ_DLOPEN_VERSION.  'flags' is updated to indicate capabilities
+ * of the module.  In particular, if the module is thread-safe then it
+ * sets 'flags' to include DNS_SDLZFLAG_THREADSAFE.  Other capability
+ * flags may be added in the future.
+ */
+int
+dlz_version(unsigned int *flags);
+
+/*
+ * dlz_create() is required for all DLZ external drivers.
+ */
+isc_result_t
+dlz_create(const char *dlzname, unsigned int argc, const char *argv[],
+	   void **dbdata, ...);
+
+/*
+ * dlz_destroy() is optional, and will be called when the driver is
+ * unloaded if supplied
+ */
+void
+dlz_destroy(void *dbdata);
+
+/*
+ * dlz_findzonedb is required for all DLZ external drivers
+ */
+isc_result_t
+dlz_findzonedb(void *dbdata, const char *name,
+	       dns_clientinfomethods_t *methods,
+	       dns_clientinfo_t *clientinfo);
+
+/*
+ * dlz_lookup is required for all DLZ external drivers
+ */
+isc_result_t
+dlz_lookup(const char *zone, const char *name, void *dbdata,
+	   dns_sdlzlookup_t *lookup,
+	   dns_clientinfomethods_t *methods,
+	   dns_clientinfo_t *clientinfo);
+
+/*
+ * dlz_authority() is optional if dlz_lookup() supplies
+ * authority information (i.e., SOA, NS) for the dns record
+ */
+isc_result_t
+dlz_authority(const char *zone, void *dbdata, dns_sdlzlookup_t *lookup);
+
+/*
+ * dlz_allowzonexfr() is optional, and should be supplied if you want to
+ * support zone transfers
+ */
+isc_result_t
+dlz_allowzonexfr(void *dbdata, const char *name, const char *client);
+
+/*
+ * dlz_allnodes() is optional, but must be supplied if supply a
+ * dlz_allowzonexfr() function
+ */
+isc_result_t
+dlz_allnodes(const char *zone, void *dbdata, dns_sdlzallnodes_t *allnodes);
+
+/*
+ * dlz_newversion() is optional. It should be supplied if you want to
+ * support dynamic updates.
+ */
+isc_result_t
+dlz_newversion(const char *zone, void *dbdata, void **versionp);
+
+/* 
+ * dlz_closeversion() is optional, but must be supplied if you supply a
+ * dlz_newversion() function
+ */
+void
+dlz_closeversion(const char *zone, isc_boolean_t commit, void *dbdata,
+		 void **versionp);
+
+/*
+ * dlz_configure() is optional, but must be supplied if you want to support
+ * dynamic updates
+ */
+isc_result_t
+dlz_configure(dns_view_t *view, dns_dlzdb_t *dlzdb, void *dbdata);
+
+/*
+ * dlz_ssumatch() is optional, but must be supplied if you want to support
+ * dynamic updates
+ */
+isc_boolean_t
+dlz_ssumatch(const char *signer, const char *name, const char *tcpaddr,
+	     const char *type, const char *key, uint32_t keydatalen,
+	     uint8_t *keydata, void *dbdata);
+
+/*
+ * dlz_addrdataset() is optional, but must be supplied if you want to
+ * support dynamic updates
+ */
+isc_result_t
+dlz_addrdataset(const char *name, const char *rdatastr, void *dbdata,
+		void *version);
+
+/*
+ * dlz_subrdataset() is optional, but must be supplied if you want to
+ * support dynamic updates
+ */
+isc_result_t
+dlz_subrdataset(const char *name, const char *rdatastr, void *dbdata,
+		void *version);
+
+/*
+ * dlz_delrdataset() is optional, but must be supplied if you want to
+ * support dynamic updates
+ */
+isc_result_t
+dlz_delrdataset(const char *name, const char *type, void *dbdata,
+		void *version);
+
+#endif /* DLZ_MINIMAL_H */
diff --git a/source4/dns_server/dns_crypto.c b/source4/dns_server/dns_crypto.c
new file mode 100644
index 0000000..be79a4e
--- /dev/null
+++ b/source4/dns_server/dns_crypto.c
@@ -0,0 +1,448 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   DNS server handler for signed packets
+
+   Copyright (C) 2012 Kai Blin  <kai@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/network.h"
+#include "librpc/ndr/libndr.h"
+#include "librpc/gen_ndr/ndr_dns.h"
+#include "dns_server/dns_server.h"
+#include "libcli/util/ntstatus.h"
+#include "auth/auth.h"
+#include "auth/gensec/gensec.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_DNS
+
+static WERROR dns_copy_tsig(TALLOC_CTX *mem_ctx,
+			    struct dns_res_rec *old,
+			    struct dns_res_rec *new_rec)
+{
+	new_rec->name = talloc_strdup(mem_ctx, old->name);
+	W_ERROR_HAVE_NO_MEMORY(new_rec->name);
+
+	new_rec->rr_type = old->rr_type;
+	new_rec->rr_class = old->rr_class;
+	new_rec->ttl = old->ttl;
+	new_rec->length = old->length;
+	new_rec->rdata.tsig_record.algorithm_name = talloc_strdup(mem_ctx,
+				old->rdata.tsig_record.algorithm_name);
+	W_ERROR_HAVE_NO_MEMORY(new_rec->rdata.tsig_record.algorithm_name);
+
+	new_rec->rdata.tsig_record.time_prefix = old->rdata.tsig_record.time_prefix;
+	new_rec->rdata.tsig_record.time = old->rdata.tsig_record.time;
+	new_rec->rdata.tsig_record.fudge = old->rdata.tsig_record.fudge;
+	new_rec->rdata.tsig_record.mac_size = old->rdata.tsig_record.mac_size;
+	new_rec->rdata.tsig_record.mac = talloc_memdup(mem_ctx,
+					old->rdata.tsig_record.mac,
+					old->rdata.tsig_record.mac_size);
+	W_ERROR_HAVE_NO_MEMORY(new_rec->rdata.tsig_record.mac);
+
+	new_rec->rdata.tsig_record.original_id = old->rdata.tsig_record.original_id;
+	new_rec->rdata.tsig_record.error = old->rdata.tsig_record.error;
+	new_rec->rdata.tsig_record.other_size = old->rdata.tsig_record.other_size;
+	new_rec->rdata.tsig_record.other_data = talloc_memdup(mem_ctx,
+					old->rdata.tsig_record.other_data,
+					old->rdata.tsig_record.other_size);
+	W_ERROR_HAVE_NO_MEMORY(new_rec->rdata.tsig_record.other_data);
+
+	return WERR_OK;
+}
+
+struct dns_server_tkey *dns_find_tkey(struct dns_server_tkey_store *store,
+				      const char *name)
+{
+	struct dns_server_tkey *tkey = NULL;
+	uint16_t i = 0;
+
+	do {
+		struct dns_server_tkey *tmp_key = store->tkeys[i];
+
+		i++;
+		i %= TKEY_BUFFER_SIZE;
+
+		if (tmp_key == NULL) {
+			continue;
+		}
+		if (samba_dns_name_equal(name, tmp_key->name)) {
+			tkey = tmp_key;
+			break;
+		}
+	} while (i != 0);
+
+	return tkey;
+}
+
+WERROR dns_verify_tsig(struct dns_server *dns,
+		       TALLOC_CTX *mem_ctx,
+		       struct dns_request_state *state,
+		       struct dns_name_packet *packet,
+		       DATA_BLOB *in)
+{
+	WERROR werror;
+	NTSTATUS status;
+	enum ndr_err_code ndr_err;
+	uint16_t i, arcount = 0;
+	DATA_BLOB tsig_blob, fake_tsig_blob, sig;
+	uint8_t *buffer = NULL;
+	size_t buffer_len = 0, packet_len = 0;
+	struct dns_server_tkey *tkey = NULL;
+	struct dns_fake_tsig_rec *check_rec = talloc_zero(mem_ctx,
+			struct dns_fake_tsig_rec);
+
+
+	/* Find the first TSIG record in the additional records */
+	for (i=0; i < packet->arcount; i++) {
+		if (packet->additional[i].rr_type == DNS_QTYPE_TSIG) {
+			break;
+		}
+	}
+
+	if (i == packet->arcount) {
+		/* no TSIG around */
+		return WERR_OK;
+	}
+
+	/* The TSIG record needs to be the last additional record */
+	if (i + 1 != packet->arcount) {
+		DEBUG(1, ("TSIG record not the last additional record!\n"));
+		return DNS_ERR(FORMAT_ERROR);
+	}
+
+	/* We got a TSIG, so we need to sign our reply */
+	state->sign = true;
+	DBG_DEBUG("Got TSIG\n");
+
+	state->tsig = talloc_zero(state->mem_ctx, struct dns_res_rec);
+	if (state->tsig == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	werror = dns_copy_tsig(state->tsig, &packet->additional[i],
+			       state->tsig);
+	if (!W_ERROR_IS_OK(werror)) {
+		return werror;
+	}
+
+	packet->arcount--;
+
+	tkey = dns_find_tkey(dns->tkeys, state->tsig->name);
+	if (tkey == NULL) {
+		DBG_DEBUG("dns_find_tkey() => NOTAUTH / DNS_RCODE_BADKEY\n");
+		/*
+		 * We must save the name for use in the TSIG error
+		 * response and have no choice here but to save the
+		 * keyname from the TSIG request.
+		 */
+		state->key_name = talloc_strdup(state->mem_ctx,
+						state->tsig->name);
+		if (state->key_name == NULL) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+		state->tsig_error = DNS_RCODE_BADKEY;
+		return DNS_ERR(NOTAUTH);
+	}
+	DBG_DEBUG("dns_find_tkey() => found\n");
+
+	/*
+	 * Remember the keyname that found an existing tkey, used
+	 * later to fetch the key with dns_find_tkey() when signing
+	 * and adding a TSIG record with MAC.
+	 */
+	state->key_name = talloc_strdup(state->mem_ctx, tkey->name);
+	if (state->key_name == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	/* FIXME: check TSIG here */
+	if (check_rec == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	/* first build and verify check packet */
+	check_rec->name = talloc_strdup(check_rec, tkey->name);
+	if (check_rec->name == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+	check_rec->rr_class = DNS_QCLASS_ANY;
+	check_rec->ttl = 0;
+	check_rec->algorithm_name = talloc_strdup(check_rec, tkey->algorithm);
+	if (check_rec->algorithm_name == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+	check_rec->time_prefix = 0;
+	check_rec->time = state->tsig->rdata.tsig_record.time;
+	check_rec->fudge = state->tsig->rdata.tsig_record.fudge;
+	check_rec->error = 0;
+	check_rec->other_size = 0;
+	check_rec->other_data = NULL;
+
+	ndr_err = ndr_push_struct_blob(&tsig_blob, mem_ctx, state->tsig,
+		(ndr_push_flags_fn_t)ndr_push_dns_res_rec);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		DEBUG(1, ("Failed to push packet: %s!\n",
+			  ndr_errstr(ndr_err)));
+		return DNS_ERR(SERVER_FAILURE);
+	}
+
+	ndr_err = ndr_push_struct_blob(&fake_tsig_blob, mem_ctx, check_rec,
+		(ndr_push_flags_fn_t)ndr_push_dns_fake_tsig_rec);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		DEBUG(1, ("Failed to push packet: %s!\n",
+			  ndr_errstr(ndr_err)));
+		return DNS_ERR(SERVER_FAILURE);
+	}
+
+	/* we need to work some magic here. we need to keep the input packet
+	 * exactly like we got it, but we need to cut off the tsig record */
+	packet_len = in->length - tsig_blob.length;
+	buffer_len = packet_len + fake_tsig_blob.length;
+	buffer = talloc_zero_array(mem_ctx, uint8_t, buffer_len);
+	if (buffer == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	memcpy(buffer, in->data, packet_len);
+	memcpy(buffer + packet_len, fake_tsig_blob.data, fake_tsig_blob.length);
+
+	sig.length = state->tsig->rdata.tsig_record.mac_size;
+	sig.data = talloc_memdup(mem_ctx, state->tsig->rdata.tsig_record.mac, sig.length);
+	if (sig.data == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	/* Now we also need to count down the additional record counter */
+	arcount = RSVAL(buffer, 10);
+	RSSVAL(buffer, 10, arcount-1);
+
+	status = gensec_check_packet(tkey->gensec, buffer, buffer_len,
+				    buffer, buffer_len, &sig);
+	if (NT_STATUS_EQUAL(NT_STATUS_ACCESS_DENIED, status)) {
+		dump_data_dbgc(DBGC_DNS, 8, sig.data, sig.length);
+		dump_data_dbgc(DBGC_DNS, 8, buffer, buffer_len);
+		DBG_NOTICE("Verifying tsig failed: %s\n", nt_errstr(status));
+		state->tsig_error = DNS_RCODE_BADSIG;
+		return DNS_ERR(NOTAUTH);
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		dump_data_dbgc(DBGC_DNS, 8, sig.data, sig.length);
+		dump_data_dbgc(DBGC_DNS, 8, buffer, buffer_len);
+		DEBUG(1, ("Verifying tsig failed: %s\n", nt_errstr(status)));
+		return ntstatus_to_werror(status);
+	}
+
+	state->authenticated = true;
+
+	DBG_DEBUG("AUTHENTICATED\n");
+	return WERR_OK;
+}
+
+static WERROR dns_tsig_compute_mac(TALLOC_CTX *mem_ctx,
+				   struct dns_request_state *state,
+				   struct dns_name_packet *packet,
+				   struct dns_server_tkey *tkey,
+				   time_t current_time,
+				   DATA_BLOB *_psig)
+{
+	NTSTATUS status;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB packet_blob, tsig_blob, sig;
+	uint8_t *buffer = NULL;
+	uint8_t *p = NULL;
+	size_t buffer_len = 0;
+	struct dns_fake_tsig_rec *check_rec = talloc_zero(mem_ctx,
+			struct dns_fake_tsig_rec);
+	size_t mac_size = 0;
+
+	if (check_rec == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	/* first build and verify check packet */
+	check_rec->name = talloc_strdup(check_rec, tkey->name);
+	if (check_rec->name == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+	check_rec->rr_class = DNS_QCLASS_ANY;
+	check_rec->ttl = 0;
+	check_rec->algorithm_name = talloc_strdup(check_rec, tkey->algorithm);
+	if (check_rec->algorithm_name == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+	check_rec->time_prefix = 0;
+	check_rec->time = current_time;
+	check_rec->fudge = 300;
+	check_rec->error = state->tsig_error;
+	check_rec->other_size = 0;
+	check_rec->other_data = NULL;
+
+	ndr_err = ndr_push_struct_blob(&packet_blob, mem_ctx, packet,
+		(ndr_push_flags_fn_t)ndr_push_dns_name_packet);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		DEBUG(1, ("Failed to push packet: %s!\n",
+			  ndr_errstr(ndr_err)));
+		return DNS_ERR(SERVER_FAILURE);
+	}
+
+	ndr_err = ndr_push_struct_blob(&tsig_blob, mem_ctx, check_rec,
+		(ndr_push_flags_fn_t)ndr_push_dns_fake_tsig_rec);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		DEBUG(1, ("Failed to push packet: %s!\n",
+			  ndr_errstr(ndr_err)));
+		return DNS_ERR(SERVER_FAILURE);
+	}
+
+	if (state->tsig != NULL) {
+		mac_size = state->tsig->rdata.tsig_record.mac_size;
+	}
+
+	buffer_len = mac_size;
+
+	buffer_len += packet_blob.length;
+	if (buffer_len < packet_blob.length) {
+		return WERR_INVALID_PARAMETER;
+	}
+	buffer_len += tsig_blob.length;
+	if (buffer_len < tsig_blob.length) {
+		return WERR_INVALID_PARAMETER;
+	}
+
+	buffer = talloc_zero_array(mem_ctx, uint8_t, buffer_len);
+	if (buffer == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	p = buffer;
+
+	/*
+	 * RFC 2845 "4.2 TSIG on Answers", how to lay out the buffer
+	 * that we're going to sign:
+	 * 1. MAC of request (if present)
+	 * 2. Outgoing packet
+	 * 3. TSIG record
+	 */
+	if (mac_size > 0) {
+		memcpy(p, state->tsig->rdata.tsig_record.mac, mac_size);
+		p += mac_size;
+	}
+
+	memcpy(p, packet_blob.data, packet_blob.length);
+	p += packet_blob.length;
+
+	memcpy(p, tsig_blob.data, tsig_blob.length);
+
+	status = gensec_sign_packet(tkey->gensec, mem_ctx, buffer, buffer_len,
+				    buffer, buffer_len, &sig);
+	if (!NT_STATUS_IS_OK(status)) {
+		return ntstatus_to_werror(status);
+	}
+
+	*_psig = sig;
+	return WERR_OK;
+}
+
+WERROR dns_sign_tsig(struct dns_server *dns,
+		     TALLOC_CTX *mem_ctx,
+		     struct dns_request_state *state,
+		     struct dns_name_packet *packet,
+		     uint16_t error)
+{
+	WERROR werror;
+	time_t current_time = time(NULL);
+	struct dns_res_rec *tsig = NULL;
+	DATA_BLOB sig = (DATA_BLOB) {
+		.data = NULL,
+		.length = 0
+	};
+
+	tsig = talloc_zero(mem_ctx, struct dns_res_rec);
+	if (tsig == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	if (state->tsig_error == DNS_RCODE_OK) {
+		struct dns_server_tkey *tkey = dns_find_tkey(
+			dns->tkeys, state->key_name);
+		if (tkey == NULL) {
+			DBG_WARNING("dns_find_tkey() => NULL)\n");
+			return DNS_ERR(SERVER_FAILURE);
+		}
+
+		werror = dns_tsig_compute_mac(mem_ctx, state, packet,
+					      tkey, current_time, &sig);
+		DBG_DEBUG("dns_tsig_compute_mac() => %s\n", win_errstr(werror));
+		if (!W_ERROR_IS_OK(werror)) {
+			return werror;
+		}
+	}
+
+	tsig->name = talloc_strdup(tsig, state->key_name);
+	if (tsig->name == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+	tsig->rr_class = DNS_QCLASS_ANY;
+	tsig->rr_type = DNS_QTYPE_TSIG;
+	tsig->ttl = 0;
+	tsig->length = UINT16_MAX;
+	tsig->rdata.tsig_record.algorithm_name = talloc_strdup(tsig, "gss-tsig");
+	if (tsig->rdata.tsig_record.algorithm_name == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+	tsig->rdata.tsig_record.time_prefix = 0;
+	tsig->rdata.tsig_record.time = current_time;
+	tsig->rdata.tsig_record.fudge = 300;
+	tsig->rdata.tsig_record.error = state->tsig_error;
+	tsig->rdata.tsig_record.original_id = packet->id;
+	tsig->rdata.tsig_record.other_size = 0;
+	tsig->rdata.tsig_record.other_data = NULL;
+	if (sig.length > 0) {
+		tsig->rdata.tsig_record.mac_size = sig.length;
+		tsig->rdata.tsig_record.mac = talloc_memdup(tsig, sig.data, sig.length);
+		if (tsig->rdata.tsig_record.mac == NULL) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+	}
+
+	DBG_DEBUG("sig.length=%zu\n", sig.length);
+
+	if (packet->arcount == 0) {
+		packet->additional = talloc_zero(mem_ctx, struct dns_res_rec);
+		if (packet->additional == NULL) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+	}
+	packet->additional = talloc_realloc(mem_ctx, packet->additional,
+					    struct dns_res_rec,
+					    packet->arcount + 1);
+	if (packet->additional == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	werror = dns_copy_tsig(mem_ctx, tsig,
+			       &packet->additional[packet->arcount]);
+	DBG_DEBUG("dns_copy_tsig() => %s\n", win_errstr(werror));
+	if (!W_ERROR_IS_OK(werror)) {
+		return werror;
+	}
+	packet->arcount++;
+
+	return WERR_OK;
+}
diff --git a/source4/dns_server/dns_query.c b/source4/dns_server/dns_query.c
new file mode 100644
index 0000000..181beda
--- /dev/null
+++ b/source4/dns_server/dns_query.c
@@ -0,0 +1,1176 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   DNS server handler for queries
+
+   Copyright (C) 2010 Kai Blin  <kai@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "samba/service_task.h"
+#include "libcli/util/werror.h"
+#include "librpc/ndr/libndr.h"
+#include "librpc/gen_ndr/ndr_dns.h"
+#include "librpc/gen_ndr/ndr_dnsp.h"
+#include <ldb.h>
+#include "param/param.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
+#include "dns_server/dns_server.h"
+#include "libcli/dns/libdns.h"
+#include "lib/util/dlinklist.h"
+#include "lib/util/util_net.h"
+#include "lib/util/tevent_werror.h"
+#include "auth/auth.h"
+#include "auth/credentials/credentials.h"
+#include "auth/gensec/gensec.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_DNS
+#define MAX_Q_RECURSION_DEPTH 20
+
+struct forwarder_string {
+	const char *forwarder;
+	struct forwarder_string *prev, *next;
+};
+
+static WERROR add_response_rr(const char *name,
+			      const struct dnsp_DnssrvRpcRecord *rec,
+			      struct dns_res_rec **answers)
+{
+	struct dns_res_rec *ans = *answers;
+	uint16_t ai = talloc_array_length(ans);
+	enum ndr_err_code ndr_err;
+
+	if (ai == UINT16_MAX) {
+		return WERR_BUFFER_OVERFLOW;
+	}
+
+	/*
+	 * "ans" is always non-NULL and thus its own talloc context
+	 */
+	ans = talloc_realloc(ans, ans, struct dns_res_rec, ai+1);
+	if (ans == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	ZERO_STRUCT(ans[ai]);
+
+	switch (rec->wType) {
+	case DNS_QTYPE_CNAME:
+		ans[ai].rdata.cname_record = talloc_strdup(ans, rec->data.cname);
+		W_ERROR_HAVE_NO_MEMORY(ans[ai].rdata.cname_record);
+		break;
+	case DNS_QTYPE_A:
+		ans[ai].rdata.ipv4_record = talloc_strdup(ans, rec->data.ipv4);
+		W_ERROR_HAVE_NO_MEMORY(ans[ai].rdata.ipv4_record);
+		break;
+	case DNS_QTYPE_AAAA:
+		ans[ai].rdata.ipv6_record = talloc_strdup(ans, rec->data.ipv6);
+		W_ERROR_HAVE_NO_MEMORY(ans[ai].rdata.ipv6_record);
+		break;
+	case DNS_TYPE_NS:
+		ans[ai].rdata.ns_record = talloc_strdup(ans, rec->data.ns);
+		W_ERROR_HAVE_NO_MEMORY(ans[ai].rdata.ns_record);
+		break;
+	case DNS_QTYPE_SRV:
+		ans[ai].rdata.srv_record.priority = rec->data.srv.wPriority;
+		ans[ai].rdata.srv_record.weight   = rec->data.srv.wWeight;
+		ans[ai].rdata.srv_record.port     = rec->data.srv.wPort;
+		ans[ai].rdata.srv_record.target   = talloc_strdup(
+			ans, rec->data.srv.nameTarget);
+		W_ERROR_HAVE_NO_MEMORY(ans[ai].rdata.srv_record.target);
+		break;
+	case DNS_QTYPE_SOA:
+		ans[ai].rdata.soa_record.mname	 = talloc_strdup(
+			ans, rec->data.soa.mname);
+		W_ERROR_HAVE_NO_MEMORY(ans[ai].rdata.soa_record.mname);
+		ans[ai].rdata.soa_record.rname	 = talloc_strdup(
+			ans, rec->data.soa.rname);
+		W_ERROR_HAVE_NO_MEMORY(ans[ai].rdata.soa_record.rname);
+		ans[ai].rdata.soa_record.serial	 = rec->data.soa.serial;
+		ans[ai].rdata.soa_record.refresh = rec->data.soa.refresh;
+		ans[ai].rdata.soa_record.retry	 = rec->data.soa.retry;
+		ans[ai].rdata.soa_record.expire	 = rec->data.soa.expire;
+		ans[ai].rdata.soa_record.minimum = rec->data.soa.minimum;
+		break;
+	case DNS_QTYPE_PTR:
+		ans[ai].rdata.ptr_record = talloc_strdup(ans, rec->data.ptr);
+		W_ERROR_HAVE_NO_MEMORY(ans[ai].rdata.ptr_record);
+		break;
+	case DNS_QTYPE_MX:
+		ans[ai].rdata.mx_record.preference = rec->data.mx.wPriority;
+		ans[ai].rdata.mx_record.exchange = talloc_strdup(
+			ans, rec->data.mx.nameTarget);
+		if (ans[ai].rdata.mx_record.exchange == NULL) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+		break;
+	case DNS_QTYPE_TXT:
+		ndr_err = ndr_dnsp_string_list_copy(ans,
+						    &rec->data.txt,
+						    &ans[ai].rdata.txt_record.txt);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+		break;
+	default:
+		DEBUG(0, ("Got unhandled type %u query.\n", rec->wType));
+		return DNS_ERR(NOT_IMPLEMENTED);
+	}
+
+	ans[ai].name = talloc_strdup(ans, name);
+	W_ERROR_HAVE_NO_MEMORY(ans[ai].name);
+	ans[ai].rr_type = (enum dns_qtype)rec->wType;
+	ans[ai].rr_class = DNS_QCLASS_IN;
+	ans[ai].ttl = rec->dwTtlSeconds;
+	ans[ai].length = UINT16_MAX;
+
+	*answers = ans;
+
+	return WERR_OK;
+}
+
+static WERROR add_dns_res_rec(struct dns_res_rec **pdst,
+			      const struct dns_res_rec *src)
+{
+	struct dns_res_rec *dst = *pdst;
+	uint16_t di = talloc_array_length(dst);
+	enum ndr_err_code ndr_err;
+
+	if (di == UINT16_MAX) {
+		return WERR_BUFFER_OVERFLOW;
+	}
+
+	dst = talloc_realloc(dst, dst, struct dns_res_rec, di+1);
+	if (dst == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	ZERO_STRUCT(dst[di]);
+
+	dst[di] = (struct dns_res_rec) {
+		.name = talloc_strdup(dst, src->name),
+		.rr_type = src->rr_type,
+		.rr_class = src->rr_class,
+		.ttl = src->ttl,
+		.length = src->length
+	};
+
+	if (dst[di].name == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	switch (src->rr_type) {
+	case DNS_QTYPE_CNAME:
+		dst[di].rdata.cname_record = talloc_strdup(
+			dst, src->rdata.cname_record);
+		if (dst[di].rdata.cname_record == NULL) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+		break;
+	case DNS_QTYPE_A:
+		dst[di].rdata.ipv4_record = talloc_strdup(
+			dst, src->rdata.ipv4_record);
+		if (dst[di].rdata.ipv4_record == NULL) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+		break;
+	case DNS_QTYPE_AAAA:
+		dst[di].rdata.ipv6_record = talloc_strdup(
+			dst, src->rdata.ipv6_record);
+		if (dst[di].rdata.ipv6_record == NULL) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+		break;
+	case DNS_TYPE_NS:
+		dst[di].rdata.ns_record = talloc_strdup(
+			dst, src->rdata.ns_record);
+		if (dst[di].rdata.ns_record == NULL) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+		break;
+	case DNS_QTYPE_SRV:
+		dst[di].rdata.srv_record = (struct dns_srv_record) {
+			.priority = src->rdata.srv_record.priority,
+			.weight   = src->rdata.srv_record.weight,
+			.port     = src->rdata.srv_record.port,
+			.target   = talloc_strdup(
+				dst, src->rdata.srv_record.target)
+		};
+		if (dst[di].rdata.srv_record.target == NULL) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+		break;
+	case DNS_QTYPE_SOA:
+		dst[di].rdata.soa_record = (struct dns_soa_record) {
+			.mname	 = talloc_strdup(
+				dst, src->rdata.soa_record.mname),
+			.rname	 = talloc_strdup(
+				dst, src->rdata.soa_record.rname),
+			.serial	 = src->rdata.soa_record.serial,
+			.refresh = src->rdata.soa_record.refresh,
+			.retry   = src->rdata.soa_record.retry,
+			.expire  = src->rdata.soa_record.expire,
+			.minimum = src->rdata.soa_record.minimum
+		};
+
+		if ((dst[di].rdata.soa_record.mname == NULL) ||
+		    (dst[di].rdata.soa_record.rname == NULL)) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+
+		break;
+	case DNS_QTYPE_PTR:
+		dst[di].rdata.ptr_record = talloc_strdup(
+			dst, src->rdata.ptr_record);
+		if (dst[di].rdata.ptr_record == NULL) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+		break;
+	case DNS_QTYPE_MX:
+		dst[di].rdata.mx_record = (struct dns_mx_record) {
+			.preference = src->rdata.mx_record.preference,
+			.exchange   = talloc_strdup(
+				src, src->rdata.mx_record.exchange)
+		};
+
+		if (dst[di].rdata.mx_record.exchange == NULL) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+		break;
+	case DNS_QTYPE_TXT:
+		ndr_err = ndr_dnsp_string_list_copy(dst,
+						    &src->rdata.txt_record.txt,
+						    &dst[di].rdata.txt_record.txt);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+		break;
+	default:
+		DBG_WARNING("Got unhandled type %u query.\n", src->rr_type);
+		return DNS_ERR(NOT_IMPLEMENTED);
+	}
+
+	*pdst = dst;
+
+	return WERR_OK;
+}
+
+struct ask_forwarder_state {
+	struct dns_name_packet *reply;
+};
+
+static void ask_forwarder_done(struct tevent_req *subreq);
+
+static struct tevent_req *ask_forwarder_send(
+	TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+	const char *forwarder, struct dns_name_question *question)
+{
+	struct tevent_req *req, *subreq;
+	struct ask_forwarder_state *state;
+
+	req = tevent_req_create(mem_ctx, &state, struct ask_forwarder_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	subreq = dns_cli_request_send(state, ev, forwarder,
+				      question->name, question->question_class,
+				      question->question_type);
+	if (tevent_req_nomem(subreq, req)) {
+		return tevent_req_post(req, ev);
+	}
+	tevent_req_set_callback(subreq, ask_forwarder_done, req);
+	return req;
+}
+
+static void ask_forwarder_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req = tevent_req_callback_data(
+		subreq, struct tevent_req);
+	struct ask_forwarder_state *state = tevent_req_data(
+		req, struct ask_forwarder_state);
+	int ret;
+
+	ret = dns_cli_request_recv(subreq, state, &state->reply);
+	TALLOC_FREE(subreq);
+
+	if (ret != 0) {
+		tevent_req_werror(req, unix_to_werror(ret));
+		return;
+	}
+
+	tevent_req_done(req);
+}
+
+static WERROR ask_forwarder_recv(
+	struct tevent_req *req, TALLOC_CTX *mem_ctx,
+	struct dns_res_rec **answers, uint16_t *ancount,
+	struct dns_res_rec **nsrecs, uint16_t *nscount,
+	struct dns_res_rec **additional, uint16_t *arcount)
+{
+	struct ask_forwarder_state *state = tevent_req_data(
+		req, struct ask_forwarder_state);
+	struct dns_name_packet *in_packet = state->reply;
+	WERROR err;
+
+	if (tevent_req_is_werror(req, &err)) {
+		return err;
+	}
+
+	*ancount = in_packet->ancount;
+	*answers = talloc_move(mem_ctx, &in_packet->answers);
+
+	*nscount = in_packet->nscount;
+	*nsrecs = talloc_move(mem_ctx, &in_packet->nsrecs);
+
+	*arcount = in_packet->arcount;
+	*additional = talloc_move(mem_ctx, &in_packet->additional);
+
+	return WERR_OK;
+}
+
+static WERROR add_zone_authority_record(struct dns_server *dns,
+					TALLOC_CTX *mem_ctx,
+					const struct dns_name_question *question,
+					struct dns_res_rec **nsrecs)
+{
+	const char *zone = NULL;
+	struct dnsp_DnssrvRpcRecord *recs;
+	struct dns_res_rec *ns = *nsrecs;
+	uint16_t rec_count;
+	struct ldb_dn *dn = NULL;
+	unsigned int ri;
+	WERROR werror;
+
+	zone = dns_get_authoritative_zone(dns, question->name);
+	DEBUG(10, ("Creating zone authority record for '%s'\n", zone));
+
+	werror = dns_name2dn(dns, mem_ctx, zone, &dn);
+	if (!W_ERROR_IS_OK(werror)) {
+		return werror;
+	}
+
+	werror = dns_lookup_records(dns, mem_ctx, dn, &recs, &rec_count);
+	if (!W_ERROR_IS_OK(werror)) {
+		return werror;
+	}
+
+	for (ri = 0; ri < rec_count; ri++) {
+		if (recs[ri].wType == DNS_TYPE_SOA) {
+			werror = add_response_rr(zone, &recs[ri], &ns);
+			if (!W_ERROR_IS_OK(werror)) {
+				return werror;
+			}
+		}
+	}
+
+	*nsrecs = ns;
+
+	return WERR_OK;
+}
+
+static struct tevent_req *handle_authoritative_send(
+	TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+	struct dns_server *dns, const char *forwarder,
+	struct dns_name_question *question,
+	struct dns_res_rec **answers, struct dns_res_rec **nsrecs,
+	size_t cname_depth);
+static WERROR handle_authoritative_recv(struct tevent_req *req);
+
+struct handle_dnsrpcrec_state {
+	struct dns_res_rec **answers;
+	struct dns_res_rec **nsrecs;
+};
+
+static void handle_dnsrpcrec_gotauth(struct tevent_req *subreq);
+static void handle_dnsrpcrec_gotforwarded(struct tevent_req *subreq);
+
+static struct tevent_req *handle_dnsrpcrec_send(
+	TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+	struct dns_server *dns, const char *forwarder,
+	const struct dns_name_question *question,
+	struct dnsp_DnssrvRpcRecord *rec,
+	struct dns_res_rec **answers, struct dns_res_rec **nsrecs,
+	size_t cname_depth)
+{
+	struct tevent_req *req, *subreq;
+	struct handle_dnsrpcrec_state *state;
+	struct dns_name_question *new_q;
+	bool resolve_cname;
+	WERROR werr;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct handle_dnsrpcrec_state);
+	if (req == NULL) {
+		return NULL;
+	}
+	state->answers = answers;
+	state->nsrecs = nsrecs;
+
+	if (cname_depth >= MAX_Q_RECURSION_DEPTH) {
+		tevent_req_done(req);
+		return tevent_req_post(req, ev);
+	}
+
+	resolve_cname = ((rec->wType == DNS_TYPE_CNAME) &&
+			 ((question->question_type == DNS_QTYPE_A) ||
+			  (question->question_type == DNS_QTYPE_AAAA)));
+
+	if (!resolve_cname) {
+		if ((question->question_type != DNS_QTYPE_ALL) &&
+		    (rec->wType !=
+		     (enum dns_record_type) question->question_type)) {
+			tevent_req_done(req);
+			return tevent_req_post(req, ev);
+		}
+
+		werr = add_response_rr(question->name, rec, state->answers);
+		if (tevent_req_werror(req, werr)) {
+			return tevent_req_post(req, ev);
+		}
+
+		tevent_req_done(req);
+		return tevent_req_post(req, ev);
+	}
+
+	werr = add_response_rr(question->name, rec, state->answers);
+	if (tevent_req_werror(req, werr)) {
+		return tevent_req_post(req, ev);
+	}
+
+	new_q = talloc(state, struct dns_name_question);
+	if (tevent_req_nomem(new_q, req)) {
+		return tevent_req_post(req, ev);
+	}
+
+	*new_q = (struct dns_name_question) {
+		.question_type = question->question_type,
+		.question_class = question->question_class,
+		.name = rec->data.cname
+	};
+
+	if (dns_authoritative_for_zone(dns, new_q->name)) {
+		subreq = handle_authoritative_send(
+			state, ev, dns, forwarder, new_q,
+			state->answers, state->nsrecs,
+			cname_depth + 1);
+		if (tevent_req_nomem(subreq, req)) {
+			return tevent_req_post(req, ev);
+		}
+		tevent_req_set_callback(subreq, handle_dnsrpcrec_gotauth, req);
+		return req;
+	}
+
+	subreq = ask_forwarder_send(state, ev, forwarder, new_q);
+	if (tevent_req_nomem(subreq, req)) {
+		return tevent_req_post(req, ev);
+	}
+	tevent_req_set_callback(subreq, handle_dnsrpcrec_gotforwarded, req);
+
+	return req;
+}
+
+static void handle_dnsrpcrec_gotauth(struct tevent_req *subreq)
+{
+	struct tevent_req *req = tevent_req_callback_data(
+		subreq, struct tevent_req);
+	WERROR werr;
+
+	werr = handle_authoritative_recv(subreq);
+	TALLOC_FREE(subreq);
+	if (tevent_req_werror(req, werr)) {
+		return;
+	}
+	tevent_req_done(req);
+}
+
+static void handle_dnsrpcrec_gotforwarded(struct tevent_req *subreq)
+{
+	struct tevent_req *req = tevent_req_callback_data(
+		subreq, struct tevent_req);
+	struct handle_dnsrpcrec_state *state = tevent_req_data(
+		req, struct handle_dnsrpcrec_state);
+	struct dns_res_rec *answers, *nsrecs, *additional;
+	uint16_t ancount = 0;
+	uint16_t nscount = 0;
+	uint16_t arcount = 0;
+	uint16_t i;
+	WERROR werr;
+
+	werr = ask_forwarder_recv(subreq, state, &answers, &ancount,
+				  &nsrecs, &nscount, &additional, &arcount);
+	if (tevent_req_werror(req, werr)) {
+		return;
+	}
+
+	for (i=0; i<ancount; i++) {
+		werr = add_dns_res_rec(state->answers, &answers[i]);
+		if (tevent_req_werror(req, werr)) {
+			return;
+		}
+	}
+
+	for (i=0; i<nscount; i++) {
+		werr = add_dns_res_rec(state->nsrecs, &nsrecs[i]);
+		if (tevent_req_werror(req, werr)) {
+			return;
+		}
+	}
+
+	tevent_req_done(req);
+}
+
+static WERROR handle_dnsrpcrec_recv(struct tevent_req *req)
+{
+	return tevent_req_simple_recv_werror(req);
+}
+
+struct handle_authoritative_state {
+	struct tevent_context *ev;
+	struct dns_server *dns;
+	struct dns_name_question *question;
+	const char *forwarder;
+
+	struct dnsp_DnssrvRpcRecord *recs;
+	uint16_t rec_count;
+	uint16_t recs_done;
+
+	struct dns_res_rec **answers;
+	struct dns_res_rec **nsrecs;
+
+	size_t cname_depth;
+};
+
+static void handle_authoritative_done(struct tevent_req *subreq);
+
+static struct tevent_req *handle_authoritative_send(
+	TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+	struct dns_server *dns, const char *forwarder,
+	struct dns_name_question *question,
+	struct dns_res_rec **answers, struct dns_res_rec **nsrecs,
+	size_t cname_depth)
+{
+	struct tevent_req *req, *subreq;
+	struct handle_authoritative_state *state;
+	struct ldb_dn *dn = NULL;
+	WERROR werr;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct handle_authoritative_state);
+	if (req == NULL) {
+		return NULL;
+	}
+	state->ev = ev;
+	state->dns = dns;
+	state->question = question;
+	state->forwarder = forwarder;
+	state->answers = answers;
+	state->nsrecs = nsrecs;
+	state->cname_depth = cname_depth;
+
+	werr = dns_name2dn(dns, state, question->name, &dn);
+	if (tevent_req_werror(req, werr)) {
+		return tevent_req_post(req, ev);
+	}
+	werr = dns_lookup_records_wildcard(dns, state, dn, &state->recs,
+				           &state->rec_count);
+	TALLOC_FREE(dn);
+	if (tevent_req_werror(req, werr)) {
+		return tevent_req_post(req, ev);
+	}
+
+	if (state->rec_count == 0) {
+		tevent_req_werror(req, DNS_ERR(NAME_ERROR));
+		return tevent_req_post(req, ev);
+	}
+
+	subreq = handle_dnsrpcrec_send(
+		state, state->ev, state->dns, state->forwarder,
+		state->question, &state->recs[state->recs_done],
+		state->answers, state->nsrecs,
+		state->cname_depth);
+	if (tevent_req_nomem(subreq, req)) {
+		return tevent_req_post(req, ev);
+	}
+	tevent_req_set_callback(subreq, handle_authoritative_done, req);
+	return req;
+}
+
+static void handle_authoritative_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req = tevent_req_callback_data(
+		subreq, struct tevent_req);
+	struct handle_authoritative_state *state = tevent_req_data(
+		req, struct handle_authoritative_state);
+	WERROR werr;
+
+	werr = handle_dnsrpcrec_recv(subreq);
+	TALLOC_FREE(subreq);
+	if (tevent_req_werror(req, werr)) {
+		return;
+	}
+
+	state->recs_done += 1;
+
+	if (state->recs_done == state->rec_count) {
+		tevent_req_done(req);
+		return;
+	}
+
+	subreq = handle_dnsrpcrec_send(
+		state, state->ev, state->dns, state->forwarder,
+		state->question, &state->recs[state->recs_done],
+		state->answers, state->nsrecs,
+		state->cname_depth);
+	if (tevent_req_nomem(subreq, req)) {
+		return;
+	}
+	tevent_req_set_callback(subreq, handle_authoritative_done, req);
+}
+
+static WERROR handle_authoritative_recv(struct tevent_req *req)
+{
+	WERROR werr;
+
+	if (tevent_req_is_werror(req, &werr)) {
+		return werr;
+	}
+
+	return WERR_OK;
+}
+
+static NTSTATUS create_tkey(struct dns_server *dns,
+			    const char* name,
+			    const char* algorithm,
+			    const struct tsocket_address *remote_address,
+			    const struct tsocket_address *local_address,
+			    struct dns_server_tkey **tkey)
+{
+	NTSTATUS status;
+	struct dns_server_tkey_store *store = dns->tkeys;
+	struct dns_server_tkey *k = talloc_zero(store, struct dns_server_tkey);
+
+	if (k == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	k->name = talloc_strdup(k, name);
+
+	if (k->name  == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	k->algorithm = talloc_strdup(k, algorithm);
+	if (k->algorithm == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/*
+	 * We only allow SPNEGO/KRB5 currently
+	 * and rely on the backend to be RPC/IPC free.
+	 *
+	 * It allows gensec_update() not to block.
+	 */
+	status = samba_server_gensec_krb5_start(k,
+						dns->task->event_ctx,
+						dns->task->msg_ctx,
+						dns->task->lp_ctx,
+						dns->server_credentials,
+						"dns",
+						&k->gensec);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status)));
+		*tkey = NULL;
+		return status;
+	}
+
+	gensec_want_feature(k->gensec, GENSEC_FEATURE_SIGN);
+
+	status = gensec_set_remote_address(k->gensec,
+					   remote_address);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(1, ("Failed to set remote address into GENSEC: %s\n",
+			  nt_errstr(status)));
+		*tkey = NULL;
+		return status;
+	}
+
+	status = gensec_set_local_address(k->gensec,
+					  local_address);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(1, ("Failed to set local address into GENSEC: %s\n",
+			  nt_errstr(status)));
+		*tkey = NULL;
+		return status;
+	}
+
+	status = gensec_start_mech_by_oid(k->gensec, GENSEC_OID_SPNEGO);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(1, ("Failed to start GENSEC server code: %s\n",
+			  nt_errstr(status)));
+		*tkey = NULL;
+		return status;
+	}
+
+	TALLOC_FREE(store->tkeys[store->next_idx]);
+
+	store->tkeys[store->next_idx] = k;
+	(store->next_idx)++;
+	store->next_idx %= store->size;
+
+	*tkey = k;
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS accept_gss_ticket(TALLOC_CTX *mem_ctx,
+				  struct dns_server *dns,
+				  struct dns_server_tkey *tkey,
+				  const DATA_BLOB *key,
+				  DATA_BLOB *reply,
+				  uint16_t *dns_auth_error)
+{
+	NTSTATUS status;
+
+	/*
+	 * We use samba_server_gensec_krb5_start(),
+	 * which only allows SPNEGO/KRB5 currently
+	 * and makes sure the backend to be RPC/IPC free.
+	 *
+	 * See gensec_gssapi_update_internal() as
+	 * GENSEC_SERVER.
+	 *
+	 * It allows gensec_update() not to block.
+	 *
+	 * If that changes in future we need to use
+	 * gensec_update_send/recv here!
+	 */
+	status = gensec_update(tkey->gensec, mem_ctx,
+			       *key, reply);
+
+	if (NT_STATUS_EQUAL(NT_STATUS_MORE_PROCESSING_REQUIRED, status)) {
+		*dns_auth_error = DNS_RCODE_OK;
+		return status;
+	}
+
+	if (NT_STATUS_IS_OK(status)) {
+
+		status = gensec_session_info(tkey->gensec, tkey, &tkey->session_info);
+		if (!NT_STATUS_IS_OK(status)) {
+			*dns_auth_error = DNS_RCODE_BADKEY;
+			return status;
+		}
+		*dns_auth_error = DNS_RCODE_OK;
+	}
+
+	return status;
+}
+
+static WERROR handle_tkey(struct dns_server *dns,
+                          TALLOC_CTX *mem_ctx,
+                          const struct dns_name_packet *in,
+			  struct dns_request_state *state,
+                          struct dns_res_rec **answers,
+                          uint16_t *ancount)
+{
+	struct dns_res_rec *in_tkey = NULL;
+	struct dns_res_rec *ret_tkey;
+	uint16_t i;
+
+	for (i = 0; i < in->arcount; i++) {
+		if (in->additional[i].rr_type == DNS_QTYPE_TKEY) {
+			in_tkey = &in->additional[i];
+			break;
+		}
+	}
+
+	/* If this is a TKEY query, it should have a TKEY RR.
+	 * Behaviour is not really specified in RFC 2930 or RFC 3645, but
+	 * FORMAT_ERROR seems to be what BIND uses .*/
+	if (in_tkey == NULL) {
+		return DNS_ERR(FORMAT_ERROR);
+	}
+
+	ret_tkey = talloc_zero(mem_ctx, struct dns_res_rec);
+	if (ret_tkey == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	ret_tkey->name = talloc_strdup(ret_tkey, in_tkey->name);
+	if (ret_tkey->name == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	ret_tkey->rr_type = DNS_QTYPE_TKEY;
+	ret_tkey->rr_class = DNS_QCLASS_ANY;
+	ret_tkey->length = UINT16_MAX;
+
+	ret_tkey->rdata.tkey_record.algorithm = talloc_strdup(ret_tkey,
+			in_tkey->rdata.tkey_record.algorithm);
+	if (ret_tkey->rdata.tkey_record.algorithm  == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	ret_tkey->rdata.tkey_record.inception = in_tkey->rdata.tkey_record.inception;
+	ret_tkey->rdata.tkey_record.expiration = in_tkey->rdata.tkey_record.expiration;
+	ret_tkey->rdata.tkey_record.mode = in_tkey->rdata.tkey_record.mode;
+
+	switch (in_tkey->rdata.tkey_record.mode) {
+	case DNS_TKEY_MODE_DH:
+		/* FIXME: According to RFC 2930, we MUST support this, but we don't.
+		 * Still, claim it's a bad key instead of a bad mode */
+		ret_tkey->rdata.tkey_record.error = DNS_RCODE_BADKEY;
+		break;
+	case DNS_TKEY_MODE_GSSAPI: {
+		NTSTATUS status;
+		struct dns_server_tkey *tkey;
+		DATA_BLOB key;
+		DATA_BLOB reply;
+
+		tkey = dns_find_tkey(dns->tkeys, in->questions[0].name);
+		if (tkey != NULL && tkey->complete) {
+			/* TODO: check if the key is still valid */
+			DEBUG(1, ("Rejecting tkey negotiation for already established key\n"));
+			ret_tkey->rdata.tkey_record.error = DNS_RCODE_BADNAME;
+			break;
+		}
+
+		if (tkey == NULL) {
+			status  = create_tkey(dns, in->questions[0].name,
+					      in_tkey->rdata.tkey_record.algorithm,
+					      state->remote_address,
+					      state->local_address,
+					      &tkey);
+			if (!NT_STATUS_IS_OK(status)) {
+				ret_tkey->rdata.tkey_record.error = DNS_RCODE_BADKEY;
+				return ntstatus_to_werror(status);
+			}
+		}
+
+		key.data = in_tkey->rdata.tkey_record.key_data;
+		key.length = in_tkey->rdata.tkey_record.key_size;
+
+		status = accept_gss_ticket(ret_tkey, dns, tkey, &key, &reply,
+					   &ret_tkey->rdata.tkey_record.error);
+		if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+			DEBUG(1, ("More processing required\n"));
+			ret_tkey->rdata.tkey_record.error = DNS_RCODE_BADKEY;
+		} else if (NT_STATUS_IS_OK(status)) {
+			DBG_DEBUG("Tkey handshake completed\n");
+			ret_tkey->rdata.tkey_record.key_size = reply.length;
+			ret_tkey->rdata.tkey_record.key_data = talloc_memdup(ret_tkey,
+								reply.data,
+								reply.length);
+			if (ret_tkey->rdata.tkey_record.key_data == NULL) {
+				return WERR_NOT_ENOUGH_MEMORY;
+			}
+			state->sign = true;
+			state->key_name = talloc_strdup(state->mem_ctx, tkey->name);
+			if (state->key_name == NULL) {
+				return WERR_NOT_ENOUGH_MEMORY;
+			}
+		} else {
+			DEBUG(1, ("GSS key negotiation returned %s\n", nt_errstr(status)));
+			ret_tkey->rdata.tkey_record.error = DNS_RCODE_BADKEY;
+		}
+
+		break;
+		}
+	case DNS_TKEY_MODE_DELETE:
+		/* TODO: implement me */
+		DEBUG(1, ("Should delete tkey here\n"));
+		ret_tkey->rdata.tkey_record.error = DNS_RCODE_OK;
+		break;
+	case DNS_TKEY_MODE_NULL:
+	case DNS_TKEY_MODE_SERVER:
+	case DNS_TKEY_MODE_CLIENT:
+	case DNS_TKEY_MODE_LAST:
+		/* We don't have to implement these, return a mode error */
+		ret_tkey->rdata.tkey_record.error = DNS_RCODE_BADMODE;
+		break;
+	default:
+		DEBUG(1, ("Unsupported TKEY mode %d\n",
+		      in_tkey->rdata.tkey_record.mode));
+	}
+
+	*answers = ret_tkey;
+	*ancount = 1;
+
+	return WERR_OK;
+}
+
+struct dns_server_process_query_state {
+	struct tevent_context *ev;
+	struct dns_server *dns;
+	struct dns_name_question *question;
+
+	struct dns_res_rec *answers;
+	uint16_t ancount;
+	struct dns_res_rec *nsrecs;
+	uint16_t nscount;
+	struct dns_res_rec *additional;
+	uint16_t arcount;
+	struct forwarder_string *forwarders;
+};
+
+static void dns_server_process_query_got_auth(struct tevent_req *subreq);
+static void dns_server_process_query_got_response(struct tevent_req *subreq);
+
+struct tevent_req *dns_server_process_query_send(
+	TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+	struct dns_server *dns,	struct dns_request_state *req_state,
+	const struct dns_name_packet *in)
+{
+	struct tevent_req *req, *subreq;
+	struct dns_server_process_query_state *state;
+	const char **forwarders = NULL;
+	unsigned int i;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct dns_server_process_query_state);
+	if (req == NULL) {
+		return NULL;
+	}
+	if (in->qdcount != 1) {
+		tevent_req_werror(req, DNS_ERR(FORMAT_ERROR));
+		return tevent_req_post(req, ev);
+	}
+
+	/* Windows returns NOT_IMPLEMENTED on this as well */
+	if (in->questions[0].question_class == DNS_QCLASS_NONE) {
+		tevent_req_werror(req, DNS_ERR(NOT_IMPLEMENTED));
+		return tevent_req_post(req, ev);
+	}
+
+	if (in->questions[0].question_type == DNS_QTYPE_TKEY) {
+                WERROR err;
+
+		err = handle_tkey(dns, state, in, req_state,
+				  &state->answers, &state->ancount);
+		if (tevent_req_werror(req, err)) {
+			return tevent_req_post(req, ev);
+		}
+		tevent_req_done(req);
+		return tevent_req_post(req, ev);
+	}
+
+	state->dns = dns;
+	state->ev = ev;
+	state->question = &in->questions[0];
+
+	forwarders = lpcfg_dns_forwarder(dns->task->lp_ctx);
+	for (i = 0; forwarders != NULL && forwarders[i] != NULL; i++) {
+		struct forwarder_string *f = talloc_zero(state,
+							 struct forwarder_string);
+		f->forwarder = forwarders[i];
+		DLIST_ADD_END(state->forwarders, f);
+	}
+
+	if (dns_authoritative_for_zone(dns, in->questions[0].name)) {
+
+		req_state->flags |= DNS_FLAG_AUTHORITATIVE;
+
+		/*
+		 * Initialize the response arrays, so that we can use
+		 * them as their own talloc contexts when doing the
+		 * realloc
+		 */
+		state->answers = talloc_array(state, struct dns_res_rec, 0);
+		if (tevent_req_nomem(state->answers, req)) {
+			return tevent_req_post(req, ev);
+		}
+		state->nsrecs = talloc_array(state, struct dns_res_rec, 0);
+		if (tevent_req_nomem(state->nsrecs, req)) {
+			return tevent_req_post(req, ev);
+		}
+
+		subreq = handle_authoritative_send(
+			state, ev, dns, (forwarders == NULL ? NULL : forwarders[0]),
+			&in->questions[0], &state->answers, &state->nsrecs,
+			0); /* cname_depth */
+		if (tevent_req_nomem(subreq, req)) {
+			return tevent_req_post(req, ev);
+		}
+		tevent_req_set_callback(
+			subreq, dns_server_process_query_got_auth, req);
+		return req;
+	}
+
+	if ((req_state->flags & DNS_FLAG_RECURSION_DESIRED) &&
+	    (req_state->flags & DNS_FLAG_RECURSION_AVAIL)) {
+		DEBUG(5, ("Not authoritative for '%s', forwarding\n",
+			  in->questions[0].name));
+
+		subreq = ask_forwarder_send(state, ev,
+					    (forwarders == NULL ? NULL : forwarders[0]),
+					    &in->questions[0]);
+		if (tevent_req_nomem(subreq, req)) {
+			return tevent_req_post(req, ev);
+		}
+		tevent_req_set_callback(
+			subreq, dns_server_process_query_got_response, req);
+		return req;
+	}
+
+	tevent_req_werror(req, DNS_ERR(NAME_ERROR));
+	return tevent_req_post(req, ev);
+}
+
+static void dns_server_process_query_got_response(struct tevent_req *subreq)
+{
+	struct tevent_req *req = tevent_req_callback_data(
+		subreq, struct tevent_req);
+	struct dns_server_process_query_state *state = tevent_req_data(
+		req, struct dns_server_process_query_state);
+	WERROR werr;
+
+	werr = ask_forwarder_recv(subreq, state,
+				  &state->answers, &state->ancount,
+				  &state->nsrecs, &state->nscount,
+				  &state->additional, &state->arcount);
+	TALLOC_FREE(subreq);
+
+	/* If you get an error, attempt a different forwarder */
+	if (!W_ERROR_IS_OK(werr)) {
+		if (state->forwarders != NULL) {
+			DLIST_REMOVE(state->forwarders, state->forwarders);
+		}
+
+		/* If you have run out of forwarders, simply finish */
+		if (state->forwarders == NULL) {
+			tevent_req_werror(req, werr);
+			return;
+		}
+
+		DEBUG(5, ("DNS query returned %s, trying another forwarder.\n",
+			  win_errstr(werr)));
+		subreq = ask_forwarder_send(state, state->ev,
+					    state->forwarders->forwarder,
+					    state->question);
+
+		if (tevent_req_nomem(subreq, req)) {
+			return;
+		}
+
+		tevent_req_set_callback(subreq,
+					dns_server_process_query_got_response,
+					req);
+		return;
+	}
+
+	tevent_req_done(req);
+}
+
+static void dns_server_process_query_got_auth(struct tevent_req *subreq)
+{
+	struct tevent_req *req = tevent_req_callback_data(
+		subreq, struct tevent_req);
+	struct dns_server_process_query_state *state = tevent_req_data(
+		req, struct dns_server_process_query_state);
+	WERROR werr;
+	WERROR werr2;
+
+	werr = handle_authoritative_recv(subreq);
+	TALLOC_FREE(subreq);
+
+	/* If you get an error, attempt a different forwarder */
+	if (!W_ERROR_IS_OK(werr)) {
+		if (state->forwarders != NULL) {
+			DLIST_REMOVE(state->forwarders, state->forwarders);
+		}
+
+		/* If you have run out of forwarders, simply finish */
+		if (state->forwarders == NULL) {
+			werr2 = add_zone_authority_record(state->dns,
+							  state,
+							  state->question,
+							  &state->nsrecs);
+			if (tevent_req_werror(req, werr2)) {
+				DBG_WARNING("Failed to add SOA record: %s\n",
+					    win_errstr(werr2));
+				return;
+			}
+
+			state->ancount = talloc_array_length(state->answers);
+			state->nscount = talloc_array_length(state->nsrecs);
+			state->arcount = talloc_array_length(state->additional);
+
+			tevent_req_werror(req, werr);
+			return;
+		}
+
+		DEBUG(5, ("Error: %s, trying a different forwarder.\n",
+			  win_errstr(werr)));
+		subreq = handle_authoritative_send(state, state->ev, state->dns,
+						   state->forwarders->forwarder,
+						   state->question, &state->answers,
+						   &state->nsrecs,
+						   0); /* cname_depth */
+
+		if (tevent_req_nomem(subreq, req)) {
+			return;
+		}
+
+		tevent_req_set_callback(subreq,
+					dns_server_process_query_got_auth,
+					req);
+		return;
+	}
+
+	werr2 = add_zone_authority_record(state->dns,
+					  state,
+					  state->question,
+					  &state->nsrecs);
+	if (tevent_req_werror(req, werr2)) {
+		DBG_WARNING("Failed to add SOA record: %s\n",
+				win_errstr(werr2));
+		return;
+	}
+
+	state->ancount = talloc_array_length(state->answers);
+	state->nscount = talloc_array_length(state->nsrecs);
+	state->arcount = talloc_array_length(state->additional);
+
+	tevent_req_done(req);
+}
+
+WERROR dns_server_process_query_recv(
+	struct tevent_req *req, TALLOC_CTX *mem_ctx,
+	struct dns_res_rec **answers,    uint16_t *ancount,
+	struct dns_res_rec **nsrecs,     uint16_t *nscount,
+	struct dns_res_rec **additional, uint16_t *arcount)
+{
+	struct dns_server_process_query_state *state = tevent_req_data(
+		req, struct dns_server_process_query_state);
+	WERROR err = WERR_OK;
+
+	if (tevent_req_is_werror(req, &err)) {
+
+		if ((!W_ERROR_EQUAL(err, DNS_ERR(NAME_ERROR))) &&
+		    (!W_ERROR_EQUAL(err, WERR_DNS_ERROR_NAME_DOES_NOT_EXIST))) {
+			return err;
+		}
+	}
+	*answers = talloc_move(mem_ctx, &state->answers);
+	*ancount = state->ancount;
+	*nsrecs = talloc_move(mem_ctx, &state->nsrecs);
+	*nscount = state->nscount;
+	*additional = talloc_move(mem_ctx, &state->additional);
+	*arcount = state->arcount;
+	return err;
+}
diff --git a/source4/dns_server/dns_server.c b/source4/dns_server/dns_server.c
new file mode 100644
index 0000000..0a36c1c
--- /dev/null
+++ b/source4/dns_server/dns_server.c
@@ -0,0 +1,965 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   DNS server startup
+
+   Copyright (C) 2010 Kai Blin  <kai@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "samba/service_task.h"
+#include "samba/service.h"
+#include "samba/service_stream.h"
+#include "samba/process_model.h"
+#include "lib/events/events.h"
+#include "lib/socket/socket.h"
+#include "lib/tsocket/tsocket.h"
+#include "libcli/util/tstream.h"
+#include "libcli/util/ntstatus.h"
+#include "system/network.h"
+#include "lib/stream/packet.h"
+#include "lib/socket/netif.h"
+#include "dns_server/dns_server.h"
+#include "param/param.h"
+#include "librpc/ndr/libndr.h"
+#include "librpc/gen_ndr/ndr_dns.h"
+#include "librpc/gen_ndr/ndr_dnsp.h"
+#include <ldb.h>
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
+#include "auth/session.h"
+#include "lib/util/dlinklist.h"
+#include "lib/util/tevent_werror.h"
+#include "auth/auth.h"
+#include "auth/credentials/credentials.h"
+#include "librpc/gen_ndr/ndr_irpc.h"
+#include "lib/messaging/irpc.h"
+#include "libds/common/roles.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_DNS
+
+NTSTATUS server_service_dns_init(TALLOC_CTX *);
+
+/* hold information about one dns socket */
+struct dns_socket {
+	struct dns_server *dns;
+	struct tsocket_address *local_address;
+};
+
+struct dns_udp_socket {
+	struct dns_socket *dns_socket;
+	struct tdgram_context *dgram;
+	struct tevent_queue *send_queue;
+};
+
+/*
+  state of an open tcp connection
+*/
+struct dns_tcp_connection {
+	/* stream connection we belong to */
+	struct stream_connection *conn;
+
+	/* the dns_server the connection belongs to */
+	struct dns_socket *dns_socket;
+
+	struct tstream_context *tstream;
+
+	struct tevent_queue *send_queue;
+};
+
+static void dns_tcp_terminate_connection(struct dns_tcp_connection *dnsconn, const char *reason)
+{
+	stream_terminate_connection(dnsconn->conn, reason);
+}
+
+static void dns_tcp_recv(struct stream_connection *conn, uint16_t flags)
+{
+	struct dns_tcp_connection *dnsconn = talloc_get_type(conn->private_data,
+							     struct dns_tcp_connection);
+	/* this should never be triggered! */
+	dns_tcp_terminate_connection(dnsconn, "dns_tcp_recv: called");
+}
+
+static void dns_tcp_send(struct stream_connection *conn, uint16_t flags)
+{
+	struct dns_tcp_connection *dnsconn = talloc_get_type(conn->private_data,
+							     struct dns_tcp_connection);
+	/* this should never be triggered! */
+	dns_tcp_terminate_connection(dnsconn, "dns_tcp_send: called");
+}
+
+struct dns_process_state {
+	DATA_BLOB *in;
+	struct dns_server *dns;
+	struct dns_name_packet in_packet;
+	struct dns_request_state state;
+	WERROR dns_err;
+	struct dns_name_packet out_packet;
+	DATA_BLOB out;
+};
+
+static void dns_process_done(struct tevent_req *subreq);
+
+static struct tevent_req *dns_process_send(TALLOC_CTX *mem_ctx,
+					   struct tevent_context *ev,
+					   struct dns_server *dns,
+					   const struct tsocket_address *remote_address,
+					   const struct tsocket_address *local_address,
+					   DATA_BLOB *in)
+{
+	struct tevent_req *req, *subreq;
+	struct dns_process_state *state;
+	enum ndr_err_code ndr_err;
+	WERROR ret;
+	const char **forwarder = lpcfg_dns_forwarder(dns->task->lp_ctx);
+	req = tevent_req_create(mem_ctx, &state, struct dns_process_state);
+	if (req == NULL) {
+		return NULL;
+	}
+	state->state.mem_ctx = state;
+	state->in = in;
+
+	state->dns = dns;
+
+	if (in->length < 12) {
+		tevent_req_werror(req, WERR_INVALID_PARAMETER);
+		return tevent_req_post(req, ev);
+	}
+	dump_data_dbgc(DBGC_DNS, 8, in->data, in->length);
+
+	ndr_err = ndr_pull_struct_blob(
+		in, state, &state->in_packet,
+		(ndr_pull_flags_fn_t)ndr_pull_dns_name_packet);
+
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		DBG_NOTICE("ndr_pull_dns_name_packet() failed with %s\n",
+			   ndr_map_error2string(ndr_err));
+		state->dns_err = DNS_ERR(FORMAT_ERROR);
+		tevent_req_done(req);
+		return tevent_req_post(req, ev);
+	}
+	if (DEBUGLVLC(DBGC_DNS, 8)) {
+		NDR_PRINT_DEBUGC(DBGC_DNS, dns_name_packet, &state->in_packet);
+	}
+
+	if (state->in_packet.operation & DNS_FLAG_REPLY) {
+		DBG_INFO("Won't reply to replies.\n");
+		tevent_req_werror(req, WERR_INVALID_PARAMETER);
+		return tevent_req_post(req, ev);
+	}
+
+	state->state.flags = state->in_packet.operation;
+	state->state.flags |= DNS_FLAG_REPLY;
+
+	state->state.local_address = local_address;
+	state->state.remote_address = remote_address;
+
+	if (forwarder && *forwarder && **forwarder) {
+		state->state.flags |= DNS_FLAG_RECURSION_AVAIL;
+	}
+
+	state->out_packet = state->in_packet;
+
+	ret = dns_verify_tsig(dns, state, &state->state,
+			      &state->out_packet, in);
+	if (!W_ERROR_IS_OK(ret)) {
+		DBG_INFO("dns_verify_tsig() failed with %s\n",
+			 win_errstr(ret));
+		state->dns_err = ret;
+		tevent_req_done(req);
+		return tevent_req_post(req, ev);
+	}
+
+	switch (state->in_packet.operation & DNS_OPCODE) {
+	case DNS_OPCODE_QUERY:
+		subreq = dns_server_process_query_send(
+			state, ev, dns,
+			&state->state, &state->in_packet);
+		if (tevent_req_nomem(subreq, req)) {
+			return tevent_req_post(req, ev);
+		}
+		tevent_req_set_callback(subreq, dns_process_done, req);
+		return req;
+	case DNS_OPCODE_UPDATE:
+		ret = dns_server_process_update(
+			dns, &state->state, state, &state->in_packet,
+			&state->out_packet.answers, &state->out_packet.ancount,
+			&state->out_packet.nsrecs,  &state->out_packet.nscount,
+			&state->out_packet.additional,
+			&state->out_packet.arcount);
+		DBG_DEBUG("dns_server_process_update(): %s\n",
+			  win_errstr(ret));
+		break;
+	default:
+		ret = WERR_DNS_ERROR_RCODE_NOT_IMPLEMENTED;
+		DBG_NOTICE("OPCODE[0x%x]: %s\n",
+			   (state->in_packet.operation & DNS_OPCODE),
+			   win_errstr(ret));
+	}
+	state->dns_err = ret;
+	tevent_req_done(req);
+	return tevent_req_post(req, ev);
+}
+
+static void dns_process_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req = tevent_req_callback_data(
+		subreq, struct tevent_req);
+	struct dns_process_state *state = tevent_req_data(
+		req, struct dns_process_state);
+	WERROR ret;
+
+	ret = dns_server_process_query_recv(
+		subreq, state,
+		&state->out_packet.answers, &state->out_packet.ancount,
+		&state->out_packet.nsrecs,  &state->out_packet.nscount,
+		&state->out_packet.additional, &state->out_packet.arcount);
+	TALLOC_FREE(subreq);
+
+	DBG_DEBUG("dns_server_process_query_recv(): %s\n",
+		  win_errstr(ret));
+	state->dns_err = ret;
+	tevent_req_done(req);
+}
+
+static WERROR dns_process_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+			       DATA_BLOB *out)
+{
+	struct dns_process_state *state = tevent_req_data(
+		req, struct dns_process_state);
+	enum ndr_err_code ndr_err;
+	uint16_t dns_err;
+	WERROR ret;
+
+	if (tevent_req_is_werror(req, &ret)) {
+		DBG_NOTICE("ERROR: %s from %s\n", win_errstr(ret),
+			   tevent_req_print(state, req));
+		return ret;
+	}
+	dns_err = werr_to_dns_err(state->dns_err);
+	if ((dns_err != DNS_RCODE_OK) &&
+	    (dns_err != DNS_RCODE_NXDOMAIN) &&
+	    (dns_err != DNS_RCODE_NOTAUTH))
+	{
+		DBG_INFO("FAILURE: %s from %s\n",
+			 win_errstr(state->dns_err),
+			 tevent_req_print(state, req));
+		goto drop;
+	}
+	if (dns_err != DNS_RCODE_OK) {
+		DBG_DEBUG("INFO: %s from %s\n",
+			  win_errstr(state->dns_err),
+			  tevent_req_print(state, req));
+		state->out_packet.operation |= dns_err;
+	} else {
+		DBG_DEBUG("OK: %s\n",
+			  tevent_req_print(state, req));
+	}
+	state->out_packet.operation |= state->state.flags;
+
+	if (state->state.sign) {
+		ret = dns_sign_tsig(state->dns, mem_ctx, &state->state,
+				    &state->out_packet, 0);
+		if (!W_ERROR_IS_OK(ret)) {
+			DBG_WARNING("dns_sign_tsig() failed %s\n",
+				    win_errstr(ret));
+			dns_err = DNS_RCODE_SERVFAIL;
+			goto drop;
+		}
+	}
+
+	if (DEBUGLVLC(DBGC_DNS, 8)) {
+		NDR_PRINT_DEBUGC(DBGC_DNS, dns_name_packet, &state->out_packet);
+	}
+
+	ndr_err = ndr_push_struct_blob(
+		out, mem_ctx, &state->out_packet,
+		(ndr_push_flags_fn_t)ndr_push_dns_name_packet);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		DBG_WARNING("Failed to push packet: %s!\n",
+			    ndr_errstr(ndr_err));
+		dns_err = DNS_RCODE_SERVFAIL;
+		goto drop;
+	}
+	return WERR_OK;
+
+drop:
+	*out = data_blob_talloc(mem_ctx, state->in->data, state->in->length);
+	if (out->data == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+	out->data[2] |= 0x80; /* Toggle DNS_FLAG_REPLY */
+	out->data[3] |= dns_err;
+	return WERR_OK;
+}
+
+struct dns_tcp_call {
+	struct dns_tcp_connection *dns_conn;
+	DATA_BLOB in;
+	DATA_BLOB out;
+	uint8_t out_hdr[4];
+	struct iovec out_iov[2];
+};
+
+static void dns_tcp_call_process_done(struct tevent_req *subreq);
+static void dns_tcp_call_writev_done(struct tevent_req *subreq);
+
+static void dns_tcp_call_loop(struct tevent_req *subreq)
+{
+	struct dns_tcp_connection *dns_conn = tevent_req_callback_data(subreq,
+				      struct dns_tcp_connection);
+	struct dns_server *dns = dns_conn->dns_socket->dns;
+	struct dns_tcp_call *call;
+	NTSTATUS status;
+
+	call = talloc(dns_conn, struct dns_tcp_call);
+	if (call == NULL) {
+		dns_tcp_terminate_connection(dns_conn, "dns_tcp_call_loop: "
+				"no memory for dns_tcp_call");
+		return;
+	}
+	call->dns_conn = dns_conn;
+
+	status = tstream_read_pdu_blob_recv(subreq,
+					    call,
+					    &call->in);
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(status)) {
+		const char *reason;
+
+		reason = talloc_asprintf(call, "dns_tcp_call_loop: "
+					 "tstream_read_pdu_blob_recv() - %s",
+					 nt_errstr(status));
+		if (!reason) {
+			reason = nt_errstr(status);
+		}
+
+		dns_tcp_terminate_connection(dns_conn, reason);
+		return;
+	}
+
+	DEBUG(10,("Received DNS TCP packet of length %lu from %s\n",
+		 (long) call->in.length,
+		 tsocket_address_string(dns_conn->conn->remote_address, call)));
+
+	/* skip length header */
+	call->in.data += 2;
+	call->in.length -= 2;
+
+	subreq = dns_process_send(call, dns->task->event_ctx, dns,
+				  dns_conn->conn->remote_address,
+				  dns_conn->conn->local_address,
+				  &call->in);
+	if (subreq == NULL) {
+		dns_tcp_terminate_connection(
+			dns_conn, "dns_tcp_call_loop: dns_process_send "
+			"failed\n");
+		return;
+	}
+	tevent_req_set_callback(subreq, dns_tcp_call_process_done, call);
+
+	/*
+	 * The dns tcp pdu's has the length as 2 byte (initial_read_size),
+	 * tstream_full_request_u16 provides the pdu length then.
+	 */
+	subreq = tstream_read_pdu_blob_send(dns_conn,
+					    dns_conn->conn->event.ctx,
+					    dns_conn->tstream,
+					    2, /* initial_read_size */
+					    tstream_full_request_u16,
+					    dns_conn);
+	if (subreq == NULL) {
+		dns_tcp_terminate_connection(dns_conn, "dns_tcp_call_loop: "
+				"no memory for tstream_read_pdu_blob_send");
+		return;
+	}
+	tevent_req_set_callback(subreq, dns_tcp_call_loop, dns_conn);
+}
+
+static void dns_tcp_call_process_done(struct tevent_req *subreq)
+{
+	struct dns_tcp_call *call = tevent_req_callback_data(subreq,
+			struct dns_tcp_call);
+	struct dns_tcp_connection *dns_conn = call->dns_conn;
+	WERROR err;
+
+	err = dns_process_recv(subreq, call, &call->out);
+	TALLOC_FREE(subreq);
+	if (!W_ERROR_IS_OK(err)) {
+		DEBUG(1, ("dns_process returned %s\n", win_errstr(err)));
+		dns_tcp_terminate_connection(dns_conn,
+				"dns_tcp_call_loop: process function failed");
+		return;
+	}
+
+	/* First add the length of the out buffer */
+	RSSVAL(call->out_hdr, 0, call->out.length);
+	call->out_iov[0].iov_base = (char *) call->out_hdr;
+	call->out_iov[0].iov_len = 2;
+
+	call->out_iov[1].iov_base = (char *) call->out.data;
+	call->out_iov[1].iov_len = call->out.length;
+
+	subreq = tstream_writev_queue_send(call,
+					   dns_conn->conn->event.ctx,
+					   dns_conn->tstream,
+					   dns_conn->send_queue,
+					   call->out_iov, 2);
+	if (subreq == NULL) {
+		dns_tcp_terminate_connection(dns_conn, "dns_tcp_call_loop: "
+				"no memory for tstream_writev_queue_send");
+		return;
+	}
+	tevent_req_set_callback(subreq, dns_tcp_call_writev_done, call);
+}
+
+static void dns_tcp_call_writev_done(struct tevent_req *subreq)
+{
+	struct dns_tcp_call *call = tevent_req_callback_data(subreq,
+			struct dns_tcp_call);
+	int sys_errno;
+	int rc;
+
+	rc = tstream_writev_queue_recv(subreq, &sys_errno);
+	TALLOC_FREE(subreq);
+	if (rc == -1) {
+		const char *reason;
+
+		reason = talloc_asprintf(call, "dns_tcp_call_writev_done: "
+					 "tstream_writev_queue_recv() - %d:%s",
+					 sys_errno, strerror(sys_errno));
+		if (!reason) {
+			reason = "dns_tcp_call_writev_done: tstream_writev_queue_recv() failed";
+		}
+
+		dns_tcp_terminate_connection(call->dns_conn, reason);
+		return;
+	}
+
+	/* We don't care about errors */
+
+	talloc_free(call);
+}
+
+/*
+  called when we get a new connection
+*/
+static void dns_tcp_accept(struct stream_connection *conn)
+{
+	struct dns_socket *dns_socket;
+	struct dns_tcp_connection *dns_conn;
+	struct tevent_req *subreq;
+	int rc;
+
+	dns_conn = talloc_zero(conn, struct dns_tcp_connection);
+	if (dns_conn == NULL) {
+		stream_terminate_connection(conn,
+				"dns_tcp_accept: out of memory");
+		return;
+	}
+
+	dns_conn->send_queue = tevent_queue_create(conn, "dns_tcp_accept");
+	if (dns_conn->send_queue == NULL) {
+		stream_terminate_connection(conn,
+				"dns_tcp_accept: out of memory");
+		return;
+	}
+
+	dns_socket = talloc_get_type(conn->private_data, struct dns_socket);
+
+	TALLOC_FREE(conn->event.fde);
+
+	rc = tstream_bsd_existing_socket(dns_conn,
+			socket_get_fd(conn->socket),
+			&dns_conn->tstream);
+	if (rc < 0) {
+		stream_terminate_connection(conn,
+				"dns_tcp_accept: out of memory");
+		return;
+	}
+	/* as server we want to fail early */
+	tstream_bsd_fail_readv_first_error(dns_conn->tstream, true);
+
+	dns_conn->conn = conn;
+	dns_conn->dns_socket = dns_socket;
+	conn->private_data = dns_conn;
+
+	/*
+	 * The dns tcp pdu's has the length as 2 byte (initial_read_size),
+	 * tstream_full_request_u16 provides the pdu length then.
+	 */
+	subreq = tstream_read_pdu_blob_send(dns_conn,
+					    dns_conn->conn->event.ctx,
+					    dns_conn->tstream,
+					    2, /* initial_read_size */
+					    tstream_full_request_u16,
+					    dns_conn);
+	if (subreq == NULL) {
+		dns_tcp_terminate_connection(dns_conn, "dns_tcp_accept: "
+				"no memory for tstream_read_pdu_blob_send");
+		return;
+	}
+	tevent_req_set_callback(subreq, dns_tcp_call_loop, dns_conn);
+}
+
+static const struct stream_server_ops dns_tcp_stream_ops = {
+	.name			= "dns_tcp",
+	.accept_connection	= dns_tcp_accept,
+	.recv_handler		= dns_tcp_recv,
+	.send_handler		= dns_tcp_send
+};
+
+struct dns_udp_call {
+	struct dns_udp_socket *sock;
+	struct tsocket_address *src;
+	DATA_BLOB in;
+	DATA_BLOB out;
+};
+
+static void dns_udp_call_process_done(struct tevent_req *subreq);
+static void dns_udp_call_sendto_done(struct tevent_req *subreq);
+
+static void dns_udp_call_loop(struct tevent_req *subreq)
+{
+	struct dns_udp_socket *sock = tevent_req_callback_data(subreq,
+				      struct dns_udp_socket);
+	struct dns_server *dns = sock->dns_socket->dns;
+	struct dns_udp_call *call;
+	uint8_t *buf;
+	ssize_t len;
+	int sys_errno;
+
+	call = talloc(sock, struct dns_udp_call);
+	if (call == NULL) {
+		talloc_free(call);
+		goto done;
+	}
+	call->sock = sock;
+
+	len = tdgram_recvfrom_recv(subreq, &sys_errno,
+				   call, &buf, &call->src);
+	TALLOC_FREE(subreq);
+	if (len == -1) {
+		talloc_free(call);
+		goto done;
+	}
+
+	call->in.data = buf;
+	call->in.length = len;
+
+	DEBUG(10,("Received DNS UDP packet of length %lu from %s\n",
+		 (long)call->in.length,
+		 tsocket_address_string(call->src, call)));
+
+	subreq = dns_process_send(call, dns->task->event_ctx, dns,
+				  call->src,
+				  sock->dns_socket->local_address,
+				  &call->in);
+	if (subreq == NULL) {
+		TALLOC_FREE(call);
+		goto done;
+	}
+	tevent_req_set_callback(subreq, dns_udp_call_process_done, call);
+
+done:
+	subreq = tdgram_recvfrom_send(sock,
+				      sock->dns_socket->dns->task->event_ctx,
+				      sock->dgram);
+	if (subreq == NULL) {
+		task_server_terminate(sock->dns_socket->dns->task,
+				      "no memory for tdgram_recvfrom_send",
+				      true);
+		return;
+	}
+	tevent_req_set_callback(subreq, dns_udp_call_loop, sock);
+}
+
+static void dns_udp_call_process_done(struct tevent_req *subreq)
+{
+	struct dns_udp_call *call = tevent_req_callback_data(
+		subreq, struct dns_udp_call);
+	struct dns_udp_socket *sock = call->sock;
+	struct dns_server *dns = sock->dns_socket->dns;
+	WERROR err;
+
+	err = dns_process_recv(subreq, call, &call->out);
+	TALLOC_FREE(subreq);
+	if (!W_ERROR_IS_OK(err)) {
+		DEBUG(1, ("dns_process returned %s\n", win_errstr(err)));
+		TALLOC_FREE(call);
+		return;
+	}
+
+	subreq = tdgram_sendto_queue_send(call,
+					  dns->task->event_ctx,
+					  sock->dgram,
+					  sock->send_queue,
+					  call->out.data,
+					  call->out.length,
+					  call->src);
+	if (subreq == NULL) {
+		talloc_free(call);
+		return;
+	}
+	tevent_req_set_callback(subreq, dns_udp_call_sendto_done, call);
+
+}
+static void dns_udp_call_sendto_done(struct tevent_req *subreq)
+{
+	struct dns_udp_call *call = tevent_req_callback_data(subreq,
+				       struct dns_udp_call);
+	int sys_errno;
+
+	tdgram_sendto_queue_recv(subreq, &sys_errno);
+
+	/* We don't care about errors */
+
+	talloc_free(call);
+}
+
+/*
+  start listening on the given address
+*/
+static NTSTATUS dns_add_socket(struct dns_server *dns,
+			       const struct model_ops *model_ops,
+			       const char *name,
+			       const char *address,
+			       uint16_t port)
+{
+	struct dns_socket *dns_socket;
+	struct dns_udp_socket *dns_udp_socket;
+	struct tevent_req *udpsubreq;
+	NTSTATUS status;
+	int ret;
+
+	dns_socket = talloc(dns, struct dns_socket);
+	NT_STATUS_HAVE_NO_MEMORY(dns_socket);
+
+	dns_socket->dns = dns;
+
+	ret = tsocket_address_inet_from_strings(dns_socket, "ip",
+						address, port,
+						&dns_socket->local_address);
+	if (ret != 0) {
+		status = map_nt_error_from_unix_common(errno);
+		return status;
+	}
+
+	status = stream_setup_socket(dns->task,
+				     dns->task->event_ctx,
+				     dns->task->lp_ctx,
+				     model_ops,
+				     &dns_tcp_stream_ops,
+				     "ip", address, &port,
+				     lpcfg_socket_options(dns->task->lp_ctx),
+				     dns_socket,
+				     dns->task->process_context);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("Failed to bind to %s:%u TCP - %s\n",
+			 address, port, nt_errstr(status)));
+		talloc_free(dns_socket);
+		return status;
+	}
+
+	dns_udp_socket = talloc(dns_socket, struct dns_udp_socket);
+	NT_STATUS_HAVE_NO_MEMORY(dns_udp_socket);
+
+	dns_udp_socket->dns_socket = dns_socket;
+
+	ret = tdgram_inet_udp_socket(dns_socket->local_address,
+				     NULL,
+				     dns_udp_socket,
+				     &dns_udp_socket->dgram);
+	if (ret != 0) {
+		status = map_nt_error_from_unix_common(errno);
+		DEBUG(0,("Failed to bind to %s:%u UDP - %s\n",
+			 address, port, nt_errstr(status)));
+		return status;
+	}
+
+	dns_udp_socket->send_queue = tevent_queue_create(dns_udp_socket,
+							 "dns_udp_send_queue");
+	NT_STATUS_HAVE_NO_MEMORY(dns_udp_socket->send_queue);
+
+	udpsubreq = tdgram_recvfrom_send(dns_udp_socket,
+					 dns->task->event_ctx,
+					 dns_udp_socket->dgram);
+	NT_STATUS_HAVE_NO_MEMORY(udpsubreq);
+	tevent_req_set_callback(udpsubreq, dns_udp_call_loop, dns_udp_socket);
+
+	return NT_STATUS_OK;
+}
+
+/*
+  setup our listening sockets on the configured network interfaces
+*/
+static NTSTATUS dns_startup_interfaces(struct dns_server *dns,
+				       struct interface *ifaces,
+				       const struct model_ops *model_ops)
+{
+	size_t num_interfaces;
+	TALLOC_CTX *tmp_ctx = talloc_new(dns);
+	NTSTATUS status;
+	int i;
+
+	if (ifaces != NULL) {
+		num_interfaces = iface_list_count(ifaces);
+
+		for (i=0; i<num_interfaces; i++) {
+			const char *address = talloc_strdup(tmp_ctx,
+							    iface_list_n_ip(ifaces, i));
+
+			status = dns_add_socket(dns, model_ops, "dns", address,
+						lpcfg_dns_port(dns->task->lp_ctx));
+			NT_STATUS_NOT_OK_RETURN(status);
+		}
+	} else {
+		size_t num_binds = 0;
+		char **wcard;
+		wcard = iface_list_wildcard(tmp_ctx);
+		if (wcard == NULL) {
+			DEBUG(0, ("No wildcard address available\n"));
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+		for (i = 0; wcard[i] != NULL; i++) {
+			status = dns_add_socket(dns, model_ops, "dns", wcard[i],
+						lpcfg_dns_port(dns->task->lp_ctx));
+			if (NT_STATUS_IS_OK(status)) {
+				num_binds++;
+			}
+		}
+		if (num_binds == 0) {
+			talloc_free(tmp_ctx);
+			return NT_STATUS_INVALID_PARAMETER_MIX;
+		}
+	}
+
+	talloc_free(tmp_ctx);
+
+	return NT_STATUS_OK;
+}
+
+static struct dns_server_tkey_store *tkey_store_init(TALLOC_CTX *mem_ctx,
+						     uint16_t size)
+{
+	struct dns_server_tkey_store *buffer = talloc_zero(mem_ctx,
+						struct dns_server_tkey_store);
+
+	if (buffer == NULL) {
+		return NULL;
+	}
+
+	buffer->size = size;
+	buffer->next_idx = 0;
+
+	buffer->tkeys = talloc_zero_array(buffer, struct dns_server_tkey *, size);
+	if (buffer->tkeys == NULL) {
+		TALLOC_FREE(buffer);
+	}
+
+	return buffer;
+}
+
+static NTSTATUS dns_server_reload_zones(struct dns_server *dns)
+{
+	NTSTATUS status;
+	struct dns_server_zone *new_list = NULL;
+	struct dns_server_zone *old_list = dns->zones;
+	struct dns_server_zone *old_zone;
+	status = dns_common_zones(dns->samdb, dns, NULL, &new_list);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+	dns->zones = new_list;
+	while ((old_zone = DLIST_TAIL(old_list)) != NULL) {
+		DLIST_REMOVE(old_list, old_zone);
+		talloc_free(old_zone);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/**
+ * Called when the internal DNS server should reload the zones from DB, for
+ * example, when zones are added or deleted through RPC or replicated by
+ * inbound DRS.
+ */
+static NTSTATUS dns_reload_zones(struct irpc_message *msg,
+				 struct dnssrv_reload_dns_zones *r)
+{
+	struct dns_server *dns;
+
+	dns = talloc_get_type(msg->private_data, struct dns_server);
+	if (dns == NULL) {
+		r->out.result = NT_STATUS_INTERNAL_ERROR;
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	r->out.result = dns_server_reload_zones(dns);
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS dns_task_init(struct task_server *task)
+{
+	struct dns_server *dns;
+	NTSTATUS status;
+	struct interface *ifaces = NULL;
+	int ret;
+	static const char * const attrs_none[] = { NULL};
+	struct ldb_message *dns_acc;
+	char *hostname_lower;
+	char *dns_spn;
+	bool ok;
+
+	switch (lpcfg_server_role(task->lp_ctx)) {
+	case ROLE_STANDALONE:
+		task_server_terminate(task, "dns: no DNS required in standalone configuration", false);
+		return NT_STATUS_INVALID_DOMAIN_ROLE;
+	case ROLE_DOMAIN_MEMBER:
+		task_server_terminate(task, "dns: no DNS required in member server configuration", false);
+		return NT_STATUS_INVALID_DOMAIN_ROLE;
+	case ROLE_ACTIVE_DIRECTORY_DC:
+		/* Yes, we want a DNS */
+		break;
+	}
+
+	if (lpcfg_interfaces(task->lp_ctx) && lpcfg_bind_interfaces_only(task->lp_ctx)) {
+		load_interface_list(task, task->lp_ctx, &ifaces);
+
+		if (iface_list_count(ifaces) == 0) {
+			task_server_terminate(task, "dns: no network interfaces configured", false);
+			return NT_STATUS_UNSUCCESSFUL;
+		}
+	}
+
+	task_server_set_title(task, "task[dns]");
+
+	dns = talloc_zero(task, struct dns_server);
+	if (dns == NULL) {
+		task_server_terminate(task, "dns: out of memory", true);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	dns->task = task;
+
+	dns->server_credentials = cli_credentials_init(dns);
+	if (!dns->server_credentials) {
+		task_server_terminate(task, "Failed to init server credentials\n", true);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	dns->samdb = samdb_connect(dns,
+				   dns->task->event_ctx,
+				   dns->task->lp_ctx,
+				   system_session(dns->task->lp_ctx),
+				   NULL,
+				   0);
+	if (!dns->samdb) {
+		task_server_terminate(task, "dns: samdb_connect failed", true);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	ok = cli_credentials_set_conf(dns->server_credentials, task->lp_ctx);
+	if (!ok) {
+		task_server_terminate(task,
+				      "dns: failed to load smb.conf",
+				      true);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	hostname_lower = strlower_talloc(dns, lpcfg_netbios_name(task->lp_ctx));
+	dns_spn = talloc_asprintf(dns, "DNS/%s.%s",
+				  hostname_lower,
+				  lpcfg_dnsdomain(task->lp_ctx));
+	TALLOC_FREE(hostname_lower);
+
+	ret = dsdb_search_one(dns->samdb, dns, &dns_acc,
+			      ldb_get_default_basedn(dns->samdb), LDB_SCOPE_SUBTREE,
+			      attrs_none, 0, "(servicePrincipalName=%s)",
+			      dns_spn);
+	if (ret == LDB_SUCCESS) {
+		TALLOC_FREE(dns_acc);
+		if (!dns_spn) {
+			task_server_terminate(task, "dns: talloc_asprintf failed", true);
+			return NT_STATUS_UNSUCCESSFUL;
+		}
+		status = cli_credentials_set_stored_principal(dns->server_credentials, task->lp_ctx, dns_spn);
+		if (!NT_STATUS_IS_OK(status)) {
+			task_server_terminate(task,
+					      talloc_asprintf(task, "Failed to obtain server credentials for DNS, "
+							      "despite finding it in the samdb! %s\n",
+							      nt_errstr(status)),
+					      true);
+			return status;
+		}
+	} else {
+		TALLOC_FREE(dns_spn);
+		status = cli_credentials_set_machine_account(dns->server_credentials, task->lp_ctx);
+		if (!NT_STATUS_IS_OK(status)) {
+			task_server_terminate(task,
+					      talloc_asprintf(task, "Failed to obtain server credentials, perhaps a standalone server?: %s\n",
+							      nt_errstr(status)),
+					      true);
+			return status;
+		}
+	}
+
+	dns->tkeys = tkey_store_init(dns, TKEY_BUFFER_SIZE);
+	if (!dns->tkeys) {
+		task_server_terminate(task, "Failed to allocate tkey storage\n", true);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	status = dns_server_reload_zones(dns);
+	if (!NT_STATUS_IS_OK(status)) {
+		task_server_terminate(task, "dns: failed to load DNS zones", true);
+		return status;
+	}
+
+	status = dns_startup_interfaces(dns, ifaces, task->model_ops);
+	if (!NT_STATUS_IS_OK(status)) {
+		task_server_terminate(task, "dns failed to setup interfaces", true);
+		return status;
+	}
+
+	/* Setup the IRPC interface and register handlers */
+	status = irpc_add_name(task->msg_ctx, "dnssrv");
+	if (!NT_STATUS_IS_OK(status)) {
+		task_server_terminate(task, "dns: failed to register IRPC name", true);
+		return status;
+	}
+
+	status = IRPC_REGISTER(task->msg_ctx, irpc, DNSSRV_RELOAD_DNS_ZONES,
+			       dns_reload_zones, dns);
+	if (!NT_STATUS_IS_OK(status)) {
+		task_server_terminate(task, "dns: failed to setup reload handler", true);
+		return status;
+	}
+	return NT_STATUS_OK;
+}
+
+NTSTATUS server_service_dns_init(TALLOC_CTX *ctx)
+{
+	static const struct service_details details = {
+		.inhibit_fork_on_accept = true,
+		.inhibit_pre_fork = true,
+		.task_init = dns_task_init,
+		.post_fork = NULL
+	};
+	return register_server_service(ctx, "dns", &details);
+}
diff --git a/source4/dns_server/dns_server.h b/source4/dns_server/dns_server.h
new file mode 100644
index 0000000..f4e5a61
--- /dev/null
+++ b/source4/dns_server/dns_server.h
@@ -0,0 +1,124 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   DNS structures
+
+   Copyright (C) 2010 Kai Blin  <kai@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __DNS_SERVER_H__
+#define __DNS_SERVER_H__
+
+#include "librpc/gen_ndr/dns.h"
+#include "librpc/gen_ndr/ndr_dnsp.h"
+#include "dnsserver_common.h"
+
+struct tsocket_address;
+struct dns_server_tkey {
+	const char *name;
+	enum dns_tkey_mode mode;
+	const char *algorithm;
+	struct auth_session_info *session_info;
+	struct gensec_security *gensec;
+	bool complete;
+};
+
+#define TKEY_BUFFER_SIZE 128
+
+struct dns_server_tkey_store {
+	struct dns_server_tkey **tkeys;
+	uint16_t next_idx;
+	uint16_t size;
+};
+
+struct dns_server {
+	struct task_server *task;
+	struct ldb_context *samdb;
+	struct dns_server_zone *zones;
+	struct dns_server_tkey_store *tkeys;
+	struct cli_credentials *server_credentials;
+};
+
+struct dns_request_state {
+	TALLOC_CTX *mem_ctx;
+	uint16_t flags;
+	bool authenticated;
+	bool sign;
+	char *key_name;
+	struct dns_res_rec *tsig;
+	uint16_t tsig_error;
+	const struct tsocket_address *local_address;
+	const struct tsocket_address *remote_address;
+};
+
+struct tevent_req *dns_server_process_query_send(
+	TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+	struct dns_server *dns,	struct dns_request_state *req_state,
+	const struct dns_name_packet *in);
+WERROR dns_server_process_query_recv(
+	struct tevent_req *req, TALLOC_CTX *mem_ctx,
+	struct dns_res_rec **answers,    uint16_t *ancount,
+	struct dns_res_rec **nsrecs,     uint16_t *nscount,
+	struct dns_res_rec **additional, uint16_t *arcount);
+
+WERROR dns_server_process_update(struct dns_server *dns,
+				 const struct dns_request_state *state,
+				 TALLOC_CTX *mem_ctx,
+				 const struct dns_name_packet *in,
+				 struct dns_res_rec **prereqs,    uint16_t *prereq_count,
+				 struct dns_res_rec **updates,    uint16_t *update_count,
+				 struct dns_res_rec **additional, uint16_t *arcount);
+
+bool dns_authoritative_for_zone(struct dns_server *dns,
+				const char *name);
+const char *dns_get_authoritative_zone(struct dns_server *dns,
+				       const char *name);
+WERROR dns_lookup_records(struct dns_server *dns,
+			  TALLOC_CTX *mem_ctx,
+			  struct ldb_dn *dn,
+			  struct dnsp_DnssrvRpcRecord **records,
+			  uint16_t *rec_count);
+WERROR dns_lookup_records_wildcard(struct dns_server *dns,
+			  TALLOC_CTX *mem_ctx,
+			  struct ldb_dn *dn,
+			  struct dnsp_DnssrvRpcRecord **records,
+			  uint16_t *rec_count);
+WERROR dns_replace_records(struct dns_server *dns,
+			   TALLOC_CTX *mem_ctx,
+			   struct ldb_dn *dn,
+			   bool needs_add,
+			   struct dnsp_DnssrvRpcRecord *records,
+			   uint16_t rec_count);
+WERROR dns_name2dn(struct dns_server *dns,
+		   TALLOC_CTX *mem_ctx,
+		   const char *name,
+		   struct ldb_dn **_dn);
+struct dns_server_tkey *dns_find_tkey(struct dns_server_tkey_store *store,
+				      const char *name);
+WERROR dns_verify_tsig(struct dns_server *dns,
+		       TALLOC_CTX *mem_ctx,
+		       struct dns_request_state *state,
+		       struct dns_name_packet *packet,
+		       DATA_BLOB *in);
+WERROR dns_sign_tsig(struct dns_server *dns,
+		     TALLOC_CTX *mem_ctx,
+		     struct dns_request_state *state,
+		     struct dns_name_packet *packet,
+		     uint16_t error);
+
+#include "source4/dns_server/dnsserver_common.h"
+
+#endif /* __DNS_SERVER_H__ */
diff --git a/source4/dns_server/dns_update.c b/source4/dns_server/dns_update.c
new file mode 100644
index 0000000..4d2ee0b
--- /dev/null
+++ b/source4/dns_server/dns_update.c
@@ -0,0 +1,879 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   DNS server handler for update requests
+
+   Copyright (C) 2010 Kai Blin  <kai@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/util/ntstatus.h"
+#include "librpc/ndr/libndr.h"
+#include "librpc/gen_ndr/ndr_dns.h"
+#include "librpc/gen_ndr/ndr_dnsp.h"
+#include <ldb.h>
+#include "param/param.h"
+#include "param/loadparm.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
+#include "samba/service_task.h"
+#include "dns_server/dns_server.h"
+#include "auth/auth.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_DNS
+
+static WERROR dns_rr_to_dnsp(TALLOC_CTX *mem_ctx,
+			     const struct dns_res_rec *rrec,
+			     struct dnsp_DnssrvRpcRecord *r,
+			     bool name_is_static);
+
+static WERROR check_one_prerequisite(struct dns_server *dns,
+				     TALLOC_CTX *mem_ctx,
+				     const struct dns_name_question *zone,
+				     const struct dns_res_rec *pr,
+				     bool *final_result)
+{
+	bool match;
+	WERROR werror;
+	struct ldb_dn *dn;
+	uint16_t i;
+	bool found = false;
+	struct dnsp_DnssrvRpcRecord *rec = NULL;
+	struct dnsp_DnssrvRpcRecord *ans;
+	uint16_t a_count;
+
+	size_t host_part_len = 0;
+
+	*final_result = true;
+
+	if (pr->ttl != 0) {
+		return DNS_ERR(FORMAT_ERROR);
+	}
+
+	match = dns_name_match(zone->name, pr->name, &host_part_len);
+	if (!match) {
+		return DNS_ERR(NOTZONE);
+	}
+
+	werror = dns_name2dn(dns, mem_ctx, pr->name, &dn);
+	W_ERROR_NOT_OK_RETURN(werror);
+
+	if (pr->rr_class == DNS_QCLASS_ANY) {
+
+		if (pr->length != 0) {
+			return DNS_ERR(FORMAT_ERROR);
+		}
+
+
+		if (pr->rr_type == DNS_QTYPE_ALL) {
+			/*
+			 */
+			werror = dns_lookup_records(dns, mem_ctx, dn, &ans, &a_count);
+			if (W_ERROR_EQUAL(werror, WERR_DNS_ERROR_NAME_DOES_NOT_EXIST)) {
+				return DNS_ERR(NAME_ERROR);
+			}
+			W_ERROR_NOT_OK_RETURN(werror);
+
+			if (a_count == 0) {
+				return DNS_ERR(NAME_ERROR);
+			}
+		} else {
+			/*
+			 */
+			werror = dns_lookup_records(dns, mem_ctx, dn, &ans, &a_count);
+			if (W_ERROR_EQUAL(werror, WERR_DNS_ERROR_NAME_DOES_NOT_EXIST)) {
+				return DNS_ERR(NXRRSET);
+			}
+			if (W_ERROR_EQUAL(werror, DNS_ERR(NAME_ERROR))) {
+				return DNS_ERR(NXRRSET);
+			}
+			W_ERROR_NOT_OK_RETURN(werror);
+
+			for (i = 0; i < a_count; i++) {
+				if (ans[i].wType == (enum dns_record_type) pr->rr_type) {
+					found = true;
+					break;
+				}
+			}
+			if (!found) {
+				return DNS_ERR(NXRRSET);
+			}
+		}
+
+		/*
+		 * RFC2136 3.2.5 doesn't actually mention the need to return
+		 * OK here, but otherwise we'd always return a FORMAT_ERROR
+		 * later on. This also matches Microsoft DNS behavior.
+		 */
+		return WERR_OK;
+	}
+
+	if (pr->rr_class == DNS_QCLASS_NONE) {
+		if (pr->length != 0) {
+			return DNS_ERR(FORMAT_ERROR);
+		}
+
+		if (pr->rr_type == DNS_QTYPE_ALL) {
+			/*
+			 */
+			werror = dns_lookup_records(dns, mem_ctx, dn, &ans, &a_count);
+			if (W_ERROR_EQUAL(werror, WERR_OK)) {
+				return DNS_ERR(YXDOMAIN);
+			}
+		} else {
+			/*
+			 */
+			werror = dns_lookup_records(dns, mem_ctx, dn, &ans, &a_count);
+			if (W_ERROR_EQUAL(werror, WERR_DNS_ERROR_NAME_DOES_NOT_EXIST)) {
+				werror = WERR_OK;
+			}
+			if (W_ERROR_EQUAL(werror, DNS_ERR(NAME_ERROR))) {
+				werror = WERR_OK;
+			}
+
+			for (i = 0; i < a_count; i++) {
+				if (ans[i].wType == (enum dns_record_type) pr->rr_type) {
+					found = true;
+					break;
+				}
+			}
+			if (found) {
+				return DNS_ERR(YXRRSET);
+			}
+		}
+
+		/*
+		 * RFC2136 3.2.5 doesn't actually mention the need to return
+		 * OK here, but otherwise we'd always return a FORMAT_ERROR
+		 * later on. This also matches Microsoft DNS behavior.
+		 */
+		return WERR_OK;
+	}
+
+	if (pr->rr_class != zone->question_class) {
+		return DNS_ERR(FORMAT_ERROR);
+	}
+
+	*final_result = false;
+
+	werror = dns_lookup_records(dns, mem_ctx, dn, &ans, &a_count);
+	if (W_ERROR_EQUAL(werror, WERR_DNS_ERROR_NAME_DOES_NOT_EXIST)) {
+		return DNS_ERR(NXRRSET);
+	}
+	if (W_ERROR_EQUAL(werror, DNS_ERR(NAME_ERROR))) {
+		return DNS_ERR(NXRRSET);
+	}
+	W_ERROR_NOT_OK_RETURN(werror);
+
+	rec = talloc_zero(mem_ctx, struct dnsp_DnssrvRpcRecord);
+	W_ERROR_HAVE_NO_MEMORY(rec);
+
+	werror = dns_rr_to_dnsp(rec, pr, rec, dns_name_is_static(ans, a_count));
+	W_ERROR_NOT_OK_RETURN(werror);
+
+	for (i = 0; i < a_count; i++) {
+		if (dns_record_match(rec, &ans[i])) {
+			found = true;
+			break;
+		}
+	}
+
+	if (!found) {
+		return DNS_ERR(NXRRSET);
+	}
+
+	return WERR_OK;
+}
+
+static WERROR check_prerequisites(struct dns_server *dns,
+				  TALLOC_CTX *mem_ctx,
+				  const struct dns_name_question *zone,
+				  const struct dns_res_rec *prereqs, uint16_t count)
+{
+	uint16_t i;
+	WERROR final_error = WERR_OK;
+
+	for (i = 0; i < count; i++) {
+		bool final;
+		WERROR werror;
+
+		werror = check_one_prerequisite(dns, mem_ctx, zone,
+						&prereqs[i], &final);
+		if (!W_ERROR_IS_OK(werror)) {
+			if (final) {
+				return werror;
+			}
+			if (W_ERROR_IS_OK(final_error)) {
+				final_error = werror;
+			}
+		}
+	}
+
+	if (!W_ERROR_IS_OK(final_error)) {
+		return final_error;
+	}
+
+	return WERR_OK;
+}
+
+static WERROR update_prescan(const struct dns_name_question *zone,
+			     const struct dns_res_rec *updates, uint16_t count)
+{
+	const struct dns_res_rec *r;
+	uint16_t i;
+	size_t host_part_len;
+	bool match;
+
+	for (i = 0; i < count; i++) {
+		r = &updates[i];
+		match = dns_name_match(zone->name, r->name, &host_part_len);
+		if (!match) {
+			return DNS_ERR(NOTZONE);
+		}
+		if (zone->question_class == r->rr_class) {
+			if (r->rr_type == DNS_QTYPE_ALL) {
+				return DNS_ERR(FORMAT_ERROR);
+			}
+			if (r->rr_type == DNS_QTYPE_AXFR) {
+				return DNS_ERR(FORMAT_ERROR);
+			}
+			if (r->rr_type == DNS_QTYPE_MAILB) {
+				return DNS_ERR(FORMAT_ERROR);
+			}
+			if (r->rr_type == DNS_QTYPE_MAILA) {
+				return DNS_ERR(FORMAT_ERROR);
+			}
+		} else if (r->rr_class == DNS_QCLASS_ANY) {
+			if (r->ttl != 0) {
+				return DNS_ERR(FORMAT_ERROR);
+			}
+			if (r->length != 0) {
+				return DNS_ERR(FORMAT_ERROR);
+			}
+			if (r->rr_type == DNS_QTYPE_AXFR) {
+				return DNS_ERR(FORMAT_ERROR);
+			}
+			if (r->rr_type == DNS_QTYPE_MAILB) {
+				return DNS_ERR(FORMAT_ERROR);
+			}
+			if (r->rr_type == DNS_QTYPE_MAILA) {
+				return DNS_ERR(FORMAT_ERROR);
+			}
+		} else if (r->rr_class == DNS_QCLASS_NONE) {
+			if (r->ttl != 0) {
+				return DNS_ERR(FORMAT_ERROR);
+			}
+			if (r->rr_type == DNS_QTYPE_ALL) {
+				return DNS_ERR(FORMAT_ERROR);
+			}
+			if (r->rr_type == DNS_QTYPE_AXFR) {
+				return DNS_ERR(FORMAT_ERROR);
+			}
+			if (r->rr_type == DNS_QTYPE_MAILB) {
+				return DNS_ERR(FORMAT_ERROR);
+			}
+			if (r->rr_type == DNS_QTYPE_MAILA) {
+				return DNS_ERR(FORMAT_ERROR);
+			}
+		} else {
+			return DNS_ERR(FORMAT_ERROR);
+		}
+	}
+	return WERR_OK;
+}
+
+static WERROR dns_rr_to_dnsp(TALLOC_CTX *mem_ctx,
+			     const struct dns_res_rec *rrec,
+			     struct dnsp_DnssrvRpcRecord *r,
+			     bool name_is_static)
+{
+	enum ndr_err_code ndr_err;
+
+	if (rrec->rr_type == DNS_QTYPE_ALL) {
+		return DNS_ERR(FORMAT_ERROR);
+	}
+
+	ZERO_STRUCTP(r);
+
+	r->wType = (enum dns_record_type) rrec->rr_type;
+	r->dwTtlSeconds = rrec->ttl;
+	r->rank = DNS_RANK_ZONE;
+	if (name_is_static) {
+		r->dwTimeStamp = 0;
+	} else {
+		r->dwTimeStamp = unix_to_dns_timestamp(time(NULL));
+	}
+
+	/* If we get QCLASS_ANY, we're done here */
+	if (rrec->rr_class == DNS_QCLASS_ANY) {
+		goto done;
+	}
+
+	switch(rrec->rr_type) {
+	case DNS_QTYPE_A:
+		r->data.ipv4 = talloc_strdup(mem_ctx, rrec->rdata.ipv4_record);
+		W_ERROR_HAVE_NO_MEMORY(r->data.ipv4);
+		break;
+	case DNS_QTYPE_AAAA:
+		r->data.ipv6 = talloc_strdup(mem_ctx, rrec->rdata.ipv6_record);
+		W_ERROR_HAVE_NO_MEMORY(r->data.ipv6);
+		break;
+	case DNS_QTYPE_NS:
+		r->data.ns = talloc_strdup(mem_ctx, rrec->rdata.ns_record);
+		W_ERROR_HAVE_NO_MEMORY(r->data.ns);
+		break;
+	case DNS_QTYPE_CNAME:
+		r->data.cname = talloc_strdup(mem_ctx, rrec->rdata.cname_record);
+		W_ERROR_HAVE_NO_MEMORY(r->data.cname);
+		break;
+	case DNS_QTYPE_SRV:
+		r->data.srv.wPriority = rrec->rdata.srv_record.priority;
+		r->data.srv.wWeight = rrec->rdata.srv_record.weight;
+		r->data.srv.wPort = rrec->rdata.srv_record.port;
+		r->data.srv.nameTarget = talloc_strdup(mem_ctx,
+				rrec->rdata.srv_record.target);
+		W_ERROR_HAVE_NO_MEMORY(r->data.srv.nameTarget);
+		break;
+	case DNS_QTYPE_PTR:
+		r->data.ptr = talloc_strdup(mem_ctx, rrec->rdata.ptr_record);
+		W_ERROR_HAVE_NO_MEMORY(r->data.ptr);
+		break;
+	case DNS_QTYPE_MX:
+		r->data.mx.wPriority = rrec->rdata.mx_record.preference;
+		r->data.mx.nameTarget = talloc_strdup(mem_ctx,
+				rrec->rdata.mx_record.exchange);
+		W_ERROR_HAVE_NO_MEMORY(r->data.mx.nameTarget);
+		break;
+	case DNS_QTYPE_TXT:
+		ndr_err = ndr_dnsp_string_list_copy(mem_ctx,
+						    &rrec->rdata.txt_record.txt,
+						    &r->data.txt);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+
+		break;
+	default:
+		DEBUG(0, ("Got a qytpe of %d\n", rrec->rr_type));
+		return DNS_ERR(NOT_IMPLEMENTED);
+	}
+
+done:
+
+	return WERR_OK;
+}
+
+
+static WERROR handle_one_update(struct dns_server *dns,
+				TALLOC_CTX *mem_ctx,
+				const struct dns_name_question *zone,
+				const struct dns_res_rec *update,
+				const struct dns_server_tkey *tkey)
+{
+	struct dnsp_DnssrvRpcRecord *recs = NULL;
+	uint16_t rcount = 0;
+	struct ldb_dn *dn;
+	uint16_t i;
+	uint16_t first = 0;
+	WERROR werror;
+	bool tombstoned = false;
+	bool needs_add = false;
+	bool name_is_static;
+
+	DBG_NOTICE("Looking at record: \n");
+	if (DEBUGLVL(DBGLVL_NOTICE)) {
+		NDR_PRINT_DEBUG(dns_res_rec, discard_const(update));
+	}
+
+	switch (update->rr_type) {
+	case DNS_QTYPE_A:
+	case DNS_QTYPE_NS:
+	case DNS_QTYPE_CNAME:
+	case DNS_QTYPE_SOA:
+	case DNS_QTYPE_PTR:
+	case DNS_QTYPE_MX:
+	case DNS_QTYPE_AAAA:
+	case DNS_QTYPE_SRV:
+	case DNS_QTYPE_TXT:
+	case DNS_QTYPE_ALL:
+		break;
+	default:
+		DEBUG(0, ("Can't handle updates of type %u yet\n",
+			  update->rr_type));
+		return DNS_ERR(NOT_IMPLEMENTED);
+	}
+
+	werror = dns_name2dn(dns, mem_ctx, update->name, &dn);
+	DBG_DEBUG("dns_name2dn(): %s\n", win_errstr(werror));
+	W_ERROR_NOT_OK_RETURN(werror);
+
+	werror = dns_common_lookup(dns->samdb, mem_ctx, dn,
+				   &recs, &rcount, &tombstoned);
+	DBG_DEBUG("dns_common_lookup(): %s\n", win_errstr(werror));
+	if (W_ERROR_EQUAL(werror, WERR_DNS_ERROR_NAME_DOES_NOT_EXIST)) {
+		needs_add = true;
+		werror = WERR_OK;
+	}
+	W_ERROR_NOT_OK_RETURN(werror);
+
+	if (tombstoned) {
+		/*
+		 * we need to keep the existing tombstone record
+		 * and ignore it.
+		 *
+		 * There *should* only be a single record of type TOMBSTONE,
+		 * but we don't insist.
+		 */
+		if (rcount != 1) {
+			DBG_WARNING("Tombstoned dnsNode has %u records, "
+				    "expected 1\n", rcount);
+			if (DEBUGLVL(DBGLVL_WARNING)) {
+				NDR_PRINT_DEBUG(dns_res_rec, discard_const(update));
+			}
+		}
+		first = rcount;
+	}
+
+	name_is_static = dns_name_is_static(recs, rcount);
+
+	if (update->rr_class == zone->question_class) {
+		if (update->rr_type == DNS_QTYPE_CNAME) {
+			/*
+			 * If there is a record in the directory
+			 * that's not a CNAME, ignore update
+			 */
+			for (i = first; i < rcount; i++) {
+				if (recs[i].wType != DNS_TYPE_CNAME) {
+					DEBUG(5, ("Skipping update\n"));
+					return WERR_OK;
+				}
+			}
+
+			/*
+			 * There should be no entries besides one CNAME record
+			 * per name, so replace everything with the new CNAME
+			 */
+
+			rcount = first;
+			recs = talloc_realloc(mem_ctx, recs,
+					struct dnsp_DnssrvRpcRecord, rcount + 1);
+			W_ERROR_HAVE_NO_MEMORY(recs);
+
+			werror = dns_rr_to_dnsp(
+			    recs, update, &recs[rcount], name_is_static);
+			DBG_DEBUG("dns_rr_to_dnsp(CNAME): %s\n", win_errstr(werror));
+			W_ERROR_NOT_OK_RETURN(werror);
+			rcount += 1;
+
+			werror = dns_replace_records(dns, mem_ctx, dn,
+						     needs_add, recs, rcount);
+			DBG_DEBUG("dns_replace_records(CNAME): %s\n", win_errstr(werror));
+			W_ERROR_NOT_OK_RETURN(werror);
+
+			return WERR_OK;
+		} else {
+			/*
+			 * If there is a CNAME record for this name,
+			 * ignore update
+			 */
+			for (i = first; i < rcount; i++) {
+				if (recs[i].wType == DNS_TYPE_CNAME) {
+					DEBUG(5, ("Skipping update\n"));
+					return WERR_OK;
+				}
+			}
+		}
+		if (update->rr_type == DNS_QTYPE_SOA) {
+			bool found = false;
+
+			/*
+			 * If the zone has no SOA record?? or update's
+			 * serial number is smaller than existing SOA's,
+			 * ignore update
+			 */
+			for (i = first; i < rcount; i++) {
+				if (recs[i].wType == DNS_TYPE_SOA) {
+					uint16_t n, o;
+
+					n = update->rdata.soa_record.serial;
+					o = recs[i].data.soa.serial;
+					/*
+					 * TODO: Implement RFC 1982 comparison
+					 * logic for RFC2136
+					 */
+					if (n <= o) {
+						DEBUG(5, ("Skipping update\n"));
+						return WERR_OK;
+					}
+					found = true;
+					break;
+				}
+			}
+			if (!found) {
+				DEBUG(5, ("Skipping update\n"));
+				return WERR_OK;
+			}
+
+			werror = dns_rr_to_dnsp(
+			    mem_ctx, update, &recs[i], name_is_static);
+			DBG_DEBUG("dns_rr_to_dnsp(SOA): %s\n", win_errstr(werror));
+			W_ERROR_NOT_OK_RETURN(werror);
+
+			/*
+			 * There should only be one SOA, which we have already
+			 * found and replaced. We now check for and tombstone
+			 * any others.
+			 */
+			for (i++; i < rcount; i++) {
+				if (recs[i].wType != DNS_TYPE_SOA) {
+					continue;
+				}
+				DBG_ERR("Duplicate SOA records found.\n");
+				if (DEBUGLVL(DBGLVL_ERR)) {
+					NDR_PRINT_DEBUG(dns_res_rec,
+							discard_const(update));
+				}
+				recs[i] = (struct dnsp_DnssrvRpcRecord) {
+					.wType = DNS_TYPE_TOMBSTONE,
+				};
+			}
+
+			werror = dns_replace_records(dns, mem_ctx, dn,
+						     needs_add, recs, rcount);
+			DBG_DEBUG("dns_replace_records(SOA): %s\n", win_errstr(werror));
+			W_ERROR_NOT_OK_RETURN(werror);
+
+			return WERR_OK;
+		}
+		/* All but CNAME, SOA */
+		recs = talloc_realloc(mem_ctx, recs,
+				struct dnsp_DnssrvRpcRecord, rcount+1);
+		W_ERROR_HAVE_NO_MEMORY(recs);
+
+		werror =
+		    dns_rr_to_dnsp(recs, update, &recs[rcount], name_is_static);
+		DBG_DEBUG("dns_rr_to_dnsp(GENERIC): %s\n", win_errstr(werror));
+		W_ERROR_NOT_OK_RETURN(werror);
+
+		for (i = first; i < rcount; i++) {
+			if (!dns_record_match(&recs[i], &recs[rcount])) {
+				continue;
+			}
+
+			recs[i].data = recs[rcount].data;
+			recs[i].wType = recs[rcount].wType;
+			recs[i].dwTtlSeconds = recs[rcount].dwTtlSeconds;
+			recs[i].rank = recs[rcount].rank;
+			recs[i].dwReserved = 0;
+			recs[i].flags = 0;
+			werror = dns_replace_records(dns, mem_ctx, dn,
+						     needs_add, recs, rcount);
+			DBG_DEBUG("dns_replace_records(REPLACE): %s\n", win_errstr(werror));
+			W_ERROR_NOT_OK_RETURN(werror);
+
+			return WERR_OK;
+		}
+		/* we did not find a matching record. This is new. */
+		werror = dns_replace_records(dns, mem_ctx, dn,
+					     needs_add, recs, rcount+1);
+		DBG_DEBUG("dns_replace_records(ADD): %s\n", win_errstr(werror));
+		W_ERROR_NOT_OK_RETURN(werror);
+
+		return WERR_OK;
+	} else if (update->rr_class == DNS_QCLASS_ANY) {
+		/*
+		 * Mass-deleting records by type, which we do by adding a
+		 * tombstone with zero timestamp. dns_replace_records() will
+		 * work out if the node as a whole needs tombstoning.
+		 */
+		if (update->rr_type == DNS_QTYPE_ALL) {
+			if (samba_dns_name_equal(update->name, zone->name)) {
+				for (i = first; i < rcount; i++) {
+
+					if (recs[i].wType == DNS_TYPE_SOA) {
+						continue;
+					}
+
+					if (recs[i].wType == DNS_TYPE_NS) {
+						continue;
+					}
+
+					recs[i] = (struct dnsp_DnssrvRpcRecord) {
+						.wType = DNS_TYPE_TOMBSTONE,
+					};
+				}
+
+			} else {
+				for (i = first; i < rcount; i++) {
+					recs[i] = (struct dnsp_DnssrvRpcRecord) {
+						.wType = DNS_TYPE_TOMBSTONE,
+					};
+				}
+			}
+
+		} else if (samba_dns_name_equal(update->name, zone->name)) {
+
+			if (update->rr_type == DNS_QTYPE_SOA) {
+				return WERR_OK;
+			}
+
+			if (update->rr_type == DNS_QTYPE_NS) {
+				return WERR_OK;
+			}
+		}
+		for (i = first; i < rcount; i++) {
+			if (recs[i].wType == (enum dns_record_type) update->rr_type) {
+				recs[i] = (struct dnsp_DnssrvRpcRecord) {
+					.wType = DNS_TYPE_TOMBSTONE,
+				};
+			}
+		}
+
+		werror = dns_replace_records(dns, mem_ctx, dn,
+					     needs_add, recs, rcount);
+		DBG_DEBUG("dns_replace_records(DELETE-ANY): %s\n", win_errstr(werror));
+		W_ERROR_NOT_OK_RETURN(werror);
+
+		return WERR_OK;
+	} else if (update->rr_class == DNS_QCLASS_NONE) {
+		/* deleting individual records */
+		struct dnsp_DnssrvRpcRecord *del_rec;
+
+		if (update->rr_type == DNS_QTYPE_SOA) {
+			return WERR_OK;
+		}
+		if (update->rr_type == DNS_QTYPE_NS) {
+			bool found = false;
+			struct dnsp_DnssrvRpcRecord *ns_rec = talloc(mem_ctx,
+						struct dnsp_DnssrvRpcRecord);
+			W_ERROR_HAVE_NO_MEMORY(ns_rec);
+
+			werror = dns_rr_to_dnsp(
+			    ns_rec, update, ns_rec, name_is_static);
+			DBG_DEBUG("dns_rr_to_dnsp(NS): %s\n", win_errstr(werror));
+			W_ERROR_NOT_OK_RETURN(werror);
+
+			for (i = first; i < rcount; i++) {
+				if (dns_record_match(ns_rec, &recs[i])) {
+					found = true;
+					break;
+				}
+			}
+			if (found) {
+				return WERR_OK;
+			}
+		}
+
+		del_rec = talloc(mem_ctx, struct dnsp_DnssrvRpcRecord);
+		W_ERROR_HAVE_NO_MEMORY(del_rec);
+
+		werror =
+		    dns_rr_to_dnsp(del_rec, update, del_rec, name_is_static);
+		DBG_DEBUG("dns_rr_to_dnsp(DELETE-NONE): %s\n", win_errstr(werror));
+		W_ERROR_NOT_OK_RETURN(werror);
+
+		for (i = first; i < rcount; i++) {
+			if (dns_record_match(del_rec, &recs[i])) {
+				recs[i] = (struct dnsp_DnssrvRpcRecord) {
+					.wType = DNS_TYPE_TOMBSTONE,
+				};
+			}
+		}
+
+		werror = dns_replace_records(dns, mem_ctx, dn,
+					     needs_add, recs, rcount);
+		DBG_DEBUG("dns_replace_records(DELETE-NONE): %s\n", win_errstr(werror));
+		W_ERROR_NOT_OK_RETURN(werror);
+	}
+
+	return WERR_OK;
+}
+
+static WERROR handle_updates(struct dns_server *dns,
+			     TALLOC_CTX *mem_ctx,
+			     const struct dns_name_question *zone,
+			     const struct dns_res_rec *prereqs, uint16_t pcount,
+			     struct dns_res_rec *updates, uint16_t upd_count,
+			     struct dns_server_tkey *tkey)
+{
+	struct ldb_dn *zone_dn = NULL;
+	WERROR werror = WERR_OK;
+	int ret;
+	uint16_t ri;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+
+	if (tkey != NULL) {
+		ret = ldb_set_opaque(
+			dns->samdb,
+			DSDB_SESSION_INFO,
+			tkey->session_info);
+		if (ret != LDB_SUCCESS) {
+			DEBUG(1, ("unable to set session info\n"));
+			werror = DNS_ERR(SERVER_FAILURE);
+			goto failed;
+		}
+	}
+
+	werror = dns_name2dn(dns, tmp_ctx, zone->name, &zone_dn);
+	DBG_DEBUG("dns_name2dn(): %s\n", win_errstr(werror));
+	W_ERROR_NOT_OK_GOTO(werror, failed);
+
+	ret = ldb_transaction_start(dns->samdb);
+	if (ret != LDB_SUCCESS) {
+		werror = DNS_ERR(SERVER_FAILURE);
+		goto failed;
+	}
+
+	werror = check_prerequisites(dns, tmp_ctx, zone, prereqs, pcount);
+	W_ERROR_NOT_OK_GOTO(werror, failed);
+
+	DBG_DEBUG("dns update count is %u\n", upd_count);
+
+	for (ri = 0; ri < upd_count; ri++) {
+		werror = handle_one_update(dns, tmp_ctx, zone,
+					   &updates[ri], tkey);
+		DBG_DEBUG("handle_one_update(%u): %s\n",
+			  ri, win_errstr(werror));
+		W_ERROR_NOT_OK_GOTO(werror, failed);
+	}
+
+failed:
+	if (W_ERROR_IS_OK(werror)) {
+		ret = ldb_transaction_commit(dns->samdb);
+		if (ret != LDB_SUCCESS) {
+			werror = DNS_ERR(SERVER_FAILURE);
+		}
+	} else {
+		ldb_transaction_cancel(dns->samdb);
+	}
+
+	if (tkey != NULL) {
+		ldb_set_opaque(
+			dns->samdb,
+			DSDB_SESSION_INFO,
+			system_session(dns->task->lp_ctx));
+	}
+
+	TALLOC_FREE(tmp_ctx);
+	return werror;
+
+}
+
+static WERROR dns_update_allowed(struct dns_server *dns,
+				 const struct dns_request_state *state,
+				 struct dns_server_tkey **tkey)
+{
+	if (lpcfg_allow_dns_updates(dns->task->lp_ctx) == DNS_UPDATE_ON) {
+		DEBUG(2, ("All updates allowed.\n"));
+		return WERR_OK;
+	}
+
+	if (lpcfg_allow_dns_updates(dns->task->lp_ctx) == DNS_UPDATE_OFF) {
+		DEBUG(2, ("Updates disabled.\n"));
+		return DNS_ERR(REFUSED);
+	}
+
+	if (state->authenticated == false ) {
+		DEBUG(2, ("Update not allowed for unsigned packet.\n"));
+		return DNS_ERR(REFUSED);
+	}
+
+        *tkey = dns_find_tkey(dns->tkeys, state->key_name);
+	if (*tkey == NULL) {
+		DEBUG(0, ("Authenticated, but key not found. Something is wrong.\n"));
+		return DNS_ERR(REFUSED);
+	}
+
+	return WERR_OK;
+}
+
+
+WERROR dns_server_process_update(struct dns_server *dns,
+				 const struct dns_request_state *state,
+				 TALLOC_CTX *mem_ctx,
+				 const struct dns_name_packet *in,
+				 struct dns_res_rec **prereqs,    uint16_t *prereq_count,
+				 struct dns_res_rec **updates,    uint16_t *update_count,
+				 struct dns_res_rec **additional, uint16_t *arcount)
+{
+	struct dns_name_question *zone;
+	const struct dns_server_zone *z;
+	size_t host_part_len = 0;
+	WERROR werror = DNS_ERR(NOT_IMPLEMENTED);
+	struct dns_server_tkey *tkey = NULL;
+
+	if (in->qdcount != 1) {
+		return DNS_ERR(FORMAT_ERROR);
+	}
+
+	zone = &in->questions[0];
+
+	if (zone->question_class != DNS_QCLASS_IN &&
+	    zone->question_class != DNS_QCLASS_ANY) {
+		return DNS_ERR(NOT_IMPLEMENTED);
+	}
+
+	if (zone->question_type != DNS_QTYPE_SOA) {
+		return DNS_ERR(FORMAT_ERROR);
+	}
+
+	DEBUG(2, ("Got a dns update request.\n"));
+
+	for (z = dns->zones; z != NULL; z = z->next) {
+		bool match;
+
+		match = dns_name_match(z->name, zone->name, &host_part_len);
+		if (match) {
+			break;
+		}
+	}
+
+	if (z == NULL) {
+		DEBUG(1, ("We're not authoritative for this zone\n"));
+		return DNS_ERR(NOTAUTH);
+	}
+
+	if (host_part_len != 0) {
+		/* TODO: We need to delegate this one */
+		DEBUG(1, ("Would have to delegate zone '%s'.\n", zone->name));
+		return DNS_ERR(NOT_IMPLEMENTED);
+	}
+
+	*prereq_count = in->ancount;
+	*prereqs = in->answers;
+	werror = check_prerequisites(dns, mem_ctx, in->questions, *prereqs,
+				     *prereq_count);
+	W_ERROR_NOT_OK_RETURN(werror);
+
+	werror = dns_update_allowed(dns, state, &tkey);
+	if (!W_ERROR_IS_OK(werror)) {
+		return werror;
+	}
+
+	*update_count = in->nscount;
+	*updates = in->nsrecs;
+	werror = update_prescan(in->questions, *updates, *update_count);
+	DBG_DEBUG("update_prescan(): %s\n", win_errstr(werror));
+	W_ERROR_NOT_OK_RETURN(werror);
+
+	werror = handle_updates(dns, mem_ctx, in->questions, *prereqs,
+			        *prereq_count, *updates, *update_count, tkey);
+	DBG_DEBUG("handle_updates(): %s\n", win_errstr(werror));
+	W_ERROR_NOT_OK_RETURN(werror);
+
+	return werror;
+}
diff --git a/source4/dns_server/dns_utils.c b/source4/dns_server/dns_utils.c
new file mode 100644
index 0000000..d0661f3
--- /dev/null
+++ b/source4/dns_server/dns_utils.c
@@ -0,0 +1,130 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   DNS server utils
+
+   Copyright (C) 2010 Kai Blin  <kai@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/util/ntstatus.h"
+#include "libcli/util/werror.h"
+#include "librpc/ndr/libndr.h"
+#include "librpc/gen_ndr/ndr_dns.h"
+#include "librpc/gen_ndr/ndr_dnsp.h"
+#include <ldb.h>
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
+#include "dns_server/dns_server.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_DNS
+
+
+/*
+ * Lookup a DNS record, performing an exact match.
+ * i.e. DNS wild card records are not considered.
+ */
+WERROR dns_lookup_records(struct dns_server *dns,
+			  TALLOC_CTX *mem_ctx,
+			  struct ldb_dn *dn,
+			  struct dnsp_DnssrvRpcRecord **records,
+			  uint16_t *rec_count)
+{
+	return dns_common_lookup(dns->samdb, mem_ctx, dn,
+				 records, rec_count, NULL);
+}
+
+/*
+ * Lookup a DNS record, will match DNS wild card records if an exact match
+ * is not found.
+ */
+WERROR dns_lookup_records_wildcard(struct dns_server *dns,
+			  TALLOC_CTX *mem_ctx,
+			  struct ldb_dn *dn,
+			  struct dnsp_DnssrvRpcRecord **records,
+			  uint16_t *rec_count)
+{
+	return dns_common_wildcard_lookup(dns->samdb, mem_ctx, dn,
+				 records, rec_count);
+}
+
+WERROR dns_replace_records(struct dns_server *dns,
+			   TALLOC_CTX *mem_ctx,
+			   struct ldb_dn *dn,
+			   bool needs_add,
+			   struct dnsp_DnssrvRpcRecord *records,
+			   uint16_t rec_count)
+{
+	/* TODO: Autogenerate this somehow */
+	uint32_t dwSerial = 110;
+	return dns_common_replace(dns->samdb, mem_ctx, dn,
+				  needs_add, dwSerial, records, rec_count);
+}
+
+bool dns_authoritative_for_zone(struct dns_server *dns,
+				const char *name)
+{
+	const struct dns_server_zone *z;
+	size_t host_part_len = 0;
+
+	if (name == NULL) {
+		return false;
+	}
+
+	if (strcmp(name, "") == 0) {
+		return true;
+	}
+	for (z = dns->zones; z != NULL; z = z->next) {
+		bool match;
+
+		match = dns_name_match(z->name, name, &host_part_len);
+		if (match) {
+			break;
+		}
+	}
+	if (z == NULL) {
+		return false;
+	}
+
+	return true;
+}
+
+const char *dns_get_authoritative_zone(struct dns_server *dns,
+				       const char *name)
+{
+	const struct dns_server_zone *z;
+	size_t host_part_len = 0;
+
+	for (z = dns->zones; z != NULL; z = z->next) {
+		bool match;
+		match = dns_name_match(z->name, name, &host_part_len);
+		if (match) {
+			return z->name;
+		}
+	}
+	return NULL;
+}
+
+WERROR dns_name2dn(struct dns_server *dns,
+		   TALLOC_CTX *mem_ctx,
+		   const char *name,
+		   struct ldb_dn **dn)
+{
+	return dns_common_name2dn(dns->samdb, dns->zones,
+				  mem_ctx, name, dn);
+}
+
diff --git a/source4/dns_server/dnsserver_common.c b/source4/dns_server/dnsserver_common.c
new file mode 100644
index 0000000..fbe39d9
--- /dev/null
+++ b/source4/dns_server/dnsserver_common.c
@@ -0,0 +1,1594 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   DNS server utils
+
+   Copyright (C) 2010 Kai Blin
+   Copyright (C) 2014 Stefan Metzmacher
+   Copyright (C) 2015 Andrew Bartlett
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/util/ntstatus.h"
+#include "libcli/util/werror.h"
+#include "librpc/ndr/libndr.h"
+#include "librpc/gen_ndr/ndr_dns.h"
+#include "librpc/gen_ndr/ndr_dnsp.h"
+#include <ldb.h>
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
+#include "dns_server/dnsserver_common.h"
+#include "rpc_server/dnsserver/dnsserver.h"
+#include "lib/util/dlinklist.h"
+#include "system/network.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_DNS
+
+#undef strncasecmp
+
+uint8_t werr_to_dns_err(WERROR werr)
+{
+	if (W_ERROR_EQUAL(WERR_OK, werr)) {
+		return DNS_RCODE_OK;
+	} else if (W_ERROR_EQUAL(DNS_ERR(FORMAT_ERROR), werr)) {
+		return DNS_RCODE_FORMERR;
+	} else if (W_ERROR_EQUAL(DNS_ERR(SERVER_FAILURE), werr)) {
+		return DNS_RCODE_SERVFAIL;
+	} else if (W_ERROR_EQUAL(DNS_ERR(NAME_ERROR), werr)) {
+		return DNS_RCODE_NXDOMAIN;
+	} else if (W_ERROR_EQUAL(WERR_DNS_ERROR_NAME_DOES_NOT_EXIST, werr)) {
+		return DNS_RCODE_NXDOMAIN;
+	} else if (W_ERROR_EQUAL(DNS_ERR(NOT_IMPLEMENTED), werr)) {
+		return DNS_RCODE_NOTIMP;
+	} else if (W_ERROR_EQUAL(DNS_ERR(REFUSED), werr)) {
+		return DNS_RCODE_REFUSED;
+	} else if (W_ERROR_EQUAL(DNS_ERR(YXDOMAIN), werr)) {
+		return DNS_RCODE_YXDOMAIN;
+	} else if (W_ERROR_EQUAL(DNS_ERR(YXRRSET), werr)) {
+		return DNS_RCODE_YXRRSET;
+	} else if (W_ERROR_EQUAL(DNS_ERR(NXRRSET), werr)) {
+		return DNS_RCODE_NXRRSET;
+	} else if (W_ERROR_EQUAL(DNS_ERR(NOTAUTH), werr)) {
+		return DNS_RCODE_NOTAUTH;
+	} else if (W_ERROR_EQUAL(DNS_ERR(NOTZONE), werr)) {
+		return DNS_RCODE_NOTZONE;
+	} else if (W_ERROR_EQUAL(DNS_ERR(BADKEY), werr)) {
+		return DNS_RCODE_BADKEY;
+	}
+	DEBUG(5, ("No mapping exists for %s\n", win_errstr(werr)));
+	return DNS_RCODE_SERVFAIL;
+}
+
+WERROR dns_common_extract(struct ldb_context *samdb,
+			  const struct ldb_message_element *el,
+			  TALLOC_CTX *mem_ctx,
+			  struct dnsp_DnssrvRpcRecord **records,
+			  uint16_t *num_records)
+{
+	uint16_t ri;
+	struct dnsp_DnssrvRpcRecord *recs;
+
+	*records = NULL;
+	*num_records = 0;
+
+	recs = talloc_zero_array(mem_ctx, struct dnsp_DnssrvRpcRecord,
+				 el->num_values);
+	if (recs == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+	for (ri = 0; ri < el->num_values; ri++) {
+		bool am_rodc;
+		int ret;
+		const char *dnsHostName = NULL;
+		struct ldb_val *v = &el->values[ri];
+		enum ndr_err_code ndr_err;
+		ndr_err = ndr_pull_struct_blob(v, recs, &recs[ri],
+				(ndr_pull_flags_fn_t)ndr_pull_dnsp_DnssrvRpcRecord);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			TALLOC_FREE(recs);
+			DEBUG(0, ("Failed to grab dnsp_DnssrvRpcRecord\n"));
+			return DNS_ERR(SERVER_FAILURE);
+		}
+
+		/*
+		 * In AD, except on an RODC (where we should list a random RWDC,
+		 * we should over-stamp the MNAME with our own hostname
+		 */
+		if (recs[ri].wType != DNS_TYPE_SOA) {
+			continue;
+		}
+
+		ret = samdb_rodc(samdb, &am_rodc);
+		if (ret != LDB_SUCCESS) {
+			DEBUG(0, ("Failed to confirm we are not an RODC: %s\n",
+				  ldb_errstring(samdb)));
+			return DNS_ERR(SERVER_FAILURE);
+		}
+
+		if (am_rodc) {
+			continue;
+		}
+
+		ret = samdb_dns_host_name(samdb, &dnsHostName);
+		if (ret != LDB_SUCCESS || dnsHostName == NULL) {
+			DEBUG(0, ("Failed to get dnsHostName from rootDSE\n"));
+			return DNS_ERR(SERVER_FAILURE);
+		}
+
+		recs[ri].data.soa.mname = talloc_strdup(recs, dnsHostName);
+	}
+
+	*records = recs;
+	*num_records = el->num_values;
+	return WERR_OK;
+}
+
+/*
+ * Lookup a DNS record, performing an exact match.
+ * i.e. DNS wild card records are not considered.
+ */
+WERROR dns_common_lookup(struct ldb_context *samdb,
+			 TALLOC_CTX *mem_ctx,
+			 struct ldb_dn *dn,
+			 struct dnsp_DnssrvRpcRecord **records,
+			 uint16_t *num_records,
+			 bool *tombstoned)
+{
+	const struct timeval start = timeval_current();
+	static const char * const attrs[] = {
+		"dnsRecord",
+		"dNSTombstoned",
+		NULL
+	};
+	int ret;
+	WERROR werr = WERR_OK;
+	struct ldb_message *msg = NULL;
+	struct ldb_message_element *el;
+
+	*records = NULL;
+	*num_records = 0;
+
+	if (tombstoned != NULL) {
+		*tombstoned = false;
+		ret = dsdb_search_one(samdb, mem_ctx, &msg, dn,
+			LDB_SCOPE_BASE, attrs, 0,
+			"(objectClass=dnsNode)");
+	} else {
+		ret = dsdb_search_one(samdb, mem_ctx, &msg, dn,
+			LDB_SCOPE_BASE, attrs, 0,
+			"(&(objectClass=dnsNode)(!(dNSTombstoned=TRUE)))");
+	}
+	if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+		werr = WERR_DNS_ERROR_NAME_DOES_NOT_EXIST;
+		goto exit;
+	}
+	if (ret != LDB_SUCCESS) {
+		/* TODO: we need to check if there's a glue record we need to
+		 * create a referral to */
+		werr = DNS_ERR(NAME_ERROR);
+		goto exit;
+	}
+
+	if (tombstoned != NULL) {
+		*tombstoned = ldb_msg_find_attr_as_bool(msg,
+					"dNSTombstoned", false);
+	}
+
+	el = ldb_msg_find_element(msg, "dnsRecord");
+	if (el == NULL) {
+		TALLOC_FREE(msg);
+		/*
+		 * records produced by older Samba releases
+		 * keep dnsNode objects without dnsRecord and
+		 * without setting dNSTombstoned=TRUE.
+		 *
+		 * We just pretend they're tombstones.
+		 */
+		if (tombstoned != NULL) {
+			struct dnsp_DnssrvRpcRecord *recs;
+			recs = talloc_array(mem_ctx,
+					    struct dnsp_DnssrvRpcRecord,
+					    1);
+			if (recs == NULL) {
+				werr = WERR_NOT_ENOUGH_MEMORY;
+				goto exit;
+			}
+			recs[0] = (struct dnsp_DnssrvRpcRecord) {
+				.wType = DNS_TYPE_TOMBSTONE,
+				/*
+				 * A value of timestamp != 0
+				 * indicated that the object was already
+				 * a tombstone, this will be used
+				 * in dns_common_replace()
+				 */
+				.data.EntombedTime = 1,
+			};
+
+			*tombstoned = true;
+			*records = recs;
+			*num_records = 1;
+			werr = WERR_OK;
+			goto exit;
+		} else {
+			/*
+			 * Because we are not looking for a tombstone
+			 * in this codepath, we just pretend it does
+			 * not exist at all.
+			 */
+			werr = WERR_DNS_ERROR_NAME_DOES_NOT_EXIST;
+			goto exit;
+		}
+	}
+
+	werr = dns_common_extract(samdb, el, mem_ctx, records, num_records);
+	TALLOC_FREE(msg);
+	if (!W_ERROR_IS_OK(werr)) {
+		goto exit;
+	}
+
+	werr = WERR_OK;
+exit:
+	DNS_COMMON_LOG_OPERATION(
+		win_errstr(werr),
+		&start,
+		NULL,
+		dn == NULL ? NULL : ldb_dn_get_linearized(dn),
+		NULL);
+	return werr;
+}
+
+/*
+ * Build an ldb_parse_tree node for an equality check
+ *
+ * Note: name is assumed to have been validated by dns_name_check
+ *       so will be zero terminated and of a reasonable size.
+ */
+static struct ldb_parse_tree *build_equality_operation(
+	TALLOC_CTX *mem_ctx,
+	bool add_asterix,     /* prepend an '*' to the name          */
+	const uint8_t *name,  /* the value being matched             */
+	const char *attr,     /* the attribute to check name against */
+	size_t size)          /* length of name                      */
+{
+
+	struct ldb_parse_tree *el = NULL;  /* Equality node being built */
+	struct ldb_val *value = NULL;      /* Value the attr will be compared
+					      with */
+	size_t length = 0;                 /* calculated length of the value
+	                                      including option '*' prefix and
+					      '\0' string terminator */
+
+	el = talloc(mem_ctx, struct ldb_parse_tree);
+	if (el == NULL) {
+		DBG_ERR("Unable to allocate ldb_parse_tree\n");
+		return NULL;
+	}
+
+	el->operation = LDB_OP_EQUALITY;
+	el->u.equality.attr = talloc_strdup(mem_ctx, attr);
+	value = &el->u.equality.value;
+	length = (add_asterix) ? size + 2 : size + 1;
+	value->data = talloc_zero_array(el, uint8_t, length);
+	if (value->data == NULL) {
+		DBG_ERR("Unable to allocate value->data\n");
+		TALLOC_FREE(el);
+		return NULL;
+	}
+
+	value->length = length;
+	if (add_asterix) {
+		value->data[0] = '*';
+		if (name != NULL) {
+			memcpy(&value->data[1], name, size);
+		}
+	} else if (name != NULL) {
+		memcpy(value->data, name, size);
+	}
+	return el;
+}
+
+/*
+ * Determine the number of levels in name
+ * essentially the number of '.'s in the name + 1
+ *
+ * name is assumed to have been validated by dns_name_check
+ */
+static unsigned int number_of_labels(const struct ldb_val *name) {
+	int x  = 0;
+	unsigned int labels = 1;
+	for (x = 0; x < name->length; x++) {
+		if (name->data[x] == '.') {
+			labels++;
+		}
+	}
+	return labels;
+}
+/*
+ * Build a query that matches the target name, and any possible
+ * DNS wild card entries
+ *
+ * Builds a parse tree equivalent to the example query.
+ *
+ * x.y.z -> (|(name=x.y.z)(name=\2a.y.z)(name=\2a.z)(name=\2a))
+ *
+ * The attribute 'name' is used as this is what the LDB index is on
+ * (the RDN, being 'dc' in this use case, does not have an index in
+ * the AD schema).
+ *
+ * Returns NULL if unable to build the query.
+ *
+ * The first component of the DN is assumed to be the name being looked up
+ * and also that it has been validated by dns_name_check
+ *
+ */
+#define BASE "(&(objectClass=dnsNode)(!(dNSTombstoned=TRUE))(|(a=b)(c=d)))"
+static struct ldb_parse_tree *build_wildcard_query(
+	TALLOC_CTX *mem_ctx,
+	struct ldb_dn *dn)
+{
+	const struct ldb_val *name = NULL;            /* The DNS name being
+							 queried */
+	const char *attr = "name";                    /* The attribute name */
+	struct ldb_parse_tree *query = NULL;          /* The constructed query
+							 parse tree*/
+	struct ldb_parse_tree *wildcard_query = NULL; /* The parse tree for the
+							 name and wild card
+							 entries */
+	int labels = 0;         /* The number of labels in the name */
+
+	name = ldb_dn_get_rdn_val(dn);
+	if (name == NULL) {
+		DBG_ERR("Unable to get domain name value\n");
+		return NULL;
+	}
+	labels = number_of_labels(name);
+
+	query = ldb_parse_tree(mem_ctx, BASE);
+	if (query == NULL) {
+		DBG_ERR("Unable to parse query %s\n", BASE);
+		return NULL;
+	}
+
+	/*
+	 * The 3rd element of BASE is a place holder which is replaced with
+	 * the actual wild card query
+	 */
+	wildcard_query = query->u.list.elements[2];
+	TALLOC_FREE(wildcard_query->u.list.elements);
+
+	wildcard_query->u.list.num_elements = labels + 1;
+	wildcard_query->u.list.elements = talloc_array(
+		wildcard_query,
+		struct ldb_parse_tree *,
+		labels + 1);
+	/*
+	 * Build the wild card query
+	 */
+	{
+		int x = 0;   /* current character in the name               */
+		int l = 0;   /* current equality operator index in elements */
+		struct ldb_parse_tree *el = NULL; /* Equality operator being
+						     built */
+		bool add_asterix = true;  /* prepend an '*' to the value    */
+		for (l = 0, x = 0; l < labels && x < name->length; l++) {
+			unsigned int size = name->length - x;
+			add_asterix = (name->data[x] == '.');
+			el = build_equality_operation(
+				mem_ctx,
+				add_asterix,
+				&name->data[x],
+				attr,
+				size);
+			if (el == NULL) {
+				return NULL;  /* Reason will have been logged */
+			}
+			wildcard_query->u.list.elements[l] = el;
+
+			/* skip to the start of the next label */
+			x++;
+			for (;x < name->length && name->data[x] != '.'; x++);
+		}
+
+		/* Add the base level "*" only query */
+		el = build_equality_operation(mem_ctx, true, NULL, attr, 0);
+		if (el == NULL) {
+			TALLOC_FREE(query);
+			return NULL;  /* Reason will have been logged */
+		}
+		wildcard_query->u.list.elements[l] = el;
+	}
+	return query;
+}
+
+/*
+ * Scan the list of records matching a dns wildcard query and return the
+ * best match.
+ *
+ * The best match is either an exact name match, or the longest wild card
+ * entry returned
+ *
+ * i.e. name = a.b.c candidates *.b.c, *.c,        - *.b.c would be selected
+ *      name = a.b.c candidates a.b.c, *.b.c, *.c  - a.b.c would be selected
+ */
+static struct ldb_message *get_best_match(struct ldb_dn *dn,
+		                          struct ldb_result *result)
+{
+	int matched = 0;    /* Index of the current best match in result */
+	size_t length = 0;  /* The length of the current candidate       */
+	const struct ldb_val *target = NULL;    /* value we're looking for */
+	const struct ldb_val *candidate = NULL; /* current candidate value */
+	int x = 0;
+
+	target = ldb_dn_get_rdn_val(dn);
+	for(x = 0; x < result->count; x++) {
+		candidate = ldb_dn_get_rdn_val(result->msgs[x]->dn);
+		if (strncasecmp((char *) target->data,
+				(char *) candidate->data,
+				target->length) == 0) {
+			/* Exact match stop searching and return */
+			return result->msgs[x];
+		}
+		if (candidate->length > length) {
+			matched = x;
+			length  = candidate->length;
+		}
+	}
+	return result->msgs[matched];
+}
+
+/*
+ * Look up a DNS entry, if an exact match does not exist, return the
+ * closest matching DNS wildcard entry if available
+ *
+ * Returns: LDB_ERR_NO_SUCH_OBJECT     If no matching record exists
+ *          LDB_ERR_OPERATIONS_ERROR   If the query fails
+ *          LDB_SUCCESS                If a matching record was retrieved
+ *
+ */
+static int dns_wildcard_lookup(struct ldb_context *samdb,
+			       TALLOC_CTX *mem_ctx,
+			       struct ldb_dn *dn,
+			       struct ldb_message **msg)
+{
+	static const char * const attrs[] = {
+		"dnsRecord",
+		"dNSTombstoned",
+		NULL
+	};
+	struct ldb_dn *parent = NULL;     /* The parent dn                    */
+	struct ldb_result *result = NULL; /* Results of the search            */
+	int ret;                          /* Return code                      */
+	struct ldb_parse_tree *query = NULL; /* The query to run              */
+	struct ldb_request *request = NULL;  /* LDB request for the query op  */
+	struct ldb_message *match = NULL;    /* the best matching DNS record  */
+	TALLOC_CTX *frame = talloc_stackframe();
+
+	parent = ldb_dn_get_parent(frame, dn);
+	if (parent == NULL) {
+		DBG_ERR("Unable to extract parent from dn\n");
+		TALLOC_FREE(frame);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	query = build_wildcard_query(frame, dn);
+	if (query == NULL) {
+		TALLOC_FREE(frame);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	result = talloc_zero(mem_ctx, struct ldb_result);
+	if (result == NULL) {
+		TALLOC_FREE(frame);
+		DBG_ERR("Unable to allocate ldb_result\n");
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	ret = ldb_build_search_req_ex(&request,
+				      samdb,
+				      frame,
+				      parent,
+				      LDB_SCOPE_SUBTREE,
+				      query,
+				      attrs,
+				      NULL,
+				      result,
+				      ldb_search_default_callback,
+				      NULL);
+	if (ret != LDB_SUCCESS) {
+		TALLOC_FREE(frame);
+		DBG_ERR("ldb_build_search_req_ex returned %d\n", ret);
+		return ret;
+	}
+
+	ret = ldb_request(samdb, request);
+	if (ret != LDB_SUCCESS) {
+		TALLOC_FREE(frame);
+		return ret;
+	}
+
+	ret = ldb_wait(request->handle, LDB_WAIT_ALL);
+	if (ret != LDB_SUCCESS) {
+		TALLOC_FREE(frame);
+		return ret;
+	}
+
+	if (result->count == 0) {
+		TALLOC_FREE(frame);
+		return LDB_ERR_NO_SUCH_OBJECT;
+	}
+
+	match = get_best_match(dn, result);
+	if (match == NULL) {
+		TALLOC_FREE(frame);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	*msg = talloc_move(mem_ctx, &match);
+	TALLOC_FREE(frame);
+	return LDB_SUCCESS;
+}
+
+/*
+ * Lookup a DNS record, will match DNS wild card records if an exact match
+ * is not found.
+ */
+WERROR dns_common_wildcard_lookup(struct ldb_context *samdb,
+				  TALLOC_CTX *mem_ctx,
+				  struct ldb_dn *dn,
+				  struct dnsp_DnssrvRpcRecord **records,
+				  uint16_t *num_records)
+{
+	const struct timeval start = timeval_current();
+	int ret;
+	WERROR werr = WERR_OK;
+	struct ldb_message *msg = NULL;
+	struct ldb_message_element *el = NULL;
+	const struct ldb_val *name = NULL;
+
+	*records = NULL;
+	*num_records = 0;
+
+	name = ldb_dn_get_rdn_val(dn);
+	if (name == NULL) {
+		werr = DNS_ERR(NAME_ERROR);
+		goto exit;
+	}
+
+	/* Don't look for a wildcard for @ */
+	if (name->length == 1 && name->data[0] == '@') {
+		werr = dns_common_lookup(samdb,
+					 mem_ctx,
+					 dn,
+					 records,
+					 num_records,
+					 NULL);
+		goto exit;
+	}
+
+	werr =  dns_name_check(
+			mem_ctx,
+			strlen((const char*)name->data),
+			(const char*) name->data);
+	if (!W_ERROR_IS_OK(werr)) {
+		goto exit;
+	}
+
+	/*
+	 * Do a point search first, then fall back to a wildcard
+	 * lookup if it does not exist
+	 */
+	werr = dns_common_lookup(samdb,
+				 mem_ctx,
+				 dn,
+				 records,
+				 num_records,
+				 NULL);
+	if (!W_ERROR_EQUAL(werr, WERR_DNS_ERROR_NAME_DOES_NOT_EXIST)) {
+		goto exit;
+	}
+
+	ret = dns_wildcard_lookup(samdb, mem_ctx, dn, &msg);
+	if (ret == LDB_ERR_OPERATIONS_ERROR) {
+		werr = DNS_ERR(SERVER_FAILURE);
+		goto exit;
+	}
+	if (ret != LDB_SUCCESS) {
+		werr = DNS_ERR(NAME_ERROR);
+		goto exit;
+	}
+
+	el = ldb_msg_find_element(msg, "dnsRecord");
+	if (el == NULL) {
+		werr = WERR_DNS_ERROR_NAME_DOES_NOT_EXIST;
+		goto exit;
+	}
+
+	werr = dns_common_extract(samdb, el, mem_ctx, records, num_records);
+	TALLOC_FREE(msg);
+	if (!W_ERROR_IS_OK(werr)) {
+		goto exit;
+	}
+
+	werr = WERR_OK;
+exit:
+	DNS_COMMON_LOG_OPERATION(
+		win_errstr(werr),
+		&start,
+		NULL,
+		dn == NULL ? NULL : ldb_dn_get_linearized(dn),
+		NULL);
+	return werr;
+}
+
+static int rec_cmp(const struct dnsp_DnssrvRpcRecord *r1,
+		   const struct dnsp_DnssrvRpcRecord *r2)
+{
+	if (r1->wType != r2->wType) {
+		/*
+		 * The records are sorted with higher types first,
+		 * which puts tombstones (type 0) last.
+		 */
+		return r2->wType - r1->wType;
+	}
+	/*
+	 * Then we need to sort from the oldest to newest timestamp.
+	 *
+	 * Note that dwTimeStamp == 0 (never expiring) records come first,
+	 * then the ones whose expiry is soonest.
+	 */
+	return r1->dwTimeStamp - r2->dwTimeStamp;
+}
+
+/*
+ * Check for valid DNS names. These are names which:
+ *   - are non-empty
+ *   - do not start with a dot
+ *   - do not have any empty labels
+ *   - have no more than 127 labels
+ *   - are no longer than 253 characters
+ *   - none of the labels exceed 63 characters
+ */
+WERROR dns_name_check(TALLOC_CTX *mem_ctx, size_t len, const char *name)
+{
+	size_t i;
+	unsigned int labels    = 0;
+	unsigned int label_len = 0;
+
+	if (len == 0) {
+		return WERR_DS_INVALID_DN_SYNTAX;
+	}
+
+	if (len > 1 && name[0] == '.') {
+		return WERR_DS_INVALID_DN_SYNTAX;
+	}
+
+	if ((len - 1) > DNS_MAX_DOMAIN_LENGTH) {
+		return WERR_DS_INVALID_DN_SYNTAX;
+	}
+
+	for (i = 0; i < len - 1; i++) {
+		if (name[i] == '.' && name[i+1] == '.') {
+			return WERR_DS_INVALID_DN_SYNTAX;
+		}
+		if (name[i] == '.') {
+			labels++;
+			if (labels > DNS_MAX_LABELS) {
+				return WERR_DS_INVALID_DN_SYNTAX;
+			}
+			label_len = 0;
+		} else {
+			label_len++;
+			if (label_len > DNS_MAX_LABEL_LENGTH) {
+				return WERR_DS_INVALID_DN_SYNTAX;
+			}
+		}
+	}
+
+	return WERR_OK;
+}
+
+static WERROR check_name_list(TALLOC_CTX *mem_ctx, uint16_t rec_count,
+			      struct dnsp_DnssrvRpcRecord *records)
+{
+	WERROR werr;
+	uint16_t i;
+	size_t len;
+	struct dnsp_DnssrvRpcRecord record;
+
+	werr = WERR_OK;
+	for (i = 0; i < rec_count; i++) {
+		record = records[i];
+
+		switch (record.wType) {
+
+		case DNS_TYPE_NS:
+			len = strlen(record.data.ns);
+			werr = dns_name_check(mem_ctx, len, record.data.ns);
+			break;
+		case DNS_TYPE_CNAME:
+			len = strlen(record.data.cname);
+			werr = dns_name_check(mem_ctx, len, record.data.cname);
+			break;
+		case DNS_TYPE_SOA:
+			len = strlen(record.data.soa.mname);
+			werr = dns_name_check(mem_ctx, len, record.data.soa.mname);
+			if (!W_ERROR_IS_OK(werr)) {
+				break;
+			}
+			len = strlen(record.data.soa.rname);
+			werr = dns_name_check(mem_ctx, len, record.data.soa.rname);
+			break;
+		case DNS_TYPE_PTR:
+			len = strlen(record.data.ptr);
+			werr = dns_name_check(mem_ctx, len, record.data.ptr);
+			break;
+		case DNS_TYPE_MX:
+			len = strlen(record.data.mx.nameTarget);
+			werr = dns_name_check(mem_ctx, len, record.data.mx.nameTarget);
+			break;
+		case DNS_TYPE_SRV:
+			len = strlen(record.data.srv.nameTarget);
+			werr = dns_name_check(mem_ctx, len,
+					      record.data.srv.nameTarget);
+			break;
+		/*
+		 * In the default case, the record doesn't have a DN, so it
+		 * must be ok.
+		 */
+		default:
+			break;
+		}
+
+		if (!W_ERROR_IS_OK(werr)) {
+			return werr;
+		}
+	}
+
+	return WERR_OK;
+}
+
+bool dns_name_is_static(struct dnsp_DnssrvRpcRecord *records,
+			uint16_t rec_count)
+{
+	int i = 0;
+	for (i = 0; i < rec_count; i++) {
+		if (records[i].wType == DNS_TYPE_TOMBSTONE) {
+			continue;
+		}
+
+		if (records[i].wType == DNS_TYPE_SOA ||
+		    records[i].dwTimeStamp == 0) {
+			return true;
+		}
+	}
+	return false;
+}
+
+/*
+ * Helper function to copy a dnsp_ip4_array struct to an IP4_ARRAY struct.
+ * The new structure and it's data are allocated on the supplied talloc context
+ */
+static struct IP4_ARRAY *copy_ip4_array(TALLOC_CTX *ctx,
+					const char *name,
+					struct dnsp_ip4_array array)
+{
+
+	struct IP4_ARRAY *ip4_array = NULL;
+	unsigned int i;
+
+	ip4_array = talloc_zero(ctx, struct IP4_ARRAY);
+	if (ip4_array == NULL) {
+		DBG_ERR("Out of memory copying property [%s]\n", name);
+		return NULL;
+	}
+
+	ip4_array->AddrCount = array.addrCount;
+	if (ip4_array->AddrCount == 0) {
+		return ip4_array;
+	}
+
+	ip4_array->AddrArray =
+	    talloc_array(ip4_array, uint32_t, ip4_array->AddrCount);
+	if (ip4_array->AddrArray == NULL) {
+		TALLOC_FREE(ip4_array);
+		DBG_ERR("Out of memory copying property [%s] values\n", name);
+		return NULL;
+	}
+
+	for (i = 0; i < ip4_array->AddrCount; i++) {
+		ip4_array->AddrArray[i] = array.addrArray[i];
+	}
+
+	return ip4_array;
+}
+
+bool dns_zoneinfo_load_zone_property(struct dnsserver_zoneinfo *zoneinfo,
+				     struct dnsp_DnsProperty *prop)
+{
+	switch (prop->id) {
+	case DSPROPERTY_ZONE_TYPE:
+		zoneinfo->dwZoneType = prop->data.zone_type;
+		break;
+	case DSPROPERTY_ZONE_ALLOW_UPDATE:
+		zoneinfo->fAllowUpdate = prop->data.allow_update_flag;
+		break;
+	case DSPROPERTY_ZONE_NOREFRESH_INTERVAL:
+		zoneinfo->dwNoRefreshInterval = prop->data.norefresh_hours;
+		break;
+	case DSPROPERTY_ZONE_REFRESH_INTERVAL:
+		zoneinfo->dwRefreshInterval = prop->data.refresh_hours;
+		break;
+	case DSPROPERTY_ZONE_AGING_STATE:
+		zoneinfo->fAging = prop->data.aging_enabled;
+		break;
+	case DSPROPERTY_ZONE_SCAVENGING_SERVERS:
+		zoneinfo->aipScavengeServers = copy_ip4_array(
+		    zoneinfo, "ZONE_SCAVENGING_SERVERS", prop->data.servers);
+		if (zoneinfo->aipScavengeServers == NULL) {
+			return false;
+		}
+		break;
+	case DSPROPERTY_ZONE_AGING_ENABLED_TIME:
+		zoneinfo->dwAvailForScavengeTime =
+		    prop->data.next_scavenging_cycle_hours;
+		break;
+	case DSPROPERTY_ZONE_MASTER_SERVERS:
+		zoneinfo->aipLocalMasters = copy_ip4_array(
+		    zoneinfo, "ZONE_MASTER_SERVERS", prop->data.master_servers);
+		if (zoneinfo->aipLocalMasters == NULL) {
+			return false;
+		}
+		break;
+	case DSPROPERTY_ZONE_EMPTY:
+	case DSPROPERTY_ZONE_SECURE_TIME:
+	case DSPROPERTY_ZONE_DELETED_FROM_HOSTNAME:
+	case DSPROPERTY_ZONE_AUTO_NS_SERVERS:
+	case DSPROPERTY_ZONE_DCPROMO_CONVERT:
+	case DSPROPERTY_ZONE_SCAVENGING_SERVERS_DA:
+	case DSPROPERTY_ZONE_MASTER_SERVERS_DA:
+	case DSPROPERTY_ZONE_NS_SERVERS_DA:
+	case DSPROPERTY_ZONE_NODE_DBFLAGS:
+		break;
+	}
+	return true;
+}
+WERROR dns_get_zone_properties(struct ldb_context *samdb,
+			       TALLOC_CTX *mem_ctx,
+			       struct ldb_dn *zone_dn,
+			       struct dnsserver_zoneinfo *zoneinfo)
+{
+
+	int ret, i;
+	struct dnsp_DnsProperty *prop = NULL;
+	struct ldb_message_element *element = NULL;
+	const char *const attrs[] = {"dNSProperty", NULL};
+	struct ldb_result *res = NULL;
+	enum ndr_err_code err;
+
+	ret = ldb_search(samdb,
+			 mem_ctx,
+			 &res,
+			 zone_dn,
+			 LDB_SCOPE_BASE,
+			 attrs,
+			 "(objectClass=dnsZone)");
+	if (ret != LDB_SUCCESS) {
+		DBG_ERR("dnsserver: Failed to find DNS zone: %s\n",
+			ldb_dn_get_linearized(zone_dn));
+		return DNS_ERR(SERVER_FAILURE);
+	}
+
+	element = ldb_msg_find_element(res->msgs[0], "dNSProperty");
+	if (element == NULL) {
+		return DNS_ERR(NOTZONE);
+	}
+
+	for (i = 0; i < element->num_values; i++) {
+		bool valid_property;
+		prop = talloc_zero(mem_ctx, struct dnsp_DnsProperty);
+		if (prop == NULL) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+		err = ndr_pull_struct_blob(
+		    &(element->values[i]),
+		    mem_ctx,
+		    prop,
+		    (ndr_pull_flags_fn_t)ndr_pull_dnsp_DnsProperty);
+		if (!NDR_ERR_CODE_IS_SUCCESS(err)) {
+			/*
+			 * If we can't pull it, then there is no valid
+			 * data to load into the zone, so ignore this
+			 * as Microsoft does.  Windows can load an
+			 * invalid property with a zero length into
+			 * the dnsProperty attribute.
+			 */
+			continue;
+		}
+
+		valid_property =
+		    dns_zoneinfo_load_zone_property(zoneinfo, prop);
+		if (!valid_property) {
+			return DNS_ERR(SERVER_FAILURE);
+		}
+	}
+
+	return WERR_OK;
+}
+
+WERROR dns_common_replace(struct ldb_context *samdb,
+			  TALLOC_CTX *mem_ctx,
+			  struct ldb_dn *dn,
+			  bool needs_add,
+			  uint32_t serial,
+			  struct dnsp_DnssrvRpcRecord *records,
+			  uint16_t rec_count)
+{
+	const struct timeval start = timeval_current();
+	struct ldb_message_element *el;
+	uint16_t i;
+	int ret;
+	WERROR werr;
+	struct ldb_message *msg = NULL;
+	bool was_tombstoned = false;
+	bool become_tombstoned = false;
+	struct ldb_dn *zone_dn = NULL;
+	struct dnsserver_zoneinfo *zoneinfo = NULL;
+	uint32_t t;
+
+	msg = ldb_msg_new(mem_ctx);
+	W_ERROR_HAVE_NO_MEMORY(msg);
+
+	msg->dn = dn;
+
+	zone_dn = ldb_dn_copy(mem_ctx, dn);
+	if (zone_dn == NULL) {
+		werr = WERR_NOT_ENOUGH_MEMORY;
+		goto exit;
+	}
+	if (!ldb_dn_remove_child_components(zone_dn, 1)) {
+		werr = DNS_ERR(SERVER_FAILURE);
+		goto exit;
+	}
+	zoneinfo = talloc(mem_ctx, struct dnsserver_zoneinfo);
+	if (zoneinfo == NULL) {
+		werr = WERR_NOT_ENOUGH_MEMORY;
+		goto exit;
+	}
+	werr = dns_get_zone_properties(samdb, mem_ctx, zone_dn, zoneinfo);
+	if (W_ERROR_EQUAL(DNS_ERR(NOTZONE), werr)) {
+		/*
+		 * We only got zoneinfo for aging so if we didn't find any
+		 * properties then just disable aging and keep going.
+		 */
+		zoneinfo->fAging = 0;
+	} else if (!W_ERROR_IS_OK(werr)) {
+		goto exit;
+	}
+
+	werr = check_name_list(mem_ctx, rec_count, records);
+	if (!W_ERROR_IS_OK(werr)) {
+		goto exit;
+	}
+
+	ret = ldb_msg_add_empty(msg, "dnsRecord", LDB_FLAG_MOD_REPLACE, &el);
+	if (ret != LDB_SUCCESS) {
+		werr = DNS_ERR(SERVER_FAILURE);
+		goto exit;
+	}
+
+	/*
+	 * we have at least one value,
+	 * which might be used for the tombstone marker
+	 */
+	el->values = talloc_zero_array(el, struct ldb_val, MAX(1, rec_count));
+	if (el->values == NULL) {
+		werr = WERR_NOT_ENOUGH_MEMORY;
+		goto exit;
+	}
+
+	if (rec_count > 1) {
+		/*
+		 * We store a sorted list with the high wType values first
+		 * that's what windows does. It also simplifies the
+		 * filtering of DNS_TYPE_TOMBSTONE records
+		 */
+		TYPESAFE_QSORT(records, rec_count, rec_cmp);
+	}
+
+	for (i = 0; i < rec_count; i++) {
+		struct ldb_val *v = &el->values[el->num_values];
+		enum ndr_err_code ndr_err;
+
+		if (records[i].wType == DNS_TYPE_TOMBSTONE) {
+			/*
+			 * There are two things that could be going on here.
+			 *
+			 * 1. We use a tombstone with EntombedTime == 0 for
+			 * passing deletion messages through the stack, and
+			 * this is the place we filter them out to perform
+			 * that deletion.
+			 *
+			 * 2. This node is tombstoned, with no records except
+			 * for a single tombstone, and it is just waiting to
+			 * disappear. In this case, unless the caller has
+			 * added a record, rec_count should be 1, and
+			 * el->num_values will end up at 0, and we will make
+			 * no changes. But if the caller has added a record,
+			 * we need to un-tombstone the node.
+			 *
+			 * It is not possible to add an explicit tombstone
+			 * record.
+			 */
+			if (records[i].data.EntombedTime != 0) {
+				if (rec_count != 1) {
+					DBG_ERR("tombstone record has %u neighbour "
+						"records.\n",
+						rec_count - 1);
+				}
+				was_tombstoned = true;
+			}
+			continue;
+		}
+
+		if (zoneinfo->fAging == 1 && records[i].dwTimeStamp != 0) {
+			t = unix_to_dns_timestamp(time(NULL));
+			if (t - records[i].dwTimeStamp >
+			    zoneinfo->dwNoRefreshInterval) {
+				records[i].dwTimeStamp = t;
+			}
+		}
+
+		records[i].dwSerial = serial;
+		ndr_err = ndr_push_struct_blob(v, el->values, &records[i],
+				(ndr_push_flags_fn_t)ndr_push_dnsp_DnssrvRpcRecord);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			DEBUG(0, ("Failed to push dnsp_DnssrvRpcRecord\n"));
+			werr = DNS_ERR(SERVER_FAILURE);
+			goto exit;
+		}
+		el->num_values++;
+	}
+
+	if (needs_add) {
+		/*
+		 * This is a new dnsNode, which simplifies everything as we
+		 * know there is nothing to delete or change. We add the
+		 * records and get out.
+		 */
+		if (el->num_values == 0) {
+			werr = WERR_OK;
+			goto exit;
+		}
+
+		ret = ldb_msg_add_string(msg, "objectClass", "dnsNode");
+		if (ret != LDB_SUCCESS) {
+			werr = DNS_ERR(SERVER_FAILURE);
+			goto exit;
+		}
+
+		ret = ldb_add(samdb, msg);
+		if (ret != LDB_SUCCESS) {
+			werr = DNS_ERR(SERVER_FAILURE);
+			goto exit;
+		}
+
+		werr = WERR_OK;
+		goto exit;
+	}
+
+	if (el->num_values == 0) {
+		/*
+		 * We get here if there are no records or all the records were
+		 * tombstones.
+		 */
+		struct dnsp_DnssrvRpcRecord tbs;
+		struct ldb_val *v = &el->values[el->num_values];
+		enum ndr_err_code ndr_err;
+		struct timeval tv;
+
+		if (was_tombstoned) {
+			/*
+			 * This is already a tombstoned object.
+			 * Just leave it instead of updating the time stamp.
+			 */
+			werr = WERR_OK;
+			goto exit;
+		}
+
+		tv = timeval_current();
+		tbs = (struct dnsp_DnssrvRpcRecord) {
+			.wType = DNS_TYPE_TOMBSTONE,
+			.dwSerial = serial,
+			.data.EntombedTime = timeval_to_nttime(&tv),
+		};
+
+		ndr_err = ndr_push_struct_blob(v, el->values, &tbs,
+				(ndr_push_flags_fn_t)ndr_push_dnsp_DnssrvRpcRecord);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			DEBUG(0, ("Failed to push dnsp_DnssrvRpcRecord\n"));
+			werr = DNS_ERR(SERVER_FAILURE);
+			goto exit;
+		}
+		el->num_values++;
+
+		become_tombstoned = true;
+	}
+
+	if (was_tombstoned || become_tombstoned) {
+		ret = ldb_msg_append_fmt(msg, LDB_FLAG_MOD_REPLACE,
+					 "dNSTombstoned", "%s",
+					 become_tombstoned ? "TRUE" : "FALSE");
+		if (ret != LDB_SUCCESS) {
+			werr = DNS_ERR(SERVER_FAILURE);
+			goto exit;
+		}
+	}
+
+	ret = ldb_modify(samdb, msg);
+	if (ret != LDB_SUCCESS) {
+		NTSTATUS nt = dsdb_ldb_err_to_ntstatus(ret);
+		werr = ntstatus_to_werror(nt);
+		goto exit;
+	}
+
+	werr = WERR_OK;
+exit:
+	talloc_free(msg);
+	DNS_COMMON_LOG_OPERATION(
+		win_errstr(werr),
+		&start,
+		NULL,
+		dn == NULL ? NULL : ldb_dn_get_linearized(dn),
+		NULL);
+	return werr;
+}
+
+bool dns_name_match(const char *zone, const char *name, size_t *host_part_len)
+{
+	size_t zl = strlen(zone);
+	size_t nl = strlen(name);
+	ssize_t zi, ni;
+	static const size_t fixup = 'a' - 'A';
+
+	if (zl > nl) {
+		return false;
+	}
+
+	for (zi = zl, ni = nl; zi >= 0; zi--, ni--) {
+		char zc = zone[zi];
+		char nc = name[ni];
+
+		/* convert to lower case */
+		if (zc >= 'A' && zc <= 'Z') {
+			zc += fixup;
+		}
+		if (nc >= 'A' && nc <= 'Z') {
+			nc += fixup;
+		}
+
+		if (zc != nc) {
+			return false;
+		}
+	}
+
+	if (ni >= 0) {
+		if (name[ni] != '.') {
+			return false;
+		}
+
+		ni--;
+	}
+
+	*host_part_len = ni+1;
+
+	return true;
+}
+
+WERROR dns_common_name2dn(struct ldb_context *samdb,
+			  struct dns_server_zone *zones,
+			  TALLOC_CTX *mem_ctx,
+			  const char *name,
+			  struct ldb_dn **_dn)
+{
+	struct ldb_dn *base;
+	struct ldb_dn *dn;
+	const struct dns_server_zone *z;
+	size_t host_part_len = 0;
+	struct ldb_val host_part;
+	WERROR werr;
+	bool ok;
+	const char *casefold = NULL;
+
+	if (name == NULL) {
+		return DNS_ERR(FORMAT_ERROR);
+	}
+
+	if (strcmp(name, "") == 0) {
+		base = ldb_get_default_basedn(samdb);
+		dn = ldb_dn_copy(mem_ctx, base);
+		ok = ldb_dn_add_child_fmt(dn,
+					  "DC=@,DC=RootDNSServers,CN=MicrosoftDNS,CN=System");
+		if (ok == false) {
+			TALLOC_FREE(dn);
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+
+		*_dn = dn;
+		return WERR_OK;
+	}
+
+	/* Check non-empty names */
+	werr = dns_name_check(mem_ctx, strlen(name), name);
+	if (!W_ERROR_IS_OK(werr)) {
+		return werr;
+	}
+
+	for (z = zones; z != NULL; z = z->next) {
+		bool match;
+
+		match = dns_name_match(z->name, name, &host_part_len);
+		if (match) {
+			break;
+		}
+	}
+
+	if (z == NULL) {
+		return DNS_ERR(NAME_ERROR);
+	}
+
+	if (host_part_len == 0) {
+		dn = ldb_dn_copy(mem_ctx, z->dn);
+		ok = ldb_dn_add_child_fmt(dn, "DC=@");
+		if (! ok) {
+			TALLOC_FREE(dn);
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+		*_dn = dn;
+		return WERR_OK;
+	}
+
+	dn = ldb_dn_copy(mem_ctx, z->dn);
+	if (dn == NULL) {
+		TALLOC_FREE(dn);
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	host_part = data_blob_const(name, host_part_len);
+
+	ok = ldb_dn_add_child_val(dn, "DC", host_part);
+
+	if (ok == false) {
+		TALLOC_FREE(dn);
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	/*
+	 * Check the new DN here for validity, so as to catch errors
+	 * early
+	 */
+	ok = ldb_dn_validate(dn);
+	if (ok == false) {
+		TALLOC_FREE(dn);
+		return DNS_ERR(NAME_ERROR);
+	}
+
+	/*
+	 * The value from this check is saved in the DN, and doing
+	 * this here allows an easy return here.
+	 */
+	casefold = ldb_dn_get_casefold(dn);
+	if (casefold == NULL) {
+		TALLOC_FREE(dn);
+		return DNS_ERR(NAME_ERROR);
+	}
+
+	*_dn = dn;
+	return WERR_OK;
+}
+
+
+/*
+  see if two dns records match
+ */
+
+
+bool dns_record_match(struct dnsp_DnssrvRpcRecord *rec1,
+		      struct dnsp_DnssrvRpcRecord *rec2)
+{
+	int i;
+	struct in6_addr rec1_in_addr6;
+	struct in6_addr rec2_in_addr6;
+
+	if (rec1->wType != rec2->wType) {
+		return false;
+	}
+
+	/* see if the data matches */
+	switch (rec1->wType) {
+	case DNS_TYPE_A:
+		return strcmp(rec1->data.ipv4, rec2->data.ipv4) == 0;
+	case DNS_TYPE_AAAA: {
+		int ret;
+
+		ret = inet_pton(AF_INET6, rec1->data.ipv6, &rec1_in_addr6);
+		if (ret != 1) {
+			return false;
+		}
+		ret = inet_pton(AF_INET6, rec2->data.ipv6, &rec2_in_addr6);
+		if (ret != 1) {
+			return false;
+		}
+
+		return memcmp(&rec1_in_addr6, &rec2_in_addr6, sizeof(rec1_in_addr6)) == 0;
+	}
+	case DNS_TYPE_CNAME:
+		return samba_dns_name_equal(rec1->data.cname,
+					    rec2->data.cname);
+	case DNS_TYPE_TXT:
+		if (rec1->data.txt.count != rec2->data.txt.count) {
+			return false;
+		}
+		for (i = 0; i < rec1->data.txt.count; i++) {
+			if (strcmp(rec1->data.txt.str[i], rec2->data.txt.str[i]) != 0) {
+				return false;
+			}
+		}
+		return true;
+	case DNS_TYPE_PTR:
+		return samba_dns_name_equal(rec1->data.ptr, rec2->data.ptr);
+	case DNS_TYPE_NS:
+		return samba_dns_name_equal(rec1->data.ns, rec2->data.ns);
+
+	case DNS_TYPE_SRV:
+		return rec1->data.srv.wPriority == rec2->data.srv.wPriority &&
+			rec1->data.srv.wWeight  == rec2->data.srv.wWeight &&
+			rec1->data.srv.wPort    == rec2->data.srv.wPort &&
+			samba_dns_name_equal(rec1->data.srv.nameTarget,
+					     rec2->data.srv.nameTarget);
+
+	case DNS_TYPE_MX:
+		return rec1->data.mx.wPriority == rec2->data.mx.wPriority &&
+			samba_dns_name_equal(rec1->data.mx.nameTarget,
+					     rec2->data.mx.nameTarget);
+
+	case DNS_TYPE_SOA:
+		return samba_dns_name_equal(rec1->data.soa.mname,
+					    rec2->data.soa.mname) &&
+			samba_dns_name_equal(rec1->data.soa.rname,
+					     rec2->data.soa.rname) &&
+			rec1->data.soa.serial == rec2->data.soa.serial &&
+			rec1->data.soa.refresh == rec2->data.soa.refresh &&
+			rec1->data.soa.retry == rec2->data.soa.retry &&
+			rec1->data.soa.expire == rec2->data.soa.expire &&
+			rec1->data.soa.minimum == rec2->data.soa.minimum;
+	case DNS_TYPE_TOMBSTONE:
+		return true;
+	default:
+		break;
+	}
+
+	return false;
+}
+
+
+static int dns_common_sort_zones(struct ldb_message **m1, struct ldb_message **m2)
+{
+	const char *n1, *n2;
+	size_t l1, l2;
+
+	n1 = ldb_msg_find_attr_as_string(*m1, "name", NULL);
+	n2 = ldb_msg_find_attr_as_string(*m2, "name", NULL);
+	if (n1 == NULL || n2 == NULL) {
+		if (n1 != NULL) {
+			return -1;
+		} else if (n2 != NULL) {
+			return 1;
+		} else {
+			return 0;
+		}
+	}
+	l1 = strlen(n1);
+	l2 = strlen(n2);
+
+	/* If the string lengths are not equal just sort by length */
+	if (l1 != l2) {
+		/* If m1 is the larger zone name, return it first */
+		return l2 - l1;
+	}
+
+	/*TODO: We need to compare DNs here, we want the DomainDNSZones first */
+	return 0;
+}
+
+NTSTATUS dns_common_zones(struct ldb_context *samdb,
+			  TALLOC_CTX *mem_ctx,
+			  struct ldb_dn *base_dn,
+			  struct dns_server_zone **zones_ret)
+{
+	const struct timeval start = timeval_current();
+	int ret;
+	static const char * const attrs[] = { "name", NULL};
+	struct ldb_result *res;
+	int i;
+	struct dns_server_zone *new_list = NULL;
+	TALLOC_CTX *frame = talloc_stackframe();
+	NTSTATUS result = NT_STATUS_OK;
+
+	if (base_dn) {
+		/* This search will work against windows */
+		ret = dsdb_search(samdb, frame, &res,
+				  base_dn, LDB_SCOPE_SUBTREE,
+				  attrs, 0, "(objectClass=dnsZone)");
+	} else {
+		/* TODO: this search does not work against windows */
+		ret = dsdb_search(samdb, frame, &res, NULL,
+				  LDB_SCOPE_SUBTREE,
+				  attrs,
+				  DSDB_SEARCH_SEARCH_ALL_PARTITIONS,
+				  "(objectClass=dnsZone)");
+	}
+	if (ret != LDB_SUCCESS) {
+		TALLOC_FREE(frame);
+		result = NT_STATUS_INTERNAL_DB_CORRUPTION;
+		goto exit;
+	}
+
+	TYPESAFE_QSORT(res->msgs, res->count, dns_common_sort_zones);
+
+	for (i=0; i < res->count; i++) {
+		struct dns_server_zone *z;
+
+		z = talloc_zero(mem_ctx, struct dns_server_zone);
+		if (z == NULL) {
+			TALLOC_FREE(frame);
+			result = NT_STATUS_NO_MEMORY;
+			goto exit;
+		}
+
+		z->name = ldb_msg_find_attr_as_string(res->msgs[i], "name", NULL);
+		talloc_steal(z, z->name);
+		z->dn = talloc_move(z, &res->msgs[i]->dn);
+		/*
+		 * Ignore the RootDNSServers zone and zones that we don't support yet
+		 * RootDNSServers should never be returned (Windows DNS server don't)
+		 * ..TrustAnchors should never be returned as is, (Windows returns
+		 * TrustAnchors) and for the moment we don't support DNSSEC so we'd better
+		 * not return this zone.
+		 */
+		if ((strcmp(z->name, "RootDNSServers") == 0) ||
+		    (strcmp(z->name, "..TrustAnchors") == 0))
+		{
+			DEBUG(10, ("Ignoring zone %s\n", z->name));
+			talloc_free(z);
+			continue;
+		}
+		DLIST_ADD_END(new_list, z);
+	}
+
+	*zones_ret = new_list;
+	TALLOC_FREE(frame);
+	result = NT_STATUS_OK;
+exit:
+	DNS_COMMON_LOG_OPERATION(
+		nt_errstr(result),
+		&start,
+		NULL,
+		base_dn == NULL ? NULL : ldb_dn_get_linearized(base_dn),
+		NULL);
+	return result;
+}
+
+/*
+  see if two DNS names are the same
+ */
+bool samba_dns_name_equal(const char *name1, const char *name2)
+{
+	size_t len1 = strlen(name1);
+	size_t len2 = strlen(name2);
+
+	if (len1 > 0 && name1[len1 - 1] == '.') {
+		len1--;
+	}
+	if (len2 > 0 && name2[len2 - 1] == '.') {
+		len2--;
+	}
+	if (len1 != len2) {
+		return false;
+	}
+	return strncasecmp(name1, name2, len1) == 0;
+}
+
+
+/*
+ * Convert unix time to a DNS timestamp
+ * uint32 hours in the NTTIME epoch
+ *
+ * This uses unix_to_nt_time() which can return special flag NTTIMEs like
+ * UINT64_MAX (0xFFF...) or NTTIME_MAX (0x7FF...), which will convert to
+ * distant future timestamps; or 0 as a flag value, meaning a 1601 timestamp,
+ * which is used to indicate a record does not expire.
+ *
+ * As we don't generally check for these special values in NTTIME conversions,
+ * we also don't check here, but for the benefit of people encountering these
+ * timestamps and searching for their origin, here is a list:
+ *
+ **  TIME_T_MAX
+ *
+ * Even if time_t is 32 bit, this will become NTTIME_MAX (a.k.a INT64_MAX,
+ * 0x7fffffffffffffff) in 100ns units. That translates to 256204778 hours
+ * since 1601, which converts back to 9223372008000000000 or
+ * 0x7ffffff9481f1000. It will present as 30828-09-14 02:00:00, around 48
+ * minutes earlier than NTTIME_MAX.
+ *
+ **  0, the start of the unix epoch, 1970-01-01 00:00:00
+ *
+ * This is converted into 0 in the Windows epoch, 1601-01-01 00:00:00 which is
+ * clearly the same whether you count in 100ns units or hours. In DNS record
+ * timestamps this is a flag meaning the record will never expire.
+ *
+ **  (time_t)-1, such as what *might* mean 1969-12-31 23:59:59
+ *
+ * This becomes (NTTIME)-1ULL a.k.a. UINT64_MAX, 0xffffffffffffffff thence
+ * 512409557 in hours since 1601. That in turn is 0xfffffffaf2028800 or
+ * 18446744052000000000 in NTTIME (rounded to the hour), which might be
+ * presented as -21709551616 or -0x50dfd7800, because NTTIME is not completely
+ * dedicated to being unsigned. If it gets shown as a year, it will be around
+ * 60055.
+ *
+ **  Other negative time_t values (e.g. 1969-05-29).
+ *
+ * The meaning of these is somewhat undefined, but in any case they will
+ * translate perfectly well into the same dates in NTTIME.
+ *
+ **  Notes
+ *
+ * There are dns timestamps that exceed the range of NTTIME (up to 488356 AD),
+ * but it is not possible for this function to produce them.
+ *
+ * It is plausible that it was at midnight on 1601-01-01, in London, that
+ * Shakespeare wrote:
+ *
+ *  The time is out of joint. O cursed spite
+ *  That ever I was born to set it right!
+ *
+ * and this is why we have this epoch and time zone.
+ */
+uint32_t unix_to_dns_timestamp(time_t t)
+{
+	NTTIME nt;
+	unix_to_nt_time(&nt, t);
+	nt /= NTTIME_TO_HOURS;
+	return (uint32_t) nt;
+}
+
+/*
+ * Convert a DNS timestamp into NTTIME.
+ *
+ * Because DNS timestamps cover a longer time period than NTTIME, and these
+ * would wrap to an arbitrary NTTIME, we saturate at NTTIME_MAX and return an
+ * error in this case.
+ */
+NTSTATUS dns_timestamp_to_nt_time(NTTIME *_nt, uint32_t t)
+{
+	NTTIME nt = t;
+	if (nt > NTTIME_MAX / NTTIME_TO_HOURS) {
+		*_nt = NTTIME_MAX;
+		return NT_STATUS_INTEGER_OVERFLOW;
+	}
+	*_nt = nt * NTTIME_TO_HOURS;
+	return NT_STATUS_OK;
+}
diff --git a/source4/dns_server/dnsserver_common.h b/source4/dns_server/dnsserver_common.h
new file mode 100644
index 0000000..a0c1065
--- /dev/null
+++ b/source4/dns_server/dnsserver_common.h
@@ -0,0 +1,139 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   DNS server utils
+
+   Copyright (C) 2014 Stefan Metzmacher
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "rpc_server/dnsserver/dnsserver.h"
+
+#ifndef __DNSSERVER_COMMON_H__
+#define __DNSSERVER_COMMON_H__
+
+uint8_t werr_to_dns_err(WERROR werr);
+#define DNS_ERR(err_str) WERR_DNS_ERROR_RCODE_##err_str
+
+struct ldb_message_element;
+struct ldb_context;
+struct dnsp_DnssrvRpcRecord;
+
+struct dns_server_zone {
+	struct dns_server_zone *prev, *next;
+	const char *name;
+	struct ldb_dn *dn;
+};
+
+WERROR dns_common_extract(struct ldb_context *samdb,
+			  const struct ldb_message_element *el,
+			  TALLOC_CTX *mem_ctx,
+			  struct dnsp_DnssrvRpcRecord **records,
+			  uint16_t *num_records);
+
+WERROR dns_common_lookup(struct ldb_context *samdb,
+			 TALLOC_CTX *mem_ctx,
+			 struct ldb_dn *dn,
+			 struct dnsp_DnssrvRpcRecord **records,
+			 uint16_t *num_records,
+			 bool *tombstoned);
+WERROR dns_common_wildcard_lookup(struct ldb_context *samdb,
+				  TALLOC_CTX *mem_ctx,
+				  struct ldb_dn *dn,
+				  struct dnsp_DnssrvRpcRecord **records,
+				  uint16_t *num_records);
+WERROR dns_name_check(TALLOC_CTX *mem_ctx,
+		      size_t len,
+		      const char *name);
+WERROR dns_get_zone_properties(struct ldb_context *samdb,
+			       TALLOC_CTX *mem_ctx,
+			       struct ldb_dn *zone_dn,
+			       struct dnsserver_zoneinfo *zoneinfo);
+bool dns_name_is_static(struct dnsp_DnssrvRpcRecord *records,
+			uint16_t rec_count);
+WERROR dns_common_replace(struct ldb_context *samdb,
+			  TALLOC_CTX *mem_ctx,
+			  struct ldb_dn *dn,
+			  bool needs_add,
+			  uint32_t serial,
+			  struct dnsp_DnssrvRpcRecord *records,
+			  uint16_t rec_count);
+bool dns_name_match(const char *zone, const char *name, size_t *host_part_len);
+WERROR dns_common_name2dn(struct ldb_context *samdb,
+			  struct dns_server_zone *zones,
+			  TALLOC_CTX *mem_ctx,
+			  const char *name,
+			  struct ldb_dn **_dn);
+bool samba_dns_name_equal(const char *name1, const char *name2);
+
+bool dns_record_match(struct dnsp_DnssrvRpcRecord *rec1,
+		      struct dnsp_DnssrvRpcRecord *rec2);
+
+/*
+ * For this routine, base_dn is generally NULL.  The exception comes
+ * from the python bindings to support setting ACLs on DNS objects
+ * when joining Windows
+ */
+NTSTATUS dns_common_zones(struct ldb_context *samdb,
+			  TALLOC_CTX *mem_ctx,
+			  struct ldb_dn *base_dn,
+			  struct dns_server_zone **zones_ret);
+
+bool dns_zoneinfo_load_zone_property(struct dnsserver_zoneinfo *zoneinfo,
+				     struct dnsp_DnsProperty *prop);
+/*
+ * Log a DNS operation along with it's duration
+ * Enabled by setting a log level of "dns:10"
+ *
+ * const char *operation
+ * const char *result
+ * const struct timeval *start
+ * const char *zone
+ * const char *name
+ * const char *data
+ */
+#define DNS_COMMON_LOG_OPERATION(result, start, zone, name, data) \
+	if (CHECK_DEBUGLVLC(DBGC_DNS, DBGLVL_DEBUG)) { \
+		struct timeval now = timeval_current(); \
+		uint64_t duration = usec_time_diff(&now, (start));\
+		const char *re = (result);\
+		const char *zn = (zone); \
+		const char *nm = (name); \
+		const char *dt = (data); \
+		DBG_DEBUG( \
+			"DNS timing: result: [%s] duration: (%" PRIi64 ") " \
+			"zone: [%s] name: [%s] data: [%s]\n", \
+			re == NULL ? "" : re, \
+			duration, \
+			zn == NULL ? "" : zn, \
+			nm == NULL ? "" : nm, \
+			dt == NULL ? "" : dt); \
+	}
+
+/* There are this many nttime jiffies in an hour */
+#define NTTIME_TO_HOURS (3600ULL * 10ULL * 1000ULL * 1000ULL)
+
+/*
+ * convert unix time to a DNS timestamp
+ * (hours in the NTTIME epoch, 32 bit).
+ */
+uint32_t unix_to_dns_timestamp(time_t t);
+
+/*
+ * Convert a DNS timestamp into NTTIME.
+ */
+NTSTATUS dns_timestamp_to_nt_time(NTTIME *_nt, uint32_t t);
+
+#endif /* __DNSSERVER_COMMON_H__ */
diff --git a/source4/dns_server/pydns.c b/source4/dns_server/pydns.c
new file mode 100644
index 0000000..6e99ebd
--- /dev/null
+++ b/source4/dns_server/pydns.c
@@ -0,0 +1,445 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Python DNS server wrapper
+
+   Copyright (C) 2015 Andrew Bartlett
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "lib/replace/system/python.h"
+#include "python/py3compat.h"
+#include "includes.h"
+#include "python/modules.h"
+#include <pyldb.h>
+#include <pytalloc.h>
+#include "dns_server/dnsserver_common.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
+#include "librpc/gen_ndr/ndr_dnsp.h"
+#include "librpc/rpc/pyrpc_util.h"
+
+/* FIXME: These should be in a header file somewhere */
+#define PyErr_LDB_OR_RAISE(py_ldb, ldb) \
+	if (!py_check_dcerpc_type(py_ldb, "ldb", "Ldb")) { \
+		PyErr_SetString(PyExc_TypeError, "Ldb connection object required"); \
+		return NULL; \
+	} \
+	ldb = pyldb_Ldb_AsLdbContext(py_ldb);
+
+#define PyErr_LDB_DN_OR_RAISE(py_ldb_dn, dn) \
+	if (!py_check_dcerpc_type(py_ldb_dn, "ldb", "Dn")) { \
+		PyErr_SetString(PyExc_TypeError, "ldb Dn object required"); \
+		return NULL; \
+	} \
+	dn = pyldb_Dn_AS_DN(py_ldb_dn);
+
+static PyObject *py_dnsp_DnssrvRpcRecord_get_list(struct dnsp_DnssrvRpcRecord *records,
+						  uint16_t num_records)
+{
+	PyObject *py_dns_list;
+	int i;
+	py_dns_list = PyList_New(num_records);
+	if (py_dns_list == NULL) {
+		return NULL;
+	}
+	for (i = 0; i < num_records; i++) {
+		PyObject *py_dns_record;
+		py_dns_record = py_return_ndr_struct("samba.dcerpc.dnsp", "DnssrvRpcRecord", records, &records[i]);
+		PyList_SetItem(py_dns_list, i, py_dns_record);
+	}
+	return py_dns_list;
+}
+
+
+static int py_dnsp_DnssrvRpcRecord_get_array(PyObject *value,
+					     TALLOC_CTX *mem_ctx,
+					     struct dnsp_DnssrvRpcRecord **records,
+					     uint16_t *num_records)
+{
+	int i;
+	struct dnsp_DnssrvRpcRecord *recs;
+	PY_CHECK_TYPE(&PyList_Type, value, return -1;);
+	recs = talloc_array(mem_ctx, struct dnsp_DnssrvRpcRecord,
+			    PyList_GET_SIZE(value));
+	if (recs == NULL) {
+		PyErr_NoMemory();
+		return -1;
+	}
+	for (i = 0; i < PyList_GET_SIZE(value); i++) {
+		bool type_correct;
+		PyObject *item = PyList_GET_ITEM(value, i);
+		type_correct = py_check_dcerpc_type(item, "samba.dcerpc.dnsp", "DnssrvRpcRecord");
+		if (type_correct == false) {
+			return -1;
+		}
+		if (talloc_reference(mem_ctx, pytalloc_get_mem_ctx(item)) == NULL) {
+			PyErr_NoMemory();
+			return -1;
+		}
+		recs[i] = *(struct dnsp_DnssrvRpcRecord *)pytalloc_get_ptr(item);
+	}
+	*records = recs;
+	*num_records = PyList_GET_SIZE(value);
+	return 0;
+}
+
+static PyObject *py_dsdb_dns_lookup(PyObject *self,
+				    PyObject *args, PyObject *kwargs)
+{
+	struct ldb_context *samdb;
+	PyObject *py_ldb, *ret, *pydn;
+	PyObject *py_dns_partition = NULL;
+	PyObject *result = NULL;
+	char *dns_name;
+	TALLOC_CTX *frame;
+	NTSTATUS status;
+	WERROR werr;
+	struct dns_server_zone *zones_list;
+	struct ldb_dn *dn, *dns_partition = NULL;
+	struct dnsp_DnssrvRpcRecord *records;
+	uint16_t num_records;
+	const char * const kwnames[] = { "ldb", "dns_name",
+					 "dns_partition", NULL };
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "Os|O",
+					 discard_const_p(char *, kwnames),
+					 &py_ldb, &dns_name,
+					 &py_dns_partition)) {
+		return NULL;
+	}
+	PyErr_LDB_OR_RAISE(py_ldb, samdb);
+
+	if (py_dns_partition) {
+		PyErr_LDB_DN_OR_RAISE(py_dns_partition,
+				      dns_partition);
+	}
+
+	frame = talloc_stackframe();
+
+	status = dns_common_zones(samdb, frame, dns_partition,
+				  &zones_list);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(frame);
+		PyErr_SetNTSTATUS(status);
+		return NULL;
+	}
+
+	werr = dns_common_name2dn(samdb, zones_list, frame, dns_name, &dn);
+	if (!W_ERROR_IS_OK(werr)) {
+		talloc_free(frame);
+		PyErr_SetWERROR(werr);
+		return NULL;
+	}
+
+	werr = dns_common_lookup(samdb,
+				 frame,
+				 dn,
+				 &records,
+				 &num_records,
+				 NULL);
+	if (!W_ERROR_IS_OK(werr)) {
+		talloc_free(frame);
+		PyErr_SetWERROR(werr);
+		return NULL;
+	}
+
+	ret = py_dnsp_DnssrvRpcRecord_get_list(records, num_records);
+	pydn = pyldb_Dn_FromDn(dn);
+	talloc_free(frame);
+	result = Py_BuildValue("(OO)", pydn, ret);
+	Py_CLEAR(ret);
+	Py_CLEAR(pydn);
+	return result;
+}
+
+static PyObject *py_dsdb_dns_extract(PyObject *self, PyObject *args)
+{
+	struct ldb_context *samdb;
+	PyObject *py_dns_el, *ret;
+	PyObject *py_ldb = NULL;
+	TALLOC_CTX *frame;
+	WERROR werr;
+	struct ldb_message_element *dns_el;
+	struct dnsp_DnssrvRpcRecord *records;
+	uint16_t num_records;
+
+	if (!PyArg_ParseTuple(args, "OO", &py_ldb, &py_dns_el)) {
+		return NULL;
+	}
+
+	PyErr_LDB_OR_RAISE(py_ldb, samdb);
+
+	if (!py_check_dcerpc_type(py_dns_el, "ldb", "MessageElement")) {
+		PyErr_SetString(PyExc_TypeError,
+				"ldb MessageElement object required");
+		return NULL;
+	}
+	dns_el = pyldb_MessageElement_AsMessageElement(py_dns_el);
+
+	frame = talloc_stackframe();
+
+	werr = dns_common_extract(samdb, dns_el,
+				  frame,
+				  &records,
+				  &num_records);
+	if (!W_ERROR_IS_OK(werr)) {
+		talloc_free(frame);
+		PyErr_SetWERROR(werr);
+		return NULL;
+	}
+
+	ret = py_dnsp_DnssrvRpcRecord_get_list(records, num_records);
+	talloc_free(frame);
+	return ret;
+}
+
+static PyObject *py_dsdb_dns_replace(PyObject *self, PyObject *args)
+{
+	struct ldb_context *samdb;
+	PyObject *py_ldb, *py_dns_records;
+	char *dns_name;
+	TALLOC_CTX *frame;
+	NTSTATUS status;
+	WERROR werr;
+	int ret;
+	struct dns_server_zone *zones_list;
+	struct ldb_dn *dn;
+	struct dnsp_DnssrvRpcRecord *records;
+	uint16_t num_records;
+
+	/*
+	 * TODO: This is a shocking abuse, but matches what the
+	 * internal DNS server does, it should be pushed into
+	 * dns_common_replace()
+	 */
+	static const int serial = 110;
+
+	if (!PyArg_ParseTuple(args, "OsO", &py_ldb, &dns_name, &py_dns_records)) {
+		return NULL;
+	}
+	PyErr_LDB_OR_RAISE(py_ldb, samdb);
+
+	frame = talloc_stackframe();
+
+	status = dns_common_zones(samdb, frame, NULL, &zones_list);
+	if (!NT_STATUS_IS_OK(status)) {
+		PyErr_SetNTSTATUS(status);
+		talloc_free(frame);
+		return NULL;
+	}
+
+	werr = dns_common_name2dn(samdb, zones_list, frame, dns_name, &dn);
+	if (!W_ERROR_IS_OK(werr)) {
+		PyErr_SetWERROR(werr);
+		talloc_free(frame);
+		return NULL;
+	}
+
+	ret = py_dnsp_DnssrvRpcRecord_get_array(py_dns_records,
+						frame,
+						&records, &num_records);
+	if (ret != 0) {
+		talloc_free(frame);
+		return NULL;
+	}
+
+	werr = dns_common_replace(samdb,
+				  frame,
+				  dn,
+				  false, /* Not adding a record */
+				  serial,
+				  records,
+				  num_records);
+	if (!W_ERROR_IS_OK(werr)) {
+		PyErr_SetWERROR(werr);
+		talloc_free(frame);
+		return NULL;
+	}
+
+	talloc_free(frame);
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_dsdb_dns_replace_by_dn(PyObject *self, PyObject *args)
+{
+	struct ldb_context *samdb;
+	PyObject *py_ldb, *py_dn, *py_dns_records;
+	TALLOC_CTX *frame;
+	WERROR werr;
+	int ret;
+	struct ldb_dn *dn;
+	struct dnsp_DnssrvRpcRecord *records;
+	uint16_t num_records;
+
+	/*
+	 * TODO: This is a shocking abuse, but matches what the
+	 * internal DNS server does, it should be pushed into
+	 * dns_common_replace()
+	 */
+	static const int serial = 110;
+
+	if (!PyArg_ParseTuple(args, "OOO", &py_ldb, &py_dn, &py_dns_records)) {
+		return NULL;
+	}
+	PyErr_LDB_OR_RAISE(py_ldb, samdb);
+
+	PyErr_LDB_DN_OR_RAISE(py_dn, dn);
+
+	frame = talloc_stackframe();
+
+	ret = py_dnsp_DnssrvRpcRecord_get_array(py_dns_records,
+						frame,
+						&records, &num_records);
+	if (ret != 0) {
+		talloc_free(frame);
+		return NULL;
+	}
+
+	werr = dns_common_replace(samdb,
+				  frame,
+				  dn,
+				  false, /* Not adding a node */
+				  serial,
+				  records,
+				  num_records);
+	if (!W_ERROR_IS_OK(werr)) {
+		PyErr_SetWERROR(werr);
+		talloc_free(frame);
+		return NULL;
+	}
+
+	talloc_free(frame);
+
+	Py_RETURN_NONE;
+}
+
+
+static PyObject *py_dsdb_dns_records_match(PyObject *self, PyObject *args)
+{
+	PyObject *py_recs[2];
+	struct dnsp_DnssrvRpcRecord *rec1;
+	struct dnsp_DnssrvRpcRecord *rec2;
+	size_t i;
+	bool type_correct;
+	bool match;
+
+	if (!PyArg_ParseTuple(args, "OO", &py_recs[0], &py_recs[1])) {
+		return NULL;
+	}
+
+	for (i = 0; i < 2; i++) {
+		type_correct = py_check_dcerpc_type(py_recs[i],
+						    "samba.dcerpc.dnsp",
+						    "DnssrvRpcRecord");
+		if (! type_correct) {
+			PyErr_SetString(PyExc_ValueError,
+					"DnssrvRpcRecord expected");
+			return NULL;
+		}
+	}
+
+	rec1 = (struct dnsp_DnssrvRpcRecord *)pytalloc_get_ptr(py_recs[0]);
+	rec2 = (struct dnsp_DnssrvRpcRecord *)pytalloc_get_ptr(py_recs[1]);
+
+	match = dns_record_match(rec1, rec2);
+	return PyBool_FromLong(match);
+}
+
+
+static PyObject *py_dsdb_dns_unix_to_dns_timestamp(PyObject *self, PyObject *args)
+{
+	uint32_t timestamp;
+	time_t t;
+	long long lt;
+
+	if (!PyArg_ParseTuple(args, "L", &lt)) {
+		return NULL;
+	}
+
+	t = lt;
+	if (t != lt) {
+		/* time_t is presumably 32 bit here */
+		PyErr_SetString(PyExc_ValueError, "Time out of range");
+		return NULL;
+	}
+	timestamp = unix_to_dns_timestamp(t);
+	return Py_BuildValue("k", (unsigned long) timestamp);
+}
+
+static PyObject *py_dsdb_dns_timestamp_to_nt_time(PyObject *self, PyObject *args)
+{
+	unsigned long long timestamp;
+	NTSTATUS status;
+	NTTIME nt;
+	if (!PyArg_ParseTuple(args, "K", &timestamp)) {
+		return NULL;
+	}
+
+	if (timestamp > UINT32_MAX) {
+		PyErr_SetString(PyExc_ValueError, "Time out of range");
+		return NULL;
+	}
+	status = dns_timestamp_to_nt_time(&nt, (uint32_t)timestamp);
+	if (!NT_STATUS_IS_OK(status)) {
+		PyErr_SetString(PyExc_ValueError, "Time out of range");
+		return NULL;
+	}
+	return Py_BuildValue("L", (long long) nt);
+}
+
+
+static PyMethodDef py_dsdb_dns_methods[] = {
+
+	{ "lookup", PY_DISCARD_FUNC_SIG(PyCFunction, py_dsdb_dns_lookup),
+	        METH_VARARGS|METH_KEYWORDS,
+	        "Get the DNS database entries for a DNS name"},
+	{ "replace", (PyCFunction)py_dsdb_dns_replace,
+		METH_VARARGS, "Replace the DNS database entries for a DNS name"},
+	{ "replace_by_dn", (PyCFunction)py_dsdb_dns_replace_by_dn,
+		METH_VARARGS, "Replace the DNS database entries for a LDB DN"},
+	{ "records_match", (PyCFunction)py_dsdb_dns_records_match,
+	  METH_VARARGS|METH_KEYWORDS,
+	  "Decide whether two records match, according to dns update rules"},
+	{ "extract", (PyCFunction)py_dsdb_dns_extract,
+		METH_VARARGS, "Return the DNS database entry as a python structure from an Ldb.MessageElement of type dnsRecord"},
+	{ "unix_to_dns_timestamp", (PyCFunction)py_dsdb_dns_unix_to_dns_timestamp,
+	  METH_VARARGS,
+	  "Convert a time.time() value to a dns timestamp (hours since 1601)"},
+	{ "dns_timestamp_to_nt_time", (PyCFunction)py_dsdb_dns_timestamp_to_nt_time,
+	  METH_VARARGS,
+	  "Convert a dns timestamp to an NTTIME value"},
+	{0}
+};
+
+static struct PyModuleDef moduledef = {
+    PyModuleDef_HEAD_INIT,
+    .m_name = "dsdb_dns",
+    .m_doc = "Python bindings for the DNS objects in the directory service databases.",
+    .m_size = -1,
+    .m_methods = py_dsdb_dns_methods,
+};
+
+MODULE_INIT_FUNC(dsdb_dns)
+{
+	PyObject *m;
+
+	m = PyModule_Create(&moduledef);
+
+	if (m == NULL)
+		return NULL;
+
+	return m;
+}
diff --git a/source4/dns_server/wscript_build b/source4/dns_server/wscript_build
new file mode 100644
index 0000000..ab0a241
--- /dev/null
+++ b/source4/dns_server/wscript_build
@@ -0,0 +1,98 @@
+#!/usr/bin/env python
+
+# dnsserver_common is enabled without the ad-dc to prevent imports from failing
+# when samba-tool is called where the ad-dc was not built. The server-side dns
+# code is used in the client when we do direct LDAP modification of DNS records.
+bld.SAMBA_LIBRARY('dnsserver_common',
+        source='dnsserver_common.c',
+        deps='samba-util samba-errors ldbsamba clidns',
+        private_library=True
+        )
+
+bld.SAMBA_MODULE('service_dns',
+        source='dns_server.c dns_query.c dns_update.c dns_utils.c dns_crypto.c',
+        subsystem='service',
+        init_function='server_service_dns_init',
+        deps='samba-hostconfig LIBTSOCKET LIBSAMBA_TSOCKET ldbsamba clidns gensec auth samba_server_gensec dnsserver_common',
+        local_include=False,
+        internal_module=False,
+        enabled=bld.AD_DC_BUILD_IS_ENABLED()
+        )
+
+# a bind9 dlz module giving access to the Samba DNS SAM
+bld.SAMBA_LIBRARY('dlz_bind9_10',
+                  source='dlz_bind9.c',
+                  cflags='-DBIND_VERSION_9_10',
+                  private_library=True,
+                  link_name='modules/bind9/dlz_bind9_10.so',
+                  realname='dlz_bind9_10.so',
+                  install_path='${MODULESDIR}/bind9',
+                  deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
+                  enabled=bld.AD_DC_BUILD_IS_ENABLED())
+
+bld.SAMBA_LIBRARY('dlz_bind9_11',
+                  source='dlz_bind9.c',
+                  cflags='-DBIND_VERSION_9_11',
+                  private_library=True,
+                  link_name='modules/bind9/dlz_bind9_11.so',
+                  realname='dlz_bind9_11.so',
+                  install_path='${MODULESDIR}/bind9',
+                  deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
+                  enabled=bld.AD_DC_BUILD_IS_ENABLED())
+
+bld.SAMBA_LIBRARY('dlz_bind9_12',
+                  source='dlz_bind9.c',
+                  cflags='-DBIND_VERSION_9_12',
+                  private_library=True,
+                  link_name='modules/bind9/dlz_bind9_12.so',
+                  realname='dlz_bind9_12.so',
+                  install_path='${MODULESDIR}/bind9',
+                  deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
+                  enabled=bld.AD_DC_BUILD_IS_ENABLED())
+
+bld.SAMBA_LIBRARY('dlz_bind9_14',
+                  source='dlz_bind9.c',
+                  cflags='-DBIND_VERSION_9_14',
+                  private_library=True,
+                  link_name='modules/bind9/dlz_bind9_14.so',
+                  realname='dlz_bind9_14.so',
+                  install_path='${MODULESDIR}/bind9',
+                  deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
+                  enabled=bld.AD_DC_BUILD_IS_ENABLED())
+
+bld.SAMBA_LIBRARY('dlz_bind9_16',
+                  source='dlz_bind9.c',
+                  cflags='-DBIND_VERSION_9_16',
+                  private_library=True,
+                  link_name='modules/bind9/dlz_bind9_16.so',
+                  realname='dlz_bind9_16.so',
+                  install_path='${MODULESDIR}/bind9',
+                  deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
+                  enabled=bld.AD_DC_BUILD_IS_ENABLED())
+
+bld.SAMBA_LIBRARY('dlz_bind9_18',
+                  source='dlz_bind9.c',
+                  cflags='-DBIND_VERSION_9_18',
+                  private_library=True,
+                  link_name='modules/bind9/dlz_bind9_18.so',
+                  realname='dlz_bind9_18.so',
+                  install_path='${MODULESDIR}/bind9',
+                  deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
+                  enabled=bld.AD_DC_BUILD_IS_ENABLED())
+
+bld.SAMBA_LIBRARY('dlz_bind9_for_torture',
+                  source='dlz_bind9.c',
+                  cflags='-DBIND_VERSION_9_16',
+                  private_library=True,
+                  deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
+                  enabled=bld.AD_DC_BUILD_IS_ENABLED())
+
+pyldb_util = bld.pyembed_libname('pyldb-util')
+pyrpc_util = bld.pyembed_libname('pyrpc_util')
+pytalloc_util = bld.pyembed_libname('pytalloc-util')
+
+bld.SAMBA_PYTHON('python_dsdb_dns',
+                 source='pydns.c',
+                 deps='samdb %s %s dnsserver_common %s' % (
+                     pyldb_util, pyrpc_util, pytalloc_util),
+                 realname='samba/dsdb_dns.so')
diff --git a/source4/dsdb/common/dsdb_access.c b/source4/dsdb/common/dsdb_access.c
new file mode 100644
index 0000000..6edae35
--- /dev/null
+++ b/source4/dsdb/common/dsdb_access.c
@@ -0,0 +1,183 @@
+/*
+  ldb database library
+
+  Copyright (C) Nadezhda Ivanova 2010
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 3 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: dsdb_access
+ *
+ *  Description: utility functions for access checking on objects
+ *
+ *  Authors: Nadezhda Ivanova
+ */
+
+#include "includes.h"
+#include "ldb.h"
+#include "ldb_module.h"
+#include "ldb_errors.h"
+#include "libcli/security/security.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "libcli/ldap/ldap_ndr.h"
+#include "param/param.h"
+#include "auth/auth.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
+
+void dsdb_acl_debug(struct security_descriptor *sd,
+		      struct security_token *token,
+		      struct ldb_dn *dn,
+		      bool denied,
+		      int level)
+{
+	if (denied) {
+		DEBUG(level, ("Access on %s denied\n", ldb_dn_get_linearized(dn)));
+	} else {
+		DEBUG(level, ("Access on %s granted\n", ldb_dn_get_linearized(dn)));
+	}
+
+	DEBUG(level,("Security context: %s\n",
+		     ndr_print_struct_string(0,(ndr_print_fn_t)ndr_print_security_token,"", token)));
+	DEBUG(level,("Security descriptor: %s\n",
+		     ndr_print_struct_string(0,(ndr_print_fn_t)ndr_print_security_descriptor,"", sd)));
+}
+
+int dsdb_get_sd_from_ldb_message(struct ldb_context *ldb,
+				 TALLOC_CTX *mem_ctx,
+				 struct ldb_message *acl_res,
+				 struct security_descriptor **sd)
+{
+	struct ldb_message_element *sd_element;
+	enum ndr_err_code ndr_err;
+
+	sd_element = ldb_msg_find_element(acl_res, "nTSecurityDescriptor");
+	if (sd_element == NULL) {
+		return ldb_error(ldb, LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS,
+				 "nTSecurityDescriptor is missing");
+	}
+	*sd = talloc(mem_ctx, struct security_descriptor);
+	if(!*sd) {
+		return ldb_oom(ldb);
+	}
+	ndr_err = ndr_pull_struct_blob(&sd_element->values[0], *sd, *sd,
+				       (ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
+
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		TALLOC_FREE(*sd);
+		return ldb_operr(ldb);
+	}
+
+	return LDB_SUCCESS;
+}
+
+int dsdb_check_access_on_dn_internal(struct ldb_context *ldb,
+				     struct ldb_result *acl_res,
+				     TALLOC_CTX *mem_ctx,
+				     struct security_token *token,
+				     struct ldb_dn *dn,
+				     uint32_t access_mask,
+				     const struct GUID *guid)
+{
+	struct security_descriptor *sd = NULL;
+	struct dom_sid *sid = NULL;
+	struct object_tree *root = NULL;
+	NTSTATUS status;
+	uint32_t access_granted;
+	int ret;
+
+	ret = dsdb_get_sd_from_ldb_message(ldb, mem_ctx, acl_res->msgs[0], &sd);
+	if (ret != LDB_SUCCESS) {
+		return ldb_operr(ldb);
+	}
+
+	sid = samdb_result_dom_sid(mem_ctx, acl_res->msgs[0], "objectSid");
+	if (guid) {
+		if (!insert_in_object_tree(mem_ctx, guid, access_mask, NULL,
+					   &root)) {
+			TALLOC_FREE(sd);
+			TALLOC_FREE(sid);
+			return ldb_operr(ldb);
+		}
+	}
+	status = sec_access_check_ds(sd, token,
+				     access_mask,
+				     &access_granted,
+				     root,
+				     sid);
+	if (!NT_STATUS_IS_OK(status)) {
+		dsdb_acl_debug(sd,
+			       token,
+			       dn,
+			       true,
+			       10);
+		ldb_asprintf_errstring(ldb,
+				       "dsdb_access: Access check failed on %s",
+				       ldb_dn_get_linearized(dn));
+		TALLOC_FREE(sd);
+		TALLOC_FREE(sid);
+		return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
+	}
+	return LDB_SUCCESS;
+}
+
+/* performs an access check from outside the module stack
+ * given the dn of the object to be checked, the required access
+ * guid is either the guid of the extended right, or NULL
+ */
+
+int dsdb_check_access_on_dn(struct ldb_context *ldb,
+			    TALLOC_CTX *mem_ctx,
+			    struct ldb_dn *dn,
+			    struct security_token *token,
+			    uint32_t access_mask,
+			    const char *ext_right)
+{
+	int ret;
+	struct GUID guid;
+	struct ldb_result *acl_res;
+	static const char *acl_attrs[] = {
+		"nTSecurityDescriptor",
+		"objectSid",
+		NULL
+	};
+
+	if (ext_right != NULL) {
+		NTSTATUS status = GUID_from_string(ext_right, &guid);
+		if (!NT_STATUS_IS_OK(status)) {
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+	}
+
+	/*
+	 * We need AS_SYSTEM in order to get the nTSecurityDescriptor attribute.
+	 * Also the result of this search not controlled by the client
+	 * nor is the result exposed to the client.
+	 */
+	ret = dsdb_search_dn(ldb, mem_ctx, &acl_res, dn, acl_attrs,
+			     DSDB_FLAG_AS_SYSTEM | DSDB_SEARCH_SHOW_RECYCLED);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(10,("access_check: failed to find object %s\n", ldb_dn_get_linearized(dn)));
+		return ret;
+	}
+
+	return dsdb_check_access_on_dn_internal(ldb, acl_res,
+						mem_ctx,
+						token,
+						dn,
+						access_mask,
+						ext_right ? &guid : NULL);
+}
+
diff --git a/source4/dsdb/common/dsdb_dn.c b/source4/dsdb/common/dsdb_dn.c
new file mode 100644
index 0000000..63a8628
--- /dev/null
+++ b/source4/dsdb/common/dsdb_dn.c
@@ -0,0 +1,571 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+
+   Copyright (C) Andrew Tridgell 2009
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "dsdb/samdb/samdb.h"
+#include <ldb_module.h>
+#include "librpc/ndr/libndr.h"
+#include "libcli/security/dom_sid.h"
+#include "lib/util/smb_strtox.h"
+
+enum dsdb_dn_format dsdb_dn_oid_to_format(const char *oid) 
+{
+	if (strcmp(oid, LDB_SYNTAX_DN) == 0) {
+		return DSDB_NORMAL_DN;
+	} else if (strcmp(oid, DSDB_SYNTAX_BINARY_DN) == 0) {
+		return DSDB_BINARY_DN;
+	} else if (strcmp(oid, DSDB_SYNTAX_STRING_DN) == 0) {
+		return DSDB_STRING_DN;
+	} else if (strcmp(oid, DSDB_SYNTAX_OR_NAME) == 0) {
+		return DSDB_NORMAL_DN;
+	} else {
+		return DSDB_INVALID_DN;
+	}
+}
+
+static struct dsdb_dn *dsdb_dn_construct_internal(TALLOC_CTX *mem_ctx, 
+						  struct ldb_dn *dn, 
+						  DATA_BLOB extra_part, 
+						  enum dsdb_dn_format dn_format, 
+						  const char *oid) 
+{
+	struct dsdb_dn *dsdb_dn = NULL;
+
+	switch (dn_format) {
+	case DSDB_BINARY_DN:
+	case DSDB_STRING_DN:
+		break;
+	case DSDB_NORMAL_DN:
+		if (extra_part.length != 0) {
+			errno = EINVAL;
+			return NULL;
+		}
+		break;
+	case DSDB_INVALID_DN:
+	default:
+		errno = EINVAL;
+		return NULL;
+	}
+
+	dsdb_dn = talloc(mem_ctx, struct dsdb_dn);
+	if (!dsdb_dn) {
+		errno = ENOMEM;
+		return NULL;
+	}
+	dsdb_dn->dn = talloc_steal(dsdb_dn, dn);
+	dsdb_dn->extra_part = extra_part;
+	dsdb_dn->dn_format = dn_format;
+
+	dsdb_dn->oid = oid;
+	talloc_steal(dsdb_dn, extra_part.data);
+	return dsdb_dn;
+}
+
+struct dsdb_dn *dsdb_dn_construct(TALLOC_CTX *mem_ctx, struct ldb_dn *dn, DATA_BLOB extra_part, 
+				  const char *oid) 
+{
+	enum dsdb_dn_format dn_format = dsdb_dn_oid_to_format(oid);
+	return dsdb_dn_construct_internal(mem_ctx, dn, extra_part, dn_format, oid);
+}
+
+struct dsdb_dn *dsdb_dn_parse_trusted(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, 
+				      const struct ldb_val *dn_blob, const char *dn_oid)
+{
+	struct dsdb_dn *dsdb_dn;
+	struct ldb_dn *dn;
+	size_t len;
+	TALLOC_CTX *tmp_ctx;
+	char *p1;
+	char *p2;
+	uint32_t blen;
+	struct ldb_val bval;
+	struct ldb_val dval;
+	char *dn_str;
+	int error = 0;
+
+	enum dsdb_dn_format dn_format = dsdb_dn_oid_to_format(dn_oid);
+
+	if (dn_blob == NULL || dn_blob->data == NULL || dn_blob->length == 0) {
+		return NULL;
+	}
+
+	switch (dn_format) {
+	case DSDB_INVALID_DN:
+		return NULL;
+	case DSDB_NORMAL_DN:
+	{
+		dn = ldb_dn_from_ldb_val(mem_ctx, ldb, dn_blob);
+		if (!dn) {
+			talloc_free(dn);
+			return NULL;
+		}
+		return dsdb_dn_construct_internal(mem_ctx, dn, data_blob_null, dn_format, dn_oid);
+	}
+	case DSDB_BINARY_DN:
+		if (dn_blob->length < 2 || dn_blob->data[0] != 'B' || dn_blob->data[1] != ':') {
+			return NULL;
+		}
+		break;
+	case DSDB_STRING_DN:
+		if (dn_blob->length < 2 || dn_blob->data[0] != 'S' || dn_blob->data[1] != ':') {
+			return NULL;
+		}
+		break;
+	default:
+		return NULL;
+	}
+
+	if (strlen((const char*)dn_blob->data) != dn_blob->length) {
+		/* The RDN must not contain a character with value 0x0 */
+		return NULL;
+	}
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		return NULL;
+	}
+
+	len = dn_blob->length - 2;
+	p1 = talloc_strndup(tmp_ctx, (const char *)dn_blob->data + 2, len);
+	if (!p1) {
+		goto failed;
+	}
+
+	errno = 0;
+	blen = smb_strtoul(p1, &p2, 10, &error, SMB_STR_STANDARD);
+	if (error != 0) {
+		DEBUG(10, (__location__ ": failed\n"));
+		goto failed;
+	}
+	if (p2 == NULL) {
+		DEBUG(10, (__location__ ": failed\n"));
+		goto failed;
+	}
+	if (p2[0] != ':') {
+		DEBUG(10, (__location__ ": failed\n"));
+		goto failed;
+	}
+	len -= PTR_DIFF(p2,p1);//???
+	p1 = p2+1;
+	len--;
+		
+	if (blen >= len) {
+		DEBUG(10, (__location__ ": blen=%u len=%u\n", (unsigned)blen, (unsigned)len));
+		goto failed;
+	}
+		
+	p2 = p1 + blen;
+	if (p2[0] != ':') {
+		DEBUG(10, (__location__ ": %s", p2));
+		goto failed;
+	}
+	dn_str = p2+1;
+		
+		
+	switch (dn_format) {
+	case DSDB_BINARY_DN:
+		if ((blen % 2 != 0)) {
+			DEBUG(10, (__location__ ": blen=%u - not an even number\n", (unsigned)blen));
+			goto failed;
+		}
+		
+		if (blen >= 2) {
+			bval.length = (blen/2)+1;
+			bval.data = talloc_size(tmp_ctx, bval.length);
+			if (bval.data == NULL) {
+				DEBUG(10, (__location__ ": err\n"));
+				goto failed;
+			}
+			bval.data[bval.length-1] = 0;
+		
+			bval.length = strhex_to_str((char *)bval.data, bval.length,
+						    p1, blen);
+			if (bval.length != (blen / 2)) {
+				DEBUG(10, (__location__ ": non hexadecimal characters found in binary prefix\n"));
+				goto failed;
+			}
+		} else {
+			bval = data_blob_null;
+		}
+
+		break;
+	case DSDB_STRING_DN:
+		bval = data_blob(p1, blen);
+		break;
+	default:
+		/* never reached */
+		return NULL;
+	}
+	
+
+	dval.data = (uint8_t *)dn_str;
+	dval.length = strlen(dn_str);
+		
+	dn = ldb_dn_from_ldb_val(tmp_ctx, ldb, &dval);
+	if (!dn) {
+		DEBUG(10, (__location__ ": err\n"));
+		goto failed;
+	}
+		
+	dsdb_dn = dsdb_dn_construct(mem_ctx, dn, bval, dn_oid);
+		
+	talloc_free(tmp_ctx);
+	return dsdb_dn;
+
+failed:
+	talloc_free(tmp_ctx);
+	return NULL;
+}
+
+struct dsdb_dn *dsdb_dn_parse(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, 
+			      const struct ldb_val *dn_blob, const char *dn_oid)
+{
+	struct dsdb_dn *dsdb_dn = dsdb_dn_parse_trusted(mem_ctx, ldb,
+							dn_blob, dn_oid);
+	if (dsdb_dn == NULL) {
+		return NULL;
+	}
+	if (ldb_dn_validate(dsdb_dn->dn) == false) {
+		DEBUG(10, ("could not parse %.*s as a %s DN\n",
+			   (int)dn_blob->length, dn_blob->data,
+			   dn_oid));
+		return NULL;
+	}
+	return dsdb_dn;
+}
+
+static char *dsdb_dn_get_with_postfix(TALLOC_CTX *mem_ctx, 
+				     struct dsdb_dn *dsdb_dn,
+				     const char *postfix)
+{
+	if (!postfix) {
+		return NULL;
+	}
+
+	switch (dsdb_dn->dn_format) {
+	case DSDB_NORMAL_DN:
+	{
+		return talloc_strdup(mem_ctx, postfix);
+	}
+	case DSDB_BINARY_DN:
+	{
+		char *hexstr = data_blob_hex_string_upper(mem_ctx, &dsdb_dn->extra_part);
+	
+		char *p = talloc_asprintf(mem_ctx, "B:%u:%s:%s", (unsigned)(dsdb_dn->extra_part.length*2), hexstr, 
+					  postfix);
+		talloc_free(hexstr);
+		return p;
+	}
+	case DSDB_STRING_DN:
+	{
+		return talloc_asprintf(mem_ctx, "S:%u:%*.*s:%s", 
+				    (unsigned)(dsdb_dn->extra_part.length), 
+				    (int)(dsdb_dn->extra_part.length), 
+				    (int)(dsdb_dn->extra_part.length), 
+				    (const char *)dsdb_dn->extra_part.data, 
+				    postfix);
+	}
+	default:
+		return NULL;
+	}
+}
+
+char *dsdb_dn_get_linearized(TALLOC_CTX *mem_ctx, 
+			      struct dsdb_dn *dsdb_dn)
+{
+	const char *postfix = ldb_dn_get_linearized(dsdb_dn->dn);
+	return dsdb_dn_get_with_postfix(mem_ctx, dsdb_dn, postfix);
+}
+
+char *dsdb_dn_get_casefold(TALLOC_CTX *mem_ctx, 
+			   struct dsdb_dn *dsdb_dn) 
+{
+	const char *postfix = ldb_dn_get_casefold(dsdb_dn->dn);
+	return dsdb_dn_get_with_postfix(mem_ctx, dsdb_dn, postfix);
+}
+
+char *dsdb_dn_get_extended_linearized(TALLOC_CTX *mem_ctx, 
+				      struct dsdb_dn *dsdb_dn,
+				      int mode)
+{
+	char *postfix = ldb_dn_get_extended_linearized(mem_ctx, dsdb_dn->dn, mode);
+	char *ret = dsdb_dn_get_with_postfix(mem_ctx, dsdb_dn, postfix);
+	talloc_free(postfix);
+	return ret;
+}
+
+int dsdb_dn_binary_canonicalise(struct ldb_context *ldb, void *mem_ctx,
+				const struct ldb_val *in, struct ldb_val *out)
+{
+	struct dsdb_dn *dsdb_dn = dsdb_dn_parse(mem_ctx, ldb, in, DSDB_SYNTAX_BINARY_DN);
+	
+	if (!dsdb_dn) {
+		return -1;
+	}
+	*out = data_blob_string_const(dsdb_dn_get_casefold(mem_ctx, dsdb_dn));
+	talloc_free(dsdb_dn);
+	if (!out->data) {
+		return -1;
+	}
+	return 0;
+}
+
+int dsdb_dn_binary_comparison(struct ldb_context *ldb, void *mem_ctx,
+				     const struct ldb_val *v1,
+				     const struct ldb_val *v2)
+{
+	return ldb_any_comparison(ldb, mem_ctx, dsdb_dn_binary_canonicalise, v1, v2);
+}
+
+int dsdb_dn_string_canonicalise(struct ldb_context *ldb, void *mem_ctx,
+				const struct ldb_val *in, struct ldb_val *out)
+{
+	struct dsdb_dn *dsdb_dn = dsdb_dn_parse(mem_ctx, ldb, in, DSDB_SYNTAX_STRING_DN);
+	
+	if (!dsdb_dn) {
+		return -1;
+	}
+	*out = data_blob_string_const(dsdb_dn_get_casefold(mem_ctx, dsdb_dn));
+	talloc_free(dsdb_dn);
+	if (!out->data) {
+		return -1;
+	}
+	return 0;
+}
+
+int dsdb_dn_string_comparison(struct ldb_context *ldb, void *mem_ctx,
+				     const struct ldb_val *v1,
+				     const struct ldb_val *v2)
+{
+	return ldb_any_comparison(ldb, mem_ctx, dsdb_dn_string_canonicalise, v1, v2);
+}
+
+/*
+ * format a drsuapi_DsReplicaObjectIdentifier naming context as a string for debugging
+ *
+ * When forming a DN for DB access you must use drs_ObjectIdentifier_to_dn()
+ */
+char *drs_ObjectIdentifier_to_debug_string(TALLOC_CTX *mem_ctx,
+					   struct drsuapi_DsReplicaObjectIdentifier *nc)
+{
+	char *ret = NULL;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	if (!GUID_all_zero(&nc->guid)) {
+		char *guid = GUID_string(tmp_ctx, &nc->guid);
+		if (guid) {
+			ret = talloc_asprintf_append(ret, "<GUID=%s>;", guid);
+		}
+	}
+	if (nc->__ndr_size_sid != 0 && nc->sid.sid_rev_num != 0) {
+		const char *sid = dom_sid_string(tmp_ctx, &nc->sid);
+		if (sid) {
+			ret = talloc_asprintf_append(ret, "<SID=%s>;", sid);
+		}
+	}
+	if (nc->__ndr_size_dn != 0 && nc->dn) {
+		ret = talloc_asprintf_append(ret, "%s", nc->dn);
+	}
+	talloc_free(tmp_ctx);
+	talloc_steal(mem_ctx, ret);
+	return ret;
+}
+
+/*
+ * Safely convert a drsuapi_DsReplicaObjectIdentifier into an LDB DN
+ *
+ * We need to have GUID and SID priority and not allow extended
+ * components in the DN.
+ *
+ * We must also totally honour the priority even if the string DN is not valid or able to parse as a DN.
+ */
+static struct ldb_dn *drs_ObjectIdentifier_to_dn(TALLOC_CTX *mem_ctx,
+						 struct ldb_context *ldb,
+						 struct drsuapi_DsReplicaObjectIdentifier *nc)
+{
+	struct ldb_dn *new_dn = NULL;
+
+	if (!GUID_all_zero(&nc->guid)) {
+		struct GUID_txt_buf buf;
+		char *guid = GUID_buf_string(&nc->guid, &buf);
+
+		new_dn = ldb_dn_new_fmt(mem_ctx,
+					ldb,
+					"<GUID=%s>",
+					guid);
+		if (new_dn == NULL) {
+			DBG_ERR("Failed to prepare drs_ObjectIdentifier "
+				"GUID %s into a DN\n",
+				guid);
+			return NULL;
+		}
+
+		return new_dn;
+	}
+
+	if (nc->__ndr_size_sid != 0 && nc->sid.sid_rev_num != 0) {
+		struct dom_sid_buf buf;
+		char *sid = dom_sid_str_buf(&nc->sid, &buf);
+
+		new_dn = ldb_dn_new_fmt(mem_ctx,
+					ldb,
+					"<SID=%s>",
+					sid);
+		if (new_dn == NULL) {
+			DBG_ERR("Failed to prepare drs_ObjectIdentifier "
+				"SID %s into a DN\n",
+				sid);
+			return NULL;
+		}
+		return new_dn;
+	}
+
+	if (nc->__ndr_size_dn != 0 && nc->dn) {
+		int dn_comp_num = 0;
+		bool new_dn_valid = false;
+
+		new_dn = ldb_dn_new(mem_ctx, ldb, nc->dn);
+		if (new_dn == NULL) {
+			/* Set to WARNING as this is user-controlled, don't print the value into the logs */
+			DBG_WARNING("Failed to parse string DN in "
+				    "drs_ObjectIdentifier into an LDB DN\n");
+			return NULL;
+		}
+
+		new_dn_valid = ldb_dn_validate(new_dn);
+		if (!new_dn_valid) {
+			/*
+			 * Set to WARNING as this is user-controlled,
+			 * but can print the value into the logs as it
+			 * parsed a bit
+			 */
+			DBG_WARNING("Failed to validate string DN [%s] in "
+				    "drs_ObjectIdentifier as an LDB DN\n",
+				    ldb_dn_get_linearized(new_dn));
+			return NULL;
+		}
+
+		dn_comp_num = ldb_dn_get_comp_num(new_dn);
+		if (dn_comp_num <= 0) {
+			/*
+			 * Set to WARNING as this is user-controlled,
+			 * but can print the value into the logs as it
+			 * parsed a bit
+			 */
+			DBG_WARNING("DN [%s] in drs_ObjectIdentifier "
+				    "must have 1 or more components\n",
+				    ldb_dn_get_linearized(new_dn));
+			return NULL;
+		}
+
+		if (ldb_dn_is_special(new_dn)) {
+			/*
+			 * Set to WARNING as this is user-controlled,
+			 * but can print the value into the logs as it
+			 * parsed a bit
+			 */
+			DBG_WARNING("New string DN [%s] in "
+				    "drs_ObjectIdentifier is a "
+				    "special LDB DN\n",
+				    ldb_dn_get_linearized(new_dn));
+			return NULL;
+		}
+
+		/*
+		 * We want this just to be a string DN, extended
+		 * components are manually handled above
+		 */
+		if (ldb_dn_has_extended(new_dn)) {
+			/*
+			 * Set to WARNING as this is user-controlled,
+			 * but can print the value into the logs as it
+			 * parsed a bit
+			 */
+			DBG_WARNING("Refusing to parse New string DN [%s] in "
+				    "drs_ObjectIdentifier as an "
+				    "extended LDB DN "
+				    "(GUIDs and SIDs should be in the "
+				    ".guid and .sid IDL elements, "
+				    "not in the string\n",
+				    ldb_dn_get_extended_linearized(mem_ctx,
+								   new_dn,
+								   1));
+			return NULL;
+		}
+		return new_dn;
+	}
+
+	DBG_WARNING("Refusing to parse empty string DN "
+		    "(and no GUID or SID) "
+		    "drs_ObjectIdentifier into a empty "
+		    "(eg RootDSE) LDB DN\n");
+	return NULL;
+}
+
+/*
+ * Safely convert a drsuapi_DsReplicaObjectIdentifier into a validated
+ * LDB DN of an existing DB entry, and/or find the NC root
+ *
+ * We need to have GUID and SID priority and not allow extended
+ * components in the DN.
+ *
+ * We must also totally honour the priority even if the string DN is
+ * not valid or able to parse as a DN.
+ *
+ * Finally, we must return the DN as found in the DB, as otherwise a
+ * subsequence ldb_dn_compare(dn, nc_root) will fail (as this is based
+ * on the string components).
+ */
+int drs_ObjectIdentifier_to_dn_and_nc_root(TALLOC_CTX *mem_ctx,
+					   struct ldb_context *ldb,
+					   struct drsuapi_DsReplicaObjectIdentifier *nc,
+					   struct ldb_dn **normalised_dn,
+					   struct ldb_dn **nc_root)
+{
+	int ret;
+	struct ldb_dn *new_dn = NULL;
+
+	new_dn = drs_ObjectIdentifier_to_dn(mem_ctx,
+					    ldb,
+					    nc);
+	if (new_dn == NULL) {
+		return LDB_ERR_INVALID_DN_SYNTAX;
+	}
+
+	ret = dsdb_normalise_dn_and_find_nc_root(ldb,
+						 mem_ctx,
+						 new_dn,
+						 normalised_dn,
+						 nc_root);
+	if (ret != LDB_SUCCESS) {
+		/*
+		 * dsdb_normalise_dn_and_find_nc_root() sets LDB error
+		 * strings, and the functions it calls do also
+		 */
+		DBG_NOTICE("Failed to find DN \"%s\" -> \"%s\" for normalisation: %s (%s)\n",
+			   drs_ObjectIdentifier_to_debug_string(mem_ctx, nc),
+			   ldb_dn_get_extended_linearized(mem_ctx, new_dn, 1),
+			   ldb_errstring(ldb),
+			   ldb_strerror(ret));
+	}
+
+	TALLOC_FREE(new_dn);
+	return ret;
+}
diff --git a/source4/dsdb/common/dsdb_dn.h b/source4/dsdb/common/dsdb_dn.h
new file mode 100644
index 0000000..f98e3e7
--- /dev/null
+++ b/source4/dsdb/common/dsdb_dn.h
@@ -0,0 +1,21 @@
+struct dsdb_dn {
+	struct ldb_dn *dn;
+	DATA_BLOB extra_part;
+	enum dsdb_dn_format dn_format;
+	const char *oid;
+};
+
+#define DSDB_SYNTAX_BINARY_DN	"1.2.840.113556.1.4.903"
+#define DSDB_SYNTAX_STRING_DN	"1.2.840.113556.1.4.904"
+#define DSDB_SYNTAX_OR_NAME	"1.2.840.113556.1.4.1221"
+#define DSDB_SYNTAX_ACCESS_POINT	"1.3.6.1.4.1.1466.115.121.1.2"
+
+
+/* RMD_FLAGS component in a DN */
+#define DSDB_RMD_FLAG_DELETED     1
+/*
+ * This is used on a backlink attribute
+ * if the backlink is not allowed on
+ * the objectClass
+ */
+#define DSDB_RMD_FLAG_HIDDEN_BL   2
diff --git a/source4/dsdb/common/rodc_helper.c b/source4/dsdb/common/rodc_helper.c
new file mode 100644
index 0000000..b4982ae
--- /dev/null
+++ b/source4/dsdb/common/rodc_helper.c
@@ -0,0 +1,284 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   common sid helper functions
+
+   Copyright (C) Catalyst.NET Ltd 2017
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "rpc_server/dcerpc_server.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "source4/dsdb/samdb/samdb.h"
+#include "libcli/security/security.h"
+
+/*
+  see if any SIDs in list1 are in list2
+ */
+static bool sid_list_match(uint32_t num_sids1,
+			   const struct dom_sid *list1,
+			   uint32_t num_sids2,
+			   const struct dom_sid *list2)
+{
+	unsigned int i, j;
+	/* do we ever have enough SIDs here to worry about O(n^2) ? */
+	for (i=0; i < num_sids1; i++) {
+		for (j=0; j < num_sids2; j++) {
+			if (dom_sid_equal(&list1[i], &list2[j])) {
+				return true;
+			}
+		}
+	}
+	return false;
+}
+
+/*
+ * Return an array of SIDs from a ldb_message given an attribute name assumes
+ * the SIDs are in NDR form (with primary_sid applied on the start).
+ */
+static WERROR samdb_result_sid_array_ndr(struct ldb_context *sam_ctx,
+					 struct ldb_message *msg,
+					 TALLOC_CTX *mem_ctx,
+					 const char *attr,
+					 uint32_t *num_sids,
+					 struct dom_sid **sids,
+					 const struct dom_sid *primary_sid)
+{
+	struct ldb_message_element *el;
+	unsigned int i;
+
+	el = ldb_msg_find_element(msg, attr);
+	if (!el) {
+		*sids = NULL;
+		return WERR_OK;
+	}
+
+	/* Make array long enough for NULL and additional SID */
+	(*sids) = talloc_array(mem_ctx, struct dom_sid,
+			       el->num_values + 1);
+	W_ERROR_HAVE_NO_MEMORY(*sids);
+
+	(*sids)[PRIMARY_USER_SID_INDEX] = *primary_sid;
+
+	for (i = 0; i<el->num_values; i++) {
+		enum ndr_err_code ndr_err;
+		struct dom_sid sid = { 0, };
+
+		ndr_err = ndr_pull_struct_blob_all_noalloc(&el->values[i], &sid,
+					       (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			return WERR_INTERNAL_DB_CORRUPTION;
+		}
+		/* Primary SID is already in position zero. */
+		(*sids)[i+1] = sid;
+	}
+
+	*num_sids = i+1;
+
+	return WERR_OK;
+}
+
+/*
+  return an array of SIDs from a ldb_message given an attribute name
+  assumes the SIDs are in extended DN format
+ */
+WERROR samdb_result_sid_array_dn(struct ldb_context *sam_ctx,
+				 const struct ldb_message *msg,
+				 TALLOC_CTX *mem_ctx,
+				 const char *attr,
+				 uint32_t *num_sids,
+				 struct dom_sid **sids)
+{
+	struct ldb_message_element *el;
+	unsigned int i;
+
+	el = ldb_msg_find_element(msg, attr);
+	if (!el) {
+		*sids = NULL;
+		return WERR_OK;
+	}
+
+	(*sids) = talloc_array(mem_ctx, struct dom_sid, el->num_values + 1);
+	W_ERROR_HAVE_NO_MEMORY(*sids);
+
+	for (i=0; i<el->num_values; i++) {
+		struct ldb_dn *dn = ldb_dn_from_ldb_val(mem_ctx, sam_ctx, &el->values[i]);
+		NTSTATUS status;
+		struct dom_sid sid = { 0, };
+
+		status = dsdb_get_extended_dn_sid(dn, &sid, "SID");
+		if (!NT_STATUS_IS_OK(status)) {
+			return WERR_INTERNAL_DB_CORRUPTION;
+		}
+		(*sids)[i] = sid;
+	}
+	*num_sids = i;
+
+	return WERR_OK;
+}
+
+WERROR samdb_confirm_rodc_allowed_to_repl_to_sid_list(struct ldb_context *sam_ctx,
+						      const struct dom_sid *rodc_machine_account_sid,
+						      const struct ldb_message *rodc_msg,
+						      const struct ldb_message *obj_msg,
+						      uint32_t num_token_sids,
+						      const struct dom_sid *token_sids)
+{
+	uint32_t num_never_reveal_sids, num_reveal_sids;
+	struct dom_sid *never_reveal_sids, *reveal_sids;
+	TALLOC_CTX *frame = talloc_stackframe();
+	WERROR werr;
+	uint32_t rodc_uac;
+	
+	/*
+	 * We are not allowed to get anyone elses krbtgt secrets (and
+	 * in callers that don't shortcut before this, the RODC should
+	 * not deal with any krbtgt)
+	 */
+	if (samdb_result_dn(sam_ctx, frame,
+			    obj_msg, "msDS-KrbTgtLinkBL", NULL)) {
+		TALLOC_FREE(frame);
+		DBG_INFO("Denied attempt to replicate to/act as a RODC krbtgt trust account %s using RODC: %s\n",
+			 ldb_dn_get_linearized(obj_msg->dn),
+			 ldb_dn_get_linearized(rodc_msg->dn));
+		return WERR_DS_DRA_SECRETS_DENIED;
+	}
+
+	if (ldb_msg_find_attr_as_uint(obj_msg,
+				      "userAccountControl", 0) &
+	    UF_INTERDOMAIN_TRUST_ACCOUNT) {
+		DBG_INFO("Denied attempt to replicate to/act as a inter-domain trust account %s using RODC: %s\n",
+			 ldb_dn_get_linearized(obj_msg->dn),
+			 ldb_dn_get_linearized(rodc_msg->dn));
+		TALLOC_FREE(frame);
+		return WERR_DS_DRA_SECRETS_DENIED;
+	}
+
+	/* Be very sure the RODC is really an RODC */
+	rodc_uac = ldb_msg_find_attr_as_uint(rodc_msg,
+					     "userAccountControl",
+					     0);
+	if ((rodc_uac & UF_PARTIAL_SECRETS_ACCOUNT)
+	    != UF_PARTIAL_SECRETS_ACCOUNT) {
+		DBG_ERR("Attempt to use an RODC account that is not an RODC: %s\n",
+			ldb_dn_get_linearized(rodc_msg->dn));
+		TALLOC_FREE(frame);
+		return WERR_DOMAIN_CONTROLLER_NOT_FOUND;
+	}
+
+	werr = samdb_result_sid_array_dn(sam_ctx, rodc_msg,
+					 frame, "msDS-NeverRevealGroup",
+					 &num_never_reveal_sids,
+					 &never_reveal_sids);
+	if (!W_ERROR_IS_OK(werr)) {
+		DBG_ERR("Failed to parse msDS-NeverRevealGroup on %s: %s\n",
+			ldb_dn_get_linearized(rodc_msg->dn),
+			win_errstr(werr));
+		TALLOC_FREE(frame);
+		return WERR_DS_DRA_SECRETS_DENIED;
+	}
+
+	werr = samdb_result_sid_array_dn(sam_ctx, rodc_msg,
+					 frame, "msDS-RevealOnDemandGroup",
+					 &num_reveal_sids,
+					 &reveal_sids);
+	if (!W_ERROR_IS_OK(werr)) {
+		DBG_ERR("Failed to parse msDS-RevealOnDemandGroup on %s: %s\n",
+			ldb_dn_get_linearized(rodc_msg->dn),
+			win_errstr(werr));
+		TALLOC_FREE(frame);
+		return WERR_DS_DRA_SECRETS_DENIED;
+	}
+
+	/* The RODC can replicate and print tickets for itself. */
+	if (dom_sid_equal(&token_sids[PRIMARY_USER_SID_INDEX], rodc_machine_account_sid)) {
+		TALLOC_FREE(frame);
+		return WERR_OK;
+	}
+
+	if (never_reveal_sids &&
+	    sid_list_match(num_token_sids,
+			   token_sids,
+			   num_never_reveal_sids,
+			   never_reveal_sids)) {
+		TALLOC_FREE(frame);
+		return WERR_DS_DRA_SECRETS_DENIED;
+	}
+
+	if (reveal_sids &&
+	    sid_list_match(num_token_sids,
+			   token_sids,
+			   num_reveal_sids,
+			   reveal_sids)) {
+		TALLOC_FREE(frame);
+		return WERR_OK;
+	}
+
+	TALLOC_FREE(frame);
+	return WERR_DS_DRA_SECRETS_DENIED;
+
+}
+
+/*
+ * This is a wrapper for the above that pulls in the tokenGroups
+ * rather than relying on the caller providing those
+ */
+WERROR samdb_confirm_rodc_allowed_to_repl_to(struct ldb_context *sam_ctx,
+					     struct dom_sid *rodc_machine_account_sid,
+					     struct ldb_message *rodc_msg,
+					     struct ldb_message *obj_msg)
+{
+	TALLOC_CTX *frame = talloc_stackframe();
+	WERROR werr;
+	uint32_t num_token_sids;
+	struct dom_sid *token_sids;
+	const struct dom_sid *object_sid = NULL;
+
+	object_sid = samdb_result_dom_sid(frame,
+					  obj_msg,
+					  "objectSid");
+	if (object_sid == NULL) {
+		return WERR_DS_DRA_BAD_DN;
+	}
+	
+	/*
+	 * The SID list needs to include itself as well as the tokenGroups.
+	 *
+	 * TODO determine if sIDHistory is required for this check
+	 */
+	werr = samdb_result_sid_array_ndr(sam_ctx,
+					  obj_msg,
+					  frame, "tokenGroups",
+					  &num_token_sids,
+					  &token_sids,
+					  object_sid);
+	if (!W_ERROR_IS_OK(werr) || token_sids==NULL) {
+		DBG_ERR("Failed to get tokenGroups on %s to confirm access via RODC %s: %s\n",
+			ldb_dn_get_linearized(obj_msg->dn),
+			ldb_dn_get_linearized(rodc_msg->dn),
+			win_errstr(werr));
+		return WERR_DS_DRA_SECRETS_DENIED;
+	}
+
+	werr = samdb_confirm_rodc_allowed_to_repl_to_sid_list(sam_ctx,
+							      rodc_machine_account_sid,
+							      rodc_msg,
+							      obj_msg,
+							      num_token_sids,
+							      token_sids);
+	TALLOC_FREE(frame);
+	return werr;
+}
diff --git a/source4/dsdb/common/tests/dsdb.c b/source4/dsdb/common/tests/dsdb.c
new file mode 100644
index 0000000..8b20b4d
--- /dev/null
+++ b/source4/dsdb/common/tests/dsdb.c
@@ -0,0 +1,93 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Test DSDB search
+
+   Copyright (C) Andrew Bartlet <abartlet@samba.org> 2019
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <ldb_module.h>
+#include "ldb_wrap.h"
+#include "param/param.h"
+#include "param/loadparm.h"
+#include "torture/smbtorture.h"
+#include "torture/dsdb_proto.h"
+#include "auth/auth.h"
+
+bool torture_ldb_no_attrs(struct torture_context *torture)
+{
+	struct ldb_context *ldb;
+	int ret;
+	struct ldb_request *req;
+	struct ldb_result *ctx;
+	struct ldb_dn *dn;
+	const char *attrs[] = { NULL };
+
+	struct auth_session_info *session;
+	struct dom_sid domain_sid;
+	const char *path;
+
+	path = lpcfg_private_path(NULL, torture->lp_ctx, "sam.ldb");
+	torture_assert(torture, path != NULL,
+		       "Couldn't find sam.ldb. Run with -s $SERVERCONFFILE");
+
+	domain_sid = global_sid_Builtin;
+	session = admin_session(NULL, torture->lp_ctx, &domain_sid);
+	ldb = ldb_wrap_connect(torture, torture->ev, torture->lp_ctx,
+			       path, session, NULL, 0);
+	torture_assert(torture, ldb, "Failed to connect to LDB target");
+
+	ctx = talloc_zero(ldb, struct ldb_result);
+
+	dn = ldb_get_default_basedn(ldb);
+	ldb_dn_add_child_fmt(dn, "cn=users");
+	ret = ldb_build_search_req(&req, ldb, ctx, dn, LDB_SCOPE_SUBTREE,
+				   "(objectClass=*)", attrs, NULL,
+				   ctx, ldb_search_default_callback, NULL);
+	torture_assert(torture, ret == LDB_SUCCESS,
+		       "Failed to build search request");
+	ldb_req_mark_untrusted(req);
+
+	ret = ldb_request(ldb, req);
+	torture_assert(torture, ret == LDB_SUCCESS, ldb_errstring(ldb));
+
+	ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+	torture_assert(torture, ret == LDB_SUCCESS, ldb_errstring(ldb));
+
+	torture_assert(torture, ctx->count > 0, "Users container empty");
+	torture_assert_int_equal(torture, ctx->msgs[0]->num_elements, 0,
+				 "Attributes returned for request "
+				 "with empty attribute list");
+
+	return true;
+}
+
+NTSTATUS torture_dsdb_init(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "dsdb");
+
+	if (suite == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	torture_suite_add_simple_test(suite, "no_attrs", torture_ldb_no_attrs);
+
+	suite->description = talloc_strdup(suite, "DSDB tests");
+
+	torture_register_suite(mem_ctx, suite);
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/dsdb/common/tests/dsdb_dn.c b/source4/dsdb/common/tests/dsdb_dn.c
new file mode 100644
index 0000000..66c7e12
--- /dev/null
+++ b/source4/dsdb/common/tests/dsdb_dn.c
@@ -0,0 +1,374 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Test LDB attribute functions
+
+   Copyright (C) Andrew Bartlet <abartlet@samba.org> 2008
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include <ldb.h>
+#include <ldb_errors.h>
+#include "lib/ldb-samba/ldif_handlers.h"
+#include "ldb_wrap.h"
+#include "dsdb/samdb/samdb.h"
+#include "param/param.h"
+#include "torture/smbtorture.h"
+#include "torture/local/proto.h"
+
+#define DSDB_DN_TEST_SID "S-1-5-21-4177067393-1453636373-93818737"
+
+static bool torture_dsdb_dn_attrs(struct torture_context *torture)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(torture);
+	struct ldb_context *ldb;
+	const struct ldb_schema_syntax *syntax;
+	struct ldb_val dn1, dn2, dn3;
+
+	torture_assert(torture, 
+		       ldb = ldb_init(mem_ctx, torture->ev),
+		       "Failed to init ldb");
+
+	torture_assert_int_equal(torture, 
+				 ldb_register_samba_handlers(ldb), LDB_SUCCESS,
+				 "Failed to register Samba handlers");
+
+	ldb_set_utf8_fns(ldb, NULL, wrap_casefold);
+
+	/* Test DN+Binary behaviour */
+	torture_assert(torture, syntax = ldb_samba_syntax_by_name(ldb, DSDB_SYNTAX_BINARY_DN), 
+		       "Failed to get DN+Binary schema attribute");
+	/* Test compare with different case of HEX string */
+	dn1 = data_blob_string_const("B:6:abcdef:dc=samba,dc=org");
+	dn2 = data_blob_string_const("B:6:ABCDef:dc=samba,dc=org");
+	torture_assert_int_equal(torture, 
+				 syntax->comparison_fn(ldb, mem_ctx, &dn1, &dn2), 0,
+				 "Failed to compare different case of binary in DN+Binary");
+	torture_assert_int_equal(torture, 
+				 syntax->canonicalise_fn(ldb, mem_ctx, &dn1, &dn3), 0,
+				 "Failed to canonicalise DN+Binary");
+	torture_assert_data_blob_equal(torture, dn3, data_blob_string_const("B:6:ABCDEF:DC=SAMBA,DC=ORG"), 
+				       "Failed to canonicalise DN+Binary");
+	/* Test compare with different case of DN */
+	dn1 = data_blob_string_const("B:6:abcdef:dc=samba,dc=org");
+	dn2 = data_blob_string_const("B:6:abcdef:dc=SAMBa,dc=ORg");
+	torture_assert_int_equal(torture, 
+				 syntax->comparison_fn(ldb, mem_ctx, &dn1, &dn2), 0,
+				 "Failed to compare different case of DN in DN+Binary");
+	
+	/* Test compare (false) with binary and non-binary prefix */
+	dn1 = data_blob_string_const("B:6:abcdef:dc=samba,dc=org");
+	dn2 = data_blob_string_const("dc=samba,dc=org");
+	torture_assert(torture, 
+		       syntax->comparison_fn(ldb, mem_ctx, &dn1, &dn2) != 0,
+		       "compare of binary+dn an dn should have failed");
+
+	/* Test compare (false) with different binary prefix */
+	dn1 = data_blob_string_const("B:6:abcdef:dc=samba,dc=org");
+	dn2 = data_blob_string_const("B:4:abcd:dc=samba,dc=org");
+	torture_assert(torture,
+		       syntax->comparison_fn(ldb, mem_ctx, &dn1, &dn2) != 0,
+		       "compare of binary+dn an dn should have failed");
+
+	/* Test DN+String behaviour */
+	torture_assert(torture, syntax = ldb_samba_syntax_by_name(ldb, DSDB_SYNTAX_STRING_DN), 
+		       "Failed to get DN+String schema attribute");
+	
+	/* Test compare with different case of string */
+	dn1 = data_blob_string_const("S:8:hihohiho:dc=samba,dc=org");
+	dn2 = data_blob_string_const("S:8:HIHOHIHO:dc=samba,dc=org");
+	torture_assert(torture, 
+		       syntax->comparison_fn(ldb, mem_ctx, &dn1, &dn2) != 0,
+		       "compare of string+dn an different case of string+dn should have failed");
+
+	/* Test compare with different case of DN */
+	dn1 = data_blob_string_const("S:8:hihohiho:dc=samba,dc=org");
+	dn2 = data_blob_string_const("S:8:hihohiho:dc=SAMBA,dc=org");
+	torture_assert_int_equal(torture, 
+				 syntax->comparison_fn(ldb, mem_ctx, &dn1, &dn2), 0,
+				 "Failed to compare different case of DN in DN+String");
+	torture_assert_int_equal(torture, 
+				 syntax->canonicalise_fn(ldb, mem_ctx, &dn1, &dn3), 0,
+				 "Failed to canonicalise DN+String");
+	torture_assert_data_blob_equal(torture, dn3, data_blob_string_const("S:8:hihohiho:DC=SAMBA,DC=ORG"), 
+				       "Failed to canonicalise DN+String");
+
+	/* Test compare (false) with string and non-string prefix */
+	dn1 = data_blob_string_const("S:6:abcdef:dc=samba,dc=org");
+	dn2 = data_blob_string_const("dc=samba,dc=org");
+	torture_assert(torture, 
+		       syntax->comparison_fn(ldb, mem_ctx, &dn1, &dn2) != 0,
+		       "compare of string+dn an dn should have failed");
+
+	/* Test compare (false) with different string prefix */
+	dn1 = data_blob_string_const("S:6:abcdef:dc=samba,dc=org");
+	dn2 = data_blob_string_const("S:6:abcXYZ:dc=samba,dc=org");
+	torture_assert(torture,
+		       syntax->comparison_fn(ldb, mem_ctx, &dn1, &dn2) != 0,
+		       "compare of string+dn an dn should have failed");
+
+	talloc_free(mem_ctx);
+	return true;
+}
+
+static bool torture_dsdb_dn_valid(struct torture_context *torture)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(torture);
+	struct ldb_context *ldb;
+	struct ldb_dn *dn;
+	struct dsdb_dn *dsdb_dn;
+
+	struct ldb_val val;
+
+	DATA_BLOB abcd_blob = data_blob_talloc(mem_ctx, "\xa\xb\xc\xd", 4);
+
+	torture_assert(torture, 
+		       ldb = ldb_init(mem_ctx, torture->ev),
+		       "Failed to init ldb");
+
+	torture_assert_int_equal(torture, 
+				 ldb_register_samba_handlers(ldb), LDB_SUCCESS,
+				 "Failed to register Samba handlers");
+
+	ldb_set_utf8_fns(ldb, NULL, wrap_casefold);
+
+	/* Check behaviour of a normal DN */
+	torture_assert(torture, 
+		       dn = ldb_dn_new(mem_ctx, ldb, NULL), 
+		       "Failed to create a NULL DN");
+	torture_assert(torture, 
+		       ldb_dn_validate(dn),
+		       "Failed to validate NULL DN");
+	torture_assert(torture, 
+		       ldb_dn_add_base_fmt(dn, "dc=org"), 
+		       "Failed to add base DN");
+	torture_assert(torture, 
+		       ldb_dn_add_child_fmt(dn, "dc=samba"), 
+		       "Failed to add base DN");
+	torture_assert_str_equal(torture, ldb_dn_get_linearized(dn), "dc=samba,dc=org", 
+				 "linearized DN incorrect");
+	torture_assert(torture, dsdb_dn =  dsdb_dn_construct(mem_ctx, dn, data_blob_null, LDB_SYNTAX_DN), 
+		"Failed to build dsdb dn");
+	torture_assert_str_equal(torture, dsdb_dn_get_extended_linearized(mem_ctx, dsdb_dn, 0), "dc=samba,dc=org", 
+				 "extended linearized DN incorrect");
+	torture_assert_str_equal(torture, dsdb_dn_get_linearized(mem_ctx, dsdb_dn), "dc=samba,dc=org", 
+				 "linearized DN incorrect");
+	torture_assert_str_equal(torture, dsdb_dn_get_casefold(mem_ctx, dsdb_dn), "DC=SAMBA,DC=ORG", 
+				 "casefold DN incorrect");
+
+
+	/* Test constructing a binary DN */
+	torture_assert(torture, dsdb_dn = dsdb_dn_construct(mem_ctx, dn, abcd_blob, DSDB_SYNTAX_BINARY_DN), 
+		       "Failed to build binary dsdb dn");
+	torture_assert_str_equal(torture, dsdb_dn_get_extended_linearized(mem_ctx, dsdb_dn, 0), "B:8:0A0B0C0D:dc=samba,dc=org", 
+				 "extended linearized DN incorrect");
+	torture_assert_str_equal(torture, dsdb_dn_get_linearized(mem_ctx, dsdb_dn), "B:8:0A0B0C0D:dc=samba,dc=org", 
+				 "linearized DN incorrect");
+	torture_assert_str_equal(torture, dsdb_dn_get_casefold(mem_ctx, dsdb_dn), "B:8:0A0B0C0D:DC=SAMBA,DC=ORG", 
+				 "casefold DN incorrect");
+	torture_assert_int_equal(torture, dsdb_dn->extra_part.length, 4, "length of extra-part should be 2");
+		
+
+	/* Test constructing a string DN */
+	torture_assert(torture, dsdb_dn =  dsdb_dn_construct(mem_ctx, dn, data_blob_talloc(mem_ctx, "hello", 5), DSDB_SYNTAX_STRING_DN),
+		       "Failed to build string dsdb dn");
+	torture_assert_str_equal(torture, dsdb_dn_get_extended_linearized(mem_ctx, dsdb_dn, 0), "S:5:hello:dc=samba,dc=org", 
+				 "extended linearized DN incorrect");
+	torture_assert_str_equal(torture, dsdb_dn_get_linearized(mem_ctx, dsdb_dn), "S:5:hello:dc=samba,dc=org", 
+				 "linearized DN incorrect");
+	torture_assert_str_equal(torture, dsdb_dn_get_casefold(mem_ctx, dsdb_dn), "S:5:hello:DC=SAMBA,DC=ORG", 
+				 "casefold DN incorrect");
+	torture_assert_int_equal(torture, dsdb_dn->extra_part.length, 5, "length of extra-part should be 5");
+
+
+	/* Test compose of binary+DN */
+	val = data_blob_string_const("B:0::CN=Zer0,DC=SAMBA,DC=org");
+	torture_assert(torture,
+		       dsdb_dn = dsdb_dn_parse(mem_ctx, ldb, &val,
+				     DSDB_SYNTAX_BINARY_DN),
+		       "Failed to create a DN with a zero binary part in it");
+	torture_assert_int_equal(torture, dsdb_dn->extra_part.length, 0, "length of extra-part should be 0");
+	torture_assert_str_equal(torture, dsdb_dn_get_extended_linearized(mem_ctx, dsdb_dn, 0), "B:0::CN=Zer0,DC=SAMBA,DC=org", 
+				 "extended linearized DN incorrect");
+	torture_assert_str_equal(torture, dsdb_dn_get_linearized(mem_ctx, dsdb_dn), "B:0::CN=Zer0,DC=SAMBA,DC=org", 
+				 "linearized DN incorrect");
+	torture_assert_str_equal(torture, dsdb_dn_get_casefold(mem_ctx, dsdb_dn), "B:0::CN=ZER0,DC=SAMBA,DC=ORG", 
+				 "casefold DN incorrect");
+
+	/* Test parse of binary DN */
+	val = data_blob_string_const("B:8:abcdabcd:CN=4,DC=Samba,DC=org");
+	torture_assert(torture,
+		       dsdb_dn = dsdb_dn_parse(mem_ctx, ldb, &val,
+				     DSDB_SYNTAX_BINARY_DN),
+		       "Failed to create a DN with a binary part in it");
+	torture_assert_int_equal(torture, dsdb_dn->extra_part.length, 4, "length of extra-part should be 4");
+
+	torture_assert_str_equal(torture, dsdb_dn_get_extended_linearized(mem_ctx, dsdb_dn, 0), "B:8:ABCDABCD:CN=4,DC=Samba,DC=org", 
+				 "extended linearized DN incorrect");
+	torture_assert_str_equal(torture, dsdb_dn_get_linearized(mem_ctx, dsdb_dn), "B:8:ABCDABCD:CN=4,DC=Samba,DC=org", 
+				 "linearized DN incorrect");
+	torture_assert_str_equal(torture, dsdb_dn_get_casefold(mem_ctx, dsdb_dn), "B:8:ABCDABCD:CN=4,DC=SAMBA,DC=ORG", 
+				 "casefold DN incorrect");
+
+	/* Test parse of string+DN */
+	val = data_blob_string_const("S:8:Goodbye!:CN=S,DC=Samba,DC=org");
+	torture_assert(torture,
+		       dsdb_dn = dsdb_dn_parse(mem_ctx, ldb, &val,
+				     DSDB_SYNTAX_STRING_DN),
+		       "Failed to create a DN with a string part in it");
+	torture_assert_int_equal(torture, dsdb_dn->extra_part.length, 8, "length of extra-part should be 8");
+	torture_assert_str_equal(torture, dsdb_dn_get_extended_linearized(mem_ctx, dsdb_dn, 0), "S:8:Goodbye!:CN=S,DC=Samba,DC=org", 
+				 "extended linearized DN incorrect");
+
+	/* Test that the linearised DN is the postfix of the lineairsed dsdb_dn */
+	torture_assert_str_equal(torture, ldb_dn_get_extended_linearized(mem_ctx, dsdb_dn->dn, 0), "CN=S,DC=Samba,DC=org", 
+				 "extended linearized DN incorrect");
+	torture_assert_str_equal(torture, dsdb_dn_get_linearized(mem_ctx, dsdb_dn), "S:8:Goodbye!:CN=S,DC=Samba,DC=org", 
+				 "linearized DN incorrect");
+	torture_assert_str_equal(torture, ldb_dn_get_linearized(dsdb_dn->dn), "CN=S,DC=Samba,DC=org", 
+				 "linearized DN incorrect");
+	torture_assert_str_equal(torture, dsdb_dn_get_casefold(mem_ctx, dsdb_dn), "S:8:Goodbye!:CN=S,DC=SAMBA,DC=ORG", 
+				 "casefold DN incorrect");
+
+	/* Test that the casefold DN is the postfix of the casefolded dsdb_dn */
+	torture_assert_str_equal(torture, ldb_dn_get_casefold(dsdb_dn->dn), "CN=S,DC=SAMBA,DC=ORG", 
+				 "casefold DN incorrect");
+
+	talloc_free(mem_ctx);
+	return true;
+}
+
+static bool torture_dsdb_dn_invalid(struct torture_context *torture)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(torture);
+	struct ldb_context *ldb;
+	struct ldb_val val;
+
+	torture_assert(torture, 
+		       ldb = ldb_init(mem_ctx, torture->ev),
+		       "Failed to init ldb");
+
+	torture_assert_int_equal(torture, 
+				 ldb_register_samba_handlers(ldb), LDB_SUCCESS,
+				 "Failed to register Samba handlers");
+
+	ldb_set_utf8_fns(ldb, NULL, wrap_casefold);
+
+	/* Check behaviour of a normal DN */
+	val = data_blob_string_const("samba,dc=org");
+	torture_assert(torture, 
+		       dsdb_dn_parse(mem_ctx, ldb, &val, LDB_SYNTAX_DN) == NULL, 
+		       "Should have failed to create a 'normal' invalid DN");
+
+	/* Test invalid binary DNs */
+	val = data_blob_string_const("B:5:AB:dc=samba,dc=org");
+	torture_assert(torture, 
+		       dsdb_dn_parse(mem_ctx, ldb, &val,
+				     DSDB_SYNTAX_BINARY_DN) == NULL, 
+		       "Should have Failed to create an invalid 'binary' DN");
+	val = data_blob_string_const("B:5:ABCDEFG:dc=samba,dc=org");
+	torture_assert(torture, 
+		       dsdb_dn_parse(mem_ctx, ldb, &val,
+				     DSDB_SYNTAX_BINARY_DN) == NULL, 
+		       "Should have Failed to create an invalid 'binary' DN");
+	val = data_blob_string_const("B:10:AB:dc=samba,dc=org");
+	torture_assert(torture, 
+		       dsdb_dn_parse(mem_ctx, ldb, &val,
+				     DSDB_SYNTAX_BINARY_DN) == NULL, 
+		       "Should have Failed to create an invalid 'binary' DN");
+	val = data_blob_string_const("B:4:0xAB:dc=samba,dc=org");
+	torture_assert(torture, 
+		       dsdb_dn_parse(mem_ctx, ldb, &val,
+				     DSDB_SYNTAX_BINARY_DN) == NULL, 
+		       "Should have Failed to create an invalid 0x preifx 'binary' DN");
+	val = data_blob_string_const("B:2:0xAB:dc=samba,dc=org");
+	torture_assert(torture, 
+		       dsdb_dn_parse(mem_ctx, ldb, &val,
+				     DSDB_SYNTAX_BINARY_DN) == NULL, 
+		       "Should have Failed to create an invalid 0x preifx 'binary' DN");
+	val = data_blob_string_const("B:10:XXXXXXXXXX:dc=samba,dc=org");
+	torture_assert(torture, 
+		       dsdb_dn_parse(mem_ctx, ldb, &val,
+				     DSDB_SYNTAX_BINARY_DN) == NULL, 
+		       "Should have Failed to create an invalid 'binary' DN");
+
+	val = data_blob_string_const("B:60::dc=samba,dc=org");
+	torture_assert(torture, 
+		       dsdb_dn_parse(mem_ctx, ldb, &val,
+				     DSDB_SYNTAX_BINARY_DN) == NULL, 
+		       "Should have Failed to create an invalid 'binary' DN");
+
+	/* Test invalid string DNs */
+	val = data_blob_string_const("S:5:hi:dc=samba,dc=org");
+	torture_assert(torture, 
+		       dsdb_dn_parse(mem_ctx, ldb, &val,
+				     DSDB_SYNTAX_STRING_DN) == NULL, 
+		       "Should have Failed to create an invalid 'string' DN");
+	val = data_blob_string_const("S:5:hihohiho:dc=samba,dc=org");
+	torture_assert(torture, 
+		       dsdb_dn_parse(mem_ctx, ldb, &val,
+				     DSDB_SYNTAX_STRING_DN) == NULL, 
+		       "Should have Failed to create an invalid 'string' DN");
+
+	val = data_blob_string_const("<SID=" DSDB_DN_TEST_SID">;dc=samba,dc=org");
+	torture_assert(torture, 
+		       dsdb_dn_parse(mem_ctx, ldb, &val, DSDB_SYNTAX_BINARY_DN) == NULL, 
+		       "Should have failed to create an 'extended' DN marked as a binary DN");
+
+	/* Check DN based on MS-ADTS:3.1.1.5.1.2 Naming Constraints*/
+	val = data_blob_string_const("CN=New\nLine,DC=SAMBA,DC=org");
+
+	/* changed to a warning until we understand the DEL: DNs */
+	if (dsdb_dn_parse(mem_ctx, ldb, &val, LDB_SYNTAX_DN) != NULL) {
+		torture_warning(torture,
+				"Should have Failed to create a DN with 0xA in it");
+	}
+
+	val = data_blob_string_const("B:4:ABAB:CN=New\nLine,DC=SAMBA,DC=org");
+	torture_assert(torture,
+		       dsdb_dn_parse(mem_ctx, ldb, &val, LDB_SYNTAX_DN) == NULL,
+		       "Should have Failed to create a DN with 0xA in it");
+
+	val = data_blob_const("CN=Zer\0,DC=SAMBA,DC=org", 23);
+	torture_assert(torture,
+		       dsdb_dn_parse(mem_ctx, ldb, &val, LDB_SYNTAX_DN) == NULL,
+		       "Should have Failed to create a DN with 0x0 in it");
+
+	val = data_blob_const("B:4:ABAB:CN=Zer\0,DC=SAMBA,DC=org", 23+9);
+	torture_assert(torture,
+		       dsdb_dn_parse(mem_ctx, ldb, &val, DSDB_SYNTAX_BINARY_DN) == NULL,
+		       "Should have Failed to create a DN with 0x0 in it");
+
+	return true;
+}
+
+struct torture_suite *torture_dsdb_dn(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "dsdb.dn");
+
+	if (suite == NULL) {
+		return NULL;
+	}
+
+	torture_suite_add_simple_test(suite, "valid", torture_dsdb_dn_valid);
+	torture_suite_add_simple_test(suite, "invalid", torture_dsdb_dn_invalid);
+	torture_suite_add_simple_test(suite, "attrs", torture_dsdb_dn_attrs);
+
+	suite->description = talloc_strdup(suite, "DSDB DN tests");
+
+	return suite;
+}
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
new file mode 100644
index 0000000..7030d9c
--- /dev/null
+++ b/source4/dsdb/common/util.c
@@ -0,0 +1,6796 @@
+/*
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+
+   Copyright (C) Andrew Tridgell 2004
+   Copyright (C) Volker Lendecke 2004
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2006
+   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "events/events.h"
+#include "ldb.h"
+#include "ldb_module.h"
+#include "ldb_errors.h"
+#include "../lib/util/util_ldb.h"
+#include "../lib/crypto/crypto.h"
+#include "dsdb/samdb/samdb.h"
+#include "libcli/security/security.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "../libds/common/flags.h"
+#include "dsdb/common/proto.h"
+#include "libcli/ldap/ldap_ndr.h"
+#include "param/param.h"
+#include "libcli/auth/libcli_auth.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "system/locale.h"
+#include "system/filesys.h"
+#include "lib/util/tsort.h"
+#include "dsdb/common/util.h"
+#include "lib/socket/socket.h"
+#include "librpc/gen_ndr/irpc.h"
+#include "libds/common/flag_mapping.h"
+#include "lib/util/access.h"
+#include "lib/util/sys_rw_data.h"
+#include "libcli/util/ntstatus.h"
+#include "lib/util/smb_strtox.h"
+#include "auth/auth.h"
+
+#undef strncasecmp
+#undef strcasecmp
+
+/*
+ * This included to allow us to handle DSDB_FLAG_REPLICATED_UPDATE in
+ * dsdb_request_add_controls()
+ */
+#include "dsdb/samdb/ldb_modules/util.h"
+
+/* default is 30 minutes: -1e7 * 30 * 60 */
+#define DEFAULT_OBSERVATION_WINDOW              (-18000000000)
+
+/*
+  search the sam for the specified attributes in a specific domain, filter on
+  objectSid being in domain_sid.
+*/
+int samdb_search_domain(struct ldb_context *sam_ldb,
+			TALLOC_CTX *mem_ctx,
+			struct ldb_dn *basedn,
+			struct ldb_message ***res,
+			const char * const *attrs,
+			const struct dom_sid *domain_sid,
+			const char *format, ...)  _PRINTF_ATTRIBUTE(7,8)
+{
+	va_list ap;
+	int i, count;
+
+	va_start(ap, format);
+	count = gendb_search_v(sam_ldb, mem_ctx, basedn,
+			       res, attrs, format, ap);
+	va_end(ap);
+
+	i=0;
+
+	while (i<count) {
+		struct dom_sid *entry_sid;
+
+		entry_sid = samdb_result_dom_sid(mem_ctx, (*res)[i], "objectSid");
+
+		if ((entry_sid == NULL) ||
+		    (!dom_sid_in_domain(domain_sid, entry_sid))) {
+			/* Delete that entry from the result set */
+			(*res)[i] = (*res)[count-1];
+			count -= 1;
+			talloc_free(entry_sid);
+			continue;
+		}
+		talloc_free(entry_sid);
+		i += 1;
+	}
+
+	return count;
+}
+
+/*
+  search the sam for a single string attribute in exactly 1 record
+*/
+const char *samdb_search_string_v(struct ldb_context *sam_ldb,
+				  TALLOC_CTX *mem_ctx,
+				  struct ldb_dn *basedn,
+				  const char *attr_name,
+				  const char *format, va_list ap) _PRINTF_ATTRIBUTE(5,0)
+{
+	int count;
+	const char *attrs[2] = { NULL, NULL };
+	struct ldb_message **res = NULL;
+
+	attrs[0] = attr_name;
+
+	count = gendb_search_v(sam_ldb, mem_ctx, basedn, &res, attrs, format, ap);
+	if (count > 1) {
+		DEBUG(1,("samdb: search for %s %s not single valued (count=%d)\n",
+			 attr_name, format, count));
+	}
+	if (count != 1) {
+		talloc_free(res);
+		return NULL;
+	}
+
+	return ldb_msg_find_attr_as_string(res[0], attr_name, NULL);
+}
+
+/*
+  search the sam for a single string attribute in exactly 1 record
+*/
+const char *samdb_search_string(struct ldb_context *sam_ldb,
+				TALLOC_CTX *mem_ctx,
+				struct ldb_dn *basedn,
+				const char *attr_name,
+				const char *format, ...) _PRINTF_ATTRIBUTE(5,6)
+{
+	va_list ap;
+	const char *str;
+
+	va_start(ap, format);
+	str = samdb_search_string_v(sam_ldb, mem_ctx, basedn, attr_name, format, ap);
+	va_end(ap);
+
+	return str;
+}
+
+struct ldb_dn *samdb_search_dn(struct ldb_context *sam_ldb,
+			       TALLOC_CTX *mem_ctx,
+			       struct ldb_dn *basedn,
+			       const char *format, ...) _PRINTF_ATTRIBUTE(4,5)
+{
+	va_list ap;
+	struct ldb_dn *ret;
+	struct ldb_message **res = NULL;
+	int count;
+
+	va_start(ap, format);
+	count = gendb_search_v(sam_ldb, mem_ctx, basedn, &res, NULL, format, ap);
+	va_end(ap);
+
+	if (count != 1) return NULL;
+
+	ret = talloc_steal(mem_ctx, res[0]->dn);
+	talloc_free(res);
+
+	return ret;
+}
+
+/*
+  search the sam for a dom_sid attribute in exactly 1 record
+*/
+struct dom_sid *samdb_search_dom_sid(struct ldb_context *sam_ldb,
+				     TALLOC_CTX *mem_ctx,
+				     struct ldb_dn *basedn,
+				     const char *attr_name,
+				     const char *format, ...) _PRINTF_ATTRIBUTE(5,6)
+{
+	va_list ap;
+	int count;
+	struct ldb_message **res;
+	const char *attrs[2] = { NULL, NULL };
+	struct dom_sid *sid;
+
+	attrs[0] = attr_name;
+
+	va_start(ap, format);
+	count = gendb_search_v(sam_ldb, mem_ctx, basedn, &res, attrs, format, ap);
+	va_end(ap);
+	if (count > 1) {
+		DEBUG(1,("samdb: search for %s %s not single valued (count=%d)\n",
+			 attr_name, format, count));
+	}
+	if (count != 1) {
+		talloc_free(res);
+		return NULL;
+	}
+	sid = samdb_result_dom_sid(mem_ctx, res[0], attr_name);
+	talloc_free(res);
+	return sid;
+}
+
+/*
+  search the sam for a single integer attribute in exactly 1 record
+*/
+unsigned int samdb_search_uint(struct ldb_context *sam_ldb,
+			 TALLOC_CTX *mem_ctx,
+			 unsigned int default_value,
+			 struct ldb_dn *basedn,
+			 const char *attr_name,
+			 const char *format, ...) _PRINTF_ATTRIBUTE(6,7)
+{
+	va_list ap;
+	int count;
+	struct ldb_message **res;
+	const char *attrs[2] = { NULL, NULL };
+
+	attrs[0] = attr_name;
+
+	va_start(ap, format);
+	count = gendb_search_v(sam_ldb, mem_ctx, basedn, &res, attrs, format, ap);
+	va_end(ap);
+
+	if (count != 1) {
+		return default_value;
+	}
+
+	return ldb_msg_find_attr_as_uint(res[0], attr_name, default_value);
+}
+
+/*
+  search the sam for a single signed 64 bit integer attribute in exactly 1 record
+*/
+int64_t samdb_search_int64(struct ldb_context *sam_ldb,
+			   TALLOC_CTX *mem_ctx,
+			   int64_t default_value,
+			   struct ldb_dn *basedn,
+			   const char *attr_name,
+			   const char *format, ...) _PRINTF_ATTRIBUTE(6,7)
+{
+	va_list ap;
+	int count;
+	struct ldb_message **res;
+	const char *attrs[2] = { NULL, NULL };
+
+	attrs[0] = attr_name;
+
+	va_start(ap, format);
+	count = gendb_search_v(sam_ldb, mem_ctx, basedn, &res, attrs, format, ap);
+	va_end(ap);
+
+	if (count != 1) {
+		return default_value;
+	}
+
+	return ldb_msg_find_attr_as_int64(res[0], attr_name, default_value);
+}
+
+/*
+  search the sam for multiple records each giving a single string attribute
+  return the number of matches, or -1 on error
+*/
+int samdb_search_string_multiple(struct ldb_context *sam_ldb,
+				 TALLOC_CTX *mem_ctx,
+				 struct ldb_dn *basedn,
+				 const char ***strs,
+				 const char *attr_name,
+				 const char *format, ...) _PRINTF_ATTRIBUTE(6,7)
+{
+	va_list ap;
+	int count, i;
+	const char *attrs[2] = { NULL, NULL };
+	struct ldb_message **res = NULL;
+
+	attrs[0] = attr_name;
+
+	va_start(ap, format);
+	count = gendb_search_v(sam_ldb, mem_ctx, basedn, &res, attrs, format, ap);
+	va_end(ap);
+
+	if (count <= 0) {
+		return count;
+	}
+
+	/* make sure its single valued */
+	for (i=0;i<count;i++) {
+		if (res[i]->num_elements != 1) {
+			DEBUG(1,("samdb: search for %s %s not single valued\n",
+				 attr_name, format));
+			talloc_free(res);
+			return -1;
+		}
+	}
+
+	*strs = talloc_array(mem_ctx, const char *, count+1);
+	if (! *strs) {
+		talloc_free(res);
+		return -1;
+	}
+
+	for (i=0;i<count;i++) {
+		(*strs)[i] = ldb_msg_find_attr_as_string(res[i], attr_name, NULL);
+	}
+	(*strs)[count] = NULL;
+
+	return count;
+}
+
+struct ldb_dn *samdb_result_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, const struct ldb_message *msg,
+			       const char *attr, struct ldb_dn *default_value)
+{
+	struct ldb_dn *ret_dn = ldb_msg_find_attr_as_dn(ldb, mem_ctx, msg, attr);
+	if (!ret_dn) {
+		return default_value;
+	}
+	return ret_dn;
+}
+
+/*
+  pull a rid from a objectSid in a result set.
+*/
+uint32_t samdb_result_rid_from_sid(TALLOC_CTX *mem_ctx, const struct ldb_message *msg,
+				   const char *attr, uint32_t default_value)
+{
+	struct dom_sid *sid;
+	uint32_t rid;
+
+	sid = samdb_result_dom_sid(mem_ctx, msg, attr);
+	if (sid == NULL) {
+		return default_value;
+	}
+	rid = sid->sub_auths[sid->num_auths-1];
+	talloc_free(sid);
+	return rid;
+}
+
+/*
+  pull a dom_sid structure from a objectSid in a result set.
+*/
+struct dom_sid *samdb_result_dom_sid(TALLOC_CTX *mem_ctx, const struct ldb_message *msg,
+				     const char *attr)
+{
+	ssize_t ret;
+	const struct ldb_val *v;
+	struct dom_sid *sid;
+	v = ldb_msg_find_ldb_val(msg, attr);
+	if (v == NULL) {
+		return NULL;
+	}
+	sid = talloc(mem_ctx, struct dom_sid);
+	if (sid == NULL) {
+		return NULL;
+	}
+	ret = sid_parse(v->data, v->length, sid);
+	if (ret == -1) {
+		talloc_free(sid);
+		return NULL;
+	}
+	return sid;
+}
+
+
+/**
+ * Makes an auth_SidAttr structure from a objectSid in a result set and a
+ * supplied attribute value.
+ *
+ * @param [in] mem_ctx	Talloc memory context on which to allocate the auth_SidAttr.
+ * @param [in] msg	The message from which to take the objectSid.
+ * @param [in] attr	The attribute name, usually "objectSid".
+ * @param [in] attrs	SE_GROUP_* flags to go with the SID.
+ * @returns A pointer to the auth_SidAttr structure, or NULL on failure.
+ */
+struct auth_SidAttr *samdb_result_dom_sid_attrs(TALLOC_CTX *mem_ctx, const struct ldb_message *msg,
+						const char *attr, uint32_t attrs)
+{
+	ssize_t ret;
+	const struct ldb_val *v;
+	struct auth_SidAttr *sid;
+	v = ldb_msg_find_ldb_val(msg, attr);
+	if (v == NULL) {
+		return NULL;
+	}
+	sid = talloc(mem_ctx, struct auth_SidAttr);
+	if (sid == NULL) {
+		return NULL;
+	}
+	ret = sid_parse(v->data, v->length, &sid->sid);
+	if (ret == -1) {
+		talloc_free(sid);
+		return NULL;
+	}
+	sid->attrs = attrs;
+	return sid;
+}
+
+/*
+  pull a dom_sid structure from a objectSid in a result set.
+*/
+int samdb_result_dom_sid_buf(const struct ldb_message *msg,
+			     const char *attr,
+			     struct dom_sid *sid)
+{
+	ssize_t ret;
+	const struct ldb_val *v = NULL;
+	v = ldb_msg_find_ldb_val(msg, attr);
+	if (v == NULL) {
+		return LDB_ERR_NO_SUCH_ATTRIBUTE;
+	}
+	ret = sid_parse(v->data, v->length, sid);
+	if (ret == -1) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	return LDB_SUCCESS;
+}
+
+/*
+  pull a guid structure from a objectGUID in a result set.
+*/
+struct GUID samdb_result_guid(const struct ldb_message *msg, const char *attr)
+{
+	const struct ldb_val *v;
+	struct GUID guid;
+	NTSTATUS status;
+
+	v = ldb_msg_find_ldb_val(msg, attr);
+	if (!v) return GUID_zero();
+
+	status = GUID_from_ndr_blob(v, &guid);
+	if (!NT_STATUS_IS_OK(status)) {
+		return GUID_zero();
+	}
+
+	return guid;
+}
+
+/*
+  pull a sid prefix from a objectSid in a result set.
+  this is used to find the domain sid for a user
+*/
+struct dom_sid *samdb_result_sid_prefix(TALLOC_CTX *mem_ctx, const struct ldb_message *msg,
+					const char *attr)
+{
+	struct dom_sid *sid = samdb_result_dom_sid(mem_ctx, msg, attr);
+	if (!sid || sid->num_auths < 1) return NULL;
+	sid->num_auths--;
+	return sid;
+}
+
+/*
+  pull a NTTIME in a result set.
+*/
+NTTIME samdb_result_nttime(const struct ldb_message *msg, const char *attr,
+			   NTTIME default_value)
+{
+	return ldb_msg_find_attr_as_uint64(msg, attr, default_value);
+}
+
+/*
+ * Windows stores 0 for lastLogoff.
+ * But when a MS DC return the lastLogoff (as Logoff Time)
+ * it returns INT64_MAX, not returning this value in this case
+ * cause windows 2008 and newer version to fail for SMB requests
+ */
+NTTIME samdb_result_last_logoff(const struct ldb_message *msg)
+{
+	NTTIME ret = ldb_msg_find_attr_as_uint64(msg, "lastLogoff",0);
+
+	if (ret == 0)
+		ret = INT64_MAX;
+
+	return ret;
+}
+
+/*
+ * Windows uses both 0 and 9223372036854775807 (INT64_MAX) to
+ * indicate an account doesn't expire.
+ *
+ * When Windows initially creates an account, it sets
+ * accountExpires = 9223372036854775807 (INT64_MAX).  However,
+ * when changing from an account having a specific expiration date to
+ * that account never expiring, it sets accountExpires = 0.
+ *
+ * Consolidate that logic here to allow clearer logic for account expiry in
+ * the rest of the code.
+ */
+NTTIME samdb_result_account_expires(const struct ldb_message *msg)
+{
+	NTTIME ret = ldb_msg_find_attr_as_uint64(msg, "accountExpires",
+						 0);
+
+	if (ret == 0)
+		ret = INT64_MAX;
+
+	return ret;
+}
+
+/*
+  construct the allow_password_change field from the PwdLastSet attribute and the
+  domain password settings
+*/
+NTTIME samdb_result_allow_password_change(struct ldb_context *sam_ldb,
+					  TALLOC_CTX *mem_ctx,
+					  struct ldb_dn *domain_dn,
+					  const struct ldb_message *msg,
+					  const char *attr)
+{
+	uint64_t attr_time = ldb_msg_find_attr_as_uint64(msg, attr, 0);
+	int64_t minPwdAge;
+
+	if (attr_time == 0) {
+		return 0;
+	}
+
+	minPwdAge = samdb_search_int64(sam_ldb, mem_ctx, 0, domain_dn, "minPwdAge", NULL);
+
+	/* yes, this is a -= not a += as minPwdAge is stored as the negative
+	   of the number of 100-nano-seconds */
+	attr_time -= minPwdAge;
+
+	return attr_time;
+}
+
+/*
+  pull a samr_Password structutre from a result set.
+*/
+struct samr_Password *samdb_result_hash(TALLOC_CTX *mem_ctx, const struct ldb_message *msg, const char *attr)
+{
+	struct samr_Password *hash = NULL;
+	const struct ldb_val *val = ldb_msg_find_ldb_val(msg, attr);
+	if (val && (val->length >= sizeof(hash->hash))) {
+		hash = talloc(mem_ctx, struct samr_Password);
+		if (hash == NULL) {
+			return NULL;
+		}
+		memcpy(hash->hash, val->data, MIN(val->length, sizeof(hash->hash)));
+	}
+	return hash;
+}
+
+/*
+  pull an array of samr_Password structures from a result set.
+*/
+unsigned int samdb_result_hashes(TALLOC_CTX *mem_ctx, const struct ldb_message *msg,
+			   const char *attr, struct samr_Password **hashes)
+{
+	unsigned int count, i;
+	const struct ldb_val *val = ldb_msg_find_ldb_val(msg, attr);
+
+	*hashes = NULL;
+	if (!val) {
+		return 0;
+	}
+	count = val->length / 16;
+	if (count == 0) {
+		return 0;
+	}
+
+	*hashes = talloc_array(mem_ctx, struct samr_Password, count);
+	if (! *hashes) {
+		return 0;
+	}
+	talloc_keep_secret(*hashes);
+
+	for (i=0;i<count;i++) {
+		memcpy((*hashes)[i].hash, (i*16)+(char *)val->data, 16);
+	}
+
+	return count;
+}
+
+NTSTATUS samdb_result_passwords_from_history(TALLOC_CTX *mem_ctx,
+					     struct loadparm_context *lp_ctx,
+					     const struct ldb_message *msg,
+					     unsigned int idx,
+					     const struct samr_Password **lm_pwd,
+					     const struct samr_Password **nt_pwd)
+{
+	struct samr_Password *lmPwdHash, *ntPwdHash;
+
+	if (nt_pwd) {
+		unsigned int num_nt;
+		num_nt = samdb_result_hashes(mem_ctx, msg, "ntPwdHistory", &ntPwdHash);
+		if (num_nt <= idx) {
+			*nt_pwd = NULL;
+		} else {
+			*nt_pwd = &ntPwdHash[idx];
+		}
+	}
+	if (lm_pwd) {
+		/* Ensure that if we have turned off LM
+		 * authentication, that we never use the LM hash, even
+		 * if we store it */
+		if (lpcfg_lanman_auth(lp_ctx)) {
+			unsigned int num_lm;
+			num_lm = samdb_result_hashes(mem_ctx, msg, "lmPwdHistory", &lmPwdHash);
+			if (num_lm <= idx) {
+				*lm_pwd = NULL;
+			} else {
+				*lm_pwd = &lmPwdHash[idx];
+			}
+		} else {
+			*lm_pwd = NULL;
+		}
+	}
+	return NT_STATUS_OK;
+}
+
+NTSTATUS samdb_result_passwords_no_lockout(TALLOC_CTX *mem_ctx,
+					   struct loadparm_context *lp_ctx,
+					   const struct ldb_message *msg,
+					   struct samr_Password **nt_pwd)
+{
+	struct samr_Password *ntPwdHash;
+
+	if (nt_pwd) {
+		unsigned int num_nt;
+		num_nt = samdb_result_hashes(mem_ctx, msg, "unicodePwd", &ntPwdHash);
+		if (num_nt == 0) {
+			*nt_pwd = NULL;
+		} else if (num_nt > 1) {
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		} else {
+			*nt_pwd = &ntPwdHash[0];
+		}
+	}
+	return NT_STATUS_OK;
+}
+
+NTSTATUS samdb_result_passwords(TALLOC_CTX *mem_ctx,
+				struct loadparm_context *lp_ctx,
+				const struct ldb_message *msg,
+				struct samr_Password **nt_pwd)
+{
+	uint16_t acct_flags;
+
+	acct_flags = samdb_result_acct_flags(msg,
+					     "msDS-User-Account-Control-Computed");
+	/* Quit if the account was locked out. */
+	if (acct_flags & ACB_AUTOLOCK) {
+		DEBUG(3,("samdb_result_passwords: Account for user %s was locked out.\n",
+			 ldb_dn_get_linearized(msg->dn)));
+		return NT_STATUS_ACCOUNT_LOCKED_OUT;
+	}
+
+	return samdb_result_passwords_no_lockout(mem_ctx, lp_ctx, msg,
+						 nt_pwd);
+}
+
+/*
+  pull a samr_LogonHours structutre from a result set.
+*/
+struct samr_LogonHours samdb_result_logon_hours(TALLOC_CTX *mem_ctx, struct ldb_message *msg, const char *attr)
+{
+	struct samr_LogonHours hours = {};
+	size_t units_per_week = 168;
+	const struct ldb_val *val = ldb_msg_find_ldb_val(msg, attr);
+
+	if (val) {
+		units_per_week = val->length * 8;
+	}
+
+	hours.bits = talloc_array(mem_ctx, uint8_t, units_per_week/8);
+	if (!hours.bits) {
+		return hours;
+	}
+	hours.units_per_week = units_per_week;
+	memset(hours.bits, 0xFF, units_per_week/8);
+	if (val) {
+		memcpy(hours.bits, val->data, val->length);
+	}
+
+	return hours;
+}
+
+/*
+  pull a set of account_flags from a result set.
+
+  Naturally, this requires that userAccountControl and
+  (if not null) the attributes 'attr' be already
+  included in msg
+*/
+uint32_t samdb_result_acct_flags(const struct ldb_message *msg, const char *attr)
+{
+	uint32_t userAccountControl = ldb_msg_find_attr_as_uint(msg, "userAccountControl", 0);
+	uint32_t attr_flags = 0;
+	uint32_t acct_flags = ds_uf2acb(userAccountControl);
+	if (attr) {
+		attr_flags = ldb_msg_find_attr_as_uint(msg, attr, UF_ACCOUNTDISABLE);
+		if (attr_flags == UF_ACCOUNTDISABLE) {
+			DEBUG(0, ("Attribute %s not found, disabling account %s!\n", attr,
+				  ldb_dn_get_linearized(msg->dn)));
+		}
+		acct_flags |= ds_uf2acb(attr_flags);
+	}
+
+	return acct_flags;
+}
+
+NTSTATUS samdb_result_parameters(TALLOC_CTX *mem_ctx,
+				 struct ldb_message *msg,
+				 const char *attr,
+				 struct lsa_BinaryString *s)
+{
+	int i;
+	const struct ldb_val *val = ldb_msg_find_ldb_val(msg, attr);
+
+	ZERO_STRUCTP(s);
+
+	if (!val) {
+		return NT_STATUS_OK;
+	}
+
+	if ((val->length % 2) != 0) {
+		/*
+		 * If the on-disk data is not even in length, we know
+		 * it is corrupt, and can not be safely pushed.  We
+		 * would either truncate, send an uninitialised
+		 * byte or send a forced zero byte
+		 */
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	s->array = talloc_array(mem_ctx, uint16_t, val->length/2);
+	if (!s->array) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	s->length = s->size = val->length;
+
+	/* The on-disk format is the 'network' format, being UTF16LE (sort of) */
+	for (i = 0; i < s->length / 2; i++) {
+		s->array[i] = SVAL(val->data, i * 2);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/* Find an attribute, with a particular value */
+
+/* The current callers of this function expect a very specific
+ * behaviour: In particular, objectClass subclass equivalence is not
+ * wanted.  This means that we should not lookup the schema for the
+ * comparison function */
+struct ldb_message_element *samdb_find_attribute(struct ldb_context *ldb,
+						 const struct ldb_message *msg,
+						 const char *name, const char *value)
+{
+	unsigned int i;
+	struct ldb_message_element *el = ldb_msg_find_element(msg, name);
+
+	if (!el) {
+		return NULL;
+	}
+
+	for (i=0;i<el->num_values;i++) {
+		if (ldb_attr_cmp(value, (char *)el->values[i].data) == 0) {
+			return el;
+		}
+	}
+
+	return NULL;
+}
+
+static int samdb_find_or_add_attribute_ex(struct ldb_context *ldb,
+					  struct ldb_message *msg,
+					  const char *name,
+					  const char *set_value,
+					  unsigned attr_flags,
+					  bool *added)
+{
+	int ret;
+	struct ldb_message_element *el;
+
+	SMB_ASSERT(attr_flags != 0);
+
+       	el = ldb_msg_find_element(msg, name);
+	if (el) {
+		if (added != NULL) {
+			*added = false;
+		}
+
+		return LDB_SUCCESS;
+	}
+
+	ret = ldb_msg_add_empty(msg, name,
+				attr_flags,
+				&el);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (set_value != NULL) {
+		ret = ldb_msg_add_string(msg, name, set_value);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	if (added != NULL) {
+		*added = true;
+	}
+	return LDB_SUCCESS;
+}
+
+int samdb_find_or_add_attribute(struct ldb_context *ldb, struct ldb_message *msg, const char *name, const char *set_value)
+{
+	return samdb_find_or_add_attribute_ex(ldb, msg, name, set_value, LDB_FLAG_MOD_ADD, NULL);
+}
+
+/*
+  add a dom_sid element to a message
+*/
+int samdb_msg_add_dom_sid(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
+			  const char *attr_name, const struct dom_sid *sid)
+{
+	struct ldb_val v;
+	enum ndr_err_code ndr_err;
+
+	ndr_err = ndr_push_struct_blob(&v, mem_ctx,
+				       sid,
+				       (ndr_push_flags_fn_t)ndr_push_dom_sid);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return ldb_operr(sam_ldb);
+	}
+	return ldb_msg_add_value(msg, attr_name, &v, NULL);
+}
+
+
+/*
+  add a delete element operation to a message
+*/
+int samdb_msg_add_delete(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
+			 const char *attr_name)
+{
+	/* we use an empty replace rather than a delete, as it allows for
+	   dsdb_replace() to be used everywhere */
+	return ldb_msg_add_empty(msg, attr_name, LDB_FLAG_MOD_REPLACE, NULL);
+}
+
+/*
+  add an add attribute value to a message or enhance an existing attribute
+  which has the same name and the add flag set.
+*/
+int samdb_msg_add_addval(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx,
+			 struct ldb_message *msg, const char *attr_name,
+			 const char *value)
+{
+	struct ldb_message_element *el;
+	struct ldb_val val;
+	char *v;
+	unsigned int i;
+	bool found = false;
+	int ret;
+
+	v = talloc_strdup(mem_ctx, value);
+	if (v == NULL) {
+		return ldb_oom(sam_ldb);
+	}
+
+	val.data = (uint8_t *) v;
+	val.length = strlen(v);
+
+	if (val.length == 0) {
+		/* allow empty strings as non-existent attributes */
+		return LDB_SUCCESS;
+	}
+
+	for (i = 0; i < msg->num_elements; i++) {
+		el = &msg->elements[i];
+		if ((ldb_attr_cmp(el->name, attr_name) == 0) &&
+		    (LDB_FLAG_MOD_TYPE(el->flags) == LDB_FLAG_MOD_ADD)) {
+			found = true;
+			break;
+		}
+	}
+	if (!found) {
+		ret = ldb_msg_add_empty(msg, attr_name, LDB_FLAG_MOD_ADD,
+					&el);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	ret = ldb_msg_element_add_value(msg->elements, el, &val);
+	if (ret != LDB_SUCCESS) {
+		return ldb_oom(sam_ldb);
+	}
+
+	return LDB_SUCCESS;
+}
+
+/*
+  add a delete attribute value to a message or enhance an existing attribute
+  which has the same name and the delete flag set.
+*/
+int samdb_msg_add_delval(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx,
+			 struct ldb_message *msg, const char *attr_name,
+			 const char *value)
+{
+	struct ldb_message_element *el;
+	struct ldb_val val;
+	char *v;
+	unsigned int i;
+	bool found = false;
+	int ret;
+
+	v = talloc_strdup(mem_ctx, value);
+	if (v == NULL) {
+		return ldb_oom(sam_ldb);
+	}
+
+	val.data = (uint8_t *) v;
+	val.length = strlen(v);
+
+	if (val.length == 0) {
+		/* allow empty strings as non-existent attributes */
+		return LDB_SUCCESS;
+	}
+
+	for (i = 0; i < msg->num_elements; i++) {
+		el = &msg->elements[i];
+		if ((ldb_attr_cmp(el->name, attr_name) == 0) &&
+		    (LDB_FLAG_MOD_TYPE(el->flags) == LDB_FLAG_MOD_DELETE)) {
+			found = true;
+			break;
+		}
+	}
+	if (!found) {
+		ret = ldb_msg_add_empty(msg, attr_name, LDB_FLAG_MOD_DELETE,
+					&el);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	ret = ldb_msg_element_add_value(msg->elements, el, &val);
+	if (ret != LDB_SUCCESS) {
+		return ldb_oom(sam_ldb);
+	}
+
+	return LDB_SUCCESS;
+}
+
+/*
+  add a int element to a message
+*/
+int samdb_msg_add_int(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
+		       const char *attr_name, int v)
+{
+	const char *s = talloc_asprintf(mem_ctx, "%d", v);
+	if (s == NULL) {
+		return ldb_oom(sam_ldb);
+	}
+	return ldb_msg_add_string(msg, attr_name, s);
+}
+
+int samdb_msg_add_int_flags(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
+			    const char *attr_name, int v, int flags)
+{
+	const char *s = talloc_asprintf(mem_ctx, "%d", v);
+	if (s == NULL) {
+		return ldb_oom(sam_ldb);
+	}
+	return ldb_msg_add_string_flags(msg, attr_name, s, flags);
+}
+
+/*
+ * Add an unsigned int element to a message
+ *
+ * The issue here is that we have not yet first cast to int32_t explicitly,
+ * before we cast to an signed int to printf() into the %d or cast to a
+ * int64_t before we then cast to a long long to printf into a %lld.
+ *
+ * There are *no* unsigned integers in Active Directory LDAP, even the RID
+ * allocations and ms-DS-Secondary-KrbTgt-Number are *signed* quantities.
+ * (See the schema, and the syntax definitions in schema_syntax.c).
+ *
+ */
+int samdb_msg_add_uint(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
+		       const char *attr_name, unsigned int v)
+{
+	return samdb_msg_add_int(sam_ldb, mem_ctx, msg, attr_name, (int)v);
+}
+
+int samdb_msg_add_uint_flags(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
+			     const char *attr_name, unsigned int v, int flags)
+{
+	return samdb_msg_add_int_flags(sam_ldb, mem_ctx, msg, attr_name, (int)v, flags);
+}
+
+/*
+  add a (signed) int64_t element to a message
+*/
+int samdb_msg_add_int64(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
+			const char *attr_name, int64_t v)
+{
+	const char *s = talloc_asprintf(mem_ctx, "%lld", (long long)v);
+	if (s == NULL) {
+		return ldb_oom(sam_ldb);
+	}
+	return ldb_msg_add_string(msg, attr_name, s);
+}
+
+/*
+ * Add an unsigned int64_t (uint64_t) element to a message
+ *
+ * The issue here is that we have not yet first cast to int32_t explicitly,
+ * before we cast to an signed int to printf() into the %d or cast to a
+ * int64_t before we then cast to a long long to printf into a %lld.
+ *
+ * There are *no* unsigned integers in Active Directory LDAP, even the RID
+ * allocations and ms-DS-Secondary-KrbTgt-Number are *signed* quantities.
+ * (See the schema, and the syntax definitions in schema_syntax.c).
+ *
+ */
+int samdb_msg_add_uint64(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
+			const char *attr_name, uint64_t v)
+{
+	return samdb_msg_add_int64(sam_ldb, mem_ctx, msg, attr_name, (int64_t)v);
+}
+
+/*
+  append a int element to a message
+*/
+int samdb_msg_append_int(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
+		      const char *attr_name, int v, int flags)
+{
+	const char *s = talloc_asprintf(mem_ctx, "%d", v);
+	if (s == NULL) {
+		return ldb_oom(sam_ldb);
+	}
+	return ldb_msg_append_string(msg, attr_name, s, flags);
+}
+
+/*
+ * Append an unsigned int element to a message
+ *
+ * The issue here is that we have not yet first cast to int32_t explicitly,
+ * before we cast to an signed int to printf() into the %d or cast to a
+ * int64_t before we then cast to a long long to printf into a %lld.
+ *
+ * There are *no* unsigned integers in Active Directory LDAP, even the RID
+ * allocations and ms-DS-Secondary-KrbTgt-Number are *signed* quantities.
+ * (See the schema, and the syntax definitions in schema_syntax.c).
+ *
+ */
+int samdb_msg_append_uint(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
+			  const char *attr_name, unsigned int v, int flags)
+{
+	return samdb_msg_append_int(sam_ldb, mem_ctx, msg, attr_name, (int)v, flags);
+}
+
+/*
+  append a (signed) int64_t element to a message
+*/
+int samdb_msg_append_int64(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
+			   const char *attr_name, int64_t v, int flags)
+{
+	const char *s = talloc_asprintf(mem_ctx, "%lld", (long long)v);
+	if (s == NULL) {
+		return ldb_oom(sam_ldb);
+	}
+	return ldb_msg_append_string(msg, attr_name, s, flags);
+}
+
+/*
+ * Append an unsigned int64_t (uint64_t) element to a message
+ *
+ * The issue here is that we have not yet first cast to int32_t explicitly,
+ * before we cast to an signed int to printf() into the %d or cast to a
+ * int64_t before we then cast to a long long to printf into a %lld.
+ *
+ * There are *no* unsigned integers in Active Directory LDAP, even the RID
+ * allocations and ms-DS-Secondary-KrbTgt-Number are *signed* quantities.
+ * (See the schema, and the syntax definitions in schema_syntax.c).
+ *
+ */
+int samdb_msg_append_uint64(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
+			    const char *attr_name, uint64_t v, int flags)
+{
+	return samdb_msg_append_int64(sam_ldb, mem_ctx, msg, attr_name, (int64_t)v, flags);
+}
+
+/*
+  add a samr_Password element to a message
+*/
+int samdb_msg_add_hash(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
+		       const char *attr_name, const struct samr_Password *hash)
+{
+	struct ldb_val val;
+	val.data = talloc_memdup(mem_ctx, hash->hash, 16);
+	if (!val.data) {
+		return ldb_oom(sam_ldb);
+	}
+	val.length = 16;
+	return ldb_msg_add_value(msg, attr_name, &val, NULL);
+}
+
+/*
+  add a samr_Password array to a message
+*/
+int samdb_msg_add_hashes(struct ldb_context *ldb,
+			 TALLOC_CTX *mem_ctx, struct ldb_message *msg,
+			 const char *attr_name, struct samr_Password *hashes,
+			 unsigned int count)
+{
+	struct ldb_val val;
+	unsigned int i;
+	val.data = talloc_array_size(mem_ctx, 16, count);
+	val.length = count*16;
+	if (!val.data) {
+		return ldb_oom(ldb);
+	}
+	for (i=0;i<count;i++) {
+		memcpy(i*16 + (char *)val.data, hashes[i].hash, 16);
+	}
+	return ldb_msg_add_value(msg, attr_name, &val, NULL);
+}
+
+/*
+  add a acct_flags element to a message
+*/
+int samdb_msg_add_acct_flags(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
+			     const char *attr_name, uint32_t v)
+{
+	return samdb_msg_add_uint(sam_ldb, mem_ctx, msg, attr_name, ds_acb2uf(v));
+}
+
+/*
+  add a logon_hours element to a message
+*/
+int samdb_msg_add_logon_hours(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
+			      const char *attr_name, struct samr_LogonHours *hours)
+{
+	struct ldb_val val;
+	val.length = hours->units_per_week / 8;
+	val.data = hours->bits;
+	return ldb_msg_add_value(msg, attr_name, &val, NULL);
+}
+
+/*
+  add a parameters element to a message
+*/
+int samdb_msg_add_parameters(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
+			     const char *attr_name, struct lsa_BinaryString *parameters)
+{
+	int i;
+	struct ldb_val val;
+	if ((parameters->length % 2) != 0) {
+		return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
+	}
+
+	val.data = talloc_array(mem_ctx, uint8_t, parameters->length);
+	if (val.data == NULL) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	val.length = parameters->length;
+	for (i = 0; i < parameters->length / 2; i++) {
+		/*
+		 * The on-disk format needs to be in the 'network'
+		 * format, parameters->array is a uint16_t array of
+		 * length parameters->length / 2
+		 */
+		SSVAL(val.data, i * 2, parameters->array[i]);
+	}
+	return ldb_msg_add_steal_value(msg, attr_name, &val);
+}
+
+/*
+ * Sets an unsigned int element in a message
+ *
+ * The issue here is that we have not yet first cast to int32_t explicitly,
+ * before we cast to an signed int to printf() into the %d or cast to a
+ * int64_t before we then cast to a long long to printf into a %lld.
+ *
+ * There are *no* unsigned integers in Active Directory LDAP, even the RID
+ * allocations and ms-DS-Secondary-KrbTgt-Number are *signed* quantities.
+ * (See the schema, and the syntax definitions in schema_syntax.c).
+ *
+ */
+int samdb_msg_set_uint(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx,
+		       struct ldb_message *msg, const char *attr_name,
+		       unsigned int v)
+{
+	struct ldb_message_element *el;
+
+	el = ldb_msg_find_element(msg, attr_name);
+	if (el) {
+		el->num_values = 0;
+	}
+	return samdb_msg_add_uint(sam_ldb, mem_ctx, msg, attr_name, v);
+}
+
+/*
+ * Handle ldb_request in transaction
+ */
+int dsdb_autotransaction_request(struct ldb_context *sam_ldb,
+				 struct ldb_request *req)
+{
+	int ret;
+
+	ret = ldb_transaction_start(sam_ldb);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = ldb_request(sam_ldb, req);
+	if (ret == LDB_SUCCESS) {
+		ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+	}
+
+	if (ret == LDB_SUCCESS) {
+		return ldb_transaction_commit(sam_ldb);
+	}
+	ldb_transaction_cancel(sam_ldb);
+
+	return ret;
+}
+
+/*
+  return a default security descriptor
+*/
+struct security_descriptor *samdb_default_security_descriptor(TALLOC_CTX *mem_ctx)
+{
+	struct security_descriptor *sd;
+
+	sd = security_descriptor_initialise(mem_ctx);
+
+	return sd;
+}
+
+struct ldb_dn *samdb_aggregate_schema_dn(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx)
+{
+	struct ldb_dn *schema_dn = ldb_get_schema_basedn(sam_ctx);
+	struct ldb_dn *aggregate_dn;
+	if (!schema_dn) {
+		return NULL;
+	}
+
+	aggregate_dn = ldb_dn_copy(mem_ctx, schema_dn);
+	if (!aggregate_dn) {
+		return NULL;
+	}
+	if (!ldb_dn_add_child_fmt(aggregate_dn, "CN=Aggregate")) {
+		return NULL;
+	}
+	return aggregate_dn;
+}
+
+struct ldb_dn *samdb_partitions_dn(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx)
+{
+	struct ldb_dn *new_dn;
+
+	new_dn = ldb_dn_copy(mem_ctx, ldb_get_config_basedn(sam_ctx));
+	if ( ! ldb_dn_add_child_fmt(new_dn, "CN=Partitions")) {
+		talloc_free(new_dn);
+		return NULL;
+	}
+	return new_dn;
+}
+
+struct ldb_dn *samdb_infrastructure_dn(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx)
+{
+       struct ldb_dn *new_dn;
+
+       new_dn = ldb_dn_copy(mem_ctx, ldb_get_default_basedn(sam_ctx));
+       if ( ! ldb_dn_add_child_fmt(new_dn, "CN=Infrastructure")) {
+               talloc_free(new_dn);
+               return NULL;
+       }
+       return new_dn;
+}
+
+struct ldb_dn *samdb_system_container_dn(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx)
+{
+	struct ldb_dn *new_dn = NULL;
+	bool ok;
+
+	new_dn = ldb_dn_copy(mem_ctx, ldb_get_default_basedn(sam_ctx));
+	if (new_dn == NULL) {
+		return NULL;
+	}
+
+	ok = ldb_dn_add_child_fmt(new_dn, "CN=System");
+	if (!ok) {
+		TALLOC_FREE(new_dn);
+		return NULL;
+	}
+
+	return new_dn;
+}
+
+struct ldb_dn *samdb_sites_dn(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx)
+{
+	struct ldb_dn *new_dn;
+
+	new_dn = ldb_dn_copy(mem_ctx, ldb_get_config_basedn(sam_ctx));
+	if ( ! ldb_dn_add_child_fmt(new_dn, "CN=Sites")) {
+		talloc_free(new_dn);
+		return NULL;
+	}
+	return new_dn;
+}
+
+struct ldb_dn *samdb_extended_rights_dn(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx)
+{
+	struct ldb_dn *new_dn;
+
+	new_dn = ldb_dn_copy(mem_ctx, ldb_get_config_basedn(sam_ctx));
+	if ( ! ldb_dn_add_child_fmt(new_dn, "CN=Extended-Rights")) {
+		talloc_free(new_dn);
+		return NULL;
+	}
+	return new_dn;
+}
+/*
+  work out the domain sid for the current open ldb
+*/
+const struct dom_sid *samdb_domain_sid(struct ldb_context *ldb)
+{
+	TALLOC_CTX *tmp_ctx;
+	const struct dom_sid *domain_sid;
+	const char *attrs[] = {
+		"objectSid",
+		NULL
+	};
+	struct ldb_result *res;
+	int ret;
+
+	/* see if we have a cached copy */
+	domain_sid = (struct dom_sid *)ldb_get_opaque(ldb, "cache.domain_sid");
+	if (domain_sid) {
+		return domain_sid;
+	}
+
+	tmp_ctx = talloc_new(ldb);
+	if (tmp_ctx == NULL) {
+		goto failed;
+	}
+
+	ret = ldb_search(ldb, tmp_ctx, &res, ldb_get_default_basedn(ldb), LDB_SCOPE_BASE, attrs, "objectSid=*");
+
+	if (ret != LDB_SUCCESS) {
+		goto failed;
+	}
+
+	if (res->count != 1) {
+		goto failed;
+	}
+
+	domain_sid = samdb_result_dom_sid(tmp_ctx, res->msgs[0], "objectSid");
+	if (domain_sid == NULL) {
+		goto failed;
+	}
+
+	/* cache the domain_sid in the ldb */
+	if (ldb_set_opaque(ldb, "cache.domain_sid", discard_const_p(struct dom_sid, domain_sid)) != LDB_SUCCESS) {
+		goto failed;
+	}
+
+	talloc_steal(ldb, domain_sid);
+	talloc_free(tmp_ctx);
+
+	return domain_sid;
+
+failed:
+	talloc_free(tmp_ctx);
+	return NULL;
+}
+
+/*
+  get domain sid from cache
+*/
+const struct dom_sid *samdb_domain_sid_cache_only(struct ldb_context *ldb)
+{
+	return (struct dom_sid *)ldb_get_opaque(ldb, "cache.domain_sid");
+}
+
+bool samdb_set_domain_sid(struct ldb_context *ldb, const struct dom_sid *dom_sid_in)
+{
+	TALLOC_CTX *tmp_ctx;
+	struct dom_sid *dom_sid_new;
+	struct dom_sid *dom_sid_old;
+
+	/* see if we have a cached copy */
+	dom_sid_old = talloc_get_type(ldb_get_opaque(ldb,
+						     "cache.domain_sid"), struct dom_sid);
+
+	tmp_ctx = talloc_new(ldb);
+	if (tmp_ctx == NULL) {
+		goto failed;
+	}
+
+	dom_sid_new = dom_sid_dup(tmp_ctx, dom_sid_in);
+	if (!dom_sid_new) {
+		goto failed;
+	}
+
+	/* cache the domain_sid in the ldb */
+	if (ldb_set_opaque(ldb, "cache.domain_sid", dom_sid_new) != LDB_SUCCESS) {
+		goto failed;
+	}
+
+	talloc_steal(ldb, dom_sid_new);
+	talloc_free(tmp_ctx);
+	talloc_free(dom_sid_old);
+
+	return true;
+
+failed:
+	DEBUG(1,("Failed to set our own cached domain SID in the ldb!\n"));
+	talloc_free(tmp_ctx);
+	return false;
+}
+
+/*
+  work out the domain guid for the current open ldb
+*/
+const struct GUID *samdb_domain_guid(struct ldb_context *ldb)
+{
+	TALLOC_CTX *tmp_ctx = NULL;
+	struct GUID *domain_guid = NULL;
+	const char *attrs[] = {
+		"objectGUID",
+		NULL
+	};
+	struct ldb_result *res = NULL;
+	int ret;
+
+	/* see if we have a cached copy */
+	domain_guid = (struct GUID *)ldb_get_opaque(ldb, "cache.domain_guid");
+	if (domain_guid) {
+		return domain_guid;
+	}
+
+	tmp_ctx = talloc_new(ldb);
+	if (tmp_ctx == NULL) {
+		goto failed;
+	}
+
+	ret = ldb_search(ldb, tmp_ctx, &res, ldb_get_default_basedn(ldb), LDB_SCOPE_BASE, attrs, "objectGUID=*");
+	if (ret != LDB_SUCCESS) {
+		goto failed;
+	}
+
+	if (res->count != 1) {
+		goto failed;
+	}
+
+	domain_guid = talloc(tmp_ctx, struct GUID);
+	if (domain_guid == NULL) {
+		goto failed;
+	}
+	*domain_guid = samdb_result_guid(res->msgs[0], "objectGUID");
+
+	/* cache the domain_sid in the ldb */
+	if (ldb_set_opaque(ldb, "cache.domain_guid", domain_guid) != LDB_SUCCESS) {
+		goto failed;
+	}
+
+	talloc_steal(ldb, domain_guid);
+	talloc_free(tmp_ctx);
+
+	return domain_guid;
+
+failed:
+	talloc_free(tmp_ctx);
+	return NULL;
+}
+
+bool samdb_set_ntds_settings_dn(struct ldb_context *ldb, struct ldb_dn *ntds_settings_dn_in)
+{
+	TALLOC_CTX *tmp_ctx;
+	struct ldb_dn *ntds_settings_dn_new;
+	struct ldb_dn *ntds_settings_dn_old;
+
+	/* see if we have a forced copy from provision */
+	ntds_settings_dn_old = talloc_get_type(ldb_get_opaque(ldb,
+							      "forced.ntds_settings_dn"), struct ldb_dn);
+
+	tmp_ctx = talloc_new(ldb);
+	if (tmp_ctx == NULL) {
+		goto failed;
+	}
+
+	ntds_settings_dn_new = ldb_dn_copy(tmp_ctx, ntds_settings_dn_in);
+	if (!ntds_settings_dn_new) {
+		goto failed;
+	}
+
+	/* set the DN in the ldb to avoid lookups during provision */
+	if (ldb_set_opaque(ldb, "forced.ntds_settings_dn", ntds_settings_dn_new) != LDB_SUCCESS) {
+		goto failed;
+	}
+
+	talloc_steal(ldb, ntds_settings_dn_new);
+	talloc_free(tmp_ctx);
+	talloc_free(ntds_settings_dn_old);
+
+	return true;
+
+failed:
+	DEBUG(1,("Failed to set our NTDS Settings DN in the ldb!\n"));
+	talloc_free(tmp_ctx);
+	return false;
+}
+
+/*
+  work out the ntds settings dn for the current open ldb
+*/
+struct ldb_dn *samdb_ntds_settings_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx)
+{
+	TALLOC_CTX *tmp_ctx;
+	const char *root_attrs[] = { "dsServiceName", NULL };
+	int ret;
+	struct ldb_result *root_res;
+	struct ldb_dn *settings_dn;
+
+	/* see if we have a cached copy */
+	settings_dn = (struct ldb_dn *)ldb_get_opaque(ldb, "forced.ntds_settings_dn");
+	if (settings_dn) {
+		return ldb_dn_copy(mem_ctx, settings_dn);
+	}
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		goto failed;
+	}
+
+	ret = ldb_search(ldb, tmp_ctx, &root_res, ldb_dn_new(tmp_ctx, ldb, ""), LDB_SCOPE_BASE, root_attrs, NULL);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(1,("Searching for dsServiceName in rootDSE failed: %s\n",
+			 ldb_errstring(ldb)));
+		goto failed;
+	}
+
+	if (root_res->count != 1) {
+		goto failed;
+	}
+
+	settings_dn = ldb_msg_find_attr_as_dn(ldb, tmp_ctx, root_res->msgs[0], "dsServiceName");
+
+	/* note that we do not cache the DN here, as that would mean
+	 * we could not handle server renames at runtime. Only
+	 * provision sets up forced.ntds_settings_dn */
+
+	talloc_steal(mem_ctx, settings_dn);
+	talloc_free(tmp_ctx);
+
+	return settings_dn;
+
+failed:
+	DEBUG(1,("Failed to find our own NTDS Settings DN in the ldb!\n"));
+	talloc_free(tmp_ctx);
+	return NULL;
+}
+
+/*
+  work out the ntds settings invocationID/objectGUID for the current open ldb
+*/
+static const struct GUID *samdb_ntds_GUID(struct ldb_context *ldb,
+					  const char *attribute,
+					  const char *cache_name)
+{
+	TALLOC_CTX *tmp_ctx;
+	const char *attrs[] = { attribute, NULL };
+	int ret;
+	struct ldb_result *res;
+	struct GUID *ntds_guid;
+	struct ldb_dn *ntds_settings_dn = NULL;
+	const char *errstr = NULL;
+
+	/* see if we have a cached copy */
+	ntds_guid = (struct GUID *)ldb_get_opaque(ldb, cache_name);
+	if (ntds_guid != NULL) {
+		return ntds_guid;
+	}
+
+	tmp_ctx = talloc_new(ldb);
+	if (tmp_ctx == NULL) {
+		goto failed;
+	}
+
+	ntds_settings_dn = samdb_ntds_settings_dn(ldb, tmp_ctx);
+	if (ntds_settings_dn == NULL) {
+		errstr = "samdb_ntds_settings_dn() returned NULL";
+		goto failed;
+	}
+
+	ret = ldb_search(ldb, tmp_ctx, &res, ntds_settings_dn,
+			 LDB_SCOPE_BASE, attrs, NULL);
+	if (ret) {
+		errstr = ldb_errstring(ldb);
+		goto failed;
+	}
+
+	if (res->count != 1) {
+		errstr = "incorrect number of results from base search";
+		goto failed;
+	}
+
+	ntds_guid = talloc(tmp_ctx, struct GUID);
+	if (ntds_guid == NULL) {
+		goto failed;
+	}
+
+	*ntds_guid = samdb_result_guid(res->msgs[0], attribute);
+
+	if (GUID_all_zero(ntds_guid)) {
+		if (ldb_msg_find_ldb_val(res->msgs[0], attribute)) {
+			errstr = "failed to find the GUID attribute";
+		} else {
+			errstr = "failed to parse the GUID";
+		}
+		goto failed;
+	}
+
+	/* cache the domain_sid in the ldb */
+	if (ldb_set_opaque(ldb, cache_name, ntds_guid) != LDB_SUCCESS) {
+		errstr = "ldb_set_opaque() failed";
+		goto failed;
+	}
+
+	talloc_steal(ldb, ntds_guid);
+	talloc_free(tmp_ctx);
+
+	return ntds_guid;
+
+failed:
+	DBG_WARNING("Failed to find our own NTDS Settings %s in the ldb: %s!\n",
+		    attribute, errstr);
+	talloc_free(tmp_ctx);
+	return NULL;
+}
+
+/*
+  work out the ntds settings objectGUID for the current open ldb
+*/
+const struct GUID *samdb_ntds_objectGUID(struct ldb_context *ldb)
+{
+	return samdb_ntds_GUID(ldb, "objectGUID", "cache.ntds_guid");
+}
+
+/*
+  work out the ntds settings invocationId for the current open ldb
+*/
+const struct GUID *samdb_ntds_invocation_id(struct ldb_context *ldb)
+{
+	return samdb_ntds_GUID(ldb, "invocationId", "cache.invocation_id");
+}
+
+static bool samdb_set_ntds_GUID(struct ldb_context *ldb,
+				const struct GUID *ntds_guid_in,
+				const char *attribute,
+				const char *cache_name)
+{
+	TALLOC_CTX *tmp_ctx;
+	struct GUID *ntds_guid_new;
+	struct GUID *ntds_guid_old;
+
+	/* see if we have a cached copy */
+	ntds_guid_old = (struct GUID *)ldb_get_opaque(ldb, cache_name);
+
+	tmp_ctx = talloc_new(ldb);
+	if (tmp_ctx == NULL) {
+		goto failed;
+	}
+
+	ntds_guid_new = talloc(tmp_ctx, struct GUID);
+	if (!ntds_guid_new) {
+		goto failed;
+	}
+
+	*ntds_guid_new = *ntds_guid_in;
+
+	/* cache the domain_sid in the ldb */
+	if (ldb_set_opaque(ldb, cache_name, ntds_guid_new) != LDB_SUCCESS) {
+		goto failed;
+	}
+
+	talloc_steal(ldb, ntds_guid_new);
+	talloc_free(tmp_ctx);
+	talloc_free(ntds_guid_old);
+
+	return true;
+
+failed:
+	DBG_WARNING("Failed to set our own cached %s in the ldb!\n",
+		    attribute);
+	talloc_free(tmp_ctx);
+	return false;
+}
+
+bool samdb_set_ntds_objectGUID(struct ldb_context *ldb, const struct GUID *ntds_guid_in)
+{
+	return samdb_set_ntds_GUID(ldb,
+				   ntds_guid_in,
+				   "objectGUID",
+				   "cache.ntds_guid");
+}
+
+bool samdb_set_ntds_invocation_id(struct ldb_context *ldb, const struct GUID *invocation_id_in)
+{
+	return samdb_set_ntds_GUID(ldb,
+				   invocation_id_in,
+				   "invocationId",
+				   "cache.invocation_id");
+}
+
+/*
+  work out the server dn for the current open ldb
+*/
+struct ldb_dn *samdb_server_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx)
+{
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	struct ldb_dn *dn;
+	if (!tmp_ctx) {
+		return NULL;
+	}
+	dn = ldb_dn_get_parent(mem_ctx, samdb_ntds_settings_dn(ldb, tmp_ctx));
+	talloc_free(tmp_ctx);
+	return dn;
+
+}
+
+/*
+  work out the server dn for the current open ldb
+*/
+struct ldb_dn *samdb_server_site_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx)
+{
+	struct ldb_dn *server_dn;
+	struct ldb_dn *servers_dn;
+	struct ldb_dn *server_site_dn;
+
+	/* TODO: there must be a saner way to do this!! */
+	server_dn = samdb_server_dn(ldb, mem_ctx);
+	if (!server_dn) return NULL;
+
+	servers_dn = ldb_dn_get_parent(mem_ctx, server_dn);
+	talloc_free(server_dn);
+	if (!servers_dn) return NULL;
+
+	server_site_dn = ldb_dn_get_parent(mem_ctx, servers_dn);
+	talloc_free(servers_dn);
+
+	return server_site_dn;
+}
+
+/*
+  find the site name from a computers DN record
+ */
+int samdb_find_site_for_computer(struct ldb_context *ldb,
+				 TALLOC_CTX *mem_ctx, struct ldb_dn *computer_dn,
+				 const char **site_name)
+{
+	int ret;
+	struct ldb_dn *dn;
+	const struct ldb_val *rdn_val;
+
+	*site_name = NULL;
+
+	ret = samdb_reference_dn(ldb, mem_ctx, computer_dn, "serverReferenceBL", &dn);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (!ldb_dn_remove_child_components(dn, 2)) {
+		talloc_free(dn);
+		return LDB_ERR_INVALID_DN_SYNTAX;
+	}
+
+	rdn_val = ldb_dn_get_rdn_val(dn);
+	if (rdn_val == NULL) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	(*site_name) = talloc_strndup(mem_ctx, (const char *)rdn_val->data, rdn_val->length);
+	talloc_free(dn);
+	if (!*site_name) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	return LDB_SUCCESS;
+}
+
+/*
+  find the NTDS GUID from a computers DN record
+ */
+int samdb_find_ntdsguid_for_computer(struct ldb_context *ldb, struct ldb_dn *computer_dn,
+				     struct GUID *ntds_guid)
+{
+	int ret;
+	struct ldb_dn *dn;
+
+	*ntds_guid = GUID_zero();
+
+	ret = samdb_reference_dn(ldb, ldb, computer_dn, "serverReferenceBL", &dn);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (!ldb_dn_add_child_fmt(dn, "CN=NTDS Settings")) {
+		talloc_free(dn);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	ret = dsdb_find_guid_by_dn(ldb, dn, ntds_guid);
+	talloc_free(dn);
+	return ret;
+}
+
+/*
+  find a 'reference' DN that points at another object
+  (eg. serverReference, rIDManagerReference etc)
+ */
+int samdb_reference_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, struct ldb_dn *base,
+		       const char *attribute, struct ldb_dn **dn)
+{
+	const char *attrs[2];
+	struct ldb_result *res;
+	int ret;
+
+	attrs[0] = attribute;
+	attrs[1] = NULL;
+
+	ret = dsdb_search(ldb, mem_ctx, &res, base, LDB_SCOPE_BASE, attrs, DSDB_SEARCH_ONE_ONLY|DSDB_SEARCH_SHOW_EXTENDED_DN, NULL);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb, "Cannot find DN %s to get attribute %s for reference dn: %s",
+				       ldb_dn_get_linearized(base), attribute, ldb_errstring(ldb));
+		return ret;
+	}
+
+	*dn = ldb_msg_find_attr_as_dn(ldb, mem_ctx, res->msgs[0], attribute);
+	if (!*dn) {
+		if (!ldb_msg_find_element(res->msgs[0], attribute)) {
+			ldb_asprintf_errstring(ldb, "Cannot find attribute %s of %s to calculate reference dn", attribute,
+					       ldb_dn_get_linearized(base));
+		} else {
+			ldb_asprintf_errstring(ldb, "Cannot interpret attribute %s of %s as a dn", attribute,
+					       ldb_dn_get_linearized(base));
+		}
+		talloc_free(res);
+		return LDB_ERR_NO_SUCH_ATTRIBUTE;
+	}
+
+	talloc_free(res);
+	return LDB_SUCCESS;
+}
+
+/*
+  find if a DN (must have GUID component!) is our ntdsDsa
+ */
+int samdb_dn_is_our_ntdsa(struct ldb_context *ldb, struct ldb_dn *dn, bool *is_ntdsa)
+{
+	NTSTATUS status;
+	struct GUID dn_guid;
+	const struct GUID *our_ntds_guid;
+	status = dsdb_get_extended_dn_guid(dn, &dn_guid, "GUID");
+	if (!NT_STATUS_IS_OK(status)) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	our_ntds_guid = samdb_ntds_objectGUID(ldb);
+	if (!our_ntds_guid) {
+		DEBUG(0, ("Failed to find our NTDS Settings GUID for comparison with %s - %s\n", ldb_dn_get_linearized(dn), ldb_errstring(ldb)));
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	*is_ntdsa = GUID_equal(&dn_guid, our_ntds_guid);
+	return LDB_SUCCESS;
+}
+
+/*
+  find a 'reference' DN that points at another object and indicate if it is our ntdsDsa
+ */
+int samdb_reference_dn_is_our_ntdsa(struct ldb_context *ldb, struct ldb_dn *base,
+				    const char *attribute, bool *is_ntdsa)
+{
+	int ret;
+	struct ldb_dn *referenced_dn;
+	TALLOC_CTX *tmp_ctx = talloc_new(ldb);
+	if (tmp_ctx == NULL) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	ret = samdb_reference_dn(ldb, tmp_ctx, base, attribute, &referenced_dn);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0, ("Failed to find object %s for attribute %s - %s\n", ldb_dn_get_linearized(base), attribute, ldb_errstring(ldb)));
+		return ret;
+	}
+
+	ret = samdb_dn_is_our_ntdsa(ldb, referenced_dn, is_ntdsa);
+
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+/*
+  find our machine account via the serverReference attribute in the
+  server DN
+ */
+int samdb_server_reference_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, struct ldb_dn **dn)
+{
+	struct ldb_dn *server_dn;
+	int ret;
+
+	server_dn = samdb_server_dn(ldb, mem_ctx);
+	if (server_dn == NULL) {
+		return ldb_error(ldb, LDB_ERR_NO_SUCH_OBJECT, __func__);
+	}
+
+	ret = samdb_reference_dn(ldb, mem_ctx, server_dn, "serverReference", dn);
+	talloc_free(server_dn);
+
+	return ret;
+}
+
+/*
+  find the RID Manager$ DN via the rIDManagerReference attribute in the
+  base DN
+ */
+int samdb_rid_manager_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, struct ldb_dn **dn)
+{
+	return samdb_reference_dn(ldb, mem_ctx, ldb_get_default_basedn(ldb),
+				  "rIDManagerReference", dn);
+}
+
+/*
+  find the RID Set DN via the rIDSetReferences attribute in our
+  machine account DN
+ */
+int samdb_rid_set_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, struct ldb_dn **dn)
+{
+	struct ldb_dn *server_ref_dn = NULL;
+	int ret;
+
+	ret = samdb_server_reference_dn(ldb, mem_ctx, &server_ref_dn);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	ret = samdb_reference_dn(ldb, mem_ctx, server_ref_dn, "rIDSetReferences", dn);
+	talloc_free(server_ref_dn);
+	return ret;
+}
+
+const char *samdb_server_site_name(struct ldb_context *ldb, TALLOC_CTX *mem_ctx)
+{
+	const struct ldb_val *val = ldb_dn_get_rdn_val(samdb_server_site_dn(ldb,
+									    mem_ctx));
+
+	if (val == NULL) {
+		return NULL;
+	}
+
+	return (const char *) val->data;
+}
+
+/*
+ * Finds the client site by using the client's IP address.
+ * The "subnet_name" returns the name of the subnet if parameter != NULL
+ *
+ * Has a Windows-based fallback to provide the only site available, or an empty
+ * string if there are multiple sites.
+ */
+const char *samdb_client_site_name(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
+				   const char *ip_address, char **subnet_name,
+				   bool fallback)
+{
+	const char *attrs[] = { "cn", "siteObject", NULL };
+	struct ldb_dn *sites_container_dn = NULL;
+	struct ldb_dn *subnets_dn = NULL;
+	struct ldb_dn *sites_dn = NULL;
+	struct ldb_result *res = NULL;
+	const struct ldb_val *val = NULL;
+	const char *site_name = NULL;
+	const char *l_subnet_name = NULL;
+	const char *allow_list[2] = { NULL, NULL };
+	unsigned int i, count;
+	int ret;
+
+	/*
+	 * if we don't have a client ip e.g. ncalrpc
+	 * the server site is the client site
+	 */
+	if (ip_address == NULL) {
+		return samdb_server_site_name(ldb, mem_ctx);
+	}
+
+	sites_container_dn = samdb_sites_dn(ldb, mem_ctx);
+	if (sites_container_dn == NULL) {
+		goto exit;
+	}
+
+	subnets_dn = ldb_dn_copy(mem_ctx, sites_container_dn);
+	if ( ! ldb_dn_add_child_fmt(subnets_dn, "CN=Subnets")) {
+		goto exit;
+	}
+
+	ret = ldb_search(ldb, mem_ctx, &res, subnets_dn, LDB_SCOPE_ONELEVEL,
+			 attrs, NULL);
+	if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+		count = 0;
+	} else if (ret != LDB_SUCCESS) {
+		goto exit;
+	} else {
+		count = res->count;
+	}
+
+	for (i = 0; i < count; i++) {
+		l_subnet_name = ldb_msg_find_attr_as_string(res->msgs[i], "cn",
+							    NULL);
+
+		allow_list[0] = l_subnet_name;
+
+		if (allow_access_nolog(NULL, allow_list, "", ip_address)) {
+			sites_dn = ldb_msg_find_attr_as_dn(ldb, mem_ctx,
+							   res->msgs[i],
+							   "siteObject");
+			if (sites_dn == NULL) {
+				/* No reference, maybe another subnet matches */
+				continue;
+			}
+
+			/* "val" cannot be NULL here since "sites_dn" != NULL */
+			val = ldb_dn_get_rdn_val(sites_dn);
+			site_name = talloc_strdup(mem_ctx,
+						  (const char *) val->data);
+
+			TALLOC_FREE(sites_dn);
+
+			break;
+		}
+	}
+
+	if (site_name == NULL && fallback) {
+		/* This is the Windows Server fallback rule: when no subnet
+		 * exists and we have only one site available then use it (it
+		 * is for sure the same as our server site). If more sites do
+		 * exist then we don't know which one to use and set the site
+		 * name to "". */
+		size_t cnt = 0;
+		ret = dsdb_domain_count(
+			ldb,
+			&cnt,
+			sites_container_dn,
+			NULL,
+			LDB_SCOPE_SUBTREE,
+			"(objectClass=site)");
+		if (ret != LDB_SUCCESS) {
+			goto exit;
+		}
+		if (cnt == 1) {
+			site_name = samdb_server_site_name(ldb, mem_ctx);
+		} else {
+			site_name = talloc_strdup(mem_ctx, "");
+		}
+		l_subnet_name = NULL;
+	}
+
+	if (subnet_name != NULL) {
+		*subnet_name = talloc_strdup(mem_ctx, l_subnet_name);
+	}
+
+exit:
+	TALLOC_FREE(sites_container_dn);
+	TALLOC_FREE(subnets_dn);
+	TALLOC_FREE(res);
+
+	return site_name;
+}
+
+/*
+  work out if we are the PDC for the domain of the current open ldb
+*/
+bool samdb_is_pdc(struct ldb_context *ldb)
+{
+	int ret;
+	bool is_pdc;
+
+	ret = samdb_reference_dn_is_our_ntdsa(ldb, ldb_get_default_basedn(ldb), "fsmoRoleOwner",
+					      &is_pdc);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(1,("Failed to find if we are the PDC for this ldb: Searching for fSMORoleOwner in %s failed: %s\n",
+			 ldb_dn_get_linearized(ldb_get_default_basedn(ldb)),
+			 ldb_errstring(ldb)));
+		return false;
+	}
+
+	return is_pdc;
+}
+
+/*
+  work out if we are a Global Catalog server for the domain of the current open ldb
+*/
+bool samdb_is_gc(struct ldb_context *ldb)
+{
+	uint32_t options = 0;
+	if (samdb_ntds_options(ldb, &options) != LDB_SUCCESS) {
+		return false;
+	}
+	return (options & DS_NTDSDSA_OPT_IS_GC) != 0;
+}
+
+/* Find a domain object in the parents of a particular DN.  */
+int samdb_search_for_parent_domain(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, struct ldb_dn *dn,
+				   struct ldb_dn **parent_dn, const char **errstring)
+{
+	TALLOC_CTX *local_ctx;
+	struct ldb_dn *sdn = dn;
+	struct ldb_result *res = NULL;
+	int ret = LDB_SUCCESS;
+	const char *attrs[] = { NULL };
+
+	local_ctx = talloc_new(mem_ctx);
+	if (local_ctx == NULL) return ldb_oom(ldb);
+
+	while ((sdn = ldb_dn_get_parent(local_ctx, sdn))) {
+		ret = ldb_search(ldb, local_ctx, &res, sdn, LDB_SCOPE_BASE, attrs,
+				 "(|(objectClass=domain)(objectClass=builtinDomain))");
+		if (ret == LDB_SUCCESS) {
+			if (res->count == 1) {
+				break;
+			}
+		} else {
+			break;
+		}
+	}
+
+	if (ret != LDB_SUCCESS) {
+		*errstring = talloc_asprintf(mem_ctx, "Error searching for parent domain of %s, failed searching for %s: %s",
+					     ldb_dn_get_linearized(dn),
+					     ldb_dn_get_linearized(sdn),
+					     ldb_errstring(ldb));
+		talloc_free(local_ctx);
+		return ret;
+	}
+	/* should never be true with 'ret=LDB_SUCCESS', here to satisfy clang */
+	if (res == NULL) {
+		talloc_free(local_ctx);
+		return LDB_ERR_OTHER;
+	}
+	if (res->count != 1) {
+		*errstring = talloc_asprintf(mem_ctx, "Invalid dn (%s), not child of a domain object",
+					     ldb_dn_get_linearized(dn));
+		DEBUG(0,(__location__ ": %s\n", *errstring));
+		talloc_free(local_ctx);
+		return LDB_ERR_CONSTRAINT_VIOLATION;
+	}
+
+	*parent_dn = talloc_steal(mem_ctx, res->msgs[0]->dn);
+	talloc_free(local_ctx);
+	return ret;
+}
+
+static void pwd_timeout_debug(struct tevent_context *unused1,
+			      struct tevent_timer *unused2,
+			      struct timeval unused3,
+			      void *unused4)
+{
+	DEBUG(0, ("WARNING: check_password_complexity: password script "
+		  "took more than 1 second to run\n"));
+}
+
+
+/*
+ * Performs checks on a user password (plaintext UNIX format - attribute
+ * "password"). The remaining parameters have to be extracted from the domain
+ * object in the AD.
+ *
+ * Result codes from "enum samr_ValidationStatus" (consider "samr.idl")
+ */
+enum samr_ValidationStatus samdb_check_password(TALLOC_CTX *mem_ctx,
+						struct loadparm_context *lp_ctx,
+						const char *account_name,
+						const char *user_principal_name,
+						const char *full_name,
+						const DATA_BLOB *utf8_blob,
+						const uint32_t pwdProperties,
+						const uint32_t minPwdLength)
+{
+	const struct loadparm_substitution *lp_sub =
+		lpcfg_noop_substitution();
+	char *password_script = NULL;
+	const char *utf8_pw = (const char *)utf8_blob->data;
+
+	/*
+	 * This looks strange because it is.
+	 *
+	 * The check for the number of characters in the password
+	 * should clearly not be against the byte length, or else a
+	 * single UTF8 character would count for more than one.
+	 *
+	 * We have chosen to use the number of 16-bit units that the
+	 * password encodes to as the measure of length.  This is not
+	 * the same as the number of codepoints, if a password
+	 * contains a character beyond the Basic Multilingual Plane
+	 * (above 65535) it will count for more than one "character".
+	 */
+
+	size_t password_characters_roughly = strlen_m(utf8_pw);
+
+	/* checks if the "minPwdLength" property is satisfied */
+	if (minPwdLength > password_characters_roughly) {
+		return SAMR_VALIDATION_STATUS_PWD_TOO_SHORT;
+	}
+
+	/* We might not be asked to check the password complexity */
+	if (!(pwdProperties & DOMAIN_PASSWORD_COMPLEX)) {
+		return SAMR_VALIDATION_STATUS_SUCCESS;
+	}
+
+	if (password_characters_roughly == 0) {
+		return SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH;
+	}
+
+	password_script = lpcfg_check_password_script(lp_ctx, lp_sub, mem_ctx);
+	if (password_script != NULL && *password_script != '\0') {
+		int check_ret = 0;
+		int error = 0;
+		ssize_t nwritten = 0;
+		struct tevent_context *event_ctx = NULL;
+		struct tevent_req *req = NULL;
+		int cps_stdin = -1;
+		const char * const cmd[4] = {
+			"/bin/sh", "-c",
+			password_script,
+			NULL
+		};
+
+		event_ctx = tevent_context_init(mem_ctx);
+		if (event_ctx == NULL) {
+			TALLOC_FREE(password_script);
+			return SAMR_VALIDATION_STATUS_PASSWORD_FILTER_ERROR;
+		}
+
+		/* Gives a warning after 1 second, terminates after 10 */
+		tevent_add_timer(event_ctx, event_ctx,
+				 tevent_timeval_current_ofs(1, 0),
+				 pwd_timeout_debug, NULL);
+
+		check_ret = setenv("SAMBA_CPS_ACCOUNT_NAME", account_name, 1);
+		if (check_ret != 0) {
+			TALLOC_FREE(password_script);
+			TALLOC_FREE(event_ctx);
+			return SAMR_VALIDATION_STATUS_PASSWORD_FILTER_ERROR;
+		}
+		if (user_principal_name != NULL) {
+			check_ret = setenv("SAMBA_CPS_USER_PRINCIPAL_NAME",
+					   user_principal_name, 1);
+		} else {
+			unsetenv("SAMBA_CPS_USER_PRINCIPAL_NAME");
+		}
+		if (check_ret != 0) {
+			TALLOC_FREE(password_script);
+			TALLOC_FREE(event_ctx);
+			return SAMR_VALIDATION_STATUS_PASSWORD_FILTER_ERROR;
+		}
+		if (full_name != NULL) {
+			check_ret = setenv("SAMBA_CPS_FULL_NAME", full_name, 1);
+		} else {
+			unsetenv("SAMBA_CPS_FULL_NAME");
+		}
+		if (check_ret != 0) {
+			TALLOC_FREE(password_script);
+			TALLOC_FREE(event_ctx);
+			return SAMR_VALIDATION_STATUS_PASSWORD_FILTER_ERROR;
+		}
+
+		req = samba_runcmd_send(event_ctx, event_ctx,
+					tevent_timeval_current_ofs(10, 0),
+					100, 100, cmd, NULL);
+		unsetenv("SAMBA_CPS_ACCOUNT_NAME");
+		unsetenv("SAMBA_CPS_USER_PRINCIPAL_NAME");
+		unsetenv("SAMBA_CPS_FULL_NAME");
+		if (req == NULL) {
+			TALLOC_FREE(password_script);
+			TALLOC_FREE(event_ctx);
+			return SAMR_VALIDATION_STATUS_PASSWORD_FILTER_ERROR;
+		}
+
+		cps_stdin = samba_runcmd_export_stdin(req);
+
+		nwritten = write_data(
+			cps_stdin, utf8_blob->data, utf8_blob->length);
+		if (nwritten == -1) {
+			close(cps_stdin);
+			TALLOC_FREE(password_script);
+			TALLOC_FREE(event_ctx);
+			return SAMR_VALIDATION_STATUS_PASSWORD_FILTER_ERROR;
+		}
+
+		close(cps_stdin);
+
+		if (!tevent_req_poll(req, event_ctx)) {
+			TALLOC_FREE(password_script);
+			TALLOC_FREE(event_ctx);
+			return SAMR_VALIDATION_STATUS_PASSWORD_FILTER_ERROR;
+		}
+
+		check_ret = samba_runcmd_recv(req, &error);
+		TALLOC_FREE(event_ctx);
+
+		if (error == ETIMEDOUT) {
+			DEBUG(0, ("check_password_complexity: check password script took too long!\n"));
+			TALLOC_FREE(password_script);
+			return SAMR_VALIDATION_STATUS_PASSWORD_FILTER_ERROR;
+		}
+		DEBUG(5,("check_password_complexity: check password script (%s) "
+			 "returned [%d]\n", password_script, check_ret));
+
+		if (check_ret != 0) {
+			DEBUG(1,("check_password_complexity: "
+				 "check password script said new password is not good "
+				 "enough!\n"));
+			TALLOC_FREE(password_script);
+			return SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH;
+		}
+
+		TALLOC_FREE(password_script);
+		return SAMR_VALIDATION_STATUS_SUCCESS;
+	}
+
+	TALLOC_FREE(password_script);
+
+	/*
+	 * Here are the standard AD password quality rules, which we
+	 * run after the script.
+	 */
+
+	if (!check_password_quality(utf8_pw)) {
+		return SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH;
+	}
+
+	return SAMR_VALIDATION_STATUS_SUCCESS;
+}
+
+/*
+ * Callback for "samdb_set_password" password change
+ */
+int samdb_set_password_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	int ret;
+
+	if (!ares) {
+		return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
+	}
+
+	if (ares->error != LDB_SUCCESS) {
+		ret = ares->error;
+		req->context = talloc_steal(req,
+					    ldb_reply_get_control(ares, DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID));
+		talloc_free(ares);
+		return ldb_request_done(req, ret);
+	}
+
+	if (ares->type != LDB_REPLY_DONE) {
+		talloc_free(ares);
+		return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
+	}
+
+	req->context = talloc_steal(req,
+				    ldb_reply_get_control(ares, DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID));
+	talloc_free(ares);
+	return ldb_request_done(req, LDB_SUCCESS);
+}
+
+/*
+ * Sets the user password using plaintext UTF16 (attribute "new_password") or
+ * LM (attribute "lmNewHash") or NT (attribute "ntNewHash") hash. Also pass
+ * the old LM and/or NT hash (attributes "lmOldHash"/"ntOldHash") if it is a
+ * user change or not. The "rejectReason" gives some more information if the
+ * change failed.
+ *
+ * Results: NT_STATUS_OK, NT_STATUS_INVALID_PARAMETER, NT_STATUS_UNSUCCESSFUL,
+ *   NT_STATUS_WRONG_PASSWORD, NT_STATUS_PASSWORD_RESTRICTION,
+ *   NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCOUNT_LOCKED_OUT, NT_STATUS_NO_MEMORY
+ */
+static NTSTATUS samdb_set_password_internal(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
+			    struct ldb_dn *user_dn, struct ldb_dn *domain_dn,
+			    const DATA_BLOB *new_password,
+			    const struct samr_Password *ntNewHash,
+			    enum dsdb_password_checked old_password_checked,
+			    enum samPwdChangeReason *reject_reason,
+			    struct samr_DomInfo1 **_dominfo,
+			    bool permit_interdomain_trust)
+{
+	struct ldb_message *msg;
+	struct ldb_message_element *el;
+	struct ldb_request *req;
+	struct dsdb_control_password_change_status *pwd_stat = NULL;
+	int ret;
+	bool hash_values = false;
+	NTSTATUS status = NT_STATUS_OK;
+
+#define CHECK_RET(x) \
+	if (x != LDB_SUCCESS) { \
+		talloc_free(msg); \
+		return NT_STATUS_NO_MEMORY; \
+	}
+
+	msg = ldb_msg_new(mem_ctx);
+	if (msg == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	msg->dn = user_dn;
+	if ((new_password != NULL)
+			&& ((ntNewHash == NULL))) {
+		/* we have the password as plaintext UTF16 */
+		CHECK_RET(ldb_msg_add_value(msg, "clearTextPassword",
+					    new_password, NULL));
+		el = ldb_msg_find_element(msg, "clearTextPassword");
+		el->flags = LDB_FLAG_MOD_REPLACE;
+	} else if ((new_password == NULL)
+			&& ((ntNewHash != NULL))) {
+		/* we have a password as NT hash */
+		if (ntNewHash != NULL) {
+			CHECK_RET(samdb_msg_add_hash(ldb, mem_ctx, msg,
+				"unicodePwd", ntNewHash));
+			el = ldb_msg_find_element(msg, "unicodePwd");
+			el->flags = LDB_FLAG_MOD_REPLACE;
+		}
+		hash_values = true;
+	} else {
+		/* the password wasn't specified correctly */
+		talloc_free(msg);
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/* build modify request */
+	ret = ldb_build_mod_req(&req, ldb, mem_ctx, msg, NULL, NULL,
+				samdb_set_password_callback, NULL);
+        if (ret != LDB_SUCCESS) {
+		talloc_free(msg);
+		return NT_STATUS_NO_MEMORY;
+        }
+
+	/* A password change operation */
+	if (old_password_checked == DSDB_PASSWORD_CHECKED_AND_CORRECT) {
+		struct dsdb_control_password_change *change;
+
+		change = talloc(req, struct dsdb_control_password_change);
+		if (change == NULL) {
+			talloc_free(req);
+			talloc_free(msg);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		change->old_password_checked = old_password_checked;
+
+		ret = ldb_request_add_control(req,
+					      DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID,
+					      true, change);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(req);
+			talloc_free(msg);
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+	if (hash_values) {
+		ret = ldb_request_add_control(req,
+					      DSDB_CONTROL_PASSWORD_HASH_VALUES_OID,
+					      true, NULL);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(req);
+			talloc_free(msg);
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+	if (permit_interdomain_trust) {
+		ret = ldb_request_add_control(req,
+					      DSDB_CONTROL_PERMIT_INTERDOMAIN_TRUST_UAC_OID,
+					      false, NULL);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(req);
+			talloc_free(msg);
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+	ret = ldb_request_add_control(req,
+				      DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID,
+				      true, NULL);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(req);
+		talloc_free(msg);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ret = ldb_request(ldb, req);
+	if (ret == LDB_SUCCESS) {
+		ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+	}
+
+	if (req->context != NULL) {
+		struct ldb_control *control = talloc_get_type_abort(req->context,
+								    struct ldb_control);
+		pwd_stat = talloc_get_type_abort(control->data,
+						 struct dsdb_control_password_change_status);
+		talloc_steal(mem_ctx, pwd_stat);
+	}
+
+	talloc_free(req);
+	talloc_free(msg);
+
+	/* Sets the domain info (if requested) */
+	if (_dominfo != NULL) {
+		struct samr_DomInfo1 *dominfo;
+
+		dominfo = talloc_zero(mem_ctx, struct samr_DomInfo1);
+		if (dominfo == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		if (pwd_stat != NULL) {
+			dominfo->min_password_length     = pwd_stat->domain_data.minPwdLength;
+			dominfo->password_properties     = pwd_stat->domain_data.pwdProperties;
+			dominfo->password_history_length = pwd_stat->domain_data.pwdHistoryLength;
+			dominfo->max_password_age        = pwd_stat->domain_data.maxPwdAge;
+			dominfo->min_password_age        = pwd_stat->domain_data.minPwdAge;
+		}
+
+		*_dominfo = dominfo;
+	}
+
+	if (reject_reason != NULL) {
+		if (pwd_stat != NULL) {
+			*reject_reason = pwd_stat->reject_reason;
+		} else {
+			*reject_reason = SAM_PWD_CHANGE_NO_ERROR;
+		}
+	}
+
+	if (pwd_stat != NULL) {
+		talloc_free(pwd_stat);
+	}
+
+	if (ret == LDB_ERR_CONSTRAINT_VIOLATION) {
+		const char *errmsg = ldb_errstring(ldb);
+		char *endptr = NULL;
+		WERROR werr = WERR_GEN_FAILURE;
+		status = NT_STATUS_UNSUCCESSFUL;
+		if (errmsg != NULL) {
+			werr = W_ERROR(strtol(errmsg, &endptr, 16));
+			DBG_WARNING("%s\n", errmsg);
+		}
+		if (endptr != errmsg) {
+			if (W_ERROR_EQUAL(werr, WERR_INVALID_PASSWORD)) {
+				status = NT_STATUS_WRONG_PASSWORD;
+			}
+			if (W_ERROR_EQUAL(werr, WERR_PASSWORD_RESTRICTION)) {
+				status = NT_STATUS_PASSWORD_RESTRICTION;
+			}
+			if (W_ERROR_EQUAL(werr, WERR_ACCOUNT_LOCKED_OUT)) {
+				status = NT_STATUS_ACCOUNT_LOCKED_OUT;
+			}
+		}
+	} else if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+		/* don't let the caller know if an account doesn't exist */
+		status = NT_STATUS_WRONG_PASSWORD;
+	} else if (ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS) {
+		status = NT_STATUS_ACCESS_DENIED;
+	} else if (ret != LDB_SUCCESS) {
+		DEBUG(1, ("Failed to set password on %s: %s\n",
+			  ldb_dn_get_linearized(user_dn),
+			  ldb_errstring(ldb)));
+		status = NT_STATUS_UNSUCCESSFUL;
+	}
+
+	return status;
+}
+
+NTSTATUS samdb_set_password(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
+			    struct ldb_dn *user_dn, struct ldb_dn *domain_dn,
+			    const DATA_BLOB *new_password,
+			    const struct samr_Password *ntNewHash,
+			    enum dsdb_password_checked old_password_checked,
+			    enum samPwdChangeReason *reject_reason,
+			    struct samr_DomInfo1 **_dominfo)
+{
+	return samdb_set_password_internal(ldb, mem_ctx,
+			    user_dn, domain_dn,
+			    new_password,
+			    ntNewHash,
+			    old_password_checked,
+			    reject_reason, _dominfo,
+			    false); /* reject trusts */
+}
+
+/*
+ * Sets the user password using plaintext UTF16 (attribute "new_password") or
+ * LM (attribute "lmNewHash") or NT (attribute "ntNewHash") hash. Also pass
+ * the old LM and/or NT hash (attributes "lmOldHash"/"ntOldHash") if it is a
+ * user change or not. The "rejectReason" gives some more information if the
+ * change failed.
+ *
+ * This wrapper function for "samdb_set_password" takes a SID as input rather
+ * than a user DN.
+ *
+ * This call encapsulates a new LDB transaction for changing the password;
+ * therefore the user hasn't to start a new one.
+ *
+ * Results: NT_STATUS_OK, NT_STATUS_INTERNAL_DB_CORRUPTION,
+ *   NT_STATUS_INVALID_PARAMETER, NT_STATUS_UNSUCCESSFUL,
+ *   NT_STATUS_WRONG_PASSWORD, NT_STATUS_PASSWORD_RESTRICTION,
+ *   NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCOUNT_LOCKED_OUT, NT_STATUS_NO_MEMORY
+ *   NT_STATUS_TRANSACTION_ABORTED, NT_STATUS_NO_SUCH_USER
+ */
+NTSTATUS samdb_set_password_sid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
+				const struct dom_sid *user_sid,
+				const uint32_t *new_version, /* optional for trusts */
+				const DATA_BLOB *new_password,
+				const struct samr_Password *ntNewHash,
+				enum dsdb_password_checked old_password_checked,
+				enum samPwdChangeReason *reject_reason,
+				struct samr_DomInfo1 **_dominfo)
+{
+	TALLOC_CTX *frame = talloc_stackframe();
+	NTSTATUS nt_status;
+	static const char * const attrs[] = {
+		"userAccountControl",
+		"sAMAccountName",
+		NULL
+	};
+	struct ldb_message *user_msg = NULL;
+	int ret;
+	uint32_t uac = 0;
+
+	ret = ldb_transaction_start(ldb);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(1, ("Failed to start transaction: %s\n", ldb_errstring(ldb)));
+		TALLOC_FREE(frame);
+		return NT_STATUS_TRANSACTION_ABORTED;
+	}
+
+	ret = dsdb_search_one(ldb, frame, &user_msg, ldb_get_default_basedn(ldb),
+			      LDB_SCOPE_SUBTREE, attrs, 0,
+			      "(&(objectSid=%s)(objectClass=user))",
+			      ldap_encode_ndr_dom_sid(frame, user_sid));
+	if (ret != LDB_SUCCESS) {
+		ldb_transaction_cancel(ldb);
+		DEBUG(3, ("samdb_set_password_sid: SID[%s] not found in samdb %s - %s, "
+			  "returning NO_SUCH_USER\n",
+			  dom_sid_string(frame, user_sid),
+			  ldb_strerror(ret), ldb_errstring(ldb)));
+		TALLOC_FREE(frame);
+		return NT_STATUS_NO_SUCH_USER;
+	}
+
+	uac = ldb_msg_find_attr_as_uint(user_msg, "userAccountControl", 0);
+	if (!(uac & UF_ACCOUNT_TYPE_MASK)) {
+		ldb_transaction_cancel(ldb);
+		DEBUG(1, ("samdb_set_password_sid: invalid "
+			  "userAccountControl[0x%08X] for SID[%s] DN[%s], "
+			  "returning NO_SUCH_USER\n",
+			  (unsigned)uac, dom_sid_string(frame, user_sid),
+			  ldb_dn_get_linearized(user_msg->dn)));
+		TALLOC_FREE(frame);
+		return NT_STATUS_NO_SUCH_USER;
+	}
+
+	if (uac & UF_INTERDOMAIN_TRUST_ACCOUNT) {
+		static const char * const tdo_attrs[] = {
+			"trustAuthIncoming",
+			"trustDirection",
+			NULL
+		};
+		struct ldb_message *tdo_msg = NULL;
+		const char *account_name = NULL;
+		uint32_t trust_direction;
+		uint32_t i;
+		const struct ldb_val *old_val = NULL;
+		struct trustAuthInOutBlob old_blob = {
+			.count = 0,
+		};
+		uint32_t old_version = 0;
+		struct AuthenticationInformation *old_version_a = NULL;
+		uint32_t _new_version = 0;
+		struct trustAuthInOutBlob new_blob = {
+			.count = 0,
+		};
+		struct ldb_val new_val = {
+			.length = 0,
+		};
+		struct timeval tv = timeval_current();
+		NTTIME now = timeval_to_nttime(&tv);
+		enum ndr_err_code ndr_err;
+
+		if (new_password == NULL && ntNewHash == NULL) {
+			ldb_transaction_cancel(ldb);
+			DEBUG(1, ("samdb_set_password_sid: "
+				  "no new password provided "
+				  "sAMAccountName for SID[%s] DN[%s], "
+				  "returning INVALID_PARAMETER\n",
+				  dom_sid_string(frame, user_sid),
+				  ldb_dn_get_linearized(user_msg->dn)));
+			TALLOC_FREE(frame);
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		if (new_password != NULL && ntNewHash != NULL) {
+			ldb_transaction_cancel(ldb);
+			DEBUG(1, ("samdb_set_password_sid: "
+				  "two new passwords provided "
+				  "sAMAccountName for SID[%s] DN[%s], "
+				  "returning INVALID_PARAMETER\n",
+				  dom_sid_string(frame, user_sid),
+				  ldb_dn_get_linearized(user_msg->dn)));
+			TALLOC_FREE(frame);
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		if (new_password != NULL && (new_password->length % 2)) {
+			ldb_transaction_cancel(ldb);
+			DEBUG(2, ("samdb_set_password_sid: "
+				  "invalid utf16 length (%zu) "
+				  "sAMAccountName for SID[%s] DN[%s], "
+				  "returning WRONG_PASSWORD\n",
+				  new_password->length,
+				  dom_sid_string(frame, user_sid),
+				  ldb_dn_get_linearized(user_msg->dn)));
+			TALLOC_FREE(frame);
+			return NT_STATUS_WRONG_PASSWORD;
+		}
+
+		if (new_password != NULL && new_password->length >= 500) {
+			ldb_transaction_cancel(ldb);
+			DEBUG(2, ("samdb_set_password_sid: "
+				  "utf16 password too long (%zu) "
+				  "sAMAccountName for SID[%s] DN[%s], "
+				  "returning WRONG_PASSWORD\n",
+				  new_password->length,
+				  dom_sid_string(frame, user_sid),
+				  ldb_dn_get_linearized(user_msg->dn)));
+			TALLOC_FREE(frame);
+			return NT_STATUS_WRONG_PASSWORD;
+		}
+
+		account_name = ldb_msg_find_attr_as_string(user_msg,
+							"sAMAccountName", NULL);
+		if (account_name == NULL) {
+			ldb_transaction_cancel(ldb);
+			DEBUG(1, ("samdb_set_password_sid: missing "
+				  "sAMAccountName for SID[%s] DN[%s], "
+				  "returning NO_SUCH_USER\n",
+				  dom_sid_string(frame, user_sid),
+				  ldb_dn_get_linearized(user_msg->dn)));
+			TALLOC_FREE(frame);
+			return NT_STATUS_NO_SUCH_USER;
+		}
+
+		nt_status = dsdb_trust_search_tdo_by_type(ldb,
+							  SEC_CHAN_DOMAIN,
+							  account_name,
+							  tdo_attrs,
+							  frame, &tdo_msg);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			ldb_transaction_cancel(ldb);
+			DEBUG(1, ("samdb_set_password_sid: dsdb_trust_search_tdo "
+				  "failed(%s) for sAMAccountName[%s] SID[%s] DN[%s], "
+				  "returning INTERNAL_DB_CORRUPTION\n",
+				  nt_errstr(nt_status), account_name,
+				  dom_sid_string(frame, user_sid),
+				  ldb_dn_get_linearized(user_msg->dn)));
+			TALLOC_FREE(frame);
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+
+		trust_direction = ldb_msg_find_attr_as_int(tdo_msg,
+							   "trustDirection", 0);
+		if (!(trust_direction & LSA_TRUST_DIRECTION_INBOUND)) {
+			ldb_transaction_cancel(ldb);
+			DEBUG(1, ("samdb_set_password_sid: direction[0x%08X] is "
+				  "not inbound for sAMAccountName[%s] "
+				  "DN[%s] TDO[%s], "
+				  "returning INTERNAL_DB_CORRUPTION\n",
+				  (unsigned)trust_direction,
+				  account_name,
+				  ldb_dn_get_linearized(user_msg->dn),
+				  ldb_dn_get_linearized(tdo_msg->dn)));
+			TALLOC_FREE(frame);
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+
+		old_val = ldb_msg_find_ldb_val(tdo_msg, "trustAuthIncoming");
+		if (old_val != NULL) {
+			ndr_err = ndr_pull_struct_blob(old_val, frame, &old_blob,
+					(ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob);
+			if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+				ldb_transaction_cancel(ldb);
+				DEBUG(1, ("samdb_set_password_sid: "
+					  "failed(%s) to parse "
+					  "trustAuthOutgoing sAMAccountName[%s] "
+					  "DN[%s] TDO[%s], "
+					  "returning INTERNAL_DB_CORRUPTION\n",
+					  ndr_map_error2string(ndr_err),
+					  account_name,
+					  ldb_dn_get_linearized(user_msg->dn),
+					  ldb_dn_get_linearized(tdo_msg->dn)));
+
+				TALLOC_FREE(frame);
+				return NT_STATUS_INTERNAL_DB_CORRUPTION;
+			}
+		}
+
+		for (i = old_blob.current.count; i > 0; i--) {
+			struct AuthenticationInformation *a =
+				&old_blob.current.array[i - 1];
+
+			switch (a->AuthType) {
+			case TRUST_AUTH_TYPE_NONE:
+				if (i == old_blob.current.count) {
+					/*
+					 * remove TRUST_AUTH_TYPE_NONE at the
+					 * end
+					 */
+					old_blob.current.count--;
+				}
+				break;
+
+			case TRUST_AUTH_TYPE_VERSION:
+				old_version_a = a;
+				old_version = a->AuthInfo.version.version;
+				break;
+
+			case TRUST_AUTH_TYPE_CLEAR:
+				break;
+
+			case TRUST_AUTH_TYPE_NT4OWF:
+				break;
+			}
+		}
+
+		if (new_version == NULL) {
+			_new_version = 0;
+			new_version = &_new_version;
+		}
+
+		if (old_version_a != NULL && *new_version != (old_version + 1)) {
+			old_version_a->LastUpdateTime = now;
+			old_version_a->AuthType = TRUST_AUTH_TYPE_NONE;
+		}
+
+		new_blob.count = MAX(old_blob.current.count, 2);
+		new_blob.current.array = talloc_zero_array(frame,
+						struct AuthenticationInformation,
+						new_blob.count);
+		if (new_blob.current.array == NULL) {
+			ldb_transaction_cancel(ldb);
+			TALLOC_FREE(frame);
+			return NT_STATUS_NO_MEMORY;
+		}
+		new_blob.previous.array = talloc_zero_array(frame,
+						struct AuthenticationInformation,
+						new_blob.count);
+		if (new_blob.current.array == NULL) {
+			ldb_transaction_cancel(ldb);
+			TALLOC_FREE(frame);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		for (i = 0; i < old_blob.current.count; i++) {
+			struct AuthenticationInformation *o =
+				&old_blob.current.array[i];
+			struct AuthenticationInformation *p =
+				&new_blob.previous.array[i];
+
+			*p = *o;
+			new_blob.previous.count++;
+		}
+		for (; i < new_blob.count; i++) {
+			struct AuthenticationInformation *pi =
+				&new_blob.previous.array[i];
+
+			if (i == 0) {
+				/*
+				 * new_blob.previous is still empty so
+				 * we'll do new_blob.previous = new_blob.current
+				 * below.
+				 */
+				break;
+			}
+
+			pi->LastUpdateTime = now;
+			pi->AuthType = TRUST_AUTH_TYPE_NONE;
+			new_blob.previous.count++;
+		}
+
+		for (i = 0; i < new_blob.count; i++) {
+			struct AuthenticationInformation *ci =
+				&new_blob.current.array[i];
+
+			ci->LastUpdateTime = now;
+			switch (i) {
+			case 0:
+				if (ntNewHash != NULL) {
+					ci->AuthType = TRUST_AUTH_TYPE_NT4OWF;
+					ci->AuthInfo.nt4owf.password = *ntNewHash;
+					break;
+				}
+
+				ci->AuthType = TRUST_AUTH_TYPE_CLEAR;
+				ci->AuthInfo.clear.size = new_password->length;
+				ci->AuthInfo.clear.password = new_password->data;
+				break;
+			case 1:
+				ci->AuthType = TRUST_AUTH_TYPE_VERSION;
+				ci->AuthInfo.version.version = *new_version;
+				break;
+			default:
+				ci->AuthType = TRUST_AUTH_TYPE_NONE;
+				break;
+			}
+
+			new_blob.current.count++;
+		}
+
+		if (new_blob.previous.count == 0) {
+			TALLOC_FREE(new_blob.previous.array);
+			new_blob.previous = new_blob.current;
+		}
+
+		ndr_err = ndr_push_struct_blob(&new_val, frame, &new_blob,
+				(ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			ldb_transaction_cancel(ldb);
+			DEBUG(1, ("samdb_set_password_sid: "
+				  "failed(%s) to generate "
+				  "trustAuthOutgoing sAMAccountName[%s] "
+				  "DN[%s] TDO[%s], "
+				  "returning UNSUCCESSFUL\n",
+				  ndr_map_error2string(ndr_err),
+				  account_name,
+				  ldb_dn_get_linearized(user_msg->dn),
+				  ldb_dn_get_linearized(tdo_msg->dn)));
+			TALLOC_FREE(frame);
+			return NT_STATUS_UNSUCCESSFUL;
+		}
+
+		tdo_msg->num_elements = 0;
+		TALLOC_FREE(tdo_msg->elements);
+
+		ret = ldb_msg_append_value(tdo_msg, "trustAuthIncoming",
+					   &new_val, LDB_FLAG_MOD_REPLACE);
+		if (ret != LDB_SUCCESS) {
+			ldb_transaction_cancel(ldb);
+			TALLOC_FREE(frame);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		ret = ldb_modify(ldb, tdo_msg);
+		if (ret != LDB_SUCCESS) {
+			nt_status = dsdb_ldb_err_to_ntstatus(ret);
+			ldb_transaction_cancel(ldb);
+			DEBUG(1, ("samdb_set_password_sid: "
+				  "failed to replace "
+				  "trustAuthOutgoing sAMAccountName[%s] "
+				  "DN[%s] TDO[%s], "
+				  "%s - %s\n",
+				  account_name,
+				  ldb_dn_get_linearized(user_msg->dn),
+				  ldb_dn_get_linearized(tdo_msg->dn),
+				  nt_errstr(nt_status), ldb_errstring(ldb)));
+			TALLOC_FREE(frame);
+			return nt_status;
+		}
+	}
+
+	nt_status = samdb_set_password_internal(ldb, mem_ctx,
+						user_msg->dn, NULL,
+						new_password,
+						ntNewHash,
+						old_password_checked,
+						reject_reason, _dominfo,
+						true); /* permit trusts */
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		ldb_transaction_cancel(ldb);
+		TALLOC_FREE(frame);
+		return nt_status;
+	}
+
+	ret = ldb_transaction_commit(ldb);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,("Failed to commit transaction to change password on %s: %s\n",
+			 ldb_dn_get_linearized(user_msg->dn),
+			 ldb_errstring(ldb)));
+		TALLOC_FREE(frame);
+		return NT_STATUS_TRANSACTION_ABORTED;
+	}
+
+	TALLOC_FREE(frame);
+	return NT_STATUS_OK;
+}
+
+
+NTSTATUS samdb_create_foreign_security_principal(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
+						 struct dom_sid *sid, struct ldb_dn **ret_dn)
+{
+	struct ldb_message *msg;
+	struct ldb_dn *basedn = NULL;
+	char *sidstr;
+	int ret;
+
+	sidstr = dom_sid_string(mem_ctx, sid);
+	NT_STATUS_HAVE_NO_MEMORY(sidstr);
+
+	/* We might have to create a ForeignSecurityPrincipal, even if this user
+	 * is in our own domain */
+
+	msg = ldb_msg_new(sidstr);
+	if (msg == NULL) {
+		talloc_free(sidstr);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ret = dsdb_wellknown_dn(sam_ctx, sidstr,
+				ldb_get_default_basedn(sam_ctx),
+				DS_GUID_FOREIGNSECURITYPRINCIPALS_CONTAINER,
+				&basedn);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0, ("Failed to find DN for "
+			  "ForeignSecurityPrincipal container - %s\n", ldb_errstring(sam_ctx)));
+		talloc_free(sidstr);
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	/* add core elements to the ldb_message for the alias */
+	msg->dn = basedn;
+	if ( ! ldb_dn_add_child_fmt(msg->dn, "CN=%s", sidstr)) {
+		talloc_free(sidstr);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ret = ldb_msg_add_string(msg, "objectClass",
+				 "foreignSecurityPrincipal");
+	if (ret != LDB_SUCCESS) {
+		talloc_free(sidstr);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* create the alias */
+	ret = ldb_add(sam_ctx, msg);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,("Failed to create foreignSecurityPrincipal "
+			 "record %s: %s\n",
+			 ldb_dn_get_linearized(msg->dn),
+			 ldb_errstring(sam_ctx)));
+		talloc_free(sidstr);
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	*ret_dn = talloc_steal(mem_ctx, msg->dn);
+	talloc_free(sidstr);
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  Find the DN of a domain, assuming it to be a dotted.dns name
+*/
+
+struct ldb_dn *samdb_dns_domain_to_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, const char *dns_domain)
+{
+	unsigned int i;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	const char *binary_encoded;
+	const char * const *split_realm;
+	struct ldb_dn *dn;
+
+	if (!tmp_ctx) {
+		return NULL;
+	}
+
+	split_realm = (const char * const *)str_list_make(tmp_ctx, dns_domain, ".");
+	if (!split_realm) {
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+	dn = ldb_dn_new(mem_ctx, ldb, NULL);
+	for (i=0; split_realm[i]; i++) {
+		binary_encoded = ldb_binary_encode_string(tmp_ctx, split_realm[i]);
+		if (binary_encoded == NULL) {
+			DEBUG(2, ("Failed to add dc= element to DN %s\n",
+				  ldb_dn_get_linearized(dn)));
+			talloc_free(tmp_ctx);
+			return NULL;
+		}
+		if (!ldb_dn_add_base_fmt(dn, "dc=%s", binary_encoded)) {
+			DEBUG(2, ("Failed to add dc=%s element to DN %s\n",
+				  binary_encoded, ldb_dn_get_linearized(dn)));
+			talloc_free(tmp_ctx);
+			return NULL;
+		}
+	}
+	if (!ldb_dn_validate(dn)) {
+		DEBUG(2, ("Failed to validated DN %s\n",
+			  ldb_dn_get_linearized(dn)));
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+	talloc_free(tmp_ctx);
+	return dn;
+}
+
+
+/*
+  Find the DNS equivalent of a DN, in dotted DNS form
+*/
+char *samdb_dn_to_dns_domain(TALLOC_CTX *mem_ctx, struct ldb_dn *dn)
+{
+	int i, num_components = ldb_dn_get_comp_num(dn);
+	char *dns_name = talloc_strdup(mem_ctx, "");
+	if (dns_name == NULL) {
+		return NULL;
+	}
+
+	for (i=0; i<num_components; i++) {
+		const struct ldb_val *v = ldb_dn_get_component_val(dn, i);
+		char *s;
+		if (v == NULL) {
+			talloc_free(dns_name);
+			return NULL;
+		}
+		s = talloc_asprintf_append_buffer(dns_name, "%*.*s.",
+						  (int)v->length, (int)v->length, (char *)v->data);
+		if (s == NULL) {
+			talloc_free(dns_name);
+			return NULL;
+		}
+		dns_name = s;
+	}
+
+	/* remove the last '.' */
+	if (dns_name[0] != 0) {
+		dns_name[strlen(dns_name)-1] = 0;
+	}
+
+	return dns_name;
+}
+
+/*
+  Find the DNS _msdcs name for a given NTDS GUID. The resulting DNS
+  name is based on the forest DNS name
+*/
+char *samdb_ntds_msdcs_dns_name(struct ldb_context *samdb,
+				TALLOC_CTX *mem_ctx,
+				const struct GUID *ntds_guid)
+{
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	const char *guid_str;
+	struct ldb_dn *forest_dn;
+	const char *dnsforest;
+	char *ret;
+
+	guid_str = GUID_string(tmp_ctx, ntds_guid);
+	if (guid_str == NULL) {
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+	forest_dn = ldb_get_root_basedn(samdb);
+	if (forest_dn == NULL) {
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+	dnsforest = samdb_dn_to_dns_domain(tmp_ctx, forest_dn);
+	if (dnsforest == NULL) {
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+	ret = talloc_asprintf(mem_ctx, "%s._msdcs.%s", guid_str, dnsforest);
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+
+/*
+  Find the DN of a domain, be it the netbios or DNS name
+*/
+struct ldb_dn *samdb_domain_to_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
+				  const char *domain_name)
+{
+	const char * const domain_ref_attrs[] = {
+		"ncName", NULL
+	};
+	const char * const domain_ref2_attrs[] = {
+		NULL
+	};
+	struct ldb_result *res_domain_ref;
+	char *escaped_domain = ldb_binary_encode_string(mem_ctx, domain_name);
+	int ret_domain;
+
+	if (escaped_domain == NULL) {
+		return NULL;
+	}
+
+	/* find the domain's DN */
+	ret_domain = ldb_search(ldb, mem_ctx,
+				&res_domain_ref,
+				samdb_partitions_dn(ldb, mem_ctx),
+				LDB_SCOPE_ONELEVEL,
+				domain_ref_attrs,
+				"(&(nETBIOSName=%s)(objectclass=crossRef))",
+				escaped_domain);
+	if (ret_domain != LDB_SUCCESS) {
+		return NULL;
+	}
+
+	if (res_domain_ref->count == 0) {
+		ret_domain = ldb_search(ldb, mem_ctx,
+						&res_domain_ref,
+						samdb_dns_domain_to_dn(ldb, mem_ctx, domain_name),
+						LDB_SCOPE_BASE,
+						domain_ref2_attrs,
+						"(objectclass=domain)");
+		if (ret_domain != LDB_SUCCESS) {
+			return NULL;
+		}
+
+		if (res_domain_ref->count == 1) {
+			return res_domain_ref->msgs[0]->dn;
+		}
+		return NULL;
+	}
+
+	if (res_domain_ref->count > 1) {
+		DEBUG(0,("Found %d records matching domain [%s]\n",
+			 ret_domain, domain_name));
+		return NULL;
+	}
+
+	return samdb_result_dn(ldb, mem_ctx, res_domain_ref->msgs[0], "nCName", NULL);
+
+}
+
+
+/*
+  use a GUID to find a DN
+ */
+int dsdb_find_dn_by_guid(struct ldb_context *ldb,
+			 TALLOC_CTX *mem_ctx,
+			 const struct GUID *guid,
+			 uint32_t dsdb_flags,
+			 struct ldb_dn **dn)
+{
+	int ret;
+	struct ldb_result *res;
+	const char *attrs[] = { NULL };
+	struct GUID_txt_buf buf;
+	char *guid_str = GUID_buf_string(guid, &buf);
+
+	ret = dsdb_search(ldb, mem_ctx, &res, NULL, LDB_SCOPE_SUBTREE, attrs,
+			  DSDB_SEARCH_SEARCH_ALL_PARTITIONS |
+			  DSDB_SEARCH_SHOW_EXTENDED_DN |
+			  DSDB_SEARCH_ONE_ONLY | dsdb_flags,
+			  "objectGUID=%s", guid_str);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	*dn = talloc_steal(mem_ctx, res->msgs[0]->dn);
+	talloc_free(res);
+
+	return LDB_SUCCESS;
+}
+
+/*
+  use a DN to find a GUID with a given attribute name
+ */
+int dsdb_find_guid_attr_by_dn(struct ldb_context *ldb,
+			      struct ldb_dn *dn, const char *attribute,
+			      struct GUID *guid)
+{
+	int ret;
+	struct ldb_result *res = NULL;
+	const char *attrs[2];
+	TALLOC_CTX *tmp_ctx = talloc_new(ldb);
+
+	attrs[0] = attribute;
+	attrs[1] = NULL;
+
+	ret = dsdb_search_dn(ldb, tmp_ctx, &res, dn, attrs,
+			     DSDB_SEARCH_SHOW_DELETED |
+			     DSDB_SEARCH_SHOW_RECYCLED);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+	/* satisfy clang */
+	if (res == NULL) {
+		talloc_free(tmp_ctx);
+		return LDB_ERR_OTHER;
+	}
+	if (res->count < 1) {
+		talloc_free(tmp_ctx);
+		return ldb_error(ldb, LDB_ERR_NO_SUCH_OBJECT, __func__);
+	}
+	*guid = samdb_result_guid(res->msgs[0], attribute);
+	talloc_free(tmp_ctx);
+	return LDB_SUCCESS;
+}
+
+/*
+  use a DN to find a GUID
+ */
+int dsdb_find_guid_by_dn(struct ldb_context *ldb,
+			 struct ldb_dn *dn, struct GUID *guid)
+{
+	return dsdb_find_guid_attr_by_dn(ldb, dn, "objectGUID", guid);
+}
+
+
+
+/*
+ adds the given GUID to the given ldb_message. This value is added
+ for the given attr_name (may be either "objectGUID" or "parentGUID").
+ This function is used in processing 'add' requests.
+ */
+int dsdb_msg_add_guid(struct ldb_message *msg,
+		struct GUID *guid,
+		const char *attr_name)
+{
+	int ret;
+	struct ldb_val v;
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx =  talloc_init("dsdb_msg_add_guid");
+
+	status = GUID_to_ndr_blob(guid, tmp_ctx, &v);
+	if (!NT_STATUS_IS_OK(status)) {
+		ret = LDB_ERR_OPERATIONS_ERROR;
+		goto done;
+	}
+
+	ret = ldb_msg_add_steal_value(msg, attr_name, &v);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(4,(__location__ ": Failed to add %s to the message\n",
+					 attr_name));
+		goto done;
+	}
+
+	ret = LDB_SUCCESS;
+
+done:
+	talloc_free(tmp_ctx);
+	return ret;
+
+}
+
+
+/*
+  use a DN to find a SID
+ */
+int dsdb_find_sid_by_dn(struct ldb_context *ldb,
+			struct ldb_dn *dn, struct dom_sid *sid)
+{
+	int ret;
+	struct ldb_result *res = NULL;
+	const char *attrs[] = { "objectSid", NULL };
+	TALLOC_CTX *tmp_ctx = talloc_new(ldb);
+	struct dom_sid *s;
+
+	ZERO_STRUCTP(sid);
+
+	ret = dsdb_search_dn(ldb, tmp_ctx, &res, dn, attrs,
+			     DSDB_SEARCH_SHOW_DELETED |
+			     DSDB_SEARCH_SHOW_RECYCLED);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+	if (res == NULL) {
+		talloc_free(tmp_ctx);
+		return LDB_ERR_OTHER;
+	}
+	if (res->count < 1) {
+		talloc_free(tmp_ctx);
+		return ldb_error(ldb, LDB_ERR_NO_SUCH_OBJECT, __func__);
+	}
+	s = samdb_result_dom_sid(tmp_ctx, res->msgs[0], "objectSid");
+	if (s == NULL) {
+		talloc_free(tmp_ctx);
+		return ldb_error(ldb, LDB_ERR_NO_SUCH_OBJECT, __func__);
+	}
+	*sid = *s;
+	talloc_free(tmp_ctx);
+	return LDB_SUCCESS;
+}
+
+/*
+  use a SID to find a DN
+ */
+int dsdb_find_dn_by_sid(struct ldb_context *ldb,
+			TALLOC_CTX *mem_ctx,
+			struct dom_sid *sid, struct ldb_dn **dn)
+{
+	int ret;
+	struct ldb_result *res;
+	const char *attrs[] = { NULL };
+	char *sid_str = ldap_encode_ndr_dom_sid(mem_ctx, sid);
+
+	if (!sid_str) {
+		return ldb_operr(ldb);
+	}
+
+	ret = dsdb_search(ldb, mem_ctx, &res, NULL, LDB_SCOPE_SUBTREE, attrs,
+			  DSDB_SEARCH_SEARCH_ALL_PARTITIONS |
+			  DSDB_SEARCH_SHOW_EXTENDED_DN |
+			  DSDB_SEARCH_ONE_ONLY,
+			  "objectSid=%s", sid_str);
+	talloc_free(sid_str);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	*dn = talloc_steal(mem_ctx, res->msgs[0]->dn);
+	talloc_free(res);
+
+	return LDB_SUCCESS;
+}
+
+/*
+  load a repsFromTo blob list for a given partition GUID
+  attr must be "repsFrom" or "repsTo"
+ */
+WERROR dsdb_loadreps(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, struct ldb_dn *dn,
+		     const char *attr, struct repsFromToBlob **r, uint32_t *count)
+{
+	const char *attrs[] = { attr, NULL };
+	struct ldb_result *res = NULL;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	unsigned int i;
+	struct ldb_message_element *el;
+	int ret;
+
+	*r = NULL;
+	*count = 0;
+
+	if (tmp_ctx == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	ret = dsdb_search_dn(sam_ctx, tmp_ctx, &res, dn, attrs, 0);
+	if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+		/* partition hasn't been replicated yet */
+		talloc_free(tmp_ctx);
+		return WERR_OK;
+	}
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,("dsdb_loadreps: failed to read partition object: %s\n", ldb_errstring(sam_ctx)));
+		talloc_free(tmp_ctx);
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	/* satisfy clang */
+	if (res == NULL) {
+		talloc_free(tmp_ctx);
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+	el = ldb_msg_find_element(res->msgs[0], attr);
+	if (el == NULL) {
+		/* it's OK to be empty */
+		talloc_free(tmp_ctx);
+		return WERR_OK;
+	}
+
+	*count = el->num_values;
+	*r = talloc_array(mem_ctx, struct repsFromToBlob, *count);
+	if (*r == NULL) {
+		talloc_free(tmp_ctx);
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	for (i=0; i<(*count); i++) {
+		enum ndr_err_code ndr_err;
+		ndr_err = ndr_pull_struct_blob(&el->values[i],
+					       mem_ctx,
+					       &(*r)[i],
+					       (ndr_pull_flags_fn_t)ndr_pull_repsFromToBlob);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			talloc_free(tmp_ctx);
+			return WERR_DS_DRA_INTERNAL_ERROR;
+		}
+	}
+
+	talloc_free(tmp_ctx);
+
+	return WERR_OK;
+}
+
+/*
+  save the repsFromTo blob list for a given partition GUID
+  attr must be "repsFrom" or "repsTo"
+ */
+WERROR dsdb_savereps(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, struct ldb_dn *dn,
+		     const char *attr, struct repsFromToBlob *r, uint32_t count)
+{
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	struct ldb_message *msg;
+	struct ldb_message_element *el;
+	unsigned int i;
+
+	if (tmp_ctx == NULL) {
+		goto failed;
+	}
+
+	msg = ldb_msg_new(tmp_ctx);
+	if (msg == NULL) {
+		goto failed;
+	}
+	msg->dn = dn;
+	if (ldb_msg_add_empty(msg, attr, LDB_FLAG_MOD_REPLACE, &el) != LDB_SUCCESS) {
+		goto failed;
+	}
+
+	el->values = talloc_array(msg, struct ldb_val, count);
+	if (!el->values) {
+		goto failed;
+	}
+
+	for (i=0; i<count; i++) {
+		struct ldb_val v;
+		enum ndr_err_code ndr_err;
+
+		ndr_err = ndr_push_struct_blob(&v, tmp_ctx,
+					       &r[i],
+					       (ndr_push_flags_fn_t)ndr_push_repsFromToBlob);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			goto failed;
+		}
+
+		el->num_values++;
+		el->values[i] = v;
+	}
+
+	if (dsdb_modify(sam_ctx, msg, 0) != LDB_SUCCESS) {
+		DEBUG(0,("Failed to store %s - %s\n", attr, ldb_errstring(sam_ctx)));
+		goto failed;
+	}
+
+	talloc_free(tmp_ctx);
+
+	return WERR_OK;
+
+failed:
+	talloc_free(tmp_ctx);
+	return WERR_DS_DRA_INTERNAL_ERROR;
+}
+
+
+/*
+  load the uSNHighest and the uSNUrgent attributes from the @REPLCHANGED
+  object for a partition
+ */
+int dsdb_load_partition_usn(struct ldb_context *ldb, struct ldb_dn *dn,
+				uint64_t *uSN, uint64_t *urgent_uSN)
+{
+	struct ldb_request *req;
+	int ret;
+	TALLOC_CTX *tmp_ctx = talloc_new(ldb);
+	struct dsdb_control_current_partition *p_ctrl;
+	struct ldb_result *res;
+
+	if (tmp_ctx == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	res = talloc_zero(tmp_ctx, struct ldb_result);
+	if (!res) {
+		talloc_free(tmp_ctx);
+		return ldb_oom(ldb);
+	}
+
+	ret = ldb_build_search_req(&req, ldb, tmp_ctx,
+				   ldb_dn_new(tmp_ctx, ldb, "@REPLCHANGED"),
+				   LDB_SCOPE_BASE,
+				   NULL, NULL,
+				   NULL,
+				   res, ldb_search_default_callback,
+				   NULL);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	p_ctrl = talloc(req, struct dsdb_control_current_partition);
+	if (p_ctrl == NULL) {
+		talloc_free(tmp_ctx);
+		return ldb_oom(ldb);
+	}
+	p_ctrl->version = DSDB_CONTROL_CURRENT_PARTITION_VERSION;
+	p_ctrl->dn = dn;
+
+	ret = ldb_request_add_control(req,
+				      DSDB_CONTROL_CURRENT_PARTITION_OID,
+				      false, p_ctrl);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	/* Run the new request */
+	ret = ldb_request(ldb, req);
+
+	if (ret == LDB_SUCCESS) {
+		ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+	}
+
+	if (ret == LDB_ERR_NO_SUCH_OBJECT || ret == LDB_ERR_INVALID_DN_SYNTAX) {
+		/* it hasn't been created yet, which means
+		   an implicit value of zero */
+		*uSN = 0;
+		talloc_free(tmp_ctx);
+		return LDB_SUCCESS;
+	}
+
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	if (res->count < 1) {
+		*uSN = 0;
+		if (urgent_uSN) {
+			*urgent_uSN = 0;
+		}
+	} else {
+		*uSN = ldb_msg_find_attr_as_uint64(res->msgs[0], "uSNHighest", 0);
+		if (urgent_uSN) {
+			*urgent_uSN = ldb_msg_find_attr_as_uint64(res->msgs[0], "uSNUrgent", 0);
+		}
+	}
+
+	talloc_free(tmp_ctx);
+
+	return LDB_SUCCESS;
+}
+
+int drsuapi_DsReplicaCursor2_compare(const struct drsuapi_DsReplicaCursor2 *c1,
+						   const struct drsuapi_DsReplicaCursor2 *c2)
+{
+	return GUID_compare(&c1->source_dsa_invocation_id, &c2->source_dsa_invocation_id);
+}
+
+int drsuapi_DsReplicaCursor_compare(const struct drsuapi_DsReplicaCursor *c1,
+				    const struct drsuapi_DsReplicaCursor *c2)
+{
+	return GUID_compare(&c1->source_dsa_invocation_id, &c2->source_dsa_invocation_id);
+}
+
+/*
+ * Return the NTDS object for a GUID, confirming it is in the
+ * configuration partition and a nTDSDSA object
+ */
+int samdb_get_ntds_obj_by_guid(TALLOC_CTX *mem_ctx,
+			       struct ldb_context *sam_ctx,
+			       const struct GUID *objectGUID,
+			       const char **attrs,
+			       struct ldb_message **msg)
+{
+	int ret;
+	struct ldb_result *res;
+	struct GUID_txt_buf guid_buf;
+	char *guid_str = GUID_buf_string(objectGUID, &guid_buf);
+	struct ldb_dn *config_dn = NULL;
+
+	config_dn = ldb_get_config_basedn(sam_ctx);
+	if (config_dn == NULL) {
+		return ldb_operr(sam_ctx);
+	}
+
+	ret = dsdb_search(sam_ctx,
+			  mem_ctx,
+			  &res,
+			  config_dn,
+			  LDB_SCOPE_SUBTREE,
+			  attrs,
+			  DSDB_SEARCH_ONE_ONLY,
+			  "(&(objectGUID=%s)(objectClass=nTDSDSA))",
+			  guid_str);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	if (msg) {
+		*msg = talloc_steal(mem_ctx, res->msgs[0]);
+	}
+	TALLOC_FREE(res);
+	return ret;
+}
+
+
+/*
+  see if a computer identified by its objectGUID is a RODC
+*/
+int samdb_is_rodc(struct ldb_context *sam_ctx, const struct GUID *objectGUID, bool *is_rodc)
+{
+	/* 1) find the DN for this servers NTDSDSA object
+	   2) search for the msDS-isRODC attribute
+	   3) if not present then not a RODC
+	   4) if present and TRUE then is a RODC
+	*/
+	const char *attrs[] = { "msDS-isRODC", NULL };
+	int ret;
+	struct ldb_message *msg;
+	TALLOC_CTX *tmp_ctx = talloc_new(sam_ctx);
+
+	if (tmp_ctx == NULL) {
+		return ldb_oom(sam_ctx);
+	}
+
+	ret = samdb_get_ntds_obj_by_guid(tmp_ctx,
+					 sam_ctx,
+					 objectGUID,
+					 attrs, &msg);
+
+	if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+		*is_rodc = false;
+		talloc_free(tmp_ctx);
+		return LDB_SUCCESS;
+	}
+
+	if (ret != LDB_SUCCESS) {
+		DEBUG(1,("Failed to find our own NTDS Settings object by objectGUID=%s!\n",
+			 GUID_string(tmp_ctx, objectGUID)));
+		*is_rodc = false;
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	ret = ldb_msg_find_attr_as_bool(msg, "msDS-isRODC", 0);
+	*is_rodc = (ret == 1);
+
+	talloc_free(tmp_ctx);
+	return LDB_SUCCESS;
+}
+
+
+/*
+  see if we are a RODC
+*/
+int samdb_rodc(struct ldb_context *sam_ctx, bool *am_rodc)
+{
+	const struct GUID *objectGUID;
+	int ret;
+	bool *cached;
+
+	/* see if we have a cached copy */
+	cached = (bool *)ldb_get_opaque(sam_ctx, "cache.am_rodc");
+	if (cached) {
+		*am_rodc = *cached;
+		return LDB_SUCCESS;
+	}
+
+	objectGUID = samdb_ntds_objectGUID(sam_ctx);
+	if (!objectGUID) {
+		return ldb_operr(sam_ctx);
+	}
+
+	ret = samdb_is_rodc(sam_ctx, objectGUID, am_rodc);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	cached = talloc(sam_ctx, bool);
+	if (cached == NULL) {
+		return ldb_oom(sam_ctx);
+	}
+	*cached = *am_rodc;
+
+	ret = ldb_set_opaque(sam_ctx, "cache.am_rodc", cached);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(cached);
+		return ldb_operr(sam_ctx);
+	}
+
+	return LDB_SUCCESS;
+}
+
+int samdb_dns_host_name(struct ldb_context *sam_ctx, const char **host_name)
+{
+	const char *_host_name = NULL;
+	const char *attrs[] = { "dnsHostName", NULL };
+	TALLOC_CTX *tmp_ctx = NULL;
+	int ret;
+	struct ldb_result *res = NULL;
+
+	_host_name = (const char *)ldb_get_opaque(sam_ctx, "cache.dns_host_name");
+	if (_host_name != NULL) {
+		*host_name = _host_name;
+		return LDB_SUCCESS;
+	}
+
+	tmp_ctx = talloc_new(sam_ctx);
+	if (tmp_ctx == NULL) {
+		return ldb_oom(sam_ctx);
+	}
+
+	ret = dsdb_search_dn(sam_ctx, tmp_ctx, &res, NULL, attrs, 0);
+
+	if (res == NULL || res->count != 1 || ret != LDB_SUCCESS) {
+		DEBUG(0, ("Failed to get rootDSE for dnsHostName: %s\n",
+			  ldb_errstring(sam_ctx)));
+		TALLOC_FREE(tmp_ctx);
+		return ret;
+	}
+
+	_host_name = ldb_msg_find_attr_as_string(res->msgs[0],
+						 "dnsHostName",
+						 NULL);
+	if (_host_name == NULL) {
+		DEBUG(0, ("Failed to get dnsHostName from rootDSE\n"));
+		TALLOC_FREE(tmp_ctx);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	ret = ldb_set_opaque(sam_ctx, "cache.dns_host_name",
+			     discard_const_p(char *, _host_name));
+	if (ret != LDB_SUCCESS) {
+		TALLOC_FREE(tmp_ctx);
+		return ldb_operr(sam_ctx);
+	}
+
+	*host_name = talloc_steal(sam_ctx, _host_name);
+
+	TALLOC_FREE(tmp_ctx);
+	return LDB_SUCCESS;
+}
+
+bool samdb_set_am_rodc(struct ldb_context *ldb, bool am_rodc)
+{
+	TALLOC_CTX *tmp_ctx;
+	bool *cached;
+
+	tmp_ctx = talloc_new(ldb);
+	if (tmp_ctx == NULL) {
+		goto failed;
+	}
+
+	cached = talloc(tmp_ctx, bool);
+	if (!cached) {
+		goto failed;
+	}
+
+	*cached = am_rodc;
+	if (ldb_set_opaque(ldb, "cache.am_rodc", cached) != LDB_SUCCESS) {
+		goto failed;
+	}
+
+	talloc_steal(ldb, cached);
+	talloc_free(tmp_ctx);
+	return true;
+
+failed:
+	DEBUG(1,("Failed to set our own cached am_rodc in the ldb!\n"));
+	talloc_free(tmp_ctx);
+	return false;
+}
+
+
+/*
+ * return NTDSSiteSettings options. See MS-ADTS 7.1.1.2.2.1.1
+ * flags are DS_NTDSSETTINGS_OPT_*
+ */
+int samdb_ntds_site_settings_options(struct ldb_context *ldb_ctx,
+					uint32_t *options)
+{
+	int rc;
+	TALLOC_CTX *tmp_ctx;
+	struct ldb_result *res;
+	struct ldb_dn *site_dn;
+	const char *attrs[] = { "options", NULL };
+
+	tmp_ctx = talloc_new(ldb_ctx);
+	if (tmp_ctx == NULL)
+		goto failed;
+
+        /* Retrieve the site dn for the ldb that we
+	 * have open.  This is our local site.
+         */
+        site_dn = samdb_server_site_dn(ldb_ctx, tmp_ctx);
+	if (site_dn == NULL)
+		goto failed;
+
+	/* Perform a one level (child) search from the local
+         * site distinguished name.   We're looking for the
+         * "options" attribute within the nTDSSiteSettings
+         * object
+	 */
+	rc = ldb_search(ldb_ctx, tmp_ctx, &res, site_dn,
+			LDB_SCOPE_ONELEVEL, attrs,
+                        "objectClass=nTDSSiteSettings");
+
+        if (rc != LDB_SUCCESS || res->count != 1)
+		goto failed;
+
+	*options = ldb_msg_find_attr_as_uint(res->msgs[0], "options", 0);
+
+	talloc_free(tmp_ctx);
+
+	return LDB_SUCCESS;
+
+failed:
+	DEBUG(1,("Failed to find our NTDS Site Settings options in ldb!\n"));
+	talloc_free(tmp_ctx);
+	return ldb_error(ldb_ctx, LDB_ERR_NO_SUCH_OBJECT, __func__);
+}
+
+/*
+  return NTDS options flags. See MS-ADTS 7.1.1.2.2.1.2.1.1
+
+  flags are DS_NTDS_OPTION_*
+*/
+int samdb_ntds_options(struct ldb_context *ldb, uint32_t *options)
+{
+	TALLOC_CTX *tmp_ctx;
+	const char *attrs[] = { "options", NULL };
+	int ret;
+	struct ldb_result *res;
+
+	tmp_ctx = talloc_new(ldb);
+	if (tmp_ctx == NULL) {
+		goto failed;
+	}
+
+	ret = ldb_search(ldb, tmp_ctx, &res, samdb_ntds_settings_dn(ldb, tmp_ctx), LDB_SCOPE_BASE, attrs, NULL);
+	if (ret != LDB_SUCCESS) {
+		goto failed;
+	}
+
+	if (res->count != 1) {
+		goto failed;
+	}
+
+	*options = ldb_msg_find_attr_as_uint(res->msgs[0], "options", 0);
+
+	talloc_free(tmp_ctx);
+
+	return LDB_SUCCESS;
+
+failed:
+	DEBUG(1,("Failed to find our own NTDS Settings options in the ldb!\n"));
+	talloc_free(tmp_ctx);
+	return ldb_error(ldb, LDB_ERR_NO_SUCH_OBJECT, __func__);
+}
+
+const char* samdb_ntds_object_category(TALLOC_CTX *tmp_ctx, struct ldb_context *ldb)
+{
+	const char *attrs[] = { "objectCategory", NULL };
+	int ret;
+	struct ldb_result *res;
+
+	ret = ldb_search(ldb, tmp_ctx, &res, samdb_ntds_settings_dn(ldb, tmp_ctx), LDB_SCOPE_BASE, attrs, NULL);
+	if (ret != LDB_SUCCESS) {
+		goto failed;
+	}
+
+	if (res->count != 1) {
+		goto failed;
+	}
+
+	return ldb_msg_find_attr_as_string(res->msgs[0], "objectCategory", NULL);
+
+failed:
+	DEBUG(1,("Failed to find our own NTDS Settings objectCategory in the ldb!\n"));
+	return NULL;
+}
+
+/*
+ * Function which generates a "lDAPDisplayName" attribute from a "CN" one.
+ * Algorithm implemented according to MS-ADTS 3.1.1.2.3.4
+ */
+const char *samdb_cn_to_lDAPDisplayName(TALLOC_CTX *mem_ctx, const char *cn)
+{
+	char **tokens, *ret;
+	size_t i;
+
+	tokens = str_list_make(mem_ctx, cn, " -_");
+	if (tokens == NULL || tokens[0] == NULL) {
+		return NULL;
+	}
+
+	/* "tolower()" and "toupper()" should also work properly on 0x00 */
+	tokens[0][0] = tolower(tokens[0][0]);
+	for (i = 1; tokens[i] != NULL; i++)
+		tokens[i][0] = toupper(tokens[i][0]);
+
+	ret = talloc_strdup(mem_ctx, tokens[0]);
+	if (ret == NULL) {
+		talloc_free(tokens);
+		return NULL;
+	}
+	for (i = 1; tokens[i] != NULL; i++) {
+		ret = talloc_asprintf_append_buffer(ret, "%s", tokens[i]);
+		if (ret == NULL) {
+			talloc_free(tokens);
+			return NULL;
+		}
+	}
+
+	talloc_free(tokens);
+
+	return ret;
+}
+
+/*
+ * This detects and returns the domain functional level (DS_DOMAIN_FUNCTION_*)
+ */
+int dsdb_functional_level(struct ldb_context *ldb)
+{
+	int *domainFunctionality =
+		talloc_get_type(ldb_get_opaque(ldb, "domainFunctionality"), int);
+	if (!domainFunctionality) {
+		/* this is expected during initial provision */
+		DEBUG(4,(__location__ ": WARNING: domainFunctionality not setup\n"));
+		return DS_DOMAIN_FUNCTION_2000;
+	}
+	return *domainFunctionality;
+}
+
+/*
+ * This detects and returns the forest functional level (DS_DOMAIN_FUNCTION_*)
+ */
+int dsdb_forest_functional_level(struct ldb_context *ldb)
+{
+	int *forestFunctionality =
+		talloc_get_type(ldb_get_opaque(ldb, "forestFunctionality"), int);
+	if (!forestFunctionality) {
+		DEBUG(0,(__location__ ": WARNING: forestFunctionality not setup\n"));
+		return DS_DOMAIN_FUNCTION_2000;
+	}
+	return *forestFunctionality;
+}
+
+/*
+ * This detects and returns the DC functional level (DS_DOMAIN_FUNCTION_*)
+ */
+int dsdb_dc_functional_level(struct ldb_context *ldb)
+{
+	int *dcFunctionality =
+		talloc_get_type(ldb_get_opaque(ldb, "domainControllerFunctionality"), int);
+	if (!dcFunctionality) {
+		/* this is expected during initial provision */
+		DEBUG(4,(__location__ ": WARNING: domainControllerFunctionality not setup\n"));
+		return DS_DOMAIN_FUNCTION_2008_R2;
+	}
+	return *dcFunctionality;
+}
+
+const char *dsdb_dc_operatingSystemVersion(int dc_functional_level)
+{
+	const char *operatingSystemVersion = NULL;
+
+	/*
+	 * While we are there also update
+	 * operatingSystem and operatingSystemVersion
+	 * as at least operatingSystemVersion is really
+	 * important for some clients/applications (like exchange).
+	 */
+
+	if (dc_functional_level >= DS_DOMAIN_FUNCTION_2016) {
+		/* Pretend Windows 2016 */
+		operatingSystemVersion = "10.0 (14393)";
+	} else if (dc_functional_level >= DS_DOMAIN_FUNCTION_2012_R2) {
+		/* Pretend Windows 2012 R2 */
+		operatingSystemVersion = "6.3 (9600)";
+	} else if (dc_functional_level >= DS_DOMAIN_FUNCTION_2012) {
+		/* Pretend Windows 2012 */
+		operatingSystemVersion = "6.2 (9200)";
+	} else {
+		/* Pretend Windows 2008 R2 */
+		operatingSystemVersion = "6.1 (7600)";
+	}
+
+	return operatingSystemVersion;
+}
+
+int dsdb_check_and_update_fl(struct ldb_context *ldb_ctx, struct loadparm_context *lp_ctx)
+{
+	TALLOC_CTX *frame = talloc_stackframe();
+	int ret;
+
+	int db_dc_functional_level;
+	int db_domain_functional_level;
+	int db_forest_functional_level;
+	int lp_dc_functional_level = lpcfg_ad_dc_functional_level(lp_ctx);
+	bool am_rodc;
+	struct ldb_message *msg = NULL;
+	struct ldb_dn *dc_ntds_settings_dn = NULL;
+	struct ldb_dn *dc_computer_dn = NULL;
+	const char *operatingSystem = NULL;
+	const char *operatingSystemVersion = NULL;
+
+	db_dc_functional_level = dsdb_dc_functional_level(ldb_ctx);
+	db_domain_functional_level = dsdb_functional_level(ldb_ctx);
+	db_forest_functional_level = dsdb_forest_functional_level(ldb_ctx);
+
+	if (lp_dc_functional_level < db_domain_functional_level) {
+		DBG_ERR("Refusing to start as smb.conf 'ad dc functional level' maps to %d, "
+			"which is less than the domain functional level of %d\n",
+			lp_dc_functional_level, db_domain_functional_level);
+		TALLOC_FREE(frame);
+		return LDB_ERR_CONSTRAINT_VIOLATION;
+	}
+
+	if (lp_dc_functional_level < db_forest_functional_level) {
+		DBG_ERR("Refusing to start as smb.conf 'ad dc functional level' maps to %d, "
+			"which is less than the forest functional level of %d\n",
+			lp_dc_functional_level, db_forest_functional_level);
+		TALLOC_FREE(frame);
+		return LDB_ERR_CONSTRAINT_VIOLATION;
+	}
+
+	/* Check if we need to update the DB */
+	if (db_dc_functional_level == lp_dc_functional_level) {
+		/*
+		 * Note that this early return means
+		 * we're not updating operatingSystem and
+		 * operatingSystemVersion.
+		 *
+		 * But at least for now that's
+		 * exactly what we want.
+		 */
+		TALLOC_FREE(frame);
+		return LDB_SUCCESS;
+	}
+
+	/* Confirm we are not an RODC before we try a modify */
+	ret = samdb_rodc(ldb_ctx, &am_rodc);
+	if (ret != LDB_SUCCESS) {
+		DBG_ERR("Failed to determine if this server is an RODC\n");
+		TALLOC_FREE(frame);
+		return ret;
+	}
+
+	if (am_rodc) {
+		DBG_WARNING("Unable to update DC's msDS-Behavior-Version "
+			    "(from %d to %d) and operatingSystem[Version] "
+			    "as we are an RODC\n",
+			    db_dc_functional_level, lp_dc_functional_level);
+		TALLOC_FREE(frame);
+		return LDB_SUCCESS;
+	}
+
+	dc_ntds_settings_dn = samdb_ntds_settings_dn(ldb_ctx, frame);
+
+	if (dc_ntds_settings_dn == NULL) {
+		DBG_ERR("Failed to find own NTDS Settings DN\n");
+		TALLOC_FREE(frame);
+		return LDB_ERR_NO_SUCH_OBJECT;
+	}
+
+	/* Now update our msDS-Behavior-Version */
+
+	msg = ldb_msg_new(frame);
+	if (msg == NULL) {
+		DBG_ERR("Failed to allocate message to update msDS-Behavior-Version\n");
+		TALLOC_FREE(frame);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	msg->dn = dc_ntds_settings_dn;
+
+	ret = samdb_msg_add_int(ldb_ctx, frame, msg, "msDS-Behavior-Version", lp_dc_functional_level);
+	if (ret != LDB_SUCCESS) {
+		DBG_ERR("Failed to set new msDS-Behavior-Version on message\n");
+		TALLOC_FREE(frame);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	ret = dsdb_replace(ldb_ctx, msg, 0);
+	if (ret != LDB_SUCCESS) {
+		DBG_ERR("Failed to update DB with new msDS-Behavior-Version on %s: %s\n",
+			ldb_dn_get_linearized(dc_ntds_settings_dn),
+			ldb_errstring(ldb_ctx));
+		TALLOC_FREE(frame);
+		return ret;
+	}
+
+	/*
+	 * We have to update the opaque because this particular ldb_context
+	 * will not re-read the DB
+	 */
+	{
+		int *val = talloc(ldb_ctx, int);
+		if (!val) {
+			TALLOC_FREE(frame);
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+		*val = lp_dc_functional_level;
+		ret = ldb_set_opaque(ldb_ctx,
+				     "domainControllerFunctionality", val);
+		if (ret != LDB_SUCCESS) {
+			DBG_ERR("Failed to re-set domainControllerFunctionality opaque\n");
+			TALLOC_FREE(val);
+			TALLOC_FREE(frame);
+			return ret;
+		}
+	}
+
+	/*
+	 * While we are there also update
+	 * operatingSystem and operatingSystemVersion
+	 * as at least operatingSystemVersion is really
+	 * important for some clients/applications (like exchange).
+	 */
+
+	operatingSystem = talloc_asprintf(frame, "Samba-%s",
+					  samba_version_string());
+	if (operatingSystem == NULL) {
+		TALLOC_FREE(frame);
+		return ldb_oom(ldb_ctx);
+	}
+
+	operatingSystemVersion = dsdb_dc_operatingSystemVersion(db_dc_functional_level);
+
+	ret = samdb_server_reference_dn(ldb_ctx, frame, &dc_computer_dn);
+	if (ret != LDB_SUCCESS) {
+		DBG_ERR("Failed to get the dc_computer_dn: %s\n",
+			ldb_errstring(ldb_ctx));
+		TALLOC_FREE(frame);
+		return ret;
+	}
+
+	msg = ldb_msg_new(frame);
+	if (msg == NULL) {
+		DBG_ERR("Failed to allocate message to update msDS-Behavior-Version\n");
+		TALLOC_FREE(frame);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	msg->dn = dc_computer_dn;
+
+	ret = samdb_msg_add_addval(ldb_ctx, frame, msg,
+				   "operatingSystem",
+				   operatingSystem);
+	if (ret != LDB_SUCCESS) {
+		DBG_ERR("Failed to set new operatingSystem on message\n");
+		TALLOC_FREE(frame);
+		return ldb_operr(ldb_ctx);
+	}
+
+	ret = samdb_msg_add_addval(ldb_ctx, frame, msg,
+				   "operatingSystemVersion",
+				   operatingSystemVersion);
+	if (ret != LDB_SUCCESS) {
+		DBG_ERR("Failed to set new operatingSystemVersion on message\n");
+		TALLOC_FREE(frame);
+		return ldb_operr(ldb_ctx);
+	}
+
+	ret = dsdb_replace(ldb_ctx, msg, 0);
+	if (ret != LDB_SUCCESS) {
+		DBG_ERR("Failed to update DB with new operatingSystem[Version] on %s: %s\n",
+			ldb_dn_get_linearized(dc_computer_dn),
+			ldb_errstring(ldb_ctx));
+		TALLOC_FREE(frame);
+		return ret;
+	}
+
+	TALLOC_FREE(frame);
+	return LDB_SUCCESS;
+}
+
+
+/*
+  set a GUID in an extended DN structure
+ */
+int dsdb_set_extended_dn_guid(struct ldb_dn *dn, const struct GUID *guid, const char *component_name)
+{
+	struct ldb_val v;
+	NTSTATUS status;
+	int ret;
+
+	status = GUID_to_ndr_blob(guid, dn, &v);
+	if (!NT_STATUS_IS_OK(status)) {
+		return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
+	}
+
+	ret = ldb_dn_set_extended_component(dn, component_name, &v);
+	data_blob_free(&v);
+	return ret;
+}
+
+/*
+  return a GUID from a extended DN structure
+ */
+NTSTATUS dsdb_get_extended_dn_guid(struct ldb_dn *dn, struct GUID *guid, const char *component_name)
+{
+	const struct ldb_val *v;
+
+	v = ldb_dn_get_extended_component(dn, component_name);
+	if (v == NULL) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	return GUID_from_ndr_blob(v, guid);
+}
+
+/*
+  return a uint64_t from a extended DN structure
+ */
+NTSTATUS dsdb_get_extended_dn_uint64(struct ldb_dn *dn, uint64_t *val, const char *component_name)
+{
+	const struct ldb_val *v;
+	int error = 0;
+
+	v = ldb_dn_get_extended_component(dn, component_name);
+	if (v == NULL) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	/* Just check we don't allow the caller to fill our stack */
+	if (v->length >= 64) {
+		return NT_STATUS_INVALID_PARAMETER;
+	} else {
+		char s[v->length+1];
+		memcpy(s, v->data, v->length);
+		s[v->length] = 0;
+
+		*val = smb_strtoull(s, NULL, 0, &error, SMB_STR_STANDARD);
+		if (error != 0) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+	}
+	return NT_STATUS_OK;
+}
+
+/*
+  return a NTTIME from a extended DN structure
+ */
+NTSTATUS dsdb_get_extended_dn_nttime(struct ldb_dn *dn, NTTIME *nttime, const char *component_name)
+{
+	return dsdb_get_extended_dn_uint64(dn, nttime, component_name);
+}
+
+/*
+  return a uint32_t from a extended DN structure
+ */
+NTSTATUS dsdb_get_extended_dn_uint32(struct ldb_dn *dn, uint32_t *val, const char *component_name)
+{
+	const struct ldb_val *v;
+	int error = 0;
+
+	v = ldb_dn_get_extended_component(dn, component_name);
+	if (v == NULL) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	/* Just check we don't allow the caller to fill our stack */
+	if (v->length >= 32) {
+		return NT_STATUS_INVALID_PARAMETER;
+	} else {
+		char s[v->length + 1];
+		memcpy(s, v->data, v->length);
+		s[v->length] = 0;
+		*val = smb_strtoul(s, NULL, 0, &error, SMB_STR_STANDARD);
+		if (error != 0) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  return a dom_sid from a extended DN structure
+ */
+NTSTATUS dsdb_get_extended_dn_sid(struct ldb_dn *dn, struct dom_sid *sid, const char *component_name)
+{
+	const struct ldb_val *sid_blob;
+	enum ndr_err_code ndr_err;
+
+	sid_blob = ldb_dn_get_extended_component(dn, component_name);
+	if (!sid_blob) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	ndr_err = ndr_pull_struct_blob_all_noalloc(sid_blob, sid,
+						   (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
+		return status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  return RMD_FLAGS directly from a ldb_dn
+  returns 0 if not found
+ */
+uint32_t dsdb_dn_rmd_flags(struct ldb_dn *dn)
+{
+	uint32_t rmd_flags = 0;
+	NTSTATUS status = dsdb_get_extended_dn_uint32(dn, &rmd_flags,
+						      "RMD_FLAGS");
+	if (NT_STATUS_IS_OK(status)) {
+		return rmd_flags;
+	}
+	return 0;
+}
+
+/*
+  return RMD_FLAGS directly from a ldb_val for a DN
+  returns 0 if RMD_FLAGS is not found
+ */
+uint32_t dsdb_dn_val_rmd_flags(const struct ldb_val *val)
+{
+	const char *p;
+	uint32_t flags;
+	char *end;
+	int error = 0;
+
+	if (val->length < 13) {
+		return 0;
+	}
+	p = memmem(val->data, val->length, "<RMD_FLAGS=", 11);
+	if (!p) {
+		return 0;
+	}
+	flags = smb_strtoul(p+11, &end, 10, &error, SMB_STR_STANDARD);
+	if (!end || *end != '>' || error != 0) {
+		/* it must end in a > */
+		return 0;
+	}
+	return flags;
+}
+
+/*
+  return true if a ldb_val containing a DN in storage form is deleted
+ */
+bool dsdb_dn_is_deleted_val(const struct ldb_val *val)
+{
+	return (dsdb_dn_val_rmd_flags(val) & DSDB_RMD_FLAG_DELETED) != 0;
+}
+
+/*
+  return true if a ldb_val containing a DN in storage form is
+  in the upgraded w2k3 linked attribute format
+ */
+bool dsdb_dn_is_upgraded_link_val(const struct ldb_val *val)
+{
+	return memmem(val->data, val->length, "<RMD_VERSION=", 13) != NULL;
+}
+
+/*
+  return a DN for a wellknown GUID
+ */
+int dsdb_wellknown_dn(struct ldb_context *samdb, TALLOC_CTX *mem_ctx,
+		      struct ldb_dn *nc_root, const char *wk_guid,
+		      struct ldb_dn **wkguid_dn)
+{
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	const char *attrs[] = { NULL };
+	int ret;
+	struct ldb_dn *dn;
+	struct ldb_result *res = NULL;
+
+	if (tmp_ctx == NULL) {
+		return ldb_oom(samdb);
+	}
+
+	/* construct the magic WKGUID DN */
+	dn = ldb_dn_new_fmt(tmp_ctx, samdb, "<WKGUID=%s,%s>",
+			    wk_guid, ldb_dn_get_linearized(nc_root));
+	if (!wkguid_dn) {
+		talloc_free(tmp_ctx);
+		return ldb_operr(samdb);
+	}
+
+	ret = dsdb_search_dn(samdb, tmp_ctx, &res, dn, attrs,
+			     DSDB_SEARCH_SHOW_DELETED |
+			     DSDB_SEARCH_SHOW_RECYCLED);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+	/* fix clang warning */
+	if (res == NULL){
+		talloc_free(tmp_ctx);
+		return LDB_ERR_OTHER;
+	}
+
+	(*wkguid_dn) = talloc_steal(mem_ctx, res->msgs[0]->dn);
+	talloc_free(tmp_ctx);
+	return LDB_SUCCESS;
+}
+
+
+static int dsdb_dn_compare_ptrs(struct ldb_dn **dn1, struct ldb_dn **dn2)
+{
+	return ldb_dn_compare(*dn1, *dn2);
+}
+
+/*
+  find a NC root given a DN within the NC by reading the rootDSE namingContexts
+ */
+static int dsdb_find_nc_root_string_based(struct ldb_context *samdb,
+					  TALLOC_CTX *mem_ctx,
+					  struct ldb_dn *dn,
+					  struct ldb_dn **nc_root)
+{
+	const char *root_attrs[] = { "namingContexts", NULL };
+	TALLOC_CTX *tmp_ctx;
+	int ret;
+	struct ldb_message_element *el;
+	struct ldb_result *root_res;
+	unsigned int i;
+	struct ldb_dn **nc_dns;
+
+	tmp_ctx = talloc_new(samdb);
+	if (tmp_ctx == NULL) {
+		return ldb_oom(samdb);
+	}
+
+	ret = ldb_search(samdb, tmp_ctx, &root_res,
+			 ldb_dn_new(tmp_ctx, samdb, ""), LDB_SCOPE_BASE, root_attrs, NULL);
+	if (ret != LDB_SUCCESS || root_res->count == 0) {
+		DEBUG(1,("Searching for namingContexts in rootDSE failed: %s\n", ldb_errstring(samdb)));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	el = ldb_msg_find_element(root_res->msgs[0], "namingContexts");
+	if ((el == NULL) || (el->num_values < 3)) {
+		struct ldb_message *tmp_msg;
+
+		DEBUG(5,("dsdb_find_nc_root: Finding a valid 'namingContexts' element in the RootDSE failed. Using a temporary list.\n"));
+
+		/* This generates a temporary list of NCs in order to let the
+		 * provisioning work. */
+		tmp_msg = ldb_msg_new(tmp_ctx);
+		if (tmp_msg == NULL) {
+			talloc_free(tmp_ctx);
+			return ldb_oom(samdb);
+		}
+		ret = ldb_msg_add_steal_string(tmp_msg, "namingContexts",
+					       ldb_dn_alloc_linearized(tmp_msg, ldb_get_schema_basedn(samdb)));
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+		ret = ldb_msg_add_steal_string(tmp_msg, "namingContexts",
+					       ldb_dn_alloc_linearized(tmp_msg, ldb_get_config_basedn(samdb)));
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+		ret = ldb_msg_add_steal_string(tmp_msg, "namingContexts",
+					       ldb_dn_alloc_linearized(tmp_msg, ldb_get_default_basedn(samdb)));
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+		el = &tmp_msg->elements[0];
+	}
+
+       nc_dns = talloc_array(tmp_ctx, struct ldb_dn *, el->num_values);
+       if (!nc_dns) {
+	       talloc_free(tmp_ctx);
+	       return ldb_oom(samdb);
+       }
+
+       for (i=0; i<el->num_values; i++) {
+	       nc_dns[i] = ldb_dn_from_ldb_val(nc_dns, samdb, &el->values[i]);
+	       if (nc_dns[i] == NULL) {
+		       talloc_free(tmp_ctx);
+		       return ldb_operr(samdb);
+	       }
+       }
+
+       TYPESAFE_QSORT(nc_dns, el->num_values, dsdb_dn_compare_ptrs);
+
+       for (i=0; i<el->num_values; i++) {
+               if (ldb_dn_compare_base(nc_dns[i], dn) == 0) {
+		       (*nc_root) = talloc_steal(mem_ctx, nc_dns[i]);
+                       talloc_free(tmp_ctx);
+                       return LDB_SUCCESS;
+               }
+       }
+
+       talloc_free(tmp_ctx);
+       return ldb_error(samdb, LDB_ERR_NO_SUCH_OBJECT, __func__);
+}
+
+struct dsdb_get_partition_and_dn {
+	TALLOC_CTX *mem_ctx;
+	unsigned int count;
+	struct ldb_dn *dn;
+	struct ldb_dn *partition_dn;
+	bool want_partition_dn;
+};
+
+static int dsdb_get_partition_and_dn(struct ldb_request *req,
+				     struct ldb_reply *ares)
+{
+	int ret;
+	struct dsdb_get_partition_and_dn *context = req->context;
+	struct ldb_control *partition_ctrl = NULL;
+	struct dsdb_control_current_partition *partition = NULL;
+
+	if (!ares) {
+		return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ares->error != LDB_SUCCESS
+	    && ares->error != LDB_ERR_NO_SUCH_OBJECT) {
+		return ldb_request_done(req, ares->error);
+	}
+
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+		if (context->count != 0) {
+			return ldb_request_done(req,
+						LDB_ERR_CONSTRAINT_VIOLATION);
+		}
+		context->count++;
+
+		context->dn = talloc_steal(context->mem_ctx,
+					   ares->message->dn);
+		break;
+
+	case LDB_REPLY_REFERRAL:
+		talloc_free(ares);
+		return ldb_request_done(req, LDB_SUCCESS);
+
+	case LDB_REPLY_DONE:
+		partition_ctrl
+			= ldb_reply_get_control(ares,
+						DSDB_CONTROL_CURRENT_PARTITION_OID);
+		if (!context->want_partition_dn ||
+			partition_ctrl == NULL) {
+			ret = ares->error;
+			talloc_free(ares);
+
+			return ldb_request_done(req, ret);
+		}
+
+		partition
+			= talloc_get_type_abort(partition_ctrl->data,
+						struct dsdb_control_current_partition);
+		context->partition_dn
+			= ldb_dn_copy(context->mem_ctx, partition->dn);
+		if (context->partition_dn == NULL) {
+			return ldb_request_done(req,
+						LDB_ERR_OPERATIONS_ERROR);
+		}
+
+		ret = ares->error;
+		talloc_free(ares);
+
+		return ldb_request_done(req, ret);
+	}
+
+	talloc_free(ares);
+	return LDB_SUCCESS;
+}
+
+/*
+  find a NC root given a DN within the NC
+ */
+int dsdb_normalise_dn_and_find_nc_root(struct ldb_context *samdb,
+				       TALLOC_CTX *mem_ctx,
+				       struct ldb_dn *dn,
+				       struct ldb_dn **normalised_dn,
+				       struct ldb_dn **nc_root)
+{
+	TALLOC_CTX *tmp_ctx;
+	int ret;
+	struct ldb_request *req;
+	struct ldb_result *res;
+	struct ldb_dn *search_dn = dn;
+	static const char * attrs[] = { NULL };
+	bool has_extended = ldb_dn_has_extended(dn);
+	bool has_normal_components = ldb_dn_get_comp_num(dn) >= 1;
+	struct dsdb_get_partition_and_dn context = {
+		.mem_ctx = mem_ctx,
+		.want_partition_dn = nc_root != NULL
+	};
+
+	if (!has_extended && !has_normal_components) {
+		return ldb_error(samdb, LDB_ERR_NO_SUCH_OBJECT,
+				 "Request for NC root for rootDSE (\"\") denied.");
+	}
+
+	tmp_ctx = talloc_new(samdb);
+	if (tmp_ctx == NULL) {
+		return ldb_oom(samdb);
+	}
+
+	res = talloc_zero(tmp_ctx, struct ldb_result);
+	if (res == NULL) {
+		talloc_free(tmp_ctx);
+		return ldb_oom(samdb);
+	}
+
+	if (has_extended && has_normal_components) {
+		bool minimise_ok;
+		search_dn = ldb_dn_copy(tmp_ctx, dn);
+		if (search_dn == NULL) {
+			talloc_free(tmp_ctx);
+			return ldb_oom(samdb);
+		}
+		minimise_ok = ldb_dn_minimise(search_dn);
+		if (!minimise_ok) {
+			talloc_free(tmp_ctx);
+			return ldb_operr(samdb);
+		}
+	}
+
+	ret = ldb_build_search_req(&req, samdb, tmp_ctx,
+				   search_dn,
+				   LDB_SCOPE_BASE,
+				   NULL,
+				   attrs,
+				   NULL,
+				   &context,
+				   dsdb_get_partition_and_dn,
+				   NULL);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	ret = ldb_request_add_control(req,
+				      DSDB_CONTROL_CURRENT_PARTITION_OID,
+				      false, NULL);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	ret = dsdb_request_add_controls(req,
+					DSDB_SEARCH_SHOW_RECYCLED|
+					DSDB_SEARCH_SHOW_DELETED|
+					DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	ret = ldb_request(samdb, req);
+	if (ret == LDB_SUCCESS) {
+		ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+	}
+
+	/*
+	 * This could be a new DN, not in the DB, which is OK.  If we
+	 * don't need the normalised DN, we can continue.
+	 *
+	 * We may be told the partition it would be in in the search
+	 * reply control, or if not we can do a string-based match.
+	 */
+
+	if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+		if (normalised_dn != NULL) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+		ret = LDB_SUCCESS;
+		ldb_reset_err_string(samdb);
+	} else if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	if (normalised_dn != NULL) {
+		if (context.count != 1) {
+			/* No results */
+			ldb_asprintf_errstring(samdb,
+					       "Request for NC root for %s failed to return any results.",
+					       ldb_dn_get_linearized(dn));
+			talloc_free(tmp_ctx);
+			return LDB_ERR_NO_SUCH_OBJECT;
+		}
+		*normalised_dn = context.dn;
+	}
+
+	/*
+	 * If the user did not need to find the nc_root,
+	 * we are done
+	 */
+	if (nc_root == NULL) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	/*
+	 * When we are working locally, both for the case were
+	 * we find the DN, and the case where we fail, we get
+	 * back via controls the partition it was in or should
+	 * have been in, to return to the client
+	 */
+	if (context.partition_dn != NULL) {
+		(*nc_root) = context.partition_dn;
+
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	/*
+	 * This is a remote operation, which is a little harder as we
+	 * have a work out the nc_root from the list of NCs. If we did
+	 * at least resolve the DN to a string, get that now, it makes
+	 * the string-based match below possible for a GUID-based
+	 * input over remote LDAP.
+	 */
+	if (context.dn) {
+		dn = context.dn;
+	} else if (has_extended && !has_normal_components) {
+		ldb_asprintf_errstring(samdb,
+				       "Cannot determine NC root "
+				       "for a not-found bare extended DN %s.",
+				       ldb_dn_get_extended_linearized(tmp_ctx, dn, 1));
+		talloc_free(tmp_ctx);
+		return LDB_ERR_NO_SUCH_OBJECT;
+	}
+
+	/*
+	 * Either we are working against a remote LDAP
+	 * server or the object doesn't exist locally.
+	 *
+	 * This means any GUID that was present in the DN
+	 * therefore could not be evaluated, so do a
+	 * string-based match instead.
+	 */
+	talloc_free(tmp_ctx);
+	return dsdb_find_nc_root_string_based(samdb,
+					      mem_ctx,
+					      dn,
+					      nc_root);
+}
+
+/*
+  find a NC root given a DN within the NC
+ */
+int dsdb_find_nc_root(struct ldb_context *samdb,
+		      TALLOC_CTX *mem_ctx,
+		      struct ldb_dn *dn,
+		      struct ldb_dn **nc_root)
+{
+	return dsdb_normalise_dn_and_find_nc_root(samdb,
+						  mem_ctx,
+						  dn,
+						  NULL,
+						  nc_root);
+}
+
+/*
+  find the deleted objects DN for any object, by looking for the NC
+  root, then looking up the wellknown GUID
+ */
+int dsdb_get_deleted_objects_dn(struct ldb_context *ldb,
+				TALLOC_CTX *mem_ctx, struct ldb_dn *obj_dn,
+				struct ldb_dn **do_dn)
+{
+	struct ldb_dn *nc_root;
+	int ret;
+
+	ret = dsdb_find_nc_root(ldb, mem_ctx, obj_dn, &nc_root);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = dsdb_wellknown_dn(ldb, mem_ctx, nc_root, DS_GUID_DELETED_OBJECTS_CONTAINER, do_dn);
+	talloc_free(nc_root);
+	return ret;
+}
+
+/*
+  return the tombstoneLifetime, in days
+ */
+int dsdb_tombstone_lifetime(struct ldb_context *ldb, uint32_t *lifetime)
+{
+	struct ldb_dn *dn;
+	dn = ldb_get_config_basedn(ldb);
+	if (!dn) {
+		return ldb_error(ldb, LDB_ERR_NO_SUCH_OBJECT, __func__);
+	}
+	dn = ldb_dn_copy(ldb, dn);
+	if (!dn) {
+		return ldb_operr(ldb);
+	}
+	/* see MS-ADTS section 7.1.1.2.4.1.1. There doesn't appear to
+	 be a wellknown GUID for this */
+	if (!ldb_dn_add_child_fmt(dn, "CN=Directory Service,CN=Windows NT,CN=Services")) {
+		talloc_free(dn);
+		return ldb_operr(ldb);
+	}
+
+	*lifetime = samdb_search_uint(ldb, dn, 180, dn, "tombstoneLifetime", "objectClass=nTDSService");
+	talloc_free(dn);
+	return LDB_SUCCESS;
+}
+
+/*
+  compare a ldb_val to a string case insensitively
+ */
+int samdb_ldb_val_case_cmp(const char *s, struct ldb_val *v)
+{
+	size_t len = strlen(s);
+	int ret;
+	if (len > v->length) return 1;
+	ret = strncasecmp(s, (const char *)v->data, v->length);
+	if (ret != 0) return ret;
+	if (v->length > len && v->data[len] != 0) {
+		return -1;
+	}
+	return 0;
+}
+
+
+/*
+  load the UDV for a partition in v2 format
+  The list is returned sorted, and with our local cursor added
+ */
+int dsdb_load_udv_v2(struct ldb_context *samdb, struct ldb_dn *dn, TALLOC_CTX *mem_ctx,
+		     struct drsuapi_DsReplicaCursor2 **cursors, uint32_t *count)
+{
+	static const char *attrs[] = { "replUpToDateVector", NULL };
+	struct ldb_result *r = NULL;
+	const struct ldb_val *ouv_value;
+	unsigned int i;
+	int ret;
+	uint64_t highest_usn = 0;
+	const struct GUID *our_invocation_id;
+	static const struct timeval tv1970;
+	NTTIME nt1970 = timeval_to_nttime(&tv1970);
+
+	ret = dsdb_search_dn(samdb, mem_ctx, &r, dn, attrs, DSDB_SEARCH_SHOW_RECYCLED|DSDB_SEARCH_SHOW_DELETED);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	/* fix clang warning */
+	if (r == NULL) {
+		return LDB_ERR_OTHER;
+	}
+	ouv_value = ldb_msg_find_ldb_val(r->msgs[0], "replUpToDateVector");
+	if (ouv_value) {
+		enum ndr_err_code ndr_err;
+		struct replUpToDateVectorBlob ouv;
+
+		ndr_err = ndr_pull_struct_blob(ouv_value, r, &ouv,
+					       (ndr_pull_flags_fn_t)ndr_pull_replUpToDateVectorBlob);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			talloc_free(r);
+			return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
+		}
+		if (ouv.version != 2) {
+			/* we always store as version 2, and
+			 * replUpToDateVector is not replicated
+			 */
+			talloc_free(r);
+			return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
+		}
+
+		*count = ouv.ctr.ctr2.count;
+		*cursors = talloc_steal(mem_ctx, ouv.ctr.ctr2.cursors);
+	} else {
+		*count = 0;
+		*cursors = NULL;
+	}
+
+	talloc_free(r);
+
+	our_invocation_id = samdb_ntds_invocation_id(samdb);
+	if (!our_invocation_id) {
+		DEBUG(0,(__location__ ": No invocationID on samdb - %s\n", ldb_errstring(samdb)));
+		talloc_free(*cursors);
+		return ldb_operr(samdb);
+	}
+
+	ret = ldb_sequence_number(samdb, LDB_SEQ_HIGHEST_SEQ, &highest_usn);
+	if (ret != LDB_SUCCESS) {
+		/* nothing to add - this can happen after a vampire */
+		TYPESAFE_QSORT(*cursors, *count, drsuapi_DsReplicaCursor2_compare);
+		return LDB_SUCCESS;
+	}
+
+	for (i=0; i<*count; i++) {
+		if (GUID_equal(our_invocation_id, &(*cursors)[i].source_dsa_invocation_id)) {
+			(*cursors)[i].highest_usn = highest_usn;
+			(*cursors)[i].last_sync_success = nt1970;
+			TYPESAFE_QSORT(*cursors, *count, drsuapi_DsReplicaCursor2_compare);
+			return LDB_SUCCESS;
+		}
+	}
+
+	(*cursors) = talloc_realloc(mem_ctx, *cursors, struct drsuapi_DsReplicaCursor2, (*count)+1);
+	if (! *cursors) {
+		return ldb_oom(samdb);
+	}
+
+	(*cursors)[*count].source_dsa_invocation_id = *our_invocation_id;
+	(*cursors)[*count].highest_usn = highest_usn;
+	(*cursors)[*count].last_sync_success = nt1970;
+	(*count)++;
+
+	TYPESAFE_QSORT(*cursors, *count, drsuapi_DsReplicaCursor2_compare);
+
+	return LDB_SUCCESS;
+}
+
+/*
+  load the UDV for a partition in version 1 format
+  The list is returned sorted, and with our local cursor added
+ */
+int dsdb_load_udv_v1(struct ldb_context *samdb, struct ldb_dn *dn, TALLOC_CTX *mem_ctx,
+		     struct drsuapi_DsReplicaCursor **cursors, uint32_t *count)
+{
+	struct drsuapi_DsReplicaCursor2 *v2 = NULL;
+	uint32_t i;
+	int ret;
+
+	ret = dsdb_load_udv_v2(samdb, dn, mem_ctx, &v2, count);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (*count == 0) {
+		talloc_free(v2);
+		*cursors = NULL;
+		return LDB_SUCCESS;
+	}
+
+	*cursors = talloc_array(mem_ctx, struct drsuapi_DsReplicaCursor, *count);
+	if (*cursors == NULL) {
+		talloc_free(v2);
+		return ldb_oom(samdb);
+	}
+
+	for (i=0; i<*count; i++) {
+		(*cursors)[i].source_dsa_invocation_id = v2[i].source_dsa_invocation_id;
+		(*cursors)[i].highest_usn = v2[i].highest_usn;
+	}
+	talloc_free(v2);
+	return LDB_SUCCESS;
+}
+
+/*
+  add a set of controls to a ldb_request structure based on a set of
+  flags. See util.h for a list of available flags
+ */
+int dsdb_request_add_controls(struct ldb_request *req, uint32_t dsdb_flags)
+{
+	int ret;
+	if (dsdb_flags & DSDB_SEARCH_SEARCH_ALL_PARTITIONS) {
+		struct ldb_search_options_control *options;
+		/* Using the phantom root control allows us to search all partitions */
+		options = talloc(req, struct ldb_search_options_control);
+		if (options == NULL) {
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+		options->search_options = LDB_SEARCH_OPTION_PHANTOM_ROOT;
+
+		ret = ldb_request_add_control(req,
+					      LDB_CONTROL_SEARCH_OPTIONS_OID,
+					      true, options);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	if (dsdb_flags & DSDB_SEARCH_NO_GLOBAL_CATALOG) {
+		ret = ldb_request_add_control(req,
+					      DSDB_CONTROL_NO_GLOBAL_CATALOG,
+					      false, NULL);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	if (dsdb_flags & DSDB_SEARCH_SHOW_DELETED) {
+		ret = ldb_request_add_control(req, LDB_CONTROL_SHOW_DELETED_OID, true, NULL);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	if (dsdb_flags & DSDB_SEARCH_SHOW_RECYCLED) {
+		ret = ldb_request_add_control(req, LDB_CONTROL_SHOW_RECYCLED_OID, false, NULL);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	if (dsdb_flags & DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT) {
+		ret = ldb_request_add_control(req, DSDB_CONTROL_DN_STORAGE_FORMAT_OID, false, NULL);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	if (dsdb_flags & DSDB_SEARCH_SHOW_EXTENDED_DN) {
+		struct ldb_extended_dn_control *extended_ctrl = talloc(req, struct ldb_extended_dn_control);
+		if (!extended_ctrl) {
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+		extended_ctrl->type = 1;
+
+		ret = ldb_request_add_control(req, LDB_CONTROL_EXTENDED_DN_OID, true, extended_ctrl);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	if (dsdb_flags & DSDB_SEARCH_REVEAL_INTERNALS) {
+		ret = ldb_request_add_control(req, LDB_CONTROL_REVEAL_INTERNALS, false, NULL);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	if (dsdb_flags & DSDB_MODIFY_RELAX) {
+		ret = ldb_request_add_control(req, LDB_CONTROL_RELAX_OID, false, NULL);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	if (dsdb_flags & DSDB_MODIFY_PERMISSIVE) {
+		ret = ldb_request_add_control(req, LDB_CONTROL_PERMISSIVE_MODIFY_OID, false, NULL);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	if (dsdb_flags & DSDB_FLAG_AS_SYSTEM) {
+		ret = ldb_request_add_control(req, LDB_CONTROL_AS_SYSTEM_OID, false, NULL);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	if (dsdb_flags & DSDB_TREE_DELETE) {
+		ret = ldb_request_add_control(req, LDB_CONTROL_TREE_DELETE_OID, false, NULL);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	if (dsdb_flags & DSDB_PROVISION) {
+		ret = ldb_request_add_control(req, LDB_CONTROL_PROVISION_OID, false, NULL);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	/* This is a special control to bypass the password_hash module for use in pdb_samba4 for Samba3 upgrades */
+	if (dsdb_flags & DSDB_BYPASS_PASSWORD_HASH) {
+		ret = ldb_request_add_control(req, DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID, true, NULL);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	if (dsdb_flags & DSDB_PASSWORD_BYPASS_LAST_SET) {
+		/*
+		 * This must not be critical, as it will only be
+		 * handled (and need to be handled) if the other
+		 * attributes in the request bring password_hash into
+		 * action
+		 */
+		ret = ldb_request_add_control(req, DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID, false, NULL);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	if (dsdb_flags & DSDB_REPLMD_VANISH_LINKS) {
+		ret = ldb_request_add_control(req, DSDB_CONTROL_REPLMD_VANISH_LINKS, true, NULL);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	if (dsdb_flags & DSDB_MODIFY_PARTIAL_REPLICA) {
+		ret = ldb_request_add_control(req, DSDB_CONTROL_PARTIAL_REPLICA, false, NULL);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	if (dsdb_flags & DSDB_FLAG_REPLICATED_UPDATE) {
+		ret = ldb_request_add_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID, false, NULL);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	if (dsdb_flags & DSDB_FLAG_FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE) {
+		ret = ldb_request_add_control(req, DSDB_CONTROL_FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE_OID, true, NULL);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	if (dsdb_flags & DSDB_MARK_REQ_UNTRUSTED) {
+		ldb_req_mark_untrusted(req);
+	}
+
+	return LDB_SUCCESS;
+}
+
+/*
+   returns true if a control with the specified "oid" exists
+*/
+bool dsdb_request_has_control(struct ldb_request *req, const char *oid)
+{
+	return (ldb_request_get_control(req, oid) != NULL);
+}
+
+/*
+  an add with a set of controls
+*/
+int dsdb_add(struct ldb_context *ldb, const struct ldb_message *message,
+	     uint32_t dsdb_flags)
+{
+	struct ldb_request *req;
+	int ret;
+
+	ret = ldb_build_add_req(&req, ldb, ldb,
+				message,
+				NULL,
+				NULL,
+				ldb_op_default_callback,
+				NULL);
+
+	if (ret != LDB_SUCCESS) return ret;
+
+	ret = dsdb_request_add_controls(req, dsdb_flags);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(req);
+		return ret;
+	}
+
+	ret = dsdb_autotransaction_request(ldb, req);
+
+	talloc_free(req);
+	return ret;
+}
+
+/*
+  a modify with a set of controls
+*/
+int dsdb_modify(struct ldb_context *ldb, const struct ldb_message *message,
+		uint32_t dsdb_flags)
+{
+	struct ldb_request *req;
+	int ret;
+
+	ret = ldb_build_mod_req(&req, ldb, ldb,
+				message,
+				NULL,
+				NULL,
+				ldb_op_default_callback,
+				NULL);
+
+	if (ret != LDB_SUCCESS) return ret;
+
+	ret = dsdb_request_add_controls(req, dsdb_flags);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(req);
+		return ret;
+	}
+
+	ret = dsdb_autotransaction_request(ldb, req);
+
+	talloc_free(req);
+	return ret;
+}
+
+/*
+  a delete with a set of flags
+*/
+int dsdb_delete(struct ldb_context *ldb, struct ldb_dn *dn,
+		uint32_t dsdb_flags)
+{
+	struct ldb_request *req;
+	int ret;
+
+	ret = ldb_build_del_req(&req, ldb, ldb,
+				dn,
+				NULL,
+				NULL,
+				ldb_op_default_callback,
+				NULL);
+
+	if (ret != LDB_SUCCESS) return ret;
+
+	ret = dsdb_request_add_controls(req, dsdb_flags);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(req);
+		return ret;
+	}
+
+	ret = dsdb_autotransaction_request(ldb, req);
+
+	talloc_free(req);
+	return ret;
+}
+
+/*
+  like dsdb_modify() but set all the element flags to
+  LDB_FLAG_MOD_REPLACE
+ */
+int dsdb_replace(struct ldb_context *ldb, struct ldb_message *msg, uint32_t dsdb_flags)
+{
+	unsigned int i;
+
+	/* mark all the message elements as LDB_FLAG_MOD_REPLACE */
+	for (i=0;i<msg->num_elements;i++) {
+		msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
+	}
+
+	return dsdb_modify(ldb, msg, dsdb_flags);
+}
+
+const char *dsdb_search_scope_as_string(enum ldb_scope scope)
+{
+	const char *scope_str;
+
+	switch (scope) {
+	case LDB_SCOPE_BASE:
+		scope_str = "BASE";
+		break;
+	case LDB_SCOPE_ONELEVEL:
+		scope_str = "ONE";
+		break;
+	case LDB_SCOPE_SUBTREE:
+		scope_str = "SUB";
+		break;
+	default:
+		scope_str = "<Invalid scope>";
+		break;
+	}
+	return scope_str;
+}
+
+
+/*
+  search for attrs on one DN, allowing for dsdb_flags controls
+ */
+int dsdb_search_dn(struct ldb_context *ldb,
+		   TALLOC_CTX *mem_ctx,
+		   struct ldb_result **_result,
+		   struct ldb_dn *basedn,
+		   const char * const *attrs,
+		   uint32_t dsdb_flags)
+{
+	int ret;
+	struct ldb_request *req;
+	struct ldb_result *res;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+
+	if (tmp_ctx == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	res = talloc_zero(tmp_ctx, struct ldb_result);
+	if (!res) {
+		talloc_free(tmp_ctx);
+		return ldb_oom(ldb);
+	}
+
+	ret = ldb_build_search_req(&req, ldb, res,
+				   basedn,
+				   LDB_SCOPE_BASE,
+				   NULL,
+				   attrs,
+				   NULL,
+				   res,
+				   ldb_search_default_callback,
+				   NULL);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	ret = dsdb_request_add_controls(req, dsdb_flags);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	ret = ldb_request(ldb, req);
+	if (ret == LDB_SUCCESS) {
+		ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+	}
+
+	talloc_free(req);
+	if (ret != LDB_SUCCESS) {
+		DBG_INFO("flags=0x%08x %s -> %s (%s)\n",
+			 dsdb_flags,
+			 basedn?ldb_dn_get_extended_linearized(tmp_ctx,
+							       basedn,
+							       1):"NULL",
+			 ldb_errstring(ldb), ldb_strerror(ret));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	DBG_DEBUG("flags=0x%08x %s -> %d\n",
+		  dsdb_flags,
+		  basedn?ldb_dn_get_extended_linearized(tmp_ctx,
+							basedn,
+							1):"NULL",
+		  res->count);
+
+	*_result = talloc_steal(mem_ctx, res);
+
+	talloc_free(tmp_ctx);
+	return LDB_SUCCESS;
+}
+
+/*
+  search for attrs on one DN, by the GUID of the DN, allowing for
+  dsdb_flags controls
+ */
+int dsdb_search_by_dn_guid(struct ldb_context *ldb,
+			   TALLOC_CTX *mem_ctx,
+			   struct ldb_result **_result,
+			   const struct GUID *guid,
+			   const char * const *attrs,
+			   uint32_t dsdb_flags)
+{
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	struct ldb_dn *dn;
+	int ret;
+
+	if (tmp_ctx == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	dn = ldb_dn_new_fmt(tmp_ctx, ldb, "<GUID=%s>", GUID_string(tmp_ctx, guid));
+	if (dn == NULL) {
+		talloc_free(tmp_ctx);
+		return ldb_oom(ldb);
+	}
+
+	ret = dsdb_search_dn(ldb, mem_ctx, _result, dn, attrs, dsdb_flags);
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+/*
+  general search with dsdb_flags for controls
+ */
+int dsdb_search(struct ldb_context *ldb,
+		TALLOC_CTX *mem_ctx,
+		struct ldb_result **_result,
+		struct ldb_dn *basedn,
+		enum ldb_scope scope,
+		const char * const *attrs,
+		uint32_t dsdb_flags,
+		const char *exp_fmt, ...) _PRINTF_ATTRIBUTE(8, 9)
+{
+	int ret;
+	struct ldb_request *req;
+	struct ldb_result *res;
+	va_list ap;
+	char *expression = NULL;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+
+	/* cross-partitions searches with a basedn break multi-domain support */
+	SMB_ASSERT(basedn == NULL || (dsdb_flags & DSDB_SEARCH_SEARCH_ALL_PARTITIONS) == 0);
+
+	if (tmp_ctx == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	res = talloc_zero(tmp_ctx, struct ldb_result);
+	if (!res) {
+		talloc_free(tmp_ctx);
+		return ldb_oom(ldb);
+	}
+
+	if (exp_fmt) {
+		va_start(ap, exp_fmt);
+		expression = talloc_vasprintf(tmp_ctx, exp_fmt, ap);
+		va_end(ap);
+
+		if (!expression) {
+			talloc_free(tmp_ctx);
+			return ldb_oom(ldb);
+		}
+	}
+
+	ret = ldb_build_search_req(&req, ldb, tmp_ctx,
+				   basedn,
+				   scope,
+				   expression,
+				   attrs,
+				   NULL,
+				   res,
+				   ldb_search_default_callback,
+				   NULL);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	ret = dsdb_request_add_controls(req, dsdb_flags);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		ldb_reset_err_string(ldb);
+		return ret;
+	}
+
+	ret = ldb_request(ldb, req);
+	if (ret == LDB_SUCCESS) {
+		ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+	}
+
+	if (ret != LDB_SUCCESS) {
+		DBG_INFO("%s flags=0x%08x %s %s -> %s (%s)\n",
+			 dsdb_search_scope_as_string(scope),
+			 dsdb_flags,
+			 basedn?ldb_dn_get_extended_linearized(tmp_ctx,
+							       basedn,
+							       1):"NULL",
+			 expression?expression:"NULL",
+			 ldb_errstring(ldb), ldb_strerror(ret));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	if (dsdb_flags & DSDB_SEARCH_ONE_ONLY) {
+		if (res->count == 0) {
+			DBG_INFO("%s SEARCH_ONE_ONLY flags=0x%08x %s %s -> %u results\n",
+				 dsdb_search_scope_as_string(scope),
+				 dsdb_flags,
+				 basedn?ldb_dn_get_extended_linearized(tmp_ctx,
+								       basedn,
+								       1):"NULL",
+				 expression?expression:"NULL", res->count);
+			talloc_free(tmp_ctx);
+			ldb_reset_err_string(ldb);
+			return ldb_error(ldb, LDB_ERR_NO_SUCH_OBJECT, __func__);
+		}
+		if (res->count != 1) {
+			DBG_INFO("%s SEARCH_ONE_ONLY flags=0x%08x %s %s -> %u (expected 1) results\n",
+				 dsdb_search_scope_as_string(scope),
+				 dsdb_flags,
+				 basedn?ldb_dn_get_extended_linearized(tmp_ctx,
+								       basedn,
+								       1):"NULL",
+				 expression?expression:"NULL", res->count);
+			talloc_free(tmp_ctx);
+			ldb_reset_err_string(ldb);
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+	}
+
+	*_result = talloc_steal(mem_ctx, res);
+
+	DBG_DEBUG("%s flags=0x%08x %s %s -> %d\n",
+		  dsdb_search_scope_as_string(scope),
+		  dsdb_flags,
+		  basedn?ldb_dn_get_extended_linearized(tmp_ctx,
+							basedn,
+							1):"NULL",
+		  expression?expression:"NULL",
+		  res->count);
+	talloc_free(tmp_ctx);
+	return LDB_SUCCESS;
+}
+
+
+/*
+  general search with dsdb_flags for controls
+  returns exactly 1 record or an error
+ */
+int dsdb_search_one(struct ldb_context *ldb,
+		    TALLOC_CTX *mem_ctx,
+		    struct ldb_message **msg,
+		    struct ldb_dn *basedn,
+		    enum ldb_scope scope,
+		    const char * const *attrs,
+		    uint32_t dsdb_flags,
+		    const char *exp_fmt, ...) _PRINTF_ATTRIBUTE(8, 9)
+{
+	int ret;
+	struct ldb_result *res;
+	va_list ap;
+	char *expression = NULL;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+
+	if (tmp_ctx == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	dsdb_flags |= DSDB_SEARCH_ONE_ONLY;
+
+	res = talloc_zero(tmp_ctx, struct ldb_result);
+	if (!res) {
+		talloc_free(tmp_ctx);
+		return ldb_oom(ldb);
+	}
+
+	if (exp_fmt) {
+		va_start(ap, exp_fmt);
+		expression = talloc_vasprintf(tmp_ctx, exp_fmt, ap);
+		va_end(ap);
+
+		if (!expression) {
+			talloc_free(tmp_ctx);
+			return ldb_oom(ldb);
+		}
+		ret = dsdb_search(ldb, tmp_ctx, &res, basedn, scope, attrs,
+				  dsdb_flags, "%s", expression);
+	} else {
+		ret = dsdb_search(ldb, tmp_ctx, &res, basedn, scope, attrs,
+				  dsdb_flags, NULL);
+	}
+
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	*msg = talloc_steal(mem_ctx, res->msgs[0]);
+	talloc_free(tmp_ctx);
+
+	return LDB_SUCCESS;
+}
+
+/* returns back the forest DNS name */
+const char *samdb_forest_name(struct ldb_context *ldb, TALLOC_CTX *mem_ctx)
+{
+	const char *forest_name = ldb_dn_canonical_string(mem_ctx,
+							  ldb_get_root_basedn(ldb));
+	char *p;
+
+	if (forest_name == NULL) {
+		return NULL;
+	}
+
+	p = strchr(forest_name, '/');
+	if (p) {
+		*p = '\0';
+	}
+
+	return forest_name;
+}
+
+/* returns back the default domain DNS name */
+const char *samdb_default_domain_name(struct ldb_context *ldb, TALLOC_CTX *mem_ctx)
+{
+	const char *domain_name = ldb_dn_canonical_string(mem_ctx,
+							  ldb_get_default_basedn(ldb));
+	char *p;
+
+	if (domain_name == NULL) {
+		return NULL;
+	}
+
+	p = strchr(domain_name, '/');
+	if (p) {
+		*p = '\0';
+	}
+
+	return domain_name;
+}
+
+/*
+   validate that an DSA GUID belongs to the specified user sid.
+   The user SID must be a domain controller account (either RODC or
+   RWDC)
+ */
+int dsdb_validate_dsa_guid(struct ldb_context *ldb,
+			   const struct GUID *dsa_guid,
+			   const struct dom_sid *sid)
+{
+	/* strategy:
+	    - find DN of record with the DSA GUID in the
+	      configuration partition (objectGUID)
+            - remove "NTDS Settings" component from DN
+	    - do a base search on that DN for serverReference with
+	      extended-dn enabled
+            - extract objectSid from resulting serverReference
+              attribute
+	    - check this sid matches the sid argument
+	*/
+	struct ldb_dn *config_dn;
+	TALLOC_CTX *tmp_ctx = talloc_new(ldb);
+	struct ldb_message *msg;
+	const char *attrs1[] = { NULL };
+	const char *attrs2[] = { "serverReference", NULL };
+	int ret;
+	struct ldb_dn *dn, *account_dn;
+	struct dom_sid sid2;
+	NTSTATUS status;
+
+	if (tmp_ctx == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	config_dn = ldb_get_config_basedn(ldb);
+
+	ret = dsdb_search_one(ldb, tmp_ctx, &msg, config_dn, LDB_SCOPE_SUBTREE,
+			      attrs1, 0, "(&(objectGUID=%s)(objectClass=nTDSDSA))", GUID_string(tmp_ctx, dsa_guid));
+	if (ret != LDB_SUCCESS) {
+		DEBUG(1,(__location__ ": Failed to find DSA objectGUID %s for sid %s\n",
+			 GUID_string(tmp_ctx, dsa_guid), dom_sid_string(tmp_ctx, sid)));
+		talloc_free(tmp_ctx);
+		return ldb_operr(ldb);
+	}
+	dn = msg->dn;
+
+	if (!ldb_dn_remove_child_components(dn, 1)) {
+		talloc_free(tmp_ctx);
+		return ldb_operr(ldb);
+	}
+
+	ret = dsdb_search_one(ldb, tmp_ctx, &msg, dn, LDB_SCOPE_BASE,
+			      attrs2, DSDB_SEARCH_SHOW_EXTENDED_DN,
+			      "(objectClass=server)");
+	if (ret != LDB_SUCCESS) {
+		DEBUG(1,(__location__ ": Failed to find server record for DSA with objectGUID %s, sid %s\n",
+			 GUID_string(tmp_ctx, dsa_guid), dom_sid_string(tmp_ctx, sid)));
+		talloc_free(tmp_ctx);
+		return ldb_operr(ldb);
+	}
+
+	account_dn = ldb_msg_find_attr_as_dn(ldb, tmp_ctx, msg, "serverReference");
+	if (account_dn == NULL) {
+		DEBUG(1,(__location__ ": Failed to find account dn "
+			 "(serverReference) for %s, parent of DSA with "
+			 "objectGUID %s, sid %s\n",
+			 ldb_dn_get_linearized(msg->dn),
+			 GUID_string(tmp_ctx, dsa_guid),
+			 dom_sid_string(tmp_ctx, sid)));
+		talloc_free(tmp_ctx);
+		return ldb_operr(ldb);
+	}
+
+	status = dsdb_get_extended_dn_sid(account_dn, &sid2, "SID");
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(1,(__location__ ": Failed to find SID for DSA with objectGUID %s, sid %s\n",
+			 GUID_string(tmp_ctx, dsa_guid), dom_sid_string(tmp_ctx, sid)));
+		talloc_free(tmp_ctx);
+		return ldb_operr(ldb);
+	}
+
+	if (!dom_sid_equal(sid, &sid2)) {
+		/* someone is trying to spoof another account */
+		DEBUG(0,(__location__ ": Bad DSA objectGUID %s for sid %s - expected sid %s\n",
+			 GUID_string(tmp_ctx, dsa_guid),
+			 dom_sid_string(tmp_ctx, sid),
+			 dom_sid_string(tmp_ctx, &sid2)));
+		talloc_free(tmp_ctx);
+		return ldb_operr(ldb);
+	}
+
+	talloc_free(tmp_ctx);
+	return LDB_SUCCESS;
+}
+
+static const char * const secret_attributes[] = {
+	DSDB_SECRET_ATTRIBUTES,
+	NULL
+};
+
+/*
+  check if the attribute belongs to the RODC filtered attribute set
+  Note that attributes that are in the filtered attribute set are the
+  ones that _are_ always sent to a RODC
+*/
+bool dsdb_attr_in_rodc_fas(const struct dsdb_attribute *sa)
+{
+	/* they never get secret attributes */
+	if (ldb_attr_in_list(secret_attributes, sa->lDAPDisplayName)) {
+		return false;
+	}
+
+	/* they do get non-secret critical attributes */
+	if (sa->schemaFlagsEx & SCHEMA_FLAG_ATTR_IS_CRITICAL) {
+		return true;
+	}
+
+	/* they do get non-secret attributes marked as being in the FAS  */
+	if (sa->searchFlags & SEARCH_FLAG_RODC_ATTRIBUTE) {
+		return true;
+	}
+
+	/* other attributes are denied */
+	return false;
+}
+
+/* return fsmo role dn and role owner dn for a particular role*/
+WERROR dsdb_get_fsmo_role_info(TALLOC_CTX *tmp_ctx,
+			       struct ldb_context *ldb,
+			       uint32_t role,
+			       struct ldb_dn **fsmo_role_dn,
+			       struct ldb_dn **role_owner_dn)
+{
+	int ret;
+	switch (role) {
+	case DREPL_NAMING_MASTER:
+		*fsmo_role_dn = samdb_partitions_dn(ldb, tmp_ctx);
+		ret = samdb_reference_dn(ldb, tmp_ctx, *fsmo_role_dn, "fSMORoleOwner", role_owner_dn);
+		if (ret != LDB_SUCCESS) {
+			DEBUG(0,(__location__ ": Failed to find fSMORoleOwner in Naming Master object - %s\n",
+				 ldb_errstring(ldb)));
+			talloc_free(tmp_ctx);
+			return WERR_DS_DRA_INTERNAL_ERROR;
+		}
+		break;
+	case DREPL_INFRASTRUCTURE_MASTER:
+		*fsmo_role_dn = samdb_infrastructure_dn(ldb, tmp_ctx);
+		ret = samdb_reference_dn(ldb, tmp_ctx, *fsmo_role_dn, "fSMORoleOwner", role_owner_dn);
+		if (ret != LDB_SUCCESS) {
+			DEBUG(0,(__location__ ": Failed to find fSMORoleOwner in Schema Master object - %s\n",
+				 ldb_errstring(ldb)));
+			talloc_free(tmp_ctx);
+			return WERR_DS_DRA_INTERNAL_ERROR;
+		}
+		break;
+	case DREPL_RID_MASTER:
+		ret = samdb_rid_manager_dn(ldb, tmp_ctx, fsmo_role_dn);
+		if (ret != LDB_SUCCESS) {
+			DEBUG(0, (__location__ ": Failed to find RID Manager object - %s\n", ldb_errstring(ldb)));
+			talloc_free(tmp_ctx);
+			return WERR_DS_DRA_INTERNAL_ERROR;
+		}
+
+		ret = samdb_reference_dn(ldb, tmp_ctx, *fsmo_role_dn, "fSMORoleOwner", role_owner_dn);
+		if (ret != LDB_SUCCESS) {
+			DEBUG(0,(__location__ ": Failed to find fSMORoleOwner in RID Manager object - %s\n",
+				 ldb_errstring(ldb)));
+			talloc_free(tmp_ctx);
+			return WERR_DS_DRA_INTERNAL_ERROR;
+		}
+		break;
+	case DREPL_SCHEMA_MASTER:
+		*fsmo_role_dn = ldb_get_schema_basedn(ldb);
+		ret = samdb_reference_dn(ldb, tmp_ctx, *fsmo_role_dn, "fSMORoleOwner", role_owner_dn);
+		if (ret != LDB_SUCCESS) {
+			DEBUG(0,(__location__ ": Failed to find fSMORoleOwner in Schema Master object - %s\n",
+				 ldb_errstring(ldb)));
+			talloc_free(tmp_ctx);
+			return WERR_DS_DRA_INTERNAL_ERROR;
+		}
+		break;
+	case DREPL_PDC_MASTER:
+		*fsmo_role_dn = ldb_get_default_basedn(ldb);
+		ret = samdb_reference_dn(ldb, tmp_ctx, *fsmo_role_dn, "fSMORoleOwner", role_owner_dn);
+		if (ret != LDB_SUCCESS) {
+			DEBUG(0,(__location__ ": Failed to find fSMORoleOwner in Pd Master object - %s\n",
+				 ldb_errstring(ldb)));
+			talloc_free(tmp_ctx);
+			return WERR_DS_DRA_INTERNAL_ERROR;
+		}
+		break;
+	default:
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+	return WERR_OK;
+}
+
+const char *samdb_dn_to_dnshostname(struct ldb_context *ldb,
+				    TALLOC_CTX *mem_ctx,
+				    struct ldb_dn *server_dn)
+{
+	int ldb_ret;
+	struct ldb_result *res = NULL;
+	const char * const attrs[] = { "dNSHostName", NULL};
+
+	ldb_ret = ldb_search(ldb, mem_ctx, &res,
+			     server_dn,
+			     LDB_SCOPE_BASE,
+			     attrs, NULL);
+	if (ldb_ret != LDB_SUCCESS) {
+		DEBUG(4, ("Failed to find dNSHostName for dn %s, ldb error: %s\n",
+			  ldb_dn_get_linearized(server_dn), ldb_errstring(ldb)));
+		return NULL;
+	}
+
+	return ldb_msg_find_attr_as_string(res->msgs[0], "dNSHostName", NULL);
+}
+
+/*
+  returns true if an attribute is in the filter,
+  false otherwise, provided that attribute value is provided with the expression
+*/
+bool dsdb_attr_in_parse_tree(struct ldb_parse_tree *tree,
+			     const char *attr)
+{
+       unsigned int i;
+       switch (tree->operation) {
+       case LDB_OP_AND:
+       case LDB_OP_OR:
+               for (i=0;i<tree->u.list.num_elements;i++) {
+                       if (dsdb_attr_in_parse_tree(tree->u.list.elements[i],
+                                                       attr))
+                               return true;
+               }
+               return false;
+       case LDB_OP_NOT:
+               return dsdb_attr_in_parse_tree(tree->u.isnot.child, attr);
+       case LDB_OP_EQUALITY:
+               if (ldb_attr_cmp(tree->u.equality.attr, attr) == 0) {
+                       return true;
+               }
+               return false;
+       case LDB_OP_GREATER:
+       case LDB_OP_LESS:
+       case LDB_OP_APPROX:
+               if (ldb_attr_cmp(tree->u.comparison.attr, attr) == 0) {
+                       return true;
+               }
+               return false;
+       case LDB_OP_SUBSTRING:
+               if (ldb_attr_cmp(tree->u.substring.attr, attr) == 0) {
+                       return true;
+               }
+               return false;
+       case LDB_OP_PRESENT:
+	       /* (attrname=*) is not filtered out */
+               return false;
+       case LDB_OP_EXTENDED:
+               if (tree->u.extended.attr &&
+                   ldb_attr_cmp(tree->u.extended.attr, attr) == 0) {
+		       return true;
+               }
+               return false;
+       }
+       return false;
+}
+
+int dsdb_werror_at(struct ldb_context *ldb, int ldb_ecode, WERROR werr,
+		   const char *location, const char *func,
+		   const char *reason)
+{
+	if (reason == NULL) {
+		reason = win_errstr(werr);
+	}
+	ldb_asprintf_errstring(ldb, "%08X: %s at %s:%s",
+			       W_ERROR_V(werr), reason, location, func);
+	return ldb_ecode;
+}
+
+/*
+  map an ldb error code to an approximate NTSTATUS code
+ */
+NTSTATUS dsdb_ldb_err_to_ntstatus(int err)
+{
+	switch (err) {
+	case LDB_SUCCESS:
+		return NT_STATUS_OK;
+
+	case LDB_ERR_PROTOCOL_ERROR:
+		return NT_STATUS_DEVICE_PROTOCOL_ERROR;
+
+	case LDB_ERR_TIME_LIMIT_EXCEEDED:
+		return NT_STATUS_IO_TIMEOUT;
+
+	case LDB_ERR_SIZE_LIMIT_EXCEEDED:
+		return NT_STATUS_BUFFER_TOO_SMALL;
+
+	case LDB_ERR_COMPARE_FALSE:
+	case LDB_ERR_COMPARE_TRUE:
+		return NT_STATUS_REVISION_MISMATCH;
+
+	case LDB_ERR_AUTH_METHOD_NOT_SUPPORTED:
+		return NT_STATUS_NOT_SUPPORTED;
+
+	case LDB_ERR_STRONG_AUTH_REQUIRED:
+	case LDB_ERR_CONFIDENTIALITY_REQUIRED:
+	case LDB_ERR_SASL_BIND_IN_PROGRESS:
+	case LDB_ERR_INAPPROPRIATE_AUTHENTICATION:
+	case LDB_ERR_INVALID_CREDENTIALS:
+	case LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS:
+	case LDB_ERR_UNWILLING_TO_PERFORM:
+		return NT_STATUS_ACCESS_DENIED;
+
+	case LDB_ERR_NO_SUCH_OBJECT:
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+
+	case LDB_ERR_REFERRAL:
+	case LDB_ERR_NO_SUCH_ATTRIBUTE:
+		return NT_STATUS_NOT_FOUND;
+
+	case LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION:
+		return NT_STATUS_NOT_SUPPORTED;
+
+	case LDB_ERR_ADMIN_LIMIT_EXCEEDED:
+		return NT_STATUS_BUFFER_TOO_SMALL;
+
+	case LDB_ERR_UNDEFINED_ATTRIBUTE_TYPE:
+	case LDB_ERR_INAPPROPRIATE_MATCHING:
+	case LDB_ERR_CONSTRAINT_VIOLATION:
+	case LDB_ERR_INVALID_ATTRIBUTE_SYNTAX:
+	case LDB_ERR_INVALID_DN_SYNTAX:
+	case LDB_ERR_NAMING_VIOLATION:
+	case LDB_ERR_OBJECT_CLASS_VIOLATION:
+	case LDB_ERR_NOT_ALLOWED_ON_NON_LEAF:
+	case LDB_ERR_NOT_ALLOWED_ON_RDN:
+		return NT_STATUS_INVALID_PARAMETER;
+
+	case LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS:
+	case LDB_ERR_ENTRY_ALREADY_EXISTS:
+		return NT_STATUS_ERROR_DS_OBJ_STRING_NAME_EXISTS;
+
+	case LDB_ERR_BUSY:
+		return NT_STATUS_NETWORK_BUSY;
+
+	case LDB_ERR_ALIAS_PROBLEM:
+	case LDB_ERR_ALIAS_DEREFERENCING_PROBLEM:
+	case LDB_ERR_UNAVAILABLE:
+	case LDB_ERR_LOOP_DETECT:
+	case LDB_ERR_OBJECT_CLASS_MODS_PROHIBITED:
+	case LDB_ERR_AFFECTS_MULTIPLE_DSAS:
+	case LDB_ERR_OTHER:
+	case LDB_ERR_OPERATIONS_ERROR:
+		break;
+	}
+	return NT_STATUS_UNSUCCESSFUL;
+}
+
+
+/*
+  create a new naming context that will hold a partial replica
+ */
+int dsdb_create_partial_replica_NC(struct ldb_context *ldb,  struct ldb_dn *dn)
+{
+	TALLOC_CTX *tmp_ctx = talloc_new(ldb);
+	struct ldb_message *msg;
+	int ret;
+
+	if (tmp_ctx == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	msg = ldb_msg_new(tmp_ctx);
+	if (msg == NULL) {
+		talloc_free(tmp_ctx);
+		return ldb_oom(ldb);
+	}
+
+	msg->dn = dn;
+	ret = ldb_msg_add_string(msg, "objectClass", "top");
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ldb_oom(ldb);
+	}
+
+	/* [MS-DRSR] implies that we should only add the 'top'
+	 * objectclass, but that would cause lots of problems with our
+	 * objectclass code as top is not structural, so we add
+	 * 'domainDNS' as well to keep things sane. We're expecting
+	 * this new NC to be of objectclass domainDNS after
+	 * replication anyway
+	 */
+	ret = ldb_msg_add_string(msg, "objectClass", "domainDNS");
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ldb_oom(ldb);
+	}
+
+	ret = ldb_msg_add_fmt(msg, "instanceType", "%u",
+			      INSTANCE_TYPE_IS_NC_HEAD|
+			      INSTANCE_TYPE_NC_ABOVE|
+			      INSTANCE_TYPE_UNINSTANT);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ldb_oom(ldb);
+	}
+
+	ret = dsdb_add(ldb, msg, DSDB_MODIFY_PARTIAL_REPLICA);
+	if (ret != LDB_SUCCESS && ret != LDB_ERR_ENTRY_ALREADY_EXISTS) {
+		DEBUG(0,("Failed to create new NC for %s - %s (%s)\n",
+			 ldb_dn_get_linearized(dn),
+			 ldb_errstring(ldb), ldb_strerror(ret)));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	DEBUG(1,("Created new NC for %s\n", ldb_dn_get_linearized(dn)));
+
+	talloc_free(tmp_ctx);
+	return LDB_SUCCESS;
+}
+
+/*
+ * Return the effective badPwdCount
+ *
+ * This requires that the user_msg have (if present):
+ *  - badPasswordTime
+ *  - badPwdCount
+ *
+ * This also requires that the domain_msg have (if present):
+ *  - lockOutObservationWindow
+ */
+int dsdb_effective_badPwdCount(const struct ldb_message *user_msg,
+			       int64_t lockOutObservationWindow,
+			       NTTIME now)
+{
+	int64_t badPasswordTime;
+	badPasswordTime = ldb_msg_find_attr_as_int64(user_msg, "badPasswordTime", 0);
+
+	if (badPasswordTime - lockOutObservationWindow >= now) {
+		return ldb_msg_find_attr_as_int(user_msg, "badPwdCount", 0);
+	} else {
+		return 0;
+	}
+}
+
+/*
+ * Returns a user's PSO, or NULL if none was found
+ */
+static struct ldb_result *lookup_user_pso(struct ldb_context *sam_ldb,
+					  TALLOC_CTX *mem_ctx,
+					  const struct ldb_message *user_msg,
+					  const char * const *attrs)
+{
+	struct ldb_result *res = NULL;
+	struct ldb_dn *pso_dn = NULL;
+	int ret;
+
+	/* if the user has a PSO that applies, then use the PSO's setting */
+	pso_dn = ldb_msg_find_attr_as_dn(sam_ldb, mem_ctx, user_msg,
+					 "msDS-ResultantPSO");
+
+	if (pso_dn != NULL) {
+
+		ret = dsdb_search_dn(sam_ldb, mem_ctx, &res, pso_dn, attrs, 0);
+		if (ret != LDB_SUCCESS) {
+
+			/*
+			 * log the error. The caller should fallback to using
+			 * the default domain password settings
+			 */
+			DBG_ERR("Error retrieving msDS-ResultantPSO %s for %s\n",
+				ldb_dn_get_linearized(pso_dn),
+				ldb_dn_get_linearized(user_msg->dn));
+		}
+		talloc_free(pso_dn);
+	}
+	return res;
+}
+
+/*
+ * Return the msDS-LockoutObservationWindow for a user message
+ *
+ * This requires that the user_msg have (if present):
+ *  - msDS-ResultantPSO
+ */
+int64_t samdb_result_msds_LockoutObservationWindow(
+	struct ldb_context *sam_ldb,
+	TALLOC_CTX *mem_ctx,
+	struct ldb_dn *domain_dn,
+	const struct ldb_message *user_msg)
+{
+	int64_t lockOutObservationWindow;
+	struct ldb_result *res = NULL;
+	const char *attrs[] = { "msDS-LockoutObservationWindow",
+				NULL };
+	if (domain_dn == NULL) {
+		smb_panic("domain dn is NULL");
+	}
+	res = lookup_user_pso(sam_ldb, mem_ctx, user_msg, attrs);
+
+	if (res != NULL) {
+		lockOutObservationWindow =
+			ldb_msg_find_attr_as_int64(res->msgs[0],
+						   "msDS-LockoutObservationWindow",
+						    DEFAULT_OBSERVATION_WINDOW);
+		talloc_free(res);
+	} else {
+
+		/* no PSO was found, lookup the default domain setting */
+		lockOutObservationWindow =
+			 samdb_search_int64(sam_ldb, mem_ctx, 0, domain_dn,
+					    "lockOutObservationWindow", NULL);
+	}
+	return lockOutObservationWindow;
+}
+
+/*
+ * Return the effective badPwdCount
+ *
+ * This requires that the user_msg have (if present):
+ *  - badPasswordTime
+ *  - badPwdCount
+ *  - msDS-ResultantPSO
+ */
+int samdb_result_effective_badPwdCount(struct ldb_context *sam_ldb,
+				       TALLOC_CTX *mem_ctx,
+				       struct ldb_dn *domain_dn,
+				       const struct ldb_message *user_msg)
+{
+	struct timeval tv_now = timeval_current();
+	NTTIME now = timeval_to_nttime(&tv_now);
+	int64_t lockOutObservationWindow =
+		samdb_result_msds_LockoutObservationWindow(
+			sam_ldb, mem_ctx, domain_dn, user_msg);
+	return dsdb_effective_badPwdCount(user_msg, lockOutObservationWindow, now);
+}
+
+/*
+ * Returns the lockoutThreshold that applies. If a PSO is specified, then that
+ * setting is used over the domain defaults
+ */
+static int64_t get_lockout_threshold(struct ldb_message *domain_msg,
+				     struct ldb_message *pso_msg)
+{
+	if (pso_msg != NULL) {
+		return ldb_msg_find_attr_as_int(pso_msg,
+						"msDS-LockoutThreshold", 0);
+	} else {
+		return ldb_msg_find_attr_as_int(domain_msg,
+						"lockoutThreshold", 0);
+	}
+}
+
+/*
+ * Returns the lockOutObservationWindow that applies. If a PSO is specified,
+ * then that setting is used over the domain defaults
+ */
+static int64_t get_lockout_observation_window(struct ldb_message *domain_msg,
+					      struct ldb_message *pso_msg)
+{
+	if (pso_msg != NULL) {
+		return ldb_msg_find_attr_as_int64(pso_msg,
+						  "msDS-LockoutObservationWindow",
+						   DEFAULT_OBSERVATION_WINDOW);
+	} else {
+		return ldb_msg_find_attr_as_int64(domain_msg,
+						  "lockOutObservationWindow",
+						   DEFAULT_OBSERVATION_WINDOW);
+	}
+}
+
+/*
+ * Prepare an update to the badPwdCount and associated attributes.
+ *
+ * This requires that the user_msg have (if present):
+ *  - objectSid
+ *  - badPasswordTime
+ *  - badPwdCount
+ *
+ * This also requires that the domain_msg have (if present):
+ *  - pwdProperties
+ *  - lockoutThreshold
+ *  - lockOutObservationWindow
+ *
+ * This also requires that the pso_msg have (if present):
+ *  - msDS-LockoutThreshold
+ *  - msDS-LockoutObservationWindow
+ */
+NTSTATUS dsdb_update_bad_pwd_count(TALLOC_CTX *mem_ctx,
+				   struct ldb_context *sam_ctx,
+				   struct ldb_message *user_msg,
+				   struct ldb_message *domain_msg,
+				   struct ldb_message *pso_msg,
+				   struct ldb_message **_mod_msg)
+{
+	int ret, badPwdCount;
+	unsigned int i;
+	int64_t lockoutThreshold, lockOutObservationWindow;
+	struct dom_sid *sid;
+	struct timeval tv_now = timeval_current();
+	NTTIME now = timeval_to_nttime(&tv_now);
+	NTSTATUS status;
+	uint32_t pwdProperties, rid = 0;
+	struct ldb_message *mod_msg;
+
+	sid = samdb_result_dom_sid(mem_ctx, user_msg, "objectSid");
+
+	pwdProperties = ldb_msg_find_attr_as_uint(domain_msg,
+						  "pwdProperties", -1);
+	if (sid && !(pwdProperties & DOMAIN_PASSWORD_LOCKOUT_ADMINS)) {
+		status = dom_sid_split_rid(NULL, sid, NULL, &rid);
+		if (!NT_STATUS_IS_OK(status)) {
+			/*
+			 * This can't happen anyway, but always try
+			 * and update the badPwdCount on failure
+			 */
+			rid = 0;
+		}
+	}
+	TALLOC_FREE(sid);
+
+	/*
+	 * Work out if we are doing password lockout on the domain.
+	 * Also, the built in administrator account is exempt:
+	 * http://msdn.microsoft.com/en-us/library/windows/desktop/aa375371%28v=vs.85%29.aspx
+	 */
+	lockoutThreshold = get_lockout_threshold(domain_msg, pso_msg);
+	if (lockoutThreshold == 0 || (rid == DOMAIN_RID_ADMINISTRATOR)) {
+		DEBUG(5, ("Not updating badPwdCount on %s after wrong password\n",
+			  ldb_dn_get_linearized(user_msg->dn)));
+		return NT_STATUS_OK;
+	}
+
+	mod_msg = ldb_msg_new(mem_ctx);
+	if (mod_msg == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	mod_msg->dn = ldb_dn_copy(mod_msg, user_msg->dn);
+	if (mod_msg->dn == NULL) {
+		TALLOC_FREE(mod_msg);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	lockOutObservationWindow = get_lockout_observation_window(domain_msg,
+								  pso_msg);
+
+	badPwdCount = dsdb_effective_badPwdCount(user_msg, lockOutObservationWindow, now);
+
+	badPwdCount++;
+
+	ret = samdb_msg_add_int(sam_ctx, mod_msg, mod_msg, "badPwdCount", badPwdCount);
+	if (ret != LDB_SUCCESS) {
+		TALLOC_FREE(mod_msg);
+		return NT_STATUS_NO_MEMORY;
+	}
+	ret = samdb_msg_add_int64(sam_ctx, mod_msg, mod_msg, "badPasswordTime", now);
+	if (ret != LDB_SUCCESS) {
+		TALLOC_FREE(mod_msg);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (badPwdCount >= lockoutThreshold) {
+		ret = samdb_msg_add_int64(sam_ctx, mod_msg, mod_msg, "lockoutTime", now);
+		if (ret != LDB_SUCCESS) {
+			TALLOC_FREE(mod_msg);
+			return NT_STATUS_NO_MEMORY;
+		}
+		DEBUGC( DBGC_AUTH, 1, ("Locked out user %s after %d wrong passwords\n",
+			  ldb_dn_get_linearized(user_msg->dn), badPwdCount));
+	} else {
+		DEBUGC( DBGC_AUTH, 5, ("Updated badPwdCount on %s after %d wrong passwords\n",
+			  ldb_dn_get_linearized(user_msg->dn), badPwdCount));
+	}
+
+	/* mark all the message elements as LDB_FLAG_MOD_REPLACE */
+	for (i=0; i< mod_msg->num_elements; i++) {
+		mod_msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
+	}
+
+	*_mod_msg = mod_msg;
+	return NT_STATUS_OK;
+}
+
+/**
+ * Sets defaults for a User object
+ * List of default attributes set:
+ * 	accountExpires, badPasswordTime, badPwdCount,
+ * 	codePage, countryCode, lastLogoff, lastLogon
+ * 	logonCount, pwdLastSet
+ */
+int dsdb_user_obj_set_defaults(struct ldb_context *ldb,
+			       struct ldb_message *usr_obj,
+			       struct ldb_request *req)
+{
+	size_t i;
+	int ret;
+	const struct attribute_values {
+		const char *name;
+		const char *value;
+		const char *add_value;
+		const char *mod_value;
+		const char *control;
+		unsigned add_flags;
+		unsigned mod_flags;
+	} map[] = {
+		{
+			.name = "accountExpires",
+			.add_value = "9223372036854775807",
+			.mod_value = "0",
+		},
+		{
+			.name = "badPasswordTime",
+			.value = "0"
+		},
+		{
+			.name = "badPwdCount",
+			.value = "0"
+		},
+		{
+			.name = "codePage",
+			.value = "0"
+		},
+		{
+			.name = "countryCode",
+			.value = "0"
+		},
+		{
+			.name = "lastLogoff",
+			.value = "0"
+		},
+		{
+			.name = "lastLogon",
+			.value = "0"
+		},
+		{
+			.name = "logonCount",
+			.value = "0"
+		},
+		{
+			.name = "logonHours",
+			.add_flags = DSDB_FLAG_INTERNAL_FORCE_META_DATA,
+		},
+		{
+			.name = "pwdLastSet",
+			.value = "0",
+			.control = DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET_OID,
+		},
+		{
+			.name = "adminCount",
+			.mod_value = "0",
+		},
+		{
+			.name = "operatorCount",
+			.mod_value = "0",
+		},
+	};
+
+	for (i = 0; i < ARRAY_SIZE(map); i++) {
+		bool added = false;
+		const char *value = NULL;
+		unsigned flags = 0;
+
+		if (req != NULL && req->operation == LDB_ADD) {
+			value = map[i].add_value;
+			flags = map[i].add_flags;
+		} else {
+			value = map[i].mod_value;
+			flags = map[i].mod_flags;
+		}
+
+		if (value == NULL) {
+			value = map[i].value;
+		}
+
+		if (value != NULL) {
+			flags |= LDB_FLAG_MOD_ADD;
+		}
+
+		if (flags == 0) {
+			continue;
+		}
+
+		ret = samdb_find_or_add_attribute_ex(ldb, usr_obj,
+						     map[i].name,
+						     value, flags,
+						     &added);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		if (req != NULL && added && map[i].control != NULL) {
+			ret = ldb_request_add_control(req,
+						      map[i].control,
+						      false, NULL);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+		}
+	}
+
+	return LDB_SUCCESS;
+}
+
+/**
+ * Sets 'sAMAccountType on user object based on userAccountControl.
+ * This function is used in processing both 'add' and 'modify' requests.
+ * @param ldb Current ldb_context
+ * @param usr_obj ldb_message representing User object
+ * @param user_account_control Value for userAccountControl flags
+ * @param account_type_p Optional pointer to account_type to return
+ * @return LDB_SUCCESS or LDB_ERR* code on failure
+ */
+int dsdb_user_obj_set_account_type(struct ldb_context *ldb, struct ldb_message *usr_obj,
+				   uint32_t user_account_control, uint32_t *account_type_p)
+{
+	int ret;
+	uint32_t account_type;
+
+	account_type = ds_uf2atype(user_account_control);
+	if (account_type == 0) {
+		ldb_set_errstring(ldb, "dsdb: Unrecognized account type!");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+	ret = samdb_msg_add_uint_flags(ldb, usr_obj, usr_obj,
+				       "sAMAccountType",
+				       account_type,
+				       LDB_FLAG_MOD_REPLACE);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (account_type_p) {
+		*account_type_p = account_type;
+	}
+
+	return LDB_SUCCESS;
+}
+
+/**
+ * Determine and set primaryGroupID based on userAccountControl value.
+ * This function is used in processing both 'add' and 'modify' requests.
+ * @param ldb Current ldb_context
+ * @param usr_obj ldb_message representing User object
+ * @param user_account_control Value for userAccountControl flags
+ * @param group_rid_p Optional pointer to group RID to return
+ * @return LDB_SUCCESS or LDB_ERR* code on failure
+ */
+int dsdb_user_obj_set_primary_group_id(struct ldb_context *ldb, struct ldb_message *usr_obj,
+				       uint32_t user_account_control, uint32_t *group_rid_p)
+{
+	int ret;
+	uint32_t rid;
+
+	rid = ds_uf2prim_group_rid(user_account_control);
+
+	ret = samdb_msg_add_uint_flags(ldb, usr_obj, usr_obj,
+				       "primaryGroupID", rid,
+				       LDB_FLAG_MOD_REPLACE);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (group_rid_p) {
+		*group_rid_p = rid;
+	}
+
+	return LDB_SUCCESS;
+}
+
+/**
+ * Returns True if the source and target DNs both have the same naming context,
+ * i.e. they're both in the same partition.
+ */
+bool dsdb_objects_have_same_nc(struct ldb_context *ldb,
+			       TALLOC_CTX *mem_ctx,
+			       struct ldb_dn *source_dn,
+			       struct ldb_dn *target_dn)
+{
+	TALLOC_CTX *tmp_ctx;
+	struct ldb_dn *source_nc = NULL;
+	struct ldb_dn *target_nc = NULL;
+	int ret;
+	bool same_nc = true;
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	ret = dsdb_find_nc_root(ldb, tmp_ctx, source_dn, &source_nc);
+	/* fix clang warning */
+	if (source_nc == NULL) {
+		ret = LDB_ERR_OTHER;
+	}
+	if (ret != LDB_SUCCESS) {
+		DBG_ERR("Failed to find base DN for source %s: %s\n",
+			ldb_dn_get_linearized(source_dn), ldb_errstring(ldb));
+		talloc_free(tmp_ctx);
+		return true;
+	}
+
+	ret = dsdb_find_nc_root(ldb, tmp_ctx, target_dn, &target_nc);
+	/* fix clang warning */
+	if (target_nc == NULL) {
+		ret = LDB_ERR_OTHER;
+	}
+	if (ret != LDB_SUCCESS) {
+		DBG_ERR("Failed to find base DN for target %s: %s\n",
+			ldb_dn_get_linearized(target_dn), ldb_errstring(ldb));
+		talloc_free(tmp_ctx);
+		return true;
+	}
+
+	same_nc = (ldb_dn_compare(source_nc, target_nc) == 0);
+
+	talloc_free(tmp_ctx);
+
+	return same_nc;
+}
+/*
+ * Context for dsdb_count_domain_callback
+ */
+struct dsdb_count_domain_context {
+	/*
+	 * Number of matching records
+	 */
+	size_t count;
+	/*
+	 * sid of the domain that the records must belong to.
+	 * if NULL records can belong to any domain.
+	 */
+	struct dom_sid *dom_sid;
+};
+
+/*
+ * @brief ldb async callback for dsdb_domain_count.
+ *
+ * count the number of records in the database matching an LDAP query,
+ * optionally filtering for domain membership.
+ *
+ * @param [in,out] req the ldb request being processed
+ *                    req->context contains:
+ *                        count   The number of matching records
+ *                        dom_sid The domain sid, if present records must belong
+ *                                to the domain to be counted.
+ *@param [in,out] ares The query result.
+ *
+ * @return an LDB error code
+ *
+ */
+static int dsdb_count_domain_callback(
+	struct ldb_request *req,
+	struct ldb_reply *ares)
+{
+
+	if (ares == NULL) {
+		return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ares->error != LDB_SUCCESS) {
+		int error = ares->error;
+		TALLOC_FREE(ares);
+		return ldb_request_done(req, error);
+	}
+
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+	{
+		struct dsdb_count_domain_context *context = NULL;
+		ssize_t ret;
+		bool in_domain;
+		struct dom_sid sid;
+		const struct ldb_val *v;
+
+		context = req->context;
+		if (context->dom_sid == NULL) {
+			context->count++;
+			break;
+		}
+
+		v = ldb_msg_find_ldb_val(ares->message, "objectSid");
+		if (v == NULL) {
+			break;
+		}
+
+		ret = sid_parse(v->data, v->length, &sid);
+		if (ret == -1) {
+			break;
+		}
+
+		in_domain = dom_sid_in_domain(context->dom_sid, &sid);
+		if (!in_domain) {
+			break;
+		}
+
+		context->count++;
+		break;
+	}
+	case LDB_REPLY_REFERRAL:
+		break;
+
+	case LDB_REPLY_DONE:
+		TALLOC_FREE(ares);
+		return ldb_request_done(req, LDB_SUCCESS);
+	}
+
+	TALLOC_FREE(ares);
+
+	return LDB_SUCCESS;
+}
+
+/*
+ * @brief Count the number of records matching a query.
+ *
+ * Count the number of entries in the database matching the supplied query,
+ * optionally filtering only those entries belonging to the supplied domain.
+ *
+ * @param ldb [in] Current ldb context
+ * @param count [out] Pointer to the count
+ * @param base [in] The base dn for the query
+ * @param dom_sid [in] The domain sid, if non NULL records that are not a member
+ *                     of the domain are ignored.
+ * @param scope [in] Search scope.
+ * @param exp_fmt [in] format string for the query.
+ *
+ * @return LDB_STATUS code.
+ */
+int PRINTF_ATTRIBUTE(6, 7) dsdb_domain_count(
+	struct ldb_context *ldb,
+	size_t *count,
+	struct ldb_dn *base,
+	struct dom_sid *dom_sid,
+	enum ldb_scope scope,
+	const char *exp_fmt, ...)
+{
+	TALLOC_CTX *tmp_ctx = NULL;
+	struct ldb_request *req = NULL;
+	struct dsdb_count_domain_context *context = NULL;
+	char *expression = NULL;
+	const char *object_sid[] = {"objectSid", NULL};
+	const char *none[] = {NULL};
+	va_list ap;
+	int ret;
+
+	*count = 0;
+	tmp_ctx = talloc_new(ldb);
+	if (tmp_ctx == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	context = talloc_zero(tmp_ctx, struct dsdb_count_domain_context);
+	if (context == NULL) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	context->dom_sid = dom_sid;
+
+	if (exp_fmt) {
+		va_start(ap, exp_fmt);
+		expression = talloc_vasprintf(tmp_ctx, exp_fmt, ap);
+		va_end(ap);
+
+		if (expression == NULL) {
+			TALLOC_FREE(context);
+			TALLOC_FREE(tmp_ctx);
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+	}
+
+	ret = ldb_build_search_req(
+		&req,
+		ldb,
+		tmp_ctx,
+		base,
+		scope,
+		expression,
+		(dom_sid == NULL) ? none : object_sid,
+		NULL,
+		context,
+		dsdb_count_domain_callback,
+		NULL);
+	ldb_req_set_location(req, "dsdb_domain_count");
+
+	if (ret != LDB_SUCCESS) goto done;
+
+	ret = ldb_request(ldb, req);
+
+	if (ret == LDB_SUCCESS) {
+		ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+		if (ret == LDB_SUCCESS) {
+			*count = context->count;
+		}
+	}
+
+
+done:
+	TALLOC_FREE(expression);
+	TALLOC_FREE(req);
+	TALLOC_FREE(context);
+	TALLOC_FREE(tmp_ctx);
+
+	return ret;
+}
+
+/*
+ * Returns 1 if 'sids' contains the Protected Users group SID for the domain, 0
+ * if not. Returns a negative value on error.
+ */
+int dsdb_is_protected_user(struct ldb_context *ldb,
+			   const struct auth_SidAttr *sids,
+			   uint32_t num_sids)
+{
+	const struct dom_sid *domain_sid = NULL;
+	struct dom_sid protected_users_sid;
+	uint32_t i;
+
+	domain_sid = samdb_domain_sid(ldb);
+	if (domain_sid == NULL) {
+		return -1;
+	}
+
+	protected_users_sid = *domain_sid;
+	if (!sid_append_rid(&protected_users_sid, DOMAIN_RID_PROTECTED_USERS)) {
+		return -1;
+	}
+
+	for (i = 0; i < num_sids; ++i) {
+		if (dom_sid_equal(&protected_users_sid, &sids[i].sid)) {
+			return 1;
+		}
+	}
+
+	return 0;
+}
diff --git a/source4/dsdb/common/util.h b/source4/dsdb/common/util.h
new file mode 100644
index 0000000..63cfd79
--- /dev/null
+++ b/source4/dsdb/common/util.h
@@ -0,0 +1,101 @@
+/*
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+
+   Copyright (C) Andrew Tridgell 2010
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __DSDB_COMMON_UTIL_H__
+#define __DSDB_COMMON_UTIL_H__
+
+/*
+   flags for dsdb_request_add_controls(). For the module functions,
+   the upper 16 bits are in dsdb/samdb/ldb_modules/util.h
+*/
+#define DSDB_SEARCH_SEARCH_ALL_PARTITIONS     0x00001
+#define DSDB_SEARCH_SHOW_DELETED              0x00002
+#define DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT 0x00004
+#define DSDB_SEARCH_REVEAL_INTERNALS          0x00008
+#define DSDB_SEARCH_SHOW_EXTENDED_DN          0x00010
+#define DSDB_MODIFY_RELAX		      0x00020
+#define DSDB_MODIFY_PERMISSIVE		      0x00040
+#define DSDB_FLAG_AS_SYSTEM		      0x00080
+#define DSDB_TREE_DELETE		      0x00100
+#define DSDB_SEARCH_ONE_ONLY		      0x00200 /* give an error unless 1 record */
+#define DSDB_SEARCH_SHOW_RECYCLED	      0x00400
+#define DSDB_PROVISION			      0x00800
+#define DSDB_BYPASS_PASSWORD_HASH	      0x01000
+#define DSDB_SEARCH_NO_GLOBAL_CATALOG	      0x02000
+#define DSDB_MODIFY_PARTIAL_REPLICA	      0x04000
+#define DSDB_PASSWORD_BYPASS_LAST_SET         0x08000
+#define DSDB_REPLMD_VANISH_LINKS              0x10000
+#define DSDB_MARK_REQ_UNTRUSTED               0x20000
+
+#define DSDB_SECRET_ATTRIBUTES_EX(sep) \
+	"pekList" sep \
+	"msDS-ExecuteScriptPassword" sep \
+	"currentValue" sep \
+	"dBCSPwd" sep \
+	"initialAuthIncoming" sep \
+	"initialAuthOutgoing" sep \
+	"lmPwdHistory" sep \
+	"ntPwdHistory" sep \
+	"priorValue" sep \
+	"supplementalCredentials" sep \
+	"trustAuthIncoming" sep \
+	"trustAuthOutgoing" sep \
+	"unicodePwd" sep \
+	"clearTextPassword"
+
+#define DSDB_SECRET_ATTRIBUTES_COMMA ,
+#define DSDB_SECRET_ATTRIBUTES DSDB_SECRET_ATTRIBUTES_EX(DSDB_SECRET_ATTRIBUTES_COMMA)
+
+#define DSDB_PASSWORD_ATTRIBUTES \
+	"userPassword", \
+	"clearTextPassword", \
+	"unicodePwd", \
+	"dBCSPwd"
+
+/*
+ * ldb opaque values used to pass the user session information to ldb modules
+ */
+#define DSDB_SESSION_INFO "sessionInfo"
+#define DSDB_NETWORK_SESSION_INFO "networkSessionInfo"
+
+struct GUID;
+
+struct ldb_context;
+
+int dsdb_werror_at(struct ldb_context *ldb, int ldb_ecode, WERROR werr,
+		   const char *location, const char *func,
+		   const char *reason);
+
+#define dsdb_module_werror(module, ldb_ecode, werr, reason) \
+	dsdb_werror_at(ldb_module_get_ctx(module), ldb_ecode, werr, \
+		       __location__, __func__, reason)
+
+
+struct dsdb_ldb_dn_list_node {
+	struct dsdb_ldb_dn_list_node *prev, *next;
+
+	/* the dn of the partition */
+	struct ldb_dn *dn;
+};
+
+
+
+#endif /* __DSDB_COMMON_UTIL_H__ */
diff --git a/source4/dsdb/common/util_groups.c b/source4/dsdb/common/util_groups.c
new file mode 100644
index 0000000..27a8735
--- /dev/null
+++ b/source4/dsdb/common/util_groups.c
@@ -0,0 +1,200 @@
+/*
+   Unix SMB/CIFS implementation.
+   Password and authentication handling
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2001-2010
+   Copyright (C) Stefan Metzmacher                         2005
+   Copyright (C) Matthias Dieter Wallnöfer                 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "auth/auth.h"
+#include <ldb.h>
+#include "dsdb/samdb/samdb.h"
+#include "libcli/security/security.h"
+#include "dsdb/common/util.h"
+
+/*
+ * This function generates the transitive closure of a given SAM object "dn_val"
+ * (it basically expands nested memberships).
+ * If the object isn't located in the "res_sids" structure yet and the
+ * "only_childs" flag is false, we add it to "res_sids".
+ * Then we've always to consider the "memberOf" attributes. We invoke the
+ * function recursively on each of it with the "only_childs" flag set to
+ * "false".
+ * The "only_childs" flag is particularly useful if you have a user object and
+ * want to include all it's groups (referenced with "memberOf") but not itself
+ * or considering if that object matches the filter.
+ *
+ * At the beginning "res_sids" should reference to a NULL pointer.
+ */
+NTSTATUS dsdb_expand_nested_groups(struct ldb_context *sam_ctx,
+				   struct ldb_val *dn_val, const bool only_childs, const char *filter,
+				   TALLOC_CTX *res_sids_ctx, struct auth_SidAttr **res_sids,
+				   uint32_t *num_res_sids)
+{
+	static const char * const attrs[] = { "groupType", "memberOf", NULL };
+	unsigned int i;
+	int ret;
+	struct ldb_dn *dn;
+	struct dom_sid sid;
+	TALLOC_CTX *tmp_ctx;
+	struct ldb_result *res;
+	NTSTATUS status;
+	const struct ldb_message_element *el;
+
+	if (*res_sids == NULL) {
+		*num_res_sids = 0;
+	}
+
+	if (!sam_ctx) {
+		DEBUG(0, ("No SAM available, cannot determine local groups\n"));
+		return NT_STATUS_INVALID_SYSTEM_SERVICE;
+	}
+
+	tmp_ctx = talloc_new(res_sids_ctx);
+	if (tmp_ctx == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	dn = ldb_dn_from_ldb_val(tmp_ctx, sam_ctx, dn_val);
+	if (dn == NULL) {
+		talloc_free(tmp_ctx);
+		DEBUG(0, (__location__ ": we failed parsing DN %.*s, so we cannot calculate the group token\n",
+			  (int)dn_val->length, dn_val->data));
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	status = dsdb_get_extended_dn_sid(dn, &sid, "SID");
+	if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+		/* If we fail finding a SID then this is no error since it could
+		 * be a non SAM object - e.g. a group with object class
+		 * "groupOfNames" */
+		talloc_free(tmp_ctx);
+		return NT_STATUS_OK;
+	} else if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, (__location__ ": when parsing DN '%s' we failed to parse it's SID component, so we cannot calculate the group token: %s\n",
+			  ldb_dn_get_extended_linearized(tmp_ctx, dn, 1),
+			  nt_errstr(status)));
+		talloc_free(tmp_ctx);
+		return status;
+	}
+
+	if (!ldb_dn_minimise(dn)) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	if (only_childs) {
+		ret = dsdb_search_dn(sam_ctx, tmp_ctx, &res, dn, attrs,
+				     DSDB_SEARCH_SHOW_EXTENDED_DN);
+	} else {
+		ret = dsdb_search(sam_ctx, tmp_ctx, &res, dn, LDB_SCOPE_BASE,
+				  attrs, DSDB_SEARCH_SHOW_EXTENDED_DN, "%s",
+				  filter);
+	}
+
+	/*
+	 * We have the problem with the caller creating a <SID=S-....>
+	 * DN for ForeignSecurityPrincipals as they also have
+	 * duplicate objects with the SAME SID under CN=Configuration.
+	 * This causes a SID= DN to fail with NO_SUCH_OBJECT on Samba
+	 * and on Windows.  So, we allow this to fail, and
+	 * double-check if we can find it with a search in the main
+	 * domain partition.
+	 */
+	if (ret == LDB_ERR_NO_SUCH_OBJECT && only_childs) {
+		char *sid_string = dom_sid_string(tmp_ctx,
+						  &sid);
+		if (!sid_string) {
+			talloc_free(tmp_ctx);
+			return NT_STATUS_OK;
+		}
+
+		ret = dsdb_search(sam_ctx, tmp_ctx, &res,
+				  ldb_get_default_basedn(sam_ctx),
+				  LDB_SCOPE_SUBTREE,
+				  attrs, DSDB_SEARCH_SHOW_EXTENDED_DN,
+				  "(&(objectClass=foreignSecurityPrincipal)(objectSID=%s))",
+				  sid_string);
+	}
+
+	if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_OK;
+	}
+
+	if (ret != LDB_SUCCESS) {
+		DEBUG(1, (__location__ ": dsdb_search for %s failed: %s\n",
+			  ldb_dn_get_extended_linearized(tmp_ctx, dn, 1),
+			  ldb_errstring(sam_ctx)));
+		talloc_free(tmp_ctx);
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	/* We may get back 0 results, if the SID didn't match the filter - such as it wasn't a domain group, for example */
+	if (res->count != 1) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_OK;
+	}
+
+	/* We only apply this test once we know the SID matches the filter */
+	if (!only_childs) {
+		unsigned group_type;
+		uint32_t sid_attrs;
+		bool already_there;
+
+		sid_attrs = SE_GROUP_DEFAULT_FLAGS;
+		group_type = ldb_msg_find_attr_as_uint(res->msgs[0], "groupType", 0);
+		if (group_type & GROUP_TYPE_RESOURCE_GROUP) {
+			sid_attrs |= SE_GROUP_RESOURCE;
+		}
+
+		/* This is an O(n^2) linear search */
+		already_there = sids_contains_sid_attrs(*res_sids, *num_res_sids,
+							&sid, sid_attrs);
+		if (already_there) {
+			talloc_free(tmp_ctx);
+			return NT_STATUS_OK;
+		}
+
+		*res_sids = talloc_realloc(res_sids_ctx, *res_sids,
+			struct auth_SidAttr, *num_res_sids + 1);
+		if (*res_sids == NULL) {
+			TALLOC_FREE(tmp_ctx);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		(*res_sids)[*num_res_sids].sid = sid;
+		(*res_sids)[*num_res_sids].attrs = sid_attrs;
+
+		++(*num_res_sids);
+	}
+
+	el = ldb_msg_find_element(res->msgs[0], "memberOf");
+
+	for (i = 0; el && i < el->num_values; i++) {
+		status = dsdb_expand_nested_groups(sam_ctx, &el->values[i],
+						   false, filter, res_sids_ctx, res_sids, num_res_sids);
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(tmp_ctx);
+			return status;
+		}
+	}
+
+	talloc_free(tmp_ctx);
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/dsdb/common/util_links.c b/source4/dsdb/common/util_links.c
new file mode 100644
index 0000000..d41d1f2
--- /dev/null
+++ b/source4/dsdb/common/util_links.c
@@ -0,0 +1,229 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Helpers to search for links in the DB
+
+   Copyright (C) Catalyst.Net Ltd 2017
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "dsdb/samdb/samdb.h"
+#include "lib/util/binsearch.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+
+/*
+ * We choose, as the sort order, the same order as is used in DRS replication,
+ * which is the memcmp() order of the NDR GUID, not that obtained from
+ * GUID_compare().
+ *
+ * This means that sorted links will be in the same order as a new DC would
+ * see them.
+ */
+int ndr_guid_compare(const struct GUID *guid1, const struct GUID *guid2)
+{
+	uint8_t v1_data[16] = { 0 };
+	struct ldb_val v1 = data_blob_const(v1_data, sizeof(v1_data));
+	uint8_t v2_data[16];
+	struct ldb_val v2 = data_blob_const(v2_data, sizeof(v2_data));
+
+	/* This can't fail */
+	ndr_push_struct_into_fixed_blob(&v1, guid1,
+					(ndr_push_flags_fn_t)ndr_push_GUID);
+	/* This can't fail */
+	ndr_push_struct_into_fixed_blob(&v2, guid2,
+					(ndr_push_flags_fn_t)ndr_push_GUID);
+	return data_blob_cmp(&v1, &v2);
+}
+
+
+static int la_guid_compare_with_trusted_dn(struct compare_ctx *ctx,
+					   struct parsed_dn *p)
+{
+	int cmp = 0;
+	/*
+	 * This works like a standard compare function in its return values,
+	 * but has an extra trick to deal with errors: zero is returned and
+	 * ctx->err is set to the ldb error code.
+	 *
+	 * That is, if (as is expected in most cases) you get a non-zero
+	 * result, you don't need to check for errors.
+	 *
+	 * We assume the second argument refers to a DN is from the database
+	 * and has a GUID -- but this GUID might not have been parsed out yet.
+	 */
+	if (p->dsdb_dn == NULL) {
+		int ret = really_parse_trusted_dn(ctx->mem_ctx, ctx->ldb, p,
+						  ctx->ldap_oid);
+		if (ret != LDB_SUCCESS) {
+			ctx->err = ret;
+			return 0;
+		}
+	}
+	cmp = ndr_guid_compare(ctx->guid, &p->guid);
+	if (cmp == 0 && ctx->compare_extra_part) {
+		if (ctx->partial_extra_part_length != 0) {
+			/* Allow a prefix match on the blob. */
+			return memcmp(ctx->extra_part.data,
+				      p->dsdb_dn->extra_part.data,
+				      MIN(ctx->partial_extra_part_length,
+					  p->dsdb_dn->extra_part.length));
+		} else {
+			return data_blob_cmp(&ctx->extra_part,
+					     &p->dsdb_dn->extra_part);
+		}
+	}
+
+	return cmp;
+}
+
+/* When a parsed_dn comes from the database, sometimes it is not really parsed. */
+
+int really_parse_trusted_dn(TALLOC_CTX *mem_ctx, struct ldb_context *ldb,
+				   struct parsed_dn *pdn, const char *ldap_oid)
+{
+	NTSTATUS status;
+	struct dsdb_dn *dsdb_dn = dsdb_dn_parse_trusted(mem_ctx, ldb, pdn->v,
+							ldap_oid);
+	if (dsdb_dn == NULL) {
+		return LDB_ERR_INVALID_DN_SYNTAX;
+	}
+
+	status = dsdb_get_extended_dn_guid(dsdb_dn->dn, &pdn->guid, "GUID");
+	if (!NT_STATUS_IS_OK(status)) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	pdn->dsdb_dn = dsdb_dn;
+	return LDB_SUCCESS;
+}
+
+
+int get_parsed_dns_trusted(TALLOC_CTX *mem_ctx, struct ldb_message_element *el,
+				  struct parsed_dn **pdn)
+{
+	/* Here we get a list of 'struct parsed_dns' without the parsing */
+	unsigned int i;
+	*pdn = talloc_zero_array(mem_ctx, struct parsed_dn,
+				 el->num_values);
+	if (!*pdn) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	for (i = 0; i < el->num_values; i++) {
+		(*pdn)[i].v = &el->values[i];
+	}
+
+	return LDB_SUCCESS;
+}
+
+
+int parsed_dn_find(struct ldb_context *ldb, struct parsed_dn *pdn,
+		   unsigned int count,
+		   const struct GUID *guid,
+		   struct ldb_dn *target_dn,
+		   DATA_BLOB extra_part,
+		   size_t partial_extra_part_length,
+		   struct parsed_dn **exact,
+		   struct parsed_dn **next,
+		   const char *ldap_oid,
+		   bool compare_extra_part)
+{
+	unsigned int i;
+	struct compare_ctx ctx;
+	if (pdn == NULL) {
+		*exact = NULL;
+		*next = NULL;
+		return LDB_SUCCESS;
+	}
+
+	if (unlikely(GUID_all_zero(guid))) {
+		/*
+		 * When updating a link using DRS, we sometimes get a NULL
+		 * GUID when a forward link has been deleted and its GUID has
+		 * for some reason been forgotten. The best we can do is try
+		 * and match by DN via a linear search. Note that this
+		 * probably only happens in the ADD case, in which we only
+		 * allow modification of link if it is already deleted, so
+		 * this seems very close to an elaborate NO-OP, but we are not
+		 * quite prepared to declare it so.
+		 *
+		 * If the DN is not in our list, we have to add it to the
+		 * beginning of the list, where it would naturally sort.
+		 */
+		struct parsed_dn *p;
+		if (target_dn == NULL) {
+			/* We don't know the target DN, so we can't search for DN */
+			DEBUG(1, ("parsed_dn_find has a NULL GUID for a linked "
+				  "attribute but we don't have a DN to compare "
+				  "it with\n"));
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+		*exact = NULL;
+		*next = NULL;
+
+		DEBUG(3, ("parsed_dn_find has a NULL GUID for a link to DN "
+			  "%s; searching through links for it\n",
+			  ldb_dn_get_linearized(target_dn)));
+
+		for (i = 0; i < count; i++) {
+			int cmp;
+			p = &pdn[i];
+			if (p->dsdb_dn == NULL) {
+				int ret = really_parse_trusted_dn(pdn, ldb, p, ldap_oid);
+				if (ret != LDB_SUCCESS) {
+					return LDB_ERR_OPERATIONS_ERROR;
+				}
+			}
+
+			cmp = ldb_dn_compare(p->dsdb_dn->dn, target_dn);
+			if (cmp == 0) {
+				*exact = p;
+				return LDB_SUCCESS;
+			}
+		}
+		/*
+		 * Here we have a null guid which doesn't match any existing
+		 * link. This is a bit unexpected because null guids occur
+		 * when a forward link has been deleted and we are replicating
+		 * that deletion.
+		 *
+		 * The best thing to do is weep into the logs and add the
+		 * offending link to the beginning of the list which is
+		 * at least the correct sort position.
+		 */
+		DEBUG(1, ("parsed_dn_find has been given a NULL GUID for a "
+			  "link to unknown DN %s\n",
+			  ldb_dn_get_linearized(target_dn)));
+		*next = pdn;
+		return LDB_SUCCESS;
+	}
+
+	ctx.guid = guid;
+	ctx.ldb = ldb;
+	ctx.mem_ctx = pdn;
+	ctx.ldap_oid = ldap_oid;
+	ctx.extra_part = extra_part;
+	ctx.partial_extra_part_length = partial_extra_part_length;
+	ctx.compare_extra_part = compare_extra_part;
+	ctx.err = 0;
+
+	BINARY_ARRAY_SEARCH_GTE(pdn, count, &ctx, la_guid_compare_with_trusted_dn,
+				*exact, *next);
+
+	if (ctx.err != 0) {
+		return ctx.err;
+	}
+	return LDB_SUCCESS;
+}
diff --git a/source4/dsdb/common/util_links.h b/source4/dsdb/common/util_links.h
new file mode 100644
index 0000000..e6dc41b
--- /dev/null
+++ b/source4/dsdb/common/util_links.h
@@ -0,0 +1,48 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Helpers to search for links in the DB
+
+   Copyright (C) Catalyst.Net Ltd 2017
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __DSDB_COMMON_UTIL_LINKS_H__
+#define __DSDB_COMMON_UTIL_LINKS_H__
+
+struct compare_ctx {
+        const struct GUID *guid;
+        struct ldb_context *ldb;
+        TALLOC_CTX *mem_ctx;
+        const char *ldap_oid;
+        int err;
+        const struct GUID *invocation_id;
+        DATA_BLOB extra_part;
+        size_t partial_extra_part_length;
+        bool compare_extra_part;
+};
+
+struct parsed_dn {
+	struct dsdb_dn *dsdb_dn;
+	struct GUID guid;
+	struct ldb_val *v;
+};
+
+
+int get_parsed_dns_trusted(TALLOC_CTX *mem_ctx,
+			   struct ldb_message_element *el,
+			   struct parsed_dn **pdn);
+
+#endif /* __DSDB_COMMON_UTIL_LINKS_H__ */
diff --git a/source4/dsdb/common/util_samr.c b/source4/dsdb/common/util_samr.c
new file mode 100644
index 0000000..0a48fcf
--- /dev/null
+++ b/source4/dsdb/common/util_samr.c
@@ -0,0 +1,593 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Helpers to add users and groups to the DB
+
+   Copyright (C) Andrew Tridgell 2004
+   Copyright (C) Volker Lendecke 2004
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2010
+   Copyright (C) Matthias Dieter Wallnöfer 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
+#include "../libds/common/flags.h"
+#include "libcli/security/security.h"
+
+#include "libds/common/flag_mapping.h"
+
+/* Add a user, SAMR style, including the correct transaction
+ * semantics.  Used by the SAMR server and by pdb_samba4 */
+NTSTATUS dsdb_add_user(struct ldb_context *ldb,
+		       TALLOC_CTX *mem_ctx,
+		       const char *account_name,
+		       uint32_t acct_flags,
+		       const struct dom_sid *forced_sid,
+		       struct dom_sid **sid,
+		       struct ldb_dn **dn)
+{
+	const char *name;
+	struct ldb_message *msg;
+	int ret;
+	const char *container, *obj_class=NULL;
+	char *cn_name;
+	size_t cn_name_len;
+
+	const char *attrs[] = {
+		"objectSid",
+		"userAccountControl",
+		NULL
+	};
+
+	uint32_t user_account_control;
+	struct ldb_dn *account_dn;
+	struct dom_sid *account_sid;
+
+	const char *account_name_encoded = NULL;
+
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
+
+	account_name_encoded = ldb_binary_encode_string(tmp_ctx, account_name);
+	if (account_name_encoded == NULL) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/*
+	 * Start a transaction, so we can query and do a subsequent atomic
+	 * modify
+	 */
+
+	ret = ldb_transaction_start(ldb);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,("Failed to start a transaction for user creation: %s\n",
+			 ldb_errstring(ldb)));
+		talloc_free(tmp_ctx);
+		return NT_STATUS_LOCK_NOT_GRANTED;
+	}
+
+	/* check if the user already exists */
+	name = samdb_search_string(ldb, tmp_ctx, NULL,
+				   "sAMAccountName",
+				   "(&(sAMAccountName=%s)(objectclass=user))",
+				   account_name_encoded);
+	if (name != NULL) {
+		ldb_transaction_cancel(ldb);
+		talloc_free(tmp_ctx);
+		return NT_STATUS_USER_EXISTS;
+	}
+
+	cn_name = talloc_strdup(tmp_ctx, account_name);
+	if (!cn_name) {
+		ldb_transaction_cancel(ldb);
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	cn_name_len = strlen(cn_name);
+	if (cn_name_len < 1) {
+		ldb_transaction_cancel(ldb);
+		talloc_free(tmp_ctx);
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	msg = ldb_msg_new(tmp_ctx);
+	if (msg == NULL) {
+		ldb_transaction_cancel(ldb);
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* This must be one of these values *only* */
+	if (acct_flags == ACB_NORMAL) {
+		container = "CN=Users";
+		obj_class = "user";
+		user_account_control = UF_NORMAL_ACCOUNT;
+	} else if (acct_flags == ACB_WSTRUST) {
+		if (cn_name[cn_name_len - 1] != '$') {
+			ldb_transaction_cancel(ldb);
+			return NT_STATUS_FOOBAR;
+		}
+		cn_name[cn_name_len - 1] = '\0';
+		container = "CN=Computers";
+		obj_class = "computer";
+		user_account_control = UF_WORKSTATION_TRUST_ACCOUNT;
+
+	} else if (acct_flags == ACB_SVRTRUST) {
+		if (cn_name[cn_name_len - 1] != '$') {
+			ldb_transaction_cancel(ldb);
+			return NT_STATUS_FOOBAR;
+		}
+		cn_name[cn_name_len - 1] = '\0';
+		container = "OU=Domain Controllers";
+		obj_class = "computer";
+		user_account_control = UF_SERVER_TRUST_ACCOUNT;
+	} else if (acct_flags == ACB_DOMTRUST) {
+		DEBUG(3, ("Invalid account flags specified:  cannot create domain trusts via this interface (must use LSA CreateTrustedDomain calls\n"));
+		ldb_transaction_cancel(ldb);
+		talloc_free(tmp_ctx);
+		return NT_STATUS_INVALID_PARAMETER;
+	} else {
+		DEBUG(3, ("Invalid account flags specified 0x%08X, must be exactly one of \n"
+			  "ACB_NORMAL (0x%08X) ACB_WSTRUST (0x%08X) or ACB_SVRTRUST (0x%08X)\n",
+			  acct_flags,
+			  ACB_NORMAL, ACB_WSTRUST, ACB_SVRTRUST));
+		ldb_transaction_cancel(ldb);
+		talloc_free(tmp_ctx);
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	user_account_control |= UF_ACCOUNTDISABLE | UF_PASSWD_NOTREQD;
+
+	/* add core elements to the ldb_message for the user */
+	msg->dn = ldb_dn_copy(msg, ldb_get_default_basedn(ldb));
+	if ( ! ldb_dn_add_child_fmt(msg->dn, "CN=%s,%s", cn_name, container)) {
+		ldb_transaction_cancel(ldb);
+		talloc_free(tmp_ctx);
+		return NT_STATUS_FOOBAR;
+	}
+
+	ret = ldb_msg_add_string(msg, "sAMAccountName", account_name);
+	if (ret != LDB_SUCCESS) {
+		goto failed;
+	}
+	ret = ldb_msg_add_string(msg, "objectClass", obj_class);
+	if (ret != LDB_SUCCESS) {
+		goto failed;
+	}
+	ret = samdb_msg_add_uint(ldb, tmp_ctx, msg,
+				 "userAccountControl",
+				 user_account_control);
+	if (ret != LDB_SUCCESS) {
+		goto failed;
+	}
+
+	/* This is only here for migrations using pdb_samba4, the
+	 * caller and the samldb are responsible for ensuring it makes
+	 * sense */
+	if (forced_sid) {
+		ret = samdb_msg_add_dom_sid(ldb, msg, msg, "objectSID", forced_sid);
+		if (ret != LDB_SUCCESS) {
+			ldb_transaction_cancel(ldb);
+			talloc_free(tmp_ctx);
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+	}
+
+	/* create the user */
+	ret = ldb_add(ldb, msg);
+	switch (ret) {
+	case LDB_SUCCESS:
+		break;
+	case LDB_ERR_ENTRY_ALREADY_EXISTS:
+		ldb_transaction_cancel(ldb);
+		DEBUG(0,("Failed to create user record %s: %s\n",
+			 ldb_dn_get_linearized(msg->dn),
+			 ldb_errstring(ldb)));
+		talloc_free(tmp_ctx);
+		return NT_STATUS_USER_EXISTS;
+	case LDB_ERR_UNWILLING_TO_PERFORM:
+	case LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS:
+		ldb_transaction_cancel(ldb);
+		DEBUG(0,("Failed to create user record %s: %s\n",
+			 ldb_dn_get_linearized(msg->dn),
+			 ldb_errstring(ldb)));
+		talloc_free(tmp_ctx);
+		return NT_STATUS_ACCESS_DENIED;
+	default:
+		ldb_transaction_cancel(ldb);
+		DEBUG(0,("Failed to create user record %s: %s\n",
+			 ldb_dn_get_linearized(msg->dn),
+			 ldb_errstring(ldb)));
+		talloc_free(tmp_ctx);
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	account_dn = msg->dn;
+
+	/* retrieve the sid and account control bits for the user just created */
+	ret = dsdb_search_one(ldb, tmp_ctx, &msg,
+			      account_dn, LDB_SCOPE_BASE, attrs, 0, NULL);
+
+	if (ret != LDB_SUCCESS) {
+		ldb_transaction_cancel(ldb);
+		DEBUG(0,("Can't locate the account we just created %s: %s\n",
+			 ldb_dn_get_linearized(account_dn), ldb_errstring(ldb)));
+		talloc_free(tmp_ctx);
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+	account_sid = samdb_result_dom_sid(tmp_ctx, msg, "objectSid");
+	if (account_sid == NULL) {
+		ldb_transaction_cancel(ldb);
+		DEBUG(0,("Apparently we failed to get the objectSid of the just created account record %s\n",
+			 ldb_dn_get_linearized(msg->dn)));
+		talloc_free(tmp_ctx);
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	ret = ldb_transaction_commit(ldb);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,("Failed to commit transaction to add and modify account record %s: %s\n",
+			 ldb_dn_get_linearized(msg->dn),
+			 ldb_errstring(ldb)));
+		talloc_free(tmp_ctx);
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+	*dn = talloc_steal(mem_ctx, account_dn);
+	if (sid) {
+		*sid = talloc_steal(mem_ctx, account_sid);
+	}
+	talloc_free(tmp_ctx);
+	return NT_STATUS_OK;
+
+  failed:
+	ldb_transaction_cancel(ldb);
+	talloc_free(tmp_ctx);
+	return NT_STATUS_INTERNAL_ERROR;
+}
+
+/*
+  called by samr_CreateDomainGroup and pdb_samba4
+*/
+NTSTATUS dsdb_add_domain_group(struct ldb_context *ldb,
+			       TALLOC_CTX *mem_ctx,
+			       const char *groupname,
+			       struct dom_sid **sid,
+			       struct ldb_dn **dn)
+{
+	const char *name;
+	struct ldb_message *msg;
+	struct dom_sid *group_sid;
+	const char *groupname_encoded = NULL;
+	int ret;
+
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
+
+	groupname_encoded = ldb_binary_encode_string(tmp_ctx, groupname);
+	if (groupname_encoded == NULL) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* check if the group already exists */
+	name = samdb_search_string(ldb, tmp_ctx, NULL,
+				   "sAMAccountName",
+				   "(&(sAMAccountName=%s)(objectclass=group))",
+				   groupname_encoded);
+	if (name != NULL) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_GROUP_EXISTS;
+	}
+
+	msg = ldb_msg_new(tmp_ctx);
+	if (msg == NULL) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* add core elements to the ldb_message for the user */
+	msg->dn = ldb_dn_copy(tmp_ctx, ldb_get_default_basedn(ldb));
+	ldb_dn_add_child_fmt(msg->dn, "CN=%s,CN=Users", groupname);
+	if (!msg->dn) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+	ldb_msg_add_string(msg, "sAMAccountName", groupname);
+	ldb_msg_add_string(msg, "objectClass", "group");
+
+	/* create the group */
+	ret = ldb_add(ldb, msg);
+	switch (ret) {
+	case  LDB_SUCCESS:
+		break;
+	case  LDB_ERR_ENTRY_ALREADY_EXISTS:
+		DEBUG(0,("Failed to create group record %s: %s\n",
+			 ldb_dn_get_linearized(msg->dn),
+			 ldb_errstring(ldb)));
+		talloc_free(tmp_ctx);
+		return NT_STATUS_GROUP_EXISTS;
+	case  LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS:
+		DEBUG(0,("Failed to create group record %s: %s\n",
+			 ldb_dn_get_linearized(msg->dn),
+			 ldb_errstring(ldb)));
+		talloc_free(tmp_ctx);
+		return NT_STATUS_ACCESS_DENIED;
+	default:
+		DEBUG(0,("Failed to create group record %s: %s\n",
+			 ldb_dn_get_linearized(msg->dn),
+			 ldb_errstring(ldb)));
+		talloc_free(tmp_ctx);
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	/* retrieve the sid for the group just created */
+	group_sid = samdb_search_dom_sid(ldb, tmp_ctx,
+					 msg->dn, "objectSid", NULL);
+	if (group_sid == NULL) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	*dn = talloc_steal(mem_ctx, msg->dn);
+	*sid = talloc_steal(mem_ctx, group_sid);
+	talloc_free(tmp_ctx);
+	return NT_STATUS_OK;
+}
+
+NTSTATUS dsdb_add_domain_alias(struct ldb_context *ldb,
+			       TALLOC_CTX *mem_ctx,
+			       const char *alias_name,
+			       struct dom_sid **sid,
+			       struct ldb_dn **dn)
+{
+	const char *name;
+	struct ldb_message *msg;
+	struct dom_sid *alias_sid;
+	const char *alias_name_encoded = NULL;
+	int ret;
+
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
+
+	alias_name_encoded = ldb_binary_encode_string(tmp_ctx, alias_name);
+	if (alias_name_encoded == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (ldb_transaction_start(ldb) != LDB_SUCCESS) {
+		DEBUG(0, ("Failed to start transaction in dsdb_add_domain_alias(): %s\n", ldb_errstring(ldb)));
+		talloc_free(tmp_ctx);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	/* Check if alias already exists */
+	name = samdb_search_string(ldb, tmp_ctx, NULL,
+				   "sAMAccountName",
+				   "(sAMAccountName=%s)(objectclass=group))",
+				   alias_name_encoded);
+
+	if (name != NULL) {
+		talloc_free(tmp_ctx);
+		ldb_transaction_cancel(ldb);
+		return NT_STATUS_ALIAS_EXISTS;
+	}
+
+	msg = ldb_msg_new(tmp_ctx);
+	if (msg == NULL) {
+		talloc_free(tmp_ctx);
+		ldb_transaction_cancel(ldb);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* add core elements to the ldb_message for the alias */
+	msg->dn = ldb_dn_copy(mem_ctx, ldb_get_default_basedn(ldb));
+	ldb_dn_add_child_fmt(msg->dn, "CN=%s,CN=Users", alias_name);
+	if (!msg->dn) {
+		talloc_free(tmp_ctx);
+		ldb_transaction_cancel(ldb);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ldb_msg_add_string(msg, "sAMAccountName", alias_name);
+	ldb_msg_add_string(msg, "objectClass", "group");
+	samdb_msg_add_int(ldb, mem_ctx, msg, "groupType", GTYPE_SECURITY_DOMAIN_LOCAL_GROUP);
+
+	/* create the alias */
+	ret = ldb_add(ldb, msg);
+	switch (ret) {
+	case LDB_SUCCESS:
+		break;
+	case LDB_ERR_ENTRY_ALREADY_EXISTS:
+		talloc_free(tmp_ctx);
+		ldb_transaction_cancel(ldb);
+		return NT_STATUS_ALIAS_EXISTS;
+	case LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS:
+		talloc_free(tmp_ctx);
+		ldb_transaction_cancel(ldb);
+		return NT_STATUS_ACCESS_DENIED;
+	default:
+		DEBUG(0,("Failed to create alias record %s: %s\n",
+			 ldb_dn_get_linearized(msg->dn),
+			 ldb_errstring(ldb)));
+		talloc_free(tmp_ctx);
+		ldb_transaction_cancel(ldb);
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	/* retrieve the sid for the alias just created */
+	alias_sid = samdb_search_dom_sid(ldb, tmp_ctx,
+					 msg->dn, "objectSid", NULL);
+
+	if (ldb_transaction_commit(ldb) != LDB_SUCCESS) {
+		DEBUG(0, ("Failed to commit transaction in dsdb_add_domain_alias(): %s\n",
+			  ldb_errstring(ldb)));
+		talloc_free(tmp_ctx);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	*dn = talloc_steal(mem_ctx, msg->dn);
+	*sid = talloc_steal(mem_ctx, alias_sid);
+	talloc_free(tmp_ctx);
+
+
+	return NT_STATUS_OK;
+}
+
+/* Return the members of this group (which may be a domain group or an alias) */
+NTSTATUS dsdb_enum_group_mem(struct ldb_context *ldb,
+			     TALLOC_CTX *mem_ctx,
+			     struct ldb_dn *dn,
+			     struct dom_sid **members_out,
+			     unsigned int *pnum_members)
+{
+	struct ldb_message *msg;
+	unsigned int i, j;
+	int ret;
+	struct dom_sid *members;
+	struct ldb_message_element *member_el;
+	const char *attrs[] = { "member", NULL };
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
+
+	ret = dsdb_search_one(ldb, tmp_ctx, &msg, dn, LDB_SCOPE_BASE, attrs,
+			      DSDB_SEARCH_SHOW_EXTENDED_DN, NULL);
+	if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+	if (ret != LDB_SUCCESS) {
+		DEBUG(1, ("dsdb_enum_group_mem: dsdb_search for %s failed: %s\n",
+			  ldb_dn_get_linearized(dn), ldb_errstring(ldb)));
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	member_el = ldb_msg_find_element(msg, "member");
+	if (!member_el) {
+		*members_out = NULL;
+		*pnum_members = 0;
+		talloc_free(tmp_ctx);
+		return NT_STATUS_OK;
+	}
+
+	members = talloc_array(mem_ctx, struct dom_sid, member_el->num_values);
+	if (members == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	j = 0;
+	for (i=0; i <member_el->num_values; i++) {
+		struct ldb_dn *member_dn = ldb_dn_from_ldb_val(tmp_ctx, ldb,
+							       &member_el->values[i]);
+		if (!member_dn || !ldb_dn_validate(member_dn)) {
+			DEBUG(1, ("Could not parse %*.*s as a DN\n",
+				  (int)member_el->values[i].length,
+				  (int)member_el->values[i].length,
+				  (const char *)member_el->values[i].data));
+			talloc_free(tmp_ctx);
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+
+		status = dsdb_get_extended_dn_sid(member_dn, &members[j],
+						  "SID");
+		if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+			/* If we fail finding a SID then this is no error since
+			 * it could be a non SAM object - e.g. a contact */
+			continue;
+		} else if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(1, ("When parsing DN '%s' we failed to parse it's SID component, so we cannot fetch the membership: %s\n",
+				  ldb_dn_get_extended_linearized(tmp_ctx, member_dn, 1),
+				  nt_errstr(status)));
+			talloc_free(tmp_ctx);
+			return status;
+		}
+
+		++j;
+	}
+
+	*members_out = members;
+	*pnum_members = j;
+	talloc_free(tmp_ctx);
+	return NT_STATUS_OK;
+}
+
+NTSTATUS dsdb_lookup_rids(struct ldb_context *ldb,
+			  TALLOC_CTX *mem_ctx,
+			  const struct dom_sid *domain_sid,
+			  unsigned int num_rids,
+			  uint32_t *rids,
+			  const char **names,
+			  enum lsa_SidType *lsa_attrs)
+{
+	const char *attrs[] = { "sAMAccountType", "sAMAccountName", NULL };
+	unsigned int i, num_mapped;
+
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
+
+	num_mapped = 0;
+
+	for (i=0; i<num_rids; i++) {
+		struct ldb_message *msg;
+		struct ldb_dn *dn;
+		uint32_t attr;
+		int rc;
+
+		lsa_attrs[i] = SID_NAME_UNKNOWN;
+
+		dn = ldb_dn_new_fmt(tmp_ctx, ldb, "<SID=%s>",
+				    dom_sid_string(tmp_ctx,
+						   dom_sid_add_rid(tmp_ctx, domain_sid,
+								   rids[i])));
+		if (dn == NULL) {
+			talloc_free(tmp_ctx);
+			return NT_STATUS_NO_MEMORY;
+		}
+		rc = dsdb_search_one(ldb, tmp_ctx, &msg, dn, LDB_SCOPE_BASE, attrs, 0, "samAccountName=*");
+		if (rc == LDB_ERR_NO_SUCH_OBJECT) {
+			continue;
+		} else if (rc != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+
+		names[i] = ldb_msg_find_attr_as_string(msg, "samAccountName", NULL);
+		if (names[i] == NULL) {
+			DEBUG(10, ("no samAccountName\n"));
+			continue;
+		}
+		talloc_steal(names, names[i]);
+		attr = ldb_msg_find_attr_as_uint(msg, "samAccountType", 0);
+		lsa_attrs[i] = ds_atype_map(attr);
+		if (lsa_attrs[i] == SID_NAME_UNKNOWN) {
+			continue;
+		}
+		num_mapped += 1;
+	}
+	talloc_free(tmp_ctx);
+
+	if (num_mapped == 0) {
+		return NT_STATUS_NONE_MAPPED;
+	}
+	if (num_mapped < num_rids) {
+		return STATUS_SOME_UNMAPPED;
+	}
+	return NT_STATUS_OK;
+}
+
diff --git a/source4/dsdb/common/util_trusts.c b/source4/dsdb/common/util_trusts.c
new file mode 100644
index 0000000..5003e74
--- /dev/null
+++ b/source4/dsdb/common/util_trusts.c
@@ -0,0 +1,3443 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Stefan Metzmacher 2015
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "ldb.h"
+#include "../lib/util/util_ldb.h"
+#include "dsdb/samdb/samdb.h"
+#include "libcli/security/security.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "../libds/common/flags.h"
+#include "dsdb/common/proto.h"
+#include "param/param.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "lib/util/tsort.h"
+#include "dsdb/common/util.h"
+#include "libds/common/flag_mapping.h"
+#include "../lib/util/dlinklist.h"
+#include "lib/crypto/md4.h"
+#include "libcli/ldap/ldap_ndr.h"
+
+#undef strcasecmp
+
+NTSTATUS dsdb_trust_forest_info_from_lsa(TALLOC_CTX *mem_ctx,
+				const struct lsa_ForestTrustInformation *lfti,
+				struct ForestTrustInfo **_fti)
+{
+	struct ForestTrustInfo *fti;
+	uint32_t i;
+
+	*_fti = NULL;
+
+	fti = talloc_zero(mem_ctx, struct ForestTrustInfo);
+	if (fti == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	fti->version = 1;
+	fti->count = lfti->count;
+	fti->records = talloc_zero_array(mem_ctx,
+					 struct ForestTrustInfoRecordArmor,
+					 fti->count);
+	if (fti->records == NULL) {
+		TALLOC_FREE(fti);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i = 0; i < fti->count; i++) {
+		const struct lsa_ForestTrustRecord *lftr = lfti->entries[i];
+		struct ForestTrustInfoRecord *ftr = &fti->records[i].record;
+		struct ForestTrustString *str = NULL;
+		const struct lsa_StringLarge *lstr = NULL;
+		const struct lsa_ForestTrustDomainInfo *linfo = NULL;
+		struct ForestTrustDataDomainInfo *info = NULL;
+
+		if (lftr == NULL) {
+			TALLOC_FREE(fti);
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		ftr->flags = lftr->flags;
+		ftr->timestamp = lftr->time;
+		ftr->type = (enum ForestTrustInfoRecordType)lftr->type;
+
+		switch (lftr->type) {
+		case LSA_FOREST_TRUST_TOP_LEVEL_NAME:
+			lstr = &lftr->forest_trust_data.top_level_name;
+			str = &ftr->data.name;
+
+			str->string = talloc_strdup(mem_ctx, lstr->string);
+			if (str->string == NULL) {
+				TALLOC_FREE(fti);
+				return NT_STATUS_NO_MEMORY;
+			}
+
+			break;
+
+		case LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX:
+			lstr = &lftr->forest_trust_data.top_level_name_ex;
+			str = &ftr->data.name;
+
+			str->string = talloc_strdup(mem_ctx, lstr->string);
+			if (str->string == NULL) {
+				TALLOC_FREE(fti);
+				return NT_STATUS_NO_MEMORY;
+			}
+
+			break;
+
+		case LSA_FOREST_TRUST_DOMAIN_INFO:
+			linfo = &lftr->forest_trust_data.domain_info;
+			info = &ftr->data.info;
+
+			if (linfo->domain_sid == NULL) {
+				TALLOC_FREE(fti);
+				return NT_STATUS_INVALID_PARAMETER;
+			}
+			info->sid = *linfo->domain_sid;
+
+			lstr = &linfo->dns_domain_name;
+			str = &info->dns_name;
+			str->string = talloc_strdup(mem_ctx, lstr->string);
+			if (str->string == NULL) {
+				TALLOC_FREE(fti);
+				return NT_STATUS_NO_MEMORY;
+			}
+
+			lstr = &linfo->netbios_domain_name;
+			str = &info->netbios_name;
+			str->string = talloc_strdup(mem_ctx, lstr->string);
+			if (str->string == NULL) {
+				TALLOC_FREE(fti);
+				return NT_STATUS_NO_MEMORY;
+			}
+
+			break;
+
+		default:
+			return NT_STATUS_NOT_SUPPORTED;
+		}
+	}
+
+	*_fti = fti;
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS dsdb_trust_forest_record_to_lsa(TALLOC_CTX *mem_ctx,
+					 const struct ForestTrustInfoRecord *ftr,
+					 struct lsa_ForestTrustRecord **_lftr)
+{
+	struct lsa_ForestTrustRecord *lftr = NULL;
+	const struct ForestTrustString *str = NULL;
+	struct lsa_StringLarge *lstr = NULL;
+	const struct ForestTrustDataDomainInfo *info = NULL;
+	struct lsa_ForestTrustDomainInfo *linfo = NULL;
+
+	*_lftr = NULL;
+
+	lftr = talloc_zero(mem_ctx, struct lsa_ForestTrustRecord);
+	if (lftr == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	lftr->flags = ftr->flags;
+	lftr->time = ftr->timestamp;
+	lftr->type = (enum lsa_ForestTrustRecordType)ftr->type;
+
+	switch (lftr->type) {
+	case LSA_FOREST_TRUST_TOP_LEVEL_NAME:
+		lstr = &lftr->forest_trust_data.top_level_name;
+		str = &ftr->data.name;
+
+		lstr->string = talloc_strdup(mem_ctx, str->string);
+		if (lstr->string == NULL) {
+			TALLOC_FREE(lftr);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		break;
+
+	case LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX:
+		lstr = &lftr->forest_trust_data.top_level_name_ex;
+		str = &ftr->data.name;
+
+		lstr->string = talloc_strdup(mem_ctx, str->string);
+		if (lstr->string == NULL) {
+			TALLOC_FREE(lftr);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		break;
+
+	case LSA_FOREST_TRUST_DOMAIN_INFO:
+		linfo = &lftr->forest_trust_data.domain_info;
+		info = &ftr->data.info;
+
+		linfo->domain_sid = dom_sid_dup(lftr, &info->sid);
+		if (linfo->domain_sid == NULL) {
+			TALLOC_FREE(lftr);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		lstr = &linfo->dns_domain_name;
+		str = &info->dns_name;
+		lstr->string = talloc_strdup(mem_ctx, str->string);
+		if (lstr->string == NULL) {
+			TALLOC_FREE(lftr);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		lstr = &linfo->netbios_domain_name;
+		str = &info->netbios_name;
+		lstr->string = talloc_strdup(mem_ctx, str->string);
+		if (lstr->string == NULL) {
+			TALLOC_FREE(lftr);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		break;
+
+	default:
+		return NT_STATUS_NOT_SUPPORTED;
+	}
+
+	*_lftr = lftr;
+	return NT_STATUS_OK;
+}
+
+NTSTATUS dsdb_trust_forest_info_to_lsa(TALLOC_CTX *mem_ctx,
+				       const struct ForestTrustInfo *fti,
+				       struct lsa_ForestTrustInformation **_lfti)
+{
+	struct lsa_ForestTrustInformation *lfti;
+	uint32_t i;
+
+	*_lfti = NULL;
+
+	if (fti->version != 1) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	lfti = talloc_zero(mem_ctx, struct lsa_ForestTrustInformation);
+	if (lfti == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	lfti->count = fti->count;
+	lfti->entries = talloc_zero_array(mem_ctx,
+					  struct lsa_ForestTrustRecord *,
+					  lfti->count);
+	if (lfti->entries == NULL) {
+		TALLOC_FREE(lfti);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i = 0; i < fti->count; i++) {
+		struct ForestTrustInfoRecord *ftr = &fti->records[i].record;
+		struct lsa_ForestTrustRecord *lftr = NULL;
+		NTSTATUS status;
+
+		status = dsdb_trust_forest_record_to_lsa(lfti->entries, ftr,
+							 &lftr);
+		if (!NT_STATUS_IS_OK(status)) {
+			TALLOC_FREE(lfti);
+			return NT_STATUS_NO_MEMORY;
+		}
+		lfti->entries[i] = lftr;
+	}
+
+	*_lfti = lfti;
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS dsdb_trust_forest_info_add_record(struct lsa_ForestTrustInformation *fti,
+						  const struct lsa_ForestTrustRecord *ftr)
+{
+	struct lsa_ForestTrustRecord **es = NULL;
+	struct lsa_ForestTrustRecord *e = NULL;
+	const struct lsa_StringLarge *dns1 = NULL;
+	struct lsa_StringLarge *dns2 = NULL;
+	const struct lsa_ForestTrustDomainInfo *d1 = NULL;
+	struct lsa_ForestTrustDomainInfo *d2 = NULL;
+	size_t len = 0;
+
+	es = talloc_realloc(fti, fti->entries,
+			    struct lsa_ForestTrustRecord *,
+			    fti->count + 1);
+	if (!es) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	fti->entries = es;
+
+	e = talloc_zero(es, struct lsa_ForestTrustRecord);
+	if (e == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	e->type = ftr->type;
+	e->flags = ftr->flags;
+	e->time = ftr->time;
+
+	switch (ftr->type) {
+	case LSA_FOREST_TRUST_TOP_LEVEL_NAME:
+		dns1 = &ftr->forest_trust_data.top_level_name;
+		dns2 = &e->forest_trust_data.top_level_name;
+		break;
+
+	case LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX:
+		dns1 = &ftr->forest_trust_data.top_level_name_ex;
+		dns2 = &e->forest_trust_data.top_level_name_ex;
+		break;
+
+	case LSA_FOREST_TRUST_DOMAIN_INFO:
+		dns1 = &ftr->forest_trust_data.domain_info.dns_domain_name;
+		dns2 = &e->forest_trust_data.domain_info.dns_domain_name;
+		d1 = &ftr->forest_trust_data.domain_info;
+		d2 = &e->forest_trust_data.domain_info;
+		break;
+	default:
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (dns1->string == NULL) {
+		TALLOC_FREE(e);
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	len = strlen(dns1->string);
+	if (len == 0) {
+		TALLOC_FREE(e);
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	dns2->string = talloc_strdup(e, dns1->string);
+	if (dns2->string == NULL) {
+		TALLOC_FREE(e);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (d1 != NULL) {
+		const struct lsa_StringLarge *nb1 = &d1->netbios_domain_name;
+		struct lsa_StringLarge *nb2 = &d2->netbios_domain_name;
+
+		if (nb1->string == NULL) {
+			TALLOC_FREE(e);
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		len = strlen(nb1->string);
+		if (len == 0) {
+			TALLOC_FREE(e);
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+		if (len > 15) {
+			TALLOC_FREE(e);
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		nb2->string = talloc_strdup(e, nb1->string);
+		if (nb2->string == NULL) {
+			TALLOC_FREE(e);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		if (d1->domain_sid == NULL) {
+			TALLOC_FREE(e);
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		d2->domain_sid = dom_sid_dup(e, d1->domain_sid);
+		if (d2->domain_sid == NULL) {
+			TALLOC_FREE(e);
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
+	fti->entries[fti->count++] = e;
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS dsdb_trust_parse_crossref_info(TALLOC_CTX *mem_ctx,
+					struct ldb_context *sam_ctx,
+					const struct ldb_message *msg,
+					struct lsa_TrustDomainInfoInfoEx **_tdo)
+{
+	TALLOC_CTX *frame = talloc_stackframe();
+	struct lsa_TrustDomainInfoInfoEx *tdo = NULL;
+	const char *dns = NULL;
+	const char *netbios = NULL;
+	struct ldb_dn *nc_dn = NULL;
+	struct dom_sid sid = {
+		.num_auths = 0,
+	};
+	NTSTATUS status;
+
+	*_tdo = NULL;
+	tdo = talloc_zero(mem_ctx, struct lsa_TrustDomainInfoInfoEx);
+	if (tdo == NULL) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_NO_MEMORY;
+	}
+	talloc_steal(frame, tdo);
+
+	dns = ldb_msg_find_attr_as_string(msg, "dnsRoot", NULL);
+	if (dns == NULL) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+	tdo->domain_name.string = talloc_strdup(tdo, dns);
+	if (tdo->domain_name.string == NULL) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	netbios = ldb_msg_find_attr_as_string(msg, "nETBIOSName", NULL);
+	if (netbios == NULL) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+	tdo->netbios_name.string = talloc_strdup(tdo, netbios);
+	if (tdo->netbios_name.string == NULL) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	nc_dn = samdb_result_dn(sam_ctx, frame, msg, "ncName", NULL);
+	if (nc_dn == NULL) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	status = dsdb_get_extended_dn_sid(nc_dn, &sid, "SID");
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(frame);
+		return status;
+	}
+	tdo->sid = dom_sid_dup(tdo, &sid);
+	if (tdo->sid == NULL) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	tdo->trust_type = LSA_TRUST_TYPE_UPLEVEL;
+	tdo->trust_direction = LSA_TRUST_DIRECTION_INBOUND |
+			       LSA_TRUST_DIRECTION_OUTBOUND;
+	tdo->trust_attributes = LSA_TRUST_ATTRIBUTE_WITHIN_FOREST;
+
+	*_tdo = talloc_move(mem_ctx, &tdo);
+	TALLOC_FREE(frame);
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS dsdb_trust_crossref_tdo_info(TALLOC_CTX *mem_ctx,
+			struct ldb_context *sam_ctx,
+			struct ldb_dn *domain_dn,
+			const char *extra_filter,
+			struct lsa_TrustDomainInfoInfoEx **_tdo,
+			struct lsa_TrustDomainInfoInfoEx **_root_trust_tdo,
+			struct lsa_TrustDomainInfoInfoEx **_trust_parent_tdo)
+{
+	TALLOC_CTX *frame = talloc_stackframe();
+	struct lsa_TrustDomainInfoInfoEx *tdo = NULL;
+	struct lsa_TrustDomainInfoInfoEx *root_trust_tdo = NULL;
+	struct lsa_TrustDomainInfoInfoEx *trust_parent_tdo = NULL;
+	struct ldb_dn *partitions_dn = NULL;
+	const char * const cross_attrs[] = {
+		"dnsRoot",
+		"nETBIOSName",
+		"nCName",
+		"rootTrust",
+		"trustParent",
+		NULL,
+	};
+	struct ldb_result *cross_res = NULL;
+	struct ldb_message *msg = NULL;
+	struct ldb_dn *root_trust_dn = NULL;
+	struct ldb_dn *trust_parent_dn = NULL;
+	NTSTATUS status;
+	int ret;
+
+	if (extra_filter == NULL) {
+		extra_filter = "";
+	}
+
+	*_tdo = NULL;
+	if (_root_trust_tdo != NULL) {
+		*_root_trust_tdo = NULL;
+	}
+	if (_trust_parent_tdo != NULL) {
+		*_trust_parent_tdo = NULL;
+	}
+
+	partitions_dn = samdb_partitions_dn(sam_ctx, frame);
+	if (partitions_dn == NULL) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ret = dsdb_search(sam_ctx, partitions_dn, &cross_res,
+			  partitions_dn, LDB_SCOPE_ONELEVEL,
+			  cross_attrs,
+			  DSDB_SEARCH_ONE_ONLY |
+			  DSDB_SEARCH_SHOW_EXTENDED_DN,
+			  "(&"
+			    "(ncName=%s)"
+			    "(objectClass=crossRef)"
+			    "(systemFlags:%s:=%u)"
+			    "%s"
+			  ")",
+			  ldb_dn_get_linearized(domain_dn),
+			  LDB_OID_COMPARATOR_AND,
+			  SYSTEM_FLAG_CR_NTDS_DOMAIN,
+			  extra_filter);
+	if (ret != LDB_SUCCESS) {
+		TALLOC_FREE(frame);
+		return dsdb_ldb_err_to_ntstatus(ret);
+	}
+	msg = cross_res->msgs[0];
+
+	status = dsdb_trust_parse_crossref_info(mem_ctx, sam_ctx, msg, &tdo);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(frame);
+		return status;
+	}
+	talloc_steal(frame, tdo);
+
+	if (_root_trust_tdo != NULL) {
+		root_trust_dn = samdb_result_dn(sam_ctx, frame, msg,
+						"rootTrust", NULL);
+	}
+	if (_trust_parent_tdo != NULL) {
+		trust_parent_dn = samdb_result_dn(sam_ctx, frame, msg,
+						   "trustParent", NULL);
+	}
+
+	if (root_trust_dn != NULL) {
+		struct ldb_message *root_trust_msg = NULL;
+
+		ret = dsdb_search_one(sam_ctx, frame,
+				      &root_trust_msg,
+				      root_trust_dn,
+				      LDB_SCOPE_BASE,
+				      cross_attrs,
+				      DSDB_SEARCH_NO_GLOBAL_CATALOG,
+				      "(objectClass=crossRef)");
+		if (ret != LDB_SUCCESS) {
+			status = dsdb_ldb_err_to_ntstatus(ret);
+			DEBUG(3, ("Failed to search for %s: %s - %s\n",
+				  ldb_dn_get_linearized(root_trust_dn),
+				  nt_errstr(status), ldb_errstring(sam_ctx)));
+			TALLOC_FREE(frame);
+			return status;
+		}
+
+		status = dsdb_trust_parse_crossref_info(mem_ctx, sam_ctx,
+							root_trust_msg,
+							&root_trust_tdo);
+		if (!NT_STATUS_IS_OK(status)) {
+			TALLOC_FREE(frame);
+			return status;
+		}
+		talloc_steal(frame, root_trust_tdo);
+	}
+
+	if (trust_parent_dn != NULL) {
+		struct ldb_message *trust_parent_msg = NULL;
+
+		ret = dsdb_search_one(sam_ctx, frame,
+				      &trust_parent_msg,
+				      trust_parent_dn,
+				      LDB_SCOPE_BASE,
+				      cross_attrs,
+				      DSDB_SEARCH_NO_GLOBAL_CATALOG,
+				      "(objectClass=crossRef)");
+		if (ret != LDB_SUCCESS) {
+			status = dsdb_ldb_err_to_ntstatus(ret);
+			DEBUG(3, ("Failed to search for %s: %s - %s\n",
+				  ldb_dn_get_linearized(trust_parent_dn),
+				  nt_errstr(status), ldb_errstring(sam_ctx)));
+			TALLOC_FREE(frame);
+			return status;
+		}
+
+		status = dsdb_trust_parse_crossref_info(mem_ctx, sam_ctx,
+							trust_parent_msg,
+							&trust_parent_tdo);
+		if (!NT_STATUS_IS_OK(status)) {
+			TALLOC_FREE(frame);
+			return status;
+		}
+		talloc_steal(frame, trust_parent_tdo);
+	}
+
+	*_tdo = talloc_move(mem_ctx, &tdo);
+	if (_root_trust_tdo != NULL) {
+		*_root_trust_tdo = talloc_move(mem_ctx, &root_trust_tdo);
+	}
+	if (_trust_parent_tdo != NULL) {
+		*_trust_parent_tdo = talloc_move(mem_ctx, &trust_parent_tdo);
+	}
+	TALLOC_FREE(frame);
+	return NT_STATUS_OK;
+}
+
+#define DNS_CMP_FIRST_IS_CHILD -2
+#define DNS_CMP_FIRST_IS_LESS -1
+#define DNS_CMP_MATCH 0
+#define DNS_CMP_SECOND_IS_LESS 1
+#define DNS_CMP_SECOND_IS_CHILD 2
+
+#define DNS_CMP_IS_NO_MATCH(__cmp) \
+	((__cmp == DNS_CMP_FIRST_IS_LESS) || (__cmp == DNS_CMP_SECOND_IS_LESS))
+
+/*
+ * this function assumes names are well formed DNS names.
+ * it doesn't validate them
+ *
+ * It allows strings up to a length of UINT16_MAX - 1
+ * with up to UINT8_MAX components. On overflow this
+ * just returns the result of strcasecmp_m().
+ *
+ * Trailing dots (only one) are ignored.
+ *
+ * The DNS names are compared per component, starting from
+ * the last one.
+ */
+static int dns_cmp(const char *s1, const char *s2)
+{
+	size_t l1 = 0;
+	const char *p1 = NULL;
+	size_t num_comp1 = 0;
+	uint16_t comp1[UINT8_MAX] = {0};
+	size_t l2 = 0;
+	const char *p2 = NULL;
+	size_t num_comp2 = 0;
+	uint16_t comp2[UINT8_MAX] = {0};
+	size_t i;
+
+	if (s1 != NULL) {
+		l1 = strlen(s1);
+	}
+
+	if (s2 != NULL) {
+		l2 = strlen(s2);
+	}
+
+	/*
+	 * trailing '.' are ignored.
+	 */
+	if (l1 > 1 && s1[l1 - 1] == '.') {
+		l1--;
+	}
+	if (l2 > 1 && s2[l2 - 1] == '.') {
+		l2--;
+	}
+
+	for (i = 0; i < ARRAY_SIZE(comp1); i++) {
+		char *p;
+
+		if (i == 0) {
+			p1 = s1;
+
+			if (l1 == 0 || l1 >= UINT16_MAX) {
+				/* just use one single component on overflow */
+				break;
+			}
+		}
+
+		comp1[num_comp1++] = PTR_DIFF(p1, s1);
+
+		p = strchr_m(p1, '.');
+		if (p == NULL) {
+			p1 = NULL;
+			break;
+		}
+
+		p1 = p + 1;
+	}
+
+	if (p1 != NULL) {
+		/* just use one single component on overflow */
+		num_comp1 = 0;
+		comp1[num_comp1++] = 0;
+		p1 = NULL;
+	}
+
+	for (i = 0; i < ARRAY_SIZE(comp2); i++) {
+		char *p;
+
+		if (i == 0) {
+			p2 = s2;
+
+			if (l2 == 0 || l2 >= UINT16_MAX) {
+				/* just use one single component on overflow */
+				break;
+			}
+		}
+
+		comp2[num_comp2++] = PTR_DIFF(p2, s2);
+
+		p = strchr_m(p2, '.');
+		if (p == NULL) {
+			p2 = NULL;
+			break;
+		}
+
+		p2 = p + 1;
+	}
+
+	if (p2 != NULL) {
+		/* just use one single component on overflow */
+		num_comp2 = 0;
+		comp2[num_comp2++] = 0;
+		p2 = NULL;
+	}
+
+	for (i = 0; i < UINT8_MAX; i++) {
+		int cmp;
+
+		if (i < num_comp1) {
+			size_t idx = num_comp1 - (i + 1);
+			p1 = s1 + comp1[idx];
+		} else {
+			p1 = NULL;
+		}
+
+		if (i < num_comp2) {
+			size_t idx = num_comp2 - (i + 1);
+			p2 = s2 + comp2[idx];
+		} else {
+			p2 = NULL;
+		}
+
+		if (p1 == NULL && p2 == NULL) {
+			return DNS_CMP_MATCH;
+		}
+		if (p1 != NULL && p2 == NULL) {
+			return DNS_CMP_FIRST_IS_CHILD;
+		}
+		if (p1 == NULL && p2 != NULL) {
+			return DNS_CMP_SECOND_IS_CHILD;
+		}
+
+		cmp = strcasecmp_m(p1, p2);
+		if (cmp < 0) {
+			return DNS_CMP_FIRST_IS_LESS;
+		}
+		if (cmp > 0) {
+			return DNS_CMP_SECOND_IS_LESS;
+		}
+	}
+
+	smb_panic(__location__);
+	return -1;
+}
+
+static int dsdb_trust_find_tln_match_internal(const struct lsa_ForestTrustInformation *info,
+					      enum lsa_ForestTrustRecordType type,
+					      uint32_t disable_mask,
+					      const char *tln)
+{
+	uint32_t i;
+
+	for (i = 0; i < info->count; i++) {
+		struct lsa_ForestTrustRecord *e = info->entries[i];
+		struct lsa_StringLarge *t = NULL;
+		int cmp;
+
+		if (e == NULL) {
+			continue;
+		}
+
+		if (e->type != type) {
+			continue;
+		}
+
+		if (e->flags & disable_mask) {
+			continue;
+		}
+
+		switch (type) {
+		case LSA_FOREST_TRUST_TOP_LEVEL_NAME:
+			t = &e->forest_trust_data.top_level_name;
+			break;
+		case LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX:
+			t = &e->forest_trust_data.top_level_name_ex;
+			break;
+		default:
+			break;
+		}
+
+		if (t == NULL) {
+			continue;
+		}
+
+		cmp = dns_cmp(tln, t->string);
+		switch (cmp) {
+		case DNS_CMP_MATCH:
+		case DNS_CMP_FIRST_IS_CHILD:
+			return i;
+		}
+	}
+
+	return -1;
+}
+
+static bool dsdb_trust_find_tln_match(const struct lsa_ForestTrustInformation *info,
+				      const char *tln)
+{
+	int m;
+
+	m = dsdb_trust_find_tln_match_internal(info,
+					       LSA_FOREST_TRUST_TOP_LEVEL_NAME,
+					       LSA_TLN_DISABLED_MASK,
+					       tln);
+	if (m != -1) {
+		return true;
+	}
+
+	return false;
+}
+
+static bool dsdb_trust_find_tln_ex_match(const struct lsa_ForestTrustInformation *info,
+					 const char *tln)
+{
+	int m;
+
+	m = dsdb_trust_find_tln_match_internal(info,
+					       LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX,
+					       0,
+					       tln);
+	if (m != -1) {
+		return true;
+	}
+
+	return false;
+}
+
+NTSTATUS dsdb_trust_local_tdo_info(TALLOC_CTX *mem_ctx,
+				   struct ldb_context *sam_ctx,
+				   struct lsa_TrustDomainInfoInfoEx **_tdo)
+{
+	struct ldb_dn *domain_dn = NULL;
+
+	domain_dn = ldb_get_default_basedn(sam_ctx);
+	if (domain_dn == NULL) {
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	return dsdb_trust_crossref_tdo_info(mem_ctx, sam_ctx,
+					    domain_dn, NULL,
+					    _tdo, NULL, NULL);
+}
+
+NTSTATUS dsdb_trust_xref_tdo_info(TALLOC_CTX *mem_ctx,
+				  struct ldb_context *sam_ctx,
+				  struct lsa_TrustDomainInfoInfoEx **_tdo)
+{
+	/*
+	 * The extra filter makes sure we only find the forest root domain
+	 */
+	const char *extra_filter = "(!(|(rootTrust=*)(trustParent=*)))";
+	struct ldb_dn *domain_dn = NULL;
+
+	domain_dn = ldb_get_default_basedn(sam_ctx);
+	if (domain_dn == NULL) {
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	return dsdb_trust_crossref_tdo_info(mem_ctx, sam_ctx,
+					    domain_dn, extra_filter,
+					    _tdo, NULL, NULL);
+}
+
+static int dsdb_trust_xref_sort_msgs(struct ldb_message **_m1,
+				     struct ldb_message **_m2)
+{
+	struct ldb_message *m1 = *_m1;
+	struct ldb_message *m2 = *_m2;
+	const char *dns1 = NULL;
+	const char *dns2 = NULL;
+	int cmp;
+	struct ldb_message_element *rootTrust1 = NULL;
+	struct ldb_message_element *trustParent1 = NULL;
+	struct ldb_message_element *rootTrust2 = NULL;
+	struct ldb_message_element *trustParent2 = NULL;
+
+	dns1 = ldb_msg_find_attr_as_string(m1, "dnsRoot", NULL);
+	dns2 = ldb_msg_find_attr_as_string(m2, "dnsRoot", NULL);
+
+	cmp = dns_cmp(dns1, dns2);
+	switch (cmp) {
+	case DNS_CMP_FIRST_IS_CHILD:
+		return -1;
+	case DNS_CMP_SECOND_IS_CHILD:
+		return 1;
+	}
+
+	rootTrust1 = ldb_msg_find_element(m1, "rootTrust");
+	trustParent1 = ldb_msg_find_element(m1, "trustParent");
+	rootTrust2 = ldb_msg_find_element(m2, "rootTrust");
+	trustParent2 = ldb_msg_find_element(m2, "trustParent");
+
+	if (rootTrust1 == NULL && trustParent1 == NULL) {
+		/* m1 is the forest root */
+		return -1;
+	}
+	if (rootTrust2 == NULL && trustParent2 == NULL) {
+		/* m2 is the forest root */
+		return 1;
+	}
+
+	return cmp;
+}
+
+static int dsdb_trust_xref_sort_vals(struct ldb_val *v1,
+				     struct ldb_val *v2)
+{
+	const char *dns1 = (const char *)v1->data;
+	const char *dns2 = (const char *)v2->data;
+
+	return dns_cmp(dns1, dns2);
+}
+
+NTSTATUS dsdb_trust_xref_forest_info(TALLOC_CTX *mem_ctx,
+				     struct ldb_context *sam_ctx,
+				     struct lsa_ForestTrustInformation **_info)
+{
+	TALLOC_CTX *frame = talloc_stackframe();
+	struct lsa_ForestTrustInformation *info = NULL;
+	struct ldb_dn *partitions_dn = NULL;
+	const char * const cross_attrs1[] = {
+		"uPNSuffixes",
+		"msDS-SPNSuffixes",
+		NULL,
+	};
+	struct ldb_result *cross_res1 = NULL;
+	struct ldb_message_element *upn_el = NULL;
+	struct ldb_message_element *spn_el = NULL;
+	struct ldb_message *tln_msg = NULL;
+	struct ldb_message_element *tln_el = NULL;
+	const char * const cross_attrs2[] = {
+		"dnsRoot",
+		"nETBIOSName",
+		"nCName",
+		"rootTrust",
+		"trustParent",
+		NULL,
+	};
+	struct ldb_result *cross_res2 = NULL;
+	int ret;
+	unsigned int i;
+	bool restart = false;
+
+	*_info = NULL;
+	info = talloc_zero(mem_ctx, struct lsa_ForestTrustInformation);
+	if (info == NULL) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_NO_MEMORY;
+	}
+	talloc_steal(frame, info);
+
+	partitions_dn = samdb_partitions_dn(sam_ctx, frame);
+	if (partitions_dn == NULL) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ret = dsdb_search_dn(sam_ctx, partitions_dn, &cross_res1,
+			     partitions_dn, cross_attrs1, 0);
+	if (ret != LDB_SUCCESS) {
+		TALLOC_FREE(frame);
+		return dsdb_ldb_err_to_ntstatus(ret);
+	}
+
+	ret = dsdb_search(sam_ctx, partitions_dn, &cross_res2,
+			  partitions_dn, LDB_SCOPE_ONELEVEL,
+			  cross_attrs2,
+			  DSDB_SEARCH_SHOW_EXTENDED_DN,
+			  "(&(objectClass=crossRef)"
+			   "(systemFlags:%s:=%u))",
+			  LDB_OID_COMPARATOR_AND,
+			  SYSTEM_FLAG_CR_NTDS_DOMAIN);
+	if (ret != LDB_SUCCESS) {
+		TALLOC_FREE(frame);
+		return dsdb_ldb_err_to_ntstatus(ret);
+	}
+
+	/*
+	 * Sort the domains as trees, starting with the forest root
+	 */
+	TYPESAFE_QSORT(cross_res2->msgs, cross_res2->count,
+		       dsdb_trust_xref_sort_msgs);
+
+	upn_el = ldb_msg_find_element(cross_res1->msgs[0], "uPNSuffixes");
+	if (upn_el != NULL) {
+		upn_el->name = "__tln__";
+	}
+	spn_el = ldb_msg_find_element(cross_res1->msgs[0], "msDS-SPNSuffixes");
+	if (spn_el != NULL) {
+		spn_el->name = "__tln__";
+	}
+	ret = ldb_msg_normalize(sam_ctx, frame, cross_res1->msgs[0], &tln_msg);
+	if (ret != LDB_SUCCESS) {
+		TALLOC_FREE(frame);
+		return dsdb_ldb_err_to_ntstatus(ret);
+	}
+	tln_el = ldb_msg_find_element(tln_msg, "__tln__");
+	if (tln_el != NULL) {
+		/*
+		 * Sort the domains as trees
+		 */
+		TYPESAFE_QSORT(tln_el->values, tln_el->num_values,
+			       dsdb_trust_xref_sort_vals);
+	}
+
+	for (i=0; i < cross_res2->count; i++) {
+		struct ldb_message *m = cross_res2->msgs[i];
+		const char *dns = NULL;
+		const char *netbios = NULL;
+		struct ldb_dn *nc_dn = NULL;
+		struct dom_sid sid = {
+			.num_auths = 0,
+		};
+		struct lsa_ForestTrustRecord e = {
+			.flags = 0,
+		};
+		struct lsa_ForestTrustDomainInfo *d = NULL;
+		struct lsa_StringLarge *t = NULL;
+		bool match = false;
+		NTSTATUS status;
+
+		dns = ldb_msg_find_attr_as_string(m, "dnsRoot", NULL);
+		if (dns == NULL) {
+			TALLOC_FREE(frame);
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+
+		netbios = ldb_msg_find_attr_as_string(m, "nETBIOSName", NULL);
+		if (netbios == NULL) {
+			TALLOC_FREE(frame);
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+
+		nc_dn = samdb_result_dn(sam_ctx, m, m, "ncName", NULL);
+		if (nc_dn == NULL) {
+			TALLOC_FREE(frame);
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+
+		status = dsdb_get_extended_dn_sid(nc_dn, &sid, "SID");
+		if (!NT_STATUS_IS_OK(status)) {
+			TALLOC_FREE(frame);
+			return status;
+		}
+
+		match = dsdb_trust_find_tln_match(info, dns);
+		if (!match) {
+			/*
+			 * First the TOP_LEVEL_NAME, if required
+			 */
+			e = (struct lsa_ForestTrustRecord) {
+				.flags = 0,
+				.type = LSA_FOREST_TRUST_TOP_LEVEL_NAME,
+				.time = 0, /* so far always 0 in traces. */
+			};
+
+			t = &e.forest_trust_data.top_level_name;
+			t->string = dns;
+
+			status = dsdb_trust_forest_info_add_record(info, &e);
+			if (!NT_STATUS_IS_OK(status)) {
+				TALLOC_FREE(frame);
+				return status;
+			}
+		}
+
+		/*
+		 * Then the DOMAIN_INFO
+		 */
+		e = (struct lsa_ForestTrustRecord) {
+			.flags = 0,
+			.type = LSA_FOREST_TRUST_DOMAIN_INFO,
+			.time = 0, /* so far always 0 in traces. */
+		};
+		d = &e.forest_trust_data.domain_info;
+		d->domain_sid = &sid;
+		d->dns_domain_name.string = dns;
+		d->netbios_domain_name.string = netbios;
+
+		status = dsdb_trust_forest_info_add_record(info, &e);
+		if (!NT_STATUS_IS_OK(status)) {
+			TALLOC_FREE(frame);
+			return status;
+		}
+	}
+
+	for (i=0; (tln_el != NULL) && i < tln_el->num_values; i++) {
+		const struct ldb_val *v = &tln_el->values[i];
+		const char *dns = (const char *)v->data;
+		struct lsa_ForestTrustRecord e = {
+			.flags = 0,
+		};
+		struct lsa_StringLarge *t = NULL;
+		bool match = false;
+		NTSTATUS status;
+
+		if (dns == NULL) {
+			TALLOC_FREE(frame);
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+
+		match = dsdb_trust_find_tln_match(info, dns);
+		if (match) {
+			continue;
+		}
+
+		/*
+		 * an additional the TOP_LEVEL_NAME
+		 */
+		e = (struct lsa_ForestTrustRecord) {
+			.flags = 0,
+			.type = LSA_FOREST_TRUST_TOP_LEVEL_NAME,
+			.time = 0, /* so far always 0 in traces. */
+		};
+		t = &e.forest_trust_data.top_level_name;
+		t->string = dns;
+
+		status = dsdb_trust_forest_info_add_record(info, &e);
+		if (!NT_STATUS_IS_OK(status)) {
+			TALLOC_FREE(frame);
+			return status;
+		}
+	}
+
+	for (i=0; i < info->count; restart ? i=0 : i++) {
+		struct lsa_ForestTrustRecord *tr = info->entries[i];
+		const struct lsa_StringLarge *ts = NULL;
+		uint32_t c;
+
+		restart = false;
+
+		if (tr->type != LSA_FOREST_TRUST_TOP_LEVEL_NAME) {
+			continue;
+		}
+
+		ts = &tr->forest_trust_data.top_level_name;
+
+		for (c = i + 1; c < info->count; c++) {
+			struct lsa_ForestTrustRecord *cr = info->entries[c];
+			const struct lsa_StringLarge *cs = NULL;
+			uint32_t j;
+			int cmp;
+
+			if (cr->type != LSA_FOREST_TRUST_TOP_LEVEL_NAME) {
+				continue;
+			}
+
+			cs = &cr->forest_trust_data.top_level_name;
+
+			cmp = dns_cmp(ts->string, cs->string);
+			if (DNS_CMP_IS_NO_MATCH(cmp)) {
+				continue;
+			}
+			if (cmp != DNS_CMP_FIRST_IS_CHILD) {
+				/* can't happen ... */
+				continue;
+			}
+
+			ts = NULL;
+			tr = NULL;
+			TALLOC_FREE(info->entries[i]);
+			info->entries[i] = info->entries[c];
+
+			for (j = c + 1; j < info->count; j++) {
+				info->entries[j-1] = info->entries[j];
+			}
+			info->count -= 1;
+			restart = true;
+			break;
+		}
+	}
+
+	*_info = talloc_move(mem_ctx, &info);
+	TALLOC_FREE(frame);
+	return NT_STATUS_OK;
+}
+
+NTSTATUS dsdb_trust_parse_tdo_info(TALLOC_CTX *mem_ctx,
+				   struct ldb_message *m,
+				   struct lsa_TrustDomainInfoInfoEx **_tdo)
+{
+	struct lsa_TrustDomainInfoInfoEx *tdo = NULL;
+	const char *dns = NULL;
+	const char *netbios = NULL;
+
+	*_tdo = NULL;
+
+	tdo = talloc_zero(mem_ctx, struct lsa_TrustDomainInfoInfoEx);
+	if (tdo == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	dns = ldb_msg_find_attr_as_string(m, "trustPartner", NULL);
+	if (dns == NULL) {
+		TALLOC_FREE(tdo);
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+	tdo->domain_name.string = talloc_strdup(tdo, dns);
+	if (tdo->domain_name.string == NULL) {
+		TALLOC_FREE(tdo);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	netbios = ldb_msg_find_attr_as_string(m, "flatName", NULL);
+	if (netbios == NULL) {
+		TALLOC_FREE(tdo);
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+	tdo->netbios_name.string = talloc_strdup(tdo, netbios);
+	if (tdo->netbios_name.string == NULL) {
+		TALLOC_FREE(tdo);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	tdo->sid = samdb_result_dom_sid(tdo, m, "securityIdentifier");
+	if (tdo->sid == NULL) {
+		TALLOC_FREE(tdo);
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	tdo->trust_type = ldb_msg_find_attr_as_uint(m, "trustType", 0);
+	tdo->trust_direction = ldb_msg_find_attr_as_uint(m, "trustDirection", 0);
+	tdo->trust_attributes = ldb_msg_find_attr_as_uint(m, "trustAttributes", 0);
+
+	*_tdo = tdo;
+	return NT_STATUS_OK;
+}
+
+NTSTATUS dsdb_trust_parse_forest_info(TALLOC_CTX *mem_ctx,
+				      struct ldb_message *m,
+				      struct ForestTrustInfo **_fti)
+{
+	const struct ldb_val *ft_blob = NULL;
+	struct ForestTrustInfo *fti = NULL;
+	enum ndr_err_code ndr_err;
+
+	*_fti = NULL;
+
+	ft_blob = ldb_msg_find_ldb_val(m, "msDS-TrustForestTrustInfo");
+	if (ft_blob == NULL) {
+		return NT_STATUS_NOT_FOUND;
+	}
+
+	fti = talloc_zero(mem_ctx, struct ForestTrustInfo);
+	if (fti == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* ldb_val is equivalent to DATA_BLOB */
+	ndr_err = ndr_pull_struct_blob_all(ft_blob, fti, fti,
+				(ndr_pull_flags_fn_t)ndr_pull_ForestTrustInfo);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		TALLOC_FREE(fti);
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	*_fti = fti;
+	return NT_STATUS_OK;
+}
+
+NTSTATUS dsdb_trust_normalize_forest_info_step1(TALLOC_CTX *mem_ctx,
+				const struct lsa_ForestTrustInformation *gfti,
+				struct lsa_ForestTrustInformation **_nfti)
+{
+	TALLOC_CTX *frame = talloc_stackframe();
+	struct lsa_ForestTrustInformation *nfti;
+	uint32_t n;
+
+	*_nfti = NULL;
+
+	nfti = talloc_zero(mem_ctx, struct lsa_ForestTrustInformation);
+	if (nfti == NULL) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_NO_MEMORY;
+	}
+	talloc_steal(frame, nfti);
+
+	/*
+	 * First we copy every record and remove possible trailing dots
+	 * from dns names.
+	 *
+	 * We also NULL out duplicates. The first one wins and
+	 * we keep 'count' as is. This is required in order to
+	 * provide the correct index for collision records.
+	 */
+	for (n = 0; n < gfti->count; n++) {
+		const struct lsa_ForestTrustRecord *gftr = gfti->entries[n];
+		struct lsa_ForestTrustRecord *nftr = NULL;
+		struct lsa_ForestTrustDomainInfo *ninfo = NULL;
+		struct lsa_StringLarge *ntln = NULL;
+		struct lsa_StringLarge *nnb = NULL;
+		struct dom_sid *nsid = NULL;
+		NTSTATUS status;
+		size_t len = 0;
+		char *p = NULL;
+		uint32_t c;
+
+		if (gftr == NULL) {
+			TALLOC_FREE(frame);
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		status = dsdb_trust_forest_info_add_record(nfti, gftr);
+		if (!NT_STATUS_IS_OK(status)) {
+			TALLOC_FREE(frame);
+			return status;
+		}
+
+		nftr = nfti->entries[n];
+
+		switch (nftr->type) {
+		case LSA_FOREST_TRUST_TOP_LEVEL_NAME:
+			ntln = &nftr->forest_trust_data.top_level_name;
+			break;
+
+		case LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX:
+			ntln = &nftr->forest_trust_data.top_level_name_ex;
+			break;
+
+		case LSA_FOREST_TRUST_DOMAIN_INFO:
+			ninfo = &nftr->forest_trust_data.domain_info;
+			ntln = &ninfo->dns_domain_name;
+			nnb = &ninfo->netbios_domain_name;
+			nsid = ninfo->domain_sid;
+			break;
+
+		default:
+			TALLOC_FREE(frame);
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		/*
+		 * We remove one trailing '.' before checking
+		 * for invalid dots.
+		 *
+		 * domain.com.  becomes domain.com
+		 * domain.com.. becomes domain.com.
+		 *
+		 * Then the following is invalid:
+		 *
+		 * domain..com
+		 * .domain.com
+		 * domain.com.
+		 */
+		len = strlen(ntln->string);
+		if (len > 1 && ntln->string[len - 1] == '.') {
+			const char *cp = &ntln->string[len - 1];
+			p = discard_const_p(char, cp);
+			*p= '\0';
+		}
+		if (ntln->string[0] == '.') {
+			TALLOC_FREE(frame);
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+		p = strstr_m(ntln->string, "..");
+		if (p != NULL) {
+			TALLOC_FREE(frame);
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		for (c = 0; c < n; c++) {
+			const struct lsa_ForestTrustRecord *cftr = nfti->entries[c];
+			const struct lsa_ForestTrustDomainInfo *cinfo = NULL;
+			const struct lsa_StringLarge *ctln = NULL;
+			const struct lsa_StringLarge *cnb = NULL;
+			const struct dom_sid *csid = NULL;
+			int cmp;
+
+			if (cftr == NULL) {
+				continue;
+			}
+
+			if (cftr->type != nftr->type) {
+				continue;
+			}
+
+			switch (cftr->type) {
+			case LSA_FOREST_TRUST_TOP_LEVEL_NAME:
+				ctln = &cftr->forest_trust_data.top_level_name;
+				break;
+
+			case LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX:
+				ctln = &cftr->forest_trust_data.top_level_name_ex;
+				break;
+
+			case LSA_FOREST_TRUST_DOMAIN_INFO:
+				cinfo = &cftr->forest_trust_data.domain_info;
+				ctln = &cinfo->dns_domain_name;
+				cnb = &cinfo->netbios_domain_name;
+				csid = cinfo->domain_sid;
+				break;
+
+			default:
+				TALLOC_FREE(frame);
+				return NT_STATUS_INVALID_PARAMETER;
+			}
+
+			cmp = dns_cmp(ntln->string, ctln->string);
+			if (cmp == DNS_CMP_MATCH) {
+				nftr = NULL;
+				TALLOC_FREE(nfti->entries[n]);
+				break;
+			}
+
+			if (cinfo == NULL) {
+				continue;
+			}
+
+			cmp = strcasecmp_m(nnb->string, cnb->string);
+			if (cmp == 0) {
+				nftr = NULL;
+				TALLOC_FREE(nfti->entries[n]);
+				break;
+			}
+
+			cmp = dom_sid_compare(nsid, csid);
+			if (cmp == 0) {
+				nftr = NULL;
+				TALLOC_FREE(nfti->entries[n]);
+				break;
+			}
+		}
+	}
+
+	/*
+	 * Now we check that only true top level names are provided
+	 */
+	for (n = 0; n < nfti->count; n++) {
+		const struct lsa_ForestTrustRecord *nftr = nfti->entries[n];
+		const struct lsa_StringLarge *ntln = NULL;
+		uint32_t c;
+
+		if (nftr == NULL) {
+			continue;
+		}
+
+		if (nftr->type != LSA_FOREST_TRUST_TOP_LEVEL_NAME) {
+			continue;
+		}
+
+		ntln = &nftr->forest_trust_data.top_level_name;
+
+		for (c = 0; c < nfti->count; c++) {
+			const struct lsa_ForestTrustRecord *cftr = nfti->entries[c];
+			const struct lsa_StringLarge *ctln = NULL;
+			int cmp;
+
+			if (cftr == NULL) {
+				continue;
+			}
+
+			if (cftr == nftr) {
+				continue;
+			}
+
+			if (cftr->type != nftr->type) {
+				continue;
+			}
+
+			ctln = &cftr->forest_trust_data.top_level_name;
+
+			cmp = dns_cmp(ntln->string, ctln->string);
+			if (DNS_CMP_IS_NO_MATCH(cmp)) {
+				continue;
+			}
+
+			TALLOC_FREE(frame);
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+	}
+
+	/*
+	 * Now we check that only true sub level excludes are provided
+	 */
+	for (n = 0; n < nfti->count; n++) {
+		const struct lsa_ForestTrustRecord *nftr = nfti->entries[n];
+		const struct lsa_StringLarge *ntln = NULL;
+		uint32_t c;
+		bool found_tln = false;
+
+		if (nftr == NULL) {
+			continue;
+		}
+
+		if (nftr->type != LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX) {
+			continue;
+		}
+
+		ntln = &nftr->forest_trust_data.top_level_name;
+
+		for (c = 0; c < nfti->count; c++) {
+			const struct lsa_ForestTrustRecord *cftr = nfti->entries[c];
+			const struct lsa_StringLarge *ctln = NULL;
+			int cmp;
+
+			if (cftr == NULL) {
+				continue;
+			}
+
+			if (cftr == nftr) {
+				continue;
+			}
+
+			if (cftr->type != LSA_FOREST_TRUST_TOP_LEVEL_NAME) {
+				continue;
+			}
+
+			ctln = &cftr->forest_trust_data.top_level_name;
+
+			cmp = dns_cmp(ntln->string, ctln->string);
+			if (cmp == DNS_CMP_FIRST_IS_CHILD) {
+				found_tln = true;
+				break;
+			}
+		}
+
+		if (found_tln) {
+			continue;
+		}
+
+		TALLOC_FREE(frame);
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/*
+	 * Now we check that there's a top level name for each domain
+	 */
+	for (n = 0; n < nfti->count; n++) {
+		const struct lsa_ForestTrustRecord *nftr = nfti->entries[n];
+		const struct lsa_ForestTrustDomainInfo *ninfo = NULL;
+		const struct lsa_StringLarge *ntln = NULL;
+		uint32_t c;
+		bool found_tln = false;
+
+		if (nftr == NULL) {
+			continue;
+		}
+
+		if (nftr->type != LSA_FOREST_TRUST_DOMAIN_INFO) {
+			continue;
+		}
+
+		ninfo = &nftr->forest_trust_data.domain_info;
+		ntln = &ninfo->dns_domain_name;
+
+		for (c = 0; c < nfti->count; c++) {
+			const struct lsa_ForestTrustRecord *cftr = nfti->entries[c];
+			const struct lsa_StringLarge *ctln = NULL;
+			int cmp;
+
+			if (cftr == NULL) {
+				continue;
+			}
+
+			if (cftr == nftr) {
+				continue;
+			}
+
+			if (cftr->type != LSA_FOREST_TRUST_TOP_LEVEL_NAME) {
+				continue;
+			}
+
+			ctln = &cftr->forest_trust_data.top_level_name;
+
+			cmp = dns_cmp(ntln->string, ctln->string);
+			if (cmp == DNS_CMP_MATCH) {
+				found_tln = true;
+				break;
+			}
+			if (cmp == DNS_CMP_FIRST_IS_CHILD) {
+				found_tln = true;
+				break;
+			}
+		}
+
+		if (found_tln) {
+			continue;
+		}
+
+		TALLOC_FREE(frame);
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	*_nfti = talloc_move(mem_ctx, &nfti);
+	TALLOC_FREE(frame);
+	return NT_STATUS_OK;
+}
+
+NTSTATUS dsdb_trust_normalize_forest_info_step2(TALLOC_CTX *mem_ctx,
+				const struct lsa_ForestTrustInformation *gfti,
+				struct lsa_ForestTrustInformation **_nfti)
+{
+	TALLOC_CTX *frame = talloc_stackframe();
+	struct timeval tv = timeval_current();
+	NTTIME now = timeval_to_nttime(&tv);
+	struct lsa_ForestTrustInformation *nfti;
+	uint32_t g;
+
+	*_nfti = NULL;
+
+	nfti = talloc_zero(mem_ctx, struct lsa_ForestTrustInformation);
+	if (nfti == NULL) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_NO_MEMORY;
+	}
+	talloc_steal(frame, nfti);
+
+	/*
+	 * Now we add TOP_LEVEL_NAME[_EX] in reverse order
+	 * followed by LSA_FOREST_TRUST_DOMAIN_INFO in reverse order.
+	 *
+	 * This also removes the possible NULL entries generated in step1.
+	 */
+
+	for (g = 0; g < gfti->count; g++) {
+		const struct lsa_ForestTrustRecord *gftr = gfti->entries[gfti->count - (g+1)];
+		struct lsa_ForestTrustRecord tftr;
+		bool skip = false;
+		NTSTATUS status;
+
+		if (gftr == NULL) {
+			continue;
+		}
+
+		switch (gftr->type) {
+		case LSA_FOREST_TRUST_TOP_LEVEL_NAME:
+		case LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX:
+			break;
+
+		case LSA_FOREST_TRUST_DOMAIN_INFO:
+			skip = true;
+			break;
+
+		default:
+			TALLOC_FREE(frame);
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		if (skip) {
+			continue;
+		}
+
+		/* make a copy in order to update the time. */
+		tftr = *gftr;
+		if (tftr.time == 0) {
+			tftr.time = now;
+		}
+
+		status = dsdb_trust_forest_info_add_record(nfti, &tftr);
+		if (!NT_STATUS_IS_OK(status)) {
+			TALLOC_FREE(frame);
+			return status;
+		}
+	}
+
+	for (g = 0; g < gfti->count; g++) {
+		const struct lsa_ForestTrustRecord *gftr = gfti->entries[gfti->count - (g+1)];
+		struct lsa_ForestTrustRecord tftr;
+		bool skip = false;
+		NTSTATUS status;
+
+		if (gftr == NULL) {
+			continue;
+		}
+
+		switch (gftr->type) {
+		case LSA_FOREST_TRUST_TOP_LEVEL_NAME:
+		case LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX:
+			skip = true;
+			break;
+
+		case LSA_FOREST_TRUST_DOMAIN_INFO:
+			break;
+
+		default:
+			TALLOC_FREE(frame);
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		if (skip) {
+			continue;
+		}
+
+		/* make a copy in order to update the time. */
+		tftr = *gftr;
+		if (tftr.time == 0) {
+			tftr.time = now;
+		}
+
+		status = dsdb_trust_forest_info_add_record(nfti, &tftr);
+		if (!NT_STATUS_IS_OK(status)) {
+			TALLOC_FREE(frame);
+			return status;
+		}
+	}
+
+	*_nfti = talloc_move(mem_ctx, &nfti);
+	TALLOC_FREE(frame);
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS dsdb_trust_add_collision(
+			struct lsa_ForestTrustCollisionInfo *c_info,
+			enum lsa_ForestTrustCollisionRecordType type,
+			uint32_t idx, uint32_t flags,
+			const char *tdo_name)
+{
+	struct lsa_ForestTrustCollisionRecord **es;
+	uint32_t i = c_info->count;
+
+	es = talloc_realloc(c_info, c_info->entries,
+			    struct lsa_ForestTrustCollisionRecord *, i + 1);
+	if (es == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	c_info->entries = es;
+	c_info->count = i + 1;
+
+	es[i] = talloc_zero(es, struct lsa_ForestTrustCollisionRecord);
+	if (es[i] == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	es[i]->index = idx;
+	es[i]->type = type;
+	es[i]->flags = flags;
+	es[i]->name.string = talloc_strdup(es[i], tdo_name);
+	if (es[i]->name.string == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS dsdb_trust_verify_forest_info(const struct lsa_TrustDomainInfoInfoEx *ref_tdo,
+				const struct lsa_ForestTrustInformation *ref_fti,
+				enum lsa_ForestTrustCollisionRecordType collision_type,
+				struct lsa_ForestTrustCollisionInfo *c_info,
+				struct lsa_ForestTrustInformation *new_fti)
+{
+	uint32_t n;
+
+	for (n = 0; n < new_fti->count; n++) {
+		struct lsa_ForestTrustRecord *nftr = new_fti->entries[n];
+		struct lsa_StringLarge *ntln = NULL;
+		bool ntln_excluded = false;
+		uint32_t flags = 0;
+		uint32_t r;
+		NTSTATUS status;
+
+		if (nftr == NULL) {
+			continue;
+		}
+
+		if (nftr->type != LSA_FOREST_TRUST_TOP_LEVEL_NAME) {
+			continue;
+		}
+
+		ntln = &nftr->forest_trust_data.top_level_name;
+		if (ntln->string == NULL) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		ntln_excluded = dsdb_trust_find_tln_ex_match(ref_fti,
+							     ntln->string);
+
+		/* check if this is already taken and not excluded */
+		for (r = 0; r < ref_fti->count; r++) {
+			const struct lsa_ForestTrustRecord *rftr =
+				ref_fti->entries[r];
+			const struct lsa_StringLarge *rtln = NULL;
+			int cmp;
+
+			if (rftr == NULL) {
+				continue;
+			}
+
+			if (rftr->type != LSA_FOREST_TRUST_TOP_LEVEL_NAME) {
+				continue;
+			}
+
+			rtln = &rftr->forest_trust_data.top_level_name;
+			if (rtln->string == NULL) {
+				continue;
+			}
+
+			cmp = dns_cmp(ntln->string, rtln->string);
+			if (DNS_CMP_IS_NO_MATCH(cmp)) {
+				continue;
+			}
+			if (cmp == DNS_CMP_MATCH) {
+				/* We need to normalize the string */
+				ntln->string = talloc_strdup(nftr,
+							     rtln->string);
+				if (ntln->string == NULL) {
+					return NT_STATUS_NO_MEMORY;
+				}
+			}
+
+			if (ntln_excluded) {
+				continue;
+			}
+
+			if (rftr->flags & LSA_TLN_DISABLED_MASK) {
+				continue;
+			}
+
+			if (nftr->flags & LSA_TLN_DISABLED_MASK) {
+				continue;
+			}
+
+			if (cmp == DNS_CMP_SECOND_IS_CHILD) {
+				bool m;
+
+				/*
+				 * If the conflicting tln is a child, check if
+				 * we have an exclusion record for it.
+				 */
+				m = dsdb_trust_find_tln_ex_match(new_fti,
+								 rtln->string);
+				if (m) {
+					continue;
+				}
+			}
+
+			flags |= LSA_TLN_DISABLED_CONFLICT;
+		}
+
+		if (flags == 0) {
+			continue;
+		}
+
+		nftr->flags |= flags;
+
+		status = dsdb_trust_add_collision(c_info,
+						  collision_type,
+						  n, nftr->flags,
+						  ref_tdo->domain_name.string);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+	}
+
+	for (n = 0; n < new_fti->count; n++) {
+		struct lsa_ForestTrustRecord *nftr = new_fti->entries[n];
+		struct lsa_ForestTrustDomainInfo *ninfo = NULL;
+		struct lsa_StringLarge *ntln = NULL;
+		struct lsa_StringLarge *nnb = NULL;
+		struct dom_sid *nsid = NULL;
+		bool ntln_found = false;
+		uint32_t flags = 0;
+		uint32_t r;
+		NTSTATUS status;
+
+		if (nftr == NULL) {
+			continue;
+		}
+
+		if (nftr->type != LSA_FOREST_TRUST_DOMAIN_INFO) {
+			continue;
+		}
+
+		ninfo = &nftr->forest_trust_data.domain_info;
+		ntln = &ninfo->dns_domain_name;
+		if (ntln->string == NULL) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+		nnb = &ninfo->netbios_domain_name;
+		if (nnb->string == NULL) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+		nsid = ninfo->domain_sid;
+		if (nsid == NULL) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		ntln_found = dsdb_trust_find_tln_match(ref_fti, ntln->string);
+
+		/* check if this is already taken and not excluded */
+		for (r = 0; r < ref_fti->count; r++) {
+			const struct lsa_ForestTrustRecord *rftr =
+				ref_fti->entries[r];
+			const struct lsa_ForestTrustDomainInfo *rinfo = NULL;
+			const struct lsa_StringLarge *rtln = NULL;
+			const struct lsa_StringLarge *rnb = NULL;
+			const struct dom_sid *rsid = NULL;
+			bool nb_possible = true;
+			bool sid_possible = true;
+			int cmp;
+
+			if (rftr == NULL) {
+				continue;
+			}
+
+			if (!ntln_found) {
+				/*
+				 * If the dns name doesn't match any existing
+				 * tln any conflict is ignored, but name
+				 * normalization still happens.
+				 *
+				 * I guess that's a bug in Windows
+				 * (tested with Windows 2012r2).
+				 */
+				nb_possible = false;
+				sid_possible = false;
+			}
+
+			if (nftr->flags & LSA_SID_DISABLED_MASK) {
+				sid_possible = false;
+			}
+
+			if (nftr->flags & LSA_NB_DISABLED_MASK) {
+				nb_possible = false;
+			}
+
+			switch (rftr->type) {
+			case LSA_FOREST_TRUST_TOP_LEVEL_NAME:
+				rtln = &rftr->forest_trust_data.top_level_name;
+				nb_possible = false;
+				sid_possible = false;
+				break;
+
+			case LSA_FOREST_TRUST_DOMAIN_INFO:
+				rinfo = &rftr->forest_trust_data.domain_info;
+				rtln = &rinfo->dns_domain_name;
+				rnb = &rinfo->netbios_domain_name;
+				rsid = rinfo->domain_sid;
+
+				if (rftr->flags & LSA_SID_DISABLED_MASK) {
+					sid_possible = false;
+				}
+
+				if (rftr->flags & LSA_NB_DISABLED_MASK) {
+					nb_possible = false;
+				}
+				break;
+
+			default:
+				break;
+			}
+
+			if (rtln == NULL) {
+				continue;
+			}
+
+			if (rtln->string == NULL) {
+				continue;
+			}
+
+			cmp = dns_cmp(ntln->string, rtln->string);
+			if (DNS_CMP_IS_NO_MATCH(cmp)) {
+				nb_possible = false;
+				sid_possible = false;
+			}
+			if (cmp == DNS_CMP_MATCH) {
+				/* We need to normalize the string */
+				ntln->string = talloc_strdup(nftr,
+							     rtln->string);
+				if (ntln->string == NULL) {
+					return NT_STATUS_NO_MEMORY;
+				}
+			}
+
+			if (rinfo == NULL) {
+				continue;
+			}
+
+			if (rsid != NULL) {
+				cmp = dom_sid_compare(nsid, rsid);
+			} else {
+				cmp = -1;
+			}
+			if (cmp == 0) {
+				if (sid_possible) {
+					flags |= LSA_SID_DISABLED_CONFLICT;
+				}
+			}
+
+			if (rnb->string != NULL) {
+				cmp = strcasecmp_m(nnb->string, rnb->string);
+			} else {
+				cmp = -1;
+			}
+			if (cmp == 0) {
+				nnb->string = talloc_strdup(nftr, rnb->string);
+				if (nnb->string == NULL) {
+					return NT_STATUS_NO_MEMORY;
+				}
+				if (nb_possible) {
+					flags |= LSA_NB_DISABLED_CONFLICT;
+				}
+			}
+		}
+
+		if (flags == 0) {
+			continue;
+		}
+
+		nftr->flags |= flags;
+
+		status = dsdb_trust_add_collision(c_info,
+						  collision_type,
+						  n, nftr->flags,
+						  ref_tdo->domain_name.string);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+	}
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS dsdb_trust_merge_forest_info(TALLOC_CTX *mem_ctx,
+				const struct lsa_TrustDomainInfoInfoEx *tdo,
+				const struct lsa_ForestTrustInformation *ofti,
+				const struct lsa_ForestTrustInformation *nfti,
+				struct lsa_ForestTrustInformation **_mfti)
+{
+	TALLOC_CTX *frame = talloc_stackframe();
+	struct lsa_ForestTrustInformation *mfti = NULL;
+	uint32_t ni;
+	uint32_t oi;
+	NTSTATUS status;
+	int cmp;
+
+	*_mfti = NULL;
+	mfti = talloc_zero(mem_ctx, struct lsa_ForestTrustInformation);
+	if (mfti == NULL) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_NO_MEMORY;
+	}
+	talloc_steal(frame, mfti);
+
+	/*
+	 * First we add all top unique level names.
+	 *
+	 * The one matching the tdo dns name, will be
+	 * added without further checking. All others
+	 * may keep the flags and time values.
+	 */
+	for (ni = 0; ni < nfti->count; ni++) {
+		const struct lsa_ForestTrustRecord *nftr = nfti->entries[ni];
+		struct lsa_ForestTrustRecord tftr = {
+			.flags = 0,
+		};
+		const char *ndns = NULL;
+		bool ignore_new = false;
+		bool found_old = false;
+		uint32_t mi;
+
+		if (nftr == NULL) {
+			TALLOC_FREE(frame);
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		if (nftr->type != LSA_FOREST_TRUST_TOP_LEVEL_NAME) {
+			continue;
+		}
+
+		ndns = nftr->forest_trust_data.top_level_name.string;
+		if (ndns == NULL) {
+			TALLOC_FREE(frame);
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		cmp = dns_cmp(tdo->domain_name.string, ndns);
+		if (cmp == DNS_CMP_MATCH) {
+			status = dsdb_trust_forest_info_add_record(mfti, nftr);
+			if (!NT_STATUS_IS_OK(status)) {
+				TALLOC_FREE(frame);
+				return status;
+			}
+		}
+
+		for (mi = 0; mi < mfti->count; mi++) {
+			const struct lsa_ForestTrustRecord *mftr =
+				mfti->entries[mi];
+			const char *mdns = NULL;
+
+			/*
+			 * we just added this above, so we're sure to have a
+			 * valid LSA_FOREST_TRUST_TOP_LEVEL_NAME record
+			 */
+			mdns = mftr->forest_trust_data.top_level_name.string;
+
+			cmp = dns_cmp(mdns, ndns);
+			switch (cmp) {
+			case DNS_CMP_MATCH:
+			case DNS_CMP_SECOND_IS_CHILD:
+				ignore_new = true;
+				break;
+			}
+
+			if (ignore_new) {
+				break;
+			}
+		}
+
+		if (ignore_new) {
+			continue;
+		}
+
+		/*
+		 * make a temporary copy where we can change time and flags
+		 */
+		tftr = *nftr;
+
+		for (oi = 0; oi < ofti->count; oi++) {
+			const struct lsa_ForestTrustRecord *oftr =
+				ofti->entries[oi];
+			const char *odns = NULL;
+
+			if (oftr == NULL) {
+				/*
+				 * broken record => ignore...
+				 */
+				continue;
+			}
+
+			if (oftr->type != LSA_FOREST_TRUST_TOP_LEVEL_NAME) {
+				continue;
+			}
+
+			odns = oftr->forest_trust_data.top_level_name.string;
+			if (odns == NULL) {
+				/*
+				 * broken record => ignore...
+				 */
+				continue;
+			}
+
+			cmp = dns_cmp(odns, ndns);
+			if (cmp != DNS_CMP_MATCH) {
+				continue;
+			}
+
+			found_old = true;
+			tftr.flags = oftr->flags;
+			tftr.time = oftr->time;
+		}
+
+		if (!found_old) {
+			tftr.flags = LSA_TLN_DISABLED_NEW;
+			tftr.time = 0;
+		}
+
+		status = dsdb_trust_forest_info_add_record(mfti, &tftr);
+		if (!NT_STATUS_IS_OK(status)) {
+			TALLOC_FREE(frame);
+			return status;
+		}
+	}
+
+	/*
+	 * Now we add all unique (based on their SID) domains
+	 * and may keep the flags and time values.
+	 */
+	for (ni = 0; ni < nfti->count; ni++) {
+		const struct lsa_ForestTrustRecord *nftr = nfti->entries[ni];
+		struct lsa_ForestTrustRecord tftr = {
+			.flags = 0,
+		};
+		const struct lsa_ForestTrustDomainInfo *nd = NULL;
+		const char *ndns = NULL;
+		const char *nnbt = NULL;
+		bool ignore_new = false;
+		bool found_old = false;
+		uint32_t mi;
+
+		if (nftr == NULL) {
+			TALLOC_FREE(frame);
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		if (nftr->type != LSA_FOREST_TRUST_DOMAIN_INFO) {
+			continue;
+		}
+
+		nd = &nftr->forest_trust_data.domain_info;
+		if (nd->domain_sid == NULL) {
+			TALLOC_FREE(frame);
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+		ndns = nd->dns_domain_name.string;
+		if (ndns == NULL) {
+			TALLOC_FREE(frame);
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+		nnbt = nd->netbios_domain_name.string;
+		if (nnbt == NULL) {
+			TALLOC_FREE(frame);
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		for (mi = 0; mi < mfti->count; mi++) {
+			const struct lsa_ForestTrustRecord *mftr =
+				mfti->entries[mi];
+			const struct lsa_ForestTrustDomainInfo *md = NULL;
+
+			if (mftr->type != LSA_FOREST_TRUST_DOMAIN_INFO) {
+				continue;
+			}
+
+			/*
+			 * we just added this above, so we're sure to have a
+			 * valid LSA_FOREST_TRUST_DOMAIN_INFO record
+			 */
+			md = &mftr->forest_trust_data.domain_info;
+
+			cmp = dom_sid_compare(nd->domain_sid, md->domain_sid);
+			if (cmp == 0) {
+				ignore_new = true;
+				break;
+			}
+		}
+
+		if (ignore_new) {
+			continue;
+		}
+
+		/*
+		 * make a temporary copy where we can change time and flags
+		 */
+		tftr = *nftr;
+
+		for (oi = 0; oi < ofti->count; oi++) {
+			const struct lsa_ForestTrustRecord *oftr =
+				ofti->entries[oi];
+			const struct lsa_ForestTrustDomainInfo *od = NULL;
+			const char *onbt = NULL;
+
+			if (oftr == NULL) {
+				/*
+				 * broken record => ignore...
+				 */
+				continue;
+			}
+
+			if (oftr->type != LSA_FOREST_TRUST_DOMAIN_INFO) {
+				continue;
+			}
+
+			od = &oftr->forest_trust_data.domain_info;
+			onbt = od->netbios_domain_name.string;
+			if (onbt == NULL) {
+				/*
+				 * broken record => ignore...
+				 */
+				continue;
+			}
+
+			cmp = strcasecmp(onbt, nnbt);
+			if (cmp != 0) {
+				continue;
+			}
+
+			found_old = true;
+			tftr.flags = oftr->flags;
+			tftr.time = oftr->time;
+		}
+
+		if (!found_old) {
+			tftr.flags = 0;
+			tftr.time = 0;
+		}
+
+		status = dsdb_trust_forest_info_add_record(mfti, &tftr);
+		if (!NT_STATUS_IS_OK(status)) {
+			TALLOC_FREE(frame);
+			return status;
+		}
+	}
+
+	/*
+	 * We keep old domain records disabled by the admin
+	 * if not already in the list.
+	 */
+	for (oi = 0; oi < ofti->count; oi++) {
+		const struct lsa_ForestTrustRecord *oftr =
+			ofti->entries[oi];
+		const struct lsa_ForestTrustDomainInfo *od = NULL;
+		const char *odns = NULL;
+		const char *onbt = NULL;
+		bool ignore_old = true;
+		uint32_t mi;
+
+		if (oftr == NULL) {
+			/*
+			 * broken record => ignore...
+			 */
+			continue;
+		}
+
+		if (oftr->type != LSA_FOREST_TRUST_DOMAIN_INFO) {
+			continue;
+		}
+
+		od = &oftr->forest_trust_data.domain_info;
+		odns = od->dns_domain_name.string;
+		if (odns == NULL) {
+			/*
+			 * broken record => ignore...
+			 */
+			continue;
+		}
+		onbt = od->netbios_domain_name.string;
+		if (onbt == NULL) {
+			/*
+			 * broken record => ignore...
+			 */
+			continue;
+		}
+		if (od->domain_sid == NULL) {
+			/*
+			 * broken record => ignore...
+			 */
+			continue;
+		}
+
+		if (oftr->flags & LSA_NB_DISABLED_ADMIN) {
+			ignore_old = false;
+		} else if (oftr->flags & LSA_SID_DISABLED_ADMIN) {
+			ignore_old = false;
+		}
+
+		for (mi = 0; mi < mfti->count; mi++) {
+			const struct lsa_ForestTrustRecord *mftr =
+				mfti->entries[mi];
+			const struct lsa_ForestTrustDomainInfo *md = NULL;
+
+			if (mftr->type != LSA_FOREST_TRUST_DOMAIN_INFO) {
+				continue;
+			}
+
+			/*
+			 * we just added this above, so we're sure to have a
+			 * valid LSA_FOREST_TRUST_DOMAIN_INFO record
+			 */
+			md = &mftr->forest_trust_data.domain_info;
+
+			cmp = dom_sid_compare(od->domain_sid, md->domain_sid);
+			if (cmp == 0) {
+				ignore_old = true;
+				break;
+			}
+		}
+
+		if (ignore_old) {
+			continue;
+		}
+
+		status = dsdb_trust_forest_info_add_record(mfti, oftr);
+		if (!NT_STATUS_IS_OK(status)) {
+			TALLOC_FREE(frame);
+			return status;
+		}
+	}
+
+	/*
+	 * Finally we readd top level exclusions,
+	 * if they still match a top level name.
+	 */
+	for (oi = 0; oi < ofti->count; oi++) {
+		const struct lsa_ForestTrustRecord *oftr =
+			ofti->entries[oi];
+		const char *odns = NULL;
+		bool ignore_old = false;
+		uint32_t mi;
+
+		if (oftr == NULL) {
+			/*
+			 * broken record => ignore...
+			 */
+			continue;
+		}
+
+		if (oftr->type != LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX) {
+			continue;
+		}
+
+		odns = oftr->forest_trust_data.top_level_name_ex.string;
+		if (odns == NULL) {
+			/*
+			 * broken record => ignore...
+			 */
+			continue;
+		}
+
+		for (mi = 0; mi < mfti->count; mi++) {
+			const struct lsa_ForestTrustRecord *mftr =
+				mfti->entries[mi];
+			const char *mdns = NULL;
+
+			if (mftr->type != LSA_FOREST_TRUST_TOP_LEVEL_NAME) {
+				continue;
+			}
+
+			/*
+			 * we just added this above, so we're sure to have a
+			 * valid LSA_FOREST_TRUST_TOP_LEVEL_NAME.
+			 */
+			mdns = mftr->forest_trust_data.top_level_name.string;
+
+			cmp = dns_cmp(mdns, odns);
+			switch (cmp) {
+			case DNS_CMP_MATCH:
+			case DNS_CMP_SECOND_IS_CHILD:
+				break;
+			default:
+				ignore_old = true;
+				break;
+			}
+
+			if (ignore_old) {
+				break;
+			}
+		}
+
+		if (ignore_old) {
+			continue;
+		}
+
+		status = dsdb_trust_forest_info_add_record(mfti, oftr);
+		if (!NT_STATUS_IS_OK(status)) {
+			TALLOC_FREE(frame);
+			return status;
+		}
+	}
+
+	*_mfti = talloc_move(mem_ctx, &mfti);
+	TALLOC_FREE(frame);
+	return NT_STATUS_OK;
+}
+
+NTSTATUS dsdb_trust_search_tdo(struct ldb_context *sam_ctx,
+			       const char *netbios, const char *dns,
+			       const char * const *attrs,
+			       TALLOC_CTX *mem_ctx,
+			       struct ldb_message **msg)
+{
+	TALLOC_CTX *frame = talloc_stackframe();
+	int ret;
+	struct ldb_dn *system_dn = NULL;
+	char *netbios_encoded = NULL;
+	char *dns_encoded = NULL;
+	char *filter = NULL;
+
+	*msg = NULL;
+
+	if (netbios == NULL && dns == NULL) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_INVALID_PARAMETER_MIX;
+	}
+
+	system_dn = samdb_system_container_dn(sam_ctx, frame);
+	if (system_dn == NULL) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (netbios != NULL) {
+		netbios_encoded = ldb_binary_encode_string(frame, netbios);
+		if (netbios_encoded == NULL) {
+			TALLOC_FREE(frame);
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
+	if (dns != NULL) {
+		dns_encoded = ldb_binary_encode_string(frame, dns);
+		if (dns_encoded == NULL) {
+			TALLOC_FREE(frame);
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
+	if (netbios != NULL && dns != NULL) {
+		filter = talloc_asprintf(frame,
+				"(&(objectClass=trustedDomain)"
+				  "(|(trustPartner=%s)(flatName=%s))"
+				")",
+				dns_encoded, netbios_encoded);
+		if (filter == NULL) {
+			TALLOC_FREE(frame);
+			return NT_STATUS_NO_MEMORY;
+		}
+	} else if (netbios != NULL) {
+		filter = talloc_asprintf(frame,
+				"(&(objectClass=trustedDomain)(flatName=%s))",
+				netbios_encoded);
+		if (filter == NULL) {
+			TALLOC_FREE(frame);
+			return NT_STATUS_NO_MEMORY;
+		}
+	} else if (dns != NULL) {
+		filter = talloc_asprintf(frame,
+				"(&(objectClass=trustedDomain)(trustPartner=%s))",
+				dns_encoded);
+		if (filter == NULL) {
+			TALLOC_FREE(frame);
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
+	ret = dsdb_search_one(sam_ctx, mem_ctx, msg,
+			      system_dn,
+			      LDB_SCOPE_ONELEVEL, attrs,
+			      DSDB_SEARCH_NO_GLOBAL_CATALOG,
+			      "%s", filter);
+	if (ret != LDB_SUCCESS) {
+		NTSTATUS status = dsdb_ldb_err_to_ntstatus(ret);
+		DEBUG(3, ("Failed to search for %s: %s - %s\n",
+			  filter, nt_errstr(status), ldb_errstring(sam_ctx)));
+		TALLOC_FREE(frame);
+		return status;
+	}
+
+	TALLOC_FREE(frame);
+	return NT_STATUS_OK;
+}
+
+NTSTATUS dsdb_trust_search_tdo_by_type(struct ldb_context *sam_ctx,
+				       enum netr_SchannelType type,
+				       const char *name,
+				       const char * const *attrs,
+				       TALLOC_CTX *mem_ctx,
+				       struct ldb_message **msg)
+{
+	TALLOC_CTX *frame = talloc_stackframe();
+	NTSTATUS status;
+	size_t len;
+	char trailer = '$';
+	bool require_trailer = true;
+	char *encoded_name = NULL;
+	const char *netbios = NULL;
+	const char *dns = NULL;
+
+	if (type != SEC_CHAN_DOMAIN && type != SEC_CHAN_DNS_DOMAIN) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (type == SEC_CHAN_DNS_DOMAIN) {
+		trailer = '.';
+		require_trailer = false;
+	}
+
+	encoded_name = ldb_binary_encode_string(frame, name);
+	if (encoded_name == NULL) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	len = strlen(encoded_name);
+	if (len < 2) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	if (require_trailer && encoded_name[len - 1] != trailer) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+	encoded_name[len - 1] = '\0';
+
+	if (type == SEC_CHAN_DNS_DOMAIN) {
+		dns = encoded_name;
+	} else {
+		netbios = encoded_name;
+	}
+
+	status = dsdb_trust_search_tdo(sam_ctx, netbios, dns,
+				       attrs, mem_ctx, msg);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(frame);
+		return status;
+	}
+
+	TALLOC_FREE(frame);
+	return NT_STATUS_OK;
+}
+
+NTSTATUS dsdb_trust_search_tdo_by_sid(struct ldb_context *sam_ctx,
+				      const struct dom_sid *sid,
+				      const char * const *attrs,
+				      TALLOC_CTX *mem_ctx,
+				      struct ldb_message **msg)
+{
+	TALLOC_CTX *frame = talloc_stackframe();
+	int ret;
+	struct ldb_dn *system_dn = NULL;
+	char *encoded_sid = NULL;
+	char *filter = NULL;
+
+	*msg = NULL;
+
+	if (sid == NULL) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_INVALID_PARAMETER_MIX;
+	}
+
+	encoded_sid = ldap_encode_ndr_dom_sid(frame, sid);
+	if (encoded_sid == NULL) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	system_dn = samdb_system_container_dn(sam_ctx, frame);
+	if (system_dn == NULL) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	filter = talloc_asprintf(frame,
+				"(&"
+				  "(objectClass=trustedDomain)"
+				  "(securityIdentifier=%s)"
+				")",
+				encoded_sid);
+	if (filter == NULL) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ret = dsdb_search_one(sam_ctx, mem_ctx, msg,
+			      system_dn,
+			      LDB_SCOPE_ONELEVEL, attrs,
+			      DSDB_SEARCH_NO_GLOBAL_CATALOG,
+			      "%s", filter);
+	if (ret != LDB_SUCCESS) {
+		NTSTATUS status = dsdb_ldb_err_to_ntstatus(ret);
+		DEBUG(3, ("Failed to search for %s: %s - %s\n",
+			  filter, nt_errstr(status), ldb_errstring(sam_ctx)));
+		TALLOC_FREE(frame);
+		return status;
+	}
+
+	TALLOC_FREE(frame);
+	return NT_STATUS_OK;
+}
+
+NTSTATUS dsdb_trust_get_incoming_passwords(struct ldb_message *msg,
+					   TALLOC_CTX *mem_ctx,
+					   struct samr_Password **_current,
+					   struct samr_Password **_previous)
+{
+	TALLOC_CTX *frame = talloc_stackframe();
+	struct samr_Password __current = {
+		.hash = {0},
+	};
+	struct samr_Password __previous = {
+		.hash = {0},
+	};
+	struct samr_Password *current = NULL;
+	struct samr_Password *previous = NULL;
+	const struct ldb_val *blob = NULL;
+	enum ndr_err_code ndr_err;
+	struct trustAuthInOutBlob incoming = {
+		.count = 0,
+	};
+	uint32_t i;
+
+	if (_current != NULL) {
+		*_current = NULL;
+	}
+	if (_previous != NULL) {
+		*_previous = NULL;
+	}
+
+	blob = ldb_msg_find_ldb_val(msg, "trustAuthIncoming");
+	if (blob == NULL) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_ACCOUNT_DISABLED;
+	}
+
+	/* ldb_val is equivalent to DATA_BLOB */
+	ndr_err = ndr_pull_struct_blob_all(blob, frame, &incoming,
+				(ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	for (i = 0; i < incoming.current.count; i++) {
+		struct AuthenticationInformation *a =
+			&incoming.current.array[i];
+
+		if (current != NULL) {
+			break;
+		}
+
+		switch (a->AuthType) {
+		case TRUST_AUTH_TYPE_NONE:
+		case TRUST_AUTH_TYPE_VERSION:
+			break;
+		case TRUST_AUTH_TYPE_NT4OWF:
+			current = &a->AuthInfo.nt4owf.password;
+			break;
+		case TRUST_AUTH_TYPE_CLEAR:
+			mdfour(__current.hash,
+			       a->AuthInfo.clear.password,
+			       a->AuthInfo.clear.size);
+			current = &__current;
+			break;
+		}
+	}
+
+	if (current == NULL) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	for (i = 0; i < incoming.previous.count; i++) {
+		struct AuthenticationInformation *a =
+			&incoming.previous.array[i];
+
+		if (previous != NULL) {
+			break;
+		}
+
+		switch (a->AuthType) {
+		case TRUST_AUTH_TYPE_NONE:
+		case TRUST_AUTH_TYPE_VERSION:
+			break;
+		case TRUST_AUTH_TYPE_NT4OWF:
+			previous = &a->AuthInfo.nt4owf.password;
+			break;
+		case TRUST_AUTH_TYPE_CLEAR:
+			mdfour(__previous.hash,
+			       a->AuthInfo.clear.password,
+			       a->AuthInfo.clear.size);
+			previous = &__previous;
+			break;
+		}
+	}
+
+	if (previous == NULL) {
+		previous = current;
+	}
+
+	if (_current != NULL) {
+		*_current = talloc_memdup(mem_ctx, current, sizeof(*current));
+		if (*_current == NULL) {
+			TALLOC_FREE(frame);
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+	if (_previous != NULL) {
+		*_previous =
+			talloc_memdup(mem_ctx, previous, sizeof(*previous));
+		if (*_previous == NULL) {
+			if (_current != NULL) {
+				TALLOC_FREE(*_current);
+			}
+			TALLOC_FREE(frame);
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+	ZERO_STRUCTP(current);
+	ZERO_STRUCTP(previous);
+	TALLOC_FREE(frame);
+	return NT_STATUS_OK;
+}
+
+NTSTATUS dsdb_trust_search_tdos(struct ldb_context *sam_ctx,
+				const char *exclude,
+				const char * const *attrs,
+				TALLOC_CTX *mem_ctx,
+				struct ldb_result **res)
+{
+	TALLOC_CTX *frame = talloc_stackframe();
+	int ret;
+	struct ldb_dn *system_dn = NULL;
+	const char *filter = NULL;
+	char *exclude_encoded = NULL;
+
+	*res = NULL;
+
+	system_dn = samdb_system_container_dn(sam_ctx, frame);
+	if (system_dn == NULL) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (exclude != NULL) {
+		exclude_encoded = ldb_binary_encode_string(frame, exclude);
+		if (exclude_encoded == NULL) {
+			TALLOC_FREE(frame);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		filter = talloc_asprintf(frame,
+				"(&(objectClass=trustedDomain)"
+				  "(!(|(trustPartner=%s)(flatName=%s)))"
+				")",
+				exclude_encoded, exclude_encoded);
+		if (filter == NULL) {
+			TALLOC_FREE(frame);
+			return NT_STATUS_NO_MEMORY;
+		}
+	} else {
+		filter = "(objectClass=trustedDomain)";
+	}
+
+	ret = dsdb_search(sam_ctx, mem_ctx, res,
+			  system_dn,
+			  LDB_SCOPE_ONELEVEL, attrs,
+			  DSDB_SEARCH_NO_GLOBAL_CATALOG,
+			  "%s", filter);
+	if (ret != LDB_SUCCESS) {
+		NTSTATUS status = dsdb_ldb_err_to_ntstatus(ret);
+		DEBUG(3, ("Failed to search for %s: %s - %s\n",
+			  filter, nt_errstr(status), ldb_errstring(sam_ctx)));
+		TALLOC_FREE(frame);
+		return status;
+	}
+
+	TALLOC_FREE(frame);
+	return NT_STATUS_OK;
+}
+
+struct dsdb_trust_routing_domain;
+
+struct dsdb_trust_routing_table {
+	struct dsdb_trust_routing_domain *domains;
+};
+
+struct dsdb_trust_routing_domain {
+	struct dsdb_trust_routing_domain *prev, *next;
+
+	struct lsa_TrustDomainInfoInfoEx *tdo;
+
+	struct lsa_ForestTrustDomainInfo di;
+
+	struct lsa_ForestTrustInformation *fti;
+};
+
+NTSTATUS dsdb_trust_routing_table_load(struct ldb_context *sam_ctx,
+				       TALLOC_CTX *mem_ctx,
+				       struct dsdb_trust_routing_table **_table)
+{
+	TALLOC_CTX *frame = talloc_stackframe();
+	struct dsdb_trust_routing_table *table;
+	struct dsdb_trust_routing_domain *d = NULL;
+	struct ldb_dn *domain_dn = NULL;
+	struct lsa_TrustDomainInfoInfoEx *root_trust_tdo = NULL;
+	struct lsa_TrustDomainInfoInfoEx *trust_parent_tdo = NULL;
+	struct lsa_TrustDomainInfoInfoEx *root_direction_tdo = NULL;
+	const char * const trusts_attrs[] = {
+		"securityIdentifier",
+		"flatName",
+		"trustPartner",
+		"trustAttributes",
+		"trustDirection",
+		"trustType",
+		"msDS-TrustForestTrustInfo",
+		NULL
+	};
+	struct ldb_result *trusts_res = NULL;
+	unsigned int i;
+	NTSTATUS status;
+
+	*_table = NULL;
+
+	domain_dn = ldb_get_default_basedn(sam_ctx);
+	if (domain_dn == NULL) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	table = talloc_zero(mem_ctx, struct dsdb_trust_routing_table);
+	if (table == NULL) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_NO_MEMORY;
+	}
+	talloc_steal(frame, table);
+
+	d = talloc_zero(table, struct dsdb_trust_routing_domain);
+	if (d == NULL) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	status = dsdb_trust_crossref_tdo_info(d, sam_ctx,
+					      domain_dn, NULL,
+					      &d->tdo,
+					      &root_trust_tdo,
+					      &trust_parent_tdo);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(frame);
+		return status;
+	}
+
+	/*
+	 * d->tdo should not be NULL of status above is 'NT_STATUS_OK'
+	 * check is needed to satisfy clang static checker
+	*/
+	if (d->tdo == NULL) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_NO_MEMORY;
+	}
+	d->di.domain_sid = d->tdo->sid;
+	d->di.netbios_domain_name.string = d->tdo->netbios_name.string;
+	d->di.dns_domain_name.string = d->tdo->domain_name.string;
+
+	if (root_trust_tdo != NULL) {
+		root_direction_tdo = root_trust_tdo;
+	} else if (trust_parent_tdo != NULL) {
+		root_direction_tdo = trust_parent_tdo;
+	}
+
+	if (root_direction_tdo == NULL) {
+		/* we're the forest root */
+		status = dsdb_trust_xref_forest_info(d, sam_ctx, &d->fti);
+		if (!NT_STATUS_IS_OK(status)) {
+			TALLOC_FREE(frame);
+			return status;
+		}
+	}
+
+	DLIST_ADD(table->domains, d);
+
+	status = dsdb_trust_search_tdos(sam_ctx, NULL, trusts_attrs,
+					frame, &trusts_res);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(frame);
+		return status;
+	}
+
+	for (i = 0; i < trusts_res->count; i++) {
+		bool ok;
+		int cmp;
+
+		d = talloc_zero(table, struct dsdb_trust_routing_domain);
+		if (d == NULL) {
+			TALLOC_FREE(frame);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		status = dsdb_trust_parse_tdo_info(d,
+						   trusts_res->msgs[i],
+						   &d->tdo);
+		if (!NT_STATUS_IS_OK(status)) {
+			TALLOC_FREE(frame);
+			return status;
+		}
+
+		d->di.domain_sid = d->tdo->sid;
+		d->di.netbios_domain_name.string = d->tdo->netbios_name.string;
+		d->di.dns_domain_name.string = d->tdo->domain_name.string;
+
+		DLIST_ADD_END(table->domains, d);
+
+		if (d->tdo->trust_attributes & LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) {
+			struct ForestTrustInfo *fti = NULL;
+
+			status = dsdb_trust_parse_forest_info(frame,
+							      trusts_res->msgs[i],
+							      &fti);
+			if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
+				fti = NULL;
+				status = NT_STATUS_OK;
+			}
+			if (!NT_STATUS_IS_OK(status)) {
+				TALLOC_FREE(frame);
+				return status;
+			}
+
+			if (fti == NULL) {
+				continue;
+			}
+
+			status = dsdb_trust_forest_info_to_lsa(d, fti, &d->fti);
+			if (!NT_STATUS_IS_OK(status)) {
+				TALLOC_FREE(frame);
+				return status;
+			}
+
+			continue;
+		}
+
+		if (!(d->tdo->trust_attributes & LSA_TRUST_ATTRIBUTE_WITHIN_FOREST)) {
+			continue;
+		}
+
+		if (root_direction_tdo == NULL) {
+			continue;
+		}
+
+		ok = dom_sid_equal(root_direction_tdo->sid, d->tdo->sid);
+		if (!ok) {
+			continue;
+		}
+
+		cmp = strcasecmp_m(root_direction_tdo->netbios_name.string,
+				   d->tdo->netbios_name.string);
+		if (cmp != 0) {
+			continue;
+		}
+
+		cmp = strcasecmp_m(root_direction_tdo->domain_name.string,
+				   d->tdo->domain_name.string);
+		if (cmp != 0) {
+			continue;
+		}
+
+		/* this our route to the forest root */
+		status = dsdb_trust_xref_forest_info(d, sam_ctx, &d->fti);
+		if (!NT_STATUS_IS_OK(status)) {
+			TALLOC_FREE(frame);
+			return status;
+		}
+	}
+
+	*_table = talloc_move(mem_ctx, &table);
+	TALLOC_FREE(frame);
+	return NT_STATUS_OK;
+}
+
+static void dsdb_trust_update_best_tln(
+	const struct dsdb_trust_routing_domain **best_d,
+	const char **best_tln,
+	const struct dsdb_trust_routing_domain *d,
+	const char *tln)
+{
+	int cmp;
+
+	if (*best_tln == NULL) {
+		*best_tln = tln;
+		*best_d = d;
+		return;
+	}
+
+	cmp = dns_cmp(*best_tln, tln);
+	if (cmp != DNS_CMP_FIRST_IS_CHILD) {
+		return;
+	}
+
+	*best_tln = tln;
+	*best_d = d;
+}
+
+const struct lsa_TrustDomainInfoInfoEx *dsdb_trust_routing_by_name(
+		const struct dsdb_trust_routing_table *table,
+		const char *name)
+{
+	const struct dsdb_trust_routing_domain *best_d = NULL;
+	const char *best_tln = NULL;
+	const struct dsdb_trust_routing_domain *d = NULL;
+
+	if (name == NULL) {
+		return NULL;
+	}
+
+	for (d = table->domains; d != NULL; d = d->next) {
+		bool transitive = false;
+		bool allow_netbios = false;
+		bool exclude = false;
+		uint32_t i;
+
+		if (d->tdo->trust_type != LSA_TRUST_TYPE_UPLEVEL) {
+			/*
+			 * Only uplevel trusts have top level names
+			 */
+			continue;
+		}
+
+		if (d->tdo->trust_attributes & LSA_TRUST_ATTRIBUTE_WITHIN_FOREST) {
+			transitive = true;
+		}
+
+		if (d->tdo->trust_attributes & LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) {
+			transitive = true;
+		}
+
+		if (d->tdo->trust_attributes & LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE) {
+			transitive = false;
+		}
+
+		if (d->tdo->trust_type != LSA_TRUST_TYPE_UPLEVEL) {
+			transitive = false;
+		}
+
+		switch (d->tdo->trust_type) {
+		case LSA_TRUST_TYPE_UPLEVEL:
+			if (d->tdo->trust_attributes & LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY) {
+				break;
+			}
+			allow_netbios = true;
+			break;
+		case LSA_TRUST_TYPE_DOWNLEVEL:
+			allow_netbios = true;
+			break;
+		default:
+			allow_netbios = false;
+			break;
+		}
+
+		if (!transitive || d->fti == NULL) {
+			int cmp;
+
+			if (allow_netbios) {
+				cmp = dns_cmp(name, d->tdo->netbios_name.string);
+				if (cmp == DNS_CMP_MATCH) {
+					/*
+					 * exact match
+					 */
+					return d->tdo;
+				}
+			}
+
+			cmp = dns_cmp(name, d->tdo->domain_name.string);
+			if (cmp == DNS_CMP_MATCH) {
+				/*
+				 * exact match
+				 */
+				return d->tdo;
+			}
+			if (cmp != DNS_CMP_FIRST_IS_CHILD) {
+				continue;
+			}
+
+			if (!transitive) {
+				continue;
+			}
+
+			dsdb_trust_update_best_tln(&best_d, &best_tln, d,
+						   d->tdo->domain_name.string);
+			continue;
+		}
+
+		exclude = dsdb_trust_find_tln_ex_match(d->fti, name);
+		if (exclude) {
+			continue;
+		}
+
+		for (i = 0; i < d->fti->count; i++ ) {
+			const struct lsa_ForestTrustRecord *f = d->fti->entries[i];
+			const struct lsa_ForestTrustDomainInfo *di = NULL;
+			const char *fti_nbt = NULL;
+			int cmp;
+
+			if (!allow_netbios) {
+				break;
+			}
+
+			if (f == NULL) {
+				/* broken record */
+				continue;
+			}
+
+			if (f->type != LSA_FOREST_TRUST_DOMAIN_INFO) {
+				continue;
+			}
+
+			if (f->flags & LSA_NB_DISABLED_MASK) {
+				/*
+				 * any flag disables the entry.
+				 */
+				continue;
+			}
+
+			di = &f->forest_trust_data.domain_info;
+			fti_nbt = di->netbios_domain_name.string;
+			if (fti_nbt == NULL) {
+				/* broken record */
+				continue;
+			}
+
+			cmp = dns_cmp(name, fti_nbt);
+			if (cmp == DNS_CMP_MATCH) {
+				/*
+				 * exact match
+				 */
+				return d->tdo;
+			}
+		}
+
+		for (i = 0; i < d->fti->count; i++ ) {
+			const struct lsa_ForestTrustRecord *f = d->fti->entries[i];
+			const union lsa_ForestTrustData *u = NULL;
+			const char *fti_tln = NULL;
+			int cmp;
+
+			if (f == NULL) {
+				/* broken record */
+				continue;
+			}
+
+			if (f->type != LSA_FOREST_TRUST_TOP_LEVEL_NAME) {
+				continue;
+			}
+
+			if (f->flags & LSA_TLN_DISABLED_MASK) {
+				/*
+				 * any flag disables the entry.
+				 */
+				continue;
+			}
+
+			u = &f->forest_trust_data;
+			fti_tln = u->top_level_name.string;
+			if (fti_tln == NULL) {
+				continue;
+			}
+
+			cmp = dns_cmp(name, fti_tln);
+			switch (cmp) {
+			case DNS_CMP_MATCH:
+			case DNS_CMP_FIRST_IS_CHILD:
+				dsdb_trust_update_best_tln(&best_d, &best_tln,
+							   d, fti_tln);
+				break;
+			default:
+				break;
+			}
+		}
+	}
+
+	if (best_d != NULL) {
+		return best_d->tdo;
+	}
+
+	return NULL;
+}
+
+const struct lsa_TrustDomainInfoInfoEx *dsdb_trust_domain_by_sid(
+		const struct dsdb_trust_routing_table *table,
+		const struct dom_sid *sid,
+		const struct lsa_ForestTrustDomainInfo **pdi)
+{
+	const struct dsdb_trust_routing_domain *d = NULL;
+
+	if (pdi != NULL) {
+		*pdi = NULL;
+	}
+
+	if (sid == NULL) {
+		return NULL;
+	}
+
+	for (d = table->domains; d != NULL; d = d->next) {
+		bool transitive = false;
+		uint32_t i;
+
+		if (d->tdo->trust_attributes & LSA_TRUST_ATTRIBUTE_WITHIN_FOREST) {
+			transitive = true;
+		}
+
+		if (d->tdo->trust_attributes & LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) {
+			transitive = true;
+		}
+
+		if (d->tdo->trust_attributes & LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE) {
+			transitive = false;
+		}
+
+		if (d->tdo->trust_type != LSA_TRUST_TYPE_UPLEVEL) {
+			transitive = false;
+		}
+
+		if (!transitive || d->fti == NULL) {
+			bool match = false;
+
+			match = dom_sid_equal(d->di.domain_sid, sid);
+			if (match) {
+				/*
+				 * exact match, it's the domain itself.
+				 */
+				if (pdi != NULL) {
+					*pdi = &d->di;
+				}
+				return d->tdo;
+			}
+			continue;
+		}
+
+		for (i = 0; i < d->fti->count; i++ ) {
+			const struct lsa_ForestTrustRecord *f = d->fti->entries[i];
+			const struct lsa_ForestTrustDomainInfo *di = NULL;
+			const struct dom_sid *fti_sid = NULL;
+			bool match = false;
+
+			if (f == NULL) {
+				/* broken record */
+				continue;
+			}
+
+			if (f->type != LSA_FOREST_TRUST_DOMAIN_INFO) {
+				continue;
+			}
+
+			if (f->flags & LSA_SID_DISABLED_MASK) {
+				/*
+				 * any flag disables the entry.
+				 */
+				continue;
+			}
+
+			di = &f->forest_trust_data.domain_info;
+			fti_sid = di->domain_sid;
+			if (fti_sid == NULL) {
+				/* broken record */
+				continue;
+			}
+
+			match = dom_sid_equal(fti_sid, sid);
+			if (match) {
+				/*
+				 * exact match, it's a domain in the forest.
+				 */
+				if (pdi != NULL) {
+					*pdi = di;
+				}
+				return d->tdo;
+			}
+		}
+	}
+
+	return NULL;
+}
+
+const struct lsa_TrustDomainInfoInfoEx *dsdb_trust_domain_by_name(
+		const struct dsdb_trust_routing_table *table,
+		const char *name,
+		const struct lsa_ForestTrustDomainInfo **pdi)
+{
+	const struct dsdb_trust_routing_domain *d = NULL;
+
+	if (pdi != NULL) {
+		*pdi = NULL;
+	}
+
+	if (name == NULL) {
+		return NULL;
+	}
+
+	for (d = table->domains; d != NULL; d = d->next) {
+		bool transitive = false;
+		uint32_t i;
+
+		if (d->tdo->trust_attributes & LSA_TRUST_ATTRIBUTE_WITHIN_FOREST) {
+			transitive = true;
+		}
+
+		if (d->tdo->trust_attributes & LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) {
+			transitive = true;
+		}
+
+		if (d->tdo->trust_attributes & LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE) {
+			transitive = false;
+		}
+
+		if (d->tdo->trust_type != LSA_TRUST_TYPE_UPLEVEL) {
+			transitive = false;
+		}
+
+		if (!transitive || d->fti == NULL) {
+			bool match = false;
+
+			match = strequal_m(d->di.netbios_domain_name.string,
+					   name);
+			if (match) {
+				/*
+				 * exact match for netbios name,
+				 * it's the domain itself.
+				 */
+				if (pdi != NULL) {
+					*pdi = &d->di;
+				}
+				return d->tdo;
+			}
+			match = strequal_m(d->di.dns_domain_name.string,
+					   name);
+			if (match) {
+				/*
+				 * exact match for dns name,
+				 * it's the domain itself.
+				 */
+				if (pdi != NULL) {
+					*pdi = &d->di;
+				}
+				return d->tdo;
+			}
+			continue;
+		}
+
+		for (i = 0; i < d->fti->count; i++ ) {
+			const struct lsa_ForestTrustRecord *f = d->fti->entries[i];
+			const struct lsa_ForestTrustDomainInfo *di = NULL;
+			bool match = false;
+
+			if (f == NULL) {
+				/* broken record */
+				continue;
+			}
+
+			if (f->type != LSA_FOREST_TRUST_DOMAIN_INFO) {
+				continue;
+			}
+			di = &f->forest_trust_data.domain_info;
+
+			if (!(f->flags & LSA_NB_DISABLED_MASK)) {
+				match = strequal_m(di->netbios_domain_name.string,
+						   name);
+				if (match) {
+					/*
+					 * exact match for netbios name,
+					 * it's a domain in the forest.
+					 */
+					if (pdi != NULL) {
+						*pdi = di;
+					}
+					return d->tdo;
+				}
+			}
+
+			if (!(f->flags & LSA_TLN_DISABLED_MASK)) {
+				match = strequal_m(di->dns_domain_name.string,
+						   name);
+				if (match) {
+					/*
+					 * exact match for dns name,
+					 * it's a domain in the forest.
+					 */
+					if (pdi != NULL) {
+						*pdi = di;
+					}
+					return d->tdo;
+				}
+			}
+		}
+	}
+
+	return NULL;
+}
diff --git a/source4/dsdb/dns/dns_update.c b/source4/dsdb/dns/dns_update.c
new file mode 100644
index 0000000..dd94564
--- /dev/null
+++ b/source4/dsdb/dns/dns_update.c
@@ -0,0 +1,464 @@
+/*
+   Unix SMB/CIFS Implementation.
+
+   DNS update service
+
+   Copyright (C) Andrew Tridgell 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+/*
+  this module auto-creates the named.conf.update file, which tells
+  bind9 what KRB5 principals it should accept for updates to our zone
+
+  It also uses the samba_dnsupdate script to auto-create the right DNS
+  names for ourselves as a DC in the domain, using TSIG-GSS
+ */
+
+#include "includes.h"
+#include "dsdb/samdb/samdb.h"
+#include "auth/auth.h"
+#include "samba/service.h"
+#include "lib/messaging/irpc.h"
+#include "param/param.h"
+#include "system/filesys.h"
+#include "dsdb/common/util.h"
+#include "libcli/composite/composite.h"
+#include "libcli/security/dom_sid.h"
+#include "librpc/gen_ndr/ndr_irpc.h"
+#include "libds/common/roles.h"
+
+NTSTATUS server_service_dnsupdate_init(TALLOC_CTX *);
+
+struct dnsupdate_service {
+	struct task_server *task;
+	struct auth_session_info *system_session_info;
+	struct ldb_context *samdb;
+
+	/* status for periodic config file update */
+	struct {
+		uint32_t interval;
+		struct tevent_timer *te;
+		struct tevent_req *subreq;
+		NTSTATUS status;
+	} confupdate;
+
+	/* status for periodic DNS name check */
+	struct {
+		uint32_t interval;
+		struct tevent_timer *te;
+		struct tevent_req *subreq;
+		struct tevent_req *spnreq;
+		NTSTATUS status;
+	} nameupdate;
+};
+
+/*
+  called when dns update script has finished
+ */
+static void dnsupdate_nameupdate_done(struct tevent_req *subreq)
+{
+	struct dnsupdate_service *service = tevent_req_callback_data(subreq,
+					    struct dnsupdate_service);
+	int ret;
+	int sys_errno;
+
+	service->nameupdate.subreq = NULL;
+
+	ret = samba_runcmd_recv(subreq, &sys_errno);
+	TALLOC_FREE(subreq);
+
+	if (ret != 0) {
+		DBG_ERR("Failed DNS update with exit code %d\n",
+			sys_errno);
+	} else {
+		DEBUG(3,("Completed DNS update check OK\n"));
+	}
+}
+
+
+/*
+  called when spn update script has finished
+ */
+static void dnsupdate_spnupdate_done(struct tevent_req *subreq)
+{
+	struct dnsupdate_service *service = tevent_req_callback_data(subreq,
+					    struct dnsupdate_service);
+	int ret;
+	int sys_errno;
+
+	service->nameupdate.spnreq = NULL;
+
+	ret = samba_runcmd_recv(subreq, &sys_errno);
+	TALLOC_FREE(subreq);
+	if (ret != 0) {
+		DEBUG(0,(__location__ ": Failed SPN update - with error code %d\n",
+			 sys_errno));
+	} else {
+		DEBUG(3,("Completed SPN update check OK\n"));
+	}
+}
+
+/*
+  called every 'dnsupdate:name interval' seconds
+ */
+static void dnsupdate_check_names(struct dnsupdate_service *service)
+{
+	const char * const *dns_update_command = lpcfg_dns_update_command(service->task->lp_ctx);
+	const char * const *spn_update_command = lpcfg_spn_update_command(service->task->lp_ctx);
+
+	/* kill any existing child */
+	TALLOC_FREE(service->nameupdate.subreq);
+
+	DEBUG(3,("Calling DNS name update script\n"));
+	service->nameupdate.subreq = samba_runcmd_send(service,
+						       service->task->event_ctx,
+						       timeval_current_ofs(20, 0),
+						       2, 0,
+						       dns_update_command,
+						       NULL);
+	if (service->nameupdate.subreq == NULL) {
+		DEBUG(0,(__location__ ": samba_runcmd_send() failed with no memory\n"));
+		return;
+	}
+	tevent_req_set_callback(service->nameupdate.subreq,
+				dnsupdate_nameupdate_done,
+				service);
+
+	DEBUG(3,("Calling SPN name update script\n"));
+	service->nameupdate.spnreq = samba_runcmd_send(service,
+						       service->task->event_ctx,
+						       timeval_current_ofs(20, 0),
+						       2, 0,
+						       spn_update_command,
+						       NULL);
+	if (service->nameupdate.spnreq == NULL) {
+		DEBUG(0,(__location__ ": samba_runcmd_send() failed with no memory\n"));
+		return;
+	}
+	tevent_req_set_callback(service->nameupdate.spnreq,
+				dnsupdate_spnupdate_done,
+				service);
+}
+
+static NTSTATUS dnsupdate_nameupdate_schedule(struct dnsupdate_service *service);
+
+/*
+  called every 'dnsupdate:name interval' seconds
+ */
+static void dnsupdate_nameupdate_handler_te(struct tevent_context *ev, struct tevent_timer *te,
+					    struct timeval t, void *ptr)
+{
+	struct dnsupdate_service *service = talloc_get_type(ptr, struct dnsupdate_service);
+
+	dnsupdate_check_names(service);
+	dnsupdate_nameupdate_schedule(service);
+}
+
+
+static NTSTATUS dnsupdate_nameupdate_schedule(struct dnsupdate_service *service)
+{
+	service->nameupdate.te = tevent_add_timer(service->task->event_ctx, service,
+						  timeval_current_ofs(service->nameupdate.interval, 0),
+						  dnsupdate_nameupdate_handler_te, service);
+	NT_STATUS_HAVE_NO_MEMORY(service->nameupdate.te);
+	return NT_STATUS_OK;
+}
+
+
+struct dnsupdate_RODC_state {
+	struct irpc_message *msg;
+	struct dnsupdate_RODC *r;
+	char *tmp_path;
+	char *tmp_path2;
+	int fd;
+};
+
+static int dnsupdate_RODC_destructor(struct dnsupdate_RODC_state *st)
+{
+	if (st->fd != -1) {
+		close(st->fd);
+	}
+	unlink(st->tmp_path);
+	if (st->tmp_path2 != NULL) {
+		unlink(st->tmp_path2);
+	}
+	return 0;
+}
+
+/*
+  called when the DNS update has completed
+ */
+static void dnsupdate_RODC_callback(struct tevent_req *req)
+{
+	struct dnsupdate_RODC_state *st =
+		tevent_req_callback_data(req,
+					 struct dnsupdate_RODC_state);
+	int sys_errno;
+	int i, ret;
+
+	ret = samba_runcmd_recv(req, &sys_errno);
+	talloc_free(req);
+	if (ret != 0) {
+		st->r->out.result = map_nt_error_from_unix_common(sys_errno);
+		DEBUG(2,(__location__ ": RODC DNS Update failed: %s\n", nt_errstr(st->r->out.result)));
+	} else {
+		st->r->out.result = NT_STATUS_OK;
+		DEBUG(3,(__location__ ": RODC DNS Update OK\n"));
+	}
+
+	for (i=0; i<st->r->in.dns_names->count; i++) {
+		st->r->out.dns_names->names[i].status = NT_STATUS_V(st->r->out.result);
+	}
+
+	irpc_send_reply(st->msg, NT_STATUS_OK);
+}
+
+
+/**
+ * Called when we get a RODC DNS update request from the netlogon
+ * rpc server
+ */
+static NTSTATUS dnsupdate_dnsupdate_RODC(struct irpc_message *msg,
+					 struct dnsupdate_RODC *r)
+{
+	struct dnsupdate_service *s = talloc_get_type(msg->private_data,
+						      struct dnsupdate_service);
+	const char * const *dns_update_command = lpcfg_dns_update_command(s->task->lp_ctx);
+	struct dnsupdate_RODC_state *st;
+	struct tevent_req *req;
+	int i, ret;
+	struct GUID ntds_guid;
+	const char *site, *dnsdomain, *dnsforest, *ntdsguid;
+	const char *hostname = NULL;
+	struct ldb_dn *sid_dn;
+	const char *attrs[] = { "dNSHostName", NULL };
+	struct ldb_result *res;
+
+	st = talloc_zero(msg, struct dnsupdate_RODC_state);
+	if (!st) {
+		r->out.result = NT_STATUS_NO_MEMORY;
+		return NT_STATUS_OK;
+	}
+
+	st->r = r;
+	st->msg = msg;
+
+	st->tmp_path = smbd_tmp_path(st, s->task->lp_ctx, "rodcdns.XXXXXX");
+	if (!st->tmp_path) {
+		talloc_free(st);
+		r->out.result = NT_STATUS_NO_MEMORY;
+		return NT_STATUS_OK;
+	}
+
+	st->fd = mkstemp(st->tmp_path);
+	if (st->fd == -1) {
+		DEBUG(0,("Unable to create a temporary file for RODC dnsupdate\n"));
+		talloc_free(st);
+		r->out.result = NT_STATUS_INTERNAL_DB_CORRUPTION;
+		return NT_STATUS_OK;
+	}
+
+	talloc_set_destructor(st, dnsupdate_RODC_destructor);
+
+	st->tmp_path2 = talloc_asprintf(st, "%s.cache", st->tmp_path);
+	if (!st->tmp_path2) {
+		talloc_free(st);
+		r->out.result = NT_STATUS_NO_MEMORY;
+		return NT_STATUS_OK;
+	}
+
+	sid_dn = ldb_dn_new_fmt(st, s->samdb, "<SID=%s>", dom_sid_string(st, r->in.dom_sid));
+	if (!sid_dn) {
+		talloc_free(st);
+		r->out.result = NT_STATUS_NO_MEMORY;
+		return NT_STATUS_OK;
+	}
+
+	/* work out the site */
+	ret = samdb_find_site_for_computer(s->samdb, st, sid_dn, &site);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(2, (__location__ ": Unable to find site for computer %s\n",
+			  ldb_dn_get_linearized(sid_dn)));
+		talloc_free(st);
+		r->out.result = NT_STATUS_NO_SUCH_USER;
+		return NT_STATUS_OK;
+	}
+
+	/* work out the ntdsguid */
+	ret = samdb_find_ntdsguid_for_computer(s->samdb, sid_dn, &ntds_guid);
+	ntdsguid = GUID_string(st, &ntds_guid);
+	if (ret != LDB_SUCCESS || !ntdsguid) {
+		DEBUG(2, (__location__ ": Unable to find NTDS GUID for computer %s\n",
+			  ldb_dn_get_linearized(sid_dn)));
+		talloc_free(st);
+		r->out.result = NT_STATUS_NO_SUCH_USER;
+		return NT_STATUS_OK;
+	}
+
+
+	/* find dnsdomain and dnsforest */
+	dnsdomain = lpcfg_dnsdomain(s->task->lp_ctx);
+	dnsforest = dnsdomain;
+
+	/* find the hostname */
+	ret = dsdb_search_dn(s->samdb, st, &res, sid_dn, attrs, 0);
+	if (ret == LDB_SUCCESS) {
+		hostname = ldb_msg_find_attr_as_string(res->msgs[0], "dNSHostName", NULL);
+	}
+	if (ret != LDB_SUCCESS || !hostname) {
+		DEBUG(2, (__location__ ": Unable to find NTDS GUID for computer %s\n",
+			  ldb_dn_get_linearized(sid_dn)));
+		talloc_free(st);
+		r->out.result = NT_STATUS_NO_SUCH_USER;
+		return NT_STATUS_OK;
+	}
+
+	for (i=0; i<st->r->in.dns_names->count; i++) {
+		struct NL_DNS_NAME_INFO *n = &r->in.dns_names->names[i];
+		switch (n->type) {
+		case NlDnsLdapAtSite:
+			dprintf(st->fd, "SRV _ldap._tcp.%s._sites.%s %s %u\n",
+				site, dnsdomain, hostname, n->port);
+			break;
+		case NlDnsGcAtSite:
+			dprintf(st->fd, "SRV _ldap._tcp.%s._sites.gc._msdcs.%s %s %u\n",
+				site, dnsdomain, hostname, n->port);
+			break;
+		case NlDnsDsaCname:
+			dprintf(st->fd, "CNAME %s._msdcs.%s %s\n",
+				ntdsguid, dnsforest, hostname);
+			break;
+		case NlDnsKdcAtSite:
+			dprintf(st->fd, "SRV _kerberos._tcp.%s._sites.dc._msdcs.%s %s %u\n",
+				site, dnsdomain, hostname, n->port);
+			break;
+		case NlDnsDcAtSite:
+			dprintf(st->fd, "SRV _ldap._tcp.%s._sites.dc._msdcs.%s %s %u\n",
+				site, dnsdomain, hostname, n->port);
+			break;
+		case NlDnsRfc1510KdcAtSite:
+			dprintf(st->fd, "SRV _kerberos._tcp.%s._sites.%s %s %u\n",
+				site, dnsdomain, hostname, n->port);
+			break;
+		case NlDnsGenericGcAtSite:
+			dprintf(st->fd, "SRV _gc._tcp.%s._sites.%s %s %u\n",
+				site, dnsforest, hostname, n->port);
+			break;
+		}
+	}
+
+	close(st->fd);
+	st->fd = -1;
+
+	DEBUG(3,("Calling RODC DNS name update script %s\n", st->tmp_path));
+	req = samba_runcmd_send(st,
+				s->task->event_ctx,
+				timeval_current_ofs(20, 0),
+				2, 0,
+				dns_update_command,
+				"--update-list",
+				st->tmp_path,
+				"--update-cache",
+				st->tmp_path2,
+				NULL);
+	NT_STATUS_HAVE_NO_MEMORY(req);
+
+	/* setup the callback */
+	tevent_req_set_callback(req, dnsupdate_RODC_callback, st);
+
+	msg->defer_reply = true;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  startup the dns update task
+*/
+static NTSTATUS dnsupdate_task_init(struct task_server *task)
+{
+	NTSTATUS status;
+	struct dnsupdate_service *service;
+
+	if (lpcfg_server_role(task->lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC) {
+		/* not useful for non-DC */
+		return NT_STATUS_INVALID_DOMAIN_ROLE;
+	}
+
+	task_server_set_title(task, "task[dnsupdate]");
+
+	service = talloc_zero(task, struct dnsupdate_service);
+	if (!service) {
+		task_server_terminate(task, "dnsupdate_task_init: out of memory", true);
+		return NT_STATUS_NO_MEMORY;
+	}
+	service->task		= task;
+	task->private_data	= service;
+
+	service->system_session_info = system_session(service->task->lp_ctx);
+	if (!service->system_session_info) {
+		task_server_terminate(task,
+				      "dnsupdate: Failed to obtain server credentials\n",
+				      true);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	service->samdb = samdb_connect(service,
+				       service->task->event_ctx,
+				       task->lp_ctx,
+				       service->system_session_info,
+				       NULL,
+				       0);
+	if (!service->samdb) {
+		task_server_terminate(task, "dnsupdate: Failed to connect to local samdb\n",
+				      true);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	service->nameupdate.interval	= lpcfg_parm_int(task->lp_ctx, NULL,
+						      "dnsupdate", "name interval", 600); /* in seconds */
+
+	dnsupdate_check_names(service);
+	status = dnsupdate_nameupdate_schedule(service);
+	if (!NT_STATUS_IS_OK(status)) {
+		task_server_terminate(task, talloc_asprintf(task,
+				      "dnsupdate: Failed to nameupdate schedule: %s\n",
+							    nt_errstr(status)), true);
+		return status;
+	}
+
+	irpc_add_name(task->msg_ctx, "dnsupdate");
+
+	IRPC_REGISTER(task->msg_ctx, irpc, DNSUPDATE_RODC,
+		      dnsupdate_dnsupdate_RODC, service);
+
+	return NT_STATUS_OK;
+
+}
+
+/*
+  register ourselves as a available server
+*/
+NTSTATUS server_service_dnsupdate_init(TALLOC_CTX *ctx)
+{
+	static const struct service_details details = {
+		.inhibit_fork_on_accept = true,
+		.inhibit_pre_fork = true,
+		.task_init = dnsupdate_task_init,
+		.post_fork = NULL
+	};
+	return register_server_service(ctx, "dnsupdate", &details);
+}
diff --git a/source4/dsdb/kcc/garbage_collect_tombstones.c b/source4/dsdb/kcc/garbage_collect_tombstones.c
new file mode 100644
index 0000000..14ee2d4
--- /dev/null
+++ b/source4/dsdb/kcc/garbage_collect_tombstones.c
@@ -0,0 +1,347 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   handle removal of deleted objects
+
+   Copyright (C) 2009 Andrew Tridgell
+   Copyright (C) 2016 Andrew Bartlett
+   Copyright (C) 2016 Catalyst.NET Ltd
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+#include "includes.h"
+#include <ldb_errors.h>
+#include "../lib/util/dlinklist.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "param/param.h"
+#include "lib/util/dlinklist.h"
+#include "ldb.h"
+#include "dsdb/kcc/garbage_collect_tombstones.h"
+#include "lib/ldb-samba/ldb_matching_rules.h"
+#include "lib/util/time.h"
+
+static NTSTATUS garbage_collect_tombstones_part(TALLOC_CTX *mem_ctx,
+						struct ldb_context *samdb,
+						struct dsdb_ldb_dn_list_node *part,
+						char *filter,
+						unsigned int *num_links_removed,
+						unsigned int *num_objects_removed,
+						struct dsdb_schema *schema,
+						const char **attrs,
+						char **error_string,
+						NTTIME expunge_time_nttime)
+{
+	int ret;
+	struct ldb_dn *do_dn;
+	struct ldb_result *res;
+	unsigned int i, j, k;
+	uint32_t flags;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	if (!tmp_ctx) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ret = dsdb_get_deleted_objects_dn(samdb, tmp_ctx, part->dn, &do_dn);
+	if (ret != LDB_SUCCESS) {
+		TALLOC_FREE(tmp_ctx);
+		/* some partitions have no Deleted Objects
+		   container */
+		return NT_STATUS_OK;
+	}
+
+	DBG_INFO("Doing a full scan on %s and looking for deleted objects\n",
+		  ldb_dn_get_linearized(part->dn));
+
+	flags = DSDB_SEARCH_SHOW_RECYCLED |
+		DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT |
+		DSDB_SEARCH_REVEAL_INTERNALS;
+	ret = dsdb_search(samdb, tmp_ctx, &res, part->dn, LDB_SCOPE_SUBTREE,
+			  attrs, flags, "%s", filter);
+
+	if (ret != LDB_SUCCESS) {
+		*error_string = talloc_asprintf(mem_ctx,
+						"Failed to search for deleted "
+						"objects in %s: %s",
+						ldb_dn_get_linearized(do_dn),
+						ldb_errstring(samdb));
+		TALLOC_FREE(tmp_ctx);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	for (i=0; i<res->count; i++) {
+		struct ldb_message *cleanup_msg = NULL;
+		unsigned int num_modified = 0;
+
+		bool isDeleted = ldb_msg_find_attr_as_bool(res->msgs[i],
+							   "isDeleted", false);
+		if (isDeleted) {
+			if (ldb_dn_compare(do_dn, res->msgs[i]->dn) == 0) {
+				/* Skip the Deleted Object Container */
+				continue;
+			}
+
+			ret = dsdb_delete(samdb, res->msgs[i]->dn,
+					  DSDB_SEARCH_SHOW_RECYCLED
+					  |DSDB_MODIFY_RELAX);
+			if (ret != LDB_SUCCESS) {
+				DBG_WARNING(__location__ ": Failed to remove "
+					 "deleted object %s\n",
+					 ldb_dn_get_linearized(res->
+							       msgs[i]->dn));
+			} else {
+				DBG_INFO("Removed deleted object %s\n",
+					 ldb_dn_get_linearized(res->
+							       msgs[i]->dn));
+				(*num_objects_removed)++;
+			}
+			continue;
+		}
+
+		/* This must have a linked attribute */
+
+		/*
+		 * From MS-ADTS 3.1.1.1.9 DCs, usn Counters, and
+		 * the Originating Update Stamp
+		 *
+		 * "A link value r is deleted, but exists as a
+		 *  tombstone, if r.stamp.timeDeleted ≠ 0. When
+		 *  the current time minus r.stamp.timeDeleted
+		 *  exceeds the tombstone lifetime, the link
+		 *  value r is garbage-collected; that is,
+		 *  removed from its containing forward link
+		 *  attribute. "
+		 */
+
+		for (j=0; j < res->msgs[i]->num_elements; j++) {
+			struct ldb_message_element *element = NULL;
+			/* TODO this is O(log n) per attribute with deleted values */
+			const struct dsdb_attribute *attrib = NULL;
+
+			element = &res->msgs[i]->elements[j];
+			attrib = dsdb_attribute_by_lDAPDisplayName(schema,
+								   element->name);
+
+			/* This avoids parsing isDeleted as a link */
+			if (attrib == NULL ||
+			    attrib->linkID == 0 ||
+			    ((attrib->linkID & 1) == 1)) {
+				continue;
+			}
+
+			for (k = 0; k < element->num_values; k++) {
+				struct ldb_val *value = &element->values[k];
+				uint64_t whenChanged = 0;
+				NTSTATUS status;
+				struct dsdb_dn *dn;
+				struct ldb_message_element *cleanup_elem = NULL;
+				char *guid_search_str = NULL;
+				char *guid_buf_str = NULL;
+				struct ldb_val cleanup_val;
+				struct GUID_txt_buf buf_guid;
+				struct GUID guid;
+				const struct ldb_val *guid_blob;
+
+				if (dsdb_dn_is_deleted_val(value) == false) {
+					continue;
+				}
+
+				dn = dsdb_dn_parse(tmp_ctx, samdb,
+						   &element->values[k],
+						   attrib->syntax->ldap_oid);
+				if (dn == NULL) {
+					DBG_WARNING("Failed to parse linked attribute blob of "
+						  "%s on %s while expunging expired links\n",
+						  element->name,
+						  ldb_dn_get_linearized(res->msgs[i]->dn));
+					continue;
+				}
+
+				status = dsdb_get_extended_dn_uint64(dn->dn,
+								     &whenChanged,
+								     "RMD_CHANGETIME");
+				if (!NT_STATUS_IS_OK(status)) {
+					DBG_WARNING("Error: RMD_CHANGETIME is missing on a forward link.\n");
+					talloc_free(dn);
+					continue;
+				}
+
+				if (whenChanged >= expunge_time_nttime) {
+					talloc_free(dn);
+					continue;
+				}
+
+				guid_blob = ldb_dn_get_extended_component(dn->dn, "GUID");
+				status = GUID_from_ndr_blob(guid_blob, &guid);
+				if (!NT_STATUS_IS_OK(status)) {
+					DBG_WARNING("Error: Invalid GUID on link target.\n");
+					talloc_free(dn);
+					continue;
+				}
+
+				guid_buf_str = GUID_buf_string(&guid, &buf_guid);
+				guid_search_str = talloc_asprintf(mem_ctx,
+								  "<GUID=%s>;%s",
+								  guid_buf_str,
+								  dsdb_dn_get_linearized(mem_ctx, dn));
+				cleanup_val = data_blob_string_const(guid_search_str);
+
+				talloc_free(dn);
+
+				if (cleanup_msg == NULL) {
+					cleanup_msg = ldb_msg_new(mem_ctx);
+					if (cleanup_msg == NULL) {
+						return NT_STATUS_NO_MEMORY;
+					}
+					cleanup_msg->dn = res->msgs[i]->dn;
+				}
+
+				ret = ldb_msg_add_value(cleanup_msg,
+							element->name,
+							&cleanup_val,
+							&cleanup_elem);
+				if (ret != LDB_SUCCESS) {
+					return NT_STATUS_NO_MEMORY;
+				}
+				cleanup_elem->flags = LDB_FLAG_MOD_DELETE;
+				num_modified++;
+			}
+		}
+
+		if (num_modified > 0) {
+			ret = dsdb_modify(samdb, cleanup_msg,
+					  DSDB_REPLMD_VANISH_LINKS);
+			if (ret != LDB_SUCCESS) {
+				DBG_WARNING(__location__ ": Failed to remove deleted object %s\n",
+					 ldb_dn_get_linearized(res->msgs[i]->dn));
+			} else {
+				DBG_INFO("Removed deleted object %s\n",
+					 ldb_dn_get_linearized(res->msgs[i]->dn));
+				*num_links_removed = *num_links_removed + num_modified;
+			}
+
+		}
+	}
+
+	TALLOC_FREE(tmp_ctx);
+	return NT_STATUS_OK;
+}
+
+/*
+ * Per MS-ADTS 3.1.1.5.5 Delete Operation
+ *
+ * "Tombstones are a type of deleted object distinguished from
+ *  existing-objects by the presence of the isDeleted attribute with the
+ *  value true."
+ *
+ * "After a time period at least as large as a tombstone lifetime, the
+ *  tombstone is removed from the directory."
+ *
+ * The purpose of this routine is to remove such objects.  It is
+ * called from a timed event in the KCC, and from samba-tool domain
+ * expunge tombstones.
+ *
+ * Additionally, linked attributes have similar properties.
+ */
+NTSTATUS dsdb_garbage_collect_tombstones(TALLOC_CTX *mem_ctx,
+					 struct ldb_context *samdb,
+					 struct dsdb_ldb_dn_list_node *part,
+					 time_t current_time,
+					 uint32_t tombstoneLifetime,
+					 unsigned int *num_objects_removed,
+					 unsigned int *num_links_removed,
+					 char **error_string)
+{
+	const char **attrs = NULL;
+	char *filter = NULL;
+	NTSTATUS status;
+	unsigned int i;
+	struct dsdb_attribute *next_attr;
+	unsigned int num_link_attrs;
+	struct dsdb_schema *schema = dsdb_get_schema(samdb, mem_ctx);
+	unsigned long long expunge_time = current_time - tombstoneLifetime*60*60*24;
+	char *expunge_time_string = ldb_timestring_utc(mem_ctx, expunge_time);
+	NTTIME expunge_time_nttime;
+	unix_to_nt_time(&expunge_time_nttime, expunge_time);
+
+	*num_objects_removed = 0;
+	*num_links_removed = 0;
+	*error_string = NULL;
+	num_link_attrs = 0;
+
+	/*
+	 * This filter is a bit strange, but the idea is to filter for
+	 * objects that need to have tombstones expunged without
+	 * bringing a potentially large database all into memory.  To
+	 * do that, we could use callbacks, but instead we use a
+	 * custom match rule to triage the objects during the search,
+	 * and ideally avoid memory allocation for most of the
+	 * un-matched objects.
+	 *
+	 * The parameter to DSDB_MATCH_FOR_EXPUNGE is the NTTIME, we
+	 * return records with deleted links deleted before this time.
+	 *
+	 * We use a date comparison on whenChanged to avoid returning
+	 * all isDeleted records
+	 */
+
+	filter = talloc_asprintf(mem_ctx, "(|");
+	for (next_attr = schema->attributes; next_attr != NULL; next_attr = next_attr->next) {
+		if (next_attr->linkID != 0 && ((next_attr->linkID & 1) == 0)) {
+			num_link_attrs++;
+			filter = talloc_asprintf_append(filter,
+							"(%s:" DSDB_MATCH_FOR_EXPUNGE ":=%llu)",
+							next_attr->lDAPDisplayName,
+							(unsigned long long)expunge_time_nttime);
+			if (filter == NULL) {
+				return NT_STATUS_NO_MEMORY;
+			}
+		}
+	}
+
+	attrs = talloc_array(mem_ctx, const char *, num_link_attrs + 2);
+	i = 0;
+	for (next_attr = schema->attributes; next_attr != NULL; next_attr = next_attr->next) {
+		if (next_attr->linkID != 0 && ((next_attr->linkID & 1) == 0)) {
+			attrs[i++] = next_attr->lDAPDisplayName;
+		}
+	}
+	attrs[i] = "isDeleted";
+	attrs[i+1] = NULL;
+
+	filter = talloc_asprintf_append(filter,
+					"(&(isDeleted=TRUE)(whenChanged<=%s)))",
+					expunge_time_string);
+	if (filter == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (; part != NULL; part = part->next) {
+		status = garbage_collect_tombstones_part(mem_ctx, samdb, part,
+							 filter,
+							 num_links_removed,
+							 num_objects_removed,
+							 schema, attrs,
+							 error_string,
+							 expunge_time_nttime);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+	}
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/dsdb/kcc/garbage_collect_tombstones.h b/source4/dsdb/kcc/garbage_collect_tombstones.h
new file mode 100644
index 0000000..ce62f5d
--- /dev/null
+++ b/source4/dsdb/kcc/garbage_collect_tombstones.h
@@ -0,0 +1,34 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   handle removal of deleted objects
+
+   Copyright (C) 2009 Andrew Tridgell
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+*/
+#include "param/param.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
+
+
+NTSTATUS dsdb_garbage_collect_tombstones(TALLOC_CTX *mem_ctx,
+					 struct ldb_context *samdb,
+					 struct dsdb_ldb_dn_list_node *part,
+					 time_t current_time,
+					 uint32_t tombstoneLifetime,
+					 unsigned int *num_objects_removed,
+					 unsigned int *num_links_removed,
+					 char **error_string);
diff --git a/source4/dsdb/kcc/kcc_connection.c b/source4/dsdb/kcc/kcc_connection.c
new file mode 100644
index 0000000..78d853e
--- /dev/null
+++ b/source4/dsdb/kcc/kcc_connection.c
@@ -0,0 +1,252 @@
+/*
+   Unix SMB/CIFS implementation.
+   KCC service periodic handling
+
+   Copyright (C) Crístian Deives
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include "dsdb/samdb/samdb.h"
+#include "auth/auth.h"
+#include "samba/service.h"
+#include "lib/messaging/irpc.h"
+#include "dsdb/kcc/kcc_service.h"
+#include "dsdb/kcc/kcc_connection.h"
+#include <ldb_errors.h>
+#include "../lib/util/dlinklist.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "param/param.h"
+
+static int kccsrv_add_connection(struct kccsrv_service *s,
+				 struct kcc_connection *conn)
+{
+	struct ldb_message *msg;
+	TALLOC_CTX *tmp_ctx;
+	struct ldb_dn *new_dn, *server_dn;
+	struct GUID guid;
+	/* struct ldb_val schedule_val; */
+	int ret;
+	bool ok;
+
+	tmp_ctx = talloc_new(s);
+	if (!tmp_ctx) {
+		DEBUG(0, ("failed to talloc\n"));
+		ret = LDB_ERR_OPERATIONS_ERROR;
+		goto done;
+	}
+	new_dn = samdb_ntds_settings_dn(s->samdb, tmp_ctx);
+	if (!new_dn) {
+		DEBUG(0, ("failed to find NTDS settings\n"));
+		ret = LDB_ERR_OPERATIONS_ERROR;
+		goto done;
+	}
+	new_dn = ldb_dn_copy(tmp_ctx, new_dn);
+	if (!new_dn) {
+		DEBUG(0, ("failed to copy NTDS settings\n"));
+		ret = LDB_ERR_OPERATIONS_ERROR;
+		goto done;
+	}
+	guid = GUID_random();
+	ok = ldb_dn_add_child_fmt(new_dn, "CN=%s", GUID_string(tmp_ctx, &guid));
+	if (!ok) {
+		DEBUG(0, ("failed to create nTDSConnection DN\n"));
+		ret = LDB_ERR_INVALID_DN_SYNTAX;
+		goto done;
+	}
+	ret = dsdb_find_dn_by_guid(s->samdb, tmp_ctx, &conn->dsa_guid, 0, &server_dn);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0, ("failed to find fromServer DN '%s'\n",
+			  GUID_string(tmp_ctx, &conn->dsa_guid)));
+		goto done;
+	}
+	/*schedule_val = data_blob_const(r1->schedule, sizeof(r1->schedule));*/
+
+	msg = ldb_msg_new(tmp_ctx);
+	msg->dn = new_dn;
+	ldb_msg_add_string(msg, "objectClass", "nTDSConnection");
+	ldb_msg_add_string(msg, "showInAdvancedViewOnly", "TRUE");
+	ldb_msg_add_string(msg, "enabledConnection", "TRUE");
+	ldb_msg_add_linearized_dn(msg, "fromServer", server_dn);
+	/* ldb_msg_add_value(msg, "schedule", &schedule_val, NULL); */
+
+	samdb_msg_add_uint(s->samdb, msg, msg,
+				"options", NTDSCONN_OPT_IS_GENERATED);
+
+	ret = ldb_add(s->samdb, msg);
+	if (ret == LDB_SUCCESS) {
+		DEBUG(2, ("added nTDSConnection object '%s'\n",
+			  ldb_dn_get_linearized(new_dn)));
+	} else {
+		DEBUG(0, ("failed to add an nTDSConnection object: %s\n",
+			  ldb_strerror(ret)));
+	}
+
+done:
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+static int kccsrv_delete_connection(struct kccsrv_service *s,
+				    struct kcc_connection *conn)
+{
+	TALLOC_CTX *tmp_ctx;
+	struct ldb_dn *dn;
+	int ret;
+
+	tmp_ctx = talloc_new(s);
+	ret = dsdb_find_dn_by_guid(s->samdb, tmp_ctx, &conn->obj_guid, 0, &dn);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0, ("failed to find nTDSConnection's DN: %s\n",
+			  ldb_strerror(ret)));
+		goto done;
+	}
+
+	ret = ldb_delete(s->samdb, dn);
+	if (ret == LDB_SUCCESS) {
+		DEBUG(2, ("deleted nTDSConnection object '%s'\n",
+			  ldb_dn_get_linearized(dn)));
+	} else {
+		DEBUG(0, ("failed to delete an nTDSConnection object: %s\n",
+			  ldb_strerror(ret)));
+	}
+
+done:
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+void kccsrv_apply_connections(struct kccsrv_service *s,
+			      struct kcc_connection_list *ntds_list,
+			      struct kcc_connection_list *dsa_list)
+{
+	unsigned int i, j, deleted = 0, added = 0;
+	int ret;
+
+	/* XXX
+	 *
+	 * This routine is not respecting connections that the
+	 * administrator can specifically create (NTDSCONN_OPT_IS_GENERATED
+	 * bit will not be set)
+	 */
+	for (i = 0; ntds_list && i < ntds_list->count; i++) {
+		struct kcc_connection *ntds = &ntds_list->servers[i];
+		for (j = 0; j < dsa_list->count; j++) {
+			struct kcc_connection *dsa = &dsa_list->servers[j];
+			if (GUID_equal(&ntds->dsa_guid, &dsa->dsa_guid)) {
+				break;
+			}
+		}
+		if (j == dsa_list->count) {
+			ret = kccsrv_delete_connection(s, ntds);
+			if (ret == LDB_SUCCESS) {
+				deleted++;
+			}
+		}
+	}
+	DEBUG(4, ("%d connections have been deleted\n", deleted));
+
+	for (i = 0; i < dsa_list->count; i++) {
+		struct kcc_connection *dsa = &dsa_list->servers[i];
+		for (j = 0; ntds_list && j < ntds_list->count; j++) {
+			struct kcc_connection *ntds = &ntds_list->servers[j];
+			if (GUID_equal(&dsa->dsa_guid, &ntds->dsa_guid)) {
+				break;
+			}
+		}
+		if (ntds_list == NULL || j == ntds_list->count) {
+			ret = kccsrv_add_connection(s, dsa);
+			if (ret == LDB_SUCCESS) {
+				added++;
+			}
+		}
+	}
+	DEBUG(4, ("%d connections have been added\n", added));
+}
+
+struct kcc_connection_list *kccsrv_find_connections(struct kccsrv_service *s,
+						    TALLOC_CTX *mem_ctx)
+{
+	unsigned int i;
+	int ret;
+	struct ldb_dn *base_dn;
+	struct ldb_result *res;
+	const char *attrs[] = { "objectGUID", "fromServer", NULL };
+	struct kcc_connection_list *list;
+	TALLOC_CTX *tmp_ctx;
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (!tmp_ctx) {
+		DEBUG(0, ("failed to talloc\n"));
+		return NULL;
+	}
+
+	base_dn = samdb_ntds_settings_dn(s->samdb, tmp_ctx);
+	if (!base_dn) {
+		DEBUG(0, ("failed to find our own NTDS settings DN\n"));
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+
+	ret = ldb_search(s->samdb, tmp_ctx, &res, base_dn, LDB_SCOPE_ONELEVEL,
+			 attrs, "objectClass=nTDSConnection");
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0, ("failed nTDSConnection search: %s\n",
+			  ldb_strerror(ret)));
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+
+	list = talloc(tmp_ctx, struct kcc_connection_list);
+	if (!list) {
+		DEBUG(0, ("out of memory\n"));
+		return NULL;
+	}
+	list->servers = talloc_array(list, struct kcc_connection,
+				     res->count);
+	if (!list->servers) {
+		DEBUG(0, ("out of memory\n"));
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+	list->count = 0;
+
+	for (i = 0; i < res->count; i++) {
+		struct ldb_dn *server_dn;
+
+		list->servers[i].obj_guid = samdb_result_guid(res->msgs[i],
+							      "objectGUID");
+		server_dn = samdb_result_dn(s->samdb, mem_ctx, res->msgs[i],
+					    "fromServer", NULL);
+		ret = dsdb_find_guid_by_dn(s->samdb, server_dn,
+					   &list->servers[i].dsa_guid);
+		if (ret != LDB_SUCCESS) {
+			DEBUG(0, ("Failed to find connection server's GUID by "
+				  "DN=%s: %s\n",
+				  ldb_dn_get_linearized(server_dn),
+				  ldb_strerror(ret)));
+			continue;
+		}
+		list->count++;
+	}
+	DEBUG(4, ("found %d existing nTDSConnection objects\n", list->count));
+	talloc_steal(mem_ctx, list);
+	talloc_free(tmp_ctx);
+	return list;
+}
diff --git a/source4/dsdb/kcc/kcc_connection.h b/source4/dsdb/kcc/kcc_connection.h
new file mode 100644
index 0000000..b15e8ec
--- /dev/null
+++ b/source4/dsdb/kcc/kcc_connection.h
@@ -0,0 +1,39 @@
+/*
+   Unix SMB/CIFS Implementation.
+
+   KCC service
+
+   Copyright (C) Crístian Deives 2009
+   based on drepl service code
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+#ifndef _DSDB_REPL_KCC_CONNECTION_H_
+#define _DSDB_REPL_KCC_CONNECTION_H_
+
+struct kcc_connection {
+	struct GUID obj_guid;
+	struct GUID dsa_guid;
+	struct GUID invocation_id;
+	uint8_t schedule[84];
+};
+
+struct kcc_connection_list {
+	unsigned count;
+	struct kcc_connection *servers;
+};
+
+#endif /* _DSDB_REPL_KCC_CONNECTION_H_ */
diff --git a/source4/dsdb/kcc/kcc_drs_replica_info.c b/source4/dsdb/kcc/kcc_drs_replica_info.c
new file mode 100644
index 0000000..5975926
--- /dev/null
+++ b/source4/dsdb/kcc/kcc_drs_replica_info.c
@@ -0,0 +1,911 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ DRS Replica Information
+
+ Copyright (C) Erick Nogueira do Nascimento 2009-2010
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+ */
+
+#include "includes.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/proto.h"
+#include "auth/auth.h"
+#include "samba/service.h"
+#include "lib/events/events.h"
+#include "lib/messaging/irpc.h"
+#include "dsdb/kcc/kcc_service.h"
+#include <ldb_errors.h>
+#include "../lib/util/dlinklist.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "param/param.h"
+#include "dsdb/common/util.h"
+
+
+/*
+   get the stamp values for the linked attribute 'linked_attr_name' of the object 'dn'
+*/
+static WERROR get_linked_attribute_value_stamp(TALLOC_CTX *mem_ctx, struct ldb_context *samdb,
+				       struct ldb_dn *dn, const char *linked_attr_name,
+				       uint32_t *attr_version, NTTIME *attr_change_time, uint32_t *attr_orig_usn)
+{
+	struct ldb_result *res;
+	int ret;
+	const char *attrs[2];
+	struct ldb_dn *attr_ext_dn;
+	NTSTATUS ntstatus;
+
+	attrs[0] = linked_attr_name;
+	attrs[1] = NULL;
+
+	ret = dsdb_search_dn(samdb, mem_ctx, &res, dn, attrs,
+			     DSDB_SEARCH_SHOW_EXTENDED_DN | DSDB_SEARCH_REVEAL_INTERNALS);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0, (__location__ ": Failed search for attribute %s on %s\n",
+				linked_attr_name, ldb_dn_get_linearized(dn)));
+		return WERR_INTERNAL_ERROR;
+	}
+
+	attr_ext_dn = ldb_msg_find_attr_as_dn(samdb, mem_ctx, res->msgs[0], linked_attr_name);
+	if (!attr_ext_dn) {
+		DEBUG(0, (__location__ ": Failed search for attribute %s on %s\n",
+				linked_attr_name, ldb_dn_get_linearized(dn)));
+		return WERR_INTERNAL_ERROR;
+	}
+
+	DEBUG(0, ("linked_attr_name = %s, attr_ext_dn = %s", linked_attr_name,
+		  ldb_dn_get_extended_linearized(mem_ctx, attr_ext_dn, 1)));
+
+	ntstatus = dsdb_get_extended_dn_uint32(attr_ext_dn, attr_version, "RMD_VERSION");
+	if (!NT_STATUS_IS_OK(ntstatus)) {
+		DEBUG(0, (__location__ ": Could not extract component %s from dn \"%s\"\n",
+				"RMD_VERSION", ldb_dn_get_extended_linearized(mem_ctx, attr_ext_dn, 1)));
+		return WERR_INTERNAL_ERROR;
+	}
+
+	ntstatus = dsdb_get_extended_dn_nttime(attr_ext_dn, attr_change_time, "RMD_CHANGETIME");
+	if (!NT_STATUS_IS_OK(ntstatus)) {
+		DEBUG(0, (__location__ ": Could not extract component %s from dn \"%s\"\n",
+				"RMD_CHANGETIME", ldb_dn_get_extended_linearized(mem_ctx, attr_ext_dn, 1)));
+		return WERR_INTERNAL_ERROR;
+	}
+
+	ntstatus = dsdb_get_extended_dn_uint32(attr_ext_dn, attr_version, "RMD_ORIGINATING_USN");
+	if (!NT_STATUS_IS_OK(ntstatus)) {
+		DEBUG(0, (__location__ ": Could not extract component %s from dn \"%s\"\n",
+				"RMD_ORIGINATING_USN", ldb_dn_get_extended_linearized(mem_ctx, attr_ext_dn, 1)));
+		return WERR_INTERNAL_ERROR;
+	}
+
+	return WERR_OK;
+}
+
+static WERROR get_repl_prop_metadata_ctr(TALLOC_CTX *mem_ctx,
+					 struct ldb_context *samdb,
+					 struct ldb_dn *dn,
+					 struct replPropertyMetaDataBlob *obj_metadata_ctr)
+{
+	int ret;
+	struct ldb_result *res;
+	const char *attrs[] = { "replPropertyMetaData", NULL };
+	const struct ldb_val *omd_value;
+	enum ndr_err_code ndr_err;
+
+	ret = ldb_search(samdb, mem_ctx, &res, dn, LDB_SCOPE_BASE, attrs, NULL);
+	if (ret != LDB_SUCCESS || res->count != 1) {
+		DEBUG(0, (__location__ ": Failed search for replPropertyMetaData attribute on %s\n",
+			  ldb_dn_get_linearized(dn)));
+		return WERR_INTERNAL_ERROR;
+	}
+
+	omd_value = ldb_msg_find_ldb_val(res->msgs[0], "replPropertyMetaData");
+	if (!omd_value) {
+                DEBUG(0,(__location__ ": Object %s does not have a replPropertyMetaData attribute\n",
+                         ldb_dn_get_linearized(dn)));
+		talloc_free(res);
+		return WERR_INTERNAL_ERROR;
+	}
+
+	ndr_err = ndr_pull_struct_blob(omd_value, mem_ctx,
+				        obj_metadata_ctr,
+				       (ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaDataBlob);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		DEBUG(0,(__location__ ": Failed to parse replPropertyMetaData for %s\n",
+			 ldb_dn_get_linearized(dn)));
+		talloc_free(res);
+		return WERR_INTERNAL_ERROR;
+	}
+
+	talloc_free(res);
+	return WERR_OK;
+}
+
+/*
+  get the DN of the nTDSDSA object from the configuration partition
+  whose invocationId is 'invocation_id'
+  put the value on 'dn_str'
+*/
+static WERROR get_dn_from_invocation_id(TALLOC_CTX *mem_ctx,
+					struct ldb_context *samdb,
+					struct GUID *invocation_id,
+					const char **dn_str)
+{
+	char *invocation_id_str;
+	const char *attrs_invocation[] = { NULL };
+	struct ldb_message *msg;
+	int ret;
+
+	invocation_id_str = GUID_string(mem_ctx, invocation_id);
+	W_ERROR_HAVE_NO_MEMORY(invocation_id_str);
+
+	ret = dsdb_search_one(samdb, invocation_id_str, &msg, ldb_get_config_basedn(samdb), LDB_SCOPE_SUBTREE,
+			      attrs_invocation, 0, "(&(objectClass=nTDSDSA)(invocationId=%s))", invocation_id_str);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0, (__location__ ": Failed search for the object DN under %s whose invocationId is %s\n",
+			  invocation_id_str, ldb_dn_get_linearized(ldb_get_config_basedn(samdb))));
+		talloc_free(invocation_id_str);
+		return WERR_INTERNAL_ERROR;
+	}
+
+	*dn_str = ldb_dn_alloc_linearized(mem_ctx, msg->dn);
+	talloc_free(invocation_id_str);
+	return WERR_OK;
+}
+
+/*
+  get metadata version 2 info for a specified object DN
+*/
+static WERROR kccdrs_replica_get_info_obj_metadata2(TALLOC_CTX *mem_ctx,
+						    struct ldb_context *samdb,
+						    struct drsuapi_DsReplicaGetInfo *r,
+						    union drsuapi_DsReplicaInfo *reply,
+						    struct ldb_dn *dn,
+						    uint32_t base_index)
+{
+	WERROR status;
+	struct replPropertyMetaDataBlob omd_ctr;
+	struct replPropertyMetaData1 *attr;
+	struct drsuapi_DsReplicaObjMetaData2Ctr *metadata2;
+	const struct dsdb_schema *schema;
+
+	uint32_t i, j;
+
+	DEBUG(0, ("kccdrs_replica_get_info_obj_metadata2() called\n"));
+
+	if (!dn) {
+		return WERR_INVALID_PARAMETER;
+	}
+
+	if (!ldb_dn_validate(dn)) {
+		return WERR_DS_DRA_BAD_DN;
+	}
+
+	status = get_repl_prop_metadata_ctr(mem_ctx, samdb, dn, &omd_ctr);
+	W_ERROR_NOT_OK_RETURN(status);
+
+	schema = dsdb_get_schema(samdb, reply);
+	if (!schema) {
+		DEBUG(0,(__location__": Failed to get the schema\n"));
+		return WERR_INTERNAL_ERROR;
+	}
+
+	reply->objmetadata2 = talloc_zero(mem_ctx, struct drsuapi_DsReplicaObjMetaData2Ctr);
+	W_ERROR_HAVE_NO_MEMORY(reply->objmetadata2);
+	metadata2 = reply->objmetadata2;
+	metadata2->enumeration_context = 0;
+
+	/* For each replicated attribute of the object */
+	for (i = 0, j = 0; i < omd_ctr.ctr.ctr1.count; i++) {
+		const struct dsdb_attribute *schema_attr;
+		uint32_t attr_version;
+		NTTIME attr_change_time;
+		uint32_t attr_originating_usn = 0;
+
+		/*
+		  attr := attrsSeq[i]
+		  s := AttrStamp(object, attr)
+		*/
+		/* get a reference to the attribute on 'omd_ctr' */
+		attr = &omd_ctr.ctr.ctr1.array[j];
+
+		schema_attr = dsdb_attribute_by_attributeID_id(schema, attr->attid);
+
+		DEBUG(0, ("attribute_id = %d, attribute_name: %s\n", attr->attid, schema_attr->lDAPDisplayName));
+
+		/*
+		  if (attr in Link Attributes of object and
+		    dwInVersion = 2 and DS_REPL_INFO_FLAG_IMPROVE_LINKED_ATTRS in msgIn.ulFlags)
+		*/
+		if (schema_attr &&
+		    schema_attr->linkID != 0 && /* Checks if attribute is a linked attribute */
+		    (schema_attr->linkID % 2) == 0 && /* is it a forward link? only forward links have the LinkValueStamp */
+		    r->in.level == 2 &&
+		    (r->in.req->req2.flags & DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE)) /* on MS-DRSR it is DS_REPL_INFO_FLAG_IMPROVE_LINKED_ATTRS */
+		{
+			/*
+			  ls := LinkValueStamp of the most recent
+				value change in object!attr
+			*/
+			status = get_linked_attribute_value_stamp(mem_ctx, samdb, dn, schema_attr->lDAPDisplayName,
+								  &attr_version, &attr_change_time, &attr_originating_usn);
+			W_ERROR_NOT_OK_RETURN(status);
+
+			/*
+			 Aligning to MS-DRSR 4.1.13.3:
+			 's' on the doc is 'attr->originating_change_time' here
+			 'ls' on the doc is 'attr_change_time' here
+			*/
+
+			/* if (ls is more recent than s (based on order in which the change was applied on server)) then */
+			if (attr_change_time > attr->originating_change_time) {
+				/*
+				 Improve the stamp with the link value stamp.
+				  s.dwVersion := ls.dwVersion
+				  s.timeChanged := ls.timeChanged
+				  s.uuidOriginating := NULLGUID
+				  s.usnOriginating := ls.usnOriginating
+				*/
+				attr->version = attr_version;
+				attr->originating_change_time = attr_change_time;
+				attr->originating_invocation_id = GUID_zero();
+				attr->originating_usn = attr_originating_usn;
+			}
+		}
+
+		if (i < base_index) {
+			continue;
+		}
+
+		metadata2->array = talloc_realloc(mem_ctx, metadata2->array,
+						  struct drsuapi_DsReplicaObjMetaData2, j + 1);
+		W_ERROR_HAVE_NO_MEMORY(metadata2->array);
+		metadata2->array[j].attribute_name = schema_attr->lDAPDisplayName;
+		metadata2->array[j].local_usn = attr->local_usn;
+		metadata2->array[j].originating_change_time = attr->originating_change_time;
+		metadata2->array[j].originating_invocation_id = attr->originating_invocation_id;
+		metadata2->array[j].originating_usn = attr->originating_usn;
+		metadata2->array[j].version = attr->version;
+
+		/*
+		  originating_dsa_dn := GetDNFromInvocationID(originating_invocation_id)
+		  GetDNFromInvocationID() should return the DN of the nTDSDSAobject that has the specified invocation ID
+		  See MS-DRSR 4.1.13.3 and 4.1.13.2.1
+		*/
+		status = get_dn_from_invocation_id(mem_ctx, samdb,
+						   &attr->originating_invocation_id,
+						   &metadata2->array[j].originating_dsa_dn);
+		W_ERROR_NOT_OK_RETURN(status);
+		j++;
+		metadata2->count = j;
+
+	}
+
+	return WERR_OK;
+}
+
+/*
+  get cursors info for a specified DN
+*/
+static WERROR kccdrs_replica_get_info_cursors(TALLOC_CTX *mem_ctx,
+					      struct ldb_context *samdb,
+					      struct drsuapi_DsReplicaGetInfo *r,
+					      union drsuapi_DsReplicaInfo *reply,
+					      struct ldb_dn *dn)
+{
+	int ret;
+
+	if (!ldb_dn_validate(dn)) {
+		return WERR_INVALID_PARAMETER;
+	}
+	reply->cursors = talloc(mem_ctx, struct drsuapi_DsReplicaCursorCtr);
+	W_ERROR_HAVE_NO_MEMORY(reply->cursors);
+
+	reply->cursors->reserved = 0;
+
+	ret = dsdb_load_udv_v1(samdb, dn, reply->cursors, &reply->cursors->array, &reply->cursors->count);
+	if (ret != LDB_SUCCESS) {
+		return WERR_DS_DRA_BAD_NC;
+	}
+	return WERR_OK;
+}
+
+/*
+  get cursors2 info for a specified DN
+*/
+static WERROR kccdrs_replica_get_info_cursors2(TALLOC_CTX *mem_ctx,
+					       struct ldb_context *samdb,
+					       struct drsuapi_DsReplicaGetInfo *r,
+					       union drsuapi_DsReplicaInfo *reply,
+					       struct ldb_dn *dn)
+{
+	int ret;
+
+	if (!ldb_dn_validate(dn)) {
+		return WERR_INVALID_PARAMETER;
+	}
+	reply->cursors2 = talloc(mem_ctx, struct drsuapi_DsReplicaCursor2Ctr);
+	W_ERROR_HAVE_NO_MEMORY(reply->cursors2);
+
+	ret = dsdb_load_udv_v2(samdb, dn, reply->cursors2, &reply->cursors2->array, &reply->cursors2->count);
+	if (ret != LDB_SUCCESS) {
+		return WERR_DS_DRA_BAD_NC;
+	}
+
+	reply->cursors2->enumeration_context = reply->cursors2->count;
+	return WERR_OK;
+}
+
+/*
+  get pending ops info for a specified DN
+*/
+static WERROR kccdrs_replica_get_info_pending_ops(TALLOC_CTX *mem_ctx,
+						  struct ldb_context *samdb,
+						  struct drsuapi_DsReplicaGetInfo *r,
+						  union drsuapi_DsReplicaInfo *reply,
+						  struct ldb_dn *dn)
+{
+	struct timeval now = timeval_current();
+
+	if (!ldb_dn_validate(dn)) {
+		return WERR_INVALID_PARAMETER;
+	}
+	reply->pendingops = talloc(mem_ctx, struct drsuapi_DsReplicaOpCtr);
+	W_ERROR_HAVE_NO_MEMORY(reply->pendingops);
+
+	/* claim no pending ops for now */
+	reply->pendingops->time = timeval_to_nttime(&now);
+	reply->pendingops->count = 0;
+	reply->pendingops->array = NULL;
+
+	return WERR_OK;
+}
+
+struct ncList {
+	struct ldb_dn *dn;
+	struct ncList *prev, *next;
+};
+
+/*
+  Fill 'master_nc_list' with the master ncs hosted by this server
+*/
+static WERROR get_master_ncs(TALLOC_CTX *mem_ctx, struct ldb_context *samdb,
+			     const char *ntds_guid_str, struct ncList **master_nc_list)
+{
+	const char *post_2003_attrs[] = { "msDS-hasMasterNCs", "hasPartialReplicaNCs", NULL };
+	const char *pre_2003_attrs[] = { "hasMasterNCs", "hasPartialReplicaNCs", NULL };
+	const char **attrs = post_2003_attrs;
+	struct ldb_result *res;
+	struct ncList *nc_list = NULL;
+	struct ncList *nc_list_elem;
+	int ret;
+	unsigned int i;
+	char *nc_str;
+
+	/* In W2003 and greater, msDS-hasMasterNCs attribute lists the writable NC replicas */
+	ret = ldb_search(samdb, mem_ctx, &res, ldb_get_config_basedn(samdb),
+			LDB_SCOPE_DEFAULT, post_2003_attrs, "(objectguid=%s)", ntds_guid_str);
+
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,(__location__ ": Failed objectguid search - %s\n", ldb_errstring(samdb)));
+
+		attrs = post_2003_attrs;
+		ret = ldb_search(samdb, mem_ctx, &res, ldb_get_config_basedn(samdb),
+			LDB_SCOPE_DEFAULT, pre_2003_attrs, "(objectguid=%s)", ntds_guid_str);
+	}
+
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,(__location__ ": Failed objectguid search - %s\n", ldb_errstring(samdb)));
+		return WERR_INTERNAL_ERROR;
+	}
+
+	if (res->count == 0) {
+		DEBUG(0,(__location__ ": Failed: objectguid=%s not found\n", ntds_guid_str));
+		return WERR_INTERNAL_ERROR;
+	}
+
+	for (i = 0; i < res->count; i++) {
+		struct ldb_message_element *msg_elem;
+		unsigned int k, a;
+
+		for (a=0; attrs[a]; a++) {
+			msg_elem = ldb_msg_find_element(res->msgs[i], attrs[a]);
+			if (!msg_elem || msg_elem->num_values == 0) {
+				continue;
+			}
+
+			for (k = 0; k < msg_elem->num_values; k++) {
+				/* copy the string on msg_elem->values[k]->data to nc_str */
+				nc_str = talloc_strndup(mem_ctx, (char *)msg_elem->values[k].data, msg_elem->values[k].length);
+				W_ERROR_HAVE_NO_MEMORY(nc_str);
+
+				nc_list_elem = talloc_zero(mem_ctx, struct ncList);
+				W_ERROR_HAVE_NO_MEMORY(nc_list_elem);
+				nc_list_elem->dn = ldb_dn_new(mem_ctx, samdb, nc_str);
+				W_ERROR_HAVE_NO_MEMORY(nc_list_elem);
+				DLIST_ADD(nc_list, nc_list_elem);
+			}
+		}
+	}
+
+	*master_nc_list = nc_list;
+	return WERR_OK;
+}
+
+/*
+  Fill 'nc_list' with the ncs list. (MS-DRSR 4.1.13.3)
+  if the object dn is specified, fill 'nc_list' only with this dn
+  otherwise, fill 'nc_list' with all master ncs hosted by this server
+*/
+static WERROR get_ncs_list(TALLOC_CTX *mem_ctx,
+		struct ldb_context *samdb,
+		struct kccsrv_service *service,
+		const char *object_dn_str,
+		struct ncList **nc_list)
+{
+	WERROR status;
+	struct ncList *nc_list_elem;
+	struct ldb_dn *nc_dn;
+
+	if (object_dn_str != NULL) {
+		/* ncs := { object_dn } */
+		*nc_list = NULL;
+		nc_dn = ldb_dn_new(mem_ctx, samdb, object_dn_str);
+		nc_list_elem = talloc_zero(mem_ctx, struct ncList);
+		W_ERROR_HAVE_NO_MEMORY(nc_list_elem);
+		nc_list_elem->dn = nc_dn;
+		DLIST_ADD_END(*nc_list, nc_list_elem);
+	} else {
+		/* ncs := getNCs() from ldb database.
+		 * getNCs() must return an array containing
+		 * the DSNames of all NCs hosted by this
+		 * server.
+		 */
+		char *ntds_guid_str = GUID_string(mem_ctx, &service->ntds_guid);
+		W_ERROR_HAVE_NO_MEMORY(ntds_guid_str);
+		status = get_master_ncs(mem_ctx, samdb, ntds_guid_str, nc_list);
+		W_ERROR_NOT_OK_RETURN(status);
+	}
+
+	return WERR_OK;
+}
+
+/*
+  Copy the fields from 'reps1' to 'reps2', leaving zeroed the fields on
+  'reps2' that aren't available on 'reps1'.
+*/
+static WERROR copy_repsfrom_1_to_2(TALLOC_CTX *mem_ctx,
+				 struct repsFromTo2 **reps2,
+				 struct repsFromTo1 *reps1)
+{
+	struct repsFromTo2* reps;
+
+	reps = talloc_zero(mem_ctx, struct repsFromTo2);
+	W_ERROR_HAVE_NO_MEMORY(reps);
+
+	reps->blobsize = reps1->blobsize;
+	reps->consecutive_sync_failures = reps1->consecutive_sync_failures;
+	reps->last_attempt = reps1->last_attempt;
+	reps->last_success = reps1->last_success;
+	reps->result_last_attempt = reps1->result_last_attempt;
+	reps->other_info = talloc_zero(mem_ctx, struct repsFromTo2OtherInfo);
+	W_ERROR_HAVE_NO_MEMORY(reps->other_info);
+	reps->other_info->dns_name1 = reps1->other_info->dns_name;
+	reps->replica_flags = reps1->replica_flags;
+	memcpy(reps->schedule, reps1->schedule, sizeof(reps1->schedule));
+	reps->reserved = reps1->reserved;
+	reps->highwatermark = reps1->highwatermark;
+	reps->source_dsa_obj_guid = reps1->source_dsa_obj_guid;
+	reps->source_dsa_invocation_id = reps1->source_dsa_invocation_id;
+	reps->transport_guid = reps1->transport_guid;
+
+	*reps2 = reps;
+	return WERR_OK;
+}
+
+static WERROR fill_neighbor_from_repsFrom(TALLOC_CTX *mem_ctx,
+					  struct ldb_context *samdb,
+					  struct ldb_dn *nc_dn,
+					  struct drsuapi_DsReplicaNeighbour *neigh,
+					  struct repsFromTo2 *reps_from)
+{
+	struct ldb_dn *source_dsa_dn;
+	int ret;
+	struct ldb_dn *transport_obj_dn = NULL;
+
+	neigh->source_dsa_address = reps_from->other_info->dns_name1;
+	neigh->replica_flags = reps_from->replica_flags;
+	neigh->last_attempt = reps_from->last_attempt;
+	neigh->source_dsa_obj_guid = reps_from->source_dsa_obj_guid;
+
+	ret = dsdb_find_dn_by_guid(samdb, mem_ctx, &reps_from->source_dsa_obj_guid,
+				   DSDB_SEARCH_SHOW_RECYCLED,
+				   &source_dsa_dn);
+
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,(__location__ ": Failed to find DN for neighbor GUID %s\n",
+			 GUID_string(mem_ctx, &reps_from->source_dsa_obj_guid)));
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	neigh->source_dsa_obj_dn = ldb_dn_get_linearized(source_dsa_dn);
+	neigh->naming_context_dn = ldb_dn_get_linearized(nc_dn);
+
+	if (dsdb_find_guid_by_dn(samdb, nc_dn,
+				 &neigh->naming_context_obj_guid)
+			!= LDB_SUCCESS) {
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	if (!GUID_all_zero(&reps_from->transport_guid)) {
+		ret = dsdb_find_dn_by_guid(samdb, mem_ctx, &reps_from->transport_guid,
+					   DSDB_SEARCH_SHOW_RECYCLED,
+					   &transport_obj_dn);
+		if (ret != LDB_SUCCESS) {
+			return WERR_DS_DRA_INTERNAL_ERROR;
+		}
+	}
+
+	neigh->transport_obj_dn = ldb_dn_get_linearized(transport_obj_dn);
+	neigh->source_dsa_invocation_id = reps_from->source_dsa_invocation_id;
+	neigh->transport_obj_guid = reps_from->transport_guid;
+	neigh->highest_usn = reps_from->highwatermark.highest_usn;
+	neigh->tmp_highest_usn = reps_from->highwatermark.tmp_highest_usn;
+	neigh->last_success = reps_from->last_success;
+	neigh->result_last_attempt = reps_from->result_last_attempt;
+	neigh->consecutive_sync_failures = reps_from->consecutive_sync_failures;
+	neigh->reserved = 0; /* Unused. MUST be 0. */
+
+	return WERR_OK;
+}
+
+/*
+  Get the inbound neighbours of this DC
+  See details on MS-DRSR 4.1.13.3, for infoType DS_REPL_INFO_NEIGHBORS
+*/
+static WERROR kccdrs_replica_get_info_neighbours(TALLOC_CTX *mem_ctx,
+						 struct kccsrv_service *service,
+						 struct ldb_context *samdb,
+						 struct drsuapi_DsReplicaGetInfo *r,
+						 union drsuapi_DsReplicaInfo *reply,
+						 uint32_t base_index,
+						 struct GUID req_src_dsa_guid,
+						 const char *object_dn_str)
+{
+	WERROR status;
+	uint32_t i, j;
+	struct ldb_dn *nc_dn = NULL;
+	struct ncList *p_nc_list = NULL;
+	struct repsFromToBlob *reps_from_blob = NULL;
+	struct repsFromTo2 *reps_from = NULL;
+	uint32_t c_reps_from;
+	uint32_t i_rep;
+	struct ncList *nc_list = NULL;
+
+	status = get_ncs_list(mem_ctx, samdb, service, object_dn_str, &nc_list);
+	W_ERROR_NOT_OK_RETURN(status);
+
+	i = j = 0;
+
+	reply->neighbours = talloc_zero(mem_ctx, struct drsuapi_DsReplicaNeighbourCtr);
+	W_ERROR_HAVE_NO_MEMORY(reply->neighbours);
+	reply->neighbours->reserved = 0;
+	reply->neighbours->count = 0;
+
+	/* foreach nc in ncs */
+	for (p_nc_list = nc_list; p_nc_list != NULL; p_nc_list = p_nc_list->next) {
+
+		nc_dn = p_nc_list->dn;
+
+		/* load the nc's repsFromTo blob */
+		status = dsdb_loadreps(samdb, mem_ctx, nc_dn, "repsFrom",
+				&reps_from_blob, &c_reps_from);
+		W_ERROR_NOT_OK_RETURN(status);
+
+		/* foreach r in nc!repsFrom */
+		for (i_rep = 0; i_rep < c_reps_from; i_rep++) {
+
+			/* put all info on reps_from */
+			if (reps_from_blob[i_rep].version == 1) {
+				status = copy_repsfrom_1_to_2(mem_ctx, &reps_from,
+							      &reps_from_blob[i_rep].ctr.ctr1);
+				W_ERROR_NOT_OK_RETURN(status);
+			} else { /* reps_from->version == 2 */
+				reps_from = &reps_from_blob[i_rep].ctr.ctr2;
+			}
+
+			if (GUID_all_zero(&req_src_dsa_guid) ||
+			    GUID_equal(&req_src_dsa_guid,
+				       &reps_from->source_dsa_obj_guid)) {
+
+				if (i >= base_index) {
+					struct drsuapi_DsReplicaNeighbour neigh;
+					ZERO_STRUCT(neigh);
+					status = fill_neighbor_from_repsFrom(mem_ctx, samdb,
+									     nc_dn, &neigh,
+									     reps_from);
+					W_ERROR_NOT_OK_RETURN(status);
+
+					/* append the neighbour to the neighbours array */
+					reply->neighbours->array = talloc_realloc(mem_ctx,
+										  reply->neighbours->array,
+										  struct drsuapi_DsReplicaNeighbour,
+										  reply->neighbours->count + 1);
+					reply->neighbours->array[reply->neighbours->count] = neigh;
+					reply->neighbours->count++;
+					j++;
+				}
+
+				i++;
+			}
+		}
+	}
+
+	return WERR_OK;
+}
+
+static WERROR fill_neighbor_from_repsTo(TALLOC_CTX *mem_ctx,
+					struct ldb_context *samdb, struct ldb_dn *nc_dn,
+					struct drsuapi_DsReplicaNeighbour *neigh,
+					struct repsFromTo2 *reps_to)
+{
+	int ret;
+	struct ldb_dn *source_dsa_dn;
+
+	neigh->source_dsa_address = reps_to->other_info->dns_name1;
+	neigh->replica_flags = reps_to->replica_flags;
+	neigh->last_attempt = reps_to->last_attempt;
+	neigh->source_dsa_obj_guid = reps_to->source_dsa_obj_guid;
+
+	ret = dsdb_find_dn_by_guid(samdb, mem_ctx,
+				   &reps_to->source_dsa_obj_guid,
+				   DSDB_SEARCH_SHOW_RECYCLED,
+				   &source_dsa_dn);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,(__location__ ": Failed to find DN for neighbor GUID %s\n",
+			 GUID_string(mem_ctx, &reps_to->source_dsa_obj_guid)));
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	neigh->source_dsa_obj_dn = ldb_dn_get_linearized(source_dsa_dn);
+	neigh->naming_context_dn = ldb_dn_get_linearized(nc_dn);
+
+	ret = dsdb_find_guid_by_dn(samdb, nc_dn,
+			&neigh->naming_context_obj_guid);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,(__location__ ": Failed to find GUID for DN %s\n",
+			 ldb_dn_get_linearized(nc_dn)));
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	neigh->last_success = reps_to->last_success;
+	neigh->result_last_attempt = reps_to->result_last_attempt;
+	neigh->consecutive_sync_failures = reps_to->consecutive_sync_failures;
+	return WERR_OK;
+}
+
+/*
+  Get the outbound neighbours of this DC
+  See details on MS-DRSR 4.1.13.3, for infoType DS_REPL_INFO_REPSTO
+*/
+static WERROR kccdrs_replica_get_info_repsto(TALLOC_CTX *mem_ctx,
+					     struct kccsrv_service *service,
+					     struct ldb_context *samdb,
+					     struct drsuapi_DsReplicaGetInfo *r,
+					     union drsuapi_DsReplicaInfo *reply,
+					     uint32_t base_index,
+					     struct GUID req_src_dsa_guid,
+					     const char *object_dn_str)
+{
+	WERROR status;
+	uint32_t i, j;
+	struct ncList *p_nc_list = NULL;
+	struct ldb_dn *nc_dn = NULL;
+	struct repsFromToBlob *reps_to_blob;
+	struct repsFromTo2 *reps_to;
+	uint32_t c_reps_to;
+	uint32_t i_rep;
+	struct ncList *nc_list = NULL;
+
+	status = get_ncs_list(mem_ctx, samdb, service, object_dn_str, &nc_list);
+	W_ERROR_NOT_OK_RETURN(status);
+
+	i = j = 0;
+
+	reply->repsto = talloc_zero(mem_ctx, struct drsuapi_DsReplicaNeighbourCtr);
+	W_ERROR_HAVE_NO_MEMORY(reply->repsto);
+	reply->repsto->reserved = 0;
+	reply->repsto->count = 0;
+
+	/* foreach nc in ncs */
+	for (p_nc_list = nc_list; p_nc_list != NULL; p_nc_list = p_nc_list->next) {
+
+		nc_dn = p_nc_list->dn;
+
+		status = dsdb_loadreps(samdb, mem_ctx, nc_dn, "repsTo",
+				&reps_to_blob, &c_reps_to);
+		W_ERROR_NOT_OK_RETURN(status);
+
+		/* foreach r in nc!repsTo */
+		for (i_rep = 0; i_rep < c_reps_to; i_rep++) {
+			struct drsuapi_DsReplicaNeighbour neigh;
+			ZERO_STRUCT(neigh);
+
+			/* put all info on reps_to */
+			if (reps_to_blob[i_rep].version == 1) {
+				status = copy_repsfrom_1_to_2(mem_ctx,
+							      &reps_to,
+							      &reps_to_blob[i_rep].ctr.ctr1);
+				W_ERROR_NOT_OK_RETURN(status);
+			} else { /* reps_to->version == 2 */
+				reps_to = &reps_to_blob[i_rep].ctr.ctr2;
+			}
+
+			if (i >= base_index) {
+				status = fill_neighbor_from_repsTo(mem_ctx,
+								   samdb, nc_dn,
+								   &neigh, reps_to);
+				W_ERROR_NOT_OK_RETURN(status);
+
+				/* append the neighbour to the neighbours array */
+				reply->repsto->array = talloc_realloc(mem_ctx,
+									    reply->repsto->array,
+									    struct drsuapi_DsReplicaNeighbour,
+									    reply->repsto->count + 1);
+				reply->repsto->array[reply->repsto->count++] = neigh;
+				j++;
+			}
+			i++;
+		}
+	}
+
+	return WERR_OK;
+}
+
+NTSTATUS kccdrs_replica_get_info(struct irpc_message *msg,
+				 struct drsuapi_DsReplicaGetInfo *req)
+{
+	WERROR status;
+	struct drsuapi_DsReplicaGetInfoRequest1 *req1;
+	struct drsuapi_DsReplicaGetInfoRequest2 *req2;
+	uint32_t base_index;
+	union drsuapi_DsReplicaInfo *reply;
+	struct GUID req_src_dsa_guid;
+	const char *object_dn_str = NULL;
+	struct kccsrv_service *service;
+	struct ldb_context *samdb;
+	TALLOC_CTX *mem_ctx;
+	enum drsuapi_DsReplicaInfoType info_type;
+
+	service = talloc_get_type(msg->private_data, struct kccsrv_service);
+	samdb = service->samdb;
+	mem_ctx = talloc_new(msg);
+	NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
+
+#if 0
+	NDR_PRINT_IN_DEBUG(drsuapi_DsReplicaGetInfo, req);
+#endif
+
+	/* check request version */
+	if (req->in.level != DRSUAPI_DS_REPLICA_GET_INFO &&
+	    req->in.level != DRSUAPI_DS_REPLICA_GET_INFO2)
+	{
+		DEBUG(1,(__location__ ": Unsupported DsReplicaGetInfo level %u\n",
+			 req->in.level));
+		status = WERR_REVISION_MISMATCH;
+		goto done;
+	}
+
+	if (req->in.level == DRSUAPI_DS_REPLICA_GET_INFO) {
+		req1 = &req->in.req->req1;
+		base_index = 0;
+		info_type = req1->info_type;
+		object_dn_str = req1->object_dn;
+		req_src_dsa_guid = req1->source_dsa_guid;
+	} else { /* r->in.level == DRSUAPI_DS_REPLICA_GET_INFO2 */
+		req2 = &req->in.req->req2;
+		if (req2->enumeration_context == 0xffffffff) {
+			/* no more data is available */
+			status = WERR_NO_MORE_ITEMS; /* on MS-DRSR it is ERROR_NO_MORE_ITEMS */
+			goto done;
+		}
+
+		base_index = req2->enumeration_context;
+		info_type = req2->info_type;
+		object_dn_str = req2->object_dn;
+		req_src_dsa_guid = req2->source_dsa_guid;
+	}
+
+	reply = req->out.info;
+	*req->out.info_type = info_type;
+
+	/* Based on the infoType requested, retrieve the corresponding
+	 * information and construct the response message */
+	switch (info_type) {
+
+	case DRSUAPI_DS_REPLICA_INFO_NEIGHBORS:
+		status = kccdrs_replica_get_info_neighbours(mem_ctx, service, samdb, req,
+							    reply, base_index, req_src_dsa_guid,
+							    object_dn_str);
+		break;
+	case DRSUAPI_DS_REPLICA_INFO_REPSTO:
+		status = kccdrs_replica_get_info_repsto(mem_ctx, service, samdb, req,
+							reply, base_index, req_src_dsa_guid,
+							object_dn_str);
+		break;
+	case DRSUAPI_DS_REPLICA_INFO_CURSORS: /* On MS-DRSR it is DS_REPL_INFO_CURSORS_FOR_NC */
+		status = kccdrs_replica_get_info_cursors(mem_ctx, samdb, req, reply,
+							 ldb_dn_new(mem_ctx, samdb, object_dn_str));
+		break;
+	case DRSUAPI_DS_REPLICA_INFO_CURSORS2: /* On MS-DRSR it is DS_REPL_INFO_CURSORS_2_FOR_NC */
+		status = kccdrs_replica_get_info_cursors2(mem_ctx, samdb, req, reply,
+							  ldb_dn_new(mem_ctx, samdb, object_dn_str));
+		break;
+	case DRSUAPI_DS_REPLICA_INFO_PENDING_OPS:
+		status = kccdrs_replica_get_info_pending_ops(mem_ctx, samdb, req, reply,
+							     ldb_dn_new(mem_ctx, samdb, object_dn_str));
+		break;
+	case DRSUAPI_DS_REPLICA_INFO_CURSORS3: /* On MS-DRSR it is DS_REPL_INFO_CURSORS_3_FOR_NC */
+		status = WERR_NOT_SUPPORTED;
+		break;
+	case DRSUAPI_DS_REPLICA_INFO_UPTODATE_VECTOR_V1: /* On MS-DRSR it is DS_REPL_INFO_UPTODATE_VECTOR_V1 */
+		status = WERR_NOT_SUPPORTED;
+		break;
+	case DRSUAPI_DS_REPLICA_INFO_OBJ_METADATA: /* On MS-DRSR it is DS_REPL_INFO_METADATA_FOR_OBJ */
+		/*
+		 * It should be too complicated to filter the metadata2 to remove the additional data
+		 * as metadata2 is a superset of metadata
+		 */
+		status = WERR_NOT_SUPPORTED;
+		break;
+	case DRSUAPI_DS_REPLICA_INFO_OBJ_METADATA2: /* On MS-DRSR it is DS_REPL_INFO_METADATA_FOR_OBJ */
+		status = kccdrs_replica_get_info_obj_metadata2(mem_ctx, samdb, req, reply,
+							       ldb_dn_new(mem_ctx, samdb, object_dn_str), base_index);
+		break;
+	case DRSUAPI_DS_REPLICA_INFO_ATTRIBUTE_VALUE_METADATA: /* On MS-DRSR it is DS_REPL_INFO_METADATA_FOR_ATTR_VALUE */
+		status = WERR_NOT_SUPPORTED;
+		break;
+	case DRSUAPI_DS_REPLICA_INFO_ATTRIBUTE_VALUE_METADATA2: /* On MS-DRSR it is DS_REPL_INFO_METADATA_2_FOR_ATTR_VALUE */
+		status = WERR_NOT_SUPPORTED;
+		break;
+	case DRSUAPI_DS_REPLICA_INFO_KCC_DSA_CONNECT_FAILURES: /* On MS-DRSR it is DS_REPL_INFO_KCC_DSA_CONNECT_FAILURES */
+		status = WERR_NOT_SUPPORTED;
+		break;
+	case DRSUAPI_DS_REPLICA_INFO_KCC_DSA_LINK_FAILURES: /* On MS-DRSR it is DS_REPL_INFO_KCC_LINK_FAILURES */
+		status = WERR_NOT_SUPPORTED;
+		break;
+	case DRSUAPI_DS_REPLICA_INFO_CLIENT_CONTEXTS: /* On MS-DRSR it is DS_REPL_INFO_CLIENT_CONTEXTS */
+		status = WERR_NOT_SUPPORTED;
+		break;
+	case DRSUAPI_DS_REPLICA_INFO_SERVER_OUTGOING_CALLS: /* On MS-DRSR it is DS_REPL_INFO_SERVER_OUTGOING_CALLS */
+		status = WERR_NOT_SUPPORTED;
+		break;
+	default:
+		DEBUG(1,(__location__ ": Unsupported DsReplicaGetInfo info_type %u\n",
+			 info_type));
+		status = WERR_INVALID_LEVEL;
+		break;
+	}
+
+done:
+	/* put the status on the result field of the reply */
+	req->out.result = status;
+#if 0
+	NDR_PRINT_OUT_DEBUG(drsuapi_DsReplicaGetInfo, req);
+#endif
+	return NT_STATUS_OK;
+}
diff --git a/source4/dsdb/kcc/kcc_periodic.c b/source4/dsdb/kcc/kcc_periodic.c
new file mode 100644
index 0000000..7f0a532
--- /dev/null
+++ b/source4/dsdb/kcc/kcc_periodic.c
@@ -0,0 +1,825 @@
+/* 
+   Unix SMB/CIFS Implementation.
+   KCC service periodic handling
+   
+   Copyright (C) Andrew Tridgell 2009
+   based on repl service code
+    
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+   
+*/
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include "dsdb/samdb/samdb.h"
+#include "auth/auth.h"
+#include "samba/service.h"
+#include "lib/messaging/irpc.h"
+#include "dsdb/kcc/kcc_connection.h"
+#include "dsdb/kcc/kcc_service.h"
+#include <ldb_errors.h>
+#include "../lib/util/dlinklist.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "librpc/gen_ndr/ndr_irpc_c.h"
+#include "param/param.h"
+#include "dsdb/common/util.h"
+
+/*
+ * see if two repsFromToBlob blobs are for the same source DSA
+ */
+static bool kccsrv_same_source_dsa(struct repsFromToBlob *r1, struct repsFromToBlob *r2)
+{
+	return GUID_equal(&r1->ctr.ctr1.source_dsa_obj_guid,
+			  &r2->ctr.ctr1.source_dsa_obj_guid);
+}
+
+/*
+ * see if a repsFromToBlob is in a list
+ */
+static bool reps_in_list(struct repsFromToBlob *r, struct repsFromToBlob *reps, uint32_t count)
+{
+	uint32_t i;
+	for (i=0; i<count; i++) {
+		if (kccsrv_same_source_dsa(r, &reps[i])) {
+			return true;
+		}
+	}
+	return false;
+}
+
+/*
+  make sure we only add repsFrom entries for DCs who are masters for
+  the partition
+ */
+static bool check_MasterNC(struct kccsrv_service *service, struct dsdb_ldb_dn_list_node *p, struct repsFromToBlob *r,
+			   struct ldb_result *res)
+{
+	struct repsFromTo1 *r1 = &r->ctr.ctr1;
+	struct GUID invocation_id = r1->source_dsa_invocation_id;
+	unsigned int i, j;
+	TALLOC_CTX *tmp_ctx;
+
+	/* we are expecting only version 1 */
+	SMB_ASSERT(r->version == 1);
+
+	tmp_ctx = talloc_new(p);
+	if (!tmp_ctx) {
+		return false;
+	}
+
+	for (i=0; i<res->count; i++) {
+		struct ldb_message *msg = res->msgs[i];
+		struct ldb_message_element *el;
+		struct ldb_dn *dn;
+
+		struct GUID id2 = samdb_result_guid(msg, "invocationID");
+		if (GUID_all_zero(&id2) ||
+		    !GUID_equal(&invocation_id, &id2)) {
+			continue;
+		}
+
+		el = ldb_msg_find_element(msg, "msDS-hasMasterNCs");
+		if (!el || el->num_values == 0) {
+			el = ldb_msg_find_element(msg, "hasMasterNCs");
+			if (!el || el->num_values == 0) {
+				continue;
+			}
+		}
+		for (j=0; j<el->num_values; j++) {
+			dn = ldb_dn_from_ldb_val(tmp_ctx, service->samdb, &el->values[j]);
+			if (!ldb_dn_validate(dn)) {
+				talloc_free(dn);
+				continue;
+			}
+			if (ldb_dn_compare(dn, p->dn) == 0) {
+				DEBUG(5,("%s %s match on %s in %s\n",
+					 r1->other_info->dns_name,
+					 el->name,
+					 ldb_dn_get_linearized(dn),
+					 ldb_dn_get_linearized(msg->dn)));
+				talloc_free(tmp_ctx);
+				return true;
+			}
+			talloc_free(dn);
+		}
+	}
+	talloc_free(tmp_ctx);
+	return false;
+}
+
+struct kccsrv_notify_drepl_server_state {
+	struct dreplsrv_refresh r;
+};
+
+static void kccsrv_notify_drepl_server_done(struct tevent_req *subreq);
+
+/**
+ * Force dreplsrv to update its state as topology is changed
+ */
+static void kccsrv_notify_drepl_server(struct kccsrv_service *s,
+				       TALLOC_CTX *mem_ctx)
+{
+	struct kccsrv_notify_drepl_server_state *state;
+	struct dcerpc_binding_handle *irpc_handle;
+	struct tevent_req *subreq;
+
+	state = talloc_zero(s, struct kccsrv_notify_drepl_server_state);
+	if (state == NULL) {
+		return;
+	}
+
+	irpc_handle = irpc_binding_handle_by_name(state, s->task->msg_ctx,
+						  "dreplsrv", &ndr_table_irpc);
+	if (irpc_handle == NULL) {
+		/* dreplsrv is not running yet */
+		TALLOC_FREE(state);
+		return;
+	}
+
+	subreq = dcerpc_dreplsrv_refresh_r_send(state, s->task->event_ctx,
+						irpc_handle, &state->r);
+	if (subreq == NULL) {
+		TALLOC_FREE(state);
+		return;
+	}
+	tevent_req_set_callback(subreq, kccsrv_notify_drepl_server_done, state);
+}
+
+static void kccsrv_notify_drepl_server_done(struct tevent_req *subreq)
+{
+	struct kccsrv_notify_drepl_server_state *state =
+		tevent_req_callback_data(subreq,
+		struct kccsrv_notify_drepl_server_state);
+
+	dcerpc_dreplsrv_refresh_r_recv(subreq, state);
+	TALLOC_FREE(subreq);
+
+	/* we don't care about errors */
+	TALLOC_FREE(state);
+}
+
+uint32_t kccsrv_replica_flags(struct kccsrv_service *s)
+{
+	if (s->am_rodc) {
+		return DRSUAPI_DRS_INIT_SYNC |
+			DRSUAPI_DRS_PER_SYNC |
+			DRSUAPI_DRS_ADD_REF |
+			DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING |
+			DRSUAPI_DRS_NONGC_RO_REP;
+	}
+	return DRSUAPI_DRS_INIT_SYNC |
+		DRSUAPI_DRS_PER_SYNC |
+		DRSUAPI_DRS_ADD_REF |
+		DRSUAPI_DRS_WRIT_REP;
+}
+
+/*
+ * add any missing repsFrom structures to our partitions
+ */
+NTSTATUS kccsrv_add_repsFrom(struct kccsrv_service *s, TALLOC_CTX *mem_ctx,
+			    struct repsFromToBlob *reps, uint32_t count,
+			    struct ldb_result *res)
+{
+	struct dsdb_ldb_dn_list_node *p;
+	bool notify_dreplsrv = false;
+	uint32_t replica_flags = kccsrv_replica_flags(s);
+
+	/* update the repsFrom on all partitions */
+	for (p=s->partitions; p; p=p->next) {
+		struct repsFromToBlob *our_reps;
+		uint32_t our_count;
+		WERROR werr;
+		uint32_t i, j;
+		bool modified = false;
+
+		werr = dsdb_loadreps(s->samdb, mem_ctx, p->dn, "repsFrom", &our_reps, &our_count);
+		if (!W_ERROR_IS_OK(werr)) {
+			DEBUG(0,(__location__ ": Failed to load repsFrom from %s - %s\n", 
+				 ldb_dn_get_linearized(p->dn), ldb_errstring(s->samdb)));
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+
+		/* see if the entry already exists */
+		for (i=0; i<count; i++) {
+			for (j=0; j<our_count; j++) {
+				if (kccsrv_same_source_dsa(&reps[i], &our_reps[j])) {
+					/* we already have this one -
+					   check the replica_flags are right */
+					if (replica_flags != our_reps[j].ctr.ctr1.replica_flags) {
+						/* we need to update the old one with
+						 * the new flags
+						 */
+						our_reps[j].ctr.ctr1.replica_flags = replica_flags;
+						modified = true;
+					}
+					break;
+				}
+			}
+			if (j == our_count) {
+				/* we don't have the new one - add it
+				 * if it is a master
+				 */
+				if (res && !check_MasterNC(s, p, &reps[i], res)) {
+					/* its not a master, we don't
+					   want to pull from it */
+					continue;
+				}
+				/* we need to add it to our repsFrom */
+				our_reps = talloc_realloc(mem_ctx, our_reps, struct repsFromToBlob, our_count+1);
+				NT_STATUS_HAVE_NO_MEMORY(our_reps);
+				our_reps[our_count] = reps[i];
+				our_reps[our_count].ctr.ctr1.replica_flags = replica_flags;
+				our_count++;
+				modified = true;
+				DEBUG(4,(__location__ ": Added repsFrom for %s\n",
+					 reps[i].ctr.ctr1.other_info->dns_name));
+			}
+		}
+
+		/* remove any stale ones */
+		for (i=0; i<our_count; i++) {
+			if (!reps_in_list(&our_reps[i], reps, count) ||
+			    (res && !check_MasterNC(s, p, &our_reps[i], res))) {
+				DEBUG(4,(__location__ ": Removed repsFrom for %s\n",
+					 our_reps[i].ctr.ctr1.other_info->dns_name));
+				memmove(&our_reps[i], &our_reps[i+1], (our_count-(i+1))*sizeof(our_reps[0]));
+				our_count--;
+				i--;
+				modified = true;
+			}
+		}
+
+		if (modified) {
+			werr = dsdb_savereps(s->samdb, mem_ctx, p->dn, "repsFrom", our_reps, our_count);
+			if (!W_ERROR_IS_OK(werr)) {
+				DEBUG(0,(__location__ ": Failed to save repsFrom to %s - %s\n", 
+					 ldb_dn_get_linearized(p->dn), ldb_errstring(s->samdb)));
+				return NT_STATUS_INTERNAL_DB_CORRUPTION;
+			}
+			/* dreplsrv should refresh its state */
+			notify_dreplsrv = true;
+		}
+
+		/* remove stale repsTo entries */
+		modified = false;
+		werr = dsdb_loadreps(s->samdb, mem_ctx, p->dn, "repsTo", &our_reps, &our_count);
+		if (!W_ERROR_IS_OK(werr)) {
+			DEBUG(0,(__location__ ": Failed to load repsTo from %s - %s\n", 
+				 ldb_dn_get_linearized(p->dn), ldb_errstring(s->samdb)));
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+
+		/* remove any stale ones */
+		for (i=0; i<our_count; i++) {
+			if (!reps_in_list(&our_reps[i], reps, count)) {
+				DEBUG(4,(__location__ ": Removed repsTo for %s\n",
+					 our_reps[i].ctr.ctr1.other_info->dns_name));
+				memmove(&our_reps[i], &our_reps[i+1], (our_count-(i+1))*sizeof(our_reps[0]));
+				our_count--;
+				i--;
+				modified = true;
+			}
+		}
+
+		if (modified) {
+			werr = dsdb_savereps(s->samdb, mem_ctx, p->dn, "repsTo", our_reps, our_count);
+			if (!W_ERROR_IS_OK(werr)) {
+				DEBUG(0,(__location__ ": Failed to save repsTo to %s - %s\n", 
+					 ldb_dn_get_linearized(p->dn), ldb_errstring(s->samdb)));
+				return NT_STATUS_INTERNAL_DB_CORRUPTION;
+			}
+			/* dreplsrv should refresh its state */
+			notify_dreplsrv = true;
+		}
+	}
+
+	/* notify dreplsrv toplogy has changed */
+	if (notify_dreplsrv) {
+		kccsrv_notify_drepl_server(s, mem_ctx);
+	}
+
+	return NT_STATUS_OK;
+
+}
+
+
+/*
+  form a unique list of DNs from a search result and a given set of attributes
+ */
+static int kccsrv_dn_list(struct ldb_context *ldb, struct ldb_result *res,
+			  TALLOC_CTX *mem_ctx,
+			  const char **attrs,
+			  struct ldb_dn ***dn_list, int *dn_count)
+{
+	int i;
+	struct ldb_dn **nc_list = NULL;
+	int nc_count = 0;
+
+	nc_list = talloc_array(mem_ctx, struct ldb_dn *, 0);
+	if (nc_list == NULL) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	/* gather up a list of all NCs in this forest */
+	for (i=0; i<res->count; i++) {
+		struct ldb_message *msg = res->msgs[i];
+		int j;
+		for (j=0; attrs[j]; j++) {
+			struct ldb_message_element *el;
+			int k;
+
+			el = ldb_msg_find_element(msg, attrs[j]);
+			if (el == NULL) continue;
+			for (k=0; k<el->num_values; k++) {
+				struct ldb_dn *dn;
+				dn = ldb_dn_from_ldb_val(nc_list, ldb, &el->values[k]);
+				if (dn != NULL) {
+					int l;
+					for (l=0; l<nc_count; l++) {
+						if (ldb_dn_compare(nc_list[l], dn) == 0) break;
+					}
+					if (l < nc_count) continue;
+					nc_list = talloc_realloc(mem_ctx, nc_list, struct ldb_dn *, nc_count+1);
+					if (nc_list == NULL) {
+						return LDB_ERR_OPERATIONS_ERROR;
+					}
+					nc_list[nc_count] = dn;
+					nc_count++;
+				}
+			}
+		}
+	}
+
+	(*dn_list) = nc_list;
+	(*dn_count) = nc_count;
+	return LDB_SUCCESS;
+}
+
+
+/*
+  look for any additional global catalog partitions that we should be
+  replicating (by looking for msDS-HasDomainNCs), and add them to our
+  hasPartialReplicaNCs NTDS attribute
+ */
+static int kccsrv_gc_update(struct kccsrv_service *s, struct ldb_result *res)
+{
+	int i;
+	struct ldb_dn **nc_list = NULL;
+	int nc_count = 0;
+	struct ldb_dn **our_nc_list = NULL;
+	int our_nc_count = 0;
+	const char *attrs1[] = { "msDS-hasMasterNCs", "hasMasterNCs", "msDS-HasDomainNCs", NULL };
+	const char *attrs2[] = { "msDS-hasMasterNCs", "hasMasterNCs", "msDS-HasDomainNCs", "hasPartialReplicaNCs", NULL };
+	int ret;
+	TALLOC_CTX *tmp_ctx = talloc_new(res);
+	struct ldb_result *res2;
+	struct ldb_message *msg;
+
+	/* get a complete list of NCs for the forest */
+	ret = kccsrv_dn_list(s->samdb, res, tmp_ctx, attrs1, &nc_list, &nc_count);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(1,("Failed to get NC list for GC update - %s\n", ldb_errstring(s->samdb)));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	/* get a list of what NCs we are already replicating */
+	ret = dsdb_search_dn(s->samdb, tmp_ctx, &res2, samdb_ntds_settings_dn(s->samdb, tmp_ctx), attrs2, 0);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(1,("Failed to get our NC list attributes for GC update - %s\n", ldb_errstring(s->samdb)));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	ret = kccsrv_dn_list(s->samdb, res2, tmp_ctx, attrs2, &our_nc_list, &our_nc_count);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(1,("Failed to get our NC list for GC update - %s\n", ldb_errstring(s->samdb)));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	msg = ldb_msg_new(tmp_ctx);
+	if (msg == NULL) {
+		talloc_free(tmp_ctx);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	msg->dn = res2->msgs[0]->dn;
+
+	/* see if we are missing any */
+	for (i=0; i<nc_count; i++) {
+		int j;
+		for (j=0; j<our_nc_count; j++) {
+			if (ldb_dn_compare(nc_list[i], our_nc_list[j]) == 0) break;
+		}
+		if (j == our_nc_count) {
+			/* its a new one */
+			ret = ldb_msg_add_string(msg, "hasPartialReplicaNCs",
+						 ldb_dn_get_extended_linearized(msg, nc_list[i], 1));
+			if (ret != LDB_SUCCESS) {
+				talloc_free(tmp_ctx);
+				return ret;
+			}
+
+		}
+	}
+
+	if (msg->num_elements == 0) {
+		/* none to add */
+		talloc_free(tmp_ctx);
+		return LDB_SUCCESS;
+	}
+
+	if (s->am_rodc) {
+		DEBUG(5, ("%d partial replica should be added but we are RODC so we skip\n", msg->num_elements));
+		talloc_free(tmp_ctx);
+		return LDB_SUCCESS;
+	}
+
+	msg->elements[0].flags = LDB_FLAG_MOD_ADD;
+
+	ret = dsdb_modify(s->samdb, msg, 0);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,("Failed to add hasPartialReplicaNCs - %s\n",
+			 ldb_errstring(s->samdb)));
+	}
+
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+
+/*
+  this is the core of our initial simple KCC
+  We just add a repsFrom entry for all DCs we find that have nTDSDSA
+  objects, except for ourselves
+ */
+NTSTATUS kccsrv_simple_update(struct kccsrv_service *s, TALLOC_CTX *mem_ctx)
+{
+	struct ldb_result *res;
+	unsigned int i;
+	int ret;
+	const char *attrs[] = { "objectGUID", "invocationID", "msDS-hasMasterNCs", "hasMasterNCs", "msDS-HasDomainNCs", NULL };
+	struct repsFromToBlob *reps = NULL;
+	uint32_t count = 0;
+	struct kcc_connection_list *ntds_conn, *dsa_conn;
+
+	ret = dsdb_search(s->samdb, mem_ctx, &res, s->config_dn, LDB_SCOPE_SUBTREE,
+			  attrs, DSDB_SEARCH_SHOW_EXTENDED_DN, "objectClass=nTDSDSA");
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,(__location__ ": Failed nTDSDSA search - %s\n", ldb_errstring(s->samdb)));
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	if (samdb_is_gc(s->samdb)) {
+		kccsrv_gc_update(s, res);
+	}
+
+	/* get the current list of connections */
+	ntds_conn = kccsrv_find_connections(s, mem_ctx);
+
+	dsa_conn = talloc_zero(mem_ctx, struct kcc_connection_list);
+
+	for (i=0; i<res->count; i++) {
+		struct repsFromTo1 *r1;
+		struct GUID ntds_guid, invocation_id;
+
+		ntds_guid = samdb_result_guid(res->msgs[i], "objectGUID");
+		if (GUID_equal(&ntds_guid, &s->ntds_guid)) {
+			/* don't replicate with ourselves */
+			continue;
+		}
+
+		invocation_id = samdb_result_guid(res->msgs[i], "invocationID");
+
+		reps = talloc_realloc(mem_ctx, reps, struct repsFromToBlob, count+1);
+		NT_STATUS_HAVE_NO_MEMORY(reps);
+
+		ZERO_STRUCT(reps[count]);
+		reps[count].version = 1;
+		r1 = &reps[count].ctr.ctr1;
+
+		r1->other_info               = talloc_zero(reps, struct repsFromTo1OtherInfo);
+		r1->other_info->dns_name     = samdb_ntds_msdcs_dns_name(s->samdb, reps, &ntds_guid);
+		r1->source_dsa_obj_guid      = ntds_guid;
+		r1->source_dsa_invocation_id = invocation_id;
+		r1->replica_flags = kccsrv_replica_flags(s);
+		memset(r1->schedule, 0x11, sizeof(r1->schedule));
+
+		dsa_conn->servers = talloc_realloc(dsa_conn, dsa_conn->servers,
+						  struct kcc_connection,
+						  dsa_conn->count + 1);
+		NT_STATUS_HAVE_NO_MEMORY(dsa_conn->servers);
+		dsa_conn->servers[dsa_conn->count].dsa_guid = r1->source_dsa_obj_guid;
+		dsa_conn->count++;
+
+		count++;
+	}
+
+	kccsrv_apply_connections(s, ntds_conn, dsa_conn);
+
+	return kccsrv_add_repsFrom(s, mem_ctx, reps, count, res);
+}
+
+
+static void kccsrv_periodic_run(struct kccsrv_service *service);
+
+static void kccsrv_periodic_handler_te(struct tevent_context *ev, struct tevent_timer *te,
+					 struct timeval t, void *ptr)
+{
+	struct kccsrv_service *service = talloc_get_type(ptr, struct kccsrv_service);
+	WERROR status;
+
+	service->periodic.te = NULL;
+
+	kccsrv_periodic_run(service);
+
+	status = kccsrv_periodic_schedule(service, service->periodic.interval);
+	if (!W_ERROR_IS_OK(status)) {
+		task_server_terminate(service->task, win_errstr(status), true);
+		return;
+	}
+}
+
+WERROR kccsrv_periodic_schedule(struct kccsrv_service *service, uint32_t next_interval)
+{
+	TALLOC_CTX *tmp_mem;
+	struct tevent_timer *new_te;
+	struct timeval next_time;
+
+	/* prevent looping */
+	if (next_interval == 0) next_interval = 1;
+
+	next_time = timeval_current_ofs(next_interval, 50);
+
+	if (service->periodic.te) {
+		/*
+		 * if the timestamp of the new event is higher,
+		 * as current next we don't need to reschedule
+		 */
+		if (timeval_compare(&next_time, &service->periodic.next_event) > 0) {
+			return WERR_OK;
+		}
+	}
+
+	/* reset the next scheduled timestamp */
+	service->periodic.next_event = next_time;
+
+	new_te = tevent_add_timer(service->task->event_ctx, service,
+			         service->periodic.next_event,
+			         kccsrv_periodic_handler_te, service);
+	W_ERROR_HAVE_NO_MEMORY(new_te);
+
+	tmp_mem = talloc_new(service);
+	DEBUG(4,("kccsrv_periodic_schedule(%u) %sscheduled for: %s\n",
+		next_interval,
+		(service->periodic.te?"re":""),
+		nt_time_string(tmp_mem, timeval_to_nttime(&next_time))));
+	talloc_free(tmp_mem);
+
+	talloc_free(service->periodic.te);
+	service->periodic.te = new_te;
+
+	return WERR_OK;
+}
+
+/*
+ * Check to see if any dns entries need scavenging. This only occurs if aging
+ * is enabled in general ("zone scavenging" lpcfg) and on the zone
+ * (zone->fAging is true).
+ */
+static NTSTATUS kccsrv_dns_zone_scavenging(
+	struct kccsrv_service *s,
+	TALLOC_CTX *mem_ctx)
+{
+
+	time_t current_time = time(NULL);
+	time_t dns_scavenge_interval;
+	NTSTATUS status;
+	char *error_string = NULL;
+
+	/*
+	 * Only perform zone scavenging if it's been enabled.
+	 * (it still might be disabled on all zones).
+	 */
+	if (!lpcfg_dns_zone_scavenging(s->task->lp_ctx)) {
+		DBG_INFO("DNS scavenging not enabled\n");
+		return NT_STATUS_OK;
+	}
+
+	dns_scavenge_interval = lpcfg_parm_int(s->task->lp_ctx,
+					       NULL,
+					       "dnsserver",
+					       "scavenging_interval",
+					       2 * 60 * 60);
+	if ((current_time - s->last_dns_scavenge) > dns_scavenge_interval) {
+		s->last_dns_scavenge = current_time;
+		status = dns_tombstone_records(mem_ctx, s->samdb,
+					       &error_string);
+		if (!NT_STATUS_IS_OK(status)) {
+			const char *err = NULL;
+			if (error_string != NULL) {
+				err = error_string;
+			} else {
+				err = nt_errstr(status);
+			}
+			DBG_ERR("DNS record scavenging process failed: %s\n",
+				err);
+			return status;
+		}
+	}
+	DBG_INFO("Successfully tombstoned stale DNS records\n");
+	return NT_STATUS_OK;
+}
+/*
+ * check to see if any dns tombstones should be deleted. This is not optional
+ * ([MS-DNSP] "DsTombstoneInterval") -- stale tombstones are useless clutter.
+ *
+ * Windows does it daily at 2am; we do it roughly daily at an uncontrolled
+ * time.
+ */
+static NTSTATUS kccsrv_dns_zone_tombstone_deletion(struct kccsrv_service *s,
+						   TALLOC_CTX *mem_ctx)
+{
+	time_t current_time = time(NULL);
+	NTSTATUS status;
+	char *error_string = NULL;
+	time_t dns_collection_interval =
+		lpcfg_parm_int(s->task->lp_ctx,
+			       NULL,
+			       "dnsserver",
+			       "tombstone_collection_interval",
+			       24 * 60 * 60);
+
+	if ((current_time - s->last_dns_tombstone_collection) >
+	    dns_collection_interval) {
+		s->last_dns_tombstone_collection = current_time;
+		status = dns_delete_tombstones(mem_ctx, s->samdb,
+					       &error_string);
+		if (!NT_STATUS_IS_OK(status)) {
+			const char *err = NULL;
+			if (error_string != NULL) {
+				err = error_string;
+			} else {
+				err = nt_errstr(status);
+			}
+			DBG_ERR("DNS tombstone deletion failed: %s\n", err);
+			return status;
+		}
+	}
+	DBG_INFO("Successfully deleted DNS tombstones\n");
+	return NT_STATUS_OK;
+}
+
+/*
+  check to see if any deleted objects need scavenging
+ */
+static NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_ctx)
+{
+	time_t current_time = time(NULL);
+	time_t interval = lpcfg_parm_int(
+	    s->task->lp_ctx, NULL, "kccsrv", "check_deleted_interval", 86400);
+	uint32_t tombstoneLifetime;
+	int ret;
+	unsigned int num_objects_removed = 0;
+	unsigned int num_links_removed = 0;
+	NTSTATUS status;
+	char *error_string = NULL;
+
+	if (current_time - s->last_deleted_check < interval) {
+		return NT_STATUS_OK;
+	}
+
+	ret = dsdb_tombstone_lifetime(s->samdb, &tombstoneLifetime);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(1,(__location__ ": Failed to get tombstone lifetime\n"));
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	s->last_deleted_check = current_time;
+
+	status = dsdb_garbage_collect_tombstones(mem_ctx, s->samdb,
+						 s->partitions,
+						 current_time, tombstoneLifetime,
+						 &num_objects_removed,
+						 &num_links_removed,
+						 &error_string);
+
+	if (NT_STATUS_IS_OK(status)) {
+		DEBUG(5, ("garbage_collect_tombstones: Removed %u tombstone objects "
+			  "and %u tombstone links successfully\n",
+			  num_objects_removed, num_links_removed));
+	} else {
+		DEBUG(2, ("garbage_collect_tombstones: Failure removing tombstone "
+			  "objects and links after removing %u tombstone objects "
+			  "and %u tombstone links successfully: %s\n",
+			  num_objects_removed, num_links_removed,
+			  error_string ? error_string : nt_errstr(status)));
+	}
+	return status;
+}
+
+static void kccsrv_periodic_run(struct kccsrv_service *service)
+{
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+
+	DEBUG(4,("kccsrv_periodic_run(): update\n"));
+
+	mem_ctx = talloc_new(service);
+
+        if (service->samba_kcc_code)
+		status = kccsrv_samba_kcc(service);
+	else {
+		status = kccsrv_simple_update(service, mem_ctx);
+		if (!NT_STATUS_IS_OK(status))
+			DEBUG(0,("kccsrv_simple_update failed - %s\n",
+				nt_errstr(status)));
+	}
+
+	status = kccsrv_check_deleted(service, mem_ctx);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("kccsrv_check_deleted failed - %s\n", nt_errstr(status)));
+	}
+	status = kccsrv_dns_zone_scavenging(service, mem_ctx);
+	if (!NT_STATUS_IS_OK(status)) {
+		DBG_ERR("kccsrv_dns_zone_aging failed - %s\n",
+			nt_errstr(status));
+	}
+	status = kccsrv_dns_zone_tombstone_deletion(service, mem_ctx);
+	if (!NT_STATUS_IS_OK(status)) {
+		DBG_ERR("kccsrv_dns_zone_tombstone_scavenging failed - %s\n",
+			nt_errstr(status));
+	}
+	talloc_free(mem_ctx);
+}
+
+/* Called when samba_kcc script has finished
+ */
+static void samba_kcc_done(struct tevent_req *subreq)
+{
+        struct kccsrv_service *service =
+		tevent_req_callback_data(subreq, struct kccsrv_service);
+        int rc;
+        int sys_errno;
+
+        service->periodic.subreq = NULL;
+
+	rc = samba_runcmd_recv(subreq, &sys_errno);
+	TALLOC_FREE(subreq);
+
+	if (rc != 0)
+		service->periodic.status =
+			map_nt_error_from_unix_common(sys_errno);
+	else
+		service->periodic.status = NT_STATUS_OK;
+
+	if (!NT_STATUS_IS_OK(service->periodic.status))
+		DEBUG(0,(__location__ ": Failed samba_kcc - %s\n",
+			nt_errstr(service->periodic.status)));
+	else
+		DEBUG(3,("Completed samba_kcc OK\n"));
+}
+
+/* Invocation of the samba_kcc python script for replication
+ * topology generation.
+ */
+NTSTATUS kccsrv_samba_kcc(struct kccsrv_service *service)
+{
+	NTSTATUS status = NT_STATUS_OK;
+	const char * const *samba_kcc_command =
+		lpcfg_samba_kcc_command(service->task->lp_ctx);
+
+	/* kill any existing child */
+	TALLOC_FREE(service->periodic.subreq);
+
+	DEBUG(2, ("Calling samba_kcc script\n"));
+	service->periodic.subreq = samba_runcmd_send(service,
+					service->task->event_ctx,
+					timeval_current_ofs(40, 0),
+					2, 0, samba_kcc_command, NULL);
+
+        if (service->periodic.subreq == NULL) {
+		status = NT_STATUS_NO_MEMORY;
+		goto xerror;
+        }
+        tevent_req_set_callback(service->periodic.subreq,
+				samba_kcc_done, service);
+
+xerror:
+	if (!NT_STATUS_IS_OK(status))
+		DEBUG(0,(__location__ ": failed - %s\n", nt_errstr(status)));
+	return status;
+}
diff --git a/source4/dsdb/kcc/kcc_service.c b/source4/dsdb/kcc/kcc_service.c
new file mode 100644
index 0000000..066cc07
--- /dev/null
+++ b/source4/dsdb/kcc/kcc_service.c
@@ -0,0 +1,364 @@
+/* 
+   Unix SMB/CIFS Implementation.
+
+   KCC service
+   
+   Copyright (C) Andrew Tridgell 2009
+   based on repl service code
+    
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+   
+*/
+
+#include "includes.h"
+#include "dsdb/samdb/samdb.h"
+#include "auth/auth.h"
+#include "samba/service.h"
+#include "lib/events/events.h"
+#include "lib/messaging/irpc.h"
+#include "dsdb/kcc/kcc_service.h"
+#include <ldb_errors.h>
+#include "../lib/util/dlinklist.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "param/param.h"
+#include "libds/common/roles.h"
+
+/*
+  establish system creds
+ */
+static WERROR kccsrv_init_creds(struct kccsrv_service *service)
+{
+	service->system_session_info = system_session(service->task->lp_ctx);
+	if (!service->system_session_info) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	return WERR_OK;
+}
+
+/*
+  connect to the local SAM
+ */
+static WERROR kccsrv_connect_samdb(struct kccsrv_service *service, struct loadparm_context *lp_ctx)
+{
+	const struct GUID *ntds_guid;
+
+	service->samdb = samdb_connect(service,
+				       service->task->event_ctx,
+				       lp_ctx,
+				       service->system_session_info,
+				       NULL,
+				       0);
+	if (!service->samdb) {
+		return WERR_DS_UNAVAILABLE;
+	}
+
+	ntds_guid = samdb_ntds_objectGUID(service->samdb);
+	if (!ntds_guid) {
+		DBG_ERR("Failed to determine own NTDS objectGUID\n");
+		return WERR_DS_UNAVAILABLE;
+	}
+
+	service->ntds_guid = *ntds_guid;
+
+	if (samdb_rodc(service->samdb, &service->am_rodc) != LDB_SUCCESS) {
+		DEBUG(0,(__location__ ": Failed to determine RODC status\n"));
+		return WERR_DS_UNAVAILABLE;
+	}
+
+	return WERR_OK;
+}
+
+
+/*
+  load our local partition list
+ */
+static WERROR kccsrv_load_partitions(struct kccsrv_service *s)
+{
+	struct ldb_dn *basedn;
+	struct ldb_result *r;
+	struct ldb_message_element *el;
+	static const char *attrs[] = { "namingContexts", "configurationNamingContext", NULL };
+	unsigned int i;
+	int ret;
+
+	basedn = ldb_dn_new(s, s->samdb, NULL);
+	W_ERROR_HAVE_NO_MEMORY(basedn);
+
+	ret = ldb_search(s->samdb, s, &r, basedn, LDB_SCOPE_BASE, attrs,
+			 "(objectClass=*)");
+	talloc_free(basedn);
+	if (ret != LDB_SUCCESS) {
+		return WERR_FOOBAR;
+	} else if (r->count != 1) {
+		talloc_free(r);
+		return WERR_FOOBAR;
+	}
+
+	el = ldb_msg_find_element(r->msgs[0], "namingContexts");
+	if (!el) {
+		return WERR_FOOBAR;
+	}
+
+	for (i=0; i < el->num_values; i++) {
+		const char *v = (const char *)el->values[i].data;
+		struct ldb_dn *pdn;
+		struct dsdb_ldb_dn_list_node *p;
+
+		pdn = ldb_dn_new(s, s->samdb, v);
+		if (!ldb_dn_validate(pdn)) {
+			return WERR_FOOBAR;
+		}
+
+		p = talloc_zero(s, struct dsdb_ldb_dn_list_node);
+		W_ERROR_HAVE_NO_MEMORY(p);
+
+		p->dn = talloc_steal(p, pdn);
+
+		DLIST_ADD(s->partitions, p);
+
+		DEBUG(2, ("kccsrv_partition[%s] loaded\n", v));
+	}
+
+	el = ldb_msg_find_element(r->msgs[0], "configurationNamingContext");
+	if (!el) {
+		return WERR_FOOBAR;
+	}
+	s->config_dn = ldb_dn_new(s, s->samdb, (const char *)el->values[0].data);
+	if (!ldb_dn_validate(s->config_dn)) {
+		return WERR_FOOBAR;
+	}
+
+	talloc_free(r);
+
+	return WERR_OK;
+}
+
+
+struct kcc_manual_runcmd_state {
+	struct irpc_message *msg;
+	struct drsuapi_DsExecuteKCC *r;
+	struct kccsrv_service *service;
+};
+
+
+/*
+ * Called when samba_kcc script has finished
+ */
+static void manual_samba_kcc_done(struct tevent_req *subreq)
+{
+	struct kcc_manual_runcmd_state *st =
+		tevent_req_callback_data(subreq,
+		struct kcc_manual_runcmd_state);
+        int rc;
+        int sys_errno;
+	NTSTATUS status;
+
+        st->service->periodic.subreq = NULL;
+
+	rc = samba_runcmd_recv(subreq, &sys_errno);
+	TALLOC_FREE(subreq);
+
+	if (rc != 0) {
+		status = map_nt_error_from_unix_common(sys_errno);
+	} else {
+		status = NT_STATUS_OK;
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,(__location__ ": Failed manual run of samba_kcc - %s\n",
+			nt_errstr(status)));
+	} else {
+		DEBUG(3,("Completed manual run of samba_kcc OK\n"));
+	}
+
+	if (!(st->r->in.req->ctr1.flags & DRSUAPI_DS_EXECUTE_KCC_ASYNCHRONOUS_OPERATION)) {
+		irpc_send_reply(st->msg, status);
+	}
+}
+
+static NTSTATUS kccsrv_execute_kcc(struct irpc_message *msg, struct drsuapi_DsExecuteKCC *r)
+{
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status = NT_STATUS_OK;
+	struct kccsrv_service *service = talloc_get_type(msg->private_data, struct kccsrv_service);
+
+	const char * const *samba_kcc_command;
+	struct kcc_manual_runcmd_state *st;
+
+	if (!service->samba_kcc_code) {
+		mem_ctx = talloc_new(service);
+
+		status = kccsrv_simple_update(service, mem_ctx);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0,("kccsrv_execute_kcc failed - %s\n",
+				nt_errstr(status)));
+		}
+		talloc_free(mem_ctx);
+
+		return NT_STATUS_OK;
+	}
+
+	/* Invocation of the samba_kcc python script for replication
+	 * topology generation.
+	 */
+
+	samba_kcc_command =
+		lpcfg_samba_kcc_command(service->task->lp_ctx);
+
+	st = talloc(msg, struct kcc_manual_runcmd_state);
+	if (st == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	st->msg = msg;
+	st->r = r;
+	st->service = service;
+
+	/* don't run at the same time as an existing child */
+	if (service->periodic.subreq) {
+		status = NT_STATUS_DS_BUSY;
+		return status;
+	}
+
+	DEBUG(2, ("Calling samba_kcc script\n"));
+	service->periodic.subreq = samba_runcmd_send(service,
+						     service->task->event_ctx,
+						     timeval_current_ofs(40, 0),
+						     2, 0, samba_kcc_command, NULL);
+
+	if (service->periodic.subreq == NULL) {
+		status = NT_STATUS_NO_MEMORY;
+		DEBUG(0,(__location__ ": failed - %s\n", nt_errstr(status)));
+		return status;
+	} else {
+		tevent_req_set_callback(service->periodic.subreq,
+					manual_samba_kcc_done, st);
+	}
+
+	if (r->in.req->ctr1.flags & DRSUAPI_DS_EXECUTE_KCC_ASYNCHRONOUS_OPERATION) {
+		/* This actually means reply right away, let it run in the background */
+	} else {
+		/* mark the request as replied async, the caller wants to know when this is finished */
+		msg->defer_reply = true;
+	}
+	return status;
+
+}
+
+static NTSTATUS kccsrv_replica_get_info(struct irpc_message *msg, struct drsuapi_DsReplicaGetInfo *r)
+{
+	return kccdrs_replica_get_info(msg, r);
+}
+
+/*
+  startup the kcc service task
+*/
+static NTSTATUS kccsrv_task_init(struct task_server *task)
+{
+	WERROR status;
+	struct kccsrv_service *service;
+	uint32_t periodic_startup_interval;
+
+	switch (lpcfg_server_role(task->lp_ctx)) {
+	case ROLE_STANDALONE:
+		task_server_terminate(task, "kccsrv: no KCC required in standalone configuration", false);
+		return NT_STATUS_INVALID_DOMAIN_ROLE;
+	case ROLE_DOMAIN_MEMBER:
+		task_server_terminate(task, "kccsrv: no KCC required in domain member configuration", false);
+		return NT_STATUS_INVALID_DOMAIN_ROLE;
+	case ROLE_ACTIVE_DIRECTORY_DC:
+		/* Yes, we want a KCC */
+		break;
+	}
+
+	task_server_set_title(task, "task[kccsrv]");
+
+	service = talloc_zero(task, struct kccsrv_service);
+	if (!service) {
+		task_server_terminate(task, "kccsrv_task_init: out of memory", true);
+		return NT_STATUS_NO_MEMORY;
+	}
+	service->task		= task;
+	service->startup_time	= timeval_current();
+	task->private_data	= service;
+
+	status = kccsrv_init_creds(service);
+	if (!W_ERROR_IS_OK(status)) {
+		task_server_terminate(task, 
+				      talloc_asprintf(task,
+						      "kccsrv: Failed to obtain server credentials: %s\n",
+						      win_errstr(status)), true);
+		return werror_to_ntstatus(status);
+	}
+
+	status = kccsrv_connect_samdb(service, task->lp_ctx);
+	if (!W_ERROR_IS_OK(status)) {
+		task_server_terminate(task, talloc_asprintf(task,
+				      "kccsrv: Failed to connect to local samdb: %s\n",
+							    win_errstr(status)), true);
+		return werror_to_ntstatus(status);
+	}
+
+	status = kccsrv_load_partitions(service);
+	if (!W_ERROR_IS_OK(status)) {
+		task_server_terminate(task, talloc_asprintf(task,
+				      "kccsrv: Failed to load partitions: %s\n",
+							    win_errstr(status)), true);
+		return werror_to_ntstatus(status);
+	}
+
+	periodic_startup_interval =
+		lpcfg_parm_int(task->lp_ctx, NULL, "kccsrv",
+			      "periodic_startup_interval", 15); /* in seconds */
+	service->periodic.interval =
+		lpcfg_parm_int(task->lp_ctx, NULL, "kccsrv",
+			      "periodic_interval", 300); /* in seconds */
+
+	/* (kccsrv:samba_kcc=true) will run newer samba_kcc replication
+	 * topology generation code.
+	 */
+	service->samba_kcc_code = lpcfg_parm_bool(task->lp_ctx, NULL,
+						"kccsrv", "samba_kcc", true);
+
+	status = kccsrv_periodic_schedule(service, periodic_startup_interval);
+	if (!W_ERROR_IS_OK(status)) {
+		task_server_terminate(task, talloc_asprintf(task,
+				      "kccsrv: Failed to periodic schedule: %s\n",
+							    win_errstr(status)), true);
+		return werror_to_ntstatus(status);
+	}
+
+	irpc_add_name(task->msg_ctx, "kccsrv");
+
+	IRPC_REGISTER(task->msg_ctx, drsuapi, DRSUAPI_DSEXECUTEKCC, kccsrv_execute_kcc, service);
+	IRPC_REGISTER(task->msg_ctx, drsuapi, DRSUAPI_DSREPLICAGETINFO, kccsrv_replica_get_info, service);
+	return NT_STATUS_OK;
+}
+
+/*
+  register ourselves as a available server
+*/
+NTSTATUS server_service_kcc_init(TALLOC_CTX *ctx)
+{
+	static const struct service_details details = {
+		.inhibit_fork_on_accept = true,
+		.inhibit_pre_fork = true,
+		.task_init = kccsrv_task_init,
+		.post_fork = NULL
+	};
+	return register_server_service(ctx, "kcc", &details);
+}
diff --git a/source4/dsdb/kcc/kcc_service.h b/source4/dsdb/kcc/kcc_service.h
new file mode 100644
index 0000000..d702b5a
--- /dev/null
+++ b/source4/dsdb/kcc/kcc_service.h
@@ -0,0 +1,101 @@
+/* 
+   Unix SMB/CIFS Implementation.
+
+   KCC service
+   
+   Copyright (C) Andrew Tridgell 2009
+   based on drepl service code
+    
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+   
+*/
+
+#ifndef _DSDB_REPL_KCC_SERVICE_H_
+#define _DSDB_REPL_KCC_SERVICE_H_
+
+#include "librpc/gen_ndr/ndr_drsuapi_c.h"
+#include "dsdb/common/util.h"
+
+struct kccsrv_service {
+	/* the whole kcc service is in one task */
+	struct task_server *task;
+
+	/* the time the service was started */
+	struct timeval startup_time;
+
+	/* dn of our configuration partition */
+	struct ldb_dn *config_dn;
+
+	/* 
+	 * system session info
+	 * with machine account credentials
+	 */
+	struct auth_session_info *system_session_info;
+
+	/* list of local partitions */
+	struct dsdb_ldb_dn_list_node *partitions;
+
+	/*
+	 * a connection to the local samdb
+	 */
+	struct ldb_context *samdb;
+
+	/* the guid of our NTDS Settings object, which never changes! */
+	struct GUID ntds_guid;
+
+	/* some stuff for periodic processing */
+	struct {
+		/*
+		 * the interval between to periodic runs
+		 */
+		uint32_t interval;
+
+		/*
+		 * the timestamp for the next event,
+		 * this is the timestamp passed to event_add_timed()
+		 */
+		struct timeval next_event;
+
+		/* here we have a reference to the timed event the schedules the periodic stuff */
+		struct tevent_timer *te;
+
+		/* samba_runcmd_send service for samba_kcc */
+		struct tevent_req *subreq;
+
+		/* return status of samba_kcc */
+		NTSTATUS status;
+
+	} periodic;
+
+	time_t last_deleted_check;
+
+	time_t last_dns_scavenge;
+
+	time_t last_dns_tombstone_collection;
+
+	time_t last_full_scan_deleted_check;
+
+	bool am_rodc;
+
+	/* run new samba_kcc topology generator code */
+	bool samba_kcc_code;
+};
+
+struct kcc_connection_list;
+
+#include "dsdb/kcc/garbage_collect_tombstones.h"
+#include "dsdb/kcc/scavenge_dns_records.h"
+#include "dsdb/kcc/kcc_service_proto.h"
+
+#endif /* _DSDB_REPL_KCC_SERVICE_H_ */
diff --git a/source4/dsdb/kcc/scavenge_dns_records.c b/source4/dsdb/kcc/scavenge_dns_records.c
new file mode 100644
index 0000000..f41250c
--- /dev/null
+++ b/source4/dsdb/kcc/scavenge_dns_records.c
@@ -0,0 +1,531 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   DNS tombstoning routines
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2018
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+#include "includes.h"
+#include <ldb_errors.h>
+#include "../lib/util/dlinklist.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "param/param.h"
+#include "lib/util/dlinklist.h"
+#include "ldb.h"
+#include "dsdb/kcc/scavenge_dns_records.h"
+#include "lib/ldb-samba/ldb_matching_rules.h"
+#include "lib/util/time.h"
+#include "dns_server/dnsserver_common.h"
+#include "librpc/gen_ndr/ndr_dnsp.h"
+#include "param/param.h"
+
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+
+/*
+ * Copy only non-expired dns records from one message element to another.
+ */
+static NTSTATUS copy_current_records(TALLOC_CTX *mem_ctx,
+				     struct ldb_message_element *old_el,
+				     struct ldb_message_element *el,
+				     uint32_t dns_timestamp)
+{
+	unsigned int i;
+	struct dnsp_DnssrvRpcRecord rec;
+	enum ndr_err_code ndr_err;
+
+	el->values = talloc_zero_array(mem_ctx, struct ldb_val,
+				       old_el->num_values);
+	if (el->values == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i = 0; i < old_el->num_values; i++) {
+		ndr_err = ndr_pull_struct_blob(
+		    &(old_el->values[i]),
+		    mem_ctx,
+		    &rec,
+		    (ndr_pull_flags_fn_t)ndr_pull_dnsp_DnssrvRpcRecord);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			DBG_ERR("Failed to pull dns rec blob.\n");
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+		if (rec.dwTimeStamp > dns_timestamp ||
+		    rec.dwTimeStamp == 0) {
+			el->values[el->num_values] = old_el->values[i];
+			el->num_values++;
+		}
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+ * Check all records in a zone and tombstone them if they're expired.
+ */
+static NTSTATUS dns_tombstone_records_zone(TALLOC_CTX *mem_ctx,
+					   struct ldb_context *samdb,
+					   struct dns_server_zone *zone,
+					   uint32_t dns_timestamp,
+					   NTTIME entombed_time,
+					   char **error_string)
+{
+	WERROR werr;
+	NTSTATUS status;
+	unsigned int i;
+	struct dnsserver_zoneinfo *zi = NULL;
+	struct ldb_result *res = NULL;
+	struct ldb_message_element *el = NULL;
+	struct ldb_message_element *tombstone_el = NULL;
+	struct ldb_message_element *old_el = NULL;
+	struct ldb_message *new_msg = NULL;
+	enum ndr_err_code ndr_err;
+	int ret;
+	struct GUID guid;
+	struct GUID_txt_buf buf_guid;
+	const char *attrs[] = {"dnsRecord",
+			       "dNSTombstoned",
+			       "objectGUID",
+			       NULL};
+
+	struct ldb_val true_val = {
+		.data = discard_const_p(uint8_t, "TRUE"),
+		.length = 4
+	};
+
+	struct ldb_val tombstone_blob;
+	struct dnsp_DnssrvRpcRecord tombstone_struct = {
+		.wType = DNS_TYPE_TOMBSTONE,
+		.data = {.EntombedTime = entombed_time}
+	};
+
+	ndr_err = ndr_push_struct_blob(
+	    &tombstone_blob,
+	    mem_ctx,
+	    &tombstone_struct,
+	    (ndr_push_flags_fn_t)ndr_push_dnsp_DnssrvRpcRecord);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		*error_string = discard_const_p(char,
+						"Failed to push TOMBSTONE"
+						"dnsp_DnssrvRpcRecord\n");
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	*error_string = NULL;
+
+	/* Get NoRefreshInterval and RefreshInterval from zone properties.*/
+	zi = talloc(mem_ctx, struct dnsserver_zoneinfo);
+	if (zi == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	werr = dns_get_zone_properties(samdb, mem_ctx, zone->dn, zi);
+	if (W_ERROR_EQUAL(DNS_ERR(NOTZONE), werr)) {
+		return NT_STATUS_PROPSET_NOT_FOUND;
+	} else if (!W_ERROR_IS_OK(werr)) {
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	/* Subtract them from current time to get the earliest possible.
+	 * timestamp allowed for a non-expired DNS record. */
+	dns_timestamp -= zi->dwNoRefreshInterval + zi->dwRefreshInterval;
+
+	/* Custom match gets dns records in the zone with dwTimeStamp < t. */
+	ret = ldb_search(samdb,
+			 mem_ctx,
+			 &res,
+			 zone->dn,
+			 LDB_SCOPE_SUBTREE,
+			 attrs,
+			 "(&(objectClass=dnsNode)"
+			 "(&(!(dnsTombstoned=TRUE))"
+			 "(dnsRecord:" DSDB_MATCH_FOR_DNS_TO_TOMBSTONE_TIME
+			 ":=%"PRIu32")))",
+			 dns_timestamp);
+	if (ret != LDB_SUCCESS) {
+		*error_string = talloc_asprintf(mem_ctx,
+						"Failed to search for dns "
+						"objects in zone %s: %s",
+						ldb_dn_get_linearized(zone->dn),
+						ldb_errstring(samdb));
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	/*
+	 * Do a constrained update on each expired DNS node. To do a constrained
+	 * update we leave the dnsRecord element as is, and just change the flag
+	 * to MOD_DELETE, then add a new element with the changes we want.  LDB
+	 * will run the deletion first, and bail out if a binary comparison
+	 * between the attribute we pass and the one in the database shows a
+	 * change.  This prevents race conditions.
+	 */
+	for (i = 0; i < res->count; i++) {
+		new_msg = ldb_msg_copy(mem_ctx, res->msgs[i]);
+		if (new_msg == NULL) {
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+
+		old_el = ldb_msg_find_element(new_msg, "dnsRecord");
+		if (old_el == NULL) {
+			TALLOC_FREE(new_msg);
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+		old_el->flags = LDB_FLAG_MOD_DELETE;
+
+		ret = ldb_msg_add_empty(
+		    new_msg, "dnsRecord", LDB_FLAG_MOD_ADD, &el);
+		if (ret != LDB_SUCCESS) {
+			TALLOC_FREE(new_msg);
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+
+		status = copy_current_records(new_msg, old_el, el, dns_timestamp);
+
+		if (!NT_STATUS_IS_OK(status)) {
+			TALLOC_FREE(new_msg);
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+
+		/* If nothing was expired, do nothing. */
+		if (el->num_values == old_el->num_values &&
+		    el->num_values != 0) {
+			TALLOC_FREE(new_msg);
+			continue;
+		}
+
+		/*
+		 * If everything was expired, we tombstone the node, which
+		 * involves adding a tombstone dnsRecord and a 'dnsTombstoned:
+		 * TRUE' attribute. That is, we want to end up with this:
+		 *
+		 *  objectClass: dnsNode
+		 *  dnsRecord:  { .wType = DNSTYPE_TOMBSTONE,
+		 *                .data.EntombedTime = <now> }
+		 *  dnsTombstoned: TRUE
+		 *
+		 * and no other dnsRecords.
+		 */
+		if (el->num_values == 0) {
+			struct ldb_val *vals = talloc_realloc(new_msg->elements,
+							      el->values,
+							      struct ldb_val,
+							      1);
+			if (!vals) {
+				TALLOC_FREE(new_msg);
+				return NT_STATUS_INTERNAL_ERROR;
+			}
+			el->values = vals;
+			el->values[0] = tombstone_blob;
+			el->num_values = 1;
+
+			tombstone_el = ldb_msg_find_element(new_msg,
+						  "dnsTombstoned");
+
+			if (tombstone_el == NULL) {
+				ret = ldb_msg_add_value(new_msg,
+							"dnsTombstoned",
+							&true_val,
+							&tombstone_el);
+				if (ret != LDB_SUCCESS) {
+					TALLOC_FREE(new_msg);
+					return NT_STATUS_INTERNAL_ERROR;
+				}
+				tombstone_el->flags = LDB_FLAG_MOD_ADD;
+			} else {
+				if (tombstone_el->num_values != 1) {
+					vals = talloc_realloc(
+						new_msg->elements,
+						tombstone_el->values,
+						struct ldb_val,
+						1);
+					if (!vals) {
+						TALLOC_FREE(new_msg);
+						return NT_STATUS_INTERNAL_ERROR;
+					}
+					tombstone_el->values = vals;
+					tombstone_el->num_values = 1;
+				}
+				tombstone_el->flags = LDB_FLAG_MOD_REPLACE;
+				tombstone_el->values[0] = true_val;
+			}
+		} else {
+			/*
+			 * Do not change the status of dnsTombstoned if we
+			 * found any live records. If it exists, its value
+			 * will be the harmless "FALSE", which is what we end
+			 * up with when a tombstoned record is untombstoned.
+			 * (in dns_common_replace).
+			 */
+			ldb_msg_remove_attr(new_msg,
+					    "dnsTombstoned");
+		}
+
+		/* Set DN to the GUID in case the object was moved. */
+		el = ldb_msg_find_element(new_msg, "objectGUID");
+		if (el == NULL) {
+			TALLOC_FREE(new_msg);
+			*error_string =
+			    talloc_asprintf(mem_ctx,
+					    "record has no objectGUID "
+					    "in zone %s",
+					    ldb_dn_get_linearized(zone->dn));
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+
+		status = GUID_from_ndr_blob(el->values, &guid);
+		if (!NT_STATUS_IS_OK(status)) {
+			TALLOC_FREE(new_msg);
+			*error_string =
+			    discard_const_p(char, "Error: Invalid GUID.\n");
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+
+		GUID_buf_string(&guid, &buf_guid);
+		new_msg->dn =
+		    ldb_dn_new_fmt(mem_ctx, samdb, "<GUID=%s>", buf_guid.buf);
+
+		/* Remove the GUID so we're not trying to modify it. */
+		ldb_msg_remove_attr(new_msg, "objectGUID");
+
+		ret = ldb_modify(samdb, new_msg);
+		if (ret != LDB_SUCCESS) {
+			TALLOC_FREE(new_msg);
+			*error_string =
+			    talloc_asprintf(mem_ctx,
+					    "Failed to modify dns record "
+					    "in zone %s: %s",
+					    ldb_dn_get_linearized(zone->dn),
+					    ldb_errstring(samdb));
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+		TALLOC_FREE(new_msg);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+ * Tombstone all expired DNS records.
+ */
+NTSTATUS dns_tombstone_records(TALLOC_CTX *mem_ctx,
+			       struct ldb_context *samdb,
+			       char **error_string)
+{
+	struct dns_server_zone *zones = NULL;
+	struct dns_server_zone *z = NULL;
+	NTSTATUS ret;
+	uint32_t dns_timestamp;
+	NTTIME entombed_time;
+	TALLOC_CTX *tmp_ctx = NULL;
+	time_t unix_now = time(NULL);
+
+	unix_to_nt_time(&entombed_time, unix_now);
+	dns_timestamp = unix_to_dns_timestamp(unix_now);
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ret = dns_common_zones(samdb, tmp_ctx, NULL, &zones);
+	if (!NT_STATUS_IS_OK(ret)) {
+		TALLOC_FREE(tmp_ctx);
+		return ret;
+	}
+
+	for (z = zones; z; z = z->next) {
+		ret = dns_tombstone_records_zone(tmp_ctx,
+						 samdb,
+						 z,
+						 dns_timestamp,
+						 entombed_time,
+						 error_string);
+		if (NT_STATUS_EQUAL(ret, NT_STATUS_PROPSET_NOT_FOUND)) {
+			continue;
+		} else if (!NT_STATUS_IS_OK(ret)) {
+			TALLOC_FREE(tmp_ctx);
+			return ret;
+		}
+	}
+	TALLOC_FREE(tmp_ctx);
+	return NT_STATUS_OK;
+}
+
+/*
+ * Delete all DNS tombstones that have been around for longer than the server
+ * property 'dns_tombstone_interval' which we store in smb.conf, which
+ * corresponds to DsTombstoneInterval in [MS-DNSP] 3.1.1.1.1 "DNS Server
+ * Integer Properties".
+ */
+NTSTATUS dns_delete_tombstones(TALLOC_CTX *mem_ctx,
+			       struct ldb_context *samdb,
+			       char **error_string)
+{
+	struct dns_server_zone *zones = NULL;
+	struct dns_server_zone *z = NULL;
+	int ret, i;
+	NTSTATUS status;
+	uint32_t current_time;
+	uint32_t tombstone_interval;
+	uint32_t tombstone_hours;
+	NTTIME tombstone_nttime;
+	enum ndr_err_code ndr_err;
+	struct ldb_result *res = NULL;
+	TALLOC_CTX *tmp_ctx = NULL;
+	struct loadparm_context *lp_ctx = NULL;
+	struct ldb_message_element *el = NULL;
+	struct dnsp_DnssrvRpcRecord rec = {0};
+	const char *attrs[] = {"dnsRecord", "dNSTombstoned", NULL};
+
+	current_time = unix_to_dns_timestamp(time(NULL));
+
+	lp_ctx = (struct loadparm_context *)ldb_get_opaque(samdb, "loadparm");
+	tombstone_interval = lpcfg_parm_ulong(lp_ctx, NULL,
+					      "dnsserver",
+					      "dns_tombstone_interval",
+					      24 * 14);
+
+	tombstone_hours = current_time - tombstone_interval;
+	status = dns_timestamp_to_nt_time(&tombstone_nttime,
+					  tombstone_hours);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		DBG_ERR("DNS timestamp exceeds NTTIME epoch.\n");
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	status = dns_common_zones(samdb, tmp_ctx, NULL, &zones);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(tmp_ctx);
+		return status;
+	}
+
+	for (z = zones; z; z = z->next) {
+		/*
+		 * This can load a very large set, but on the
+		 * assumption that the number of tombstones is
+		 * relatively small compared with the number of active
+		 * records, and that this is an indexed lookup, this
+		 * should be OK.  We can make a match rule if
+		 * returning the set of tombstones becomes an issue.
+		 */
+
+		ret = ldb_search(samdb,
+				 tmp_ctx,
+				 &res,
+				 z->dn,
+				 LDB_SCOPE_SUBTREE,
+				 attrs,
+				 "(&(objectClass=dnsNode)(dNSTombstoned=TRUE))");
+
+		if (ret != LDB_SUCCESS) {
+			*error_string =
+			    talloc_asprintf(mem_ctx,
+					    "Failed to "
+					    "search for tombstoned "
+					    "dns objects in zone %s: %s",
+					    ldb_dn_get_linearized(z->dn),
+					    ldb_errstring(samdb));
+			TALLOC_FREE(tmp_ctx);
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+
+		for (i = 0; i < res->count; i++) {
+			struct ldb_message *msg = res->msgs[i];
+			el = ldb_msg_find_element(msg, "dnsRecord");
+			if (el == NULL) {
+				DBG_ERR("The tombstoned dns node %s has no dns "
+					"records, which should not happen.\n",
+					ldb_dn_get_linearized(msg->dn)
+					);
+				continue;
+			}
+			/*
+			 * Below we assume the element has one value, which we
+			 * expect because when we tombstone a node we remove
+			 * all the records except for the tombstone.
+			 */
+			if (el->num_values != 1) {
+				DBG_ERR("The tombstoned dns node %s has %u "
+					"dns records, expected one.\n",
+					ldb_dn_get_linearized(msg->dn),
+					el->num_values
+					);
+				continue;
+			}
+
+			ndr_err = ndr_pull_struct_blob(
+			    el->values,
+			    tmp_ctx,
+			    &rec,
+			    (ndr_pull_flags_fn_t)ndr_pull_dnsp_DnssrvRpcRecord);
+			if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+				TALLOC_FREE(tmp_ctx);
+				DBG_ERR("Failed to pull dns rec blob.\n");
+				return NT_STATUS_INTERNAL_ERROR;
+			}
+
+			if (rec.wType != DNS_TYPE_TOMBSTONE) {
+				DBG_ERR("A tombstoned dnsNode has non-tombstoned"
+					" records, which should not happen.\n");
+				continue;
+			}
+
+			if (rec.data.EntombedTime > tombstone_nttime) {
+				continue;
+			}
+			/*
+			 * Between 4.9 and 4.14 in some places we saved the
+			 * tombstone time as hours since the start of 1601,
+			 * not in NTTIME ten-millionths of a second units.
+			 *
+			 * We can accommodate these bad values by noting that
+			 * all the realistic timestamps in that measurement
+			 * fall within the first *second* of NTTIME, that is,
+			 * before 1601-01-01 00:00:01; and that these
+			 * timestamps are not realistic for NTTIME timestamps.
+			 *
+			 * Calculation: there are roughly 365.25 * 24 = 8766
+			 * hours per year, and < 500 years since 1601, so
+			 * 4383000 would be a fine threshold. We round up to
+			 * the crore-second (c. 2741CE) in honour of NTTIME.
+			 */
+			if ((rec.data.EntombedTime < 10000000) &&
+			    (rec.data.EntombedTime > tombstone_hours)) {
+				continue;
+			}
+
+			ret = dsdb_delete(samdb, msg->dn, 0);
+			if (ret != LDB_ERR_NO_SUCH_OBJECT &&
+			    ret != LDB_SUCCESS) {
+				TALLOC_FREE(tmp_ctx);
+				DBG_ERR("Failed to delete dns node \n");
+				return NT_STATUS_INTERNAL_ERROR;
+			}
+		}
+
+	}
+	TALLOC_FREE(tmp_ctx);
+	return NT_STATUS_OK;
+}
diff --git a/source4/dsdb/kcc/scavenge_dns_records.h b/source4/dsdb/kcc/scavenge_dns_records.h
new file mode 100644
index 0000000..e065fed
--- /dev/null
+++ b/source4/dsdb/kcc/scavenge_dns_records.h
@@ -0,0 +1,36 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   DNS tombstoning routines
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2018
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+*/
+#include "param/param.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
+#include "dns_server/dnsserver_common.h"
+
+NTSTATUS dns_tombstone_records(TALLOC_CTX *mem_ctx,
+			       struct ldb_context *samdb,
+			       char **error_string);
+
+NTSTATUS dns_delete_tombstones(TALLOC_CTX *mem_ctx,
+			       struct ldb_context *samdb,
+			       char **error_string);
+NTSTATUS remove_expired_records(TALLOC_CTX *mem_ctx,
+				struct ldb_message_element *el,
+				NTTIME t);
diff --git a/source4/dsdb/pydsdb.c b/source4/dsdb/pydsdb.c
new file mode 100644
index 0000000..aac311a
--- /dev/null
+++ b/source4/dsdb/pydsdb.c
@@ -0,0 +1,1837 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2010
+   Copyright (C) Matthias Dieter Wallnöfer          2009
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "lib/replace/system/python.h"
+#include "python/py3compat.h"
+#include "includes.h"
+#include <ldb.h>
+#include <pyldb.h>
+#include "dsdb/samdb/samdb.h"
+#include "libcli/security/security.h"
+#include "librpc/ndr/libndr.h"
+#include "system/kerberos.h"
+#include "auth/kerberos/kerberos.h"
+#include "librpc/rpc/pyrpc_util.h"
+#include "lib/policy/policy.h"
+#include "param/pyparam.h"
+#include "lib/util/dlinklist.h"
+#include "dsdb/kcc/garbage_collect_tombstones.h"
+#include "dsdb/kcc/scavenge_dns_records.h"
+#include "libds/common/flag_mapping.h"
+
+#undef strcasecmp
+
+/* FIXME: These should be in a header file somewhere */
+#define PyErr_LDB_OR_RAISE(py_ldb, ldb) \
+	if (!py_check_dcerpc_type(py_ldb, "ldb", "Ldb")) { \
+		PyErr_SetString(PyExc_TypeError, "Ldb connection object required"); \
+		return NULL; \
+	} \
+	ldb = pyldb_Ldb_AS_LDBCONTEXT(py_ldb);
+
+#define PyErr_LDB_DN_OR_RAISE(py_ldb_dn, dn) \
+	if (!py_check_dcerpc_type(py_ldb_dn, "ldb", "Dn")) { \
+		PyErr_SetString(PyExc_TypeError, "ldb Dn object required"); \
+		return NULL; \
+	} \
+	dn = pyldb_Dn_AS_DN(py_ldb_dn);
+
+static PyObject *py_ldb_get_exception(void)
+{
+	PyObject *mod = PyImport_ImportModule("ldb");
+	PyObject *result = NULL;
+	if (mod == NULL)
+		return NULL;
+
+	result = PyObject_GetAttrString(mod, "LdbError");
+	Py_CLEAR(mod);
+	return result;
+}
+
+static void PyErr_SetLdbError(PyObject *error, int ret, struct ldb_context *ldb_ctx)
+{
+	if (ret == LDB_ERR_PYTHON_EXCEPTION)
+		return; /* Python exception should already be set, just keep that */
+
+	PyErr_SetObject(error, 
+			Py_BuildValue(discard_const_p(char, "(i,s)"), ret,
+			ldb_ctx == NULL?ldb_strerror(ret):ldb_errstring(ldb_ctx)));
+}
+
+static PyObject *py_samdb_server_site_name(PyObject *self, PyObject *args)
+{
+	PyObject *py_ldb, *result;
+	struct ldb_context *ldb;
+	const char *site;
+	TALLOC_CTX *mem_ctx;
+
+	if (!PyArg_ParseTuple(args, "O", &py_ldb))
+		return NULL;
+
+	PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	site = samdb_server_site_name(ldb, mem_ctx);
+	if (site == NULL) {
+		PyErr_SetString(PyExc_RuntimeError, "Failed to find server site");
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	result = PyUnicode_FromString(site);
+	talloc_free(mem_ctx);
+	return result;
+}
+
+static PyObject *py_dsdb_convert_schema_to_openldap(PyObject *self,
+						    PyObject *args)
+{
+	char *target_str, *mapping;
+	PyObject *py_ldb;
+	struct ldb_context *ldb;
+	PyObject *ret;
+	char *retstr;
+
+	if (!PyArg_ParseTuple(args, "Oss", &py_ldb, &target_str, &mapping))
+		return NULL;
+
+	PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+	retstr = dsdb_convert_schema_to_openldap(ldb, target_str, mapping);
+	if (retstr == NULL) {
+		PyErr_SetString(PyExc_RuntimeError,
+						"dsdb_convert_schema_to_openldap failed");
+		return NULL;
+	} 
+
+	ret = PyUnicode_FromString(retstr);
+	talloc_free(retstr);
+	return ret;
+}
+
+static PyObject *py_samdb_set_domain_sid(PyLdbObject *self, PyObject *args)
+{
+	PyObject *py_ldb, *py_sid;
+	struct ldb_context *ldb;
+	struct dom_sid *sid;
+	bool ret;
+	const char *sid_str = NULL;
+
+	if (!PyArg_ParseTuple(args, "OO", &py_ldb, &py_sid))
+		return NULL;
+
+	PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+	sid_str = PyUnicode_AsUTF8(py_sid);
+	if (sid_str == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	sid = dom_sid_parse_talloc(NULL, sid_str);
+	if (sid == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	ret = samdb_set_domain_sid(ldb, sid);
+	talloc_free(sid);
+	if (!ret) {
+		PyErr_SetString(PyExc_RuntimeError, "set_domain_sid failed");
+		return NULL;
+	} 
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_samdb_set_ntds_settings_dn(PyLdbObject *self, PyObject *args)
+{ 
+	PyObject *py_ldb, *py_ntds_settings_dn;
+	struct ldb_context *ldb;
+	struct ldb_dn *ntds_settings_dn;
+	TALLOC_CTX *tmp_ctx;
+	bool ret;
+
+	if (!PyArg_ParseTuple(args, "OO", &py_ldb, &py_ntds_settings_dn))
+		return NULL;
+
+	PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+	tmp_ctx = talloc_new(NULL);
+	if (tmp_ctx == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	if (!pyldb_Object_AsDn(tmp_ctx, py_ntds_settings_dn, ldb, &ntds_settings_dn)) {
+		/* exception thrown by "pyldb_Object_AsDn" */
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+
+	ret = samdb_set_ntds_settings_dn(ldb, ntds_settings_dn);
+	talloc_free(tmp_ctx);
+	if (!ret) {
+		PyErr_SetString(PyExc_RuntimeError, "set_ntds_settings_dn failed");
+		return NULL;
+	} 
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_samdb_get_domain_sid(PyLdbObject *self, PyObject *args)
+{ 
+	PyObject *py_ldb;
+	struct ldb_context *ldb;
+	const struct dom_sid *sid;
+	struct dom_sid_buf buf;
+	PyObject *ret;
+
+	if (!PyArg_ParseTuple(args, "O", &py_ldb))
+		return NULL;
+
+	PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+	sid = samdb_domain_sid(ldb);
+	if (!sid) {
+		PyErr_SetString(PyExc_RuntimeError, "samdb_domain_sid failed");
+		return NULL;
+	}
+
+	ret = PyUnicode_FromString(dom_sid_str_buf(sid, &buf));
+	return ret;
+}
+
+static PyObject *py_samdb_ntds_invocation_id(PyObject *self, PyObject *args)
+{
+	PyObject *py_ldb, *result;
+	struct ldb_context *ldb;
+	const struct GUID *guid;
+	char *retstr;
+
+	if (!PyArg_ParseTuple(args, "O", &py_ldb)) {
+		return NULL;
+	}
+
+	PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+	guid = samdb_ntds_invocation_id(ldb);
+	if (guid == NULL) {
+		PyErr_SetString(PyExc_RuntimeError,
+						"Failed to find NTDS invocation ID");
+		return NULL;
+	}
+
+	retstr = GUID_string(NULL, guid);
+	if (retstr == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+	result = PyUnicode_FromString(retstr);
+	talloc_free(retstr);
+	return result;
+}
+
+static PyObject *py_dsdb_get_oid_from_attid(PyObject *self, PyObject *args)
+{
+	PyObject *py_ldb;
+	struct ldb_context *ldb;
+	uint32_t attid;
+	struct dsdb_schema *schema;
+	const char *oid;
+	PyObject *ret;
+	WERROR status;
+	TALLOC_CTX *mem_ctx;
+
+	if (!PyArg_ParseTuple(args, "OI", &py_ldb, &attid))
+		return NULL;
+
+	PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+	mem_ctx = talloc_new(NULL);
+	if (!mem_ctx) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	schema = dsdb_get_schema(ldb, mem_ctx);
+	if (!schema) {
+		PyErr_SetString(PyExc_RuntimeError, "Failed to find a schema from ldb \n");
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+	
+	status = dsdb_schema_pfm_oid_from_attid(schema->prefixmap, attid,
+	                                        mem_ctx, &oid);
+	if (!W_ERROR_IS_OK(status)) {
+		PyErr_SetWERROR(status);
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	ret = PyUnicode_FromString(oid);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+
+static PyObject *py_dsdb_get_attid_from_lDAPDisplayName(PyObject *self, PyObject *args)
+{
+	PyObject *py_ldb, *is_schema_nc;
+	struct ldb_context *ldb;
+	struct dsdb_schema *schema;
+	const char *ldap_display_name;
+	bool schema_nc = false;
+	const struct dsdb_attribute *a;
+	uint32_t attid;
+
+	if (!PyArg_ParseTuple(args, "OsO", &py_ldb, &ldap_display_name, &is_schema_nc))
+		return NULL;
+
+	PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+	if (is_schema_nc) {
+		if (!PyBool_Check(is_schema_nc)) {
+			PyErr_SetString(PyExc_TypeError, "Expected boolean is_schema_nc");
+			return NULL;
+		}
+		if (is_schema_nc == Py_True) {
+			schema_nc = true;
+		}
+	}
+
+	schema = dsdb_get_schema(ldb, NULL);
+
+	if (!schema) {
+		PyErr_SetString(PyExc_RuntimeError, "Failed to find a schema from ldb");
+		return NULL;
+	}
+
+	a = dsdb_attribute_by_lDAPDisplayName(schema, ldap_display_name);
+	if (a == NULL) {
+		PyErr_Format(PyExc_KeyError, "Failed to find attribute '%s'", ldap_display_name);
+		return NULL;
+	}
+
+	attid = dsdb_attribute_get_attid(a, schema_nc);
+
+	return PyLong_FromUnsignedLong(attid);
+}
+
+/*
+  return the systemFlags as int from the attribute name
+ */
+static PyObject *py_dsdb_get_systemFlags_from_lDAPDisplayName(PyObject *self, PyObject *args)
+{
+	PyObject *py_ldb;
+	struct ldb_context *ldb;
+	struct dsdb_schema *schema;
+	const char *ldap_display_name;
+	const struct dsdb_attribute *attribute;
+
+	if (!PyArg_ParseTuple(args, "Os", &py_ldb, &ldap_display_name))
+		return NULL;
+
+	PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+	schema = dsdb_get_schema(ldb, NULL);
+
+	if (!schema) {
+		PyErr_SetString(PyExc_RuntimeError, "Failed to find a schema from ldb");
+		return NULL;
+	}
+
+	attribute = dsdb_attribute_by_lDAPDisplayName(schema, ldap_display_name);
+	if (attribute == NULL) {
+		PyErr_Format(PyExc_KeyError, "Failed to find attribute '%s'", ldap_display_name);
+		return NULL;
+	}
+
+	return PyLong_FromLong(attribute->systemFlags);
+}
+
+/*
+  return the linkID from the attribute name
+ */
+static PyObject *py_dsdb_get_linkId_from_lDAPDisplayName(PyObject *self, PyObject *args)
+{
+	PyObject *py_ldb;
+	struct ldb_context *ldb;
+	struct dsdb_schema *schema;
+	const char *ldap_display_name;
+	const struct dsdb_attribute *attribute;
+
+	if (!PyArg_ParseTuple(args, "Os", &py_ldb, &ldap_display_name))
+		return NULL;
+
+	PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+	schema = dsdb_get_schema(ldb, NULL);
+
+	if (!schema) {
+		PyErr_SetString(PyExc_RuntimeError, "Failed to find a schema from ldb");
+		return NULL;
+	}
+
+	attribute = dsdb_attribute_by_lDAPDisplayName(schema, ldap_display_name);
+	if (attribute == NULL) {
+		PyErr_Format(PyExc_KeyError, "Failed to find attribute '%s'", ldap_display_name);
+		return NULL;
+	}
+
+	return PyLong_FromLong(attribute->linkID);
+}
+
+/*
+  return the backlink attribute name (if any) for an attribute
+ */
+static PyObject *py_dsdb_get_backlink_from_lDAPDisplayName(PyObject *self, PyObject *args)
+{
+	PyObject *py_ldb;
+	struct ldb_context *ldb;
+	struct dsdb_schema *schema;
+	const char *ldap_display_name;
+	const struct dsdb_attribute *attribute, *target_attr;
+
+	if (!PyArg_ParseTuple(args, "Os", &py_ldb, &ldap_display_name))
+		return NULL;
+
+	PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+	schema = dsdb_get_schema(ldb, NULL);
+
+	if (!schema) {
+		PyErr_SetString(PyExc_RuntimeError, "Failed to find a schema from ldb");
+		return NULL;
+	}
+
+	attribute = dsdb_attribute_by_lDAPDisplayName(schema, ldap_display_name);
+	if (attribute == NULL) {
+		PyErr_Format(PyExc_KeyError, "Failed to find attribute '%s'", ldap_display_name);
+		return NULL;
+	}
+
+	if (attribute->linkID == 0) {
+		Py_RETURN_NONE;
+	}
+
+	target_attr = dsdb_attribute_by_linkID(schema, attribute->linkID ^ 1);
+	if (target_attr == NULL) {
+		/* when we add pseudo-backlinks we'll need to handle
+		   them here */
+		Py_RETURN_NONE;
+	}
+
+	return PyUnicode_FromString(target_attr->lDAPDisplayName);
+}
+
+
+static PyObject *py_dsdb_get_lDAPDisplayName_by_attid(PyObject *self, PyObject *args)
+{
+	PyObject *py_ldb;
+	struct ldb_context *ldb;
+	struct dsdb_schema *schema;
+	const struct dsdb_attribute *a;
+	uint32_t attid;
+
+	if (!PyArg_ParseTuple(args, "OI", &py_ldb, &attid))
+		return NULL;
+
+	PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+	schema = dsdb_get_schema(ldb, NULL);
+
+	if (!schema) {
+		PyErr_SetString(PyExc_RuntimeError, "Failed to find a schema from ldb");
+		return NULL;
+	}
+
+	a = dsdb_attribute_by_attributeID_id(schema, attid);
+	if (a == NULL) {
+		PyErr_Format(PyExc_KeyError, "Failed to find attribute '0x%08x'", attid);
+		return NULL;
+	}
+
+	return PyUnicode_FromString(a->lDAPDisplayName);
+}
+
+
+/*
+  return the attribute syntax oid as a string from the attribute name
+ */
+static PyObject *py_dsdb_get_syntax_oid_from_lDAPDisplayName(PyObject *self, PyObject *args)
+{
+	PyObject *py_ldb;
+	struct ldb_context *ldb;
+	struct dsdb_schema *schema;
+	const char *ldap_display_name;
+	const struct dsdb_attribute *attribute;
+
+	if (!PyArg_ParseTuple(args, "Os", &py_ldb, &ldap_display_name))
+		return NULL;
+
+	PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+	schema = dsdb_get_schema(ldb, NULL);
+
+	if (!schema) {
+		PyErr_SetString(PyExc_RuntimeError, "Failed to find a schema from ldb");
+		return NULL;
+	}
+
+	attribute = dsdb_attribute_by_lDAPDisplayName(schema, ldap_display_name);
+	if (attribute == NULL) {
+		PyErr_Format(PyExc_KeyError, "Failed to find attribute '%s'", ldap_display_name);
+		return NULL;
+	}
+
+	return PyUnicode_FromString(attribute->syntax->ldap_oid);
+}
+
+/*
+  convert a python string to a DRSUAPI drsuapi_DsReplicaAttribute attribute
+ */
+static PyObject *py_dsdb_DsReplicaAttribute(PyObject *self, PyObject *args)
+{
+	PyObject *py_ldb, *el_list, *ret;
+	struct ldb_context *ldb;
+	char *ldap_display_name;
+	const struct dsdb_attribute *a;
+	struct dsdb_schema *schema;
+	struct dsdb_syntax_ctx syntax_ctx;
+	struct ldb_message_element *el;
+	struct drsuapi_DsReplicaAttribute *attr;
+	TALLOC_CTX *tmp_ctx;
+	WERROR werr;
+	Py_ssize_t i;
+
+	if (!PyArg_ParseTuple(args, "OsO", &py_ldb, &ldap_display_name, &el_list)) {
+		return NULL;
+	}
+
+	PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+	schema = dsdb_get_schema(ldb, NULL);
+	if (!schema) {
+		PyErr_SetString(PyExc_RuntimeError, "Failed to find a schema from ldb");
+		return NULL;
+	}
+
+	a = dsdb_attribute_by_lDAPDisplayName(schema, ldap_display_name);
+	if (a == NULL) {
+		PyErr_Format(PyExc_KeyError, "Failed to find attribute '%s'", ldap_display_name);
+		return NULL;
+	}
+
+	dsdb_syntax_ctx_init(&syntax_ctx, ldb, schema);
+	syntax_ctx.is_schema_nc = false;
+
+	tmp_ctx = talloc_new(ldb);
+	if (tmp_ctx == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	/* If we were not given an LdbMessageElement */
+	if (!PyList_Check(el_list)) {
+		if (!py_check_dcerpc_type(el_list, "ldb", "MessageElement")) {
+			PyErr_SetString(py_ldb_get_exception(),
+					"list of strings or ldb MessageElement object required");
+			return NULL;
+		}
+		/*
+		 * NOTE:
+		 * el may not be a valid talloc context, it
+		 * could be part of an array
+		 */
+		el = pyldb_MessageElement_AsMessageElement(el_list);
+	} else {
+		el = talloc_zero(tmp_ctx, struct ldb_message_element);
+		if (el == NULL) {
+			PyErr_NoMemory();
+			talloc_free(tmp_ctx);
+			return NULL;
+		}
+
+		el->name = ldap_display_name;
+		el->num_values = PyList_Size(el_list);
+
+		el->values = talloc_array(el, struct ldb_val, el->num_values);
+		if (el->values == NULL) {
+			PyErr_NoMemory();
+			talloc_free(tmp_ctx);
+			return NULL;
+		}
+
+		for (i = 0; i < el->num_values; i++) {
+			PyObject *item = PyList_GetItem(el_list, i);
+			if (!(PyBytes_Check(item))) {
+				PyErr_Format(PyExc_TypeError,
+					     "ldif_element type should be bytes"
+					     );
+				talloc_free(tmp_ctx);
+				return NULL;
+			}
+			el->values[i].data =
+				(uint8_t *)PyBytes_AsString(item);
+			el->values[i].length = PyBytes_Size(item);
+		}
+	}
+
+	attr = talloc_zero(tmp_ctx, struct drsuapi_DsReplicaAttribute);
+	if (attr == NULL) {
+		PyErr_NoMemory();
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+
+	werr = a->syntax->ldb_to_drsuapi(&syntax_ctx, a, el, attr, attr);
+	PyErr_WERROR_NOT_OK_RAISE(werr);
+
+	ret = py_return_ndr_struct("samba.dcerpc.drsuapi", "DsReplicaAttribute", attr, attr);
+
+	talloc_free(tmp_ctx);
+
+	return ret;
+}
+
+
+/*
+  normalise a ldb attribute list
+ */
+static PyObject *py_dsdb_normalise_attributes(PyObject *self, PyObject *args)
+{
+	PyObject *py_ldb, *el_list, *py_ret;
+	struct ldb_context *ldb;
+	char *ldap_display_name;
+	const struct dsdb_attribute *a;
+	struct dsdb_schema *schema;
+	struct dsdb_syntax_ctx syntax_ctx;
+	struct ldb_message_element *el, *new_el;
+	struct drsuapi_DsReplicaAttribute *attr;
+	PyLdbMessageElementObject *ret;
+	TALLOC_CTX *tmp_ctx;
+	WERROR werr;
+	Py_ssize_t i;
+	PyTypeObject *py_type = NULL;
+	PyObject *module = NULL;
+
+	if (!PyArg_ParseTuple(args, "OsO", &py_ldb, &ldap_display_name, &el_list)) {
+		return NULL;
+	}
+
+	PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+	schema = dsdb_get_schema(ldb, NULL);
+	if (!schema) {
+		PyErr_SetString(PyExc_RuntimeError, "Failed to find a schema from ldb");
+		return NULL;
+	}
+
+	a = dsdb_attribute_by_lDAPDisplayName(schema, ldap_display_name);
+	if (a == NULL) {
+		PyErr_Format(PyExc_KeyError, "Failed to find attribute '%s'", ldap_display_name);
+		return NULL;
+	}
+
+	dsdb_syntax_ctx_init(&syntax_ctx, ldb, schema);
+	syntax_ctx.is_schema_nc = false;
+
+	tmp_ctx = talloc_new(ldb);
+	if (tmp_ctx == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	if (!PyList_Check(el_list)) {
+		if (!py_check_dcerpc_type(el_list, "ldb", "MessageElement")) {
+			PyErr_SetString(py_ldb_get_exception(),
+					"list of strings or ldb MessageElement object required");
+			return NULL;
+		}
+		/*
+		 * NOTE:
+		 * el may not be a valid talloc context, it
+		 * could be part of an array
+		 */
+		el = pyldb_MessageElement_AsMessageElement(el_list);
+	} else {
+		el = talloc_zero(tmp_ctx, struct ldb_message_element);
+		if (el == NULL) {
+			PyErr_NoMemory();
+			talloc_free(tmp_ctx);
+			return NULL;
+		}
+
+		el->name = ldap_display_name;
+		el->num_values = PyList_Size(el_list);
+
+		el->values = talloc_array(el, struct ldb_val, el->num_values);
+		if (el->values == NULL) {
+			PyErr_NoMemory();
+			talloc_free(tmp_ctx);
+			return NULL;
+		}
+
+		for (i = 0; i < el->num_values; i++) {
+			PyObject *item = PyList_GetItem(el_list, i);
+			if (!PyBytes_Check(item)) {
+				PyErr_Format(PyExc_TypeError,
+					     "ldif_element type should be bytes"
+					     );
+				talloc_free(tmp_ctx);
+				return NULL;
+			}
+			el->values[i].data = (uint8_t *)PyBytes_AsString(item);
+			el->values[i].length = PyBytes_Size(item);
+		}
+	}
+
+	new_el = talloc_zero(tmp_ctx, struct ldb_message_element);
+	if (new_el == NULL) {
+		PyErr_NoMemory();
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+
+	/* Normalise "objectClass" attribute if needed */
+	if (ldb_attr_cmp(a->lDAPDisplayName, "objectClass") == 0) {
+		int iret;
+		iret = dsdb_sort_objectClass_attr(ldb, schema, el, new_el, new_el);
+		if (iret != LDB_SUCCESS) {
+			PyErr_SetString(PyExc_RuntimeError, ldb_errstring(ldb));
+			talloc_free(tmp_ctx);
+			return NULL;
+		}
+	}
+
+	/* first run ldb_to_drsuapi, then convert back again. This has
+	 * the effect of normalising the attributes
+	 */
+
+	attr = talloc_zero(tmp_ctx, struct drsuapi_DsReplicaAttribute);
+	if (attr == NULL) {
+		PyErr_NoMemory();
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+
+	werr = a->syntax->ldb_to_drsuapi(&syntax_ctx, a, el, attr, attr);
+	PyErr_WERROR_NOT_OK_RAISE(werr);
+
+	/* now convert back again */
+	werr = a->syntax->drsuapi_to_ldb(&syntax_ctx, a, attr, new_el, new_el);
+	PyErr_WERROR_NOT_OK_RAISE(werr);
+
+	module = PyImport_ImportModule("ldb");
+	if (module == NULL) {
+		return NULL;
+	}
+
+	py_type = (PyTypeObject *)PyObject_GetAttrString(module, "MessageElement");
+	if (py_type == NULL) {
+		Py_DECREF(module);
+		return NULL;
+	}
+
+	Py_CLEAR(module);
+
+	py_ret = py_type->tp_alloc(py_type, 0);
+	Py_CLEAR(py_type);
+	if (py_ret == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+	ret = (PyLdbMessageElementObject *)py_ret;
+
+	ret->mem_ctx = talloc_new(NULL);
+	if (talloc_reference(ret->mem_ctx, new_el) == NULL) {
+		Py_CLEAR(py_ret);
+		PyErr_NoMemory();
+		return NULL;
+	}
+	ret->el = new_el;
+
+	talloc_free(tmp_ctx);
+
+	return py_ret;
+}
+
+
+static PyObject *py_dsdb_set_ntds_invocation_id(PyObject *self, PyObject *args)
+{
+	PyObject *py_ldb, *py_guid;
+	bool ret;
+	struct GUID guid;
+	struct ldb_context *ldb;
+	if (!PyArg_ParseTuple(args, "OO", &py_ldb, &py_guid))
+		return NULL;
+
+	PyErr_LDB_OR_RAISE(py_ldb, ldb);
+	GUID_from_string(PyUnicode_AsUTF8(py_guid), &guid);
+
+	if (GUID_all_zero(&guid)) {
+		PyErr_SetString(PyExc_RuntimeError, "set_ntds_invocation_id rejected due to all-zero invocation ID");
+		return NULL;
+	}
+
+	ret = samdb_set_ntds_invocation_id(ldb, &guid);
+	if (!ret) {
+		PyErr_SetString(PyExc_RuntimeError, "set_ntds_invocation_id failed");
+		return NULL;
+	}
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_samdb_ntds_objectGUID(PyObject *self, PyObject *args)
+{
+	PyObject *py_ldb, *result;
+	struct ldb_context *ldb;
+	const struct GUID *guid;
+	char *retstr;
+
+	if (!PyArg_ParseTuple(args, "O", &py_ldb)) {
+		return NULL;
+	}
+
+	PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+	guid = samdb_ntds_objectGUID(ldb);
+	if (guid == NULL) {
+		PyErr_SetString(PyExc_RuntimeError, "Failed to find NTDS GUID");
+		return NULL;
+	}
+
+	retstr = GUID_string(NULL, guid);
+	if (retstr == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+	result = PyUnicode_FromString(retstr);
+	talloc_free(retstr);
+	return result;
+}
+
+static PyObject *py_dsdb_set_global_schema(PyObject *self, PyObject *args)
+{
+	PyObject *py_ldb;
+	struct ldb_context *ldb;
+	int ret;
+	if (!PyArg_ParseTuple(args, "O", &py_ldb))
+		return NULL;
+
+	PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+	ret = dsdb_set_global_schema(ldb);
+	PyErr_LDB_ERROR_IS_ERR_RAISE(py_ldb_get_exception(), ret, ldb);
+
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_dsdb_load_partition_usn(PyObject *self, PyObject *args)
+{
+	PyObject *py_dn, *py_ldb, *result;
+	struct ldb_dn *dn;
+	uint64_t highest_uSN, urgent_uSN;
+	struct ldb_context *ldb;
+	TALLOC_CTX *mem_ctx;
+	int ret;
+
+	if (!PyArg_ParseTuple(args, "OO", &py_ldb, &py_dn)) {
+		return NULL;
+	}
+
+	PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	if (!pyldb_Object_AsDn(mem_ctx, py_dn, ldb, &dn)) {
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	ret = dsdb_load_partition_usn(ldb, dn, &highest_uSN, &urgent_uSN);
+	if (ret != LDB_SUCCESS) {
+	   PyErr_Format(PyExc_RuntimeError,
+			"Failed to load partition [%s] uSN - %s",
+			ldb_dn_get_linearized(dn),
+			ldb_errstring(ldb));
+	   talloc_free(mem_ctx);
+	   return NULL;
+	}
+
+	talloc_free(mem_ctx);
+
+	result = Py_BuildValue(
+			"{s:l, s:l}",
+			"uSNHighest", (uint64_t)highest_uSN,
+			"uSNUrgent", (uint64_t)urgent_uSN);
+
+	return result;
+}
+
+static PyObject *py_dsdb_set_am_rodc(PyObject *self, PyObject *args)
+{
+	PyObject *py_ldb;
+	bool ret;
+	struct ldb_context *ldb;
+	int py_val;
+
+	if (!PyArg_ParseTuple(args, "Oi", &py_ldb, &py_val))
+		return NULL;
+
+	PyErr_LDB_OR_RAISE(py_ldb, ldb);
+	ret = samdb_set_am_rodc(ldb, (bool)py_val);
+	if (!ret) {
+		PyErr_SetString(PyExc_RuntimeError, "set_am_rodc failed");
+		return NULL;
+	}
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_dsdb_set_schema_from_ldif(PyObject *self, PyObject *args)
+{
+	WERROR result;
+	char *pf, *df, *dn;
+	PyObject *py_ldb;
+	struct ldb_context *ldb;
+
+	if (!PyArg_ParseTuple(args, "Osss", &py_ldb, &pf, &df, &dn))
+		return NULL;
+
+	PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+	result = dsdb_set_schema_from_ldif(ldb, pf, df, dn);
+	PyErr_WERROR_NOT_OK_RAISE(result);
+
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_dsdb_set_schema_from_ldb(PyObject *self, PyObject *args)
+{
+	PyObject *py_ldb;
+	struct ldb_context *ldb;
+	PyObject *py_from_ldb;
+	struct ldb_context *from_ldb;
+	struct dsdb_schema *schema;
+	int ret;
+	char write_indices_and_attributes = SCHEMA_WRITE;
+	if (!PyArg_ParseTuple(args, "OO|b",
+			      &py_ldb, &py_from_ldb, &write_indices_and_attributes))
+		return NULL;
+
+	PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+	PyErr_LDB_OR_RAISE(py_from_ldb, from_ldb);
+
+	schema = dsdb_get_schema(from_ldb, NULL);
+	if (!schema) {
+		PyErr_SetString(PyExc_RuntimeError, "Failed to set find a schema on 'from' ldb!\n");
+		return NULL;
+	}
+
+	ret = dsdb_reference_schema(ldb, schema, write_indices_and_attributes);
+	PyErr_LDB_ERROR_IS_ERR_RAISE(py_ldb_get_exception(), ret, ldb);
+
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_dsdb_write_prefixes_from_schema_to_ldb(PyObject *self, PyObject *args)
+{
+	PyObject *py_ldb;
+	struct ldb_context *ldb;
+	WERROR result;
+	struct dsdb_schema *schema;
+
+	if (!PyArg_ParseTuple(args, "O", &py_ldb))
+		return NULL;
+
+	PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+	schema = dsdb_get_schema(ldb, NULL);
+	if (!schema) {
+		PyErr_SetString(PyExc_RuntimeError, "Failed to set find a schema on ldb!\n");
+		return NULL;
+	}
+
+	result = dsdb_write_prefixes_from_schema_to_ldb(NULL, ldb, schema);
+	PyErr_WERROR_NOT_OK_RAISE(result);
+
+	Py_RETURN_NONE;
+}
+
+
+static PyObject *py_dsdb_get_partitions_dn(PyObject *self, PyObject *args)
+{
+	struct ldb_context *ldb;
+	struct ldb_dn *dn;
+	PyObject *py_ldb, *ret;
+
+	if (!PyArg_ParseTuple(args, "O", &py_ldb))
+		return NULL;
+
+	PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+	dn = samdb_partitions_dn(ldb, NULL);
+	if (dn == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+	ret = pyldb_Dn_FromDn(dn);
+	talloc_free(dn);
+	return ret;
+}
+
+
+static PyObject *py_dsdb_get_nc_root(PyObject *self, PyObject *args)
+{
+	struct ldb_context *ldb;
+	struct ldb_dn *dn, *nc_root;
+	PyObject *py_ldb, *py_ldb_dn, *py_nc_root;
+	int ret;
+
+	if (!PyArg_ParseTuple(args, "OO", &py_ldb, &py_ldb_dn))
+		return NULL;
+
+	PyErr_LDB_OR_RAISE(py_ldb, ldb);
+	PyErr_LDB_DN_OR_RAISE(py_ldb_dn, dn);
+
+	ret = dsdb_find_nc_root(ldb, ldb, dn, &nc_root);
+	PyErr_LDB_ERROR_IS_ERR_RAISE(py_ldb_get_exception(), ret, ldb);
+
+	py_nc_root = pyldb_Dn_FromDn(nc_root);
+	talloc_unlink(ldb, nc_root);
+	return py_nc_root;
+}
+
+static PyObject *py_dsdb_get_wellknown_dn(PyObject *self, PyObject *args)
+{
+	struct ldb_context *ldb;
+	struct ldb_dn *nc_dn, *wk_dn;
+	char *wkguid;
+	PyObject *py_ldb, *py_nc_dn, *py_wk_dn;
+	int ret;
+
+	if (!PyArg_ParseTuple(args, "OOs", &py_ldb, &py_nc_dn, &wkguid))
+		return NULL;
+
+	PyErr_LDB_OR_RAISE(py_ldb, ldb);
+	PyErr_LDB_DN_OR_RAISE(py_nc_dn, nc_dn);
+
+	ret = dsdb_wellknown_dn(ldb, ldb, nc_dn, wkguid, &wk_dn);
+	if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+		PyErr_Format(PyExc_KeyError, "Failed to find well known DN for GUID %s", wkguid);
+		return NULL;
+	}
+
+	PyErr_LDB_ERROR_IS_ERR_RAISE(py_ldb_get_exception(), ret, ldb);
+
+	py_wk_dn = pyldb_Dn_FromDn(wk_dn);
+	talloc_unlink(ldb, wk_dn);
+	return py_wk_dn;
+}
+
+
+/*
+  call into samdb_rodc()
+ */
+static PyObject *py_dsdb_am_rodc(PyObject *self, PyObject *args)
+{
+	PyObject *py_ldb;
+	struct ldb_context *ldb;
+	int ret;
+	bool am_rodc;
+
+	if (!PyArg_ParseTuple(args, "O", &py_ldb))
+		return NULL;
+
+	PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+	ret = samdb_rodc(ldb, &am_rodc);
+	if (ret != LDB_SUCCESS) {
+		PyErr_SetString(PyExc_RuntimeError, ldb_errstring(ldb));
+		return NULL;
+	}
+
+	return PyBool_FromLong(am_rodc);
+}
+
+/*
+  call into samdb_is_pdc()
+ */
+static PyObject *py_dsdb_am_pdc(PyObject *self, PyObject *args)
+{
+	PyObject *py_ldb;
+	struct ldb_context *ldb;
+	bool am_pdc;
+
+	if (!PyArg_ParseTuple(args, "O", &py_ldb))
+		return NULL;
+
+	PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+	am_pdc = samdb_is_pdc(ldb);
+	return PyBool_FromLong(am_pdc);
+}
+
+/*
+  call DSDB_EXTENDED_CREATE_OWN_RID_SET to get a new RID set for this server
+ */
+static PyObject *py_dsdb_create_own_rid_set(PyObject *self, PyObject *args)
+{
+	PyObject *py_ldb;
+	struct ldb_context *ldb;
+	int ret;
+	struct ldb_result *ext_res;
+
+	if (!PyArg_ParseTuple(args, "O", &py_ldb))
+		return NULL;
+
+	PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+	/*
+	 * Run DSDB_EXTENDED_CREATE_OWN_RID_SET to get a RID set
+	 */
+
+	ret = ldb_extended(ldb, DSDB_EXTENDED_CREATE_OWN_RID_SET, NULL, &ext_res);
+
+	PyErr_LDB_ERROR_IS_ERR_RAISE(py_ldb_get_exception(), ret, ldb);
+
+	TALLOC_FREE(ext_res);
+
+	Py_RETURN_NONE;
+}
+
+/*
+  call DSDB_EXTENDED_ALLOCATE_RID to get a new RID set for this server
+ */
+static PyObject *py_dsdb_allocate_rid(PyObject *self, PyObject *args)
+{
+	PyObject *py_ldb;
+	struct ldb_context *ldb;
+	int ret;
+	uint32_t rid;
+	struct ldb_result *ext_res = NULL;
+	struct dsdb_extended_allocate_rid *rid_return = NULL;
+	if (!PyArg_ParseTuple(args, "O", &py_ldb)) {
+		return NULL;
+	}
+
+	PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+	rid_return = talloc_zero(ldb, struct dsdb_extended_allocate_rid);
+	if (rid_return == NULL) {
+		return PyErr_NoMemory();
+	}
+
+	/*
+	 * Run DSDB_EXTENDED_ALLOCATE_RID to get a new RID
+	 */
+
+	ret = ldb_extended(ldb, DSDB_EXTENDED_ALLOCATE_RID, rid_return, &ext_res);
+	if (ret != LDB_SUCCESS) {
+		TALLOC_FREE(rid_return);
+		TALLOC_FREE(ext_res);
+		PyErr_LDB_ERROR_IS_ERR_RAISE(py_ldb_get_exception(), ret, ldb);
+	}
+
+	rid = rid_return->rid;
+	TALLOC_FREE(rid_return);
+	TALLOC_FREE(ext_res);
+
+	return PyLong_FromLong(rid);
+}
+
+#ifdef AD_DC_BUILD_IS_ENABLED
+static PyObject *py_dns_delete_tombstones(PyObject *self, PyObject *args)
+{
+	PyObject *py_ldb;
+	NTSTATUS status;
+	struct ldb_context *ldb = NULL;
+	TALLOC_CTX *mem_ctx = NULL;
+	char *error_string = NULL;
+
+	if (!PyArg_ParseTuple(args, "O", &py_ldb)) {
+		return NULL;
+	}
+	PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+	mem_ctx = talloc_new(ldb);
+	if (mem_ctx == NULL) {
+		return PyErr_NoMemory();
+	}
+
+	status = dns_delete_tombstones(mem_ctx, ldb, &error_string);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		if (error_string) {
+			PyErr_Format(PyExc_RuntimeError, "%s", error_string);
+		} else {
+			PyErr_SetNTSTATUS(status);
+		}
+		TALLOC_FREE(mem_ctx);
+		return NULL;
+	}
+
+	TALLOC_FREE(mem_ctx);
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_scavenge_dns_records(PyObject *self, PyObject *args)
+{
+	PyObject *py_ldb;
+	NTSTATUS status;
+	struct ldb_context *ldb = NULL;
+	TALLOC_CTX *mem_ctx = NULL;
+	char *error_string = NULL;
+
+	if (!PyArg_ParseTuple(args, "O", &py_ldb)) {
+		return NULL;
+	}
+	PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+	mem_ctx = talloc_new(ldb);
+	if (mem_ctx == NULL) {
+		return PyErr_NoMemory();
+	}
+
+	status = dns_tombstone_records(mem_ctx, ldb, &error_string);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		if (error_string) {
+			PyErr_Format(PyExc_RuntimeError, "%s", error_string);
+		} else {
+			PyErr_SetNTSTATUS(status);
+		}
+		TALLOC_FREE(mem_ctx);
+		return NULL;
+	}
+
+	TALLOC_FREE(mem_ctx);
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_dsdb_garbage_collect_tombstones(PyObject *self, PyObject *args)
+{
+	PyObject *py_ldb, *py_list_dn;
+	struct ldb_context *ldb = NULL;
+        Py_ssize_t i;
+        Py_ssize_t length;
+	long long _current_time, _tombstone_lifetime = LLONG_MAX;
+	uint32_t tombstone_lifetime32;
+	struct dsdb_ldb_dn_list_node *part = NULL;
+	time_t current_time, tombstone_lifetime;
+	TALLOC_CTX *mem_ctx = NULL;
+	NTSTATUS status;
+	unsigned int num_objects_removed = 0;
+	unsigned int num_links_removed = 0;
+	char *error_string = NULL;
+
+	if (!PyArg_ParseTuple(args, "OOL|L", &py_ldb,
+			      &py_list_dn, &_current_time, &_tombstone_lifetime)) {
+		return NULL;
+	}
+
+
+	PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+	mem_ctx = talloc_new(ldb);
+	if (mem_ctx == NULL) {
+		return PyErr_NoMemory();
+	}
+
+	current_time = _current_time;
+
+	if (_tombstone_lifetime == LLONG_MAX) {
+		int ret = dsdb_tombstone_lifetime(ldb, &tombstone_lifetime32);
+		if (ret != LDB_SUCCESS) {
+			PyErr_Format(PyExc_RuntimeError,
+				     "Failed to get tombstone lifetime: %s",
+				     ldb_errstring(ldb));
+			TALLOC_FREE(mem_ctx);
+			return NULL;
+		}
+		tombstone_lifetime = tombstone_lifetime32;
+	} else {
+		tombstone_lifetime = _tombstone_lifetime;
+	}
+
+	if (!PyList_Check(py_list_dn)) {
+		PyErr_SetString(PyExc_TypeError, "A list of DNs were expected");
+		TALLOC_FREE(mem_ctx);
+		return NULL;
+	}
+
+	length = PyList_GET_SIZE(py_list_dn);
+
+	for (i = 0; i < length; i++) {
+		const char *part_str = PyUnicode_AsUTF8(PyList_GetItem(py_list_dn, i));
+		struct ldb_dn *p;
+		struct dsdb_ldb_dn_list_node *node;
+
+		if (part_str == NULL) {
+			TALLOC_FREE(mem_ctx);
+			return PyErr_NoMemory();
+		}
+
+		p = ldb_dn_new(mem_ctx, ldb, part_str);
+		if (p == NULL) {
+			PyErr_Format(PyExc_RuntimeError, "Failed to parse DN %s", part_str);
+			TALLOC_FREE(mem_ctx);
+			return NULL;
+		}
+		node = talloc_zero(mem_ctx, struct dsdb_ldb_dn_list_node);
+		node->dn = p;
+
+		DLIST_ADD_END(part, node);
+	}
+
+	status = dsdb_garbage_collect_tombstones(mem_ctx, ldb,
+						 part, current_time,
+						 tombstone_lifetime,
+						 &num_objects_removed,
+						 &num_links_removed,
+						 &error_string);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		if (error_string) {
+			PyErr_Format(PyExc_RuntimeError, "%s", error_string);
+		} else {
+			PyErr_SetNTSTATUS(status);
+		}
+		TALLOC_FREE(mem_ctx);
+		return NULL;
+	}
+
+	TALLOC_FREE(mem_ctx);
+
+	return Py_BuildValue("(II)", num_objects_removed,
+			    num_links_removed);
+}
+#endif
+
+static PyObject *py_dsdb_load_udv_v2(PyObject *self, PyObject *args)
+{
+	uint32_t count;
+	int ret, i;
+	bool ok;
+	PyObject *py_ldb = NULL, *py_dn = NULL, *pylist = NULL;
+	struct ldb_context *samdb = NULL;
+	struct ldb_dn *dn = NULL;
+	struct drsuapi_DsReplicaCursor2 *cursors = NULL;
+	TALLOC_CTX *tmp_ctx = NULL;
+
+	if (!PyArg_ParseTuple(args, "OO", &py_ldb, &py_dn)) {
+		return NULL;
+	}
+
+	PyErr_LDB_OR_RAISE(py_ldb, samdb);
+
+	tmp_ctx = talloc_new(samdb);
+	if (tmp_ctx == NULL) {
+		return PyErr_NoMemory();
+	}
+
+	ok = pyldb_Object_AsDn(tmp_ctx, py_dn, samdb, &dn);
+	if (!ok) {
+		TALLOC_FREE(tmp_ctx);
+		return NULL;
+	}
+
+	ret = dsdb_load_udv_v2(samdb, dn, tmp_ctx, &cursors, &count);
+	if (ret != LDB_SUCCESS) {
+		TALLOC_FREE(tmp_ctx);
+		PyErr_SetString(PyExc_RuntimeError,
+				"Failed to load udv from ldb");
+		return NULL;
+	}
+
+	pylist = PyList_New(count);
+	if (pylist == NULL) {
+		TALLOC_FREE(tmp_ctx);
+		return PyErr_NoMemory();
+	}
+
+	for (i = 0; i < count; i++) {
+		PyObject *py_cursor;
+		struct drsuapi_DsReplicaCursor2 *cursor;
+		cursor = talloc(tmp_ctx, struct drsuapi_DsReplicaCursor2);
+		if (cursor == NULL) {
+			TALLOC_FREE(tmp_ctx);
+			return PyErr_NoMemory();
+		}
+		*cursor = cursors[i];
+
+		py_cursor = py_return_ndr_struct("samba.dcerpc.drsuapi",
+						 "DsReplicaCursor2",
+						 cursor, cursor);
+		if (py_cursor == NULL) {
+			TALLOC_FREE(tmp_ctx);
+			return PyErr_NoMemory();
+		}
+
+		PyList_SetItem(pylist, i, py_cursor);
+	}
+
+	TALLOC_FREE(tmp_ctx);
+	return pylist;
+}
+
+static PyObject *py_dsdb_user_account_control_flag_bit_to_string(PyObject *self, PyObject *args)
+{
+	const char *str;
+	long long uf;
+	if (!PyArg_ParseTuple(args, "L", &uf)) {
+		return NULL;
+	}
+
+	if (uf > UINT32_MAX) {
+		return PyErr_Format(PyExc_OverflowError, "No UF_ flags are over UINT32_MAX");
+	}
+	if (uf < 0) {
+		return PyErr_Format(PyExc_KeyError, "No UF_ flags are less then zero");
+	}
+
+	str = dsdb_user_account_control_flag_bit_to_string(uf);
+	if (str == NULL) {
+		return PyErr_Format(PyExc_KeyError,
+				    "No such UF_ flag 0x%08x",
+				    (unsigned int)uf);
+	}
+	return PyUnicode_FromString(str);
+}
+
+static PyObject *py_dsdb_check_and_update_fl(PyObject *self, PyObject *args)
+{
+	TALLOC_CTX *frame = NULL;
+
+	PyObject *py_ldb = NULL, *py_lp = NULL;
+	struct ldb_context *ldb = NULL;
+	struct loadparm_context *lp_ctx = NULL;
+
+	int ret;
+
+	if (!PyArg_ParseTuple(args, "OO", &py_ldb, &py_lp)) {
+		return NULL;
+	}
+
+	PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+	frame = talloc_stackframe();
+
+	lp_ctx = lpcfg_from_py_object(frame, py_lp);
+	if (lp_ctx == NULL) {
+		TALLOC_FREE(frame);
+		return NULL;
+	}
+
+	ret = dsdb_check_and_update_fl(ldb, lp_ctx);
+	TALLOC_FREE(frame);
+
+	PyErr_LDB_ERROR_IS_ERR_RAISE(py_ldb_get_exception(), ret, ldb);
+
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_dsdb_dc_operatingSystemVersion(PyObject *self, PyObject *args)
+{
+	const char *str = NULL;
+	int dc_level = 0;
+
+	if (!PyArg_ParseTuple(args, "i", &dc_level)) {
+		return NULL;
+	}
+
+	str = dsdb_dc_operatingSystemVersion(dc_level);
+	if (str == NULL) {
+		return PyErr_Format(PyExc_KeyError,
+				    "dsdb_dc_operatingSystemVersion(%d) failed",
+				    dc_level);
+	}
+
+	return PyUnicode_FromString(str);
+}
+
+static PyMethodDef py_dsdb_methods[] = {
+	{ "_samdb_server_site_name", (PyCFunction)py_samdb_server_site_name,
+		METH_VARARGS, "Get the server site name as a string"},
+	{ "_dsdb_convert_schema_to_openldap",
+		(PyCFunction)py_dsdb_convert_schema_to_openldap, METH_VARARGS, 
+		"dsdb_convert_schema_to_openldap(ldb, target_str, mapping) -> str\n"
+		"Create an OpenLDAP schema from a schema." },
+	{ "_samdb_set_domain_sid", (PyCFunction)py_samdb_set_domain_sid,
+		METH_VARARGS,
+		"samdb_set_domain_sid(samdb, sid)\n"
+		"Set SID of domain to use." },
+	{ "_samdb_get_domain_sid", (PyCFunction)py_samdb_get_domain_sid,
+		METH_VARARGS,
+		"samdb_get_domain_sid(samdb)\n"
+		"Get SID of domain in use." },
+	{ "_samdb_ntds_invocation_id", (PyCFunction)py_samdb_ntds_invocation_id,
+		METH_VARARGS, "get the NTDS invocation ID GUID as a string"},
+	{ "_samdb_set_ntds_settings_dn", (PyCFunction)py_samdb_set_ntds_settings_dn,
+		METH_VARARGS,
+		"samdb_set_ntds_settings_dn(samdb, ntds_settings_dn)\n"
+		"Set NTDS Settings DN for this LDB (allows it to be set before the DB fully exists)." },
+	{ "_dsdb_get_oid_from_attid", (PyCFunction)py_dsdb_get_oid_from_attid,
+		METH_VARARGS, NULL },
+	{ "_dsdb_get_attid_from_lDAPDisplayName", (PyCFunction)py_dsdb_get_attid_from_lDAPDisplayName,
+		METH_VARARGS, NULL },
+	{ "_dsdb_get_syntax_oid_from_lDAPDisplayName", (PyCFunction)py_dsdb_get_syntax_oid_from_lDAPDisplayName,
+		METH_VARARGS, NULL },
+	{ "_dsdb_get_systemFlags_from_lDAPDisplayName", (PyCFunction)py_dsdb_get_systemFlags_from_lDAPDisplayName,
+		METH_VARARGS, NULL },
+	{ "_dsdb_get_linkId_from_lDAPDisplayName", (PyCFunction)py_dsdb_get_linkId_from_lDAPDisplayName,
+		METH_VARARGS, NULL },
+	{ "_dsdb_get_lDAPDisplayName_by_attid", (PyCFunction)py_dsdb_get_lDAPDisplayName_by_attid,
+		METH_VARARGS, NULL },
+	{ "_dsdb_get_backlink_from_lDAPDisplayName", (PyCFunction)py_dsdb_get_backlink_from_lDAPDisplayName,
+		METH_VARARGS, NULL },
+	{ "_dsdb_set_ntds_invocation_id",
+		(PyCFunction)py_dsdb_set_ntds_invocation_id, METH_VARARGS,
+		NULL },
+	{ "_samdb_ntds_objectGUID", (PyCFunction)py_samdb_ntds_objectGUID,
+		METH_VARARGS, "get the NTDS objectGUID as a string"},
+	{ "_dsdb_set_global_schema", (PyCFunction)py_dsdb_set_global_schema,
+		METH_VARARGS, NULL },
+	{ "_dsdb_load_partition_usn", (PyCFunction)py_dsdb_load_partition_usn,
+		METH_VARARGS,
+		"get uSNHighest and uSNUrgent from the partition @REPLCHANGED"},
+	{ "_dsdb_set_am_rodc",
+		(PyCFunction)py_dsdb_set_am_rodc, METH_VARARGS,
+		NULL },
+	{ "_am_rodc",
+		(PyCFunction)py_dsdb_am_rodc, METH_VARARGS,
+		NULL },
+	{ "_am_pdc",
+		(PyCFunction)py_dsdb_am_pdc, METH_VARARGS,
+		NULL },
+	{ "_dsdb_set_schema_from_ldif", (PyCFunction)py_dsdb_set_schema_from_ldif, METH_VARARGS,
+		NULL },
+	{ "_dsdb_set_schema_from_ldb", (PyCFunction)py_dsdb_set_schema_from_ldb, METH_VARARGS,
+		NULL },
+	{ "_dsdb_write_prefixes_from_schema_to_ldb", (PyCFunction)py_dsdb_write_prefixes_from_schema_to_ldb, METH_VARARGS,
+		NULL },
+	{ "_dsdb_get_partitions_dn", (PyCFunction)py_dsdb_get_partitions_dn, METH_VARARGS, NULL },
+	{ "_dsdb_get_nc_root", (PyCFunction)py_dsdb_get_nc_root, METH_VARARGS, NULL },
+	{ "_dsdb_get_wellknown_dn", (PyCFunction)py_dsdb_get_wellknown_dn, METH_VARARGS, NULL },
+	{ "_dsdb_DsReplicaAttribute", (PyCFunction)py_dsdb_DsReplicaAttribute, METH_VARARGS, NULL },
+	{ "_dsdb_normalise_attributes", (PyCFunction)py_dsdb_normalise_attributes, METH_VARARGS, NULL },
+#ifdef AD_DC_BUILD_IS_ENABLED
+	{ "_dsdb_garbage_collect_tombstones", (PyCFunction)py_dsdb_garbage_collect_tombstones, METH_VARARGS,
+		"_dsdb_kcc_check_deleted(samdb, [dn], current_time, tombstone_lifetime)"
+		" -> (num_objects_expunged, num_links_expunged)" },
+	{ "_scavenge_dns_records", (PyCFunction)py_scavenge_dns_records,
+		METH_VARARGS, NULL},
+	{ "_dns_delete_tombstones", (PyCFunction)py_dns_delete_tombstones,
+		METH_VARARGS, NULL},
+#endif
+	{ "_dsdb_create_own_rid_set", (PyCFunction)py_dsdb_create_own_rid_set, METH_VARARGS,
+		"_dsdb_create_own_rid_set(samdb)"
+		" -> None" },
+	{ "_dsdb_allocate_rid", (PyCFunction)py_dsdb_allocate_rid, METH_VARARGS,
+		"_dsdb_allocate_rid(samdb)"
+		" -> RID" },
+	{ "_dsdb_load_udv_v2", (PyCFunction)py_dsdb_load_udv_v2, METH_VARARGS, NULL },
+	{ "user_account_control_flag_bit_to_string",
+	        (PyCFunction)py_dsdb_user_account_control_flag_bit_to_string,
+	        METH_VARARGS,
+	        "user_account_control_flag_bit_to_string(bit)"
+                " -> string name" },
+	{ "check_and_update_fl",
+	        (PyCFunction)py_dsdb_check_and_update_fl,
+	        METH_VARARGS,
+	        "check_and_update_fl(ldb, lp) -> None\n"
+	  "Hook to run in testing the code run on samba server startup "
+	  "to validate and update DC functional levels"},
+	{ "dc_operatingSystemVersion",
+	        (PyCFunction)py_dsdb_dc_operatingSystemVersion,
+	        METH_VARARGS,
+	        "dsdb_dc_operatingSystemVersion(dc_level)"
+                " -> string name" },
+	{0}
+};
+
+static struct PyModuleDef moduledef = {
+    PyModuleDef_HEAD_INIT,
+    .m_name = "dsdb",
+    .m_doc = "Python bindings for the directory service databases.",
+    .m_size = -1,
+    .m_methods = py_dsdb_methods,
+};
+
+MODULE_INIT_FUNC(dsdb)
+{
+	PyObject *m;
+
+	m = PyModule_Create(&moduledef);
+
+	if (m == NULL)
+		return NULL;
+
+#define ADD_DSDB_FLAG(val)  PyModule_AddObject(m, #val, PyLong_FromLong(val))
+
+	/* "userAccountControl" flags */
+	ADD_DSDB_FLAG(UF_NORMAL_ACCOUNT);
+	ADD_DSDB_FLAG(UF_TEMP_DUPLICATE_ACCOUNT);
+	ADD_DSDB_FLAG(UF_SERVER_TRUST_ACCOUNT);
+	ADD_DSDB_FLAG(UF_WORKSTATION_TRUST_ACCOUNT);
+	ADD_DSDB_FLAG(UF_INTERDOMAIN_TRUST_ACCOUNT);
+	ADD_DSDB_FLAG(UF_PASSWD_NOTREQD);
+	ADD_DSDB_FLAG(UF_ACCOUNTDISABLE);
+
+	ADD_DSDB_FLAG(UF_SCRIPT);
+	ADD_DSDB_FLAG(UF_ACCOUNTDISABLE);
+	ADD_DSDB_FLAG(UF_00000004);
+	ADD_DSDB_FLAG(UF_HOMEDIR_REQUIRED);
+	ADD_DSDB_FLAG(UF_LOCKOUT);
+	ADD_DSDB_FLAG(UF_PASSWD_NOTREQD);
+	ADD_DSDB_FLAG(UF_PASSWD_CANT_CHANGE);
+	ADD_DSDB_FLAG(UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED);
+	ADD_DSDB_FLAG(UF_TEMP_DUPLICATE_ACCOUNT);
+	ADD_DSDB_FLAG(UF_NORMAL_ACCOUNT);
+	ADD_DSDB_FLAG(UF_00000400);
+	ADD_DSDB_FLAG(UF_INTERDOMAIN_TRUST_ACCOUNT);
+	ADD_DSDB_FLAG(UF_WORKSTATION_TRUST_ACCOUNT);
+	ADD_DSDB_FLAG(UF_SERVER_TRUST_ACCOUNT);
+	ADD_DSDB_FLAG(UF_00004000);
+	ADD_DSDB_FLAG(UF_00008000);
+	ADD_DSDB_FLAG(UF_DONT_EXPIRE_PASSWD);
+	ADD_DSDB_FLAG(UF_MNS_LOGON_ACCOUNT);
+	ADD_DSDB_FLAG(UF_SMARTCARD_REQUIRED);
+	ADD_DSDB_FLAG(UF_TRUSTED_FOR_DELEGATION);
+	ADD_DSDB_FLAG(UF_NOT_DELEGATED);
+	ADD_DSDB_FLAG(UF_USE_DES_KEY_ONLY);
+	ADD_DSDB_FLAG(UF_DONT_REQUIRE_PREAUTH);
+	ADD_DSDB_FLAG(UF_PASSWORD_EXPIRED);
+	ADD_DSDB_FLAG(UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION);
+	ADD_DSDB_FLAG(UF_NO_AUTH_DATA_REQUIRED);
+	ADD_DSDB_FLAG(UF_PARTIAL_SECRETS_ACCOUNT);
+	ADD_DSDB_FLAG(UF_USE_AES_KEYS);
+
+	/* groupType flags */
+	ADD_DSDB_FLAG(GTYPE_SECURITY_BUILTIN_LOCAL_GROUP);
+	ADD_DSDB_FLAG(GTYPE_SECURITY_GLOBAL_GROUP);
+	ADD_DSDB_FLAG(GTYPE_SECURITY_DOMAIN_LOCAL_GROUP);
+	ADD_DSDB_FLAG(GTYPE_SECURITY_UNIVERSAL_GROUP);
+	ADD_DSDB_FLAG(GTYPE_DISTRIBUTION_GLOBAL_GROUP);
+	ADD_DSDB_FLAG(GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP);
+	ADD_DSDB_FLAG(GTYPE_DISTRIBUTION_UNIVERSAL_GROUP);
+
+	/* "sAMAccountType" flags */
+	ADD_DSDB_FLAG(ATYPE_NORMAL_ACCOUNT);
+	ADD_DSDB_FLAG(ATYPE_WORKSTATION_TRUST);
+	ADD_DSDB_FLAG(ATYPE_INTERDOMAIN_TRUST);
+	ADD_DSDB_FLAG(ATYPE_SECURITY_GLOBAL_GROUP);
+	ADD_DSDB_FLAG(ATYPE_SECURITY_LOCAL_GROUP);
+	ADD_DSDB_FLAG(ATYPE_SECURITY_UNIVERSAL_GROUP);
+	ADD_DSDB_FLAG(ATYPE_DISTRIBUTION_GLOBAL_GROUP);
+	ADD_DSDB_FLAG(ATYPE_DISTRIBUTION_LOCAL_GROUP);
+	ADD_DSDB_FLAG(ATYPE_DISTRIBUTION_UNIVERSAL_GROUP);
+
+	/* "domainFunctionality", "forestFunctionality" flags in the rootDSE */
+	ADD_DSDB_FLAG(DS_DOMAIN_FUNCTION_2000);
+	ADD_DSDB_FLAG(DS_DOMAIN_FUNCTION_2003_MIXED);
+	ADD_DSDB_FLAG(DS_DOMAIN_FUNCTION_2003);
+	ADD_DSDB_FLAG(DS_DOMAIN_FUNCTION_2008);
+	ADD_DSDB_FLAG(DS_DOMAIN_FUNCTION_2008_R2);
+	ADD_DSDB_FLAG(DS_DOMAIN_FUNCTION_2012);
+	ADD_DSDB_FLAG(DS_DOMAIN_FUNCTION_2012_R2);
+	ADD_DSDB_FLAG(DS_DOMAIN_FUNCTION_2016);
+
+        /* nc replica flags */
+	ADD_DSDB_FLAG(INSTANCE_TYPE_IS_NC_HEAD);
+	ADD_DSDB_FLAG(INSTANCE_TYPE_UNINSTANT);
+	ADD_DSDB_FLAG(INSTANCE_TYPE_WRITE);
+	ADD_DSDB_FLAG(INSTANCE_TYPE_NC_ABOVE);
+	ADD_DSDB_FLAG(INSTANCE_TYPE_NC_COMING);
+	ADD_DSDB_FLAG(INSTANCE_TYPE_NC_GOING);
+
+	/* "systemFlags" */
+	ADD_DSDB_FLAG(SYSTEM_FLAG_CR_NTDS_NC);
+	ADD_DSDB_FLAG(SYSTEM_FLAG_CR_NTDS_DOMAIN);
+	ADD_DSDB_FLAG(SYSTEM_FLAG_CR_NTDS_NOT_GC_REPLICATED);
+	ADD_DSDB_FLAG(SYSTEM_FLAG_SCHEMA_BASE_OBJECT);
+	ADD_DSDB_FLAG(SYSTEM_FLAG_ATTR_IS_RDN);
+	ADD_DSDB_FLAG(SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE);
+	ADD_DSDB_FLAG(SYSTEM_FLAG_DOMAIN_DISALLOW_MOVE);
+	ADD_DSDB_FLAG(SYSTEM_FLAG_DOMAIN_DISALLOW_RENAME);
+	ADD_DSDB_FLAG(SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE);
+	ADD_DSDB_FLAG(SYSTEM_FLAG_CONFIG_ALLOW_MOVE);
+	ADD_DSDB_FLAG(SYSTEM_FLAG_CONFIG_ALLOW_RENAME);
+	ADD_DSDB_FLAG(SYSTEM_FLAG_DISALLOW_DELETE);
+
+	/* Kerberos encryption type constants */
+	ADD_DSDB_FLAG(ENC_ALL_TYPES);
+	ADD_DSDB_FLAG(ENC_CRC32);
+	ADD_DSDB_FLAG(ENC_RSA_MD5);
+	ADD_DSDB_FLAG(ENC_RC4_HMAC_MD5);
+	ADD_DSDB_FLAG(ENC_HMAC_SHA1_96_AES128);
+	ADD_DSDB_FLAG(ENC_HMAC_SHA1_96_AES256);
+	ADD_DSDB_FLAG(ENC_HMAC_SHA1_96_AES256_SK);
+
+	ADD_DSDB_FLAG(SEARCH_FLAG_ATTINDEX);
+	ADD_DSDB_FLAG(SEARCH_FLAG_PDNTATTINDEX);
+	ADD_DSDB_FLAG(SEARCH_FLAG_ANR);
+	ADD_DSDB_FLAG(SEARCH_FLAG_PRESERVEONDELETE);
+	ADD_DSDB_FLAG(SEARCH_FLAG_COPY);
+	ADD_DSDB_FLAG(SEARCH_FLAG_TUPLEINDEX);
+	ADD_DSDB_FLAG(SEARCH_FLAG_SUBTREEATTRINDEX);
+	ADD_DSDB_FLAG(SEARCH_FLAG_CONFIDENTIAL);
+	ADD_DSDB_FLAG(SEARCH_FLAG_NEVERVALUEAUDIT);
+	ADD_DSDB_FLAG(SEARCH_FLAG_RODC_ATTRIBUTE);
+
+	ADD_DSDB_FLAG(DS_FLAG_ATTR_NOT_REPLICATED);
+	ADD_DSDB_FLAG(DS_FLAG_ATTR_REQ_PARTIAL_SET_MEMBER);
+	ADD_DSDB_FLAG(DS_FLAG_ATTR_IS_CONSTRUCTED);
+
+	ADD_DSDB_FLAG(DS_NTDSSETTINGS_OPT_IS_AUTO_TOPOLOGY_DISABLED);
+	ADD_DSDB_FLAG(DS_NTDSSETTINGS_OPT_IS_TOPL_CLEANUP_DISABLED);
+	ADD_DSDB_FLAG(DS_NTDSSETTINGS_OPT_IS_TOPL_MIN_HOPS_DISABLED);
+	ADD_DSDB_FLAG(DS_NTDSSETTINGS_OPT_IS_TOPL_DETECT_STALE_DISABLED);
+	ADD_DSDB_FLAG(DS_NTDSSETTINGS_OPT_IS_INTER_SITE_AUTO_TOPOLOGY_DISABLED);
+	ADD_DSDB_FLAG(DS_NTDSSETTINGS_OPT_IS_GROUP_CACHING_ENABLED);
+	ADD_DSDB_FLAG(DS_NTDSSETTINGS_OPT_FORCE_KCC_WHISTLER_BEHAVIOR);
+	ADD_DSDB_FLAG(DS_NTDSSETTINGS_OPT_IS_RAND_BH_SELECTION_DISABLED);
+	ADD_DSDB_FLAG(DS_NTDSSETTINGS_OPT_IS_SCHEDULE_HASHING_ENABLED);
+	ADD_DSDB_FLAG(DS_NTDSSETTINGS_OPT_IS_REDUNDANT_SERVER_TOPOLOGY_ENABLED);
+
+	ADD_DSDB_FLAG(DS_NTDSDSA_OPT_IS_GC);
+	ADD_DSDB_FLAG(DS_NTDSDSA_OPT_DISABLE_INBOUND_REPL);
+	ADD_DSDB_FLAG(DS_NTDSDSA_OPT_DISABLE_OUTBOUND_REPL);
+	ADD_DSDB_FLAG(DS_NTDSDSA_OPT_DISABLE_NTDSCONN_XLATE);
+	ADD_DSDB_FLAG(DS_NTDSDSA_OPT_DISABLE_SPN_REGISTRATION);
+
+	/* dsHeuristics character indexes (see MS-ADTS 7.1.1.2.4.1.2) */
+	ADD_DSDB_FLAG(DS_HR_SUPFIRSTLASTANR);
+	ADD_DSDB_FLAG(DS_HR_SUPLASTFIRSTANR);
+	ADD_DSDB_FLAG(DS_HR_DOLISTOBJECT);
+	ADD_DSDB_FLAG(DS_HR_DONICKRES);
+	ADD_DSDB_FLAG(DS_HR_LDAP_USEPERMMOD);
+	ADD_DSDB_FLAG(DS_HR_HIDEDSID);
+	ADD_DSDB_FLAG(DS_HR_BLOCK_ANONYMOUS_OPS);
+	ADD_DSDB_FLAG(DS_HR_ALLOW_ANON_NSPI);
+	ADD_DSDB_FLAG(DS_HR_USER_PASSWORD_SUPPORT);
+	ADD_DSDB_FLAG(DS_HR_TENTH_CHAR);
+	ADD_DSDB_FLAG(DS_HR_SPECIFY_GUID_ON_ADD);
+	ADD_DSDB_FLAG(DS_HR_NO_STANDARD_SD);
+	ADD_DSDB_FLAG(DS_HR_ALLOW_NONSECURE_PWD_OPS);
+	ADD_DSDB_FLAG(DS_HR_NO_PROPAGATE_ON_NOCHANGE);
+	ADD_DSDB_FLAG(DS_HR_COMPUTE_ANR_STATS);
+	ADD_DSDB_FLAG(DS_HR_ADMINSDEXMASK);
+	ADD_DSDB_FLAG(DS_HR_KVNOEMUW2K);
+
+	ADD_DSDB_FLAG(DS_HR_TWENTIETH_CHAR);
+	ADD_DSDB_FLAG(DS_HR_ATTR_AUTHZ_ON_LDAP_ADD);
+	ADD_DSDB_FLAG(DS_HR_BLOCK_OWNER_IMPLICIT_RIGHTS);
+	ADD_DSDB_FLAG(DS_HR_THIRTIETH_CHAR);
+	ADD_DSDB_FLAG(DS_HR_FOURTIETH_CHAR);
+	ADD_DSDB_FLAG(DS_HR_FIFTIETH_CHAR);
+	ADD_DSDB_FLAG(DS_HR_SIXTIETH_CHAR);
+	ADD_DSDB_FLAG(DS_HR_SEVENTIETH_CHAR);
+	ADD_DSDB_FLAG(DS_HR_EIGHTIETH_CHAR);
+	ADD_DSDB_FLAG(DS_HR_NINETIETH_CHAR);
+
+	ADD_DSDB_FLAG(NTDSCONN_KCC_GC_TOPOLOGY);
+	ADD_DSDB_FLAG(NTDSCONN_KCC_RING_TOPOLOGY);
+	ADD_DSDB_FLAG(NTDSCONN_KCC_MINIMIZE_HOPS_TOPOLOGY);
+	ADD_DSDB_FLAG(NTDSCONN_KCC_STALE_SERVERS_TOPOLOGY);
+	ADD_DSDB_FLAG(NTDSCONN_KCC_OSCILLATING_CONNECTION_TOPOLOGY);
+	ADD_DSDB_FLAG(NTDSCONN_KCC_INTERSITE_GC_TOPOLOGY);
+	ADD_DSDB_FLAG(NTDSCONN_KCC_INTERSITE_TOPOLOGY);
+	ADD_DSDB_FLAG(NTDSCONN_KCC_SERVER_FAILOVER_TOPOLOGY);
+	ADD_DSDB_FLAG(NTDSCONN_KCC_SITE_FAILOVER_TOPOLOGY);
+	ADD_DSDB_FLAG(NTDSCONN_KCC_REDUNDANT_SERVER_TOPOLOGY);
+
+        ADD_DSDB_FLAG(NTDSCONN_OPT_IS_GENERATED);
+        ADD_DSDB_FLAG(NTDSCONN_OPT_TWOWAY_SYNC);
+        ADD_DSDB_FLAG(NTDSCONN_OPT_OVERRIDE_NOTIFY_DEFAULT);
+        ADD_DSDB_FLAG(NTDSCONN_OPT_USE_NOTIFY);
+        ADD_DSDB_FLAG(NTDSCONN_OPT_DISABLE_INTERSITE_COMPRESSION);
+        ADD_DSDB_FLAG(NTDSCONN_OPT_USER_OWNED_SCHEDULE);
+        ADD_DSDB_FLAG(NTDSCONN_OPT_RODC_TOPOLOGY);
+
+        /* Site Link Object options */
+        ADD_DSDB_FLAG(NTDSSITELINK_OPT_USE_NOTIFY);
+        ADD_DSDB_FLAG(NTDSSITELINK_OPT_TWOWAY_SYNC);
+        ADD_DSDB_FLAG(NTDSSITELINK_OPT_DISABLE_COMPRESSION);
+
+	/* GPO policy flags */
+	ADD_DSDB_FLAG(GPLINK_OPT_DISABLE);
+	ADD_DSDB_FLAG(GPLINK_OPT_ENFORCE);
+	ADD_DSDB_FLAG(GPO_FLAG_USER_DISABLE);
+	ADD_DSDB_FLAG(GPO_FLAG_MACHINE_DISABLE);
+	ADD_DSDB_FLAG(GPO_INHERIT);
+	ADD_DSDB_FLAG(GPO_BLOCK_INHERITANCE);
+
+#define ADD_DSDB_STRING(val)  PyModule_AddObject(m, #val, PyUnicode_FromString(val))
+
+	ADD_DSDB_STRING(DSDB_SYNTAX_BINARY_DN);
+	ADD_DSDB_STRING(DSDB_SYNTAX_STRING_DN);
+	ADD_DSDB_STRING(DSDB_SYNTAX_OR_NAME);
+	ADD_DSDB_STRING(DSDB_CONTROL_DBCHECK);
+	ADD_DSDB_STRING(DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA);
+	ADD_DSDB_STRING(DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS);
+	ADD_DSDB_STRING(DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME);
+	ADD_DSDB_STRING(DSDB_CONTROL_DBCHECK_FIX_LINK_DN_SID);
+	ADD_DSDB_STRING(DSDB_CONTROL_REPLMD_VANISH_LINKS);
+	ADD_DSDB_STRING(DSDB_CONTROL_PERMIT_INTERDOMAIN_TRUST_UAC_OID);
+	ADD_DSDB_STRING(DSDB_CONTROL_SKIP_DUPLICATES_CHECK_OID);
+	ADD_DSDB_STRING(DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID);
+	ADD_DSDB_STRING(DSDB_CONTROL_INVALID_NOT_IMPLEMENTED);
+
+	ADD_DSDB_STRING(DS_GUID_COMPUTERS_CONTAINER);
+	ADD_DSDB_STRING(DS_GUID_DELETED_OBJECTS_CONTAINER);
+	ADD_DSDB_STRING(DS_GUID_DOMAIN_CONTROLLERS_CONTAINER);
+	ADD_DSDB_STRING(DS_GUID_FOREIGNSECURITYPRINCIPALS_CONTAINER);
+	ADD_DSDB_STRING(DS_GUID_INFRASTRUCTURE_CONTAINER);
+	ADD_DSDB_STRING(DS_GUID_LOSTANDFOUND_CONTAINER);
+	ADD_DSDB_STRING(DS_GUID_MICROSOFT_PROGRAM_DATA_CONTAINER);
+	ADD_DSDB_STRING(DS_GUID_NTDS_QUOTAS_CONTAINER);
+	ADD_DSDB_STRING(DS_GUID_PROGRAM_DATA_CONTAINER);
+	ADD_DSDB_STRING(DS_GUID_SYSTEMS_CONTAINER);
+	ADD_DSDB_STRING(DS_GUID_USERS_CONTAINER);
+	ADD_DSDB_STRING(DS_GUID_MANAGED_SERVICE_ACCOUNTS_CONTAINER);
+
+	ADD_DSDB_STRING(DS_GUID_SCHEMA_ATTR_DEPARTMENT);
+	ADD_DSDB_STRING(DS_GUID_SCHEMA_ATTR_DNS_HOST_NAME);
+	ADD_DSDB_STRING(DS_GUID_SCHEMA_ATTR_INSTANCE_TYPE);
+	ADD_DSDB_STRING(DS_GUID_SCHEMA_ATTR_MS_SFU_30);
+	ADD_DSDB_STRING(DS_GUID_SCHEMA_ATTR_NT_SECURITY_DESCRIPTOR);
+	ADD_DSDB_STRING(DS_GUID_SCHEMA_ATTR_PRIMARY_GROUP_ID);
+	ADD_DSDB_STRING(DS_GUID_SCHEMA_ATTR_SERVICE_PRINCIPAL_NAME);
+	ADD_DSDB_STRING(DS_GUID_SCHEMA_ATTR_USER_ACCOUNT_CONTROL);
+	ADD_DSDB_STRING(DS_GUID_SCHEMA_ATTR_USER_PASSWORD);
+	ADD_DSDB_STRING(DS_GUID_SCHEMA_CLASS_COMPUTER);
+	ADD_DSDB_STRING(DS_GUID_SCHEMA_CLASS_MANAGED_SERVICE_ACCOUNT);
+	ADD_DSDB_STRING(DS_GUID_SCHEMA_CLASS_USER);
+
+	ADD_DSDB_STRING(DSDB_FULL_JOIN_REPLICATION_COMPLETED_OPAQUE_NAME);
+
+	return m;
+}
diff --git a/source4/dsdb/repl/drepl_extended.c b/source4/dsdb/repl/drepl_extended.c
new file mode 100644
index 0000000..8b5bb6f
--- /dev/null
+++ b/source4/dsdb/repl/drepl_extended.c
@@ -0,0 +1,211 @@
+/*
+   Unix SMB/CIFS Implementation.
+
+   DSDB replication service - extended operation code
+
+   Copyright (C) Andrew Tridgell 2010
+   Copyright (C) Andrew Bartlett 2010
+   Copyright (C) Nadezhda Ivanova 2010
+
+   based on drepl_notify.c
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+#include "includes.h"
+#include "ldb_module.h"
+#include "dsdb/samdb/samdb.h"
+#include "samba/service.h"
+#include "dsdb/repl/drepl_service.h"
+#include "param/param.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS            DBGC_DRS_REPL
+
+
+/*
+  create the role owner source dsa structure
+
+  nc_dn: the DN of the subtree being replicated
+  source_dsa_dn: the DN of the server that we are replicating from
+ */
+static WERROR drepl_create_extended_source_dsa(struct dreplsrv_service *service,
+					       TALLOC_CTX *mem_ctx,
+					       struct ldb_dn *nc_dn,
+					       struct ldb_dn *source_dsa_dn,
+					       uint64_t min_usn,
+					       struct dreplsrv_partition_source_dsa **_sdsa)
+{
+	struct dreplsrv_partition_source_dsa *sdsa;
+	struct ldb_context *ldb = service->samdb;
+	int ret;
+	WERROR werr;
+	struct ldb_dn *nc_root;
+	struct dreplsrv_partition *p;
+
+	sdsa = talloc_zero(service, struct dreplsrv_partition_source_dsa);
+	W_ERROR_HAVE_NO_MEMORY(sdsa);
+
+	sdsa->partition = talloc_zero(sdsa, struct dreplsrv_partition);
+	if (!sdsa->partition) {
+		talloc_free(sdsa);
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	sdsa->partition->dn = ldb_dn_copy(sdsa->partition, nc_dn);
+	if (!sdsa->partition->dn) {
+		talloc_free(sdsa);
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+	sdsa->partition->nc.dn = ldb_dn_alloc_linearized(sdsa->partition, nc_dn);
+	if (!sdsa->partition->nc.dn) {
+		talloc_free(sdsa);
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+	ret = dsdb_find_guid_by_dn(ldb, nc_dn, &sdsa->partition->nc.guid);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,(__location__ ": Failed to find GUID for %s\n",
+			 ldb_dn_get_linearized(nc_dn)));
+		talloc_free(sdsa);
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	sdsa->repsFrom1 = &sdsa->_repsFromBlob.ctr.ctr1;
+	ret = dsdb_find_guid_by_dn(ldb, source_dsa_dn, &sdsa->repsFrom1->source_dsa_obj_guid);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,(__location__ ": Failed to find objectGUID for %s\n",
+			 ldb_dn_get_linearized(source_dsa_dn)));
+		talloc_free(sdsa);
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	sdsa->repsFrom1->other_info = talloc_zero(sdsa, struct repsFromTo1OtherInfo);
+	if (!sdsa->repsFrom1->other_info) {
+		talloc_free(sdsa);
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	sdsa->repsFrom1->other_info->dns_name = samdb_ntds_msdcs_dns_name(ldb,
+									  sdsa->repsFrom1->other_info,
+									  &sdsa->repsFrom1->source_dsa_obj_guid);
+	if (!sdsa->repsFrom1->other_info->dns_name) {
+		talloc_free(sdsa);
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	werr = dreplsrv_out_connection_attach(service, sdsa->repsFrom1, &sdsa->conn);
+	if (!W_ERROR_IS_OK(werr)) {
+		DEBUG(0,(__location__ ": Failed to attach connection to %s\n",
+			 ldb_dn_get_linearized(nc_dn)));
+		talloc_free(sdsa);
+		return werr;
+	}
+
+	ret = dsdb_find_nc_root(service->samdb, sdsa, nc_dn, &nc_root);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,(__location__ ": Failed to find nc_root for %s\n",
+			 ldb_dn_get_linearized(nc_dn)));
+		talloc_free(sdsa);
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	/* use the partition uptodateness vector */
+	ret = dsdb_load_udv_v2(service->samdb, nc_root, sdsa->partition,
+			       &sdsa->partition->uptodatevector.cursors,
+			       &sdsa->partition->uptodatevector.count);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,(__location__ ": Failed to load UDV for %s\n",
+			 ldb_dn_get_linearized(nc_root)));
+		talloc_free(sdsa);
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	/* find the highwatermark from the partitions list */
+	for (p=service->partitions; p; p=p->next) {
+		if (ldb_dn_compare(p->dn, nc_root) == 0) {
+			struct dreplsrv_partition_source_dsa *s;
+			werr = dreplsrv_partition_source_dsa_by_guid(p,
+								     &sdsa->repsFrom1->source_dsa_obj_guid,
+								     &s);
+			if (W_ERROR_IS_OK(werr)) {
+				sdsa->repsFrom1->highwatermark = s->repsFrom1->highwatermark;
+				sdsa->repsFrom1->replica_flags = s->repsFrom1->replica_flags;
+			}
+		}
+	}
+
+	if (!service->am_rodc) {
+		sdsa->repsFrom1->replica_flags |= DRSUAPI_DRS_WRIT_REP;
+	}
+
+	*_sdsa = sdsa;
+	return WERR_OK;
+}
+
+struct extended_op_data {
+	dreplsrv_extended_callback_t callback;
+	void *callback_data;
+	struct dreplsrv_partition_source_dsa *sdsa;
+};
+
+/*
+  called when an extended op finishes
+ */
+static void extended_op_callback(struct dreplsrv_service *service,
+				 WERROR err,
+				 enum drsuapi_DsExtendedError exop_error,
+				 void *cb_data)
+{
+	struct extended_op_data *data = talloc_get_type_abort(cb_data, struct extended_op_data);
+	talloc_unlink(data, data->sdsa);
+	data->callback(service, err, exop_error, data->callback_data);
+	talloc_free(data);
+}
+
+/*
+  schedule a getncchanges request to the role owner for an extended operation
+ */
+WERROR drepl_request_extended_op(struct dreplsrv_service *service,
+				 struct ldb_dn *nc_dn,
+				 struct ldb_dn *source_dsa_dn,
+				 enum drsuapi_DsExtendedOperation extended_op,
+				 uint64_t fsmo_info,
+				 uint64_t min_usn,
+				 dreplsrv_extended_callback_t callback,
+				 void *callback_data)
+{
+	WERROR werr;
+	struct extended_op_data *data;
+
+	data = talloc(service, struct extended_op_data);
+	W_ERROR_HAVE_NO_MEMORY(data);
+
+	werr = drepl_create_extended_source_dsa(service, data, nc_dn, source_dsa_dn, min_usn, &data->sdsa);
+	W_ERROR_NOT_OK_RETURN(werr);
+
+	data->callback = callback;
+	data->callback_data = callback_data;
+
+	werr = dreplsrv_schedule_partition_pull_source(service, data->sdsa,
+						       0, extended_op, fsmo_info,
+						       extended_op_callback, data);
+	if (!W_ERROR_IS_OK(werr)) {
+		talloc_free(data);
+	}
+
+	dreplsrv_run_pending_ops(service);
+
+	return werr;
+}
diff --git a/source4/dsdb/repl/drepl_fsmo.c b/source4/dsdb/repl/drepl_fsmo.c
new file mode 100644
index 0000000..3c3cbad
--- /dev/null
+++ b/source4/dsdb/repl/drepl_fsmo.c
@@ -0,0 +1,147 @@
+/*
+   Unix SMB/CIFS Implementation.
+
+   DSDB replication service - FSMO role change
+
+   Copyright (C) Nadezhda Ivanova 2010
+   Copyright (C) Andrew Tridgell 2010
+   Copyright (C) Andrew Bartlett 2010
+   Copyright (C) Anatoliy Atanasov 2010
+
+   based on drepl_ridalloc.c
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+#include "includes.h"
+#include "dsdb/samdb/samdb.h"
+#include "samba/service.h"
+#include "dsdb/repl/drepl_service.h"
+#include "param/param.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS            DBGC_DRS_REPL
+
+struct fsmo_role_state {
+	struct irpc_message *msg;
+	struct drepl_takeFSMORole *r;
+};
+
+static void drepl_role_callback(struct dreplsrv_service *service,
+				WERROR werr,
+				enum drsuapi_DsExtendedError ext_err,
+				void *cb_data)
+{
+	struct fsmo_role_state *fsmo = talloc_get_type_abort(cb_data, struct fsmo_role_state);
+	if (!W_ERROR_IS_OK(werr)) {
+		DEBUG(2,(__location__ ": Failed role transfer - %s - extended_ret[0x%X]\n",
+			 win_errstr(werr), ext_err));
+	} else {
+		DEBUG(2,(__location__ ": Successful role transfer\n"));
+	}
+	fsmo->r->out.result = werr;
+	irpc_send_reply(fsmo->msg, NT_STATUS_OK);
+}
+
+/*
+  see which role is we are asked to assume, initialize data and send request
+ */
+NTSTATUS drepl_take_FSMO_role(struct irpc_message *msg,
+			      struct drepl_takeFSMORole *r)
+{
+	struct dreplsrv_service *service = talloc_get_type(msg->private_data,
+							   struct dreplsrv_service);
+	struct ldb_dn *role_owner_dn, *fsmo_role_dn;
+	TALLOC_CTX *tmp_ctx = talloc_new(service);
+	uint64_t fsmo_info = 0;
+	enum drsuapi_DsExtendedOperation extended_op = DRSUAPI_EXOP_NONE;
+	WERROR werr;
+	enum drepl_role_master role = r->in.role;
+	struct fsmo_role_state *fsmo;
+	bool is_us;
+	int ret;
+
+	werr = dsdb_get_fsmo_role_info(tmp_ctx, service->samdb, role,
+				       &fsmo_role_dn, &role_owner_dn);
+	if (!W_ERROR_IS_OK(werr)) {
+		talloc_free(tmp_ctx);
+		r->out.result = werr;
+		return NT_STATUS_OK;
+	}
+
+	switch (role) {
+	case DREPL_NAMING_MASTER:
+	case DREPL_INFRASTRUCTURE_MASTER:
+	case DREPL_SCHEMA_MASTER:
+		extended_op = DRSUAPI_EXOP_FSMO_REQ_ROLE;
+		break;
+	case DREPL_RID_MASTER:
+		extended_op = DRSUAPI_EXOP_FSMO_RID_REQ_ROLE;
+		break;
+	case DREPL_PDC_MASTER:
+		extended_op = DRSUAPI_EXOP_FSMO_REQ_PDC;
+		break;
+	default:
+		DEBUG(0,("Unknown role %u in role transfer\n",
+			 (unsigned)role));
+		/* IRPC messages are trusted, so this really should not happen */
+		smb_panic("Unknown role despite dsdb_get_fsmo_role_info success");
+	}
+
+	ret = samdb_dn_is_our_ntdsa(service->samdb, role_owner_dn, &is_us);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,("FSMO role check failed (failed to confirm if our ntdsDsa) for DN %s and owner %s \n",
+			 ldb_dn_get_linearized(fsmo_role_dn),
+			 ldb_dn_get_linearized(role_owner_dn)));
+		talloc_free(tmp_ctx);
+		r->out.result = WERR_DS_DRA_INTERNAL_ERROR;
+		return NT_STATUS_OK;
+	}
+	
+	if (is_us) {
+		DEBUG(5,("FSMO role check failed, we already own DN %s with %s\n",
+			 ldb_dn_get_linearized(fsmo_role_dn),
+			 ldb_dn_get_linearized(role_owner_dn)));
+		r->out.result = WERR_OK;
+		talloc_free(tmp_ctx);
+		return NT_STATUS_OK;
+	}
+
+	fsmo = talloc(msg, struct fsmo_role_state);
+	NT_STATUS_HAVE_NO_MEMORY(fsmo);
+
+	fsmo->msg = msg;
+	fsmo->r   = r;
+
+	werr = drepl_request_extended_op(service,
+					 fsmo_role_dn,
+					 role_owner_dn,
+					 extended_op,
+					 fsmo_info,
+					 0,
+					 drepl_role_callback,
+					 fsmo);
+	if (!W_ERROR_IS_OK(werr)) {
+		r->out.result = werr;
+		talloc_free(tmp_ctx);
+		return NT_STATUS_OK;
+	}
+
+	/* mark this message to be answered later */
+	msg->defer_reply = true;
+	dreplsrv_run_pending_ops(service);
+	talloc_free(tmp_ctx);
+	return NT_STATUS_OK;
+}
diff --git a/source4/dsdb/repl/drepl_notify.c b/source4/dsdb/repl/drepl_notify.c
new file mode 100644
index 0000000..20be3b5
--- /dev/null
+++ b/source4/dsdb/repl/drepl_notify.c
@@ -0,0 +1,485 @@
+/* 
+   Unix SMB/CIFS Implementation.
+
+   DSDB replication service periodic notification handling
+   
+   Copyright (C) Andrew Tridgell 2009
+   based on drepl_periodic
+    
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+   
+*/
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include "dsdb/samdb/samdb.h"
+#include "auth/auth.h"
+#include "samba/service.h"
+#include "dsdb/repl/drepl_service.h"
+#include <ldb_errors.h>
+#include "../lib/util/dlinklist.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "libcli/composite/composite.h"
+#include "../lib/util/tevent_ntstatus.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS            DBGC_DRS_REPL
+
+
+struct dreplsrv_op_notify_state {
+	struct tevent_context *ev;
+	struct dreplsrv_notify_operation *op;
+	void *ndr_struct_ptr;
+};
+
+static void dreplsrv_op_notify_connect_done(struct tevent_req *subreq);
+
+/*
+  start the ReplicaSync async call
+ */
+static struct tevent_req *dreplsrv_op_notify_send(TALLOC_CTX *mem_ctx,
+						  struct tevent_context *ev,
+						  struct dreplsrv_notify_operation *op)
+{
+	struct tevent_req *req;
+	struct dreplsrv_op_notify_state *state;
+	struct tevent_req *subreq;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct dreplsrv_op_notify_state);
+	if (req == NULL) {
+		return NULL;
+	}
+	state->ev = ev;
+	state->op = op;
+
+	subreq = dreplsrv_out_drsuapi_send(state,
+					   ev,
+					   op->source_dsa->conn);
+	if (tevent_req_nomem(subreq, req)) {
+		return tevent_req_post(req, ev);
+	}
+	tevent_req_set_callback(subreq, dreplsrv_op_notify_connect_done, req);
+
+	return req;
+}
+
+static void dreplsrv_op_notify_replica_sync_trigger(struct tevent_req *req);
+
+static void dreplsrv_op_notify_connect_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req = tevent_req_callback_data(subreq,
+							  struct tevent_req);
+	NTSTATUS status;
+
+	status = dreplsrv_out_drsuapi_recv(subreq);
+	TALLOC_FREE(subreq);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	dreplsrv_op_notify_replica_sync_trigger(req);
+}
+
+static void dreplsrv_op_notify_replica_sync_done(struct tevent_req *subreq);
+
+static void dreplsrv_op_notify_replica_sync_trigger(struct tevent_req *req)
+{
+	struct dreplsrv_op_notify_state *state =
+		tevent_req_data(req,
+		struct dreplsrv_op_notify_state);
+	struct dreplsrv_partition *partition = state->op->source_dsa->partition;
+	struct dreplsrv_drsuapi_connection *drsuapi = state->op->source_dsa->conn->drsuapi;
+	struct drsuapi_DsReplicaSync *r;
+	struct tevent_req *subreq;
+
+	r = talloc_zero(state, struct drsuapi_DsReplicaSync);
+	if (tevent_req_nomem(r, req)) {
+		return;
+	}
+	r->in.req = talloc_zero(r, union drsuapi_DsReplicaSyncRequest);
+	if (tevent_req_nomem(r, req)) {
+		return;
+	}
+	r->in.bind_handle	= &drsuapi->bind_handle;
+	r->in.level = 1;
+	r->in.req->req1.naming_context = &partition->nc;
+	r->in.req->req1.source_dsa_guid = state->op->service->ntds_guid;
+	r->in.req->req1.options =
+		DRSUAPI_DRS_ASYNC_OP |
+		DRSUAPI_DRS_UPDATE_NOTIFICATION |
+		DRSUAPI_DRS_WRIT_REP;
+
+	if (state->op->is_urgent) {
+		r->in.req->req1.options |= DRSUAPI_DRS_SYNC_URGENT;
+	}
+
+	state->ndr_struct_ptr = r;
+
+	if (DEBUGLVL(10)) {
+		NDR_PRINT_IN_DEBUG(drsuapi_DsReplicaSync, r);
+	}
+
+	subreq = dcerpc_drsuapi_DsReplicaSync_r_send(state,
+						     state->ev,
+						     drsuapi->drsuapi_handle,
+						     r);
+	if (tevent_req_nomem(subreq, req)) {
+		return;
+	}
+	tevent_req_set_callback(subreq, dreplsrv_op_notify_replica_sync_done, req);
+}
+
+static void dreplsrv_op_notify_replica_sync_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req =
+		tevent_req_callback_data(subreq,
+		struct tevent_req);
+	struct dreplsrv_op_notify_state *state =
+		tevent_req_data(req,
+		struct dreplsrv_op_notify_state);
+	struct drsuapi_DsReplicaSync *r = talloc_get_type(state->ndr_struct_ptr,
+							  struct drsuapi_DsReplicaSync);
+	NTSTATUS status;
+
+	state->ndr_struct_ptr = NULL;
+
+	status = dcerpc_drsuapi_DsReplicaSync_r_recv(subreq, r);
+	TALLOC_FREE(subreq);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	if (!W_ERROR_IS_OK(r->out.result)) {
+		status = werror_to_ntstatus(r->out.result);
+		tevent_req_nterror(req, status);
+		return;
+	}
+
+	tevent_req_done(req);
+}
+
+static NTSTATUS dreplsrv_op_notify_recv(struct tevent_req *req)
+{
+	return tevent_req_simple_recv_ntstatus(req);
+}
+
+/*
+  called when a notify operation has completed
+ */
+static void dreplsrv_notify_op_callback(struct tevent_req *subreq)
+{
+	struct dreplsrv_notify_operation *op =
+		tevent_req_callback_data(subreq,
+		struct dreplsrv_notify_operation);
+	NTSTATUS status;
+	struct dreplsrv_service *s = op->service;
+	WERROR werr;
+
+	status = dreplsrv_op_notify_recv(subreq);
+	werr = ntstatus_to_werror(status);
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(status)) {
+		DBG_INFO("dreplsrv_notify: Failed to send DsReplicaSync to %s for %s - %s : %s\n",
+			 op->source_dsa->repsFrom1->other_info->dns_name,
+			 ldb_dn_get_linearized(op->source_dsa->partition->dn),
+			 nt_errstr(status), win_errstr(werr));
+	} else {
+		DBG_INFO("dreplsrv_notify: DsReplicaSync successfully sent to %s\n",
+			 op->source_dsa->repsFrom1->other_info->dns_name);
+		op->source_dsa->notify_uSN = op->uSN;
+	}
+
+	drepl_reps_update(s, "repsTo", op->source_dsa->partition->dn,
+			  &op->source_dsa->repsFrom1->source_dsa_obj_guid,
+			  werr);
+
+	talloc_free(op);
+	s->ops.n_current = NULL;
+	dreplsrv_run_pending_ops(s);
+}
+
+/*
+  run any pending replica sync calls
+ */
+void dreplsrv_notify_run_ops(struct dreplsrv_service *s)
+{
+	struct dreplsrv_notify_operation *op;
+	struct tevent_req *subreq;
+
+	if (s->ops.n_current || s->ops.current) {
+		/* if there's still one running, we're done */
+		return;
+	}
+
+	if (!s->ops.notifies) {
+		/* if there're no pending operations, we're done */
+		return;
+	}
+
+	op = s->ops.notifies;
+	s->ops.n_current = op;
+	DLIST_REMOVE(s->ops.notifies, op);
+
+	subreq = dreplsrv_op_notify_send(op, s->task->event_ctx, op);
+	if (!subreq) {
+		DBG_ERR("dreplsrv_notify_run_ops: dreplsrv_op_notify_send[%s][%s] - no memory\n",
+			op->source_dsa->repsFrom1->other_info->dns_name,
+			ldb_dn_get_linearized(op->source_dsa->partition->dn));
+		return;
+	}
+	tevent_req_set_callback(subreq, dreplsrv_notify_op_callback, op);
+	DBG_INFO("started DsReplicaSync for %s to %s\n",
+		 ldb_dn_get_linearized(op->source_dsa->partition->dn),
+		 op->source_dsa->repsFrom1->other_info->dns_name);
+}
+
+
+/*
+  find a source_dsa for a given guid
+ */
+static struct dreplsrv_partition_source_dsa *dreplsrv_find_notify_dsa(struct dreplsrv_partition *p,
+								      struct GUID *guid)
+{
+	struct dreplsrv_partition_source_dsa *s;
+
+	/* first check the sources list */
+	for (s=p->sources; s; s=s->next) {
+		if (GUID_equal(&s->repsFrom1->source_dsa_obj_guid, guid)) {
+			return s;
+		}
+	}
+
+	/* then the notifies list */
+	for (s=p->notifies; s; s=s->next) {
+		if (GUID_equal(&s->repsFrom1->source_dsa_obj_guid, guid)) {
+			return s;
+		}
+	}
+	return NULL;
+}
+
+
+/*
+  schedule a replicaSync message
+ */
+static WERROR dreplsrv_schedule_notify_sync(struct dreplsrv_service *service,
+					    struct dreplsrv_partition *p,
+					    struct repsFromToBlob *reps,
+					    TALLOC_CTX *mem_ctx,
+					    uint64_t uSN,
+					    bool is_urgent,
+					    uint32_t replica_flags)
+{
+	struct dreplsrv_notify_operation *op;
+	struct dreplsrv_partition_source_dsa *s;
+
+	s = dreplsrv_find_notify_dsa(p, &reps->ctr.ctr1.source_dsa_obj_guid);
+	if (s == NULL) {
+		DBG_ERR("Unable to find source_dsa for %s\n",
+			GUID_string(mem_ctx, &reps->ctr.ctr1.source_dsa_obj_guid));
+		return WERR_DS_UNAVAILABLE;
+	}
+
+	/* first try to find an existing notify operation */
+	for (op = service->ops.notifies; op; op = op->next) {
+		if (op->source_dsa != s) {
+			continue;
+		}
+
+		if (op->is_urgent != is_urgent) {
+			continue;
+		}
+
+		if (op->replica_flags != replica_flags) {
+			continue;
+		}
+
+		if (op->uSN < uSN) {
+			op->uSN = uSN;
+		}
+
+		/* reuse the notify operation, as it's not yet started */
+		return WERR_OK;
+	}
+
+	op = talloc_zero(mem_ctx, struct dreplsrv_notify_operation);
+	W_ERROR_HAVE_NO_MEMORY(op);
+
+	op->service	  = service;
+	op->source_dsa	  = s;
+	op->uSN           = uSN;
+	op->is_urgent	  = is_urgent;
+	op->replica_flags = replica_flags;
+	op->schedule_time = time(NULL);
+
+	DLIST_ADD_END(service->ops.notifies, op);
+	talloc_steal(service, op);
+	return WERR_OK;
+}
+
+/*
+  see if a partition has a hugher uSN than what is in the repsTo and
+  if so then send a DsReplicaSync
+ */
+static WERROR dreplsrv_notify_check(struct dreplsrv_service *s, 
+				    struct dreplsrv_partition *p,
+				    TALLOC_CTX *mem_ctx)
+{
+	uint32_t count=0;
+	struct repsFromToBlob *reps;
+	WERROR werr;
+	uint64_t uSNHighest;
+	uint64_t uSNUrgent;
+	uint32_t i;
+	int ret;
+
+	werr = dsdb_loadreps(s->samdb, mem_ctx, p->dn, "repsTo", &reps, &count);
+	if (!W_ERROR_IS_OK(werr)) {
+		DBG_ERR("Failed to load repsTo for %s\n",
+			 ldb_dn_get_linearized(p->dn));
+		return werr;
+	}
+
+	/* loads the partition uSNHighest and uSNUrgent */
+	ret = dsdb_load_partition_usn(s->samdb, p->dn, &uSNHighest, &uSNUrgent);
+	if (ret != LDB_SUCCESS || uSNHighest == 0) {
+		/* nothing to do */
+		return WERR_OK;
+	}
+
+	/* see if any of our partners need some of our objects */
+	for (i=0; i<count; i++) {
+		struct dreplsrv_partition_source_dsa *sdsa;
+		uint32_t replica_flags;
+		sdsa = dreplsrv_find_notify_dsa(p, &reps[i].ctr.ctr1.source_dsa_obj_guid);
+		replica_flags = reps[i].ctr.ctr1.replica_flags;
+		if (sdsa == NULL) continue;
+		if (sdsa->notify_uSN < uSNHighest) {
+			/* we need to tell this partner to replicate
+			   with us */
+			bool is_urgent = sdsa->notify_uSN < uSNUrgent;
+
+			/* check if urgent replication is needed */
+			werr = dreplsrv_schedule_notify_sync(s, p, &reps[i], mem_ctx,
+							     uSNHighest, is_urgent, replica_flags);
+			if (!W_ERROR_IS_OK(werr)) {
+				DBG_ERR("Failed to setup notify to %s for %s\n",
+					 reps[i].ctr.ctr1.other_info->dns_name,
+					 ldb_dn_get_linearized(p->dn));
+				return werr;
+			}
+			DBG_DEBUG("queued DsReplicaSync for %s to %s "
+				  "(urgent=%s) uSN=%llu:%llu\n",
+				  ldb_dn_get_linearized(p->dn),
+				  reps[i].ctr.ctr1.other_info->dns_name,
+				  is_urgent?"true":"false",
+				  (unsigned long long)sdsa->notify_uSN,
+				  (unsigned long long)uSNHighest);
+		}
+	}
+
+	return WERR_OK;
+}
+
+/*
+  see if any of the partitions have changed, and if so then send a
+  DsReplicaSync to all the replica partners in the repsTo object
+ */
+static WERROR dreplsrv_notify_check_all(struct dreplsrv_service *s, TALLOC_CTX *mem_ctx)
+{
+	WERROR status;
+	struct dreplsrv_partition *p;
+
+	for (p = s->partitions; p; p = p->next) {
+		status = dreplsrv_notify_check(s, p, mem_ctx);
+		W_ERROR_NOT_OK_RETURN(status);
+	}
+
+	return WERR_OK;
+}
+
+static void dreplsrv_notify_run(struct dreplsrv_service *service);
+
+static void dreplsrv_notify_handler_te(struct tevent_context *ev, struct tevent_timer *te,
+				       struct timeval t, void *ptr)
+{
+	struct dreplsrv_service *service = talloc_get_type(ptr, struct dreplsrv_service);
+	WERROR status;
+
+	service->notify.te = NULL;
+
+	dreplsrv_notify_run(service);
+
+	status = dreplsrv_notify_schedule(service, service->notify.interval);
+	if (!W_ERROR_IS_OK(status)) {
+		task_server_terminate(service->task, win_errstr(status), false);
+		return;
+	}
+}
+
+WERROR dreplsrv_notify_schedule(struct dreplsrv_service *service, uint32_t next_interval)
+{
+	TALLOC_CTX *tmp_mem;
+	struct tevent_timer *new_te;
+	struct timeval next_time;
+
+	/* prevent looping */
+	if (next_interval == 0) next_interval = 1;
+
+	next_time = timeval_current_ofs(next_interval, 50);
+
+	if (service->notify.te) {
+		/*
+		 * if the timestamp of the new event is higher,
+		 * as current next we don't need to reschedule
+		 */
+		if (timeval_compare(&next_time, &service->notify.next_event) > 0) {
+			return WERR_OK;
+		}
+	}
+
+	/* reset the next scheduled timestamp */
+	service->notify.next_event = next_time;
+
+	new_te = tevent_add_timer(service->task->event_ctx, service,
+			         service->notify.next_event,
+			         dreplsrv_notify_handler_te, service);
+	W_ERROR_HAVE_NO_MEMORY(new_te);
+
+	tmp_mem = talloc_new(service);
+	DBG_DEBUG("dreplsrv_notify_schedule(%u) %sscheduled for: %s\n",
+		  next_interval,
+		  (service->notify.te?"re":""),
+		  nt_time_string(tmp_mem, timeval_to_nttime(&next_time)));
+	talloc_free(tmp_mem);
+
+	talloc_free(service->notify.te);
+	service->notify.te = new_te;
+
+	return WERR_OK;
+}
+
+static void dreplsrv_notify_run(struct dreplsrv_service *service)
+{
+	TALLOC_CTX *mem_ctx;
+
+	mem_ctx = talloc_new(service);
+	dreplsrv_notify_check_all(service, mem_ctx);
+	talloc_free(mem_ctx);
+
+	dreplsrv_run_pending_ops(service);
+}
diff --git a/source4/dsdb/repl/drepl_out_helpers.c b/source4/dsdb/repl/drepl_out_helpers.c
new file mode 100644
index 0000000..d46b19e
--- /dev/null
+++ b/source4/dsdb/repl/drepl_out_helpers.c
@@ -0,0 +1,1356 @@
+/* 
+   Unix SMB/CIFS Implementation.
+   DSDB replication service helper function for outgoing traffic
+   
+   Copyright (C) Stefan Metzmacher 2007
+    
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+   
+*/
+
+#include "includes.h"
+#include "dsdb/samdb/samdb.h"
+#include "auth/auth.h"
+#include "samba/service.h"
+#include "lib/events/events.h"
+#include "dsdb/repl/drepl_service.h"
+#include <ldb_errors.h>
+#include "../lib/util/dlinklist.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "libcli/composite/composite.h"
+#include "auth/gensec/gensec.h"
+#include "param/param.h"
+#include "../lib/util/tevent_ntstatus.h"
+#include "libcli/security/security.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS            DBGC_DRS_REPL
+
+struct dreplsrv_out_drsuapi_state {
+	struct tevent_context *ev;
+
+	struct dreplsrv_out_connection *conn;
+
+	struct dreplsrv_drsuapi_connection *drsuapi;
+
+	struct drsuapi_DsBindInfoCtr bind_info_ctr;
+	struct drsuapi_DsBind bind_r;
+};
+
+static void dreplsrv_out_drsuapi_connect_done(struct composite_context *creq);
+
+struct tevent_req *dreplsrv_out_drsuapi_send(TALLOC_CTX *mem_ctx,
+					     struct tevent_context *ev,
+					     struct dreplsrv_out_connection *conn)
+{
+	struct tevent_req *req;
+	struct dreplsrv_out_drsuapi_state *state;
+	struct composite_context *creq;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct dreplsrv_out_drsuapi_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	state->ev	= ev;
+	state->conn	= conn;
+	state->drsuapi	= conn->drsuapi;
+
+	if (state->drsuapi != NULL) {
+		struct dcerpc_binding_handle *b =
+			state->drsuapi->pipe->binding_handle;
+		bool is_connected = dcerpc_binding_handle_is_connected(b);
+
+		if (is_connected) {
+			tevent_req_done(req);
+			return tevent_req_post(req, ev);
+		}
+
+		TALLOC_FREE(conn->drsuapi);
+	}
+
+	state->drsuapi = talloc_zero(state, struct dreplsrv_drsuapi_connection);
+	if (tevent_req_nomem(state->drsuapi, req)) {
+		return tevent_req_post(req, ev);
+	}
+
+	creq = dcerpc_pipe_connect_b_send(state, conn->binding, &ndr_table_drsuapi,
+					  conn->service->system_session_info->credentials,
+					  ev, conn->service->task->lp_ctx);
+	if (tevent_req_nomem(creq, req)) {
+		return tevent_req_post(req, ev);
+	}
+	composite_continue(NULL, creq, dreplsrv_out_drsuapi_connect_done, req);
+
+	return req;
+}
+
+static void dreplsrv_out_drsuapi_bind_done(struct tevent_req *subreq);
+
+static void dreplsrv_out_drsuapi_connect_done(struct composite_context *creq)
+{
+	struct tevent_req *req = talloc_get_type(creq->async.private_data,
+						 struct tevent_req);
+	struct dreplsrv_out_drsuapi_state *state = tevent_req_data(req,
+						   struct dreplsrv_out_drsuapi_state);
+	NTSTATUS status;
+	struct tevent_req *subreq;
+
+	status = dcerpc_pipe_connect_b_recv(creq,
+					    state->drsuapi,
+					    &state->drsuapi->pipe);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	state->drsuapi->drsuapi_handle = state->drsuapi->pipe->binding_handle;
+
+	status = gensec_session_key(state->drsuapi->pipe->conn->security_state.generic_state,
+				    state->drsuapi,
+				    &state->drsuapi->gensec_skey);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	state->bind_info_ctr.length		= 28;
+	state->bind_info_ctr.info.info28	= state->conn->service->bind_info28;
+
+	state->bind_r.in.bind_guid = &state->conn->service->ntds_guid;
+	state->bind_r.in.bind_info = &state->bind_info_ctr;
+	state->bind_r.out.bind_handle = &state->drsuapi->bind_handle;
+
+	subreq = dcerpc_drsuapi_DsBind_r_send(state,
+					      state->ev,
+					      state->drsuapi->drsuapi_handle,
+					      &state->bind_r);
+	if (tevent_req_nomem(subreq, req)) {
+		return;
+	}
+	tevent_req_set_callback(subreq, dreplsrv_out_drsuapi_bind_done, req);
+}
+
+static void dreplsrv_out_drsuapi_bind_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req = tevent_req_callback_data(subreq,
+				 struct tevent_req);
+	struct dreplsrv_out_drsuapi_state *state = tevent_req_data(req,
+						   struct dreplsrv_out_drsuapi_state);
+	NTSTATUS status;
+
+	status = dcerpc_drsuapi_DsBind_r_recv(subreq, state);
+	TALLOC_FREE(subreq);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	if (!W_ERROR_IS_OK(state->bind_r.out.result)) {
+		status = werror_to_ntstatus(state->bind_r.out.result);
+		tevent_req_nterror(req, status);
+		return;
+	}
+
+	ZERO_STRUCT(state->drsuapi->remote_info28);
+	if (state->bind_r.out.bind_info) {
+		struct drsuapi_DsBindInfo28 *info28;
+		info28 = &state->drsuapi->remote_info28;
+
+		switch (state->bind_r.out.bind_info->length) {
+		case 24: {
+			struct drsuapi_DsBindInfo24 *info24;
+			info24 = &state->bind_r.out.bind_info->info.info24;
+
+			info28->supported_extensions	= info24->supported_extensions;
+			info28->site_guid		= info24->site_guid;
+			info28->pid			= info24->pid;
+			info28->repl_epoch		= 0;
+			break;
+		}
+		case 28: {
+			*info28 = state->bind_r.out.bind_info->info.info28;
+			break;
+		}
+		case 32: {
+			struct drsuapi_DsBindInfo32 *info32;
+			info32 = &state->bind_r.out.bind_info->info.info32;
+
+			info28->supported_extensions	= info32->supported_extensions;
+			info28->site_guid		= info32->site_guid;
+			info28->pid			= info32->pid;
+			info28->repl_epoch		= info32->repl_epoch;
+			break;
+		}
+		case 48: {
+			struct drsuapi_DsBindInfo48 *info48;
+			info48 = &state->bind_r.out.bind_info->info.info48;
+
+			info28->supported_extensions	= info48->supported_extensions;
+			info28->site_guid		= info48->site_guid;
+			info28->pid			= info48->pid;
+			info28->repl_epoch		= info48->repl_epoch;
+			break;
+		}
+		case 52: {
+			struct drsuapi_DsBindInfo52 *info52;
+			info52 = &state->bind_r.out.bind_info->info.info52;
+
+			info28->supported_extensions	= info52->supported_extensions;
+			info28->site_guid		= info52->site_guid;
+			info28->pid			= info52->pid;
+			info28->repl_epoch		= info52->repl_epoch;
+			break;
+		}
+		default:
+			DEBUG(1, ("Warning: invalid info length in bind info: %d\n",
+				state->bind_r.out.bind_info->length));
+			break;
+		}
+	}
+
+	tevent_req_done(req);
+}
+
+NTSTATUS dreplsrv_out_drsuapi_recv(struct tevent_req *req)
+{
+	struct dreplsrv_out_drsuapi_state *state = tevent_req_data(req,
+						   struct dreplsrv_out_drsuapi_state);
+	NTSTATUS status;
+
+	if (tevent_req_is_nterror(req, &status)) {
+		tevent_req_received(req);
+		return status;
+	}
+
+	state->conn->drsuapi = talloc_move(state->conn, &state->drsuapi);
+
+	tevent_req_received(req);
+	return NT_STATUS_OK;
+}
+
+struct dreplsrv_op_pull_source_schema_cycle {
+	struct repsFromTo1 repsFrom1;
+	size_t object_count;
+	struct drsuapi_DsReplicaObjectListItemEx *first_object;
+	struct drsuapi_DsReplicaObjectListItemEx *last_object;
+	uint32_t linked_attributes_count;
+	struct drsuapi_DsReplicaLinkedAttribute *linked_attributes;
+};
+
+struct dreplsrv_op_pull_source_state {
+	struct tevent_context *ev;
+	struct dreplsrv_out_operation *op;
+	void *ndr_struct_ptr;
+	/*
+	 * Used when we have to re-try with a different NC, eg for
+	 * EXOP retry or to get a current schema first
+	 */
+	struct dreplsrv_partition_source_dsa *source_dsa_retry;
+	enum drsuapi_DsExtendedOperation extended_op_retry;
+	bool retry_started;
+	struct dreplsrv_op_pull_source_schema_cycle *schema_cycle;
+};
+
+static void dreplsrv_op_pull_source_connect_done(struct tevent_req *subreq);
+
+struct tevent_req *dreplsrv_op_pull_source_send(TALLOC_CTX *mem_ctx,
+						struct tevent_context *ev,
+						struct dreplsrv_out_operation *op)
+{
+	struct tevent_req *req;
+	struct dreplsrv_op_pull_source_state *state;
+	struct tevent_req *subreq;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct dreplsrv_op_pull_source_state);
+	if (req == NULL) {
+		return NULL;
+	}
+	state->ev = ev;
+	state->op = op;
+
+	subreq = dreplsrv_out_drsuapi_send(state, ev, op->source_dsa->conn);
+	if (tevent_req_nomem(subreq, req)) {
+		return tevent_req_post(req, ev);
+	}
+	tevent_req_set_callback(subreq, dreplsrv_op_pull_source_connect_done, req);
+
+	return req;
+}
+
+static bool dreplsrv_op_pull_source_detect_schema_cycle(struct tevent_req *req)
+{
+	struct dreplsrv_op_pull_source_state *state =
+		tevent_req_data(req,
+		struct dreplsrv_op_pull_source_state);
+	bool is_schema = false;
+
+	if (state->op->extended_op == DRSUAPI_EXOP_NONE) {
+		struct dreplsrv_out_operation *op = state->op;
+		struct dreplsrv_service *service = op->service;
+		struct ldb_dn *schema_dn = ldb_get_schema_basedn(service->samdb);
+		struct dreplsrv_partition *partition = op->source_dsa->partition;
+
+		is_schema = ldb_dn_compare(partition->dn, schema_dn) == 0;
+	}
+
+	if (is_schema) {
+		struct dreplsrv_op_pull_source_schema_cycle *sc;
+
+		sc = talloc_zero(state,
+				 struct dreplsrv_op_pull_source_schema_cycle);
+		if (tevent_req_nomem(sc, req)) {
+			return false;
+		}
+		sc->repsFrom1 = *state->op->source_dsa->repsFrom1;
+
+		state->schema_cycle = sc;
+	}
+
+	return true;
+}
+
+static void dreplsrv_op_pull_source_get_changes_trigger(struct tevent_req *req);
+
+static void dreplsrv_op_pull_source_connect_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req = tevent_req_callback_data(subreq,
+				 struct tevent_req);
+	NTSTATUS status;
+	bool ok;
+
+	status = dreplsrv_out_drsuapi_recv(subreq);
+	TALLOC_FREE(subreq);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	ok = dreplsrv_op_pull_source_detect_schema_cycle(req);
+	if (!ok) {
+		return;
+	}
+
+	dreplsrv_op_pull_source_get_changes_trigger(req);
+}
+
+static void dreplsrv_op_pull_source_get_changes_done(struct tevent_req *subreq);
+
+/*
+  get a RODC partial attribute set for a replication call
+ */
+static NTSTATUS dreplsrv_get_rodc_partial_attribute_set(struct dreplsrv_service *service,
+							TALLOC_CTX *mem_ctx,
+							struct drsuapi_DsPartialAttributeSet **_pas,
+							struct drsuapi_DsReplicaOIDMapping_Ctr **pfm,
+							bool for_schema)
+{
+	struct drsuapi_DsPartialAttributeSet *pas;
+	struct dsdb_schema *schema;
+	uint32_t i;
+
+	pas = talloc_zero(mem_ctx, struct drsuapi_DsPartialAttributeSet);
+	NT_STATUS_HAVE_NO_MEMORY(pas);
+
+	schema = dsdb_get_schema(service->samdb, NULL);
+
+	pas->version = 1;
+	pas->attids = talloc_array(pas, enum drsuapi_DsAttributeId, schema->num_attributes);
+	if (pas->attids == NULL) {
+		TALLOC_FREE(pas);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i=0; i<schema->num_attributes; i++) {
+		struct dsdb_attribute *a;
+		a = schema->attributes_by_attributeID_id[i];
+                if (a->systemFlags & (DS_FLAG_ATTR_NOT_REPLICATED | DS_FLAG_ATTR_IS_CONSTRUCTED)) {
+			continue;
+		}
+		if (a->searchFlags & SEARCH_FLAG_RODC_ATTRIBUTE) {
+			continue;
+		}
+		pas->attids[pas->num_attids] = dsdb_attribute_get_attid(a, for_schema);
+		pas->num_attids++;
+	}
+
+	pas->attids = talloc_realloc(pas, pas->attids, enum drsuapi_DsAttributeId, pas->num_attids);
+	if (pas->attids == NULL) {
+		TALLOC_FREE(pas);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	*_pas = pas;
+
+	if (pfm != NULL) {
+		dsdb_get_oid_mappings_drsuapi(schema, true, mem_ctx, pfm);
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  get a GC partial attribute set for a replication call
+ */
+static NTSTATUS dreplsrv_get_gc_partial_attribute_set(struct dreplsrv_service *service,
+						      TALLOC_CTX *mem_ctx,
+						      struct drsuapi_DsPartialAttributeSet **_pas,
+						      struct drsuapi_DsReplicaOIDMapping_Ctr **pfm)
+{
+	struct drsuapi_DsPartialAttributeSet *pas;
+	struct dsdb_schema *schema;
+	uint32_t i;
+
+	pas = talloc_zero(mem_ctx, struct drsuapi_DsPartialAttributeSet);
+	NT_STATUS_HAVE_NO_MEMORY(pas);
+
+	schema = dsdb_get_schema(service->samdb, NULL);
+
+	pas->version = 1;
+	pas->attids = talloc_array(pas, enum drsuapi_DsAttributeId, schema->num_attributes);
+	if (pas->attids == NULL) {
+		TALLOC_FREE(pas);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i=0; i<schema->num_attributes; i++) {
+		struct dsdb_attribute *a;
+		a = schema->attributes_by_attributeID_id[i];
+                if (a->isMemberOfPartialAttributeSet) {
+			pas->attids[pas->num_attids] = dsdb_attribute_get_attid(a, false);
+			pas->num_attids++;
+		}
+	}
+
+	pas->attids = talloc_realloc(pas, pas->attids, enum drsuapi_DsAttributeId, pas->num_attids);
+	if (pas->attids == NULL) {
+		TALLOC_FREE(pas);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	*_pas = pas;
+
+	if (pfm != NULL) {
+		dsdb_get_oid_mappings_drsuapi(schema, true, mem_ctx, pfm);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  convert from one udv format to the other
+ */
+static WERROR udv_convert(TALLOC_CTX *mem_ctx,
+			  const struct replUpToDateVectorCtr2 *udv,
+			  struct drsuapi_DsReplicaCursorCtrEx *udv_ex)
+{
+	uint32_t i;
+
+	udv_ex->version = 2;
+	udv_ex->reserved1 = 0;
+	udv_ex->reserved2 = 0;
+	udv_ex->count = udv->count;
+	udv_ex->cursors = talloc_array(mem_ctx, struct drsuapi_DsReplicaCursor, udv->count);
+	W_ERROR_HAVE_NO_MEMORY(udv_ex->cursors);
+
+	for (i=0; i<udv->count; i++) {
+		udv_ex->cursors[i].source_dsa_invocation_id = udv->cursors[i].source_dsa_invocation_id;
+		udv_ex->cursors[i].highest_usn = udv->cursors[i].highest_usn;
+	}
+
+	return WERR_OK;
+}
+
+
+static void dreplsrv_op_pull_source_get_changes_trigger(struct tevent_req *req)
+{
+	struct dreplsrv_op_pull_source_state *state = tevent_req_data(req,
+						      struct dreplsrv_op_pull_source_state);
+	const struct repsFromTo1 *rf1 = state->op->source_dsa->repsFrom1;
+	struct dreplsrv_service *service = state->op->service;
+	struct dreplsrv_partition *partition = state->op->source_dsa->partition;
+	struct dreplsrv_drsuapi_connection *drsuapi = state->op->source_dsa->conn->drsuapi;
+	struct drsuapi_DsGetNCChanges *r;
+	struct drsuapi_DsReplicaCursorCtrEx *uptodateness_vector;
+	struct tevent_req *subreq;
+	struct drsuapi_DsPartialAttributeSet *pas = NULL;
+	NTSTATUS status;
+	uint32_t replica_flags;
+	struct drsuapi_DsReplicaHighWaterMark highwatermark;
+	struct drsuapi_DsReplicaOIDMapping_Ctr *mappings = NULL;
+	bool is_schema = false;
+
+	if (state->schema_cycle != NULL) {
+		is_schema = true;
+		rf1 = &state->schema_cycle->repsFrom1;
+	}
+
+	r = talloc(state, struct drsuapi_DsGetNCChanges);
+	if (tevent_req_nomem(r, req)) {
+		return;
+	}
+
+	r->out.level_out = talloc(r, uint32_t);
+	if (tevent_req_nomem(r->out.level_out, req)) {
+		return;
+	}
+	r->in.req = talloc(r, union drsuapi_DsGetNCChangesRequest);
+	if (tevent_req_nomem(r->in.req, req)) {
+		return;
+	}
+	r->out.ctr = talloc(r, union drsuapi_DsGetNCChangesCtr);
+	if (tevent_req_nomem(r->out.ctr, req)) {
+		return;
+	}
+
+	if (partition->uptodatevector.count != 0 &&
+	    partition->uptodatevector_ex.count == 0) {
+		WERROR werr;
+		werr = udv_convert(partition, &partition->uptodatevector, &partition->uptodatevector_ex);
+		if (!W_ERROR_IS_OK(werr)) {
+			DEBUG(0,(__location__ ": Failed to convert UDV for %s : %s\n",
+				 ldb_dn_get_linearized(partition->dn), win_errstr(werr)));
+			tevent_req_nterror(req, werror_to_ntstatus(werr));
+			return;
+		}
+	}
+
+	if (partition->uptodatevector_ex.count == 0) {
+		uptodateness_vector = NULL;
+	} else {
+		uptodateness_vector = &partition->uptodatevector_ex;
+	}
+
+	replica_flags = rf1->replica_flags;
+	highwatermark = rf1->highwatermark;
+
+	if (state->op->options & DRSUAPI_DRS_GET_ANC) {
+		replica_flags |= DRSUAPI_DRS_GET_ANC;
+	}
+
+	if (state->op->options & DRSUAPI_DRS_SYNC_FORCED) {
+		replica_flags |= DRSUAPI_DRS_SYNC_FORCED;
+	}
+
+	if (partition->partial_replica) {
+		status = dreplsrv_get_gc_partial_attribute_set(service, r,
+							       &pas,
+							       &mappings);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0,(__location__ ": Failed to construct GC partial attribute set : %s\n", nt_errstr(status)));
+			tevent_req_nterror(req, status);
+			return;
+		}
+		replica_flags &= ~DRSUAPI_DRS_WRIT_REP;
+	} else if (partition->rodc_replica || state->op->extended_op == DRSUAPI_EXOP_REPL_SECRET) {
+		status = dreplsrv_get_rodc_partial_attribute_set(service, r,
+								 &pas,
+								 &mappings,
+								 is_schema);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0,(__location__ ": Failed to construct RODC partial attribute set : %s\n", nt_errstr(status)));
+			tevent_req_nterror(req, status);
+			return;
+		}
+		replica_flags &= ~DRSUAPI_DRS_WRIT_REP;
+		if (state->op->extended_op == DRSUAPI_EXOP_REPL_SECRET) {
+			replica_flags &= ~DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING;
+		} else {
+			replica_flags |= DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING;
+		}
+
+		/*
+		 * As per MS-DRSR:
+		 *
+		 * 4.1.10.4
+		 * Client Behavior When Sending the IDL_DRSGetNCChanges Request
+		 *
+		 * 4.1.10.4.1
+		 * ReplicateNCRequestMsg
+		 */
+		replica_flags |= DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP;
+	} else {
+		replica_flags |= DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP;
+	}
+
+	if (state->op->extended_op != DRSUAPI_EXOP_NONE) {
+		/*
+		 * If it's an exop never set the ADD_REF even if it's in
+		 * repsFrom flags.
+		 */
+		replica_flags &= ~DRSUAPI_DRS_ADD_REF;
+	}
+
+	/* is this a full resync of all objects? */
+	if (state->op->options & DRSUAPI_DRS_FULL_SYNC_NOW) {
+		ZERO_STRUCT(highwatermark);
+		/* clear the FULL_SYNC_NOW option for subsequent
+		   stages of the replication cycle */
+		state->op->options &= ~DRSUAPI_DRS_FULL_SYNC_NOW;
+		state->op->options |= DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS;
+		replica_flags |= DRSUAPI_DRS_NEVER_SYNCED;
+	}
+	if (state->op->options & DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS) {
+		uptodateness_vector = NULL;
+	}
+
+	r->in.bind_handle	= &drsuapi->bind_handle;
+
+	if (drsuapi->remote_info28.supported_extensions & DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10) {
+		r->in.level				= 10;
+		r->in.req->req10.destination_dsa_guid	= service->ntds_guid;
+		r->in.req->req10.source_dsa_invocation_id= rf1->source_dsa_invocation_id;
+		r->in.req->req10.naming_context		= &partition->nc;
+		r->in.req->req10.highwatermark		= highwatermark;
+		r->in.req->req10.uptodateness_vector	= uptodateness_vector;
+		r->in.req->req10.replica_flags		= replica_flags;
+		r->in.req->req10.max_object_count	= 133;
+		r->in.req->req10.max_ndr_size		= 1336811;
+		r->in.req->req10.extended_op		= state->op->extended_op;
+		r->in.req->req10.fsmo_info		= state->op->fsmo_info;
+		r->in.req->req10.partial_attribute_set	= pas;
+		r->in.req->req10.partial_attribute_set_ex= NULL;
+		r->in.req->req10.mapping_ctr.num_mappings= mappings == NULL ? 0 : mappings->num_mappings;
+		r->in.req->req10.mapping_ctr.mappings	= mappings == NULL ? NULL : mappings->mappings;
+
+		/* the only difference to v8 is the more_flags */
+		r->in.req->req10.more_flags = state->op->more_flags;
+
+	} else if (drsuapi->remote_info28.supported_extensions & DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8) {
+		r->in.level				= 8;
+		r->in.req->req8.destination_dsa_guid	= service->ntds_guid;
+		r->in.req->req8.source_dsa_invocation_id= rf1->source_dsa_invocation_id;
+		r->in.req->req8.naming_context		= &partition->nc;
+		r->in.req->req8.highwatermark		= highwatermark;
+		r->in.req->req8.uptodateness_vector	= uptodateness_vector;
+		r->in.req->req8.replica_flags		= replica_flags;
+		r->in.req->req8.max_object_count	= 133;
+		r->in.req->req8.max_ndr_size		= 1336811;
+		r->in.req->req8.extended_op		= state->op->extended_op;
+		r->in.req->req8.fsmo_info		= state->op->fsmo_info;
+		r->in.req->req8.partial_attribute_set	= pas;
+		r->in.req->req8.partial_attribute_set_ex= NULL;
+		r->in.req->req8.mapping_ctr.num_mappings= mappings == NULL ? 0 : mappings->num_mappings;
+		r->in.req->req8.mapping_ctr.mappings	= mappings == NULL ? NULL : mappings->mappings;
+	} else {
+		r->in.level				= 5;
+		r->in.req->req5.destination_dsa_guid	= service->ntds_guid;
+		r->in.req->req5.source_dsa_invocation_id= rf1->source_dsa_invocation_id;
+		r->in.req->req5.naming_context		= &partition->nc;
+		r->in.req->req5.highwatermark		= highwatermark;
+		r->in.req->req5.uptodateness_vector	= uptodateness_vector;
+		r->in.req->req5.replica_flags		= replica_flags;
+		r->in.req->req5.max_object_count	= 133;
+		r->in.req->req5.max_ndr_size		= 1336770;
+		r->in.req->req5.extended_op		= state->op->extended_op;
+		r->in.req->req5.fsmo_info		= state->op->fsmo_info;
+	}
+
+#if 0
+	NDR_PRINT_IN_DEBUG(drsuapi_DsGetNCChanges, r);
+#endif
+
+	state->ndr_struct_ptr = r;
+	subreq = dcerpc_drsuapi_DsGetNCChanges_r_send(state,
+						      state->ev,
+						      drsuapi->drsuapi_handle,
+						      r);
+	if (tevent_req_nomem(subreq, req)) {
+		return;
+	}
+	tevent_req_set_callback(subreq, dreplsrv_op_pull_source_get_changes_done, req);
+}
+
+static void dreplsrv_op_pull_source_apply_changes_trigger(struct tevent_req *req,
+						          struct drsuapi_DsGetNCChanges *r,
+						          uint32_t ctr_level,
+						          struct drsuapi_DsGetNCChangesCtr1 *ctr1,
+						          struct drsuapi_DsGetNCChangesCtr6 *ctr6);
+
+static void dreplsrv_op_pull_source_get_changes_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req = tevent_req_callback_data(subreq,
+				 struct tevent_req);
+	struct dreplsrv_op_pull_source_state *state = tevent_req_data(req,
+						      struct dreplsrv_op_pull_source_state);
+	NTSTATUS status;
+	struct drsuapi_DsGetNCChanges *r = talloc_get_type(state->ndr_struct_ptr,
+					   struct drsuapi_DsGetNCChanges);
+	uint32_t ctr_level = 0;
+	struct drsuapi_DsGetNCChangesCtr1 *ctr1 = NULL;
+	struct drsuapi_DsGetNCChangesCtr6 *ctr6 = NULL;
+	enum drsuapi_DsExtendedError extended_ret = DRSUAPI_EXOP_ERR_NONE;
+	state->ndr_struct_ptr = NULL;
+
+	status = dcerpc_drsuapi_DsGetNCChanges_r_recv(subreq, r);
+	TALLOC_FREE(subreq);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	if (!W_ERROR_IS_OK(r->out.result)) {
+		status = werror_to_ntstatus(r->out.result);
+		tevent_req_nterror(req, status);
+		return;
+	}
+
+	if (*r->out.level_out == 1) {
+		ctr_level = 1;
+		ctr1 = &r->out.ctr->ctr1;
+	} else if (*r->out.level_out == 2 &&
+		   r->out.ctr->ctr2.mszip1.ts) {
+		ctr_level = 1;
+		ctr1 = &r->out.ctr->ctr2.mszip1.ts->ctr1;
+	} else if (*r->out.level_out == 6) {
+		ctr_level = 6;
+		ctr6 = &r->out.ctr->ctr6;
+	} else if (*r->out.level_out == 7 &&
+		   r->out.ctr->ctr7.level == 6 &&
+		   r->out.ctr->ctr7.type == DRSUAPI_COMPRESSION_TYPE_MSZIP &&
+		   r->out.ctr->ctr7.ctr.mszip6.ts) {
+		ctr_level = 6;
+		ctr6 = &r->out.ctr->ctr7.ctr.mszip6.ts->ctr6;
+	} else if (*r->out.level_out == 7 &&
+		   r->out.ctr->ctr7.level == 6 &&
+		   r->out.ctr->ctr7.type == DRSUAPI_COMPRESSION_TYPE_WIN2K3_LZ77_DIRECT2 &&
+		   r->out.ctr->ctr7.ctr.xpress6.ts) {
+		ctr_level = 6;
+		ctr6 = &r->out.ctr->ctr7.ctr.xpress6.ts->ctr6;
+	} else {
+		status = werror_to_ntstatus(WERR_BAD_NET_RESP);
+		tevent_req_nterror(req, status);
+		return;
+	}
+
+	if (!ctr1 && !ctr6) {
+		status = werror_to_ntstatus(WERR_BAD_NET_RESP);
+		tevent_req_nterror(req, status);
+		return;
+	}
+
+	if (ctr_level == 6) {
+		if (!W_ERROR_IS_OK(ctr6->drs_error)) {
+			status = werror_to_ntstatus(ctr6->drs_error);
+			tevent_req_nterror(req, status);
+			return;
+		}
+		extended_ret = ctr6->extended_ret;
+	}
+
+	if (ctr_level == 1) {
+		extended_ret = ctr1->extended_ret;
+	}
+
+	if (state->op->extended_op != DRSUAPI_EXOP_NONE) {
+		state->op->extended_ret = extended_ret;
+
+		if (extended_ret != DRSUAPI_EXOP_ERR_SUCCESS) {
+			status = NT_STATUS_UNSUCCESSFUL;
+			tevent_req_nterror(req, status);
+			return;
+		}
+	}
+
+	dreplsrv_op_pull_source_apply_changes_trigger(req, r, ctr_level, ctr1, ctr6);
+}
+
+/**
+ * If processing a chunk of replication data fails, check if it is due to a
+ * problem that can be fixed by setting extra flags in the GetNCChanges request,
+ * i.e. GET_ANC or GET_TGT.
+ * @returns NT_STATUS_OK if the request was retried, and an error code if not
+ */
+static NTSTATUS dreplsrv_op_pull_retry_with_flags(struct tevent_req *req,
+						  WERROR error_code)
+{
+	struct dreplsrv_op_pull_source_state *state;
+	NTSTATUS nt_status = NT_STATUS_OK;
+
+	state = tevent_req_data(req, struct dreplsrv_op_pull_source_state);
+
+	/*
+	 * Check if we failed to apply the records due to a missing parent or
+	 * target object. If so, try again and ask for any missing parent/target
+	 * objects to be included this time.
+	 */
+	if (W_ERROR_EQUAL(error_code, WERR_DS_DRA_RECYCLED_TARGET)) {
+
+		if (state->op->more_flags & DRSUAPI_DRS_GET_TGT) {
+			DEBUG(1,("Missing target object despite setting DRSUAPI_DRS_GET_TGT flag\n"));
+			nt_status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+		} else {
+			state->op->more_flags |= DRSUAPI_DRS_GET_TGT;
+			DEBUG(1,("Missing target object when we didn't set the DRSUAPI_DRS_GET_TGT flag, retrying\n"));
+			dreplsrv_op_pull_source_get_changes_trigger(req);
+		}
+	} else if (W_ERROR_EQUAL(error_code, WERR_DS_DRA_MISSING_PARENT)) {
+
+		if (state->op->options & DRSUAPI_DRS_GET_ANC) {
+			DEBUG(1,("Missing parent object despite setting DRSUAPI_DRS_GET_ANC flag\n"));
+			nt_status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+		} else {
+			state->op->options |= DRSUAPI_DRS_GET_ANC;
+			DEBUG(4,("Missing parent object when we didn't set the DRSUAPI_DRS_GET_ANC flag, retrying\n"));
+			dreplsrv_op_pull_source_get_changes_trigger(req);
+		}
+	} else {
+		nt_status = werror_to_ntstatus(WERR_BAD_NET_RESP);
+	}
+
+	return nt_status;
+}
+
+
+static void dreplsrv_update_refs_trigger(struct tevent_req *req);
+
+static void dreplsrv_op_pull_source_apply_changes_trigger(struct tevent_req *req,
+							  struct drsuapi_DsGetNCChanges *r,
+							  uint32_t ctr_level,
+							  struct drsuapi_DsGetNCChangesCtr1 *ctr1,
+							   struct drsuapi_DsGetNCChangesCtr6 *ctr6)
+{
+	struct dreplsrv_op_pull_source_state *state = tevent_req_data(req,
+						      struct dreplsrv_op_pull_source_state);
+	struct repsFromTo1 rf1 = *state->op->source_dsa->repsFrom1;
+	struct dreplsrv_service *service = state->op->service;
+	struct dreplsrv_partition *partition = state->op->source_dsa->partition;
+	struct dreplsrv_drsuapi_connection *drsuapi = state->op->source_dsa->conn->drsuapi;
+	struct ldb_dn *schema_dn = ldb_get_schema_basedn(service->samdb);
+	struct dreplsrv_op_pull_source_schema_cycle *sc = NULL;
+	struct dsdb_schema *schema;
+	struct dsdb_schema *working_schema = NULL;
+	const struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr;
+	uint32_t object_count;
+	struct drsuapi_DsReplicaObjectListItemEx *first_object;
+	uint32_t linked_attributes_count;
+	struct drsuapi_DsReplicaLinkedAttribute *linked_attributes;
+	const struct drsuapi_DsReplicaCursor2CtrEx *uptodateness_vector;
+	struct dsdb_extended_replicated_objects *objects;
+	bool more_data = false;
+	WERROR status;
+	NTSTATUS nt_status;
+	uint32_t dsdb_repl_flags = 0;
+	struct ldb_dn *nc_root = NULL;
+	bool was_schema = false;
+	int ret;
+
+	switch (ctr_level) {
+	case 1:
+		mapping_ctr			= &ctr1->mapping_ctr;
+		object_count			= ctr1->object_count;
+		first_object			= ctr1->first_object;
+		linked_attributes_count		= 0;
+		linked_attributes		= NULL;
+		rf1.source_dsa_obj_guid 	= ctr1->source_dsa_guid;
+		rf1.source_dsa_invocation_id	= ctr1->source_dsa_invocation_id;
+		rf1.highwatermark		= ctr1->new_highwatermark;
+		uptodateness_vector		= NULL; /* TODO: map it */
+		more_data			= ctr1->more_data;
+		break;
+	case 6:
+		mapping_ctr			= &ctr6->mapping_ctr;
+		object_count			= ctr6->object_count;
+		first_object			= ctr6->first_object;
+		linked_attributes_count		= ctr6->linked_attributes_count;
+		linked_attributes		= ctr6->linked_attributes;
+		rf1.source_dsa_obj_guid 	= ctr6->source_dsa_guid;
+		rf1.source_dsa_invocation_id	= ctr6->source_dsa_invocation_id;
+		rf1.highwatermark		= ctr6->new_highwatermark;
+		uptodateness_vector		= ctr6->uptodateness_vector;
+		more_data			= ctr6->more_data;
+		break;
+	default:
+		nt_status = werror_to_ntstatus(WERR_BAD_NET_RESP);
+		tevent_req_nterror(req, nt_status);
+		return;
+	}
+
+	/*
+	 * We need to cache the schema changes until we replicated
+	 * everything before we can apply the new schema.
+	 */
+	if (state->schema_cycle != NULL) {
+		TALLOC_CTX *mem = NULL;
+		struct drsuapi_DsReplicaObjectListItemEx **ptr = NULL;
+		struct drsuapi_DsReplicaObjectListItemEx *l = NULL;
+
+		was_schema = true;
+		sc = state->schema_cycle;
+
+		sc->repsFrom1 = rf1;
+
+		if (sc->first_object == NULL) {
+			mem = sc;
+			ptr = &sc->first_object;
+		} else {
+			mem = sc->last_object;
+			ptr = &sc->last_object->next_object;
+		}
+		*ptr = talloc_move(mem, &first_object);
+		for (l = *ptr; l != NULL; l = l->next_object) {
+			sc->object_count++;
+			if (l->next_object == NULL) {
+				sc->last_object = l;
+				break;
+			}
+		}
+
+		if (sc->linked_attributes_count == 0) {
+			sc->linked_attributes = talloc_move(sc, &linked_attributes);
+			sc->linked_attributes_count = linked_attributes_count;
+			linked_attributes_count = 0;
+		} else if (linked_attributes_count > 0) {
+			struct drsuapi_DsReplicaLinkedAttribute *new_las = NULL;
+			struct drsuapi_DsReplicaLinkedAttribute *tmp_las = NULL;
+			uint64_t new_count;
+			uint64_t add_size;
+			uint32_t add_idx;
+
+			new_count = sc->linked_attributes_count;
+			new_count += linked_attributes_count;
+			if (new_count > UINT32_MAX) {
+				nt_status = werror_to_ntstatus(WERR_BAD_NET_RESP);
+				tevent_req_nterror(req, nt_status);
+				return;
+			}
+			add_size = linked_attributes_count;
+			add_size *= sizeof(linked_attributes[0]);
+			if (add_size > SIZE_MAX) {
+				nt_status = werror_to_ntstatus(WERR_BAD_NET_RESP);
+				tevent_req_nterror(req, nt_status);
+				return;
+			}
+			add_idx = sc->linked_attributes_count;
+
+			tmp_las = talloc_realloc(sc,
+						 sc->linked_attributes,
+						 struct drsuapi_DsReplicaLinkedAttribute,
+						 new_count);
+			if (tevent_req_nomem(tmp_las, req)) {
+				return;
+			}
+			new_las = talloc_move(tmp_las, &linked_attributes);
+			memcpy(&tmp_las[add_idx], new_las, add_size);
+			sc->linked_attributes = tmp_las;
+			sc->linked_attributes_count = new_count;
+			linked_attributes_count = 0;
+		}
+
+		if (more_data) {
+			/* we don't need this structure anymore */
+			TALLOC_FREE(r);
+
+			dreplsrv_op_pull_source_get_changes_trigger(req);
+			return;
+		}
+
+		/* detach sc from state */
+		state->schema_cycle = NULL;
+	}
+
+	schema = dsdb_get_schema(service->samdb, state);
+	if (!schema) {
+		DEBUG(0,(__location__ ": Schema is not loaded yet!\n"));
+		tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
+		return;
+	}
+
+	/*
+	 * Decide what working schema to use for object conversion.
+	 * We won't need a working schema for empty replicas sent.
+	 */
+	if (sc != NULL) {
+		first_object = talloc_move(r, &sc->first_object);
+		object_count = sc->object_count;
+		linked_attributes = talloc_move(r, &sc->linked_attributes);
+		linked_attributes_count = sc->linked_attributes_count;
+		TALLOC_FREE(sc);
+
+		if (first_object != NULL) {
+			/* create working schema to convert objects with */
+			status = dsdb_repl_make_working_schema(service->samdb,
+							       schema,
+							       mapping_ctr,
+							       object_count,
+							       first_object,
+							       &drsuapi->gensec_skey,
+							       state, &working_schema);
+			if (!W_ERROR_IS_OK(status)) {
+				DEBUG(0,("Failed to create working schema: %s\n",
+					 win_errstr(status)));
+				tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
+				return;
+			}
+		}
+	}
+
+	if (partition->partial_replica || partition->rodc_replica) {
+		dsdb_repl_flags |= DSDB_REPL_FLAG_PARTIAL_REPLICA;
+	}
+	if (state->op->options & DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS) {
+		dsdb_repl_flags |= DSDB_REPL_FLAG_PRIORITISE_INCOMING;
+	}
+	if (state->op->options & DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING) {
+		dsdb_repl_flags |= DSDB_REPL_FLAG_EXPECT_NO_SECRETS;
+	}
+	if (state->op->options & DRSUAPI_DRS_CRITICAL_ONLY ||
+	    state->op->extended_op != DRSUAPI_EXOP_NONE) {
+		dsdb_repl_flags |= DSDB_REPL_FLAG_OBJECT_SUBSET;
+	}
+
+	if (state->op->more_flags & DRSUAPI_DRS_GET_TGT) {
+		dsdb_repl_flags |= DSDB_REPL_FLAG_TARGETS_UPTODATE;
+	}
+
+	if (state->op->extended_op != DRSUAPI_EXOP_NONE) {
+		ret = dsdb_find_nc_root(service->samdb, partition,
+					partition->dn, &nc_root);
+		if (ret != LDB_SUCCESS) {
+			DEBUG(0,(__location__ ": Failed to find nc_root for %s\n",
+				 ldb_dn_get_linearized(partition->dn)));
+			tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
+			return;
+		}
+	} else {
+		nc_root = partition->dn;
+	}
+
+	status = dsdb_replicated_objects_convert(service->samdb,
+						 working_schema ? working_schema : schema,
+						 nc_root,
+						 mapping_ctr,
+						 object_count,
+						 first_object,
+						 linked_attributes_count,
+						 linked_attributes,
+						 &rf1,
+						 uptodateness_vector,
+						 &drsuapi->gensec_skey,
+						 dsdb_repl_flags,
+						 state, &objects);
+
+	if (W_ERROR_EQUAL(status, WERR_DS_DRA_SCHEMA_MISMATCH)) {
+		struct dreplsrv_partition *p;
+		bool ok;
+
+		if (was_schema) {
+			nt_status = werror_to_ntstatus(WERR_BAD_NET_RESP);
+			DBG_ERR("Got mismatch for schema partition: %s/%s\n",
+				  win_errstr(status), nt_errstr(nt_status));
+			tevent_req_nterror(req, nt_status);
+			return;
+		}
+
+		if (state->retry_started) {
+			nt_status = werror_to_ntstatus(WERR_BAD_NET_RESP);
+			DEBUG(0,("Failed to convert objects after retry: %s/%s\n",
+				  win_errstr(status), nt_errstr(nt_status)));
+			tevent_req_nterror(req, nt_status);
+			return;
+		}
+
+		/*
+		 * Change info sync or extended operation into a fetch
+		 * of the schema partition, so we get all the schema
+		 * objects we need.
+		 *
+		 * We don't want to re-do the remote exop,
+		 * unless it was REPL_SECRET so we set the
+		 * fallback operation to just be a fetch of
+		 * the relevant partition.
+		 */
+
+
+		if (state->op->extended_op == DRSUAPI_EXOP_REPL_SECRET) {
+			state->extended_op_retry = state->op->extended_op;
+		} else {
+			state->extended_op_retry = DRSUAPI_EXOP_NONE;
+		}
+		state->op->extended_op = DRSUAPI_EXOP_NONE;
+
+		if (ldb_dn_compare(nc_root, partition->dn) == 0) {
+			state->source_dsa_retry = state->op->source_dsa;
+		} else {
+			status = dreplsrv_partition_find_for_nc(service,
+								NULL, NULL,
+								ldb_dn_get_linearized(nc_root),
+								&p);
+			if (!W_ERROR_IS_OK(status)) {
+				DEBUG(2, ("Failed to find requested Naming Context for %s: %s\n",
+					  ldb_dn_get_linearized(nc_root),
+					  win_errstr(status)));
+				nt_status = werror_to_ntstatus(status);
+				tevent_req_nterror(req, nt_status);
+				return;
+			}
+			status = dreplsrv_partition_source_dsa_by_guid(p,
+								       &state->op->source_dsa->repsFrom1->source_dsa_obj_guid,
+								       &state->source_dsa_retry);
+
+			if (!W_ERROR_IS_OK(status)) {
+				struct GUID_txt_buf str;
+				DEBUG(2, ("Failed to find requested source DSA for %s and %s: %s\n",
+					  ldb_dn_get_linearized(nc_root),
+					  GUID_buf_string(&state->op->source_dsa->repsFrom1->source_dsa_obj_guid, &str),
+					  win_errstr(status)));
+				nt_status = werror_to_ntstatus(status);
+				tevent_req_nterror(req, nt_status);
+				return;
+			}
+		}
+
+		/* Find schema naming context to be synchronized first */
+		status = dreplsrv_partition_find_for_nc(service,
+							NULL, NULL,
+							ldb_dn_get_linearized(schema_dn),
+							&p);
+		if (!W_ERROR_IS_OK(status)) {
+			DEBUG(2, ("Failed to find requested Naming Context for schema: %s\n",
+				  win_errstr(status)));
+			nt_status = werror_to_ntstatus(status);
+			tevent_req_nterror(req, nt_status);
+			return;
+		}
+
+		status = dreplsrv_partition_source_dsa_by_guid(p,
+							       &state->op->source_dsa->repsFrom1->source_dsa_obj_guid,
+							       &state->op->source_dsa);
+		if (!W_ERROR_IS_OK(status)) {
+			struct GUID_txt_buf str;
+			DEBUG(2, ("Failed to find requested source DSA for %s and %s: %s\n",
+				  ldb_dn_get_linearized(schema_dn),
+				  GUID_buf_string(&state->op->source_dsa->repsFrom1->source_dsa_obj_guid, &str),
+				  win_errstr(status)));
+			nt_status = werror_to_ntstatus(status);
+			tevent_req_nterror(req, nt_status);
+			return;
+		}
+		DEBUG(4,("Wrong schema when applying reply GetNCChanges, retrying\n"));
+
+		state->retry_started = true;
+
+		ok = dreplsrv_op_pull_source_detect_schema_cycle(req);
+		if (!ok) {
+			return;
+		}
+
+		dreplsrv_op_pull_source_get_changes_trigger(req);
+		return;
+
+	} else if (!W_ERROR_IS_OK(status)) {
+		nt_status = werror_to_ntstatus(WERR_BAD_NET_RESP);
+		DEBUG(0,("Failed to convert objects: %s/%s\n",
+			  win_errstr(status), nt_errstr(nt_status)));
+		tevent_req_nterror(req, nt_status);
+		return;
+	}
+
+	status = dsdb_replicated_objects_commit(service->samdb,
+						working_schema,
+						objects,
+						&state->op->source_dsa->notify_uSN);
+	talloc_free(objects);
+
+	if (!W_ERROR_IS_OK(status)) {
+
+		/*
+		 * Check if this error can be fixed by resending the GetNCChanges
+		 * request with extra flags set (i.e. GET_ANC/GET_TGT)
+		 */
+		nt_status = dreplsrv_op_pull_retry_with_flags(req, status);
+
+		if (NT_STATUS_IS_OK(nt_status)) {
+
+			/*
+			 * We resent the request. Don't update the highwatermark,
+			 * we'll start this part of the cycle again.
+			 */
+			return;
+		}
+
+		DEBUG(0,("Failed to commit objects: %s/%s\n",
+			  win_errstr(status), nt_errstr(nt_status)));
+		tevent_req_nterror(req, nt_status);
+		return;
+	}
+
+	if (state->op->extended_op == DRSUAPI_EXOP_NONE) {
+		/* if it applied fine, we need to update the highwatermark */
+		*state->op->source_dsa->repsFrom1 = rf1;
+	}
+
+	/* we don't need this maybe very large structure anymore */
+	TALLOC_FREE(r);
+
+	if (more_data) {
+		dreplsrv_op_pull_source_get_changes_trigger(req);
+		return;
+	}
+
+	/*
+	 * If we had to divert via doing some other thing, such as
+	 * pulling the schema, then go back and do the original
+	 * operation once we are done.
+	 */
+	if (state->source_dsa_retry != NULL) {
+		state->op->source_dsa = state->source_dsa_retry;
+		state->op->extended_op = state->extended_op_retry;
+		state->source_dsa_retry = NULL;
+		dreplsrv_op_pull_source_get_changes_trigger(req);
+		return;
+	}
+
+	if (state->op->extended_op != DRSUAPI_EXOP_NONE ||
+	    state->op->service->am_rodc) {
+		/*
+		  we don't do the UpdateRefs for extended ops or if we
+		  are a RODC
+		 */
+		tevent_req_done(req);
+		return;
+	}
+
+	/* now we need to update the repsTo record for this partition
+	   on the server. These records are initially established when
+	   we join the domain, but they quickly expire.  We do it here
+	   so we can use the already established DRSUAPI pipe
+	*/
+	dreplsrv_update_refs_trigger(req);
+}
+
+static void dreplsrv_update_refs_done(struct tevent_req *subreq);
+
+/*
+  send a UpdateRefs request to refresh our repsTo record on the server
+ */
+static void dreplsrv_update_refs_trigger(struct tevent_req *req)
+{
+	struct dreplsrv_op_pull_source_state *state = tevent_req_data(req,
+						      struct dreplsrv_op_pull_source_state);
+	struct dreplsrv_service *service = state->op->service;
+	struct dreplsrv_partition *partition = state->op->source_dsa->partition;
+	struct dreplsrv_drsuapi_connection *drsuapi = state->op->source_dsa->conn->drsuapi;
+	struct drsuapi_DsReplicaUpdateRefs *r;
+	char *ntds_dns_name;
+	struct tevent_req *subreq;
+
+	r = talloc(state, struct drsuapi_DsReplicaUpdateRefs);
+	if (tevent_req_nomem(r, req)) {
+		return;
+	}
+
+	ntds_dns_name = samdb_ntds_msdcs_dns_name(service->samdb, r, &service->ntds_guid);
+	if (tevent_req_nomem(ntds_dns_name, req)) {
+		talloc_free(r);
+		return;
+	}
+
+	r->in.bind_handle	= &drsuapi->bind_handle;
+	r->in.level             = 1;
+	r->in.req.req1.naming_context	  = &partition->nc;
+	r->in.req.req1.dest_dsa_dns_name  = ntds_dns_name;
+	r->in.req.req1.dest_dsa_guid	  = service->ntds_guid;
+	r->in.req.req1.options	          = DRSUAPI_DRS_ADD_REF | DRSUAPI_DRS_DEL_REF;
+	if (!service->am_rodc) {
+		r->in.req.req1.options |= DRSUAPI_DRS_WRIT_REP;
+	}
+
+	state->ndr_struct_ptr = r;
+	subreq = dcerpc_drsuapi_DsReplicaUpdateRefs_r_send(state,
+							   state->ev,
+							   drsuapi->drsuapi_handle,
+							   r);
+	if (tevent_req_nomem(subreq, req)) {
+		talloc_free(r);
+		return;
+	}
+	tevent_req_set_callback(subreq, dreplsrv_update_refs_done, req);
+}
+
+/*
+  receive a UpdateRefs reply
+ */
+static void dreplsrv_update_refs_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req = tevent_req_callback_data(subreq,
+				 struct tevent_req);
+	struct dreplsrv_op_pull_source_state *state = tevent_req_data(req,
+						      struct dreplsrv_op_pull_source_state);
+	struct drsuapi_DsReplicaUpdateRefs *r = talloc_get_type(state->ndr_struct_ptr,
+								struct drsuapi_DsReplicaUpdateRefs);
+	NTSTATUS status;
+
+	state->ndr_struct_ptr = NULL;
+
+	status = dcerpc_drsuapi_DsReplicaUpdateRefs_r_recv(subreq, r);
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("UpdateRefs failed with %s\n", 
+			 nt_errstr(status)));
+		tevent_req_nterror(req, status);
+		return;
+	}
+
+	if (!W_ERROR_IS_OK(r->out.result)) {
+		status = werror_to_ntstatus(r->out.result);
+		DEBUG(0,("UpdateRefs failed with %s/%s for %s %s\n",
+			 win_errstr(r->out.result),
+			 nt_errstr(status),
+			 r->in.req.req1.dest_dsa_dns_name,
+			 r->in.req.req1.naming_context->dn));
+		/*
+		 * TODO we are currently not sending the
+		 * DsReplicaUpdateRefs at the correct moment,
+		 * we do it just after a GetNcChanges which is
+		 * not always correct.
+		 * Especially when another DC is trying to demote
+		 * it will sends us a DsReplicaSync that will trigger a getNcChanges
+		 * this call will succeed but the DsRecplicaUpdateRefs that we send
+		 * just after will not because the DC is in a demote state and
+		 * will reply us a WERR_DS_DRA_BUSY, this error will cause us to
+		 * answer to the DsReplicaSync with a non OK status, the other DC
+		 * will stop the demote due to this error.
+		 * In order to cope with this we will for the moment consider
+		 * a DS_DRA_BUSY not as an error.
+		 * It's not ideal but it should not have a too huge impact for
+		 * running production as this error otherwise never happen and
+		 * due to the fact the send a DsReplicaUpdateRefs after each getNcChanges
+		 */
+		if (!W_ERROR_EQUAL(r->out.result, WERR_DS_DRA_BUSY)) {
+			tevent_req_nterror(req, status);
+			return;
+		}
+	}
+
+	DEBUG(4,("UpdateRefs OK for %s %s\n", 
+		 r->in.req.req1.dest_dsa_dns_name,
+		 r->in.req.req1.naming_context->dn));
+
+	tevent_req_done(req);
+}
+
+WERROR dreplsrv_op_pull_source_recv(struct tevent_req *req)
+{
+	NTSTATUS status;
+
+	if (tevent_req_is_nterror(req, &status)) {
+		tevent_req_received(req);
+		return ntstatus_to_werror(status);
+	}
+
+	tevent_req_received(req);
+	return WERR_OK;
+}
+
diff --git a/source4/dsdb/repl/drepl_out_helpers.h b/source4/dsdb/repl/drepl_out_helpers.h
new file mode 100644
index 0000000..158eef4
--- /dev/null
+++ b/source4/dsdb/repl/drepl_out_helpers.h
@@ -0,0 +1,26 @@
+/* 
+   Unix SMB/CIFS Implementation.
+   DSDB replication service helper function for outgoing traffic
+   
+   Copyright (C) Stefan Metzmacher 2007
+    
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+   
+*/
+
+#ifndef DREPL_OUT_HELPERS_H
+#define DREPL_OUT_HELPERS_H
+
+
+#endif /* DREPL_OUT_HELPERS_H */
diff --git a/source4/dsdb/repl/drepl_out_pull.c b/source4/dsdb/repl/drepl_out_pull.c
new file mode 100644
index 0000000..fe9bd60
--- /dev/null
+++ b/source4/dsdb/repl/drepl_out_pull.c
@@ -0,0 +1,260 @@
+/* 
+   Unix SMB/CIFS Implementation.
+   DSDB replication service outgoing Pull-Replication
+   
+   Copyright (C) Stefan Metzmacher 2007
+    
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+   
+*/
+
+#include "includes.h"
+#include "dsdb/samdb/samdb.h"
+#include "auth/auth.h"
+#include "samba/service.h"
+#include "lib/events/events.h"
+#include "dsdb/repl/drepl_service.h"
+#include <ldb_errors.h>
+#include "../lib/util/dlinklist.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "libcli/composite/composite.h"
+#include "libcli/security/security.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS            DBGC_DRS_REPL
+
+/*
+  update repsFrom/repsTo error information
+ */
+void drepl_reps_update(struct dreplsrv_service *s, const char *reps_attr,
+		       struct ldb_dn *dn,
+		       struct GUID *source_dsa_obj_guid, WERROR status)
+{
+	struct repsFromToBlob *reps;
+	uint32_t count, i;
+	WERROR werr;
+	TALLOC_CTX *tmp_ctx = talloc_new(s);
+	time_t t;
+	NTTIME now;
+
+	t = time(NULL);
+	unix_to_nt_time(&now, t);
+
+	werr = dsdb_loadreps(s->samdb, tmp_ctx, dn, reps_attr, &reps, &count);
+	if (!W_ERROR_IS_OK(werr)) {
+		talloc_free(tmp_ctx);
+		return;
+	}
+
+	for (i=0; i<count; i++) {
+		if (GUID_equal(source_dsa_obj_guid,
+			       &reps[i].ctr.ctr1.source_dsa_obj_guid)) {
+			break;
+		}
+	}
+
+	if (i == count) {
+		/* no record to update */
+		talloc_free(tmp_ctx);
+		return;
+	}
+
+	/* only update the status fields */
+	reps[i].ctr.ctr1.last_attempt = now;
+	reps[i].ctr.ctr1.result_last_attempt = status;
+	if (W_ERROR_IS_OK(status)) {
+		reps[i].ctr.ctr1.last_success = now;
+		reps[i].ctr.ctr1.consecutive_sync_failures = 0;
+	} else {
+		reps[i].ctr.ctr1.consecutive_sync_failures++;
+	}
+
+	werr = dsdb_savereps(s->samdb, tmp_ctx, dn, reps_attr, reps, count);
+	if (!W_ERROR_IS_OK(werr)) {
+		DEBUG(2,("drepl_reps_update: Failed to save %s for %s: %s\n",
+			 reps_attr, ldb_dn_get_linearized(dn), win_errstr(werr)));
+	}
+	talloc_free(tmp_ctx);
+}
+
+WERROR dreplsrv_schedule_partition_pull_source(struct dreplsrv_service *s,
+					       struct dreplsrv_partition_source_dsa *source,
+					       uint32_t options,
+					       enum drsuapi_DsExtendedOperation extended_op,
+					       uint64_t fsmo_info,
+					       dreplsrv_extended_callback_t callback,
+					       void *cb_data)
+{
+	struct dreplsrv_out_operation *op;
+
+	op = talloc_zero(s, struct dreplsrv_out_operation);
+	W_ERROR_HAVE_NO_MEMORY(op);
+
+	op->service	= s;
+	/*
+	 * source may either be the long-term list of partners, or
+	 * from dreplsrv_partition_source_dsa_temporary().  Because it
+	 * can be either, we can't talloc_steal() it here, so we
+	 * instead we reference it.
+	 *
+	 * We never talloc_free() the p->sources pointers - indeed we
+	 * never remove them - and the temp source will otherwise go
+	 * away with the msg it is allocated on.
+	 *
+	 * Finally the pointer created in drepl_request_extended_op()
+	 * is removed with talloc_unlink().
+	 *
+	 */
+	op->source_dsa	= talloc_reference(op, source);
+	if (!op->source_dsa) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	op->options	= options;
+	op->extended_op = extended_op;
+	op->fsmo_info   = fsmo_info;
+	op->callback    = callback;
+	op->cb_data	= cb_data;
+	op->schedule_time = time(NULL);
+	op->more_flags	= 0;
+
+	DLIST_ADD_END(s->ops.pending, op);
+
+	return WERR_OK;
+}
+
+static WERROR dreplsrv_schedule_partition_pull(struct dreplsrv_service *s,
+					       struct dreplsrv_partition *p,
+					       TALLOC_CTX *mem_ctx)
+{
+	WERROR status;
+	struct dreplsrv_partition_source_dsa *cur;
+
+	for (cur = p->sources; cur; cur = cur->next) {
+		status = dreplsrv_schedule_partition_pull_source(s, cur,
+		                                                 0, DRSUAPI_EXOP_NONE, 0,
+		                                                 NULL, NULL);
+		W_ERROR_NOT_OK_RETURN(status);
+	}
+
+	return WERR_OK;
+}
+
+WERROR dreplsrv_schedule_pull_replication(struct dreplsrv_service *s, TALLOC_CTX *mem_ctx)
+{
+	WERROR status;
+	struct dreplsrv_partition *p;
+
+	for (p = s->partitions; p; p = p->next) {
+		status = dreplsrv_schedule_partition_pull(s, p, mem_ctx);
+		W_ERROR_NOT_OK_RETURN(status);
+	}
+
+	return WERR_OK;
+}
+
+
+static void dreplsrv_pending_op_callback(struct tevent_req *subreq)
+{
+	struct dreplsrv_out_operation *op = tevent_req_callback_data(subreq,
+					    struct dreplsrv_out_operation);
+	struct repsFromTo1 *rf = op->source_dsa->repsFrom1;
+	struct dreplsrv_service *s = op->service;
+	WERROR werr;
+
+	werr = dreplsrv_op_pull_source_recv(subreq);
+	TALLOC_FREE(subreq);
+
+	DEBUG(4,("dreplsrv_op_pull_source(%s) for %s\n", win_errstr(werr),
+		 ldb_dn_get_linearized(op->source_dsa->partition->dn)));
+
+	if (op->extended_op == DRSUAPI_EXOP_NONE) {
+		drepl_reps_update(s, "repsFrom", op->source_dsa->partition->dn,
+				  &rf->source_dsa_obj_guid, werr);
+	}
+
+	if (op->callback) {
+		op->callback(s, werr, op->extended_ret, op->cb_data);
+	}
+	talloc_free(op);
+	s->ops.current = NULL;
+	dreplsrv_run_pending_ops(s);
+}
+
+void dreplsrv_run_pull_ops(struct dreplsrv_service *s)
+{
+	struct dreplsrv_out_operation *op;
+	time_t t;
+	NTTIME now;
+	struct tevent_req *subreq;
+	WERROR werr;
+
+	if (s->ops.n_current || s->ops.current) {
+		/* if there's still one running, we're done */
+		return;
+	}
+
+	if (!s->ops.pending) {
+		/* if there're no pending operations, we're done */
+		return;
+	}
+
+	t = time(NULL);
+	unix_to_nt_time(&now, t);
+
+	op = s->ops.pending;
+	s->ops.current = op;
+	DLIST_REMOVE(s->ops.pending, op);
+
+	op->source_dsa->repsFrom1->last_attempt = now;
+
+	/* check if inbound replication is enabled */
+	if (!(op->options & DRSUAPI_DRS_SYNC_FORCED)) {
+		uint32_t rep_options;
+		if (samdb_ntds_options(op->service->samdb, &rep_options) != LDB_SUCCESS) {
+			werr = WERR_DS_DRA_INTERNAL_ERROR;
+			goto failed;
+		}
+
+		if ((rep_options & DS_NTDSDSA_OPT_DISABLE_INBOUND_REPL)) {
+			werr = WERR_DS_DRA_SINK_DISABLED;
+			goto failed;
+		}
+	}
+
+	subreq = dreplsrv_op_pull_source_send(op, s->task->event_ctx, op);
+	if (!subreq) {
+		werr = WERR_NOT_ENOUGH_MEMORY;
+		goto failed;
+	}
+
+	tevent_req_set_callback(subreq, dreplsrv_pending_op_callback, op);
+	return;
+
+failed:
+	if (op->extended_op == DRSUAPI_EXOP_NONE) {
+		drepl_reps_update(s, "repsFrom", op->source_dsa->partition->dn,
+				  &op->source_dsa->repsFrom1->source_dsa_obj_guid, werr);
+	}
+	/* unblock queue processing */
+	s->ops.current = NULL;
+	/*
+	 * let the callback do its job just like in any other failure situation
+	 */
+	if (op->callback) {
+		op->callback(s, werr, op->extended_ret, op->cb_data);
+	}
+}
diff --git a/source4/dsdb/repl/drepl_partitions.c b/source4/dsdb/repl/drepl_partitions.c
new file mode 100644
index 0000000..c525329
--- /dev/null
+++ b/source4/dsdb/repl/drepl_partitions.c
@@ -0,0 +1,665 @@
+/* 
+   Unix SMB/CIFS Implementation.
+   DSDB replication service
+   
+   Copyright (C) Stefan Metzmacher 2007
+    
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+   
+*/
+
+#include "includes.h"
+#include "dsdb/samdb/samdb.h"
+#include "auth/auth.h"
+#include "samba/service.h"
+#include "lib/events/events.h"
+#include "dsdb/repl/drepl_service.h"
+#include <ldb_errors.h>
+#include "../lib/util/dlinklist.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "libcli/security/security.h"
+#include "param/param.h"
+#include "dsdb/common/util.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS            DBGC_DRS_REPL
+
+#undef strcasecmp
+
+/*
+  load the partitions list based on replicated NC attributes in our
+  NTDSDSA object
+ */
+WERROR dreplsrv_load_partitions(struct dreplsrv_service *s)
+{
+	WERROR status;
+	static const char *attrs[] = { "hasMasterNCs", "msDS-hasMasterNCs", "hasPartialReplicaNCs", "msDS-HasFullReplicaNCs", NULL };
+	unsigned int a;
+	int ret;
+	TALLOC_CTX *tmp_ctx;
+	struct ldb_result *res;
+	struct ldb_message_element *el;
+	struct ldb_dn *ntds_dn;
+
+	tmp_ctx = talloc_new(s);
+	W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
+
+	ntds_dn = samdb_ntds_settings_dn(s->samdb, tmp_ctx);
+	if (!ntds_dn) {
+		DEBUG(1,(__location__ ": Unable to find ntds_dn: %s\n", ldb_errstring(s->samdb)));
+		talloc_free(tmp_ctx);
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	ret = dsdb_search_dn(s->samdb, tmp_ctx, &res, ntds_dn, attrs, DSDB_SEARCH_SHOW_EXTENDED_DN);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(1,("Searching for hasMasterNCs in NTDS DN failed: %s\n", ldb_errstring(s->samdb)));
+		talloc_free(tmp_ctx);
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	for (a=0; attrs[a]; a++) {
+		int i;
+
+		el = ldb_msg_find_element(res->msgs[0], attrs[a]);
+		if (el == NULL) {
+			continue;
+		}
+		for (i=0; i<el->num_values; i++) {
+			struct ldb_dn *pdn;
+			struct dreplsrv_partition *p, *tp;
+			bool found;
+
+			pdn = ldb_dn_from_ldb_val(tmp_ctx, s->samdb, &el->values[i]);
+			if (pdn == NULL) {
+				talloc_free(tmp_ctx);
+				return WERR_DS_DRA_INTERNAL_ERROR;
+			}
+			if (!ldb_dn_validate(pdn)) {
+				return WERR_DS_DRA_INTERNAL_ERROR;
+			}
+
+			p = talloc_zero(s, struct dreplsrv_partition);
+			W_ERROR_HAVE_NO_MEMORY(p);
+
+			p->dn = talloc_steal(p, pdn);
+			p->service = s;
+
+			if (strcasecmp(attrs[a], "hasPartialReplicaNCs") == 0) {
+				p->partial_replica = true;
+			} else if (strcasecmp(attrs[a], "msDS-HasFullReplicaNCs") == 0) {
+				p->rodc_replica = true;
+			}
+
+			/* Do not add partitions more than once */
+			found = false;
+			for (tp = s->partitions; tp; tp = tp->next) {
+				if (ldb_dn_compare(tp->dn, p->dn) == 0) {
+					found = true;
+					break;
+				}
+			}
+			if (found) {
+				talloc_free(p);
+				continue;
+			}
+
+			DLIST_ADD(s->partitions, p);
+			DEBUG(2, ("dreplsrv_partition[%s] loaded\n", ldb_dn_get_linearized(p->dn)));
+		}
+	}
+
+	talloc_free(tmp_ctx);
+
+	status = dreplsrv_refresh_partitions(s);
+	W_ERROR_NOT_OK_RETURN(status);
+
+	return WERR_OK;
+}
+
+/*
+  Check if particular SPN exists for an account
+ */
+static bool dreplsrv_spn_exists(struct ldb_context *samdb, struct ldb_dn *account_dn,
+				const char *principal_name)
+{
+	TALLOC_CTX *tmp_ctx;
+	const char *attrs_empty[] = { NULL };
+	int ret;
+	struct ldb_result *res;
+	const char *principal_name_encoded = NULL;
+
+	tmp_ctx = talloc_new(samdb);
+	if (tmp_ctx == NULL) {
+		return false;
+	}
+
+	principal_name_encoded = ldb_binary_encode_string(tmp_ctx, principal_name);
+	if (principal_name_encoded == NULL) {
+		talloc_free(tmp_ctx);
+		return false;
+	}
+
+	ret = dsdb_search(samdb, tmp_ctx, &res, account_dn, LDB_SCOPE_BASE, attrs_empty,
+			0, "servicePrincipalName=%s",
+			principal_name_encoded);
+	if (ret != LDB_SUCCESS || res->count != 1) {
+		talloc_free(tmp_ctx);
+		return false;
+	}
+
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+/*
+  work out the principal to use for DRS replication connections
+ */
+static NTSTATUS dreplsrv_get_target_principal(struct dreplsrv_service *s,
+					      TALLOC_CTX *mem_ctx,
+					      const struct repsFromTo1 *rft,
+					      char **target_principal)
+{
+	TALLOC_CTX *tmp_ctx;
+	struct ldb_result *res;
+	const char *attrs_server[] = { "dNSHostName", "serverReference", NULL };
+	const char *attrs_ntds[] = { "msDS-HasDomainNCs", "hasMasterNCs", NULL };
+	int ret;
+	const char *hostname, *dnsdomain=NULL;
+	struct ldb_dn *ntds_dn, *server_dn, *computer_dn;
+	struct ldb_dn *forest_dn, *nc_dn;
+
+	*target_principal = NULL;
+
+	tmp_ctx = talloc_new(mem_ctx);
+
+	/* we need to find their hostname */
+	ret = dsdb_find_dn_by_guid(s->samdb, tmp_ctx, &rft->source_dsa_obj_guid, 0, &ntds_dn);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		/* its OK for their NTDSDSA DN not to be in our database */
+		return NT_STATUS_OK;
+	}
+
+	server_dn = ldb_dn_copy(tmp_ctx, ntds_dn);
+	if (server_dn == NULL) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_OK;
+	}
+
+	/* strip off the NTDS Settings */
+	if (!ldb_dn_remove_child_components(server_dn, 1)) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_OK;
+	}
+
+	ret = dsdb_search_dn(s->samdb, tmp_ctx, &res, server_dn, attrs_server, 0);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		/* its OK for their server DN not to be in our database */
+		return NT_STATUS_OK;
+	}
+
+	forest_dn = ldb_get_root_basedn(s->samdb);
+	if (forest_dn == NULL) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_OK;
+	}
+
+	hostname = ldb_msg_find_attr_as_string(res->msgs[0], "dNSHostName", NULL);
+	computer_dn = ldb_msg_find_attr_as_dn(s->samdb, tmp_ctx, res->msgs[0], "serverReference");
+	if (hostname != NULL && computer_dn != NULL) {
+		char *local_principal;
+
+		/*
+		  if we have the dNSHostName attribute then we can use
+		  the GC/hostname/realm SPN. All DCs should have this SPN
+
+		  Windows DC may set up it's dNSHostName before setting up
+		  GC/xx/xx SPN. So make sure it exists, before using it.
+		 */
+		local_principal = talloc_asprintf(mem_ctx, "GC/%s/%s",
+						    hostname,
+						    samdb_dn_to_dns_domain(tmp_ctx, forest_dn));
+		if (local_principal == NULL) {
+			talloc_free(tmp_ctx);
+			return NT_STATUS_NO_MEMORY;
+		}
+		if (dreplsrv_spn_exists(s->samdb, computer_dn, local_principal)) {
+			*target_principal = local_principal;
+			talloc_free(tmp_ctx);
+			return NT_STATUS_OK;
+		}
+
+		talloc_free(local_principal);
+	}
+
+	/*
+	   if we can't find the dNSHostName then we will try for the
+	   E3514235-4B06-11D1-AB04-00C04FC2DCD2/${NTDSGUID}/${DNSDOMAIN}
+	   SPN. To use that we need the DNS domain name of the target
+	   DC. We find that by first looking for the msDS-HasDomainNCs
+	   in the NTDSDSA object of the DC, and if we don't find that,
+	   then we look for the hasMasterNCs attribute, and eliminate
+	   the known schema and configuruation DNs. Despite how
+	   bizarre this seems, Hongwei tells us that this is in fact
+	   what windows does to find the SPN!!
+	*/
+	ret = dsdb_search_dn(s->samdb, tmp_ctx, &res, ntds_dn, attrs_ntds, 0);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_OK;
+	}
+
+	nc_dn = ldb_msg_find_attr_as_dn(s->samdb, tmp_ctx, res->msgs[0], "msDS-HasDomainNCs");
+	if (nc_dn != NULL) {
+		dnsdomain = samdb_dn_to_dns_domain(tmp_ctx, nc_dn);
+	}
+
+	if (dnsdomain == NULL) {
+		struct ldb_message_element *el;
+		int i;
+		el = ldb_msg_find_element(res->msgs[0], "hasMasterNCs");
+		for (i=0; el && i<el->num_values; i++) {
+			nc_dn = ldb_dn_from_ldb_val(tmp_ctx, s->samdb, &el->values[i]);
+			if (nc_dn == NULL ||
+			    ldb_dn_compare(ldb_get_config_basedn(s->samdb), nc_dn) == 0 ||
+			    ldb_dn_compare(ldb_get_schema_basedn(s->samdb), nc_dn) == 0) {
+				continue;
+			}
+			/* it must be a domain DN, get the equivalent
+			   DNS domain name */
+			dnsdomain = samdb_dn_to_dns_domain(tmp_ctx, nc_dn);
+			break;
+		}
+	}
+
+	if (dnsdomain != NULL) {
+		*target_principal = talloc_asprintf(mem_ctx,
+						    "E3514235-4B06-11D1-AB04-00C04FC2DCD2/%s/%s@%s",
+						    GUID_string(tmp_ctx, &rft->source_dsa_obj_guid),
+						    dnsdomain, dnsdomain);
+	}
+
+	talloc_free(tmp_ctx);
+	return NT_STATUS_OK;
+}
+
+
+WERROR dreplsrv_out_connection_attach(struct dreplsrv_service *s,
+				      const struct repsFromTo1 *rft,
+				      struct dreplsrv_out_connection **_conn)
+{
+	struct dreplsrv_out_connection *cur, *conn = NULL;
+	const char *hostname;
+
+	if (!rft->other_info) {
+		return WERR_FOOBAR;
+	}
+
+	if (!rft->other_info->dns_name) {
+		return WERR_FOOBAR;
+	}
+
+	hostname = rft->other_info->dns_name;
+
+	for (cur = s->connections; cur; cur = cur->next) {
+		const char *host;
+
+		host = dcerpc_binding_get_string_option(cur->binding, "host");
+		if (host == NULL) {
+			continue;
+		}
+
+		if (strcmp(host, hostname) == 0) {
+			conn = cur;
+			break;
+		}
+	}
+
+	if (!conn) {
+		NTSTATUS nt_status;
+		char *binding_str;
+		char *target_principal = NULL;
+
+		conn = talloc_zero(s, struct dreplsrv_out_connection);
+		W_ERROR_HAVE_NO_MEMORY(conn);
+
+		conn->service	= s;
+
+		binding_str = talloc_asprintf(conn, "ncacn_ip_tcp:%s[krb5,seal]",
+					      hostname);
+		W_ERROR_HAVE_NO_MEMORY(binding_str);
+		nt_status = dcerpc_parse_binding(conn, binding_str, &conn->binding);
+		talloc_free(binding_str);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			return ntstatus_to_werror(nt_status);
+		}
+
+		/* use the GC principal for DRS replication */
+		nt_status = dreplsrv_get_target_principal(s, conn->binding,
+							  rft, &target_principal);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			return ntstatus_to_werror(nt_status);
+		}
+
+		nt_status = dcerpc_binding_set_string_option(conn->binding,
+							     "target_principal",
+							     target_principal);
+		TALLOC_FREE(target_principal);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			return ntstatus_to_werror(nt_status);
+		}
+
+		DLIST_ADD_END(s->connections, conn);
+
+		DEBUG(4,("dreplsrv_out_connection_attach(%s): create\n", hostname));
+	} else {
+		DEBUG(4,("dreplsrv_out_connection_attach(%s): attach\n", hostname));
+	}
+
+	*_conn = conn;
+	return WERR_OK;
+}
+
+/*
+  find an existing source dsa in a list
+ */
+static struct dreplsrv_partition_source_dsa *dreplsrv_find_source_dsa(struct dreplsrv_partition_source_dsa *list,
+								      struct GUID *guid)
+{
+	struct dreplsrv_partition_source_dsa *s;
+	for (s=list; s; s=s->next) {
+		if (GUID_equal(&s->repsFrom1->source_dsa_obj_guid, guid)) {
+			return s;
+		}
+	}
+	return NULL;	
+}
+
+
+
+static WERROR dreplsrv_partition_add_source_dsa(struct dreplsrv_service *s,
+						struct dreplsrv_partition *p,
+						struct dreplsrv_partition_source_dsa **listp,
+						struct dreplsrv_partition_source_dsa *check_list,
+						const struct ldb_val *val)
+{
+	WERROR status;
+	enum ndr_err_code ndr_err;
+	struct dreplsrv_partition_source_dsa *source, *s2;
+
+	source = talloc_zero(p, struct dreplsrv_partition_source_dsa);
+	W_ERROR_HAVE_NO_MEMORY(source);
+
+	ndr_err = ndr_pull_struct_blob(val, source, 
+				       &source->_repsFromBlob,
+				       (ndr_pull_flags_fn_t)ndr_pull_repsFromToBlob);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
+		talloc_free(source);
+		return ntstatus_to_werror(nt_status);
+	}
+	/* NDR_PRINT_DEBUG(repsFromToBlob, &source->_repsFromBlob); */
+	if (source->_repsFromBlob.version != 1) {
+		talloc_free(source);
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	source->partition	= p;
+	source->repsFrom1	= &source->_repsFromBlob.ctr.ctr1;
+
+	status = dreplsrv_out_connection_attach(s, source->repsFrom1, &source->conn);
+	W_ERROR_NOT_OK_RETURN(status);
+
+	if (check_list && 
+	    dreplsrv_find_source_dsa(check_list, &source->repsFrom1->source_dsa_obj_guid)) {
+		/* its in the check list, don't add it again */
+		talloc_free(source);
+		return WERR_OK;
+	}
+
+	/* re-use an existing source if found */
+	for (s2=*listp; s2; s2=s2->next) {
+		if (GUID_equal(&s2->repsFrom1->source_dsa_obj_guid,
+				 &source->repsFrom1->source_dsa_obj_guid)) {
+			talloc_free(s2->repsFrom1->other_info);
+			*s2->repsFrom1 = *source->repsFrom1;
+			talloc_steal(s2, s2->repsFrom1->other_info);
+			talloc_free(source);
+			return WERR_OK;
+		}
+	}
+
+	DLIST_ADD_END(*listp, source);
+	return WERR_OK;
+}
+
+/**
+ * Find a partition when given a NC
+ * If the NC can't be found it will return BAD_NC
+ * Initial checks for invalid parameters have to be done beforehand
+ */
+WERROR dreplsrv_partition_find_for_nc(struct dreplsrv_service *s,
+				      struct GUID *nc_guid,
+				      struct dom_sid *nc_sid,
+				      const char *nc_dn_str,
+				      struct dreplsrv_partition **_p)
+{
+	struct dreplsrv_partition *p;
+	bool valid_sid, valid_guid;
+
+	SMB_ASSERT(_p);
+
+	valid_sid  = nc_sid && !is_null_sid(nc_sid);
+	valid_guid = nc_guid && !GUID_all_zero(nc_guid);
+
+	if (!valid_sid && !valid_guid && (!nc_dn_str)) {
+		return WERR_DS_DRA_BAD_NC;
+	}
+
+	for (p = s->partitions; p; p = p->next) {
+		if ((valid_guid && GUID_equal(&p->nc.guid, nc_guid))
+		    || strequal(p->nc.dn, nc_dn_str)
+		    || (valid_sid && dom_sid_equal(&p->nc.sid, nc_sid)))
+		{
+			/* fill in the right guid and sid if possible */
+			if (nc_guid && !valid_guid) {
+				dsdb_get_extended_dn_guid(p->dn, nc_guid, "GUID");
+			}
+			if (nc_sid && !valid_sid) {
+				dsdb_get_extended_dn_sid(p->dn, nc_sid, "SID");
+			}
+			*_p = p;
+			return WERR_OK;
+		}
+	}
+
+	return WERR_DS_DRA_BAD_NC;
+}
+
+WERROR dreplsrv_partition_source_dsa_by_guid(struct dreplsrv_partition *p,
+					     const struct GUID *dsa_guid,
+					     struct dreplsrv_partition_source_dsa **_dsa)
+{
+	struct dreplsrv_partition_source_dsa *dsa;
+
+	SMB_ASSERT(dsa_guid != NULL);
+	SMB_ASSERT(!GUID_all_zero(dsa_guid));
+	SMB_ASSERT(_dsa);
+
+	for (dsa = p->sources; dsa; dsa = dsa->next) {
+		if (GUID_equal(dsa_guid, &dsa->repsFrom1->source_dsa_obj_guid)) {
+			*_dsa = dsa;
+			return WERR_OK;
+		}
+	}
+
+	return WERR_DS_DRA_NO_REPLICA;
+}
+
+WERROR dreplsrv_partition_source_dsa_by_dns(const struct dreplsrv_partition *p,
+					    const char *dsa_dns,
+					    struct dreplsrv_partition_source_dsa **_dsa)
+{
+	struct dreplsrv_partition_source_dsa *dsa;
+
+	SMB_ASSERT(dsa_dns != NULL);
+	SMB_ASSERT(_dsa);
+
+	for (dsa = p->sources; dsa; dsa = dsa->next) {
+		if (strequal(dsa_dns, dsa->repsFrom1->other_info->dns_name)) {
+			*_dsa = dsa;
+			return WERR_OK;
+		}
+	}
+
+	return WERR_DS_DRA_NO_REPLICA;
+}
+
+
+/*
+  create a temporary dsa structure for a replication. This is needed
+  for the initial replication of a new partition, such as when a new
+  domain NC is created and we are a global catalog server
+ */
+WERROR dreplsrv_partition_source_dsa_temporary(struct dreplsrv_partition *p,
+					       TALLOC_CTX *mem_ctx,
+					       const struct GUID *dsa_guid,
+					       struct dreplsrv_partition_source_dsa **_dsa)
+{
+	struct dreplsrv_partition_source_dsa *dsa;
+	WERROR werr;
+
+	dsa = talloc_zero(mem_ctx, struct dreplsrv_partition_source_dsa);
+	W_ERROR_HAVE_NO_MEMORY(dsa);
+
+	dsa->partition = p;
+	dsa->repsFrom1 = &dsa->_repsFromBlob.ctr.ctr1;
+	dsa->repsFrom1->replica_flags = 0;
+	dsa->repsFrom1->source_dsa_obj_guid = *dsa_guid;
+
+	dsa->repsFrom1->other_info = talloc_zero(dsa, struct repsFromTo1OtherInfo);
+	W_ERROR_HAVE_NO_MEMORY(dsa->repsFrom1->other_info);
+
+	dsa->repsFrom1->other_info->dns_name = samdb_ntds_msdcs_dns_name(p->service->samdb,
+									 dsa->repsFrom1->other_info, dsa_guid);
+	W_ERROR_HAVE_NO_MEMORY(dsa->repsFrom1->other_info->dns_name);
+
+	werr = dreplsrv_out_connection_attach(p->service, dsa->repsFrom1, &dsa->conn);
+	if (!W_ERROR_IS_OK(werr)) {
+		DEBUG(0,(__location__ ": Failed to attach connection to %s\n",
+			 ldb_dn_get_linearized(p->dn)));
+		talloc_free(dsa);
+		return werr;
+	}
+
+	*_dsa = dsa;
+
+	return WERR_OK;
+}
+
+
+static WERROR dreplsrv_refresh_partition(struct dreplsrv_service *s,
+					 struct dreplsrv_partition *p)
+{
+	WERROR status;
+	NTSTATUS ntstatus;
+	struct ldb_message_element *orf_el = NULL;
+	struct ldb_result *r = NULL;
+	unsigned int i;
+	int ret;
+	TALLOC_CTX *mem_ctx = talloc_new(p);
+	static const char *attrs[] = {
+		"repsFrom",
+		"repsTo",
+		NULL
+	};
+	struct ldb_dn *dn;
+
+	DEBUG(4, ("dreplsrv_refresh_partition(%s)\n",
+		ldb_dn_get_linearized(p->dn)));
+
+	ret = dsdb_search_dn(s->samdb, mem_ctx, &r, p->dn, attrs, DSDB_SEARCH_SHOW_EXTENDED_DN);
+	if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+		/* we haven't replicated the partition yet, but we
+		 * can fill in the guid, sid etc from the partition DN */
+		dn = p->dn;
+	} else if (ret != LDB_SUCCESS) {
+		talloc_free(mem_ctx);
+		return WERR_FOOBAR;
+	} else {
+		dn = r->msgs[0]->dn;
+	}
+	
+	talloc_free(discard_const(p->nc.dn));
+	ZERO_STRUCT(p->nc);
+	p->nc.dn	= ldb_dn_alloc_linearized(p, dn);
+	W_ERROR_HAVE_NO_MEMORY(p->nc.dn);
+	ntstatus = dsdb_get_extended_dn_guid(dn, &p->nc.guid, "GUID");
+	if (!NT_STATUS_IS_OK(ntstatus)) {
+		DEBUG(0,(__location__ ": unable to get GUID for %s: %s\n",
+			 p->nc.dn, nt_errstr(ntstatus)));
+		talloc_free(mem_ctx);
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+	dsdb_get_extended_dn_sid(dn, &p->nc.sid, "SID");
+
+	talloc_free(p->uptodatevector.cursors);
+	talloc_free(p->uptodatevector_ex.cursors);
+	ZERO_STRUCT(p->uptodatevector);
+	ZERO_STRUCT(p->uptodatevector_ex);
+
+	ret = dsdb_load_udv_v2(s->samdb, p->dn, p, &p->uptodatevector.cursors, &p->uptodatevector.count);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(4,(__location__ ": no UDV available for %s\n", ldb_dn_get_linearized(p->dn)));
+	}
+
+	status = WERR_OK;
+
+	if (r != NULL && (orf_el = ldb_msg_find_element(r->msgs[0], "repsFrom"))) {
+		for (i=0; i < orf_el->num_values; i++) {
+			status = dreplsrv_partition_add_source_dsa(s, p, &p->sources,
+								   NULL, &orf_el->values[i]);
+			W_ERROR_NOT_OK_GOTO_DONE(status);
+		}
+	}
+
+	if (r != NULL && (orf_el = ldb_msg_find_element(r->msgs[0], "repsTo"))) {
+		for (i=0; i < orf_el->num_values; i++) {
+			status = dreplsrv_partition_add_source_dsa(s, p, &p->notifies,
+								   p->sources, &orf_el->values[i]);
+			W_ERROR_NOT_OK_GOTO_DONE(status);
+		}
+	}
+
+done:
+	talloc_free(mem_ctx);
+	return status;
+}
+
+WERROR dreplsrv_refresh_partitions(struct dreplsrv_service *s)
+{
+	WERROR status;
+	struct dreplsrv_partition *p;
+
+	for (p = s->partitions; p; p = p->next) {
+		status = dreplsrv_refresh_partition(s, p);
+		W_ERROR_NOT_OK_RETURN(status);
+	}
+
+	return WERR_OK;
+}
diff --git a/source4/dsdb/repl/drepl_periodic.c b/source4/dsdb/repl/drepl_periodic.c
new file mode 100644
index 0000000..4cdc8cb
--- /dev/null
+++ b/source4/dsdb/repl/drepl_periodic.c
@@ -0,0 +1,157 @@
+/* 
+   Unix SMB/CIFS Implementation.
+   DSDB replication service periodic handling
+   
+   Copyright (C) Stefan Metzmacher 2007
+    
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+   
+*/
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include "dsdb/samdb/samdb.h"
+#include "auth/auth.h"
+#include "samba/service.h"
+#include "dsdb/repl/drepl_service.h"
+#include <ldb_errors.h>
+#include "../lib/util/dlinklist.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS            DBGC_DRS_REPL
+
+static void dreplsrv_periodic_run(struct dreplsrv_service *service);
+
+static void dreplsrv_periodic_handler_te(struct tevent_context *ev, struct tevent_timer *te,
+					 struct timeval t, void *ptr)
+{
+	struct dreplsrv_service *service = talloc_get_type(ptr, struct dreplsrv_service);
+	WERROR status;
+
+	service->periodic.te = NULL;
+
+	dreplsrv_periodic_run(service);
+
+	status = dreplsrv_periodic_schedule(service, service->periodic.interval);
+	if (!W_ERROR_IS_OK(status)) {
+		task_server_terminate(service->task, win_errstr(status), false);
+		return;
+	}
+}
+
+WERROR dreplsrv_periodic_schedule(struct dreplsrv_service *service, uint32_t next_interval)
+{
+	TALLOC_CTX *tmp_mem;
+	struct tevent_timer *new_te;
+	struct timeval next_time;
+
+	/* prevent looping */
+	if (next_interval == 0) next_interval = 1;
+
+	next_time = timeval_current_ofs(next_interval, 50);
+
+	if (service->periodic.te) {
+		/*
+		 * if the timestamp of the new event is higher,
+		 * as current next we don't need to reschedule
+		 */
+		if (timeval_compare(&next_time, &service->periodic.next_event) > 0) {
+			return WERR_OK;
+		}
+	}
+
+	/* reset the next scheduled timestamp */
+	service->periodic.next_event = next_time;
+
+	new_te = tevent_add_timer(service->task->event_ctx, service,
+			         service->periodic.next_event,
+			         dreplsrv_periodic_handler_te, service);
+	W_ERROR_HAVE_NO_MEMORY(new_te);
+
+	tmp_mem = talloc_new(service);
+	DEBUG(4,("dreplsrv_periodic_schedule(%u) %sscheduled for: %s\n",
+		next_interval,
+		(service->periodic.te?"re":""),
+		nt_time_string(tmp_mem, timeval_to_nttime(&next_time))));
+	talloc_free(tmp_mem);
+
+	talloc_free(service->periodic.te);
+	service->periodic.te = new_te;
+
+	return WERR_OK;
+}
+
+static void dreplsrv_periodic_run(struct dreplsrv_service *service)
+{
+	TALLOC_CTX *mem_ctx;
+
+	DEBUG(4,("dreplsrv_periodic_run(): schedule pull replication\n"));
+
+	/*
+	 * KCC or some administrative tool
+	 * might have changed Topology graph
+	 * i.e. repsFrom/repsTo
+	 */
+	dreplsrv_refresh_partitions(service);
+
+	mem_ctx = talloc_new(service);
+	dreplsrv_schedule_pull_replication(service, mem_ctx);
+	talloc_free(mem_ctx);
+
+	DEBUG(4,("dreplsrv_periodic_run(): run pending_ops memory=%u\n", 
+		 (unsigned)talloc_total_blocks(service)));
+
+	dreplsrv_ridalloc_check_rid_pool(service);
+
+	dreplsrv_run_pending_ops(service);
+}
+
+/*
+  run the next pending op, either a notify or a pull
+ */
+void dreplsrv_run_pending_ops(struct dreplsrv_service *s)
+{
+	if (!s->ops.notifies && !s->ops.pending) {
+		return;
+	}
+	if (!s->ops.notifies ||
+	    (s->ops.pending &&
+	     s->ops.notifies->schedule_time > s->ops.pending->schedule_time)) {
+		dreplsrv_run_pull_ops(s);
+	} else {
+		dreplsrv_notify_run_ops(s);
+	}
+}
+
+static void dreplsrv_pending_pull_handler_im(struct tevent_context *ev,
+					     struct tevent_immediate *im,
+					     void *ptr)
+{
+	struct dreplsrv_service *service = talloc_get_type(ptr, struct dreplsrv_service);
+
+	dreplsrv_run_pull_ops(service);
+}
+
+void dreplsrv_pendingops_schedule_pull_now(struct dreplsrv_service *service)
+{
+	tevent_schedule_immediate(service->pending.im, service->task->event_ctx,
+				  dreplsrv_pending_pull_handler_im,
+				  service);
+
+	return;
+}
+
diff --git a/source4/dsdb/repl/drepl_replica.c b/source4/dsdb/repl/drepl_replica.c
new file mode 100644
index 0000000..05d0683
--- /dev/null
+++ b/source4/dsdb/repl/drepl_replica.c
@@ -0,0 +1,62 @@
+/*
+   Unix SMB/CIFS Implementation.
+
+   DSDB replication service - DsReplica{Add,Del,Mod} handling
+
+   Copyright (C) Andrew Tridgell 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+#include "includes.h"
+#include "ldb_module.h"
+#include "dsdb/samdb/samdb.h"
+#include "samba/service.h"
+#include "dsdb/repl/drepl_service.h"
+#include "param/param.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS            DBGC_DRS_REPL
+
+/*
+  implement DsReplicaAdd (forwarded from DRS server)
+ */
+NTSTATUS drepl_replica_add(struct dreplsrv_service *service,
+			   struct drsuapi_DsReplicaAdd *r)
+{
+	NDR_PRINT_FUNCTION_DEBUG(drsuapi_DsReplicaAdd, NDR_IN, r);
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/*
+  implement DsReplicaDel (forwarded from DRS server)
+ */
+NTSTATUS drepl_replica_del(struct dreplsrv_service *service,
+			   struct drsuapi_DsReplicaDel *r)
+{
+	NDR_PRINT_FUNCTION_DEBUG(drsuapi_DsReplicaDel, NDR_IN, r);
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/*
+  implement DsReplicaMod (forwarded from DRS server)
+ */
+NTSTATUS drepl_replica_mod(struct dreplsrv_service *service,
+			   struct drsuapi_DsReplicaMod *r)
+{
+	NDR_PRINT_FUNCTION_DEBUG(drsuapi_DsReplicaMod, NDR_IN, r);
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
diff --git a/source4/dsdb/repl/drepl_ridalloc.c b/source4/dsdb/repl/drepl_ridalloc.c
new file mode 100644
index 0000000..529e4e3
--- /dev/null
+++ b/source4/dsdb/repl/drepl_ridalloc.c
@@ -0,0 +1,265 @@
+/*
+   Unix SMB/CIFS Implementation.
+
+   DSDB replication service - RID allocation code
+
+   Copyright (C) Andrew Tridgell 2010
+   Copyright (C) Andrew Bartlett 2010
+
+   based on drepl_notify.c
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+#include "includes.h"
+#include "ldb_module.h"
+#include "dsdb/samdb/samdb.h"
+#include "samba/service.h"
+#include "dsdb/repl/drepl_service.h"
+#include "param/param.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS            DBGC_DRS_REPL
+
+/*
+  called when a rid allocation request has completed
+ */
+static void drepl_new_rid_pool_callback(struct dreplsrv_service *service,
+					WERROR werr,
+					enum drsuapi_DsExtendedError ext_err,
+					void *cb_data)
+{
+	if (!W_ERROR_IS_OK(werr)) {
+		DEBUG(0,(__location__ ": RID Manager failed RID allocation - %s - extended_ret[0x%X]\n",
+			 win_errstr(werr), ext_err));
+	} else {
+		DEBUG(3,(__location__ ": RID Manager completed RID allocation OK\n"));
+	}
+
+	service->rid_alloc_in_progress = false;
+}
+
+/*
+  schedule a getncchanges request to the RID Manager to ask for a new
+  set of RIDs using DRSUAPI_EXOP_FSMO_RID_ALLOC
+ */
+static WERROR drepl_request_new_rid_pool(struct dreplsrv_service *service,
+					 struct ldb_dn *rid_manager_dn, struct ldb_dn *fsmo_role_dn,
+					 uint64_t alloc_pool)
+{
+	WERROR werr = drepl_request_extended_op(service,
+						rid_manager_dn,
+						fsmo_role_dn,
+						DRSUAPI_EXOP_FSMO_RID_ALLOC,
+						alloc_pool,
+						0,
+						drepl_new_rid_pool_callback, NULL);
+	if (W_ERROR_IS_OK(werr)) {
+		service->rid_alloc_in_progress = true;
+	}
+	return werr;
+}
+
+
+/*
+  see if we are on the last pool we have
+ */
+static int drepl_ridalloc_pool_exhausted(struct ldb_context *ldb,
+					 bool *exhausted,
+					 uint64_t *_alloc_pool)
+{
+	struct ldb_dn *server_dn, *machine_dn, *rid_set_dn;
+	TALLOC_CTX *tmp_ctx = talloc_new(ldb);
+	uint64_t alloc_pool;
+	uint64_t prev_pool;
+	uint32_t prev_pool_lo, prev_pool_hi;
+	uint32_t next_rid;
+	static const char * const attrs[] = {
+		"rIDAllocationPool",
+		"rIDPreviousAllocationPool",
+		"rIDNextRid",
+		NULL
+	};
+	int ret;
+	struct ldb_result *res;
+
+	*exhausted = false;
+	*_alloc_pool = UINT64_MAX;
+
+	server_dn = ldb_dn_get_parent(tmp_ctx, samdb_ntds_settings_dn(ldb, tmp_ctx));
+	if (!server_dn) {
+		talloc_free(tmp_ctx);
+		return ldb_operr(ldb);
+	}
+
+	ret = samdb_reference_dn(ldb, tmp_ctx, server_dn, "serverReference", &machine_dn);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,(__location__ ": Failed to find serverReference in %s - %s\n",
+			 ldb_dn_get_linearized(server_dn), ldb_errstring(ldb)));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	ret = samdb_reference_dn(ldb, tmp_ctx, machine_dn, "rIDSetReferences", &rid_set_dn);
+	if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE) {
+		*exhausted = true;
+		*_alloc_pool = 0;
+		talloc_free(tmp_ctx);
+		return LDB_SUCCESS;
+	}
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,(__location__ ": Failed to find rIDSetReferences in %s - %s\n",
+			 ldb_dn_get_linearized(machine_dn), ldb_errstring(ldb)));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	ret = ldb_search(ldb, tmp_ctx, &res, rid_set_dn, LDB_SCOPE_BASE, attrs, NULL);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,(__location__ ": Failed to load RID Set attrs from %s - %s\n",
+			 ldb_dn_get_linearized(rid_set_dn), ldb_errstring(ldb)));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	alloc_pool = ldb_msg_find_attr_as_uint64(res->msgs[0], "rIDAllocationPool", 0);
+	prev_pool = ldb_msg_find_attr_as_uint64(res->msgs[0], "rIDPreviousAllocationPool", 0);
+	prev_pool_lo = prev_pool & 0xFFFFFFFF;
+	prev_pool_hi = prev_pool >> 32;
+	next_rid = ldb_msg_find_attr_as_uint(res->msgs[0], "rIDNextRid", 0);
+
+	if (alloc_pool != prev_pool) {
+		talloc_free(tmp_ctx);
+		return LDB_SUCCESS;
+	}
+
+	if (next_rid < (prev_pool_hi + prev_pool_lo)/2) {
+		talloc_free(tmp_ctx);
+		return LDB_SUCCESS;
+	}
+
+	*exhausted = true;
+	*_alloc_pool = alloc_pool;
+	talloc_free(tmp_ctx);
+	return LDB_SUCCESS;
+}
+
+
+/*
+  see if we are low on RIDs in the RID Set rIDAllocationPool. If we
+  are, then schedule a replication call with DRSUAPI_EXOP_FSMO_RID_ALLOC
+  to the RID Manager
+ */
+WERROR dreplsrv_ridalloc_check_rid_pool(struct dreplsrv_service *service)
+{
+	struct ldb_dn *rid_manager_dn, *fsmo_role_dn;
+	TALLOC_CTX *tmp_ctx = talloc_new(service);
+	struct ldb_context *ldb = service->samdb;
+	bool exhausted;
+	WERROR werr;
+	int ret;
+	uint64_t alloc_pool;
+	bool is_us;
+
+	if (service->am_rodc) {
+		talloc_free(tmp_ctx);
+		return WERR_OK;
+	}
+
+	if (service->rid_alloc_in_progress) {
+		talloc_free(tmp_ctx);
+		return WERR_OK;
+	}
+
+	/*
+	  steps:
+	    - find who the RID Manager is
+	    - if we are the RID Manager then nothing to do
+	    - find our RID Set object
+	    - load rIDAllocationPool and rIDPreviousAllocationPool
+	    - if rIDAllocationPool != rIDPreviousAllocationPool then
+	      nothing to do
+	    - schedule a getncchanges with DRSUAPI_EXOP_FSMO_RID_ALLOC
+	      to the RID Manager
+	 */
+
+	/* work out who is the RID Manager */
+	ret = samdb_rid_manager_dn(ldb, tmp_ctx, &rid_manager_dn);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0, (__location__ ": Failed to find RID Manager object - %s\n", ldb_errstring(ldb)));
+		talloc_free(tmp_ctx);
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	/* find the DN of the RID Manager */
+	ret = samdb_reference_dn(ldb, tmp_ctx, rid_manager_dn, "fSMORoleOwner", &fsmo_role_dn);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,(__location__ ": Failed to find fSMORoleOwner in RID Manager object - %s\n",
+			 ldb_errstring(ldb)));
+		talloc_free(tmp_ctx);
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	ret = samdb_dn_is_our_ntdsa(ldb, fsmo_role_dn, &is_us);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,(__location__ ": Failed to find determine if %s is our ntdsDsa object - %s\n",
+			 ldb_dn_get_linearized(fsmo_role_dn), ldb_errstring(ldb)));
+		talloc_free(tmp_ctx);
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	if (is_us) {
+		/* we are the RID Manager - no need to do a
+		   DRSUAPI_EXOP_FSMO_RID_ALLOC */
+		talloc_free(tmp_ctx);
+		return WERR_OK;
+	}
+
+	ret = drepl_ridalloc_pool_exhausted(ldb, &exhausted, &alloc_pool);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	if (!exhausted) {
+		/* don't need a new pool */
+		talloc_free(tmp_ctx);
+		return WERR_OK;
+	}
+
+	DEBUG(2,(__location__ ": Requesting more RIDs from RID Manager\n"));
+
+	werr = drepl_request_new_rid_pool(service, rid_manager_dn, fsmo_role_dn, alloc_pool);
+	talloc_free(tmp_ctx);
+	return werr;
+}
+
+/* called by the samldb ldb module to tell us to ask for a new RID
+   pool */
+void dreplsrv_allocate_rid(struct imessaging_context *msg,
+			   void *private_data,
+			   uint32_t msg_type,
+			   struct server_id server_id,
+			   size_t num_fds,
+			   int *fds,
+			   DATA_BLOB *data)
+{
+	struct dreplsrv_service *service = talloc_get_type(private_data, struct dreplsrv_service);
+	if (num_fds != 0) {
+		DBG_WARNING("Received %zu fds, ignoring message\n", num_fds);
+		return;
+	}
+	dreplsrv_ridalloc_check_rid_pool(service);
+}
diff --git a/source4/dsdb/repl/drepl_secret.c b/source4/dsdb/repl/drepl_secret.c
new file mode 100644
index 0000000..47a8ca9
--- /dev/null
+++ b/source4/dsdb/repl/drepl_secret.c
@@ -0,0 +1,146 @@
+/*
+   Unix SMB/CIFS Implementation.
+
+   DSDB replication service - repl secret handling
+
+   Copyright (C) Andrew Tridgell 2010
+   Copyright (C) Andrew Bartlett 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+#include "includes.h"
+#include "ldb_module.h"
+#include "dsdb/samdb/samdb.h"
+#include "samba/service.h"
+#include "dsdb/repl/drepl_service.h"
+#include "param/param.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS            DBGC_DRS_REPL
+
+struct repl_secret_state {
+	const char *user_dn;
+};
+
+/*
+  called when a repl secret has completed
+ */
+static void drepl_repl_secret_callback(struct dreplsrv_service *service,
+				       WERROR werr,
+				       enum drsuapi_DsExtendedError ext_err,
+				       void *cb_data)
+{
+	struct repl_secret_state *state = talloc_get_type_abort(cb_data, struct repl_secret_state);
+	if (!W_ERROR_IS_OK(werr)) {
+		if (W_ERROR_EQUAL(werr, WERR_DS_DRA_SECRETS_DENIED)) {
+			DEBUG(3,(__location__ ": repl secret disallowed for user "
+				 "%s - not in allowed replication group\n",
+				 state->user_dn));
+		} else {
+			DEBUG(3,(__location__ ": repl secret failed for user %s - %s: extended_ret[0x%X]\n",
+				 state->user_dn, win_errstr(werr), ext_err));
+		}
+	} else {
+		DEBUG(3,(__location__ ": repl secret completed OK for '%s'\n", state->user_dn));
+	}
+	talloc_free(state);
+}
+
+
+/**
+ * Called when the auth code wants us to try and replicate
+ * a users secrets
+ */
+void drepl_repl_secret(struct dreplsrv_service *service,
+		       const char *user_dn)
+{
+	WERROR werr;
+	struct ldb_dn *nc_dn, *nc_root, *source_dsa_dn;
+	struct dreplsrv_partition *p;
+	struct GUID *source_dsa_guid;
+	struct repl_secret_state *state;
+	int ret;
+
+	state = talloc_zero(service, struct repl_secret_state);
+	if (state == NULL) {
+		/* nothing to do, no return value */
+		return;
+	}
+
+	/* keep a copy for logging in the callback */
+	state->user_dn = talloc_strdup(state, user_dn);
+
+	nc_dn = ldb_dn_new(state, service->samdb, user_dn);
+	if (!ldb_dn_validate(nc_dn)) {
+		DEBUG(0,(__location__ ": Failed to parse user_dn '%s'\n", user_dn));
+		talloc_free(state);
+		return;
+	}
+
+	/* work out which partition this is in */
+	ret = dsdb_find_nc_root(service->samdb, state, nc_dn, &nc_root);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,(__location__ ": Failed to find nc_root for user_dn '%s'\n", user_dn));
+		talloc_free(state);
+		return;
+	}
+
+	/* find the partition in our list */
+	for (p=service->partitions; p; p=p->next) {
+		if (ldb_dn_compare(p->dn, nc_root) == 0) {
+			break;
+		}
+	}
+	if (p == NULL) {
+		DEBUG(0,(__location__ ": Failed to find partition for nc_root '%s'\n", ldb_dn_get_linearized(nc_root)));
+		talloc_free(state);
+		return;
+	}
+
+	if (p->sources == NULL) {
+		DEBUG(0,(__location__ ": No sources for nc_root '%s' for user_dn '%s'\n",
+			 ldb_dn_get_linearized(nc_root), user_dn));
+		talloc_free(state);
+		return;
+	}
+
+	/* use the first source, for no particularly good reason */
+	source_dsa_guid = &p->sources->repsFrom1->source_dsa_obj_guid;
+
+	source_dsa_dn = ldb_dn_new(state, service->samdb,
+				   talloc_asprintf(state, "<GUID=%s>",
+						   GUID_string(state, source_dsa_guid)));
+	if (!ldb_dn_validate(source_dsa_dn)) {
+		DEBUG(0,(__location__ ": Invalid source DSA GUID '%s' for user_dn '%s'\n",
+			 GUID_string(state, source_dsa_guid), user_dn));
+		talloc_free(state);
+		return;
+	}
+
+	werr = drepl_request_extended_op(service,
+					 nc_dn,
+					 source_dsa_dn,
+					 DRSUAPI_EXOP_REPL_SECRET,
+					 0,
+					 p->sources->repsFrom1->highwatermark.highest_usn,
+					 drepl_repl_secret_callback, state);
+	if (!W_ERROR_IS_OK(werr)) {
+		DEBUG(2,(__location__ ": Failed to setup secret replication for user_dn '%s'\n", user_dn));
+		talloc_free(state);
+		return;
+	}
+	DEBUG(3,(__location__ ": started secret replication for %s\n", user_dn));
+}
diff --git a/source4/dsdb/repl/drepl_service.c b/source4/dsdb/repl/drepl_service.c
new file mode 100644
index 0000000..02ece26
--- /dev/null
+++ b/source4/dsdb/repl/drepl_service.c
@@ -0,0 +1,545 @@
+/*
+   Unix SMB/CIFS Implementation.
+   DSDB replication service
+
+   Copyright (C) Stefan Metzmacher 2007
+   Copyright (C) Kamen Mazdrashki <kamenim@samba.org> 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+#include "includes.h"
+#include "dsdb/samdb/samdb.h"
+#include "auth/auth.h"
+#include "samba/service.h"
+#include "lib/events/events.h"
+#include "dsdb/repl/drepl_service.h"
+#include <ldb_errors.h>
+#include "../lib/util/dlinklist.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "librpc/gen_ndr/ndr_irpc.h"
+#include "param/param.h"
+#include "libds/common/roles.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS            DBGC_DRS_REPL
+
+/**
+ * Call-back data for _drepl_replica_sync_done_cb()
+ */
+struct drepl_replica_sync_cb_data {
+	struct irpc_message *msg;
+	struct drsuapi_DsReplicaSync *r;
+
+	/* number of ops left to be completed */
+	int ops_count;
+
+	/* last failure error code */
+	WERROR werr_last_failure;
+};
+
+
+static WERROR dreplsrv_init_creds(struct dreplsrv_service *service)
+{
+	service->system_session_info = system_session(service->task->lp_ctx);
+	if (service->system_session_info == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	return WERR_OK;
+}
+
+static WERROR dreplsrv_connect_samdb(struct dreplsrv_service *service, struct loadparm_context *lp_ctx)
+{
+	const struct GUID *ntds_guid;
+	struct drsuapi_DsBindInfo28 *bind_info28;
+
+	service->samdb = samdb_connect(service,
+				       service->task->event_ctx,
+				       lp_ctx,
+				       service->system_session_info,
+				       NULL,
+				       0);
+	if (!service->samdb) {
+		return WERR_DS_UNAVAILABLE;
+	}
+
+	ntds_guid = samdb_ntds_objectGUID(service->samdb);
+	if (!ntds_guid) {
+		return WERR_DS_UNAVAILABLE;
+	}
+	service->ntds_guid = *ntds_guid;
+
+	if (samdb_rodc(service->samdb, &service->am_rodc) != LDB_SUCCESS) {
+		DEBUG(0,(__location__ ": Failed to determine RODC status\n"));
+		return WERR_DS_UNAVAILABLE;
+	}
+
+	bind_info28				= &service->bind_info28;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_BASE;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT;
+#if 0 /* we don't support XPRESS compression yet */
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS;
+#endif
+	/* TODO: fill in site_guid */
+	bind_info28->site_guid			= GUID_zero();
+	/* TODO: find out how this is really triggered! */
+	bind_info28->pid			= 0;
+	bind_info28->repl_epoch			= 0;
+
+	return WERR_OK;
+}
+
+
+/**
+ * Callback for dreplsrv_out_operation operation completion.
+ *
+ * We just need to complete a waiting IRPC message here.
+ * In case pull operation has failed,
+ * caller of this callback will dump
+ * failure information.
+ *
+ * NOTE: cb_data is allocated in IRPC msg's context
+ * and will be freed during irpc_send_reply() call.
+ */
+static void _drepl_replica_sync_done_cb(struct dreplsrv_service *service,
+					WERROR werr,
+					enum drsuapi_DsExtendedError ext_err,
+					void *cb_data)
+{
+	struct drepl_replica_sync_cb_data *data = talloc_get_type(cb_data,
+	                                                          struct drepl_replica_sync_cb_data);
+	struct irpc_message *msg = data->msg;
+	struct drsuapi_DsReplicaSync *r = data->r;
+
+	/* store last bad result */
+	if (!W_ERROR_IS_OK(werr)) {
+		data->werr_last_failure = werr;
+	}
+
+	/* decrement pending ops count */
+	data->ops_count--;
+
+	if (data->ops_count == 0) {
+		/* Return result to client */
+		r->out.result = data->werr_last_failure;
+
+		/* complete IRPC message */
+		irpc_send_reply(msg, NT_STATUS_OK);
+	}
+}
+
+/**
+ * Helper to schedule a replication operation with a source DSA.
+ * If 'data' is valid pointer, then a callback
+ * for the operation is passed and 'data->msg' is
+ * marked as 'deferred' - defer_reply = true
+ */
+static WERROR _drepl_schedule_replication(struct dreplsrv_service *service,
+					  struct dreplsrv_partition_source_dsa *dsa,
+					  struct drsuapi_DsReplicaObjectIdentifier *nc,
+					  uint32_t rep_options,
+					  struct drepl_replica_sync_cb_data *data,
+					  TALLOC_CTX *mem_ctx)
+{
+	WERROR werr;
+	dreplsrv_extended_callback_t fn_callback = NULL;
+
+	if (data) {
+		fn_callback = _drepl_replica_sync_done_cb;
+	}
+
+	/* schedule replication item */
+	werr = dreplsrv_schedule_partition_pull_source(service, dsa, rep_options,
+	                                               DRSUAPI_EXOP_NONE, 0,
+	                                               fn_callback, data);
+	if (!W_ERROR_IS_OK(werr)) {
+		DEBUG(0,("%s: failed setup of sync of partition (%s, %s, %s) - %s\n",
+			 __FUNCTION__,
+			 GUID_string(mem_ctx, &nc->guid),
+			 nc->dn,
+			 dsa->repsFrom1->other_info->dns_name,
+			 win_errstr(werr)));
+		return werr;
+	}
+	/* log we've scheduled a replication item */
+	DEBUG(3,("%s: forcing sync of partition (%s, %s, %s)\n",
+		 __FUNCTION__,
+		 GUID_string(mem_ctx, &nc->guid),
+		 nc->dn,
+		 dsa->repsFrom1->other_info->dns_name));
+
+	/* mark IRPC message as deferred if necessary */
+	if (data) {
+		data->ops_count++;
+		data->msg->defer_reply = true;
+	}
+
+	return WERR_OK;
+}
+
+/*
+  DsReplicaSync messages from the DRSUAPI server are forwarded here
+ */
+static NTSTATUS drepl_replica_sync(struct irpc_message *msg,
+				   struct drsuapi_DsReplicaSync *r)
+{
+	WERROR werr;
+	struct dreplsrv_partition *p;
+	struct drepl_replica_sync_cb_data *cb_data;
+	struct dreplsrv_partition_source_dsa *dsa;
+	struct drsuapi_DsReplicaSyncRequest1 *req1;
+	struct drsuapi_DsReplicaObjectIdentifier *nc;
+	struct dreplsrv_service *service = talloc_get_type(msg->private_data,
+							   struct dreplsrv_service);
+
+#define REPLICA_SYNC_FAIL(_msg, _werr) do {\
+		if (!W_ERROR_IS_OK(_werr)) { \
+			DEBUG(0,(__location__ ": Failure - %s. werr = %s\n", \
+				 _msg, win_errstr(_werr))); \
+			NDR_PRINT_IN_DEBUG(drsuapi_DsReplicaSync, r); \
+		} \
+		r->out.result = _werr; \
+		goto done;\
+	} while(0)
+
+
+	if (r->in.level != 1) {
+		REPLICA_SYNC_FAIL("Unsupported level",
+				  WERR_DS_DRA_INVALID_PARAMETER);
+	}
+
+	req1 = &r->in.req->req1;
+	nc   = req1->naming_context;
+
+	/* Check input parameters */
+	if (!nc) {
+		REPLICA_SYNC_FAIL("Invalid Naming Context",
+		                  WERR_DS_DRA_INVALID_PARAMETER);
+	}
+
+	/* Find Naming context to be synchronized */
+	werr = dreplsrv_partition_find_for_nc(service,
+	                                      &nc->guid, &nc->sid, nc->dn,
+	                                      &p);
+	if (!W_ERROR_IS_OK(werr)) {
+		REPLICA_SYNC_FAIL("Failed to find requested Naming Context",
+				  werr);
+	}
+
+	/* should we process it asynchronously? */
+	if (req1->options & DRSUAPI_DRS_ASYNC_OP) {
+		cb_data = NULL;
+	} else {
+		cb_data = talloc_zero(msg, struct drepl_replica_sync_cb_data);
+		if (!cb_data) {
+			REPLICA_SYNC_FAIL("Not enough memory",
+					  WERR_DS_DRA_INTERNAL_ERROR);
+		}
+
+		cb_data->msg = msg;
+		cb_data->r   = r;
+		cb_data->werr_last_failure = WERR_OK;
+	}
+
+	/* collect source DSAs to sync with */
+	if (req1->options & DRSUAPI_DRS_SYNC_ALL) {
+		for (dsa = p->sources; dsa; dsa = dsa->next) {
+			/* schedule replication item */
+			werr = _drepl_schedule_replication(service, dsa, nc,
+							   req1->options, cb_data, msg);
+			if (!W_ERROR_IS_OK(werr)) {
+				REPLICA_SYNC_FAIL("_drepl_schedule_replication() failed",
+				                  werr);
+			}
+		}
+	} else {
+		if (req1->options & DRSUAPI_DRS_SYNC_BYNAME) {
+			/* client should pass at least valid string */
+			if (!req1->source_dsa_dns) {
+				REPLICA_SYNC_FAIL("'source_dsa_dns' is not valid",
+				                  WERR_DS_DRA_INVALID_PARAMETER);
+			}
+
+			werr = dreplsrv_partition_source_dsa_by_dns(p,
+			                                            req1->source_dsa_dns,
+			                                            &dsa);
+		} else {
+			/* client should pass at least some GUID */
+			if (GUID_all_zero(&req1->source_dsa_guid)) {
+				REPLICA_SYNC_FAIL("'source_dsa_guid' is not valid",
+				                  WERR_DS_DRA_INVALID_PARAMETER);
+			}
+
+			werr = dreplsrv_partition_source_dsa_by_guid(p,
+			                                             &req1->source_dsa_guid,
+			                                             &dsa);
+			if (W_ERROR_EQUAL(werr, WERR_DS_DRA_NO_REPLICA)) {
+				/* we don't have this source setup as
+				   a replication partner. Create a
+				   temporary dsa structure for this
+				   replication */
+				werr = dreplsrv_partition_source_dsa_temporary(p,
+									       msg,
+									       &req1->source_dsa_guid,
+									       &dsa);
+			}
+		}
+		if (!W_ERROR_IS_OK(werr)) {
+			REPLICA_SYNC_FAIL("Failed to locate source DSA for given NC",
+					  werr);
+		}
+
+		/* schedule replication item */
+		werr = _drepl_schedule_replication(service, dsa, nc,
+						   req1->options, cb_data, msg);
+		if (!W_ERROR_IS_OK(werr)) {
+			REPLICA_SYNC_FAIL("_drepl_schedule_replication() failed",
+			                  werr);
+		}
+	}
+
+	/* if we got here, everything is OK */
+	r->out.result = WERR_OK;
+
+	/*
+	 * schedule replication event to force
+	 * replication as soon as possible
+	 */
+	dreplsrv_pendingops_schedule_pull_now(service);
+
+done:
+	return NT_STATUS_OK;
+}
+
+/**
+ * Called when drplsrv should refresh its state.
+ * For example, when KCC change topology, dreplsrv
+ * should update its cache
+ *
+ * @param partition_dn If not empty/NULL, partition to update
+ */
+static NTSTATUS dreplsrv_refresh(struct irpc_message *msg,
+				 struct dreplsrv_refresh *r)
+{
+	struct dreplsrv_service *s = talloc_get_type(msg->private_data,
+						     struct dreplsrv_service);
+
+	r->out.result = dreplsrv_refresh_partitions(s);
+
+	return NT_STATUS_OK;
+}
+
+/**
+ * Called when the auth code wants us to try and replicate
+ * a users secrets
+ */
+static NTSTATUS drepl_trigger_repl_secret(struct irpc_message *msg,
+					  struct drepl_trigger_repl_secret *r)
+{
+	struct dreplsrv_service *service = talloc_get_type(msg->private_data,
+							   struct dreplsrv_service);
+
+
+	drepl_repl_secret(service, r->in.user_dn);
+
+	/* we are not going to be sending a reply to this request */
+	msg->no_reply = true;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  DsReplicaAdd messages from the DRSUAPI server are forwarded here
+ */
+static NTSTATUS dreplsrv_replica_add(struct irpc_message *msg,
+				  struct drsuapi_DsReplicaAdd *r)
+{
+	struct dreplsrv_service *service = talloc_get_type(msg->private_data,
+							   struct dreplsrv_service);
+	return drepl_replica_add(service, r);
+}
+
+/*
+  DsReplicaDel messages from the DRSUAPI server are forwarded here
+ */
+static NTSTATUS dreplsrv_replica_del(struct irpc_message *msg,
+				  struct drsuapi_DsReplicaDel *r)
+{
+	struct dreplsrv_service *service = talloc_get_type(msg->private_data,
+							   struct dreplsrv_service);
+	return drepl_replica_del(service, r);
+}
+
+/*
+  DsReplicaMod messages from the DRSUAPI server are forwarded here
+ */
+static NTSTATUS dreplsrv_replica_mod(struct irpc_message *msg,
+				  struct drsuapi_DsReplicaMod *r)
+{
+	struct dreplsrv_service *service = talloc_get_type(msg->private_data,
+							   struct dreplsrv_service);
+	return drepl_replica_mod(service, r);
+}
+
+
+/*
+  startup the dsdb replicator service task
+*/
+static NTSTATUS dreplsrv_task_init(struct task_server *task)
+{
+	WERROR status;
+	struct dreplsrv_service *service;
+	uint32_t periodic_startup_interval;
+
+	switch (lpcfg_server_role(task->lp_ctx)) {
+	case ROLE_STANDALONE:
+		task_server_terminate(task, "dreplsrv: no DSDB replication required in standalone configuration",
+				      false);
+		return NT_STATUS_INVALID_DOMAIN_ROLE;
+	case ROLE_DOMAIN_MEMBER:
+		task_server_terminate(task, "dreplsrv: no DSDB replication required in domain member configuration",
+				      false);
+		return NT_STATUS_INVALID_DOMAIN_ROLE;
+	case ROLE_ACTIVE_DIRECTORY_DC:
+		/* Yes, we want DSDB replication */
+		break;
+	}
+
+	task_server_set_title(task, "task[dreplsrv]");
+
+	service = talloc_zero(task, struct dreplsrv_service);
+	if (!service) {
+		task_server_terminate(task, "dreplsrv_task_init: out of memory", true);
+		return NT_STATUS_NO_MEMORY;
+	}
+	service->task		= task;
+	service->startup_time	= timeval_current();
+	task->private_data	= service;
+
+	status = dreplsrv_init_creds(service);
+	if (!W_ERROR_IS_OK(status)) {
+		task_server_terminate(task, talloc_asprintf(task,
+				      "dreplsrv: Failed to obtain server credentials: %s\n",
+							    win_errstr(status)), true);
+		return werror_to_ntstatus(status);
+	}
+
+	status = dreplsrv_connect_samdb(service, task->lp_ctx);
+	if (!W_ERROR_IS_OK(status)) {
+		task_server_terminate(task, talloc_asprintf(task,
+				      "dreplsrv: Failed to connect to local samdb: %s\n",
+							    win_errstr(status)), true);
+		return werror_to_ntstatus(status);
+	}
+
+	status = dreplsrv_load_partitions(service);
+	if (!W_ERROR_IS_OK(status)) {
+		task_server_terminate(task, talloc_asprintf(task,
+				      "dreplsrv: Failed to load partitions: %s\n",
+							    win_errstr(status)), true);
+		return werror_to_ntstatus(status);
+	}
+
+	periodic_startup_interval	= lpcfg_parm_int(task->lp_ctx, NULL, "dreplsrv", "periodic_startup_interval", 15); /* in seconds */
+	service->periodic.interval	= lpcfg_parm_int(task->lp_ctx, NULL, "dreplsrv", "periodic_interval", 300); /* in seconds */
+
+	status = dreplsrv_periodic_schedule(service, periodic_startup_interval);
+	if (!W_ERROR_IS_OK(status)) {
+		task_server_terminate(task, talloc_asprintf(task,
+				      "dreplsrv: Failed to periodic schedule: %s\n",
+							    win_errstr(status)), true);
+		return werror_to_ntstatus(status);
+	}
+
+	service->pending.im = tevent_create_immediate(service);
+	if (service->pending.im == NULL) {
+		task_server_terminate(task,
+				      "dreplsrv: Failed to create immediate "
+				      "task for future DsReplicaSync\n",
+				      true);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* if we are a RODC then we do not send DSReplicaSync*/
+	if (!service->am_rodc) {
+		service->notify.interval = lpcfg_parm_int(task->lp_ctx, NULL, "dreplsrv",
+							   "notify_interval", 5); /* in seconds */
+		status = dreplsrv_notify_schedule(service, service->notify.interval);
+		if (!W_ERROR_IS_OK(status)) {
+			task_server_terminate(task, talloc_asprintf(task,
+						  "dreplsrv: Failed to setup notify schedule: %s\n",
+									win_errstr(status)), true);
+			return werror_to_ntstatus(status);
+		}
+	}
+
+	irpc_add_name(task->msg_ctx, "dreplsrv");
+
+	IRPC_REGISTER(task->msg_ctx, irpc, DREPLSRV_REFRESH, dreplsrv_refresh, service);
+	IRPC_REGISTER(task->msg_ctx, drsuapi, DRSUAPI_DSREPLICASYNC, drepl_replica_sync, service);
+	IRPC_REGISTER(task->msg_ctx, drsuapi, DRSUAPI_DSREPLICAADD, dreplsrv_replica_add, service);
+	IRPC_REGISTER(task->msg_ctx, drsuapi, DRSUAPI_DSREPLICADEL, dreplsrv_replica_del, service);
+	IRPC_REGISTER(task->msg_ctx, drsuapi, DRSUAPI_DSREPLICAMOD, dreplsrv_replica_mod, service);
+	IRPC_REGISTER(task->msg_ctx, irpc, DREPL_TAKEFSMOROLE, drepl_take_FSMO_role, service);
+	IRPC_REGISTER(task->msg_ctx, irpc, DREPL_TRIGGER_REPL_SECRET, drepl_trigger_repl_secret, service);
+	imessaging_register(task->msg_ctx, service, MSG_DREPL_ALLOCATE_RID, dreplsrv_allocate_rid);
+
+	return NT_STATUS_OK;
+}
+
+/*
+  register ourselves as a available server
+*/
+NTSTATUS server_service_drepl_init(TALLOC_CTX *ctx)
+{
+	static const struct service_details details = {
+		.inhibit_fork_on_accept = true,
+		.inhibit_pre_fork = true,
+		.task_init = dreplsrv_task_init,
+		.post_fork = NULL,
+	};
+	return register_server_service(ctx, "drepl", &details);
+}
diff --git a/source4/dsdb/repl/drepl_service.h b/source4/dsdb/repl/drepl_service.h
new file mode 100644
index 0000000..4451df9
--- /dev/null
+++ b/source4/dsdb/repl/drepl_service.h
@@ -0,0 +1,251 @@
+/* 
+   Unix SMB/CIFS Implementation.
+   DSDB replication service
+   
+   Copyright (C) Stefan Metzmacher 2007
+    
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+   
+*/
+
+#ifndef _DSDB_REPL_DREPL_SERVICE_H_
+#define _DSDB_REPL_DREPL_SERVICE_H_
+
+#include "librpc/gen_ndr/ndr_drsuapi_c.h"
+
+struct dreplsrv_service;
+struct dreplsrv_partition;
+
+struct dreplsrv_drsuapi_connection {
+	/*
+	 * this pipe pointer is also the indicator
+	 * for a valid connection
+	 */
+	struct dcerpc_pipe *pipe;
+	struct dcerpc_binding_handle *drsuapi_handle;
+
+	DATA_BLOB gensec_skey;
+	struct drsuapi_DsBindInfo28 remote_info28;
+	struct policy_handle bind_handle;
+};
+
+struct dreplsrv_out_connection {
+	struct dreplsrv_out_connection *prev, *next;
+
+	struct dreplsrv_service *service;
+
+	/*
+	 * the binding for the outgoing connection
+	 */
+	struct dcerpc_binding *binding;
+
+	/* the out going connection to the source dsa */
+	struct dreplsrv_drsuapi_connection *drsuapi;
+};
+
+struct dreplsrv_partition_source_dsa {
+	struct dreplsrv_partition_source_dsa *prev, *next;
+
+	struct dreplsrv_partition *partition;
+
+	/*
+	 * the cached repsFrom value for this source dsa
+	 *
+	 * it needs to be updated after each DsGetNCChanges() call
+	 * to the source dsa
+	 *
+	 * repsFrom1 == &_repsFromBlob.ctr.ctr1
+	 */
+	struct repsFromToBlob _repsFromBlob;
+	struct repsFromTo1 *repsFrom1;
+
+	/* the last uSN when we sent a notify */
+	uint64_t notify_uSN;
+	
+	/* the reference to the source_dsa and its outgoing connection */
+	struct dreplsrv_out_connection *conn;
+};
+
+struct dreplsrv_partition {
+	struct dreplsrv_partition *prev, *next;
+
+	struct dreplsrv_service *service;
+
+	/* the dn of the partition */
+	struct ldb_dn *dn;
+	struct drsuapi_DsReplicaObjectIdentifier nc;
+
+	/* 
+	 * up-to-date vector needs to be updated before and after each DsGetNCChanges() call
+	 *
+	 * - before: we need to use our own invocationId together with our highestCommittedUSN
+	 * - after: we need to merge in the remote uptodatevector, to avoid reading it again
+	 */
+	struct replUpToDateVectorCtr2 uptodatevector;
+	struct drsuapi_DsReplicaCursorCtrEx uptodatevector_ex;
+
+	/*
+	 * a linked list of all source dsa's we replicate from
+	 */
+	struct dreplsrv_partition_source_dsa *sources;
+
+	/*
+	 * a linked list of all source dsa's we will notify,
+	 * that are not also in sources
+	 */
+	struct dreplsrv_partition_source_dsa *notifies;
+
+	bool partial_replica;
+	bool rodc_replica;
+};
+
+typedef void (*dreplsrv_extended_callback_t)(struct dreplsrv_service *,
+					     WERROR,
+					     enum drsuapi_DsExtendedError,
+					     void *cb_data);
+
+struct dreplsrv_out_operation {
+	struct dreplsrv_out_operation *prev, *next;
+	time_t schedule_time;
+
+	struct dreplsrv_service *service;
+
+	struct dreplsrv_partition_source_dsa *source_dsa;
+
+	/* replication options - currently used by DsReplicaSync */
+	uint32_t options;
+	enum drsuapi_DsExtendedOperation extended_op;
+	uint64_t fsmo_info;
+	enum drsuapi_DsExtendedError extended_ret;
+	dreplsrv_extended_callback_t callback;
+	void *cb_data;
+	/* more replication flags - used by DsReplicaSync GET_TGT */
+	uint32_t more_flags;
+};
+
+struct dreplsrv_notify_operation {
+	struct dreplsrv_notify_operation *prev, *next;
+	time_t schedule_time;
+
+	struct dreplsrv_service *service;
+	uint64_t uSN;
+
+	struct dreplsrv_partition_source_dsa *source_dsa;
+	bool is_urgent;
+	uint32_t replica_flags;
+};
+
+struct dreplsrv_service {
+	/* the whole drepl service is in one task */
+	struct task_server *task;
+
+	/* the time the service was started */
+	struct timeval startup_time;
+
+	/* 
+	 * system session info
+	 * with machine account credentials
+	 */
+	struct auth_session_info *system_session_info;
+
+	/*
+	 * a connection to the local samdb
+	 */
+	struct ldb_context *samdb;
+
+	/* the guid of our NTDS Settings object, which never changes! */
+	struct GUID ntds_guid;
+	/*
+	 * the struct holds the values used for outgoing DsBind() calls,
+	 * so that we need to set them up only once
+	 */
+	struct drsuapi_DsBindInfo28 bind_info28;
+
+	/* some stuff for periodic processing */
+	struct {
+		/*
+		 * the interval between to periodic runs
+		 */
+		uint32_t interval;
+
+		/*
+		 * the timestamp for the next event,
+		 * this is the timestamp passed to event_add_timed()
+		 */
+		struct timeval next_event;
+
+		/* here we have a reference to the timed event the schedules the periodic stuff */
+		struct tevent_timer *te;
+	} periodic;
+
+	/* some stuff for running only the incoming notify ops */
+	struct {
+		/* 
+		 * here we have a reference to the immediate event that was
+		 * scheduled from the DsReplicaSync
+		 */
+		struct tevent_immediate *im;
+	} pending;
+
+	/* some stuff for notify processing */
+	struct {
+		/*
+		 * the interval between notify runs
+		 */
+		uint32_t interval;
+
+		/*
+		 * the timestamp for the next event,
+		 * this is the timestamp passed to event_add_timed()
+		 */
+		struct timeval next_event;
+
+		/* here we have a reference to the timed event the schedules the notifies */
+		struct tevent_timer *te;
+	} notify;
+
+	/*
+	 * the list of partitions we need to replicate
+	 */
+	struct dreplsrv_partition *partitions;
+
+	/*
+	 * the list of cached connections
+	 */
+	struct dreplsrv_out_connection *connections;
+
+	struct {	
+		/* the pointer to the current active operation */
+		struct dreplsrv_out_operation *current;
+
+		/* the list of pending operations */
+		struct dreplsrv_out_operation *pending;
+
+		/* the list of pending notify operations */
+		struct dreplsrv_notify_operation *notifies;
+
+		/* an active notify operation */
+		struct dreplsrv_notify_operation *n_current;
+	} ops;
+
+	bool rid_alloc_in_progress;
+
+	bool am_rodc;
+};
+
+#include "lib/messaging/irpc.h"
+#include "dsdb/repl/drepl_out_helpers.h"
+#include "dsdb/repl/drepl_service_proto.h"
+
+#endif /* _DSDB_REPL_DREPL_SERVICE_H_ */
diff --git a/source4/dsdb/repl/replicated_objects.c b/source4/dsdb/repl/replicated_objects.c
new file mode 100644
index 0000000..01adae2
--- /dev/null
+++ b/source4/dsdb/repl/replicated_objects.c
@@ -0,0 +1,1283 @@
+/* 
+   Unix SMB/CIFS Implementation.
+   Helper functions for applying replicated objects
+   
+   Copyright (C) Stefan Metzmacher <metze@samba.org> 2007
+    
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+   
+*/
+
+#include "includes.h"
+#include "dsdb/samdb/samdb.h"
+#include <ldb_errors.h>
+#include "../lib/util/dlinklist.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "../libcli/drsuapi/drsuapi.h"
+#include "libcli/auth/libcli_auth.h"
+#include "param/param.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS            DBGC_DRS_REPL
+
+static WERROR dsdb_repl_merge_working_schema(struct ldb_context *ldb,
+					     struct dsdb_schema *dest_schema,
+					     const struct dsdb_schema *ref_schema)
+{
+	const struct dsdb_class *cur_class = NULL;
+	const struct dsdb_attribute *cur_attr = NULL;
+	int ret;
+
+	for (cur_class = ref_schema->classes;
+	     cur_class;
+	     cur_class = cur_class->next)
+	{
+		const struct dsdb_class *tmp1;
+		struct dsdb_class *tmp2;
+
+		tmp1 = dsdb_class_by_governsID_id(dest_schema,
+						  cur_class->governsID_id);
+		if (tmp1 != NULL) {
+			continue;
+		}
+
+		/*
+		 * Do a shallow copy so that original next and prev are
+		 * not modified, we don't need to do a deep copy
+		 * as the rest won't be modified and this is for
+		 * a short lived object.
+		 */
+		tmp2 = talloc(dest_schema, struct dsdb_class);
+		if (tmp2 == NULL) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+		*tmp2 = *cur_class;
+		DLIST_ADD(dest_schema->classes, tmp2);
+	}
+
+	for (cur_attr = ref_schema->attributes;
+	     cur_attr;
+	     cur_attr = cur_attr->next)
+	{
+		const struct dsdb_attribute *tmp1;
+		struct dsdb_attribute *tmp2;
+
+		tmp1 = dsdb_attribute_by_attributeID_id(dest_schema,
+						cur_attr->attributeID_id);
+		if (tmp1 != NULL) {
+			continue;
+		}
+
+		/*
+		 * Do a shallow copy so that original next and prev are
+		 * not modified, we don't need to do a deep copy
+		 * as the rest won't be modified and this is for
+		 * a short lived object.
+		 */
+		tmp2 = talloc(dest_schema, struct dsdb_attribute);
+		if (tmp2 == NULL) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+		*tmp2 = *cur_attr;
+		DLIST_ADD(dest_schema->attributes, tmp2);
+	}
+
+	ret = dsdb_setup_sorted_accessors(ldb, dest_schema);
+	if (LDB_SUCCESS != ret) {
+		DEBUG(0,("Failed to add new attribute to reference schema!\n"));
+		return WERR_INTERNAL_ERROR;
+	}
+
+	return WERR_OK;
+}
+
+WERROR dsdb_repl_resolve_working_schema(struct ldb_context *ldb,
+					struct dsdb_schema_prefixmap *pfm_remote,
+					uint32_t cycle_before_switching,
+					struct dsdb_schema *initial_schema,
+					struct dsdb_schema *resulting_schema,
+					uint32_t object_count,
+					const struct drsuapi_DsReplicaObjectListItemEx *first_object)
+{
+	struct schema_list {
+		struct schema_list *next, *prev;
+		const struct drsuapi_DsReplicaObjectListItemEx *obj;
+	};
+	struct schema_list *schema_list = NULL, *schema_list_item, *schema_list_next_item;
+	WERROR werr;
+	struct dsdb_schema *working_schema;
+	const struct drsuapi_DsReplicaObjectListItemEx *cur;
+	DATA_BLOB empty_key = data_blob_null;
+	int ret, pass_no;
+	uint32_t ignore_attids[] = {
+			DRSUAPI_ATTID_auxiliaryClass,
+			DRSUAPI_ATTID_mayContain,
+			DRSUAPI_ATTID_mustContain,
+			DRSUAPI_ATTID_possSuperiors,
+			DRSUAPI_ATTID_systemPossSuperiors,
+			DRSUAPI_ATTID_INVALID
+	};
+	TALLOC_CTX *frame = talloc_stackframe();
+
+	/* create a list of objects yet to be converted */
+	for (cur = first_object; cur; cur = cur->next_object) {
+		schema_list_item = talloc(frame, struct schema_list);
+		if (schema_list_item == NULL) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+
+		schema_list_item->obj = cur;
+		DLIST_ADD_END(schema_list, schema_list_item);
+	}
+
+	/* resolve objects until all are resolved and in local schema */
+	pass_no = 1;
+	working_schema = initial_schema;
+
+	while (schema_list) {
+		uint32_t converted_obj_count = 0;
+		uint32_t failed_obj_count = 0;
+
+		if (resulting_schema != working_schema) {
+			/*
+			 * If the selfmade schema is not the schema used to
+			 * translate and validate replicated object,
+			 * Which means that we are using the bootstrap schema
+			 * Then we add attributes and classes that were already
+			 * translated to the working schema, the idea is that
+			 * we might need to add new attributes and classes
+			 * to be able to translate critical replicated objects
+			 * and without that we wouldn't be able to translate them
+			 */
+			werr = dsdb_repl_merge_working_schema(ldb,
+							working_schema,
+							resulting_schema);
+			if (!W_ERROR_IS_OK(werr)) {
+				talloc_free(frame);
+				return werr;
+			}
+		}
+
+		for (schema_list_item = schema_list;
+		     schema_list_item;
+		     schema_list_item=schema_list_next_item) {
+			struct dsdb_extended_replicated_object object;
+
+			cur = schema_list_item->obj;
+
+			/*
+			 * Save the next item, now we have saved out
+			 * the current one, so we can DLIST_REMOVE it
+			 * safely
+			 */
+			schema_list_next_item = schema_list_item->next;
+
+			/*
+			 * Convert the objects into LDB messages using the
+			 * schema we have so far. It's ok if we fail to convert
+			 * an object. We should convert more objects on next pass.
+			 */
+			werr = dsdb_convert_object_ex(ldb, working_schema,
+						      NULL,
+						      pfm_remote,
+						      cur, &empty_key,
+						      ignore_attids,
+						      0,
+						      schema_list_item, &object);
+			if (!W_ERROR_IS_OK(werr)) {
+				DEBUG(4,("debug: Failed to convert schema "
+					 "object %s into ldb msg, "
+					 "will try during next loop\n",
+					 cur->object.identifier->dn));
+
+				failed_obj_count++;
+			} else {
+				/*
+				 * Convert the schema from ldb_message format
+				 * (OIDs as OID strings) into schema, using
+				 * the remote prefixMap
+				 *
+				 * It's not likely, but possible to get the
+				 * same object twice and we should keep
+				 * the last instance.
+				 */
+				werr = dsdb_schema_set_el_from_ldb_msg_dups(ldb,
+								resulting_schema,
+								object.msg,
+								true);
+				if (!W_ERROR_IS_OK(werr)) {
+					DEBUG(4,("debug: failed to convert "
+						 "object %s into a schema element, "
+						 "will try during next loop: %s\n",
+						 ldb_dn_get_linearized(object.msg->dn),
+						 win_errstr(werr)));
+					failed_obj_count++;
+				} else {
+					DEBUG(8,("Converted object %s into a schema element\n",
+						 ldb_dn_get_linearized(object.msg->dn)));
+					DLIST_REMOVE(schema_list, schema_list_item);
+					TALLOC_FREE(schema_list_item);
+					converted_obj_count++;
+				}
+			}
+		}
+
+		DEBUG(4,("Schema load pass %d: converted %d, %d of %d objects left to be converted.\n",
+			 pass_no, converted_obj_count, failed_obj_count, object_count));
+
+		/* check if we converted any objects in this pass */
+		if (converted_obj_count == 0) {
+			DEBUG(0,("Can't continue Schema load: "
+				 "didn't manage to convert any objects: "
+				 "all %d remaining of %d objects "
+				 "failed to convert\n",
+				 failed_obj_count, object_count));
+			talloc_free(frame);
+			return WERR_INTERNAL_ERROR;
+		}
+
+		/*
+		 * Don't try to load the schema if there is missing object
+		 * _and_ we are on the first pass as some critical objects
+		 * might be missing.
+		 */
+		if (failed_obj_count == 0 || pass_no > cycle_before_switching) {
+			/* prepare for another cycle */
+			working_schema = resulting_schema;
+
+			ret = dsdb_setup_sorted_accessors(ldb, working_schema);
+			if (LDB_SUCCESS != ret) {
+				DEBUG(0,("Failed to create schema-cache indexes!\n"));
+				talloc_free(frame);
+				return WERR_INTERNAL_ERROR;
+			}
+		}
+		pass_no++;
+	}
+
+	talloc_free(frame);
+	return WERR_OK;
+}
+
+/**
+ * Multi-pass working schema creation
+ * Function will:
+ *  - shallow copy initial schema supplied
+ *  - create a working schema in multiple passes
+ *    until all objects are resolved
+ * Working schema is a schema with Attributes, Classes
+ * and indexes, but w/o subClassOf, possibleSupperiors etc.
+ * It is to be used just us cache for converting attribute values.
+ */
+WERROR dsdb_repl_make_working_schema(struct ldb_context *ldb,
+				     const struct dsdb_schema *initial_schema,
+				     const struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr,
+				     uint32_t object_count,
+				     const struct drsuapi_DsReplicaObjectListItemEx *first_object,
+				     const DATA_BLOB *gensec_skey,
+				     TALLOC_CTX *mem_ctx,
+				     struct dsdb_schema **_schema_out)
+{
+	WERROR werr;
+	struct dsdb_schema_prefixmap *pfm_remote;
+	uint32_t r;
+	struct dsdb_schema *working_schema;
+
+	/* make a copy of the iniatial_scheam so we don't mess with it */
+	working_schema = dsdb_schema_copy_shallow(mem_ctx, ldb, initial_schema);
+	if (!working_schema) {
+		DEBUG(0,(__location__ ": schema copy failed!\n"));
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+	working_schema->resolving_in_progress = true;
+
+	/* we are going to need remote prefixMap for decoding */
+	werr = dsdb_schema_pfm_from_drsuapi_pfm(mapping_ctr, true,
+						working_schema, &pfm_remote, NULL);
+	if (!W_ERROR_IS_OK(werr)) {
+		DEBUG(0,(__location__ ": Failed to decode remote prefixMap: %s\n",
+			 win_errstr(werr)));
+		talloc_free(working_schema);
+		return werr;
+	}
+
+	for (r=0; r < pfm_remote->length; r++) {
+		const struct dsdb_schema_prefixmap_oid *rm = &pfm_remote->prefixes[r];
+		bool found_oid = false;
+		uint32_t l;
+
+		for (l=0; l < working_schema->prefixmap->length; l++) {
+			const struct dsdb_schema_prefixmap_oid *lm = &working_schema->prefixmap->prefixes[l];
+			int cmp;
+
+			cmp = data_blob_cmp(&rm->bin_oid, &lm->bin_oid);
+			if (cmp == 0) {
+				found_oid = true;
+				break;
+			}
+		}
+
+		if (found_oid) {
+			continue;
+		}
+
+		/*
+		 * We prefer the same is as we got from the remote peer
+		 * if there's no conflict.
+		 */
+		werr = dsdb_schema_pfm_add_entry(working_schema->prefixmap,
+						 rm->bin_oid, &rm->id, NULL);
+		if (!W_ERROR_IS_OK(werr)) {
+			DEBUG(0,(__location__ ": Failed to merge remote prefixMap: %s\n",
+				 win_errstr(werr)));
+			talloc_free(working_schema);
+			return werr;
+		}
+	}
+
+	werr = dsdb_repl_resolve_working_schema(ldb,
+						pfm_remote,
+						0, /* cycle_before_switching */
+						working_schema,
+						working_schema,
+						object_count,
+						first_object);
+	if (!W_ERROR_IS_OK(werr)) {
+		DEBUG(0, ("%s: dsdb_repl_resolve_working_schema() failed: %s\n",
+			  __location__, win_errstr(werr)));
+		talloc_free(working_schema);
+		return werr;
+	}
+
+	working_schema->resolving_in_progress = false;
+
+	*_schema_out = working_schema;
+
+	return WERR_OK;
+}
+
+static bool dsdb_attid_in_list(const uint32_t attid_list[], uint32_t attid)
+{
+	const uint32_t *cur;
+	if (!attid_list) {
+		return false;
+	}
+	for (cur = attid_list; *cur != DRSUAPI_ATTID_INVALID; cur++) {
+		if (*cur == attid) {
+			return true;
+		}
+	}
+	return false;
+}
+
+WERROR dsdb_convert_object_ex(struct ldb_context *ldb,
+			      const struct dsdb_schema *schema,
+			      struct ldb_dn *partition_dn,
+			      const struct dsdb_schema_prefixmap *pfm_remote,
+			      const struct drsuapi_DsReplicaObjectListItemEx *in,
+			      const DATA_BLOB *gensec_skey,
+			      const uint32_t *ignore_attids,
+			      uint32_t dsdb_repl_flags,
+			      TALLOC_CTX *mem_ctx,
+			      struct dsdb_extended_replicated_object *out)
+{
+	WERROR status = WERR_OK;
+	uint32_t i;
+	struct ldb_message *msg;
+	struct replPropertyMetaDataBlob *md;
+	int instanceType;
+	struct ldb_message_element *instanceType_e = NULL;
+	NTTIME whenChanged = 0;
+	time_t whenChanged_t;
+	const char *whenChanged_s;
+	struct dom_sid *sid = NULL;
+	uint32_t rid = 0;
+	uint32_t attr_count;
+
+	if (!in->object.identifier) {
+		return WERR_FOOBAR;
+	}
+
+	if (!in->object.identifier->dn || !in->object.identifier->dn[0]) {
+		return WERR_FOOBAR;
+	}
+
+	if (in->object.attribute_ctr.num_attributes != 0 && !in->meta_data_ctr) {
+		return WERR_FOOBAR;
+	}
+
+	if (in->object.attribute_ctr.num_attributes != in->meta_data_ctr->count) {
+		return WERR_FOOBAR;
+	}
+
+	sid = &in->object.identifier->sid;
+	if (sid->num_auths > 0) {
+		rid = sid->sub_auths[sid->num_auths - 1];
+	}
+
+	msg = ldb_msg_new(mem_ctx);
+	W_ERROR_HAVE_NO_MEMORY(msg);
+
+	msg->dn			= ldb_dn_new(msg, ldb, in->object.identifier->dn);
+	W_ERROR_HAVE_NO_MEMORY(msg->dn);
+
+	msg->num_elements	= in->object.attribute_ctr.num_attributes;
+	msg->elements		= talloc_array(msg, struct ldb_message_element,
+					       msg->num_elements);
+	W_ERROR_HAVE_NO_MEMORY(msg->elements);
+
+	md = talloc(mem_ctx, struct replPropertyMetaDataBlob);
+	W_ERROR_HAVE_NO_MEMORY(md);
+
+	md->version		= 1;
+	md->reserved		= 0;
+	md->ctr.ctr1.count	= in->meta_data_ctr->count;
+	md->ctr.ctr1.reserved	= 0;
+	md->ctr.ctr1.array	= talloc_array(mem_ctx,
+					       struct replPropertyMetaData1,
+					       md->ctr.ctr1.count);
+	W_ERROR_HAVE_NO_MEMORY(md->ctr.ctr1.array);
+
+	for (i=0, attr_count=0; i < in->meta_data_ctr->count; i++, attr_count++) {
+		struct drsuapi_DsReplicaAttribute *a;
+		struct drsuapi_DsReplicaMetaData *d;
+		struct replPropertyMetaData1 *m;
+		struct ldb_message_element *e;
+		uint32_t j;
+
+		a = &in->object.attribute_ctr.attributes[i];
+		d = &in->meta_data_ctr->meta_data[i];
+		m = &md->ctr.ctr1.array[attr_count];
+		e = &msg->elements[attr_count];
+
+		if (dsdb_attid_in_list(ignore_attids, a->attid)) {
+			attr_count--;
+			continue;
+		}
+
+		if (GUID_all_zero(&d->originating_invocation_id)) {
+			status = WERR_DS_SRC_GUID_MISMATCH;
+			DEBUG(0, ("Refusing replication of object containing invalid zero invocationID on attribute %d of %s: %s\n",
+				  a->attid,
+				  ldb_dn_get_linearized(msg->dn),
+				  win_errstr(status)));
+			return status;
+		}
+
+		if (a->attid == DRSUAPI_ATTID_instanceType) {
+			if (instanceType_e != NULL) {
+				return WERR_FOOBAR;
+			}
+			instanceType_e = e;
+		}
+
+		for (j=0; j<a->value_ctr.num_values; j++) {
+			status = drsuapi_decrypt_attribute(a->value_ctr.values[j].blob,
+							   gensec_skey, rid,
+							   dsdb_repl_flags, a);
+			if (!W_ERROR_IS_OK(status)) {
+				break;
+			}
+		}
+		if (W_ERROR_EQUAL(status, WERR_TOO_MANY_SECRETS)) {
+			WERROR get_name_status = dsdb_attribute_drsuapi_to_ldb(ldb, schema, pfm_remote,
+									       a, msg->elements, e, NULL);
+			if (W_ERROR_IS_OK(get_name_status)) {
+				DEBUG(0, ("Unxpectedly got secret value %s on %s from DRS server\n",
+					  e->name, ldb_dn_get_linearized(msg->dn)));
+			} else {
+				DEBUG(0, ("Unxpectedly got secret value on %s from DRS server\n",
+					  ldb_dn_get_linearized(msg->dn)));
+			}
+		} else if (!W_ERROR_IS_OK(status)) {
+			return status;
+		}
+
+		/*
+		 * This function also fills in the local attid value,
+		 * based on comparing the remote and local prefixMap
+		 * tables.  If we don't convert the value, then we can
+		 * have invalid values in the replPropertyMetaData we
+		 * store on disk, as the prefixMap is per host, not
+		 * per-domain.  This may be why Microsoft added the
+		 * msDS-IntID feature, however this is not used for
+		 * extra attributes in the schema partition itself.
+		 */
+		status = dsdb_attribute_drsuapi_to_ldb(ldb, schema, pfm_remote,
+						       a, msg->elements, e,
+						       &m->attid);
+		W_ERROR_NOT_OK_RETURN(status);
+
+		m->version			= d->version;
+		m->originating_change_time	= d->originating_change_time;
+		m->originating_invocation_id	= d->originating_invocation_id;
+		m->originating_usn		= d->originating_usn;
+		m->local_usn			= 0;
+
+		if (a->attid == DRSUAPI_ATTID_name) {
+			const struct ldb_val *rdn_val = ldb_dn_get_rdn_val(msg->dn);
+			if (rdn_val == NULL) {
+				DEBUG(0, ("Unxpectedly unable to get RDN from %s for validation\n",
+					  ldb_dn_get_linearized(msg->dn)));
+				return WERR_FOOBAR;
+			}
+			if (e->num_values != 1) {
+				DEBUG(0, ("Unxpectedly got wrong number of attribute values (got %u, expected 1) when checking RDN against name of %s\n",
+					  e->num_values,
+					  ldb_dn_get_linearized(msg->dn)));
+				return WERR_FOOBAR;
+			}
+			if (data_blob_cmp(rdn_val,
+					  &e->values[0]) != 0) {
+				DEBUG(0, ("Unxpectedly got mismatching RDN values when checking RDN against name of %s\n",
+					  ldb_dn_get_linearized(msg->dn)));
+				return WERR_FOOBAR;
+			}
+		}
+		if (d->originating_change_time > whenChanged) {
+			whenChanged = d->originating_change_time;
+		}
+
+	}
+
+	msg->num_elements = attr_count;
+	md->ctr.ctr1.count = attr_count;
+
+	if (instanceType_e == NULL) {
+		return WERR_FOOBAR;
+	}
+
+	instanceType = ldb_msg_find_attr_as_int(msg, "instanceType", 0);
+
+	if ((instanceType & INSTANCE_TYPE_IS_NC_HEAD)
+	    && partition_dn != NULL) {
+		int partition_dn_cmp = ldb_dn_compare(partition_dn, msg->dn);
+		if (partition_dn_cmp != 0) {
+			DEBUG(4, ("Remote server advised us of a new partition %s while processing %s, ignoring\n",
+				  ldb_dn_get_linearized(msg->dn),
+				  ldb_dn_get_linearized(partition_dn)));
+			return WERR_DS_ADD_REPLICA_INHIBITED;
+		}
+	}
+
+	if (dsdb_repl_flags & DSDB_REPL_FLAG_PARTIAL_REPLICA) {
+		/* the instanceType type for partial_replica
+		   replication is sent via DRS with TYPE_WRITE set, but
+		   must be used on the client with TYPE_WRITE removed
+		*/
+		if (instanceType & INSTANCE_TYPE_WRITE) {
+			/*
+			 * Make sure we do not change the order
+			 * of msg->elements!
+			 *
+			 * That's why we use
+			 * instanceType_e->num_values = 0
+			 * instead of
+			 * ldb_msg_remove_attr(msg, "instanceType");
+			 */
+			struct ldb_message_element *e;
+
+			e = ldb_msg_find_element(msg, "instanceType");
+			if (e != instanceType_e) {
+				DEBUG(0,("instanceType_e[%p] changed to e[%p]\n",
+					 instanceType_e, e));
+				return WERR_FOOBAR;
+			}
+
+			instanceType_e->num_values = 0;
+
+			instanceType &= ~INSTANCE_TYPE_WRITE;
+			if (ldb_msg_add_fmt(msg, "instanceType", "%d", instanceType) != LDB_SUCCESS) {
+				return WERR_INTERNAL_ERROR;
+			}
+		}
+	} else {
+		if (!(instanceType & INSTANCE_TYPE_WRITE)) {
+			DBG_ERR("Refusing to replicate %s from a read-only "
+				"replica into a read-write replica!\n",
+				ldb_dn_get_linearized(msg->dn));
+			return WERR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA;
+		}
+	}
+
+	whenChanged_t = nt_time_to_unix(whenChanged);
+	whenChanged_s = ldb_timestring(msg, whenChanged_t);
+	W_ERROR_HAVE_NO_MEMORY(whenChanged_s);
+
+	out->object_guid = in->object.identifier->guid;
+
+	if (in->parent_object_guid == NULL) {
+		out->parent_guid = NULL;
+	} else {
+		out->parent_guid = talloc(mem_ctx, struct GUID);
+		W_ERROR_HAVE_NO_MEMORY(out->parent_guid);
+		*out->parent_guid = *in->parent_object_guid;
+	}
+
+	out->msg		= msg;
+	out->when_changed	= whenChanged_s;
+	out->meta_data		= md;
+	return WERR_OK;
+}
+
+WERROR dsdb_replicated_objects_convert(struct ldb_context *ldb,
+				       const struct dsdb_schema *schema,
+				       struct ldb_dn *partition_dn,
+				       const struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr,
+				       uint32_t object_count,
+				       const struct drsuapi_DsReplicaObjectListItemEx *first_object,
+				       uint32_t linked_attributes_count,
+				       const struct drsuapi_DsReplicaLinkedAttribute *linked_attributes,
+				       const struct repsFromTo1 *source_dsa,
+				       const struct drsuapi_DsReplicaCursor2CtrEx *uptodateness_vector,
+				       const DATA_BLOB *gensec_skey,
+				       uint32_t dsdb_repl_flags,
+				       TALLOC_CTX *mem_ctx,
+				       struct dsdb_extended_replicated_objects **objects)
+{
+	WERROR status;
+	struct dsdb_schema_prefixmap *pfm_remote;
+	struct dsdb_extended_replicated_objects *out;
+	const struct drsuapi_DsReplicaObjectListItemEx *cur;
+	struct dsdb_syntax_ctx syntax_ctx;
+	uint32_t i;
+
+	out = talloc_zero(mem_ctx, struct dsdb_extended_replicated_objects);
+	W_ERROR_HAVE_NO_MEMORY(out);
+	out->version		= DSDB_EXTENDED_REPLICATED_OBJECTS_VERSION;
+	out->dsdb_repl_flags    = dsdb_repl_flags;
+
+	/*
+	 * Ensure schema is kept valid for as long as 'out'
+	 * which may contain pointers to it
+	 */
+	schema = talloc_reference(out, schema);
+	W_ERROR_HAVE_NO_MEMORY(schema);
+
+	status = dsdb_schema_pfm_from_drsuapi_pfm(mapping_ctr, true,
+						  out, &pfm_remote, NULL);
+	if (!W_ERROR_IS_OK(status)) {
+		DEBUG(0,(__location__ ": Failed to decode remote prefixMap: %s\n",
+			 win_errstr(status)));
+		talloc_free(out);
+		return status;
+	}
+
+	/* use default syntax conversion context */
+	dsdb_syntax_ctx_init(&syntax_ctx, ldb, schema);
+	syntax_ctx.pfm_remote = pfm_remote;
+
+	if (ldb_dn_compare(partition_dn, ldb_get_schema_basedn(ldb)) != 0) {
+		/*
+		 * check for schema changes in case
+		 * we are not replicating Schema NC
+		 */
+		status = dsdb_schema_info_cmp(schema, mapping_ctr);
+		if (!W_ERROR_IS_OK(status)) {
+			DEBUG(4,("Can't replicate %s because remote schema has changed since we last replicated the schema\n",
+				 ldb_dn_get_linearized(partition_dn)));
+			talloc_free(out);
+			return status;
+		}
+	}
+
+	out->partition_dn	= partition_dn;
+
+	out->source_dsa		= source_dsa;
+	out->uptodateness_vector= uptodateness_vector;
+
+	out->num_objects	= 0;
+	out->objects		= talloc_array(out,
+					       struct dsdb_extended_replicated_object,
+					       object_count);
+	W_ERROR_HAVE_NO_MEMORY_AND_FREE(out->objects, out);
+
+	for (i=0, cur = first_object; cur; cur = cur->next_object, i++) {
+		if (i == object_count) {
+			talloc_free(out);
+			return WERR_FOOBAR;
+		}
+
+		status = dsdb_convert_object_ex(ldb, schema, out->partition_dn,
+						pfm_remote,
+						cur, gensec_skey,
+						NULL,
+						dsdb_repl_flags,
+						out->objects,
+						&out->objects[out->num_objects]);
+
+		/*
+		 * Check to see if we have been advised of a
+		 * subdomain or new application partition.  We don't
+		 * want to start on that here, instead the caller
+		 * should consider if it would like to replicate it
+		 * based on the cross-ref object.
+		 */
+		if (W_ERROR_EQUAL(status, WERR_DS_ADD_REPLICA_INHIBITED)) {
+			struct GUID_txt_buf guid_str;
+			DBG_ERR("Ignoring object outside partition %s %s: %s\n",
+				GUID_buf_string(&cur->object.identifier->guid,
+						&guid_str),
+				cur->object.identifier->dn,
+				win_errstr(status));
+			continue;
+		}
+
+		if (!W_ERROR_IS_OK(status)) {
+			talloc_free(out);
+			DEBUG(0,("Failed to convert object %s: %s\n",
+				 cur->object.identifier->dn,
+				 win_errstr(status)));
+			return status;
+		}
+
+		/* Assuming we didn't skip or error, increment the number of objects */
+		out->num_objects++;
+	}
+
+	DBG_INFO("Processed %"PRIu32" DRS objects, saw %"PRIu32" objects "
+		 "and expected %"PRIu32" objects\n",
+		 out->num_objects, i, object_count);
+
+	out->objects = talloc_realloc(out, out->objects,
+				      struct dsdb_extended_replicated_object,
+				      out->num_objects);
+	if (out->num_objects != 0 && out->objects == NULL) {
+		DBG_ERR("FAILURE: talloc_realloc() failed after "
+			"processing %"PRIu32" DRS objects!\n",
+			out->num_objects);
+		talloc_free(out);
+		return WERR_FOOBAR;
+	}
+	if (i != object_count) {
+		DBG_ERR("FAILURE: saw %"PRIu32" DRS objects, server said we "
+			"should expect to see %"PRIu32" objects!\n",
+			i, object_count);
+		talloc_free(out);
+		return WERR_FOOBAR;
+	}
+
+	out->linked_attributes = talloc_array(out,
+					      struct drsuapi_DsReplicaLinkedAttribute,
+					      linked_attributes_count);
+	W_ERROR_HAVE_NO_MEMORY_AND_FREE(out->linked_attributes, out);
+
+	for (i=0; i < linked_attributes_count; i++) {
+		const struct drsuapi_DsReplicaLinkedAttribute *ra = &linked_attributes[i];
+		struct drsuapi_DsReplicaLinkedAttribute *la = &out->linked_attributes[i];
+
+		if (ra->identifier == NULL) {
+			talloc_free(out);
+			return WERR_BAD_NET_RESP;
+		}
+
+		*la = *ra;
+
+		la->identifier = talloc_zero(out->linked_attributes,
+					     struct drsuapi_DsReplicaObjectIdentifier);
+		W_ERROR_HAVE_NO_MEMORY_AND_FREE(la->identifier, out);
+
+		/*
+		 * We typically only get the guid filled
+		 * and the repl_meta_data module only cares abouf
+		 * the guid.
+		 */
+		la->identifier->guid = ra->identifier->guid;
+
+		if (ra->value.blob != NULL) {
+			la->value.blob = talloc_zero(out->linked_attributes,
+						     DATA_BLOB);
+			W_ERROR_HAVE_NO_MEMORY_AND_FREE(la->value.blob, out);
+
+			if (ra->value.blob->length != 0) {
+				*la->value.blob = data_blob_dup_talloc(la->value.blob,
+								       *ra->value.blob);
+				W_ERROR_HAVE_NO_MEMORY_AND_FREE(la->value.blob->data, out);
+			}
+		}
+
+		status = dsdb_attribute_drsuapi_remote_to_local(&syntax_ctx,
+								ra->attid,
+								&la->attid,
+								NULL);
+		if (!W_ERROR_IS_OK(status)) {
+			DEBUG(0,(__location__": linked_attribute[%u] attid 0x%08X not found: %s\n",
+				 i, ra->attid, win_errstr(status)));
+			return status;
+		}
+	}
+
+	out->linked_attributes_count = linked_attributes_count;
+
+	/* free pfm_remote, we won't need it anymore */
+	talloc_free(pfm_remote);
+
+	*objects = out;
+	return WERR_OK;
+}
+
+/**
+ * Commits a list of replicated objects.
+ *
+ * @param working_schema dsdb_schema to be used for resolving
+ * 			 Classes/Attributes during Schema replication. If not NULL,
+ * 			 it will be set on ldb and used while committing replicated objects
+ */
+WERROR dsdb_replicated_objects_commit(struct ldb_context *ldb,
+				      struct dsdb_schema *working_schema,
+				      struct dsdb_extended_replicated_objects *objects,
+				      uint64_t *notify_uSN)
+{
+	WERROR werr;
+	struct ldb_result *ext_res;
+	struct dsdb_schema *cur_schema = NULL;
+	struct dsdb_schema *new_schema = NULL;
+	int ret;
+	uint64_t seq_num1, seq_num2;
+	bool used_global_schema = false;
+
+	TALLOC_CTX *tmp_ctx = talloc_new(objects);
+	if (!tmp_ctx) {
+		DEBUG(0,("Failed to start talloc\n"));
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	/* wrap the extended operation in a transaction 
+	   See [MS-DRSR] 3.3.2 Transactions
+	 */
+	ret = ldb_transaction_start(ldb);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,(__location__ " Failed to start transaction: %s\n",
+			 ldb_errstring(ldb)));
+		return WERR_FOOBAR;
+	}
+
+	ret = dsdb_load_partition_usn(ldb, objects->partition_dn, &seq_num1, NULL);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,(__location__ " Failed to load partition uSN\n"));
+		ldb_transaction_cancel(ldb);
+		TALLOC_FREE(tmp_ctx);
+		return WERR_FOOBAR;		
+	}
+
+	/*
+	 * Set working_schema for ldb in case we are replicating from Schema NC.
+	 * Schema won't be reloaded during Replicated Objects commit, as it is
+	 * done in a transaction. So we need some way to search for newly
+	 * added Classes and Attributes
+	 */
+	if (working_schema) {
+		/* store current schema so we can fall back in case of failure */
+		cur_schema = dsdb_get_schema(ldb, tmp_ctx);
+		used_global_schema = dsdb_uses_global_schema(ldb);
+
+		ret = dsdb_reference_schema(ldb, working_schema, SCHEMA_MEMORY_ONLY);
+		if (ret != LDB_SUCCESS) {
+			DEBUG(0,(__location__ "Failed to reference working schema - %s\n",
+				 ldb_strerror(ret)));
+			/* TODO: Map LDB Error to NTSTATUS? */
+			ldb_transaction_cancel(ldb);
+			TALLOC_FREE(tmp_ctx);
+			return WERR_INTERNAL_ERROR;
+		}
+	}
+
+	ret = ldb_extended(ldb, DSDB_EXTENDED_REPLICATED_OBJECTS_OID, objects, &ext_res);
+	if (ret != LDB_SUCCESS) {
+		/* restore previous schema */
+		if (used_global_schema) { 
+			dsdb_set_global_schema(ldb);
+		} else if (cur_schema) {
+			dsdb_reference_schema(ldb, cur_schema, SCHEMA_MEMORY_ONLY);
+		}
+
+		if (W_ERROR_EQUAL(objects->error, WERR_DS_DRA_RECYCLED_TARGET)) {
+			DEBUG(3,("Missing target while attempting to apply records: %s\n",
+				 ldb_errstring(ldb)));
+		} else if (W_ERROR_EQUAL(objects->error, WERR_DS_DRA_MISSING_PARENT)) {
+			DEBUG(3,("Missing parent while attempting to apply records: %s\n",
+				 ldb_errstring(ldb)));
+		} else {
+			DEBUG(1,("Failed to apply records: %s: %s\n",
+				 ldb_errstring(ldb), ldb_strerror(ret)));
+		}
+		ldb_transaction_cancel(ldb);
+		TALLOC_FREE(tmp_ctx);
+
+		if (!W_ERROR_IS_OK(objects->error)) {
+			return objects->error;
+		}
+		return WERR_FOOBAR;
+	}
+	talloc_free(ext_res);
+
+	/* Save our updated prefixMap and check the schema is good. */
+	if (working_schema) {
+		struct ldb_result *ext_res_2;
+
+		werr = dsdb_write_prefixes_from_schema_to_ldb(working_schema,
+							      ldb,
+							      working_schema);
+		if (!W_ERROR_IS_OK(werr)) {
+			/* restore previous schema */
+			if (used_global_schema) { 
+				dsdb_set_global_schema(ldb);
+			} else if (cur_schema ) {
+				dsdb_reference_schema(ldb,
+						      cur_schema,
+						      SCHEMA_MEMORY_ONLY);
+			}
+			DEBUG(0,("Failed to save updated prefixMap: %s\n",
+				 win_errstr(werr)));
+			ldb_transaction_cancel(ldb);
+			TALLOC_FREE(tmp_ctx);
+			return werr;
+		}
+
+		/*
+		 * Use dsdb_schema_from_db through dsdb extended to check we
+		 * can load the schema currently sitting in the transaction.
+		 * We need this check because someone might have written to
+		 * the schema or prefixMap before we started the transaction,
+		 * which may have caused corruption.
+		 */
+		ret = ldb_extended(ldb, DSDB_EXTENDED_SCHEMA_LOAD,
+				   NULL, &ext_res_2);
+
+		if (ret != LDB_SUCCESS) {
+			if (used_global_schema) {
+				dsdb_set_global_schema(ldb);
+			} else if (cur_schema) {
+				dsdb_reference_schema(ldb, cur_schema, SCHEMA_MEMORY_ONLY);
+			}
+			DEBUG(0,("Corrupt schema write attempt detected, "
+				 "aborting schema modification operation.\n"
+				 "This probably happened due to bad timing of "
+				 "another schema edit: %s (%s)\n",
+				 ldb_errstring(ldb),
+				 ldb_strerror(ret)));
+			ldb_transaction_cancel(ldb);
+			TALLOC_FREE(tmp_ctx);
+			return WERR_FOOBAR;
+		}
+	}
+
+	ret = ldb_transaction_prepare_commit(ldb);
+	if (ret != LDB_SUCCESS) {
+		/* restore previous schema */
+		if (used_global_schema) { 
+			dsdb_set_global_schema(ldb);
+		} else if (cur_schema ) {
+			dsdb_reference_schema(ldb, cur_schema, SCHEMA_MEMORY_ONLY);
+		}
+		DBG_ERR(" Failed to prepare commit of transaction: %s (%s)\n",
+			ldb_errstring(ldb),
+			ldb_strerror(ret));
+		TALLOC_FREE(tmp_ctx);
+		return WERR_FOOBAR;
+	}
+
+	ret = dsdb_load_partition_usn(ldb, objects->partition_dn, &seq_num2, NULL);
+	if (ret != LDB_SUCCESS) {
+		/* restore previous schema */
+		if (used_global_schema) { 
+			dsdb_set_global_schema(ldb);
+		} else if (cur_schema ) {
+			dsdb_reference_schema(ldb, cur_schema, SCHEMA_MEMORY_ONLY);
+		}
+		DEBUG(0,(__location__ " Failed to load partition uSN\n"));
+		ldb_transaction_cancel(ldb);
+		TALLOC_FREE(tmp_ctx);
+		return WERR_FOOBAR;		
+	}
+
+	ret = ldb_transaction_commit(ldb);
+	if (ret != LDB_SUCCESS) {
+		/* restore previous schema */
+		if (used_global_schema) { 
+			dsdb_set_global_schema(ldb);
+		} else if (cur_schema ) {
+			dsdb_reference_schema(ldb, cur_schema, SCHEMA_MEMORY_ONLY);
+		}
+		DEBUG(0,(__location__ " Failed to commit transaction\n"));
+		TALLOC_FREE(tmp_ctx);
+		return WERR_FOOBAR;
+	}
+
+	if (seq_num1 > *notify_uSN) {
+		/*
+		 * A notify was already required before
+		 * the current transaction.
+		 */
+	} else if (objects->originating_updates) {
+		/*
+		 * Applying the replicated changes
+		 * required originating updates,
+		 * so a notify is required.
+		 */
+	} else {
+		/*
+		 * There's no need to notify the
+		 * server about the change we just from it.
+		 */
+		*notify_uSN = seq_num2;
+	}
+
+	/*
+	 * Reset the Schema used by ldb. This will lead to
+	 * a schema cache being refreshed from database.
+	 */
+	if (working_schema) {
+		/* Reload the schema */
+		new_schema = dsdb_get_schema(ldb, tmp_ctx);
+		/* TODO:
+		 * If dsdb_get_schema() fails, we just fall back
+		 * to what we had.  However, the database is probably
+		 * unable to operate for other users from this
+		 * point... */
+		if (new_schema == NULL || new_schema == working_schema) {
+			DBG_ERR("Failed to re-load schema after commit of "
+				"transaction (working: %p/%"PRIu64", new: "
+				"%p/%"PRIu64")\n", new_schema,
+				new_schema != NULL ?
+				new_schema->metadata_usn : 0,
+				working_schema, working_schema->metadata_usn);
+			dsdb_reference_schema(ldb, cur_schema, SCHEMA_MEMORY_ONLY);
+			if (used_global_schema) {
+				dsdb_set_global_schema(ldb);
+			}
+			TALLOC_FREE(tmp_ctx);
+			return WERR_INTERNAL_ERROR;
+		} else if (used_global_schema) {
+			dsdb_make_schema_global(ldb, new_schema);
+		}
+	}
+
+	DEBUG(2,("Replicated %u objects (%u linked attributes) for %s\n",
+		 objects->num_objects, objects->linked_attributes_count,
+		 ldb_dn_get_linearized(objects->partition_dn)));
+		 
+	TALLOC_FREE(tmp_ctx);
+	return WERR_OK;
+}
+
+static WERROR dsdb_origin_object_convert(struct ldb_context *ldb,
+					 const struct dsdb_schema *schema,
+					 const struct drsuapi_DsReplicaObjectListItem *in,
+					 TALLOC_CTX *mem_ctx,
+					 struct ldb_message **_msg)
+{
+	WERROR status;
+	unsigned int i;
+	struct ldb_message *msg;
+
+	if (!in->object.identifier) {
+		return WERR_FOOBAR;
+	}
+
+	if (!in->object.identifier->dn || !in->object.identifier->dn[0]) {
+		return WERR_FOOBAR;
+	}
+
+	msg = ldb_msg_new(mem_ctx);
+	W_ERROR_HAVE_NO_MEMORY(msg);
+
+	msg->dn	= ldb_dn_new(msg, ldb, in->object.identifier->dn);
+	W_ERROR_HAVE_NO_MEMORY(msg->dn);
+
+	msg->num_elements	= in->object.attribute_ctr.num_attributes;
+	msg->elements		= talloc_array(msg, struct ldb_message_element,
+					       msg->num_elements);
+	W_ERROR_HAVE_NO_MEMORY(msg->elements);
+
+	for (i=0; i < msg->num_elements; i++) {
+		struct drsuapi_DsReplicaAttribute *a;
+		struct ldb_message_element *e;
+
+		a = &in->object.attribute_ctr.attributes[i];
+		e = &msg->elements[i];
+
+		status = dsdb_attribute_drsuapi_to_ldb(ldb, schema, schema->prefixmap,
+						       a, msg->elements, e, NULL);
+		W_ERROR_NOT_OK_RETURN(status);
+	}
+
+
+	*_msg = msg;
+
+	return WERR_OK;
+}
+
+WERROR dsdb_origin_objects_commit(struct ldb_context *ldb,
+				  TALLOC_CTX *mem_ctx,
+				  const struct drsuapi_DsReplicaObjectListItem *first_object,
+				  uint32_t *_num,
+				  uint32_t dsdb_repl_flags,
+				  struct drsuapi_DsReplicaObjectIdentifier2 **_ids)
+{
+	WERROR status;
+	const struct dsdb_schema *schema;
+	const struct drsuapi_DsReplicaObjectListItem *cur;
+	struct ldb_message **objects;
+	struct drsuapi_DsReplicaObjectIdentifier2 *ids;
+	uint32_t i;
+	uint32_t num_objects = 0;
+	const char * const attrs[] = {
+		"objectGUID",
+		"objectSid",
+		NULL
+	};
+	struct ldb_result *res;
+	int ret;
+
+	for (cur = first_object; cur; cur = cur->next_object) {
+		num_objects++;
+	}
+
+	if (num_objects == 0) {
+		return WERR_OK;
+	}
+
+	ret = ldb_transaction_start(ldb);
+	if (ret != LDB_SUCCESS) {
+		return WERR_DS_INTERNAL_FAILURE;
+	}
+
+	objects	= talloc_array(mem_ctx, struct ldb_message *,
+			       num_objects);
+	if (objects == NULL) {
+		status = WERR_NOT_ENOUGH_MEMORY;
+		goto cancel;
+	}
+
+	schema = dsdb_get_schema(ldb, objects);
+	if (!schema) {
+		return WERR_DS_SCHEMA_NOT_LOADED;
+	}
+
+	for (i=0, cur = first_object; cur; cur = cur->next_object, i++) {
+		status = dsdb_origin_object_convert(ldb, schema, cur,
+						    objects, &objects[i]);
+		if (!W_ERROR_IS_OK(status)) {
+			goto cancel;
+		}
+	}
+
+	ids = talloc_array(mem_ctx,
+			   struct drsuapi_DsReplicaObjectIdentifier2,
+			   num_objects);
+	if (ids == NULL) {
+		status = WERR_NOT_ENOUGH_MEMORY;
+		goto cancel;
+	}
+
+	if (dsdb_repl_flags & DSDB_REPL_FLAG_ADD_NCNAME) {
+		/* check for possible NC creation */
+		for (i=0; i < num_objects; i++) {
+			struct ldb_message *msg = objects[i];
+			struct ldb_message_element *el;
+			struct ldb_dn *nc_dn;
+
+			if (ldb_msg_check_string_attribute(msg, "objectClass", "crossRef") == 0) {
+				continue;
+			}
+			el = ldb_msg_find_element(msg, "nCName");
+			if (el == NULL || el->num_values != 1) {
+				continue;
+			}
+			nc_dn = ldb_dn_from_ldb_val(objects, ldb, &el->values[0]);
+			if (!ldb_dn_validate(nc_dn)) {
+				continue;
+			}
+			ret = dsdb_create_partial_replica_NC(ldb, nc_dn);
+			if (ret != LDB_SUCCESS) {
+				status = WERR_DS_INTERNAL_FAILURE;
+				goto cancel;
+			}
+		}
+	}
+
+	for (i=0; i < num_objects; i++) {
+		struct dom_sid *sid = NULL;
+		struct ldb_request *add_req;
+
+		DEBUG(6,(__location__ ": adding %s\n", 
+			 ldb_dn_get_linearized(objects[i]->dn)));
+
+		ret = ldb_build_add_req(&add_req,
+					ldb,
+					objects,
+					objects[i],
+					NULL,
+					NULL,
+					ldb_op_default_callback,
+					NULL);
+		if (ret != LDB_SUCCESS) {
+			status = WERR_DS_INTERNAL_FAILURE;
+			goto cancel;
+		}
+
+		ret = ldb_request_add_control(add_req, LDB_CONTROL_RELAX_OID, true, NULL);
+		if (ret != LDB_SUCCESS) {
+			status = WERR_DS_INTERNAL_FAILURE;
+			goto cancel;
+		}
+		
+		ret = ldb_request(ldb, add_req);
+		if (ret == LDB_SUCCESS) {
+			ret = ldb_wait(add_req->handle, LDB_WAIT_ALL);
+		}
+		if (ret != LDB_SUCCESS) {
+			DEBUG(0,(__location__ ": Failed add of %s - %s\n",
+				 ldb_dn_get_linearized(objects[i]->dn), ldb_errstring(ldb)));
+			status = WERR_DS_INTERNAL_FAILURE;
+			goto cancel;
+		}
+
+		talloc_free(add_req);
+
+		ret = ldb_search(ldb, objects, &res, objects[i]->dn,
+				 LDB_SCOPE_BASE, attrs,
+				 "(objectClass=*)");
+		if (ret != LDB_SUCCESS) {
+			status = WERR_DS_INTERNAL_FAILURE;
+			goto cancel;
+		}
+		ids[i].guid = samdb_result_guid(res->msgs[0], "objectGUID");
+		sid = samdb_result_dom_sid(objects, res->msgs[0], "objectSid");
+		if (sid) {
+			ids[i].sid = *sid;
+		} else {
+			ZERO_STRUCT(ids[i].sid);
+		}
+	}
+
+	ret = ldb_transaction_commit(ldb);
+	if (ret != LDB_SUCCESS) {
+		return WERR_DS_INTERNAL_FAILURE;
+	}
+
+	talloc_free(objects);
+
+	*_num = num_objects;
+	*_ids = ids;
+	return WERR_OK;
+
+cancel:
+	talloc_free(objects);
+	ldb_transaction_cancel(ldb);
+	return status;
+}
diff --git a/source4/dsdb/samdb.pc.in b/source4/dsdb/samdb.pc.in
new file mode 100644
index 0000000..691f73e
--- /dev/null
+++ b/source4/dsdb/samdb.pc.in
@@ -0,0 +1,10 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: samdb
+Description: Sam Database
+Version: @PACKAGE_VERSION@
+Libs: @LIB_RPATH@ -L${libdir} -lsamdb
+Cflags: -I${includedir} -DHAVE_IMMEDIATE_STRUCTURES=1
diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c
new file mode 100644
index 0000000..52f5e41
--- /dev/null
+++ b/source4/dsdb/samdb/cracknames.c
@@ -0,0 +1,1804 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   crachnames implementation for the drsuapi pipe
+   DsCrackNames()
+
+   Copyright (C) Stefan Metzmacher 2004
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
+   Copyright (C) Matthieu Patou <mat@matws.net> 2012
+   Copyright (C) Catalyst .Net Ltd 2017
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/drsuapi.h"
+#include "lib/events/events.h"
+#include <ldb.h>
+#include <ldb_errors.h>
+#include "auth/kerberos/kerberos.h"
+#include "libcli/ldap/ldap_ndr.h"
+#include "libcli/security/security.h"
+#include "auth/auth.h"
+#include "../lib/util/util_ldb.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
+#include "param/param.h"
+
+#undef strcasecmp
+
+static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
+				   struct smb_krb5_context *smb_krb5_context,
+				   uint32_t format_flags, enum drsuapi_DsNameFormat format_offered,
+				   enum drsuapi_DsNameFormat format_desired,
+				   struct ldb_dn *name_dn, const char *name, 
+				   const char *domain_filter, const char *result_filter, 
+				   struct drsuapi_DsNameInfo1 *info1, int scope, struct ldb_dn *search_dn);
+static WERROR DsCrackNameOneSyntactical(TALLOC_CTX *mem_ctx,
+					enum drsuapi_DsNameFormat format_offered,
+					enum drsuapi_DsNameFormat format_desired,
+					struct ldb_dn *name_dn, const char *name, 
+					struct drsuapi_DsNameInfo1 *info1);
+
+static WERROR dns_domain_from_principal(TALLOC_CTX *mem_ctx, struct smb_krb5_context *smb_krb5_context, 
+					const char *name, 
+					struct drsuapi_DsNameInfo1 *info1) 
+{
+	krb5_error_code ret;
+	krb5_principal principal;
+	/* perhaps it's a principal with a realm, so return the right 'domain only' response */
+	ret = krb5_parse_name_flags(smb_krb5_context->krb5_context, name, 
+				    KRB5_PRINCIPAL_PARSE_REQUIRE_REALM, &principal);
+	if (ret) {
+		info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+		return WERR_OK;
+	}
+
+	info1->dns_domain_name = smb_krb5_principal_get_realm(
+		mem_ctx, smb_krb5_context->krb5_context, principal);
+	krb5_free_principal(smb_krb5_context->krb5_context, principal);
+
+	W_ERROR_HAVE_NO_MEMORY(info1->dns_domain_name);
+
+	info1->status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY;
+	return WERR_OK;
+}
+
+static enum drsuapi_DsNameStatus LDB_lookup_spn_alias(struct ldb_context *ldb_ctx,
+						      TALLOC_CTX *mem_ctx,
+						      const char *alias_from,
+						      char **alias_to)
+{
+	/*
+	 * Some of the logic of this function is mirrored in find_spn_alias()
+	 * in source4/dsdb.samdb/ldb_modules/samldb.c. If you change this to
+	 * not return the first matched alias, you will need to rethink that
+	 * function too.
+	 */
+	unsigned int i;
+	int ret;
+	struct ldb_result *res;
+	struct ldb_message_element *spnmappings;
+	TALLOC_CTX *tmp_ctx;
+	struct ldb_dn *service_dn;
+	char *service_dn_str;
+
+	const char *directory_attrs[] = {
+		"sPNMappings", 
+		NULL
+	};
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (!tmp_ctx) {
+		return DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
+	}
+
+	service_dn = ldb_dn_new(tmp_ctx, ldb_ctx, "CN=Directory Service,CN=Windows NT,CN=Services");
+	if ( ! ldb_dn_add_base(service_dn, ldb_get_config_basedn(ldb_ctx))) {
+		talloc_free(tmp_ctx);
+		return DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
+	}
+	service_dn_str = ldb_dn_alloc_linearized(tmp_ctx, service_dn);
+	if ( ! service_dn_str) {
+		talloc_free(tmp_ctx);
+		return DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
+	}
+
+	ret = ldb_search(ldb_ctx, tmp_ctx, &res, service_dn, LDB_SCOPE_BASE,
+			 directory_attrs, "(objectClass=nTDSService)");
+
+	if (ret != LDB_SUCCESS && ret != LDB_ERR_NO_SUCH_OBJECT) {
+		DEBUG(1, ("ldb_search: dn: %s not found: %s\n", service_dn_str, ldb_errstring(ldb_ctx)));
+		talloc_free(tmp_ctx);
+		return DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
+	} else if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+		DEBUG(1, ("ldb_search: dn: %s not found\n", service_dn_str));
+		talloc_free(tmp_ctx);
+		return DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+	} else if (res->count != 1) {
+		DEBUG(1, ("ldb_search: dn: %s not found\n", service_dn_str));
+		talloc_free(tmp_ctx);
+		return DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+	}
+
+	spnmappings = ldb_msg_find_element(res->msgs[0], "sPNMappings");
+	if (!spnmappings || spnmappings->num_values == 0) {
+		DEBUG(1, ("ldb_search: dn: %s no sPNMappings attribute\n", service_dn_str));
+		talloc_free(tmp_ctx);
+		return DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+	}
+
+	for (i = 0; i < spnmappings->num_values; i++) {
+		char *mapping, *p, *str;
+		mapping = talloc_strdup(tmp_ctx, 
+					(const char *)spnmappings->values[i].data);
+		if (!mapping) {
+			DEBUG(1, ("LDB_lookup_spn_alias: ldb_search: dn: %s did not have an sPNMapping\n", service_dn_str));
+			talloc_free(tmp_ctx);
+			return DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+		}
+
+		/* C string manipulation sucks */
+
+		p = strchr(mapping, '=');
+		if (!p) {
+			DEBUG(1, ("ldb_search: dn: %s sPNMapping malformed: %s\n", 
+				  service_dn_str, mapping));
+			talloc_free(tmp_ctx);
+			return DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+		}
+		p[0] = '\0';
+		p++;
+		do {
+			str = p;
+			p = strchr(p, ',');
+			if (p) {
+				p[0] = '\0';
+				p++;
+			}
+			if (strcasecmp(str, alias_from) == 0) {
+				*alias_to = mapping;
+				talloc_steal(mem_ctx, mapping);
+				talloc_free(tmp_ctx);
+				return DRSUAPI_DS_NAME_STATUS_OK;
+			}
+		} while (p);
+	}
+	DEBUG(4, ("LDB_lookup_spn_alias: no alias for service %s applicable\n", alias_from));
+	talloc_free(tmp_ctx);
+	return DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+}
+
+/* When cracking a ServicePrincipalName, many services may be served
+ * by the host/ servicePrincipalName.  The incoming query is for cifs/
+ * but we translate it here, and search on host/.  This is done after
+ * the cifs/ entry has been searched for, making this a fallback */
+
+static WERROR DsCrackNameSPNAlias(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
+				  struct smb_krb5_context *smb_krb5_context,
+				  uint32_t format_flags, enum drsuapi_DsNameFormat format_offered,
+				  enum drsuapi_DsNameFormat format_desired,
+				  const char *name, struct drsuapi_DsNameInfo1 *info1)
+{
+	WERROR wret;
+	krb5_error_code ret;
+	krb5_principal principal;
+	krb5_data component;
+	const char *service, *dns_name;
+	char *new_service;
+	char *new_princ;
+	enum drsuapi_DsNameStatus namestatus;
+
+	/* parse principal */
+	ret = krb5_parse_name_flags(smb_krb5_context->krb5_context, 
+				    name, KRB5_PRINCIPAL_PARSE_NO_REALM, &principal);
+	if (ret) {
+		DEBUG(2, ("Could not parse principal: %s: %s\n",
+			  name, smb_get_krb5_error_message(smb_krb5_context->krb5_context, 
+							   ret, mem_ctx)));
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	/* grab cifs/, http/ etc */
+
+	ret = smb_krb5_princ_component(smb_krb5_context->krb5_context,
+				       principal, 0, &component);
+	if (ret) {
+		info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+		krb5_free_principal(smb_krb5_context->krb5_context, principal);
+		return WERR_OK;
+	}
+	service = (const char *)component.data;
+	ret = smb_krb5_princ_component(smb_krb5_context->krb5_context,
+				       principal, 1, &component);
+	if (ret) {
+		info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+		krb5_free_principal(smb_krb5_context->krb5_context, principal);
+		return WERR_OK;
+	}
+	dns_name = (const char *)component.data;
+
+	/* MAP it */
+	namestatus = LDB_lookup_spn_alias(sam_ctx, mem_ctx,
+					  service, &new_service);
+
+	if (namestatus == DRSUAPI_DS_NAME_STATUS_NOT_FOUND) {
+		wret = WERR_OK;
+		info1->status		= DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY;
+		info1->dns_domain_name	= talloc_strdup(mem_ctx, dns_name);
+		if (!info1->dns_domain_name) {
+			wret = WERR_NOT_ENOUGH_MEMORY;
+		}
+		krb5_free_principal(smb_krb5_context->krb5_context, principal);
+		return wret;
+	} else if (namestatus != DRSUAPI_DS_NAME_STATUS_OK) {
+		info1->status = namestatus;
+		krb5_free_principal(smb_krb5_context->krb5_context, principal);
+		return WERR_OK;
+	}
+
+	/* reform principal */
+	new_princ = talloc_asprintf(mem_ctx, "%s/%s", new_service, dns_name);
+	if (!new_princ) {
+		krb5_free_principal(smb_krb5_context->krb5_context, principal);
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	wret = DsCrackNameOneName(sam_ctx, mem_ctx, format_flags, format_offered, format_desired,
+				  new_princ, info1);
+	talloc_free(new_princ);
+	if (W_ERROR_IS_OK(wret) && (info1->status == DRSUAPI_DS_NAME_STATUS_NOT_FOUND)) {
+		info1->status		= DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY;
+		info1->dns_domain_name	= talloc_strdup(mem_ctx, dns_name);
+		if (!info1->dns_domain_name) {
+			wret = WERR_NOT_ENOUGH_MEMORY;
+		}
+	}
+	krb5_free_principal(smb_krb5_context->krb5_context, principal);
+	return wret;
+}
+
+/* Subcase of CrackNames, for the userPrincipalName */
+
+static WERROR DsCrackNameUPN(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
+			     struct smb_krb5_context *smb_krb5_context,
+			     uint32_t format_flags, enum drsuapi_DsNameFormat format_offered,
+			     enum drsuapi_DsNameFormat format_desired,
+			     const char *name, struct drsuapi_DsNameInfo1 *info1)
+{
+	int ldb_ret;
+	WERROR status;
+	const char *domain_filter = NULL;
+	const char *result_filter = NULL;
+	krb5_error_code ret;
+	krb5_principal principal;
+	char *realm;
+	char *realm_encoded = NULL;
+	char *unparsed_name_short;
+	const char *unparsed_name_short_encoded = NULL;
+	const char *domain_attrs[] = { NULL };
+	struct ldb_result *domain_res = NULL;
+
+	/* Prevent recursion */
+	if (!name) {
+		info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+		return WERR_OK;
+	}
+
+	ret = krb5_parse_name_flags(smb_krb5_context->krb5_context, name, 
+				    KRB5_PRINCIPAL_PARSE_REQUIRE_REALM, &principal);
+	if (ret) {
+		info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+		return WERR_OK;
+	}
+
+	realm = smb_krb5_principal_get_realm(
+		mem_ctx, smb_krb5_context->krb5_context, principal);
+	if (realm == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	realm_encoded = ldb_binary_encode_string(mem_ctx, realm);
+	if (realm_encoded == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	ldb_ret = ldb_search(sam_ctx, mem_ctx, &domain_res,
+			     samdb_partitions_dn(sam_ctx, mem_ctx),
+			     LDB_SCOPE_ONELEVEL,
+			     domain_attrs,
+			     "(&(objectClass=crossRef)(|(dnsRoot=%s)(netbiosName=%s))"
+			     "(systemFlags:"LDB_OID_COMPARATOR_AND":=%u))",
+			     realm_encoded,
+			     realm_encoded,
+			     SYSTEM_FLAG_CR_NTDS_DOMAIN);
+	TALLOC_FREE(realm_encoded);
+	TALLOC_FREE(realm);
+
+	if (ldb_ret != LDB_SUCCESS) {
+		DEBUG(2, ("DsCrackNameUPN domain ref search failed: %s\n", ldb_errstring(sam_ctx)));
+		info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
+		krb5_free_principal(smb_krb5_context->krb5_context, principal);
+		return WERR_OK;
+	}
+
+	switch (domain_res->count) {
+	case 1:
+		break;
+	case 0:
+		krb5_free_principal(smb_krb5_context->krb5_context, principal);
+		return dns_domain_from_principal(mem_ctx, smb_krb5_context, 
+						 name, info1);
+	default:
+		info1->status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE;
+		krb5_free_principal(smb_krb5_context->krb5_context, principal);
+		return WERR_OK;
+	}
+
+	/*
+	 * The important thing here is that a samAccountName may have
+	 * a space in it, and this must not be kerberos escaped to
+	 * match this filter, so we specify
+	 * KRB5_PRINCIPAL_UNPARSE_DISPLAY
+	 */
+	ret = krb5_unparse_name_flags(smb_krb5_context->krb5_context, principal, 
+				      KRB5_PRINCIPAL_UNPARSE_NO_REALM |
+				      KRB5_PRINCIPAL_UNPARSE_DISPLAY,
+				      &unparsed_name_short);
+	krb5_free_principal(smb_krb5_context->krb5_context, principal);
+
+	if (ret) {
+		free(unparsed_name_short);
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	unparsed_name_short_encoded = ldb_binary_encode_string(mem_ctx, unparsed_name_short);
+	if (unparsed_name_short_encoded == NULL) {
+		free(unparsed_name_short);
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	/* This may need to be extended for more userPrincipalName variations */
+	result_filter = talloc_asprintf(mem_ctx, "(&(samAccountName=%s)(objectClass=user))",
+					unparsed_name_short_encoded);
+
+	domain_filter = talloc_asprintf(mem_ctx, "(distinguishedName=%s)", ldb_dn_get_linearized(domain_res->msgs[0]->dn));
+
+	if (!result_filter || !domain_filter) {
+		free(unparsed_name_short);
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+	status = DsCrackNameOneFilter(sam_ctx, mem_ctx, 
+				      smb_krb5_context, 
+				      format_flags, format_offered, format_desired, 
+				      NULL, unparsed_name_short, domain_filter, result_filter, 
+				      info1, LDB_SCOPE_SUBTREE, NULL);
+	free(unparsed_name_short);
+
+	return status;
+}
+
+/*
+ * This function will workout the filtering parameter in order to be able to do
+ * the adapted search when the incoming format is format_functional.
+ * This boils down to defining the search_dn (passed as pointer to ldb_dn *) and the
+ * ldap filter request.
+ * Main input parameters are:
+ * * name, which is the portion of the functional name after the
+ * first '/'.
+ * * domain_filter, which is a ldap search filter used to find the NC DN given the
+ * function name to crack.
+ */
+static WERROR get_format_functional_filtering_param(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
+			char *name, struct drsuapi_DsNameInfo1 *info1,
+			struct ldb_dn **psearch_dn, const char *domain_filter, const char **presult_filter)
+{
+	struct ldb_result *domain_res = NULL;
+	const char * const domain_attrs[] = {"ncName", NULL};
+	struct ldb_dn *partitions_basedn = samdb_partitions_dn(sam_ctx, mem_ctx);
+	int ldb_ret;
+	char *account,  *s, *result_filter = NULL;
+	struct ldb_dn *search_dn = NULL;
+
+	*psearch_dn = NULL;
+	*presult_filter = NULL;
+
+	ldb_ret = ldb_search(sam_ctx, mem_ctx, &domain_res,
+				partitions_basedn,
+				LDB_SCOPE_ONELEVEL,
+				domain_attrs,
+				"%s", domain_filter);
+
+	if (ldb_ret != LDB_SUCCESS) {
+		DEBUG(2, ("DsCrackNameOne domain ref search failed: %s\n", ldb_errstring(sam_ctx)));
+		info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
+		return WERR_FOOBAR;
+	}
+
+	if (domain_res->count == 1) {
+		struct ldb_dn *tmp_dn = samdb_result_dn(sam_ctx, mem_ctx, domain_res->msgs[0], "ncName", NULL);
+		const char * const name_attrs[] = {"name", NULL};
+
+		account = name;
+		s = strchr(account, '/');
+		talloc_free(domain_res);
+		while(s) {
+			s[0] = '\0';
+			s++;
+
+			ldb_ret = ldb_search(sam_ctx, mem_ctx, &domain_res,
+						tmp_dn,
+						LDB_SCOPE_ONELEVEL,
+						name_attrs,
+						"name=%s", account);
+
+			if (ldb_ret != LDB_SUCCESS) {
+				DEBUG(2, ("DsCrackNameOne domain ref search failed: %s\n", ldb_errstring(sam_ctx)));
+				info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
+				return WERR_OK;
+			}
+			talloc_free(tmp_dn);
+			switch (domain_res->count) {
+			case 1:
+				break;
+			case 0:
+				talloc_free(domain_res);
+				info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+				return WERR_OK;
+			default:
+				talloc_free(domain_res);
+				info1->status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE;
+				return WERR_OK;
+			}
+
+			tmp_dn = talloc_steal(mem_ctx, domain_res->msgs[0]->dn);
+			talloc_free(domain_res);
+			search_dn = tmp_dn;
+			account = s;
+			s = strchr(account, '/');
+		}
+		account = ldb_binary_encode_string(mem_ctx, account);
+		W_ERROR_HAVE_NO_MEMORY(account);
+		result_filter = talloc_asprintf(mem_ctx, "(name=%s)",
+						account);
+		W_ERROR_HAVE_NO_MEMORY(result_filter);
+	}
+	*psearch_dn = search_dn;
+	*presult_filter = result_filter;
+	return WERR_OK;
+}
+
+/* Crack a single 'name', from format_offered into format_desired, returning the result in info1 */
+
+WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
+			  uint32_t format_flags, enum drsuapi_DsNameFormat format_offered,
+			  enum drsuapi_DsNameFormat format_desired,
+			  const char *name, struct drsuapi_DsNameInfo1 *info1)
+{
+	krb5_error_code ret;
+	const char *domain_filter = NULL;
+	const char *result_filter = NULL;
+	struct ldb_dn *name_dn = NULL;
+	struct ldb_dn *search_dn = NULL;
+
+	struct smb_krb5_context *smb_krb5_context = NULL;
+	int scope = LDB_SCOPE_SUBTREE;
+
+	info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
+	info1->dns_domain_name = NULL;
+	info1->result_name = NULL;
+
+	if (!name) {
+		return WERR_INVALID_PARAMETER;
+	}
+
+	/* TODO: - fill the correct names in all cases!
+	 *       - handle format_flags
+	 */
+	if (format_desired == DRSUAPI_DS_NAME_FORMAT_UNKNOWN) {
+		return WERR_OK;
+	}
+	/* here we need to set the domain_filter and/or the result_filter */
+	switch (format_offered) {
+	case DRSUAPI_DS_NAME_FORMAT_UNKNOWN:
+	{
+		unsigned int i;
+		enum drsuapi_DsNameFormat formats[] = {
+			DRSUAPI_DS_NAME_FORMAT_FQDN_1779, DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
+			DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT, DRSUAPI_DS_NAME_FORMAT_CANONICAL,
+			DRSUAPI_DS_NAME_FORMAT_GUID, DRSUAPI_DS_NAME_FORMAT_DISPLAY,
+			DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
+			DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
+			DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX
+		};
+		WERROR werr;
+		for (i=0; i < ARRAY_SIZE(formats); i++) {
+			werr = DsCrackNameOneName(sam_ctx, mem_ctx, format_flags, formats[i], format_desired, name, info1);
+			if (!W_ERROR_IS_OK(werr)) {
+				return werr;
+			}
+			if (info1->status != DRSUAPI_DS_NAME_STATUS_NOT_FOUND &&
+			    (formats[i] != DRSUAPI_DS_NAME_FORMAT_CANONICAL ||
+			     info1->status != DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR))
+			{
+				return werr;
+			}
+		}
+		return werr;
+	}
+
+	case DRSUAPI_DS_NAME_FORMAT_CANONICAL:
+	case DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX:
+	{
+		char *str, *s, *account;
+		const char *str_encoded = NULL;
+		scope = LDB_SCOPE_ONELEVEL;
+
+		if (strlen(name) == 0) {
+			info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
+			return WERR_OK;
+		}
+
+		str = talloc_strdup(mem_ctx, name);
+		W_ERROR_HAVE_NO_MEMORY(str);
+
+		if (format_offered == DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX) {
+			/* Look backwards for the \n, and replace it with / */
+			s = strrchr(str, '\n');
+			if (!s) {
+				info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
+				return WERR_OK;
+			}
+			s[0] = '/';
+		}
+
+		s = strchr(str, '/');
+		if (!s) {
+			/* there must be at least one / */
+			info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
+			return WERR_OK;
+		}
+
+		s[0] = '\0';
+		s++;
+
+		str_encoded = ldb_binary_encode_string(mem_ctx, str);
+		if (str_encoded == NULL) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+
+		domain_filter = talloc_asprintf(mem_ctx, "(&(objectClass=crossRef)(dnsRoot=%s)(systemFlags:%s:=%u))",
+						str_encoded,
+						LDB_OID_COMPARATOR_AND,
+						SYSTEM_FLAG_CR_NTDS_DOMAIN);
+		W_ERROR_HAVE_NO_MEMORY(domain_filter);
+
+		/* There may not be anything after the domain component (search for the domain itself) */
+		account = s;
+		if (account && *account) {
+			WERROR werr = get_format_functional_filtering_param(sam_ctx,
+										mem_ctx,
+										account,
+										info1,
+										&search_dn,
+										domain_filter,
+										&result_filter);
+			if (!W_ERROR_IS_OK(werr)) {
+				return werr;
+			}
+			if (info1->status != DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR)
+				return WERR_OK;
+		}
+		break;
+	}
+	case DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT: {
+		char *p;
+		char *domain;
+		char *domain_encoded = NULL;
+		const char *account = NULL;
+
+		domain = talloc_strdup(mem_ctx, name);
+		W_ERROR_HAVE_NO_MEMORY(domain);
+
+		p = strchr(domain, '\\');
+		if (!p) {
+			/* invalid input format */
+			info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+			return WERR_OK;
+		}
+		p[0] = '\0';
+
+		if (p[1]) {
+			account = &p[1];
+		}
+
+		domain_encoded = ldb_binary_encode_string(mem_ctx, domain);
+		if (domain_encoded == NULL) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+
+		domain_filter = talloc_asprintf(mem_ctx, 
+						"(&(objectClass=crossRef)(netbiosName=%s)(systemFlags:%s:=%u))",
+						domain_encoded,
+						LDB_OID_COMPARATOR_AND,
+						SYSTEM_FLAG_CR_NTDS_DOMAIN);
+		W_ERROR_HAVE_NO_MEMORY(domain_filter);
+		if (account) {
+			const char *account_encoded = NULL;
+
+			account_encoded = ldb_binary_encode_string(mem_ctx, account);
+			if (account_encoded == NULL) {
+				return WERR_NOT_ENOUGH_MEMORY;
+			}
+
+			result_filter = talloc_asprintf(mem_ctx, "(sAMAccountName=%s)",
+							account_encoded);
+			W_ERROR_HAVE_NO_MEMORY(result_filter);
+		}
+
+		talloc_free(domain);
+		break;
+	}
+
+		/* A LDAP DN as a string */
+	case DRSUAPI_DS_NAME_FORMAT_FQDN_1779: {
+		domain_filter = NULL;
+		name_dn = ldb_dn_new(mem_ctx, sam_ctx, name);
+		if (! ldb_dn_validate(name_dn)) {
+			info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+			return WERR_OK;
+		}
+		break;
+	}
+
+		/* A GUID as a string */
+	case DRSUAPI_DS_NAME_FORMAT_GUID: {
+		struct GUID guid;
+		char *ldap_guid;
+		NTSTATUS nt_status;
+		domain_filter = NULL;
+
+		nt_status = GUID_from_string(name, &guid);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+			return WERR_OK;
+		}
+
+		ldap_guid = ldap_encode_ndr_GUID(mem_ctx, &guid);
+		if (!ldap_guid) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+		result_filter = talloc_asprintf(mem_ctx, "(objectGUID=%s)",
+						ldap_guid);
+		W_ERROR_HAVE_NO_MEMORY(result_filter);
+		break;
+	}
+	case DRSUAPI_DS_NAME_FORMAT_DISPLAY: {
+		const char *name_encoded = NULL;
+
+		domain_filter = NULL;
+
+		name_encoded = ldb_binary_encode_string(mem_ctx, name);
+		if (name_encoded == NULL) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+
+		result_filter = talloc_asprintf(mem_ctx, "(|(displayName=%s)(samAccountName=%s))",
+						name_encoded,
+						name_encoded);
+		W_ERROR_HAVE_NO_MEMORY(result_filter);
+		break;
+	}
+
+		/* A S-1234-5678 style string */
+	case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY: {
+		struct dom_sid *sid = dom_sid_parse_talloc(mem_ctx, name);
+		char *ldap_sid;
+
+		domain_filter = NULL;
+		if (!sid) {
+			info1->dns_domain_name = NULL;
+			info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+			return WERR_OK;
+		}
+		ldap_sid = ldap_encode_ndr_dom_sid(mem_ctx, 
+						   sid);
+		if (!ldap_sid) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+		result_filter = talloc_asprintf(mem_ctx, "(objectSid=%s)",
+						ldap_sid);
+		W_ERROR_HAVE_NO_MEMORY(result_filter);
+		break;
+	}
+	case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL: {
+		krb5_principal principal;
+		char *unparsed_name;
+		const char *unparsed_name_encoded = NULL;
+
+		ret = smb_krb5_init_context(mem_ctx, 
+					    (struct loadparm_context *)ldb_get_opaque(sam_ctx, "loadparm"), 
+					    &smb_krb5_context);
+
+		if (ret) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+
+		/* Ensure we reject complete junk first */
+		ret = krb5_parse_name(smb_krb5_context->krb5_context, name, &principal);
+		if (ret) {
+			info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+			return WERR_OK;
+		}
+
+		domain_filter = NULL;
+
+		/*
+		 * By getting the unparsed name here, we ensure the
+		 * escaping is removed correctly (and trust the client
+		 * less).  The important thing here is that a
+		 * userPrincipalName may have a space in it, and this
+		 * must not be kerberos escaped to match this filter,
+		 * so we specify KRB5_PRINCIPAL_UNPARSE_DISPLAY
+		 */
+		ret = krb5_unparse_name_flags(smb_krb5_context->krb5_context,
+					      principal,
+					      KRB5_PRINCIPAL_UNPARSE_DISPLAY,
+					      &unparsed_name);
+		if (ret) {
+			krb5_free_principal(smb_krb5_context->krb5_context, principal);
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+
+		krb5_free_principal(smb_krb5_context->krb5_context, principal);
+
+		/* The ldb_binary_encode_string() here avoids LDAP filter injection attacks */
+		unparsed_name_encoded = ldb_binary_encode_string(mem_ctx, unparsed_name);
+		if (unparsed_name_encoded == NULL) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+
+		result_filter = talloc_asprintf(mem_ctx, "(&(userPrincipalName=%s)(objectClass=user))",
+						unparsed_name_encoded);
+
+		free(unparsed_name);
+		W_ERROR_HAVE_NO_MEMORY(result_filter);
+		break;
+	}
+	case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL: {
+		krb5_principal principal;
+		char *unparsed_name_short;
+		const char *unparsed_name_short_encoded = NULL;
+		bool principal_is_host = false;
+
+		ret = smb_krb5_init_context(mem_ctx, 
+					    (struct loadparm_context *)ldb_get_opaque(sam_ctx, "loadparm"), 
+					    &smb_krb5_context);
+
+		if (ret) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+
+		ret = krb5_parse_name(smb_krb5_context->krb5_context, name, &principal);
+		if (ret == 0 &&
+		    krb5_princ_size(smb_krb5_context->krb5_context,
+							principal) < 2) {
+			info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+			krb5_free_principal(smb_krb5_context->krb5_context, principal);
+			return WERR_OK;
+		} else if (ret == 0) {
+			krb5_free_principal(smb_krb5_context->krb5_context, principal);
+		}
+		ret = krb5_parse_name_flags(smb_krb5_context->krb5_context, name, 
+					    KRB5_PRINCIPAL_PARSE_NO_REALM, &principal);
+		if (ret) {
+			return dns_domain_from_principal(mem_ctx, smb_krb5_context,
+							 name, info1);
+		}
+
+		domain_filter = NULL;
+
+		ret = krb5_unparse_name_flags(smb_krb5_context->krb5_context, principal, 
+					      KRB5_PRINCIPAL_UNPARSE_NO_REALM, &unparsed_name_short);
+		if (ret) {
+			krb5_free_principal(smb_krb5_context->krb5_context, principal);
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+
+		unparsed_name_short_encoded = ldb_binary_encode_string(mem_ctx, unparsed_name_short);
+		if (unparsed_name_short_encoded == NULL) {
+			krb5_free_principal(smb_krb5_context->krb5_context, principal);
+			free(unparsed_name_short);
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+
+		if ((krb5_princ_size(smb_krb5_context->krb5_context, principal) == 2)) {
+			krb5_data component;
+
+			ret = smb_krb5_princ_component(smb_krb5_context->krb5_context,
+						       principal, 0, &component);
+			if (ret) {
+				krb5_free_principal(smb_krb5_context->krb5_context, principal);
+				free(unparsed_name_short);
+				return WERR_INTERNAL_ERROR;
+			}
+
+			principal_is_host = strcasecmp(component.data, "host") == 0;
+		}
+
+		if (principal_is_host) {
+			/* the 'cn' attribute is just the leading part of the name */
+			krb5_data component;
+			char *computer_name;
+			const char *computer_name_encoded = NULL;
+			ret = smb_krb5_princ_component(
+				smb_krb5_context->krb5_context,
+				principal, 1, &component);
+			if (ret) {
+				krb5_free_principal(smb_krb5_context->krb5_context, principal);
+				free(unparsed_name_short);
+				return WERR_INTERNAL_ERROR;
+			}
+			computer_name = talloc_strndup(mem_ctx, (char *)component.data,
+							strcspn((char *)component.data, "."));
+			if (computer_name == NULL) {
+				krb5_free_principal(smb_krb5_context->krb5_context, principal);
+				free(unparsed_name_short);
+				return WERR_NOT_ENOUGH_MEMORY;
+			}
+
+			computer_name_encoded = ldb_binary_encode_string(mem_ctx, computer_name);
+			if (computer_name_encoded == NULL) {
+				krb5_free_principal(smb_krb5_context->krb5_context, principal);
+				free(unparsed_name_short);
+				return WERR_NOT_ENOUGH_MEMORY;
+			}
+
+			result_filter = talloc_asprintf(mem_ctx, "(|(&(servicePrincipalName=%s)(objectClass=user))(&(cn=%s)(objectClass=computer)))", 
+							unparsed_name_short_encoded,
+							computer_name_encoded);
+		} else {
+			result_filter = talloc_asprintf(mem_ctx, "(&(servicePrincipalName=%s)(objectClass=user))",
+							unparsed_name_short_encoded);
+		}
+		krb5_free_principal(smb_krb5_context->krb5_context, principal);
+		free(unparsed_name_short);
+		W_ERROR_HAVE_NO_MEMORY(result_filter);
+
+		break;
+	}
+	default: {
+		info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+		return WERR_OK;
+	}
+	}
+
+	if (format_flags & DRSUAPI_DS_NAME_FLAG_SYNTACTICAL_ONLY) {
+		return DsCrackNameOneSyntactical(mem_ctx, format_offered, format_desired,
+						 name_dn, name, info1);
+	}
+
+	return DsCrackNameOneFilter(sam_ctx, mem_ctx, 
+				    smb_krb5_context, 
+				    format_flags, format_offered, format_desired, 
+				    name_dn, name, 
+				    domain_filter, result_filter, 
+				    info1, scope, search_dn);
+}
+
+/* Subcase of CrackNames.  It is possible to translate a LDAP-style DN
+ * (FQDN_1779) into a canonical name without actually searching the
+ * database */
+
+static WERROR DsCrackNameOneSyntactical(TALLOC_CTX *mem_ctx,
+					enum drsuapi_DsNameFormat format_offered,
+					enum drsuapi_DsNameFormat format_desired,
+					struct ldb_dn *name_dn, const char *name, 
+					struct drsuapi_DsNameInfo1 *info1)
+{
+	char *cracked;
+	if (format_offered != DRSUAPI_DS_NAME_FORMAT_FQDN_1779) {
+		info1->status = DRSUAPI_DS_NAME_STATUS_NO_SYNTACTICAL_MAPPING;
+		return WERR_OK;
+	}
+
+	switch (format_desired) {
+	case DRSUAPI_DS_NAME_FORMAT_CANONICAL: 
+		cracked = ldb_dn_canonical_string(mem_ctx, name_dn);
+		break;
+	case DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX:
+		cracked = ldb_dn_canonical_ex_string(mem_ctx, name_dn);
+		break;
+	default:
+		info1->status = DRSUAPI_DS_NAME_STATUS_NO_SYNTACTICAL_MAPPING;
+		return WERR_OK;
+	}
+	info1->status = DRSUAPI_DS_NAME_STATUS_OK;
+	info1->result_name	= cracked;
+	if (!cracked) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	return WERR_OK;	
+}
+
+/* Given a filter for the domain, and one for the result, perform the
+ * ldb search. The format offered and desired flags change the
+ * behaviours, including what attributes to return.
+ *
+ * The smb_krb5_context is required because we use the krb5 libs for principal parsing
+ */
+
+static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
+				   struct smb_krb5_context *smb_krb5_context,
+				   uint32_t format_flags, enum drsuapi_DsNameFormat format_offered,
+				   enum drsuapi_DsNameFormat format_desired,
+				   struct ldb_dn *name_dn, const char *name, 
+				   const char *domain_filter, const char *result_filter, 
+				   struct drsuapi_DsNameInfo1 *info1,
+				   int scope, struct ldb_dn *search_dn)
+{
+	int ldb_ret;
+	struct ldb_result *domain_res = NULL;
+	const char * const *domain_attrs;
+	const char * const *result_attrs;
+	struct ldb_message **result_res = NULL;
+	struct ldb_message *result = NULL;
+	int i;
+	char *p;
+	struct ldb_dn *partitions_basedn = samdb_partitions_dn(sam_ctx, mem_ctx);
+
+	const char * const _domain_attrs_1779[] = { "ncName", "dnsRoot", NULL};
+	const char * const _result_attrs_null[] = { NULL };
+
+	const char * const _domain_attrs_canonical[] = { "ncName", "dnsRoot", NULL};
+	const char * const _result_attrs_canonical[] = { "canonicalName", NULL };
+
+	const char * const _domain_attrs_nt4[] = { "ncName", "dnsRoot", "nETBIOSName", NULL};
+	const char * const _result_attrs_nt4[] = { "sAMAccountName", "objectSid", "objectClass", NULL};
+
+	const char * const _domain_attrs_guid[] = { "ncName", "dnsRoot", NULL};
+	const char * const _result_attrs_guid[] = { "objectGUID", NULL};
+
+	const char * const _domain_attrs_upn[] = { "ncName", "dnsRoot", NULL};
+	const char * const _result_attrs_upn[] = { "userPrincipalName", NULL};
+
+	const char * const _domain_attrs_spn[] = { "ncName", "dnsRoot", NULL};
+	const char * const _result_attrs_spn[] = { "servicePrincipalName", NULL};
+
+	const char * const _domain_attrs_display[] = { "ncName", "dnsRoot", NULL};
+	const char * const _result_attrs_display[] = { "displayName", "samAccountName", NULL};
+
+	const char * const _domain_attrs_sid[] = { "ncName", "dnsRoot", NULL};
+	const char * const _result_attrs_sid[] = { "objectSid", NULL};
+
+	const char * const _domain_attrs_none[] = { "ncName", "dnsRoot" , NULL};
+	const char * const _result_attrs_none[] = { NULL};
+
+	/* here we need to set the attrs lists for domain and result lookups */
+	switch (format_desired) {
+	case DRSUAPI_DS_NAME_FORMAT_FQDN_1779:
+	case DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX:
+		domain_attrs = _domain_attrs_1779;
+		result_attrs = _result_attrs_null;
+		break;
+	case DRSUAPI_DS_NAME_FORMAT_CANONICAL:
+		domain_attrs = _domain_attrs_canonical;
+		result_attrs = _result_attrs_canonical;
+		break;
+	case DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT:
+		domain_attrs = _domain_attrs_nt4;
+		result_attrs = _result_attrs_nt4;
+		break;
+	case DRSUAPI_DS_NAME_FORMAT_GUID:		
+		domain_attrs = _domain_attrs_guid;
+		result_attrs = _result_attrs_guid;
+		break;
+	case DRSUAPI_DS_NAME_FORMAT_DISPLAY:		
+		domain_attrs = _domain_attrs_display;
+		result_attrs = _result_attrs_display;
+		break;
+	case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL:
+		domain_attrs = _domain_attrs_upn;
+		result_attrs = _result_attrs_upn;
+		break;
+	case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL:
+		domain_attrs = _domain_attrs_spn;
+		result_attrs = _result_attrs_spn;
+		break;
+	case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY:
+		domain_attrs = _domain_attrs_sid;
+		result_attrs = _result_attrs_sid;
+		break;
+	default:
+		domain_attrs = _domain_attrs_none;
+		result_attrs = _result_attrs_none;
+		break;
+	}
+
+	if (domain_filter) {
+		/* if we have a domain_filter look it up and set the result_basedn and the dns_domain_name */
+		ldb_ret = ldb_search(sam_ctx, mem_ctx, &domain_res,
+					     partitions_basedn,
+					     LDB_SCOPE_ONELEVEL,
+					     domain_attrs,
+					     "%s", domain_filter);
+
+		if (ldb_ret != LDB_SUCCESS) {
+			DEBUG(2, ("DsCrackNameOneFilter domain ref search failed: %s\n", ldb_errstring(sam_ctx)));
+			info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
+			return WERR_OK;
+		}
+
+		switch (domain_res->count) {
+		case 1:
+			break;
+		case 0:
+			info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+			return WERR_OK;
+		default:
+			info1->status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE;
+			return WERR_OK;
+		}
+
+		info1->dns_domain_name	= ldb_msg_find_attr_as_string(domain_res->msgs[0], "dnsRoot", NULL);
+		W_ERROR_HAVE_NO_MEMORY(info1->dns_domain_name);
+		info1->status		= DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY;
+	} else {
+		info1->dns_domain_name	= NULL;
+		info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
+	}
+
+	if (result_filter) {
+		int ret;
+		struct ldb_result *res;
+		uint32_t dsdb_flags = 0;
+		struct ldb_dn *real_search_dn = NULL;
+		info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+
+		/*
+		 * From 4.1.4.2.11 of MS-DRSR
+		 * if DS_NAME_FLAG_GCVERIFY in flags then
+		 * rt := select all O from all
+		 * where attrValue in GetAttrVals(O, att, false)
+		 * else
+		 * rt := select all O from subtree DefaultNC()
+		 * where attrValue in GetAttrVals(O, att, false)
+		 * endif
+		 * return rt
+		 */
+		if (format_flags & DRSUAPI_DS_NAME_FLAG_GCVERIFY ||
+		    format_offered == DRSUAPI_DS_NAME_FORMAT_GUID)
+		{
+			dsdb_flags = DSDB_SEARCH_SEARCH_ALL_PARTITIONS;
+		} else if (domain_res) {
+			if (!search_dn) {
+				struct ldb_dn *tmp_dn = samdb_result_dn(sam_ctx, mem_ctx, domain_res->msgs[0], "ncName", NULL);
+				real_search_dn = tmp_dn;
+			} else {
+				real_search_dn = search_dn;
+			}
+		} else {
+			real_search_dn = ldb_get_default_basedn(sam_ctx);
+		}
+		if (format_offered == DRSUAPI_DS_NAME_FORMAT_GUID){
+			 dsdb_flags |= DSDB_SEARCH_SHOW_RECYCLED;
+		}
+		/* search with the 'phantom root' flag */
+		ret = dsdb_search(sam_ctx, mem_ctx, &res,
+				  real_search_dn,
+				  scope,
+				  result_attrs,
+				  dsdb_flags,
+				  "%s", result_filter);
+		if (ret != LDB_SUCCESS) {
+			DEBUG(2, ("DsCrackNameOneFilter search from '%s' with flags 0x%08x failed: %s\n",
+				  ldb_dn_get_linearized(real_search_dn),
+				  dsdb_flags,
+				  ldb_errstring(sam_ctx)));
+			info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
+			return WERR_OK;
+		}
+
+		ldb_ret = res->count;
+		result_res = res->msgs;
+	} else if (format_offered == DRSUAPI_DS_NAME_FORMAT_FQDN_1779) {
+		ldb_ret = gendb_search_dn(sam_ctx, mem_ctx, name_dn, &result_res,
+					  result_attrs);
+	} else if (domain_res) {
+		name_dn = samdb_result_dn(sam_ctx, mem_ctx, domain_res->msgs[0], "ncName", NULL);
+		ldb_ret = gendb_search_dn(sam_ctx, mem_ctx, name_dn, &result_res,
+					  result_attrs);
+	} else {
+		/* Can't happen */
+		DEBUG(0, ("LOGIC ERROR: DsCrackNameOneFilter domain ref search not available: This can't happen...\n"));
+		info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
+		return WERR_OK;
+	}
+
+	switch (ldb_ret) {
+	case 1:
+		result = result_res[0];
+		break;
+	case 0:
+		switch (format_offered) {
+		case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL: 
+			return DsCrackNameSPNAlias(sam_ctx, mem_ctx, 
+						   smb_krb5_context, 
+						   format_flags, format_offered, format_desired,
+						   name, info1);
+
+		case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL:
+			return DsCrackNameUPN(sam_ctx, mem_ctx, smb_krb5_context, 
+					      format_flags, format_offered, format_desired,
+					      name, info1);
+		default:
+			break;
+		}
+		info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+		return WERR_OK;
+	case -1:
+		DEBUG(2, ("DsCrackNameOneFilter result search failed: %s\n", ldb_errstring(sam_ctx)));
+		info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
+		return WERR_OK;
+	default:
+		switch (format_offered) {
+		case DRSUAPI_DS_NAME_FORMAT_CANONICAL:
+		case DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX:
+		{
+			const char *canonical_name = NULL; /* Not required, but we get warnings... */
+			/* We may need to manually filter further */
+			for (i = 0; i < ldb_ret; i++) {
+				switch (format_offered) {
+				case DRSUAPI_DS_NAME_FORMAT_CANONICAL:
+					canonical_name = ldb_dn_canonical_string(mem_ctx, result_res[i]->dn);
+					break;
+				case DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX:
+					canonical_name = ldb_dn_canonical_ex_string(mem_ctx, result_res[i]->dn);
+					break;
+				default:
+					break;
+				}
+				if (strcasecmp_m(canonical_name, name) == 0) {
+					result = result_res[i];
+					break;
+				}
+			}
+			if (!result) {
+				info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+				return WERR_OK;
+			}
+		}
+		FALL_THROUGH;
+		default:
+			info1->status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE;
+			return WERR_OK;
+		}
+	}
+
+	info1->dns_domain_name = ldb_dn_canonical_string(mem_ctx, result->dn);
+	W_ERROR_HAVE_NO_MEMORY(info1->dns_domain_name);
+	p = strchr(info1->dns_domain_name, '/');
+	if (p) {
+		p[0] = '\0';
+	}
+
+	/* here we can use result and domain_res[0] */
+	switch (format_desired) {
+	case DRSUAPI_DS_NAME_FORMAT_FQDN_1779: {
+		info1->result_name	= ldb_dn_alloc_linearized(mem_ctx, result->dn);
+		W_ERROR_HAVE_NO_MEMORY(info1->result_name);
+
+		info1->status		= DRSUAPI_DS_NAME_STATUS_OK;
+		return WERR_OK;
+	}
+	case DRSUAPI_DS_NAME_FORMAT_CANONICAL: {
+		info1->result_name	= ldb_msg_find_attr_as_string(result, "canonicalName", NULL);
+		info1->status		= DRSUAPI_DS_NAME_STATUS_OK;
+		return WERR_OK;
+	}
+	case DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX: {
+		/* Not in the virtual ldb attribute */
+		return DsCrackNameOneSyntactical(mem_ctx, 
+						 DRSUAPI_DS_NAME_FORMAT_FQDN_1779, 
+						 DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
+						 result->dn, name, info1);
+	}
+	case DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT: {
+
+		const struct dom_sid *sid = samdb_result_dom_sid(mem_ctx, result, "objectSid");
+		const char *_acc = "", *_dom = "";
+		if (sid == NULL) {
+			info1->status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING;
+			return WERR_OK;
+		}
+
+		if (samdb_find_attribute(sam_ctx, result, "objectClass",
+					 "domain")) {
+			/* This can also find a DomainDNSZones entry,
+			 * but it won't have the SID we just
+			 * checked.  */
+			ldb_ret = ldb_search(sam_ctx, mem_ctx, &domain_res,
+						     partitions_basedn,
+						     LDB_SCOPE_ONELEVEL,
+						     domain_attrs,
+						     "(ncName=%s)", ldb_dn_get_linearized(result->dn));
+
+			if (ldb_ret != LDB_SUCCESS) {
+				DEBUG(2, ("DsCrackNameOneFilter domain ref search failed: %s\n", ldb_errstring(sam_ctx)));
+				info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
+				return WERR_OK;
+			}
+
+			switch (domain_res->count) {
+			case 1:
+				break;
+			case 0:
+				info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+				return WERR_OK;
+			default:
+				info1->status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE;
+				return WERR_OK;
+			}
+			_dom = ldb_msg_find_attr_as_string(domain_res->msgs[0], "nETBIOSName", NULL);
+			W_ERROR_HAVE_NO_MEMORY(_dom);
+		} else {
+			_acc = ldb_msg_find_attr_as_string(result, "sAMAccountName", NULL);
+			if (!_acc) {
+				info1->status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING;
+				return WERR_OK;
+			}
+			if (dom_sid_in_domain(&global_sid_Builtin, sid)) {
+				_dom = "BUILTIN";
+			} else {
+				const char *attrs[] = { NULL };
+				struct ldb_result *domain_res2;
+				struct dom_sid *dom_sid = dom_sid_dup(mem_ctx, sid);
+				if (!dom_sid) {
+					return WERR_OK;
+				}
+				dom_sid->num_auths--;
+				ldb_ret = ldb_search(sam_ctx, mem_ctx, &domain_res,
+							     NULL,
+							     LDB_SCOPE_BASE,
+							     attrs,
+							     "(&(objectSid=%s)(objectClass=domain))", 
+							     ldap_encode_ndr_dom_sid(mem_ctx, dom_sid));
+
+				if (ldb_ret != LDB_SUCCESS) {
+					DEBUG(2, ("DsCrackNameOneFilter domain search failed: %s\n", ldb_errstring(sam_ctx)));
+					info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
+					return WERR_OK;
+				}
+
+				switch (domain_res->count) {
+				case 1:
+					break;
+				case 0:
+					info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+					return WERR_OK;
+				default:
+					info1->status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE;
+					return WERR_OK;
+				}
+
+				ldb_ret = ldb_search(sam_ctx, mem_ctx, &domain_res2,
+							     partitions_basedn,
+							     LDB_SCOPE_ONELEVEL,
+							     domain_attrs,
+							     "(ncName=%s)", ldb_dn_get_linearized(domain_res->msgs[0]->dn));
+
+				if (ldb_ret != LDB_SUCCESS) {
+					DEBUG(2, ("DsCrackNameOneFilter domain ref search failed: %s\n", ldb_errstring(sam_ctx)));
+					info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
+					return WERR_OK;
+				}
+
+				switch (domain_res2->count) {
+				case 1:
+					break;
+				case 0:
+					info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+					return WERR_OK;
+				default:
+					info1->status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE;
+					return WERR_OK;
+				}
+				_dom = ldb_msg_find_attr_as_string(domain_res2->msgs[0], "nETBIOSName", NULL);
+				W_ERROR_HAVE_NO_MEMORY(_dom);
+			}
+		}
+
+		info1->result_name	= talloc_asprintf(mem_ctx, "%s\\%s", _dom, _acc);
+		W_ERROR_HAVE_NO_MEMORY(info1->result_name);
+
+		info1->status		= DRSUAPI_DS_NAME_STATUS_OK;
+		return WERR_OK;
+	}
+	case DRSUAPI_DS_NAME_FORMAT_GUID: {
+		struct GUID guid;
+
+		guid = samdb_result_guid(result, "objectGUID");
+
+		info1->result_name	= GUID_string2(mem_ctx, &guid);
+		W_ERROR_HAVE_NO_MEMORY(info1->result_name);
+
+		info1->status		= DRSUAPI_DS_NAME_STATUS_OK;
+		return WERR_OK;
+	}
+	case DRSUAPI_DS_NAME_FORMAT_DISPLAY: {
+		info1->result_name	= ldb_msg_find_attr_as_string(result, "displayName", NULL);
+		if (!info1->result_name) {
+			info1->result_name	= ldb_msg_find_attr_as_string(result, "sAMAccountName", NULL);
+		} 
+		if (!info1->result_name) {
+			info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+		} else {
+			info1->status = DRSUAPI_DS_NAME_STATUS_OK;
+		}
+		return WERR_OK;
+	}
+	case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL: {
+		struct ldb_message_element *el
+			= ldb_msg_find_element(result,
+					       "servicePrincipalName");
+		if (el == NULL) {
+			info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+			return WERR_OK;
+		} else if (el->num_values > 1) {
+			info1->status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE;
+			return WERR_OK;
+		}
+
+		info1->result_name = ldb_msg_find_attr_as_string(result, "servicePrincipalName", NULL);
+		if (!info1->result_name) {
+			info1->status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING;
+		} else {
+			info1->status = DRSUAPI_DS_NAME_STATUS_OK;
+		}
+		return WERR_OK;
+	}
+	case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN:	{
+		info1->dns_domain_name = NULL;
+		info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
+		return WERR_OK;
+	}
+	case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY: {
+		const struct dom_sid *sid = samdb_result_dom_sid(mem_ctx, result, "objectSid");
+
+		if (sid == NULL) {
+			info1->status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING;
+			return WERR_OK;
+		}
+
+		info1->result_name = dom_sid_string(mem_ctx, sid);
+		W_ERROR_HAVE_NO_MEMORY(info1->result_name);
+
+		info1->status = DRSUAPI_DS_NAME_STATUS_OK;
+		return WERR_OK;
+	}
+	case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL: {
+		info1->result_name = ldb_msg_find_attr_as_string(result, "userPrincipalName", NULL);
+		if (!info1->result_name) {
+			info1->status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING;
+		} else {
+			info1->status = DRSUAPI_DS_NAME_STATUS_OK;
+		}
+		return WERR_OK;
+	}
+	default:
+		info1->status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING;
+		return WERR_OK;
+	}
+}
+
+/* Given a user Principal Name (such as foo@bar.com),
+ * return the user and domain DNs.  This is used in the KDC to then
+ * return the Keys and evaluate policy */
+
+NTSTATUS crack_user_principal_name(struct ldb_context *sam_ctx, 
+				   TALLOC_CTX *mem_ctx, 
+				   const char *user_principal_name, 
+				   struct ldb_dn **user_dn,
+				   struct ldb_dn **domain_dn) 
+{
+	WERROR werr;
+	struct drsuapi_DsNameInfo1 info1;
+	werr = DsCrackNameOneName(sam_ctx, mem_ctx, 0,
+				  DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
+				  DRSUAPI_DS_NAME_FORMAT_FQDN_1779, 
+				  user_principal_name,
+				  &info1);
+	if (!W_ERROR_IS_OK(werr)) {
+		return werror_to_ntstatus(werr);
+	}
+	switch (info1.status) {
+	case DRSUAPI_DS_NAME_STATUS_OK:
+		break;
+	case DRSUAPI_DS_NAME_STATUS_NOT_FOUND:
+	case DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY:
+	case DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE:
+		return NT_STATUS_NO_SUCH_USER;
+	case DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR:
+	default:
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	*user_dn = ldb_dn_new(mem_ctx, sam_ctx, info1.result_name);
+
+	if (domain_dn) {
+		werr = DsCrackNameOneName(sam_ctx, mem_ctx, 0,
+					  DRSUAPI_DS_NAME_FORMAT_CANONICAL,
+					  DRSUAPI_DS_NAME_FORMAT_FQDN_1779, 
+					  talloc_asprintf(mem_ctx, "%s/", 
+							  info1.dns_domain_name),
+					  &info1);
+		if (!W_ERROR_IS_OK(werr)) {
+			return werror_to_ntstatus(werr);
+		}
+		switch (info1.status) {
+		case DRSUAPI_DS_NAME_STATUS_OK:
+			break;
+		case DRSUAPI_DS_NAME_STATUS_NOT_FOUND:
+		case DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY:
+		case DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE:
+			return NT_STATUS_NO_SUCH_USER;
+		case DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR:
+		default:
+			return NT_STATUS_UNSUCCESSFUL;
+		}
+
+		*domain_dn = ldb_dn_new(mem_ctx, sam_ctx, info1.result_name);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/* Given a Service Principal Name (such as host/foo.bar.com@BAR.COM),
+ * return the user and domain DNs.  This is used in the KDC to then
+ * return the Keys and evaluate policy */
+
+NTSTATUS crack_service_principal_name(struct ldb_context *sam_ctx, 
+				      TALLOC_CTX *mem_ctx, 
+				      const char *service_principal_name, 
+				      struct ldb_dn **user_dn,
+				      struct ldb_dn **domain_dn) 
+{
+	WERROR werr;
+	struct drsuapi_DsNameInfo1 info1;
+	werr = DsCrackNameOneName(sam_ctx, mem_ctx, 0,
+				  DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
+				  DRSUAPI_DS_NAME_FORMAT_FQDN_1779, 
+				  service_principal_name,
+				  &info1);
+	if (!W_ERROR_IS_OK(werr)) {
+		return werror_to_ntstatus(werr);
+	}
+	switch (info1.status) {
+	case DRSUAPI_DS_NAME_STATUS_OK:
+		break;
+	case DRSUAPI_DS_NAME_STATUS_NOT_FOUND:
+	case DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY:
+	case DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE:
+		return NT_STATUS_NO_SUCH_USER;
+	case DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR:
+	default:
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	*user_dn = ldb_dn_new(mem_ctx, sam_ctx, info1.result_name);
+
+	if (domain_dn) {
+		werr = DsCrackNameOneName(sam_ctx, mem_ctx, 0,
+					  DRSUAPI_DS_NAME_FORMAT_CANONICAL,
+					  DRSUAPI_DS_NAME_FORMAT_FQDN_1779, 
+					  talloc_asprintf(mem_ctx, "%s/", 
+							  info1.dns_domain_name),
+					  &info1);
+		if (!W_ERROR_IS_OK(werr)) {
+			return werror_to_ntstatus(werr);
+		}
+		switch (info1.status) {
+		case DRSUAPI_DS_NAME_STATUS_OK:
+			break;
+		case DRSUAPI_DS_NAME_STATUS_NOT_FOUND:
+		case DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY:
+		case DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE:
+			return NT_STATUS_NO_SUCH_USER;
+		case DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR:
+		default:
+			return NT_STATUS_UNSUCCESSFUL;
+		}
+
+		*domain_dn = ldb_dn_new(mem_ctx, sam_ctx, info1.result_name);
+	}
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS crack_name_to_nt4_name(TALLOC_CTX *mem_ctx, 
+				struct ldb_context *ldb,
+				enum drsuapi_DsNameFormat format_offered,
+				const char *name, 
+				const char **nt4_domain, const char **nt4_account)
+{
+	WERROR werr;
+	struct drsuapi_DsNameInfo1 info1;
+	char *p;
+
+	/* Handle anonymous bind */
+	if (!name || !*name) {
+		*nt4_domain = "";
+		*nt4_account = "";
+		return NT_STATUS_OK;
+	}
+
+	werr = DsCrackNameOneName(ldb, mem_ctx, 0,
+				  format_offered, 
+				  DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
+				  name,
+				  &info1);
+	if (!W_ERROR_IS_OK(werr)) {
+		return werror_to_ntstatus(werr);
+	}
+	switch (info1.status) {
+	case DRSUAPI_DS_NAME_STATUS_OK:
+		break;
+	case DRSUAPI_DS_NAME_STATUS_NOT_FOUND:
+	case DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY:
+	case DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE:
+		return NT_STATUS_NO_SUCH_USER;
+	case DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR:
+	default:
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	*nt4_domain = talloc_strdup(mem_ctx, info1.result_name);
+	if (*nt4_domain == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	p = strchr(*nt4_domain, '\\');
+	if (!p) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+	p[0] = '\0';
+
+	*nt4_account = talloc_strdup(mem_ctx, &p[1]);
+	if (*nt4_account == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS crack_auto_name_to_nt4_name(TALLOC_CTX *mem_ctx,
+				     struct ldb_context *ldb,
+				     const char *name,
+				     const char **nt4_domain,
+				     const char **nt4_account)
+{
+	enum drsuapi_DsNameFormat format_offered = DRSUAPI_DS_NAME_FORMAT_UNKNOWN;
+
+	/* Handle anonymous bind */
+	if (!name || !*name) {
+		*nt4_domain = "";
+		*nt4_account = "";
+		return NT_STATUS_OK;
+	}
+
+	/*
+	 * Here we only consider a subset of the possible name forms listed in
+	 * [MS-ADTS] 5.1.1.1.1, and we don't retry with a different name form if
+	 * the first attempt fails.
+	 */
+
+	if (strchr_m(name, '=')) {
+		format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
+	} else if (strchr_m(name, '@')) {
+		format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL;
+	} else if (strchr_m(name, '\\')) {
+		format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
+	} else if (strchr_m(name, '\n')) {
+		format_offered = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX;
+	} else if (strchr_m(name, '/')) {
+		format_offered = DRSUAPI_DS_NAME_FORMAT_CANONICAL;
+	} else if ((name[0] == 'S' || name[0] == 's') && name[1] == '-') {
+		format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY;
+	} else {
+		return NT_STATUS_NO_SUCH_USER;
+	}
+
+	return crack_name_to_nt4_name(mem_ctx, ldb, format_offered, name, nt4_domain, nt4_account);
+}
+
+
+WERROR dcesrv_drsuapi_ListRoles(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
+				const struct drsuapi_DsNameRequest1 *req1,
+				struct drsuapi_DsNameCtr1 **ctr1)
+{
+	struct drsuapi_DsNameInfo1 *names;
+	uint32_t i;
+	uint32_t count = 5;/*number of fsmo role owners we are going to return*/
+
+	*ctr1 = talloc(mem_ctx, struct drsuapi_DsNameCtr1);
+	W_ERROR_HAVE_NO_MEMORY(*ctr1);
+	names = talloc_array(mem_ctx, struct drsuapi_DsNameInfo1, count);
+	W_ERROR_HAVE_NO_MEMORY(names);
+
+	for (i = 0; i < count; i++) {
+		WERROR werr;
+		struct ldb_dn *role_owner_dn, *fsmo_role_dn, *server_dn;
+		werr = dsdb_get_fsmo_role_info(mem_ctx, sam_ctx, i,
+					       &fsmo_role_dn, &role_owner_dn);
+		if(!W_ERROR_IS_OK(werr)) {
+			return werr;
+		}
+		server_dn = ldb_dn_copy(mem_ctx, role_owner_dn);
+		ldb_dn_remove_child_components(server_dn, 1);
+		names[i].status = DRSUAPI_DS_NAME_STATUS_OK;
+		names[i].dns_domain_name = samdb_dn_to_dnshostname(sam_ctx, mem_ctx,
+								   server_dn);
+		if(!names[i].dns_domain_name) {
+			DEBUG(4, ("list_roles: Failed to find dNSHostName for server %s\n",
+				  ldb_dn_get_linearized(server_dn)));
+		}
+		names[i].result_name = talloc_strdup(mem_ctx, ldb_dn_get_linearized(role_owner_dn));
+	}
+
+	(*ctr1)->count = count;
+	(*ctr1)->array = names;
+
+	return WERR_OK;
+}
+
+WERROR dcesrv_drsuapi_CrackNamesByNameFormat(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
+					     const struct drsuapi_DsNameRequest1 *req1,
+					     struct drsuapi_DsNameCtr1 **ctr1)
+{
+	struct drsuapi_DsNameInfo1 *names;
+	uint32_t i, count;
+	WERROR status;
+
+	*ctr1 = talloc_zero(mem_ctx, struct drsuapi_DsNameCtr1);
+	W_ERROR_HAVE_NO_MEMORY(*ctr1);
+
+	count = req1->count;
+	names = talloc_array(mem_ctx, struct drsuapi_DsNameInfo1, count);
+	W_ERROR_HAVE_NO_MEMORY(names);
+
+	for (i=0; i < count; i++) {
+		status = DsCrackNameOneName(sam_ctx, mem_ctx,
+					    req1->format_flags,
+					    req1->format_offered,
+					    req1->format_desired,
+					    req1->names[i].str,
+					    &names[i]);
+		if (!W_ERROR_IS_OK(status)) {
+			return status;
+		}
+	}
+
+	(*ctr1)->count = count;
+	(*ctr1)->array = names;
+
+	return WERR_OK;
+}
+
+WERROR dcesrv_drsuapi_ListInfoServer(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
+				     const struct drsuapi_DsNameRequest1 *req1,
+				     struct drsuapi_DsNameCtr1 **_ctr1)
+{
+	struct drsuapi_DsNameInfo1 *names;
+	struct ldb_result *res;
+	struct ldb_dn *server_dn, *dn;
+	struct drsuapi_DsNameCtr1 *ctr1;
+	int ret, i;
+	const char *str;
+	const char *attrs[] = {
+		"dNSHostName",
+		"serverReference",
+		NULL
+	};
+
+	*_ctr1 = NULL;
+
+	ctr1 = talloc_zero(mem_ctx, struct drsuapi_DsNameCtr1);
+	W_ERROR_HAVE_NO_MEMORY(ctr1);
+
+	/*
+	 * No magic value here, we have to return 3 entries according to the
+	 * MS-DRSR.pdf
+	 */
+	ctr1->count = 3;
+	names = talloc_zero_array(ctr1, struct drsuapi_DsNameInfo1,
+				  ctr1->count);
+	W_ERROR_HAVE_NO_MEMORY(names);
+	ctr1->array = names;
+
+	for (i=0; i < ctr1->count; i++) {
+		names[i].status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+	}
+	*_ctr1 = ctr1;
+
+	if (req1->count != 1) {
+		DEBUG(1, ("Expected a count of 1 for the ListInfoServer crackname \n"));
+		return WERR_OK;
+	}
+
+	if (req1->names[0].str == NULL) {
+		return WERR_OK;
+	}
+
+	server_dn = ldb_dn_new(mem_ctx, sam_ctx, req1->names[0].str);
+	W_ERROR_HAVE_NO_MEMORY(server_dn);
+
+	ret = ldb_search(sam_ctx, mem_ctx, &res, server_dn, LDB_SCOPE_ONELEVEL,
+			 NULL, "(objectClass=nTDSDSA)");
+
+	if (ret != LDB_SUCCESS) {
+		DEBUG(1, ("Search for objectClass=nTDSDSA "
+			  "returned less than 1 objects\n"));
+		return WERR_OK;
+	}
+
+	if (res->count != 1) {
+		DEBUG(1, ("Search for objectClass=nTDSDSA "
+			  "returned less than 1 objects\n"));
+		return WERR_OK;
+	}
+
+	if (res->msgs[0]->dn) {
+		names[0].result_name = ldb_dn_alloc_linearized(names, res->msgs[0]->dn);
+		W_ERROR_HAVE_NO_MEMORY(names[0].result_name);
+		names[0].status = DRSUAPI_DS_NAME_STATUS_OK;
+	}
+
+	talloc_free(res);
+
+	ret = ldb_search(sam_ctx, mem_ctx, &res, server_dn, LDB_SCOPE_BASE,
+			 attrs, "(objectClass=*)");
+	if (ret != LDB_SUCCESS) {
+		DEBUG(1, ("Search for objectClass=* on dn %s"
+			  "returned %s\n", req1->names[0].str,
+			  ldb_strerror(ret)));
+		return WERR_OK;
+	}
+
+	if (res->count != 1) {
+		DEBUG(1, ("Search for objectClass=* on dn %s"
+			  "returned less than 1 objects\n", req1->names[0].str));
+		return WERR_OK;
+	}
+
+	str = ldb_msg_find_attr_as_string(res->msgs[0], "dNSHostName", NULL);
+	if (str != NULL) {
+		names[1].result_name = talloc_strdup(names, str);
+		W_ERROR_HAVE_NO_MEMORY(names[1].result_name);
+		names[1].status = DRSUAPI_DS_NAME_STATUS_OK;
+	}
+
+	dn = ldb_msg_find_attr_as_dn(sam_ctx, mem_ctx, res->msgs[0], "serverReference");
+	if (dn != NULL) {
+		names[2].result_name = ldb_dn_alloc_linearized(names, dn);
+		W_ERROR_HAVE_NO_MEMORY(names[2].result_name);
+		names[2].status = DRSUAPI_DS_NAME_STATUS_OK;
+	}
+
+	talloc_free(dn);
+	talloc_free(res);
+
+	return WERR_OK;
+}
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
new file mode 100644
index 0000000..b8ee21b
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -0,0 +1,2892 @@
+/*
+  ldb database library
+
+  Copyright (C) Simo Sorce 2006-2008
+  Copyright (C) Nadezhda Ivanova 2009
+  Copyright (C) Anatoliy Atanasov  2009
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 3 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: ldb
+ *
+ *  Component: ldb ACL module
+ *
+ *  Description: Module that performs authorisation access checks based on the
+ *               account's security context and the DACL of the object being polled.
+ *               Only DACL checks implemented at this point
+ *
+ *  Authors: Nadezhda Ivanova, Anatoliy Atanasov
+ */
+
+#include "includes.h"
+#include "ldb_module.h"
+#include "auth/auth.h"
+#include "libcli/security/security.h"
+#include "dsdb/samdb/samdb.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "param/param.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+#include "lib/util/tsort.h"
+#include "system/kerberos.h"
+#include "auth/kerberos/kerberos.h"
+
+#undef strcasecmp
+#undef strncasecmp
+
+struct acl_private {
+	bool acl_search;
+	const char **password_attrs;
+	void *cached_schema_ptr;
+	uint64_t cached_schema_metadata_usn;
+	uint64_t cached_schema_loaded_usn;
+	const char **confidential_attrs;
+};
+
+struct acl_context {
+	struct ldb_module *module;
+	struct ldb_request *req;
+	bool am_system;
+	bool am_administrator;
+	bool constructed_attrs;
+	bool allowedAttributes;
+	bool allowedAttributesEffective;
+	bool allowedChildClasses;
+	bool allowedChildClassesEffective;
+	bool sDRightsEffective;
+	struct dsdb_schema *schema;
+};
+
+static int acl_module_init(struct ldb_module *module)
+{
+	struct ldb_context *ldb;
+	struct acl_private *data;
+	int ret;
+
+	ldb = ldb_module_get_ctx(module);
+
+	data = talloc_zero(module, struct acl_private);
+	if (data == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	data->acl_search = lpcfg_parm_bool(ldb_get_opaque(ldb, "loadparm"),
+					NULL, "acl", "search", true);
+	ldb_module_set_private(module, data);
+
+	ret = ldb_mod_register_control(module, LDB_CONTROL_SD_FLAGS_OID);
+	if (ret != LDB_SUCCESS) {
+		ldb_debug(ldb, LDB_DEBUG_ERROR,
+			  "acl_module_init: Unable to register control with rootdse!\n");
+		return ldb_operr(ldb);
+	}
+
+	return ldb_next_init(module);
+}
+
+static int acl_allowedAttributes(struct ldb_module *module,
+				 const struct dsdb_schema *schema,
+				 struct ldb_message *sd_msg,
+				 struct ldb_message *msg,
+				 struct acl_context *ac)
+{
+	struct ldb_message_element *oc_el;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	TALLOC_CTX *mem_ctx;
+	const char **attr_list;
+	int i, ret;
+	const struct dsdb_class *objectclass;
+
+	/* If we don't have a schema yet, we can't do anything... */
+	if (schema == NULL) {
+		ldb_asprintf_errstring(ldb, "cannot add allowedAttributes to %s because no schema is loaded", ldb_dn_get_linearized(msg->dn));
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	/* Must remove any existing attribute */
+	if (ac->allowedAttributes) {
+		ldb_msg_remove_attr(msg, "allowedAttributes");
+	}
+
+	mem_ctx = talloc_new(msg);
+	if (!mem_ctx) {
+		return ldb_oom(ldb);
+	}
+
+	oc_el = ldb_msg_find_element(sd_msg, "objectClass");
+	attr_list = dsdb_full_attribute_list(mem_ctx, schema, oc_el, DSDB_SCHEMA_ALL);
+	if (!attr_list) {
+		ldb_asprintf_errstring(ldb, "acl: Failed to get list of attributes");
+		talloc_free(mem_ctx);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	/*
+	 * Get the top-most structural object class for the ACL check
+	 */
+	objectclass = dsdb_get_last_structural_class(ac->schema,
+						     oc_el);
+	if (objectclass == NULL) {
+		ldb_asprintf_errstring(ldb, "acl_read: Failed to find a structural class for %s",
+				       ldb_dn_get_linearized(sd_msg->dn));
+		talloc_free(mem_ctx);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	if (ac->allowedAttributes) {
+		for (i=0; attr_list && attr_list[i]; i++) {
+			ldb_msg_add_string(msg, "allowedAttributes", attr_list[i]);
+		}
+	}
+	if (ac->allowedAttributesEffective) {
+		struct security_descriptor *sd;
+		struct dom_sid *sid = NULL;
+		struct ldb_control *as_system = ldb_request_get_control(ac->req,
+									LDB_CONTROL_AS_SYSTEM_OID);
+
+		if (as_system != NULL) {
+			as_system->critical = 0;
+		}
+
+		ldb_msg_remove_attr(msg, "allowedAttributesEffective");
+		if (ac->am_system || as_system) {
+			for (i=0; attr_list && attr_list[i]; i++) {
+				ldb_msg_add_string(msg, "allowedAttributesEffective", attr_list[i]);
+			}
+			return LDB_SUCCESS;
+		}
+
+		ret = dsdb_get_sd_from_ldb_message(ldb_module_get_ctx(module), mem_ctx, sd_msg, &sd);
+
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		sid = samdb_result_dom_sid(mem_ctx, sd_msg, "objectSid");
+		for (i=0; attr_list && attr_list[i]; i++) {
+			const struct dsdb_attribute *attr = dsdb_attribute_by_lDAPDisplayName(schema,
+											attr_list[i]);
+			if (!attr) {
+				return ldb_operr(ldb);
+			}
+			/* remove constructed attributes */
+			if (attr->systemFlags & DS_FLAG_ATTR_IS_CONSTRUCTED
+			    || attr->systemOnly
+			    || (attr->linkID != 0 && attr->linkID % 2 != 0 )) {
+				continue;
+			}
+			ret = acl_check_access_on_attribute(module,
+							    msg,
+							    sd,
+							    sid,
+							    SEC_ADS_WRITE_PROP,
+							    attr,
+							    objectclass);
+			if (ret == LDB_SUCCESS) {
+				ldb_msg_add_string(msg, "allowedAttributesEffective", attr_list[i]);
+			}
+		}
+	}
+	return LDB_SUCCESS;
+}
+
+static int acl_childClasses(struct ldb_module *module,
+			    const struct dsdb_schema *schema,
+			    struct ldb_message *sd_msg,
+			    struct ldb_message *msg,
+			    const char *attrName)
+{
+	struct ldb_message_element *oc_el;
+	struct ldb_message_element *allowedClasses;
+	const struct dsdb_class *sclass;
+	unsigned int i, j;
+	int ret;
+
+	/* If we don't have a schema yet, we can't do anything... */
+	if (schema == NULL) {
+		ldb_asprintf_errstring(ldb_module_get_ctx(module), "cannot add childClassesEffective to %s because no schema is loaded", ldb_dn_get_linearized(msg->dn));
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	/* Must remove any existing attribute, or else confusion reigns */
+	ldb_msg_remove_attr(msg, attrName);
+	ret = ldb_msg_add_empty(msg, attrName, 0, &allowedClasses);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	oc_el = ldb_msg_find_element(sd_msg, "objectClass");
+
+	for (i=0; oc_el && i < oc_el->num_values; i++) {
+		sclass = dsdb_class_by_lDAPDisplayName_ldb_val(schema, &oc_el->values[i]);
+		if (!sclass) {
+			/* We don't know this class?  what is going on? */
+			continue;
+		}
+
+		for (j=0; sclass->possibleInferiors && sclass->possibleInferiors[j]; j++) {
+			ldb_msg_add_string(msg, attrName, sclass->possibleInferiors[j]);
+		}
+	}
+	if (allowedClasses->num_values > 1) {
+		TYPESAFE_QSORT(allowedClasses->values, allowedClasses->num_values, data_blob_cmp);
+		for (i=1 ; i < allowedClasses->num_values; i++) {
+			struct ldb_val *val1 = &allowedClasses->values[i-1];
+			struct ldb_val *val2 = &allowedClasses->values[i];
+			if (data_blob_cmp(val1, val2) == 0) {
+				memmove(val1, val2, (allowedClasses->num_values - i) * sizeof(struct ldb_val));
+				allowedClasses->num_values--;
+				i--;
+			}
+		}
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int acl_childClassesEffective(struct ldb_module *module,
+				     const struct dsdb_schema *schema,
+				     struct ldb_message *sd_msg,
+				     struct ldb_message *msg,
+				     struct acl_context *ac)
+{
+	struct ldb_message_element *oc_el;
+	struct ldb_message_element *allowedClasses = NULL;
+	const struct dsdb_class *sclass;
+	struct security_descriptor *sd;
+	struct ldb_control *as_system = ldb_request_get_control(ac->req,
+								LDB_CONTROL_AS_SYSTEM_OID);
+	struct dom_sid *sid = NULL;
+	unsigned int i, j;
+	int ret;
+
+	if (as_system != NULL) {
+		as_system->critical = 0;
+	}
+
+	if (ac->am_system || as_system) {
+		return acl_childClasses(module, schema, sd_msg, msg, "allowedChildClassesEffective");
+	}
+
+	/* If we don't have a schema yet, we can't do anything... */
+	if (schema == NULL) {
+		ldb_asprintf_errstring(ldb_module_get_ctx(module), "cannot add allowedChildClassesEffective to %s because no schema is loaded", ldb_dn_get_linearized(msg->dn));
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	/* Must remove any existing attribute, or else confusion reigns */
+	ldb_msg_remove_attr(msg, "allowedChildClassesEffective");
+
+	oc_el = ldb_msg_find_element(sd_msg, "objectClass");
+	ret = dsdb_get_sd_from_ldb_message(ldb_module_get_ctx(module), msg, sd_msg, &sd);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	sid = samdb_result_dom_sid(msg, sd_msg, "objectSid");
+	for (i=0; oc_el && i < oc_el->num_values; i++) {
+		sclass = dsdb_class_by_lDAPDisplayName_ldb_val(schema, &oc_el->values[i]);
+		if (!sclass) {
+			/* We don't know this class?  what is going on? */
+			continue;
+		}
+
+		for (j=0; sclass->possibleInferiors && sclass->possibleInferiors[j]; j++) {
+			const struct dsdb_class *sc;
+
+			sc = dsdb_class_by_lDAPDisplayName(schema,
+							   sclass->possibleInferiors[j]);
+			if (!sc) {
+				/* We don't know this class?  what is going on? */
+				continue;
+			}
+
+			ret = acl_check_access_on_objectclass(module, ac,
+							      sd, sid,
+							      SEC_ADS_CREATE_CHILD,
+							      sc);
+			if (ret == LDB_SUCCESS) {
+				ldb_msg_add_string(msg, "allowedChildClassesEffective",
+						   sclass->possibleInferiors[j]);
+			}
+		}
+	}
+	allowedClasses = ldb_msg_find_element(msg, "allowedChildClassesEffective");
+	if (!allowedClasses) {
+		return LDB_SUCCESS;
+	}
+
+	if (allowedClasses->num_values > 1) {
+		TYPESAFE_QSORT(allowedClasses->values, allowedClasses->num_values, data_blob_cmp);
+		for (i=1 ; i < allowedClasses->num_values; i++) {
+			struct ldb_val *val1 = &allowedClasses->values[i-1];
+			struct ldb_val *val2 = &allowedClasses->values[i];
+			if (data_blob_cmp(val1, val2) == 0) {
+				memmove(val1, val2, (allowedClasses->num_values - i) * sizeof( struct ldb_val));
+				allowedClasses->num_values--;
+				i--;
+			}
+		}
+	}
+	return LDB_SUCCESS;
+}
+
+static int acl_sDRightsEffective(struct ldb_module *module,
+				 struct ldb_message *sd_msg,
+				 struct ldb_message *msg,
+				 struct acl_context *ac)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct ldb_message_element *rightsEffective;
+	int ret;
+	struct security_descriptor *sd;
+	struct ldb_control *as_system = ldb_request_get_control(ac->req,
+								LDB_CONTROL_AS_SYSTEM_OID);
+	struct dom_sid *sid = NULL;
+	uint32_t flags = 0;
+
+	if (as_system != NULL) {
+		as_system->critical = 0;
+	}
+
+	/* Must remove any existing attribute, or else confusion reigns */
+	ldb_msg_remove_attr(msg, "sDRightsEffective");
+	ret = ldb_msg_add_empty(msg, "sDRightsEffective", 0, &rightsEffective);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	if (ac->am_system || as_system) {
+		flags = SECINFO_OWNER | SECINFO_GROUP |  SECINFO_SACL |  SECINFO_DACL;
+	} else {
+		const struct dsdb_class *objectclass;
+		const struct dsdb_attribute *attr;
+
+		objectclass = dsdb_get_structural_oc_from_msg(ac->schema, sd_msg);
+		if (objectclass == NULL) {
+			return ldb_operr(ldb);
+		}
+
+		attr = dsdb_attribute_by_lDAPDisplayName(ac->schema,
+							 "nTSecurityDescriptor");
+		if (attr == NULL) {
+			return ldb_operr(ldb);
+		}
+
+		/* Get the security descriptor from the message */
+		ret = dsdb_get_sd_from_ldb_message(ldb, msg, sd_msg, &sd);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+		sid = samdb_result_dom_sid(msg, sd_msg, "objectSid");
+		ret = acl_check_access_on_attribute(module,
+						    msg,
+						    sd,
+						    sid,
+						    SEC_STD_WRITE_OWNER,
+						    attr,
+						    objectclass);
+		if (ret == LDB_SUCCESS) {
+			flags |= SECINFO_OWNER | SECINFO_GROUP;
+		}
+
+		/*
+		 * This call is made with
+		 * IMPLICIT_OWNER_READ_CONTROL_AND_WRITE_DAC_RIGHTS
+		 * and without reference to the dSHeuristics via
+		 * dsdb_block_owner_implicit_rights().  This is
+		 * probably a Windows bug but for now we match
+		 * exactly.
+		 */
+		ret = acl_check_access_on_attribute_implicit_owner(
+			module,
+			msg,
+			sd,
+			sid,
+			SEC_STD_WRITE_DAC,
+			attr,
+			objectclass,
+			IMPLICIT_OWNER_READ_CONTROL_AND_WRITE_DAC_RIGHTS);
+		if (ret == LDB_SUCCESS) {
+			flags |= SECINFO_DACL;
+		}
+		ret = acl_check_access_on_attribute(module,
+						    msg,
+						    sd,
+						    sid,
+						    SEC_FLAG_SYSTEM_SECURITY,
+						    attr,
+						    objectclass);
+		if (ret == LDB_SUCCESS) {
+			flags |= SECINFO_SACL;
+		}
+	}
+
+	if (flags != (SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL | SECINFO_SACL)) {
+		const struct ldb_message_element *el = samdb_find_attribute(ldb,
+									    sd_msg,
+									    "objectclass",
+									    "computer");
+		if (el != NULL) {
+			return LDB_SUCCESS;
+		}
+	}
+
+	return samdb_msg_add_uint(ldb_module_get_ctx(module), msg, msg,
+				  "sDRightsEffective", flags);
+}
+
+static int acl_validate_spn_value(TALLOC_CTX *mem_ctx,
+				  struct ldb_context *ldb,
+				  const struct ldb_val *spn_value,
+				  uint32_t userAccountControl,
+				  const struct ldb_val *samAccountName,
+				  const struct ldb_val *dnsHostName,
+				  const char *netbios_name,
+				  const char *ntds_guid)
+{
+	krb5_error_code ret, princ_size;
+	krb5_context krb_ctx;
+	krb5_error_code kerr;
+	krb5_principal principal;
+	char *instanceName = NULL;
+	char *serviceType = NULL;
+	char *serviceName = NULL;
+	const char *spn_value_str = NULL;
+	size_t account_name_len;
+	const char *forest_name = samdb_forest_name(ldb, mem_ctx);
+	const char *base_domain = samdb_default_domain_name(ldb, mem_ctx);
+	struct loadparm_context *lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"),
+							  struct loadparm_context);
+	bool is_dc = (userAccountControl & UF_SERVER_TRUST_ACCOUNT) ||
+		(userAccountControl & UF_PARTIAL_SECRETS_ACCOUNT);
+
+	spn_value_str = talloc_strndup(mem_ctx,
+				       (const char *)spn_value->data,
+				       spn_value->length);
+	if (spn_value_str == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	if (spn_value->length == samAccountName->length &&
+	    strncasecmp((const char *)spn_value->data,
+			(const char *)samAccountName->data,
+			spn_value->length) == 0)
+	{
+		/* MacOS X sets this value, and setting an SPN of your
+		 * own samAccountName is both pointless and safe */
+		return LDB_SUCCESS;
+	}
+
+	kerr = smb_krb5_init_context_basic(mem_ctx,
+					   lp_ctx,
+					   &krb_ctx);
+	if (kerr != 0) {
+		return ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR,
+				 "Could not initialize kerberos context.");
+	}
+
+	ret = krb5_parse_name(krb_ctx, spn_value_str, &principal);
+	if (ret) {
+		krb5_free_context(krb_ctx);
+		return LDB_ERR_CONSTRAINT_VIOLATION;
+	}
+
+	princ_size = krb5_princ_size(krb_ctx, principal);
+	if (princ_size < 2) {
+		DBG_WARNING("princ_size=%d\n", princ_size);
+		goto fail;
+	}
+
+	ret = smb_krb5_principal_get_comp_string(mem_ctx, krb_ctx,
+							  principal, 1, &instanceName);
+	if (ret) {
+		goto fail;
+	}
+	ret = smb_krb5_principal_get_comp_string(mem_ctx, krb_ctx,
+						 principal, 0, &serviceType);
+	if (ret) {
+		goto fail;
+	}
+	if (krb5_princ_size(krb_ctx, principal) == 3) {
+		ret = smb_krb5_principal_get_comp_string(mem_ctx, krb_ctx,
+							 principal, 2, &serviceName);
+		if (ret) {
+			goto fail;
+		}
+	}
+
+	if (serviceName) {
+		if (!is_dc) {
+			DBG_WARNING("is_dc=false, serviceName=%s,"
+				    "serviceType=%s\n", serviceName,
+				  serviceType);
+			goto fail;
+		}
+		if (strcasecmp(serviceType, "ldap") == 0) {
+			if (strcasecmp(serviceName, netbios_name) != 0 &&
+			    strcasecmp(serviceName, forest_name) != 0) {
+				DBG_WARNING("serviceName=%s\n", serviceName);
+				goto fail;
+			}
+
+		} else if (strcasecmp(serviceType, "gc") == 0) {
+			if (strcasecmp(serviceName, forest_name) != 0) {
+				DBG_WARNING("serviceName=%s\n", serviceName);
+				goto fail;
+			}
+		} else {
+			if (strcasecmp(serviceName, base_domain) != 0 &&
+			    strcasecmp(serviceName, netbios_name) != 0) {
+				DBG_WARNING("serviceType=%s, "
+					    "serviceName=%s\n",
+					    serviceType, serviceName);
+				goto fail;
+			}
+		}
+	}
+
+	account_name_len = samAccountName->length;
+	if (account_name_len &&
+	    samAccountName->data[account_name_len - 1] == '$')
+	{
+		/* Account for the '$' character. */
+		--account_name_len;
+	}
+
+	/* instanceName can be samAccountName without $ or dnsHostName
+	 * or "ntds_guid._msdcs.forest_domain for DC objects */
+	if (strlen(instanceName) == account_name_len
+	    && strncasecmp(instanceName,
+			   (const char *)samAccountName->data,
+			   account_name_len) == 0)
+	{
+		goto success;
+	}
+	if ((dnsHostName != NULL) &&
+	    strlen(instanceName) == dnsHostName->length &&
+	    (strncasecmp(instanceName,
+			 (const char *)dnsHostName->data,
+			 dnsHostName->length) == 0))
+	{
+		goto success;
+	}
+	if (is_dc) {
+		const char *guid_str = NULL;
+		guid_str = talloc_asprintf(mem_ctx,"%s._msdcs.%s",
+					   ntds_guid,
+					   forest_name);
+		if (strcasecmp(instanceName, guid_str) == 0) {
+			goto success;
+		}
+	}
+
+fail:
+	krb5_free_principal(krb_ctx, principal);
+	krb5_free_context(krb_ctx);
+	ldb_debug_set(ldb, LDB_DEBUG_WARNING,
+		      "acl: spn validation failed for "
+		      "spn[%.*s] uac[0x%x] account[%.*s] hostname[%.*s] "
+		      "nbname[%s] ntds[%s] forest[%s] domain[%s]\n",
+		      (int)spn_value->length, spn_value->data,
+		      (unsigned)userAccountControl,
+		      (int)samAccountName->length, samAccountName->data,
+		      dnsHostName != NULL ? (int)dnsHostName->length : 0,
+		      dnsHostName != NULL ? (const char *)dnsHostName->data : "",
+		      netbios_name, ntds_guid,
+		      forest_name, base_domain);
+	return LDB_ERR_CONSTRAINT_VIOLATION;
+
+success:
+	krb5_free_principal(krb_ctx, principal);
+	krb5_free_context(krb_ctx);
+	return LDB_SUCCESS;
+}
+
+/*
+ * Passing in 'el' is critical, we want to check all the values.
+ *
+ */
+static int acl_check_spn(TALLOC_CTX *mem_ctx,
+			 struct ldb_module *module,
+			 struct ldb_request *req,
+			 const struct ldb_message_element *el,
+			 struct security_descriptor *sd,
+			 struct dom_sid *sid,
+			 const struct dsdb_attribute *attr,
+			 const struct dsdb_class *objectclass,
+			 const struct ldb_control *implicit_validated_write_control)
+{
+	int ret;
+	unsigned int i;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct ldb_result *acl_res;
+	struct ldb_result *netbios_res;
+	struct ldb_dn *partitions_dn = samdb_partitions_dn(ldb, tmp_ctx);
+	uint32_t userAccountControl;
+	const char *netbios_name;
+	const struct ldb_val *dns_host_name_val = NULL;
+	const struct ldb_val *sam_account_name_val = NULL;
+	struct GUID ntds;
+	char *ntds_guid = NULL;
+	const struct ldb_message *msg = NULL;
+	const struct ldb_message *search_res = NULL;
+
+	static const char *acl_attrs[] = {
+		"samAccountName",
+		"dnsHostName",
+		"userAccountControl",
+		NULL
+	};
+	static const char *netbios_attrs[] = {
+		"nETBIOSName",
+		NULL
+	};
+
+	if (req->operation == LDB_MODIFY) {
+		msg = req->op.mod.message;
+	} else if (req->operation == LDB_ADD) {
+		msg = req->op.add.message;
+	}
+
+	if (implicit_validated_write_control != NULL) {
+		/*
+		 * The validated write control dispenses with ACL
+		 * checks. We act as if we have an implicit Self Write
+		 * privilege, but, assuming we don't have Write
+		 * Property, still proceed with further validation
+		 * checks.
+		 */
+	} else {
+		/* if we have wp, we can do whatever we like */
+		if (acl_check_access_on_attribute(module,
+						  tmp_ctx,
+						  sd,
+						  sid,
+						  SEC_ADS_WRITE_PROP,
+						  attr, objectclass) == LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return LDB_SUCCESS;
+		}
+
+		ret = acl_check_extended_right(tmp_ctx,
+					       module,
+					       req,
+					       objectclass,
+					       sd,
+					       acl_user_token(module),
+					       GUID_DRS_VALIDATE_SPN,
+					       SEC_ADS_SELF_WRITE,
+					       sid);
+
+		if (ret != LDB_SUCCESS) {
+			dsdb_acl_debug(sd, acl_user_token(module),
+				       msg->dn,
+				       true,
+				       10);
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+	}
+
+	/*
+	 * If we have "validated write spn", allow delete of any
+	 * existing value (this keeps constrained delete to the same
+	 * rules as unconstrained)
+	 */
+	if (req->operation == LDB_MODIFY) {
+		/*
+		 * If not add or replace (eg delete),
+		 * return success
+		 */
+		if (LDB_FLAG_MOD_TYPE(el->flags) != LDB_FLAG_MOD_ADD &&
+		    LDB_FLAG_MOD_TYPE(el->flags) != LDB_FLAG_MOD_REPLACE)
+		{
+			talloc_free(tmp_ctx);
+			return LDB_SUCCESS;
+		}
+
+		ret = dsdb_module_search_dn(module, tmp_ctx,
+					    &acl_res, msg->dn,
+					    acl_attrs,
+					    DSDB_FLAG_NEXT_MODULE |
+					    DSDB_FLAG_AS_SYSTEM |
+					    DSDB_SEARCH_SHOW_RECYCLED,
+					    req);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+
+		search_res = acl_res->msgs[0];
+	} else if (req->operation == LDB_ADD) {
+		search_res = msg;
+	} else {
+		talloc_free(tmp_ctx);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	if (req->operation == LDB_MODIFY) {
+		dns_host_name_val = ldb_msg_find_ldb_val(search_res, "dNSHostName");
+	}
+
+	ret = dsdb_msg_get_single_value(msg,
+					"dNSHostName",
+					dns_host_name_val,
+					&dns_host_name_val,
+					req->operation);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	userAccountControl = ldb_msg_find_attr_as_uint(search_res, "userAccountControl", 0);
+
+	if (req->operation == LDB_MODIFY) {
+		sam_account_name_val = ldb_msg_find_ldb_val(search_res, "sAMAccountName");
+	}
+
+	ret = dsdb_msg_get_single_value(msg,
+					"sAMAccountName",
+					sam_account_name_val,
+					&sam_account_name_val,
+					req->operation);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	ret = dsdb_module_search(module, tmp_ctx,
+				 &netbios_res, partitions_dn,
+				 LDB_SCOPE_ONELEVEL,
+				 netbios_attrs,
+				 DSDB_FLAG_NEXT_MODULE |
+				 DSDB_FLAG_AS_SYSTEM,
+				 req,
+				 "(ncName=%s)",
+				 ldb_dn_get_linearized(ldb_get_default_basedn(ldb)));
+
+	netbios_name = ldb_msg_find_attr_as_string(netbios_res->msgs[0], "nETBIOSName", NULL);
+
+	/*
+	 * NTDSDSA objectGuid of object we are checking SPN for
+	 *
+	 * Note - do we have the necessary attributes for this during an add operation?
+	 * How should we test this?
+	 */
+	if (userAccountControl & (UF_SERVER_TRUST_ACCOUNT | UF_PARTIAL_SECRETS_ACCOUNT)) {
+		ret = dsdb_module_find_ntdsguid_for_computer(module, tmp_ctx,
+							     msg->dn, &ntds, req);
+		if (ret != LDB_SUCCESS) {
+			ldb_asprintf_errstring(ldb, "Failed to find NTDSDSA objectGuid for %s: %s",
+					       ldb_dn_get_linearized(msg->dn),
+					       ldb_strerror(ret));
+			talloc_free(tmp_ctx);
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+		ntds_guid = GUID_string(tmp_ctx, &ntds);
+	}
+
+	for (i=0; i < el->num_values; i++) {
+		ret = acl_validate_spn_value(tmp_ctx,
+					     ldb,
+					     &el->values[i],
+					     userAccountControl,
+					     sam_account_name_val,
+					     dns_host_name_val,
+					     netbios_name,
+					     ntds_guid);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+	}
+	talloc_free(tmp_ctx);
+	return LDB_SUCCESS;
+}
+
+static int acl_check_dns_host_name(TALLOC_CTX *mem_ctx,
+				   struct ldb_module *module,
+				   struct ldb_request *req,
+				   const struct ldb_message_element *el,
+				   struct security_descriptor *sd,
+				   struct dom_sid *sid,
+				   const struct dsdb_attribute *attr,
+				   const struct dsdb_class *objectclass,
+				   const struct ldb_control *implicit_validated_write_control)
+{
+	int ret;
+	unsigned i;
+	TALLOC_CTX *tmp_ctx = NULL;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	const struct dsdb_schema *schema = NULL;
+	const struct ldb_message_element *allowed_suffixes = NULL;
+	struct ldb_result *nc_res = NULL;
+	struct ldb_dn *nc_root = NULL;
+	const char *nc_dns_name = NULL;
+	const char *dnsHostName_str = NULL;
+	size_t dns_host_name_len;
+	size_t account_name_len;
+	const struct ldb_message *msg = NULL;
+	const struct ldb_message *search_res = NULL;
+	const struct ldb_val *samAccountName = NULL;
+	const struct ldb_val *dnsHostName = NULL;
+	const struct dsdb_class *computer_objectclass = NULL;
+	bool is_subclass;
+
+	static const char *nc_attrs[] = {
+		"msDS-AllowedDNSSuffixes",
+		NULL
+	};
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	if (req->operation == LDB_MODIFY) {
+		msg = req->op.mod.message;
+	} else if (req->operation == LDB_ADD) {
+		msg = req->op.add.message;
+	}
+
+	if (implicit_validated_write_control != NULL) {
+		/*
+		 * The validated write control dispenses with ACL
+		 * checks. We act as if we have an implicit Self Write
+		 * privilege, but, assuming we don't have Write
+		 * Property, still proceed with further validation
+		 * checks.
+		 */
+	} else {
+		/* if we have wp, we can do whatever we like */
+		ret = acl_check_access_on_attribute(module,
+						    tmp_ctx,
+						    sd,
+						    sid,
+						    SEC_ADS_WRITE_PROP,
+						    attr, objectclass);
+		if (ret == LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return LDB_SUCCESS;
+		}
+
+		ret = acl_check_extended_right(tmp_ctx,
+					       module,
+					       req,
+					       objectclass,
+					       sd,
+					       acl_user_token(module),
+					       GUID_DRS_DNS_HOST_NAME,
+					       SEC_ADS_SELF_WRITE,
+					       sid);
+
+		if (ret != LDB_SUCCESS) {
+			dsdb_acl_debug(sd, acl_user_token(module),
+				       msg->dn,
+				       true,
+				       10);
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+	}
+
+	/*
+	 * If we have "validated write dnshostname", allow delete of
+	 * any existing value (this keeps constrained delete to the
+	 * same rules as unconstrained)
+	 */
+	if (req->operation == LDB_MODIFY) {
+		struct ldb_result *acl_res = NULL;
+
+		static const char *acl_attrs[] = {
+			"sAMAccountName",
+			NULL
+		};
+
+		/*
+		 * If not add or replace (eg delete),
+		 * return success
+		 */
+		if ((el->flags
+		     & (LDB_FLAG_MOD_ADD|LDB_FLAG_MOD_REPLACE)) == 0)
+		{
+			talloc_free(tmp_ctx);
+			return LDB_SUCCESS;
+		}
+
+		ret = dsdb_module_search_dn(module, tmp_ctx,
+					    &acl_res, msg->dn,
+					    acl_attrs,
+					    DSDB_FLAG_NEXT_MODULE |
+					    DSDB_FLAG_AS_SYSTEM |
+					    DSDB_SEARCH_SHOW_RECYCLED,
+					    req);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+
+		search_res = acl_res->msgs[0];
+	} else if (req->operation == LDB_ADD) {
+		search_res = msg;
+	} else {
+		talloc_free(tmp_ctx);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+        /* Check if the account has objectclass 'computer' or 'server'. */
+
+	schema = dsdb_get_schema(ldb, req);
+	if (schema == NULL) {
+		talloc_free(tmp_ctx);
+		return ldb_operr(ldb);
+	}
+
+	computer_objectclass = dsdb_class_by_lDAPDisplayName(schema, "computer");
+	if (computer_objectclass == NULL) {
+		talloc_free(tmp_ctx);
+		return ldb_operr(ldb);
+	}
+
+	is_subclass = dsdb_is_subclass_of(schema, objectclass, computer_objectclass);
+	if (!is_subclass) {
+		/* The account is not a computer -- check if it's a server. */
+
+		const struct dsdb_class *server_objectclass = NULL;
+
+		server_objectclass = dsdb_class_by_lDAPDisplayName(schema, "server");
+		if (server_objectclass == NULL) {
+			talloc_free(tmp_ctx);
+			return ldb_operr(ldb);
+		}
+
+		is_subclass = dsdb_is_subclass_of(schema, objectclass, server_objectclass);
+		if (!is_subclass) {
+			/* Not a computer or server, so no need to validate. */
+			talloc_free(tmp_ctx);
+			return LDB_SUCCESS;
+		}
+	}
+
+	if (req->operation == LDB_MODIFY) {
+		samAccountName = ldb_msg_find_ldb_val(search_res, "sAMAccountName");
+	}
+
+	ret = dsdb_msg_get_single_value(msg,
+					"sAMAccountName",
+					samAccountName,
+					&samAccountName,
+					req->operation);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	account_name_len = samAccountName->length;
+	if (account_name_len && samAccountName->data[account_name_len - 1] == '$') {
+		/* Account for the '$' character. */
+		--account_name_len;
+	}
+
+	/* Check for add or replace requests with no value. */
+	if (el->num_values == 0) {
+		talloc_free(tmp_ctx);
+		return ldb_operr(ldb);
+	}
+	dnsHostName = &el->values[0];
+
+	dnsHostName_str = (const char *)dnsHostName->data;
+	dns_host_name_len = dnsHostName->length;
+
+	/* Check that sAMAccountName matches the new dNSHostName. */
+
+	if (dns_host_name_len < account_name_len) {
+		goto fail;
+	}
+	if (strncasecmp(dnsHostName_str,
+			(const char *)samAccountName->data,
+			account_name_len) != 0)
+	{
+		goto fail;
+	}
+
+	dnsHostName_str += account_name_len;
+	dns_host_name_len -= account_name_len;
+
+	/* Check the '.' character */
+
+	if (dns_host_name_len == 0 || *dnsHostName_str != '.') {
+		goto fail;
+	}
+
+	++dnsHostName_str;
+	--dns_host_name_len;
+
+	/* Now we check the suffix. */
+
+	ret = dsdb_find_nc_root(ldb,
+				tmp_ctx,
+				search_res->dn,
+				&nc_root);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	nc_dns_name = samdb_dn_to_dns_domain(tmp_ctx, nc_root);
+	if (nc_dns_name == NULL) {
+		talloc_free(tmp_ctx);
+		return ldb_operr(ldb);
+	}
+
+	if (strlen(nc_dns_name) == dns_host_name_len &&
+	    strncasecmp(dnsHostName_str,
+			nc_dns_name,
+			dns_host_name_len) == 0)
+	{
+		/* It matches -- success. */
+		talloc_free(tmp_ctx);
+		return LDB_SUCCESS;
+	}
+
+	/* We didn't get a match, so now try msDS-AllowedDNSSuffixes. */
+
+	ret = dsdb_module_search_dn(module, tmp_ctx,
+				    &nc_res, nc_root,
+				    nc_attrs,
+				    DSDB_FLAG_NEXT_MODULE |
+				    DSDB_FLAG_AS_SYSTEM |
+				    DSDB_SEARCH_SHOW_RECYCLED,
+				    req);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	allowed_suffixes = ldb_msg_find_element(nc_res->msgs[0],
+						"msDS-AllowedDNSSuffixes");
+	if (allowed_suffixes == NULL) {
+		goto fail;
+	}
+
+	for (i = 0; i < allowed_suffixes->num_values; ++i) {
+		const struct ldb_val *suffix = &allowed_suffixes->values[i];
+
+		if (suffix->length == dns_host_name_len &&
+		    strncasecmp(dnsHostName_str,
+				(const char *)suffix->data,
+				dns_host_name_len) == 0)
+		{
+			/* It matches -- success. */
+			talloc_free(tmp_ctx);
+			return LDB_SUCCESS;
+		}
+	}
+
+fail:
+	ldb_debug_set(ldb, LDB_DEBUG_WARNING,
+		      "acl: hostname validation failed for "
+		      "hostname[%.*s] account[%.*s]\n",
+		      (int)dnsHostName->length, dnsHostName->data,
+		      (int)samAccountName->length, samAccountName->data);
+	talloc_free(tmp_ctx);
+	return LDB_ERR_CONSTRAINT_VIOLATION;
+}
+
+/* checks if modifications are allowed on "Member" attribute */
+static int acl_check_self_membership(TALLOC_CTX *mem_ctx,
+				     struct ldb_module *module,
+				     struct ldb_request *req,
+				     struct security_descriptor *sd,
+				     struct dom_sid *sid,
+				     const struct dsdb_attribute *attr,
+				     const struct dsdb_class *objectclass)
+{
+	int ret;
+	unsigned int i;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct ldb_dn *user_dn;
+	struct ldb_message_element *member_el;
+	const struct ldb_message *msg = NULL;
+
+	if (req->operation == LDB_MODIFY) {
+		msg = req->op.mod.message;
+	} else if (req->operation == LDB_ADD) {
+		msg = req->op.add.message;
+	} else {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	/* if we have wp, we can do whatever we like */
+	if (acl_check_access_on_attribute(module,
+					  mem_ctx,
+					  sd,
+					  sid,
+					  SEC_ADS_WRITE_PROP,
+					  attr, objectclass) == LDB_SUCCESS) {
+		return LDB_SUCCESS;
+	}
+	/* if we are adding/deleting ourselves, check for self membership */
+	ret = dsdb_find_dn_by_sid(ldb, mem_ctx,
+				  &acl_user_token(module)->sids[PRIMARY_USER_SID_INDEX],
+				  &user_dn);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	member_el = ldb_msg_find_element(msg, "member");
+	if (!member_el) {
+		return ldb_operr(ldb);
+	}
+	/* user can only remove oneself */
+	if (member_el->num_values == 0) {
+		return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
+	}
+	for (i = 0; i < member_el->num_values; i++) {
+		if (strcasecmp((const char *)member_el->values[i].data,
+			       ldb_dn_get_extended_linearized(mem_ctx, user_dn, 1)) != 0) {
+			return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
+		}
+	}
+	ret = acl_check_extended_right(mem_ctx,
+				       module,
+				       req,
+				       objectclass,
+				       sd,
+				       acl_user_token(module),
+				       GUID_DRS_SELF_MEMBERSHIP,
+				       SEC_ADS_SELF_WRITE,
+				       sid);
+	if (ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS) {
+		dsdb_acl_debug(sd, acl_user_token(module),
+			       msg->dn,
+			       true,
+			       10);
+	}
+	return ret;
+}
+
+static int acl_add(struct ldb_module *module, struct ldb_request *req)
+{
+	int ret;
+	struct ldb_dn *parent;
+	struct ldb_context *ldb;
+	const struct dsdb_schema *schema;
+	const struct dsdb_class *objectclass;
+	const struct dsdb_class *computer_objectclass = NULL;
+	const struct ldb_message_element *oc_el = NULL;
+	struct ldb_message_element sorted_oc_el;
+	struct ldb_control *as_system;
+	struct ldb_control *sd_ctrl = NULL;
+	struct ldb_message_element *el;
+	unsigned int instanceType = 0;
+	struct dsdb_control_calculated_default_sd *control_sd = NULL;
+	const struct dsdb_attribute *attr = NULL;
+	const char **must_contain = NULL;
+	const struct ldb_message *msg = req->op.add.message;
+	const struct dom_sid *domain_sid = NULL;
+	int i = 0;
+	bool attribute_authorization;
+	bool is_subclass;
+
+	if (ldb_dn_is_special(msg->dn)) {
+		return ldb_next_request(module, req);
+	}
+
+	as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID);
+	if (as_system != NULL) {
+		as_system->critical = 0;
+	}
+
+	if (dsdb_module_am_system(module) || as_system) {
+		return ldb_next_request(module, req);
+	}
+
+	ldb = ldb_module_get_ctx(module);
+	domain_sid = samdb_domain_sid(ldb);
+
+	parent = ldb_dn_get_parent(req, msg->dn);
+	if (parent == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	schema = dsdb_get_schema(ldb, req);
+	if (!schema) {
+		return ldb_operr(ldb);
+	}
+
+	/* Find the objectclass of the new account. */
+
+	oc_el = ldb_msg_find_element(msg, "objectclass");
+	if (oc_el == NULL) {
+		ldb_asprintf_errstring(ldb_module_get_ctx(module),
+				       "acl: unable to find or validate structural objectClass on %s\n",
+				       ldb_dn_get_linearized(msg->dn));
+		return ldb_module_done(req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
+	}
+
+	schema = dsdb_get_schema(ldb, req);
+	if (schema == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	ret = dsdb_sort_objectClass_attr(ldb, schema, oc_el, req, &sorted_oc_el);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	objectclass = dsdb_get_last_structural_class(schema, &sorted_oc_el);
+	if (objectclass == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	el = ldb_msg_find_element(msg, "instanceType");
+	if ((el != NULL) && (el->num_values != 1)) {
+		ldb_set_errstring(ldb, "acl: the 'instanceType' attribute is single-valued!");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	instanceType = ldb_msg_find_attr_as_uint(msg,
+						 "instanceType", 0);
+	if (instanceType & INSTANCE_TYPE_IS_NC_HEAD) {
+		static const char *no_attrs[] = { NULL };
+		struct ldb_result *partition_res;
+		struct ldb_dn *partitions_dn;
+
+		partitions_dn = samdb_partitions_dn(ldb, req);
+		if (!partitions_dn) {
+			ldb_set_errstring(ldb, "acl: CN=partitions dn could not be generated!");
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+
+		ret = dsdb_module_search(module, req, &partition_res,
+					 partitions_dn, LDB_SCOPE_ONELEVEL,
+					 no_attrs,
+					 DSDB_FLAG_NEXT_MODULE |
+					 DSDB_FLAG_AS_SYSTEM |
+					 DSDB_SEARCH_ONE_ONLY |
+					 DSDB_SEARCH_SHOW_RECYCLED,
+					 req,
+					 "(&(nCName=%s)(objectClass=crossRef))",
+					 ldb_dn_get_linearized(msg->dn));
+
+		if (ret == LDB_SUCCESS) {
+			/* Check that we can write to the crossRef object MS-ADTS 3.1.1.5.2.8.2 */
+			ret = dsdb_module_check_access_on_dn(module, req, partition_res->msgs[0]->dn,
+							     SEC_ADS_WRITE_PROP,
+							     &objectclass->schemaIDGUID, req);
+			if (ret != LDB_SUCCESS) {
+				ldb_asprintf_errstring(ldb_module_get_ctx(module),
+						       "acl: ACL check failed on crossRef object %s: %s\n",
+						       ldb_dn_get_linearized(partition_res->msgs[0]->dn),
+						       ldb_errstring(ldb));
+				return ret;
+			}
+
+			/*
+			 * TODO: Remaining checks, like if we are
+			 * the naming master etc need to be handled
+			 * in the instanceType module
+			 */
+			/* Note - do we need per-attribute checks? */
+			return ldb_next_request(module, req);
+		}
+
+		/* Check that we can create a crossRef object MS-ADTS 3.1.1.5.2.8.2 */
+		ret = dsdb_module_check_access_on_dn(module, req, partitions_dn,
+						     SEC_ADS_CREATE_CHILD,
+						     &objectclass->schemaIDGUID, req);
+		if (ret == LDB_ERR_NO_SUCH_OBJECT &&
+		    ldb_request_get_control(req, LDB_CONTROL_RELAX_OID))
+		{
+			/* Allow provision bootstrap */
+			ret = LDB_SUCCESS;
+		}
+		if (ret != LDB_SUCCESS) {
+			ldb_asprintf_errstring(ldb_module_get_ctx(module),
+					       "acl: ACL check failed on CN=Partitions crossRef container %s: %s\n",
+					       ldb_dn_get_linearized(partitions_dn), ldb_errstring(ldb));
+			return ret;
+		}
+
+		/*
+		 * TODO: Remaining checks, like if we are the naming
+		 * master and adding the crossRef object need to be
+		 * handled in the instanceType module
+		 */
+	} else {
+		ret = dsdb_module_check_access_on_dn(module, req, parent,
+						     SEC_ADS_CREATE_CHILD,
+						     &objectclass->schemaIDGUID, req);
+		if (ret != LDB_SUCCESS) {
+			ldb_asprintf_errstring(ldb_module_get_ctx(module),
+					       "acl: unable to get access to %s\n",
+					       ldb_dn_get_linearized(msg->dn));
+			return ret;
+		}
+	}
+
+	attribute_authorization = dsdb_attribute_authz_on_ldap_add(module,
+								   req,
+								   req);
+	if (!attribute_authorization) {
+		/* Skip the remaining checks */
+		goto success;
+	}
+
+	/* Check if we have computer objectclass. */
+	computer_objectclass = dsdb_class_by_lDAPDisplayName(schema, "computer");
+	if (computer_objectclass == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	is_subclass = dsdb_is_subclass_of(schema, objectclass, computer_objectclass);
+	if (!is_subclass) {
+		/*
+		 * This object is not a computer (or derived from computer), so
+		 * skip the remaining checks.
+		 */
+		goto success;
+	}
+
+	/*
+	 * we have established we have CC right, now check per-attribute
+	 * access based on the default SD
+	 */
+
+	sd_ctrl = ldb_request_get_control(req,
+					  DSDB_CONTROL_CALCULATED_DEFAULT_SD_OID);
+	if (sd_ctrl == NULL) {
+		goto success;
+	}
+
+	{
+		TALLOC_CTX *tmp_ctx = talloc_new(req);
+		control_sd = (struct dsdb_control_calculated_default_sd *) sd_ctrl->data;
+		DBG_DEBUG("Received cookie descriptor %s\n\n",
+			  sddl_encode(tmp_ctx, control_sd->default_sd, domain_sid));
+		TALLOC_FREE(tmp_ctx);
+		/* Mark the "change" control as uncritical (done) */
+		sd_ctrl->critical = false;
+	}
+
+	/*
+	 * At this point we do not yet have the object's SID, so we
+	 * leave it empty. It is irrelevant, as it is used to expand
+	 * Principal-Self, and rights granted to PS will have no effect
+	 * in this case
+	 */
+	/* check if we have WD, no need to perform other attribute checks if we do */
+	attr = dsdb_attribute_by_lDAPDisplayName(schema, "nTSecurityDescriptor");
+	if (attr == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	if (control_sd->specified_sacl) {
+		const struct security_token *token = acl_user_token(module);
+		bool has_priv = security_token_has_privilege(token, SEC_PRIV_SECURITY);
+		if (!has_priv) {
+			return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
+		}
+	}
+
+	ret = acl_check_access_on_attribute(module,
+					    req,
+					    control_sd->default_sd,
+					    NULL,
+					    SEC_STD_WRITE_DAC,
+					    attr,
+					    objectclass);
+	if (ret == LDB_SUCCESS) {
+		goto success;
+	}
+
+	if (control_sd->specified_sd) {
+		bool block_owner_rights = dsdb_block_owner_implicit_rights(module,
+									   req,
+									   req);
+		if (block_owner_rights) {
+			ldb_asprintf_errstring(ldb_module_get_ctx(module),
+					       "Object %s has no SD modification rights",
+					       ldb_dn_get_linearized(msg->dn));
+			dsdb_acl_debug(control_sd->default_sd,
+				       acl_user_token(module),
+				       msg->dn,
+				       true,
+				       10);
+			ret = LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
+			return ret;
+		}
+	}
+
+	must_contain = dsdb_full_attribute_list(req, schema, &sorted_oc_el,
+						DSDB_SCHEMA_ALL_MUST);
+	for (i=0; i < msg->num_elements; i++) {
+		el = &msg->elements[i];
+
+		attr = dsdb_attribute_by_lDAPDisplayName(schema, el->name);
+		if (attr == NULL && ldb_attr_cmp("clearTextPassword", el->name) != 0) {
+			ldb_asprintf_errstring(ldb, "acl_add: attribute '%s' "
+					       "on entry '%s' was not found in the schema!",
+					       el->name,
+				       ldb_dn_get_linearized(msg->dn));
+			ret = LDB_ERR_NO_SUCH_ATTRIBUTE;
+			return ret;
+		}
+
+		if (attr != NULL) {
+			bool found = str_list_check(must_contain, attr->lDAPDisplayName);
+			/* do not check the mandatory attributes */
+			if (found) {
+				continue;
+			}
+		}
+
+		if (ldb_attr_cmp("dBCSPwd", el->name) == 0 ||
+			   ldb_attr_cmp("unicodePwd", el->name) == 0 ||
+			   ldb_attr_cmp("userPassword", el->name) == 0 ||
+			   ldb_attr_cmp("clearTextPassword", el->name) == 0) {
+			continue;
+		} else if (ldb_attr_cmp("member", el->name) == 0) {
+			ret = acl_check_self_membership(req,
+							module,
+							req,
+							control_sd->default_sd,
+							NULL,
+							attr,
+							objectclass);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+		} else if (ldb_attr_cmp("servicePrincipalName", el->name) == 0) {
+			ret = acl_check_spn(req,
+					    module,
+					    req,
+					    el,
+					    control_sd->default_sd,
+					    NULL,
+					    attr,
+					    objectclass,
+					    NULL);
+			if (ret != LDB_SUCCESS) {
+				ldb_asprintf_errstring(ldb_module_get_ctx(module),
+						       "Object %s cannot be created with spn",
+						       ldb_dn_get_linearized(msg->dn));
+				dsdb_acl_debug(control_sd->default_sd,
+					       acl_user_token(module),
+					       msg->dn,
+					       true,
+					       10);
+				return ret;
+			}
+		} else if (ldb_attr_cmp("dnsHostName", el->name) == 0) {
+			ret = acl_check_dns_host_name(req,
+						      module,
+						      req,
+						      el,
+						      control_sd->default_sd,
+						      NULL,
+						      attr,
+						      objectclass,
+						      NULL);
+			if (ret != LDB_SUCCESS) {
+				ldb_asprintf_errstring(ldb_module_get_ctx(module),
+						       "Object %s cannot be created with dnsHostName",
+						       ldb_dn_get_linearized(msg->dn));
+				dsdb_acl_debug(control_sd->default_sd,
+					       acl_user_token(module),
+					       msg->dn,
+					       true,
+					       10);
+				return ret;
+			}
+		} else {
+			ret = acl_check_access_on_attribute(module,
+							    req,
+							    control_sd->default_sd,
+							    NULL,
+							    SEC_ADS_WRITE_PROP,
+							    attr,
+							    objectclass);
+			if (ret != LDB_SUCCESS) {
+				ldb_asprintf_errstring(ldb_module_get_ctx(module),
+						       "Object %s has no write property access",
+						       ldb_dn_get_linearized(msg->dn));
+				dsdb_acl_debug(control_sd->default_sd,
+					       acl_user_token(module),
+					       msg->dn,
+					       true,
+					       10);
+				ret = LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
+				return ret;
+			}
+		}
+	}
+success:
+	return ldb_next_request(module, req);
+}
+
+static int acl_check_password_rights(
+	TALLOC_CTX *mem_ctx,
+	struct ldb_module *module,
+	struct ldb_request *req,
+	struct security_descriptor *sd,
+	struct dom_sid *sid,
+	const struct dsdb_class *objectclass,
+	bool userPassword,
+	struct  dsdb_control_password_acl_validation **control_for_response)
+{
+	int ret = LDB_SUCCESS;
+	unsigned int del_attr_cnt = 0, add_attr_cnt = 0, rep_attr_cnt = 0;
+	unsigned int del_val_cnt = 0, add_val_cnt = 0;
+	struct ldb_message_element *el;
+	struct ldb_message *msg;
+	struct ldb_control *c = NULL;
+	const char *passwordAttrs[] = { "userPassword", "clearTextPassword",
+					"unicodePwd", NULL }, **l;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	struct dsdb_control_password_acl_validation *pav = NULL;
+
+	if (tmp_ctx == NULL) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	pav = talloc_zero(req, struct dsdb_control_password_acl_validation);
+	if (pav == NULL) {
+		talloc_free(tmp_ctx);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	/*
+	 * Set control_for_response to pav so it can be added to the response
+	 * and be passed up to the audit_log module which uses it to identify
+	 * password reset attempts.
+	 */
+	*control_for_response = pav;
+
+	c = ldb_request_get_control(req, DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID);
+	if (c != NULL) {
+		pav->pwd_reset = false;
+
+		/*
+		 * The "DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID" control means that we
+		 * have a user password change and not a set as the message
+		 * looks like. In it's value blob it contains the NT and/or LM
+		 * hash of the old password specified by the user.  This control
+		 * is used by the SAMR and "kpasswd" password change mechanisms.
+		 *
+		 * This control can't be used by real LDAP clients,
+		 * the only caller is samdb_set_password_internal(),
+		 * so we don't have to strict verification of the input.
+		 */
+		ret = acl_check_extended_right(tmp_ctx,
+					       module,
+					       req,
+					       objectclass,
+					       sd,
+					       acl_user_token(module),
+					       GUID_DRS_USER_CHANGE_PASSWORD,
+					       SEC_ADS_CONTROL_ACCESS,
+					       sid);
+		goto checked;
+	}
+
+	c = ldb_request_get_control(req, DSDB_CONTROL_PASSWORD_HASH_VALUES_OID);
+	if (c != NULL) {
+		pav->pwd_reset = true;
+
+		/*
+		 * The "DSDB_CONTROL_PASSWORD_HASH_VALUES_OID" control, without
+		 * "DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID" control means that we
+		 * have a force password set.
+		 * This control is used by the SAMR/NETLOGON/LSA password
+		 * reset mechanisms.
+		 *
+		 * This control can't be used by real LDAP clients,
+		 * the only caller is samdb_set_password_internal(),
+		 * so we don't have to strict verification of the input.
+		 */
+		ret = acl_check_extended_right(tmp_ctx,
+					       module,
+					       req,
+					       objectclass,
+					       sd,
+					       acl_user_token(module),
+					       GUID_DRS_FORCE_CHANGE_PASSWORD,
+					       SEC_ADS_CONTROL_ACCESS,
+					       sid);
+		goto checked;
+	}
+
+	el = ldb_msg_find_element(req->op.mod.message, "dBCSPwd");
+	if (el != NULL) {
+		/*
+		 * dBCSPwd is only allowed with a control.
+		 */
+		talloc_free(tmp_ctx);
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	msg = ldb_msg_copy_shallow(tmp_ctx, req->op.mod.message);
+	if (msg == NULL) {
+		return ldb_module_oom(module);
+	}
+	for (l = passwordAttrs; *l != NULL; l++) {
+		if ((!userPassword) && (ldb_attr_cmp(*l, "userPassword") == 0)) {
+			continue;
+		}
+
+		while ((el = ldb_msg_find_element(msg, *l)) != NULL) {
+			if (LDB_FLAG_MOD_TYPE(el->flags) == LDB_FLAG_MOD_DELETE) {
+				++del_attr_cnt;
+				del_val_cnt += el->num_values;
+			}
+			if (LDB_FLAG_MOD_TYPE(el->flags) == LDB_FLAG_MOD_ADD) {
+				++add_attr_cnt;
+				add_val_cnt += el->num_values;
+			}
+			if (LDB_FLAG_MOD_TYPE(el->flags) == LDB_FLAG_MOD_REPLACE) {
+				++rep_attr_cnt;
+			}
+			ldb_msg_remove_element(msg, el);
+		}
+	}
+
+	/* single deletes will be handled by the "password_hash" LDB module
+	 * later in the stack, so we let it though here */
+	if ((del_attr_cnt > 0) && (add_attr_cnt == 0) && (rep_attr_cnt == 0)) {
+		talloc_free(tmp_ctx);
+		return LDB_SUCCESS;
+	}
+
+
+	if (rep_attr_cnt > 0) {
+		pav->pwd_reset = true;
+
+		ret = acl_check_extended_right(tmp_ctx,
+					       module,
+					       req,
+					       objectclass,
+					       sd,
+					       acl_user_token(module),
+					       GUID_DRS_FORCE_CHANGE_PASSWORD,
+					       SEC_ADS_CONTROL_ACCESS,
+					       sid);
+		goto checked;
+	}
+
+	if (add_attr_cnt != del_attr_cnt) {
+		pav->pwd_reset = true;
+
+		ret = acl_check_extended_right(tmp_ctx,
+					       module,
+					       req,
+					       objectclass,
+					       sd,
+					       acl_user_token(module),
+					       GUID_DRS_FORCE_CHANGE_PASSWORD,
+					       SEC_ADS_CONTROL_ACCESS,
+					       sid);
+		goto checked;
+	}
+
+	if (add_val_cnt == 1 && del_val_cnt == 1) {
+		pav->pwd_reset = false;
+
+		ret = acl_check_extended_right(tmp_ctx,
+					       module,
+					       req,
+					       objectclass,
+					       sd,
+					       acl_user_token(module),
+					       GUID_DRS_USER_CHANGE_PASSWORD,
+					       SEC_ADS_CONTROL_ACCESS,
+					       sid);
+		/* Very strange, but we get constraint violation in this case */
+		if (ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS) {
+			ret = LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+		goto checked;
+	}
+
+	if (add_val_cnt == 1 && del_val_cnt == 0) {
+		pav->pwd_reset = true;
+
+		ret = acl_check_extended_right(tmp_ctx,
+					       module,
+					       req,
+					       objectclass,
+					       sd,
+					       acl_user_token(module),
+					       GUID_DRS_FORCE_CHANGE_PASSWORD,
+					       SEC_ADS_CONTROL_ACCESS,
+					       sid);
+		/* Very strange, but we get constraint violation in this case */
+		if (ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS) {
+			ret = LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+		goto checked;
+	}
+
+	/*
+	 * Everything else is handled by the password_hash module where it will
+	 * fail, but with the correct error code when the module is again
+	 * checking the attributes. As the change request will lack the
+	 * DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control, we can be sure that
+	 * any modification attempt that went this way will be rejected.
+	 */
+
+	talloc_free(tmp_ctx);
+	return LDB_SUCCESS;
+
+checked:
+	if (ret != LDB_SUCCESS) {
+		dsdb_acl_debug(sd, acl_user_token(module),
+			       req->op.mod.message->dn,
+			       true,
+			       10);
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	ret = ldb_request_add_control(req,
+		DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID, false, pav);
+	if (ret != LDB_SUCCESS) {
+		ldb_debug(ldb_module_get_ctx(module), LDB_DEBUG_ERROR,
+			  "Unable to register ACL validation control!\n");
+		return ret;
+	}
+	return LDB_SUCCESS;
+}
+
+/*
+ * Context needed by acl_callback
+ */
+struct acl_callback_context {
+	struct ldb_request *request;
+	struct ldb_module *module;
+};
+
+/*
+ * @brief Copy the password validation control to the reply.
+ *
+ * Copy the dsdb_control_password_acl_validation control from the request,
+ * to the reply.  The control is used by the audit_log module to identify
+ * password rests.
+ *
+ * @param req the ldb request.
+ * @param ares the result, updated with the control.
+ */
+static void copy_password_acl_validation_control(
+	struct ldb_request *req,
+	struct ldb_reply *ares)
+{
+	struct ldb_control *pav_ctrl = NULL;
+	struct dsdb_control_password_acl_validation *pav = NULL;
+
+	pav_ctrl = ldb_request_get_control(
+		discard_const(req),
+		DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID);
+	if (pav_ctrl == NULL) {
+		return;
+	}
+
+	pav = talloc_get_type_abort(
+		pav_ctrl->data,
+		struct dsdb_control_password_acl_validation);
+	if (pav == NULL) {
+		return;
+	}
+	ldb_reply_add_control(
+		ares,
+		DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID,
+		false,
+		pav);
+}
+/*
+ * @brief call back function for acl_modify.
+ *
+ * Calls acl_copy to copy the dsdb_control_password_acl_validation from
+ * the request to the reply.
+ *
+ * @param req the ldb_request.
+ * @param ares the operation result.
+ *
+ * @return the LDB_STATUS
+ */
+static int acl_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	struct acl_callback_context *ac = NULL;
+
+	ac = talloc_get_type(req->context, struct acl_callback_context);
+
+	if (!ares) {
+		return ldb_module_done(
+			ac->request,
+			NULL,
+			NULL,
+			LDB_ERR_OPERATIONS_ERROR);
+	}
+
+	/* pass on to the callback */
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+		return ldb_module_send_entry(
+			ac->request,
+			ares->message,
+			ares->controls);
+
+	case LDB_REPLY_REFERRAL:
+		return ldb_module_send_referral(
+			ac->request,
+			ares->referral);
+
+	case LDB_REPLY_DONE:
+		/*
+		 * Copy the ACL control from the request to the response
+		 */
+		copy_password_acl_validation_control(req, ares);
+		return ldb_module_done(
+			ac->request,
+			ares->controls,
+			ares->response,
+			ares->error);
+
+	default:
+		/* Can't happen */
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+}
+
+static int acl_modify(struct ldb_module *module, struct ldb_request *req)
+{
+	int ret;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	const struct dsdb_schema *schema;
+	unsigned int i;
+	const struct dsdb_class *objectclass;
+	struct ldb_result *acl_res;
+	struct security_descriptor *sd;
+	struct dom_sid *sid = NULL;
+	struct ldb_control *as_system;
+	struct ldb_control *is_undelete;
+	struct ldb_control *implicit_validated_write_control = NULL;
+	bool userPassword;
+	bool password_rights_checked = false;
+	TALLOC_CTX *tmp_ctx;
+	const struct ldb_message *msg = req->op.mod.message;
+	static const char *acl_attrs[] = {
+		"nTSecurityDescriptor",
+		"objectClass",
+		"objectSid",
+		NULL
+	};
+	struct acl_callback_context *context = NULL;
+	struct ldb_request *new_req = NULL;
+	struct  dsdb_control_password_acl_validation *pav = NULL;
+	struct ldb_control **controls = NULL;
+
+	if (ldb_dn_is_special(msg->dn)) {
+		return ldb_next_request(module, req);
+	}
+
+	as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID);
+	if (as_system != NULL) {
+		as_system->critical = 0;
+	}
+
+	is_undelete = ldb_request_get_control(req, DSDB_CONTROL_RESTORE_TOMBSTONE_OID);
+
+	implicit_validated_write_control = ldb_request_get_control(
+		req, DSDB_CONTROL_FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE_OID);
+	if (implicit_validated_write_control != NULL) {
+		implicit_validated_write_control->critical = 0;
+	}
+
+	/* Don't print this debug statement if elements[0].name is going to be NULL */
+	if (msg->num_elements > 0) {
+		DEBUG(10, ("ldb:acl_modify: %s\n", msg->elements[0].name));
+	}
+	if (dsdb_module_am_system(module) || as_system) {
+		return ldb_next_request(module, req);
+	}
+
+	tmp_ctx = talloc_new(req);
+	if (tmp_ctx == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	ret = dsdb_module_search_dn(module, tmp_ctx, &acl_res, msg->dn,
+				    acl_attrs,
+				    DSDB_FLAG_NEXT_MODULE |
+				    DSDB_FLAG_AS_SYSTEM |
+				    DSDB_SEARCH_SHOW_RECYCLED,
+				    req);
+
+	if (ret != LDB_SUCCESS) {
+		goto fail;
+	}
+
+	userPassword = dsdb_user_password_support(module, req, req);
+
+	schema = dsdb_get_schema(ldb, tmp_ctx);
+	if (!schema) {
+		talloc_free(tmp_ctx);
+		return ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR,
+				 "acl_modify: Error obtaining schema.");
+	}
+
+	ret = dsdb_get_sd_from_ldb_message(ldb, tmp_ctx, acl_res->msgs[0], &sd);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR,
+				 "acl_modify: Error retrieving security descriptor.");
+	}
+	/* Theoretically we pass the check if the object has no sd */
+	if (!sd) {
+		goto success;
+	}
+
+	objectclass = dsdb_get_structural_oc_from_msg(schema, acl_res->msgs[0]);
+	if (!objectclass) {
+		talloc_free(tmp_ctx);
+		return ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR,
+				 "acl_modify: Error retrieving object class for GUID.");
+	}
+	sid = samdb_result_dom_sid(req, acl_res->msgs[0], "objectSid");
+	for (i=0; i < msg->num_elements; i++) {
+		const struct ldb_message_element *el = &msg->elements[i];
+		const struct dsdb_attribute *attr;
+
+		/*
+		 * This basic attribute existence check with the right errorcode
+		 * is needed since this module is the first one which requests
+		 * schema attribute information.
+		 * The complete attribute checking is done in the
+		 * "objectclass_attrs" module behind this one.
+		 *
+		 * NOTE: "clearTextPassword" is not defined in the schema.
+		 */
+		attr = dsdb_attribute_by_lDAPDisplayName(schema, el->name);
+		if (!attr && ldb_attr_cmp("clearTextPassword", el->name) != 0) {
+			ldb_asprintf_errstring(ldb, "acl_modify: attribute '%s' "
+					       "on entry '%s' was not found in the schema!",
+					       req->op.mod.message->elements[i].name,
+				       ldb_dn_get_linearized(req->op.mod.message->dn));
+			ret =  LDB_ERR_NO_SUCH_ATTRIBUTE;
+			goto fail;
+		}
+
+		if (ldb_attr_cmp("nTSecurityDescriptor", el->name) == 0) {
+			uint32_t sd_flags = dsdb_request_sd_flags(req, NULL);
+			uint32_t access_mask = 0;
+
+			bool block_owner_rights;
+			enum implicit_owner_rights implicit_owner_rights;
+
+			if (sd_flags & (SECINFO_OWNER|SECINFO_GROUP)) {
+				access_mask |= SEC_STD_WRITE_OWNER;
+			}
+			if (sd_flags & SECINFO_DACL) {
+				access_mask |= SEC_STD_WRITE_DAC;
+			}
+			if (sd_flags & SECINFO_SACL) {
+				access_mask |= SEC_FLAG_SYSTEM_SECURITY;
+			}
+
+			block_owner_rights = !dsdb_module_am_administrator(module);
+
+			if (block_owner_rights) {
+				block_owner_rights = dsdb_block_owner_implicit_rights(module,
+										      req,
+										      req);
+			}
+			if (block_owner_rights) {
+				block_owner_rights = samdb_find_attribute(ldb,
+									  acl_res->msgs[0],
+									  "objectclass",
+									  "computer");
+			}
+
+			implicit_owner_rights = block_owner_rights ?
+				IMPLICIT_OWNER_READ_CONTROL_RIGHTS :
+				IMPLICIT_OWNER_READ_CONTROL_AND_WRITE_DAC_RIGHTS;
+
+			ret = acl_check_access_on_attribute_implicit_owner(module,
+									   tmp_ctx,
+									   sd,
+									   sid,
+									   access_mask,
+									   attr,
+									   objectclass,
+									   implicit_owner_rights);
+			if (ret != LDB_SUCCESS) {
+				ldb_asprintf_errstring(ldb_module_get_ctx(module),
+						       "Object %s has no write dacl access\n",
+						       ldb_dn_get_linearized(msg->dn));
+				dsdb_acl_debug(sd,
+					       acl_user_token(module),
+					       msg->dn,
+					       true,
+					       10);
+				ret = LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
+				goto fail;
+			}
+		} else if (ldb_attr_cmp("member", el->name) == 0) {
+			ret = acl_check_self_membership(tmp_ctx,
+							module,
+							req,
+							sd,
+							sid,
+							attr,
+							objectclass);
+			if (ret != LDB_SUCCESS) {
+				goto fail;
+			}
+		} else if (ldb_attr_cmp("dBCSPwd", el->name) == 0) {
+			/* this one is not affected by any rights, we should let it through
+			   so that passwords_hash returns the correct error */
+			continue;
+		} else if (ldb_attr_cmp("unicodePwd", el->name) == 0 ||
+			   (userPassword && ldb_attr_cmp("userPassword", el->name) == 0) ||
+			   ldb_attr_cmp("clearTextPassword", el->name) == 0) {
+			/*
+			 * Ideally we would do the acl_check_password_rights
+			 * before we checked the other attributes, i.e. in a
+			 * loop before the current one.
+			 * Have not done this as yet in order to limit the size
+			 * of the change. To limit the possibility of breaking
+			 * the ACL logic.
+			 */
+			if (password_rights_checked) {
+				continue;
+			}
+			ret = acl_check_password_rights(tmp_ctx,
+							module,
+							req,
+							sd,
+							sid,
+							objectclass,
+							userPassword,
+							&pav);
+			if (ret != LDB_SUCCESS) {
+				goto fail;
+			}
+			password_rights_checked = true;
+		} else if (ldb_attr_cmp("servicePrincipalName", el->name) == 0) {
+			ret = acl_check_spn(tmp_ctx,
+					    module,
+					    req,
+					    el,
+					    sd,
+					    sid,
+					    attr,
+					    objectclass,
+					    implicit_validated_write_control);
+			if (ret != LDB_SUCCESS) {
+				goto fail;
+			}
+		} else if (ldb_attr_cmp("dnsHostName", el->name) == 0) {
+			ret = acl_check_dns_host_name(tmp_ctx,
+						      module,
+						      req,
+						      el,
+						      sd,
+						      sid,
+						      attr,
+						      objectclass,
+						      implicit_validated_write_control);
+			if (ret != LDB_SUCCESS) {
+				goto fail;
+			}
+		} else if (is_undelete != NULL && (ldb_attr_cmp("isDeleted", el->name) == 0)) {
+			/*
+			 * in case of undelete op permissions on
+			 * isDeleted are irrelevant and
+			 * distinguishedName is removed by the
+			 * tombstone_reanimate module
+			 */
+			continue;
+		} else if (implicit_validated_write_control != NULL) {
+			/* Allow the update. */
+			continue;
+		} else {
+			ret = acl_check_access_on_attribute(module,
+							    tmp_ctx,
+							    sd,
+							    sid,
+							    SEC_ADS_WRITE_PROP,
+							    attr,
+							    objectclass);
+			if (ret != LDB_SUCCESS) {
+				ldb_asprintf_errstring(ldb_module_get_ctx(module),
+						       "Object %s has no write property access\n",
+						       ldb_dn_get_linearized(msg->dn));
+				dsdb_acl_debug(sd,
+					       acl_user_token(module),
+					       msg->dn,
+					       true,
+					       10);
+				ret = LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
+				goto fail;
+			}
+		}
+	}
+
+success:
+	talloc_free(tmp_ctx);
+	context = talloc_zero(req, struct acl_callback_context);
+
+	if (context == NULL) {
+		return ldb_oom(ldb);
+	}
+	context->request = req;
+	context->module  = module;
+	ret = ldb_build_mod_req(
+		&new_req,
+		ldb,
+		req,
+		req->op.mod.message,
+		req->controls,
+		context,
+		acl_callback,
+		req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	return ldb_next_request(module, new_req);
+fail:
+	talloc_free(tmp_ctx);
+	/*
+	 * We copy the pav into the result, so that the password reset
+	 * logging code in audit_log can log failed password reset attempts.
+	 */
+	if (pav) {
+		struct ldb_control *control = NULL;
+
+		controls = talloc_zero_array(req, struct ldb_control *, 2);
+		if (controls == NULL) {
+			return ldb_oom(ldb);
+		}
+
+		control = talloc(controls, struct ldb_control);
+
+		if (control == NULL) {
+			return ldb_oom(ldb);
+		}
+
+		control->oid= talloc_strdup(
+			control,
+			DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID);
+		if (control->oid == NULL) {
+			return ldb_oom(ldb);
+		}
+		control->critical	= false;
+		control->data	= pav;
+		*controls = control;
+	}
+	return ldb_module_done(req, controls, NULL, ret);
+}
+
+/* similar to the modify for the time being.
+ * We need to consider the special delete tree case, though - TODO */
+static int acl_delete(struct ldb_module *module, struct ldb_request *req)
+{
+	int ret;
+	struct ldb_dn *parent;
+	struct ldb_context *ldb;
+	struct ldb_dn *nc_root;
+	struct ldb_control *as_system;
+	const struct dsdb_schema *schema;
+	const struct dsdb_class *objectclass;
+	struct security_descriptor *sd = NULL;
+	struct dom_sid *sid = NULL;
+	struct ldb_result *acl_res;
+	static const char *acl_attrs[] = {
+		"nTSecurityDescriptor",
+		"objectClass",
+		"objectSid",
+		NULL
+	};
+
+	if (ldb_dn_is_special(req->op.del.dn)) {
+		return ldb_next_request(module, req);
+	}
+
+	as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID);
+	if (as_system != NULL) {
+		as_system->critical = 0;
+	}
+
+	if (dsdb_module_am_system(module) || as_system) {
+		return ldb_next_request(module, req);
+	}
+
+	DEBUG(10, ("ldb:acl_delete: %s\n", ldb_dn_get_linearized(req->op.del.dn)));
+
+	ldb = ldb_module_get_ctx(module);
+
+	parent = ldb_dn_get_parent(req, req->op.del.dn);
+	if (parent == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	/* Make sure we aren't deleting a NC */
+
+	ret = dsdb_find_nc_root(ldb, req, req->op.del.dn, &nc_root);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	if (ldb_dn_compare(nc_root, req->op.del.dn) == 0) {
+		talloc_free(nc_root);
+		DEBUG(10,("acl:deleting a NC\n"));
+		/* Windows returns "ERR_UNWILLING_TO_PERFORM */
+		return ldb_module_done(req, NULL, NULL,
+				       LDB_ERR_UNWILLING_TO_PERFORM);
+	}
+	talloc_free(nc_root);
+
+	ret = dsdb_module_search_dn(module, req, &acl_res,
+				    req->op.del.dn, acl_attrs,
+				    DSDB_FLAG_NEXT_MODULE |
+				    DSDB_FLAG_AS_SYSTEM |
+				    DSDB_SEARCH_SHOW_RECYCLED, req);
+	/* we should be able to find the parent */
+	if (ret != LDB_SUCCESS) {
+		DEBUG(10,("acl: failed to find object %s\n",
+			  ldb_dn_get_linearized(req->op.rename.olddn)));
+		return ret;
+	}
+
+	ret = dsdb_get_sd_from_ldb_message(ldb, req, acl_res->msgs[0], &sd);
+	if (ret != LDB_SUCCESS) {
+		return ldb_operr(ldb);
+	}
+	if (!sd) {
+		return ldb_operr(ldb);
+	}
+
+	schema = dsdb_get_schema(ldb, req);
+	if (!schema) {
+		return ldb_operr(ldb);
+	}
+
+	sid = samdb_result_dom_sid(req, acl_res->msgs[0], "objectSid");
+
+	objectclass = dsdb_get_structural_oc_from_msg(schema, acl_res->msgs[0]);
+	if (!objectclass) {
+		return ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR,
+				 "acl_modify: Error retrieving object class for GUID.");
+	}
+
+	if (ldb_request_get_control(req, LDB_CONTROL_TREE_DELETE_OID)) {
+		ret = acl_check_access_on_objectclass(module, req, sd, sid,
+						      SEC_ADS_DELETE_TREE,
+						      objectclass);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		return ldb_next_request(module, req);
+	}
+
+	/* First check if we have delete object right */
+	ret = acl_check_access_on_objectclass(module, req, sd, sid,
+					      SEC_STD_DELETE,
+					      objectclass);
+	if (ret == LDB_SUCCESS) {
+		return ldb_next_request(module, req);
+	}
+
+	/* Nope, we don't have delete object. Lets check if we have delete
+	 * child on the parent */
+	ret = dsdb_module_check_access_on_dn(module, req, parent,
+					     SEC_ADS_DELETE_CHILD,
+					     &objectclass->schemaIDGUID,
+					     req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return ldb_next_request(module, req);
+}
+static int acl_check_reanimate_tombstone(TALLOC_CTX *mem_ctx,
+					 struct ldb_module *module,
+					 struct ldb_request *req,
+					 struct ldb_dn *nc_root)
+{
+	int ret;
+	struct ldb_result *acl_res;
+	struct security_descriptor *sd = NULL;
+	struct dom_sid *sid = NULL;
+	const struct dsdb_schema *schema = NULL;
+	const struct dsdb_class *objectclass = NULL;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	static const char *acl_attrs[] = {
+		"nTSecurityDescriptor",
+		"objectClass",
+		"objectSid",
+		NULL
+	};
+
+	ret = dsdb_module_search_dn(module, mem_ctx, &acl_res,
+				    nc_root, acl_attrs,
+				    DSDB_FLAG_NEXT_MODULE |
+				    DSDB_FLAG_AS_SYSTEM |
+				    DSDB_SEARCH_SHOW_RECYCLED, req);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(10,("acl: failed to find object %s\n",
+			  ldb_dn_get_linearized(nc_root)));
+		return ret;
+	}
+
+	ret = dsdb_get_sd_from_ldb_message(mem_ctx, req, acl_res->msgs[0], &sd);
+	sid = samdb_result_dom_sid(mem_ctx, acl_res->msgs[0], "objectSid");
+	schema = dsdb_get_schema(ldb, req);
+	if (!schema) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	objectclass = dsdb_get_structural_oc_from_msg(schema, acl_res->msgs[0]);
+	if (ret != LDB_SUCCESS || !sd) {
+		return ldb_operr(ldb_module_get_ctx(module));
+	}
+	return acl_check_extended_right(mem_ctx,
+					module,
+					req,
+					objectclass,
+					sd,
+					acl_user_token(module),
+					GUID_DRS_REANIMATE_TOMBSTONE,
+					SEC_ADS_CONTROL_ACCESS, sid);
+}
+
+static int acl_rename(struct ldb_module *module, struct ldb_request *req)
+{
+	int ret;
+	struct ldb_dn *oldparent;
+	struct ldb_dn *newparent;
+	const struct dsdb_schema *schema;
+	const struct dsdb_class *objectclass;
+	const struct dsdb_attribute *attr = NULL;
+	struct ldb_context *ldb;
+	struct security_descriptor *sd = NULL;
+	struct dom_sid *sid = NULL;
+	struct ldb_result *acl_res;
+	struct ldb_dn *nc_root;
+	struct ldb_control *as_system;
+	struct ldb_control *is_undelete;
+	TALLOC_CTX *tmp_ctx;
+	const char *rdn_name;
+	static const char *acl_attrs[] = {
+		"nTSecurityDescriptor",
+		"objectClass",
+		"objectSid",
+		NULL
+	};
+
+	if (ldb_dn_is_special(req->op.rename.olddn)) {
+		return ldb_next_request(module, req);
+	}
+
+	as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID);
+	if (as_system != NULL) {
+		as_system->critical = 0;
+	}
+
+	DEBUG(10, ("ldb:acl_rename: %s\n", ldb_dn_get_linearized(req->op.rename.olddn)));
+	if (dsdb_module_am_system(module) || as_system) {
+		return ldb_next_request(module, req);
+	}
+
+	ldb = ldb_module_get_ctx(module);
+
+	tmp_ctx = talloc_new(req);
+	if (tmp_ctx == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	oldparent = ldb_dn_get_parent(tmp_ctx, req->op.rename.olddn);
+	if (oldparent == NULL) {
+		return ldb_oom(ldb);
+	}
+	newparent = ldb_dn_get_parent(tmp_ctx, req->op.rename.newdn);
+	if (newparent == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	/* Make sure we aren't renaming/moving a NC */
+
+	ret = dsdb_find_nc_root(ldb, req, req->op.rename.olddn, &nc_root);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	if (ldb_dn_compare(nc_root, req->op.rename.olddn) == 0) {
+		talloc_free(nc_root);
+		DEBUG(10,("acl:renaming/moving a NC\n"));
+		/* Windows returns "ERR_UNWILLING_TO_PERFORM */
+		return ldb_module_done(req, NULL, NULL,
+				       LDB_ERR_UNWILLING_TO_PERFORM);
+	}
+
+	/* special check for undelete operation */
+	is_undelete = ldb_request_get_control(req, DSDB_CONTROL_RESTORE_TOMBSTONE_OID);
+	if (is_undelete != NULL) {
+		is_undelete->critical = 0;
+		ret = acl_check_reanimate_tombstone(tmp_ctx, module, req, nc_root);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+	}
+	talloc_free(nc_root);
+
+	/* Look for the parent */
+
+	ret = dsdb_module_search_dn(module, tmp_ctx, &acl_res,
+				    req->op.rename.olddn, acl_attrs,
+				    DSDB_FLAG_NEXT_MODULE |
+				    DSDB_FLAG_AS_SYSTEM |
+				    DSDB_SEARCH_SHOW_RECYCLED, req);
+	/* we should be able to find the parent */
+	if (ret != LDB_SUCCESS) {
+		DEBUG(10,("acl: failed to find object %s\n",
+			  ldb_dn_get_linearized(req->op.rename.olddn)));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	ret = dsdb_get_sd_from_ldb_message(ldb, req, acl_res->msgs[0], &sd);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ldb_operr(ldb);
+	}
+	if (!sd) {
+		talloc_free(tmp_ctx);
+		return ldb_operr(ldb);
+	}
+
+	schema = dsdb_get_schema(ldb, acl_res);
+	if (!schema) {
+		talloc_free(tmp_ctx);
+		return ldb_operr(ldb);
+	}
+
+	sid = samdb_result_dom_sid(req, acl_res->msgs[0], "objectSid");
+
+	objectclass = dsdb_get_structural_oc_from_msg(schema, acl_res->msgs[0]);
+	if (!objectclass) {
+		talloc_free(tmp_ctx);
+		return ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR,
+				 "acl_modify: Error retrieving object class for GUID.");
+	}
+
+	attr = dsdb_attribute_by_lDAPDisplayName(schema, "name");
+	if (attr == NULL) {
+		talloc_free(tmp_ctx);
+		return ldb_operr(ldb);
+	}
+
+	ret = acl_check_access_on_attribute(module, tmp_ctx, sd, sid,
+					    SEC_ADS_WRITE_PROP,
+					    attr, objectclass);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb_module_get_ctx(module),
+				       "Object %s has no wp on %s\n",
+				       ldb_dn_get_linearized(req->op.rename.olddn),
+				       attr->lDAPDisplayName);
+		dsdb_acl_debug(sd,
+			  acl_user_token(module),
+			  req->op.rename.olddn,
+			  true,
+			  10);
+		talloc_free(tmp_ctx);
+		return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
+	}
+
+	rdn_name = ldb_dn_get_rdn_name(req->op.rename.olddn);
+	if (rdn_name == NULL) {
+		talloc_free(tmp_ctx);
+		return ldb_operr(ldb);
+	}
+
+	attr = dsdb_attribute_by_lDAPDisplayName(schema, rdn_name);
+	if (attr == NULL) {
+		talloc_free(tmp_ctx);
+		return ldb_operr(ldb);
+	}
+
+	ret = acl_check_access_on_attribute(module, tmp_ctx, sd, sid,
+					    SEC_ADS_WRITE_PROP,
+					    attr, objectclass);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb_module_get_ctx(module),
+				       "Object %s has no wp on %s\n",
+				       ldb_dn_get_linearized(req->op.rename.olddn),
+				       attr->lDAPDisplayName);
+		dsdb_acl_debug(sd,
+			  acl_user_token(module),
+			  req->op.rename.olddn,
+			  true,
+			  10);
+		talloc_free(tmp_ctx);
+		return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
+	}
+
+	if (ldb_dn_compare(oldparent, newparent) == 0) {
+		/* regular rename, not move, nothing more to do */
+		talloc_free(tmp_ctx);
+		return ldb_next_request(module, req);
+	}
+
+	/* new parent should have create child */
+	ret = dsdb_module_check_access_on_dn(module, req, newparent,
+					     SEC_ADS_CREATE_CHILD,
+					     &objectclass->schemaIDGUID, req);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb_module_get_ctx(module),
+				       "acl:access_denied renaming %s",
+				       ldb_dn_get_linearized(req->op.rename.olddn));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	/* do we have delete object on the object? */
+	/* this access is not necessary for undelete ops */
+	if (is_undelete == NULL) {
+		ret = acl_check_access_on_objectclass(module, tmp_ctx, sd, sid,
+						      SEC_STD_DELETE,
+						      objectclass);
+		if (ret == LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ldb_next_request(module, req);
+		}
+		/* what about delete child on the current parent */
+		ret = dsdb_module_check_access_on_dn(module, req, oldparent,
+						     SEC_ADS_DELETE_CHILD,
+						     &objectclass->schemaIDGUID,
+						     req);
+		if (ret != LDB_SUCCESS) {
+			ldb_asprintf_errstring(ldb_module_get_ctx(module),
+					       "acl:access_denied renaming %s", ldb_dn_get_linearized(req->op.rename.olddn));
+			talloc_free(tmp_ctx);
+			return ldb_module_done(req, NULL, NULL, ret);
+		}
+	}
+	talloc_free(tmp_ctx);
+
+	return ldb_next_request(module, req);
+}
+
+static int acl_search_update_confidential_attrs(struct acl_context *ac,
+						struct acl_private *data)
+{
+	struct dsdb_attribute *a;
+	uint32_t n = 0;
+
+	if (data->acl_search) {
+		/*
+		 * If acl:search is activated, the acl_read module
+		 * protects confidential attributes.
+		 */
+		return LDB_SUCCESS;
+	}
+
+	if ((ac->schema == data->cached_schema_ptr) &&
+	    (ac->schema->metadata_usn == data->cached_schema_metadata_usn))
+	{
+		return LDB_SUCCESS;
+	}
+
+	data->cached_schema_ptr = NULL;
+	data->cached_schema_loaded_usn = 0;
+	data->cached_schema_metadata_usn = 0;
+	TALLOC_FREE(data->confidential_attrs);
+
+	if (ac->schema == NULL) {
+		return LDB_SUCCESS;
+	}
+
+	for (a = ac->schema->attributes; a; a = a->next) {
+		const char **attrs = data->confidential_attrs;
+
+		if (!(a->searchFlags & SEARCH_FLAG_CONFIDENTIAL)) {
+			continue;
+		}
+
+		attrs = talloc_realloc(data, attrs, const char *, n + 2);
+		if (attrs == NULL) {
+			TALLOC_FREE(data->confidential_attrs);
+			return ldb_module_oom(ac->module);
+		}
+
+		attrs[n] = a->lDAPDisplayName;
+		attrs[n+1] = NULL;
+		n++;
+
+		data->confidential_attrs = attrs;
+	}
+
+	data->cached_schema_ptr = ac->schema;
+	data->cached_schema_metadata_usn = ac->schema->metadata_usn;
+
+	return LDB_SUCCESS;
+}
+
+static int acl_search_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	struct acl_context *ac;
+	struct acl_private *data;
+	struct ldb_result *acl_res;
+	static const char *acl_attrs[] = {
+		"objectClass",
+		"nTSecurityDescriptor",
+		"objectSid",
+		NULL
+	};
+	int ret;
+	unsigned int i;
+
+	ac = talloc_get_type(req->context, struct acl_context);
+	data = talloc_get_type(ldb_module_get_private(ac->module), struct acl_private);
+	if (!ares) {
+		return ldb_module_done(ac->req, NULL, NULL,
+				       LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, ares->controls,
+				       ares->response, ares->error);
+	}
+
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+		if (ac->constructed_attrs) {
+			ret = dsdb_module_search_dn(ac->module, ac, &acl_res, ares->message->dn,
+						    acl_attrs,
+						    DSDB_FLAG_NEXT_MODULE |
+						    DSDB_FLAG_AS_SYSTEM |
+						    DSDB_SEARCH_SHOW_RECYCLED,
+						    req);
+			if (ret != LDB_SUCCESS) {
+				return ldb_module_done(ac->req, NULL, NULL, ret);
+			}
+		}
+
+		if (ac->allowedAttributes || ac->allowedAttributesEffective) {
+			ret = acl_allowedAttributes(ac->module, ac->schema,
+						    acl_res->msgs[0],
+						    ares->message, ac);
+			if (ret != LDB_SUCCESS) {
+				return ldb_module_done(ac->req, NULL, NULL, ret);
+			}
+		}
+
+		if (ac->allowedChildClasses) {
+			ret = acl_childClasses(ac->module, ac->schema,
+					       acl_res->msgs[0],
+					       ares->message,
+					       "allowedChildClasses");
+			if (ret != LDB_SUCCESS) {
+				return ldb_module_done(ac->req, NULL, NULL, ret);
+			}
+		}
+
+		if (ac->allowedChildClassesEffective) {
+			ret = acl_childClassesEffective(ac->module, ac->schema,
+							acl_res->msgs[0],
+							ares->message, ac);
+			if (ret != LDB_SUCCESS) {
+				return ldb_module_done(ac->req, NULL, NULL, ret);
+			}
+		}
+
+		if (ac->sDRightsEffective) {
+			ret = acl_sDRightsEffective(ac->module,
+						    acl_res->msgs[0],
+						    ares->message, ac);
+			if (ret != LDB_SUCCESS) {
+				return ldb_module_done(ac->req, NULL, NULL, ret);
+			}
+		}
+
+		if (data == NULL) {
+			return ldb_module_send_entry(ac->req, ares->message,
+						     ares->controls);
+		}
+
+		if (ac->am_system) {
+			return ldb_module_send_entry(ac->req, ares->message,
+						     ares->controls);
+		}
+
+		if (ac->am_administrator) {
+			return ldb_module_send_entry(ac->req, ares->message,
+						     ares->controls);
+		}
+
+		if (data->confidential_attrs != NULL) {
+			for (i = 0; data->confidential_attrs[i]; i++) {
+				ldb_msg_remove_attr(ares->message,
+						    data->confidential_attrs[i]);
+			}
+		}
+
+		return ldb_module_send_entry(ac->req, ares->message, ares->controls);
+
+	case LDB_REPLY_REFERRAL:
+		return ldb_module_send_referral(ac->req, ares->referral);
+
+	case LDB_REPLY_DONE:
+		return ldb_module_done(ac->req, ares->controls,
+				       ares->response, LDB_SUCCESS);
+
+	}
+	return LDB_SUCCESS;
+}
+
+static int acl_search(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct acl_context *ac;
+	struct ldb_parse_tree *down_tree = req->op.search.tree;
+	struct ldb_request *down_req;
+	struct acl_private *data;
+	int ret;
+	unsigned int i;
+	bool modify_search = true;
+
+	if (ldb_dn_is_special(req->op.search.base)) {
+		return ldb_next_request(module, req);
+	}
+
+	ldb = ldb_module_get_ctx(module);
+
+	ac = talloc_zero(req, struct acl_context);
+	if (ac == NULL) {
+		return ldb_oom(ldb);
+	}
+	data = talloc_get_type(ldb_module_get_private(module), struct acl_private);
+
+	ac->module = module;
+	ac->req = req;
+	ac->am_system = dsdb_module_am_system(module);
+	ac->am_administrator = dsdb_module_am_administrator(module);
+	ac->constructed_attrs = false;
+	ac->allowedAttributes = ldb_attr_in_list(req->op.search.attrs, "allowedAttributes");
+	ac->allowedAttributesEffective = ldb_attr_in_list(req->op.search.attrs, "allowedAttributesEffective");
+	ac->allowedChildClasses = ldb_attr_in_list(req->op.search.attrs, "allowedChildClasses");
+	ac->allowedChildClassesEffective = ldb_attr_in_list(req->op.search.attrs, "allowedChildClassesEffective");
+	ac->sDRightsEffective = ldb_attr_in_list(req->op.search.attrs, "sDRightsEffective");
+	ac->schema = dsdb_get_schema(ldb, ac);
+
+	ac->constructed_attrs |= ac->allowedAttributes;
+	ac->constructed_attrs |= ac->allowedChildClasses;
+	ac->constructed_attrs |= ac->allowedChildClassesEffective;
+	ac->constructed_attrs |= ac->allowedAttributesEffective;
+	ac->constructed_attrs |= ac->sDRightsEffective;
+
+	if (data == NULL) {
+		modify_search = false;
+	}
+	if (ac->am_system) {
+		modify_search = false;
+	}
+
+	if (!ac->constructed_attrs && !modify_search) {
+		talloc_free(ac);
+		return ldb_next_request(module, req);
+	}
+
+	data = talloc_get_type(ldb_module_get_private(ac->module), struct acl_private);
+	if (data == NULL) {
+		return ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR,
+				 "acl_private data is missing");
+	}
+
+	if (!ac->am_system && !ac->am_administrator) {
+		ret = acl_search_update_confidential_attrs(ac, data);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		if (data->confidential_attrs != NULL) {
+			down_tree = ldb_parse_tree_copy_shallow(ac, req->op.search.tree);
+			if (down_tree == NULL) {
+				return ldb_oom(ldb);
+			}
+
+			for (i = 0; data->confidential_attrs[i]; i++) {
+				ldb_parse_tree_attr_replace(down_tree,
+							    data->confidential_attrs[i],
+							    "kludgeACLredactedattribute");
+			}
+		}
+	}
+
+	ret = ldb_build_search_req_ex(&down_req,
+				      ldb, ac,
+				      req->op.search.base,
+				      req->op.search.scope,
+				      down_tree,
+				      req->op.search.attrs,
+				      req->controls,
+				      ac, acl_search_callback,
+				      req);
+	LDB_REQ_SET_LOCATION(down_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	/* perform the search */
+	return ldb_next_request(module, down_req);
+}
+
+static int acl_extended(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct ldb_control *as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID);
+
+	/* allow everybody to read the sequence number */
+	if (strcmp(req->op.extended.oid,
+		   LDB_EXTENDED_SEQUENCE_NUMBER) == 0) {
+		return ldb_next_request(module, req);
+	}
+
+	if (dsdb_module_am_system(module) ||
+	    dsdb_module_am_administrator(module) || as_system) {
+		return ldb_next_request(module, req);
+	} else {
+		ldb_asprintf_errstring(ldb,
+				       "acl_extended: "
+				       "attempted database modify not permitted. "
+				       "User %s is not SYSTEM or an administrator",
+				       acl_user_name(req, module));
+		return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
+	}
+}
+
+static const struct ldb_module_ops ldb_acl_module_ops = {
+	.name		   = "acl",
+	.search            = acl_search,
+	.add               = acl_add,
+	.modify            = acl_modify,
+	.del               = acl_delete,
+	.rename            = acl_rename,
+	.extended          = acl_extended,
+	.init_context	   = acl_module_init
+};
+
+int ldb_acl_module_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_acl_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/acl_read.c b/source4/dsdb/samdb/ldb_modules/acl_read.c
new file mode 100644
index 0000000..0b6280c
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/acl_read.c
@@ -0,0 +1,1302 @@
+/*
+  ldb database library
+
+  Copyright (C) Simo Sorce 2006-2008
+  Copyright (C) Nadezhda Ivanova 2010
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 3 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: ldb
+ *
+ *  Component: ldb ACL Read module
+ *
+ *  Description: Module that performs authorisation access checks on read requests
+ *               Only DACL checks implemented at this point
+ *
+ *  Author: Nadezhda Ivanova
+ */
+
+#include "includes.h"
+#include "ldb_module.h"
+#include "auth/auth.h"
+#include "libcli/security/security.h"
+#include "dsdb/samdb/samdb.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "param/param.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+#include "lib/util/binsearch.h"
+
+#undef strcasecmp
+
+struct ldb_attr_vec {
+	const char** attrs;
+	size_t len;
+	size_t capacity;
+};
+
+struct aclread_context {
+	struct ldb_module *module;
+	struct ldb_request *req;
+	const struct dsdb_schema *schema;
+	uint32_t sd_flags;
+	bool added_nTSecurityDescriptor;
+	bool added_instanceType;
+	bool added_objectSid;
+	bool added_objectClass;
+
+	bool do_list_object_initialized;
+	bool do_list_object;
+	bool base_invisible;
+	uint64_t num_entries;
+
+	/* cache on the last parent we checked in this search */
+	struct ldb_dn *last_parent_dn;
+	int last_parent_check_ret;
+
+	bool am_administrator;
+
+	bool got_tree_attrs;
+	struct ldb_attr_vec tree_attrs;
+};
+
+struct aclread_private {
+	bool enabled;
+
+	/* cache of the last SD we read during any search */
+	struct security_descriptor *sd_cached;
+	struct ldb_val sd_cached_blob;
+	const char **password_attrs;
+	size_t num_password_attrs;
+};
+
+struct access_check_context {
+	struct security_descriptor *sd;
+	struct dom_sid sid_buf;
+	const struct dom_sid *sid;
+	const struct dsdb_class *objectclass;
+};
+
+static void acl_element_mark_access_checked(struct ldb_message_element *el)
+{
+	el->flags |= LDB_FLAG_INTERNAL_ACCESS_CHECKED;
+}
+
+static bool acl_element_is_access_checked(const struct ldb_message_element *el)
+{
+	return (el->flags & LDB_FLAG_INTERNAL_ACCESS_CHECKED) != 0;
+}
+
+static bool attr_in_vec(const struct ldb_attr_vec *vec, const char *attr)
+{
+	const char **found = NULL;
+
+	if (vec == NULL) {
+		return false;
+	}
+
+	BINARY_ARRAY_SEARCH_V(vec->attrs,
+			      vec->len,
+			      attr,
+			      ldb_attr_cmp,
+			      found);
+	return found != NULL;
+}
+
+static int acl_attr_cmp_fn(const char *a, const char **b)
+{
+	return ldb_attr_cmp(a, *b);
+}
+
+static int attr_vec_add_unique(TALLOC_CTX *mem_ctx,
+			       struct ldb_attr_vec *vec,
+			       const char *attr)
+{
+	const char **exact = NULL;
+	const char **next = NULL;
+	size_t next_idx = 0;
+
+	BINARY_ARRAY_SEARCH_GTE(vec->attrs,
+				vec->len,
+				attr,
+				acl_attr_cmp_fn,
+				exact,
+				next);
+	if (exact != NULL) {
+		return LDB_SUCCESS;
+	}
+
+	if (vec->len == SIZE_MAX) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	if (next != NULL) {
+		next_idx = next - vec->attrs;
+	}
+
+	if (vec->len >= vec->capacity) {
+		const char **attrs = NULL;
+
+		if (vec->capacity == 0) {
+			vec->capacity = 4;
+		} else {
+			if (vec->capacity > SIZE_MAX / 2) {
+				return LDB_ERR_OPERATIONS_ERROR;
+			}
+			vec->capacity *= 2;
+		}
+
+		attrs = talloc_realloc(mem_ctx, vec->attrs, const char *, vec->capacity);
+		if (attrs == NULL) {
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+
+		vec->attrs = attrs;
+	}
+	SMB_ASSERT(vec->len < vec->capacity);
+
+	if (next == NULL) {
+		vec->attrs[vec->len++] = attr;
+	} else {
+		size_t count = (vec->len - next_idx) * sizeof (vec->attrs[0]);
+		memmove(&vec->attrs[next_idx + 1],
+			&vec->attrs[next_idx],
+			count);
+
+		vec->attrs[next_idx] = attr;
+		++vec->len;
+	}
+
+	return LDB_SUCCESS;
+}
+
+static bool ldb_attr_always_present(const char *attr)
+{
+	static const char * const attrs_always_present[] = {
+		"objectClass",
+		"distinguishedName",
+		"name",
+		"objectGUID",
+		NULL
+	};
+
+	return ldb_attr_in_list(attrs_always_present, attr);
+}
+
+static bool ldb_attr_always_visible(const char *attr)
+{
+	static const char * const attrs_always_visible[] = {
+		"isDeleted",
+		"isRecycled",
+		NULL
+	};
+
+	return ldb_attr_in_list(attrs_always_visible, attr);
+}
+
+/* Collect a list of attributes required to match a given parse tree. */
+static int ldb_parse_tree_collect_acl_attrs(const struct ldb_module *module,
+					    TALLOC_CTX *mem_ctx,
+					    struct ldb_attr_vec *attrs,
+					    const struct ldb_parse_tree *tree)
+{
+	const char *attr = NULL;
+	unsigned int i;
+	int ret;
+
+	if (tree == NULL) {
+		return 0;
+	}
+
+	switch (tree->operation) {
+	case LDB_OP_OR:
+	case LDB_OP_AND:		/* attributes stored in list of subtrees */
+		for (i = 0; i < tree->u.list.num_elements; i++) {
+			ret = ldb_parse_tree_collect_acl_attrs(module, mem_ctx,
+							       attrs, tree->u.list.elements[i]);
+			if (ret) {
+				return ret;
+			}
+		}
+		return 0;
+
+	case LDB_OP_NOT:		/* attributes stored in single subtree */
+		return ldb_parse_tree_collect_acl_attrs(module, mem_ctx, attrs, tree->u.isnot.child);
+
+	case LDB_OP_PRESENT:
+		/*
+		 * If the search filter is checking for an attribute's presence,
+		 * and the attribute is always present, we can skip access
+		 * rights checks. Every object has these attributes, and so
+		 * there's no security reason to hide their presence.
+		 * Note: the acl.py tests (e.g. test_search1()) rely on this
+		 * exception.  I.e. even if we lack Read Property (RP) rights
+		 * for a child object, it should still appear as a visible
+		 * object in 'objectClass=*' searches, so long as we have List
+		 * Contents (LC) rights for the object.
+		 */
+		if (ldb_attr_always_present(tree->u.present.attr)) {
+			/* No need to check this attribute. */
+			return 0;
+		}
+
+		if (ldb_attr_always_visible(tree->u.present.attr)) {
+			/* No need to check this attribute. */
+			return 0;
+		}
+
+		break;
+
+	case LDB_OP_EQUALITY:
+		if (ldb_attr_always_visible(tree->u.equality.attr)) {
+			/* No need to check this attribute. */
+			return 0;
+		}
+
+		break;
+
+	default:			/* single attribute in tree */
+		break;
+	}
+
+	attr = ldb_parse_tree_get_attr(tree);
+	return attr_vec_add_unique(mem_ctx, attrs, attr);
+}
+
+/*
+ * the object has a parent, so we have to check for visibility
+ *
+ * This helper function uses a per-search cache to avoid checking the
+ * parent object for each of many possible children.  This is likely
+ * to help on SCOPE_ONE searches and on typical tree structures for
+ * SCOPE_SUBTREE, where an OU has many users as children.
+ *
+ * We rely for safety on the DB being locked for reads during the full
+ * search.
+ */
+static int aclread_check_parent(struct aclread_context *ac,
+				struct ldb_message *msg,
+				struct ldb_request *req)
+{
+	int ret;
+	struct ldb_dn *parent_dn = NULL;
+
+	/* We may have a cached result from earlier in this search */
+	if (ac->last_parent_dn != NULL) {
+		/*
+		 * We try the no-allocation ldb_dn_compare_base()
+		 * first however it will not tell parents and
+		 * grand-parents apart
+		 */
+		int cmp_base = ldb_dn_compare_base(ac->last_parent_dn,
+						   msg->dn);
+		if (cmp_base == 0) {
+			/* Now check if it is a direct parent */
+			parent_dn = ldb_dn_get_parent(ac, msg->dn);
+			if (parent_dn == NULL) {
+				return ldb_oom(ldb_module_get_ctx(ac->module));
+			}
+			if (ldb_dn_compare(ac->last_parent_dn,
+					   parent_dn) == 0) {
+				TALLOC_FREE(parent_dn);
+
+				/*
+				 * If we checked the same parent last
+				 * time, then return the cached
+				 * result.
+				 *
+				 * The cache is valid as long as the
+				 * search as the DB is read locked and
+				 * the session_info (connected user)
+				 * is constant.
+				 */
+				return ac->last_parent_check_ret;
+			}
+		}
+	}
+
+	{
+		TALLOC_CTX *frame = NULL;
+		frame = talloc_stackframe();
+
+		/*
+		 * This may have been set in the block above, don't
+		 * re-parse
+		 */
+		if (parent_dn == NULL) {
+			parent_dn = ldb_dn_get_parent(ac, msg->dn);
+			if (parent_dn == NULL) {
+				TALLOC_FREE(frame);
+				return ldb_oom(ldb_module_get_ctx(ac->module));
+			}
+		}
+		ret = dsdb_module_check_access_on_dn(ac->module,
+						     frame,
+						     parent_dn,
+						     SEC_ADS_LIST,
+						     NULL, req);
+		talloc_unlink(ac, ac->last_parent_dn);
+		ac->last_parent_dn = parent_dn;
+		ac->last_parent_check_ret = ret;
+
+		TALLOC_FREE(frame);
+	}
+	return ret;
+}
+
+static int aclread_check_object_visible(struct aclread_context *ac,
+					struct ldb_message *msg,
+					struct ldb_request *req)
+{
+	uint32_t instanceType;
+	int ret;
+
+	/* get the object instance type */
+	instanceType = ldb_msg_find_attr_as_uint(msg,
+						 "instanceType", 0);
+	if (instanceType & INSTANCE_TYPE_IS_NC_HEAD) {
+		/*
+		 * NC_HEAD objects are always visible
+		 */
+		return LDB_SUCCESS;
+	}
+
+	ret = aclread_check_parent(ac, msg, req);
+	if (ret == LDB_SUCCESS) {
+		/*
+		 * SEC_ADS_LIST (List Children) alone
+		 * on the parent is enough to make the
+		 * object visible.
+		 */
+		return LDB_SUCCESS;
+	}
+	if (ret != LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS) {
+		return ret;
+	}
+
+	if (!ac->do_list_object_initialized) {
+		/*
+		 * We only call dsdb_do_list_object() once
+		 * and only when needed in order to
+		 * check the dSHeuristics for fDoListObject.
+		 */
+		ac->do_list_object = dsdb_do_list_object(ac->module, ac, req);
+		ac->do_list_object_initialized = true;
+	}
+
+	if (ac->do_list_object) {
+		TALLOC_CTX *frame = talloc_stackframe();
+		struct ldb_dn *parent_dn = NULL;
+
+		/*
+		 * Here we're in "List Object" mode (fDoListObject=true).
+		 *
+		 * If SEC_ADS_LIST (List Children) is not
+		 * granted on the parent, we need to check if
+		 * SEC_ADS_LIST_OBJECT (List Object) is granted
+		 * on the parent and also on the object itself.
+		 *
+		 * We could optimize this similar to aclread_check_parent(),
+		 * but that would require quite a bit of restructuring,
+		 * so that we cache the granted access bits instead
+		 * of just the result for 'SEC_ADS_LIST (List Children)'.
+		 *
+		 * But as this is the uncommon case and
+		 * 'SEC_ADS_LIST (List Children)' is most likely granted
+		 * on most of the objects, we'll just implement what
+		 * we have to.
+		 */
+
+		parent_dn = ldb_dn_get_parent(frame, msg->dn);
+		if (parent_dn == NULL) {
+			TALLOC_FREE(frame);
+			return ldb_oom(ldb_module_get_ctx(ac->module));
+		}
+		ret = dsdb_module_check_access_on_dn(ac->module,
+						     frame,
+						     parent_dn,
+						     SEC_ADS_LIST_OBJECT,
+						     NULL, req);
+		if (ret != LDB_SUCCESS) {
+			TALLOC_FREE(frame);
+			return ret;
+		}
+		ret = dsdb_module_check_access_on_dn(ac->module,
+						     frame,
+						     msg->dn,
+						     SEC_ADS_LIST_OBJECT,
+						     NULL, req);
+		if (ret != LDB_SUCCESS) {
+			TALLOC_FREE(frame);
+			return ret;
+		}
+
+		TALLOC_FREE(frame);
+		return LDB_SUCCESS;
+	}
+
+	return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
+}
+
+/*
+ * The sd returned from this function is valid until the next call on
+ * this module context
+ *
+ * This helper function uses a cache on the module private data to
+ * speed up repeated use of the same SD.
+ */
+
+static int aclread_get_sd_from_ldb_message(struct aclread_context *ac,
+					   const struct ldb_message *acl_res,
+					   struct security_descriptor **sd)
+{
+	struct ldb_message_element *sd_element;
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+	struct aclread_private *private_data
+		= talloc_get_type_abort(ldb_module_get_private(ac->module),
+				  struct aclread_private);
+	enum ndr_err_code ndr_err;
+
+	sd_element = ldb_msg_find_element(acl_res, "nTSecurityDescriptor");
+	if (sd_element == NULL) {
+		return ldb_error(ldb, LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS,
+				 "nTSecurityDescriptor is missing");
+	}
+
+	if (sd_element->num_values != 1) {
+		return ldb_operr(ldb);
+	}
+
+	/*
+	 * The time spent in ndr_pull_security_descriptor() is quite
+	 * expensive, so we check if this is the same binary blob as last
+	 * time, and if so return the memory tree from that previous parse.
+	 */
+
+	if (private_data->sd_cached != NULL &&
+	    private_data->sd_cached_blob.data != NULL &&
+	    ldb_val_equal_exact(&sd_element->values[0],
+				&private_data->sd_cached_blob)) {
+		*sd = private_data->sd_cached;
+		return LDB_SUCCESS;
+	}
+
+	*sd = talloc(private_data, struct security_descriptor);
+	if(!*sd) {
+		return ldb_oom(ldb);
+	}
+	ndr_err = ndr_pull_struct_blob(&sd_element->values[0], *sd, *sd,
+			     (ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
+
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		TALLOC_FREE(*sd);
+		return ldb_operr(ldb);
+	}
+
+	talloc_unlink(private_data, private_data->sd_cached_blob.data);
+	private_data->sd_cached_blob = ldb_val_dup(private_data,
+						   &sd_element->values[0]);
+	if (private_data->sd_cached_blob.data == NULL) {
+		TALLOC_FREE(*sd);
+		return ldb_operr(ldb);
+	}
+
+	talloc_unlink(private_data, private_data->sd_cached);
+	private_data->sd_cached = *sd;
+
+	return LDB_SUCCESS;
+}
+
+/* Check whether the attribute is a password attribute. */
+static bool attr_is_secret(const char *attr, const struct aclread_private *private_data)
+{
+	const char **found = NULL;
+
+	if (private_data->password_attrs == NULL) {
+		return false;
+	}
+
+	BINARY_ARRAY_SEARCH_V(private_data->password_attrs,
+			      private_data->num_password_attrs,
+			      attr,
+			      ldb_attr_cmp,
+			      found);
+	return found != NULL;
+}
+
+/*
+ * Returns the access mask required to read a given attribute
+ */
+static uint32_t get_attr_access_mask(const struct dsdb_attribute *attr,
+				     uint32_t sd_flags)
+{
+
+	uint32_t access_mask = 0;
+	bool is_sd;
+
+	/* nTSecurityDescriptor is a special case */
+	is_sd = (ldb_attr_cmp("nTSecurityDescriptor",
+			      attr->lDAPDisplayName) == 0);
+
+	if (is_sd) {
+		if (sd_flags & (SECINFO_OWNER|SECINFO_GROUP)) {
+			access_mask |= SEC_STD_READ_CONTROL;
+		}
+		if (sd_flags & SECINFO_DACL) {
+			access_mask |= SEC_STD_READ_CONTROL;
+		}
+		if (sd_flags & SECINFO_SACL) {
+			access_mask |= SEC_FLAG_SYSTEM_SECURITY;
+		}
+	} else {
+		access_mask = SEC_ADS_READ_PROP;
+	}
+
+	if (attr->searchFlags & SEARCH_FLAG_CONFIDENTIAL) {
+		access_mask |= SEC_ADS_CONTROL_ACCESS;
+	}
+
+	return access_mask;
+}
+
+/*
+ * Checks that the user has sufficient access rights to view an attribute, else
+ * marks it as inaccessible.
+ */
+static int acl_redact_attr(TALLOC_CTX *mem_ctx,
+			   struct ldb_message_element *el,
+			   struct aclread_context *ac,
+			   const struct aclread_private *private_data,
+			   const struct ldb_message *msg,
+			   const struct dsdb_schema *schema,
+			   const struct security_descriptor *sd,
+			   const struct dom_sid *sid,
+			   const struct dsdb_class *objectclass)
+{
+	int ret;
+	const struct dsdb_attribute *attr = NULL;
+	uint32_t access_mask;
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+
+	if (attr_is_secret(el->name, private_data)) {
+		ldb_msg_element_mark_inaccessible(el);
+		return LDB_SUCCESS;
+	}
+
+	/* Look up the attribute in the schema. */
+	attr = dsdb_attribute_by_lDAPDisplayName(schema, el->name);
+	if (!attr) {
+		ldb_debug_set(ldb,
+			      LDB_DEBUG_FATAL,
+			      "acl_read: %s cannot find attr[%s] in schema\n",
+			      ldb_dn_get_linearized(msg->dn), el->name);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	access_mask = get_attr_access_mask(attr, ac->sd_flags);
+	if (access_mask == 0) {
+		DBG_ERR("Could not determine access mask for attribute %s\n",
+			el->name);
+		ldb_msg_element_mark_inaccessible(el);
+		return LDB_SUCCESS;
+	}
+
+	/* We must check whether the user has rights to view the attribute. */
+
+	ret = acl_check_access_on_attribute_implicit_owner(ac->module, mem_ctx, sd, sid,
+							   access_mask, attr, objectclass,
+							   IMPLICIT_OWNER_READ_CONTROL_RIGHTS);
+	if (ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS) {
+		ldb_msg_element_mark_inaccessible(el);
+	} else if (ret != LDB_SUCCESS) {
+		ldb_debug_set(ldb, LDB_DEBUG_FATAL,
+			      "acl_read: %s check attr[%s] gives %s - %s\n",
+			      ldb_dn_get_linearized(msg->dn), el->name,
+			      ldb_strerror(ret), ldb_errstring(ldb));
+		return ret;
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int setup_access_check_context(struct aclread_context *ac,
+				      const struct ldb_message *msg,
+				      struct access_check_context *ctx)
+{
+	int ret;
+
+	/*
+	 * Fetch the schema so we can check which attributes are
+	 * considered confidential.
+	 */
+	if (ac->schema == NULL) {
+		struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+
+		/* Cache the schema for later use. */
+		ac->schema = dsdb_get_schema(ldb, ac);
+
+		if (ac->schema == NULL) {
+			return ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR,
+					 "aclread_callback: Error obtaining schema.");
+		}
+	}
+
+	/* Fetch the object's security descriptor. */
+	ret = aclread_get_sd_from_ldb_message(ac, msg, &ctx->sd);
+	if (ret != LDB_SUCCESS) {
+		ldb_debug_set(ldb_module_get_ctx(ac->module), LDB_DEBUG_FATAL,
+			      "acl_read: cannot get descriptor of %s: %s\n",
+			      ldb_dn_get_linearized(msg->dn), ldb_strerror(ret));
+		return LDB_ERR_OPERATIONS_ERROR;
+	} else if (ctx->sd == NULL) {
+		ldb_debug_set(ldb_module_get_ctx(ac->module), LDB_DEBUG_FATAL,
+			      "acl_read: cannot get descriptor of %s (attribute not found)\n",
+			      ldb_dn_get_linearized(msg->dn));
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	/*
+	 * Get the most specific structural object class for the ACL check
+	 */
+	ctx->objectclass = dsdb_get_structural_oc_from_msg(ac->schema, msg);
+	if (ctx->objectclass == NULL) {
+		ldb_asprintf_errstring(ldb_module_get_ctx(ac->module),
+				       "acl_read: Failed to find a structural class for %s",
+				       ldb_dn_get_linearized(msg->dn));
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	/* Fetch the object's SID. */
+	ret = samdb_result_dom_sid_buf(msg, "objectSid", &ctx->sid_buf);
+	if (ret == LDB_SUCCESS) {
+		ctx->sid = &ctx->sid_buf;
+	} else if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE) {
+		/* This is expected. */
+		ctx->sid = NULL;
+	} else {
+		ldb_asprintf_errstring(ldb_module_get_ctx(ac->module),
+				       "acl_read: Failed to parse objectSid as dom_sid for %s",
+				       ldb_dn_get_linearized(msg->dn));
+		return ret;
+	}
+
+	return LDB_SUCCESS;
+}
+
+/*
+ * Whether this attribute was added to perform access checks and must be
+ * removed.
+ */
+static bool should_remove_attr(const char *attr, const struct aclread_context *ac)
+{
+	if (ac->added_nTSecurityDescriptor &&
+	    ldb_attr_cmp("nTSecurityDescriptor", attr) == 0)
+	{
+		return true;
+	}
+
+	if (ac->added_objectSid &&
+	    ldb_attr_cmp("objectSid", attr) == 0)
+	{
+		return true;
+	}
+
+	if (ac->added_instanceType &&
+	    ldb_attr_cmp("instanceType", attr) == 0)
+	{
+		return true;
+	}
+
+	if (ac->added_objectClass &&
+	    ldb_attr_cmp("objectClass", attr) == 0)
+	{
+		return true;
+	}
+
+	return false;
+}
+
+static int aclread_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	struct aclread_context *ac;
+	struct aclread_private *private_data = NULL;
+	struct ldb_message *msg;
+	int ret;
+	unsigned int i;
+	struct access_check_context acl_ctx;
+
+	ac = talloc_get_type_abort(req->context, struct aclread_context);
+	if (!ares) {
+		return ldb_module_done(ac->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR );
+	}
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, ares->controls,
+				       ares->response, ares->error);
+	}
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+		msg = ares->message;
+
+		if (!ldb_dn_is_null(msg->dn)) {
+			/*
+			 * this is a real object, so we have
+			 * to check for visibility
+			 */
+			ret = aclread_check_object_visible(ac, msg, req);
+			if (ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS) {
+				return LDB_SUCCESS;
+			} else if (ret != LDB_SUCCESS) {
+				struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+				ldb_debug_set(ldb, LDB_DEBUG_FATAL,
+					      "acl_read: %s check parent %s - %s\n",
+					      ldb_dn_get_linearized(msg->dn),
+					      ldb_strerror(ret),
+					      ldb_errstring(ldb));
+				return ldb_module_done(ac->req, NULL, NULL, ret);
+			}
+		}
+
+		/* for every element in the message check RP */
+		for (i = 0; i < msg->num_elements; ++i) {
+			struct ldb_message_element *el = &msg->elements[i];
+
+			/* Remove attributes added to perform access checks. */
+			if (should_remove_attr(el->name, ac)) {
+				ldb_msg_element_mark_inaccessible(el);
+				continue;
+			}
+
+			if (acl_element_is_access_checked(el)) {
+				/* We will have already checked this attribute. */
+				continue;
+			}
+
+			/*
+			 * We need to fetch the security descriptor to check
+			 * this attribute.
+			 */
+			break;
+		}
+
+		if (i == msg->num_elements) {
+			/* All elements have been checked. */
+			goto reply_entry_done;
+		}
+
+		ret = setup_access_check_context(ac, msg, &acl_ctx);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		private_data = talloc_get_type_abort(ldb_module_get_private(ac->module),
+						     struct aclread_private);
+
+		for (/* begin where we left off */; i < msg->num_elements; ++i) {
+			struct ldb_message_element *el = &msg->elements[i];
+
+			/* Remove attributes added to perform access checks. */
+			if (should_remove_attr(el->name, ac)) {
+				ldb_msg_element_mark_inaccessible(el);
+				continue;
+			}
+
+			if (acl_element_is_access_checked(el)) {
+				/* We will have already checked this attribute. */
+				continue;
+			}
+
+			/*
+			 * We need to check whether the attribute is secret,
+			 * confidential, or access-controlled.
+			 */
+			ret = acl_redact_attr(ac,
+					      el,
+					      ac,
+					      private_data,
+					      msg,
+					      ac->schema,
+					      acl_ctx.sd,
+					      acl_ctx.sid,
+					      acl_ctx.objectclass);
+			if (ret != LDB_SUCCESS) {
+				return ldb_module_done(ac->req, NULL, NULL, ret);
+			}
+		}
+
+	reply_entry_done:
+		ldb_msg_remove_inaccessible(msg);
+
+		ac->num_entries++;
+		return ldb_module_send_entry(ac->req, msg, ares->controls);
+	case LDB_REPLY_REFERRAL:
+		return ldb_module_send_referral(ac->req, ares->referral);
+	case LDB_REPLY_DONE:
+		if (ac->base_invisible && ac->num_entries == 0) {
+			/*
+			 * If the base is invisible and we didn't
+			 * returned any object, we need to return
+			 * NO_SUCH_OBJECT.
+			 */
+			return ldb_module_done(ac->req,
+					       NULL, NULL,
+					       LDB_ERR_NO_SUCH_OBJECT);
+		}
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, LDB_SUCCESS);
+
+	}
+	return LDB_SUCCESS;
+}
+
+
+static int aclread_search(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	int ret;
+	struct aclread_context *ac;
+	struct ldb_request *down_req;
+	bool am_system;
+	struct ldb_result *res;
+	struct aclread_private *p;
+	bool need_sd = false;
+	bool explicit_sd_flags = false;
+	bool is_untrusted = ldb_req_is_untrusted(req);
+	static const char * const _all_attrs[] = { "*", NULL };
+	bool all_attrs = false;
+	const char * const *attrs = NULL;
+	static const char *acl_attrs[] = {
+		"instanceType",
+		NULL
+	};
+
+	ldb = ldb_module_get_ctx(module);
+	p = talloc_get_type(ldb_module_get_private(module), struct aclread_private);
+
+	am_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID) != NULL;
+	if (!am_system) {
+		am_system = dsdb_module_am_system(module);
+	}
+
+	/* skip access checks if we are system or system control is supplied
+	 * or this is not LDAP server request */
+	if (!p || !p->enabled ||
+	    am_system ||
+	    !is_untrusted) {
+		return ldb_next_request(module, req);
+	}
+	/* no checks on special dn */
+	if (ldb_dn_is_special(req->op.search.base)) {
+		return ldb_next_request(module, req);
+	}
+
+	ac = talloc_zero(req, struct aclread_context);
+	if (ac == NULL) {
+		return ldb_oom(ldb);
+	}
+	ac->module = module;
+	ac->req = req;
+
+	attrs = req->op.search.attrs;
+	if (attrs == NULL) {
+		all_attrs = true;
+		attrs = _all_attrs;
+	} else if (ldb_attr_in_list(attrs, "*")) {
+		all_attrs = true;
+	}
+
+	/*
+	 * In theory we should also check for the SD control but control verification is
+	 * expensive so we'd better had the ntsecuritydescriptor to the list of
+	 * searched attribute and then remove it !
+	 */
+	ac->sd_flags = dsdb_request_sd_flags(ac->req, &explicit_sd_flags);
+
+	if (ldb_attr_in_list(attrs, "nTSecurityDescriptor")) {
+		need_sd = false;
+	} else if (explicit_sd_flags && all_attrs) {
+		need_sd = false;
+	} else {
+		need_sd = true;
+	}
+
+	if (!all_attrs) {
+		if (!ldb_attr_in_list(attrs, "instanceType")) {
+			attrs = ldb_attr_list_copy_add(ac, attrs, "instanceType");
+			if (attrs == NULL) {
+				return ldb_oom(ldb);
+			}
+			ac->added_instanceType = true;
+		}
+		if (!ldb_attr_in_list(req->op.search.attrs, "objectSid")) {
+			attrs = ldb_attr_list_copy_add(ac, attrs, "objectSid");
+			if (attrs == NULL) {
+				return ldb_oom(ldb);
+			}
+			ac->added_objectSid = true;
+		}
+		if (!ldb_attr_in_list(req->op.search.attrs, "objectClass")) {
+			attrs = ldb_attr_list_copy_add(ac, attrs, "objectClass");
+			if (attrs == NULL) {
+				return ldb_oom(ldb);
+			}
+			ac->added_objectClass = true;
+		}
+	}
+
+	if (need_sd) {
+		attrs = ldb_attr_list_copy_add(ac, attrs, "nTSecurityDescriptor");
+		if (attrs == NULL) {
+			return ldb_oom(ldb);
+		}
+		ac->added_nTSecurityDescriptor = true;
+	}
+
+	ac->am_administrator = dsdb_module_am_administrator(module);
+
+	/* check accessibility of base */
+	if (!ldb_dn_is_null(req->op.search.base)) {
+		ret = dsdb_module_search_dn(module, req, &res, req->op.search.base,
+					    acl_attrs,
+					    DSDB_FLAG_NEXT_MODULE |
+					    DSDB_FLAG_AS_SYSTEM |
+					    DSDB_SEARCH_SHOW_RECYCLED,
+					    req);
+		if (ret != LDB_SUCCESS) {
+			return ldb_error(ldb, ret,
+					"acl_read: Error retrieving instanceType for base.");
+		}
+		ret = aclread_check_object_visible(ac, res->msgs[0], req);
+		if (ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS) {
+			if (req->op.search.scope == LDB_SCOPE_BASE) {
+				return ldb_module_done(req, NULL, NULL,
+						       LDB_ERR_NO_SUCH_OBJECT);
+			}
+			/*
+			 * Defer LDB_ERR_NO_SUCH_OBJECT,
+			 * we may return sub objects
+			 */
+			ac->base_invisible = true;
+		} else if (ret != LDB_SUCCESS) {
+			return ldb_module_done(req, NULL, NULL, ret);
+		}
+	}
+
+	ret = ldb_build_search_req_ex(&down_req,
+				      ldb, ac,
+				      req->op.search.base,
+				      req->op.search.scope,
+				      req->op.search.tree,
+				      attrs,
+				      req->controls,
+				      ac, aclread_callback,
+				      req);
+
+	if (ret != LDB_SUCCESS) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	/*
+	 * We provide 'ac' as the control value, which is then used by the
+	 * callback to avoid double-work.
+	 */
+	ret = ldb_request_add_control(down_req, DSDB_CONTROL_ACL_READ_OID, false, ac);
+	if (ret != LDB_SUCCESS) {
+			return ldb_error(ldb, ret,
+					"acl_read: Error adding acl_read control.");
+	}
+
+	return ldb_next_request(module, down_req);
+}
+
+/*
+ * Here we mark inaccessible attributes known to be looked for in the
+ * filter. This only redacts attributes found in the search expression. If any
+ * extended attribute match rules examine different attributes without their own
+ * access control checks, a security bypass is possible.
+ */
+static int acl_redact_msg_for_filter(struct ldb_module *module, struct ldb_request *req, struct ldb_message *msg)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	const struct aclread_private *private_data = NULL;
+	struct ldb_control *control = NULL;
+	struct aclread_context *ac = NULL;
+	struct access_check_context acl_ctx;
+	int ret;
+	unsigned i;
+
+	/*
+	 * The private data contains a list of attributes which are to be
+	 * considered secret.
+	 */
+	private_data = talloc_get_type(ldb_module_get_private(module), struct aclread_private);
+	if (private_data == NULL) {
+		return ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR,
+				 "aclread_private data is missing");
+	}
+	if (!private_data->enabled) {
+		return LDB_SUCCESS;
+	}
+
+	control = ldb_request_get_control(req, DSDB_CONTROL_ACL_READ_OID);
+	if (control == NULL) {
+		/*
+		 * We've bypassed the acl_read module for this request, and
+		 * should skip redaction in this case.
+		 */
+		return LDB_SUCCESS;
+	}
+
+	ac = talloc_get_type_abort(control->data, struct aclread_context);
+
+	if (!ac->got_tree_attrs) {
+		ret = ldb_parse_tree_collect_acl_attrs(module, ac, &ac->tree_attrs, req->op.search.tree);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+		ac->got_tree_attrs = true;
+	}
+
+	for (i = 0; i < msg->num_elements; ++i) {
+		struct ldb_message_element *el = &msg->elements[i];
+
+		/* Is the attribute mentioned in the search expression? */
+		if (attr_in_vec(&ac->tree_attrs, el->name)) {
+			/*
+			 * We need to fetch the security descriptor to check
+			 * this element.
+			 */
+			break;
+		}
+
+		/*
+		 * This attribute is not in the search filter, so we can leave
+		 * handling it till aclread_callback(), by which time we know
+		 * this object is a match. This saves work checking ACLs if the
+		 * search is unindexed and most objects don't match the filter.
+		 */
+	}
+
+	if (i == msg->num_elements) {
+		/* All elements have been checked. */
+		return LDB_SUCCESS;
+	}
+
+	ret = setup_access_check_context(ac, msg, &acl_ctx);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/* For every element in the message and the parse tree, check RP. */
+
+	for (/* begin where we left off */; i < msg->num_elements; ++i) {
+		struct ldb_message_element *el = &msg->elements[i];
+
+		/* Is the attribute mentioned in the search expression? */
+		if (!attr_in_vec(&ac->tree_attrs, el->name)) {
+			/*
+			 * If not, leave it for later and check the next
+			 * attribute.
+			 */
+			continue;
+		}
+
+		/*
+		 * We need to check whether the attribute is secret,
+		 * confidential, or access-controlled.
+		 */
+		ret = acl_redact_attr(ac,
+				      el,
+				      ac,
+				      private_data,
+				      msg,
+				      ac->schema,
+				      acl_ctx.sd,
+				      acl_ctx.sid,
+				      acl_ctx.objectclass);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		acl_element_mark_access_checked(el);
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int ldb_attr_cmp_fn(const void *_a, const void *_b)
+{
+	const char * const *a = _a;
+	const char * const *b = _b;
+
+	return ldb_attr_cmp(*a, *b);
+}
+
+static int aclread_init(struct ldb_module *module)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	unsigned int i, n, j;
+	TALLOC_CTX *mem_ctx = NULL;
+	int ret;
+	bool userPassword_support;
+	static const char * const attrs[] = { "passwordAttribute", NULL };
+	static const char * const secret_attrs[] = {
+		DSDB_SECRET_ATTRIBUTES
+	};
+	struct ldb_result *res;
+	struct ldb_message *msg;
+	struct ldb_message_element *password_attributes;
+	struct aclread_private *p = talloc_zero(module, struct aclread_private);
+	if (p == NULL) {
+		return ldb_module_oom(module);
+	}
+	p->enabled = lpcfg_parm_bool(ldb_get_opaque(ldb, "loadparm"), NULL, "acl", "search", true);
+
+	ret = ldb_mod_register_control(module, LDB_CONTROL_SD_FLAGS_OID);
+	if (ret != LDB_SUCCESS) {
+		ldb_debug(ldb, LDB_DEBUG_ERROR,
+			  "acl_module_init: Unable to register sd_flags control with rootdse!\n");
+		return ldb_operr(ldb);
+	}
+
+	ldb_module_set_private(module, p);
+
+	mem_ctx = talloc_new(module);
+	if (!mem_ctx) {
+		return ldb_oom(ldb);
+	}
+
+	ret = dsdb_module_search_dn(module, mem_ctx, &res,
+				    ldb_dn_new(mem_ctx, ldb, "@KLUDGEACL"),
+				    attrs,
+				    DSDB_FLAG_NEXT_MODULE |
+				    DSDB_FLAG_AS_SYSTEM,
+				    NULL);
+	if (ret != LDB_SUCCESS) {
+		goto done;
+	}
+	if (res->count == 0) {
+		goto done;
+	}
+
+	if (res->count > 1) {
+		talloc_free(mem_ctx);
+		return LDB_ERR_CONSTRAINT_VIOLATION;
+	}
+
+	msg = res->msgs[0];
+
+	password_attributes = ldb_msg_find_element(msg, "passwordAttribute");
+	if (!password_attributes) {
+		goto done;
+	}
+	p->password_attrs = talloc_array(p, const char *,
+			password_attributes->num_values +
+			ARRAY_SIZE(secret_attrs));
+	if (!p->password_attrs) {
+		talloc_free(mem_ctx);
+		return ldb_oom(ldb);
+	}
+
+	n = 0;
+	for (i=0; i < password_attributes->num_values; i++) {
+		p->password_attrs[n] = (const char *)password_attributes->values[i].data;
+		talloc_steal(p->password_attrs, password_attributes->values[i].data);
+		n++;
+	}
+
+	for (i=0; i < ARRAY_SIZE(secret_attrs); i++) {
+		bool found = false;
+
+		for (j=0; j < n; j++) {
+			if (strcasecmp(p->password_attrs[j], secret_attrs[i]) == 0) {
+				found = true;
+				break;
+			}
+		}
+
+		if (found) {
+			continue;
+		}
+
+		p->password_attrs[n] = talloc_strdup(p->password_attrs,
+						     secret_attrs[i]);
+		if (p->password_attrs[n] == NULL) {
+			talloc_free(mem_ctx);
+			return ldb_oom(ldb);
+		}
+		n++;
+	}
+	p->num_password_attrs = n;
+
+	/* Sort the password attributes so we can use binary search. */
+	TYPESAFE_QSORT(p->password_attrs, p->num_password_attrs, ldb_attr_cmp_fn);
+
+	ret = ldb_register_redact_callback(ldb, acl_redact_msg_for_filter, module);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+done:
+	talloc_free(mem_ctx);
+	ret = ldb_next_init(module);
+
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (p->password_attrs != NULL) {
+		/*
+		 * Check this after the modules have be initialised so we can
+		 * actually read the backend DB.
+		 */
+		userPassword_support = dsdb_user_password_support(module,
+								  module,
+								  NULL);
+		if (!userPassword_support) {
+			const char **found = NULL;
+
+			/*
+			 * Remove the userPassword attribute, as it is not
+			 * considered secret.
+			 */
+			BINARY_ARRAY_SEARCH_V(p->password_attrs,
+					      p->num_password_attrs,
+					      "userPassword",
+					      ldb_attr_cmp,
+					      found);
+			if (found != NULL) {
+				size_t found_idx = found - p->password_attrs;
+
+				/* Shift following elements backwards by one. */
+				for (i = found_idx; i < p->num_password_attrs - 1; ++i) {
+					p->password_attrs[i] = p->password_attrs[i + 1];
+				}
+				--p->num_password_attrs;
+			}
+		}
+	}
+	return ret;
+}
+
+static const struct ldb_module_ops ldb_aclread_module_ops = {
+	.name		   = "aclread",
+	.search            = aclread_search,
+	.init_context      = aclread_init
+};
+
+int ldb_aclread_module_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_aclread_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/acl_util.c b/source4/dsdb/samdb/ldb_modules/acl_util.c
new file mode 100644
index 0000000..352997e
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/acl_util.c
@@ -0,0 +1,376 @@
+/*
+  ACL utility functions
+
+  Copyright (C) Nadezhda Ivanova 2010
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 3 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: acl_util
+ *
+ *  Component: ldb ACL modules
+ *
+ *  Description: Some auxiliary functions used for access checking
+ *
+ *  Author: Nadezhda Ivanova
+ */
+#include "includes.h"
+#include "ldb_module.h"
+#include "auth/auth.h"
+#include "libcli/security/security.h"
+#include "dsdb/samdb/samdb.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "param/param.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+
+struct security_token *acl_user_token(struct ldb_module *module)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct auth_session_info *session_info
+		= (struct auth_session_info *)ldb_get_opaque(
+			ldb,
+			DSDB_SESSION_INFO);
+	if(!session_info) {
+		return NULL;
+	}
+	return session_info->security_token;
+}
+
+/* performs an access check from inside the module stack
+ * given the dn of the object to be checked, the required access
+ * guid is either the guid of the extended right, or NULL
+ */
+
+int dsdb_module_check_access_on_dn(struct ldb_module *module,
+				   TALLOC_CTX *mem_ctx,
+				   struct ldb_dn *dn,
+				   uint32_t access_mask,
+				   const struct GUID *guid,
+				   struct ldb_request *parent)
+{
+	int ret;
+	struct ldb_result *acl_res;
+	static const char *acl_attrs[] = {
+		"nTSecurityDescriptor",
+		"objectSid",
+		NULL
+	};
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct auth_session_info *session_info
+		= (struct auth_session_info *)ldb_get_opaque(
+			ldb,
+			DSDB_SESSION_INFO);
+	if(!session_info) {
+		return ldb_operr(ldb);
+	}
+	ret = dsdb_module_search_dn(module, mem_ctx, &acl_res, dn,
+				    acl_attrs,
+				    DSDB_FLAG_NEXT_MODULE |
+				    DSDB_FLAG_AS_SYSTEM |
+				    DSDB_SEARCH_SHOW_RECYCLED,
+				    parent);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb_module_get_ctx(module),
+				       "access_check: failed to find object %s\n",
+				       ldb_dn_get_linearized(dn));
+		return ret;
+	}
+	return dsdb_check_access_on_dn_internal(ldb, acl_res,
+						mem_ctx,
+						session_info->security_token,
+						dn,
+						access_mask,
+						guid);
+}
+
+int acl_check_access_on_attribute_implicit_owner(struct ldb_module *module,
+						 TALLOC_CTX *mem_ctx,
+						 const struct security_descriptor *sd,
+						 const struct dom_sid *rp_sid,
+						 uint32_t access_mask,
+						 const struct dsdb_attribute *attr,
+						 const struct dsdb_class *objectclass,
+						 enum implicit_owner_rights implicit_owner_rights)
+{
+	int ret;
+	NTSTATUS status;
+	uint32_t access_granted;
+	struct object_tree *root = NULL;
+	struct object_tree *new_node = NULL;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	struct security_token *token = acl_user_token(module);
+
+	if (!insert_in_object_tree(tmp_ctx,
+				   &objectclass->schemaIDGUID,
+				   access_mask, NULL,
+				   &root)) {
+		DEBUG(10, ("acl_search: cannot add to object tree class schemaIDGUID\n"));
+		goto fail;
+	}
+	new_node = root;
+
+	if (!GUID_all_zero(&attr->attributeSecurityGUID)) {
+		if (!insert_in_object_tree(tmp_ctx,
+					   &attr->attributeSecurityGUID,
+					   access_mask, new_node,
+					   &new_node)) {
+			DEBUG(10, ("acl_search: cannot add to object tree securityGUID\n"));
+			goto fail;
+		}
+	}
+
+	if (!insert_in_object_tree(tmp_ctx,
+				   &attr->schemaIDGUID,
+				   access_mask, new_node,
+				   &new_node)) {
+		DEBUG(10, ("acl_search: cannot add to object tree attributeGUID\n"));
+		goto fail;
+	}
+
+	status = sec_access_check_ds_implicit_owner(sd, token,
+						    access_mask,
+						    &access_granted,
+						    root,
+						    rp_sid,
+						    implicit_owner_rights);
+	if (!NT_STATUS_IS_OK(status)) {
+		ret = LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
+	}
+	else {
+		ret = LDB_SUCCESS;
+	}
+	talloc_free(tmp_ctx);
+	return ret;
+fail:
+	talloc_free(tmp_ctx);
+	return ldb_operr(ldb_module_get_ctx(module));
+}
+
+int acl_check_access_on_attribute(struct ldb_module *module,
+				  TALLOC_CTX *mem_ctx,
+				  struct security_descriptor *sd,
+				  struct dom_sid *rp_sid,
+				  uint32_t access_mask,
+				  const struct dsdb_attribute *attr,
+				  const struct dsdb_class *objectclass)
+{
+	return acl_check_access_on_attribute_implicit_owner(module,
+							    mem_ctx,
+							    sd,
+							    rp_sid,
+							    access_mask,
+							    attr,
+							    objectclass,
+							    IMPLICIT_OWNER_READ_CONTROL_RIGHTS);
+}
+
+int acl_check_access_on_objectclass(struct ldb_module *module,
+				    TALLOC_CTX *mem_ctx,
+				    struct security_descriptor *sd,
+				    struct dom_sid *rp_sid,
+				    uint32_t access_mask,
+				    const struct dsdb_class *objectclass)
+{
+	int ret;
+	NTSTATUS status;
+	uint32_t access_granted;
+	struct object_tree *root = NULL;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	struct security_token *token = acl_user_token(module);
+
+	if (!insert_in_object_tree(tmp_ctx,
+				   &objectclass->schemaIDGUID,
+				   access_mask, NULL,
+				   &root)) {
+		DEBUG(10, ("acl_search: cannot add to object tree class schemaIDGUID\n"));
+		goto fail;
+	}
+
+	status = sec_access_check_ds(sd, token,
+				     access_mask,
+				     &access_granted,
+				     root,
+				     rp_sid);
+	if (!NT_STATUS_IS_OK(status)) {
+		ret = LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
+	} else {
+		ret = LDB_SUCCESS;
+	}
+	talloc_free(tmp_ctx);
+	return ret;
+fail:
+	talloc_free(tmp_ctx);
+	return ldb_operr(ldb_module_get_ctx(module));
+}
+
+/* checks for validated writes */
+int acl_check_extended_right(TALLOC_CTX *mem_ctx,
+			     struct ldb_module *module,
+			     struct ldb_request *req,
+			     const struct dsdb_class *objectclass,
+			     struct security_descriptor *sd,
+			     struct security_token *token,
+			     const char *ext_right,
+			     uint32_t right_type,
+			     struct dom_sid *sid)
+{
+	struct GUID right;
+	NTSTATUS status;
+	uint32_t access_granted;
+	struct object_tree *root = NULL;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	static const char *no_attrs[] = { NULL };
+	struct ldb_result *extended_rights_res = NULL;
+	struct ldb_dn *extended_rights_dn = NULL;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	int ret = 0;
+
+	/*
+	 * Find the extended right and check if applies to
+	 * the objectclass of the object
+	 */
+	extended_rights_dn = samdb_extended_rights_dn(ldb, req);
+	if (!extended_rights_dn) {
+		ldb_set_errstring(ldb,
+			"access_check: CN=Extended-Rights dn could not be generated!");
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	/* Note: we are checking only the structural object class. */
+	ret = dsdb_module_search(module, req, &extended_rights_res,
+				 extended_rights_dn, LDB_SCOPE_ONELEVEL,
+				 no_attrs,
+				 DSDB_FLAG_NEXT_MODULE |
+				 DSDB_FLAG_AS_SYSTEM,
+				 req,
+				 "(&(rightsGuid=%s)(appliesTo=%s))",
+				 ext_right,
+				 GUID_string(tmp_ctx,
+					     &(objectclass->schemaIDGUID)));
+
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	} else if (extended_rights_res->count == 0 ) {
+		ldb_debug(ldb, LDB_DEBUG_TRACE,
+			  "acl_check_extended_right: Could not find appliesTo for %s\n",
+			  ext_right);
+		return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
+	}
+
+	GUID_from_string(ext_right, &right);
+
+	if (!insert_in_object_tree(tmp_ctx, &right, right_type,
+				   NULL, &root)) {
+		DEBUG(10, ("acl_ext_right: cannot add to object tree\n"));
+		talloc_free(tmp_ctx);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	status = sec_access_check_ds(sd, token,
+				     right_type,
+				     &access_granted,
+				     root,
+				     sid);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(tmp_ctx);
+		return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
+	}
+	talloc_free(tmp_ctx);
+	return LDB_SUCCESS;
+}
+
+const char *acl_user_name(TALLOC_CTX *mem_ctx, struct ldb_module *module)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct auth_session_info *session_info
+		= (struct auth_session_info *)ldb_get_opaque(
+			ldb,
+			DSDB_SESSION_INFO);
+	if (!session_info) {
+		return "UNKNOWN (NULL)";
+	}
+
+	return talloc_asprintf(mem_ctx, "%s\\%s",
+			       session_info->info->domain_name,
+			       session_info->info->account_name);
+}
+
+uint32_t dsdb_request_sd_flags(struct ldb_request *req, bool *explicit)
+{
+	struct ldb_control *sd_control;
+	uint32_t sd_flags = 0;
+
+	if (explicit) {
+		*explicit = false;
+	}
+
+	sd_control = ldb_request_get_control(req, LDB_CONTROL_SD_FLAGS_OID);
+	if (sd_control != NULL && sd_control->data != NULL) {
+		struct ldb_sd_flags_control *sdctr = talloc_get_type_abort(sd_control->data, struct ldb_sd_flags_control);
+
+		sd_flags = sdctr->secinfo_flags;
+
+		if (explicit) {
+			*explicit = true;
+		}
+
+		/* mark it as handled */
+		sd_control->critical = 0;
+	}
+
+	/* we only care for the last 4 bits */
+	sd_flags &= 0x0000000F;
+
+	/*
+	 * MS-ADTS 3.1.1.3.4.1.11 says that no bits
+	 * equals all 4 bits
+	 */
+	if (sd_flags == 0) {
+		sd_flags = SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL | SECINFO_SACL;
+	}
+
+	return sd_flags;
+}
+
+int dsdb_module_schedule_sd_propagation(struct ldb_module *module,
+					struct ldb_dn *nc_root,
+					struct GUID guid,
+					struct GUID parent_guid,
+					bool include_self)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct dsdb_extended_sec_desc_propagation_op *op;
+	int ret;
+
+	op = talloc_zero(module, struct dsdb_extended_sec_desc_propagation_op);
+	if (op == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	op->nc_root = nc_root;
+	op->guid = guid;
+	op->include_self = include_self;
+	op->parent_guid = parent_guid;
+
+	ret = dsdb_module_extended(module, op, NULL,
+				   DSDB_EXTENDED_SEC_DESC_PROPAGATION_OID,
+				   op,
+				   DSDB_FLAG_TOP_MODULE |
+				   DSDB_FLAG_AS_SYSTEM |
+				   DSDB_FLAG_TRUSTED,
+				   NULL);
+	TALLOC_FREE(op);
+	return ret;
+}
diff --git a/source4/dsdb/samdb/ldb_modules/anr.c b/source4/dsdb/samdb/ldb_modules/anr.c
new file mode 100644
index 0000000..d0cdaa3
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/anr.c
@@ -0,0 +1,440 @@
+/* 
+   ldb database library
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2007
+   Copyright (C) Simo Sorce <idra@samba.org> 2008
+   Copyright (C) Andrew Tridgell  2004
+    
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: ldb
+ *
+ *  Component: ldb anr module
+ *
+ *  Description: module to implement 'ambiguous name resolution'
+ *
+ *  Author: Andrew Bartlett
+ */
+
+#include "includes.h"
+#include "ldb_module.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+
+#undef strcasecmp
+
+/**
+ * Make a and 'and' or 'or' tree from the two supplied elements 
+ */
+static struct ldb_parse_tree *make_parse_list(struct ldb_module *module,
+				       TALLOC_CTX *mem_ctx, enum ldb_parse_op op, 
+				       struct ldb_parse_tree *first_arm, struct ldb_parse_tree *second_arm)
+{
+	struct ldb_context *ldb;
+	struct ldb_parse_tree *list;
+
+	ldb = ldb_module_get_ctx(module);
+
+	list = talloc(mem_ctx, struct ldb_parse_tree);
+	if (list == NULL){
+		ldb_oom(ldb);
+		return NULL;
+	}
+	list->operation = op;
+	
+	list->u.list.num_elements = 2;
+	list->u.list.elements = talloc_array(list, struct ldb_parse_tree *, 2);
+	if (!list->u.list.elements) {
+		ldb_oom(ldb);
+		return NULL;
+	}
+	list->u.list.elements[0] = talloc_steal(list, first_arm);
+	list->u.list.elements[1] = talloc_steal(list, second_arm);
+	return list;
+}
+
+/**
+ * Make an equality or prefix match tree, from the attribute, operation and matching value supplied
+ */
+static struct ldb_parse_tree *make_match_tree(struct ldb_module *module,
+					      TALLOC_CTX *mem_ctx,
+					      enum ldb_parse_op op,
+					      const char *attr,
+					      struct ldb_val *match)
+{
+	struct ldb_context *ldb;
+	struct ldb_parse_tree *match_tree;
+
+	ldb = ldb_module_get_ctx(module);
+
+	match_tree = talloc(mem_ctx, struct ldb_parse_tree);
+	
+	/* Depending on what type of match was selected, fill in the right part of the union */
+	 
+	match_tree->operation = op;
+	switch (op) {
+	case LDB_OP_SUBSTRING:
+		match_tree->u.substring.attr = attr;
+		
+		match_tree->u.substring.start_with_wildcard = 0;
+		match_tree->u.substring.end_with_wildcard = 1;
+		match_tree->u.substring.chunks = talloc_array(match_tree, struct ldb_val *, 2);
+		
+		if (match_tree->u.substring.chunks == NULL){
+			talloc_free(match_tree);
+			ldb_oom(ldb);
+			return NULL;
+		}
+		match_tree->u.substring.chunks[0] = match;
+		match_tree->u.substring.chunks[1] = NULL;
+		break;
+	case LDB_OP_EQUALITY:
+		match_tree->u.equality.attr = attr;
+		match_tree->u.equality.value = *match;
+		break;
+	default:
+		talloc_free(match_tree);
+		return NULL;
+	}
+	return match_tree;
+}
+
+struct anr_context {
+	bool found_anr;
+	struct ldb_module *module;
+	struct ldb_request *req;
+};
+
+/**
+ * Given the match for an 'ambigious name resolution' query, create a
+ * parse tree with an 'or' of all the anr attributes in the schema.  
+ */
+
+/**
+ * Callback function to do the heavy lifting for the parse tree walker
+ */
+static int anr_replace_value(struct anr_context *ac,
+			     TALLOC_CTX *mem_ctx,
+			     struct ldb_val *match,
+			     struct ldb_parse_tree **ntree)
+{
+	struct ldb_parse_tree *tree = NULL;
+	struct ldb_module *module = ac->module;
+	struct ldb_parse_tree *match_tree;
+	struct dsdb_attribute *cur;
+	const struct dsdb_schema *schema;
+	struct ldb_context *ldb;
+	uint8_t *p;
+	enum ldb_parse_op op;
+
+	ldb = ldb_module_get_ctx(module);
+
+	schema = dsdb_get_schema(ldb, ac);
+	if (!schema) {
+		ldb_asprintf_errstring(ldb, "no schema with which to construct anr filter");
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	if (match->length > 1 && match->data[0] == '=') {
+		struct ldb_val *match2 = talloc(mem_ctx, struct ldb_val);
+		if (match2 == NULL){
+			return ldb_oom(ldb);
+		}
+		*match2 = data_blob_const(match->data+1, match->length - 1);
+		match = match2;
+		op = LDB_OP_EQUALITY;
+	} else {
+		op = LDB_OP_SUBSTRING;
+	}
+	for (cur = schema->attributes; cur; cur = cur->next) {
+		if (!(cur->searchFlags & SEARCH_FLAG_ANR)) continue;
+		match_tree = make_match_tree(module, mem_ctx, op, cur->lDAPDisplayName, match);
+
+		if (tree) {
+			/* Inject an 'or' with the current tree */
+			tree = make_parse_list(module, mem_ctx,  LDB_OP_OR, tree, match_tree);
+			if (tree == NULL) {
+				return ldb_oom(ldb);
+			}
+		} else {
+			tree = match_tree;
+		}
+	}
+
+	
+	/* If the search term has a space in it, 
+	   split it up at the first space.  */
+	
+	p = memchr(match->data, ' ', match->length);
+
+	if (p) {
+		struct ldb_parse_tree *first_split_filter, *second_split_filter, *split_filters, *match_tree_1, *match_tree_2;
+		struct ldb_val *first_match = talloc(tree, struct ldb_val);
+		struct ldb_val *second_match = talloc(tree, struct ldb_val);
+		if (!first_match || !second_match) {
+			return ldb_oom(ldb);
+		}
+		*first_match = data_blob_const(match->data, p-match->data);
+		*second_match = data_blob_const(p+1, match->length - (p-match->data) - 1);
+		
+		/* Add (|(&(givenname=first)(sn=second))(&(givenname=second)(sn=first))) */
+
+		match_tree_1 = make_match_tree(module, mem_ctx, op, "givenName", first_match);
+		match_tree_2 = make_match_tree(module, mem_ctx, op, "sn", second_match);
+
+		first_split_filter = make_parse_list(module, ac,  LDB_OP_AND, match_tree_1, match_tree_2);
+		if (first_split_filter == NULL){
+			return ldb_oom(ldb);
+		}
+		
+		match_tree_1 = make_match_tree(module, mem_ctx, op, "sn", first_match);
+		match_tree_2 = make_match_tree(module, mem_ctx, op, "givenName", second_match);
+
+		second_split_filter = make_parse_list(module, ac,  LDB_OP_AND, match_tree_1, match_tree_2);
+		if (second_split_filter == NULL){
+			return ldb_oom(ldb);
+		}
+
+		split_filters = make_parse_list(module, mem_ctx,  LDB_OP_OR, 
+						first_split_filter, second_split_filter);
+		if (split_filters == NULL) {
+			return ldb_oom(ldb);
+		}
+
+		if (tree) {
+			/* Inject an 'or' with the current tree */
+			tree = make_parse_list(module, mem_ctx,  LDB_OP_OR, tree, split_filters);
+		} else {
+			tree = split_filters;
+		}
+	}
+	*ntree = tree;
+	return LDB_SUCCESS;
+}
+
+/*
+  replace any occurrences of an attribute with a new, generated attribute tree
+*/
+static int anr_replace_subtrees(struct anr_context *ac,
+				struct ldb_parse_tree *tree,
+				const char *attr,
+				struct ldb_parse_tree **ntree)
+{
+	int ret;
+	unsigned int i;
+
+	switch (tree->operation) {
+	case LDB_OP_AND:
+	case LDB_OP_OR:
+		for (i=0;i<tree->u.list.num_elements;i++) {
+			ret = anr_replace_subtrees(ac, tree->u.list.elements[i],
+						   attr, &tree->u.list.elements[i]);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+			*ntree = tree;
+		}
+		break;
+	case LDB_OP_NOT:
+		ret = anr_replace_subtrees(ac, tree->u.isnot.child, attr, &tree->u.isnot.child);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+		*ntree = tree;
+		break;
+	case LDB_OP_EQUALITY:
+		if (ldb_attr_cmp(tree->u.equality.attr, attr) == 0) {
+			ret = anr_replace_value(ac, tree, &tree->u.equality.value, ntree);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+		}
+		break;
+	case LDB_OP_SUBSTRING:
+		if (ldb_attr_cmp(tree->u.substring.attr, attr) == 0) {
+			if (tree->u.substring.start_with_wildcard == 0 &&
+			    tree->u.substring.end_with_wildcard == 1 && 
+			    tree->u.substring.chunks[0] != NULL && 
+			    tree->u.substring.chunks[1] == NULL) {
+				ret = anr_replace_value(ac, tree, tree->u.substring.chunks[0], ntree);
+				if (ret != LDB_SUCCESS) {
+					return ret;
+				}
+			}
+		}
+		break;
+	default:
+		break;
+	}
+
+	return LDB_SUCCESS;
+}
+
+struct anr_present_ctx {
+	bool found_anr;
+	const char *attr;
+};
+
+/*
+  callback to determine if ANR is in use at all
+ */
+static int parse_tree_anr_present(struct ldb_parse_tree *tree, void *private_context)
+{
+	struct anr_present_ctx *ctx = private_context;
+	switch (tree->operation) {
+	case LDB_OP_EQUALITY:
+		if (ldb_attr_cmp(tree->u.equality.attr, ctx->attr) == 0) {
+			ctx->found_anr = true;
+		}
+		break;
+	case LDB_OP_GREATER:
+	case LDB_OP_LESS:
+	case LDB_OP_APPROX:
+		if (ldb_attr_cmp(tree->u.comparison.attr, ctx->attr) == 0) {
+			ctx->found_anr = true;
+		}
+		break;
+	case LDB_OP_SUBSTRING:
+		if (ldb_attr_cmp(tree->u.substring.attr, ctx->attr) == 0) {
+			ctx->found_anr = true;
+		}
+		break;
+	case LDB_OP_PRESENT:
+		if (ldb_attr_cmp(tree->u.present.attr, ctx->attr) == 0) {
+			ctx->found_anr = true;
+		}
+		break;
+	case LDB_OP_EXTENDED:
+		if (tree->u.extended.attr &&
+		    ldb_attr_cmp(tree->u.extended.attr, ctx->attr) == 0) {
+			ctx->found_anr = true;
+		}
+		break;
+	default:
+		break;
+	}
+	return LDB_SUCCESS;
+}
+
+
+static int anr_search_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	struct anr_context *ac;
+
+	ac = talloc_get_type(req->context, struct anr_context);
+
+	if (!ares) {
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+		return ldb_module_send_entry(ac->req, ares->message, ares->controls);
+
+	case LDB_REPLY_REFERRAL:
+		return ldb_module_send_referral(ac->req, ares->referral);
+
+	case LDB_REPLY_DONE:
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, LDB_SUCCESS);
+
+	}
+	return LDB_SUCCESS;
+}
+
+/* search */
+static int anr_search(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct ldb_parse_tree *anr_tree;
+	struct ldb_request *down_req;
+	struct anr_context *ac;
+	struct anr_present_ctx ctx;
+	const char *attr = "anr";
+	int ret;
+
+	ctx.found_anr = false;
+	ctx.attr = attr;
+
+	ldb_parse_tree_walk(req->op.search.tree,
+			    parse_tree_anr_present,
+			    &ctx);
+
+	if (!ctx.found_anr) {
+		return ldb_next_request(module, req);
+	}
+
+	ldb = ldb_module_get_ctx(module);
+
+	ac = talloc(req, struct anr_context);
+	if (!ac) {
+		return ldb_oom(ldb);
+	}
+
+	ac->module = module;
+	ac->req = req;
+
+#if 0
+	printf("oldanr : %s\n", ldb_filter_from_tree (0, req->op.search.tree));
+#endif
+
+	/* First make a copy, so we don't overwrite caller memory */
+
+	anr_tree = ldb_parse_tree_copy_shallow(ac, req->op.search.tree);
+
+	if (anr_tree == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	/* Now expand 'anr' out */
+	ret = anr_replace_subtrees(ac, anr_tree, attr, &anr_tree);
+	if (ret != LDB_SUCCESS) {
+		return ldb_operr(ldb);
+	}
+
+	ret = ldb_build_search_req_ex(&down_req,
+					ldb, ac,
+					req->op.search.base,
+					req->op.search.scope,
+					anr_tree,
+					req->op.search.attrs,
+					req->controls,
+					ac, anr_search_callback,
+					req);
+	LDB_REQ_SET_LOCATION(down_req);
+	if (ret != LDB_SUCCESS) {
+		return ldb_operr(ldb);
+	}
+	talloc_steal(down_req, anr_tree);
+
+	return ldb_next_request(module, down_req);
+}
+
+static const struct ldb_module_ops ldb_anr_module_ops = {
+	.name		   = "anr",
+	.search = anr_search
+};
+
+int ldb_anr_module_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_anr_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/audit_log.c b/source4/dsdb/samdb/ldb_modules/audit_log.c
new file mode 100644
index 0000000..7cc3ff6
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/audit_log.c
@@ -0,0 +1,1913 @@
+/*
+   ldb database library
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2018
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ * Provide an audit log of changes made to the database and at a
+ * higher level details of any password changes and resets.
+ *
+ */
+
+#include "includes.h"
+#include "ldb_module.h"
+#include "lib/audit_logging/audit_logging.h"
+
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+#include "dsdb/samdb/ldb_modules/audit_util_proto.h"
+#include "libcli/security/dom_sid.h"
+#include "auth/common_auth.h"
+#include "param/param.h"
+#include "librpc/gen_ndr/windows_event_ids.h"
+
+#define OPERATION_JSON_TYPE "dsdbChange"
+#define OPERATION_HR_TAG "DSDB Change"
+#define OPERATION_MAJOR 1
+#define OPERATION_MINOR 0
+#define OPERATION_LOG_LVL 5
+
+#define PASSWORD_JSON_TYPE "passwordChange"
+#define PASSWORD_HR_TAG "Password Change"
+#define PASSWORD_MAJOR 1
+#define PASSWORD_MINOR 1
+#define PASSWORD_LOG_LVL 5
+
+#define TRANSACTION_JSON_TYPE "dsdbTransaction"
+#define TRANSACTION_HR_TAG "DSDB Transaction"
+#define TRANSACTION_MAJOR 1
+#define TRANSACTION_MINOR 0
+#define TRANSACTION_LOG_FAILURE_LVL 5
+#define TRANSACTION_LOG_COMPLETION_LVL 10
+
+#define REPLICATION_JSON_TYPE "replicatedUpdate"
+#define REPLICATION_HR_TAG "Replicated Update"
+#define REPLICATION_MAJOR 1
+#define REPLICATION_MINOR 0
+#define REPLICATION_LOG_LVL 5
+/*
+ * Attribute values are truncated in the logs if they are longer than
+ * MAX_LENGTH
+ */
+#define MAX_LENGTH 1024
+
+#define min(a, b) (((a)>(b))?(b):(a))
+
+/*
+ * Private data for the module, stored in the ldb_module private data
+ */
+struct audit_private {
+	/*
+	 * Should details of database operations be sent over the
+	 * messaging bus.
+	 */
+	bool send_samdb_events;
+	/*
+	 * Should details of password changes and resets be sent over
+	 * the messaging bus.
+	 */
+	bool send_password_events;
+	/*
+	 * The messaging context to send the messages over.  Will only
+	 * be set if send_samdb_events or send_password_events are
+	 * true.
+	 */
+	struct imessaging_context *msg_ctx;
+	/*
+	 * Unique transaction id for the current transaction
+	 */
+	struct GUID transaction_guid;
+	/*
+	 * Transaction start time, used to calculate the transaction
+	 * duration.
+	 */
+	struct timeval transaction_start;
+};
+
+/*
+ * @brief Has the password changed.
+ *
+ * Does the message contain a change to one of the password attributes? The
+ * password attributes are defined in DSDB_PASSWORD_ATTRIBUTES
+ *
+ * @return true if the message contains a password attribute
+ *
+ */
+static bool has_password_changed(const struct ldb_message *message)
+{
+	unsigned int i;
+	if (message == NULL) {
+		return false;
+	}
+	for (i=0;i<message->num_elements;i++) {
+		if (dsdb_audit_is_password_attribute(
+			message->elements[i].name)) {
+			return true;
+		}
+	}
+	return false;
+}
+
+/*
+ * @brief get the password change windows event id
+ *
+ * Get the Windows Event Id for the action being performed on the user password.
+ *
+ * This routine assumes that the request contains password attributes and that the
+ * password ACL checks have been performed by acl.c
+ *
+ * @param request the ldb_request to inspect
+ * @param reply the ldb_reply, will contain the password controls
+ *
+ * @return The windows event code.
+ */
+static enum event_id_type get_password_windows_event_id(
+	const struct ldb_request *request,
+	const struct ldb_reply *reply)
+{
+	if(request->operation == LDB_ADD) {
+		return EVT_ID_PASSWORD_RESET;
+	} else {
+		struct ldb_control *pav_ctrl = NULL;
+		struct dsdb_control_password_acl_validation *pav = NULL;
+
+		pav_ctrl = ldb_reply_get_control(
+			discard_const(reply),
+			DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID);
+		if (pav_ctrl == NULL) {
+			return EVT_ID_PASSWORD_RESET;
+		}
+
+		pav = talloc_get_type_abort(
+			pav_ctrl->data,
+			struct dsdb_control_password_acl_validation);
+
+		if (pav->pwd_reset) {
+			return EVT_ID_PASSWORD_RESET;
+		} else {
+			return EVT_ID_PASSWORD_CHANGE;
+		}
+	}
+}
+/*
+ * @brief Is the request a password "Change" or a "Reset"
+ *
+ * Get a description of the action being performed on the user password.  This
+ * routine assumes that the request contains password attributes and that the
+ * password ACL checks have been performed by acl.c
+ *
+ * @param request the ldb_request to inspect
+ * @param reply the ldb_reply, will contain the password controls
+ *
+ * @return "Change" if the password is being changed.
+ *         "Reset"  if the password is being reset.
+ */
+static const char *get_password_action(
+	const struct ldb_request *request,
+	const struct ldb_reply *reply)
+{
+	if(request->operation == LDB_ADD) {
+		return "Reset";
+	} else {
+		struct ldb_control *pav_ctrl = NULL;
+		struct dsdb_control_password_acl_validation *pav = NULL;
+
+		pav_ctrl = ldb_reply_get_control(
+			discard_const(reply),
+			DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID);
+		if (pav_ctrl == NULL) {
+			return "Reset";
+		}
+
+		pav = talloc_get_type_abort(
+			pav_ctrl->data,
+			struct dsdb_control_password_acl_validation);
+
+		if (pav->pwd_reset) {
+			return "Reset";
+		} else {
+			return "Change";
+		}
+	}
+}
+
+/*
+ * @brief generate a JSON object detailing an ldb operation.
+ *
+ * Generate a JSON object detailing an ldb operation.
+ *
+ * @param module the ldb module
+ * @param request the request
+ * @param reply the result of the operation.
+ *
+ * @return the generated JSON object, should be freed with json_free.
+ *
+ *
+ */
+static struct json_object operation_json(
+	struct ldb_module *module,
+	const struct ldb_request *request,
+	const struct ldb_reply *reply)
+{
+	struct ldb_context *ldb = NULL;
+	const struct dom_sid *sid = NULL;
+	bool as_system = false;
+	struct json_object wrapper = json_empty_object;
+	struct json_object audit = json_empty_object;
+	const struct tsocket_address *remote = NULL;
+	const char *dn = NULL;
+	const char* operation = NULL;
+	const struct GUID *unique_session_token = NULL;
+	const struct ldb_message *message = NULL;
+	struct audit_private *audit_private
+		= talloc_get_type_abort(ldb_module_get_private(module),
+					struct audit_private);
+	int rc = 0;
+
+	ldb = ldb_module_get_ctx(module);
+
+	remote = dsdb_audit_get_remote_address(ldb);
+	if (remote != NULL && dsdb_audit_is_system_session(module)) {
+		as_system = true;
+		sid = dsdb_audit_get_actual_sid(ldb);
+		unique_session_token =
+			dsdb_audit_get_actual_unique_session_token(ldb);
+	} else {
+		sid = dsdb_audit_get_user_sid(module);
+		unique_session_token =
+			dsdb_audit_get_unique_session_token(module);
+	}
+	dn = dsdb_audit_get_primary_dn(request);
+	operation = dsdb_audit_get_operation_name(request);
+
+	audit = json_new_object();
+	if (json_is_invalid(&audit)) {
+		goto failure;
+	}
+	rc = json_add_version(&audit, OPERATION_MAJOR, OPERATION_MINOR);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_int(&audit, "statusCode", reply->error);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_string(&audit, "status", ldb_strerror(reply->error));
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_string(&audit, "operation", operation);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_address(&audit, "remoteAddress", remote);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_bool(&audit, "performedAsSystem", as_system);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_sid(&audit, "userSid", sid);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_string(&audit, "dn", dn);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_guid(
+	    &audit, "transactionId", &audit_private->transaction_guid);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_guid(&audit, "sessionId", unique_session_token);
+	if (rc != 0) {
+		goto failure;
+	}
+
+	message = dsdb_audit_get_message(request);
+	if (message != NULL) {
+		struct json_object attributes =
+			dsdb_audit_attributes_json(
+				request->operation,
+				message);
+		if (json_is_invalid(&attributes)) {
+			goto failure;
+		}
+		rc = json_add_object(&audit, "attributes", &attributes);
+		if (rc != 0) {
+			goto failure;
+		}
+	}
+
+	wrapper = json_new_object();
+	if (json_is_invalid(&wrapper)) {
+		goto failure;
+	}
+	rc = json_add_timestamp(&wrapper);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_string(&wrapper, "type", OPERATION_JSON_TYPE);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_object(&wrapper, OPERATION_JSON_TYPE, &audit);
+	if (rc != 0) {
+		goto failure;
+	}
+	return wrapper;
+
+failure:
+	/*
+	 * On a failure audit will not have been added to wrapper so it
+	 * needs to free it to avoid a leak.
+	 *
+	 * wrapper is freed to invalidate it as it will have only been
+	 * partially constructed and may be inconsistent.
+	 *
+	 * All the json manipulation routines handle a freed object correctly
+	 */
+	json_free(&audit);
+	json_free(&wrapper);
+	DBG_ERR("Unable to create ldb operation JSON audit message\n");
+	return wrapper;
+}
+
+/*
+ * @brief generate a JSON object detailing a replicated update.
+ *
+ * Generate a JSON object detailing a replicated update
+ *
+ * @param module the ldb module
+ * @param request the request
+ * @paran reply the result of the operation
+ *
+ * @return the generated JSON object, should be freed with json_free.
+ *         NULL if there was an error generating the message.
+ *
+ */
+static struct json_object replicated_update_json(
+	struct ldb_module *module,
+	const struct ldb_request *request,
+	const struct ldb_reply *reply)
+{
+	struct json_object wrapper = json_empty_object;
+	struct json_object audit = json_empty_object;
+	struct audit_private *audit_private
+		= talloc_get_type_abort(ldb_module_get_private(module),
+					struct audit_private);
+	struct dsdb_extended_replicated_objects *ro = talloc_get_type(
+		request->op.extended.data,
+		struct dsdb_extended_replicated_objects);
+	const char *partition_dn = NULL;
+	const char *error = NULL;
+	int rc = 0;
+
+	partition_dn = ldb_dn_get_linearized(ro->partition_dn);
+	error = get_friendly_werror_msg(ro->error);
+
+	audit = json_new_object();
+	if (json_is_invalid(&audit)) {
+		goto failure;
+	}
+	rc = json_add_version(&audit, REPLICATION_MAJOR, REPLICATION_MINOR);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_int(&audit, "statusCode", reply->error);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_string(&audit, "status", ldb_strerror(reply->error));
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_guid(
+	    &audit, "transactionId", &audit_private->transaction_guid);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_int(&audit, "objectCount", ro->num_objects);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_int(&audit, "linkCount", ro->linked_attributes_count);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_string(&audit, "partitionDN", partition_dn);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_string(&audit, "error", error);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_int(&audit, "errorCode", W_ERROR_V(ro->error));
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_guid(
+	    &audit, "sourceDsa", &ro->source_dsa->source_dsa_obj_guid);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_guid(
+	    &audit, "invocationId", &ro->source_dsa->source_dsa_invocation_id);
+	if (rc != 0) {
+		goto failure;
+	}
+
+	wrapper = json_new_object();
+	if (json_is_invalid(&wrapper)) {
+		goto failure;
+	}
+	rc = json_add_timestamp(&wrapper);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_string(&wrapper, "type", REPLICATION_JSON_TYPE);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_object(&wrapper, REPLICATION_JSON_TYPE, &audit);
+	if (rc != 0) {
+		goto failure;
+	}
+	return wrapper;
+failure:
+	/*
+	 * On a failure audit will not have been added to wrapper so it
+	 * needs to be freed it to avoid a leak.
+	 *
+	 * wrapper is freed to invalidate it as it will have only been
+	 * partially constructed and may be inconsistent.
+	 *
+	 * All the json manipulation routines handle a freed object correctly
+	 */
+	json_free(&audit);
+	json_free(&wrapper);
+	DBG_ERR("Unable to create replicated update JSON audit message\n");
+	return wrapper;
+}
+
+/*
+ * @brief generate a JSON object detailing a password change.
+ *
+ * Generate a JSON object detailing a password change.
+ *
+ * @param module the ldb module
+ * @param request the request
+ * @param reply the result/response
+ * @param status the status code returned for the underlying ldb operation.
+ *
+ * @return the generated JSON object.
+ *
+ */
+static struct json_object password_change_json(
+	struct ldb_module *module,
+	const struct ldb_request *request,
+	const struct ldb_reply *reply)
+{
+	struct ldb_context *ldb = NULL;
+	const struct dom_sid *sid = NULL;
+	const char *dn = NULL;
+	struct json_object wrapper = json_empty_object;
+	struct json_object audit = json_empty_object;
+	const struct tsocket_address *remote = NULL;
+	const char* action = NULL;
+	const struct GUID *unique_session_token = NULL;
+	struct audit_private *audit_private
+		= talloc_get_type_abort(ldb_module_get_private(module),
+					struct audit_private);
+	int rc = 0;
+	enum event_id_type event_id;
+
+	ldb = ldb_module_get_ctx(module);
+
+	remote = dsdb_audit_get_remote_address(ldb);
+	sid = dsdb_audit_get_user_sid(module);
+	dn = dsdb_audit_get_primary_dn(request);
+	action = get_password_action(request, reply);
+	unique_session_token = dsdb_audit_get_unique_session_token(module);
+	event_id = get_password_windows_event_id(request, reply);
+
+	audit = json_new_object();
+	if (json_is_invalid(&audit)) {
+		goto failure;
+	}
+	rc = json_add_version(&audit, PASSWORD_MAJOR, PASSWORD_MINOR);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_int(&audit, "eventId", event_id);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_int(&audit, "statusCode", reply->error);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_string(&audit, "status", ldb_strerror(reply->error));
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_address(&audit, "remoteAddress", remote);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_sid(&audit, "userSid", sid);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_string(&audit, "dn", dn);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_string(&audit, "action", action);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_guid(
+	    &audit, "transactionId", &audit_private->transaction_guid);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_guid(&audit, "sessionId", unique_session_token);
+	if (rc != 0) {
+		goto failure;
+	}
+
+	wrapper = json_new_object();
+	if (json_is_invalid(&wrapper)) {
+		goto failure;
+	}
+	rc = json_add_timestamp(&wrapper);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_string(&wrapper, "type", PASSWORD_JSON_TYPE);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_object(&wrapper, PASSWORD_JSON_TYPE, &audit);
+	if (rc != 0) {
+		goto failure;
+	}
+
+	return wrapper;
+failure:
+	/*
+	 * On a failure audit will not have been added to wrapper so it
+	 * needs to free it to avoid a leak.
+	 *
+	 * wrapper is freed to invalidate it as it will have only been
+	 * partially constructed and may be inconsistent.
+	 *
+	 * All the json manipulation routines handle a freed object correctly
+	 */
+	json_free(&wrapper);
+	json_free(&audit);
+	DBG_ERR("Unable to create password change JSON audit message\n");
+	return wrapper;
+}
+
+
+/*
+ * @brief create a JSON object containing details of a transaction event.
+ *
+ * Create a JSON object detailing a transaction transaction life cycle events,
+ * i.e. begin, commit, roll back
+ *
+ * @param action a one word description of the event/action
+ * @param transaction_id the GUID identifying the current transaction.
+ * @param status the status code returned by the operation
+ * @param duration the duration of the operation.
+ *
+ * @return a JSON object detailing the event
+ */
+static struct json_object transaction_json(
+	const char *action,
+	struct GUID *transaction_id,
+	const int64_t duration)
+{
+	struct json_object wrapper = json_empty_object;
+	struct json_object audit = json_empty_object;
+	int rc = 0;
+
+	audit = json_new_object();
+	if (json_is_invalid(&audit)) {
+		goto failure;
+	}
+
+	rc = json_add_version(&audit, TRANSACTION_MAJOR, TRANSACTION_MINOR);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_string(&audit, "action", action);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_guid(&audit, "transactionId", transaction_id);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_int(&audit, "duration", duration);
+	if (rc != 0) {
+		goto failure;
+	}
+
+	wrapper = json_new_object();
+	if (json_is_invalid(&wrapper)) {
+		goto failure;
+	}
+	rc = json_add_timestamp(&wrapper);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_string(&wrapper, "type", TRANSACTION_JSON_TYPE);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_object(&wrapper, TRANSACTION_JSON_TYPE, &audit);
+	if (rc != 0) {
+		goto failure;
+	}
+
+	return wrapper;
+failure:
+	/*
+	 * On a failure audit will not have been added to wrapper so it
+	 * needs to free it to avoid a leak.
+	 *
+	 * wrapper is freed to invalidate it as it will have only been
+	 * partially constructed and may be inconsistent.
+	 *
+	 * All the json manipulation routines handle a freed object correctly
+	 */
+	json_free(&wrapper);
+	json_free(&audit);
+	DBG_ERR("Unable to create transaction JSON audit message\n");
+	return wrapper;
+}
+
+
+/*
+ * @brief generate a JSON object detailing a commit failure.
+ *
+ * Generate a JSON object containing details of a commit failure.
+ *
+ * @param action the commit action, "commit" or "prepare"
+ * @param status the status code returned by commit
+ * @param reason any extra failure information/reason available
+ * @param transaction_id the GUID identifying the current transaction.
+ */
+static struct json_object commit_failure_json(
+	const char *action,
+	const int64_t duration,
+	int status,
+	const char *reason,
+	struct GUID *transaction_id)
+{
+	struct json_object wrapper = json_empty_object;
+	struct json_object audit = json_empty_object;
+	int rc = 0;
+
+	audit = json_new_object();
+	if (json_is_invalid(&audit)) {
+		goto failure;
+	}
+	rc = json_add_version(&audit, TRANSACTION_MAJOR, TRANSACTION_MINOR);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_string(&audit, "action", action);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_guid(&audit, "transactionId", transaction_id);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_int(&audit, "duration", duration);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_int(&audit, "statusCode", status);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_string(&audit, "status", ldb_strerror(status));
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_string(&audit, "reason", reason);
+	if (rc != 0) {
+		goto failure;
+	}
+
+	wrapper = json_new_object();
+	if (json_is_invalid(&wrapper)) {
+		goto failure;
+	}
+	rc = json_add_timestamp(&wrapper);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_string(&wrapper, "type", TRANSACTION_JSON_TYPE);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_object(&wrapper, TRANSACTION_JSON_TYPE, &audit);
+	if (rc != 0) {
+		goto failure;
+	}
+
+	return wrapper;
+failure:
+	/*
+	 * On a failure audit will not have been added to wrapper so it
+	 * needs to free it to avoid a leak.
+	 *
+	 * wrapper is freed to invalidate it as it will have only been
+	 * partially constructed and may be inconsistent.
+	 *
+	 * All the json manipulation routines handle a freed object correctly
+	 */
+	json_free(&audit);
+	json_free(&wrapper);
+	DBG_ERR("Unable to create commit failure JSON audit message\n");
+	return wrapper;
+}
+
+/*
+ * @brief Print a human readable log line for a password change event.
+ *
+ * Generate a human readable log line detailing a password change.
+ *
+ * @param mem_ctx The talloc context that will own the generated log line.
+ * @param module the ldb module
+ * @param request the request
+ * @param reply the result/response
+ * @param status the status code returned for the underlying ldb operation.
+ *
+ * @return the generated log line.
+ */
+static char *password_change_human_readable(
+	TALLOC_CTX *mem_ctx,
+	struct ldb_module *module,
+	const struct ldb_request *request,
+	const struct ldb_reply *reply)
+{
+	struct ldb_context *ldb = NULL;
+	const char *remote_host = NULL;
+	const struct dom_sid *sid = NULL;
+	struct dom_sid_buf user_sid;
+	const char *timestamp = NULL;
+	char *log_entry = NULL;
+	const char *action = NULL;
+	const char *dn = NULL;
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	ldb = ldb_module_get_ctx(module);
+
+	remote_host = dsdb_audit_get_remote_host(ldb, ctx);
+	sid = dsdb_audit_get_user_sid(module);
+	timestamp = audit_get_timestamp(ctx);
+	action = get_password_action(request, reply);
+	dn = dsdb_audit_get_primary_dn(request);
+
+	log_entry = talloc_asprintf(
+		mem_ctx,
+		"[%s] at [%s] status [%s] "
+		"remote host [%s] SID [%s] DN [%s]",
+		action,
+		timestamp,
+		ldb_strerror(reply->error),
+		remote_host,
+		dom_sid_str_buf(sid, &user_sid),
+		dn);
+	TALLOC_FREE(ctx);
+	return log_entry;
+}
+/*
+ * @brief Generate a human readable string, detailing attributes in a message
+ *
+ * For modify operations each attribute is prefixed with the action.
+ * Normal values are enclosed in []
+ * Base64 values are enclosed in {}
+ * Truncated values are indicated by three trailing dots "..."
+ *
+ * @param ldb The ldb_context
+ * @param buffer The attributes will be appended to the buffer.
+ *               assumed to have been allocated via talloc.
+ * @param operation The operation type
+ * @param message the message to process
+ *
+ */
+static char *log_attributes(
+	struct ldb_context *ldb,
+	char *buffer,
+	enum ldb_request_type operation,
+	const struct ldb_message *message)
+{
+	size_t i, j;
+	for (i=0;i<message->num_elements;i++) {
+		if (i > 0) {
+			buffer = talloc_asprintf_append_buffer(buffer, " ");
+		}
+
+		if (message->elements[i].name == NULL) {
+			ldb_debug(
+				ldb,
+				LDB_DEBUG_ERROR,
+				"Error: Invalid element name (NULL) at "
+				"position %zu", i);
+			return NULL;
+		}
+
+		if (operation == LDB_MODIFY) {
+			const char *action =NULL;
+			action = dsdb_audit_get_modification_action(
+				message->elements[i].flags);
+			buffer = talloc_asprintf_append_buffer(
+				buffer,
+				"%s: %s ",
+				action,
+				message->elements[i].name);
+		} else {
+			buffer = talloc_asprintf_append_buffer(
+				buffer,
+				"%s ",
+				message->elements[i].name);
+		}
+
+		if (dsdb_audit_redact_attribute(message->elements[i].name)) {
+			/*
+			 * Do not log the value of any secret or password
+			 * attributes
+			 */
+			buffer = talloc_asprintf_append_buffer(
+				buffer,
+				"[REDACTED SECRET ATTRIBUTE]");
+			continue;
+		}
+
+		for (j=0;j<message->elements[i].num_values;j++) {
+			struct ldb_val v;
+			bool use_b64_encode = false;
+			size_t length;
+			if (j > 0) {
+				buffer = talloc_asprintf_append_buffer(
+					buffer,
+					" ");
+			}
+
+			v = message->elements[i].values[j];
+			length = min(MAX_LENGTH, v.length);
+			use_b64_encode = ldb_should_b64_encode(ldb, &v);
+			if (use_b64_encode) {
+				const char *encoded = ldb_base64_encode(
+					buffer,
+					(char *)v.data,
+					length);
+				buffer = talloc_asprintf_append_buffer(
+					buffer,
+				        "{%s%s}",
+					encoded,
+					(v.length > MAX_LENGTH ? "..." : ""));
+			} else {
+				buffer = talloc_asprintf_append_buffer(
+					buffer,
+					"[%*.*s%s]",
+					(int)length,
+					(int)length,
+					(char *)v.data,
+					(v.length > MAX_LENGTH ? "..." : ""));
+			}
+		}
+	}
+	return buffer;
+}
+
+/*
+ * @brief generate a human readable log entry detailing an ldb operation.
+ *
+ * Generate a human readable log entry detailing an ldb operation.
+ *
+ * @param mem_ctx The talloc context owning the returned string.
+ * @param module the ldb module
+ * @param request the request
+ * @param reply the result of the operation
+ *
+ * @return the log entry.
+ *
+ */
+static char *operation_human_readable(
+	TALLOC_CTX *mem_ctx,
+	struct ldb_module *module,
+	const struct ldb_request *request,
+	const struct ldb_reply *reply)
+{
+	struct ldb_context *ldb = NULL;
+	const char *remote_host = NULL;
+	const struct tsocket_address *remote = NULL;
+	const struct dom_sid *sid = NULL;
+	struct dom_sid_buf user_sid;
+	const char *timestamp = NULL;
+	const char *op_name = NULL;
+	char *log_entry = NULL;
+	const char *dn = NULL;
+	const char *new_dn = NULL;
+	const struct ldb_message *message = NULL;
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	ldb = ldb_module_get_ctx(module);
+
+	remote_host = dsdb_audit_get_remote_host(ldb, ctx);
+	remote = dsdb_audit_get_remote_address(ldb);
+	if (remote != NULL && dsdb_audit_is_system_session(module)) {
+		sid = dsdb_audit_get_actual_sid(ldb);
+	} else {
+		sid = dsdb_audit_get_user_sid(module);
+	}
+	timestamp = audit_get_timestamp(ctx);
+	op_name = dsdb_audit_get_operation_name(request);
+	dn = dsdb_audit_get_primary_dn(request);
+	new_dn = dsdb_audit_get_secondary_dn(request);
+
+	message = dsdb_audit_get_message(request);
+
+	log_entry = talloc_asprintf(
+		mem_ctx,
+		"[%s] at [%s] status [%s] "
+		"remote host [%s] SID [%s] DN [%s]",
+		op_name,
+		timestamp,
+		ldb_strerror(reply->error),
+		remote_host,
+		dom_sid_str_buf(sid, &user_sid),
+		dn);
+	if (new_dn != NULL) {
+		log_entry = talloc_asprintf_append_buffer(
+			log_entry,
+			" New DN [%s]",
+			new_dn);
+	}
+	if (message != NULL) {
+		log_entry = talloc_asprintf_append_buffer(log_entry,
+							  " attributes [");
+		log_entry = log_attributes(ldb,
+					   log_entry,
+					   request->operation,
+					   message);
+		log_entry = talloc_asprintf_append_buffer(log_entry, "]");
+	}
+	TALLOC_FREE(ctx);
+	return log_entry;
+}
+
+/*
+ * @brief generate a human readable log entry detailing a replicated update
+ *        operation.
+ *
+ * Generate a human readable log entry detailing a replicated update operation
+ *
+ * @param mem_ctx The talloc context owning the returned string.
+ * @param module the ldb module
+ * @param request the request
+ * @param reply the result of the operation.
+ *
+ * @return the log entry.
+ *
+ */
+static char *replicated_update_human_readable(
+	TALLOC_CTX *mem_ctx,
+	struct ldb_module *module,
+	const struct ldb_request *request,
+	const struct ldb_reply *reply)
+{
+	struct dsdb_extended_replicated_objects *ro = talloc_get_type(
+		request->op.extended.data,
+		struct dsdb_extended_replicated_objects);
+	const char *partition_dn = NULL;
+	const char *error = NULL;
+	char *log_entry = NULL;
+	char *timestamp = NULL;
+	struct GUID_txt_buf object_buf;
+	const char *object = NULL;
+	struct GUID_txt_buf invocation_buf;
+	const char *invocation = NULL;
+
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	timestamp = audit_get_timestamp(ctx);
+	error = get_friendly_werror_msg(ro->error);
+	partition_dn = ldb_dn_get_linearized(ro->partition_dn);
+	object = GUID_buf_string(
+		&ro->source_dsa->source_dsa_obj_guid,
+		&object_buf);
+	invocation = GUID_buf_string(
+		&ro->source_dsa->source_dsa_invocation_id,
+		&invocation_buf);
+
+
+	log_entry = talloc_asprintf(
+		mem_ctx,
+		"at [%s] status [%s] error [%s] partition [%s] objects [%d] "
+		"links [%d] object [%s] invocation [%s]",
+		timestamp,
+		ldb_strerror(reply->error),
+		error,
+		partition_dn,
+		ro->num_objects,
+		ro->linked_attributes_count,
+		object,
+		invocation);
+
+	TALLOC_FREE(ctx);
+	return log_entry;
+}
+/*
+ * @brief create a human readable log entry detailing a transaction event.
+ *
+ * Create a human readable log entry detailing a transaction event.
+ * i.e. begin, commit, roll back
+ *
+ * @param mem_ctx The talloc context owning the returned string.
+ * @param action a one word description of the event/action
+ * @param duration the duration of the transaction.
+ *
+ * @return the log entry
+ */
+static char *transaction_human_readable(
+	TALLOC_CTX *mem_ctx,
+	const char* action,
+	const int64_t duration)
+{
+	const char *timestamp = NULL;
+	char *log_entry = NULL;
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	timestamp = audit_get_timestamp(ctx);
+
+	log_entry = talloc_asprintf(
+		mem_ctx,
+		"[%s] at [%s] duration [%"PRIi64"]",
+		action,
+		timestamp,
+		duration);
+
+	TALLOC_FREE(ctx);
+	return log_entry;
+}
+
+/*
+ * @brief generate a human readable log entry detailing a commit failure.
+ *
+ * Generate generate a human readable log entry detailing a commit failure.
+ *
+ * @param mem_ctx The talloc context owning the returned string.
+ * @param action the commit action, "prepare" or "commit"
+ * @param status the status code returned by commit
+ * @param reason any extra failure information/reason available
+ *
+ * @return the log entry
+ */
+static char *commit_failure_human_readable(
+	TALLOC_CTX *mem_ctx,
+	const char *action,
+	const int64_t duration,
+	int status,
+	const char *reason)
+{
+	const char *timestamp = NULL;
+	char *log_entry = NULL;
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	timestamp = audit_get_timestamp(ctx);
+
+	log_entry = talloc_asprintf(
+		mem_ctx,
+		"[%s] at [%s] duration [%"PRIi64"] status [%d] reason [%s]",
+		action,
+		timestamp,
+		duration,
+		status,
+		reason);
+
+	TALLOC_FREE(ctx);
+	return log_entry;
+}
+
+/*
+ * @brief log details of a standard ldb operation.
+ *
+ * Log the details of an ldb operation in JSON and or human readable format
+ * and send over the message bus.
+ *
+ * @param module the ldb_module
+ * @param request the operation request.
+ * @param reply the operation result.
+ * @param the status code returned for the operation.
+ *
+ */
+static void log_standard_operation(
+	struct ldb_module *module,
+	const struct ldb_request *request,
+	const struct ldb_reply *reply)
+{
+
+	const struct ldb_message *message = dsdb_audit_get_message(request);
+	bool password_changed = has_password_changed(message);
+	struct audit_private *audit_private =
+		talloc_get_type_abort(ldb_module_get_private(module),
+				      struct audit_private);
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	if (CHECK_DEBUGLVLC(DBGC_DSDB_AUDIT, OPERATION_LOG_LVL)) {
+		char *entry = NULL;
+		entry = operation_human_readable(
+			ctx,
+			module,
+			request,
+			reply);
+		audit_log_human_text(
+			OPERATION_HR_TAG,
+			entry,
+			DBGC_DSDB_AUDIT,
+			OPERATION_LOG_LVL);
+		TALLOC_FREE(entry);
+	}
+	if (CHECK_DEBUGLVLC(DBGC_DSDB_PWD_AUDIT, PASSWORD_LOG_LVL)) {
+		if (password_changed) {
+			char *entry = NULL;
+			entry = password_change_human_readable(
+				ctx,
+				module,
+				request,
+				reply);
+			audit_log_human_text(
+				PASSWORD_HR_TAG,
+				entry,
+				DBGC_DSDB_PWD_AUDIT,
+				PASSWORD_LOG_LVL);
+			TALLOC_FREE(entry);
+		}
+	}
+	if (CHECK_DEBUGLVLC(DBGC_DSDB_AUDIT_JSON, OPERATION_LOG_LVL) ||
+		(audit_private->msg_ctx
+		 && audit_private->send_samdb_events)) {
+		struct json_object json;
+		json = operation_json(module, request, reply);
+		audit_log_json(
+			&json,
+			DBGC_DSDB_AUDIT_JSON,
+			OPERATION_LOG_LVL);
+		if (audit_private->msg_ctx
+		    && audit_private->send_samdb_events) {
+			audit_message_send(
+				audit_private->msg_ctx,
+				DSDB_EVENT_NAME,
+				MSG_DSDB_LOG,
+				&json);
+		}
+		json_free(&json);
+	}
+	if (CHECK_DEBUGLVLC(DBGC_DSDB_PWD_AUDIT_JSON, PASSWORD_LOG_LVL) ||
+		(audit_private->msg_ctx
+		 && audit_private->send_password_events)) {
+		if (password_changed) {
+			struct json_object json;
+			json = password_change_json(module, request, reply);
+			audit_log_json(
+				&json,
+				DBGC_DSDB_PWD_AUDIT_JSON,
+				PASSWORD_LOG_LVL);
+			if (audit_private->send_password_events) {
+				audit_message_send(
+					audit_private->msg_ctx,
+					DSDB_PWD_EVENT_NAME,
+					MSG_DSDB_PWD_LOG,
+					&json);
+			}
+			json_free(&json);
+		}
+	}
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * @brief log details of a replicated update.
+ *
+ * Log the details of a replicated update in JSON and or human readable
+ * format and send over the message bus.
+ *
+ * @param module the ldb_module
+ * @param request the operation request
+ * @param reply the result of the operation.
+ *
+ */
+static void log_replicated_operation(
+	struct ldb_module *module,
+	const struct ldb_request *request,
+	const struct ldb_reply *reply)
+{
+
+	struct audit_private *audit_private =
+		talloc_get_type_abort(ldb_module_get_private(module),
+				struct audit_private);
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	if (CHECK_DEBUGLVLC(DBGC_DSDB_AUDIT, REPLICATION_LOG_LVL)) {
+		char *entry = NULL;
+		entry = replicated_update_human_readable(
+			ctx,
+			module,
+			request,
+			reply);
+		audit_log_human_text(
+			REPLICATION_HR_TAG,
+			entry,
+			DBGC_DSDB_AUDIT,
+			REPLICATION_LOG_LVL);
+		TALLOC_FREE(entry);
+	}
+	if (CHECK_DEBUGLVLC(DBGC_DSDB_AUDIT_JSON, REPLICATION_LOG_LVL) ||
+		(audit_private->msg_ctx && audit_private->send_samdb_events)) {
+		struct json_object json;
+		json = replicated_update_json(module, request, reply);
+		audit_log_json(
+			&json,
+			DBGC_DSDB_AUDIT_JSON,
+			REPLICATION_LOG_LVL);
+		if (audit_private->send_samdb_events) {
+			audit_message_send(
+				audit_private->msg_ctx,
+				DSDB_EVENT_NAME,
+				MSG_DSDB_LOG,
+				&json);
+		}
+		json_free(&json);
+	}
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * @brief log details of an ldb operation.
+ *
+ * Log the details of an ldb operation in JSON and or human readable format
+ * and send over the message bus.
+ *
+ * @param module the ldb_module
+ * @param request the operation request
+ * @part reply the result of the operation
+ *
+ */
+static void log_operation(
+	struct ldb_module *module,
+	const struct ldb_request *request,
+	const struct ldb_reply *reply)
+{
+
+	if (request->operation == LDB_EXTENDED) {
+		if (strcmp(
+			request->op.extended.oid,
+			DSDB_EXTENDED_REPLICATED_OBJECTS_OID) != 0) {
+
+			log_replicated_operation(module, request, reply);
+		}
+	} else {
+		log_standard_operation(module, request, reply);
+	}
+}
+
+/*
+ * @brief log details of a transaction event.
+ *
+ * Log the details of a transaction event in JSON and or human readable format
+ * and send over the message bus.
+ *
+ * @param module the ldb_module
+ * @param action the transaction event i.e. begin, commit, roll back.
+ * @param log_level the logging level
+ *
+ */
+static void log_transaction(
+	struct ldb_module *module,
+	const char *action,
+	int log_level)
+{
+
+	struct audit_private *audit_private =
+		talloc_get_type_abort(ldb_module_get_private(module),
+				      struct audit_private);
+	const struct timeval now = timeval_current();
+	const int64_t duration = usec_time_diff(&now, &audit_private->transaction_start);
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	if (CHECK_DEBUGLVLC(DBGC_DSDB_TXN_AUDIT, log_level)) {
+		char* entry = NULL;
+		entry = transaction_human_readable(ctx, action, duration);
+		audit_log_human_text(
+			TRANSACTION_HR_TAG,
+			entry,
+			DBGC_DSDB_TXN_AUDIT,
+			log_level);
+		TALLOC_FREE(entry);
+	}
+	if (CHECK_DEBUGLVLC(DBGC_DSDB_TXN_AUDIT_JSON, log_level) ||
+		(audit_private->msg_ctx && audit_private->send_samdb_events)) {
+		struct json_object json;
+		json = transaction_json(
+			action,
+			&audit_private->transaction_guid,
+			duration);
+		audit_log_json(
+			&json,
+			DBGC_DSDB_TXN_AUDIT_JSON,
+			log_level);
+		if (audit_private->send_samdb_events) {
+			audit_message_send(
+				audit_private->msg_ctx,
+				DSDB_EVENT_NAME,
+				MSG_DSDB_LOG,
+				&json);
+		}
+		json_free(&json);
+	}
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * @brief log details of a commit failure.
+ *
+ * Log the details of a commit failure in JSON and or human readable
+ * format and send over the message bus.
+ *
+ * @param module the ldb_module
+ * @param action the commit action "prepare" or "commit"
+ * @param status the ldb status code returned by prepare commit.
+ *
+ */
+static void log_commit_failure(
+	struct ldb_module *module,
+	const char *action,
+	int status)
+{
+
+	struct audit_private *audit_private =
+		talloc_get_type_abort(ldb_module_get_private(module),
+				      struct audit_private);
+	const char* reason = dsdb_audit_get_ldb_error_string(module, status);
+	const int log_level = TRANSACTION_LOG_FAILURE_LVL;
+	const struct timeval now = timeval_current();
+	const int64_t duration = usec_time_diff(&now,
+						&audit_private->transaction_start);
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	if (CHECK_DEBUGLVLC(DBGC_DSDB_TXN_AUDIT, log_level)) {
+
+		char* entry = NULL;
+		entry = commit_failure_human_readable(
+			ctx,
+			action,
+			duration,
+			status,
+			reason);
+		audit_log_human_text(
+			TRANSACTION_HR_TAG,
+			entry,
+			DBGC_DSDB_TXN_AUDIT,
+			TRANSACTION_LOG_FAILURE_LVL);
+		TALLOC_FREE(entry);
+	}
+	if (CHECK_DEBUGLVLC(DBGC_DSDB_TXN_AUDIT_JSON, log_level) ||
+		(audit_private->msg_ctx
+		 && audit_private->send_samdb_events)) {
+		struct json_object json;
+		json = commit_failure_json(
+			action,
+			duration,
+			status,
+			reason,
+			&audit_private->transaction_guid);
+		audit_log_json(
+			&json,
+			DBGC_DSDB_TXN_AUDIT_JSON,
+			log_level);
+		if (audit_private->send_samdb_events) {
+			audit_message_send(audit_private->msg_ctx,
+					   DSDB_EVENT_NAME,
+					   MSG_DSDB_LOG,
+					   &json);
+		}
+		json_free(&json);
+	}
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * Context needed by audit_callback
+ */
+struct audit_callback_context {
+	struct ldb_request *request;
+	struct ldb_module *module;
+};
+
+/*
+ * @brief call back function for the ldb_operations.
+ *
+ * As the LDB operations are async, and we wish to examine the results of
+ * the operations, a callback needs to be registered to process the results
+ * of the LDB operations.
+ *
+ * @param req the ldb request
+ * @param res the result of the operation
+ *
+ * @return the LDB_STATUS
+ */
+static int audit_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	struct audit_callback_context *ac = NULL;
+
+	ac = talloc_get_type(
+		req->context,
+		struct audit_callback_context);
+
+	if (!ares) {
+		return ldb_module_done(
+			ac->request,
+			NULL,
+			NULL,
+			LDB_ERR_OPERATIONS_ERROR);
+	}
+
+	/* pass on to the callback */
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+		return ldb_module_send_entry(
+			ac->request,
+			ares->message,
+			ares->controls);
+
+	case LDB_REPLY_REFERRAL:
+		return ldb_module_send_referral(
+			ac->request,
+			ares->referral);
+
+	case LDB_REPLY_DONE:
+		/*
+		 * Log the operation once DONE
+		 */
+		log_operation(ac->module, ac->request, ares);
+		return ldb_module_done(
+			ac->request,
+			ares->controls,
+			ares->response,
+			ares->error);
+
+	default:
+		/* Can't happen */
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+}
+
+/*
+ * @brief Add the current transaction identifier to the request.
+ *
+ * Add the current transaction identifier in the module private data,
+ * to the request as a control.
+ *
+ * @param module
+ * @param req the request.
+ *
+ * @return an LDB_STATUS code, LDB_SUCCESS if successful.
+ */
+static int add_transaction_id(
+	struct ldb_module *module,
+	struct ldb_request *req)
+{
+	struct audit_private *audit_private =
+		talloc_get_type_abort(ldb_module_get_private(module),
+				      struct audit_private);
+	struct dsdb_control_transaction_identifier *transaction_id;
+	int ret;
+
+	transaction_id = talloc_zero(
+		req,
+		struct dsdb_control_transaction_identifier);
+	if (transaction_id == NULL) {
+		struct ldb_context *ldb = ldb_module_get_ctx(module);
+		return ldb_oom(ldb);
+	}
+	transaction_id->transaction_guid = audit_private->transaction_guid;
+	ret = ldb_request_add_control(req,
+				      DSDB_CONTROL_TRANSACTION_IDENTIFIER_OID,
+				      false,
+				      transaction_id);
+	return ret;
+
+}
+
+/*
+ * @brief log details of an add operation.
+ *
+ * Log the details of an add operation.
+ *
+ * @param module the ldb_module
+ * @param req the ldb_request
+ *
+ * @return ldb status code
+ */
+static int log_add(
+	struct ldb_module *module,
+	struct ldb_request *req)
+{
+	struct audit_callback_context *context = NULL;
+	struct ldb_request *new_req = NULL;
+	struct ldb_context *ldb = NULL;
+	int ret;
+
+	ldb = ldb_module_get_ctx(module);
+	context = talloc_zero(req, struct audit_callback_context);
+
+	if (context == NULL) {
+		return ldb_oom(ldb);
+	}
+	context->request = req;
+	context->module  = module;
+	/*
+	 * We want to log the return code status, so we need to register
+	 * a callback function to get the actual result.
+	 * We need to take a new copy so that we don't alter the callers copy
+	 */
+	ret = ldb_build_add_req(
+		&new_req,
+		ldb,
+		req,
+		req->op.add.message,
+		req->controls,
+		context,
+		audit_callback,
+		req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	ret = add_transaction_id(module, new_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	return ldb_next_request(module, new_req);
+}
+
+/*
+ * @brief log details of an delete operation.
+ *
+ * Log the details of an delete operation.
+ *
+ * @param module the ldb_module
+ * @param req the ldb_request
+ *
+ * @return ldb status code
+ */
+static int log_delete(
+	struct ldb_module *module,
+	struct ldb_request *req)
+{
+	struct audit_callback_context *context = NULL;
+	struct ldb_request *new_req = NULL;
+	struct ldb_context *ldb = NULL;
+	int ret;
+
+	ldb = ldb_module_get_ctx(module);
+	context = talloc_zero(req, struct audit_callback_context);
+
+	if (context == NULL) {
+		return ldb_oom(ldb);
+	}
+	context->request = req;
+	context->module  = module;
+	/*
+	 * We want to log the return code status, so we need to register
+	 * a callback function to get the actual result.
+	 * We need to take a new copy so that we don't alter the callers copy
+	 */
+	ret = ldb_build_del_req(&new_req,
+				ldb,
+				req,
+				req->op.del.dn,
+				req->controls,
+				context,
+				audit_callback,
+				req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	ret = add_transaction_id(module, new_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	return ldb_next_request(module, new_req);
+}
+
+/*
+ * @brief log details of a modify operation.
+ *
+ * Log the details of a modify operation.
+ *
+ * @param module the ldb_module
+ * @param req the ldb_request
+ *
+ * @return ldb status code
+ */
+static int log_modify(
+	struct ldb_module *module,
+	struct ldb_request *req)
+{
+	struct audit_callback_context *context = NULL;
+	struct ldb_request *new_req = NULL;
+	struct ldb_context *ldb = NULL;
+	int ret;
+
+	ldb = ldb_module_get_ctx(module);
+	context = talloc_zero(req, struct audit_callback_context);
+
+	if (context == NULL) {
+		return ldb_oom(ldb);
+	}
+	context->request = req;
+	context->module  = module;
+	/*
+	 * We want to log the return code status, so we need to register
+	 * a callback function to get the actual result.
+	 * We need to take a new copy so that we don't alter the callers copy
+	 */
+	ret = ldb_build_mod_req(
+		& new_req,
+		ldb,
+		req,
+		req->op.mod.message,
+		req->controls,
+		context,
+		audit_callback,
+		req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	ret = add_transaction_id(module, new_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	return ldb_next_request(module, new_req);
+}
+
+/*
+ * @brief process a transaction start.
+ *
+ * process a transaction start, as we don't currently log transaction starts
+ * just generate the new transaction_id.
+ *
+ * @param module the ldb_module
+ * @param req the ldb_request
+ *
+ * @return ldb status code
+ */
+static int log_start_transaction(struct ldb_module *module)
+{
+	struct audit_private *audit_private =
+		talloc_get_type_abort(ldb_module_get_private(module),
+				      struct audit_private);
+
+	/*
+	 * We do not log transaction begins
+	 * however we do generate a new transaction_id and record the start
+	 * time so that we can log the transaction duration.
+	 *
+	 */
+	audit_private->transaction_guid = GUID_random();
+	audit_private->transaction_start = timeval_current();
+	return ldb_next_start_trans(module);
+}
+
+/*
+ * @brief log details of a prepare commit.
+ *
+ * Log the details of a prepare commit, currently only details of
+ * failures are logged.
+ *
+ * @param module the ldb_module
+ * @param req the ldb_request
+ *
+ * @return ldb status code
+ */
+static int log_prepare_commit(struct ldb_module *module)
+{
+
+	int ret = ldb_next_prepare_commit(module);
+	if (ret != LDB_SUCCESS) {
+		/*
+		 * We currently only log prepare commit failures
+		 */
+		log_commit_failure(module, "prepare", ret);
+	}
+	return ret;
+}
+
+/*
+ * @brief process a transaction end aka commit.
+ *
+ * process a transaction end, as we don't currently log transaction ends
+ * just clear transaction_id.
+ *
+ * @param module the ldb_module
+ * @param req the ldb_request
+ *
+ * @return ldb status code
+ */
+static int log_end_transaction(struct ldb_module *module)
+{
+	struct audit_private *audit_private =
+		talloc_get_type_abort(ldb_module_get_private(module),
+				      struct audit_private);
+	int ret = 0;
+
+
+	ret = ldb_next_end_trans(module);
+	if (ret == LDB_SUCCESS) {
+		log_transaction(
+			module,
+			"commit",
+			TRANSACTION_LOG_COMPLETION_LVL);
+	} else {
+		log_commit_failure(module, "commit", ret);
+	}
+	/*
+	 * Clear the transaction id inserted by log_start_transaction
+	 */
+	audit_private->transaction_guid = GUID_zero();
+	return ret;
+}
+
+/*
+ * @brief log details of a transaction delete aka roll back.
+ *
+ * Log details of a transaction roll back.
+ *
+ * @param module the ldb_module
+ * @param req the ldb_request
+ *
+ * @return ldb status code
+ */
+static int log_del_transaction(struct ldb_module *module)
+{
+	struct audit_private *audit_private =
+		talloc_get_type_abort(ldb_module_get_private(module),
+				      struct audit_private);
+
+	log_transaction(module, "rollback", TRANSACTION_LOG_FAILURE_LVL);
+	audit_private->transaction_guid = GUID_zero();
+	return ldb_next_del_trans(module);
+}
+
+/*
+ * @brief log details of an extended operation.
+ *
+ * Log the details of an extended operation.
+ *
+ * @param module the ldb_module
+ * @param req the ldb_request
+ *
+ * @return ldb status code
+ */
+static int log_extended(
+	struct ldb_module *module,
+	struct ldb_request *req)
+{
+	struct audit_callback_context *context = NULL;
+	struct ldb_request *new_req = NULL;
+	struct ldb_context *ldb = NULL;
+	int ret;
+
+	/*
+	 * Currently we only log replication extended operations
+	 */
+	if (strcmp(
+		req->op.extended.oid,
+		DSDB_EXTENDED_REPLICATED_OBJECTS_OID) != 0) {
+
+		return ldb_next_request(module, req);
+	}
+	ldb = ldb_module_get_ctx(module);
+	context = talloc_zero(req, struct audit_callback_context);
+
+	if (context == NULL) {
+		return ldb_oom(ldb);
+	}
+	context->request = req;
+	context->module  = module;
+	/*
+	 * We want to log the return code status, so we need to register
+	 * a callback function to get the actual result.
+	 * We need to take a new copy so that we don't alter the callers copy
+	 */
+	ret = ldb_build_extended_req(
+		&new_req,
+		ldb,
+		req,
+		req->op.extended.oid,
+		req->op.extended.data,
+		req->controls,
+		context,
+		audit_callback,
+		req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	ret = add_transaction_id(module, new_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	return ldb_next_request(module, new_req);
+}
+
+/*
+ * @brief module initialisation
+ */
+static int log_init(struct ldb_module *module)
+{
+
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct audit_private *audit_private = NULL;
+	struct loadparm_context *lp_ctx
+		= talloc_get_type_abort(ldb_get_opaque(ldb, "loadparm"),
+					struct loadparm_context);
+	struct tevent_context *ev = ldb_get_event_context(ldb);
+	bool sdb_events = false;
+	bool pwd_events = false;
+
+	audit_private = talloc_zero(module, struct audit_private);
+	if (audit_private == NULL) {
+		return ldb_module_oom(module);
+	}
+
+	if (lp_ctx != NULL) {
+		sdb_events = lpcfg_dsdb_event_notification(lp_ctx);
+		pwd_events = lpcfg_dsdb_password_event_notification(lp_ctx);
+	}
+	if (sdb_events || pwd_events) {
+		audit_private->send_samdb_events = sdb_events;
+		audit_private->send_password_events = pwd_events;
+		audit_private->msg_ctx
+			= imessaging_client_init(audit_private,
+						 lp_ctx,
+						 ev);
+	}
+
+	ldb_module_set_private(module, audit_private);
+	return ldb_next_init(module);
+}
+
+static const struct ldb_module_ops ldb_audit_log_module_ops = {
+	.name              = "audit_log",
+	.init_context	   = log_init,
+	.add		   = log_add,
+	.modify		   = log_modify,
+	.del		   = log_delete,
+	.start_transaction = log_start_transaction,
+	.prepare_commit    = log_prepare_commit,
+	.end_transaction   = log_end_transaction,
+	.del_transaction   = log_del_transaction,
+	.extended	   = log_extended,
+};
+
+int ldb_audit_log_module_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_audit_log_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/audit_util.c b/source4/dsdb/samdb/ldb_modules/audit_util.c
new file mode 100644
index 0000000..9b8b06b
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/audit_util.c
@@ -0,0 +1,697 @@
+/*
+   ldb database module utility library
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2018
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ * Common utility functions for SamDb audit logging.
+ *
+ */
+
+#include "includes.h"
+#include "ldb_module.h"
+#include "lib/audit_logging/audit_logging.h"
+
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+#include "libcli/security/dom_sid.h"
+#include "libcli/security/security_token.h"
+#include "auth/common_auth.h"
+#include "param/param.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+#include "dsdb/samdb/ldb_modules/audit_util_proto.h"
+
+#define MAX_LENGTH 1024
+
+#define min(a, b) (((a)>(b))?(b):(a))
+
+/*
+ * List of attributes considered secret or confidential the values of these
+ * attributes should not be displayed in log messages.
+ */
+static const char * const secret_attributes[] = {
+	DSDB_SECRET_ATTRIBUTES,
+	NULL};
+/*
+ * List of attributes that contain a password, used to detect password changes
+ */
+static const char * const password_attributes[] = {
+	DSDB_PASSWORD_ATTRIBUTES,
+	NULL};
+
+/*
+ * @brief Should the value of the specified value be redacted.
+ *
+ * The values of secret or password attributes should not be displayed.
+ *
+ * @param name The attributes name.
+ *
+ * @return True if the attribute should be redacted
+ */
+bool dsdb_audit_redact_attribute(const char * name)
+{
+
+	if (ldb_attr_in_list(secret_attributes, name)) {
+		return true;
+	}
+
+	if (ldb_attr_in_list(password_attributes, name)) {
+		return true;
+	}
+
+	return false;
+}
+
+/*
+ * @brief is the attribute a password attribute?
+ *
+ * Is the attribute a password attribute.
+ *
+ * @return True if the attribute is a "Password" attribute.
+ */
+bool dsdb_audit_is_password_attribute(const char * name)
+{
+
+	bool is_password = ldb_attr_in_list(password_attributes, name);
+	return is_password;
+}
+
+/*
+ * @brief Get the remote address from the ldb context.
+ *
+ * The remote address is stored in the ldb opaque value "remoteAddress"
+ * it is the responsibility of the higher level code to ensure that this
+ * value is set.
+ *
+ * @param ldb the ldb_context.
+ *
+ * @return the remote address if known, otherwise NULL.
+ */
+const struct tsocket_address *dsdb_audit_get_remote_address(
+	struct ldb_context *ldb)
+{
+	void *opaque_remote_address = NULL;
+	struct tsocket_address *remote_address;
+
+	opaque_remote_address = ldb_get_opaque(ldb,
+					       "remoteAddress");
+	if (opaque_remote_address == NULL) {
+		return NULL;
+	}
+
+	remote_address = talloc_get_type(opaque_remote_address,
+					 struct tsocket_address);
+	return remote_address;
+}
+
+/*
+ * @brief Get the actual user SID from ldb context.
+ *
+ * The actual user SID is stored in the ldb opaque value "networkSessionInfo"
+ * it is the responsibility of the higher level code to ensure that this
+ * value is set.
+ *
+ * @param ldb the ldb_context.
+ *
+ * @return the users actual sid.
+ */
+const struct dom_sid *dsdb_audit_get_actual_sid(struct ldb_context *ldb)
+{
+	void *opaque_session = NULL;
+	struct auth_session_info *session = NULL;
+	struct security_token *user_token = NULL;
+
+	opaque_session = ldb_get_opaque(ldb, DSDB_NETWORK_SESSION_INFO);
+	if (opaque_session == NULL) {
+		return NULL;
+	}
+
+	session = talloc_get_type(opaque_session, struct auth_session_info);
+	if (session == NULL) {
+		return NULL;
+	}
+
+	user_token = session->security_token;
+	if (user_token == NULL) {
+		return NULL;
+	}
+	return &user_token->sids[PRIMARY_USER_SID_INDEX];
+}
+/*
+ * @brief get the ldb error string.
+ *
+ * Get the ldb error string if set, otherwise get the generic error code
+ * for the status code.
+ *
+ * @param ldb the ldb_context.
+ * @param status the ldb_status code.
+ *
+ * @return a string describing the error.
+ */
+const char *dsdb_audit_get_ldb_error_string(
+	struct ldb_module *module,
+	int status)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	const char *err_string = ldb_errstring(ldb);
+
+	if (err_string == NULL) {
+		return ldb_strerror(status);
+	}
+	return err_string;
+}
+
+/*
+ * @brief get the SID of the user performing the operation.
+ *
+ * Get the SID of the user performing the operation.
+ *
+ * @param module the ldb_module.
+ *
+ * @return the SID of the currently logged on user.
+ */
+const struct dom_sid *dsdb_audit_get_user_sid(const struct ldb_module *module)
+{
+	struct security_token *user_token = NULL;
+
+	/*
+	 * acl_user_token does not alter module so it's safe
+	 * to discard the const.
+	 */
+	user_token = acl_user_token(discard_const(module));
+	if (user_token == NULL) {
+		return NULL;
+	}
+	return &user_token->sids[PRIMARY_USER_SID_INDEX];
+
+}
+
+/*
+ * @brief is operation being performed using the system session.
+ *
+ * Is the operation being performed using the system session.
+ *
+ * @param module the ldb_module.
+ *
+ * @return true if the operation is being performed using the system session.
+ */
+bool dsdb_audit_is_system_session(const struct ldb_module *module)
+{
+	struct security_token *user_token = NULL;
+
+	/*
+	 * acl_user_token does not alter module and security_token_is_system
+	 * does not alter the security token so it's safe to discard the const.
+	 */
+	user_token = acl_user_token(discard_const(module));
+	if (user_token == NULL) {
+		return false;
+	}
+	return security_token_is_system(user_token);;
+
+}
+
+/*
+ * @brief get the session identifier GUID
+ *
+ * Get the GUID that uniquely identifies the current authenticated session.
+ *
+ * @param module the ldb_module.
+ *
+ * @return the unique session GUID
+ */
+const struct GUID *dsdb_audit_get_unique_session_token(
+	const struct ldb_module *module)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(discard_const(module));
+	struct auth_session_info *session_info
+		= (struct auth_session_info *)ldb_get_opaque(
+			ldb,
+			DSDB_SESSION_INFO);
+	if(!session_info) {
+		return NULL;
+	}
+	return &session_info->unique_session_token;
+}
+
+/*
+ * @brief get the actual user session identifier
+ *
+ * Get the GUID that uniquely identifies the current authenticated session.
+ * This is the session of the connected user, as it may differ from the
+ * session the operation is being performed as, i.e. for operations performed
+ * under the system session.
+ *
+ * @param context the ldb_context.
+ *
+ * @return the unique session GUID
+ */
+const struct GUID *dsdb_audit_get_actual_unique_session_token(
+	struct ldb_context *ldb)
+{
+	struct auth_session_info *session_info
+		= (struct auth_session_info *)ldb_get_opaque(
+			ldb,
+			DSDB_NETWORK_SESSION_INFO);
+	if(!session_info) {
+		return NULL;
+	}
+	return &session_info->unique_session_token;
+}
+
+/*
+ * @brief Get a printable string value for the remote host address.
+ *
+ * Get a printable string representation of the remote host, for display in the
+ * the audit logs.
+ *
+ * @param ldb the ldb context.
+ * @param mem_ctx the talloc memory context that will own the returned string.
+ *
+ * @return A string representation of the remote host address or "Unknown"
+ *
+ */
+char *dsdb_audit_get_remote_host(struct ldb_context *ldb, TALLOC_CTX *mem_ctx)
+{
+	const struct tsocket_address *remote_address;
+	char* remote_host = NULL;
+
+	remote_address = dsdb_audit_get_remote_address(ldb);
+	if (remote_address == NULL) {
+		remote_host = talloc_asprintf(mem_ctx, "Unknown");
+		return remote_host;
+	}
+
+	remote_host = tsocket_address_string(remote_address, mem_ctx);
+	return remote_host;
+}
+
+/*
+ * @brief get a printable representation of the primary DN.
+ *
+ * Get a printable representation of the primary DN. The primary DN is the
+ * DN of the object being added, deleted, modified or renamed.
+ *
+ * @param the ldb_request.
+ *
+ * @return a printable and linearized DN
+ */
+const char* dsdb_audit_get_primary_dn(const struct ldb_request *request)
+{
+	struct ldb_dn *dn = NULL;
+	switch (request->operation) {
+	case LDB_ADD:
+		if (request->op.add.message != NULL) {
+			dn = request->op.add.message->dn;
+		}
+		break;
+	case LDB_MODIFY:
+		if (request->op.mod.message != NULL) {
+			dn = request->op.mod.message->dn;
+		}
+		break;
+	case LDB_DELETE:
+		dn = request->op.del.dn;
+		break;
+	case LDB_RENAME:
+		dn = request->op.rename.olddn;
+		break;
+	default:
+		dn = NULL;
+		break;
+	}
+	if (dn == NULL) {
+		return NULL;
+	}
+	return ldb_dn_get_linearized(dn);
+}
+
+/*
+ * @brief Get the ldb_message from a request.
+ *
+ * Get the ldb_message for the request, returns NULL is there is no
+ * associated ldb_message
+ *
+ * @param The request
+ *
+ * @return the message associated with this request, or NULL
+ */
+const struct ldb_message *dsdb_audit_get_message(
+	const struct ldb_request *request)
+{
+	switch (request->operation) {
+	case LDB_ADD:
+		return request->op.add.message;
+	case LDB_MODIFY:
+		return request->op.mod.message;
+	default:
+		return NULL;
+	}
+}
+
+/*
+ * @brief get the secondary dn, i.e. the target dn for a rename.
+ *
+ * Get the secondary dn, i.e. the target for a rename. This is only applicable
+ * got a rename operation, for the non rename operations this function returns
+ * NULL.
+ *
+ * @param request the ldb_request.
+ *
+ * @return the secondary dn in a printable and linearized form.
+ */
+const char *dsdb_audit_get_secondary_dn(const struct ldb_request *request)
+{
+	switch (request->operation) {
+	case LDB_RENAME:
+		return ldb_dn_get_linearized(request->op.rename.newdn);
+	default:
+		return NULL;
+	}
+}
+
+/*
+ * @brief Map the request operation to a description.
+ *
+ * Get a description of the operation for logging
+ *
+ * @param request the ldb_request
+ *
+ * @return a string describing the operation, or "Unknown" if the operation
+ *         is not known.
+ */
+const char *dsdb_audit_get_operation_name(const struct ldb_request *request)
+{
+	switch (request->operation) {
+	case LDB_SEARCH:
+		return "Search";
+	case LDB_ADD:
+		return "Add";
+	case LDB_MODIFY:
+		return "Modify";
+	case LDB_DELETE:
+		return "Delete";
+	case LDB_RENAME:
+		return "Rename";
+	case LDB_EXTENDED:
+		return "Extended";
+	case LDB_REQ_REGISTER_CONTROL:
+		return "Register Control";
+	case LDB_REQ_REGISTER_PARTITION:
+		return "Register Partition";
+	default:
+		return "Unknown";
+	}
+}
+
+/*
+ * @brief get a description of a modify action for logging.
+ *
+ * Get a brief description of the modification action suitable for logging.
+ *
+ * @param flags the ldb_attributes flags.
+ *
+ * @return a brief description, or "unknown".
+ */
+const char *dsdb_audit_get_modification_action(unsigned int flags)
+{
+	switch (LDB_FLAG_MOD_TYPE(flags)) {
+	case LDB_FLAG_MOD_ADD:
+		return "add";
+	case LDB_FLAG_MOD_DELETE:
+		return "delete";
+	case LDB_FLAG_MOD_REPLACE:
+		return "replace";
+	default:
+		return "unknown";
+	}
+}
+
+/*
+ * @brief Add an ldb_value to a json object array
+ *
+ * Convert the current ldb_value to a JSON object and append it to array.
+ * {
+ *	"value":"xxxxxxxx",
+ *	"base64":true
+ *	"truncated":true
+ * }
+ *
+ * value     is the JSON string representation of the ldb_val,
+ *           will be null if the value is zero length. The value will be
+ *           truncated if it is more than MAX_LENGTH bytes long. It will also
+ *           be base64 encoded if it contains any non printable characters.
+ *
+ * base64    Indicates that the value is base64 encoded, will be absent if the
+ *           value is not encoded.
+ *
+ * truncated Indicates that the length of the value exceeded MAX_LENGTH and was
+ *           truncated.  Note that values are truncated and then base64 encoded.
+ *           so an encoded value can be longer than MAX_LENGTH.
+ *
+ * @param array the JSON array to append the value to.
+ * @param lv the ldb_val to convert and append to the array.
+ *
+ */
+static int dsdb_audit_add_ldb_value(struct json_object *array,
+				    const struct ldb_val lv)
+{
+	bool base64;
+	int len;
+	struct json_object value = json_empty_object;
+	int rc = 0;
+
+	json_assert_is_array(array);
+	if (json_is_invalid(array)) {
+		return -1;
+	}
+
+	if (lv.length == 0 || lv.data == NULL) {
+		rc = json_add_object(array, NULL, NULL);
+		if (rc != 0) {
+			goto failure;
+		}
+		return 0;
+	}
+
+	base64 = ldb_should_b64_encode(NULL, &lv);
+	len = min(lv.length, MAX_LENGTH);
+	value = json_new_object();
+	if (json_is_invalid(&value)) {
+		goto failure;
+	}
+
+	if (lv.length > MAX_LENGTH) {
+		rc = json_add_bool(&value, "truncated", true);
+		if (rc != 0) {
+			goto failure;
+		}
+	}
+	if (base64) {
+		TALLOC_CTX *ctx = talloc_new(NULL);
+		char *encoded = ldb_base64_encode(
+			ctx,
+			(char*) lv.data,
+			len);
+
+		if (ctx == NULL) {
+			goto failure;
+		}
+
+		rc = json_add_bool(&value, "base64", true);
+		if (rc != 0) {
+			TALLOC_FREE(ctx);
+			goto failure;
+		}
+		rc = json_add_string(&value, "value", encoded);
+		if (rc != 0) {
+			TALLOC_FREE(ctx);
+			goto failure;
+		}
+		TALLOC_FREE(ctx);
+	} else {
+		rc = json_add_stringn(&value, "value", (char *)lv.data, len);
+		if (rc != 0) {
+			goto failure;
+		}
+	}
+	/*
+	 * As array is a JSON array the element name is NULL
+	 */
+	rc = json_add_object(array, NULL, &value);
+	if (rc != 0) {
+		goto failure;
+	}
+	return 0;
+failure:
+	/*
+	 * In the event of a failure value will not have been added to array
+	 * so it needs to be freed to prevent a leak.
+	 */
+	json_free(&value);
+	DBG_ERR("unable to add ldb value to JSON audit message\n");
+	return -1;
+}
+
+/*
+ * @brief Build a JSON object containing the attributes in an ldb_message.
+ *
+ * Build a JSON object containing all the attributes in an ldb_message.
+ * The attributes are keyed by attribute name, the values of "secret attributes"
+ * are suppressed.
+ *
+ * {
+ * 	"password":{
+ * 		"redacted":true,
+ * 		"action":"delete"
+ * 	},
+ * 	"name":{
+ * 		"values": [
+ * 			{
+ *				"value":"xxxxxxxx",
+ *				"base64":true
+ *				"truncated":true
+ *			},
+ * 		],
+ * 		"action":"add",
+ * 	}
+ * }
+ *
+ * values is an array of json objects generated by add_ldb_value.
+ * redacted indicates that the attribute is secret.
+ * action is only set for modification operations.
+ *
+ * @param operation the ldb operation being performed
+ * @param message the ldb_message to process.
+ *
+ * @return A populated json object.
+ *
+ */
+struct json_object dsdb_audit_attributes_json(
+	enum ldb_request_type operation,
+	const struct ldb_message* message)
+{
+
+	unsigned int i, j;
+	struct json_object attributes = json_new_object();
+
+	if (json_is_invalid(&attributes)) {
+		goto failure;
+	}
+	for (i=0;i<message->num_elements;i++) {
+		struct json_object actions = json_empty_object;
+		struct json_object attribute = json_empty_object;
+		struct json_object action = json_empty_object;
+		const char *name = message->elements[i].name;
+		int rc = 0;
+
+		action = json_new_object();
+		if (json_is_invalid(&action)) {
+			goto failure;
+		}
+
+		/*
+		 * If this is a modify operation tag the attribute with
+		 * the modification action.
+		 */
+		if (operation == LDB_MODIFY) {
+			const char *act = NULL;
+			const int flags =  message->elements[i].flags;
+			act = dsdb_audit_get_modification_action(flags);
+			rc = json_add_string(&action, "action", act);
+			if (rc != 0) {
+				json_free(&action);
+				goto failure;
+			}
+		}
+		if (operation == LDB_ADD) {
+			rc = json_add_string(&action, "action", "add");
+			if (rc != 0) {
+				json_free(&action);
+				goto failure;
+			}
+		}
+
+		/*
+		 * If the attribute is a secret attribute, tag it as redacted
+		 * and don't include the values
+		 */
+		if (dsdb_audit_redact_attribute(name)) {
+			rc = json_add_bool(&action, "redacted", true);
+			if (rc != 0) {
+				json_free(&action);
+				goto failure;
+			}
+		} else {
+			struct json_object values;
+			/*
+			 * Add the values for the action
+			 */
+			values = json_new_array();
+			if (json_is_invalid(&values)) {
+				json_free(&action);
+				goto failure;
+			}
+
+			for (j=0;j<message->elements[i].num_values;j++) {
+				rc = dsdb_audit_add_ldb_value(
+				    &values, message->elements[i].values[j]);
+				if (rc != 0) {
+					json_free(&values);
+					json_free(&action);
+					goto failure;
+				}
+			}
+			rc = json_add_object(&action, "values", &values);
+			if (rc != 0) {
+				json_free(&values);
+				json_free(&action);
+				goto failure;
+			}
+		}
+		attribute = json_get_object(&attributes, name);
+		if (json_is_invalid(&attribute)) {
+			json_free(&action);
+			goto failure;
+		}
+		actions = json_get_array(&attribute, "actions");
+		if (json_is_invalid(&actions)) {
+			json_free(&action);
+			goto failure;
+		}
+		rc = json_add_object(&actions, NULL, &action);
+		if (rc != 0) {
+			json_free(&action);
+			goto failure;
+		}
+		rc = json_add_object(&attribute, "actions", &actions);
+		if (rc != 0) {
+			json_free(&actions);
+			goto failure;
+		}
+		rc = json_add_object(&attributes, name, &attribute);
+		if (rc != 0) {
+			json_free(&attribute);
+			goto failure;
+		}
+	}
+	return attributes;
+failure:
+	json_free(&attributes);
+	DBG_ERR("Unable to create ldb attributes JSON audit message\n");
+	return attributes;
+}
diff --git a/source4/dsdb/samdb/ldb_modules/count_attrs.c b/source4/dsdb/samdb/ldb_modules/count_attrs.c
new file mode 100644
index 0000000..6d7d30a
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/count_attrs.c
@@ -0,0 +1,644 @@
+/*
+   ldb database library
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2019
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ * Count how often different attributes are searched for, for performance
+ * analysis. The counts are stored in tdb files in the 'debug' subdirectory of
+ * Samba installation's private directory, and can be read using
+ * script/attr_count_read.
+ */
+
+#include "includes.h"
+#include "ldb_module.h"
+#include "param/param.h"
+#include "lib/tdb_wrap/tdb_wrap.h"
+#include "system/filesys.h"
+
+#define NULL_ATTRS "__null_attrs__"
+#define EMPTY_ATTRS "__empty_attrs__"
+#define UNKNOWN_ATTR "__unknown_attribute__"
+#define STAR_ATTR "*"
+
+#define NULL_REQ_PSEUDO_N -2LL;
+#define STAR_REQ_PSEUDO_N -4LL;
+
+#undef strcasecmp
+
+struct count_attrs_private {
+	struct tdb_wrap *requested;
+	struct tdb_wrap *duplicates;
+	struct tdb_wrap *found;
+	struct tdb_wrap *not_found;
+	struct tdb_wrap *unwanted;
+	struct tdb_wrap *star_match;
+	struct tdb_wrap *null_req;
+	struct tdb_wrap *empty_req;
+	struct tdb_wrap *req_vs_found;
+};
+
+
+struct count_attrs_context {
+	struct ldb_module *module;
+	struct ldb_request *req;
+	bool has_star;
+	bool is_null;
+	const char **requested_attrs;
+	size_t n_attrs;
+};
+
+
+static int add_key(struct tdb_context *tdb,
+		   struct TDB_DATA key)
+{
+	int ret;
+	uint32_t one = 1;
+	struct TDB_DATA value = {
+		.dptr = (uint8_t *)&one,
+		.dsize = sizeof(one)
+	};
+	ret = tdb_store(tdb,
+			key,
+			value,
+			0);
+	return ret;
+}
+
+static int increment_attr_count(struct tdb_context *tdb,
+				const char *attr)
+{
+	/*
+	 * Note that as we don't lock the database, there is a small window
+	 * between the fetch and store in which identical updates from
+	 * separate processes can race to clobber each other. If this happens
+	 * the stored count will be one less than it should be.
+	 *
+	 * We don't worry about that because it should be quite rare and
+	 * agnostic as to which counts are affected, meaning the overall
+	 * statistical truth is preserved.
+	 */
+	int ret;
+	uint32_t *val;
+	TDB_DATA key = {
+		.dptr = discard_const(attr),
+		.dsize = strlen(attr)
+	};
+
+	TDB_DATA data = tdb_fetch(tdb, key);
+	if (data.dptr == NULL) {
+		ret = tdb_error(tdb);
+		if (ret != TDB_ERR_NOEXIST) {
+			const char *errstr = tdb_errorstr(tdb);
+			DBG_ERR("tdb fetch error: %s\n", errstr);
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+		/* this key is unknown. We'll add it and get out of here. */
+		ret = add_key(tdb, key);
+		if (ret != 0) {
+			DBG_ERR("could not add %s: %d\n", attr, ret);
+		}
+		return ret;
+	}
+
+	val = (uint32_t *)data.dptr;
+	(*val)++;
+
+	ret = tdb_store(tdb,
+			key,
+			data,
+			0);
+
+	if (ret != 0) {
+		const char *errstr = tdb_errorstr(tdb);
+		DBG_ERR("tdb store error: %s\n", errstr);
+		free(data.dptr);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	free(data.dptr);
+	return LDB_SUCCESS;
+}
+
+
+static int increment_req_vs_found(struct tdb_context *tdb,
+				  struct count_attrs_context *ac,
+				  size_t n_found)
+{
+	/*
+	 * Here we record the number of elements in each reply along with the
+	 * number of attributes in the corresponding request. Requests for
+	 * NULL and "*" are arbitrarily given the attribute counts -2 and -4
+	 * respectively. This leads them to be plotted as two stacks on the
+	 * left hand side of the scatter plot.
+	 */
+	int ret;
+	ssize_t k[2];
+	uint32_t *val = NULL;
+	TDB_DATA key = {
+		.dptr = (unsigned char *)k,
+		.dsize = sizeof(k)
+	};
+	TDB_DATA data = {0};
+	ssize_t n_req = ac->n_attrs;
+	if (ac->is_null) {
+		n_req = NULL_REQ_PSEUDO_N;
+	} else if (ac->has_star) {
+		n_req = STAR_REQ_PSEUDO_N;
+	}
+	k[0] = n_req;
+	k[1] = n_found;
+
+	data = tdb_fetch(tdb, key);
+	if (data.dptr == NULL) {
+		ret = tdb_error(tdb);
+		if (ret != TDB_ERR_NOEXIST) {
+			const char *errstr = tdb_errorstr(tdb);
+			DBG_ERR("req vs found fetch error: %s\n", errstr);
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+		/* unknown key */
+		ret = add_key(tdb, key);
+		if (ret != 0) {
+			DBG_ERR("could not add req vs found %zu:%zu: %d\n",
+				n_req, n_found, ret);
+		}
+		return ret;
+	}
+
+	val = (uint32_t *)data.dptr;
+	(*val)++;
+
+	ret = tdb_store(tdb, key, data, 0);
+	if (ret != 0) {
+		const char *errstr = tdb_errorstr(tdb);
+		DBG_ERR("req vs found store error: %s\n", errstr);
+		free(data.dptr);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	free(data.dptr);
+	return LDB_SUCCESS;
+}
+
+
+static int strcasecmp_ptr(const char **a, const char **b)
+{
+	return strcasecmp(*a, *b);
+}
+
+
+static const char **get_sorted_attrs(TALLOC_CTX *mem_ctx,
+				     const char * const *unsorted_attrs,
+				     size_t n_attrs)
+{
+	size_t i;
+	const char **attrs = talloc_array(mem_ctx,
+					  const char *,
+					  n_attrs);
+
+	if (attrs == NULL) {
+		return NULL;
+	}
+	for (i = 0; i < n_attrs; i++) {
+		const char *a = unsorted_attrs[i];
+		if (a == NULL) {
+			DBG_ERR("attrs have disappeared! "
+				"wanted %zu; got %zu\n",
+				n_attrs, i);
+			talloc_free(attrs);
+			return NULL;
+		}
+		attrs[i] = a;
+	}
+
+	qsort(attrs, n_attrs, sizeof(char *), QSORT_CAST strcasecmp_ptr);
+	return attrs;
+}
+
+
+
+static int count_attrs_search_callback(struct ldb_request *req,
+				       struct ldb_reply *ares)
+{
+	struct count_attrs_private *priv = NULL;
+	struct ldb_message *msg = NULL;
+	size_t i, j;
+	int ret;
+
+	struct count_attrs_context *ac = \
+		talloc_get_type(req->context,
+				struct count_attrs_context);
+
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+
+	priv = talloc_get_type_abort(ldb_module_get_private(ac->module),
+				     struct count_attrs_private);
+
+	if (ares == NULL) {
+		DBG_ERR("ares is NULL\n");
+		return ldb_module_done(ac->req, NULL, NULL,
+				       LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ares->error != LDB_SUCCESS) {
+		DBG_INFO("ares error %d\n", ares->error);
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	switch (ares->type) {
+	case LDB_REPLY_REFERRAL:
+		return ldb_module_send_referral(ac->req, ares->referral);
+
+	case LDB_REPLY_DONE:
+		return ldb_module_done(ac->req, ares->controls,
+				       ares->response, LDB_SUCCESS);
+
+	case LDB_REPLY_ENTRY:
+		msg = ares->message;
+		if (ac->is_null || ac->n_attrs == 0) {
+			struct tdb_context *tdb = NULL;
+			/*
+			 * Note when attributes are found when the requested
+			 * list was empty or NULL
+			 */
+			if (ac->is_null) {
+				tdb = priv->null_req->tdb;
+			} else {
+				tdb = priv->empty_req->tdb;
+			}
+			for (i = 0; i < msg->num_elements; i++) {
+				const char *name = msg->elements[i].name;
+				ret = increment_attr_count(tdb, name);
+				if (ret != LDB_SUCCESS) {
+					talloc_free(ares);
+					DBG_ERR("inc failed\n");
+					return ret;
+				}
+			}
+		} else {
+			/*
+			 * We make sorted lists of the requested and found
+			 * elements, which makes it easy to find missing or
+			 * intruding values.
+			 */
+			struct tdb_context *found_tdb = priv->found->tdb;
+			struct tdb_context *unwanted_tdb = \
+				priv->unwanted->tdb;
+			struct tdb_context *star_match_tdb = \
+				priv->star_match->tdb;
+			struct tdb_context *not_found_tdb = \
+				priv->not_found->tdb;
+
+			const char **requested_attrs = ac->requested_attrs;
+			const char **found_attrs = \
+				talloc_array(ac, const char *,
+					     msg->num_elements);
+			if (found_attrs == NULL) {
+				return ldb_oom(ldb);
+			}
+
+			for (i = 0; i < msg->num_elements; i++) {
+				found_attrs[i] = msg->elements[i].name;
+			}
+
+			qsort(found_attrs, msg->num_elements, sizeof(char *),
+			      QSORT_CAST strcasecmp_ptr);
+
+
+			/* find and report duplicates */
+			for (i = 1; i < msg->num_elements; i++) {
+				if (strcasecmp(found_attrs[i],
+					       found_attrs[i - 1]) == 0) {
+					DBG_ERR("duplicate element: %s!\n",
+						found_attrs[i]);
+					/*
+					 * If this happens it will muck up our
+					 * counts, but probably have worse
+					 * effects on the rest of the module
+					 * stack. */
+				}
+			}
+
+			/*
+			 * This next bit is like the merge stage of a
+			 * mergesort, but instead of merging we only detect
+			 * absence or presence.
+			 */
+			i = 0;
+			j = 0;
+			while (i < ac->n_attrs ||
+			       j < msg->num_elements) {
+				int cmp;
+				if (i >= ac->n_attrs) {
+					cmp = 1;
+				} else if (j >= msg->num_elements) {
+					cmp = -1;
+				} else {
+					cmp = strcasecmp(requested_attrs[i],
+							 found_attrs[j]
+						);
+				}
+
+				if (cmp < 0) {
+					/* We did not find the element */
+					ret = increment_attr_count(
+						not_found_tdb,
+						requested_attrs[i]);
+					i++;
+				} else if (cmp > 0) {
+					/*
+					 * We found the element, but didn't
+					 * specifically ask for it.
+					 */
+					if (ac->has_star) {
+						ret = increment_attr_count(
+							star_match_tdb,
+							found_attrs[j]);
+					} else {
+						ret = increment_attr_count(
+							unwanted_tdb,
+							found_attrs[j]);
+					}
+					j++;
+				} else {
+					/* We got what we asked for. */
+					ret = increment_attr_count(
+						found_tdb,
+						found_attrs[j]);
+					i++;
+					j++;
+				}
+				if (ret != LDB_SUCCESS) {
+					talloc_free(ares);
+					DBG_ERR("inc failed\n");
+					return ret;
+				}
+			}
+		}
+		ret = increment_req_vs_found(priv->req_vs_found->tdb,
+					     ac,
+					     msg->num_elements);
+
+		if (ret != LDB_SUCCESS) {
+			talloc_free(ares);
+			DBG_ERR("inc of req vs found failed\n");
+			return ret;
+		}
+
+		return ldb_module_send_entry(
+			ac->req,
+			ares->message,
+			ares->controls);
+	}
+
+	talloc_free(ares);
+	return LDB_SUCCESS;
+}
+
+
+static int count_attrs_search(struct ldb_module *module,
+			      struct ldb_request *req)
+{
+	int ret;
+	const char * const *attrs = req->op.search.attrs;
+	struct count_attrs_private *count_attrs_private = NULL;
+	struct tdb_context *tdb = NULL;
+	struct ldb_request *down_req = NULL;
+	struct count_attrs_context *ac = NULL;
+	bool has_star = false;
+	bool is_null = false;
+	size_t n_attrs = 0;
+	const char **sorted_attrs = NULL;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+
+
+	void *untyped_private = ldb_module_get_private(module);
+	if (untyped_private == NULL) {
+		/*
+		 * There are some cases (in early start up, and during a
+		 * backup restore) in which we get a NULL private object, in
+		 * which case all we can do is ignore it and pass the request
+		 * on unexamined.
+		 */
+		return ldb_next_request(module, req);
+	}
+
+	count_attrs_private = talloc_get_type_abort(untyped_private,
+						    struct count_attrs_private);
+	tdb = count_attrs_private->requested->tdb;
+
+	ac = talloc_zero(req, struct count_attrs_context);
+	if (ac == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	if (attrs == NULL) {
+		ret = increment_attr_count(tdb, NULL_ATTRS);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(ac);
+			return ret;
+		}
+		is_null = true;
+	} else if (attrs[0] == NULL) {
+		ret = increment_attr_count(tdb, EMPTY_ATTRS);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(ac);
+			return ret;
+		}
+	} else {
+		size_t i, j;
+		for (i = 0; attrs[i] != NULL; i++) {
+			ret = increment_attr_count(tdb, attrs[i]);
+			if (ret != LDB_SUCCESS) {
+				talloc_free(ac);
+				return ret;
+			}
+			if (strcmp("*", attrs[i]) == 0) {
+				has_star = true;
+			}
+		}
+		n_attrs = i;
+		sorted_attrs = get_sorted_attrs(req,
+						attrs,
+						n_attrs);
+		/*
+		 * Find, report, and remove duplicates. Duplicate attrs in
+		 * requests are allowed, but don't work well with our
+		 * merge-count algorithm.
+		 */
+		j = 0;
+		for (i = 1; i < n_attrs; i++) {
+			if (strcasecmp(sorted_attrs[i],
+				       sorted_attrs[j]) == 0) {
+				ret = increment_attr_count(
+					count_attrs_private->duplicates->tdb,
+					sorted_attrs[i]);
+				if (ret != LDB_SUCCESS) {
+					talloc_free(ac);
+					return ret;
+				}
+			} else {
+				j++;
+				if (j != i) {
+					sorted_attrs[j] = sorted_attrs[i];
+				}
+			}
+		}
+		n_attrs = j;
+	}
+
+	ac->module = module;
+	ac->req = req;
+	ac->has_star = has_star;
+	ac->is_null = is_null;
+	ac->n_attrs = n_attrs;
+	ac->requested_attrs = sorted_attrs;
+
+	ret = ldb_build_search_req_ex(&down_req,
+				      ldb,
+				      ac,
+				      req->op.search.base,
+				      req->op.search.scope,
+				      req->op.search.tree,
+				      req->op.search.attrs,
+				      req->controls,
+				      ac,
+				      count_attrs_search_callback,
+				      req);
+	if (ret != LDB_SUCCESS) {
+		return ldb_operr(ldb);
+	}
+
+	return ldb_next_request(module, down_req);
+}
+
+
+static struct tdb_wrap * open_private_tdb(TALLOC_CTX *mem_ctx,
+					  struct loadparm_context *lp_ctx,
+					  const char *name)
+{
+	struct tdb_wrap *store = NULL;
+	char *filename = lpcfg_private_path(mem_ctx, lp_ctx, name);
+
+	if (filename == NULL) {
+		return NULL;
+	}
+
+	store = tdb_wrap_open(mem_ctx, filename, 1000,
+			      TDB_CLEAR_IF_FIRST,
+			      O_RDWR | O_CREAT,
+			      0660);
+	if (store == NULL) {
+		DBG_ERR("failed to open tdb at %s\n", filename);
+	}
+	TALLOC_FREE(filename);
+	return store;
+}
+
+static int make_private_dir(TALLOC_CTX *mem_ctx,
+			    struct loadparm_context *lp_ctx,
+			    const char *name)
+{
+	int ret;
+	char *dirname = lpcfg_private_path(mem_ctx, lp_ctx, name);
+	if (dirname == NULL) {
+		return -1;
+	}
+	ret = mkdir(dirname, 0755);
+	TALLOC_FREE(dirname);
+	return ret;
+}
+
+
+static int count_attrs_init(struct ldb_module *module)
+{
+	struct ldb_context *ldb = NULL;
+	struct count_attrs_private *data = NULL;
+	struct loadparm_context *lp_ctx = NULL;
+	int ret;
+
+	ldb = ldb_module_get_ctx(module);
+
+	data = talloc_zero(module, struct count_attrs_private);
+	if (data == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"),
+				 struct loadparm_context);
+
+	ret = make_private_dir(data, lp_ctx, "debug");
+	if (ret != 0) {
+		goto no_private_dir;
+	}
+	data->requested = open_private_tdb(data, lp_ctx,
+					   "debug/attr_counts_requested.tdb");
+	data->duplicates =			\
+		open_private_tdb(data, lp_ctx,
+				 "debug/attr_counts_duplicates.tdb");
+	data->found = open_private_tdb(data, lp_ctx,
+				       "debug/attr_counts_found.tdb");
+	data->not_found = open_private_tdb(data, lp_ctx,
+					   "debug/attr_counts_not_found.tdb");
+	data->unwanted = open_private_tdb(data, lp_ctx,
+					  "debug/attr_counts_unwanted.tdb");
+	data->star_match = open_private_tdb(data, lp_ctx,
+					    "debug/attr_counts_star_match.tdb");
+	data->null_req = open_private_tdb(data, lp_ctx,
+					  "debug/attr_counts_null_req.tdb");
+	data->empty_req = open_private_tdb(data, lp_ctx,
+					   "debug/attr_counts_empty_req.tdb");
+	data->req_vs_found =			\
+		open_private_tdb(data, lp_ctx,
+				 "debug/attr_counts_req_vs_found.tdb");
+	if (data->requested == NULL ||
+	    data->duplicates == NULL ||
+	    data->found == NULL ||
+	    data->not_found == NULL ||
+	    data->unwanted == NULL ||
+	    data->star_match == NULL ||
+	    data->null_req == NULL ||
+	    data->empty_req == NULL ||
+	    data->req_vs_found == NULL) {
+		goto no_private_dir;
+	}
+
+	ldb_module_set_private(module, data);
+	return ldb_next_init(module);
+
+  no_private_dir:
+	/*
+	 * If we leave the private data NULL, the search function knows not to
+	 * do anything.
+	 */
+	DBG_WARNING("the count_attrs module could not open its databases\n");
+	DBG_WARNING("attributes will not be counted.\n");
+	TALLOC_FREE(data);
+	ldb_module_set_private(module, NULL);
+	return ldb_next_init(module);
+}
+
+static const struct ldb_module_ops ldb_count_attrs_module_ops = {
+	.name		   = "count_attrs",
+	.search		   = count_attrs_search,
+	.init_context	   = count_attrs_init
+};
+
+int ldb_count_attrs_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_count_attrs_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c
new file mode 100644
index 0000000..4f57573
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
@@ -0,0 +1,2069 @@
+/*
+   ldb database library
+
+   Copyright (C) Simo Sorce  2006-2008
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2007
+   Copyright (C) Nadezhda Ivanova  2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: ldb
+ *
+ *  Component: DS Security descriptor module
+ *
+ *  Description:
+ *  - Calculate the security descriptor of a newly created object
+ *  - Perform sd recalculation on a move operation
+ *  - Handle sd modification invariants
+ *
+ *  Author: Nadezhda Ivanova
+ */
+
+#include "includes.h"
+#include <ldb_module.h>
+#include "util/dlinklist.h"
+#include "dsdb/samdb/samdb.h"
+#include "librpc/ndr/libndr.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "libcli/security/security.h"
+#include "auth/auth.h"
+#include "param/param.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+#include "lib/util/util_tdb.h"
+#include "lib/dbwrap/dbwrap.h"
+#include "lib/dbwrap/dbwrap_rbt.h"
+
+struct descriptor_changes {
+	struct descriptor_changes *prev, *next;
+	struct ldb_dn *nc_root;
+	struct GUID guid;
+	struct GUID parent_guid;
+	bool force_self;
+	bool force_children;
+	struct ldb_dn *stopped_dn;
+	size_t ref_count;
+	size_t sort_count;
+};
+
+struct descriptor_transaction {
+	TALLOC_CTX *mem;
+	struct {
+		/*
+		 * We used to have a list of changes, appended with each
+		 * DSDB_EXTENDED_SEC_DESC_PROPAGATION_OID operation.
+		 *
+		 * But the main problem was that a replication
+		 * cycle (mainly the initial replication) calls
+		 * DSDB_EXTENDED_SEC_DESC_PROPAGATION_OID for the
+		 * same object[GUID] more than once. With
+		 * DRSUAPI_DRS_GET_TGT we'll get the naming
+		 * context head object and other top level
+		 * containers, every often.
+		 *
+		 * It means we'll process objects more
+		 * than once and waste a lot of time
+		 * doing the same work again and again.
+		 *
+		 * We use an objectGUID based map in order to
+		 * avoid registering objects more than once.
+		 * In an domain with 22000 object it can
+		 * reduce the work from 4 hours down to ~ 3.5 minutes.
+		 */
+		struct descriptor_changes *list;
+		struct db_context *map;
+		size_t num_registrations;
+		size_t num_registered;
+		size_t num_toplevel;
+		size_t num_processed;
+	} changes;
+	struct {
+		struct db_context *map;
+		size_t num_processed;
+		size_t num_skipped;
+	} objects;
+};
+
+struct descriptor_data {
+	struct descriptor_transaction transaction;
+};
+
+struct descriptor_context {
+	struct ldb_module *module;
+	struct ldb_request *req;
+	struct ldb_message *msg;
+	struct ldb_reply *search_res;
+	struct ldb_reply *search_oc_res;
+	struct ldb_val *parentsd_val;
+	struct ldb_message_element *sd_element;
+	struct ldb_val *sd_val;
+	uint32_t sd_flags;
+	int (*step_fn)(struct descriptor_context *);
+};
+
+static struct dom_sid *get_default_ag(TALLOC_CTX *mem_ctx,
+			       struct ldb_dn *dn,
+			       const struct security_token *token,
+			       struct ldb_context *ldb)
+{
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	const struct dom_sid *domain_sid = samdb_domain_sid(ldb);
+	struct dom_sid *da_sid = dom_sid_add_rid(tmp_ctx, domain_sid, DOMAIN_RID_ADMINS);
+	struct dom_sid *ea_sid = dom_sid_add_rid(tmp_ctx, domain_sid, DOMAIN_RID_ENTERPRISE_ADMINS);
+	struct dom_sid *sa_sid = dom_sid_add_rid(tmp_ctx, domain_sid, DOMAIN_RID_SCHEMA_ADMINS);
+	struct dom_sid *dag_sid;
+	struct ldb_dn *nc_root;
+	int ret;
+
+	ret = dsdb_find_nc_root(ldb, tmp_ctx, dn, &nc_root);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+
+	if (ldb_dn_compare(nc_root, ldb_get_schema_basedn(ldb)) == 0) {
+		if (security_token_has_sid(token, sa_sid)) {
+			dag_sid = dom_sid_dup(mem_ctx, sa_sid);
+		} else if (security_token_has_sid(token, ea_sid)) {
+			dag_sid = dom_sid_dup(mem_ctx, ea_sid);
+		} else if (security_token_has_sid(token, da_sid)) {
+			dag_sid = dom_sid_dup(mem_ctx, da_sid);
+		} else if (security_token_is_system(token)) {
+			dag_sid = dom_sid_dup(mem_ctx, sa_sid);
+		} else {
+			dag_sid = NULL;
+		}
+	} else if (ldb_dn_compare(nc_root, ldb_get_config_basedn(ldb)) == 0) {
+		if (security_token_has_sid(token, ea_sid)) {
+			dag_sid = dom_sid_dup(mem_ctx, ea_sid);
+		} else if (security_token_has_sid(token, da_sid)) {
+			dag_sid = dom_sid_dup(mem_ctx, da_sid);
+		} else if (security_token_is_system(token)) {
+			dag_sid = dom_sid_dup(mem_ctx, ea_sid);
+		} else {
+			dag_sid = NULL;
+		}
+	} else if (ldb_dn_compare(nc_root, ldb_get_default_basedn(ldb)) == 0) {
+		if (security_token_has_sid(token, da_sid)) {
+			dag_sid = dom_sid_dup(mem_ctx, da_sid);
+		} else if (security_token_has_sid(token, ea_sid)) {
+				dag_sid = dom_sid_dup(mem_ctx, ea_sid);
+		} else if (security_token_is_system(token)) {
+			dag_sid = dom_sid_dup(mem_ctx, da_sid);
+		} else {
+			dag_sid = NULL;
+		}
+	} else {
+		dag_sid = NULL;
+	}
+
+	talloc_free(tmp_ctx);
+	return dag_sid;
+}
+
+static struct security_descriptor *get_sd_unpacked(struct ldb_module *module, TALLOC_CTX *mem_ctx,
+					    const struct dsdb_class *objectclass)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct security_descriptor *sd;
+	const struct dom_sid *domain_sid = samdb_domain_sid(ldb);
+
+	if (!objectclass->defaultSecurityDescriptor || !domain_sid) {
+		return NULL;
+	}
+
+	sd = sddl_decode(mem_ctx,
+			 objectclass->defaultSecurityDescriptor,
+			 domain_sid);
+	return sd;
+}
+
+static struct dom_sid *get_default_group(TALLOC_CTX *mem_ctx,
+					 struct ldb_context *ldb,
+					 struct dom_sid *dag)
+{
+	/*
+	 * This depends on the function level of the DC
+	 * which is 2008R2 in our case. Which means it is
+	 * higher than 2003 and we should use the
+	 * "default administrator group" also as owning group.
+	 *
+	 * This matches dcpromo for a 2003 domain
+	 * on a Windows 2008R2 DC.
+	 */
+	return dag;
+}
+
+static struct security_descriptor *descr_handle_sd_flags(TALLOC_CTX *mem_ctx,
+							 struct security_descriptor *new_sd,
+							 struct security_descriptor *old_sd,
+							 uint32_t sd_flags)
+{
+	struct security_descriptor *final_sd; 
+	/* if there is no control or control == 0 modify everything */
+	if (!sd_flags) {
+		return new_sd;
+	}
+
+	final_sd = talloc_zero(mem_ctx, struct security_descriptor);
+	final_sd->revision = SECURITY_DESCRIPTOR_REVISION_1;
+	final_sd->type = SEC_DESC_SELF_RELATIVE;
+
+	if (sd_flags & (SECINFO_OWNER)) {
+		if (new_sd->owner_sid) {
+			final_sd->owner_sid = talloc_memdup(mem_ctx, new_sd->owner_sid, sizeof(struct dom_sid));
+		}
+		final_sd->type |= new_sd->type & SEC_DESC_OWNER_DEFAULTED;
+	}
+	else if (old_sd) {
+		if (old_sd->owner_sid) {
+			final_sd->owner_sid = talloc_memdup(mem_ctx, old_sd->owner_sid, sizeof(struct dom_sid));
+		}
+		final_sd->type |= old_sd->type & SEC_DESC_OWNER_DEFAULTED;
+	}
+
+	if (sd_flags & (SECINFO_GROUP)) {
+		if (new_sd->group_sid) {
+			final_sd->group_sid = talloc_memdup(mem_ctx, new_sd->group_sid, sizeof(struct dom_sid));
+		}
+		final_sd->type |= new_sd->type & SEC_DESC_GROUP_DEFAULTED;
+	} 
+	else if (old_sd) {
+		if (old_sd->group_sid) {
+			final_sd->group_sid = talloc_memdup(mem_ctx, old_sd->group_sid, sizeof(struct dom_sid));
+		}
+		final_sd->type |= old_sd->type & SEC_DESC_GROUP_DEFAULTED;
+	}
+
+	if (sd_flags & (SECINFO_SACL)) {
+		final_sd->sacl = security_acl_dup(mem_ctx,new_sd->sacl);
+		final_sd->type |= new_sd->type & (SEC_DESC_SACL_PRESENT |
+			SEC_DESC_SACL_DEFAULTED|SEC_DESC_SACL_AUTO_INHERIT_REQ |
+			SEC_DESC_SACL_AUTO_INHERITED|SEC_DESC_SACL_PROTECTED |
+			SEC_DESC_SERVER_SECURITY);
+	} 
+	else if (old_sd && old_sd->sacl) {
+		final_sd->sacl = security_acl_dup(mem_ctx,old_sd->sacl);
+		final_sd->type |= old_sd->type & (SEC_DESC_SACL_PRESENT |
+			SEC_DESC_SACL_DEFAULTED|SEC_DESC_SACL_AUTO_INHERIT_REQ |
+			SEC_DESC_SACL_AUTO_INHERITED|SEC_DESC_SACL_PROTECTED |
+			SEC_DESC_SERVER_SECURITY);
+	}
+
+	if (sd_flags & (SECINFO_DACL)) {
+		final_sd->dacl = security_acl_dup(mem_ctx,new_sd->dacl);
+		final_sd->type |= new_sd->type & (SEC_DESC_DACL_PRESENT |
+			SEC_DESC_DACL_DEFAULTED|SEC_DESC_DACL_AUTO_INHERIT_REQ |
+			SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_PROTECTED |
+			SEC_DESC_DACL_TRUSTED);
+	} 
+	else if (old_sd && old_sd->dacl) {
+		final_sd->dacl = security_acl_dup(mem_ctx,old_sd->dacl);
+		final_sd->type |= old_sd->type & (SEC_DESC_DACL_PRESENT |
+			SEC_DESC_DACL_DEFAULTED|SEC_DESC_DACL_AUTO_INHERIT_REQ |
+			SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_PROTECTED |
+			SEC_DESC_DACL_TRUSTED);
+	}
+	/* not so sure about this */
+	final_sd->type |= new_sd->type & SEC_DESC_RM_CONTROL_VALID;
+	return final_sd;
+}
+
+static struct security_descriptor *get_new_descriptor_nonlinear(struct ldb_module *module,
+								struct ldb_dn *dn,
+								TALLOC_CTX *mem_ctx,
+								const struct dsdb_class *objectclass,
+								const struct ldb_val *parent,
+								const struct ldb_val *object,
+								const struct ldb_val *old_sd,
+								uint32_t sd_flags)
+{
+	struct security_descriptor *user_descriptor = NULL, *parent_descriptor = NULL;
+	struct security_descriptor *old_descriptor = NULL;
+	struct security_descriptor *new_sd, *final_sd;
+	enum ndr_err_code ndr_err;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct auth_session_info *session_info
+		= ldb_get_opaque(ldb, DSDB_SESSION_INFO);
+	const struct dom_sid *domain_sid = samdb_domain_sid(ldb);
+	struct dom_sid *default_owner;
+	struct dom_sid *default_group;
+	struct security_descriptor *default_descriptor = NULL;
+	struct GUID *object_list = NULL;
+
+	if (objectclass != NULL) {
+		default_descriptor = get_sd_unpacked(module, mem_ctx, objectclass);
+		object_list = talloc_zero_array(mem_ctx, struct GUID, 2);
+		if (object_list == NULL) {
+			return NULL;
+		}
+		object_list[0] = objectclass->schemaIDGUID;
+	}
+
+	if (object) {
+		user_descriptor = talloc(mem_ctx, struct security_descriptor);
+		if (!user_descriptor) {
+			return NULL;
+		}
+		ndr_err = ndr_pull_struct_blob(object, user_descriptor, 
+					       user_descriptor,
+					       (ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
+
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			talloc_free(user_descriptor);
+			return NULL;
+		}
+	} else {
+		user_descriptor = default_descriptor;
+	}
+
+	if (old_sd) {
+		old_descriptor = talloc(mem_ctx, struct security_descriptor);
+		if (!old_descriptor) {
+			return NULL;
+		}
+		ndr_err = ndr_pull_struct_blob(old_sd, old_descriptor, 
+					       old_descriptor,
+					       (ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
+
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			talloc_free(old_descriptor);
+			return NULL;
+		}
+	}
+
+	if (parent) {
+		parent_descriptor = talloc(mem_ctx, struct security_descriptor);
+		if (!parent_descriptor) {
+			return NULL;
+		}
+		ndr_err = ndr_pull_struct_blob(parent, parent_descriptor, 
+					       parent_descriptor,
+					       (ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
+
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			talloc_free(parent_descriptor);
+			return NULL;
+		}
+	}
+
+	if (user_descriptor && default_descriptor &&
+	    (user_descriptor->dacl == NULL))
+	{
+		user_descriptor->dacl = default_descriptor->dacl;
+		user_descriptor->type |= default_descriptor->type & (
+			SEC_DESC_DACL_PRESENT |
+			SEC_DESC_DACL_DEFAULTED|SEC_DESC_DACL_AUTO_INHERIT_REQ |
+			SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_PROTECTED |
+			SEC_DESC_DACL_TRUSTED);
+	}
+
+	if (user_descriptor && default_descriptor &&
+	    (user_descriptor->sacl == NULL))
+	{
+		user_descriptor->sacl = default_descriptor->sacl;
+		user_descriptor->type |= default_descriptor->type & (
+			SEC_DESC_SACL_PRESENT |
+			SEC_DESC_SACL_DEFAULTED|SEC_DESC_SACL_AUTO_INHERIT_REQ |
+			SEC_DESC_SACL_AUTO_INHERITED|SEC_DESC_SACL_PROTECTED |
+			SEC_DESC_SERVER_SECURITY);
+	}
+
+
+	if (!(sd_flags & SECINFO_OWNER) && user_descriptor) {
+		user_descriptor->owner_sid = NULL;
+
+		/*
+		 * We need the correct owner sid
+		 * when calculating the DACL or SACL
+		 */
+		if (old_descriptor) {
+			user_descriptor->owner_sid = old_descriptor->owner_sid;
+		}
+	}
+	if (!(sd_flags & SECINFO_GROUP) && user_descriptor) {
+		user_descriptor->group_sid = NULL;
+
+		/*
+		 * We need the correct group sid
+		 * when calculating the DACL or SACL
+		 */
+		if (old_descriptor) {
+			user_descriptor->group_sid = old_descriptor->group_sid;
+		}
+	}
+	if (!(sd_flags & SECINFO_DACL) && user_descriptor) {
+		user_descriptor->dacl = NULL;
+
+		/*
+		 * We add SEC_DESC_DACL_PROTECTED so that
+		 * create_security_descriptor() skips
+		 * the unused inheritance calculation
+		 */
+		user_descriptor->type |= SEC_DESC_DACL_PROTECTED;
+	}
+	if (!(sd_flags & SECINFO_SACL) && user_descriptor) {
+		user_descriptor->sacl = NULL;
+
+		/*
+		 * We add SEC_DESC_SACL_PROTECTED so that
+		 * create_security_descriptor() skips
+		 * the unused inheritance calculation
+		 */
+		user_descriptor->type |= SEC_DESC_SACL_PROTECTED;
+	}
+
+	default_owner = get_default_ag(mem_ctx, dn,
+				       session_info->security_token, ldb);
+	default_group = get_default_group(mem_ctx, ldb, default_owner);
+	new_sd = create_security_descriptor(mem_ctx,
+					    parent_descriptor,
+					    user_descriptor,
+					    true,
+					    object_list,
+					    SEC_DACL_AUTO_INHERIT |
+					    SEC_SACL_AUTO_INHERIT,
+					    session_info->security_token,
+					    default_owner, default_group,
+					    map_generic_rights_ds);
+	if (!new_sd) {
+		return NULL;
+	}
+	final_sd = descr_handle_sd_flags(mem_ctx, new_sd, old_descriptor, sd_flags);
+
+	if (!final_sd) {
+		return NULL;
+	}
+
+	if (final_sd->dacl) {
+		final_sd->dacl->revision = SECURITY_ACL_REVISION_ADS;
+	}
+	if (final_sd->sacl) {
+		final_sd->sacl->revision = SECURITY_ACL_REVISION_ADS;
+	}
+
+	{
+		TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+		DBG_DEBUG("Object %s created with descriptor %s\n\n",
+			  ldb_dn_get_linearized(dn),
+			  sddl_encode(tmp_ctx, final_sd, domain_sid));
+		TALLOC_FREE(tmp_ctx);
+	}
+
+	return final_sd;
+}
+
+static DATA_BLOB *get_new_descriptor(struct ldb_module *module,
+				     struct ldb_dn *dn,
+				     TALLOC_CTX *mem_ctx,
+				     const struct dsdb_class *objectclass,
+				     const struct ldb_val *parent,
+				     const struct ldb_val *object,
+				     const struct ldb_val *old_sd,
+				     uint32_t sd_flags)
+{
+	struct security_descriptor *final_sd = NULL;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB *linear_sd = talloc(mem_ctx, DATA_BLOB);
+
+	if (!linear_sd) {
+		return NULL;
+	}
+
+	final_sd = get_new_descriptor_nonlinear(module,
+						dn,
+						mem_ctx,
+						objectclass,
+						parent,
+						object,
+						old_sd,
+						sd_flags);
+	if (final_sd == NULL) {
+		return NULL;
+	}
+
+	ndr_err = ndr_push_struct_blob(linear_sd, mem_ctx,
+				       final_sd,
+				       (ndr_push_flags_fn_t)ndr_push_security_descriptor);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return NULL;
+	}
+
+	return linear_sd;
+}
+
+static DATA_BLOB *descr_get_descriptor_to_show(struct ldb_module *module,
+					       TALLOC_CTX *mem_ctx,
+					       struct ldb_val *sd,
+					       uint32_t sd_flags)
+{
+	struct security_descriptor *old_sd, *final_sd;
+	DATA_BLOB *linear_sd;
+	enum ndr_err_code ndr_err;
+
+	old_sd = talloc(mem_ctx, struct security_descriptor);
+	if (!old_sd) {
+		return NULL;
+	}
+	ndr_err = ndr_pull_struct_blob(sd, old_sd, 
+				       old_sd,
+				       (ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
+
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(old_sd);
+		return NULL;
+	}
+
+	final_sd = descr_handle_sd_flags(mem_ctx, old_sd, NULL, sd_flags);
+
+	if (!final_sd) {
+		return NULL;
+	}
+
+	linear_sd = talloc(mem_ctx, DATA_BLOB);
+	if (!linear_sd) {
+		return NULL;
+	}
+
+	ndr_err = ndr_push_struct_blob(linear_sd, mem_ctx,
+				       final_sd,
+				       (ndr_push_flags_fn_t)ndr_push_security_descriptor);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return NULL;
+	}
+
+	return linear_sd;
+}
+
+static struct descriptor_context *descriptor_init_context(struct ldb_module *module,
+							  struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct descriptor_context *ac;
+
+	ldb = ldb_module_get_ctx(module);
+
+	ac = talloc_zero(req, struct descriptor_context);
+	if (ac == NULL) {
+		ldb_set_errstring(ldb, "Out of Memory");
+		return NULL;
+	}
+
+	ac->module = module;
+	ac->req = req;
+	return ac;
+}
+
+static int descriptor_search_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	struct descriptor_context *ac;
+	struct ldb_val *sd_val = NULL;
+	struct ldb_message_element *sd_el;
+	DATA_BLOB *show_sd;
+	int ret = LDB_SUCCESS;
+
+	ac = talloc_get_type(req->context, struct descriptor_context);
+
+	if (!ares) {
+		ret = LDB_ERR_OPERATIONS_ERROR;
+		goto fail;
+	}
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+		sd_el = ldb_msg_find_element(ares->message, "nTSecurityDescriptor");
+		if (sd_el) {
+			sd_val = sd_el->values;
+		}
+
+		if (sd_val) {
+			show_sd = descr_get_descriptor_to_show(ac->module, ac->req,
+							       sd_val, ac->sd_flags);
+			if (!show_sd) {
+				ret = LDB_ERR_OPERATIONS_ERROR;
+				goto fail;
+			}
+			ldb_msg_remove_attr(ares->message, "nTSecurityDescriptor");
+			ret = ldb_msg_add_steal_value(ares->message, "nTSecurityDescriptor", show_sd);
+			if (ret != LDB_SUCCESS) {
+				goto fail;
+			}
+		}
+		return ldb_module_send_entry(ac->req, ares->message, ares->controls);
+
+	case LDB_REPLY_REFERRAL:
+		return ldb_module_send_referral(ac->req, ares->referral);
+
+	case LDB_REPLY_DONE:
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+fail:
+	talloc_free(ares);
+	return ldb_module_done(ac->req, NULL, NULL, ret);
+}
+
+static bool can_write_owner(TALLOC_CTX *mem_ctx,
+			    struct ldb_context *ldb,
+			    struct ldb_dn *dn,
+			    const struct security_token *security_token,
+			    const struct dom_sid *owner_sid)
+{
+	const struct dom_sid *default_owner = NULL;
+
+	/* If the user possesses SE_RESTORE_PRIVILEGE, the write is allowed. */
+	bool ok = security_token_has_privilege(security_token, SEC_PRIV_RESTORE);
+	if (ok) {
+		return true;
+	}
+
+	/* The user can write their own SID to a security descriptor. */
+	ok = security_token_is_sid(security_token, owner_sid);
+	if (ok) {
+		return true;
+	}
+
+        /*
+	 * The user can write the SID of the "default administrators group" that
+	 * they are a member of.
+	 */
+	default_owner = get_default_ag(mem_ctx, dn,
+				       security_token, ldb);
+	if (default_owner != NULL) {
+		ok = security_token_is_sid(security_token, owner_sid);
+	}
+
+	return ok;
+}
+
+static int descriptor_add(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct ldb_request *add_req;
+	struct ldb_message *msg;
+	struct ldb_result *parent_res;
+	const struct ldb_val *parent_sd = NULL;
+	const struct ldb_val *user_sd = NULL;
+	struct ldb_dn *dn = req->op.add.message->dn;
+	struct ldb_dn *parent_dn, *nc_root;
+	struct ldb_message_element *objectclass_element, *sd_element;
+	int ret;
+	const struct dsdb_schema *schema;
+	DATA_BLOB *sd;
+	const struct dsdb_class *objectclass;
+	static const char * const parent_attrs[] = { "nTSecurityDescriptor", NULL };
+	uint32_t instanceType;
+	bool isNC = false;
+	enum ndr_err_code ndr_err;
+	struct dsdb_control_calculated_default_sd *control_sd = NULL;
+	uint32_t sd_flags = dsdb_request_sd_flags(req, NULL);
+	struct security_descriptor *user_descriptor = NULL;
+
+	/* do not manipulate our control entries */
+	if (ldb_dn_is_special(dn)) {
+		return ldb_next_request(module, req);
+	}
+
+	user_sd = ldb_msg_find_ldb_val(req->op.add.message, "nTSecurityDescriptor");
+	sd_element = ldb_msg_find_element(req->op.add.message, "nTSecurityDescriptor");
+	/* nTSecurityDescriptor without a value is an error, letting through so it is handled */
+	if (user_sd == NULL && sd_element) {
+		return ldb_next_request(module, req);
+	}
+
+	ldb_debug(ldb, LDB_DEBUG_TRACE,"descriptor_add: %s\n", ldb_dn_get_linearized(dn));
+
+	instanceType = ldb_msg_find_attr_as_uint(req->op.add.message, "instanceType", 0);
+
+	if (instanceType & INSTANCE_TYPE_IS_NC_HEAD) {
+		isNC = true;
+	}
+
+	if (!isNC) {
+		ret = dsdb_find_nc_root(ldb, req, dn, &nc_root);
+		if (ret != LDB_SUCCESS) {
+			ldb_debug(ldb, LDB_DEBUG_TRACE,"descriptor_add: Could not find NC root for %s\n",
+				ldb_dn_get_linearized(dn));
+			return ret;
+		}
+
+		if (ldb_dn_compare(dn, nc_root) == 0) {
+			DEBUG(0, ("Found DN %s being a NC by the old method\n", ldb_dn_get_linearized(dn)));
+			isNC = true;
+		}
+	}
+
+	if (isNC) {
+		DEBUG(2, ("DN: %s is a NC\n", ldb_dn_get_linearized(dn)));
+	}
+	if (!isNC) {
+		/* if the object has a parent, retrieve its SD to
+		 * use for calculation. Unfortunately we do not yet have
+		 * instanceType, so we use dsdb_find_nc_root. */
+
+		parent_dn = ldb_dn_get_parent(req, dn);
+		if (parent_dn == NULL) {
+			return ldb_oom(ldb);
+		}
+
+		/* we aren't any NC */
+		ret = dsdb_module_search_dn(module, req, &parent_res, parent_dn,
+					    parent_attrs,
+					    DSDB_FLAG_NEXT_MODULE |
+					    DSDB_FLAG_AS_SYSTEM |
+					    DSDB_SEARCH_SHOW_RECYCLED,
+					    req);
+		if (ret != LDB_SUCCESS) {
+			ldb_debug(ldb, LDB_DEBUG_TRACE,"descriptor_add: Could not find SD for %s\n",
+				  ldb_dn_get_linearized(parent_dn));
+			return ret;
+		}
+		if (parent_res->count != 1) {
+			return ldb_operr(ldb);
+		}
+		parent_sd = ldb_msg_find_ldb_val(parent_res->msgs[0], "nTSecurityDescriptor");
+	}
+
+	schema = dsdb_get_schema(ldb, req);
+
+	objectclass_element = ldb_msg_find_element(req->op.add.message, "objectClass");
+	if (objectclass_element == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	objectclass = dsdb_get_last_structural_class(schema,
+						     objectclass_element);
+	if (objectclass == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	/*
+	 * The SD_FLAG control is ignored on add
+	 * and we default to all bits set.
+	 */
+	sd_flags = SECINFO_OWNER|SECINFO_GROUP|SECINFO_SACL|SECINFO_DACL;
+
+	control_sd = talloc(req, struct dsdb_control_calculated_default_sd);
+	if (control_sd == NULL) {
+		return ldb_operr(ldb);
+	}
+	control_sd->specified_sd = false;
+	control_sd->specified_sacl = false;
+	if (user_sd != NULL) {
+		user_descriptor = talloc(req, struct security_descriptor);
+		if (user_descriptor == NULL) {
+			return ldb_operr(ldb);
+		}
+		ndr_err = ndr_pull_struct_blob(user_sd, user_descriptor,
+					       user_descriptor,
+					       (ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
+
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			talloc_free(user_descriptor);
+			return ldb_operr(ldb);
+		}
+		/*
+		 * calculate the permissions needed, since in acl we no longer have
+		 * access to the original user descriptor
+		 */
+		control_sd->specified_sd = true;
+		control_sd->specified_sacl = user_descriptor->sacl != NULL;
+
+		if (user_descriptor->owner_sid != NULL) {
+			/* Verify the owner of the security descriptor. */
+
+			const struct auth_session_info *session_info
+				= ldb_get_opaque(ldb, DSDB_SESSION_INFO);
+
+			bool ok = can_write_owner(req,
+						  ldb,
+						  dn,
+						  session_info->security_token,
+						  user_descriptor->owner_sid);
+			talloc_free(user_descriptor);
+			if (!ok) {
+				return dsdb_module_werror(module,
+							  LDB_ERR_CONSTRAINT_VIOLATION,
+							  WERR_INVALID_OWNER,
+							  "invalid addition of owner SID");
+			}
+		}
+	}
+
+	sd = get_new_descriptor(module, dn, req,
+				objectclass, parent_sd,
+				user_sd, NULL, sd_flags);
+	if (sd == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	control_sd->default_sd = get_new_descriptor_nonlinear(module,
+							      dn,
+							      req,
+							      objectclass,
+							      parent_sd,
+							      NULL,
+							      NULL,
+							      sd_flags);
+	if (control_sd->default_sd == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	msg = ldb_msg_copy_shallow(req, req->op.add.message);
+	if (msg == NULL) {
+		return ldb_oom(ldb);
+	}
+	if (sd_element != NULL) {
+		sd_element->values[0] = *sd;
+	} else {
+		ret = ldb_msg_add_steal_value(msg,
+					      "nTSecurityDescriptor",
+					      sd);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	ret = ldb_build_add_req(&add_req, ldb, req,
+				msg,
+				req->controls,
+				req, dsdb_next_callback,
+				req);
+
+	LDB_REQ_SET_LOCATION(add_req);
+	if (ret != LDB_SUCCESS) {
+		return ldb_error(ldb, ret,
+				 "descriptor_add: Error creating new add request.");
+	}
+
+	*control_sd->default_sd->owner_sid = global_sid_NULL;
+	ret = ldb_request_add_control(add_req,
+				      DSDB_CONTROL_CALCULATED_DEFAULT_SD_OID,
+				      false, (void *)control_sd);
+	if (ret != LDB_SUCCESS) {
+		return ldb_module_operr(module);
+	}
+	return ldb_next_request(module, add_req);
+}
+
+static int descriptor_modify(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct ldb_request *mod_req;
+	struct ldb_message *msg;
+	struct ldb_result *current_res, *parent_res;
+	const struct ldb_val *old_sd = NULL;
+	const struct ldb_val *parent_sd = NULL;
+	const struct ldb_val *user_sd = NULL;
+	struct ldb_dn *dn = req->op.mod.message->dn;
+	struct ldb_dn *parent_dn;
+	struct ldb_message_element *objectclass_element, *sd_element;
+	int ret;
+	uint32_t instanceType;
+	bool explicit_sd_flags = false;
+	uint32_t sd_flags = dsdb_request_sd_flags(req, &explicit_sd_flags);
+	const struct dsdb_schema *schema;
+	DATA_BLOB *sd;
+	const struct dsdb_class *objectclass;
+	static const char * const parent_attrs[] = { "nTSecurityDescriptor", NULL };
+	static const char * const current_attrs[] = { "nTSecurityDescriptor",
+						      "instanceType",
+						      "objectClass", NULL };
+	struct GUID parent_guid = { .time_low = 0 };
+	struct ldb_control *sd_propagation_control;
+	int cmp_ret = -1;
+
+	/* do not manipulate our control entries */
+	if (ldb_dn_is_special(dn)) {
+		return ldb_next_request(module, req);
+	}
+
+	sd_propagation_control = ldb_request_get_control(req,
+					DSDB_CONTROL_SEC_DESC_PROPAGATION_OID);
+	if (sd_propagation_control != NULL) {
+		if (sd_propagation_control->data != module) {
+			return ldb_operr(ldb);
+		}
+		if (req->op.mod.message->num_elements != 0) {
+			return ldb_operr(ldb);
+		}
+		if (explicit_sd_flags) {
+			return ldb_operr(ldb);
+		}
+		if (sd_flags != 0xF) {
+			return ldb_operr(ldb);
+		}
+		if (sd_propagation_control->critical == 0) {
+			return ldb_operr(ldb);
+		}
+
+		sd_propagation_control->critical = 0;
+	}
+
+	sd_element = ldb_msg_find_element(req->op.mod.message, "nTSecurityDescriptor");
+	if (sd_propagation_control == NULL && sd_element == NULL) {
+		return ldb_next_request(module, req);
+	}
+
+	/*
+	 * nTSecurityDescriptor with DELETE is not supported yet.
+	 * TODO: handle this correctly.
+	 */
+	if (sd_propagation_control == NULL &&
+	    LDB_FLAG_MOD_TYPE(sd_element->flags) == LDB_FLAG_MOD_DELETE)
+	{
+		return ldb_module_error(module,
+					LDB_ERR_UNWILLING_TO_PERFORM,
+					"MOD_DELETE for nTSecurityDescriptor "
+					"not supported yet");
+	}
+
+	user_sd = ldb_msg_find_ldb_val(req->op.mod.message, "nTSecurityDescriptor");
+	/* nTSecurityDescriptor without a value is an error, letting through so it is handled */
+	if (sd_propagation_control == NULL && user_sd == NULL) {
+		return ldb_next_request(module, req);
+	}
+
+	if (sd_flags & SECINFO_OWNER && user_sd != NULL) {
+		/* Verify the new owner of the security descriptor. */
+
+		struct security_descriptor *user_descriptor = NULL;
+		enum ndr_err_code ndr_err;
+		const struct auth_session_info *session_info;
+		bool ok;
+
+		user_descriptor = talloc(req, struct security_descriptor);
+
+		if (user_descriptor == NULL) {
+			return ldb_operr(ldb);
+		}
+		ndr_err = ndr_pull_struct_blob(user_sd, user_descriptor,
+					       user_descriptor,
+					       (ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
+
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			talloc_free(user_descriptor);
+			return ldb_operr(ldb);
+		}
+
+		session_info = ldb_get_opaque(ldb, DSDB_SESSION_INFO);
+
+		ok = can_write_owner(req,
+				     ldb,
+				     dn,
+				     session_info->security_token,
+				     user_descriptor->owner_sid);
+		talloc_free(user_descriptor);
+		if (!ok) {
+			return dsdb_module_werror(module,
+						  LDB_ERR_CONSTRAINT_VIOLATION,
+						  WERR_INVALID_OWNER,
+						  "invalid modification of owner SID");
+		}
+	}
+
+	ldb_debug(ldb, LDB_DEBUG_TRACE,"descriptor_modify: %s\n", ldb_dn_get_linearized(dn));
+
+	ret = dsdb_module_search_dn(module, req, &current_res, dn,
+				    current_attrs,
+				    DSDB_FLAG_NEXT_MODULE |
+				    DSDB_FLAG_AS_SYSTEM |
+				    DSDB_SEARCH_SHOW_RECYCLED |
+				    DSDB_SEARCH_SHOW_EXTENDED_DN,
+				    req);
+	if (ret != LDB_SUCCESS) {
+		ldb_debug(ldb, LDB_DEBUG_ERROR,"descriptor_modify: Could not find %s\n",
+			  ldb_dn_get_linearized(dn));
+		return ret;
+	}
+
+	instanceType = ldb_msg_find_attr_as_uint(current_res->msgs[0],
+						 "instanceType", 0);
+	/* if the object has a parent, retrieve its SD to
+	 * use for calculation */
+	if (!ldb_dn_is_null(current_res->msgs[0]->dn) &&
+	    !(instanceType & INSTANCE_TYPE_IS_NC_HEAD)) {
+		NTSTATUS status;
+
+		parent_dn = ldb_dn_get_parent(req, dn);
+		if (parent_dn == NULL) {
+			return ldb_oom(ldb);
+		}
+		ret = dsdb_module_search_dn(module, req, &parent_res, parent_dn,
+					    parent_attrs,
+					    DSDB_FLAG_NEXT_MODULE |
+					    DSDB_FLAG_AS_SYSTEM |
+					    DSDB_SEARCH_SHOW_RECYCLED |
+					    DSDB_SEARCH_SHOW_EXTENDED_DN,
+					    req);
+		if (ret != LDB_SUCCESS) {
+			ldb_debug(ldb, LDB_DEBUG_ERROR, "descriptor_modify: Could not find SD for %s\n",
+				  ldb_dn_get_linearized(parent_dn));
+			return ret;
+		}
+		if (parent_res->count != 1) {
+			return ldb_operr(ldb);
+		}
+		parent_sd = ldb_msg_find_ldb_val(parent_res->msgs[0], "nTSecurityDescriptor");
+
+		status = dsdb_get_extended_dn_guid(parent_res->msgs[0]->dn,
+						   &parent_guid,
+						   "GUID");
+		if (!NT_STATUS_IS_OK(status)) {
+			return ldb_operr(ldb);
+		}
+	}
+
+	schema = dsdb_get_schema(ldb, req);
+
+	objectclass_element = ldb_msg_find_element(current_res->msgs[0], "objectClass");
+	if (objectclass_element == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	objectclass = dsdb_get_last_structural_class(schema,
+						     objectclass_element);
+	if (objectclass == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	old_sd = ldb_msg_find_ldb_val(current_res->msgs[0], "nTSecurityDescriptor");
+	if (old_sd == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	if (sd_propagation_control != NULL) {
+		/*
+		 * This just triggers a recalculation of the
+		 * inherited aces.
+		 */
+		user_sd = old_sd;
+	}
+
+	sd = get_new_descriptor(module, current_res->msgs[0]->dn, req,
+				objectclass, parent_sd,
+				user_sd, old_sd, sd_flags);
+	if (sd == NULL) {
+		return ldb_operr(ldb);
+	}
+	msg = ldb_msg_copy_shallow(req, req->op.mod.message);
+	if (msg == NULL) {
+		return ldb_oom(ldb);
+	}
+	cmp_ret = data_blob_cmp(old_sd, sd);
+	if (sd_propagation_control != NULL) {
+		if (cmp_ret == 0) {
+			/*
+			 * The nTSecurityDescriptor is unchanged,
+			 * which means we can stop the processing.
+			 *
+			 * We mark the control as critical again,
+			 * as we have not processed it, so the caller
+			 * can tell that the descriptor was unchanged.
+			 */
+			sd_propagation_control->critical = 1;
+			return ldb_module_done(req, NULL, NULL, LDB_SUCCESS);
+		}
+
+		ret = ldb_msg_append_value(msg, "nTSecurityDescriptor",
+					   sd, LDB_FLAG_MOD_REPLACE);
+		if (ret != LDB_SUCCESS) {
+			return ldb_oom(ldb);
+		}
+	} else if (cmp_ret != 0) {
+		struct GUID guid;
+		struct ldb_dn *nc_root;
+		NTSTATUS status;
+
+		ret = dsdb_find_nc_root(ldb,
+					msg,
+					current_res->msgs[0]->dn,
+					&nc_root);
+		if (ret != LDB_SUCCESS) {
+			return ldb_oom(ldb);
+		}
+
+		status = dsdb_get_extended_dn_guid(current_res->msgs[0]->dn,
+						   &guid,
+						   "GUID");
+		if (!NT_STATUS_IS_OK(status)) {
+			return ldb_operr(ldb);
+		}
+
+		/*
+		 * Force SD propagation on children of this record
+		 */
+		ret = dsdb_module_schedule_sd_propagation(module,
+							  nc_root,
+							  guid,
+							  parent_guid,
+							  false);
+		if (ret != LDB_SUCCESS) {
+			return ldb_operr(ldb);
+		}
+		sd_element->values[0] = *sd;
+	} else {
+		sd_element->values[0] = *sd;
+	}
+
+	ret = ldb_build_mod_req(&mod_req, ldb, req,
+				msg,
+				req->controls,
+				req,
+				dsdb_next_callback,
+				req);
+	LDB_REQ_SET_LOCATION(mod_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return ldb_next_request(module, mod_req);
+}
+
+static int descriptor_search(struct ldb_module *module, struct ldb_request *req)
+{
+	int ret;
+	struct ldb_context *ldb;
+	struct ldb_request *down_req;
+	struct descriptor_context *ac;
+	bool explicit_sd_flags = false;
+	uint32_t sd_flags = dsdb_request_sd_flags(req, &explicit_sd_flags);
+	bool show_sd = explicit_sd_flags;
+
+	if (!show_sd &&
+	    ldb_attr_in_list(req->op.search.attrs, "nTSecurityDescriptor"))
+	{
+		show_sd = true;
+	}
+
+	if (!show_sd) {
+		return ldb_next_request(module, req);
+	}
+
+	ldb = ldb_module_get_ctx(module);
+	ac = descriptor_init_context(module, req);
+	if (ac == NULL) {
+		return ldb_operr(ldb);
+	}
+	ac->sd_flags = sd_flags;
+
+	ret = ldb_build_search_req_ex(&down_req, ldb, ac,
+				      req->op.search.base,
+				      req->op.search.scope,
+				      req->op.search.tree,
+				      req->op.search.attrs,
+				      req->controls,
+				      ac, descriptor_search_callback,
+				      ac->req);
+	LDB_REQ_SET_LOCATION(down_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return ldb_next_request(ac->module, down_req);
+}
+
+static int descriptor_rename_callback(struct ldb_request *req,
+				      struct ldb_reply *ares)
+{
+	struct descriptor_context *ac = NULL;
+	struct ldb_context *ldb = NULL;
+	struct ldb_dn *newdn = req->op.rename.newdn;
+	struct GUID guid;
+	struct ldb_dn *nc_root;
+	struct GUID parent_guid = { .time_low = 0 };
+	int ret;
+
+	ac = talloc_get_type_abort(req->context, struct descriptor_context);
+	ldb = ldb_module_get_ctx(ac->module);
+
+	if (!ares) {
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	if (ares->type != LDB_REPLY_DONE) {
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+
+	ret = dsdb_module_guid_by_dn(ac->module,
+				     newdn,
+				     &guid,
+				     req);
+	if (ret != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, NULL, NULL,
+				       ret);
+	}
+	ret = dsdb_find_nc_root(ldb, req, newdn, &nc_root);
+	if (ret != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, NULL, NULL,
+				       ret);
+	}
+
+	/*
+	 * After a successful rename, force SD propagation on this
+	 * record (get a new inherited SD from the potentially new
+	 * parent
+	 *
+	 * We don't know the parent guid here (it is filled in as
+	 * all-zero in the initialiser above), but we're not in a hot
+	 * code path here, as the "descriptor" module is located above
+	 * the "repl_meta_data", only originating changes are handled
+	 * here.
+	 *
+	 * If it turns out to be a problem we may search for the new
+	 * parent guid.
+	 */
+
+	ret = dsdb_module_schedule_sd_propagation(ac->module,
+						  nc_root,
+						  guid,
+						  parent_guid,
+						  true);
+	if (ret != LDB_SUCCESS) {
+		ret = ldb_operr(ldb);
+		return ldb_module_done(ac->req, NULL, NULL,
+				       ret);
+	}
+
+	return ldb_module_done(ac->req, ares->controls,
+			       ares->response, ares->error);
+}
+
+
+
+
+static int descriptor_rename(struct ldb_module *module, struct ldb_request *req)
+{
+	struct descriptor_context *ac = NULL;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct ldb_dn *olddn = req->op.rename.olddn;
+	struct ldb_dn *newdn = req->op.rename.newdn;
+	struct ldb_request *down_req;
+	int ret;
+
+	/* do not manipulate our control entries */
+	if (ldb_dn_is_special(req->op.rename.olddn)) {
+		return ldb_next_request(module, req);
+	}
+
+	ldb_debug(ldb, LDB_DEBUG_TRACE,"descriptor_rename: %s\n",
+		  ldb_dn_get_linearized(olddn));
+
+	if (ldb_dn_compare(olddn, newdn) == 0) {
+		/* No special work required for a case-only rename */
+		return ldb_next_request(module, req);
+	}
+
+	ac = descriptor_init_context(module, req);
+	if (ac == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	ret = ldb_build_rename_req(&down_req, ldb, ac,
+				   req->op.rename.olddn,
+				   req->op.rename.newdn,
+				   req->controls,
+				   ac, descriptor_rename_callback,
+				   req);
+	LDB_REQ_SET_LOCATION(down_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return ldb_next_request(module, down_req);
+}
+
+static void descriptor_changes_parser(TDB_DATA key, TDB_DATA data, void *private_data)
+{
+	struct descriptor_changes **c_ptr = (struct descriptor_changes **)private_data;
+	uintptr_t ptr = 0;
+
+	SMB_ASSERT(data.dsize == sizeof(ptr));
+
+	memcpy(&ptr, data.dptr, data.dsize);
+
+	*c_ptr = talloc_get_type_abort((void *)ptr, struct descriptor_changes);
+}
+
+static void descriptor_object_parser(TDB_DATA key, TDB_DATA data, void *private_data)
+{
+	SMB_ASSERT(data.dsize == 0);
+}
+
+static int descriptor_extended_sec_desc_propagation(struct ldb_module *module,
+						    struct ldb_request *req)
+{
+	struct descriptor_data *descriptor_private =
+		talloc_get_type_abort(ldb_module_get_private(module),
+		struct descriptor_data);
+	struct descriptor_transaction *t = &descriptor_private->transaction;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct dsdb_extended_sec_desc_propagation_op *op;
+	struct descriptor_changes *c = NULL;
+	TDB_DATA key;
+	NTSTATUS status;
+
+	op = talloc_get_type(req->op.extended.data,
+			     struct dsdb_extended_sec_desc_propagation_op);
+	if (op == NULL) {
+		ldb_debug(ldb, LDB_DEBUG_FATAL,
+			  "descriptor_extended_sec_desc_propagation: "
+			  "invalid extended data\n");
+		return LDB_ERR_PROTOCOL_ERROR;
+	}
+
+	if (t->mem == NULL) {
+		return ldb_module_operr(module);
+	}
+
+	if (GUID_equal(&op->parent_guid, &op->guid)) {
+		/*
+		 * This is an unexpected situation,
+		 * it should never happen!
+		 */
+		DBG_ERR("ERROR: Object %s is its own parent (nc_root=%s)\n",
+			GUID_string(t->mem, &op->guid),
+			ldb_dn_get_extended_linearized(t->mem, op->nc_root, 1));
+		return ldb_module_operr(module);
+	}
+
+	/*
+	 * First we check if we already have an registration
+	 * for the given object.
+	 */
+
+	key = make_tdb_data((const void*)&op->guid, sizeof(op->guid));
+	status = dbwrap_parse_record(t->changes.map, key,
+				     descriptor_changes_parser, &c);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
+		c = NULL;
+		status = NT_STATUS_OK;
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		ldb_debug(ldb, LDB_DEBUG_FATAL,
+			  "dbwrap_parse_record() - %s\n",
+			  nt_errstr(status));
+		return ldb_module_operr(module);
+	}
+
+	if (c == NULL) {
+		/*
+		 * Create a new structure if we
+		 * don't know about the object yet.
+		 */
+
+		c = talloc_zero(t->mem, struct descriptor_changes);
+		if (c == NULL) {
+			return ldb_module_oom(module);
+		}
+		c->nc_root = ldb_dn_copy(c, op->nc_root);
+		if (c->nc_root == NULL) {
+			return ldb_module_oom(module);
+		}
+		c->guid = op->guid;
+	}
+
+	if (ldb_dn_compare(c->nc_root, op->nc_root) != 0) {
+		/*
+		 * This is an unexpected situation,
+		 * we don't expect the nc root to change
+		 * during a replication cycle.
+		 */
+		DBG_ERR("ERROR: Object %s nc_root changed %s => %s\n",
+			GUID_string(c, &c->guid),
+			ldb_dn_get_extended_linearized(c, c->nc_root, 1),
+			ldb_dn_get_extended_linearized(c, op->nc_root, 1));
+		return ldb_module_operr(module);
+	}
+
+	c->ref_count += 1;
+
+	/*
+	 * always use the last known parent_guid.
+	 */
+	c->parent_guid = op->parent_guid;
+
+	/*
+	 * Note that we only set, but don't clear values here,
+	 * it means c->force_self and c->force_children can
+	 * both be true in the end.
+	 */
+	if (op->include_self) {
+		c->force_self = true;
+	} else {
+		c->force_children = true;
+	}
+
+	if (c->ref_count == 1) {
+		struct TDB_DATA val = make_tdb_data((const void*)&c, sizeof(c));
+
+		/*
+		 * Remember the change by objectGUID in order
+		 * to avoid processing it more than once.
+		 */
+
+		status = dbwrap_store(t->changes.map, key, val, TDB_INSERT);
+		if (!NT_STATUS_IS_OK(status)) {
+			ldb_debug(ldb, LDB_DEBUG_FATAL,
+				  "dbwrap_parse_record() - %s\n",
+				  nt_errstr(status));
+			return ldb_module_operr(module);
+		}
+
+		DLIST_ADD_END(t->changes.list, c);
+		t->changes.num_registered += 1;
+	}
+	t->changes.num_registrations += 1;
+
+	return ldb_module_done(req, NULL, NULL, LDB_SUCCESS);
+}
+
+static int descriptor_extended(struct ldb_module *module, struct ldb_request *req)
+{
+	if (strcmp(req->op.extended.oid, DSDB_EXTENDED_SEC_DESC_PROPAGATION_OID) == 0) {
+		return descriptor_extended_sec_desc_propagation(module, req);
+	}
+
+	return ldb_next_request(module, req);
+}
+
+static int descriptor_init(struct ldb_module *module)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	int ret;
+	struct descriptor_data *descriptor_private;
+
+	ret = ldb_mod_register_control(module, LDB_CONTROL_SD_FLAGS_OID);
+	if (ret != LDB_SUCCESS) {
+		ldb_debug(ldb, LDB_DEBUG_ERROR,
+			"descriptor: Unable to register control with rootdse!\n");
+		return ldb_operr(ldb);
+	}
+
+	descriptor_private = talloc_zero(module, struct descriptor_data);
+	if (descriptor_private == NULL) {
+		ldb_oom(ldb);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	ldb_module_set_private(module, descriptor_private);
+
+	return ldb_next_init(module);
+}
+
+static int descriptor_sd_propagation_object(struct ldb_module *module,
+					    struct ldb_message *msg,
+					    bool *stop)
+{
+	struct descriptor_data *descriptor_private =
+		talloc_get_type_abort(ldb_module_get_private(module),
+		struct descriptor_data);
+	struct descriptor_transaction *t = &descriptor_private->transaction;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct ldb_request *sub_req;
+	struct ldb_result *mod_res;
+	struct ldb_control *sd_propagation_control;
+	struct GUID guid;
+	int ret;
+	TDB_DATA key;
+	TDB_DATA empty_val = { .dsize = 0, };
+	NTSTATUS status;
+	struct descriptor_changes *c = NULL;
+
+	*stop = false;
+
+	/*
+	 * We get the GUID of the object
+	 * in order to have the cache key
+	 * for the object.
+	 */
+
+	status = dsdb_get_extended_dn_guid(msg->dn, &guid, "GUID");
+	if (!NT_STATUS_IS_OK(status)) {
+		return ldb_operr(ldb);
+	}
+	key = make_tdb_data((const void*)&guid, sizeof(guid));
+
+	/*
+	 * Check if we already processed this object.
+	 */
+	status = dbwrap_parse_record(t->objects.map, key,
+				     descriptor_object_parser, NULL);
+	if (NT_STATUS_IS_OK(status)) {
+		/*
+		 * All work is already one
+		 */
+		t->objects.num_skipped += 1;
+		*stop = true;
+		return LDB_SUCCESS;
+	}
+	if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
+		ldb_debug(ldb, LDB_DEBUG_FATAL,
+			  "dbwrap_parse_record() - %s\n",
+			  nt_errstr(status));
+		return ldb_module_operr(module);
+	}
+
+	t->objects.num_processed += 1;
+
+	/*
+	 * Remember that we're processing this object.
+	 */
+	status = dbwrap_store(t->objects.map, key, empty_val, TDB_INSERT);
+	if (!NT_STATUS_IS_OK(status)) {
+		ldb_debug(ldb, LDB_DEBUG_FATAL,
+			  "dbwrap_parse_record() - %s\n",
+			  nt_errstr(status));
+		return ldb_module_operr(module);
+	}
+
+	/*
+	 * Check that if there's a descriptor_change in our list,
+	 * which we may be able to remove from the pending list
+	 * when we processed the object.
+	 */
+
+	status = dbwrap_parse_record(t->changes.map, key, descriptor_changes_parser, &c);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
+		c = NULL;
+		status = NT_STATUS_OK;
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		ldb_debug(ldb, LDB_DEBUG_FATAL,
+			  "dbwrap_parse_record() - %s\n",
+			  nt_errstr(status));
+		return ldb_module_operr(module);
+	}
+
+	mod_res = talloc_zero(msg, struct ldb_result);
+	if (mod_res == NULL) {
+		return ldb_module_oom(module);
+	}
+
+	ret = ldb_build_mod_req(&sub_req, ldb, mod_res,
+				msg,
+				NULL,
+				mod_res,
+				ldb_modify_default_callback,
+				NULL);
+	LDB_REQ_SET_LOCATION(sub_req);
+	if (ret != LDB_SUCCESS) {
+		return ldb_module_operr(module);
+	}
+
+	ldb_req_mark_trusted(sub_req);
+
+	ret = ldb_request_add_control(sub_req,
+				      DSDB_CONTROL_SEC_DESC_PROPAGATION_OID,
+				      true, module);
+	if (ret != LDB_SUCCESS) {
+		return ldb_module_operr(module);
+	}
+
+	sd_propagation_control = ldb_request_get_control(sub_req,
+					DSDB_CONTROL_SEC_DESC_PROPAGATION_OID);
+	if (sd_propagation_control == NULL) {
+		return ldb_module_operr(module);
+	}
+
+	ret = dsdb_request_add_controls(sub_req,
+					DSDB_FLAG_AS_SYSTEM |
+					DSDB_SEARCH_SHOW_RECYCLED);
+	if (ret != LDB_SUCCESS) {
+		return ldb_module_operr(module);
+	}
+
+	ret = descriptor_modify(module, sub_req);
+	if (ret == LDB_SUCCESS) {
+		ret = ldb_wait(sub_req->handle, LDB_WAIT_ALL);
+	}
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb_module_get_ctx(module),
+				       "descriptor_modify on %s failed: %s",
+				       ldb_dn_get_linearized(msg->dn),
+				       ldb_errstring(ldb_module_get_ctx(module)));
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	if (sd_propagation_control->critical != 0) {
+		if (c == NULL) {
+			/*
+			 * If we don't have a
+			 * descriptor_changes structure
+			 * we're done.
+			 */
+			*stop = true;
+		} else if (!c->force_children) {
+			/*
+			 * If we don't need to
+			 * propagate to children,
+			 * we're done.
+			 */
+			*stop = true;
+		}
+	}
+
+	if (c != NULL && !c->force_children) {
+		/*
+		 * Remove the pending change,
+		 * we already done all required work,
+		 * there's no need to do it again.
+		 *
+		 * Note DLIST_REMOVE() is a noop
+		 * if the element is not part of
+		 * the list.
+		 */
+		DLIST_REMOVE(t->changes.list, c);
+	}
+
+	talloc_free(mod_res);
+
+	return LDB_SUCCESS;
+}
+
+static int descriptor_sd_propagation_msg_sort(struct ldb_message **m1,
+					      struct ldb_message **m2)
+{
+	struct ldb_dn *dn1 = (*m1)->dn;
+	struct ldb_dn *dn2 = (*m2)->dn;
+
+	/*
+	 * This sorts in tree order, parents first
+	 */
+	return ldb_dn_compare(dn2, dn1);
+}
+
+static int descriptor_sd_propagation_recursive(struct ldb_module *module,
+					       struct descriptor_changes *change)
+{
+	struct descriptor_data *descriptor_private =
+		talloc_get_type_abort(ldb_module_get_private(module),
+		struct descriptor_data);
+	struct descriptor_transaction *t = &descriptor_private->transaction;
+	struct ldb_result *guid_res = NULL;
+	struct ldb_result *res = NULL;
+	unsigned int i;
+	const char * const no_attrs[] = { "@__NONE__", NULL };
+	struct ldb_dn *stopped_dn = NULL;
+	struct GUID_txt_buf guid_buf;
+	int ret;
+	bool stop = false;
+
+	t->changes.num_processed += 1;
+
+	/*
+	 * First confirm this object has children, or exists
+	 * (depending on change->force_self)
+	 * 
+	 * LDB_SCOPE_SUBTREE searches are expensive.
+	 *
+	 * We know this is safe against a rename race as we are in the
+	 * prepare_commit(), so must be in a transaction.
+	 */
+
+	/* Find the DN by GUID, as this is stable under rename */
+	ret = dsdb_module_search(module,
+				 change,
+				 &guid_res,
+				 change->nc_root,
+				 LDB_SCOPE_SUBTREE,
+				 no_attrs,
+				 DSDB_FLAG_NEXT_MODULE |
+				 DSDB_FLAG_AS_SYSTEM |
+				 DSDB_SEARCH_SHOW_DELETED |
+				 DSDB_SEARCH_SHOW_RECYCLED |
+				 DSDB_SEARCH_SHOW_EXTENDED_DN,
+				 NULL, /* parent_req */
+				 "(objectGUID=%s)",
+				 GUID_buf_string(&change->guid,
+						 &guid_buf));
+
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (guid_res->count != 1) {
+		/*
+		 * We were just given this GUID during the same
+		 * transaction, if it is missing this is a big
+		 * problem.
+		 *
+		 * Cleanup of tombstones does not trigger this module
+		 * as it just does a delete.
+		 */
+		ldb_asprintf_errstring(ldb_module_get_ctx(module),
+				       "failed to find GUID %s under %s "
+				       "for transaction-end SD inheritance: %d results",
+				       GUID_buf_string(&change->guid,
+						       &guid_buf),
+				       ldb_dn_get_linearized(change->nc_root),
+				       guid_res->count);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	/*
+	 * OK, so there was a parent, are there children?  Note: that
+	 * this time we do not search for deleted/recycled objects
+	 */
+	ret = dsdb_module_search(module,
+				 change,
+				 &res,
+				 guid_res->msgs[0]->dn,
+				 LDB_SCOPE_ONELEVEL,
+				 no_attrs,
+				 DSDB_FLAG_NEXT_MODULE |
+				 DSDB_FLAG_AS_SYSTEM,
+				 NULL, /* parent_req */
+				 "(objectClass=*)");
+	if (ret != LDB_SUCCESS) {
+		/*
+		 * LDB_ERR_NO_SUCH_OBJECT, say if the DN was a deleted
+		 * object, is ignored by the caller
+		 */
+		return ret;
+	}
+
+	if (res->count == 0 && !change->force_self) {
+		/* All done, no children */
+		TALLOC_FREE(res);
+		return LDB_SUCCESS;
+	}
+
+	/*
+	 * First, if we are in force_self mode (eg renamed under new
+	 * parent) then apply the SD to the top object
+	 */
+	if (change->force_self) {
+		ret = descriptor_sd_propagation_object(module,
+						       guid_res->msgs[0],
+						       &stop);
+		if (ret != LDB_SUCCESS) {
+			TALLOC_FREE(guid_res);
+			return ret;
+		}
+
+		if (stop == true && !change->force_children) {
+			/* There was no change, nothing more to do */
+			TALLOC_FREE(guid_res);
+			return LDB_SUCCESS;
+		}
+
+		if (res->count == 0) {
+			/* All done! */
+			TALLOC_FREE(guid_res);
+			return LDB_SUCCESS;
+		}
+	}
+
+	/*
+	 * Look for children
+	 *
+	 * Note: that we do not search for deleted/recycled objects
+	 */
+	ret = dsdb_module_search(module,
+				 change,
+				 &res,
+				 guid_res->msgs[0]->dn,
+				 LDB_SCOPE_SUBTREE,
+				 no_attrs,
+				 DSDB_FLAG_NEXT_MODULE |
+				 DSDB_FLAG_AS_SYSTEM |
+				 DSDB_SEARCH_SHOW_EXTENDED_DN,
+				 NULL, /* parent_req */
+				 "(objectClass=*)");
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	TYPESAFE_QSORT(res->msgs, res->count,
+		       descriptor_sd_propagation_msg_sort);
+
+	/* We start from 1, the top object has been done */
+	for (i = 1; i < res->count; i++) {
+		/*
+		 * ldb_dn_compare_base() does not match for NULL but
+		 * this is clearer
+		 */
+		if (stopped_dn != NULL) {
+			ret = ldb_dn_compare_base(stopped_dn,
+						  res->msgs[i]->dn);
+			/*
+			 * Skip further processing of this
+			 * sub-subtree
+			 */
+			if (ret == 0) {
+				continue;
+			}
+		}
+		ret = descriptor_sd_propagation_object(module,
+						       res->msgs[i],
+						       &stop);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		if (stop) {
+			/*
+			 * If this child didn't change, then nothing
+			 * under it needs to change
+			 *
+			 * res has been sorted into tree order so the
+			 * next few entries can be skipped
+			 */
+			stopped_dn = res->msgs[i]->dn;
+		}
+	}
+
+	TALLOC_FREE(res);
+	return LDB_SUCCESS;
+}
+
+static int descriptor_start_transaction(struct ldb_module *module)
+{
+	struct descriptor_data *descriptor_private =
+		talloc_get_type_abort(ldb_module_get_private(module),
+		struct descriptor_data);
+	struct descriptor_transaction *t = &descriptor_private->transaction;
+
+	if (t->mem != NULL) {
+		return ldb_module_operr(module);
+	}
+
+	*t = (struct descriptor_transaction) { .mem = NULL, };
+	t->mem = talloc_new(descriptor_private);
+	if (t->mem == NULL) {
+		return ldb_module_oom(module);
+	}
+	t->changes.map = db_open_rbt(t->mem);
+	if (t->changes.map == NULL) {
+		TALLOC_FREE(t->mem);
+		*t = (struct descriptor_transaction) { .mem = NULL, };
+		return ldb_module_oom(module);
+	}
+	t->objects.map = db_open_rbt(t->mem);
+	if (t->objects.map == NULL) {
+		TALLOC_FREE(t->mem);
+		*t = (struct descriptor_transaction) { .mem = NULL, };
+		return ldb_module_oom(module);
+	}
+
+	return ldb_next_start_trans(module);
+}
+
+static int descriptor_prepare_commit(struct ldb_module *module)
+{
+	struct descriptor_data *descriptor_private =
+		talloc_get_type_abort(ldb_module_get_private(module),
+		struct descriptor_data);
+	struct descriptor_transaction *t = &descriptor_private->transaction;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct descriptor_changes *c, *n;
+	int ret;
+
+	DBG_NOTICE("changes: num_registrations=%zu\n",
+		   t->changes.num_registrations);
+	DBG_NOTICE("changes: num_registered=%zu\n",
+		   t->changes.num_registered);
+
+	/*
+	 * The security descriptor propagation
+	 * needs to apply the inheritance from
+	 * an object to itself and/or all it's
+	 * children.
+	 *
+	 * In the initial replication during
+	 * a join, we have every object in our
+	 * list.
+	 *
+	 * In order to avoid useless work it's
+	 * better to start with toplevel objects and
+	 * move down to the leaf object from there.
+	 *
+	 * So if the parent_guid is also in our list,
+	 * we better move the object behind its parent.
+	 *
+	 * It allows that the recursive processing of
+	 * the parent already does the work needed
+	 * for the child.
+	 *
+	 * If we have a list for this directory tree:
+	 *
+	 *  A
+	 *    -> B
+	 *        -> C
+	 *            -> D
+	 *                -> E
+	 *
+	 * The initial list would have the order D, E, B, A, C
+	 *
+	 * By still processing from the front, we ensure that,
+	 * when D is found to be below C, that E follows because
+	 * we keep peeling items off the front for checking and
+	 * move them behind their parent.
+	 *
+	 * So we would go:
+	 *
+	 * E B A C D
+	 *
+	 * B A C D E
+	 *
+	 * A B C D E
+	 */
+	for (c = t->changes.list; c; c = n) {
+		struct descriptor_changes *pc = NULL;
+		n = c->next;
+
+		if (c->sort_count >= t->changes.num_registered) {
+			/*
+			 * This should never happen, but it's
+			 * a sanity check in order to avoid
+			 * endless loops. Just stop sorting.
+			 */
+			break;
+		}
+
+		/*
+		 * Check if we have the parent also in the list.
+		 */
+		if (!GUID_all_zero((const void*)&c->parent_guid)) {
+			TDB_DATA pkey;
+			NTSTATUS status;
+
+			pkey = make_tdb_data((const void*)&c->parent_guid,
+					     sizeof(c->parent_guid));
+
+			status = dbwrap_parse_record(t->changes.map, pkey,
+						     descriptor_changes_parser, &pc);
+			if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
+				pc = NULL;
+				status = NT_STATUS_OK;
+			}
+			if (!NT_STATUS_IS_OK(status)) {
+				ldb_debug(ldb, LDB_DEBUG_FATAL,
+					  "dbwrap_parse_record() - %s\n",
+					  nt_errstr(status));
+				return ldb_module_operr(module);
+			}
+		}
+
+		if (pc == NULL) {
+			/*
+			 * There is no parent in the list
+			 */
+			t->changes.num_toplevel += 1;
+			continue;
+		}
+
+		/*
+		 * Move the child after the parent
+		 *
+		 * Note that we do that multiple times
+		 * in case the parent already moved itself.
+		 *
+		 * See the comment above the loop.
+		 */
+		DLIST_REMOVE(t->changes.list, c);
+		DLIST_ADD_AFTER(t->changes.list, c, pc);
+
+		/*
+		 * Remember how often we moved the object
+		 * in order to avoid endless loops.
+		 */
+		c->sort_count += 1;
+	}
+
+	DBG_NOTICE("changes: num_toplevel=%zu\n", t->changes.num_toplevel);
+
+	while (t->changes.list != NULL) {
+		c = t->changes.list;
+
+		DLIST_REMOVE(t->changes.list, c);
+
+		/*
+		 * Note that descriptor_sd_propagation_recursive()
+		 * may also remove other elements of the list,
+		 * so we can't use a next pointer
+		 */
+		ret = descriptor_sd_propagation_recursive(module, c);
+		if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+			continue;
+		}
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	DBG_NOTICE("changes: num_processed=%zu\n", t->changes.num_processed);
+	DBG_NOTICE("objects: num_processed=%zu\n", t->objects.num_processed);
+	DBG_NOTICE("objects: num_skipped=%zu\n", t->objects.num_skipped);
+
+	return ldb_next_prepare_commit(module);
+}
+
+static int descriptor_end_transaction(struct ldb_module *module)
+{
+	struct descriptor_data *descriptor_private =
+		talloc_get_type_abort(ldb_module_get_private(module),
+		struct descriptor_data);
+	struct descriptor_transaction *t = &descriptor_private->transaction;
+
+	TALLOC_FREE(t->mem);
+	*t = (struct descriptor_transaction) { .mem = NULL, };
+
+	return ldb_next_end_trans(module);
+}
+
+static int descriptor_del_transaction(struct ldb_module *module)
+{
+	struct descriptor_data *descriptor_private =
+		talloc_get_type_abort(ldb_module_get_private(module),
+		struct descriptor_data);
+	struct descriptor_transaction *t = &descriptor_private->transaction;
+
+	TALLOC_FREE(t->mem);
+	*t = (struct descriptor_transaction) { .mem = NULL, };
+
+	return ldb_next_del_trans(module);
+}
+
+static const struct ldb_module_ops ldb_descriptor_module_ops = {
+	.name              = "descriptor",
+	.search            = descriptor_search,
+	.add               = descriptor_add,
+	.modify            = descriptor_modify,
+	.rename            = descriptor_rename,
+	.init_context      = descriptor_init,
+	.extended          = descriptor_extended,
+	.start_transaction = descriptor_start_transaction,
+	.prepare_commit    = descriptor_prepare_commit,
+	.end_transaction   = descriptor_end_transaction,
+	.del_transaction   = descriptor_del_transaction,
+};
+
+int ldb_descriptor_module_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_descriptor_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/dirsync.c b/source4/dsdb/samdb/ldb_modules/dirsync.c
new file mode 100644
index 0000000..9901a99
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/dirsync.c
@@ -0,0 +1,1381 @@
+/*
+   SAMDB control module
+
+   Copyright (C) Matthieu Patou <mat@matws.net> 2011
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include "includes.h"
+#include "ldb/include/ldb.h"
+#include "ldb/include/ldb_errors.h"
+#include "ldb/include/ldb_module.h"
+#include "libcli/security/security.h"
+#include "librpc/gen_ndr/drsblobs.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "librpc/ndr/libndr.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+#include "lib/util/smb_strtox.h"
+
+#define LDAP_DIRSYNC_OBJECT_SECURITY		0x01
+#define LDAP_DIRSYNC_ANCESTORS_FIRST_ORDER	0x800
+#define LDAP_DIRSYNC_PUBLIC_DATA_ONLY		0x2000
+#define LDAP_DIRSYNC_INCREMENTAL_VALUES		0x80000000
+
+
+struct dirsync_context {
+	struct ldb_module *module;
+	struct ldb_request *req;
+
+	/*
+	 * We keep a track of the number of attributes that we
+	 * add just for the need of the implementation
+	 * it will be useful to track the entries that need not to
+	 * be returned because there is no real change
+	 */
+
+	unsigned int nbDefaultAttrs;
+	uint64_t highestUSN;
+	uint64_t fromreqUSN;
+	uint32_t cursor_size;
+	bool noextended;
+	int extended_type;
+	bool linkIncrVal;
+	bool localonly;
+	bool partial;
+	int functional_level;
+	const struct GUID *our_invocation_id;
+	const struct dsdb_schema *schema;
+	struct ldb_dn *nc_root;
+	struct drsuapi_DsReplicaCursor *cursors;
+};
+
+
+static int dirsync_filter_entry(struct ldb_request *req,
+					struct ldb_message *msg,
+					struct ldb_control **controls,
+					struct dirsync_context *dsc,
+					bool referral)
+{
+	struct ldb_context *ldb;
+	uint64_t val = 0;
+	enum ndr_err_code ndr_err;
+	uint32_t n;
+	int i;
+	unsigned int size, j;
+	struct ldb_val *replMetaData = NULL;
+	struct replPropertyMetaDataBlob rmd;
+	const struct dsdb_attribute *attr;
+	const char **listAttr = NULL;
+	bool namereturned = false;
+	bool nameasked = false;
+	NTSTATUS status;
+	/* Adjustment for the added attributes, it will reduce the number of
+	 * expected to be here attributes*/
+	unsigned int delta = 0;
+	const char **myaccept = NULL;
+	const char *emptyaccept[] = { NULL };
+	const char *extendedaccept[] = { "GUID", "SID", "WKGUID", NULL };
+	const char *rdn = NULL;
+	struct ldb_message_element *el;
+	struct ldb_message *newmsg;
+	bool keep = false;
+	/*
+	 * Where we asked to do extended dn ?
+	 * if so filter out everything bug GUID, SID, WKGUID,
+	 * if not filter out everything (just keep the dn).
+	 */
+	if ( dsc->noextended == true ) {
+		myaccept = emptyaccept;
+	} else {
+		myaccept = extendedaccept;
+	}
+	ldb = ldb_module_get_ctx(dsc->module);
+
+	if (msg->num_elements == 0) {
+		/*
+			* Entry that we don't really have access to
+			*/
+		return LDB_SUCCESS;
+	}
+	ldb_dn_extended_filter(msg->dn, myaccept);
+
+	/*
+	* If the RDN starts with CN then the CN attribute is never returned
+	*/
+	rdn = ldb_dn_get_rdn_name(msg->dn);
+
+	/*
+	 * if objectGUID is asked and we are dealing for the referrals entries and
+	 * the usn searched is 0 then we didn't count the objectGUID as an automatically
+	 * returned attribute, do to so we increment delta.
+	 */
+	if (referral == true &&
+			ldb_attr_in_list(req->op.search.attrs, "objectGUID") &&
+			dsc->fromreqUSN == 0) {
+		delta++;
+	}
+
+
+	/*
+	 * In terms of big O notation this is not the best algorithm,
+	 * but we try our best not to make the worse one.
+	 * We are obliged to run through the n message's elements
+	 * and through the p elements of the replPropertyMetaData.
+	 *
+	 * It turns out that we are crawling twice the message's elements
+	 * the first crawl is to remove the non replicated and generated
+	 * attributes. The second one is to remove attributes that haven't
+	 * a USN > as the requested one.
+	 *
+	 * In the second crawl we are reading the list of elements in the
+	 * replPropertyMetaData for each remaining replicated attribute.
+	 * In order to keep the list small
+	 *
+	 * We have a O(n'*p') complexity, in worse case n' = n and p' = p
+	 * but in most case n' = n/2 (at least half of returned attributes
+	 * are not replicated or generated) and p' is small as we
+	 * list only the attribute that have been modified since last interrogation
+	 *
+	 */
+	for (i = msg->num_elements - 1; i >= 0; i--) {
+		if (ldb_attr_cmp(msg->elements[i].name, "uSNChanged") == 0) {
+			int error = 0;
+			/* Read the USN it will be used at the end of the filtering
+			 * to update the max USN in the cookie if we
+			 * decide to keep this entry
+			 */
+			val = smb_strtoull(
+				(const char*)msg->elements[i].values[0].data,
+				NULL,
+				0,
+				&error,
+				SMB_STR_STANDARD);
+			if (error != 0) {
+				ldb_set_errstring(ldb,
+						  "Failed to convert USN");
+				return ldb_module_done(dsc->req,
+						       NULL,
+						       NULL,
+						       LDB_ERR_OPERATIONS_ERROR);
+			}
+			continue;
+		}
+
+		if (ldb_attr_cmp(msg->elements[i].name,
+						"replPropertyMetaData") == 0) {
+			replMetaData = (talloc_steal(dsc, &msg->elements[i].values[0]));
+			continue;
+		}
+	}
+
+	if (replMetaData == NULL) {
+		bool guidfound = false;
+
+		/*
+		 * We are in the case of deleted object where we don't have the
+		 * right to read it.
+		 */
+		if (!ldb_msg_find_attr_as_uint(msg, "isDeleted", 0)) {
+			/*
+			 * This is not a deleted item and we don't
+			 * have the replPropertyMetaData.
+			 * Do not return it
+			 */
+			return LDB_SUCCESS;
+		}
+		el = ldb_msg_find_element(msg, "objectGUID");
+		if ( el != NULL) {
+			guidfound = true;
+		}
+		/*
+		 * We expect to find the GUID in the object
+		 */
+		SMB_ASSERT(guidfound == true);
+		return ldb_module_send_entry(dsc->req, msg, controls);
+	}
+
+	newmsg = ldb_msg_new(dsc->req);
+	if (newmsg == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	ndr_err = ndr_pull_struct_blob(replMetaData, dsc, &rmd,
+		(ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaDataBlob);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		ldb_set_errstring(ldb, "Unable to unmarshall replPropertyMetaData");
+		return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ldb_attr_in_list(req->op.search.attrs, "name") ||
+			ldb_attr_in_list(req->op.search.attrs, "*")) {
+		nameasked = true;
+	}
+
+	/*
+		* If we don't have an USN and no uptodateness array then we skip the
+		* test phase this is an optimisation for the case when you
+		* first query the DC without a cookie.
+		* As this query is most probably the one
+		* that will return the biggest answer, skipping this part
+		* will really save time.
+		*/
+	if (ldb_dn_compare(dsc->nc_root, msg->dn) == 0) {
+		/* If we have name then we expect to have parentGUID,
+		 * it will not be the case for the root of the NC
+		 */
+		delta++;
+	}
+
+	if (dsc->fromreqUSN > 0 || dsc->cursors != NULL) {
+		j = 0;
+		/*
+		* Allocate an array of size(replMetaData) of char*
+		* we know that it will be oversized but it's a short lived element
+		*/
+		listAttr = talloc_array(msg, const char*, rmd.ctr.ctr1.count + 1);
+		if (listAttr == NULL) {
+			return ldb_oom(ldb);
+		}
+		for (n=0; n < rmd.ctr.ctr1.count; n++) {
+			struct replPropertyMetaData1 *omd = &rmd.ctr.ctr1.array[n];
+			if (omd->local_usn > dsc->fromreqUSN) {
+				const struct dsdb_attribute *a = dsdb_attribute_by_attributeID_id(dsc->schema,
+										omd->attid);
+				if (!dsc->localonly) {
+					struct drsuapi_DsReplicaCursor *tab = dsc->cursors;
+					uint32_t l;
+					for (l=0; l < dsc->cursor_size; l++) {
+						if (GUID_equal(&tab[l].source_dsa_invocation_id, &omd->originating_invocation_id) &&
+								tab[l].highest_usn >= omd->originating_usn) {
+							/*
+							 * If we have in the uptodateness vector an entry
+							 * with the same invocation id as the originating invocation
+							 * and if the usn in the vector is greater or equal to
+							 * the one in originating_usn, then it means that this entry
+							 * has already been sent (from another DC) to the client
+							 * no need to resend it one more time.
+							 */
+							goto skip;
+						}
+					}
+					/* If we are here it's because we have a usn > (max(usn of vectors))*/
+				}
+				if (namereturned == false &&
+						nameasked == true &&
+						ldb_attr_cmp(a->lDAPDisplayName, "name") == 0) {
+					namereturned = true;
+					if (ldb_dn_compare(dsc->nc_root, msg->dn) == 0) {
+						delta++;
+					}
+				}
+				listAttr[j] = a->lDAPDisplayName;
+				j++;
+skip:
+				continue;
+			}
+		}
+		size = j;
+	} else {
+		size = 0;
+		if (ldb_attr_in_list(req->op.search.attrs, "*") ||
+				ldb_attr_in_list(req->op.search.attrs, "name")) {
+			namereturned = true;
+		}
+	}
+
+
+	/*
+	 * Let's loop around the remaining elements
+	 * to see which one are in the listAttr.
+	 * If they are in this array it means that
+	 * their localusn > usn from the request (in the cookie)
+	 * if not we remove the attribute.
+	 */
+	for (i = msg->num_elements - 1; i >= 0; i--) {
+		const char *ldapattrname;
+
+		el = &(msg->elements[i]);
+		ldapattrname = el->name;
+
+		attr = dsdb_attribute_by_lDAPDisplayName(dsc->schema,
+				el->name);
+		if (attr == NULL) {
+			continue;
+		}
+
+		keep = false;
+
+		if (attr->linkID & 1) {
+			/*
+			 * Attribute is a backlink so let's remove it
+			 */
+			continue;
+		}
+
+		if (ldb_attr_cmp(msg->elements[i].name,
+						"replPropertyMetaData") == 0) {
+			continue;
+		}
+
+		if ((attr->systemFlags & (DS_FLAG_ATTR_NOT_REPLICATED | DS_FLAG_ATTR_IS_CONSTRUCTED))) {
+			if (ldb_attr_cmp(attr->lDAPDisplayName, "objectGUID") != 0 &&
+					ldb_attr_cmp(attr->lDAPDisplayName, "parentGUID") != 0) {
+				/*
+				 * Attribute is constructed or not replicated, let's get rid of it
+				 */
+				continue;
+			} else {
+				/* Let's keep the attribute that we forced to be added
+				 * even if they are not in the replicationMetaData
+				 * or are just generated
+				 */
+				if (namereturned == false &&
+					(ldb_attr_cmp(attr->lDAPDisplayName, "parentGUID") == 0)) {
+					delta++;
+					continue;
+				}
+				if (ldb_msg_add(newmsg, el, LDB_FLAG_MOD_ADD) != LDB_SUCCESS) {
+					return ldb_error(ldb,
+						LDB_ERR_OPERATIONS_ERROR,
+						"Unable to add attribute");
+				}
+				talloc_steal(newmsg->elements, el->name);
+				talloc_steal(newmsg->elements, el->values);
+				continue;
+			}
+		}
+
+		if (ldb_attr_cmp(msg->elements[i].name, rdn) == 0) {
+			/*
+			 * We have an attribute that is the same as the start of the RDN
+			 * (ie. attribute CN with rdn CN=).
+			 */
+			continue;
+		}
+
+		if (ldb_attr_cmp(attr->lDAPDisplayName, "instanceType") == 0) {
+			if (ldb_msg_add(newmsg, el, LDB_FLAG_MOD_ADD) != LDB_SUCCESS) {
+				return ldb_error(ldb,
+						LDB_ERR_OPERATIONS_ERROR,
+						"Unable to add attribute");
+			}
+			talloc_steal(newmsg->elements, el->name);
+			talloc_steal(newmsg->elements, el->values);
+			continue;
+		}
+		/* For links, when our functional level > windows 2000
+		 * we use the RMD_LOCAL_USN information to decide whether
+		 * we return the attribute or not.
+		 * For windows 2000 this information is in the replPropertyMetaData
+		 * so it will be handled like any other replicated attribute
+		 */
+
+		if (dsc->functional_level > DS_DOMAIN_FUNCTION_2000 &&
+				attr->linkID != 0 ) {
+			int k;
+			/*
+			 * Elements for incremental changes on linked attributes
+			 */
+			struct ldb_message_element *el_incr_add = NULL;
+			struct ldb_message_element *el_incr_del = NULL;
+			/*
+			 * Attribute is a forwardlink so let's remove it
+			 */
+
+			for (k = el->num_values -1; k >= 0; k--) {
+				char *dn_ln;
+				uint32_t flags = 0;
+				uint32_t tmp_usn = 0;
+				uint32_t tmp_usn2 = 0;
+				struct GUID invocation_id = GUID_zero();
+				struct dsdb_dn *dn = dsdb_dn_parse(msg, ldb, &el->values[k], attr->syntax->ldap_oid);
+				struct ldb_dn *copydn;
+				if (dn == NULL) {
+					ldb_set_errstring(ldb, "Cannot parse DN");
+					return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
+				}
+
+				copydn = ldb_dn_copy(msg, dn->dn);
+				if (copydn == NULL) {
+					ldb_oom(ldb);
+				}
+
+				status = dsdb_get_extended_dn_uint32(dn->dn, &tmp_usn, "RMD_LOCAL_USN");
+				if (!NT_STATUS_IS_OK(status)) {
+					talloc_free(dn);
+					return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
+				}
+				status = dsdb_get_extended_dn_guid(dn->dn,  &invocation_id, "RMD_INVOCID");
+				if (!NT_STATUS_IS_OK(status)) {
+					talloc_free(dn);
+					return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
+				}
+
+				status = dsdb_get_extended_dn_uint32(dn->dn, &flags, "RMD_FLAGS");
+				if (!NT_STATUS_IS_OK(status)) {
+					talloc_free(dn);
+					return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
+				}
+
+				status = dsdb_get_extended_dn_uint32(dn->dn, &tmp_usn2, "RMD_ORIGINATING_USN");
+				if (!NT_STATUS_IS_OK(status)) {
+					talloc_free(dn);
+					return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
+				}
+
+				ldb_dn_extended_filter(dn->dn, myaccept);
+				dn_ln = dsdb_dn_get_extended_linearized(dn, dn,
+							dsc->extended_type);
+				if (dn_ln == NULL)
+				{
+					talloc_free(dn);
+					ldb_set_errstring(ldb, "Cannot linearize dn");
+					return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
+				}
+
+				talloc_free(el->values[k].data);
+				el->values[k].data = (uint8_t*)talloc_steal(el->values, dn_ln);
+				if (el->values[k].data == NULL) {
+					talloc_free(dn);
+					return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
+				}
+				el->values[k].length = strlen(dn_ln);
+
+
+				if (tmp_usn > dsc->fromreqUSN) {
+					if (!dsc->localonly) {
+						struct drsuapi_DsReplicaCursor *tab = dsc->cursors;
+						uint32_t l;
+
+						for (l=0; l < dsc->cursor_size; l++) {
+							if (GUID_equal(&tab[l].source_dsa_invocation_id, &invocation_id) &&
+									tab[l].highest_usn >= tmp_usn2) {
+								/*
+								* If we have in the uptodateness vector an entry
+								* with the same invocation id as the originating invocation
+								* and if the usn in the vector is greater or equal to
+								* the one in originating_usn, then it means that this entry
+								* has already been sent (from another DC) to the client
+								* no need to resend it one more time.
+								*/
+								goto skip_link;
+							}
+						}
+						/* If we are here it's because we have a usn > (max(usn of vectors))*/
+						keep = true;
+					} else {
+						keep = true;
+					}
+				/* If we are here it's because the link is more recent than either any
+				 * originating usn or local usn
+				 */
+
+					if (dsc->linkIncrVal == true) {
+						struct ldb_message_element *tmpel;
+						if (flags & DSDB_RMD_FLAG_DELETED) {
+							/* We have to check that the inactive link still point to an existing object */
+							struct GUID guid;
+							struct ldb_dn *tdn;
+							int ret;
+
+							status = dsdb_get_extended_dn_guid(copydn, &guid, "GUID");
+							if (!NT_STATUS_IS_OK(status)) {
+								DEBUG(0,(__location__ " Unable to extract GUID in linked attribute '%s' in '%s'\n",
+									el->name, ldb_dn_get_linearized(copydn)));
+								return ldb_operr(ldb);
+							}
+							ret = dsdb_module_dn_by_guid(dsc->module, newmsg, &guid, &tdn, req);
+							if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+								DEBUG(2, (" Search of guid %s returned 0 objects, skipping it !\n",
+											GUID_string(newmsg, &guid)));
+								continue;
+							} else if (ret != LDB_SUCCESS) {
+								DEBUG(0, (__location__ " Search of guid %s failed with error code %d\n",
+											GUID_string(newmsg, &guid),
+											ret));
+								continue;
+							}
+							tmpel = el_incr_del;
+						} else {
+							tmpel = el_incr_add;
+						}
+
+						if (tmpel == NULL) {
+							tmpel = talloc_zero(newmsg, struct ldb_message_element);
+							if (tmpel == NULL) {
+								return ldb_oom(ldb);
+							}
+							tmpel->values = talloc_array(tmpel, struct ldb_val, 1);
+							if (tmpel->values == NULL) {
+								return ldb_oom(ldb);
+							}
+							if (flags & DSDB_RMD_FLAG_DELETED) {
+								tmpel->name = talloc_asprintf(tmpel,
+										"%s;range=0-0",
+										el->name);
+							}
+							else {
+								tmpel->name = talloc_asprintf(tmpel,
+										"%s;range=1-1",
+										el->name);
+							}
+							if (tmpel->name == NULL) {
+								return ldb_oom(ldb);
+							}
+							tmpel->num_values = 1;
+						} else {
+							tmpel->num_values += 1;
+							tmpel->values = talloc_realloc(tmpel,
+												tmpel->values,
+												struct ldb_val,
+												tmpel->num_values);
+							if (tmpel->values == NULL) {
+								return ldb_oom(ldb);
+							}
+						}
+						tmpel->values[tmpel->num_values -1].data =talloc_steal(tmpel->values, el->values[k].data);
+						tmpel->values[tmpel->num_values -1].length = el->values[k].length;
+
+						if (flags & DSDB_RMD_FLAG_DELETED) {
+							el_incr_del = tmpel;
+						} else {
+							el_incr_add = tmpel;
+						}
+					}
+				}
+
+				if (dsc->linkIncrVal == false) {
+					if (flags & DSDB_RMD_FLAG_DELETED) {
+						ARRAY_DEL_ELEMENT(
+							el->values,
+							k,
+							el->num_values);
+						el->num_values--;
+					}
+				}
+skip_link:
+				talloc_free(dn);
+
+			}
+			if (keep == true) {
+				if (dsc->linkIncrVal == false) {
+					if (ldb_msg_add(newmsg, el, LDB_FLAG_MOD_ADD) != LDB_SUCCESS) {
+						return ldb_error(ldb,
+							LDB_ERR_OPERATIONS_ERROR,
+							"Unable to add attribute");
+					}
+					talloc_steal(newmsg->elements, el->name);
+					talloc_steal(newmsg->elements, el->values);
+				} else {
+					if (el_incr_del) {
+						if (ldb_msg_add(newmsg, el_incr_del, LDB_FLAG_MOD_ADD))
+							return ldb_error(ldb,
+								LDB_ERR_OPERATIONS_ERROR,
+								"Unable to add attribute");
+					}
+					if (el_incr_add) {
+						if (ldb_msg_add(newmsg, el_incr_add, LDB_FLAG_MOD_ADD))
+							return ldb_error(ldb,
+								LDB_ERR_OPERATIONS_ERROR,
+								"Unable to add attribute");
+					}
+				}
+			}
+			continue;
+		}
+
+		if (listAttr) {
+			for (j=0; j<size; j++) {
+			/*
+				* We mark attribute that has already been seen well
+				* as seen. So that after attribute that are still in
+				* listAttr are attributes that has been modified after
+				* the requested USN but not present in the attributes
+				* returned by the ldb search.
+				* That is to say attributes that have been removed
+				*/
+				if (listAttr[j] && ldb_attr_cmp(listAttr[j], ldapattrname) == 0) {
+					listAttr[j] = NULL;
+					keep = true;
+					continue;
+				}
+			}
+		} else {
+			keep = true;
+		}
+
+		if (keep == true) {
+			if (ldb_msg_add(newmsg, el, LDB_FLAG_MOD_ADD) != LDB_SUCCESS) {
+				return ldb_error(ldb,
+					LDB_ERR_OPERATIONS_ERROR,
+					"Unable to add attribute");
+			}
+			talloc_steal(newmsg->elements, el->name);
+			talloc_steal(newmsg->elements, el->values);
+			continue;
+		}
+	}
+	talloc_steal(newmsg->elements, msg);
+
+	/*
+	 * Here we run through the list of attributes returned
+	 * in the propertyMetaData.
+	 * Entries of this list have usn > requested_usn,
+	 * entries that are also present in the message have been
+	 * replaced by NULL, so at this moment the list contains
+	 * only elements that have a usn > requested_usn and that
+	 * haven't been seen. It's attributes that were removed.
+	 * We add them to the message like empty elements.
+	 */
+	for (j=0; j<size; j++) {
+		if (listAttr[j] && (
+				ldb_attr_in_list(req->op.search.attrs, "*") ||
+				ldb_attr_in_list(req->op.search.attrs, listAttr[j])) &&
+				(ldb_attr_cmp(listAttr[j], rdn) != 0) &&
+				(ldb_attr_cmp(listAttr[j], "instanceType") != 0)) {
+			ldb_msg_add_empty(newmsg, listAttr[j], LDB_FLAG_MOD_DELETE, NULL);
+		}
+	}
+	talloc_free(listAttr);
+
+	if ((newmsg->num_elements - ( dsc->nbDefaultAttrs - delta)) > 0) {
+		/*
+		 * After cleaning attributes there is still some attributes that were not added just
+		 * for the purpose of the control (objectGUID, instanceType, ...)
+		 */
+
+		newmsg->dn = talloc_steal(newmsg, msg->dn);
+		if (val > dsc->highestUSN) {
+			dsc->highestUSN = val;
+		}
+		return ldb_module_send_entry(dsc->req, newmsg, controls);
+	} else {
+		talloc_free(newmsg);
+		return LDB_SUCCESS;
+	}
+}
+
+
+static int dirsync_create_vector(struct ldb_request *req,
+					struct ldb_reply *ares,
+					struct dirsync_context *dsc,
+					struct ldapControlDirSyncCookie *cookie,
+					struct ldb_context *ldb)
+{
+	struct ldb_result *resVector;
+	const char* attrVector[] = {"replUpToDateVector", NULL };
+	uint64_t highest_usn;
+	uint32_t count = 1;
+	int ret;
+	struct drsuapi_DsReplicaCursor *tab;
+
+	ret = ldb_sequence_number(ldb, LDB_SEQ_HIGHEST_SEQ, &highest_usn);
+	if (ret != LDB_SUCCESS) {
+		return ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR, "Unable to get highest USN from current NC");
+	}
+
+	/* If we have a full answer then the highest USN
+	 * is not the highest USN from the result set but the
+	 * highest of the naming context, unless the sequence is not updated yet.
+	 */
+	if (highest_usn > dsc->highestUSN) {
+		dsc->highestUSN = highest_usn;
+	}
+
+
+	ret = dsdb_module_search_dn(dsc->module, dsc, &resVector,
+			dsc->nc_root,
+			attrVector,
+			DSDB_FLAG_NEXT_MODULE, req);
+	if (ret != LDB_SUCCESS) {
+		return ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR,
+				 "Unable to get replUpToDateVector for current NC");
+	}
+
+	if (resVector->count != 0) {
+		DATA_BLOB blob;
+		uint32_t i;
+		struct ldb_message_element *el = ldb_msg_find_element(resVector->msgs[0], "replUpToDateVector");
+		if (el) {
+			enum ndr_err_code ndr_err;
+			struct replUpToDateVectorBlob utd;
+			blob.data = el->values[0].data;
+			blob.length = el->values[0].length;
+			ndr_err = ndr_pull_struct_blob(&blob, dsc, &utd,
+						(ndr_pull_flags_fn_t)ndr_pull_replUpToDateVectorBlob);
+
+			if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+				return ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR,
+						"Unable to pull replUpToDateVectorBlob structure");
+			}
+
+
+			count += utd.ctr.ctr2.count;
+			tab = talloc_array(cookie, struct drsuapi_DsReplicaCursor, count);
+			if (tab == NULL) {
+				return ldb_oom(ldb);
+			}
+			for (i=1; i < count; i++) {
+				memset(&tab[i], 0, sizeof(struct drsuapi_DsReplicaCursor));
+				tab[i].highest_usn = utd.ctr.ctr2.cursors[i-1].highest_usn;
+				tab[i].source_dsa_invocation_id = utd.ctr.ctr2.cursors[i-1].source_dsa_invocation_id;
+			}
+		} else {
+			tab = talloc_array(cookie, struct drsuapi_DsReplicaCursor, count);
+			if (tab == NULL) {
+				return ldb_oom(ldb);
+			}
+		}
+	} else {
+		/*
+		 * No replUpToDateVector ? it happens quite often (1 DC,
+		 * other DCs didn't update ...
+		 */
+		tab = talloc_array(cookie, struct drsuapi_DsReplicaCursor, count);
+		if (tab == NULL) {
+			return ldb_oom(ldb);
+		}
+	}
+	/* Our vector is always the first */
+	tab[0].highest_usn = dsc->highestUSN;
+	tab[0].source_dsa_invocation_id = *(dsc->our_invocation_id);
+
+
+	/* We have to add the uptodateness vector that we have*/
+	/* Version is always 1 in dirsync cookies */
+	cookie->blob.extra.uptodateness_vector.version = 1;
+	cookie->blob.extra.uptodateness_vector.reserved = 0;
+	cookie->blob.extra.uptodateness_vector.ctr.ctr1.count = count;
+	cookie->blob.extra.uptodateness_vector.ctr.ctr1.reserved = 0;
+	cookie->blob.extra.uptodateness_vector.ctr.ctr1.cursors = tab;
+
+	return LDB_SUCCESS;
+}
+
+static int dirsync_search_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	int ret;
+	struct dirsync_context *dsc;
+	struct ldb_result *res, *res2;
+	struct ldb_dirsync_control *control;
+	struct ldapControlDirSyncCookie *cookie;
+	struct ldb_context *ldb;
+	struct ldb_dn *dn;
+	struct ldb_val *val;
+	DATA_BLOB *blob;
+	NTTIME now;
+	const char *attrs[] = { "objectGUID", NULL };
+	enum ndr_err_code ndr_err;
+	char *tmp;
+	uint32_t flags;
+
+	dsc = talloc_get_type_abort(req->context, struct dirsync_context);
+	ldb = ldb_module_get_ctx(dsc->module);
+	if (!ares) {
+		return ldb_module_done(dsc->req, NULL, NULL,
+				       LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(dsc->req, ares->controls,
+				       ares->response, ares->error);
+	}
+
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+		return dirsync_filter_entry(req, ares->message, ares->controls, dsc, false);
+
+	case LDB_REPLY_REFERRAL:
+		/* Skip the ldap(s):// so up to 8 chars,
+		 * we don't care to be precise as the goal is to be in
+		 * the name of DC, then we search the next '/'
+		 * as it will be the last char before the DN of the referral
+		 */
+		if (strncmp(ares->referral, "ldap://", 7) == 0) {
+			tmp = ares->referral + 7;
+		} else if (strncmp(ares->referral, "ldaps://", 8) == 0) {
+			tmp = ares->referral + 8;
+		} else {
+			return ldb_operr(ldb);
+		}
+
+		tmp = strchr(tmp, '/');
+		if (tmp == NULL) {
+			return ldb_operr(ldb);
+		}
+		tmp++;
+
+		dn = ldb_dn_new(dsc, ldb, tmp);
+		if (dn == NULL) {
+			return ldb_oom(ldb);
+		}
+
+		flags = DSDB_FLAG_NEXT_MODULE |
+			DSDB_SEARCH_SHOW_DELETED |
+			DSDB_SEARCH_SHOW_EXTENDED_DN;
+
+		ret = dsdb_module_search_tree(dsc->module, dsc, &res,
+					dn, LDB_SCOPE_BASE,
+					req->op.search.tree,
+					req->op.search.attrs,
+					flags, req);
+
+		if (ret != LDB_SUCCESS) {
+			talloc_free(dn);
+			return ret;
+		}
+
+		if (res->count > 1) {
+			char *ldbmsg = talloc_asprintf(dn, "LDB returned more than result for dn: %s", tmp);
+			if (ldbmsg) {
+				ldb_set_errstring(ldb, ldbmsg);
+			}
+			talloc_free(dn);
+			return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
+		} else if (res->count == 0) {
+			/* if nothing is returned then it means that we don't
+			* have access to it.
+			*/
+			return LDB_SUCCESS;
+		}
+
+		talloc_free(dn);
+		/*
+		 * Fetch the objectGUID of the root of current NC
+		 */
+		ret = dsdb_module_search_dn(dsc->module, dsc, &res2,
+					req->op.search.base,
+					attrs,
+					DSDB_FLAG_NEXT_MODULE, req);
+
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+		if (res2->msgs[0]->num_elements != 1) {
+			ldb_set_errstring(ldb,
+					  "More than 1 attribute returned while looking for objectGUID");
+			return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
+		}
+
+		val = res2->msgs[0]->elements[0].values;
+		ret = ldb_msg_add_value(res->msgs[0], "parentGUID", val, NULL);
+		/*
+		 * It *very* important to steal otherwise as val is in a subcontext
+		 * related to res2, when the value will be one more time stolen
+		 * it's elements[x].values that will be stolen, so it's important to
+		 * recreate the context hierarchy as if it was done from a ldb_request
+		 */
+		talloc_steal(res->msgs[0]->elements[0].values, val);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+		return dirsync_filter_entry(req, res->msgs[0], res->controls, dsc, true);
+
+	case LDB_REPLY_DONE:
+		/*
+		 * Let's add our own control
+		 */
+
+		control = talloc_zero(ares->controls, struct ldb_dirsync_control);
+		if (control == NULL) {
+			return ldb_oom(ldb);
+		}
+
+		/*
+		 * When outputting flags is used to say more results.
+		 * For the moment we didn't honour the size info */
+
+		control->flags = 0;
+
+		/*
+		 * max_attribute is unused cf. 3.1.1.3.4.1.3 LDAP_SERVER_DIRSYNC_OID in MS-ADTS
+		 */
+
+		control->max_attributes = 0;
+		cookie = talloc_zero(control, struct ldapControlDirSyncCookie);
+		if (cookie == NULL) {
+			return ldb_oom(ldb);
+		}
+
+		if (!dsc->partial) {
+			ret = dirsync_create_vector(req, ares, dsc, cookie, ldb);
+			if (ret != LDB_SUCCESS) {
+				return ldb_module_done(dsc->req, NULL, NULL, ret);
+			}
+		}
+
+		unix_to_nt_time(&now, time(NULL));
+		cookie->blob.time = now;
+		cookie->blob.highwatermark.highest_usn = dsc->highestUSN;
+		cookie->blob.highwatermark.tmp_highest_usn = dsc->highestUSN;
+		cookie->blob.guid1 = *(dsc->our_invocation_id);
+
+		blob = talloc_zero(control, DATA_BLOB);
+		if (blob == NULL) {
+			return ldb_oom(ldb);
+		}
+
+		ndr_err = ndr_push_struct_blob(blob, blob, cookie,
+						(ndr_push_flags_fn_t)ndr_push_ldapControlDirSyncCookie);
+
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			ldb_set_errstring(ldb, "Can't marshall ldapControlDirSyncCookie struct");
+			return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
+		}
+		control->cookie = (char *)blob->data;
+		control->cookie_len = blob->length;
+		ldb_reply_add_control(ares, LDB_CONTROL_DIRSYNC_OID, true, control);
+
+		return ldb_module_done(dsc->req, ares->controls,
+				       ares->response, LDB_SUCCESS);
+
+	}
+	return LDB_SUCCESS;
+}
+
+static int dirsync_ldb_search(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_control *control;
+	struct ldb_result *acl_res;
+	struct ldb_dirsync_control *dirsync_ctl;
+	struct ldb_control *extended = NULL;
+	struct ldb_request *down_req;
+	struct dirsync_context *dsc;
+	struct ldb_context *ldb;
+	struct ldb_parse_tree *new_tree = req->op.search.tree;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	const char **attrs;
+	int ret;
+
+
+	if (ldb_dn_is_special(req->op.search.base)) {
+		return ldb_next_request(module, req);
+	}
+
+	/*
+	 * check if there's a dirsync control
+	 */
+	control = ldb_request_get_control(req, LDB_CONTROL_DIRSYNC_OID);
+	if (control == NULL) {
+		/* not found go on */
+		return ldb_next_request(module, req);
+	}
+
+	ldb = ldb_module_get_ctx(module);
+	/*
+	 * This control must always be critical otherwise we return PROTOCOL error
+	 */
+	if (!control->critical) {
+		return ldb_operr(ldb);
+	}
+
+	dsc = talloc_zero(req, struct dirsync_context);
+	if (dsc == NULL) {
+		return ldb_oom(ldb);
+	}
+	dsc->module = module;
+	dsc->req = req;
+	dsc->nbDefaultAttrs = 0;
+
+
+	dirsync_ctl = talloc_get_type(control->data, struct ldb_dirsync_control);
+	if (dirsync_ctl == NULL) {
+		return ldb_error(ldb, LDB_ERR_PROTOCOL_ERROR, "No data in dirsync control");
+	}
+
+	ret = dsdb_find_nc_root(ldb, dsc, req->op.search.base, &dsc->nc_root);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (ldb_dn_compare(dsc->nc_root, req->op.search.base) != 0) {
+		if (dirsync_ctl->flags & LDAP_DIRSYNC_OBJECT_SECURITY) {
+			return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM,
+				 "DN is not one of the naming context");
+		}
+		else {
+			return ldb_error(ldb, LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS,
+				 "dN is not one of the naming context");
+		}
+	}
+
+	if (!(dirsync_ctl->flags & LDAP_DIRSYNC_OBJECT_SECURITY)) {
+		struct dom_sid *sid;
+		struct security_descriptor *sd = NULL;
+		const char *acl_attrs[] = { "nTSecurityDescriptor", "objectSid", "objectClass", NULL };
+		const struct dsdb_schema *schema = NULL;
+		const struct dsdb_class *objectclass = NULL;
+		/*
+		 * If we don't have the flag and if we have the "replicate directory change" granted
+		 * then we upgrade ourself to system to not be blocked by the acl
+		 */
+		/* FIXME we won't check the replicate directory change filtered attribute set
+		 * it should be done so that if attr is not empty then we check that the user
+		 * has also this right
+		 */
+
+		/*
+		 * First change to system to get the SD of the root of current NC
+		 * if we don't the acl_read will forbid us the right to read it ...
+		 */
+		ret = dsdb_module_search_dn(module, dsc, &acl_res,
+					req->op.search.base,
+					acl_attrs,
+					DSDB_FLAG_NEXT_MODULE|DSDB_FLAG_AS_SYSTEM, req);
+
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		sid = samdb_result_dom_sid(dsc, acl_res->msgs[0], "objectSid");
+		/* sid can be null ... */
+		ret = dsdb_get_sd_from_ldb_message(ldb_module_get_ctx(module), acl_res, acl_res->msgs[0], &sd);
+
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+		schema = dsdb_get_schema(ldb, req);
+		if (!schema) {
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+		objectclass = dsdb_get_structural_oc_from_msg(schema, acl_res->msgs[0]);
+
+		/*
+		 * While we never use the answer to this for access
+		 * control (after CVE-2023-4154), we return a
+		 * different error message depending on if the user
+		 * was granted GUID_DRS_GET_CHANGES to provide a closer
+		 * emulation and keep some tests passing.
+		 *
+		 * (Samba's ACL logic is not well suited to redacting
+		 * only the secret and RODC filtered attributes).
+		 */
+		ret = acl_check_extended_right(dsc, module, req, objectclass,
+					       sd, acl_user_token(module),
+					       GUID_DRS_GET_CHANGES, SEC_ADS_CONTROL_ACCESS, sid);
+
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+		talloc_free(acl_res);
+	}
+
+	dsc->functional_level = dsdb_functional_level(ldb);
+
+	if (req->op.search.attrs) {
+		attrs = ldb_attr_list_copy(dsc, req->op.search.attrs);
+		if (attrs == NULL) {
+			return ldb_oom(ldb);
+		}
+		/*
+		* Check if we have only "dn" as attribute, if so then
+		* treat as if "*" was requested
+		*/
+		if (attrs && attrs[0]) {
+			if (ldb_attr_cmp(attrs[0], "dn") == 0 && !attrs[1]) {
+				attrs = talloc_array(dsc, const char*, 2);
+				if (attrs == NULL) {
+					return ldb_oom(ldb);
+				}
+				attrs[0] = "*";
+				attrs[1] = NULL;
+			}
+		}
+		/*
+		 * When returning all the attributes return also the SD as
+		 * Windows does so.
+		 */
+		if (ldb_attr_in_list(attrs, "*")) {
+			struct ldb_sd_flags_control *sdctr = talloc_zero(dsc, struct ldb_sd_flags_control);
+			sdctr->secinfo_flags = 0xF;
+			ret = ldb_request_add_control(req, LDB_CONTROL_SD_FLAGS_OID, false, sdctr);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+			attrs = ldb_attr_list_copy_add(dsc, attrs, "parentGUID");
+			if (attrs == NULL) {
+				return ldb_oom(ldb);
+			}
+			attrs = ldb_attr_list_copy_add(dsc, attrs, "replPropertyMetaData");
+			if (attrs == NULL) {
+				return ldb_oom(ldb);
+			}
+			/*
+			* When no attributes are asked we in any case expect at least 3 attributes:
+			* * instanceType
+			* * objectGUID
+			* * parentGUID
+			*/
+
+			dsc->nbDefaultAttrs = 3;
+		} else {
+			/*
+			 * We will need this two attributes in the callback
+			 */
+			attrs = ldb_attr_list_copy_add(dsc, attrs, "usnChanged");
+			if (attrs == NULL) {
+				return ldb_operr(ldb);
+			}
+			attrs = ldb_attr_list_copy_add(dsc, attrs, "replPropertyMetaData");
+			if (attrs == NULL) {
+				return ldb_operr(ldb);
+			}
+
+			if (!ldb_attr_in_list(attrs, "instanceType")) {
+				attrs = ldb_attr_list_copy_add(dsc, attrs, "instanceType");
+				if (attrs == NULL) {
+					return ldb_operr(ldb);
+				}
+				dsc->nbDefaultAttrs++;
+			}
+
+			if (!ldb_attr_in_list(attrs, "objectGUID")) {
+				attrs = ldb_attr_list_copy_add(dsc, attrs, "objectGUID");
+				if (attrs == NULL) {
+					return ldb_operr(ldb);
+				}
+			}
+			/*
+			 * Always increment the number of asked attributes as we don't care if objectGUID was asked
+			 * or not for counting the number of "real" attributes returned.
+			 */
+			dsc->nbDefaultAttrs++;
+
+			if (!ldb_attr_in_list(attrs, "parentGUID")) {
+				attrs = ldb_attr_list_copy_add(dsc, attrs, "parentGUID");
+				if (attrs == NULL) {
+					return ldb_operr(ldb);
+				}
+			}
+			dsc->nbDefaultAttrs++;
+
+		}
+	} else {
+		struct ldb_sd_flags_control *sdctr = talloc_zero(dsc, struct ldb_sd_flags_control);
+		sdctr->secinfo_flags = 0xF;
+		ret = ldb_request_add_control(req, LDB_CONTROL_SD_FLAGS_OID, false, sdctr);
+		attrs = talloc_array(dsc, const char*, 4);
+		if (attrs == NULL) {
+			return ldb_operr(ldb);
+		}
+		attrs[0] = "*";
+		attrs[1] = "parentGUID";
+		attrs[2] = "replPropertyMetaData";
+		attrs[3] = NULL;
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+		/*
+		 * When no attributes are asked we in anycase expect at least 3 attributes:
+		 * * instanceType
+		 * * objectGUID
+		 * * parentGUID
+		 */
+
+		dsc->nbDefaultAttrs = 3;
+	}
+
+	/* check if there's an extended dn control */
+	extended = ldb_request_get_control(req, LDB_CONTROL_EXTENDED_DN_OID);
+	if (extended != NULL) {
+		struct ldb_extended_dn_control *extended_ctrl = NULL;
+
+		if (extended->data != NULL) {
+			extended_ctrl = talloc_get_type(extended->data,
+						struct ldb_extended_dn_control);
+		}
+		if (extended_ctrl != NULL) {
+			dsc->extended_type = extended_ctrl->type;
+		}
+	} else {
+		ret = ldb_request_add_control(req, LDB_CONTROL_EXTENDED_DN_OID, false, NULL);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+		dsc->noextended = true;
+	}
+
+	if (ldb_request_get_control(req, LDB_CONTROL_REVEAL_INTERNALS) == NULL) {
+		ret = ldb_request_add_control(req, LDB_CONTROL_REVEAL_INTERNALS, false, NULL);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	if (ldb_request_get_control(req, LDB_CONTROL_SHOW_RECYCLED_OID) == NULL) {
+		ret = ldb_request_add_control(req, LDB_CONTROL_SHOW_RECYCLED_OID, false, NULL);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	if (ldb_request_get_control(req, LDB_CONTROL_SHOW_DELETED_OID) == NULL) {
+		ret = ldb_request_add_control(req, LDB_CONTROL_SHOW_DELETED_OID, false, NULL);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	if (dirsync_ctl->flags & LDAP_DIRSYNC_INCREMENTAL_VALUES) {
+		dsc->linkIncrVal = true;
+	} else {
+		dsc->linkIncrVal = false;
+	}
+
+	dsc->our_invocation_id = samdb_ntds_invocation_id(ldb);
+	if (dsc->our_invocation_id == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	if (dirsync_ctl->cookie_len > 0) {
+		struct ldapControlDirSyncCookie cookie;
+
+		blob.data = (uint8_t *)dirsync_ctl->cookie;
+		blob.length = dirsync_ctl->cookie_len;
+		ndr_err = ndr_pull_struct_blob(&blob, dsc, &cookie,
+						(ndr_pull_flags_fn_t)ndr_pull_ldapControlDirSyncCookie);
+
+		/* If we can't unmarshall the cookie into the correct structure we return
+		* unsupported critical extension
+		*/
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			return ldb_error(ldb, LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION,
+					 "Unable to unmarshall cookie as a ldapControlDirSyncCookie structure");
+		}
+
+		/*
+		* Let's search for the max usn within the cookie
+		*/
+		if (GUID_equal(&(cookie.blob.guid1), dsc->our_invocation_id)) {
+			/*
+			 * Ok, it's our invocation ID so we can treat the demand
+			 * Let's take the highest usn from (tmp)highest_usn
+			 */
+			dsc->fromreqUSN = cookie.blob.highwatermark.tmp_highest_usn;
+			dsc->localonly = true;
+
+			if (cookie.blob.highwatermark.highest_usn > cookie.blob.highwatermark.tmp_highest_usn) {
+				dsc->fromreqUSN = cookie.blob.highwatermark.highest_usn;
+			}
+		} else {
+			dsc->localonly = false;
+		}
+		if (cookie.blob.extra_length > 0 &&
+				cookie.blob.extra.uptodateness_vector.ctr.ctr1.count > 0) {
+			struct drsuapi_DsReplicaCursor cursor;
+			uint32_t p;
+			for (p=0; p < cookie.blob.extra.uptodateness_vector.ctr.ctr1.count; p++) {
+				cursor = cookie.blob.extra.uptodateness_vector.ctr.ctr1.cursors[p];
+				if (GUID_equal( &(cursor.source_dsa_invocation_id), dsc->our_invocation_id)) {
+					if (cursor.highest_usn > dsc->fromreqUSN) {
+						dsc->fromreqUSN = cursor.highest_usn;
+					}
+				}
+			}
+			dsc->cursors = talloc_steal(dsc,
+					cookie.blob.extra.uptodateness_vector.ctr.ctr1.cursors);
+			if (dsc->cursors == NULL) {
+				return ldb_oom(ldb);
+			}
+			dsc->cursor_size = p;
+		}
+	}
+
+	DEBUG(4, ("Dirsync: searching with min usn > %llu\n",
+				(long long unsigned int)dsc->fromreqUSN));
+	if (dsc->fromreqUSN > 0) {
+		/* FIXME it would be better to use PRId64 */
+		char *expression = talloc_asprintf(dsc, "(&%s(uSNChanged>=%llu))",
+				                        ldb_filter_from_tree(dsc,
+				                             req->op.search.tree),
+				                        (long long unsigned int)(dsc->fromreqUSN + 1));
+
+		if (expression == NULL) {
+			return ldb_oom(ldb);
+		}
+		new_tree = ldb_parse_tree(req, expression);
+		if (new_tree == NULL) {
+			return ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR,
+					"Problem while parsing tree");
+		}
+
+	}
+	/*
+	 * Mark dirsync control as uncritical (done)
+	 *
+	 * We need this so ranged_results knows how to behave with
+	 * dirsync
+	 */
+	control->critical = false;
+	dsc->schema = dsdb_get_schema(ldb, dsc);
+	/*
+	 * At the beginning we make the hypothesis that we will return a
+	 * complete result set.
+	 */
+
+	dsc->partial = false;
+
+	/*
+	 * 3.1.1.3.4.1.3 of MS-ADTS.pdf specify that if the scope is not subtree
+	 * we treat the search as if subtree was specified
+	 */
+
+	ret = ldb_build_search_req_ex(&down_req, ldb, dsc,
+				      req->op.search.base,
+				      LDB_SCOPE_SUBTREE,
+				      new_tree,
+				      attrs,
+				      req->controls,
+				      dsc, dirsync_search_callback,
+				      req);
+	LDB_REQ_SET_LOCATION(down_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	/* perform the search */
+	return ldb_next_request(module, down_req);
+}
+
+static int dirsync_ldb_init(struct ldb_module *module)
+{
+	int ret;
+
+	ret = ldb_mod_register_control(module, LDB_CONTROL_DIRSYNC_OID);
+	if (ret != LDB_SUCCESS) {
+		ldb_debug(ldb_module_get_ctx(module), LDB_DEBUG_ERROR,
+			"dirsync: Unable to register control with rootdse!\n");
+		return ldb_operr(ldb_module_get_ctx(module));
+	}
+
+	return ldb_next_init(module);
+}
+
+static const struct ldb_module_ops ldb_dirsync_ldb_module_ops = {
+	.name		   = "dirsync",
+	.search            = dirsync_ldb_search,
+	.init_context	   = dirsync_ldb_init,
+};
+
+/*
+  initialise the module
+ */
+_PUBLIC_ int ldb_dirsync_module_init(const char *version)
+{
+	int ret;
+	LDB_MODULE_CHECK_VERSION(version);
+	ret = ldb_register_module(&ldb_dirsync_ldb_module_ops);
+	return ret;
+}
diff --git a/source4/dsdb/samdb/ldb_modules/dns_notify.c b/source4/dsdb/samdb/ldb_modules/dns_notify.c
new file mode 100644
index 0000000..41973ef
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/dns_notify.c
@@ -0,0 +1,450 @@
+/*
+   ldb database library
+
+   Copyright (C) Samuel Cabrero <samuelcabrero@kernevil.me> 2014
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: ldb
+ *
+ *  Component: ldb dns_notify module
+ *
+ *  Description: Notify the DNS server when zones are changed, either by direct
+ *  		 RPC management calls or DRS inbound replication.
+ *
+ *  Author: Samuel Cabrero <samuelcabrero@kernevil.me>
+ */
+
+#include "includes.h"
+#include "ldb_module.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/proto.h"
+#include "librpc/gen_ndr/ndr_irpc.h"
+#include "lib/messaging/irpc.h"
+#include "librpc/gen_ndr/ndr_irpc_c.h"
+#include "param/param.h"
+#include "util/dlinklist.h"
+
+#undef strcasecmp
+
+struct dns_notify_watched_dn {
+	struct dns_notify_watched_dn *next, *prev;
+	struct ldb_dn *dn;
+};
+
+struct dns_notify_private {
+	struct dns_notify_watched_dn *watched;
+	bool reload_zones;
+};
+
+struct dns_notify_dnssrv_state {
+	struct imessaging_context *msg_ctx;
+	struct dnssrv_reload_dns_zones r;
+};
+
+static void dns_notify_dnssrv_done(struct tevent_req *req)
+{
+	NTSTATUS status;
+	struct dns_notify_dnssrv_state *state;
+
+	state = tevent_req_callback_data(req, struct dns_notify_dnssrv_state);
+
+	status = dcerpc_dnssrv_reload_dns_zones_r_recv(req, state);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(1, ("%s: Error notifying dns server: %s\n",
+		      __func__, nt_errstr(status)));
+	}
+	imessaging_cleanup(state->msg_ctx);
+
+	talloc_free(req);
+	talloc_free(state);
+}
+
+static void dns_notify_dnssrv_send(struct ldb_module *module)
+{
+	struct ldb_context *ldb;
+	struct loadparm_context *lp_ctx;
+	struct dns_notify_dnssrv_state *state;
+	struct dcerpc_binding_handle *handle;
+	struct tevent_req *req;
+
+	ldb = ldb_module_get_ctx(module);
+
+	lp_ctx = ldb_get_opaque(ldb, "loadparm");
+	if (lp_ctx == NULL) {
+		return;
+	}
+
+	state = talloc_zero(module, struct dns_notify_dnssrv_state);
+	if (state == NULL) {
+		return;
+	}
+
+	/* Initialize messaging client */
+	state->msg_ctx = imessaging_client_init(state, lp_ctx,
+						ldb_get_event_context(ldb));
+	if (state->msg_ctx == NULL) {
+		ldb_asprintf_errstring(ldb, "Failed to generate client messaging context in %s",
+				       lpcfg_imessaging_path(state, lp_ctx));
+		talloc_free(state);
+		return;
+	}
+
+	/* Get a handle to notify the DNS server */
+	handle = irpc_binding_handle_by_name(state, state->msg_ctx,
+					     "dnssrv",
+					     &ndr_table_irpc);
+	if (handle == NULL) {
+		imessaging_cleanup(state->msg_ctx);
+		talloc_free(state);
+		return;
+	}
+
+	/* Send the notifications */
+	req = dcerpc_dnssrv_reload_dns_zones_r_send(state,
+						    ldb_get_event_context(ldb),
+						    handle,
+						    &state->r);
+	if (req == NULL) {
+		imessaging_cleanup(state->msg_ctx);
+		talloc_free(state);
+		return;
+	}
+	tevent_req_set_callback(req, dns_notify_dnssrv_done, state);
+}
+
+static int dns_notify_add(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct dns_notify_private *data;
+	struct dns_notify_watched_dn *w;
+	struct dsdb_schema *schema;
+	const struct dsdb_class *objectclass;
+
+	if (ldb_dn_is_special(req->op.add.message->dn)) {
+		return ldb_next_request(module, req);
+	}
+
+	if (ldb_request_get_control(req, LDB_CONTROL_RELAX_OID)) {
+		return ldb_next_request(module, req);
+	}
+
+	ldb = ldb_module_get_ctx(module);
+	data = talloc_get_type(ldb_module_get_private(module),
+			       struct dns_notify_private);
+	if (data == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	for (w = data->watched; w; w = w->next) {
+		if (ldb_dn_compare_base(w->dn, req->op.add.message->dn) == 0) {
+			schema = dsdb_get_schema(ldb, req);
+			if (schema == NULL) {
+				return ldb_operr(ldb);
+			}
+
+			objectclass = dsdb_get_structural_oc_from_msg(schema, req->op.add.message);
+			if (objectclass == NULL) {
+				return ldb_operr(ldb);
+			}
+
+			if (ldb_attr_cmp(objectclass->lDAPDisplayName, "dnsZone") == 0) {
+				data->reload_zones = true;
+				break;
+			}
+		}
+	}
+
+	return ldb_next_request(module, req);
+}
+
+static int dns_notify_modify(struct ldb_module *module, struct ldb_request *req)
+{
+	TALLOC_CTX *tmp_ctx;
+	struct ldb_context *ldb;
+	struct dns_notify_private *data;
+	struct dns_notify_watched_dn *w;
+	struct ldb_dn *dn;
+	struct ldb_result *res;
+	struct dsdb_schema *schema;
+	const struct dsdb_class *objectclass;
+	const char * const attrs[] = { "objectClass", NULL };
+	int ret;
+
+	if (ldb_dn_is_special(req->op.mod.message->dn)) {
+		return ldb_next_request(module, req);
+	}
+
+	if (ldb_request_get_control(req, LDB_CONTROL_RELAX_OID)) {
+		return ldb_next_request(module, req);
+	}
+
+	ldb = ldb_module_get_ctx(module);
+	data = talloc_get_type(ldb_module_get_private(module),
+			       struct dns_notify_private);
+	if (data == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	tmp_ctx = talloc_new(module);
+	if (tmp_ctx == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	for (w = data->watched; w; w = w->next) {
+		if (ldb_dn_compare_base(w->dn, req->op.add.message->dn) == 0) {
+			dn = ldb_dn_copy(tmp_ctx, req->op.mod.message->dn);
+
+			ret = dsdb_module_search_dn(module, tmp_ctx, &res, dn, attrs,
+						    DSDB_FLAG_NEXT_MODULE |
+						    DSDB_SEARCH_SHOW_RECYCLED |
+						    DSDB_SEARCH_REVEAL_INTERNALS |
+						    DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT, req);
+			if (ret != LDB_SUCCESS) {
+				/* 
+				 * We want the give the caller the
+				 * error from trying the actual
+				 * request, below 
+				 */
+				break;
+			}
+
+			schema = dsdb_get_schema(ldb, req);
+			if (schema == NULL) {
+				talloc_free(tmp_ctx);
+				return ldb_operr(ldb);
+			}
+
+			objectclass = dsdb_get_structural_oc_from_msg(schema, res->msgs[0]);
+			if (objectclass == NULL) {
+				talloc_free(tmp_ctx);
+				return ldb_operr(ldb);
+			}
+
+			if (ldb_attr_cmp(objectclass->lDAPDisplayName, "dnsZone") == 0) {
+				data->reload_zones = true;
+				break;
+			}
+		}
+	}
+
+	talloc_free(tmp_ctx);
+	return ldb_next_request(module, req);
+}
+
+static int dns_notify_delete(struct ldb_module *module, struct ldb_request *req)
+{
+	TALLOC_CTX *tmp_ctx;
+	struct ldb_context *ldb;
+	struct dns_notify_private *data;
+	struct dns_notify_watched_dn *w;
+	struct ldb_dn *old_dn;
+	struct ldb_result *res;
+	struct dsdb_schema *schema;
+	const struct dsdb_class *objectclass;
+	const char * const attrs[] = { "objectClass", NULL };
+	int ret;
+
+	if (ldb_dn_is_special(req->op.del.dn)) {
+		return ldb_next_request(module, req);
+	}
+
+	if (ldb_request_get_control(req, LDB_CONTROL_RELAX_OID)) {
+		return ldb_next_request(module, req);
+	}
+
+	ldb = ldb_module_get_ctx(module);
+	data = talloc_get_type(ldb_module_get_private(module),
+			       struct dns_notify_private);
+	if (data == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	tmp_ctx = talloc_new(module);
+	if (tmp_ctx == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	for (w = data->watched; w; w = w->next) {
+		if (ldb_dn_compare_base(w->dn, req->op.add.message->dn) == 0) {
+			old_dn = ldb_dn_copy(tmp_ctx, req->op.del.dn);
+			ret = dsdb_module_search_dn(module, tmp_ctx, &res, old_dn, attrs,
+						    DSDB_FLAG_NEXT_MODULE |
+						    DSDB_SEARCH_SHOW_RECYCLED |
+						    DSDB_SEARCH_REVEAL_INTERNALS |
+						    DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT, req);
+			if (ret != LDB_SUCCESS) {
+				/* 
+				 * We want the give the caller the
+				 * error from trying the actual
+				 * request, below 
+				 */
+				break;
+			}
+
+			schema = dsdb_get_schema(ldb, req);
+			if (schema == NULL) {
+				talloc_free(tmp_ctx);
+				return ldb_operr(ldb);
+			}
+
+			objectclass = dsdb_get_structural_oc_from_msg(schema, res->msgs[0]);
+			if (objectclass == NULL) {
+				talloc_free(tmp_ctx);
+				return ldb_operr(ldb);
+			}
+
+			if (ldb_attr_cmp(objectclass->lDAPDisplayName, "dnsZone") == 0) {
+				data->reload_zones = true;
+				break;
+			}
+		}
+	}
+
+	talloc_free(tmp_ctx);
+	return ldb_next_request(module, req);
+}
+
+static int dns_notify_start_trans(struct ldb_module *module)
+{
+	struct ldb_context *ldb;
+	struct dns_notify_private *data;
+
+	ldb = ldb_module_get_ctx(module);
+	data = talloc_get_type(ldb_module_get_private(module),
+			       struct dns_notify_private);
+	if (data == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	data->reload_zones = false;
+
+	return ldb_next_start_trans(module);
+}
+
+static int dns_notify_end_trans(struct ldb_module *module)
+{
+	struct ldb_context *ldb;
+	struct dns_notify_private *data;
+	int ret;
+
+	ldb = ldb_module_get_ctx(module);
+	data = talloc_get_type(ldb_module_get_private(module),
+			       struct dns_notify_private);
+	if (data == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	ret = ldb_next_end_trans(module);
+	if (ret == LDB_SUCCESS) {
+		if (data->reload_zones) {
+			dns_notify_dnssrv_send(module);
+		}
+	}
+
+	return ret;
+}
+
+static int dns_notify_del_trans(struct ldb_module *module)
+{
+	struct ldb_context *ldb;
+	struct dns_notify_private *data;
+
+	ldb = ldb_module_get_ctx(module);
+	data = talloc_get_type(ldb_module_get_private(module),
+			       struct dns_notify_private);
+	if (data == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	data->reload_zones = false;
+
+	return ldb_next_del_trans(module);
+}
+
+static int dns_notify_init(struct ldb_module *module)
+{
+	struct ldb_context *ldb;
+	struct dns_notify_private *data;
+	struct dns_notify_watched_dn *watched;
+	struct ldb_dn *domain_dn;
+	struct ldb_dn *forest_dn;
+
+	ldb = ldb_module_get_ctx(module);
+
+	data = talloc_zero(module, struct dns_notify_private);
+	if (data == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	domain_dn = ldb_get_default_basedn(ldb);
+	forest_dn = ldb_get_root_basedn(ldb);
+
+	/* Register hook on domain partition */
+	watched = talloc_zero(data, struct dns_notify_watched_dn);
+	if (watched == NULL) {
+		talloc_free(data);
+		return ldb_oom(ldb);
+	}
+	watched->dn = ldb_dn_new_fmt(watched, ldb,
+				     "CN=MicrosoftDNS,CN=System,%s",
+				     ldb_dn_get_linearized(domain_dn));
+	if (watched->dn == NULL) {
+		talloc_free(data);
+		return ldb_oom(ldb);
+	}
+	DLIST_ADD(data->watched, watched);
+
+	/* Check for DomainDnsZones partition and register hook */
+	watched = talloc_zero(data, struct dns_notify_watched_dn);
+	if (watched == NULL) {
+		talloc_free(data);
+		return ldb_oom(ldb);
+	}
+	watched->dn = ldb_dn_new_fmt(watched, ldb, "CN=MicrosoftDNS,DC=DomainDnsZones,%s", ldb_dn_get_linearized(forest_dn));
+	DLIST_ADD(data->watched, watched);
+
+	/* Check for ForestDnsZones partition and register hook */
+	watched = talloc_zero(data, struct dns_notify_watched_dn);
+	if (watched == NULL) {
+		talloc_free(data);
+		return ldb_oom(ldb);
+	}
+	watched->dn = ldb_dn_new_fmt(watched, ldb, "CN=MicrosoftDNS,DC=ForestDnsZones,%s", ldb_dn_get_linearized(forest_dn));
+	DLIST_ADD(data->watched, watched);
+
+	ldb_module_set_private(module, data);
+
+	return ldb_next_init(module);
+}
+
+static const struct ldb_module_ops ldb_dns_notify_module_ops = {
+	.name              = "dns_notify",
+	.init_context      = dns_notify_init,
+	.add               = dns_notify_add,
+	.modify            = dns_notify_modify,
+	.del               = dns_notify_delete,
+	.start_transaction = dns_notify_start_trans,
+	.end_transaction   = dns_notify_end_trans,
+	.del_transaction   = dns_notify_del_trans,
+};
+
+int ldb_dns_notify_module_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_dns_notify_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/dsdb_notification.c b/source4/dsdb/samdb/ldb_modules/dsdb_notification.c
new file mode 100644
index 0000000..dee864b
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/dsdb_notification.c
@@ -0,0 +1,262 @@
+/*
+   notification control module
+
+   Copyright (C) Stefan Metzmacher 2015
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include "includes.h"
+#include "ldb/include/ldb.h"
+#include "ldb/include/ldb_errors.h"
+#include "ldb/include/ldb_module.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+
+struct dsdb_notification_cookie {
+	uint64_t known_usn;
+};
+
+static int dsdb_notification_verify_tree(struct ldb_parse_tree *tree)
+{
+	unsigned int i;
+	int ret;
+	unsigned int num_ok = 0;
+	/*
+	 * these attributes are present on every object
+	 * and windows accepts them.
+	 *
+	 * While [MS-ADTS] says only '(objectClass=*)'
+	 * would be allowed.
+	 */
+	static const char * const attrs_ok[] = {
+		"objectClass",
+		"objectGUID",
+		"distinguishedName",
+		"name",
+		NULL,
+	};
+
+	switch (tree->operation) {
+	case LDB_OP_AND:
+		for (i = 0; i < tree->u.list.num_elements; i++) {
+			/*
+			 * all elements need to be valid
+			 */
+			ret = dsdb_notification_verify_tree(tree->u.list.elements[i]);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+			num_ok++;
+		}
+		break;
+	case LDB_OP_OR:
+		for (i = 0; i < tree->u.list.num_elements; i++) {
+			/*
+			 * at least one element needs to be valid
+			 */
+			ret = dsdb_notification_verify_tree(tree->u.list.elements[i]);
+			if (ret == LDB_SUCCESS) {
+				num_ok++;
+				break;
+			}
+		}
+		break;
+	case LDB_OP_NOT:
+	case LDB_OP_EQUALITY:
+	case LDB_OP_GREATER:
+	case LDB_OP_LESS:
+	case LDB_OP_APPROX:
+	case LDB_OP_SUBSTRING:
+	case LDB_OP_EXTENDED:
+		break;
+
+	case LDB_OP_PRESENT:
+		ret = ldb_attr_in_list(attrs_ok, tree->u.present.attr);
+		if (ret == 1) {
+			num_ok++;
+		}
+		break;
+	}
+
+	if (num_ok != 0) {
+		return LDB_SUCCESS;
+	}
+
+	return LDB_ERR_UNWILLING_TO_PERFORM;
+}
+
+static int dsdb_notification_filter_search(struct ldb_module *module,
+					  struct ldb_request *req,
+					  struct ldb_control *control)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	char *filter_usn = NULL;
+	struct ldb_parse_tree *down_tree = NULL;
+	struct ldb_request *down_req = NULL;
+	struct dsdb_notification_cookie *cookie = NULL;
+	int ret;
+
+	if (req->op.search.tree == NULL) {
+		return dsdb_module_werror(module, LDB_ERR_OTHER,
+					  WERR_DS_NOTIFY_FILTER_TOO_COMPLEX,
+					  "Search filter missing.");
+	}
+
+	ret = dsdb_notification_verify_tree(req->op.search.tree);
+	if (ret != LDB_SUCCESS) {
+		return dsdb_module_werror(module, ret,
+					  WERR_DS_NOTIFY_FILTER_TOO_COMPLEX,
+					  "Search filter too complex.");
+	}
+
+	/*
+	 * For now we use a very simple design:
+	 *
+	 * - We don't do fully async ldb_requests,
+	 *   the caller needs to retry periodically!
+	 * - The only useful caller is the LDAP server, which is a long
+	 *   running task that can do periodic retries.
+	 * - We use a cookie in order to transfer state between the
+	 *   retries.
+	 * - We just search the available new objects each time we're
+	 *   called.
+	 *
+	 * As the only valid search filter is '(objectClass=*)' or
+	 * something similar that matches every object, we simply
+	 * replace it with (uSNChanged >= ) filter.
+	 * We could improve this later if required...
+	 */
+
+	/*
+	 * The ldap_control_handler() decode_flag_request for
+	 * LDB_CONTROL_NOTIFICATION_OID. This makes sure
+	 * notification_control->data is NULL when coming from
+	 * the client.
+	 */
+	if (control->data == NULL) {
+		cookie = talloc_zero(control, struct dsdb_notification_cookie);
+		if (cookie == NULL) {
+			return ldb_module_oom(module);
+		}
+		control->data = (uint8_t *)cookie;
+
+		/* mark the control as done */
+		control->critical = 0;
+	}
+
+	cookie = talloc_get_type_abort(control->data,
+				       struct dsdb_notification_cookie);
+
+	if (cookie->known_usn != 0) {
+		filter_usn = talloc_asprintf(req, "%llu",
+				(unsigned long long)(cookie->known_usn)+1);
+		if (filter_usn == NULL) {
+			return ldb_module_oom(module);
+		}
+	}
+
+	ret = ldb_sequence_number(ldb, LDB_SEQ_HIGHEST_SEQ,
+				  &cookie->known_usn);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (filter_usn == NULL) {
+		/*
+		 * It's the first time, let the caller comeback later
+		 * as we won't find any new objects.
+		 */
+		return ldb_module_done(req, NULL, NULL, LDB_SUCCESS);
+	}
+
+	down_tree = talloc_zero(req, struct ldb_parse_tree);
+	if (down_tree == NULL) {
+		return ldb_module_oom(module);
+	}
+	down_tree->operation = LDB_OP_GREATER;
+	down_tree->u.equality.attr = "uSNChanged";
+	down_tree->u.equality.value = data_blob_string_const(filter_usn);
+	(void)talloc_move(down_req, &filter_usn);
+
+	ret = ldb_build_search_req_ex(&down_req, ldb, req,
+				      req->op.search.base,
+				      req->op.search.scope,
+				      down_tree,
+				      req->op.search.attrs,
+				      req->controls,
+				      req, dsdb_next_callback,
+				      req);
+	LDB_REQ_SET_LOCATION(down_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/* perform the search */
+	return ldb_next_request(module, down_req);
+}
+
+static int dsdb_notification_search(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_control *control = NULL;
+
+	if (ldb_dn_is_special(req->op.search.base)) {
+		return ldb_next_request(module, req);
+	}
+
+	/*
+	 * check if there's an extended dn control
+	 */
+	control = ldb_request_get_control(req, LDB_CONTROL_NOTIFICATION_OID);
+	if (control == NULL) {
+		/* not found go on */
+		return ldb_next_request(module, req);
+	}
+
+	return dsdb_notification_filter_search(module, req, control);
+}
+
+static int dsdb_notification_init(struct ldb_module *module)
+{
+	int ret;
+
+	ret = ldb_mod_register_control(module, LDB_CONTROL_NOTIFICATION_OID);
+	if (ret != LDB_SUCCESS) {
+		struct ldb_context *ldb = ldb_module_get_ctx(module);
+
+		ldb_debug(ldb, LDB_DEBUG_ERROR,
+			"notification: Unable to register control with rootdse!\n");
+		return ldb_module_operr(module);
+	}
+
+	return ldb_next_init(module);
+}
+
+static const struct ldb_module_ops ldb_dsdb_notification_module_ops = {
+	.name		   = "dsdb_notification",
+	.search            = dsdb_notification_search,
+	.init_context	   = dsdb_notification_init,
+};
+
+/*
+  initialise the module
+ */
+_PUBLIC_ int ldb_dsdb_notification_module_init(const char *version)
+{
+	int ret;
+	LDB_MODULE_CHECK_VERSION(version);
+	ret = ldb_register_module(&ldb_dsdb_notification_module_ops);
+	return ret;
+}
diff --git a/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c b/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
new file mode 100644
index 0000000..1f04389
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
@@ -0,0 +1,1401 @@
+/*
+   ldb database library
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2017
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ * Encrypt the samba secret attributes on disk.  This is intended to
+ * mitigate the inadvertent disclosure of the sam.ldb file, and to mitigate
+ * memory read attacks.
+ *
+ * Currently the key file is stored in the same directory as sam.ldb but
+ * this could be changed at a later date to use an HSM or similar mechanism
+ * to protect the key.
+ *
+ * Data is encrypted with AES 128 GCM. The encryption uses gnutls where
+ * available and if it supports AES 128 GCM AEAD modes, otherwise the
+ * samba internal implementation is used.
+ *
+ */
+
+#include "includes.h"
+#include <ldb_module.h>
+
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+
+static const char * const secret_attributes[] = {DSDB_SECRET_ATTRIBUTES};
+static const size_t num_secret_attributes = ARRAY_SIZE(secret_attributes);
+
+#define SECRET_ATTRIBUTE_VERSION 1
+#define SECRET_ENCRYPTION_ALGORITHM ENC_SECRET_AES_128_AEAD
+#define NUMBER_OF_KEYS 1
+#define SECRETS_KEY_FILE "encrypted_secrets.key"
+
+#undef strcasecmp
+
+struct es_data {
+	/*
+	 * Should secret attributes be encrypted and decrypted?
+	 */
+	bool encrypt_secrets;
+	/*
+	 * Encryption keys for secret attributes
+	 */
+	DATA_BLOB keys[NUMBER_OF_KEYS];
+	/*
+	 * The gnutls algorithm used to encrypt attributes
+	 */
+	int encryption_algorithm;
+};
+
+/*
+ * @brief Get the key used to encrypt and decrypt secret attributes on disk.
+ *
+ * @param data the private context data for this module.
+ *
+ * @return A data blob containing the key.
+ *         This should be treated as read only.
+ */
+static const DATA_BLOB get_key(const struct es_data *data) {
+
+	return data->keys[0];
+}
+
+/*
+ * @brief Get the directory containing the key files.
+ *
+ * @param ctx talloc memory context that will own the return value
+ * @param ldb ldb context, to allow logging
+ *
+ * @return zero terminated string, the directory containing the key file
+ *         allocated on ctx.
+ *
+ */
+static const char* get_key_directory(TALLOC_CTX *ctx, struct ldb_context *ldb)
+{
+
+	const char *sam_ldb_path = NULL;
+	const char *private_dir  = NULL;
+	char *p = NULL;
+
+
+	/*
+	 * Work out where *our* key file is. It must be in
+	 * the same directory as sam.ldb
+	 */
+	sam_ldb_path = ldb_get_opaque(ldb, "ldb_url");
+	if (sam_ldb_path == NULL) {
+		ldb_set_errstring(ldb, "Unable to get ldb_url\n");
+		return NULL;
+	}
+
+	if (strncmp("tdb://", sam_ldb_path, 6) == 0) {
+		sam_ldb_path += 6;
+	}
+	else if (strncmp("ldb://", sam_ldb_path, 6) == 0) {
+		sam_ldb_path += 6;
+	}
+	else if (strncmp("mdb://", sam_ldb_path, 6) == 0) {
+		sam_ldb_path += 6;
+	}
+	private_dir = talloc_strdup(ctx, sam_ldb_path);
+	if (private_dir == NULL) {
+		ldb_set_errstring(ldb,
+				  "Out of memory building encrypted "
+				  "secrets key\n");
+		return NULL;
+	}
+
+	p = strrchr(private_dir, '/');
+	if (p != NULL) {
+		*p = '\0';
+	} else {
+		private_dir = talloc_strdup(ctx, ".");
+	}
+
+	return private_dir;
+}
+
+/*
+ * @brief log details of an error that set errno
+ *
+ * @param ldb ldb context, to allow logging.
+ * @param err the value of errno.
+ * @param desc extra text to help describe the error.
+ *
+ */
+static void log_error(struct ldb_context *ldb, int err, const char *desc)
+{
+	char buf[1024];
+	int e = strerror_r(err, buf, sizeof(buf));
+	if (e != 0) {
+		strlcpy(buf, "Unknown error", sizeof(buf)-1);
+	}
+	ldb_asprintf_errstring(ldb, "Error (%d) %s - %s\n", err, buf, desc);
+}
+
+/*
+ * @brief Load the keys into the encrypted secrets module context.
+ *
+ * @param module the current ldb module
+ * @param data the private data for the current module
+ *
+ * Currently the keys are stored in a binary file in the same directory
+ * as the database.
+ *
+ * @return an LDB result code.
+ *
+ */
+static int load_keys(struct ldb_module *module, struct es_data *data)
+{
+
+	const char *key_dir  = NULL;
+	const char *key_path = NULL;
+
+	struct ldb_context *ldb = NULL;
+	FILE *fp = NULL;
+	const int key_size = 16;
+	int read;
+	DATA_BLOB key = data_blob_null;
+
+	TALLOC_CTX *frame = talloc_stackframe();
+
+	ldb = ldb_module_get_ctx(module);
+	key_dir = get_key_directory(frame, ldb);
+	if (key_dir == NULL) {
+		TALLOC_FREE(frame);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	key_path = talloc_asprintf(frame, "%s/%s", key_dir, SECRETS_KEY_FILE);
+	if (key_path == NULL) {
+		TALLOC_FREE(frame);
+		return ldb_oom(ldb);
+	}
+
+
+	key = data_blob_talloc_zero(module, key_size);
+	key.length = key_size;
+
+	fp = fopen(key_path, "rb");
+	if (fp == NULL) {
+		TALLOC_FREE(frame);
+		data_blob_free(&key);
+		if (errno == ENOENT) {
+			ldb_debug(ldb,
+				  LDB_DEBUG_WARNING,
+				  "No encrypted secrets key file. "
+				  "Secret attributes will not be encrypted or "
+				  "decrypted\n");
+			data->encrypt_secrets = false;
+			return LDB_SUCCESS;
+		} else {
+			log_error(ldb,
+				  errno,
+				  "Opening encrypted_secrets key file\n");
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+	}
+
+	read = fread(key.data, 1, key.length, fp);
+	fclose(fp);
+	if (read == 0) {
+		TALLOC_FREE(frame);
+		ldb_debug(ldb,
+			  LDB_DEBUG_WARNING,
+			  "Zero length encrypted secrets key file. "
+			  "Secret attributes will not be encrypted or "
+			  "decrypted\n");
+		data->encrypt_secrets = false;
+		return LDB_SUCCESS;
+	}
+	if (read != key.length) {
+		TALLOC_FREE(frame);
+		if (errno) {
+			log_error(ldb,
+				  errno,
+				  "Reading encrypted_secrets key file\n");
+		} else {
+			ldb_debug(ldb,
+				  LDB_DEBUG_ERROR,
+				  "Invalid encrypted_secrets key file, "
+				  "only %d bytes read should be %d bytes\n",
+				  read,
+				  key_size);
+		}
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	data->keys[0] = key;
+	data->encrypt_secrets = true;
+	data->encryption_algorithm = GNUTLS_CIPHER_AES_128_GCM;
+	TALLOC_FREE(frame);
+
+	return LDB_SUCCESS;
+
+}
+
+/*
+ * @brief should this element be encrypted.
+ *
+ * @param el the element to examine
+ *
+ * @return true if the element should be encrypted,
+ *         false otherwise.
+ */
+static bool should_encrypt(const struct ldb_message_element *el)
+{
+	size_t i;
+
+	for (i = 0; i < ARRAY_SIZE(secret_attributes); i++) {
+		if (strcasecmp(secret_attributes[i], el->name) == 0) {
+			return true;
+		}
+	}
+	return false;
+}
+
+/*
+ * @brief Round a size up to a multiple of the encryption cipher block size.
+ *
+ * @param block_size The cipher block size
+ * @param size The size to round
+ *
+ * @return Size rounded up to the nearest multiple of block_size
+ */
+static size_t round_to_block_size(size_t block_size, size_t size)
+{
+	if ((size % block_size) == 0) {
+		return size;
+	} else {
+		return ((int)(size/block_size) + 1) * block_size;
+	}
+}
+
+/*
+ * @brief Create an new EncryptedSecret owned by the supplied talloc context.
+ *
+ * Create a new encrypted secret and initialise the header.
+ *
+ * @param ldb ldb context, to allow logging.
+ * @param ctx The talloc memory context that will own the new EncryptedSecret
+ *
+ * @return pointer to the new encrypted secret, or NULL if there was an error
+ */
+static struct EncryptedSecret *makeEncryptedSecret(struct ldb_context *ldb,
+						   TALLOC_CTX *ctx)
+{
+	struct EncryptedSecret *es = NULL;
+
+	es = talloc_zero_size(ctx, sizeof(struct EncryptedSecret));
+	if (es == NULL) {
+		ldb_set_errstring(ldb,
+				  "Out of memory, allocating "
+				   "struct EncryptedSecret\n");
+		return NULL;
+	}
+	es->header.magic     = ENCRYPTED_SECRET_MAGIC_VALUE;
+	es->header.version   = SECRET_ATTRIBUTE_VERSION;
+	es->header.algorithm = SECRET_ENCRYPTION_ALGORITHM;
+	es->header.flags     = 0;
+	return es;
+}
+
+/*
+ * @brief Allocate and populate a data blob with a PlaintextSecret structure.
+ *
+ * Allocate a new data blob and populate it with a serialised PlaintextSecret,
+ * containing the ldb_val
+ *
+ * @param ctx The talloc memory context that will own the allocated memory.
+ * @param ldb ldb context, to allow logging.
+ * @param val The ldb value to serialise.
+ *
+ * @return The populated data blob or data_blob_null if there was an error.
+ */
+static DATA_BLOB makePlainText(TALLOC_CTX *ctx,
+			       struct ldb_context *ldb,
+			       const struct ldb_val val)
+{
+	struct PlaintextSecret ps = { .cleartext = data_blob_null};
+	DATA_BLOB pt = data_blob_null;
+	int rc;
+
+	ps.cleartext.length = val.length;
+	ps.cleartext.data   = val.data;
+
+	rc = ndr_push_struct_blob(&pt,
+				  ctx,
+				  &ps,
+				  (ndr_push_flags_fn_t)
+					ndr_push_PlaintextSecret);
+	if (!NDR_ERR_CODE_IS_SUCCESS(rc)) {
+		ldb_set_errstring(ldb,
+				  "Unable to ndr push PlaintextSecret\n");
+		return data_blob_null;
+	}
+	return pt;
+}
+
+
+/*
+ * Helper function converts a data blob to a gnutls_datum_t.
+ * Note that this does not copy the data.
+ *      So the returned value should be treated as read only.
+ *      And that changes to the length of the underlying DATA_BLOB
+ *      will not be reflected in the returned object.
+ *
+ */
+static const gnutls_datum_t convert_from_data_blob(DATA_BLOB blob) {
+
+	const gnutls_datum_t datum = {
+		.size = blob.length,
+		.data = blob.data,
+	};
+	return datum;
+}
+
+/*
+ * @brief Get the gnutls algorithm needed to decrypt the EncryptedSecret
+ *
+ * @param ldb ldb context, to allow logging.
+ * @param es  the encrypted secret
+ *
+ * @return The gnutls algorithm number, or 0 if there is no match.
+ *
+ */
+static int gnutls_get_algorithm(struct ldb_context *ldb,
+				struct EncryptedSecret *es) {
+
+	switch (es->header.algorithm) {
+	case ENC_SECRET_AES_128_AEAD:
+		return GNUTLS_CIPHER_AES_128_GCM;
+	default:
+		ldb_asprintf_errstring(ldb,
+				       "Unsupported encryption algorithm %d\n",
+				       es->header.algorithm);
+		return 0;
+	}
+}
+
+/*
+ *
+ * @param err  Pointer to an error code, set to:
+ *             LDB_SUCESS               If the value was successfully encrypted
+ *             LDB_ERR_OPERATIONS_ERROR If there was an error.
+ *
+ * @param ctx  Talloc memory context the will own the memory allocated
+ * @param ldb  ldb context, to allow logging.
+ * @param val  The ldb value to encrypt, not altered or freed
+ * @param data The context data for this module.
+ *
+ * @return The encrypted ldb_val, or data_blob_null if there was an error.
+ */
+static struct ldb_val gnutls_encrypt_aead(int *err,
+					  TALLOC_CTX *ctx,
+					  struct ldb_context *ldb,
+					  const struct ldb_val val,
+					  const struct es_data *data)
+{
+	struct EncryptedSecret *es = NULL;
+	struct ldb_val enc = data_blob_null;
+	DATA_BLOB pt = data_blob_null;
+	gnutls_aead_cipher_hd_t cipher_hnd;
+	int rc;
+
+	TALLOC_CTX *frame = talloc_stackframe();
+
+	es = makeEncryptedSecret(ldb, frame);
+	if (es == NULL) {
+		goto error_exit;
+	}
+
+	pt = makePlainText(frame, ldb, val);
+	if (pt.length == 0) {
+		goto error_exit;
+	}
+
+	/*
+	 * Set the encryption key and initialize the encryption handle.
+	 */
+	{
+		const size_t key_size = gnutls_cipher_get_key_size(
+			data->encryption_algorithm);
+		gnutls_datum_t cipher_key;
+		DATA_BLOB key_blob = get_key(data);
+
+		if (key_blob.length != key_size) {
+			ldb_asprintf_errstring(ldb,
+					       "Invalid EncryptedSecrets key "
+					       "size, expected %zu bytes and "
+					       "it is %zu bytes\n",
+					       key_size,
+					       key_blob.length);
+			goto error_exit;
+		}
+		cipher_key = convert_from_data_blob(key_blob);
+
+		rc = gnutls_aead_cipher_init(&cipher_hnd,
+					     data->encryption_algorithm,
+					     &cipher_key);
+		if (rc !=0) {
+			ldb_asprintf_errstring(ldb,
+					       "gnutls_aead_cipher_init failed "
+					       "%s - %s\n",
+					       gnutls_strerror_name(rc),
+					       gnutls_strerror(rc));
+			goto error_exit;
+		}
+
+	}
+
+	/*
+	 * Set the initialisation vector
+	 */
+	{
+		unsigned iv_size = gnutls_cipher_get_iv_size(
+			data->encryption_algorithm);
+		uint8_t *iv;
+
+		iv = talloc_zero_size(frame, iv_size);
+		if (iv == NULL) {
+			ldb_set_errstring(ldb,
+					  "Out of memory allocating IV\n");
+			goto error_exit_handle;
+		}
+
+		rc = gnutls_rnd(GNUTLS_RND_NONCE, iv, iv_size);
+		if (rc !=0) {
+			ldb_asprintf_errstring(ldb,
+					       "gnutls_rnd failed %s - %s\n",
+					       gnutls_strerror_name(rc),
+					       gnutls_strerror(rc));
+			goto error_exit_handle;
+		}
+		es->iv.length = iv_size;
+		es->iv.data   = iv;
+	}
+
+	/*
+	 * Encrypt the value.
+	 */
+	{
+		const unsigned block_size = gnutls_cipher_get_block_size(
+			data->encryption_algorithm);
+		const unsigned tag_size = gnutls_cipher_get_tag_size(
+			data->encryption_algorithm);
+		const size_t ed_size = round_to_block_size(
+			block_size,
+			sizeof(struct PlaintextSecret) + val.length);
+		const size_t en_size = ed_size + tag_size;
+		uint8_t *ct = talloc_zero_size(frame, en_size);
+		size_t el = en_size;
+
+		if (ct == NULL) {
+			ldb_set_errstring(ldb,
+					  "Out of memory allocation cipher "
+					  "text\n");
+			goto error_exit_handle;
+		}
+
+		rc = gnutls_aead_cipher_encrypt(
+			cipher_hnd,
+			es->iv.data,
+			es->iv.length,
+			&es->header,
+			sizeof(struct EncryptedSecretHeader),
+			tag_size,
+			pt.data,
+			pt.length,
+			ct,
+			&el);
+		if (rc !=0) {
+			ldb_asprintf_errstring(ldb,
+					       "gnutls_aead_cipher_encrypt '"
+					       "failed %s - %s\n",
+					       gnutls_strerror_name(rc),
+					       gnutls_strerror(rc));
+			*err = LDB_ERR_OPERATIONS_ERROR;
+			return data_blob_null;
+		}
+		es->encrypted.length = el;
+		es->encrypted.data   = ct;
+		gnutls_aead_cipher_deinit(cipher_hnd);
+	}
+
+	rc = ndr_push_struct_blob(&enc,
+				  ctx,
+				  es,
+				  (ndr_push_flags_fn_t)
+					ndr_push_EncryptedSecret);
+	if (!NDR_ERR_CODE_IS_SUCCESS(rc)) {
+		ldb_set_errstring(ldb,
+				  "Unable to ndr push EncryptedSecret\n");
+		goto error_exit;
+	}
+	TALLOC_FREE(frame);
+	return enc;
+
+error_exit_handle:
+	gnutls_aead_cipher_deinit(cipher_hnd);
+error_exit:
+	*err = LDB_ERR_OPERATIONS_ERROR;
+	TALLOC_FREE(frame);
+	return data_blob_null;
+}
+
+/*
+ * @brief Decrypt data encrypted using an aead algorithm.
+ *
+ * Decrypt the data in ed and insert it into ev. The data was encrypted
+ * with one of the gnutls aead compatible algorithms.
+ *
+ * @param err  Pointer to an error code, set to:
+ *             LDB_SUCESS               If the value was successfully decrypted
+ *             LDB_ERR_OPERATIONS_ERROR If there was an error.
+ *
+ * @param ctx  The talloc context that will own the PlaintextSecret
+ * @param ldb  ldb context, to allow logging.
+ * @param ev   The value to be updated with the decrypted data.
+ * @param ed   The data to decrypt.
+ * @param data The context data for this module.
+ *
+ * @return ev is updated with the unencrypted data.
+ */
+static void gnutls_decrypt_aead(int *err,
+				TALLOC_CTX *ctx,
+				struct ldb_context *ldb,
+				struct EncryptedSecret *es,
+				struct PlaintextSecret *ps,
+				const struct es_data *data)
+{
+
+	gnutls_aead_cipher_hd_t cipher_hnd;
+	DATA_BLOB pt = data_blob_null;
+	const unsigned tag_size =
+		gnutls_cipher_get_tag_size(es->header.algorithm);
+	int rc;
+
+	/*
+	 * Get the encryption key and initialise the encryption handle
+	 */
+	{
+		gnutls_datum_t cipher_key;
+		DATA_BLOB key_blob;
+		const int algorithm = gnutls_get_algorithm(ldb, es);
+		const size_t key_size = gnutls_cipher_get_key_size(algorithm);
+		key_blob   = get_key(data);
+
+		if (algorithm == 0) {
+			goto error_exit;
+		}
+
+		if (key_blob.length != key_size) {
+			ldb_asprintf_errstring(ldb,
+					       "Invalid EncryptedSecrets key "
+					       "size, expected %zu bytes and "
+					       "it is %zu bytes\n",
+					       key_size,
+					       key_blob.length);
+			goto error_exit;
+		}
+		cipher_key = convert_from_data_blob(key_blob);
+
+		rc = gnutls_aead_cipher_init(
+			&cipher_hnd,
+			algorithm,
+			&cipher_key);
+		if (rc != 0) {
+			ldb_asprintf_errstring(ldb,
+					       "gnutls_aead_cipher_init failed "
+					       "%s - %s\n",
+					       gnutls_strerror_name(rc),
+					       gnutls_strerror(rc));
+			goto error_exit;
+		}
+	}
+
+	/*
+	 * Decrypt and validate the encrypted value
+	 */
+
+	pt.length = es->encrypted.length;
+	pt.data = talloc_zero_size(ctx, es->encrypted.length);
+
+	if (pt.data == NULL) {
+		ldb_set_errstring(ldb,
+				  "Out of memory allocating plain text\n");
+		goto error_exit_handle;
+	}
+
+	rc = gnutls_aead_cipher_decrypt(cipher_hnd,
+					es->iv.data,
+					es->iv.length,
+					&es->header,
+					sizeof(struct EncryptedSecretHeader),
+					tag_size,
+					es->encrypted.data,
+					es->encrypted.length,
+					pt.data,
+					&pt.length);
+	if (rc != 0) {
+		/*
+		 * Typically this will indicate that the data has been
+		 * corrupted i.e. the tag comparison has failed.
+		 * At the moment gnutls does not provide a separate
+		 * error code to indicate this
+		 */
+		ldb_asprintf_errstring(ldb,
+				       "gnutls_aead_cipher_decrypt failed "
+				       "%s - %s. Data possibly corrupted or "
+				       "altered\n",
+				       gnutls_strerror_name(rc),
+				       gnutls_strerror(rc));
+		goto error_exit_handle;
+	}
+	gnutls_aead_cipher_deinit(cipher_hnd);
+
+	rc = ndr_pull_struct_blob(&pt,
+				  ctx,
+				  ps,
+				  (ndr_pull_flags_fn_t)
+					ndr_pull_PlaintextSecret);
+	if(!NDR_ERR_CODE_IS_SUCCESS(rc)) {
+		ldb_asprintf_errstring(ldb,
+				       "Error(%d) unpacking decrypted data, "
+				       "data possibly corrupted or altered\n",
+				       rc);
+		goto error_exit;
+	}
+	return;
+
+error_exit_handle:
+	gnutls_aead_cipher_deinit(cipher_hnd);
+error_exit:
+	*err = LDB_ERR_OPERATIONS_ERROR;
+	return;
+}
+
+/*
+ * @brief Encrypt an attribute value using the default encryption algorithm.
+ *
+ * Returns an encrypted copy of the value, the original value is left intact.
+ * The original content of val is encrypted and wrapped in an encrypted_value
+ * structure.
+ *
+ * @param err  Pointer to an error code, set to:
+ *             LDB_SUCESS               If the value was successfully encrypted
+ *             LDB_ERR_OPERATIONS_ERROR If there was an error.
+ *
+ * @param ctx  Talloc memory context the will own the memory allocated
+ * @param ldb  ldb context, to allow logging.
+ * @param val  The ldb value to encrypt, not altered or freed
+ * @param data The context data for this module.
+ *
+ * @return The encrypted ldb_val, or data_blob_null if there was an error.
+ */
+static struct ldb_val encrypt_value(int *err,
+				    TALLOC_CTX *ctx,
+				    struct ldb_context *ldb,
+				    const struct ldb_val val,
+				    const struct es_data *data)
+{
+	return gnutls_encrypt_aead(err, ctx, ldb, val, data);
+}
+
+/*
+ * @brief Encrypt all the values on an ldb_message_element
+ *
+ * Returns a copy of the original attribute with all values encrypted
+ * by encrypt_value(), the original attribute is left intact.
+ *
+ * @param err  Pointer to an error code, set to:
+ *             LDB_SUCESS               If the value was successfully encrypted
+ *             LDB_ERR_OPERATIONS_ERROR If there was an error.
+ *
+ * @param ctx  Talloc memory context the will own the memory allocated
+ *             for the new ldb_message_element.
+ * @param ldb  ldb context, to allow logging.
+ * @param el   The ldb_message_elemen to encrypt, not altered or freed
+ * @param data The context data for this module.
+ *
+ * @return Pointer encrypted lsb_message_element, will be NULL if there was
+ *         an error.
+ */
+static struct ldb_message_element *encrypt_element(
+	int *err,
+	TALLOC_CTX *ctx,
+	struct ldb_context *ldb,
+	const struct ldb_message_element *el,
+	const struct es_data *data)
+{
+	struct ldb_message_element* enc;
+	unsigned int i;
+
+	enc = talloc_zero(ctx, struct ldb_message_element);
+	if (enc == NULL) {
+		ldb_set_errstring(ldb,
+				  "Out of memory, allocating ldb_message_"
+				  "element\n");
+		*err = LDB_ERR_OPERATIONS_ERROR;
+		return NULL;
+	}
+
+	enc->flags	= el->flags;
+	enc->num_values	= el->num_values;
+	enc->values	= talloc_array(enc, struct ldb_val, enc->num_values);
+	if (enc->values == NULL) {
+		TALLOC_FREE(enc);
+		ldb_set_errstring(ldb,
+				  "Out of memory, allocating values array\n");
+		*err = LDB_ERR_OPERATIONS_ERROR;
+		return NULL;
+	}
+
+	enc->name = talloc_strdup(enc, el->name);
+	if (enc->name == NULL) {
+		TALLOC_FREE(enc);
+		ldb_set_errstring(ldb,
+				  "Out of memory, copying element name\n");
+		*err = LDB_ERR_OPERATIONS_ERROR;
+		return NULL;
+	}
+
+	for (i = 0; i < el->num_values; i++) {
+		enc->values[i] =
+			encrypt_value(
+				err,
+				enc->values,
+				ldb,
+				el->values[i],
+				data);
+		if (*err != LDB_SUCCESS) {
+			TALLOC_FREE(enc);
+			return NULL;
+		}
+	}
+	return enc;
+}
+
+/*
+ * @brief Encrypt all the secret attributes on an ldb_message
+ *
+ * Encrypt all the secret attributes on an ldb_message. Any secret
+ * attributes are removed from message and encrypted copies of the
+ * attributes added.  In the event of an error the contents of the
+ * message will be inconsistent.
+ *
+ * @param err Pointer to an error code, set to:
+ *            LDB_SUCESS               If the value was successfully encrypted
+ *            LDB_ERR_OPERATIONS_ERROR If there was an error.
+ * @param ldb ldb context, to allow logging.
+ * @param msg The ldb_message to have it's secret attributes encrypted.
+ *
+ * @param data The context data for this module.
+ */
+static const struct ldb_message *encrypt_secret_attributes(
+	int *err,
+	TALLOC_CTX *ctx,
+	struct ldb_context *ldb,
+	const struct ldb_message *msg,
+	const struct es_data *data)
+{
+	struct ldb_message *encrypted_msg = NULL;
+
+	unsigned int i;
+
+	if (ldb_dn_is_special(msg->dn)) {
+		return NULL;
+	}
+
+	for (i = 0; i < msg->num_elements; i++) {
+
+		const struct ldb_message_element *el = &msg->elements[i];
+		if (should_encrypt(el)) {
+			struct ldb_message_element* enc = NULL;
+			if (encrypted_msg == NULL) {
+				encrypted_msg = ldb_msg_copy_shallow(ctx, msg);
+				if (encrypted_msg == NULL) {
+					ldb_set_errstring(
+						ldb,
+						"Out of memory, allocating "
+						"ldb_message_element\n");
+					*err = LDB_ERR_OPERATIONS_ERROR;
+					return NULL;
+				}
+				encrypted_msg->dn = msg->dn;
+			}
+			enc = encrypt_element(err,
+					      msg->elements,
+					      ldb,
+					      el,
+					      data);
+			if (*err != LDB_SUCCESS) {
+				return NULL;
+			}
+			encrypted_msg->elements[i] = *enc;
+		}
+	}
+	return encrypted_msg;
+}
+
+/*
+ * @brief Check the encrypted secret header to ensure it's valid
+ *
+ * Check an Encrypted secret and ensure it's header is valid.
+ * A header is assumed to be valid if it:
+ *  - it starts with the MAGIC_VALUE
+ *  - The version number is valid
+ *  - The algorithm is valid
+ *
+ *  @param val The EncryptedSecret to check.
+ *
+ *  @return true if the header is valid, false otherwise.
+ *
+ */
+static bool check_header(struct EncryptedSecret *es)
+{
+	struct EncryptedSecretHeader *eh;
+
+	eh = &es->header;
+	if (eh->magic != ENCRYPTED_SECRET_MAGIC_VALUE) {
+		/*
+		 * Does not start with the magic value so not
+		 * an encrypted_value
+		 */
+		return false;
+	}
+
+	if (eh->version > SECRET_ATTRIBUTE_VERSION) {
+		/*
+		 * Invalid version, so not an encrypted value
+		 */
+		return false;
+	}
+
+	if (eh->algorithm != ENC_SECRET_AES_128_AEAD) {
+		/*
+		 * Invalid algorithm, so not an encrypted value
+		 */
+		return false;
+	}
+	/*
+	 * Length looks ok, starts with magic value, and the version and
+	 * algorithm are valid
+	 */
+	return true;
+}
+/*
+ * @brief Decrypt an attribute value.
+ *
+ * Returns a decrypted copy of the value, the original value is left intact.
+ *
+ * @param err  Pointer to an error code, set to:
+ *             LDB_SUCESS               If the value was successfully decrypted
+ *             LDB_ERR_OPERATIONS_ERROR If there was an error.
+ *
+ * @param ctx  Talloc memory context the will own the memory allocated
+ * @param ldb  ldb context, to allow logging.
+ * @param val  The ldb value to decrypt, not altered or freed
+ * @param data The context data for this module.
+ *
+ * @return The decrypted ldb_val, or data_blob_null if there was an error.
+ */
+static struct ldb_val decrypt_value(int *err,
+				    TALLOC_CTX *ctx,
+				    struct ldb_context *ldb,
+				    const struct ldb_val val,
+				    const struct es_data *data)
+{
+
+	struct ldb_val dec;
+
+	struct EncryptedSecret es;
+	struct PlaintextSecret ps = { data_blob_null};
+	int rc;
+	TALLOC_CTX *frame = talloc_stackframe();
+
+	rc = ndr_pull_struct_blob(&val,
+				  frame,
+				  &es,
+				  (ndr_pull_flags_fn_t)
+					ndr_pull_EncryptedSecret);
+	if(!NDR_ERR_CODE_IS_SUCCESS(rc)) {
+		ldb_asprintf_errstring(ldb,
+				       "Error(%d)  unpacking encrypted secret, "
+				       "data possibly corrupted or altered\n",
+				       rc);
+		*err = LDB_ERR_OPERATIONS_ERROR;
+		TALLOC_FREE(frame);
+		return data_blob_null;
+	}
+	if (!check_header(&es)) {
+		/*
+		* Header is invalid so can't be an encrypted value
+		*/
+		ldb_set_errstring(ldb, "Invalid EncryptedSecrets header\n");
+		*err = LDB_ERR_OPERATIONS_ERROR;
+		return data_blob_null;
+	}
+	gnutls_decrypt_aead(err, frame, ldb, &es, &ps, data);
+
+	if (*err != LDB_SUCCESS) {
+		TALLOC_FREE(frame);
+		return data_blob_null;
+	}
+
+	dec = data_blob_talloc(ctx,
+			       ps.cleartext.data,
+			       ps.cleartext.length);
+	if (dec.data == NULL) {
+		TALLOC_FREE(frame);
+		ldb_set_errstring(ldb, "Out of memory, copying value\n");
+		*err = LDB_ERR_OPERATIONS_ERROR;
+		return data_blob_null;
+	}
+
+	TALLOC_FREE(frame);
+	return dec;
+}
+
+/*
+ * @brief Decrypt all the encrypted values on an ldb_message_element
+ *
+ * Returns a copy of the original attribute with all values decrypted by
+ * decrypt_value(), the original attribute is left intact.
+ *
+ * @param err  Pointer to an error code, set to:
+ *             LDB_SUCESS               If the value was successfully encrypted
+ *             LDB_ERR_OPERATIONS_ERROR If there was an error.
+ *
+ * @param ctx  Talloc memory context the will own the memory allocated
+ *             for the new ldb_message_element.
+ * @param ldb  ldb context, to allow logging.
+ * @param el   The ldb_message_elemen to decrypt, not altered or freed
+ * @param data The context data for this module.
+ *
+ * @return Pointer decrypted lsb_message_element, will be NULL if there was
+ *         an error.
+ */
+static struct ldb_message_element *decrypt_element(
+	int *err,
+	TALLOC_CTX *ctx,
+	struct ldb_context *ldb,
+	struct ldb_message_element* el,
+	struct es_data *data)
+{
+	unsigned int i;
+	struct ldb_message_element* dec =
+		talloc_zero(ctx, struct ldb_message_element);
+
+	*err = LDB_SUCCESS;
+	if (dec == NULL) {
+		ldb_set_errstring(ldb,
+				  "Out of memory, allocating "
+				  "ldb_message_element\n");
+		*err = LDB_ERR_OPERATIONS_ERROR;
+		return NULL;
+	}
+	dec->num_values = el->num_values;
+
+	dec->values = talloc_array(dec, struct ldb_val, dec->num_values);
+	if (dec->values == NULL) {
+		TALLOC_FREE(dec);
+		ldb_set_errstring(ldb,
+				  "Out of memory, allocating values array\n");
+		*err = LDB_ERR_OPERATIONS_ERROR;
+		return NULL;
+	}
+
+	dec->name = talloc_strdup(dec, el->name);
+	if (dec->name == NULL) {
+		TALLOC_FREE(dec);
+		ldb_set_errstring(ldb, "Out of memory, copying element name\n");
+		*err = LDB_ERR_OPERATIONS_ERROR;
+		return NULL;
+	}
+
+	for (i = 0; i < el->num_values; i++) {
+		dec->values[i] =
+			decrypt_value(err,
+				      el->values,
+				      ldb,
+				      el->values[i],
+				      data);
+		if (*err != LDB_SUCCESS) {
+			TALLOC_FREE(dec);
+			return NULL;
+		}
+	}
+	return dec;
+}
+
+
+/*
+ * @brief Decrypt all the secret attributes on an ldb_message
+ *
+ * Decrypt all the secret attributes on an ldb_message. Any secret attributes
+ * are removed from message and decrypted copies of the attributes added.
+ * In the event of an error the contents of the message will be inconsistent.
+ *
+ * @param ldb ldb context, to allow logging.
+ * @param msg The ldb_message to have it's secret attributes encrypted.
+ * @param data The context data for this module.
+ *
+ * @returns ldb status code
+ *          LDB_SUCESS               If the value was successfully encrypted
+ *          LDB_ERR_OPERATIONS_ERROR If there was an error.
+ */
+static int decrypt_secret_attributes(struct ldb_context *ldb,
+				      struct ldb_message *msg,
+				      struct es_data *data)
+{
+	size_t i;
+	int ret;
+
+	if (ldb_dn_is_special(msg->dn)) {
+		return LDB_SUCCESS;
+	}
+
+	for (i = 0; i < num_secret_attributes; i++) {
+		struct ldb_message_element *el =
+			ldb_msg_find_element(msg, secret_attributes[i]);
+		if (el != NULL) {
+			const int flags = el->flags;
+			struct ldb_message_element* dec =
+				decrypt_element(&ret,
+						msg->elements,
+						ldb,
+						el,
+						data);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+			ldb_msg_remove_element(msg, el);
+			ret = ldb_msg_add(msg, dec, flags);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+		}
+	}
+	return LDB_SUCCESS;
+}
+
+static int es_search_post_process(struct ldb_module *module,
+				   struct ldb_message *msg)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct es_data *data =
+		talloc_get_type(ldb_module_get_private(module),
+				struct es_data);
+
+
+	/*
+	 * Decrypt any encrypted secret attributes
+	 */
+	if (data && data->encrypt_secrets) {
+		int err = decrypt_secret_attributes(ldb, msg, data);
+		if (err !=  LDB_SUCCESS) {
+			return err;
+		}
+	}
+	return LDB_SUCCESS;
+}
+
+/*
+  hook search operations
+*/
+struct es_context {
+	struct ldb_module *module;
+	struct ldb_request *req;
+};
+
+static int es_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	struct es_context *ec;
+	int ret;
+
+
+	ec = talloc_get_type(req->context, struct es_context);
+
+	if (!ares) {
+		return ldb_module_done(ec->req, NULL, NULL,
+				       LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ec->req, ares->controls,
+				       ares->response, ares->error);
+	}
+
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+		/*
+		 * for each record returned decrypt any encrypted attributes
+		 */
+		ret = es_search_post_process(ec->module, ares->message);
+		if (ret != 0) {
+			return ldb_module_done(ec->req, NULL, NULL,
+					       LDB_ERR_OPERATIONS_ERROR);
+		}
+		return ldb_module_send_entry(ec->req,
+				             ares->message, ares->controls);
+
+	case LDB_REPLY_REFERRAL:
+		return ldb_module_send_referral(ec->req, ares->referral);
+
+	case LDB_REPLY_DONE:
+
+		return ldb_module_done(ec->req, ares->controls,
+				       ares->response, LDB_SUCCESS);
+	}
+
+	talloc_free(ares);
+	return LDB_SUCCESS;
+}
+
+static int es_search(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct es_context *ec;
+	struct ldb_request *down_req;
+	int ret;
+
+	/* There are no encrypted attributes on special DNs */
+	if (ldb_dn_is_special(req->op.search.base)) {
+		return ldb_next_request(module, req);
+	}
+
+	ldb = ldb_module_get_ctx(module);
+
+	ec = talloc(req, struct es_context);
+	if (ec == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	ec->module = module;
+	ec->req = req;
+	ret = ldb_build_search_req_ex(&down_req,
+				      ldb,
+				      ec,
+				      req->op.search.base,
+				      req->op.search.scope,
+				      req->op.search.tree,
+				      req->op.search.attrs,
+				      req->controls,
+				      ec,
+				      es_callback,
+				      req);
+	LDB_REQ_SET_LOCATION(down_req);
+	if (ret != LDB_SUCCESS) {
+		return ldb_operr(ldb);
+	}
+
+	/* perform the search */
+	return ldb_next_request(module, down_req);
+}
+static int es_add(struct ldb_module *module, struct ldb_request *req)
+{
+
+	struct es_data *data =
+		talloc_get_type(ldb_module_get_private(module),
+				struct es_data);
+	const struct ldb_message *encrypted_msg = NULL;
+	struct ldb_context *ldb = NULL;
+	int rc = LDB_SUCCESS;
+
+	if (!data->encrypt_secrets) {
+		return ldb_next_request(module, req);
+	}
+
+	ldb = ldb_module_get_ctx(module);
+	encrypted_msg = encrypt_secret_attributes(&rc,
+						  req,
+						  ldb,
+						  req->op.add.message,
+						  data);
+	if (rc != LDB_SUCCESS) {
+		return rc;
+	}
+	/*
+	 * If we did not encrypt any of the attributes
+	 * continue on to the next module
+	 */
+	if (encrypted_msg == NULL) {
+		return ldb_next_request(module, req);
+	}
+
+	/*
+	 * Encrypted an attribute, now need to build a copy of the request
+	 * so that we're not altering the original callers copy
+	 */
+	{
+		struct ldb_request* new_req = NULL;
+		rc = ldb_build_add_req(&new_req,
+				       ldb,
+				       req,
+				       encrypted_msg,
+				       req->controls,
+				       req,
+				       dsdb_next_callback,
+				       req);
+		if (rc != LDB_SUCCESS) {
+			return rc;
+		}
+		return ldb_next_request(module, new_req);
+	}
+}
+
+static int es_modify(struct ldb_module *module, struct ldb_request *req)
+{
+	struct es_data *data =
+		talloc_get_type(ldb_module_get_private(module),
+				struct es_data);
+	const struct ldb_message *encrypted_msg = NULL;
+	struct ldb_context *ldb = NULL;
+	int rc = LDB_SUCCESS;
+
+	if (!data->encrypt_secrets) {
+		return ldb_next_request(module, req);
+	}
+
+	ldb = ldb_module_get_ctx(module);
+	encrypted_msg = encrypt_secret_attributes(&rc,
+						  req,
+						  ldb,
+						  req->op.mod.message,
+						  data);
+	if (rc != LDB_SUCCESS) {
+		return rc;
+	}
+	/*
+	 * If we did not encrypt any of the attributes
+	 * continue on to the next module
+	 */
+	if (encrypted_msg == NULL) {
+		return ldb_next_request(module, req);
+	}
+
+
+	/*
+	 * Encrypted an attribute, now need to build a copy of the request
+	 * so that we're not altering the original callers copy
+	 */
+	{
+		struct ldb_request* new_req = NULL;
+		rc = ldb_build_mod_req(&new_req,
+				       ldb,
+				       req,
+				       encrypted_msg,
+				       req->controls,
+				       req,
+				       dsdb_next_callback,
+				       req);
+		if (rc != LDB_SUCCESS) {
+			return rc;
+		}
+		return ldb_next_request(module, new_req);
+	}
+}
+
+static int es_delete(struct ldb_module *module, struct ldb_request *req)
+{
+	return ldb_next_request(module, req);
+}
+
+static int es_rename(struct ldb_module *module, struct ldb_request *req)
+{
+	return ldb_next_request(module, req);
+}
+static int es_init(struct ldb_module *ctx)
+{
+	struct es_data *data;
+	int ret;
+
+	data = talloc_zero(ctx, struct es_data);
+	if (!data) {
+		return ldb_module_oom(ctx);
+	}
+
+	{
+		struct ldb_context *ldb = ldb_module_get_ctx(ctx);
+		struct ldb_dn *samba_dsdb_dn;
+		struct ldb_result *res;
+		static const char *samba_dsdb_attrs[] = {
+			SAMBA_REQUIRED_FEATURES_ATTR,
+			NULL
+		};
+		TALLOC_CTX *frame = talloc_stackframe();
+
+		samba_dsdb_dn = ldb_dn_new(frame, ldb, "@SAMBA_DSDB");
+		if (!samba_dsdb_dn) {
+			TALLOC_FREE(frame);
+			return ldb_oom(ldb);
+		}
+		ret = dsdb_module_search_dn(ctx,
+					    frame,
+					    &res,
+					    samba_dsdb_dn,
+					    samba_dsdb_attrs,
+					    DSDB_FLAG_NEXT_MODULE,
+					    NULL);
+		if (ret != LDB_SUCCESS) {
+			TALLOC_FREE(frame);
+			return ret;
+		}
+		data->encrypt_secrets =
+			ldb_msg_check_string_attribute(
+				res->msgs[0],
+				SAMBA_REQUIRED_FEATURES_ATTR,
+				SAMBA_ENCRYPTED_SECRETS_FEATURE);
+		if (data->encrypt_secrets) {
+			ret = load_keys(ctx, data);
+			if (ret != LDB_SUCCESS) {
+				TALLOC_FREE(frame);
+				return ret;
+			}
+		}
+		TALLOC_FREE(frame);
+	}
+	ldb_module_set_private(ctx, data);
+
+	ret = ldb_next_init(ctx);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	return LDB_SUCCESS;
+}
+
+static const struct ldb_module_ops ldb_encrypted_secrets_module_ops = {
+	.name              = "encrypted_secrets",
+	.search            = es_search,
+	.add		   = es_add,
+	.modify		   = es_modify,
+	.del		   = es_delete,
+	.rename		   = es_rename,
+	.init_context	   = es_init
+};
+
+int ldb_encrypted_secrets_module_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_encrypted_secrets_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn_in.c b/source4/dsdb/samdb/ldb_modules/extended_dn_in.c
new file mode 100644
index 0000000..035a920
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/extended_dn_in.c
@@ -0,0 +1,801 @@
+/* 
+   ldb database library
+
+   Copyright (C) Simo Sorce 2005-2008
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2007-2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: ldb
+ *
+ *  Component: ldb extended dn control module
+ *
+ *  Description: this module interprets DNs of the form <SID=S-1-2-4456> into normal DNs.
+ *
+ *  Authors: Simo Sorce
+ *           Andrew Bartlett
+ */
+
+#include "includes.h"
+#include <ldb.h>
+#include <ldb_errors.h>
+#include <ldb_module.h>
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+#include "lib/ldb-samba/ldb_matching_rules.h"
+
+#undef strncasecmp
+
+/*
+  TODO: if relax is not set then we need to reject the fancy RMD_* and
+  DELETED extended DN codes
+ */
+
+/* search */
+struct extended_search_context {
+	struct ldb_module *module;
+	struct ldb_request *req;
+	struct ldb_parse_tree *tree;
+	struct ldb_dn *basedn;
+	struct ldb_dn *dn;
+	char *wellknown_object;
+	int extended_type;
+};
+
+static const char *wkattr[] = {
+	"wellKnownObjects",
+	"otherWellKnownObjects",
+	NULL
+};
+
+static const struct ldb_module_ops ldb_extended_dn_in_openldap_module_ops;
+
+/* An extra layer of indirection because LDB does not allow the original request to be altered */
+
+static int extended_final_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	int ret = LDB_ERR_OPERATIONS_ERROR;
+	struct extended_search_context *ac;
+	ac = talloc_get_type(req->context, struct extended_search_context);
+
+	if (ares->error != LDB_SUCCESS) {
+		ret = ldb_module_done(ac->req, ares->controls,
+				      ares->response, ares->error);
+	} else {
+		switch (ares->type) {
+		case LDB_REPLY_ENTRY:
+			
+			ret = ldb_module_send_entry(ac->req, ares->message, ares->controls);
+			break;
+		case LDB_REPLY_REFERRAL:
+			
+			ret = ldb_module_send_referral(ac->req, ares->referral);
+			break;
+		case LDB_REPLY_DONE:
+			
+			ret = ldb_module_done(ac->req, ares->controls,
+					      ares->response, ares->error);
+			break;
+		}
+	}
+	return ret;
+}
+
+static int extended_base_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	struct extended_search_context *ac;
+	struct ldb_request *down_req;
+	struct ldb_message_element *el;
+	int ret;
+	unsigned int i, j;
+	size_t wkn_len = 0;
+	char *valstr = NULL;
+	const char *found = NULL;
+
+	ac = talloc_get_type(req->context, struct extended_search_context);
+
+	if (!ares) {
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+		if (ac->basedn) {
+			/* we have more than one match! This can
+			   happen as S-1-5-17 appears twice in a
+			   normal provision. We need to return
+			   NO_SUCH_OBJECT */
+			const char *str = talloc_asprintf(req, "Duplicate base-DN matches found for '%s'",
+							  ldb_dn_get_extended_linearized(req, ac->dn, 1));
+			ldb_set_errstring(ldb_module_get_ctx(ac->module), str);
+			return ldb_module_done(ac->req, NULL, NULL,
+					       LDB_ERR_NO_SUCH_OBJECT);
+		}
+
+		if (!ac->wellknown_object) {
+			ac->basedn = talloc_steal(ac, ares->message->dn);
+			break;
+		}
+
+		wkn_len = strlen(ac->wellknown_object);
+
+		for (j=0; wkattr[j]; j++) {
+
+			el = ldb_msg_find_element(ares->message, wkattr[j]);
+			if (!el) {
+				ac->basedn = NULL;
+				continue;
+			}
+
+			for (i=0; i < el->num_values; i++) {
+				valstr = talloc_strndup(ac,
+							(const char *)el->values[i].data,
+							el->values[i].length);
+				if (!valstr) {
+					ldb_oom(ldb_module_get_ctx(ac->module));
+					return ldb_module_done(ac->req, NULL, NULL,
+							LDB_ERR_OPERATIONS_ERROR);
+				}
+
+				if (strncasecmp(valstr, ac->wellknown_object, wkn_len) != 0) {
+					talloc_free(valstr);
+					continue;
+				}
+
+				found = &valstr[wkn_len];
+				break;
+			}
+			if (found) {
+				break;
+			}
+		}
+
+		if (!found) {
+			break;
+		}
+
+		ac->basedn = ldb_dn_new(ac, ldb_module_get_ctx(ac->module), found);
+		talloc_free(valstr);
+		if (!ac->basedn) {
+			ldb_oom(ldb_module_get_ctx(ac->module));
+			return ldb_module_done(ac->req, NULL, NULL,
+					       LDB_ERR_OPERATIONS_ERROR);
+		}
+
+		break;
+
+	case LDB_REPLY_REFERRAL:
+		break;
+
+	case LDB_REPLY_DONE:
+
+		if (!ac->basedn) {
+			const char *str = talloc_asprintf(req, "Base-DN '%s' not found",
+							  ldb_dn_get_extended_linearized(req, ac->dn, 1));
+			ldb_set_errstring(ldb_module_get_ctx(ac->module), str);
+			return ldb_module_done(ac->req, NULL, NULL,
+					       LDB_ERR_NO_SUCH_OBJECT);
+		}
+
+		switch (ac->req->operation) {
+		case LDB_SEARCH:
+			ret = ldb_build_search_req_ex(&down_req,
+						      ldb_module_get_ctx(ac->module), ac->req,
+						      ac->basedn,
+						      ac->req->op.search.scope,
+						      ac->tree,
+						      ac->req->op.search.attrs,
+						      ac->req->controls,
+						      ac, extended_final_callback, 
+						      ac->req);
+			LDB_REQ_SET_LOCATION(down_req);
+			break;
+		case LDB_ADD:
+		{
+			struct ldb_message *add_msg = ldb_msg_copy_shallow(ac, ac->req->op.add.message);
+			if (!add_msg) {
+				ldb_oom(ldb_module_get_ctx(ac->module));
+				return ldb_module_done(ac->req, NULL, NULL,
+						       LDB_ERR_OPERATIONS_ERROR);
+			}
+			
+			add_msg->dn = ac->basedn;
+
+			ret = ldb_build_add_req(&down_req,
+						ldb_module_get_ctx(ac->module), ac->req,
+						add_msg, 
+						ac->req->controls,
+						ac, extended_final_callback, 
+						ac->req);
+			LDB_REQ_SET_LOCATION(down_req);
+			break;
+		}
+		case LDB_MODIFY:
+		{
+			struct ldb_message *mod_msg = ldb_msg_copy_shallow(ac, ac->req->op.mod.message);
+			if (!mod_msg) {
+				ldb_oom(ldb_module_get_ctx(ac->module));
+				return ldb_module_done(ac->req, NULL, NULL,
+						       LDB_ERR_OPERATIONS_ERROR);
+			}
+			
+			mod_msg->dn = ac->basedn;
+
+			ret = ldb_build_mod_req(&down_req,
+						ldb_module_get_ctx(ac->module), ac->req,
+						mod_msg, 
+						ac->req->controls,
+						ac, extended_final_callback, 
+						ac->req);
+			LDB_REQ_SET_LOCATION(down_req);
+			break;
+		}
+		case LDB_DELETE:
+			ret = ldb_build_del_req(&down_req,
+						ldb_module_get_ctx(ac->module), ac->req,
+						ac->basedn, 
+						ac->req->controls,
+						ac, extended_final_callback, 
+						ac->req);
+			LDB_REQ_SET_LOCATION(down_req);
+			break;
+		case LDB_RENAME:
+			ret = ldb_build_rename_req(&down_req,
+						   ldb_module_get_ctx(ac->module), ac->req,
+						   ac->basedn, 
+						   ac->req->op.rename.newdn,
+						   ac->req->controls,
+						   ac, extended_final_callback, 
+						   ac->req);
+			LDB_REQ_SET_LOCATION(down_req);
+			break;
+		default:
+			return ldb_module_done(ac->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
+		}
+		
+		if (ret != LDB_SUCCESS) {
+			return ldb_module_done(ac->req, NULL, NULL, ret);
+		}
+
+		return ldb_next_request(ac->module, down_req);
+	}
+	talloc_free(ares);
+	return LDB_SUCCESS;
+}
+
+
+/*
+  windows ldap searches don't allow a baseDN with more
+  than one extended component, or an extended
+  component and a string DN
+
+  We only enforce this over ldap, not for internal
+  use, as there are just too many places where we
+  internally want to use a DN that has come from a
+  search with extended DN enabled, or comes from a DRS
+  naming context.
+
+  Enforcing this would also make debugging samba much
+  harder, as we'd need to use ldb_dn_minimise() in a
+  lot of places, and that would lose the DN string
+  which is so useful for working out what a request is
+  for
+*/
+static bool ldb_dn_match_allowed(struct ldb_dn *dn, struct ldb_request *req)
+{
+	int num_components = ldb_dn_get_comp_num(dn);
+	int num_ex_components = ldb_dn_get_extended_comp_num(dn);
+
+	if (num_ex_components == 0) {
+		return true;
+	}
+
+	if ((num_components != 0 || num_ex_components != 1) &&
+	    ldb_req_is_untrusted(req)) {
+		return false;
+	}
+	return true;
+}
+
+
+struct extended_dn_filter_ctx {
+	bool test_only;
+	bool matched;
+	struct ldb_module *module;
+	struct ldb_request *req;
+	struct dsdb_schema *schema;
+	uint32_t dsdb_flags;
+};
+
+/*
+  create a always non-matching node from a equality node
+ */
+static void set_parse_tree_false(struct ldb_parse_tree *tree)
+{
+	const char *attr = tree->u.equality.attr;
+	struct ldb_val value = tree->u.equality.value;
+	tree->operation = LDB_OP_EXTENDED;
+	tree->u.extended.attr = attr;
+	tree->u.extended.value = value;
+	tree->u.extended.rule_id = SAMBA_LDAP_MATCH_ALWAYS_FALSE;
+	tree->u.extended.dnAttributes = 0;
+}
+
+/*
+  called on all nodes in the parse tree
+ */
+static int extended_dn_filter_callback(struct ldb_parse_tree *tree, void *private_context)
+{
+	struct extended_dn_filter_ctx *filter_ctx;
+	int ret;
+	struct ldb_dn *dn = NULL;
+	const struct ldb_val *sid_val, *guid_val;
+	const char *no_attrs[] = { NULL };
+	struct ldb_result *res;
+	const struct dsdb_attribute *attribute = NULL;
+	bool has_extended_component = false;
+	enum ldb_scope scope;
+	struct ldb_dn *base_dn;
+	const char *expression;
+	uint32_t dsdb_flags;
+
+	if (tree->operation != LDB_OP_EQUALITY && tree->operation != LDB_OP_EXTENDED) {
+		return LDB_SUCCESS;
+	}
+
+	filter_ctx = talloc_get_type_abort(private_context, struct extended_dn_filter_ctx);
+
+	if (filter_ctx->test_only && filter_ctx->matched) {
+		/* the tree already matched */
+		return LDB_SUCCESS;
+	}
+
+	if (!filter_ctx->schema) {
+		/* Schema not setup yet */
+		return LDB_SUCCESS;
+	}
+	if (tree->operation == LDB_OP_EQUALITY) {
+		attribute = dsdb_attribute_by_lDAPDisplayName(filter_ctx->schema, tree->u.equality.attr);
+	} else if (tree->operation == LDB_OP_EXTENDED) {
+		attribute = dsdb_attribute_by_lDAPDisplayName(filter_ctx->schema, tree->u.extended.attr);
+	}
+	if (attribute == NULL) {
+		return LDB_SUCCESS;
+	}
+
+	if (attribute->dn_format != DSDB_NORMAL_DN) {
+		return LDB_SUCCESS;
+	}
+
+	if (tree->operation == LDB_OP_EQUALITY) {
+		has_extended_component = (memchr(tree->u.equality.value.data, '<',
+						 tree->u.equality.value.length) != NULL);
+	} else if (tree->operation == LDB_OP_EXTENDED) {
+		has_extended_component = (memchr(tree->u.extended.value.data, '<',
+						 tree->u.extended.value.length) != NULL);
+	}
+
+	/*
+	 * Don't turn it into an extended DN if we're talking to OpenLDAP.
+	 * We just check the module_ops pointer instead of adding a private
+	 * pointer and a boolean to tell us the exact same thing.
+	 */
+	if (!has_extended_component) {
+		if (!attribute->one_way_link) {
+			return LDB_SUCCESS;
+		}
+
+		if (ldb_module_get_ops(filter_ctx->module) == &ldb_extended_dn_in_openldap_module_ops) {
+			return LDB_SUCCESS;
+		}
+	}
+
+	if (tree->operation == LDB_OP_EQUALITY) {
+		dn = ldb_dn_from_ldb_val(filter_ctx, ldb_module_get_ctx(filter_ctx->module), &tree->u.equality.value);
+	} else if (tree->operation == LDB_OP_EXTENDED
+		   && (strcmp(tree->u.extended.rule_id, SAMBA_LDAP_MATCH_RULE_TRANSITIVE_EVAL) == 0)) {
+		dn = ldb_dn_from_ldb_val(filter_ctx, ldb_module_get_ctx(filter_ctx->module), &tree->u.extended.value);
+	}
+	if (dn == NULL) {
+		/* testing against windows shows that we don't raise
+		   an error here */
+		return LDB_SUCCESS;
+	}
+
+	guid_val = ldb_dn_get_extended_component(dn, "GUID");
+	sid_val  = ldb_dn_get_extended_component(dn, "SID");
+
+	/*
+	 * Is the attribute indexed? By treating confidential attributes
+	 * as unindexed, we force searches to go through the unindexed
+	 * search path, avoiding observable timing differences.
+	 */
+	if (!guid_val && !sid_val &&
+	    (attribute->searchFlags & SEARCH_FLAG_ATTINDEX) &&
+	    !(attribute->searchFlags & SEARCH_FLAG_CONFIDENTIAL))
+	{
+		/* if it is indexed, then fixing the string DN will do
+		   no good here, as we will not find the attribute in
+		   the index. So for now fall through to a standard DN
+		   component comparison */
+		return LDB_SUCCESS;
+	}
+
+	if (filter_ctx->test_only) {
+		/* we need to copy the tree */
+		filter_ctx->matched = true;
+		return LDB_SUCCESS;
+	}
+
+	if (!ldb_dn_match_allowed(dn, filter_ctx->req)) {
+		/* we need to make this element of the filter always
+		   be false */
+		set_parse_tree_false(tree);
+		return LDB_SUCCESS;
+	}
+
+	dsdb_flags = filter_ctx->dsdb_flags | DSDB_FLAG_NEXT_MODULE;
+
+	if (guid_val) {
+		expression = talloc_asprintf(filter_ctx, "objectGUID=%s", ldb_binary_encode(filter_ctx, *guid_val));
+		scope = LDB_SCOPE_SUBTREE;
+		base_dn = NULL;
+		dsdb_flags |= DSDB_SEARCH_SEARCH_ALL_PARTITIONS;
+	} else if (sid_val) {
+		expression = talloc_asprintf(filter_ctx, "objectSID=%s", ldb_binary_encode(filter_ctx, *sid_val));
+		scope = LDB_SCOPE_SUBTREE;
+		base_dn = NULL;
+		dsdb_flags |= DSDB_SEARCH_SEARCH_ALL_PARTITIONS;
+	} else {
+		/* fallback to searching using the string DN as the base DN */
+		expression = "objectClass=*";
+		base_dn = dn;
+		scope = LDB_SCOPE_BASE;
+	}
+
+	ret = dsdb_module_search(filter_ctx->module,
+				 filter_ctx,
+				 &res,
+				 base_dn,
+				 scope,
+				 no_attrs,
+				 dsdb_flags,
+				 filter_ctx->req,
+				 "%s", expression);
+	if (scope == LDB_SCOPE_BASE && ret == LDB_ERR_NO_SUCH_OBJECT) {
+		/* note that this will need to change for multi-domain
+		   support */
+		set_parse_tree_false(tree);
+		return LDB_SUCCESS;
+	}
+
+	if (ret != LDB_SUCCESS) {
+		return LDB_SUCCESS;
+	}
+
+
+	if (res->count != 1) {
+		return LDB_SUCCESS;
+	}
+
+	/* replace the search expression element with the matching DN */
+	if (tree->operation == LDB_OP_EQUALITY) {
+		tree->u.equality.value.data =
+			(uint8_t *)talloc_strdup(tree, ldb_dn_get_extended_linearized(tree, res->msgs[0]->dn, 1));
+		if (tree->u.equality.value.data == NULL) {
+			return ldb_oom(ldb_module_get_ctx(filter_ctx->module));
+		}
+		tree->u.equality.value.length = strlen((const char *)tree->u.equality.value.data);
+	} else if (tree->operation == LDB_OP_EXTENDED) {
+		tree->u.extended.value.data =
+			(uint8_t *)talloc_strdup(tree, ldb_dn_get_extended_linearized(tree, res->msgs[0]->dn, 1));
+		if (tree->u.extended.value.data == NULL) {
+			return ldb_oom(ldb_module_get_ctx(filter_ctx->module));
+		}
+		tree->u.extended.value.length = strlen((const char *)tree->u.extended.value.data);
+	}
+	talloc_free(res);
+
+	filter_ctx->matched = true;
+	return LDB_SUCCESS;
+}
+
+/*
+  fix the parse tree to change any extended DN components to their
+  canonical form
+ */
+static int extended_dn_fix_filter(struct ldb_module *module,
+				  struct ldb_request *req,
+				  uint32_t default_dsdb_flags,
+				  struct ldb_parse_tree **down_tree)
+{
+	struct extended_dn_filter_ctx *filter_ctx;
+	int ret;
+
+	*down_tree = NULL;
+
+	filter_ctx = talloc_zero(req, struct extended_dn_filter_ctx);
+	if (filter_ctx == NULL) {
+		return ldb_module_oom(module);
+	}
+
+	/* first pass through the existing tree to see if anything
+	   needs to be modified. Filtering DNs on the input side is rare,
+	   so this avoids copying the parse tree in most cases */
+	filter_ctx->test_only = true;
+	filter_ctx->matched   = false;
+	filter_ctx->module    = module;
+	filter_ctx->req       = req;
+	filter_ctx->schema    = dsdb_get_schema(ldb_module_get_ctx(module), filter_ctx);
+	filter_ctx->dsdb_flags= default_dsdb_flags;
+
+	ret = ldb_parse_tree_walk(req->op.search.tree, extended_dn_filter_callback, filter_ctx);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(filter_ctx);
+		return ret;
+	}
+
+	if (!filter_ctx->matched) {
+		/* nothing matched, no need for a new parse tree */
+		talloc_free(filter_ctx);
+		return LDB_SUCCESS;
+	}
+
+	filter_ctx->test_only = false;
+	filter_ctx->matched   = false;
+
+	*down_tree = ldb_parse_tree_copy_shallow(req, req->op.search.tree);
+	if (*down_tree == NULL) {
+		return ldb_oom(ldb_module_get_ctx(module));
+	}
+
+	ret = ldb_parse_tree_walk(*down_tree, extended_dn_filter_callback, filter_ctx);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(filter_ctx);
+		return ret;
+	}
+
+	talloc_free(filter_ctx);
+	return LDB_SUCCESS;
+}
+
+/*
+  fix DNs and filter expressions to cope with the semantics of
+  extended DNs
+ */
+static int extended_dn_in_fix(struct ldb_module *module, struct ldb_request *req, struct ldb_dn *dn)
+{
+	struct extended_search_context *ac;
+	struct ldb_request *down_req = NULL;
+	struct ldb_parse_tree *down_tree = NULL;
+	int ret;
+	struct ldb_dn *base_dn = NULL;
+	enum ldb_scope base_dn_scope = LDB_SCOPE_BASE;
+	const char *base_dn_filter = NULL;
+	const char * const *base_dn_attrs = NULL;
+	char *wellknown_object = NULL;
+	static const char *no_attr[] = {
+		NULL
+	};
+	uint32_t dsdb_flags = DSDB_FLAG_AS_SYSTEM | DSDB_SEARCH_SHOW_EXTENDED_DN;
+
+	if (ldb_request_get_control(req, LDB_CONTROL_SHOW_DELETED_OID)) {
+		dsdb_flags |= DSDB_SEARCH_SHOW_DELETED;
+	}
+	if (ldb_request_get_control(req, LDB_CONTROL_SHOW_RECYCLED_OID)) {
+		dsdb_flags |= DSDB_SEARCH_SHOW_RECYCLED;
+	}
+	if (ldb_request_get_control(req, DSDB_CONTROL_DBCHECK)) {
+		dsdb_flags |= DSDB_SEARCH_SHOW_RECYCLED;
+	}
+
+	if (req->operation == LDB_SEARCH) {
+		ret = extended_dn_fix_filter(module, req, dsdb_flags, &down_tree);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	if (!ldb_dn_has_extended(dn)) {
+		/* Move along there isn't anything to see here */
+		if (down_tree == NULL) {
+			down_req = req;
+		} else {
+			ret = ldb_build_search_req_ex(&down_req,
+						      ldb_module_get_ctx(module), req,
+						      req->op.search.base,
+						      req->op.search.scope,
+						      down_tree,
+						      req->op.search.attrs,
+						      req->controls,
+						      req, dsdb_next_callback,
+						      req);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+			LDB_REQ_SET_LOCATION(down_req);
+		}
+
+		return ldb_next_request(module, down_req);
+	} else {
+		/* It looks like we need to map the DN */
+		const struct ldb_val *sid_val, *guid_val, *wkguid_val;
+
+		if (!ldb_dn_match_allowed(dn, req)) {
+			return ldb_error(ldb_module_get_ctx(module),
+					 LDB_ERR_INVALID_DN_SYNTAX, "invalid number of DN components");
+		}
+
+		sid_val = ldb_dn_get_extended_component(dn, "SID");
+		guid_val = ldb_dn_get_extended_component(dn, "GUID");
+		wkguid_val = ldb_dn_get_extended_component(dn, "WKGUID");
+
+		/*
+		  prioritise the GUID - we have had instances of
+		  duplicate SIDs in the database in the
+		  ForeignSecurityPrinciples due to provision errors
+		 */
+		if (guid_val) {
+			dsdb_flags |= DSDB_SEARCH_SEARCH_ALL_PARTITIONS;
+			base_dn = NULL;
+			base_dn_filter = talloc_asprintf(req, "(objectGUID=%s)",
+							 ldb_binary_encode(req, *guid_val));
+			if (!base_dn_filter) {
+				return ldb_oom(ldb_module_get_ctx(module));
+			}
+			base_dn_scope = LDB_SCOPE_SUBTREE;
+			base_dn_attrs = no_attr;
+
+		} else if (sid_val) {
+			dsdb_flags |= DSDB_SEARCH_SEARCH_ALL_PARTITIONS;
+			base_dn = NULL;
+			base_dn_filter = talloc_asprintf(req, "(objectSid=%s)",
+							 ldb_binary_encode(req, *sid_val));
+			if (!base_dn_filter) {
+				return ldb_oom(ldb_module_get_ctx(module));
+			}
+			base_dn_scope = LDB_SCOPE_SUBTREE;
+			base_dn_attrs = no_attr;
+
+		} else if (wkguid_val) {
+			char *wkguid_dup;
+			char *tail_str;
+			char *p;
+
+			wkguid_dup = talloc_strndup(req, (char *)wkguid_val->data, wkguid_val->length);
+
+			p = strchr(wkguid_dup, ',');
+			if (!p) {
+				return ldb_error(ldb_module_get_ctx(module), LDB_ERR_INVALID_DN_SYNTAX,
+						 "Invalid WKGUID format");
+			}
+
+			p[0] = '\0';
+			p++;
+
+			wellknown_object = talloc_asprintf(req, "B:32:%s:", wkguid_dup);
+			if (!wellknown_object) {
+				return ldb_oom(ldb_module_get_ctx(module));
+			}
+
+			tail_str = p;
+
+			base_dn = ldb_dn_new(req, ldb_module_get_ctx(module), tail_str);
+			talloc_free(wkguid_dup);
+			if (!base_dn) {
+				return ldb_oom(ldb_module_get_ctx(module));
+			}
+			base_dn_filter = talloc_strdup(req, "(objectClass=*)");
+			if (!base_dn_filter) {
+				return ldb_oom(ldb_module_get_ctx(module));
+			}
+			base_dn_scope = LDB_SCOPE_BASE;
+			base_dn_attrs = wkattr;
+		} else {
+			return ldb_error(ldb_module_get_ctx(module), LDB_ERR_INVALID_DN_SYNTAX,
+					 "Invalid extended DN component");
+		}
+
+		ac = talloc_zero(req, struct extended_search_context);
+		if (ac == NULL) {
+			return ldb_oom(ldb_module_get_ctx(module));
+		}
+		
+		ac->module = module;
+		ac->req = req;
+		ac->tree = (down_tree != NULL) ? down_tree : req->op.search.tree;
+		ac->dn = dn;
+		ac->basedn = NULL;  /* Filled in if the search finds the DN by SID/GUID etc */
+		ac->wellknown_object = wellknown_object;
+		
+		/* If the base DN was an extended DN (perhaps a well known
+		 * GUID) then search for that, so we can proceed with the original operation */
+
+		ret = ldb_build_search_req(&down_req,
+					   ldb_module_get_ctx(module), ac,
+					   base_dn,
+					   base_dn_scope,
+					   base_dn_filter,
+					   base_dn_attrs,
+					   NULL,
+					   ac, extended_base_callback,
+					   req);
+		LDB_REQ_SET_LOCATION(down_req);
+		if (ret != LDB_SUCCESS) {
+			return ldb_operr(ldb_module_get_ctx(module));
+		}
+
+		ret = dsdb_request_add_controls(down_req, dsdb_flags);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		/* perform the search */
+		return ldb_next_request(module, down_req);
+	}
+}
+
+static int extended_dn_in_search(struct ldb_module *module, struct ldb_request *req)
+{
+	return extended_dn_in_fix(module, req, req->op.search.base);
+}
+
+static int extended_dn_in_modify(struct ldb_module *module, struct ldb_request *req)
+{
+	return extended_dn_in_fix(module, req, req->op.mod.message->dn);
+}
+
+static int extended_dn_in_del(struct ldb_module *module, struct ldb_request *req)
+{
+	return extended_dn_in_fix(module, req, req->op.del.dn);
+}
+
+static int extended_dn_in_rename(struct ldb_module *module, struct ldb_request *req)
+{
+	return extended_dn_in_fix(module, req, req->op.rename.olddn);
+}
+
+static const struct ldb_module_ops ldb_extended_dn_in_module_ops = {
+	.name		   = "extended_dn_in",
+	.search            = extended_dn_in_search,
+	.modify            = extended_dn_in_modify,
+	.del               = extended_dn_in_del,
+	.rename            = extended_dn_in_rename,
+};
+
+static const struct ldb_module_ops ldb_extended_dn_in_openldap_module_ops = {
+	.name		   = "extended_dn_in_openldap",
+	.search            = extended_dn_in_search,
+	.modify            = extended_dn_in_modify,
+	.del               = extended_dn_in_del,
+	.rename            = extended_dn_in_rename,
+};
+
+int ldb_extended_dn_in_module_init(const char *version)
+{
+	int ret;
+	LDB_MODULE_CHECK_VERSION(version);
+	ret = ldb_register_module(&ldb_extended_dn_in_openldap_module_ops);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	return ldb_register_module(&ldb_extended_dn_in_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn_out.c b/source4/dsdb/samdb/ldb_modules/extended_dn_out.c
new file mode 100644
index 0000000..a949bfb
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/extended_dn_out.c
@@ -0,0 +1,672 @@
+/* 
+   ldb database library
+
+   Copyright (C) Simo Sorce 2005-2008
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2007-2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: ldb
+ *
+ *  Component: ldb extended dn control module
+ *
+ *  Description: this module builds a special dn for returned search
+ *  results, and fixes some other aspects of the result (returned case issues)
+ *  values.
+ *
+ *  Authors: Simo Sorce
+ *           Andrew Bartlett
+ */
+
+#include "includes.h"
+#include <ldb.h>
+#include <ldb_errors.h>
+#include <ldb_module.h>
+#include "libcli/security/security.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "librpc/ndr/libndr.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+
+#undef strcasecmp
+#undef strncasecmp
+
+struct extended_dn_out_private {
+	bool dereference;
+	bool normalise;
+	const char **attrs;
+};
+
+static char **copy_attrs(void *mem_ctx, const char * const * attrs)
+{
+	char **nattrs;
+	unsigned int i, num;
+
+	for (num = 0; attrs[num]; num++);
+
+	nattrs = talloc_array(mem_ctx, char *, num + 1);
+	if (!nattrs) return NULL;
+
+	for(i = 0; i < num; i++) {
+		nattrs[i] = talloc_strdup(nattrs, attrs[i]);
+		if (!nattrs[i]) {
+			talloc_free(nattrs);
+			return NULL;
+		}
+	}
+	nattrs[i] = NULL;
+
+	return nattrs;
+}
+
+static bool add_attrs(void *mem_ctx, char ***attrs, const char *attr)
+{
+	char **nattrs;
+	unsigned int num;
+
+	for (num = 0; (*attrs)[num]; num++);
+
+	nattrs = talloc_realloc(mem_ctx, *attrs, char *, num + 2);
+	if (!nattrs) return false;
+
+	*attrs = nattrs;
+
+	nattrs[num] = talloc_strdup(nattrs, attr);
+	if (!nattrs[num]) return false;
+
+	nattrs[num + 1] = NULL;
+
+	return true;
+}
+
+/* Inject the extended DN components, so the DN cn=Administrator,cn=users,dc=samba,dc=example,dc=com becomes
+   <GUID=541203ae-f7d6-47ef-8390-bfcf019f9583>;<SID=S-1-5-21-4177067393-1453636373-93818737-500>;cn=Administrator,cn=users,dc=samba,dc=example,dc=com */
+
+static int inject_extended_dn_out(struct ldb_reply *ares,
+				  struct ldb_context *ldb,
+				  int type,
+				  bool remove_guid,
+				  bool remove_sid)
+{
+	int ret;
+	const DATA_BLOB *guid_blob;
+	const DATA_BLOB *sid_blob;
+
+	guid_blob = ldb_msg_find_ldb_val(ares->message, "objectGUID");
+	sid_blob = ldb_msg_find_ldb_val(ares->message, "objectSid");
+
+	if (!guid_blob) {
+		ldb_set_errstring(ldb, "Did not find objectGUID to inject into extended DN");
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	ret = ldb_dn_set_extended_component(ares->message->dn, "GUID", guid_blob);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	if (sid_blob) {
+		ret = ldb_dn_set_extended_component(ares->message->dn, "SID", sid_blob);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	if (remove_guid) {
+		ldb_msg_remove_attr(ares->message, "objectGUID");
+	}
+
+	if (sid_blob && remove_sid) {
+		ldb_msg_remove_attr(ares->message, "objectSid");
+	}
+
+	return LDB_SUCCESS;
+}
+
+/* search */
+struct extended_search_context {
+	struct ldb_module *module;
+	const struct dsdb_schema *schema;
+	struct ldb_request *req;
+	bool inject;
+	bool remove_guid;
+	bool remove_sid;
+	int extended_type;
+};
+
+
+/*
+   fix one-way links to have the right string DN, to cope with
+   renames of the target
+*/
+static int fix_one_way_link(struct extended_search_context *ac, struct ldb_dn *dn,
+			    bool is_deleted_objects, bool *remove_value,
+			    uint32_t linkID)
+{
+	struct GUID guid;
+	NTSTATUS status;
+	int ret;
+	struct ldb_dn *real_dn;
+	uint32_t search_flags;
+	TALLOC_CTX *tmp_ctx = talloc_new(ac);
+	const char *attrs[] = { NULL };
+	struct ldb_result *res;
+
+	(*remove_value) = false;
+
+	status = dsdb_get_extended_dn_guid(dn, &guid, "GUID");
+	if (!NT_STATUS_IS_OK(status)) {
+		/* this is a strange DN that doesn't have a GUID! just
+		   return the current DN string?? */
+		talloc_free(tmp_ctx);
+		return LDB_SUCCESS;
+	}
+
+	search_flags = DSDB_FLAG_NEXT_MODULE | DSDB_SEARCH_SEARCH_ALL_PARTITIONS | DSDB_SEARCH_ONE_ONLY;
+
+	if (linkID == 0) {
+		/* You must ALWAYS show one-way links regardless of the state of the target */
+		search_flags |= (DSDB_SEARCH_SHOW_DELETED | DSDB_SEARCH_SHOW_RECYCLED);
+	}
+
+	ret = dsdb_module_search(ac->module, tmp_ctx, &res, NULL, LDB_SCOPE_SUBTREE, attrs,
+				 search_flags, ac->req, "objectguid=%s", GUID_string(tmp_ctx, &guid));
+	if (ret != LDB_SUCCESS || res->count != 1) {
+		/* if we can't resolve this GUID, then we don't
+		   display the link. This could be a link to a NC that we don't
+		   have, or it could be a link to a deleted object
+		*/
+		(*remove_value) = true;
+		talloc_free(tmp_ctx);
+		return LDB_SUCCESS;
+	}
+	real_dn = res->msgs[0]->dn;
+
+	if (strcmp(ldb_dn_get_linearized(dn), ldb_dn_get_linearized(real_dn)) == 0) {
+		/* its already correct */
+		talloc_free(tmp_ctx);
+		return LDB_SUCCESS;
+	}
+
+	/* fix the DN by replacing its components with those from the
+	 * real DN
+	 */
+	if (!ldb_dn_replace_components(dn, real_dn)) {
+		talloc_free(tmp_ctx);
+		return ldb_operr(ldb_module_get_ctx(ac->module));
+	}
+	talloc_free(tmp_ctx);
+
+	return LDB_SUCCESS;
+}
+
+
+/*
+  this is called to post-process the results from the search
+ */
+static int extended_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	struct extended_search_context *ac;
+	int ret;
+	unsigned int i, j, k;
+	struct ldb_message *msg;
+	struct extended_dn_out_private *p;
+	struct ldb_context *ldb;
+	bool have_reveal_control=false;
+
+	ac = talloc_get_type(req->context, struct extended_search_context);
+	p = talloc_get_type(ldb_module_get_private(ac->module), struct extended_dn_out_private);
+	ldb = ldb_module_get_ctx(ac->module);
+	if (!ares) {
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	msg = ares->message;
+
+	switch (ares->type) {
+	case LDB_REPLY_REFERRAL:
+		return ldb_module_send_referral(ac->req, ares->referral);
+
+	case LDB_REPLY_DONE:
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, LDB_SUCCESS);
+	case LDB_REPLY_ENTRY:
+		break;
+	}
+
+	if (p && p->normalise) {
+		ret = dsdb_fix_dn_rdncase(ldb, ares->message->dn);
+		if (ret != LDB_SUCCESS) {
+			return ldb_module_done(ac->req, NULL, NULL, ret);
+		}
+	}
+			
+	if (ac->inject) {
+		/* for each record returned post-process to add any derived
+		   attributes that have been asked for */
+		ret = inject_extended_dn_out(ares, ldb,
+					     ac->extended_type, ac->remove_guid,
+					     ac->remove_sid);
+		if (ret != LDB_SUCCESS) {
+			return ldb_module_done(ac->req, NULL, NULL, ret);
+		}
+	}
+
+	if ((p && p->normalise) || ac->inject) {
+		const struct ldb_val *val = ldb_msg_find_ldb_val(ares->message, "distinguishedName");
+		if (val) {
+			ldb_msg_remove_attr(ares->message, "distinguishedName");
+			if (ac->inject) {
+				ret = ldb_msg_add_steal_string(ares->message, "distinguishedName", 
+							       ldb_dn_get_extended_linearized(ares->message, ares->message->dn, ac->extended_type));
+			} else {
+				ret = ldb_msg_add_linearized_dn(ares->message,
+								"distinguishedName",
+								ares->message->dn);
+			}
+			if (ret != LDB_SUCCESS) {
+				return ldb_oom(ldb);
+			}
+		}
+	}
+
+	have_reveal_control =
+		dsdb_request_has_control(req, LDB_CONTROL_REVEAL_INTERNALS);
+
+	/* 
+	 * Shortcut for repl_meta_data.  We asked for the data
+	 * 'as-is', so stop processing here!
+	 */
+	if (have_reveal_control && (p == NULL || !p->normalise) && ac->inject) {
+		return ldb_module_send_entry(ac->req, msg, ares->controls);
+	}
+	
+	/* Walk the returned elements (but only if we have a schema to
+	 * interpret the list with) */
+	for (i = 0; ac->schema && i < msg->num_elements; i++) {
+		bool make_extended_dn;
+		bool bl_requested = true;
+		const struct dsdb_attribute *attribute;
+
+		attribute = dsdb_attribute_by_lDAPDisplayName(ac->schema, msg->elements[i].name);
+		if (!attribute) {
+			continue;
+		}
+
+		if (p && p->normalise) {
+			/* If we are also in 'normalise' mode, then
+			 * fix the attribute names to be in the
+			 * correct case */
+			msg->elements[i].name = talloc_strdup(msg->elements, attribute->lDAPDisplayName);
+			if (!msg->elements[i].name) {
+				ldb_oom(ldb);
+				return ldb_module_done(ac->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
+			}
+		}
+
+		/* distinguishedName has been dealt with above */
+		if (ldb_attr_cmp(msg->elements[i].name, "distinguishedName") == 0) {
+			continue;
+		}
+
+		/* Look to see if this attributeSyntax is a DN */
+		if (attribute->dn_format == DSDB_INVALID_DN) {
+			continue;
+		}
+
+		make_extended_dn = ac->inject;
+
+		/* Always show plain DN in case of Object(OR-Name) syntax */
+		if (make_extended_dn) {
+			make_extended_dn = (strcmp(attribute->syntax->ldap_oid, DSDB_SYNTAX_OR_NAME) != 0);
+		}
+
+		if (attribute->linkID & 1 &&
+		    attribute->bl_maybe_invisible &&
+		    !have_reveal_control)
+		{
+			const char * const *attrs = ac->req->op.search.attrs;
+
+			if (attrs != NULL) {
+				bl_requested = ldb_attr_in_list(attrs,
+						attribute->lDAPDisplayName);
+			} else {
+				bl_requested = false;
+			}
+		}
+
+		for (k = 0, j = 0; j < msg->elements[i].num_values; j++) {
+			const char *dn_str;
+			struct ldb_dn *dn;
+			struct dsdb_dn *dsdb_dn = NULL;
+			struct ldb_val *plain_dn = &msg->elements[i].values[j];
+			bool is_deleted_objects = false;
+			uint32_t rmd_flags;
+
+			/* this is a fast method for detecting deleted
+			   linked attributes, working on the unparsed
+			   ldb_val */
+			rmd_flags = dsdb_dn_val_rmd_flags(plain_dn);
+			if (rmd_flags & DSDB_RMD_FLAG_DELETED && !have_reveal_control) {
+				/* it's a deleted linked attribute,
+				  and we don't have the reveal control */
+				/* we won't keep this one, so not incrementing k */
+				continue;
+			}
+			if (rmd_flags & DSDB_RMD_FLAG_HIDDEN_BL && !bl_requested) {
+				/*
+				 * Hidden backlinks are not revealed unless
+				 * requested.
+				 *
+				 * we won't keep this one, so not incrementing k
+				 */
+				continue;
+			}
+
+			dsdb_dn = dsdb_dn_parse_trusted(msg, ldb, plain_dn, attribute->syntax->ldap_oid);
+
+			if (!dsdb_dn) {
+				ldb_asprintf_errstring(ldb,
+						       "could not parse %.*s in %s on %s as a %s DN",
+						       (int)plain_dn->length, plain_dn->data,
+						       msg->elements[i].name, ldb_dn_get_linearized(msg->dn),
+						       attribute->syntax->ldap_oid);
+				talloc_free(dsdb_dn);
+				return ldb_module_done(ac->req, NULL, NULL, LDB_ERR_INVALID_DN_SYNTAX);
+			}
+			dn = dsdb_dn->dn;
+
+			/* we need to know if this is a link to the
+			   deleted objects container for fixing one way
+			   links */
+			if (dsdb_dn->extra_part.length == 16) {
+				char *hex_string = data_blob_hex_string_upper(req, &dsdb_dn->extra_part);
+				if (hex_string && strcmp(hex_string, DS_GUID_DELETED_OBJECTS_CONTAINER) == 0) {
+					is_deleted_objects = true;
+				}
+				talloc_free(hex_string);
+			}
+
+			if (p != NULL && p->normalise) {
+				ret = dsdb_fix_dn_rdncase(ldb, dn);
+				if (ret != LDB_SUCCESS) {
+					talloc_free(dsdb_dn);
+					return ldb_module_done(ac->req, NULL, NULL, ret);
+				}
+			}
+
+			/* Look for this value in the attribute */
+
+			/* note that we don't fixup objectCategory as
+			   it should not be possible to move
+			   objectCategory elements in the schema */
+			if (attribute->one_way_link &&
+			    strcasecmp(attribute->lDAPDisplayName, "objectCategory") != 0) {
+				bool remove_value;
+				ret = fix_one_way_link(ac, dn, is_deleted_objects, &remove_value,
+						       attribute->linkID);
+				if (ret != LDB_SUCCESS) {
+					talloc_free(dsdb_dn);
+					return ldb_module_done(ac->req, NULL, NULL, ret);
+				}
+				if (remove_value && !have_reveal_control) {
+					/* we show these with REVEAL
+					   to allow dbcheck to find and
+					   cleanup these orphaned links */
+					/* we won't keep this one, so not incrementing k */
+					continue;
+				}
+			}
+			
+			if (make_extended_dn) {
+				if (!ldb_dn_validate(dsdb_dn->dn)) {
+					ldb_asprintf_errstring(ldb, 
+							       "could not parse %.*s in %s on %s as a %s DN", 
+							       (int)plain_dn->length, plain_dn->data,
+							       msg->elements[i].name, ldb_dn_get_linearized(msg->dn),
+							       attribute->syntax->ldap_oid);
+					talloc_free(dsdb_dn);
+					return ldb_module_done(ac->req, NULL, NULL, LDB_ERR_INVALID_DN_SYNTAX);
+				}
+				/* don't let users see the internal extended
+				   GUID components */
+				if (!have_reveal_control) {
+					const char *accept[] = { "GUID", "SID", NULL };
+					ldb_dn_extended_filter(dn, accept);
+				}
+				dn_str = dsdb_dn_get_extended_linearized(msg->elements[i].values,
+									 dsdb_dn, ac->extended_type);
+			} else {
+				dn_str = dsdb_dn_get_linearized(msg->elements[i].values,
+								dsdb_dn);
+			}
+
+			if (!dn_str) {
+				ldb_oom(ldb);
+				talloc_free(dsdb_dn);
+				return ldb_module_done(ac->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
+			}
+			msg->elements[i].values[k] = data_blob_string_const(dn_str);
+			talloc_free(dsdb_dn);
+			k++;
+		}
+
+		if (k == 0) {
+			/* we've deleted all of the values from this
+			 * element - remove the element */
+			ldb_msg_remove_element(msg, &msg->elements[i]);
+			i--;
+		} else {
+			msg->elements[i].num_values = k;
+		}
+	}
+	return ldb_module_send_entry(ac->req, msg, ares->controls);
+}
+
+static int extended_callback_ldb(struct ldb_request *req, struct ldb_reply *ares)
+{
+	return extended_callback(req, ares);
+}
+
+static int extended_dn_out_search(struct ldb_module *module, struct ldb_request *req,
+		int (*callback)(struct ldb_request *req, struct ldb_reply *ares))
+{
+	struct ldb_control *control;
+	struct ldb_control *storage_format_control;
+	struct ldb_extended_dn_control *extended_ctrl = NULL;
+	struct extended_search_context *ac;
+	struct ldb_request *down_req;
+	char **new_attrs;
+	const char * const *const_attrs;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	int ret;
+
+	struct extended_dn_out_private *p = talloc_get_type(ldb_module_get_private(module), struct extended_dn_out_private);
+
+	/* The schema manipulation does not apply to special DNs */
+	if (ldb_dn_is_special(req->op.search.base)) {
+		return ldb_next_request(module, req);
+	}
+
+	/* check if there's an extended dn control */
+	control = ldb_request_get_control(req, LDB_CONTROL_EXTENDED_DN_OID);
+	if (control && control->data) {
+		extended_ctrl = talloc_get_type(control->data, struct ldb_extended_dn_control);
+		if (!extended_ctrl) {
+			return LDB_ERR_PROTOCOL_ERROR;
+		}
+	}
+
+	/* Look to see if, as we are in 'store DN+GUID+SID' mode, the
+	 * client is after the storage format (to fill in linked
+	 * attributes) */
+	storage_format_control = ldb_request_get_control(req, DSDB_CONTROL_DN_STORAGE_FORMAT_OID);
+	if (!control && storage_format_control && storage_format_control->data) {
+		extended_ctrl = talloc_get_type(storage_format_control->data, struct ldb_extended_dn_control);
+		if (!extended_ctrl) {
+			ldb_set_errstring(ldb, "extended_dn_out: extended_ctrl was of the wrong data type");
+			return LDB_ERR_PROTOCOL_ERROR;
+		}
+	}
+
+	ac = talloc_zero(req, struct extended_search_context);
+	if (ac == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	ac->module = module;
+	ac->schema = dsdb_get_schema(ldb, ac);
+	ac->req = req;
+	ac->inject = false;
+	ac->remove_guid = false;
+	ac->remove_sid = false;
+	
+	const_attrs = req->op.search.attrs;
+
+	/* We only need to do special processing if we were asked for
+	 * the extended DN, or we are 'store DN+GUID+SID'
+	 * (!dereference) mode.  (This is the normal mode for LDB on
+	 * tdb). */
+	if (control || (storage_format_control && p)) {
+		ac->inject = true;
+		if (extended_ctrl) {
+			ac->extended_type = extended_ctrl->type;
+		} else {
+			ac->extended_type = 0;
+		}
+
+		/* check if attrs only is specified, in that case check whether we need to modify them */
+		if (req->op.search.attrs && !ldb_attr_in_list(req->op.search.attrs, "*")) {
+			if (! ldb_attr_in_list(req->op.search.attrs, "objectGUID")) {
+				ac->remove_guid = true;
+			}
+			if (! ldb_attr_in_list(req->op.search.attrs, "objectSid")) {
+				ac->remove_sid = true;
+			}
+			if (ac->remove_guid || ac->remove_sid) {
+				new_attrs = copy_attrs(ac, req->op.search.attrs);
+				if (new_attrs == NULL) {
+					return ldb_oom(ldb);
+				}
+
+				if (ac->remove_guid) {
+					if (!add_attrs(ac, &new_attrs, "objectGUID"))
+						return ldb_operr(ldb);
+				}
+				if (ac->remove_sid) {
+					if (!add_attrs(ac, &new_attrs, "objectSid"))
+						return ldb_operr(ldb);
+				}
+				const_attrs = (const char * const *)new_attrs;
+			}
+		}
+	}
+
+	ret = ldb_build_search_req_ex(&down_req,
+				      ldb, ac,
+				      req->op.search.base,
+				      req->op.search.scope,
+				      req->op.search.tree,
+				      const_attrs,
+				      req->controls,
+				      ac, callback,
+				      req);
+	LDB_REQ_SET_LOCATION(down_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/* mark extended DN and storage format controls as done */
+	if (control) {
+		control->critical = 0;
+	}
+
+	if (storage_format_control) {
+		storage_format_control->critical = 0;
+	}
+
+	/* perform the search */
+	return ldb_next_request(module, down_req);
+}
+
+static int extended_dn_out_ldb_search(struct ldb_module *module, struct ldb_request *req)
+{
+	return extended_dn_out_search(module, req, extended_callback_ldb);
+}
+
+static int extended_dn_out_ldb_init(struct ldb_module *module)
+{
+	int ret;
+
+	struct extended_dn_out_private *p = talloc(module, struct extended_dn_out_private);
+	struct dsdb_extended_dn_store_format *dn_format;
+
+	ldb_module_set_private(module, p);
+
+	if (!p) {
+		return ldb_oom(ldb_module_get_ctx(module));
+	}
+
+	dn_format = talloc(p, struct dsdb_extended_dn_store_format);
+	if (!dn_format) {
+		talloc_free(p);
+		return ldb_oom(ldb_module_get_ctx(module));
+	}
+
+	dn_format->store_extended_dn_in_ldb = true;
+	ret = ldb_set_opaque(ldb_module_get_ctx(module), DSDB_EXTENDED_DN_STORE_FORMAT_OPAQUE_NAME, dn_format);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(p);
+		return ret;
+	}
+
+	p->dereference = false;
+	p->normalise = false;
+
+	ret = ldb_mod_register_control(module, LDB_CONTROL_EXTENDED_DN_OID);
+	if (ret != LDB_SUCCESS) {
+		ldb_debug(ldb_module_get_ctx(module), LDB_DEBUG_ERROR,
+			"extended_dn_out: Unable to register control with rootdse!\n");
+		return ldb_operr(ldb_module_get_ctx(module));
+	}
+
+	return ldb_next_init(module);
+}
+
+static const struct ldb_module_ops ldb_extended_dn_out_ldb_module_ops = {
+	.name		   = "extended_dn_out_ldb",
+	.search            = extended_dn_out_ldb_search,
+	.init_context	   = extended_dn_out_ldb_init,
+};
+
+/*
+  initialise the module
+ */
+_PUBLIC_ int ldb_extended_dn_out_module_init(const char *version)
+{
+	int ret;
+	LDB_MODULE_CHECK_VERSION(version);
+	ret = ldb_register_module(&ldb_extended_dn_out_ldb_module_ops);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	return LDB_SUCCESS;
+}
diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn_store.c b/source4/dsdb/samdb/ldb_modules/extended_dn_store.c
new file mode 100644
index 0000000..42970da
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/extended_dn_store.c
@@ -0,0 +1,830 @@
+/* 
+   ldb database library
+
+   Copyright (C) Simo Sorce 2005-2008
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2007-2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: ldb
+ *
+ *  Component: ldb extended dn control module
+ *
+ *  Description: this module builds a special dn for returned search
+ *  results nad creates the special DN in the backend store for new
+ *  values.
+ *
+ *  This also has the curious result that we convert <SID=S-1-2-345>
+ *  in an attribute value into a normal DN for the rest of the stack
+ *  to process
+ *
+ *  Authors: Simo Sorce
+ *           Andrew Bartlett
+ */
+
+#include "includes.h"
+#include <ldb.h>
+#include <ldb_errors.h>
+#include <ldb_module.h>
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "dsdb/samdb/samdb.h"
+#include "libcli/security/security.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+#include <time.h>
+
+struct extended_dn_replace_list {
+	struct extended_dn_replace_list *next;
+	struct dsdb_dn *dsdb_dn;
+	TALLOC_CTX *mem_ctx;
+	struct ldb_val *replace_dn;
+	struct extended_dn_context *ac;
+	struct ldb_request *search_req;
+	bool fpo_enabled;
+	bool require_object;
+	bool got_entry;
+};
+
+
+struct extended_dn_context {
+	const struct dsdb_schema *schema;
+	struct ldb_module *module;
+	struct ldb_context *ldb;
+	struct ldb_request *req;
+	struct ldb_request *new_req;
+
+	struct extended_dn_replace_list *ops;
+	struct extended_dn_replace_list *cur;
+
+	/*
+	 * Used by the FPO-enabled attribute validation.
+	 */
+	struct dsdb_trust_routing_table *routing_table;
+};
+
+
+static struct extended_dn_context *extended_dn_context_init(struct ldb_module *module,
+							    struct ldb_request *req)
+{
+	struct extended_dn_context *ac;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	ac = talloc_zero(req, struct extended_dn_context);
+	if (ac == NULL) {
+		ldb_oom(ldb);
+		return NULL;
+	}
+
+	ac->schema = dsdb_get_schema(ldb, ac);
+	ac->module = module;
+	ac->ldb = ldb;
+	ac->req = req;
+
+	return ac;
+}
+
+static int extended_replace_dn(struct extended_dn_replace_list *os,
+			       struct ldb_dn *dn)
+{
+	struct dsdb_dn *dsdb_dn = NULL;
+	const char *str = NULL;
+
+	/*
+	 * Rebuild with the string or binary 'extra part' the
+	 * DN may have had as a prefix
+	 */
+	dsdb_dn = dsdb_dn_construct(os, dn,
+				    os->dsdb_dn->extra_part,
+				    os->dsdb_dn->oid);
+	if (dsdb_dn == NULL) {
+		return ldb_module_operr(os->ac->module);
+	}
+
+	str = dsdb_dn_get_extended_linearized(os->mem_ctx,
+					      dsdb_dn, 1);
+	if (str == NULL) {
+		return ldb_module_operr(os->ac->module);
+	}
+
+	/*
+	 * Replace the DN with the extended version of the DN
+	 * (ie, add SID and GUID)
+	 */
+	*os->replace_dn = data_blob_string_const(str);
+	os->got_entry = true;
+	return LDB_SUCCESS;
+}
+
+static int extended_dn_handle_fpo_attr(struct extended_dn_replace_list *os)
+{
+	struct dom_sid target_sid = { 0, };
+	struct dom_sid target_domain = { 0, };
+	struct ldb_message *fmsg = NULL;
+	char *fsid = NULL;
+	const struct dom_sid *domain_sid = NULL;
+	struct ldb_dn *domain_dn = NULL;
+	const struct lsa_TrustDomainInfoInfoEx *tdo = NULL;
+	uint32_t trust_attributes = 0;
+	const char *no_attrs[] = { NULL, };
+	struct ldb_result *res = NULL;
+	NTSTATUS status;
+	bool match;
+	bool ok;
+	int ret;
+
+	/*
+	 * DN doesn't exist yet
+	 *
+	 * Check if a foreign SID is specified,
+	 * which would trigger the creation
+	 * of a foreignSecurityPrincipal.
+	 */
+	status = dsdb_get_extended_dn_sid(os->dsdb_dn->dn,
+					  &target_sid,
+					  "SID");
+	if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+		/*
+		 * No SID specified
+		 */
+		return dsdb_module_werror(os->ac->module,
+					  LDB_ERR_NO_SUCH_OBJECT,
+					  WERR_NO_SUCH_USER,
+					  "specified dn doesn't exist");
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		return ldb_module_operr(os->ac->module);
+	}
+	if (ldb_dn_get_extended_comp_num(os->dsdb_dn->dn) != 1) {
+		return dsdb_module_werror(os->ac->module,
+					  LDB_ERR_NO_SUCH_OBJECT,
+					  WERR_NO_SUCH_USER,
+					  "specified extended component other than SID");
+	}
+	if (ldb_dn_get_comp_num(os->dsdb_dn->dn) != 0) {
+		return dsdb_module_werror(os->ac->module,
+					  LDB_ERR_NO_SUCH_OBJECT,
+					  WERR_NO_SUCH_USER,
+					  "specified more the SID");
+	}
+
+	target_domain = target_sid;
+	sid_split_rid(&target_domain, NULL);
+
+	match = dom_sid_equal(&global_sid_Builtin, &target_domain);
+	if (match) {
+		/*
+		 * Non existing BUILTIN sid
+		 */
+		return dsdb_module_werror(os->ac->module,
+				LDB_ERR_NO_SUCH_OBJECT,
+				WERR_NO_SUCH_MEMBER,
+				"specified sid doesn't exist in BUILTIN");
+	}
+
+	domain_sid = samdb_domain_sid(os->ac->ldb);
+	if (domain_sid == NULL) {
+		return ldb_module_operr(os->ac->module);
+	}
+	match = dom_sid_equal(domain_sid, &target_domain);
+	if (match) {
+		/*
+		 * Non existing SID in our domain.
+		 */
+		return dsdb_module_werror(os->ac->module,
+				LDB_ERR_UNWILLING_TO_PERFORM,
+				WERR_DS_INVALID_GROUP_TYPE,
+				"specified sid doesn't exist in domain");
+	}
+
+	if (os->ac->routing_table == NULL) {
+		status = dsdb_trust_routing_table_load(os->ac->ldb, os->ac,
+						       &os->ac->routing_table);
+		if (!NT_STATUS_IS_OK(status)) {
+			return ldb_module_operr(os->ac->module);
+		}
+	}
+
+	tdo = dsdb_trust_domain_by_sid(os->ac->routing_table,
+				       &target_domain, NULL);
+	if (tdo != NULL) {
+		trust_attributes = tdo->trust_attributes;
+	}
+
+	if (trust_attributes & LSA_TRUST_ATTRIBUTE_WITHIN_FOREST) {
+		return dsdb_module_werror(os->ac->module,
+				LDB_ERR_UNWILLING_TO_PERFORM,
+				WERR_DS_INVALID_GROUP_TYPE,
+				"specified sid doesn't exist in forest");
+	}
+
+	fmsg = ldb_msg_new(os);
+	if (fmsg == NULL) {
+		return ldb_module_oom(os->ac->module);
+	}
+
+	fsid = dom_sid_string(fmsg, &target_sid);
+	if (fsid == NULL) {
+		return ldb_module_oom(os->ac->module);
+	}
+
+	domain_dn = ldb_get_default_basedn(os->ac->ldb);
+	if (domain_dn == NULL) {
+		return ldb_module_operr(os->ac->module);
+	}
+
+	fmsg->dn = ldb_dn_copy(fmsg, domain_dn);
+	if (fmsg->dn == NULL) {
+		return ldb_module_oom(os->ac->module);
+	}
+
+	ok = ldb_dn_add_child_fmt(fmsg->dn,
+				  "CN=%s,CN=ForeignSecurityPrincipals",
+				  fsid);
+	if (!ok) {
+		return ldb_module_oom(os->ac->module);
+	}
+
+	ret = ldb_msg_add_string(fmsg, "objectClass", "foreignSecurityPrincipal");
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = dsdb_module_add(os->ac->module, fmsg,
+			      DSDB_FLAG_AS_SYSTEM |
+			      DSDB_FLAG_NEXT_MODULE,
+			      os->ac->req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = dsdb_module_search_dn(os->ac->module, fmsg, &res,
+				    fmsg->dn, no_attrs,
+				    DSDB_FLAG_AS_SYSTEM |
+				    DSDB_FLAG_NEXT_MODULE |
+				    DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT,
+				    os->ac->req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/*
+	 * dsdb_module_search_dn() guarantees exactly one result message
+	 * on success.
+	 */
+	ret = extended_replace_dn(os, res->msgs[0]->dn);
+	TALLOC_FREE(fmsg);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return LDB_SUCCESS;
+}
+
+/* An extra layer of indirection because LDB does not allow the original request to be altered */
+
+static int extended_final_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	int ret = LDB_ERR_OPERATIONS_ERROR;
+	struct extended_dn_context *ac;
+	ac = talloc_get_type(req->context, struct extended_dn_context);
+
+	if (ares->error != LDB_SUCCESS) {
+		ret = ldb_module_done(ac->req, ares->controls,
+				      ares->response, ares->error);
+	} else {
+		switch (ares->type) {
+		case LDB_REPLY_ENTRY:
+			
+			ret = ldb_module_send_entry(ac->req, ares->message, ares->controls);
+			break;
+		case LDB_REPLY_REFERRAL:
+			
+			ret = ldb_module_send_referral(ac->req, ares->referral);
+			break;
+		case LDB_REPLY_DONE:
+			
+			ret = ldb_module_done(ac->req, ares->controls,
+					      ares->response, ares->error);
+			break;
+		}
+	}
+	return ret;
+}
+
+static int extended_replace_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	struct extended_dn_replace_list *os = talloc_get_type(req->context, 
+							   struct extended_dn_replace_list);
+
+	if (!ares) {
+		return ldb_module_done(os->ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ares->error == LDB_ERR_NO_SUCH_OBJECT) {
+		if (os->got_entry) {
+			/* This is in internal error... */
+			int ret = ldb_module_operr(os->ac->module);
+			return ldb_module_done(os->ac->req, NULL, NULL, ret);
+		}
+
+		if (os->require_object && os->fpo_enabled) {
+			int ret;
+
+			ret = extended_dn_handle_fpo_attr(os);
+			if (ret != LDB_SUCCESS) {
+				return ldb_module_done(os->ac->req, NULL, NULL,
+						       ret);
+			}
+			/* os->got_entry is true at this point... */
+		}
+
+		if (!os->got_entry && os->require_object) {
+			/*
+			 * It's an error if the target doesn't exist,
+			 * unless it's a delete.
+			 */
+			int ret = dsdb_module_werror(os->ac->module,
+						LDB_ERR_CONSTRAINT_VIOLATION,
+						WERR_DS_NAME_REFERENCE_INVALID,
+						"Referenced object not found");
+			return ldb_module_done(os->ac->req, NULL, NULL, ret);
+		}
+
+		/* Don't worry too much about dangling references */
+
+		ldb_reset_err_string(os->ac->ldb);
+		if (os->next) {
+			struct extended_dn_replace_list *next;
+
+			next = os->next;
+
+			talloc_free(os);
+
+			os = next;
+			return ldb_next_request(os->ac->module, next->search_req);
+		} else {
+			/* Otherwise, we are done - let's run the
+			 * request now we have swapped the DNs for the
+			 * full versions */
+			return ldb_next_request(os->ac->module, os->ac->new_req);
+		}
+	}
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(os->ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	/* Only entries are interesting, and we only want the olddn */
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+	{
+		/* This *must* be the right DN, as this is a base
+		 * search.  We can't check, as it could be an extended
+		 * DN, so a module below will resolve it */
+		int ret;
+
+		ret = extended_replace_dn(os, ares->message->dn);
+		if (ret != LDB_SUCCESS) {
+			return ldb_module_done(os->ac->req, NULL, NULL, ret);
+		}
+		/* os->got_entry is true at this point */
+		break;
+	}
+	case LDB_REPLY_REFERRAL:
+		/* ignore */
+		break;
+
+	case LDB_REPLY_DONE:
+
+		talloc_free(ares);
+
+		if (!os->got_entry && os->require_object && os->fpo_enabled) {
+			int ret;
+
+			ret = extended_dn_handle_fpo_attr(os);
+			if (ret != LDB_SUCCESS) {
+				return ldb_module_done(os->ac->req, NULL, NULL,
+						       ret);
+			}
+			/* os->got_entry is true at this point... */
+		}
+
+		if (!os->got_entry && os->require_object) {
+			/*
+			 * It's an error if the target doesn't exist,
+			 * unless it's a delete.
+			 */
+			int ret = dsdb_module_werror(os->ac->module,
+						 LDB_ERR_CONSTRAINT_VIOLATION,
+						 WERR_DS_NAME_REFERENCE_INVALID,
+						 "Referenced object not found");
+			return ldb_module_done(os->ac->req, NULL, NULL, ret);
+		}
+
+		/* Run the next search */
+
+		if (os->next) {
+			struct extended_dn_replace_list *next;
+
+			next = os->next;
+
+			talloc_free(os);
+
+			os = next;
+			return ldb_next_request(os->ac->module, next->search_req);
+		} else {
+			/* Otherwise, we are done - let's run the
+			 * request now we have swapped the DNs for the
+			 * full versions */
+			return ldb_next_request(os->ac->module, os->ac->new_req);
+		}
+	}
+
+	talloc_free(ares);
+	return LDB_SUCCESS;
+}
+
+/* We have a 'normal' DN in the inbound request.  We need to find out
+ * what the GUID and SID are on the DN it points to, so we can
+ * construct an extended DN for storage.
+ *
+ * This creates a list of DNs to look up, and the plain DN to replace
+ */
+
+static int extended_store_replace(struct extended_dn_context *ac,
+				  TALLOC_CTX *callback_mem_ctx,
+				  struct ldb_dn *self_dn,
+				  struct ldb_val *plain_dn,
+				  bool is_delete, 
+				  const struct dsdb_attribute *schema_attr)
+{
+	const char *oid = schema_attr->syntax->ldap_oid;
+	int ret;
+	struct extended_dn_replace_list *os;
+	static const char *attrs[] = {
+		"objectSid",
+		"objectGUID",
+		NULL
+	};
+	uint32_t ctrl_flags = 0;
+	bool is_untrusted = ldb_req_is_untrusted(ac->req);
+
+	os = talloc_zero(ac, struct extended_dn_replace_list);
+	if (!os) {
+		return ldb_oom(ac->ldb);
+	}
+
+	os->ac = ac;
+	
+	os->mem_ctx = callback_mem_ctx;
+
+	os->dsdb_dn = dsdb_dn_parse(os, ac->ldb, plain_dn, oid);
+	if (!os->dsdb_dn || !ldb_dn_validate(os->dsdb_dn->dn)) {
+		talloc_free(os);
+		ldb_asprintf_errstring(ac->ldb,
+				       "could not parse %.*s as a %s DN", (int)plain_dn->length, plain_dn->data,
+				       oid);
+		return LDB_ERR_INVALID_DN_SYNTAX;
+	}
+
+	if (self_dn != NULL) {
+		ret = ldb_dn_compare(self_dn, os->dsdb_dn->dn);
+		if (ret == 0) {
+			/*
+			 * If this is a reference to the object
+			 * itself during an 'add', we won't
+			 * be able to find the object.
+			 */
+			talloc_free(os);
+			return LDB_SUCCESS;
+		}
+	}
+
+	if (is_delete && !ldb_dn_has_extended(os->dsdb_dn->dn)) {
+		/* NO need to figure this DN out, this element is
+		 * going to be deleted anyway, and because it's not
+		 * extended, we have enough information to do the
+		 * delete */
+		talloc_free(os);
+		return LDB_SUCCESS;
+	}
+	
+		
+	os->replace_dn = plain_dn;
+
+	/* The search request here might happen to be for an
+	 * 'extended' style DN, such as <GUID=abced...>.  The next
+	 * module in the stack will convert this into a normal DN for
+	 * processing */
+	ret = ldb_build_search_req(&os->search_req,
+				   ac->ldb, os, os->dsdb_dn->dn, LDB_SCOPE_BASE, NULL, 
+				   attrs, NULL, os, extended_replace_callback,
+				   ac->req);
+	LDB_REQ_SET_LOCATION(os->search_req);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(os);
+		return ret;
+	}
+
+	/*
+	 * By default we require the presence of the target.
+	 */
+	os->require_object = true;
+
+	/*
+	 * Handle FPO-enabled attributes, see
+	 * [MS-ADTS] 3.1.1.5.2.3 Special Classes and Attributes:
+	 *
+	 *   FPO-enabled attributes: member, msDS-MembersForAzRole,
+	 *     msDS-NeverRevealGroup, msDS-NonMembers, msDS-RevealOnDemandGroup,
+	 *     msDS-ServiceAccount.
+	 *
+	 * Note there's no msDS-ServiceAccount in any schema (only
+	 * msDS-HostServiceAccount and that's not an FPO-enabled attribute
+	 * at least not in W2008R2)
+	 *
+	 * msDS-NonMembers always generates NOT_SUPPORTED against W2008R2.
+	 *
+	 * See also [MS-SAMR] 3.1.1.8.9 member.
+	 */
+	switch (schema_attr->attributeID_id) {
+	case DRSUAPI_ATTID_member:
+	case DRSUAPI_ATTID_msDS_MembersForAzRole:
+	case DRSUAPI_ATTID_msDS_NeverRevealGroup:
+	case DRSUAPI_ATTID_msDS_RevealOnDemandGroup:
+		os->fpo_enabled = true;
+		break;
+
+	case DRSUAPI_ATTID_msDS_HostServiceAccount:
+		/* This is NOT a FPO-enabled attribute */
+		break;
+
+	case DRSUAPI_ATTID_msDS_NonMembers:
+		return dsdb_module_werror(os->ac->module,
+					  LDB_ERR_UNWILLING_TO_PERFORM,
+					  WERR_NOT_SUPPORTED,
+					  "msDS-NonMembers is not supported");
+	}
+
+	if (schema_attr->linkID == 0) {
+		/*
+		 * None linked attributes allow references
+		 * to deleted objects.
+		 */
+		ctrl_flags |= DSDB_SEARCH_SHOW_RECYCLED;
+	}
+
+	if (is_delete) {
+		/*
+		 * On delete want to be able to
+		 * find a deleted object, but
+		 * it's not a problem if they doesn't
+		 * exist.
+		 */
+		ctrl_flags |= DSDB_SEARCH_SHOW_RECYCLED;
+		os->require_object = false;
+	}
+
+	if (!is_untrusted) {
+		struct ldb_control *ctrl = NULL;
+
+		/*
+		 * During provision or dbcheck we may not find
+		 * an object.
+		 */
+
+		ctrl = ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID);
+		if (ctrl != NULL) {
+			os->require_object = false;
+		}
+		ctrl = ldb_request_get_control(ac->req, DSDB_CONTROL_DBCHECK);
+		if (ctrl != NULL) {
+			os->require_object = false;
+		}
+	}
+
+	ret = dsdb_request_add_controls(os->search_req,
+					DSDB_FLAG_AS_SYSTEM |
+					ctrl_flags |
+					DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(os);
+		return ret;
+	}
+
+	if (ac->ops) {
+		ac->cur->next = os;
+	} else {
+		ac->ops = os;
+	}
+	ac->cur = os;
+
+	return LDB_SUCCESS;
+}
+
+
+/* add */
+static int extended_dn_add(struct ldb_module *module, struct ldb_request *req)
+{
+	struct extended_dn_context *ac;
+	int ret;
+	unsigned int i, j;
+
+	if (ldb_dn_is_special(req->op.add.message->dn)) {
+		/* do not manipulate our control entries */
+		return ldb_next_request(module, req);
+	}
+
+	ac = extended_dn_context_init(module, req);
+	if (!ac) {
+		return ldb_operr(ldb_module_get_ctx(module));
+	}
+
+	if (!ac->schema) {
+		/* without schema, this doesn't make any sense */
+		talloc_free(ac);
+		return ldb_next_request(module, req);
+	}
+
+	for (i=0; i < req->op.add.message->num_elements; i++) {
+		const struct ldb_message_element *el = &req->op.add.message->elements[i];
+		const struct dsdb_attribute *schema_attr
+			= dsdb_attribute_by_lDAPDisplayName(ac->schema, el->name);
+		if (!schema_attr) {
+			continue;
+		}
+
+		/* We only setup an extended DN GUID on DN elements */
+		if (schema_attr->dn_format == DSDB_INVALID_DN) {
+			continue;
+		}
+
+		if (schema_attr->attributeID_id == DRSUAPI_ATTID_distinguishedName) {
+			/* distinguishedName values are ignored */
+			continue;
+		}
+
+		/* Before we setup a procedure to modify the incoming message, we must copy it */
+		if (!ac->new_req) {
+			struct ldb_message *msg = ldb_msg_copy(ac, req->op.add.message);
+			if (!msg) {
+				return ldb_oom(ldb_module_get_ctx(module));
+			}
+		   
+			ret = ldb_build_add_req(&ac->new_req, ac->ldb, ac, msg, req->controls, ac, extended_final_callback, req);
+			LDB_REQ_SET_LOCATION(ac->new_req);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+		}
+		/* Re-calculate el */
+		el = &ac->new_req->op.add.message->elements[i];
+		for (j = 0; j < el->num_values; j++) {
+			ret = extended_store_replace(ac, ac->new_req,
+						     req->op.add.message->dn,
+						     &el->values[j],
+						     false, schema_attr);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+		}
+	}
+
+	/* if no DNs were set continue */
+	if (ac->ops == NULL) {
+		talloc_free(ac);
+		return ldb_next_request(module, req);
+	}
+
+	/* start with the searches */
+	return ldb_next_request(module, ac->ops->search_req);
+}
+
+/* modify */
+static int extended_dn_modify(struct ldb_module *module, struct ldb_request *req)
+{
+	/* Look over list of modifications */
+	/* Find if any are for linked attributes */
+	/* Determine the effect of the modification */
+	/* Apply the modify to the linked entry */
+
+	unsigned int i, j;
+	struct extended_dn_context *ac;
+	struct ldb_control *fix_links_control = NULL;
+	struct ldb_control *fix_link_sid_ctrl = NULL;
+	int ret;
+
+	if (ldb_dn_is_special(req->op.mod.message->dn)) {
+		/* do not manipulate our control entries */
+		return ldb_next_request(module, req);
+	}
+
+	ac = extended_dn_context_init(module, req);
+	if (!ac) {
+		return ldb_operr(ldb_module_get_ctx(module));
+	}
+
+	if (!ac->schema) {
+		talloc_free(ac);
+		/* without schema, this doesn't make any sense */
+		return ldb_next_request(module, req);
+	}
+
+	fix_links_control = ldb_request_get_control(req,
+					DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS);
+	if (fix_links_control != NULL) {
+		return ldb_next_request(module, req);
+	}
+
+	fix_link_sid_ctrl = ldb_request_get_control(ac->req,
+					DSDB_CONTROL_DBCHECK_FIX_LINK_DN_SID);
+	if (fix_link_sid_ctrl != NULL) {
+		return ldb_next_request(module, req);
+	}
+
+	for (i=0; i < req->op.mod.message->num_elements; i++) {
+		const struct ldb_message_element *el = &req->op.mod.message->elements[i];
+		const struct dsdb_attribute *schema_attr
+			= dsdb_attribute_by_lDAPDisplayName(ac->schema, el->name);
+		if (!schema_attr) {
+			continue;
+		}
+
+		/* We only setup an extended DN GUID on these particular DN objects */
+		if (schema_attr->dn_format == DSDB_INVALID_DN) {
+			continue;
+		}
+
+		if (schema_attr->attributeID_id == DRSUAPI_ATTID_distinguishedName) {
+			/* distinguishedName values are ignored */
+			continue;
+		}
+
+		/* Before we setup a procedure to modify the incoming message, we must copy it */
+		if (!ac->new_req) {
+			struct ldb_message *msg = ldb_msg_copy(ac, req->op.mod.message);
+			if (!msg) {
+				talloc_free(ac);
+				return ldb_oom(ac->ldb);
+			}
+		   
+			ret = ldb_build_mod_req(&ac->new_req, ac->ldb, ac, msg, req->controls, ac, extended_final_callback, req);
+			LDB_REQ_SET_LOCATION(ac->new_req);
+			if (ret != LDB_SUCCESS) {
+				talloc_free(ac);
+				return ret;
+			}
+		}
+		/* Re-calculate el */
+		el = &ac->new_req->op.mod.message->elements[i];
+		/* For each value being added, we need to setup the lookups to fill in the extended DN */
+		for (j = 0; j < el->num_values; j++) {
+			/* If we are just going to delete this
+			 * element, only do a lookup if
+			 * extended_store_replace determines it's an
+			 * input of an extended DN */
+			bool is_delete = (LDB_FLAG_MOD_TYPE(el->flags) == LDB_FLAG_MOD_DELETE);
+
+			ret = extended_store_replace(ac, ac->new_req,
+						     NULL, /* self_dn to be ignored */
+						     &el->values[j],
+						     is_delete, schema_attr);
+			if (ret != LDB_SUCCESS) {
+				talloc_free(ac);
+				return ret;
+			}
+		}
+	}
+
+	/* if DNs were set continue */
+	if (ac->ops == NULL) {
+		talloc_free(ac);
+		return ldb_next_request(module, req);
+	}
+
+	/* start with the searches */
+	return ldb_next_request(module, ac->ops->search_req);
+}
+
+static const struct ldb_module_ops ldb_extended_dn_store_module_ops = {
+	.name		   = "extended_dn_store",
+	.add               = extended_dn_add,
+	.modify            = extended_dn_modify,
+};
+
+int ldb_extended_dn_store_module_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_extended_dn_store_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/group_audit.c b/source4/dsdb/samdb/ldb_modules/group_audit.c
new file mode 100644
index 0000000..1b05e89
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/group_audit.c
@@ -0,0 +1,1555 @@
+/*
+   ldb database library
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2018
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ * Provide an audit log of changes made to group memberships
+ *
+ */
+
+#include "includes.h"
+#include "ldb_module.h"
+#include "lib/audit_logging/audit_logging.h"
+#include "librpc/gen_ndr/windows_event_ids.h"
+
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+#include "dsdb/samdb/ldb_modules/audit_util_proto.h"
+#include "libcli/security/dom_sid.h"
+#include "auth/common_auth.h"
+#include "param/param.h"
+
+#define AUDIT_JSON_TYPE "groupChange"
+#define AUDIT_HR_TAG "Group Change"
+#define AUDIT_MAJOR 1
+#define AUDIT_MINOR 1
+#define GROUP_LOG_LVL 5
+
+static const char *const group_attrs[] = {"member", "groupType", NULL};
+static const char *const group_type_attr[] = {"groupType", NULL};
+static const char * const primary_group_attr[] = {
+	"primaryGroupID",
+	"objectSID",
+	NULL};
+
+struct audit_context {
+	bool send_events;
+	struct imessaging_context *msg_ctx;
+};
+
+struct audit_callback_context {
+	struct ldb_request *request;
+	struct ldb_module *module;
+	struct ldb_message_element *members;
+	uint32_t primary_group;
+	void (*log_changes)(
+		struct audit_callback_context *acc,
+		const int status);
+};
+
+/*
+ * @brief get the transaction id.
+ *
+ * Get the id of the transaction that the current request is contained in.
+ *
+ * @param req the request.
+ *
+ * @return the transaction id GUID, or NULL if it is not there.
+ */
+static struct GUID *get_transaction_id(
+	const struct ldb_request *request)
+{
+	struct ldb_control *control;
+	struct dsdb_control_transaction_identifier *transaction_id;
+
+	control = ldb_request_get_control(
+		discard_const(request),
+		DSDB_CONTROL_TRANSACTION_IDENTIFIER_OID);
+	if (control == NULL) {
+		return NULL;
+	}
+	transaction_id = talloc_get_type(
+		control->data,
+		struct dsdb_control_transaction_identifier);
+	if (transaction_id == NULL) {
+		return NULL;
+	}
+	return &transaction_id->transaction_guid;
+}
+
+/*
+ * @brief generate a JSON log entry for a group change.
+ *
+ * Generate a JSON object containing details of a users group change.
+ *
+ * @param module the ldb module
+ * @param request the ldb_request
+ * @param action the change action being performed
+ * @param user the user name
+ * @param group the group name
+ * @param status the ldb status code for the ldb operation.
+ *
+ * @return A json object containing the details.
+ * 	   NULL if an error was detected
+ */
+static struct json_object audit_group_json(const struct ldb_module *module,
+					   const struct ldb_request *request,
+					   const char *action,
+					   const char *user,
+					   const char *group,
+					   const enum event_id_type event_id,
+					   const int status)
+{
+	struct ldb_context *ldb = NULL;
+	const struct dom_sid *sid = NULL;
+	struct json_object wrapper = json_empty_object;
+	struct json_object audit = json_empty_object;
+	const struct tsocket_address *remote = NULL;
+	const struct GUID *unique_session_token = NULL;
+	struct GUID *transaction_id = NULL;
+	int rc = 0;
+
+	ldb = ldb_module_get_ctx(discard_const(module));
+
+	remote = dsdb_audit_get_remote_address(ldb);
+	sid = dsdb_audit_get_user_sid(module);
+	unique_session_token = dsdb_audit_get_unique_session_token(module);
+	transaction_id = get_transaction_id(request);
+
+	audit = json_new_object();
+	if (json_is_invalid(&audit)) {
+		goto failure;
+	}
+	rc = json_add_version(&audit, AUDIT_MAJOR, AUDIT_MINOR);
+	if (rc != 0) {
+		goto failure;
+	}
+	if (event_id != EVT_ID_NONE) {
+		rc = json_add_int(&audit, "eventId", event_id);
+		if (rc != 0) {
+			goto failure;
+		}
+	}
+	rc = json_add_int(&audit, "statusCode", status);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_string(&audit, "status", ldb_strerror(status));
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_string(&audit, "action", action);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_address(&audit, "remoteAddress", remote);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_sid(&audit, "userSid", sid);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_string(&audit, "group", group);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_guid(&audit, "transactionId", transaction_id);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_guid(&audit, "sessionId", unique_session_token);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_string(&audit, "user", user);
+	if (rc != 0) {
+		goto failure;
+	}
+
+	wrapper = json_new_object();
+	if (json_is_invalid(&wrapper)) {
+		goto failure;
+	}
+	rc = json_add_timestamp(&wrapper);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_string(&wrapper, "type", AUDIT_JSON_TYPE);
+	if (rc != 0) {
+		goto failure;
+	}
+	rc = json_add_object(&wrapper, AUDIT_JSON_TYPE, &audit);
+	if (rc != 0) {
+		goto failure;
+	}
+
+	return wrapper;
+failure:
+	/*
+	 * On a failure audit will not have been added to wrapper so it
+	 * needs to free it to avoid a leak.
+	 *
+	 * wrapper is freed to invalidate it as it will have only been
+	 * partially constructed and may be inconsistent.
+	 *
+	 * All the json manipulation routines handle a freed object correctly
+	 */
+	json_free(&audit);
+	json_free(&wrapper);
+	DBG_ERR("Failed to create group change JSON log message\n");
+	return wrapper;
+}
+
+/*
+ * @brief generate a human readable log entry for a group change.
+ *
+ * Generate a human readable log entry containing details of a users group
+ * change.
+ *
+ * @param ctx the talloc context owning the returned log entry
+ * @param module the ldb module
+ * @param request the ldb_request
+ * @param action the change action being performed
+ * @param user the user name
+ * @param group the group name
+ * @param status the ldb status code for the ldb operation.
+ *
+ * @return A human readable log line.
+ */
+static char *audit_group_human_readable(
+	TALLOC_CTX *mem_ctx,
+	const struct ldb_module *module,
+	const struct ldb_request *request,
+	const char *action,
+	const char *user,
+	const char *group,
+	const int status)
+{
+	struct ldb_context *ldb = NULL;
+	const char *remote_host = NULL;
+	const struct dom_sid *sid = NULL;
+	const char *user_sid = NULL;
+	const char *timestamp = NULL;
+	char *log_entry = NULL;
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	ldb = ldb_module_get_ctx(discard_const(module));
+
+	remote_host = dsdb_audit_get_remote_host(ldb, ctx);
+	sid = dsdb_audit_get_user_sid(module);
+	user_sid = dom_sid_string(ctx, sid);
+	timestamp = audit_get_timestamp(ctx);
+
+	log_entry = talloc_asprintf(
+		mem_ctx,
+		"[%s] at [%s] status [%s] "
+		"Remote host [%s] SID [%s] Group [%s] User [%s]",
+		action,
+		timestamp,
+		ldb_strerror(status),
+		remote_host,
+		user_sid,
+		group,
+		user);
+	TALLOC_FREE(ctx);
+	return log_entry;
+}
+
+/*
+ * @brief generate an array of parsed_dns, deferring the actual parsing.
+ *
+ * Get an array of 'struct parsed_dns' without the parsing.
+ * The parsed_dns are parsed only when needed to avoid the expense of parsing.
+ *
+ * This procedure assumes that the dn's are sorted in GUID order and contains
+ * no duplicates.  This should be valid as the module sits below repl_meta_data
+ * which ensures this.
+ *
+ * @param mem_ctx The memory context that will own the generated array
+ * @param el The message element used to generate the array.
+ *
+ * @return an array of struct parsed_dns, or NULL in the event of an error
+ */
+static struct parsed_dn *get_parsed_dns(
+	TALLOC_CTX *mem_ctx,
+	struct ldb_message_element *el)
+{
+	int ret;
+	struct parsed_dn *pdn = NULL;
+
+	if (el == NULL || el->num_values == 0) {
+		return NULL;
+	}
+
+	ret = get_parsed_dns_trusted(mem_ctx, el, &pdn);
+	if (ret == LDB_ERR_OPERATIONS_ERROR) {
+		DBG_ERR("Out of memory\n");
+		return NULL;
+	}
+	return pdn;
+
+}
+
+enum dn_compare_result {
+	LESS_THAN,
+	BINARY_EQUAL,
+	EQUAL,
+	GREATER_THAN
+};
+/*
+ * @brief compare parsed_dn, using GUID ordering
+ *
+ * Compare two parsed_dn structures, using GUID ordering.
+ * To avoid the overhead of parsing the DN's this function does a binary
+ * compare first. The DN's are only parsed if they are not equal at a binary
+ * level.
+ *
+ * @param ctx talloc context that will own the parsed dsdb_dn
+ * @param ldb ldb_context
+ * @param dn1 The first dn
+ * @param dn2 The second dn
+ *
+ * @return BINARY_EQUAL values are equal at a binary level
+ *         EQUAL        DN's are equal but the meta data is different
+ *         LESS_THAN    dn1's GUID is less than dn2's GUID
+ *         GREATER_THAN dn1's GUID is greater than  dn2's GUID
+ *
+ */
+static enum dn_compare_result dn_compare(
+	TALLOC_CTX *mem_ctx,
+	struct ldb_context *ldb,
+	struct parsed_dn *dn1,
+	struct parsed_dn *dn2) {
+
+	int res = 0;
+
+	/*
+	 * Do a binary compare first to avoid unnecessary parsing
+	 */
+	if (data_blob_cmp(dn1->v, dn2->v) == 0) {
+		/*
+		 * Values are equal at a binary level so no need
+		 * for further processing
+		 */
+		return BINARY_EQUAL;
+	}
+	/*
+	 * Values not equal at the binary level, so lets
+	 * do a GUID ordering compare. To do this we will need to ensure
+	 * that the dn's have been parsed.
+	 */
+	if (dn1->dsdb_dn == NULL) {
+		really_parse_trusted_dn(
+			mem_ctx,
+			ldb,
+			dn1,
+			LDB_SYNTAX_DN);
+	}
+	if (dn2->dsdb_dn == NULL) {
+		really_parse_trusted_dn(
+			mem_ctx,
+			ldb,
+			dn2,
+			LDB_SYNTAX_DN);
+	}
+
+	res = ndr_guid_compare(&dn1->guid, &dn2->guid);
+	if (res < 0) {
+		return LESS_THAN;
+	} else if (res == 0) {
+		return EQUAL;
+	} else {
+		return GREATER_THAN;
+	}
+}
+
+/*
+ * @brief Get the DN of a users primary group as a printable string.
+ *
+ * Get the DN of a users primary group as a printable string.
+ *
+ * @param mem_ctx Talloc context the the returned string will be allocated on.
+ * @param module The ldb module
+ * @param account_sid The SID for the uses account.
+ * @param primary_group_rid The RID for the users primary group.
+ *
+ * @return a formatted DN, or null if there is an error.
+ */
+static const char *get_primary_group_dn(
+	TALLOC_CTX *mem_ctx,
+	struct ldb_module *module,
+	struct dom_sid *account_sid,
+	uint32_t primary_group_rid)
+{
+	NTSTATUS status;
+
+	struct ldb_context *ldb = NULL;
+	struct dom_sid *domain_sid = NULL;
+	struct dom_sid *primary_group_sid = NULL;
+	char *sid = NULL;
+	struct ldb_dn *dn = NULL;
+	struct ldb_message *msg = NULL;
+	int rc;
+
+	ldb = ldb_module_get_ctx(module);
+
+	status = dom_sid_split_rid(mem_ctx, account_sid, &domain_sid, NULL);
+	if (!NT_STATUS_IS_OK(status)) {
+		return NULL;
+	}
+
+	primary_group_sid = dom_sid_add_rid(
+		mem_ctx,
+		domain_sid,
+		primary_group_rid);
+	if (!primary_group_sid) {
+		return NULL;
+	}
+
+	sid = dom_sid_string(mem_ctx, primary_group_sid);
+	if (sid == NULL) {
+		return NULL;
+	}
+
+	dn = ldb_dn_new_fmt(mem_ctx, ldb, "<SID=%s>", sid);
+	if(dn == NULL) {
+		return sid;
+	}
+	rc = dsdb_search_one(
+		ldb,
+		mem_ctx,
+		&msg,
+		dn,
+		LDB_SCOPE_BASE,
+		NULL,
+		0,
+		NULL);
+	if (rc != LDB_SUCCESS) {
+		return NULL;
+	}
+
+	return ldb_dn_get_linearized(msg->dn);
+}
+
+/*
+ * @brief Log details of a change to a users primary group.
+ *
+ * Log details of a change to a users primary group.
+ * There is no windows event id associated with a Primary Group change.
+ * However for a new user we generate an added to group event.
+ *
+ * @param module The ldb module.
+ * @param request The request being logged.
+ * @param action Description of the action being performed.
+ * @param group The linearized for of the group DN
+ * @param status the LDB status code for the processing of the request.
+ *
+ */
+static void log_primary_group_change(
+	struct ldb_module *module,
+	const struct ldb_request *request,
+	const char *action,
+	const char *group,
+	const int  status)
+{
+	const char *user = NULL;
+
+	struct audit_context *ac =
+		talloc_get_type(
+			ldb_module_get_private(module),
+			struct audit_context);
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	user = dsdb_audit_get_primary_dn(request);
+	if (CHECK_DEBUGLVLC(DBGC_DSDB_GROUP_AUDIT, GROUP_LOG_LVL)) {
+		char *message = NULL;
+		message = audit_group_human_readable(
+			ctx,
+			module,
+			request,
+			action,
+			user,
+			group,
+			status);
+		audit_log_human_text(
+			AUDIT_HR_TAG,
+			message,
+			DBGC_DSDB_GROUP_AUDIT,
+			GROUP_LOG_LVL);
+		TALLOC_FREE(message);
+	}
+
+	if (CHECK_DEBUGLVLC(DBGC_DSDB_GROUP_AUDIT_JSON, GROUP_LOG_LVL) ||
+		(ac->msg_ctx && ac->send_events)) {
+
+		struct json_object json;
+		json = audit_group_json(
+		    module, request, action, user, group, EVT_ID_NONE, status);
+		audit_log_json(
+			&json,
+			DBGC_DSDB_GROUP_AUDIT_JSON,
+			GROUP_LOG_LVL);
+		if (ac->send_events) {
+			audit_message_send(
+				ac->msg_ctx,
+				DSDB_GROUP_EVENT_NAME,
+				MSG_GROUP_LOG,
+				&json);
+		}
+		json_free(&json);
+		if (request->operation == LDB_ADD) {
+			/*
+			 * Have just added a user, generate a groupChange
+			 * message indicating the user has been added to their
+			 * new PrimaryGroup.
+			 */
+		}
+	}
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * @brief Log details of a single change to a users group membership.
+ *
+ * Log details of a change to a users group membership, except for changes
+ * to their primary group which is handled by log_primary_group_change.
+ *
+ * @param module The ldb module.
+ * @param request The request being logged.
+ * @param action Description of the action being performed.
+ * @param user The linearized form of the users DN
+ * @param status the LDB status code for the processing of the request.
+ *
+ */
+static void log_membership_change(struct ldb_module *module,
+				  const struct ldb_request *request,
+				  const char *action,
+				  const char *user,
+				  const enum event_id_type event_id,
+				  const int status)
+{
+	const char *group = NULL;
+	struct audit_context *ac =
+		talloc_get_type(
+			ldb_module_get_private(module),
+			struct audit_context);
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+	group = dsdb_audit_get_primary_dn(request);
+	if (CHECK_DEBUGLVLC(DBGC_DSDB_GROUP_AUDIT, GROUP_LOG_LVL)) {
+		char *message = NULL;
+		message = audit_group_human_readable(
+			ctx,
+			module,
+			request,
+			action,
+			user,
+			group,
+			status);
+		audit_log_human_text(
+			AUDIT_HR_TAG,
+			message,
+			DBGC_DSDB_GROUP_AUDIT,
+			GROUP_LOG_LVL);
+		TALLOC_FREE(message);
+	}
+
+	if (CHECK_DEBUGLVLC(DBGC_DSDB_GROUP_AUDIT_JSON, GROUP_LOG_LVL) ||
+		(ac->msg_ctx && ac->send_events)) {
+		struct json_object json;
+		json = audit_group_json(
+		    module, request, action, user, group, event_id, status);
+		audit_log_json(
+			&json,
+			DBGC_DSDB_GROUP_AUDIT_JSON,
+			GROUP_LOG_LVL);
+		if (ac->send_events) {
+			audit_message_send(
+				ac->msg_ctx,
+				DSDB_GROUP_EVENT_NAME,
+				MSG_GROUP_LOG,
+				&json);
+		}
+		json_free(&json);
+	}
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * @brief Get the windows event type id for removing a user from a group type.
+ *
+ * @param group_type the type of the current group, see libds/common/flags.h
+ *
+ * @return the Windows Event Id
+ *
+ */
+static enum event_id_type get_remove_member_event(uint32_t group_type)
+{
+
+	switch (group_type) {
+	case GTYPE_SECURITY_BUILTIN_LOCAL_GROUP:
+		return EVT_ID_USER_REMOVED_FROM_LOCAL_SEC_GROUP;
+	case GTYPE_SECURITY_GLOBAL_GROUP:
+		return EVT_ID_USER_REMOVED_FROM_GLOBAL_SEC_GROUP;
+	case GTYPE_SECURITY_DOMAIN_LOCAL_GROUP:
+		return EVT_ID_USER_REMOVED_FROM_LOCAL_SEC_GROUP;
+	case GTYPE_SECURITY_UNIVERSAL_GROUP:
+		return EVT_ID_USER_REMOVED_FROM_UNIVERSAL_SEC_GROUP;
+	case GTYPE_DISTRIBUTION_GLOBAL_GROUP:
+		return EVT_ID_USER_REMOVED_FROM_GLOBAL_GROUP;
+	case GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP:
+		return EVT_ID_USER_REMOVED_FROM_LOCAL_GROUP;
+	case GTYPE_DISTRIBUTION_UNIVERSAL_GROUP:
+		return EVT_ID_USER_REMOVED_FROM_UNIVERSAL_GROUP;
+	default:
+		return EVT_ID_NONE;
+	}
+}
+
+/*
+ * @brief Get the windows event type id for adding a user to a group type.
+ *
+ * @param group_type the type of the current group, see libds/common/flags.h
+ *
+ * @return the Windows Event Id
+ *
+ */
+static enum event_id_type get_add_member_event(uint32_t group_type)
+{
+
+	switch (group_type) {
+	case GTYPE_SECURITY_BUILTIN_LOCAL_GROUP:
+		return EVT_ID_USER_ADDED_TO_LOCAL_SEC_GROUP;
+	case GTYPE_SECURITY_GLOBAL_GROUP:
+		return EVT_ID_USER_ADDED_TO_GLOBAL_SEC_GROUP;
+	case GTYPE_SECURITY_DOMAIN_LOCAL_GROUP:
+		return EVT_ID_USER_ADDED_TO_LOCAL_SEC_GROUP;
+	case GTYPE_SECURITY_UNIVERSAL_GROUP:
+		return EVT_ID_USER_ADDED_TO_UNIVERSAL_SEC_GROUP;
+	case GTYPE_DISTRIBUTION_GLOBAL_GROUP:
+		return EVT_ID_USER_ADDED_TO_GLOBAL_GROUP;
+	case GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP:
+		return EVT_ID_USER_ADDED_TO_LOCAL_GROUP;
+	case GTYPE_DISTRIBUTION_UNIVERSAL_GROUP:
+		return EVT_ID_USER_ADDED_TO_UNIVERSAL_GROUP;
+	default:
+		return EVT_ID_NONE;
+	}
+}
+
+/*
+ * @brief Log all the changes to a users group membership.
+ *
+ * Log details of a change to a users group memberships, except for changes
+ * to their primary group which is handled by log_primary_group_change.
+ *
+ * @param module The ldb module.
+ * @param request The request being logged.
+ * @param action Description of the action being performed.
+ * @param user The linearized form of the users DN
+ * @param status the LDB status code for the processing of the request.
+ *
+ */
+static void log_membership_changes(struct ldb_module *module,
+				   const struct ldb_request *request,
+				   struct ldb_message_element *el,
+				   struct ldb_message_element *old_el,
+				   uint32_t group_type,
+				   int status)
+{
+	unsigned int i, old_i, new_i;
+	unsigned int old_num_values;
+	unsigned int max_num_values;
+	unsigned int new_num_values;
+	struct parsed_dn *old_val = NULL;
+	struct parsed_dn *new_val = NULL;
+	struct parsed_dn *new_values = NULL;
+	struct parsed_dn *old_values = NULL;
+	struct ldb_context *ldb = NULL;
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	old_num_values = old_el ? old_el->num_values : 0;
+	new_num_values = el ? el->num_values : 0;
+	max_num_values = old_num_values + new_num_values;
+
+	if (max_num_values == 0) {
+		/*
+		 * There is nothing to do!
+		 */
+		TALLOC_FREE(ctx);
+		return;
+	}
+
+	old_values = get_parsed_dns(ctx, old_el);
+	new_values = get_parsed_dns(ctx, el);
+	ldb = ldb_module_get_ctx(module);
+
+	old_i = 0;
+	new_i = 0;
+	for (i = 0; i < max_num_values; i++) {
+		enum dn_compare_result cmp;
+		if (old_i < old_num_values && new_i < new_num_values) {
+			/*
+			 * Both list have values, so compare the values
+			 */
+			old_val = &old_values[old_i];
+			new_val = &new_values[new_i];
+			cmp = dn_compare(ctx, ldb, old_val, new_val);
+		} else if (old_i < old_num_values) {
+			/*
+			 * the new list is empty, read the old list
+			 */
+			old_val = &old_values[old_i];
+			new_val = NULL;
+			cmp = LESS_THAN;
+		} else if (new_i < new_num_values) {
+			/*
+			 * the old list is empty, read new list
+			 */
+			old_val = NULL;
+			new_val = &new_values[new_i];
+			cmp = GREATER_THAN;
+		} else {
+			break;
+		}
+
+		if (cmp == LESS_THAN) {
+			/*
+			 * Have an entry in the original record that is not in
+			 * the new record. So it's been deleted
+			 */
+			const char *user = NULL;
+			enum event_id_type event_id;
+			if (old_val->dsdb_dn == NULL) {
+				really_parse_trusted_dn(
+					ctx,
+					ldb,
+					old_val,
+					LDB_SYNTAX_DN);
+			}
+			user = ldb_dn_get_linearized(old_val->dsdb_dn->dn);
+			event_id = get_remove_member_event(group_type);
+			log_membership_change(
+			    module, request, "Removed", user, event_id, status);
+			old_i++;
+		} else if (cmp == BINARY_EQUAL) {
+			/*
+			 * DN's unchanged at binary level so nothing to do.
+			 */
+			old_i++;
+			new_i++;
+		} else if (cmp == EQUAL) {
+			/*
+			 * DN is unchanged now need to check the flags to
+			 * determine if a record has been deleted or undeleted
+			 */
+			uint32_t old_flags;
+			uint32_t new_flags;
+			if (old_val->dsdb_dn == NULL) {
+				really_parse_trusted_dn(
+					ctx,
+					ldb,
+					old_val,
+					LDB_SYNTAX_DN);
+			}
+			if (new_val->dsdb_dn == NULL) {
+				really_parse_trusted_dn(
+					ctx,
+					ldb,
+					new_val,
+					LDB_SYNTAX_DN);
+			}
+
+			dsdb_get_extended_dn_uint32(
+				old_val->dsdb_dn->dn,
+				&old_flags,
+				"RMD_FLAGS");
+			dsdb_get_extended_dn_uint32(
+				new_val->dsdb_dn->dn,
+				&new_flags,
+				"RMD_FLAGS");
+			if (new_flags == old_flags) {
+				/*
+				 * No changes to the Repl meta data so can
+				 * no need to log the change
+				 */
+				old_i++;
+				new_i++;
+				continue;
+			}
+			if (new_flags & DSDB_RMD_FLAG_DELETED) {
+				/*
+				 * DN has been deleted.
+				 */
+				const char *user = NULL;
+				enum event_id_type event_id;
+				user = ldb_dn_get_linearized(
+					old_val->dsdb_dn->dn);
+				event_id = get_remove_member_event(group_type);
+				log_membership_change(module,
+						      request,
+						      "Removed",
+						      user,
+						      event_id,
+						      status);
+			} else {
+				/*
+				 * DN has been re-added
+				 */
+				const char *user = NULL;
+				enum event_id_type event_id;
+				user = ldb_dn_get_linearized(
+					new_val->dsdb_dn->dn);
+				event_id = get_add_member_event(group_type);
+				log_membership_change(module,
+						      request,
+						      "Added",
+						      user,
+						      event_id,
+						      status);
+			}
+			old_i++;
+			new_i++;
+		} else {
+			/*
+			 * Member in the updated record that's not in the
+			 * original, so it must have been added.
+			 */
+			const char *user = NULL;
+			enum event_id_type event_id;
+			if ( new_val->dsdb_dn == NULL) {
+				really_parse_trusted_dn(
+					ctx,
+					ldb,
+					new_val,
+					LDB_SYNTAX_DN);
+			}
+			user = ldb_dn_get_linearized(new_val->dsdb_dn->dn);
+			event_id = get_add_member_event(group_type);
+			log_membership_change(
+			    module, request, "Added", user, event_id, status);
+			new_i++;
+		}
+	}
+
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * @brief log a group change message for a newly added user.
+ *
+ * When a user is added we need to generate a GroupChange Add message to
+ * log that the user has been added to their PrimaryGroup
+ */
+static void log_new_user_added_to_primary_group(
+    TALLOC_CTX *ctx,
+    struct audit_callback_context *acc,
+    const char *group,
+    const int status)
+{
+	uint32_t group_type;
+	enum event_id_type event_id = EVT_ID_NONE;
+	struct ldb_result *res = NULL;
+	struct ldb_dn *group_dn = NULL;
+	struct ldb_context *ldb = NULL;
+	int ret;
+
+	ldb = ldb_module_get_ctx(acc->module);
+	group_dn = ldb_dn_new(ctx, ldb, group);
+	ret = dsdb_module_search_dn(acc->module,
+				    ctx,
+				    &res,
+				    group_dn,
+				    group_type_attr,
+				    DSDB_FLAG_NEXT_MODULE |
+					DSDB_SEARCH_REVEAL_INTERNALS |
+					DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT,
+				    NULL);
+	if (ret == LDB_SUCCESS) {
+		const char *user = NULL;
+		group_type =
+		    ldb_msg_find_attr_as_uint(res->msgs[0], "groupType", 0);
+		event_id = get_add_member_event(group_type);
+		user = dsdb_audit_get_primary_dn(acc->request);
+		log_membership_change(
+		    acc->module, acc->request, "Added", user, event_id, status);
+	}
+}
+
+/*
+ * @brief Log the details of a primary group change.
+ *
+ * Retrieve the users primary groupo after the operation has completed
+ * and call log_primary_group_change to log the actual changes.
+ *
+ * @param acc details of the primary group before the operation.
+ * @param status The status code returned by the operation.
+ *
+ * @return an LDB status code.
+ */
+static void log_user_primary_group_change(
+	struct audit_callback_context *acc,
+	const int status)
+{
+	TALLOC_CTX *ctx = talloc_new(NULL);
+	uint32_t new_rid = UINT32_MAX;
+	struct dom_sid *account_sid = NULL;
+	int ret;
+	const struct ldb_message *msg = dsdb_audit_get_message(acc->request);
+
+	if (status == LDB_SUCCESS && msg != NULL) {
+		struct ldb_result *res = NULL;
+		ret = dsdb_module_search_dn(
+			acc->module,
+			ctx,
+			&res,
+			msg->dn,
+			primary_group_attr,
+			DSDB_FLAG_NEXT_MODULE |
+			DSDB_SEARCH_REVEAL_INTERNALS |
+			DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT,
+			NULL);
+		if (ret == LDB_SUCCESS) {
+			new_rid = ldb_msg_find_attr_as_uint(
+				msg,
+				"primaryGroupID",
+				~0);
+			account_sid = samdb_result_dom_sid(
+				ctx,
+				res->msgs[0],
+				"objectSid");
+		}
+	}
+	/*
+	 * If we don't have a new value then the user has been deleted
+	 * which we currently do not log.
+	 * Otherwise only log if the primary group has actually changed.
+	 */
+	if (account_sid != NULL &&
+	    new_rid != UINT32_MAX &&
+	    acc->primary_group != new_rid) {
+		const char* group = get_primary_group_dn(
+			ctx,
+			acc->module,
+			account_sid,
+			new_rid);
+		log_primary_group_change(
+			acc->module,
+			acc->request,
+			"PrimaryGroup",
+			group,
+			status);
+		/*
+		 * Are we adding a new user with the primaryGroupID
+		 * set. If so and we're generating JSON audit logs, will need to
+		 * generate an "Add" message with the appropriate windows
+		 * event id.
+		 */
+		if (acc->request->operation == LDB_ADD) {
+			log_new_user_added_to_primary_group(
+			    ctx, acc, group, status);
+		}
+	}
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * @brief log the changes to users group membership.
+ *
+ * Retrieve the users group memberships after the operation has completed
+ * and call log_membership_changes to log the actual changes.
+ *
+ * @param acc details of the group memberships before the operation.
+ * @param status The status code returned by the operation.
+ *
+ */
+static void log_group_membership_changes(
+	struct audit_callback_context *acc,
+	const int status)
+{
+	TALLOC_CTX *ctx = talloc_new(NULL);
+	struct ldb_message_element *new_val = NULL;
+	int ret;
+	uint32_t group_type = 0;
+	const struct ldb_message *msg = dsdb_audit_get_message(acc->request);
+	if (status == LDB_SUCCESS && msg != NULL) {
+		struct ldb_result *res = NULL;
+		ret = dsdb_module_search_dn(
+			acc->module,
+			ctx,
+			&res,
+			msg->dn,
+			group_attrs,
+			DSDB_FLAG_NEXT_MODULE |
+			DSDB_SEARCH_REVEAL_INTERNALS |
+			DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT,
+			NULL);
+		if (ret == LDB_SUCCESS) {
+			new_val = ldb_msg_find_element(res->msgs[0], "member");
+			group_type = ldb_msg_find_attr_as_uint(
+			    res->msgs[0], "groupType", 0);
+			log_membership_changes(acc->module,
+					       acc->request,
+					       new_val,
+					       acc->members,
+					       group_type,
+					       status);
+			TALLOC_FREE(ctx);
+			return;
+		}
+	}
+	/*
+	 * If we get here either
+	 *   one of the lower level modules failed and the group record did
+	 *   not get updated
+	 * or
+	 *   the updated group record could not be read.
+	 *
+	 * In both cases it does not make sense to log individual membership
+	 * changes so we log a group membership change "Failure" message.
+	 *
+	 */
+	log_membership_change(acc->module,
+	                      acc->request,
+			      "Failure",
+			      "",
+			      EVT_ID_NONE,
+			      status);
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * @brief call back function to log changes to the group memberships.
+ *
+ * Call back function to log changes to the uses broup memberships.
+ *
+ * @param req the ldb request.
+ * @param ares the ldb result
+ *
+ * @return am LDB status code.
+ */
+static int group_audit_callback(
+	struct ldb_request *req,
+	struct ldb_reply *ares)
+{
+	struct audit_callback_context *ac = NULL;
+
+	ac = talloc_get_type(
+		req->context,
+		struct audit_callback_context);
+
+	if (!ares) {
+		return ldb_module_done(
+				ac->request, NULL, NULL,
+				LDB_ERR_OPERATIONS_ERROR);
+	}
+
+	/* pass on to the callback */
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+		return ldb_module_send_entry(
+			ac->request,
+			ares->message,
+			ares->controls);
+
+	case LDB_REPLY_REFERRAL:
+		return ldb_module_send_referral(
+			ac->request,
+			ares->referral);
+
+	case LDB_REPLY_DONE:
+		/*
+		 * Log on DONE now we have a result code
+		 */
+		ac->log_changes(ac, ares->error);
+		return ldb_module_done(
+			ac->request,
+			ares->controls,
+			ares->response,
+			ares->error);
+		break;
+
+	default:
+		/* Can't happen */
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+}
+
+/*
+ * @brief Does this request change the primary group.
+ *
+ * Does the request change the primary group, i.e. does it contain the
+ * primaryGroupID attribute.
+ *
+ * @param req the request to examine.
+ *
+ * @return True if the request modifies the primary group.
+ */
+static bool has_primary_group_id(struct ldb_request *req)
+{
+	struct ldb_message_element *el = NULL;
+	const struct ldb_message *msg = NULL;
+
+	msg = dsdb_audit_get_message(req);
+	el = ldb_msg_find_element(msg, "primaryGroupID");
+
+	return (el != NULL);
+}
+
+/*
+ * @brief Does this request change group membership.
+ *
+ * Does the request change the ses group memberships, i.e. does it contain the
+ * member attribute.
+ *
+ * @param req the request to examine.
+ *
+ * @return True if the request modifies the users group memberships.
+ */
+static bool has_group_membership_changes(struct ldb_request *req)
+{
+	struct ldb_message_element *el = NULL;
+	const struct ldb_message *msg = NULL;
+
+	msg = dsdb_audit_get_message(req);
+	el = ldb_msg_find_element(msg, "member");
+
+	return (el != NULL);
+}
+
+
+
+/*
+ * @brief Install the callback function to log an add request.
+ *
+ * Install the callback function to log an add request changing the users
+ * group memberships. As we want to log the returned status code, we need to
+ * register a callback function that will be called once the operation has
+ * completed.
+ *
+ * This function reads the current user record so that we can log the before
+ * and after state.
+ *
+ * @param module The ldb module.
+ * @param req The modify request.
+ *
+ * @return and LDB status code.
+ */
+static int set_group_membership_add_callback(
+	struct ldb_module *module,
+	struct ldb_request *req)
+{
+	struct audit_callback_context *context = NULL;
+	struct ldb_request *new_req = NULL;
+	struct ldb_context *ldb = NULL;
+	int ret;
+	/*
+	 * Adding group memberships so will need to log the changes.
+	 */
+	ldb = ldb_module_get_ctx(module);
+	context = talloc_zero(req, struct audit_callback_context);
+
+	if (context == NULL) {
+		return ldb_oom(ldb);
+	}
+	context->request = req;
+	context->module = module;
+	context->log_changes = log_group_membership_changes;
+	/*
+	 * We want to log the return code status, so we need to register
+	 * a callback function to get the actual result.
+	 * We need to take a new copy so that we don't alter the callers copy
+	 */
+	ret = ldb_build_add_req(
+		&new_req,
+		ldb,
+		req,
+		req->op.add.message,
+		req->controls,
+		context,
+		group_audit_callback,
+		req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	return ldb_next_request(module, new_req);
+}
+
+
+/*
+ * @brief Install the callback function to log a modify request.
+ *
+ * Install the callback function to log a modify request changing the primary
+ * group . As we want to log the returned status code, we need to register a
+ * callback function that will be called once the operation has completed.
+ *
+ * This function reads the current user record so that we can log the before
+ * and after state.
+ *
+ * @param module The ldb module.
+ * @param req The modify request.
+ *
+ * @return and LDB status code.
+ */
+static int set_primary_group_modify_callback(
+	struct ldb_module *module,
+	struct ldb_request *req)
+{
+	struct audit_callback_context *context = NULL;
+	struct ldb_request *new_req = NULL;
+	struct ldb_context *ldb = NULL;
+	const struct ldb_message *msg = NULL;
+	struct ldb_result *res = NULL;
+	int ret;
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	ldb = ldb_module_get_ctx(module);
+
+	context = talloc_zero(req, struct audit_callback_context);
+	if (context == NULL) {
+		ret = ldb_oom(ldb);
+		goto exit;
+	}
+	context->request = req;
+	context->module = module;
+	context->log_changes = log_user_primary_group_change;
+
+	msg = dsdb_audit_get_message(req);
+	ret = dsdb_module_search_dn(
+		module,
+		ctx,
+		&res,
+		msg->dn,
+		primary_group_attr,
+		DSDB_FLAG_NEXT_MODULE |
+		DSDB_SEARCH_REVEAL_INTERNALS |
+		DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT,
+		NULL);
+	if (ret == LDB_SUCCESS) {
+		uint32_t pg;
+		pg = ldb_msg_find_attr_as_uint(
+			res->msgs[0],
+			"primaryGroupID",
+			~0);
+		context->primary_group = pg;
+	}
+	/*
+	 * We want to log the return code status, so we need to register
+	 * a callback function to get the actual result.
+	 * We need to take a new copy so that we don't alter the callers copy
+	 */
+	ret = ldb_build_mod_req(
+		&new_req,
+		ldb,
+		req,
+		req->op.add.message,
+		req->controls,
+		context,
+		group_audit_callback,
+		req);
+	if (ret != LDB_SUCCESS) {
+		goto exit;
+	}
+	ret = ldb_next_request(module, new_req);
+exit:
+	TALLOC_FREE(ctx);
+	return ret;
+}
+
+/*
+ * @brief Install the callback function to log an add request.
+ *
+ * Install the callback function to log an add request changing the primary
+ * group . As we want to log the returned status code, we need to register a
+ * callback function that will be called once the operation has completed.
+ *
+ * This function reads the current user record so that we can log the before
+ * and after state.
+ *
+ * @param module The ldb module.
+ * @param req The modify request.
+ *
+ * @return and LDB status code.
+ */
+static int set_primary_group_add_callback(
+	struct ldb_module *module,
+	struct ldb_request *req)
+{
+	struct audit_callback_context *context = NULL;
+	struct ldb_request *new_req = NULL;
+	struct ldb_context *ldb = NULL;
+	int ret;
+	/*
+	 * Adding a user with a primary group.
+	 */
+	ldb = ldb_module_get_ctx(module);
+	context = talloc_zero(req, struct audit_callback_context);
+
+	if (context == NULL) {
+		return ldb_oom(ldb);
+	}
+	context->request = req;
+	context->module = module;
+	context->log_changes = log_user_primary_group_change;
+	/*
+	 * We want to log the return code status, so we need to register
+	 * a callback function to get the actual result.
+	 * We need to take a new copy so that we don't alter the callers copy
+	 */
+	ret = ldb_build_add_req(
+		&new_req,
+		ldb,
+		req,
+		req->op.add.message,
+		req->controls,
+		context,
+		group_audit_callback,
+		req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	return ldb_next_request(module, new_req);
+}
+
+/*
+ * @brief Module handler for add operations.
+ *
+ * Inspect the current add request, and if needed log any group membership
+ * changes.
+ *
+ * @param module The ldb module.
+ * @param req The modify request.
+ *
+ * @return and LDB status code.
+ */
+static int group_add(
+	struct ldb_module *module,
+	struct ldb_request *req)
+{
+
+	struct audit_context *ac =
+		talloc_get_type(
+			ldb_module_get_private(module),
+			struct audit_context);
+	/*
+	 * Currently we don't log replicated group changes
+	 */
+	if (ldb_request_get_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID)) {
+		return ldb_next_request(module, req);
+	}
+
+	if (CHECK_DEBUGLVLC(DBGC_DSDB_GROUP_AUDIT, GROUP_LOG_LVL) ||
+		CHECK_DEBUGLVLC(DBGC_DSDB_GROUP_AUDIT_JSON, GROUP_LOG_LVL) ||
+		(ac->msg_ctx && ac->send_events)) {
+		/*
+		 * Avoid the overheads of logging unless it has been
+		 * enabled
+		 */
+		if (has_group_membership_changes(req)) {
+			return set_group_membership_add_callback(module, req);
+		}
+		if (has_primary_group_id(req)) {
+			return set_primary_group_add_callback(module, req);
+		}
+	}
+	return ldb_next_request(module, req);
+}
+
+/*
+ * @brief Module handler for delete operations.
+ *
+ * Currently there is no logging for delete operations.
+ *
+ * @param module The ldb module.
+ * @param req The modify request.
+ *
+ * @return and LDB status code.
+ */
+static int group_delete(
+	struct ldb_module *module,
+	struct ldb_request *req)
+{
+	return ldb_next_request(module, req);
+}
+
+/*
+ * @brief Install the callback function to log a modify request.
+ *
+ * Install the callback function to log a modify request. As we want to log the
+ * returned status code, we need to register a callback function that will be
+ * called once the operation has completed.
+ *
+ * This function reads the current user record so that we can log the before
+ * and after state.
+ *
+ * @param module The ldb module.
+ * @param req The modify request.
+ *
+ * @return and LDB status code.
+ */
+static int set_group_modify_callback(
+	struct ldb_module *module,
+	struct ldb_request *req)
+{
+	struct audit_callback_context *context = NULL;
+	struct ldb_request *new_req = NULL;
+	struct ldb_context *ldb = NULL;
+	struct ldb_result *res = NULL;
+	int ret;
+
+	ldb = ldb_module_get_ctx(module);
+	context = talloc_zero(req, struct audit_callback_context);
+
+	if (context == NULL) {
+		return ldb_oom(ldb);
+	}
+	context->request = req;
+	context->module  = module;
+	context->log_changes = log_group_membership_changes;
+
+	/*
+	 * About to change the group memberships need to read
+	 * the current state from the database.
+	 */
+	ret = dsdb_module_search_dn(
+		module,
+		context,
+		&res,
+		req->op.add.message->dn,
+		group_attrs,
+		DSDB_FLAG_NEXT_MODULE |
+		DSDB_SEARCH_REVEAL_INTERNALS |
+		DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT,
+		NULL);
+	if (ret == LDB_SUCCESS) {
+		context->members = ldb_msg_find_element(res->msgs[0], "member");
+	}
+
+	ret = ldb_build_mod_req(
+		&new_req,
+		ldb,
+		req,
+		req->op.mod.message,
+		req->controls,
+		context,
+		group_audit_callback,
+		req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	return ldb_next_request(module, new_req);
+}
+
+/*
+ * @brief Module handler for modify operations.
+ *
+ * Inspect the current modify request, and if needed log any group membership
+ * changes.
+ *
+ * @param module The ldb module.
+ * @param req The modify request.
+ *
+ * @return and LDB status code.
+ */
+static int group_modify(
+	struct ldb_module *module,
+	struct ldb_request *req)
+{
+
+	struct audit_context *ac =
+		talloc_get_type(
+			ldb_module_get_private(module),
+			struct audit_context);
+	/*
+	 * Currently we don't log replicated group changes
+	 */
+	if (ldb_request_get_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID)) {
+		return ldb_next_request(module, req);
+	}
+
+	if (CHECK_DEBUGLVLC(DBGC_DSDB_GROUP_AUDIT, GROUP_LOG_LVL) ||
+	    CHECK_DEBUGLVLC(DBGC_DSDB_GROUP_AUDIT_JSON, GROUP_LOG_LVL) ||
+		(ac->msg_ctx && ac->send_events)) {
+		/*
+		 * Avoid the overheads of logging unless it has been
+		 * enabled
+		 */
+		if (has_group_membership_changes(req)) {
+			return set_group_modify_callback(module, req);
+		}
+		if (has_primary_group_id(req)) {
+			return set_primary_group_modify_callback(module, req);
+		}
+	}
+	return ldb_next_request(module, req);
+}
+
+/*
+ * @brief ldb module initialisation
+ *
+ * Initialise the module, loading the private data etc.
+ *
+ * @param module The ldb module to initialise.
+ *
+ * @return An LDB status code.
+ */
+static int group_init(struct ldb_module *module)
+{
+
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct audit_context *context = NULL;
+	struct loadparm_context *lp_ctx
+		= talloc_get_type_abort(
+			ldb_get_opaque(ldb, "loadparm"),
+			struct loadparm_context);
+	struct tevent_context *ev = ldb_get_event_context(ldb);
+
+	context = talloc_zero(module, struct audit_context);
+	if (context == NULL) {
+		return ldb_module_oom(module);
+	}
+
+	if (lp_ctx && lpcfg_dsdb_group_change_notification(lp_ctx)) {
+		context->send_events = true;
+		context->msg_ctx = imessaging_client_init(context,
+							  lp_ctx,
+							  ev);
+	}
+
+	ldb_module_set_private(module, context);
+	return ldb_next_init(module);
+}
+
+static const struct ldb_module_ops ldb_group_audit_log_module_ops = {
+	.name              = "group_audit_log",
+	.add		   = group_add,
+	.modify		   = group_modify,
+	.del		   = group_delete,
+	.init_context	   = group_init,
+};
+
+int ldb_group_audit_log_module_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_group_audit_log_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/instancetype.c b/source4/dsdb/samdb/ldb_modules/instancetype.c
new file mode 100644
index 0000000..9a3fd11
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/instancetype.c
@@ -0,0 +1,173 @@
+/* 
+   ldb database library
+
+   Copyright (C) Simo Sorce  2004-2008
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
+   Copyright (C) Andrew Tridgell 2005
+   Copyright (C) Stefan Metzmacher <metze@samba.org> 2007
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: ldb
+ *
+ *  Component: ldb instancetype module
+ *
+ *  Description: add an instanceType onto every new record
+ *
+ *  Author: Andrew Bartlett
+ */
+
+#include "includes.h"
+#include "ldb.h"
+#include "ldb_module.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "dsdb/samdb/samdb.h"
+#include "../libds/common/flags.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+
+/* add_record: add instancetype attribute */
+static int instancetype_add(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct ldb_request *down_req;
+	struct ldb_message *msg;
+	struct ldb_message_element *el;
+	uint32_t instanceType;
+	int ret;
+
+	/* do not manipulate our control entries */
+	if (ldb_dn_is_special(req->op.add.message->dn)) {
+		return ldb_next_request(module, req);
+	}
+
+	ldb_debug(ldb, LDB_DEBUG_TRACE, "instancetype_add\n");
+
+	el = ldb_msg_find_element(req->op.add.message, "instanceType");
+	if (el != NULL) {
+		if (el->num_values != 1) {
+			ldb_set_errstring(ldb, "instancetype: the 'instanceType' attribute is single-valued!");
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+
+		instanceType = ldb_msg_find_attr_as_uint(req->op.add.message,
+							 "instanceType", 0);
+		if (!(instanceType & INSTANCE_TYPE_IS_NC_HEAD)) {
+			/*
+			 * If we have no NC add operation (no TYPE_IS_NC_HEAD)
+			 * then "instanceType" can only be "0" or "TYPE_WRITE".
+			 */
+			if ((instanceType != 0) &&
+			    ((instanceType & INSTANCE_TYPE_WRITE) == 0)) {
+				ldb_set_errstring(ldb, "instancetype: if TYPE_IS_NC_HEAD wasn't set, then only TYPE_WRITE or 0 are allowed!");
+				return LDB_ERR_UNWILLING_TO_PERFORM;
+			}
+		} else {
+			/*
+			 * If we have a NC add operation then we need also the
+			 * "TYPE_WRITE" flag in order to succeed,
+			 * unless this NC is not instantiated
+			 */
+			if (ldb_request_get_control(req, DSDB_CONTROL_PARTIAL_REPLICA)) {
+				if (!(instanceType & INSTANCE_TYPE_UNINSTANT)) {
+					ldb_set_errstring(ldb, "instancetype: if TYPE_IS_NC_HEAD "
+							  "was set, and we are creating a new NC "
+							  "over DsAddEntry then also TYPE_UNINSTANT is requested!");
+					return LDB_ERR_UNWILLING_TO_PERFORM;
+				}
+			} else {
+				if (!(instanceType & INSTANCE_TYPE_WRITE)) {
+					ldb_set_errstring(ldb, "instancetype: if TYPE_IS_NC_HEAD "
+							  "was set, then also TYPE_WRITE is requested!");
+					return LDB_ERR_UNWILLING_TO_PERFORM;
+				}
+			}
+
+			/*
+			 * TODO: Confirm we are naming master or start
+			 * a remote call to the naming master to
+			 * create the crossRef object
+			 */
+		}
+
+		/* we did only tests, so proceed with the original request */
+		return ldb_next_request(module, req);
+	}
+
+	/* we have to copy the message as the caller might have it as a const */
+	msg = ldb_msg_copy_shallow(req, req->op.add.message);
+	if (msg == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	/*
+	 * TODO: calculate correct instance type
+	 */
+	instanceType = INSTANCE_TYPE_WRITE;
+
+	ret = samdb_msg_add_uint(ldb, msg, msg, "instanceType", instanceType);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = ldb_build_add_req(&down_req, ldb, req,
+				msg,
+				req->controls,
+				req, dsdb_next_callback,
+				req);
+	LDB_REQ_SET_LOCATION(down_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/* go on with the call chain */
+	return ldb_next_request(module, down_req);
+}
+
+/* deny instancetype modification */
+static int instancetype_mod(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct ldb_message_element *el;
+
+	/* do not manipulate our control entries */
+	if (ldb_dn_is_special(req->op.mod.message->dn)) {
+		return ldb_next_request(module, req);
+	}
+
+	ldb_debug(ldb, LDB_DEBUG_TRACE, "instancetype_mod\n");
+
+	el = ldb_msg_find_element(req->op.mod.message, "instanceType");
+	if (el != NULL) {
+		/* Except to allow dbcheck to fix things, this must never be modified */
+		if (!ldb_request_get_control(req, DSDB_CONTROL_DBCHECK)) {
+			ldb_set_errstring(ldb, "instancetype: the 'instanceType' attribute can never be changed!");
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+	}
+	return ldb_next_request(module, req);
+}
+
+static const struct ldb_module_ops ldb_instancetype_module_ops = {
+	.name          = "instancetype",
+	.add           = instancetype_add,
+	.modify        = instancetype_mod
+};
+
+int ldb_instancetype_module_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_instancetype_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/lazy_commit.c b/source4/dsdb/samdb/ldb_modules/lazy_commit.c
new file mode 100644
index 0000000..24fc6dd
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/lazy_commit.c
@@ -0,0 +1,128 @@
+/* 
+   ldb database library
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: ldb
+ *
+ *  Component: ldb lazy_commit module
+ *
+ *  Description: module to pretend to support the 'lazy commit' control
+ *
+ *  Author: Andrew Bartlett
+ */
+
+#include "includes.h"
+#include "ldb_module.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+
+static int unlazy_op(struct ldb_module *module, struct ldb_request *req)
+{
+	int ret;
+	struct ldb_request *new_req;
+	struct ldb_control *control = ldb_request_get_control(req, LDB_CONTROL_SERVER_LAZY_COMMIT);
+	if (!control) {
+		return ldb_next_request(module, req);
+	} 
+	
+	switch (req->operation) {
+	case LDB_SEARCH:
+		ret = ldb_build_search_req_ex(&new_req, ldb_module_get_ctx(module),
+					      req,
+					      req->op.search.base,
+					      req->op.search.scope,
+					      req->op.search.tree,
+					      req->op.search.attrs,
+					      req->controls,
+					      req, dsdb_next_callback,
+					      req);
+		LDB_REQ_SET_LOCATION(new_req);
+		break;
+	case LDB_ADD:
+		ret = ldb_build_add_req(&new_req, ldb_module_get_ctx(module), req,
+					req->op.add.message,
+					req->controls,
+					req, dsdb_next_callback,
+					req);
+		LDB_REQ_SET_LOCATION(new_req);
+		break;
+	case LDB_MODIFY:
+		ret = ldb_build_mod_req(&new_req, ldb_module_get_ctx(module), req,
+					req->op.mod.message,
+					req->controls,
+					req, dsdb_next_callback,
+					req);
+		LDB_REQ_SET_LOCATION(new_req);
+		break;
+	case LDB_DELETE:
+		ret = ldb_build_del_req(&new_req, ldb_module_get_ctx(module), req,
+					req->op.del.dn,
+					req->controls,
+					req, dsdb_next_callback,
+					req);
+		LDB_REQ_SET_LOCATION(new_req);
+		break;
+	case LDB_RENAME:
+		ret = ldb_build_rename_req(&new_req, ldb_module_get_ctx(module), req,
+					   req->op.rename.olddn,
+					   req->op.rename.newdn,
+					   req->controls,
+					   req, dsdb_next_callback,
+					   req);
+		LDB_REQ_SET_LOCATION(new_req);
+		break;
+	case LDB_EXTENDED:
+		ret = ldb_build_extended_req(&new_req, ldb_module_get_ctx(module),
+					     req,
+					     req->op.extended.oid,
+					     req->op.extended.data,
+					     req->controls,
+					     req, dsdb_next_callback,
+					     req);
+		LDB_REQ_SET_LOCATION(new_req);
+		break;
+	default:
+		ldb_set_errstring(ldb_module_get_ctx(module),
+				  "Unsupported request type!");
+		ret = LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	control->critical = 0;
+	return ldb_next_request(module, new_req);
+}
+
+static const struct ldb_module_ops ldb_lazy_commit_module_ops = {
+	.name		   = "lazy_commit",
+	.search            = unlazy_op,
+	.add               = unlazy_op,
+	.modify            = unlazy_op,
+	.del               = unlazy_op,
+	.rename            = unlazy_op,
+	.request      	   = unlazy_op,
+	.extended          = unlazy_op,
+};
+
+int ldb_lazy_commit_module_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_lazy_commit_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/linked_attributes.c b/source4/dsdb/samdb/ldb_modules/linked_attributes.c
new file mode 100644
index 0000000..d1232c7
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/linked_attributes.c
@@ -0,0 +1,1587 @@
+/*
+   ldb database library
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2007
+   Copyright (C) Simo Sorce <idra@samba.org> 2008
+   Copyright (C) Matthieu Patou <mat@matws.net> 2011
+   Copyright (C) Andrew Tridgell 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: ldb
+ *
+ *  Component: ldb linked_attributes module
+ *
+ *  Description: Module to ensure linked attribute pairs (i.e. forward-links
+ *  and backlinks) remain in sync.
+ *
+ *  Backlinks are 'plain' links (without extra metadata). When the link target
+ *  object is modified (e.g. renamed), we use the backlinks to keep the link
+ *  source object updated. Note there are some cases where we can't do this:
+ *    - one-way links, which don't have a corresponding backlink
+ *    - two-way deactivated links, i.e. when a user is removed from a group,
+ *      the forward 'member' link still exists (but is inactive), however, the
+ *      'memberOf' backlink is deleted.
+ *  In these cases, we can end up with a dangling forward link which is
+ *  incorrect (i.e. the target has been renamed or deleted). We have dbcheck
+ *  rules to detect and fix this, and cope otherwise by filtering at runtime
+ *  (i.e. in the extended_dn module).
+ *
+ *  See also repl_meta_data.c, which handles updating links for deleted
+ *  objects, as well as link changes received from another DC.
+ *
+ *  Author: Andrew Bartlett
+ */
+
+#include "includes.h"
+#include "ldb_module.h"
+#include "util/dlinklist.h"
+#include "dsdb/samdb/samdb.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+
+#undef strcasecmp
+
+struct la_private_transaction {
+	struct la_context *la_list;
+};
+
+
+struct la_private {
+	struct la_private_transaction *transaction;
+	bool sorted_links;
+};
+
+struct la_op_store {
+	struct la_op_store *next;
+	struct la_op_store *prev;
+	enum la_op {LA_OP_ADD, LA_OP_DEL} op;
+	struct GUID guid;
+	char *name;
+};
+
+struct replace_context {
+	struct la_context *ac;
+	unsigned int num_elements;
+	struct ldb_message_element *el;
+};
+
+struct la_context {
+	struct la_context *next, *prev;
+	const struct dsdb_schema *schema;
+	struct ldb_module *module;
+	struct ldb_request *req;
+	struct ldb_dn *mod_dn;
+	struct replace_context *rc;
+	struct la_op_store *ops;
+	struct ldb_extended *op_response;
+	struct ldb_control **op_controls;
+	/*
+	 * For futur use
+	 * will tell which GC to use for resolving links
+	 */
+	char *gc_dns_name;
+};
+
+
+static int handle_verify_name_control(TALLOC_CTX *ctx, struct ldb_context *ldb,
+					struct ldb_control *control, struct la_context *ac)
+{
+	/*
+	 * If we are a GC let's remove the control,
+	 * if there is a specified GC check that is us.
+	 */
+	struct ldb_verify_name_control *lvnc = talloc_get_type_abort(control->data, struct ldb_verify_name_control);
+	if (samdb_is_gc(ldb)) {
+		/* Because we can't easily talloc a struct ldb_dn*/
+		struct ldb_dn **dn = talloc_array(ctx, struct ldb_dn *, 1);
+		int ret = samdb_server_reference_dn(ldb, ctx, dn);
+		const char *dns;
+
+		if (ret != LDB_SUCCESS) {
+			return ldb_operr(ldb);
+		}
+
+		dns = samdb_dn_to_dnshostname(ldb, ctx, *dn);
+		if (!dns) {
+			return ldb_operr(ldb);
+		}
+		if (!lvnc->gc || strcasecmp(dns, lvnc->gc) == 0) {
+			if (!ldb_save_controls(control, ctx, NULL)) {
+				return ldb_operr(ldb);
+			}
+		} else {
+			control->critical = true;
+		}
+		talloc_free(dn);
+	} else {
+		/* For the moment we don't remove the control is this case in order
+		 * to fail the request. It's better than having the client thinking
+		 * that we honnor its control.
+		 * Hopefully only a very small set of usecase should hit this problem.
+		 */
+		if (lvnc->gc) {
+			ac->gc_dns_name = talloc_strdup(ac, lvnc->gc);
+		}
+		control->critical = true;
+	}
+
+	return LDB_SUCCESS;
+}
+
+static struct la_context *linked_attributes_init(struct ldb_module *module,
+						 struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct la_context *ac;
+
+	ldb = ldb_module_get_ctx(module);
+
+	ac = talloc_zero(req, struct la_context);
+	if (ac == NULL) {
+		ldb_oom(ldb);
+		return NULL;
+	}
+
+	ac->schema = dsdb_get_schema(ldb, ac);
+	ac->module = module;
+	ac->req = req;
+
+	return ac;
+}
+
+/*
+  turn a DN into a GUID
+ */
+static int la_guid_from_dn(struct ldb_module *module,
+			   struct ldb_request *parent,
+			   struct ldb_dn *dn, struct GUID *guid)
+{
+	NTSTATUS status;
+	int ret;
+
+	status = dsdb_get_extended_dn_guid(dn, guid, "GUID");
+	if (NT_STATUS_IS_OK(status)) {
+		return LDB_SUCCESS;
+	}
+	if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+		DEBUG(4,(__location__ ": Unable to parse GUID for dn %s\n",
+			 ldb_dn_get_linearized(dn)));
+		return ldb_operr(ldb_module_get_ctx(module));
+	}
+
+	ret = dsdb_module_guid_by_dn(module, dn, guid, parent);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(4,(__location__ ": Failed to find GUID for dn %s\n",
+			 ldb_dn_get_linearized(dn)));
+		return ret;
+	}
+	return LDB_SUCCESS;
+}
+
+
+/* Common routine to handle reading the attributes and creating a
+ * series of modify requests */
+static int la_store_op(struct la_context *ac,
+		       enum la_op op, 
+		       const struct dsdb_attribute *schema_attr,
+		       struct ldb_val *dn,
+		       const char *name)
+{
+	struct ldb_context *ldb;
+	struct la_op_store *os;
+	struct ldb_dn *op_dn;
+	struct dsdb_dn *dsdb_dn;
+	int ret;
+
+	ldb = ldb_module_get_ctx(ac->module);
+
+
+	os = talloc_zero(ac, struct la_op_store);
+	if (!os) {
+		return ldb_oom(ldb);
+	}
+
+	dsdb_dn = dsdb_dn_parse(os, ldb, dn, schema_attr->syntax->ldap_oid);
+
+	if (!dsdb_dn) {
+		ldb_asprintf_errstring(ldb,
+				       "could not parse attribute as a DN");
+		TALLOC_FREE(os);
+		return LDB_ERR_INVALID_DN_SYNTAX;
+	}
+
+	op_dn = dsdb_dn->dn;
+
+	os->op = op;
+
+	ret = la_guid_from_dn(ac->module, ac->req, op_dn, &os->guid);
+	talloc_free(op_dn);
+	if (ret == LDB_ERR_NO_SUCH_OBJECT && ac->req->operation == LDB_DELETE) {
+		/* we are deleting an object, and we've found it has a
+		 * forward link to a target that no longer
+		 * exists. This is not an error in the delete, and we
+		 * should just not do the deferred delete of the
+		 * target attribute
+		 */
+		talloc_free(os);
+		return LDB_SUCCESS;
+	}
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	os->name = talloc_strdup(os, name);
+	if (!os->name) {
+		return ldb_oom(ldb);
+	}
+
+	/* Do deletes before adds */
+	if (op == LA_OP_ADD) {
+		DLIST_ADD_END(ac->ops, os);
+	} else {
+		/* By adding to the head of the list, we do deletes before
+		 * adds when processing a replace */
+		DLIST_ADD(ac->ops, os);
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int la_queue_mod_request(struct la_context *ac);
+static int la_down_req(struct la_context *ac);
+
+
+
+/* add */
+static int linked_attributes_add(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	const struct dsdb_attribute *target_attr;
+	struct la_context *ac;
+	const char *attr_name;
+	struct ldb_control *ctrl;
+	unsigned int i, j;
+	struct ldb_control *control;
+	int ret;
+
+	ldb = ldb_module_get_ctx(module);
+
+	if (ldb_dn_is_special(req->op.add.message->dn)) {
+		/* do not manipulate our control entries */
+		return ldb_next_request(module, req);
+	}
+
+	ac = linked_attributes_init(module, req);
+	if (!ac) {
+		return ldb_operr(ldb);
+	}
+
+	control = ldb_request_get_control(req, LDB_CONTROL_VERIFY_NAME_OID);
+	if (control != NULL && control->data != NULL) {
+		ret = handle_verify_name_control(req, ldb, control, ac);
+		if (ret != LDB_SUCCESS) {
+			return ldb_operr(ldb);
+		}
+	}
+
+	if (!(ctrl = ldb_request_get_control(req, DSDB_CONTROL_APPLY_LINKS))) {
+		/* don't do anything special for linked attributes, repl_meta_data has done it */
+		talloc_free(ac);
+		return ldb_next_request(module, req);
+	}
+	ctrl->critical = false;
+
+	if (!ac->schema) {
+		/* without schema, this doesn't make any sense */
+		talloc_free(ac);
+		return ldb_next_request(module, req);
+	}
+
+
+	/* Need to ensure we only have forward links being specified */
+	for (i=0; i < req->op.add.message->num_elements; i++) {
+		const struct ldb_message_element *el = &req->op.add.message->elements[i];
+		const struct dsdb_attribute *schema_attr
+			= dsdb_attribute_by_lDAPDisplayName(ac->schema, el->name);
+		if (!schema_attr) {
+			ldb_asprintf_errstring(ldb,
+					       "%s: attribute %s is not a valid attribute in schema",
+					       __FUNCTION__,
+					       el->name);
+			return LDB_ERR_OBJECT_CLASS_VIOLATION;
+		}
+
+		/* this could be a link with no partner, in which case
+		   there is no special work to do */
+		if (schema_attr->linkID == 0) {
+			continue;
+		}
+
+		/* this part of the code should only be handling forward links */
+		SMB_ASSERT((schema_attr->linkID & 1) == 0);
+
+		/* Even link IDs are for the originating attribute */
+		target_attr = dsdb_attribute_by_linkID(ac->schema, schema_attr->linkID ^ 1);
+		if (!target_attr) {
+			/*
+			 * windows 2003 has a broken schema where
+			 * the definition of msDS-IsDomainFor
+			 * is missing (which is supposed to be
+			 * the backlink of the msDS-HasDomainNCs
+			 * attribute
+			 */
+			continue;
+		}
+
+		attr_name = target_attr->lDAPDisplayName;
+
+		for (j = 0; j < el->num_values; j++) {
+			ret = la_store_op(ac, LA_OP_ADD,
+					  schema_attr,
+					  &el->values[j],
+					  attr_name);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+		}
+	}
+
+	/* if no linked attributes are present continue */
+	if (ac->ops == NULL) {
+		/* nothing to do for this module, proceed */
+		talloc_free(ac);
+		return ldb_next_request(module, req);
+	}
+
+	/* start with the original request */
+	return la_down_req(ac);
+}
+
+/* For a delete or rename, we need to find out what linked attributes
+ * are currently on this DN, and then deal with them.  This is the
+ * callback to the base search */
+
+static int la_mod_search_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	struct ldb_context *ldb;
+	const struct dsdb_attribute *schema_attr;
+	const struct dsdb_attribute *target_attr;
+	struct ldb_message_element *search_el;
+	struct replace_context *rc;
+	struct la_context *ac;
+	const char *attr_name;
+	unsigned int i, j;
+	int ret = LDB_SUCCESS;
+
+	ac = talloc_get_type(req->context, struct la_context);
+	ldb = ldb_module_get_ctx(ac->module);
+	rc = ac->rc;
+
+	if (!ares) {
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	/* Only entries are interesting, and we only want the olddn */
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+
+		if (ldb_dn_compare(ares->message->dn, ac->req->op.mod.message->dn) != 0) {
+			ldb_asprintf_errstring(ldb,
+					       "linked_attributes: %s is not the DN we were looking for",
+					       ldb_dn_get_linearized(ares->message->dn));
+			/* Guh?  We only asked for this DN */
+			talloc_free(ares);
+			return ldb_module_done(ac->req, NULL, NULL,
+						LDB_ERR_OPERATIONS_ERROR);
+		}
+
+		ac->mod_dn = talloc_steal(ac, ares->message->dn);
+
+		/* We don't populate 'rc' for ADD - it can't be deleting elements anyway */
+		for (i = 0; rc && i < rc->num_elements; i++) {
+
+			schema_attr = dsdb_attribute_by_lDAPDisplayName(ac->schema, rc->el[i].name);
+			if (!schema_attr) {
+				ldb_asprintf_errstring(ldb,
+					"%s: attribute %s is not a valid attribute in schema",
+					__FUNCTION__,
+					rc->el[i].name);
+				talloc_free(ares);
+				return ldb_module_done(ac->req, NULL, NULL,
+						LDB_ERR_OBJECT_CLASS_VIOLATION);
+			}
+
+			search_el = ldb_msg_find_element(ares->message,
+							 rc->el[i].name);
+
+			/* See if this element already exists */
+			/* otherwise just ignore as
+			 * the add has already been scheduled */
+			if ( ! search_el) {
+				continue;
+			}
+
+			target_attr = dsdb_attribute_by_linkID(ac->schema, schema_attr->linkID ^ 1);
+			if (!target_attr) {
+				/*
+				 * windows 2003 has a broken schema where
+				 * the definition of msDS-IsDomainFor
+				 * is missing (which is supposed to be
+				 * the backlink of the msDS-HasDomainNCs
+				 * attribute
+				 */
+				continue;
+			}
+			attr_name = target_attr->lDAPDisplayName;
+
+			/* Now we know what was there, we can remove it for the re-add */
+			for (j = 0; j < search_el->num_values; j++) {
+				ret = la_store_op(ac, LA_OP_DEL,
+						  schema_attr, 
+						  &search_el->values[j],
+						  attr_name);
+				if (ret != LDB_SUCCESS) {
+					talloc_free(ares);
+					return ldb_module_done(ac->req,
+							       NULL, NULL, ret);
+				}
+			}
+		}
+
+		break;
+
+	case LDB_REPLY_REFERRAL:
+		/* ignore */
+		break;
+
+	case LDB_REPLY_DONE:
+
+		talloc_free(ares);
+
+		if (ac->req->operation == LDB_ADD) {
+			/* Start the modifies to the backlinks */
+			ret = la_queue_mod_request(ac);
+
+			if (ret != LDB_SUCCESS) {
+				return ldb_module_done(ac->req, NULL, NULL,
+						       ret);
+			}
+		} else {
+			/* Start with the original request */
+			ret = la_down_req(ac);
+			if (ret != LDB_SUCCESS) {
+				return ldb_module_done(ac->req, NULL, NULL, ret);
+			}
+		}
+		return LDB_SUCCESS;
+	}
+
+	talloc_free(ares);
+	return ret;
+}
+
+
+/* modify */
+static int linked_attributes_modify(struct ldb_module *module, struct ldb_request *req)
+{
+	/* Look over list of modifications */
+	/* Find if any are for linked attributes */
+	/* Determine the effect of the modification */
+	/* Apply the modify to the linked entry */
+
+	struct ldb_control *control;
+	struct ldb_context *ldb;
+	unsigned int i, j;
+	struct la_context *ac;
+	struct ldb_request *search_req;
+	const char **attrs;
+	struct ldb_control *ctrl;
+	int ret;
+
+	ldb = ldb_module_get_ctx(module);
+
+	if (ldb_dn_is_special(req->op.mod.message->dn)) {
+		/* do not manipulate our control entries */
+		return ldb_next_request(module, req);
+	}
+
+	ac = linked_attributes_init(module, req);
+	if (!ac) {
+		return ldb_operr(ldb);
+	}
+
+	control = ldb_request_get_control(req, LDB_CONTROL_VERIFY_NAME_OID);
+	if (control != NULL && control->data != NULL) {
+		ret = handle_verify_name_control(req, ldb, control, ac);
+		if (ret != LDB_SUCCESS) {
+			return ldb_operr(ldb);
+		}
+	}
+
+	if (!(ctrl = ldb_request_get_control(req, DSDB_CONTROL_APPLY_LINKS))) {
+		/* don't do anything special for linked attributes, repl_meta_data has done it */
+		talloc_free(ac);
+		return ldb_next_request(module, req);
+	}
+	ctrl->critical = false;
+
+	if (!ac->schema) {
+		/* without schema, this doesn't make any sense */
+		return ldb_next_request(module, req);
+	}
+
+	ac->rc = talloc_zero(ac, struct replace_context);
+	if (!ac->rc) {
+		return ldb_oom(ldb);
+	}
+
+	for (i=0; i < req->op.mod.message->num_elements; i++) {
+		bool store_el = false;
+		const char *attr_name;
+		const struct dsdb_attribute *target_attr;
+		const struct ldb_message_element *el = &req->op.mod.message->elements[i];
+		const struct dsdb_attribute *schema_attr
+			= dsdb_attribute_by_lDAPDisplayName(ac->schema, el->name);
+		if (!schema_attr) {
+			ldb_asprintf_errstring(ldb,
+					       "%s: attribute %s is not a valid attribute in schema",
+					       __FUNCTION__,
+					       el->name);
+			return LDB_ERR_OBJECT_CLASS_VIOLATION;
+		}
+		/* We have a valid attribute, now find out if it is a forward link
+		   (Even link IDs are for the originating attribute) */
+		if (schema_attr->linkID == 0) {
+			continue;
+		}
+
+		/* this part of the code should only be handling forward links */
+		SMB_ASSERT((schema_attr->linkID & 1) == 0);
+
+		/* Now find the target attribute */
+		target_attr = dsdb_attribute_by_linkID(ac->schema, schema_attr->linkID ^ 1);
+		if (!target_attr) {
+			/*
+			 * windows 2003 has a broken schema where
+			 * the definition of msDS-IsDomainFor
+			 * is missing (which is supposed to be
+			 * the backlink of the msDS-HasDomainNCs
+			 * attribute
+			 */
+			continue;
+		}
+
+		attr_name = target_attr->lDAPDisplayName;
+
+		switch (el->flags & LDB_FLAG_MOD_MASK) {
+		case LDB_FLAG_MOD_REPLACE:
+			/* treat as just a normal add the delete part is handled by the callback */
+			store_el = true;
+
+			FALL_THROUGH;
+		case LDB_FLAG_MOD_ADD:
+
+			/* For each value being added, we need to setup the adds */
+			for (j = 0; j < el->num_values; j++) {
+				ret = la_store_op(ac, LA_OP_ADD,
+						  schema_attr,
+						  &el->values[j],
+						  attr_name);
+				if (ret != LDB_SUCCESS) {
+					return ret;
+				}
+			}
+			break;
+
+		case LDB_FLAG_MOD_DELETE:
+
+			if (el->num_values) {
+				/* For each value being deleted, we need to setup the delete */
+				for (j = 0; j < el->num_values; j++) {
+					ret = la_store_op(ac, LA_OP_DEL,
+							  schema_attr,
+							  &el->values[j],
+							  attr_name);
+					if (ret != LDB_SUCCESS) {
+						return ret;
+					}
+				}
+			} else {
+				/* Flag that there was a DELETE
+				 * without a value specified, so we
+				 * need to look for the old value */
+				store_el = true;
+			}
+
+			break;
+		}
+
+		if (store_el) {
+			struct ldb_message_element *search_el;
+
+			search_el = talloc_realloc(ac->rc, ac->rc->el,
+						   struct ldb_message_element,
+						   ac->rc->num_elements +1);
+			if (!search_el) {
+				return ldb_oom(ldb);
+			}
+			ac->rc->el = search_el;
+
+			ac->rc->el[ac->rc->num_elements] = *el;
+			ac->rc->num_elements++;
+		}
+	}
+
+	if (ac->ops || ac->rc->el) {
+		/* both replace and delete without values are handled in the callback
+		 * after the search on the entry to be modified is performed */
+
+		attrs = talloc_array(ac->rc, const char *, ac->rc->num_elements + 1);
+		if (!attrs) {
+			return ldb_oom(ldb);
+		}
+		for (i = 0; i < ac->rc->num_elements; i++) {
+			attrs[i] = ac->rc->el[i].name;
+		}
+		attrs[i] = NULL;
+
+		/* The callback does all the hard work here */
+		ret = ldb_build_search_req(&search_req, ldb, ac,
+					   req->op.mod.message->dn,
+					   LDB_SCOPE_BASE,
+					   "(objectClass=*)", attrs,
+					   NULL,
+					   ac, la_mod_search_callback,
+					   req);
+		LDB_REQ_SET_LOCATION(search_req);
+
+		/* We need to figure out our own extended DN, to fill in as the backlink target */
+		if (ret == LDB_SUCCESS) {
+			ret = dsdb_request_add_controls(search_req,
+							DSDB_SEARCH_SHOW_RECYCLED |
+							DSDB_SEARCH_SHOW_EXTENDED_DN);
+		}
+		if (ret == LDB_SUCCESS) {
+			talloc_steal(search_req, attrs);
+
+			ret = ldb_next_request(module, search_req);
+		}
+
+	} else {
+		/* nothing to do for this module, proceed */
+		talloc_free(ac);
+		ret = ldb_next_request(module, req);
+	}
+
+	return ret;
+}
+
+
+static int linked_attributes_fix_link_slow(struct ldb_module *module,
+					   struct ldb_request *parent,
+					   struct ldb_message *msg,
+					   struct ldb_dn *new_dn,
+					   struct GUID self_guid,
+					   const char *syntax_oid,
+					   const char *reverse_syntax_oid)
+{
+	int ret;
+	unsigned int i;
+	struct GUID link_guid;
+	struct ldb_message_element *el = &msg->elements[0];
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	bool has_unique_value = strcmp(reverse_syntax_oid, LDB_SYNTAX_DN) == 0;
+	TALLOC_CTX *tmp_ctx = talloc_new(module);
+	if (tmp_ctx == NULL) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	/*
+	 * The msg has one element (el) containing links of one particular
+	 * type from the remote object. We know that at least one of those
+	 * links points to the object being renamed (identified by self_guid,
+	 * renamed to new_dn). Usually only one of the links will point back
+	 * to renamed object, but there can be more when the reverse link is a
+	 * DN+Binary link.
+	 *
+	 * This is used for unsorted links, which is to say back links and
+	 * forward links on old databases. It necessarily involves a linear
+	 * search, though when the link is a plain DN link, we can skip
+	 * checking as soon as we find it.
+	 *
+	 * NOTE: if there are duplicate links, the extra ones will end up as
+	 * dangling links to the old DN. This may or may not be worse than
+	 * leaving them as duplicate links.
+	 */
+	for (i = 0; i < el->num_values; i++) {
+		struct dsdb_dn *dsdb_dn = dsdb_dn_parse(msg,
+							ldb,
+							&el->values[i],
+							syntax_oid);
+		if (dsdb_dn == NULL) {
+			talloc_free(tmp_ctx);
+			return LDB_ERR_INVALID_DN_SYNTAX;
+		}
+
+		ret = la_guid_from_dn(module, parent, dsdb_dn->dn, &link_guid);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+
+		/*
+		 * By comparing using the GUID we ensure that even if somehow
+		 * the name has got out of sync, this rename will fix it.
+		 *
+		 * If somehow we don't have a GUID on the DN in the DB, the
+		 * la_guid_from_dn call will be more costly, but still give us
+		 * a GUID. dbcheck will fix this if run.
+		 */
+		if (!GUID_equal(&self_guid, &link_guid)) {
+			continue;
+		}
+
+		ret = ldb_dn_update_components(dsdb_dn->dn, new_dn);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+
+		el->values[i] = data_blob_string_const(
+			dsdb_dn_get_extended_linearized(el->values, dsdb_dn, 1));
+		if (has_unique_value) {
+			break;
+		}
+	}
+
+	talloc_free(tmp_ctx);
+	return LDB_SUCCESS;
+}
+
+
+static int linked_attributes_fix_forward_link(struct ldb_module *module,
+					      struct ldb_message *msg,
+					      struct ldb_dn *new_dn,
+					      struct GUID self_guid,
+					      const char *syntax_oid)
+{
+	int ret;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct parsed_dn *pdn_list = NULL;
+	struct parsed_dn *exact = NULL;
+	struct parsed_dn *next = NULL;
+	bool is_plain_dn;
+	struct ldb_message_element *el = &msg->elements[0];
+	unsigned int num_parsed_dns = el->num_values;
+
+	TALLOC_CTX *tmp_ctx = talloc_new(module);
+	if (tmp_ctx == NULL) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	/*
+	 * The msg has a single element (el) containing forward links which we
+	 * trust are sorted in GUID order. We know that at least one of those
+	 * links points to the object being renamed (identified by self_guid,
+	 * renamed to new_dn), because that object has a backlink pointing
+	 * here.
+	 *
+	 * In most cases we assume there will only be one forward link, which
+	 * is found by parsed_dn_find(), but in the case of DN+Binary links
+	 * (e.g. msDS-RevealedUsers) there may be many forward links that
+	 * share the same DN/GUID but differ in the binary part. For those we
+	 * need to look around the link found by parsed_dn_find() and convert
+	 * them all -- there is no way to know which forward link belongs to
+	 * which backlink.
+	 */
+
+	ret = get_parsed_dns_trusted(tmp_ctx, el, &pdn_list);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb, "get_parsed_dn_trusted() "
+				       "error fixing %s links for %s",
+				       el->name,
+				       ldb_dn_get_linearized(msg->dn));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	/* find our DN in the values */
+	ret = parsed_dn_find(ldb, pdn_list, num_parsed_dns,
+			     &self_guid,
+			     NULL,
+			     data_blob_null, 0,
+			     &exact, &next,
+			     syntax_oid,
+			     false);
+
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb, "parsed_dn_find() "
+				       "error fixing %s links for %s",
+				       el->name,
+				       ldb_dn_get_linearized(msg->dn));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	if (exact == NULL) {
+		/*
+		 * Our only caller doesn’t want to know about errors finding a
+		 * forward link for which we have a backlink — in particular,
+		 * during the tombstoning of an object, the forward links have
+		 * already been removed when this routine is called by
+		 * dsdb_module_rename() inside replmd_delete_internals().
+		 */
+		talloc_free(tmp_ctx);
+		return LDB_SUCCESS;
+	}
+
+	is_plain_dn = strcmp(syntax_oid, LDB_SYNTAX_DN) == 0;
+
+	if (is_plain_dn) {
+		/*
+		 *  The common case -- we only have to update a single link
+		 */
+		ret = ldb_dn_update_components(exact->dsdb_dn->dn, new_dn);
+		if (ret != LDB_SUCCESS) {
+			DBG_ERR("could not update components  %s  %s\n",
+				ldb_dn_get_linearized(exact->dsdb_dn->dn),
+				ldb_dn_get_linearized(new_dn)
+				);
+
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+		*(exact->v) = data_blob_string_const(
+				dsdb_dn_get_extended_linearized(el->values,
+								exact->dsdb_dn,
+								1));
+	} else {
+		/*
+		 * The forward link is a DN+Binary (or in some alternate
+		 * universes, DN+String), which means the parsed_dns are keyed
+		 * on GUID+Binary. We don't know the binary part, which means
+		 * from our point of view the list can have entries with
+		 * duplicate GUIDs that we can't tell apart. We don't know
+		 * which backlink belongs to which GUID+binary, and the binary
+		 * search will always find the same one. That means one link
+		 * link will get fixed n times, whil n-1 links get fixed
+		 * never.
+		 *
+		 * If we instead fixing all the possible links, we end up
+		 * fixing n links n times, which at least works and is
+		 * probably not too costly because n is probably small.
+		 */
+		struct parsed_dn *first = exact;
+		struct parsed_dn *last = exact;
+		struct parsed_dn *p = NULL;
+		int cmp;
+		while (first > pdn_list) {
+			p = first - 1;
+			if (p->dsdb_dn == NULL) {
+				ret = really_parse_trusted_dn(tmp_ctx,
+							      ldb, p,
+							      syntax_oid);
+				if (ret != LDB_SUCCESS) {
+					talloc_free(tmp_ctx);
+					return ret;
+				}
+			}
+			cmp = ndr_guid_compare(&exact->guid, &p->guid);
+			if (cmp != 0) {
+				break;
+			}
+			first = p;
+		}
+
+		while (last < pdn_list + num_parsed_dns - 1) {
+			p = last + 1;
+			if (p->dsdb_dn == NULL) {
+				ret = really_parse_trusted_dn(tmp_ctx,
+							      ldb, p,
+							      syntax_oid);
+				if (ret != LDB_SUCCESS) {
+					talloc_free(tmp_ctx);
+					return ret;
+				}
+			}
+			cmp = ndr_guid_compare(&exact->guid, &p->guid);
+			if (cmp != 0) {
+				break;
+			}
+			last = p;
+		}
+
+		for (p = first; p <= last; p++) {
+			ret = ldb_dn_update_components(p->dsdb_dn->dn, new_dn);
+			if (ret != LDB_SUCCESS) {
+				DBG_ERR("could not update components  %s  %s\n",
+					ldb_dn_get_linearized(p->dsdb_dn->dn),
+					ldb_dn_get_linearized(new_dn)
+					);
+				talloc_free(tmp_ctx);
+				return ret;
+			}
+			*(p->v) = data_blob_string_const(
+				   dsdb_dn_get_extended_linearized(el->values,
+								   p->dsdb_dn,
+								   1));
+		}
+	}
+
+	talloc_free(tmp_ctx);
+	return LDB_SUCCESS;
+}
+
+
+static int linked_attributes_fix_links(struct ldb_module *module,
+				       struct GUID self_guid,
+				       struct ldb_dn *old_dn,
+				       struct ldb_dn *new_dn,
+				       struct ldb_message_element *el,
+				       struct dsdb_schema *schema,
+				       const struct dsdb_attribute *schema_attr,
+				       struct ldb_request *parent)
+{
+	unsigned int i;
+	TALLOC_CTX *tmp_ctx = NULL;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	const struct dsdb_attribute *target = NULL;
+	const char *attrs[2];
+	int ret;
+	struct la_private *la_private = NULL;
+
+	target = dsdb_attribute_by_linkID(schema, schema_attr->linkID ^ 1);
+	if (target == NULL) {
+		/* there is no counterpart link to change */
+		return LDB_SUCCESS;
+	}
+
+	tmp_ctx = talloc_new(module);
+	if (tmp_ctx == NULL) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	la_private = talloc_get_type(ldb_module_get_private(module),
+				     struct la_private);
+	if (la_private == NULL) {
+		talloc_free(tmp_ctx);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	attrs[0] = target->lDAPDisplayName;
+	attrs[1] = NULL;
+
+	for (i=0; i<el->num_values; i++) {
+		struct dsdb_dn *dsdb_dn = NULL;
+		struct ldb_result *res = NULL;
+		struct ldb_message *msg  = NULL;
+		struct ldb_message_element *el2 = NULL;
+		struct GUID link_guid;
+		char *link_guid_str = NULL;
+
+		dsdb_dn = dsdb_dn_parse(tmp_ctx, ldb, &el->values[i],
+					schema_attr->syntax->ldap_oid);
+		if (dsdb_dn == NULL) {
+			talloc_free(tmp_ctx);
+			return LDB_ERR_INVALID_DN_SYNTAX;
+		}
+
+		ret = la_guid_from_dn(module, parent, dsdb_dn->dn, &link_guid);
+		if (ret != LDB_SUCCESS) {
+			ldb_asprintf_errstring(ldb, "Linked attribute %s->%s between %s and %s - GUID not found - %s",
+					       el->name, target->lDAPDisplayName,
+					       ldb_dn_get_linearized(old_dn),
+					       ldb_dn_get_linearized(dsdb_dn->dn),
+					       ldb_errstring(ldb));
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+
+		link_guid_str = GUID_string(tmp_ctx, &link_guid);
+		if (link_guid_str == NULL) {
+			talloc_free(tmp_ctx);
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+
+		/*
+		 * get the existing message from the db for the object with
+		 * this GUID, returning attribute being modified. We will then
+		 * use this msg as the basis for a modify call
+		 */
+
+		ret = dsdb_module_search(module, tmp_ctx, &res, NULL, LDB_SCOPE_SUBTREE, attrs,
+					 DSDB_FLAG_NEXT_MODULE |
+					 DSDB_SEARCH_SEARCH_ALL_PARTITIONS |
+					 DSDB_SEARCH_SHOW_RECYCLED |
+					 DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT |
+					 DSDB_SEARCH_REVEAL_INTERNALS,
+					 parent,
+					 "objectGUID=%s", link_guid_str);
+		if (ret != LDB_SUCCESS) {
+			ldb_asprintf_errstring(ldb, "Linked attribute %s->%s between %s and %s - target GUID %s not found - %s",
+					       el->name, target->lDAPDisplayName,
+					       ldb_dn_get_linearized(old_dn),
+					       ldb_dn_get_linearized(dsdb_dn->dn),
+					       link_guid_str,
+					       ldb_errstring(ldb));
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+		if (res->count == 0) {
+			/* Forward link without backlink object remaining - nothing to do here */
+			continue;
+		}
+		if (res->count != 1) {
+			ldb_asprintf_errstring(ldb, "Linked attribute %s->%s between %s and %s - target GUID %s found more than once!",
+					       el->name, target->lDAPDisplayName,
+					       ldb_dn_get_linearized(old_dn),
+					       ldb_dn_get_linearized(dsdb_dn->dn),
+					       link_guid_str);
+			talloc_free(tmp_ctx);
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+
+		msg = res->msgs[0];
+
+		if (msg->num_elements == 0) {
+			/* Forward link without backlink remaining - nothing to do here */
+			continue;
+		} else if (msg->num_elements != 1) {
+			ldb_asprintf_errstring(ldb, "Bad msg elements - got %u elements, expected one element to be returned in linked_attributes_fix_links for %s",
+					       msg->num_elements, ldb_dn_get_linearized(msg->dn));
+			talloc_free(tmp_ctx);
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+		if (ldb_attr_cmp(msg->elements[0].name, target->lDAPDisplayName) != 0) {
+			ldb_asprintf_errstring(ldb, "Bad returned attribute in linked_attributes_fix_links: got %s, expected %s for %s", msg->elements[0].name, target->lDAPDisplayName, ldb_dn_get_linearized(msg->dn));
+			talloc_free(tmp_ctx);
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+		el2 = &msg->elements[0];
+
+		el2->flags = LDB_FLAG_MOD_REPLACE;
+
+		if (target->linkID & 1 ||
+			! la_private->sorted_links) {
+			/* handle backlinks (which aren't sorted in the DB)
+			   and forward links in old unsorted databases. */
+			ret = linked_attributes_fix_link_slow(
+				module,
+				parent,
+				msg,
+				new_dn,
+				self_guid,
+				target->syntax->ldap_oid,
+				schema_attr->syntax->ldap_oid);
+		} else {
+			/* we can binary search to find forward links */
+			ret = linked_attributes_fix_forward_link(
+				module,
+				msg,
+				new_dn,
+				self_guid,
+				target->syntax->ldap_oid);
+		}
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+		ret = dsdb_check_single_valued_link(target, el2);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+
+		/* we may be putting multiple values in an attribute -
+		   disable checking for this attribute */
+		el2->flags |= LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK;
+
+		ret = dsdb_module_modify(module, msg, DSDB_FLAG_NEXT_MODULE, parent);
+		if (ret != LDB_SUCCESS) {
+			ldb_asprintf_errstring(ldb, "Linked attribute %s->%s between %s and %s - update failed - %s",
+					       el->name, target->lDAPDisplayName,
+					       ldb_dn_get_linearized(old_dn),
+					       ldb_dn_get_linearized(dsdb_dn->dn),
+					       ldb_errstring(ldb));
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+	}
+
+	talloc_free(tmp_ctx);
+	return LDB_SUCCESS;
+}
+
+
+/* rename */
+static int linked_attributes_rename(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_result *res;
+	struct ldb_message *msg;
+	unsigned int i;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct dsdb_schema *schema;
+	int ret;
+	struct GUID guid;
+
+	/*
+	   - load the current msg
+	   - find any linked attributes
+	   - if its a link then find the target object
+	   - modify the target linked attributes with the new DN
+	*/
+	ret = dsdb_module_search_dn(module, req, &res, req->op.rename.olddn,
+				    NULL,
+				    DSDB_FLAG_NEXT_MODULE |
+				    DSDB_SEARCH_SHOW_EXTENDED_DN |
+				    DSDB_SEARCH_SHOW_RECYCLED, req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	schema = dsdb_get_schema(ldb, res);
+	if (!schema) {
+		return ldb_oom(ldb);
+	}
+
+	msg = res->msgs[0];
+
+	ret = la_guid_from_dn(module, req, msg->dn, &guid);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	for (i=0; i<msg->num_elements; i++) {
+		struct ldb_message_element *el = &msg->elements[i];
+		const struct dsdb_attribute *schema_attr
+			= dsdb_attribute_by_lDAPDisplayName(schema, el->name);
+		if (!schema_attr || schema_attr->linkID == 0) {
+			continue;
+		}
+		ret = linked_attributes_fix_links(module, guid, msg->dn, req->op.rename.newdn, el,
+						  schema, schema_attr, req);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(res);
+			return ret;
+		}
+	}
+
+	talloc_free(res);
+
+	return ldb_next_request(module, req);
+}
+
+
+/* queue a linked attributes modify request in the la_private
+   structure */
+static int la_queue_mod_request(struct la_context *ac)
+{
+	struct la_private *la_private =
+		talloc_get_type(ldb_module_get_private(ac->module),
+				struct la_private);
+
+	if (la_private == NULL || la_private->transaction == NULL) {
+		ldb_debug(ldb_module_get_ctx(ac->module),
+			  LDB_DEBUG_ERROR,
+			  __location__ ": No la_private transaction setup\n");
+		return ldb_operr(ldb_module_get_ctx(ac->module));
+	}
+
+	talloc_steal(la_private->transaction, ac);
+	DLIST_ADD(la_private->transaction->la_list, ac);
+
+	return ldb_module_done(ac->req, ac->op_controls,
+			       ac->op_response, LDB_SUCCESS);
+}
+
+/* Having done the original operation, then try to fix up all the linked attributes for modify and delete */
+static int la_mod_del_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	struct la_context *ac;
+	struct ldb_context *ldb;
+	int ret;
+
+	ac = talloc_get_type(req->context, struct la_context);
+	ldb = ldb_module_get_ctx(ac->module);
+
+	if (!ares) {
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	if (ares->type != LDB_REPLY_DONE) {
+		ldb_set_errstring(ldb,
+		     "invalid reply type in linked attributes delete callback");
+		talloc_free(ares);
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+
+	ac->op_controls = talloc_steal(ac, ares->controls);
+	ac->op_response = talloc_steal(ac, ares->response);
+
+	/* If we have modifies to make, this is the time to do them for modify and delete */
+	ret = la_queue_mod_request(ac);
+
+	if (ret != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, NULL, NULL, ret);
+	}
+	talloc_free(ares);
+
+	/* la_queue_mod_request has already sent the callbacks */
+	return LDB_SUCCESS;
+
+}
+
+/* Having done the original add, then try to fix up all the linked attributes
+
+  This is done after the add so the links can get the extended DNs correctly.
+ */
+static int la_add_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	struct la_context *ac;
+	struct ldb_context *ldb;
+	int ret;
+
+	ac = talloc_get_type(req->context, struct la_context);
+	ldb = ldb_module_get_ctx(ac->module);
+
+	if (!ares) {
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	if (ares->type != LDB_REPLY_DONE) {
+		ldb_set_errstring(ldb,
+			"invalid reply type in linked attributes add callback");
+		talloc_free(ares);
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+
+	if (ac->ops) {
+		struct ldb_request *search_req;
+		static const char *attrs[] = { NULL };
+
+		/* The callback does all the hard work here - we need
+		 * the objectGUID and SID of the added record */
+		ret = ldb_build_search_req(&search_req, ldb, ac,
+					   ac->req->op.add.message->dn,
+					   LDB_SCOPE_BASE,
+					   "(objectClass=*)", attrs,
+					   NULL,
+					   ac, la_mod_search_callback,
+					   ac->req);
+		LDB_REQ_SET_LOCATION(search_req);
+
+		if (ret == LDB_SUCCESS) {
+			ret = dsdb_request_add_controls(search_req,
+							DSDB_SEARCH_SHOW_RECYCLED |
+							DSDB_SEARCH_SHOW_EXTENDED_DN);
+		}
+		if (ret != LDB_SUCCESS) {
+			return ldb_module_done(ac->req, NULL, NULL,
+					       ret);
+		}
+
+		ac->op_controls = talloc_steal(ac, ares->controls);
+		ac->op_response = talloc_steal(ac, ares->response);
+
+		return ldb_next_request(ac->module, search_req);
+
+	} else {
+		return ldb_module_done(ac->req, ares->controls,
+				       ares->response, ares->error);
+	}
+}
+
+/* Reconstruct the original request, but pointing at our local callback to finish things off */
+static int la_down_req(struct la_context *ac)
+{
+	struct ldb_request *down_req;
+	struct ldb_context *ldb;
+	int ret;
+
+	ldb = ldb_module_get_ctx(ac->module);
+
+	switch (ac->req->operation) {
+	case LDB_ADD:
+		ret = ldb_build_add_req(&down_req, ldb, ac,
+					ac->req->op.add.message,
+					ac->req->controls,
+					ac, la_add_callback,
+					ac->req);
+		LDB_REQ_SET_LOCATION(down_req);
+		break;
+	case LDB_MODIFY:
+		ret = ldb_build_mod_req(&down_req, ldb, ac,
+					ac->req->op.mod.message,
+					ac->req->controls,
+					ac, la_mod_del_callback,
+					ac->req);
+		LDB_REQ_SET_LOCATION(down_req);
+		break;
+	default:
+		ret = LDB_ERR_OPERATIONS_ERROR;
+	}
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return ldb_next_request(ac->module, down_req);
+}
+
+/*
+  use the GUID part of an extended DN to find the target DN, in case
+  it has moved
+ */
+static int la_find_dn_target(struct ldb_module *module, struct la_context *ac,
+			     struct GUID *guid, struct ldb_dn **dn)
+{
+	return dsdb_module_dn_by_guid(ac->module, ac, guid, dn, ac->req);
+}
+
+/* apply one la_context op change */
+static int la_do_op_request(struct ldb_module *module, struct la_context *ac, struct la_op_store *op)
+{
+	struct ldb_message_element *ret_el;
+	struct ldb_message *new_msg;
+	struct ldb_context *ldb;
+	int ret;
+
+	if (ac->mod_dn == NULL) {
+		/* we didn't find the DN that we searched for */
+		return LDB_SUCCESS;
+	}
+
+	ldb = ldb_module_get_ctx(ac->module);
+
+	/* Create the modify request */
+	new_msg = ldb_msg_new(ac);
+	if (!new_msg) {
+		return ldb_oom(ldb);
+	}
+
+	ret = la_find_dn_target(module, ac, &op->guid, &new_msg->dn);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (op->op == LA_OP_ADD) {
+		ret = ldb_msg_add_empty(new_msg, op->name,
+					LDB_FLAG_MOD_ADD, &ret_el);
+	} else {
+		ret = ldb_msg_add_empty(new_msg, op->name,
+					LDB_FLAG_MOD_DELETE, &ret_el);
+	}
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	ret_el->values = talloc_array(new_msg, struct ldb_val, 1);
+	if (!ret_el->values) {
+		return ldb_oom(ldb);
+	}
+	ret_el->num_values = 1;
+	ret_el->values[0] = data_blob_string_const(ldb_dn_get_extended_linearized(new_msg, ac->mod_dn, 1));
+
+	/* a backlink should never be single valued. Unfortunately the
+	   exchange schema has a attribute
+	   msExchBridgeheadedLocalConnectorsDNBL which is single
+	   valued and a backlink. We need to cope with that by
+	   ignoring the single value flag */
+	ret_el->flags |= LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK;
+
+#if 0
+	ldb_debug(ldb, LDB_DEBUG_WARNING,
+		  "link on %s %s: %s %s\n",
+		  ldb_dn_get_linearized(new_msg->dn), ret_el->name,
+		  ret_el->values[0].data, ac->ops->op == LA_OP_ADD ? "added" : "deleted");
+#endif
+
+	if (DEBUGLVL(4)) {
+		DEBUG(4,("Applying linked attribute change:\n%s\n",
+			 ldb_ldif_message_redacted_string(ldb, op,
+							  LDB_CHANGETYPE_MODIFY,
+							  new_msg)));
+	}
+
+	ret = dsdb_module_modify(module, new_msg, DSDB_FLAG_NEXT_MODULE, ac->req);
+	if (ret != LDB_SUCCESS) {
+		ldb_debug(ldb, LDB_DEBUG_WARNING, __location__ ": failed to apply linked attribute change '%s'\n%s\n",
+			  ldb_errstring(ldb),
+			  ldb_ldif_message_redacted_string(ldb, op,
+							   LDB_CHANGETYPE_MODIFY,
+							   new_msg));
+	}
+
+	return ret;
+}
+
+/* apply one set of la_context changes */
+static int la_do_mod_request(struct ldb_module *module, struct la_context *ac)
+{
+	struct la_op_store *op;
+
+	for (op = ac->ops; op; op=op->next) {
+		int ret = la_do_op_request(module, ac, op);
+		if (ret != LDB_SUCCESS) {
+			if (ret != LDB_ERR_NO_SUCH_OBJECT) {
+				return ret;
+			}
+		}
+	}
+
+	return LDB_SUCCESS;
+}
+
+
+/*
+  we hook into the transaction operations to allow us to
+  perform the linked attribute updates at the end of the whole
+  transaction. This allows a forward linked attribute to be created
+  before the target is created, as long as the target is created
+  in the same transaction
+ */
+static int linked_attributes_start_transaction(struct ldb_module *module)
+{
+	/* create our private structure for this transaction */
+	struct la_private *la_private =
+		talloc_get_type(ldb_module_get_private(module),
+				struct la_private);
+
+	if (la_private == NULL) {
+		return ldb_oom(ldb_module_get_ctx(module));
+	}
+	talloc_free(la_private->transaction);
+	la_private->transaction = talloc(module, struct la_private_transaction);
+	if (la_private->transaction == NULL) {
+		return ldb_oom(ldb_module_get_ctx(module));
+	}
+	la_private->transaction->la_list = NULL;
+	return ldb_next_start_trans(module);
+}
+
+/*
+  on prepare commit we loop over our queued la_context structures
+  and apply each of them
+ */
+static int linked_attributes_prepare_commit(struct ldb_module *module)
+{
+	struct la_context *ac;
+	struct la_private *la_private =
+		talloc_get_type(ldb_module_get_private(module),
+				struct la_private);
+	if (la_private == NULL || la_private->transaction == NULL) {
+		DBG_ERR("prepare_commit without begin_transaction\n");
+		/* prepare commit without begin_transaction - let someone else
+		 * return the error, just don't segfault */
+		return ldb_next_prepare_commit(module);
+	}
+	/* walk the list backwards, to do the first entry first, as we
+	 * added the entries with DLIST_ADD() which puts them at the
+	 * start of the list */
+
+	/* Start at the end of the list - so we can start
+	 * there, but ensure we don't create a loop by NULLing
+	 * it out in the first element */
+	ac = DLIST_TAIL(la_private->transaction->la_list);
+
+	for (; ac; ac=DLIST_PREV(ac)) {
+		int ret;
+		ac->req = NULL;
+		ret = la_do_mod_request(module, ac);
+		if (ret != LDB_SUCCESS) {
+			DEBUG(0,(__location__ ": Failed mod request ret=%d\n", ret));
+			TALLOC_FREE(la_private->transaction);
+			return ret;
+		}
+	}
+
+	TALLOC_FREE(la_private->transaction);
+
+	return ldb_next_prepare_commit(module);
+}
+
+static int linked_attributes_del_transaction(struct ldb_module *module)
+{
+	struct la_private *la_private =
+		talloc_get_type(ldb_module_get_private(module),
+				struct la_private);
+	TALLOC_FREE(la_private->transaction);
+	return ldb_next_del_trans(module);
+}
+
+static int linked_attributes_ldb_init(struct ldb_module *module)
+{
+	int ret;
+	struct la_private *la_private = NULL;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+
+	ret = ldb_mod_register_control(module, LDB_CONTROL_VERIFY_NAME_OID);
+	if (ret != LDB_SUCCESS) {
+		ldb_debug(ldb_module_get_ctx(module), LDB_DEBUG_ERROR,
+			"verify_name: Unable to register control with rootdse!\n");
+		return ldb_operr(ldb_module_get_ctx(module));
+	}
+
+	la_private = talloc_zero(module, struct la_private);
+	if (la_private == NULL) {
+		ldb_oom(ldb);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	ret = dsdb_check_samba_compatible_feature(module,
+						  SAMBA_SORTED_LINKS_FEATURE,
+						  &la_private->sorted_links);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(la_private);
+		return ret;
+	}
+
+	ldb_module_set_private(module, la_private);
+	return ldb_next_init(module);
+}
+
+
+static const struct ldb_module_ops ldb_linked_attributes_module_ops = {
+	.name		   = "linked_attributes",
+	.add               = linked_attributes_add,
+	.modify            = linked_attributes_modify,
+	.rename            = linked_attributes_rename,
+	.init_context      = linked_attributes_ldb_init,
+	.start_transaction = linked_attributes_start_transaction,
+	.prepare_commit    = linked_attributes_prepare_commit,
+	.del_transaction   = linked_attributes_del_transaction,
+};
+
+int ldb_linked_attributes_module_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_linked_attributes_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/netlogon.c b/source4/dsdb/samdb/ldb_modules/netlogon.c
new file mode 100644
index 0000000..479b3a6
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/netlogon.c
@@ -0,0 +1,516 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   CLDAP server - netlogon handling
+
+   Copyright (C) Andrew Tridgell	2005
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2008
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <ldb.h>
+#include <ldb_errors.h>
+#include "lib/events/events.h"
+#include "samba/service_task.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "libcli/ldap/ldap_ndr.h"
+#include "libcli/security/security.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+#include "auth/auth.h"
+#include "ldb_wrap.h"
+#include "system/network.h"
+#include "lib/socket/netif.h"
+#include "param/param.h"
+#include "../lib/tsocket/tsocket.h"
+#include "libds/common/flag_mapping.h"
+#include "lib/util/util_net.h"
+
+#undef strcasecmp
+
+/*
+  fill in the cldap netlogon union for a given version
+*/
+NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
+					 TALLOC_CTX *mem_ctx,
+					 const char *domain,
+					 const char *netbios_domain,
+					 struct dom_sid *domain_sid,
+					 const char *domain_guid,
+					 const char *user,
+					 uint32_t acct_control,
+					 const char *src_address,
+					 uint32_t version,
+					 struct loadparm_context *lp_ctx,
+					 struct netlogon_samlogon_response *netlogon,
+					 bool fill_on_blank_request)
+{
+	const char *dom_attrs[] = {"objectGUID", NULL};
+	const char *none_attrs[] = {NULL};
+	struct ldb_result *dom_res = NULL;
+	int ret;
+	const char **services = lpcfg_server_services(lp_ctx);
+	uint32_t server_type;
+	const char *pdc_name;
+	struct GUID domain_uuid;
+	const char *dns_domain;
+	const char *forest_domain;
+	const char *pdc_dns_name;
+	const char *flatname;
+	const char *server_site;
+	const char *client_site;
+	const char *pdc_ip;
+	struct ldb_dn *domain_dn = NULL;
+	struct interface *ifaces;
+	bool user_known = false, am_rodc = false;
+	uint32_t uac = 0;
+	int dc_level;
+	NTSTATUS status;
+
+	/* the domain parameter could have an optional trailing "." */
+	if (domain && domain[strlen(domain)-1] == '.') {
+		domain = talloc_strndup(mem_ctx, domain, strlen(domain)-1);
+		NT_STATUS_HAVE_NO_MEMORY(domain);
+	}
+
+	/* Lookup using long or short domainname */
+	if (domain && (strcasecmp_m(domain, lpcfg_dnsdomain(lp_ctx)) == 0)) {
+		domain_dn = ldb_get_default_basedn(sam_ctx);
+	}
+	if (netbios_domain && (strcasecmp_m(netbios_domain, lpcfg_sam_name(lp_ctx)) == 0)) {
+		domain_dn = ldb_get_default_basedn(sam_ctx);
+	}
+	if (domain_dn) {
+		const char *domain_identifier = domain != NULL ? domain
+							: netbios_domain;
+		ret = ldb_search(sam_ctx, mem_ctx, &dom_res,
+				 domain_dn, LDB_SCOPE_BASE, dom_attrs,
+				 "objectClass=domain");
+		if (ret != LDB_SUCCESS) {
+			DEBUG(2,("Error finding domain '%s'/'%s' in sam: %s\n",
+				 domain_identifier,
+				 ldb_dn_get_linearized(domain_dn),
+				 ldb_errstring(sam_ctx)));
+			return NT_STATUS_NO_SUCH_DOMAIN;
+		}
+		if (dom_res->count != 1) {
+			DEBUG(2,("Error finding domain '%s'/'%s' in sam\n",
+				 domain_identifier,
+				 ldb_dn_get_linearized(domain_dn)));
+			return NT_STATUS_NO_SUCH_DOMAIN;
+		}
+	}
+
+	/* Lookup using GUID or SID */
+	if ((dom_res == NULL) && (domain_guid || domain_sid)) {
+		if (domain_guid) {
+			struct GUID binary_guid;
+			struct ldb_val guid_val;
+
+			/* By this means, we ensure we don't have funny stuff in the GUID */
+
+			status = GUID_from_string(domain_guid, &binary_guid);
+			if (!NT_STATUS_IS_OK(status)) {
+				return status;
+			}
+
+			/* And this gets the result into the binary format we want anyway */
+			status = GUID_to_ndr_blob(&binary_guid, mem_ctx, &guid_val);
+			if (!NT_STATUS_IS_OK(status)) {
+				return status;
+			}
+			ret = ldb_search(sam_ctx, mem_ctx, &dom_res,
+						 NULL, LDB_SCOPE_SUBTREE, 
+						 dom_attrs, 
+						 "(&(objectCategory=DomainDNS)(objectGUID=%s))", 
+						 ldb_binary_encode(mem_ctx, guid_val));
+		} else { /* domain_sid case */
+			ret = ldb_search(sam_ctx, mem_ctx, &dom_res,
+					 NULL, LDB_SCOPE_SUBTREE,
+					 dom_attrs,
+					 "(&(objectCategory=DomainDNS)(objectSid=%s))",
+					 dom_sid_string(mem_ctx, domain_sid));
+		}
+		
+		if (ret != LDB_SUCCESS) {
+			DEBUG(2,("Unable to find a correct reference to GUID '%s' or SID '%s' in sam: %s\n",
+				 domain_guid, dom_sid_string(mem_ctx, domain_sid),
+				 ldb_errstring(sam_ctx)));
+			return NT_STATUS_NO_SUCH_DOMAIN;
+		} else if (dom_res->count == 1) {
+			/* Ok, now just check it is our domain */
+			if (ldb_dn_compare(ldb_get_default_basedn(sam_ctx),
+					   dom_res->msgs[0]->dn) != 0) {
+				DEBUG(2,("The GUID '%s' or SID '%s' doesn't identify our domain\n",
+					 domain_guid,
+					 dom_sid_string(mem_ctx, domain_sid)));
+				return NT_STATUS_NO_SUCH_DOMAIN;
+			}
+		} else {
+			DEBUG(2,("Unable to find a correct reference to GUID '%s' or SID '%s' in sam\n",
+				 domain_guid, dom_sid_string(mem_ctx, domain_sid)));
+			return NT_STATUS_NO_SUCH_DOMAIN;
+		}
+	}
+
+	if (dom_res == NULL && fill_on_blank_request) {
+		/* blank inputs gives our domain - tested against
+		   w2k8r2. Without this ADUC on Win7 won't start */
+		domain_dn = ldb_get_default_basedn(sam_ctx);
+		ret = ldb_search(sam_ctx, mem_ctx, &dom_res,
+				 domain_dn, LDB_SCOPE_BASE, dom_attrs,
+				 "objectClass=domain");
+		if (ret != LDB_SUCCESS) {
+			DEBUG(2,("Error finding domain '%s'/'%s' in sam: %s\n",
+				 lpcfg_dnsdomain(lp_ctx),
+				 ldb_dn_get_linearized(domain_dn),
+				 ldb_errstring(sam_ctx)));
+			return NT_STATUS_NO_SUCH_DOMAIN;
+		}
+	}
+
+        if (dom_res == NULL) {
+		DEBUG(2,(__location__ ": Unable to get domain information with no inputs\n"));
+		return NT_STATUS_NO_SUCH_DOMAIN;
+	}
+
+	/* work around different inputs for not-specified users */
+	if (!user) {
+		user = "";
+	}
+
+	/* Enquire about any valid username with just a CLDAP packet -
+	 * if kerberos didn't also do this, the security folks would
+	 * scream... */
+	if (user[0]) {
+		/* Only allow some bits to be enquired:  [MS-ATDS] 7.3.3.2 */
+		if (acct_control == (uint32_t)-1) {
+			acct_control = 0;
+		}
+		/*
+		 * ACB_AUTOLOCK/UF_LOCKOUT seems to be a special
+		 * hack for SEC_CHAN_DNS_DOMAIN.
+		 *
+		 * It's used together with user = "example.com."
+		 */
+		if (acct_control != ACB_AUTOLOCK) {
+			acct_control &= (ACB_TEMPDUP | ACB_NORMAL | ACB_DOMTRUST | ACB_WSTRUST | ACB_SVRTRUST);
+		}
+		uac = ds_acb2uf(acct_control);
+	}
+
+	if (uac == UF_LOCKOUT) {
+		struct ldb_message *tdo_msg = NULL;
+
+		/*
+		 * ACB_AUTOLOCK/UF_LOCKOUT seems to be a special
+		 * hack for SEC_CHAN_DNS_DOMAIN.
+		 *
+		 * It's used together with user = "example.com."
+		 */
+		status = dsdb_trust_search_tdo_by_type(sam_ctx,
+						       SEC_CHAN_DNS_DOMAIN,
+						       user, none_attrs,
+						       mem_ctx, &tdo_msg);
+		if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+			user_known = false;
+		} else if (NT_STATUS_IS_OK(status)) {
+			TALLOC_FREE(tdo_msg);
+			user_known = true;
+		} else {
+			DEBUG(2,("Unable to find reference to TDO '%s' - %s\n",
+				 user, nt_errstr(status)));
+			return status;
+		}
+	} else if (user[0]) {
+		struct ldb_result *user_res = NULL;
+		const char *user_encoded = NULL;
+
+		user_encoded = ldb_binary_encode_string(mem_ctx, user);
+		if (user_encoded == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		/* We must exclude disabled accounts, but otherwise do the bitwise match the client asked for */
+		ret = ldb_search(sam_ctx, mem_ctx, &user_res,
+					 dom_res->msgs[0]->dn, LDB_SCOPE_SUBTREE, 
+					 none_attrs, 
+					 "(&(objectClass=user)(samAccountName=%s)"
+					 "(!(userAccountControl:" LDB_OID_COMPARATOR_AND ":=%u))"
+					 "(userAccountControl:" LDB_OID_COMPARATOR_OR ":=%u))", 
+					 user_encoded,
+					 UF_ACCOUNTDISABLE, uac);
+		if (ret != LDB_SUCCESS) {
+			DEBUG(2,("Unable to find reference to user '%s' with ACB 0x%8x under %s: %s\n",
+				 user, acct_control, ldb_dn_get_linearized(dom_res->msgs[0]->dn),
+				 ldb_errstring(sam_ctx)));
+			return NT_STATUS_NO_SUCH_USER;
+		} else if (user_res->count == 1) {
+			user_known = true;
+		} else {
+			user_known = false;
+		}
+		TALLOC_FREE(user_res);
+	} else {
+		user_known = true;
+	}
+
+	server_type = DS_SERVER_DS;
+
+	if (samdb_is_pdc(sam_ctx)) {
+		server_type |= DS_SERVER_PDC;
+	}
+
+	if (samdb_is_gc(sam_ctx)) {
+		server_type |= DS_SERVER_GC;
+	}
+
+	if (str_list_check(services, "ldap")) {
+		server_type |= DS_SERVER_LDAP;
+	}
+
+	if (str_list_check(services, "kdc")) {
+		server_type |= DS_SERVER_KDC;
+	}
+
+	if (str_list_check(services, "ntp_signd")) {
+		server_type |= DS_SERVER_TIMESERV | DS_SERVER_GOOD_TIMESERV;
+	}
+
+	if (samdb_rodc(sam_ctx, &am_rodc) == LDB_SUCCESS && !am_rodc) {
+		server_type |= DS_SERVER_WRITABLE;
+	}
+
+	dc_level = dsdb_dc_functional_level(sam_ctx);
+	if (dc_level >= DS_DOMAIN_FUNCTION_2008) {
+		if (server_type & DS_SERVER_WRITABLE) {
+			server_type |= DS_SERVER_FULL_SECRET_DOMAIN_6;
+		} else {
+			server_type |= DS_SERVER_SELECT_SECRET_DOMAIN_6;
+		}
+	}
+
+	if (dc_level >= DS_DOMAIN_FUNCTION_2012) {
+		server_type |= DS_SERVER_DS_8;
+	}
+
+	if (dc_level >= DS_DOMAIN_FUNCTION_2012_R2) {
+		server_type |= DS_SERVER_DS_9;
+	}
+
+	if (dc_level >= DS_DOMAIN_FUNCTION_2016) {
+		server_type |= DS_SERVER_DS_10;
+	}
+
+	if (version & (NETLOGON_NT_VERSION_5EX|NETLOGON_NT_VERSION_5EX_WITH_IP)) {
+		pdc_name = lpcfg_netbios_name(lp_ctx);
+	} else {
+		pdc_name = talloc_asprintf(mem_ctx, "\\\\%s",
+					   lpcfg_netbios_name(lp_ctx));
+		NT_STATUS_HAVE_NO_MEMORY(pdc_name);
+	}
+	domain_uuid      = samdb_result_guid(dom_res->msgs[0], "objectGUID");
+	dns_domain       = lpcfg_dnsdomain(lp_ctx);
+	forest_domain    = samdb_forest_name(sam_ctx, mem_ctx);
+	NT_STATUS_HAVE_NO_MEMORY(forest_domain);
+	pdc_dns_name     = talloc_asprintf(mem_ctx, "%s.%s", 
+					   strlower_talloc(mem_ctx, 
+							   lpcfg_netbios_name(lp_ctx)),
+					   dns_domain);
+	NT_STATUS_HAVE_NO_MEMORY(pdc_dns_name);
+	flatname         = lpcfg_workgroup(lp_ctx);
+
+	server_site      = samdb_server_site_name(sam_ctx, mem_ctx);
+	NT_STATUS_HAVE_NO_MEMORY(server_site);
+	client_site      = samdb_client_site_name(sam_ctx, mem_ctx,
+						  src_address, NULL,
+						  true);
+	NT_STATUS_HAVE_NO_MEMORY(client_site);
+	if (strcasecmp(server_site, client_site) == 0) {
+		server_type |= DS_SERVER_CLOSEST;
+	}
+
+	load_interface_list(mem_ctx, lp_ctx, &ifaces);
+	if (src_address) {
+		pdc_ip = iface_list_best_ip(ifaces, src_address);
+	} else {
+		pdc_ip = iface_list_first_v4(ifaces);
+	}
+	if (pdc_ip == NULL || !is_ipaddress_v4(pdc_ip)) {
+		/* this matches windows behaviour */
+		pdc_ip = "127.0.0.1";
+	}
+
+	ZERO_STRUCTP(netlogon);
+
+	/* check if either of these bits is present */
+	if (version & (NETLOGON_NT_VERSION_5EX|NETLOGON_NT_VERSION_5EX_WITH_IP)) {
+		uint32_t extra_flags = 0;
+		netlogon->ntver = NETLOGON_NT_VERSION_5EX;
+
+		/* could check if the user exists */
+		if (user_known) {
+			netlogon->data.nt5_ex.command      = LOGON_SAM_LOGON_RESPONSE_EX;
+		} else {
+			netlogon->data.nt5_ex.command      = LOGON_SAM_LOGON_USER_UNKNOWN_EX;
+		}
+		netlogon->data.nt5_ex.pdc_name     = pdc_name;
+		netlogon->data.nt5_ex.user_name    = user;
+		netlogon->data.nt5_ex.domain_name  = flatname;
+		netlogon->data.nt5_ex.domain_uuid  = domain_uuid;
+		netlogon->data.nt5_ex.forest       = forest_domain;
+		netlogon->data.nt5_ex.dns_domain   = dns_domain;
+		netlogon->data.nt5_ex.pdc_dns_name = pdc_dns_name;
+		netlogon->data.nt5_ex.server_site  = server_site;
+		netlogon->data.nt5_ex.client_site  = client_site;
+		if (version & NETLOGON_NT_VERSION_5EX_WITH_IP) {
+			/* note that this is always a IPV4 address */
+			extra_flags = NETLOGON_NT_VERSION_5EX_WITH_IP;
+			netlogon->data.nt5_ex.sockaddr.sockaddr_family    = 2;
+			netlogon->data.nt5_ex.sockaddr.pdc_ip       = pdc_ip;
+			netlogon->data.nt5_ex.sockaddr.remaining = data_blob_talloc_zero(mem_ctx, 8);
+		}
+		netlogon->data.nt5_ex.server_type  = server_type;
+		netlogon->data.nt5_ex.nt_version   = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5EX|extra_flags;
+		netlogon->data.nt5_ex.lmnt_token   = 0xFFFF;
+		netlogon->data.nt5_ex.lm20_token   = 0xFFFF;
+
+	} else if (version & NETLOGON_NT_VERSION_5) {
+		netlogon->ntver = NETLOGON_NT_VERSION_5;
+
+		/* could check if the user exists */
+		if (user_known) {
+			netlogon->data.nt5.command      = LOGON_SAM_LOGON_RESPONSE;
+		} else {
+			netlogon->data.nt5.command      = LOGON_SAM_LOGON_USER_UNKNOWN;
+		}
+		netlogon->data.nt5.pdc_name     = pdc_name;
+		netlogon->data.nt5.user_name    = user;
+		netlogon->data.nt5.domain_name  = flatname;
+		netlogon->data.nt5.domain_uuid  = domain_uuid;
+		netlogon->data.nt5.forest       = forest_domain;
+		netlogon->data.nt5.dns_domain   = dns_domain;
+		netlogon->data.nt5.pdc_dns_name = pdc_dns_name;
+		netlogon->data.nt5.pdc_ip       = pdc_ip;
+		netlogon->data.nt5.server_type  = server_type;
+		netlogon->data.nt5.nt_version   = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5;
+		netlogon->data.nt5.lmnt_token   = 0xFFFF;
+		netlogon->data.nt5.lm20_token   = 0xFFFF;
+
+	} else /* (version & NETLOGON_NT_VERSION_1) and all other cases */ {
+		netlogon->ntver = NETLOGON_NT_VERSION_1;
+		/* could check if the user exists */
+		if (user_known) {
+			netlogon->data.nt4.command      = LOGON_SAM_LOGON_RESPONSE;
+		} else {
+			netlogon->data.nt4.command      = LOGON_SAM_LOGON_USER_UNKNOWN;
+		}
+		netlogon->data.nt4.pdc_name    = pdc_name;
+		netlogon->data.nt4.user_name   = user;
+		netlogon->data.nt4.domain_name = flatname;
+		netlogon->data.nt4.nt_version  = NETLOGON_NT_VERSION_1;
+		netlogon->data.nt4.lmnt_token  = 0xFFFF;
+		netlogon->data.nt4.lm20_token  = 0xFFFF;
+	}
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS parse_netlogon_request(struct ldb_parse_tree *tree,
+				struct loadparm_context *lp_ctx,
+				TALLOC_CTX *tmp_ctx,
+				const char **domain,
+				const char **host,
+				const char **user,
+				const char **domain_guid,
+				struct dom_sid **domain_sid,
+				int *acct_control,
+				int *version)
+{
+	unsigned int i;
+
+	*domain = NULL;
+	*host = NULL;
+	*user = NULL;
+	*domain_guid = NULL;
+	*domain_sid = NULL;
+	*acct_control = -1;
+	*version = NETLOGON_NT_VERSION_5;
+
+	if (tree->operation != LDB_OP_AND) goto failed;
+
+	/* extract the query elements */
+	for (i=0;i<tree->u.list.num_elements;i++) {
+		struct ldb_parse_tree *t = tree->u.list.elements[i];
+		if (t->operation != LDB_OP_EQUALITY) goto failed;
+		if (strcasecmp(t->u.equality.attr, "DnsDomain") == 0) {
+			*domain = talloc_strndup(tmp_ctx,
+						(const char *)t->u.equality.value.data,
+						t->u.equality.value.length);
+		}
+		if (strcasecmp(t->u.equality.attr, "Host") == 0) {
+			*host = talloc_strndup(tmp_ctx,
+					      (const char *)t->u.equality.value.data,
+					      t->u.equality.value.length);
+		}
+		if (strcasecmp(t->u.equality.attr, "DomainGuid") == 0) {
+			NTSTATUS enc_status;
+			struct GUID guid;
+			enc_status = ldap_decode_ndr_GUID(tmp_ctx, 
+							  t->u.equality.value, &guid);
+			if (NT_STATUS_IS_OK(enc_status)) {
+				*domain_guid = GUID_string(tmp_ctx, &guid);
+			}
+		}
+		if (strcasecmp(t->u.equality.attr, "DomainSid") == 0) {
+			enum ndr_err_code ndr_err;
+
+			*domain_sid = talloc(tmp_ctx, struct dom_sid);
+			if (*domain_sid == NULL) {
+				goto failed;
+			}
+			ndr_err = ndr_pull_struct_blob(&t->u.equality.value,
+						       *domain_sid, *domain_sid,
+						       (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
+			if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+				talloc_free(*domain_sid);
+				goto failed;
+			}
+		}
+		if (strcasecmp(t->u.equality.attr, "User") == 0) {
+			*user = talloc_strndup(tmp_ctx,
+					       (const char *)t->u.equality.value.data,
+					       t->u.equality.value.length);
+		}
+		if (strcasecmp(t->u.equality.attr, "NtVer") == 0 &&
+		    t->u.equality.value.length == 4) {
+			*version = IVAL(t->u.equality.value.data, 0);
+		}
+		if (strcasecmp(t->u.equality.attr, "AAC") == 0 &&
+		    t->u.equality.value.length == 4) {
+			*acct_control = IVAL(t->u.equality.value.data, 0);
+		}
+	}
+
+	if ((*domain == NULL) && (*domain_guid == NULL) && (*domain_sid == NULL)) {
+		*domain = lpcfg_dnsdomain(lp_ctx);
+	}
+
+	return NT_STATUS_OK;
+
+failed:
+	return NT_STATUS_UNSUCCESSFUL;
+}
diff --git a/source4/dsdb/samdb/ldb_modules/new_partition.c b/source4/dsdb/samdb/ldb_modules/new_partition.c
new file mode 100644
index 0000000..eaf7d43
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/new_partition.c
@@ -0,0 +1,213 @@
+/* 
+   ldb database library
+
+   Copyright (C) Simo Sorce  2004-2008
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
+   Copyright (C) Andrew Tridgell 2005
+   Copyright (C) Stefan Metzmacher <metze@samba.org> 2007
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: ldb
+ *
+ *  Component: ldb new partition module
+ *
+ *  Description: Handle the add of new partitions
+ *
+ *  Author: Andrew Bartlett
+ */
+
+#include "includes.h"
+#include "ldb.h"
+#include "ldb_module.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "dsdb/samdb/samdb.h"
+#include "../libds/common/flags.h"
+#include "dsdb/common/util.h"
+
+struct np_context {
+	struct ldb_module *module;
+	struct ldb_request *req;
+	struct ldb_request *search_req;
+	struct ldb_request *part_add;
+};
+
+static int np_part_mod_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	struct ldb_context *ldb;
+	struct np_context *ac;
+
+	ac = talloc_get_type(req->context, struct np_context);
+	ldb = ldb_module_get_ctx(ac->module);
+
+	if (!ares) {
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+
+	/* We just want to update the @PARTITIONS record if the value does not exist */
+	if (ares->error != LDB_SUCCESS && ares->error != LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS) {
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	if (ares->type != LDB_REPLY_DONE) {
+		ldb_asprintf_errstring(ldb, "Invalid LDB reply type %d", ares->type);
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+
+	ldb_reset_err_string(ldb);
+
+	/* Do the original add */
+	return ldb_next_request(ac->module, ac->req);
+}
+
+static int np_part_search_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	struct ldb_context *ldb;
+	struct np_context *ac;
+	struct dsdb_create_partition_exop *ex_op;
+	int ret;
+
+	ac = talloc_get_type(req->context, struct np_context);
+	ldb = ldb_module_get_ctx(ac->module);
+
+	if (!ares) {
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+
+	/* If this already exists, we really don't want to create a
+	 * partition - it would allow a duplicate entry to be
+	 * created */
+	if (ares->error != LDB_ERR_NO_SUCH_OBJECT) {
+		if (ares->error == LDB_SUCCESS) {
+			return ldb_module_done(ac->req, ares->controls,
+					       ares->response, LDB_ERR_ENTRY_ALREADY_EXISTS);
+		} else {
+			return ldb_module_done(ac->req, ares->controls,
+					       ares->response, ares->error);
+		}
+	}
+
+	if (ares->type != LDB_REPLY_DONE) {
+		ldb_set_errstring(ldb, "Invalid reply type - we must not get a result here!");
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+
+	ldb_reset_err_string(ldb);
+
+	/* Now that we know it does not exist, we can try and create the partition */
+	ex_op = talloc(ac, struct dsdb_create_partition_exop);
+	if (ex_op == NULL) {
+		return ldb_oom(ldb);
+	}
+	
+	ex_op->new_dn = ac->req->op.add.message->dn;
+	
+	ret = ldb_build_extended_req(&ac->part_add, 
+				     ldb, ac, DSDB_EXTENDED_CREATE_PARTITION_OID, ex_op, 
+				     NULL, ac, np_part_mod_callback, req);
+
+	/* if the parent was asking for a partial replica, then we
+	 * need the extended operation to also ask for a partial
+	 * replica */
+	if (ldb_request_get_control(req, DSDB_CONTROL_PARTIAL_REPLICA)) {
+		ret = dsdb_request_add_controls(ac->part_add, DSDB_MODIFY_PARTIAL_REPLICA);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	
+	LDB_REQ_SET_LOCATION(ac->part_add);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	
+	return ldb_next_request(ac->module, ac->part_add);
+}
+
+/* add_record: add instancetype attribute */
+static int new_partition_add(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct np_context *ac;
+	int ret;
+
+	ldb = ldb_module_get_ctx(module);
+
+	ldb_debug(ldb, LDB_DEBUG_TRACE, "new_partition_add\n");
+
+	/* do not manipulate our control entries */
+	if (ldb_dn_is_special(req->op.add.message->dn)) {
+		return ldb_next_request(module, req);
+	}
+
+	if (ldb_msg_find_element(req->op.add.message, "instanceType")) {
+		/* This needs to be 'static' to ensure it does not move, and is not on the stack */
+		static const char *no_attrs[] = { NULL };
+		uint32_t instanceType = ldb_msg_find_attr_as_uint(req->op.add.message, "instanceType", 0);
+
+		if (!(instanceType & INSTANCE_TYPE_IS_NC_HEAD)) {
+			return ldb_next_request(module, req);
+		}
+
+		if (ldb_msg_find_attr_as_bool(req->op.add.message, "isDeleted", false)) {
+			DEBUG(0,(__location__ ": Skipping deleted partition %s\n",
+				 ldb_dn_get_linearized(req->op.add.message->dn)));
+			return ldb_next_request(module, req);		
+		}
+
+		/* Create an @PARTITIONS record for this partition -
+		 * by asking the partitions module to do so via an
+		 * extended operation, after first checking if the
+		 * record already exists */
+		ac = talloc(req, struct np_context);
+		if (ac == NULL) {
+			return ldb_oom(ldb);
+		}
+		ac->module = module;
+		ac->req = req;
+		
+		ret = ldb_build_search_req(&ac->search_req, ldb, ac, req->op.add.message->dn, 
+					   LDB_SCOPE_BASE, NULL, no_attrs, req->controls, ac, 
+					   np_part_search_callback,
+					   req);
+		LDB_REQ_SET_LOCATION(ac->search_req);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+		
+		return ldb_next_request(module, ac->search_req);
+	}
+
+	/* go on with the call chain */
+	return ldb_next_request(module, req);
+}
+
+static const struct ldb_module_ops ldb_new_partition_module_ops = {
+	.name          = "new_partition",
+	.add           = new_partition_add,
+};
+
+int ldb_new_partition_module_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_new_partition_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c
new file mode 100644
index 0000000..bdd6b90
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/objectclass.c
@@ -0,0 +1,1477 @@
+/* 
+   ldb database library
+
+   Copyright (C) Simo Sorce  2006-2008
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2009
+   Copyright (C) Matthias Dieter Wallnöfer 2010-2011
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: ldb
+ *
+ *  Component: objectClass sorting and constraint checking module
+ *
+ *  Description: 
+ *  - sort the objectClass attribute into the class
+ *    hierarchy and perform constraint checks (correct RDN name,
+ *    valid parent),
+ *  - fix DNs into 'standard' case
+ *  - Add objectCategory and some other attribute defaults
+ *
+ *  Author: Andrew Bartlett
+ */
+
+
+#include "includes.h"
+#include "ldb_module.h"
+#include "dsdb/samdb/samdb.h"
+#include "librpc/ndr/libndr.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "libcli/security/security.h"
+#include "auth/auth.h"
+#include "param/param.h"
+#include "../libds/common/flags.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+
+#undef strcasecmp
+
+struct oc_context {
+
+	struct ldb_module *module;
+	struct ldb_request *req;
+	const struct dsdb_schema *schema;
+
+	struct ldb_reply *search_res;
+	struct ldb_reply *search_res2;
+
+	int (*step_fn)(struct oc_context *);
+};
+
+static struct oc_context *oc_init_context(struct ldb_module *module,
+					  struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct oc_context *ac;
+
+	ldb = ldb_module_get_ctx(module);
+
+	ac = talloc_zero(req, struct oc_context);
+	if (ac == NULL) {
+		ldb_oom(ldb);
+		return NULL;
+	}
+
+	ac->module = module;
+	ac->req = req;
+	ac->schema = dsdb_get_schema(ldb, ac);
+
+	return ac;
+}
+
+static int objectclass_do_add(struct oc_context *ac);
+
+/*
+ * This checks if we have unrelated object classes in our entry's "objectClass"
+ * attribute. That means "unsatisfied" abstract classes (no concrete subclass)
+ * or two or more disjunct structural ones.
+ * If one of these conditions are true, blame.
+ */
+static int check_unrelated_objectclasses(struct ldb_module *module,
+					const struct dsdb_schema *schema,
+					const struct dsdb_class *struct_objectclass,
+					struct ldb_message_element *objectclass_element)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	unsigned int i;
+	bool found;
+
+	if (schema == NULL) {
+		return LDB_SUCCESS;
+	}
+
+	for (i = 0; i < objectclass_element->num_values; i++) {
+		const struct dsdb_class *tmp_class = dsdb_class_by_lDAPDisplayName_ldb_val(schema,
+											   &objectclass_element->values[i]);
+		const struct dsdb_class *tmp_class2 = struct_objectclass;
+
+		/* Pointer comparison can be used due to the same schema str. */
+		if (tmp_class == NULL ||
+		    tmp_class == struct_objectclass ||
+		    tmp_class->objectClassCategory > 2 ||
+		    ldb_attr_cmp(tmp_class->lDAPDisplayName, "top") == 0) {
+			continue;
+		}
+
+		found = false;
+		while (!found &&
+		       ldb_attr_cmp(tmp_class2->lDAPDisplayName, "top") != 0) {
+			tmp_class2 = dsdb_class_by_lDAPDisplayName(schema,
+								   tmp_class2->subClassOf);
+			if (tmp_class2 == tmp_class) {
+				found = true;
+			}
+		}
+		if (found) {
+			continue;
+		}
+
+		ldb_asprintf_errstring(ldb,
+				       "objectclass: the objectclass '%s' seems to be unrelated to %s!",
+				       tmp_class->lDAPDisplayName,
+				       struct_objectclass->lDAPDisplayName);
+		return LDB_ERR_OBJECT_CLASS_VIOLATION;
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int get_search_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	struct ldb_context *ldb;
+	struct oc_context *ac;
+	int ret;
+
+	ac = talloc_get_type(req->context, struct oc_context);
+	ldb = ldb_module_get_ctx(ac->module);
+
+	if (!ares) {
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ares->error != LDB_SUCCESS &&
+	    ares->error != LDB_ERR_NO_SUCH_OBJECT) {
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	ldb_reset_err_string(ldb);
+
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+		if (ac->search_res != NULL) {
+			ldb_set_errstring(ldb, "Too many results");
+			talloc_free(ares);
+			return ldb_module_done(ac->req, NULL, NULL,
+						LDB_ERR_OPERATIONS_ERROR);
+		}
+
+		ac->search_res = talloc_steal(ac, ares);
+		break;
+
+	case LDB_REPLY_REFERRAL:
+		/* ignore */
+		talloc_free(ares);
+		break;
+
+	case LDB_REPLY_DONE:
+		talloc_free(ares);
+		ret = ac->step_fn(ac);
+		if (ret != LDB_SUCCESS) {
+			return ldb_module_done(ac->req, NULL, NULL, ret);
+		}
+		break;
+	}
+
+	return LDB_SUCCESS;
+}
+
+/* Fix up the DN to be in the standard form, taking particular care to match the parent DN
+
+   This should mean that if the parent is:
+    CN=Users,DC=samba,DC=example,DC=com
+   and a proposed child is
+    cn=Admins ,cn=USERS,dc=Samba,dc=example,dc=COM
+
+   The resulting DN should be:
+
+    CN=Admins,CN=Users,DC=samba,DC=example,DC=com
+   
+ */
+static int fix_dn(struct ldb_context *ldb,
+		  TALLOC_CTX *mem_ctx,
+		  struct ldb_dn *newdn, struct ldb_dn *parent_dn, 
+		  struct ldb_dn **fixed_dn) 
+{
+	char *upper_rdn_attr;
+	const struct ldb_val *rdn_val;
+
+	/* Fix up the DN to be in the standard form, taking particular care to
+	 * match the parent DN */
+	*fixed_dn = ldb_dn_copy(mem_ctx, parent_dn);
+	if (*fixed_dn == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	/* We need the attribute name in upper case */
+	upper_rdn_attr = strupper_talloc(*fixed_dn, 
+					 ldb_dn_get_rdn_name(newdn));
+	if (upper_rdn_attr == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	/* Create a new child */
+	if (ldb_dn_add_child_fmt(*fixed_dn, "X=X") == false) {
+		return ldb_operr(ldb);
+	}
+
+	rdn_val = ldb_dn_get_rdn_val(newdn);
+	if (rdn_val == NULL) {
+		return ldb_operr(ldb);
+	}
+
+#if 0
+	/* the rules for rDN length constraints are more complex than
+	this. Until we understand them we need to leave this
+	constraint out. Otherwise we break replication, as windows
+	does sometimes send us rDNs longer than 64 */
+	if (!rdn_val || rdn_val->length > 64) {
+		DEBUG(2,(__location__ ": WARNING: rDN longer than 64 limit for '%s'\n", ldb_dn_get_linearized(newdn)));
+	}
+#endif
+
+
+	/* And replace it with CN=foo (we need the attribute in upper case) */
+	return ldb_dn_set_component(*fixed_dn, 0, upper_rdn_attr, *rdn_val);
+}
+
+
+static int objectclass_add(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct ldb_request *search_req;
+	struct oc_context *ac;
+	struct ldb_dn *parent_dn;
+	const struct ldb_val *val;
+	int ret;
+	static const char * const parent_attrs[] = { "objectClass", NULL };
+
+	ldb = ldb_module_get_ctx(module);
+
+	ldb_debug(ldb, LDB_DEBUG_TRACE, "objectclass_add\n");
+
+	/* do not manipulate our control entries */
+	if (ldb_dn_is_special(req->op.add.message->dn)) {
+		return ldb_next_request(module, req);
+	}
+
+	/* An add operation on the basedn without "NC-add" operation isn't
+	 * allowed. */
+	if (ldb_dn_compare(ldb_get_default_basedn(ldb), req->op.add.message->dn) == 0) {
+		unsigned int instanceType;
+
+		instanceType = ldb_msg_find_attr_as_uint(req->op.add.message,
+							 "instanceType", 0);
+		if (!(instanceType & INSTANCE_TYPE_IS_NC_HEAD)) {
+			char *referral_uri;
+			/* When we are trying to readd the root basedn then
+			 * this is denied, but with an interesting mechanism:
+			 * there is generated a referral with the last
+			 * component value as hostname. */
+			val = ldb_dn_get_component_val(req->op.add.message->dn,
+						       ldb_dn_get_comp_num(req->op.add.message->dn) - 1);
+			if (val == NULL) {
+				return ldb_operr(ldb);
+			}
+			referral_uri = talloc_asprintf(req, "ldap://%s/%s", val->data,
+						       ldb_dn_get_linearized(req->op.add.message->dn));
+			if (referral_uri == NULL) {
+				return ldb_module_oom(module);
+			}
+
+			return ldb_module_send_referral(req, referral_uri);
+		}
+	}
+
+	ac = oc_init_context(module, req);
+	if (ac == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	/* If there isn't a parent, just go on to the add processing */
+	if (ldb_dn_get_comp_num(ac->req->op.add.message->dn) == 1) {
+		return objectclass_do_add(ac);
+	}
+
+	/* get copy of parent DN */
+	parent_dn = ldb_dn_get_parent(ac, ac->req->op.add.message->dn);
+	if (parent_dn == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	ret = ldb_build_search_req(&search_req, ldb,
+				   ac, parent_dn, LDB_SCOPE_BASE,
+				   "(objectClass=*)", parent_attrs,
+				   NULL,
+				   ac, get_search_callback,
+				   req);
+	LDB_REQ_SET_LOCATION(search_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = dsdb_request_add_controls(search_req,
+					DSDB_FLAG_AS_SYSTEM |
+					DSDB_SEARCH_SHOW_RECYCLED);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ac->step_fn = objectclass_do_add;
+
+	return ldb_next_request(ac->module, search_req);
+}
+
+
+/*
+  check if this is a special RODC nTDSDSA add
+ */
+static bool check_rodc_ntdsdsa_add(struct oc_context *ac,
+				   const struct dsdb_class *objectclass)
+{
+	struct ldb_control *rodc_control;
+
+	if (ldb_attr_cmp(objectclass->lDAPDisplayName, "nTDSDSA") != 0) {
+		return false;
+	}
+	rodc_control = ldb_request_get_control(ac->req, LDB_CONTROL_RODC_DCPROMO_OID);
+	if (!rodc_control) {
+		return false;
+	}
+
+	rodc_control->critical = false;
+	return true;
+}
+
+static int objectclass_do_add(struct oc_context *ac)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+	struct ldb_request *add_req;
+	struct ldb_message_element *objectclass_element, *el;
+	struct ldb_message *msg;
+	const char *rdn_name = NULL;
+	char *value;
+	const struct dsdb_class *objectclass;
+	struct ldb_dn *objectcategory;
+	int32_t systemFlags = 0;
+	unsigned int i, j;
+	bool found;
+	int ret;
+
+	msg = ldb_msg_copy_shallow(ac, ac->req->op.add.message);
+	if (msg == NULL) {
+		return ldb_module_oom(ac->module);
+	}
+
+	/* Check if we have a valid parent - this check is needed since
+	 * we don't get a LDB_ERR_NO_SUCH_OBJECT error. */
+	if (ac->search_res == NULL) {
+		unsigned int instanceType;
+
+		/* An add operation on partition DNs without "NC-add" operation
+		 * isn't allowed. */
+		instanceType = ldb_msg_find_attr_as_uint(msg, "instanceType",
+							 0);
+		if (!(instanceType & INSTANCE_TYPE_IS_NC_HEAD)) {
+			ldb_asprintf_errstring(ldb, "objectclass: Cannot add %s, parent does not exist!", 
+					       ldb_dn_get_linearized(msg->dn));
+			return LDB_ERR_NO_SUCH_OBJECT;
+		}
+
+		/* Don't keep any error messages - we've to add a partition */
+		ldb_set_errstring(ldb, NULL);
+	} else {
+		/* Fix up the DN to be in the standard form, taking
+		 * particular care to match the parent DN */
+		ret = fix_dn(ldb, msg,
+			     ac->req->op.add.message->dn,
+			     ac->search_res->message->dn,
+			     &msg->dn);
+		if (ret != LDB_SUCCESS) {
+			ldb_asprintf_errstring(ldb, "objectclass: Could not munge DN %s into normal form",
+					       ldb_dn_get_linearized(ac->req->op.add.message->dn));
+			return ret;
+		}
+	}
+
+	if (ac->schema != NULL) {
+		unsigned int linkID = 0;
+		/*
+		 * Notice: by the normalization function call in "ldb_request()"
+		 * case "LDB_ADD" we have always only *one* "objectClass"
+		 * attribute at this stage!
+		 */
+
+		objectclass_element = ldb_msg_find_element(msg, "objectClass");
+		if (!objectclass_element) {
+			ldb_asprintf_errstring(ldb, "objectclass: Cannot add %s, no objectclass specified!",
+					       ldb_dn_get_linearized(msg->dn));
+			return LDB_ERR_OBJECT_CLASS_VIOLATION;
+		}
+		if (objectclass_element->num_values == 0) {
+			ldb_asprintf_errstring(ldb, "objectclass: Cannot add %s, at least one (structural) objectclass has to be specified!",
+					       ldb_dn_get_linearized(msg->dn));
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+
+		/* Now do the sorting */
+		ret = dsdb_sort_objectClass_attr(ldb, ac->schema,
+						 objectclass_element, msg,
+						 objectclass_element);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		/*
+		 * Get the new top-most structural object class and check for
+		 * unrelated structural classes
+		 */
+		objectclass = dsdb_get_last_structural_class(ac->schema,
+							     objectclass_element);
+		if (objectclass == NULL) {
+			ldb_asprintf_errstring(ldb,
+					       "Failed to find a structural class for %s",
+					       ldb_dn_get_linearized(msg->dn));
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+
+		ret = check_unrelated_objectclasses(ac->module, ac->schema,
+						    objectclass,
+						    objectclass_element);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		rdn_name = ldb_dn_get_rdn_name(msg->dn);
+		if (rdn_name == NULL) {
+			return ldb_operr(ldb);
+		}
+		found = false;
+		for (i = 0; (!found) && (i < objectclass_element->num_values);
+		     i++) {
+			const struct dsdb_class *tmp_class =
+				dsdb_class_by_lDAPDisplayName_ldb_val(ac->schema,
+								      &objectclass_element->values[i]);
+
+			if (tmp_class == NULL) continue;
+
+			if (ldb_attr_cmp(rdn_name, tmp_class->rDNAttID) == 0)
+				found = true;
+		}
+		if (!found) {
+			ldb_asprintf_errstring(ldb,
+					       "objectclass: Invalid RDN '%s' for objectclass '%s'!",
+					       rdn_name, objectclass->lDAPDisplayName);
+			return LDB_ERR_NAMING_VIOLATION;
+		}
+
+		if (objectclass->systemOnly &&
+		    !ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID) &&
+		    !check_rodc_ntdsdsa_add(ac, objectclass)) {
+			ldb_asprintf_errstring(ldb,
+					       "objectclass: object class '%s' is system-only, rejecting creation of '%s'!",
+					       objectclass->lDAPDisplayName,
+					       ldb_dn_get_linearized(msg->dn));
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+
+		if (ac->search_res && ac->search_res->message) {
+			struct ldb_message_element *oc_el
+				= ldb_msg_find_element(ac->search_res->message, "objectClass");
+
+			bool allowed_class = false;
+			for (i=0; allowed_class == false && oc_el && i < oc_el->num_values; i++) {
+				const struct dsdb_class *sclass;
+
+				sclass = dsdb_class_by_lDAPDisplayName_ldb_val(ac->schema,
+									       &oc_el->values[i]);
+				if (!sclass) {
+					/* We don't know this class?  what is going on? */
+					continue;
+				}
+				for (j=0; sclass->systemPossibleInferiors && sclass->systemPossibleInferiors[j]; j++) {
+					if (ldb_attr_cmp(objectclass->lDAPDisplayName, sclass->systemPossibleInferiors[j]) == 0) {
+						allowed_class = true;
+						break;
+					}
+				}
+			}
+
+			if (!allowed_class) {
+				ldb_asprintf_errstring(ldb, "structural objectClass %s is not a valid child class for %s",
+						objectclass->lDAPDisplayName, ldb_dn_get_linearized(ac->search_res->message->dn));
+				return LDB_ERR_NAMING_VIOLATION;
+			}
+		}
+
+		objectcategory = ldb_msg_find_attr_as_dn(ldb, ac, msg,
+							 "objectCategory");
+		if (objectcategory == NULL) {
+			struct dsdb_extended_dn_store_format *dn_format =
+					talloc_get_type(ldb_module_get_private(ac->module),
+							struct dsdb_extended_dn_store_format);
+			if (dn_format && dn_format->store_extended_dn_in_ldb == false) {
+				/* Strip off extended components */
+				struct ldb_dn *dn = ldb_dn_new(ac, ldb,
+							       objectclass->defaultObjectCategory);
+				value = ldb_dn_alloc_linearized(msg, dn);
+				talloc_free(dn);
+			} else {
+				value = talloc_strdup(msg,
+						      objectclass->defaultObjectCategory);
+			}
+			if (value == NULL) {
+				return ldb_module_oom(ac->module);
+			}
+
+			ret = ldb_msg_add_string(msg, "objectCategory", value);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+		} else {
+			const struct dsdb_class *ocClass =
+					dsdb_class_by_cn_ldb_val(ac->schema,
+								 ldb_dn_get_rdn_val(objectcategory));
+			if (ocClass != NULL) {
+				struct ldb_dn *dn = ldb_dn_new(ac, ldb,
+							       ocClass->defaultObjectCategory);
+				if (ldb_dn_compare(objectcategory, dn) != 0) {
+					ocClass = NULL;
+				}
+			}
+			talloc_free(objectcategory);
+			if (ocClass == NULL) {
+				ldb_asprintf_errstring(ldb, "objectclass: Cannot add %s, 'objectCategory' attribute invalid!",
+						       ldb_dn_get_linearized(msg->dn));
+				return LDB_ERR_OBJECT_CLASS_VIOLATION;
+			}
+		}
+
+		if (!ldb_msg_find_element(msg, "showInAdvancedViewOnly") && (objectclass->defaultHidingValue == true)) {
+			ldb_msg_add_string(msg, "showInAdvancedViewOnly",
+						"TRUE");
+		}
+
+		/* There are very special rules for systemFlags, see MS-ADTS
+		 * MS-ADTS 3.1.1.5.2.4 */
+
+		el = ldb_msg_find_element(msg, "systemFlags");
+		if ((el != NULL) && (el->num_values > 1)) {
+			ldb_asprintf_errstring(ldb, "objectclass: Cannot add %s, 'systemFlags' attribute multivalued!",
+					       ldb_dn_get_linearized(msg->dn));
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+
+		systemFlags = ldb_msg_find_attr_as_int(msg, "systemFlags", 0);
+
+		ldb_msg_remove_attr(msg, "systemFlags");
+
+		/* Only the following flags may be set by a client */
+		if (ldb_request_get_control(ac->req,
+					    LDB_CONTROL_RELAX_OID) == NULL) {
+			systemFlags &= ( SYSTEM_FLAG_CONFIG_ALLOW_RENAME
+				       | SYSTEM_FLAG_CONFIG_ALLOW_MOVE
+				       | SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE
+				       | SYSTEM_FLAG_ATTR_IS_RDN );
+		}
+
+		/* But the last one ("ATTR_IS_RDN") is only allowed on
+		 * "attributeSchema" objects. So truncate if it does not fit. */
+		if (ldb_attr_cmp(objectclass->lDAPDisplayName, "attributeSchema") != 0) {
+			systemFlags &= ~SYSTEM_FLAG_ATTR_IS_RDN;
+		}
+
+		if (ldb_attr_cmp(objectclass->lDAPDisplayName, "server") == 0) {
+			systemFlags |= (int32_t)(SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE | SYSTEM_FLAG_CONFIG_ALLOW_RENAME | SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE);
+		} else if (ldb_attr_cmp(objectclass->lDAPDisplayName, "site") == 0
+				|| ldb_attr_cmp(objectclass->lDAPDisplayName, "serversContainer") == 0
+				|| ldb_attr_cmp(objectclass->lDAPDisplayName, "nTDSDSA") == 0) {
+			if (ldb_attr_cmp(objectclass->lDAPDisplayName, "site") == 0)
+				systemFlags |= (int32_t)(SYSTEM_FLAG_CONFIG_ALLOW_RENAME);
+			systemFlags |= (int32_t)(SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE);
+		} else if (ldb_attr_cmp(objectclass->lDAPDisplayName, "siteLink") == 0
+				|| ldb_attr_cmp(objectclass->lDAPDisplayName, "subnet") == 0
+				|| ldb_attr_cmp(objectclass->lDAPDisplayName, "siteLinkBridge") == 0
+				|| ldb_attr_cmp(objectclass->lDAPDisplayName, "nTDSConnection") == 0) {
+			systemFlags |= (int32_t)(SYSTEM_FLAG_CONFIG_ALLOW_RENAME);
+		}
+		/* TODO: If parent object is site or subnet, also add (SYSTEM_FLAG_CONFIG_ALLOW_RENAME) */
+
+		linkID = ldb_msg_find_attr_as_int(msg, "linkID", 0);
+		if (linkID > 0 && linkID % 2 == 1) {
+			systemFlags |= DS_FLAG_ATTR_NOT_REPLICATED;
+		}
+
+		if (el || systemFlags != 0) {
+			ret = samdb_msg_add_int(ldb, msg, msg, "systemFlags",
+						systemFlags);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+		}
+
+		/* make sure that "isCriticalSystemObject" is not specified! */
+		el = ldb_msg_find_element(msg, "isCriticalSystemObject");
+		if ((el != NULL) &&
+                    !ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID)) {
+			ldb_set_errstring(ldb,
+					  "objectclass: 'isCriticalSystemObject' must not be specified!");
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+	}
+
+	ret = ldb_build_add_req(&add_req, ldb, ac,
+				msg,
+				ac->req->controls,
+				ac->req, dsdb_next_callback,
+				ac->req);
+	LDB_REQ_SET_LOCATION(add_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/* perform the add */
+	return ldb_next_request(ac->module, add_req);
+}
+
+static int oc_modify_callback(struct ldb_request *req,
+				struct ldb_reply *ares);
+static int objectclass_do_mod(struct oc_context *ac);
+
+static int objectclass_modify(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct ldb_message_element *objectclass_element;
+	struct ldb_message *msg;
+	struct ldb_request *down_req;
+	struct oc_context *ac;
+	bool oc_changes = false;
+	int ret;
+
+	ldb_debug(ldb, LDB_DEBUG_TRACE, "objectclass_modify\n");
+
+	/* do not manipulate our control entries */
+	if (ldb_dn_is_special(req->op.mod.message->dn)) {
+		return ldb_next_request(module, req);
+	}
+
+	/* As with the "real" AD we don't accept empty messages */
+	if (req->op.mod.message->num_elements == 0) {
+		ldb_set_errstring(ldb, "objectclass: modify message must have "
+				       "elements/attributes!");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	ac = oc_init_context(module, req);
+	if (ac == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	/* Without schema, there isn't much to do here */
+	if (ac->schema == NULL) {
+		talloc_free(ac);
+		return ldb_next_request(module, req);
+	}
+
+	msg = ldb_msg_copy_shallow(ac, req->op.mod.message);
+	if (msg == NULL) {
+		return ldb_module_oom(ac->module);
+	}
+
+	/* For now change everything except the objectclasses */
+
+	objectclass_element = ldb_msg_find_element(msg, "objectClass");
+	if (objectclass_element != NULL) {
+		ldb_msg_remove_attr(msg, "objectClass");
+		oc_changes = true;
+	}
+
+	/* MS-ADTS 3.1.1.5.3.5 - on a forest level < 2003 we do allow updates
+	 * only on application NCs - not on the default ones */
+	if (oc_changes &&
+	    (dsdb_forest_functional_level(ldb) < DS_DOMAIN_FUNCTION_2003)) {
+		struct ldb_dn *nc_root;
+
+		ret = dsdb_find_nc_root(ldb, ac, req->op.mod.message->dn,
+					&nc_root);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		if ((ldb_dn_compare(nc_root, ldb_get_default_basedn(ldb)) == 0) ||
+		    (ldb_dn_compare(nc_root, ldb_get_config_basedn(ldb)) == 0) ||
+		    (ldb_dn_compare(nc_root, ldb_get_schema_basedn(ldb)) == 0)) {
+			ldb_set_errstring(ldb,
+					  "objectclass: object class changes on objects under the standard name contexts not allowed!");
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+
+		talloc_free(nc_root);
+	}
+
+	if (oc_changes) {
+		ret = ldb_build_mod_req(&down_req, ldb, ac,
+					msg,
+					req->controls, ac,
+					oc_modify_callback,
+					req);
+	} else {
+		ret = ldb_build_mod_req(&down_req, ldb, ac,
+					msg,
+					req->controls, req,
+					dsdb_next_callback,
+					req);
+	}
+	LDB_REQ_SET_LOCATION(down_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return ldb_next_request(module, down_req);
+}
+
+static int oc_modify_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	static const char * const attrs[] = { "objectClass", NULL };
+	struct ldb_context *ldb;
+	struct ldb_request *search_req;
+	struct oc_context *ac;
+	int ret;
+
+	ac = talloc_get_type(req->context, struct oc_context);
+	ldb = ldb_module_get_ctx(ac->module);
+
+	if (!ares) {
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+
+	if (ares->type == LDB_REPLY_REFERRAL) {
+		return ldb_module_send_referral(ac->req, ares->referral);
+	}
+
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	if (ares->type != LDB_REPLY_DONE) {
+		talloc_free(ares);
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+
+	talloc_free(ares);
+
+	/* this looks up the real existing object for fetching some important
+	 * information (objectclasses) */
+	ret = ldb_build_search_req(&search_req, ldb,
+				   ac, ac->req->op.mod.message->dn,
+				   LDB_SCOPE_BASE,
+				   "(objectClass=*)",
+				   attrs, NULL, 
+				   ac, get_search_callback,
+				   ac->req);
+	LDB_REQ_SET_LOCATION(search_req);
+	if (ret != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, NULL, NULL, ret);
+	}
+
+	ret = dsdb_request_add_controls(search_req,
+					DSDB_FLAG_AS_SYSTEM |
+					DSDB_SEARCH_SHOW_RECYCLED);
+	if (ret != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, NULL, NULL, ret);
+	}
+
+	ac->step_fn = objectclass_do_mod;
+
+	ret = ldb_next_request(ac->module, search_req);
+	if (ret != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, NULL, NULL, ret);
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int objectclass_do_mod(struct oc_context *ac)
+{
+	struct ldb_context *ldb;
+	struct ldb_request *mod_req;
+	struct ldb_message_element *oc_el_entry, *oc_el_change;
+	struct ldb_val *vals;
+	struct ldb_message *msg;
+	const struct dsdb_class *current_structural_objectclass;
+	const struct dsdb_class *objectclass;
+	unsigned int i, j, k;
+	bool found;
+	int ret;
+
+	ldb = ldb_module_get_ctx(ac->module);
+
+	/* we should always have a valid entry when we enter here */
+	if (ac->search_res == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	oc_el_entry = ldb_msg_find_element(ac->search_res->message,
+					   "objectClass");
+	if (oc_el_entry == NULL) {
+		/* existing entry without a valid object class? */
+		return ldb_operr(ldb);
+	}
+
+	/*
+	 * Get the current new top-most structural object class
+	 *
+	 * We must not allow this to change
+	 */
+
+	current_structural_objectclass
+		= dsdb_get_last_structural_class(ac->schema,
+						 oc_el_entry);
+	if (current_structural_objectclass == NULL) {
+		ldb_asprintf_errstring(ldb,
+				       "objectclass: cannot find current structural objectclass on %s!",
+				       ldb_dn_get_linearized(ac->search_res->message->dn));
+		return LDB_ERR_OBJECT_CLASS_VIOLATION;
+	}
+
+	/* use a new message structure */
+	msg = ldb_msg_new(ac);
+	if (msg == NULL) {
+		return ldb_module_oom(ac->module);
+	}
+
+	msg->dn = ac->req->op.mod.message->dn;
+
+	/* We've to walk over all "objectClass" message elements */
+	for (k = 0; k < ac->req->op.mod.message->num_elements; k++) {
+		if (ldb_attr_cmp(ac->req->op.mod.message->elements[k].name,
+				 "objectClass") != 0) {
+			continue;
+		}
+
+		oc_el_change = &ac->req->op.mod.message->elements[k];
+
+		switch (oc_el_change->flags & LDB_FLAG_MOD_MASK) {
+		case LDB_FLAG_MOD_ADD:
+			/* Merge the two message elements */
+			for (i = 0; i < oc_el_change->num_values; i++) {
+				for (j = 0; j < oc_el_entry->num_values; j++) {
+					if (ldb_attr_cmp((char *)oc_el_change->values[i].data,
+							 (char *)oc_el_entry->values[j].data) == 0) {
+						ldb_asprintf_errstring(ldb,
+								       "objectclass: cannot re-add an existing objectclass: '%.*s'!",
+								       (int)oc_el_change->values[i].length,
+								       (const char *)oc_el_change->values[i].data);
+						return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
+					}
+				}
+				/* append the new object class value - code was
+				 * copied from "ldb_msg_add_value" */
+				vals = talloc_realloc(oc_el_entry, oc_el_entry->values,
+						      struct ldb_val,
+						      oc_el_entry->num_values + 1);
+				if (vals == NULL) {
+					return ldb_module_oom(ac->module);
+				}
+				oc_el_entry->values = vals;
+				oc_el_entry->values[oc_el_entry->num_values] =
+							oc_el_change->values[i];
+				++(oc_el_entry->num_values);
+			}
+
+			break;
+
+		case LDB_FLAG_MOD_REPLACE:
+			/*
+			 * In this case the new "oc_el_entry" is simply
+			 * "oc_el_change"
+			 */
+			oc_el_entry = oc_el_change;
+
+			break;
+
+		case LDB_FLAG_MOD_DELETE:
+			/* Merge the two message elements */
+			for (i = 0; i < oc_el_change->num_values; i++) {
+				found = false;
+				for (j = 0; j < oc_el_entry->num_values; j++) {
+					if (ldb_attr_cmp((char *)oc_el_change->values[i].data,
+							 (char *)oc_el_entry->values[j].data) == 0) {
+						found = true;
+						/* delete the object class value
+						 * - code was copied from
+						 * "ldb_msg_remove_element" */
+						if (j != oc_el_entry->num_values - 1) {
+							memmove(&oc_el_entry->values[j],
+								&oc_el_entry->values[j+1],
+								((oc_el_entry->num_values-1) - j)*sizeof(struct ldb_val));
+						}
+						--(oc_el_entry->num_values);
+						break;
+					}
+				}
+				if (!found) {
+					/* we cannot delete a not existing
+					 * object class */
+					ldb_asprintf_errstring(ldb,
+							       "objectclass: cannot delete this objectclass: '%.*s'!",
+							       (int)oc_el_change->values[i].length,
+							       (const char *)oc_el_change->values[i].data);
+					return LDB_ERR_NO_SUCH_ATTRIBUTE;
+				}
+			}
+
+			break;
+		}
+
+		/* Now do the sorting */
+		ret = dsdb_sort_objectClass_attr(ldb, ac->schema, oc_el_entry,
+						 msg, oc_el_entry);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		/*
+		 * Get the new top-most structural object class and check for
+		 * unrelated structural classes
+		 */
+		objectclass = dsdb_get_last_structural_class(ac->schema,
+							     oc_el_entry);
+		if (objectclass == NULL) {
+			ldb_set_errstring(ldb,
+					  "objectclass: cannot delete all structural objectclasses!");
+			return LDB_ERR_OBJECT_CLASS_VIOLATION;
+		}
+
+		/*
+		 * Has (so far, we re-check for each and every
+		 * "objectclass" in the message) the structural
+		 * objectclass changed?
+		 */
+
+		if (objectclass != current_structural_objectclass) {
+			const char *dn
+				= ldb_dn_get_linearized(ac->search_res->message->dn);
+			ldb_asprintf_errstring(ldb,
+					       "objectclass: not permitted "
+					       "to change the structural "
+					       "objectClass on %s [%s] => [%s]!",
+					       dn,
+					       current_structural_objectclass->lDAPDisplayName,
+					       objectclass->lDAPDisplayName);
+			return LDB_ERR_OBJECT_CLASS_VIOLATION;
+		}
+
+		/* Check for unrelated objectclasses */
+		ret = check_unrelated_objectclasses(ac->module, ac->schema,
+						    objectclass,
+						    oc_el_entry);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	/* Now add the new object class attribute to the change message */
+	ret = ldb_msg_add(msg, oc_el_entry, LDB_FLAG_MOD_REPLACE);
+	if (ret != LDB_SUCCESS) {
+		ldb_module_oom(ac->module);
+		return ret;
+	}
+
+	/* Now we have the real and definitive change left to do */
+
+	ret = ldb_build_mod_req(&mod_req, ldb, ac,
+				msg,
+				ac->req->controls,
+				ac->req, dsdb_next_callback,
+				ac->req);
+	LDB_REQ_SET_LOCATION(mod_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return ldb_next_request(ac->module, mod_req);
+}
+
+static int objectclass_do_rename(struct oc_context *ac);
+
+static int objectclass_rename(struct ldb_module *module, struct ldb_request *req)
+{
+	static const char * const attrs[] = { "objectClass", NULL };
+	struct ldb_context *ldb;
+	struct ldb_request *search_req;
+	struct oc_context *ac;
+	struct ldb_dn *parent_dn;
+	int ret;
+
+	ldb = ldb_module_get_ctx(module);
+
+	ldb_debug(ldb, LDB_DEBUG_TRACE, "objectclass_rename\n");
+
+	/* do not manipulate our control entries */
+	if (ldb_dn_is_special(req->op.rename.olddn)) {
+		return ldb_next_request(module, req);
+	}
+
+	/*
+	 * Bypass the constraint checks when we do have the "DBCHECK" control
+	 * set, so we can force objects under the deleted objects container.
+	 */
+	if (ldb_request_get_control(req, DSDB_CONTROL_DBCHECK) != NULL) {
+		return ldb_next_request(module, req);
+	}
+
+	ac = oc_init_context(module, req);
+	if (ac == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	parent_dn = ldb_dn_get_parent(ac, req->op.rename.newdn);
+	if (parent_dn == NULL) {
+		ldb_asprintf_errstring(ldb, "objectclass: Cannot rename %s, the parent DN does not exist!",
+				       ldb_dn_get_linearized(req->op.rename.olddn));
+		return LDB_ERR_NO_SUCH_OBJECT;
+	}
+
+	/* this looks up the parent object for fetching some important
+	 * information (objectclasses, DN normalisation...) */
+	ret = ldb_build_search_req(&search_req, ldb,
+				   ac, parent_dn, LDB_SCOPE_BASE,
+				   "(objectClass=*)",
+				   attrs, NULL,
+				   ac, get_search_callback,
+				   req);
+	LDB_REQ_SET_LOCATION(search_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/* we have to add the show recycled control, as otherwise DRS
+	   deletes will be refused as we will think the target parent
+	   does not exist */
+	ret = dsdb_request_add_controls(search_req,
+					DSDB_FLAG_AS_SYSTEM |
+					DSDB_SEARCH_SHOW_RECYCLED);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ac->step_fn = objectclass_do_rename;
+
+	return ldb_next_request(ac->module, search_req);
+}
+
+static int objectclass_do_rename2(struct oc_context *ac);
+
+static int objectclass_do_rename(struct oc_context *ac)
+{
+	static const char * const attrs[] = { "objectClass", NULL };
+	struct ldb_context *ldb;
+	struct ldb_request *search_req;
+	int ret;
+
+	ldb = ldb_module_get_ctx(ac->module);
+
+	/* Check if we have a valid parent - this check is needed since
+	 * we don't get a LDB_ERR_NO_SUCH_OBJECT error. */
+	if (ac->search_res == NULL) {
+		ldb_asprintf_errstring(ldb, "objectclass: Cannot rename %s, parent does not exist!",
+				       ldb_dn_get_linearized(ac->req->op.rename.olddn));
+		return LDB_ERR_OTHER;
+	}
+
+	/* now assign "search_res2" to the parent entry to have "search_res"
+	 * free for another lookup */
+	ac->search_res2 = ac->search_res;
+	ac->search_res = NULL;
+
+	/* this looks up the real existing object for fetching some important
+	 * information (objectclasses) */
+	ret = ldb_build_search_req(&search_req, ldb,
+				   ac, ac->req->op.rename.olddn,
+				   LDB_SCOPE_BASE,
+				   "(objectClass=*)",
+				   attrs, NULL,
+				   ac, get_search_callback,
+				   ac->req);
+	LDB_REQ_SET_LOCATION(search_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = dsdb_request_add_controls(search_req,
+					DSDB_FLAG_AS_SYSTEM |
+					DSDB_SEARCH_SHOW_RECYCLED);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ac->step_fn = objectclass_do_rename2;
+
+	return ldb_next_request(ac->module, search_req);
+}
+
+static int objectclass_do_rename2(struct oc_context *ac)
+{
+	struct ldb_context *ldb;
+	struct ldb_request *rename_req;
+	struct ldb_dn *fixed_dn;
+	int ret;
+
+	ldb = ldb_module_get_ctx(ac->module);
+
+	/* Check if we have a valid entry - this check is needed since
+	 * we don't get a LDB_ERR_NO_SUCH_OBJECT error. */
+	if (ac->search_res == NULL) {
+		ldb_asprintf_errstring(ldb, "objectclass: Cannot rename %s, entry does not exist!",
+				       ldb_dn_get_linearized(ac->req->op.rename.olddn));
+		return LDB_ERR_NO_SUCH_OBJECT;
+	}
+
+	if (ac->schema != NULL) {
+		struct ldb_message_element *oc_el_entry, *oc_el_parent;
+		const struct dsdb_class *objectclass;
+		const char *rdn_name;
+		bool allowed_class = false;
+		unsigned int i, j;
+		bool found;
+
+		oc_el_entry = ldb_msg_find_element(ac->search_res->message,
+						   "objectClass");
+		if (oc_el_entry == NULL) {
+			/* existing entry without a valid object class? */
+			return ldb_operr(ldb);
+		}
+		objectclass = dsdb_get_last_structural_class(ac->schema,
+							     oc_el_entry);
+		if (objectclass == NULL) {
+			/* existing entry without a valid object class? */
+			return ldb_operr(ldb);
+		}
+
+		rdn_name = ldb_dn_get_rdn_name(ac->req->op.rename.newdn);
+		if (rdn_name == NULL) {
+			return ldb_operr(ldb);
+		}
+		found = false;
+		for (i = 0; (!found) && (i < oc_el_entry->num_values); i++) {
+			const struct dsdb_class *tmp_class =
+				dsdb_class_by_lDAPDisplayName_ldb_val(ac->schema,
+								      &oc_el_entry->values[i]);
+
+			if (tmp_class == NULL) continue;
+
+			if (ldb_attr_cmp(rdn_name, tmp_class->rDNAttID) == 0)
+				found = true;
+		}
+		if (!found) {
+			ldb_asprintf_errstring(ldb,
+					       "objectclass: Invalid RDN '%s' for objectclass '%s'!",
+					       rdn_name, objectclass->lDAPDisplayName);
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+
+		oc_el_parent = ldb_msg_find_element(ac->search_res2->message,
+						    "objectClass");
+		if (oc_el_parent == NULL) {
+			/* existing entry without a valid object class? */
+			return ldb_operr(ldb);
+		}
+
+		for (i=0; allowed_class == false && i < oc_el_parent->num_values; i++) {
+			const struct dsdb_class *sclass;
+
+			sclass = dsdb_class_by_lDAPDisplayName_ldb_val(ac->schema,
+								       &oc_el_parent->values[i]);
+			if (!sclass) {
+				/* We don't know this class?  what is going on? */
+				continue;
+			}
+			for (j=0; sclass->systemPossibleInferiors && sclass->systemPossibleInferiors[j]; j++) {
+				if (ldb_attr_cmp(objectclass->lDAPDisplayName, sclass->systemPossibleInferiors[j]) == 0) {
+					allowed_class = true;
+					break;
+				}
+			}
+		}
+
+		if (!allowed_class) {
+			ldb_asprintf_errstring(ldb,
+					       "objectclass: structural objectClass %s is not a valid child class for %s",
+					       objectclass->lDAPDisplayName, ldb_dn_get_linearized(ac->search_res2->message->dn));
+			return LDB_ERR_NAMING_VIOLATION;
+		}
+	}
+
+	/* Ensure we are not trying to rename it to be a child of itself */
+	if ((ldb_dn_compare_base(ac->req->op.rename.olddn,
+				 ac->req->op.rename.newdn) == 0)  &&
+	    (ldb_dn_compare(ac->req->op.rename.olddn,
+			    ac->req->op.rename.newdn) != 0)) {
+		ldb_asprintf_errstring(ldb, "objectclass: Cannot rename %s to be a child of itself",
+				       ldb_dn_get_linearized(ac->req->op.rename.olddn));
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	/* Fix up the DN to be in the standard form, taking
+	 * particular care to match the parent DN */
+	ret = fix_dn(ldb, ac,
+		     ac->req->op.rename.newdn,
+		     ac->search_res2->message->dn,
+		     &fixed_dn);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb, "objectclass: Could not munge DN %s into normal form",
+				       ldb_dn_get_linearized(ac->req->op.rename.newdn));
+		return ret;
+
+	}
+
+	ret = ldb_build_rename_req(&rename_req, ldb, ac,
+				   ac->req->op.rename.olddn, fixed_dn,
+				   ac->req->controls,
+				   ac->req, dsdb_next_callback,
+				   ac->req);
+	LDB_REQ_SET_LOCATION(rename_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/* perform the rename */
+	return ldb_next_request(ac->module, rename_req);
+}
+
+static int objectclass_do_delete(struct oc_context *ac);
+
+static int objectclass_delete(struct ldb_module *module, struct ldb_request *req)
+{
+	static const char * const attrs[] = { "nCName", "objectClass",
+					      "systemFlags",
+					      "isDeleted",
+					      "isCriticalSystemObject", NULL };
+	struct ldb_context *ldb;
+	struct ldb_request *search_req;
+	struct oc_context *ac;
+	int ret;
+
+	ldb = ldb_module_get_ctx(module);
+
+	ldb_debug(ldb, LDB_DEBUG_TRACE, "objectclass_delete\n");
+
+	/* do not manipulate our control entries */
+	if (ldb_dn_is_special(req->op.del.dn)) {
+		return ldb_next_request(module, req);
+	}
+
+	/* Bypass the constraint checks when we do have the "RELAX" control
+	 * set. */
+	if (ldb_request_get_control(req, LDB_CONTROL_RELAX_OID) != NULL) {
+		return ldb_next_request(module, req);
+	}
+
+	ac = oc_init_context(module, req);
+	if (ac == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	/* this looks up the entry object for fetching some important
+	 * information (object classes, system flags...) */
+	ret = ldb_build_search_req(&search_req, ldb,
+				   ac, req->op.del.dn, LDB_SCOPE_BASE,
+				   "(objectClass=*)",
+				   attrs, NULL,
+				   ac, get_search_callback,
+				   req);
+	LDB_REQ_SET_LOCATION(search_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = dsdb_request_add_controls(search_req,
+					DSDB_FLAG_AS_SYSTEM |
+					DSDB_SEARCH_SHOW_RECYCLED);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ac->step_fn = objectclass_do_delete;
+
+	return ldb_next_request(ac->module, search_req);
+}
+
+static int objectclass_do_delete(struct oc_context *ac)
+{
+	struct ldb_context *ldb;
+	struct ldb_dn *dn;
+	int32_t systemFlags;
+	bool isCriticalSystemObject;
+	int ret;
+
+	ldb = ldb_module_get_ctx(ac->module);
+
+	/* Check if we have a valid entry - this check is needed since
+	 * we don't get a LDB_ERR_NO_SUCH_OBJECT error. */
+	if (ac->search_res == NULL) {
+		ldb_asprintf_errstring(ldb, "objectclass: Cannot delete %s, entry does not exist!",
+				       ldb_dn_get_linearized(ac->req->op.del.dn));
+		return LDB_ERR_NO_SUCH_OBJECT;
+	}
+
+	/* DC's ntDSDSA object */
+	if (ldb_dn_compare(ac->req->op.del.dn, samdb_ntds_settings_dn(ldb, ac)) == 0) {
+		ldb_asprintf_errstring(ldb, "objectclass: Cannot delete %s, it's the DC's ntDSDSA object!",
+				       ldb_dn_get_linearized(ac->req->op.del.dn));
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	/* DC's rIDSet object */
+	/* Perform this check only when it does exist - this is needed in order
+	 * to don't let existing provisions break, and to delete . */
+	ret = samdb_rid_set_dn(ldb, ac, &dn);
+	if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_ATTRIBUTE)
+	    && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
+		ldb_asprintf_errstring(ldb, "objectclass: Unable to determine if %s, is this DC's rIDSet object: %s ",
+				       ldb_dn_get_linearized(ac->req->op.del.dn),
+				       ldb_errstring(ldb));
+		return ret;
+	}
+	if (ret == LDB_SUCCESS) {
+		if (ldb_dn_compare(ac->req->op.del.dn, dn) == 0) {
+			talloc_free(dn);
+			ldb_asprintf_errstring(ldb, "objectclass: Cannot delete %s, it's the DC's rIDSet object!",
+					       ldb_dn_get_linearized(ac->req->op.del.dn));
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+		talloc_free(dn);
+	}
+
+	/* Only trusted request from system account are allowed to delete
+	 * deleted objects.
+	 */
+	if (ldb_msg_check_string_attribute(ac->search_res->message, "isDeleted", "TRUE") &&
+			(ldb_req_is_untrusted(ac->req) ||
+				!dsdb_module_am_system(ac->module))) {
+		ldb_asprintf_errstring(ldb, "Delete of '%s' failed",
+						ldb_dn_get_linearized(ac->req->op.del.dn));
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	/* crossRef objects regarding config, schema and default domain NCs */
+	if (samdb_find_attribute(ldb, ac->search_res->message, "objectClass",
+				 "crossRef") != NULL) {
+		dn = ldb_msg_find_attr_as_dn(ldb, ac, ac->search_res->message,
+					     "nCName");
+		if ((ldb_dn_compare(dn, ldb_get_default_basedn(ldb)) == 0) ||
+		    (ldb_dn_compare(dn, ldb_get_config_basedn(ldb)) == 0)) {
+			talloc_free(dn);
+
+			ldb_asprintf_errstring(ldb, "objectclass: Cannot delete %s, it's a crossRef object to the main or configuration partition!",
+					       ldb_dn_get_linearized(ac->req->op.del.dn));
+			return LDB_ERR_NOT_ALLOWED_ON_NON_LEAF;
+		}
+		if (ldb_dn_compare(dn, ldb_get_schema_basedn(ldb)) == 0) {
+			talloc_free(dn);
+
+			ldb_asprintf_errstring(ldb, "objectclass: Cannot delete %s, it's a crossRef object to the schema partition!",
+					       ldb_dn_get_linearized(ac->req->op.del.dn));
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+		talloc_free(dn);
+	}
+
+	/* systemFlags */
+
+	systemFlags = ldb_msg_find_attr_as_int(ac->search_res->message,
+					       "systemFlags", 0);
+	if ((systemFlags & SYSTEM_FLAG_DISALLOW_DELETE) != 0) {
+		ldb_asprintf_errstring(ldb, "objectclass: Cannot delete %s, it isn't permitted!",
+				       ldb_dn_get_linearized(ac->req->op.del.dn));
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	/* isCriticalSystemObject - but this only applies on tree delete
+	 * operations - MS-ADTS 3.1.1.5.5.7.2 */
+	if (ldb_request_get_control(ac->req, LDB_CONTROL_TREE_DELETE_OID) != NULL) {
+		isCriticalSystemObject = ldb_msg_find_attr_as_bool(ac->search_res->message,
+								   "isCriticalSystemObject", false);
+		if (isCriticalSystemObject) {
+			/*
+			 * Following the explanation from Microsoft
+			 * https://lists.samba.org/archive/cifs-protocol/2011-August/002046.html
+			 * "I finished the investigation on this behavior.
+			 * As per MS-ADTS 3.1.5.5.7.2 , when a tree deletion is performed ,
+			 * every object in the tree will be checked to see if it has isCriticalSystemObject
+			 * set to TRUE, including the root node on which the delete operation is performed
+			 * But there is an exception  if the root object is a SAM specific objects(3.1.1.5.2.3 MS-ADTS)
+			 * Its deletion is done through SAM manager and isCriticalSystemObject attribute is not checked
+			 * The root node of the tree delete in your case is CN=ARES,OU=Domain Controllers,DC=w2k8r2,DC=home,DC=matws,DC=net
+			 * which is a SAM object  with  user class.  Therefore the tree deletion is performed without any error
+			 */
+
+			if (samdb_find_attribute(ldb, ac->search_res->message, "objectClass", "group") == NULL &&
+			    samdb_find_attribute(ldb, ac->search_res->message, "objectClass", "samDomain") == NULL &&
+			    samdb_find_attribute(ldb, ac->search_res->message, "objectClass", "samServer") == NULL &&
+			    samdb_find_attribute(ldb, ac->search_res->message, "objectClass", "user") == NULL) {
+					ldb_asprintf_errstring(ldb,
+					       "objectclass: Cannot tree-delete %s, it's a critical system object!",
+					       ldb_dn_get_linearized(ac->req->op.del.dn));
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+			}
+		}
+	}
+
+	return ldb_next_request(ac->module, ac->req);
+}
+
+static int objectclass_init(struct ldb_module *module)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	int ret;
+
+	/* Init everything else */
+	ret = ldb_next_init(module);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	
+	/* Look for the opaque to indicate we might have to cut down the DN of defaultObjectCategory */
+	ldb_module_set_private(module, ldb_get_opaque(ldb, DSDB_EXTENDED_DN_STORE_FORMAT_OPAQUE_NAME));
+
+	ret = ldb_mod_register_control(module, LDB_CONTROL_RODC_DCPROMO_OID);
+	if (ret != LDB_SUCCESS) {
+		ldb_debug(ldb, LDB_DEBUG_ERROR,
+			  "objectclass_init: Unable to register control DCPROMO with rootdse\n");
+		return ldb_operr(ldb);
+	}
+
+	return ret;
+}
+
+static const struct ldb_module_ops ldb_objectclass_module_ops = {
+	.name		= "objectclass",
+	.add		= objectclass_add,
+	.modify		= objectclass_modify,
+	.rename		= objectclass_rename,
+	.del		= objectclass_delete,
+	.init_context	= objectclass_init
+};
+
+int ldb_objectclass_module_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_objectclass_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
new file mode 100644
index 0000000..da4217a
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
@@ -0,0 +1,752 @@
+/*
+   ldb database library
+
+   Copyright (C) Simo Sorce  2006-2008
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2009
+   Copyright (C) Stefan Metzmacher 2009
+   Copyright (C) Matthias Dieter Wallnöfer 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with this library; if not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: ldb
+ *
+ *  Component: objectclass attribute checking module
+ *
+ *  Description: this checks the attributes on a directory entry (if they're
+ *    allowed, if the syntax is correct, if mandatory ones are missing,
+ *    denies the deletion of mandatory ones...). The module contains portions
+ *    of the "objectclass" and the "validate_update" LDB module.
+ *
+ *  Author: Matthias Dieter Wallnöfer
+ */
+
+#include "includes.h"
+#include "ldb_module.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+
+#undef strcasecmp
+
+struct oc_context {
+
+	struct ldb_module *module;
+	struct ldb_request *req;
+	const struct dsdb_schema *schema;
+
+	struct ldb_message *msg;
+
+	struct ldb_reply *search_res;
+	struct ldb_reply *mod_ares;
+};
+
+static struct oc_context *oc_init_context(struct ldb_module *module,
+					  struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct oc_context *ac;
+
+	ldb = ldb_module_get_ctx(module);
+
+	ac = talloc_zero(req, struct oc_context);
+	if (ac == NULL) {
+		ldb_oom(ldb);
+		return NULL;
+	}
+
+	ac->module = module;
+	ac->req = req;
+	ac->schema = dsdb_get_schema(ldb, ac);
+
+	return ac;
+}
+
+static int oc_op_callback(struct ldb_request *req, struct ldb_reply *ares);
+
+/*
+ * Checks the correctness of the "dSHeuristics" attribute as described in both
+ * MS-ADTS 7.1.1.2.4.1.2 dSHeuristics and MS-ADTS 3.1.1.5.3.2 Constraints
+ */
+static int oc_validate_dsheuristics(struct ldb_message_element *el)
+{
+	if (el->num_values > 0) {
+		if ((el->values[0].length >= DS_HR_NINETIETH_CHAR) &&
+		    (el->values[0].data[DS_HR_NINETIETH_CHAR-1] != '9')) {
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+		if ((el->values[0].length >= DS_HR_EIGHTIETH_CHAR) &&
+		    (el->values[0].data[DS_HR_EIGHTIETH_CHAR-1] != '8')) {
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+		if ((el->values[0].length >= DS_HR_SEVENTIETH_CHAR) &&
+		    (el->values[0].data[DS_HR_SEVENTIETH_CHAR-1] != '7')) {
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+		if ((el->values[0].length >= DS_HR_SIXTIETH_CHAR) &&
+		    (el->values[0].data[DS_HR_SIXTIETH_CHAR-1] != '6')) {
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+		if ((el->values[0].length >= DS_HR_FIFTIETH_CHAR) &&
+		    (el->values[0].data[DS_HR_FIFTIETH_CHAR-1] != '5')) {
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+		if ((el->values[0].length >= DS_HR_FOURTIETH_CHAR) &&
+		    (el->values[0].data[DS_HR_FOURTIETH_CHAR-1] != '4')) {
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+		if ((el->values[0].length >= DS_HR_THIRTIETH_CHAR) &&
+		    (el->values[0].data[DS_HR_THIRTIETH_CHAR-1] != '3')) {
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+		if ((el->values[0].length >= DS_HR_TWENTIETH_CHAR) &&
+		    (el->values[0].data[DS_HR_TWENTIETH_CHAR-1] != '2')) {
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+		if ((el->values[0].length >= DS_HR_TENTH_CHAR) &&
+		    (el->values[0].data[DS_HR_TENTH_CHAR-1] != '1')) {
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+	}
+
+	return LDB_SUCCESS;
+}
+
+/*
+  auto normalise values on input
+ */
+static int oc_auto_normalise(struct ldb_context *ldb, const struct dsdb_attribute *attr,
+			     struct ldb_message *msg, struct ldb_message_element *el)
+{
+	int i;
+	bool values_copied = false;
+
+	for (i=0; i<el->num_values; i++) {
+		struct ldb_val v;
+		int ret;
+		/*
+		 * We use msg->elements (owned by this module due to
+		 * ldb_msg_copy_shallow()) as a memory context and
+		 * then steal from there to the right spot if we don't
+		 * free it.
+		 */
+		ret = attr->ldb_schema_attribute->syntax->canonicalise_fn(ldb,
+									  msg->elements,
+									  &el->values[i],
+									  &v);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+		if (data_blob_cmp(&v, &el->values[i]) == 0) {
+			/* no need to replace it */
+			talloc_free(v.data);
+			continue;
+		}
+
+		/* we need to copy the values array on the first change */
+		if (!values_copied) {
+			struct ldb_val *v2;
+			v2 = talloc_array(msg->elements, struct ldb_val, el->num_values);
+			if (v2 == NULL) {
+				return ldb_oom(ldb);
+			}
+			memcpy(v2, el->values, sizeof(struct ldb_val) * el->num_values);
+			el->values = v2;
+			values_copied = true;
+		}
+
+		el->values[i] = v;
+
+		/*
+		 * By now el->values is a talloc pointer under
+		 * msg->elements and may now be used
+		 */
+		talloc_steal(el->values, v.data);
+	}
+	return LDB_SUCCESS;
+}
+
+static int attr_handler(struct oc_context *ac)
+{
+	struct ldb_context *ldb;
+	struct ldb_message *msg;
+	struct ldb_request *child_req;
+	const struct dsdb_attribute *attr;
+	unsigned int i;
+	int ret;
+	WERROR werr;
+	struct dsdb_syntax_ctx syntax_ctx;
+
+	ldb = ldb_module_get_ctx(ac->module);
+
+	if (ac->req->operation == LDB_ADD) {
+		msg = ldb_msg_copy_shallow(ac, ac->req->op.add.message);
+	} else {
+		msg = ldb_msg_copy_shallow(ac, ac->req->op.mod.message);
+	}
+	if (msg == NULL) {
+		return ldb_oom(ldb);
+	}
+	ac->msg = msg;
+
+	/* initialize syntax checking context */
+	dsdb_syntax_ctx_init(&syntax_ctx, ldb, ac->schema);
+
+	/* Check if attributes exist in the schema, if the values match,
+	 * if they're not operational and fix the names to the match the schema
+	 * case */
+	for (i = 0; i < msg->num_elements; i++) {
+		attr = dsdb_attribute_by_lDAPDisplayName(ac->schema,
+							 msg->elements[i].name);
+		if (attr == NULL) {
+			if (ldb_request_get_control(ac->req, DSDB_CONTROL_DBCHECK) &&
+			    ac->req->operation != LDB_ADD) {
+				/* we allow this for dbcheck to fix
+				   broken attributes */
+				goto no_attribute;
+			}
+			ldb_asprintf_errstring(ldb, "objectclass_attrs: attribute '%s' on entry '%s' was not found in the schema!",
+					       msg->elements[i].name,
+					       ldb_dn_get_linearized(msg->dn));
+			return LDB_ERR_NO_SUCH_ATTRIBUTE;
+		}
+
+		if ((attr->linkID & 1) == 1 &&
+		    !ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID) &&
+		    !ldb_request_get_control(ac->req, DSDB_CONTROL_DBCHECK)) {
+			/* Odd is for the target.  Illegal to modify */
+			ldb_asprintf_errstring(ldb, 
+					       "objectclass_attrs: attribute '%s' on entry '%s' must not be modified directly, it is a linked attribute", 
+					       msg->elements[i].name,
+					       ldb_dn_get_linearized(msg->dn));
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+
+		/*
+		 * Enforce systemOnly checks from [ADTS] 3.1.1.5.3.2
+		 * Constraints in Modify Operation
+		 */
+		if (ac->req->operation == LDB_MODIFY && attr->systemOnly) {
+			/*
+			 * Allow dbcheck and relax to bypass. objectClass, name
+			 * and distinguishedName are generally handled
+			 * elsewhere.
+			 *
+			 * The remaining cases, undelete, msDS-AdditionalDnsHostName
+			 * and wellKnownObjects are documented in the specification.
+			 */
+			if (!ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID) &&
+			    !ldb_request_get_control(ac->req, DSDB_CONTROL_DBCHECK) &&
+			    !ldb_request_get_control(ac->req, DSDB_CONTROL_RESTORE_TOMBSTONE_OID) &&
+			    ldb_attr_cmp(attr->lDAPDisplayName, "objectClass") != 0 &&
+			    ldb_attr_cmp(attr->lDAPDisplayName, "name") != 0 &&
+			    ldb_attr_cmp(attr->lDAPDisplayName, "distinguishedName") != 0 &&
+			    ldb_attr_cmp(attr->lDAPDisplayName, "msDS-AdditionalDnsHostName") != 0 &&
+			    ldb_attr_cmp(attr->lDAPDisplayName, "wellKnownObjects") != 0) {
+				/*
+				 * Comparison against base schema DN is used as a substitute for
+				 * fschemaUpgradeInProgress and other specific schema checks.
+				 */
+				if (ldb_dn_compare_base(ldb_get_schema_basedn(ldb), msg->dn) != 0) {
+					struct ldb_control *as_system = ldb_request_get_control(ac->req,
+												LDB_CONTROL_AS_SYSTEM_OID);
+					if (!dsdb_module_am_system(ac->module) && !as_system) {
+						ldb_asprintf_errstring(ldb,
+								       "objectclass_attrs: attribute '%s' on entry '%s' can only be modified as system",
+								       msg->elements[i].name,
+								       ldb_dn_get_linearized(msg->dn));
+						return LDB_ERR_CONSTRAINT_VIOLATION;
+					}
+				}
+			}
+		}
+
+		if (!(msg->elements[i].flags & LDB_FLAG_INTERNAL_DISABLE_VALIDATION)) {
+			werr = attr->syntax->validate_ldb(&syntax_ctx, attr,
+							  &msg->elements[i]);
+			if (!W_ERROR_IS_OK(werr) &&
+			    !ldb_request_get_control(ac->req, DSDB_CONTROL_DBCHECK)) {
+				ldb_asprintf_errstring(ldb, "objectclass_attrs: attribute '%s' on entry '%s' contains at least one invalid value!",
+						       msg->elements[i].name,
+						       ldb_dn_get_linearized(msg->dn));
+				return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
+			}
+		}
+
+		if ((attr->systemFlags & DS_FLAG_ATTR_IS_CONSTRUCTED) != 0) {
+			ldb_asprintf_errstring(ldb, "objectclass_attrs: attribute '%s' on entry '%s' is constructed!",
+					       msg->elements[i].name,
+					       ldb_dn_get_linearized(msg->dn));
+			if (ac->req->operation == LDB_ADD) {
+				return LDB_ERR_UNDEFINED_ATTRIBUTE_TYPE;
+			} else {
+				return LDB_ERR_CONSTRAINT_VIOLATION;
+			}
+		}
+
+		/* "dSHeuristics" syntax check */
+		if (ldb_attr_cmp(attr->lDAPDisplayName, "dSHeuristics") == 0) {
+			ret = oc_validate_dsheuristics(&(msg->elements[i]));
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+		}
+
+		/* auto normalise some attribute values */
+		if (attr->syntax->auto_normalise) {
+			ret = oc_auto_normalise(ldb, attr, msg, &msg->elements[i]);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+		}
+
+		/* Substitute the attribute name to match in case */
+		msg->elements[i].name = attr->lDAPDisplayName;
+	}
+
+no_attribute:
+	if (ac->req->operation == LDB_ADD) {
+		ret = ldb_build_add_req(&child_req, ldb, ac,
+					msg, ac->req->controls,
+					ac, oc_op_callback, ac->req);
+		LDB_REQ_SET_LOCATION(child_req);
+	} else {
+		ret = ldb_build_mod_req(&child_req, ldb, ac,
+					msg, ac->req->controls,
+					ac, oc_op_callback, ac->req);
+		LDB_REQ_SET_LOCATION(child_req);
+	}
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return ldb_next_request(ac->module, child_req);
+}
+
+/*
+  these are attributes which are left over from old ways of doing
+  things in ldb, and are harmless
+ */
+static const char *harmless_attrs[] = { "parentGUID", NULL };
+
+static int attr_handler2(struct oc_context *ac)
+{
+	struct ldb_context *ldb;
+	struct ldb_message_element *oc_element;
+	struct ldb_message *msg;
+	const char **must_contain, **may_contain, **found_must_contain;
+	/* There exists a hardcoded delete-protected attributes list in AD */
+	const char *del_prot_attributes[] = { "nTSecurityDescriptor",
+		"objectSid", "sAMAccountType", "sAMAccountName", "groupType",
+		"primaryGroupID", "userAccountControl", "accountExpires",
+		"badPasswordTime", "badPwdCount", "codePage", "countryCode",
+		"lastLogoff", "lastLogon", "logonCount", "pwdLastSet", NULL },
+		**l;
+	const struct dsdb_attribute *attr;
+	unsigned int i;
+	bool found;
+	bool isSchemaAttr = false;
+
+	ldb = ldb_module_get_ctx(ac->module);
+
+	if (ac->search_res == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	/* We rely here on the preceding "objectclass" LDB module which did
+	 * already fix up the objectclass list (inheritance, order...). */
+	oc_element = ldb_msg_find_element(ac->search_res->message,
+					  "objectClass");
+	if (oc_element == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	/* LSA-specific object classes are not allowed to be created over LDAP,
+	 * so we need to tell if this connection is internal (trusted) or not
+	 * (untrusted).
+	 *
+	 * Hongwei Sun from Microsoft explains:
+	 * The constraint in 3.1.1.5.2.2 MS-ADTS means that LSA objects cannot
+	 * be added or modified through the LDAP interface, instead they can
+	 * only be handled through LSA Policy API.  This is also explained in
+	 * 7.1.6.9.7 MS-ADTS as follows:
+	 * "Despite being replicated normally between peer DCs in a domain,
+	 * the process of creating or manipulating TDOs is specifically
+	 * restricted to the LSA Policy APIs, as detailed in [MS-LSAD] section
+	 * 3.1.1.5. Unlike other objects in the DS, TDOs may not be created or
+	 *  manipulated by client machines over the LDAPv3 transport."
+	 */
+	for (i = 0; i < oc_element->num_values; i++) {
+		char * attname = (char *)oc_element->values[i].data;
+		if (ldb_req_is_untrusted(ac->req)) {
+			if (strcmp(attname, "secret") == 0 ||
+			    strcmp(attname, "trustedDomain") == 0) {
+				ldb_asprintf_errstring(ldb, "objectclass_attrs: LSA objectclasses (entry '%s') cannot be created or changed over LDAP!",
+						       ldb_dn_get_linearized(ac->search_res->message->dn));
+				return LDB_ERR_UNWILLING_TO_PERFORM;
+			}
+		}
+		if (strcmp(attname, "attributeSchema") == 0) {
+			isSchemaAttr = true;
+		}
+	}
+
+	must_contain = dsdb_full_attribute_list(ac, ac->schema, oc_element,
+						DSDB_SCHEMA_ALL_MUST);
+	may_contain =  dsdb_full_attribute_list(ac, ac->schema, oc_element,
+						DSDB_SCHEMA_ALL_MAY);
+	found_must_contain = const_str_list(str_list_copy(ac, must_contain));
+	if ((must_contain == NULL) || (may_contain == NULL)
+	    || (found_must_contain == NULL)) {
+		return ldb_operr(ldb);
+	}
+
+	/* Check the delete-protected attributes list */
+	msg = ac->search_res->message;
+	for (l = del_prot_attributes; *l != NULL; l++) {
+		struct ldb_message_element *el;
+
+		el = ldb_msg_find_element(ac->msg, *l);
+		if (el == NULL) {
+			/*
+			 * It was not specified in the add or modify,
+			 * so it doesn't need to be in the stored record
+			 */
+			continue;
+		}
+
+		found = str_list_check_ci(must_contain, *l);
+		if (!found) {
+			found = str_list_check_ci(may_contain, *l);
+		}
+		if (found && (ldb_msg_find_element(msg, *l) == NULL)) {
+			ldb_asprintf_errstring(ldb, "objectclass_attrs: delete protected attribute '%s' on entry '%s' missing!",
+					       *l,
+					       ldb_dn_get_linearized(msg->dn));
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+	}
+
+	/* Check if all specified attributes are valid in the given
+	 * objectclasses and if they meet additional schema restrictions. */
+	for (i = 0; i < msg->num_elements; i++) {
+		attr = dsdb_attribute_by_lDAPDisplayName(ac->schema,
+							 msg->elements[i].name);
+		if (attr == NULL) {
+			if (ldb_request_get_control(ac->req, DSDB_CONTROL_DBCHECK)) {
+				/* allow this to make it possible for dbcheck
+				   to remove bad attributes */
+				continue;
+			}
+			return ldb_operr(ldb);
+		}
+
+		if (attr->linkID & 1) {
+			/*
+			 * We need to allow backlinks on all objects
+			 * even if the schema doesn't allow it.
+			 */
+			continue;
+		}
+
+		/* We can use "str_list_check" with "strcmp" here since the
+		 * attribute information from the schema are always equal
+		 * up-down-cased. */
+		found = str_list_check(must_contain, attr->lDAPDisplayName);
+		if (found) {
+			str_list_remove(found_must_contain, attr->lDAPDisplayName);
+		} else {
+			found = str_list_check(may_contain, attr->lDAPDisplayName);
+		}
+		if (!found) {
+			found = str_list_check(harmless_attrs, attr->lDAPDisplayName);
+		}
+		if (!found) {
+			/* we allow this for dbcheck to fix the rest of this broken entry */
+			if (!ldb_request_get_control(ac->req, DSDB_CONTROL_DBCHECK) || 
+			    ac->req->operation == LDB_ADD) {
+				ldb_asprintf_errstring(ldb, "objectclass_attrs: attribute '%s' on entry '%s' does not exist in the specified objectclasses!",
+						       msg->elements[i].name,
+						       ldb_dn_get_linearized(msg->dn));
+				return LDB_ERR_OBJECT_CLASS_VIOLATION;
+			}
+		}
+	}
+
+	/*
+	 * We skip this check under dbcheck to allow fixing of other
+	 * attributes even if an attribute is missing.  This matters
+	 * for CN=RID Set as the required attribute rIDNextRid is not
+	 * replicated.
+	 */
+	if (found_must_contain[0] != NULL &&
+	    ldb_msg_check_string_attribute(msg, "isDeleted", "TRUE") == 0) {
+
+		for (i = 0; found_must_contain[i] != NULL; i++) {
+			const struct dsdb_attribute *broken_attr = dsdb_attribute_by_lDAPDisplayName(ac->schema,
+												     found_must_contain[i]);
+
+			bool replicated = (broken_attr->systemFlags &
+					   (DS_FLAG_ATTR_NOT_REPLICATED | DS_FLAG_ATTR_IS_CONSTRUCTED)) == 0;
+
+			if (replicated) {
+				ldb_asprintf_errstring(ldb, "objectclass_attrs: at least one mandatory "
+						       "attribute ('%s') on entry '%s' wasn't specified!",
+						       found_must_contain[i],
+						       ldb_dn_get_linearized(msg->dn));
+				return LDB_ERR_OBJECT_CLASS_VIOLATION;
+			}
+		}
+	}
+
+	if (isSchemaAttr) {
+		/*
+		 * Before really adding an attribute in the database,
+		 * let's check that we can translate it into a dsdb_attribute and
+		 * that we can find a valid syntax object.
+		 * If not it's better to reject this attribute than not be able
+		 * to start samba next time due to schema being unloadable.
+		 */
+		struct dsdb_attribute *att = talloc(ac, struct dsdb_attribute);
+		const struct dsdb_syntax *attrSyntax;
+		WERROR status;
+
+		status = dsdb_attribute_from_ldb(NULL, msg, att);
+		if (!W_ERROR_IS_OK(status)) {
+			ldb_set_errstring(ldb,
+						"objectclass: failed to translate the schemaAttribute to a dsdb_attribute");
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+
+		attrSyntax = dsdb_syntax_for_attribute(att);
+		if (!attrSyntax) {
+			ldb_set_errstring(ldb,
+						"objectclass: unknown attribute syntax");
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+	}
+	return ldb_module_done(ac->req, ac->mod_ares->controls,
+			       ac->mod_ares->response, LDB_SUCCESS);
+}
+
+static int get_search_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	struct ldb_context *ldb;
+	struct oc_context *ac;
+	int ret;
+
+	ac = talloc_get_type(req->context, struct oc_context);
+	ldb = ldb_module_get_ctx(ac->module);
+
+	if (!ares) {
+		return ldb_module_done(ac->req, NULL, NULL,
+				       LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, ares->controls,
+				       ares->response, ares->error);
+	}
+
+	ldb_reset_err_string(ldb);
+
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+		if (ac->search_res != NULL) {
+			ldb_set_errstring(ldb, "Too many results");
+			talloc_free(ares);
+			return ldb_module_done(ac->req, NULL, NULL,
+					       LDB_ERR_OPERATIONS_ERROR);
+		}
+
+		ac->search_res = talloc_steal(ac, ares);
+		break;
+
+	case LDB_REPLY_REFERRAL:
+		/* ignore */
+		talloc_free(ares);
+		break;
+
+	case LDB_REPLY_DONE:
+		talloc_free(ares);
+		ret = attr_handler2(ac);
+		if (ret != LDB_SUCCESS) {
+			return ldb_module_done(ac->req, NULL, NULL, ret);
+		}
+		break;
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int oc_op_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	struct oc_context *ac;
+	struct ldb_context *ldb;
+	struct ldb_request *search_req;
+	struct ldb_dn *base_dn;
+	int ret;
+	static const char *attrs[] = {"nTSecurityDescriptor", "*", NULL};
+
+	ac = talloc_get_type(req->context, struct oc_context);
+	ldb = ldb_module_get_ctx(ac->module);
+
+	if (!ares) {
+		return ldb_module_done(ac->req, NULL, NULL,
+				       LDB_ERR_OPERATIONS_ERROR);
+	}
+
+	if (ares->type == LDB_REPLY_REFERRAL) {
+		return ldb_module_send_referral(ac->req, ares->referral);
+	}
+
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, ares->controls, ares->response,
+				       ares->error);
+	}
+
+	if (ares->type != LDB_REPLY_DONE) {
+		talloc_free(ares);
+		return ldb_module_done(ac->req, NULL, NULL,
+				       LDB_ERR_OPERATIONS_ERROR);
+	}
+
+	ac->search_res = NULL;
+	ac->mod_ares = talloc_steal(ac, ares);
+
+	/* This looks up all attributes of our just added/modified entry */
+	base_dn = ac->req->operation == LDB_ADD ? ac->req->op.add.message->dn
+		: ac->req->op.mod.message->dn;
+	ret = ldb_build_search_req(&search_req, ldb, ac, base_dn,
+				   LDB_SCOPE_BASE, "(objectClass=*)",
+				   attrs, NULL, ac,
+				   get_search_callback, ac->req);
+	LDB_REQ_SET_LOCATION(search_req);
+	if (ret != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, NULL, NULL, ret);
+	}
+
+	ret = ldb_request_add_control(search_req, LDB_CONTROL_SHOW_RECYCLED_OID,
+				      true, NULL);
+	if (ret != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, NULL, NULL, ret);
+	}
+
+	/*
+	 * This ensures we see if there was a DN, that pointed at an
+	 * object that is now deleted, that we still consider the
+	 * schema check to have passed
+	 */
+	ret = ldb_request_add_control(search_req, LDB_CONTROL_REVEAL_INTERNALS,
+				      false, NULL);
+	if (ret != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, NULL, NULL, ret);
+	}
+
+	ret = ldb_next_request(ac->module, search_req);
+	if (ret != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, NULL, NULL, ret);
+	}
+
+	/* "ldb_module_done" isn't called here since we need to do additional
+	 * checks. It is called at the end of "attr_handler2". */
+	return LDB_SUCCESS;
+}
+
+static int objectclass_attrs_add(struct ldb_module *module,
+				 struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct oc_context *ac;
+
+	ldb = ldb_module_get_ctx(module);
+
+	ldb_debug(ldb, LDB_DEBUG_TRACE, "objectclass_attrs_add\n");
+
+	/* do not manipulate our control entries */
+	if (ldb_dn_is_special(req->op.add.message->dn)) {
+		return ldb_next_request(module, req);
+	}
+
+	ac = oc_init_context(module, req);
+	if (ac == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	/* without schema, there isn't much to do here */
+	if (ac->schema == NULL) {
+		talloc_free(ac);
+		return ldb_next_request(module, req);
+	}
+
+	return attr_handler(ac);
+}
+
+static int objectclass_attrs_modify(struct ldb_module *module,
+				    struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct ldb_control *sd_propagation_control;
+	int ret;
+
+	struct oc_context *ac;
+
+	ldb = ldb_module_get_ctx(module);
+
+	ldb_debug(ldb, LDB_DEBUG_TRACE, "objectclass_attrs_modify\n");
+
+	/* do not manipulate our control entries */
+	if (ldb_dn_is_special(req->op.mod.message->dn)) {
+		return ldb_next_request(module, req);
+	}
+
+	sd_propagation_control = ldb_request_get_control(req,
+					DSDB_CONTROL_SEC_DESC_PROPAGATION_OID);
+	if (sd_propagation_control != NULL) {
+		if (req->op.mod.message->num_elements != 1) {
+			return ldb_module_operr(module);
+		}
+		ret = strcmp(req->op.mod.message->elements[0].name,
+			     "nTSecurityDescriptor");
+		if (ret != 0) {
+			return ldb_module_operr(module);
+		}
+
+		return ldb_next_request(module, req);
+	}
+
+	ac = oc_init_context(module, req);
+	if (ac == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	/* without schema, there isn't much to do here */
+	if (ac->schema == NULL) {
+		talloc_free(ac);
+		return ldb_next_request(module, req);
+	}
+
+	return attr_handler(ac);
+}
+
+static const struct ldb_module_ops ldb_objectclass_attrs_module_ops = {
+	.name		   = "objectclass_attrs",
+	.add               = objectclass_attrs_add,
+	.modify            = objectclass_attrs_modify
+};
+
+int ldb_objectclass_attrs_module_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_objectclass_attrs_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c
new file mode 100644
index 0000000..cfc8918
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/objectguid.c
@@ -0,0 +1,252 @@
+/* 
+   ldb database library
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
+   Copyright (C) Andrew Tridgell 2005
+   Copyright (C) Simo Sorce  2004-2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: ldb
+ *
+ *  Component: ldb objectguid module
+ *
+ *  Description: add a unique objectGUID onto every new record
+ *
+ *  Author: Simo Sorce
+ */
+
+#include "includes.h"
+#include "ldb_module.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "param/param.h"
+
+/*
+  add a time element to a record
+*/
+static int add_time_element(struct ldb_message *msg, const char *attr, time_t t)
+{
+	char *s;
+	int ret;
+
+	if (ldb_msg_find_element(msg, attr) != NULL) {
+		return LDB_SUCCESS;
+	}
+
+	s = ldb_timestring(msg, t);
+	if (s == NULL) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	/* always set as replace. This works because on add ops, the flag
+	   is ignored */
+	ret = ldb_msg_append_string(msg, attr, s, LDB_FLAG_MOD_REPLACE);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return LDB_SUCCESS;
+}
+
+/*
+  add a uint64_t element to a record
+*/
+static int add_uint64_element(struct ldb_context *ldb, struct ldb_message *msg,
+			      const char *attr, uint64_t v)
+{
+	int ret;
+
+	if (ldb_msg_find_element(msg, attr) != NULL) {
+		return LDB_SUCCESS;
+	}
+
+	/* always set as replace. This works because on add ops, the flag
+	   is ignored */
+	ret = samdb_msg_append_uint64(ldb, msg, msg, attr, v, LDB_FLAG_MOD_REPLACE);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return LDB_SUCCESS;
+}
+
+struct og_context {
+	struct ldb_module *module;
+	struct ldb_request *req;
+};
+
+/* add_record: add objectGUID and timestamp attributes */
+static int objectguid_add(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct ldb_request *down_req;
+	struct ldb_message *msg;
+	struct ldb_message_element *el;
+	struct GUID guid;
+	uint64_t seq_num;
+	int ret;
+	time_t t = time(NULL);
+	struct og_context *ac;
+
+	ldb = ldb_module_get_ctx(module);
+
+	ldb_debug(ldb, LDB_DEBUG_TRACE, "objectguid_add_record\n");
+
+	/* do not manipulate our control entries */
+	if (ldb_dn_is_special(req->op.add.message->dn)) {
+		return ldb_next_request(module, req);
+	}
+
+	el = ldb_msg_find_element(req->op.add.message, "objectGUID");
+	if (el != NULL) {
+		ldb_set_errstring(ldb,
+				  "objectguid: objectGUID must not be specified!");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	ac = talloc(req, struct og_context);
+	if (ac == NULL) {
+		return ldb_oom(ldb);
+	}
+	ac->module = module;
+	ac->req = req;
+
+	/* we have to copy the message as the caller might have it as a const */
+	msg = ldb_msg_copy_shallow(ac, req->op.add.message);
+	if (msg == NULL) {
+		talloc_free(ac);
+		return ldb_operr(ldb);
+	}
+
+	/* a new GUID */
+	guid = GUID_random();
+
+	ret = dsdb_msg_add_guid(msg, &guid, "objectGUID");
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	
+	if (add_time_element(msg, "whenCreated", t) != LDB_SUCCESS ||
+	    add_time_element(msg, "whenChanged", t) != LDB_SUCCESS) {
+		return ldb_operr(ldb);
+	}
+
+	/* Get a sequence number from the backend */
+	ret = ldb_sequence_number(ldb, LDB_SEQ_NEXT, &seq_num);
+	if (ret == LDB_SUCCESS) {
+		if (add_uint64_element(ldb, msg, "uSNCreated",
+				       seq_num) != LDB_SUCCESS ||
+		    add_uint64_element(ldb, msg, "uSNChanged",
+				       seq_num) != LDB_SUCCESS) {
+			return ldb_operr(ldb);
+		}
+	}
+
+	ret = ldb_build_add_req(&down_req, ldb, ac,
+				msg,
+				req->controls,
+				req, dsdb_next_callback,
+				req);
+	LDB_REQ_SET_LOCATION(down_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/* go on with the call chain */
+	return ldb_next_request(module, down_req);
+}
+
+/* modify_record: update timestamps */
+static int objectguid_modify(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct ldb_request *down_req;
+	struct ldb_message *msg;
+	struct ldb_message_element *el;
+	int ret;
+	time_t t = time(NULL);
+	uint64_t seq_num;
+	struct og_context *ac;
+
+	ldb = ldb_module_get_ctx(module);
+
+	ldb_debug(ldb, LDB_DEBUG_TRACE, "objectguid_modify_record\n");
+
+	/* do not manipulate our control entries */
+	if (ldb_dn_is_special(req->op.mod.message->dn)) {
+		return ldb_next_request(module, req);
+	}
+
+	el = ldb_msg_find_element(req->op.mod.message, "objectGUID");
+	if (el != NULL) {
+		ldb_set_errstring(ldb,
+				  "objectguid: objectGUID must not be specified!");
+		return LDB_ERR_CONSTRAINT_VIOLATION;
+	}
+
+	ac = talloc(req, struct og_context);
+	if (ac == NULL) {
+		return ldb_oom(ldb);
+	}
+	ac->module = module;
+	ac->req = req;
+
+	/* we have to copy the message as the caller might have it as a const */
+	msg = ldb_msg_copy_shallow(ac, req->op.mod.message);
+	if (msg == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	if (add_time_element(msg, "whenChanged", t) != LDB_SUCCESS) {
+		return ldb_operr(ldb);
+	}
+
+	/* Get a sequence number from the backend */
+	ret = ldb_sequence_number(ldb, LDB_SEQ_NEXT, &seq_num);
+	if (ret == LDB_SUCCESS) {
+		if (add_uint64_element(ldb, msg, "uSNChanged",
+				       seq_num) != LDB_SUCCESS) {
+			return ldb_operr(ldb);
+		}
+	}
+
+	ret = ldb_build_mod_req(&down_req, ldb, ac,
+				msg,
+				req->controls,
+				req, dsdb_next_callback,
+				req);
+	LDB_REQ_SET_LOCATION(down_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/* go on with the call chain */
+	return ldb_next_request(module, down_req);
+}
+
+static const struct ldb_module_ops ldb_objectguid_module_ops = {
+	.name          = "objectguid",
+	.add           = objectguid_add,
+	.modify        = objectguid_modify
+};
+
+int ldb_objectguid_module_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_objectguid_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/operational.c b/source4/dsdb/samdb/ldb_modules/operational.c
new file mode 100644
index 0000000..1317b58
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/operational.c
@@ -0,0 +1,1920 @@
+/*
+   ldb database library
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2001-2010
+   Copyright (C) Andrew Tridgell 2005
+   Copyright (C) Simo Sorce 2006-2008
+   Copyright (C) Matthias Dieter Wallnöfer 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+  handle operational attributes
+ */
+
+/*
+  createTimeStamp: HIDDEN, searchable, ldaptime, alias for whenCreated
+  modifyTimeStamp: HIDDEN, searchable, ldaptime, alias for whenChanged
+
+     for the above two, we do the search as normal, and if
+     createTimeStamp or modifyTimeStamp is asked for, then do
+     additional searches for whenCreated and whenChanged and fill in
+     the resulting values
+
+     we also need to replace these with the whenCreated/whenChanged
+     equivalent in the search expression trees
+
+  whenCreated: not-HIDDEN, CONSTRUCTED, SEARCHABLE
+  whenChanged: not-HIDDEN, CONSTRUCTED, SEARCHABLE
+
+     on init we need to setup attribute handlers for these so
+     comparisons are done correctly. The resolution is 1 second.
+
+     on add we need to add both the above, for current time
+
+     on modify we need to change whenChanged
+
+  structuralObjectClass: HIDDEN, CONSTRUCTED, not-searchable. always same as objectclass?
+
+     for this one we do the search as normal, then if requested ask
+     for objectclass, change the attribute name, and add it
+
+  primaryGroupToken: HIDDEN, CONSTRUCTED, SEARCHABLE
+
+     contains the RID of a certain group object
+
+
+  attributeTypes: in schema only
+  objectClasses: in schema only
+  matchingRules: in schema only
+  matchingRuleUse: in schema only
+  creatorsName: not supported by w2k3?
+  modifiersName: not supported by w2k3?
+*/
+
+#include "includes.h"
+#include <ldb.h>
+#include <ldb_module.h>
+
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+
+#include "auth/auth.h"
+
+#ifndef ARRAY_SIZE
+#define ARRAY_SIZE(a) (sizeof(a)/sizeof(a[0]))
+#endif
+
+#undef strcasecmp
+
+struct operational_data {
+	struct ldb_dn *aggregate_dn;
+};
+
+enum search_type {
+	TOKEN_GROUPS,
+	TOKEN_GROUPS_GLOBAL_AND_UNIVERSAL,
+	TOKEN_GROUPS_NO_GC_ACCEPTABLE,
+
+	/*
+	 * MS-DRSR 4.1.8.1.3 RevMembGetAccountGroups: Transitive membership in
+	 * all account groups in a given domain, excluding built-in groups.
+	 * (Used internally for msDS-ResultantPSO support)
+	 */
+	ACCOUNT_GROUPS
+};
+
+static int get_pso_for_user(struct ldb_module *module,
+			    struct ldb_message *user_msg,
+			    struct ldb_request *parent,
+			    struct ldb_message **pso_msg);
+
+/*
+  construct a canonical name from a message
+*/
+static int construct_canonical_name(struct ldb_module *module,
+				    struct ldb_message *msg, enum ldb_scope scope,
+				    struct ldb_request *parent)
+{
+	char *canonicalName;
+	canonicalName = ldb_dn_canonical_string(msg, msg->dn);
+	if (canonicalName == NULL) {
+		return ldb_operr(ldb_module_get_ctx(module));
+	}
+	return ldb_msg_add_steal_string(msg, "canonicalName", canonicalName);
+}
+
+/*
+  construct a primary group token for groups from a message
+*/
+static int construct_primary_group_token(struct ldb_module *module,
+					 struct ldb_message *msg, enum ldb_scope scope,
+					 struct ldb_request *parent)
+{
+	struct ldb_context *ldb;
+	uint32_t primary_group_token;
+
+	ldb = ldb_module_get_ctx(module);
+	if (ldb_match_msg_objectclass(msg, "group") == 1) {
+		primary_group_token
+			= samdb_result_rid_from_sid(msg, msg, "objectSid", 0);
+		if (primary_group_token == 0) {
+			return LDB_SUCCESS;
+		}
+
+		return samdb_msg_add_uint(ldb, msg, msg, "primaryGroupToken",
+			primary_group_token);
+	} else {
+		return LDB_SUCCESS;
+	}
+}
+
+/*
+ * Returns the group SIDs for the user in the given LDB message
+ */
+static int get_group_sids(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
+			  struct ldb_message *msg, const char *attribute_string,
+			  enum search_type type, struct auth_SidAttr **groupSIDs,
+			  uint32_t *num_groupSIDs)
+{
+	const char *filter = NULL;
+	NTSTATUS status;
+	struct dom_sid *primary_group_sid;
+	const char *primary_group_string;
+	const char *primary_group_dn;
+	DATA_BLOB primary_group_blob;
+	struct dom_sid *account_sid;
+	const char *account_sid_string;
+	const char *account_sid_dn;
+	DATA_BLOB account_sid_blob;
+	struct dom_sid *domain_sid;
+
+	/* If it's not a user, it won't have a primaryGroupID */
+	if (ldb_msg_find_element(msg, "primaryGroupID") == NULL) {
+		return LDB_SUCCESS;
+	}
+
+	/* Ensure it has an objectSID too */
+	account_sid = samdb_result_dom_sid(mem_ctx, msg, "objectSid");
+	if (account_sid == NULL) {
+		return LDB_SUCCESS;
+	}
+
+	status = dom_sid_split_rid(mem_ctx, account_sid, &domain_sid, NULL);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
+		return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
+	} else if (!NT_STATUS_IS_OK(status)) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	primary_group_sid = dom_sid_add_rid(mem_ctx,
+					    domain_sid,
+					    ldb_msg_find_attr_as_uint(msg, "primaryGroupID", ~0));
+	if (!primary_group_sid) {
+		return ldb_oom(ldb);
+	}
+
+	/* only return security groups */
+	switch(type) {
+	case TOKEN_GROUPS_GLOBAL_AND_UNIVERSAL:
+		filter = talloc_asprintf(mem_ctx,
+					 "(&(objectClass=group)"
+					 "(groupType:"LDB_OID_COMPARATOR_AND":=%u)"
+					 "(groupType:"LDB_OID_COMPARATOR_OR":=%u))",
+					 GROUP_TYPE_SECURITY_ENABLED,
+					 GROUP_TYPE_ACCOUNT_GROUP | GROUP_TYPE_UNIVERSAL_GROUP);
+		break;
+	case TOKEN_GROUPS_NO_GC_ACCEPTABLE:
+	case TOKEN_GROUPS:
+		filter = talloc_asprintf(mem_ctx,
+					 "(&(objectClass=group)"
+					 "(groupType:"LDB_OID_COMPARATOR_AND":=%u))",
+					 GROUP_TYPE_SECURITY_ENABLED);
+		break;
+
+	/* for RevMembGetAccountGroups, exclude built-in groups */
+	case ACCOUNT_GROUPS:
+		filter = talloc_asprintf(mem_ctx,
+					 "(&(objectClass=group)"
+					 "(!(groupType:"LDB_OID_COMPARATOR_AND":=%u))"
+					 "(groupType:"LDB_OID_COMPARATOR_AND":=%u))",
+					 GROUP_TYPE_BUILTIN_LOCAL_GROUP, GROUP_TYPE_SECURITY_ENABLED);
+		break;
+	}
+
+	if (!filter) {
+		return ldb_oom(ldb);
+	}
+
+	primary_group_string = dom_sid_string(mem_ctx, primary_group_sid);
+	if (!primary_group_string) {
+		return ldb_oom(ldb);
+	}
+
+	primary_group_dn = talloc_asprintf(mem_ctx, "<SID=%s>", primary_group_string);
+	if (!primary_group_dn) {
+		return ldb_oom(ldb);
+	}
+
+	primary_group_blob = data_blob_string_const(primary_group_dn);
+
+	account_sid_string = dom_sid_string(mem_ctx, account_sid);
+	if (!account_sid_string) {
+		return ldb_oom(ldb);
+	}
+
+	account_sid_dn = talloc_asprintf(mem_ctx, "<SID=%s>", account_sid_string);
+	if (!account_sid_dn) {
+		return ldb_oom(ldb);
+	}
+
+	account_sid_blob = data_blob_string_const(account_sid_dn);
+
+	status = dsdb_expand_nested_groups(ldb, &account_sid_blob,
+					   true, /* We don't want to add the object's SID itself,
+						    it's not returned in this attribute */
+					   filter,
+					   mem_ctx, groupSIDs, num_groupSIDs);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		ldb_asprintf_errstring(ldb, "Failed to construct %s: expanding groups of SID %s failed: %s",
+				       attribute_string, account_sid_string,
+				       nt_errstr(status));
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	/* Expands the primary group - this function takes in
+	 * memberOf-like values, so we fake one up with the
+	 * <SID=S-...> format of DN and then let it expand
+	 * them, as long as they meet the filter - so only
+	 * domain groups, not builtin groups
+	 */
+	status = dsdb_expand_nested_groups(ldb, &primary_group_blob, false, filter,
+					   mem_ctx, groupSIDs, num_groupSIDs);
+	if (!NT_STATUS_IS_OK(status)) {
+		ldb_asprintf_errstring(ldb, "Failed to construct %s: expanding groups of SID %s failed: %s",
+				       attribute_string, account_sid_string,
+				       nt_errstr(status));
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	return LDB_SUCCESS;
+}
+
+/*
+  construct the token groups for SAM objects from a message
+*/
+static int construct_generic_token_groups(struct ldb_module *module,
+					  struct ldb_message *msg, enum ldb_scope scope,
+					  struct ldb_request *parent,
+					  const char *attribute_string,
+					  enum search_type type)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	TALLOC_CTX *tmp_ctx = talloc_new(msg);
+	uint32_t i;
+	int ret;
+	struct auth_SidAttr *groupSIDs = NULL;
+	uint32_t num_groupSIDs = 0;
+
+	if (scope != LDB_SCOPE_BASE) {
+		ldb_set_errstring(ldb, "Cannot provide tokenGroups attribute, this is not a BASE search");
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	/* calculate the group SIDs for this object */
+	ret = get_group_sids(ldb, tmp_ctx, msg, attribute_string, type,
+			     &groupSIDs, &num_groupSIDs);
+
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	/* add these SIDs to the search result */
+	for (i=0; i < num_groupSIDs; i++) {
+		ret = samdb_msg_add_dom_sid(ldb, msg, msg, attribute_string, &groupSIDs[i].sid);
+		if (ret) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int construct_token_groups(struct ldb_module *module,
+				  struct ldb_message *msg, enum ldb_scope scope,
+				  struct ldb_request *parent)
+{
+	/**
+	 * TODO: Add in a limiting domain when we start to support
+	 * trusted domains.
+	 */
+	return construct_generic_token_groups(module, msg, scope, parent,
+					      "tokenGroups",
+					      TOKEN_GROUPS);
+}
+
+static int construct_token_groups_no_gc(struct ldb_module *module,
+					struct ldb_message *msg, enum ldb_scope scope,
+					struct ldb_request *parent)
+{
+	/**
+	 * TODO: Add in a limiting domain when we start to support
+	 * trusted domains.
+	 */
+	return construct_generic_token_groups(module, msg, scope, parent,
+					      "tokenGroupsNoGCAcceptable",
+					      TOKEN_GROUPS);
+}
+
+static int construct_global_universal_token_groups(struct ldb_module *module,
+						   struct ldb_message *msg, enum ldb_scope scope,
+						   struct ldb_request *parent)
+{
+	return construct_generic_token_groups(module, msg, scope, parent,
+					      "tokenGroupsGlobalAndUniversal",
+					      TOKEN_GROUPS_GLOBAL_AND_UNIVERSAL);
+}
+/*
+  construct the parent GUID for an entry from a message
+*/
+static int construct_parent_guid(struct ldb_module *module,
+				 struct ldb_message *msg, enum ldb_scope scope,
+				 struct ldb_request *parent)
+{
+	struct ldb_result *res, *parent_res;
+	const struct ldb_val *parent_guid;
+	const char *attrs[] = { "instanceType", NULL };
+	const char *attrs2[] = { "objectGUID", NULL };
+	uint32_t instanceType;
+	int ret;
+	struct ldb_dn *parent_dn;
+	struct ldb_val v;
+
+	/* determine if the object is NC by instance type */
+	ret = dsdb_module_search_dn(module, msg, &res, msg->dn, attrs,
+	                            DSDB_FLAG_NEXT_MODULE |
+	                            DSDB_SEARCH_SHOW_RECYCLED, parent);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	instanceType = ldb_msg_find_attr_as_uint(res->msgs[0],
+						 "instanceType", 0);
+	talloc_free(res);
+	if (instanceType & INSTANCE_TYPE_IS_NC_HEAD) {
+		DEBUG(4,(__location__ ": Object %s is NC\n",
+			 ldb_dn_get_linearized(msg->dn)));
+		return LDB_SUCCESS;
+	}
+	parent_dn = ldb_dn_get_parent(msg, msg->dn);
+
+	if (parent_dn == NULL) {
+		DEBUG(4,(__location__ ": Failed to find parent for dn %s\n",
+					 ldb_dn_get_linearized(msg->dn)));
+		return LDB_ERR_OTHER;
+	}
+	ret = dsdb_module_search_dn(module, msg, &parent_res, parent_dn, attrs2,
+	                            DSDB_FLAG_NEXT_MODULE |
+	                            DSDB_SEARCH_SHOW_RECYCLED, parent);
+	/* not NC, so the object should have a parent*/
+	if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+		ret = ldb_error(ldb_module_get_ctx(module), LDB_ERR_OPERATIONS_ERROR,
+				 talloc_asprintf(msg, "Parent dn %s for %s does not exist",
+						 ldb_dn_get_linearized(parent_dn),
+						 ldb_dn_get_linearized(msg->dn)));
+		talloc_free(parent_dn);
+		return ret;
+	} else if (ret != LDB_SUCCESS) {
+		talloc_free(parent_dn);
+		return ret;
+	}
+	talloc_free(parent_dn);
+
+	parent_guid = ldb_msg_find_ldb_val(parent_res->msgs[0], "objectGUID");
+	if (!parent_guid) {
+		talloc_free(parent_res);
+		return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
+	}
+
+	v = data_blob_dup_talloc(parent_res, *parent_guid);
+	if (!v.data) {
+		talloc_free(parent_res);
+		return ldb_oom(ldb_module_get_ctx(module));
+	}
+	ret = ldb_msg_add_steal_value(msg, "parentGUID", &v);
+	talloc_free(parent_res);
+	return ret;
+}
+
+static int construct_modifyTimeStamp(struct ldb_module *module,
+					struct ldb_message *msg, enum ldb_scope scope,
+					struct ldb_request *parent)
+{
+	struct operational_data *data = talloc_get_type(ldb_module_get_private(module), struct operational_data);
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+
+	/* We may be being called before the init function has finished */
+	if (!data) {
+		return LDB_SUCCESS;
+	}
+
+	/* Try and set this value up, if possible.  Don't worry if it
+	 * fails, we may not have the DB set up yet.
+	 */
+	if (!data->aggregate_dn) {
+		data->aggregate_dn = samdb_aggregate_schema_dn(ldb, data);
+	}
+
+	if (data->aggregate_dn && ldb_dn_compare(data->aggregate_dn, msg->dn) == 0) {
+		/*
+		 * If we have the DN for the object with common name = Aggregate and
+		 * the request is for this DN then let's do the following:
+		 * 1) search the object which changedUSN correspond to the one of the loaded
+		 * schema.
+		 * 2) Get the whenChanged attribute
+		 * 3) Generate the modifyTimestamp out of the whenChanged attribute
+		 */
+		const struct dsdb_schema *schema = dsdb_get_schema(ldb, NULL);
+		char *value = ldb_timestring(msg, schema->ts_last_change);
+
+		if (value == NULL) {
+			return ldb_oom(ldb_module_get_ctx(module));
+		}
+
+		return ldb_msg_add_string(msg, "modifyTimeStamp", value);
+	}
+	return ldb_msg_copy_attr(msg, "whenChanged", "modifyTimeStamp");
+}
+
+/*
+  construct a subSchemaSubEntry
+*/
+static int construct_subschema_subentry(struct ldb_module *module,
+					struct ldb_message *msg, enum ldb_scope scope,
+					struct ldb_request *parent)
+{
+	struct operational_data *data = talloc_get_type(ldb_module_get_private(module), struct operational_data);
+	char *subSchemaSubEntry;
+
+	/* We may be being called before the init function has finished */
+	if (!data) {
+		return LDB_SUCCESS;
+	}
+
+	/* Try and set this value up, if possible.  Don't worry if it
+	 * fails, we may not have the DB set up yet, and it's not
+	 * really vital anyway */
+	if (!data->aggregate_dn) {
+		struct ldb_context *ldb = ldb_module_get_ctx(module);
+		data->aggregate_dn = samdb_aggregate_schema_dn(ldb, data);
+	}
+
+	if (data->aggregate_dn) {
+		subSchemaSubEntry = ldb_dn_alloc_linearized(msg, data->aggregate_dn);
+		return ldb_msg_add_steal_string(msg, "subSchemaSubEntry", subSchemaSubEntry);
+	}
+	return LDB_SUCCESS;
+}
+
+
+static int construct_msds_isrodc_with_dn(struct ldb_module *module,
+					 struct ldb_message *msg,
+					 struct ldb_message_element *object_category)
+{
+	struct ldb_context *ldb;
+	struct ldb_dn *dn;
+	const struct ldb_val *val;
+
+	ldb = ldb_module_get_ctx(module);
+	if (!ldb) {
+		DEBUG(4, (__location__ ": Failed to get ldb \n"));
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	dn = ldb_dn_new(msg, ldb, (const char *)object_category->values[0].data);
+	if (!dn) {
+		DEBUG(4, (__location__ ": Failed to create dn from %s \n",
+			  (const char *)object_category->values[0].data));
+		return ldb_operr(ldb);
+	}
+
+	val = ldb_dn_get_rdn_val(dn);
+	if (!val) {
+		DEBUG(4, (__location__ ": Failed to get rdn val from %s \n",
+			  ldb_dn_get_linearized(dn)));
+		return ldb_operr(ldb);
+	}
+
+	if (strequal((const char *)val->data, "NTDS-DSA")) {
+		ldb_msg_add_string(msg, "msDS-isRODC", "FALSE");
+	} else {
+		ldb_msg_add_string(msg, "msDS-isRODC", "TRUE");
+	}
+	return LDB_SUCCESS;
+}
+
+static int construct_msds_isrodc_with_server_dn(struct ldb_module *module,
+						struct ldb_message *msg,
+						struct ldb_dn *dn,
+						struct ldb_request *parent)
+{
+	struct ldb_dn *server_dn;
+	const char *attr_obj_cat[] = { "objectCategory", NULL };
+	struct ldb_result *res;
+	struct ldb_message_element *object_category;
+	int ret;
+
+	server_dn = ldb_dn_copy(msg, dn);
+	if (!ldb_dn_add_child_fmt(server_dn, "CN=NTDS Settings")) {
+		DEBUG(4, (__location__ ": Failed to add child to %s \n",
+			  ldb_dn_get_linearized(server_dn)));
+		return ldb_operr(ldb_module_get_ctx(module));
+	}
+
+	ret = dsdb_module_search_dn(module, msg, &res, server_dn, attr_obj_cat,
+	                            DSDB_FLAG_NEXT_MODULE, parent);
+	if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+		DEBUG(4,(__location__ ": Can't get objectCategory for %s \n",
+					 ldb_dn_get_linearized(server_dn)));
+		return LDB_SUCCESS;
+	} else if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	object_category = ldb_msg_find_element(res->msgs[0], "objectCategory");
+	if (!object_category) {
+		DEBUG(4,(__location__ ": Can't find objectCategory for %s \n",
+			 ldb_dn_get_linearized(res->msgs[0]->dn)));
+		return LDB_SUCCESS;
+	}
+	return construct_msds_isrodc_with_dn(module, msg, object_category);
+}
+
+static int construct_msds_isrodc_with_computer_dn(struct ldb_module *module,
+						  struct ldb_message *msg,
+						  struct ldb_request *parent)
+{
+	int ret;
+	struct ldb_dn *server_dn;
+
+	ret = dsdb_module_reference_dn(module, msg, msg->dn, "serverReferenceBL",
+				       &server_dn, parent);
+	if (ret == LDB_ERR_NO_SUCH_OBJECT || ret == LDB_ERR_NO_SUCH_ATTRIBUTE) {
+		/* it's OK if we can't find serverReferenceBL attribute */
+		DEBUG(4,(__location__ ": Can't get serverReferenceBL for %s \n",
+			 ldb_dn_get_linearized(msg->dn)));
+		return LDB_SUCCESS;
+	} else if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return construct_msds_isrodc_with_server_dn(module, msg, server_dn, parent);
+}
+
+/*
+  construct msDS-isRODC attr
+*/
+static int construct_msds_isrodc(struct ldb_module *module,
+				 struct ldb_message *msg, enum ldb_scope scope,
+				 struct ldb_request *parent)
+{
+	struct ldb_message_element * object_class;
+	struct ldb_message_element * object_category;
+	unsigned int i;
+
+	object_class = ldb_msg_find_element(msg, "objectClass");
+	if (!object_class) {
+		DEBUG(4,(__location__ ": Can't get objectClass for %s \n",
+			 ldb_dn_get_linearized(msg->dn)));
+		return ldb_operr(ldb_module_get_ctx(module));
+	}
+
+	for (i=0; i<object_class->num_values; i++) {
+		if (strequal((const char*)object_class->values[i].data, "nTDSDSA")) {
+			/* If TO!objectCategory  equals the DN of the classSchema  object for the nTDSDSA
+			 * object class, then TO!msDS-isRODC  is false. Otherwise, TO!msDS-isRODC  is true.
+			 */
+			object_category = ldb_msg_find_element(msg, "objectCategory");
+			if (!object_category) {
+				DEBUG(4,(__location__ ": Can't get objectCategory for %s \n",
+					 ldb_dn_get_linearized(msg->dn)));
+				return LDB_SUCCESS;
+			}
+			return construct_msds_isrodc_with_dn(module, msg, object_category);
+		}
+		if (strequal((const char*)object_class->values[i].data, "server")) {
+			/* Let TN be the nTDSDSA  object whose DN is "CN=NTDS Settings," prepended to
+			 * the DN of TO. Apply the previous rule for the "TO is an nTDSDSA  object" case,
+			 * substituting TN for TO.
+			 */
+			return construct_msds_isrodc_with_server_dn(module, msg, msg->dn, parent);
+		}
+		if (strequal((const char*)object_class->values[i].data, "computer")) {
+			/* Let TS be the server  object named by TO!serverReferenceBL. Apply the previous
+			 * rule for the "TO is a server  object" case, substituting TS for TO.
+			 */
+			return construct_msds_isrodc_with_computer_dn(module, msg, parent);
+		}
+	}
+
+	return LDB_SUCCESS;
+}
+
+
+/*
+  construct msDS-keyVersionNumber attr
+
+  TODO:  Make this based on the 'win2k' DS heuristics bit...
+
+*/
+static int construct_msds_keyversionnumber(struct ldb_module *module,
+					   struct ldb_message *msg,
+					   enum ldb_scope scope,
+					   struct ldb_request *parent)
+{
+	uint32_t i;
+	enum ndr_err_code ndr_err;
+	const struct ldb_val *omd_value;
+	struct replPropertyMetaDataBlob *omd;
+	int ret;
+
+	omd_value = ldb_msg_find_ldb_val(msg, "replPropertyMetaData");
+	if (!omd_value) {
+		/* We can't make up a key version number without meta data */
+		return LDB_SUCCESS;
+	}
+
+	omd = talloc(msg, struct replPropertyMetaDataBlob);
+	if (!omd) {
+		ldb_module_oom(module);
+		return LDB_SUCCESS;
+	}
+
+	ndr_err = ndr_pull_struct_blob(omd_value, omd, omd,
+				       (ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaDataBlob);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		DEBUG(0,(__location__ ": Failed to parse replPropertyMetaData for %s when trying to add msDS-KeyVersionNumber\n",
+			 ldb_dn_get_linearized(msg->dn)));
+		return ldb_operr(ldb_module_get_ctx(module));
+	}
+
+	if (omd->version != 1) {
+		DEBUG(0,(__location__ ": bad version %u in replPropertyMetaData for %s when trying to add msDS-KeyVersionNumber\n",
+			 omd->version, ldb_dn_get_linearized(msg->dn)));
+		talloc_free(omd);
+		return LDB_SUCCESS;
+	}
+	for (i=0; i<omd->ctr.ctr1.count; i++) {
+		if (omd->ctr.ctr1.array[i].attid == DRSUAPI_ATTID_unicodePwd) {
+			ret = samdb_msg_add_uint(ldb_module_get_ctx(module),
+						 msg, msg,
+						 "msDS-KeyVersionNumber",
+						 omd->ctr.ctr1.array[i].version);
+			if (ret != LDB_SUCCESS) {
+				talloc_free(omd);
+				return ret;
+			}
+			break;
+		}
+	}
+	return LDB_SUCCESS;
+
+}
+
+#define _UF_TRUST_ACCOUNTS ( \
+	UF_WORKSTATION_TRUST_ACCOUNT | \
+	UF_SERVER_TRUST_ACCOUNT | \
+	UF_INTERDOMAIN_TRUST_ACCOUNT \
+)
+#define _UF_NO_EXPIRY_ACCOUNTS ( \
+	UF_SMARTCARD_REQUIRED | \
+	UF_DONT_EXPIRE_PASSWD | \
+	_UF_TRUST_ACCOUNTS \
+)
+
+
+/*
+ * Returns the Effective-MaximumPasswordAge for a user
+ */
+static int64_t get_user_max_pwd_age(struct ldb_module *module,
+				    struct ldb_message *user_msg,
+				    struct ldb_request *parent,
+				    struct ldb_dn *nc_root)
+{
+	int ret;
+	struct ldb_message *pso = NULL;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+
+	/* if a PSO applies to the user, use its maxPwdAge */
+	ret = get_pso_for_user(module, user_msg, parent, &pso);
+	if (ret != LDB_SUCCESS) {
+
+		/* log the error, but fallback to the domain default */
+		DBG_ERR("Error retrieving PSO for %s\n",
+			ldb_dn_get_linearized(user_msg->dn));
+	}
+
+	if (pso != NULL) {
+		return ldb_msg_find_attr_as_int64(pso,
+					          "msDS-MaximumPasswordAge", 0);
+	}
+
+	/* otherwise return the default domain value */
+	return samdb_search_int64(ldb, user_msg, 0, nc_root, "maxPwdAge", NULL);
+}
+
+/*
+  calculate msDS-UserPasswordExpiryTimeComputed
+*/
+static NTTIME get_msds_user_password_expiry_time_computed(struct ldb_module *module,
+						struct ldb_message *msg,
+						struct ldb_request *parent,
+						struct ldb_dn *domain_dn)
+{
+	int64_t pwdLastSet, maxPwdAge;
+	uint32_t userAccountControl;
+	NTTIME ret;
+
+	userAccountControl = ldb_msg_find_attr_as_uint(msg,
+					"userAccountControl",
+					0);
+	if (userAccountControl & _UF_NO_EXPIRY_ACCOUNTS) {
+		return INT64_MAX;
+	}
+
+	pwdLastSet = ldb_msg_find_attr_as_int64(msg, "pwdLastSet", 0);
+	if (pwdLastSet == 0) {
+		return 0;
+	}
+
+	if (pwdLastSet <= -1) {
+		/*
+		 * This can't really happen...
+		 */
+		return INT64_MAX;
+	}
+
+	if (pwdLastSet >= INT64_MAX) {
+		/*
+		 * Somethings wrong with the clock...
+		 */
+		return INT64_MAX;
+	}
+
+	/*
+	 * Note that maxPwdAge is a stored as negative value.
+	 *
+	 * Possible values are in the range of:
+	 *
+	 * maxPwdAge: -864000000001
+	 * to
+	 * maxPwdAge: -9223372036854775808 (INT64_MIN)
+	 *
+	 */
+	maxPwdAge = get_user_max_pwd_age(module, msg, parent, domain_dn);
+	if (maxPwdAge >= -864000000000) {
+		/*
+		 * This is not really possible...
+		 */
+		return INT64_MAX;
+	}
+
+	if (maxPwdAge == INT64_MIN) {
+		return INT64_MAX;
+	}
+
+	/*
+	 * Note we already caught maxPwdAge == INT64_MIN
+	 * and pwdLastSet >= INT64_MAX above.
+	 *
+	 * Remember maxPwdAge is a negative number,
+	 * so it results in the following.
+	 *
+	 * 0x7FFFFFFFFFFFFFFEULL + INT64_MAX
+	 * =
+	 * 0xFFFFFFFFFFFFFFFDULL
+	 *
+	 * or to put it another way, adding two numbers less than 1<<63 can't
+	 * ever be more than 1<<64, therefore this result can't wrap.
+	 */
+	ret = (NTTIME)pwdLastSet - (NTTIME)maxPwdAge;
+	if (ret >= INT64_MAX) {
+		return INT64_MAX;
+	}
+
+	return ret;
+}
+
+/*
+ * Returns the Effective-LockoutDuration for a user
+ */
+static int64_t get_user_lockout_duration(struct ldb_module *module,
+				         struct ldb_message *user_msg,
+				         struct ldb_request *parent,
+					 struct ldb_dn *nc_root)
+{
+	int ret;
+	struct ldb_message *pso = NULL;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+
+	/* if a PSO applies to the user, use its lockoutDuration */
+	ret = get_pso_for_user(module, user_msg, parent, &pso);
+	if (ret != LDB_SUCCESS) {
+
+		/* log the error, but fallback to the domain default */
+		DBG_ERR("Error retrieving PSO for %s\n",
+			ldb_dn_get_linearized(user_msg->dn));
+	}
+
+	if (pso != NULL) {
+		return ldb_msg_find_attr_as_int64(pso,
+					          "msDS-LockoutDuration", 0);
+	}
+
+	/* otherwise return the default domain value */
+	return samdb_search_int64(ldb, user_msg, 0, nc_root, "lockoutDuration",
+				  NULL);
+}
+
+/*
+  construct msDS-User-Account-Control-Computed attr
+*/
+static int construct_msds_user_account_control_computed(struct ldb_module *module,
+							struct ldb_message *msg, enum ldb_scope scope,
+							struct ldb_request *parent)
+{
+	uint32_t userAccountControl;
+	uint32_t msDS_User_Account_Control_Computed = 0;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	NTTIME now;
+	struct ldb_dn *nc_root;
+	int ret;
+
+	ret = dsdb_find_nc_root(ldb, msg, msg->dn, &nc_root);
+	if (ret != 0) {
+		ldb_asprintf_errstring(ldb,
+				       "Failed to find NC root of DN: %s: %s",
+				       ldb_dn_get_linearized(msg->dn),
+				       ldb_errstring(ldb_module_get_ctx(module)));
+		return ret;
+	}
+	if (ldb_dn_compare(nc_root, ldb_get_default_basedn(ldb)) != 0) {
+		/* Only calculate this on our default NC */
+		return 0;
+	}
+	/* Test account expire time */
+	unix_to_nt_time(&now, time(NULL));
+
+	userAccountControl = ldb_msg_find_attr_as_uint(msg,
+						       "userAccountControl",
+						       0);
+	if (!(userAccountControl & _UF_TRUST_ACCOUNTS)) {
+
+		int64_t lockoutTime = ldb_msg_find_attr_as_int64(msg, "lockoutTime", 0);
+		if (lockoutTime != 0) {
+			int64_t lockoutDuration;
+
+			lockoutDuration = get_user_lockout_duration(module, msg,
+								    parent,
+								    nc_root);
+
+			/* zero locks out until the administrator intervenes */
+			if (lockoutDuration >= 0) {
+				msDS_User_Account_Control_Computed |= UF_LOCKOUT;
+			} else if (lockoutTime - lockoutDuration >= now) {
+				msDS_User_Account_Control_Computed |= UF_LOCKOUT;
+			}
+		}
+	}
+
+	if (!(userAccountControl & _UF_NO_EXPIRY_ACCOUNTS)) {
+		NTTIME must_change_time
+			= get_msds_user_password_expiry_time_computed(module,
+								      msg,
+								      parent,
+								      nc_root);
+		/* check for expired password */
+		if (must_change_time < now) {
+			msDS_User_Account_Control_Computed |= UF_PASSWORD_EXPIRED;
+		}
+	}
+
+	return samdb_msg_add_int64(ldb,
+				   msg->elements, msg,
+				   "msDS-User-Account-Control-Computed",
+				   msDS_User_Account_Control_Computed);
+}
+
+/*
+  construct msDS-UserPasswordExpiryTimeComputed
+*/
+static int construct_msds_user_password_expiry_time_computed(struct ldb_module *module,
+							     struct ldb_message *msg, enum ldb_scope scope,
+							     struct ldb_request *parent)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct ldb_dn *nc_root;
+	int64_t password_expiry_time;
+	int ret;
+
+	ret = dsdb_find_nc_root(ldb, msg, msg->dn, &nc_root);
+	if (ret != 0) {
+		ldb_asprintf_errstring(ldb,
+				       "Failed to find NC root of DN: %s: %s",
+				       ldb_dn_get_linearized(msg->dn),
+				       ldb_errstring(ldb));
+		return ret;
+	}
+
+	if (ldb_dn_compare(nc_root, ldb_get_default_basedn(ldb)) != 0) {
+		/* Only calculate this on our default NC */
+		return 0;
+	}
+
+	password_expiry_time
+		= get_msds_user_password_expiry_time_computed(module, msg,
+							      parent, nc_root);
+
+	return samdb_msg_add_int64(ldb,
+				   msg->elements, msg,
+				   "msDS-UserPasswordExpiryTimeComputed",
+				   password_expiry_time);
+}
+
+/*
+ * Checks whether the msDS-ResultantPSO attribute is supported for a given
+ * user object. As per MS-ADTS, section 3.1.1.4.5.36 msDS-ResultantPSO.
+ */
+static bool pso_is_supported(struct ldb_context *ldb, struct ldb_message *msg)
+{
+	int functional_level;
+	uint32_t uac;
+	uint32_t user_rid;
+
+	functional_level = dsdb_functional_level(ldb);
+	if (functional_level < DS_DOMAIN_FUNCTION_2008) {
+		return false;
+	}
+
+	/* msDS-ResultantPSO is only supported for user objects */
+	if (!ldb_match_msg_objectclass(msg, "user")) {
+		return false;
+	}
+
+	/* ...and only if the ADS_UF_NORMAL_ACCOUNT bit is set */
+	uac = ldb_msg_find_attr_as_uint(msg, "userAccountControl", 0);
+	if (!(uac & UF_NORMAL_ACCOUNT)) {
+		return false;
+	}
+
+	/* skip it if it's the special KRBTGT default account */
+	user_rid = samdb_result_rid_from_sid(msg, msg, "objectSid", 0);
+	if (user_rid == DOMAIN_RID_KRBTGT) {
+		return false;
+	}
+
+	/* ...or if it's a special KRBTGT account for an RODC KDC */
+	if (ldb_msg_find_ldb_val(msg, "msDS-SecondaryKrbTgtNumber") != NULL) {
+		return false;
+	}
+
+	return true;
+}
+
+/*
+ * Returns the number of PSO objects that exist in the DB
+ */
+static int get_pso_count(struct ldb_module *module, TALLOC_CTX *mem_ctx,
+			 struct ldb_request *parent, int *pso_count)
+{
+	static const char * const attrs[] = { NULL };
+	int ret;
+	struct ldb_dn *psc_dn = NULL;
+	struct ldb_result *res = NULL;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	bool psc_ok;
+
+	*pso_count = 0;
+	psc_dn = samdb_system_container_dn(ldb, mem_ctx);
+	if (psc_dn == NULL) {
+		return ldb_oom(ldb);
+	}
+	psc_ok = ldb_dn_add_child_fmt(psc_dn, "CN=Password Settings Container");
+	if (psc_ok == false) {
+		return ldb_oom(ldb);
+	}
+
+	/* get the number of PSO children */
+	ret = dsdb_module_search(module, mem_ctx, &res, psc_dn,
+				 LDB_SCOPE_ONELEVEL, attrs,
+				 DSDB_FLAG_NEXT_MODULE, parent,
+				 "(objectClass=msDS-PasswordSettings)");
+
+	/*
+	 * Just ignore PSOs if the container doesn't exist. This is a weird
+	 * corner-case where the AD DB was created from a pre-2008 base schema,
+	 * and then the FL was manually upgraded.
+	 */
+	if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+		DBG_NOTICE("No Password Settings Container exists\n");
+		return LDB_SUCCESS;
+	}
+
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	*pso_count = res->count;
+	talloc_free(res);
+	talloc_free(psc_dn);
+
+	return LDB_SUCCESS;
+}
+
+/*
+ * Compares two PSO objects returned by a search, to work out the better PSO.
+ * The PSO with the lowest precedence is better, otherwise (if the precedence
+ * is equal) the PSO with the lower GUID wins.
+ */
+static int pso_compare(struct ldb_message **m1, struct ldb_message **m2)
+{
+	uint32_t prec1;
+	uint32_t prec2;
+
+	prec1 = ldb_msg_find_attr_as_uint(*m1, "msDS-PasswordSettingsPrecedence",
+					  0xffffffff);
+	prec2 = ldb_msg_find_attr_as_uint(*m2, "msDS-PasswordSettingsPrecedence",
+					  0xffffffff);
+
+	/* if precedence is equal, use the lowest GUID */
+	if (prec1 == prec2) {
+		struct GUID guid1 = samdb_result_guid(*m1, "objectGUID");
+		struct GUID guid2 = samdb_result_guid(*m2, "objectGUID");
+
+		return ndr_guid_compare(&guid1, &guid2);
+	} else {
+		return prec1 - prec2;
+	}
+}
+
+/*
+ * Search for PSO objects that apply to the object SIDs specified
+ */
+static int pso_search_by_sids(struct ldb_module *module, TALLOC_CTX *mem_ctx,
+			      struct ldb_request *parent,
+			      struct auth_SidAttr *sid_array, unsigned int num_sids,
+			      struct ldb_result **result)
+{
+	int ret;
+	int i;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	char *sid_filter = NULL;
+	struct ldb_dn *psc_dn = NULL;
+	bool psc_ok;
+	const char *attrs[] = {
+		"msDS-PasswordSettingsPrecedence",
+		"objectGUID",
+		"msDS-LockoutDuration",
+		"msDS-MaximumPasswordAge",
+		NULL
+	};
+
+	/* build a query for PSO objects that apply to any of the SIDs given */
+	sid_filter = talloc_strdup(mem_ctx, "");
+	if (sid_filter == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	for (i = 0; sid_filter && i < num_sids; i++) {
+		struct dom_sid_buf sid_buf;
+
+		sid_filter = talloc_asprintf_append(
+			sid_filter,
+			"(msDS-PSOAppliesTo=<SID=%s>)",
+			dom_sid_str_buf(&sid_array[i].sid, &sid_buf));
+		if (sid_filter == NULL) {
+			return ldb_oom(ldb);
+		}
+	}
+
+	/* only PSOs located in the Password Settings Container are valid */
+	psc_dn = samdb_system_container_dn(ldb, mem_ctx);
+	if (psc_dn == NULL) {
+		return ldb_oom(ldb);
+	}
+	psc_ok = ldb_dn_add_child_fmt(psc_dn, "CN=Password Settings Container");
+	if (psc_ok == false) {
+		return ldb_oom(ldb);
+	}
+
+	ret = dsdb_module_search(module, mem_ctx, result, psc_dn,
+				 LDB_SCOPE_ONELEVEL, attrs,
+				 DSDB_FLAG_NEXT_MODULE, parent,
+				 "(&(objectClass=msDS-PasswordSettings)(|%s))",
+				 sid_filter);
+	talloc_free(sid_filter);
+	return ret;
+}
+
+/*
+ * Returns the best PSO object that applies to the object SID(s) specified
+ */
+static int pso_find_best(struct ldb_module *module, TALLOC_CTX *mem_ctx,
+			 struct ldb_request *parent, struct auth_SidAttr *sid_array,
+			 unsigned int num_sids, struct ldb_message **best_pso)
+{
+	struct ldb_result *res = NULL;
+	int ret;
+
+	*best_pso = NULL;
+
+	/* find any PSOs that apply to the SIDs specified */
+	ret = pso_search_by_sids(module, mem_ctx, parent, sid_array, num_sids,
+				 &res);
+	if (ret != LDB_SUCCESS) {
+		DBG_ERR("Error %d retrieving PSO for SID(s)\n", ret);
+		return ret;
+	}
+
+	/* sort the list so that the best PSO is first */
+	TYPESAFE_QSORT(res->msgs, res->count, pso_compare);
+
+	if (res->count > 0) {
+		*best_pso = res->msgs[0];
+	}
+
+	return LDB_SUCCESS;
+}
+
+/*
+ * Determines the Password Settings Object (PSO) that applies to the given user
+ */
+static int get_pso_for_user(struct ldb_module *module,
+			    struct ldb_message *user_msg,
+			    struct ldb_request *parent,
+                            struct ldb_message **pso_msg)
+{
+	bool pso_supported;
+	struct auth_SidAttr *groupSIDs = NULL;
+	uint32_t num_groupSIDs = 0;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct ldb_message *best_pso = NULL;
+	struct ldb_dn *pso_dn = NULL;
+	int ret;
+	struct ldb_message_element *el = NULL;
+	TALLOC_CTX *tmp_ctx = NULL;
+	int pso_count = 0;
+	struct ldb_result *res = NULL;
+	static const char *attrs[] = {
+		"msDS-LockoutDuration",
+		"msDS-MaximumPasswordAge",
+		NULL
+	};
+
+	*pso_msg = NULL;
+
+	/* first, check msDS-ResultantPSO is supported for this object */
+	pso_supported = pso_is_supported(ldb, user_msg);
+
+	if (!pso_supported) {
+		return LDB_SUCCESS;
+	}
+
+	tmp_ctx = talloc_new(user_msg);
+
+	/*
+	 * Several different constructed attributes try to use the PSO info. If
+	 * we've already constructed the msDS-ResultantPSO for this user, we can
+	 * just re-use the result, rather than calculating it from scratch again
+	 */
+	pso_dn = ldb_msg_find_attr_as_dn(ldb, tmp_ctx, user_msg,
+					 "msDS-ResultantPSO");
+
+	if (pso_dn != NULL) {
+		ret = dsdb_module_search_dn(module, tmp_ctx, &res, pso_dn,
+					    attrs, DSDB_FLAG_NEXT_MODULE,
+					    parent);
+		if (ret != LDB_SUCCESS) {
+			DBG_ERR("Error %d retrieving PSO %s\n", ret,
+				ldb_dn_get_linearized(pso_dn));
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+
+		if (res->count == 1) {
+			*pso_msg = res->msgs[0];
+			return LDB_SUCCESS;
+		}
+	}
+
+	/*
+	 * if any PSOs apply directly to the user, they are considered first
+	 * before we check group membership PSOs
+	 */
+	el = ldb_msg_find_element(user_msg, "msDS-PSOApplied");
+
+	if (el != NULL && el->num_values > 0) {
+		struct auth_SidAttr *user_sid = NULL;
+
+		/* lookup the best PSO object, based on the user's SID */
+		user_sid = samdb_result_dom_sid_attrs(
+			tmp_ctx, user_msg, "objectSid",
+			SE_GROUP_DEFAULT_FLAGS);
+
+		ret = pso_find_best(module, tmp_ctx, parent, user_sid, 1,
+				    &best_pso);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+
+		if (best_pso != NULL) {
+			*pso_msg = best_pso;
+			return LDB_SUCCESS;
+		}
+	}
+
+	/*
+	 * If no valid PSO applies directly to the user, then try its groups.
+	 * The group expansion is expensive, so check there are actually
+	 * PSOs in the DB first (which is a quick search). Note in the above
+	 * cases we could tell that a PSO applied to the user, based on info
+	 * already retrieved by the user search.
+	 */
+	ret = get_pso_count(module, tmp_ctx, parent, &pso_count);
+	if (ret != LDB_SUCCESS) {
+		DBG_ERR("Error %d determining PSOs in system\n", ret);
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	if (pso_count == 0) {
+		talloc_free(tmp_ctx);
+		return LDB_SUCCESS;
+	}
+
+	/* Work out the SIDs of any account groups the user is a member of */
+	ret = get_group_sids(ldb, tmp_ctx, user_msg,
+			     "msDS-ResultantPSO", ACCOUNT_GROUPS,
+			     &groupSIDs, &num_groupSIDs);
+	if (ret != LDB_SUCCESS) {
+		DBG_ERR("Error %d determining group SIDs for %s\n", ret,
+			ldb_dn_get_linearized(user_msg->dn));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	/* lookup the best PSO that applies to any of these groups */
+	ret = pso_find_best(module, tmp_ctx, parent, groupSIDs,
+			    num_groupSIDs, &best_pso);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	*pso_msg = best_pso;
+	return LDB_SUCCESS;
+}
+
+/*
+ * Constructs the msDS-ResultantPSO attribute, which is the DN of the Password
+ * Settings Object (PSO) that applies to that user.
+ */
+static int construct_resultant_pso(struct ldb_module *module,
+                                   struct ldb_message *msg,
+				   enum ldb_scope scope,
+                                   struct ldb_request *parent)
+{
+	struct ldb_message *pso = NULL;
+	int ret;
+
+	/* work out the PSO (if any) that applies to this user */
+	ret = get_pso_for_user(module, msg, parent, &pso);
+	if (ret != LDB_SUCCESS) {
+		DBG_ERR("Couldn't determine PSO for %s\n",
+			ldb_dn_get_linearized(msg->dn));
+		return ret;
+	}
+
+	if (pso != NULL) {
+		DBG_INFO("%s is resultant PSO for user %s\n",
+			 ldb_dn_get_linearized(pso->dn),
+			 ldb_dn_get_linearized(msg->dn));
+		return ldb_msg_add_string(msg, "msDS-ResultantPSO",
+					  ldb_dn_get_linearized(pso->dn));
+	}
+
+	/* no PSO applies to this user */
+	return LDB_SUCCESS;
+}
+
+struct op_controls_flags {
+	bool sd;
+	bool bypassoperational;
+};
+
+static bool check_keep_control_for_attribute(struct op_controls_flags* controls_flags, const char* attr) {
+	if (controls_flags->bypassoperational && ldb_attr_cmp(attr, "msDS-KeyVersionNumber") == 0 ) {
+		return true;
+	}
+	return false;
+}
+
+/*
+  a list of attribute names that should be substituted in the parse
+  tree before the search is done
+*/
+static const struct {
+	const char *attr;
+	const char *replace;
+} parse_tree_sub[] = {
+	{ "createTimeStamp", "whenCreated" },
+	{ "modifyTimeStamp", "whenChanged" }
+};
+
+
+struct op_attributes_replace {
+	const char *attr;
+	const char *replace;
+	const char * const *extra_attrs;
+	int (*constructor)(struct ldb_module *, struct ldb_message *, enum ldb_scope, struct ldb_request *);
+};
+
+/* the 'extra_attrs' required for msDS-ResultantPSO */
+#define RESULTANT_PSO_COMPUTED_ATTRS \
+	"msDS-PSOApplied", \
+	"userAccountControl", \
+	"objectSid", \
+	"msDS-SecondaryKrbTgtNumber", \
+	"primaryGroupID"
+
+/*
+ * any other constructed attributes that want to work out the PSO also need to
+ * include objectClass (this gets included via 'replace' for msDS-ResultantPSO)
+ */
+#define PSO_ATTR_DEPENDENCIES \
+	RESULTANT_PSO_COMPUTED_ATTRS, \
+	"objectClass"
+
+static const char *objectSid_attr[] =
+{
+	"objectSid",
+	NULL
+};
+
+
+static const char *objectCategory_attr[] =
+{
+	"objectCategory",
+	NULL
+};
+
+
+static const char *user_account_control_computed_attrs[] =
+{
+	"lockoutTime",
+	"pwdLastSet",
+	PSO_ATTR_DEPENDENCIES,
+	NULL
+};
+
+
+static const char *user_password_expiry_time_computed_attrs[] =
+{
+	"pwdLastSet",
+	PSO_ATTR_DEPENDENCIES,
+	NULL
+};
+
+static const char *resultant_pso_computed_attrs[] =
+{
+	RESULTANT_PSO_COMPUTED_ATTRS,
+	NULL
+};
+
+/*
+  a list of attribute names that are hidden, but can be searched for
+  using another (non-hidden) name to produce the correct result
+*/
+static const struct op_attributes_replace search_sub[] = {
+	{ "createTimeStamp", "whenCreated", NULL , NULL },
+	{ "modifyTimeStamp", "whenChanged", NULL , construct_modifyTimeStamp},
+	{ "structuralObjectClass", "objectClass", NULL , NULL },
+	{ "canonicalName", NULL, NULL , construct_canonical_name },
+	{ "primaryGroupToken", "objectClass", objectSid_attr, construct_primary_group_token },
+	{ "tokenGroups", "primaryGroupID", objectSid_attr, construct_token_groups },
+	{ "tokenGroupsNoGCAcceptable", "primaryGroupID", objectSid_attr, construct_token_groups_no_gc},
+	{ "tokenGroupsGlobalAndUniversal", "primaryGroupID", objectSid_attr, construct_global_universal_token_groups },
+	{ "parentGUID", "objectGUID", NULL, construct_parent_guid },
+	{ "subSchemaSubEntry", NULL, NULL, construct_subschema_subentry },
+	{ "msDS-isRODC", "objectClass", objectCategory_attr, construct_msds_isrodc },
+	{ "msDS-KeyVersionNumber", "replPropertyMetaData", NULL, construct_msds_keyversionnumber },
+	{ "msDS-User-Account-Control-Computed", "userAccountControl", user_account_control_computed_attrs,
+	  construct_msds_user_account_control_computed },
+	{ "msDS-UserPasswordExpiryTimeComputed", "userAccountControl", user_password_expiry_time_computed_attrs,
+	  construct_msds_user_password_expiry_time_computed },
+	{ "msDS-ResultantPSO", "objectClass", resultant_pso_computed_attrs,
+	  construct_resultant_pso }
+};
+
+
+enum op_remove {
+	OPERATIONAL_REMOVE_ALWAYS, /* remove always */
+	OPERATIONAL_REMOVE_UNASKED,/* remove if not requested */
+	OPERATIONAL_SD_FLAGS,	   /* show if SD_FLAGS_OID set, or asked for */
+	OPERATIONAL_REMOVE_UNLESS_CONTROL	 /* remove always unless an ad hoc control has been specified */
+};
+
+/*
+  a list of attributes that may need to be removed from the
+  underlying db return
+
+  Some of these are attributes that were once stored, but are now calculated
+*/
+struct op_attributes_operations {
+	const char *attr;
+	enum op_remove op;
+};
+
+static const struct op_attributes_operations operational_remove[] = {
+	{ "nTSecurityDescriptor",    OPERATIONAL_SD_FLAGS },
+	{ "msDS-KeyVersionNumber",   OPERATIONAL_REMOVE_UNLESS_CONTROL  },
+	{ "parentGUID",              OPERATIONAL_REMOVE_ALWAYS  },
+	{ "replPropertyMetaData",    OPERATIONAL_REMOVE_UNASKED },
+#define _SEP ,OPERATIONAL_REMOVE_UNASKED},{
+	{ DSDB_SECRET_ATTRIBUTES_EX(_SEP), OPERATIONAL_REMOVE_UNASKED }
+};
+
+
+/*
+  post process a search result record. For any search_sub[] attributes that were
+  asked for, we need to call the appropriate copy routine to copy the result
+  into the message, then remove any attributes that we added to the search but
+  were not asked for by the user
+*/
+static int operational_search_post_process(struct ldb_module *module,
+					   struct ldb_message *msg,
+					   enum ldb_scope scope,
+					   const char * const *attrs_from_user,
+					   const char * const *attrs_searched_for,
+					   struct op_controls_flags* controls_flags,
+					   struct op_attributes_operations *list,
+					   unsigned int list_size,
+					   struct op_attributes_replace *list_replace,
+					   unsigned int list_replace_size,
+					   struct ldb_request *parent)
+{
+	struct ldb_context *ldb;
+	unsigned int i, a = 0;
+	bool constructed_attributes = false;
+
+	ldb = ldb_module_get_ctx(module);
+
+	/* removed any attrs that should not be shown to the user */
+	for (i=0; i < list_size; i++) {
+		ldb_msg_remove_attr(msg, list[i].attr);
+	}
+
+	for (a=0; a < list_replace_size; a++) {
+		if (check_keep_control_for_attribute(controls_flags,
+						     list_replace[a].attr)) {
+			continue;
+		}
+
+		/* construct the new attribute, using either a supplied
+			constructor or a simple copy */
+		constructed_attributes = true;
+		if (list_replace[a].constructor != NULL) {
+			if (list_replace[a].constructor(module, msg, scope, parent) != LDB_SUCCESS) {
+				goto failed;
+			}
+		} else if (ldb_msg_copy_attr(msg,
+					     list_replace[a].replace,
+					     list_replace[a].attr) != LDB_SUCCESS) {
+			goto failed;
+		}
+	}
+
+	/* Deletion of the search helper attributes are needed if:
+	 * - we generated constructed attributes and
+	 * - we aren't requesting all attributes
+	 */
+	if ((constructed_attributes) && (!ldb_attr_in_list(attrs_from_user, "*"))) {
+		for (i=0; i < list_replace_size; i++) {
+			/* remove the added search helper attributes, unless
+			 * they were asked for by the user */
+			if (list_replace[i].replace != NULL &&
+			    !ldb_attr_in_list(attrs_from_user, list_replace[i].replace)) {
+				ldb_msg_remove_attr(msg, list_replace[i].replace);
+			}
+			if (list_replace[i].extra_attrs != NULL) {
+				unsigned int j;
+				for (j=0; list_replace[i].extra_attrs[j]; j++) {
+					if (!ldb_attr_in_list(attrs_from_user, list_replace[i].extra_attrs[j])) {
+						ldb_msg_remove_attr(msg, list_replace[i].extra_attrs[j]);
+					}
+				}
+			}
+		}
+	}
+
+	return 0;
+
+failed:
+	ldb_debug_set(ldb, LDB_DEBUG_WARNING,
+		      "operational_search_post_process failed for attribute '%s' - %s",
+		      list_replace[a].attr, ldb_errstring(ldb));
+	return -1;
+}
+
+/*
+  hook search operations
+*/
+
+struct operational_context {
+	struct ldb_module *module;
+	struct ldb_request *req;
+	enum ldb_scope scope;
+	const char * const *attrs;
+	struct ldb_parse_tree *tree;
+	struct op_controls_flags* controls_flags;
+	struct op_attributes_operations *list_operations;
+	unsigned int list_operations_size;
+	struct op_attributes_replace *attrs_to_replace;
+	unsigned int attrs_to_replace_size;
+};
+
+static int operational_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	struct operational_context *ac;
+	int ret;
+
+	ac = talloc_get_type(req->context, struct operational_context);
+
+	if (!ares) {
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+		/* for each record returned post-process to add any derived
+		   attributes that have been asked for */
+		ret = operational_search_post_process(ac->module,
+						      ares->message,
+						      ac->scope,
+						      ac->attrs,
+						      req->op.search.attrs,
+						      ac->controls_flags,
+						      ac->list_operations,
+						      ac->list_operations_size,
+						      ac->attrs_to_replace,
+						      ac->attrs_to_replace_size,
+						      req);
+		if (ret != 0) {
+			return ldb_module_done(ac->req, NULL, NULL,
+						LDB_ERR_OPERATIONS_ERROR);
+		}
+		return ldb_module_send_entry(ac->req, ares->message, ares->controls);
+
+	case LDB_REPLY_REFERRAL:
+		return ldb_module_send_referral(ac->req, ares->referral);
+
+	case LDB_REPLY_DONE:
+
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, LDB_SUCCESS);
+	}
+
+	talloc_free(ares);
+	return LDB_SUCCESS;
+}
+
+static struct op_attributes_operations* operation_get_op_list(TALLOC_CTX *ctx,
+							      const char* const* attrs,
+							      const char* const* searched_attrs,
+							      struct op_controls_flags* controls_flags)
+{
+	int idx = 0;
+	int i;
+	struct op_attributes_operations *list = talloc_zero_array(ctx,
+								  struct op_attributes_operations,
+								  ARRAY_SIZE(operational_remove) + 1);
+
+	if (list == NULL) {
+		return NULL;
+	}
+
+	for (i=0; i<ARRAY_SIZE(operational_remove); i++) {
+		switch (operational_remove[i].op) {
+		case OPERATIONAL_REMOVE_UNASKED:
+			if (ldb_attr_in_list(attrs, operational_remove[i].attr)) {
+				continue;
+			}
+			if (ldb_attr_in_list(searched_attrs, operational_remove[i].attr)) {
+				continue;
+			}
+			list[idx].attr = operational_remove[i].attr;
+			list[idx].op = OPERATIONAL_REMOVE_UNASKED;
+			idx++;
+			break;
+
+		case OPERATIONAL_REMOVE_ALWAYS:
+			list[idx].attr = operational_remove[i].attr;
+			list[idx].op = OPERATIONAL_REMOVE_ALWAYS;
+			idx++;
+			break;
+
+		case OPERATIONAL_REMOVE_UNLESS_CONTROL:
+			if (!check_keep_control_for_attribute(controls_flags, operational_remove[i].attr)) {
+				list[idx].attr = operational_remove[i].attr;
+				list[idx].op = OPERATIONAL_REMOVE_UNLESS_CONTROL;
+				idx++;
+			}
+			break;
+
+		case OPERATIONAL_SD_FLAGS:
+			if (ldb_attr_in_list(attrs, operational_remove[i].attr)) {
+				continue;
+			}
+			if (controls_flags->sd) {
+				if (attrs == NULL) {
+					continue;
+				}
+				if (attrs[0] == NULL) {
+					continue;
+				}
+				if (ldb_attr_in_list(attrs, "*")) {
+					continue;
+				}
+			}
+			list[idx].attr = operational_remove[i].attr;
+			list[idx].op = OPERATIONAL_SD_FLAGS;
+			idx++;
+			break;
+		}
+	}
+
+	return list;
+}
+
+struct operational_present_ctx {
+	const char *attr;
+	bool found_operational;
+};
+
+/*
+  callback to determine if an operational attribute (needing
+  replacement) is in use at all
+ */
+static int operational_present(struct ldb_parse_tree *tree, void *private_context)
+{
+	struct operational_present_ctx *ctx = private_context;
+	switch (tree->operation) {
+	case LDB_OP_EQUALITY:
+		if (ldb_attr_cmp(tree->u.equality.attr, ctx->attr) == 0) {
+			ctx->found_operational = true;
+		}
+		break;
+	case LDB_OP_GREATER:
+	case LDB_OP_LESS:
+	case LDB_OP_APPROX:
+		if (ldb_attr_cmp(tree->u.comparison.attr, ctx->attr) == 0) {
+			ctx->found_operational = true;
+		}
+		break;
+	case LDB_OP_SUBSTRING:
+		if (ldb_attr_cmp(tree->u.substring.attr, ctx->attr) == 0) {
+			ctx->found_operational = true;
+		}
+		break;
+	case LDB_OP_PRESENT:
+		if (ldb_attr_cmp(tree->u.present.attr, ctx->attr) == 0) {
+			ctx->found_operational = true;
+		}
+		break;
+	case LDB_OP_EXTENDED:
+		if (tree->u.extended.attr &&
+		    ldb_attr_cmp(tree->u.extended.attr, ctx->attr) == 0) {
+			ctx->found_operational = true;
+		}
+		break;
+	default:
+		break;
+	}
+	return LDB_SUCCESS;
+}
+
+
+static int operational_search(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct operational_context *ac;
+	struct ldb_request *down_req;
+	const char **search_attrs = NULL;
+	struct operational_present_ctx ctx;
+	unsigned int i, a;
+	int ret;
+
+	/* There are no operational attributes on special DNs */
+	if (ldb_dn_is_special(req->op.search.base)) {
+		return ldb_next_request(module, req);
+	}
+
+	ldb = ldb_module_get_ctx(module);
+
+	ac = talloc(req, struct operational_context);
+	if (ac == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	ac->module = module;
+	ac->req = req;
+	ac->scope = req->op.search.scope;
+	ac->attrs = req->op.search.attrs;
+
+	ctx.found_operational = false;
+
+	/*
+	 * find any attributes in the parse tree that are searchable,
+	 * but are stored using a different name in the backend, so we
+	 * only duplicate the memory when needed
+	 */
+	for (i=0;i<ARRAY_SIZE(parse_tree_sub);i++) {
+		ctx.attr = parse_tree_sub[i].attr;
+
+		ldb_parse_tree_walk(req->op.search.tree,
+				    operational_present,
+				    &ctx);
+		if (ctx.found_operational) {
+			break;
+		}
+	}
+
+	if (ctx.found_operational) {
+
+		ac->tree = ldb_parse_tree_copy_shallow(ac,
+						       req->op.search.tree);
+
+		if (ac->tree == NULL) {
+			return ldb_operr(ldb);
+		}
+
+		/* replace any attributes in the parse tree that are
+		   searchable, but are stored using a different name in the
+		   backend */
+		for (i=0;i<ARRAY_SIZE(parse_tree_sub);i++) {
+			ldb_parse_tree_attr_replace(ac->tree,
+						    parse_tree_sub[i].attr,
+						    parse_tree_sub[i].replace);
+		}
+	} else {
+		/* Avoid allocating a copy if we do not need to */
+		ac->tree = req->op.search.tree;
+	}
+
+	ac->controls_flags = talloc(ac, struct op_controls_flags);
+	/* remember if the SD_FLAGS_OID was set */
+	ac->controls_flags->sd = (ldb_request_get_control(req, LDB_CONTROL_SD_FLAGS_OID) != NULL);
+	/* remember if the LDB_CONTROL_BYPASS_OPERATIONAL_OID */
+	ac->controls_flags->bypassoperational =
+		(ldb_request_get_control(req, LDB_CONTROL_BYPASS_OPERATIONAL_OID) != NULL);
+
+	ac->attrs_to_replace = NULL;
+	ac->attrs_to_replace_size = 0;
+	/* in the list of attributes we are looking for, rename any
+	   attributes to the alias for any hidden attributes that can
+	   be fetched directly using non-hidden names.
+	   Note that order here can affect performance, e.g. we should process
+	   msDS-ResultantPSO before msDS-User-Account-Control-Computed (as the
+	   latter is also dependent on the PSO information) */
+	for (a=0;ac->attrs && ac->attrs[a];a++) {
+		if (check_keep_control_for_attribute(ac->controls_flags, ac->attrs[a])) {
+			continue;
+		}
+		for (i=0;i<ARRAY_SIZE(search_sub);i++) {
+
+			if (ldb_attr_cmp(ac->attrs[a], search_sub[i].attr) != 0 ) {
+				continue;
+			}
+
+			ac->attrs_to_replace = talloc_realloc(ac,
+							      ac->attrs_to_replace,
+							      struct op_attributes_replace,
+							      ac->attrs_to_replace_size + 1);
+
+			ac->attrs_to_replace[ac->attrs_to_replace_size] = search_sub[i];
+			ac->attrs_to_replace_size++;
+			if (!search_sub[i].replace) {
+				continue;
+			}
+
+			if (search_sub[i].extra_attrs && search_sub[i].extra_attrs[0]) {
+				unsigned int j;
+				const char **search_attrs2;
+				/* Only adds to the end of the list */
+				for (j = 0; search_sub[i].extra_attrs[j]; j++) {
+					search_attrs2 = ldb_attr_list_copy_add(req, search_attrs
+									       ? search_attrs
+									       : ac->attrs,
+									       search_sub[i].extra_attrs[j]);
+					if (search_attrs2 == NULL) {
+						return ldb_operr(ldb);
+					}
+					/* may be NULL, talloc_free() doesn't mind */
+					talloc_free(search_attrs);
+					search_attrs = search_attrs2;
+				}
+			}
+
+			if (!search_attrs) {
+				search_attrs = ldb_attr_list_copy(req, ac->attrs);
+				if (search_attrs == NULL) {
+					return ldb_operr(ldb);
+				}
+			}
+			/* Despite the ldb_attr_list_copy_add, this is safe as that fn only adds to the end */
+			search_attrs[a] = search_sub[i].replace;
+		}
+	}
+	ac->list_operations = operation_get_op_list(ac, ac->attrs,
+						    search_attrs == NULL?req->op.search.attrs:search_attrs,
+						    ac->controls_flags);
+	ac->list_operations_size = 0;
+	i = 0;
+
+	while (ac->list_operations && ac->list_operations[i].attr != NULL) {
+		i++;
+	}
+	ac->list_operations_size = i;
+	ret = ldb_build_search_req_ex(&down_req, ldb, ac,
+					req->op.search.base,
+					req->op.search.scope,
+					ac->tree,
+					/* use new set of attrs if any */
+					search_attrs == NULL?req->op.search.attrs:search_attrs,
+					req->controls,
+					ac, operational_callback,
+					req);
+	LDB_REQ_SET_LOCATION(down_req);
+	if (ret != LDB_SUCCESS) {
+		return ldb_operr(ldb);
+	}
+
+	/* perform the search */
+	return ldb_next_request(module, down_req);
+}
+
+static int operational_init(struct ldb_module *ctx)
+{
+	struct operational_data *data;
+	int ret;
+
+	ret = ldb_next_init(ctx);
+
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	data = talloc_zero(ctx, struct operational_data);
+	if (!data) {
+		return ldb_module_oom(ctx);
+	}
+
+	ldb_module_set_private(ctx, data);
+
+	return LDB_SUCCESS;
+}
+
+static const struct ldb_module_ops ldb_operational_module_ops = {
+	.name              = "operational",
+	.search            = operational_search,
+	.init_context	   = operational_init
+};
+
+int ldb_operational_module_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_operational_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/paged_results.c b/source4/dsdb/samdb/ldb_modules/paged_results.c
new file mode 100644
index 0000000..83729b0
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/paged_results.c
@@ -0,0 +1,888 @@
+/*
+   ldb database library
+
+   Copyright (C) Simo Sorce  2005-2008
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2018
+
+     ** NOTE! The following LGPL license applies to the ldb
+     ** library. This does NOT imply that all of Samba is released
+     ** under the LGPL
+
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 3 of the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with this library; if not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: paged_result
+ *
+ *  Component: ldb paged results control module
+ *
+ *  Description: this module caches a complete search and sends back
+ *  		 results in chunks as asked by the client
+ *
+ *  Author: Garming Sam and Aaron Haslett
+ *
+ *  Note: Based on the original paged_results.c by Simo Sorce and
+ *        vlv_pagination.c by Douglas Bagnall and Garming Sam.
+ */
+
+#include "includes.h"
+#include "auth/auth.h"
+#include <ldb.h>
+#include "dsdb/samdb/samdb.h"
+#include "libcli/security/security.h"
+#include "libcli/ldap/ldap_errors.h"
+#include "replace.h"
+#include "system/filesys.h"
+#include "system/time.h"
+#include "ldb_module.h"
+#include "dsdb/samdb/samdb.h"
+
+#include "dsdb/common/util.h"
+#include "lib/util/dlinklist.h"
+
+/* Referrals are temporarily stored in a linked list */
+struct referral_store {
+	char *ref;
+	struct referral_store *next;
+};
+
+struct private_data;
+
+struct results_store {
+	struct results_store *prev, *next;
+
+	struct private_data *priv;
+
+	char *cookie;
+	time_t timestamp;
+
+	struct referral_store *first_ref;
+	struct referral_store *last_ref;
+
+	struct ldb_control **controls;
+
+	/* from VLV */
+	struct GUID *results;
+	size_t num_entries;
+	size_t result_array_size;
+
+	struct ldb_control **down_controls;
+	const char * const *attrs;
+
+	unsigned last_i;
+	struct ldb_parse_tree *expr;
+	char *expr_str;
+};
+
+struct private_data {
+	uint32_t next_free_id;
+	size_t num_stores;
+	struct results_store *store;
+};
+
+static int store_destructor(struct results_store *del)
+{
+	struct private_data *priv = del->priv;
+	DLIST_REMOVE(priv->store, del);
+
+	priv->num_stores -= 1;
+
+	return 0;
+}
+
+static struct results_store *new_store(struct private_data *priv)
+{
+	struct results_store *newr;
+	uint32_t new_id = priv->next_free_id++;
+
+	/* TODO: we should have a limit on the number of
+	 * outstanding paged searches
+	 */
+
+	newr = talloc_zero(priv, struct results_store);
+	if (!newr) return NULL;
+
+	newr->priv = priv;
+
+	newr->cookie = talloc_asprintf(newr, "%d", new_id);
+	if (!newr->cookie) {
+		talloc_free(newr);
+		return NULL;
+	}
+
+	newr->timestamp = time(NULL);
+
+	DLIST_ADD(priv->store, newr);
+
+	priv->num_stores += 1;
+
+	talloc_set_destructor(newr, store_destructor);
+
+	if (priv->num_stores > 10) {
+		struct results_store *last;
+		/*
+		 * 10 is the default for MaxResultSetsPerConn --
+		 * possibly need to parameterize it.
+		 */
+		last = DLIST_TAIL(priv->store);
+		TALLOC_FREE(last);
+	}
+
+	return newr;
+}
+
+struct paged_context {
+	struct ldb_module *module;
+	struct ldb_request *req;
+
+	struct results_store *store;
+	int size;
+	struct ldb_control **controls;
+};
+
+static int send_referrals(struct results_store *store,
+			  struct ldb_request *req)
+{
+	int ret;
+	struct referral_store *node;
+	while (store->first_ref != NULL) {
+		node = store->first_ref;
+		ret = ldb_module_send_referral(req, node->ref);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+		store->first_ref = node->next;
+		talloc_free(node);
+	}
+	return LDB_SUCCESS;
+}
+
+/* Start an ldb request for a single object by GUID */
+static int paged_search_by_dn_guid(struct ldb_module *module,
+				 struct paged_context *ac,
+				 struct ldb_result **result,
+				 const struct GUID *guid,
+				 const char * const *attrs,
+				 struct ldb_parse_tree *expr)
+{
+	struct ldb_dn *dn;
+	struct ldb_request *req;
+	struct ldb_result *res;
+	int ret;
+	struct GUID_txt_buf guid_str;
+
+	/* Use controls passed in on the downreq */
+	struct ldb_control **controls = ac->store->down_controls;
+
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+
+	dn = ldb_dn_new_fmt(ac, ldb, "<GUID=%s>",
+			    GUID_buf_string(guid, &guid_str));
+	if (dn == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	res = talloc_zero(ac, struct ldb_result);
+	if (res == NULL) {
+		TALLOC_FREE(dn);
+		return ldb_oom(ldb);
+	}
+
+	ret = ldb_build_search_req_ex(&req, ldb, ac,
+				   dn,
+				   LDB_SCOPE_BASE,
+				   expr,
+				   attrs,
+				   controls,
+				   res,
+				   ldb_search_default_callback,
+				   ac->req);
+	if (ret != LDB_SUCCESS) {
+		TALLOC_FREE(dn);
+		TALLOC_FREE(res);
+		return ret;
+	}
+
+	/*
+	 * Ensure the dn lasts only as long as the request,
+	 * as we will have a lot of these (one per object
+	 * being returned)
+	 */
+
+	talloc_steal(req, dn);
+
+	ret = ldb_request(ldb, req);
+	if (ret == LDB_SUCCESS) {
+		ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+	}
+
+	talloc_free(req);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(res);
+		return ret;
+	}
+
+	*result = res;
+	return ret;
+}
+
+static int paged_results(struct paged_context *ac, struct ldb_reply *ares)
+{
+	struct ldb_extended *response = (ares != NULL ? ares->response : NULL);
+	struct ldb_paged_control *paged;
+	unsigned int i, num_ctrls;
+	int ret;
+
+	if (ac->store == NULL) {
+		ret = LDB_ERR_OPERATIONS_ERROR;
+		return ldb_module_done(
+			ac->req, ac->controls, response, ret);
+	}
+
+	while (ac->store->last_i < ac->store->num_entries && ac->size > 0) {
+		struct GUID *guid = &ac->store->results[ac->store->last_i++];
+		struct ldb_result *result = NULL;
+
+		ac->size--;
+
+		/*
+		 * Note: In the case that an object has been moved to a
+		 * different place in the LDAP tree, we might expect the object
+		 * to disappear from paged results.  If we were going to
+		 * implement that behaviour, we would do it here by passing
+		 * down the original container DN to the search.
+		 * However, testing shows that, on Windows, the moved object
+		 * remains in the paged results. So, we are matching Windows
+		 * behaviour here by leaving out the scope.
+		 */
+		ret = paged_search_by_dn_guid(ac->module, ac, &result, guid,
+					    ac->req->op.search.attrs,
+					    ac->store->expr);
+		if (ret == LDAP_NO_SUCH_OBJECT ||
+		    (ret == LDB_SUCCESS && result->count == 0)) {
+			/* The thing isn't there TODO, which we quietly
+			   ignore and go on to send an extra one
+			   instead. */
+			continue;
+		} else if (ret != LDB_SUCCESS) {
+			return ldb_module_done(
+				ac->req, ac->controls, response, ret);
+		}
+
+		ret = ldb_module_send_entry(ac->req, result->msgs[0],
+					    NULL);
+		if (ret != LDB_SUCCESS) {
+			/*
+			 * ldb_module_send_entry will have called
+			 * ldb_module_done if an error occurred.
+			 */
+			return ret;
+		}
+	}
+
+	if (ac->store->first_ref) {
+		/* There is no right place to put references in the sorted
+		   results, so we send them as soon as possible.
+		*/
+		ret = send_referrals(ac->store, ac->req);
+		if (ret != LDB_SUCCESS) {
+			/*
+			 * send_referrals will have called ldb_module_done
+			 * if an error occurred.
+			 */
+			return ret;
+		}
+	}
+
+	/* return result done */
+	num_ctrls = 1;
+	i = 0;
+
+	if (ac->store->controls != NULL) {
+		while (ac->store->controls[i]) i++; /* counting */
+
+		num_ctrls += i;
+	}
+
+	ac->controls = talloc_array(ac, struct ldb_control *, num_ctrls +1);
+	if (ac->controls == NULL) {
+		ret = LDB_ERR_OPERATIONS_ERROR;
+		return ldb_module_done(
+			ac->req, ac->controls, response, ret);
+	}
+	ac->controls[num_ctrls] = NULL;
+
+	for (i = 0; i < (num_ctrls -1); i++) {
+		ac->controls[i] = talloc_reference(ac->controls,
+						   ac->store->controls[i]);
+	}
+
+	ac->controls[i] = talloc(ac->controls, struct ldb_control);
+	if (ac->controls[i] == NULL) {
+		ret = LDB_ERR_OPERATIONS_ERROR;
+		return ldb_module_done(
+			ac->req, ac->controls, response, ret);
+	}
+
+	ac->controls[i]->oid = talloc_strdup(ac->controls[i],
+						LDB_CONTROL_PAGED_RESULTS_OID);
+	if (ac->controls[i]->oid == NULL) {
+		ret = LDB_ERR_OPERATIONS_ERROR;
+		return ldb_module_done(
+			ac->req, ac->controls, response, ret);
+	}
+
+	ac->controls[i]->critical = 0;
+
+	paged = talloc(ac->controls[i], struct ldb_paged_control);
+	if (paged == NULL) {
+		ret = LDB_ERR_OPERATIONS_ERROR;
+		return ldb_module_done(
+			ac->req, ac->controls, response, ret);
+	}
+
+	ac->controls[i]->data = paged;
+
+	if (ac->size > 0) {
+		paged->size = 0;
+		paged->cookie = NULL;
+		paged->cookie_len = 0;
+	} else {
+		paged->size = ac->store->num_entries;
+		paged->cookie = talloc_strdup(paged, ac->store->cookie);
+		paged->cookie_len = strlen(paged->cookie) + 1;
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int save_referral(struct results_store *store, char *ref)
+{
+	struct referral_store *node = talloc(store,
+					     struct referral_store);
+	if (node == NULL) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	node->next = NULL;
+	node->ref = talloc_steal(node, ref);
+
+	if (store->first_ref == NULL) {
+		store->first_ref = node;
+	} else {
+		store->last_ref->next = node;
+	}
+	store->last_ref = node;
+	return LDB_SUCCESS;
+}
+
+static int paged_search_callback(struct ldb_request *req,
+				 struct ldb_reply *ares)
+{
+	struct paged_context *ac;
+	struct results_store *store;
+	int ret;
+	const struct ldb_val *guid_blob;
+	struct GUID guid;
+	NTSTATUS status;
+
+	ac = talloc_get_type(req->context, struct paged_context);
+	store = ac->store;
+
+	if (!ares) {
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+		if (store->results == NULL) {
+			store->num_entries = 0;
+			store->result_array_size = 16;
+			store->results = talloc_array(store, struct GUID,
+						     store->result_array_size);
+			if (store->results == NULL) {
+				return ldb_module_done(ac->req, NULL, NULL,
+						     LDB_ERR_OPERATIONS_ERROR);
+			}
+		} else if (store->num_entries == store->result_array_size) {
+			if (store->result_array_size > INT_MAX/2) {
+				return ldb_module_done(ac->req, NULL, NULL,
+						     LDB_ERR_OPERATIONS_ERROR);
+			}
+			store->result_array_size *= 2;
+			store->results = talloc_realloc(store, store->results,
+							struct GUID,
+						store->result_array_size);
+			if (store->results == NULL) {
+				return ldb_module_done(ac->req, NULL, NULL,
+						     LDB_ERR_OPERATIONS_ERROR);
+			}
+		}
+
+		guid_blob = ldb_dn_get_extended_component(ares->message->dn,
+							  "GUID");
+		if (guid_blob == NULL) {
+			return ldb_module_done(ac->req, NULL, NULL,
+					       LDB_ERR_OPERATIONS_ERROR);
+		}
+		status = GUID_from_ndr_blob(guid_blob, &guid);
+		if (!NT_STATUS_IS_OK(status)) {
+			return ldb_module_done(ac->req, NULL, NULL,
+					       LDB_ERR_OPERATIONS_ERROR);
+		}
+
+		/* Redundant paranoid check */
+		if (store->num_entries > store->result_array_size) {
+			return ldb_module_done(ac->req, NULL, NULL,
+					       LDB_ERR_OPERATIONS_ERROR);
+		}
+
+		store->results[store->num_entries] = guid;
+		store->num_entries++;
+		break;
+
+	case LDB_REPLY_REFERRAL:
+		ret = save_referral(store, ares->referral);
+		if (ret != LDB_SUCCESS) {
+			return ldb_module_done(ac->req, NULL, NULL, ret);
+		}
+		break;
+
+	case LDB_REPLY_DONE:
+		if (store->num_entries != 0) {
+			store->results = talloc_realloc(store, store->results,
+							struct GUID,
+							store->num_entries);
+			if (store->results == NULL) {
+				return ldb_module_done(ac->req, NULL, NULL,
+						     LDB_ERR_OPERATIONS_ERROR);
+			}
+		}
+		store->result_array_size = store->num_entries;
+
+		ac->store->controls = talloc_move(ac->store, &ares->controls);
+		ret = paged_results(ac, ares);
+		if (ret != LDB_SUCCESS) {
+			/* paged_results will have called ldb_module_done
+			 * if an error occurred
+			 */
+			return ret;
+		}
+		return ldb_module_done(ac->req, ac->controls,
+					ares->response, ret);
+	}
+
+	return LDB_SUCCESS;
+}
+
+static struct ldb_control **
+paged_results_copy_down_controls(TALLOC_CTX *mem_ctx,
+				 struct ldb_control **controls)
+{
+
+	struct ldb_control **new_controls;
+	unsigned int i, j, num_ctrls;
+	if (controls == NULL) {
+		return NULL;
+	}
+
+	for (num_ctrls = 0; controls[num_ctrls]; num_ctrls++);
+
+	new_controls = talloc_array(mem_ctx, struct ldb_control *, num_ctrls);
+	if (new_controls == NULL) {
+		return NULL;
+	}
+
+	for (j = 0, i = 0; i < (num_ctrls); i++) {
+		struct ldb_control *control = controls[i];
+		if (control->oid == NULL) {
+			continue;
+		}
+		if (strcmp(control->oid, LDB_CONTROL_PAGED_RESULTS_OID) == 0) {
+			continue;
+		}
+		/*
+		 * ASQ changes everything, do not copy it down for the
+		 * per-GUID search
+		 */
+		if (strcmp(control->oid, LDB_CONTROL_ASQ_OID) == 0) {
+			continue;
+		}
+		new_controls[j] = talloc_steal(new_controls, control);
+
+		/*
+		 * Sadly the caller is not obliged to make this a
+		 * proper talloc tree, so we do so here.
+		 */
+		if (control->data) {
+			talloc_steal(control, control->data);
+		}
+		j++;
+	}
+	new_controls[j] = NULL;
+	return new_controls;
+}
+
+static const char * const *paged_copy_attrs(TALLOC_CTX *mem_ctx,
+					    const char * const *attrs) {
+	int i;
+	const char **new_attrs;
+	if (attrs == NULL) {
+		return NULL;
+	}
+	new_attrs = ldb_attr_list_copy(mem_ctx, attrs);
+
+	for (i=0; attrs[i] != NULL; i++) {
+		new_attrs[i] = talloc_strdup(mem_ctx, attrs[i]);
+	}
+	new_attrs[i] = NULL;
+	return new_attrs;
+}
+
+/*
+ * Check if two sets of controls are the same except for the paged results
+ * control in the request controls.  This function is messy because request
+ * control lists can contain controls that were NULL'd by the rootdse.  We
+ * must ignore those entries.  This function is not portable.
+ */
+static bool paged_controls_same(struct ldb_request *req,
+				struct ldb_control **down_controls) {
+	int i;
+	unsigned int num_down_controls, num_non_null_req_controls;
+	struct ldb_control *ctrl;
+
+	num_down_controls = 0;
+	for (i=0; down_controls[i] != NULL; i++) {
+		num_down_controls++;
+
+		ctrl = ldb_request_get_control(req, down_controls[i]->oid);
+		if (ctrl == NULL) {
+			return false;
+		}
+	}
+
+	num_non_null_req_controls = 0;
+	for (i=0; req->controls[i] != NULL; i++) {
+		if (req->controls[i]->oid != NULL &&
+		    strcmp(req->controls[i]->oid,
+			   LDB_CONTROL_ASQ_OID) != 0) {
+			num_non_null_req_controls++;
+		}
+	}
+
+	/* At this point we have the number of non-null entries for both
+	 * control lists and we know that:
+	 * 1. down_controls does not contain the paged control or ASQ
+	 * 	(because paged_results_copy_down_controls excludes it)
+	 * 2. req->controls does contain the paged control
+	 * 	(because this function is only called if this is true)
+	 * 3. down_controls is a subset of non-null controls in req->controls
+	 * 	(checked above)
+	 * So to confirm that the two lists are identical except for the paged
+	 * control and possibly ASQ, all we need to check is: */
+	if (num_non_null_req_controls == num_down_controls + 1) {
+		return true;
+	}
+	return false;
+}
+
+static bool paged_attrs_same(const char * const *attrs_1,
+			     const char * const *attrs_2) {
+	int i;
+	if (attrs_1 == NULL || attrs_2 == NULL) {
+		if (attrs_1 == NULL && attrs_2 == NULL) {
+			return true;
+		}
+		return false;
+	}
+
+	for (i=0; attrs_1[i] != NULL; i++) {
+	       if (!ldb_attr_in_list(attrs_2, attrs_1[i])) {
+		       return false;
+	       }
+	}
+	return true;
+}
+
+static int paged_search(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct ldb_control *control;
+	struct ldb_control *vlv_control;
+	struct private_data *private_data;
+	struct ldb_paged_control *paged_ctrl;
+	struct ldb_request *search_req;
+	struct paged_context *ac;
+	int ret;
+
+	ldb = ldb_module_get_ctx(module);
+
+	/* check if there's a paged request control */
+	control = ldb_request_get_control(req, LDB_CONTROL_PAGED_RESULTS_OID);
+	if (control == NULL) {
+		/* not found go on */
+		return ldb_next_request(module, req);
+	}
+
+	paged_ctrl = talloc_get_type(control->data, struct ldb_paged_control);
+	if (!paged_ctrl) {
+		return LDB_ERR_PROTOCOL_ERROR;
+	}
+
+	private_data = talloc_get_type(ldb_module_get_private(module),
+					struct private_data);
+
+	vlv_control = ldb_request_get_control(req, LDB_CONTROL_VLV_REQ_OID);
+	if (vlv_control != NULL) {
+		/*
+		 * VLV and paged_results are not allowed at the same
+		 * time
+		 */
+		return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
+	}
+
+	ac = talloc_zero(req, struct paged_context);
+	if (ac == NULL) {
+		ldb_set_errstring(ldb, "Out of Memory");
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	ac->module = module;
+	ac->req = req;
+	ac->size = paged_ctrl->size;
+	if (ac->size < 0) {
+		/*
+		 * Apparently some clients send more than 2^31. This
+		 * violates the ldap standard, but we need to cope.
+		 * In the future, if maximum result sizes are implemented in
+		 * Samba, we should also clamp the page size to the maximum
+		 * result size.
+		 */
+		ac->size = 0x7FFFFFFF;
+	}
+
+	/* check if it is a continuation search the store */
+	if (paged_ctrl->cookie_len == 0) {
+		struct ldb_control *ext_ctrl;
+		struct ldb_control **controls;
+		static const char * const attrs[1] = { NULL };
+		void *ref = NULL;
+
+		if (paged_ctrl->size == 0) {
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+
+		ac->store = new_store(private_data);
+		if (ac->store == NULL) {
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+
+		controls = req->controls;
+		ext_ctrl = ldb_request_get_control(req,
+					LDB_CONTROL_EXTENDED_DN_OID);
+		if (ext_ctrl == NULL) {
+			/*
+			 * Add extended_dn control to the request if there
+			 * isn't already one.  We'll get the GUID out of it in
+			 * the callback.  This is a workaround for the case
+			 * where ntsecuritydescriptor forbids fetching GUIDs
+			 * for the current user.
+			 */
+			struct ldb_request *req_extended_dn;
+			struct ldb_extended_dn_control *ext_ctrl_data;
+			req_extended_dn = talloc_zero(req, struct ldb_request);
+			if (req_extended_dn == NULL) {
+				return ldb_module_oom(module);
+			}
+			req_extended_dn->controls = req->controls;
+			ext_ctrl_data = talloc_zero(req,
+					struct ldb_extended_dn_control);
+			if (ext_ctrl_data == NULL) {
+				return ldb_module_oom(module);
+			}
+			ext_ctrl_data->type = 1;
+
+			ret = ldb_request_add_control(req_extended_dn,
+					      LDB_CONTROL_EXTENDED_DN_OID,
+						      true,
+						      ext_ctrl_data);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+			controls = req_extended_dn->controls;
+		}
+
+		ret = ldb_build_search_req_ex(&search_req, ldb, ac,
+						req->op.search.base,
+						req->op.search.scope,
+						req->op.search.tree,
+						attrs,
+						controls,
+						ac,
+						paged_search_callback,
+						req);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		/*
+		 * LDB does not have a function to take a full copy of
+		 * this, but at least take a shallow copy
+		 */
+		ac->store->expr = ldb_parse_tree_copy_shallow(ac->store,
+							      req->op.search.tree);
+
+		if (ac->store->expr == NULL) {
+			return ldb_operr(ldb);
+		}
+
+		/*
+		 * As the above is only a shallow copy, take a
+		 * reference to ensure the values are kept around
+		 */
+		ref = talloc_reference(ac->store, req->op.search.tree);
+		if (ref == NULL) {
+			return ldb_module_oom(module);
+		}
+		ac->store->expr_str = ldb_filter_from_tree(ac->store,
+							  req->op.search.tree);
+		if (ac->store->expr_str == NULL) {
+			return ldb_module_oom(module);
+		}
+		if (req->op.search.attrs != NULL) {
+			ac->store->attrs = paged_copy_attrs(ac->store,
+							    req->op.search.attrs);
+			if (ac->store->attrs == NULL) {
+				return ldb_module_oom(module);
+			}
+		}
+
+		/* save it locally and remove it from the list */
+		/* we do not need to replace them later as we
+		 * are keeping the original req intact */
+		if (!ldb_save_controls(control, search_req, NULL)) {
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+		ac->store->down_controls =
+		    paged_results_copy_down_controls(ac->store, req->controls);
+		if (ac->store->down_controls == NULL) {
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+
+		return ldb_next_request(module, search_req);
+
+	} else {
+		struct results_store *current = NULL;
+		char *expr_str;
+		bool bool_ret;
+
+		/* TODO: age out old outstanding requests */
+		for (current = private_data->store; current != NULL;
+		     current = current->next) {
+			if (strcmp(current->cookie, paged_ctrl->cookie) == 0) {
+				current->timestamp = time(NULL);
+				break;
+			}
+		}
+		if (current == NULL) {
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+
+		/* Get the expression string and make sure it didn't change */
+		expr_str = ldb_filter_from_tree(ac, req->op.search.tree);
+		if (expr_str == NULL) {
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+
+		ret = strcmp(current->expr_str, expr_str);
+		if (ret != 0) {
+			return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
+		}
+
+		bool_ret = paged_controls_same(req, current->down_controls);
+		if (bool_ret == false) {
+			return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
+		}
+
+		bool_ret = paged_attrs_same(req->op.search.attrs,
+					    current->attrs);
+		if (bool_ret == false) {
+			return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
+		}
+
+		DLIST_PROMOTE(private_data->store, current);
+
+		ac->store = current;
+
+		/* check if it is an abandon */
+		if (ac->size == 0) {
+			return ldb_module_done(req, NULL, NULL,
+								LDB_SUCCESS);
+		}
+
+		ret = paged_results(ac, NULL);
+		if (ret != LDB_SUCCESS) {
+			/*
+			 * paged_results() will have called ldb_module_done
+			 * if an error occurred
+			 */
+			return ret;
+		}
+		return ldb_module_done(req, ac->controls, NULL, LDB_SUCCESS);
+	}
+}
+
+static int paged_request_init(struct ldb_module *module)
+{
+	struct ldb_context *ldb;
+	struct private_data *data;
+	int ret;
+
+	ldb = ldb_module_get_ctx(module);
+
+	data = talloc(module, struct private_data);
+	if (data == NULL) {
+		return LDB_ERR_OTHER;
+	}
+
+	data->next_free_id = 1;
+	data->num_stores = 0;
+	data->store = NULL;
+	ldb_module_set_private(module, data);
+
+	ret = ldb_mod_register_control(module, LDB_CONTROL_PAGED_RESULTS_OID);
+	if (ret != LDB_SUCCESS) {
+		ldb_debug(ldb, LDB_DEBUG_WARNING,
+			"paged_results:"
+			"Unable to register control with rootdse!");
+	}
+
+	return ldb_next_init(module);
+}
+
+static const struct ldb_module_ops ldb_paged_results_module_ops = {
+	.name           = "dsdb_paged_results",
+	.search         = paged_search,
+	.init_context 	= paged_request_init
+};
+
+int ldb_dsdb_paged_results_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_paged_results_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c
new file mode 100644
index 0000000..bd636c7
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/partition.c
@@ -0,0 +1,1721 @@
+/* 
+   Partitions ldb module
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2006
+   Copyright (C) Stefan Metzmacher <metze@samba.org> 2007
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: ldb
+ *
+ *  Component: ldb partitions module
+ *
+ *  Description: Implement LDAP partitions
+ *
+ *  Author: Andrew Bartlett
+ *  Author: Stefan Metzmacher
+ */
+
+#include "dsdb/samdb/ldb_modules/partition.h"
+
+struct part_request {
+	struct ldb_module *module;
+	struct ldb_request *req;
+};
+
+struct partition_context {
+	struct ldb_module *module;
+	struct ldb_request *req;
+
+	struct part_request *part_req;
+	unsigned int num_requests;
+	unsigned int finished_requests;
+
+	const char **referrals;
+};
+
+static struct partition_context *partition_init_ctx(struct ldb_module *module, struct ldb_request *req)
+{
+	struct partition_context *ac;
+
+	ac = talloc_zero(req, struct partition_context);
+	if (ac == NULL) {
+		ldb_set_errstring(ldb_module_get_ctx(module), "Out of Memory");
+		return NULL;
+	}
+
+	ac->module = module;
+	ac->req = req;
+
+	return ac;
+}
+
+/*
+ * helper functions to call the next module in chain
+ */
+int partition_request(struct ldb_module *module, struct ldb_request *request)
+{
+	if ((module && ldb_module_flags(ldb_module_get_ctx(module)) & LDB_FLG_ENABLE_TRACING)) { \
+		const struct dsdb_control_current_partition *partition = NULL;
+		struct ldb_control *partition_ctrl = ldb_request_get_control(request, DSDB_CONTROL_CURRENT_PARTITION_OID);
+		if (partition_ctrl) {
+			partition = talloc_get_type(partition_ctrl->data,
+						    struct dsdb_control_current_partition);
+		}
+
+		if (partition != NULL) {
+			ldb_debug(ldb_module_get_ctx(module), LDB_DEBUG_TRACE, "partition_request() -> %s",
+				  ldb_dn_get_linearized(partition->dn));			
+		} else {
+			ldb_debug(ldb_module_get_ctx(module), LDB_DEBUG_TRACE, "partition_request() -> (metadata partition)");
+		}
+	}
+
+	return ldb_next_request(module, request);
+}
+
+static struct dsdb_partition *find_partition(struct partition_private_data *data,
+					     struct ldb_dn *dn,
+					     struct ldb_request *req)
+{
+	unsigned int i;
+	struct ldb_control *partition_ctrl;
+
+	/* see if the request has the partition DN specified in a
+	 * control. The repl_meta_data module can specify this to
+	 * ensure that replication happens to the right partition
+	 */
+	partition_ctrl = ldb_request_get_control(req, DSDB_CONTROL_CURRENT_PARTITION_OID);
+	if (partition_ctrl) {
+		const struct dsdb_control_current_partition *partition;
+		partition = talloc_get_type(partition_ctrl->data,
+					    struct dsdb_control_current_partition);
+		if (partition != NULL) {
+			dn = partition->dn;
+		}
+	}
+
+	if (dn == NULL) {
+		return NULL;
+	}
+
+	/* Look at base DN */
+	/* Figure out which partition it is under */
+	/* Skip the lot if 'data' isn't here yet (initialisation) */
+	for (i=0; data && data->partitions && data->partitions[i]; i++) {
+		if (ldb_dn_compare_base(data->partitions[i]->ctrl->dn, dn) == 0) {
+			return data->partitions[i];
+		}
+	}
+
+	return NULL;
+}
+
+/**
+ * fire the caller's callback for every entry, but only send 'done' once.
+ */
+static int partition_req_callback(struct ldb_request *req,
+				  struct ldb_reply *ares)
+{
+	struct partition_context *ac;
+	struct ldb_module *module;
+	struct ldb_request *nreq;
+	int ret;
+	struct ldb_control *partition_ctrl;
+
+	ac = talloc_get_type(req->context, struct partition_context);
+
+	if (!ares) {
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+
+	partition_ctrl = ldb_request_get_control(req, DSDB_CONTROL_CURRENT_PARTITION_OID);
+	if (partition_ctrl && (ac->num_requests == 1 || ares->type == LDB_REPLY_ENTRY)) {
+		/* If we didn't fan this request out to multiple partitions,
+		 * or this is an individual search result, we can
+		 * deterministically tell the caller what partition this was
+		 * written to (repl_meta_data likes to know) */
+		ret = ldb_reply_add_control(ares,
+					    DSDB_CONTROL_CURRENT_PARTITION_OID,
+					    false, partition_ctrl->data);
+		if (ret != LDB_SUCCESS) {
+			return ldb_module_done(ac->req, NULL, NULL,
+					       ret);
+		}
+	}
+
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	switch (ares->type) {
+	case LDB_REPLY_REFERRAL:
+		return ldb_module_send_referral(ac->req, ares->referral);
+
+	case LDB_REPLY_ENTRY:
+		if (ac->req->operation != LDB_SEARCH) {
+			ldb_set_errstring(ldb_module_get_ctx(ac->module),
+				"partition_req_callback:"
+				" Unsupported reply type for this request");
+			return ldb_module_done(ac->req, NULL, NULL,
+						LDB_ERR_OPERATIONS_ERROR);
+		}
+		
+		return ldb_module_send_entry(ac->req, ares->message, ares->controls);
+
+	case LDB_REPLY_DONE:
+		if (ac->req->operation == LDB_EXTENDED) {
+			/* FIXME: check for ares->response, replmd does not fill it ! */
+			if (ares->response) {
+				if (strcmp(ares->response->oid, LDB_EXTENDED_START_TLS_OID) != 0) {
+					ldb_set_errstring(ldb_module_get_ctx(ac->module),
+							  "partition_req_callback:"
+							  " Unknown extended reply, "
+							  "only supports START_TLS");
+					talloc_free(ares);
+					return ldb_module_done(ac->req, NULL, NULL,
+								LDB_ERR_OPERATIONS_ERROR);
+				}
+			}
+		}
+
+		ac->finished_requests++;
+		if (ac->finished_requests == ac->num_requests) {
+			/* Send back referrals if they do exist (search ops) */
+			if (ac->referrals != NULL) {
+				const char **ref;
+				for (ref = ac->referrals; *ref != NULL; ++ref) {
+					ret = ldb_module_send_referral(ac->req,
+								       talloc_strdup(ac->req, *ref));
+					if (ret != LDB_SUCCESS) {
+						return ldb_module_done(ac->req, NULL, NULL,
+								       ret);
+					}
+				}
+			}
+
+			/* this was the last one, call callback */
+			return ldb_module_done(ac->req, ares->controls,
+					       ares->response, 
+					       ares->error);
+		}
+
+		/* not the last, now call the next one */
+		module = ac->part_req[ac->finished_requests].module;
+		nreq = ac->part_req[ac->finished_requests].req;
+
+		ret = partition_request(module, nreq);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(ares);
+			return ldb_module_done(ac->req, NULL, NULL, ret);
+		}
+
+		break;
+	}
+
+	talloc_free(ares);
+	return LDB_SUCCESS;
+}
+
+static int partition_prep_request(struct partition_context *ac,
+				  struct dsdb_partition *partition)
+{
+	int ret;
+	struct ldb_request *req;
+	struct ldb_control *partition_ctrl = NULL;
+	void *part_data = NULL;
+
+	ac->part_req = talloc_realloc(ac, ac->part_req,
+					struct part_request,
+					ac->num_requests + 1);
+	if (ac->part_req == NULL) {
+		return ldb_oom(ldb_module_get_ctx(ac->module));
+	}
+
+	switch (ac->req->operation) {
+	case LDB_SEARCH:
+		ret = ldb_build_search_req_ex(&req, ldb_module_get_ctx(ac->module),
+					ac->part_req,
+					ac->req->op.search.base,
+					ac->req->op.search.scope,
+					ac->req->op.search.tree,
+					ac->req->op.search.attrs,
+					ac->req->controls,
+					ac, partition_req_callback,
+					ac->req);
+		LDB_REQ_SET_LOCATION(req);
+		break;
+	case LDB_ADD:
+		ret = ldb_build_add_req(&req, ldb_module_get_ctx(ac->module), ac->part_req,
+					ac->req->op.add.message,
+					ac->req->controls,
+					ac, partition_req_callback,
+					ac->req);
+		LDB_REQ_SET_LOCATION(req);
+		break;
+	case LDB_MODIFY:
+		ret = ldb_build_mod_req(&req, ldb_module_get_ctx(ac->module), ac->part_req,
+					ac->req->op.mod.message,
+					ac->req->controls,
+					ac, partition_req_callback,
+					ac->req);
+		LDB_REQ_SET_LOCATION(req);
+		break;
+	case LDB_DELETE:
+		ret = ldb_build_del_req(&req, ldb_module_get_ctx(ac->module), ac->part_req,
+					ac->req->op.del.dn,
+					ac->req->controls,
+					ac, partition_req_callback,
+					ac->req);
+		LDB_REQ_SET_LOCATION(req);
+		break;
+	case LDB_RENAME:
+		ret = ldb_build_rename_req(&req, ldb_module_get_ctx(ac->module), ac->part_req,
+					ac->req->op.rename.olddn,
+					ac->req->op.rename.newdn,
+					ac->req->controls,
+					ac, partition_req_callback,
+					ac->req);
+		LDB_REQ_SET_LOCATION(req);
+		break;
+	case LDB_EXTENDED:
+		ret = ldb_build_extended_req(&req, ldb_module_get_ctx(ac->module),
+					ac->part_req,
+					ac->req->op.extended.oid,
+					ac->req->op.extended.data,
+					ac->req->controls,
+					ac, partition_req_callback,
+					ac->req);
+		LDB_REQ_SET_LOCATION(req);
+		break;
+	default:
+		ldb_set_errstring(ldb_module_get_ctx(ac->module),
+				  "Unsupported request type!");
+		ret = LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ac->part_req[ac->num_requests].req = req;
+
+	if (ac->req->controls) {
+		/* Duplicate everything beside the current partition control */
+		partition_ctrl = ldb_request_get_control(ac->req,
+							 DSDB_CONTROL_CURRENT_PARTITION_OID);
+		if (!ldb_save_controls(partition_ctrl, req, NULL)) {
+			return ldb_module_oom(ac->module);
+		}
+	}
+
+	part_data = partition->ctrl;
+
+	ac->part_req[ac->num_requests].module = partition->module;
+
+	if (partition_ctrl != NULL) {
+		if (partition_ctrl->data != NULL) {
+			part_data = partition_ctrl->data;
+		}
+
+		/*
+		 * If the provided current partition control is without
+		 * data then use the calculated one.
+		 */
+		ret = ldb_request_add_control(req,
+					      DSDB_CONTROL_CURRENT_PARTITION_OID,
+					      false, part_data);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	if (req->operation == LDB_SEARCH) {
+		/*
+		 * If the search is for 'more' than this partition,
+		 * then change the basedn, so the check of the BASE DN
+		 * still passes in the ldb_key_value layer
+		 */
+		if (ldb_dn_compare_base(partition->ctrl->dn,
+					req->op.search.base) != 0) {
+			req->op.search.base = partition->ctrl->dn;
+		}
+	}
+
+	ac->num_requests++;
+
+	return LDB_SUCCESS;
+}
+
+static int partition_call_first(struct partition_context *ac)
+{
+	return partition_request(ac->part_req[0].module, ac->part_req[0].req);
+}
+
+/**
+ * Send a request down to all the partitions (but not the sam.ldb file)
+ */
+static int partition_send_all(struct ldb_module *module, 
+			      struct partition_context *ac, 
+			      struct ldb_request *req) 
+{
+	unsigned int i;
+	struct partition_private_data *data = talloc_get_type(ldb_module_get_private(module),
+							      struct partition_private_data);
+	int ret;
+
+	for (i=0; data && data->partitions && data->partitions[i]; i++) {
+		ret = partition_prep_request(ac, data->partitions[i]);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	/* fire the first one */
+	return partition_call_first(ac);
+}
+
+struct partition_copy_context {
+	struct ldb_module *module;
+	struct partition_context *partition_context;
+	struct ldb_request *request;
+	struct ldb_dn *dn;
+};
+
+/*
+ * A special DN has been updated in the primary partition. Now propagate those
+ * changes to the remaining partitions.
+ *
+ * Note: that the operations are asynchronous and this function is called
+ *       from partition_copy_all_callback_handler in response to an async
+ *       callback.
+ */
+static int partition_copy_all_callback_action(
+	struct ldb_module *module,
+	struct partition_context *ac,
+	struct ldb_request *req,
+	struct ldb_dn *dn)
+
+{
+
+	unsigned int i;
+	struct partition_private_data *data =
+		talloc_get_type(
+			ldb_module_get_private(module),
+			struct partition_private_data);
+	int search_ret;
+	struct ldb_result *res;
+	/* now fetch the resulting object, and then copy it to all the
+	 * other partitions. We need this approach to cope with the
+	 * partitions getting out of sync. If for example the
+	 * @ATTRIBUTES object exists on one partition but not the
+	 * others then just doing each of the partitions in turn will
+	 * lead to an error
+	 */
+	search_ret = dsdb_module_search_dn(module, ac, &res, dn, NULL, DSDB_FLAG_NEXT_MODULE, req);
+	if (search_ret != LDB_SUCCESS && search_ret != LDB_ERR_NO_SUCH_OBJECT) {
+		return search_ret;
+	}
+
+	/* now delete the object in the other partitions, if required
+	*/
+	if (search_ret == LDB_ERR_NO_SUCH_OBJECT) {
+		for (i=0; data->partitions && data->partitions[i]; i++) {
+			int pret;
+			pret = dsdb_module_del(data->partitions[i]->module,
+					       dn,
+					       DSDB_FLAG_NEXT_MODULE,
+					       req);
+			if (pret != LDB_SUCCESS && pret != LDB_ERR_NO_SUCH_OBJECT) {
+				/* we should only get success or no
+				   such object from the other partitions */
+				return pret;
+			}
+		}
+
+		return ldb_module_done(req, NULL, NULL, LDB_SUCCESS);
+	}
+
+	/* now add/modify in the other partitions */
+	for (i=0; data->partitions && data->partitions[i]; i++) {
+		struct ldb_message *modify_msg = NULL;
+		int pret;
+		unsigned int el_idx;
+
+		pret = dsdb_module_add(data->partitions[i]->module,
+				       res->msgs[0],
+				       DSDB_FLAG_NEXT_MODULE,
+				       req);
+		if (pret == LDB_SUCCESS) {
+			continue;
+		}
+
+		if (pret != LDB_ERR_ENTRY_ALREADY_EXISTS) {
+			return pret;
+		}
+
+		modify_msg = ldb_msg_copy(req, res->msgs[0]);
+		if (modify_msg == NULL) {
+			return ldb_module_oom(module);
+		}
+
+		/*
+		 * mark all the message elements as
+		 * LDB_FLAG_MOD_REPLACE
+		 */
+		for (el_idx=0;
+		     el_idx < modify_msg->num_elements;
+		     el_idx++) {
+			modify_msg->elements[el_idx].flags
+				= LDB_FLAG_MOD_REPLACE;
+		}
+
+		if (req->operation == LDB_MODIFY) {
+			const struct ldb_message *req_msg = req->op.mod.message;
+			/*
+			 * mark elements to be removed, if these were
+			 * deleted entirely above we need to delete
+			 * them here too
+			 */
+			for (el_idx=0; el_idx < req_msg->num_elements; el_idx++) {
+				if (LDB_FLAG_MOD_TYPE(req_msg->elements[el_idx].flags) == LDB_FLAG_MOD_DELETE
+				    || ((LDB_FLAG_MOD_TYPE(req_msg->elements[el_idx].flags) == LDB_FLAG_MOD_REPLACE) &&
+					req_msg->elements[el_idx].num_values == 0)) {
+					if (ldb_msg_find_element(modify_msg,
+								 req_msg->elements[el_idx].name) != NULL) {
+						continue;
+					}
+					pret = ldb_msg_add_empty(
+						modify_msg,
+						req_msg->elements[el_idx].name,
+						LDB_FLAG_MOD_REPLACE,
+						NULL);
+					if (pret != LDB_SUCCESS) {
+						return pret;
+					}
+				}
+			}
+		}
+
+		pret = dsdb_module_modify(data->partitions[i]->module,
+					  modify_msg,
+					  DSDB_FLAG_NEXT_MODULE,
+					  req);
+
+		if (pret != LDB_SUCCESS) {
+			return pret;
+		}
+	}
+
+	return ldb_module_done(req, NULL, NULL, LDB_SUCCESS);
+}
+
+
+/*
+ * @brief call back function for the ldb operations on special DN's.
+ *
+ * As the LDB operations are async, and we wish to use the result
+ * the operations, a callback needs to be registered to process the results
+ * of the LDB operations.
+ *
+ * @param req the ldb request
+ * @param res the result of the operation
+ *
+ * @return the LDB_STATUS
+ */
+static int partition_copy_all_callback_handler(
+	struct ldb_request *req,
+	struct ldb_reply *ares)
+{
+	struct partition_copy_context *ac = NULL;
+
+	ac = talloc_get_type(
+		req->context,
+		struct partition_copy_context);
+
+	if (!ares) {
+		return ldb_module_done(
+			ac->request,
+			NULL,
+			NULL,
+			LDB_ERR_OPERATIONS_ERROR);
+	}
+
+	/* pass on to the callback */
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+		return ldb_module_send_entry(
+			ac->request,
+			ares->message,
+			ares->controls);
+
+	case LDB_REPLY_REFERRAL:
+		return ldb_module_send_referral(
+			ac->request,
+			ares->referral);
+
+	case LDB_REPLY_DONE: {
+		int error = ares->error;
+		if (error == LDB_SUCCESS) {
+			error = partition_copy_all_callback_action(
+				ac->module,
+				ac->partition_context,
+				ac->request,
+				ac->dn);
+		}
+		return ldb_module_done(
+			ac->request,
+			ares->controls,
+			ares->response,
+			error);
+	}
+
+	default:
+		/* Can't happen */
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+}
+
+/**
+ * send an operation to the top partition, then copy the resulting
+ * object to all other partitions.
+ */
+static int partition_copy_all(
+	struct ldb_module *module,
+	struct partition_context *partition_context,
+	struct ldb_request *req,
+	struct ldb_dn *dn)
+{
+	struct ldb_request *new_req = NULL;
+	struct ldb_context *ldb = NULL;
+	struct partition_copy_context *context = NULL;
+
+	int ret;
+
+	ldb = ldb_module_get_ctx(module);
+
+	context = talloc_zero(req, struct partition_copy_context);
+	if (context == NULL) {
+		return ldb_oom(ldb);
+	}
+	context->module = module;
+	context->request = req;
+	context->dn = dn;
+	context->partition_context = partition_context;
+
+	switch (req->operation) {
+	case LDB_ADD:
+		ret = ldb_build_add_req(
+			&new_req,
+			ldb,
+			req,
+			req->op.add.message,
+			req->controls,
+			context,
+			partition_copy_all_callback_handler,
+			req);
+		break;
+	case LDB_MODIFY:
+		ret = ldb_build_mod_req(
+			&new_req,
+			ldb,
+			req,
+			req->op.mod.message,
+			req->controls,
+			context,
+			partition_copy_all_callback_handler,
+			req);
+		break;
+	case LDB_DELETE:
+		ret = ldb_build_del_req(
+			&new_req,
+			ldb,
+			req,
+			req->op.del.dn,
+			req->controls,
+			context,
+			partition_copy_all_callback_handler,
+			req);
+		break;
+	case LDB_RENAME:
+		ret = ldb_build_rename_req(
+			&new_req,
+			ldb,
+			req,
+			req->op.rename.olddn,
+			req->op.rename.newdn,
+			req->controls,
+			context,
+			partition_copy_all_callback_handler,
+			req);
+		break;
+	default:
+		/*
+		 * Shouldn't happen.
+		 */
+		ldb_debug(
+			ldb,
+			LDB_DEBUG_ERROR,
+			"Unexpected operation type (%d)\n", req->operation);
+		ret = LDB_ERR_OPERATIONS_ERROR;
+		break;
+	}
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	return ldb_next_request(module, new_req);
+}
+/**
+ * Figure out which backend a request needs to be aimed at.  Some
+ * requests must be replicated to all backends
+ */
+static int partition_replicate(struct ldb_module *module, struct ldb_request *req, struct ldb_dn *dn) 
+{
+	struct partition_context *ac;
+	unsigned int i;
+	int ret;
+	struct dsdb_partition *partition;
+	struct partition_private_data *data = talloc_get_type(ldb_module_get_private(module),
+							      struct partition_private_data);
+
+	/* if we aren't initialised yet go further */
+	if (!data || !data->partitions) {
+		return ldb_next_request(module, req);
+	}
+
+	if (ldb_dn_is_special(dn)) {
+		/* Is this a special DN, we need to replicate to every backend? */
+		for (i=0; data->replicate && data->replicate[i]; i++) {
+			if (ldb_dn_compare(data->replicate[i], 
+					   dn) == 0) {
+				
+				ac = partition_init_ctx(module, req);
+				if (!ac) {
+					return ldb_operr(ldb_module_get_ctx(module));
+				}
+				
+				return partition_copy_all(module, ac, req, dn);
+			}
+		}
+	}
+
+	/* Otherwise, we need to find the partition to fire it to */
+
+	/* Find partition */
+	partition = find_partition(data, dn, req);
+	if (!partition) {
+		/*
+		 * if we haven't found a matching partition
+		 * pass the request to the main ldb
+		 *
+		 * TODO: we should maybe return an error here
+		 *       if it's not a special dn
+		 */
+
+		return ldb_next_request(module, req);
+	}
+
+	ac = partition_init_ctx(module, req);
+	if (!ac) {
+		return ldb_operr(ldb_module_get_ctx(module));
+	}
+
+	/* we need to add a control but we never touch the original request */
+	ret = partition_prep_request(ac, partition);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/* fire the first one */
+	return partition_call_first(ac);
+}
+
+/* search */
+static int partition_search(struct ldb_module *module, struct ldb_request *req)
+{
+	/* Find backend */
+	struct partition_private_data *data = talloc_get_type(ldb_module_get_private(module),
+							      struct partition_private_data);
+	struct partition_context *ac;
+	struct ldb_context *ldb;
+	struct loadparm_context *lp_ctx;
+
+	struct ldb_control *search_control = ldb_request_get_control(req, LDB_CONTROL_SEARCH_OPTIONS_OID);
+	struct ldb_control *domain_scope_control = ldb_request_get_control(req, LDB_CONTROL_DOMAIN_SCOPE_OID);
+	struct ldb_control *no_gc_control = ldb_request_get_control(req, DSDB_CONTROL_NO_GLOBAL_CATALOG);
+	
+	struct ldb_search_options_control *search_options = NULL;
+	struct dsdb_partition *p;
+	unsigned int i, j;
+	int ret;
+	bool domain_scope = false, phantom_root = false;
+
+	p = find_partition(data, NULL, req);
+	if (p != NULL) {
+		/* the caller specified what partition they want the
+		 * search - just pass it on
+		 */
+		return ldb_next_request(p->module, req);
+	}
+
+	/* Get back the search options from the search control, and mark it as
+	 * non-critical (to make backends and also dcpromo happy).
+	 */
+	if (search_control) {
+		search_options = talloc_get_type(search_control->data, struct ldb_search_options_control);
+		search_control->critical = 0;
+
+	}
+
+	/* if we aren't initialised yet go further */
+	if (!data || !data->partitions) {
+		return ldb_next_request(module, req);
+	}
+
+	/* Special DNs without specified partition should go further */
+	if (ldb_dn_is_special(req->op.search.base)) {
+		return ldb_next_request(module, req);
+	}
+
+	/* Locate the options */
+	domain_scope = (search_options
+		&& (search_options->search_options & LDB_SEARCH_OPTION_DOMAIN_SCOPE))
+		|| domain_scope_control;
+	phantom_root = search_options
+		&& (search_options->search_options & LDB_SEARCH_OPTION_PHANTOM_ROOT);
+
+	/* Remove handled options from the search control flag */
+	if (search_options) {
+		search_options->search_options = search_options->search_options
+			& ~LDB_SEARCH_OPTION_DOMAIN_SCOPE
+			& ~LDB_SEARCH_OPTION_PHANTOM_ROOT;
+	}
+
+	ac = partition_init_ctx(module, req);
+	if (!ac) {
+		return ldb_operr(ldb_module_get_ctx(module));
+	}
+
+	ldb = ldb_module_get_ctx(ac->module);
+	lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"),
+						struct loadparm_context);
+
+	/* Search from the base DN */
+	if (ldb_dn_is_null(req->op.search.base)) {
+		if (!phantom_root) {
+			return ldb_error(ldb, LDB_ERR_NO_SUCH_OBJECT, "empty base DN");
+		}
+		return partition_send_all(module, ac, req);
+	}
+
+	for (i=0; data->partitions[i]; i++) {
+		bool match = false, stop = false;
+
+		if (data->partitions[i]->partial_replica && no_gc_control != NULL) {
+			if (ldb_dn_compare_base(data->partitions[i]->ctrl->dn,
+						req->op.search.base) == 0) {
+				/* base DN is in a partial replica
+				   with the NO_GLOBAL_CATALOG
+				   control. This partition is invisible */
+				/* DEBUG(0,("DENYING NON-GC OP: %s\n", ldb_module_call_chain(req, req))); */
+				continue;
+			}
+		}
+
+		if (phantom_root) {
+			/* Phantom root: Find all partitions under the
+			 * search base. We match if:
+			 *
+			 * 1) the DN we are looking for exactly matches a
+			 *    certain partition and always stop
+			 * 2) the DN we are looking for is a parent of certain
+			 *    partitions and it isn't a scope base search
+			 * 3) the DN we are looking for is a child of a certain
+			 *    partition and always stop
+			 *    - we don't need to go any further up in the
+			 *    hierarchy!
+			 */
+			if (ldb_dn_compare(data->partitions[i]->ctrl->dn,
+					   req->op.search.base) == 0) {
+				match = true;
+				stop = true;
+			}
+			if (!match &&
+			    (ldb_dn_compare_base(req->op.search.base,
+						 data->partitions[i]->ctrl->dn) == 0 &&
+			     req->op.search.scope != LDB_SCOPE_BASE)) {
+				match = true;
+			}
+			if (!match &&
+			    ldb_dn_compare_base(data->partitions[i]->ctrl->dn,
+						req->op.search.base) == 0) {
+				match = true;
+				stop = true; /* note that this relies on partition ordering */
+			}
+		} else {
+			/* Domain scope: Find all partitions under the search
+			 * base.
+			 *
+			 * We generate referral candidates if we haven't
+			 * specified the domain scope control, haven't a base
+			 * search* scope and the DN we are looking for is a real
+			 * predecessor of certain partitions. When a new
+			 * referral candidate is nearer to the DN than an
+			 * existing one delete the latter (we want to have only
+			 * the closest ones). When we checked this for all
+			 * candidates we have the final referrals.
+			 *
+			 * We match if the DN we are looking for is a child of
+			 * a certain partition or the partition
+			 * DN itself - we don't need to go any further
+			 * up in the hierarchy!
+			 */
+			if ((!domain_scope) &&
+			    (req->op.search.scope != LDB_SCOPE_BASE) &&
+			    (ldb_dn_compare_base(req->op.search.base,
+						 data->partitions[i]->ctrl->dn) == 0) &&
+			    (ldb_dn_compare(req->op.search.base,
+					    data->partitions[i]->ctrl->dn) != 0)) {
+				const char *scheme = ldb_get_opaque(
+				    ldb, LDAP_REFERRAL_SCHEME_OPAQUE);
+				char *ref = talloc_asprintf(
+					ac,
+					"%s://%s/%s%s",
+					scheme == NULL ? "ldap" : scheme,
+					lpcfg_dnsdomain(lp_ctx),
+					ldb_dn_get_linearized(
+					    data->partitions[i]->ctrl->dn),
+					req->op.search.scope ==
+					    LDB_SCOPE_ONELEVEL ? "??base" : "");
+
+				if (ref == NULL) {
+					return ldb_oom(ldb);
+				}
+
+				/* Initialise the referrals list */
+				if (ac->referrals == NULL) {
+					char **l = str_list_make_empty(ac);
+					ac->referrals = discard_const_p(const char *, l);
+					if (ac->referrals == NULL) {
+						return ldb_oom(ldb);
+					}
+				}
+
+				/* Check if the new referral candidate is
+				 * closer to the base DN than already
+				 * saved ones and delete the latters */
+				j = 0;
+				while (ac->referrals[j] != NULL) {
+					if (strstr(ac->referrals[j],
+						   ldb_dn_get_linearized(data->partitions[i]->ctrl->dn)) != NULL) {
+						str_list_remove(ac->referrals,
+								ac->referrals[j]);
+					} else {
+						++j;
+					}
+				}
+
+				/* Add our new candidate */
+				ac->referrals = str_list_add(ac->referrals, ref);
+
+				talloc_free(ref);
+
+				if (ac->referrals == NULL) {
+					return ldb_oom(ldb);
+				}
+			}
+			if (ldb_dn_compare_base(data->partitions[i]->ctrl->dn, req->op.search.base) == 0) {
+				match = true;
+				stop = true; /* note that this relies on partition ordering */
+			}
+		}
+
+		if (match) {
+			ret = partition_prep_request(ac, data->partitions[i]);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+		}
+
+		if (stop) break;
+	}
+
+	/* Perhaps we didn't match any partitions. Try the main partition */
+	if (ac->num_requests == 0) {
+		talloc_free(ac);
+		return ldb_next_request(module, req);
+	}
+
+	/* fire the first one */
+	return partition_call_first(ac);
+}
+
+/* add */
+static int partition_add(struct ldb_module *module, struct ldb_request *req)
+{
+	return partition_replicate(module, req, req->op.add.message->dn);
+}
+
+/* modify */
+static int partition_modify(struct ldb_module *module, struct ldb_request *req)
+{
+	return partition_replicate(module, req, req->op.mod.message->dn);
+}
+
+/* delete */
+static int partition_delete(struct ldb_module *module, struct ldb_request *req)
+{
+	return partition_replicate(module, req, req->op.del.dn);
+}
+
+/* rename */
+static int partition_rename(struct ldb_module *module, struct ldb_request *req)
+{
+	/* Find backend */
+	struct dsdb_partition *backend, *backend2;
+	
+	struct partition_private_data *data = talloc_get_type(ldb_module_get_private(module),
+							      struct partition_private_data);
+
+	/* Skip the lot if 'data' isn't here yet (initialisation) */
+	if (!data) {
+		return ldb_operr(ldb_module_get_ctx(module));
+	}
+
+	backend = find_partition(data, req->op.rename.olddn, req);
+	backend2 = find_partition(data, req->op.rename.newdn, req);
+
+	if ((backend && !backend2) || (!backend && backend2)) {
+		return LDB_ERR_AFFECTS_MULTIPLE_DSAS;
+	}
+
+	if (backend != backend2) {
+		ldb_asprintf_errstring(ldb_module_get_ctx(module), 
+				       "Cannot rename from %s in %s to %s in %s: %s",
+				       ldb_dn_get_linearized(req->op.rename.olddn),
+				       ldb_dn_get_linearized(backend->ctrl->dn),
+				       ldb_dn_get_linearized(req->op.rename.newdn),
+				       ldb_dn_get_linearized(backend2->ctrl->dn),
+				       ldb_strerror(LDB_ERR_AFFECTS_MULTIPLE_DSAS));
+		return LDB_ERR_AFFECTS_MULTIPLE_DSAS;
+	}
+
+	return partition_replicate(module, req, req->op.rename.olddn);
+}
+
+/* start a transaction */
+int partition_start_trans(struct ldb_module *module)
+{
+	int i = 0;
+	int ret = 0;
+	struct partition_private_data *data = talloc_get_type(ldb_module_get_private(module),
+							      struct partition_private_data);
+	/* Look at base DN */
+	/* Figure out which partition it is under */
+	/* Skip the lot if 'data' isn't here yet (initialization) */
+	if (ldb_module_flags(ldb_module_get_ctx(module)) & LDB_FLG_ENABLE_TRACING) {
+		ldb_debug(ldb_module_get_ctx(module), LDB_DEBUG_TRACE, "partition_start_trans() -> (metadata partition)");
+	}
+
+	/*
+	 * We start a transaction on metadata.tdb first and end it last in
+	 * end_trans. This makes locking semantics follow TDB rather than MDB,
+	 * and effectively locks all partitions at once.
+	 * Detail:
+	 * Samba AD is special in that the partitions module (this file)
+	 * combines multiple independently locked databases into one overall
+	 * transaction. Changes across multiple partition DBs in a single
+	 * transaction must ALL be either visible or invisible.
+	 * The way this is achieved is by taking out a write lock on
+	 * metadata.tdb at the start of prepare_commit, while unlocking it at
+	 * the end of end_trans. This is matched by read_lock, ensuring it
+	 * can't progress until that write lock is released.
+	 *
+	 * metadata.tdb needs to be a TDB file because MDB uses independent
+	 * locks, which means a read lock and a write lock can be held at the
+	 * same time, whereas in TDB, the two locks block each other. The TDB
+	 * behaviour is required to implement the functionality described
+	 * above.
+	 *
+	 * An important additional detail here is that if prepare_commit is
+	 * called on a TDB without any changes being made, no write lock is
+	 * taken. We address this by storing a sequence number in metadata.tdb
+	 * which is updated every time a replicated attribute is modified.
+	 * The possibility of a few unreplicated attributes being out of date
+	 * turns out not to be a problem.
+	 * For this reason, a lock on sam.ldb (which is a TDB) won't achieve
+	 * the same end as locking metadata.tdb, unless we made a modification
+	 * to the @ records found there before every prepare_commit.
+	 */
+	ret = partition_metadata_start_trans(module);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = ldb_next_start_trans(module);
+	if (ret != LDB_SUCCESS) {
+		partition_metadata_del_trans(module);
+		return ret;
+	}
+
+	ret = partition_reload_if_required(module, data, NULL);
+	if (ret != LDB_SUCCESS) {
+		ldb_next_del_trans(module);
+		partition_metadata_del_trans(module);
+		return ret;
+	}
+
+	/*
+	 * The following per partition locks are required mostly because TDB
+	 * and MDB require locks before read and write ops are permitted.
+	 */
+	for (i=0; data && data->partitions && data->partitions[i]; i++) {
+		if ((module && ldb_module_flags(ldb_module_get_ctx(module)) & LDB_FLG_ENABLE_TRACING)) {
+			ldb_debug(ldb_module_get_ctx(module), LDB_DEBUG_TRACE, "partition_start_trans() -> %s",
+				  ldb_dn_get_linearized(data->partitions[i]->ctrl->dn));
+		}
+		ret = ldb_next_start_trans(data->partitions[i]->module);
+		if (ret != LDB_SUCCESS) {
+			/* Back it out, if it fails on one */
+			for (i--; i >= 0; i--) {
+				ldb_next_del_trans(data->partitions[i]->module);
+			}
+			ldb_next_del_trans(module);
+			partition_metadata_del_trans(module);
+			return ret;
+		}
+	}
+
+	data->in_transaction++;
+
+	return LDB_SUCCESS;
+}
+
+/* prepare for a commit */
+int partition_prepare_commit(struct ldb_module *module)
+{
+	unsigned int i;
+	struct partition_private_data *data = talloc_get_type(ldb_module_get_private(module),
+							      struct partition_private_data);
+	int ret;
+
+	/*
+	 * Order of prepare_commit calls must match that in
+	 * partition_start_trans. See comment in that function for detail.
+	 */
+	ret = partition_metadata_prepare_commit(module);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = ldb_next_prepare_commit(module);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	for (i=0; data && data->partitions && data->partitions[i]; i++) {
+		if ((module && ldb_module_flags(ldb_module_get_ctx(module)) & LDB_FLG_ENABLE_TRACING)) {
+			ldb_debug(ldb_module_get_ctx(module), LDB_DEBUG_TRACE, "partition_prepare_commit() -> %s",
+				  ldb_dn_get_linearized(data->partitions[i]->ctrl->dn));
+		}
+		ret = ldb_next_prepare_commit(data->partitions[i]->module);
+		if (ret != LDB_SUCCESS) {
+			ldb_asprintf_errstring(ldb_module_get_ctx(module), "prepare_commit error on %s: %s",
+					       ldb_dn_get_linearized(data->partitions[i]->ctrl->dn),
+					       ldb_errstring(ldb_module_get_ctx(module)));
+			return ret;
+		}
+	}
+
+	if ((module && ldb_module_flags(ldb_module_get_ctx(module)) & LDB_FLG_ENABLE_TRACING)) {
+		ldb_debug(ldb_module_get_ctx(module), LDB_DEBUG_TRACE, "partition_prepare_commit() -> (metadata partition)");
+	}
+
+	return LDB_SUCCESS;
+}
+
+
+/* end a transaction */
+int partition_end_trans(struct ldb_module *module)
+{
+	int ret, ret2;
+	int i;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct partition_private_data *data = talloc_get_type(ldb_module_get_private(module),
+							      struct partition_private_data);
+	bool trace = module && ldb_module_flags(ldb) & LDB_FLG_ENABLE_TRACING;
+
+	ret = LDB_SUCCESS;
+
+	if (data->in_transaction == 0) {
+		DEBUG(0,("partition end transaction mismatch\n"));
+		ret = LDB_ERR_OPERATIONS_ERROR;
+	} else {
+		data->in_transaction--;
+	}
+
+	/*
+	 * Order of end_trans calls must be the reverse of that in
+	 * partition_start_trans. See comment in that function for detail.
+	 */
+	if (data && data->partitions) {
+		/* Just counting the partitions */
+		for (i=0; data->partitions[i]; i++) {}
+
+		/* now walk them backwards */
+		for (i--; i>=0; i--) {
+			struct dsdb_partition *p = data->partitions[i];
+			if (trace) {
+				ldb_debug(ldb,
+					  LDB_DEBUG_TRACE,
+					  "partition_end_trans() -> %s",
+					  ldb_dn_get_linearized(p->ctrl->dn));
+			}
+			ret2 = ldb_next_end_trans(p->module);
+			if (ret2 != LDB_SUCCESS) {
+				ldb_asprintf_errstring(ldb,
+					"end_trans error on %s: %s",
+					ldb_dn_get_linearized(p->ctrl->dn),
+					ldb_errstring(ldb));
+				ret = ret2;
+			}
+		}
+	}
+
+	if (trace) {
+		ldb_debug(ldb_module_get_ctx(module), LDB_DEBUG_TRACE, "partition_end_trans() -> (metadata partition)");
+	}
+	ret2 = ldb_next_end_trans(module);
+	if (ret2 != LDB_SUCCESS) {
+		ret = ret2;
+	}
+
+	ret2 = partition_metadata_end_trans(module);
+	if (ret2 != LDB_SUCCESS) {
+		ret = ret2;
+	}
+
+	return ret;
+}
+
+/* delete a transaction */
+int partition_del_trans(struct ldb_module *module)
+{
+	int ret, final_ret = LDB_SUCCESS;
+	int i;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct partition_private_data *data = talloc_get_type(ldb_module_get_private(module),
+							      struct partition_private_data);
+	bool trace = module && ldb_module_flags(ldb) & LDB_FLG_ENABLE_TRACING;
+
+	if (data == NULL) {
+		DEBUG(0,("partition delete transaction with no private data\n"));
+		return ldb_operr(ldb);
+	}
+
+	/*
+	 * Order of del_trans calls must be the reverse of that in
+	 * partition_start_trans. See comment in that function for detail.
+	 */
+	if (data->partitions) {
+		/* Just counting the partitions */
+		for (i=0; data->partitions[i]; i++) {}
+
+		/* now walk them backwards */
+		for (i--; i>=0; i--) {
+			struct dsdb_partition *p = data->partitions[i];
+			if (trace) {
+				ldb_debug(ldb,
+					  LDB_DEBUG_TRACE,
+					  "partition_del_trans() -> %s",
+					  ldb_dn_get_linearized(p->ctrl->dn));
+			}
+			ret = ldb_next_del_trans(p->module);
+			if (ret != LDB_SUCCESS) {
+				ldb_asprintf_errstring(ldb,
+					"del_trans error on %s: %s",
+					ldb_dn_get_linearized(p->ctrl->dn),
+					ldb_errstring(ldb));
+				final_ret = ret;
+			}
+		}
+	}
+
+	if (trace) {
+		ldb_debug(ldb_module_get_ctx(module), LDB_DEBUG_TRACE, "partition_del_trans() -> (metadata partition)");
+	}
+	ret = ldb_next_del_trans(module);
+	if (ret != LDB_SUCCESS) {
+		final_ret = ret;
+	}
+
+	ret = partition_metadata_del_trans(module);
+	if (ret != LDB_SUCCESS) {
+		final_ret = ret;
+	}
+
+	if (data->in_transaction == 0) {
+		DEBUG(0,("partition del transaction mismatch\n"));
+		return ldb_operr(ldb_module_get_ctx(module));
+	}
+	data->in_transaction--;
+
+	return final_ret;
+}
+
+int partition_primary_sequence_number(struct ldb_module *module, TALLOC_CTX *mem_ctx, 
+				      uint64_t *seq_number,
+				      struct ldb_request *parent)
+{
+	int ret;
+	struct ldb_result *res;
+	struct ldb_seqnum_request *tseq;
+	struct ldb_seqnum_result *seqr;
+
+	tseq = talloc_zero(mem_ctx, struct ldb_seqnum_request);
+	if (tseq == NULL) {
+		return ldb_oom(ldb_module_get_ctx(module));
+	}
+	tseq->type = LDB_SEQ_HIGHEST_SEQ;
+	
+	ret = dsdb_module_extended(module, tseq, &res,
+				   LDB_EXTENDED_SEQUENCE_NUMBER,
+				   tseq,
+				   DSDB_FLAG_NEXT_MODULE,
+				   parent);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tseq);
+		return ret;
+	}
+	
+	seqr = talloc_get_type_abort(res->extended->data,
+				     struct ldb_seqnum_result);
+	if (seqr->flags & LDB_SEQ_TIMESTAMP_SEQUENCE) {
+		talloc_free(res);
+		return ldb_module_error(module, LDB_ERR_OPERATIONS_ERROR,
+			"Primary backend in partition module returned a timestamp based seq");
+	}
+
+	*seq_number = seqr->seq_num;
+	talloc_free(tseq);
+	return LDB_SUCCESS;
+}
+
+
+/*
+ * Older version of sequence number as sum of sequence numbers for each partition
+ */
+int partition_sequence_number_from_partitions(struct ldb_module *module,
+					      uint64_t *seqr)
+{
+	int ret;
+	unsigned int i;
+	uint64_t seq_number = 0;
+	struct partition_private_data *data = talloc_get_type(ldb_module_get_private(module),
+							      struct partition_private_data);
+
+	ret = partition_primary_sequence_number(module, data, &seq_number, NULL);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	
+	/* Skip the lot if 'data' isn't here yet (initialisation) */
+	for (i=0; data && data->partitions && data->partitions[i]; i++) {
+		struct ldb_seqnum_request *tseq;
+		struct ldb_seqnum_result *tseqr;
+		struct ldb_request *treq;
+		struct ldb_result *res = talloc_zero(data, struct ldb_result);
+		if (res == NULL) {
+			return ldb_oom(ldb_module_get_ctx(module));
+		}
+		tseq = talloc_zero(res, struct ldb_seqnum_request);
+		if (tseq == NULL) {
+			talloc_free(res);
+			return ldb_oom(ldb_module_get_ctx(module));
+		}
+		tseq->type = LDB_SEQ_HIGHEST_SEQ;
+		
+		ret = ldb_build_extended_req(&treq, ldb_module_get_ctx(module), res,
+					     LDB_EXTENDED_SEQUENCE_NUMBER,
+					     tseq,
+					     NULL,
+					     res,
+					     ldb_extended_default_callback,
+					     NULL);
+		LDB_REQ_SET_LOCATION(treq);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(res);
+			return ret;
+		}
+		
+		ret = partition_request(data->partitions[i]->module, treq);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(res);
+			return ret;
+		}
+		ret = ldb_wait(treq->handle, LDB_WAIT_ALL);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(res);
+			return ret;
+		}
+		tseqr = talloc_get_type(res->extended->data,
+					struct ldb_seqnum_result);
+		seq_number += tseqr->seq_num;
+		talloc_free(res);
+	}
+
+	*seqr = seq_number;
+	return LDB_SUCCESS;
+}
+
+
+/*
+ * Newer version of sequence number using metadata tdb
+ */
+static int partition_sequence_number(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_extended *ext;
+	struct ldb_seqnum_request *seq;
+	struct ldb_seqnum_result *seqr;
+	uint64_t seq_number;
+	int ret;
+
+	seq = talloc_get_type_abort(req->op.extended.data, struct ldb_seqnum_request);
+	switch (seq->type) {
+	case LDB_SEQ_NEXT:
+		ret = partition_metadata_sequence_number_increment(module, &seq_number);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+		break;
+
+	case LDB_SEQ_HIGHEST_SEQ:
+		ret = partition_metadata_sequence_number(module, &seq_number);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+		break;
+
+	case LDB_SEQ_HIGHEST_TIMESTAMP:
+		return ldb_module_error(module, LDB_ERR_OPERATIONS_ERROR,
+					"LDB_SEQ_HIGHEST_TIMESTAMP not supported");
+	}
+
+	ext = talloc_zero(req, struct ldb_extended);
+	if (!ext) {
+		return ldb_module_oom(module);
+	}
+	seqr = talloc_zero(ext, struct ldb_seqnum_result);
+	if (seqr == NULL) {
+		talloc_free(ext);
+		return ldb_module_oom(module);
+	}
+	ext->oid = LDB_EXTENDED_SEQUENCE_NUMBER;
+	ext->data = seqr;
+
+	seqr->seq_num = seq_number;
+	seqr->flags |= LDB_SEQ_GLOBAL_SEQUENCE;
+
+	/* send request done */
+	return ldb_module_done(req, NULL, ext, LDB_SUCCESS);
+}
+
+/* lock all the backends */
+int partition_read_lock(struct ldb_module *module)
+{
+	int i = 0;
+	int ret = 0;
+	int ret2 = 0;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct partition_private_data *data = \
+		talloc_get_type(ldb_module_get_private(module),
+				struct partition_private_data);
+
+	if (ldb_module_flags(ldb) & LDB_FLG_ENABLE_TRACING) {
+		ldb_debug(ldb, LDB_DEBUG_TRACE,
+			  "partition_read_lock() -> (metadata partition)");
+	}
+
+	/*
+	 * It is important to only do this for LOCK because:
+	 * - we don't want to unlock what we did not lock
+	 *
+	 * - we don't want to make a new lock on the sam.ldb
+	 *   (triggered inside this routine due to the seq num check)
+	 *   during an unlock phase as that will violate the lock
+	 *   ordering
+	 */
+
+	if (data == NULL) {
+		TALLOC_CTX *mem_ctx = talloc_new(module);
+
+		data = talloc_zero(mem_ctx, struct partition_private_data);
+		if (data == NULL) {
+			talloc_free(mem_ctx);
+			return ldb_operr(ldb);
+		}
+
+		/*
+		 * When used from Samba4, this message is set by the
+		 * samba4 module, as a fixed value not read from the
+		 * DB.  This avoids listing modules in the DB
+		 */
+		data->forced_module_msg = talloc_get_type(
+			ldb_get_opaque(ldb,
+				       DSDB_OPAQUE_PARTITION_MODULE_MSG_OPAQUE_NAME),
+			struct ldb_message);
+
+		ldb_module_set_private(module, talloc_steal(module,
+							    data));
+		talloc_free(mem_ctx);
+	}
+
+	/*
+	 * This will lock sam.ldb and will also call event loops,
+	 * so we do it before we get the whole db lock.
+	 */
+	ret = partition_reload_if_required(module, data, NULL);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/*
+	 * Order of read_lock calls must match that in partition_start_trans.
+	 * See comment in that function for detail.
+	 */
+	ret = partition_metadata_read_lock(module);
+	if (ret != LDB_SUCCESS) {
+		goto failed;
+	}
+
+	/*
+	 * The top level DB (sam.ldb) lock is not enough to block another
+	 * process in prepare_commit(), because if nothing was changed in the
+	 * specific backend, then prepare_commit() is a no-op. Therefore the
+	 * metadata.tdb lock is taken out above, as it is the best we can do
+	 * right now.
+	 */
+	ret = ldb_next_read_lock(module);
+	if (ret != LDB_SUCCESS) {
+		ldb_debug_set(ldb,
+			      LDB_DEBUG_FATAL,
+			      "Failed to lock db: %s / %s for metadata partition",
+			      ldb_errstring(ldb),
+			      ldb_strerror(ret));
+
+		return ret;
+	}
+
+	/*
+	 * The following per partition locks are required mostly because TDB
+	 * and MDB require locks before reads are permitted.
+	 */
+	for (i=0; data && data->partitions && data->partitions[i]; i++) {
+		if ((module && ldb_module_flags(ldb) & LDB_FLG_ENABLE_TRACING)) {
+			ldb_debug(ldb, LDB_DEBUG_TRACE,
+				  "partition_read_lock() -> %s",
+				  ldb_dn_get_linearized(
+					  data->partitions[i]->ctrl->dn));
+		}
+		ret = ldb_next_read_lock(data->partitions[i]->module);
+		if (ret == LDB_SUCCESS) {
+			continue;
+		}
+
+		ldb_debug_set(ldb,
+			      LDB_DEBUG_FATAL,
+			      "Failed to lock db: %s / %s for %s",
+			      ldb_errstring(ldb),
+			      ldb_strerror(ret),
+			      ldb_dn_get_linearized(
+				      data->partitions[i]->ctrl->dn));
+
+		goto failed;
+	}
+
+	return LDB_SUCCESS;
+
+failed:
+	/* Back it out, if it fails on one */
+	for (i--; i >= 0; i--) {
+		ret2 = ldb_next_read_unlock(data->partitions[i]->module);
+		if (ret2 != LDB_SUCCESS) {
+			ldb_debug(ldb,
+				  LDB_DEBUG_FATAL,
+				  "Failed to unlock db: %s / %s",
+				  ldb_errstring(ldb),
+				  ldb_strerror(ret2));
+		}
+	}
+	ret2 = ldb_next_read_unlock(module);
+	if (ret2 != LDB_SUCCESS) {
+		ldb_debug(ldb,
+			  LDB_DEBUG_FATAL,
+			  "Failed to unlock db: %s / %s",
+			  ldb_errstring(ldb),
+			  ldb_strerror(ret2));
+	}
+	return ret;
+}
+
+/* unlock all the backends */
+int partition_read_unlock(struct ldb_module *module)
+{
+	int i;
+	int ret = LDB_SUCCESS;
+	int ret2;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct partition_private_data *data = \
+		talloc_get_type(ldb_module_get_private(module),
+				struct partition_private_data);
+	bool trace = module && ldb_module_flags(ldb) & LDB_FLG_ENABLE_TRACING;
+
+	/*
+	 * Order of read_unlock calls must be the reverse of that in
+	 * partition_start_trans. See comment in that function for detail.
+	 */
+	if (data && data->partitions) {
+		/* Just counting the partitions */
+		for (i=0; data->partitions[i]; i++) {}
+
+		/* now walk them backwards */
+		for (i--; i>=0; i--) {
+			struct dsdb_partition *p = data->partitions[i];
+			if (trace) {
+				ldb_debug(ldb, LDB_DEBUG_TRACE,
+					  "partition_read_unlock() -> %s",
+					  ldb_dn_get_linearized(p->ctrl->dn));
+			}
+			ret2 = ldb_next_read_unlock(p->module);
+			if (ret2 != LDB_SUCCESS) {
+				ldb_debug_set(ldb,
+					   LDB_DEBUG_FATAL,
+					   "Failed to lock db: %s / %s for %s",
+					   ldb_errstring(ldb),
+					   ldb_strerror(ret2),
+					   ldb_dn_get_linearized(p->ctrl->dn));
+
+				/*
+				 * Don't overwrite the original failure code
+				 * if there was one
+				 */
+				if (ret == LDB_SUCCESS) {
+					ret = ret2;
+				}
+			}
+		}
+	}
+
+	if (trace) {
+		ldb_debug(ldb, LDB_DEBUG_TRACE,
+			  "partition_read_unlock() -> (metadata partition)");
+	}
+
+	ret2 = ldb_next_read_unlock(module);
+	if (ret2 != LDB_SUCCESS) {
+		ldb_debug_set(ldb,
+			      LDB_DEBUG_FATAL,
+			      "Failed to unlock db: %s / %s for metadata partition",
+			      ldb_errstring(ldb),
+			      ldb_strerror(ret2));
+
+		/*
+		 * Don't overwrite the original failure code
+		 * if there was one
+		 */
+		if (ret == LDB_SUCCESS) {
+			ret = ret2;
+		}
+	}
+
+	ret2 = partition_metadata_read_unlock(module);
+
+	/*
+	 * Don't overwrite the original failure code
+	 * if there was one
+	 */
+	if (ret == LDB_SUCCESS) {
+		ret = ret2;
+	}
+
+	return ret;
+}
+
+/* extended */
+static int partition_extended(struct ldb_module *module, struct ldb_request *req)
+{
+	struct partition_private_data *data = talloc_get_type(ldb_module_get_private(module),
+							      struct partition_private_data);
+	struct partition_context *ac;
+	int ret;
+
+	/* if we aren't initialised yet go further */
+	if (!data) {
+		return ldb_next_request(module, req);
+	}
+
+	if (strcmp(req->op.extended.oid, DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID) == 0) {
+		/* Update the metadata.tdb to increment the schema version if needed*/
+		DEBUG(10, ("Incrementing the sequence_number after schema_update_now\n"));
+		ret = partition_metadata_inc_schema_sequence(module);
+		return ldb_module_done(req, NULL, NULL, ret);
+	}
+	
+	if (strcmp(req->op.extended.oid, LDB_EXTENDED_SEQUENCE_NUMBER) == 0) {
+		return partition_sequence_number(module, req);
+	}
+
+	if (strcmp(req->op.extended.oid, DSDB_EXTENDED_CREATE_PARTITION_OID) == 0) {
+		return partition_create(module, req);
+	}
+
+	/* 
+	 * as the extended operation has no dn
+	 * we need to send it to all partitions
+	 */
+
+	ac = partition_init_ctx(module, req);
+	if (!ac) {
+		return ldb_operr(ldb_module_get_ctx(module));
+	}
+
+	return partition_send_all(module, ac, req);
+}
+
+static const struct ldb_module_ops ldb_partition_module_ops = {
+	.name		   = "partition",
+	.init_context	   = partition_init,
+	.search            = partition_search,
+	.add               = partition_add,
+	.modify            = partition_modify,
+	.del               = partition_delete,
+	.rename            = partition_rename,
+	.extended          = partition_extended,
+	.start_transaction = partition_start_trans,
+	.prepare_commit    = partition_prepare_commit,
+	.end_transaction   = partition_end_trans,
+	.del_transaction   = partition_del_trans,
+	.read_lock         = partition_read_lock,
+	.read_unlock       = partition_read_unlock
+};
+
+int ldb_partition_module_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_partition_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/partition.h b/source4/dsdb/samdb/ldb_modules/partition.h
new file mode 100644
index 0000000..e6b5187
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/partition.h
@@ -0,0 +1,64 @@
+/* 
+   Partitions ldb module
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2006
+   Copyright (C) Stefan Metzmacher <metze@samba.org> 2007
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+#include "includes.h"
+#include <ldb.h>
+#include <ldb_errors.h>
+#include <ldb_module.h>
+#include "lib/tdb_wrap/tdb_wrap.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+#include "system/locale.h"
+#include "param/param.h"
+
+struct dsdb_partition {
+	struct ldb_module *module;
+	struct dsdb_control_current_partition *ctrl;
+	const char *backend_url;
+	DATA_BLOB orig_record;
+	bool partial_replica; /* a GC partition */
+};
+
+struct partition_module {
+	const char **modules;
+	struct ldb_dn *dn;
+};
+
+struct partition_metadata {
+	struct tdb_wrap *db;
+	int in_transaction;
+	int read_lock_count;
+};
+
+struct partition_private_data {
+	struct dsdb_partition **partitions;
+	struct ldb_dn **replicate;
+	struct partition_metadata *metadata;
+	
+	struct partition_module **modules;
+
+	uint64_t metadata_seq;
+	uint32_t in_transaction;
+
+	struct ldb_message *forced_module_msg;
+
+	const char *backend_db_store;
+};
+
+#include "dsdb/samdb/ldb_modules/partition_proto.h"
diff --git a/source4/dsdb/samdb/ldb_modules/partition_init.c b/source4/dsdb/samdb/ldb_modules/partition_init.c
new file mode 100644
index 0000000..0c218e7
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/partition_init.c
@@ -0,0 +1,885 @@
+/* 
+   Partitions ldb module
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2006
+   Copyright (C) Stefan Metzmacher <metze@samba.org> 2007
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: ldb
+ *
+ *  Component: ldb partitions module
+ *
+ *  Description: Implement LDAP partitions
+ *
+ *  Author: Andrew Bartlett
+ *  Author: Stefan Metzmacher
+ */
+
+#include "dsdb/samdb/ldb_modules/partition.h"
+#include "lib/util/tsort.h"
+#include "lib/ldb-samba/ldb_wrap.h"
+#include "system/filesys.h"
+
+static int partition_sort_compare(const void *v1, const void *v2)
+{
+	const struct dsdb_partition *p1;
+	const struct dsdb_partition *p2;
+
+	p1 = *((struct dsdb_partition * const*)v1);
+	p2 = *((struct dsdb_partition * const*)v2);
+
+	return ldb_dn_compare(p1->ctrl->dn, p2->ctrl->dn);
+}
+
+/* Load the list of DNs that we must replicate to all partitions */
+static int partition_load_replicate_dns(struct ldb_context *ldb,
+					struct partition_private_data *data,
+					struct ldb_message *msg)
+{
+	struct ldb_message_element *replicate_attributes = ldb_msg_find_element(msg, "replicateEntries");
+
+	talloc_free(data->replicate);
+	if (!replicate_attributes) {
+		data->replicate = NULL;
+	} else {
+		unsigned int i;
+		data->replicate = talloc_array(data, struct ldb_dn *, replicate_attributes->num_values + 1);
+		if (!data->replicate) {
+			return ldb_oom(ldb);
+		}
+
+		for (i=0; i < replicate_attributes->num_values; i++) {
+			data->replicate[i] = ldb_dn_from_ldb_val(data->replicate, ldb, &replicate_attributes->values[i]);
+			if (!ldb_dn_validate(data->replicate[i])) {
+				ldb_asprintf_errstring(ldb,
+							"partition_init: "
+							"invalid DN in partition replicate record: %s", 
+							replicate_attributes->values[i].data);
+				return LDB_ERR_CONSTRAINT_VIOLATION;
+			}
+		}
+		data->replicate[i] = NULL;
+	}
+	return LDB_SUCCESS;
+}
+
+/* Load the list of modules for the partitions */
+static int partition_load_modules(struct ldb_context *ldb, 
+				  struct partition_private_data *data, struct ldb_message *msg) 
+{
+	unsigned int i;
+	struct ldb_message_element *modules_attributes = ldb_msg_find_element(msg, "modules");
+	talloc_free(data->modules);
+	if (!modules_attributes) {
+		return LDB_SUCCESS;
+	}
+	
+	data->modules = talloc_array(data, struct partition_module *, modules_attributes->num_values + 1);
+	if (!data->modules) {
+		return ldb_oom(ldb);
+	}
+	
+	for (i=0; i < modules_attributes->num_values; i++) {
+		char *p;
+		DATA_BLOB dn_blob;
+		data->modules[i] = talloc(data->modules, struct partition_module);
+		if (!data->modules[i]) {
+			return ldb_oom(ldb);
+		}
+
+		dn_blob = modules_attributes->values[i];
+
+		p = strchr((const char *)dn_blob.data, ':');
+		if (!p) {
+			ldb_asprintf_errstring(ldb, 
+					       "partition_load_modules: "
+					       "invalid form for partition module record (missing ':'): %s", (const char *)dn_blob.data);
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+		/* Now trim off the filename */
+		dn_blob.length = ((uint8_t *)p - dn_blob.data);
+
+		p++;
+		data->modules[i]->modules = ldb_modules_list_from_string(ldb, data->modules[i],
+									 p);
+		
+		if (dn_blob.length == 1 && dn_blob.data[0] == '*') {
+			data->modules[i]->dn = NULL;
+		} else {
+			data->modules[i]->dn = ldb_dn_from_ldb_val(data->modules[i], ldb, &dn_blob);
+			if (!data->modules[i]->dn || !ldb_dn_validate(data->modules[i]->dn)) {
+				return ldb_operr(ldb);
+			}
+		}
+	}
+	data->modules[i] = NULL;
+	return LDB_SUCCESS;
+}
+
+static int partition_reload_metadata(struct ldb_module *module, struct partition_private_data *data,
+				     TALLOC_CTX *mem_ctx, struct ldb_message **_msg,
+				     struct ldb_request *parent)
+{
+	int ret;
+	struct ldb_message *msg, *module_msg;
+	struct ldb_result *res;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	const char *attrs[] = { "partition", "replicateEntries", "modules",
+				"partialReplica", "backendStore", NULL };
+	/* perform search for @PARTITION, looking for module, replicateEntries and ldapBackend */
+	ret = dsdb_module_search_dn(module, mem_ctx, &res, 
+				    ldb_dn_new(mem_ctx, ldb, DSDB_PARTITION_DN),
+				    attrs,
+				    DSDB_FLAG_NEXT_MODULE, parent);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	msg = res->msgs[0];
+
+	ret = partition_load_replicate_dns(ldb, data, msg);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/* When used from Samba4, this message is set by the samba4
+	 * module, as a fixed value not read from the DB.  This avoids
+	 * listing modules in the DB */
+	if (data->forced_module_msg) {
+		module_msg = data->forced_module_msg;
+	} else {
+		module_msg = msg;
+	}
+
+	ret = partition_load_modules(ldb, data, module_msg);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (_msg) {
+		*_msg = msg;
+	} else {
+		talloc_free(msg);
+	}
+
+	return LDB_SUCCESS;
+}
+
+static const char **find_modules_for_dn(struct partition_private_data *data, struct ldb_dn *dn) 
+{
+	unsigned int i;
+	struct partition_module *default_mod = NULL;
+	for (i=0; data->modules && data->modules[i]; i++) {
+		if (!data->modules[i]->dn) {
+			default_mod = data->modules[i];
+		} else if (ldb_dn_compare(dn, data->modules[i]->dn) == 0) {
+			return data->modules[i]->modules;
+		}
+	}
+	if (default_mod) {
+		return default_mod->modules;
+	} else {
+		return NULL;
+	}
+}
+
+static int new_partition_from_dn(struct ldb_context *ldb, struct partition_private_data *data, 
+				 TALLOC_CTX *mem_ctx, 
+				 struct ldb_dn *dn, const char *filename,
+				 const char *backend_db_store,
+				 struct dsdb_partition **partition) {
+	struct dsdb_control_current_partition *ctrl;
+	struct ldb_module *backend_module;
+	char *backend_path;
+	struct ldb_module *module_chain;
+	const char **modules;
+	const char **options = NULL;
+	int ret;
+
+	(*partition) = talloc_zero(mem_ctx, struct dsdb_partition);
+	if (!*partition) {
+		return ldb_oom(ldb);
+	}
+
+	(*partition)->ctrl = ctrl = talloc((*partition), struct dsdb_control_current_partition);
+	if (!ctrl) {
+		talloc_free(*partition);
+		return ldb_oom(ldb);
+	}
+
+	/* the backend LDB is the DN (base64 encoded if not 'plain') followed by .ldb */
+	backend_path = ldb_relative_path(ldb,
+					 *partition,
+					 filename);
+	if (!backend_path) {
+		ldb_asprintf_errstring(ldb,
+				       "partition_init: unable to determine an relative path for partition: %s",
+				       filename);
+		talloc_free(*partition);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	(*partition)->backend_url = talloc_asprintf(*partition, "%s://%s",
+						    backend_db_store,
+						    backend_path);
+
+	if (!(ldb_module_flags(ldb) & LDB_FLG_RDONLY)) {
+		char *p;
+		char *backend_dir;
+
+		p = strrchr(backend_path, '/');
+		if (p) {
+			p[0] = '\0';
+		}
+		backend_dir = backend_path;
+
+		/* Failure is quite reasonable, it might already exist */
+		mkdir(backend_dir, 0700);
+	}
+
+	ctrl->version = DSDB_CONTROL_CURRENT_PARTITION_VERSION;
+	ctrl->dn = talloc_steal(ctrl, dn);
+	
+	options = ldb_options_get(ldb);
+	ret = ldb_module_connect_backend(
+	    ldb, (*partition)->backend_url, options, &backend_module);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	talloc_steal((*partition), backend_module);
+
+	modules = find_modules_for_dn(data, dn);
+
+	if (!modules) {
+		DEBUG(0, ("Unable to load partition modules for new DN %s, perhaps you need to reprovision?  See partition-upgrade.txt for instructions\n", ldb_dn_get_linearized(dn)));
+		talloc_free(*partition);
+		return LDB_ERR_CONSTRAINT_VIOLATION;
+	}
+	ret = ldb_module_load_list(ldb, modules, backend_module, &module_chain);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb, 
+				       "partition_init: "
+				       "loading backend for %s failed: %s", 
+				       ldb_dn_get_linearized(dn), ldb_errstring(ldb));
+		talloc_free(*partition);
+		return ret;
+	}
+	ret = ldb_module_init_chain(ldb, module_chain);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb,
+				       "partition_init: "
+				       "initialising backend for %s failed: %s", 
+				       ldb_dn_get_linearized(dn), ldb_errstring(ldb));
+		talloc_free(*partition);
+		return ret;
+	}
+
+	/* This weirdness allows us to use ldb_next_request() in partition.c */
+	(*partition)->module = ldb_module_new(*partition, ldb, "partition_next", NULL);
+	if (!(*partition)->module) {
+		talloc_free(*partition);
+		return ldb_oom(ldb);
+	}
+	ldb_module_set_next((*partition)->module, talloc_steal((*partition)->module, module_chain));
+
+	/* if we were in a transaction then we need to start a
+	   transaction on this new partition, otherwise we'll get a
+	   transaction mismatch when we end the transaction */
+	if (data->in_transaction) {
+		if (ldb_module_flags(ldb) & LDB_FLG_ENABLE_TRACING) {
+			ldb_debug(ldb, LDB_DEBUG_TRACE, "partition_start_trans() -> %s (new partition)", 
+				  ldb_dn_get_linearized((*partition)->ctrl->dn));
+		}
+		ret = ldb_next_start_trans((*partition)->module);
+	}
+
+	return ret;
+}
+
+/* Tell the rootDSE about the new partition */
+static int partition_register(struct ldb_context *ldb, struct dsdb_control_current_partition *ctrl) 
+{
+	struct ldb_request *req;
+	int ret;
+
+	req = talloc_zero(NULL, struct ldb_request);
+	if (req == NULL) {
+		return ldb_oom(ldb);
+	}
+		
+	req->operation = LDB_REQ_REGISTER_PARTITION;
+	req->op.reg_partition.dn = ctrl->dn;
+	req->callback = ldb_op_default_callback;
+
+	ldb_set_timeout(ldb, req, 0);
+	
+	req->handle = ldb_handle_new(req, ldb);
+	if (req->handle == NULL) {
+		talloc_free(req);
+		return ldb_operr(ldb);
+	}
+	
+	ret = ldb_request(ldb, req);
+	if (ret == LDB_SUCCESS) {
+		ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+	}
+	if (ret != LDB_SUCCESS) {
+		ldb_debug(ldb, LDB_DEBUG_ERROR, "partition: Unable to register partition with rootdse!\n");
+		talloc_free(req);
+		return LDB_ERR_OTHER;
+	}
+	talloc_free(req);
+
+	return LDB_SUCCESS;
+}
+
+/* Add a newly found partition to the global data */
+static int add_partition_to_data(struct ldb_context *ldb, struct partition_private_data *data,
+				 struct dsdb_partition *partition)
+{
+	unsigned int i;
+	int ret;
+
+	/* Count the partitions */
+	for (i=0; data->partitions && data->partitions[i]; i++) { /* noop */};
+	
+	/* Add partition to list of partitions */
+	data->partitions = talloc_realloc(data, data->partitions, struct dsdb_partition *, i + 2);
+	if (!data->partitions) {
+		return ldb_oom(ldb);
+	}
+	data->partitions[i] = talloc_steal(data->partitions, partition);
+	data->partitions[i+1] = NULL;
+	
+	/* Sort again (should use binary insert) */
+	TYPESAFE_QSORT(data->partitions, i+1, partition_sort_compare);
+	
+	ret = partition_register(ldb, partition->ctrl);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	return LDB_SUCCESS;
+}
+
+int partition_reload_if_required(struct ldb_module *module, 
+				 struct partition_private_data *data,
+				 struct ldb_request *parent)
+{
+	uint64_t seq;
+	int ret;
+	unsigned int i;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct ldb_message *msg;
+	struct ldb_message_element *partition_attributes;
+	struct ldb_message_element *partial_replicas;
+	TALLOC_CTX *mem_ctx;
+
+	if (!data) {
+		/* Not initialised yet */
+		return LDB_SUCCESS;
+	}
+
+	mem_ctx = talloc_new(data);
+	if (!mem_ctx) {
+		return ldb_oom(ldb);
+	}
+
+	ret = partition_primary_sequence_number(module, mem_ctx, &seq, parent);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(mem_ctx);
+		return ret;
+	}
+	if (seq == data->metadata_seq) {
+		talloc_free(mem_ctx);
+		return LDB_SUCCESS;
+	}
+
+	/* This loads metadata tdb. If it's missing, creates it */
+	ret = partition_metadata_init(module);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = partition_reload_metadata(module, data, mem_ctx, &msg, parent);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(mem_ctx);
+		return ret;
+	}
+
+	data->metadata_seq = seq;
+
+	partition_attributes = ldb_msg_find_element(msg, "partition");
+	partial_replicas     = ldb_msg_find_element(msg, "partialReplica");
+	data->backend_db_store
+		= talloc_strdup(data, ldb_msg_find_attr_as_string(msg, "backendStore", "tdb"));
+
+	if (data->backend_db_store == NULL) {
+		talloc_free(mem_ctx);
+		return ldb_module_oom(module);
+	}
+
+	for (i=0; partition_attributes && i < partition_attributes->num_values; i++) {
+		unsigned int j;
+		bool new_partition = true;
+		const char *filename = NULL;
+		DATA_BLOB dn_blob;
+		struct ldb_dn *dn;
+		struct dsdb_partition *partition;
+		struct ldb_result *dn_res;
+		const char *no_attrs[] = { NULL };
+
+		for (j=0; data->partitions && data->partitions[j]; j++) {
+			if (data_blob_cmp(&data->partitions[j]->orig_record, &partition_attributes->values[i]) == 0) {
+				new_partition = false;
+				break;
+			}
+		}
+		if (new_partition == false) {
+			continue;
+		}
+
+		dn_blob = partition_attributes->values[i];
+		
+		if (dn_blob.length > 4 && 
+		    (strncmp((const char *)&dn_blob.data[dn_blob.length-4], ".ldb", 4) == 0)) {
+
+			/* Look for DN:filename.ldb */
+			char *p = strrchr((const char *)dn_blob.data, ':');
+			if (!p) {
+				ldb_asprintf_errstring(ldb, 
+						       "partition_init: invalid DN in attempting to parse partition record: %s", (const char *)dn_blob.data);
+				talloc_free(mem_ctx);
+				return LDB_ERR_CONSTRAINT_VIOLATION;
+			}
+			filename = p+1;
+			
+			/* Now trim off the filename */
+			dn_blob.length = ((uint8_t *)p - dn_blob.data);
+		}
+
+		dn = ldb_dn_from_ldb_val(mem_ctx, ldb, &dn_blob);
+		if (!dn) {
+			ldb_asprintf_errstring(ldb, 
+					       "partition_init: invalid DN in partition record: %s", (const char *)dn_blob.data);
+			talloc_free(mem_ctx);
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+		
+		/* Now do a slow check with the DN compare */
+		for (j=0; data->partitions && data->partitions[j]; j++) {
+			if (ldb_dn_compare(dn, data->partitions[j]->ctrl->dn) == 0) {
+				new_partition = false;
+				break;
+			}
+		}
+		if (new_partition == false) {
+			continue;
+		}
+
+		if (!filename) {
+			char *base64_dn = NULL;
+			const char *p;
+			for (p = ldb_dn_get_linearized(dn); *p; p++) {
+				/* We have such a strict check because I don't want shell metacharacters in the file name, nor ../ */
+				if (!(isalnum(*p) || *p == ' ' || *p == '=' || *p == ',')) {
+					break;
+				}
+			}
+			if (*p) {
+				base64_dn = ldb_base64_encode(data, ldb_dn_get_linearized(dn), strlen(ldb_dn_get_linearized(dn)));
+				filename = talloc_asprintf(mem_ctx, "%s.ldb", base64_dn);
+			} else {
+				filename = talloc_asprintf(mem_ctx, "%s.ldb", ldb_dn_get_linearized(dn));
+			}
+		}
+			
+		/* We call ldb_dn_get_linearized() because the DN in
+		 * partition_attributes is already casefolded
+		 * correctly.  We don't want to mess that up as the
+		 * schema isn't loaded yet */
+		ret = new_partition_from_dn(ldb, data, data->partitions, dn, 
+					    filename, data->backend_db_store,
+					    &partition);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(mem_ctx);
+			return ret;
+		}
+
+		talloc_steal(partition, partition_attributes->values[i].data);
+		partition->orig_record = partition_attributes->values[i];
+
+		/* Get the 'correct' case of the partition DNs from the database */
+		ret = dsdb_module_search_dn(partition->module, data, &dn_res, 
+					    dn, no_attrs,
+					    DSDB_FLAG_NEXT_MODULE, parent);
+		if (ret == LDB_SUCCESS) {
+			talloc_free(partition->ctrl->dn);
+			partition->ctrl->dn = talloc_steal(partition->ctrl, dn_res->msgs[0]->dn);
+			talloc_free(dn_res);
+		} else if (ret != LDB_ERR_NO_SUCH_OBJECT) {
+			ldb_asprintf_errstring(ldb,
+					       "Failed to search for partition base %s in new partition at %s: %s", 
+					       ldb_dn_get_linearized(dn), 
+					       partition->backend_url, 
+					       ldb_errstring(ldb));
+			talloc_free(mem_ctx);
+			return ret;
+		}
+
+		/* see if it is a partial replica */
+		for (j=0; partial_replicas && j<partial_replicas->num_values; j++) {
+			struct ldb_dn *pa_dn = ldb_dn_from_ldb_val(mem_ctx, ldb, &partial_replicas->values[j]);
+			if (pa_dn != NULL && ldb_dn_compare(pa_dn, partition->ctrl->dn) == 0) {
+				partition->partial_replica = true;
+			}
+			talloc_free(pa_dn);
+		}
+
+		ret = add_partition_to_data(ldb, data, partition);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(mem_ctx);
+			return ret;
+		}
+	}
+
+	talloc_free(mem_ctx);
+	return LDB_SUCCESS;
+}
+
+/* Copy the metadata (@OPTIONS etc) for the new partition into the partition */
+
+static int new_partition_set_replicated_metadata(struct ldb_context *ldb, 
+						 struct ldb_module *module, struct ldb_request *last_req, 
+						 struct partition_private_data *data, 
+						 struct dsdb_partition *partition)
+{
+	unsigned int i;
+	int ret;
+	/* for each replicate, copy from main partition.  If we get an error, we report it up the chain */
+	for (i=0; data->replicate && data->replicate[i]; i++) {
+		struct ldb_result *replicate_res;
+		struct ldb_request *add_req;
+		ret = dsdb_module_search_dn(module, last_req, &replicate_res, 
+					    data->replicate[i],
+					    NULL,
+					    DSDB_FLAG_NEXT_MODULE, NULL);
+		if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+			continue;
+		}
+		if (ret != LDB_SUCCESS) {
+			ldb_asprintf_errstring(ldb,
+					       "Failed to search for %s from " DSDB_PARTITION_DN 
+					       " replicateEntries for new partition at %s on %s: %s", 
+					       ldb_dn_get_linearized(data->replicate[i]), 
+					       partition->backend_url,
+					       ldb_dn_get_linearized(partition->ctrl->dn), 
+					       ldb_errstring(ldb));
+			return ret;
+		}
+
+		/* Build add request */
+		ret = ldb_build_add_req(&add_req, ldb, replicate_res, 
+					replicate_res->msgs[0], NULL, NULL, 
+					ldb_op_default_callback, last_req);
+		LDB_REQ_SET_LOCATION(add_req);
+		last_req = add_req;
+		if (ret != LDB_SUCCESS) {
+			/* return directly, this is a very unlikely error */
+			return ret;
+		}
+		/* do request */
+		ret = ldb_next_request(partition->module, add_req);
+		/* wait */
+		if (ret == LDB_SUCCESS) {
+			ret = ldb_wait(add_req->handle, LDB_WAIT_ALL);
+		}
+		
+		switch (ret) {
+		case LDB_SUCCESS:
+			break;
+
+		case LDB_ERR_ENTRY_ALREADY_EXISTS:
+			/* Handle this case specially - if the
+			 * metadata already exists, replace it */
+		{
+			struct ldb_request *del_req;
+			
+			/* Don't leave a confusing string in the ldb_errstring() */
+			ldb_reset_err_string(ldb);
+			/* Build del request */
+			ret = ldb_build_del_req(&del_req, ldb, replicate_res, replicate_res->msgs[0]->dn, NULL, NULL, 
+						ldb_op_default_callback, last_req);
+			LDB_REQ_SET_LOCATION(del_req);
+			last_req = del_req;
+			if (ret != LDB_SUCCESS) {
+				/* return directly, this is a very unlikely error */
+				return ret;
+			}
+			/* do request */
+			ret = ldb_next_request(partition->module, del_req);
+			
+			/* wait */
+			if (ret == LDB_SUCCESS) {
+				ret = ldb_wait(del_req->handle, LDB_WAIT_ALL);
+			}
+			if (ret != LDB_SUCCESS) {
+				ldb_asprintf_errstring(ldb,
+						       "Failed to delete  (for re-add) %s from " DSDB_PARTITION_DN 
+						       " replicateEntries in new partition at %s on %s: %s", 
+						       ldb_dn_get_linearized(data->replicate[i]), 
+						       partition->backend_url,
+						       ldb_dn_get_linearized(partition->ctrl->dn), 
+						       ldb_errstring(ldb));
+				return ret;
+			}
+			
+			/* Build add request */
+			ret = ldb_build_add_req(&add_req, ldb, replicate_res, replicate_res->msgs[0], NULL, NULL, 
+						ldb_op_default_callback, last_req);
+			LDB_REQ_SET_LOCATION(add_req);
+			last_req = add_req;
+			if (ret != LDB_SUCCESS) {
+				/* return directly, this is a very unlikely error */
+				return ret;
+			}
+			
+			/* do the add again */
+			ret = ldb_next_request(partition->module, add_req);
+			
+			/* wait */
+			if (ret == LDB_SUCCESS) {
+				ret = ldb_wait(add_req->handle, LDB_WAIT_ALL);
+			}
+
+			if (ret != LDB_SUCCESS) {
+				ldb_asprintf_errstring(ldb,
+						       "Failed to add (after delete) %s from " DSDB_PARTITION_DN 
+						       " replicateEntries to new partition at %s on %s: %s", 
+						       ldb_dn_get_linearized(data->replicate[i]), 
+						       partition->backend_url,
+						       ldb_dn_get_linearized(partition->ctrl->dn), 
+						       ldb_errstring(ldb));
+				return ret;
+			}
+			break;
+		}
+		default: 
+		{
+			ldb_asprintf_errstring(ldb,
+					       "Failed to add %s from " DSDB_PARTITION_DN 
+					       " replicateEntries to new partition at %s on %s: %s", 
+					       ldb_dn_get_linearized(data->replicate[i]), 
+					       partition->backend_url,
+					       ldb_dn_get_linearized(partition->ctrl->dn), 
+					       ldb_errstring(ldb));
+			return ret;
+		}
+		}
+
+		/* And around again, for the next thing we must merge */
+	}
+	return LDB_SUCCESS;
+}
+
+/* Extended operation to create a new partition, called when
+ * 'new_partition' detects that one is being added based on it's
+ * instanceType */
+int partition_create(struct ldb_module *module, struct ldb_request *req)
+{
+	unsigned int i;
+	int ret;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct ldb_request *mod_req, *last_req = req;
+	struct ldb_message *mod_msg;
+	struct partition_private_data *data;
+	struct dsdb_partition *partition = NULL;
+	const char *casefold_dn;
+	bool new_partition = false;
+
+	/* Check if this is already a partition */
+
+	struct dsdb_create_partition_exop *ex_op = talloc_get_type(req->op.extended.data, struct dsdb_create_partition_exop);
+	struct ldb_dn *dn = ex_op->new_dn;
+
+	data = talloc_get_type(ldb_module_get_private(module), struct partition_private_data);
+	if (!data) {
+		/* We are not going to create a partition before we are even set up */
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	/* see if we are still up-to-date */
+	ret = partition_reload_if_required(module, data, req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	for (i=0; data->partitions && data->partitions[i]; i++) {
+		if (ldb_dn_compare(data->partitions[i]->ctrl->dn, dn) == 0) {
+			partition = data->partitions[i];
+		}
+	}
+
+	if (!partition) {
+		char *filename;
+		char *partition_record;
+		new_partition = true;
+		mod_msg = ldb_msg_new(req);
+		if (!mod_msg) {
+			return ldb_oom(ldb);
+		}
+		
+		mod_msg->dn = ldb_dn_new(mod_msg, ldb, DSDB_PARTITION_DN);
+		
+		casefold_dn = ldb_dn_get_casefold(dn);
+		
+		{
+			char *escaped;
+			const char *p, *sam_name;
+			sam_name = strrchr((const char *)ldb_get_opaque(ldb, "ldb_url"), '/');
+			if (!sam_name) {
+				return ldb_operr(ldb);
+			}
+			sam_name++;
+
+			for (p = casefold_dn; *p; p++) {
+				/* We have such a strict check because
+				 * I don't want shell metacharacters
+				 * in the file name, nor ../, but I do
+				 * want it to be easily typed if SAFE
+				 * to do so */
+				if (!(isalnum(*p) || *p == ' ' || *p == '=' || *p == ',')) {
+					break;
+				}
+			}
+			if (*p) {
+				escaped = rfc1738_escape_part(mod_msg, casefold_dn);
+				if (!escaped) {
+					return ldb_oom(ldb);
+				}
+				filename = talloc_asprintf(mod_msg, "%s.d/%s.ldb", sam_name, escaped);
+				talloc_free(escaped);
+			} else {
+				filename = talloc_asprintf(mod_msg, "%s.d/%s.ldb", sam_name, casefold_dn);
+			}
+
+			if (!filename) {
+				return ldb_oom(ldb);
+			}
+		}
+		partition_record = talloc_asprintf(mod_msg, "%s:%s", casefold_dn, filename);
+
+		ret = ldb_msg_append_steal_string(mod_msg, DSDB_PARTITION_ATTR, partition_record,
+						  LDB_FLAG_MOD_ADD);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		if (ldb_request_get_control(req, DSDB_CONTROL_PARTIAL_REPLICA)) {
+			/* this new partition is a partial replica */
+			ret = ldb_msg_append_fmt(mod_msg, LDB_FLAG_MOD_ADD,
+						 "partialReplica", "%s", ldb_dn_get_linearized(dn));
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+		}
+		
+		/* Perform modify on @PARTITION record */
+		ret = ldb_build_mod_req(&mod_req, ldb, req, mod_msg, NULL, NULL, 
+					ldb_op_default_callback, req);
+		LDB_REQ_SET_LOCATION(mod_req);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+		
+		last_req = mod_req;
+
+		ret = ldb_next_request(module, mod_req);
+		if (ret == LDB_SUCCESS) {
+			ret = ldb_wait(mod_req->handle, LDB_WAIT_ALL);
+		}
+		
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+		
+		/* Make a partition structure for this new partition, so we can copy in the template structure */ 
+		ret = new_partition_from_dn(ldb, data, req, ldb_dn_copy(req, dn),
+					    filename, data->backend_db_store,
+					    &partition);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+		talloc_steal(partition, partition_record);
+		partition->orig_record = data_blob_string_const(partition_record);
+	}
+	
+	ret = new_partition_set_replicated_metadata(ldb, module, last_req, data, partition);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	
+	if (new_partition) {
+		ret = add_partition_to_data(ldb, data, partition);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	/* send request done */
+	return ldb_module_done(req, NULL, NULL, LDB_SUCCESS);
+}
+
+
+int partition_init(struct ldb_module *module)
+{
+	int ret;
+	TALLOC_CTX *mem_ctx = talloc_new(module);
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct partition_private_data *data;
+
+	if (!mem_ctx) {
+		return ldb_operr(ldb);
+	}
+
+	/* We actually got this during the read_lock call */
+	data = talloc_get_type_abort(ldb_module_get_private(module),
+				     struct partition_private_data);
+
+	/* This loads the partitions */
+	ret = partition_reload_if_required(module, data, NULL);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ldb_module_set_private(module, talloc_steal(module, data));
+	talloc_free(mem_ctx);
+
+	ret = ldb_mod_register_control(module, LDB_CONTROL_DOMAIN_SCOPE_OID);
+	if (ret != LDB_SUCCESS) {
+		ldb_debug(ldb, LDB_DEBUG_ERROR,
+			"partition: Unable to register control with rootdse!\n");
+		return ldb_operr(ldb);
+	}
+
+	ret = ldb_mod_register_control(module, LDB_CONTROL_SEARCH_OPTIONS_OID);
+	if (ret != LDB_SUCCESS) {
+		ldb_debug(ldb, LDB_DEBUG_ERROR,
+			"partition: Unable to register control with rootdse!\n");
+		return ldb_operr(ldb);
+	}
+
+	return ldb_next_init(module);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/partition_metadata.c b/source4/dsdb/samdb/ldb_modules/partition_metadata.c
new file mode 100644
index 0000000..cf35624
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/partition_metadata.c
@@ -0,0 +1,596 @@
+/*
+   Partitions ldb module - management of metadata.tdb for sequence number
+
+   Copyright (C) Amitay Isaacs <amitay@samba.org> 2011
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "dsdb/samdb/ldb_modules/partition.h"
+#include "lib/ldb-samba/ldb_wrap.h"
+#include "system/filesys.h"
+#include "lib/util/smb_strtox.h"
+
+#define LDB_METADATA_SEQ_NUM	"SEQ_NUM"
+
+
+/*
+ * Read a key with uint64 value
+ */
+static int partition_metadata_get_uint64(struct ldb_module *module,
+					 const char *key, uint64_t *value,
+					 uint64_t default_value)
+{
+	struct partition_private_data *data;
+	struct tdb_context *tdb;
+	TDB_DATA tdb_key, tdb_data;
+	char *value_str;
+	int error = 0;
+
+	data = talloc_get_type_abort(ldb_module_get_private(module),
+				     struct partition_private_data);
+
+	if (!data || !data->metadata || !data->metadata->db) {
+		return ldb_module_error(module, LDB_ERR_OPERATIONS_ERROR,
+					"partition_metadata: metadata tdb not initialized");
+	}
+
+	tdb = data->metadata->db->tdb;
+
+	tdb_key.dptr = (uint8_t *)discard_const_p(char, key);
+	tdb_key.dsize = strlen(key);
+
+	tdb_data = tdb_fetch(tdb, tdb_key);
+	if (!tdb_data.dptr) {
+		if (tdb_error(tdb) == TDB_ERR_NOEXIST) {
+			*value = default_value;
+			return LDB_SUCCESS;
+		} else {
+			return ldb_module_error(module, LDB_ERR_OPERATIONS_ERROR,
+						tdb_errorstr(tdb));
+		}
+	}
+
+	value_str = talloc_strndup(NULL, (char *)tdb_data.dptr, tdb_data.dsize);
+	SAFE_FREE(tdb_data.dptr);
+	if (value_str == NULL) {
+		return ldb_module_oom(module);
+	}
+
+	*value = smb_strtoull(value_str, NULL, 10, &error, SMB_STR_STANDARD);
+	talloc_free(value_str);
+	if (error != 0) {
+		return ldb_module_error(module, LDB_ERR_OPERATIONS_ERROR,
+					"partition_metadata: converision failed");
+	}
+
+	return LDB_SUCCESS;
+}
+
+
+/*
+ * Write a key with uin64 value
+ */
+static int partition_metadata_set_uint64(struct ldb_module *module,
+					 const char *key, uint64_t value,
+					 bool insert)
+{
+	struct partition_private_data *data;
+	struct tdb_context *tdb;
+	TDB_DATA tdb_key, tdb_data;
+	int tdb_flag;
+	char *value_str;
+	TALLOC_CTX *tmp_ctx;
+
+	data = talloc_get_type_abort(ldb_module_get_private(module),
+				     struct partition_private_data);
+
+	if (!data || !data->metadata || !data->metadata->db) {
+		return ldb_module_error(module, LDB_ERR_OPERATIONS_ERROR,
+					"partition_metadata: metadata tdb not initialized");
+	}
+
+	tmp_ctx = talloc_new(NULL);
+	if (tmp_ctx == NULL) {
+		return ldb_module_oom(module);
+	}
+
+	tdb = data->metadata->db->tdb;
+
+	value_str = talloc_asprintf(tmp_ctx, "%llu", (unsigned long long)value);
+	if (value_str == NULL) {
+		talloc_free(tmp_ctx);
+		return ldb_module_oom(module);
+	}
+
+	tdb_key.dptr = (uint8_t *)discard_const_p(char, key);
+	tdb_key.dsize = strlen(key);
+
+	tdb_data.dptr = (uint8_t *)value_str;
+	tdb_data.dsize = strlen(value_str);
+
+	if (insert) {
+		tdb_flag = TDB_INSERT;
+	} else {
+		tdb_flag = TDB_MODIFY;
+	}
+
+	if (tdb_store(tdb, tdb_key, tdb_data, tdb_flag) != 0) {
+		int ret;
+		char *error_string = talloc_asprintf(tmp_ctx, "%s: tdb_store of key %s failed: %s",
+						     tdb_name(tdb), key, tdb_errorstr(tdb));
+		ret = ldb_module_error(module, LDB_ERR_OPERATIONS_ERROR,
+				       error_string);
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	talloc_free(tmp_ctx);
+
+	return LDB_SUCCESS;
+}
+
+int partition_metadata_inc_schema_sequence(struct ldb_module *module)
+{
+	struct partition_private_data *data;
+	int ret;
+	uint64_t value = 0;
+
+	data = talloc_get_type_abort(ldb_module_get_private(module),
+				    struct partition_private_data);
+	if (!data || !data->metadata) {
+		return ldb_module_error(module, LDB_ERR_OPERATIONS_ERROR,
+					"partition_metadata: metadata not initialized");
+	}
+
+	if (data->metadata->in_transaction == 0) {
+		return ldb_module_error(module, LDB_ERR_OPERATIONS_ERROR,
+					"partition_metadata: increment sequence number without transaction");
+	}
+	ret = partition_metadata_get_uint64(module, DSDB_METADATA_SCHEMA_SEQ_NUM, &value, 0);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	value++;
+	ret = partition_metadata_set_uint64(module, DSDB_METADATA_SCHEMA_SEQ_NUM, value, false);
+	if (ret == LDB_ERR_OPERATIONS_ERROR) {
+		/* Modify failed, let's try the add */
+		ret = partition_metadata_set_uint64(module, DSDB_METADATA_SCHEMA_SEQ_NUM, value, true);
+	}
+	return ret;
+}
+
+
+
+/*
+ * Open sam.ldb.d/metadata.tdb.
+ */
+static int partition_metadata_open(struct ldb_module *module, bool create)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	TALLOC_CTX *tmp_ctx;
+	struct partition_private_data *data;
+	struct loadparm_context *lp_ctx;
+	char *filename, *dirname;
+	int open_flags, tdb_flags, ldb_flags;
+	struct stat statbuf;
+
+	data = talloc_get_type_abort(ldb_module_get_private(module),
+				     struct partition_private_data);
+	if (!data || !data->metadata) {
+		return ldb_module_error(module, LDB_ERR_OPERATIONS_ERROR,
+					"partition_metadata: metadata not initialized");
+	}
+
+	tmp_ctx = talloc_new(NULL);
+	if (tmp_ctx == NULL) {
+		return ldb_module_oom(module);
+	}
+
+	filename = ldb_relative_path(ldb,
+				     tmp_ctx,
+				     "sam.ldb.d/metadata.tdb");
+
+	if (!filename) {
+		talloc_free(tmp_ctx);
+		return ldb_oom(ldb);
+	}
+
+	open_flags = O_RDWR;
+	if (create) {
+		open_flags |= O_CREAT;
+
+		/* While provisioning, sam.ldb.d directory may not exist,
+		 * so create it. Ignore errors, if it already exists. */
+		dirname = ldb_relative_path(ldb,
+					    tmp_ctx,
+					    "sam.ldb.d");
+		if (!dirname) {
+			talloc_free(tmp_ctx);
+			return ldb_oom(ldb);
+		}
+
+		mkdir(dirname, 0700);
+		talloc_free(dirname);
+	} else {
+		if (stat(filename, &statbuf) != 0) {
+			talloc_free(tmp_ctx);
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+	}
+
+	lp_ctx = talloc_get_type_abort(ldb_get_opaque(ldb, "loadparm"),
+				       struct loadparm_context);
+
+	tdb_flags = lpcfg_tdb_flags(lp_ctx, TDB_DEFAULT|TDB_SEQNUM);
+
+	ldb_flags = ldb_module_flags(ldb);
+
+	if (ldb_flags & LDB_FLG_NOSYNC) {
+		tdb_flags |= TDB_NOSYNC;
+	}
+
+	data->metadata->db = tdb_wrap_open(
+		data->metadata, filename, 10,
+		tdb_flags, open_flags, 0660);
+	if (data->metadata->db == NULL) {
+		talloc_free(tmp_ctx);
+		if (create) {
+			ldb_asprintf_errstring(ldb, "partition_metadata: Unable to create %s: %s",
+					       filename, strerror(errno));
+		} else {
+			ldb_asprintf_errstring(ldb, "partition_metadata: Unable to open %s: %s",
+					       filename, strerror(errno));
+		}
+		if (errno == EACCES || errno == EPERM) {
+			return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
+		}
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	talloc_free(tmp_ctx);
+	return LDB_SUCCESS;
+}
+
+
+/*
+ * Set the sequence number calculated from older logic (sum of primary sequence
+ * numbers for each partition) as LDB_METADATA_SEQ_NUM key.
+ */
+static int partition_metadata_set_sequence_number(struct ldb_module *module)
+{
+	int ret;
+	uint64_t seq_number;
+
+	ret = partition_sequence_number_from_partitions(module, &seq_number);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return partition_metadata_set_uint64(module, LDB_METADATA_SEQ_NUM, seq_number, true);
+}
+
+
+/*
+ * Initialize metadata. Load metadata.tdb.
+ * If missing, create it and fill in sequence number
+ */
+int partition_metadata_init(struct ldb_module *module)
+{
+	struct partition_private_data *data;
+	int ret;
+
+	data = talloc_get_type_abort(ldb_module_get_private(module),
+				     struct partition_private_data);
+
+	if (data->metadata != NULL && data->metadata->db != NULL) {
+		return LDB_SUCCESS;
+	}
+
+	data->metadata = talloc_zero(data, struct partition_metadata);
+	if (data->metadata == NULL) {
+		return ldb_module_oom(module);
+	}
+
+	ret = partition_metadata_open(module, false);
+	if (ret == LDB_SUCCESS) {
+		/* Great, we got the DB open */
+		return LDB_SUCCESS;
+	}
+
+	/* metadata.tdb does not exist, create it */
+	DEBUG(2, ("partition_metadata: Migrating partition metadata: "
+		  "open of metadata.tdb gave: %s\n",
+		  ldb_errstring(ldb_module_get_ctx(module))));
+	ret = partition_metadata_open(module, true);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb_module_get_ctx(module),
+				       "partition_metadata: "
+				       "Migrating partition metadata: "
+				       "create of metadata.tdb gave: %s\n",
+				       ldb_errstring(ldb_module_get_ctx(module)));
+		TALLOC_FREE(data->metadata);
+		return ret;
+	}
+
+	return ret;
+}
+
+
+/*
+ * Read the sequence number, default to 0 if LDB_METADATA_SEQ_NUM key is missing
+ */
+int partition_metadata_sequence_number(struct ldb_module *module, uint64_t *value)
+{
+
+	/* We have to lock all the databases as otherwise we can
+	 * return a sequence number that is higher than the DB values
+	 * that we can see, as those transactions close after the
+	 * metadata.tdb transaction closes */
+	int ret = partition_read_lock(module);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/*
+	 * This means we will give a 0 until the first write
+	 * transaction, which is actually pretty reasonable.
+	 *
+	 * All modern databases will have the metadata.tdb from
+	 * the time of the first transaction in provision anyway.
+	 */
+	ret = partition_metadata_get_uint64(module,
+					    LDB_METADATA_SEQ_NUM,
+					    value,
+					    0);
+	if (ret == LDB_SUCCESS) {
+		ret = partition_read_unlock(module);
+	} else {
+		/* Don't overwrite the error code */
+		partition_read_unlock(module);
+	}
+	return ret;
+
+}
+
+
+/*
+ * Increment the sequence number, returning the new sequence number
+ */
+int partition_metadata_sequence_number_increment(struct ldb_module *module, uint64_t *value)
+{
+	struct partition_private_data *data;
+	int ret;
+
+	data = talloc_get_type_abort(ldb_module_get_private(module),
+				    struct partition_private_data);
+	if (!data || !data->metadata) {
+		return ldb_module_error(module, LDB_ERR_OPERATIONS_ERROR,
+					"partition_metadata: metadata not initialized");
+	}
+
+	if (data->metadata->in_transaction == 0) {
+		return ldb_module_error(module, LDB_ERR_OPERATIONS_ERROR,
+					"partition_metadata: increment sequence number without transaction");
+	}
+
+	ret = partition_metadata_get_uint64(module, LDB_METADATA_SEQ_NUM, value, 0);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (*value == 0) {
+		/*
+		 * We are in a transaction now, so we can get the
+		 * sequence number from the partitions.
+		 */
+		ret = partition_metadata_set_sequence_number(module);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		ret = partition_metadata_get_uint64(module,
+						    LDB_METADATA_SEQ_NUM,
+						    value, 0);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	(*value)++;
+	ret = partition_metadata_set_uint64(module, LDB_METADATA_SEQ_NUM, *value, false);
+	return ret;
+}
+/*
+  lock the database for read - use by partition_lock_read
+*/
+int partition_metadata_read_lock(struct ldb_module *module)
+{
+	struct partition_private_data *data
+		= talloc_get_type_abort(ldb_module_get_private(module),
+					struct partition_private_data);
+	struct tdb_context *tdb = NULL;
+	int tdb_ret = 0;
+	int ret;
+
+	if (!data || !data->metadata || !data->metadata->db) {
+		return ldb_module_error(module, LDB_ERR_OPERATIONS_ERROR,
+					"partition_metadata: metadata not initialized");
+	}
+	tdb = data->metadata->db->tdb;
+
+	if (tdb_transaction_active(tdb) == false &&
+	    data->metadata->read_lock_count == 0) {
+		tdb_ret = tdb_lockall_read(tdb);
+	}
+	if (tdb_ret == 0) {
+		data->metadata->read_lock_count++;
+		return LDB_SUCCESS;
+	} else {
+		/* Sadly we can't call ltdb_err_map(tdb_error(tdb)); */
+		ret = LDB_ERR_BUSY;
+	}
+	ldb_debug_set(ldb_module_get_ctx(module),
+		      LDB_DEBUG_FATAL,
+		      "Failure during partition_metadata_read_lock(): %s",
+		      tdb_errorstr(tdb));
+	return ret;
+}
+
+/*
+  unlock the database after a partition_metadata_lock_read()
+*/
+int partition_metadata_read_unlock(struct ldb_module *module)
+{
+	struct partition_private_data *data
+		= talloc_get_type_abort(ldb_module_get_private(module),
+					struct partition_private_data);
+	struct tdb_context *tdb = NULL;
+
+	data = talloc_get_type_abort(ldb_module_get_private(module),
+				     struct partition_private_data);
+	if (!data || !data->metadata || !data->metadata->db) {
+		return ldb_module_error(module, LDB_ERR_OPERATIONS_ERROR,
+					"partition_metadata: metadata not initialized");
+	}
+	tdb = data->metadata->db->tdb;
+
+	if (!tdb_transaction_active(tdb) &&
+	    data->metadata->read_lock_count == 1) {
+		tdb_unlockall_read(tdb);
+		data->metadata->read_lock_count--;
+		return 0;
+	}
+	data->metadata->read_lock_count--;
+	return 0;
+}
+
+
+/*
+ * Transaction start
+ */
+int partition_metadata_start_trans(struct ldb_module *module)
+{
+	struct partition_private_data *data;
+	struct tdb_context *tdb;
+
+	data = talloc_get_type_abort(ldb_module_get_private(module),
+				     struct partition_private_data);
+	if (!data || !data->metadata || !data->metadata->db) {
+		return ldb_module_error(module, LDB_ERR_OPERATIONS_ERROR,
+					"partition_metadata: metadata not initialized");
+	}
+	tdb = data->metadata->db->tdb;
+
+	if (tdb_transaction_start(tdb) != 0) {
+		return ldb_module_error(module, LDB_ERR_OPERATIONS_ERROR,
+					tdb_errorstr(tdb));
+	}
+
+	data->metadata->in_transaction++;
+
+	return LDB_SUCCESS;
+}
+
+
+/*
+ * Transaction prepare commit
+ */
+int partition_metadata_prepare_commit(struct ldb_module *module)
+{
+	struct partition_private_data *data;
+	struct tdb_context *tdb;
+
+	data = talloc_get_type_abort(ldb_module_get_private(module),
+				     struct partition_private_data);
+	if (!data || !data->metadata || !data->metadata->db) {
+		return ldb_module_error(module, LDB_ERR_OPERATIONS_ERROR,
+					"partition_metadata: metadata not initialized");
+	}
+	tdb = data->metadata->db->tdb;
+
+	if (data->metadata->in_transaction == 0) {
+		return ldb_module_error(module, LDB_ERR_OPERATIONS_ERROR,
+					"partition_metadata: not in transaction");
+	}
+
+	if (tdb_transaction_prepare_commit(tdb) != 0) {
+		return ldb_module_error(module, LDB_ERR_OPERATIONS_ERROR,
+					tdb_errorstr(tdb));
+	}
+
+	return LDB_SUCCESS;
+}
+
+
+/*
+ * Transaction end
+ */
+int partition_metadata_end_trans(struct ldb_module *module)
+{
+	struct partition_private_data *data;
+	struct tdb_context *tdb;
+
+	data = talloc_get_type_abort(ldb_module_get_private(module),
+				     struct partition_private_data);
+	if (!data || !data->metadata || !data->metadata->db) {
+		return ldb_module_error(module, LDB_ERR_OPERATIONS_ERROR,
+					"partition_metadata: metadata not initialized");
+	}
+	tdb = data->metadata->db->tdb;
+
+	if (data->metadata->in_transaction == 0) {
+		return ldb_module_error(module, LDB_ERR_OPERATIONS_ERROR,
+					"partition_metadata: not in transaction");
+	}
+
+	data->metadata->in_transaction--;
+
+	if (tdb_transaction_commit(tdb) != 0) {
+		return ldb_module_error(module, LDB_ERR_OPERATIONS_ERROR,
+					tdb_errorstr(tdb));
+	}
+
+	return LDB_SUCCESS;
+}
+
+
+/*
+ * Transaction delete
+ */
+int partition_metadata_del_trans(struct ldb_module *module)
+{
+	struct partition_private_data *data;
+	struct tdb_context *tdb;
+
+	data = talloc_get_type_abort(ldb_module_get_private(module),
+				     struct partition_private_data);
+	if (!data || !data->metadata || !data->metadata->db) {
+		return ldb_module_error(module, LDB_ERR_OPERATIONS_ERROR,
+					"partition_metadata: metadata not initialized");
+	}
+	tdb = data->metadata->db->tdb;
+
+	if (data->metadata->in_transaction == 0) {
+		return ldb_module_error(module, LDB_ERR_OPERATIONS_ERROR,
+					"partition_metadata: not in transaction");
+	}
+
+	data->metadata->in_transaction--;
+
+	tdb_transaction_cancel(tdb);
+
+	return LDB_SUCCESS;
+}
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
new file mode 100644
index 0000000..0a7a78c
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -0,0 +1,5220 @@
+/* 
+   ldb database module
+
+   Copyright (C) Simo Sorce  2004-2008
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2006
+   Copyright (C) Andrew Tridgell 2004
+   Copyright (C) Stefan Metzmacher 2007-2010
+   Copyright (C) Matthias Dieter Wallnöfer 2009-2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: ldb
+ *
+ *  Component: ldb password_hash module
+ *
+ *  Description: correctly handle AD password changes fields
+ *
+ *  Author: Andrew Bartlett
+ *  Author: Stefan Metzmacher
+ */
+
+#include "includes.h"
+#include "ldb_module.h"
+#include "libcli/auth/libcli_auth.h"
+#include "libcli/security/dom_sid.h"
+#include "system/kerberos.h"
+#include "auth/kerberos/kerberos.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+#include "dsdb/samdb/ldb_modules/password_modules.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "lib/crypto/md4.h"
+#include "param/param.h"
+#include "lib/krb5_wrap/krb5_samba.h"
+#include "auth/auth_sam.h"
+#include "auth/common_auth.h"
+#include "lib/messaging/messaging.h"
+#include "lib/param/loadparm.h"
+
+#include "lib/crypto/gnutls_helpers.h"
+#include <gnutls/crypto.h>
+
+#include "kdc/db-glue.h"
+
+#ifdef ENABLE_GPGME
+#undef class
+#include <gpgme.h>
+
+/*
+ * 1.2.0 is what dpkg-shlibdeps generates, based on used symbols and
+ * libgpgme11.symbols
+ * https://salsa.debian.org/debian/gpgme/blob/debian/master/debian/libgpgme11.symbols
+ */
+
+#define MINIMUM_GPGME_VERSION "1.2.0"
+#endif
+
+#undef strncasecmp
+#undef strcasecmp
+
+/* If we have decided there is a reason to work on this request, then
+ * setup all the password hash types correctly.
+ *
+ * If we haven't the hashes yet but the password given as plain-text (attributes
+ * 'unicodePwd', 'userPassword' and 'clearTextPassword') we have to check for
+ * the constraints. Once this is done, we calculate the password hashes.
+ *
+ * Notice: unlike the real AD which only supports the UTF16 special based
+ * 'unicodePwd' and the UTF8 based 'userPassword' plaintext attribute we
+ * understand also a UTF16 based 'clearTextPassword' one.
+ * The latter is also accessible through LDAP so it can also be set by external
+ * tools and scripts. But be aware that this isn't portable on non SAMBA 4 ADs!
+ *
+ * Also when the module receives only the password hashes (possible through
+ * specifying an internal LDB control - for security reasons) some checks are
+ * performed depending on the operation mode (see below) (e.g. if the password
+ * has been in use before if the password memory policy was activated).
+ *
+ * Attention: There is a difference between "modify" and "reset" operations
+ * (see MS-ADTS 3.1.1.3.1.5). If the client sends a "add" and "remove"
+ * operation for a password attribute we thread this as a "modify"; if it sends
+ * only a "replace" one we have an (administrative) reset.
+ *
+ * Finally, if the administrator has requested that a password history
+ * be maintained, then this should also be written out.
+ *
+ */
+
+/* TODO: [consider always MS-ADTS 3.1.1.3.1.5]
+ * - Check for right connection encryption
+ */
+
+/* Notice: Definition of "dsdb_control_password_change_status" moved into
+ * "samdb.h" */
+
+struct ph_context {
+	struct ldb_module *module;
+	struct ldb_request *req;
+
+	struct ldb_request *dom_req;
+	struct ldb_reply *dom_res;
+
+	struct ldb_reply *pso_res;
+
+	struct ldb_reply *search_res;
+
+	struct ldb_message *update_msg;
+
+	struct dsdb_control_password_change_status *status;
+	struct dsdb_control_password_change *change;
+
+	const char **gpg_key_ids;
+
+	bool pwd_reset;
+	bool change_status;
+	bool hash_values;
+	bool userPassword;
+	bool update_password;
+	bool update_lastset;
+	bool pwd_last_set_bypass;
+	bool pwd_last_set_default;
+	bool smartcard_reset;
+	const char **userPassword_schemes;
+};
+
+
+struct setup_password_fields_io {
+	struct ph_context *ac;
+
+	struct smb_krb5_context *smb_krb5_context;
+
+	/* info about the user account */
+	struct {
+		uint32_t userAccountControl;
+		NTTIME pwdLastSet;
+		const char *sAMAccountName;
+		const char *user_principal_name;
+		const char *displayName; /* full name */
+		bool is_krbtgt;
+		uint32_t restrictions;
+		struct dom_sid *account_sid;
+		bool store_nt_hash;
+	} u;
+
+	/* new credentials and old given credentials */
+	struct setup_password_fields_given {
+		const struct ldb_val *cleartext_utf8;
+		const struct ldb_val *cleartext_utf16;
+
+		struct samr_Password *nt_hash;
+
+		/*
+		 * The AES256 kerberos key to confirm the previous password was
+		 * not reused (for n) and to prove the old password was known
+		 * (for og).
+		 *
+		 * We don't have any old salts, so we won't catch password reuse
+		 * if said password was used prior to an account rename and
+		 * another password change.
+		 */
+		DATA_BLOB aes_256;
+	} n, og;
+
+	/* old credentials */
+	struct {
+		struct samr_Password *nt_hash;
+		uint32_t nt_history_len;
+		struct samr_Password *nt_history;
+		const struct ldb_val *supplemental;
+		struct supplementalCredentialsBlob scb;
+
+		/*
+		 * The AES256 kerberos key as stored in the DB.
+		 * Used to confirm the given password was correct
+		 * and in case the previous password was reused.
+		 */
+		DATA_BLOB aes_256;
+		DATA_BLOB salt;
+		uint32_t kvno;
+	} o;
+
+	/* generated credentials */
+	struct {
+		struct samr_Password *nt_hash;
+		uint32_t nt_history_len;
+		struct samr_Password *nt_history;
+		const char *salt;
+		DATA_BLOB aes_256;
+		DATA_BLOB aes_128;
+		DATA_BLOB des_md5;
+		DATA_BLOB des_crc;
+		struct ldb_val supplemental;
+		NTTIME last_set;
+	} g;
+};
+
+static int msg_find_old_and_new_pwd_val(const struct ldb_message *msg,
+					const char *name,
+					enum ldb_request_type operation,
+					const struct ldb_val **new_val,
+					const struct ldb_val **old_val);
+
+static int password_hash_bypass(struct ldb_module *module, struct ldb_request *request)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	const struct ldb_message *msg;
+	struct ldb_message_element *nte;
+	struct ldb_message_element *lme;
+	struct ldb_message_element *nthe;
+	struct ldb_message_element *lmhe;
+	struct ldb_message_element *sce;
+	int ret;
+
+	switch (request->operation) {
+	case LDB_ADD:
+		msg = request->op.add.message;
+		break;
+	case LDB_MODIFY:
+		msg = request->op.mod.message;
+		break;
+	default:
+		return ldb_next_request(module, request);
+	}
+
+	/* nobody must touch password histories and 'supplementalCredentials' */
+
+#define GET_VALUES(el, attr) do {  \
+	ret = dsdb_get_expected_new_values(request,		\
+					   msg,			\
+					   attr,		\
+					   &el,			\
+					   request->operation);	\
+								\
+	if (ret != LDB_SUCCESS) {				\
+		return ret;					\
+	}							\
+} while(0)
+
+	GET_VALUES(nte, "unicodePwd");
+
+	/*
+	 * Even as Samba continues to ignore the LM hash, and reset it
+	 * when practical, we keep the constraint that it must be a 16
+	 * byte value if specified.
+	 */
+	GET_VALUES(lme, "dBCSPwd");
+	GET_VALUES(nthe, "ntPwdHistory");
+	GET_VALUES(lmhe, "lmPwdHistory");
+	GET_VALUES(sce, "supplementalCredentials");
+
+#undef GET_VALUES
+#define CHECK_HASH_ELEMENT(e, min, max) do {\
+	if (e && e->num_values) { \
+		unsigned int _count; \
+		if (e->num_values != 1) { \
+			return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, \
+					 "num_values != 1"); \
+		} \
+		if ((e->values[0].length % 16) != 0) { \
+			return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, \
+					 "length % 16 != 0"); \
+		} \
+		_count = e->values[0].length / 16; \
+		if (_count < min) { \
+			return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, \
+					 "count < min"); \
+		} \
+		if (_count > max) { \
+			return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, \
+					 "count > max"); \
+		} \
+	} \
+} while (0)
+
+	CHECK_HASH_ELEMENT(nte, 1, 1);
+	CHECK_HASH_ELEMENT(lme, 1, 1);
+	CHECK_HASH_ELEMENT(nthe, 1, INT32_MAX);
+	CHECK_HASH_ELEMENT(lmhe, 1, INT32_MAX);
+
+	if (sce && sce->num_values) {
+		enum ndr_err_code ndr_err;
+		struct supplementalCredentialsBlob *scb;
+		struct supplementalCredentialsPackage *scpp = NULL;
+		struct supplementalCredentialsPackage *scpk = NULL;
+		struct supplementalCredentialsPackage *scpkn = NULL;
+		struct supplementalCredentialsPackage *scpct = NULL;
+		DATA_BLOB scpbp = data_blob_null;
+		DATA_BLOB scpbk = data_blob_null;
+		DATA_BLOB scpbkn = data_blob_null;
+		DATA_BLOB scpbct = data_blob_null;
+		DATA_BLOB blob;
+		uint32_t i;
+
+		if (sce->num_values != 1) {
+			return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
+					 "num_values != 1");
+		}
+
+		scb = talloc_zero(request, struct supplementalCredentialsBlob);
+		if (!scb) {
+			return ldb_module_oom(module);
+		}
+
+		ndr_err = ndr_pull_struct_blob_all(&sce->values[0], scb, scb,
+				(ndr_pull_flags_fn_t)ndr_pull_supplementalCredentialsBlob);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			talloc_free(scb);
+			return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
+					 "ndr_pull_struct_blob_all");
+		}
+
+		if (scb->sub.num_packages < 2) {
+			talloc_free(scb);
+			return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
+					 "num_packages < 2");
+		}
+
+		for (i=0; i < scb->sub.num_packages; i++) {
+			DATA_BLOB subblob;
+
+			subblob = strhex_to_data_blob(scb, scb->sub.packages[i].data);
+			if (subblob.data == NULL) {
+				talloc_free(scb);
+				return ldb_module_oom(module);
+			}
+
+			if (strcmp(scb->sub.packages[i].name, "Packages") == 0) {
+				if (scpp) {
+					talloc_free(scb);
+					return ldb_error(ldb,
+							 LDB_ERR_CONSTRAINT_VIOLATION,
+							 "Packages twice");
+				}
+				scpp = &scb->sub.packages[i];
+				scpbp = subblob;
+				continue;
+			}
+			if (strcmp(scb->sub.packages[i].name, "Primary:Kerberos") == 0) {
+				if (scpk) {
+					talloc_free(scb);
+					return ldb_error(ldb,
+							 LDB_ERR_CONSTRAINT_VIOLATION,
+							 "Primary:Kerberos twice");
+				}
+				scpk = &scb->sub.packages[i];
+				scpbk = subblob;
+				continue;
+			}
+			if (strcmp(scb->sub.packages[i].name, "Primary:Kerberos-Newer-Keys") == 0) {
+				if (scpkn) {
+					talloc_free(scb);
+					return ldb_error(ldb,
+							 LDB_ERR_CONSTRAINT_VIOLATION,
+							 "Primary:Kerberos-Newer-Keys twice");
+				}
+				scpkn = &scb->sub.packages[i];
+				scpbkn = subblob;
+				continue;
+			}
+			if (strcmp(scb->sub.packages[i].name, "Primary:CLEARTEXT") == 0) {
+				if (scpct) {
+					talloc_free(scb);
+					return ldb_error(ldb,
+							 LDB_ERR_CONSTRAINT_VIOLATION,
+							 "Primary:CLEARTEXT twice");
+				}
+				scpct = &scb->sub.packages[i];
+				scpbct = subblob;
+				continue;
+			}
+
+			data_blob_free(&subblob);
+		}
+
+		if (scpp == NULL) {
+			talloc_free(scb);
+			return ldb_error(ldb,
+					 LDB_ERR_CONSTRAINT_VIOLATION,
+					 "Primary:Packages missing");
+		}
+
+		if (scpk == NULL) {
+			/*
+			 * If Primary:Kerberos is missing w2k8r2 reboots
+			 * when a password is changed.
+			 */
+			talloc_free(scb);
+			return ldb_error(ldb,
+					 LDB_ERR_CONSTRAINT_VIOLATION,
+					 "Primary:Kerberos missing");
+		}
+
+		if (scpp) {
+			struct package_PackagesBlob *p;
+			uint32_t n;
+
+			p = talloc_zero(scb, struct package_PackagesBlob);
+			if (p == NULL) {
+				talloc_free(scb);
+				return ldb_module_oom(module);
+			}
+
+			ndr_err = ndr_pull_struct_blob(&scpbp, p, p,
+					(ndr_pull_flags_fn_t)ndr_pull_package_PackagesBlob);
+			if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+				talloc_free(scb);
+				return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
+						 "ndr_pull_struct_blob Packages");
+			}
+
+			if (p->names == NULL) {
+				talloc_free(scb);
+				return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
+						 "Packages names == NULL");
+			}
+
+			for (n = 0; p->names[n]; n++) {
+				/* noop */
+			}
+
+			if (scb->sub.num_packages != (n + 1)) {
+				talloc_free(scb);
+				return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
+						 "Packages num_packages != num_names + 1");
+			}
+
+			talloc_free(p);
+		}
+
+		if (scpk) {
+			struct package_PrimaryKerberosBlob *k;
+
+			k = talloc_zero(scb, struct package_PrimaryKerberosBlob);
+			if (k == NULL) {
+				talloc_free(scb);
+				return ldb_module_oom(module);
+			}
+
+			ndr_err = ndr_pull_struct_blob(&scpbk, k, k,
+					(ndr_pull_flags_fn_t)ndr_pull_package_PrimaryKerberosBlob);
+			if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+				talloc_free(scb);
+				return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
+						 "ndr_pull_struct_blob PrimaryKerberos");
+			}
+
+			if (k->version != 3) {
+				talloc_free(scb);
+				return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
+						 "PrimaryKerberos version != 3");
+			}
+
+			if (k->ctr.ctr3.salt.string == NULL) {
+				talloc_free(scb);
+				return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
+						 "PrimaryKerberos salt == NULL");
+			}
+
+			if (strlen(k->ctr.ctr3.salt.string) == 0) {
+				talloc_free(scb);
+				return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
+						 "PrimaryKerberos strlen(salt) == 0");
+			}
+
+			if (k->ctr.ctr3.num_keys != 2) {
+				talloc_free(scb);
+				return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
+						 "PrimaryKerberos num_keys != 2");
+			}
+
+			if (k->ctr.ctr3.num_old_keys > k->ctr.ctr3.num_keys) {
+				talloc_free(scb);
+				return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
+						 "PrimaryKerberos num_old_keys > num_keys");
+			}
+
+			if (k->ctr.ctr3.keys[0].keytype != ENCTYPE_DES_CBC_MD5) {
+				talloc_free(scb);
+				return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
+						 "PrimaryKerberos key[0] != DES_CBC_MD5");
+			}
+			if (k->ctr.ctr3.keys[1].keytype != ENCTYPE_DES_CBC_CRC) {
+				talloc_free(scb);
+				return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
+						 "PrimaryKerberos key[1] != DES_CBC_CRC");
+			}
+
+			if (k->ctr.ctr3.keys[0].value_len != 8) {
+				talloc_free(scb);
+				return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
+						 "PrimaryKerberos key[0] value_len != 8");
+			}
+			if (k->ctr.ctr3.keys[1].value_len != 8) {
+				talloc_free(scb);
+				return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
+						 "PrimaryKerberos key[1] value_len != 8");
+			}
+
+			for (i = 0; i < k->ctr.ctr3.num_old_keys; i++) {
+				if (k->ctr.ctr3.old_keys[i].keytype ==
+				    k->ctr.ctr3.keys[i].keytype &&
+				    k->ctr.ctr3.old_keys[i].value_len ==
+				    k->ctr.ctr3.keys[i].value_len) {
+					continue;
+				}
+
+				talloc_free(scb);
+				return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
+						 "PrimaryKerberos old_keys type/value_len doesn't match");
+			}
+
+			talloc_free(k);
+		}
+
+		if (scpkn) {
+			struct package_PrimaryKerberosBlob *k;
+
+			k = talloc_zero(scb, struct package_PrimaryKerberosBlob);
+			if (k == NULL) {
+				talloc_free(scb);
+				return ldb_module_oom(module);
+			}
+
+			ndr_err = ndr_pull_struct_blob(&scpbkn, k, k,
+					(ndr_pull_flags_fn_t)ndr_pull_package_PrimaryKerberosBlob);
+			if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+				talloc_free(scb);
+				return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
+						 "ndr_pull_struct_blob PrimaryKerberosNeverKeys");
+			}
+
+			if (k->version != 4) {
+				talloc_free(scb);
+				return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
+						 "KerberosNerverKeys version != 4");
+			}
+
+			if (k->ctr.ctr4.salt.string == NULL) {
+				talloc_free(scb);
+				return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
+						 "KerberosNewerKeys salt == NULL");
+			}
+
+			if (strlen(k->ctr.ctr4.salt.string) == 0) {
+				talloc_free(scb);
+				return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
+						 "KerberosNewerKeys strlen(salt) == 0");
+			}
+
+			if (k->ctr.ctr4.num_keys != 4) {
+				talloc_free(scb);
+				return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
+						 "KerberosNewerKeys num_keys != 4");
+			}
+
+			if (k->ctr.ctr4.num_old_keys > k->ctr.ctr4.num_keys) {
+				talloc_free(scb);
+				return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
+						 "KerberosNewerKeys num_old_keys > num_keys");
+			}
+
+			if (k->ctr.ctr4.num_older_keys > k->ctr.ctr4.num_old_keys) {
+				talloc_free(scb);
+				return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
+						 "KerberosNewerKeys num_older_keys > num_old_keys");
+			}
+
+			if (k->ctr.ctr4.keys[0].keytype != ENCTYPE_AES256_CTS_HMAC_SHA1_96) {
+				talloc_free(scb);
+				return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
+						 "KerberosNewerKeys key[0] != AES256");
+			}
+			if (k->ctr.ctr4.keys[1].keytype != ENCTYPE_AES128_CTS_HMAC_SHA1_96) {
+				talloc_free(scb);
+				return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
+						 "KerberosNewerKeys key[1] != AES128");
+			}
+			if (k->ctr.ctr4.keys[2].keytype != ENCTYPE_DES_CBC_MD5) {
+				talloc_free(scb);
+				return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
+						 "KerberosNewerKeys key[2] != DES_CBC_MD5");
+			}
+			if (k->ctr.ctr4.keys[3].keytype != ENCTYPE_DES_CBC_CRC) {
+				talloc_free(scb);
+				return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
+						 "KerberosNewerKeys key[3] != DES_CBC_CRC");
+			}
+
+			if (k->ctr.ctr4.keys[0].value_len != 32) {
+				talloc_free(scb);
+				return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
+						 "KerberosNewerKeys key[0] value_len != 32");
+			}
+			if (k->ctr.ctr4.keys[1].value_len != 16) {
+				talloc_free(scb);
+				return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
+						 "KerberosNewerKeys key[1] value_len != 16");
+			}
+			if (k->ctr.ctr4.keys[2].value_len != 8) {
+				talloc_free(scb);
+				return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
+						 "KerberosNewerKeys key[2] value_len != 8");
+			}
+			if (k->ctr.ctr4.keys[3].value_len != 8) {
+				talloc_free(scb);
+				return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
+						 "KerberosNewerKeys key[3] value_len != 8");
+			}
+
+			/*
+			 * TODO:
+			 * Maybe we can check old and older keys here.
+			 * But we need to do some tests, if the old keys
+			 * can be taken from the PrimaryKerberos blob
+			 * (with only des keys), when the domain was upgraded
+			 * from w2k3 to w2k8.
+			 */
+
+			talloc_free(k);
+		}
+
+		if (scpct) {
+			struct package_PrimaryCLEARTEXTBlob *ct;
+
+			ct = talloc_zero(scb, struct package_PrimaryCLEARTEXTBlob);
+			if (ct == NULL) {
+				talloc_free(scb);
+				return ldb_module_oom(module);
+			}
+
+			ndr_err = ndr_pull_struct_blob(&scpbct, ct, ct,
+					(ndr_pull_flags_fn_t)ndr_pull_package_PrimaryCLEARTEXTBlob);
+			if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+				talloc_free(scb);
+				return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
+						 "ndr_pull_struct_blob PrimaryCLEARTEXT");
+			}
+
+			if ((ct->cleartext.length % 2) != 0) {
+				talloc_free(scb);
+				return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
+						 "PrimaryCLEARTEXT length % 2 != 0");
+			}
+
+			talloc_free(ct);
+		}
+
+		ndr_err = ndr_push_struct_blob(&blob, scb, scb,
+				(ndr_push_flags_fn_t)ndr_push_supplementalCredentialsBlob);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			talloc_free(scb);
+			return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
+					 "ndr_pull_struct_blob_all");
+		}
+
+		if (sce->values[0].length != blob.length) {
+			talloc_free(scb);
+			return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
+					 "supplementalCredentialsBlob length differ");
+		}
+
+		if (!mem_equal_const_time(sce->values[0].data, blob.data, blob.length)) {
+			talloc_free(scb);
+			return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION,
+					 "supplementalCredentialsBlob memcmp differ");
+		}
+
+		talloc_free(scb);
+	}
+
+	ldb_debug(ldb, LDB_DEBUG_TRACE, "password_hash_bypass - validated\n");
+	return ldb_next_request(module, request);
+}
+
+/* Get the NT hash, and fill it in as an entry in the password history, 
+   and specify it into io->g.nt_hash */
+
+static int setup_nt_fields(struct setup_password_fields_io *io)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(io->ac->module);
+	uint32_t i;
+	if (io->u.store_nt_hash) {
+		io->g.nt_hash = io->n.nt_hash;
+	}
+
+	if (io->ac->status->domain_data.pwdHistoryLength == 0) {
+		return LDB_SUCCESS;
+	}
+
+	/* We might not have an old NT password */
+
+	if (io->g.nt_hash == NULL) {
+		/*
+		 * If there was not an NT hash specified, then don't
+		 * store the NT password history.
+		 *
+		 * While the NTLM code on a Windows DC will cope with
+		 * a missing unicodePwd, if it finds a last password
+		 * in the ntPwdHistory, even if the bytes are zero ,
+		 * it will (quite reasonably) treat it as a valid NT
+		 * hash.  NTLM logins with the previous password are
+		 * allowed for a short time after the password is
+		 * changed to allow for password propagation delays.
+		 */
+		return LDB_SUCCESS;
+	}
+
+	io->g.nt_history = talloc_array(io->ac,
+					struct samr_Password,
+					io->ac->status->domain_data.pwdHistoryLength);
+	if (!io->g.nt_history) {
+		return ldb_oom(ldb);
+	}
+
+	for (i = 0; i < MIN(io->ac->status->domain_data.pwdHistoryLength-1,
+			    io->o.nt_history_len); i++) {
+		io->g.nt_history[i+1] = io->o.nt_history[i];
+	}
+	io->g.nt_history_len = i + 1;
+
+	io->g.nt_history[0] = *io->g.nt_hash;
+
+	return LDB_SUCCESS;
+}
+
+static int setup_kerberos_keys(struct setup_password_fields_io *io)
+{
+	struct ldb_context *ldb;
+	krb5_error_code krb5_ret;
+	krb5_principal salt_principal = NULL;
+	krb5_data salt_data;
+	krb5_data salt;
+	krb5_keyblock key;
+	krb5_data cleartext_data;
+	uint32_t uac_flags = 0;
+
+	ldb = ldb_module_get_ctx(io->ac->module);
+	cleartext_data.data = (char *)io->n.cleartext_utf8->data;
+	cleartext_data.length = io->n.cleartext_utf8->length;
+
+	uac_flags = io->u.userAccountControl & UF_ACCOUNT_TYPE_MASK;
+	krb5_ret = smb_krb5_salt_principal(io->smb_krb5_context->krb5_context,
+					   io->ac->status->domain_data.realm,
+					   io->u.sAMAccountName,
+					   io->u.user_principal_name,
+					   uac_flags,
+					   &salt_principal);
+	if (krb5_ret) {
+		ldb_asprintf_errstring(ldb,
+				       "setup_kerberos_keys: "
+				       "generation of a salting principal failed: %s",
+				       smb_get_krb5_error_message(io->smb_krb5_context->krb5_context,
+								  krb5_ret, io->ac));
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	/*
+	 * create salt from salt_principal
+	 */
+	krb5_ret = smb_krb5_get_pw_salt(io->smb_krb5_context->krb5_context,
+					salt_principal, &salt_data);
+
+	krb5_free_principal(io->smb_krb5_context->krb5_context, salt_principal);
+	if (krb5_ret) {
+		ldb_asprintf_errstring(ldb,
+				       "setup_kerberos_keys: "
+				       "generation of krb5_salt failed: %s",
+				       smb_get_krb5_error_message(io->smb_krb5_context->krb5_context,
+								  krb5_ret, io->ac));
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	/* now use the talloced copy of the salt */
+	salt.data	= talloc_strndup(io->ac,
+					 (char *)salt_data.data,
+					 salt_data.length);
+	smb_krb5_free_data_contents(io->smb_krb5_context->krb5_context,
+				    &salt_data);
+	if (salt.data == NULL) {
+		return ldb_oom(ldb);
+	}
+	io->g.salt      = salt.data;
+	salt.length	= strlen(io->g.salt);
+
+	/*
+	 * create ENCTYPE_AES256_CTS_HMAC_SHA1_96 key out of
+	 * the salt and the cleartext password
+	 */
+	krb5_ret = smb_krb5_create_key_from_string(io->smb_krb5_context->krb5_context,
+						   NULL,
+						   &salt,
+						   &cleartext_data,
+						   ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+						   &key);
+	if (krb5_ret) {
+		ldb_asprintf_errstring(ldb,
+				       "setup_kerberos_keys: "
+				       "generation of a aes256-cts-hmac-sha1-96 key failed: %s",
+				       smb_get_krb5_error_message(io->smb_krb5_context->krb5_context,
+								  krb5_ret, io->ac));
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	io->g.aes_256 = data_blob_talloc(io->ac,
+					 KRB5_KEY_DATA(&key),
+					 KRB5_KEY_LENGTH(&key));
+	krb5_free_keyblock_contents(io->smb_krb5_context->krb5_context, &key);
+	if (!io->g.aes_256.data) {
+		return ldb_oom(ldb);
+	}
+
+	/*
+	 * create ENCTYPE_AES128_CTS_HMAC_SHA1_96 key out of
+	 * the salt and the cleartext password
+	 */
+	krb5_ret = smb_krb5_create_key_from_string(io->smb_krb5_context->krb5_context,
+						   NULL,
+						   &salt,
+						   &cleartext_data,
+						   ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+						   &key);
+	if (krb5_ret) {
+		ldb_asprintf_errstring(ldb,
+				       "setup_kerberos_keys: "
+				       "generation of a aes128-cts-hmac-sha1-96 key failed: %s",
+				       smb_get_krb5_error_message(io->smb_krb5_context->krb5_context,
+								  krb5_ret, io->ac));
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	io->g.aes_128 = data_blob_talloc(io->ac,
+					 KRB5_KEY_DATA(&key),
+					 KRB5_KEY_LENGTH(&key));
+	krb5_free_keyblock_contents(io->smb_krb5_context->krb5_context, &key);
+	if (!io->g.aes_128.data) {
+		return ldb_oom(ldb);
+	}
+
+	/*
+	 * As per RFC-6649 single DES encryption types are no longer considered
+	 * secure to be used in Kerberos, we store random keys instead of the
+	 * ENCTYPE_DES_CBC_MD5 and ENCTYPE_DES_CBC_CRC keys.
+	 */
+	io->g.des_md5 = data_blob_talloc(io->ac, NULL, 8);
+	if (!io->g.des_md5.data) {
+		return ldb_oom(ldb);
+	}
+	generate_secret_buffer(io->g.des_md5.data, 8);
+
+	io->g.des_crc = data_blob_talloc(io->ac, NULL, 8);
+	if (!io->g.des_crc.data) {
+		return ldb_oom(ldb);
+	}
+	generate_secret_buffer(io->g.des_crc.data, 8);
+
+	return LDB_SUCCESS;
+}
+
+static int setup_kerberos_key_hash(struct setup_password_fields_io *io,
+				   struct setup_password_fields_given *g)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(io->ac->module);
+	krb5_error_code krb5_ret;
+	krb5_data salt;
+	krb5_keyblock key;
+	krb5_data cleartext_data;
+
+	if (io->ac->search_res == NULL) {
+		/* No old data so nothing to do */
+		return LDB_SUCCESS;
+	}
+
+	if (io->o.salt.data == NULL) {
+		/* We didn't fetch the salt in setup_io(), so nothing to do */
+		return LDB_SUCCESS;
+	}
+
+	salt.data = (char *)io->o.salt.data;
+	salt.length = io->o.salt.length;
+
+	cleartext_data.data = (char *)g->cleartext_utf8->data;
+	cleartext_data.length = g->cleartext_utf8->length;
+
+	/*
+	 * create ENCTYPE_AES256_CTS_HMAC_SHA1_96 key out of the salt
+	 * and the cleartext password
+	 */
+	krb5_ret = smb_krb5_create_key_from_string(io->smb_krb5_context->krb5_context,
+						   NULL,
+						   &salt,
+						   &cleartext_data,
+						   ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+						   &key);
+	if (krb5_ret) {
+		ldb_asprintf_errstring(ldb,
+				       "setup_kerberos_key_hash: "
+				       "generation of a aes256-cts-hmac-sha1-96 key failed: %s",
+				       smb_get_krb5_error_message(io->smb_krb5_context->krb5_context,
+								  krb5_ret, io->ac));
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	g->aes_256 = data_blob_talloc(io->ac,
+				      KRB5_KEY_DATA(&key),
+				      KRB5_KEY_LENGTH(&key));
+	krb5_free_keyblock_contents(io->smb_krb5_context->krb5_context, &key);
+	if (g->aes_256.data == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	talloc_keep_secret(g->aes_256.data);
+
+	return LDB_SUCCESS;
+}
+
+static int setup_primary_kerberos(struct setup_password_fields_io *io,
+				  const struct supplementalCredentialsBlob *old_scb,
+				  struct package_PrimaryKerberosBlob *pkb)
+{
+	struct ldb_context *ldb;
+	struct package_PrimaryKerberosCtr3 *pkb3 = &pkb->ctr.ctr3;
+	struct supplementalCredentialsPackage *old_scp = NULL;
+	struct package_PrimaryKerberosBlob _old_pkb;
+	struct package_PrimaryKerberosCtr3 *old_pkb3 = NULL;
+	uint32_t i;
+	enum ndr_err_code ndr_err;
+
+	ldb = ldb_module_get_ctx(io->ac->module);
+
+	/*
+	 * prepare generation of keys
+	 *
+	 * ENCTYPE_DES_CBC_MD5
+	 * ENCTYPE_DES_CBC_CRC
+	 */
+	pkb->version		= 3;
+	pkb3->salt.string	= io->g.salt;
+	pkb3->num_keys		= 2;
+	pkb3->keys		= talloc_array(io->ac,
+					       struct package_PrimaryKerberosKey3,
+					       pkb3->num_keys);
+	if (!pkb3->keys) {
+		return ldb_oom(ldb);
+	}
+
+	pkb3->keys[0].keytype	= ENCTYPE_DES_CBC_MD5;
+	pkb3->keys[0].value	= &io->g.des_md5;
+	pkb3->keys[1].keytype	= ENCTYPE_DES_CBC_CRC;
+	pkb3->keys[1].value	= &io->g.des_crc;
+
+	/* initialize the old keys to zero */
+	pkb3->num_old_keys	= 0;
+	pkb3->old_keys		= NULL;
+
+	/* if there're no old keys, then we're done */
+	if (!old_scb) {
+		return LDB_SUCCESS;
+	}
+
+	for (i=0; i < old_scb->sub.num_packages; i++) {
+		if (strcmp("Primary:Kerberos", old_scb->sub.packages[i].name) != 0) {
+			continue;
+		}
+
+		if (!old_scb->sub.packages[i].data || !old_scb->sub.packages[i].data[0]) {
+			continue;
+		}
+
+		old_scp = &old_scb->sub.packages[i];
+		break;
+	}
+	/* Primary:Kerberos element of supplementalCredentials */
+	if (old_scp) {
+		DATA_BLOB blob;
+
+		blob = strhex_to_data_blob(io->ac, old_scp->data);
+		if (!blob.data) {
+			return ldb_oom(ldb);
+		}
+
+		/* TODO: use ndr_pull_struct_blob_all(), when the ndr layer handles it correct with relative pointers */
+		ndr_err = ndr_pull_struct_blob(&blob, io->ac, &_old_pkb,
+					       (ndr_pull_flags_fn_t)ndr_pull_package_PrimaryKerberosBlob);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
+			ldb_asprintf_errstring(ldb,
+					       "setup_primary_kerberos: "
+					       "failed to pull old package_PrimaryKerberosBlob: %s",
+					       nt_errstr(status));
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+
+		if (_old_pkb.version != 3) {
+			ldb_asprintf_errstring(ldb,
+					       "setup_primary_kerberos: "
+					       "package_PrimaryKerberosBlob version[%u] expected[3]",
+					       _old_pkb.version);
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+
+		old_pkb3 = &_old_pkb.ctr.ctr3;
+	}
+
+	/* if we didn't found the old keys we're done */
+	if (!old_pkb3) {
+		return LDB_SUCCESS;
+	}
+
+	/* fill in the old keys */
+	pkb3->num_old_keys	= old_pkb3->num_keys;
+	pkb3->old_keys		= old_pkb3->keys;
+
+	return LDB_SUCCESS;
+}
+
+static int setup_primary_kerberos_newer(struct setup_password_fields_io *io,
+					const struct supplementalCredentialsBlob *old_scb,
+					struct package_PrimaryKerberosBlob *pkb)
+{
+	struct ldb_context *ldb;
+	struct package_PrimaryKerberosCtr4 *pkb4 = &pkb->ctr.ctr4;
+	struct supplementalCredentialsPackage *old_scp = NULL;
+	struct package_PrimaryKerberosBlob _old_pkb;
+	struct package_PrimaryKerberosCtr4 *old_pkb4 = NULL;
+	uint32_t i;
+	enum ndr_err_code ndr_err;
+
+	ldb = ldb_module_get_ctx(io->ac->module);
+
+	/*
+	 * prepare generation of keys
+	 *
+	 * ENCTYPE_AES256_CTS_HMAC_SHA1_96
+	 * ENCTYPE_AES128_CTS_HMAC_SHA1_96
+	 * ENCTYPE_DES_CBC_MD5
+	 * ENCTYPE_DES_CBC_CRC
+	 */
+	pkb->version			= 4;
+	pkb4->salt.string		= io->g.salt;
+	pkb4->default_iteration_count	= 4096;
+	pkb4->num_keys			= 4;
+
+	pkb4->keys = talloc_array(io->ac,
+				  struct package_PrimaryKerberosKey4,
+				  pkb4->num_keys);
+	if (!pkb4->keys) {
+		return ldb_oom(ldb);
+	}
+
+	pkb4->keys[0].iteration_count	= 4096;
+	pkb4->keys[0].keytype		= ENCTYPE_AES256_CTS_HMAC_SHA1_96;
+	pkb4->keys[0].value		= &io->g.aes_256;
+	pkb4->keys[1].iteration_count	= 4096;
+	pkb4->keys[1].keytype		= ENCTYPE_AES128_CTS_HMAC_SHA1_96;
+	pkb4->keys[1].value		= &io->g.aes_128;
+	pkb4->keys[2].iteration_count	= 4096;
+	pkb4->keys[2].keytype		= ENCTYPE_DES_CBC_MD5;
+	pkb4->keys[2].value		= &io->g.des_md5;
+	pkb4->keys[3].iteration_count	= 4096;
+	pkb4->keys[3].keytype		= ENCTYPE_DES_CBC_CRC;
+	pkb4->keys[3].value		= &io->g.des_crc;
+
+	/* initialize the old keys to zero */
+	pkb4->num_old_keys	= 0;
+	pkb4->old_keys		= NULL;
+	pkb4->num_older_keys	= 0;
+	pkb4->older_keys	= NULL;
+
+	/* if there're no old keys, then we're done */
+	if (!old_scb) {
+		return LDB_SUCCESS;
+	}
+
+	for (i=0; i < old_scb->sub.num_packages; i++) {
+		if (strcmp("Primary:Kerberos-Newer-Keys", old_scb->sub.packages[i].name) != 0) {
+			continue;
+		}
+
+		if (!old_scb->sub.packages[i].data || !old_scb->sub.packages[i].data[0]) {
+			continue;
+		}
+
+		old_scp = &old_scb->sub.packages[i];
+		break;
+	}
+	/* Primary:Kerberos-Newer-Keys element of supplementalCredentials */
+	if (old_scp) {
+		DATA_BLOB blob;
+
+		blob = strhex_to_data_blob(io->ac, old_scp->data);
+		if (!blob.data) {
+			return ldb_oom(ldb);
+		}
+
+		/* TODO: use ndr_pull_struct_blob_all(), when the ndr layer handles it correct with relative pointers */
+		ndr_err = ndr_pull_struct_blob(&blob, io->ac,
+					       &_old_pkb,
+					       (ndr_pull_flags_fn_t)ndr_pull_package_PrimaryKerberosBlob);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
+			ldb_asprintf_errstring(ldb,
+					       "setup_primary_kerberos_newer: "
+					       "failed to pull old package_PrimaryKerberosBlob: %s",
+					       nt_errstr(status));
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+
+		if (_old_pkb.version != 4) {
+			ldb_asprintf_errstring(ldb,
+					       "setup_primary_kerberos_newer: "
+					       "package_PrimaryKerberosBlob version[%u] expected[4]",
+					       _old_pkb.version);
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+
+		old_pkb4 = &_old_pkb.ctr.ctr4;
+	}
+
+	/* if we didn't found the old keys we're done */
+	if (!old_pkb4) {
+		return LDB_SUCCESS;
+	}
+
+	/* fill in the old keys */
+	pkb4->num_old_keys	= old_pkb4->num_keys;
+	pkb4->old_keys		= old_pkb4->keys;
+	pkb4->num_older_keys	= old_pkb4->num_old_keys;
+	pkb4->older_keys	= old_pkb4->old_keys;
+
+	return LDB_SUCCESS;
+}
+
+static int setup_primary_wdigest(struct setup_password_fields_io *io,
+				 const struct supplementalCredentialsBlob *old_scb,
+				 struct package_PrimaryWDigestBlob *pdb)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(io->ac->module);
+	DATA_BLOB sAMAccountName;
+	DATA_BLOB sAMAccountName_l;
+	DATA_BLOB sAMAccountName_u;
+	const char *user_principal_name = io->u.user_principal_name;
+	DATA_BLOB userPrincipalName;
+	DATA_BLOB userPrincipalName_l;
+	DATA_BLOB userPrincipalName_u;
+	DATA_BLOB netbios_domain;
+	DATA_BLOB netbios_domain_l;
+	DATA_BLOB netbios_domain_u;
+	DATA_BLOB dns_domain;
+	DATA_BLOB dns_domain_l;
+	DATA_BLOB dns_domain_u;
+	DATA_BLOB digest;
+	DATA_BLOB delim;
+	DATA_BLOB backslash;
+	uint8_t i;
+	struct {
+		DATA_BLOB *user;
+		DATA_BLOB *realm;
+		DATA_BLOB *nt4dom;
+	} wdigest[] = {
+	/*
+	 * See 3.1.1.8.11.3.1 WDIGEST_CREDENTIALS Construction
+	 *     https://msdn.microsoft.com/en-us/library/cc245680.aspx
+	 * for what precalculated hashes are supposed to be stored...
+	 *
+	 * I can't reproduce all values which should contain "Digest" as realm,
+	 * am I doing something wrong or is w2k3 just broken...?
+	 *
+	 * W2K3 fills in following for a user:
+	 *
+	 * dn: CN=NewUser,OU=newtop,DC=sub1,DC=w2k3,DC=vmnet1,DC=vm,DC=base
+	 * sAMAccountName: NewUser2Sam
+	 * userPrincipalName: NewUser2Princ@sub1.w2k3.vmnet1.vm.base
+	 *
+	 * 4279815024bda54fc074a5f8bd0a6e6f => NewUser2Sam:SUB1:TestPwd2007
+	 * b7ec9da91062199aee7d121e6710fe23 => newuser2sam:sub1:TestPwd2007
+	 * 17d290bc5c9f463fac54c37a8cea134d => NEWUSER2SAM:SUB1:TestPwd2007
+	 * 4279815024bda54fc074a5f8bd0a6e6f => NewUser2Sam:SUB1:TestPwd2007
+	 * 5d57e7823938348127322e08cd81bcb5 => NewUser2Sam:sub1:TestPwd2007
+	 * 07dd701bf8a011ece585de3d47237140 => NEWUSER2SAM:sub1:TestPwd2007
+	 * e14fb0eb401498d2cb33c9aae1cc7f37 => newuser2sam:SUB1:TestPwd2007
+	 * 8dadc90250f873d8b883f79d890bef82 => NewUser2Sam:sub1.w2k3.vmnet1.vm.base:TestPwd2007
+	 * f52da1266a6bdd290ffd48b2c823dda7 => newuser2sam:sub1.w2k3.vmnet1.vm.base:TestPwd2007
+	 * d2b42f171248cec37a3c5c6b55404062 => NEWUSER2SAM:SUB1.W2K3.VMNET1.VM.BASE:TestPwd2007
+	 * fff8d790ff6c152aaeb6ebe17b4021de => NewUser2Sam:SUB1.W2K3.VMNET1.VM.BASE:TestPwd2007
+	 * 8dadc90250f873d8b883f79d890bef82 => NewUser2Sam:sub1.w2k3.vmnet1.vm.base:TestPwd2007
+	 * 2a7563c3715bc418d626dabef378c008 => NEWUSER2SAM:sub1.w2k3.vmnet1.vm.base:TestPwd2007
+	 * c8e9557a87cd4200fda0c11d2fa03f96 => newuser2sam:SUB1.W2K3.VMNET1.VM.BASE:TestPwd2007
+	 * 221c55284451ae9b3aacaa2a3c86f10f => NewUser2Princ@sub1.w2k3.vmnet1.vm.base::TestPwd2007
+	 * 74e1be668853d4324d38c07e2acfb8ea => (w2k3 has a bug here!) newuser2princ@sub1.w2k3.vmnet1.vm.base::TestPwd2007
+	 * e1e244ab7f098e3ae1761be7f9229bbb => NEWUSER2PRINC@SUB1.W2K3.VMNET1.VM.BASE::TestPwd2007
+	 * 86db637df42513039920e605499c3af6 => SUB1\NewUser2Sam::TestPwd2007
+	 * f5e43474dfaf067fee8197a253debaa2 => sub1\newuser2sam::TestPwd2007
+	 * 2ecaa8382e2518e4b77a52422b279467 => SUB1\NEWUSER2SAM::TestPwd2007
+	 * 31dc704d3640335b2123d4ee28aa1f11 => ??? changes with NewUser2Sam => NewUser1Sam
+	 * 36349f5cecd07320fb3bb0e119230c43 => ??? changes with NewUser2Sam => NewUser1Sam
+	 * 12adf019d037fb535c01fd0608e78d9d => ??? changes with NewUser2Sam => NewUser1Sam
+	 * 6feecf8e724906f3ee1105819c5105a1 => ??? changes with NewUser2Princ => NewUser1Princ
+	 * 6c6911f3de6333422640221b9c51ff1f => ??? changes with NewUser2Princ => NewUser1Princ
+	 * 4b279877e742895f9348ac67a8de2f69 => ??? changes with NewUser2Princ => NewUser1Princ
+	 * db0c6bff069513e3ebb9870d29b57490 => ??? changes with NewUser2Sam => NewUser1Sam
+	 * 45072621e56b1c113a4e04a8ff68cd0e => ??? changes with NewUser2Sam => NewUser1Sam
+	 * 11d1220abc44a9c10cf91ef4a9c1de02 => ??? changes with NewUser2Sam => NewUser1Sam
+	 *
+	 * dn: CN=NewUser,OU=newtop,DC=sub1,DC=w2k3,DC=vmnet1,DC=vm,DC=base
+	 * sAMAccountName: NewUser2Sam
+	 *
+	 * 4279815024bda54fc074a5f8bd0a6e6f => NewUser2Sam:SUB1:TestPwd2007
+	 * b7ec9da91062199aee7d121e6710fe23 => newuser2sam:sub1:TestPwd2007
+	 * 17d290bc5c9f463fac54c37a8cea134d => NEWUSER2SAM:SUB1:TestPwd2007
+	 * 4279815024bda54fc074a5f8bd0a6e6f => NewUser2Sam:SUB1:TestPwd2007
+	 * 5d57e7823938348127322e08cd81bcb5 => NewUser2Sam:sub1:TestPwd2007
+	 * 07dd701bf8a011ece585de3d47237140 => NEWUSER2SAM:sub1:TestPwd2007
+	 * e14fb0eb401498d2cb33c9aae1cc7f37 => newuser2sam:SUB1:TestPwd2007
+	 * 8dadc90250f873d8b883f79d890bef82 => NewUser2Sam:sub1.w2k3.vmnet1.vm.base:TestPwd2007
+	 * f52da1266a6bdd290ffd48b2c823dda7 => newuser2sam:sub1.w2k3.vmnet1.vm.base:TestPwd2007
+	 * d2b42f171248cec37a3c5c6b55404062 => NEWUSER2SAM:SUB1.W2K3.VMNET1.VM.BASE:TestPwd2007
+	 * fff8d790ff6c152aaeb6ebe17b4021de => NewUser2Sam:SUB1.W2K3.VMNET1.VM.BASE:TestPwd2007
+	 * 8dadc90250f873d8b883f79d890bef82 => NewUser2Sam:sub1.w2k3.vmnet1.vm.base:TestPwd2007
+	 * 2a7563c3715bc418d626dabef378c008 => NEWUSER2SAM:sub1.w2k3.vmnet1.vm.base:TestPwd2007
+	 * c8e9557a87cd4200fda0c11d2fa03f96 => newuser2sam:SUB1.W2K3.VMNET1.VM.BASE:TestPwd2007
+	 * 8a140d30b6f0a5912735dc1e3bc993b4 => NewUser2Sam@sub1.w2k3.vmnet1.vm.base::TestPwd2007
+	 * 86d95b2faae6cae4ec261e7fbaccf093 => (here w2k3 is correct) newuser2sam@sub1.w2k3.vmnet1.vm.base::TestPwd2007
+	 * dfeff1493110220efcdfc6362e5f5450 => NEWUSER2SAM@SUB1.W2K3.VMNET1.VM.BASE::TestPwd2007
+	 * 86db637df42513039920e605499c3af6 => SUB1\NewUser2Sam::TestPwd2007
+	 * f5e43474dfaf067fee8197a253debaa2 => sub1\newuser2sam::TestPwd2007
+	 * 2ecaa8382e2518e4b77a52422b279467 => SUB1\NEWUSER2SAM::TestPwd2007
+	 * 31dc704d3640335b2123d4ee28aa1f11 => ???M1   changes with NewUser2Sam => NewUser1Sam
+	 * 36349f5cecd07320fb3bb0e119230c43 => ???M1.L changes with newuser2sam => newuser1sam
+	 * 12adf019d037fb535c01fd0608e78d9d => ???M1.U changes with NEWUSER2SAM => NEWUSER1SAM
+	 * 569b4533f2d9e580211dd040e5e360a8 => ???M2   changes with NewUser2Princ => NewUser1Princ
+	 * 52528bddf310a587c5d7e6a9ae2cbb20 => ???M2.L changes with newuser2princ => newuser1princ
+	 * 4f629a4f0361289ca4255ab0f658fcd5 => ???M3 changes with NewUser2Princ => NewUser1Princ (doesn't depend on case of userPrincipal )
+	 * db0c6bff069513e3ebb9870d29b57490 => ???M4 changes with NewUser2Sam => NewUser1Sam
+	 * 45072621e56b1c113a4e04a8ff68cd0e => ???M5 changes with NewUser2Sam => NewUser1Sam (doesn't depend on case of sAMAccountName)
+	 * 11d1220abc44a9c10cf91ef4a9c1de02 => ???M4.U changes with NEWUSER2SAM => NEWUSER1SAM
+	 */
+
+	/*
+	 * sAMAccountName, netbios_domain
+	 */
+		{
+		.user	= &sAMAccountName,
+		.realm	= &netbios_domain,
+		},
+		{
+		.user	= &sAMAccountName_l,
+		.realm	= &netbios_domain_l,
+		},
+		{
+		.user	= &sAMAccountName_u,
+		.realm	= &netbios_domain_u,
+		},
+		{
+		.user	= &sAMAccountName,
+		.realm	= &netbios_domain_u,
+		},
+		{
+		.user	= &sAMAccountName,
+		.realm	= &netbios_domain_l,
+		},
+		{
+		.user	= &sAMAccountName_u,
+		.realm	= &netbios_domain_l,
+		},
+		{
+		.user	= &sAMAccountName_l,
+		.realm	= &netbios_domain_u,
+		},
+	/*
+	 * sAMAccountName, dns_domain
+	 *
+	 * TODO:
+	 * Windows preserves the case of the DNS domain,
+	 * Samba lower cases the domain at provision time
+	 * This means that for mixed case Domains, the WDigest08 hash
+	 * calculated by Samba differs from that calculated by Windows.
+	 * Until we get a real world use case this will remain a known
+	 * bug, as changing the case could have unforeseen impacts.
+	 *
+	 */
+		{
+		.user	= &sAMAccountName,
+		.realm	= &dns_domain,
+		},
+		{
+		.user	= &sAMAccountName_l,
+		.realm	= &dns_domain_l,
+		},
+		{
+		.user	= &sAMAccountName_u,
+		.realm	= &dns_domain_u,
+		},
+		{
+		.user	= &sAMAccountName,
+		.realm	= &dns_domain_u,
+		},
+		{
+		.user	= &sAMAccountName,
+		.realm	= &dns_domain_l,
+		},
+		{
+		.user	= &sAMAccountName_u,
+		.realm	= &dns_domain_l,
+		},
+		{
+		.user	= &sAMAccountName_l,
+		.realm	= &dns_domain_u,
+		},
+	/* 
+	 * userPrincipalName, no realm
+	 */
+		{
+		.user	= &userPrincipalName,
+		},
+		{
+		/* 
+		 * NOTE: w2k3 messes this up, if the user has a real userPrincipalName,
+		 *       the fallback to the sAMAccountName based userPrincipalName is correct
+		 */
+		.user	= &userPrincipalName_l,
+		},
+		{
+		.user	= &userPrincipalName_u,
+		},
+	/* 
+	 * nt4dom\sAMAccountName, no realm
+	 */
+		{
+		.user	= &sAMAccountName,
+		.nt4dom	= &netbios_domain
+		},
+		{
+		.user	= &sAMAccountName_l,
+		.nt4dom	= &netbios_domain_l
+		},
+		{
+		.user	= &sAMAccountName_u,
+		.nt4dom	= &netbios_domain_u
+		},
+
+	/*
+	 * the following ones are guessed depending on the technet2 article
+	 * but not reproducible on a w2k3 server
+	 */
+	/* sAMAccountName with "Digest" realm */
+		{
+		.user 	= &sAMAccountName,
+		.realm	= &digest
+		},
+		{
+		.user 	= &sAMAccountName_l,
+		.realm	= &digest
+		},
+		{
+		.user 	= &sAMAccountName_u,
+		.realm	= &digest
+		},
+	/* userPrincipalName with "Digest" realm */
+		{
+		.user	= &userPrincipalName,
+		.realm	= &digest
+		},
+		{
+		.user	= &userPrincipalName_l,
+		.realm	= &digest
+		},
+		{
+		.user	= &userPrincipalName_u,
+		.realm	= &digest
+		},
+	/* nt4dom\\sAMAccountName with "Digest" realm */
+		{
+		.user 	= &sAMAccountName,
+		.nt4dom	= &netbios_domain,
+		.realm	= &digest
+		},
+		{
+		.user 	= &sAMAccountName_l,
+		.nt4dom	= &netbios_domain_l,
+		.realm	= &digest
+		},
+		{
+		.user 	= &sAMAccountName_u,
+		.nt4dom	= &netbios_domain_u,
+		.realm	= &digest
+		},
+	};
+	int rc = LDB_ERR_OTHER;
+
+	/* prepare DATA_BLOB's used in the combinations array */
+	sAMAccountName		= data_blob_string_const(io->u.sAMAccountName);
+	sAMAccountName_l	= data_blob_string_const(strlower_talloc(io->ac, io->u.sAMAccountName));
+	if (!sAMAccountName_l.data) {
+		return ldb_oom(ldb);
+	}
+	sAMAccountName_u	= data_blob_string_const(strupper_talloc(io->ac, io->u.sAMAccountName));
+	if (!sAMAccountName_u.data) {
+		return ldb_oom(ldb);
+	}
+
+	/* if the user doesn't have a userPrincipalName, create one (with lower case realm) */
+	if (!user_principal_name) {
+		user_principal_name = talloc_asprintf(io->ac, "%s@%s",
+						      io->u.sAMAccountName,
+						      io->ac->status->domain_data.dns_domain);
+		if (!user_principal_name) {
+			return ldb_oom(ldb);
+		}	
+	}
+	userPrincipalName	= data_blob_string_const(user_principal_name);
+	userPrincipalName_l	= data_blob_string_const(strlower_talloc(io->ac, user_principal_name));
+	if (!userPrincipalName_l.data) {
+		return ldb_oom(ldb);
+	}
+	userPrincipalName_u	= data_blob_string_const(strupper_talloc(io->ac, user_principal_name));
+	if (!userPrincipalName_u.data) {
+		return ldb_oom(ldb);
+	}
+
+	netbios_domain		= data_blob_string_const(io->ac->status->domain_data.netbios_domain);
+	netbios_domain_l	= data_blob_string_const(strlower_talloc(io->ac,
+									 io->ac->status->domain_data.netbios_domain));
+	if (!netbios_domain_l.data) {
+		return ldb_oom(ldb);
+	}
+	netbios_domain_u	= data_blob_string_const(strupper_talloc(io->ac,
+									 io->ac->status->domain_data.netbios_domain));
+	if (!netbios_domain_u.data) {
+		return ldb_oom(ldb);
+	}
+
+	dns_domain		= data_blob_string_const(io->ac->status->domain_data.dns_domain);
+	dns_domain_l		= data_blob_string_const(io->ac->status->domain_data.dns_domain);
+	dns_domain_u		= data_blob_string_const(io->ac->status->domain_data.realm);
+
+	digest			= data_blob_string_const("Digest");
+
+	delim			= data_blob_string_const(":");
+	backslash		= data_blob_string_const("\\");
+
+	pdb->num_hashes	= ARRAY_SIZE(wdigest);
+	pdb->hashes	= talloc_array(io->ac, struct package_PrimaryWDigestHash,
+				       pdb->num_hashes);
+	if (!pdb->hashes) {
+		return ldb_oom(ldb);
+	}
+
+	for (i=0; i < ARRAY_SIZE(wdigest); i++) {
+		gnutls_hash_hd_t hash_hnd = NULL;
+
+		rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
+		if (rc < 0) {
+			rc = ldb_oom(ldb);
+			goto out;
+		}
+
+		if (wdigest[i].nt4dom) {
+			rc = gnutls_hash(hash_hnd,
+					  wdigest[i].nt4dom->data,
+					  wdigest[i].nt4dom->length);
+			if (rc < 0) {
+				gnutls_hash_deinit(hash_hnd, NULL);
+				rc = LDB_ERR_UNWILLING_TO_PERFORM;
+				goto out;
+			}
+			rc = gnutls_hash(hash_hnd,
+					  backslash.data,
+					  backslash.length);
+			if (rc < 0) {
+				gnutls_hash_deinit(hash_hnd, NULL);
+				rc = LDB_ERR_UNWILLING_TO_PERFORM;
+				goto out;
+			}
+		}
+		rc = gnutls_hash(hash_hnd,
+				 wdigest[i].user->data,
+				 wdigest[i].user->length);
+		if (rc < 0) {
+			gnutls_hash_deinit(hash_hnd, NULL);
+			rc = LDB_ERR_UNWILLING_TO_PERFORM;
+			goto out;
+		}
+		rc = gnutls_hash(hash_hnd, delim.data, delim.length);
+		if (rc < 0) {
+			gnutls_hash_deinit(hash_hnd, NULL);
+			rc = LDB_ERR_UNWILLING_TO_PERFORM;
+			goto out;
+		}
+		if (wdigest[i].realm) {
+			rc = gnutls_hash(hash_hnd,
+					 wdigest[i].realm->data,
+					 wdigest[i].realm->length);
+			if (rc < 0) {
+				gnutls_hash_deinit(hash_hnd, NULL);
+				rc = LDB_ERR_UNWILLING_TO_PERFORM;
+				goto out;
+			}
+		}
+		rc = gnutls_hash(hash_hnd, delim.data, delim.length);
+		if (rc < 0) {
+			gnutls_hash_deinit(hash_hnd, NULL);
+			rc = LDB_ERR_UNWILLING_TO_PERFORM;
+			goto out;
+		}
+		rc = gnutls_hash(hash_hnd,
+				  io->n.cleartext_utf8->data,
+				  io->n.cleartext_utf8->length);
+		if (rc < 0) {
+			gnutls_hash_deinit(hash_hnd, NULL);
+			rc = LDB_ERR_UNWILLING_TO_PERFORM;
+			goto out;
+		}
+
+		gnutls_hash_deinit(hash_hnd, pdb->hashes[i].hash);
+	}
+
+	rc = LDB_SUCCESS;
+out:
+	return rc;
+}
+
+#define SHA_SALT_PERMITTED_CHARS "abcdefghijklmnopqrstuvwxyz" \
+				 "ABCDEFGHIJKLMNOPQRSTUVWXYZ" \
+				 "0123456789./"
+#define SHA_SALT_SIZE 16
+#define SHA_256_SCHEME "CryptSHA256"
+#define SHA_512_SCHEME "CryptSHA512"
+#define CRYPT "{CRYPT}"
+#define SHA_ID_LEN 3
+#define SHA_256_ALGORITHM_ID 5
+#define SHA_512_ALGORITHM_ID 6
+#define ROUNDS_PARAMETER "rounds="
+
+/*
+ * Extract the crypt (3) algorithm number and number of hash rounds from the
+ * supplied scheme string
+ */
+static bool parse_scheme(const char *scheme, int *algorithm, int *rounds) {
+
+	const char *rp = NULL; /* Pointer to the 'rounds=' option */
+	char digits[21];       /* digits extracted from the rounds option */
+	int i = 0;             /* loop index variable */
+
+	if (strncasecmp(SHA_256_SCHEME, scheme, strlen(SHA_256_SCHEME)) == 0) {
+		*algorithm = SHA_256_ALGORITHM_ID;
+	} else if (strncasecmp(SHA_512_SCHEME, scheme, strlen(SHA_256_SCHEME))
+		   == 0) {
+		*algorithm = SHA_512_ALGORITHM_ID;
+	} else {
+		return false;
+	}
+
+	rp = strcasestr(scheme, ROUNDS_PARAMETER);
+	if (rp == NULL) {
+		/* No options specified, use crypt default number of rounds */
+		*rounds = 0;
+		return true;
+	}
+	rp += strlen(ROUNDS_PARAMETER);
+	for (i = 0; isdigit(rp[i]) && i < (sizeof(digits) - 1); i++) {
+		digits[i] = rp[i];
+	}
+	digits[i] = '\0';
+	*rounds = atoi(digits);
+	return true;
+}
+
+/*
+ * Calculate the password hash specified by scheme, and return it in
+ * hash_value
+ */
+static int setup_primary_userPassword_hash(
+	TALLOC_CTX *ctx,
+	struct setup_password_fields_io *io,
+	const char* scheme,
+	struct package_PrimaryUserPasswordValue *hash_value)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(io->ac->module);
+	const char *salt = NULL;        /* Randomly generated salt */
+	const char *cmd = NULL;         /* command passed to crypt */
+	const char *hash = NULL;        /* password hash generated by crypt */
+	int algorithm = 0;              /* crypt hash algorithm number */
+	int rounds = 0;                 /* The number of hash rounds */
+	DATA_BLOB *hash_blob = NULL;
+	TALLOC_CTX *frame = talloc_stackframe();
+#if defined(HAVE_CRYPT_R) || defined(HAVE_CRYPT_RN)
+	struct crypt_data crypt_data = {
+		.initialized = 0        /* working storage used by crypt */
+	};
+#endif
+
+	/* Generate a random password salt */
+	salt = generate_random_str_list(frame,
+					SHA_SALT_SIZE,
+					SHA_SALT_PERMITTED_CHARS);
+	if (salt == NULL) {
+		TALLOC_FREE(frame);
+		return ldb_oom(ldb);
+	}
+
+	/* determine the hashing algorithm and number of rounds*/
+	if (!parse_scheme(scheme, &algorithm, &rounds)) {
+		ldb_asprintf_errstring(
+			ldb,
+		        "setup_primary_userPassword: Invalid scheme of [%s] "
+			"specified for 'password hash userPassword schemes' in "
+			"samba.conf",
+			scheme);
+		TALLOC_FREE(frame);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	hash_value->scheme = talloc_strdup(ctx, CRYPT);
+	if (hash_value->scheme == NULL) {
+		TALLOC_FREE(frame);
+		return ldb_oom(ldb);
+	}
+	hash_value->scheme_len = strlen(CRYPT) + 1;
+
+	/* generate the id/salt parameter used by crypt */
+	if (rounds) {
+		cmd = talloc_asprintf(frame,
+			              "$%d$rounds=%d$%s",
+				      algorithm,
+				      rounds,
+				      salt);
+		if (cmd == NULL) {
+			TALLOC_FREE(frame);
+			return ldb_oom(ldb);
+		}
+	} else {
+		cmd = talloc_asprintf(frame, "$%d$%s", algorithm, salt);
+		if (cmd == NULL) {
+			TALLOC_FREE(frame);
+			return ldb_oom(ldb);
+		}
+	}
+
+	/*
+	 * Relies on the assertion that cleartext_utf8->data is a zero
+	 * terminated UTF-8 string
+	 */
+
+	/*
+	 * crypt_r() and crypt() may return a null pointer upon error
+	 * depending on how libcrypt was configured, so we prefer
+	 * crypt_rn() from libcrypt / libxcrypt which always returns
+	 * NULL on error.
+	 *
+	 * POSIX specifies returning a null pointer and setting
+	 * errno.
+	 *
+	 * RHEL 7 (which does not use libcrypt / libxcrypt) returns a
+	 * non-NULL pointer from crypt_r() on success but (always?)
+	 * sets errno during internal processing in the NSS crypto
+	 * subsystem.
+	 *
+	 * By preferring crypt_rn we avoid the 'return non-NULL but
+	 * set-errno' that we otherwise cannot tell apart from the
+	 * RHEL 7 behaviour.
+	 */
+	errno = 0;
+
+#ifdef HAVE_CRYPT_RN
+	hash = crypt_rn((char *)io->n.cleartext_utf8->data,
+			cmd,
+			&crypt_data,
+			sizeof(crypt_data));
+#elif HAVE_CRYPT_R
+	hash = crypt_r((char *)io->n.cleartext_utf8->data, cmd, &crypt_data);
+#else
+	/*
+	 * No crypt_r falling back to crypt, which is NOT thread safe
+	 * Thread safety MT-Unsafe race:crypt
+	 */
+	hash = crypt((char *)io->n.cleartext_utf8->data, cmd);
+#endif
+	/*
+	* On error, crypt() and crypt_r() may return a null pointer,
+	* or a pointer to an invalid hash beginning with a '*'.
+	*/
+	if (hash == NULL || hash[0] == '*') {
+		char buf[1024];
+		const char *reason = NULL;
+		if (errno == ERANGE) {
+			reason = "Password exceeds maximum length allowed for crypt() hashing";
+		} else {
+			int err = strerror_r(errno, buf, sizeof(buf));
+			if (err == 0) {
+				reason = buf;
+			} else {
+				reason = "Unknown error";
+			}
+		}
+		ldb_asprintf_errstring(
+			ldb,
+			"setup_primary_userPassword: generation of a %s "
+			"password hash failed: (%s)",
+			scheme,
+			reason);
+		TALLOC_FREE(frame);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	hash_blob = talloc_zero(ctx, DATA_BLOB);
+
+	if (hash_blob == NULL) {
+		TALLOC_FREE(frame);
+		return ldb_oom(ldb);
+	}
+
+	*hash_blob =  data_blob_talloc(hash_blob,
+				       (const uint8_t *)hash,
+				       strlen(hash));
+	if (hash_blob->data == NULL) {
+		TALLOC_FREE(frame);
+		return ldb_oom(ldb);
+	}
+	hash_value->value = hash_blob;
+	TALLOC_FREE(frame);
+	return LDB_SUCCESS;
+}
+
+/*
+ * Calculate the desired extra password hashes
+ */
+static int setup_primary_userPassword(
+	struct setup_password_fields_io *io,
+	const struct supplementalCredentialsBlob *old_scb,
+	struct package_PrimaryUserPasswordBlob *p_userPassword_b)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(io->ac->module);
+	TALLOC_CTX *frame = talloc_stackframe();
+	int i;
+	int ret;
+
+	/*
+	 * Save the current nt_hash, use this to determine if the password
+	 * has been changed by windows. Which will invalidate the userPassword
+	 * hash. Note once NTLM-Strong-NOWTF becomes available it should be
+	 * used in preference to the NT password hash
+	 */
+	if (io->g.nt_hash == NULL) {
+		/*
+		 * When the NT hash is not available, we use this field to store
+		 * the first 16 bytes of the AES256 key instead. This allows
+		 * 'samba-tool user' to verify that the user's password is in
+		 * sync with the userPassword package.
+		 */
+		uint8_t hash_len = MIN(16, io->g.aes_256.length);
+
+		ZERO_STRUCT(p_userPassword_b->current_nt_hash);
+		memcpy(p_userPassword_b->current_nt_hash.hash,
+		       io->g.aes_256.data,
+		       hash_len);
+	} else {
+		p_userPassword_b->current_nt_hash = *io->g.nt_hash;
+	}
+
+	/*
+	 * Determine the number of hashes
+	 * Note: that currently there is no limit on the number of hashes
+	 *       no checking is done on the number of schemes specified
+	 *       or for uniqueness.
+	 */
+	p_userPassword_b->num_hashes = 0;
+	for (i = 0; io->ac->userPassword_schemes[i]; i++) {
+		p_userPassword_b->num_hashes++;
+	}
+
+	p_userPassword_b->hashes
+		= talloc_array(io->ac,
+			       struct package_PrimaryUserPasswordValue,
+			       p_userPassword_b->num_hashes);
+	if (p_userPassword_b->hashes == NULL) {
+		TALLOC_FREE(frame);
+		return ldb_oom(ldb);
+	}
+
+	for (i = 0; io->ac->userPassword_schemes[i]; i++) {
+		ret = setup_primary_userPassword_hash(
+			p_userPassword_b->hashes,
+			io,
+			io->ac->userPassword_schemes[i],
+			&p_userPassword_b->hashes[i]);
+		if (ret != LDB_SUCCESS) {
+			TALLOC_FREE(frame);
+			return ret;
+		}
+	}
+	TALLOC_FREE(frame);
+	return LDB_SUCCESS;
+}
+
+
+static int setup_primary_samba_gpg(struct setup_password_fields_io *io,
+				   struct package_PrimarySambaGPGBlob *pgb)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(io->ac->module);
+#ifdef ENABLE_GPGME
+	gpgme_error_t gret;
+	gpgme_ctx_t ctx = NULL;
+	size_t num_keys = str_list_length(io->ac->gpg_key_ids);
+	gpgme_key_t keys[num_keys+1];
+	size_t ki = 0;
+	size_t kr = 0;
+	gpgme_data_t plain_data = NULL;
+	gpgme_data_t crypt_data = NULL;
+	size_t crypt_length = 0;
+	char *crypt_mem = NULL;
+
+	gret = gpgme_new(&ctx);
+	if (gret != GPG_ERR_NO_ERROR) {
+		ldb_debug(ldb, LDB_DEBUG_ERROR,
+			  "%s:%s: gret[%u] %s\n",
+			  __location__, __func__,
+			  gret, gpgme_strerror(gret));
+		return ldb_module_operr(io->ac->module);
+	}
+
+	gpgme_set_armor(ctx, 1);
+
+	gret = gpgme_data_new_from_mem(&plain_data,
+				       (const char *)io->n.cleartext_utf16->data,
+				       io->n.cleartext_utf16->length,
+				       0 /* no copy */);
+	if (gret != GPG_ERR_NO_ERROR) {
+		ldb_debug(ldb, LDB_DEBUG_ERROR,
+			  "%s:%s: gret[%u] %s\n",
+			  __location__, __func__,
+			  gret, gpgme_strerror(gret));
+		gpgme_release(ctx);
+		return ldb_module_operr(io->ac->module);
+	}
+	gret = gpgme_data_new(&crypt_data);
+	if (gret != GPG_ERR_NO_ERROR) {
+		ldb_debug(ldb, LDB_DEBUG_ERROR,
+			  "%s:%s: gret[%u] %s\n",
+			  __location__, __func__,
+			  gret, gpgme_strerror(gret));
+		gpgme_data_release(plain_data);
+		gpgme_release(ctx);
+		return ldb_module_operr(io->ac->module);
+	}
+
+	for (ki = 0; ki < num_keys; ki++) {
+		const char *key_id = io->ac->gpg_key_ids[ki];
+		size_t len = strlen(key_id);
+
+		keys[ki] = NULL;
+
+		if (len < 16) {
+			ldb_debug(ldb, LDB_DEBUG_FATAL,
+				  "%s:%s: ki[%zu] key_id[%s] strlen < 16, "
+				  "please specify at least the 64bit key id\n",
+				  __location__, __func__,
+				  ki, key_id);
+			for (kr = 0; keys[kr] != NULL; kr++) {
+				gpgme_key_release(keys[kr]);
+			}
+			gpgme_data_release(crypt_data);
+			gpgme_data_release(plain_data);
+			gpgme_release(ctx);
+			return ldb_module_operr(io->ac->module);
+		}
+
+		gret = gpgme_get_key(ctx, key_id, &keys[ki], 0 /* public key */);
+		if (gret != GPG_ERR_NO_ERROR) {
+			keys[ki] = NULL;
+			if (gpg_err_source(gret) == GPG_ERR_SOURCE_GPGME
+			    && gpg_err_code(gret) == GPG_ERR_EOF) {
+				ldb_debug(ldb, LDB_DEBUG_ERROR,
+					  "Invalid "
+					  "'password hash gpg key ids': "
+					  "Public Key ID [%s] "
+					  "not found in keyring\n",
+					  key_id);
+
+			} else {
+				ldb_debug(ldb, LDB_DEBUG_ERROR,
+					  "%s:%s: ki[%zu] key_id[%s] "
+					  "gret[%u] %s\n",
+					  __location__, __func__,
+					  ki, key_id,
+					  gret, gpgme_strerror(gret));
+			}
+			for (kr = 0; keys[kr] != NULL; kr++) {
+				gpgme_key_release(keys[kr]);
+			}
+			gpgme_data_release(crypt_data);
+			gpgme_data_release(plain_data);
+			gpgme_release(ctx);
+			return ldb_module_operr(io->ac->module);
+		}
+	}
+	keys[ki] = NULL;
+
+	gret = gpgme_op_encrypt(ctx, keys,
+				GPGME_ENCRYPT_ALWAYS_TRUST,
+				plain_data, crypt_data);
+	gpgme_data_release(plain_data);
+	plain_data = NULL;
+	for (kr = 0; keys[kr] != NULL; kr++) {
+		gpgme_key_release(keys[kr]);
+		keys[kr] = NULL;
+	}
+	gpgme_release(ctx);
+	ctx = NULL;
+	if (gret != GPG_ERR_NO_ERROR) {
+		ldb_debug(ldb, LDB_DEBUG_ERROR,
+			  "%s:%s: gret[%u] %s\n",
+			  __location__, __func__,
+			  gret, gpgme_strerror(gret));
+		gpgme_data_release(crypt_data);
+		return ldb_module_operr(io->ac->module);
+	}
+
+	crypt_mem = gpgme_data_release_and_get_mem(crypt_data, &crypt_length);
+	crypt_data = NULL;
+	if (crypt_mem == NULL) {
+		return ldb_module_oom(io->ac->module);
+	}
+
+	pgb->gpg_blob = data_blob_talloc(io->ac,
+					 (const uint8_t *)crypt_mem,
+					 crypt_length);
+	gpgme_free(crypt_mem);
+	crypt_mem = NULL;
+	crypt_length = 0;
+	if (pgb->gpg_blob.data == NULL) {
+		return ldb_module_oom(io->ac->module);
+	}
+
+	return LDB_SUCCESS;
+#else /* ENABLE_GPGME */
+	ldb_debug_set(ldb, LDB_DEBUG_FATAL,
+		      "You configured 'password hash gpg key ids', "
+		      "but GPGME support is missing. (%s:%d)",
+		      __FILE__, __LINE__);
+	return LDB_ERR_UNWILLING_TO_PERFORM;
+#endif /* else ENABLE_GPGME */
+}
+
+#define NUM_PACKAGES 6
+static int setup_supplemental_field(struct setup_password_fields_io *io)
+{
+	struct ldb_context *ldb;
+	struct supplementalCredentialsBlob scb = {};
+	struct supplementalCredentialsBlob *old_scb = NULL;
+	/*
+	 * Packages +
+	 * ( Kerberos-Newer-Keys, Kerberos,
+	 *   WDigest, CLEARTEXT, userPassword, SambaGPG)
+	 */
+	uint32_t num_names = 0;
+	const char *names[1+NUM_PACKAGES] = {};
+	uint32_t num_packages = 0;
+	struct supplementalCredentialsPackage packages[1+NUM_PACKAGES] = {};
+	struct supplementalCredentialsPackage *pp = packages;
+	int ret;
+	enum ndr_err_code ndr_err;
+	bool do_newer_keys = false;
+	bool do_cleartext = false;
+	bool do_samba_gpg = false;
+	struct loadparm_context *lp_ctx = NULL;
+
+	ldb = ldb_module_get_ctx(io->ac->module);
+	lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"),
+				 struct loadparm_context);
+
+	if (!io->n.cleartext_utf8) {
+		/*
+		 * when we don't have a cleartext password
+		 * we can't setup a supplementalCredentials value
+		 */
+		return LDB_SUCCESS;
+	}
+
+	/* if there's an old supplementalCredentials blob then use it */
+	if (io->o.supplemental) {
+		if (io->o.scb.sub.signature == SUPPLEMENTAL_CREDENTIALS_SIGNATURE) {
+			old_scb = &io->o.scb;
+		} else {
+			ldb_debug(ldb, LDB_DEBUG_ERROR,
+				  "setup_supplemental_field: "
+				  "supplementalCredentialsBlob "
+				  "signature[0x%04X] expected[0x%04X]",
+				  io->o.scb.sub.signature,
+				  SUPPLEMENTAL_CREDENTIALS_SIGNATURE);
+		}
+	}
+	/* Per MS-SAMR 3.1.1.8.11.6 we create AES keys if our domain functionality level is 2008 or higher */
+
+
+
+	/*
+	 * The ordering is this
+	 *
+	 * Primary:Kerberos-Newer-Keys (optional)
+	 * Primary:Kerberos
+	 * Primary:WDigest
+	 * Primary:CLEARTEXT (optional)
+	 * Primary:userPassword
+	 * Primary:SambaGPG (optional)
+	 *
+	 * And the 'Packages' package is insert before the last
+	 * other package.
+	 *
+	 * Note: it's important that Primary:SambaGPG is added as
+	 * the last element. This is the indication that it matches
+	 * the current password. When a password change happens on
+	 * a Windows DC, it will keep the old Primary:SambaGPG value,
+	 * but as the first element.
+	 */
+	do_newer_keys = (dsdb_functional_level(ldb) >= DS_DOMAIN_FUNCTION_2008);
+	if (do_newer_keys) {
+		struct package_PrimaryKerberosBlob pknb;
+		DATA_BLOB pknb_blob;
+		char *pknb_hexstr;
+		/*
+		 * setup 'Primary:Kerberos-Newer-Keys' element
+		 */
+		names[num_names++] = "Kerberos-Newer-Keys";
+
+		ret = setup_primary_kerberos_newer(io, old_scb, &pknb);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		ndr_err = ndr_push_struct_blob(
+			&pknb_blob, io->ac,
+			&pknb,
+			(ndr_push_flags_fn_t)ndr_push_package_PrimaryKerberosBlob);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
+			ldb_asprintf_errstring(
+				ldb,
+				"setup_supplemental_field: "
+				"failed to push "
+				"package_PrimaryKerberosNeverBlob: %s",
+				nt_errstr(status));
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+		pknb_hexstr = data_blob_hex_string_upper(io->ac, &pknb_blob);
+		if (!pknb_hexstr) {
+			return ldb_oom(ldb);
+		}
+		pp->name	= "Primary:Kerberos-Newer-Keys";
+		pp->reserved	= 1;
+		pp->data	= pknb_hexstr;
+		pp++;
+		num_packages++;
+	}
+
+	{
+		/*
+		 * setup 'Primary:Kerberos' element
+		 */
+		/* Primary:Kerberos */
+		struct package_PrimaryKerberosBlob pkb;
+		DATA_BLOB pkb_blob;
+		char *pkb_hexstr;
+
+		names[num_names++] = "Kerberos";
+
+		ret = setup_primary_kerberos(io, old_scb, &pkb);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		ndr_err = ndr_push_struct_blob(
+			&pkb_blob, io->ac,
+			&pkb,
+			(ndr_push_flags_fn_t)ndr_push_package_PrimaryKerberosBlob);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
+			ldb_asprintf_errstring(
+				ldb,
+				"setup_supplemental_field: "
+				"failed to push package_PrimaryKerberosBlob: %s",
+				nt_errstr(status));
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+		pkb_hexstr = data_blob_hex_string_upper(io->ac, &pkb_blob);
+		if (!pkb_hexstr) {
+			return ldb_oom(ldb);
+		}
+		pp->name	= "Primary:Kerberos";
+		pp->reserved	= 1;
+		pp->data	= pkb_hexstr;
+		pp++;
+		num_packages++;
+	}
+
+	if (lpcfg_weak_crypto(lp_ctx) == SAMBA_WEAK_CRYPTO_ALLOWED) {
+		/*
+		 * setup 'Primary:WDigest' element
+		 */
+		struct package_PrimaryWDigestBlob pdb;
+		DATA_BLOB pdb_blob;
+		char *pdb_hexstr;
+
+		names[num_names++] = "WDigest";
+
+		ret = setup_primary_wdigest(io, old_scb, &pdb);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		ndr_err = ndr_push_struct_blob(
+			&pdb_blob, io->ac,
+			&pdb,
+			(ndr_push_flags_fn_t)ndr_push_package_PrimaryWDigestBlob);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
+			ldb_asprintf_errstring(
+				ldb,
+				"setup_supplemental_field: "
+				"failed to push package_PrimaryWDigestBlob: %s",
+				nt_errstr(status));
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+		pdb_hexstr = data_blob_hex_string_upper(io->ac, &pdb_blob);
+		if (!pdb_hexstr) {
+			return ldb_oom(ldb);
+		}
+		pp->name	= "Primary:WDigest";
+		pp->reserved	= 1;
+		pp->data	= pdb_hexstr;
+		pp++;
+		num_packages++;
+	}
+
+	/*
+	 * setup 'Primary:CLEARTEXT' element
+	 */
+	if (io->ac->status->domain_data.store_cleartext &&
+	    (io->u.userAccountControl & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED)) {
+		do_cleartext = true;
+	}
+	if (do_cleartext) {
+		struct package_PrimaryCLEARTEXTBlob pcb;
+		DATA_BLOB pcb_blob;
+		char *pcb_hexstr;
+
+		names[num_names++] = "CLEARTEXT";
+
+		pcb.cleartext	= *io->n.cleartext_utf16;
+
+		ndr_err = ndr_push_struct_blob(
+			&pcb_blob, io->ac,
+			&pcb,
+			(ndr_push_flags_fn_t)ndr_push_package_PrimaryCLEARTEXTBlob);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
+			ldb_asprintf_errstring(
+				ldb,
+				"setup_supplemental_field: "
+				"failed to push package_PrimaryCLEARTEXTBlob: %s",
+				nt_errstr(status));
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+		pcb_hexstr = data_blob_hex_string_upper(io->ac, &pcb_blob);
+		if (!pcb_hexstr) {
+			return ldb_oom(ldb);
+		}
+		pp->name	= "Primary:CLEARTEXT";
+		pp->reserved	= 1;
+		pp->data	= pcb_hexstr;
+		pp++;
+		num_packages++;
+	}
+
+	/*
+	 * Don't generate crypt() or similar password for the krbtgt account.
+	 * It's unnecessary, and the length of the cleartext in UTF-8 form
+	 * exceeds the maximum (CRYPT_MAX_PASSPHRASE_SIZE) allowed by crypt().
+	 */
+	if (io->ac->userPassword_schemes && !io->u.is_krbtgt) {
+		/*
+		 * setup 'Primary:userPassword' element
+		 */
+		struct package_PrimaryUserPasswordBlob
+			p_userPassword_b;
+		DATA_BLOB p_userPassword_b_blob;
+		char *p_userPassword_b_hexstr;
+
+		names[num_names++] = "userPassword";
+
+		ret = setup_primary_userPassword(io,
+						 old_scb,
+						 &p_userPassword_b);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		ndr_err = ndr_push_struct_blob(
+			&p_userPassword_b_blob,
+			io->ac,
+			&p_userPassword_b,
+			(ndr_push_flags_fn_t)
+			ndr_push_package_PrimaryUserPasswordBlob);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
+			ldb_asprintf_errstring(
+				ldb,
+				"setup_supplemental_field: failed to push "
+				"package_PrimaryUserPasswordBlob: %s",
+				nt_errstr(status));
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+		p_userPassword_b_hexstr
+			= data_blob_hex_string_upper(
+				io->ac,
+				&p_userPassword_b_blob);
+		if (!p_userPassword_b_hexstr) {
+			return ldb_oom(ldb);
+		}
+		pp->name     = "Primary:userPassword";
+		pp->reserved = 1;
+		pp->data     = p_userPassword_b_hexstr;
+		pp++;
+		num_packages++;
+	}
+
+	/*
+	 * setup 'Primary:SambaGPG' element
+	 */
+	if (io->ac->gpg_key_ids != NULL) {
+		do_samba_gpg = true;
+	}
+	if (do_samba_gpg) {
+		struct package_PrimarySambaGPGBlob pgb;
+		DATA_BLOB pgb_blob;
+		char *pgb_hexstr;
+
+		names[num_names++] = "SambaGPG";
+
+		ret = setup_primary_samba_gpg(io, &pgb);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		ndr_err = ndr_push_struct_blob(&pgb_blob, io->ac, &pgb,
+			(ndr_push_flags_fn_t)ndr_push_package_PrimarySambaGPGBlob);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
+			ldb_asprintf_errstring(ldb,
+					"setup_supplemental_field: failed to "
+					"push package_PrimarySambaGPGBlob: %s",
+					nt_errstr(status));
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+		pgb_hexstr = data_blob_hex_string_upper(io->ac, &pgb_blob);
+		if (!pgb_hexstr) {
+			return ldb_oom(ldb);
+		}
+		pp->name	= "Primary:SambaGPG";
+		pp->reserved	= 1;
+		pp->data	= pgb_hexstr;
+		pp++;
+		num_packages++;
+	}
+
+	/*
+	 * setup 'Packages' element
+	 */
+	{
+		struct package_PackagesBlob pb;
+		DATA_BLOB pb_blob;
+		char *pb_hexstr;
+
+		pb.names = names;
+		ndr_err = ndr_push_struct_blob(
+			&pb_blob, io->ac,
+			&pb,
+			(ndr_push_flags_fn_t)ndr_push_package_PackagesBlob);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
+			ldb_asprintf_errstring(
+				ldb,
+				"setup_supplemental_field: "
+				"failed to push package_PackagesBlob: %s",
+				nt_errstr(status));
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+		pb_hexstr = data_blob_hex_string_upper(io->ac, &pb_blob);
+		if (!pb_hexstr) {
+			return ldb_oom(ldb);
+		}
+		pp->name	= "Packages";
+		pp->reserved	= 2;
+		pp->data	= pb_hexstr;
+		num_packages++;
+		/*
+		 * We don't increment pp so it's pointing to the last package
+		 */
+	}
+
+	/*
+	 * setup 'supplementalCredentials' value
+	 */
+	{
+		/*
+		 * The 'Packages' element needs to be the second last element
+		 * in supplementalCredentials
+		 */
+		struct supplementalCredentialsPackage temp;
+		struct supplementalCredentialsPackage *prev;
+
+		prev = pp-1;
+		temp = *prev;
+		*prev = *pp;
+		*pp = temp;
+
+		scb.sub.signature	= SUPPLEMENTAL_CREDENTIALS_SIGNATURE;
+		scb.sub.num_packages	= num_packages;
+		scb.sub.packages	= packages;
+
+		ndr_err = ndr_push_struct_blob(
+			&io->g.supplemental, io->ac,
+			&scb,
+			(ndr_push_flags_fn_t)ndr_push_supplementalCredentialsBlob);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
+			ldb_asprintf_errstring(
+				ldb,
+				"setup_supplemental_field: "
+				"failed to push supplementalCredentialsBlob: %s",
+				nt_errstr(status));
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int setup_last_set_field(struct setup_password_fields_io *io)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(io->ac->module);
+	const struct ldb_message *msg = NULL;
+	struct timeval tv = { .tv_sec = 0 };
+	const struct ldb_val *old_val = NULL;
+	const struct ldb_val *new_val = NULL;
+	int ret;
+
+	switch (io->ac->req->operation) {
+	case LDB_ADD:
+		msg = io->ac->req->op.add.message;
+		break;
+	case LDB_MODIFY:
+		msg = io->ac->req->op.mod.message;
+		break;
+	default:
+		return LDB_ERR_OPERATIONS_ERROR;
+		break;
+	}
+
+	if (io->ac->pwd_last_set_bypass) {
+		struct ldb_message_element *el = NULL;
+		size_t i;
+		size_t count = 0;
+		/*
+		 * This is a message from pdb_samba_dsdb_replace_by_sam()
+		 *
+		 * We want to ensure there is only one pwdLastSet element, and
+		 * it isn't deleting.
+		 */
+		if (msg == NULL) {
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+
+		for (i = 0; i < msg->num_elements; i++) {
+			if (ldb_attr_cmp(msg->elements[i].name,
+					 "pwdLastSet") == 0) {
+				count++;
+				el = &msg->elements[i];
+			}
+		}
+		if (count != 1) {
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+
+		if (LDB_FLAG_MOD_TYPE(el->flags) == LDB_FLAG_MOD_DELETE) {
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+
+		io->g.last_set = samdb_result_nttime(msg, "pwdLastSet", 0);
+		return LDB_SUCCESS;
+	}
+
+	ret = msg_find_old_and_new_pwd_val(msg, "pwdLastSet",
+					   io->ac->req->operation,
+					   &new_val, &old_val);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (old_val != NULL && new_val == NULL) {
+		ldb_set_errstring(ldb,
+				  "'pwdLastSet' deletion is not allowed!");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	io->g.last_set = UINT64_MAX;
+	if (new_val != NULL) {
+		struct ldb_message *tmp_msg = NULL;
+
+		tmp_msg = ldb_msg_new(io->ac);
+		if (tmp_msg == NULL) {
+			return ldb_module_oom(io->ac->module);
+		}
+
+		if (old_val != NULL) {
+			NTTIME old_last_set = 0;
+
+			ret = ldb_msg_add_value(tmp_msg, "oldval",
+						old_val, NULL);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+
+			old_last_set = samdb_result_nttime(tmp_msg,
+							   "oldval",
+							   1);
+			if (io->u.pwdLastSet != old_last_set) {
+				return dsdb_module_werror(io->ac->module,
+					LDB_ERR_NO_SUCH_ATTRIBUTE,
+					WERR_DS_CANT_REM_MISSING_ATT_VAL,
+					"setup_last_set_field: old pwdLastSet "
+					"value not found!");
+			}
+		}
+
+		ret = ldb_msg_add_value(tmp_msg, "newval",
+					new_val, NULL);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		io->g.last_set = samdb_result_nttime(tmp_msg,
+						     "newval",
+						     1);
+	} else if (ldb_msg_find_element(msg, "pwdLastSet")) {
+		ldb_set_errstring(ldb,
+				  "'pwdLastSet' deletion is not allowed!");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	} else if (io->ac->smartcard_reset) {
+		/*
+		 * adding UF_SMARTCARD_REQUIRED doesn't update
+		 * pwdLastSet implicitly.
+		 */
+		io->ac->update_lastset = false;
+	}
+
+	/* only 0 or -1 (0xFFFFFFFFFFFFFFFF) are allowed */
+	switch (io->g.last_set) {
+	case 0:
+		if (!io->ac->pwd_last_set_default) {
+			break;
+		}
+		if (!io->ac->update_password) {
+			break;
+		}
+		FALL_THROUGH;
+	case UINT64_MAX:
+		if (!io->ac->update_password &&
+		    io->u.pwdLastSet != 0 &&
+		    io->u.pwdLastSet != UINT64_MAX)
+		{
+			/*
+			 * Just setting pwdLastSet to -1, while not changing
+			 * any password field has no effect if pwdLastSet
+			 * is already non-zero.
+			 */
+			io->ac->update_lastset = false;
+			break;
+		}
+		/* -1 means set it as now */
+		GetTimeOfDay(&tv);
+		io->g.last_set = timeval_to_nttime(&tv);
+		break;
+	default:
+		return dsdb_module_werror(io->ac->module,
+					  LDB_ERR_OTHER,
+					  WERR_INVALID_PARAMETER,
+					  "setup_last_set_field: "
+					  "pwdLastSet must be 0 or -1 only!");
+	}
+
+	if (io->ac->req->operation == LDB_ADD) {
+		/*
+		 * We always need to store the value on add
+		 * operations.
+		 */
+		return LDB_SUCCESS;
+	}
+
+	if (io->g.last_set == io->u.pwdLastSet) {
+		/*
+		 * Just setting pwdLastSet to 0, is no-op if it's already 0.
+		 */
+		io->ac->update_lastset = false;
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int setup_given_passwords(struct setup_password_fields_io *io,
+				 struct setup_password_fields_given *g)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(io->ac->module);
+
+	if (g->cleartext_utf8) {
+		struct ldb_val *cleartext_utf16_blob;
+
+		cleartext_utf16_blob = talloc(io->ac, struct ldb_val);
+		if (!cleartext_utf16_blob) {
+			return ldb_oom(ldb);
+		}
+		if (!convert_string_talloc(io->ac,
+					   CH_UTF8, CH_UTF16,
+					   g->cleartext_utf8->data,
+					   g->cleartext_utf8->length,
+					   &cleartext_utf16_blob->data,
+					   &cleartext_utf16_blob->length)) {
+			if (g->cleartext_utf8->length != 0) {
+				talloc_free(cleartext_utf16_blob);
+				ldb_asprintf_errstring(ldb,
+						       "setup_password_fields: "
+						       "failed to generate UTF16 password from cleartext UTF8 one for user '%s'!",
+						       io->u.sAMAccountName);
+				return LDB_ERR_CONSTRAINT_VIOLATION;
+			} else {
+				/* passwords with length "0" are valid! */
+				cleartext_utf16_blob->data = NULL;
+				cleartext_utf16_blob->length = 0;
+			}
+		}
+		g->cleartext_utf16 = cleartext_utf16_blob;
+	} else if (g->cleartext_utf16) {
+		struct ldb_val *cleartext_utf8_blob;
+
+		cleartext_utf8_blob = talloc(io->ac, struct ldb_val);
+		if (!cleartext_utf8_blob) {
+			return ldb_oom(ldb);
+		}
+		if (!convert_string_talloc(io->ac,
+					   CH_UTF16MUNGED, CH_UTF8,
+					   g->cleartext_utf16->data,
+					   g->cleartext_utf16->length,
+					   &cleartext_utf8_blob->data,
+					   &cleartext_utf8_blob->length)) {
+			if (g->cleartext_utf16->length != 0) {
+				/* We must bail out here, the input wasn't even
+				 * a multiple of 2 bytes */
+				talloc_free(cleartext_utf8_blob);
+				ldb_asprintf_errstring(ldb,
+						       "setup_password_fields: "
+						       "failed to generate UTF8 password from cleartext UTF 16 one for user '%s' - the latter had odd length (length must be a multiple of 2)!",
+						       io->u.sAMAccountName);
+				return LDB_ERR_CONSTRAINT_VIOLATION;
+			} else {
+				/* passwords with length "0" are valid! */
+				cleartext_utf8_blob->data = NULL;
+				cleartext_utf8_blob->length = 0;
+			}
+		}
+		g->cleartext_utf8 = cleartext_utf8_blob;
+	}
+
+	if (g->cleartext_utf16) {
+		struct samr_Password *nt_hash;
+
+		nt_hash = talloc(io->ac, struct samr_Password);
+		if (!nt_hash) {
+			return ldb_oom(ldb);
+		}
+		g->nt_hash = nt_hash;
+
+		/* compute the new nt hash */
+		mdfour(nt_hash->hash,
+		       g->cleartext_utf16->data,
+		       g->cleartext_utf16->length);
+	}
+
+	/*
+	 * We need to build one more hash, so we can compare with what might
+	 * have been stored in the old password (for the LDAP password change)
+	 *
+	 * We don't have any old salts, so we won't catch password reuse if said
+	 * password was used prior to an account rename and another password
+	 * change.
+	 *
+	 * We don't have to store the 'opaque' (string2key iterations)
+	 * as Heimdal doesn't allow that to be changed.
+	 */
+	if (g->cleartext_utf8 != NULL) {
+		int ret = setup_kerberos_key_hash(io, g);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int setup_password_fields(struct setup_password_fields_io *io)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(io->ac->module);
+	int ret;
+
+	ret = setup_last_set_field(io);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (!io->ac->update_password) {
+		return LDB_SUCCESS;
+	}
+
+	if (io->u.is_krbtgt) {
+		size_t min = 196;
+		size_t max = 255;
+		size_t diff = max - min;
+		size_t len = max;
+		struct ldb_val *krbtgt_utf16 = NULL;
+
+		if (!io->ac->pwd_reset) {
+			return dsdb_module_werror(io->ac->module,
+					LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS,
+					WERR_DS_ATT_ALREADY_EXISTS,
+					"Password change on krbtgt not permitted!");
+		}
+
+		if (io->n.cleartext_utf16 == NULL) {
+			return dsdb_module_werror(io->ac->module,
+					LDB_ERR_UNWILLING_TO_PERFORM,
+					WERR_DS_INVALID_ATTRIBUTE_SYNTAX,
+					"Password reset on krbtgt requires UTF16!");
+		}
+
+		/*
+		 * Instead of taking the callers value,
+		 * we just generate a new random value here.
+		 *
+		 * Include null termination in the array.
+		 */
+		if (diff > 0) {
+			size_t tmp;
+
+			generate_random_buffer((uint8_t *)&tmp, sizeof(tmp));
+
+			tmp %= diff;
+
+			len = min + tmp;
+		}
+
+		krbtgt_utf16 = talloc_zero(io->ac, struct ldb_val);
+		if (krbtgt_utf16 == NULL) {
+			return ldb_oom(ldb);
+		}
+
+		*krbtgt_utf16 = data_blob_talloc_zero(krbtgt_utf16,
+						      (len+1)*2);
+		if (krbtgt_utf16->data == NULL) {
+			return ldb_oom(ldb);
+		}
+		krbtgt_utf16->length = len * 2;
+		generate_secret_buffer(krbtgt_utf16->data,
+				       krbtgt_utf16->length);
+		io->n.cleartext_utf16 = krbtgt_utf16;
+	}
+
+	/* transform the old password (for password changes) */
+	ret = setup_given_passwords(io, &io->og);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/* transform the new password */
+	ret = setup_given_passwords(io, &io->n);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (io->n.cleartext_utf8) {
+		ret = setup_kerberos_keys(io);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	/*
+	 * This relies on setup_kerberos_keys to make a NT-hash-like
+	 * value for password history purposes
+	 */
+
+	ret = setup_nt_fields(io);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = setup_supplemental_field(io);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int setup_smartcard_reset(struct setup_password_fields_io *io)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(io->ac->module);
+	struct supplementalCredentialsBlob scb = { .__ndr_size = 0 };
+	enum ndr_err_code ndr_err;
+
+	if (!io->ac->smartcard_reset) {
+		return LDB_SUCCESS;
+	}
+
+	io->g.nt_hash = talloc(io->ac, struct samr_Password);
+	if (io->g.nt_hash == NULL) {
+		return ldb_module_oom(io->ac->module);
+	}
+	generate_secret_buffer(io->g.nt_hash->hash,
+			       sizeof(io->g.nt_hash->hash));
+	io->g.nt_history_len = 0;
+
+	/*
+	 * We take the "old" value and store it
+	 * with num_packages = 0.
+	 *
+	 * On "add" we have scb.sub.signature == 0, which
+	 * results in:
+	 *
+	 * [0000] 00 00 00 00 00 00 00 00   00 00 00 00 00
+	 *
+	 * On modify it's likely to be scb.sub.signature ==
+	 * SUPPLEMENTAL_CREDENTIALS_SIGNATURE (0x0050), which results in
+	 * something like:
+	 *
+	 * [0000] 00 00 00 00 62 00 00 00   00 00 00 00 20 00 20 00
+	 * [0010] 20 00 20 00 20 00 20 00   20 00 20 00 20 00 20 00
+	 * [0020] 20 00 20 00 20 00 20 00   20 00 20 00 20 00 20 00
+	 * [0030] 20 00 20 00 20 00 20 00   20 00 20 00 20 00 20 00
+	 * [0040] 20 00 20 00 20 00 20 00   20 00 20 00 20 00 20 00
+	 * [0050] 20 00 20 00 20 00 20 00   20 00 20 00 20 00 20 00
+	 * [0060] 20 00 20 00 20 00 20 00   20 00 20 00 50 00 00
+	 *
+	 * See https://bugzilla.samba.org/show_bug.cgi?id=11441
+	 * and ndr_{push,pull}_supplementalCredentialsSubBlob().
+	 */
+	scb = io->o.scb;
+	scb.sub.num_packages = 0;
+
+	/*
+	 * setup 'supplementalCredentials' value without packages
+	 */
+	ndr_err = ndr_push_struct_blob(&io->g.supplemental, io->ac,
+				       &scb,
+				       (ndr_push_flags_fn_t)ndr_push_supplementalCredentialsBlob);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
+		ldb_asprintf_errstring(ldb,
+				       "setup_smartcard_reset: "
+				       "failed to push supplementalCredentialsBlob: %s",
+				       nt_errstr(status));
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	io->ac->update_password = true;
+	return LDB_SUCCESS;
+}
+
+static int make_error_and_update_badPwdCount(struct setup_password_fields_io *io, WERROR *werror)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(io->ac->module);
+	struct ldb_message *mod_msg = NULL;
+	struct ldb_message *pso_msg = NULL;
+	struct ldb_message *current = NULL;
+	NTSTATUS status = NT_STATUS_OK;
+	int ret; /* The errors we will actually return */
+	int dbg_ret; /* The errors we can only complain about in logs */
+
+	/*
+	 * OK, horrible semantics ahead.
+	 *
+	 * - We need to abort any existing transaction
+	 * - create a transaction around the badPwdCount update
+	 * - re-open the transaction so the upper layer
+	 *   doesn't know what happened.
+	 *
+	 * This is needed because returning an error to the upper
+	 * layer will cancel the transaction and undo the badPwdCount
+	 * update.
+	 */
+
+	/*
+	 * Checking errors here is a bit pointless.
+	 * What can we do if we can't end the transaction?
+	 */
+	dbg_ret = ldb_next_del_trans(io->ac->module);
+	if (dbg_ret != LDB_SUCCESS) {
+		ldb_debug(ldb, LDB_DEBUG_FATAL,
+			  "Failed to abort transaction prior to update of badPwdCount of %s: %s",
+			  ldb_dn_get_linearized(io->ac->search_res->message->dn),
+			  ldb_errstring(ldb));
+		/*
+		 * just return the original error
+		 */
+		goto done;
+	}
+
+	/* Likewise, what should we do if we can't open a new transaction? */
+	dbg_ret = ldb_next_start_trans(io->ac->module);
+	if (dbg_ret != LDB_SUCCESS) {
+		ldb_debug(ldb, LDB_DEBUG_ERROR,
+			  "Failed to open transaction to update badPwdCount of %s: %s",
+			  ldb_dn_get_linearized(io->ac->search_res->message->dn),
+			  ldb_errstring(ldb));
+		/*
+		 * just return the original error
+		 */
+		goto done;
+	}
+
+	/*
+	 * Re-read the account details, using the GUID in case the DN
+	 * is being changed.
+	 */
+	status = authsam_reread_user_logon_data(
+		ldb, io->ac,
+		io->ac->search_res->message,
+		&current);
+	if (!NT_STATUS_IS_OK(status)) {
+		/* The re-read can return account locked out, as well
+		 * as an internal error
+		 */
+		goto end_transaction;
+	}
+
+	/* PSO search result is optional (NULL if no PSO applies) */
+	if (io->ac->pso_res != NULL) {
+		pso_msg = io->ac->pso_res->message;
+	}
+
+	status = dsdb_update_bad_pwd_count(io->ac, ldb,
+					   current,
+					   io->ac->dom_res->message,
+					   pso_msg,
+					   &mod_msg);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto end_transaction;
+	}
+
+	if (mod_msg == NULL) {
+		goto end_transaction;
+	}
+
+	dbg_ret = dsdb_module_modify(io->ac->module, mod_msg,
+				 DSDB_FLAG_NEXT_MODULE,
+				 io->ac->req);
+	if (dbg_ret != LDB_SUCCESS) {
+		ldb_debug(ldb, LDB_DEBUG_ERROR,
+			  "Failed to update badPwdCount of %s: %s",
+			  ldb_dn_get_linearized(io->ac->search_res->message->dn),
+			  ldb_errstring(ldb));
+		/*
+		 * We can only ignore this...
+		 */
+	}
+
+end_transaction:
+	dbg_ret = ldb_next_end_trans(io->ac->module);
+	if (dbg_ret != LDB_SUCCESS) {
+		ldb_debug(ldb, LDB_DEBUG_ERROR,
+			  "Failed to close transaction to update badPwdCount of %s: %s",
+			  ldb_dn_get_linearized(io->ac->search_res->message->dn),
+			  ldb_errstring(ldb));
+		/*
+		 * We can only ignore this...
+		 */
+	}
+
+	dbg_ret = ldb_next_start_trans(io->ac->module);
+	if (dbg_ret != LDB_SUCCESS) {
+		ldb_debug(ldb, LDB_DEBUG_ERROR,
+			  "Failed to open transaction after update of badPwdCount of %s: %s",
+			  ldb_dn_get_linearized(io->ac->search_res->message->dn),
+			  ldb_errstring(ldb));
+		/*
+		 * We can only ignore this...
+		 */
+	}
+
+done:
+	ret = LDB_ERR_CONSTRAINT_VIOLATION;
+	if (NT_STATUS_EQUAL(status, NT_STATUS_ACCOUNT_LOCKED_OUT)) {
+		*werror = WERR_ACCOUNT_LOCKED_OUT;
+	} else {
+		*werror = WERR_INVALID_PASSWORD;
+	}
+	ldb_asprintf_errstring(ldb,
+			       "%08X: %s - check_password_restrictions: "
+			       "The old password specified doesn't match!",
+			       W_ERROR_V(*werror),
+			       ldb_strerror(ret));
+	return ret;
+}
+
+static int check_password_restrictions(struct setup_password_fields_io *io, WERROR *werror)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(io->ac->module);
+	int ret;
+	uint32_t i;
+	struct loadparm_context *lp_ctx =
+		talloc_get_type(ldb_get_opaque(ldb, "loadparm"),
+				struct loadparm_context);
+	struct dsdb_encrypted_connection_state *opaque_connection_state =
+		ldb_get_opaque(ldb,DSDB_OPAQUE_ENCRYPTED_CONNECTION_STATE_NAME);
+
+	*werror = WERR_INVALID_PARAMETER;
+
+	if (!io->ac->update_password) {
+		return LDB_SUCCESS;
+	}
+
+	/*
+	 * Prevent update password on an insecure connection.
+	 * The opaque is added in the ldap backend init.
+	 */
+	if (opaque_connection_state != NULL &&
+	    !opaque_connection_state->using_encrypted_connection) {
+		ret = LDB_ERR_UNWILLING_TO_PERFORM;
+		*werror = WERR_GEN_FAILURE;
+		ldb_asprintf_errstring(ldb,
+				       "%08X: SvcErr: DSID-031A126C, "
+				       "problem 5003 (WILL_NOT_PERFORM), "
+				       "data 0\n"
+				       "Password modification over LDAP "
+				       "must be over an encrypted connection",
+				       W_ERROR_V(*werror));
+		return ret;
+	}
+
+	/*
+	 * First check the old password is correct, for password
+	 * changes when this hasn't already been checked by a
+	 * trustworthy layer above
+	 */
+	if (!io->ac->pwd_reset && !(io->ac->change
+				    && io->ac->change->old_password_checked == DSDB_PASSWORD_CHECKED_AND_CORRECT)) {
+		bool hash_checked = false;
+		/*
+		 * we need the old nt hash given by the client (this
+		 * is for the plaintext over LDAP password change,
+		 * Kpasswd and SAMR supply the control)
+		 */
+		if (io->og.nt_hash == NULL && io->og.aes_256.length == 0) {
+			ldb_asprintf_errstring(ldb,
+				"check_password_restrictions: "
+				"You need to provide the old password in order "
+				"to change it!");
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+
+		/*
+		 * First compare the ENCTYPE_AES256_CTS_HMAC_SHA1_96 password and see if we have a match
+		 */
+
+		if (io->og.aes_256.length > 0 && io->o.aes_256.length) {
+			hash_checked = data_blob_equal_const_time(&io->og.aes_256, &io->o.aes_256);
+		}
+
+		/* The password modify through the NT hash is encouraged and
+		   has no problems at all */
+		if (!hash_checked && io->og.nt_hash && io->o.nt_hash) {
+		        hash_checked = mem_equal_const_time(io->og.nt_hash->hash, io->o.nt_hash->hash, 16);
+		}
+
+		if (!hash_checked) {
+			return make_error_and_update_badPwdCount(io, werror);
+		}
+	}
+
+	if (io->u.restrictions == 0) {
+		/* FIXME: Is this right? */
+		return LDB_SUCCESS;
+	}
+
+	/* Password minimum age: yes, this is a minus. The ages are in negative 100nsec units! */
+	if ((io->u.pwdLastSet - io->ac->status->domain_data.minPwdAge > io->g.last_set) &&
+	    !io->ac->pwd_reset)
+	{
+		ret = LDB_ERR_CONSTRAINT_VIOLATION;
+		*werror = WERR_PASSWORD_RESTRICTION;
+		ldb_asprintf_errstring(ldb,
+			"%08X: %s - check_password_restrictions: "
+			"password is too young to change!",
+			W_ERROR_V(*werror),
+			ldb_strerror(ret));
+		return ret;
+	}
+
+	/*
+	 * Fundamental password checks done by the call
+	 * "samdb_check_password".
+	 * It is also in use by "dcesrv_samr_ValidatePassword".
+	 */
+	if (io->n.cleartext_utf8 != NULL) {
+		enum samr_ValidationStatus vstat;
+		vstat = samdb_check_password(io->ac, lp_ctx,
+					     io->u.sAMAccountName,
+					     io->u.user_principal_name,
+					     io->u.displayName,
+					     io->n.cleartext_utf8,
+					     io->ac->status->domain_data.pwdProperties,
+					     io->ac->status->domain_data.minPwdLength);
+		switch (vstat) {
+		case SAMR_VALIDATION_STATUS_SUCCESS:
+				/* perfect -> proceed! */
+			break;
+
+		case SAMR_VALIDATION_STATUS_PWD_TOO_SHORT:
+			ret = LDB_ERR_CONSTRAINT_VIOLATION;
+			*werror = WERR_PASSWORD_RESTRICTION;
+			ldb_asprintf_errstring(ldb,
+				"%08X: %s - check_password_restrictions: "
+				"the password is too short. It should be equal to or longer than %u characters!",
+				W_ERROR_V(*werror),
+				ldb_strerror(ret),
+				io->ac->status->domain_data.minPwdLength);
+			io->ac->status->reject_reason = SAM_PWD_CHANGE_PASSWORD_TOO_SHORT;
+			return ret;
+
+		case SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH:
+			ret = LDB_ERR_CONSTRAINT_VIOLATION;
+			*werror = WERR_PASSWORD_RESTRICTION;
+			ldb_asprintf_errstring(ldb,
+				"%08X: %s - check_password_restrictions: "
+				"the password does not meet the complexity criteria!",
+				W_ERROR_V(*werror),
+				ldb_strerror(ret));
+			io->ac->status->reject_reason = SAM_PWD_CHANGE_NOT_COMPLEX;
+			return ret;
+
+		default:
+			ret = LDB_ERR_CONSTRAINT_VIOLATION;
+			*werror = WERR_PASSWORD_RESTRICTION;
+			ldb_asprintf_errstring(ldb,
+				"%08X: %s - check_password_restrictions: "
+				"the password doesn't fit due to a miscellaneous restriction!",
+				W_ERROR_V(*werror),
+				ldb_strerror(ret));
+			return ret;
+		}
+	}
+
+	if (io->ac->pwd_reset) {
+		*werror = WERR_OK;
+		return LDB_SUCCESS;
+	}
+
+	/*
+	 * This check works by using the current Kerberos password to
+	 * make up a password history.  We already did the salted hash
+	 * creation to pass the password change check.
+	 *
+	 * We check the pwdHistoryLength to ensure we honour the
+	 * policy on if the history should be checked
+	 */
+	if (io->ac->status->domain_data.pwdHistoryLength > 0
+	    && io->g.aes_256.length && io->o.aes_256.length)
+	{
+		bool equal = data_blob_equal_const_time(&io->g.aes_256,
+							&io->o.aes_256);
+		if (equal) {
+			ret = LDB_ERR_CONSTRAINT_VIOLATION;
+			*werror = WERR_PASSWORD_RESTRICTION;
+			ldb_asprintf_errstring(ldb,
+					       "%08X: %s - check_password_restrictions: "
+					       "the password was already used (previous password)!",
+					       W_ERROR_V(*werror),
+					       ldb_strerror(ret));
+			io->ac->status->reject_reason = SAM_PWD_CHANGE_PWD_IN_HISTORY;
+			return ret;
+		}
+	}
+
+	if (io->n.nt_hash) {
+		/*
+		 * checks the NT hash password history, against the
+		 * generated NT hash
+		 */
+		for (i = 0; i < io->o.nt_history_len; i++) {
+			bool pw_cmp = mem_equal_const_time(io->n.nt_hash, io->o.nt_history[i].hash, 16);
+			if (pw_cmp) {
+				ret = LDB_ERR_CONSTRAINT_VIOLATION;
+				*werror = WERR_PASSWORD_RESTRICTION;
+				ldb_asprintf_errstring(ldb,
+					"%08X: %s - check_password_restrictions: "
+					"the password was already used (in history)!",
+					W_ERROR_V(*werror),
+					ldb_strerror(ret));
+				io->ac->status->reject_reason = SAM_PWD_CHANGE_PWD_IN_HISTORY;
+				return ret;
+			}
+		}
+	}
+
+	/*
+	 * This check works by using the old Kerberos passwords
+	 * (old and older) to make up a password history.
+	 *
+	 * We check the pwdHistoryLength to ensure we honour the
+	 * policy on if the history should be checked
+	 */
+	for (i = 1;
+	     i <= io->o.kvno && i < MIN(3, io->ac->status->domain_data.pwdHistoryLength);
+	     i++)
+	{
+		krb5_error_code krb5_ret;
+		const uint32_t request_kvno = io->o.kvno - i;
+		DATA_BLOB db_key_blob;
+		bool pw_equal;
+
+		if (io->n.cleartext_utf8 == NULL) {
+			/*
+			 * No point checking history if we don't have
+			 * a cleartext password.
+			 */
+			break;
+		}
+
+		if (io->ac->search_res == NULL) {
+			/*
+			 * This is an ADD, no existing history to check
+			 */
+			break;
+		}
+
+		/*
+		 * If this account requires a smartcard for login, we don't
+		 * attempt a comparison with the old password.
+		 */
+		if (io->u.userAccountControl & UF_SMARTCARD_REQUIRED) {
+			break;
+		}
+
+		/*
+		 * Extract the old ENCTYPE_AES256_CTS_HMAC_SHA1_96 value from
+		 * the supplementalCredentials.
+		 */
+		krb5_ret = dsdb_extract_aes_256_key(io->smb_krb5_context->krb5_context,
+						    io->ac,
+						    io->ac->search_res->message,
+						    io->u.userAccountControl,
+						    &request_kvno, /* kvno */
+						    NULL, /* kvno_out */
+						    &db_key_blob,
+						    NULL); /* salt */
+		if (krb5_ret == ENOENT) {
+			/*
+			 * If there is no old AES hash (perhaps an imported DB with
+			 * just unicodePwd) then we just won't have an old
+			 * password to compare to if there is no NT hash
+			 */
+			break;
+		} else if (krb5_ret) {
+			ldb_asprintf_errstring(ldb,
+					       "check_password_restrictions: "
+					       "extraction of old[%u - %d = %d] aes256-cts-hmac-sha1-96 key failed: %s",
+					       io->o.kvno, i, io->o.kvno - i,
+					       smb_get_krb5_error_message(io->smb_krb5_context->krb5_context,
+									  krb5_ret, io->ac));
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+
+		/* This is the actual history check */
+		pw_equal = data_blob_equal_const_time(&io->n.aes_256,
+						      &db_key_blob);
+		if (pw_equal) {
+			ret = LDB_ERR_CONSTRAINT_VIOLATION;
+			*werror = WERR_PASSWORD_RESTRICTION;
+			ldb_asprintf_errstring(ldb,
+					       "%08X: %s - check_password_restrictions: "
+					       "the password was already used (in history)!",
+					       W_ERROR_V(*werror),
+					       ldb_strerror(ret));
+			io->ac->status->reject_reason = SAM_PWD_CHANGE_PWD_IN_HISTORY;
+			return ret;
+		}
+	}
+
+	/* are all password changes disallowed? */
+	if (io->ac->status->domain_data.pwdProperties & DOMAIN_REFUSE_PASSWORD_CHANGE) {
+		ret = LDB_ERR_CONSTRAINT_VIOLATION;
+		*werror = WERR_PASSWORD_RESTRICTION;
+		ldb_asprintf_errstring(ldb,
+			"%08X: %s - check_password_restrictions: "
+			"password changes disabled!",
+			W_ERROR_V(*werror),
+			ldb_strerror(ret));
+		return ret;
+	}
+
+	/* can this user change the password? */
+	if (io->u.userAccountControl & UF_PASSWD_CANT_CHANGE) {
+		ret = LDB_ERR_CONSTRAINT_VIOLATION;
+		*werror = WERR_PASSWORD_RESTRICTION;
+		ldb_asprintf_errstring(ldb,
+			"%08X: %s - check_password_restrictions: "
+			"password can't be changed on this account!",
+			W_ERROR_V(*werror),
+			ldb_strerror(ret));
+		return ret;
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int check_password_restrictions_and_log(struct setup_password_fields_io *io)
+{
+	WERROR werror;
+	int ret = check_password_restrictions(io, &werror);
+	struct ph_context *ac = io->ac;
+	/*
+	 * Password resets are not authentication events, and if the
+	 * upper layer checked the password and supplied the hash
+	 * values as proof, then this is also not an authentication
+	 * even at this layer (already logged).  This is to log LDAP
+	 * password changes.
+	 */
+
+	/* Do not record a failure in the auth log below in the success case */
+	if (ret == LDB_SUCCESS) {
+		werror = WERR_OK;
+	}
+
+	if (ac->pwd_reset == false && ac->change == NULL) {
+		struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+		struct imessaging_context *msg_ctx;
+		struct loadparm_context *lp_ctx
+			= talloc_get_type_abort(ldb_get_opaque(ldb, "loadparm"),
+						struct loadparm_context);
+		NTSTATUS status = werror_to_ntstatus(werror);
+		const char *domain_name = lpcfg_sam_name(lp_ctx);
+		void *opaque_remote_address = NULL;
+		/*
+		 * Forcing this via the NTLM auth structure is not ideal, but
+		 * it is the most practical option right now, and ensures the
+		 * logs are consistent, even if some elements are always NULL.
+		 */
+		struct auth_usersupplied_info ui = {
+			.was_mapped = true,
+			.client = {
+				.account_name = io->u.sAMAccountName,
+				.domain_name = domain_name,
+			},
+			.mapped = {
+				.account_name = io->u.sAMAccountName,
+				.domain_name = domain_name,
+			},
+			.service_description = "LDAP Password Change",
+			.auth_description = "LDAP Modify",
+			.password_type = "plaintext"
+		};
+
+		opaque_remote_address = ldb_get_opaque(ldb,
+						       "remoteAddress");
+		if (opaque_remote_address == NULL) {
+			ldb_asprintf_errstring(ldb,
+					       "Failed to obtain remote address for "
+					       "the LDAP client while changing the "
+					       "password");
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+		ui.remote_host = talloc_get_type(opaque_remote_address,
+						 struct tsocket_address);
+
+		msg_ctx = imessaging_client_init(ac, lp_ctx,
+						 ldb_get_event_context(ldb));
+		if (!msg_ctx) {
+			ldb_asprintf_errstring(ldb,
+					       "Failed to generate client messaging context in %s",
+					       lpcfg_imessaging_path(ac, lp_ctx));
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+		log_authentication_event(msg_ctx,
+					 lp_ctx,
+					 NULL,
+					 &ui,
+					 status,
+					 domain_name,
+					 io->u.sAMAccountName,
+					 io->u.account_sid,
+					 NULL /* client_audit_info */,
+					 NULL /* server_audit_info */);
+
+	}
+	return ret;
+}
+
+static int update_final_msg(struct setup_password_fields_io *io)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(io->ac->module);
+	int ret;
+	int el_flags = 0;
+	bool update_password = io->ac->update_password;
+	bool update_scb = io->ac->update_password;
+
+	/*
+	 * If we add a user without initial password,
+	 * we need to add replication meta data for
+	 * following attributes:
+	 * - unicodePwd
+	 * - dBCSPwd
+	 * - ntPwdHistory
+	 * - lmPwdHistory
+	 *
+	 * If we add a user with initial password or a
+	 * password is changed of an existing user,
+	 * we need to replace the following attributes
+	 * with a forced meta data update, e.g. also
+	 * when updating an empty attribute with an empty value:
+	 * - unicodePwd
+	 * - dBCSPwd
+	 * - ntPwdHistory
+	 * - lmPwdHistory
+	 * - supplementalCredentials
+	 */
+
+	switch (io->ac->req->operation) {
+	case LDB_ADD:
+		update_password = true;
+		el_flags |= DSDB_FLAG_INTERNAL_FORCE_META_DATA;
+		break;
+	case LDB_MODIFY:
+		el_flags |= LDB_FLAG_MOD_REPLACE;
+		el_flags |= DSDB_FLAG_INTERNAL_FORCE_META_DATA;
+		break;
+	default:
+		return ldb_module_operr(io->ac->module);
+	}
+
+	if (update_password) {
+		ret = ldb_msg_add_empty(io->ac->update_msg,
+					"unicodePwd",
+					el_flags, NULL);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		/*
+		 * This wipes any old LM password after any password
+		 * update operation.
+		 *
+		 * This is the same as the previous default behaviour
+		 * of 'lanman auth = no'
+		 */
+		ret = ldb_msg_add_empty(io->ac->update_msg,
+					"dBCSPwd",
+					el_flags, NULL);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+		ret = ldb_msg_add_empty(io->ac->update_msg,
+					"ntPwdHistory",
+					el_flags, NULL);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+		/*
+		 * This wipes any LM password history after any password
+		 * update operation.
+		 *
+		 * This is the same as the previous default behaviour
+		 * of 'lanman auth = no'
+		 */
+		ret = ldb_msg_add_empty(io->ac->update_msg,
+					"lmPwdHistory",
+					el_flags, NULL);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+	if (update_scb) {
+		ret = ldb_msg_add_empty(io->ac->update_msg,
+					"supplementalCredentials",
+					el_flags, NULL);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+	if (io->ac->update_lastset) {
+		ret = ldb_msg_add_empty(io->ac->update_msg,
+					"pwdLastSet",
+					el_flags, NULL);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	if (io->g.nt_hash != NULL) {
+		ret = samdb_msg_add_hash(ldb, io->ac,
+					 io->ac->update_msg,
+					 "unicodePwd",
+					 io->g.nt_hash);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	if (io->g.nt_history_len > 0) {
+		ret = samdb_msg_add_hashes(ldb, io->ac,
+					   io->ac->update_msg,
+					   "ntPwdHistory",
+					   io->g.nt_history,
+					   io->g.nt_history_len);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+	if (io->g.supplemental.length > 0) {
+		ret = ldb_msg_add_value(io->ac->update_msg,
+					"supplementalCredentials",
+					&io->g.supplemental, NULL);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+	if (io->ac->update_lastset) {
+		ret = samdb_msg_add_uint64(ldb, io->ac,
+					   io->ac->update_msg,
+					   "pwdLastSet",
+					   io->g.last_set);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	return LDB_SUCCESS;
+}
+
+/*
+ * This is intended for use by the "password_hash" module since there
+ * password changes can be specified through one message element with the
+ * new password (to set) and another one with the old password (to unset).
+ *
+ * The first which sets a password (new value) can have flags
+ * (LDB_FLAG_MOD_ADD, LDB_FLAG_MOD_REPLACE) but also none (on "add" operations
+ * for entries). The latter (old value) has always specified
+ * LDB_FLAG_MOD_DELETE.
+ *
+ * Returns LDB_ERR_CONSTRAINT_VIOLATION and LDB_ERR_UNWILLING_TO_PERFORM if
+ * matching message elements are malformed in respect to the set/change rules.
+ * Otherwise it returns LDB_SUCCESS.
+ */
+static int msg_find_old_and_new_pwd_val(const struct ldb_message *msg,
+					const char *name,
+					enum ldb_request_type operation,
+					const struct ldb_val **new_val,
+					const struct ldb_val **old_val)
+{
+	unsigned int i;
+
+	*new_val = NULL;
+	*old_val = NULL;
+
+	if (msg == NULL) {
+		return LDB_SUCCESS;
+	}
+
+	for (i = 0; i < msg->num_elements; i++) {
+		if (ldb_attr_cmp(msg->elements[i].name, name) != 0) {
+			continue;
+		}
+
+		if ((operation == LDB_MODIFY) &&
+		    (LDB_FLAG_MOD_TYPE(msg->elements[i].flags) == LDB_FLAG_MOD_DELETE)) {
+			/* 0 values are allowed */
+			if (msg->elements[i].num_values == 1) {
+				*old_val = &msg->elements[i].values[0];
+			} else if (msg->elements[i].num_values > 1) {
+				return LDB_ERR_CONSTRAINT_VIOLATION;
+			}
+		} else if ((operation == LDB_MODIFY) &&
+			   (LDB_FLAG_MOD_TYPE(msg->elements[i].flags) == LDB_FLAG_MOD_REPLACE)) {
+			if (msg->elements[i].num_values > 0) {
+				*new_val = &msg->elements[i].values[msg->elements[i].num_values - 1];
+			} else {
+				return LDB_ERR_UNWILLING_TO_PERFORM;
+			}
+		} else {
+			/* Add operations and LDB_FLAG_MOD_ADD */
+			if (msg->elements[i].num_values > 0) {
+				*new_val = &msg->elements[i].values[msg->elements[i].num_values - 1];
+			} else {
+				return LDB_ERR_CONSTRAINT_VIOLATION;
+			}
+		}
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int setup_io(struct ph_context *ac, 
+		    const struct ldb_message *client_msg,
+		    const struct ldb_message *existing_msg,
+		    struct setup_password_fields_io *io) 
+{ 
+	const struct ldb_val *quoted_utf16, *old_quoted_utf16, *lm_hash, *old_lm_hash;
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+	struct loadparm_context *lp_ctx = talloc_get_type(
+		ldb_get_opaque(ldb, "loadparm"), struct loadparm_context);
+	enum store_nt_hash store_hash_setting =
+		lpcfg_nt_hash_store(lp_ctx);
+	int ret;
+	const struct ldb_message *info_msg = NULL;
+	struct dom_sid *account_sid = NULL;
+	int rodc_krbtgt = 0;
+
+	*io = (struct setup_password_fields_io) {};
+
+	/* Some operations below require kerberos contexts */
+
+	if (existing_msg != NULL) {
+		/*
+		 * This is a modify operation
+		 */
+		info_msg = existing_msg;
+	} else {
+		/*
+		 * This is an add operation
+		 */
+		info_msg = client_msg;
+	}
+
+	ret = smb_krb5_init_context(ac,
+				  (struct loadparm_context *)ldb_get_opaque(ldb, "loadparm"),
+				  &io->smb_krb5_context);
+
+	if (ret != 0) {
+		/*
+		 * In the special case of mit krb5.conf vs heimdal, the includedir
+		 * statement causes ret == 22 (KRB5_CONFIG_BADFORMAT) to be returned.
+		 * We look for this case so that we can give a more instructional
+		 * message to the administrator.
+		 */
+		if (ret == KRB5_CONFIG_BADFORMAT || ret == EINVAL) {
+			ldb_asprintf_errstring(ldb, "Failed to setup krb5_context: %s - "
+				"This could be due to an invalid krb5 configuration. "
+				"Please check your system's krb5 configuration is correct.",
+				error_message(ret));
+		} else {
+			ldb_asprintf_errstring(ldb, "Failed to setup krb5_context: %s",
+				error_message(ret));
+		}
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	io->ac				= ac;
+
+	io->u.userAccountControl	= ldb_msg_find_attr_as_uint(info_msg,
+								    "userAccountControl", 0);
+	if (info_msg == existing_msg) {
+		/*
+		 * We only take pwdLastSet from the existing object
+		 * otherwise we leave it as 0.
+		 *
+		 * If no attribute is available, e.g. on deleted objects
+		 * we remember that as UINT64_MAX.
+		 */
+		io->u.pwdLastSet = samdb_result_nttime(info_msg, "pwdLastSet",
+						       UINT64_MAX);
+	}
+	io->u.sAMAccountName		= ldb_msg_find_attr_as_string(info_msg,
+								      "sAMAccountName", NULL);
+	io->u.user_principal_name	= ldb_msg_find_attr_as_string(info_msg,
+								      "userPrincipalName", NULL);
+	io->u.displayName		= ldb_msg_find_attr_as_string(info_msg,
+								      "displayName", NULL);
+
+	/* Ensure it has an objectSID too */
+	io->u.account_sid = samdb_result_dom_sid(ac, info_msg, "objectSid");
+	if (io->u.account_sid != NULL) {
+		NTSTATUS status;
+		uint32_t rid = 0;
+
+		status = dom_sid_split_rid(account_sid, io->u.account_sid, NULL, &rid);
+		if (NT_STATUS_IS_OK(status)) {
+			if (rid == DOMAIN_RID_KRBTGT) {
+				io->u.is_krbtgt = true;
+			}
+		}
+	}
+
+	rodc_krbtgt = ldb_msg_find_attr_as_int(info_msg,
+			"msDS-SecondaryKrbTgtNumber", 0);
+	if (rodc_krbtgt != 0) {
+		io->u.is_krbtgt = true;
+	}
+
+	if (io->u.sAMAccountName == NULL) {
+		ldb_asprintf_errstring(ldb,
+				       "setup_io: sAMAccountName attribute is missing on %s for attempted password set/change",
+				       ldb_dn_get_linearized(info_msg->dn));
+
+		return LDB_ERR_CONSTRAINT_VIOLATION;
+	}
+
+	if (io->u.userAccountControl & UF_INTERDOMAIN_TRUST_ACCOUNT) {
+		struct ldb_control *permit_trust = ldb_request_get_control(ac->req,
+				DSDB_CONTROL_PERMIT_INTERDOMAIN_TRUST_UAC_OID);
+
+		if (permit_trust == NULL) {
+			ret = LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
+			ldb_asprintf_errstring(ldb,
+				"%08X: %s - setup_io: changing the interdomain trust password "
+				"on %s not allowed via LDAP. Use LSA or NETLOGON",
+				W_ERROR_V(WERR_ACCESS_DENIED),
+				ldb_strerror(ret),
+				ldb_dn_get_linearized(info_msg->dn));
+			return ret;
+		}
+	}
+
+	/* Only non-trust accounts have restrictions (possibly this test is the
+	 * wrong way around, but we like to be restrictive if possible */
+	io->u.restrictions = !(io->u.userAccountControl & UF_TRUST_ACCOUNT_MASK);
+
+	if (io->u.is_krbtgt) {
+		io->u.restrictions = 0;
+		io->ac->status->domain_data.pwdHistoryLength =
+			MAX(io->ac->status->domain_data.pwdHistoryLength, 3);
+	}
+
+	/*
+	 * Machine accounts need the NT hash to operate the NETLOGON
+	 * ServerAuthenticate{,2,3} logic
+	 */
+	if (!(io->u.userAccountControl & UF_NORMAL_ACCOUNT)) {
+		store_hash_setting = NT_HASH_STORE_ALWAYS;
+	}
+
+	switch (store_hash_setting) {
+	case NT_HASH_STORE_ALWAYS:
+		io->u.store_nt_hash = true;
+		break;
+	case NT_HASH_STORE_NEVER:
+		io->u.store_nt_hash = false;
+		break;
+	case NT_HASH_STORE_AUTO:
+		if (lpcfg_ntlm_auth(lp_ctx) == NTLM_AUTH_DISABLED) {
+			io->u.store_nt_hash = false;
+			break;
+		}
+		io->u.store_nt_hash = true;
+		break;
+	}
+
+	if (ac->userPassword) {
+		ret = msg_find_old_and_new_pwd_val(client_msg, "userPassword",
+						   ac->req->operation,
+						   &io->n.cleartext_utf8,
+						   &io->og.cleartext_utf8);
+		if (ret != LDB_SUCCESS) {
+			ldb_asprintf_errstring(ldb,
+				"setup_io: "
+				"it's only allowed to set the old password once!");
+			return ret;
+		}
+	}
+
+	if (io->n.cleartext_utf8 != NULL) {
+		struct ldb_val *cleartext_utf8_blob;
+		char *p;
+
+		cleartext_utf8_blob = talloc(io->ac, struct ldb_val);
+		if (!cleartext_utf8_blob) {
+			return ldb_oom(ldb);
+		}
+
+		*cleartext_utf8_blob = *io->n.cleartext_utf8;
+
+		/* make sure we have a null terminated string */
+		p = talloc_strndup(cleartext_utf8_blob,
+				   (const char *)io->n.cleartext_utf8->data,
+				   io->n.cleartext_utf8->length);
+		if ((p == NULL) && (io->n.cleartext_utf8->length > 0)) {
+			return ldb_oom(ldb);
+		}
+		cleartext_utf8_blob->data = (uint8_t *)p;
+
+		io->n.cleartext_utf8 = cleartext_utf8_blob;
+	}
+
+	ret = msg_find_old_and_new_pwd_val(client_msg, "clearTextPassword",
+					   ac->req->operation,
+					   &io->n.cleartext_utf16,
+					   &io->og.cleartext_utf16);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb,
+			"setup_io: "
+			"it's only allowed to set the old password once!");
+		return ret;
+	}
+
+	/* this rather strange looking piece of code is there to
+	   handle a ldap client setting a password remotely using the
+	   unicodePwd ldap field. The syntax is that the password is
+	   in UTF-16LE, with a " at either end. Unfortunately the
+	   unicodePwd field is also used to store the nt hashes
+	   internally in Samba, and is used in the nt hash format on
+	   the wire in DRS replication, so we have a single name for
+	   two distinct values. The code below leaves us with a small
+	   chance (less than 1 in 2^32) of a mixup, if someone manages
+	   to create a MD4 hash which starts and ends in 0x22 0x00, as
+	   that would then be treated as a UTF16 password rather than
+	   a nthash */
+
+	ret = msg_find_old_and_new_pwd_val(client_msg, "unicodePwd",
+					   ac->req->operation,
+					   &quoted_utf16,
+					   &old_quoted_utf16);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb,
+			"setup_io: "
+			"it's only allowed to set the old password once!");
+		return ret;
+	}
+
+	/* Checks and converts the actual "unicodePwd" attribute */
+	if (!ac->hash_values &&
+	    quoted_utf16 &&
+	    quoted_utf16->length >= 4 &&
+	    quoted_utf16->data[0] == '"' &&
+	    quoted_utf16->data[1] == 0 &&
+	    quoted_utf16->data[quoted_utf16->length-2] == '"' &&
+	    quoted_utf16->data[quoted_utf16->length-1] == 0) {
+		struct ldb_val *quoted_utf16_2;
+
+		if (io->n.cleartext_utf16) {
+			/* refuse the change if someone wants to change with
+			   with both UTF16 possibilities at the same time... */
+			ldb_asprintf_errstring(ldb,
+				"setup_io: "
+				"it's only allowed to set the cleartext password as 'unicodePwd' or as 'clearTextPassword'");
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+
+		/*
+		 * adapt the quoted UTF16 string to be a real
+		 * cleartext one
+		 */
+		quoted_utf16_2 = talloc(io->ac, struct ldb_val);
+		if (quoted_utf16_2 == NULL) {
+			return ldb_oom(ldb);
+		}
+
+		quoted_utf16_2->data = quoted_utf16->data + 2;
+		quoted_utf16_2->length = quoted_utf16->length-4;
+		io->n.cleartext_utf16 = quoted_utf16_2;
+		io->n.nt_hash = NULL;
+
+	} else if (quoted_utf16) {
+		/* We have only the hash available -> so no plaintext here */
+		if (!ac->hash_values) {
+			/* refuse the change if someone wants to change
+			   the hash without control specified... */
+			ldb_asprintf_errstring(ldb,
+				"setup_io: "
+				"it's not allowed to set the NT hash password directly'");
+			/* this looks odd but this is what Windows does:
+			   returns "UNWILLING_TO_PERFORM" on wrong
+			   password sets and "CONSTRAINT_VIOLATION" on
+			   wrong password changes. */
+			if (old_quoted_utf16 == NULL) {
+				return LDB_ERR_UNWILLING_TO_PERFORM;
+			}
+
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+
+		io->n.nt_hash = talloc(io->ac, struct samr_Password);
+		if (io->n.nt_hash == NULL) {
+			return ldb_oom(ldb);
+		}
+		memcpy(io->n.nt_hash->hash, quoted_utf16->data,
+		       MIN(quoted_utf16->length, sizeof(io->n.nt_hash->hash)));
+	}
+
+	/* Checks and converts the previous "unicodePwd" attribute */
+	if (!ac->hash_values &&
+	    old_quoted_utf16 &&
+	    old_quoted_utf16->length >= 4 &&
+	    old_quoted_utf16->data[0] == '"' &&
+	    old_quoted_utf16->data[1] == 0 &&
+	    old_quoted_utf16->data[old_quoted_utf16->length-2] == '"' &&
+	    old_quoted_utf16->data[old_quoted_utf16->length-1] == 0) {
+		struct ldb_val *old_quoted_utf16_2;
+
+		if (io->og.cleartext_utf16) {
+			/* refuse the change if someone wants to change with
+			   both UTF16 possibilities at the same time... */
+			ldb_asprintf_errstring(ldb,
+				"setup_io: "
+				"it's only allowed to set the cleartext password as 'unicodePwd' or as 'clearTextPassword'");
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+
+		/*
+		 * adapt the quoted UTF16 string to be a real
+		 * cleartext one
+		 */
+		old_quoted_utf16_2 = talloc(io->ac, struct ldb_val);
+		if (old_quoted_utf16_2 == NULL) {
+			return ldb_oom(ldb);
+		}
+
+		old_quoted_utf16_2->data = old_quoted_utf16->data + 2;
+		old_quoted_utf16_2->length = old_quoted_utf16->length-4;
+
+		io->og.cleartext_utf16 = old_quoted_utf16_2;
+		io->og.nt_hash = NULL;
+	} else if (old_quoted_utf16) {
+		/* We have only the hash available -> so no plaintext here */
+		if (!ac->hash_values) {
+			/* refuse the change if someone wants to change
+			   the hash without control specified... */
+			ldb_asprintf_errstring(ldb,
+				"setup_io: "
+				"it's not allowed to set the NT hash password directly'");
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+
+		io->og.nt_hash = talloc(io->ac, struct samr_Password);
+		if (io->og.nt_hash == NULL) {
+			return ldb_oom(ldb);
+		}
+		memcpy(io->og.nt_hash->hash, old_quoted_utf16->data,
+		       MIN(old_quoted_utf16->length, sizeof(io->og.nt_hash->hash)));
+	}
+
+	/* Handles the "dBCSPwd" attribute (LM hash) */
+	ret = msg_find_old_and_new_pwd_val(client_msg, "dBCSPwd",
+					   ac->req->operation,
+					   &lm_hash, &old_lm_hash);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb,
+			"setup_io: "
+			"it's only allowed to set the old password once!");
+		return ret;
+	}
+
+	if (((lm_hash != NULL) || (old_lm_hash != NULL))) {
+		/* refuse the change if someone wants to change the LM hash */
+		ldb_asprintf_errstring(ldb,
+			"setup_io: "
+			"it's not allowed to set the LM hash password (dBCSPwd)'");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	/*
+	 * Handles the password change control if it's specified. It has the
+	 * precedence and overrides already specified old password values of
+	 * change requests (but that shouldn't happen since the control is
+	 * fully internal and only used in conjunction with replace requests!).
+	 */
+	if (ac->change != NULL) {
+		io->og.nt_hash = NULL;
+	}
+
+	/* refuse the change if someone wants to change the clear-
+	   text and supply his own hashes at the same time... */
+	if ((io->n.cleartext_utf8 || io->n.cleartext_utf16)
+			&& (io->n.nt_hash)) {
+		ldb_asprintf_errstring(ldb,
+			"setup_io: "
+			"it's only allowed to set the password in form of cleartext attributes or as hashes");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	/* refuse the change if someone wants to change the password
+	   using both plaintext methods (UTF8 and UTF16) at the same time... */
+	if (io->n.cleartext_utf8 && io->n.cleartext_utf16) {
+		ldb_asprintf_errstring(ldb,
+			"setup_io: "
+			"it's only allowed to set the cleartext password as 'unicodePwd' or as 'userPassword' or as 'clearTextPassword'");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	/* refuse the change if someone tries to set/change the password by
+	 * any method that would leave us without a password! */
+	if (io->ac->update_password
+	    && (!io->n.cleartext_utf8) && (!io->n.cleartext_utf16)
+	    && (!io->n.nt_hash)) {
+		ldb_asprintf_errstring(ldb,
+			"setup_io: "
+			"It's not possible to delete the password (changes using the LAN Manager hash alone could be deactivated)!");
+		/* on "userPassword" and "clearTextPassword" we've to return
+		 * something different, since these are virtual attributes */
+		if ((ldb_msg_find_element(client_msg, "userPassword") != NULL) ||
+		    (ldb_msg_find_element(client_msg, "clearTextPassword") != NULL)) {
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	/*
+	 * refuse the change if someone wants to compare against a
+	 * plaintext or dsdb_control_password_change at the same time
+	 * for a "password modify" operation...
+	 */
+	if ((io->og.cleartext_utf8 || io->og.cleartext_utf16)
+	    && ac->change) {
+		ldb_asprintf_errstring(ldb,
+			"setup_io: "
+			"it's only allowed to provide the old password in form of cleartext attributes or as the dsdb_control_password_change");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	/* refuse the change if someone wants to compare against both
+	 * plaintexts at the same time for a "password modify" operation... */
+	if (io->og.cleartext_utf8 && io->og.cleartext_utf16) {
+		ldb_asprintf_errstring(ldb,
+			"setup_io: "
+			"it's only allowed to provide the old cleartext password as 'unicodePwd' or as 'userPassword' or as 'clearTextPassword'");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	/* Decides if we have a password modify or password reset operation */
+	if (ac->req->operation == LDB_ADD) {
+		/* On "add" we have only "password reset" */
+		ac->pwd_reset = true;
+	} else if (ac->req->operation == LDB_MODIFY) {
+		struct ldb_control *pav_ctrl = NULL;
+		struct dsdb_control_password_acl_validation *pav = NULL;
+
+		pav_ctrl = ldb_request_get_control(ac->req,
+				DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID);
+		if (pav_ctrl != NULL) {
+			pav = talloc_get_type_abort(pav_ctrl->data,
+				struct dsdb_control_password_acl_validation);
+		}
+
+		if (pav == NULL && ac->update_password) {
+			bool ok;
+
+			/*
+			 * If the DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID
+			 * control is missing, we require system access!
+			 */
+			ok = dsdb_module_am_system(ac->module);
+			if (!ok) {
+				return ldb_module_operr(ac->module);
+			}
+		}
+
+		if (pav != NULL) {
+			/*
+			 * We assume what the acl module has validated.
+			 */
+			ac->pwd_reset = pav->pwd_reset;
+		} else if (io->og.cleartext_utf8 || io->og.cleartext_utf16
+		    || ac->change) {
+			/*
+			 * If we have an old password specified or the
+			 * dsdb_control_password_change then for sure
+			 * it is a user "password change"
+			 */
+			ac->pwd_reset = false;
+		} else {
+			/* Otherwise we have also here a "password reset" */
+			ac->pwd_reset = true;
+		}
+	} else {
+		/* this shouldn't happen */
+		return ldb_operr(ldb);
+	}
+
+	if (existing_msg != NULL) {
+		NTSTATUS status;
+		krb5_error_code krb5_ret;
+		DATA_BLOB key_blob;
+		DATA_BLOB salt_blob;
+		uint32_t kvno;
+
+		if (ac->pwd_reset) {
+			/* Get the old password from the database */
+			status = samdb_result_passwords_no_lockout(ac,
+								   lp_ctx,
+								   existing_msg,
+								   &io->o.nt_hash);
+		} else {
+			/* Get the old password from the database */
+			status = samdb_result_passwords(ac,
+							lp_ctx,
+							existing_msg,
+							&io->o.nt_hash);
+		}
+
+		if (NT_STATUS_EQUAL(status, NT_STATUS_ACCOUNT_LOCKED_OUT)) {
+			return dsdb_module_werror(ac->module,
+						  LDB_ERR_CONSTRAINT_VIOLATION,
+						  WERR_ACCOUNT_LOCKED_OUT,
+						  "Password change not permitted,"
+						  " account locked out!");
+		}
+
+		if (!NT_STATUS_IS_OK(status)) {
+			/*
+			 * This only happens if the database has gone weird,
+			 * not if we are just missing the passwords
+			 */
+			return ldb_operr(ldb);
+		}
+
+		io->o.nt_history_len = samdb_result_hashes(ac, existing_msg,
+							   "ntPwdHistory",
+							   &io->o.nt_history);
+		io->o.supplemental = ldb_msg_find_ldb_val(existing_msg,
+							  "supplementalCredentials");
+
+		if (io->o.supplemental != NULL) {
+			enum ndr_err_code ndr_err;
+
+			ndr_err = ndr_pull_struct_blob_all(io->o.supplemental, io->ac,
+					&io->o.scb,
+					(ndr_pull_flags_fn_t)ndr_pull_supplementalCredentialsBlob);
+			if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+				status = ndr_map_error2ntstatus(ndr_err);
+				ldb_asprintf_errstring(ldb,
+						"setup_io: failed to pull "
+						"old supplementalCredentialsBlob: %s",
+						nt_errstr(status));
+				return LDB_ERR_OPERATIONS_ERROR;
+			}
+		}
+
+		/*
+		 * If this account requires a smartcard for login, we don't
+		 * attempt a comparison with the old password.
+		 */
+		if (io->u.userAccountControl & UF_SMARTCARD_REQUIRED) {
+			return LDB_SUCCESS;
+		}
+
+		/*
+		 * Extract the old ENCTYPE_AES256_CTS_HMAC_SHA1_96
+		 * value from the supplementalCredentials.
+		 */
+		krb5_ret = dsdb_extract_aes_256_key(io->smb_krb5_context->krb5_context,
+						    io->ac,
+						    existing_msg,
+						    io->u.userAccountControl,
+						    NULL, /* kvno */
+						    &kvno, /* kvno_out */
+						    &key_blob,
+						    &salt_blob);
+		if (krb5_ret == ENOENT) {
+			/*
+			 * If there is no old AES hash (perhaps an imported DB with
+			 * just unicodePwd) then we just won't have an old
+			 * password to compare to if there is no NT hash
+			 */
+			return LDB_SUCCESS;
+		}
+		if (krb5_ret) {
+			ldb_asprintf_errstring(ldb,
+					       "setup_io: "
+					       "extraction of salt for old aes256-cts-hmac-sha1-96 key failed: %s",
+					       smb_get_krb5_error_message(io->smb_krb5_context->krb5_context,
+									  krb5_ret, io->ac));
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+
+		io->o.salt = salt_blob;
+		io->o.aes_256 = key_blob;
+		io->o.kvno = kvno;
+	}
+
+	return LDB_SUCCESS;
+}
+
+static struct ph_context *ph_init_context(struct ldb_module *module,
+					  struct ldb_request *req,
+					  bool userPassword,
+					  bool update_password)
+{
+	struct ldb_context *ldb;
+	struct ph_context *ac;
+	struct loadparm_context *lp_ctx = NULL;
+
+	ldb = ldb_module_get_ctx(module);
+
+	ac = talloc_zero(req, struct ph_context);
+	if (ac == NULL) {
+		ldb_set_errstring(ldb, "Out of Memory");
+		return NULL;
+	}
+
+	ac->module = module;
+	ac->req = req;
+	ac->userPassword = userPassword;
+	ac->update_password = update_password;
+	ac->update_lastset = true;
+
+	lp_ctx = talloc_get_type_abort(ldb_get_opaque(ldb, "loadparm"),
+				       struct loadparm_context);
+	ac->gpg_key_ids = lpcfg_password_hash_gpg_key_ids(lp_ctx);
+	ac->userPassword_schemes
+		= lpcfg_password_hash_userpassword_schemes(lp_ctx);
+	return ac;
+}
+
+static void ph_apply_controls(struct ph_context *ac)
+{
+	struct ldb_control *ctrl;
+
+	ac->change_status = false;
+	ctrl = ldb_request_get_control(ac->req,
+				       DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID);
+	if (ctrl != NULL) {
+		ac->change_status = true;
+
+		/* Mark the "change status" control as uncritical (done) */
+		ctrl->critical = false;
+	}
+
+	ac->hash_values = false;
+	ctrl = ldb_request_get_control(ac->req,
+				       DSDB_CONTROL_PASSWORD_HASH_VALUES_OID);
+	if (ctrl != NULL) {
+		ac->hash_values = true;
+
+		/* Mark the "hash values" control as uncritical (done) */
+		ctrl->critical = false;
+	}
+
+	ctrl = ldb_request_get_control(ac->req,
+				       DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID);
+	if (ctrl != NULL) {
+		ac->change = talloc_get_type_abort(ctrl->data, struct dsdb_control_password_change);
+
+		/* Mark the "change" control as uncritical (done) */
+		ctrl->critical = false;
+	}
+
+	ac->pwd_last_set_bypass = false;
+	ctrl = ldb_request_get_control(ac->req,
+				DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID);
+	if (ctrl != NULL) {
+		ac->pwd_last_set_bypass = true;
+
+		/* Mark the "bypass pwdLastSet" control as uncritical (done) */
+		ctrl->critical = false;
+	}
+
+	ac->pwd_last_set_default = false;
+	ctrl = ldb_request_get_control(ac->req,
+				DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET_OID);
+	if (ctrl != NULL) {
+		ac->pwd_last_set_default = true;
+
+		/* Mark the "bypass pwdLastSet" control as uncritical (done) */
+		ctrl->critical = false;
+	}
+
+	ac->smartcard_reset = false;
+	ctrl = ldb_request_get_control(ac->req,
+				DSDB_CONTROL_PASSWORD_USER_ACCOUNT_CONTROL_OID);
+	if (ctrl != NULL) {
+		struct dsdb_control_password_user_account_control *uac = NULL;
+		uint32_t added_flags = 0;
+
+		uac = talloc_get_type_abort(ctrl->data,
+			struct dsdb_control_password_user_account_control);
+
+		added_flags = uac->new_flags & ~uac->old_flags;
+
+		if (added_flags & UF_SMARTCARD_REQUIRED) {
+			ac->smartcard_reset = true;
+		}
+
+		/* Mark the "smartcard required" control as uncritical (done) */
+		ctrl->critical = false;
+	}
+}
+
+static int ph_op_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	struct ph_context *ac;
+
+	ac = talloc_get_type(req->context, struct ph_context);
+
+	if (!ares) {
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+
+	if (ares->type == LDB_REPLY_REFERRAL) {
+		return ldb_module_send_referral(ac->req, ares->referral);
+	}
+
+	if ((ares->error != LDB_ERR_OPERATIONS_ERROR) && (ac->change_status)) {
+		/* On success and trivial errors a status control is being
+		 * added (used for example by the "samdb_set_password" call) */
+		ldb_reply_add_control(ares,
+				      DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID,
+				      false,
+				      ac->status);
+	}
+
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	if (ares->type != LDB_REPLY_DONE) {
+		talloc_free(ares);
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+
+	return ldb_module_done(ac->req, ares->controls,
+				ares->response, ares->error);
+}
+
+static int password_hash_add_do_add(struct ph_context *ac);
+static int ph_modify_callback(struct ldb_request *req, struct ldb_reply *ares);
+static int password_hash_mod_search_self(struct ph_context *ac);
+static int ph_mod_search_callback(struct ldb_request *req, struct ldb_reply *ares);
+static int password_hash_mod_do_mod(struct ph_context *ac);
+
+/*
+ * LDB callback handler for searching for a user's PSO. Once we have all the
+ * Password Settings that apply to the user, we can continue with the modify
+ * operation
+ */
+static int get_pso_data_callback(struct ldb_request *req,
+				 struct ldb_reply *ares)
+{
+	struct ldb_context *ldb = NULL;
+	struct ph_context *ac = NULL;
+	bool domain_complexity = true;
+	bool pso_complexity = true;
+	struct dsdb_user_pwd_settings *settings = NULL;
+	int ret = LDB_SUCCESS;
+
+	ac = talloc_get_type(req->context, struct ph_context);
+	ldb = ldb_module_get_ctx(ac->module);
+
+	if (!ares) {
+		ret = LDB_ERR_OPERATIONS_ERROR;
+		goto done;
+	}
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, ares->controls,
+				       ares->response, ares->error);
+	}
+
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+
+		/* check status was initialized by the domain query */
+		if (ac->status == NULL) {
+			talloc_free(ares);
+			ldb_set_errstring(ldb, "Uninitialized status");
+			ret = LDB_ERR_OPERATIONS_ERROR;
+			goto done;
+		}
+
+		/*
+		 * use the PSO's values instead of the domain defaults (the PSO
+		 * attributes should always exist, but use the domain default
+		 * values as a fallback).
+		 */
+		settings = &ac->status->domain_data;
+		settings->store_cleartext =
+			ldb_msg_find_attr_as_bool(ares->message,
+						  "msDS-PasswordReversibleEncryptionEnabled",
+						  settings->store_cleartext);
+
+		settings->pwdHistoryLength =
+			ldb_msg_find_attr_as_uint(ares->message,
+						  "msDS-PasswordHistoryLength",
+						  settings->pwdHistoryLength);
+		settings->maxPwdAge =
+			ldb_msg_find_attr_as_int64(ares->message,
+						   "msDS-MaximumPasswordAge",
+						   settings->maxPwdAge);
+		settings->minPwdAge =
+			ldb_msg_find_attr_as_int64(ares->message,
+						   "msDS-MinimumPasswordAge",
+						   settings->minPwdAge);
+		settings->minPwdLength =
+			ldb_msg_find_attr_as_uint(ares->message,
+						  "msDS-MinimumPasswordLength",
+						  settings->minPwdLength);
+		domain_complexity =
+			(settings->pwdProperties & DOMAIN_PASSWORD_COMPLEX);
+		pso_complexity =
+			ldb_msg_find_attr_as_bool(ares->message,
+						  "msDS-PasswordComplexityEnabled",
+						   domain_complexity);
+
+		/* set or clear the complexity bit if required */
+		if (pso_complexity && !domain_complexity) {
+			settings->pwdProperties |= DOMAIN_PASSWORD_COMPLEX;
+		} else if (domain_complexity && !pso_complexity) {
+			settings->pwdProperties &= ~DOMAIN_PASSWORD_COMPLEX;
+		}
+
+		if (ac->pso_res != NULL) {
+			DBG_ERR("Too many PSO results for %s\n",
+				ldb_dn_get_linearized(ac->search_res->message->dn));
+			talloc_free(ac->pso_res);
+		}
+
+		/* store the PSO result (we may need its lockout settings) */
+		ac->pso_res = talloc_steal(ac, ares);
+		ret = LDB_SUCCESS;
+		break;
+
+	case LDB_REPLY_REFERRAL:
+		/* ignore */
+		talloc_free(ares);
+		ret = LDB_SUCCESS;
+		break;
+
+	case LDB_REPLY_DONE:
+		talloc_free(ares);
+
+		/*
+		 * perform the next step of the modify operation (this code
+		 * shouldn't get called in the 'user add' case)
+		 */
+		if (ac->req->operation == LDB_MODIFY) {
+			ret = password_hash_mod_do_mod(ac);
+		} else {
+			ret = LDB_ERR_OPERATIONS_ERROR;
+		}
+		break;
+	}
+
+done:
+	if (ret != LDB_SUCCESS) {
+		struct ldb_reply *new_ares;
+
+		new_ares = talloc_zero(ac->req, struct ldb_reply);
+		if (new_ares == NULL) {
+			ldb_oom(ldb);
+			return ldb_module_done(ac->req, NULL, NULL,
+					       LDB_ERR_OPERATIONS_ERROR);
+		}
+
+		new_ares->error = ret;
+		if ((ret != LDB_ERR_OPERATIONS_ERROR) && (ac->change_status)) {
+			/* On success and trivial errors a status control is being
+			 * added (used for example by the "samdb_set_password" call) */
+			ldb_reply_add_control(new_ares,
+					      DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID,
+					      false,
+					      ac->status);
+		}
+
+		return ldb_module_done(ac->req, new_ares->controls,
+				       new_ares->response, new_ares->error);
+	}
+
+	return LDB_SUCCESS;
+}
+
+/*
+ * Builds and returns a search request to look up the PSO that applies to
+ * the user in question. Returns NULL if no PSO applies, or could not be found
+ */
+static struct ldb_request * build_pso_data_request(struct ph_context *ac)
+{
+	/* attrs[] is returned from this function in
+	   pso_req->op.search.attrs, so it must be static, as
+	   otherwise the compiler can put it on the stack */
+	static const char * const attrs[] = { "msDS-PasswordComplexityEnabled",
+					      "msDS-PasswordReversibleEncryptionEnabled",
+					      "msDS-PasswordHistoryLength",
+					      "msDS-MaximumPasswordAge",
+					      "msDS-MinimumPasswordAge",
+					      "msDS-MinimumPasswordLength",
+					      "msDS-LockoutThreshold",
+					      "msDS-LockoutObservationWindow",
+					      NULL };
+	struct ldb_context *ldb = NULL;
+	struct ldb_request *pso_req = NULL;
+	struct ldb_dn *pso_dn = NULL;
+	TALLOC_CTX *mem_ctx = ac;
+	int ret;
+
+	ldb = ldb_module_get_ctx(ac->module);
+
+	/* if a PSO applies to the user, we need to lookup the PSO as well */
+	pso_dn = ldb_msg_find_attr_as_dn(ldb, mem_ctx, ac->search_res->message,
+					 "msDS-ResultantPSO");
+	if (pso_dn == NULL) {
+		return NULL;
+	}
+
+	ret = ldb_build_search_req(&pso_req, ldb, mem_ctx, pso_dn,
+				   LDB_SCOPE_BASE, NULL, attrs, NULL,
+				   ac, get_pso_data_callback,
+				   ac->dom_req);
+
+	/* log errors, but continue with the default domain settings */
+	if (ret != LDB_SUCCESS) {
+		DBG_ERR("Error %d constructing PSO query for user %s\n", ret,
+			ldb_dn_get_linearized(ac->search_res->message->dn));
+	}
+	LDB_REQ_SET_LOCATION(pso_req);
+	return pso_req;
+}
+
+
+static int get_domain_data_callback(struct ldb_request *req,
+				    struct ldb_reply *ares)
+{
+	struct ldb_context *ldb;
+	struct ph_context *ac;
+	struct loadparm_context *lp_ctx;
+	struct ldb_request *pso_req = NULL;
+	int ret = LDB_SUCCESS;
+
+	ac = talloc_get_type(req->context, struct ph_context);
+	ldb = ldb_module_get_ctx(ac->module);
+
+	if (!ares) {
+		ret = LDB_ERR_OPERATIONS_ERROR;
+		goto done;
+	}
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+		if (ac->status != NULL) {
+			talloc_free(ares);
+
+			ldb_set_errstring(ldb, "Too many results");
+			ret = LDB_ERR_OPERATIONS_ERROR;
+			goto done;
+		}
+
+		/* Setup the "status" structure (used as control later) */
+		ac->status = talloc_zero(ac->req,
+					 struct dsdb_control_password_change_status);
+		if (ac->status == NULL) {
+			talloc_free(ares);
+
+			ldb_oom(ldb);
+			ret = LDB_ERR_OPERATIONS_ERROR;
+			goto done;
+		}
+
+		/* Setup the "domain data" structure */
+		ac->status->domain_data.pwdProperties =
+			ldb_msg_find_attr_as_uint(ares->message, "pwdProperties", -1);
+		ac->status->domain_data.pwdHistoryLength =
+			ldb_msg_find_attr_as_uint(ares->message, "pwdHistoryLength", -1);
+		ac->status->domain_data.maxPwdAge =
+			ldb_msg_find_attr_as_int64(ares->message, "maxPwdAge", -1);
+		ac->status->domain_data.minPwdAge =
+			ldb_msg_find_attr_as_int64(ares->message, "minPwdAge", -1);
+		ac->status->domain_data.minPwdLength =
+			ldb_msg_find_attr_as_uint(ares->message, "minPwdLength", -1);
+		ac->status->domain_data.store_cleartext =
+			ac->status->domain_data.pwdProperties & DOMAIN_PASSWORD_STORE_CLEARTEXT;
+
+		/* For a domain DN, this puts things in dotted notation */
+		/* For builtin domains, this will give details for the host,
+		 * but that doesn't really matter, as it's just used for salt
+		 * and kerberos principals, which don't exist here */
+
+		lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"),
+					 struct loadparm_context);
+
+		ac->status->domain_data.dns_domain = lpcfg_dnsdomain(lp_ctx);
+		ac->status->domain_data.realm = lpcfg_realm(lp_ctx);
+		ac->status->domain_data.netbios_domain = lpcfg_sam_name(lp_ctx);
+
+		ac->status->reject_reason = SAM_PWD_CHANGE_NO_ERROR;
+
+		if (ac->dom_res != NULL) {
+			talloc_free(ares);
+
+			ldb_set_errstring(ldb, "Too many results");
+			ret = LDB_ERR_OPERATIONS_ERROR;
+			goto done;
+		}
+
+		ac->dom_res = talloc_steal(ac, ares);
+		ret = LDB_SUCCESS;
+		break;
+
+	case LDB_REPLY_REFERRAL:
+		/* ignore */
+		talloc_free(ares);
+		ret = LDB_SUCCESS;
+		break;
+
+	case LDB_REPLY_DONE:
+		talloc_free(ares);
+		/* call the next step */
+		switch (ac->req->operation) {
+		case LDB_ADD:
+			ret = password_hash_add_do_add(ac);
+			break;
+
+		case LDB_MODIFY:
+
+			/*
+			 * The user may have an optional PSO applied. If so,
+			 * query the PSO to get the Fine-Grained Password Policy
+			 * for the user, before we perform the modify
+			 */
+			pso_req = build_pso_data_request(ac);
+			if (pso_req != NULL) {
+				ret = ldb_next_request(ac->module, pso_req);
+			} else {
+
+				/* no PSO, so we can perform the modify now */
+				ret = password_hash_mod_do_mod(ac);
+			}
+			break;
+
+		default:
+			ret = LDB_ERR_OPERATIONS_ERROR;
+			break;
+		}
+		break;
+	}
+
+done:
+	if (ret != LDB_SUCCESS) {
+		struct ldb_reply *new_ares;
+
+		new_ares = talloc_zero(ac->req, struct ldb_reply);
+		if (new_ares == NULL) {
+			ldb_oom(ldb);
+			return ldb_module_done(ac->req, NULL, NULL,
+					       LDB_ERR_OPERATIONS_ERROR);
+		}
+
+		new_ares->error = ret;
+		if ((ret != LDB_ERR_OPERATIONS_ERROR) && (ac->change_status)) {
+			/* On success and trivial errors a status control is being
+			 * added (used for example by the "samdb_set_password" call) */
+			ldb_reply_add_control(new_ares,
+					      DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID,
+					      false,
+					      ac->status);
+		}
+
+		return ldb_module_done(ac->req, new_ares->controls,
+				       new_ares->response, new_ares->error);
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int build_domain_data_request(struct ph_context *ac)
+{
+	/* attrs[] is returned from this function in
+	   ac->dom_req->op.search.attrs, so it must be static, as
+	   otherwise the compiler can put it on the stack */
+	struct ldb_context *ldb;
+	static const char * const attrs[] = { "pwdProperties",
+					      "pwdHistoryLength",
+					      "maxPwdAge",
+					      "minPwdAge",
+					      "minPwdLength",
+					      "lockoutThreshold",
+					      "lockOutObservationWindow",
+					      NULL };
+	int ret;
+
+	ldb = ldb_module_get_ctx(ac->module);
+
+	ret = ldb_build_search_req(&ac->dom_req, ldb, ac,
+				   ldb_get_default_basedn(ldb),
+				   LDB_SCOPE_BASE,
+				   NULL, attrs,
+				   NULL,
+				   ac, get_domain_data_callback,
+				   ac->req);
+	LDB_REQ_SET_LOCATION(ac->dom_req);
+	return ret;
+}
+
+static int password_hash_needed(struct ldb_module *module,
+				struct ldb_request *req,
+				struct ph_context **_ac)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	const char *operation = NULL;
+	const struct ldb_message *msg = NULL;
+	struct ph_context *ac = NULL;
+	const char *passwordAttrs[] = {
+		DSDB_PASSWORD_ATTRIBUTES,
+		NULL
+	};
+	const char **a = NULL;
+	unsigned int attr_cnt = 0;
+	struct ldb_control *bypass = NULL;
+	struct ldb_control *uac_ctrl = NULL;
+	bool userPassword = dsdb_user_password_support(module, req, req);
+	bool update_password = false;
+	bool processing_needed = false;
+
+	*_ac = NULL;
+
+	ldb_debug(ldb, LDB_DEBUG_TRACE, "password_hash_needed\n");
+
+	switch (req->operation) {
+	case LDB_ADD:
+		operation = "add";
+		msg = req->op.add.message;
+		break;
+	case LDB_MODIFY:
+		operation = "modify";
+		msg = req->op.mod.message;
+		break;
+	default:
+		return ldb_next_request(module, req);
+	}
+
+	if (ldb_dn_is_special(msg->dn)) { /* do not manipulate our control entries */
+		return ldb_next_request(module, req);
+	}
+
+	bypass = ldb_request_get_control(req,
+					 DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID);
+	if (bypass != NULL) {
+		/* Mark the "bypass" control as uncritical (done) */
+		bypass->critical = false;
+		ldb_debug(ldb, LDB_DEBUG_TRACE,
+			  "password_hash_needed(%s) (bypassing)\n",
+			  operation);
+		return password_hash_bypass(module, req);
+	}
+
+	/* nobody must touch password histories and 'supplementalCredentials' */
+	if (ldb_msg_find_element(msg, "ntPwdHistory")) {
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+	if (ldb_msg_find_element(msg, "lmPwdHistory")) {
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+	if (ldb_msg_find_element(msg, "supplementalCredentials")) {
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	/*
+	 * If no part of this touches the 'userPassword' OR 'clearTextPassword'
+	 * OR 'unicodePwd' OR 'dBCSPwd' we don't need to make any changes.
+	 * For password changes/set there should be a 'delete' or a 'modify'
+	 * on these attributes.
+	 */
+	for (a = passwordAttrs; *a != NULL; a++) {
+		if ((!userPassword) && (ldb_attr_cmp(*a, "userPassword") == 0)) {
+			continue;
+		}
+
+		if (ldb_msg_find_element(msg, *a) != NULL) {
+			/* MS-ADTS 3.1.1.3.1.5.2 */
+			if ((ldb_attr_cmp(*a, "userPassword") == 0) &&
+			    (dsdb_functional_level(ldb) < DS_DOMAIN_FUNCTION_2003)) {
+				return LDB_ERR_CONSTRAINT_VIOLATION;
+			}
+
+			++attr_cnt;
+		}
+	}
+
+	if (attr_cnt > 0) {
+		update_password = true;
+		processing_needed = true;
+	}
+
+	if (ldb_msg_find_element(msg, "pwdLastSet")) {
+		processing_needed = true;
+	}
+
+	uac_ctrl = ldb_request_get_control(req,
+				DSDB_CONTROL_PASSWORD_USER_ACCOUNT_CONTROL_OID);
+	if (uac_ctrl != NULL) {
+		struct dsdb_control_password_user_account_control *uac = NULL;
+		uint32_t added_flags = 0;
+
+		uac = talloc_get_type_abort(uac_ctrl->data,
+			struct dsdb_control_password_user_account_control);
+
+		added_flags = uac->new_flags & ~uac->old_flags;
+
+		if (added_flags & UF_SMARTCARD_REQUIRED) {
+			processing_needed = true;
+		}
+	}
+
+	if (!processing_needed) {
+		return ldb_next_request(module, req);
+	}
+
+	ac = ph_init_context(module, req, userPassword, update_password);
+	if (!ac) {
+		DEBUG(0,(__location__ ": %s\n", ldb_errstring(ldb)));
+		return ldb_operr(ldb);
+	}
+	ph_apply_controls(ac);
+
+	/*
+	 * Make a copy in order to apply our modifications
+	 * to the final update
+	 */
+	ac->update_msg = ldb_msg_copy_shallow(ac, msg);
+	if (ac->update_msg == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	/*
+	 * Remove all password related attributes.
+	 */
+	if (ac->userPassword) {
+		ldb_msg_remove_attr(ac->update_msg, "userPassword");
+	}
+	ldb_msg_remove_attr(ac->update_msg, "clearTextPassword");
+	ldb_msg_remove_attr(ac->update_msg, "unicodePwd");
+	ldb_msg_remove_attr(ac->update_msg, "ntPwdHistory");
+	ldb_msg_remove_attr(ac->update_msg, "dBCSPwd");
+	ldb_msg_remove_attr(ac->update_msg, "lmPwdHistory");
+	ldb_msg_remove_attr(ac->update_msg, "supplementalCredentials");
+	ldb_msg_remove_attr(ac->update_msg, "pwdLastSet");
+
+	*_ac = ac;
+	return LDB_SUCCESS;
+}
+
+static int password_hash_add(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct ph_context *ac = NULL;
+	int ret;
+
+	ldb_debug(ldb, LDB_DEBUG_TRACE, "password_hash_add\n");
+
+	ret = password_hash_needed(module, req, &ac);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	if (ac == NULL) {
+		return ret;
+	}
+
+	/* Make sure we are performing the password set action on a (for us)
+	 * valid object. Those are instances of either "user" and/or
+	 * "inetOrgPerson". Otherwise continue with the submodules. */
+	if ((!ldb_msg_check_string_attribute(req->op.add.message, "objectClass", "user"))
+		&& (!ldb_msg_check_string_attribute(req->op.add.message, "objectClass", "inetOrgPerson"))) {
+
+		TALLOC_FREE(ac);
+
+		if (ldb_msg_find_element(req->op.add.message, "clearTextPassword") != NULL) {
+			ldb_set_errstring(ldb,
+					  "'clearTextPassword' is only allowed on objects of class 'user' and/or 'inetOrgPerson'!");
+			return LDB_ERR_NO_SUCH_ATTRIBUTE;
+		}
+
+		return ldb_next_request(module, req);
+	}
+
+	/* get user domain data */
+	ret = build_domain_data_request(ac);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return ldb_next_request(module, ac->dom_req);
+}
+
+static int password_hash_add_do_add(struct ph_context *ac)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+	struct ldb_request *down_req;
+	struct setup_password_fields_io io;
+	int ret;
+
+	/* Prepare the internal data structure containing the passwords */
+	ret = setup_io(ac, ac->req->op.add.message, NULL, &io);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = setup_password_fields(&io);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = check_password_restrictions_and_log(&io);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = setup_smartcard_reset(&io);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = update_final_msg(&io);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = ldb_build_add_req(&down_req, ldb, ac,
+				ac->update_msg,
+				ac->req->controls,
+				ac, ph_op_callback,
+				ac->req);
+	LDB_REQ_SET_LOCATION(down_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return ldb_next_request(ac->module, down_req);
+}
+
+static int password_hash_modify(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct ph_context *ac = NULL;
+	const char *passwordAttrs[] = {DSDB_PASSWORD_ATTRIBUTES, NULL}, **l;
+	unsigned int del_attr_cnt, add_attr_cnt, rep_attr_cnt;
+	struct ldb_message_element *passwordAttr;
+	struct ldb_message *msg;
+	struct ldb_request *down_req;
+	struct ldb_control *restore = NULL;
+	int ret;
+	unsigned int i = 0;
+
+	ldb_debug(ldb, LDB_DEBUG_TRACE, "password_hash_modify\n");
+
+	ret = password_hash_needed(module, req, &ac);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	if (ac == NULL) {
+		return ret;
+	}
+
+	/* use a new message structure so that we can modify it */
+	msg = ldb_msg_copy_shallow(ac, req->op.mod.message);
+	if (msg == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	/* - check for single-valued password attributes
+	 *   (if not return "CONSTRAINT_VIOLATION")
+	 * - check that for a password change operation one add and one delete
+	 *   operation exists
+	 *   (if not return "CONSTRAINT_VIOLATION" or "UNWILLING_TO_PERFORM")
+	 * - check that a password change and a password set operation cannot
+	 *   be mixed
+	 *   (if not return "UNWILLING_TO_PERFORM")
+	 * - remove all password attributes modifications from the first change
+	 *   operation (anything without the passwords) - we will make the real
+	 *   modification later */
+	del_attr_cnt = 0;
+	add_attr_cnt = 0;
+	rep_attr_cnt = 0;
+	for (l = passwordAttrs; *l != NULL; l++) {
+		if ((!ac->userPassword) &&
+		    (ldb_attr_cmp(*l, "userPassword") == 0)) {
+			continue;
+		}
+
+		while ((passwordAttr = ldb_msg_find_element(msg, *l)) != NULL) {
+			unsigned int mtype = LDB_FLAG_MOD_TYPE(passwordAttr->flags);
+			unsigned int nvalues = passwordAttr->num_values;
+
+			if (mtype == LDB_FLAG_MOD_DELETE) {
+				++del_attr_cnt;
+			}
+			if (mtype == LDB_FLAG_MOD_ADD) {
+				++add_attr_cnt;
+			}
+			if (mtype == LDB_FLAG_MOD_REPLACE) {
+				++rep_attr_cnt;
+			}
+			if ((nvalues != 1) && (mtype == LDB_FLAG_MOD_ADD)) {
+				talloc_free(ac);
+				ldb_asprintf_errstring(ldb,
+						       "'%s' attribute must have exactly one value on add operations!",
+						       *l);
+				return LDB_ERR_CONSTRAINT_VIOLATION;
+			}
+			if ((nvalues > 1) && (mtype == LDB_FLAG_MOD_DELETE)) {
+				talloc_free(ac);
+				ldb_asprintf_errstring(ldb,
+						       "'%s' attribute must have zero or one value(s) on delete operations!",
+						       *l);
+				return LDB_ERR_CONSTRAINT_VIOLATION;
+			}
+			ldb_msg_remove_element(msg, passwordAttr);
+		}
+	}
+	if ((del_attr_cnt == 0) && (add_attr_cnt > 0)) {
+		talloc_free(ac);
+		ldb_set_errstring(ldb,
+				  "Only the add action for a password change specified!");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+	if ((del_attr_cnt > 1) || (add_attr_cnt > 1)) {
+		talloc_free(ac);
+		ldb_set_errstring(ldb,
+				  "Only one delete and one add action for a password change allowed!");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+	if ((rep_attr_cnt > 0) && ((del_attr_cnt > 0) || (add_attr_cnt > 0))) {
+		talloc_free(ac);
+		ldb_set_errstring(ldb,
+				  "Either a password change or a password set operation is allowed!");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	restore = ldb_request_get_control(req,
+					DSDB_CONTROL_RESTORE_TOMBSTONE_OID);
+	if (restore == NULL) {
+		/*
+		 * A tombstone reanimation generates a double update
+		 * of pwdLastSet.
+		 *
+		 * So we only remove it without the
+		 * DSDB_CONTROL_RESTORE_TOMBSTONE_OID control.
+		 */
+		ldb_msg_remove_attr(msg, "pwdLastSet");
+	}
+
+
+	/* if there was nothing else to be modified skip to next step */
+	if (msg->num_elements == 0) {
+		return password_hash_mod_search_self(ac);
+	}
+
+	/*
+	 * Now we apply all changes remaining in msg
+	 * and remove them from our final update_msg
+	 */
+
+	for (i = 0; i < msg->num_elements; i++) {
+		ldb_msg_remove_attr(ac->update_msg,
+				    msg->elements[i].name);
+	}
+
+	ret = ldb_build_mod_req(&down_req, ldb, ac,
+				msg,
+				req->controls,
+				ac, ph_modify_callback,
+				req);
+	LDB_REQ_SET_LOCATION(down_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return ldb_next_request(module, down_req);
+}
+
+static int ph_modify_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	struct ph_context *ac;
+
+	ac = talloc_get_type(req->context, struct ph_context);
+
+	if (!ares) {
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+
+	if (ares->type == LDB_REPLY_REFERRAL) {
+		return ldb_module_send_referral(ac->req, ares->referral);
+	}
+
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	if (ares->type != LDB_REPLY_DONE) {
+		talloc_free(ares);
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+
+	talloc_free(ares);
+
+	return password_hash_mod_search_self(ac);
+}
+
+static int ph_mod_search_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	struct ldb_context *ldb;
+	struct ph_context *ac;
+	int ret = LDB_SUCCESS;
+
+	ac = talloc_get_type(req->context, struct ph_context);
+	ldb = ldb_module_get_ctx(ac->module);
+
+	if (!ares) {
+		ret = LDB_ERR_OPERATIONS_ERROR;
+		goto done;
+	}
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	/* we are interested only in the single reply (base search) */
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+		/* Make sure we are performing the password change action on a
+		 * (for us) valid object. Those are instances of either "user"
+		 * and/or "inetOrgPerson". Otherwise continue with the
+		 * submodules. */
+		if ((!ldb_msg_check_string_attribute(ares->message, "objectClass", "user"))
+			&& (!ldb_msg_check_string_attribute(ares->message, "objectClass", "inetOrgPerson"))) {
+			talloc_free(ares);
+
+			if (ldb_msg_find_element(ac->req->op.mod.message, "clearTextPassword") != NULL) {
+				ldb_set_errstring(ldb,
+						  "'clearTextPassword' is only allowed on objects of class 'user' and/or 'inetOrgPerson'!");
+				ret = LDB_ERR_NO_SUCH_ATTRIBUTE;
+				goto done;
+			}
+
+			ret = ldb_next_request(ac->module, ac->req);
+			goto done;
+		}
+
+		if (ac->search_res != NULL) {
+			talloc_free(ares);
+
+			ldb_set_errstring(ldb, "Too many results");
+			ret = LDB_ERR_OPERATIONS_ERROR;
+			goto done;
+		}
+
+		ac->search_res = talloc_steal(ac, ares);
+		ret = LDB_SUCCESS;
+		break;
+
+	case LDB_REPLY_REFERRAL:
+		/* ignore anything else for now */
+		talloc_free(ares);
+		ret = LDB_SUCCESS;
+		break;
+
+	case LDB_REPLY_DONE:
+		talloc_free(ares);
+
+		/* get user domain data */
+		ret = build_domain_data_request(ac);
+		if (ret != LDB_SUCCESS) {
+			return ldb_module_done(ac->req, NULL, NULL, ret);
+		}
+
+		ret = ldb_next_request(ac->module, ac->dom_req);
+		break;
+	}
+
+done:
+	if (ret != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, NULL, NULL, ret);
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int password_hash_mod_search_self(struct ph_context *ac)
+{
+	struct ldb_context *ldb;
+	static const char * const attrs[] = { "objectClass",
+					      "userAccountControl",
+					      "msDS-ResultantPSO",
+					      "msDS-User-Account-Control-Computed",
+					      "pwdLastSet",
+					      "sAMAccountName",
+					      "objectSid",
+					      "userPrincipalName",
+					      "displayName",
+					      "supplementalCredentials",
+					      "lmPwdHistory",
+					      "ntPwdHistory",
+					      "dBCSPwd",
+					      "unicodePwd",
+					      "badPasswordTime",
+					      "badPwdCount",
+					      "lockoutTime",
+					      "msDS-KeyVersionNumber",
+					      "msDS-SecondaryKrbTgtNumber",
+					      NULL };
+	struct ldb_request *search_req;
+	int ret;
+
+	ldb = ldb_module_get_ctx(ac->module);
+
+	ret = ldb_build_search_req(&search_req, ldb, ac,
+				   ac->req->op.mod.message->dn,
+				   LDB_SCOPE_BASE,
+				   "(objectclass=*)",
+				   attrs,
+				   NULL,
+				   ac, ph_mod_search_callback,
+				   ac->req);
+	LDB_REQ_SET_LOCATION(search_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return ldb_next_request(ac->module, search_req);
+}
+
+static int password_hash_mod_do_mod(struct ph_context *ac)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+	struct ldb_request *mod_req;
+	struct setup_password_fields_io io;
+	int ret;
+
+	/* Prepare the internal data structure containing the passwords */
+	ret = setup_io(ac, ac->req->op.mod.message,
+		       ac->search_res->message, &io);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = setup_password_fields(&io);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = check_password_restrictions_and_log(&io);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = setup_smartcard_reset(&io);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = update_final_msg(&io);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = ldb_build_mod_req(&mod_req, ldb, ac,
+				ac->update_msg,
+				ac->req->controls,
+				ac, ph_op_callback,
+				ac->req);
+	LDB_REQ_SET_LOCATION(mod_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return ldb_next_request(ac->module, mod_req);
+}
+
+static const struct ldb_module_ops ldb_password_hash_module_ops = {
+	.name          = "password_hash",
+	.add           = password_hash_add,
+	.modify        = password_hash_modify
+};
+
+int ldb_password_hash_module_init(const char *version)
+{
+#ifdef ENABLE_GPGME
+	const char *gversion = NULL;
+#endif /* ENABLE_GPGME */
+
+	LDB_MODULE_CHECK_VERSION(version);
+
+#ifdef ENABLE_GPGME
+	/*
+	 * Note: this sets a SIGPIPE handler
+	 * if none is active already. See:
+	 * https://www.gnupg.org/documentation/manuals/gpgme/Signal-Handling.html#Signal-Handling
+	 */
+	gversion = gpgme_check_version(MINIMUM_GPGME_VERSION);
+	if (gversion == NULL) {
+		fprintf(stderr, "%s() in %s version[%s]: "
+			"gpgme_check_version(%s) not available, "
+			"gpgme_check_version(NULL) => '%s'\n",
+			__func__, __FILE__, version,
+			MINIMUM_GPGME_VERSION, gpgme_check_version(NULL));
+		return LDB_ERR_UNAVAILABLE;
+	}
+#endif /* ENABLE_GPGME */
+
+	return ldb_register_module(&ldb_password_hash_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/password_modules.h b/source4/dsdb/samdb/ldb_modules/password_modules.h
new file mode 100644
index 0000000..40d0144
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/password_modules.h
@@ -0,0 +1,3 @@
+/* We store these passwords under this base DN: */
+
+#define LOCAL_BASE "cn=Passwords"
diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c
new file mode 100644
index 0000000..e363534
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/proxy.c
@@ -0,0 +1,415 @@
+/* 
+   samdb proxy module
+
+   Copyright (C) Andrew Tridgell 2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+  ldb proxy module. At startup this looks for a record like this:
+
+   dn=@PROXYINFO
+   url=destination url
+   olddn = basedn to proxy in upstream server
+   newdn = basedn in local server
+   username = username to connect to upstream
+   password = password for upstream
+
+   NOTE: this module is a complete hack at this stage. I am committing it just
+   so others can know how I am investigating mmc support
+   
+ */
+
+#include "includes.h"
+#include "ldb_module.h"
+#include "auth/credentials/credentials.h"
+
+struct proxy_data {
+	struct ldb_context *upstream;
+	struct ldb_dn *olddn;
+	struct ldb_dn *newdn;
+	const char **oldstr;
+	const char **newstr;
+};
+
+struct proxy_ctx {
+	struct ldb_module *module;
+	struct ldb_request *req;
+
+#ifdef DEBUG_PROXY
+	int count;
+#endif
+};
+
+/*
+  load the @PROXYINFO record
+*/
+static int load_proxy_info(struct ldb_module *module)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct proxy_data *proxy = talloc_get_type(ldb_module_get_private(module), struct proxy_data);
+	struct ldb_dn *dn;
+	struct ldb_result *res = NULL;
+	int ret;
+	const char *olddn, *newdn, *url, *username, *password, *oldstr, *newstr;
+	struct cli_credentials *creds;
+	bool ok;
+
+	/* see if we have already loaded it */
+	if (proxy->upstream != NULL) {
+		return LDB_SUCCESS;
+	}
+
+	dn = ldb_dn_new(proxy, ldb, "@PROXYINFO");
+	if (dn == NULL) {
+		goto failed;
+	}
+	ret = ldb_search(ldb, proxy, &res, dn, LDB_SCOPE_BASE, NULL, NULL);
+	talloc_free(dn);
+	if (ret != LDB_SUCCESS || res->count != 1) {
+		ldb_debug(ldb, LDB_DEBUG_FATAL, "Can't find @PROXYINFO\n");
+		goto failed;
+	}
+
+	url      = ldb_msg_find_attr_as_string(res->msgs[0], "url", NULL);
+	olddn    = ldb_msg_find_attr_as_string(res->msgs[0], "olddn", NULL);
+	newdn    = ldb_msg_find_attr_as_string(res->msgs[0], "newdn", NULL);
+	username = ldb_msg_find_attr_as_string(res->msgs[0], "username", NULL);
+	password = ldb_msg_find_attr_as_string(res->msgs[0], "password", NULL);
+	oldstr   = ldb_msg_find_attr_as_string(res->msgs[0], "oldstr", NULL);
+	newstr   = ldb_msg_find_attr_as_string(res->msgs[0], "newstr", NULL);
+
+	if (url == NULL || olddn == NULL || newdn == NULL || username == NULL || password == NULL) {
+		ldb_debug(ldb, LDB_DEBUG_FATAL, "Need url, olddn, newdn, oldstr, newstr, username and password in @PROXYINFO\n");
+		goto failed;
+	}
+
+	proxy->olddn = ldb_dn_new(proxy, ldb, olddn);
+	if (proxy->olddn == NULL) {
+		ldb_debug(ldb, LDB_DEBUG_FATAL, "Failed to explode olddn '%s'\n", olddn);
+		goto failed;
+	}
+	
+	proxy->newdn = ldb_dn_new(proxy, ldb, newdn);
+	if (proxy->newdn == NULL) {
+		ldb_debug(ldb, LDB_DEBUG_FATAL, "Failed to explode newdn '%s'\n", newdn);
+		goto failed;
+	}
+
+	proxy->upstream = ldb_init(proxy, ldb_get_event_context(ldb));
+	if (proxy->upstream == NULL) {
+		ldb_oom(ldb);
+		goto failed;
+	}
+
+	proxy->oldstr = str_list_make(proxy, oldstr, ", ");
+	if (proxy->oldstr == NULL) {
+		ldb_oom(ldb);
+		goto failed;
+	}
+
+	proxy->newstr = str_list_make(proxy, newstr, ", ");
+	if (proxy->newstr == NULL) {
+		ldb_oom(ldb);
+		goto failed;
+	}
+
+	/* setup credentials for connection */
+	creds = cli_credentials_init(proxy->upstream);
+	if (creds == NULL) {
+		ldb_oom(ldb);
+		goto failed;
+	}
+	ok = cli_credentials_guess(creds, ldb_get_opaque(ldb, "loadparm"));
+	if (!ok) {
+		ldb_oom(ldb);
+		goto failed;
+	}
+
+	cli_credentials_set_username(creds, username, CRED_SPECIFIED);
+	cli_credentials_set_password(creds, password, CRED_SPECIFIED);
+
+	ldb_set_opaque(proxy->upstream, "credentials", creds);
+
+	ret = ldb_connect(proxy->upstream, url, 0, NULL);
+	if (ret != LDB_SUCCESS) {
+		ldb_debug(ldb, LDB_DEBUG_FATAL, "proxy failed to connect to %s\n", url);
+		goto failed;
+	}
+
+	ldb_debug(ldb, LDB_DEBUG_TRACE, "proxy connected to %s\n", url);
+
+	talloc_free(res);
+
+	return LDB_SUCCESS;
+
+failed:
+	talloc_free(res);
+	talloc_free(proxy->olddn);
+	talloc_free(proxy->newdn);
+	talloc_free(proxy->upstream);
+	proxy->upstream = NULL;
+	return ldb_operr(ldb);
+}
+
+
+/*
+  convert a binary blob
+*/
+static void proxy_convert_blob(TALLOC_CTX *mem_ctx, struct ldb_val *v,
+			       const char *oldstr, const char *newstr)
+{
+	size_t len1, len2, len3;
+	uint8_t *olddata = v->data;
+	char *p = strcasestr((char *)v->data, oldstr);
+
+	len1 = (p - (char *)v->data);
+	len2 = strlen(newstr);
+	len3 = v->length - (p+strlen(oldstr) - (char *)v->data);
+	v->length = len1+len2+len3;
+	v->data = talloc_size(mem_ctx, v->length);
+	memcpy(v->data, olddata, len1);
+	memcpy(v->data+len1, newstr, len2);
+	memcpy(v->data+len1+len2, olddata + len1 + strlen(oldstr), len3);
+}
+
+/*
+  convert a returned value
+*/
+static void proxy_convert_value(struct proxy_data *proxy, struct ldb_message *msg, struct ldb_val *v)
+{
+	size_t i;
+
+	for (i=0;proxy->oldstr[i];i++) {
+		char *p = strcasestr((char *)v->data, proxy->oldstr[i]);
+		if (p == NULL) continue;
+		proxy_convert_blob(msg, v, proxy->oldstr[i], proxy->newstr[i]);
+	}
+}
+
+
+/*
+  convert a returned value
+*/
+static struct ldb_parse_tree *proxy_convert_tree(TALLOC_CTX *mem_ctx,
+						 struct proxy_data *proxy,
+						 struct ldb_parse_tree *tree)
+{
+	size_t i;
+	char *expression = ldb_filter_from_tree(mem_ctx, tree);
+
+	for (i=0;proxy->newstr[i];i++) {
+		struct ldb_val v;
+		char *p = strcasestr(expression, proxy->newstr[i]);
+		if (p == NULL) continue;
+		v.data = (uint8_t *)expression;
+		v.length = strlen(expression)+1;
+		proxy_convert_blob(mem_ctx, &v, proxy->newstr[i], proxy->oldstr[i]);
+		return ldb_parse_tree(mem_ctx, (const char *)v.data);
+	}
+	return tree;
+}
+
+
+
+/*
+  convert a returned record
+*/
+static void proxy_convert_record(struct ldb_context *ldb,
+				 struct proxy_data *proxy,
+				 struct ldb_message *msg)
+{
+	unsigned int attr, v;
+
+	/* fix the message DN */
+	if (ldb_dn_compare_base(proxy->olddn, msg->dn) == 0) {
+		ldb_dn_remove_base_components(msg->dn, ldb_dn_get_comp_num(proxy->olddn));
+		ldb_dn_add_base(msg->dn, proxy->newdn);
+	}
+
+	/* fix any attributes */
+	for (attr=0;attr<msg->num_elements;attr++) {
+		for (v=0;v<msg->elements[attr].num_values;v++) {
+			proxy_convert_value(proxy, msg, &msg->elements[attr].values[v]);
+		}
+	}
+
+	/* fix any DN components */
+	for (attr=0;attr<msg->num_elements;attr++) {
+		for (v=0;v<msg->elements[attr].num_values;v++) {
+			proxy_convert_value(proxy, msg, &msg->elements[attr].values[v]);
+		}
+	}
+}
+
+static int proxy_search_callback(struct ldb_request *req,
+				  struct ldb_reply *ares)
+{
+	struct ldb_context *ldb;
+	struct proxy_data *proxy;
+	struct proxy_ctx *ac;
+	int ret;
+
+	ac = talloc_get_type(req->context, struct proxy_ctx);
+	ldb = ldb_module_get_ctx(ac->module);
+	proxy = talloc_get_type(ldb_module_get_private(module), struct proxy_data);
+
+	if (!ares) {
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	/* Only entries are interesting, and we only want the olddn */
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+
+#ifdef DEBUG_PROXY
+		ac->count++;
+#endif
+		proxy_convert_record(ldb, proxy, ares->message);
+		ret = ldb_module_send_entry(ac->req, ares->message, ares->controls);
+		break;
+
+	case LDB_REPLY_REFERRAL:
+
+		/* ignore remote referrals */
+		break;
+
+	case LDB_REPLY_DONE:
+
+#ifdef DEBUG_PROXY
+		printf("# record %d\n", ac->count+1);
+#endif
+
+		return ldb_module_done(ac->req, NULL, NULL, LDB_SUCCESS);
+	}
+
+	talloc_free(ares);
+	return ret;
+}
+
+/* search */
+static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct proxy_ctx *ac;
+	struct ldb_parse_tree *newtree;
+	struct proxy_data *proxy = talloc_get_type(ldb_module_get_private(module), struct proxy_data);
+	struct ldb_request *newreq;
+	struct ldb_dn *base;
+	unsigned int i;
+	int ret;
+
+	ldb = ldb_module_get_ctx(module);
+
+	if (req->op.search.base == NULL ||
+		(req->op.search.base->comp_num == 1 &&
+			req->op.search.base->components[0].name[0] == '@')) {
+		goto passthru;
+	}
+
+	if (load_proxy_info(module) != LDB_SUCCESS) {
+		return ldb_operr(ldb);
+	}
+
+	/* see if the dn is within olddn */
+	if (ldb_dn_compare_base(proxy->newdn, req->op.search.base) != 0) {
+		goto passthru;
+	}
+
+	ac = talloc(req, struct proxy_ctx);
+	if (ac == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	ac->module = module;
+	ac->req = req;
+#ifdef DEBUG_PROXY
+	ac->count = 0;
+#endif
+
+	newtree = proxy_convert_tree(ac, proxy, req->op.search.tree);
+	if (newtree == NULL) {
+		goto failed;
+	}
+
+	/* convert the basedn of this search */
+	base = ldb_dn_copy(ac, req->op.search.base);
+	if (base == NULL) {
+		goto failed;
+	}
+	ldb_dn_remove_base_components(base, ldb_dn_get_comp_num(proxy->newdn));
+	ldb_dn_add_base(base, proxy->olddn);
+
+	ldb_debug(ldb, LDB_DEBUG_FATAL, "proxying: '%s' with dn '%s' \n", 
+		  ldb_filter_from_tree(ac, newreq->op.search.tree), ldb_dn_get_linearized(newreq->op.search.base));
+	for (i = 0; req->op.search.attrs && req->op.search.attrs[i]; i++) {
+		ldb_debug(ldb, LDB_DEBUG_FATAL, "attr: '%s'\n", req->op.search.attrs[i]);
+	}
+
+	ret = ldb_build_search_req_ex(&newreq, ldb, ac,
+				      base, req->op.search.scope,
+				      newtree, req->op.search.attrs,
+				      req->controls,
+				      ac, proxy_search_callback,
+				      req);
+	LDB_REQ_SET_LOCATION(newreq);
+	/* FIXME: warning, need a real event system hooked up for this to work properly,
+	 * 	  for now this makes the module *not* ASYNC */
+	ret = ldb_request(proxy->upstream, newreq);
+	if (ret != LDB_SUCCESS) {
+		ldb_set_errstring(ldb, ldb_errstring(proxy->upstream));
+	}
+	ret = ldb_wait(newreq->handle, LDB_WAIT_ALL);
+	if (ret != LDB_SUCCESS) {
+		ldb_set_errstring(ldb, ldb_errstring(proxy->upstream));
+	}
+	return ret;
+
+failed:
+	ldb_debug(ldb, LDB_DEBUG_TRACE, "proxy failed for %s\n", 
+		  ldb_dn_get_linearized(req->op.search.base));
+
+passthru:
+	return ldb_next_request(module, req); 
+}
+
+static int proxy_request(struct ldb_module *module, struct ldb_request *req)
+{
+	switch (req->operation) {
+
+	case LDB_REQ_SEARCH:
+		return proxy_search_bytree(module, req);
+
+	default:
+		return ldb_next_request(module, req);
+
+	}
+}
+
+static const struct ldb_module_ops ldb_proxy_module_ops = {
+	.name		= "proxy",
+	.request	= proxy_request
+};
+
+int ldb_proxy_module_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_proxy_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/ranged_results.c b/source4/dsdb/samdb/ldb_modules/ranged_results.c
new file mode 100644
index 0000000..b010abb
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/ranged_results.c
@@ -0,0 +1,295 @@
+/* 
+   ldb database library
+
+   Copyright (C) Andrew Bartlett 2007
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: ldb
+ *
+ *  Component: ldb ranged results module
+ *
+ *  Description: munge AD-style 'ranged results' requests into
+ *  requests for all values in an attribute, then return the range to
+ *  the client.
+ *
+ *  Author: Andrew Bartlett
+ */
+
+#include "includes.h"
+#include "ldb_module.h"
+
+#undef strncasecmp
+
+struct rr_context {
+	struct ldb_module *module;
+	struct ldb_request *req;
+	bool dirsync_in_use;
+};
+
+static struct rr_context *rr_init_context(struct ldb_module *module,
+					  struct ldb_request *req)
+{
+	struct ldb_control *dirsync_control = NULL;
+	struct rr_context *ac = talloc_zero(req, struct rr_context);
+	if (ac == NULL) {
+		ldb_set_errstring(ldb_module_get_ctx(module), "Out of Memory");
+		return NULL;
+	}
+
+	ac->module = module;
+	ac->req = req;
+
+	/*
+	 * check if there's a dirsync control (as there is an
+	 * interaction between these modules)
+	 */
+	dirsync_control = ldb_request_get_control(req,
+						  LDB_CONTROL_DIRSYNC_OID);
+	if (dirsync_control != NULL) {
+		ac->dirsync_in_use = true;
+	}
+
+	return ac;
+}
+
+static int rr_search_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	struct ldb_context *ldb;
+	struct rr_context *ac;
+	unsigned int i, j;
+	TALLOC_CTX *temp_ctx;
+
+	ac = talloc_get_type(req->context, struct rr_context);
+	ldb = ldb_module_get_ctx(ac->module);
+
+	if (!ares) {
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	if (ares->type == LDB_REPLY_REFERRAL) {
+		return ldb_module_send_referral(ac->req, ares->referral);
+	}
+
+	if (ares->type == LDB_REPLY_DONE) {
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	if (ac->dirsync_in_use) {
+		/*
+		 * We return full attribute values when mixed with
+		 * dirsync
+		 */
+		return ldb_module_send_entry(ac->req,
+					     ares->message,
+					     ares->controls);
+	}
+	/* LDB_REPLY_ENTRY */
+
+	temp_ctx = talloc_new(ac->req);
+	if (!temp_ctx) {
+		ldb_module_oom(ac->module);
+		return ldb_module_done(ac->req, NULL, NULL,
+				       LDB_ERR_OPERATIONS_ERROR);
+	}
+
+	/* Find those that are range requests from the attribute list */
+	for (i = 0; ac->req->op.search.attrs[i]; i++) {
+		char *p, *new_attr;
+		const char *end_str;
+		unsigned int start, end;
+		struct ldb_message_element *el;
+		struct ldb_val *orig_values;
+
+		p = strchr(ac->req->op.search.attrs[i], ';');
+		if (!p) {
+			continue;
+		}
+		if (strncasecmp(p, ";range=", strlen(";range=")) != 0) {
+			continue;
+		}
+		if (sscanf(p, ";range=%u-%u", &start, &end) != 2) {
+			if (sscanf(p, ";range=%u-*", &start) == 1) {
+				end = (unsigned int)-1;
+			} else {
+				continue;
+			}
+		}
+		new_attr = talloc_strndup(temp_ctx,
+					  ac->req->op.search.attrs[i],
+					  (size_t)(p - ac->req->op.search.attrs[i]));
+
+		if (!new_attr) {
+			ldb_oom(ldb);
+			return ldb_module_done(ac->req, NULL, NULL,
+						LDB_ERR_OPERATIONS_ERROR);
+		}
+		el = ldb_msg_find_element(ares->message, new_attr);
+		talloc_free(new_attr);
+		if (!el) {
+			continue;
+		}
+		if (end >= (el->num_values - 1)) {
+			/* Need to leave the requested attribute in
+			 * there (so add an empty one to match) */
+			end_str = "*";
+			end = el->num_values - 1;
+		} else {
+			end_str = talloc_asprintf(temp_ctx, "%u", end);
+			if (!end_str) {
+				ldb_oom(ldb);
+				return ldb_module_done(ac->req, NULL, NULL,
+							LDB_ERR_OPERATIONS_ERROR);
+			}
+		}
+		/* If start is greater then where we are find the end to be */
+		if (start > end) {
+			el->num_values = 0;
+			el->values = NULL;
+		} else {
+			orig_values = el->values;
+			
+			if ((start + end < start) || (start + end < end)) {
+				ldb_asprintf_errstring(ldb,
+					"range request error: start or end would overflow!");
+				return ldb_module_done(ac->req, NULL, NULL,
+							LDB_ERR_UNWILLING_TO_PERFORM);
+			}
+			
+			el->num_values = 0;
+			
+			el->values = talloc_array(ares->message->elements,
+						  struct ldb_val,
+						  (end - start) + 1);
+			if (!el->values) {
+				ldb_oom(ldb);
+				return ldb_module_done(ac->req, NULL, NULL,
+							LDB_ERR_OPERATIONS_ERROR);
+			}
+			for (j=start; j <= end; j++) {
+				el->values[el->num_values] = orig_values[j];
+				el->num_values++;
+			}
+		}
+		el->name = talloc_asprintf(ares->message->elements,
+					   "%s;range=%u-%s", el->name, start,
+					   end_str);
+		if (!el->name) {
+			ldb_oom(ldb);
+			return ldb_module_done(ac->req, NULL, NULL,
+						LDB_ERR_OPERATIONS_ERROR);
+		}
+	}
+
+	talloc_free(temp_ctx);
+
+	return ldb_module_send_entry(ac->req, ares->message, ares->controls);
+}
+
+/* search */
+static int rr_search(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	unsigned int i;
+	unsigned int start, end;
+	const char **new_attrs = NULL;
+	bool found_rr = false;
+	struct ldb_request *down_req;
+	struct rr_context *ac;
+	int ret;
+
+	ldb = ldb_module_get_ctx(module);
+
+	/* Strip the range request from the attribute */
+	for (i = 0; req->op.search.attrs && req->op.search.attrs[i]; i++) {
+		char *p;
+		size_t range_len = strlen(";range=");
+
+		new_attrs = talloc_realloc(req, new_attrs, const char *, i+2);
+		new_attrs[i] = req->op.search.attrs[i];
+		new_attrs[i+1] = NULL;
+		p = strchr(new_attrs[i], ';');
+		if (!p) {
+			continue;
+		}
+		if (strncasecmp(p, ";range=", range_len) != 0) {
+			continue;
+		}
+		end = (unsigned int)-1;
+		if (sscanf(p + range_len, "%u-*", &start) != 1) {
+			if (sscanf(p + range_len, "%u-%u", &start, &end) != 2) {
+				ldb_asprintf_errstring(ldb,
+					"range request error: "
+					"range request malformed");
+				return LDB_ERR_UNWILLING_TO_PERFORM;
+			}
+		}
+		if (start > end) {
+			ldb_asprintf_errstring(ldb, "range request error: start must not be greater than end");
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+
+		found_rr = true;
+		new_attrs[i] = talloc_strndup(new_attrs, new_attrs[i],
+					      (size_t)(p - new_attrs[i]));
+
+		if (!new_attrs[i]) {
+			return ldb_oom(ldb);
+		}
+	}
+
+	if (found_rr) {
+		ac = rr_init_context(module, req);
+		if (!ac) {
+			return ldb_operr(ldb);
+		}
+
+		ret = ldb_build_search_req_ex(&down_req, ldb, ac,
+					      req->op.search.base,
+					      req->op.search.scope,
+					      req->op.search.tree,
+					      new_attrs,
+					      req->controls,
+					      ac, rr_search_callback,
+					      req);
+		LDB_REQ_SET_LOCATION(down_req);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+		return ldb_next_request(module, down_req);
+	}
+
+	/* No change, just run the original request as if we were never here */
+	talloc_free(new_attrs);
+	return ldb_next_request(module, req);
+}
+
+static const struct ldb_module_ops ldb_ranged_results_module_ops = {
+	.name		   = "ranged_results",
+	.search            = rr_search,
+};
+
+int ldb_ranged_results_module_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_ranged_results_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
new file mode 100644
index 0000000..7aec006
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -0,0 +1,8764 @@
+/*
+   ldb database library
+
+   Copyright (C) Simo Sorce  2004-2008
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2013
+   Copyright (C) Andrew Tridgell 2005-2009
+   Copyright (C) Stefan Metzmacher <metze@samba.org> 2007
+   Copyright (C) Matthieu Patou <mat@samba.org> 2010-2011
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: ldb
+ *
+ *  Component: ldb repl_meta_data module
+ *
+ *  Description: - add a unique objectGUID onto every new record,
+ *               - handle whenCreated, whenChanged timestamps
+ *               - handle uSNCreated, uSNChanged numbers
+ *               - handle replPropertyMetaData attribute
+ *
+ *  Author: Simo Sorce
+ *  Author: Stefan Metzmacher
+ */
+
+#include "includes.h"
+#include "ldb_module.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/proto.h"
+#include "dsdb/common/util.h"
+#include "../libds/common/flags.h"
+#include "librpc/gen_ndr/irpc.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "param/param.h"
+#include "libcli/security/security.h"
+#include "lib/util/dlinklist.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+#include "lib/util/tsort.h"
+#include "lib/util/binsearch.h"
+
+#undef strcasecmp
+
+#undef DBGC_CLASS
+#define DBGC_CLASS            DBGC_DRS_REPL
+
+/* the RMD_VERSION for linked attributes starts from 1 */
+#define RMD_VERSION_INITIAL   1
+
+/*
+ * It's 29/12/9999 at 23:59:59 UTC as specified in MS-ADTS 7.1.1.4.2
+ * Deleted Objects Container
+ */
+static const NTTIME DELETED_OBJECT_CONTAINER_CHANGE_TIME = 2650466015990000000ULL;
+
+struct replmd_private {
+	TALLOC_CTX *la_ctx;
+	struct la_group *la_list;
+	struct nc_entry {
+		struct nc_entry *prev, *next;
+		struct ldb_dn *dn;
+		uint64_t mod_usn;
+		uint64_t mod_usn_urgent;
+	} *ncs;
+	struct ldb_dn *schema_dn;
+	bool originating_updates;
+	bool sorted_links;
+	uint32_t total_links;
+	uint32_t num_processed;
+	bool recyclebin_enabled;
+	bool recyclebin_state_known;
+};
+
+/*
+ * groups link attributes together by source-object and attribute-ID,
+ * to improve processing efficiency (i.e. for 'member' attribute, which
+ * could have 100s or 1000s of links).
+ * Note this grouping is best effort - the same source object could still
+ * correspond to several la_groups (a lot depends on the order DRS sends
+ * the links in). The groups currently don't span replication chunks (which
+ * caps the size to ~1500 links by default).
+ */
+struct la_group {
+	struct la_group *next, *prev;
+	struct la_entry *la_entries;
+};
+
+struct la_entry {
+	struct la_entry *next, *prev;
+	struct drsuapi_DsReplicaLinkedAttribute *la;
+	uint32_t dsdb_repl_flags;
+};
+
+struct replmd_replicated_request {
+	struct ldb_module *module;
+	struct ldb_request *req;
+
+	const struct dsdb_schema *schema;
+	struct GUID our_invocation_id;
+
+	/* the controls we pass down */
+	struct ldb_control **controls;
+
+	/*
+	 * Backlinks for the replmd_add() case (we want to create
+	 * backlinks after creating the user, but before the end of
+	 * the ADD request) 
+	 */
+	struct la_backlink *la_backlinks;
+
+	/* details for the mode where we apply a bunch of inbound replication meessages */
+	bool apply_mode;
+	uint32_t index_current;
+	struct dsdb_extended_replicated_objects *objs;
+
+	struct ldb_message *search_msg;
+	struct GUID local_parent_guid;
+
+	uint64_t seq_num;
+	bool is_urgent;
+
+	bool isDeleted;
+
+	bool fix_link_sid;
+};
+
+/*
+ * the result of replmd_process_linked_attribute(): either there was no change
+ * (update was ignored), a new link was added (either inactive or active), or
+ * an existing link was modified (active/inactive status may have changed).
+ */
+typedef enum {
+	LINK_CHANGE_NONE,
+	LINK_CHANGE_ADDED,
+	LINK_CHANGE_MODIFIED,
+} replmd_link_changed;
+
+static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar);
+static int replmd_delete_internals(struct ldb_module *module, struct ldb_request *req, bool re_delete);
+static int replmd_check_upgrade_links(struct ldb_context *ldb,
+				      struct parsed_dn *dns, uint32_t count,
+				      struct ldb_message_element *el,
+				      const char *ldap_oid);
+static int replmd_verify_link_target(struct replmd_replicated_request *ar,
+				     TALLOC_CTX *mem_ctx,
+				     struct la_entry *la_entry,
+				     struct ldb_dn *src_dn,
+				     const struct dsdb_attribute *attr);
+static int replmd_get_la_entry_source(struct ldb_module *module,
+				      struct la_entry *la_entry,
+				      TALLOC_CTX *mem_ctx,
+				      const struct dsdb_attribute **ret_attr,
+				      struct ldb_message **source_msg);
+static int replmd_set_la_val(TALLOC_CTX *mem_ctx, struct ldb_val *v, struct dsdb_dn *dsdb_dn,
+			     struct dsdb_dn *old_dsdb_dn, const struct GUID *invocation_id,
+			     uint64_t usn, uint64_t local_usn, NTTIME nttime,
+			     uint32_t version, bool deleted);
+
+static int replmd_make_deleted_child_dn(TALLOC_CTX *tmp_ctx,
+					struct ldb_context *ldb,
+					struct ldb_dn *dn,
+					const char *rdn_name,
+					const struct ldb_val *rdn_value,
+					struct GUID guid);
+
+enum urgent_situation {
+	REPL_URGENT_ON_CREATE = 1,
+	REPL_URGENT_ON_UPDATE = 2,
+	REPL_URGENT_ON_DELETE = 4
+};
+
+enum deletion_state {
+	OBJECT_NOT_DELETED=1,
+	OBJECT_DELETED=2,
+	OBJECT_RECYCLED=3,
+	OBJECT_TOMBSTONE=4,
+	OBJECT_REMOVED=5
+};
+
+static bool replmd_recyclebin_enabled(struct ldb_module *module)
+{
+	bool enabled = false;
+	struct replmd_private *replmd_private =
+		talloc_get_type_abort(ldb_module_get_private(module),
+				      struct replmd_private);
+
+	/*
+	 * only lookup the recycle-bin state once per replication, then cache
+	 * the result. This can save us 1000s of DB searches
+	 */
+	if (!replmd_private->recyclebin_state_known) {
+		int ret = dsdb_recyclebin_enabled(module, &enabled);
+		if (ret != LDB_SUCCESS) {
+			return false;
+		}
+
+		replmd_private->recyclebin_enabled = enabled;
+		replmd_private->recyclebin_state_known = true;
+	}
+
+	return replmd_private->recyclebin_enabled;
+}
+
+static void replmd_deletion_state(struct ldb_module *module,
+				  const struct ldb_message *msg,
+				  enum deletion_state *current_state,
+				  enum deletion_state *next_state)
+{
+	bool enabled = false;
+
+	if (msg == NULL) {
+		*current_state = OBJECT_REMOVED;
+		if (next_state != NULL) {
+			*next_state = OBJECT_REMOVED;
+		}
+		return;
+	}
+
+	enabled = replmd_recyclebin_enabled(module);
+
+	if (ldb_msg_check_string_attribute(msg, "isDeleted", "TRUE")) {
+		if (!enabled) {
+			*current_state = OBJECT_TOMBSTONE;
+			if (next_state != NULL) {
+				*next_state = OBJECT_REMOVED;
+			}
+			return;
+		}
+
+		if (ldb_msg_check_string_attribute(msg, "isRecycled", "TRUE")) {
+			*current_state = OBJECT_RECYCLED;
+			if (next_state != NULL) {
+				*next_state = OBJECT_REMOVED;
+			}
+			return;
+		}
+
+		*current_state = OBJECT_DELETED;
+		if (next_state != NULL) {
+			*next_state = OBJECT_RECYCLED;
+		}
+		return;
+	}
+
+	*current_state = OBJECT_NOT_DELETED;
+	if (next_state == NULL) {
+		return;
+	}
+
+	if (enabled) {
+		*next_state = OBJECT_DELETED;
+	} else {
+		*next_state = OBJECT_TOMBSTONE;
+	}
+}
+
+static const struct {
+	const char *update_name;
+	enum urgent_situation repl_situation;
+} urgent_objects[] = {
+		{"nTDSDSA", (REPL_URGENT_ON_CREATE | REPL_URGENT_ON_DELETE)},
+		{"crossRef", (REPL_URGENT_ON_CREATE | REPL_URGENT_ON_DELETE)},
+		{"attributeSchema", (REPL_URGENT_ON_CREATE | REPL_URGENT_ON_UPDATE)},
+		{"classSchema", (REPL_URGENT_ON_CREATE | REPL_URGENT_ON_UPDATE)},
+		{"secret", (REPL_URGENT_ON_CREATE | REPL_URGENT_ON_UPDATE)},
+		{"rIDManager", (REPL_URGENT_ON_CREATE | REPL_URGENT_ON_UPDATE)},
+		{NULL, 0}
+};
+
+/* Attributes looked for when updating or deleting, to check for a urgent replication needed */
+static const char *urgent_attrs[] = {
+		"lockoutTime",
+		"pwdLastSet",
+		"userAccountControl",
+		NULL
+};
+
+
+static bool replmd_check_urgent_objectclass(const struct ldb_message_element *objectclass_el,
+					enum urgent_situation situation)
+{
+	unsigned int i, j;
+	for (i=0; urgent_objects[i].update_name; i++) {
+
+		if ((situation & urgent_objects[i].repl_situation) == 0) {
+			continue;
+		}
+
+		for (j=0; j<objectclass_el->num_values; j++) {
+			const struct ldb_val *v = &objectclass_el->values[j];
+			if (ldb_attr_cmp((const char *)v->data, urgent_objects[i].update_name) == 0) {
+				return true;
+			}
+		}
+	}
+	return false;
+}
+
+static bool replmd_check_urgent_attribute(const struct ldb_message_element *el)
+{
+	if (ldb_attr_in_list(urgent_attrs, el->name)) {
+		return true;
+	}
+	return false;
+}
+
+static int replmd_replicated_apply_isDeleted(struct replmd_replicated_request *ar);
+
+/*
+  initialise the module
+  allocate the private structure and build the list
+  of partition DNs for use by replmd_notify()
+ */
+static int replmd_init(struct ldb_module *module)
+{
+	struct replmd_private *replmd_private;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	int ret;
+
+	replmd_private = talloc_zero(module, struct replmd_private);
+	if (replmd_private == NULL) {
+		ldb_oom(ldb);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	ret = dsdb_check_samba_compatible_feature(module,
+						  SAMBA_SORTED_LINKS_FEATURE,
+						  &replmd_private->sorted_links);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(replmd_private);
+		return ret;
+	}
+
+	replmd_private->schema_dn = ldb_get_schema_basedn(ldb);
+	ldb_module_set_private(module, replmd_private);
+	return ldb_next_init(module);
+}
+
+/*
+  cleanup our per-transaction contexts
+ */
+static void replmd_txn_cleanup(struct replmd_private *replmd_private)
+{
+	talloc_free(replmd_private->la_ctx);
+	replmd_private->la_list = NULL;
+	replmd_private->la_ctx = NULL;
+	replmd_private->recyclebin_state_known = false;
+}
+
+
+struct la_backlink {
+	struct la_backlink *next, *prev;
+	const char *attr_name;
+	struct ldb_dn *forward_dn;
+	struct GUID target_guid;
+	bool active;
+	bool bl_maybe_invisible;
+	bool bl_invisible;
+};
+
+/*
+  a ldb_modify request operating on modules below the
+  current module
+ */
+static int linked_attr_modify(struct ldb_module *module,
+			      const struct ldb_message *message,
+			      struct ldb_request *parent)
+{
+	struct ldb_request *mod_req;
+	int ret;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	TALLOC_CTX *tmp_ctx = talloc_new(module);
+	struct ldb_result *res;
+
+	res = talloc_zero(tmp_ctx, struct ldb_result);
+	if (!res) {
+		talloc_free(tmp_ctx);
+		return ldb_oom(ldb_module_get_ctx(module));
+	}
+
+	ret = ldb_build_mod_req(&mod_req, ldb, tmp_ctx,
+				message,
+				NULL,
+				res,
+				ldb_modify_default_callback,
+				parent);
+	LDB_REQ_SET_LOCATION(mod_req);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	ret = ldb_request_add_control(mod_req, DSDB_CONTROL_REPLICATED_UPDATE_OID,
+				      false, NULL);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/* Run the new request */
+	ret = ldb_next_request(module, mod_req);
+
+	if (ret == LDB_SUCCESS) {
+		ret = ldb_wait(mod_req->handle, LDB_WAIT_ALL);
+	}
+
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+static int replmd_backlink_invisible(struct ldb_module *module,
+				     struct ldb_message *msg,
+				     struct la_backlink *bl)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	const struct dsdb_schema *schema = NULL;
+	TALLOC_CTX *frame = NULL;
+	struct ldb_message_element *oc_element = NULL;
+	const char **allowed_attrs = NULL;
+	bool bl_allowed;
+
+	if (!bl->active || !bl->bl_maybe_invisible || bl->bl_invisible) {
+		return LDB_SUCCESS;
+	}
+
+	schema = dsdb_get_schema(ldb, NULL);
+	if (schema == NULL) {
+		return ldb_module_operr(module);
+	}
+
+	oc_element = ldb_msg_find_element(msg, "objectClass");
+	if (oc_element == NULL) {
+		return ldb_module_operr(module);
+	}
+
+	frame = talloc_stackframe();
+
+	allowed_attrs = dsdb_full_attribute_list(frame,
+						 schema,
+						 oc_element,
+						 DSDB_SCHEMA_ALL);
+	if (allowed_attrs == NULL) {
+		TALLOC_FREE(frame);
+		return ldb_module_oom(module);
+	}
+
+	bl_allowed = str_list_check(allowed_attrs, bl->attr_name);
+	if (!bl_allowed) {
+		bl->bl_maybe_invisible = false;
+		bl->bl_invisible = true;
+	}
+
+	TALLOC_FREE(frame);
+	return LDB_SUCCESS;
+}
+
+/*
+  process a backlinks we accumulated during a transaction, adding and
+  deleting the backlinks from the target objects
+ */
+static int replmd_process_backlink(struct ldb_module *module, struct la_backlink *bl, struct ldb_request *parent)
+{
+	struct ldb_dn *target_dn, *source_dn;
+	struct ldb_message *old_msg = NULL;
+	const char * const empty_attrs[] = { NULL };
+	const char * const oc_attrs[] = { "objectClass", NULL };
+	const char * const *attrs = NULL;
+	uint32_t rmd_flags = 0;
+	int ret;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct ldb_message *msg;
+	TALLOC_CTX *frame = talloc_stackframe();
+	char *dn_string;
+
+	if (bl->active && bl->bl_maybe_invisible) {
+		attrs = oc_attrs;
+	} else {
+		attrs = empty_attrs;
+	}
+
+	/*
+	  - find DN of target
+	  - find DN of source
+	  - construct ldb_message
+              - either an add or a delete
+	 */
+	ret = dsdb_module_obj_by_guid(module,
+				      frame,
+				      &old_msg,
+				      &bl->target_guid,
+				      attrs,
+				      parent);
+	if (ret != LDB_SUCCESS) {
+		struct GUID_txt_buf guid_str;
+		DBG_WARNING("Failed to find target DN for linked attribute with GUID %s\n",
+			    GUID_buf_string(&bl->target_guid, &guid_str));
+		DBG_WARNING("Please run 'samba-tool dbcheck' to resolve any missing backlinks.\n");
+		talloc_free(frame);
+		return LDB_SUCCESS;
+	}
+	target_dn = old_msg->dn;
+
+	ret = replmd_backlink_invisible(module, old_msg, bl);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(frame);
+		return ret;
+	}
+
+	if (bl->active && bl->bl_invisible) {
+		rmd_flags |= DSDB_RMD_FLAG_HIDDEN_BL;
+	}
+
+	msg = ldb_msg_new(frame);
+	if (msg == NULL) {
+		ldb_module_oom(module);
+		talloc_free(frame);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	source_dn = ldb_dn_copy(frame, bl->forward_dn);
+	if (!source_dn) {
+		ldb_module_oom(module);
+		talloc_free(frame);
+		return LDB_ERR_OPERATIONS_ERROR;
+	} else {
+		/* Filter down to the attributes we want in the backlink */
+		const char *accept[] = { "GUID", "SID", NULL };
+		ldb_dn_extended_filter(source_dn, accept);
+	}
+
+	if (rmd_flags != 0) {
+		const char *flags_string = NULL;
+		struct ldb_val flagsv;
+
+		flags_string = talloc_asprintf(frame, "%u", rmd_flags);
+		if (flags_string == NULL) {
+			talloc_free(frame);
+			return ldb_module_oom(module);
+		}
+
+		flagsv = data_blob_string_const(flags_string);
+
+		ret = ldb_dn_set_extended_component(source_dn, "RMD_FLAGS", &flagsv);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(frame);
+			return ret;
+		}
+	}
+
+	/* construct a ldb_message for adding/deleting the backlink */
+	msg->dn = target_dn;
+	dn_string = ldb_dn_get_extended_linearized(frame, source_dn, 1);
+	if (!dn_string) {
+		ldb_module_oom(module);
+		talloc_free(frame);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	ret = ldb_msg_add_steal_string(msg, bl->attr_name, dn_string);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(frame);
+		return ret;
+	}
+	msg->elements[0].flags = bl->active?LDB_FLAG_MOD_ADD:LDB_FLAG_MOD_DELETE;
+
+	/* a backlink should never be single valued. Unfortunately the
+	   exchange schema has a attribute
+	   msExchBridgeheadedLocalConnectorsDNBL which is single
+	   valued and a backlink. We need to cope with that by
+	   ignoring the single value flag */
+	msg->elements[0].flags |= LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK;
+
+	ret = dsdb_module_modify(module, msg, DSDB_FLAG_NEXT_MODULE, parent);
+	if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE && !bl->active) {
+		/* we allow LDB_ERR_NO_SUCH_ATTRIBUTE as success to
+		   cope with possible corruption where the backlink has
+		   already been removed */
+		DEBUG(3,("WARNING: backlink from %s already removed from %s - %s\n",
+			 ldb_dn_get_linearized(target_dn),
+			 ldb_dn_get_linearized(source_dn),
+			 ldb_errstring(ldb)));
+		ret = LDB_SUCCESS;
+	} else if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb, "Failed to %s backlink from %s to %s - %s",
+				       bl->active?"add":"remove",
+				       ldb_dn_get_linearized(source_dn),
+				       ldb_dn_get_linearized(target_dn),
+				       ldb_errstring(ldb));
+		talloc_free(frame);
+		return ret;
+	}
+	talloc_free(frame);
+	return ret;
+}
+
+/*
+  add a backlink to the list of backlinks to add/delete in the prepare
+  commit
+
+  forward_dn is stolen onto the defereed context
+ */
+static int replmd_defer_add_backlink(struct ldb_module *module,
+				     struct replmd_private *replmd_private,
+				     const struct dsdb_schema *schema,
+				     struct replmd_replicated_request *ac,
+				     struct ldb_dn *forward_dn,
+				     struct GUID *target_guid, bool active,
+				     const struct dsdb_attribute *schema_attr,
+				     struct ldb_request *parent)
+{
+	const struct dsdb_attribute *target_attr;
+	struct la_backlink *bl;
+	
+	bl = talloc(ac, struct la_backlink);
+	if (bl == NULL) {
+		ldb_module_oom(module);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	target_attr = dsdb_attribute_by_linkID(schema, schema_attr->linkID ^ 1);
+	if (!target_attr) {
+		/*
+		 * windows 2003 has a broken schema where the
+		 * definition of msDS-IsDomainFor is missing (which is
+		 * supposed to be the backlink of the
+		 * msDS-HasDomainNCs attribute
+		 */
+		return LDB_SUCCESS;
+	}
+
+	bl->attr_name = target_attr->lDAPDisplayName;
+	bl->forward_dn = talloc_steal(bl, forward_dn);
+	bl->target_guid = *target_guid;
+	bl->active = active;
+	bl->bl_maybe_invisible = target_attr->bl_maybe_invisible;
+	bl->bl_invisible = false;
+
+	DLIST_ADD(ac->la_backlinks, bl);
+
+	return LDB_SUCCESS;
+}
+
+/*
+  add a backlink to the list of backlinks to add/delete in the prepare
+  commit
+ */
+static int replmd_add_backlink(struct ldb_module *module,
+			       struct replmd_private *replmd_private,
+			       const struct dsdb_schema *schema,
+			       struct ldb_dn *forward_dn,
+			       struct GUID *target_guid, bool active,
+			       const struct dsdb_attribute *schema_attr,
+			       struct ldb_request *parent)
+{
+	const struct dsdb_attribute *target_attr;
+	struct la_backlink bl;
+	int ret;
+	
+	target_attr = dsdb_attribute_by_linkID(schema, schema_attr->linkID ^ 1);
+	if (!target_attr) {
+		/*
+		 * windows 2003 has a broken schema where the
+		 * definition of msDS-IsDomainFor is missing (which is
+		 * supposed to be the backlink of the
+		 * msDS-HasDomainNCs attribute
+		 */
+		return LDB_SUCCESS;
+	}
+
+	bl.attr_name = target_attr->lDAPDisplayName;
+	bl.forward_dn = forward_dn;
+	bl.target_guid = *target_guid;
+	bl.active = active;
+	bl.bl_maybe_invisible = target_attr->bl_maybe_invisible;
+	bl.bl_invisible = false;
+
+	ret = replmd_process_backlink(module, &bl, parent);
+	return ret;
+}
+
+
+/*
+ * Callback for most write operations in this module:
+ *
+ * notify the repl task that a object has changed. The notifies are
+ * gathered up in the replmd_private structure then written to the
+ * @REPLCHANGED object in each partition during the prepare_commit
+ */
+static int replmd_op_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	int ret;
+	struct replmd_replicated_request *ac =
+		talloc_get_type_abort(req->context, struct replmd_replicated_request);
+	struct replmd_private *replmd_private =
+		talloc_get_type_abort(ldb_module_get_private(ac->module), struct replmd_private);
+	struct nc_entry *modified_partition;
+	struct ldb_control *partition_ctrl;
+	const struct dsdb_control_current_partition *partition;
+
+	struct ldb_control **controls;
+
+	partition_ctrl = ldb_reply_get_control(ares, DSDB_CONTROL_CURRENT_PARTITION_OID);
+
+	controls = ares->controls;
+	if (ldb_request_get_control(ac->req,
+				    DSDB_CONTROL_CURRENT_PARTITION_OID) == NULL) {
+		/*
+		 * Remove the current partition control from what we pass up
+		 * the chain if it hasn't been requested manually.
+		 */
+		controls = ldb_controls_except_specified(ares->controls, ares,
+							 partition_ctrl);
+	}
+
+	if (ares->error != LDB_SUCCESS) {
+		struct GUID_txt_buf guid_txt;
+		struct ldb_message *msg = NULL;
+		char *s = NULL;
+
+		if (ac->apply_mode == false) {
+			DBG_NOTICE("Originating update failure. Error is: %s\n",
+				   ldb_strerror(ares->error));
+			return ldb_module_done(ac->req, controls,
+					       ares->response, ares->error);
+		}
+
+		msg = ac->objs->objects[ac->index_current].msg;
+		/*
+		 * Set at DBG_NOTICE as once these start to happe, they
+		 * will happen a lot until resolved, due to repeated
+		 * replication.  The caller will probably print the
+		 * ldb error string anyway.
+		 */
+		DBG_NOTICE("DRS replication apply failure for %s. Error is: %s\n",
+			   ldb_dn_get_linearized(msg->dn),
+			   ldb_strerror(ares->error));
+
+		s = ldb_ldif_message_redacted_string(ldb_module_get_ctx(ac->module),
+						     ac,
+						     LDB_CHANGETYPE_ADD,
+						     msg);
+
+		DBG_INFO("Failing DRS %s replication message was %s:\n%s\n",
+			 ac->search_msg == NULL ? "ADD" : "MODIFY",
+			 GUID_buf_string(&ac->objs->objects[ac->index_current].object_guid,
+					 &guid_txt),
+			 s);
+		talloc_free(s);
+		return ldb_module_done(ac->req, controls,
+				       ares->response, ares->error);
+	}
+
+	if (ares->type != LDB_REPLY_DONE) {
+		ldb_set_errstring(ldb_module_get_ctx(ac->module), "Invalid reply type for notify\n!");
+		return ldb_module_done(ac->req, NULL,
+				       NULL, LDB_ERR_OPERATIONS_ERROR);
+	}
+
+	if (ac->apply_mode == false) {
+		struct la_backlink *bl;
+		/*
+		 * process our backlink list after an replmd_add(),
+		 * creating and deleting backlinks as necessary (this
+		 * code is sync).  The other cases are handled inline
+		 * with the modify.
+		 */
+		for (bl=ac->la_backlinks; bl; bl=bl->next) {
+			ret = replmd_process_backlink(ac->module, bl, ac->req);
+			if (ret != LDB_SUCCESS) {
+				return ldb_module_done(ac->req, NULL,
+						       NULL, ret);
+			}
+		}
+	}
+	
+	if (!partition_ctrl) {
+		ldb_set_errstring(ldb_module_get_ctx(ac->module),"No partition control on reply");
+		return ldb_module_done(ac->req, NULL,
+				       NULL, LDB_ERR_OPERATIONS_ERROR);
+	}
+
+	partition = talloc_get_type_abort(partition_ctrl->data,
+				    struct dsdb_control_current_partition);
+
+	if (ac->seq_num > 0) {
+		for (modified_partition = replmd_private->ncs; modified_partition;
+		     modified_partition = modified_partition->next) {
+			if (ldb_dn_compare(modified_partition->dn, partition->dn) == 0) {
+				break;
+			}
+		}
+
+		if (modified_partition == NULL) {
+			modified_partition = talloc_zero(replmd_private, struct nc_entry);
+			if (!modified_partition) {
+				ldb_oom(ldb_module_get_ctx(ac->module));
+				return ldb_module_done(ac->req, NULL,
+						       NULL, LDB_ERR_OPERATIONS_ERROR);
+			}
+			modified_partition->dn = ldb_dn_copy(modified_partition, partition->dn);
+			if (!modified_partition->dn) {
+				ldb_oom(ldb_module_get_ctx(ac->module));
+				return ldb_module_done(ac->req, NULL,
+						       NULL, LDB_ERR_OPERATIONS_ERROR);
+			}
+			DLIST_ADD(replmd_private->ncs, modified_partition);
+		}
+
+		if (ac->seq_num > modified_partition->mod_usn) {
+			modified_partition->mod_usn = ac->seq_num;
+			if (ac->is_urgent) {
+				modified_partition->mod_usn_urgent = ac->seq_num;
+			}
+		}
+		if (!ac->apply_mode) {
+			replmd_private->originating_updates = true;
+		}
+	}
+
+	if (ac->apply_mode) {
+		ret = replmd_replicated_apply_isDeleted(ac);
+		if (ret != LDB_SUCCESS) {
+			return ldb_module_done(ac->req, NULL, NULL, ret);
+		}
+		return ret;
+	} else {
+		/* free the partition control container here, for the
+		 * common path.  Other cases will have it cleaned up
+		 * eventually with the ares */
+		talloc_free(partition_ctrl);
+		return ldb_module_done(ac->req, controls,
+				       ares->response, LDB_SUCCESS);
+	}
+}
+
+
+/*
+ * update a @REPLCHANGED record in each partition if there have been
+ * any writes of replicated data in the partition
+ */
+static int replmd_notify_store(struct ldb_module *module, struct ldb_request *parent)
+{
+	struct replmd_private *replmd_private =
+		talloc_get_type(ldb_module_get_private(module), struct replmd_private);
+
+	while (replmd_private->ncs) {
+		int ret;
+		struct nc_entry *modified_partition = replmd_private->ncs;
+
+		ret = dsdb_module_save_partition_usn(module, modified_partition->dn,
+						     modified_partition->mod_usn,
+						     modified_partition->mod_usn_urgent, parent);
+		if (ret != LDB_SUCCESS) {
+			DEBUG(0,(__location__ ": Failed to save partition uSN for %s\n",
+				 ldb_dn_get_linearized(modified_partition->dn)));
+			return ret;
+		}
+
+		if (ldb_dn_compare(modified_partition->dn,
+				   replmd_private->schema_dn) == 0) {
+			struct ldb_result *ext_res;
+			ret = dsdb_module_extended(module,
+						   replmd_private->schema_dn,
+						   &ext_res,
+						   DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID,
+						   ext_res,
+						   DSDB_FLAG_NEXT_MODULE,
+						   parent);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+			talloc_free(ext_res);
+		}
+
+		DLIST_REMOVE(replmd_private->ncs, modified_partition);
+		talloc_free(modified_partition);
+	}
+
+	return LDB_SUCCESS;
+}
+
+
+/*
+  created a replmd_replicated_request context
+ */
+static struct replmd_replicated_request *replmd_ctx_init(struct ldb_module *module,
+							 struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct replmd_replicated_request *ac;
+	const struct GUID *our_invocation_id;
+
+	ldb = ldb_module_get_ctx(module);
+
+	ac = talloc_zero(req, struct replmd_replicated_request);
+	if (ac == NULL) {
+		ldb_oom(ldb);
+		return NULL;
+	}
+
+	ac->module = module;
+	ac->req	= req;
+
+	ac->schema = dsdb_get_schema(ldb, ac);
+	if (!ac->schema) {
+		ldb_debug_set(ldb, LDB_DEBUG_FATAL,
+			      "replmd_modify: no dsdb_schema loaded");
+		DEBUG(0,(__location__ ": %s\n", ldb_errstring(ldb)));
+		talloc_free(ac);
+		return NULL;
+	}
+
+	/* get our invocationId */
+	our_invocation_id = samdb_ntds_invocation_id(ldb);
+	if (!our_invocation_id) {
+		ldb_debug_set(ldb, LDB_DEBUG_FATAL,
+			      "replmd_add: unable to find invocationId\n");
+		talloc_free(ac);
+		return NULL;
+	}
+	ac->our_invocation_id = *our_invocation_id;
+
+	return ac;
+}
+
+/*
+  add a time element to a record
+*/
+static int add_time_element(struct ldb_message *msg, const char *attr, time_t t)
+{
+	struct ldb_message_element *el;
+	char *s;
+	int ret;
+
+	if (ldb_msg_find_element(msg, attr) != NULL) {
+		return LDB_SUCCESS;
+	}
+
+	s = ldb_timestring(msg, t);
+	if (s == NULL) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	ret = ldb_msg_add_string(msg, attr, s);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	el = ldb_msg_find_element(msg, attr);
+	/* always set as replace. This works because on add ops, the flag
+	   is ignored */
+	el->flags = LDB_FLAG_MOD_REPLACE;
+
+	return LDB_SUCCESS;
+}
+
+/*
+  add a uint64_t element to a record
+*/
+static int add_uint64_element(struct ldb_context *ldb, struct ldb_message *msg,
+			      const char *attr, uint64_t v)
+{
+	struct ldb_message_element *el;
+	int ret;
+
+	if (ldb_msg_find_element(msg, attr) != NULL) {
+		return LDB_SUCCESS;
+	}
+
+	ret = samdb_msg_add_uint64(ldb, msg, msg, attr, v);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	el = ldb_msg_find_element(msg, attr);
+	/* always set as replace. This works because on add ops, the flag
+	   is ignored */
+	el->flags = LDB_FLAG_MOD_REPLACE;
+
+	return LDB_SUCCESS;
+}
+
+static int replmd_replPropertyMetaData1_attid_sort(const struct replPropertyMetaData1 *m1,
+						   const struct replPropertyMetaData1 *m2)
+{
+	/*
+	 * This assignment seems inoccous, but it is critical for the
+	 * system, as we need to do the comparisons as a unsigned
+	 * quantity, not signed (enums are signed integers)
+	 */
+	uint32_t attid_1 = m1->attid;
+	uint32_t attid_2 = m2->attid;
+
+	if (attid_1 == attid_2) {
+		return 0;
+	}
+
+	/*
+	 * See above regarding this being an unsigned comparison.
+	 * Otherwise when the high bit is set on non-standard
+	 * attributes, they would end up first, before objectClass
+	 * (0).
+	 */
+	return attid_1 > attid_2 ? 1 : -1;
+}
+
+static int replmd_replPropertyMetaDataCtr1_verify(struct ldb_context *ldb,
+						  struct replPropertyMetaDataCtr1 *ctr1,
+						  struct ldb_dn *dn)
+{
+	if (ctr1->count == 0) {
+		ldb_debug_set(ldb, LDB_DEBUG_FATAL,
+			      "No elements found in replPropertyMetaData for %s!\n",
+			      ldb_dn_get_linearized(dn));
+		return LDB_ERR_CONSTRAINT_VIOLATION;
+	}
+
+	/* the objectClass attribute is value 0x00000000, so must be first */
+	if (ctr1->array[0].attid != DRSUAPI_ATTID_objectClass) {
+		ldb_debug_set(ldb, LDB_DEBUG_FATAL,
+			      "No objectClass found in replPropertyMetaData for %s!\n",
+			      ldb_dn_get_linearized(dn));
+		return LDB_ERR_OBJECT_CLASS_VIOLATION;
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int replmd_replPropertyMetaDataCtr1_sort_and_verify(struct ldb_context *ldb,
+							   struct replPropertyMetaDataCtr1 *ctr1,
+							   struct ldb_dn *dn)
+{
+	/* Note this is O(n^2) for the almost-sorted case, which this is */
+	TYPESAFE_QSORT(ctr1->array, ctr1->count,
+		       replmd_replPropertyMetaData1_attid_sort);
+	return replmd_replPropertyMetaDataCtr1_verify(ldb, ctr1, dn);
+}
+
+static int replmd_ldb_message_element_attid_sort(const struct ldb_message_element *e1,
+						 const struct ldb_message_element *e2,
+						 const struct dsdb_schema *schema)
+{
+	const struct dsdb_attribute *a1;
+	const struct dsdb_attribute *a2;
+
+	/*
+	 * TODO: make this faster by caching the dsdb_attribute pointer
+	 *       on the ldb_messag_element
+	 */
+
+	a1 = dsdb_attribute_by_lDAPDisplayName(schema, e1->name);
+	a2 = dsdb_attribute_by_lDAPDisplayName(schema, e2->name);
+
+	/*
+	 * TODO: remove this check, we should rely on e1 and e2 having valid attribute names
+	 *       in the schema
+	 */
+	if (!a1 || !a2) {
+		return strcasecmp(e1->name, e2->name);
+	}
+	if (a1->attributeID_id == a2->attributeID_id) {
+		return 0;
+	}
+	return a1->attributeID_id > a2->attributeID_id ? 1 : -1;
+}
+
+static void replmd_ldb_message_sort(struct ldb_message *msg,
+				    const struct dsdb_schema *schema)
+{
+	LDB_TYPESAFE_QSORT(msg->elements, msg->num_elements, schema, replmd_ldb_message_element_attid_sort);
+}
+
+static int replmd_build_la_val(TALLOC_CTX *mem_ctx, struct ldb_val *v, struct dsdb_dn *dsdb_dn,
+			       const struct GUID *invocation_id,
+			       uint64_t local_usn, NTTIME nttime);
+
+static int parsed_dn_compare(struct parsed_dn *pdn1, struct parsed_dn *pdn2);
+
+static int get_parsed_dns(struct ldb_module *module, TALLOC_CTX *mem_ctx,
+			  struct ldb_message_element *el, struct parsed_dn **pdn,
+			  const char *ldap_oid, struct ldb_request *parent);
+
+static int check_parsed_dn_duplicates(struct ldb_module *module,
+				      struct ldb_message_element *el,
+				      struct parsed_dn *pdn);
+
+/*
+  fix up linked attributes in replmd_add.
+  This involves setting up the right meta-data in extended DN
+  components, and creating backlinks to the object
+ */
+static int replmd_add_fix_la(struct ldb_module *module, TALLOC_CTX *mem_ctx,
+			     struct replmd_private *replmd_private,
+			     struct ldb_message_element *el,
+			     struct replmd_replicated_request *ac,
+			     NTTIME now,
+			     struct ldb_dn *forward_dn,
+			     const struct dsdb_attribute *sa,
+			     struct ldb_request *parent)
+{
+	unsigned int i;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct parsed_dn *pdn;
+	/* We will take a reference to the schema in replmd_add_backlink */
+	const struct dsdb_schema *schema = dsdb_get_schema(ldb, NULL);
+	struct ldb_val *new_values = NULL;
+	int ret;
+
+	if (dsdb_check_single_valued_link(sa, el) == LDB_SUCCESS) {
+		el->flags |= LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK;
+	} else {
+		ldb_asprintf_errstring(ldb,
+				       "Attribute %s is single valued but "
+				       "more than one value has been supplied",
+				       el->name);
+		talloc_free(tmp_ctx);
+		return LDB_ERR_CONSTRAINT_VIOLATION;
+	}
+
+	/*
+	 * At the successful end of these functions el->values is
+	 * overwritten with new_values.  However get_parsed_dns()
+	 * points p->v at the supplied el and it effectively gets used
+	 * as a working area by replmd_build_la_val().  So we must
+	 * duplicate it because our caller only called
+	 * ldb_msg_copy_shallow().
+	 */
+
+	el->values = talloc_memdup(tmp_ctx,
+				   el->values,
+				   sizeof(el->values[0]) * el->num_values);
+	if (el->values == NULL) {
+		ldb_module_oom(module);
+		talloc_free(tmp_ctx);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	
+	ret = get_parsed_dns(module, tmp_ctx, el, &pdn,
+			     sa->syntax->ldap_oid, parent);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	ret = check_parsed_dn_duplicates(module, el, pdn);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	new_values = talloc_array(tmp_ctx, struct ldb_val, el->num_values);
+	if (new_values == NULL) {
+		ldb_module_oom(module);
+		talloc_free(tmp_ctx);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	for (i = 0; i < el->num_values; i++) {
+		struct parsed_dn *p = &pdn[i];
+		ret = replmd_build_la_val(new_values, p->v, p->dsdb_dn,
+					  &ac->our_invocation_id,
+					  ac->seq_num, now);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+
+		ret = replmd_defer_add_backlink(module, replmd_private,
+						schema, ac,
+						forward_dn, &p->guid, true, sa,
+						parent);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+
+		new_values[i] = *p->v;
+	}
+	el->values = talloc_steal(mem_ctx, new_values);
+
+	talloc_free(tmp_ctx);
+	return LDB_SUCCESS;
+}
+
+static int replmd_add_make_extended_dn(struct ldb_request *req,
+				       const DATA_BLOB *guid_blob,
+				       struct ldb_dn **_extended_dn)
+{
+	int ret;
+        const DATA_BLOB *sid_blob;
+	/* Calculate an extended DN for any linked attributes */
+	struct ldb_dn *extended_dn = ldb_dn_copy(req, req->op.add.message->dn);
+	if (!extended_dn) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	ret = ldb_dn_set_extended_component(extended_dn, "GUID", guid_blob);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	sid_blob = ldb_msg_find_ldb_val(req->op.add.message, "objectSID");
+	if (sid_blob != NULL) {
+		ret = ldb_dn_set_extended_component(extended_dn, "SID", sid_blob);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+	*_extended_dn = extended_dn;
+	return LDB_SUCCESS;
+}
+
+/*
+  intercept add requests
+ */
+static int replmd_add(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+        struct ldb_control *control;
+	struct replmd_replicated_request *ac;
+	enum ndr_err_code ndr_err;
+	struct ldb_request *down_req;
+	struct ldb_message *msg;
+        const DATA_BLOB *guid_blob;
+        DATA_BLOB guid_blob_stack;
+	struct GUID guid;
+	uint8_t guid_data[16];
+	struct replPropertyMetaDataBlob nmd;
+	struct ldb_val nmd_value;
+	struct ldb_dn *extended_dn = NULL;
+	
+	/*
+	 * The use of a time_t here seems odd, but as the NTTIME
+	 * elements are actually declared as NTTIME_1sec in the IDL,
+	 * getting a higher resolution timestamp is not required.
+	 */
+	time_t t = time(NULL);
+	NTTIME now;
+	char *time_str;
+	int ret;
+	unsigned int i;
+	unsigned int functional_level;
+	uint32_t ni=0;
+	bool allow_add_guid = false;
+	bool remove_current_guid = false;
+	bool is_urgent = false;
+	bool is_schema_nc = false;
+	struct ldb_message_element *objectclass_el;
+	struct replmd_private *replmd_private =
+		talloc_get_type_abort(ldb_module_get_private(module), struct replmd_private);
+
+        /* check if there's a show relax control (used by provision to say 'I know what I'm doing') */
+        control = ldb_request_get_control(req, LDB_CONTROL_RELAX_OID);
+	if (control) {
+		allow_add_guid = true;
+	}
+
+	/* do not manipulate our control entries */
+	if (ldb_dn_is_special(req->op.add.message->dn)) {
+		return ldb_next_request(module, req);
+	}
+
+	ldb = ldb_module_get_ctx(module);
+
+	ldb_debug(ldb, LDB_DEBUG_TRACE, "replmd_add\n");
+
+	guid_blob = ldb_msg_find_ldb_val(req->op.add.message, "objectGUID");
+	if (guid_blob != NULL) {
+		if (!allow_add_guid) {
+			ldb_set_errstring(ldb,
+					  "replmd_add: it's not allowed to add an object with objectGUID!");
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		} else {
+			NTSTATUS status = GUID_from_data_blob(guid_blob,&guid);
+			if (!NT_STATUS_IS_OK(status)) {
+				ldb_set_errstring(ldb,
+						  "replmd_add: Unable to parse the 'objectGUID' as a GUID!");
+				return LDB_ERR_UNWILLING_TO_PERFORM;
+			}
+			/* we remove this attribute as it can be a string and
+			 * will not be treated correctly and then we will re-add
+			 * it later on in the good format */
+			remove_current_guid = true;
+		}
+	} else {
+		/* a new GUID */
+		guid = GUID_random();
+		
+		guid_blob_stack = data_blob_const(guid_data, sizeof(guid_data));
+		
+		/* This can't fail */
+		ndr_push_struct_into_fixed_blob(&guid_blob_stack, &guid,
+						(ndr_push_flags_fn_t)ndr_push_GUID);
+		guid_blob = &guid_blob_stack;
+	}
+
+	ac = replmd_ctx_init(module, req);
+	if (ac == NULL) {
+		return ldb_module_oom(module);
+	}
+
+	functional_level = dsdb_functional_level(ldb);
+
+	/* Get a sequence number from the backend */
+	ret = ldb_sequence_number(ldb, LDB_SEQ_NEXT, &ac->seq_num);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(ac);
+		return ret;
+	}
+
+	/* we have to copy the message as the caller might have it as a const */
+	msg = ldb_msg_copy_shallow(ac, req->op.add.message);
+	if (msg == NULL) {
+		ldb_oom(ldb);
+		talloc_free(ac);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	/* generated times */
+	unix_to_nt_time(&now, t);
+	time_str = ldb_timestring(msg, t);
+	if (!time_str) {
+		ldb_oom(ldb);
+		talloc_free(ac);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	if (remove_current_guid) {
+		ldb_msg_remove_attr(msg,"objectGUID");
+	}
+
+	/*
+	 * remove autogenerated attributes
+	 */
+	ldb_msg_remove_attr(msg, "whenCreated");
+	ldb_msg_remove_attr(msg, "whenChanged");
+	ldb_msg_remove_attr(msg, "uSNCreated");
+	ldb_msg_remove_attr(msg, "uSNChanged");
+	ldb_msg_remove_attr(msg, "replPropertyMetaData");
+
+	/*
+	 * readd replicated attributes
+	 */
+	ret = ldb_msg_add_string(msg, "whenCreated", time_str);
+	if (ret != LDB_SUCCESS) {
+		ldb_oom(ldb);
+		talloc_free(ac);
+		return ret;
+	}
+
+	/* build the replication meta_data */
+	ZERO_STRUCT(nmd);
+	nmd.version		= 1;
+	nmd.ctr.ctr1.count	= msg->num_elements;
+	nmd.ctr.ctr1.array	= talloc_array(msg,
+					       struct replPropertyMetaData1,
+					       nmd.ctr.ctr1.count);
+	if (!nmd.ctr.ctr1.array) {
+		ldb_oom(ldb);
+		talloc_free(ac);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	is_schema_nc = ldb_dn_compare_base(replmd_private->schema_dn, msg->dn) == 0;
+
+	for (i=0; i < msg->num_elements;) {
+		struct ldb_message_element *e = &msg->elements[i];
+		struct replPropertyMetaData1 *m = &nmd.ctr.ctr1.array[ni];
+		const struct dsdb_attribute *sa;
+
+		if (e->name[0] == '@') {
+			i++;
+			continue;
+		}
+
+		sa = dsdb_attribute_by_lDAPDisplayName(ac->schema, e->name);
+		if (!sa) {
+			ldb_debug_set(ldb, LDB_DEBUG_ERROR,
+				      "replmd_add: attribute '%s' not defined in schema\n",
+				      e->name);
+			talloc_free(ac);
+			return LDB_ERR_NO_SUCH_ATTRIBUTE;
+		}
+
+		if ((sa->systemFlags & DS_FLAG_ATTR_NOT_REPLICATED) || (sa->systemFlags & DS_FLAG_ATTR_IS_CONSTRUCTED)) {
+			/* if the attribute is not replicated (0x00000001)
+			 * or constructed (0x00000004) it has no metadata
+			 */
+			i++;
+			continue;
+		}
+
+		if (sa->linkID != 0 && functional_level > DS_DOMAIN_FUNCTION_2000) {
+			if (extended_dn == NULL) {
+				ret = replmd_add_make_extended_dn(req,
+								  guid_blob,
+								  &extended_dn);
+				if (ret != LDB_SUCCESS) {
+					talloc_free(ac);
+					return ret;
+				}
+			}			
+
+			/*
+			 * Prepare the context for the backlinks and
+			 * create metadata for the forward links.  The
+			 * backlinks are created in
+			 * replmd_op_callback() after the successful
+			 * ADD of the object.
+			 */
+			ret = replmd_add_fix_la(module, msg->elements,
+						replmd_private, e,
+						ac, now,
+						extended_dn,
+						sa, req);
+			if (ret != LDB_SUCCESS) {
+				talloc_free(ac);
+				return ret;
+			}
+			/* linked attributes are not stored in
+			   replPropertyMetaData in FL above w2k */
+			i++;
+			continue;
+		}
+
+		m->attid   = dsdb_attribute_get_attid(sa, is_schema_nc);
+		m->version = 1;
+		if (m->attid == DRSUAPI_ATTID_isDeleted) {
+			const struct ldb_val *rdn_val = ldb_dn_get_rdn_val(msg->dn);
+			const char* rdn;
+
+			if (rdn_val == NULL) {
+				ldb_oom(ldb);
+				talloc_free(ac);
+				return LDB_ERR_OPERATIONS_ERROR;
+			}
+
+			rdn = (const char*)rdn_val->data;
+			if (strcmp(rdn, "Deleted Objects") == 0) {
+				/*
+				 * Set the originating_change_time to 29/12/9999 at 23:59:59
+				 * as specified in MS-ADTS 7.1.1.4.2 Deleted Objects Container
+				 */
+				m->originating_change_time	= DELETED_OBJECT_CONTAINER_CHANGE_TIME;
+			} else {
+				m->originating_change_time	= now;
+			}
+		} else {
+			m->originating_change_time	= now;
+		}
+		m->originating_invocation_id	= ac->our_invocation_id;
+		m->originating_usn		= ac->seq_num;
+		m->local_usn			= ac->seq_num;
+		ni++;
+
+		if (!(e->flags & DSDB_FLAG_INTERNAL_FORCE_META_DATA)) {
+			i++;
+			continue;
+		}
+
+		e->flags &= ~DSDB_FLAG_INTERNAL_FORCE_META_DATA;
+
+		if (e->num_values != 0) {
+			i++;
+			continue;
+		}
+
+		ldb_msg_remove_element(msg, e);
+	}
+
+	/* fix meta data count */
+	nmd.ctr.ctr1.count = ni;
+
+	/*
+	 * sort meta data array
+	 */
+	ret = replmd_replPropertyMetaDataCtr1_sort_and_verify(ldb, &nmd.ctr.ctr1, msg->dn);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb, "%s: error during direct ADD: %s", __func__, ldb_errstring(ldb));
+		talloc_free(ac);
+		return ret;
+	}
+
+	/* generated NDR encoded values */
+	ndr_err = ndr_push_struct_blob(&nmd_value, msg,
+				       &nmd,
+				       (ndr_push_flags_fn_t)ndr_push_replPropertyMetaDataBlob);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		ldb_oom(ldb);
+		talloc_free(ac);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	/*
+	 * add the autogenerated values
+	 */
+	ret = dsdb_msg_add_guid(msg, &guid, "objectGUID");
+	if (ret != LDB_SUCCESS) {
+		ldb_oom(ldb);
+		talloc_free(ac);
+		return ret;
+	}
+	ret = ldb_msg_add_string(msg, "whenChanged", time_str);
+	if (ret != LDB_SUCCESS) {
+		ldb_oom(ldb);
+		talloc_free(ac);
+		return ret;
+	}
+	ret = samdb_msg_add_uint64(ldb, msg, msg, "uSNCreated", ac->seq_num);
+	if (ret != LDB_SUCCESS) {
+		ldb_oom(ldb);
+		talloc_free(ac);
+		return ret;
+	}
+	ret = samdb_msg_add_uint64(ldb, msg, msg, "uSNChanged", ac->seq_num);
+	if (ret != LDB_SUCCESS) {
+		ldb_oom(ldb);
+		talloc_free(ac);
+		return ret;
+	}
+	ret = ldb_msg_add_value(msg, "replPropertyMetaData", &nmd_value, NULL);
+	if (ret != LDB_SUCCESS) {
+		ldb_oom(ldb);
+		talloc_free(ac);
+		return ret;
+	}
+
+	/*
+	 * sort the attributes by attid before storing the object
+	 */
+	replmd_ldb_message_sort(msg, ac->schema);
+
+	/*
+	 * Assert that we do have an objectClass
+	 */
+	objectclass_el = ldb_msg_find_element(msg, "objectClass");
+	if (objectclass_el == NULL) {
+		ldb_asprintf_errstring(ldb, __location__
+				       ": objectClass missing on %s\n",
+				       ldb_dn_get_linearized(msg->dn));
+		talloc_free(ac);
+		return LDB_ERR_OBJECT_CLASS_VIOLATION;
+	}
+	is_urgent = replmd_check_urgent_objectclass(objectclass_el,
+							REPL_URGENT_ON_CREATE);
+
+	ac->is_urgent = is_urgent;
+	ret = ldb_build_add_req(&down_req, ldb, ac,
+				msg,
+				req->controls,
+				ac, replmd_op_callback,
+				req);
+
+	LDB_REQ_SET_LOCATION(down_req);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(ac);
+		return ret;
+	}
+
+	/* current partition control is needed by "replmd_op_callback" */
+	if (ldb_request_get_control(req, DSDB_CONTROL_CURRENT_PARTITION_OID) == NULL) {
+		ret = ldb_request_add_control(down_req,
+					      DSDB_CONTROL_CURRENT_PARTITION_OID,
+					      false, NULL);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(ac);
+			return ret;
+		}
+	}
+
+	if (functional_level == DS_DOMAIN_FUNCTION_2000) {
+		ret = ldb_request_add_control(down_req, DSDB_CONTROL_APPLY_LINKS, false, NULL);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(ac);
+			return ret;
+		}
+	}
+
+	/* mark the relax control done */
+	if (control) {
+		control->critical = 0;
+	}
+	/* go on with the call chain */
+	return ldb_next_request(module, down_req);
+}
+
+
+/*
+ * update the replPropertyMetaData for one element
+ */
+static int replmd_update_rpmd_element(struct ldb_context *ldb,
+				      struct ldb_message *msg,
+				      struct ldb_message_element *el,
+				      struct ldb_message_element *old_el,
+				      struct replPropertyMetaDataBlob *omd,
+				      const struct dsdb_schema *schema,
+				      uint64_t *seq_num,
+				      const struct GUID *our_invocation_id,
+				      NTTIME now,
+				      bool is_schema_nc,
+				      bool is_forced_rodc,
+				      struct ldb_request *req)
+{
+	uint32_t i;
+	const struct dsdb_attribute *a;
+	struct replPropertyMetaData1 *md1;
+	bool may_skip = false;
+	uint32_t attid;
+
+	a = dsdb_attribute_by_lDAPDisplayName(schema, el->name);
+	if (a == NULL) {
+		if (ldb_request_get_control(req, LDB_CONTROL_RELAX_OID)) {
+			/* allow this to make it possible for dbcheck
+			   to remove bad attributes */
+			return LDB_SUCCESS;
+		}
+
+		DEBUG(0,(__location__ ": Unable to find attribute %s in schema\n",
+			 el->name));
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	attid = dsdb_attribute_get_attid(a, is_schema_nc);
+
+	if ((a->systemFlags & DS_FLAG_ATTR_NOT_REPLICATED) || (a->systemFlags & DS_FLAG_ATTR_IS_CONSTRUCTED)) {
+		return LDB_SUCCESS;
+	}
+
+	/*
+	 * if the attribute's value haven't changed, and this isn't
+	 * just a delete of everything then return LDB_SUCCESS Unless
+	 * we have the provision control or if the attribute is
+	 * interSiteTopologyGenerator as this page explain:
+	 * http://support.microsoft.com/kb/224815 this attribute is
+	 * periodically written by the DC responsible for the intersite
+	 * generation in a given site
+	 *
+	 * Unchanged could be deleting or replacing an already-gone
+	 * thing with an unconstrained delete/empty replace or a
+	 * replace with the same value, but not an add with the same
+	 * value because that could be about adding a duplicate (which
+	 * is for someone else to error out on).
+	 */
+	if (old_el != NULL && ldb_msg_element_equal_ordered(el, old_el)) {
+		if (LDB_FLAG_MOD_TYPE(el->flags) == LDB_FLAG_MOD_REPLACE) {
+			may_skip = true;
+		}
+	} else if (old_el == NULL && el->num_values == 0) {
+		if (LDB_FLAG_MOD_TYPE(el->flags) == LDB_FLAG_MOD_REPLACE) {
+			may_skip = true;
+		} else if (LDB_FLAG_MOD_TYPE(el->flags) == LDB_FLAG_MOD_DELETE) {
+			may_skip = true;
+		}
+	} else if (a->linkID != 0 && LDB_FLAG_MOD_TYPE(el->flags) == LDB_FLAG_MOD_DELETE &&
+		   ldb_request_get_control(req, DSDB_CONTROL_REPLMD_VANISH_LINKS) != NULL) {
+		/*
+		 * We intentionally skip the version bump when attempting to
+		 * vanish links.
+		 *
+		 * The control is set by dbcheck and expunge-tombstones which
+		 * both attempt to be non-replicating. Otherwise, making an
+		 * alteration to the replication state would trigger a
+		 * broadcast of all expunged objects.
+		 */
+		may_skip = true;
+	}
+
+	if (el->flags & DSDB_FLAG_INTERNAL_FORCE_META_DATA) {
+		may_skip = false;
+		el->flags &= ~DSDB_FLAG_INTERNAL_FORCE_META_DATA;
+	}
+
+	if (may_skip) {
+		if (strcmp(el->name, "interSiteTopologyGenerator") != 0 &&
+		    !ldb_request_get_control(req, LDB_CONTROL_PROVISION_OID)) {
+			/*
+			 * allow this to make it possible for dbcheck
+			 * to rebuild broken metadata
+			 */
+			return LDB_SUCCESS;
+		}
+	}
+
+	for (i=0; i<omd->ctr.ctr1.count; i++) {
+		/*
+		 * First check if we find it under the msDS-IntID,
+		 * then check if we find it under the OID and
+		 * prefixMap ID.
+		 *
+		 * This allows the administrator to simply re-write
+		 * the attributes and so restore replication, which is
+		 * likely what they will try to do.
+		 */
+		if (attid == omd->ctr.ctr1.array[i].attid) {
+			break;
+		}
+
+		if (a->attributeID_id == omd->ctr.ctr1.array[i].attid) {
+			break;
+		}
+	}
+
+	if (a->linkID != 0 && dsdb_functional_level(ldb) > DS_DOMAIN_FUNCTION_2000) {
+		/* linked attributes are not stored in
+		   replPropertyMetaData in FL above w2k, but we do
+		   raise the seqnum for the object  */
+		if (*seq_num == 0 &&
+		    ldb_sequence_number(ldb, LDB_SEQ_NEXT, seq_num) != LDB_SUCCESS) {
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+		return LDB_SUCCESS;
+	}
+
+	if (i == omd->ctr.ctr1.count) {
+		/* we need to add a new one */
+		omd->ctr.ctr1.array = talloc_realloc(msg, omd->ctr.ctr1.array,
+						     struct replPropertyMetaData1, omd->ctr.ctr1.count+1);
+		if (omd->ctr.ctr1.array == NULL) {
+			ldb_oom(ldb);
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+		omd->ctr.ctr1.count++;
+		ZERO_STRUCT(omd->ctr.ctr1.array[i]);
+	}
+
+	/* Get a new sequence number from the backend. We only do this
+	 * if we have a change that requires a new
+	 * replPropertyMetaData element
+	 */
+	if (*seq_num == 0) {
+		int ret = ldb_sequence_number(ldb, LDB_SEQ_NEXT, seq_num);
+		if (ret != LDB_SUCCESS) {
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+	}
+
+	md1 = &omd->ctr.ctr1.array[i];
+	md1->version++;
+	md1->attid = attid;
+
+	if (md1->attid == DRSUAPI_ATTID_isDeleted) {
+		const struct ldb_val *rdn_val = ldb_dn_get_rdn_val(msg->dn);
+		const char* rdn;
+
+		if (rdn_val == NULL) {
+			ldb_oom(ldb);
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+
+		rdn = (const char*)rdn_val->data;
+		if (strcmp(rdn, "Deleted Objects") == 0) {
+			/*
+			 * Set the originating_change_time to 29/12/9999 at 23:59:59
+			 * as specified in MS-ADTS 7.1.1.4.2 Deleted Objects Container
+			 */
+			md1->originating_change_time	= DELETED_OBJECT_CONTAINER_CHANGE_TIME;
+		} else {
+			md1->originating_change_time	= now;
+		}
+	} else {
+		md1->originating_change_time	= now;
+	}
+	md1->originating_invocation_id = *our_invocation_id;
+	md1->originating_usn           = *seq_num;
+	md1->local_usn                 = *seq_num;
+
+	if (is_forced_rodc) {
+		/* Force version to 0 to be overridden later via replication */
+		md1->version = 0;
+	}
+
+	return LDB_SUCCESS;
+}
+
+/*
+ * Bump the replPropertyMetaData version on an attribute, and if it
+ * has changed (or forced by leaving rdn_old NULL), update the value
+ * in the entry.
+ *
+ * This is important, as calling a modify operation may not change the
+ * version number if the values appear unchanged, but a rename between
+ * parents bumps this value.
+ *
+ */
+static int replmd_update_rpmd_rdn_attr(struct ldb_context *ldb,
+				       struct ldb_message *msg,
+				       const struct ldb_val *rdn_new,
+				       const struct ldb_val *rdn_old,
+				       struct replPropertyMetaDataBlob *omd,
+				       struct replmd_replicated_request *ar,
+				       NTTIME now,
+				       bool is_schema_nc,
+				       bool is_forced_rodc)
+{
+	const char *rdn_name = ldb_dn_get_rdn_name(msg->dn);
+	const struct dsdb_attribute *rdn_attr =
+		dsdb_attribute_by_lDAPDisplayName(ar->schema, rdn_name);
+	const char *attr_name = rdn_attr != NULL ?
+				rdn_attr->lDAPDisplayName :
+				rdn_name;
+	struct ldb_message_element new_el = {
+		.flags = LDB_FLAG_MOD_REPLACE,
+		.name = attr_name,
+		.num_values = 1,
+		.values = discard_const_p(struct ldb_val, rdn_new)
+	};
+	struct ldb_message_element old_el = {
+		.flags = LDB_FLAG_MOD_REPLACE,
+		.name = attr_name,
+		.num_values = rdn_old ? 1 : 0,
+		.values = discard_const_p(struct ldb_val, rdn_old)
+	};
+
+	if (ldb_msg_element_equal_ordered(&new_el, &old_el) == false) {
+		int ret = ldb_msg_add(msg, &new_el, LDB_FLAG_MOD_REPLACE);
+		if (ret != LDB_SUCCESS) {
+			return ldb_oom(ldb);
+		}
+	}
+
+	return replmd_update_rpmd_element(ldb, msg, &new_el, NULL,
+					  omd, ar->schema, &ar->seq_num,
+					  &ar->our_invocation_id,
+					  now, is_schema_nc, is_forced_rodc,
+					  ar->req);
+
+}
+
+static uint64_t find_max_local_usn(struct replPropertyMetaDataBlob omd)
+{
+	uint32_t count = omd.ctr.ctr1.count;
+	uint64_t max = 0;
+	uint32_t i;
+	for (i=0; i < count; i++) {
+		struct replPropertyMetaData1 m = omd.ctr.ctr1.array[i];
+		if (max < m.local_usn) {
+			max = m.local_usn;
+		}
+	}
+	return max;
+}
+
+/*
+ * update the replPropertyMetaData object each time we modify an
+ * object. This is needed for DRS replication, as the merge on the
+ * client is based on this object
+ */
+static int replmd_update_rpmd(struct ldb_module *module,
+			      const struct dsdb_schema *schema,
+			      struct ldb_request *req,
+			      const char * const *rename_attrs,
+			      struct ldb_message *msg, uint64_t *seq_num,
+			      time_t t, bool is_schema_nc,
+			      bool *is_urgent, bool *rodc)
+{
+	const struct ldb_val *omd_value;
+	enum ndr_err_code ndr_err;
+	struct replPropertyMetaDataBlob omd;
+	unsigned int i;
+	NTTIME now;
+	const struct GUID *our_invocation_id;
+	int ret;
+	const char * const *attrs = NULL;
+	const char * const attrs2[] = { "uSNChanged", "objectClass", "instanceType", NULL };
+	struct ldb_result *res;
+	struct ldb_context *ldb;
+	struct ldb_message_element *objectclass_el;
+	enum urgent_situation situation;
+	bool rmd_is_provided;
+	bool rmd_is_just_resorted = false;
+	const char *not_rename_attrs[4 + msg->num_elements];
+	bool is_forced_rodc = false;
+
+	if (rename_attrs) {
+		attrs = rename_attrs;
+	} else {
+		for (i = 0; i < msg->num_elements; i++) {
+			not_rename_attrs[i] = msg->elements[i].name;
+		}
+		not_rename_attrs[i] = "replPropertyMetaData";
+		not_rename_attrs[i+1] = "objectClass";
+		not_rename_attrs[i+2] = "instanceType";
+		not_rename_attrs[i+3] = NULL;
+		attrs = not_rename_attrs;
+	}
+
+	ldb = ldb_module_get_ctx(module);
+
+	ret = samdb_rodc(ldb, rodc);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(4, (__location__ ": unable to tell if we are an RODC\n"));
+		*rodc = false;
+	}
+
+	if (*rodc &&
+	    ldb_request_get_control(req, DSDB_CONTROL_FORCE_RODC_LOCAL_CHANGE)) {
+		is_forced_rodc = true;
+	}
+
+	our_invocation_id = samdb_ntds_invocation_id(ldb);
+	if (!our_invocation_id) {
+		/* this happens during an initial vampire while
+		   updating the schema */
+		DEBUG(5,("No invocationID - skipping replPropertyMetaData update\n"));
+		return LDB_SUCCESS;
+	}
+
+	unix_to_nt_time(&now, t);
+
+	if (ldb_request_get_control(req, DSDB_CONTROL_CHANGEREPLMETADATA_OID)) {
+		rmd_is_provided = true;
+		if (ldb_request_get_control(req, DSDB_CONTROL_CHANGEREPLMETADATA_RESORT_OID)) {
+			rmd_is_just_resorted = true;
+		}
+	} else {
+		rmd_is_provided = false;
+	}
+
+	/* if isDeleted is present and is TRUE, then we consider we are deleting,
+	 * otherwise we consider we are updating */
+	if (ldb_msg_check_string_attribute(msg, "isDeleted", "TRUE")) {
+		situation = REPL_URGENT_ON_DELETE;
+	} else if (rename_attrs) {
+		situation = REPL_URGENT_ON_CREATE | REPL_URGENT_ON_DELETE;
+	} else {
+		situation = REPL_URGENT_ON_UPDATE;
+	}
+
+	if (rmd_is_provided) {
+		/* In this case the change_replmetadata control was supplied */
+		/* We check that it's the only attribute that is provided
+		 * (it's a rare case so it's better to keep the code simpler)
+		 * We also check that the highest local_usn is bigger or the same as
+		 * uSNChanged. */
+		uint64_t db_seq;
+		if( msg->num_elements != 1 ||
+			strncmp(msg->elements[0].name,
+				"replPropertyMetaData", 20) ) {
+			DEBUG(0,(__location__ ": changereplmetada control called without "\
+				"a specified replPropertyMetaData attribute or with others\n"));
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+		if (situation != REPL_URGENT_ON_UPDATE) {
+			DEBUG(0,(__location__ ": changereplmetada control can't be called when deleting an object\n"));
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+		omd_value = ldb_msg_find_ldb_val(msg, "replPropertyMetaData");
+		if (!omd_value) {
+			DEBUG(0,(__location__ ": replPropertyMetaData was not specified for Object %s\n",
+				 ldb_dn_get_linearized(msg->dn)));
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+		ndr_err = ndr_pull_struct_blob(omd_value, msg, &omd,
+					       (ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaDataBlob);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			DEBUG(0,(__location__ ": Failed to parse replPropertyMetaData for %s\n",
+				 ldb_dn_get_linearized(msg->dn)));
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+
+		ret = dsdb_module_search_dn(module, msg, &res, msg->dn, attrs2,
+					    DSDB_FLAG_NEXT_MODULE |
+					    DSDB_SEARCH_SHOW_RECYCLED |
+					    DSDB_SEARCH_SHOW_EXTENDED_DN |
+					    DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT |
+					    DSDB_SEARCH_REVEAL_INTERNALS, req);
+
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		if (rmd_is_just_resorted == false) {
+			*seq_num = find_max_local_usn(omd);
+
+			db_seq = ldb_msg_find_attr_as_uint64(res->msgs[0], "uSNChanged", 0);
+
+			/*
+			 * The test here now allows for a new
+			 * replPropertyMetaData with no change, if was
+			 * just dbcheck re-sorting the values.
+			 */
+			if (*seq_num <= db_seq) {
+				DEBUG(0,(__location__ ": changereplmetada control provided but max(local_usn)" \
+					 " is less than uSNChanged (max = %lld uSNChanged = %lld)\n",
+					 (long long)*seq_num, (long long)db_seq));
+				return LDB_ERR_OPERATIONS_ERROR;
+			}
+		}
+
+	} else {
+		/* search for the existing replPropertyMetaDataBlob. We need
+		 * to use REVEAL and ask for DNs in storage format to support
+		 * the check for values being the same in
+		 * replmd_update_rpmd_element()
+		 */
+		ret = dsdb_module_search_dn(module, msg, &res, msg->dn, attrs,
+					    DSDB_FLAG_NEXT_MODULE |
+					    DSDB_SEARCH_SHOW_RECYCLED |
+					    DSDB_SEARCH_SHOW_EXTENDED_DN |
+					    DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT |
+					    DSDB_SEARCH_REVEAL_INTERNALS, req);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		omd_value = ldb_msg_find_ldb_val(res->msgs[0], "replPropertyMetaData");
+		if (!omd_value) {
+			DEBUG(0,(__location__ ": Object %s does not have a replPropertyMetaData attribute\n",
+				 ldb_dn_get_linearized(msg->dn)));
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+
+		ndr_err = ndr_pull_struct_blob(omd_value, msg, &omd,
+					       (ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaDataBlob);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			DEBUG(0,(__location__ ": Failed to parse replPropertyMetaData for %s\n",
+				 ldb_dn_get_linearized(msg->dn)));
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+
+		if (omd.version != 1) {
+			DEBUG(0,(__location__ ": bad version %u in replPropertyMetaData for %s\n",
+				 omd.version, ldb_dn_get_linearized(msg->dn)));
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+
+		for (i=0; i<msg->num_elements;) {
+			struct ldb_message_element *el = &msg->elements[i];
+			struct ldb_message_element *old_el;
+
+			old_el = ldb_msg_find_element(res->msgs[0], el->name);
+			ret = replmd_update_rpmd_element(ldb, msg, el, old_el,
+							 &omd, schema, seq_num,
+							 our_invocation_id,
+							 now, is_schema_nc,
+							 is_forced_rodc,
+							 req);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+
+			if (!*is_urgent && (situation == REPL_URGENT_ON_UPDATE)) {
+				*is_urgent = replmd_check_urgent_attribute(el);
+			}
+
+			if (!(el->flags & DSDB_FLAG_INTERNAL_FORCE_META_DATA)) {
+				i++;
+				continue;
+			}
+
+			el->flags &= ~DSDB_FLAG_INTERNAL_FORCE_META_DATA;
+
+			if (el->num_values != 0) {
+				i++;
+				continue;
+			}
+
+			ldb_msg_remove_element(msg, el);
+		}
+	}
+
+	/*
+	 * Assert that we have an objectClass attribute - this is major
+	 * corruption if we don't have this!
+	 */
+	objectclass_el = ldb_msg_find_element(res->msgs[0], "objectClass");
+	if (objectclass_el != NULL) {
+		/*
+		 * Now check if this objectClass means we need to do urgent replication
+		 */
+		if (!*is_urgent && replmd_check_urgent_objectclass(objectclass_el,
+								   situation)) {
+			*is_urgent = true;
+		}
+	} else if (!ldb_request_get_control(req, DSDB_CONTROL_DBCHECK)) {
+		ldb_asprintf_errstring(ldb, __location__
+				       ": objectClass missing on %s\n",
+				       ldb_dn_get_linearized(msg->dn));
+		return LDB_ERR_OBJECT_CLASS_VIOLATION;
+	}
+
+	/*
+	 * replmd_update_rpmd_element has done an update if the
+	 * seq_num is set
+	 */
+	if (*seq_num != 0 || rmd_is_just_resorted == true) {
+		struct ldb_val *md_value;
+		struct ldb_message_element *el;
+
+		/*if we are RODC and this is a DRSR update then its ok*/
+		if (!ldb_request_get_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID)
+		    && !ldb_request_get_control(req, DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA)
+		    && !is_forced_rodc) {
+			unsigned instanceType;
+
+			if (*rodc) {
+				ldb_set_errstring(ldb, "RODC modify is forbidden!");
+				return LDB_ERR_REFERRAL;
+			}
+
+			instanceType = ldb_msg_find_attr_as_uint(res->msgs[0], "instanceType", INSTANCE_TYPE_WRITE);
+			if (!(instanceType & INSTANCE_TYPE_WRITE)) {
+				return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM,
+						 "cannot change replicated attribute on partial replica");
+			}
+		}
+
+		md_value = talloc(msg, struct ldb_val);
+		if (md_value == NULL) {
+			ldb_oom(ldb);
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+
+		ret = replmd_replPropertyMetaDataCtr1_sort_and_verify(ldb, &omd.ctr.ctr1, msg->dn);
+		if (ret != LDB_SUCCESS) {
+			ldb_asprintf_errstring(ldb, "%s: %s", __func__, ldb_errstring(ldb));
+			return ret;
+		}
+
+		ndr_err = ndr_push_struct_blob(md_value, msg, &omd,
+					       (ndr_push_flags_fn_t)ndr_push_replPropertyMetaDataBlob);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			DEBUG(0,(__location__ ": Failed to marshall replPropertyMetaData for %s\n",
+				 ldb_dn_get_linearized(msg->dn)));
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+
+		ret = ldb_msg_add_empty(msg, "replPropertyMetaData", LDB_FLAG_MOD_REPLACE, &el);
+		if (ret != LDB_SUCCESS) {
+			DEBUG(0,(__location__ ": Failed to add updated replPropertyMetaData %s\n",
+				 ldb_dn_get_linearized(msg->dn)));
+			return ret;
+		}
+
+		el->num_values = 1;
+		el->values = md_value;
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int parsed_dn_compare(struct parsed_dn *pdn1, struct parsed_dn *pdn2)
+{
+	int ret = ndr_guid_compare(&pdn1->guid, &pdn2->guid);
+	if (ret == 0) {
+		return data_blob_cmp(&pdn1->dsdb_dn->extra_part,
+				     &pdn2->dsdb_dn->extra_part);
+	}
+	return ret;
+}
+
+/*
+  get a series of message element values as an array of DNs and GUIDs
+  the result is sorted by GUID
+ */
+static int get_parsed_dns(struct ldb_module *module, TALLOC_CTX *mem_ctx,
+			  struct ldb_message_element *el, struct parsed_dn **pdn,
+			  const char *ldap_oid, struct ldb_request *parent)
+{
+	unsigned int i;
+	bool values_are_sorted = true;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+
+	if (el == NULL) {
+		*pdn = NULL;
+		return LDB_SUCCESS;
+	}
+
+	(*pdn) = talloc_array(mem_ctx, struct parsed_dn, el->num_values);
+	if (!*pdn) {
+		ldb_module_oom(module);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	for (i=0; i<el->num_values; i++) {
+		struct ldb_val *v = &el->values[i];
+		NTSTATUS status;
+		struct ldb_dn *dn;
+		struct parsed_dn *p;
+
+		p = &(*pdn)[i];
+
+		p->dsdb_dn = dsdb_dn_parse(*pdn, ldb, v, ldap_oid);
+		if (p->dsdb_dn == NULL) {
+			return LDB_ERR_INVALID_DN_SYNTAX;
+		}
+
+		dn = p->dsdb_dn->dn;
+
+		status = dsdb_get_extended_dn_guid(dn, &p->guid, "GUID");
+		if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) ||
+		    unlikely(GUID_all_zero(&p->guid))) {
+			/* we got a DN without a GUID - go find the GUID */
+			int ret = dsdb_module_guid_by_dn(module, dn, &p->guid, parent);
+			if (ret != LDB_SUCCESS) {
+				char *dn_str = NULL;
+				dn_str = ldb_dn_get_extended_linearized(mem_ctx,
+									(dn), 1);
+				ldb_asprintf_errstring(ldb,
+						"Unable to find GUID for DN %s\n",
+						dn_str);
+				if (ret == LDB_ERR_NO_SUCH_OBJECT &&
+				    LDB_FLAG_MOD_TYPE(el->flags) == LDB_FLAG_MOD_DELETE &&
+				    ldb_attr_cmp(el->name, "member") == 0) {
+					return LDB_ERR_UNWILLING_TO_PERFORM;
+				}
+				return ret;
+			}
+			ret = dsdb_set_extended_dn_guid(dn, &p->guid, "GUID");
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+		} else if (!NT_STATUS_IS_OK(status)) {
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+		if (i > 0 && values_are_sorted) {
+			int cmp = parsed_dn_compare(p, &(*pdn)[i - 1]);
+			if (cmp < 0) {
+				values_are_sorted = false;
+			}
+		}
+		/* keep a pointer to the original ldb_val */
+		p->v = v;
+	}
+	if (! values_are_sorted) {
+		TYPESAFE_QSORT(*pdn, el->num_values, parsed_dn_compare);
+	}
+	return LDB_SUCCESS;
+}
+
+/*
+ * Get a series of trusted message element values. The result is sorted by
+ * GUID, even though the GUIDs might not be known. That works because we trust
+ * the database to give us the elements like that if the
+ * replmd_private->sorted_links flag is set.
+ *
+ * We also ensure that the links are in the Functional Level 2003
+ * linked attributes format.
+ */
+static int get_parsed_dns_trusted_fallback(struct ldb_module *module,
+					   struct replmd_private *replmd_private,
+					   TALLOC_CTX *mem_ctx,
+					   struct ldb_message_element *el,
+					   struct parsed_dn **pdn,
+					   const char *ldap_oid,
+					   struct ldb_request *parent)
+{
+	int ret;
+	if (el == NULL) {
+		*pdn = NULL;
+		return LDB_SUCCESS;
+	}
+
+	if (!replmd_private->sorted_links) {
+		/* We need to sort the list. This is the slow old path we want
+		   to avoid.
+		 */
+		ret = get_parsed_dns(module, mem_ctx, el, pdn, ldap_oid,
+				      parent);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	} else {
+		ret = get_parsed_dns_trusted(mem_ctx, el, pdn);
+		if (ret != LDB_SUCCESS) {
+			ldb_module_oom(module);
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+	}
+
+	/*
+	 * This upgrades links to FL2003 style, and sorts the result
+	 * if that was needed.
+	 *
+	 * TODO: Add a database feature that asserts we have no FL2000
+	 *       style links to avoid this check or add a feature that
+	 *       uses a similar check to find sorted/unsorted links
+	 *       for an on-the-fly upgrade.
+	 */
+
+	ret = replmd_check_upgrade_links(ldb_module_get_ctx(module),
+					 *pdn, el->num_values,
+					 el,
+					 ldap_oid);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return LDB_SUCCESS;
+}
+
+/*
+   Return LDB_SUCCESS if a parsed_dn list contains no duplicate values,
+   otherwise an error code. For compatibility the error code differs depending
+   on whether or not the attribute is "member".
+
+   As always, the parsed_dn list is assumed to be sorted.
+ */
+static int check_parsed_dn_duplicates(struct ldb_module *module,
+				      struct ldb_message_element *el,
+				      struct parsed_dn *pdn)
+{
+	unsigned int i;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+
+	for (i = 1; i < el->num_values; i++) {
+		struct parsed_dn *p = &pdn[i];
+		if (parsed_dn_compare(p, &pdn[i - 1]) == 0) {
+			ldb_asprintf_errstring(ldb,
+					       "Linked attribute %s has "
+					       "multiple identical values",
+					       el->name);
+			if (ldb_attr_cmp(el->name, "member") == 0) {
+				return LDB_ERR_ENTRY_ALREADY_EXISTS;
+			} else {
+				return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
+			}
+		}
+	}
+	return LDB_SUCCESS;
+}
+
+/*
+  build a new extended DN, including all meta data fields
+
+  RMD_FLAGS           = DSDB_RMD_FLAG_* bits
+  RMD_ADDTIME         = originating_add_time
+  RMD_INVOCID         = originating_invocation_id
+  RMD_CHANGETIME      = originating_change_time
+  RMD_ORIGINATING_USN = originating_usn
+  RMD_LOCAL_USN       = local_usn
+  RMD_VERSION         = version
+ */
+static int replmd_build_la_val(TALLOC_CTX *mem_ctx, struct ldb_val *v,
+			       struct dsdb_dn *dsdb_dn,
+			       const struct GUID *invocation_id,
+			       uint64_t local_usn, NTTIME nttime)
+{
+	return replmd_set_la_val(mem_ctx, v, dsdb_dn, NULL, invocation_id,
+				 local_usn, local_usn, nttime,
+				 RMD_VERSION_INITIAL, false);
+}
+
+static int replmd_update_la_val(TALLOC_CTX *mem_ctx, struct ldb_val *v, struct dsdb_dn *dsdb_dn,
+				struct dsdb_dn *old_dsdb_dn, const struct GUID *invocation_id,
+				uint64_t seq_num, uint64_t local_usn, NTTIME nttime,
+				bool deleted);
+
+/*
+  check if any links need upgrading from w2k format
+ */
+static int replmd_check_upgrade_links(struct ldb_context *ldb,
+				      struct parsed_dn *dns, uint32_t count,
+				      struct ldb_message_element *el,
+				      const char *ldap_oid)
+{
+	uint32_t i;
+	const struct GUID *invocation_id = NULL;
+	for (i=0; i<count; i++) {
+		NTSTATUS status;
+		uint32_t version;
+		int ret;
+		if (dns[i].dsdb_dn == NULL) {
+			ret = really_parse_trusted_dn(dns, ldb, &dns[i],
+						      ldap_oid);
+			if (ret != LDB_SUCCESS) {
+				return LDB_ERR_INVALID_DN_SYNTAX;
+			}
+		}
+
+		status = dsdb_get_extended_dn_uint32(dns[i].dsdb_dn->dn,
+						     &version, "RMD_VERSION");
+		if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+			/*
+			 *  We optimistically assume they are all the same; if
+			 *  the first one is fixed, they are all fixed.
+			 *
+			 *  If the first one was *not* fixed and we find a
+			 *  later one that is, that is an occasion to shout
+			 *  with DEBUG(0).
+			 */
+			if (i == 0) {
+				return LDB_SUCCESS;
+			}
+			DEBUG(0, ("Mixed w2k and fixed format "
+				  "linked attributes\n"));
+			continue;
+		}
+
+		if (invocation_id == NULL) {
+			invocation_id = samdb_ntds_invocation_id(ldb);
+			if (invocation_id == NULL) {
+				return LDB_ERR_OPERATIONS_ERROR;
+			}
+		}
+
+
+		/* it's an old one that needs upgrading */
+		ret = replmd_update_la_val(el->values, dns[i].v,
+					   dns[i].dsdb_dn, dns[i].dsdb_dn,
+					   invocation_id, 1, 1, 0, false);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	/*
+	 * This sort() is critical for the operation of
+	 * get_parsed_dns_trusted_fallback() because callers of this function
+	 * expect a sorted list, and FL2000 style links are not
+	 * sorted.  In particular, as well as the upgrade case,
+	 * get_parsed_dns_trusted_fallback() is called from
+	 * replmd_delete_remove_link() even in FL2000 mode
+	 *
+	 * We do not normally pay the cost of the qsort() due to the
+	 * early return in the RMD_VERSION found case.
+	 */
+	TYPESAFE_QSORT(dns, count, parsed_dn_compare);
+	return LDB_SUCCESS;
+}
+
+/*
+  Sets the value for a linked attribute, including all meta data fields
+
+  see replmd_build_la_val for value names
+ */
+static int replmd_set_la_val(TALLOC_CTX *mem_ctx, struct ldb_val *v, struct dsdb_dn *dsdb_dn,
+			     struct dsdb_dn *old_dsdb_dn, const struct GUID *invocation_id,
+			     uint64_t usn, uint64_t local_usn, NTTIME nttime,
+			     uint32_t version, bool deleted)
+{
+	struct ldb_dn *dn = dsdb_dn->dn;
+	const char *tstring, *usn_string, *flags_string;
+	struct ldb_val tval;
+	struct ldb_val iid;
+	struct ldb_val usnv, local_usnv;
+	struct ldb_val vers, flagsv;
+	const struct ldb_val *old_addtime = NULL;
+	NTSTATUS status;
+	int ret;
+	const char *dnstring;
+	char *vstring;
+	uint32_t rmd_flags = deleted?DSDB_RMD_FLAG_DELETED:0;
+
+	tstring = talloc_asprintf(mem_ctx, "%llu", (unsigned long long)nttime);
+	if (!tstring) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	tval = data_blob_string_const(tstring);
+
+	usn_string = talloc_asprintf(mem_ctx, "%llu", (unsigned long long)usn);
+	if (!usn_string) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	usnv = data_blob_string_const(usn_string);
+
+	usn_string = talloc_asprintf(mem_ctx, "%llu", (unsigned long long)local_usn);
+	if (!usn_string) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	local_usnv = data_blob_string_const(usn_string);
+
+	status = GUID_to_ndr_blob(invocation_id, dn, &iid);
+	if (!NT_STATUS_IS_OK(status)) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	flags_string = talloc_asprintf(mem_ctx, "%u", rmd_flags);
+	if (!flags_string) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	flagsv = data_blob_string_const(flags_string);
+
+	ret = ldb_dn_set_extended_component(dn, "RMD_FLAGS", &flagsv);
+	if (ret != LDB_SUCCESS) return ret;
+
+	/* get the ADDTIME from the original */
+	if (old_dsdb_dn != NULL) {
+		old_addtime = ldb_dn_get_extended_component(old_dsdb_dn->dn,
+							    "RMD_ADDTIME");
+	}
+	if (old_addtime == NULL) {
+		old_addtime = &tval;
+	}
+	if (dsdb_dn != old_dsdb_dn ||
+	    ldb_dn_get_extended_component(dn, "RMD_ADDTIME") == NULL) {
+		ret = ldb_dn_set_extended_component(dn, "RMD_ADDTIME", old_addtime);
+		if (ret != LDB_SUCCESS) return ret;
+	}
+
+	/* use our invocation id */
+	ret = ldb_dn_set_extended_component(dn, "RMD_INVOCID", &iid);
+	if (ret != LDB_SUCCESS) return ret;
+
+	/* changetime is the current time */
+	ret = ldb_dn_set_extended_component(dn, "RMD_CHANGETIME", &tval);
+	if (ret != LDB_SUCCESS) return ret;
+
+	/* update the USN */
+	ret = ldb_dn_set_extended_component(dn, "RMD_ORIGINATING_USN", &usnv);
+	if (ret != LDB_SUCCESS) return ret;
+
+	ret = ldb_dn_set_extended_component(dn, "RMD_LOCAL_USN", &local_usnv);
+	if (ret != LDB_SUCCESS) return ret;
+
+	vstring = talloc_asprintf(mem_ctx, "%lu", (unsigned long)version);
+	vers = data_blob_string_const(vstring);
+	ret = ldb_dn_set_extended_component(dn, "RMD_VERSION", &vers);
+	if (ret != LDB_SUCCESS) return ret;
+
+	dnstring = dsdb_dn_get_extended_linearized(mem_ctx, dsdb_dn, 1);
+	if (dnstring == NULL) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	*v = data_blob_string_const(dnstring);
+
+	return LDB_SUCCESS;
+}
+
+/**
+ * Updates the value for a linked attribute, including all meta data fields
+ */
+static int replmd_update_la_val(TALLOC_CTX *mem_ctx, struct ldb_val *v, struct dsdb_dn *dsdb_dn,
+				struct dsdb_dn *old_dsdb_dn, const struct GUID *invocation_id,
+				uint64_t usn, uint64_t local_usn, NTTIME nttime,
+				bool deleted)
+{
+	uint32_t old_version;
+	uint32_t version = RMD_VERSION_INITIAL;
+	NTSTATUS status;
+
+	/*
+	 * We're updating the linked attribute locally, so increase the version
+	 * by 1 so that other DCs will see the change when it gets replicated out
+	 */
+	status = dsdb_get_extended_dn_uint32(old_dsdb_dn->dn, &old_version,
+					     "RMD_VERSION");
+
+	if (NT_STATUS_IS_OK(status)) {
+		version = old_version + 1;
+	}
+
+	return replmd_set_la_val(mem_ctx, v, dsdb_dn, old_dsdb_dn, invocation_id,
+				 usn, local_usn, nttime, version, deleted);
+}
+
+/*
+  handle adding a linked attribute
+ */
+static int replmd_modify_la_add(struct ldb_module *module,
+				struct replmd_private *replmd_private,
+				struct replmd_replicated_request *ac,
+				struct ldb_message *msg,
+				struct ldb_message_element *el,
+				struct ldb_message_element *old_el,
+				const struct dsdb_attribute *schema_attr,
+				time_t t,
+				struct ldb_dn *msg_dn,
+				struct ldb_request *parent)
+{
+	unsigned int i, j;
+	struct parsed_dn *dns, *old_dns;
+	TALLOC_CTX *tmp_ctx = talloc_new(msg);
+	int ret;
+	struct ldb_val *new_values = NULL;
+	unsigned old_num_values = old_el ? old_el->num_values : 0;
+	unsigned num_values = 0;
+	unsigned max_num_values;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	NTTIME now;
+	unix_to_nt_time(&now, t);
+
+	/* get the DNs to be added, fully parsed.
+	 *
+	 * We need full parsing because they came off the wire and we don't
+	 * trust them, besides which we need their details to know where to put
+	 * them.
+	 */
+	ret = get_parsed_dns(module, tmp_ctx, el, &dns,
+			     schema_attr->syntax->ldap_oid, parent);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	/* get the existing DNs, lazily parsed */
+	ret = get_parsed_dns_trusted_fallback(module, replmd_private,
+					      tmp_ctx, old_el, &old_dns,
+					      schema_attr->syntax->ldap_oid,
+					      parent);
+
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	max_num_values = old_num_values + el->num_values;
+	if (max_num_values < old_num_values) {
+		DEBUG(0, ("we seem to have overflow in replmd_modify_la_add. "
+			  "old values: %u, new values: %u, sum: %u\n",
+			  old_num_values, el->num_values, max_num_values));
+		talloc_free(tmp_ctx);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	new_values = talloc_zero_array(tmp_ctx, struct ldb_val, max_num_values);
+
+	if (new_values == NULL) {
+		ldb_module_oom(module);
+		talloc_free(tmp_ctx);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	/*
+	 * For each new value, find where it would go in the list. If there is
+	 * a matching GUID there, we update the existing value; otherwise we
+	 * put it in place.
+	 */
+	j = 0;
+	for (i = 0; i < el->num_values; i++) {
+		struct parsed_dn *exact;
+		struct parsed_dn *next;
+		unsigned offset;
+		int err = parsed_dn_find(ldb, old_dns, old_num_values,
+					 &dns[i].guid,
+					 dns[i].dsdb_dn->dn,
+					 dns[i].dsdb_dn->extra_part, 0,
+					 &exact, &next,
+					 schema_attr->syntax->ldap_oid,
+					 true);
+		if (err != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return err;
+		}
+
+		if (ac->fix_link_sid) {
+			char *fixed_dnstring = NULL;
+			struct dom_sid tmp_sid = { 0, };
+			DATA_BLOB sid_blob = data_blob_null;
+			enum ndr_err_code ndr_err;
+			NTSTATUS status;
+			int num;
+
+			if (exact == NULL) {
+				talloc_free(tmp_ctx);
+				return ldb_operr(ldb);
+			}
+
+			if (dns[i].dsdb_dn->dn_format != DSDB_NORMAL_DN) {
+				talloc_free(tmp_ctx);
+				return ldb_operr(ldb);
+			}
+
+			/*
+			 * Only "<GUID=...><SID=...>" is allowed.
+			 *
+			 * We get the GUID to just to find the old
+			 * value and the SID in order to add it
+			 * to the found value.
+			 */
+
+			num = ldb_dn_get_comp_num(dns[i].dsdb_dn->dn);
+			if (num != 0) {
+				talloc_free(tmp_ctx);
+				return ldb_operr(ldb);
+			}
+
+			num = ldb_dn_get_extended_comp_num(dns[i].dsdb_dn->dn);
+			if (num != 2) {
+				talloc_free(tmp_ctx);
+				return ldb_operr(ldb);
+			}
+
+			status = dsdb_get_extended_dn_sid(exact->dsdb_dn->dn,
+							  &tmp_sid, "SID");
+			if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+				/* this is what we expect */
+			} else if (NT_STATUS_IS_OK(status)) {
+				struct GUID_txt_buf guid_str;
+				ldb_debug_set(ldb, LDB_DEBUG_FATAL,
+						       "i[%u] SID NOT MISSING... Attribute %s already "
+						       "exists for target GUID %s, SID %s, DN: %s",
+						       i, el->name,
+						       GUID_buf_string(&exact->guid,
+								       &guid_str),
+						       dom_sid_string(tmp_ctx, &tmp_sid),
+						       dsdb_dn_get_extended_linearized(tmp_ctx,
+							       exact->dsdb_dn, 1));
+				talloc_free(tmp_ctx);
+				return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
+			} else {
+				talloc_free(tmp_ctx);
+				return ldb_operr(ldb);
+			}
+
+			status = dsdb_get_extended_dn_sid(dns[i].dsdb_dn->dn,
+							  &tmp_sid, "SID");
+			if (!NT_STATUS_IS_OK(status)) {
+				struct GUID_txt_buf guid_str;
+				ldb_asprintf_errstring(ldb,
+						       "NO SID PROVIDED... Attribute %s already "
+						       "exists for target GUID %s",
+						       el->name,
+						       GUID_buf_string(&exact->guid,
+								       &guid_str));
+				talloc_free(tmp_ctx);
+				return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
+			}
+
+			ndr_err = ndr_push_struct_blob(&sid_blob, tmp_ctx, &tmp_sid,
+						       (ndr_push_flags_fn_t)ndr_push_dom_sid);
+			if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+				talloc_free(tmp_ctx);
+				return ldb_operr(ldb);
+			}
+
+			ret = ldb_dn_set_extended_component(exact->dsdb_dn->dn, "SID", &sid_blob);
+			data_blob_free(&sid_blob);
+			if (ret != LDB_SUCCESS) {
+				talloc_free(tmp_ctx);
+				return ret;
+			}
+
+			fixed_dnstring = dsdb_dn_get_extended_linearized(
+					new_values, exact->dsdb_dn, 1);
+			if (fixed_dnstring == NULL) {
+				talloc_free(tmp_ctx);
+				return ldb_operr(ldb);
+			}
+
+			/*
+			 * We just replace the existing value...
+			 */
+			*exact->v = data_blob_string_const(fixed_dnstring);
+
+			continue;
+		}
+
+		if (exact != NULL) {
+			/*
+			 * We are trying to add one that exists, which is only
+			 * allowed if it was previously deleted.
+			 *
+			 * When we do undelete a link we change it in place.
+			 * It will be copied across into the right spot in due
+			 * course.
+			 */
+			uint32_t rmd_flags;
+			rmd_flags = dsdb_dn_rmd_flags(exact->dsdb_dn->dn);
+
+			if (!(rmd_flags & DSDB_RMD_FLAG_DELETED)) {
+				struct GUID_txt_buf guid_str;
+				ldb_asprintf_errstring(ldb,
+						       "Attribute %s already "
+						       "exists for target GUID %s",
+						       el->name,
+						       GUID_buf_string(&exact->guid,
+								       &guid_str));
+				talloc_free(tmp_ctx);
+				/* error codes for 'member' need to be
+				   special cased */
+				if (ldb_attr_cmp(el->name, "member") == 0) {
+					return LDB_ERR_ENTRY_ALREADY_EXISTS;
+				} else {
+					return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
+				}
+			}
+
+			ret = replmd_update_la_val(new_values, exact->v,
+						   dns[i].dsdb_dn,
+						   exact->dsdb_dn,
+						   &ac->our_invocation_id,
+						   ac->seq_num, ac->seq_num,
+						   now, false);
+			if (ret != LDB_SUCCESS) {
+				talloc_free(tmp_ctx);
+				return ret;
+			}
+
+			ret = replmd_add_backlink(module, replmd_private,
+						  ac->schema,
+						  msg_dn,
+						  &dns[i].guid, 
+						  true,
+						  schema_attr,
+						  parent);
+			if (ret != LDB_SUCCESS) {
+				talloc_free(tmp_ctx);
+				return ret;
+				}
+			continue;
+		}
+		/*
+		 * Here we don't have an exact match.
+		 *
+		 * If next is NULL, this one goes beyond the end of the
+		 * existing list, so we need to add all of those ones first.
+		 *
+		 * If next is not NULL, we need to add all the ones before
+		 * next.
+		 */
+		if (next == NULL) {
+			offset = old_num_values;
+		} else {
+			/* next should have been parsed, but let's make sure */
+			if (next->dsdb_dn == NULL) {
+				ret = really_parse_trusted_dn(tmp_ctx, ldb, next,
+							      schema_attr->syntax->ldap_oid);
+				if (ret != LDB_SUCCESS) {
+					talloc_free(tmp_ctx);
+					return ret;
+				}
+			}
+			offset = MIN(next - old_dns, old_num_values);
+		}
+
+		/* put all the old ones before next on the list */
+		for (; j < offset; j++) {
+			new_values[num_values] = *old_dns[j].v;
+			num_values++;
+		}
+
+		ret = replmd_add_backlink(module, replmd_private,
+					  ac->schema, msg_dn,
+					  &dns[i].guid,
+					  true, schema_attr,
+					  parent);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+		/* Make the new linked attribute ldb_val. */
+		ret = replmd_build_la_val(new_values, &new_values[num_values],
+					  dns[i].dsdb_dn, &ac->our_invocation_id,
+					  ac->seq_num, now);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+		num_values++;
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+	}
+	/* copy the rest of the old ones (if any) */
+	for (; j < old_num_values; j++) {
+		new_values[num_values] = *old_dns[j].v;
+		num_values++;
+	}
+
+	talloc_steal(msg->elements, new_values);
+	if (old_el != NULL) {
+		talloc_steal(msg->elements, old_el->values);
+	}
+	el->values = new_values;
+	el->num_values = num_values;
+
+	talloc_free(tmp_ctx);
+
+	/* we now tell the backend to replace all existing values
+	   with the one we have constructed */
+	el->flags = LDB_FLAG_MOD_REPLACE;
+
+	return LDB_SUCCESS;
+}
+
+
+/*
+  handle deleting all active linked attributes
+ */
+static int replmd_modify_la_delete(struct ldb_module *module,
+				   struct replmd_private *replmd_private,
+				   struct replmd_replicated_request *ac,
+				   struct ldb_message *msg,
+				   struct ldb_message_element *el,
+				   struct ldb_message_element *old_el,
+				   const struct dsdb_attribute *schema_attr,
+				   time_t t,
+				   struct ldb_dn *msg_dn,
+				   struct ldb_request *parent)
+{
+	unsigned int i;
+	struct parsed_dn *dns, *old_dns;
+	TALLOC_CTX *tmp_ctx = NULL;
+	int ret;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct ldb_control *vanish_links_ctrl = NULL;
+	bool vanish_links = false;
+	unsigned int num_to_delete = el->num_values;
+	uint32_t rmd_flags;
+	NTTIME now;
+
+	unix_to_nt_time(&now, t);
+
+	if (old_el == NULL || old_el->num_values == 0) {
+		/* there is nothing to delete... */
+		if (num_to_delete == 0) {
+			/* and we're deleting nothing, so that's OK */
+			return LDB_SUCCESS;
+		}
+		return LDB_ERR_NO_SUCH_ATTRIBUTE;
+	}
+
+	tmp_ctx = talloc_new(msg);
+	if (tmp_ctx == NULL) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	ret = get_parsed_dns(module, tmp_ctx, el, &dns,
+			     schema_attr->syntax->ldap_oid, parent);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	ret = get_parsed_dns_trusted_fallback(module, replmd_private,
+					      tmp_ctx, old_el, &old_dns,
+					      schema_attr->syntax->ldap_oid,
+					      parent);
+
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	vanish_links_ctrl = ldb_request_get_control(parent, DSDB_CONTROL_REPLMD_VANISH_LINKS);
+	if (vanish_links_ctrl) {
+		vanish_links = true;
+		vanish_links_ctrl->critical = false;
+	}
+
+	/* we empty out el->values here to avoid damage if we return early. */
+	el->num_values = 0;
+	el->values = NULL;
+
+	/*
+	 * If vanish links is set, we are actually removing members of
+	 *  old_el->values; otherwise we are just marking them deleted.
+	 *
+	 * There is a special case when no values are given: we remove them
+	 * all. When we have the vanish_links control we just have to remove
+	 * the backlinks and change our element to replace the existing values
+	 * with the empty list.
+	 */
+
+	if (num_to_delete == 0) {
+		for (i = 0; i < old_el->num_values; i++) {
+			struct parsed_dn *p = &old_dns[i];
+			if (p->dsdb_dn == NULL) {
+				ret = really_parse_trusted_dn(tmp_ctx, ldb, p,
+							      schema_attr->syntax->ldap_oid);
+				if (ret != LDB_SUCCESS) {
+					return ret;
+				}
+			}
+			ret = replmd_add_backlink(module, replmd_private,
+						  ac->schema, msg_dn, &p->guid,
+						  false, schema_attr,
+						  parent);
+			if (ret != LDB_SUCCESS) {
+				talloc_free(tmp_ctx);
+				return ret;
+			}
+			if (vanish_links) {
+				continue;
+			}
+
+			rmd_flags = dsdb_dn_rmd_flags(p->dsdb_dn->dn);
+			if (rmd_flags & DSDB_RMD_FLAG_DELETED) {
+				continue;
+			}
+
+			ret = replmd_update_la_val(old_el->values, p->v,
+						   p->dsdb_dn, p->dsdb_dn,
+						   &ac->our_invocation_id,
+						   ac->seq_num, ac->seq_num,
+						   now, true);
+			if (ret != LDB_SUCCESS) {
+				talloc_free(tmp_ctx);
+				return ret;
+			}
+		}
+
+		if (vanish_links) {
+			el->flags = LDB_FLAG_MOD_REPLACE;
+			talloc_free(tmp_ctx);
+			return LDB_SUCCESS;
+		}
+	}
+
+
+	for (i = 0; i < num_to_delete; i++) {
+		struct parsed_dn *p = &dns[i];
+		struct parsed_dn *exact = NULL;
+		struct parsed_dn *next = NULL;
+		ret = parsed_dn_find(ldb, old_dns, old_el->num_values,
+				     &p->guid,
+				     NULL,
+				     p->dsdb_dn->extra_part, 0,
+				     &exact, &next,
+				     schema_attr->syntax->ldap_oid,
+				     true);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+		if (exact == NULL) {
+			struct GUID_txt_buf buf;
+			ldb_asprintf_errstring(ldb, "Attribute %s doesn't "
+					       "exist for target GUID %s",
+					       el->name,
+					       GUID_buf_string(&p->guid, &buf));
+			if (ldb_attr_cmp(el->name, "member") == 0) {
+				talloc_free(tmp_ctx);
+				return LDB_ERR_UNWILLING_TO_PERFORM;
+			} else {
+				talloc_free(tmp_ctx);
+				return LDB_ERR_NO_SUCH_ATTRIBUTE;
+			}
+		}
+
+		if (vanish_links) {
+			if (CHECK_DEBUGLVL(5)) {
+				rmd_flags = dsdb_dn_rmd_flags(exact->dsdb_dn->dn);
+				if ((rmd_flags & DSDB_RMD_FLAG_DELETED)) {
+					struct GUID_txt_buf buf;
+					const char *guid_str = \
+						GUID_buf_string(&p->guid, &buf);
+					DEBUG(5, ("Deleting deleted linked "
+						  "attribute %s to %s, because "
+						  "vanish_links control is set\n",
+						  el->name, guid_str));
+				}
+			}
+
+			/* remove the backlink */
+			ret = replmd_add_backlink(module,
+						  replmd_private,
+						  ac->schema,
+						  msg_dn,
+						  &p->guid,
+						  false, schema_attr,
+						  parent);
+			if (ret != LDB_SUCCESS) {
+				talloc_free(tmp_ctx);
+				return ret;
+			}
+
+			/* We flag the deletion and tidy it up later. */
+			exact->v = NULL;
+			continue;
+		}
+
+		rmd_flags = dsdb_dn_rmd_flags(exact->dsdb_dn->dn);
+
+		if (rmd_flags & DSDB_RMD_FLAG_DELETED) {
+			struct GUID_txt_buf buf;
+			const char *guid_str = GUID_buf_string(&p->guid, &buf);
+			ldb_asprintf_errstring(ldb, "Attribute %s already "
+					       "deleted for target GUID %s",
+					       el->name, guid_str);
+			if (ldb_attr_cmp(el->name, "member") == 0) {
+				talloc_free(tmp_ctx);
+				return LDB_ERR_UNWILLING_TO_PERFORM;
+			} else {
+				talloc_free(tmp_ctx);
+				return LDB_ERR_NO_SUCH_ATTRIBUTE;
+			}
+		}
+
+		ret = replmd_update_la_val(old_el->values, exact->v,
+					   exact->dsdb_dn, exact->dsdb_dn,
+					   &ac->our_invocation_id,
+					   ac->seq_num, ac->seq_num,
+					   now, true);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+		ret = replmd_add_backlink(module, replmd_private,
+					  ac->schema, msg_dn,
+					  &p->guid,
+					  false, schema_attr,
+					  parent);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+	}
+
+	if (vanish_links) {
+		unsigned j = 0;
+		struct ldb_val *tmp_vals = NULL;
+
+		tmp_vals = talloc_array(tmp_ctx, struct ldb_val,
+					old_el->num_values);
+		if (tmp_vals == NULL) {
+			talloc_free(tmp_ctx);
+			return ldb_module_oom(module);
+		}
+		for (i = 0; i < old_el->num_values; i++) {
+			if (old_dns[i].v == NULL) {
+				continue;
+			}
+			tmp_vals[j] = *old_dns[i].v;
+			j++;
+		}
+		for (i = 0; i < j; i++) {
+			old_el->values[i] = tmp_vals[i];
+		}
+		old_el->num_values = j;
+	}
+
+	el->values = talloc_steal(msg->elements, old_el->values);
+	el->num_values = old_el->num_values;
+
+	talloc_free(tmp_ctx);
+
+	/* we now tell the backend to replace all existing values
+	   with the one we have constructed */
+	el->flags = LDB_FLAG_MOD_REPLACE;
+
+	return LDB_SUCCESS;
+}
+
+/*
+  handle replacing a linked attribute
+ */
+static int replmd_modify_la_replace(struct ldb_module *module,
+				    struct replmd_private *replmd_private,
+				    struct replmd_replicated_request *ac,
+				    struct ldb_message *msg,
+				    struct ldb_message_element *el,
+				    struct ldb_message_element *old_el,
+				    const struct dsdb_attribute *schema_attr,
+				    time_t t,
+				    struct ldb_dn *msg_dn,
+				    struct ldb_request *parent)
+{
+	unsigned int i, old_i, new_i;
+	struct parsed_dn *dns, *old_dns;
+	TALLOC_CTX *tmp_ctx = talloc_new(msg);
+	int ret;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct ldb_val *new_values = NULL;
+	const char *ldap_oid = schema_attr->syntax->ldap_oid;
+	unsigned int old_num_values;
+	unsigned int repl_num_values;
+	unsigned int max_num_values;
+	NTTIME now;
+
+	unix_to_nt_time(&now, t);
+
+	/*
+	 * The replace operation is unlike the replace and delete cases in that
+	 * we need to look at every existing link to see whether it is being
+	 * retained or deleted. In other words, we can't avoid parsing the GUIDs.
+	 *
+	 * As we are trying to combine two sorted lists, the algorithm we use
+	 * is akin to the merge phase of a merge sort. We interleave the two
+	 * lists, doing different things depending on which side the current
+	 * item came from.
+	 *
+	 * There are three main cases, with some sub-cases.
+	 *
+	 *  - a DN is in the old list but not the new one. It needs to be
+	 *    marked as deleted (but left in the list).
+	 *     - maybe it is already deleted, and we have less to do.
+	 *
+	 *  - a DN is in both lists. The old data gets replaced by the new,
+	 *    and the list doesn't grow. The old link may have been marked as
+	 *    deleted, in which case we undelete it.
+	 *
+	 *  - a DN is in the new list only. We add it in the right place.
+	 */
+
+	old_num_values = old_el ? old_el->num_values : 0;
+	repl_num_values = el->num_values;
+	max_num_values = old_num_values + repl_num_values;
+
+	if (max_num_values == 0) {
+		/* There is nothing to do! */
+		return LDB_SUCCESS;
+	}
+
+	/*
+	 * At the successful end of these functions el->values is
+	 * overwritten with new_values.  However get_parsed_dns()
+	 * points p->v at the supplied el and it effectively gets used
+	 * as a working area by replmd_build_la_val().  So we must
+	 * duplicate it because our caller only called
+	 * ldb_msg_copy_shallow().
+	 */
+
+	el->values = talloc_memdup(tmp_ctx,
+				   el->values,
+				   sizeof(el->values[0]) * el->num_values);
+	if (el->values == NULL) {
+		ldb_module_oom(module);
+		talloc_free(tmp_ctx);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	ret = get_parsed_dns(module, tmp_ctx, el, &dns, ldap_oid, parent);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	ret = check_parsed_dn_duplicates(module, el, dns);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	ret = get_parsed_dns(module, tmp_ctx, old_el, &old_dns,
+			     ldap_oid, parent);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	ret = replmd_check_upgrade_links(ldb, old_dns, old_num_values,
+					 old_el, ldap_oid);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	new_values = talloc_array(tmp_ctx, struct ldb_val, max_num_values);
+	if (new_values == NULL) {
+		ldb_module_oom(module);
+		talloc_free(tmp_ctx);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	old_i = 0;
+	new_i = 0;
+	for (i = 0; i < max_num_values; i++) {
+		int cmp;
+		struct parsed_dn *old_p, *new_p;
+		if (old_i < old_num_values && new_i < repl_num_values) {
+			old_p = &old_dns[old_i];
+			new_p = &dns[new_i];
+			cmp = parsed_dn_compare(old_p, new_p);
+		} else if (old_i < old_num_values) {
+			/* the new list is empty, read the old list */
+			old_p = &old_dns[old_i];
+			new_p = NULL;
+			cmp = -1;
+		} else if (new_i < repl_num_values) {
+			/* the old list is empty, read new list */
+			old_p = NULL;
+			new_p = &dns[new_i];
+			cmp = 1;
+		} else {
+			break;
+		}
+
+		if (cmp < 0) {
+			/*
+			 * An old ones that come before the next replacement
+			 * (if any). We mark it as deleted and add it to the
+			 * final list.
+			 */
+			uint32_t rmd_flags = dsdb_dn_rmd_flags(old_p->dsdb_dn->dn);
+			if ((rmd_flags & DSDB_RMD_FLAG_DELETED) == 0) {
+				ret = replmd_update_la_val(new_values, old_p->v,
+							   old_p->dsdb_dn,
+							   old_p->dsdb_dn,
+							   &ac->our_invocation_id,
+							   ac->seq_num, ac->seq_num,
+							   now, true);
+				if (ret != LDB_SUCCESS) {
+					talloc_free(tmp_ctx);
+					return ret;
+				}
+
+				ret = replmd_add_backlink(module, replmd_private,
+							  ac->schema,
+							  msg_dn,
+							  &old_p->guid, false,
+							  schema_attr,
+							  parent);
+				if (ret != LDB_SUCCESS) {
+					talloc_free(tmp_ctx);
+					return ret;
+				}
+			}
+			new_values[i] = *old_p->v;
+			old_i++;
+		} else if (cmp == 0) {
+			/*
+			 * We are overwriting one. If it was previously
+			 * deleted, we need to add a backlink.
+			 *
+			 * Note that if any RMD_FLAGs in an extended new DN
+			 * will be ignored.
+			 */
+			uint32_t rmd_flags;
+
+			ret = replmd_update_la_val(new_values, old_p->v,
+						   new_p->dsdb_dn,
+						   old_p->dsdb_dn,
+						   &ac->our_invocation_id,
+						   ac->seq_num, ac->seq_num,
+						   now, false);
+			if (ret != LDB_SUCCESS) {
+				talloc_free(tmp_ctx);
+				return ret;
+			}
+
+			rmd_flags = dsdb_dn_rmd_flags(old_p->dsdb_dn->dn);
+			if ((rmd_flags & DSDB_RMD_FLAG_DELETED) != 0) {
+				ret = replmd_add_backlink(module, replmd_private,
+							  ac->schema,
+							  msg_dn,
+							  &new_p->guid, true,
+							  schema_attr,
+							  parent);
+				if (ret != LDB_SUCCESS) {
+					talloc_free(tmp_ctx);
+					return ret;
+				}
+			}
+
+			new_values[i] = *old_p->v;
+			old_i++;
+			new_i++;
+		} else {
+			/*
+			 * Replacements that don't match an existing one. We
+			 * just add them to the final list.
+			 */
+			ret = replmd_build_la_val(new_values,
+						  new_p->v,
+						  new_p->dsdb_dn,
+						  &ac->our_invocation_id,
+						  ac->seq_num, now);
+			if (ret != LDB_SUCCESS) {
+				talloc_free(tmp_ctx);
+				return ret;
+			}
+			ret = replmd_add_backlink(module, replmd_private,
+						  ac->schema,
+						  msg_dn,
+						  &new_p->guid, true,
+						  schema_attr,
+						  parent);
+			if (ret != LDB_SUCCESS) {
+				talloc_free(tmp_ctx);
+				return ret;
+			}
+			new_values[i] = *new_p->v;
+			new_i++;
+		}
+	}
+	if (old_el != NULL) {
+		talloc_steal(msg->elements, old_el->values);
+	}
+	el->values = talloc_steal(msg->elements, new_values);
+	el->num_values = i;
+	talloc_free(tmp_ctx);
+
+	el->flags = LDB_FLAG_MOD_REPLACE;
+
+	return LDB_SUCCESS;
+}
+
+
+/*
+  handle linked attributes in modify requests
+ */
+static int replmd_modify_handle_linked_attribs(struct ldb_module *module,
+					       struct replmd_private *replmd_private,
+					       struct replmd_replicated_request *ac,
+					       struct ldb_message *msg,
+					       time_t t,
+					       struct ldb_request *parent)
+{
+	struct ldb_result *res;
+	unsigned int i;
+	int ret;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct ldb_message *old_msg;
+
+	if (dsdb_functional_level(ldb) == DS_DOMAIN_FUNCTION_2000) {
+		/*
+		 * Nothing special is required for modifying or vanishing links
+		 * in fl2000 since they are just strings in a multi-valued
+		 * attribute.
+		 */
+		struct ldb_control *ctrl = ldb_request_get_control(parent,
+								   DSDB_CONTROL_REPLMD_VANISH_LINKS);
+		if (ctrl) {
+			ctrl->critical = false;
+		}
+		return LDB_SUCCESS;
+	}
+
+	/*
+	 * TODO:
+	 *
+	 * We should restrict this to the intersection of the list of
+	 * linked attributes in the schema and the list of attributes
+	 * being modified.
+	 *
+	 * This will help performance a little, as otherwise we have
+	 * to allocate the entire object value-by-value.
+	 */
+	ret = dsdb_module_search_dn(module, msg, &res, msg->dn, NULL,
+	                            DSDB_FLAG_NEXT_MODULE |
+	                            DSDB_SEARCH_SHOW_RECYCLED |
+				    DSDB_SEARCH_REVEAL_INTERNALS |
+				    DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT,
+				    parent);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	old_msg = res->msgs[0];
+
+	for (i=0; i<msg->num_elements; i++) {
+		struct ldb_message_element *el = &msg->elements[i];
+		struct ldb_message_element *old_el, *new_el;
+		unsigned int mod_type = LDB_FLAG_MOD_TYPE(el->flags);
+		const struct dsdb_attribute *schema_attr
+			= dsdb_attribute_by_lDAPDisplayName(ac->schema, el->name);
+		if (!schema_attr) {
+			ldb_asprintf_errstring(ldb,
+					       "%s: attribute %s is not a valid attribute in schema",
+					       __FUNCTION__, el->name);
+			return LDB_ERR_OBJECT_CLASS_VIOLATION;
+		}
+		if (schema_attr->linkID == 0) {
+			continue;
+		}
+		if ((schema_attr->linkID & 1) == 1) {
+			struct ldb_control *ctrl;
+
+			ctrl = ldb_request_get_control(parent,
+						       DSDB_CONTROL_REPLMD_VANISH_LINKS);
+			if (ctrl != NULL) {
+				ctrl->critical = false;
+				continue;
+			}
+			ctrl = ldb_request_get_control(parent,
+						       DSDB_CONTROL_DBCHECK);
+			if (ctrl != NULL) {
+				continue;
+			}
+
+			/* Odd is for the target.  Illegal to modify */
+			ldb_asprintf_errstring(ldb,
+					       "attribute %s must not be modified directly, it is a linked attribute", el->name);
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+		old_el = ldb_msg_find_element(old_msg, el->name);
+		switch (mod_type) {
+		case LDB_FLAG_MOD_REPLACE:
+			ret = replmd_modify_la_replace(module, replmd_private,
+						       ac, msg, el, old_el,
+						       schema_attr, t,
+						       old_msg->dn,
+						       parent);
+			break;
+		case LDB_FLAG_MOD_DELETE:
+			ret = replmd_modify_la_delete(module, replmd_private,
+						      ac, msg, el, old_el,
+						      schema_attr, t,
+						      old_msg->dn,
+						      parent);
+			break;
+		case LDB_FLAG_MOD_ADD:
+			ret = replmd_modify_la_add(module, replmd_private,
+						   ac, msg, el, old_el,
+						   schema_attr, t,
+						   old_msg->dn,
+						   parent);
+			break;
+		default:
+			ldb_asprintf_errstring(ldb,
+					       "invalid flags 0x%x for %s linked attribute",
+					       el->flags, el->name);
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+		ret = dsdb_check_single_valued_link(schema_attr, el);
+		if (ret != LDB_SUCCESS) {
+			ldb_asprintf_errstring(ldb,
+					       "Attribute %s is single valued but more than one value has been supplied",
+					       el->name);
+			/* Return codes as found on Windows 2012r2 */
+			if (mod_type == LDB_FLAG_MOD_REPLACE) {
+				return LDB_ERR_CONSTRAINT_VIOLATION;
+			} else {
+				return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
+			}
+		} else {
+			el->flags |= LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK;
+		}
+
+		if (old_el) {
+			ldb_msg_remove_attr(old_msg, el->name);
+		}
+		ret = ldb_msg_add_empty(old_msg, el->name, 0, &new_el);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+		new_el->num_values = el->num_values;
+		new_el->values = talloc_steal(msg->elements, el->values);
+
+		/* TODO: this relies a bit too heavily on the exact
+		   behaviour of ldb_msg_find_element and
+		   ldb_msg_remove_element */
+		old_el = ldb_msg_find_element(msg, el->name);
+		if (old_el != el) {
+			ldb_msg_remove_element(msg, old_el);
+			i--;
+		}
+	}
+
+	talloc_free(res);
+	return ret;
+}
+
+
+static int send_rodc_referral(struct ldb_request *req,
+			      struct ldb_context *ldb,
+			      struct ldb_dn *dn)
+{
+	char *referral = NULL;
+	struct loadparm_context *lp_ctx = NULL;
+	struct ldb_dn *fsmo_role_dn = NULL;
+	struct ldb_dn *role_owner_dn = NULL;
+	const char *domain = NULL;
+	WERROR werr;
+
+	lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"),
+				 struct loadparm_context);
+
+	werr = dsdb_get_fsmo_role_info(req, ldb, DREPL_PDC_MASTER,
+				       &fsmo_role_dn, &role_owner_dn);
+
+	if (W_ERROR_IS_OK(werr)) {
+		struct ldb_dn *server_dn = ldb_dn_copy(req, role_owner_dn);
+		if (server_dn != NULL) {
+			ldb_dn_remove_child_components(server_dn, 1);
+			domain = samdb_dn_to_dnshostname(ldb, req,
+							 server_dn);
+		}
+	}
+
+	if (domain == NULL) {
+		domain = lpcfg_dnsdomain(lp_ctx);
+	}
+
+	referral = talloc_asprintf(req, "ldap://%s/%s",
+				   domain,
+				   ldb_dn_get_linearized(dn));
+	if (referral == NULL) {
+		ldb_oom(ldb);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	return ldb_module_send_referral(req, referral);
+}
+
+
+static int replmd_modify(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct replmd_replicated_request *ac;
+	struct ldb_request *down_req;
+	struct ldb_message *msg;
+	time_t t = time(NULL);
+	int ret;
+	bool is_urgent = false, rodc = false;
+	bool is_schema_nc = false;
+	unsigned int functional_level;
+	const struct ldb_message_element *guid_el = NULL;
+	struct ldb_control *sd_propagation_control;
+	struct ldb_control *fix_links_control = NULL;
+	struct ldb_control *fix_dn_name_control = NULL;
+	struct ldb_control *fix_dn_sid_control = NULL;
+	struct replmd_private *replmd_private =
+		talloc_get_type(ldb_module_get_private(module), struct replmd_private);
+
+	/* do not manipulate our control entries */
+	if (ldb_dn_is_special(req->op.mod.message->dn)) {
+		return ldb_next_request(module, req);
+	}
+
+	sd_propagation_control = ldb_request_get_control(req,
+					DSDB_CONTROL_SEC_DESC_PROPAGATION_OID);
+	if (sd_propagation_control != NULL) {
+		if (req->op.mod.message->num_elements != 1) {
+			return ldb_module_operr(module);
+		}
+		ret = strcmp(req->op.mod.message->elements[0].name,
+			     "nTSecurityDescriptor");
+		if (ret != 0) {
+			return ldb_module_operr(module);
+		}
+
+		return ldb_next_request(module, req);
+	}
+
+	ldb = ldb_module_get_ctx(module);
+
+	fix_links_control = ldb_request_get_control(req,
+					DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS);
+	if (fix_links_control != NULL) {
+		struct dsdb_schema *schema = NULL;
+		const struct dsdb_attribute *sa = NULL;
+
+		if (req->op.mod.message->num_elements != 1) {
+			return ldb_module_operr(module);
+		}
+
+		if (LDB_FLAG_MOD_TYPE(req->op.mod.message->elements[0].flags) != LDB_FLAG_MOD_REPLACE) {
+			return ldb_module_operr(module);
+		}
+
+		schema = dsdb_get_schema(ldb, req);
+		if (schema == NULL) {
+			return ldb_module_operr(module);
+		}
+
+		sa = dsdb_attribute_by_lDAPDisplayName(schema,
+				req->op.mod.message->elements[0].name);
+		if (sa == NULL) {
+			return ldb_module_operr(module);
+		}
+
+		if (sa->linkID == 0) {
+			return ldb_module_operr(module);
+		}
+
+		fix_links_control->critical = false;
+		return ldb_next_request(module, req);
+	}
+
+	fix_dn_name_control = ldb_request_get_control(req,
+					DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME);
+	if (fix_dn_name_control != NULL) {
+		struct dsdb_schema *schema = NULL;
+		const struct dsdb_attribute *sa = NULL;
+
+		if (req->op.mod.message->num_elements != 2) {
+			return ldb_module_operr(module);
+		}
+
+		if (LDB_FLAG_MOD_TYPE(req->op.mod.message->elements[0].flags) != LDB_FLAG_MOD_DELETE) {
+			return ldb_module_operr(module);
+		}
+
+		if (LDB_FLAG_MOD_TYPE(req->op.mod.message->elements[1].flags) != LDB_FLAG_MOD_ADD) {
+			return ldb_module_operr(module);
+		}
+
+		if (req->op.mod.message->elements[0].num_values != 1) {
+			return ldb_module_operr(module);
+		}
+
+		if (req->op.mod.message->elements[1].num_values != 1) {
+			return ldb_module_operr(module);
+		}
+
+		schema = dsdb_get_schema(ldb, req);
+		if (schema == NULL) {
+			return ldb_module_operr(module);
+		}
+
+		if (ldb_attr_cmp(req->op.mod.message->elements[0].name,
+				 req->op.mod.message->elements[1].name) != 0) {
+			return ldb_module_operr(module);
+		}
+
+		sa = dsdb_attribute_by_lDAPDisplayName(schema,
+				req->op.mod.message->elements[0].name);
+		if (sa == NULL) {
+			return ldb_module_operr(module);
+		}
+
+		if (sa->dn_format == DSDB_INVALID_DN) {
+			return ldb_module_operr(module);
+		}
+
+		if (sa->linkID != 0) {
+			return ldb_module_operr(module);
+		}
+
+		/*
+		 * If we are run from dbcheck and we are not updating
+		 * a link (as these would need to be sorted and so
+		 * can't go via such a simple update, then do not
+		 * trigger replicated updates and a new USN from this
+		 * change, it wasn't a real change, just a new
+		 * (correct) string DN
+		 */
+
+		fix_dn_name_control->critical = false;
+		return ldb_next_request(module, req);
+	}
+
+	ldb_debug(ldb, LDB_DEBUG_TRACE, "replmd_modify\n");
+
+	guid_el = ldb_msg_find_element(req->op.mod.message, "objectGUID");
+	if (guid_el != NULL) {
+		ldb_set_errstring(ldb,
+				  "replmd_modify: it's not allowed to change the objectGUID!");
+		return LDB_ERR_CONSTRAINT_VIOLATION;
+	}
+
+	ac = replmd_ctx_init(module, req);
+	if (ac == NULL) {
+		return ldb_module_oom(module);
+	}
+
+	functional_level = dsdb_functional_level(ldb);
+
+	/* we have to copy the message as the caller might have it as a const */
+	msg = ldb_msg_copy_shallow(ac, req->op.mod.message);
+	if (msg == NULL) {
+		ldb_oom(ldb);
+		talloc_free(ac);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	fix_dn_sid_control = ldb_request_get_control(req,
+					DSDB_CONTROL_DBCHECK_FIX_LINK_DN_SID);
+	if (fix_dn_sid_control != NULL) {
+		const struct dsdb_attribute *sa = NULL;
+
+		if (msg->num_elements != 1) {
+			talloc_free(ac);
+			return ldb_module_operr(module);
+		}
+
+		if (LDB_FLAG_MOD_TYPE(msg->elements[0].flags) != LDB_FLAG_MOD_ADD) {
+			talloc_free(ac);
+			return ldb_module_operr(module);
+		}
+
+		if (msg->elements[0].num_values != 1) {
+			talloc_free(ac);
+			return ldb_module_operr(module);
+		}
+
+		sa = dsdb_attribute_by_lDAPDisplayName(ac->schema,
+				msg->elements[0].name);
+		if (sa == NULL) {
+			talloc_free(ac);
+			return ldb_module_operr(module);
+		}
+
+		if (sa->dn_format != DSDB_NORMAL_DN) {
+			talloc_free(ac);
+			return ldb_module_operr(module);
+		}
+
+		fix_dn_sid_control->critical = false;
+		ac->fix_link_sid = true;
+
+		goto handle_linked_attribs;
+	}
+
+	ldb_msg_remove_attr(msg, "whenChanged");
+	ldb_msg_remove_attr(msg, "uSNChanged");
+
+	is_schema_nc = ldb_dn_compare_base(replmd_private->schema_dn, msg->dn) == 0;
+
+	ret = replmd_update_rpmd(module, ac->schema, req, NULL,
+				 msg, &ac->seq_num, t, is_schema_nc,
+				 &is_urgent, &rodc);
+	if (rodc && (ret == LDB_ERR_REFERRAL)) {
+		ret = send_rodc_referral(req, ldb, msg->dn);
+		talloc_free(ac);
+		return ret;
+
+	}
+
+	if (ret != LDB_SUCCESS) {
+		talloc_free(ac);
+		return ret;
+	}
+
+ handle_linked_attribs:
+	ret = replmd_modify_handle_linked_attribs(module, replmd_private,
+						  ac, msg, t, req);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(ac);
+		return ret;
+	}
+
+	/* TODO:
+	 * - replace the old object with the newly constructed one
+	 */
+
+	ac->is_urgent = is_urgent;
+
+	ret = ldb_build_mod_req(&down_req, ldb, ac,
+				msg,
+				req->controls,
+				ac, replmd_op_callback,
+				req);
+	LDB_REQ_SET_LOCATION(down_req);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(ac);
+		return ret;
+	}
+
+	/* current partition control is needed by "replmd_op_callback" */
+	if (ldb_request_get_control(req, DSDB_CONTROL_CURRENT_PARTITION_OID) == NULL) {
+		ret = ldb_request_add_control(down_req,
+					      DSDB_CONTROL_CURRENT_PARTITION_OID,
+					      false, NULL);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(ac);
+			return ret;
+		}
+	}
+
+	/* If we are in functional level 2000, then
+	 * replmd_modify_handle_linked_attribs will have done
+	 * nothing */
+	if (functional_level == DS_DOMAIN_FUNCTION_2000) {
+		ret = ldb_request_add_control(down_req, DSDB_CONTROL_APPLY_LINKS, false, NULL);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(ac);
+			return ret;
+		}
+	}
+
+	talloc_steal(down_req, msg);
+
+	/* we only change whenChanged and uSNChanged if the seq_num
+	   has changed */
+	if (ac->seq_num != 0) {
+		ret = add_time_element(msg, "whenChanged", t);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(ac);
+			ldb_operr(ldb);
+			return ret;
+		}
+
+		ret = add_uint64_element(ldb, msg, "uSNChanged", ac->seq_num);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(ac);
+			ldb_operr(ldb);
+			return ret;
+		}
+	}
+
+	/* go on with the call chain */
+	return ldb_next_request(module, down_req);
+}
+
+static int replmd_rename_callback(struct ldb_request *req, struct ldb_reply *ares);
+
+/*
+  handle a rename request
+
+  On a rename we need to do an extra ldb_modify which sets the
+  whenChanged and uSNChanged attributes.  We do this in a callback after the success.
+ */
+static int replmd_rename(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct ldb_control *fix_dn_name_control = NULL;
+	struct replmd_replicated_request *ac;
+	int ret;
+	struct ldb_request *down_req;
+
+	/* do not manipulate our control entries */
+	if (ldb_dn_is_special(req->op.rename.olddn)) {
+		return ldb_next_request(module, req);
+	}
+
+	fix_dn_name_control = ldb_request_get_control(req,
+					DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME);
+	if (fix_dn_name_control != NULL) {
+		return ldb_next_request(module, req);
+	}
+
+	ldb = ldb_module_get_ctx(module);
+
+	ldb_debug(ldb, LDB_DEBUG_TRACE, "replmd_rename\n");
+
+	ac = replmd_ctx_init(module, req);
+	if (ac == NULL) {
+		return ldb_module_oom(module);
+	}
+
+	ret = ldb_build_rename_req(&down_req, ldb, ac,
+				   ac->req->op.rename.olddn,
+				   ac->req->op.rename.newdn,
+				   ac->req->controls,
+				   ac, replmd_rename_callback,
+				   ac->req);
+	LDB_REQ_SET_LOCATION(down_req);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(ac);
+		return ret;
+	}
+
+	/* go on with the call chain */
+	return ldb_next_request(module, down_req);
+}
+
+/* After the rename is completed, update the whenchanged etc */
+static int replmd_rename_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	struct ldb_context *ldb;
+	struct ldb_request *down_req;
+	struct ldb_message *msg;
+	const struct dsdb_attribute *rdn_attr;
+	const char *rdn_name;
+	const struct ldb_val *rdn_val;
+	const char *attrs[5] = { NULL, };
+	time_t t = time(NULL);
+	int ret;
+	bool is_urgent = false, rodc = false;
+	bool is_schema_nc;
+	struct replmd_replicated_request *ac =
+		talloc_get_type(req->context, struct replmd_replicated_request);
+	struct replmd_private *replmd_private =
+		talloc_get_type(ldb_module_get_private(ac->module),
+				struct replmd_private);
+
+	ldb = ldb_module_get_ctx(ac->module);
+
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	if (ares->type != LDB_REPLY_DONE) {
+		ldb_set_errstring(ldb,
+			"invalid reply type in repl_meta_data rename callback");
+		talloc_free(ares);
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+
+	/* TODO:
+	 * - replace the old object with the newly constructed one
+	 */
+
+	msg = ldb_msg_new(ac);
+	if (msg == NULL) {
+		ldb_oom(ldb);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	msg->dn = ac->req->op.rename.newdn;
+
+	is_schema_nc = ldb_dn_compare_base(replmd_private->schema_dn, msg->dn) == 0;
+
+	rdn_name = ldb_dn_get_rdn_name(msg->dn);
+	if (rdn_name == NULL) {
+		talloc_free(ares);
+		return ldb_module_done(ac->req, NULL, NULL,
+				       ldb_operr(ldb));
+	}
+
+	/* normalize the rdn attribute name */
+	rdn_attr = dsdb_attribute_by_lDAPDisplayName(ac->schema, rdn_name);
+	if (rdn_attr == NULL) {
+		talloc_free(ares);
+		return ldb_module_done(ac->req, NULL, NULL,
+				       ldb_operr(ldb));
+	}
+	rdn_name = rdn_attr->lDAPDisplayName;
+
+	rdn_val = ldb_dn_get_rdn_val(msg->dn);
+	if (rdn_val == NULL) {
+		talloc_free(ares);
+		return ldb_module_done(ac->req, NULL, NULL,
+				       ldb_operr(ldb));
+	}
+
+	if (ldb_msg_append_value(msg, rdn_name, rdn_val, LDB_FLAG_MOD_REPLACE) != 0) {
+		talloc_free(ares);
+		return ldb_module_done(ac->req, NULL, NULL,
+				       ldb_oom(ldb));
+	}
+	if (ldb_msg_append_value(msg, "name", rdn_val, LDB_FLAG_MOD_REPLACE) != 0) {
+		talloc_free(ares);
+		return ldb_module_done(ac->req, NULL, NULL,
+				       ldb_oom(ldb));
+	}
+
+	/*
+	 * here we let replmd_update_rpmd() only search for
+	 * the existing "replPropertyMetaData" and rdn_name attributes.
+	 *
+	 * We do not want the existing "name" attribute as
+	 * the "name" attribute needs to get the version
+	 * updated on rename even if the rdn value hasn't changed.
+	 *
+	 * This is the diff of the meta data, for a moved user
+	 * on a w2k8r2 server:
+	 *
+	 * # record 1
+	 * -dn: CN=sdf df,CN=Users,DC=bla,DC=base
+	 * +dn: CN=sdf df,OU=TestOU,DC=bla,DC=base
+	 *  replPropertyMetaData:     NDR: struct replPropertyMetaDataBlob
+	 *         version                  : 0x00000001 (1)
+	 *         reserved                 : 0x00000000 (0)
+	 * @@ -66,11 +66,11 @@ replPropertyMetaData:     NDR: struct re
+	 *                      local_usn                : 0x00000000000037a5 (14245)
+	 *                 array: struct replPropertyMetaData1
+	 *                      attid                    : DRSUAPI_ATTID_name (0x90001)
+	 * -                    version                  : 0x00000001 (1)
+	 * -                    originating_change_time  : Wed Feb  9 17:20:49 2011 CET
+	 * +                    version                  : 0x00000002 (2)
+	 * +                    originating_change_time  : Wed Apr  6 15:21:01 2011 CEST
+	 *                      originating_invocation_id: 0d36ca05-5507-4e62-aca3-354bab0d39e1
+	 * -                    originating_usn          : 0x00000000000037a5 (14245)
+	 * -                    local_usn                : 0x00000000000037a5 (14245)
+	 * +                    originating_usn          : 0x0000000000003834 (14388)
+	 * +                    local_usn                : 0x0000000000003834 (14388)
+	 *                 array: struct replPropertyMetaData1
+	 *                      attid                    : DRSUAPI_ATTID_userAccountControl (0x90008)
+	 *                      version                  : 0x00000004 (4)
+	 */
+	attrs[0] = "replPropertyMetaData";
+	attrs[1] = "objectClass";
+	attrs[2] = "instanceType";
+	attrs[3] = rdn_name;
+	attrs[4] = NULL;
+
+	ret = replmd_update_rpmd(ac->module, ac->schema, req, attrs,
+				 msg, &ac->seq_num, t,
+				 is_schema_nc, &is_urgent, &rodc);
+	if (rodc && (ret == LDB_ERR_REFERRAL)) {
+		ret = send_rodc_referral(req, ldb, ac->req->op.rename.olddn);
+		talloc_free(ares);
+		return ldb_module_done(req, NULL, NULL, ret);
+	}
+
+	if (ret != LDB_SUCCESS) {
+		talloc_free(ares);
+		return ldb_module_done(ac->req, NULL, NULL, ret);
+	}
+
+	if (ac->seq_num == 0) {
+		talloc_free(ares);
+		return ldb_module_done(ac->req, NULL, NULL,
+				       ldb_error(ldb, ret,
+					"internal error seq_num == 0"));
+	}
+	ac->is_urgent = is_urgent;
+
+	ret = ldb_build_mod_req(&down_req, ldb, ac,
+				msg,
+				req->controls,
+				ac, replmd_op_callback,
+				req);
+	LDB_REQ_SET_LOCATION(down_req);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(ac);
+		return ret;
+	}
+
+	/* current partition control is needed by "replmd_op_callback" */
+	if (ldb_request_get_control(req, DSDB_CONTROL_CURRENT_PARTITION_OID) == NULL) {
+		ret = ldb_request_add_control(down_req,
+					      DSDB_CONTROL_CURRENT_PARTITION_OID,
+					      false, NULL);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(ac);
+			return ret;
+		}
+	}
+
+	talloc_steal(down_req, msg);
+
+	ret = add_time_element(msg, "whenChanged", t);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(ac);
+		ldb_operr(ldb);
+		return ret;
+	}
+
+	ret = add_uint64_element(ldb, msg, "uSNChanged", ac->seq_num);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(ac);
+		ldb_operr(ldb);
+		return ret;
+	}
+
+	/* go on with the call chain - do the modify after the rename */
+	return ldb_next_request(ac->module, down_req);
+}
+
+/*
+ * remove links from objects that point at this object when an object
+ * is deleted.  We remove it from the NEXT module per MS-DRSR 5.160
+ * RemoveObj which states that link removal due to the object being
+ * deleted is NOT an originating update - they just go away!
+ *
+ */
+static int replmd_delete_remove_link(struct ldb_module *module,
+				     const struct dsdb_schema *schema,
+				     struct replmd_private *replmd_private,
+				     struct ldb_dn *dn,
+				     struct GUID *guid,
+				     struct ldb_message_element *el,
+				     const struct dsdb_attribute *sa,
+				     struct ldb_request *parent,
+				     bool *caller_should_vanish)
+{
+	unsigned int i;
+	TALLOC_CTX *tmp_ctx = talloc_new(module);
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+
+	for (i=0; i<el->num_values; i++) {
+		struct dsdb_dn *dsdb_dn;
+		int ret;
+		struct ldb_message *msg;
+		const struct dsdb_attribute *target_attr;
+		struct ldb_message_element *el2;
+		const char *dn_str;
+		struct ldb_val dn_val;
+		uint32_t dsdb_flags = 0;
+		const char *attrs[] = { NULL, NULL };
+		struct ldb_result *link_res;
+		struct ldb_message *link_msg;
+		struct ldb_message_element *link_el;
+		struct parsed_dn *link_dns;
+		struct parsed_dn *p = NULL, *unused = NULL;
+
+		if (dsdb_dn_is_deleted_val(&el->values[i])) {
+			continue;
+		}
+
+		dsdb_dn = dsdb_dn_parse(tmp_ctx, ldb, &el->values[i], sa->syntax->ldap_oid);
+		if (!dsdb_dn) {
+			talloc_free(tmp_ctx);
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+
+		/* remove the link */
+		msg = ldb_msg_new(tmp_ctx);
+		if (!msg) {
+			ldb_module_oom(module);
+			talloc_free(tmp_ctx);
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+
+		msg->dn = dsdb_dn->dn;
+
+		target_attr = dsdb_attribute_by_linkID(schema, sa->linkID ^ 1);
+		if (target_attr == NULL) {
+			continue;
+		}
+		attrs[0] = target_attr->lDAPDisplayName;
+
+		ret = ldb_msg_add_empty(msg, target_attr->lDAPDisplayName,
+					LDB_FLAG_MOD_DELETE, &el2);
+		if (ret != LDB_SUCCESS) {
+			ldb_module_oom(module);
+			talloc_free(tmp_ctx);
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+
+		ret = dsdb_module_search_dn(module, tmp_ctx, &link_res,
+					    msg->dn, attrs,
+					    DSDB_FLAG_NEXT_MODULE |
+					    DSDB_SEARCH_SHOW_EXTENDED_DN |
+					    DSDB_SEARCH_SHOW_RECYCLED,
+					    parent);
+
+		if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+			DBG_WARNING("Failed to find forward link object %s "
+				    "to remove backlink %s on %s\n",
+				    ldb_dn_get_linearized(msg->dn),
+				    sa->lDAPDisplayName,
+				    ldb_dn_get_linearized(dn));
+			*caller_should_vanish = true;
+			continue;
+		}
+
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+
+		link_msg = link_res->msgs[0];
+		link_el = ldb_msg_find_element(link_msg,
+					       target_attr->lDAPDisplayName);
+		if (link_el == NULL) {
+			DBG_WARNING("Failed to find forward link on %s "
+				    "as %s to remove backlink %s on %s\n",
+				    ldb_dn_get_linearized(msg->dn),
+				    target_attr->lDAPDisplayName,
+				    sa->lDAPDisplayName,
+				    ldb_dn_get_linearized(dn));
+			*caller_should_vanish = true;
+			continue;
+		}
+
+		/*
+		 * This call 'upgrades' the links in link_dns, but we
+		 * do not commit the result back into the database, so
+		 * this is safe to call in FL2000 or on databases that
+		 * have been run at that level in the past.
+		 */
+		ret = get_parsed_dns_trusted_fallback(module, replmd_private,
+						tmp_ctx,
+						link_el, &link_dns,
+						target_attr->syntax->ldap_oid,
+						parent);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+
+		ret = parsed_dn_find(ldb, link_dns, link_el->num_values,
+				     guid, dn,
+				     data_blob_null, 0,
+				     &p, &unused,
+				     target_attr->syntax->ldap_oid, false);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+
+		if (p == NULL) {
+			DBG_WARNING("Failed to find forward link on %s "
+				    "as %s to remove backlink %s on %s\n",
+				    ldb_dn_get_linearized(msg->dn),
+				    target_attr->lDAPDisplayName,
+				    sa->lDAPDisplayName,
+				    ldb_dn_get_linearized(dn));
+			*caller_should_vanish = true;
+			continue;
+		}
+
+		/*
+		 * If we find a backlink to ourself, we will delete
+		 * the forward link before we get to process that
+		 * properly, so just let the caller process this via
+		 * the forward link.
+		 *
+		 * We do this once we are sure we have the forward
+		 * link (to ourself) in case something is very wrong
+		 * and they are out of sync.
+		 */
+		if (ldb_dn_compare(dsdb_dn->dn, dn) == 0) {
+			continue;
+		}
+
+		/* This needs to get the Binary DN, by first searching */
+		dn_str = dsdb_dn_get_linearized(tmp_ctx,
+						p->dsdb_dn);
+
+		dn_val = data_blob_string_const(dn_str);
+		el2->values = &dn_val;
+		el2->num_values = 1;
+
+		/*
+		 * Ensure that we tell the modification to vanish any linked
+		 * attributes (not simply mark them as isDeleted = TRUE)
+		 */
+		dsdb_flags |= DSDB_REPLMD_VANISH_LINKS;
+
+		ret = dsdb_module_modify(module, msg, dsdb_flags|DSDB_FLAG_OWN_MODULE, parent);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+	}
+	talloc_free(tmp_ctx);
+	return LDB_SUCCESS;
+}
+
+
+/*
+  handle update of replication meta data for deletion of objects
+
+  This also handles the mapping of delete to a rename operation
+  to allow deletes to be replicated.
+
+  It also handles the incoming deleted objects, to ensure they are
+  fully deleted here.  In that case re_delete is true, and we do not
+  use this as a signal to change the deleted state, just reinforce it.
+
+ */
+static int replmd_delete_internals(struct ldb_module *module, struct ldb_request *req, bool re_delete)
+{
+	int ret = LDB_ERR_OTHER;
+	bool retb, disallow_move_on_delete;
+	struct ldb_dn *old_dn = NULL, *new_dn = NULL;
+	const char *rdn_name;
+	const struct ldb_val *rdn_value, *new_rdn_value;
+	struct GUID guid;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	const struct dsdb_schema *schema;
+	struct ldb_message *msg, *old_msg;
+	struct ldb_message_element *el;
+	TALLOC_CTX *tmp_ctx;
+	struct ldb_result *res, *parent_res;
+	static const char * const preserved_attrs[] = {
+		/*
+		 * This list MUST be kept in case-insensitive sorted order,
+		 * as we  use it in a binary search with ldb_attr_cmp().
+		 *
+		 * We get this hard-coded list from
+		 * MS-ADTS section 3.1.1.5.5.1.1 "Tombstone Requirements".
+		 */
+		"attributeID",
+		"attributeSyntax",
+		"distinguishedName",
+		"dNReferenceUpdate",
+		"dNSHostName",
+		"flatName",
+		"governsID",
+		"groupType",
+		"instanceType",
+		"isDeleted",
+		"isRecycled",
+		"lastKnownParent",
+		"lDAPDisplayName",
+		"legacyExchangeDN",
+		"mS-DS-CreatorSID",
+		"msDS-LastKnownRDN",
+		"msDS-PortLDAP",
+		"mSMQOwnerID",
+		"name",
+		"nCName",
+		"nTSecurityDescriptor",
+		"objectClass",
+		"objectGUID",
+		"objectSid",
+		"oMSyntax",
+		"proxiedObjectName",
+		"replPropertyMetaData",
+		"sAMAccountName",
+		"securityIdentifier",
+		"sIDHistory",
+		"subClassOf",
+		"systemFlags",
+		"trustAttributes",
+		"trustDirection",
+		"trustPartner",
+		"trustType",
+		"userAccountControl",
+		"uSNChanged",
+		"uSNCreated",
+		"whenChanged",
+		"whenCreated",
+		/*
+		 * DO NOT JUST APPEND TO THIS LIST.
+		 *
+		 * In case you missed the note at the top, this list is kept
+		 * in case-insensitive sorted order. In the unlikely event you
+		 * need to add an attribute, please add it in the RIGHT PLACE.
+		 */
+	};
+	static const char * const all_attrs[] = {
+		DSDB_SECRET_ATTRIBUTES,
+		"*",
+		NULL
+	};
+	static const struct ldb_val true_val = {
+		.data = discard_const_p(uint8_t, "TRUE"),
+		.length = 4
+	};
+	
+	unsigned int i;
+	uint32_t dsdb_flags = 0;
+	struct replmd_private *replmd_private;
+	enum deletion_state deletion_state, next_deletion_state;
+
+	if (ldb_dn_is_special(req->op.del.dn)) {
+		return ldb_next_request(module, req);
+	}
+
+	/*
+	 * We have to allow dbcheck to remove an object that
+	 * is beyond repair, and to do so totally.  This could
+	 * mean we we can get a partial object from the other
+	 * DC, causing havoc, so dbcheck suggests
+	 * re-replication first.  dbcheck sets both DBCHECK
+	 * and RELAX in this situation.
+	 */
+	if (ldb_request_get_control(req, LDB_CONTROL_RELAX_OID)
+	    && ldb_request_get_control(req, DSDB_CONTROL_DBCHECK)) {
+		/* really, really remove it */
+		return ldb_next_request(module, req);
+	}
+
+	tmp_ctx = talloc_new(ldb);
+	if (!tmp_ctx) {
+		ldb_oom(ldb);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	schema = dsdb_get_schema(ldb, tmp_ctx);
+	if (!schema) {
+		talloc_free(tmp_ctx);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	old_dn = ldb_dn_copy(tmp_ctx, req->op.del.dn);
+
+	/* we need the complete msg off disk, so we can work out which
+	   attributes need to be removed */
+	ret = dsdb_module_search_dn(module, tmp_ctx, &res, old_dn, all_attrs,
+	                            DSDB_FLAG_NEXT_MODULE |
+	                            DSDB_SEARCH_SHOW_RECYCLED |
+				    DSDB_SEARCH_REVEAL_INTERNALS |
+				    DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT, req);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb_module_get_ctx(module),
+				       "repmd_delete: Failed to %s %s, because we failed to find it: %s",
+				       re_delete ? "re-delete" : "delete",
+				       ldb_dn_get_linearized(old_dn),
+				       ldb_errstring(ldb_module_get_ctx(module)));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+	old_msg = res->msgs[0];
+
+	replmd_deletion_state(module, old_msg,
+			      &deletion_state,
+			      &next_deletion_state);
+
+	/* This supports us noticing an incoming isDeleted and acting on it */
+	if (re_delete) {
+		SMB_ASSERT(deletion_state > OBJECT_NOT_DELETED);
+		next_deletion_state = deletion_state;
+	}
+
+	if (next_deletion_state == OBJECT_REMOVED) {
+		/*
+		 * We have to prevent objects being deleted, even if
+		 * the administrator really wants them gone, as
+		 * without the tombstone, we can get a partial object
+		 * from the other DC, causing havoc.
+		 *
+		 * The only other valid case is when the 180 day
+		 * timeout has expired, when relax is specified.
+		 */
+		if (ldb_request_get_control(req, LDB_CONTROL_RELAX_OID)) {
+			/* it is already deleted - really remove it this time */
+			talloc_free(tmp_ctx);
+			return ldb_next_request(module, req);
+		}
+
+		ldb_asprintf_errstring(ldb, "Refusing to delete tombstone object %s.  "
+				       "This check is to prevent corruption of the replicated state.",
+				       ldb_dn_get_linearized(old_msg->dn));
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	rdn_name = ldb_dn_get_rdn_name(old_dn);
+	rdn_value = ldb_dn_get_rdn_val(old_dn);
+	if ((rdn_name == NULL) || (rdn_value == NULL)) {
+		talloc_free(tmp_ctx);
+		return ldb_operr(ldb);
+	}
+
+	msg = ldb_msg_new(tmp_ctx);
+	if (msg == NULL) {
+		ldb_module_oom(module);
+		talloc_free(tmp_ctx);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	msg->dn = old_dn;
+
+	/* consider the SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE flag */
+	disallow_move_on_delete =
+		(ldb_msg_find_attr_as_int(old_msg, "systemFlags", 0)
+		 & SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE);
+
+	/* work out where we will be renaming this object to */
+	if (!disallow_move_on_delete) {
+		struct ldb_dn *deleted_objects_dn;
+		ret = dsdb_get_deleted_objects_dn(ldb, tmp_ctx, old_dn,
+						  &deleted_objects_dn);
+
+		/*
+		 * We should not move objects if we can't find the
+		 * deleted objects DN.  Not moving (or otherwise
+		 * harming) the Deleted Objects DN itself is handled
+		 * in the caller.
+		 */
+		if (re_delete && (ret != LDB_SUCCESS)) {
+			new_dn = ldb_dn_get_parent(tmp_ctx, old_dn);
+			if (new_dn == NULL) {
+				ldb_module_oom(module);
+				talloc_free(tmp_ctx);
+				return LDB_ERR_OPERATIONS_ERROR;
+			}
+		} else if (ret != LDB_SUCCESS) {
+			/* this is probably an attempted delete on a partition
+			 * that doesn't allow delete operations, such as the
+			 * schema partition */
+			ldb_asprintf_errstring(ldb, "No Deleted Objects container for DN %s",
+					       ldb_dn_get_linearized(old_dn));
+			talloc_free(tmp_ctx);
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		} else {
+			new_dn = deleted_objects_dn;
+		}
+	} else {
+		new_dn = ldb_dn_get_parent(tmp_ctx, old_dn);
+		if (new_dn == NULL) {
+			ldb_module_oom(module);
+			talloc_free(tmp_ctx);
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+	}
+
+	/* get the objects GUID from the search we just did */
+	guid = samdb_result_guid(old_msg, "objectGUID");
+
+	if (deletion_state == OBJECT_NOT_DELETED) {
+		struct ldb_message_element *is_deleted_el;
+
+		ret = replmd_make_deleted_child_dn(tmp_ctx,
+						   ldb,
+						   new_dn,
+						   rdn_name, rdn_value,
+						   guid);
+
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+
+		ret = ldb_msg_add_value(msg, "isDeleted", &true_val,
+					&is_deleted_el);
+		if (ret != LDB_SUCCESS) {
+			ldb_asprintf_errstring(ldb, __location__
+					       ": Failed to add isDeleted string to the msg");
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+		is_deleted_el->flags = LDB_FLAG_MOD_REPLACE;
+	} else {
+		/*
+		 * No matter what has happened with other renames etc, try again to
+		 * get this to be under the deleted DN. See MS-DRSR 5.160 RemoveObj
+		 */
+
+		struct ldb_dn *rdn = ldb_dn_copy(tmp_ctx, old_dn);
+		retb = ldb_dn_remove_base_components(rdn, ldb_dn_get_comp_num(rdn) - 1);
+		if (!retb) {
+			ldb_asprintf_errstring(ldb, __location__
+					       ": Unable to add a prepare rdn of %s",
+					       ldb_dn_get_linearized(rdn));
+			talloc_free(tmp_ctx);
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+		SMB_ASSERT(ldb_dn_get_comp_num(rdn) == 1);
+
+		retb = ldb_dn_add_child(new_dn, rdn);
+		if (!retb) {
+			ldb_asprintf_errstring(ldb, __location__
+					       ": Unable to add rdn %s to base dn: %s",
+					       ldb_dn_get_linearized(rdn),
+					       ldb_dn_get_linearized(new_dn));
+			talloc_free(tmp_ctx);
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+	}
+
+	/*
+	  now we need to modify the object in the following ways:
+
+	  - add isDeleted=TRUE
+	  - update rDN and name, with new rDN
+	  - remove linked attributes
+	  - remove objectCategory and sAMAccountType
+	  - remove attribs not on the preserved list
+	     - preserved if in above list, or is rDN
+	  - remove all linked attribs from this object
+	  - remove all links from other objects to this object
+	    (note we use the backlinks to do this, so we won't find one-way
+	     links that still point to this object, or deactivated two-way
+	     links, i.e. 'member' after the user has been removed from the
+	     group)
+	  - add lastKnownParent
+	  - update replPropertyMetaData?
+
+	  see MS-ADTS "Tombstone Requirements" section 3.1.1.5.5.1.1
+	 */
+
+	if (deletion_state == OBJECT_NOT_DELETED) {
+		struct ldb_dn *parent_dn = ldb_dn_get_parent(tmp_ctx, old_dn);
+		char *parent_dn_str = NULL;
+		struct ldb_message_element *p_el;
+
+		/* we need the storage form of the parent GUID */
+		ret = dsdb_module_search_dn(module, tmp_ctx, &parent_res,
+					    parent_dn, NULL,
+					    DSDB_FLAG_NEXT_MODULE |
+					    DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT |
+					    DSDB_SEARCH_REVEAL_INTERNALS|
+					    DSDB_SEARCH_SHOW_RECYCLED, req);
+		if (ret != LDB_SUCCESS) {
+			ldb_asprintf_errstring(ldb_module_get_ctx(module),
+					       "repmd_delete: Failed to %s %s, "
+					       "because we failed to find it's parent (%s): %s",
+					       re_delete ? "re-delete" : "delete",
+					       ldb_dn_get_linearized(old_dn),
+					       ldb_dn_get_linearized(parent_dn),
+					       ldb_errstring(ldb_module_get_ctx(module)));
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+
+		/*
+		 * Now we can use the DB version,
+		 * it will have the extended DN info in it
+		 */
+		parent_dn = parent_res->msgs[0]->dn;
+		parent_dn_str = ldb_dn_get_extended_linearized(tmp_ctx,
+							       parent_dn,
+							       1);
+		if (parent_dn_str == NULL) {
+			talloc_free(tmp_ctx);
+			return ldb_module_oom(module);
+		}
+
+		ret = ldb_msg_add_steal_string(msg, "lastKnownParent",
+					       parent_dn_str);
+		if (ret != LDB_SUCCESS) {
+			ldb_asprintf_errstring(ldb, __location__
+					       ": Failed to add lastKnownParent "
+					       "string when deleting %s",
+					       ldb_dn_get_linearized(old_dn));
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+		p_el = ldb_msg_find_element(msg,
+					    "lastKnownParent");
+		if (p_el == NULL) {
+			talloc_free(tmp_ctx);
+			return ldb_module_operr(module);
+		}
+		p_el->flags = LDB_FLAG_MOD_REPLACE;
+
+		if (next_deletion_state == OBJECT_DELETED) {
+			ret = ldb_msg_add_value(msg, "msDS-LastKnownRDN", rdn_value, NULL);
+			if (ret != LDB_SUCCESS) {
+				ldb_asprintf_errstring(ldb, __location__
+						       ": Failed to add msDS-LastKnownRDN "
+						       "string when deleting %s",
+						       ldb_dn_get_linearized(old_dn));
+				talloc_free(tmp_ctx);
+				return ret;
+			}
+			p_el = ldb_msg_find_element(msg,
+						    "msDS-LastKnownRDN");
+			if (p_el == NULL) {
+				talloc_free(tmp_ctx);
+				return ldb_module_operr(module);
+			}
+			p_el->flags = LDB_FLAG_MOD_ADD;
+		}
+	}
+
+	switch (next_deletion_state) {
+
+	case OBJECT_RECYCLED:
+	case OBJECT_TOMBSTONE:
+
+		/*
+		 * MS-ADTS 3.1.1.5.5.1.1 Tombstone Requirements
+		 * describes what must be removed from a tombstone
+		 * object
+		 *
+		 * MS-ADTS 3.1.1.5.5.1.3 Recycled-Object Requirements
+		 * describes what must be removed from a recycled
+		 * object
+		 *
+		 */
+
+		/*
+		 * we also mark it as recycled, meaning this object can't be
+		 * recovered (we are stripping its attributes).
+		 * This is done only if we have this schema object of course ...
+		 * This behavior is identical to the one of Windows 2008R2 which
+		 * always set the isRecycled attribute, even if the recycle-bin is
+		 * not activated and what ever the forest level is.
+		 */
+		if (dsdb_attribute_by_lDAPDisplayName(schema, "isRecycled") != NULL) {
+			struct ldb_message_element *is_recycled_el;
+
+			ret = ldb_msg_add_value(msg, "isRecycled", &true_val,
+						&is_recycled_el);
+			if (ret != LDB_SUCCESS) {
+				DEBUG(0,(__location__ ": Failed to add isRecycled string to the msg\n"));
+				ldb_module_oom(module);
+				talloc_free(tmp_ctx);
+				return ret;
+			}
+			is_recycled_el->flags = LDB_FLAG_MOD_REPLACE;
+		}
+
+		replmd_private = talloc_get_type(ldb_module_get_private(module),
+						 struct replmd_private);
+		/* work out which of the old attributes we will be removing */
+		for (i=0; i<old_msg->num_elements; i++) {
+			const struct dsdb_attribute *sa;
+			el = &old_msg->elements[i];
+			sa = dsdb_attribute_by_lDAPDisplayName(schema, el->name);
+			if (!sa) {
+				const char *old_dn_str
+					= ldb_dn_get_linearized(old_dn);
+
+				ldb_asprintf_errstring(ldb,
+						       __location__
+						       ": Attribute %s "
+						       "not found in schema "
+						       "when deleting %s. "
+						       "Existing record is invalid",
+						       el->name,
+						       old_dn_str);
+				talloc_free(tmp_ctx);
+				return LDB_ERR_OPERATIONS_ERROR;
+			}
+			if (ldb_attr_cmp(el->name, rdn_name) == 0) {
+				/* don't remove the rDN */
+				continue;
+			}
+
+			if (sa->linkID & 1) {
+				bool caller_should_vanish = false;
+				/*
+				 * we have a backlink in this object
+				 * that needs to be removed. We're not
+				 * allowed to remove it directly
+				 * however, so we instead setup a
+				 * modify to delete the corresponding
+				 * forward link
+				 */
+				ret = replmd_delete_remove_link(module, schema,
+								replmd_private,
+								old_dn, &guid,
+								el, sa, req,
+								&caller_should_vanish);
+				if (ret != LDB_SUCCESS) {
+					const char *old_dn_str
+						= ldb_dn_get_linearized(old_dn);
+					ldb_asprintf_errstring(ldb,
+							       __location__
+							       ": Failed to remove backlink of "
+							       "%s when deleting %s: %s",
+							       el->name,
+							       old_dn_str,
+							       ldb_errstring(ldb));
+					talloc_free(tmp_ctx);
+					return LDB_ERR_OPERATIONS_ERROR;
+				}
+
+				if (caller_should_vanish == false) {
+					/*
+					 * now we continue, which means we
+					 * won't remove this backlink
+					 * directly
+					 */
+					continue;
+				}
+
+				/*
+				 * Otherwise vanish the link, we are
+				 * out of sync and the controlling
+				 * object does not have the source
+				 * link any more
+				 */
+
+				dsdb_flags |= DSDB_REPLMD_VANISH_LINKS;
+
+			} else if (sa->linkID == 0) {
+				const char * const *attr = NULL;
+				if (sa->searchFlags & SEARCH_FLAG_PRESERVEONDELETE) {
+					continue;
+				}
+				BINARY_ARRAY_SEARCH_V(preserved_attrs,
+						      ARRAY_SIZE(preserved_attrs),
+						      el->name,
+						      ldb_attr_cmp,
+						      attr);
+				/*
+				 * If we are preserving, do not do the
+				 * ldb_msg_add_empty() below, continue
+				 * to the next element
+				 */
+				if (attr != NULL) {
+					continue;
+				}
+			} else {
+				/*
+				 * Ensure that we tell the modification to vanish any linked
+				 * attributes (not simply mark them as isDeleted = TRUE)
+				 */
+				dsdb_flags |= DSDB_REPLMD_VANISH_LINKS;
+			}
+			ret = ldb_msg_add_empty(msg, el->name, LDB_FLAG_MOD_DELETE, NULL);
+			if (ret != LDB_SUCCESS) {
+				talloc_free(tmp_ctx);
+				ldb_module_oom(module);
+				return ret;
+			}
+		}
+
+		break;
+
+	case OBJECT_DELETED:
+		/*
+		 * MS-ADTS 3.1.1.5.5.1.2 Deleted-Object Requirements
+		 * describes what must be removed from a deleted
+		 * object
+		 */
+
+		ret = ldb_msg_add_empty(msg, "objectCategory", LDB_FLAG_MOD_REPLACE, NULL);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			ldb_module_oom(module);
+			return ret;
+		}
+
+		ret = ldb_msg_add_empty(msg, "sAMAccountType", LDB_FLAG_MOD_REPLACE, NULL);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			ldb_module_oom(module);
+			return ret;
+		}
+
+		break;
+
+	default:
+		break;
+	}
+
+	if (deletion_state == OBJECT_NOT_DELETED) {
+		const struct dsdb_attribute *sa;
+
+		/* work out what the new rdn value is, for updating the
+		   rDN and name fields */
+		new_rdn_value = ldb_dn_get_rdn_val(new_dn);
+		if (new_rdn_value == NULL) {
+			talloc_free(tmp_ctx);
+			return ldb_operr(ldb);
+		}
+
+		sa = dsdb_attribute_by_lDAPDisplayName(schema, rdn_name);
+		if (!sa) {
+			talloc_free(tmp_ctx);
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+
+		ret = ldb_msg_add_value(msg, sa->lDAPDisplayName, new_rdn_value,
+					&el);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+		el->flags = LDB_FLAG_MOD_REPLACE;
+
+		el = ldb_msg_find_element(old_msg, "name");
+		if (el) {
+			ret = ldb_msg_add_value(msg, "name", new_rdn_value, &el);
+			if (ret != LDB_SUCCESS) {
+				talloc_free(tmp_ctx);
+				return ret;
+			}
+			el->flags = LDB_FLAG_MOD_REPLACE;
+		}
+	}
+
+	/*
+	 * TODO: Per MS-DRSR 5.160 RemoveObj we should remove links directly, not as an originating update!
+	 *
+	 */
+
+	/*
+	 * No matter what has happned with other renames, try again to
+	 * get this to be under the deleted DN.
+	 */
+	if (strcmp(ldb_dn_get_linearized(old_dn), ldb_dn_get_linearized(new_dn)) != 0) {
+		/* now rename onto the new DN */
+		ret = dsdb_module_rename(module, old_dn, new_dn, DSDB_FLAG_NEXT_MODULE, req);
+		if (ret != LDB_SUCCESS){
+			DEBUG(0,(__location__ ": Failed to rename object from '%s' to '%s' - %s\n",
+				 ldb_dn_get_linearized(old_dn),
+				 ldb_dn_get_linearized(new_dn),
+				 ldb_errstring(ldb)));
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+		msg->dn = new_dn;
+	}
+
+	ret = dsdb_module_modify(module, msg, dsdb_flags|DSDB_FLAG_OWN_MODULE, req);
+	if (ret != LDB_SUCCESS) {
+		char *s = NULL;
+		/*
+		 * This should not fail, so be quite verbose in the
+		 * error handling if it fails
+		 */
+		if (strcmp(ldb_dn_get_linearized(old_dn),
+			   ldb_dn_get_linearized(new_dn)) != 0) {
+			DBG_NOTICE("Failure to handle '%s' of object %s "
+				   "after successful rename to %s.  "
+				   "Error during tombstone modification was: %s\n",
+				   re_delete ? "re-delete" : "delete",
+				   ldb_dn_get_linearized(new_dn),
+				   ldb_dn_get_linearized(old_dn),
+				   ldb_errstring(ldb));
+		} else {
+			DBG_NOTICE("Failure to handle '%s' of object %s. "
+				   "Error during tombstone modification was: %s\n",
+				   re_delete ? "re-delete" : "delete",
+				   ldb_dn_get_linearized(new_dn),
+				   ldb_errstring(ldb));
+		}
+		s = ldb_ldif_message_redacted_string(ldb_module_get_ctx(module),
+						     tmp_ctx,
+						     LDB_CHANGETYPE_MODIFY,
+						     msg);
+
+		DBG_INFO("Failed tombstone modify%s was:\n%s\n",
+			 (dsdb_flags & DSDB_REPLMD_VANISH_LINKS) ?
+			 " with VANISH_LINKS" : "",
+			 s);
+		ldb_asprintf_errstring(ldb,
+				       "replmd_delete: Failed to modify"
+				       " object %s in '%s' - %s",
+				       ldb_dn_get_linearized(old_dn),
+				       re_delete ? "re-delete" : "delete",
+				       ldb_errstring(ldb));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	talloc_free(tmp_ctx);
+
+	return ldb_module_done(req, NULL, NULL, LDB_SUCCESS);
+}
+
+static int replmd_delete(struct ldb_module *module, struct ldb_request *req)
+{
+	return replmd_delete_internals(module, req, false);
+}
+
+
+static int replmd_replicated_request_error(struct replmd_replicated_request *ar, int ret)
+{
+	return ret;
+}
+
+static int replmd_replicated_request_werror(struct replmd_replicated_request *ar, WERROR status)
+{
+	int ret = LDB_ERR_OTHER;
+	/* TODO: do some error mapping */
+
+	/* Let the caller know the full WERROR */
+	ar->objs->error = status;
+
+	return ret;
+}
+
+
+static struct replPropertyMetaData1 *
+replmd_replPropertyMetaData1_find_attid(struct replPropertyMetaDataBlob *md_blob,
+                                        enum drsuapi_DsAttributeId attid)
+{
+	uint32_t i;
+	struct replPropertyMetaDataCtr1 *rpmd_ctr = &md_blob->ctr.ctr1;
+
+	for (i = 0; i < rpmd_ctr->count; i++) {
+		if (rpmd_ctr->array[i].attid == attid) {
+			return &rpmd_ctr->array[i];
+		}
+	}
+	return NULL;
+}
+
+
+/*
+   return true if an update is newer than an existing entry
+   see section 5.11 of MS-ADTS
+*/
+static bool replmd_update_is_newer(const struct GUID *current_invocation_id,
+				   const struct GUID *update_invocation_id,
+				   uint32_t current_version,
+				   uint32_t update_version,
+				   NTTIME current_change_time,
+				   NTTIME update_change_time)
+{
+	if (update_version != current_version) {
+		return update_version > current_version;
+	}
+	if (update_change_time != current_change_time) {
+		return update_change_time > current_change_time;
+	}
+	return GUID_compare(update_invocation_id, current_invocation_id) > 0;
+}
+
+static bool replmd_replPropertyMetaData1_is_newer(struct replPropertyMetaData1 *cur_m,
+						  struct replPropertyMetaData1 *new_m)
+{
+	return replmd_update_is_newer(&cur_m->originating_invocation_id,
+				      &new_m->originating_invocation_id,
+				      cur_m->version,
+				      new_m->version,
+				      cur_m->originating_change_time,
+				      new_m->originating_change_time);
+}
+
+static bool replmd_replPropertyMetaData1_new_should_be_taken(uint32_t dsdb_repl_flags,
+							     struct replPropertyMetaData1 *cur_m,
+							     struct replPropertyMetaData1 *new_m)
+{
+	bool cmp;
+
+	/*
+	 * If the new replPropertyMetaData entry for this attribute is
+	 * not provided (this happens in the case where we look for
+	 * ATTID_name, but the name was not changed), then the local
+	 * state is clearly still current, as the remote
+	 * server didn't send it due to being older the high watermark
+	 * USN we sent.
+	 */
+	if (new_m == NULL) {
+		return false;
+	}
+
+	if (dsdb_repl_flags & DSDB_REPL_FLAG_PRIORITISE_INCOMING) {
+		/*
+		 * if we compare equal then do an
+		 * update. This is used when a client
+		 * asks for a FULL_SYNC, and can be
+		 * used to recover a corrupt
+		 * replica.
+		 *
+		 * This call is a bit tricky, what we
+		 * are doing it turning the 'is_newer'
+		 * call into a 'not is older' by
+		 * swapping cur_m and new_m, and negating the
+		 * outcome.
+		 */
+		cmp = !replmd_replPropertyMetaData1_is_newer(new_m,
+							     cur_m);
+	} else {
+		cmp = replmd_replPropertyMetaData1_is_newer(cur_m,
+							    new_m);
+	}
+	return cmp;
+}
+
+
+/*
+  form a DN for a deleted (DEL:) or conflict (CNF:) DN
+ */
+static int replmd_make_prefix_child_dn(TALLOC_CTX *tmp_ctx,
+				       struct ldb_context *ldb,
+				       struct ldb_dn *dn,
+				       const char *four_char_prefix,
+				       const char *rdn_name,
+				       const struct ldb_val *rdn_value,
+				       struct GUID guid)
+{
+	struct ldb_val deleted_child_rdn_val;
+	struct GUID_txt_buf guid_str;
+	int ret;
+	bool retb;
+
+	GUID_buf_string(&guid, &guid_str);
+
+	retb = ldb_dn_add_child_fmt(dn, "X=Y");
+	if (!retb) {
+		ldb_asprintf_errstring(ldb, __location__
+				       ": Unable to add a formatted child to dn: %s",
+				       ldb_dn_get_linearized(dn));
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	/*
+	 * TODO: Per MS-ADTS 3.1.1.5.5 Delete Operation
+	 * we should truncate this value to ensure the RDN is not more than 255 chars.
+	 *
+	 * However we MS-ADTS 3.1.1.5.1.2 Naming Constraints indicates that:
+	 *
+	 * "Naming constraints are not enforced for replicated
+	 * updates." so this is safe and we don't have to work out not
+	 * splitting a UTF8 char right now.
+	 */
+	deleted_child_rdn_val = ldb_val_dup(tmp_ctx, rdn_value);
+
+	/*
+	 * sizeof(guid_str.buf) will always be longer than
+	 * strlen(guid_str.buf) but we allocate using this and
+	 * waste the trailing bytes to avoid scaring folks
+	 * with memcpy() using strlen() below
+	 */
+
+	deleted_child_rdn_val.data
+		= talloc_realloc(tmp_ctx, deleted_child_rdn_val.data,
+				 uint8_t,
+				 rdn_value->length + 5
+				 + sizeof(guid_str.buf));
+	if (!deleted_child_rdn_val.data) {
+		ldb_asprintf_errstring(ldb, __location__
+				       ": Unable to add a formatted child to dn: %s",
+				       ldb_dn_get_linearized(dn));
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	deleted_child_rdn_val.length =
+		rdn_value->length + 5
+		+ strlen(guid_str.buf);
+
+	SMB_ASSERT(deleted_child_rdn_val.length <
+		   talloc_get_size(deleted_child_rdn_val.data));
+
+	/*
+	 * talloc won't allocate more than 256MB so we can't
+	 * overflow but just to be sure
+	 */
+	if (deleted_child_rdn_val.length < rdn_value->length) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	deleted_child_rdn_val.data[rdn_value->length] = 0x0a;
+	memcpy(&deleted_child_rdn_val.data[rdn_value->length + 1],
+	       four_char_prefix, 4);
+	memcpy(&deleted_child_rdn_val.data[rdn_value->length + 5],
+	       guid_str.buf,
+	       sizeof(guid_str.buf));
+
+	/* Now set the value into the RDN, without parsing it */
+	ret = ldb_dn_set_component(
+		dn,
+		0,
+		rdn_name,
+		deleted_child_rdn_val);
+
+	return ret;
+}
+
+
+/*
+  form a conflict DN
+ */
+static struct ldb_dn *replmd_conflict_dn(TALLOC_CTX *mem_ctx,
+					 struct ldb_context *ldb,
+					 struct ldb_dn *dn,
+					 struct GUID *guid)
+{
+	const struct ldb_val *rdn_val;
+	const char *rdn_name;
+	struct ldb_dn *new_dn;
+	int ret;
+
+	rdn_val = ldb_dn_get_rdn_val(dn);
+	rdn_name = ldb_dn_get_rdn_name(dn);
+	if (!rdn_val || !rdn_name) {
+		return NULL;
+	}
+
+	new_dn = ldb_dn_get_parent(mem_ctx, dn);
+	if (!new_dn) {
+		return NULL;
+	}
+
+	ret = replmd_make_prefix_child_dn(mem_ctx,
+					  ldb, new_dn,
+					  "CNF:",
+					  rdn_name,
+					  rdn_val,
+					  *guid);
+	if (ret != LDB_SUCCESS) {
+		return NULL;
+	}
+	return new_dn;
+}
+
+/*
+  form a deleted DN
+ */
+static int replmd_make_deleted_child_dn(TALLOC_CTX *tmp_ctx,
+					struct ldb_context *ldb,
+					struct ldb_dn *dn,
+					const char *rdn_name,
+					const struct ldb_val *rdn_value,
+					struct GUID guid)
+{
+	return replmd_make_prefix_child_dn(tmp_ctx,
+					   ldb, dn,
+					   "DEL:",
+					   rdn_name,
+					   rdn_value,
+					   guid);
+}
+
+
+/*
+  perform a modify operation which sets the rDN and name attributes to
+  their current values. This has the effect of changing these
+  attributes to have been last updated by the current DC. This is
+  needed to ensure that renames performed as part of conflict
+  resolution are propagated to other DCs
+ */
+static int replmd_name_modify(struct replmd_replicated_request *ar,
+			      struct ldb_request *req, struct ldb_dn *dn)
+{
+	struct ldb_message *msg;
+	const char *rdn_name;
+	const struct ldb_val *rdn_val;
+	const struct dsdb_attribute *rdn_attr;
+	int ret;
+
+	msg = ldb_msg_new(req);
+	if (msg == NULL) {
+		goto failed;
+	}
+	msg->dn = dn;
+
+	rdn_name = ldb_dn_get_rdn_name(dn);
+	if (rdn_name == NULL) {
+		goto failed;
+	}
+
+	/* normalize the rdn attribute name */
+	rdn_attr = dsdb_attribute_by_lDAPDisplayName(ar->schema, rdn_name);
+	if (rdn_attr == NULL) {
+		goto failed;
+	}
+	rdn_name = rdn_attr->lDAPDisplayName;
+
+	rdn_val = ldb_dn_get_rdn_val(dn);
+	if (rdn_val == NULL) {
+		goto failed;
+	}
+
+	if (ldb_msg_append_value(msg, rdn_name, rdn_val, LDB_FLAG_MOD_REPLACE) != 0) {
+		goto failed;
+	}
+	if (ldb_msg_append_value(msg, "name", rdn_val, LDB_FLAG_MOD_REPLACE) != 0) {
+		goto failed;
+	}
+
+	/*
+	 * We have to mark this as a replicated update otherwise
+	 * schema_data may reject a rename in the schema partition
+	 */
+
+	ret = dsdb_module_modify(ar->module, msg,
+				 DSDB_FLAG_OWN_MODULE|DSDB_FLAG_REPLICATED_UPDATE,
+				 req);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,(__location__ ": Failed to modify rDN/name of DN being DRS renamed '%s' - %s\n",
+			 ldb_dn_get_linearized(dn),
+			 ldb_errstring(ldb_module_get_ctx(ar->module))));
+		return ret;
+	}
+
+	talloc_free(msg);
+
+	return LDB_SUCCESS;
+
+failed:
+	talloc_free(msg);
+	DEBUG(0,(__location__ ": Failed to setup modify rDN/name of DN being DRS renamed '%s'\n",
+		 ldb_dn_get_linearized(dn)));
+	return LDB_ERR_OPERATIONS_ERROR;
+}
+
+
+/*
+  callback for conflict DN handling where we have renamed the incoming
+  record. After renaming it, we need to ensure the change of name and
+  rDN for the incoming record is seen as an originating update by this DC.
+
+  This also handles updating lastKnownParent for entries sent to lostAndFound
+ */
+static int replmd_op_name_modify_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	struct replmd_replicated_request *ar =
+		talloc_get_type_abort(req->context, struct replmd_replicated_request);
+	struct ldb_dn *conflict_dn = NULL;
+	int ret;
+
+	if (ares->error != LDB_SUCCESS) {
+		/* call the normal callback for everything except success */
+		return replmd_op_callback(req, ares);
+	}
+
+	switch (req->operation) {
+	case LDB_ADD:
+		conflict_dn = req->op.add.message->dn;
+		break;
+	case LDB_MODIFY:
+		conflict_dn = req->op.mod.message->dn;
+		break;
+	default:
+		smb_panic("replmd_op_name_modify_callback called in unknown circumstances");
+	}
+
+	/* perform a modify of the rDN and name of the record */
+	ret = replmd_name_modify(ar, req, conflict_dn);
+	if (ret != LDB_SUCCESS) {
+		ares->error = ret;
+		return replmd_op_callback(req, ares);
+	}
+
+	if (ar->objs->objects[ar->index_current].last_known_parent) {
+		struct ldb_message *msg = ldb_msg_new(req);
+		if (msg == NULL) {
+			ldb_module_oom(ar->module);
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+
+		msg->dn = req->op.add.message->dn;
+
+		ret = ldb_msg_add_steal_string(msg, "lastKnownParent",
+					       ldb_dn_get_extended_linearized(msg, ar->objs->objects[ar->index_current].last_known_parent, 1));
+		if (ret != LDB_SUCCESS) {
+			DEBUG(0,(__location__ ": Failed to add lastKnownParent string to the msg\n"));
+			ldb_module_oom(ar->module);
+			return ret;
+		}
+		msg->elements[0].flags = LDB_FLAG_MOD_REPLACE;
+
+		ret = dsdb_module_modify(ar->module, msg, DSDB_FLAG_OWN_MODULE, req);
+		if (ret != LDB_SUCCESS) {
+			DEBUG(0,(__location__ ": Failed to modify lastKnownParent of lostAndFound DN '%s' - %s\n",
+				 ldb_dn_get_linearized(msg->dn),
+				 ldb_errstring(ldb_module_get_ctx(ar->module))));
+			return ret;
+		}
+		TALLOC_FREE(msg);
+	}
+
+	return replmd_op_callback(req, ares);
+}
+
+
+
+/*
+ * A helper for replmd_op_possible_conflict_callback() and
+ * replmd_replicated_handle_rename()
+ */
+static int incoming_dn_should_be_renamed(TALLOC_CTX *mem_ctx,
+					 struct replmd_replicated_request *ar,
+					 struct ldb_dn *conflict_dn,
+					 struct ldb_result **res,
+					 bool *rename_incoming_record)
+{
+	int ret;
+	bool rodc;
+	enum ndr_err_code ndr_err;
+	const struct ldb_val *omd_value = NULL;
+	struct replPropertyMetaDataBlob omd, *rmd = NULL;
+	struct ldb_context *ldb = ldb_module_get_ctx(ar->module);
+	const char *attrs[] = { "replPropertyMetaData", "objectGUID", NULL };
+	struct replPropertyMetaData1 *omd_name = NULL;
+	struct replPropertyMetaData1 *rmd_name = NULL;
+	struct ldb_message *msg = NULL;
+
+	ret = samdb_rodc(ldb, &rodc);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(
+			ldb,
+			"Failed to determine if we are an RODC when attempting "
+			"to form conflict DN: %s",
+			ldb_errstring(ldb));
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	if (rodc) {
+		/*
+		 * We are on an RODC, or were a GC for this
+		 * partition, so we have to fail this until
+		 * someone who owns the partition sorts it
+		 * out
+		 */
+		ldb_asprintf_errstring(
+			ldb,
+			"Conflict adding object '%s' from incoming replication "
+			"but we are read only for the partition.  \n"
+			" - We must fail the operation until a master for this "
+			"partition resolves the conflict",
+			ldb_dn_get_linearized(conflict_dn));
+		 return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	/*
+	 * first we need the replPropertyMetaData attribute from the
+	 * old record
+	 */
+	ret = dsdb_module_search_dn(ar->module, mem_ctx, res, conflict_dn,
+				    attrs,
+				    DSDB_FLAG_NEXT_MODULE |
+				    DSDB_SEARCH_SHOW_DELETED |
+				    DSDB_SEARCH_SHOW_RECYCLED, ar->req);
+	if (ret != LDB_SUCCESS) {
+		DBG_ERR(__location__
+			": Unable to find object for conflicting record '%s'\n",
+			ldb_dn_get_linearized(conflict_dn));
+		 return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	msg = (*res)->msgs[0];
+	omd_value = ldb_msg_find_ldb_val(msg, "replPropertyMetaData");
+	if (omd_value == NULL) {
+		DBG_ERR(__location__
+			": Unable to find replPropertyMetaData for conflicting "
+			"record '%s'\n",
+			ldb_dn_get_linearized(conflict_dn));
+		 return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	ndr_err = ndr_pull_struct_blob(
+		omd_value, msg, &omd,
+		(ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaDataBlob);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		DBG_ERR(__location__
+			": Failed to parse old replPropertyMetaData for %s\n",
+			ldb_dn_get_linearized(conflict_dn));
+		 return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	rmd = ar->objs->objects[ar->index_current].meta_data;
+
+	/*
+	 * we decide which is newer based on the RPMD on the name
+	 * attribute.  See [MS-DRSR] ResolveNameConflict.
+	 *
+	 * We expect omd_name to be present, as this is from a local
+	 * search, but while rmd_name should have been given to us by
+	 * the remote server, if it is missing we just prefer the
+	 * local name in
+	 * replmd_replPropertyMetaData1_new_should_be_taken()
+	 */
+	rmd_name = replmd_replPropertyMetaData1_find_attid(rmd,
+							   DRSUAPI_ATTID_name);
+	omd_name = replmd_replPropertyMetaData1_find_attid(&omd,
+							   DRSUAPI_ATTID_name);
+	if (!omd_name) {
+		DBG_ERR(__location__
+			": Failed to find name attribute in "
+			"local LDB replPropertyMetaData for %s\n",
+			 ldb_dn_get_linearized(conflict_dn));
+		 return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	/*
+	 * Should we preserve the current record, and so rename the
+	 * incoming record to be a conflict?
+	 */
+	*rename_incoming_record =
+		!replmd_replPropertyMetaData1_new_should_be_taken(
+			(ar->objs->dsdb_repl_flags &
+			 DSDB_REPL_FLAG_PRIORITISE_INCOMING),
+			omd_name, rmd_name);
+
+	return LDB_SUCCESS;
+}
+
+
+/*
+  callback for replmd_replicated_apply_add()
+  This copes with the creation of conflict records in the case where
+  the DN exists, but with a different objectGUID
+ */
+static int replmd_op_possible_conflict_callback(struct ldb_request *req, struct ldb_reply *ares, int (*callback)(struct ldb_request *req, struct ldb_reply *ares))
+{
+	struct ldb_dn *conflict_dn;
+	struct replmd_replicated_request *ar =
+		talloc_get_type_abort(req->context, struct replmd_replicated_request);
+	struct ldb_result *res;
+	int ret;
+	bool rename_incoming_record;
+	struct ldb_message *msg;
+	struct ldb_request *down_req = NULL;
+
+	/* call the normal callback for success */
+	if (ares->error == LDB_SUCCESS) {
+		return callback(req, ares);
+	}
+
+	/*
+	 * we have a conflict, and need to decide if we will keep the
+	 * new record or the old record
+	 */
+
+	msg = ar->objs->objects[ar->index_current].msg;
+	conflict_dn = msg->dn;
+
+	/* For failures other than conflicts, fail the whole operation here */
+	if (ares->error != LDB_ERR_ENTRY_ALREADY_EXISTS) {
+		ldb_asprintf_errstring(ldb_module_get_ctx(ar->module), "Failed to locally apply remote add of %s: %s",
+				       ldb_dn_get_linearized(conflict_dn),
+				       ldb_errstring(ldb_module_get_ctx(ar->module)));
+
+		return ldb_module_done(ar->req, NULL, NULL,
+				       LDB_ERR_OPERATIONS_ERROR);
+	}
+
+
+	ret = incoming_dn_should_be_renamed(req, ar, conflict_dn, &res,
+					    &rename_incoming_record);
+	if (ret != LDB_SUCCESS) {
+		goto failed;
+	}
+
+	if (rename_incoming_record) {
+		struct GUID guid;
+		struct ldb_dn *new_dn;
+
+		guid = samdb_result_guid(msg, "objectGUID");
+		if (GUID_all_zero(&guid)) {
+			DEBUG(0,(__location__ ": Failed to find objectGUID for conflicting incoming record %s\n",
+				 ldb_dn_get_linearized(conflict_dn)));
+			goto failed;
+		}
+		new_dn = replmd_conflict_dn(req,
+					    ldb_module_get_ctx(ar->module),
+					    conflict_dn, &guid);
+		if (new_dn == NULL) {
+			DEBUG(0,(__location__ ": Failed to form conflict DN for %s\n",
+				 ldb_dn_get_linearized(conflict_dn)));
+			goto failed;
+		}
+
+		DEBUG(2,(__location__ ": Resolving conflict record via incoming rename '%s' -> '%s'\n",
+			 ldb_dn_get_linearized(conflict_dn), ldb_dn_get_linearized(new_dn)));
+
+		/* re-submit the request, but with the new DN */
+		callback = replmd_op_name_modify_callback;
+		msg->dn = new_dn;
+	} else {
+		/* we are renaming the existing record */
+		struct GUID guid;
+		struct ldb_dn *new_dn;
+
+		guid = samdb_result_guid(res->msgs[0], "objectGUID");
+		if (GUID_all_zero(&guid)) {
+			DEBUG(0,(__location__ ": Failed to find objectGUID for existing conflict record %s\n",
+				 ldb_dn_get_linearized(conflict_dn)));
+			goto failed;
+		}
+
+		new_dn = replmd_conflict_dn(req,
+					    ldb_module_get_ctx(ar->module),
+					    conflict_dn, &guid);
+		if (new_dn == NULL) {
+			DEBUG(0,(__location__ ": Failed to form conflict DN for %s\n",
+				 ldb_dn_get_linearized(conflict_dn)));
+			goto failed;
+		}
+
+		DEBUG(2,(__location__ ": Resolving conflict record via existing-record rename '%s' -> '%s'\n",
+			 ldb_dn_get_linearized(conflict_dn), ldb_dn_get_linearized(new_dn)));
+
+		ret = dsdb_module_rename(ar->module, conflict_dn, new_dn,
+					 DSDB_FLAG_OWN_MODULE, req);
+		if (ret != LDB_SUCCESS) {
+			DEBUG(0,(__location__ ": Failed to rename conflict dn '%s' to '%s' - %s\n",
+				 ldb_dn_get_linearized(conflict_dn),
+				 ldb_dn_get_linearized(new_dn),
+				 ldb_errstring(ldb_module_get_ctx(ar->module))));
+			goto failed;
+		}
+
+		/*
+		 * now we need to ensure that the rename is seen as an
+		 * originating update. We do that with a modify.
+		 */
+		ret = replmd_name_modify(ar, req, new_dn);
+		if (ret != LDB_SUCCESS) {
+			goto failed;
+		}
+
+		DEBUG(2,(__location__ ": With conflicting record renamed, re-apply replicated creation of '%s'\n",
+			 ldb_dn_get_linearized(req->op.add.message->dn)));
+	}
+
+	ret = ldb_build_add_req(&down_req,
+				ldb_module_get_ctx(ar->module),
+				req,
+				msg,
+				ar->controls,
+				ar,
+				callback,
+				req);
+	if (ret != LDB_SUCCESS) {
+		goto failed;
+	}
+	LDB_REQ_SET_LOCATION(down_req);
+
+	/* current partition control needed by "repmd_op_callback" */
+	ret = ldb_request_add_control(down_req,
+				      DSDB_CONTROL_CURRENT_PARTITION_OID,
+				      false, NULL);
+	if (ret != LDB_SUCCESS) {
+		return replmd_replicated_request_error(ar, ret);
+	}
+
+	if (ar->objs->dsdb_repl_flags & DSDB_REPL_FLAG_PARTIAL_REPLICA) {
+		/* this tells the partition module to make it a
+		   partial replica if creating an NC */
+		ret = ldb_request_add_control(down_req,
+					      DSDB_CONTROL_PARTIAL_REPLICA,
+					      false, NULL);
+		if (ret != LDB_SUCCESS) {
+			return replmd_replicated_request_error(ar, ret);
+		}
+	}
+
+	/*
+	 * Finally we re-run the add, otherwise the new record won't
+	 * exist, as we are here because of that exact failure!
+	 */
+	return ldb_next_request(ar->module, down_req);
+failed:
+
+	/* on failure make the caller get the error. This means
+	 * replication will stop with an error, but there is not much
+	 * else we can do.
+	 */
+	if (ret == LDB_SUCCESS) {
+		ret = LDB_ERR_OPERATIONS_ERROR;
+	}
+	return ldb_module_done(ar->req, NULL, NULL,
+			       ret);
+}
+
+/*
+  callback for replmd_replicated_apply_add()
+  This copes with the creation of conflict records in the case where
+  the DN exists, but with a different objectGUID
+ */
+static int replmd_op_add_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	struct replmd_replicated_request *ar =
+		talloc_get_type_abort(req->context, struct replmd_replicated_request);
+
+	if (ar->objs->objects[ar->index_current].last_known_parent) {
+		/* This is like a conflict DN, where we put the object in LostAndFound
+		   see MS-DRSR 4.1.10.6.10 FindBestParentObject */
+		return replmd_op_possible_conflict_callback(req, ares, replmd_op_name_modify_callback);
+	}
+
+	return replmd_op_possible_conflict_callback(req, ares, replmd_op_callback);
+}
+
+/*
+  this is called when a new object comes in over DRS
+ */
+static int replmd_replicated_apply_add(struct replmd_replicated_request *ar)
+{
+	struct ldb_context *ldb;
+	struct ldb_request *change_req;
+	enum ndr_err_code ndr_err;
+	struct ldb_message *msg;
+	struct replPropertyMetaDataBlob *md;
+	struct ldb_val md_value;
+	unsigned int i;
+	int ret;
+	bool remote_isDeleted = false;
+	bool is_schema_nc;
+	NTTIME now;
+	time_t t = time(NULL);
+	const struct ldb_val *rdn_val;
+	struct replmd_private *replmd_private =
+		talloc_get_type(ldb_module_get_private(ar->module),
+				struct replmd_private);
+	unix_to_nt_time(&now, t);
+
+	ldb = ldb_module_get_ctx(ar->module);
+	msg = ar->objs->objects[ar->index_current].msg;
+	md = ar->objs->objects[ar->index_current].meta_data;
+	is_schema_nc = ldb_dn_compare_base(replmd_private->schema_dn, msg->dn) == 0;
+
+	ret = ldb_sequence_number(ldb, LDB_SEQ_NEXT, &ar->seq_num);
+	if (ret != LDB_SUCCESS) {
+		return replmd_replicated_request_error(ar, ret);
+	}
+
+	ret = dsdb_msg_add_guid(msg,
+				&ar->objs->objects[ar->index_current].object_guid,
+				"objectGUID");
+	if (ret != LDB_SUCCESS) {
+		return replmd_replicated_request_error(ar, ret);
+	}
+
+	ret = ldb_msg_add_string(msg, "whenChanged", ar->objs->objects[ar->index_current].when_changed);
+	if (ret != LDB_SUCCESS) {
+		return replmd_replicated_request_error(ar, ret);
+	}
+
+	ret = samdb_msg_add_uint64(ldb, msg, msg, "uSNCreated", ar->seq_num);
+	if (ret != LDB_SUCCESS) {
+		return replmd_replicated_request_error(ar, ret);
+	}
+
+	ret = samdb_msg_add_uint64(ldb, msg, msg, "uSNChanged", ar->seq_num);
+	if (ret != LDB_SUCCESS) {
+		return replmd_replicated_request_error(ar, ret);
+	}
+
+	/* remove any message elements that have zero values */
+	for (i=0; i<msg->num_elements; i++) {
+		struct ldb_message_element *el = &msg->elements[i];
+
+		if (el->num_values == 0) {
+			if (ldb_attr_cmp(msg->elements[i].name, "objectClass") == 0) {
+				ldb_asprintf_errstring(ldb, __location__
+						       ": empty objectClass sent on %s, aborting replication\n",
+						       ldb_dn_get_linearized(msg->dn));
+				return replmd_replicated_request_error(ar, LDB_ERR_OBJECT_CLASS_VIOLATION);
+			}
+
+			DEBUG(4,(__location__ ": Removing attribute %s with num_values==0\n",
+				 el->name));
+			ldb_msg_remove_element(msg, &msg->elements[i]);
+			i--;
+			continue;
+		}
+	}
+
+	if (DEBUGLVL(8)) {
+		struct GUID_txt_buf guid_txt;
+
+		char *s = ldb_ldif_message_redacted_string(ldb, ar,
+							   LDB_CHANGETYPE_ADD,
+							   msg);
+		DEBUG(8, ("DRS replication add message of %s:\n%s\n",
+			  GUID_buf_string(&ar->objs->objects[ar->index_current].object_guid, &guid_txt),
+			  s));
+		talloc_free(s);
+	} else if (DEBUGLVL(4)) {
+		struct GUID_txt_buf guid_txt;
+		DEBUG(4, ("DRS replication add DN of %s is %s\n",
+			  GUID_buf_string(&ar->objs->objects[ar->index_current].object_guid, &guid_txt),
+			  ldb_dn_get_linearized(msg->dn)));
+	}
+	remote_isDeleted = ldb_msg_find_attr_as_bool(msg,
+						     "isDeleted", false);
+
+	/*
+	 * the meta data array is already sorted by the caller, except
+	 * for the RDN, which needs to be added.
+	 */
+
+
+	rdn_val = ldb_dn_get_rdn_val(msg->dn);
+	ret = replmd_update_rpmd_rdn_attr(ldb, msg, rdn_val, NULL,
+					  md, ar, now, is_schema_nc,
+					  false);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb, "%s: error during DRS repl ADD: %s", __func__, ldb_errstring(ldb));
+		return replmd_replicated_request_error(ar, ret);
+	}
+
+	ret = replmd_replPropertyMetaDataCtr1_sort_and_verify(ldb, &md->ctr.ctr1, msg->dn);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb, "%s: error during DRS repl ADD: %s", __func__, ldb_errstring(ldb));
+		return replmd_replicated_request_error(ar, ret);
+	}
+
+	for (i=0; i < md->ctr.ctr1.count; i++) {
+		md->ctr.ctr1.array[i].local_usn = ar->seq_num;
+	}
+	ndr_err = ndr_push_struct_blob(&md_value, msg, md,
+				       (ndr_push_flags_fn_t)ndr_push_replPropertyMetaDataBlob);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
+		return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status));
+	}
+	ret = ldb_msg_add_value(msg, "replPropertyMetaData", &md_value, NULL);
+	if (ret != LDB_SUCCESS) {
+		return replmd_replicated_request_error(ar, ret);
+	}
+
+	replmd_ldb_message_sort(msg, ar->schema);
+
+	if (!remote_isDeleted) {
+		/*
+		 * Ensure any local ACL inheritance is applied from
+		 * the parent object.
+		 *
+		 * This is needed because descriptor is above
+		 * repl_meta_data in the module stack, so this will
+		 * not be triggered 'naturally' by the flow of
+		 * operations.
+		 */
+		ret = dsdb_module_schedule_sd_propagation(ar->module,
+							  ar->objs->partition_dn,
+							  ar->objs->objects[ar->index_current].object_guid,
+							  ar->objs->objects[ar->index_current].parent_guid ?
+							  *ar->objs->objects[ar->index_current].parent_guid :
+							  GUID_zero(),
+							  true);
+		if (ret != LDB_SUCCESS) {
+			return replmd_replicated_request_error(ar, ret);
+		}
+	}
+
+	ar->isDeleted = remote_isDeleted;
+
+	ret = ldb_build_add_req(&change_req,
+				ldb,
+				ar,
+				msg,
+				ar->controls,
+				ar,
+				replmd_op_add_callback,
+				ar->req);
+	LDB_REQ_SET_LOCATION(change_req);
+	if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret);
+
+	/* current partition control needed by "repmd_op_callback" */
+	ret = ldb_request_add_control(change_req,
+				      DSDB_CONTROL_CURRENT_PARTITION_OID,
+				      false, NULL);
+	if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret);
+
+	if (ar->objs->dsdb_repl_flags & DSDB_REPL_FLAG_PARTIAL_REPLICA) {
+		/* this tells the partition module to make it a
+		   partial replica if creating an NC */
+		ret = ldb_request_add_control(change_req,
+					      DSDB_CONTROL_PARTIAL_REPLICA,
+					      false, NULL);
+		if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret);
+	}
+
+	return ldb_next_request(ar->module, change_req);
+}
+
+static int replmd_replicated_apply_search_for_parent_callback(struct ldb_request *req,
+							      struct ldb_reply *ares)
+{
+	struct replmd_replicated_request *ar = talloc_get_type(req->context,
+					       struct replmd_replicated_request);
+	int ret;
+
+	if (!ares) {
+		return ldb_module_done(ar->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+
+	/*
+	 * The error NO_SUCH_OBJECT is not expected, unless the search
+	 * base is the partition DN, and that case doesn't happen here
+	 * because then we wouldn't get a parent_guid_value in any
+	 * case.
+	 */
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ar->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+	{
+		struct ldb_message *parent_msg = ares->message;
+		struct ldb_message *msg = ar->objs->objects[ar->index_current].msg;
+		struct ldb_dn *parent_dn = NULL;
+		int comp_num;
+
+		if (!ldb_msg_check_string_attribute(msg, "isDeleted", "TRUE")
+		    && ldb_msg_check_string_attribute(parent_msg, "isDeleted", "TRUE")) {
+			/* Per MS-DRSR 4.1.10.6.10
+			 * FindBestParentObject we need to move this
+			 * new object under a deleted object to
+			 * lost-and-found */
+			struct ldb_dn *nc_root;
+
+			ret = dsdb_find_nc_root(ldb_module_get_ctx(ar->module), msg, msg->dn, &nc_root);
+			if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+				ldb_asprintf_errstring(ldb_module_get_ctx(ar->module),
+						       "No suitable NC root found for %s.  "
+						       "We need to move this object because parent object %s "
+						       "is deleted, but this object is not.",
+						       ldb_dn_get_linearized(msg->dn),
+						       ldb_dn_get_linearized(parent_msg->dn));
+				return ldb_module_done(ar->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
+			} else if (ret != LDB_SUCCESS) {
+				ldb_asprintf_errstring(ldb_module_get_ctx(ar->module),
+						       "Unable to find NC root for %s: %s. "
+						       "We need to move this object because parent object %s "
+						       "is deleted, but this object is not.",
+						       ldb_dn_get_linearized(msg->dn),
+						       ldb_errstring(ldb_module_get_ctx(ar->module)),
+						       ldb_dn_get_linearized(parent_msg->dn));
+				return ldb_module_done(ar->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
+			}
+
+			ret = dsdb_wellknown_dn(ldb_module_get_ctx(ar->module), msg,
+						nc_root,
+						DS_GUID_LOSTANDFOUND_CONTAINER,
+						&parent_dn);
+			if (ret != LDB_SUCCESS) {
+				ldb_asprintf_errstring(ldb_module_get_ctx(ar->module),
+						       "Unable to find LostAndFound Container for %s "
+						       "in partition %s: %s. "
+						       "We need to move this object because parent object %s "
+						       "is deleted, but this object is not.",
+						       ldb_dn_get_linearized(msg->dn), ldb_dn_get_linearized(nc_root),
+						       ldb_errstring(ldb_module_get_ctx(ar->module)),
+						       ldb_dn_get_linearized(parent_msg->dn));
+				return ldb_module_done(ar->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
+			}
+			ar->objs->objects[ar->index_current].last_known_parent
+				= talloc_steal(ar->objs->objects[ar->index_current].msg, parent_msg->dn);
+
+		} else {
+			parent_dn
+				= talloc_steal(ar->objs->objects[ar->index_current].msg, parent_msg->dn);
+
+		}
+		ar->objs->objects[ar->index_current].local_parent_dn = parent_dn;
+
+		comp_num = ldb_dn_get_comp_num(msg->dn);
+		if (comp_num > 1) {
+			if (!ldb_dn_remove_base_components(msg->dn, comp_num - 1)) {
+				talloc_free(ares);
+				return ldb_module_done(ar->req, NULL, NULL, ldb_module_operr(ar->module));
+			}
+		}
+		if (!ldb_dn_add_base(msg->dn, parent_dn)) {
+			talloc_free(ares);
+			return ldb_module_done(ar->req, NULL, NULL, ldb_module_operr(ar->module));
+		}
+		break;
+	}
+	case LDB_REPLY_REFERRAL:
+		/* we ignore referrals */
+		break;
+
+	case LDB_REPLY_DONE:
+
+		if (ar->objs->objects[ar->index_current].local_parent_dn == NULL) {
+			struct GUID_txt_buf str_buf;
+			if (ar->search_msg != NULL) {
+				ldb_asprintf_errstring(ldb_module_get_ctx(ar->module),
+						       "No parent with GUID %s found for object locally known as %s",
+						       GUID_buf_string(ar->objs->objects[ar->index_current].parent_guid, &str_buf),
+						       ldb_dn_get_linearized(ar->search_msg->dn));
+			} else {
+				ldb_asprintf_errstring(ldb_module_get_ctx(ar->module),
+						       "No parent with GUID %s found for object remotely known as %s",
+						       GUID_buf_string(ar->objs->objects[ar->index_current].parent_guid, &str_buf),
+						       ldb_dn_get_linearized(ar->objs->objects[ar->index_current].msg->dn));
+			}
+
+			/*
+			 * This error code is really important, as it
+			 * is the flag back to the callers to retry
+			 * this with DRSUAPI_DRS_GET_ANC, and so get
+			 * the parent objects before the child
+			 * objects
+			 */
+			return ldb_module_done(ar->req, NULL, NULL,
+					       replmd_replicated_request_werror(ar, WERR_DS_DRA_MISSING_PARENT));
+		}
+
+		if (ar->search_msg != NULL) {
+			ret = replmd_replicated_apply_merge(ar);
+		} else {
+			ret = replmd_replicated_apply_add(ar);
+		}
+		if (ret != LDB_SUCCESS) {
+			return ldb_module_done(ar->req, NULL, NULL, ret);
+		}
+	}
+
+	talloc_free(ares);
+	return LDB_SUCCESS;
+}
+
+/*
+ * Look for the parent object, so we put the new object in the right
+ * place This is akin to NameObject in MS-DRSR - this routine and the
+ * callbacks find the right parent name, and correct name for this
+ * object
+ */
+
+static int replmd_replicated_apply_search_for_parent(struct replmd_replicated_request *ar)
+{
+	struct ldb_context *ldb;
+	int ret;
+	char *tmp_str;
+	char *filter;
+	struct ldb_request *search_req;
+	static const char *attrs[] = {"isDeleted", NULL};
+	struct GUID_txt_buf guid_str_buf;
+
+	ldb = ldb_module_get_ctx(ar->module);
+
+	if (ar->objs->objects[ar->index_current].parent_guid == NULL) {
+		if (ar->search_msg != NULL) {
+			return replmd_replicated_apply_merge(ar);
+		} else {
+			return replmd_replicated_apply_add(ar);
+		}
+	}
+
+	tmp_str = GUID_buf_string(ar->objs->objects[ar->index_current].parent_guid,
+				  &guid_str_buf);
+
+	filter = talloc_asprintf(ar, "(objectGUID=%s)", tmp_str);
+	if (!filter) return replmd_replicated_request_werror(ar, WERR_NOT_ENOUGH_MEMORY);
+
+	ret = ldb_build_search_req(&search_req,
+				   ldb,
+				   ar,
+				   ar->objs->partition_dn,
+				   LDB_SCOPE_SUBTREE,
+				   filter,
+				   attrs,
+				   NULL,
+				   ar,
+				   replmd_replicated_apply_search_for_parent_callback,
+				   ar->req);
+	LDB_REQ_SET_LOCATION(search_req);
+
+	ret = dsdb_request_add_controls(search_req,
+					DSDB_SEARCH_SHOW_RECYCLED|
+					DSDB_SEARCH_SHOW_DELETED|
+					DSDB_SEARCH_SHOW_EXTENDED_DN);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return ldb_next_request(ar->module, search_req);
+}
+
+/*
+  handle renames that come in over DRS replication
+ */
+static int replmd_replicated_handle_rename(struct replmd_replicated_request *ar,
+					   struct ldb_message *msg,
+					   struct ldb_request *parent,
+					   bool *renamed_to_conflict)
+{
+	int ret;
+	TALLOC_CTX *tmp_ctx = talloc_new(msg);
+	struct ldb_result *res;
+	struct ldb_dn *conflict_dn;
+	bool rename_incoming_record;
+	struct ldb_dn *new_dn;
+	struct GUID guid;
+
+	DEBUG(4,("replmd_replicated_request rename %s => %s\n",
+		 ldb_dn_get_linearized(ar->search_msg->dn),
+		 ldb_dn_get_linearized(msg->dn)));
+
+
+	ret = dsdb_module_rename(ar->module, ar->search_msg->dn, msg->dn,
+				 DSDB_FLAG_NEXT_MODULE, ar->req);
+	if (ret == LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	if (ret != LDB_ERR_ENTRY_ALREADY_EXISTS) {
+		talloc_free(tmp_ctx);
+		ldb_asprintf_errstring(ldb_module_get_ctx(ar->module), "Failed to locally apply remote rename from %s to %s: %s",
+				       ldb_dn_get_linearized(ar->search_msg->dn),
+				       ldb_dn_get_linearized(msg->dn),
+				       ldb_errstring(ldb_module_get_ctx(ar->module)));
+		return ret;
+	}
+
+	conflict_dn = msg->dn;
+
+
+	ret = incoming_dn_should_be_renamed(tmp_ctx, ar, conflict_dn, &res,
+					    &rename_incoming_record);
+	if (ret != LDB_SUCCESS) {
+		goto failed;
+	}
+
+	if (rename_incoming_record) {
+
+		new_dn = replmd_conflict_dn(msg,
+					    ldb_module_get_ctx(ar->module),
+					    msg->dn,
+					    &ar->objs->objects[ar->index_current].object_guid);
+		if (new_dn == NULL) {
+			ldb_asprintf_errstring(ldb_module_get_ctx(ar->module),
+								  "Failed to form conflict DN for %s\n",
+								  ldb_dn_get_linearized(msg->dn));
+
+			talloc_free(tmp_ctx);
+			return replmd_replicated_request_werror(ar, WERR_NOT_ENOUGH_MEMORY);
+		}
+
+		ret = dsdb_module_rename(ar->module, ar->search_msg->dn, new_dn,
+					 DSDB_FLAG_NEXT_MODULE, ar->req);
+		if (ret != LDB_SUCCESS) {
+			ldb_asprintf_errstring(ldb_module_get_ctx(ar->module),
+					       "Failed to rename incoming conflicting dn '%s' (was '%s') to '%s' - %s\n",
+					       ldb_dn_get_linearized(conflict_dn),
+					       ldb_dn_get_linearized(ar->search_msg->dn),
+					       ldb_dn_get_linearized(new_dn),
+					       ldb_errstring(ldb_module_get_ctx(ar->module)));
+			talloc_free(tmp_ctx);
+			return replmd_replicated_request_werror(ar, WERR_DS_DRA_DB_ERROR);
+		}
+
+		msg->dn = new_dn;
+		*renamed_to_conflict = true;
+		talloc_free(tmp_ctx);
+		return LDB_SUCCESS;
+	}
+
+	/* we are renaming the existing record */
+
+	guid = samdb_result_guid(res->msgs[0], "objectGUID");
+	if (GUID_all_zero(&guid)) {
+		DEBUG(0,(__location__ ": Failed to find objectGUID for existing conflict record %s\n",
+			 ldb_dn_get_linearized(conflict_dn)));
+		goto failed;
+	}
+
+	new_dn = replmd_conflict_dn(tmp_ctx,
+				    ldb_module_get_ctx(ar->module),
+				    conflict_dn, &guid);
+	if (new_dn == NULL) {
+		DEBUG(0,(__location__ ": Failed to form conflict DN for %s\n",
+			 ldb_dn_get_linearized(conflict_dn)));
+		goto failed;
+	}
+
+	DEBUG(2,(__location__ ": Resolving conflict record via existing-record rename '%s' -> '%s'\n",
+		 ldb_dn_get_linearized(conflict_dn), ldb_dn_get_linearized(new_dn)));
+
+	ret = dsdb_module_rename(ar->module, conflict_dn, new_dn,
+				 DSDB_FLAG_OWN_MODULE, ar->req);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,(__location__ ": Failed to rename conflict dn '%s' to '%s' - %s\n",
+			 ldb_dn_get_linearized(conflict_dn),
+			 ldb_dn_get_linearized(new_dn),
+			 ldb_errstring(ldb_module_get_ctx(ar->module))));
+		goto failed;
+	}
+
+	/*
+	 * now we need to ensure that the rename is seen as an
+	 * originating update. We do that with a modify.
+	 */
+	ret = replmd_name_modify(ar, ar->req, new_dn);
+	if (ret != LDB_SUCCESS) {
+		goto failed;
+	}
+
+	DEBUG(2,(__location__ ": With conflicting record renamed, re-apply replicated rename '%s' -> '%s'\n",
+		 ldb_dn_get_linearized(ar->search_msg->dn),
+		 ldb_dn_get_linearized(msg->dn)));
+
+	/*
+	 * With the other record out of the way, do the rename we had
+	 * at the top again
+	 */
+	ret = dsdb_module_rename(ar->module, ar->search_msg->dn, msg->dn,
+				 DSDB_FLAG_NEXT_MODULE, ar->req);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,(__location__ ": After conflict resolution, failed to rename dn '%s' to '%s' - %s\n",
+			 ldb_dn_get_linearized(ar->search_msg->dn),
+			 ldb_dn_get_linearized(msg->dn),
+			 ldb_errstring(ldb_module_get_ctx(ar->module))));
+			goto failed;
+	}
+
+	talloc_free(tmp_ctx);
+	return ret;
+failed:
+	/*
+	 * On failure make the caller get the error
+	 * This means replication will stop with an error,
+	 * but there is not much else we can do.  In the
+	 * LDB_ERR_ENTRY_ALREADY_EXISTS case this is exactly what is
+	 * needed.
+	 */
+	if (ret == LDB_SUCCESS) {
+		ret = LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+
+static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar)
+{
+	struct ldb_context *ldb;
+	struct ldb_request *change_req;
+	enum ndr_err_code ndr_err;
+	struct ldb_message *msg;
+	struct replPropertyMetaDataBlob *rmd;
+	struct replPropertyMetaDataBlob omd;
+	const struct ldb_val *omd_value;
+	struct replPropertyMetaDataBlob nmd;
+	struct ldb_val nmd_value;
+	struct GUID remote_parent_guid;
+	unsigned int i;
+	uint32_t j,ni=0;
+	unsigned int removed_attrs = 0;
+	int ret;
+	int (*callback)(struct ldb_request *req, struct ldb_reply *ares) = replmd_op_callback;
+	bool isDeleted = false;
+	bool local_isDeleted = false;
+	bool remote_isDeleted = false;
+	bool take_remote_isDeleted = false;
+	bool sd_updated = false;
+	bool renamed = false;
+	bool renamed_to_conflict = false;
+	bool is_schema_nc = false;
+	NTSTATUS nt_status;
+	const struct ldb_val *old_rdn, *new_rdn;
+	struct replmd_private *replmd_private =
+		talloc_get_type(ldb_module_get_private(ar->module),
+				struct replmd_private);
+	NTTIME now;
+	time_t t = time(NULL);
+	unix_to_nt_time(&now, t);
+
+	ldb = ldb_module_get_ctx(ar->module);
+	msg = ar->objs->objects[ar->index_current].msg;
+
+	is_schema_nc = ldb_dn_compare_base(replmd_private->schema_dn, msg->dn) == 0;
+
+	rmd = ar->objs->objects[ar->index_current].meta_data;
+	ZERO_STRUCT(omd);
+	omd.version = 1;
+
+	/* find existing meta data */
+	omd_value = ldb_msg_find_ldb_val(ar->search_msg, "replPropertyMetaData");
+	if (omd_value) {
+		ndr_err = ndr_pull_struct_blob(omd_value, ar, &omd,
+					       (ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaDataBlob);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			nt_status = ndr_map_error2ntstatus(ndr_err);
+			return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status));
+		}
+
+		if (omd.version != 1) {
+			return replmd_replicated_request_werror(ar, WERR_DS_DRA_INTERNAL_ERROR);
+		}
+	}
+
+	if (DEBUGLVL(8)) {
+		struct GUID_txt_buf guid_txt;
+
+		char *s = ldb_ldif_message_redacted_string(ldb, ar,
+							   LDB_CHANGETYPE_MODIFY, msg);
+		DEBUG(8, ("Initial DRS replication modify message of %s is:\n%s\n"
+			  "%s\n"
+			  "%s\n",
+			  GUID_buf_string(&ar->objs->objects[ar->index_current].object_guid, &guid_txt),
+			  s,
+			  ndr_print_struct_string(s,
+						  (ndr_print_fn_t)ndr_print_replPropertyMetaDataBlob,
+						  "existing replPropertyMetaData",
+						  &omd),
+			  ndr_print_struct_string(s,
+						  (ndr_print_fn_t)ndr_print_replPropertyMetaDataBlob,
+						  "incoming replPropertyMetaData",
+						  rmd)));
+		talloc_free(s);
+	} else if (DEBUGLVL(4)) {
+		struct GUID_txt_buf guid_txt;
+
+		DEBUG(4, ("Initial DRS replication modify DN of %s is: %s\n",
+			  GUID_buf_string(&ar->objs->objects[ar->index_current].object_guid,
+					  &guid_txt),
+			  ldb_dn_get_linearized(msg->dn)));
+	}
+		
+	local_isDeleted = ldb_msg_find_attr_as_bool(ar->search_msg,
+						    "isDeleted", false);
+	remote_isDeleted = ldb_msg_find_attr_as_bool(msg,
+						     "isDeleted", false);
+
+	/*
+	 * Fill in the remote_parent_guid with the GUID or an all-zero
+	 * GUID.
+	 */
+	if (ar->objs->objects[ar->index_current].parent_guid != NULL) {
+		remote_parent_guid = *ar->objs->objects[ar->index_current].parent_guid;
+	} else {
+		remote_parent_guid = GUID_zero();
+	}
+
+	/*
+	 * To ensure we follow a complex rename chain around, we have
+	 * to confirm that the DN is the same (mostly to confirm the
+	 * RDN) and the parentGUID is the same.
+	 *
+	 * This ensures we keep things under the correct parent, which
+	 * replmd_replicated_handle_rename() will do.
+	 */
+
+	if (strcmp(ldb_dn_get_linearized(msg->dn), ldb_dn_get_linearized(ar->search_msg->dn)) == 0
+	    && GUID_equal(&remote_parent_guid, &ar->local_parent_guid)) {
+		ret = LDB_SUCCESS;
+	} else {
+		/*
+		 * handle renames, even just by case that come in over
+		 * DRS.  Changes in the parent DN don't hit us here,
+		 * because the search for a parent will clean up those
+		 * components.
+		 *
+		 * We also have already filtered out the case where
+		 * the peer has an older name to what we have (see
+		 * replmd_replicated_apply_search_callback())
+		 */
+		ret = replmd_replicated_handle_rename(ar, msg, ar->req, &renamed_to_conflict);
+
+		/*
+		 * This looks strange, but we must set this after any
+		 * rename, otherwise the SD propegation will not
+		 * happen (which might matter if we have a new parent)
+		 *
+		 * The additional case of calling
+		 * replmd_op_name_modify_callback (below) is
+		 * controlled by renamed_to_conflict.
+		 */
+		renamed = true;
+	}
+
+	if (ret != LDB_SUCCESS) {
+		ldb_debug(ldb, LDB_DEBUG_FATAL,
+			  "replmd_replicated_request rename %s => %s failed - %s\n",
+			  ldb_dn_get_linearized(ar->search_msg->dn),
+			  ldb_dn_get_linearized(msg->dn),
+			  ldb_errstring(ldb));
+		return replmd_replicated_request_werror(ar, WERR_DS_DRA_DB_ERROR);
+	}
+
+	if (renamed_to_conflict == true) {
+		/*
+		 * Set the callback to one that will fix up the name
+		 * metadata on the new conflict DN
+		 */
+		callback = replmd_op_name_modify_callback;
+	}
+
+	ZERO_STRUCT(nmd);
+	nmd.version = 1;
+	nmd.ctr.ctr1.count = omd.ctr.ctr1.count + rmd->ctr.ctr1.count;
+	nmd.ctr.ctr1.array = talloc_array(ar,
+					  struct replPropertyMetaData1,
+					  nmd.ctr.ctr1.count);
+	if (!nmd.ctr.ctr1.array) return replmd_replicated_request_werror(ar, WERR_NOT_ENOUGH_MEMORY);
+
+	/* first copy the old meta data */
+	for (i=0; i < omd.ctr.ctr1.count; i++) {
+		nmd.ctr.ctr1.array[ni]	= omd.ctr.ctr1.array[i];
+		ni++;
+	}
+
+	ar->seq_num = 0;
+	/* now merge in the new meta data */
+	for (i=0; i < rmd->ctr.ctr1.count; i++) {
+		bool found = false;
+
+		for (j=0; j < ni; j++) {
+			bool cmp;
+
+			if (rmd->ctr.ctr1.array[i].attid != nmd.ctr.ctr1.array[j].attid) {
+				continue;
+			}
+
+			cmp = replmd_replPropertyMetaData1_new_should_be_taken(
+				ar->objs->dsdb_repl_flags,
+				&nmd.ctr.ctr1.array[j],
+				&rmd->ctr.ctr1.array[i]);
+			if (cmp) {
+				/* replace the entry */
+				nmd.ctr.ctr1.array[j] = rmd->ctr.ctr1.array[i];
+				if (ar->seq_num == 0) {
+					ret = ldb_sequence_number(ldb, LDB_SEQ_NEXT, &ar->seq_num);
+					if (ret != LDB_SUCCESS) {
+						return replmd_replicated_request_error(ar, ret);
+					}
+				}
+				nmd.ctr.ctr1.array[j].local_usn = ar->seq_num;
+				switch (nmd.ctr.ctr1.array[j].attid) {
+				case DRSUAPI_ATTID_ntSecurityDescriptor:
+					sd_updated = true;
+					break;
+				case DRSUAPI_ATTID_isDeleted:
+					take_remote_isDeleted = true;
+					break;
+				default:
+					break;
+				}
+				found = true;
+				break;
+			}
+
+			if (rmd->ctr.ctr1.array[i].attid != DRSUAPI_ATTID_instanceType) {
+				DEBUG(3,("Discarding older DRS attribute update to %s on %s from %s\n",
+					 msg->elements[i-removed_attrs].name,
+					 ldb_dn_get_linearized(msg->dn),
+					 GUID_string(ar, &rmd->ctr.ctr1.array[i].originating_invocation_id)));
+			}
+
+			/* we don't want to apply this change so remove the attribute */
+			ldb_msg_remove_element(msg, &msg->elements[i-removed_attrs]);
+			removed_attrs++;
+
+			found = true;
+			break;
+		}
+
+		if (found) continue;
+
+		nmd.ctr.ctr1.array[ni] = rmd->ctr.ctr1.array[i];
+		if (ar->seq_num == 0) {
+			ret = ldb_sequence_number(ldb, LDB_SEQ_NEXT, &ar->seq_num);
+			if (ret != LDB_SUCCESS) {
+				return replmd_replicated_request_error(ar, ret);
+			}
+		}
+		nmd.ctr.ctr1.array[ni].local_usn = ar->seq_num;
+		switch (nmd.ctr.ctr1.array[ni].attid) {
+		case DRSUAPI_ATTID_ntSecurityDescriptor:
+			sd_updated = true;
+			break;
+		case DRSUAPI_ATTID_isDeleted:
+			take_remote_isDeleted = true;
+			break;
+		default:
+			break;
+		}
+		ni++;
+	}
+
+	/*
+	 * finally correct the size of the meta_data array
+	 */
+	nmd.ctr.ctr1.count = ni;
+
+	new_rdn = ldb_dn_get_rdn_val(msg->dn);
+	old_rdn = ldb_dn_get_rdn_val(ar->search_msg->dn);
+
+	if (renamed) {
+		ret = replmd_update_rpmd_rdn_attr(ldb, msg, new_rdn, old_rdn,
+						  &nmd, ar, now, is_schema_nc,
+						  false);
+		if (ret != LDB_SUCCESS) {
+			ldb_asprintf_errstring(ldb, "%s: error during DRS repl merge: %s", __func__, ldb_errstring(ldb));
+			return replmd_replicated_request_error(ar, ret);
+		}
+	}
+	/*
+	 * sort the new meta data array
+	 */
+	ret = replmd_replPropertyMetaDataCtr1_sort_and_verify(ldb, &nmd.ctr.ctr1, msg->dn);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb, "%s: error during DRS repl merge: %s", __func__, ldb_errstring(ldb));
+		return ret;
+	}
+
+	/*
+	 * Work out if this object is deleted, so we can prune any extra attributes.  See MS-DRSR 4.1.10.6.9
+	 * UpdateObject.
+	 *
+	 * This also controls SD propagation below
+	 */
+	if (take_remote_isDeleted) {
+		isDeleted = remote_isDeleted;
+	} else {
+		isDeleted = local_isDeleted;
+	}
+
+	ar->isDeleted = isDeleted;
+
+	/*
+	 * check if some replicated attributes left, otherwise skip the ldb_modify() call
+	 */
+	if (msg->num_elements == 0) {
+		ldb_debug(ldb, LDB_DEBUG_TRACE, "replmd_replicated_apply_merge[%u]: skip replace\n",
+			  ar->index_current);
+
+		return replmd_replicated_apply_isDeleted(ar);
+	}
+
+	ldb_debug(ldb, LDB_DEBUG_TRACE, "replmd_replicated_apply_merge[%u]: replace %u attributes\n",
+		  ar->index_current, msg->num_elements);
+
+	if (renamed) {
+		/*
+		 * This is an new name for this object, so we must
+		 * inherit from the parent
+		 *
+		 * This is needed because descriptor is above
+		 * repl_meta_data in the module stack, so this will
+		 * not be triggered 'naturally' by the flow of
+		 * operations.
+		 */
+		ret = dsdb_module_schedule_sd_propagation(ar->module,
+							  ar->objs->partition_dn,
+							  ar->objs->objects[ar->index_current].object_guid,
+							  ar->objs->objects[ar->index_current].parent_guid ?
+							  *ar->objs->objects[ar->index_current].parent_guid :
+							  GUID_zero(),
+							  true);
+		if (ret != LDB_SUCCESS) {
+			return ldb_operr(ldb);
+		}
+	}
+
+	if (sd_updated && !isDeleted) {
+		/*
+		 * This is an existing object, so there is no need to
+		 * inherit from the parent, but we must inherit any
+		 * incoming changes to our child objects.
+		 *
+		 * This is needed because descriptor is above
+		 * repl_meta_data in the module stack, so this will
+		 * not be triggered 'naturally' by the flow of
+		 * operations.
+		 */
+		ret = dsdb_module_schedule_sd_propagation(ar->module,
+							  ar->objs->partition_dn,
+							  ar->objs->objects[ar->index_current].object_guid,
+							  ar->objs->objects[ar->index_current].parent_guid ?
+							  *ar->objs->objects[ar->index_current].parent_guid :
+							  GUID_zero(),
+							  false);
+		if (ret != LDB_SUCCESS) {
+			return ldb_operr(ldb);
+		}
+	}
+
+	/* create the meta data value */
+	ndr_err = ndr_push_struct_blob(&nmd_value, msg, &nmd,
+				       (ndr_push_flags_fn_t)ndr_push_replPropertyMetaDataBlob);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		nt_status = ndr_map_error2ntstatus(ndr_err);
+		return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status));
+	}
+
+	/*
+	 * when we know that we'll modify the record, add the whenChanged, uSNChanged
+	 * and replPopertyMetaData attributes
+	 */
+	ret = ldb_msg_add_string(msg, "whenChanged", ar->objs->objects[ar->index_current].when_changed);
+	if (ret != LDB_SUCCESS) {
+		return replmd_replicated_request_error(ar, ret);
+	}
+	ret = samdb_msg_add_uint64(ldb, msg, msg, "uSNChanged", ar->seq_num);
+	if (ret != LDB_SUCCESS) {
+		return replmd_replicated_request_error(ar, ret);
+	}
+	ret = ldb_msg_add_value(msg, "replPropertyMetaData", &nmd_value, NULL);
+	if (ret != LDB_SUCCESS) {
+		return replmd_replicated_request_error(ar, ret);
+	}
+
+	replmd_ldb_message_sort(msg, ar->schema);
+
+	/* we want to replace the old values */
+	for (i=0; i < msg->num_elements; i++) {
+		msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
+		if (ldb_attr_cmp(msg->elements[i].name, "objectClass") == 0) {
+			if (msg->elements[i].num_values == 0) {
+				ldb_asprintf_errstring(ldb, __location__
+						       ": objectClass removed on %s, aborting replication\n",
+						       ldb_dn_get_linearized(msg->dn));
+				return replmd_replicated_request_error(ar, LDB_ERR_OBJECT_CLASS_VIOLATION);
+			}
+		}
+	}
+
+	if (DEBUGLVL(8)) {
+		struct GUID_txt_buf guid_txt;
+
+		char *s = ldb_ldif_message_redacted_string(ldb, ar,
+							   LDB_CHANGETYPE_MODIFY,
+							   msg);
+		DEBUG(8, ("Final DRS replication modify message of %s:\n%s\n",
+			  GUID_buf_string(&ar->objs->objects[ar->index_current].object_guid,
+					  &guid_txt),
+			  s));
+		talloc_free(s);
+	} else if (DEBUGLVL(4)) {
+		struct GUID_txt_buf guid_txt;
+
+		DEBUG(4, ("Final DRS replication modify DN of %s is %s\n",
+			  GUID_buf_string(&ar->objs->objects[ar->index_current].object_guid,
+					  &guid_txt),
+			  ldb_dn_get_linearized(msg->dn)));
+	}
+
+	ret = ldb_build_mod_req(&change_req,
+				ldb,
+				ar,
+				msg,
+				ar->controls,
+				ar,
+				callback,
+				ar->req);
+	LDB_REQ_SET_LOCATION(change_req);
+	if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret);
+
+	/* current partition control needed by "repmd_op_callback" */
+	ret = ldb_request_add_control(change_req,
+				      DSDB_CONTROL_CURRENT_PARTITION_OID,
+				      false, NULL);
+	if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret);
+
+	return ldb_next_request(ar->module, change_req);
+}
+
+static int replmd_replicated_apply_search_callback(struct ldb_request *req,
+						   struct ldb_reply *ares)
+{
+	struct replmd_replicated_request *ar = talloc_get_type(req->context,
+					       struct replmd_replicated_request);
+	int ret;
+
+	if (!ares) {
+		return ldb_module_done(ar->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ares->error != LDB_SUCCESS &&
+	    ares->error != LDB_ERR_NO_SUCH_OBJECT) {
+		return ldb_module_done(ar->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+		ar->search_msg = talloc_steal(ar, ares->message);
+		break;
+
+	case LDB_REPLY_REFERRAL:
+		/* we ignore referrals */
+		break;
+
+	case LDB_REPLY_DONE:
+	{
+		struct replPropertyMetaData1 *md_remote;
+		struct replPropertyMetaData1 *md_local;
+
+		struct replPropertyMetaDataBlob omd;
+		const struct ldb_val *omd_value;
+		struct replPropertyMetaDataBlob *rmd;
+		struct ldb_message *msg;
+		int instanceType;
+		ar->objs->objects[ar->index_current].local_parent_dn = NULL;
+		ar->objs->objects[ar->index_current].last_known_parent = NULL;
+
+		/*
+		 * This is the ADD case, find the appropriate parent,
+		 * as this object doesn't exist locally:
+		 */
+		if (ar->search_msg == NULL) {
+			ret = replmd_replicated_apply_search_for_parent(ar);
+			if (ret != LDB_SUCCESS) {
+				return ldb_module_done(ar->req, NULL, NULL, ret);
+			}
+			talloc_free(ares);
+			return LDB_SUCCESS;
+		}
+
+		/*
+		 * Otherwise, in the MERGE case, work out if we are
+		 * attempting a rename, and if so find the parent the
+		 * newly renamed object wants to belong under (which
+		 * may not be the parent in it's attached string DN
+		 */
+		rmd = ar->objs->objects[ar->index_current].meta_data;
+		ZERO_STRUCT(omd);
+		omd.version = 1;
+
+		/* find existing meta data */
+		omd_value = ldb_msg_find_ldb_val(ar->search_msg, "replPropertyMetaData");
+		if (omd_value) {
+			enum ndr_err_code ndr_err;
+			ndr_err = ndr_pull_struct_blob(omd_value, ar, &omd,
+						       (ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaDataBlob);
+			if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+				NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
+				return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status));
+			}
+
+			if (omd.version != 1) {
+				return replmd_replicated_request_werror(ar, WERR_DS_DRA_INTERNAL_ERROR);
+			}
+		}
+
+		ar->local_parent_guid = samdb_result_guid(ar->search_msg, "parentGUID");
+
+		instanceType = ldb_msg_find_attr_as_int(ar->search_msg, "instanceType", 0);
+		if (((instanceType & INSTANCE_TYPE_IS_NC_HEAD) == 0)
+		    && GUID_all_zero(&ar->local_parent_guid)) {
+			DEBUG(0, ("Refusing to replicate new version of %s "
+				  "as local object has an all-zero parentGUID attribute, "
+				  "despite not being an NC root\n",
+				  ldb_dn_get_linearized(ar->search_msg->dn)));
+			return replmd_replicated_request_werror(ar, WERR_DS_DRA_INTERNAL_ERROR);
+		}
+
+		/*
+		 * now we need to check for double renames. We could have a
+		 * local rename pending which our replication partner hasn't
+		 * received yet. We choose which one wins by looking at the
+		 * attribute stamps on the two objects, the newer one wins.
+		 *
+		 * This also simply applies the correct algorithms for
+		 * determining if a change was made to name at all, or
+		 * if the object has just been renamed under the same
+		 * parent.
+		 */
+		md_remote = replmd_replPropertyMetaData1_find_attid(rmd, DRSUAPI_ATTID_name);
+		md_local = replmd_replPropertyMetaData1_find_attid(&omd, DRSUAPI_ATTID_name);
+		if (!md_local) {
+			DEBUG(0,(__location__ ": Failed to find name attribute in local LDB replPropertyMetaData for %s\n",
+				 ldb_dn_get_linearized(ar->search_msg->dn)));
+			return replmd_replicated_request_werror(ar, WERR_DS_DRA_DB_ERROR);
+		}
+
+		/*
+		 * if there is no name attribute given then we have to assume the
+		 *  object we've received has the older name
+		 */
+		if (replmd_replPropertyMetaData1_new_should_be_taken(
+			    ar->objs->dsdb_repl_flags & DSDB_REPL_FLAG_PRIORITISE_INCOMING,
+			    md_local, md_remote)) {
+			struct GUID_txt_buf p_guid_local;
+			struct GUID_txt_buf p_guid_remote;
+			msg = ar->objs->objects[ar->index_current].msg;
+
+			/* Merge on the existing object, with rename */
+
+			DEBUG(4,(__location__ ": Looking for new parent for object %s currently under %s "
+				 "as incoming object changing to %s under %s\n",
+				 ldb_dn_get_linearized(ar->search_msg->dn),
+				 GUID_buf_string(&ar->local_parent_guid, &p_guid_local),
+				 ldb_dn_get_linearized(msg->dn),
+				 GUID_buf_string(ar->objs->objects[ar->index_current].parent_guid,
+						 &p_guid_remote)));
+			ret = replmd_replicated_apply_search_for_parent(ar);
+		} else {
+			struct GUID_txt_buf p_guid_local;
+			struct GUID_txt_buf p_guid_remote;
+			msg = ar->objs->objects[ar->index_current].msg;
+
+			/*
+			 * Merge on the existing object, force no
+			 * rename (code below just to explain why in
+			 * the DEBUG() logs)
+			 */
+
+			if (strcmp(ldb_dn_get_linearized(ar->search_msg->dn),
+				   ldb_dn_get_linearized(msg->dn)) == 0) {
+				if (ar->objs->objects[ar->index_current].parent_guid != NULL &&
+				    GUID_equal(&ar->local_parent_guid,
+					       ar->objs->objects[ar->index_current].parent_guid)
+				    == false) {
+					DEBUG(4,(__location__ ": Keeping object %s at under %s "
+						 "despite incoming object changing parent to %s\n",
+						 ldb_dn_get_linearized(ar->search_msg->dn),
+						 GUID_buf_string(&ar->local_parent_guid, &p_guid_local),
+						 GUID_buf_string(ar->objs->objects[ar->index_current].parent_guid,
+								 &p_guid_remote)));
+				}
+			} else {
+				DEBUG(4,(__location__ ": Keeping object %s at under %s "
+					 " and rejecting older rename to %s under %s\n",
+					 ldb_dn_get_linearized(ar->search_msg->dn),
+					 GUID_buf_string(&ar->local_parent_guid, &p_guid_local),
+					 ldb_dn_get_linearized(msg->dn),
+					 GUID_buf_string(ar->objs->objects[ar->index_current].parent_guid,
+							 &p_guid_remote)));
+			}
+			/*
+			 * This assignment ensures that the strcmp()
+			 * and GUID_equal() calls in
+			 * replmd_replicated_apply_merge() avoids the
+			 * rename call
+			 */
+			ar->objs->objects[ar->index_current].parent_guid =
+				&ar->local_parent_guid;
+
+			msg->dn = ar->search_msg->dn;
+			ret = replmd_replicated_apply_merge(ar);
+		}
+		if (ret != LDB_SUCCESS) {
+			return ldb_module_done(ar->req, NULL, NULL, ret);
+		}
+	}
+	}
+
+	talloc_free(ares);
+	return LDB_SUCCESS;
+}
+
+/**
+ * Returns true if we can group together processing this link attribute,
+ * i.e. it has the same source-object and attribute ID as other links
+ * already in the group
+ */
+static bool la_entry_matches_group(struct la_entry *la_entry,
+				   struct la_group *la_group)
+{
+	struct la_entry *prev = la_group->la_entries;
+
+	return (la_entry->la->attid == prev->la->attid &&
+		GUID_equal(&la_entry->la->identifier->guid,
+			   &prev->la->identifier->guid));
+}
+
+/**
+ * Creates a new la_entry to store replication info for a single
+ * linked attribute.
+ */
+static struct la_entry *
+create_la_entry(struct replmd_private *replmd_private,
+		struct drsuapi_DsReplicaLinkedAttribute *la,
+		uint32_t dsdb_repl_flags)
+{
+	struct la_entry *la_entry;
+
+	if (replmd_private->la_ctx == NULL) {
+		replmd_private->la_ctx = talloc_new(replmd_private);
+	}
+	la_entry = talloc(replmd_private->la_ctx, struct la_entry);
+	if (la_entry == NULL) {
+		return NULL;
+	}
+	la_entry->la = talloc(la_entry,
+			      struct drsuapi_DsReplicaLinkedAttribute);
+	if (la_entry->la == NULL) {
+		talloc_free(la_entry);
+		return NULL;
+	}
+	*la_entry->la = *la;
+	la_entry->dsdb_repl_flags = dsdb_repl_flags;
+
+	/*
+	 * we need to steal the non-scalars so they stay
+	 * around until the end of the transaction
+	 */
+	talloc_steal(la_entry->la, la_entry->la->identifier);
+	talloc_steal(la_entry->la, la_entry->la->value.blob);
+
+	return la_entry;
+}
+
+/**
+ * Stores the linked attributes received in the replication chunk - these get
+ * applied at the end of the transaction. We also check that each linked
+ * attribute is valid, i.e. source and target objects are known.
+ */
+static int replmd_store_linked_attributes(struct replmd_replicated_request *ar)
+{
+	int ret = LDB_SUCCESS;
+	uint32_t i;
+	struct ldb_module *module = ar->module;
+	struct replmd_private *replmd_private =
+		talloc_get_type(ldb_module_get_private(module), struct replmd_private);
+	struct la_group *la_group = NULL;
+	struct ldb_context *ldb;
+	TALLOC_CTX *tmp_ctx = NULL;
+	struct ldb_message *src_msg = NULL;
+	const struct dsdb_attribute *attr = NULL;
+
+	ldb = ldb_module_get_ctx(module);
+
+	DEBUG(4,("linked_attributes_count=%u\n", ar->objs->linked_attributes_count));
+
+	/* save away the linked attributes for the end of the transaction */
+	for (i = 0; i < ar->objs->linked_attributes_count; i++) {
+		struct la_entry *la_entry;
+		bool new_srcobj;
+
+		/* create an entry to store the received link attribute info */
+		la_entry = create_la_entry(replmd_private,
+					   &ar->objs->linked_attributes[i],
+					   ar->objs->dsdb_repl_flags);
+		if (la_entry == NULL) {
+			ldb_oom(ldb);
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+
+		/*
+		 * check if we're still dealing with the same source object
+		 * as the last link
+		 */
+		new_srcobj = (la_group == NULL ||
+			      !la_entry_matches_group(la_entry, la_group));
+
+		if (new_srcobj) {
+
+			/* get a new mem_ctx to lookup the source object */
+			TALLOC_FREE(tmp_ctx);
+			tmp_ctx = talloc_new(ar);
+			if (tmp_ctx == NULL) {
+				ldb_oom(ldb);
+				return LDB_ERR_OPERATIONS_ERROR;
+			}
+
+			/* verify the link source exists */
+			ret = replmd_get_la_entry_source(module, la_entry,
+							 tmp_ctx, &attr,
+							 &src_msg);
+
+			/*
+			 * When we fail to find the source object, the error
+			 * code we pass back here is really important. It flags
+			 * back to the callers to retry this request with
+			 * DRSUAPI_DRS_GET_ANC. This case should never happen
+			 * if we're replicating from a Samba DC, but it is
+			 * needed to talk to a Windows DC
+			 */
+			if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+				WERROR err = WERR_DS_DRA_MISSING_PARENT;
+				ret = replmd_replicated_request_werror(ar,
+								       err);
+				break;
+			}
+		}
+
+		ret = replmd_verify_link_target(ar, tmp_ctx, la_entry,
+						src_msg->dn, attr);
+		if (ret != LDB_SUCCESS) {
+			break;
+		}
+
+		/* group the links together by source-object for efficiency */
+		if (new_srcobj) {
+			la_group = talloc_zero(replmd_private->la_ctx,
+					       struct la_group);
+			if (la_group == NULL) {
+				ldb_oom(ldb);
+				return LDB_ERR_OPERATIONS_ERROR;
+			}
+			DLIST_ADD(replmd_private->la_list, la_group);
+		}
+		DLIST_ADD(la_group->la_entries, la_entry);
+		replmd_private->total_links++;
+	}
+
+	TALLOC_FREE(tmp_ctx);
+	return ret;
+}
+
+static int replmd_replicated_uptodate_vector(struct replmd_replicated_request *ar);
+
+static int replmd_replicated_apply_next(struct replmd_replicated_request *ar)
+{
+	struct ldb_context *ldb;
+	int ret;
+	char *tmp_str;
+	char *filter;
+	struct ldb_request *search_req;
+	static const char *attrs[] = { "repsFrom", "replUpToDateVector",
+				       "parentGUID", "instanceType",
+				       "replPropertyMetaData", "nTSecurityDescriptor",
+				       "isDeleted", NULL };
+	struct GUID_txt_buf guid_str_buf;
+
+	if (ar->index_current >= ar->objs->num_objects) {
+
+		/*
+		 * Now that we've applied all the objects, check the new linked
+		 * attributes and store them (we apply them in .prepare_commit)
+		 */
+		ret = replmd_store_linked_attributes(ar);
+
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		/* done applying objects, move on to the next stage */
+		return replmd_replicated_uptodate_vector(ar);
+	}
+
+	ldb = ldb_module_get_ctx(ar->module);
+	ar->search_msg = NULL;
+	ar->isDeleted = false;
+
+	tmp_str = GUID_buf_string(&ar->objs->objects[ar->index_current].object_guid,
+				  &guid_str_buf);
+
+	filter = talloc_asprintf(ar, "(objectGUID=%s)", tmp_str);
+	if (!filter) return replmd_replicated_request_werror(ar, WERR_NOT_ENOUGH_MEMORY);
+
+	ret = ldb_build_search_req(&search_req,
+				   ldb,
+				   ar,
+				   ar->objs->partition_dn,
+				   LDB_SCOPE_SUBTREE,
+				   filter,
+				   attrs,
+				   NULL,
+				   ar,
+				   replmd_replicated_apply_search_callback,
+				   ar->req);
+	LDB_REQ_SET_LOCATION(search_req);
+
+	/*
+	 * We set DSDB_SEARCH_SHOW_EXTENDED_DN to get the GUID on the
+	 * DN.  This in turn helps our operational module find the
+	 * record by GUID, not DN lookup which is more error prone if
+	 * DN indexing changes.  We prefer to keep chasing GUIDs
+	 * around if possible, even within a transaction.
+	 *
+	 * The aim here is to keep replication moving and allow a
+	 * reindex later.
+	 */
+	ret = dsdb_request_add_controls(search_req, DSDB_SEARCH_SHOW_RECYCLED
+					|DSDB_SEARCH_SHOW_EXTENDED_DN);
+
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return ldb_next_request(ar->module, search_req);
+}
+
+/*
+ * Returns true if we need to do extra processing to handle deleted object
+ * changes received via replication
+ */
+static bool replmd_should_apply_isDeleted(struct replmd_replicated_request *ar,
+					  struct ldb_message *msg)
+{
+	struct ldb_dn *deleted_objects_dn;
+	int ret;
+
+	if (!ar->isDeleted) {
+
+		/* not a deleted object, so don't set isDeleted */
+		return false;
+	}
+
+	ret = dsdb_get_deleted_objects_dn(ldb_module_get_ctx(ar->module),
+					  msg, msg->dn,
+					  &deleted_objects_dn);
+
+	/*
+	 * if the Deleted Object container lookup failed, then just apply
+	 * isDeleted (note that it doesn't exist for the Schema partition)
+	 */
+	if (ret != LDB_SUCCESS) {
+		return true;
+	}
+
+	/*
+	 * the Deleted Objects container has isDeleted set but is not entirely
+	 * a deleted object, so DON'T re-apply isDeleted to it
+	 */
+	if (ldb_dn_compare(msg->dn, deleted_objects_dn) == 0) {
+		return false;
+	}
+
+	return true;
+}
+
+/*
+ * This is essentially a wrapper for replmd_replicated_apply_next()
+ *
+ * This is needed to ensure that both codepaths call this handler.
+ */
+static int replmd_replicated_apply_isDeleted(struct replmd_replicated_request *ar)
+{
+	struct ldb_message *msg = ar->objs->objects[ar->index_current].msg;
+	int ret;
+	bool apply_isDeleted;
+	struct ldb_request *del_req = NULL;
+	struct ldb_result *res = NULL;
+	TALLOC_CTX *tmp_ctx = NULL;
+
+	apply_isDeleted = replmd_should_apply_isDeleted(ar, msg);
+
+	if (!apply_isDeleted) {
+
+		/* nothing to do */
+		ar->index_current++;
+		return replmd_replicated_apply_next(ar);
+	}
+
+	/*
+	 * Do a delete here again, so that if there is
+	 * anything local that conflicts with this
+	 * object being deleted, it is removed.  This
+	 * includes links.  See MS-DRSR 4.1.10.6.9
+	 * UpdateObject.
+	 *
+	 * If the object is already deleted, and there
+	 * is no more work required, it doesn't do
+	 * anything.
+	 */
+
+	/* This has been updated to point to the DN we eventually did the modify on */
+
+	tmp_ctx = talloc_new(ar);
+	if (!tmp_ctx) {
+		ret = ldb_oom(ldb_module_get_ctx(ar->module));
+		return ret;
+	}
+
+	res = talloc_zero(tmp_ctx, struct ldb_result);
+	if (!res) {
+		ret = ldb_oom(ldb_module_get_ctx(ar->module));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	/* Build a delete request, which hopefully will artually turn into nothing */
+	ret = ldb_build_del_req(&del_req, ldb_module_get_ctx(ar->module), tmp_ctx,
+				msg->dn,
+				NULL,
+				res,
+				ldb_modify_default_callback,
+				ar->req);
+	LDB_REQ_SET_LOCATION(del_req);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	/*
+	 * This is the guts of the call, call back
+	 * into our delete code, but setting the
+	 * re_delete flag so we delete anything that
+	 * shouldn't be there on a deleted or recycled
+	 * object
+	 */
+	ret = replmd_delete_internals(ar->module, del_req, true);
+	if (ret == LDB_SUCCESS) {
+		ret = ldb_wait(del_req->handle, LDB_WAIT_ALL);
+	}
+
+	talloc_free(tmp_ctx);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ar->index_current++;
+	return replmd_replicated_apply_next(ar);
+}
+
+static int replmd_replicated_uptodate_modify_callback(struct ldb_request *req,
+						      struct ldb_reply *ares)
+{
+	struct ldb_context *ldb;
+	struct replmd_replicated_request *ar = talloc_get_type(req->context,
+					       struct replmd_replicated_request);
+	ldb = ldb_module_get_ctx(ar->module);
+
+	if (!ares) {
+		return ldb_module_done(ar->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ar->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	if (ares->type != LDB_REPLY_DONE) {
+		ldb_asprintf_errstring(ldb, "Invalid LDB reply type %d", ares->type);
+		return ldb_module_done(ar->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+
+	talloc_free(ares);
+
+	return ldb_module_done(ar->req, NULL, NULL, LDB_SUCCESS);
+}
+
+static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *ar)
+{
+	struct ldb_context *ldb;
+	struct ldb_request *change_req;
+	enum ndr_err_code ndr_err;
+	struct ldb_message *msg;
+	struct replUpToDateVectorBlob ouv;
+	const struct ldb_val *ouv_value;
+	const struct drsuapi_DsReplicaCursor2CtrEx *ruv;
+	struct replUpToDateVectorBlob nuv;
+	struct ldb_val nuv_value;
+	struct ldb_message_element *nuv_el = NULL;
+	struct ldb_message_element *orf_el = NULL;
+	struct repsFromToBlob nrf;
+	struct ldb_val *nrf_value = NULL;
+	struct ldb_message_element *nrf_el = NULL;
+	unsigned int i;
+	uint32_t j,ni=0;
+	bool found = false;
+	time_t t = time(NULL);
+	NTTIME now;
+	int ret;
+	uint32_t instanceType;
+
+	ldb = ldb_module_get_ctx(ar->module);
+	ruv = ar->objs->uptodateness_vector;
+	ZERO_STRUCT(ouv);
+	ouv.version = 2;
+	ZERO_STRUCT(nuv);
+	nuv.version = 2;
+
+	unix_to_nt_time(&now, t);
+
+	if (ar->search_msg == NULL) {
+		/* this happens for a REPL_OBJ call where we are
+		   creating the target object by replicating it. The
+		   subdomain join code does this for the partition DN
+		*/
+		DEBUG(4,(__location__ ": Skipping UDV and repsFrom update as no target DN\n"));
+		return ldb_module_done(ar->req, NULL, NULL, LDB_SUCCESS);
+	}
+
+	instanceType = ldb_msg_find_attr_as_uint(ar->search_msg, "instanceType", 0);
+	if (! (instanceType & INSTANCE_TYPE_IS_NC_HEAD)) {
+		DEBUG(4,(__location__ ": Skipping UDV and repsFrom update as not NC root: %s\n",
+			 ldb_dn_get_linearized(ar->search_msg->dn)));
+		return ldb_module_done(ar->req, NULL, NULL, LDB_SUCCESS);
+	}
+
+	/*
+	 * first create the new replUpToDateVector
+	 */
+	ouv_value = ldb_msg_find_ldb_val(ar->search_msg, "replUpToDateVector");
+	if (ouv_value) {
+		ndr_err = ndr_pull_struct_blob(ouv_value, ar, &ouv,
+					       (ndr_pull_flags_fn_t)ndr_pull_replUpToDateVectorBlob);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
+			return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status));
+		}
+
+		if (ouv.version != 2) {
+			return replmd_replicated_request_werror(ar, WERR_DS_DRA_INTERNAL_ERROR);
+		}
+	}
+
+	/*
+	 * the new uptodateness vector will at least
+	 * contain 1 entry, one for the source_dsa
+	 *
+	 * plus optional values from our old vector and the one from the source_dsa
+	 */
+	nuv.ctr.ctr2.count = ouv.ctr.ctr2.count;
+	if (ruv) nuv.ctr.ctr2.count += ruv->count;
+	nuv.ctr.ctr2.cursors = talloc_array(ar,
+					    struct drsuapi_DsReplicaCursor2,
+					    nuv.ctr.ctr2.count);
+	if (!nuv.ctr.ctr2.cursors) return replmd_replicated_request_werror(ar, WERR_NOT_ENOUGH_MEMORY);
+
+	/* first copy the old vector */
+	for (i=0; i < ouv.ctr.ctr2.count; i++) {
+		nuv.ctr.ctr2.cursors[ni] = ouv.ctr.ctr2.cursors[i];
+		ni++;
+	}
+
+	/* merge in the source_dsa vector is available */
+	for (i=0; (ruv && i < ruv->count); i++) {
+		found = false;
+
+		if (GUID_equal(&ruv->cursors[i].source_dsa_invocation_id,
+			       &ar->our_invocation_id)) {
+			continue;
+		}
+
+		for (j=0; j < ni; j++) {
+			if (!GUID_equal(&ruv->cursors[i].source_dsa_invocation_id,
+					&nuv.ctr.ctr2.cursors[j].source_dsa_invocation_id)) {
+				continue;
+			}
+
+			found = true;
+
+			if (ruv->cursors[i].highest_usn > nuv.ctr.ctr2.cursors[j].highest_usn) {
+				nuv.ctr.ctr2.cursors[j] = ruv->cursors[i];
+			}
+			break;
+		}
+
+		if (found) continue;
+
+		/* if it's not there yet, add it */
+		nuv.ctr.ctr2.cursors[ni] = ruv->cursors[i];
+		ni++;
+	}
+
+	/*
+	 * finally correct the size of the cursors array
+	 */
+	nuv.ctr.ctr2.count = ni;
+
+	/*
+	 * sort the cursors
+	 */
+	TYPESAFE_QSORT(nuv.ctr.ctr2.cursors, nuv.ctr.ctr2.count, drsuapi_DsReplicaCursor2_compare);
+
+	/*
+	 * create the change ldb_message
+	 */
+	msg = ldb_msg_new(ar);
+	if (!msg) return replmd_replicated_request_werror(ar, WERR_NOT_ENOUGH_MEMORY);
+	msg->dn = ar->search_msg->dn;
+
+	ndr_err = ndr_push_struct_blob(&nuv_value, msg, &nuv,
+				       (ndr_push_flags_fn_t)ndr_push_replUpToDateVectorBlob);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
+		return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status));
+	}
+	ret = ldb_msg_add_value(msg, "replUpToDateVector", &nuv_value, &nuv_el);
+	if (ret != LDB_SUCCESS) {
+		return replmd_replicated_request_error(ar, ret);
+	}
+	nuv_el->flags = LDB_FLAG_MOD_REPLACE;
+
+	/*
+	 * now create the new repsFrom value from the given repsFromTo1 structure
+	 */
+	ZERO_STRUCT(nrf);
+	nrf.version					= 1;
+	nrf.ctr.ctr1					= *ar->objs->source_dsa;
+	nrf.ctr.ctr1.last_attempt			= now;
+	nrf.ctr.ctr1.last_success			= now;
+	nrf.ctr.ctr1.result_last_attempt 		= WERR_OK;
+
+	/*
+	 * first see if we already have a repsFrom value for the current source dsa
+	 * if so we'll later replace this value
+	 */
+	orf_el = ldb_msg_find_element(ar->search_msg, "repsFrom");
+	if (orf_el) {
+		for (i=0; i < orf_el->num_values; i++) {
+			struct repsFromToBlob *trf;
+
+			trf = talloc(ar, struct repsFromToBlob);
+			if (!trf) return replmd_replicated_request_werror(ar, WERR_NOT_ENOUGH_MEMORY);
+
+			ndr_err = ndr_pull_struct_blob(&orf_el->values[i], trf, trf,
+						       (ndr_pull_flags_fn_t)ndr_pull_repsFromToBlob);
+			if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+				NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
+				return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status));
+			}
+
+			if (trf->version != 1) {
+				return replmd_replicated_request_werror(ar, WERR_DS_DRA_INTERNAL_ERROR);
+			}
+
+			/*
+			 * we compare the source dsa objectGUID not the invocation_id
+			 * because we want only one repsFrom value per source dsa
+			 * and when the invocation_id of the source dsa has changed we don't need
+			 * the old repsFrom with the old invocation_id
+			 */
+			if (!GUID_equal(&trf->ctr.ctr1.source_dsa_obj_guid,
+					&ar->objs->source_dsa->source_dsa_obj_guid)) {
+				talloc_free(trf);
+				continue;
+			}
+
+			talloc_free(trf);
+			nrf_value = &orf_el->values[i];
+			break;
+		}
+
+		/*
+		 * copy over all old values to the new ldb_message
+		 */
+		ret = ldb_msg_add_empty(msg, "repsFrom", 0, &nrf_el);
+		if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret);
+		*nrf_el = *orf_el;
+	}
+
+	/*
+	 * if we haven't found an old repsFrom value for the current source dsa
+	 * we'll add a new value
+	 */
+	if (!nrf_value) {
+		struct ldb_val zero_value;
+		ZERO_STRUCT(zero_value);
+		ret = ldb_msg_add_value(msg, "repsFrom", &zero_value, &nrf_el);
+		if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret);
+
+		nrf_value = &nrf_el->values[nrf_el->num_values - 1];
+	}
+
+	/* we now fill the value which is already attached to ldb_message */
+	ndr_err = ndr_push_struct_blob(nrf_value, msg,
+				       &nrf,
+				       (ndr_push_flags_fn_t)ndr_push_repsFromToBlob);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
+		return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status));
+	}
+
+	/*
+	 * the ldb_message_element for the attribute, has all the old values and the new one
+	 * so we'll replace the whole attribute with all values
+	 */
+	nrf_el->flags = LDB_FLAG_MOD_REPLACE;
+
+	if (CHECK_DEBUGLVL(4)) {
+		char *s = ldb_ldif_message_redacted_string(ldb, ar,
+							   LDB_CHANGETYPE_MODIFY,
+							   msg);
+		DEBUG(4, ("DRS replication up-to-date modify message:\n%s\n", s));
+		talloc_free(s);
+	}
+
+	/* prepare the ldb_modify() request */
+	ret = ldb_build_mod_req(&change_req,
+				ldb,
+				ar,
+				msg,
+				ar->controls,
+				ar,
+				replmd_replicated_uptodate_modify_callback,
+				ar->req);
+	LDB_REQ_SET_LOCATION(change_req);
+	if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret);
+
+	return ldb_next_request(ar->module, change_req);
+}
+
+static int replmd_replicated_uptodate_search_callback(struct ldb_request *req,
+						      struct ldb_reply *ares)
+{
+	struct replmd_replicated_request *ar = talloc_get_type(req->context,
+					       struct replmd_replicated_request);
+	int ret;
+
+	if (!ares) {
+		return ldb_module_done(ar->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ares->error != LDB_SUCCESS &&
+	    ares->error != LDB_ERR_NO_SUCH_OBJECT) {
+		return ldb_module_done(ar->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+		ar->search_msg = talloc_steal(ar, ares->message);
+		break;
+
+	case LDB_REPLY_REFERRAL:
+		/* we ignore referrals */
+		break;
+
+	case LDB_REPLY_DONE:
+		ret = replmd_replicated_uptodate_modify(ar);
+		if (ret != LDB_SUCCESS) {
+			return ldb_module_done(ar->req, NULL, NULL, ret);
+		}
+	}
+
+	talloc_free(ares);
+	return LDB_SUCCESS;
+}
+
+
+static int replmd_replicated_uptodate_vector(struct replmd_replicated_request *ar)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(ar->module);
+	struct replmd_private *replmd_private =
+		talloc_get_type_abort(ldb_module_get_private(ar->module),
+		struct replmd_private);
+	int ret;
+	static const char *attrs[] = {
+		"replUpToDateVector",
+		"repsFrom",
+		"instanceType",
+		NULL
+	};
+	struct ldb_request *search_req;
+
+	ar->search_msg = NULL;
+
+	/*
+	 * Let the caller know that we did an originating updates
+	 */
+	ar->objs->originating_updates = replmd_private->originating_updates;
+
+	ret = ldb_build_search_req(&search_req,
+				   ldb,
+				   ar,
+				   ar->objs->partition_dn,
+				   LDB_SCOPE_BASE,
+				   "(objectClass=*)",
+				   attrs,
+				   NULL,
+				   ar,
+				   replmd_replicated_uptodate_search_callback,
+				   ar->req);
+	LDB_REQ_SET_LOCATION(search_req);
+	if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret);
+
+	return ldb_next_request(ar->module, search_req);
+}
+
+
+
+static int replmd_extended_replicated_objects(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct dsdb_extended_replicated_objects *objs;
+	struct replmd_replicated_request *ar;
+	struct ldb_control **ctrls;
+	int ret;
+
+	ldb = ldb_module_get_ctx(module);
+
+	ldb_debug(ldb, LDB_DEBUG_TRACE, "replmd_extended_replicated_objects\n");
+
+	objs = talloc_get_type(req->op.extended.data, struct dsdb_extended_replicated_objects);
+	if (!objs) {
+		ldb_debug(ldb, LDB_DEBUG_FATAL, "replmd_extended_replicated_objects: invalid extended data\n");
+		return LDB_ERR_PROTOCOL_ERROR;
+	}
+
+	if (objs->version != DSDB_EXTENDED_REPLICATED_OBJECTS_VERSION) {
+		ldb_debug(ldb, LDB_DEBUG_FATAL, "replmd_extended_replicated_objects: extended data invalid version [%u != %u]\n",
+			  objs->version, DSDB_EXTENDED_REPLICATED_OBJECTS_VERSION);
+		return LDB_ERR_PROTOCOL_ERROR;
+	}
+
+	ar = replmd_ctx_init(module, req);
+	if (!ar)
+		return LDB_ERR_OPERATIONS_ERROR;
+
+	/* Set the flags to have the replmd_op_callback run over the full set of objects */
+	ar->apply_mode = true;
+	ar->objs = objs;
+	ar->schema = dsdb_get_schema(ldb, ar);
+	if (!ar->schema) {
+		ldb_debug_set(ldb, LDB_DEBUG_FATAL, "replmd_ctx_init: no loaded schema found\n");
+		talloc_free(ar);
+		DEBUG(0,(__location__ ": %s\n", ldb_errstring(ldb)));
+		return LDB_ERR_CONSTRAINT_VIOLATION;
+	}
+
+	ctrls = req->controls;
+
+	if (req->controls) {
+		req->controls = talloc_memdup(ar, req->controls,
+					      talloc_get_size(req->controls));
+		if (!req->controls) return replmd_replicated_request_werror(ar, WERR_NOT_ENOUGH_MEMORY);
+	}
+
+	ret = ldb_request_add_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID, false, NULL);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/* If this change contained linked attributes in the body
+	 * (rather than in the links section) we need to update
+	 * backlinks in linked_attributes */
+	ret = ldb_request_add_control(req, DSDB_CONTROL_APPLY_LINKS, false, NULL);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ar->controls = req->controls;
+	req->controls = ctrls;
+
+	return replmd_replicated_apply_next(ar);
+}
+
+/**
+ * Checks how to handle an missing target - either we need to fail the
+ * replication and retry with GET_TGT, ignore the link and continue, or try to
+ * add a partial link to an unknown target.
+ */
+static int replmd_allow_missing_target(struct ldb_module *module,
+				       TALLOC_CTX *mem_ctx,
+				       struct ldb_dn *target_dn,
+				       struct ldb_dn *source_dn,
+				       bool is_obj_commit,
+				       struct GUID *guid,
+				       uint32_t dsdb_repl_flags,
+				       bool *ignore_link,
+				       const char * missing_str)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	bool is_in_same_nc;
+
+	/*
+	 * we may not be able to resolve link targets properly when
+	 * dealing with subsets of objects, e.g. the source is a
+	 * critical object and the target isn't
+	 *
+	 * TODO:
+	 * When we implement Trusted Domains we need to consider
+	 * whether they get treated as an incomplete replica here or not
+	 */
+	if (dsdb_repl_flags & DSDB_REPL_FLAG_OBJECT_SUBSET) {
+
+		/*
+		 * Ignore the link. We don't increase the highwater-mark in
+		 * the object subset cases, so subsequent replications should
+		 * resolve any missing links
+		 */
+		DEBUG(2, ("%s target %s linked from %s\n", missing_str,
+			  ldb_dn_get_linearized(target_dn),
+			  ldb_dn_get_linearized(source_dn)));
+		*ignore_link = true;
+		return LDB_SUCCESS;
+	}
+
+	is_in_same_nc = dsdb_objects_have_same_nc(ldb,
+						  mem_ctx,
+						  source_dn,
+						  target_dn);
+	if (is_in_same_nc) {
+		/*
+		 * We allow the join.py code to point out that all
+		 * replication is completed, so failing now would just
+		 * trigger errors, rather than trigger a GET_TGT
+		 */
+		int *finished_full_join_ptr =
+			talloc_get_type(ldb_get_opaque(ldb,
+						       DSDB_FULL_JOIN_REPLICATION_COMPLETED_OPAQUE_NAME),
+					int);
+		bool finished_full_join = finished_full_join_ptr && *finished_full_join_ptr;
+
+		/*
+		 * if the target is already be up-to-date there's no point in
+		 * retrying. This could be due to bad timing, or if a target
+		 * on a one-way link was deleted. We ignore the link rather
+		 * than failing the replication cycle completely
+		 */
+		if (finished_full_join
+		    || dsdb_repl_flags & DSDB_REPL_FLAG_TARGETS_UPTODATE) {
+			*ignore_link = true;
+			DBG_WARNING("%s is %s "
+				    "but up to date. Ignoring link from %s\n",
+				    ldb_dn_get_linearized(target_dn), missing_str,
+				    ldb_dn_get_linearized(source_dn));
+			return LDB_SUCCESS;
+		}
+
+		/* otherwise fail the replication and retry with GET_TGT */
+		ldb_asprintf_errstring(ldb, "%s target %s GUID %s linked from %s\n",
+				       missing_str,
+				       ldb_dn_get_linearized(target_dn),
+				       GUID_string(mem_ctx, guid),
+				       ldb_dn_get_linearized(source_dn));
+		return LDB_ERR_NO_SUCH_OBJECT;
+	}
+
+	/*
+	 * The target of the cross-partition link is missing. Continue
+	 * and try to at least add the forward-link. This isn't great,
+	 * but a partial link can be fixed by dbcheck, so it's better
+	 * than dropping the link completely.
+	 */
+	*ignore_link = false;
+
+	if (is_obj_commit) {
+
+		/*
+		 * Only log this when we're actually committing the objects.
+		 * This avoids spurious logs, i.e. if we're just verifying the
+		 * received link during a join.
+		 */
+		DBG_WARNING("%s cross-partition target %s linked from %s\n",
+			    missing_str, ldb_dn_get_linearized(target_dn),
+			    ldb_dn_get_linearized(source_dn));
+	}
+	
+	return LDB_SUCCESS;
+}
+
+/**
+ * Checks that the target object for a linked attribute exists.
+ * @param guid returns the target object's GUID (is returned)if it exists)
+ * @param ignore_link set to true if the linked attribute should be ignored
+ * (i.e. the target doesn't exist, but that it's OK to skip the link)
+ */
+static int replmd_check_target_exists(struct ldb_module *module,
+				      struct dsdb_dn *dsdb_dn,
+				      struct la_entry *la_entry,
+				      struct ldb_dn *source_dn,
+				      bool is_obj_commit,
+				      struct GUID *guid,
+				      bool *ignore_link)
+{
+	struct drsuapi_DsReplicaLinkedAttribute *la = la_entry->la;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct ldb_result *target_res;
+	TALLOC_CTX *tmp_ctx = talloc_new(la_entry);
+	const char *attrs[] = { "isDeleted", "isRecycled", NULL };
+	NTSTATUS ntstatus;
+	int ret;
+	enum deletion_state target_deletion_state = OBJECT_REMOVED;
+	bool active = (la->flags & DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE) ? true : false;
+
+	*ignore_link = false;
+	ntstatus = dsdb_get_extended_dn_guid(dsdb_dn->dn, guid, "GUID");
+
+	if (!NT_STATUS_IS_OK(ntstatus) && !active) {
+
+		/*
+		 * This strange behaviour (allowing a NULL/missing
+		 * GUID) originally comes from:
+		 *
+		 * commit e3054ce0fe0f8f62d2f5b2a77893e7a1479128bd
+		 * Author: Andrew Tridgell <tridge@samba.org>
+		 * Date:   Mon Dec 21 21:21:55 2009 +1100
+		 *
+		 *  s4-drs: cope better with NULL GUIDS from DRS
+		 *
+		 *  It is valid to get a NULL GUID over DRS for a deleted forward link. We
+		 *  need to match by DN if possible when seeing if we should update an
+		 *  existing link.
+		 *
+		 *  Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
+		 */
+		ret = dsdb_module_search_dn(module, tmp_ctx, &target_res,
+					    dsdb_dn->dn, attrs,
+					    DSDB_FLAG_NEXT_MODULE |
+					    DSDB_SEARCH_SHOW_RECYCLED |
+					    DSDB_SEARCH_SEARCH_ALL_PARTITIONS |
+					    DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT,
+					    NULL);
+	} else if (!NT_STATUS_IS_OK(ntstatus)) {
+		ldb_asprintf_errstring(ldb, "Failed to find GUID in linked attribute 0x%x blob for %s from %s",
+				       la->attid,
+				       ldb_dn_get_linearized(dsdb_dn->dn),
+				       ldb_dn_get_linearized(source_dn));
+		talloc_free(tmp_ctx);
+		return LDB_ERR_OPERATIONS_ERROR;
+	} else {
+		ret = dsdb_module_search(module, tmp_ctx, &target_res,
+					 NULL, LDB_SCOPE_SUBTREE,
+					 attrs,
+					 DSDB_FLAG_NEXT_MODULE |
+					 DSDB_SEARCH_SHOW_RECYCLED |
+					 DSDB_SEARCH_SEARCH_ALL_PARTITIONS |
+					 DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT,
+					 NULL,
+					 "objectGUID=%s",
+					 GUID_string(tmp_ctx, guid));
+	}
+
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb, "Failed to re-resolve GUID %s: %s\n",
+				       GUID_string(tmp_ctx, guid),
+				       ldb_errstring(ldb));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	if (target_res->count == 0) {
+
+		/*
+		 * target object is unknown. Check whether to ignore the link,
+		 * fail the replication, or add a partial link
+		 */
+		ret = replmd_allow_missing_target(module, tmp_ctx, dsdb_dn->dn,
+						  source_dn, is_obj_commit, guid,
+						  la_entry->dsdb_repl_flags,
+						  ignore_link, "Unknown");
+
+	} else if (target_res->count != 1) {
+		ldb_asprintf_errstring(ldb, "More than one object found matching objectGUID %s\n",
+				       GUID_string(tmp_ctx, guid));
+		ret = LDB_ERR_OPERATIONS_ERROR;
+	} else {
+		struct ldb_message *target_msg = target_res->msgs[0];
+
+		dsdb_dn->dn = talloc_steal(dsdb_dn, target_msg->dn);
+
+		/* Get the object's state (i.e. Not Deleted, Tombstone, etc) */
+		replmd_deletion_state(module, target_msg,
+				      &target_deletion_state, NULL);
+
+		/*
+		 * Check for deleted objects as per MS-DRSR 4.1.10.6.14
+		 * ProcessLinkValue(). Link updates should not be sent for
+		 * recycled and tombstone objects (deleting the links should
+		 * happen when we delete the object). This probably means our
+		 * copy of the target object isn't up to date.
+		 */
+		if (target_deletion_state >= OBJECT_RECYCLED) {
+
+			/*
+			 * target object is deleted. Check whether to ignore the
+			 * link, fail the replication, or add a partial link
+			 */
+			ret = replmd_allow_missing_target(module, tmp_ctx,
+							  dsdb_dn->dn, source_dn,
+							  is_obj_commit, guid,
+							  la_entry->dsdb_repl_flags,
+							  ignore_link, "Deleted");
+		}
+	}
+
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+/**
+ * Extracts the key details about the source object for a
+ * linked-attribute entry.
+ * This returns the following details:
+ * @param ret_attr the schema details for the linked attribute
+ * @param source_msg the search result for the source object
+ */
+static int replmd_get_la_entry_source(struct ldb_module *module,
+				      struct la_entry *la_entry,
+				      TALLOC_CTX *mem_ctx,
+				      const struct dsdb_attribute **ret_attr,
+				      struct ldb_message **source_msg)
+{
+	struct drsuapi_DsReplicaLinkedAttribute *la = la_entry->la;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	const struct dsdb_schema *schema = dsdb_get_schema(ldb, mem_ctx);
+	int ret;
+	const struct dsdb_attribute *attr;
+	struct ldb_result *res;
+	const char *attrs[4];
+
+/*
+linked_attributes[0]:
+     &objs->linked_attributes[i]: struct drsuapi_DsReplicaLinkedAttribute
+        identifier               : *
+            identifier: struct drsuapi_DsReplicaObjectIdentifier
+                __ndr_size               : 0x0000003a (58)
+                __ndr_size_sid           : 0x00000000 (0)
+                guid                     : 8e95b6a9-13dd-4158-89db-3220a5be5cc7
+                sid                      : S-0-0
+                __ndr_size_dn            : 0x00000000 (0)
+                dn                       : ''
+        attid                    : DRSUAPI_ATTID_member (0x1F)
+        value: struct drsuapi_DsAttributeValue
+            __ndr_size               : 0x0000007e (126)
+            blob                     : *
+                blob                     : DATA_BLOB length=126
+        flags                    : 0x00000001 (1)
+               1: DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE
+        originating_add_time     : Wed Sep  2 22:20:01 2009 EST
+        meta_data: struct drsuapi_DsReplicaMetaData
+            version                  : 0x00000015 (21)
+            originating_change_time  : Wed Sep  2 23:39:07 2009 EST
+            originating_invocation_id: 794640f3-18cf-40ee-a211-a93992b67a64
+            originating_usn          : 0x000000000001e19c (123292)
+
+(for cases where the link is to a normal DN)
+     &target: struct drsuapi_DsReplicaObjectIdentifier3
+        __ndr_size               : 0x0000007e (126)
+        __ndr_size_sid           : 0x0000001c (28)
+        guid                     : 7639e594-db75-4086-b0d4-67890ae46031
+        sid                      : S-1-5-21-2848215498-2472035911-1947525656-19924
+        __ndr_size_dn            : 0x00000022 (34)
+        dn                       : 'CN=UOne,OU=TestOU,DC=vsofs8,DC=com'
+ */
+
+	/* find the attribute being modified */
+	attr = dsdb_attribute_by_attributeID_id(schema, la->attid);
+	if (attr == NULL) {
+		struct GUID_txt_buf guid_str;
+		ldb_asprintf_errstring(ldb, "Unable to find attributeID 0x%x for link on <GUID=%s>",
+				       la->attid,
+				       GUID_buf_string(&la->identifier->guid,
+						       &guid_str));
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	/*
+	 * All attributes listed here must be dealt with in some way
+	 * by replmd_process_linked_attribute() otherwise in the case
+	 * of isDeleted: FALSE the modify will fail with:
+	 *
+	 * Failed to apply linked attribute change 'attribute 'isDeleted':
+	 * invalid modify flags on
+	 * 'CN=g1_1527570609273,CN=Users,DC=samba,DC=example,DC=com':
+	 * 0x0'
+	 *
+	 * This is because isDeleted is a Boolean, so FALSE is a
+	 * legitimate value (set by Samba's deletetest.py)
+	 */
+	attrs[0] = attr->lDAPDisplayName;
+	attrs[1] = "isDeleted";
+	attrs[2] = "isRecycled";
+	attrs[3] = NULL;
+
+	/*
+	 * get the existing message from the db for the object with
+	 * this GUID, returning attribute being modified. We will then
+	 * use this msg as the basis for a modify call
+	 */
+	ret = dsdb_module_search(module, mem_ctx, &res, NULL, LDB_SCOPE_SUBTREE, attrs,
+	                         DSDB_FLAG_NEXT_MODULE |
+				 DSDB_SEARCH_SEARCH_ALL_PARTITIONS |
+				 DSDB_SEARCH_SHOW_RECYCLED |
+				 DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT |
+				 DSDB_SEARCH_REVEAL_INTERNALS,
+				 NULL,
+				 "objectGUID=%s", GUID_string(mem_ctx, &la->identifier->guid));
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	if (res->count != 1) {
+		ldb_asprintf_errstring(ldb, "DRS linked attribute for GUID %s - DN not found",
+				       GUID_string(mem_ctx, &la->identifier->guid));
+		return LDB_ERR_NO_SUCH_OBJECT;
+	}
+
+	*source_msg = res->msgs[0];
+	*ret_attr = attr;
+
+	return LDB_SUCCESS;
+}
+
+/**
+ * Verifies the target object is known for a linked attribute
+ */
+static int replmd_verify_link_target(struct replmd_replicated_request *ar,
+				     TALLOC_CTX *mem_ctx,
+				     struct la_entry *la_entry,
+				     struct ldb_dn *src_dn,
+				     const struct dsdb_attribute *attr)
+{
+	int ret = LDB_SUCCESS;
+	struct ldb_module *module = ar->module;
+	struct dsdb_dn *tgt_dsdb_dn = NULL;
+	struct GUID guid = GUID_zero();
+	bool dummy;
+	WERROR status;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct drsuapi_DsReplicaLinkedAttribute *la = la_entry->la;
+	const struct dsdb_schema *schema = dsdb_get_schema(ldb, mem_ctx);
+
+	/* the value blob for the attribute holds the target object DN */
+	status = dsdb_dn_la_from_blob(ldb, attr, schema, mem_ctx,
+				      la->value.blob, &tgt_dsdb_dn);
+	if (!W_ERROR_IS_OK(status)) {
+		ldb_asprintf_errstring(ldb, "Failed to parsed linked attribute blob for %s on %s - %s\n",
+				       attr->lDAPDisplayName,
+				       ldb_dn_get_linearized(src_dn),
+				       win_errstr(status));
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	/*
+	 * We can skip the target object checks if we're only syncing critical
+	 * objects, or we know the target is up-to-date. If either case, we
+	 * still continue even if the target doesn't exist
+	 */
+	if ((la_entry->dsdb_repl_flags & (DSDB_REPL_FLAG_OBJECT_SUBSET |
+					  DSDB_REPL_FLAG_TARGETS_UPTODATE)) == 0) {
+
+		ret = replmd_check_target_exists(module, tgt_dsdb_dn, la_entry,
+						 src_dn, false, &guid, &dummy);
+	}
+
+	/*
+	 * When we fail to find the target object, the error code we pass
+	 * back here is really important. It flags back to the callers to
+	 * retry this request with DRSUAPI_DRS_GET_TGT
+	 */
+	if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+		ret = replmd_replicated_request_werror(ar, WERR_DS_DRA_RECYCLED_TARGET);
+	}
+
+	return ret;
+}
+
+/**
+ * Finds the current active Parsed-DN value for a single-valued linked
+ * attribute, if one exists.
+ * @param ret_pdn assigned the active Parsed-DN, or NULL if none was found
+ * @returns LDB_SUCCESS (regardless of whether a match was found), unless
+ * an error occurred
+ */
+static int replmd_get_active_singleval_link(struct ldb_module *module,
+					    TALLOC_CTX *mem_ctx,
+					    struct parsed_dn pdn_list[],
+					    unsigned int count,
+					    const struct dsdb_attribute *attr,
+					    struct parsed_dn **ret_pdn)
+{
+	unsigned int i;
+
+	*ret_pdn = NULL;
+
+	if (!(attr->ldb_schema_attribute->flags & LDB_ATTR_FLAG_SINGLE_VALUE)) {
+
+		/* nothing to do for multi-valued linked attributes */
+		return LDB_SUCCESS;
+	}
+
+	for (i = 0; i < count; i++) {
+		int ret = LDB_SUCCESS;
+		struct parsed_dn *pdn = &pdn_list[i];
+
+		/* skip any inactive links */
+		if (dsdb_dn_is_deleted_val(pdn->v)) {
+			continue;
+		}
+
+		/* we've found an active value for this attribute */
+		*ret_pdn = pdn;
+
+		if (pdn->dsdb_dn == NULL) {
+			struct ldb_context *ldb = ldb_module_get_ctx(module);
+
+			ret = really_parse_trusted_dn(mem_ctx, ldb, pdn,
+						      attr->syntax->ldap_oid);
+		}
+
+		return ret;
+	}
+
+	/* no active link found */
+	return LDB_SUCCESS;
+}
+
+/**
+ * @returns true if the replication linked attribute info is newer than we
+ * already have in our DB
+ * @param pdn the existing linked attribute info in our DB
+ * @param la the new linked attribute info received during replication
+ */
+static bool replmd_link_update_is_newer(struct parsed_dn *pdn,
+					struct drsuapi_DsReplicaLinkedAttribute *la)
+{
+	/* see if this update is newer than what we have already */
+	struct GUID invocation_id = GUID_zero();
+	uint32_t version = 0;
+	NTTIME change_time = 0;
+
+	if (pdn == NULL) {
+
+		/* no existing info so update is newer */
+		return true;
+	}
+
+	dsdb_get_extended_dn_guid(pdn->dsdb_dn->dn, &invocation_id, "RMD_INVOCID");
+	dsdb_get_extended_dn_uint32(pdn->dsdb_dn->dn, &version, "RMD_VERSION");
+	dsdb_get_extended_dn_nttime(pdn->dsdb_dn->dn, &change_time, "RMD_CHANGETIME");
+
+	return replmd_update_is_newer(&invocation_id,
+				      &la->meta_data.originating_invocation_id,
+				      version,
+				      la->meta_data.version,
+				      change_time,
+				      la->meta_data.originating_change_time);
+}
+
+/**
+ * Marks an existing linked attribute value as deleted in the DB
+ * @param pdn the parsed-DN of the target-value to delete
+ */
+static int replmd_delete_link_value(struct ldb_module *module,
+				    struct replmd_private *replmd_private,
+				    TALLOC_CTX *mem_ctx,
+				    struct ldb_dn *src_obj_dn,
+				    const struct dsdb_schema *schema,
+				    const struct dsdb_attribute *attr,
+				    uint64_t seq_num,
+				    bool is_active,
+				    struct GUID *target_guid,
+				    struct dsdb_dn *target_dsdb_dn,
+				    struct ldb_val *output_val)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	time_t t;
+	NTTIME now;
+	const struct GUID *invocation_id = NULL;
+	int ret;
+
+	t = time(NULL);
+	unix_to_nt_time(&now, t);
+
+	invocation_id = samdb_ntds_invocation_id(ldb);
+	if (invocation_id == NULL) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	/* if the existing link is active, remove its backlink */
+	if (is_active) {
+
+		/*
+		 * NOTE WELL: After this we will never (at runtime) be
+		 * able to find this forward link (for instant
+		 * removal) if/when the link target is deleted.
+		 *
+		 * We have dbcheck rules to cover this and cope otherwise
+		 * by filtering at runtime (i.e. in the extended_dn module).
+		 */
+		ret = replmd_add_backlink(module, replmd_private, schema,
+					  src_obj_dn, target_guid, false,
+					  attr, NULL);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	/* mark the existing value as deleted */
+	ret = replmd_update_la_val(mem_ctx, output_val, target_dsdb_dn,
+				   target_dsdb_dn, invocation_id, seq_num,
+				   seq_num, now, true);
+	return ret;
+}
+
+/**
+ * Checks for a conflict in single-valued link attributes, and tries to
+ * resolve the problem if possible.
+ *
+ * Single-valued links should only ever have one active value. If we already
+ * have an active link value, and during replication we receive an active link
+ * value for a different target DN, then we need to resolve this inconsistency
+ * and determine which value should be active. If the received info is better/
+ * newer than the existing link attribute, then we need to set our existing
+ * link as deleted. If the received info is worse/older, then we should continue
+ * to add it, but set it as an inactive link.
+ *
+ * Note that this is a corner-case that is unlikely to happen (but if it does
+ * happen, we don't want it to break replication completely).
+ *
+ * @param pdn_being_modified the parsed DN corresponding to the received link
+ * target (note this is NULL if the link does not already exist in our DB)
+ * @param pdn_list all the source object's Parsed-DNs for this attribute, i.e.
+ * any existing active or inactive values for the attribute in our DB.
+ * @param dsdb_dn the target DN for the received link attribute
+ * @param add_as_inactive gets set to true if the received link is worse than
+ * the existing link - it should still be added, but as an inactive link.
+ */
+static int replmd_check_singleval_la_conflict(struct ldb_module *module,
+					      struct replmd_private *replmd_private,
+					      TALLOC_CTX *mem_ctx,
+					      struct ldb_dn *src_obj_dn,
+					      struct drsuapi_DsReplicaLinkedAttribute *la,
+					      struct dsdb_dn *dsdb_dn,
+					      struct parsed_dn *pdn_being_modified,
+					      struct parsed_dn *pdn_list,
+					      struct ldb_message_element *old_el,
+					      const struct dsdb_schema *schema,
+					      const struct dsdb_attribute *attr,
+					      uint64_t seq_num,
+					      bool *add_as_inactive)
+{
+	struct parsed_dn *active_pdn = NULL;
+	bool update_is_newer = false;
+	int ret;
+
+	/*
+	 * check if there's a conflict for single-valued links, i.e. an active
+	 * linked attribute already exists, but it has a different target value
+	 */
+	ret = replmd_get_active_singleval_link(module, mem_ctx, pdn_list,
+					       old_el->num_values, attr,
+					       &active_pdn);
+
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/*
+	 * If no active value exists (or the received info is for the currently
+	 * active value), then no conflict exists
+	 */
+	if (active_pdn == NULL || active_pdn == pdn_being_modified) {
+		return LDB_SUCCESS;
+	}
+
+	DBG_WARNING("Link conflict for %s attribute on %s\n",
+		    attr->lDAPDisplayName, ldb_dn_get_linearized(src_obj_dn));
+
+	/* Work out how to resolve the conflict based on which info is better */
+	update_is_newer = replmd_link_update_is_newer(active_pdn, la);
+
+	if (update_is_newer) {
+		DBG_WARNING("Using received value %s, over existing target %s\n",
+			    ldb_dn_get_linearized(dsdb_dn->dn),
+			    ldb_dn_get_linearized(active_pdn->dsdb_dn->dn));
+
+		/*
+		 * Delete our existing active link. The received info will then
+		 * be added (through normal link processing) as the active value
+		 */
+		ret = replmd_delete_link_value(module, replmd_private, old_el,
+					       src_obj_dn, schema, attr,
+					       seq_num, true, &active_pdn->guid,
+					       active_pdn->dsdb_dn,
+					       active_pdn->v);
+
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	} else {
+		DBG_WARNING("Using existing target %s, over received value %s\n",
+			    ldb_dn_get_linearized(active_pdn->dsdb_dn->dn),
+			    ldb_dn_get_linearized(dsdb_dn->dn));
+
+		/*
+		 * we want to keep our existing active link and add the
+		 * received link as inactive
+		 */
+		*add_as_inactive = true;
+	}
+
+	return LDB_SUCCESS;
+}
+
+/**
+ * Processes one linked attribute received via replication.
+ * @param src_dn the DN of the source object for the link
+ * @param attr schema info for the linked attribute
+ * @param la_entry the linked attribute info received via DRS
+ * @param element_ctx mem context for msg->element[] (when adding a new value
+ * we need to realloc old_el->values)
+ * @param old_el the corresponding msg->element[] for the linked attribute
+ * @param pdn_list a (binary-searchable) parsed DN array for the existing link
+ * values in the msg. E.g. for a group, this is the existing members.
+ * @param change what got modified: either nothing, an existing link value was
+ * modified, or a new link value was added.
+ * @returns LDB_SUCCESS if OK, an error otherwise
+ */
+static int replmd_process_linked_attribute(struct ldb_module *module,
+					   TALLOC_CTX *mem_ctx,
+					   struct replmd_private *replmd_private,
+					   struct ldb_dn *src_dn,
+					   const struct dsdb_attribute *attr,
+					   struct la_entry *la_entry,
+					   struct ldb_request *parent,
+					   TALLOC_CTX *element_ctx,
+					   struct ldb_message_element *old_el,
+					   struct parsed_dn *pdn_list,
+					   replmd_link_changed *change)
+{
+	struct drsuapi_DsReplicaLinkedAttribute *la = la_entry->la;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	const struct dsdb_schema *schema = dsdb_get_schema(ldb, mem_ctx);
+	int ret;
+	struct dsdb_dn *dsdb_dn = NULL;
+	uint64_t seq_num = 0;
+	struct parsed_dn *pdn, *next;
+	struct GUID guid = GUID_zero();
+	bool active = (la->flags & DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE)?true:false;
+	bool ignore_link;
+	struct dsdb_dn *old_dsdb_dn = NULL;
+	struct ldb_val *val_to_update = NULL;
+	bool add_as_inactive = false;
+	WERROR status;
+
+	*change = LINK_CHANGE_NONE;
+
+	/* the value blob for the attribute holds the target object DN */
+	status = dsdb_dn_la_from_blob(ldb, attr, schema, mem_ctx,
+				      la->value.blob, &dsdb_dn);
+	if (!W_ERROR_IS_OK(status)) {
+		ldb_asprintf_errstring(ldb, "Failed to parsed linked attribute blob for %s on %s - %s\n",
+				       attr->lDAPDisplayName,
+				       ldb_dn_get_linearized(src_dn),
+				       win_errstr(status));
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	ret = replmd_check_target_exists(module, dsdb_dn, la_entry, src_dn,
+					 true, &guid, &ignore_link);
+
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/*
+	 * there are some cases where the target object doesn't exist, but it's
+	 * OK to ignore the linked attribute
+	 */
+	if (ignore_link) {
+		return ret;
+	}
+
+	/* see if this link already exists */
+	ret = parsed_dn_find(ldb, pdn_list, old_el->num_values,
+			     &guid,
+			     dsdb_dn->dn,
+			     dsdb_dn->extra_part, 0,
+			     &pdn, &next,
+			     attr->syntax->ldap_oid,
+			     true);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (!replmd_link_update_is_newer(pdn, la)) {
+		DEBUG(3,("Discarding older DRS linked attribute update to %s on %s from %s\n",
+			 old_el->name, ldb_dn_get_linearized(src_dn),
+			 GUID_string(mem_ctx, &la->meta_data.originating_invocation_id)));
+		return LDB_SUCCESS;
+	}
+
+	/* get a seq_num for this change */
+	ret = ldb_sequence_number(ldb, LDB_SEQ_NEXT, &seq_num);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/*
+	 * check for single-valued link conflicts, i.e. an active linked
+	 * attribute already exists, but it has a different target value
+	 */
+	if (active) {
+		ret = replmd_check_singleval_la_conflict(module, replmd_private,
+							 mem_ctx, src_dn, la,
+							 dsdb_dn, pdn, pdn_list,
+							 old_el, schema, attr,
+							 seq_num,
+							 &add_as_inactive);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	if (pdn != NULL) {
+		uint32_t rmd_flags = dsdb_dn_rmd_flags(pdn->dsdb_dn->dn);
+
+		if (!(rmd_flags & DSDB_RMD_FLAG_DELETED)) {
+			/* remove the existing backlink */
+			ret = replmd_add_backlink(module, replmd_private,
+						  schema, 
+						  src_dn,
+						  &pdn->guid, false, attr,
+						  parent);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+		}
+
+		val_to_update = pdn->v;
+		old_dsdb_dn = pdn->dsdb_dn;
+		*change = LINK_CHANGE_MODIFIED;
+
+	} else {
+		unsigned offset;
+
+		/*
+		 * We know where the new one needs to be, from the *next
+		 * pointer into pdn_list.
+		 */
+		if (next == NULL) {
+			offset = old_el->num_values;
+		} else {
+			if (next->dsdb_dn == NULL) {
+				ret = really_parse_trusted_dn(mem_ctx, ldb, next,
+							      attr->syntax->ldap_oid);
+				if (ret != LDB_SUCCESS) {
+					return ret;
+				}
+			}
+			offset = next - pdn_list;
+			if (offset > old_el->num_values) {
+				return LDB_ERR_OPERATIONS_ERROR;
+			}
+		}
+
+		old_el->values = talloc_realloc(element_ctx, old_el->values,
+						struct ldb_val, old_el->num_values+1);
+		if (!old_el->values) {
+			ldb_module_oom(module);
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+
+		if (offset != old_el->num_values) {
+			memmove(&old_el->values[offset + 1], &old_el->values[offset],
+				(old_el->num_values - offset) * sizeof(old_el->values[0]));
+		}
+
+		old_el->num_values++;
+
+		val_to_update = &old_el->values[offset];
+		old_dsdb_dn = NULL;
+		*change = LINK_CHANGE_ADDED;
+	}
+
+	/* set the link attribute's value to the info that was received */
+	ret = replmd_set_la_val(mem_ctx, val_to_update, dsdb_dn, old_dsdb_dn,
+				&la->meta_data.originating_invocation_id,
+				la->meta_data.originating_usn, seq_num,
+				la->meta_data.originating_change_time,
+				la->meta_data.version,
+				!active);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (add_as_inactive) {
+
+		/* Set the new link as inactive/deleted to avoid conflicts */
+		ret = replmd_delete_link_value(module, replmd_private, old_el,
+					       src_dn, schema, attr, seq_num,
+					       false, &guid, dsdb_dn,
+					       val_to_update);
+
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+	} else if (active) {
+
+		/* if the new link is active, then add the new backlink */
+		ret = replmd_add_backlink(module, replmd_private,
+					  schema,
+					  src_dn,
+					  &guid, true, attr,
+					  parent);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	ret = dsdb_check_single_valued_link(attr, old_el);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	old_el->flags |= LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK;
+
+	return ret;
+}
+
+static int replmd_extended(struct ldb_module *module, struct ldb_request *req)
+{
+	if (strcmp(req->op.extended.oid, DSDB_EXTENDED_REPLICATED_OBJECTS_OID) == 0) {
+		return replmd_extended_replicated_objects(module, req);
+	}
+
+	return ldb_next_request(module, req);
+}
+
+
+/*
+  we hook into the transaction operations to allow us to
+  perform the linked attribute updates at the end of the whole
+  transaction. This allows a forward linked attribute to be created
+  before the object is created. During a vampire, w2k8 sends us linked
+  attributes before the objects they are part of.
+ */
+static int replmd_start_transaction(struct ldb_module *module)
+{
+	/* create our private structure for this transaction */
+	struct replmd_private *replmd_private = talloc_get_type(ldb_module_get_private(module),
+								struct replmd_private);
+	replmd_txn_cleanup(replmd_private);
+
+	/* free any leftover mod_usn records from cancelled
+	   transactions */
+	while (replmd_private->ncs) {
+		struct nc_entry *e = replmd_private->ncs;
+		DLIST_REMOVE(replmd_private->ncs, e);
+		talloc_free(e);
+	}
+
+	replmd_private->originating_updates = false;
+
+	return ldb_next_start_trans(module);
+}
+
+/**
+ * Processes a group of linked attributes that apply to the same source-object
+ * and attribute-ID (and were received in the same replication chunk).
+ */
+static int replmd_process_la_group(struct ldb_module *module,
+				   struct replmd_private *replmd_private,
+				   struct la_group *la_group)
+{
+	struct la_entry *la = NULL;
+	struct la_entry *prev = NULL;
+	int ret;
+	TALLOC_CTX *tmp_ctx = NULL;
+	struct la_entry *first_la = DLIST_TAIL(la_group->la_entries);
+	struct ldb_message *msg = NULL;
+	enum deletion_state deletion_state = OBJECT_NOT_DELETED;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	const struct dsdb_attribute *attr = NULL;
+	struct ldb_message_element *old_el = NULL;
+	struct parsed_dn *pdn_list = NULL;
+	replmd_link_changed change_type;
+	uint32_t num_changes = 0;
+	time_t t;
+	uint64_t seq_num = 0;
+
+	tmp_ctx = talloc_new(la_group);
+	if (tmp_ctx == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	/*
+	 * get the attribute being modified and the search result for the
+	 * source object
+	 */
+	ret = replmd_get_la_entry_source(module, first_la, tmp_ctx, &attr,
+					 &msg);
+
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/*
+	 * Check for deleted objects per MS-DRSR 4.1.10.6.14
+	 * ProcessLinkValue, because link updates are not applied to
+	 * recycled and tombstone objects.  We don't have to delete
+	 * any existing link, that should have happened when the
+	 * object deletion was replicated or initiated.
+	 *
+	 * This needs isDeleted and isRecycled to be included as
+	 * attributes in the search and so in msg if set.
+	 */
+	replmd_deletion_state(module, msg, &deletion_state, NULL);
+
+	if (deletion_state >= OBJECT_RECYCLED) {
+		TALLOC_FREE(tmp_ctx);
+		return LDB_SUCCESS;
+	}
+
+	/*
+	 * Now that we know the deletion_state, remove the extra
+	 * attributes added for that purpose.  We need to do this
+	 * otherwise in the case of isDeleted: FALSE the modify will
+	 * fail with:
+	 *
+	 * Failed to apply linked attribute change 'attribute 'isDeleted':
+	 * invalid modify flags on
+	 * 'CN=g1_1527570609273,CN=Users,DC=samba,DC=example,DC=com':
+	 * 0x0'
+	 *
+	 * This is because isDeleted is a Boolean, so FALSE is a
+	 * legitimate value (set by Samba's deletetest.py)
+	 */
+	ldb_msg_remove_attr(msg, "isDeleted");
+	ldb_msg_remove_attr(msg, "isRecycled");
+
+	/* get the msg->element[] for the link attribute being processed */
+	old_el = ldb_msg_find_element(msg, attr->lDAPDisplayName);
+	if (old_el == NULL) {
+		ret = ldb_msg_add_empty(msg, attr->lDAPDisplayName,
+					LDB_FLAG_MOD_REPLACE, &old_el);
+		if (ret != LDB_SUCCESS) {
+			ldb_module_oom(module);
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+	} else {
+		old_el->flags = LDB_FLAG_MOD_REPLACE;
+	}
+
+	/*
+	 * go through and process the link target value(s) for this particular
+	 * source object and attribute. For optimization, the same msg is used
+	 * across multiple calls to replmd_process_linked_attribute().
+	 * Note that we should not add or remove any msg attributes inside the
+	 * loop (we should only add/modify *values* for the attribute being
+	 * processed). Otherwise msg->elements is realloc'd and old_el/pdn_list
+	 * pointers will be invalidated
+	 */
+	for (la = DLIST_TAIL(la_group->la_entries); la; la=prev) {
+		prev = DLIST_PREV(la);
+		DLIST_REMOVE(la_group->la_entries, la);
+
+		/*
+		 * parse the existing links (this can be costly for a large
+		 * group, so we try to minimize the times we do it)
+		 */
+		if (pdn_list == NULL) {
+			ret = get_parsed_dns_trusted_fallback(module,
+							replmd_private,
+							tmp_ctx, old_el,
+							&pdn_list,
+							attr->syntax->ldap_oid,
+							NULL);
+
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+		}
+		ret = replmd_process_linked_attribute(module, tmp_ctx,
+						      replmd_private,
+						      msg->dn, attr, la, NULL,
+						      msg->elements, old_el,
+						      pdn_list, &change_type);
+		if (ret != LDB_SUCCESS) {
+			replmd_txn_cleanup(replmd_private);
+			return ret;
+		}
+
+		/*
+		 * Adding a link reallocs memory, and so invalidates all the
+		 * pointers in pdn_list. Reparse the PDNs on the next loop
+		 */
+		if (change_type == LINK_CHANGE_ADDED) {
+			TALLOC_FREE(pdn_list);
+		}
+
+		if (change_type != LINK_CHANGE_NONE) {
+			num_changes++;
+		}
+
+		if ((++replmd_private->num_processed % 8192) == 0) {
+			DBG_NOTICE("Processed %u/%u linked attributes\n",
+				   replmd_private->num_processed,
+				   replmd_private->total_links);
+		}
+	}
+
+	/*
+	 * it's possible we're already up-to-date and so don't need to modify
+	 * the object at all (e.g. doing a 'drs replicate --full-sync')
+	 */
+	if (num_changes == 0) {
+		TALLOC_FREE(tmp_ctx);
+		return LDB_SUCCESS;
+	}
+
+	/*
+	 * Note that adding the whenChanged/etc attributes below will realloc
+	 * msg->elements, invalidating the existing element/parsed-DN pointers
+	 */
+	old_el = NULL;
+	TALLOC_FREE(pdn_list);
+
+	/* update whenChanged/uSNChanged as the object has changed */
+	t = time(NULL);
+	ret = ldb_sequence_number(ldb, LDB_SEQ_HIGHEST_SEQ,
+				  &seq_num);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = add_time_element(msg, "whenChanged", t);
+	if (ret != LDB_SUCCESS) {
+		ldb_operr(ldb);
+		return ret;
+	}
+
+	ret = add_uint64_element(ldb, msg, "uSNChanged", seq_num);
+	if (ret != LDB_SUCCESS) {
+		ldb_operr(ldb);
+		return ret;
+	}
+
+	/* apply the link changes to the source object */
+	ret = linked_attr_modify(module, msg, NULL);
+	if (ret != LDB_SUCCESS) {
+		ldb_debug(ldb, LDB_DEBUG_WARNING,
+			  "Failed to apply linked attribute change "
+			  "Error: '%s' DN: '%s' Attribute: '%s'\n",
+			  ldb_errstring(ldb),
+			  ldb_dn_get_linearized(msg->dn),
+			  attr->lDAPDisplayName);
+		TALLOC_FREE(tmp_ctx);
+		return ret;
+	}
+
+	TALLOC_FREE(tmp_ctx);
+	return LDB_SUCCESS;
+}
+
+/*
+  on prepare commit we loop over our queued la_context structures and
+  apply each of them
+ */
+static int replmd_prepare_commit(struct ldb_module *module)
+{
+	struct replmd_private *replmd_private =
+		talloc_get_type(ldb_module_get_private(module), struct replmd_private);
+	struct la_group *la_group, *prev;
+	int ret;
+
+	if (replmd_private->la_list != NULL) {
+		DBG_NOTICE("Processing linked attributes\n");
+	}
+
+	/*
+	 * Walk the list of linked attributes from DRS replication.
+	 *
+	 * We walk backwards, to do the first entry first, as we
+	 * added the entries with DLIST_ADD() which puts them at the
+	 * start of the list
+	 *
+	 * Links are grouped together so we process links for the same
+	 * source object in one go.
+	 */
+	for (la_group = DLIST_TAIL(replmd_private->la_list);
+	     la_group != NULL;
+	     la_group = prev) {
+
+		prev = DLIST_PREV(la_group);
+		DLIST_REMOVE(replmd_private->la_list, la_group);
+		ret = replmd_process_la_group(module, replmd_private,
+					      la_group);
+		if (ret != LDB_SUCCESS) {
+			replmd_txn_cleanup(replmd_private);
+			return ret;
+		}
+	}
+
+	replmd_txn_cleanup(replmd_private);
+
+	/* possibly change @REPLCHANGED */
+	ret = replmd_notify_store(module, NULL);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return ldb_next_prepare_commit(module);
+}
+
+static int replmd_del_transaction(struct ldb_module *module)
+{
+	struct replmd_private *replmd_private =
+		talloc_get_type(ldb_module_get_private(module), struct replmd_private);
+	replmd_txn_cleanup(replmd_private);
+
+	return ldb_next_del_trans(module);
+}
+
+
+static const struct ldb_module_ops ldb_repl_meta_data_module_ops = {
+	.name          = "repl_meta_data",
+	.init_context	   = replmd_init,
+	.add               = replmd_add,
+	.modify            = replmd_modify,
+	.rename            = replmd_rename,
+	.del	           = replmd_delete,
+	.extended          = replmd_extended,
+	.start_transaction = replmd_start_transaction,
+	.prepare_commit    = replmd_prepare_commit,
+	.del_transaction   = replmd_del_transaction,
+};
+
+int ldb_repl_meta_data_module_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_repl_meta_data_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/resolve_oids.c b/source4/dsdb/samdb/ldb_modules/resolve_oids.c
new file mode 100644
index 0000000..5c16396
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/resolve_oids.c
@@ -0,0 +1,710 @@
+/*
+   ldb database library
+
+   Copyright (C) Stefan Metzmacher <metze@samba.org> 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "ldb_module.h"
+#include "dsdb/samdb/samdb.h"
+
+static int resolve_oids_need_value(struct ldb_context *ldb,
+				   struct dsdb_schema *schema,
+				   const struct dsdb_attribute *a,
+				   const struct ldb_val *valp)
+{
+	const struct dsdb_attribute *va = NULL;
+	const struct dsdb_class *vo = NULL;
+	const void *p2;
+	char *str = NULL;
+
+	if (a->syntax->oMSyntax != 6) {
+		return LDB_ERR_COMPARE_FALSE;
+	}
+
+	if (valp) {
+		p2 = memchr(valp->data, '.', valp->length);
+	} else {
+		p2 = NULL;
+	}
+
+	if (!p2) {
+		return LDB_ERR_COMPARE_FALSE;
+	}
+
+	switch (a->attributeID_id) {
+	case DRSUAPI_ATTID_objectClass:
+	case DRSUAPI_ATTID_subClassOf:
+	case DRSUAPI_ATTID_auxiliaryClass:
+	case DRSUAPI_ATTID_systemPossSuperiors:
+	case DRSUAPI_ATTID_possSuperiors:
+		str = talloc_strndup(ldb, (char *)valp->data, valp->length);
+		if (!str) {
+			return ldb_oom(ldb);
+		}
+		vo = dsdb_class_by_governsID_oid(schema, str);
+		talloc_free(str);
+		if (!vo) {
+			return LDB_ERR_COMPARE_FALSE;
+		}
+		return LDB_ERR_COMPARE_TRUE;
+	case DRSUAPI_ATTID_systemMustContain:
+	case DRSUAPI_ATTID_systemMayContain:
+	case DRSUAPI_ATTID_mustContain:
+	case DRSUAPI_ATTID_mayContain:
+		str = talloc_strndup(ldb, (char *)valp->data, valp->length);
+		if (!str) {
+			return ldb_oom(ldb);
+		}
+		va = dsdb_attribute_by_attributeID_oid(schema, str);
+		talloc_free(str);
+		if (!va) {
+			return LDB_ERR_COMPARE_FALSE;
+		}
+		return LDB_ERR_COMPARE_TRUE;
+	case DRSUAPI_ATTID_governsID:
+	case DRSUAPI_ATTID_attributeID:
+	case DRSUAPI_ATTID_attributeSyntax:
+		return LDB_ERR_COMPARE_FALSE;
+	}
+
+	return LDB_ERR_COMPARE_FALSE;
+}
+
+static int resolve_oids_parse_tree_need(struct ldb_context *ldb,
+					struct dsdb_schema *schema,
+					const struct ldb_parse_tree *tree)
+{
+	unsigned int i;
+	const struct dsdb_attribute *a = NULL;
+	const char *attr;
+	const char *p1;
+	const void *p2;
+	const struct ldb_val *valp = NULL;
+	int ret;
+
+	switch (tree->operation) {
+	case LDB_OP_AND:
+	case LDB_OP_OR:
+		for (i=0;i<tree->u.list.num_elements;i++) {
+			ret = resolve_oids_parse_tree_need(ldb, schema,
+						tree->u.list.elements[i]);
+			if (ret != LDB_ERR_COMPARE_FALSE) {
+				return ret;
+			}
+		}
+		return LDB_ERR_COMPARE_FALSE;
+	case LDB_OP_NOT:
+		return resolve_oids_parse_tree_need(ldb, schema,
+						tree->u.isnot.child);
+	case LDB_OP_EQUALITY:
+		attr = tree->u.equality.attr;
+		valp = &tree->u.equality.value;
+		break;
+	case LDB_OP_GREATER:
+	case LDB_OP_LESS:
+	case LDB_OP_APPROX:
+		attr = tree->u.comparison.attr;
+		valp = &tree->u.comparison.value;
+		break;
+	case LDB_OP_SUBSTRING:
+		attr = tree->u.substring.attr;
+		break;
+	case LDB_OP_PRESENT:
+		attr = tree->u.present.attr;
+		break;
+	case LDB_OP_EXTENDED:
+		attr = tree->u.extended.attr;
+		valp = &tree->u.extended.value;
+		break;
+	default:
+		return LDB_ERR_COMPARE_FALSE;
+	}
+
+	p1 = strchr(attr, '.');
+
+	if (valp) {
+		p2 = memchr(valp->data, '.', valp->length);
+	} else {
+		p2 = NULL;
+	}
+
+	if (!p1 && !p2) {
+		return LDB_ERR_COMPARE_FALSE;
+	}
+
+	if (p1) {
+		a = dsdb_attribute_by_attributeID_oid(schema, attr);
+	} else {
+		a = dsdb_attribute_by_lDAPDisplayName(schema, attr);
+	}
+	if (!a) {
+		return LDB_ERR_COMPARE_FALSE;
+	}
+
+	if (!p2) {
+		return LDB_ERR_COMPARE_FALSE;
+	}
+
+	return resolve_oids_need_value(ldb, schema, a, valp);
+}
+
+static int resolve_oids_element_need(struct ldb_context *ldb,
+				     struct dsdb_schema *schema,
+				     const struct ldb_message_element *el)
+{
+	unsigned int i;
+	const struct dsdb_attribute *a = NULL;
+	const char *p1;
+
+	p1 = strchr(el->name, '.');
+
+	if (p1) {
+		a = dsdb_attribute_by_attributeID_oid(schema, el->name);
+	} else {
+		a = dsdb_attribute_by_lDAPDisplayName(schema, el->name);
+	}
+	if (!a) {
+		return LDB_ERR_COMPARE_FALSE;
+	}
+
+	for (i=0; i < el->num_values; i++) {
+		int ret;
+		ret = resolve_oids_need_value(ldb, schema, a,
+					      &el->values[i]);
+		if (ret != LDB_ERR_COMPARE_FALSE) {
+			return ret;
+		}
+	}
+
+	return LDB_ERR_COMPARE_FALSE;
+}
+
+static int resolve_oids_message_need(struct ldb_context *ldb,
+				     struct dsdb_schema *schema,
+				     const struct ldb_message *msg)
+{
+	unsigned int i;
+
+	for (i=0; i < msg->num_elements; i++) {
+		int ret;
+		ret = resolve_oids_element_need(ldb, schema,
+						&msg->elements[i]);
+		if (ret != LDB_ERR_COMPARE_FALSE) {
+			return ret;
+		}
+	}
+
+	return LDB_ERR_COMPARE_FALSE;
+}
+
+static int resolve_oids_replace_value(struct ldb_context *ldb,
+				      struct dsdb_schema *schema,
+				      const struct dsdb_attribute *a,
+				      struct ldb_val *valp)
+{
+	const struct dsdb_attribute *va = NULL;
+	const struct dsdb_class *vo = NULL;
+	const void *p2;
+	char *str = NULL;
+
+	if (a->syntax->oMSyntax != 6) {
+		return LDB_SUCCESS;
+	}
+
+	if (valp) {
+		p2 = memchr(valp->data, '.', valp->length);
+	} else {
+		p2 = NULL;
+	}
+
+	if (!p2) {
+		return LDB_SUCCESS;
+	}
+
+	switch (a->attributeID_id) {
+	case DRSUAPI_ATTID_objectClass:
+	case DRSUAPI_ATTID_subClassOf:
+	case DRSUAPI_ATTID_auxiliaryClass:
+	case DRSUAPI_ATTID_systemPossSuperiors:
+	case DRSUAPI_ATTID_possSuperiors:
+		str = talloc_strndup(schema, (char *)valp->data, valp->length);
+		if (!str) {
+			return ldb_oom(ldb);
+		}
+		vo = dsdb_class_by_governsID_oid(schema, str);
+		talloc_free(str);
+		if (!vo) {
+			return LDB_SUCCESS;
+		}
+		*valp = data_blob_string_const(vo->lDAPDisplayName);
+		return LDB_SUCCESS;
+	case DRSUAPI_ATTID_systemMustContain:
+	case DRSUAPI_ATTID_systemMayContain:
+	case DRSUAPI_ATTID_mustContain:
+	case DRSUAPI_ATTID_mayContain:
+		str = talloc_strndup(schema, (char *)valp->data, valp->length);
+		if (!str) {
+			return ldb_oom(ldb);
+		}
+		va = dsdb_attribute_by_attributeID_oid(schema, str);
+		talloc_free(str);
+		if (!va) {
+			return LDB_SUCCESS;
+		}
+		*valp = data_blob_string_const(va->lDAPDisplayName);
+		return LDB_SUCCESS;
+	case DRSUAPI_ATTID_governsID:
+	case DRSUAPI_ATTID_attributeID:
+	case DRSUAPI_ATTID_attributeSyntax:
+		return LDB_SUCCESS;
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int resolve_oids_parse_tree_replace(struct ldb_context *ldb,
+					   struct dsdb_schema *schema,
+					   struct ldb_parse_tree *tree)
+{
+	unsigned int i;
+	const struct dsdb_attribute *a = NULL;
+	const char **attrp;
+	const char *p1;
+	const void *p2;
+	struct ldb_val *valp = NULL;
+	int ret;
+
+	switch (tree->operation) {
+	case LDB_OP_AND:
+	case LDB_OP_OR:
+		for (i=0;i<tree->u.list.num_elements;i++) {
+			ret = resolve_oids_parse_tree_replace(ldb, schema,
+							tree->u.list.elements[i]);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+		}
+		return LDB_SUCCESS;
+	case LDB_OP_NOT:
+		return resolve_oids_parse_tree_replace(ldb, schema,
+						tree->u.isnot.child);
+	case LDB_OP_EQUALITY:
+		attrp = &tree->u.equality.attr;
+		valp = &tree->u.equality.value;
+		break;
+	case LDB_OP_GREATER:
+	case LDB_OP_LESS:
+	case LDB_OP_APPROX:
+		attrp = &tree->u.comparison.attr;
+		valp = &tree->u.comparison.value;
+		break;
+	case LDB_OP_SUBSTRING:
+		attrp = &tree->u.substring.attr;
+		break;
+	case LDB_OP_PRESENT:
+		attrp = &tree->u.present.attr;
+		break;
+	case LDB_OP_EXTENDED:
+		attrp = &tree->u.extended.attr;
+		valp = &tree->u.extended.value;
+		break;
+	default:
+		return LDB_SUCCESS;
+	}
+
+	p1 = strchr(*attrp, '.');
+
+	if (valp) {
+		p2 = memchr(valp->data, '.', valp->length);
+	} else {
+		p2 = NULL;
+	}
+
+	if (!p1 && !p2) {
+		return LDB_SUCCESS;
+	}
+
+	if (p1) {
+		a = dsdb_attribute_by_attributeID_oid(schema, *attrp);
+	} else {
+		a = dsdb_attribute_by_lDAPDisplayName(schema, *attrp);
+	}
+	if (!a) {
+		return LDB_SUCCESS;
+	}
+
+	*attrp = a->lDAPDisplayName;
+
+	if (!p2) {
+		return LDB_SUCCESS;
+	}
+
+	if (a->syntax->oMSyntax != 6) {
+		return LDB_SUCCESS;
+	}
+
+	return resolve_oids_replace_value(ldb, schema, a, valp);
+}
+
+static int resolve_oids_element_replace(struct ldb_context *ldb,
+					struct dsdb_schema *schema,
+					struct ldb_message_element *el)
+{
+	unsigned int i;
+	const struct dsdb_attribute *a = NULL;
+	const char *p1;
+
+	p1 = strchr(el->name, '.');
+
+	if (p1) {
+		a = dsdb_attribute_by_attributeID_oid(schema, el->name);
+	} else {
+		a = dsdb_attribute_by_lDAPDisplayName(schema, el->name);
+	}
+	if (!a) {
+		return LDB_SUCCESS;
+	}
+
+	el->name = a->lDAPDisplayName;
+
+	for (i=0; i < el->num_values; i++) {
+		int ret;
+		ret = resolve_oids_replace_value(ldb, schema, a,
+						 &el->values[i]);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int resolve_oids_message_replace(struct ldb_context *ldb,
+					struct dsdb_schema *schema,
+					struct ldb_message *msg)
+{
+	unsigned int i;
+
+	for (i=0; i < msg->num_elements; i++) {
+		int ret;
+		ret = resolve_oids_element_replace(ldb, schema,
+						   &msg->elements[i]);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	return LDB_SUCCESS;
+}
+
+struct resolve_oids_context {
+	struct ldb_module *module;
+	struct ldb_request *req;
+};
+
+static int resolve_oids_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	struct resolve_oids_context *ac;
+
+	ac = talloc_get_type_abort(req->context, struct resolve_oids_context);
+
+	if (!ares) {
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+		return ldb_module_send_entry(ac->req, ares->message, ares->controls);
+
+	case LDB_REPLY_REFERRAL:
+		return ldb_module_send_referral(ac->req, ares->referral);
+
+	case LDB_REPLY_DONE:
+		return ldb_module_done(ac->req, ares->controls,
+				       ares->response, LDB_SUCCESS);
+
+	}
+	return LDB_SUCCESS;
+}
+
+static int resolve_oids_search(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct dsdb_schema *schema;
+	struct ldb_parse_tree *tree;
+	struct ldb_request *down_req;
+	struct resolve_oids_context *ac;
+	int ret;
+	bool needed = false;
+	const char * const *attrs1;
+	const char **attrs2;
+	unsigned int i;
+
+	ldb = ldb_module_get_ctx(module);
+	schema = dsdb_get_schema(ldb, NULL);
+
+	if (!schema) {
+		return ldb_next_request(module, req);
+	}
+
+	/* do not manipulate our control entries */
+	if (ldb_dn_is_special(req->op.search.base)) {
+		return ldb_next_request(module, req);
+	}
+
+	ret = resolve_oids_parse_tree_need(ldb, schema,
+					   req->op.search.tree);
+	if (ret == LDB_ERR_COMPARE_TRUE) {
+		needed = true;
+	} else if (ret != LDB_ERR_COMPARE_FALSE) {
+		return ret;
+	}
+
+	attrs1 = req->op.search.attrs;
+
+	for (i=0; attrs1 && attrs1[i]; i++) {
+		const char *p;
+		const struct dsdb_attribute *a;
+
+		p = strchr(attrs1[i], '.');
+		if (p == NULL) {
+			continue;
+		}
+
+		a = dsdb_attribute_by_attributeID_oid(schema, attrs1[i]);
+		if (a == NULL) {
+			continue;
+		}
+
+		needed = true;
+		break;
+	}
+
+	if (!needed) {
+		return ldb_next_request(module, req);
+	}
+
+	ac = talloc(req, struct resolve_oids_context);
+	if (ac == NULL) {
+		return ldb_oom(ldb);
+	}
+	ac->module = module;
+	ac->req = req;
+
+	tree = ldb_parse_tree_copy_shallow(ac, req->op.search.tree);
+	if (!tree) {
+		return ldb_oom(ldb);
+	}
+
+	schema = talloc_reference(tree, schema);
+	if (!schema) {
+		return ldb_oom(ldb);
+	}
+
+	ret = resolve_oids_parse_tree_replace(ldb, schema,
+					      tree);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	attrs2 = str_list_copy_const(ac,
+				     discard_const_p(const char *, req->op.search.attrs));
+	if (req->op.search.attrs && !attrs2) {
+		return ldb_oom(ldb);
+	}
+
+	for (i=0; attrs2 && attrs2[i]; i++) {
+		const char *p;
+		const struct dsdb_attribute *a;
+
+		p = strchr(attrs2[i], '.');
+		if (p == NULL) {
+			continue;
+		}
+
+		a = dsdb_attribute_by_attributeID_oid(schema, attrs2[i]);
+		if (a == NULL) {
+			continue;
+		}
+
+		attrs2[i] = a->lDAPDisplayName;
+	}
+
+	ret = ldb_build_search_req_ex(&down_req, ldb, ac,
+				      req->op.search.base,
+				      req->op.search.scope,
+				      tree,
+				      attrs2,
+				      req->controls,
+				      ac, resolve_oids_callback,
+				      req);
+	LDB_REQ_SET_LOCATION(down_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/* go on with the call chain */
+	return ldb_next_request(module, down_req);
+}
+
+static int resolve_oids_add(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct dsdb_schema *schema;
+	int ret;
+	struct ldb_message *msg;
+	struct ldb_request *down_req;
+	struct resolve_oids_context *ac;
+
+	ldb = ldb_module_get_ctx(module);
+	schema = dsdb_get_schema(ldb, NULL);
+
+	if (!schema) {
+		return ldb_next_request(module, req);
+	}
+
+	/* do not manipulate our control entries */
+	if (ldb_dn_is_special(req->op.add.message->dn)) {
+		return ldb_next_request(module, req);
+	}
+
+	ret = resolve_oids_message_need(ldb, schema,
+					req->op.add.message);
+	if (ret == LDB_ERR_COMPARE_FALSE) {
+		return ldb_next_request(module, req);
+	} else if (ret != LDB_ERR_COMPARE_TRUE) {
+		return ret;
+	}
+
+	ac = talloc(req, struct resolve_oids_context);
+	if (ac == NULL) {
+		return ldb_oom(ldb);
+	}
+	ac->module = module;
+	ac->req = req;
+
+	msg = ldb_msg_copy_shallow(ac, ac->req->op.add.message);
+	if (!msg) {
+		return ldb_oom(ldb);
+	}
+
+	if (!talloc_reference(msg, schema)) {
+		return ldb_oom(ldb);
+	}
+
+	ret = resolve_oids_message_replace(ldb, schema, msg);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = ldb_build_add_req(&down_req, ldb, ac,
+				msg,
+				req->controls,
+				ac, resolve_oids_callback,
+				req);
+	LDB_REQ_SET_LOCATION(down_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/* go on with the call chain */
+	return ldb_next_request(module, down_req);
+}
+
+static int resolve_oids_modify(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct dsdb_schema *schema;
+	int ret;
+	struct ldb_message *msg;
+	struct ldb_request *down_req;
+	struct resolve_oids_context *ac;
+
+	ldb = ldb_module_get_ctx(module);
+	schema = dsdb_get_schema(ldb, NULL);
+
+	if (!schema) {
+		return ldb_next_request(module, req);
+	}
+
+	/* do not manipulate our control entries */
+	if (ldb_dn_is_special(req->op.mod.message->dn)) {
+		return ldb_next_request(module, req);
+	}
+
+	ret = resolve_oids_message_need(ldb, schema,
+					req->op.mod.message);
+	if (ret == LDB_ERR_COMPARE_FALSE) {
+		return ldb_next_request(module, req);
+	} else if (ret != LDB_ERR_COMPARE_TRUE) {
+		return ret;
+	}
+
+	ac = talloc(req, struct resolve_oids_context);
+	if (ac == NULL) {
+		return ldb_oom(ldb);
+	}
+	ac->module = module;
+	ac->req = req;
+
+	/* we have to copy the message as the caller might have it as a const */
+	msg = ldb_msg_copy_shallow(ac, req->op.mod.message);
+	if (msg == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	if (!talloc_reference(msg, schema)) {
+		return ldb_oom(ldb);
+	}
+
+	ret = resolve_oids_message_replace(ldb, schema, msg);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = ldb_build_mod_req(&down_req, ldb, ac,
+				msg,
+				req->controls,
+				ac, resolve_oids_callback,
+				req);
+	LDB_REQ_SET_LOCATION(down_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/* go on with the call chain */
+	return ldb_next_request(module, down_req);
+}
+
+static const struct ldb_module_ops ldb_resolve_oids_module_ops = {
+	.name		= "resolve_oids",
+	.search		= resolve_oids_search,
+	.add		= resolve_oids_add,
+	.modify		= resolve_oids_modify,
+};
+
+
+int ldb_resolve_oids_module_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_resolve_oids_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/ridalloc.c b/source4/dsdb/samdb/ldb_modules/ridalloc.c
new file mode 100644
index 0000000..aa5f873
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/ridalloc.c
@@ -0,0 +1,829 @@
+/*
+   RID allocation helper functions
+
+   Copyright (C) Andrew Bartlett 2010
+   Copyright (C) Andrew Tridgell 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: ldb
+ *
+ *  Component: RID allocation logic
+ *
+ *  Description: manage RID Set and RID Manager objects
+ *
+ */
+
+#include "includes.h"
+#include "ldb_module.h"
+#include "lib/util/server_id.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+#include "lib/messaging/irpc.h"
+#include "param/param.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "dsdb/samdb/ldb_modules/ridalloc.h"
+
+/*
+  Note: the RID allocation attributes in AD are very badly named. Here
+  is what we think they really do:
+
+  in RID Set object:
+    - rIDPreviousAllocationPool: the pool which a DC is currently
+      pulling RIDs from. Managed by client DC
+
+    - rIDAllocationPool: the pool that the DC will switch to next,
+      when rIDPreviousAllocationPool is exhausted. Managed by RID Manager.
+
+    - rIDNextRID: the last RID allocated by this DC. Managed by client DC
+
+  in RID Manager object:
+    - rIDAvailablePool: the pool where the RID Manager gets new rID
+      pools from when it gets a EXOP_RID_ALLOC getncchanges call (or
+      locally when the DC is the RID Manager)
+ */
+
+
+/*
+  make a IRPC call to the drepl task to ask it to get the RID
+  Manager to give us another RID pool.
+
+  This function just sends the message to the drepl task then
+  returns immediately. It should be called well before we
+  completely run out of RIDs
+ */
+static int ridalloc_poke_rid_manager(struct ldb_module *module)
+{
+	struct imessaging_context *msg;
+	unsigned num_servers;
+	struct server_id *servers;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct loadparm_context *lp_ctx =
+		(struct loadparm_context *)ldb_get_opaque(ldb, "loadparm");
+	TALLOC_CTX *tmp_ctx = talloc_new(module);
+	NTSTATUS status;
+
+	msg = imessaging_client_init(tmp_ctx, lp_ctx,
+				    ldb_get_event_context(ldb));
+	if (!msg) {
+		ldb_asprintf_errstring(ldb_module_get_ctx(module),
+				"Failed to send MSG_DREPL_ALLOCATE_RID, "
+				"unable init client messaging context");
+		DEBUG(3,(__location__ ": Failed to create messaging context\n"));
+		talloc_free(tmp_ctx);
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	status = irpc_servers_byname(msg, msg, "dreplsrv",
+				     &num_servers, &servers);
+	if (!NT_STATUS_IS_OK(status)) {
+		ldb_asprintf_errstring(ldb_module_get_ctx(module),
+				"Failed to send MSG_DREPL_ALLOCATE_RID, "
+				"unable to locate dreplsrv");
+		/* this means the drepl service is not running */
+		talloc_free(tmp_ctx);
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	status = imessaging_send(msg, servers[0], MSG_DREPL_ALLOCATE_RID, NULL);
+
+	/* Only error out if an error happened, not on STATUS_MORE_ENTRIES, ie a delayed message */
+	if (NT_STATUS_IS_ERR(status)) {
+		struct server_id_buf idbuf;
+		ldb_asprintf_errstring(ldb_module_get_ctx(module),
+				"Failed to send MSG_DREPL_ALLOCATE_RID to dreplsrv at %s: %s",
+				server_id_str_buf(*servers, &idbuf),
+				nt_errstr(status));
+		talloc_free(tmp_ctx);
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	talloc_free(tmp_ctx);
+	return LDB_SUCCESS;
+}
+
+
+static const char * const ridalloc_ridset_attrs[] = {
+	"rIDAllocationPool",
+	"rIDPreviousAllocationPool",
+	"rIDNextRID",
+	"rIDUsedPool",
+	NULL
+};
+
+struct ridalloc_ridset_values {
+	uint64_t alloc_pool;
+	uint64_t prev_pool;
+	uint32_t next_rid;
+	uint32_t used_pool;
+};
+
+static void ridalloc_get_ridset_values(struct ldb_message *msg, struct ridalloc_ridset_values *v)
+{
+	v->alloc_pool = ldb_msg_find_attr_as_uint64(msg, "rIDAllocationPool", UINT64_MAX);
+	v->prev_pool = ldb_msg_find_attr_as_uint64(msg, "rIDPreviousAllocationPool", UINT64_MAX);
+	v->next_rid = ldb_msg_find_attr_as_uint(msg, "rIDNextRID", UINT32_MAX);
+	v->used_pool = ldb_msg_find_attr_as_uint(msg, "rIDUsedPool", UINT32_MAX);
+}
+
+static int ridalloc_set_ridset_values(struct ldb_module *module,
+				      struct ldb_message *msg,
+				      const struct ridalloc_ridset_values *o,
+				      const struct ridalloc_ridset_values *n)
+{
+	const uint32_t *o32, *n32;
+	const uint64_t *o64, *n64;
+	int ret;
+
+#define SETUP_PTRS(field, optr, nptr, max) do { \
+	optr = &o->field; \
+	nptr = &n->field; \
+	if (o->field == max) { \
+		optr = NULL; \
+	} \
+	if (n->field == max) { \
+		nptr = NULL; \
+	} \
+	if (o->field == n->field) { \
+		optr = NULL; \
+		nptr = NULL; \
+	} \
+} while(0)
+
+	SETUP_PTRS(alloc_pool, o64, n64, UINT64_MAX);
+	ret = dsdb_msg_constrainted_update_uint64(module, msg,
+						  "rIDAllocationPool",
+						  o64, n64);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	SETUP_PTRS(prev_pool, o64, n64, UINT64_MAX);
+	ret = dsdb_msg_constrainted_update_uint64(module, msg,
+						  "rIDPreviousAllocationPool",
+						  o64, n64);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	SETUP_PTRS(next_rid, o32, n32, UINT32_MAX);
+	ret = dsdb_msg_constrainted_update_uint32(module, msg,
+						  "rIDNextRID",
+						  o32, n32);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	SETUP_PTRS(used_pool, o32, n32, UINT32_MAX);
+	ret = dsdb_msg_constrainted_update_uint32(module, msg,
+						  "rIDUsedPool",
+						  o32, n32);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+#undef SETUP_PTRS
+
+	return LDB_SUCCESS;
+}
+
+/*
+  allocate a new range of RIDs in the RID Manager object
+ */
+static int ridalloc_rid_manager_allocate(struct ldb_module *module, struct ldb_dn *rid_manager_dn, uint64_t *new_pool,
+					 struct ldb_request *parent)
+{
+	int ret;
+	TALLOC_CTX *tmp_ctx = talloc_new(module);
+	const char *attrs[] = { "rIDAvailablePool", NULL };
+	uint64_t rid_pool, new_rid_pool, dc_pool;
+	uint32_t rid_pool_lo, rid_pool_hi;
+	struct ldb_result *res;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	const unsigned alloc_size = 500;
+
+	ret = dsdb_module_search_dn(module, tmp_ctx, &res, rid_manager_dn,
+	                            attrs, DSDB_FLAG_NEXT_MODULE, parent);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb, "Failed to find rIDAvailablePool in %s - %s",
+				       ldb_dn_get_linearized(rid_manager_dn), ldb_errstring(ldb));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	rid_pool = ldb_msg_find_attr_as_uint64(res->msgs[0], "rIDAvailablePool", 0);
+	rid_pool_lo = rid_pool & 0xFFFFFFFF;
+	rid_pool_hi = rid_pool >> 32;
+	if (rid_pool_lo >= rid_pool_hi) {
+		ldb_asprintf_errstring(ldb, "Out of RIDs in RID Manager - rIDAvailablePool is %u-%u",
+				       rid_pool_lo, rid_pool_hi);
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	/* lower part of new pool is the low part of the rIDAvailablePool */
+	dc_pool = rid_pool_lo;
+
+	/* allocate 500 RIDs to this DC */
+	rid_pool_lo = MIN(rid_pool_hi, rid_pool_lo + alloc_size);
+
+	/* work out upper part of new pool */
+	dc_pool |= (((uint64_t)rid_pool_lo-1)<<32);
+
+	/* and new rIDAvailablePool value */
+	new_rid_pool = rid_pool_lo | (((uint64_t)rid_pool_hi)<<32);
+
+	ret = dsdb_module_constrainted_update_uint64(module, rid_manager_dn, "rIDAvailablePool",
+						     &rid_pool, &new_rid_pool, parent);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb, "Failed to update rIDAvailablePool - %s",
+				       ldb_errstring(ldb));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	(*new_pool) = dc_pool;
+	talloc_free(tmp_ctx);
+	return LDB_SUCCESS;
+}
+
+/*
+  create a RID Set object for the specified DC
+ */
+static int ridalloc_create_rid_set_ntds(struct ldb_module *module, TALLOC_CTX *mem_ctx,
+					struct ldb_dn *rid_manager_dn,
+					struct ldb_dn *ntds_dn, struct ldb_dn **dn,
+					struct ldb_request *parent)
+{
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	struct ldb_dn *server_dn, *machine_dn, *rid_set_dn;
+	int ret;
+	struct ldb_message *msg;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	static const struct ridalloc_ridset_values o = {
+		.alloc_pool	= UINT64_MAX,
+		.prev_pool	= UINT64_MAX,
+		.next_rid	= UINT32_MAX,
+		.used_pool	= UINT32_MAX,
+	};
+	struct ridalloc_ridset_values n = {
+		.alloc_pool	= 0,
+		.prev_pool	= 0,
+		.next_rid	= 0,
+		.used_pool	= 0,
+	};
+	const char *no_attrs[] = { NULL };
+	struct ldb_result *res;
+
+	/*
+	  steps:
+
+	  find the machine object for the DC
+	  construct the RID Set DN
+	  load rIDAvailablePool to find next available set
+	  modify RID Manager object to update rIDAvailablePool
+	  add the RID Set object
+	  link to the RID Set object in machine object
+	 */
+
+	server_dn = ldb_dn_get_parent(tmp_ctx, ntds_dn);
+	if (!server_dn) {
+		talloc_free(tmp_ctx);
+		return ldb_module_oom(module);
+	}
+
+	ret = dsdb_module_reference_dn(module, tmp_ctx, server_dn, "serverReference", &machine_dn, parent);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb, "Failed to find serverReference in %s - %s",
+				       ldb_dn_get_linearized(server_dn), ldb_errstring(ldb));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	rid_set_dn = ldb_dn_copy(tmp_ctx, machine_dn);
+	if (rid_set_dn == NULL) {
+		talloc_free(tmp_ctx);
+		return ldb_module_oom(module);
+	}
+
+	if (! ldb_dn_add_child_fmt(rid_set_dn, "CN=RID Set")) {
+		talloc_free(tmp_ctx);
+		return ldb_module_oom(module);
+	}
+
+	/* grab a pool from the RID Manager object */
+	ret = ridalloc_rid_manager_allocate(module, rid_manager_dn, &n.alloc_pool, parent);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	/* create the RID Set object */
+	msg = ldb_msg_new(tmp_ctx);
+	msg->dn = rid_set_dn;
+
+	ret = ldb_msg_add_string(msg, "objectClass", "rIDSet");
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	ret = ridalloc_set_ridset_values(module, msg, &o, &n);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	/* we need this to go all the way to the top of the module
+	 * stack, as we need all the extra attributes added (including
+	 * complex ones like ntsecuritydescriptor).  We must do this
+	 * as system, otherwise a user might end up owning the RID
+	 * set, and that would be bad... */
+	ret = dsdb_module_add(module, msg,
+			      DSDB_FLAG_TOP_MODULE | DSDB_FLAG_AS_SYSTEM
+			      | DSDB_MODIFY_RELAX, parent);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb, "Failed to add RID Set %s - %s",
+				       ldb_dn_get_linearized(msg->dn),
+				       ldb_errstring(ldb));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	/* add the rIDSetReferences link */
+	msg = ldb_msg_new(tmp_ctx);
+	msg->dn = machine_dn;
+
+	/* we need the extended DN of the RID Set object for
+	 * rIDSetReferences */
+	ret = dsdb_module_search_dn(module, msg, &res, rid_set_dn, no_attrs,
+				    DSDB_FLAG_NEXT_MODULE | DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT, parent);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb, "Failed to find extended DN of RID Set %s - %s",
+				       ldb_dn_get_linearized(msg->dn),
+				       ldb_errstring(ldb));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+	rid_set_dn = res->msgs[0]->dn;
+
+
+	ret = ldb_msg_add_string(msg, "rIDSetReferences", ldb_dn_get_extended_linearized(msg, rid_set_dn, 1));
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+	msg->elements[0].flags = LDB_FLAG_MOD_ADD;
+
+	ret = dsdb_module_modify(module, msg,
+				 DSDB_FLAG_NEXT_MODULE|DSDB_FLAG_AS_SYSTEM,
+				 parent);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb, "Failed to add rIDSetReferences to %s - %s",
+				       ldb_dn_get_linearized(msg->dn),
+				       ldb_errstring(ldb));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	(*dn) = talloc_steal(mem_ctx, rid_set_dn);
+
+	talloc_free(tmp_ctx);
+	return LDB_SUCCESS;
+}
+
+
+/*
+  create a RID Set object for this DC
+ */
+int ridalloc_create_own_rid_set(struct ldb_module *module, TALLOC_CTX *mem_ctx,
+				struct ldb_dn **dn, struct ldb_request *parent)
+{
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	struct ldb_dn *rid_manager_dn, *fsmo_role_dn;
+	int ret;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct GUID fsmo_role_guid;
+	const struct GUID *our_ntds_guid;
+	NTSTATUS status;
+
+	/* work out who is the RID Manager */
+	ret = dsdb_module_rid_manager_dn(module, tmp_ctx, &rid_manager_dn, parent);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb, "Failed to find RID Manager object - %s",
+				       ldb_errstring(ldb));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	/* find the DN of the RID Manager */
+	ret = dsdb_module_reference_dn(module, tmp_ctx, rid_manager_dn, "fSMORoleOwner", &fsmo_role_dn, parent);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb, "Failed to find fSMORoleOwner in RID Manager object - %s",
+				       ldb_errstring(ldb));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	status = dsdb_get_extended_dn_guid(fsmo_role_dn, &fsmo_role_guid, "GUID");
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(tmp_ctx);
+		return ldb_operr(ldb_module_get_ctx(module));
+	}
+
+	/* clear the cache so we don't get an old ntds_guid */
+	if (ldb_set_opaque(ldb, "cache.ntds_guid", NULL) != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ldb_operr(ldb_module_get_ctx(module));
+	}
+
+	our_ntds_guid = samdb_ntds_objectGUID(ldb_module_get_ctx(module));
+	if (!our_ntds_guid) {
+		talloc_free(tmp_ctx);
+		return ldb_operr(ldb_module_get_ctx(module));
+	}
+
+	if (!GUID_equal(&fsmo_role_guid, our_ntds_guid)) {
+		ret = ridalloc_poke_rid_manager(module);
+		if (ret != LDB_SUCCESS) {
+			ldb_asprintf_errstring(ldb,
+					"Request for remote creation of "
+					"RID Set for this DC failed: %s",
+					ldb_errstring(ldb));
+		} else {
+			ldb_asprintf_errstring(ldb,
+					"Remote RID Set creation needed");
+		}
+		talloc_free(tmp_ctx);
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	ret = ridalloc_create_rid_set_ntds(module, mem_ctx, rid_manager_dn, fsmo_role_dn, dn, parent);
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+/*
+  get a new RID pool for ourselves
+  also returns the first rid for the new pool
+ */
+
+int ridalloc_new_own_pool(struct ldb_module *module, uint64_t *new_pool, struct ldb_request *parent)
+{
+	TALLOC_CTX *tmp_ctx = talloc_new(module);
+	struct ldb_dn *rid_manager_dn, *fsmo_role_dn;
+	int ret;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	bool is_us;
+
+	/* work out who is the RID Manager */
+	ret = dsdb_module_rid_manager_dn(module, tmp_ctx, &rid_manager_dn, parent);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb, "Failed to find RID Manager object - %s",
+				       ldb_errstring(ldb));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	/* find the DN of the RID Manager */
+	ret = dsdb_module_reference_dn(module, tmp_ctx, rid_manager_dn, "fSMORoleOwner", &fsmo_role_dn, parent);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb, "Failed to find fSMORoleOwner in RID Manager object - %s",
+				       ldb_errstring(ldb));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	ret = samdb_dn_is_our_ntdsa(ldb, fsmo_role_dn, &is_us);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb, "Failed to confirm if our ntdsDsa is %s: %s",
+				       ldb_dn_get_linearized(fsmo_role_dn), ldb_errstring(ldb));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+	
+	if (!is_us) {
+		ret = ridalloc_poke_rid_manager(module);
+		if (ret != LDB_SUCCESS) {
+			ldb_asprintf_errstring(ldb, "Request for remote refresh of RID Set allocation failed: %s",
+					       ldb_errstring(ldb));
+		} else {
+			ldb_asprintf_errstring(ldb, "Remote RID Set refresh needed");
+		}
+		talloc_free(tmp_ctx);
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	/* grab a pool from the RID Manager object */
+	ret = ridalloc_rid_manager_allocate(module, rid_manager_dn, new_pool, parent);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+
+/* allocate a RID using our RID Set
+   If we run out of RIDs then allocate a new pool
+   either locally or by contacting the RID Manager
+*/
+int ridalloc_allocate_rid(struct ldb_module *module, uint32_t *rid, struct ldb_request *parent)
+{
+	struct ldb_context *ldb;
+	int ret;
+	struct ldb_dn *rid_set_dn;
+	struct ldb_result *res;
+	struct ldb_message *msg;
+	struct ridalloc_ridset_values oridset;
+	struct ridalloc_ridset_values nridset;
+	uint32_t prev_pool_lo, prev_pool_hi;
+	TALLOC_CTX *tmp_ctx = talloc_new(module);
+
+	(*rid) = 0;
+	ldb = ldb_module_get_ctx(module);
+
+	ret = samdb_rid_set_dn(ldb, tmp_ctx, &rid_set_dn);
+	if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE) {
+		ret = ridalloc_create_own_rid_set(module, tmp_ctx, &rid_set_dn, parent);
+	}
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb, __location__ ": No RID Set DN - %s",
+				       ldb_errstring(ldb));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	ret = dsdb_module_search_dn(module, tmp_ctx, &res, rid_set_dn,
+				    ridalloc_ridset_attrs, DSDB_FLAG_NEXT_MODULE, parent);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb, __location__ ": No RID Set %s",
+				       ldb_dn_get_linearized(rid_set_dn));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	ridalloc_get_ridset_values(res->msgs[0], &oridset);
+	if (oridset.alloc_pool == UINT64_MAX) {
+		ldb_asprintf_errstring(ldb, __location__ ": Bad RID Set %s",
+				       ldb_dn_get_linearized(rid_set_dn));
+		talloc_free(tmp_ctx);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	nridset = oridset;
+
+	/*
+	 * If we never used a pool, setup out first pool
+	 */
+	if (nridset.prev_pool == UINT64_MAX ||
+	    nridset.next_rid == UINT32_MAX) {
+		nridset.prev_pool = nridset.alloc_pool;
+		nridset.next_rid = nridset.prev_pool & 0xFFFFFFFF;
+	} else {
+		nridset.next_rid += 1;
+	}
+
+	/*
+	 * Now check if our current pool is still usable
+	 */
+	prev_pool_lo = nridset.prev_pool & 0xFFFFFFFF;
+	prev_pool_hi = nridset.prev_pool >> 32;
+	if (nridset.next_rid > prev_pool_hi) {
+		/*
+		 * We need a new pool, check if we already have a new one
+		 * Otherwise we need to get a new pool.
+		 */
+		if (nridset.alloc_pool == nridset.prev_pool) {
+			/*
+			 * if we are the RID Manager,
+			 * we can get a new pool locally.
+			 * Otherwise we fail the operation and
+			 * ask async for a new pool.
+			 */
+			ret = ridalloc_new_own_pool(module, &nridset.alloc_pool, parent);
+			if (ret != LDB_SUCCESS) {
+				ldb_asprintf_errstring(ldb, "NO RID values available: %s",
+						       ldb_errstring(ldb));
+				talloc_free(tmp_ctx);
+				return ret;
+			}
+		}
+
+		/*
+		 * increment the rIDUsedPool attribute
+		 *
+		 * Note: w2k8r2 doesn't update this attribute,
+		 *       at least if it's itself the rid master.
+		 */
+		nridset.used_pool += 1;
+
+		/* now use the new pool */
+		nridset.prev_pool = nridset.alloc_pool;
+		prev_pool_lo = nridset.prev_pool & 0xFFFFFFFF;
+		prev_pool_hi = nridset.prev_pool >> 32;
+		nridset.next_rid = prev_pool_lo;
+	}
+
+	if (nridset.next_rid < prev_pool_lo || nridset.next_rid > prev_pool_hi) {
+		ldb_asprintf_errstring(ldb, __location__ ": Bad rid chosen %u from range %u-%u",
+				       (unsigned)nridset.next_rid,
+				       (unsigned)prev_pool_lo,
+				       (unsigned)prev_pool_hi);
+		talloc_free(tmp_ctx);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	/*
+	 * if we are half-exhausted then try to get a new pool.
+	 */
+	if (nridset.next_rid > (prev_pool_hi + prev_pool_lo)/2 &&
+	    nridset.alloc_pool == nridset.prev_pool) {
+		/*
+		 * if we are the RID Manager,
+		 * we can get a new pool locally.
+		 * Otherwise we fail the operation and
+		 * ask async for a new pool.
+		 */
+		ret = ridalloc_new_own_pool(module, &nridset.alloc_pool, parent);
+		if (ret == LDB_ERR_UNWILLING_TO_PERFORM) {
+			ldb_reset_err_string(ldb);
+			ret = LDB_SUCCESS;
+		}
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+	}
+
+	/*
+	 * update the values
+	 */
+	msg = ldb_msg_new(tmp_ctx);
+	if (msg == NULL) {
+		return ldb_module_oom(module);
+	}
+	msg->dn = rid_set_dn;
+
+	ret = ridalloc_set_ridset_values(module, msg,
+					 &oridset, &nridset);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	ret = dsdb_module_modify(module, msg, DSDB_FLAG_NEXT_MODULE|DSDB_FLAG_AS_SYSTEM, parent);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	talloc_free(tmp_ctx);
+	*rid = nridset.next_rid;
+	return LDB_SUCCESS;
+}
+
+
+/*
+  called by DSDB_EXTENDED_ALLOCATE_RID_POOL extended operation in samldb
+
+  This is for the DRS server to allocate a RID Pool for another server.
+
+  Called by another server over DRS (which calls this extended
+  operation), it runs on the RID Manager only.
+ */
+int ridalloc_allocate_rid_pool_fsmo(struct ldb_module *module, struct dsdb_fsmo_extended_op *exop,
+				    struct ldb_request *parent)
+{
+	struct ldb_dn *ntds_dn, *server_dn, *machine_dn, *rid_set_dn;
+	struct ldb_dn *rid_manager_dn;
+	TALLOC_CTX *tmp_ctx = talloc_new(module);
+	int ret;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct ldb_result *res;
+	struct ldb_message *msg;
+	struct ridalloc_ridset_values oridset, nridset;
+
+	ret = dsdb_module_dn_by_guid(module, tmp_ctx, &exop->destination_dsa_guid, &ntds_dn, parent);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb, __location__ ": Unable to find NTDS object for guid %s - %s\n",
+				       GUID_string(tmp_ctx, &exop->destination_dsa_guid), ldb_errstring(ldb));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	server_dn = ldb_dn_get_parent(tmp_ctx, ntds_dn);
+	if (!server_dn) {
+		talloc_free(tmp_ctx);
+		return ldb_module_oom(module);
+	}
+
+	ret = dsdb_module_reference_dn(module, tmp_ctx, server_dn, "serverReference", &machine_dn, parent);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb, __location__ ": Failed to find serverReference in %s - %s",
+				       ldb_dn_get_linearized(server_dn), ldb_errstring(ldb));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	ret = dsdb_module_rid_manager_dn(module, tmp_ctx, &rid_manager_dn, parent);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb, __location__ ": Failed to find RID Manager object - %s",
+				       ldb_errstring(ldb));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	ret = dsdb_module_reference_dn(module, tmp_ctx, machine_dn, "rIDSetReferences", &rid_set_dn, parent);
+	if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE) {
+		ret = ridalloc_create_rid_set_ntds(module, tmp_ctx, rid_manager_dn, ntds_dn, &rid_set_dn, parent);
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb, "Failed to find rIDSetReferences in %s - %s",
+				       ldb_dn_get_linearized(machine_dn), ldb_errstring(ldb));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	ret = dsdb_module_search_dn(module, tmp_ctx, &res, rid_set_dn,
+				    ridalloc_ridset_attrs, DSDB_FLAG_NEXT_MODULE, parent);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb, __location__ ": No RID Set %s",
+				       ldb_dn_get_linearized(rid_set_dn));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	ridalloc_get_ridset_values(res->msgs[0], &oridset);
+	if (oridset.alloc_pool == UINT64_MAX) {
+		ldb_asprintf_errstring(ldb, __location__ ": Bad RID Set %s",
+				       ldb_dn_get_linearized(rid_set_dn));
+		talloc_free(tmp_ctx);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	nridset = oridset;
+
+	if (exop->fsmo_info != 0) {
+
+		if (nridset.alloc_pool != exop->fsmo_info) {
+			/* it has already been updated */
+			DEBUG(2,(__location__ ": rIDAllocationPool fsmo_info mismatch - already changed (0x%llx 0x%llx)\n",
+				 (unsigned long long)exop->fsmo_info,
+				 (unsigned long long)nridset.alloc_pool));
+			talloc_free(tmp_ctx);
+			return LDB_SUCCESS;
+		}
+	}
+
+	/* grab a pool from the RID Manager object */
+	ret = ridalloc_rid_manager_allocate(module, rid_manager_dn, &nridset.alloc_pool, parent);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	/*
+	 * update the values
+	 */
+	msg = ldb_msg_new(tmp_ctx);
+	if (msg == NULL) {
+		return ldb_module_oom(module);
+	}
+	msg->dn = rid_set_dn;
+
+	ret = ridalloc_set_ridset_values(module, msg,
+					 &oridset, &nridset);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	ret = dsdb_module_modify(module, msg, DSDB_FLAG_NEXT_MODULE|DSDB_FLAG_AS_SYSTEM, parent);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb, "Failed to modify RID Set object %s - %s",
+				       ldb_dn_get_linearized(rid_set_dn), ldb_errstring(ldb));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	talloc_free(tmp_ctx);
+	return LDB_SUCCESS;
+}
diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c
new file mode 100644
index 0000000..d80d2af
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/rootdse.c
@@ -0,0 +1,1802 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   rootDSE ldb module
+
+   Copyright (C) Andrew Tridgell 2005
+   Copyright (C) Simo Sorce 2005-2008
+   Copyright (C) Matthieu Patou <mat@matws.net> 2011
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <ldb.h>
+#include <ldb_module.h>
+#include "system/time.h"
+#include "dsdb/samdb/samdb.h"
+#include "version.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+#include "libcli/security/security.h"
+#include "librpc/ndr/libndr.h"
+#include "auth/auth.h"
+#include "param/param.h"
+#include "lib/messaging/irpc.h"
+#include "librpc/gen_ndr/ndr_irpc_c.h"
+#include "lib/tsocket/tsocket.h"
+#include "cldap_server/cldap_server.h"
+#include "lib/events/events.h"
+
+#undef strcasecmp
+
+struct rootdse_private_data {
+	unsigned int num_controls;
+	char **controls;
+	unsigned int num_partitions;
+	struct ldb_dn **partitions;
+	bool block_anonymous;
+	struct tevent_context *saved_ev;
+	struct tevent_context *private_ev;
+};
+
+struct rootdse_context {
+	struct ldb_module *module;
+	struct ldb_request *req;
+	struct ldb_val netlogon;
+};
+
+/*
+  return 1 if a specific attribute has been requested
+*/
+static int do_attribute(const char * const *attrs, const char *name)
+{
+	return attrs == NULL ||
+		ldb_attr_in_list(attrs, name) ||
+		ldb_attr_in_list(attrs, "*");
+}
+
+static int do_attribute_explicit(const char * const *attrs, const char *name)
+{
+	return attrs != NULL && ldb_attr_in_list(attrs, name);
+}
+
+
+/*
+  expand a DN attribute to include extended DN information if requested
+ */
+static int expand_dn_in_message(struct ldb_module *module, struct ldb_message *msg,
+				const char *attrname, struct ldb_control *edn_control,
+				struct ldb_request *req)
+{
+	struct ldb_dn *dn, *dn2;
+	struct ldb_val *v;
+	int ret;
+	struct ldb_request *req2;
+	char *dn_string;
+	const char *no_attrs[] = { NULL };
+	struct ldb_result *res;
+	struct ldb_extended_dn_control *ext_dn;
+	TALLOC_CTX *tmp_ctx = talloc_new(req);
+	struct ldb_context *ldb;
+	int edn_type = 0;
+	unsigned int i;
+	struct ldb_message_element *el;
+
+	ldb = ldb_module_get_ctx(module);
+
+	ext_dn = talloc_get_type(edn_control->data, struct ldb_extended_dn_control);
+	if (ext_dn) {
+		edn_type = ext_dn->type;
+	}
+
+	el = ldb_msg_find_element(msg, attrname);
+	if (!el || el->num_values == 0) {
+		return LDB_SUCCESS;
+	}
+
+	for (i = 0; i < el->num_values; i++) {
+		v = &el->values[i];
+		if (v == NULL) {
+			talloc_free(tmp_ctx);
+			return LDB_SUCCESS;
+		}
+
+		dn_string = talloc_strndup(tmp_ctx, (const char *)v->data, v->length);
+		if (dn_string == NULL) {
+			talloc_free(tmp_ctx);
+			return ldb_operr(ldb);
+		}
+
+		res = talloc_zero(tmp_ctx, struct ldb_result);
+		if (res == NULL) {
+			talloc_free(tmp_ctx);
+			return ldb_operr(ldb);
+		}
+
+		dn = ldb_dn_new(tmp_ctx, ldb, dn_string);
+		if (dn == NULL) {
+			talloc_free(tmp_ctx);
+			return ldb_operr(ldb);
+		}
+
+		ret = ldb_build_search_req(&req2, ldb, tmp_ctx,
+					dn,
+					LDB_SCOPE_BASE,
+					NULL,
+					no_attrs,
+					NULL,
+					res, ldb_search_default_callback,
+					req);
+		LDB_REQ_SET_LOCATION(req2);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+
+		ret = dsdb_request_add_controls(req2, DSDB_FLAG_AS_SYSTEM |
+						DSDB_SEARCH_SHOW_EXTENDED_DN);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ldb_error(ldb, ret, "Failed to add control");
+		}
+
+		ret = ldb_next_request(module, req2);
+		if (ret == LDB_SUCCESS) {
+			ret = ldb_wait(req2->handle, LDB_WAIT_ALL);
+		}
+
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+
+		if (!res || res->count != 1) {
+			talloc_free(tmp_ctx);
+			return ldb_operr(ldb);
+		}
+
+		dn2 = res->msgs[0]->dn;
+
+		v->data = (uint8_t *)ldb_dn_get_extended_linearized(msg->elements, dn2, edn_type);
+		if (v->data == NULL) {
+			talloc_free(tmp_ctx);
+			return ldb_operr(ldb);
+		}
+		v->length = strlen((char *)v->data);
+	}
+
+	talloc_free(tmp_ctx);
+
+	return LDB_SUCCESS;
+}
+
+/*
+  see if we are master for a FSMO role
+ */
+static int dsdb_module_we_are_master(struct ldb_module *module, struct ldb_dn *dn, bool *master,
+				     struct ldb_request *parent)
+{
+	const char *attrs[] = { "fSMORoleOwner", NULL };
+	TALLOC_CTX *tmp_ctx = talloc_new(parent);
+	struct ldb_result *res;
+	int ret;
+	struct ldb_dn *owner_dn;
+
+	ret = dsdb_module_search_dn(module, tmp_ctx, &res,
+				    dn, attrs,
+				    DSDB_FLAG_NEXT_MODULE |
+				    DSDB_FLAG_AS_SYSTEM |
+				    DSDB_SEARCH_SHOW_EXTENDED_DN,
+				    parent);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	owner_dn = ldb_msg_find_attr_as_dn(ldb_module_get_ctx(module),
+					   tmp_ctx, res->msgs[0], "fSMORoleOwner");
+	if (!owner_dn) {
+		*master = false;
+		talloc_free(tmp_ctx);
+		return LDB_SUCCESS;
+	}
+
+	ret = samdb_dn_is_our_ntdsa(ldb_module_get_ctx(module), dn, master);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb_module_get_ctx(module), "Failed to confirm if our ntdsDsa is %s: %s",
+				       ldb_dn_get_linearized(owner_dn), ldb_errstring(ldb_module_get_ctx(module)));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	talloc_free(tmp_ctx);
+	return LDB_SUCCESS;
+}
+
+/*
+  add dynamically generated attributes to rootDSE result
+*/
+static int rootdse_add_dynamic(struct rootdse_context *ac, struct ldb_message *msg)
+{
+	struct ldb_context *ldb;
+	struct rootdse_private_data *priv = talloc_get_type(ldb_module_get_private(ac->module), struct rootdse_private_data);
+	const char * const *attrs = ac->req->op.search.attrs;
+	const char **server_sasl = NULL;
+	const struct dsdb_schema *schema;
+	int *val;
+	struct ldb_control *edn_control;
+	const char *dn_attrs[] = {
+		"configurationNamingContext",
+		"defaultNamingContext",
+		"rootDomainNamingContext",
+		"schemaNamingContext",
+		"serverName",
+		"validFSMOs",
+		"namingContexts",
+		NULL
+	};
+	const char *guid_attrs[] = {
+		"dsServiceName",
+		NULL
+	};
+	unsigned int i;
+
+	ldb = ldb_module_get_ctx(ac->module);
+	schema = dsdb_get_schema(ldb, NULL);
+
+	msg->dn = ldb_dn_new(msg, ldb, NULL);
+
+	/* don't return the distinguishedName, cn and name attributes */
+	ldb_msg_remove_attr(msg, "distinguishedName");
+	ldb_msg_remove_attr(msg, "cn");
+	ldb_msg_remove_attr(msg, "name");
+
+	if (do_attribute(attrs, "serverName")) {
+		if (ldb_msg_add_linearized_dn(msg, "serverName",
+			samdb_server_dn(ldb, msg)) != LDB_SUCCESS) {
+			goto failed;
+		}
+	}
+
+	if (do_attribute(attrs, "dnsHostName")) {
+		struct ldb_result *res;
+		int ret;
+		const char *dns_attrs[] = { "dNSHostName", NULL };
+		ret = dsdb_module_search_dn(ac->module, msg, &res, samdb_server_dn(ldb, msg),
+					    dns_attrs,
+					    DSDB_FLAG_NEXT_MODULE |
+					    DSDB_FLAG_AS_SYSTEM,
+					    ac->req);
+		if (ret == LDB_SUCCESS) {
+			const char *hostname = ldb_msg_find_attr_as_string(res->msgs[0], "dNSHostName", NULL);
+			if (hostname != NULL) {
+				if (ldb_msg_add_string(msg, "dnsHostName", hostname)) {
+					goto failed;
+				}
+			}
+		}
+	}
+
+	if (do_attribute(attrs, "ldapServiceName")) {
+		struct loadparm_context *lp_ctx
+			= talloc_get_type(ldb_get_opaque(ldb, "loadparm"),
+					  struct loadparm_context);
+		char *ldap_service_name, *hostname;
+
+		hostname = strlower_talloc(msg, lpcfg_netbios_name(lp_ctx));
+		if (hostname == NULL) {
+			goto failed;
+		}
+
+		ldap_service_name = talloc_asprintf(msg, "%s:%s$@%s",
+						    samdb_forest_name(ldb, msg),
+						    hostname, lpcfg_realm(lp_ctx));
+		if (ldap_service_name == NULL) {
+			goto failed;
+		}
+
+		if (ldb_msg_add_string(msg, "ldapServiceName",
+				       ldap_service_name) != LDB_SUCCESS) {
+			goto failed;
+		}
+	}
+
+	if (do_attribute(attrs, "currentTime")) {
+		char *timestr = ldb_timestring(msg, time(NULL));
+
+		if (timestr == NULL) {
+			goto failed;
+		}
+
+		if (ldb_msg_add_steal_string(
+			    msg, "currentTime", timestr) != LDB_SUCCESS) {
+			goto failed;
+		}
+	}
+
+	if (priv && do_attribute(attrs, "supportedControl")) {
+		for (i = 0; i < priv->num_controls; i++) {
+			char *control = talloc_strdup(msg, priv->controls[i]);
+			if (!control) {
+				goto failed;
+			}
+			if (ldb_msg_add_steal_string(msg, "supportedControl",
+						     control) != LDB_SUCCESS) {
+				goto failed;
+ 			}
+ 		}
+ 	}
+
+	if (priv && do_attribute(attrs, "namingContexts")) {
+		for (i = 0; i < priv->num_partitions; i++) {
+			struct ldb_dn *dn = priv->partitions[i];
+			if (ldb_msg_add_steal_string(msg, "namingContexts",
+						     ldb_dn_alloc_linearized(msg, dn)) != LDB_SUCCESS) {
+				goto failed;
+ 			}
+ 		}
+	}
+
+	server_sasl = talloc_get_type(ldb_get_opaque(ldb, "supportedSASLMechanisms"),
+				       const char *);
+	if (server_sasl && do_attribute(attrs, "supportedSASLMechanisms")) {
+		for (i = 0; server_sasl && server_sasl[i]; i++) {
+			char *sasl_name = talloc_strdup(msg, server_sasl[i]);
+			if (!sasl_name) {
+				goto failed;
+			}
+			if (ldb_msg_add_steal_string(msg, "supportedSASLMechanisms",
+						     sasl_name) != LDB_SUCCESS) {
+				goto failed;
+			}
+		}
+	}
+
+	if (do_attribute(attrs, "highestCommittedUSN")) {
+		uint64_t seq_num;
+		int ret = ldb_sequence_number(ldb, LDB_SEQ_HIGHEST_SEQ, &seq_num);
+		if (ret == LDB_SUCCESS) {
+			if (samdb_msg_add_uint64(ldb, msg, msg,
+						 "highestCommittedUSN",
+						 seq_num) != LDB_SUCCESS) {
+				goto failed;
+			}
+		}
+	}
+
+	if (schema && do_attribute_explicit(attrs, "dsSchemaAttrCount")) {
+		struct dsdb_attribute *cur;
+		unsigned int n = 0;
+
+		for (cur = schema->attributes; cur; cur = cur->next) {
+			n++;
+		}
+
+		if (samdb_msg_add_uint(ldb, msg, msg, "dsSchemaAttrCount",
+				       n) != LDB_SUCCESS) {
+			goto failed;
+		}
+	}
+
+	if (schema && do_attribute_explicit(attrs, "dsSchemaClassCount")) {
+		struct dsdb_class *cur;
+		unsigned int n = 0;
+
+		for (cur = schema->classes; cur; cur = cur->next) {
+			n++;
+		}
+
+		if (samdb_msg_add_uint(ldb, msg, msg, "dsSchemaClassCount",
+				       n) != LDB_SUCCESS) {
+			goto failed;
+		}
+	}
+
+	if (schema && do_attribute_explicit(attrs, "dsSchemaPrefixCount")) {
+		if (samdb_msg_add_uint(ldb, msg, msg, "dsSchemaPrefixCount",
+				       schema->prefixmap->length) != LDB_SUCCESS) {
+			goto failed;
+		}
+	}
+
+	if (do_attribute_explicit(attrs, "validFSMOs")) {
+		struct ldb_dn *dns[3];
+
+		dns[0] = ldb_get_schema_basedn(ldb);
+		dns[1] = samdb_partitions_dn(ldb, msg);
+		dns[2] = ldb_get_default_basedn(ldb);
+
+		for (i=0; i<3; i++) {
+			bool master;
+			int ret = dsdb_module_we_are_master(ac->module, dns[i], &master, ac->req);
+			if (ret != LDB_SUCCESS) {
+				goto failed;
+			}
+			if (master && ldb_msg_add_fmt(msg, "validFSMOs", "%s",
+						      ldb_dn_get_linearized(dns[i])) != LDB_SUCCESS) {
+				goto failed;
+			}
+		}
+	}
+
+	if (do_attribute_explicit(attrs, "vendorVersion")) {
+		if (ldb_msg_add_fmt(msg, "vendorVersion",
+				    "%s", SAMBA_VERSION_STRING) != LDB_SUCCESS) {
+			goto failed;
+		}
+	}
+
+	if (do_attribute(attrs, "domainFunctionality")) {
+		if (samdb_msg_add_int(ldb, msg, msg, "domainFunctionality",
+				      dsdb_functional_level(ldb)) != LDB_SUCCESS) {
+			goto failed;
+		}
+	}
+
+	if (do_attribute(attrs, "forestFunctionality")) {
+		if (samdb_msg_add_int(ldb, msg, msg, "forestFunctionality",
+				      dsdb_forest_functional_level(ldb)) != LDB_SUCCESS) {
+			goto failed;
+		}
+	}
+
+	if (do_attribute(attrs, "domainControllerFunctionality")
+	    && (val = talloc_get_type(ldb_get_opaque(ldb, "domainControllerFunctionality"), int))) {
+		if (samdb_msg_add_int(ldb, msg, msg,
+				      "domainControllerFunctionality",
+				      *val) != LDB_SUCCESS) {
+			goto failed;
+		}
+	}
+
+	if (do_attribute(attrs, "isGlobalCatalogReady")) {
+		/* MS-ADTS 3.1.1.3.2.10
+		   Note, we should only return true here is we have
+		   completed at least one synchronisation. As both
+		   provision and vampire do a full sync, this means we
+		   can return true is the gc bit is set in the NTDSDSA
+		   options */
+		if (ldb_msg_add_fmt(msg, "isGlobalCatalogReady",
+				    "%s", samdb_is_gc(ldb)?"TRUE":"FALSE") != LDB_SUCCESS) {
+			goto failed;
+		}
+	}
+
+	if (do_attribute_explicit(attrs, "tokenGroups")) {
+		/* Obtain the user's session_info */
+		struct auth_session_info *session_info
+			= (struct auth_session_info *)ldb_get_opaque(
+				ldb,
+				DSDB_SESSION_INFO);
+		if (session_info && session_info->security_token) {
+			/* The list of groups this user is in */
+			for (i = 0; i < session_info->security_token->num_sids; i++) {
+				if (samdb_msg_add_dom_sid(ldb, msg, msg,
+							  "tokenGroups",
+							  &session_info->security_token->sids[i]) != LDB_SUCCESS) {
+					goto failed;
+				}
+			}
+		}
+	}
+
+	if (ac->netlogon.length > 0) {
+		if (ldb_msg_add_steal_value(msg, "netlogon", &ac->netlogon) != LDB_SUCCESS) {
+			goto failed;
+		}
+	}
+
+	/* TODO: lots more dynamic attributes should be added here */
+
+	edn_control = ldb_request_get_control(ac->req, LDB_CONTROL_EXTENDED_DN_OID);
+
+	/* convert any GUID attributes to be in the right form */
+	for (i=0; guid_attrs[i]; i++) {
+		struct ldb_result *res;
+		struct ldb_message_element *el;
+		struct ldb_dn *attr_dn;
+		const char *no_attrs[] = { NULL };
+		int ret;
+
+		if (!do_attribute(attrs, guid_attrs[i])) continue;
+
+		attr_dn = ldb_msg_find_attr_as_dn(ldb, ac->req, msg, guid_attrs[i]);
+		if (attr_dn == NULL) {
+			continue;
+		}
+
+		ret = dsdb_module_search_dn(ac->module, ac->req, &res,
+					    attr_dn, no_attrs,
+					    DSDB_FLAG_NEXT_MODULE |
+					    DSDB_FLAG_AS_SYSTEM |
+					    DSDB_SEARCH_SHOW_EXTENDED_DN,
+					    ac->req);
+		if (ret != LDB_SUCCESS) {
+			DBG_WARNING("Failed to convert GUID into full DN in rootDSE for %s: %s: %s\n",
+				    guid_attrs[i],
+				    ldb_dn_get_extended_linearized(ac, attr_dn, 1),
+				    ldb_errstring(ldb));
+			/*
+			 * Provide a meaningful error string but not
+			 * confidential DB contents possibly in the
+			 * original string
+			 */
+			ldb_asprintf_errstring(ldb,
+					       "Failed to find full DN for %s: %s",
+					       guid_attrs[i],
+					       ldb_dn_get_extended_linearized(ac, attr_dn, 1));
+			/* Overstamp the error code, it would confuse the caller */
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+
+		el = ldb_msg_find_element(msg, guid_attrs[i]);
+		if (el == NULL) {
+			return ldb_operr(ldb);
+		}
+
+		talloc_steal(el->values, res->msgs[0]->dn);
+		if (edn_control) {
+			struct ldb_extended_dn_control *ext_dn;
+			int edn_type = 0;
+			ext_dn = talloc_get_type(edn_control->data, struct ldb_extended_dn_control);
+			if (ext_dn != NULL) {
+				edn_type = ext_dn->type;
+			}
+			el->values[0].data  = (uint8_t *)ldb_dn_get_extended_linearized(el->values,
+											res->msgs[0]->dn,
+											edn_type);
+		} else {
+			el->values[0].data  = (uint8_t *)talloc_strdup(el->values,
+								       ldb_dn_get_linearized(res->msgs[0]->dn));
+		}
+		if (el->values[0].data == NULL) {
+			return ldb_oom(ldb);
+		}
+		el->values[0].length = strlen((const char *)el->values[0].data);
+	}
+
+	/* if the client sent us the EXTENDED_DN control then we need
+	   to expand the DNs to have GUID and SID. W2K8 join relies on
+	   this */
+	if (edn_control) {
+		int ret;
+		for (i=0; dn_attrs[i]; i++) {
+			if (!do_attribute(attrs, dn_attrs[i])) continue;
+			ret = expand_dn_in_message(ac->module, msg, dn_attrs[i],
+						   edn_control, ac->req);
+			if (ret != LDB_SUCCESS) {
+				DEBUG(0,(__location__ ": Failed to expand DN in rootDSE for %s\n",
+					 dn_attrs[i]));
+				goto failed;
+			}
+		}
+	}
+
+	return LDB_SUCCESS;
+
+failed:
+	return ldb_operr(ldb);
+}
+
+/*
+  handle search requests
+*/
+
+static struct rootdse_context *rootdse_init_context(struct ldb_module *module,
+						    struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct rootdse_context *ac;
+
+	ldb = ldb_module_get_ctx(module);
+
+	ac = talloc_zero(req, struct rootdse_context);
+	if (ac == NULL) {
+		ldb_set_errstring(ldb, "Out of Memory");
+		return NULL;
+	}
+
+	ac->module = module;
+	ac->req = req;
+
+	return ac;
+}
+
+static int rootdse_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	struct rootdse_context *ac;
+	int ret;
+
+	ac = talloc_get_type(req->context, struct rootdse_context);
+
+	if (!ares) {
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+		/* for each record returned post-process to add any dynamic
+		   attributes that have been asked for */
+		ret = rootdse_add_dynamic(ac, ares->message);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(ares);
+			return ldb_module_done(ac->req, NULL, NULL, ret);
+		}
+
+		return ldb_module_send_entry(ac->req, ares->message, ares->controls);
+
+	case LDB_REPLY_REFERRAL:
+		/* should we allow the backend to return referrals in this case
+		 * ?? */
+		break;
+
+	case LDB_REPLY_DONE:
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	talloc_free(ares);
+	return LDB_SUCCESS;
+}
+
+/*
+  filter from controls from clients in several ways
+
+  1) mark our registered controls as non-critical in the request
+
+    This is needed as clients may mark controls as critical even if
+    they are not needed at all in a request. For example, the centrify
+    client sets the SD_FLAGS control as critical on ldap modify
+    requests which are setting the dNSHostName attribute on the
+    machine account. That request doesn't need SD_FLAGS at all, but
+    centrify adds it on all ldap requests.
+
+  2) if this request is untrusted then remove any non-registered
+     controls that are non-critical
+
+    This is used on ldap:// connections to prevent remote users from
+    setting an internal control that may be dangerous
+
+  3) if this request is untrusted then fail any request that includes
+     a critical non-registered control
+ */
+static int rootdse_filter_controls(struct ldb_module *module, struct ldb_request *req)
+{
+	unsigned int i, j;
+	struct rootdse_private_data *priv = talloc_get_type(ldb_module_get_private(module), struct rootdse_private_data);
+	bool is_untrusted;
+
+	if (!req->controls) {
+		return LDB_SUCCESS;
+	}
+
+	is_untrusted = ldb_req_is_untrusted(req);
+
+	for (i=0; req->controls[i]; i++) {
+		bool is_registered = false;
+		bool is_critical = (req->controls[i]->critical != 0);
+
+		if (req->controls[i]->oid == NULL) {
+			continue;
+		}
+
+		if (is_untrusted || is_critical) {
+			for (j=0; j<priv->num_controls; j++) {
+				if (strcasecmp(priv->controls[j], req->controls[i]->oid) == 0) {
+					is_registered = true;
+					break;
+				}
+			}
+		}
+
+		if (is_untrusted && !is_registered) {
+			if (!is_critical) {
+				/* remove it by marking the oid NULL */
+				req->controls[i]->oid = NULL;
+				req->controls[i]->data = NULL;
+				req->controls[i]->critical = 0;
+				continue;
+			}
+			/* its a critical unregistered control - give
+			   an error */
+			ldb_asprintf_errstring(ldb_module_get_ctx(module),
+					       "Attempt to use critical non-registered control '%s'",
+					       req->controls[i]->oid);
+			return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
+		}
+
+		if (!is_critical) {
+			continue;
+		}
+
+		/*
+		 * If the control is DIRSYNC, SORT or VLV then we keep the
+		 * critical flag as the modules will need to act upon it.
+		 *
+		 * These modules have to unset the critical flag after the
+		 * request has been seen by the correct module.
+		 */
+		if (is_registered &&
+		    strcmp(req->controls[i]->oid,
+			   LDB_CONTROL_DIRSYNC_OID) != 0 &&
+		    strcmp(req->controls[i]->oid,
+			   LDB_CONTROL_VLV_REQ_OID) != 0 &&
+		    strcmp(req->controls[i]->oid,
+			   LDB_CONTROL_SERVER_SORT_OID) != 0) {
+			req->controls[i]->critical = 0;
+		}
+	}
+
+	return LDB_SUCCESS;
+}
+
+/* Ensure that anonymous users are not allowed to make anything other than rootDSE search operations */
+
+static int rootdse_filter_operations(struct ldb_module *module, struct ldb_request *req)
+{
+	struct auth_session_info *session_info;
+	struct rootdse_private_data *priv = talloc_get_type(ldb_module_get_private(module), struct rootdse_private_data);
+	bool is_untrusted = ldb_req_is_untrusted(req);
+	bool is_anonymous = true;
+	if (is_untrusted == false) {
+		return LDB_SUCCESS;
+	}
+
+	session_info = (struct auth_session_info *)ldb_get_opaque(
+		ldb_module_get_ctx(module),
+		DSDB_SESSION_INFO);
+	if (session_info) {
+		is_anonymous = security_token_is_anonymous(session_info->security_token);
+	}
+
+	if (is_anonymous == false || (priv && priv->block_anonymous == false)) {
+		return LDB_SUCCESS;
+	}
+
+	if (req->operation == LDB_SEARCH) {
+		if (req->op.search.scope == LDB_SCOPE_BASE && ldb_dn_is_null(req->op.search.base)) {
+			return LDB_SUCCESS;
+		}
+	}
+	ldb_set_errstring(ldb_module_get_ctx(module), "Operation unavailable without authentication");
+	return LDB_ERR_OPERATIONS_ERROR;
+}
+
+static int rootdse_handle_netlogon(struct rootdse_context *ac)
+{
+	struct ldb_context *ldb;
+	struct ldb_parse_tree *tree;
+	struct loadparm_context *lp_ctx;
+	struct tsocket_address *src_addr;
+	TALLOC_CTX *tmp_ctx = talloc_new(ac->req);
+	const char *domain, *host, *user, *domain_guid;
+	char *src_addr_s = NULL;
+	struct dom_sid *domain_sid;
+	int acct_control = -1;
+	int version = -1;
+	NTSTATUS status;
+	struct netlogon_samlogon_response netlogon;
+	int ret = LDB_ERR_OPERATIONS_ERROR;
+
+	ldb = ldb_module_get_ctx(ac->module);
+	tree = ac->req->op.search.tree;
+	lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"),
+				 struct loadparm_context);
+	src_addr = talloc_get_type(ldb_get_opaque(ldb, "remoteAddress"),
+				   struct tsocket_address);
+	if (src_addr) {
+		src_addr_s = tsocket_address_inet_addr_string(src_addr,
+							      tmp_ctx);
+	}
+
+	status = parse_netlogon_request(tree, lp_ctx, tmp_ctx,
+					&domain, &host, &user, &domain_guid,
+					&domain_sid, &acct_control, &version);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto failed;
+	}
+
+	status = fill_netlogon_samlogon_response(ldb, tmp_ctx,
+						 domain, NULL, domain_sid,
+						 domain_guid,
+						 user, acct_control,
+						 src_addr_s,
+						 version, lp_ctx,
+						 &netlogon, false);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto failed;
+	}
+
+	status = push_netlogon_samlogon_response(&ac->netlogon, ac, &netlogon);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto failed;
+	}
+
+	ret = LDB_SUCCESS;
+failed:
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+static int rootdse_search(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct rootdse_context *ac;
+	struct ldb_request *down_req;
+	int ret;
+
+	ret = rootdse_filter_operations(module, req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = rootdse_filter_controls(module, req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ldb = ldb_module_get_ctx(module);
+
+	/* see if its for the rootDSE - only a base search on the "" DN qualifies */
+	if (!(req->op.search.scope == LDB_SCOPE_BASE && ldb_dn_is_null(req->op.search.base))) {
+		/* Otherwise, pass down to the rest of the stack */
+		return ldb_next_request(module, req);
+	}
+
+	ac = rootdse_init_context(module, req);
+	if (ac == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	if (do_attribute_explicit(req->op.search.attrs, "netlogon")) {
+		ret = rootdse_handle_netlogon(ac);
+		/* We have to return an empty result, so don't forward `ret' */
+		if (ret != LDB_SUCCESS) {
+			return ldb_module_done(ac->req, NULL, NULL, LDB_SUCCESS);
+		}
+	}
+
+	/* in our db we store the rootDSE with a DN of @ROOTDSE */
+	ret = ldb_build_search_req(&down_req, ldb, ac,
+					ldb_dn_new(ac, ldb, "@ROOTDSE"),
+					LDB_SCOPE_BASE,
+					NULL,
+					req->op.search.attrs,
+					NULL,/* for now skip the controls from the client */
+					ac, rootdse_callback,
+					req);
+	LDB_REQ_SET_LOCATION(down_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return ldb_next_request(module, down_req);
+}
+
+static struct rootdse_private_data *rootdse_get_private_data(struct ldb_module *module)
+{
+	void *priv = ldb_module_get_private(module);
+	struct rootdse_private_data *data = NULL;
+	struct ldb_context *ldb
+		= ldb_module_get_ctx(module);
+
+	if (priv != NULL) {
+		data = talloc_get_type_abort(priv,
+					     struct rootdse_private_data);
+	}
+
+	if (data != NULL) {
+		return data;
+	}
+
+	data = talloc_zero(module, struct rootdse_private_data);
+	if (data == NULL) {
+		return NULL;
+	}
+
+	data->num_controls = 0;
+	data->controls = NULL;
+	data->num_partitions = 0;
+	data->partitions = NULL;
+	data->block_anonymous = true;
+
+	ldb_module_set_private(module, data);
+
+	ldb_set_default_dns(ldb);
+
+	return data;
+}
+
+
+static int rootdse_register_control(struct ldb_module *module, struct ldb_request *req)
+{
+	struct rootdse_private_data *priv =
+		rootdse_get_private_data(module);
+	char **list;
+
+	if (priv == NULL) {
+		return ldb_module_oom(module);
+	}
+
+	list = talloc_realloc(priv, priv->controls, char *, priv->num_controls + 1);
+	if (!list) {
+		return ldb_oom(ldb_module_get_ctx(module));
+	}
+
+	list[priv->num_controls] = talloc_strdup(list, req->op.reg_control.oid);
+	if (!list[priv->num_controls]) {
+		return ldb_oom(ldb_module_get_ctx(module));
+	}
+
+	priv->num_controls += 1;
+	priv->controls = list;
+
+	return ldb_module_done(req, NULL, NULL, LDB_SUCCESS);
+}
+
+static int rootdse_register_partition(struct ldb_module *module, struct ldb_request *req)
+{
+	struct rootdse_private_data *priv =
+		rootdse_get_private_data(module);
+	struct ldb_dn **list;
+
+	if (priv == NULL) {
+		return ldb_module_oom(module);
+	}
+
+	list = talloc_realloc(priv, priv->partitions, struct ldb_dn *, priv->num_partitions + 1);
+	if (!list) {
+		return ldb_oom(ldb_module_get_ctx(module));
+	}
+
+	list[priv->num_partitions] = ldb_dn_copy(list, req->op.reg_partition.dn);
+	if (!list[priv->num_partitions]) {
+		return ldb_operr(ldb_module_get_ctx(module));
+	}
+
+	priv->num_partitions += 1;
+	priv->partitions = list;
+
+	return ldb_module_done(req, NULL, NULL, LDB_SUCCESS);
+}
+
+
+static int rootdse_request(struct ldb_module *module, struct ldb_request *req)
+{
+	switch (req->operation) {
+
+	case LDB_REQ_REGISTER_CONTROL:
+		return rootdse_register_control(module, req);
+	case LDB_REQ_REGISTER_PARTITION:
+		return rootdse_register_partition(module, req);
+
+	default:
+		break;
+	}
+	return ldb_next_request(module, req);
+}
+
+static int rootdse_init(struct ldb_module *module)
+{
+	int ret;
+	struct ldb_result *res;
+	const char *attrs[] = { "msDS-Behavior-Version", NULL };
+	const char *ds_attrs[] = { "dsServiceName", NULL };
+	TALLOC_CTX *mem_ctx;
+
+	struct ldb_context *ldb
+		= ldb_module_get_ctx(module);
+
+	struct rootdse_private_data *data
+		= rootdse_get_private_data(module);
+
+	if (data == NULL) {
+		return ldb_module_oom(module);
+	}
+
+	ret = ldb_next_init(module);
+
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	mem_ctx = talloc_new(data);
+	if (!mem_ctx) {
+		return ldb_oom(ldb);
+	}
+
+	/* Now that the partitions are set up, do a search for:
+	   - domainControllerFunctionality
+	   - domainFunctionality
+	   - forestFunctionality
+
+	   Then stuff these values into an opaque
+	*/
+	ret = dsdb_module_search(module, mem_ctx, &res,
+				 ldb_get_default_basedn(ldb),
+				 LDB_SCOPE_BASE, attrs,
+				 DSDB_FLAG_NEXT_MODULE |
+				 DSDB_FLAG_AS_SYSTEM,
+				 NULL, NULL);
+	if (ret == LDB_SUCCESS && res->count == 1) {
+		int domain_behaviour_version
+			= ldb_msg_find_attr_as_int(res->msgs[0],
+						   "msDS-Behavior-Version", -1);
+		if (domain_behaviour_version != -1) {
+			int *val = talloc(ldb, int);
+			if (!val) {
+				talloc_free(mem_ctx);
+				return ldb_oom(ldb);
+			}
+			*val = domain_behaviour_version;
+			ret = ldb_set_opaque(ldb, "domainFunctionality", val);
+			if (ret != LDB_SUCCESS) {
+				talloc_free(mem_ctx);
+				return ret;
+			}
+		}
+	}
+
+	ret = dsdb_module_search(module, mem_ctx, &res,
+				 samdb_partitions_dn(ldb, mem_ctx),
+				 LDB_SCOPE_BASE, attrs,
+				 DSDB_FLAG_NEXT_MODULE |
+				 DSDB_FLAG_AS_SYSTEM,
+				 NULL, NULL);
+	if (ret == LDB_SUCCESS && res->count == 1) {
+		int forest_behaviour_version
+			= ldb_msg_find_attr_as_int(res->msgs[0],
+						   "msDS-Behavior-Version", -1);
+		if (forest_behaviour_version != -1) {
+			int *val = talloc(ldb, int);
+			if (!val) {
+				talloc_free(mem_ctx);
+				return ldb_oom(ldb);
+			}
+			*val = forest_behaviour_version;
+			ret = ldb_set_opaque(ldb, "forestFunctionality", val);
+			if (ret != LDB_SUCCESS) {
+				talloc_free(mem_ctx);
+				return ret;
+			}
+		}
+	}
+
+
+	/*
+	 * For now, our own server's location in the DB is recorded in
+	 * the @ROOTDSE record
+	 *
+	 * We can't call samdb_ntds_settings_dn() in the rootdse, as
+	 * that routine used the rootdse result!
+	 */
+	ret = dsdb_module_search(module, mem_ctx, &res,
+				 ldb_dn_new(mem_ctx, ldb, "@ROOTDSE"),
+				 LDB_SCOPE_BASE, ds_attrs,
+				 DSDB_FLAG_NEXT_MODULE |
+				 DSDB_FLAG_AS_SYSTEM,
+				 NULL, NULL);
+	if (ret == LDB_SUCCESS && res->count == 1) {
+		struct ldb_dn *ds_dn
+			= ldb_msg_find_attr_as_dn(ldb, mem_ctx, res->msgs[0],
+						  "dsServiceName");
+		if (ds_dn) {
+			ret = dsdb_module_search(module, mem_ctx, &res, ds_dn,
+						 LDB_SCOPE_BASE, attrs,
+						 DSDB_FLAG_NEXT_MODULE |
+						 DSDB_FLAG_AS_SYSTEM,
+						 NULL, NULL);
+			if (ret == LDB_SUCCESS && res->count == 1) {
+				int domain_controller_behaviour_version
+					= ldb_msg_find_attr_as_int(res->msgs[0],
+								   "msDS-Behavior-Version", -1);
+				if (domain_controller_behaviour_version != -1) {
+					int *val = talloc(ldb, int);
+					if (!val) {
+						talloc_free(mem_ctx);
+						return ldb_oom(ldb);
+					}
+					*val = domain_controller_behaviour_version;
+					ret = ldb_set_opaque(ldb,
+							     "domainControllerFunctionality", val);
+					if (ret != LDB_SUCCESS) {
+						talloc_free(mem_ctx);
+						return ret;
+					}
+				}
+			}
+		}
+	}
+
+	data->block_anonymous = dsdb_block_anonymous_ops(module, NULL);
+
+	talloc_free(mem_ctx);
+
+	return LDB_SUCCESS;
+}
+
+/*
+ * This function gets the string SCOPE_DN:OPTIONAL_FEATURE_GUID and parse it
+ * to a DN and a GUID object
+ */
+static int get_optional_feature_dn_guid(struct ldb_request *req, struct ldb_context *ldb,
+						TALLOC_CTX *mem_ctx,
+						struct ldb_dn **op_feature_scope_dn,
+						struct GUID *op_feature_guid)
+{
+	const struct ldb_message *msg = req->op.mod.message;
+	const char *ldb_val_str;
+	char *dn, *guid;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	NTSTATUS status;
+
+	ldb_val_str = ldb_msg_find_attr_as_string(msg, "enableOptionalFeature", NULL);
+	if (!ldb_val_str) {
+		ldb_set_errstring(ldb,
+				  "rootdse: unable to find 'enableOptionalFeature'!");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	guid = strchr(ldb_val_str, ':');
+	if (!guid) {
+		ldb_set_errstring(ldb,
+				  "rootdse: unable to find GUID in 'enableOptionalFeature'!");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+	status = GUID_from_string(guid+1, op_feature_guid);
+	if (!NT_STATUS_IS_OK(status)) {
+		ldb_set_errstring(ldb,
+				  "rootdse: bad GUID in 'enableOptionalFeature'!");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	dn = talloc_strndup(tmp_ctx, ldb_val_str, guid-ldb_val_str);
+	if (!dn) {
+		ldb_set_errstring(ldb,
+				  "rootdse: bad DN in 'enableOptionalFeature'!");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	*op_feature_scope_dn = ldb_dn_new(mem_ctx, ldb, dn);
+
+	talloc_free(tmp_ctx);
+	return LDB_SUCCESS;
+}
+
+/*
+ * This function gets the OPTIONAL_FEATURE_GUID and looks for the optional feature
+ * ldb_message object.
+ */
+static int dsdb_find_optional_feature(struct ldb_module *module, struct ldb_context *ldb,
+				      TALLOC_CTX *mem_ctx, struct GUID op_feature_guid, struct ldb_message **msg,
+				      struct ldb_request *parent)
+{
+	struct ldb_result *res;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	int ret;
+
+	ret = dsdb_module_search(module, tmp_ctx, &res, NULL, LDB_SCOPE_SUBTREE,
+				 NULL,
+				 DSDB_FLAG_NEXT_MODULE |
+				 DSDB_FLAG_AS_SYSTEM |
+				 DSDB_SEARCH_SEARCH_ALL_PARTITIONS,
+				 parent,
+				 "(&(objectClass=msDS-OptionalFeature)"
+				 "(msDS-OptionalFeatureGUID=%s))",GUID_string(tmp_ctx, &op_feature_guid));
+
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+	if (res->count == 0) {
+		talloc_free(tmp_ctx);
+		return LDB_ERR_NO_SUCH_OBJECT;
+	}
+	if (res->count != 1) {
+		ldb_asprintf_errstring(ldb,
+				       "More than one object found matching optional feature GUID %s\n",
+				       GUID_string(tmp_ctx, &op_feature_guid));
+		talloc_free(tmp_ctx);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	*msg = talloc_steal(mem_ctx, res->msgs[0]);
+
+	talloc_free(tmp_ctx);
+	return LDB_SUCCESS;
+}
+
+static int rootdse_enable_recycle_bin(struct ldb_module *module,struct ldb_context *ldb,
+				      TALLOC_CTX *mem_ctx, struct ldb_dn *op_feature_scope_dn,
+				      struct ldb_message *op_feature_msg, struct ldb_request *parent)
+{
+	int ret;
+	const int domain_func_level = dsdb_functional_level(ldb);
+	struct ldb_dn *ntds_settings_dn;
+	TALLOC_CTX *tmp_ctx;
+	unsigned int el_count = 0;
+	struct ldb_message *msg;
+
+	ret = ldb_msg_find_attr_as_int(op_feature_msg, "msDS-RequiredForestBehaviorVersion", 0);
+	if (domain_func_level < ret){
+		ldb_asprintf_errstring(ldb,
+				       "rootdse_enable_recycle_bin: Domain functional level must be at least %d\n",
+				       ret);
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	tmp_ctx = talloc_new(mem_ctx);
+	ntds_settings_dn = samdb_ntds_settings_dn(ldb, tmp_ctx);
+	if (!ntds_settings_dn) {
+		talloc_free(tmp_ctx);
+		return ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR, "Failed to find NTDS settings DN");
+	}
+
+	ntds_settings_dn = ldb_dn_copy(tmp_ctx, ntds_settings_dn);
+	if (!ntds_settings_dn) {
+		talloc_free(tmp_ctx);
+		return ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR, "Failed to copy NTDS settings DN");
+	}
+
+	msg = ldb_msg_new(tmp_ctx);
+	if (msg == NULL) {
+		talloc_free(tmp_ctx);
+		return ldb_module_oom(module);
+	}
+	msg->dn = ntds_settings_dn;
+
+	ldb_msg_add_linearized_dn(msg, "msDS-EnabledFeature", op_feature_msg->dn);
+	msg->elements[el_count++].flags = LDB_FLAG_MOD_ADD;
+
+	ret = dsdb_module_modify(module, msg, DSDB_FLAG_NEXT_MODULE, parent);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb,
+				       "rootdse_enable_recycle_bin: Failed to modify object %s - %s",
+				       ldb_dn_get_linearized(ntds_settings_dn),
+				       ldb_errstring(ldb));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	msg->dn = op_feature_scope_dn;
+	ret = dsdb_module_modify(module, msg, DSDB_FLAG_NEXT_MODULE, parent);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb,
+				       "rootdse_enable_recycle_bin: Failed to modify object %s - %s",
+				       ldb_dn_get_linearized(op_feature_scope_dn),
+				       ldb_errstring(ldb));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int rootdse_enableoptionalfeature(struct ldb_module *module, struct ldb_request *req)
+{
+	/*
+	  steps:
+	       - check for system (only system can enable features)
+	       - extract GUID from the request
+	       - find the feature object
+	       - check functional level, must be at least msDS-RequiredForestBehaviorVersion
+	       - check if it is already enabled (if enabled return LDAP_ATTRIBUTE_OR_VALUE_EXISTS) - probably not needed, just return error from the add/modify
+	       - add/modify objects (see ntdsconnection code for an example)
+	 */
+
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct GUID op_feature_guid;
+	struct ldb_dn *op_feature_scope_dn;
+	struct ldb_message *op_feature_msg;
+	struct auth_session_info *session_info =
+		(struct auth_session_info *)ldb_get_opaque(
+			ldb,
+			DSDB_SESSION_INFO);
+	TALLOC_CTX *tmp_ctx = talloc_new(ldb);
+	int ret;
+	const char *guid_string;
+
+	if (security_session_user_level(session_info, NULL) != SECURITY_SYSTEM) {
+		ldb_set_errstring(ldb, "rootdse: Insufficient rights for enableoptionalfeature");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	ret = get_optional_feature_dn_guid(req, ldb, tmp_ctx, &op_feature_scope_dn, &op_feature_guid);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	guid_string = GUID_string(tmp_ctx, &op_feature_guid);
+	if (!guid_string) {
+		ldb_set_errstring(ldb, "rootdse: bad optional feature GUID");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	ret = dsdb_find_optional_feature(module, ldb, tmp_ctx, op_feature_guid, &op_feature_msg, req);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb,
+				       "rootdse: unable to find optional feature for %s - %s",
+				       guid_string, ldb_errstring(ldb));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	if (strcasecmp(DS_GUID_FEATURE_RECYCLE_BIN, guid_string) == 0) {
+			ret = rootdse_enable_recycle_bin(module, ldb,
+							 tmp_ctx, op_feature_scope_dn,
+							 op_feature_msg, req);
+	} else {
+		ldb_asprintf_errstring(ldb,
+				       "rootdse: unknown optional feature %s",
+				       guid_string);
+		talloc_free(tmp_ctx);
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb,
+				       "rootdse: failed to set optional feature for %s - %s",
+				       guid_string, ldb_errstring(ldb));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	talloc_free(tmp_ctx);
+	return ldb_module_done(req, NULL, NULL, LDB_SUCCESS);;
+}
+
+static int rootdse_schemaupdatenow(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct ldb_result *ext_res;
+	int ret;
+	struct ldb_dn *schema_dn;
+
+	schema_dn = ldb_get_schema_basedn(ldb);
+	if (!schema_dn) {
+		ldb_reset_err_string(ldb);
+		ldb_debug(ldb, LDB_DEBUG_WARNING,
+			  "rootdse_modify: no schema dn present: (skip ldb_extended call)\n");
+		return ldb_next_request(module, req);
+	}
+
+	/*
+	 * schemaUpdateNow has been requested. Allow this to refresh the schema
+	 * even if we're currently in the middle of a transaction
+	 */
+	ret = ldb_set_opaque(ldb, "dsdb_schema_refresh_expected", (void *)1);
+	if (ret != LDB_SUCCESS) {
+		return ldb_operr(ldb);
+	}
+
+	ret = ldb_extended(ldb, DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID, schema_dn, &ext_res);
+	if (ret != LDB_SUCCESS) {
+		ldb_set_opaque(ldb, "dsdb_schema_refresh_expected", (void *)0);
+		return ldb_operr(ldb);
+	}
+
+	talloc_free(ext_res);
+
+	ret = ldb_set_opaque(ldb, "dsdb_schema_refresh_expected", (void *)0);
+	if (ret != LDB_SUCCESS) {
+		return ldb_operr(ldb);
+	}
+
+	return ldb_module_done(req, NULL, NULL, ret);
+}
+
+static int rootdse_schemaupgradeinprogress(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	int ret = LDB_SUCCESS;
+	struct ldb_dn *schema_dn;
+
+	schema_dn = ldb_get_schema_basedn(ldb);
+	if (!schema_dn) {
+		ldb_reset_err_string(ldb);
+		ldb_debug(ldb, LDB_DEBUG_WARNING,
+			  "rootdse_modify: no schema dn present: (skip ldb_extended call)\n");
+		return ldb_next_request(module, req);
+	}
+
+	/* FIXME we have to do something in order to relax constraints for DRS
+	 * setting schemaUpgradeInProgress cause the fschemaUpgradeInProgress
+	 * in all LDAP connection (2K3/2K3R2) or in the current connection (2K8 and +)
+	 * to be set to true.
+	 */
+
+	/* from 5.113 LDAPConnections in DRSR.pdf
+	 * fschemaUpgradeInProgress: A Boolean that specifies certain constraint
+	 * validations are skipped when adding, updating, or removing directory
+	 * objects on the opened connection. The skipped constraint validations
+	 * are documented in the applicable constraint sections in [MS-ADTS].
+	 */
+	return ldb_module_done(req, NULL, NULL, ret);
+}
+
+static int rootdse_add(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	int ret;
+
+	ret = rootdse_filter_operations(module, req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = rootdse_filter_controls(module, req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/*
+		If dn is not "" we should let it pass through
+	*/
+	if (!ldb_dn_is_null(req->op.add.message->dn)) {
+		return ldb_next_request(module, req);
+	}
+
+	ldb_set_errstring(ldb, "rootdse_add: you cannot add a new rootdse entry!");
+	return LDB_ERR_NAMING_VIOLATION;
+}
+
+static int rootdse_start_trans(struct ldb_module *module)
+{
+	int ret;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct rootdse_private_data *data = talloc_get_type_abort(ldb_module_get_private(module),
+								  struct rootdse_private_data);
+	ret = ldb_next_start_trans(module);
+	if (ret == LDB_SUCCESS) {
+		if (data->private_ev != NULL) {
+			return ldb_operr(ldb);
+		}
+		data->private_ev = s4_event_context_init(data);
+		if (data->private_ev == NULL) {
+			return ldb_operr(ldb);
+		}
+		data->saved_ev = ldb_get_event_context(ldb);
+		ldb_set_event_context(ldb, data->private_ev);
+	}
+	return ret;
+}
+
+static int rootdse_end_trans(struct ldb_module *module)
+{
+	int ret;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct rootdse_private_data *data = talloc_get_type_abort(ldb_module_get_private(module),
+								  struct rootdse_private_data);
+	ret = ldb_next_end_trans(module);
+	if (data->saved_ev == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	if (data->private_ev != ldb_get_event_context(ldb)) {
+		return ldb_operr(ldb);
+	}
+	ldb_set_event_context(ldb, data->saved_ev);
+	data->saved_ev = NULL;
+	TALLOC_FREE(data->private_ev);
+	return ret;
+}
+
+static int rootdse_del_trans(struct ldb_module *module)
+{
+	int ret;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct rootdse_private_data *data = talloc_get_type_abort(ldb_module_get_private(module),
+								  struct rootdse_private_data);
+	ret = ldb_next_del_trans(module);
+	if (data->saved_ev == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	if (data->private_ev != ldb_get_event_context(ldb)) {
+		return ldb_operr(ldb);
+	}
+	ldb_set_event_context(ldb, data->saved_ev);
+	data->saved_ev = NULL;
+	TALLOC_FREE(data->private_ev);
+	return ret;
+}
+
+struct fsmo_transfer_state {
+	struct ldb_context *ldb;
+	struct ldb_request *req;
+	struct ldb_module *module;
+};
+
+/*
+  called when a FSMO transfer operation has completed
+ */
+static void rootdse_fsmo_transfer_callback(struct tevent_req *treq)
+{
+	struct fsmo_transfer_state *fsmo = tevent_req_callback_data(treq, struct fsmo_transfer_state);
+	NTSTATUS status;
+	WERROR werr;
+	int ret;
+	struct ldb_request *req = fsmo->req;
+	struct ldb_context *ldb = fsmo->ldb;
+	struct ldb_module *module = fsmo->module;
+
+	status = dcerpc_drepl_takeFSMORole_recv(treq, fsmo, &werr);
+	talloc_free(fsmo);
+	if (!NT_STATUS_IS_OK(status)) {
+		ldb_asprintf_errstring(ldb, "Failed FSMO transfer: %s", nt_errstr(status));
+		/*
+		 * Now that it is failed, start the transaction up
+		 * again so the wrappers can close it without additional error
+		 */
+		rootdse_start_trans(module);
+		ldb_module_done(req, NULL, NULL, LDB_ERR_UNAVAILABLE);
+		return;
+	}
+	if (!W_ERROR_IS_OK(werr)) {
+		ldb_asprintf_errstring(ldb, "Failed FSMO transfer: %s", win_errstr(werr));
+		/*
+		 * Now that it is failed, start the transaction up
+		 * again so the wrappers can close it without additional error
+		 */
+		rootdse_start_trans(module);
+		ldb_module_done(req, NULL, NULL, LDB_ERR_UNAVAILABLE);
+		return;
+	}
+
+	/*
+	 * Now that it is done, start the transaction up again so the
+	 * wrappers can close it without error
+	 */
+	ret = rootdse_start_trans(module);
+	ldb_module_done(req, NULL, NULL, ret);
+}
+
+static int rootdse_become_master(struct ldb_module *module,
+				 struct ldb_request *req,
+				 enum drepl_role_master role)
+{
+	struct imessaging_context *msg;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	TALLOC_CTX *tmp_ctx = talloc_new(req);
+	struct loadparm_context *lp_ctx = ldb_get_opaque(ldb, "loadparm");
+	bool am_rodc;
+	struct dcerpc_binding_handle *irpc_handle;
+	int ret;
+	struct auth_session_info *session_info;
+	enum security_user_level level;
+	struct fsmo_transfer_state *fsmo;
+	struct tevent_req *treq;
+
+	session_info = (struct auth_session_info *)ldb_get_opaque(
+		ldb_module_get_ctx(module),
+		DSDB_SESSION_INFO);
+	level = security_session_user_level(session_info, NULL);
+	if (level < SECURITY_ADMINISTRATOR) {
+		return ldb_error(ldb, LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS, "Denied rootDSE modify for non-administrator");
+	}
+
+	ret = samdb_rodc(ldb, &am_rodc);
+	if (ret != LDB_SUCCESS) {
+		return ldb_error(ldb, ret, "Could not determine if server is RODC.");
+	}
+
+	if (am_rodc) {
+		return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM,
+				 "RODC cannot become a role master.");
+	}
+
+	/*
+	 * We always delete the transaction, not commit it, because
+	 * this gives the least surprise to this surprising action (as
+	 * we will never record anything done to this point
+	 */
+	rootdse_del_trans(module);
+
+	/*
+	 * We must use the global event loop to run this IRPC in
+	 * single process mode
+	 */
+	ldb_handle_use_global_event_context(req->handle);
+
+	msg = imessaging_client_init(tmp_ctx, lp_ctx,
+				    ldb_get_event_context(ldb));
+	if (!msg) {
+		ldb_asprintf_errstring(ldb, "Failed to generate client messaging context in %s", lpcfg_imessaging_path(tmp_ctx, lp_ctx));
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	irpc_handle = irpc_binding_handle_by_name(tmp_ctx, msg,
+						  "dreplsrv",
+						  &ndr_table_irpc);
+	if (irpc_handle == NULL) {
+		return ldb_oom(ldb);
+	}
+	fsmo = talloc_zero(req, struct fsmo_transfer_state);
+	if (fsmo == NULL) {
+		return ldb_oom(ldb);
+	}
+	fsmo->ldb = ldb;
+	fsmo->req = req;
+	fsmo->module = module;
+
+	/*
+	 * we send the call asynchronously, as the ldap client is
+	 * expecting to get an error back if the role transfer fails
+	 *
+	 * We need more than the default 10 seconds IRPC allows, so
+	 * set a longer timeout (default ldb timeout is 300 seconds).
+	 * We send an async reply when we are done.
+	 *
+	 * We are the first module, so don't bother working out how
+	 * long we have spent so far.
+	 */
+	dcerpc_binding_handle_set_timeout(irpc_handle, req->timeout);
+
+	treq = dcerpc_drepl_takeFSMORole_send(req, ldb_get_event_context(ldb), irpc_handle, role);
+	if (treq == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	tevent_req_set_callback(treq, rootdse_fsmo_transfer_callback, fsmo);
+	return LDB_SUCCESS;
+}
+
+static int rootdse_modify(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	int ret;
+
+	ret = rootdse_filter_operations(module, req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = rootdse_filter_controls(module, req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/*
+		If dn is not "" we should let it pass through
+	*/
+	if (!ldb_dn_is_null(req->op.mod.message->dn)) {
+		return ldb_next_request(module, req);
+	}
+
+	/*
+		dn is empty so check for schemaUpdateNow attribute
+		"The type of modification and values specified in the LDAP modify operation do not matter." MSDN
+	*/
+	if (ldb_msg_find_element(req->op.mod.message, "schemaUpdateNow")) {
+		return rootdse_schemaupdatenow(module, req);
+	}
+	if (ldb_msg_find_element(req->op.mod.message, "becomeDomainMaster")) {
+		return rootdse_become_master(module, req, DREPL_NAMING_MASTER);
+	}
+	if (ldb_msg_find_element(req->op.mod.message, "becomeInfrastructureMaster")) {
+		return rootdse_become_master(module, req, DREPL_INFRASTRUCTURE_MASTER);
+	}
+	if (ldb_msg_find_element(req->op.mod.message, "becomeRidMaster")) {
+		return rootdse_become_master(module, req, DREPL_RID_MASTER);
+	}
+	if (ldb_msg_find_element(req->op.mod.message, "becomeSchemaMaster")) {
+		return rootdse_become_master(module, req, DREPL_SCHEMA_MASTER);
+	}
+	if (ldb_msg_find_element(req->op.mod.message, "becomePdc")) {
+		return rootdse_become_master(module, req, DREPL_PDC_MASTER);
+	}
+	if (ldb_msg_find_element(req->op.mod.message, "enableOptionalFeature")) {
+		return rootdse_enableoptionalfeature(module, req);
+	}
+	if (ldb_msg_find_element(req->op.mod.message, "schemaUpgradeInProgress")) {
+		return rootdse_schemaupgradeinprogress(module, req);
+	}
+
+	ldb_set_errstring(ldb, "rootdse_modify: unknown attribute to change!");
+	return LDB_ERR_UNWILLING_TO_PERFORM;
+}
+
+static int rootdse_rename(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	int ret;
+
+	ret = rootdse_filter_operations(module, req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = rootdse_filter_controls(module, req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/*
+		If dn is not "" we should let it pass through
+	*/
+	if (!ldb_dn_is_null(req->op.rename.olddn)) {
+		return ldb_next_request(module, req);
+	}
+
+	ldb_set_errstring(ldb, "rootdse_remove: you cannot rename the rootdse entry!");
+	return LDB_ERR_NO_SUCH_OBJECT;
+}
+
+static int rootdse_delete(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	int ret;
+
+	ret = rootdse_filter_operations(module, req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = rootdse_filter_controls(module, req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/*
+		If dn is not "" we should let it pass through
+	*/
+	if (!ldb_dn_is_null(req->op.del.dn)) {
+		return ldb_next_request(module, req);
+	}
+
+	ldb_set_errstring(ldb, "rootdse_remove: you cannot delete the rootdse entry!");
+	return LDB_ERR_NO_SUCH_OBJECT;
+}
+
+static int rootdse_extended(struct ldb_module *module, struct ldb_request *req)
+{
+	int ret;
+
+	ret = rootdse_filter_operations(module, req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = rootdse_filter_controls(module, req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return ldb_next_request(module, req);
+}
+
+static const struct ldb_module_ops ldb_rootdse_module_ops = {
+	.name		   = "rootdse",
+	.init_context      = rootdse_init,
+	.search            = rootdse_search,
+	.request	   = rootdse_request,
+	.add		   = rootdse_add,
+	.modify            = rootdse_modify,
+	.rename            = rootdse_rename,
+	.extended          = rootdse_extended,
+	.del		   = rootdse_delete,
+	.start_transaction = rootdse_start_trans,
+	.end_transaction   = rootdse_end_trans,
+	.del_transaction   = rootdse_del_trans
+};
+
+int ldb_rootdse_module_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_rootdse_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c
new file mode 100644
index 0000000..ebf25ac
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c
@@ -0,0 +1,977 @@
+/*
+   ldb database library - Samba3 SAM compatibility backend
+
+   Copyright (C) Jelmer Vernooij 2005
+   Copyright (C) Martin Kuehl <mkhl@samba.org> 2006
+*/
+
+#include "includes.h"
+#include "ldb_module.h"
+#include "ldb/ldb_map/ldb_map.h"
+#include "system/passwd.h"
+
+#include "librpc/gen_ndr/ndr_security.h"
+#include "librpc/gen_ndr/ndr_samr.h"
+#include "librpc/ndr/libndr.h"
+#include "libcli/security/security.h"
+#include "lib/samba3/samba3.h"
+
+/*
+ * sambaSID -> member  (dn!)
+ * sambaSIDList -> member (dn!)
+ * sambaDomainName -> name
+ * sambaTrustPassword
+ * sambaUnixIdPool
+ * sambaIdmapEntry
+ * sambaSidEntry
+ * sambaAcctFlags -> systemFlags ?
+ * sambaPasswordHistory  -> ntPwdHistory*/
+
+/* Not necessary:
+ * sambaConfig
+ * sambaShare
+ * sambaConfigOption
+ * sambaNextGroupRid
+ * sambaNextUserRid
+ * sambaAlgorithmicRidBase
+ */
+
+/* Not in Samba4:
+ * sambaKickoffTime
+ * sambaPwdCanChange
+ * sambaPwdMustChange
+ * sambaHomePath
+ * sambaHomeDrive
+ * sambaLogonScript
+ * sambaProfilePath
+ * sambaUserWorkstations
+ * sambaMungedDial
+ * sambaLogonHours */
+
+/* In Samba4 but not in Samba3:
+*/
+
+/* From a sambaPrimaryGroupSID, generate a primaryGroupID (integer) attribute */
+static struct ldb_message_element *generate_primaryGroupID(struct ldb_module *module, TALLOC_CTX *ctx, const char *local_attr, const struct ldb_message *remote)
+{
+	struct ldb_message_element *el;
+	const char *sid = ldb_msg_find_attr_as_string(remote, "sambaPrimaryGroupSID", NULL);
+	const char *p;
+	
+	if (!sid)
+		return NULL;
+
+	p = strrchr(sid, '-');
+	if (!p)
+		return NULL;
+
+	el = talloc_zero(ctx, struct ldb_message_element);
+	el->name = talloc_strdup(ctx, "primaryGroupID");
+	el->num_values = 1;
+	el->values = talloc_array(ctx, struct ldb_val, 1);
+	el->values[0].data = (uint8_t *)talloc_strdup(el->values, p+1);
+	el->values[0].length = strlen((char *)el->values[0].data);
+
+	return el;
+}
+
+static void generate_sambaPrimaryGroupSID(struct ldb_module *module, const char *local_attr, const struct ldb_message *local, struct ldb_message *remote_mp, struct ldb_message *remote_fb)
+{
+	const struct ldb_val *sidval;
+	char *sidstring;
+	struct dom_sid *sid;
+	enum ndr_err_code ndr_err;
+
+	/* We need the domain, so we get it from the objectSid that we hope is here... */
+	sidval = ldb_msg_find_ldb_val(local, "objectSid");
+
+	if (!sidval)
+		return; /* Sorry, no SID today.. */
+
+	sid = talloc(remote_mp, struct dom_sid);
+	if (sid == NULL) {
+		return;
+	}
+
+	ndr_err = ndr_pull_struct_blob(sidval, sid, sid, (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(sid);
+		return;
+	}
+
+	if (!ldb_msg_find_ldb_val(local, "primaryGroupID"))
+		return; /* Sorry, no SID today.. */
+
+	sid->num_auths--;
+
+	sidstring = dom_sid_string(remote_mp, sid);
+	talloc_free(sid);
+	ldb_msg_add_fmt(remote_mp, "sambaPrimaryGroupSID", "%s-%u", sidstring,
+			ldb_msg_find_attr_as_uint(local, "primaryGroupID", 0));
+	talloc_free(sidstring);
+}
+
+/* Just copy the old value. */
+static struct ldb_val convert_uid_samaccount(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
+{
+	struct ldb_val out = data_blob(NULL, 0);
+	out = ldb_val_dup(ctx, val);
+
+	return out;
+}
+
+static struct ldb_val lookup_homedir(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
+{
+	struct ldb_context *ldb;
+	struct passwd *pwd; 
+	struct ldb_val retval;
+
+	ldb = ldb_module_get_ctx(module);
+
+	pwd = getpwnam((char *)val->data);
+
+	if (!pwd) {
+		ldb_debug(ldb, LDB_DEBUG_WARNING, "Unable to lookup '%s' in passwd", (char *)val->data);
+		return *talloc_zero(ctx, struct ldb_val);
+	}
+
+	retval.data = (uint8_t *)talloc_strdup(ctx, pwd->pw_dir);
+	retval.length = strlen((char *)retval.data);
+
+	return retval;
+}
+
+static struct ldb_val lookup_gid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
+{
+	struct passwd *pwd; 
+	struct ldb_val retval;
+
+	pwd = getpwnam((char *)val->data);
+
+	if (!pwd) {
+		return *talloc_zero(ctx, struct ldb_val);
+	}
+
+	/* "pw_gid" is per POSIX definition "unsigned".
+	 * But write it out as "signed" for LDAP compliance. */
+	retval.data = (uint8_t *)talloc_asprintf(ctx, "%d", (int) pwd->pw_gid);
+	retval.length = strlen((char *)retval.data);
+
+	return retval;
+}
+
+static struct ldb_val lookup_uid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
+{
+	struct passwd *pwd; 
+	struct ldb_val retval;
+	
+	pwd = getpwnam((char *)val->data);
+
+	if (!pwd) {
+		return *talloc_zero(ctx, struct ldb_val);
+	}
+
+	/* "pw_uid" is per POSIX definition "unsigned".
+	 * But write it out as "signed" for LDAP compliance. */
+	retval.data = (uint8_t *)talloc_asprintf(ctx, "%d", (int) pwd->pw_uid);
+	retval.length = strlen((char *)retval.data);
+
+	return retval;
+}
+
+/* Encode a sambaSID to an objectSid. */
+static struct ldb_val encode_sid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
+{
+	struct ldb_val out = data_blob(NULL, 0);
+	struct dom_sid *sid;
+	enum ndr_err_code ndr_err;
+
+	sid = dom_sid_parse_talloc(ctx, (char *)val->data);
+	if (sid == NULL) {
+		return out;
+	}
+
+	ndr_err = ndr_push_struct_blob(&out, ctx, 
+				       sid, (ndr_push_flags_fn_t)ndr_push_dom_sid);
+	talloc_free(sid);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return out;
+	}
+
+	return out;
+}
+
+/* Decode an objectSid to a sambaSID. */
+static struct ldb_val decode_sid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
+{
+	struct ldb_val out = data_blob(NULL, 0);
+	struct dom_sid *sid;
+	enum ndr_err_code ndr_err;
+
+	sid = talloc(ctx, struct dom_sid);
+	if (sid == NULL) {
+		return out;
+	}
+
+	ndr_err = ndr_pull_struct_blob(val, sid, sid,
+				       (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		goto done;
+	}
+
+	out.data = (uint8_t *)dom_sid_string(ctx, sid);
+	if (out.data == NULL) {
+		goto done;
+	}
+	out.length = strlen((const char *)out.data);
+
+done:
+	talloc_free(sid);
+	return out;
+}
+
+/* Convert 16 bytes to 32 hex digits. */
+static struct ldb_val bin2hex(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
+{
+	struct ldb_val out;
+	struct samr_Password pwd;
+	if (val->length != sizeof(pwd.hash)) {
+		return data_blob(NULL, 0);
+	}
+	memcpy(pwd.hash, val->data, sizeof(pwd.hash));
+	out = data_blob_string_const(smbpasswd_sethexpwd(ctx, &pwd, 0));
+	if (!out.data) {
+		return data_blob(NULL, 0);
+	}
+	return out;
+}
+
+/* Convert 32 hex digits to 16 bytes. */
+static struct ldb_val hex2bin(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
+{
+	struct ldb_val out;
+	struct samr_Password *pwd;
+	pwd = smbpasswd_gethexpwd(ctx, (const char *)val->data);
+	if (!pwd) {
+		return data_blob(NULL, 0);
+	}
+	out = data_blob_talloc(ctx, pwd->hash, sizeof(pwd->hash));
+	return out;
+}
+
+const struct ldb_map_objectclass samba3_objectclasses[] = {
+	{
+		.local_name = "user",
+		.remote_name = "posixAccount",
+		.base_classes = { "top", NULL },
+		.musts = { "cn", "uid", "uidNumber", "gidNumber", "homeDirectory", NULL },
+		.mays = { "userPassword", "loginShell", "gecos", "description", NULL },
+	},
+	{
+		.local_name = "group",
+		.remote_name = "posixGroup",
+		.base_classes = { "top", NULL },
+		.musts = { "cn", "gidNumber", NULL },
+		.mays = { "userPassword", "memberUid", "description", NULL },
+	},
+	{
+		.local_name = "group",
+		.remote_name = "sambaGroupMapping",
+		.base_classes = { "top", "posixGroup", NULL },
+		.musts = { "gidNumber", "sambaSID", "sambaGroupType", NULL },
+		.mays = { "displayName", "description", "sambaSIDList", NULL },
+	},
+	{
+		.local_name = "user",
+		.remote_name = "sambaSAMAccount",
+		.base_classes = { "top", "posixAccount", NULL },
+		.musts = { "uid", "sambaSID", NULL },
+		.mays = { "cn", "sambaLMPassword", "sambaNTPassword",
+			"sambaPwdLastSet", "sambaLogonTime", "sambaLogoffTime",
+			"sambaKickoffTime", "sambaPwdCanChange", "sambaPwdMustChange",
+			"sambaAcctFlags", "displayName", "sambaHomePath", "sambaHomeDrive",
+			"sambaLogonScript", "sambaProfilePath", "description", "sambaUserWorkstations",
+			"sambaPrimaryGroupSID", "sambaDomainName", "sambaMungedDial",
+			"sambaBadPasswordCount", "sambaBadPasswordTime",
+		"sambaPasswordHistory", "sambaLogonHours", NULL }
+
+	},
+	{
+		.local_name = "domain",
+		.remote_name = "sambaDomain",
+		.base_classes = { "top", NULL },
+		.musts = { "sambaDomainName", "sambaSID", NULL },
+		.mays = { "sambaNextRid", "sambaNextGroupRid", "sambaNextUserRid", "sambaAlgorithmicRidBase", NULL },
+	},
+	{ .local_name = NULL }
+};
+
+const struct ldb_map_attribute samba3_attributes[] =
+{
+	/* sambaNextRid -> nextRid */
+	{
+		.local_name = "nextRid",
+		.type = LDB_MAP_RENAME,
+		.u = {
+			.rename = {
+				.remote_name = "sambaNextRid",
+			},
+		},
+	},
+
+	/* sambaBadPasswordTime -> badPasswordtime*/
+	{
+		.local_name = "badPasswordTime",
+		.type = LDB_MAP_RENAME,
+		.u = {
+			.rename = {
+				.remote_name = "sambaBadPasswordTime",
+			},
+		},
+	},
+
+	/* sambaLMPassword -> lmPwdHash*/
+	{
+		.local_name = "dBCSPwd",
+		.type = LDB_MAP_CONVERT,
+		.u = {
+			.convert = {
+				.remote_name = "sambaLMPassword",
+				.convert_local = bin2hex,
+				.convert_remote = hex2bin,
+			},
+		},
+	},
+
+	/* sambaGroupType -> groupType */
+	{
+		.local_name = "groupType",
+		.type = LDB_MAP_RENAME,
+		.u = {
+			.rename = {
+				.remote_name = "sambaGroupType",
+			},
+		},
+	},
+
+	/* sambaNTPassword -> ntPwdHash*/
+	{
+		.local_name = "ntpwdhash",
+		.type = LDB_MAP_CONVERT,
+		.u = {
+			.convert = {
+				.remote_name = "sambaNTPassword",
+				.convert_local = bin2hex,
+				.convert_remote = hex2bin,
+			},
+		},
+	},
+
+	/* sambaPrimaryGroupSID -> primaryGroupID */
+	{
+		.local_name = "primaryGroupID",
+		.type = LDB_MAP_GENERATE,
+		.u = {
+			.generate = {
+				.remote_names = { "sambaPrimaryGroupSID", NULL },
+				.generate_local = generate_primaryGroupID,
+				.generate_remote = generate_sambaPrimaryGroupSID,
+			},
+		},
+	},
+
+	/* sambaBadPasswordCount -> badPwdCount */
+	{
+		.local_name = "badPwdCount",
+		.type = LDB_MAP_RENAME,
+		.u = {
+			.rename = {
+				.remote_name = "sambaBadPasswordCount",
+			},
+		},
+	},
+
+	/* sambaLogonTime -> lastLogon*/
+	{
+		.local_name = "lastLogon",
+		.type = LDB_MAP_RENAME,
+		.u = {
+			.rename = {
+				.remote_name = "sambaLogonTime",
+			},
+		},
+	},
+
+	/* sambaLogoffTime -> lastLogoff*/
+	{
+		.local_name = "lastLogoff",
+		.type = LDB_MAP_RENAME,
+		.u = {
+			.rename = {
+				.remote_name = "sambaLogoffTime",
+			},
+		},
+	},
+
+	/* uid -> unixName */
+	{
+		.local_name = "unixName",
+		.type = LDB_MAP_RENAME,
+		.u = {
+			.rename = {
+				.remote_name = "uid",
+			},
+		},
+	},
+
+	/* displayName -> name */
+	{
+		.local_name = "name",
+		.type = LDB_MAP_RENAME,
+		.u = {
+			.rename = {
+				.remote_name = "displayName",
+			},
+		},
+	},
+
+	/* cn */
+	{
+		.local_name = "cn",
+		.type = LDB_MAP_KEEP,
+	},
+
+	/* sAMAccountName -> cn */
+	{
+		.local_name = "sAMAccountName",
+		.type = LDB_MAP_CONVERT,
+		.u = {
+			.convert = {
+				.remote_name = "uid",
+				.convert_remote = convert_uid_samaccount,
+			},
+		},
+	},
+
+	/* objectCategory */
+	{
+		.local_name = "objectCategory",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* objectGUID */
+	{
+		.local_name = "objectGUID",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* objectVersion */
+	{
+		.local_name = "objectVersion",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* codePage */
+	{
+		.local_name = "codePage",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* dNSHostName */
+	{
+		.local_name = "dNSHostName",
+		.type = LDB_MAP_IGNORE,
+	},
+
+
+	/* dnsDomain */
+	{
+		.local_name = "dnsDomain",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* dnsRoot */
+	{
+		.local_name = "dnsRoot",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* countryCode */
+	{
+		.local_name = "countryCode",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* nTMixedDomain */
+	{
+		.local_name = "nTMixedDomain",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* operatingSystem */
+	{
+		.local_name = "operatingSystem",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* operatingSystemVersion */
+	{
+		.local_name = "operatingSystemVersion",
+		.type = LDB_MAP_IGNORE,
+	},
+
+
+	/* servicePrincipalName */
+	{
+		.local_name = "servicePrincipalName",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* msDS-Behavior-Version */
+	{
+		.local_name = "msDS-Behavior-Version",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* msDS-KeyVersionNumber */
+	{
+		.local_name = "msDS-KeyVersionNumber",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* msDs-masteredBy */
+	{
+		.local_name = "msDs-masteredBy",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* ou */
+	{
+		.local_name = "ou",
+		.type = LDB_MAP_KEEP,
+	},
+
+	/* dc */
+	{
+		.local_name = "dc",
+		.type = LDB_MAP_KEEP,
+	},
+
+	/* description */
+	{
+		.local_name = "description",
+		.type = LDB_MAP_KEEP,
+	},
+
+	/* sambaSID -> objectSid*/
+	{
+		.local_name = "objectSid",
+		.type = LDB_MAP_CONVERT,
+		.u = {
+			.convert = {
+				.remote_name = "sambaSID",
+				.convert_local = decode_sid,
+				.convert_remote = encode_sid,
+			},
+		},
+	},
+
+	/* sambaPwdLastSet -> pwdLastSet */
+	{
+		.local_name = "pwdLastSet",
+		.type = LDB_MAP_RENAME,
+		.u = {
+			.rename = {
+				.remote_name = "sambaPwdLastSet",
+			},
+		},
+	},
+
+	/* accountExpires */
+	{
+		.local_name = "accountExpires",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* adminCount */
+	{
+		.local_name = "adminCount",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* canonicalName */
+	{
+		.local_name = "canonicalName",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* createTimestamp */
+	{
+		.local_name = "createTimestamp",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* creationTime */
+	{
+		.local_name = "creationTime",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* dMDLocation */
+	{
+		.local_name = "dMDLocation",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* fSMORoleOwner */
+	{
+		.local_name = "fSMORoleOwner",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* forceLogoff */
+	{
+		.local_name = "forceLogoff",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* instanceType */
+	{
+		.local_name = "instanceType",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* invocationId */
+	{
+		.local_name = "invocationId",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* isCriticalSystemObject */
+	{
+		.local_name = "isCriticalSystemObject",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* localPolicyFlags */
+	{
+		.local_name = "localPolicyFlags",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* lockOutObservationWindow */
+	{
+		.local_name = "lockOutObservationWindow",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* lockoutDuration */
+	{
+		.local_name = "lockoutDuration",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* lockoutThreshold */
+	{
+		.local_name = "lockoutThreshold",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* logonCount */
+	{
+		.local_name = "logonCount",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* masteredBy */
+	{
+		.local_name = "masteredBy",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* maxPwdAge */
+	{
+		.local_name = "maxPwdAge",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* member */
+	{
+		.local_name = "member",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* memberOf */
+	{
+		.local_name = "memberOf",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* minPwdAge */
+	{
+		.local_name = "minPwdAge",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* minPwdLength */
+	{
+		.local_name = "minPwdLength",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* modifiedCount */
+	{
+		.local_name = "modifiedCount",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* modifiedCountAtLastProm */
+	{
+		.local_name = "modifiedCountAtLastProm",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* modifyTimestamp */
+	{
+		.local_name = "modifyTimestamp",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* nCName */
+	{
+		.local_name = "nCName",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* nETBIOSName */
+	{
+		.local_name = "nETBIOSName",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* oEMInformation */
+	{
+		.local_name = "oEMInformation",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* privilege */
+	{
+		.local_name = "privilege",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* pwdHistoryLength */
+	{
+		.local_name = "pwdHistoryLength",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* pwdProperties */
+	{
+		.local_name = "pwdProperties",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* rIDAvailablePool */
+	{
+		.local_name = "rIDAvailablePool",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* revision */
+	{
+		.local_name = "revision",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* ridManagerReference */
+	{
+		.local_name = "ridManagerReference",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* sAMAccountType */
+	{
+		.local_name = "sAMAccountType",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* sPNMappings */
+	{
+		.local_name = "sPNMappings",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* serverReference */
+	{
+		.local_name = "serverReference",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* serverState */
+	{
+		.local_name = "serverState",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* showInAdvancedViewOnly */
+	{
+		.local_name = "showInAdvancedViewOnly",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* subRefs */
+	{
+		.local_name = "subRefs",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* systemFlags */
+	{
+		.local_name = "systemFlags",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* uASCompat */
+	{
+		.local_name = "uASCompat",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* uSNChanged */
+	{
+		.local_name = "uSNChanged",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* uSNCreated */
+	{
+		.local_name = "uSNCreated",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* userPassword */
+	{
+		.local_name = "userPassword",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* userAccountControl */
+	{
+		.local_name = "userAccountControl",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* whenChanged */
+	{
+		.local_name = "whenChanged",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* whenCreated */
+	{
+		.local_name = "whenCreated",
+		.type = LDB_MAP_IGNORE,
+	},
+
+	/* uidNumber */
+	{
+		.local_name = "unixName",
+		.type = LDB_MAP_CONVERT,
+		.u = {
+			.convert = {
+				.remote_name = "uidNumber",
+				.convert_local = lookup_uid,
+			},
+		},
+	},
+
+	/* gidNumber. Perhaps make into generate so we can distinguish between 
+	 * groups and accounts? */
+	{
+		.local_name = "unixName",
+		.type = LDB_MAP_CONVERT,
+		.u = {
+			.convert = {
+				.remote_name = "gidNumber",
+				.convert_local = lookup_gid,
+			},
+		},
+	},
+
+	/* homeDirectory */
+	{
+		.local_name = "unixName",
+		.type = LDB_MAP_CONVERT,
+		.u = {
+			.convert = {
+				.remote_name = "homeDirectory",
+				.convert_local = lookup_homedir,
+			},
+		},
+	},
+	{
+		.local_name = NULL,
+	}
+};
+
+/* the context init function */
+static int samba3sam_init(struct ldb_module *module)
+{
+	int ret;
+
+	ret = ldb_map_init(module, samba3_attributes, samba3_objectclasses, NULL, NULL, "samba3sam");
+	if (ret != LDB_SUCCESS)
+		return ret;
+
+	return ldb_next_init(module);
+}
+
+static const struct ldb_module_ops ldb_samba3sam_module_ops = {
+	LDB_MAP_OPS
+	.name		   = "samba3sam",
+	.init_context	   = samba3sam_init,
+};
+
+
+/* A dummy module to help the samba3sam tests */
+static int show_deleted_ignore_search(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_control *show_del, *show_rec;
+
+	/* check if there's a show deleted control */
+	show_del = ldb_request_get_control(req, LDB_CONTROL_SHOW_DELETED_OID);
+	/* check if there's a show recycled control */
+	show_rec = ldb_request_get_control(req, LDB_CONTROL_SHOW_RECYCLED_OID);
+
+	/* mark the controls as done */
+	if (show_del != NULL) {
+		show_del->critical = 0;
+	}
+	if (show_rec != NULL) {
+		show_rec->critical = 0;
+	}
+
+	/* perform the search */
+	return ldb_next_request(module, req);
+}
+
+static const struct ldb_module_ops ldb_show_deleted_module_ops = {
+	.name		   = "show_deleted_ignore",
+	.search            = show_deleted_ignore_search
+};
+
+int ldb_samba3sam_module_init(const char *version)
+{
+	int ret;
+	
+	LDB_MODULE_CHECK_VERSION(version);
+	ret = ldb_register_module(&ldb_show_deleted_module_ops);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return ldb_register_module(&ldb_samba3sam_module_ops);
+}
+
diff --git a/source4/dsdb/samdb/ldb_modules/samba3sid.c b/source4/dsdb/samdb/ldb_modules/samba3sid.c
new file mode 100644
index 0000000..e5e5ce7
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/samba3sid.c
@@ -0,0 +1,207 @@
+/*
+   samba3sid module
+
+   Copyright (C) Andrew Bartlett 2010
+   Copyright (C) Andrew Tridgell 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+  add objectSid to users and groups using samba3 nextRid method
+ */
+
+#include "includes.h"
+#include "libcli/ldap/ldap_ndr.h"
+#include "ldb_module.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+#include "libcli/security/security.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "ldb_wrap.h"
+#include "param/param.h"
+
+/*
+  RID algorithm from pdb_ldap.c in source3/passdb/
+  (loosely based on Volkers code)
+ */
+static int samba3sid_next_sid(struct ldb_module *module,
+			      TALLOC_CTX *mem_ctx, char **sid,
+			      struct ldb_request *parent)
+{
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	struct ldb_result *res;
+	const char *attrs[] = { "sambaNextRid", "sambaNextUserRid",
+				"sambaNextGroupRid", "sambaSID", NULL };
+	int ret;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct ldb_message *msg;
+	uint32_t sambaNextRid, sambaNextGroupRid, sambaNextUserRid, rid;
+	const char *sambaSID;
+
+	ret = dsdb_module_search(module, tmp_ctx, &res, NULL, LDB_SCOPE_SUBTREE,
+				 attrs,
+				 DSDB_FLAG_NEXT_MODULE |
+				 DSDB_SEARCH_SEARCH_ALL_PARTITIONS,
+				 parent,
+				 "(&(objectClass=sambaDomain)(sambaDomainName=%s))",
+				 lpcfg_sam_name(ldb_get_opaque(ldb, "loadparm")));
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb,
+				       __location__
+				       ": Failed to find domain object - %s",
+				       ldb_errstring(ldb));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+	if (res->count != 1) {
+		ldb_asprintf_errstring(ldb,
+				       __location__
+				       ": Expected exactly 1 domain object - got %u",
+				       res->count);
+		talloc_free(tmp_ctx);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	msg = res->msgs[0];
+
+	sambaNextRid = ldb_msg_find_attr_as_uint(msg, "sambaNextRid",
+						 (uint32_t) -1);
+	sambaNextUserRid = ldb_msg_find_attr_as_uint(msg, "sambaNextUserRid",
+						     (uint32_t) -1);
+	sambaNextGroupRid = ldb_msg_find_attr_as_uint(msg, "sambaNextGroupRid",
+						      (uint32_t) -1);
+	sambaSID = ldb_msg_find_attr_as_string(msg, "sambaSID", NULL);
+
+	if (sambaSID == NULL) {
+		ldb_asprintf_errstring(ldb,
+				       __location__
+				       ": No sambaSID in %s",
+				       ldb_dn_get_linearized(msg->dn));
+		talloc_free(tmp_ctx);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	/* choose the highest of the 3 - see pdb_ldap.c for an
+	 * explanation */
+	rid = sambaNextRid;
+	if ((sambaNextUserRid != (uint32_t) -1) && (sambaNextUserRid > rid)) {
+		rid = sambaNextUserRid;
+	}
+	if ((sambaNextGroupRid != (uint32_t) -1) && (sambaNextGroupRid > rid)) {
+		rid = sambaNextGroupRid;
+	}
+	if (rid == (uint32_t) -1) {
+		ldb_asprintf_errstring(ldb,
+				       __location__
+				       ": No sambaNextRid in %s",
+				       ldb_dn_get_linearized(msg->dn));
+		talloc_free(tmp_ctx);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	/* sambaNextRid is actually the previous RID .... */
+	rid += 1;
+
+	(*sid) = talloc_asprintf(tmp_ctx, "%s-%u", sambaSID, rid);
+	if (!*sid) {
+		talloc_free(tmp_ctx);
+		return ldb_module_oom(module);
+	}
+
+	ret = dsdb_module_constrainted_update_uint32(module, msg->dn,
+						     "sambaNextRid",
+						     &sambaNextRid, &rid, parent);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb,
+				       __location__
+				       ": Failed to update sambaNextRid - %s",
+				       ldb_errstring(ldb));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	talloc_steal(mem_ctx, *sid);
+	talloc_free(tmp_ctx);
+	return LDB_SUCCESS;
+}
+
+
+
+/* add */
+static int samba3sid_add(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	int ret;
+	const struct ldb_message *msg = req->op.add.message;
+	struct ldb_message *new_msg;
+	char *sid;
+	struct ldb_request *new_req;
+
+	ldb = ldb_module_get_ctx(module);
+
+	/* do not manipulate our control entries */
+	if (ldb_dn_is_special(req->op.add.message->dn)) {
+		return ldb_next_request(module, req);
+	}
+
+	if (!samdb_find_attribute(ldb, msg, "objectclass", "posixAccount") &&
+	    !samdb_find_attribute(ldb, msg, "objectclass", "posixGroup")) {
+		/* its not a user or a group */
+		return ldb_next_request(module, req);
+	}
+
+	if (ldb_msg_find_element(msg, "sambaSID")) {
+		/* a SID was supplied */
+		return ldb_next_request(module, req);
+	}
+
+	new_msg = ldb_msg_copy_shallow(req, req->op.add.message);
+	if (!new_msg) {
+		return ldb_module_oom(module);
+	}
+
+	ret = samba3sid_next_sid(module, new_msg, &sid, req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = ldb_msg_add_steal_string(new_msg, "sambaSID", sid);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = ldb_build_add_req(&new_req, ldb, req,
+				new_msg,
+				req->controls,
+				req, dsdb_next_callback,
+				req);
+	LDB_REQ_SET_LOCATION(new_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return ldb_next_request(module, new_req);
+}
+
+static const struct ldb_module_ops ldb_samba3sid_module_ops = {
+	.name          = "samba3sid",
+	.add           = samba3sid_add,
+};
+
+
+int ldb_samba3sid_module_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_samba3sid_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
new file mode 100644
index 0000000..37213a5
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
@@ -0,0 +1,611 @@
+/*
+   Samba4 module loading module
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: ldb
+ *
+ *  Component: Samba4 module loading module
+ *
+ *  Description: Implement a single 'module' in the ldb database,
+ *  which loads the remaining modules based on 'choice of configuration' attributes
+ *
+ *  This is to avoid forcing a reprovision of the ldb databases when we change the internal structure of the code
+ *
+ *  Author: Andrew Bartlett
+ */
+
+#include "includes.h"
+#include <ldb.h>
+#include <ldb_errors.h>
+#include <ldb_module.h>
+#include "dsdb/samdb/ldb_modules/util.h"
+#include "dsdb/samdb/samdb.h"
+#include "librpc/ndr/libndr.h"
+#include "auth/credentials/credentials.h"
+#include "param/secrets.h"
+#include "lib/ldb-samba/ldb_wrap.h"
+
+static int read_at_rootdse_record(struct ldb_context *ldb, struct ldb_module *module, TALLOC_CTX *mem_ctx,
+				  struct ldb_message **msg, struct ldb_request *parent)
+{
+	int ret;
+	static const char *rootdse_attrs[] = { "defaultNamingContext", "configurationNamingContext", "schemaNamingContext", NULL };
+	struct ldb_result *rootdse_res;
+	struct ldb_dn *rootdse_dn;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	if (!tmp_ctx) {
+		return ldb_oom(ldb);
+	}
+
+	rootdse_dn = ldb_dn_new(tmp_ctx, ldb, "@ROOTDSE");
+	if (!rootdse_dn) {
+		talloc_free(tmp_ctx);
+		return ldb_oom(ldb);
+	}
+
+	ret = dsdb_module_search_dn(module, tmp_ctx, &rootdse_res, rootdse_dn,
+	                            rootdse_attrs, DSDB_FLAG_NEXT_MODULE, parent);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	talloc_steal(mem_ctx, rootdse_res->msgs);
+	*msg = rootdse_res->msgs[0];
+
+	talloc_free(tmp_ctx);
+
+	return ret;
+}
+
+static int prepare_modules_line(struct ldb_context *ldb,
+				TALLOC_CTX *mem_ctx,
+				const struct ldb_message *rootdse_msg,
+				struct ldb_message *msg, const char *backend_attr,
+				const char *backend_mod, const char **backend_mod_list)
+{
+	int ret;
+	const char **backend_full_list;
+	const char *backend_dn;
+	char *mod_list_string;
+	char *full_string;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	if (!tmp_ctx) {
+		return ldb_oom(ldb);
+	}
+
+	if (backend_attr) {
+		backend_dn = ldb_msg_find_attr_as_string(rootdse_msg, backend_attr, NULL);
+		if (!backend_dn) {
+			ldb_asprintf_errstring(ldb,
+					       "samba_dsdb_init: "
+					       "unable to read %s from %s:%s",
+					       backend_attr, ldb_dn_get_linearized(rootdse_msg->dn),
+					       ldb_errstring(ldb));
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+	} else {
+		backend_dn = "*";
+	}
+
+	if (backend_mod) {
+		char **b = str_list_make_single(tmp_ctx, backend_mod);
+		backend_full_list = discard_const_p(const char *, b);
+	} else {
+		char **b = str_list_make_empty(tmp_ctx);
+		backend_full_list = discard_const_p(const char *, b);
+	}
+	if (!backend_full_list) {
+		talloc_free(tmp_ctx);
+		return ldb_oom(ldb);
+	}
+
+	backend_full_list = str_list_append_const(backend_full_list, backend_mod_list);
+	if (!backend_full_list) {
+		talloc_free(tmp_ctx);
+		return ldb_oom(ldb);
+	}
+
+	mod_list_string = str_list_join(tmp_ctx, backend_full_list, ',');
+
+	/* str_list_append allocates on NULL */
+	talloc_free(backend_full_list);
+
+	if (!mod_list_string) {
+		talloc_free(tmp_ctx);
+		return ldb_oom(ldb);
+	}
+
+	full_string = talloc_asprintf(tmp_ctx, "%s:%s", backend_dn, mod_list_string);
+	ret = ldb_msg_add_steal_string(msg, "modules", full_string);
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+static bool check_required_features(struct ldb_message_element *el)
+{
+	if (el != NULL) {
+		int k;
+		DATA_BLOB esf = data_blob_string_const(
+			SAMBA_ENCRYPTED_SECRETS_FEATURE);
+		DATA_BLOB lmdbl1 = data_blob_string_const(
+			SAMBA_LMDB_LEVEL_ONE_FEATURE);
+		for (k = 0; k < el->num_values; k++) {
+			if ((data_blob_cmp(&esf, &el->values[k]) != 0) &&
+			    (data_blob_cmp(&lmdbl1, &el->values[k]) != 0)) {
+				return false;
+			}
+		}
+	}
+	return true;
+}
+
+static int samba_dsdb_init(struct ldb_module *module)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	int ret, lock_ret, len, i, j;
+	TALLOC_CTX *tmp_ctx = talloc_new(module);
+	struct ldb_result *res;
+	struct ldb_message *rootdse_msg = NULL, *partition_msg;
+	struct ldb_dn *samba_dsdb_dn, *partition_dn, *indexlist_dn;
+	struct ldb_module *backend_module, *module_chain;
+	const char **final_module_list, **reverse_module_list;
+	/*
+	  Add modules to the list to activate them by default
+	  beware often order is important
+
+	  Some Known ordering constraints:
+	  - rootdse must be first, as it makes redirects from "" -> cn=rootdse
+	  - extended_dn_in must be before objectclass.c, as it resolves the DN
+	  - objectclass must be before password_hash and samldb since these LDB
+	    modules require the expanded "objectClass" list
+	  - objectclass must be before descriptor and acl, as both assume that
+	    objectClass values are sorted
+	  - objectclass_attrs must be behind operational in order to see all
+	    attributes (the operational module protects and therefore
+	    suppresses per default some important ones)
+	  - partition must be last
+	  - each partition has its own module list then
+
+	  The list is presented here as a set of declarations to show the
+	  stack visually - the code below then handles the creation of the list
+	  based on the parameters loaded from the database.
+	*/
+	static const char *modules_list1[] = {"resolve_oids",
+					     "rootdse",
+					     "dsdb_notification",
+					     "schema_load",
+					     "lazy_commit",
+					     "dirsync",
+					     "dsdb_paged_results",
+					     "vlv",
+					     "ranged_results",
+					     "anr",
+					     "server_sort",
+					     "asq",
+					     "extended_dn_store",
+					     NULL };
+	/* extended_dn_in or extended_dn_in_openldap goes here */
+	static const char *modules_list1a[] = {"audit_log",
+					     "objectclass",
+					     "tombstone_reanimate",
+					     "descriptor",
+					     "acl",
+					     "aclread",
+					     "samldb",
+					     "password_hash",
+					     "instancetype",
+					     "objectclass_attrs",
+					     NULL };
+
+	const char **link_modules;
+	static const char *tdb_modules_list[] = {
+		"rdn_name",
+		"subtree_delete",
+		"repl_meta_data",
+		"group_audit_log",
+		"encrypted_secrets",
+		"operational",
+		"unique_object_sids",
+		"subtree_rename",
+		"linked_attributes",
+		NULL};
+
+	const char *extended_dn_module;
+	const char *extended_dn_module_ldb = "extended_dn_out_ldb";
+	const char *extended_dn_in_module = "extended_dn_in";
+
+	static const char *modules_list2[] = {"dns_notify",
+					      "show_deleted",
+					      "new_partition",
+					      "partition",
+					      NULL };
+
+	const char **backend_modules;
+	static const char *samba_dsdb_attrs[] = { SAMBA_COMPATIBLE_FEATURES_ATTR,
+						  SAMBA_REQUIRED_FEATURES_ATTR, NULL };
+	static const char *indexlist_attrs[] = { SAMBA_FEATURES_SUPPORTED_FLAG, NULL };
+
+	const char *current_supportedFeatures[] = {SAMBA_SORTED_LINKS_FEATURE};
+
+	if (!tmp_ctx) {
+		return ldb_oom(ldb);
+	}
+
+	ret = ldb_register_samba_handlers(ldb);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	samba_dsdb_dn = ldb_dn_new(tmp_ctx, ldb, "@SAMBA_DSDB");
+	if (!samba_dsdb_dn) {
+		talloc_free(tmp_ctx);
+		return ldb_oom(ldb);
+	}
+
+	indexlist_dn = ldb_dn_new(tmp_ctx, ldb, "@INDEXLIST");
+	if (!samba_dsdb_dn) {
+		talloc_free(tmp_ctx);
+		return ldb_oom(ldb);
+	}
+
+	partition_dn = ldb_dn_new(tmp_ctx, ldb, DSDB_PARTITION_DN);
+	if (!partition_dn) {
+		talloc_free(tmp_ctx);
+		return ldb_oom(ldb);
+	}
+
+#define CHECK_LDB_RET(check_ret)				\
+	do {							\
+		if (check_ret != LDB_SUCCESS) {			\
+			talloc_free(tmp_ctx);			\
+			return check_ret;			\
+		}						\
+	} while (0)
+
+	ret = dsdb_module_search_dn(module, tmp_ctx, &res, samba_dsdb_dn,
+	                            samba_dsdb_attrs, DSDB_FLAG_NEXT_MODULE, NULL);
+	if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+		/* do nothing, a very old db being upgraded */
+	} else if (ret == LDB_SUCCESS) {
+		struct ldb_message_element *requiredFeatures;
+		struct ldb_message_element *old_compatibleFeatures;
+
+		requiredFeatures = ldb_msg_find_element(res->msgs[0], SAMBA_REQUIRED_FEATURES_ATTR);
+		if (!check_required_features(requiredFeatures)) {
+			ldb_set_errstring(
+				ldb,
+				"This Samba database was created with "
+				"a newer Samba version and is marked "
+				"with extra requiredFeatures in "
+				"@SAMBA_DSDB. This database can not "
+				"safely be read by this Samba version");
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+
+		old_compatibleFeatures = ldb_msg_find_element(res->msgs[0],
+							      SAMBA_COMPATIBLE_FEATURES_ATTR);
+
+		if (old_compatibleFeatures) {
+			struct ldb_message *features_msg;
+			struct ldb_message_element *features_el;
+			int samba_options_supported = 0;
+			ret = dsdb_module_search_dn(module, tmp_ctx, &res,
+						    indexlist_dn,
+						    indexlist_attrs,
+						    DSDB_FLAG_NEXT_MODULE, NULL);
+			if (ret == LDB_SUCCESS) {
+				samba_options_supported
+					= ldb_msg_find_attr_as_int(res->msgs[0],
+								   SAMBA_FEATURES_SUPPORTED_FLAG,
+								   0);
+
+			} else if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+				/*
+				 * If we don't have @INDEXLIST yet, then we
+				 * are so early in set-up that we know this is
+				 * a blank DB, so no need to wripe out old
+				 * features
+				 */
+				samba_options_supported = 1;
+			}
+
+			features_msg = ldb_msg_new(res);
+			if (features_msg == NULL) {
+				return ldb_module_operr(module);
+			}
+			features_msg->dn = samba_dsdb_dn;
+
+			ret = ldb_msg_add_empty(features_msg, SAMBA_COMPATIBLE_FEATURES_ATTR,
+						LDB_FLAG_MOD_DELETE, &features_el);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+
+			if (samba_options_supported == 1) {
+				for (i = 0;
+				     old_compatibleFeatures && i < old_compatibleFeatures->num_values;
+				     i++) {
+					for (j = 0;
+					     j < ARRAY_SIZE(current_supportedFeatures); j++) {
+						if (strcmp((char *)old_compatibleFeatures->values[i].data,
+							   current_supportedFeatures[j]) == 0) {
+							break;
+						}
+					}
+					if (j == ARRAY_SIZE(current_supportedFeatures)) {
+						/*
+						 * Add to list of features to remove
+						 * (rather than all features)
+						 */
+						ret = ldb_msg_add_value(features_msg, SAMBA_COMPATIBLE_FEATURES_ATTR,
+									&old_compatibleFeatures->values[i],
+									NULL);
+						if (ret != LDB_SUCCESS) {
+							return ret;
+						}
+					}
+				}
+
+				if (features_el->num_values > 0) {
+					/* Delete by list */
+					ret = ldb_next_start_trans(module);
+					if (ret != LDB_SUCCESS) {
+						return ret;
+					}
+					ret = dsdb_module_modify(module, features_msg, DSDB_FLAG_NEXT_MODULE, NULL);
+					if (ret != LDB_SUCCESS) {
+						ldb_next_del_trans(module);
+						return ret;
+					}
+					ret = ldb_next_end_trans(module);
+					if (ret != LDB_SUCCESS) {
+						return ret;
+					}
+				}
+			} else {
+				/* Delete all */
+				ret = ldb_next_start_trans(module);
+				if (ret != LDB_SUCCESS) {
+					return ret;
+				}
+				ret = dsdb_module_modify(module, features_msg, DSDB_FLAG_NEXT_MODULE, NULL);
+				if (ret != LDB_SUCCESS) {
+					ldb_next_del_trans(module);
+					return ret;
+				}
+				ret = ldb_next_end_trans(module);
+				if (ret != LDB_SUCCESS) {
+					return ret;
+				}
+			}
+		}
+
+	} else {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	backend_modules = NULL;
+	extended_dn_module = extended_dn_module_ldb;
+	link_modules = tdb_modules_list;
+
+#define CHECK_MODULE_LIST \
+	do {							\
+		if (!final_module_list) {			\
+			talloc_free(tmp_ctx);			\
+			return ldb_oom(ldb);			\
+		}						\
+	} while (0)
+
+	final_module_list = str_list_copy_const(tmp_ctx, modules_list1);
+	CHECK_MODULE_LIST;
+
+	final_module_list = str_list_add_const(final_module_list, extended_dn_in_module);
+	CHECK_MODULE_LIST;
+
+	final_module_list = str_list_append_const(final_module_list, modules_list1a);
+	CHECK_MODULE_LIST;
+
+	final_module_list = str_list_append_const(final_module_list, link_modules);
+	CHECK_MODULE_LIST;
+
+	final_module_list = str_list_add_const(final_module_list, extended_dn_module);
+	CHECK_MODULE_LIST;
+
+	final_module_list = str_list_append_const(final_module_list, modules_list2);
+	CHECK_MODULE_LIST;
+
+
+	ret = read_at_rootdse_record(ldb, module, tmp_ctx, &rootdse_msg, NULL);
+	CHECK_LDB_RET(ret);
+
+	partition_msg = ldb_msg_new(tmp_ctx);
+	partition_msg->dn = ldb_dn_new(partition_msg, ldb, "@" DSDB_OPAQUE_PARTITION_MODULE_MSG_OPAQUE_NAME);
+
+	ret = prepare_modules_line(ldb, tmp_ctx,
+				   rootdse_msg,
+				   partition_msg, "schemaNamingContext",
+				   "schema_data", backend_modules);
+	CHECK_LDB_RET(ret);
+
+	ret = prepare_modules_line(ldb, tmp_ctx,
+				   rootdse_msg,
+				   partition_msg, NULL,
+				   NULL, backend_modules);
+	CHECK_LDB_RET(ret);
+
+	ret = ldb_set_opaque(ldb, DSDB_OPAQUE_PARTITION_MODULE_MSG_OPAQUE_NAME, partition_msg);
+	CHECK_LDB_RET(ret);
+
+	talloc_steal(ldb, partition_msg);
+
+	/* Now prepare the module chain. Oddly, we must give it to
+	 * ldb_module_load_list in REVERSE */
+	for (len = 0; final_module_list[len]; len++) { /* noop */};
+
+	reverse_module_list = talloc_array(tmp_ctx, const char *, len+1);
+	if (!reverse_module_list) {
+		talloc_free(tmp_ctx);
+		return ldb_oom(ldb);
+	}
+	for (i=0; i < len; i++) {
+		reverse_module_list[i] = final_module_list[(len - 1) - i];
+	}
+	reverse_module_list[i] = NULL;
+
+	/* The backend (at least until the partitions module
+	 * reconfigures things) is the next module in the currently
+	 * loaded chain */
+	backend_module = ldb_module_next(module);
+	ret = ldb_module_load_list(ldb, reverse_module_list, backend_module, &module_chain);
+	CHECK_LDB_RET(ret);
+
+	talloc_free(tmp_ctx);
+	/* Set this as the 'next' module, so that we effectively append it to
+	 * module chain */
+	ldb_module_set_next(module, module_chain);
+
+	ret = ldb_next_read_lock(module);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = ldb_next_init(module);
+
+	lock_ret = ldb_next_read_unlock(module);
+
+	if (lock_ret != LDB_SUCCESS) {
+		return lock_ret;
+	}
+
+	return ret;
+}
+
+static const struct ldb_module_ops ldb_samba_dsdb_module_ops = {
+	.name		   = "samba_dsdb",
+	.init_context	   = samba_dsdb_init,
+};
+
+static struct ldb_message *dsdb_flags_ignore_fixup(TALLOC_CTX *mem_ctx,
+						const struct ldb_message *_msg)
+{
+	struct ldb_message *msg = NULL;
+	unsigned int i;
+
+	/* we have to copy the message as the caller might have it as a const */
+	msg = ldb_msg_copy_shallow(mem_ctx, _msg);
+	if (msg == NULL) {
+		return NULL;
+	}
+
+	for (i=0; i < msg->num_elements;) {
+		struct ldb_message_element *e = &msg->elements[i];
+
+		if (!(e->flags & DSDB_FLAG_INTERNAL_FORCE_META_DATA)) {
+			i++;
+			continue;
+		}
+
+		e->flags &= ~DSDB_FLAG_INTERNAL_FORCE_META_DATA;
+
+		if (e->num_values != 0) {
+			i++;
+			continue;
+		}
+
+		ldb_msg_remove_element(msg, e);
+	}
+
+	return msg;
+}
+
+static int dsdb_flags_ignore_add(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct ldb_request *down_req = NULL;
+	struct ldb_message *msg = NULL;
+	int ret;
+
+	msg = dsdb_flags_ignore_fixup(req, req->op.add.message);
+	if (msg == NULL) {
+		return ldb_module_oom(module);
+	}
+
+	ret = ldb_build_add_req(&down_req, ldb, req,
+				msg,
+				req->controls,
+				req, dsdb_next_callback,
+				req);
+	LDB_REQ_SET_LOCATION(down_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/* go on with the call chain */
+	return ldb_next_request(module, down_req);
+}
+
+static int dsdb_flags_ignore_modify(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct ldb_request *down_req = NULL;
+	struct ldb_message *msg = NULL;
+	int ret;
+
+	msg = dsdb_flags_ignore_fixup(req, req->op.mod.message);
+	if (msg == NULL) {
+		return ldb_module_oom(module);
+	}
+
+	ret = ldb_build_mod_req(&down_req, ldb, req,
+				msg,
+				req->controls,
+				req, dsdb_next_callback,
+				req);
+	LDB_REQ_SET_LOCATION(down_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/* go on with the call chain */
+	return ldb_next_request(module, down_req);
+}
+
+static const struct ldb_module_ops ldb_dsdb_flags_ignore_module_ops = {
+	.name   = "dsdb_flags_ignore",
+	.add    = dsdb_flags_ignore_add,
+	.modify = dsdb_flags_ignore_modify,
+};
+
+int ldb_samba_dsdb_module_init(const char *version)
+{
+	int ret;
+	LDB_MODULE_CHECK_VERSION(version);
+	ret = ldb_register_module(&ldb_samba_dsdb_module_ops);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	ret = ldb_register_module(&ldb_dsdb_flags_ignore_module_ops);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	return LDB_SUCCESS;
+}
diff --git a/source4/dsdb/samdb/ldb_modules/samba_secrets.c b/source4/dsdb/samdb/ldb_modules/samba_secrets.c
new file mode 100644
index 0000000..d184ee7
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/samba_secrets.c
@@ -0,0 +1,103 @@
+/* 
+   Samba4 module loading module (for secrets)
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: ldb
+ *
+ *  Component: Samba4 module loading module (for secrets.ldb)
+ *
+ *  Description: Implement a single 'module' in the secrets.ldb database
+ *
+ *  This is to avoid forcing a reprovision of the ldb databases when we change the internal structure of the code
+ *
+ *  Author: Andrew Bartlett
+ */
+
+#include "includes.h"
+#include <ldb.h>
+#include <ldb_errors.h>
+#include <ldb_module.h>
+#include "dsdb/samdb/ldb_modules/util.h"
+#include "dsdb/samdb/samdb.h"
+
+
+static int samba_secrets_init(struct ldb_module *module)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	int ret, len, i;
+	TALLOC_CTX *tmp_ctx = talloc_new(module);
+	struct ldb_module *backend_module, *module_chain;
+	const char **reverse_module_list;
+	/*
+	  Add modules to the list to activate them by default
+	  beware often order is important
+	  
+	  The list is presented here as a set of declarations to show the
+	  stack visually
+	*/
+	static const char *modules_list[] = {"update_keytab",
+					     "secrets_tdb_sync",
+					     "objectguid",
+					     "rdn_name",
+					     NULL };
+
+	if (!tmp_ctx) {
+		return ldb_oom(ldb);
+	}
+
+	/* Now prepare the module chain.  Oddly, we must give it to ldb_load_modules_list in REVERSE */
+	for (len = 0; modules_list[len]; len++) { /* noop */};
+
+	reverse_module_list = talloc_array(tmp_ctx, const char *, len+1);
+	if (!reverse_module_list) {
+		talloc_free(tmp_ctx);
+		return ldb_oom(ldb);
+	}
+	for (i=0; i < len; i++) {
+		reverse_module_list[i] = modules_list[(len - 1) - i];
+	}
+	reverse_module_list[i] = NULL;
+
+	/* The backend (at least until the partitions module
+	 * reconfigures things) is the next module in the currently
+	 * loaded chain */
+	backend_module = ldb_module_next(module);
+	ret = ldb_module_load_list(ldb, reverse_module_list, backend_module, &module_chain);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	talloc_free(tmp_ctx);
+	/* Set this as the 'next' module, so that we effectivly append it to module chain */
+	ldb_module_set_next(module, module_chain);
+
+	return ldb_next_init(module);
+}
+
+static const struct ldb_module_ops ldb_samba_secrets_module_ops = {
+	.name		   = "samba_secrets",
+	.init_context	   = samba_secrets_init,
+};
+
+int ldb_samba_secrets_module_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_samba_secrets_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
new file mode 100644
index 0000000..d79138a
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -0,0 +1,5736 @@
+/*
+   SAM ldb module
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2014
+   Copyright (C) Simo Sorce  2004-2008
+   Copyright (C) Matthias Dieter Wallnöfer 2009-2011
+   Copyright (C) Matthieu Patou 2012
+   Copyright (C) Catalyst.Net Ltd 2017
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: ldb
+ *
+ *  Component: ldb samldb module
+ *
+ *  Description: various internal DSDB triggers - most for SAM specific objects
+ *
+ *  Author: Simo Sorce
+ */
+
+#include "includes.h"
+#include "libcli/ldap/ldap_ndr.h"
+#include "ldb_module.h"
+#include "auth/auth.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+#include "dsdb/samdb/ldb_modules/ridalloc.h"
+#include "libcli/security/security.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "ldb_wrap.h"
+#include "param/param.h"
+#include "libds/common/flag_mapping.h"
+#include "system/network.h"
+#include "librpc/gen_ndr/irpc.h"
+#include "lib/util/smb_strtox.h"
+
+#undef strcasecmp
+
+struct samldb_ctx;
+enum samldb_add_type {
+	SAMLDB_TYPE_USER,
+	SAMLDB_TYPE_GROUP,
+	SAMLDB_TYPE_CLASS,
+	SAMLDB_TYPE_ATTRIBUTE
+};
+
+typedef int (*samldb_step_fn_t)(struct samldb_ctx *);
+
+struct samldb_step {
+	struct samldb_step *next;
+	samldb_step_fn_t fn;
+};
+
+struct samldb_ctx {
+	struct ldb_module *module;
+	struct ldb_request *req;
+
+	/* used for add operations */
+	enum samldb_add_type type;
+
+	/*
+	 * should we apply the need_trailing_dollar restriction to
+	 * samAccountName
+	 */
+
+	bool need_trailing_dollar;
+
+	/* the resulting message */
+	struct ldb_message *msg;
+
+	/* used in "samldb_find_for_defaultObjectCategory" */
+	struct ldb_dn *dn, *res_dn;
+
+	/* all the async steps necessary to complete the operation */
+	struct samldb_step *steps;
+	struct samldb_step *curstep;
+
+	/* If someone set an ares to forward controls and response back to the caller */
+	struct ldb_reply *ares;
+};
+
+static struct samldb_ctx *samldb_ctx_init(struct ldb_module *module,
+					  struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct samldb_ctx *ac;
+
+	ldb = ldb_module_get_ctx(module);
+
+	ac = talloc_zero(req, struct samldb_ctx);
+	if (ac == NULL) {
+		ldb_oom(ldb);
+		return NULL;
+	}
+
+	ac->module = module;
+	ac->req = req;
+
+	return ac;
+}
+
+static int samldb_add_step(struct samldb_ctx *ac, samldb_step_fn_t fn)
+{
+	struct samldb_step *step, *stepper;
+
+	step = talloc_zero(ac, struct samldb_step);
+	if (step == NULL) {
+		return ldb_oom(ldb_module_get_ctx(ac->module));
+	}
+
+	step->fn = fn;
+
+	if (ac->steps == NULL) {
+		ac->steps = step;
+		ac->curstep = step;
+	} else {
+		if (ac->curstep == NULL)
+			return ldb_operr(ldb_module_get_ctx(ac->module));
+		for (stepper = ac->curstep; stepper->next != NULL;
+			stepper = stepper->next);
+		stepper->next = step;
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int samldb_first_step(struct samldb_ctx *ac)
+{
+	if (ac->steps == NULL) {
+		return ldb_operr(ldb_module_get_ctx(ac->module));
+	}
+
+	ac->curstep = ac->steps;
+	return ac->curstep->fn(ac);
+}
+
+static int samldb_next_step(struct samldb_ctx *ac)
+{
+	if (ac->curstep->next) {
+		ac->curstep = ac->curstep->next;
+		return ac->curstep->fn(ac);
+	}
+
+	/* We exit the samldb module here. If someone set an "ares" to forward
+	 * controls and response back to the caller, use them. */
+	if (ac->ares) {
+		return ldb_module_done(ac->req, ac->ares->controls,
+				       ac->ares->response, LDB_SUCCESS);
+	} else {
+		return ldb_module_done(ac->req, NULL, NULL, LDB_SUCCESS);
+	}
+}
+
+static int samldb_get_single_valued_attr(struct ldb_context *ldb,
+					 struct samldb_ctx *ac,
+					 const char *attr,
+					 const char **value)
+{
+	/*
+	 * The steps we end up going through to get and check a single valued
+	 * attribute.
+	 */
+	struct ldb_message_element *el = NULL;
+	int ret;
+
+	*value = NULL;
+
+	ret = dsdb_get_expected_new_values(ac,
+					   ac->msg,
+					   attr,
+					   &el,
+					   ac->req->operation);
+
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	if (el == NULL) {
+		/* we are not affected */
+		return LDB_SUCCESS;
+	}
+
+	if (el->num_values > 1) {
+		ldb_asprintf_errstring(
+			ldb,
+		        "samldb: %s has %u values, should be single-valued!",
+			attr, el->num_values);
+		return LDB_ERR_CONSTRAINT_VIOLATION;
+	} else if (el->num_values == 0) {
+		ldb_asprintf_errstring(
+			ldb,
+			"samldb: new value for %s "
+			"not provided for mandatory, single-valued attribute!",
+			attr);
+		return LDB_ERR_OBJECT_CLASS_VIOLATION;
+	}
+
+
+	if (el->values[0].length == 0) {
+		ldb_asprintf_errstring(
+			ldb,
+			"samldb: %s is of zero length, should have a value!",
+			attr);
+		return LDB_ERR_OBJECT_CLASS_VIOLATION;
+	}
+
+	*value = (char *)el->values[0].data;
+
+	return LDB_SUCCESS;
+}
+
+static int samldb_unique_attr_check(struct samldb_ctx *ac, const char *attr,
+				    const char *attr_conflict,
+				    struct ldb_dn *base_dn)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+	const char * const no_attrs[] = { NULL };
+	struct ldb_result *res = NULL;
+	const char *str = NULL;
+	const char *enc_str = NULL;
+	int ret;
+
+	ret = samldb_get_single_valued_attr(ldb, ac, attr, &str);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	if (str == NULL) {
+		/* the attribute wasn't found */
+		return LDB_SUCCESS;
+	}
+
+	enc_str = ldb_binary_encode_string(ac, str);
+	if (enc_str == NULL) {
+		return ldb_module_oom(ac->module);
+	}
+
+	/*
+	 * No other object should have the attribute with this value.
+	 */
+	if (attr_conflict != NULL) {
+		ret = dsdb_module_search(ac->module, ac, &res,
+					 base_dn,
+					 LDB_SCOPE_SUBTREE, no_attrs,
+					 DSDB_FLAG_NEXT_MODULE, ac->req,
+					 "(|(%s=%s)(%s=%s))",
+					 attr, enc_str,
+					 attr_conflict, enc_str);
+	} else {
+		ret = dsdb_module_search(ac->module, ac, &res,
+					 base_dn,
+					 LDB_SCOPE_SUBTREE, no_attrs,
+					 DSDB_FLAG_NEXT_MODULE, ac->req,
+					 "(%s=%s)", attr, enc_str);
+	}
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	if (res->count > 1) {
+		return ldb_operr(ldb);
+	} else if (res->count == 1) {
+		if (ldb_dn_compare(res->msgs[0]->dn, ac->msg->dn) != 0) {
+			ldb_asprintf_errstring(ldb,
+					       "samldb: %s '%s' already in use!",
+					       attr, enc_str);
+			return LDB_ERR_ENTRY_ALREADY_EXISTS;
+		}
+	}
+	talloc_free(res);
+
+	return LDB_SUCCESS;
+}
+
+
+
+static inline int samldb_sam_account_upn_clash_sub_search(
+	struct samldb_ctx *ac,
+	TALLOC_CTX *mem_ctx,
+	struct ldb_dn *base_dn,
+	const char *attr,
+	const char *value,
+	const char *err_msg
+	)
+{
+	/*
+	 * A very specific helper function for samldb_sam_account_upn_clash(),
+	 * where we end up doing this same thing several times in a row.
+	 */
+	const char * const no_attrs[] = { NULL };
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+	struct ldb_result *res = NULL;
+	int ret;
+	char *enc_value = ldb_binary_encode_string(ac, value);
+	if (enc_value == NULL) {
+		return ldb_module_oom(ac->module);
+	}
+	ret = dsdb_module_search(ac->module, mem_ctx, &res,
+				 base_dn,
+				 LDB_SCOPE_SUBTREE, no_attrs,
+				 DSDB_FLAG_NEXT_MODULE, ac->req,
+				 "(%s=%s)",
+				 attr, enc_value);
+	talloc_free(enc_value);
+
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	} else if (res->count > 1) {
+		return ldb_operr(ldb);
+	} else if (res->count == 1) {
+		if (ldb_dn_compare(res->msgs[0]->dn, ac->msg->dn) != 0){
+			ldb_asprintf_errstring(ldb,
+					       "samldb: %s '%s' "
+					       "is already in use %s",
+					       attr, value, err_msg);
+			/* different errors for different attrs */
+			if (strcasecmp("userPrincipalName", attr) == 0) {
+				return LDB_ERR_CONSTRAINT_VIOLATION;
+			}
+			return LDB_ERR_ENTRY_ALREADY_EXISTS;
+		}
+	}
+	return LDB_SUCCESS;
+}
+
+static int samaccountname_bad_chars_check(struct samldb_ctx *ac,
+					  const char *name)
+{
+	/*
+	 * The rules here are based on
+	 *
+	 * https://social.technet.microsoft.com/wiki/contents/articles/11216.active-directory-requirements-for-creating-objects.aspx
+	 *
+	 * Windows considers UTF-8 sequences that map to "similar" characters
+	 * (e.g. 'a', '�') to be the same sAMAccountName, and we don't. Names
+	 * that are not valid UTF-8 *are* allowed.
+	 *
+	 * Additionally, Samba collapses multiple spaces, and Windows doesn't.
+	 */
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+	size_t i;
+
+	for (i = 0; name[i] != '\0'; i++) {
+		uint8_t c = name[i];
+		char *p = NULL;
+		if (c < 32 || c == 127) {
+			ldb_asprintf_errstring(
+				ldb,
+				"samldb: sAMAccountName contains invalid "
+				"0x%.2x character\n", c);
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+		p = strchr("\"[]:;|=+*?<>/\\,", c);
+		if (p != NULL) {
+			ldb_asprintf_errstring(
+				ldb,
+				"samldb: sAMAccountName contains invalid "
+				"'%c' character\n", c);
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+	}
+
+	if (i == 0) {
+		ldb_asprintf_errstring(
+			ldb,
+			"samldb: sAMAccountName is empty\n");
+		return LDB_ERR_CONSTRAINT_VIOLATION;
+	}
+
+	if (name[i - 1] == '.') {
+		ldb_asprintf_errstring(
+			ldb,
+			"samldb: sAMAccountName ends with '.'");
+		return LDB_ERR_CONSTRAINT_VIOLATION;
+	}
+	return LDB_SUCCESS;
+}
+
+static int samldb_sam_account_upn_clash(struct samldb_ctx *ac)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+	int ret;
+	struct ldb_dn *base_dn = ldb_get_default_basedn(ldb);
+	TALLOC_CTX *tmp_ctx = NULL;
+	const char *real_sam = NULL;
+	const char *real_upn = NULL;
+	char *implied_sam = NULL;
+	char *implied_upn = NULL;
+	const char *realm = NULL;
+
+	ret = samldb_get_single_valued_attr(ldb, ac,
+					    "sAMAccountName",
+					    &real_sam);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	ret = samldb_get_single_valued_attr(ldb, ac,
+					    "userPrincipalName",
+					    &real_upn);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	if (real_upn == NULL && real_sam == NULL) {
+		/* Not changing these things, so we're done */
+		return LDB_SUCCESS;
+	}
+
+	tmp_ctx = talloc_new(ac);
+	realm = samdb_dn_to_dns_domain(tmp_ctx, base_dn);
+	if (realm == NULL) {
+		talloc_free(tmp_ctx);
+		return ldb_operr(ldb);
+	}
+
+	if (real_upn != NULL) {
+		/*
+		 * note we take the last @ in the upn because the first (i.e.
+		 * sAMAccountName equivalent) part can contain @.
+		 *
+		 * It is also OK (per Windows) for a UPN to have zero @s.
+		 */
+		char *at = NULL;
+		char *upn_realm = NULL;
+		implied_sam = talloc_strdup(tmp_ctx, real_upn);
+		if (implied_sam == NULL) {
+			talloc_free(tmp_ctx);
+			return ldb_module_oom(ac->module);
+		}
+
+		at = strrchr(implied_sam, '@');
+		if (at == NULL) {
+			/*
+			 * there is no @ in this UPN, so we treat the whole
+			 * thing as a sAMAccountName for the purposes of a
+			 * clash.
+			 */
+			DBG_INFO("samldb: userPrincipalName '%s' contains "
+				 "no '@' character\n", implied_sam);
+		} else {
+			/*
+			 * Now, this upn only implies a sAMAccountName if the
+			 * realm is our realm. So we need to compare the tail
+			 * of the upn to the realm.
+			 */
+			*at = '\0';
+			upn_realm = at + 1;
+			if (strcasecmp(upn_realm, realm) != 0) {
+				/* implied_sam is not the implied
+				 * sAMAccountName after all, because it is
+				 * from a different realm. */
+				TALLOC_FREE(implied_sam);
+			}
+		}
+	}
+
+	if (real_sam != NULL) {
+		implied_upn = talloc_asprintf(tmp_ctx, "%s@%s",
+					      real_sam, realm);
+		if (implied_upn == NULL) {
+			talloc_free(tmp_ctx);
+			return ldb_module_oom(ac->module);
+		}
+	}
+
+	/*
+	 * Now we have all of the actual and implied names, in which to search
+	 * for conflicts.
+	 */
+	if (real_sam != NULL) {
+		ret = samldb_sam_account_upn_clash_sub_search(
+			ac, tmp_ctx, base_dn, "sAMAccountName",
+			real_sam, "");
+
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+		ret = samaccountname_bad_chars_check(ac, real_sam);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+	}
+	if (implied_upn != NULL) {
+		ret = samldb_sam_account_upn_clash_sub_search(
+			ac, tmp_ctx, base_dn, "userPrincipalName", implied_upn,
+			"(implied by sAMAccountName)");
+
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+	}
+	if (real_upn != NULL) {
+		ret = samldb_sam_account_upn_clash_sub_search(
+			ac, tmp_ctx, base_dn, "userPrincipalName",
+			real_upn, "");
+
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+	}
+	if (implied_sam != NULL) {
+		ret = samldb_sam_account_upn_clash_sub_search(
+			ac, tmp_ctx, base_dn, "sAMAccountName", implied_sam,
+			"(implied by userPrincipalName)");
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+	}
+
+	talloc_free(tmp_ctx);
+	return LDB_SUCCESS;
+}
+
+
+/* This is run during an add or modify */
+static int samldb_sam_accountname_valid_check(struct samldb_ctx *ac)
+{
+	int ret = 0;
+	bool is_admin;
+	struct security_token *user_token = NULL;
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+	struct ldb_message_element *el = NULL;
+
+	ret = dsdb_get_expected_new_values(ac,
+					   ac->msg,
+					   "samAccountName",
+					   &el,
+					   ac->req->operation);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (el == NULL || el->num_values == 0) {
+		ldb_asprintf_errstring(ldb,
+			"%08X: samldb: 'samAccountName' can't be deleted/empty!",
+			W_ERROR_V(WERR_DS_ILLEGAL_MOD_OPERATION));
+		if (ac->req->operation == LDB_ADD) {
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		} else {
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+	}
+
+	ret = samldb_unique_attr_check(ac, "samAccountName", NULL,
+				       ldb_get_default_basedn(
+					       ldb_module_get_ctx(ac->module)));
+
+	/*
+	 * Error code munging to try and match what must be some quite
+	 * strange code-paths in Windows
+	 */
+	if (ret == LDB_ERR_CONSTRAINT_VIOLATION
+	    && ac->req->operation == LDB_MODIFY) {
+		ret = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
+	} else if (ret == LDB_ERR_OBJECT_CLASS_VIOLATION) {
+		ret = LDB_ERR_CONSTRAINT_VIOLATION;
+	}
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = samldb_sam_account_upn_clash(ac);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (!ac->need_trailing_dollar) {
+		return LDB_SUCCESS;
+	}
+
+	/* This does not permit a single $ */
+	if (el->values[0].length < 2) {
+		ldb_asprintf_errstring(ldb,
+				       "%08X: samldb: 'samAccountName' "
+				       "can't just be one character!",
+			W_ERROR_V(WERR_DS_ILLEGAL_MOD_OPERATION));
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	user_token = acl_user_token(ac->module);
+	if (user_token == NULL) {
+		return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
+	}
+
+	is_admin
+		= security_token_has_builtin_administrators(user_token);
+
+	if (is_admin) {
+		/*
+		 * Administrators are allowed to select strange names.
+		 * This is poor practice but not prevented.
+		 */
+		return false;
+	}
+
+	if (el->values[0].data[el->values[0].length - 1] != '$') {
+		ldb_asprintf_errstring(ldb,
+				       "%08X: samldb: 'samAccountName' "
+				       "must have a trailing $!",
+			W_ERROR_V(WERR_DS_ILLEGAL_MOD_OPERATION));
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+	if (el->values[0].data[el->values[0].length - 2] == '$') {
+		ldb_asprintf_errstring(ldb,
+				       "%08X: samldb: 'samAccountName' "
+				       "must not have a double trailing $!",
+			W_ERROR_V(WERR_DS_ILLEGAL_MOD_OPERATION));
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	return ret;
+}
+
+static int samldb_schema_attributeid_valid_check(struct samldb_ctx *ac)
+{
+	int ret = samldb_unique_attr_check(ac, "attributeID", "governsID",
+					   ldb_get_schema_basedn(
+						   ldb_module_get_ctx(ac->module)));
+	if (ret == LDB_ERR_ENTRY_ALREADY_EXISTS) {
+		ret = LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+	return ret;
+}
+
+static int samldb_schema_governsid_valid_check(struct samldb_ctx *ac)
+{
+	int ret = samldb_unique_attr_check(ac, "governsID", "attributeID",
+					   ldb_get_schema_basedn(
+						   ldb_module_get_ctx(ac->module)));
+	if (ret == LDB_ERR_ENTRY_ALREADY_EXISTS) {
+		ret = LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+	return ret;
+}
+
+static int samldb_schema_ldapdisplayname_valid_check(struct samldb_ctx *ac)
+{
+	int ret = samldb_unique_attr_check(ac, "lDAPDisplayName", NULL,
+					   ldb_get_schema_basedn(
+						   ldb_module_get_ctx(ac->module)));
+	if (ret == LDB_ERR_ENTRY_ALREADY_EXISTS) {
+		ret = LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+	return ret;
+}
+
+static int samldb_check_linkid_used(struct samldb_ctx *ac,
+				    struct dsdb_schema *schema,
+				    struct ldb_dn *schema_dn,
+				    struct ldb_context *ldb,
+				    int32_t linkID,
+				    bool *found)
+{
+	int ret;
+	struct ldb_result *ldb_res;
+
+	if (dsdb_attribute_by_linkID(schema, linkID)) {
+		*found = true;
+		return LDB_SUCCESS;
+	}
+
+	ret = dsdb_module_search(ac->module, ac,
+				 &ldb_res,
+				 schema_dn, LDB_SCOPE_ONELEVEL, NULL,
+				 DSDB_FLAG_NEXT_MODULE,
+				 ac->req,
+				 "(linkID=%d)", linkID);
+	if (ret != LDB_SUCCESS) {
+		ldb_debug_set(ldb, LDB_DEBUG_ERROR,
+			      __location__": Searching for linkID=%d failed - %s\n",
+			      linkID,
+			      ldb_errstring(ldb));
+		return ldb_operr(ldb);
+	}
+
+	*found = (ldb_res->count != 0);
+	talloc_free(ldb_res);
+
+	return LDB_SUCCESS;
+}
+
+/* Find the next open forward linkID in the schema. */
+static int samldb_generate_next_linkid(struct samldb_ctx *ac,
+				       struct dsdb_schema *schema,
+				       int32_t *next_linkID)
+{
+	int ret;
+	struct ldb_context *ldb;
+	struct ldb_dn *schema_dn;
+	bool linkID_used = true;
+
+	/*
+	 * Windows starts at about 0xB0000000 in order to stop potential
+	 * collisions with future additions to the schema. We pass this
+	 * around as a signed int sometimes, but this should be sufficient.
+	 */
+	*next_linkID = 0x40000000;
+
+	ldb = ldb_module_get_ctx(ac->module);
+	schema_dn = ldb_get_schema_basedn(ldb);
+
+	while (linkID_used) {
+		*next_linkID += 2;
+		ret = samldb_check_linkid_used(ac, schema,
+					       schema_dn, ldb,
+					       *next_linkID, &linkID_used);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int samldb_schema_add_handle_linkid(struct samldb_ctx *ac)
+{
+	int ret;
+	bool ok, found = false;
+	struct ldb_message_element *el;
+	const char *enc_str;
+	const struct dsdb_attribute *attr;
+	struct ldb_context *ldb;
+	struct ldb_dn *schema_dn;
+	struct dsdb_schema *schema;
+	int32_t new_linkID = 0;
+
+	ldb = ldb_module_get_ctx(ac->module);
+	schema = dsdb_get_schema(ldb, ac);
+	schema_dn = ldb_get_schema_basedn(ldb);
+
+	ret = dsdb_get_expected_new_values(ac,
+					   ac->msg,
+					   "linkID",
+					   &el,
+					   ac->req->operation);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (el == NULL || el->num_values == 0) {
+		return LDB_SUCCESS;
+	}
+
+	enc_str = ldb_binary_encode(ac, el->values[0]);
+	if (enc_str == NULL) {
+		return ldb_module_oom(ac->module);
+	}
+
+	ok = (strcmp(enc_str, "0") == 0);
+	if (ok) {
+		return LDB_SUCCESS;
+	}
+
+	/*
+	 * This OID indicates that the caller wants the linkID
+	 * to be automatically generated. We therefore assign
+	 * it the next open linkID.
+	 */
+	ok = (strcmp(enc_str, "1.2.840.113556.1.2.50") == 0);
+	if (ok) {
+		ret = samldb_generate_next_linkid(ac, schema, &new_linkID);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		ldb_msg_remove_element(ac->msg, el);
+		ret = samdb_msg_add_int(ldb, ac->msg, ac->msg, "linkID",
+					new_linkID);
+		return ret;
+	}
+
+	/*
+	 * Using either the attributeID or lDAPDisplayName of
+	 * another attribute in the linkID field indicates that
+	 * we should make this the backlink of that attribute.
+	 */
+	attr = dsdb_attribute_by_attributeID_oid(schema, enc_str);
+	if (attr == NULL) {
+		attr = dsdb_attribute_by_lDAPDisplayName(schema, enc_str);
+	}
+
+	if (attr != NULL) {
+		/*
+		 * The attribute we're adding this as a backlink of must
+		 * be a forward link.
+		 */
+		if (attr->linkID % 2 != 0) {
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+
+		new_linkID = attr->linkID + 1;
+
+		/* Make sure that this backlink doesn't already exist. */
+		ret = samldb_check_linkid_used(ac, schema,
+					       schema_dn, ldb,
+					       new_linkID, &found);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		if (found) {
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+
+		ldb_msg_remove_element(ac->msg, el);
+		ret = samdb_msg_add_int(ldb, ac->msg, ac->msg, "linkID",
+					new_linkID);
+		return ret;
+	}
+
+	schema_dn = ldb_get_schema_basedn(ldb_module_get_ctx(ac->module));
+	ret = samldb_unique_attr_check(ac, "linkID", NULL, schema_dn);
+	if (ret == LDB_ERR_ENTRY_ALREADY_EXISTS) {
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	} else {
+		return ret;
+	}
+}
+
+static int samldb_check_mapiid_used(struct samldb_ctx *ac,
+				    struct dsdb_schema *schema,
+				    struct ldb_dn *schema_dn,
+				    struct ldb_context *ldb,
+				    int32_t mapiid,
+				    bool *found)
+{
+	int ret;
+	struct ldb_result *ldb_res;
+
+	ret = dsdb_module_search(ac->module, ac,
+				 &ldb_res,
+				 schema_dn, LDB_SCOPE_ONELEVEL, NULL,
+				 DSDB_FLAG_NEXT_MODULE,
+				 ac->req,
+				 "(mAPIID=%d)", mapiid);
+	if (ret != LDB_SUCCESS) {
+		ldb_debug_set(ldb, LDB_DEBUG_ERROR,
+			      __location__": Searching for mAPIID=%d failed - %s\n",
+			      mapiid,
+			      ldb_errstring(ldb));
+		return ldb_operr(ldb);
+	}
+
+	*found = (ldb_res->count != 0);
+	talloc_free(ldb_res);
+
+	return LDB_SUCCESS;
+}
+
+static int samldb_generate_next_mapiid(struct samldb_ctx *ac,
+				       struct dsdb_schema *schema,
+				       int32_t *next_mapiid)
+{
+	int ret;
+	struct ldb_context *ldb;
+	struct ldb_dn *schema_dn;
+	bool mapiid_used = true;
+
+	/* Windows' generation seems to start about here */
+	*next_mapiid = 60000;
+
+	ldb = ldb_module_get_ctx(ac->module);
+	schema_dn = ldb_get_schema_basedn(ldb);
+
+	while (mapiid_used) {
+		*next_mapiid += 1;
+		ret = samldb_check_mapiid_used(ac, schema,
+					       schema_dn, ldb,
+					       *next_mapiid, &mapiid_used);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int samldb_schema_add_handle_mapiid(struct samldb_ctx *ac)
+{
+	int ret;
+	bool ok;
+	struct ldb_message_element *el;
+	const char *enc_str;
+	struct ldb_context *ldb;
+	struct ldb_dn *schema_dn;
+	struct dsdb_schema *schema;
+	int32_t new_mapiid = 0;
+
+	/*
+	 * The mAPIID of a new attribute should be automatically generated
+	 * if a specific OID is put as the mAPIID, as according to
+	 * [MS-ADTS] 3.1.1.2.3.2.
+	 */
+
+	ldb = ldb_module_get_ctx(ac->module);
+	schema = dsdb_get_schema(ldb, ac);
+	schema_dn = ldb_get_schema_basedn(ldb);
+
+	ret = dsdb_get_expected_new_values(ac,
+					   ac->msg,
+					   "mAPIID",
+					   &el,
+					   ac->req->operation);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (el == NULL || el->num_values == 0) {
+		return LDB_SUCCESS;
+	}
+
+	enc_str = ldb_binary_encode(ac, el->values[0]);
+	if (enc_str == NULL) {
+		return ldb_module_oom(ac->module);
+	}
+
+	ok = (strcmp(enc_str, "1.2.840.113556.1.2.49") == 0);
+	if (ok) {
+		ret = samldb_generate_next_mapiid(ac, schema,
+						  &new_mapiid);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		ldb_msg_remove_element(ac->msg, el);
+		ret = samdb_msg_add_int(ldb, ac->msg, ac->msg,
+					"mAPIID", new_mapiid);
+		return ret;
+	}
+
+	schema_dn = ldb_get_schema_basedn(ldb_module_get_ctx(ac->module));
+	ret = samldb_unique_attr_check(ac, "mAPIID", NULL, schema_dn);
+	if (ret == LDB_ERR_ENTRY_ALREADY_EXISTS) {
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	} else {
+		return ret;
+	}
+}
+
+/* sAMAccountName handling */
+static int samldb_generate_sAMAccountName(struct samldb_ctx *ac,
+					  struct ldb_message *msg)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+	char *name;
+
+	/*
+	 * This is currently a Samba-only behaviour, to add a trailing
+	 * $ even for the generated accounts.
+	 */
+
+	if (ac->need_trailing_dollar) {
+		/* Format: $000000-00000000000$ */
+		name = talloc_asprintf(msg, "$%.6X-%.6X%.5X$",
+				       (unsigned int)generate_random(),
+				       (unsigned int)generate_random(),
+				       (unsigned int)generate_random());
+	} else {
+		/* Format: $000000-000000000000 */
+
+		name = talloc_asprintf(msg, "$%.6X-%.6X%.6X",
+				       (unsigned int)generate_random(),
+				       (unsigned int)generate_random(),
+				       (unsigned int)generate_random());
+	}
+	if (name == NULL) {
+		return ldb_oom(ldb);
+	}
+	return ldb_msg_add_steal_string(msg, "sAMAccountName", name);
+}
+
+static int samldb_check_sAMAccountName(struct samldb_ctx *ac)
+{
+	int ret;
+
+	if (ldb_msg_find_element(ac->msg, "sAMAccountName") == NULL) {
+		ret = samldb_generate_sAMAccountName(ac, ac->msg);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	ret = samldb_sam_accountname_valid_check(ac);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return samldb_next_step(ac);
+}
+
+
+static bool samldb_msg_add_sid(struct ldb_message *msg,
+				const char *name,
+				const struct dom_sid *sid)
+{
+	struct ldb_val v;
+	enum ndr_err_code ndr_err;
+
+	ndr_err = ndr_push_struct_blob(&v, msg, sid,
+				       (ndr_push_flags_fn_t)ndr_push_dom_sid);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return false;
+	}
+	return (ldb_msg_add_value(msg, name, &v, NULL) == 0);
+}
+
+
+/* allocate a SID using our RID Set */
+static int samldb_allocate_sid(struct samldb_ctx *ac)
+{
+	uint32_t rid;
+	struct dom_sid *sid;
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+	int ret;
+
+	ret = ridalloc_allocate_rid(ac->module, &rid, ac->req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	sid = dom_sid_add_rid(ac, samdb_domain_sid(ldb), rid);
+	if (sid == NULL) {
+		return ldb_module_oom(ac->module);
+	}
+
+	if ( ! samldb_msg_add_sid(ac->msg, "objectSid", sid)) {
+		return ldb_operr(ldb);
+	}
+
+	return samldb_next_step(ac);
+}
+
+/*
+  see if a krbtgt_number is available
+ */
+static bool samldb_krbtgtnumber_available(struct samldb_ctx *ac,
+					  uint32_t krbtgt_number)
+{
+	TALLOC_CTX *tmp_ctx = talloc_new(ac);
+	struct ldb_result *res;
+	const char * const no_attrs[] = { NULL };
+	int ret;
+
+	ret = dsdb_module_search(ac->module, tmp_ctx, &res,
+				 ldb_get_default_basedn(ldb_module_get_ctx(ac->module)),
+				 LDB_SCOPE_SUBTREE, no_attrs,
+				 DSDB_FLAG_NEXT_MODULE,
+				 ac->req,
+				 "(msDS-SecondaryKrbTgtNumber=%u)",
+				 krbtgt_number);
+	if (ret == LDB_SUCCESS && res->count == 0) {
+		talloc_free(tmp_ctx);
+		return true;
+	}
+	talloc_free(tmp_ctx);
+	return false;
+}
+
+/* special handling for add in RODC join */
+static int samldb_rodc_add(struct samldb_ctx *ac)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+	uint32_t krbtgt_number, i_start, i;
+	int ret;
+	struct ldb_val newpass_utf16;
+
+	/* find a unused msDS-SecondaryKrbTgtNumber */
+	i_start = generate_random() & 0xFFFF;
+	if (i_start == 0) {
+		i_start = 1;
+	}
+
+	for (i=i_start; i<=0xFFFF; i++) {
+		if (samldb_krbtgtnumber_available(ac, i)) {
+			krbtgt_number = i;
+			goto found;
+		}
+	}
+	for (i=1; i<i_start; i++) {
+		if (samldb_krbtgtnumber_available(ac, i)) {
+			krbtgt_number = i;
+			goto found;
+		}
+	}
+
+	ldb_asprintf_errstring(ldb,
+			       "%08X: Unable to find available msDS-SecondaryKrbTgtNumber",
+			       W_ERROR_V(WERR_NO_SYSTEM_RESOURCES));
+	return LDB_ERR_OTHER;
+
+found:
+
+	ldb_msg_remove_attr(ac->msg, "msDS-SecondaryKrbTgtNumber");
+	ret = samdb_msg_append_uint(ldb, ac->msg, ac->msg,
+				    "msDS-SecondaryKrbTgtNumber", krbtgt_number,
+				    LDB_FLAG_INTERNAL_DISABLE_VALIDATION);
+	if (ret != LDB_SUCCESS) {
+		return ldb_operr(ldb);
+	}
+
+	ret = ldb_msg_add_fmt(ac->msg, "sAMAccountName", "krbtgt_%u",
+			      krbtgt_number);
+	if (ret != LDB_SUCCESS) {
+		return ldb_operr(ldb);
+	}
+
+	newpass_utf16 = data_blob_talloc_zero(ac->module, 256);
+	if (newpass_utf16.data == NULL) {
+		return ldb_oom(ldb);
+	}
+	/*
+	 * Note that the password_hash module will ignore
+	 * this value and use it's own generate_secret_buffer()
+	 * that's why we can just use generate_random_buffer()
+	 * here.
+	 */
+	generate_random_buffer(newpass_utf16.data, newpass_utf16.length);
+	ret = ldb_msg_add_steal_value(ac->msg, "clearTextPassword", &newpass_utf16);
+	if (ret != LDB_SUCCESS) {
+		return ldb_operr(ldb);
+	}
+
+	return samldb_next_step(ac);
+}
+
+static int samldb_find_for_defaultObjectCategory(struct samldb_ctx *ac)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+	struct ldb_result *res;
+	const char * const no_attrs[] = { NULL };
+	int ret;
+
+	ac->res_dn = NULL;
+
+	ret = dsdb_module_search(ac->module, ac, &res,
+				 ac->dn, LDB_SCOPE_BASE, no_attrs,
+				 DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT
+				 | DSDB_FLAG_NEXT_MODULE,
+				 ac->req,
+				 "(objectClass=classSchema)");
+	if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+		/* Don't be pricky when the DN doesn't exist if we have the */
+		/* RELAX control specified */
+		if (ldb_request_get_control(ac->req,
+					    LDB_CONTROL_RELAX_OID) == NULL) {
+			ldb_set_errstring(ldb,
+					  "samldb_find_defaultObjectCategory: "
+					  "Invalid DN for 'defaultObjectCategory'!");
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+	}
+	if ((ret != LDB_ERR_NO_SUCH_OBJECT) && (ret != LDB_SUCCESS)) {
+		return ret;
+	}
+
+	if (ret == LDB_SUCCESS) {
+		/* ensure the defaultObjectCategory has a full GUID */
+		struct ldb_message *m;
+		m = ldb_msg_new(ac->msg);
+		if (m == NULL) {
+			return ldb_oom(ldb);
+		}
+		m->dn = ac->msg->dn;
+		if (ldb_msg_add_string(m, "defaultObjectCategory",
+				       ldb_dn_get_extended_linearized(m, res->msgs[0]->dn, 1)) !=
+		    LDB_SUCCESS) {
+			return ldb_oom(ldb);
+		}
+		m->elements[0].flags = LDB_FLAG_MOD_REPLACE;
+
+		ret = dsdb_module_modify(ac->module, m,
+					 DSDB_FLAG_NEXT_MODULE,
+					 ac->req);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+
+	ac->res_dn = ac->dn;
+
+	return samldb_next_step(ac);
+}
+
+/**
+ * msDS-IntId attributeSchema attribute handling
+ * during LDB_ADD request processing
+ */
+static int samldb_add_handle_msDS_IntId(struct samldb_ctx *ac)
+{
+	int ret;
+	bool id_exists;
+	uint32_t msds_intid;
+	int32_t system_flags;
+	struct ldb_context *ldb;
+	struct ldb_result *ldb_res;
+	struct ldb_dn *schema_dn;
+	struct samldb_msds_intid_persistant *msds_intid_struct;
+	struct dsdb_schema *schema;
+
+	ldb = ldb_module_get_ctx(ac->module);
+	schema_dn = ldb_get_schema_basedn(ldb);
+
+	/* replicated update should always go through */
+	if (ldb_request_get_control(ac->req,
+				    DSDB_CONTROL_REPLICATED_UPDATE_OID)) {
+		return LDB_SUCCESS;
+	}
+
+	/* msDS-IntId is handled by system and should never be
+	 * passed by clients */
+	if (ldb_msg_find_element(ac->msg, "msDS-IntId")) {
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	/* do not generate msDS-IntId if Relax control is passed */
+	if (ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID)) {
+		return LDB_SUCCESS;
+	}
+
+	/* check Functional Level */
+	if (dsdb_functional_level(ldb) < DS_DOMAIN_FUNCTION_2003) {
+		return LDB_SUCCESS;
+	}
+
+	/* check systemFlags for SCHEMA_BASE_OBJECT flag */
+	system_flags = ldb_msg_find_attr_as_int(ac->msg, "systemFlags", 0);
+	if (system_flags & SYSTEM_FLAG_SCHEMA_BASE_OBJECT) {
+		return LDB_SUCCESS;
+	}
+	schema = dsdb_get_schema(ldb, NULL);
+	if (!schema) {
+		ldb_debug_set(ldb, LDB_DEBUG_FATAL,
+			      "samldb_schema_info_update: no dsdb_schema loaded");
+		DEBUG(0,(__location__ ": %s\n", ldb_errstring(ldb)));
+		return ldb_operr(ldb);
+	}
+
+	msds_intid_struct = (struct samldb_msds_intid_persistant*) ldb_get_opaque(ldb, SAMLDB_MSDS_INTID_OPAQUE);
+	if (!msds_intid_struct) {
+		msds_intid_struct = talloc(ldb, struct samldb_msds_intid_persistant);
+		/* Generate new value for msDs-IntId
+		* Value should be in 0x80000000..0xBFFFFFFF range */
+		msds_intid = generate_random() % 0X3FFFFFFF;
+		msds_intid += 0x80000000;
+		msds_intid_struct->msds_intid = msds_intid;
+		DEBUG(2, ("No samldb_msds_intid_persistant struct, allocating a new one\n"));
+	} else {
+		msds_intid = msds_intid_struct->msds_intid;
+	}
+
+	/* probe id values until unique one is found */
+	do {
+		msds_intid++;
+		if (msds_intid > 0xBFFFFFFF) {
+			msds_intid = 0x80000001;
+		}
+		/*
+		 * We search in the schema if we have already this
+		 * intid (using dsdb_attribute_by_attributeID_id
+		 * because in the range 0x80000000 0xBFFFFFFF,
+		 * attributeID is a DSDB_ATTID_TYPE_INTID).
+		 *
+		 * If so generate another random value.
+		 *
+		 * We have to check the DB in case someone else has
+		 * modified the database while we are doing our
+		 * changes too (this case should be very very rare) in
+		 * order to be sure.
+		 */
+		if (dsdb_attribute_by_attributeID_id(schema, msds_intid)) {
+			id_exists = true;
+			msds_intid = generate_random() % 0X3FFFFFFF;
+			msds_intid += 0x80000000;
+			continue;
+		}
+
+
+		ret = dsdb_module_search(ac->module, ac,
+					 &ldb_res,
+					 schema_dn, LDB_SCOPE_ONELEVEL, NULL,
+					 DSDB_FLAG_NEXT_MODULE,
+					 ac->req,
+					 "(msDS-IntId=%d)", msds_intid);
+		if (ret != LDB_SUCCESS) {
+			ldb_debug_set(ldb, LDB_DEBUG_ERROR,
+				      __location__": Searching for msDS-IntId=%d failed - %s\n",
+				      msds_intid,
+				      ldb_errstring(ldb));
+			return ldb_operr(ldb);
+		}
+		id_exists = (ldb_res->count > 0);
+		talloc_free(ldb_res);
+
+	} while(id_exists);
+	msds_intid_struct->msds_intid = msds_intid;
+	ldb_set_opaque(ldb, SAMLDB_MSDS_INTID_OPAQUE, msds_intid_struct);
+
+	return samdb_msg_add_int(ldb, ac->msg, ac->msg, "msDS-IntId",
+				 msds_intid);
+}
+
+
+/*
+ * samldb_add_entry (async)
+ */
+
+static int samldb_add_entry_callback(struct ldb_request *req,
+					struct ldb_reply *ares)
+{
+	struct ldb_context *ldb;
+	struct samldb_ctx *ac;
+	int ret;
+
+	ac = talloc_get_type(req->context, struct samldb_ctx);
+	ldb = ldb_module_get_ctx(ac->module);
+
+	if (!ares) {
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+
+	if (ares->type == LDB_REPLY_REFERRAL) {
+		return ldb_module_send_referral(ac->req, ares->referral);
+	}
+
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+	if (ares->type != LDB_REPLY_DONE) {
+		ldb_asprintf_errstring(ldb, "Invalid LDB reply type %d", ares->type);
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+
+	/* The caller may wish to get controls back from the add */
+	ac->ares = talloc_steal(ac, ares);
+
+	ret = samldb_next_step(ac);
+	if (ret != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, NULL, NULL, ret);
+	}
+	return ret;
+}
+
+static int samldb_add_entry(struct samldb_ctx *ac)
+{
+	struct ldb_context *ldb;
+	struct ldb_request *req;
+	int ret;
+
+	ldb = ldb_module_get_ctx(ac->module);
+
+	ret = ldb_build_add_req(&req, ldb, ac,
+				ac->msg,
+				ac->req->controls,
+				ac, samldb_add_entry_callback,
+				ac->req);
+	LDB_REQ_SET_LOCATION(req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return ldb_next_request(ac->module, req);
+}
+
+/*
+ * return true if msg carries an attributeSchema that is intended to be RODC
+ * filtered but is also a system-critical attribute.
+ */
+static bool check_rodc_critical_attribute(struct ldb_message *msg)
+{
+	uint32_t schemaFlagsEx, searchFlags, rodc_filtered_flags;
+
+	schemaFlagsEx = ldb_msg_find_attr_as_uint(msg, "schemaFlagsEx", 0);
+	searchFlags = ldb_msg_find_attr_as_uint(msg, "searchFlags", 0);
+	rodc_filtered_flags = (SEARCH_FLAG_RODC_ATTRIBUTE
+			      | SEARCH_FLAG_CONFIDENTIAL);
+
+	if ((schemaFlagsEx & SCHEMA_FLAG_ATTR_IS_CRITICAL) &&
+		((searchFlags & rodc_filtered_flags) == rodc_filtered_flags)) {
+		return true;
+	} else {
+		return false;
+	}
+}
+
+
+static int samldb_fill_object(struct samldb_ctx *ac)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+	int ret;
+
+	/* Add information for the different account types */
+	switch(ac->type) {
+	case SAMLDB_TYPE_USER: {
+		struct ldb_control *rodc_control = ldb_request_get_control(ac->req,
+									   LDB_CONTROL_RODC_DCPROMO_OID);
+		if (rodc_control != NULL) {
+			/* see [MS-ADTS] 3.1.1.3.4.1.23 LDAP_SERVER_RODC_DCPROMO_OID */
+			rodc_control->critical = false;
+			ret = samldb_add_step(ac, samldb_rodc_add);
+			if (ret != LDB_SUCCESS) return ret;
+		}
+
+		/* check if we have a valid sAMAccountName */
+		ret = samldb_add_step(ac, samldb_check_sAMAccountName);
+		if (ret != LDB_SUCCESS) return ret;
+
+		ret = samldb_add_step(ac, samldb_add_entry);
+		if (ret != LDB_SUCCESS) return ret;
+		break;
+	}
+
+	case SAMLDB_TYPE_GROUP: {
+		/* check if we have a valid sAMAccountName */
+		ret = samldb_add_step(ac, samldb_check_sAMAccountName);
+		if (ret != LDB_SUCCESS) return ret;
+
+		ret = samldb_add_step(ac, samldb_add_entry);
+		if (ret != LDB_SUCCESS) return ret;
+		break;
+	}
+
+	case SAMLDB_TYPE_CLASS: {
+		const char *lDAPDisplayName = NULL;
+		const struct ldb_val *rdn_value, *def_obj_cat_val;
+		unsigned int v = ldb_msg_find_attr_as_uint(ac->msg, "objectClassCategory", -2);
+
+		/* As discussed with Microsoft through dochelp in April 2012 this is the behavior of windows*/
+		if (!ldb_msg_find_element(ac->msg, "subClassOf")) {
+			ret = ldb_msg_add_string(ac->msg, "subClassOf", "top");
+			if (ret != LDB_SUCCESS) return ret;
+		}
+
+		ret = samdb_find_or_add_attribute(ldb, ac->msg,
+						  "rdnAttId", "cn");
+		if (ret != LDB_SUCCESS) return ret;
+
+		/* do not allow one to mark an attributeSchema as RODC filtered if it
+		 * is system-critical */
+		if (check_rodc_critical_attribute(ac->msg)) {
+			ldb_asprintf_errstring(ldb, "Refusing schema add of %s - cannot combine critical class with RODC filtering",
+					       ldb_dn_get_linearized(ac->msg->dn));
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+
+		rdn_value = ldb_dn_get_rdn_val(ac->msg->dn);
+		if (rdn_value == NULL) {
+			return ldb_operr(ldb);
+		}
+		if (!ldb_msg_find_element(ac->msg, "lDAPDisplayName")) {
+			/* the RDN has prefix "CN" */
+			ret = ldb_msg_add_string(ac->msg, "lDAPDisplayName",
+				samdb_cn_to_lDAPDisplayName(ac->msg,
+							    (const char *) rdn_value->data));
+			if (ret != LDB_SUCCESS) {
+				ldb_oom(ldb);
+				return ret;
+			}
+		}
+
+		lDAPDisplayName = ldb_msg_find_attr_as_string(ac->msg,
+							      "lDAPDisplayName",
+							      NULL);
+		ret = ldb_valid_attr_name(lDAPDisplayName);
+		if (ret != 1 ||
+		    lDAPDisplayName[0] == '*' ||
+		    lDAPDisplayName[0] == '@')
+		{
+			return dsdb_module_werror(ac->module,
+						  LDB_ERR_UNWILLING_TO_PERFORM,
+						  WERR_DS_INVALID_LDAP_DISPLAY_NAME,
+						  "lDAPDisplayName is invalid");
+		}
+
+		if (!ldb_msg_find_element(ac->msg, "schemaIDGUID")) {
+			struct GUID guid;
+			/* a new GUID */
+			guid = GUID_random();
+			ret = dsdb_msg_add_guid(ac->msg, &guid, "schemaIDGUID");
+			if (ret != LDB_SUCCESS) {
+				ldb_oom(ldb);
+				return ret;
+			}
+		}
+
+		def_obj_cat_val = ldb_msg_find_ldb_val(ac->msg,
+						       "defaultObjectCategory");
+		if (def_obj_cat_val != NULL) {
+			/* "defaultObjectCategory" has been set by the caller.
+			 * Do some checks for consistency.
+			 * NOTE: The real constraint check (that
+			 * 'defaultObjectCategory' is the DN of the new
+			 * objectclass or any parent of it) is still incomplete.
+			 * For now we say that 'defaultObjectCategory' is valid
+			 * if it exists and it is of objectclass "classSchema".
+			 */
+			ac->dn = ldb_dn_from_ldb_val(ac, ldb, def_obj_cat_val);
+			if (ac->dn == NULL) {
+				ldb_set_errstring(ldb,
+						  "Invalid DN for 'defaultObjectCategory'!");
+				return LDB_ERR_CONSTRAINT_VIOLATION;
+			}
+		} else {
+			/* "defaultObjectCategory" has not been set by the
+			 * caller. Use the entry DN for it. */
+			ac->dn = ac->msg->dn;
+
+			ret = ldb_msg_add_string(ac->msg, "defaultObjectCategory",
+						 ldb_dn_alloc_linearized(ac->msg, ac->dn));
+			if (ret != LDB_SUCCESS) {
+				ldb_oom(ldb);
+				return ret;
+			}
+		}
+
+		ret = samldb_add_step(ac, samldb_add_entry);
+		if (ret != LDB_SUCCESS) return ret;
+
+		/* Now perform the checks for the 'defaultObjectCategory'. The
+		 * lookup DN was already saved in "ac->dn" */
+		ret = samldb_add_step(ac, samldb_find_for_defaultObjectCategory);
+		if (ret != LDB_SUCCESS) return ret;
+
+		/* -2 is not a valid objectClassCategory so it means the attribute wasn't present */
+		if (v == -2) {
+			/* Windows 2003 does this*/
+			ret = samdb_msg_add_uint(ldb, ac->msg, ac->msg, "objectClassCategory", 0);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+		}
+		break;
+	}
+
+	case SAMLDB_TYPE_ATTRIBUTE: {
+		const char *lDAPDisplayName = NULL;
+		const struct ldb_val *rdn_value;
+		struct ldb_message_element *el;
+		rdn_value = ldb_dn_get_rdn_val(ac->msg->dn);
+		if (rdn_value == NULL) {
+			return ldb_operr(ldb);
+		}
+		if (!ldb_msg_find_element(ac->msg, "lDAPDisplayName")) {
+			/* the RDN has prefix "CN" */
+			ret = ldb_msg_add_string(ac->msg, "lDAPDisplayName",
+				samdb_cn_to_lDAPDisplayName(ac->msg,
+							    (const char *) rdn_value->data));
+			if (ret != LDB_SUCCESS) {
+				ldb_oom(ldb);
+				return ret;
+			}
+		}
+
+		lDAPDisplayName = ldb_msg_find_attr_as_string(ac->msg,
+							      "lDAPDisplayName",
+							      NULL);
+		ret = ldb_valid_attr_name(lDAPDisplayName);
+		if (ret != 1 ||
+		    lDAPDisplayName[0] == '*' ||
+		    lDAPDisplayName[0] == '@')
+		{
+			return dsdb_module_werror(ac->module,
+						  LDB_ERR_UNWILLING_TO_PERFORM,
+						  WERR_DS_INVALID_LDAP_DISPLAY_NAME,
+						  "lDAPDisplayName is invalid");
+		}
+
+		/* do not allow one to mark an attributeSchema as RODC filtered if it
+		 * is system-critical */
+		if (check_rodc_critical_attribute(ac->msg)) {
+			ldb_asprintf_errstring(ldb,
+					       "samldb: refusing schema add of %s - cannot combine critical attribute with RODC filtering",
+					       ldb_dn_get_linearized(ac->msg->dn));
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+
+		ret = samdb_find_or_add_attribute(ldb, ac->msg,
+						  "isSingleValued", "FALSE");
+		if (ret != LDB_SUCCESS) return ret;
+
+		if (!ldb_msg_find_element(ac->msg, "schemaIDGUID")) {
+			struct GUID guid;
+			/* a new GUID */
+			guid = GUID_random();
+			ret = dsdb_msg_add_guid(ac->msg, &guid, "schemaIDGUID");
+			if (ret != LDB_SUCCESS) {
+				ldb_oom(ldb);
+				return ret;
+			}
+		}
+
+		el = ldb_msg_find_element(ac->msg, "attributeSyntax");
+		if (el) {
+			/*
+			 * No need to scream if there isn't as we have code later on
+			 * that will take care of it.
+			 */
+			const struct dsdb_syntax *syntax = find_syntax_map_by_ad_oid((const char *)el->values[0].data);
+			if (!syntax) {
+				DEBUG(9, ("Can't find dsdb_syntax object for attributeSyntax %s\n",
+						(const char *)el->values[0].data));
+			} else {
+				unsigned int v = ldb_msg_find_attr_as_uint(ac->msg, "oMSyntax", 0);
+				const struct ldb_val *val = ldb_msg_find_ldb_val(ac->msg, "oMObjectClass");
+
+				if (v == 0) {
+					ret = samdb_msg_add_uint(ldb, ac->msg, ac->msg, "oMSyntax", syntax->oMSyntax);
+					if (ret != LDB_SUCCESS) {
+						return ret;
+					}
+				}
+				if (!val) {
+					struct ldb_val val2 = ldb_val_dup(ldb, &syntax->oMObjectClass);
+					if (val2.length > 0) {
+						ret = ldb_msg_add_value(ac->msg, "oMObjectClass", &val2, NULL);
+						if (ret != LDB_SUCCESS) {
+							return ret;
+						}
+					}
+				}
+			}
+		}
+
+		/* handle msDS-IntID attribute */
+		ret = samldb_add_handle_msDS_IntId(ac);
+		if (ret != LDB_SUCCESS) return ret;
+
+		ret = samldb_add_step(ac, samldb_add_entry);
+		if (ret != LDB_SUCCESS) return ret;
+		break;
+	}
+
+	default:
+		ldb_asprintf_errstring(ldb, "Invalid entry type!");
+		return LDB_ERR_OPERATIONS_ERROR;
+		break;
+	}
+
+	return samldb_first_step(ac);
+}
+
+static int samldb_fill_foreignSecurityPrincipal_object(struct samldb_ctx *ac)
+{
+	struct ldb_context *ldb = NULL;
+	const struct ldb_val *rdn_value = NULL;
+	struct ldb_message_element *sid_el = NULL;
+	struct dom_sid *sid = NULL;
+	struct ldb_control *as_system = NULL;
+	struct ldb_control *provision = NULL;
+	bool allowed = false;
+	int ret;
+
+	ldb = ldb_module_get_ctx(ac->module);
+
+	as_system = ldb_request_get_control(ac->req, LDB_CONTROL_AS_SYSTEM_OID);
+	if (as_system != NULL) {
+		allowed = true;
+	}
+
+	provision = ldb_request_get_control(ac->req, LDB_CONTROL_PROVISION_OID);
+	if (provision != NULL) {
+		allowed = true;
+	}
+
+	sid_el = ldb_msg_find_element(ac->msg, "objectSid");
+
+	if (!allowed && sid_el == NULL) {
+		return dsdb_module_werror(ac->module,
+				LDB_ERR_OBJECT_CLASS_VIOLATION,
+				WERR_DS_MISSING_REQUIRED_ATT,
+				"objectSid missing on foreignSecurityPrincipal");
+	}
+
+	if (!allowed) {
+		return dsdb_module_werror(ac->module,
+				LDB_ERR_UNWILLING_TO_PERFORM,
+				WERR_DS_ILLEGAL_MOD_OPERATION,
+				"foreignSecurityPrincipal object not allowed");
+	}
+
+	if (sid_el != NULL) {
+		sid = samdb_result_dom_sid(ac->msg, ac->msg, "objectSid");
+		if (sid == NULL) {
+			ldb_set_errstring(ldb,
+					  "samldb: invalid objectSid!");
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+	}
+
+	if (sid == NULL) {
+		rdn_value = ldb_dn_get_rdn_val(ac->msg->dn);
+		if (rdn_value == NULL) {
+			return ldb_operr(ldb);
+		}
+		sid = dom_sid_parse_talloc(ac->msg,
+					   (const char *)rdn_value->data);
+		if (sid == NULL) {
+			ldb_set_errstring(ldb,
+					  "samldb: No valid SID found in ForeignSecurityPrincipal CN!");
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+		if (! samldb_msg_add_sid(ac->msg, "objectSid", sid)) {
+			return ldb_operr(ldb);
+		}
+	}
+
+	/* finally proceed with adding the entry */
+	ret = samldb_add_step(ac, samldb_add_entry);
+	if (ret != LDB_SUCCESS) return ret;
+
+	return samldb_first_step(ac);
+}
+
+static int samldb_schema_info_update(struct samldb_ctx *ac)
+{
+	int ret;
+	struct ldb_context *ldb;
+	struct dsdb_schema *schema;
+
+	/* replicated update should always go through */
+	if (ldb_request_get_control(ac->req,
+				    DSDB_CONTROL_REPLICATED_UPDATE_OID)) {
+		return LDB_SUCCESS;
+	}
+
+	/* do not update schemaInfo during provisioning */
+	if (ldb_request_get_control(ac->req, LDB_CONTROL_PROVISION_OID)) {
+		return LDB_SUCCESS;
+	}
+
+	ldb = ldb_module_get_ctx(ac->module);
+	schema = dsdb_get_schema(ldb, NULL);
+	if (!schema) {
+		ldb_debug_set(ldb, LDB_DEBUG_FATAL,
+			      "samldb_schema_info_update: no dsdb_schema loaded");
+		DEBUG(0,(__location__ ": %s\n", ldb_errstring(ldb)));
+		return ldb_operr(ldb);
+	}
+
+	ret = dsdb_module_schema_info_update(ac->module, schema,
+					     DSDB_FLAG_NEXT_MODULE|
+					     DSDB_FLAG_AS_SYSTEM,
+					     ac->req);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb,
+				       "samldb_schema_info_update: dsdb_module_schema_info_update failed with %s",
+				       ldb_errstring(ldb));
+		return ret;
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int samldb_prim_group_tester(struct samldb_ctx *ac, uint32_t rid);
+static int samldb_check_user_account_control_rules(struct samldb_ctx *ac,
+						   struct dom_sid *sid,
+						   uint32_t req_uac,
+						   uint32_t user_account_control,
+						   uint32_t user_account_control_old,
+						   bool is_computer_objectclass);
+
+/*
+ * "Objectclass" trigger (MS-SAMR 3.1.1.8.1)
+ *
+ * Has to be invoked on "add" operations on "user", "computer" and
+ * "group" objects.
+ * ac->msg contains the "add"
+ * ac->type contains the object type (main objectclass)
+ */
+static int samldb_objectclass_trigger(struct samldb_ctx *ac)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+	void *skip_allocate_sids = ldb_get_opaque(ldb,
+						  "skip_allocate_sids");
+	struct ldb_message_element *el;
+	struct dom_sid *sid;
+	int ret;
+
+	/* make sure that "sAMAccountType" is not specified */
+	el = ldb_msg_find_element(ac->msg, "sAMAccountType");
+	if (el != NULL) {
+		ldb_set_errstring(ldb,
+				  "samldb: sAMAccountType must not be specified!");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	/* Step 1: objectSid assignment */
+
+	/* Don't allow the objectSid to be changed. But beside the RELAX
+	 * control we have also to guarantee that it can always be set with
+	 * SYSTEM permissions. This is needed for the "samba3sam" backend. */
+	sid = samdb_result_dom_sid(ac, ac->msg, "objectSid");
+	if ((sid != NULL) && (!dsdb_module_am_system(ac->module)) &&
+	    (ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID) == NULL)) {
+		ldb_set_errstring(ldb,
+				  "samldb: objectSid must not be specified!");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	/* but generate a new SID when we do have an add operations */
+	if ((sid == NULL) && (ac->req->operation == LDB_ADD) && !skip_allocate_sids) {
+		ret = samldb_add_step(ac, samldb_allocate_sid);
+		if (ret != LDB_SUCCESS) return ret;
+	}
+
+	switch(ac->type) {
+	case SAMLDB_TYPE_USER: {
+		uint32_t raw_uac;
+		uint32_t user_account_control;
+		bool is_computer_objectclass;
+		bool uac_generated = false, uac_add_flags = false;
+		uint32_t default_user_account_control = UF_NORMAL_ACCOUNT;
+		/* Step 1.2: Default values */
+		ret = dsdb_user_obj_set_defaults(ldb, ac->msg, ac->req);
+		if (ret != LDB_SUCCESS) return ret;
+
+		is_computer_objectclass
+			= (samdb_find_attribute(ldb,
+						 ac->msg,
+						"objectclass",
+						"computer")
+			   != NULL);
+
+		if (is_computer_objectclass) {
+			default_user_account_control
+				= UF_WORKSTATION_TRUST_ACCOUNT;
+		}
+
+
+		/* On add operations we might need to generate a
+		 * "userAccountControl" (if it isn't specified). */
+		el = ldb_msg_find_element(ac->msg, "userAccountControl");
+		if (el == NULL) {
+			ret = samdb_msg_set_uint(ldb, ac->msg, ac->msg,
+						 "userAccountControl",
+						 default_user_account_control);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+			uac_generated = true;
+			uac_add_flags = true;
+		}
+
+		el = ldb_msg_find_element(ac->msg, "userAccountControl");
+		SMB_ASSERT(el != NULL);
+
+		/* Step 1.3: "userAccountControl" -> "sAMAccountType" mapping */
+		user_account_control = ldb_msg_find_attr_as_uint(ac->msg,
+								 "userAccountControl",
+								 0);
+		raw_uac = user_account_control;
+		/*
+		 * "userAccountControl" = 0 or missing one of
+		 * the types means "UF_NORMAL_ACCOUNT"
+		 * or "UF_WORKSTATION_TRUST_ACCOUNT" (if a computer).
+		 * See MS-SAMR 3.1.1.8.10 point 8
+		 */
+		if ((user_account_control & UF_ACCOUNT_TYPE_MASK) == 0) {
+			user_account_control
+				= default_user_account_control
+				| user_account_control;
+			uac_generated = true;
+		}
+
+		/*
+		 * As per MS-SAMR 3.1.1.8.10 these flags have not to be set
+		 */
+		if ((user_account_control & UF_LOCKOUT) != 0) {
+			user_account_control &= ~UF_LOCKOUT;
+			uac_generated = true;
+		}
+		if ((user_account_control & UF_PASSWORD_EXPIRED) != 0) {
+			user_account_control &= ~UF_PASSWORD_EXPIRED;
+			uac_generated = true;
+		}
+
+		ret = samldb_check_user_account_control_rules(ac, NULL,
+							      raw_uac,
+							      user_account_control,
+							      0,
+							      is_computer_objectclass);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		/*
+		 * Require, for non-admin modifications, a trailing $
+		 * for either objectclass=computer or a trust account
+		 * type in userAccountControl
+		 */
+		if ((user_account_control
+		     & UF_TRUST_ACCOUNT_MASK) != 0) {
+			ac->need_trailing_dollar = true;
+		}
+
+		if (is_computer_objectclass) {
+			ac->need_trailing_dollar = true;
+		}
+
+		/* add "sAMAccountType" attribute */
+		ret = dsdb_user_obj_set_account_type(ldb, ac->msg, user_account_control, NULL);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		/* "isCriticalSystemObject" might be set */
+		if (user_account_control &
+		    (UF_SERVER_TRUST_ACCOUNT | UF_PARTIAL_SECRETS_ACCOUNT)) {
+			ret = ldb_msg_add_string_flags(ac->msg, "isCriticalSystemObject",
+						       "TRUE", LDB_FLAG_MOD_REPLACE);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+		} else if (user_account_control & UF_WORKSTATION_TRUST_ACCOUNT) {
+			ret = ldb_msg_add_string_flags(ac->msg, "isCriticalSystemObject",
+						       "FALSE", LDB_FLAG_MOD_REPLACE);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+		}
+
+		/* Step 1.4: "userAccountControl" -> "primaryGroupID" mapping */
+		if (!ldb_msg_find_element(ac->msg, "primaryGroupID")) {
+			uint32_t rid;
+
+			ret = dsdb_user_obj_set_primary_group_id(ldb, ac->msg, user_account_control, &rid);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+			/*
+			 * Older AD deployments don't know about the
+			 * RODC group
+			 */
+			if (rid == DOMAIN_RID_READONLY_DCS) {
+				ret = samldb_prim_group_tester(ac, rid);
+				if (ret != LDB_SUCCESS) {
+					return ret;
+				}
+			}
+		}
+
+		/* Step 1.5: Add additional flags when needed */
+		/* Obviously this is done when the "userAccountControl"
+		 * has been generated here (tested against Windows
+		 * Server) */
+		if (uac_generated) {
+			if (uac_add_flags) {
+				user_account_control |= UF_ACCOUNTDISABLE;
+				user_account_control |= UF_PASSWD_NOTREQD;
+			}
+
+			ret = samdb_msg_set_uint(ldb, ac->msg, ac->msg,
+						 "userAccountControl",
+						 user_account_control);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+		}
+		break;
+	}
+
+	case SAMLDB_TYPE_GROUP: {
+		const char *tempstr;
+
+		/* Step 2.2: Default values */
+		tempstr = talloc_asprintf(ac->msg, "%d",
+					  GTYPE_SECURITY_GLOBAL_GROUP);
+		if (tempstr == NULL) return ldb_operr(ldb);
+		ret = samdb_find_or_add_attribute(ldb, ac->msg,
+			"groupType", tempstr);
+		if (ret != LDB_SUCCESS) return ret;
+
+		/* Step 2.3: "groupType" -> "sAMAccountType" */
+		el = ldb_msg_find_element(ac->msg, "groupType");
+		if (el != NULL) {
+			uint32_t group_type, account_type;
+
+			group_type = ldb_msg_find_attr_as_uint(ac->msg,
+							       "groupType", 0);
+
+			/* The creation of builtin groups requires the
+			 * RELAX control */
+			if (group_type == GTYPE_SECURITY_BUILTIN_LOCAL_GROUP) {
+				if (ldb_request_get_control(ac->req,
+							    LDB_CONTROL_RELAX_OID) == NULL) {
+					return LDB_ERR_UNWILLING_TO_PERFORM;
+				}
+			}
+
+			account_type = ds_gtype2atype(group_type);
+			if (account_type == 0) {
+				ldb_set_errstring(ldb, "samldb: Unrecognized account type!");
+				return LDB_ERR_UNWILLING_TO_PERFORM;
+			}
+			ret = samdb_msg_add_uint_flags(ldb, ac->msg, ac->msg,
+						       "sAMAccountType",
+						       account_type,
+						       LDB_FLAG_MOD_REPLACE);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+		}
+		break;
+	}
+
+	default:
+		ldb_asprintf_errstring(ldb,
+				"Invalid entry type!");
+		return LDB_ERR_OPERATIONS_ERROR;
+		break;
+	}
+
+	return LDB_SUCCESS;
+}
+
+/*
+ * "Primary group ID" trigger (MS-SAMR 3.1.1.8.2)
+ *
+ * Has to be invoked on "add" and "modify" operations on "user" and "computer"
+ * objects.
+ * ac->msg contains the "add"/"modify" message
+ */
+
+static int samldb_prim_group_tester(struct samldb_ctx *ac, uint32_t rid)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+	struct dom_sid *sid;
+	struct ldb_result *res;
+	int ret;
+	const char * const noattrs[] = { NULL };
+
+	sid = dom_sid_add_rid(ac, samdb_domain_sid(ldb), rid);
+	if (sid == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	ret = dsdb_module_search(ac->module, ac, &res,
+				 ldb_get_default_basedn(ldb),
+				 LDB_SCOPE_SUBTREE,
+				 noattrs, DSDB_FLAG_NEXT_MODULE,
+				 ac->req,
+				 "(objectSid=%s)",
+				 ldap_encode_ndr_dom_sid(ac, sid));
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	if (res->count != 1) {
+		talloc_free(res);
+		ldb_asprintf_errstring(ldb,
+				       "Failed to find primary group with RID %u!",
+				       rid);
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+	talloc_free(res);
+
+	return LDB_SUCCESS;
+}
+
+static int samldb_prim_group_set(struct samldb_ctx *ac)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+	uint32_t rid;
+
+	rid = ldb_msg_find_attr_as_uint(ac->msg, "primaryGroupID", (uint32_t) -1);
+	if (rid == (uint32_t) -1) {
+		/* we aren't affected of any primary group set */
+		return LDB_SUCCESS;
+
+	} else if (!ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID)) {
+		ldb_set_errstring(ldb,
+				  "The primary group isn't settable on add operations!");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	return samldb_prim_group_tester(ac, rid);
+}
+
+static int samldb_prim_group_change(struct samldb_ctx *ac)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+	const char * const attrs[] = {
+		"primaryGroupID",
+		"memberOf",
+		"userAccountControl",
+		NULL };
+	struct ldb_result *res, *group_res;
+	struct ldb_message_element *el;
+	struct ldb_message *msg;
+	uint32_t search_flags =
+		DSDB_FLAG_NEXT_MODULE | DSDB_SEARCH_SHOW_EXTENDED_DN;
+	uint32_t prev_rid, new_rid, uac;
+	struct dom_sid *prev_sid, *new_sid;
+	struct ldb_dn *prev_prim_group_dn, *new_prim_group_dn;
+	const char *new_prim_group_dn_ext_str = NULL;
+	struct ldb_dn *user_dn = NULL;
+	const char *user_dn_ext_str = NULL;
+	int ret;
+	const char * const noattrs[] = { NULL };
+	const char * const group_type_attrs[] = { "groupType", NULL };
+	unsigned group_type;
+
+	ret = dsdb_get_expected_new_values(ac,
+					   ac->msg,
+					   "primaryGroupID",
+					   &el,
+					   ac->req->operation);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (el == NULL) {
+		/* we are not affected */
+		return LDB_SUCCESS;
+	}
+
+	/* Fetch information from the existing object */
+
+	ret = dsdb_module_search_dn(ac->module, ac, &res, ac->msg->dn, attrs,
+				    search_flags, ac->req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	user_dn = res->msgs[0]->dn;
+	user_dn_ext_str = ldb_dn_get_extended_linearized(ac, user_dn, 1);
+	if (user_dn_ext_str == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	uac = ldb_msg_find_attr_as_uint(res->msgs[0], "userAccountControl", 0);
+
+	/* Finds out the DN of the old primary group */
+
+	prev_rid = ldb_msg_find_attr_as_uint(res->msgs[0], "primaryGroupID",
+					     (uint32_t) -1);
+	if (prev_rid == (uint32_t) -1) {
+		/* User objects do always have a mandatory "primaryGroupID"
+		 * attribute. If this doesn't exist then the object is of the
+		 * wrong type. This is the exact Windows error code */
+		return LDB_ERR_OBJECT_CLASS_VIOLATION;
+	}
+
+	prev_sid = dom_sid_add_rid(ac, samdb_domain_sid(ldb), prev_rid);
+	if (prev_sid == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	/* Finds out the DN of the new primary group
+	 * Notice: in order to parse the primary group ID correctly we create
+	 * a temporary message here. */
+
+	msg = ldb_msg_new(ac->msg);
+	if (msg == NULL) {
+		return ldb_module_oom(ac->module);
+	}
+	ret = ldb_msg_add(msg, el, 0);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	new_rid = ldb_msg_find_attr_as_uint(msg, "primaryGroupID", (uint32_t) -1);
+	talloc_free(msg);
+	if (new_rid == (uint32_t) -1) {
+		/* we aren't affected of any primary group change */
+		return LDB_SUCCESS;
+	}
+
+	if (prev_rid == new_rid) {
+		return LDB_SUCCESS;
+	}
+
+	if ((uac & UF_SERVER_TRUST_ACCOUNT) && new_rid != DOMAIN_RID_DCS) {
+		ldb_asprintf_errstring(ldb,
+			"%08X: samldb: UF_SERVER_TRUST_ACCOUNT requires "
+			"primaryGroupID=%u!",
+			W_ERROR_V(WERR_DS_CANT_MOD_PRIMARYGROUPID),
+			DOMAIN_RID_DCS);
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	if ((uac & UF_PARTIAL_SECRETS_ACCOUNT) && new_rid != DOMAIN_RID_READONLY_DCS) {
+		ldb_asprintf_errstring(ldb,
+			"%08X: samldb: UF_PARTIAL_SECRETS_ACCOUNT requires "
+			"primaryGroupID=%u!",
+			W_ERROR_V(WERR_DS_CANT_MOD_PRIMARYGROUPID),
+			DOMAIN_RID_READONLY_DCS);
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	ret = dsdb_module_search(ac->module, ac, &group_res,
+				 ldb_get_default_basedn(ldb),
+				 LDB_SCOPE_SUBTREE,
+				 noattrs, search_flags,
+				 ac->req,
+				 "(objectSid=%s)",
+				 ldap_encode_ndr_dom_sid(ac, prev_sid));
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	if (group_res->count != 1) {
+		return ldb_operr(ldb);
+	}
+	prev_prim_group_dn = group_res->msgs[0]->dn;
+
+	new_sid = dom_sid_add_rid(ac, samdb_domain_sid(ldb), new_rid);
+	if (new_sid == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	ret = dsdb_module_search(ac->module, ac, &group_res,
+				 ldb_get_default_basedn(ldb),
+				 LDB_SCOPE_SUBTREE,
+				 group_type_attrs, search_flags,
+				 ac->req,
+				 "(objectSid=%s)",
+				 ldap_encode_ndr_dom_sid(ac, new_sid));
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	if (group_res->count != 1) {
+		/* Here we know if the specified new primary group candidate is
+		 * valid or not. */
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+	new_prim_group_dn = group_res->msgs[0]->dn;
+
+	/* The new primary group must not be domain-local. */
+	group_type = ldb_msg_find_attr_as_uint(group_res->msgs[0], "groupType", 0);
+	if (group_type & GROUP_TYPE_RESOURCE_GROUP) {
+		return dsdb_module_werror(ac->module,
+					  LDB_ERR_UNWILLING_TO_PERFORM,
+					  WERR_MEMBER_NOT_IN_GROUP,
+					  "may not set resource group as primary group!");
+	}
+
+	new_prim_group_dn_ext_str = ldb_dn_get_extended_linearized(ac,
+							new_prim_group_dn, 1);
+	if (new_prim_group_dn_ext_str == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	/* We need to be already a normal member of the new primary
+	 * group in order to be successful. */
+	el = samdb_find_attribute(ldb, res->msgs[0], "memberOf",
+				  new_prim_group_dn_ext_str);
+	if (el == NULL) {
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	/* Remove the "member" attribute on the new primary group */
+	msg = ldb_msg_new(ac->msg);
+	if (msg == NULL) {
+		return ldb_module_oom(ac->module);
+	}
+	msg->dn = new_prim_group_dn;
+
+	ret = samdb_msg_add_delval(ldb, msg, msg, "member", user_dn_ext_str);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = dsdb_module_modify(ac->module, msg, DSDB_FLAG_NEXT_MODULE, ac->req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	talloc_free(msg);
+
+	/* Add a "member" attribute for the previous primary group */
+	msg = ldb_msg_new(ac->msg);
+	if (msg == NULL) {
+		return ldb_module_oom(ac->module);
+	}
+	msg->dn = prev_prim_group_dn;
+
+	ret = samdb_msg_add_addval(ldb, msg, msg, "member", user_dn_ext_str);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = dsdb_module_modify(ac->module, msg, DSDB_FLAG_NEXT_MODULE, ac->req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	talloc_free(msg);
+
+	return LDB_SUCCESS;
+}
+
+static int samldb_prim_group_trigger(struct samldb_ctx *ac)
+{
+	int ret;
+
+	if (ac->req->operation == LDB_ADD) {
+		ret = samldb_prim_group_set(ac);
+	} else {
+		ret = samldb_prim_group_change(ac);
+	}
+
+	return ret;
+}
+
+static int samldb_check_user_account_control_invariants(struct samldb_ctx *ac,
+						    uint32_t user_account_control)
+{
+	size_t i;
+	int ret = 0;
+	bool need_check = false;
+	const struct uac_to_guid {
+		uint32_t uac;
+		bool never;
+		uint32_t needs;
+		uint32_t not_with;
+		const char *error_string;
+	} map[] = {
+		{
+			.uac = UF_TEMP_DUPLICATE_ACCOUNT,
+			.never = true,
+			.error_string = "Updating the UF_TEMP_DUPLICATE_ACCOUNT flag is never allowed"
+		},
+		{
+			.uac = UF_PARTIAL_SECRETS_ACCOUNT,
+			.needs = UF_WORKSTATION_TRUST_ACCOUNT,
+			.error_string = "Setting UF_PARTIAL_SECRETS_ACCOUNT only permitted with UF_WORKSTATION_TRUST_ACCOUNT"
+		},
+		{
+			.uac = UF_TRUSTED_FOR_DELEGATION,
+			.not_with = UF_PARTIAL_SECRETS_ACCOUNT,
+			.error_string = "Setting UF_TRUSTED_FOR_DELEGATION not allowed with UF_PARTIAL_SECRETS_ACCOUNT"
+		},
+		{
+			.uac = UF_NORMAL_ACCOUNT,
+			.not_with = UF_ACCOUNT_TYPE_MASK & ~UF_NORMAL_ACCOUNT,
+			.error_string = "Setting more than one account type not permitted"
+		},
+		{
+			.uac = UF_WORKSTATION_TRUST_ACCOUNT,
+			.not_with = UF_ACCOUNT_TYPE_MASK & ~UF_WORKSTATION_TRUST_ACCOUNT,
+			.error_string = "Setting more than one account type not permitted"
+		},
+		{
+			.uac = UF_INTERDOMAIN_TRUST_ACCOUNT,
+			.not_with = UF_ACCOUNT_TYPE_MASK & ~UF_INTERDOMAIN_TRUST_ACCOUNT,
+			.error_string = "Setting more than one account type not permitted"
+		},
+		{
+			.uac = UF_SERVER_TRUST_ACCOUNT,
+			.not_with = UF_ACCOUNT_TYPE_MASK & ~UF_SERVER_TRUST_ACCOUNT,
+			.error_string = "Setting more than one account type not permitted"
+		},
+		{
+			.uac = UF_TRUSTED_FOR_DELEGATION,
+			.not_with = UF_PARTIAL_SECRETS_ACCOUNT,
+			.error_string = "Setting UF_TRUSTED_FOR_DELEGATION not allowed with UF_PARTIAL_SECRETS_ACCOUNT"
+		}
+	};
+
+	for (i = 0; i < ARRAY_SIZE(map); i++) {
+		if (user_account_control & map[i].uac) {
+			need_check = true;
+			break;
+		}
+	}
+	if (need_check == false) {
+		return LDB_SUCCESS;
+	}
+
+	for (i = 0; i < ARRAY_SIZE(map); i++) {
+		uint32_t this_uac = user_account_control & map[i].uac;
+		if (this_uac != 0) {
+			if (map[i].never) {
+				ret = LDB_ERR_OTHER;
+				break;
+			} else if (map[i].needs != 0) {
+				if ((map[i].needs & user_account_control) == 0) {
+					ret = LDB_ERR_OTHER;
+					break;
+				}
+			} else if (map[i].not_with != 0) {
+				if ((map[i].not_with & user_account_control) != 0) {
+					ret = LDB_ERR_OTHER;
+					break;
+				}
+			}
+		}
+	}
+	if (ret != LDB_SUCCESS) {
+		switch (ac->req->operation) {
+		case LDB_ADD:
+			ldb_asprintf_errstring(ldb_module_get_ctx(ac->module),
+					       "Failed to add %s: %s",
+					       ldb_dn_get_linearized(ac->msg->dn),
+					       map[i].error_string);
+			break;
+		case LDB_MODIFY:
+			ldb_asprintf_errstring(ldb_module_get_ctx(ac->module),
+					       "Failed to modify %s: %s",
+					       ldb_dn_get_linearized(ac->msg->dn),
+					       map[i].error_string);
+			break;
+		default:
+			return ldb_module_operr(ac->module);
+		}
+	}
+	return ret;
+}
+
+/*
+ * It would be best if these rules apply, always, but for now they
+ * apply only to non-admins
+ */
+static int samldb_check_user_account_control_objectclass_invariants(
+	struct samldb_ctx *ac,
+	uint32_t user_account_control,
+	uint32_t user_account_control_old,
+	bool is_computer_objectclass)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+
+	uint32_t old_ufa = user_account_control_old & UF_ACCOUNT_TYPE_MASK;
+	uint32_t new_ufa = user_account_control & UF_ACCOUNT_TYPE_MASK;
+
+	uint32_t old_rodc = user_account_control_old & UF_PARTIAL_SECRETS_ACCOUNT;
+	uint32_t new_rodc = user_account_control & UF_PARTIAL_SECRETS_ACCOUNT;
+
+	bool is_admin;
+	struct security_token *user_token
+		= acl_user_token(ac->module);
+	if (user_token == NULL) {
+		return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
+	}
+
+	is_admin
+		= security_token_has_builtin_administrators(user_token);
+
+
+	/*
+	 * We want to allow changes to (eg) disable an account
+	 * that was created wrong, only checking the
+	 * objectclass if the account type changes.
+	 */
+	if (old_ufa == new_ufa && old_rodc == new_rodc) {
+		return LDB_SUCCESS;
+	}
+
+	switch (new_ufa) {
+	case UF_NORMAL_ACCOUNT:
+		if (is_computer_objectclass && !is_admin) {
+			ldb_asprintf_errstring(ldb,
+				"%08X: samldb: UF_NORMAL_ACCOUNT "
+				"requires objectclass 'user' not 'computer'!",
+				W_ERROR_V(WERR_DS_MACHINE_ACCOUNT_CREATED_PRENT4));
+			return LDB_ERR_OBJECT_CLASS_VIOLATION;
+		}
+		break;
+
+	case UF_INTERDOMAIN_TRUST_ACCOUNT:
+		if (is_computer_objectclass) {
+			ldb_asprintf_errstring(ldb,
+				"%08X: samldb: UF_INTERDOMAIN_TRUST_ACCOUNT "
+				"requires objectclass 'user' not 'computer'!",
+				W_ERROR_V(WERR_DS_MACHINE_ACCOUNT_CREATED_PRENT4));
+			return LDB_ERR_OBJECT_CLASS_VIOLATION;
+		}
+		break;
+
+	case UF_WORKSTATION_TRUST_ACCOUNT:
+		if (!is_computer_objectclass) {
+			/*
+			 * Modify of a user account account into a
+			 * workstation without objectclass computer
+			 * as an admin is still permitted, but not
+			 * to make an RODC
+			 */
+			if (is_admin
+			    && ac->req->operation == LDB_MODIFY
+			    && new_rodc == 0) {
+				break;
+			}
+			ldb_asprintf_errstring(ldb,
+				"%08X: samldb: UF_WORKSTATION_TRUST_ACCOUNT "
+				"requires objectclass 'computer'!",
+				W_ERROR_V(WERR_DS_MACHINE_ACCOUNT_CREATED_PRENT4));
+			return LDB_ERR_OBJECT_CLASS_VIOLATION;
+		}
+		break;
+
+	case UF_SERVER_TRUST_ACCOUNT:
+		if (!is_computer_objectclass) {
+			ldb_asprintf_errstring(ldb,
+				"%08X: samldb: UF_SERVER_TRUST_ACCOUNT "
+				"requires objectclass 'computer'!",
+				W_ERROR_V(WERR_DS_MACHINE_ACCOUNT_CREATED_PRENT4));
+			return LDB_ERR_OBJECT_CLASS_VIOLATION;
+		}
+		break;
+
+	default:
+		ldb_asprintf_errstring(ldb,
+			"%08X: samldb: invalid userAccountControl[0x%08X]",
+			W_ERROR_V(WERR_INVALID_PARAMETER),
+				       user_account_control);
+		return LDB_ERR_OTHER;
+	}
+	return LDB_SUCCESS;
+}
+
+static int samldb_get_domain_secdesc_and_oc(struct samldb_ctx *ac,
+					    struct security_descriptor **domain_sd,
+					    const struct dsdb_class **objectclass)
+{
+	const char * const sd_attrs[] = {"ntSecurityDescriptor", "objectClass", NULL};
+	struct ldb_result *res;
+	struct ldb_dn *domain_dn = ldb_get_default_basedn(ldb_module_get_ctx(ac->module));
+	const struct dsdb_schema *schema = NULL;
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+	int ret = dsdb_module_search_dn(ac->module, ac, &res,
+					domain_dn,
+					sd_attrs,
+					DSDB_FLAG_NEXT_MODULE | DSDB_SEARCH_SHOW_DELETED,
+					ac->req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	if (res->count != 1) {
+		return ldb_module_operr(ac->module);
+	}
+
+	schema = dsdb_get_schema(ldb, ac->req);
+	if (!schema) {
+		return ldb_module_operr(ac->module);;
+	}
+	*objectclass = dsdb_get_structural_oc_from_msg(schema, res->msgs[0]);
+	return dsdb_get_sd_from_ldb_message(ldb_module_get_ctx(ac->module),
+					    ac, res->msgs[0], domain_sd);
+
+}
+
+/**
+ * Validate that the restriction in point 5 of MS-SAMR 3.1.1.8.10 userAccountControl is honoured
+ *
+ */
+static int samldb_check_user_account_control_acl(struct samldb_ctx *ac,
+						 struct dom_sid *sid,
+						 uint32_t user_account_control,
+						 uint32_t user_account_control_old)
+{
+	size_t i;
+	int ret = 0;
+	bool need_acl_check = false;
+	struct security_token *user_token;
+	struct security_descriptor *domain_sd;
+	const struct dsdb_class *objectclass = NULL;
+	const struct uac_to_guid {
+		uint32_t uac;
+		uint32_t priv_to_change_from;
+		const char *oid;
+		const char *guid;
+		enum sec_privilege privilege;
+		bool delete_is_privileged;
+		bool admin_required;
+		const char *error_string;
+	} map[] = {
+		{
+			.uac = UF_PASSWD_NOTREQD,
+			.guid = GUID_DRS_UPDATE_PASSWORD_NOT_REQUIRED_BIT,
+			.error_string = "Adding the UF_PASSWD_NOTREQD bit in userAccountControl requires the Update-Password-Not-Required-Bit right that was not given on the Domain object"
+		},
+		{
+			.uac = UF_DONT_EXPIRE_PASSWD,
+			.guid = GUID_DRS_UNEXPIRE_PASSWORD,
+			.error_string = "Adding the UF_DONT_EXPIRE_PASSWD bit in userAccountControl requires the Unexpire-Password right that was not given on the Domain object"
+		},
+		{
+			.uac = UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED,
+			.guid = GUID_DRS_ENABLE_PER_USER_REVERSIBLY_ENCRYPTED_PASSWORD,
+			.error_string = "Adding the UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED bit in userAccountControl requires the Enable-Per-User-Reversibly-Encrypted-Password right that was not given on the Domain object"
+		},
+		{
+			.uac = UF_SERVER_TRUST_ACCOUNT,
+			.guid = GUID_DRS_DS_INSTALL_REPLICA,
+			.error_string = "Adding the UF_SERVER_TRUST_ACCOUNT bit in userAccountControl requires the DS-Install-Replica right that was not given on the Domain object"
+		},
+		{
+			.uac = UF_PARTIAL_SECRETS_ACCOUNT,
+			.guid = GUID_DRS_DS_INSTALL_REPLICA,
+			.error_string = "Adding the UF_PARTIAL_SECRETS_ACCOUNT bit in userAccountControl requires the DS-Install-Replica right that was not given on the Domain object"
+		},
+		{
+			.uac = UF_WORKSTATION_TRUST_ACCOUNT,
+			.priv_to_change_from = UF_NORMAL_ACCOUNT,
+			.error_string = "Swapping UF_NORMAL_ACCOUNT to UF_WORKSTATION_TRUST_ACCOUNT requires the user to be a member of the domain admins group"
+		},
+		{
+			.uac = UF_NORMAL_ACCOUNT,
+			.priv_to_change_from = UF_WORKSTATION_TRUST_ACCOUNT,
+			.error_string = "Swapping UF_WORKSTATION_TRUST_ACCOUNT to UF_NORMAL_ACCOUNT requires the user to be a member of the domain admins group"
+		},
+		{
+			.uac = UF_INTERDOMAIN_TRUST_ACCOUNT,
+			.oid = DSDB_CONTROL_PERMIT_INTERDOMAIN_TRUST_UAC_OID,
+			.error_string = "Updating the UF_INTERDOMAIN_TRUST_ACCOUNT bit in userAccountControl is not permitted over LDAP.  This bit is restricted to the LSA CreateTrustedDomain interface",
+			.delete_is_privileged = true
+		},
+		{
+			.uac = UF_TRUSTED_FOR_DELEGATION,
+			.privilege = SEC_PRIV_ENABLE_DELEGATION,
+			.delete_is_privileged = true,
+			.error_string = "Updating the UF_TRUSTED_FOR_DELEGATION bit in userAccountControl is not permitted without the SeEnableDelegationPrivilege"
+		},
+		{
+			.uac = UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION,
+			.privilege = SEC_PRIV_ENABLE_DELEGATION,
+			.delete_is_privileged = true,
+			.error_string = "Updating the UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION bit in userAccountControl is not permitted without the SeEnableDelegationPrivilege"
+		}
+
+	};
+
+	if (dsdb_module_am_system(ac->module)) {
+		return LDB_SUCCESS;
+	}
+
+	for (i = 0; i < ARRAY_SIZE(map); i++) {
+		if (user_account_control & map[i].uac) {
+			need_acl_check = true;
+			break;
+		}
+	}
+	if (need_acl_check == false) {
+		return LDB_SUCCESS;
+	}
+
+	user_token = acl_user_token(ac->module);
+	if (user_token == NULL) {
+		return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
+	}
+
+	ret = samldb_get_domain_secdesc_and_oc(ac, &domain_sd, &objectclass);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	for (i = 0; i < ARRAY_SIZE(map); i++) {
+		uint32_t this_uac_new = user_account_control & map[i].uac;
+		uint32_t this_uac_old = user_account_control_old & map[i].uac;
+		if (this_uac_new != this_uac_old) {
+			if (this_uac_old != 0) {
+				if (map[i].delete_is_privileged == false) {
+					continue;
+				}
+			}
+			if (map[i].oid) {
+				struct ldb_control *control = ldb_request_get_control(ac->req, map[i].oid);
+				if (control == NULL) {
+					ret = LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
+				}
+			} else if (map[i].privilege != SEC_PRIV_INVALID) {
+				bool have_priv = security_token_has_privilege(user_token,
+									      map[i].privilege);
+				if (have_priv == false) {
+					ret = LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
+				}
+			} else if (map[i].priv_to_change_from & user_account_control_old) {
+				bool is_admin = security_token_has_builtin_administrators(user_token);
+				if (is_admin == false) {
+					ret = LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
+				}
+			} else if (map[i].guid) {
+				ret = acl_check_extended_right(ac,
+							       ac->module,
+							       ac->req,
+							       objectclass,
+							       domain_sd,
+							       user_token,
+							       map[i].guid,
+							       SEC_ADS_CONTROL_ACCESS,
+							       sid);
+			} else {
+				ret = LDB_SUCCESS;
+			}
+			if (ret != LDB_SUCCESS) {
+				break;
+			}
+		}
+	}
+	if (ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS) {
+		switch (ac->req->operation) {
+		case LDB_ADD:
+			ldb_asprintf_errstring(ldb_module_get_ctx(ac->module),
+					       "Failed to add %s: %s",
+					       ldb_dn_get_linearized(ac->msg->dn),
+					       map[i].error_string);
+			break;
+		case LDB_MODIFY:
+			ldb_asprintf_errstring(ldb_module_get_ctx(ac->module),
+					       "Failed to modify %s: %s",
+					       ldb_dn_get_linearized(ac->msg->dn),
+					       map[i].error_string);
+			break;
+		default:
+			return ldb_module_operr(ac->module);
+		}
+		if (map[i].guid) {
+			struct ldb_dn *domain_dn
+				= ldb_get_default_basedn(ldb_module_get_ctx(ac->module));
+			dsdb_acl_debug(domain_sd, acl_user_token(ac->module),
+				       domain_dn,
+				       true,
+				       10);
+		}
+	}
+	return ret;
+}
+
+static int samldb_check_user_account_control_rules(struct samldb_ctx *ac,
+						   struct dom_sid *sid,
+						   uint32_t req_uac,
+						   uint32_t user_account_control,
+						   uint32_t user_account_control_old,
+						   bool is_computer_objectclass)
+{
+	int ret;
+	struct dsdb_control_password_user_account_control *uac = NULL;
+
+	ret = samldb_check_user_account_control_invariants(ac, user_account_control);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	ret = samldb_check_user_account_control_objectclass_invariants(ac,
+								       user_account_control,
+								       user_account_control_old,
+								       is_computer_objectclass);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = samldb_check_user_account_control_acl(ac, sid, user_account_control, user_account_control_old);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	uac = talloc_zero(ac->req,
+			  struct dsdb_control_password_user_account_control);
+	if (uac == NULL) {
+		return ldb_module_oom(ac->module);
+	}
+
+	uac->req_flags = req_uac;
+	uac->old_flags = user_account_control_old;
+	uac->new_flags = user_account_control;
+
+	ret = ldb_request_add_control(ac->req,
+				DSDB_CONTROL_PASSWORD_USER_ACCOUNT_CONTROL_OID,
+				false, uac);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return ret;
+}
+
+
+/**
+ * This function is called on LDB modify operations. It performs some additions/
+ * replaces on the current LDB message when "userAccountControl" changes.
+ */
+static int samldb_user_account_control_change(struct samldb_ctx *ac)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+	uint32_t old_uac;
+	uint32_t new_uac;
+	uint32_t raw_uac;
+	uint32_t old_ufa;
+	uint32_t new_ufa;
+	uint32_t old_uac_computed;
+	uint32_t clear_uac;
+	uint32_t old_atype;
+	uint32_t new_atype;
+	uint32_t old_pgrid;
+	uint32_t new_pgrid;
+	NTTIME old_lockoutTime;
+	struct ldb_message_element *el;
+	struct ldb_val *val;
+	struct ldb_val computer_val;
+	struct ldb_message *tmp_msg;
+	struct dom_sid *sid;
+	int ret;
+	struct ldb_result *res;
+	const char * const attrs[] = {
+		"objectClass",
+		"isCriticalSystemObject",
+		"userAccountControl",
+		"msDS-User-Account-Control-Computed",
+		"lockoutTime",
+		"objectSid",
+		NULL
+	};
+	bool is_computer_objectclass = false;
+	bool old_is_critical = false;
+	bool new_is_critical = false;
+
+	ret = dsdb_get_expected_new_values(ac,
+					   ac->msg,
+					   "userAccountControl",
+					   &el,
+					   ac->req->operation);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (el == NULL || el->num_values == 0) {
+		ldb_asprintf_errstring(ldb,
+			"%08X: samldb: 'userAccountControl' can't be deleted!",
+			W_ERROR_V(WERR_DS_ILLEGAL_MOD_OPERATION));
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	/* Create a temporary message for fetching the "userAccountControl" */
+	tmp_msg = ldb_msg_new(ac->msg);
+	if (tmp_msg == NULL) {
+		return ldb_module_oom(ac->module);
+	}
+	ret = ldb_msg_add(tmp_msg, el, 0);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	raw_uac = ldb_msg_find_attr_as_uint(tmp_msg,
+					    "userAccountControl",
+					    0);
+	talloc_free(tmp_msg);
+	/*
+	 * UF_LOCKOUT, UF_PASSWD_CANT_CHANGE and UF_PASSWORD_EXPIRED
+	 * are only generated and not stored. We ignore them almost
+	 * completely, along with unknown bits and UF_SCRIPT.
+	 *
+	 * The only exception is ACB_AUTOLOCK, which features in
+	 * clear_acb when the bit is cleared in this modify operation.
+	 *
+	 * MS-SAMR 2.2.1.13 UF_FLAG Codes states that some bits are
+	 * ignored by clients and servers
+	 */
+	new_uac = raw_uac & UF_SETTABLE_BITS;
+
+	/* Fetch the old "userAccountControl" and "objectClass" */
+	ret = dsdb_module_search_dn(ac->module, ac, &res, ac->msg->dn, attrs,
+				    DSDB_FLAG_NEXT_MODULE, ac->req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	old_uac = ldb_msg_find_attr_as_uint(res->msgs[0], "userAccountControl", 0);
+	if (old_uac == 0) {
+		return ldb_operr(ldb);
+	}
+	old_uac_computed = ldb_msg_find_attr_as_uint(res->msgs[0],
+						     "msDS-User-Account-Control-Computed", 0);
+	old_lockoutTime = ldb_msg_find_attr_as_int64(res->msgs[0],
+						     "lockoutTime", 0);
+	old_is_critical = ldb_msg_find_attr_as_bool(res->msgs[0],
+						    "isCriticalSystemObject", 0);
+	/*
+	 * When we do not have objectclass "computer" we cannot
+	 * switch to a workstation or (RO)DC
+	 */
+	el = ldb_msg_find_element(res->msgs[0], "objectClass");
+	if (el == NULL) {
+		return ldb_operr(ldb);
+	}
+	computer_val = data_blob_string_const("computer");
+	val = ldb_msg_find_val(el, &computer_val);
+	if (val != NULL) {
+		is_computer_objectclass = true;
+	}
+
+	old_ufa = old_uac & UF_ACCOUNT_TYPE_MASK;
+	old_atype = ds_uf2atype(old_ufa);
+	old_pgrid = ds_uf2prim_group_rid(old_uac);
+
+	new_ufa = new_uac & UF_ACCOUNT_TYPE_MASK;
+	if (new_ufa == 0) {
+		/*
+		 * "userAccountControl" = 0 or missing one of the
+		 * types means "UF_NORMAL_ACCOUNT".  See MS-SAMR
+		 * 3.1.1.8.10 point 8
+		 */
+		new_ufa = UF_NORMAL_ACCOUNT;
+		new_uac |= new_ufa;
+	}
+	sid = samdb_result_dom_sid(res, res->msgs[0], "objectSid");
+	if (sid == NULL) {
+		return ldb_module_operr(ac->module);
+	}
+
+	ret = samldb_check_user_account_control_rules(ac, sid,
+						      raw_uac,
+						      new_uac,
+						      old_uac,
+						      is_computer_objectclass);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	new_atype = ds_uf2atype(new_ufa);
+	new_pgrid = ds_uf2prim_group_rid(new_uac);
+
+	clear_uac = (old_uac | old_uac_computed) & ~raw_uac;
+
+	switch (new_ufa) {
+	case UF_NORMAL_ACCOUNT:
+		new_is_critical = old_is_critical;
+		break;
+
+	case UF_INTERDOMAIN_TRUST_ACCOUNT:
+		new_is_critical = true;
+		break;
+
+	case UF_WORKSTATION_TRUST_ACCOUNT:
+		new_is_critical = false;
+		if (new_uac & UF_PARTIAL_SECRETS_ACCOUNT) {
+			new_is_critical = true;
+		}
+		break;
+
+	case UF_SERVER_TRUST_ACCOUNT:
+		new_is_critical = true;
+		break;
+
+	default:
+		ldb_asprintf_errstring(ldb,
+			"%08X: samldb: invalid userAccountControl[0x%08X]",
+			W_ERROR_V(WERR_INVALID_PARAMETER), raw_uac);
+		return LDB_ERR_OTHER;
+	}
+
+	if (old_atype != new_atype) {
+		ret = samdb_msg_append_uint(ldb, ac->msg, ac->msg,
+					    "sAMAccountType", new_atype,
+					    LDB_FLAG_MOD_REPLACE);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	/* As per MS-SAMR 3.1.1.8.10 these flags have not to be set */
+	if ((clear_uac & UF_LOCKOUT) && (old_lockoutTime != 0)) {
+		/* "lockoutTime" reset as per MS-SAMR 3.1.1.8.10 */
+		ldb_msg_remove_attr(ac->msg, "lockoutTime");
+		ret = samdb_msg_append_uint64(ldb, ac->msg, ac->msg, "lockoutTime",
+					      (NTTIME)0, LDB_FLAG_MOD_REPLACE);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	/*
+	 * "isCriticalSystemObject" might be set/changed
+	 *
+	 * Even a change from UF_NORMAL_ACCOUNT (implicitly FALSE) to
+	 * UF_WORKSTATION_TRUST_ACCOUNT (actually FALSE) triggers
+	 * creating the attribute.
+	 */
+	if (old_is_critical != new_is_critical || old_atype != new_atype) {
+		ret = ldb_msg_append_string(ac->msg, "isCriticalSystemObject",
+					    new_is_critical ? "TRUE": "FALSE",
+					    LDB_FLAG_MOD_REPLACE);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	if (!ldb_msg_find_element(ac->msg, "primaryGroupID") &&
+	    (old_pgrid != new_pgrid)) {
+		/* Older AD deployments don't know about the RODC group */
+		if (new_pgrid == DOMAIN_RID_READONLY_DCS) {
+			ret = samldb_prim_group_tester(ac, new_pgrid);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+		}
+
+		ret = samdb_msg_append_uint(ldb, ac->msg, ac->msg,
+					    "primaryGroupID", new_pgrid,
+					    LDB_FLAG_MOD_REPLACE);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	/* Propagate eventual "userAccountControl" attribute changes */
+	if (old_uac != new_uac) {
+		char *tempstr = talloc_asprintf(ac->msg, "%d",
+						new_uac);
+		if (tempstr == NULL) {
+			return ldb_module_oom(ac->module);
+		}
+
+		ret = ldb_msg_add_empty(ac->msg,
+					"userAccountControl",
+					LDB_FLAG_MOD_REPLACE,
+					&el);
+		el->values = talloc(ac->msg, struct ldb_val);
+		el->num_values = 1;
+		el->values[0].data = (uint8_t *) tempstr;
+		el->values[0].length = strlen(tempstr);
+	} else {
+		ldb_msg_remove_attr(ac->msg, "userAccountControl");
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int samldb_check_pwd_last_set_acl(struct samldb_ctx *ac,
+					 struct dom_sid *sid)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+	int ret = 0;
+	struct security_token *user_token = NULL;
+	struct security_descriptor *domain_sd = NULL;
+	struct ldb_dn *domain_dn = ldb_get_default_basedn(ldb_module_get_ctx(ac->module));
+	const char *operation = "";
+	const struct dsdb_class *objectclass = NULL;
+
+	if (dsdb_module_am_system(ac->module)) {
+		return LDB_SUCCESS;
+	}
+
+	switch (ac->req->operation) {
+	case LDB_ADD:
+		operation = "add";
+		break;
+	case LDB_MODIFY:
+		operation = "modify";
+		break;
+	default:
+		return ldb_module_operr(ac->module);
+	}
+
+	user_token = acl_user_token(ac->module);
+	if (user_token == NULL) {
+		return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
+	}
+
+	ret = samldb_get_domain_secdesc_and_oc(ac, &domain_sd, &objectclass);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	ret = acl_check_extended_right(ac,
+				       ac->module,
+				       ac->req,
+				       objectclass,
+				       domain_sd,
+				       user_token,
+				       GUID_DRS_UNEXPIRE_PASSWORD,
+				       SEC_ADS_CONTROL_ACCESS,
+				       sid);
+	if (ret != LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS) {
+		return ret;
+	}
+
+	ldb_debug_set(ldb, LDB_DEBUG_WARNING,
+		      "Failed to %s %s: "
+		      "Setting pwdLastSet to -1 requires the "
+		      "Unexpire-Password right that was not given "
+		      "on the Domain object",
+		      operation,
+		      ldb_dn_get_linearized(ac->msg->dn));
+	dsdb_acl_debug(domain_sd, user_token,
+		       domain_dn, true, 10);
+
+	return ret;
+}
+
+/**
+ * This function is called on LDB modify operations. It performs some additions/
+ * replaces on the current LDB message when "pwdLastSet" changes.
+ */
+static int samldb_pwd_last_set_change(struct samldb_ctx *ac)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+	NTTIME last_set = 0;
+	struct ldb_message_element *el = NULL;
+	struct ldb_message *tmp_msg = NULL;
+	struct dom_sid *self_sid = NULL;
+	int ret;
+	struct ldb_result *res = NULL;
+	const char * const attrs[] = {
+		"objectSid",
+		NULL
+	};
+
+	ret = dsdb_get_expected_new_values(ac,
+					   ac->msg,
+					   "pwdLastSet",
+					   &el,
+					   ac->req->operation);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (el == NULL || el->num_values == 0) {
+		ldb_asprintf_errstring(ldb,
+			"%08X: samldb: 'pwdLastSet' can't be deleted!",
+			W_ERROR_V(WERR_DS_ILLEGAL_MOD_OPERATION));
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	/* Create a temporary message for fetching the "userAccountControl" */
+	tmp_msg = ldb_msg_new(ac->msg);
+	if (tmp_msg == NULL) {
+		return ldb_module_oom(ac->module);
+	}
+	ret = ldb_msg_add(tmp_msg, el, 0);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	last_set = samdb_result_nttime(tmp_msg, "pwdLastSet", 0);
+	talloc_free(tmp_msg);
+
+	/*
+	 * Setting -1 (0xFFFFFFFFFFFFFFFF) requires the Unexpire-Password right
+	 */
+	if (last_set != UINT64_MAX) {
+		return LDB_SUCCESS;
+	}
+
+	/* Fetch the "objectSid" */
+	ret = dsdb_module_search_dn(ac->module, ac, &res, ac->msg->dn, attrs,
+				    DSDB_FLAG_NEXT_MODULE, ac->req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	self_sid = samdb_result_dom_sid(res, res->msgs[0], "objectSid");
+	if (self_sid == NULL) {
+		return ldb_module_operr(ac->module);
+	}
+
+	ret = samldb_check_pwd_last_set_acl(ac, self_sid);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int samldb_lockout_time(struct samldb_ctx *ac)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+	NTTIME lockoutTime;
+	struct ldb_message_element *el;
+	struct ldb_message *tmp_msg;
+	int ret;
+
+	ret = dsdb_get_expected_new_values(ac,
+					   ac->msg,
+					   "lockoutTime",
+					   &el,
+					   ac->req->operation);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (el == NULL || el->num_values == 0) {
+		ldb_asprintf_errstring(ldb,
+			"%08X: samldb: 'lockoutTime' can't be deleted!",
+			W_ERROR_V(WERR_DS_ILLEGAL_MOD_OPERATION));
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	/* Create a temporary message for fetching the "lockoutTime" */
+	tmp_msg = ldb_msg_new(ac->msg);
+	if (tmp_msg == NULL) {
+		return ldb_module_oom(ac->module);
+	}
+	ret = ldb_msg_add(tmp_msg, el, 0);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	lockoutTime = ldb_msg_find_attr_as_int64(tmp_msg,
+						 "lockoutTime",
+						 0);
+	talloc_free(tmp_msg);
+
+	if (lockoutTime != 0) {
+		return LDB_SUCCESS;
+	}
+
+	/* lockoutTime == 0 resets badPwdCount */
+	ldb_msg_remove_attr(ac->msg, "badPwdCount");
+	ret = samdb_msg_append_int(ldb, ac->msg, ac->msg,
+				   "badPwdCount", 0,
+				   LDB_FLAG_MOD_REPLACE);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int samldb_group_type_change(struct samldb_ctx *ac)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+	uint32_t group_type, old_group_type, account_type;
+	struct ldb_message_element *el;
+	struct ldb_message *tmp_msg;
+	int ret;
+	struct ldb_result *res;
+	const char * const attrs[] = { "groupType", NULL };
+
+	ret = dsdb_get_expected_new_values(ac,
+					   ac->msg,
+					   "groupType",
+					   &el,
+					   ac->req->operation);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (el == NULL) {
+		/* we are not affected */
+		return LDB_SUCCESS;
+	}
+
+	/* Create a temporary message for fetching the "groupType" */
+	tmp_msg = ldb_msg_new(ac->msg);
+	if (tmp_msg == NULL) {
+		return ldb_module_oom(ac->module);
+	}
+	ret = ldb_msg_add(tmp_msg, el, 0);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	group_type = ldb_msg_find_attr_as_uint(tmp_msg, "groupType", 0);
+	talloc_free(tmp_msg);
+
+	ret = dsdb_module_search_dn(ac->module, ac, &res, ac->msg->dn, attrs,
+				    DSDB_FLAG_NEXT_MODULE |
+				    DSDB_SEARCH_SHOW_DELETED, ac->req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	old_group_type = ldb_msg_find_attr_as_uint(res->msgs[0], "groupType", 0);
+	if (old_group_type == 0) {
+		return ldb_operr(ldb);
+	}
+
+	/* Group type switching isn't so easy as it seems: We can only
+	 * change in this directions: global <-> universal <-> local
+	 * On each step also the group type itself
+	 * (security/distribution) is variable. */
+
+	if (ldb_request_get_control(ac->req, LDB_CONTROL_PROVISION_OID) == NULL) {
+		switch (group_type) {
+		case GTYPE_SECURITY_GLOBAL_GROUP:
+		case GTYPE_DISTRIBUTION_GLOBAL_GROUP:
+			/* change to "universal" allowed */
+			if ((old_group_type == GTYPE_SECURITY_DOMAIN_LOCAL_GROUP) ||
+			(old_group_type == GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP)) {
+				ldb_set_errstring(ldb,
+					"samldb: Change from security/distribution local group forbidden!");
+				return LDB_ERR_UNWILLING_TO_PERFORM;
+			}
+		break;
+
+		case GTYPE_SECURITY_UNIVERSAL_GROUP:
+		case GTYPE_DISTRIBUTION_UNIVERSAL_GROUP:
+			/* each change allowed */
+		break;
+		case GTYPE_SECURITY_DOMAIN_LOCAL_GROUP:
+		case GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP:
+			/* change to "universal" allowed */
+			if ((old_group_type == GTYPE_SECURITY_GLOBAL_GROUP) ||
+			(old_group_type == GTYPE_DISTRIBUTION_GLOBAL_GROUP)) {
+				ldb_set_errstring(ldb,
+					"samldb: Change from security/distribution global group forbidden!");
+				return LDB_ERR_UNWILLING_TO_PERFORM;
+			}
+		break;
+
+		case GTYPE_SECURITY_BUILTIN_LOCAL_GROUP:
+		default:
+			/* we don't allow this "groupType" values */
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		break;
+		}
+	}
+
+	account_type =  ds_gtype2atype(group_type);
+	if (account_type == 0) {
+		ldb_set_errstring(ldb, "samldb: Unrecognized account type!");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+	ret = samdb_msg_append_uint(ldb, ac->msg, ac->msg, "sAMAccountType",
+				    account_type, LDB_FLAG_MOD_REPLACE);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int samldb_member_check(struct samldb_ctx *ac)
+{
+	const char * const attrs[] = { "objectSid", NULL };
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+	struct ldb_message_element *el;
+	struct ldb_dn *member_dn;
+	struct dom_sid *sid;
+	struct ldb_result *res;
+	struct dom_sid *group_sid;
+	unsigned int i, j;
+	int ret;
+
+	/* Fetch information from the existing object */
+
+	ret = dsdb_module_search(ac->module, ac, &res, ac->msg->dn, LDB_SCOPE_BASE, attrs,
+				 DSDB_FLAG_NEXT_MODULE | DSDB_SEARCH_SHOW_DELETED, ac->req, NULL);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	if (res->count != 1) {
+		return ldb_operr(ldb);
+	}
+
+	group_sid = samdb_result_dom_sid(res, res->msgs[0], "objectSid");
+	if (group_sid == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	/* We've to walk over all modification entries and consider the "member"
+	 * ones. */
+	for (i = 0; i < ac->msg->num_elements; i++) {
+		if (ldb_attr_cmp(ac->msg->elements[i].name, "member") != 0) {
+			continue;
+		}
+
+		el = &ac->msg->elements[i];
+		for (j = 0; j < el->num_values; j++) {
+			struct ldb_result *group_res;
+			const char *group_attrs[] = { "primaryGroupID" , NULL };
+			uint32_t prim_group_rid;
+
+			if (LDB_FLAG_MOD_TYPE(el->flags) == LDB_FLAG_MOD_DELETE) {
+				/* Deletes will be handled in
+				 * repl_meta_data, and deletes not
+				 * matching a member will return
+				 * LDB_ERR_UNWILLING_TO_PERFORM
+				 * there */
+				continue;
+			}
+
+			member_dn = ldb_dn_from_ldb_val(ac, ldb,
+							&el->values[j]);
+			if (!ldb_dn_validate(member_dn)) {
+				return ldb_operr(ldb);
+			}
+
+			/* Denies to add "member"s to groups which are primary
+			 * ones for them - in this case return
+			 * ERR_ENTRY_ALREADY_EXISTS. */
+
+			ret = dsdb_module_search_dn(ac->module, ac, &group_res,
+						    member_dn, group_attrs,
+						    DSDB_FLAG_NEXT_MODULE, ac->req);
+			if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+				/* member DN doesn't exist yet */
+				continue;
+			}
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+			prim_group_rid = ldb_msg_find_attr_as_uint(group_res->msgs[0], "primaryGroupID", (uint32_t)-1);
+			if (prim_group_rid == (uint32_t) -1) {
+				/* the member hasn't to be a user account ->
+				 * therefore no check needed in this case. */
+				continue;
+			}
+
+			sid = dom_sid_add_rid(ac, samdb_domain_sid(ldb),
+					      prim_group_rid);
+			if (sid == NULL) {
+				return ldb_operr(ldb);
+			}
+
+			if (dom_sid_equal(group_sid, sid)) {
+				ldb_asprintf_errstring(ldb,
+						       "samldb: member %s already set via primaryGroupID %u",
+						       ldb_dn_get_linearized(member_dn), prim_group_rid);
+				return LDB_ERR_ENTRY_ALREADY_EXISTS;
+			}
+		}
+	}
+
+	talloc_free(res);
+
+	return LDB_SUCCESS;
+}
+
+/* SAM objects have special rules regarding the "description" attribute on
+ * modify operations. */
+static int samldb_description_check(struct samldb_ctx *ac, bool *modified)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+	const char * const attrs[] = { "objectClass", "description", NULL };
+	struct ldb_result *res;
+	unsigned int i;
+	int ret;
+
+	/* Fetch information from the existing object */
+	ret = dsdb_module_search(ac->module, ac, &res, ac->msg->dn, LDB_SCOPE_BASE, attrs,
+				 DSDB_FLAG_NEXT_MODULE | DSDB_SEARCH_SHOW_DELETED, ac->req,
+				 "(|(objectclass=user)(objectclass=group)(objectclass=samDomain)(objectclass=samServer))");
+	if (ret != LDB_SUCCESS) {
+		/* don't treat it specially ... let normal error codes
+		   happen from other places */
+		ldb_reset_err_string(ldb);
+		return LDB_SUCCESS;
+	}
+	if (res->count == 0) {
+		/* we didn't match the filter */
+		talloc_free(res);
+		return LDB_SUCCESS;
+	}
+
+	/* We've to walk over all modification entries and consider the
+	 * "description" ones. */
+	for (i = 0; i < ac->msg->num_elements; i++) {
+		if (ldb_attr_cmp(ac->msg->elements[i].name, "description") == 0) {
+			ac->msg->elements[i].flags |= LDB_FLAG_INTERNAL_FORCE_SINGLE_VALUE_CHECK;
+			*modified = true;
+		}
+	}
+
+	talloc_free(res);
+
+	return LDB_SUCCESS;
+}
+
+#define SPN_ALIAS_NONE 0
+#define SPN_ALIAS_LINK 1
+#define SPN_ALIAS_TARGET 2
+
+static int find_spn_aliases(struct ldb_context *ldb,
+			    TALLOC_CTX *mem_ctx,
+			    const char *service_class,
+			    char ***aliases,
+			    size_t *n_aliases,
+			    int *direction)
+{
+	/*
+	 * If you change the way this works, you should also look at changing
+	 * LDB_lookup_spn_alias() in source4/dsdb/samdb/cracknames.c, which
+	 * does some of the same work.
+	 *
+	 * In particular, note that sPNMappings are resolved on a first come,
+	 * first served basis. For example, if we have
+	 *
+	 *  host=ldap,cifs
+	 *  foo=ldap
+	 *  cifs=host,alerter
+	 *
+	 * then 'ldap', 'cifs', and 'host' will resolve to 'host', and
+	 * 'alerter' will resolve to 'cifs'.
+	 *
+	 * If this resolution method is made more complicated, then the
+	 * cracknames function should also be changed.
+	 */
+	size_t i, j;
+	int ret;
+	bool ok;
+	struct ldb_result *res = NULL;
+	struct ldb_message_element *spnmappings = NULL;
+	TALLOC_CTX *tmp_ctx = NULL;
+	struct ldb_dn *service_dn = NULL;
+
+	const char *attrs[] = {
+		"sPNMappings",
+		NULL
+	};
+
+	*direction = SPN_ALIAS_NONE;
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	service_dn = ldb_dn_new(
+		tmp_ctx, ldb,
+		"CN=Directory Service,CN=Windows NT,CN=Services");
+	if (service_dn == NULL) {
+		talloc_free(tmp_ctx);
+		return ldb_oom(ldb);
+	}
+
+	ok = ldb_dn_add_base(service_dn, ldb_get_config_basedn(ldb));
+	if (! ok) {
+		talloc_free(tmp_ctx);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	ret = ldb_search(ldb, tmp_ctx, &res, service_dn, LDB_SCOPE_BASE,
+			 attrs, "(objectClass=nTDSService)");
+
+	if (ret != LDB_SUCCESS || res->count != 1) {
+		DBG_WARNING("sPNMappings not found.\n");
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	spnmappings = ldb_msg_find_element(res->msgs[0], "sPNMappings");
+	if (spnmappings == NULL || spnmappings->num_values == 0) {
+		DBG_WARNING("no sPNMappings attribute\n");
+		talloc_free(tmp_ctx);
+		return LDB_ERR_NO_SUCH_OBJECT;
+	}
+	*n_aliases = 0;
+
+	for (i = 0; i < spnmappings->num_values; i++) {
+		char *p = NULL;
+		char *mapping = talloc_strndup(
+			tmp_ctx,
+			(char *)spnmappings->values[i].data,
+			spnmappings->values[i].length);
+		if (mapping == NULL) {
+			talloc_free(tmp_ctx);
+			return ldb_oom(ldb);
+		}
+
+		p = strchr(mapping, '=');
+		if (p == NULL) {
+			talloc_free(tmp_ctx);
+			return LDB_ERR_ALIAS_PROBLEM;
+		}
+		p[0] = '\0';
+		p++;
+
+		if (strcasecmp(mapping, service_class) == 0) {
+			/*
+			 * We need to return the reverse aliases for this one.
+			 *
+			 * typically, this means the service_class is "host"
+			 * and the mapping is "host=alerter,appmgmt,cisvc,..",
+			 * so we get "alerter", "appmgmt", etc in the list of
+			 * aliases.
+			 */
+
+			/* There is one more field than there are commas */
+			size_t n = 1;
+
+			for (j = 0; p[j] != '\0'; j++) {
+				if (p[j] == ',') {
+					n++;
+					p[j] = '\0';
+				}
+			}
+			*aliases = talloc_array(mem_ctx, char*, n);
+			if (*aliases == NULL) {
+				talloc_free(tmp_ctx);
+				return ldb_oom(ldb);
+			}
+			*n_aliases = n;
+			talloc_steal(mem_ctx, mapping);
+			for (j = 0; j < n; j++) {
+				(*aliases)[j] = p;
+				p += strlen(p) + 1;
+			}
+			talloc_free(tmp_ctx);
+			*direction = SPN_ALIAS_LINK;
+			return LDB_SUCCESS;
+		}
+		/*
+		 * We need to look along the list to see if service_class is
+		 * there; if so, we return a list of one item (probably "host").
+		 */
+		do {
+			char *str = p;
+			p = strchr(p, ',');
+			if (p != NULL) {
+				p[0] = '\0';
+				p++;
+			}
+			if (strcasecmp(str, service_class) == 0) {
+				*aliases = talloc_array(mem_ctx, char*, 1);
+				if (*aliases == NULL) {
+					talloc_free(tmp_ctx);
+					return ldb_oom(ldb);
+				}
+				*n_aliases = 1;
+				(*aliases)[0] = mapping;
+				talloc_steal(mem_ctx, mapping);
+				talloc_free(tmp_ctx);
+				*direction = SPN_ALIAS_TARGET;
+				return LDB_SUCCESS;
+			}
+		} while (p != NULL);
+	}
+	DBG_INFO("no sPNMappings alias for '%s'\n", service_class);
+	talloc_free(tmp_ctx);
+	*aliases = NULL;
+	*n_aliases = 0;
+	return LDB_SUCCESS;
+}
+
+
+static int get_spn_dn(struct ldb_context *ldb,
+		      TALLOC_CTX *tmp_ctx,
+		      const char *candidate,
+		      struct ldb_dn **dn)
+{
+	int ret;
+	const char *empty_attrs[] = { NULL };
+	struct ldb_message *msg = NULL;
+	struct ldb_dn *base_dn = ldb_get_default_basedn(ldb);
+
+	const char *enc_candidate = NULL;
+
+	*dn = NULL;
+
+	enc_candidate = ldb_binary_encode_string(tmp_ctx, candidate);
+	if (enc_candidate == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	ret = dsdb_search_one(ldb,
+			      tmp_ctx,
+			      &msg,
+			      base_dn,
+			      LDB_SCOPE_SUBTREE,
+			      empty_attrs,
+			      0,
+			      "(servicePrincipalName=%s)",
+			      enc_candidate);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	*dn = msg->dn;
+	return LDB_SUCCESS;
+}
+
+
+static int check_spn_write_rights(struct ldb_context *ldb,
+				  TALLOC_CTX *mem_ctx,
+				  const char *spn,
+				  struct ldb_dn *dn)
+{
+	int ret;
+	struct ldb_message *msg = NULL;
+	struct ldb_message_element *del_el = NULL;
+	struct ldb_message_element *add_el = NULL;
+	struct ldb_val val = {
+		.data = discard_const_p(uint8_t, spn),
+		.length = strlen(spn)
+	};
+
+	msg = ldb_msg_new(mem_ctx);
+	if (msg == NULL) {
+		return ldb_oom(ldb);
+	}
+	msg->dn = dn;
+
+	ret = ldb_msg_add_empty(msg,
+				"servicePrincipalName",
+				LDB_FLAG_MOD_DELETE,
+				&del_el);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(msg);
+		return ret;
+	}
+
+	del_el->values = talloc_array(msg->elements, struct ldb_val, 1);
+	if (del_el->values == NULL) {
+		talloc_free(msg);
+		return ret;
+	}
+
+	del_el->values[0] = val;
+	del_el->num_values = 1;
+
+	ret = ldb_msg_add_empty(msg,
+				"servicePrincipalName",
+				LDB_FLAG_MOD_ADD,
+				&add_el);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(msg);
+		return ret;
+	}
+
+	add_el->values = talloc_array(msg->elements, struct ldb_val, 1);
+	if (add_el->values == NULL) {
+		talloc_free(msg);
+		return ret;
+	}
+
+	add_el->values[0] = val;
+	add_el->num_values = 1;
+
+	ret = ldb_modify(ldb, msg);
+	if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE) {
+		DBG_ERR("hmm I think we're OK, but not sure\n");
+	} else if (ret != LDB_SUCCESS) {
+		DBG_ERR("SPN write rights check failed with %d\n", ret);
+		talloc_free(msg);
+		return ret;
+	}
+	talloc_free(msg);
+	return LDB_SUCCESS;
+}
+
+
+static int check_spn_alias_collision(struct ldb_context *ldb,
+				     TALLOC_CTX *mem_ctx,
+				     const char *spn,
+				     struct ldb_dn *target_dn)
+{
+	int ret;
+	char *service_class = NULL;
+	char *spn_tail = NULL;
+	char *p = NULL;
+	char **aliases = NULL;
+	size_t n_aliases = 0;
+	size_t i, len;
+	TALLOC_CTX *tmp_ctx = NULL;
+	const char *target_dnstr = ldb_dn_get_linearized(target_dn);
+	int link_direction;
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	/*
+	 * "dns/example.com/xxx"  gives
+	 *    service_class = "dns"
+	 *    spn_tail      = "example.com/xxx"
+	 */
+	p = strchr(spn, '/');
+	if (p == NULL) {
+		/* bad SPN */
+		talloc_free(tmp_ctx);
+		return ldb_error(ldb,
+				 LDB_ERR_OPERATIONS_ERROR,
+				 "malformed servicePrincipalName");
+	}
+	len = p - spn;
+
+	service_class = talloc_strndup(tmp_ctx, spn, len);
+	if (service_class == NULL) {
+		talloc_free(tmp_ctx);
+		return ldb_oom(ldb);
+	}
+	spn_tail = p + 1;
+
+	ret = find_spn_aliases(ldb,
+			       tmp_ctx,
+			       service_class,
+			       &aliases,
+			       &n_aliases,
+			       &link_direction);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	/*
+	 * we have the list of aliases, and now we need to combined them with
+	 * spn_tail and see if we can find the SPN.
+	 */
+	for (i = 0; i < n_aliases; i++) {
+		struct ldb_dn *colliding_dn = NULL;
+		const char *colliding_dnstr = NULL;
+
+		char *candidate = talloc_asprintf(tmp_ctx,
+						  "%s/%s",
+						  aliases[i],
+						  spn_tail);
+		if (candidate == NULL) {
+			talloc_free(tmp_ctx);
+			return ldb_oom(ldb);
+		}
+
+		ret = get_spn_dn(ldb, tmp_ctx, candidate, &colliding_dn);
+		if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+			DBG_DEBUG("SPN alias '%s' not found (good)\n",
+				  candidate);
+			talloc_free(candidate);
+			continue;
+		}
+		if (ret != LDB_SUCCESS) {
+			DBG_ERR("SPN '%s' search error %d\n", candidate, ret);
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+
+		target_dnstr = ldb_dn_get_linearized(target_dn);
+		/*
+		 * We have found an existing SPN that matches the alias. That
+		 * is OK only if it is on the object we are trying to add to,
+		 * or if the SPN on the other side is a more generic alias for
+		 * this one and we also have rights to modify it.
+		 *
+		 * That is, we can put "host/X" and "cifs/X" on the same
+		 * object, but not on different objects, unless we put the
+		 * host/X on first, and could also change that object when we
+		 * add cifs/X. It is forbidden to add the objects in the other
+		 * order.
+		 *
+		 * The rationale for this is that adding "cifs/X" effectively
+		 * changes "host/X" by diverting traffic. If "host/X" can be
+		 * added after "cifs/X", a sneaky person could get "cifs/X" in
+		 * first, making "host/X" have less effect than intended.
+		 *
+		 * Note: we also can't have "host/X" and "Host/X" on the same
+		 * object, but that is not relevant here.
+		 */
+
+		ret = ldb_dn_compare(colliding_dn, target_dn);
+		if (ret != 0) {
+			colliding_dnstr = ldb_dn_get_linearized(colliding_dn);
+			DBG_ERR("trying to add SPN '%s' on '%s' when '%s' is "
+				"on '%s'\n",
+				spn,
+				target_dnstr,
+				candidate,
+				colliding_dnstr);
+
+			if (link_direction == SPN_ALIAS_LINK) {
+				/* we don't allow host/X if there is a
+				 * cifs/X */
+				talloc_free(tmp_ctx);
+				return LDB_ERR_CONSTRAINT_VIOLATION;
+			}
+			ret = check_spn_write_rights(ldb,
+						     tmp_ctx,
+						     candidate,
+						     colliding_dn);
+			if (ret != LDB_SUCCESS) {
+				DBG_ERR("SPN '%s' is on '%s' so '%s' can't be "
+					"added to '%s'\n",
+					candidate,
+					colliding_dnstr,
+					spn,
+					target_dnstr);
+				talloc_free(tmp_ctx);
+				ldb_asprintf_errstring(ldb,
+						       "samldb: spn[%s] would cause a conflict",
+						       spn);
+				return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
+			}
+		} else {
+			DBG_INFO("SPNs '%s' and '%s' alias both on '%s'\n",
+				 candidate, spn, target_dnstr);
+		}
+		talloc_free(candidate);
+	}
+
+	talloc_free(tmp_ctx);
+	return LDB_SUCCESS;
+}
+
+static int check_spn_direct_collision(struct ldb_context *ldb,
+				      TALLOC_CTX *mem_ctx,
+				      const char *spn,
+				      struct ldb_dn *target_dn)
+{
+	int ret;
+	TALLOC_CTX *tmp_ctx = NULL;
+	struct ldb_dn *colliding_dn = NULL;
+	const char *target_dnstr = NULL;
+	const char *colliding_dnstr = NULL;
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	ret = get_spn_dn(ldb, tmp_ctx, spn, &colliding_dn);
+	if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+		DBG_DEBUG("SPN '%s' not found (good)\n", spn);
+		talloc_free(tmp_ctx);
+		return LDB_SUCCESS;
+	}
+	if (ret != LDB_SUCCESS) {
+		DBG_ERR("SPN '%s' search error %d\n", spn, ret);
+		talloc_free(tmp_ctx);
+		if (ret == LDB_ERR_COMPARE_TRUE) {
+			/*
+			 * COMPARE_TRUE has special meaning here and we don't
+			 * want to return it by mistake.
+			 */
+			ret = LDB_ERR_OPERATIONS_ERROR;
+		}
+		return ret;
+	}
+	/*
+	 * We have found this exact SPN. This is mostly harmless (depend on
+	 * ADD vs REPLACE) when the spn is being put on the object that
+	 * already has, so we let it through to succeed or fail as some other
+	 * module sees fit.
+	 */
+	target_dnstr = ldb_dn_get_linearized(target_dn);
+	ret = ldb_dn_compare(colliding_dn, target_dn);
+	if (ret != 0) {
+		colliding_dnstr = ldb_dn_get_linearized(colliding_dn);
+		DBG_ERR("SPN '%s' is on '%s' so it can't be "
+			"added to '%s'\n",
+			spn,
+			colliding_dnstr,
+			target_dnstr);
+		ldb_asprintf_errstring(ldb,
+				       "samldb: spn[%s] would cause a conflict",
+				       spn);
+		talloc_free(tmp_ctx);
+		return LDB_ERR_CONSTRAINT_VIOLATION;
+	}
+
+	DBG_INFO("SPN '%s' is already on '%s'\n",
+		 spn, target_dnstr);
+	talloc_free(tmp_ctx);
+	return LDB_ERR_COMPARE_TRUE;
+}
+
+
+static int count_spn_components(struct ldb_val val)
+{
+	/*
+	 * a 3 part servicePrincipalName has two slashes, like
+	 * ldap/example.com/DomainDNSZones.example.com.
+	 *
+	 * In krb5_parse_name_flags() we don't count "\/" as a slash (i.e.
+	 * escaped by a backslash), but this is not the behaviour of Windows
+	 * on setting a servicePrincipalName -- slashes are counted regardless
+	 * of backslashes.
+	 *
+	 * Accordingly, here we ignore backslashes. This will reject
+	 * multi-slash SPNs that krb5_parse_name_flags() would accept, and
+	 * allow ones in the form "a\/b" that it won't parse.
+	 */
+	size_t i;
+	int slashes = 0;
+	for (i = 0; i < val.length; i++) {
+		char c = val.data[i];
+		if (c == '/') {
+			slashes++;
+			if (slashes == 3) {
+				/* at this point we don't care */
+				return 4;
+			}
+		}
+	}
+	return slashes + 1;
+}
+
+
+/* Check that "servicePrincipalName" changes do not introduce a collision
+ * globally. */
+static int samldb_spn_uniqueness_check(struct samldb_ctx *ac,
+				       struct ldb_message_element *spn_el)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+	int ret;
+	const char *spn = NULL;
+	size_t i;
+	TALLOC_CTX *tmp_ctx = talloc_new(ac->msg);
+	if (tmp_ctx == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	for (i = 0; i < spn_el->num_values; i++) {
+		int n_components;
+		spn = (char *)spn_el->values[i].data;
+
+		n_components = count_spn_components(spn_el->values[i]);
+		if (n_components > 3 || n_components < 2) {
+			ldb_asprintf_errstring(ldb,
+					       "samldb: spn[%s] invalid with %u components",
+					       spn, n_components);
+			talloc_free(tmp_ctx);
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+
+		ret = check_spn_direct_collision(ldb,
+						 tmp_ctx,
+						 spn,
+						 ac->msg->dn);
+		if (ret == LDB_ERR_COMPARE_TRUE) {
+			DBG_INFO("SPN %s re-added to the same object\n", spn);
+			continue;
+		}
+		if (ret != LDB_SUCCESS) {
+			DBG_ERR("SPN %s failed direct uniqueness check\n", spn);
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+
+		ret = check_spn_alias_collision(ldb,
+						tmp_ctx,
+						spn,
+						ac->msg->dn);
+
+		if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+			/* we have no sPNMappings, hence no aliases */
+			break;
+		}
+		if (ret != LDB_SUCCESS) {
+			DBG_ERR("SPN %s failed alias uniqueness check\n", spn);
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+		DBG_INFO("SPN %s seems to be unique\n", spn);
+	}
+
+	talloc_free(tmp_ctx);
+	return LDB_SUCCESS;
+}
+
+
+
+/* This trigger adapts the "servicePrincipalName" attributes if the
+ * "dNSHostName" and/or "sAMAccountName" attribute change(s) */
+static int samldb_service_principal_names_change(struct samldb_ctx *ac)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+	struct ldb_message_element *el = NULL, *el2 = NULL;
+	struct ldb_message *msg;
+	const char * const attrs[] = { "servicePrincipalName", NULL };
+	struct ldb_result *res;
+	const char *dns_hostname = NULL, *old_dns_hostname = NULL,
+		   *sam_accountname = NULL, *old_sam_accountname = NULL;
+	unsigned int i, j;
+	int ret;
+
+	ret = dsdb_get_expected_new_values(ac,
+					   ac->msg,
+					   "dNSHostName",
+					   &el,
+					   ac->req->operation);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	ret = dsdb_get_expected_new_values(ac,
+					   ac->msg,
+					   "sAMAccountName",
+					   &el2,
+					   ac->req->operation);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	if ((el == NULL) && (el2 == NULL)) {
+		/* we are not affected */
+		return LDB_SUCCESS;
+	}
+
+	/* Create a temporary message for fetching the "dNSHostName" */
+	if (el != NULL) {
+		const char *dns_attrs[] = { "dNSHostName", NULL };
+		msg = ldb_msg_new(ac->msg);
+		if (msg == NULL) {
+			return ldb_module_oom(ac->module);
+		}
+		ret = ldb_msg_add(msg, el, 0);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+		dns_hostname = talloc_strdup(ac,
+					     ldb_msg_find_attr_as_string(msg, "dNSHostName", NULL));
+		if (dns_hostname == NULL) {
+			return ldb_module_oom(ac->module);
+		}
+
+		talloc_free(msg);
+
+		ret = dsdb_module_search_dn(ac->module, ac, &res, ac->msg->dn,
+					    dns_attrs, DSDB_FLAG_NEXT_MODULE, ac->req);
+		if (ret == LDB_SUCCESS) {
+			old_dns_hostname = ldb_msg_find_attr_as_string(res->msgs[0], "dNSHostName", NULL);
+		}
+	}
+
+	/* Create a temporary message for fetching the "sAMAccountName" */
+	if (el2 != NULL) {
+		char *tempstr, *tempstr2 = NULL;
+		const char *acct_attrs[] = { "sAMAccountName", NULL };
+
+		msg = ldb_msg_new(ac->msg);
+		if (msg == NULL) {
+			return ldb_module_oom(ac->module);
+		}
+		ret = ldb_msg_add(msg, el2, 0);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+		tempstr = talloc_strdup(ac,
+					ldb_msg_find_attr_as_string(msg, "sAMAccountName", NULL));
+		talloc_free(msg);
+
+		ret = dsdb_module_search_dn(ac->module, ac, &res, ac->msg->dn, acct_attrs,
+					    DSDB_FLAG_NEXT_MODULE, ac->req);
+		if (ret == LDB_SUCCESS) {
+			tempstr2 = talloc_strdup(ac,
+						 ldb_msg_find_attr_as_string(res->msgs[0],
+									     "sAMAccountName", NULL));
+		}
+
+
+		/* The "sAMAccountName" needs some additional trimming: we need
+		 * to remove the trailing "$"s if they exist. */
+		if ((tempstr != NULL) && (tempstr[0] != '\0') &&
+		    (tempstr[strlen(tempstr) - 1] == '$')) {
+			tempstr[strlen(tempstr) - 1] = '\0';
+		}
+		if ((tempstr2 != NULL) && (tempstr2[0] != '\0') &&
+		    (tempstr2[strlen(tempstr2) - 1] == '$')) {
+			tempstr2[strlen(tempstr2) - 1] = '\0';
+		}
+		sam_accountname = tempstr;
+		old_sam_accountname = tempstr2;
+	}
+
+	if (old_dns_hostname == NULL) {
+		/* we cannot change when the old name is unknown */
+		dns_hostname = NULL;
+	}
+	if ((old_dns_hostname != NULL) && (dns_hostname != NULL) &&
+	    (strcasecmp_m(old_dns_hostname, dns_hostname) == 0)) {
+		/* The "dNSHostName" didn't change */
+		dns_hostname = NULL;
+	}
+
+	if (old_sam_accountname == NULL) {
+		/* we cannot change when the old name is unknown */
+		sam_accountname = NULL;
+	}
+	if ((old_sam_accountname != NULL) && (sam_accountname != NULL) &&
+	    (strcasecmp_m(old_sam_accountname, sam_accountname) == 0)) {
+		/* The "sAMAccountName" didn't change */
+		sam_accountname = NULL;
+	}
+
+	if ((dns_hostname == NULL) && (sam_accountname == NULL)) {
+		/* Well, there are information missing (old name(s)) or the
+		 * names didn't change. We've nothing to do and can exit here */
+		return LDB_SUCCESS;
+	}
+
+	/*
+	 * Potential "servicePrincipalName" changes in the same request have
+	 * to be handled before the update (Windows behaviour).
+	 *
+	 * We extract the SPN changes into a new message and run it through
+	 * the stack from this module, so that it subjects them to the SPN
+	 * checks we have here.
+	 */
+	el = ldb_msg_find_element(ac->msg, "servicePrincipalName");
+	if (el != NULL) {
+		msg = ldb_msg_new(ac->msg);
+		if (msg == NULL) {
+			return ldb_module_oom(ac->module);
+		}
+		msg->dn = ac->msg->dn;
+
+		do {
+			ret = ldb_msg_add(msg, el, el->flags);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+
+			ldb_msg_remove_element(ac->msg, el);
+
+			el = ldb_msg_find_element(ac->msg,
+						  "servicePrincipalName");
+		} while (el != NULL);
+
+		ret = dsdb_module_modify(ac->module, msg,
+					 DSDB_FLAG_OWN_MODULE, ac->req);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+		talloc_free(msg);
+	}
+
+	/* Fetch the "servicePrincipalName"s if any */
+	ret = dsdb_module_search(ac->module, ac, &res, ac->msg->dn, LDB_SCOPE_BASE, attrs,
+				 DSDB_FLAG_NEXT_MODULE, ac->req, NULL);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	if ((res->count != 1) || (res->msgs[0]->num_elements > 1)) {
+		return ldb_operr(ldb);
+	}
+
+	if (res->msgs[0]->num_elements == 1) {
+		/*
+		 * Yes, we do have "servicePrincipalName"s. First we update them
+		 * locally, that means we do always substitute the current
+		 * "dNSHostName" with the new one and/or "sAMAccountName"
+		 * without "$" with the new one and then we append the
+		 * modified "servicePrincipalName"s as a message element
+		 * replace to the modification request (Windows behaviour). We
+		 * need also to make sure that the values remain case-
+		 * insensitively unique.
+		 */
+
+		ret = ldb_msg_add_empty(ac->msg, "servicePrincipalName",
+					LDB_FLAG_MOD_REPLACE, &el);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		for (i = 0; i < res->msgs[0]->elements[0].num_values; i++) {
+			char *old_str, *new_str;
+			char *pos = NULL;
+			const char *tok;
+			struct ldb_val *vals;
+			bool found = false;
+
+			old_str = (char *)
+				res->msgs[0]->elements[0].values[i].data;
+
+			new_str = talloc_strdup(ac->msg,
+						strtok_r(old_str, "/", &pos));
+			if (new_str == NULL) {
+				return ldb_module_oom(ac->module);
+			}
+
+			while ((tok = strtok_r(NULL, "/", &pos)) != NULL) {
+				if ((dns_hostname != NULL) &&
+				    (strcasecmp_m(tok, old_dns_hostname) == 0)) {
+					tok = dns_hostname;
+				}
+				if ((sam_accountname != NULL) &&
+				    (strcasecmp_m(tok, old_sam_accountname) == 0)) {
+					tok = sam_accountname;
+				}
+
+				new_str = talloc_asprintf(ac->msg, "%s/%s",
+							  new_str, tok);
+				if (new_str == NULL) {
+					return ldb_module_oom(ac->module);
+				}
+			}
+
+			/* Uniqueness check */
+			for (j = 0; (!found) && (j < el->num_values); j++) {
+				if (strcasecmp_m((char *)el->values[j].data,
+					       new_str) == 0) {
+					found = true;
+				}
+			}
+			if (found) {
+				continue;
+			}
+
+			/*
+			 * append the new "servicePrincipalName" -
+			 * code derived from ldb_msg_add_value().
+			 *
+			 * Open coded to make it clear that we must
+			 * append to the MOD_REPLACE el created above.
+			 */
+			vals = talloc_realloc(ac->msg, el->values,
+					      struct ldb_val,
+					      el->num_values + 1);
+			if (vals == NULL) {
+				return ldb_module_oom(ac->module);
+			}
+			el->values = vals;
+			el->values[el->num_values] = data_blob_string_const(new_str);
+			++(el->num_values);
+		}
+	}
+
+	talloc_free(res);
+
+	return LDB_SUCCESS;
+}
+
+/* This checks the "fSMORoleOwner" attributes */
+static int samldb_fsmo_role_owner_check(struct samldb_ctx *ac)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+	const char * const no_attrs[] = { NULL };
+	struct ldb_message_element *el;
+	struct ldb_message *tmp_msg;
+	struct ldb_dn *res_dn;
+	struct ldb_result *res;
+	int ret;
+	ret = dsdb_get_expected_new_values(ac,
+					   ac->msg,
+					   "fSMORoleOwner",
+					   &el,
+					   ac->req->operation);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (el == NULL) {
+		/* we are not affected */
+		return LDB_SUCCESS;
+	}
+	if (el->num_values != 1) {
+		goto choose_error_code;
+	}
+
+	/* Create a temporary message for fetching the "fSMORoleOwner" */
+	tmp_msg = ldb_msg_new(ac->msg);
+	if (tmp_msg == NULL) {
+		return ldb_module_oom(ac->module);
+	}
+	ret = ldb_msg_add(tmp_msg, el, 0);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	res_dn = ldb_msg_find_attr_as_dn(ldb, ac, tmp_msg, "fSMORoleOwner");
+	talloc_free(tmp_msg);
+
+	if (res_dn == NULL) {
+		ldb_set_errstring(ldb,
+				  "samldb: 'fSMORoleOwner' attributes have to reference 'nTDSDSA' entries!");
+		goto choose_error_code;
+	}
+
+	/* Fetched DN has to reference a "nTDSDSA" entry */
+	ret = dsdb_module_search(ac->module, ac, &res, res_dn, LDB_SCOPE_BASE,
+				 no_attrs,
+				 DSDB_FLAG_NEXT_MODULE | DSDB_SEARCH_SHOW_DELETED,
+				 ac->req, "(objectClass=nTDSDSA)");
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	if (res->count != 1) {
+		ldb_set_errstring(ldb,
+				  "samldb: 'fSMORoleOwner' attributes have to reference 'nTDSDSA' entries!");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	talloc_free(res);
+
+	return LDB_SUCCESS;
+
+choose_error_code:
+	/* this is just how it is */
+	if (ac->req->operation == LDB_ADD) {
+		return LDB_ERR_CONSTRAINT_VIOLATION;
+	} else {
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+}
+
+/*
+ * Return zero if the number of zero bits in the address (looking from low to
+ * high) is equal to or greater than the length minus the mask. Otherwise it
+ * returns -1.
+ */
+static int check_cidr_zero_bits(uint8_t *address, unsigned int len,
+				unsigned int mask)
+{
+	/* <address> is an integer in big-endian form, <len> bits long. All
+	   bits between <mask> and <len> must be zero. */
+	int i;
+	unsigned int byte_len;
+	unsigned int byte_mask;
+	unsigned int bit_mask;
+	if (len == 32) {
+		DBG_INFO("Looking at address %02x%02x%02x%02x, mask %u\n",
+			 address[0], address[1], address[2], address[3],
+			  mask);
+	} else if (len == 128){
+		DBG_INFO("Looking at address "
+			 "%02x%02x-%02x%02x-%02x%02x-%02x%02x-"
+			 "%02x%02x-%02x%02x-%02x%02x-%02x%02x, mask %u\n",
+			 address[0], address[1], address[2], address[3],
+			 address[4], address[5], address[6], address[7],
+			 address[8], address[9], address[10], address[11],
+			 address[12], address[13], address[14], address[15],
+			 mask);
+	}
+
+	if (mask > len){
+		DBG_INFO("mask %u is too big (> %u)\n", mask, len);
+		return -1;
+	}
+	if (mask == len){
+		/* single address subnet.
+		 * In IPv4 all 255s is invalid by the bitmask != address rule
+		 * in MS-ADTS. IPv6 does not suffer.
+		 */
+		if (len == 32){
+			if (address[0] == 255 &&
+			    address[1] == 255 &&
+			    address[2] == 255 &&
+			    address[3] == 255){
+				return -1;
+			}
+		}
+		return 0;
+	}
+
+	byte_len = len / 8;
+	byte_mask = mask / 8;
+
+	for (i = byte_len - 1; i > byte_mask; i--){
+		DBG_DEBUG("checking byte %d %02x\n", i, address[i]);
+		if (address[i] != 0){
+			return -1;
+		}
+	}
+	bit_mask = (1 << (8 - (mask & 7))) - 1;
+	DBG_DEBUG("checking bitmask %02x & %02x overlap %02x\n", bit_mask, address[byte_mask],
+		  bit_mask & address[byte_mask]);
+	if (address[byte_mask] & bit_mask){
+		return -1;
+	}
+
+	/* According to MS-ADTS, the mask can't exactly equal the bitmask for
+	 * IPv4 (but this is fine for v6). That is 255.255.80.0/17 is bad,
+	 * because the bitmask implied by "/17" is 255.255.80.0.
+	 *
+	 * The bit_mask used in the previous check is the complement of what
+	 * we want here.
+	 */
+	if (len == 32 && address[byte_mask] == (uint8_t)~bit_mask){
+		bool ok = false;
+		for (i = 0; i < byte_mask; i++){
+			if (address[i] != 255){
+				ok = true;
+				break;
+			}
+		}
+		if (ok == false){
+			return -1;
+		}
+	}
+	return 0;
+}
+
+
+
+static int check_address_roundtrip(const char *address, int family,
+				   const uint8_t *address_bytes,
+				   char *buffer, int buffer_len)
+{
+	/*
+	 * Check that the address is in the canonical RFC5952 format for IPv6,
+	 * and lacks extra leading zeros for each dotted decimal for IPv4.
+	 * Handily this is what inet_ntop() gives you.
+	 */
+	const char *address_redux = inet_ntop(family, address_bytes,
+					      buffer, buffer_len);
+	if (address_redux == NULL){
+		DBG_INFO("Address round trip %s failed unexpectedly"
+			 " with errno %d\n", address, errno);
+		return -1;
+	}
+	if (strcasecmp(address, address_redux) != 0){
+		DBG_INFO("Address %s round trips to %s; fail!\n",
+			 address, address_redux);
+		/* If the address family is IPv6, and the address is in a
+		   certain range
+
+		 */
+		if (strchr(address_redux, '.') != NULL){
+			DEBUG(0, ("The IPv6 address '%s' has the misfortune of "
+				  "lying in a range that was once used for "
+				  "IPv4 embedding (that is, it might also be "
+				  "represented as '%s').\n", address,
+				  address_redux));
+		}
+		return -1;
+	}
+	return 0;
+}
+
+
+
+/*
+ * MS-ADTS v20150630 6.1.1.2.2.2.1 Subnet Object, refers to RFC1166 and
+ * RFC2373. It specifies something seemingly indistinguishable from an RFC4632
+ * CIDR address range without saying so explicitly. Here we follow the CIDR
+ * spec.
+ *
+ * Return 0 on success, -1 on error.
+ */
+static int verify_cidr(const char *cidr)
+{
+	char *address = NULL, *slash = NULL;
+	bool has_colon, has_dot;
+	int res, ret;
+	unsigned long mask;
+	uint8_t *address_bytes = NULL;
+	char *address_redux = NULL;
+	unsigned int address_len;
+	TALLOC_CTX *frame = NULL;
+	int error = 0;
+
+	DBG_DEBUG("CIDR is %s\n", cidr);
+	frame = talloc_stackframe();
+	address = talloc_strdup(frame, cidr);
+	if (address == NULL){
+		goto error;
+	}
+
+	/* there must be a '/' */
+	slash = strchr(address, '/');
+	if (slash == NULL){
+		goto error;
+	}
+	/* terminate the address for strchr, inet_pton */
+	*slash = '\0';
+
+	mask = smb_strtoul(slash + 1, NULL, 10, &error, SMB_STR_FULL_STR_CONV);
+	if (mask == 0){
+		DBG_INFO("Windows does not like the zero mask, "
+			 "so nor do we: %s\n", cidr);
+		goto error;
+	}
+
+	if (error != 0){
+		DBG_INFO("CIDR mask is not a proper integer: %s\n", cidr);
+		goto error;
+	}
+
+	address_bytes = talloc_size(frame, sizeof(struct in6_addr));
+	if (address_bytes == NULL){
+		goto error;
+	}
+
+	address_redux = talloc_size(frame, INET6_ADDRSTRLEN);
+	if (address_redux == NULL){
+		goto error;
+	}
+
+	DBG_INFO("found address %s, mask %lu\n", address, mask);
+	has_colon = (strchr(address, ':') == NULL) ? false : true;
+	has_dot = (strchr(address, '.') == NULL) ? false : true;
+	if (has_dot && has_colon){
+		/* This seems to be an IPv4 address embedded in IPv6, which is
+		   icky. We don't support it. */
+		DBG_INFO("Refusing to consider cidr '%s' with dots and colons\n",
+			  cidr);
+		goto error;
+	} else if (has_colon){	/* looks like IPv6 */
+		res = inet_pton(AF_INET6, address, address_bytes);
+		if (res != 1) {
+			DBG_INFO("Address in %s fails to parse as IPv6\n", cidr);
+			goto error;
+		}
+		address_len = 128;
+		if (check_address_roundtrip(address, AF_INET6, address_bytes,
+					    address_redux, INET6_ADDRSTRLEN)){
+			goto error;
+		}
+	} else if (has_dot) {
+		/* looks like IPv4 */
+		if (strcmp(address, "0.0.0.0") == 0){
+			DBG_INFO("Windows does not like the zero IPv4 address, "
+				 "so nor do we.\n");
+			goto error;
+		}
+		res = inet_pton(AF_INET, address, address_bytes);
+		if (res != 1) {
+			DBG_INFO("Address in %s fails to parse as IPv4\n", cidr);
+			goto error;
+		}
+		address_len = 32;
+
+		if (check_address_roundtrip(address, AF_INET, address_bytes,
+					    address_redux, INET_ADDRSTRLEN)){
+			goto error;
+		}
+	} else {
+		/* This doesn't look like an IP address at all. */
+		goto error;
+	}
+
+	ret = check_cidr_zero_bits(address_bytes, address_len, mask);
+	talloc_free(frame);
+	return ret;
+  error:
+	talloc_free(frame);
+	return -1;
+}
+
+
+static int samldb_verify_subnet(struct samldb_ctx *ac, struct ldb_dn *dn)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+	const char *cidr = NULL;
+	const struct ldb_val *rdn_value = NULL;
+
+	rdn_value = ldb_dn_get_rdn_val(dn);
+	if (rdn_value == NULL) {
+		ldb_set_errstring(ldb, "samldb: ldb_dn_get_rdn_val "
+				  "failed");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	cidr = ldb_dn_escape_value(ac, *rdn_value);
+	DBG_INFO("looking at cidr '%s'\n", cidr);
+	if (cidr == NULL) {
+		ldb_set_errstring(ldb,
+				  "samldb: adding an empty subnet cidr seems wrong");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	if (verify_cidr(cidr)){
+		ldb_set_errstring(ldb,
+				  "samldb: subnet value is invalid");
+		return LDB_ERR_INVALID_DN_SYNTAX;
+	}
+
+	return LDB_SUCCESS;
+}
+
+static char *refer_if_rodc(struct ldb_context *ldb, struct ldb_request *req,
+			   struct ldb_dn *dn)
+{
+	bool rodc = false;
+	struct loadparm_context *lp_ctx;
+	char *referral;
+	int ret;
+	WERROR err;
+
+	if (ldb_request_get_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID) ||
+	    ldb_request_get_control(req, DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA)) {
+		return NULL;
+	}
+
+	ret = samdb_rodc(ldb, &rodc);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(4, (__location__ ": unable to tell if we are an RODC\n"));
+		return NULL;
+	}
+
+	if (rodc) {
+		const char *domain = NULL;
+		struct ldb_dn *fsmo_role_dn;
+		struct ldb_dn *role_owner_dn;
+		ldb_set_errstring(ldb, "RODC modify is forbidden!");
+		lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"),
+					 struct loadparm_context);
+
+		err = dsdb_get_fsmo_role_info(req, ldb, DREPL_PDC_MASTER,
+					      &fsmo_role_dn, &role_owner_dn);
+		if (W_ERROR_IS_OK(err)) {
+			struct ldb_dn *server_dn = ldb_dn_copy(req, role_owner_dn);
+			if (server_dn != NULL) {
+				ldb_dn_remove_child_components(server_dn, 1);
+
+				domain = samdb_dn_to_dnshostname(ldb, req,
+								 server_dn);
+			}
+		}
+		if (domain == NULL) {
+			domain = lpcfg_dnsdomain(lp_ctx);
+		}
+		referral = talloc_asprintf(req,
+					   "ldap://%s/%s",
+					   domain,
+					   ldb_dn_get_linearized(dn));
+		return referral;
+	}
+
+	return NULL;
+}
+
+/*
+ * Restrict all access to sensitive attributes.
+ *
+ * We don't want to even inspect the values, so we can use the same
+ * routine for ADD and MODIFY.
+ *
+ */
+
+static int samldb_check_sensitive_attributes(struct samldb_ctx *ac)
+{
+	struct ldb_message_element *el = NULL;
+	struct security_token *user_token = NULL;
+	int ret;
+
+	if (dsdb_module_am_system(ac->module)) {
+		return LDB_SUCCESS;
+	}
+
+	user_token = acl_user_token(ac->module);
+	if (user_token == NULL) {
+		return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
+	}
+
+	el = ldb_msg_find_element(ac->msg, "sidHistory");
+	if (el) {
+               /*
+                * sidHistory is restricted to the (not implemented
+                * yet in Samba) DsAddSidHistory call (direct LDB access is
+                * as SYSTEM so will bypass this).
+		*
+		* If you want to modify this, say to merge domains,
+		* directly modify the sam.ldb as root.
+                */
+		ldb_asprintf_errstring(ldb_module_get_ctx(ac->module),
+				       "sidHistory "
+				       "(entry %s) cannot be created "
+				       "or changed over LDAP!",
+				       ldb_dn_get_linearized(ac->msg->dn));
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	el = ldb_msg_find_element(ac->msg, "msDS-SecondaryKrbTgtNumber");
+	if (el) {
+		struct security_descriptor *domain_sd;
+		const struct dsdb_class *objectclass = NULL;
+		/*
+		 * msDS-SecondaryKrbTgtNumber allows the creator to
+		 * become an RODC, this is trusted as an RODC
+		 * account
+		 */
+		ret = samldb_get_domain_secdesc_and_oc(ac, &domain_sd, &objectclass);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+		ret = acl_check_extended_right(ac,
+					       ac->module,
+					       ac->req,
+					       objectclass,
+					       domain_sd,
+					       user_token,
+					       GUID_DRS_DS_INSTALL_REPLICA,
+					       SEC_ADS_CONTROL_ACCESS,
+					       NULL);
+		if (ret != LDB_SUCCESS) {
+			ldb_asprintf_errstring(ldb_module_get_ctx(ac->module),
+					       "msDS-SecondaryKrbTgtNumber "
+					       "(entry %s) cannot be created "
+					       "or changed without "
+					       "DS-Install-Replica extended right!",
+					       ldb_dn_get_linearized(ac->msg->dn));
+			return ret;
+		}
+	}
+
+	el = ldb_msg_find_element(ac->msg, "msDS-AllowedToDelegateTo");
+	if (el) {
+		/*
+		 * msDS-AllowedToDelegateTo is incredibly powerful,
+		 * given that it allows a server to become ANY USER on
+		 * the target server only listed by SPN so needs to be
+		 * protected just as the userAccountControl
+		 * UF_TRUSTED_FOR_DELEGATION is.
+		 */
+
+		bool have_priv = security_token_has_privilege(user_token,
+							      SEC_PRIV_ENABLE_DELEGATION);
+		if (have_priv == false) {
+			ldb_asprintf_errstring(ldb_module_get_ctx(ac->module),
+					       "msDS-AllowedToDelegateTo "
+					       "(entry %s) cannot be created "
+					       "or changed without SePrivEnableDelegation!",
+					       ldb_dn_get_linearized(ac->msg->dn));
+			return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
+		}
+	}
+	return LDB_SUCCESS;
+}
+/* add */
+static int samldb_add(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct samldb_ctx *ac;
+	struct ldb_message_element *el;
+	int ret;
+	char *referral = NULL;
+
+	ldb = ldb_module_get_ctx(module);
+	ldb_debug(ldb, LDB_DEBUG_TRACE, "samldb_add\n");
+
+	/* do not manipulate our control entries */
+	if (ldb_dn_is_special(req->op.add.message->dn)) {
+		return ldb_next_request(module, req);
+	}
+
+	referral = refer_if_rodc(ldb, req, req->op.add.message->dn);
+	if (referral != NULL) {
+		ret = ldb_module_send_referral(req, referral);
+		return ret;
+	}
+
+	el = ldb_msg_find_element(req->op.add.message, "userParameters");
+	if (el != NULL && ldb_req_is_untrusted(req)) {
+		const char *reason = "samldb_add: "
+			"setting userParameters is not supported over LDAP, "
+			"see https://bugzilla.samba.org/show_bug.cgi?id=8077";
+		ldb_debug(ldb, LDB_DEBUG_WARNING, "%s", reason);
+		return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, reason);
+	}
+
+	ac = samldb_ctx_init(module, req);
+	if (ac == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	/* build the new msg */
+	ac->msg = ldb_msg_copy_shallow(ac, req->op.add.message);
+	if (ac->msg == NULL) {
+		talloc_free(ac);
+		ldb_debug(ldb, LDB_DEBUG_FATAL,
+			  "samldb_add: ldb_msg_copy_shallow failed!\n");
+		return ldb_operr(ldb);
+	}
+
+	ret = samldb_check_sensitive_attributes(ac);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(ac);
+		return ret;
+	}
+
+	el = ldb_msg_find_element(ac->msg, "fSMORoleOwner");
+	if (el != NULL) {
+		ret = samldb_fsmo_role_owner_check(ac);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	el = ldb_msg_find_element(ac->msg, "servicePrincipalName");
+	if ((el != NULL)) {
+		/*
+		 * We need to check whether the SPN collides with an existing
+		 * one (anywhere) including via aliases.
+		 */
+		ret = samldb_spn_uniqueness_check(ac, el);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	if (samdb_find_attribute(ldb, ac->msg,
+				 "objectclass", "user") != NULL) {
+		ac->type = SAMLDB_TYPE_USER;
+
+		ret = samldb_prim_group_trigger(ac);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		ret = samldb_objectclass_trigger(ac);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		return samldb_fill_object(ac);
+	}
+
+	if (samdb_find_attribute(ldb, ac->msg,
+				 "objectclass", "group") != NULL) {
+		ac->type = SAMLDB_TYPE_GROUP;
+
+		ret = samldb_objectclass_trigger(ac);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		return samldb_fill_object(ac);
+	}
+
+	/* perhaps a foreignSecurityPrincipal? */
+	if (samdb_find_attribute(ldb, ac->msg,
+				 "objectclass",
+				 "foreignSecurityPrincipal") != NULL) {
+		return samldb_fill_foreignSecurityPrincipal_object(ac);
+	}
+
+	if (samdb_find_attribute(ldb, ac->msg,
+				 "objectclass", "classSchema") != NULL) {
+		ac->type = SAMLDB_TYPE_CLASS;
+
+		/* If in provision, these checks are too slow to do */
+		if (!ldb_request_get_control(req, DSDB_CONTROL_SKIP_DUPLICATES_CHECK_OID)) {
+			ret = samldb_schema_governsid_valid_check(ac);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+		}
+
+		ret = samldb_schema_ldapdisplayname_valid_check(ac);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		ret = samldb_schema_info_update(ac);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(ac);
+			return ret;
+		}
+
+		return samldb_fill_object(ac);
+	}
+
+	if (samdb_find_attribute(ldb, ac->msg,
+				 "objectclass", "attributeSchema") != NULL) {
+		ac->type = SAMLDB_TYPE_ATTRIBUTE;
+
+		/* If in provision, these checks are too slow to do */
+		if (!ldb_request_get_control(req, DSDB_CONTROL_SKIP_DUPLICATES_CHECK_OID)) {
+			ret = samldb_schema_attributeid_valid_check(ac);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+
+			ret = samldb_schema_add_handle_linkid(ac);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+
+			ret = samldb_schema_add_handle_mapiid(ac);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+		}
+
+		ret = samldb_schema_ldapdisplayname_valid_check(ac);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		ret = samldb_schema_info_update(ac);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(ac);
+			return ret;
+		}
+
+		return samldb_fill_object(ac);
+	}
+
+	if (samdb_find_attribute(ldb, ac->msg,
+				 "objectclass", "subnet") != NULL) {
+		ret = samldb_verify_subnet(ac, ac->msg->dn);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(ac);
+			return ret;
+		}
+		/* We are just checking the value is valid, and there are no
+		   values to fill in. */
+	}
+
+	talloc_free(ac);
+
+	/* nothing matched, go on */
+	return ldb_next_request(module, req);
+}
+
+/* modify */
+static int samldb_modify(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct samldb_ctx *ac;
+	struct ldb_message_element *el, *el2;
+	struct ldb_control *is_undelete;
+	bool modified = false;
+	int ret;
+
+	if (ldb_dn_is_special(req->op.mod.message->dn)) {
+		/* do not manipulate our control entries */
+		return ldb_next_request(module, req);
+	}
+
+	ldb = ldb_module_get_ctx(module);
+
+	/*
+	 * we are going to need some special handling if in Undelete call.
+	 * Since tombstone_reanimate module will restore certain attributes,
+	 * we need to relax checks for: sAMAccountType, primaryGroupID
+	 */
+	is_undelete = ldb_request_get_control(req, DSDB_CONTROL_RESTORE_TOMBSTONE_OID);
+
+	/* make sure that "objectSid" is not specified */
+	el = ldb_msg_find_element(req->op.mod.message, "objectSid");
+	if (el != NULL) {
+		if (ldb_request_get_control(req, LDB_CONTROL_PROVISION_OID) == NULL) {
+			ldb_set_errstring(ldb,
+					  "samldb: objectSid must not be specified!");
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+	}
+	if (is_undelete == NULL) {
+		/* make sure that "sAMAccountType" is not specified */
+		el = ldb_msg_find_element(req->op.mod.message, "sAMAccountType");
+		if (el != NULL) {
+			ldb_set_errstring(ldb,
+					  "samldb: sAMAccountType must not be specified!");
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+	}
+	/* make sure that "isCriticalSystemObject" is not specified */
+	el = ldb_msg_find_element(req->op.mod.message, "isCriticalSystemObject");
+	if (el != NULL) {
+		if (ldb_request_get_control(req, LDB_CONTROL_RELAX_OID) == NULL) {
+			ldb_set_errstring(ldb,
+					  "samldb: isCriticalSystemObject must not be specified!");
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+	}
+
+	/* msDS-IntId is not allowed to be modified
+	 * except when modification comes from replication */
+	if (ldb_msg_find_element(req->op.mod.message, "msDS-IntId")) {
+		if (!ldb_request_get_control(req,
+					     DSDB_CONTROL_REPLICATED_UPDATE_OID)) {
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+	}
+
+	el = ldb_msg_find_element(req->op.mod.message, "userParameters");
+	if (el != NULL && ldb_req_is_untrusted(req)) {
+		const char *reason = "samldb: "
+			"setting userParameters is not supported over LDAP, "
+			"see https://bugzilla.samba.org/show_bug.cgi?id=8077";
+		ldb_debug(ldb, LDB_DEBUG_WARNING, "%s", reason);
+		return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, reason);
+	}
+
+	ac = samldb_ctx_init(module, req);
+	if (ac == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	/* build the new msg */
+	ac->msg = ldb_msg_copy_shallow(ac, req->op.mod.message);
+	if (ac->msg == NULL) {
+		talloc_free(ac);
+		ldb_debug(ldb, LDB_DEBUG_FATAL,
+			  "samldb_modify: ldb_msg_copy_shallow failed!\n");
+		return ldb_operr(ldb);
+	}
+
+	ret = samldb_check_sensitive_attributes(ac);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(ac);
+		return ret;
+	}
+
+	if (is_undelete == NULL) {
+		el = ldb_msg_find_element(ac->msg, "primaryGroupID");
+		if (el != NULL) {
+			ret = samldb_prim_group_trigger(ac);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+		}
+	}
+
+	el = ldb_msg_find_element(ac->msg, "userAccountControl");
+	if (el != NULL) {
+		modified = true;
+		ret = samldb_user_account_control_change(ac);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	el = ldb_msg_find_element(ac->msg, "pwdLastSet");
+	if (el != NULL) {
+		modified = true;
+		ret = samldb_pwd_last_set_change(ac);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	el = ldb_msg_find_element(ac->msg, "lockoutTime");
+	if (el != NULL) {
+		modified = true;
+		ret = samldb_lockout_time(ac);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	el = ldb_msg_find_element(ac->msg, "groupType");
+	if (el != NULL) {
+		modified = true;
+		ret = samldb_group_type_change(ac);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	el = ldb_msg_find_element(ac->msg, "sAMAccountName");
+	if (el != NULL) {
+		uint32_t user_account_control;
+		struct ldb_result *res = NULL;
+		const char * const attrs[] = { "userAccountControl",
+					       "objectclass",
+					       NULL };
+		ret = dsdb_module_search_dn(ac->module,
+					    ac,
+					    &res,
+					    ac->msg->dn,
+					    attrs,
+					    DSDB_FLAG_NEXT_MODULE | DSDB_SEARCH_SHOW_DELETED,
+					    ac->req);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+		user_account_control
+			= ldb_msg_find_attr_as_uint(res->msgs[0],
+						    "userAccountControl",
+						    0);
+
+		if ((user_account_control
+		     & UF_TRUST_ACCOUNT_MASK) != 0) {
+			ac->need_trailing_dollar = true;
+
+		} else if (samdb_find_attribute(ldb,
+						res->msgs[0],
+						"objectclass",
+						"computer")
+			   != NULL) {
+			ac->need_trailing_dollar = true;
+		}
+
+		ret = samldb_sam_accountname_valid_check(ac);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	el = ldb_msg_find_element(ac->msg, "userPrincipalName");
+	if (el != NULL) {
+		ret = samldb_sam_account_upn_clash(ac);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(ac);
+			return ret;
+		}
+	}
+
+	el = ldb_msg_find_element(ac->msg, "ldapDisplayName");
+	if (el != NULL) {
+		ret = samldb_schema_ldapdisplayname_valid_check(ac);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	el = ldb_msg_find_element(ac->msg, "attributeID");
+	if (el != NULL) {
+		ldb_asprintf_errstring(ldb_module_get_ctx(ac->module),
+				       "Once set, attributeID values may not be modified");
+		return LDB_ERR_CONSTRAINT_VIOLATION;
+	}
+
+	el = ldb_msg_find_element(ac->msg, "governsID");
+	if (el != NULL) {
+		ldb_asprintf_errstring(ldb_module_get_ctx(ac->module),
+				       "Once set, governsID values may not be modified");
+		return LDB_ERR_CONSTRAINT_VIOLATION;
+	}
+
+	el = ldb_msg_find_element(ac->msg, "member");
+	if (el != NULL) {
+		struct ldb_control *fix_link_sid_ctrl = NULL;
+
+		fix_link_sid_ctrl = ldb_request_get_control(ac->req,
+					DSDB_CONTROL_DBCHECK_FIX_LINK_DN_SID);
+		if (fix_link_sid_ctrl == NULL) {
+			ret = samldb_member_check(ac);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+		}
+	}
+
+	el = ldb_msg_find_element(ac->msg, "description");
+	if (el != NULL) {
+		ret = samldb_description_check(ac, &modified);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	el = ldb_msg_find_element(ac->msg, "dNSHostName");
+	el2 = ldb_msg_find_element(ac->msg, "sAMAccountName");
+	if ((el != NULL) || (el2 != NULL)) {
+		modified = true;
+		/*
+		 * samldb_service_principal_names_change() might add SPN
+		 * changes to the request, so this must come before the SPN
+		 * uniqueness check below.
+		 *
+		 * Note we ALSO have to do the SPN uniqueness check inside
+		 * samldb_service_principal_names_change(), because it does a
+		 * subrequest to do requested SPN modifications *before* its
+		 * automatic ones are added.
+		 */
+		ret = samldb_service_principal_names_change(ac);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	el = ldb_msg_find_element(ac->msg, "servicePrincipalName");
+	if ((el != NULL)) {
+		/*
+		 * We need to check whether the SPN collides with an existing
+		 * one (anywhere) including via aliases.
+		 */
+		modified = true;
+		ret = samldb_spn_uniqueness_check(ac, el);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	el = ldb_msg_find_element(ac->msg, "fSMORoleOwner");
+	if (el != NULL) {
+		ret = samldb_fsmo_role_owner_check(ac);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	if (modified) {
+		struct ldb_request *child_req;
+
+		/* Now perform the real modifications as a child request */
+		ret = ldb_build_mod_req(&child_req, ldb, ac,
+					ac->msg,
+					req->controls,
+					req, dsdb_next_callback,
+					req);
+		LDB_REQ_SET_LOCATION(child_req);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		return ldb_next_request(module, child_req);
+	}
+
+	talloc_free(ac);
+
+	/* no change which interests us, go on */
+	return ldb_next_request(module, req);
+}
+
+/* delete */
+
+static int samldb_prim_group_users_check(struct samldb_ctx *ac)
+{
+	struct ldb_context *ldb;
+	struct dom_sid *sid;
+	uint32_t rid;
+	NTSTATUS status;
+	int ret;
+	struct ldb_result *res = NULL;
+	struct ldb_result *res_users = NULL;
+	const char * const attrs[] = { "objectSid", "isDeleted", NULL };
+	const char * const noattrs[] = { NULL };
+
+	ldb = ldb_module_get_ctx(ac->module);
+
+	/* Finds out the SID/RID of the SAM object */
+	ret = dsdb_module_search_dn(ac->module, ac, &res, ac->req->op.del.dn,
+					attrs,
+					DSDB_FLAG_NEXT_MODULE | DSDB_SEARCH_SHOW_DELETED,
+					ac->req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (ldb_msg_check_string_attribute(res->msgs[0], "isDeleted", "TRUE")) {
+		return LDB_SUCCESS;
+	}
+
+	sid = samdb_result_dom_sid(ac, res->msgs[0], "objectSid");
+	if (sid == NULL) {
+		/* No SID - it might not be a SAM object - therefore ok */
+		return LDB_SUCCESS;
+	}
+	status = dom_sid_split_rid(ac, sid, NULL, &rid);
+	if (!NT_STATUS_IS_OK(status)) {
+		return ldb_operr(ldb);
+	}
+	if (rid == 0) {
+		/* Special object (security principal?) */
+		return LDB_SUCCESS;
+	}
+	/* do not allow deletion of well-known sids */
+	if (rid < DSDB_SAMDB_MINIMUM_ALLOWED_RID &&
+	    (ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID) == NULL)) {
+		return LDB_ERR_OTHER;
+	}
+
+	/* Deny delete requests from groups which are primary ones */
+	ret = dsdb_module_search(ac->module, ac, &res_users,
+				 ldb_get_default_basedn(ldb),
+				 LDB_SCOPE_SUBTREE, noattrs,
+				 DSDB_FLAG_NEXT_MODULE,
+				 ac->req,
+				 "(&(primaryGroupID=%u)(objectClass=user))", rid);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	if (res_users->count > 0) {
+		ldb_asprintf_errstring(ldb_module_get_ctx(ac->module),
+				       "Refusing to delete %s, as it "
+				       "is still the primaryGroupID "
+				       "for %u users",
+				       ldb_dn_get_linearized(res->msgs[0]->dn),
+				       res_users->count);
+
+		/*
+		 * Yes, this seems very wrong, but we have a test
+		 * for this exact error code in sam.py
+		 */
+		return LDB_ERR_ENTRY_ALREADY_EXISTS;
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int samldb_delete(struct ldb_module *module, struct ldb_request *req)
+{
+	struct samldb_ctx *ac;
+	char *referral = NULL;
+	int ret;
+	struct ldb_context *ldb;
+
+	if (ldb_dn_is_special(req->op.del.dn)) {
+		/* do not manipulate our control entries */
+		return ldb_next_request(module, req);
+	}
+
+	ldb = ldb_module_get_ctx(module);
+
+	referral = refer_if_rodc(ldb, req, req->op.del.dn);
+	if (referral != NULL) {
+		ret = ldb_module_send_referral(req, referral);
+		return ret;
+	}
+
+	ac = samldb_ctx_init(module, req);
+	if (ac == NULL) {
+		return ldb_operr(ldb_module_get_ctx(module));
+	}
+
+	ret = samldb_prim_group_users_check(ac);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	talloc_free(ac);
+
+	return ldb_next_request(module, req);
+}
+
+/* rename */
+
+static int check_rename_constraints(struct ldb_message *msg,
+				    struct samldb_ctx *ac,
+				    struct ldb_dn *olddn, struct ldb_dn *newdn)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+	struct ldb_dn *dn1, *dn2, *nc_root;
+	int32_t systemFlags;
+	bool move_op = false;
+	bool rename_op = false;
+	int ret;
+
+	/* Skip the checks if old and new DN are the same, or if we have the
+	 * relax control specified or if the returned objects is already
+	 * deleted and needs only to be moved for consistency. */
+
+	if (ldb_dn_compare(olddn, newdn) == 0) {
+		return LDB_SUCCESS;
+	}
+	if (ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID) != NULL) {
+		return LDB_SUCCESS;
+	}
+
+	if (ldb_msg_find_attr_as_bool(msg, "isDeleted", false)) {
+		/*
+		 * check originating request if we are supposed
+		 * to "see" this record in first place.
+		 */
+		if (ldb_request_get_control(ac->req, LDB_CONTROL_SHOW_DELETED_OID) == NULL) {
+			return LDB_ERR_NO_SUCH_OBJECT;
+		}
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	/* Objects under CN=System */
+
+	dn1 = samdb_system_container_dn(ldb, ac);
+	if (dn1 == NULL) return ldb_oom(ldb);
+
+	if ((ldb_dn_compare_base(dn1, olddn) == 0) &&
+	    (ldb_dn_compare_base(dn1, newdn) != 0)) {
+		talloc_free(dn1);
+		ldb_asprintf_errstring(ldb,
+				       "subtree_rename: Cannot move/rename %s. Objects under CN=System have to stay under it!",
+				       ldb_dn_get_linearized(olddn));
+		return LDB_ERR_OTHER;
+	}
+
+	talloc_free(dn1);
+
+	/* LSA objects */
+
+	if ((samdb_find_attribute(ldb, msg, "objectClass", "secret") != NULL) ||
+	    (samdb_find_attribute(ldb, msg, "objectClass", "trustedDomain") != NULL)) {
+		ldb_asprintf_errstring(ldb,
+				       "subtree_rename: Cannot move/rename %s. It's an LSA-specific object!",
+				       ldb_dn_get_linearized(olddn));
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	/* subnet objects */
+	if (samdb_find_attribute(ldb, msg, "objectclass", "subnet") != NULL) {
+		ret = samldb_verify_subnet(ac, newdn);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	/* systemFlags */
+
+	dn1 = ldb_dn_get_parent(ac, olddn);
+	if (dn1 == NULL) return ldb_oom(ldb);
+	dn2 = ldb_dn_get_parent(ac, newdn);
+	if (dn2 == NULL) return ldb_oom(ldb);
+
+	if (ldb_dn_compare(dn1, dn2) == 0) {
+		rename_op = true;
+	} else {
+		move_op = true;
+	}
+
+	talloc_free(dn1);
+	talloc_free(dn2);
+
+	systemFlags = ldb_msg_find_attr_as_int(msg, "systemFlags", 0);
+
+	/* Fetch name context */
+
+	ret = dsdb_find_nc_root(ldb, ac, olddn, &nc_root);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (ldb_dn_compare(nc_root, ldb_get_schema_basedn(ldb)) == 0) {
+		if (move_op) {
+			ldb_asprintf_errstring(ldb,
+					       "subtree_rename: Cannot move %s within schema partition",
+					       ldb_dn_get_linearized(olddn));
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+		if (rename_op &&
+		    (systemFlags & SYSTEM_FLAG_SCHEMA_BASE_OBJECT) != 0) {
+			ldb_asprintf_errstring(ldb,
+					       "subtree_rename: Cannot rename %s within schema partition",
+					       ldb_dn_get_linearized(olddn));
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+	} else if (ldb_dn_compare(nc_root, ldb_get_config_basedn(ldb)) == 0) {
+		if (move_op &&
+		    (systemFlags & SYSTEM_FLAG_CONFIG_ALLOW_MOVE) == 0) {
+			/* Here we have to do more: control the
+			 * "ALLOW_LIMITED_MOVE" flag. This means that the
+			 * grand-grand-parents of two objects have to be equal
+			 * in order to perform the move (this is used for
+			 * moving "server" objects in the "sites" container). */
+			bool limited_move =
+				systemFlags & SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE;
+
+			if (limited_move) {
+				dn1 = ldb_dn_copy(ac, olddn);
+				if (dn1 == NULL) return ldb_oom(ldb);
+				dn2 = ldb_dn_copy(ac, newdn);
+				if (dn2 == NULL) return ldb_oom(ldb);
+
+				limited_move &= ldb_dn_remove_child_components(dn1, 3);
+				limited_move &= ldb_dn_remove_child_components(dn2, 3);
+				limited_move &= ldb_dn_compare(dn1, dn2) == 0;
+
+				talloc_free(dn1);
+				talloc_free(dn2);
+			}
+
+			if (!limited_move
+			    && ldb_request_get_control(ac->req, DSDB_CONTROL_RESTORE_TOMBSTONE_OID) == NULL) {
+				ldb_asprintf_errstring(ldb,
+						       "subtree_rename: Cannot move %s to %s in config partition",
+						       ldb_dn_get_linearized(olddn), ldb_dn_get_linearized(newdn));
+				return LDB_ERR_UNWILLING_TO_PERFORM;
+			}
+		}
+		if (rename_op &&
+		    (systemFlags & SYSTEM_FLAG_CONFIG_ALLOW_RENAME) == 0) {
+			ldb_asprintf_errstring(ldb,
+					       "subtree_rename: Cannot rename %s to %s within config partition",
+					       ldb_dn_get_linearized(olddn), ldb_dn_get_linearized(newdn));
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+	} else if (ldb_dn_compare(nc_root, ldb_get_default_basedn(ldb)) == 0) {
+		if (move_op &&
+		    (systemFlags & SYSTEM_FLAG_DOMAIN_DISALLOW_MOVE) != 0) {
+			ldb_asprintf_errstring(ldb,
+					       "subtree_rename: Cannot move %s to %s - DISALLOW_MOVE set",
+					       ldb_dn_get_linearized(olddn), ldb_dn_get_linearized(newdn));
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+		if (rename_op &&
+		    (systemFlags & SYSTEM_FLAG_DOMAIN_DISALLOW_RENAME) != 0) {
+			ldb_asprintf_errstring(ldb,
+						       "subtree_rename: Cannot rename %s to %s - DISALLOW_RENAME set",
+					       ldb_dn_get_linearized(olddn), ldb_dn_get_linearized(newdn));
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+	}
+
+	talloc_free(nc_root);
+
+	return LDB_SUCCESS;
+}
+
+
+static int samldb_rename_search_base_callback(struct ldb_request *req,
+					       struct ldb_reply *ares)
+{
+	struct samldb_ctx *ac;
+	int ret;
+
+	ac = talloc_get_type(req->context, struct samldb_ctx);
+
+	if (!ares) {
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+		/*
+		 * This is the root entry of the originating move
+		 * respectively rename request. It has been already
+		 * stored in the list using "subtree_rename_search()".
+		 * Only this one is subject to constraint checking.
+		 */
+		ret = check_rename_constraints(ares->message, ac,
+					       ac->req->op.rename.olddn,
+					       ac->req->op.rename.newdn);
+		if (ret != LDB_SUCCESS) {
+			return ldb_module_done(ac->req, NULL, NULL,
+					       ret);
+		}
+		break;
+
+	case LDB_REPLY_REFERRAL:
+		/* ignore */
+		break;
+
+	case LDB_REPLY_DONE:
+
+		/*
+		 * Great, no problem with the rename, so go ahead as
+		 * if we never were here
+		 */
+		ret = ldb_next_request(ac->module, ac->req);
+		talloc_free(ares);
+		return ret;
+	}
+
+	talloc_free(ares);
+	return LDB_SUCCESS;
+}
+
+
+/* rename */
+static int samldb_rename(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	static const char * const attrs[] = { "objectClass", "systemFlags",
+					      "isDeleted", NULL };
+	struct ldb_request *search_req;
+	struct samldb_ctx *ac;
+	int ret;
+
+	if (ldb_dn_is_special(req->op.rename.olddn)) { /* do not manipulate our control entries */
+		return ldb_next_request(module, req);
+	}
+
+	ldb = ldb_module_get_ctx(module);
+
+	ac = samldb_ctx_init(module, req);
+	if (!ac) {
+		return ldb_oom(ldb);
+	}
+
+	ret = ldb_build_search_req(&search_req, ldb, ac,
+				   req->op.rename.olddn,
+				   LDB_SCOPE_BASE,
+				   "(objectClass=*)",
+				   attrs,
+				   NULL,
+				   ac,
+				   samldb_rename_search_base_callback,
+				   req);
+	LDB_REQ_SET_LOCATION(search_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = ldb_request_add_control(search_req, LDB_CONTROL_SHOW_RECYCLED_OID,
+				      true, NULL);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return ldb_next_request(ac->module, search_req);
+}
+
+/* extended */
+
+static int samldb_extended_allocate_rid_pool(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct dsdb_fsmo_extended_op *exop;
+	int ret;
+
+	exop = talloc_get_type(req->op.extended.data,
+			       struct dsdb_fsmo_extended_op);
+	if (!exop) {
+		ldb_set_errstring(ldb,
+				  "samldb_extended_allocate_rid_pool: invalid extended data");
+		return LDB_ERR_PROTOCOL_ERROR;
+	}
+
+	ret = ridalloc_allocate_rid_pool_fsmo(module, exop, req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return ldb_module_done(req, NULL, NULL, LDB_SUCCESS);
+}
+
+static int samldb_extended_allocate_rid(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct dsdb_extended_allocate_rid *exop;
+	int ret;
+
+	exop = talloc_get_type(req->op.extended.data,
+			       struct dsdb_extended_allocate_rid);
+	if (!exop) {
+		ldb_set_errstring(ldb,
+				  "samldb_extended_allocate_rid: invalid extended data");
+		return LDB_ERR_PROTOCOL_ERROR;
+	}
+
+	ret = ridalloc_allocate_rid(module, &exop->rid, req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return ldb_module_done(req, NULL, NULL, LDB_SUCCESS);
+}
+
+static int samldb_extended_create_own_rid_set(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	int ret;
+	struct ldb_dn *dn;
+
+	if (req->op.extended.data != NULL) {
+		ldb_set_errstring(ldb,
+				  "samldb_extended_create_own_rid_set: invalid extended data (should be NULL)");
+		return LDB_ERR_PROTOCOL_ERROR;
+	}
+
+	ret = ridalloc_create_own_rid_set(module, req,
+					  &dn, req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return ldb_module_done(req, NULL, NULL, LDB_SUCCESS);
+}
+
+static int samldb_extended(struct ldb_module *module, struct ldb_request *req)
+{
+	if (strcmp(req->op.extended.oid, DSDB_EXTENDED_ALLOCATE_RID_POOL) == 0) {
+		return samldb_extended_allocate_rid_pool(module, req);
+	}
+
+	if (strcmp(req->op.extended.oid, DSDB_EXTENDED_ALLOCATE_RID) == 0) {
+		return samldb_extended_allocate_rid(module, req);
+	}
+
+	if (strcmp(req->op.extended.oid, DSDB_EXTENDED_CREATE_OWN_RID_SET) == 0) {
+		return samldb_extended_create_own_rid_set(module, req);
+	}
+
+	return ldb_next_request(module, req);
+}
+
+
+static const struct ldb_module_ops ldb_samldb_module_ops = {
+	.name          = "samldb",
+	.add           = samldb_add,
+	.modify        = samldb_modify,
+	.del           = samldb_delete,
+	.rename        = samldb_rename,
+	.extended      = samldb_extended
+};
+
+
+int ldb_samldb_module_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_samldb_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/schema_data.c b/source4/dsdb/samdb/ldb_modules/schema_data.c
new file mode 100644
index 0000000..17dd7c4
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/schema_data.c
@@ -0,0 +1,691 @@
+/* 
+   Unix SMB/CIFS Implementation.
+
+   The module that handles the Schema checkings and dynamic attributes
+   
+   Copyright (C) Stefan Metzmacher <metze@samba.org> 2007
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2009
+    
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+   
+*/
+
+#include "includes.h"
+#include "ldb_module.h"
+#include "dsdb/samdb/samdb.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "param/param.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+
+#undef strcasecmp
+
+static int generate_objectClasses(struct ldb_context *ldb, struct ldb_message *msg,
+				  const struct dsdb_schema *schema);
+static int generate_attributeTypes(struct ldb_context *ldb, struct ldb_message *msg,
+				   const struct dsdb_schema *schema);
+static int generate_dITContentRules(struct ldb_context *ldb, struct ldb_message *msg,
+				    const struct dsdb_schema *schema);
+static int generate_extendedAttributeInfo(struct ldb_context *ldb, struct ldb_message *msg,
+					  const struct dsdb_schema *schema);
+static int generate_extendedClassInfo(struct ldb_context *ldb, struct ldb_message *msg,
+				      const struct dsdb_schema *schema);
+static int generate_possibleInferiors(struct ldb_context *ldb, struct ldb_message *msg,
+				      const struct dsdb_schema *schema);
+
+static const struct {
+	const char *attr;
+	int (*fn)(struct ldb_context *, struct ldb_message *, const struct dsdb_schema *);
+	bool aggregate;
+} generated_attrs[] = {
+	{
+		.attr = "objectClasses",
+		.fn = generate_objectClasses,
+		.aggregate = true,
+	},
+	{
+		.attr = "attributeTypes",
+		.fn = generate_attributeTypes,
+		.aggregate = true,
+	},
+	{
+		.attr = "dITContentRules",
+		.fn = generate_dITContentRules,
+		.aggregate = true,
+	},
+	{
+		.attr = "extendedAttributeInfo",
+		.fn = generate_extendedAttributeInfo,
+		.aggregate = true,
+	},
+	{
+		.attr = "extendedClassInfo",
+		.fn = generate_extendedClassInfo,
+		.aggregate = true,
+	},
+	{
+		.attr = "possibleInferiors",
+		.fn = generate_possibleInferiors,
+		.aggregate = false,
+	}
+};
+
+struct schema_data_private_data {
+	struct ldb_dn *aggregate_dn;
+	struct ldb_dn *schema_dn;
+};
+
+struct schema_data_search_data {
+	struct ldb_module *module;
+	struct ldb_request *req;
+
+	const struct dsdb_schema *schema;
+};
+
+static int schema_data_init(struct ldb_module *module)
+{
+	struct ldb_context *ldb;
+	struct ldb_dn *schema_dn;
+	int ret;
+	struct schema_data_private_data *data;
+
+	ret = ldb_next_init(module);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ldb = ldb_module_get_ctx(module);
+	schema_dn = ldb_get_schema_basedn(ldb);
+	if (!schema_dn) {
+		ldb_reset_err_string(ldb);
+		ldb_debug(ldb, LDB_DEBUG_WARNING,
+			  "schema_data_init: no schema dn present: (skip schema loading)\n");
+		return LDB_SUCCESS;
+	}
+
+	data = talloc(module, struct schema_data_private_data);
+	if (data == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	data->schema_dn = schema_dn;
+
+	/* Used to check to see if this is a result on the CN=Aggregate schema */
+	data->aggregate_dn = samdb_aggregate_schema_dn(ldb, data);
+	if (!data->aggregate_dn) {
+		ldb_asprintf_errstring(ldb, "schema_data_init: Could not build aggregate schema DN for schema in %s", ldb_dn_get_linearized(schema_dn));
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	ldb_module_set_private(module, data);
+	return LDB_SUCCESS;
+}
+
+static int schema_data_add(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct dsdb_schema *schema;
+	const struct ldb_val *attributeID = NULL;
+	const struct ldb_val *governsID = NULL;
+	const char *oid_attr = NULL;
+	const char *oid = NULL;
+	struct ldb_dn *parent_dn = NULL;
+	int cmp;
+	WERROR status;
+	bool rodc = false;
+	int ret;
+	struct schema_data_private_data *mc;
+	mc = talloc_get_type(ldb_module_get_private(module), struct schema_data_private_data);
+
+	ldb = ldb_module_get_ctx(module);
+
+	/* special objects should always go through */
+	if (ldb_dn_is_special(req->op.add.message->dn)) {
+		return ldb_next_request(module, req);
+	}
+
+	/* replicated update should always go through */
+	if (ldb_request_get_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID)) {
+		return ldb_next_request(module, req);
+	}
+
+	schema = dsdb_get_schema(ldb, req);
+	if (!schema) {
+		return ldb_next_request(module, req);
+	}
+
+	ret = samdb_rodc(ldb, &rodc);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(4, (__location__ ": unable to tell if we are an RODC \n"));
+	}
+
+	if (!schema->fsmo.we_are_master && !rodc) {
+		ldb_debug_set(ldb, LDB_DEBUG_ERROR,
+			  "schema_data_add: we are not master: reject add request\n");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	if (!schema->fsmo.update_allowed && !rodc) {
+		ldb_debug_set(ldb, LDB_DEBUG_ERROR,
+			  "schema_data_add: updates are not allowed: reject add request\n");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	if (ldb_request_get_control(req, LDB_CONTROL_RELAX_OID)) {
+		/*
+		 * the provision code needs to create
+		 * the schema root object.
+		 */
+		cmp = ldb_dn_compare(req->op.add.message->dn, mc->schema_dn);
+		if (cmp == 0) {
+			return ldb_next_request(module, req);
+		}
+	}
+
+	parent_dn = ldb_dn_get_parent(req, req->op.add.message->dn);
+	if (!parent_dn) {
+		return ldb_oom(ldb);
+	}
+
+	cmp = ldb_dn_compare(parent_dn, mc->schema_dn);
+	if (cmp != 0) {
+		ldb_debug_set(ldb, LDB_DEBUG_ERROR,
+			  "schema_data_add: no direct child :%s\n",
+			  ldb_dn_get_linearized(req->op.add.message->dn));
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	attributeID = ldb_msg_find_ldb_val(req->op.add.message, "attributeID");
+	governsID = ldb_msg_find_ldb_val(req->op.add.message, "governsID");
+
+	if (attributeID) {
+		oid_attr = "attributeID";
+		oid = talloc_strndup(req, (const char *)attributeID->data, attributeID->length);
+	} else if (governsID) {
+		oid_attr = "governsID";
+		oid = talloc_strndup(req, (const char *)governsID->data, governsID->length);
+	} else {
+		return ldb_next_request(module, req);
+	}
+
+	if (!oid) {
+		return ldb_oom(ldb);
+	}
+
+	status = dsdb_schema_pfm_find_oid(schema->prefixmap, oid, NULL);
+	if (!W_ERROR_IS_OK(status)) {
+		/* check for internal errors */
+		if (!W_ERROR_EQUAL(status, WERR_NOT_FOUND)) {
+			ldb_debug_set(ldb, LDB_DEBUG_ERROR,
+			              "schema_data_add: failed to map %s[%s]: %s\n",
+			              oid_attr, oid, win_errstr(status));
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+
+		/* Update prefixMap and save it */
+		status = dsdb_create_prefix_mapping(ldb, schema, oid);
+		if (!W_ERROR_IS_OK(status)) {
+			ldb_debug_set(ldb, LDB_DEBUG_ERROR,
+				  "schema_data_add: failed to create prefix mapping for %s[%s]: %s\n",
+				  oid_attr, oid, win_errstr(status));
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+	}
+
+	return ldb_next_request(module, req);
+}
+
+static int schema_data_modify(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct dsdb_schema *schema;
+	int cmp;
+	bool rodc = false;
+	int ret;
+	struct ldb_control *sd_propagation_control;
+	struct schema_data_private_data *mc;
+	mc = talloc_get_type(ldb_module_get_private(module), struct schema_data_private_data);
+
+	ldb = ldb_module_get_ctx(module);
+
+	/* special objects should always go through */
+	if (ldb_dn_is_special(req->op.mod.message->dn)) {
+		return ldb_next_request(module, req);
+	}
+
+	/* replicated update should always go through */
+	if (ldb_request_get_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID)) {
+		return ldb_next_request(module, req);
+	}
+
+	/* dbcheck should be able to fix things */
+	if (ldb_request_get_control(req, DSDB_CONTROL_DBCHECK)) {
+		return ldb_next_request(module, req);
+	}
+
+	sd_propagation_control = ldb_request_get_control(req,
+					DSDB_CONTROL_SEC_DESC_PROPAGATION_OID);
+	if (sd_propagation_control != NULL) {
+		if (req->op.mod.message->num_elements != 1) {
+			return ldb_module_operr(module);
+		}
+		ret = strcmp(req->op.mod.message->elements[0].name,
+			     "nTSecurityDescriptor");
+		if (ret != 0) {
+			return ldb_module_operr(module);
+		}
+
+		return ldb_next_request(module, req);
+	}
+
+	schema = dsdb_get_schema(ldb, req);
+	if (!schema) {
+		return ldb_next_request(module, req);
+	}
+
+	cmp = ldb_dn_compare(req->op.mod.message->dn, mc->schema_dn);
+	if (cmp == 0) {
+		static const char * const constrained_attrs[] = {
+			"schemaInfo",
+			"prefixMap",
+			"msDs-Schema-Extensions",
+			"msDS-IntId",
+			NULL
+		};
+		size_t i;
+		struct ldb_message_element *el;
+
+		if (ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID)) {
+			return ldb_next_request(module, req);
+		}
+
+		for (i=0; constrained_attrs[i]; i++) {
+			el = ldb_msg_find_element(req->op.mod.message,
+						  constrained_attrs[i]);
+			if (el == NULL) {
+				continue;
+			}
+
+			ldb_debug_set(ldb, LDB_DEBUG_ERROR,
+				      "schema_data_modify: reject update "
+				      "of attribute[%s]\n",
+				      constrained_attrs[i]);
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+
+		return ldb_next_request(module, req);
+	}
+
+	ret = samdb_rodc(ldb, &rodc);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(4, (__location__ ": unable to tell if we are an RODC \n"));
+	}
+
+	if (!schema->fsmo.we_are_master && !rodc) {
+		ldb_debug_set(ldb, LDB_DEBUG_ERROR,
+			  "schema_data_modify: we are not master: reject modify request\n");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	if (!schema->fsmo.update_allowed && !rodc) {
+		ldb_debug_set(ldb, LDB_DEBUG_ERROR,
+			  "schema_data_modify: updates are not allowed: reject modify request\n");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	return ldb_next_request(module, req);
+}
+
+static int schema_data_del(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct dsdb_schema *schema;
+	bool rodc = false;
+	int ret;
+
+	ldb = ldb_module_get_ctx(module);
+
+	/* special objects should always go through */
+	if (ldb_dn_is_special(req->op.del.dn)) {
+		return ldb_next_request(module, req);
+	}
+
+	/* replicated update should always go through */
+	if (ldb_request_get_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID)) {
+		return ldb_next_request(module, req);
+	}
+
+	/* dbcheck should be able to fix things */
+	if (ldb_request_get_control(req, DSDB_CONTROL_DBCHECK)) {
+		return ldb_next_request(module, req);
+	}
+
+	schema = dsdb_get_schema(ldb, req);
+	if (!schema) {
+		return ldb_next_request(module, req);
+	}
+
+	ret = samdb_rodc(ldb, &rodc);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(4, (__location__ ": unable to tell if we are an RODC \n"));
+	}
+
+	if (!schema->fsmo.we_are_master && !rodc) {
+		ldb_debug_set(ldb, LDB_DEBUG_ERROR,
+			  "schema_data_modify: we are not master: reject request\n");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	/*
+	 * normally the DACL will prevent delete
+	 * with LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS
+	 * above us.
+	 */
+	ldb_debug_set(ldb, LDB_DEBUG_ERROR,
+		      "schema_data_del: delete is not allowed in the schema\n");
+	return LDB_ERR_UNWILLING_TO_PERFORM;
+}
+
+static int generate_objectClasses(struct ldb_context *ldb, struct ldb_message *msg,
+				  const struct dsdb_schema *schema) 
+{
+	const struct dsdb_class *sclass;
+	int ret;
+
+	for (sclass = schema->classes; sclass; sclass = sclass->next) {
+		char *v = schema_class_to_description(msg, sclass);
+		if (v == NULL) {
+			return ldb_oom(ldb);
+		}
+		ret = ldb_msg_add_steal_string(msg, "objectClasses", v);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+	return LDB_SUCCESS;
+}
+static int generate_attributeTypes(struct ldb_context *ldb, struct ldb_message *msg,
+				  const struct dsdb_schema *schema) 
+{
+	const struct dsdb_attribute *attribute;
+	int ret;
+
+	for (attribute = schema->attributes; attribute; attribute = attribute->next) {
+		char *v = schema_attribute_to_description(msg, attribute);
+		if (v == NULL) {
+			return ldb_oom(ldb);
+		}
+		ret = ldb_msg_add_steal_string(msg, "attributeTypes", v);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+	return LDB_SUCCESS;
+}
+
+static int generate_dITContentRules(struct ldb_context *ldb, struct ldb_message *msg,
+				    const struct dsdb_schema *schema) 
+{
+	const struct dsdb_class *sclass;
+	int ret;
+
+	for (sclass = schema->classes; sclass; sclass = sclass->next) {
+		if (sclass->auxiliaryClass || sclass->systemAuxiliaryClass) {
+			char *ditcontentrule = schema_class_to_dITContentRule(msg, sclass, schema);
+			if (!ditcontentrule) {
+				return ldb_oom(ldb);
+			}
+			ret = ldb_msg_add_steal_string(msg, "dITContentRules", ditcontentrule);
+			if (ret != LDB_SUCCESS) {
+				return ret;
+			}
+		}
+	}
+	return LDB_SUCCESS;
+}
+
+static int generate_extendedAttributeInfo(struct ldb_context *ldb,
+					  struct ldb_message *msg,
+					  const struct dsdb_schema *schema)
+{
+	const struct dsdb_attribute *attribute;
+	int ret;
+
+	for (attribute = schema->attributes; attribute; attribute = attribute->next) {
+		char *val = schema_attribute_to_extendedInfo(msg, attribute);
+		if (!val) {
+			return ldb_oom(ldb);
+		}
+
+		ret = ldb_msg_add_steal_string(msg, "extendedAttributeInfo", val);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int generate_extendedClassInfo(struct ldb_context *ldb,
+				      struct ldb_message *msg,
+				      const struct dsdb_schema *schema)
+{
+	const struct dsdb_class *sclass;
+	int ret;
+
+	for (sclass = schema->classes; sclass; sclass = sclass->next) {
+		char *val = schema_class_to_extendedInfo(msg, sclass);
+		if (!val) {
+			return ldb_oom(ldb);
+		}
+
+		ret = ldb_msg_add_steal_string(msg, "extendedClassInfo", val);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	return LDB_SUCCESS;
+}
+
+
+static int generate_possibleInferiors(struct ldb_context *ldb, struct ldb_message *msg,
+				      const struct dsdb_schema *schema) 
+{
+	struct ldb_dn *dn = msg->dn;
+	unsigned int i;
+	int ret;
+	const char *first_component_name = ldb_dn_get_component_name(dn, 0);
+	const struct ldb_val *first_component_val;
+	const struct dsdb_class *schema_class;
+	const char **possibleInferiors;
+
+	if (strcasecmp(first_component_name, "cn") != 0) {
+		return LDB_SUCCESS;
+	}
+
+	first_component_val = ldb_dn_get_component_val(dn, 0);
+
+	schema_class = dsdb_class_by_cn_ldb_val(schema, first_component_val);
+	if (schema_class == NULL) {
+		return LDB_SUCCESS;
+	}
+	
+	possibleInferiors = schema_class->possibleInferiors;
+	if (possibleInferiors == NULL) {
+		return LDB_SUCCESS;
+	}
+
+	for (i=0;possibleInferiors[i];i++) {
+		char *v = talloc_strdup(msg, possibleInferiors[i]);
+		if (v == NULL) {
+			return ldb_oom(ldb);
+		}
+		ret = ldb_msg_add_steal_string(msg, "possibleInferiors", v);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	return LDB_SUCCESS;
+}
+
+
+/* Add objectClasses, attributeTypes and dITContentRules from the
+   schema object (they are not stored in the database)
+ */
+static int schema_data_search_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	struct ldb_context *ldb;
+	struct schema_data_search_data *ac;
+	struct schema_data_private_data *mc;
+	unsigned int i;
+	int ret;
+
+	ac = talloc_get_type(req->context, struct schema_data_search_data);
+	mc = talloc_get_type(ldb_module_get_private(ac->module), struct schema_data_private_data);
+	ldb = ldb_module_get_ctx(ac->module);
+
+	if (!ares) {
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+	/* Only entries are interesting, and we handle the case of the parent separately */
+
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+
+		if (ldb_dn_compare(ares->message->dn, mc->aggregate_dn) == 0) {
+			for (i=0; i < ARRAY_SIZE(generated_attrs); i++) {
+				if (generated_attrs[i].aggregate &&
+				    ldb_attr_in_list(ac->req->op.search.attrs, generated_attrs[i].attr)) {
+					ret = generated_attrs[i].fn(ldb, ares->message, ac->schema);
+					if (ret != LDB_SUCCESS) {
+						return ret;
+					}
+				}
+			}
+		} else if ((ldb_dn_compare_base(mc->schema_dn, ares->message->dn) == 0)
+			   && (ldb_dn_compare(mc->schema_dn, ares->message->dn) != 0)) {
+			for (i=0; i < ARRAY_SIZE(generated_attrs); i++) {
+				if (!generated_attrs[i].aggregate &&
+				    ldb_attr_in_list(ac->req->op.search.attrs, generated_attrs[i].attr)) {
+					ret = generated_attrs[i].fn(ldb, ares->message, ac->schema);
+					if (ret != LDB_SUCCESS) {
+						return ret;
+					}
+				}
+			}
+		}
+
+
+		return ldb_module_send_entry(ac->req, ares->message, ares->controls);
+
+	case LDB_REPLY_REFERRAL:
+
+		return ldb_module_send_referral(ac->req, ares->referral);
+
+	case LDB_REPLY_DONE:
+
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	return LDB_SUCCESS;
+}
+
+/* search */
+static int schema_data_search(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	unsigned int i;
+	int ret;
+	struct schema_data_search_data *search_context;
+	struct ldb_request *down_req;
+	const struct dsdb_schema *schema;
+	if (!ldb_module_get_private(module)) {
+		/* If there is no module data, there is little we can do */
+		return ldb_next_request(module, req);
+	}
+
+	/* The schema manipulation does not apply to special DNs */
+	if (ldb_dn_is_special(req->op.search.base)) {
+		return ldb_next_request(module, req);
+	}
+
+	for (i=0; i < ARRAY_SIZE(generated_attrs); i++) {
+		if (ldb_attr_in_list(req->op.search.attrs, generated_attrs[i].attr)) {
+			break;
+		}
+	}
+	if (i == ARRAY_SIZE(generated_attrs)) {
+		/* No request for a generated attr found, nothing to
+		 * see here, move along... */
+		return ldb_next_request(module, req);
+	}
+
+	schema = dsdb_get_schema(ldb, NULL);
+	if (!schema || !ldb_module_get_private(module)) {
+		/* If there is no schema, there is little we can do */
+		return ldb_next_request(module, req);
+	}
+
+	search_context = talloc(req, struct schema_data_search_data);
+	if (!search_context) {
+		return ldb_oom(ldb);
+	}
+
+	search_context->module = module;
+	search_context->req = req;
+	search_context->schema = talloc_reference(search_context, schema);
+	if (!search_context->schema) {
+		return ldb_oom(ldb);
+	}
+
+	ret = ldb_build_search_req_ex(&down_req, ldb, search_context,
+					req->op.search.base,
+					req->op.search.scope,
+					req->op.search.tree,
+					req->op.search.attrs,
+					req->controls,
+					search_context, schema_data_search_callback,
+					req);
+	LDB_REQ_SET_LOCATION(down_req);
+	if (ret != LDB_SUCCESS) {
+		return ldb_operr(ldb);
+	}
+
+	return ldb_next_request(module, down_req);
+}
+
+
+static const struct ldb_module_ops ldb_schema_data_module_ops = {
+	.name		= "schema_data",
+	.init_context	= schema_data_init,
+	.add		= schema_data_add,
+	.modify		= schema_data_modify,
+	.del		= schema_data_del,
+	.search         = schema_data_search
+};
+
+int ldb_schema_data_module_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_schema_data_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/schema_load.c b/source4/dsdb/samdb/ldb_modules/schema_load.c
new file mode 100644
index 0000000..178a991
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/schema_load.c
@@ -0,0 +1,657 @@
+/* 
+   Unix SMB/CIFS Implementation.
+
+   The module that handles the Schema FSMO Role Owner
+   checkings, it also loads the dsdb_schema.
+   
+   Copyright (C) Stefan Metzmacher <metze@samba.org> 2007
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2009-2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+   
+*/
+
+#include "includes.h"
+#include "ldb_module.h"
+#include "dsdb/samdb/samdb.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "param/param.h"
+#include <tdb.h>
+#include "lib/tdb_wrap/tdb_wrap.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+#include "lib/ldb-samba/ldb_wrap.h"
+#include "lib/util/smb_strtox.h"
+
+#include "system/filesys.h"
+struct schema_load_private_data {
+	struct ldb_module *module;
+	uint64_t in_transaction;
+	uint64_t in_read_transaction;
+	struct tdb_wrap *metadata;
+	uint64_t schema_seq_num_cache;
+	int tdb_seqnum;
+
+	/*
+	 * Please write out the updated schema on the next transaction
+	 * start
+	 */
+	bool need_write;
+};
+
+static int dsdb_schema_from_db(struct ldb_module *module,
+			       TALLOC_CTX *mem_ctx,
+			       uint64_t schema_seq_num,
+			       struct dsdb_schema **schema);
+
+/*
+ * Open sam.ldb.d/metadata.tdb.
+ */
+static int schema_metadata_open(struct ldb_module *module)
+{
+	struct schema_load_private_data *data = talloc_get_type(ldb_module_get_private(module), struct schema_load_private_data);
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	TALLOC_CTX *tmp_ctx;
+	struct loadparm_context *lp_ctx;
+	char *filename;
+	int open_flags;
+	struct stat statbuf;
+
+	if (!data) {
+		return ldb_module_error(module, LDB_ERR_OPERATIONS_ERROR,
+					"schema_load: metadata not initialized");
+	}
+	data->metadata = NULL;
+
+	tmp_ctx = talloc_new(NULL);
+	if (tmp_ctx == NULL) {
+		return ldb_module_oom(module);
+	}
+
+	filename = ldb_relative_path(ldb,
+				     tmp_ctx,
+				     "sam.ldb.d/metadata.tdb");
+	if (filename == NULL) {
+		talloc_free(tmp_ctx);
+		return ldb_module_oom(module);
+	}
+
+	open_flags = O_RDWR;
+	if (stat(filename, &statbuf) != 0) {
+		talloc_free(tmp_ctx);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	lp_ctx = talloc_get_type_abort(ldb_get_opaque(ldb, "loadparm"),
+				       struct loadparm_context);
+
+	data->metadata = tdb_wrap_open(data, filename, 10,
+				       lpcfg_tdb_flags(lp_ctx, TDB_DEFAULT|TDB_SEQNUM),
+				       open_flags, 0660);
+	if (data->metadata == NULL) {
+		talloc_free(tmp_ctx);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	talloc_free(tmp_ctx);
+	return LDB_SUCCESS;
+}
+
+static int schema_metadata_get_uint64(struct schema_load_private_data *data,
+					 const char *key, uint64_t *value,
+					 uint64_t default_value)
+{
+	struct tdb_context *tdb;
+	TDB_DATA tdb_key, tdb_data;
+	char *value_str;
+	TALLOC_CTX *tmp_ctx;
+	int tdb_seqnum;
+	int error = 0;
+
+	if (!data) {
+		*value = default_value;
+		return LDB_SUCCESS;
+	}
+
+	if (!data->metadata) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	tdb_seqnum = tdb_get_seqnum(data->metadata->tdb);
+	if (tdb_seqnum == data->tdb_seqnum) {
+		*value = data->schema_seq_num_cache;
+		return LDB_SUCCESS;
+	}
+
+	tmp_ctx = talloc_new(NULL);
+	if (tmp_ctx == NULL) {
+		return ldb_module_oom(data->module);
+	}
+
+	tdb = data->metadata->tdb;
+
+	tdb_key.dptr = (uint8_t *)discard_const_p(char, key);
+	tdb_key.dsize = strlen(key);
+
+	tdb_data = tdb_fetch(tdb, tdb_key);
+	if (!tdb_data.dptr) {
+		if (tdb_error(tdb) == TDB_ERR_NOEXIST) {
+			*value = default_value;
+			talloc_free(tmp_ctx);
+			return LDB_SUCCESS;
+		} else {
+			talloc_free(tmp_ctx);
+			return ldb_module_error(data->module, LDB_ERR_OPERATIONS_ERROR,
+						tdb_errorstr(tdb));
+		}
+	}
+
+	value_str = talloc_strndup(tmp_ctx, (char *)tdb_data.dptr, tdb_data.dsize);
+	if (value_str == NULL) {
+		SAFE_FREE(tdb_data.dptr);
+		talloc_free(tmp_ctx);
+		return ldb_module_oom(data->module);
+	}
+
+	/*
+	 * Now store it in the cache.  We don't mind that tdb_seqnum
+	 * may be stale now, that just means the cache won't be used
+	 * next time
+	 */
+	data->tdb_seqnum = tdb_seqnum;
+	data->schema_seq_num_cache = smb_strtoull(value_str,
+						  NULL,
+						  10,
+						  &error,
+						  SMB_STR_STANDARD);
+	if (error != 0) {
+		talloc_free(tmp_ctx);
+		return ldb_module_error(data->module, LDB_ERR_OPERATIONS_ERROR,
+					"Failed to convert value");
+	}
+
+	*value = data->schema_seq_num_cache;
+
+	SAFE_FREE(tdb_data.dptr);
+	talloc_free(tmp_ctx);
+
+	return LDB_SUCCESS;
+}
+
+static struct dsdb_schema *dsdb_schema_refresh(struct ldb_module *module, struct tevent_context *ev,
+					       struct dsdb_schema *schema, bool is_global_schema)
+{
+	TALLOC_CTX *mem_ctx;
+	uint64_t schema_seq_num = 0;
+	int ret;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct dsdb_schema *new_schema;
+	
+	struct schema_load_private_data *private_data = talloc_get_type(ldb_module_get_private(module), struct schema_load_private_data);
+	if (!private_data) {
+		/* We can't refresh until the init function has run */
+		return schema;
+	}
+
+	if (schema != NULL) {
+		/*
+		 * If we have a schema already (not in the startup)
+		 * and we are in a read or write transaction, then
+		 * avoid a schema reload, it can't have changed
+		 */
+		if (private_data->in_transaction > 0
+		    || private_data->in_read_transaction > 0 ) {
+			/*
+			 * If the refresh is not an expected part of a
+			 * larger transaction, then we don't allow a
+			 * schema reload during a transaction. This
+			 * stops others from modifying our schema
+			 * behind our backs
+			 */
+			if (ldb_get_opaque(ldb,
+					   "dsdb_schema_refresh_expected")
+			    != (void *)1) {
+				return schema;
+			}
+		}
+	}
+
+	SMB_ASSERT(ev == ldb_get_event_context(ldb));
+
+	mem_ctx = talloc_new(module);
+	if (mem_ctx == NULL) {
+		return NULL;
+	}
+
+	/*
+	 * We update right now the last refresh timestamp so that if
+	 * the schema partition hasn't change we don't keep on retrying.
+	 * Otherwise if the timestamp was update only when the schema has
+	 * actually changed (and therefore completely reloaded) we would
+	 * continue to hit the database to get the highest USN.
+	 */
+
+	ret = schema_metadata_get_uint64(private_data,
+					 DSDB_METADATA_SCHEMA_SEQ_NUM,
+					 &schema_seq_num, 0);
+
+	if (schema != NULL) {
+		if (ret == LDB_SUCCESS) {
+			if (schema->metadata_usn == schema_seq_num) {
+				TALLOC_FREE(mem_ctx);
+				return schema;
+			} else {
+				DEBUG(3, ("Schema refresh needed %lld != %lld\n",
+					  (unsigned long long)schema->metadata_usn,
+					  (unsigned long long)schema_seq_num));
+			}
+		} else {
+			/* From an old provision it can happen that the tdb didn't exists yet */
+			DEBUG(0, ("Error while searching for the schema usn in the metadata ignoring: %d:%s:%s\n",
+			      ret, ldb_strerror(ret), ldb_errstring(ldb)));
+			TALLOC_FREE(mem_ctx);
+			return schema;
+		}
+	} else {
+		DEBUG(10, ("Initial schema load needed, as we have no existing schema, seq_num: %lld\n",
+			  (unsigned long long)schema_seq_num));
+	}
+
+	ret = dsdb_schema_from_db(module, mem_ctx, schema_seq_num, &new_schema);
+	if (ret != LDB_SUCCESS) {
+		ldb_debug_set(ldb, LDB_DEBUG_FATAL,
+			      "dsdb_schema_from_db() failed: %d:%s: %s",
+			      ret, ldb_strerror(ret), ldb_errstring(ldb));
+		TALLOC_FREE(mem_ctx);
+		return schema;
+	}
+
+	ret = dsdb_set_schema(ldb, new_schema, SCHEMA_MEMORY_ONLY);
+	if (ret != LDB_SUCCESS) {
+		ldb_debug_set(ldb, LDB_DEBUG_FATAL,
+			      "dsdb_set_schema() failed: %d:%s: %s",
+			      ret, ldb_strerror(ret), ldb_errstring(ldb));
+		TALLOC_FREE(mem_ctx);
+		return schema;
+	}
+	if (is_global_schema) {
+		dsdb_make_schema_global(ldb, new_schema);
+	}
+	TALLOC_FREE(mem_ctx);
+	return new_schema;
+}
+
+
+/*
+  Given an LDB module (pointing at the schema DB), and the DN, set the populated schema
+*/
+
+static int dsdb_schema_from_db(struct ldb_module *module,
+			       TALLOC_CTX *mem_ctx,
+			       uint64_t schema_seq_num,
+			       struct dsdb_schema **schema)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	TALLOC_CTX *tmp_ctx;
+	char *error_string;
+	int ret, i;
+	struct ldb_dn *schema_dn = ldb_get_schema_basedn(ldb);
+	struct ldb_result *res;
+	struct ldb_message *schema_msg = NULL;
+	static const char *schema_attrs[] = {
+		DSDB_SCHEMA_COMMON_ATTRS,
+		DSDB_SCHEMA_ATTR_ATTRS,
+		DSDB_SCHEMA_CLASS_ATTRS,
+		"prefixMap",
+		"schemaInfo",
+		"fSMORoleOwner",
+		NULL
+	};
+	unsigned flags;
+
+	tmp_ctx = talloc_new(module);
+	if (!tmp_ctx) {
+		return ldb_oom(ldb);
+	}
+
+	/* we don't want to trace the schema load */
+	flags = ldb_get_flags(ldb);
+	ldb_set_flags(ldb, flags & ~LDB_FLG_ENABLE_TRACING);
+
+	/*
+	 * Load the attribute and class definitions, as well as
+	 * the schema object. We do this in one search and then
+	 * split it so that there isn't a race condition when
+	 * the schema is changed between two searches.
+	 */
+	ret = dsdb_module_search(module, tmp_ctx, &res,
+				 schema_dn, LDB_SCOPE_SUBTREE,
+				 schema_attrs,
+				 DSDB_FLAG_NEXT_MODULE |
+				 DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT,
+				 NULL,
+				 "(|(objectClass=attributeSchema)"
+				 "(objectClass=classSchema)"
+				 "(objectClass=dMD))");
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb, 
+				       "dsdb_schema: failed to search attributeSchema and classSchema objects: %s",
+				       ldb_errstring(ldb));
+		goto failed;
+	}
+
+	/*
+	 * Separate the schema object from the attribute and
+	 * class objects.
+	 */
+	for (i = 0; i < res->count; i++) {
+		if (ldb_msg_find_element(res->msgs[i], "prefixMap")) {
+			schema_msg = res->msgs[i];
+			break;
+		}
+	}
+
+	if (schema_msg == NULL) {
+		ldb_asprintf_errstring(ldb,
+				       "dsdb_schema load failed: failed to find prefixMap");
+		ret = LDB_ERR_NO_SUCH_ATTRIBUTE;
+		goto failed;
+	}
+
+	ret = dsdb_schema_from_ldb_results(tmp_ctx, ldb,
+					   schema_msg, res, schema, &error_string);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb, 
+				       "dsdb_schema load failed: %s",
+				       error_string);
+		goto failed;
+	}
+
+	(*schema)->metadata_usn = schema_seq_num;
+
+	talloc_steal(mem_ctx, *schema);
+
+failed:
+	if (flags & LDB_FLG_ENABLE_TRACING) {
+		flags = ldb_get_flags(ldb);
+		ldb_set_flags(ldb, flags | LDB_FLG_ENABLE_TRACING);
+	}
+	talloc_free(tmp_ctx);
+	return ret;
+}	
+
+static int schema_load(struct ldb_context *ldb,
+		       struct ldb_module *module,
+		       bool *need_write)
+{
+	struct dsdb_schema *schema;
+	int ret, metadata_ret;
+	TALLOC_CTX *frame = talloc_stackframe();
+	
+	schema = dsdb_get_schema(ldb, frame);
+
+	metadata_ret = schema_metadata_open(module);
+
+	/* We might already have a schema */
+	if (schema != NULL) {
+		/* If we have the metadata.tdb, then hook up the refresh function */
+		if (metadata_ret == LDB_SUCCESS && dsdb_uses_global_schema(ldb)) {
+			ret = dsdb_set_schema_refresh_function(ldb, dsdb_schema_refresh, module);
+
+			if (ret != LDB_SUCCESS) {
+				ldb_debug_set(ldb, LDB_DEBUG_FATAL,
+					      "schema_load_init: dsdb_set_schema_refresh_fns() failed: %d:%s: %s",
+					      ret, ldb_strerror(ret), ldb_errstring(ldb));
+				TALLOC_FREE(frame);
+				return ret;
+			}
+		}
+
+		TALLOC_FREE(frame);
+		return LDB_SUCCESS;
+	}
+
+	if (metadata_ret == LDB_SUCCESS) {
+		ret = dsdb_set_schema_refresh_function(ldb, dsdb_schema_refresh, module);
+
+		if (ret != LDB_SUCCESS) {
+			ldb_debug_set(ldb, LDB_DEBUG_FATAL,
+				      "schema_load_init: dsdb_set_schema_refresh_fns() failed: %d:%s: %s",
+				      ret, ldb_strerror(ret), ldb_errstring(ldb));
+			TALLOC_FREE(frame);
+			return ret;
+		}
+	} else {
+		ldb_debug_set(ldb, LDB_DEBUG_FATAL,
+			      "schema_load_init: failed to open metadata.tdb");
+		TALLOC_FREE(frame);
+		return metadata_ret;
+	}
+
+	schema = dsdb_get_schema(ldb, frame);
+
+	/* We do this, invoking the refresh handler, so we know that it works */
+	if (schema == NULL) {
+		ldb_debug_set(ldb, LDB_DEBUG_FATAL,
+			      "schema_load_init: dsdb_get_schema failed");
+		TALLOC_FREE(frame);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	/* Now check the @INDEXLIST is correct, or fix it up */
+	ret = dsdb_schema_set_indices_and_attributes(ldb, schema,
+						     SCHEMA_COMPARE);
+	if (ret == LDB_ERR_BUSY) {
+		*need_write = true;
+		ret = LDB_SUCCESS;
+	} else {
+		*need_write = false;
+	}
+
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb, "Failed to update "
+				       "@INDEXLIST and @ATTRIBUTES "
+				       "records to match database schema: %s",
+				       ldb_errstring(ldb));
+		TALLOC_FREE(frame);
+		return ret;
+	}
+
+	TALLOC_FREE(frame);
+	return LDB_SUCCESS;
+}
+
+static int schema_load_init(struct ldb_module *module)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct schema_load_private_data *private_data =
+		talloc_get_type_abort(ldb_module_get_private(module),
+				      struct schema_load_private_data);
+	int ret;
+
+	ret = ldb_next_init(module);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return schema_load(ldb, module, &private_data->need_write);
+}
+
+static int schema_load_start_transaction(struct ldb_module *module)
+{
+	struct schema_load_private_data *private_data =
+		talloc_get_type_abort(ldb_module_get_private(module),
+				      struct schema_load_private_data);
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct dsdb_schema *schema;
+	int ret;
+
+	ret = ldb_next_start_trans(module);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/* Try the schema refresh now */
+	schema = dsdb_get_schema(ldb, NULL);
+	if (schema == NULL) {
+		ldb_debug_set(ldb, LDB_DEBUG_FATAL,
+			      "schema_load_init: dsdb_get_schema failed");
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	if (private_data->need_write) {
+		ret = dsdb_schema_set_indices_and_attributes(ldb,
+							     schema,
+							     SCHEMA_WRITE);
+		private_data->need_write = false;
+	}
+
+	private_data->in_transaction++;
+
+	return ret;
+}
+
+static int schema_load_end_transaction(struct ldb_module *module)
+{
+	struct schema_load_private_data *private_data =
+		talloc_get_type_abort(ldb_module_get_private(module),
+				      struct schema_load_private_data);
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+
+	if (private_data->in_transaction == 0) {
+		ldb_debug_set(ldb, LDB_DEBUG_FATAL,
+			      "schema_load_end_transaction: transaction mismatch");
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	private_data->in_transaction--;
+
+	return ldb_next_end_trans(module);
+}
+
+static int schema_load_del_transaction(struct ldb_module *module)
+{
+	struct schema_load_private_data *private_data =
+		talloc_get_type(ldb_module_get_private(module), struct schema_load_private_data);
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+
+	if (private_data->in_transaction == 0) {
+		ldb_debug_set(ldb, LDB_DEBUG_FATAL,
+			      "schema_load_del_transaction: transaction mismatch");
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	private_data->in_transaction--;
+
+	return ldb_next_del_trans(module);
+}
+
+/* This is called in a transaction held by the callers */
+static int schema_load_extended(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct dsdb_schema *schema;
+	int ret;
+
+	if (strcmp(req->op.extended.oid, DSDB_EXTENDED_SCHEMA_LOAD) == 0) {
+
+		ret = dsdb_schema_from_db(module, req, 0, &schema);
+		if (ret == LDB_SUCCESS) {
+			return ldb_module_done(req, NULL, NULL, LDB_SUCCESS);
+		}
+		return ret;
+
+	} else if (strcmp(req->op.extended.oid, DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID) == 0) {
+		/* Force a refresh */
+		schema = dsdb_get_schema(ldb, NULL);
+
+		ret = dsdb_schema_set_indices_and_attributes(ldb,
+							     schema,
+							     SCHEMA_WRITE);
+
+		if (ret != LDB_SUCCESS) {
+			ldb_asprintf_errstring(ldb, "Failed to write new "
+					       "@INDEXLIST and @ATTRIBUTES "
+					       "records for updated schema: %s",
+					       ldb_errstring(ldb));
+			return ret;
+		}
+
+		return ldb_next_request(module, req);
+	} else {
+		/* Pass to next module, the partition one should finish the chain */
+		return ldb_next_request(module, req);
+	}
+}
+
+static int schema_read_lock(struct ldb_module *module)
+{
+	struct schema_load_private_data *private_data =
+		talloc_get_type(ldb_module_get_private(module), struct schema_load_private_data);
+	int ret;
+
+	if (private_data == NULL) {
+		private_data = talloc_zero(module, struct schema_load_private_data);
+		if (private_data == NULL) {
+			return ldb_module_oom(module);
+		}
+
+		private_data->module = module;
+
+		ldb_module_set_private(module, private_data);
+	}
+
+	ret = ldb_next_read_lock(module);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (private_data->in_transaction == 0 &&
+	    private_data->in_read_transaction == 0) {
+		/* Try the schema refresh now */
+		dsdb_get_schema(ldb_module_get_ctx(module), NULL);
+	}
+
+	private_data->in_read_transaction++;
+
+	return LDB_SUCCESS;
+}
+
+static int schema_read_unlock(struct ldb_module *module)
+{
+	struct schema_load_private_data *private_data =
+		talloc_get_type_abort(ldb_module_get_private(module),
+				      struct schema_load_private_data);
+
+	private_data->in_read_transaction--;
+
+	return ldb_next_read_unlock(module);
+}
+
+
+static const struct ldb_module_ops ldb_schema_load_module_ops = {
+	.name		= "schema_load",
+	.init_context	= schema_load_init,
+	.extended	= schema_load_extended,
+	.start_transaction = schema_load_start_transaction,
+	.end_transaction   = schema_load_end_transaction,
+	.del_transaction   = schema_load_del_transaction,
+	.read_lock	= schema_read_lock,
+	.read_unlock	= schema_read_unlock,
+};
+
+int ldb_schema_load_module_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_schema_load_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/schema_util.c b/source4/dsdb/samdb/ldb_modules/schema_util.c
new file mode 100644
index 0000000..47d2411
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/schema_util.c
@@ -0,0 +1,345 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   dsdb module schema utility functions
+
+   Copyright (C) Kamen Mazdrashki <kamenim@samba.org> 2010
+   Copyright (C) Andrew Tridgell 2010
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "dsdb/common/util.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+#include <ldb_module.h>
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "param/param.h"
+
+/**
+ * Reads schema_info structure from schemaInfo
+ * attribute on SCHEMA partition
+ *
+ * @param dsdb_flags 	DSDB_FLAG_... flag of 0
+ */
+int dsdb_module_schema_info_blob_read(struct ldb_module *ldb_module,
+				      uint32_t dsdb_flags,
+				      TALLOC_CTX *mem_ctx,
+				      struct ldb_val *schema_info_blob,
+				      struct ldb_request *parent)
+{
+	int ldb_err;
+	const struct ldb_val *blob_val;
+	struct ldb_dn *schema_dn;
+	struct ldb_result *schema_res = NULL;
+	static const char *schema_attrs[] = {
+		"schemaInfo",
+		NULL
+	};
+
+	schema_dn = ldb_get_schema_basedn(ldb_module_get_ctx(ldb_module));
+	if (!schema_dn) {
+		DEBUG(0,("dsdb_module_schema_info_blob_read: no schema dn present!\n"));
+		return ldb_operr(ldb_module_get_ctx(ldb_module));
+	}
+
+	ldb_err = dsdb_module_search(ldb_module, mem_ctx, &schema_res, schema_dn,
+	                             LDB_SCOPE_BASE, schema_attrs, dsdb_flags, parent,
+				     NULL);
+	if (ldb_err == LDB_ERR_NO_SUCH_OBJECT) {
+		DEBUG(0,("dsdb_module_schema_info_blob_read: Schema DN not found!\n"));
+		talloc_free(schema_res);
+		return ldb_err;
+	} else if (ldb_err != LDB_SUCCESS) {
+		DEBUG(0,("dsdb_module_schema_info_blob_read: failed to find schemaInfo attribute\n"));
+		talloc_free(schema_res);
+		return ldb_err;
+	}
+
+	blob_val = ldb_msg_find_ldb_val(schema_res->msgs[0], "schemaInfo");
+	if (!blob_val) {
+		ldb_asprintf_errstring(ldb_module_get_ctx(ldb_module),
+				       "dsdb_module_schema_info_blob_read: no schemaInfo attribute found");
+		talloc_free(schema_res);
+		return LDB_ERR_NO_SUCH_ATTRIBUTE;
+	}
+
+	/* transfer .data ownership to mem_ctx */
+	schema_info_blob->length = blob_val->length;
+	schema_info_blob->data = talloc_steal(mem_ctx, blob_val->data);
+
+	talloc_free(schema_res);
+
+	return LDB_SUCCESS;
+}
+
+/**
+ * Prepares ldb_msg to be used for updating schemaInfo value in DB
+ */
+static int dsdb_schema_info_write_prepare(struct ldb_context *ldb,
+					  struct ldb_val *schema_info_blob,
+					  TALLOC_CTX *mem_ctx,
+					  struct ldb_message **_msg)
+{
+	int ldb_err;
+	struct ldb_message *msg;
+	struct ldb_dn *schema_dn;
+	struct ldb_message_element *return_el;
+
+	schema_dn = ldb_get_schema_basedn(ldb);
+	if (!schema_dn) {
+		DEBUG(0,("dsdb_schema_info_write_prepare: no schema dn present\n"));
+		return ldb_operr(ldb);
+	}
+
+	/* prepare ldb_msg to update schemaInfo */
+	msg = ldb_msg_new(mem_ctx);
+	if (msg == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	msg->dn = schema_dn;
+	ldb_err = ldb_msg_add_value(msg, "schemaInfo", schema_info_blob, &return_el);
+	if (ldb_err != 0) {
+		ldb_asprintf_errstring(ldb, "dsdb_schema_info_write_prepare: ldb_msg_add_value failed - %s\n",
+				       ldb_strerror(ldb_err));
+		talloc_free(msg);
+		return ldb_err;
+	}
+
+	/* mark schemaInfo element for replacement */
+	return_el->flags = LDB_FLAG_MOD_REPLACE;
+
+	*_msg = msg;
+
+	return LDB_SUCCESS;
+}
+
+
+
+/**
+ * Writes schema_info structure into schemaInfo
+ * attribute on SCHEMA partition
+ *
+ * @param dsdb_flags 	DSDB_FLAG_... flag of 0
+ */
+int dsdb_module_schema_info_blob_write(struct ldb_module *ldb_module,
+				       uint32_t dsdb_flags,
+				       struct ldb_val *schema_info_blob,
+				       struct ldb_request *parent)
+{
+	int ldb_err;
+	struct ldb_message *msg = NULL;
+	TALLOC_CTX *temp_ctx;
+
+	temp_ctx = talloc_new(ldb_module);
+	if (temp_ctx == NULL) {
+		return ldb_module_oom(ldb_module);
+	}
+
+	/* write serialized schemaInfo into LDB */
+	ldb_err = dsdb_schema_info_write_prepare(ldb_module_get_ctx(ldb_module),
+						 schema_info_blob,
+						 temp_ctx, &msg);
+	if (ldb_err != LDB_SUCCESS) {
+		talloc_free(temp_ctx);
+		return ldb_err;
+	}
+
+
+	ldb_err = dsdb_module_modify(ldb_module, msg, dsdb_flags, parent);
+
+	talloc_free(temp_ctx);
+
+	if (ldb_err != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb_module_get_ctx(ldb_module),
+				       "dsdb_module_schema_info_blob_write: dsdb_replace failed: %s (%s)\n",
+				       ldb_strerror(ldb_err),
+				       ldb_errstring(ldb_module_get_ctx(ldb_module)));
+		return ldb_err;
+	}
+
+	return LDB_SUCCESS;
+}
+
+
+/**
+ * Reads schema_info structure from schemaInfo
+ * attribute on SCHEMA partition
+ */
+static int dsdb_module_schema_info_read(struct ldb_module *ldb_module,
+					uint32_t dsdb_flags,
+					TALLOC_CTX *mem_ctx,
+					struct dsdb_schema_info **_schema_info,
+					struct ldb_request *parent)
+{
+	int ret;
+	DATA_BLOB ndr_blob;
+	TALLOC_CTX *temp_ctx;
+	WERROR werr;
+
+	temp_ctx = talloc_new(mem_ctx);
+	if (temp_ctx == NULL) {
+		return ldb_module_oom(ldb_module);
+	}
+
+	/* read serialized schemaInfo from LDB  */
+	ret = dsdb_module_schema_info_blob_read(ldb_module, dsdb_flags, temp_ctx, &ndr_blob, parent);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(temp_ctx);
+		return ret;
+	}
+
+	/* convert NDR blob to dsdb_schema_info object */
+	werr = dsdb_schema_info_from_blob(&ndr_blob,
+					  mem_ctx,
+					  _schema_info);
+	talloc_free(temp_ctx);
+
+	if (W_ERROR_EQUAL(werr, WERR_DS_NO_ATTRIBUTE_OR_VALUE)) {
+		return LDB_ERR_NO_SUCH_ATTRIBUTE;
+	}
+
+	if (!W_ERROR_IS_OK(werr)) {
+		ldb_asprintf_errstring(ldb_module_get_ctx(ldb_module), __location__ ": failed to get schema_info");
+		return ldb_operr(ldb_module_get_ctx(ldb_module));
+	}
+
+	return LDB_SUCCESS;
+}
+
+/**
+ * Writes schema_info structure into schemaInfo
+ * attribute on SCHEMA partition
+ *
+ * @param dsdb_flags 	DSDB_FLAG_... flag of 0
+ */
+static int dsdb_module_schema_info_write(struct ldb_module *ldb_module,
+					 uint32_t dsdb_flags,
+					 const struct dsdb_schema_info *schema_info,
+					 struct ldb_request *parent)
+{
+	WERROR werr;
+	int ret;
+	DATA_BLOB ndr_blob;
+	TALLOC_CTX *temp_ctx;
+
+	temp_ctx = talloc_new(ldb_module);
+	if (temp_ctx == NULL) {
+		return ldb_module_oom(ldb_module);
+	}
+
+	/* convert schema_info to a blob */
+	werr = dsdb_blob_from_schema_info(schema_info, temp_ctx, &ndr_blob);
+	if (!W_ERROR_IS_OK(werr)) {
+		talloc_free(temp_ctx);
+		ldb_asprintf_errstring(ldb_module_get_ctx(ldb_module), __location__ ": failed to get schema_info");
+		return ldb_operr(ldb_module_get_ctx(ldb_module));
+	}
+
+	/* write serialized schemaInfo into LDB */
+	ret = dsdb_module_schema_info_blob_write(ldb_module, dsdb_flags, &ndr_blob, parent);
+
+	talloc_free(temp_ctx);
+
+	return ret;
+}
+
+
+/**
+ * Increments schemaInfo revision and save it to DB
+ * setting our invocationID in the process
+ * NOTE: this function should be called in a transaction
+ * much in the same way prefixMap update function is called
+ *
+ * @param ldb_module 	current module
+ * @param schema 	schema cache
+ * @param dsdb_flags 	DSDB_FLAG_... flag of 0
+ */
+int dsdb_module_schema_info_update(struct ldb_module *ldb_module,
+				   struct dsdb_schema *schema,
+				   int dsdb_flags, struct ldb_request *parent)
+{
+	int ret;
+	const struct GUID *invocation_id;
+	struct dsdb_schema_info *schema_info;
+	WERROR werr;
+	TALLOC_CTX *temp_ctx = talloc_new(schema);
+	if (temp_ctx == NULL) {
+		return ldb_module_oom(ldb_module);
+	}
+
+	invocation_id = samdb_ntds_invocation_id(ldb_module_get_ctx(ldb_module));
+	if (!invocation_id) {
+		talloc_free(temp_ctx);
+		return ldb_operr(ldb_module_get_ctx(ldb_module));
+	}
+
+	/* read serialized schemaInfo from LDB  */
+	ret = dsdb_module_schema_info_read(ldb_module, dsdb_flags, temp_ctx, &schema_info, parent);
+	if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE) {
+		/* make default value in case
+		 * we have no schemaInfo value yet */
+		werr = dsdb_schema_info_new(temp_ctx, &schema_info);
+		if (!W_ERROR_IS_OK(werr)) {
+			talloc_free(temp_ctx);
+			return ldb_module_oom(ldb_module);
+		}
+		ret = LDB_SUCCESS;
+	}
+	if (ret != LDB_SUCCESS) {
+		talloc_free(temp_ctx);
+		return ret;
+	}
+
+	/* update schemaInfo */
+	schema_info->revision++;
+	schema_info->invocation_id = *invocation_id;
+
+	ret = dsdb_module_schema_info_write(ldb_module, dsdb_flags, schema_info, parent);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb_module_get_ctx(ldb_module),
+				       "dsdb_module_schema_info_update: failed to save schemaInfo - %s\n",
+				       ldb_strerror(ret));
+		talloc_free(temp_ctx);
+		return ret;
+	}
+
+	/*
+	 * We don't update the schema->schema_info!
+	 * as that would not represent the other information
+	 * in schema->*
+	 *
+	 * We're not sure if the current transaction will go through!
+	 * E.g. schema changes are only allowed on the schema master,
+	 * otherwise they result in a UNWILLING_TO_PERFORM and a
+	 *
+	 * Note that schema might a global variable shared between
+	 * multiple ldb_contexts. With process model "single" it
+	 * means the drsuapi server also uses it.
+	 *
+	 * We keep it simple and just try to update the
+	 * stored value.
+	 *
+	 * The next schema reload will pick it up, which
+	 * then works for originating and replicated changes
+	 * in the same way.
+	 */
+
+	talloc_free(temp_ctx);
+	return LDB_SUCCESS;
+}
diff --git a/source4/dsdb/samdb/ldb_modules/secrets_tdb_sync.c b/source4/dsdb/samdb/ldb_modules/secrets_tdb_sync.c
new file mode 100644
index 0000000..52c8aad
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/secrets_tdb_sync.c
@@ -0,0 +1,532 @@
+/*
+   ldb database library
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2007-2012
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: ldb
+ *
+ *  Component: ldb secrets_tdb_sync module
+ *
+ *  Description: Update secrets.tdb whenever the matching secret record changes
+ *
+ *  Author: Andrew Bartlett
+ */
+
+#include "includes.h"
+#include "ldb_module.h"
+#include "lib/util/dlinklist.h"
+#include "auth/credentials/credentials.h"
+#include "auth/credentials/credentials_krb5.h"
+#include "system/kerberos.h"
+#include "auth/kerberos/kerberos.h"
+#include "auth/kerberos/kerberos_srv_keytab.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+#include "param/secrets.h"
+#include "source3/include/secrets.h"
+#include "lib/dbwrap/dbwrap.h"
+#include "dsdb/samdb/samdb.h"
+
+struct dn_list {
+	struct ldb_message *msg;
+	bool do_delete;
+	struct dn_list *prev, *next;
+};
+
+struct secrets_tdb_sync_private {
+	struct dn_list *changed_dns;
+	struct db_context *secrets_tdb;
+};
+
+struct secrets_tdb_sync_ctx {
+	struct ldb_module *module;
+	struct ldb_request *req;
+
+	struct ldb_dn *dn;
+	bool do_delete;
+
+	struct ldb_reply *op_reply;
+	bool found;
+};
+
+static struct secrets_tdb_sync_ctx *secrets_tdb_sync_ctx_init(struct ldb_module *module,
+						struct ldb_request *req)
+{
+	struct secrets_tdb_sync_ctx *ac;
+
+	ac = talloc_zero(req, struct secrets_tdb_sync_ctx);
+	if (ac == NULL) {
+		ldb_oom(ldb_module_get_ctx(module));
+		return NULL;
+	}
+
+	ac->module = module;
+	ac->req = req;
+
+	return ac;
+}
+
+/* FIXME: too many semi-async searches here for my taste, direct and indirect as
+ * cli_credentials_set_secrets() performs a sync ldb search.
+ * Just hope we are lucky and nothing breaks (using the tdb backend masks a lot
+ * of async issues). -SSS
+ */
+static int add_modified(struct ldb_module *module, struct ldb_dn *dn, bool do_delete,
+			struct ldb_request *parent)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct secrets_tdb_sync_private *data = talloc_get_type(ldb_module_get_private(module), struct secrets_tdb_sync_private);
+	struct dn_list *item;
+	char *filter;
+	struct ldb_result *res;
+	int ret;
+
+	filter = talloc_asprintf(data,
+				 "(&(objectClass=primaryDomain)(flatname=*))");
+	if (!filter) {
+		return ldb_oom(ldb);
+	}
+
+	ret = dsdb_module_search(module, data, &res,
+				 dn, LDB_SCOPE_BASE, NULL,
+				 DSDB_FLAG_NEXT_MODULE, parent,
+				 "%s", filter);
+	talloc_free(filter);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (res->count != 1) {
+		/* if it's not a primaryDomain then we don't have anything to update */
+		talloc_free(res);
+		return LDB_SUCCESS;
+	}
+
+	item = talloc(data->changed_dns? (void *)data->changed_dns: (void *)data, struct dn_list);
+	if (!item) {
+		talloc_free(res);
+		return ldb_oom(ldb);
+	}
+
+	item->msg = talloc_steal(item, res->msgs[0]);
+	item->do_delete = do_delete;
+	talloc_free(res);
+
+	DLIST_ADD_END(data->changed_dns, item);
+	return LDB_SUCCESS;
+}
+
+static int ust_search_modified(struct secrets_tdb_sync_ctx *ac);
+
+static int secrets_tdb_sync_op_callback(struct ldb_request *req,
+				 struct ldb_reply *ares)
+{
+	struct ldb_context *ldb;
+	struct secrets_tdb_sync_ctx *ac;
+	int ret;
+
+	ac = talloc_get_type(req->context, struct secrets_tdb_sync_ctx);
+	ldb = ldb_module_get_ctx(ac->module);
+
+	if (!ares) {
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	if (ares->type != LDB_REPLY_DONE) {
+		ldb_set_errstring(ldb, "Invalid request type!\n");
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+
+	if (ac->do_delete) {
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, LDB_SUCCESS);
+	}
+
+	ac->op_reply = talloc_steal(ac, ares);
+
+	ret = ust_search_modified(ac);
+	if (ret != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, NULL, NULL, ret);
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int ust_del_op(struct secrets_tdb_sync_ctx *ac)
+{
+	struct ldb_context *ldb;
+	struct ldb_request *down_req;
+	int ret;
+
+	ldb = ldb_module_get_ctx(ac->module);
+
+	ret = ldb_build_del_req(&down_req, ldb, ac,
+				ac->dn,
+				ac->req->controls,
+				ac, secrets_tdb_sync_op_callback,
+				ac->req);
+	LDB_REQ_SET_LOCATION(down_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	return ldb_next_request(ac->module, down_req);
+}
+
+static int ust_search_modified_callback(struct ldb_request *req,
+					struct ldb_reply *ares)
+{
+	struct secrets_tdb_sync_ctx *ac;
+	int ret;
+
+	ac = talloc_get_type(req->context, struct secrets_tdb_sync_ctx);
+
+	if (!ares) {
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+
+		ac->found = true;
+		break;
+
+	case LDB_REPLY_REFERRAL:
+		/* ignore */
+		break;
+
+	case LDB_REPLY_DONE:
+
+		if (ac->found) {
+			/* do the dirty sync job here :/ */
+			ret = add_modified(ac->module, ac->dn, ac->do_delete, ac->req);
+		}
+
+		if (ac->do_delete) {
+			ret = ust_del_op(ac);
+			if (ret != LDB_SUCCESS) {
+				return ldb_module_done(ac->req,
+							NULL, NULL, ret);
+			}
+			break;
+		}
+
+		return ldb_module_done(ac->req, ac->op_reply->controls,
+					ac->op_reply->response, LDB_SUCCESS);
+	}
+
+	talloc_free(ares);
+	return LDB_SUCCESS;
+}
+
+static int ust_search_modified(struct secrets_tdb_sync_ctx *ac)
+{
+	struct ldb_context *ldb;
+	static const char * const no_attrs[] = { NULL };
+	struct ldb_request *search_req;
+	int ret;
+
+	ldb = ldb_module_get_ctx(ac->module);
+
+	ret = ldb_build_search_req(&search_req, ldb, ac,
+				   ac->dn, LDB_SCOPE_BASE,
+				   "(&(objectClass=kerberosSecret)"
+				     "(privateKeytab=*))", no_attrs,
+				   NULL,
+				   ac, ust_search_modified_callback,
+				   ac->req);
+	LDB_REQ_SET_LOCATION(search_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	return ldb_next_request(ac->module, search_req);
+}
+
+
+/* add */
+static int secrets_tdb_sync_add(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct secrets_tdb_sync_ctx *ac;
+	struct ldb_request *down_req;
+	int ret;
+
+	ldb = ldb_module_get_ctx(module);
+
+	ac = secrets_tdb_sync_ctx_init(module, req);
+	if (ac == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	ac->dn = req->op.add.message->dn;
+
+	ret = ldb_build_add_req(&down_req, ldb, ac,
+				req->op.add.message,
+				req->controls,
+				ac, secrets_tdb_sync_op_callback,
+				req);
+	LDB_REQ_SET_LOCATION(down_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return ldb_next_request(module, down_req);
+}
+
+/* modify */
+static int secrets_tdb_sync_modify(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct secrets_tdb_sync_ctx *ac;
+	struct ldb_request *down_req;
+	int ret;
+
+	ldb = ldb_module_get_ctx(module);
+
+	ac = secrets_tdb_sync_ctx_init(module, req);
+	if (ac == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	ac->dn = req->op.mod.message->dn;
+
+	ret = ldb_build_mod_req(&down_req, ldb, ac,
+				req->op.mod.message,
+				req->controls,
+				ac, secrets_tdb_sync_op_callback,
+				req);
+	LDB_REQ_SET_LOCATION(down_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return ldb_next_request(module, down_req);
+}
+
+/* delete */
+static int secrets_tdb_sync_delete(struct ldb_module *module, struct ldb_request *req)
+{
+	struct secrets_tdb_sync_ctx *ac;
+
+	ac = secrets_tdb_sync_ctx_init(module, req);
+	if (ac == NULL) {
+		return ldb_operr(ldb_module_get_ctx(module));
+	}
+
+	ac->dn = req->op.del.dn;
+	ac->do_delete = true;
+
+	return ust_search_modified(ac);
+}
+
+/* rename */
+static int secrets_tdb_sync_rename(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct secrets_tdb_sync_ctx *ac;
+	struct ldb_request *down_req;
+	int ret;
+
+	ldb = ldb_module_get_ctx(module);
+
+	ac = secrets_tdb_sync_ctx_init(module, req);
+	if (ac == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	ac->dn = req->op.rename.newdn;
+
+	ret = ldb_build_rename_req(&down_req, ldb, ac,
+				req->op.rename.olddn,
+				req->op.rename.newdn,
+				req->controls,
+				ac, secrets_tdb_sync_op_callback,
+				req);
+	LDB_REQ_SET_LOCATION(down_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return ldb_next_request(module, down_req);
+}
+
+/* prepare for a commit */
+static int secrets_tdb_sync_prepare_commit(struct ldb_module *module)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct secrets_tdb_sync_private *data = talloc_get_type(ldb_module_get_private(module),
+								struct secrets_tdb_sync_private);
+	struct dn_list *p;
+	TALLOC_CTX *tmp_ctx;
+
+	tmp_ctx = talloc_new(data);
+	if (!tmp_ctx) {
+		ldb_oom(ldb);
+		goto fail;
+	}
+
+	for (p=data->changed_dns; p; p = p->next) {
+		const struct ldb_val *whenChanged = ldb_msg_find_ldb_val(p->msg, "whenChanged");
+		time_t lct = 0;
+		bool ret;
+
+		if (whenChanged) {
+			ldb_val_to_time(whenChanged, &lct);
+		}
+
+		ret = secrets_store_machine_pw_sync(ldb_msg_find_attr_as_string(p->msg, "secret", NULL),
+						    ldb_msg_find_attr_as_string(p->msg, "priorSecret", NULL),
+
+						    ldb_msg_find_attr_as_string(p->msg, "flatname", NULL),
+						    ldb_msg_find_attr_as_string(p->msg, "realm", NULL),
+						    ldb_msg_find_attr_as_string(p->msg, "saltPrincipal", NULL),
+						    (uint32_t)ldb_msg_find_attr_as_int(p->msg, "msDS-SupportedEncryptionTypes", ENC_ALL_TYPES),
+						    samdb_result_dom_sid(tmp_ctx, p->msg, "objectSid"),
+
+						    lct,
+						    (uint32_t)ldb_msg_find_attr_as_int(p->msg, "secureChannelType", 0),
+						    p->do_delete);
+		if (ret == false) {
+			ldb_asprintf_errstring(ldb, "Failed to update secrets.tdb from entry %s in %s",
+					       ldb_dn_get_linearized(p->msg->dn),
+					       (const char *)ldb_get_opaque(ldb, "ldb_url"));
+			goto fail;
+		}
+	}
+
+	talloc_free(data->changed_dns);
+	data->changed_dns = NULL;
+	talloc_free(tmp_ctx);
+
+	return ldb_next_prepare_commit(module);
+
+fail:
+	dbwrap_transaction_cancel(data->secrets_tdb);
+	talloc_free(data->changed_dns);
+	data->changed_dns = NULL;
+	talloc_free(tmp_ctx);
+	return LDB_ERR_OPERATIONS_ERROR;
+}
+
+/* start a transaction */
+static int secrets_tdb_sync_start_transaction(struct ldb_module *module)
+{
+	struct secrets_tdb_sync_private *data = talloc_get_type(ldb_module_get_private(module), struct secrets_tdb_sync_private);
+
+	if (dbwrap_transaction_start(data->secrets_tdb) != 0) {
+		return ldb_module_operr(module);
+	}
+
+	return ldb_next_start_trans(module);
+}
+
+/* end a transaction */
+static int secrets_tdb_sync_end_transaction(struct ldb_module *module)
+{
+	struct secrets_tdb_sync_private *data = talloc_get_type(ldb_module_get_private(module), struct secrets_tdb_sync_private);
+
+	if (dbwrap_transaction_commit(data->secrets_tdb) != 0) {
+		return ldb_module_operr(module);
+	}
+
+	return ldb_next_end_trans(module);
+}
+
+/* abandon a transaction */
+static int secrets_tdb_sync_del_transaction(struct ldb_module *module)
+{
+	struct secrets_tdb_sync_private *data = talloc_get_type(ldb_module_get_private(module), struct secrets_tdb_sync_private);
+
+	talloc_free(data->changed_dns);
+	data->changed_dns = NULL;
+	if (dbwrap_transaction_cancel(data->secrets_tdb) != 0) {
+		return ldb_module_operr(module);
+	}
+
+	return ldb_next_del_trans(module);
+}
+
+static int secrets_tdb_sync_init(struct ldb_module *module)
+{
+	struct ldb_context *ldb;
+	struct secrets_tdb_sync_private *data;
+	char *private_dir, *p;
+	const char *secrets_ldb;
+
+	ldb = ldb_module_get_ctx(module);
+
+	data = talloc(module, struct secrets_tdb_sync_private);
+	if (data == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	data->changed_dns = NULL;
+
+	ldb_module_set_private(module, data);
+
+	secrets_ldb = (const char *)ldb_get_opaque(ldb, "ldb_url");
+	if (!secrets_ldb) {
+		return ldb_operr(ldb);
+	}
+	if (strncmp("tdb://", secrets_ldb, 6) == 0) {
+		secrets_ldb += 6;
+	}
+	private_dir = talloc_strdup(data, secrets_ldb);
+	p = strrchr(private_dir, '/');
+	if (p) {
+		*p = '\0';
+	} else {
+		private_dir = talloc_strdup(data, ".");
+	}
+
+	secrets_init_path(private_dir);
+
+	TALLOC_FREE(private_dir);
+
+	data->secrets_tdb = secrets_db_ctx();
+
+	return ldb_next_init(module);
+}
+
+static const struct ldb_module_ops ldb_secrets_tdb_sync_module_ops = {
+	.name		   = "secrets_tdb_sync",
+	.init_context	   = secrets_tdb_sync_init,
+	.add               = secrets_tdb_sync_add,
+	.modify            = secrets_tdb_sync_modify,
+	.rename            = secrets_tdb_sync_rename,
+	.del               = secrets_tdb_sync_delete,
+	.start_transaction = secrets_tdb_sync_start_transaction,
+	.prepare_commit    = secrets_tdb_sync_prepare_commit,
+	.end_transaction   = secrets_tdb_sync_end_transaction,
+	.del_transaction   = secrets_tdb_sync_del_transaction,
+};
+
+int ldb_secrets_tdb_sync_module_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_secrets_tdb_sync_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/show_deleted.c b/source4/dsdb/samdb/ldb_modules/show_deleted.c
new file mode 100644
index 0000000..e3dcad5
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/show_deleted.c
@@ -0,0 +1,220 @@
+/* 
+   ldb database library
+
+   Copyright (C) Simo Sorce  2005
+   Copyright (C) Stefan Metzmacher <metze@samba.org> 2007
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2009
+   Copyright (C) Matthias Dieter Wallnöfer 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: ldb
+ *
+ *  Component: ldb deleted objects control module
+ *
+ *  Description: this module hides deleted and recylced objects, and returns
+ *  them if the right control is there
+ *
+ *  Author: Stefan Metzmacher
+ */
+
+#include "includes.h"
+#include <ldb_module.h>
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+
+struct show_deleted_state {
+	bool need_refresh;
+	bool recycle_bin_enabled;
+};
+
+static int show_deleted_search(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct ldb_control *show_del, *show_rec;
+	struct ldb_request *down_req;
+	struct ldb_parse_tree *new_tree = req->op.search.tree;
+	struct show_deleted_state *state;
+	int ret;
+	const char *exclude_filter = NULL;
+
+	/* do not manipulate our control entries */
+	if (ldb_dn_is_special(req->op.search.base)) {
+		return ldb_next_request(module, req);
+	}
+
+	ldb = ldb_module_get_ctx(module);
+
+	/* This is the logic from MS-ADTS 3.1.1.3.4.1.14 that
+	   determines if objects are visible
+
+	   Extended control name                     Deleted-objects      Tombstones        Recycled-objects
+	   LDAP_SERVER_SHOW_DELETED_OID              Visible              Visible           Not Visible
+	   LDAP_SERVER_SHOW_RECYCLED_OID             Visible              Visible           Visible
+
+	   Note that if the recycle bin is disabled, then the
+	   isRecycled attribute is ignored, and objects are either
+	   "normal" or "tombstone".
+
+	   When the recycle bin is enabled, then objects are in one of
+	   3 states, "normal", "deleted" or "recycled"
+	*/
+
+	/* check if there's a show deleted control */
+	show_del = ldb_request_get_control(req, LDB_CONTROL_SHOW_DELETED_OID);
+	/* check if there's a show recycled control */
+	show_rec = ldb_request_get_control(req, LDB_CONTROL_SHOW_RECYCLED_OID);
+
+	/*
+	 * When recycle bin is not enabled, then all we look
+	 * at is the isDeleted attribute. We hide objects with this
+	 * attribute set to TRUE when the client has not specified either
+	 * SHOW_DELETED or SHOW_RECYCLED
+	 */
+	if (show_rec == NULL && show_del == NULL) {
+		/* We don't want deleted or recycled objects,
+		 * which we get by filtering on isDeleted */
+		exclude_filter = "isDeleted";
+	} else {
+		state = talloc_get_type(ldb_module_get_private(module), struct show_deleted_state);
+
+		/* Note that state may be NULL during initialisation */
+		if (state != NULL && state->need_refresh) {
+			/* Do not move this assignment, it can cause recursion loops! */
+			state->need_refresh = false;
+			ret = dsdb_recyclebin_enabled(module, &state->recycle_bin_enabled);
+			if (ret != LDB_SUCCESS) {
+				state->recycle_bin_enabled = false;
+				/*
+				 * We can fail to find the feature object
+				 * during provision. Ignore any such error and
+				 * assume the recycle bin cannot be enabled at
+				 * this point in time.
+				 */
+				if (ret != LDB_ERR_NO_SUCH_OBJECT) {
+					state->need_refresh = true;
+					return LDB_ERR_UNWILLING_TO_PERFORM;
+				}
+			}
+		}
+
+		if (state != NULL && state->recycle_bin_enabled) {
+			/*
+			 * The recycle bin is enabled, so we want deleted not
+			 * recycled.
+			 */
+			if (show_rec == NULL) {
+				exclude_filter = "isRecycled";
+			}
+		}
+	}
+
+	if (exclude_filter != NULL) {
+		new_tree = talloc(req, struct ldb_parse_tree);
+		if (!new_tree) {
+			return ldb_oom(ldb);
+		}
+		new_tree->operation = LDB_OP_AND;
+		new_tree->u.list.num_elements = 2;
+		new_tree->u.list.elements = talloc_array(new_tree, struct ldb_parse_tree *, 2);
+		if (!new_tree->u.list.elements) {
+			return ldb_oom(ldb);
+		}
+
+		new_tree->u.list.elements[0] = talloc(new_tree->u.list.elements, struct ldb_parse_tree);
+		new_tree->u.list.elements[0]->operation = LDB_OP_NOT;
+		new_tree->u.list.elements[0]->u.isnot.child =
+			talloc(new_tree->u.list.elements, struct ldb_parse_tree);
+		if (!new_tree->u.list.elements[0]->u.isnot.child) {
+			return ldb_oom(ldb);
+		}
+		new_tree->u.list.elements[0]->u.isnot.child->operation = LDB_OP_EQUALITY;
+		new_tree->u.list.elements[0]->u.isnot.child->u.equality.attr = exclude_filter;
+		new_tree->u.list.elements[0]->u.isnot.child->u.equality.value = data_blob_string_const("TRUE");
+		new_tree->u.list.elements[1] = req->op.search.tree;
+	}
+
+	ret = ldb_build_search_req_ex(&down_req, ldb, req,
+				      req->op.search.base,
+				      req->op.search.scope,
+				      new_tree,
+				      req->op.search.attrs,
+				      req->controls,
+				      req, dsdb_next_callback,
+				      req);
+	LDB_REQ_SET_LOCATION(down_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/* mark the controls as done */
+	if (show_del != NULL) {
+		show_del->critical = 0;
+	}
+	if (show_rec != NULL) {
+		show_rec->critical = 0;
+	}
+
+	/* perform the search */
+	return ldb_next_request(module, down_req);
+}
+
+static int show_deleted_init(struct ldb_module *module)
+{
+	struct ldb_context *ldb;
+	int ret;
+	struct show_deleted_state *state;
+
+	state = talloc_zero(module, struct show_deleted_state);
+	if (state == NULL) {
+		return ldb_module_oom(module);
+	}
+	state->need_refresh = true;
+
+	ldb = ldb_module_get_ctx(module);
+
+	ret = ldb_mod_register_control(module, LDB_CONTROL_SHOW_DELETED_OID);
+	if (ret != LDB_SUCCESS) {
+		ldb_debug(ldb, LDB_DEBUG_ERROR,
+			"show_deleted: Unable to register control with rootdse!\n");
+		return ldb_operr(ldb);
+	}
+
+	ret = ldb_mod_register_control(module, LDB_CONTROL_SHOW_RECYCLED_OID);
+	if (ret != LDB_SUCCESS) {
+		ldb_debug(ldb, LDB_DEBUG_ERROR,
+			"show_deleted: Unable to register control with rootdse!\n");
+		return ldb_operr(ldb);
+	}
+
+	ret = ldb_next_init(module);
+
+	ldb_module_set_private(module, state);
+
+	return ret;
+}
+
+static const struct ldb_module_ops ldb_show_deleted_module_ops = {
+	.name		   = "show_deleted",
+	.search            = show_deleted_search,
+	.init_context	   = show_deleted_init
+};
+
+int ldb_show_deleted_module_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_show_deleted_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/subtree_delete.c b/source4/dsdb/samdb/ldb_modules/subtree_delete.c
new file mode 100644
index 0000000..24211b6
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/subtree_delete.c
@@ -0,0 +1,142 @@
+/* 
+   ldb database library
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2006-2007
+   Copyright (C) Andrew Tridgell <tridge@samba.org> 2009
+   Copyright (C) Stefan Metzmacher <metze@samba.org> 2007
+   Copyright (C) Simo Sorce <idra@samba.org> 2008
+   Copyright (C) Matthias Dieter Wallnöfer 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: ldb
+ *
+ *  Component: ldb subtree delete module
+ *
+ *  Description: Delete of a subtree in LDB
+ *
+ *  Author: Andrew Bartlett
+ */
+
+#include "includes.h"
+#include <ldb.h>
+#include <ldb_module.h>
+#include "dsdb/samdb/ldb_modules/util.h"
+#include "dsdb/common/util.h"
+
+
+static int subtree_delete(struct ldb_module *module, struct ldb_request *req)
+{
+	static const char * const attrs[] = { NULL };
+	struct ldb_result *res = NULL;
+	uint32_t flags;
+	unsigned int i;
+	int ret;
+
+	if (ldb_dn_is_special(req->op.del.dn)) {
+		/* do not manipulate our control entries */
+		return ldb_next_request(module, req);
+	}
+
+	/* see if we have any children */
+	ret = dsdb_module_search(module, req, &res, req->op.del.dn,
+				 LDB_SCOPE_ONELEVEL, attrs,
+				 DSDB_FLAG_NEXT_MODULE,
+				 req,
+				 "(objectClass=*)");
+	if (ret != LDB_SUCCESS) {
+		talloc_free(res);
+		return ret;
+	}
+	if (res->count == 0) {
+		talloc_free(res);
+		return ldb_next_request(module, req);
+	}
+
+	if (ldb_request_get_control(req, LDB_CONTROL_TREE_DELETE_OID) == NULL) {
+		/* Do not add any DN outputs to this error string!
+		 * Some MMC consoles (eg release 2000) have a strange
+		 * bug and prevent subtree deletes afterwards. */
+		ldb_asprintf_errstring(ldb_module_get_ctx(module),
+				       "subtree_delete: Unable to "
+				       "delete a non-leaf node "
+				       "(it has %u children)!",
+				       res->count);
+		talloc_free(res);
+		return LDB_ERR_NOT_ALLOWED_ON_NON_LEAF;
+	}
+
+	/*
+	 * we need to start from the top since other LDB modules could
+	 * enforce constraints (eg "objectclass" and "samldb" do so).
+	 *
+	 * We pass DSDB_FLAG_AS_SYSTEM as the acl module above us
+	 * has already checked for SEC_ADS_DELETE_TREE.
+	 */
+	flags = DSDB_FLAG_TOP_MODULE |
+		DSDB_FLAG_AS_SYSTEM |
+		DSDB_FLAG_TRUSTED |
+		DSDB_TREE_DELETE;
+	if (ldb_request_get_control(req, LDB_CONTROL_RELAX_OID) != NULL) {
+		flags |= DSDB_MODIFY_RELAX;
+	}
+
+	/*
+	 * The net result of this code is that the leaf nodes are
+	 * deleted first, as the parent is only deleted once these
+	 * calls (and the delete calls recursive within these)
+	 * complete.
+	 */
+	for (i = 0; i < res->count; i++) {
+		ret = dsdb_module_del(module, res->msgs[i]->dn, flags, req);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	talloc_free(res);
+
+	return ldb_next_request(module, req);
+}
+
+static int subtree_delete_init(struct ldb_module *module)
+{
+	struct ldb_context *ldb;
+	int ret;
+
+	ldb = ldb_module_get_ctx(module);
+
+	ret = ldb_mod_register_control(module, LDB_CONTROL_TREE_DELETE_OID);
+	if (ret != LDB_SUCCESS) {
+		ldb_debug(ldb, LDB_DEBUG_ERROR,
+			"subtree_delete: Unable to register control with rootdse!\n");
+		return ldb_operr(ldb);
+	}
+
+	return ldb_next_init(module);
+}
+
+static const struct ldb_module_ops ldb_subtree_delete_module_ops = {
+	.name		   = "subtree_delete",
+	.init_context      = subtree_delete_init,
+	.del               = subtree_delete
+};
+
+int ldb_subtree_delete_module_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_subtree_delete_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/subtree_rename.c b/source4/dsdb/samdb/ldb_modules/subtree_rename.c
new file mode 100644
index 0000000..be02e92
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/subtree_rename.c
@@ -0,0 +1,202 @@
+/* 
+   ldb database library
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2006-2007
+   Copyright (C) Stefan Metzmacher <metze@samba.org> 2007
+   Copyright (C) Matthias Dieter Wallnöfer <mdw@samba.org> 2010-2011
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: ldb
+ *
+ *  Component: ldb subtree rename module
+ *
+ *  Description: Rename a subtree in LDB
+ *
+ *  Author: Andrew Bartlett
+ */
+
+#include "includes.h"
+#include <ldb.h>
+#include <ldb_module.h>
+#include "libds/common/flags.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+
+struct subtree_rename_context {
+	struct ldb_module *module;
+	struct ldb_request *req;
+	bool base_renamed;
+};
+
+static struct subtree_rename_context *subren_ctx_init(struct ldb_module *module,
+						      struct ldb_request *req)
+{
+	struct subtree_rename_context *ac;
+
+
+	ac = talloc_zero(req, struct subtree_rename_context);
+	if (ac == NULL) {
+		return NULL;
+	}
+
+	ac->module = module;
+	ac->req = req;
+	ac->base_renamed = false;
+
+	return ac;
+}
+
+static int subtree_rename_search_onelevel_callback(struct ldb_request *req,
+						   struct ldb_reply *ares)
+{
+	struct subtree_rename_context *ac;
+	int ret;
+
+	ac = talloc_get_type(req->context, struct subtree_rename_context);
+
+	if (!ares) {
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	if (ac->base_renamed == false) {
+		ac->base_renamed = true;
+
+		ret = dsdb_module_rename(ac->module,
+					 ac->req->op.rename.olddn,
+					 ac->req->op.rename.newdn,
+					 DSDB_FLAG_NEXT_MODULE, req);
+		if (ret != LDB_SUCCESS) {
+			return ldb_module_done(ac->req, NULL, NULL, ret);
+		}
+	}
+
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+	{
+		struct ldb_dn *old_dn = NULL;
+		struct ldb_dn *new_dn = NULL;
+
+		old_dn = ares->message->dn;
+		new_dn = ldb_dn_copy(ares, old_dn);
+		if (!new_dn) {
+			return ldb_module_oom(ac->module);
+		}
+
+		if ( ! ldb_dn_remove_base_components(new_dn,
+				ldb_dn_get_comp_num(ac->req->op.rename.olddn))) {
+			return ldb_module_done(ac->req, NULL, NULL,
+						LDB_ERR_OPERATIONS_ERROR);
+		}
+
+		if ( ! ldb_dn_add_base(new_dn, ac->req->op.rename.newdn)) {
+			return ldb_module_done(ac->req, NULL, NULL,
+						LDB_ERR_OPERATIONS_ERROR);
+		}
+		ret = dsdb_module_rename(ac->module, old_dn, new_dn, DSDB_FLAG_OWN_MODULE, req);
+		if (ret != LDB_SUCCESS) {
+			return ldb_module_done(ac->req, NULL, NULL, ret);
+		}
+
+		talloc_free(ares);
+
+		return LDB_SUCCESS;
+	}
+	case LDB_REPLY_REFERRAL:
+		/* ignore */
+		break;
+	case LDB_REPLY_DONE:
+		talloc_free(ares);
+		return ldb_module_done(ac->req, NULL, NULL, LDB_SUCCESS);
+	default:
+	{
+		struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+
+		ldb_asprintf_errstring(ldb, "Invalid LDB reply type %d", ares->type);
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+	}
+
+	return LDB_SUCCESS;
+}
+
+/* rename */
+static int subtree_rename(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	static const char * const no_attrs[] = {NULL};
+	struct ldb_request *search_req;
+	struct subtree_rename_context *ac;
+	int ret;
+
+	if (ldb_dn_is_special(req->op.rename.olddn)) { /* do not manipulate our control entries */
+		return ldb_next_request(module, req);
+	}
+
+	ldb = ldb_module_get_ctx(module);
+
+	/*
+	 * This gets complex:  We need to:
+	 *  - Do a search for all entries under this entry
+	 *  - Wait for these results to appear
+	 *  - Do our own rename (in first callback)
+	 *  - In the callback for each result, issue a dsdb_module_rename()
+	 */
+
+	ac = subren_ctx_init(module, req);
+	if (!ac) {
+		return ldb_oom(ldb);
+	}
+
+	ret = ldb_build_search_req(&search_req, ldb_module_get_ctx(ac->module), ac,
+				   ac->req->op.rename.olddn,
+				   LDB_SCOPE_ONELEVEL,
+				   "(objectClass=*)",
+				   no_attrs,
+				   NULL,
+				   ac,
+				   subtree_rename_search_onelevel_callback,
+				   req);
+	LDB_REQ_SET_LOCATION(search_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = ldb_request_add_control(search_req, LDB_CONTROL_SHOW_RECYCLED_OID,
+				      true, NULL);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return ldb_next_request(ac->module, search_req);
+}
+
+static const struct ldb_module_ops ldb_subtree_rename_module_ops = {
+	.name		   = "subtree_rename",
+	.rename            = subtree_rename
+};
+
+int ldb_subtree_rename_module_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_subtree_rename_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/tests/possibleinferiors.py b/source4/dsdb/samdb/ldb_modules/tests/possibleinferiors.py
new file mode 100755
index 0000000..d28be8f
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/tests/possibleinferiors.py
@@ -0,0 +1,265 @@
+#!/usr/bin/env python3
+
+# Unix SMB/CIFS implementation.
+# Copyright (C) Andrew Tridgell 2009
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+"""Tests the possibleInferiors generation in the schema_fsmo ldb module"""
+
+import optparse
+import sys
+
+
+# Find right directory when running from source tree
+sys.path.insert(0, "bin/python")
+
+from samba import getopt as options, Ldb
+import ldb
+
+parser = optparse.OptionParser("possibleinferiors.py <URL> [<CLASS>]")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+parser.add_option_group(options.VersionOptions(parser))
+parser.add_option("--wspp", action="store_true")
+
+opts, args = parser.parse_args()
+
+if len(args) < 1:
+    parser.print_usage()
+    sys.exit(1)
+
+url = args[0]
+if (len(args) > 1):
+    objectclass = args[1]
+else:
+    objectclass = None
+
+
+def uniq_list(alist):
+    """return a unique list"""
+    set = {}
+    return [set.setdefault(e, e) for e in alist if e not in set]
+
+
+lp_ctx = sambaopts.get_loadparm()
+
+creds = credopts.get_credentials(lp_ctx)
+
+ldb_options = []
+# use 'paged_search' module when connecting remotely
+if url.lower().startswith("ldap://"):
+    ldb_options = ["modules:paged_searches"]
+
+db = Ldb(url, credentials=creds, lp=lp_ctx, options=ldb_options)
+
+# get the rootDSE
+res = db.search(base="", expression="",
+                scope=ldb.SCOPE_BASE,
+                attrs=["schemaNamingContext"])
+rootDse = res[0]
+
+schema_base = rootDse["schemaNamingContext"][0]
+
+
+def possible_inferiors_search(db, oc):
+    """return the possible inferiors via a search for the possibleInferiors attribute"""
+    res = db.search(base=schema_base,
+                    expression=("ldapDisplayName=%s" % oc),
+                    attrs=["possibleInferiors"])
+
+    poss = []
+    if len(res) == 0 or res[0].get("possibleInferiors") is None:
+        return poss
+    for item in res[0]["possibleInferiors"]:
+        poss.append(str(item))
+    poss = uniq_list(poss)
+    poss.sort()
+    return poss
+
+
+# see [MS-ADTS] section 3.1.1.4.5.21
+# and section 3.1.1.4.2 for this algorithm
+
+# !systemOnly=TRUE
+# !objectClassCategory=2
+# !objectClassCategory=3
+
+def supclasses(classinfo, oc):
+    list = []
+    if oc == "top":
+        return list
+    if classinfo[oc].get("SUPCLASSES") is not None:
+        return classinfo[oc]["SUPCLASSES"]
+    res = classinfo[oc]["subClassOf"]
+    for r in res:
+        list.append(r)
+        list.extend(supclasses(classinfo, r))
+    classinfo[oc]["SUPCLASSES"] = list
+    return list
+
+
+def auxclasses(classinfo, oclist):
+    list = []
+    if oclist == []:
+        return list
+    for oc in oclist:
+        if classinfo[oc].get("AUXCLASSES") is not None:
+            list.extend(classinfo[oc]["AUXCLASSES"])
+        else:
+            list2 = []
+            list2.extend(classinfo[oc]["systemAuxiliaryClass"])
+            list2.extend(auxclasses(classinfo, classinfo[oc]["systemAuxiliaryClass"]))
+            list2.extend(classinfo[oc]["auxiliaryClass"])
+            list2.extend(auxclasses(classinfo, classinfo[oc]["auxiliaryClass"]))
+            list2.extend(auxclasses(classinfo, supclasses(classinfo, oc)))
+            classinfo[oc]["AUXCLASSES"] = list2
+            list.extend(list2)
+    return list
+
+
+def subclasses(classinfo, oclist):
+    list = []
+    for oc in oclist:
+        list.extend(classinfo[oc]["SUBCLASSES"])
+    return list
+
+
+def posssuperiors(classinfo, oclist):
+    list = []
+    for oc in oclist:
+        if classinfo[oc].get("POSSSUPERIORS") is not None:
+            list.extend(classinfo[oc]["POSSSUPERIORS"])
+        else:
+            list2 = []
+            list2.extend(classinfo[oc]["systemPossSuperiors"])
+            list2.extend(classinfo[oc]["possSuperiors"])
+            list2.extend(posssuperiors(classinfo, supclasses(classinfo, oc)))
+            if opts.wspp:
+                # the WSPP docs suggest we should do this:
+                list2.extend(posssuperiors(classinfo, auxclasses(classinfo, [oc])))
+            else:
+                # but testing against w2k3 and w2k8 shows that we need to do this instead
+                list2.extend(subclasses(classinfo, list2))
+            classinfo[oc]["POSSSUPERIORS"] = list2
+            list.extend(list2)
+    return list
+
+
+def pull_classinfo(db):
+    """At startup we build a classinfo[] dictionary that holds all the information needed to construct the possible inferiors"""
+    classinfo = {}
+    res = db.search(base=schema_base,
+                    expression="objectclass=classSchema",
+                    attrs=["ldapDisplayName", "systemOnly", "objectClassCategory",
+                           "possSuperiors", "systemPossSuperiors",
+                           "auxiliaryClass", "systemAuxiliaryClass", "subClassOf"])
+    for r in res:
+        name = str(r["ldapDisplayName"][0])
+        classinfo[name] = {}
+        if str(r["systemOnly"]) == "TRUE":
+            classinfo[name]["systemOnly"] = True
+        else:
+            classinfo[name]["systemOnly"] = False
+        if r.get("objectClassCategory"):
+            classinfo[name]["objectClassCategory"] = int(r["objectClassCategory"][0])
+        else:
+            classinfo[name]["objectClassCategory"] = 0
+        for a in ["possSuperiors", "systemPossSuperiors",
+                  "auxiliaryClass", "systemAuxiliaryClass",
+                  "subClassOf"]:
+            classinfo[name][a] = []
+            if r.get(a):
+                for i in r[a]:
+                    classinfo[name][a].append(str(i))
+
+    # build a list of subclasses for each class
+    def subclasses_recurse(subclasses, oc):
+        list = subclasses[oc]
+        for c in list:
+            list.extend(subclasses_recurse(subclasses, c))
+        return list
+
+    subclasses = {}
+    for oc in classinfo:
+        subclasses[oc] = []
+    for oc in classinfo:
+        for c in classinfo[oc]["subClassOf"]:
+            if not c == oc:
+                subclasses[c].append(oc)
+    for oc in classinfo:
+        classinfo[oc]["SUBCLASSES"] = uniq_list(subclasses_recurse(subclasses, oc))
+
+    return classinfo
+
+
+def is_in_list(list, c):
+    for a in list:
+        if c == a:
+            return True
+    return False
+
+
+def possible_inferiors_constructed(db, classinfo, c):
+    list = []
+    for oc in classinfo:
+        superiors = posssuperiors(classinfo, [oc])
+        if (is_in_list(superiors, c) and
+            classinfo[oc]["systemOnly"] == False and
+            classinfo[oc]["objectClassCategory"] != 2 and
+            classinfo[oc]["objectClassCategory"] != 3):
+            list.append(oc)
+    list = uniq_list(list)
+    list.sort()
+    return list
+
+
+def test_class(db, classinfo, oc):
+    """test to see if one objectclass returns the correct possibleInferiors"""
+    print("test: objectClass.%s" % oc)
+    poss1 = possible_inferiors_search(db, oc)
+    poss2 = possible_inferiors_constructed(db, classinfo, oc)
+    if poss1 != poss2:
+        print("failure: objectClass.%s [" % oc)
+        print("Returned incorrect list for objectclass %s" % oc)
+        print("search:      %s" % poss1)
+        print("constructed: %s" % poss2)
+        for i in range(0, min(len(poss1), len(poss2))):
+            print("%30s %30s" % (poss1[i], poss2[i]))
+        print("]")
+        sys.exit(1)
+    else:
+        print("success: objectClass.%s" % oc)
+
+
+def get_object_classes(db):
+    """return a list of all object classes"""
+    list = []
+    for item in classinfo:
+        list.append(item)
+    return list
+
+
+classinfo = pull_classinfo(db)
+
+if objectclass is None:
+    for oc in get_object_classes(db):
+        test_class(db, classinfo, oc)
+else:
+    test_class(db, classinfo, objectclass)
+
+print("Lists match OK")
diff --git a/source4/dsdb/samdb/ldb_modules/tests/test_audit_log.c b/source4/dsdb/samdb/ldb_modules/tests/test_audit_log.c
new file mode 100644
index 0000000..fecaa3e
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/tests/test_audit_log.c
@@ -0,0 +1,2305 @@
+/*
+   Unit tests for the dsdb audit logging code code in audit_log.c
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2018
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <stdarg.h>
+#include <stddef.h>
+#include <setjmp.h>
+#include <unistd.h>
+#include <cmocka.h>
+
+int ldb_audit_log_module_init(const char *version);
+#include "../audit_log.c"
+
+#include "lib/ldb/include/ldb_private.h"
+#include <regex.h>
+#include <float.h>
+
+/*
+ * Test helper to check ISO 8601 timestamps for validity
+ */
+static void check_timestamp(time_t before, const char* timestamp)
+{
+	int rc;
+	int usec, tz;
+	char c[2];
+	struct tm tm;
+	time_t after;
+	time_t actual;
+	struct timeval tv;
+
+
+	rc = gettimeofday(&tv, NULL);
+	assert_return_code(rc, errno);
+	after = tv.tv_sec;
+
+	/*
+	 * Convert the ISO 8601 timestamp into a time_t
+	 * Note for convenience we ignore the value of the microsecond
+	 * part of the time stamp.
+	 */
+	rc = sscanf(
+		timestamp,
+		"%4d-%2d-%2dT%2d:%2d:%2d.%6d%1c%4d",
+		&tm.tm_year,
+		&tm.tm_mon,
+		&tm.tm_mday,
+		&tm.tm_hour,
+		&tm.tm_min,
+		&tm.tm_sec,
+		&usec,
+		c,
+		&tz);
+	assert_int_equal(9, rc);
+	tm.tm_year = tm.tm_year - 1900;
+	tm.tm_mon = tm.tm_mon - 1;
+	tm.tm_isdst = -1;
+	actual = mktime(&tm);
+
+	/*
+	 * The timestamp should be before <= actual <= after
+	 */
+	assert_in_range(actual, before, after);
+}
+
+static void test_has_password_changed(void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_message *msg = NULL;
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	ldb = ldb_init(ctx, NULL);
+
+	/*
+	 * Empty message
+	 */
+	msg = ldb_msg_new(ldb);
+	assert_false(has_password_changed(msg));
+	TALLOC_FREE(msg);
+
+	/*
+	 * No password attributes
+	 */
+	msg = ldb_msg_new(ldb);
+	ldb_msg_add_string(msg, "attr01", "value01");
+	assert_false(has_password_changed(msg));
+	TALLOC_FREE(msg);
+
+	/*
+	 * No password attributes >1 entries
+	 */
+	msg = ldb_msg_new(ldb);
+	ldb_msg_add_string(msg, "attr01", "value01");
+	ldb_msg_add_string(msg, "attr02", "value03");
+	ldb_msg_add_string(msg, "attr03", "value03");
+	assert_false(has_password_changed(msg));
+	TALLOC_FREE(msg);
+
+	/*
+	 *  userPassword set
+	 */
+	msg = ldb_msg_new(ldb);
+	ldb_msg_add_string(msg, "userPassword", "value01");
+	assert_true(has_password_changed(msg));
+	TALLOC_FREE(msg);
+
+	/*
+	 *  clearTextPassword set
+	 */
+	msg = ldb_msg_new(ldb);
+	ldb_msg_add_string(msg, "clearTextPassword", "value01");
+	assert_true(has_password_changed(msg));
+	TALLOC_FREE(msg);
+
+	/*
+	 *  unicodePwd set
+	 */
+	msg = ldb_msg_new(ldb);
+	ldb_msg_add_string(msg, "unicodePwd", "value01");
+	assert_true(has_password_changed(msg));
+	TALLOC_FREE(msg);
+
+	/*
+	 *  dBCSPwd set
+	 */
+	msg = ldb_msg_new(ldb);
+	ldb_msg_add_string(msg, "dBCSPwd", "value01");
+	assert_true(has_password_changed(msg));
+	TALLOC_FREE(msg);
+
+	/*
+	 *  All attributes set
+	 */
+	msg = ldb_msg_new(ldb);
+	ldb_msg_add_string(msg, "userPassword", "value01");
+	ldb_msg_add_string(msg, "clearTextPassword", "value02");
+	ldb_msg_add_string(msg, "unicodePwd", "value03");
+	ldb_msg_add_string(msg, "dBCSPwd", "value04");
+	assert_true(has_password_changed(msg));
+	TALLOC_FREE(msg);
+
+	/*
+	 *  first attribute is a password attribute
+	 */
+	msg = ldb_msg_new(ldb);
+	ldb_msg_add_string(msg, "userPassword", "value01");
+	ldb_msg_add_string(msg, "attr02", "value02");
+	ldb_msg_add_string(msg, "attr03", "value03");
+	ldb_msg_add_string(msg, "attr04", "value04");
+	assert_true(has_password_changed(msg));
+	TALLOC_FREE(msg);
+
+	/*
+	 *  last attribute is a password attribute
+	 */
+	msg = ldb_msg_new(ldb);
+	ldb_msg_add_string(msg, "attr01", "value01");
+	ldb_msg_add_string(msg, "attr02", "value02");
+	ldb_msg_add_string(msg, "attr03", "value03");
+	ldb_msg_add_string(msg, "clearTextPassword", "value04");
+	assert_true(has_password_changed(msg));
+	TALLOC_FREE(msg);
+
+	/*
+	 *  middle attribute is a password attribute
+	 */
+	msg = ldb_msg_new(ldb);
+	ldb_msg_add_string(msg, "attr01", "value01");
+	ldb_msg_add_string(msg, "attr02", "value02");
+	ldb_msg_add_string(msg, "unicodePwd", "pwd");
+	ldb_msg_add_string(msg, "attr03", "value03");
+	ldb_msg_add_string(msg, "attr04", "value04");
+	assert_true(has_password_changed(msg));
+	TALLOC_FREE(msg);
+
+	TALLOC_FREE(ctx);
+}
+
+static void test_get_password_action(void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_request *req = NULL;
+	struct ldb_reply *reply = NULL;
+	struct dsdb_control_password_acl_validation *pav = NULL;
+	int ret;
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+	ldb = ldb_init(ctx, NULL);
+
+	/*
+	 * Add request, will always be a reset
+	 */
+	ldb_build_add_req(&req, ldb, ctx, NULL, NULL, NULL, NULL, NULL);
+	reply = talloc_zero(ctx, struct ldb_reply);
+	assert_string_equal("Reset", get_password_action(req, reply));
+	TALLOC_FREE(req);
+	TALLOC_FREE(reply);
+
+	/*
+	 * No password control acl, expect "Reset"
+	 */
+	ldb_build_mod_req(&req, ldb, ctx, NULL, NULL, NULL, NULL, NULL);
+	reply = talloc_zero(ctx, struct ldb_reply);
+	assert_string_equal("Reset", get_password_action(req, reply));
+	TALLOC_FREE(req);
+	TALLOC_FREE(reply);
+
+	/*
+	 * dsdb_control_password_acl_validation reset = false, expect "Change"
+	 */
+	ret = ldb_build_mod_req(&req, ldb, ctx, NULL, NULL, NULL, NULL, NULL);
+	assert_int_equal(ret, LDB_SUCCESS);
+	reply = talloc_zero(ctx, struct ldb_reply);
+	pav = talloc_zero(req, struct dsdb_control_password_acl_validation);
+
+	ldb_reply_add_control(
+		reply,
+		DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID,
+		false,
+		pav);
+	assert_string_equal("Change", get_password_action(req, reply));
+	TALLOC_FREE(req);
+	TALLOC_FREE(reply);
+
+	/*
+	 * dsdb_control_password_acl_validation reset = true, expect "Reset"
+	 */
+	ldb_build_mod_req(&req, ldb, ctx, NULL, NULL, NULL, NULL, NULL);
+	reply = talloc_zero(ctx, struct ldb_reply);
+	pav = talloc_zero(req, struct dsdb_control_password_acl_validation);
+	pav->pwd_reset = true;
+
+	ldb_reply_add_control(
+		reply,
+		DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID,
+		false,
+		pav);
+	assert_string_equal("Reset", get_password_action(req, reply));
+	TALLOC_FREE(req);
+	TALLOC_FREE(reply);
+
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * Test helper to validate a version object.
+ */
+static void check_version(struct json_t *version, int major, int minor)
+{
+	struct json_t *v = NULL;
+
+	assert_true(json_is_object(version));
+	assert_int_equal(2, json_object_size(version));
+
+	v = json_object_get(version, "major");
+	assert_non_null(v);
+	assert_int_equal(major, json_integer_value(v));
+
+	v = json_object_get(version, "minor");
+	assert_non_null(v);
+	assert_int_equal(minor, json_integer_value(v));
+}
+
+/*
+ * minimal unit test of operation_json, that ensures that all the expected
+ * attributes and objects are in the json object.
+ */
+static void test_operation_json_empty(void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_module  *module = NULL;
+	struct ldb_request *req = NULL;
+	struct ldb_reply *reply = NULL;
+	struct audit_private *audit_private = NULL;
+
+	struct json_object json;
+	json_t *audit = NULL;
+	json_t *v = NULL;
+	json_t *o = NULL;
+	time_t before;
+	struct timeval tv;
+	int rc;
+
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	ldb = ldb_init(ctx, NULL);
+	audit_private = talloc_zero(ctx, struct audit_private);
+
+	module = talloc_zero(ctx, struct ldb_module);
+	module->ldb = ldb;
+	ldb_module_set_private(module, audit_private);
+
+	req = talloc_zero(ctx, struct ldb_request);
+	reply = talloc_zero(ctx, struct ldb_reply);
+	reply->error = LDB_SUCCESS;
+
+	rc = gettimeofday(&tv, NULL);
+	assert_return_code(rc, errno);
+	before = tv.tv_sec;
+	json = operation_json(module, req, reply);
+	assert_int_equal(3, json_object_size(json.root));
+
+
+	v = json_object_get(json.root, "type");
+	assert_non_null(v);
+	assert_string_equal("dsdbChange", json_string_value(v));
+
+	v = json_object_get(json.root, "timestamp");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	check_timestamp(before, json_string_value(v));
+
+	audit = json_object_get(json.root, "dsdbChange");
+	assert_non_null(audit);
+	assert_true(json_is_object(audit));
+	assert_int_equal(10, json_object_size(audit));
+
+	o = json_object_get(audit, "version");
+	assert_non_null(o);
+	check_version(o, OPERATION_MAJOR, OPERATION_MINOR);
+
+	v = json_object_get(audit, "statusCode");
+	assert_non_null(v);
+	assert_true(json_is_integer(v));
+	assert_int_equal(LDB_SUCCESS, json_integer_value(v));
+
+	v = json_object_get(audit, "status");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal("Success", json_string_value(v));
+
+	v = json_object_get(audit, "operation");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	/*
+	 * Search operation constant is zero
+	 */
+	assert_string_equal("Search", json_string_value(v));
+
+	v = json_object_get(audit, "remoteAddress");
+	assert_non_null(v);
+	assert_true(json_is_null(v));
+
+	v = json_object_get(audit, "userSid");
+	assert_non_null(v);
+	assert_true(json_is_null(v));
+
+	v = json_object_get(audit, "performedAsSystem");
+	assert_non_null(v);
+	assert_true(json_is_boolean(v));
+	assert_true(json_is_false(v));
+
+
+	v = json_object_get(audit, "dn");
+	assert_non_null(v);
+	assert_true(json_is_null(v));
+
+	v = json_object_get(audit, "transactionId");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal(
+		"00000000-0000-0000-0000-000000000000",
+		json_string_value(v));
+
+	v = json_object_get(audit, "sessionId");
+	assert_non_null(v);
+	assert_true(json_is_null(v));
+
+	json_free(&json);
+	TALLOC_FREE(ctx);
+
+}
+
+/*
+ * unit test of operation_json, that ensures that all the expected
+ * attributes and objects are in the json object.
+ */
+static void test_operation_json(void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_module  *module = NULL;
+	struct ldb_request *req = NULL;
+	struct ldb_reply *reply = NULL;
+	struct audit_private *audit_private = NULL;
+
+	struct tsocket_address *ts = NULL;
+
+	struct auth_session_info *sess = NULL;
+	struct security_token *token = NULL;
+	struct dom_sid sid;
+	const char *const SID = "S-1-5-21-2470180966-3899876309-2637894779";
+	const char * const SESSION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+	struct GUID session_id;
+
+	struct GUID transaction_id;
+	const char *const TRANSACTION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+
+	struct ldb_dn *dn = NULL;
+	const char *const DN = "dn=CN=USER,CN=Users,DC=SAMBA,DC=ORG";
+
+	struct ldb_message *msg = NULL;
+
+	struct json_object json;
+	json_t *audit = NULL;
+	json_t *v = NULL;
+	json_t *o = NULL;
+	json_t *a = NULL;
+	json_t *b = NULL;
+	json_t *c = NULL;
+	json_t *d = NULL;
+	json_t *e = NULL;
+	json_t *f = NULL;
+	json_t *g = NULL;
+	time_t before;
+	struct timeval tv;
+	int rc;
+
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	ldb = ldb_init(ctx, NULL);
+
+	audit_private = talloc_zero(ctx, struct audit_private);
+	GUID_from_string(TRANSACTION, &transaction_id);
+	audit_private->transaction_guid = transaction_id;
+
+	module = talloc_zero(ctx, struct ldb_module);
+	module->ldb = ldb;
+	ldb_module_set_private(module, audit_private);
+
+	tsocket_address_inet_from_strings(ctx, "ip", "127.0.0.1", 0, &ts);
+	ldb_set_opaque(ldb, "remoteAddress", ts);
+
+	sess = talloc_zero(ctx, struct auth_session_info);
+	token = talloc_zero(ctx, struct security_token);
+	string_to_sid(&sid, SID);
+	token->num_sids = 1;
+	token->sids = &sid;
+	sess->security_token = token;
+	GUID_from_string(SESSION, &session_id);
+	sess->unique_session_token = session_id;
+	ldb_set_opaque(ldb, DSDB_SESSION_INFO, sess);
+
+	msg = talloc_zero(ctx, struct ldb_message);
+	dn = ldb_dn_new(ctx, ldb, DN);
+	msg->dn = dn;
+	ldb_msg_add_string(msg, "attribute", "the-value");
+
+	req = talloc_zero(ctx, struct ldb_request);
+	req->operation =  LDB_ADD;
+	req->op.add.message = msg;
+
+	reply = talloc_zero(ctx, struct ldb_reply);
+	reply->error = LDB_ERR_OPERATIONS_ERROR;
+
+	rc = gettimeofday(&tv, NULL);
+	assert_return_code(rc, errno);
+	before = tv.tv_sec;
+	json = operation_json(module, req, reply);
+	assert_int_equal(3, json_object_size(json.root));
+
+	v = json_object_get(json.root, "type");
+	assert_non_null(v);
+	assert_string_equal("dsdbChange", json_string_value(v));
+
+	v = json_object_get(json.root, "timestamp");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	check_timestamp(before, json_string_value(v));
+
+	audit = json_object_get(json.root, "dsdbChange");
+	assert_non_null(audit);
+	assert_true(json_is_object(audit));
+	assert_int_equal(11, json_object_size(audit));
+
+	o = json_object_get(audit, "version");
+	assert_non_null(o);
+	check_version(o, OPERATION_MAJOR, OPERATION_MINOR);
+
+	v = json_object_get(audit, "statusCode");
+	assert_non_null(v);
+	assert_true(json_is_integer(v));
+	assert_int_equal(LDB_ERR_OPERATIONS_ERROR, json_integer_value(v));
+
+	v = json_object_get(audit, "status");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal("Operations error", json_string_value(v));
+
+	v = json_object_get(audit, "operation");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal("Add", json_string_value(v));
+
+	v = json_object_get(audit, "remoteAddress");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal("ipv4:127.0.0.1:0", json_string_value(v));
+
+	v = json_object_get(audit, "userSid");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal(SID, json_string_value(v));
+
+	v = json_object_get(audit, "performedAsSystem");
+	assert_non_null(v);
+	assert_true(json_is_boolean(v));
+	assert_true(json_is_false(v));
+
+	v = json_object_get(audit, "dn");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal(DN, json_string_value(v));
+
+	v = json_object_get(audit, "transactionId");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal(TRANSACTION, json_string_value(v));
+
+	v = json_object_get(audit, "sessionId");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal(SESSION, json_string_value(v));
+
+	o = json_object_get(audit, "attributes");
+	assert_non_null(v);
+	assert_true(json_is_object(o));
+	assert_int_equal(1, json_object_size(o));
+
+	a = json_object_get(o, "attribute");
+	assert_non_null(a);
+	assert_true(json_is_object(a));
+
+	b = json_object_get(a, "actions");
+	assert_non_null(b);
+	assert_true(json_is_array(b));
+	assert_int_equal(1, json_array_size(b));
+
+	c = json_array_get(b, 0);
+	assert_non_null(c);
+	assert_true(json_is_object(c));
+
+	d = json_object_get(c, "action");
+	assert_non_null(d);
+	assert_true(json_is_string(d));
+	assert_string_equal("add", json_string_value(d));
+
+	e = json_object_get(c, "values");
+	assert_non_null(b);
+	assert_true(json_is_array(e));
+	assert_int_equal(1, json_array_size(e));
+
+	f = json_array_get(e, 0);
+	assert_non_null(f);
+	assert_true(json_is_object(f));
+	assert_int_equal(1, json_object_size(f));
+
+	g = json_object_get(f, "value");
+	assert_non_null(g);
+	assert_true(json_is_string(g));
+	assert_string_equal("the-value", json_string_value(g));
+
+	json_free(&json);
+	TALLOC_FREE(ctx);
+
+}
+
+/*
+ * unit test of operation_json, that ensures that all the expected
+ * attributes and objects are in the json object.
+ * In this case for an operation performed as the system user.
+ */
+static void test_as_system_operation_json(void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_module  *module = NULL;
+	struct ldb_request *req = NULL;
+	struct ldb_reply *reply = NULL;
+	struct audit_private *audit_private = NULL;
+
+	struct tsocket_address *ts = NULL;
+
+	struct auth_session_info *sess = NULL;
+	struct auth_session_info *sys_sess = NULL;
+	struct security_token *token = NULL;
+	struct security_token *sys_token = NULL;
+	struct dom_sid sid;
+	const char *const SID = "S-1-5-21-2470180966-3899876309-2637894779";
+	const char * const SESSION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+	const char * const SYS_SESSION = "7130cb06-2062-6a1b-409e-3514c26b1998";
+	struct GUID session_id;
+	struct GUID sys_session_id;
+
+	struct GUID transaction_id;
+	const char *const TRANSACTION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+
+	struct ldb_dn *dn = NULL;
+	const char *const DN = "dn=CN=USER,CN=Users,DC=SAMBA,DC=ORG";
+
+	struct ldb_message *msg = NULL;
+
+	struct json_object json;
+	json_t *audit = NULL;
+	json_t *v = NULL;
+	json_t *o = NULL;
+	json_t *a = NULL;
+	json_t *b = NULL;
+	json_t *c = NULL;
+	json_t *d = NULL;
+	json_t *e = NULL;
+	json_t *f = NULL;
+	json_t *g = NULL;
+	time_t before;
+	struct timeval tv;
+	int rc;
+
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	ldb = ldb_init(ctx, NULL);
+
+	audit_private = talloc_zero(ctx, struct audit_private);
+	GUID_from_string(TRANSACTION, &transaction_id);
+	audit_private->transaction_guid = transaction_id;
+
+	module = talloc_zero(ctx, struct ldb_module);
+	module->ldb = ldb;
+	ldb_module_set_private(module, audit_private);
+
+	tsocket_address_inet_from_strings(ctx, "ip", "127.0.0.1", 0, &ts);
+	ldb_set_opaque(ldb, "remoteAddress", ts);
+
+	sess = talloc_zero(ctx, struct auth_session_info);
+	token = talloc_zero(ctx, struct security_token);
+	string_to_sid(&sid, SID);
+	token->num_sids = 1;
+	token->sids = &sid;
+	sess->security_token = token;
+	GUID_from_string(SESSION, &session_id);
+	sess->unique_session_token = session_id;
+	ldb_set_opaque(ldb, DSDB_NETWORK_SESSION_INFO, sess);
+
+	sys_sess = talloc_zero(ctx, struct auth_session_info);
+	sys_token = talloc_zero(ctx, struct security_token);
+	sys_token->num_sids = 1;
+	sys_token->sids = discard_const(&global_sid_System);
+	sys_sess->security_token = sys_token;
+	GUID_from_string(SYS_SESSION, &sys_session_id);
+	sess->unique_session_token = sys_session_id;
+	ldb_set_opaque(ldb, DSDB_SESSION_INFO, sys_sess);
+
+	msg = talloc_zero(ctx, struct ldb_message);
+	dn = ldb_dn_new(ctx, ldb, DN);
+	msg->dn = dn;
+	ldb_msg_add_string(msg, "attribute", "the-value");
+
+	req = talloc_zero(ctx, struct ldb_request);
+	req->operation =  LDB_ADD;
+	req->op.add.message = msg;
+
+	reply = talloc_zero(ctx, struct ldb_reply);
+	reply->error = LDB_ERR_OPERATIONS_ERROR;
+
+	rc = gettimeofday(&tv, NULL);
+	assert_return_code(rc, errno);
+	before = tv.tv_sec;
+	json = operation_json(module, req, reply);
+	assert_int_equal(3, json_object_size(json.root));
+
+	v = json_object_get(json.root, "type");
+	assert_non_null(v);
+	assert_string_equal("dsdbChange", json_string_value(v));
+
+	v = json_object_get(json.root, "timestamp");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	check_timestamp(before, json_string_value(v));
+
+	audit = json_object_get(json.root, "dsdbChange");
+	assert_non_null(audit);
+	assert_true(json_is_object(audit));
+	assert_int_equal(11, json_object_size(audit));
+
+	o = json_object_get(audit, "version");
+	assert_non_null(o);
+	check_version(o, OPERATION_MAJOR, OPERATION_MINOR);
+
+	v = json_object_get(audit, "statusCode");
+	assert_non_null(v);
+	assert_true(json_is_integer(v));
+	assert_int_equal(LDB_ERR_OPERATIONS_ERROR, json_integer_value(v));
+
+	v = json_object_get(audit, "status");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal("Operations error", json_string_value(v));
+
+	v = json_object_get(audit, "operation");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal("Add", json_string_value(v));
+
+	v = json_object_get(audit, "remoteAddress");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal("ipv4:127.0.0.1:0", json_string_value(v));
+
+	v = json_object_get(audit, "userSid");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal(SID, json_string_value(v));
+
+	v = json_object_get(audit, "performedAsSystem");
+	assert_non_null(v);
+	assert_true(json_is_boolean(v));
+	assert_true(json_is_true(v));
+
+	v = json_object_get(audit, "dn");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal(DN, json_string_value(v));
+
+	v = json_object_get(audit, "transactionId");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal(TRANSACTION, json_string_value(v));
+
+	v = json_object_get(audit, "sessionId");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal(SYS_SESSION, json_string_value(v));
+
+	o = json_object_get(audit, "attributes");
+	assert_non_null(v);
+	assert_true(json_is_object(o));
+	assert_int_equal(1, json_object_size(o));
+
+	a = json_object_get(o, "attribute");
+	assert_non_null(a);
+	assert_true(json_is_object(a));
+
+	b = json_object_get(a, "actions");
+	assert_non_null(b);
+	assert_true(json_is_array(b));
+	assert_int_equal(1, json_array_size(b));
+
+	c = json_array_get(b, 0);
+	assert_non_null(c);
+	assert_true(json_is_object(c));
+
+	d = json_object_get(c, "action");
+	assert_non_null(d);
+	assert_true(json_is_string(d));
+	assert_string_equal("add", json_string_value(d));
+
+	e = json_object_get(c, "values");
+	assert_non_null(b);
+	assert_true(json_is_array(e));
+	assert_int_equal(1, json_array_size(e));
+
+	f = json_array_get(e, 0);
+	assert_non_null(f);
+	assert_true(json_is_object(f));
+	assert_int_equal(1, json_object_size(f));
+
+	g = json_object_get(f, "value");
+	assert_non_null(g);
+	assert_true(json_is_string(g));
+	assert_string_equal("the-value", json_string_value(g));
+
+	json_free(&json);
+	TALLOC_FREE(ctx);
+
+}
+
+/*
+ * minimal unit test of password_change_json, that ensures that all the expected
+ * attributes and objects are in the json object.
+ */
+static void test_password_change_json_empty(void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_module  *module = NULL;
+	struct ldb_request *req = NULL;
+	struct ldb_reply *reply = NULL;
+	struct audit_private *audit_private = NULL;
+
+	struct json_object json;
+	json_t *audit = NULL;
+	json_t *v = NULL;
+	json_t *o = NULL;
+	time_t before;
+	struct timeval tv;
+	int rc;
+
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	ldb = ldb_init(ctx, NULL);
+	audit_private = talloc_zero(ctx, struct audit_private);
+
+	module = talloc_zero(ctx, struct ldb_module);
+	module->ldb = ldb;
+	ldb_module_set_private(module, audit_private);
+
+	req = talloc_zero(ctx, struct ldb_request);
+	reply = talloc_zero(ctx, struct ldb_reply);
+	reply->error = LDB_SUCCESS;
+
+	rc = gettimeofday(&tv, NULL);
+	assert_return_code(rc, errno);
+	before = tv.tv_sec;
+	json = password_change_json(module, req, reply);
+	assert_int_equal(3, json_object_size(json.root));
+
+
+	v = json_object_get(json.root, "type");
+	assert_non_null(v);
+	assert_string_equal("passwordChange", json_string_value(v));
+
+	v = json_object_get(json.root, "timestamp");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	check_timestamp(before, json_string_value(v));
+
+	audit = json_object_get(json.root, "passwordChange");
+	assert_non_null(audit);
+	assert_true(json_is_object(audit));
+	assert_int_equal(10, json_object_size(audit));
+
+	o = json_object_get(audit, "version");
+	assert_non_null(o);
+
+	v = json_object_get(audit, "eventId");
+	assert_non_null(v);
+
+	v = json_object_get(audit, "statusCode");
+	assert_non_null(v);
+
+	v = json_object_get(audit, "status");
+	assert_non_null(v);
+
+	v = json_object_get(audit, "remoteAddress");
+	assert_non_null(v);
+
+	v = json_object_get(audit, "userSid");
+	assert_non_null(v);
+
+	v = json_object_get(audit, "dn");
+	assert_non_null(v);
+
+	v = json_object_get(audit, "transactionId");
+	assert_non_null(v);
+
+	v = json_object_get(audit, "sessionId");
+	assert_non_null(v);
+
+	v = json_object_get(audit, "action");
+	assert_non_null(v);
+
+	json_free(&json);
+	TALLOC_FREE(ctx);
+
+}
+
+/*
+ * minimal unit test of password_change_json, that ensures that all the expected
+ * attributes and objects are in the json object.
+ */
+static void test_password_change_json(void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_module  *module = NULL;
+	struct ldb_request *req = NULL;
+	struct ldb_reply *reply = NULL;
+	struct audit_private *audit_private = NULL;
+
+	struct tsocket_address *ts = NULL;
+
+	struct auth_session_info *sess = NULL;
+	struct security_token *token = NULL;
+	struct dom_sid sid;
+	const char *const SID = "S-1-5-21-2470180966-3899876309-2637894779";
+	const char * const SESSION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+	struct GUID session_id;
+
+	struct GUID transaction_id;
+	const char *const TRANSACTION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+
+	struct ldb_dn *dn = NULL;
+	const char *const DN = "dn=CN=USER,CN=Users,DC=SAMBA,DC=ORG";
+
+	struct ldb_message *msg = NULL;
+
+	struct json_object json;
+	json_t *audit = NULL;
+	json_t *v = NULL;
+	json_t *o = NULL;
+	time_t before;
+	struct timeval tv;
+	int rc;
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	ldb = ldb_init(ctx, NULL);
+
+	audit_private = talloc_zero(ctx, struct audit_private);
+	GUID_from_string(TRANSACTION, &transaction_id);
+	audit_private->transaction_guid = transaction_id;
+
+	module = talloc_zero(ctx, struct ldb_module);
+	module->ldb = ldb;
+	ldb_module_set_private(module, audit_private);
+
+	tsocket_address_inet_from_strings(ctx, "ip", "127.0.0.1", 0, &ts);
+	ldb_set_opaque(ldb, "remoteAddress", ts);
+
+	sess = talloc_zero(ctx, struct auth_session_info);
+	token = talloc_zero(ctx, struct security_token);
+	string_to_sid(&sid, SID);
+	token->num_sids = 1;
+	token->sids = &sid;
+	sess->security_token = token;
+	GUID_from_string(SESSION, &session_id);
+	sess->unique_session_token = session_id;
+	ldb_set_opaque(ldb, DSDB_SESSION_INFO, sess);
+
+	msg = talloc_zero(ctx, struct ldb_message);
+	dn = ldb_dn_new(ctx, ldb, DN);
+	msg->dn = dn;
+	ldb_msg_add_string(msg, "planTextPassword", "super-secret");
+
+	req = talloc_zero(ctx, struct ldb_request);
+	req->operation =  LDB_ADD;
+	req->op.add.message = msg;
+	reply = talloc_zero(ctx, struct ldb_reply);
+	reply->error = LDB_SUCCESS;
+
+	rc = gettimeofday(&tv, NULL);
+	assert_return_code(rc, errno);
+	before = tv.tv_sec;
+	json = password_change_json(module, req, reply);
+	assert_int_equal(3, json_object_size(json.root));
+
+
+	v = json_object_get(json.root, "type");
+	assert_non_null(v);
+	assert_string_equal("passwordChange", json_string_value(v));
+
+	v = json_object_get(json.root, "timestamp");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	check_timestamp(before, json_string_value(v));
+
+	audit = json_object_get(json.root, "passwordChange");
+	assert_non_null(audit);
+	assert_true(json_is_object(audit));
+	assert_int_equal(10, json_object_size(audit));
+
+	o = json_object_get(audit, "version");
+	assert_non_null(o);
+	check_version(o, PASSWORD_MAJOR,PASSWORD_MINOR);
+
+	v = json_object_get(audit, "eventId");
+	assert_non_null(v);
+	assert_true(json_is_integer(v));
+	assert_int_equal(EVT_ID_PASSWORD_RESET, json_integer_value(v));
+
+	v = json_object_get(audit, "statusCode");
+	assert_non_null(v);
+	assert_true(json_is_integer(v));
+	assert_int_equal(LDB_SUCCESS, json_integer_value(v));
+
+	v = json_object_get(audit, "status");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal("Success", json_string_value(v));
+
+	v = json_object_get(audit, "remoteAddress");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal("ipv4:127.0.0.1:0", json_string_value(v));
+
+	v = json_object_get(audit, "userSid");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal(SID, json_string_value(v));
+
+	v = json_object_get(audit, "dn");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal(DN, json_string_value(v));
+
+	v = json_object_get(audit, "transactionId");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal(TRANSACTION, json_string_value(v));
+
+	v = json_object_get(audit, "sessionId");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal(SESSION, json_string_value(v));
+
+	v = json_object_get(audit, "action");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal("Reset", json_string_value(v));
+
+	json_free(&json);
+	TALLOC_FREE(ctx);
+
+}
+
+
+/*
+ * minimal unit test of transaction_json, that ensures that all the expected
+ * attributes and objects are in the json object.
+ */
+static void test_transaction_json(void **state)
+{
+
+	struct GUID guid;
+	const char * const GUID = "7130cb06-2062-6a1b-409e-3514c26b1773";
+
+	struct json_object json;
+	json_t *audit = NULL;
+	json_t *v = NULL;
+	json_t *o = NULL;
+	time_t before;
+	struct timeval tv;
+	int rc;
+
+	GUID_from_string(GUID, &guid);
+
+	rc = gettimeofday(&tv, NULL);
+	assert_return_code(rc, errno);
+	before = tv.tv_sec;
+	json = transaction_json("delete", &guid, 10000099);
+
+	assert_int_equal(3, json_object_size(json.root));
+
+
+	v = json_object_get(json.root, "type");
+	assert_non_null(v);
+	assert_string_equal("dsdbTransaction", json_string_value(v));
+
+	v = json_object_get(json.root, "timestamp");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	check_timestamp(before, json_string_value(v));
+
+	audit = json_object_get(json.root, "dsdbTransaction");
+	assert_non_null(audit);
+	assert_true(json_is_object(audit));
+	assert_int_equal(4, json_object_size(audit));
+
+	o = json_object_get(audit, "version");
+	assert_non_null(o);
+	check_version(o, TRANSACTION_MAJOR, TRANSACTION_MINOR);
+
+	v = json_object_get(audit, "transactionId");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal(GUID, json_string_value(v));
+
+	v = json_object_get(audit, "action");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal("delete", json_string_value(v));
+
+	v = json_object_get(audit, "duration");
+	assert_non_null(v);
+	assert_true(json_is_integer(v));
+	assert_int_equal(10000099, json_integer_value(v));
+
+	json_free(&json);
+
+}
+
+/*
+ * minimal unit test of commit_failure_json, that ensures that all the
+ * expected attributes and objects are in the json object.
+ */
+static void test_commit_failure_json(void **state)
+{
+
+	struct GUID guid;
+	const char * const GUID = "7130cb06-2062-6a1b-409e-3514c26b1773";
+
+	struct json_object json;
+	json_t *audit = NULL;
+	json_t *v = NULL;
+	json_t *o = NULL;
+	time_t before;
+	struct timeval tv;
+	int rc;
+
+	GUID_from_string(GUID, &guid);
+
+	rc = gettimeofday(&tv, NULL);
+	assert_return_code(rc, errno);
+	before = tv.tv_sec;
+	json = commit_failure_json(
+		"prepare",
+		987876,
+		LDB_ERR_OPERATIONS_ERROR,
+		"because",
+		&guid);
+
+	assert_int_equal(3, json_object_size(json.root));
+
+
+	v = json_object_get(json.root, "type");
+	assert_non_null(v);
+	assert_string_equal("dsdbTransaction", json_string_value(v));
+
+	v = json_object_get(json.root, "timestamp");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	check_timestamp(before, json_string_value(v));
+
+	audit = json_object_get(json.root, "dsdbTransaction");
+	assert_non_null(audit);
+	assert_true(json_is_object(audit));
+	assert_int_equal(7, json_object_size(audit));
+
+	o = json_object_get(audit, "version");
+	assert_non_null(o);
+	check_version(o, TRANSACTION_MAJOR, TRANSACTION_MINOR);
+
+	v = json_object_get(audit, "transactionId");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal(GUID, json_string_value(v));
+
+	v = json_object_get(audit, "action");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal("prepare", json_string_value(v));
+
+	v = json_object_get(audit, "statusCode");
+	assert_non_null(v);
+	assert_true(json_is_integer(v));
+	assert_int_equal(LDB_ERR_OPERATIONS_ERROR, json_integer_value(v));
+
+	v = json_object_get(audit, "status");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal("Operations error", json_string_value(v));
+	v = json_object_get(audit, "status");
+	assert_non_null(v);
+
+	v = json_object_get(audit, "reason");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal("because", json_string_value(v));
+
+	v = json_object_get(audit, "duration");
+	assert_non_null(v);
+	assert_true(json_is_integer(v));
+	assert_int_equal(987876, json_integer_value(v));
+
+	json_free(&json);
+
+}
+
+/*
+ * minimal unit test of replicated_update_json, that ensures that all the
+ * expected attributes and objects are in the json object.
+ */
+static void test_replicated_update_json_empty(void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_module  *module = NULL;
+	struct ldb_request *req = NULL;
+	struct ldb_reply *reply = NULL;
+	struct audit_private *audit_private = NULL;
+	struct dsdb_extended_replicated_objects *ro = NULL;
+	struct repsFromTo1 *source_dsa = NULL;
+
+	struct json_object json;
+	json_t *audit = NULL;
+	json_t *v = NULL;
+	json_t *o = NULL;
+	time_t before;
+	struct timeval tv;
+	int rc;
+
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	ldb = ldb_init(ctx, NULL);
+	audit_private = talloc_zero(ctx, struct audit_private);
+
+	module = talloc_zero(ctx, struct ldb_module);
+	module->ldb = ldb;
+	ldb_module_set_private(module, audit_private);
+
+	source_dsa = talloc_zero(ctx, struct repsFromTo1);
+	ro = talloc_zero(ctx, struct dsdb_extended_replicated_objects);
+	ro->source_dsa = source_dsa;
+	req = talloc_zero(ctx, struct ldb_request);
+	req->op.extended.data = ro;
+	req->operation = LDB_EXTENDED;
+	reply = talloc_zero(ctx, struct ldb_reply);
+	reply->error = LDB_SUCCESS;
+
+	rc = gettimeofday(&tv, NULL);
+	assert_return_code(rc, errno);
+	before = tv.tv_sec;
+	json = replicated_update_json(module, req, reply);
+	assert_int_equal(3, json_object_size(json.root));
+
+
+	v = json_object_get(json.root, "type");
+	assert_non_null(v);
+	assert_string_equal("replicatedUpdate", json_string_value(v));
+
+	v = json_object_get(json.root, "timestamp");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	check_timestamp(before, json_string_value(v));
+
+	audit = json_object_get(json.root, "replicatedUpdate");
+	assert_non_null(audit);
+	assert_true(json_is_object(audit));
+	assert_int_equal(11, json_object_size(audit));
+
+	o = json_object_get(audit, "version");
+	assert_non_null(o);
+	check_version(o, REPLICATION_MAJOR, REPLICATION_MINOR);
+
+	v = json_object_get(audit, "statusCode");
+	assert_non_null(v);
+	assert_true(json_is_integer(v));
+	assert_int_equal(LDB_SUCCESS, json_integer_value(v));
+
+	v = json_object_get(audit, "status");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal("Success", json_string_value(v));
+
+	v = json_object_get(audit, "transactionId");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal(
+		"00000000-0000-0000-0000-000000000000",
+		json_string_value(v));
+
+	v = json_object_get(audit, "objectCount");
+	assert_non_null(v);
+	assert_true(json_is_integer(v));
+	assert_int_equal(0, json_integer_value(v));
+
+	v = json_object_get(audit, "linkCount");
+	assert_non_null(v);
+	assert_true(json_is_integer(v));
+	assert_int_equal(0, json_integer_value(v));
+
+	v = json_object_get(audit, "partitionDN");
+	assert_non_null(v);
+	assert_true(json_is_null(v));
+
+	v = json_object_get(audit, "error");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal(
+		"The operation completed successfully.",
+		json_string_value(v));
+
+	v = json_object_get(audit, "errorCode");
+	assert_non_null(v);
+	assert_true(json_is_integer(v));
+	assert_int_equal(0, json_integer_value(v));
+
+	v = json_object_get(audit, "sourceDsa");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal(
+		"00000000-0000-0000-0000-000000000000",
+		json_string_value(v));
+
+	v = json_object_get(audit, "invocationId");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal(
+		"00000000-0000-0000-0000-000000000000",
+		json_string_value(v));
+
+	json_free(&json);
+	TALLOC_FREE(ctx);
+
+}
+
+/*
+ * unit test of replicated_update_json, that ensures that all the expected
+ * attributes and objects are in the json object.
+ */
+static void test_replicated_update_json(void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_module  *module = NULL;
+	struct ldb_request *req = NULL;
+	struct ldb_reply *reply = NULL;
+	struct audit_private *audit_private = NULL;
+	struct dsdb_extended_replicated_objects *ro = NULL;
+	struct repsFromTo1 *source_dsa = NULL;
+
+	struct GUID transaction_id;
+	const char *const TRANSACTION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+
+	struct ldb_dn *dn = NULL;
+	const char *const DN = "dn=CN=USER,CN=Users,DC=SAMBA,DC=ORG";
+
+	struct GUID source_dsa_obj_guid;
+	const char *const SOURCE_DSA = "7130cb06-2062-6a1b-409e-3514c26b1793";
+
+	struct GUID invocation_id;
+	const char *const INVOCATION_ID =
+		"7130cb06-2062-6a1b-409e-3514c26b1893";
+	struct json_object json;
+	json_t *audit = NULL;
+	json_t *v = NULL;
+	json_t *o = NULL;
+	time_t before;
+	struct timeval tv;
+	int rc;
+
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	ldb = ldb_init(ctx, NULL);
+
+	audit_private = talloc_zero(ctx, struct audit_private);
+	GUID_from_string(TRANSACTION, &transaction_id);
+	audit_private->transaction_guid = transaction_id;
+
+	module = talloc_zero(ctx, struct ldb_module);
+	module->ldb = ldb;
+	ldb_module_set_private(module, audit_private);
+
+	dn = ldb_dn_new(ctx, ldb, DN);
+	GUID_from_string(SOURCE_DSA, &source_dsa_obj_guid);
+	GUID_from_string(INVOCATION_ID, &invocation_id);
+	source_dsa = talloc_zero(ctx, struct repsFromTo1);
+	source_dsa->source_dsa_obj_guid = source_dsa_obj_guid;
+	source_dsa->source_dsa_invocation_id = invocation_id;
+
+	ro = talloc_zero(ctx, struct dsdb_extended_replicated_objects);
+	ro->source_dsa = source_dsa;
+	ro->num_objects = 808;
+	ro->linked_attributes_count = 2910;
+	ro->partition_dn = dn;
+	ro->error = WERR_NOT_SUPPORTED;
+
+
+	req = talloc_zero(ctx, struct ldb_request);
+	req->op.extended.data = ro;
+	req->operation = LDB_EXTENDED;
+
+	reply = talloc_zero(ctx, struct ldb_reply);
+	reply->error = LDB_ERR_NO_SUCH_OBJECT;
+
+	rc = gettimeofday(&tv, NULL);
+	assert_return_code(rc, errno);
+	before = tv.tv_sec;
+	json = replicated_update_json(module, req, reply);
+	assert_int_equal(3, json_object_size(json.root));
+
+
+	v = json_object_get(json.root, "type");
+	assert_non_null(v);
+	assert_string_equal("replicatedUpdate", json_string_value(v));
+
+	v = json_object_get(json.root, "timestamp");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	check_timestamp(before, json_string_value(v));
+
+	audit = json_object_get(json.root, "replicatedUpdate");
+	assert_non_null(audit);
+	assert_true(json_is_object(audit));
+	assert_int_equal(11, json_object_size(audit));
+
+	o = json_object_get(audit, "version");
+	assert_non_null(o);
+	check_version(o, REPLICATION_MAJOR, REPLICATION_MINOR);
+
+	v = json_object_get(audit, "statusCode");
+	assert_non_null(v);
+	assert_true(json_is_integer(v));
+	assert_int_equal(LDB_ERR_NO_SUCH_OBJECT, json_integer_value(v));
+
+	v = json_object_get(audit, "status");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal("No such object", json_string_value(v));
+
+	v = json_object_get(audit, "transactionId");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal(TRANSACTION, json_string_value(v));
+
+	v = json_object_get(audit, "objectCount");
+	assert_non_null(v);
+	assert_true(json_is_integer(v));
+	assert_int_equal(808, json_integer_value(v));
+
+	v = json_object_get(audit, "linkCount");
+	assert_non_null(v);
+	assert_true(json_is_integer(v));
+	assert_int_equal(2910, json_integer_value(v));
+
+	v = json_object_get(audit, "partitionDN");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal(DN, json_string_value(v));
+
+	v = json_object_get(audit, "error");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal(
+		"The request is not supported.",
+		json_string_value(v));
+
+	v = json_object_get(audit, "errorCode");
+	assert_non_null(v);
+	assert_true(json_is_integer(v));
+	assert_int_equal(W_ERROR_V(WERR_NOT_SUPPORTED), json_integer_value(v));
+
+	v = json_object_get(audit, "sourceDsa");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal(SOURCE_DSA, json_string_value(v));
+
+	v = json_object_get(audit, "invocationId");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal(INVOCATION_ID, json_string_value(v));
+
+	json_free(&json);
+	TALLOC_FREE(ctx);
+
+}
+
+/*
+ * minimal unit test of operation_human_readable, that ensures that all the
+ * expected attributes and objects are in the json object.
+ */
+static void test_operation_hr_empty(void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_module  *module = NULL;
+	struct ldb_request *req = NULL;
+	struct ldb_reply *reply = NULL;
+	struct audit_private *audit_private = NULL;
+
+	char *line = NULL;
+	const char *rs = NULL;
+	regex_t regex;
+
+	int ret;
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	ldb = ldb_init(ctx, NULL);
+	audit_private = talloc_zero(ctx, struct audit_private);
+
+	module = talloc_zero(ctx, struct ldb_module);
+	module->ldb = ldb;
+	ldb_module_set_private(module, audit_private);
+
+	req = talloc_zero(ctx, struct ldb_request);
+	reply = talloc_zero(ctx, struct ldb_reply);
+	reply->error = LDB_SUCCESS;
+
+	line = operation_human_readable(ctx, module, req, reply);
+	assert_non_null(line);
+
+	/*
+	 * We ignore the timestamp to make this test a little easier
+	 * to write.
+	 */
+	rs = 	"\\[Search] at \\["
+		"[^[]*"
+		"\\] status \\[Success\\] remote host \\[Unknown\\]"
+		" SID \\[(NULL SID)\\] DN \\[(null)\\]";
+
+	ret = regcomp(&regex, rs, 0);
+	assert_int_equal(0, ret);
+
+	ret = regexec(&regex, line, 0, NULL, 0);
+	assert_int_equal(0, ret);
+
+	regfree(&regex);
+	TALLOC_FREE(ctx);
+
+}
+
+/*
+ * unit test of operation_json, that ensures that all the expected
+ * attributes and objects are in the json object.
+ */
+static void test_operation_hr(void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_module  *module = NULL;
+	struct ldb_request *req = NULL;
+	struct ldb_reply *reply = NULL;
+	struct audit_private *audit_private = NULL;
+
+	struct tsocket_address *ts = NULL;
+
+	struct auth_session_info *sess = NULL;
+	struct security_token *token = NULL;
+	struct dom_sid sid;
+	const char *const SID = "S-1-5-21-2470180966-3899876309-2637894779";
+	const char * const SESSION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+	struct GUID session_id;
+
+	struct GUID transaction_id;
+	const char *const TRANSACTION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+
+	struct ldb_dn *dn = NULL;
+	const char *const DN = "dn=CN=USER,CN=Users,DC=SAMBA,DC=ORG";
+
+	struct ldb_message *msg = NULL;
+
+	char *line = NULL;
+	const char *rs = NULL;
+	regex_t regex;
+
+	int ret;
+
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	ldb = ldb_init(ctx, NULL);
+
+	audit_private = talloc_zero(ctx, struct audit_private);
+	GUID_from_string(TRANSACTION, &transaction_id);
+	audit_private->transaction_guid = transaction_id;
+
+	module = talloc_zero(ctx, struct ldb_module);
+	module->ldb = ldb;
+	ldb_module_set_private(module, audit_private);
+
+	tsocket_address_inet_from_strings(ctx, "ip", "127.0.0.1", 0, &ts);
+	ldb_set_opaque(ldb, "remoteAddress", ts);
+
+	sess = talloc_zero(ctx, struct auth_session_info);
+	token = talloc_zero(ctx, struct security_token);
+	string_to_sid(&sid, SID);
+	token->num_sids = 1;
+	token->sids = &sid;
+	sess->security_token = token;
+	GUID_from_string(SESSION, &session_id);
+	sess->unique_session_token = session_id;
+	ldb_set_opaque(ldb, DSDB_SESSION_INFO, sess);
+
+	msg = talloc_zero(ctx, struct ldb_message);
+	dn = ldb_dn_new(ctx, ldb, DN);
+	msg->dn = dn;
+	ldb_msg_add_string(msg, "attribute", "the-value");
+
+	req = talloc_zero(ctx, struct ldb_request);
+	req->operation =  LDB_ADD;
+	req->op.add.message = msg;
+	reply = talloc_zero(ctx, struct ldb_reply);
+	reply->error = LDB_SUCCESS;
+
+	line = operation_human_readable(ctx, module, req, reply);
+	assert_non_null(line);
+
+	/*
+	 * We ignore the timestamp to make this test a little easier
+	 * to write.
+	 */
+	rs = 	"\\[Add\\] at \\["
+		"[^]]*"
+		"\\] status \\[Success\\] "
+		"remote host \\[ipv4:127.0.0.1:0\\] "
+		"SID \\[S-1-5-21-2470180966-3899876309-2637894779\\] "
+		"DN \\[dn=CN=USER,CN=Users,DC=SAMBA,DC=ORG\\] "
+		"attributes \\[attribute \\[the-value\\]\\]";
+
+	ret = regcomp(&regex, rs, 0);
+	assert_int_equal(0, ret);
+
+	ret = regexec(&regex, line, 0, NULL, 0);
+	assert_int_equal(0, ret);
+
+	regfree(&regex);
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * unit test of operation_json, that ensures that all the expected
+ * attributes and objects are in the json object.
+ * In this case the operation is being performed in a system session.
+ */
+static void test_as_system_operation_hr(void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_module  *module = NULL;
+	struct ldb_request *req = NULL;
+	struct ldb_reply *reply = NULL;
+	struct audit_private *audit_private = NULL;
+
+	struct tsocket_address *ts = NULL;
+
+	struct auth_session_info *sess = NULL;
+	struct auth_session_info *sys_sess = NULL;
+	struct security_token *token = NULL;
+	struct security_token *sys_token = NULL;
+	struct dom_sid sid;
+	const char *const SID = "S-1-5-21-2470180966-3899876309-2637894779";
+	const char * const SESSION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+	const char * const SYS_SESSION = "7130cb06-2062-6a1b-409e-3514c26b1999";
+	struct GUID session_id;
+	struct GUID sys_session_id;
+
+	struct GUID transaction_id;
+	const char *const TRANSACTION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+
+	struct ldb_dn *dn = NULL;
+	const char *const DN = "dn=CN=USER,CN=Users,DC=SAMBA,DC=ORG";
+
+	struct ldb_message *msg = NULL;
+
+	char *line = NULL;
+	const char *rs = NULL;
+	regex_t regex;
+
+	int ret;
+
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	ldb = ldb_init(ctx, NULL);
+
+	audit_private = talloc_zero(ctx, struct audit_private);
+	GUID_from_string(TRANSACTION, &transaction_id);
+	audit_private->transaction_guid = transaction_id;
+
+	module = talloc_zero(ctx, struct ldb_module);
+	module->ldb = ldb;
+	ldb_module_set_private(module, audit_private);
+
+	tsocket_address_inet_from_strings(ctx, "ip", "127.0.0.1", 0, &ts);
+	ldb_set_opaque(ldb, "remoteAddress", ts);
+
+	sess = talloc_zero(ctx, struct auth_session_info);
+	token = talloc_zero(ctx, struct security_token);
+	string_to_sid(&sid, SID);
+	token->num_sids = 1;
+	token->sids = &sid;
+	sess->security_token = token;
+	GUID_from_string(SESSION, &session_id);
+	sess->unique_session_token = session_id;
+	ldb_set_opaque(ldb, DSDB_NETWORK_SESSION_INFO, sess);
+
+	sys_sess = talloc_zero(ctx, struct auth_session_info);
+	sys_token = talloc_zero(ctx, struct security_token);
+	sys_token->num_sids = 1;
+	sys_token->sids = discard_const(&global_sid_System);
+	sys_sess->security_token = sys_token;
+	GUID_from_string(SYS_SESSION, &sys_session_id);
+	sess->unique_session_token = sys_session_id;
+	ldb_set_opaque(ldb, DSDB_SESSION_INFO, sys_sess);
+
+	msg = talloc_zero(ctx, struct ldb_message);
+	dn = ldb_dn_new(ctx, ldb, DN);
+	msg->dn = dn;
+	ldb_msg_add_string(msg, "attribute", "the-value");
+
+	req = talloc_zero(ctx, struct ldb_request);
+	req->operation =  LDB_ADD;
+	req->op.add.message = msg;
+	reply = talloc_zero(ctx, struct ldb_reply);
+	reply->error = LDB_SUCCESS;
+
+	line = operation_human_readable(ctx, module, req, reply);
+	assert_non_null(line);
+
+	/*
+	 * We ignore the timestamp to make this test a little easier
+	 * to write.
+	 */
+	rs = 	"\\[Add\\] at \\["
+		"[^]]*"
+		"\\] status \\[Success\\] "
+		"remote host \\[ipv4:127.0.0.1:0\\] "
+		"SID \\[S-1-5-21-2470180966-3899876309-2637894779\\] "
+		"DN \\[dn=CN=USER,CN=Users,DC=SAMBA,DC=ORG\\] "
+		"attributes \\[attribute \\[the-value\\]\\]";
+
+	ret = regcomp(&regex, rs, 0);
+	assert_int_equal(0, ret);
+
+	ret = regexec(&regex, line, 0, NULL, 0);
+	assert_int_equal(0, ret);
+
+	regfree(&regex);
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * minimal unit test of password_change_json, that ensures that all the expected
+ * attributes and objects are in the json object.
+ */
+static void test_password_change_hr_empty(void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_module  *module = NULL;
+	struct ldb_request *req = NULL;
+	struct ldb_reply *reply = NULL;
+	struct audit_private *audit_private = NULL;
+
+	char *line = NULL;
+	const char *rs = NULL;
+	regex_t regex;
+	int ret;
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	ldb = ldb_init(ctx, NULL);
+	audit_private = talloc_zero(ctx, struct audit_private);
+
+	module = talloc_zero(ctx, struct ldb_module);
+	module->ldb = ldb;
+	ldb_module_set_private(module, audit_private);
+
+	req = talloc_zero(ctx, struct ldb_request);
+	reply = talloc_zero(ctx, struct ldb_reply);
+	reply->error = LDB_SUCCESS;
+
+	line = password_change_human_readable(ctx, module, req, reply);
+	assert_non_null(line);
+
+	/*
+	 * We ignore the timestamp to make this test a little easier
+	 * to write.
+	 */
+	rs = 	"\\[Reset] at \\["
+		"[^[]*"
+		"\\] status \\[Success\\] remote host \\[Unknown\\]"
+		" SID \\[(NULL SID)\\] DN \\[(null)\\]";
+
+	ret = regcomp(&regex, rs, 0);
+	assert_int_equal(0, ret);
+
+	ret = regexec(&regex, line, 0, NULL, 0);
+	assert_int_equal(0, ret);
+
+	regfree(&regex);
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * minimal unit test of password_change_json, that ensures that all the expected
+ * attributes and objects are in the json object.
+ */
+static void test_password_change_hr(void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_module  *module = NULL;
+	struct ldb_request *req = NULL;
+	struct ldb_reply *reply = NULL;
+	struct audit_private *audit_private = NULL;
+
+	struct tsocket_address *ts = NULL;
+
+	struct auth_session_info *sess = NULL;
+	struct security_token *token = NULL;
+	struct dom_sid sid;
+	const char *const SID = "S-1-5-21-2470180966-3899876309-2637894779";
+	const char * const SESSION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+	struct GUID session_id;
+
+	struct GUID transaction_id;
+	const char *const TRANSACTION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+
+	struct ldb_dn *dn = NULL;
+	const char *const DN = "dn=CN=USER,CN=Users,DC=SAMBA,DC=ORG";
+
+	struct ldb_message *msg = NULL;
+
+	char *line = NULL;
+	const char *rs = NULL;
+	regex_t regex;
+	int ret;
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	ldb = ldb_init(ctx, NULL);
+
+	audit_private = talloc_zero(ctx, struct audit_private);
+	GUID_from_string(TRANSACTION, &transaction_id);
+	audit_private->transaction_guid = transaction_id;
+
+	module = talloc_zero(ctx, struct ldb_module);
+	module->ldb = ldb;
+	ldb_module_set_private(module, audit_private);
+
+	tsocket_address_inet_from_strings(ctx, "ip", "127.0.0.1", 0, &ts);
+	ldb_set_opaque(ldb, "remoteAddress", ts);
+
+	sess = talloc_zero(ctx, struct auth_session_info);
+	token = talloc_zero(ctx, struct security_token);
+	string_to_sid(&sid, SID);
+	token->num_sids = 1;
+	token->sids = &sid;
+	sess->security_token = token;
+	GUID_from_string(SESSION, &session_id);
+	sess->unique_session_token = session_id;
+	ldb_set_opaque(ldb, DSDB_SESSION_INFO, sess);
+
+	msg = talloc_zero(ctx, struct ldb_message);
+	dn = ldb_dn_new(ctx, ldb, DN);
+	msg->dn = dn;
+	ldb_msg_add_string(msg, "planTextPassword", "super-secret");
+
+	req = talloc_zero(ctx, struct ldb_request);
+	req->operation =  LDB_ADD;
+	req->op.add.message = msg;
+	reply = talloc_zero(ctx, struct ldb_reply);
+	reply->error = LDB_SUCCESS;
+
+	line = password_change_human_readable(ctx, module, req, reply);
+	assert_non_null(line);
+
+	/*
+	 * We ignore the timestamp to make this test a little easier
+	 * to write.
+	 */
+	rs = 	"\\[Reset\\] at \\["
+		"[^[]*"
+		"\\] status \\[Success\\] "
+		"remote host \\[ipv4:127.0.0.1:0\\] "
+		"SID \\[S-1-5-21-2470180966-3899876309-2637894779\\] "
+		"DN \\[dn=CN=USER,CN=Users,DC=SAMBA,DC=ORG\\]";
+
+	ret = regcomp(&regex, rs, 0);
+	assert_int_equal(0, ret);
+
+	ret = regexec(&regex, line, 0, NULL, 0);
+	assert_int_equal(0, ret);
+
+	regfree(&regex);
+	TALLOC_FREE(ctx);
+
+}
+
+/*
+ * minimal unit test of transaction_json, that ensures that all the expected
+ * attributes and objects are in the json object.
+ */
+static void test_transaction_hr(void **state)
+{
+
+	struct GUID guid;
+	const char * const GUID = "7130cb06-2062-6a1b-409e-3514c26b1773";
+
+	char *line = NULL;
+	const char *rs = NULL;
+	regex_t regex;
+	int ret;
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	GUID_from_string(GUID, &guid);
+
+	line = transaction_human_readable(ctx, "delete", 23);
+	assert_non_null(line);
+
+	/*
+	 * We ignore the timestamp to make this test a little easier
+	 * to write.
+	 */
+	rs = "\\[delete] at \\[[^[]*\\] duration \\[23\\]";
+
+	ret = regcomp(&regex, rs, 0);
+	assert_int_equal(0, ret);
+
+	ret = regexec(&regex, line, 0, NULL, 0);
+	assert_int_equal(0, ret);
+
+	regfree(&regex);
+	TALLOC_FREE(ctx);
+
+}
+
+/*
+ * minimal unit test of commit_failure_hr, that ensures
+ * that all the expected content is in the log entry.
+ */
+static void test_commit_failure_hr(void **state)
+{
+
+	struct GUID guid;
+	const char * const GUID = "7130cb06-2062-6a1b-409e-3514c26b1773";
+
+	char *line = NULL;
+	const char *rs = NULL;
+	regex_t regex;
+	int ret;
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	GUID_from_string(GUID, &guid);
+
+	line = commit_failure_human_readable(
+		ctx,
+		"commit",
+		789345,
+		LDB_ERR_OPERATIONS_ERROR,
+		"because");
+
+	assert_non_null(line);
+
+	/*
+	 * We ignore the timestamp to make this test a little easier
+	 * to write.
+	 */
+	rs = "\\[commit\\] at \\[[^[]*\\] duration \\[789345\\] "
+	     "status \\[1\\] reason \\[because\\]";
+
+	ret = regcomp(&regex, rs, 0);
+	assert_int_equal(0, ret);
+
+	ret = regexec(&regex, line, 0, NULL, 0);
+	assert_int_equal(0, ret);
+
+	regfree(&regex);
+	TALLOC_FREE(ctx);
+}
+
+static void test_add_transaction_id(void **state)
+{
+	struct ldb_module  *module = NULL;
+	struct ldb_request *req = NULL;
+	struct audit_private *audit_private = NULL;
+	struct GUID guid;
+	const char * const GUID = "7130cb06-2062-6a1b-409e-3514c26b1773";
+	struct ldb_control * control = NULL;
+	int status;
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	audit_private = talloc_zero(ctx, struct audit_private);
+	GUID_from_string(GUID, &guid);
+	audit_private->transaction_guid = guid;
+
+	module = talloc_zero(ctx, struct ldb_module);
+	ldb_module_set_private(module, audit_private);
+
+	req = talloc_zero(ctx, struct ldb_request);
+
+	status = add_transaction_id(module, req);
+	assert_int_equal(LDB_SUCCESS, status);
+
+	control = ldb_request_get_control(
+		req,
+		DSDB_CONTROL_TRANSACTION_IDENTIFIER_OID);
+	assert_non_null(control);
+	assert_memory_equal(
+		&audit_private->transaction_guid,
+		control->data,
+		sizeof(struct GUID));
+
+	TALLOC_FREE(ctx);
+}
+
+static void test_log_attributes(void **state)
+{
+	struct ldb_message *msg = NULL;
+
+	char *buf = NULL;
+	char *str = NULL;
+	char lv[MAX_LENGTH+2];
+	char ex[MAX_LENGTH+80];
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+
+	/*
+	 * Test an empty message
+	 * Should get empty attributes representation.
+	 */
+	buf = talloc_zero(ctx, char);
+	msg = talloc_zero(ctx, struct ldb_message);
+
+	str = log_attributes(ctx, buf, LDB_ADD, msg);
+	assert_string_equal("", str);
+
+	TALLOC_FREE(str);
+	TALLOC_FREE(msg);
+
+	/*
+	 * Test a message with a single secret attribute
+	 */
+	buf = talloc_zero(ctx, char);
+	msg = talloc_zero(ctx, struct ldb_message);
+	ldb_msg_add_string(msg, "clearTextPassword", "secret");
+
+	str = log_attributes(ctx, buf, LDB_ADD, msg);
+	assert_string_equal(
+		"clearTextPassword [REDACTED SECRET ATTRIBUTE]",
+		str);
+	TALLOC_FREE(str);
+	/*
+	 * Test as a modify message, should add an action
+	 * action will be unknown as there are no ACL's set
+	 */
+	buf = talloc_zero(ctx, char);
+	str = log_attributes(ctx, buf, LDB_MODIFY, msg);
+	assert_string_equal(
+		"unknown: clearTextPassword [REDACTED SECRET ATTRIBUTE]",
+		str);
+
+	TALLOC_FREE(str);
+	TALLOC_FREE(msg);
+
+	/*
+	 * Test a message with a single attribute, single valued attribute
+	 */
+	buf = talloc_zero(ctx, char);
+	msg = talloc_zero(ctx, struct ldb_message);
+	ldb_msg_add_string(msg, "attribute", "value");
+
+	str = log_attributes(ctx, buf, LDB_ADD, msg);
+	assert_string_equal(
+		"attribute [value]",
+		str);
+
+	TALLOC_FREE(str);
+	TALLOC_FREE(msg);
+
+	/*
+	 * Test a message with a single attribute, single valued attribute
+	 * And as a modify
+	 */
+	buf = talloc_zero(ctx, char);
+	msg = talloc_zero(ctx, struct ldb_message);
+	ldb_msg_add_string(msg, "attribute", "value");
+
+	str = log_attributes(ctx, buf, LDB_MODIFY, msg);
+	assert_string_equal(
+		"unknown: attribute [value]",
+		str);
+
+	TALLOC_FREE(str);
+	TALLOC_FREE(msg);
+
+	/*
+	 * Test a message with multiple attributes and a multi-valued attribute
+	 *
+	 */
+	buf = talloc_zero(ctx, char);
+	msg = talloc_zero(ctx, struct ldb_message);
+	ldb_msg_add_string(msg, "attribute01", "value01");
+	ldb_msg_add_string(msg, "attribute02", "value02");
+	ldb_msg_add_string(msg, "attribute02", "value03");
+
+	str = log_attributes(ctx, buf, LDB_MODIFY, msg);
+	assert_string_equal(
+		"unknown: attribute01 [value01] "
+		"unknown: attribute02 [value02] [value03]",
+		str);
+
+	TALLOC_FREE(str);
+	TALLOC_FREE(msg);
+
+	/*
+	 * Test a message with a single attribute, single valued attribute
+	 * with a non printable character. Should be base64 encoded
+	 */
+	buf = talloc_zero(ctx, char);
+	msg = talloc_zero(ctx, struct ldb_message);
+	ldb_msg_add_string(msg, "attribute", "value\n");
+
+	str = log_attributes(ctx, buf, LDB_ADD, msg);
+	assert_string_equal("attribute {dmFsdWUK}", str);
+
+	TALLOC_FREE(str);
+	TALLOC_FREE(msg);
+
+	/*
+	 * Test a message with a single valued attribute
+	 * with more than MAX_LENGTH characters, should be truncated with
+	 * trailing ...
+	 */
+	buf = talloc_zero(ctx, char);
+	msg = talloc_zero(ctx, struct ldb_message);
+	memset(lv, '\0', sizeof(lv));
+	memset(lv, 'x', MAX_LENGTH+1);
+	ldb_msg_add_string(msg, "attribute", lv);
+
+	str = log_attributes(ctx, buf, LDB_ADD, msg);
+	snprintf(ex, sizeof(ex), "attribute [%.*s...]", MAX_LENGTH, lv);
+	assert_string_equal(ex, str);
+
+	TALLOC_FREE(str);
+	TALLOC_FREE(msg);
+
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * minimal unit test of replicated_update_human_readable
+ */
+static void test_replicated_update_hr_empty(void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_module  *module = NULL;
+	struct ldb_request *req = NULL;
+	struct ldb_reply *reply = NULL;
+	struct audit_private *audit_private = NULL;
+	struct dsdb_extended_replicated_objects *ro = NULL;
+	struct repsFromTo1 *source_dsa = NULL;
+
+	const char* line = NULL;
+	const char *rs = NULL;
+	regex_t regex;
+	int ret;
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	ldb = ldb_init(ctx, NULL);
+	audit_private = talloc_zero(ctx, struct audit_private);
+
+	module = talloc_zero(ctx, struct ldb_module);
+	module->ldb = ldb;
+	ldb_module_set_private(module, audit_private);
+
+	source_dsa = talloc_zero(ctx, struct repsFromTo1);
+	ro = talloc_zero(ctx, struct dsdb_extended_replicated_objects);
+	ro->source_dsa = source_dsa;
+	req = talloc_zero(ctx, struct ldb_request);
+	req->op.extended.data = ro;
+	req->operation = LDB_EXTENDED;
+	reply = talloc_zero(ctx, struct ldb_reply);
+	reply->error = LDB_SUCCESS;
+
+	line = replicated_update_human_readable(ctx, module, req, reply);
+	assert_non_null(line);
+	/*
+	 * We ignore the timestamp to make this test a little easier
+	 * to write.
+	 */
+	rs = 	"at \\[[^[]*\\] "
+		"status \\[Success\\] "
+		"error \\[The operation completed successfully.\\] "
+		"partition \\[(null)\\] objects \\[0\\] links \\[0\\] "
+		"object \\[00000000-0000-0000-0000-000000000000\\] "
+		"invocation \\[00000000-0000-0000-0000-000000000000\\]";
+
+	ret = regcomp(&regex, rs, 0);
+	assert_int_equal(0, ret);
+
+	ret = regexec(&regex, line, 0, NULL, 0);
+	assert_int_equal(0, ret);
+
+	regfree(&regex);
+	TALLOC_FREE(ctx);
+
+}
+
+/*
+ * unit test of replicated_update_human_readable
+ */
+static void test_replicated_update_hr(void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_module  *module = NULL;
+	struct ldb_request *req = NULL;
+	struct ldb_reply *reply = NULL;
+	struct audit_private *audit_private = NULL;
+	struct dsdb_extended_replicated_objects *ro = NULL;
+	struct repsFromTo1 *source_dsa = NULL;
+
+	struct GUID transaction_id;
+	const char *const TRANSACTION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+
+	struct ldb_dn *dn = NULL;
+	const char *const DN = "dn=CN=USER,CN=Users,DC=SAMBA,DC=ORG";
+
+	struct GUID source_dsa_obj_guid;
+	const char *const SOURCE_DSA = "7130cb06-2062-6a1b-409e-3514c26b1793";
+
+	struct GUID invocation_id;
+	const char *const INVOCATION_ID =
+		"7130cb06-2062-6a1b-409e-3514c26b1893";
+
+	const char* line = NULL;
+	const char *rs = NULL;
+	regex_t regex;
+	int ret;
+
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	ldb = ldb_init(ctx, NULL);
+
+	audit_private = talloc_zero(ctx, struct audit_private);
+	GUID_from_string(TRANSACTION, &transaction_id);
+	audit_private->transaction_guid = transaction_id;
+
+	module = talloc_zero(ctx, struct ldb_module);
+	module->ldb = ldb;
+	ldb_module_set_private(module, audit_private);
+
+	dn = ldb_dn_new(ctx, ldb, DN);
+	GUID_from_string(SOURCE_DSA, &source_dsa_obj_guid);
+	GUID_from_string(INVOCATION_ID, &invocation_id);
+	source_dsa = talloc_zero(ctx, struct repsFromTo1);
+	source_dsa->source_dsa_obj_guid = source_dsa_obj_guid;
+	source_dsa->source_dsa_invocation_id = invocation_id;
+
+	ro = talloc_zero(ctx, struct dsdb_extended_replicated_objects);
+	ro->source_dsa = source_dsa;
+	ro->num_objects = 808;
+	ro->linked_attributes_count = 2910;
+	ro->partition_dn = dn;
+	ro->error = WERR_NOT_SUPPORTED;
+
+
+	req = talloc_zero(ctx, struct ldb_request);
+	req->op.extended.data = ro;
+	req->operation = LDB_EXTENDED;
+
+	reply = talloc_zero(ctx, struct ldb_reply);
+	reply->error = LDB_ERR_NO_SUCH_OBJECT;
+
+	line = replicated_update_human_readable(ctx, module, req, reply);
+	assert_non_null(line);
+
+	/*
+	 * We ignore the timestamp to make this test a little easier
+	 * to write.
+	 */
+	rs = 	"at \\[[^[]*\\] "
+		"status \\[No such object\\] "
+		"error \\[The request is not supported.\\] "
+		"partition \\[dn=CN=USER,CN=Users,DC=SAMBA,DC=ORG\\] "
+		"objects \\[808\\] links \\[2910\\] "
+		"object \\[7130cb06-2062-6a1b-409e-3514c26b1793\\] "
+		"invocation \\[7130cb06-2062-6a1b-409e-3514c26b1893\\]";
+
+	ret = regcomp(&regex, rs, 0);
+	assert_int_equal(0, ret);
+
+	ret = regexec(&regex, line, 0, NULL, 0);
+	assert_int_equal(0, ret);
+
+	regfree(&regex);
+	TALLOC_FREE(ctx);
+}
+
+int main(void) {
+	const struct CMUnitTest tests[] = {
+		cmocka_unit_test(test_has_password_changed),
+		cmocka_unit_test(test_get_password_action),
+		cmocka_unit_test(test_operation_json_empty),
+		cmocka_unit_test(test_operation_json),
+		cmocka_unit_test(test_as_system_operation_json),
+		cmocka_unit_test(test_password_change_json_empty),
+		cmocka_unit_test(test_password_change_json),
+		cmocka_unit_test(test_transaction_json),
+		cmocka_unit_test(test_commit_failure_json),
+		cmocka_unit_test(test_replicated_update_json_empty),
+		cmocka_unit_test(test_replicated_update_json),
+		cmocka_unit_test(test_add_transaction_id),
+		cmocka_unit_test(test_operation_hr_empty),
+		cmocka_unit_test(test_operation_hr),
+		cmocka_unit_test(test_as_system_operation_hr),
+		cmocka_unit_test(test_password_change_hr_empty),
+		cmocka_unit_test(test_password_change_hr),
+		cmocka_unit_test(test_transaction_hr),
+		cmocka_unit_test(test_commit_failure_hr),
+		cmocka_unit_test(test_log_attributes),
+		cmocka_unit_test(test_replicated_update_hr_empty),
+		cmocka_unit_test(test_replicated_update_hr),
+	};
+
+	cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
+	return cmocka_run_group_tests(tests, NULL, NULL);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/tests/test_audit_log_errors.c b/source4/dsdb/samdb/ldb_modules/tests/test_audit_log_errors.c
new file mode 100644
index 0000000..2931768
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/tests/test_audit_log_errors.c
@@ -0,0 +1,639 @@
+/*
+   Unit tests for the dsdb audit logging code code in audit_log.c
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2018
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ * These tests exercise the error handling code
+ */
+
+#include <stdarg.h>
+#include <stddef.h>
+#include <setjmp.h>
+#include <unistd.h>
+#include <cmocka.h>
+
+int ldb_audit_log_module_init(const char *version);
+#include "../audit_log.c"
+#include "lib/ldb/include/ldb_private.h"
+
+/*
+ * cmocka wrappers for json_new_object
+ */
+struct json_object __wrap_json_new_object(void);
+struct json_object __real_json_new_object(void);
+struct json_object __wrap_json_new_object(void)
+{
+
+	bool use_real = (bool)mock();
+	if (!use_real) {
+		return json_empty_object;
+	}
+	return __real_json_new_object();
+}
+
+/*
+ * cmocka wrappers for json_add_version
+ */
+int __wrap_json_add_version(struct json_object *object, int major, int minor);
+int __real_json_add_version(struct json_object *object, int major, int minor);
+int __wrap_json_add_version(struct json_object *object, int major, int minor)
+{
+
+	int ret = (int)mock();
+	if (ret) {
+		return ret;
+	}
+	return __real_json_add_version(object, major, minor);
+}
+
+/*
+ * cmocka wrappers for json_add_version
+ */
+int __wrap_json_add_timestamp(struct json_object *object);
+int __real_json_add_timestamp(struct json_object *object);
+int __wrap_json_add_timestamp(struct json_object *object)
+{
+
+	int ret = (int)mock();
+	if (ret) {
+		return ret;
+	}
+	return __real_json_add_timestamp(object);
+}
+/*
+ * unit test of operation_json, that ensures that all the expected
+ * attributes and objects are in the json object.
+ */
+static void test_operation_json(void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_module  *module = NULL;
+	struct ldb_request *req = NULL;
+	struct ldb_reply *reply = NULL;
+	struct audit_private *audit_private = NULL;
+
+	struct tsocket_address *ts = NULL;
+
+	struct auth_session_info *sess = NULL;
+	struct security_token *token = NULL;
+	struct dom_sid sid;
+	const char *const SID = "S-1-5-21-2470180966-3899876309-2637894779";
+	const char * const SESSION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+	struct GUID session_id;
+
+	struct GUID transaction_id;
+	const char *const TRANSACTION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+
+	struct ldb_dn *dn = NULL;
+	const char *const DN = "dn=CN=USER,CN=Users,DC=SAMBA,DC=ORG";
+
+	struct ldb_message *msg = NULL;
+
+	struct json_object json;
+
+
+	/*
+	 * Test setup
+	 */
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	ldb = ldb_init(ctx, NULL);
+
+	audit_private = talloc_zero(ctx, struct audit_private);
+	GUID_from_string(TRANSACTION, &transaction_id);
+	audit_private->transaction_guid = transaction_id;
+
+	module = talloc_zero(ctx, struct ldb_module);
+	module->ldb = ldb;
+	ldb_module_set_private(module, audit_private);
+
+	tsocket_address_inet_from_strings(ctx, "ip", "127.0.0.1", 0, &ts);
+	ldb_set_opaque(ldb, "remoteAddress", ts);
+
+	sess = talloc_zero(ctx, struct auth_session_info);
+	token = talloc_zero(ctx, struct security_token);
+	string_to_sid(&sid, SID);
+	token->num_sids = 1;
+	token->sids = &sid;
+	sess->security_token = token;
+	GUID_from_string(SESSION, &session_id);
+	sess->unique_session_token = session_id;
+	ldb_set_opaque(ldb, DSDB_SESSION_INFO, sess);
+
+	msg = talloc_zero(ctx, struct ldb_message);
+	dn = ldb_dn_new(ctx, ldb, DN);
+	msg->dn = dn;
+	ldb_msg_add_string(msg, "attribute", "the-value");
+
+	req = talloc_zero(ctx, struct ldb_request);
+	req->operation =  LDB_ADD;
+	req->op.add.message = msg;
+
+	reply = talloc_zero(ctx, struct ldb_reply);
+	reply->error = LDB_ERR_OPERATIONS_ERROR;
+
+	/*
+	 * Fail on the creation of the audit json object
+	 */
+
+	will_return(__wrap_json_new_object, false);
+
+	json = operation_json(module, req, reply);
+	assert_true(json_is_invalid(&json));
+
+	/*
+	 * Fail adding the version object .
+	 */
+
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_add_version, JSON_ERROR);
+
+	json = operation_json(module, req, reply);
+	assert_true(json_is_invalid(&json));
+
+	/*
+	 * Fail on creation of the wrapper.
+	 */
+
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_add_version, 0);
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_new_object, false);
+
+	json = operation_json(module, req, reply);
+	assert_true(json_is_invalid(&json));
+
+	/*
+	 * Fail adding the timestamp to the wrapper object.
+	 */
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_add_version, 0);
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_add_timestamp, JSON_ERROR);
+
+	json = operation_json(module, req, reply);
+	assert_true(json_is_invalid(&json));
+
+	/*
+	 * Now test the happy path
+	 */
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_add_version, 0);
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_add_timestamp, 0);
+
+	json = operation_json(module, req, reply);
+	assert_false(json_is_invalid(&json));
+	json_free(&json);
+
+	TALLOC_FREE(ctx);
+
+}
+
+/*
+ * minimal unit test of password_change_json, that ensures that all the expected
+ * attributes and objects are in the json object.
+ */
+static void test_password_change_json(void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_module  *module = NULL;
+	struct ldb_request *req = NULL;
+	struct ldb_reply *reply = NULL;
+	struct audit_private *audit_private = NULL;
+
+	struct tsocket_address *ts = NULL;
+
+	struct auth_session_info *sess = NULL;
+	struct security_token *token = NULL;
+	struct dom_sid sid;
+	const char *const SID = "S-1-5-21-2470180966-3899876309-2637894779";
+	const char * const SESSION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+	struct GUID session_id;
+
+	struct GUID transaction_id;
+	const char *const TRANSACTION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+
+	struct ldb_dn *dn = NULL;
+	const char *const DN = "dn=CN=USER,CN=Users,DC=SAMBA,DC=ORG";
+
+	struct ldb_message *msg = NULL;
+
+	struct json_object json;
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	ldb = ldb_init(ctx, NULL);
+
+	audit_private = talloc_zero(ctx, struct audit_private);
+	GUID_from_string(TRANSACTION, &transaction_id);
+	audit_private->transaction_guid = transaction_id;
+
+	module = talloc_zero(ctx, struct ldb_module);
+	module->ldb = ldb;
+	ldb_module_set_private(module, audit_private);
+
+	tsocket_address_inet_from_strings(ctx, "ip", "127.0.0.1", 0, &ts);
+	ldb_set_opaque(ldb, "remoteAddress", ts);
+
+	sess = talloc_zero(ctx, struct auth_session_info);
+	token = talloc_zero(ctx, struct security_token);
+	string_to_sid(&sid, SID);
+	token->num_sids = 1;
+	token->sids = &sid;
+	sess->security_token = token;
+	GUID_from_string(SESSION, &session_id);
+	sess->unique_session_token = session_id;
+	ldb_set_opaque(ldb, DSDB_SESSION_INFO, sess);
+
+	msg = talloc_zero(ctx, struct ldb_message);
+	dn = ldb_dn_new(ctx, ldb, DN);
+	msg->dn = dn;
+	ldb_msg_add_string(msg, "planTextPassword", "super-secret");
+
+	req = talloc_zero(ctx, struct ldb_request);
+	req->operation =  LDB_ADD;
+	req->op.add.message = msg;
+	reply = talloc_zero(ctx, struct ldb_reply);
+	reply->error = LDB_SUCCESS;
+
+
+	/*
+	 * Fail on the creation of the audit json object
+	 */
+
+	will_return(__wrap_json_new_object, false);
+	json = password_change_json(module, req, reply);
+
+	assert_true(json_is_invalid(&json));
+
+	/*
+	 * Fail adding the version object .
+	 */
+
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_add_version, JSON_ERROR);
+
+	json = password_change_json(module, req, reply);
+	assert_true(json_is_invalid(&json));
+
+	/*
+	 * Fail on creation of the wrapper.
+	 */
+
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_add_version, 0);
+	will_return(__wrap_json_new_object, false);
+
+	json = password_change_json(module, req, reply);
+	assert_true(json_is_invalid(&json));
+
+	/*
+	 * Fail on creation of the time stamp.
+	 */
+
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_add_version, 0);
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_add_timestamp, JSON_ERROR);
+
+	json = password_change_json(module, req, reply);
+	assert_true(json_is_invalid(&json));
+
+	/*
+	 * Now test the happy path
+	 */
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_add_version, 0);
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_add_timestamp, 0);
+
+	json = password_change_json(module, req, reply);
+	assert_false(json_is_invalid(&json));
+	json_free(&json);
+
+	TALLOC_FREE(ctx);
+}
+
+
+/*
+ * minimal unit test of transaction_json, that ensures that all the expected
+ * attributes and objects are in the json object.
+ */
+static void test_transaction_json(void **state)
+{
+
+	struct GUID guid;
+	const char * const GUID = "7130cb06-2062-6a1b-409e-3514c26b1773";
+
+	struct json_object json;
+
+	GUID_from_string(GUID, &guid);
+
+
+	/*
+	 * Fail on the creation of the audit json object
+	 */
+
+	will_return(__wrap_json_new_object, false);
+
+	json = transaction_json("delete", &guid, 10000099);
+	assert_true(json_is_invalid(&json));
+
+	/*
+	 * Fail adding the version object .
+	 */
+
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_add_version, JSON_ERROR);
+
+	json = transaction_json("delete", &guid, 10000099);
+	assert_true(json_is_invalid(&json));
+
+	/*
+	 * Fail on creation of the wrapper.
+	 */
+
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_add_version, 0);
+	will_return(__wrap_json_new_object, false);
+
+	json = transaction_json("delete", &guid, 10000099);
+	assert_true(json_is_invalid(&json));
+
+	/*
+	 * Fail on creation of the time stamp.
+	 */
+
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_add_version, 0);
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_add_timestamp, JSON_ERROR);
+
+	json = transaction_json("delete", &guid, 10000099);
+	assert_true(json_is_invalid(&json));
+
+	/*
+	 * Now test the happy path
+	 */
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_add_version, 0);
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_add_timestamp, 0);
+
+	json = transaction_json("delete", &guid, 10000099);
+	assert_false(json_is_invalid(&json));
+	json_free(&json);
+}
+
+/*
+ * minimal unit test of commit_failure_json, that ensures that all the
+ * expected attributes and objects are in the json object.
+ */
+static void test_commit_failure_json(void **state)
+{
+
+	struct GUID guid;
+	const char * const GUID = "7130cb06-2062-6a1b-409e-3514c26b1773";
+
+	struct json_object json;
+
+	GUID_from_string(GUID, &guid);
+
+
+	/*
+	 * Fail on the creation of the audit json object
+	 */
+
+	will_return(__wrap_json_new_object, false);
+
+	json = commit_failure_json(
+		"prepare",
+		987876,
+		LDB_ERR_OPERATIONS_ERROR,
+		"because",
+		&guid);
+	assert_true(json_is_invalid(&json));
+
+	/*
+	 * Fail adding the version object .
+	 */
+
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_add_version, JSON_ERROR);
+
+	json = commit_failure_json(
+		"prepare",
+		987876,
+		LDB_ERR_OPERATIONS_ERROR,
+		"because",
+		&guid);
+	assert_true(json_is_invalid(&json));
+
+	/*
+	 * Fail on creation of the wrapper.
+	 */
+
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_add_version, 0);
+	will_return(__wrap_json_new_object, false);
+
+	json = commit_failure_json(
+		"prepare",
+		987876,
+		LDB_ERR_OPERATIONS_ERROR,
+		"because",
+		&guid);
+	assert_true(json_is_invalid(&json));
+
+	/*
+	 * Fail on creation of the time stamp.
+	 */
+
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_add_version, 0);
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_add_timestamp, JSON_ERROR);
+
+	json = commit_failure_json(
+		"prepare",
+		987876,
+		LDB_ERR_OPERATIONS_ERROR,
+		"because",
+		&guid);
+	assert_true(json_is_invalid(&json));
+
+	/*
+	 * Now test the happy path
+	 */
+
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_add_version, 0);
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_add_timestamp, 0);
+
+	json = commit_failure_json(
+		"prepare",
+		987876,
+		LDB_ERR_OPERATIONS_ERROR,
+		"because",
+		&guid);
+	assert_false(json_is_invalid(&json));
+	json_free(&json);
+}
+
+/*
+ * unit test of replicated_update_json, that ensures that all the expected
+ * attributes and objects are in the json object.
+ */
+static void test_replicated_update_json(void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_module  *module = NULL;
+	struct ldb_request *req = NULL;
+	struct ldb_reply *reply = NULL;
+	struct audit_private *audit_private = NULL;
+	struct dsdb_extended_replicated_objects *ro = NULL;
+	struct repsFromTo1 *source_dsa = NULL;
+
+	struct GUID transaction_id;
+	const char *const TRANSACTION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+
+	struct ldb_dn *dn = NULL;
+	const char *const DN = "dn=CN=USER,CN=Users,DC=SAMBA,DC=ORG";
+
+	struct GUID source_dsa_obj_guid;
+	const char *const SOURCE_DSA = "7130cb06-2062-6a1b-409e-3514c26b1793";
+
+	struct GUID invocation_id;
+	const char *const INVOCATION_ID =
+		"7130cb06-2062-6a1b-409e-3514c26b1893";
+	struct json_object json;
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	ldb = ldb_init(ctx, NULL);
+
+	audit_private = talloc_zero(ctx, struct audit_private);
+	GUID_from_string(TRANSACTION, &transaction_id);
+	audit_private->transaction_guid = transaction_id;
+
+	module = talloc_zero(ctx, struct ldb_module);
+	module->ldb = ldb;
+	ldb_module_set_private(module, audit_private);
+
+	dn = ldb_dn_new(ctx, ldb, DN);
+	GUID_from_string(SOURCE_DSA, &source_dsa_obj_guid);
+	GUID_from_string(INVOCATION_ID, &invocation_id);
+	source_dsa = talloc_zero(ctx, struct repsFromTo1);
+	source_dsa->source_dsa_obj_guid = source_dsa_obj_guid;
+	source_dsa->source_dsa_invocation_id = invocation_id;
+
+	ro = talloc_zero(ctx, struct dsdb_extended_replicated_objects);
+	ro->source_dsa = source_dsa;
+	ro->num_objects = 808;
+	ro->linked_attributes_count = 2910;
+	ro->partition_dn = dn;
+	ro->error = WERR_NOT_SUPPORTED;
+
+
+	req = talloc_zero(ctx, struct ldb_request);
+	req->op.extended.data = ro;
+	req->operation = LDB_EXTENDED;
+
+	reply = talloc_zero(ctx, struct ldb_reply);
+	reply->error = LDB_ERR_NO_SUCH_OBJECT;
+
+
+	/*
+	 * Fail on the creation of the audit json object
+	 */
+
+	will_return(__wrap_json_new_object, false);
+
+	json = replicated_update_json(module, req, reply);
+	assert_true(json_is_invalid(&json));
+
+	/*
+	 * Fail adding the version object .
+	 */
+
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_add_version, JSON_ERROR);
+
+	json = replicated_update_json(module, req, reply);
+	assert_true(json_is_invalid(&json));
+
+	/*
+	 * Fail on creation of the wrapper.
+	 */
+
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_add_version, 0);
+	will_return(__wrap_json_new_object, false);
+
+	json = replicated_update_json(module, req, reply);
+	assert_true(json_is_invalid(&json));
+
+	/*
+	 * Fail on creation of the time stamp.
+	 */
+
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_add_version, 0);
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_add_timestamp, JSON_ERROR);
+
+	json = replicated_update_json(module, req, reply);
+	assert_true(json_is_invalid(&json));
+
+	/*
+	 * Now test the happy path.
+	 */
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_add_version, 0);
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_add_timestamp, 0);
+
+	json = replicated_update_json(module, req, reply);
+	assert_false(json_is_invalid(&json));
+	json_free(&json);
+
+	TALLOC_FREE(ctx);
+}
+
+int main(void) {
+	const struct CMUnitTest tests[] = {
+		cmocka_unit_test(test_operation_json),
+		cmocka_unit_test(test_password_change_json),
+		cmocka_unit_test(test_transaction_json),
+		cmocka_unit_test(test_commit_failure_json),
+		cmocka_unit_test(test_replicated_update_json),
+	};
+
+	cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
+	return cmocka_run_group_tests(tests, NULL, NULL);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/tests/test_audit_util.c b/source4/dsdb/samdb/ldb_modules/tests/test_audit_util.c
new file mode 100644
index 0000000..44f7b77
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/tests/test_audit_util.c
@@ -0,0 +1,1261 @@
+/*
+   Unit tests for the dsdb audit logging utility code code in audit_util.c
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2018
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <stdarg.h>
+#include <stddef.h>
+#include <setjmp.h>
+#include <unistd.h>
+#include <cmocka.h>
+
+#include "../audit_util.c"
+
+#include "lib/ldb/include/ldb_private.h"
+
+static void test_dsdb_audit_add_ldb_value(void **state)
+{
+	struct json_object object;
+	struct json_object array;
+	struct ldb_val val = data_blob_null;
+	struct json_t *el  = NULL;
+	struct json_t *atr = NULL;
+	char* base64 = NULL;
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+	/*
+	 * Test a non array object
+	 */
+	object = json_new_object();
+	assert_false(json_is_invalid(&object));
+	dsdb_audit_add_ldb_value(&object, val);
+	assert_true(json_is_invalid(&object));
+	json_free(&object);
+
+	array = json_new_array();
+	assert_false(json_is_invalid(&array));
+	/*
+	 * Test a data_blob_null, should encode as a JSON null value.
+	 */
+	val = data_blob_null;
+	dsdb_audit_add_ldb_value(&array, val);
+	el = json_array_get(array.root, 0);
+	assert_true(json_is_null(el));
+
+	/*
+	 * Test a +ve length but a null data ptr, should encode as a null.
+	 */
+	val = data_blob_null;
+	val.length = 1;
+	dsdb_audit_add_ldb_value(&array, val);
+	el = json_array_get(array.root, 1);
+	assert_true(json_is_null(el));
+
+	/*
+	 * Test a zero length but a non null data ptr, should encode as a null.
+	 */
+	val = data_blob_null;
+	val.data = discard_const("Data on the stack");
+	dsdb_audit_add_ldb_value(&array, val);
+	el = json_array_get(array.root, 2);
+	assert_true(json_is_null(el));
+
+	/*
+	 * Test a printable value.
+	 * value should not be encoded
+	 * truncated and base64 should be missing
+	 */
+	val = data_blob_string_const("A value of interest");
+	dsdb_audit_add_ldb_value(&array, val);
+	el = json_array_get(array.root, 3);
+	assert_true(json_is_object(el));
+	atr = json_object_get(el, "value");
+	assert_true(json_is_string(atr));
+	assert_string_equal("A value of interest", json_string_value(atr));
+	assert_null(json_object_get(el, "truncated"));
+	assert_null(json_object_get(el, "base64"));
+
+	/*
+	 * Test non printable value, should be base64 encoded.
+	 * truncated should be missing and base64 should be set.
+	 */
+	val = data_blob_string_const("A value of interest\n");
+	dsdb_audit_add_ldb_value(&array, val);
+	el = json_array_get(array.root, 4);
+	assert_true(json_is_object(el));
+	atr = json_object_get(el, "value");
+	assert_true(json_is_string(atr));
+	assert_string_equal(
+		"QSB2YWx1ZSBvZiBpbnRlcmVzdAo=",
+		json_string_value(atr));
+	atr = json_object_get(el, "base64");
+	assert_true(json_is_boolean(atr));
+	assert_true(json_boolean(atr));
+	assert_null(json_object_get(el, "truncated"));
+
+	/*
+	 * test a printable value exactly max bytes long
+	 * should not be truncated or encoded.
+	 */
+	val = data_blob_null;
+	val.length = MAX_LENGTH;
+	val.data = (unsigned char *)generate_random_str_list(
+		ctx,
+		MAX_LENGTH,
+		"abcdefghijklmnopqrstuvwzyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
+		"1234567890!@#$%^&*()");
+
+	dsdb_audit_add_ldb_value(&array, val);
+
+	el = json_array_get(array.root, 5);
+	assert_true(json_is_object(el));
+	atr = json_object_get(el, "value");
+	assert_true(json_is_string(atr));
+	assert_int_equal(MAX_LENGTH, strlen(json_string_value(atr)));
+	assert_memory_equal(val.data, json_string_value(atr), MAX_LENGTH);
+
+	assert_null(json_object_get(el, "base64"));
+	assert_null(json_object_get(el, "truncated"));
+
+
+	/*
+	 * test a printable value exactly max + 1 bytes long
+	 * should be truncated and not encoded.
+	 */
+	val = data_blob_null;
+	val.length = MAX_LENGTH + 1;
+	val.data = (unsigned char *)generate_random_str_list(
+		ctx,
+		MAX_LENGTH + 1,
+		"abcdefghijklmnopqrstuvwzyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
+		"1234567890!@#$%^&*()");
+
+	dsdb_audit_add_ldb_value(&array, val);
+
+	el = json_array_get(array.root, 6);
+	assert_true(json_is_object(el));
+	atr = json_object_get(el, "value");
+	assert_true(json_is_string(atr));
+	assert_int_equal(MAX_LENGTH, strlen(json_string_value(atr)));
+	assert_memory_equal(val.data, json_string_value(atr), MAX_LENGTH);
+
+	atr = json_object_get(el, "truncated");
+	assert_true(json_is_boolean(atr));
+	assert_true(json_boolean(atr));
+
+	assert_null(json_object_get(el, "base64"));
+
+	TALLOC_FREE(val.data);
+
+	/*
+	 * test a non-printable value exactly max bytes long
+	 * should not be truncated but should be encoded.
+	 */
+	val = data_blob_null;
+	val.length = MAX_LENGTH;
+	val.data = (unsigned char *)generate_random_str_list(
+		ctx,
+		MAX_LENGTH,
+		"abcdefghijklmnopqrstuvwzyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
+		"1234567890!@#$%^&*()");
+
+	val.data[0] = 0x03;
+	dsdb_audit_add_ldb_value(&array, val);
+	base64 = ldb_base64_encode(ctx, (char*) val.data, MAX_LENGTH);
+
+	el = json_array_get(array.root, 7);
+	assert_true(json_is_object(el));
+	atr = json_object_get(el, "value");
+	assert_true(json_is_string(atr));
+	assert_int_equal(strlen(base64), strlen(json_string_value(atr)));
+	assert_string_equal(base64, json_string_value(atr));
+
+	atr = json_object_get(el, "base64");
+	assert_true(json_is_boolean(atr));
+	assert_true(json_boolean(atr));
+
+	assert_null(json_object_get(el, "truncated"));
+	TALLOC_FREE(base64);
+	TALLOC_FREE(val.data);
+
+	/*
+	 * test a non-printable value exactly max + 1 bytes long
+	 * should be truncated and encoded.
+	 */
+	val = data_blob_null;
+	val.length = MAX_LENGTH + 1;
+	val.data = (unsigned char *)generate_random_str_list(
+		ctx,
+		MAX_LENGTH + 1,
+		"abcdefghijklmnopqrstuvwzyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
+		"1234567890!@#$%^&*()");
+
+	val.data[0] = 0x03;
+	dsdb_audit_add_ldb_value(&array, val);
+	/*
+	 * The data is truncated before it is base 64 encoded
+	 */
+	base64 = ldb_base64_encode(ctx, (char*) val.data, MAX_LENGTH);
+
+	el = json_array_get(array.root, 8);
+	assert_true(json_is_object(el));
+	atr = json_object_get(el, "value");
+	assert_true(json_is_string(atr));
+	assert_int_equal(strlen(base64), strlen(json_string_value(atr)));
+	assert_string_equal(base64, json_string_value(atr));
+
+	atr = json_object_get(el, "base64");
+	assert_true(json_is_boolean(atr));
+	assert_true(json_boolean(atr));
+
+	atr = json_object_get(el, "truncated");
+	assert_true(json_is_boolean(atr));
+	assert_true(json_boolean(atr));
+
+	TALLOC_FREE(base64);
+	TALLOC_FREE(val.data);
+
+	json_free(&array);
+	TALLOC_FREE(ctx);
+}
+
+static void test_dsdb_audit_attributes_json(void **state)
+{
+	struct ldb_message *msg = NULL;
+
+	struct json_object o;
+	json_t *a = NULL;
+	json_t *v = NULL;
+	json_t *x = NULL;
+	json_t *y = NULL;
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+
+	/*
+	 * Test an empty message
+	 * Should get an empty attributes object
+	 */
+	msg = talloc_zero(ctx, struct ldb_message);
+
+	o = dsdb_audit_attributes_json(LDB_ADD, msg);
+	assert_true(json_is_object(o.root));
+	assert_int_equal(0, json_object_size(o.root));
+	json_free(&o);
+
+	o = dsdb_audit_attributes_json(LDB_MODIFY, msg);
+	assert_true(json_is_object(o.root));
+	assert_int_equal(0, json_object_size(o.root));
+	json_free(&o);
+
+	/*
+	 * Test a message with a single secret attribute
+	 * should only have that object and it should have no value
+	 * attribute and redacted should be set.
+	 */
+	msg = talloc_zero(ctx, struct ldb_message);
+	ldb_msg_add_string(msg, "clearTextPassword", "secret");
+
+	o = dsdb_audit_attributes_json(LDB_ADD, msg);
+	assert_true(json_is_object(o.root));
+	assert_int_equal(1, json_object_size(o.root));
+
+	a = json_object_get(o.root, "clearTextPassword");
+	assert_int_equal(1, json_object_size(a));
+
+	v = json_object_get(a, "actions");
+	assert_true(json_is_array(v));
+	assert_int_equal(1, json_array_size(v));
+
+	a = json_array_get(v, 0);
+	v = json_object_get(a, "redacted");
+	assert_true(json_is_boolean(v));
+	assert_true(json_boolean(v));
+
+	json_free(&o);
+
+	/*
+	 * Test as a modify message, should add an action attribute
+	 */
+	o = dsdb_audit_attributes_json(LDB_MODIFY, msg);
+	assert_true(json_is_object(o.root));
+	assert_int_equal(1, json_object_size(o.root));
+
+	a = json_object_get(o.root, "clearTextPassword");
+	assert_true(json_is_object(a));
+	assert_int_equal(1, json_object_size(a));
+
+	v = json_object_get(a, "actions");
+	assert_true(json_is_array(v));
+	assert_int_equal(1, json_array_size(v));
+
+	a = json_array_get(v, 0);
+	v = json_object_get(a, "redacted");
+	assert_true(json_is_boolean(v));
+	assert_true(json_boolean(v));
+
+	v = json_object_get(a, "action");
+	assert_true(json_is_string(v));
+	assert_string_equal("unknown", json_string_value(v));
+
+	json_free(&o);
+	TALLOC_FREE(msg);
+
+	/*
+	 * Test a message with a single attribute, single valued attribute
+	 */
+	msg = talloc_zero(ctx, struct ldb_message);
+	ldb_msg_add_string(msg, "attribute", "value");
+
+	o = dsdb_audit_attributes_json(LDB_ADD, msg);
+	assert_true(json_is_object(o.root));
+	assert_int_equal(1, json_object_size(o.root));
+
+	a = json_object_get(o.root, "attribute");
+	assert_true(json_is_object(a));
+	assert_int_equal(1, json_object_size(a));
+
+	v = json_object_get(a, "actions");
+	assert_true(json_is_array(v));
+	assert_int_equal(1, json_array_size(v));
+
+	x = json_array_get(v, 0);
+	assert_int_equal(2, json_object_size(x));
+	y = json_object_get(x, "action");
+	assert_string_equal("add", json_string_value(y));
+
+	y = json_object_get(x, "values");
+	assert_true(json_is_array(y));
+	assert_int_equal(1, json_array_size(y));
+
+	x = json_array_get(y, 0);
+	assert_true(json_is_object(x));
+	assert_int_equal(1, json_object_size(x));
+	y = json_object_get(x, "value");
+	assert_string_equal("value", json_string_value(y));
+
+	json_free(&o);
+	TALLOC_FREE(msg);
+
+	/*
+	 * Test a message with a single attribute, single valued attribute
+	 * And as a modify
+	 */
+	msg = talloc_zero(ctx, struct ldb_message);
+	ldb_msg_add_string(msg, "attribute", "value");
+
+	o = dsdb_audit_attributes_json(LDB_MODIFY, msg);
+	assert_true(json_is_object(o.root));
+	assert_int_equal(1, json_object_size(o.root));
+
+	a = json_object_get(o.root, "attribute");
+	assert_true(json_is_object(a));
+	assert_int_equal(1, json_object_size(a));
+
+	v = json_object_get(a, "actions");
+	assert_true(json_is_array(v));
+	assert_int_equal(1, json_array_size(v));
+
+	x = json_array_get(v, 0);
+	assert_int_equal(2, json_object_size(x));
+	y = json_object_get(x, "action");
+	assert_string_equal("unknown", json_string_value(y));
+
+	y = json_object_get(x, "values");
+	assert_true(json_is_array(y));
+	assert_int_equal(1, json_array_size(y));
+
+	x = json_array_get(y, 0);
+	assert_true(json_is_object(x));
+	assert_int_equal(1, json_object_size(x));
+	y = json_object_get(x, "value");
+	assert_string_equal("value", json_string_value(y));
+
+	json_free(&o);
+	TALLOC_FREE(msg);
+
+	/*
+	 * Test a message with a multi-valued attribute
+	 */
+	msg = talloc_zero(ctx, struct ldb_message);
+	ldb_msg_add_string(msg, "attribute01", "value01");
+	ldb_msg_add_string(msg, "attribute02", "value02");
+	ldb_msg_add_string(msg, "attribute02", "value03");
+
+	o = dsdb_audit_attributes_json(LDB_ADD, msg);
+	assert_true(json_is_object(o.root));
+	assert_int_equal(2, json_object_size(o.root));
+
+	a = json_object_get(o.root, "attribute01");
+	assert_true(json_is_object(a));
+	assert_int_equal(1, json_object_size(a));
+
+	v = json_object_get(a, "actions");
+	assert_true(json_is_array(v));
+	assert_int_equal(1, json_array_size(v));
+
+	x = json_array_get(v, 0);
+	assert_int_equal(2, json_object_size(x));
+	y = json_object_get(x, "action");
+	assert_string_equal("add", json_string_value(y));
+
+	y = json_object_get(x, "values");
+	assert_true(json_is_array(y));
+	assert_int_equal(1, json_array_size(y));
+
+	x = json_array_get(y, 0);
+	assert_true(json_is_object(x));
+	assert_int_equal(1, json_object_size(x));
+	y = json_object_get(x, "value");
+	assert_string_equal("value01", json_string_value(y));
+
+	a = json_object_get(o.root, "attribute02");
+	assert_true(json_is_object(a));
+	assert_int_equal(1, json_object_size(a));
+
+	v = json_object_get(a, "actions");
+	assert_true(json_is_array(v));
+	assert_int_equal(1, json_array_size(v));
+
+	x = json_array_get(v, 0);
+	assert_int_equal(2, json_object_size(x));
+	y = json_object_get(x, "action");
+	assert_string_equal("add", json_string_value(y));
+
+	y = json_object_get(x, "values");
+	assert_true(json_is_array(y));
+	assert_int_equal(2, json_array_size(y));
+
+	x = json_array_get(y, 0);
+	assert_true(json_is_object(x));
+	assert_int_equal(1, json_object_size(x));
+	v = json_object_get(x, "value");
+	assert_string_equal("value02", json_string_value(v));
+
+	x = json_array_get(y, 1);
+	assert_true(json_is_object(x));
+	assert_int_equal(1, json_object_size(x));
+	v = json_object_get(x, "value");
+	assert_string_equal("value03", json_string_value(v));
+
+	json_free(&o);
+	TALLOC_FREE(msg);
+
+	TALLOC_FREE(ctx);
+}
+
+static void test_dsdb_audit_get_remote_address(void **state)
+{
+	struct ldb_context *ldb = NULL;
+	const struct tsocket_address *ts = NULL;
+	struct tsocket_address *in = NULL;
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	/*
+	 * Test a freshly initialized ldb
+	 * should return NULL
+	 */
+	ldb = ldb_init(ctx, NULL);
+	ts = dsdb_audit_get_remote_address(ldb);
+	assert_null(ts);
+
+	/*
+	 * opaque set to null, should return NULL
+	 */
+	ldb_set_opaque(ldb, "remoteAddress", NULL);
+	ts = dsdb_audit_get_remote_address(ldb);
+	assert_null(ts);
+
+	/*
+	 * Ensure that the value set is returned
+	 */
+	tsocket_address_inet_from_strings(ctx, "ip", "127.0.0.1", 0, &in);
+	ldb_set_opaque(ldb, "remoteAddress", in);
+	ts = dsdb_audit_get_remote_address(ldb);
+	assert_non_null(ts);
+	assert_ptr_equal(in, ts);
+
+	TALLOC_FREE(ldb);
+	TALLOC_FREE(ctx);
+
+}
+
+static void test_dsdb_audit_get_ldb_error_string(void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_module *module = NULL;
+	const char *s = NULL;
+	const char * const text = "Custom reason";
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	ldb = ldb_init(ctx, NULL);
+	module = talloc_zero(ctx, struct ldb_module);
+	module->ldb = ldb;
+
+	/*
+	 * No ldb error string set should get the default error description for
+	 * the status code
+	 */
+	s = dsdb_audit_get_ldb_error_string(module, LDB_ERR_OPERATIONS_ERROR);
+	assert_string_equal("Operations error", s);
+
+	/*
+	 * Set the error string that should now be returned instead of the
+	 * default description.
+	 */
+	ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR, text);
+	s = dsdb_audit_get_ldb_error_string(module, LDB_ERR_OPERATIONS_ERROR);
+	/*
+	 * Only test the start of the string as ldb_error adds location data.
+	 */
+	assert_int_equal(0, strncmp(text, s, strlen(text)));
+
+	TALLOC_FREE(ctx);
+}
+
+static void test_dsdb_audit_get_user_sid(void **state)
+{
+	struct ldb_context *ldb        = NULL;
+	struct ldb_module *module      = NULL;
+	const struct dom_sid *sid      = NULL;
+	struct auth_session_info *sess = NULL;
+	struct security_token *token   = NULL;
+	struct dom_sid sids[2];
+	const char * const SID0 = "S-1-5-21-2470180966-3899876309-2637894779";
+	const char * const SID1 = "S-1-5-21-4284042908-2889457889-3672286761";
+	struct dom_sid_buf sid_buf;
+
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	ldb = ldb_init(ctx, NULL);
+	module = talloc_zero(ctx, struct ldb_module);
+	module->ldb = ldb;
+
+	/*
+	 * Freshly initialised structures, will be no session data
+	 * so expect NULL
+	 */
+	sid = dsdb_audit_get_user_sid(module);
+	assert_null(sid);
+
+	/*
+	 * Now add a NULL session info
+	 */
+	ldb_set_opaque(ldb, DSDB_SESSION_INFO, sess);
+	sid = dsdb_audit_get_user_sid(module);
+	assert_null(sid);
+
+	/*
+	 * Now add a session info with no user sid
+	 */
+	sess = talloc_zero(ctx, struct auth_session_info);
+	ldb_set_opaque(ldb, DSDB_SESSION_INFO, sess);
+	sid = dsdb_audit_get_user_sid(module);
+	assert_null(sid);
+
+	/*
+	 * Now add an empty security token.
+	 */
+	token = talloc_zero(ctx, struct security_token);
+	sess->security_token = token;
+	sid = dsdb_audit_get_user_sid(module);
+	assert_null(sid);
+
+	/*
+	 * Add a single SID
+	 */
+	string_to_sid(&sids[0], SID0);
+	token->num_sids = 1;
+	token->sids = sids;
+	sid = dsdb_audit_get_user_sid(module);
+	assert_non_null(sid);
+	dom_sid_str_buf(sid, &sid_buf);
+	assert_string_equal(SID0, sid_buf.buf);
+
+	/*
+	 * Add a second SID, should still use the first SID
+	 */
+	string_to_sid(&sids[1], SID1);
+	token->num_sids = 2;
+	sid = dsdb_audit_get_user_sid(module);
+	assert_non_null(sid);
+	dom_sid_str_buf(sid, &sid_buf);
+	assert_string_equal(SID0, sid_buf.buf);
+
+
+	/*
+	 * Now test a null sid in the first position
+	 */
+	token->num_sids = 1;
+	token->sids = NULL;
+	sid = dsdb_audit_get_user_sid(module);
+	assert_null(sid);
+
+	TALLOC_FREE(ctx);
+}
+
+static void test_dsdb_audit_get_actual_sid(void **state)
+{
+	struct ldb_context *ldb        = NULL;
+	const struct dom_sid *sid      = NULL;
+	struct auth_session_info *sess = NULL;
+	struct security_token *token   = NULL;
+	struct dom_sid sids[2];
+	const char * const SID0 = "S-1-5-21-2470180966-3899876309-2637894779";
+	const char * const SID1 = "S-1-5-21-4284042908-2889457889-3672286761";
+	struct dom_sid_buf sid_buf;
+
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	ldb = ldb_init(ctx, NULL);
+
+	/*
+	 * Freshly initialised structures, will be no session data
+	 * so expect NULL
+	 */
+	sid = dsdb_audit_get_actual_sid(ldb);
+	assert_null(sid);
+
+	/*
+	 * Now add a NULL session info
+	 */
+	ldb_set_opaque(ldb, DSDB_NETWORK_SESSION_INFO, NULL);
+	sid = dsdb_audit_get_actual_sid(ldb);
+	assert_null(sid);
+
+	/*
+	 * Now add a session info with no user sid
+	 */
+	sess = talloc_zero(ctx, struct auth_session_info);
+	ldb_set_opaque(ldb, DSDB_NETWORK_SESSION_INFO, sess);
+	sid = dsdb_audit_get_actual_sid(ldb);
+	assert_null(sid);
+
+	/*
+	 * Now add an empty security token.
+	 */
+	token = talloc_zero(ctx, struct security_token);
+	sess->security_token = token;
+	sid = dsdb_audit_get_actual_sid(ldb);
+	assert_null(sid);
+
+	/*
+	 * Add a single SID
+	 */
+	string_to_sid(&sids[0], SID0);
+	token->num_sids = 1;
+	token->sids = sids;
+	sid = dsdb_audit_get_actual_sid(ldb);
+	assert_non_null(sid);
+	dom_sid_str_buf(sid, &sid_buf);
+	assert_string_equal(SID0, sid_buf.buf);
+
+	/*
+	 * Add a second SID, should still use the first SID
+	 */
+	string_to_sid(&sids[1], SID1);
+	token->num_sids = 2;
+	sid = dsdb_audit_get_actual_sid(ldb);
+	assert_non_null(sid);
+	dom_sid_str_buf(sid, &sid_buf);
+	assert_string_equal(SID0, sid_buf.buf);
+
+
+	/*
+	 * Now test a null sid in the first position
+	 */
+	token->num_sids = 1;
+	token->sids = NULL;
+	sid = dsdb_audit_get_actual_sid(ldb);
+	assert_null(sid);
+
+	TALLOC_FREE(ctx);
+}
+
+static void test_dsdb_audit_is_system_session(void **state)
+{
+	struct ldb_context *ldb        = NULL;
+	struct ldb_module *module      = NULL;
+	const struct dom_sid *sid      = NULL;
+	struct auth_session_info *sess = NULL;
+	struct security_token *token   = NULL;
+	struct dom_sid sids[2];
+	const char * const SID0 = "S-1-5-21-2470180966-3899876309-2637894779";
+	const char * const SID1 = "S-1-5-21-4284042908-2889457889-3672286761";
+
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	ldb = ldb_init(ctx, NULL);
+	module = talloc_zero(ctx, struct ldb_module);
+	module->ldb = ldb;
+
+	/*
+	 * Freshly initialised structures, will be no session data
+	 * so expect NULL
+	 */
+	assert_false(dsdb_audit_is_system_session(module));
+
+	/*
+	 * Now add a NULL session info
+	 */
+	ldb_set_opaque(ldb, DSDB_SESSION_INFO, NULL);
+	assert_false(dsdb_audit_is_system_session(module));
+
+	/*
+	 * Now add a session info with no user sid
+	 */
+	sess = talloc_zero(ctx, struct auth_session_info);
+	ldb_set_opaque(ldb, DSDB_SESSION_INFO, sess);
+	assert_false(dsdb_audit_is_system_session(module));
+
+	/*
+	 * Now add an empty security token.
+	 */
+	token = talloc_zero(ctx, struct security_token);
+	sess->security_token = token;
+	assert_false(dsdb_audit_is_system_session(module));
+
+	/*
+	 * Add a single SID, non system sid
+	 */
+	string_to_sid(&sids[0], SID0);
+	token->num_sids = 1;
+	token->sids = sids;
+	assert_false(dsdb_audit_is_system_session(module));
+
+	/*
+	 * Add the system SID to the second position,
+	 * this should be ignored.
+	 */
+	token->num_sids = 2;
+	sids[1] = global_sid_System;
+	assert_false(dsdb_audit_is_system_session(module));
+
+	/*
+	 * Add a single SID, system sid
+	 */
+	token->num_sids = 1;
+	sids[0] = global_sid_System;
+	token->sids = sids;
+	assert_true(dsdb_audit_is_system_session(module));
+
+	/*
+	 * Add a non system SID to position 2
+	 */
+	sids[0] = global_sid_System;
+	string_to_sid(&sids[1], SID1);
+	token->num_sids = 2;
+	token->sids = sids;
+	assert_true(dsdb_audit_is_system_session(module));
+
+	/*
+	 * Now test a null sid in the first position
+	 */
+	token->num_sids = 1;
+	token->sids = NULL;
+	sid = dsdb_audit_get_user_sid(module);
+	assert_null(sid);
+
+	TALLOC_FREE(ctx);
+}
+
+static void test_dsdb_audit_get_unique_session_token(void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_module *module = NULL;
+	struct auth_session_info *sess = NULL;
+	const struct GUID *guid;
+	const char * const GUID_S = "7130cb06-2062-6a1b-409e-3514c26b1773";
+	struct GUID in;
+	char *guid_str;
+	struct GUID_txt_buf guid_buff;
+
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	ldb = ldb_init(ctx, NULL);
+	module = talloc_zero(ctx, struct ldb_module);
+	module->ldb = ldb;
+
+	/*
+	 * Test a freshly initialized ldb
+	 * should return NULL
+	 */
+	guid = dsdb_audit_get_unique_session_token(module);
+	assert_null(guid);
+
+	/*
+	 * Now add a NULL session info
+	 */
+	ldb_set_opaque(ldb, DSDB_SESSION_INFO, NULL);
+	guid = dsdb_audit_get_unique_session_token(module);
+	assert_null(guid);
+
+	/*
+	 * Now add a session info with no session id
+	 * Note if the memory has not been zeroed correctly all bets are
+	 *      probably off.
+	 */
+	sess = talloc_zero(ctx, struct auth_session_info);
+	ldb_set_opaque(ldb, DSDB_SESSION_INFO, sess);
+	guid = dsdb_audit_get_unique_session_token(module);
+	/*
+	 * We will get a GUID, but it's contents will be undefined
+	 */
+	assert_non_null(guid);
+
+	/*
+	 * Now set the session id and confirm that we get it back.
+	 */
+	GUID_from_string(GUID_S, &in);
+	sess->unique_session_token = in;
+	guid = dsdb_audit_get_unique_session_token(module);
+	assert_non_null(guid);
+	guid_str = GUID_buf_string(guid, &guid_buff);
+	assert_string_equal(GUID_S, guid_str);
+
+	TALLOC_FREE(ctx);
+
+}
+
+static void test_dsdb_audit_get_actual_unique_session_token(void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct auth_session_info *sess = NULL;
+	const struct GUID *guid;
+	const char * const GUID_S = "7130cb06-2062-6a1b-409e-3514c26b1773";
+	struct GUID in;
+	char *guid_str;
+	struct GUID_txt_buf guid_buff;
+
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	ldb = ldb_init(ctx, NULL);
+
+	/*
+	 * Test a freshly initialized ldb
+	 * should return NULL
+	 */
+	guid = dsdb_audit_get_actual_unique_session_token(ldb);
+	assert_null(guid);
+
+	/*
+	 * Now add a NULL session info
+	 */
+	ldb_set_opaque(ldb, DSDB_NETWORK_SESSION_INFO, NULL);
+	guid = dsdb_audit_get_actual_unique_session_token(ldb);
+	assert_null(guid);
+
+	/*
+	 * Now add a session info with no session id
+	 * Note if the memory has not been zeroed correctly all bets are
+	 *      probably off.
+	 */
+	sess = talloc_zero(ctx, struct auth_session_info);
+	ldb_set_opaque(ldb, DSDB_NETWORK_SESSION_INFO, sess);
+	guid = dsdb_audit_get_actual_unique_session_token(ldb);
+	/*
+	 * We will get a GUID, but it's contents will be undefined
+	 */
+	assert_non_null(guid);
+
+	/*
+	 * Now set the session id and confirm that we get it back.
+	 */
+	GUID_from_string(GUID_S, &in);
+	sess->unique_session_token = in;
+	guid = dsdb_audit_get_actual_unique_session_token(ldb);
+	assert_non_null(guid);
+	guid_str = GUID_buf_string(guid, &guid_buff);
+	assert_string_equal(GUID_S, guid_str);
+
+	TALLOC_FREE(ctx);
+
+}
+
+static void test_dsdb_audit_get_remote_host(void **state)
+{
+	struct ldb_context *ldb = NULL;
+	char *rh = NULL;
+	struct tsocket_address *in = NULL;
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	ldb = ldb_init(ctx, NULL);
+
+	/*
+	 * Test a freshly initialized ldb
+	 * should return "Unknown"
+	 */
+	rh = dsdb_audit_get_remote_host(ldb, ctx);
+	assert_string_equal("Unknown", rh);
+	TALLOC_FREE(rh);
+
+	/*
+	 * opaque set to null, should return NULL
+	 */
+	ldb_set_opaque(ldb, "remoteAddress", NULL);
+	rh = dsdb_audit_get_remote_host(ldb, ctx);
+	assert_string_equal("Unknown", rh);
+	TALLOC_FREE(rh);
+
+	/*
+	 * Ensure that the value set is returned
+	 */
+	tsocket_address_inet_from_strings(ctx, "ip", "127.0.0.1", 42, &in);
+	ldb_set_opaque(ldb, "remoteAddress", in);
+	rh = dsdb_audit_get_remote_host(ldb, ctx);
+	assert_string_equal("ipv4:127.0.0.1:42", rh);
+	TALLOC_FREE(rh);
+
+	TALLOC_FREE(ctx);
+
+}
+
+static void test_dsdb_audit_get_primary_dn(void **state)
+{
+	struct ldb_request *req = NULL;
+	struct ldb_message *msg = NULL;
+	struct ldb_context *ldb = NULL;
+
+	struct ldb_dn *dn = NULL;
+
+	const char * const DN = "dn=CN=USER,CN=Users,DC=SAMBA,DC=ORG";
+	const char *s = NULL;
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	req = talloc_zero(ctx, struct ldb_request);
+	msg = talloc_zero(ctx, struct ldb_message);
+	ldb = ldb_init(ctx, NULL);
+	dn = ldb_dn_new(ctx, ldb, DN);
+
+	/*
+	 * Try an empty request.
+	 */
+	s = dsdb_audit_get_primary_dn(req);
+	assert_null(s);
+
+	/*
+	 * Now try an add with a null message.
+	 */
+	req->operation = LDB_ADD;
+	req->op.add.message = NULL;
+	s = dsdb_audit_get_primary_dn(req);
+	assert_null(s);
+
+	/*
+	 * Now try an mod with a null message.
+	 */
+	req->operation = LDB_MODIFY;
+	req->op.mod.message = NULL;
+	s = dsdb_audit_get_primary_dn(req);
+	assert_null(s);
+
+	/*
+	 * Now try an add with a missing dn
+	 */
+	req->operation = LDB_ADD;
+	req->op.add.message = msg;
+	s = dsdb_audit_get_primary_dn(req);
+	assert_null(s);
+
+	/*
+	 * Now try a mod with a messing dn
+	 */
+	req->operation = LDB_ADD;
+	req->op.mod.message = msg;
+	s = dsdb_audit_get_primary_dn(req);
+	assert_null(s);
+
+	/*
+	 * Add a dn to the message
+	 */
+	msg->dn = dn;
+
+	/*
+	 * Now try an add with a dn
+	 */
+	req->operation = LDB_ADD;
+	req->op.add.message = msg;
+	s = dsdb_audit_get_primary_dn(req);
+	assert_non_null(s);
+	assert_string_equal(DN, s);
+
+	/*
+	 * Now try a mod with a dn
+	 */
+	req->operation = LDB_MODIFY;
+	req->op.mod.message = msg;
+	s = dsdb_audit_get_primary_dn(req);
+	assert_non_null(s);
+	assert_string_equal(DN, s);
+
+	/*
+	 * Try a delete without a dn
+	 */
+	req->operation = LDB_DELETE;
+	req->op.del.dn = NULL;
+	s = dsdb_audit_get_primary_dn(req);
+	assert_null(s);
+
+	/*
+	 * Try a delete with a dn
+	 */
+	req->operation = LDB_DELETE;
+	req->op.del.dn = dn;
+	s = dsdb_audit_get_primary_dn(req);
+	assert_non_null(s);
+	assert_string_equal(DN, s);
+
+	/*
+	 * Try a rename without a dn
+	 */
+	req->operation = LDB_RENAME;
+	req->op.rename.olddn = NULL;
+	s = dsdb_audit_get_primary_dn(req);
+	assert_null(s);
+
+	/*
+	 * Try a rename with a dn
+	 */
+	req->operation = LDB_RENAME;
+	req->op.rename.olddn = dn;
+	s = dsdb_audit_get_primary_dn(req);
+	assert_non_null(s);
+	assert_string_equal(DN, s);
+
+	/*
+	 * Try an extended operation, i.e. one that does not have a DN
+	 * associated with it for logging purposes.
+	 */
+	req->operation = LDB_EXTENDED;
+	s = dsdb_audit_get_primary_dn(req);
+	assert_null(s);
+
+	TALLOC_FREE(ctx);
+}
+
+static void test_dsdb_audit_get_message(void **state)
+{
+	struct ldb_request *req = NULL;
+	struct ldb_message *msg = NULL;
+	const struct ldb_message *r = NULL;
+
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	req = talloc_zero(ctx, struct ldb_request);
+	msg = talloc_zero(ctx, struct ldb_message);
+
+	/*
+	 * Test an empty message
+	 */
+	r = dsdb_audit_get_message(req);
+	assert_null(r);
+
+	/*
+	 * Test an add message
+	 */
+	req->operation = LDB_ADD;
+	req->op.add.message = msg;
+	r = dsdb_audit_get_message(req);
+	assert_ptr_equal(msg, r);
+
+	/*
+	 * Test a modify message
+	 */
+	req->operation = LDB_MODIFY;
+	req->op.mod.message = msg;
+	r = dsdb_audit_get_message(req);
+	assert_ptr_equal(msg, r);
+
+	/*
+	 * Test a Delete message, i.e. trigger the default case
+	 */
+	req->operation = LDB_DELETE;
+	r = dsdb_audit_get_message(req);
+	assert_null(r);
+
+	TALLOC_FREE(ctx);
+}
+
+static void test_dsdb_audit_get_secondary_dn(void **state)
+{
+	struct ldb_request *req = NULL;
+	struct ldb_context *ldb = NULL;
+
+	struct ldb_dn *dn = NULL;
+
+	const char * const DN = "dn=CN=USER,CN=Users,DC=SAMBA,DC=ORG";
+	const char *s = NULL;
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	req = talloc_zero(ctx, struct ldb_request);
+	ldb = ldb_init(ctx, NULL);
+	dn = ldb_dn_new(ctx, ldb, DN);
+
+	/*
+	 * Try an empty request.
+	 */
+	s = dsdb_audit_get_secondary_dn(req);
+	assert_null(s);
+
+	/*
+	 * Try a rename without a dn
+	 */
+	req->operation = LDB_RENAME;
+	req->op.rename.newdn = NULL;
+	s = dsdb_audit_get_secondary_dn(req);
+	assert_null(s);
+
+	/*
+	 * Try a rename with a dn
+	 */
+	req->operation = LDB_RENAME;
+	req->op.rename.newdn = dn;
+	s = dsdb_audit_get_secondary_dn(req);
+	assert_non_null(s);
+	assert_string_equal(DN, s);
+
+	/*
+	 * Try an extended operation, i.e. one that does not have a DN
+	 * associated with it for logging purposes.
+	 */
+	req->operation = LDB_EXTENDED;
+	s = dsdb_audit_get_primary_dn(req);
+	assert_null(s);
+
+	TALLOC_FREE(ctx);
+}
+
+static void test_dsdb_audit_get_operation_name(void **state)
+{
+	struct ldb_request *req = NULL;
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	req = talloc_zero(ctx, struct ldb_request);
+
+	req->operation =  LDB_SEARCH;
+	assert_string_equal("Search", dsdb_audit_get_operation_name(req));
+
+	req->operation =  LDB_ADD;
+	assert_string_equal("Add", dsdb_audit_get_operation_name(req));
+
+	req->operation =  LDB_MODIFY;
+	assert_string_equal("Modify", dsdb_audit_get_operation_name(req));
+
+	req->operation =  LDB_DELETE;
+	assert_string_equal("Delete", dsdb_audit_get_operation_name(req));
+
+	req->operation =  LDB_RENAME;
+	assert_string_equal("Rename", dsdb_audit_get_operation_name(req));
+
+	req->operation =  LDB_EXTENDED;
+	assert_string_equal("Extended", dsdb_audit_get_operation_name(req));
+
+	req->operation =  LDB_REQ_REGISTER_CONTROL;
+	assert_string_equal(
+		"Register Control",
+		dsdb_audit_get_operation_name(req));
+
+	req->operation =  LDB_REQ_REGISTER_PARTITION;
+	assert_string_equal(
+		"Register Partition",
+		dsdb_audit_get_operation_name(req));
+
+	/*
+	 * Trigger the default case
+	 */
+	req->operation =  -1;
+	assert_string_equal("Unknown", dsdb_audit_get_operation_name(req));
+
+	TALLOC_FREE(ctx);
+}
+
+static void test_dsdb_audit_get_modification_action(void **state)
+{
+	assert_string_equal(
+		"add",
+		dsdb_audit_get_modification_action(LDB_FLAG_MOD_ADD));
+	assert_string_equal(
+		"delete",
+		dsdb_audit_get_modification_action(LDB_FLAG_MOD_DELETE));
+	assert_string_equal(
+		"replace",
+		dsdb_audit_get_modification_action(LDB_FLAG_MOD_REPLACE));
+	/*
+	 * Trigger the default case
+	 */
+	assert_string_equal(
+		"unknown",
+		dsdb_audit_get_modification_action(0));
+}
+
+static void test_dsdb_audit_is_password_attribute(void **state)
+{
+	assert_true(dsdb_audit_is_password_attribute("userPassword"));
+	assert_true(dsdb_audit_is_password_attribute("clearTextPassword"));
+	assert_true(dsdb_audit_is_password_attribute("unicodePwd"));
+	assert_true(dsdb_audit_is_password_attribute("dBCSPwd"));
+
+	assert_false(dsdb_audit_is_password_attribute("xserPassword"));
+}
+
+static void test_dsdb_audit_redact_attribute(void **state)
+{
+	assert_true(dsdb_audit_redact_attribute("userPassword"));
+
+	assert_true(dsdb_audit_redact_attribute("pekList"));
+	assert_true(dsdb_audit_redact_attribute("clearTextPassword"));
+	assert_true(dsdb_audit_redact_attribute("initialAuthIncoming"));
+
+	assert_false(dsdb_audit_redact_attribute("supaskrt"));
+}
+
+int main(void) {
+	const struct CMUnitTest tests[] = {
+		cmocka_unit_test(test_dsdb_audit_add_ldb_value),
+		cmocka_unit_test(test_dsdb_audit_attributes_json),
+		cmocka_unit_test(test_dsdb_audit_get_remote_address),
+		cmocka_unit_test(test_dsdb_audit_get_ldb_error_string),
+		cmocka_unit_test(test_dsdb_audit_get_user_sid),
+		cmocka_unit_test(test_dsdb_audit_get_actual_sid),
+		cmocka_unit_test(test_dsdb_audit_is_system_session),
+		cmocka_unit_test(test_dsdb_audit_get_unique_session_token),
+		cmocka_unit_test(test_dsdb_audit_get_actual_unique_session_token),
+		cmocka_unit_test(test_dsdb_audit_get_remote_host),
+		cmocka_unit_test(test_dsdb_audit_get_primary_dn),
+		cmocka_unit_test(test_dsdb_audit_get_message),
+		cmocka_unit_test(test_dsdb_audit_get_secondary_dn),
+		cmocka_unit_test(test_dsdb_audit_get_operation_name),
+		cmocka_unit_test(test_dsdb_audit_get_modification_action),
+		cmocka_unit_test(test_dsdb_audit_is_password_attribute),
+		cmocka_unit_test(test_dsdb_audit_redact_attribute),
+	};
+
+	cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
+	return cmocka_run_group_tests(tests, NULL, NULL);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/tests/test_encrypted_secrets.c b/source4/dsdb/samdb/ldb_modules/tests/test_encrypted_secrets.c
new file mode 100644
index 0000000..e639d4c
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/tests/test_encrypted_secrets.c
@@ -0,0 +1,973 @@
+/*
+   Unit tests for the encrypted secrets code in encrypted_secrets.c
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2017
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <stdarg.h>
+#include <stddef.h>
+#include <setjmp.h>
+#include <unistd.h>
+#include <cmocka.h>
+
+int ldb_encrypted_secrets_module_init(const char *version);
+#define TEST_ENCRYPTED_SECRETS
+#include "../encrypted_secrets.c"
+
+struct ldbtest_ctx {
+	struct tevent_context *ev;
+	struct ldb_context *ldb;
+	struct ldb_module *module;
+
+	const char *dbfile;
+	const char *lockfile;   /* lockfile is separate */
+	const char *keyfile;
+
+	const char *dbpath;
+};
+
+/* -------------------------------------------------------------------------- */
+/*
+ * Replace the dsdb helper routines used by the operational_init function
+ *
+ */
+int dsdb_module_search_dn(
+	struct ldb_module *module,
+	TALLOC_CTX *mem_ctx,
+	struct ldb_result **_res,
+	struct ldb_dn *basedn,
+	const char * const *attrs,
+	uint32_t dsdb_flags,
+	struct ldb_request *parent)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct ldb_message *msg = ldb_msg_new(ldb);
+	struct ldb_result  *res = talloc_zero(mem_ctx, struct ldb_result);
+
+	msg->dn = ldb_dn_new(msg, ldb, "@SAMBA_DSDB");
+	ldb_msg_add_string(
+		msg,
+		SAMBA_REQUIRED_FEATURES_ATTR,
+		SAMBA_ENCRYPTED_SECRETS_FEATURE);
+
+	res->msgs = talloc_array(mem_ctx, struct ldb_message*, 1);
+	res->msgs[0] = msg;
+	*_res = res;
+	return LDB_SUCCESS;
+}
+
+int dsdb_module_reference_dn(
+	struct ldb_module *module,
+	TALLOC_CTX *mem_ctx,
+	struct ldb_dn *base,
+	const char *attribute,
+	struct ldb_dn **dn,
+	struct ldb_request *parent)
+{
+	return LDB_SUCCESS;
+}
+/* -------------------------------------------------------------------------- */
+
+static void unlink_old_db(struct ldbtest_ctx *test_ctx)
+{
+	int ret;
+
+	errno = 0;
+	ret = unlink(test_ctx->lockfile);
+	if (ret == -1 && errno != ENOENT) {
+		fail();
+	}
+
+	errno = 0;
+	ret = unlink(test_ctx->dbfile);
+	if (ret == -1 && errno != ENOENT) {
+		fail();
+	}
+
+	errno = 0;
+	ret = unlink(test_ctx->keyfile);
+	if (ret == -1 && errno != ENOENT) {
+		fail();
+	}
+}
+
+static void write_key(void **state, DATA_BLOB key) {
+
+	struct ldbtest_ctx *test_ctx = talloc_get_type_abort(*state,
+							struct ldbtest_ctx);
+	FILE *fp = NULL;
+	int written = 0;
+
+	fp = fopen(test_ctx->keyfile, "wb");
+	assert_non_null(fp);
+
+	written = fwrite(key.data, 1, key.length, fp);
+	assert_int_equal(written, key.length);
+	fclose(fp);
+}
+
+static const struct ldb_module_ops eol_ops = {
+	.name              = "eol",
+	.search            = NULL,
+	.add		   = NULL,
+	.modify		   = NULL,
+	.del		   = NULL,
+	.rename		   = NULL,
+	.init_context	   = NULL
+};
+
+static int setup(void **state)
+{
+	struct ldbtest_ctx *test_ctx = NULL;
+	struct ldb_module *eol = NULL;
+	int rc;
+
+	test_ctx = talloc_zero(NULL, struct ldbtest_ctx);
+	assert_non_null(test_ctx);
+
+	test_ctx->ev = tevent_context_init(test_ctx);
+	assert_non_null(test_ctx->ev);
+
+	test_ctx->ldb = ldb_init(test_ctx, test_ctx->ev);
+	assert_non_null(test_ctx->ldb);
+
+
+
+        test_ctx->module = ldb_module_new(
+		test_ctx,
+		test_ctx->ldb,
+		"encrypted_secrets",
+		&ldb_encrypted_secrets_module_ops);
+	assert_non_null(test_ctx->module);
+	eol = ldb_module_new(test_ctx, test_ctx->ldb, "eol", &eol_ops);
+	assert_non_null(eol);
+	ldb_module_set_next(test_ctx->module, eol);
+
+	test_ctx->dbfile = talloc_strdup(test_ctx, "apitest.ldb");
+	assert_non_null(test_ctx->dbfile);
+
+	test_ctx->lockfile = talloc_asprintf(test_ctx, "%s-lock",
+					     test_ctx->dbfile);
+	assert_non_null(test_ctx->lockfile);
+
+	test_ctx->keyfile = talloc_strdup(test_ctx, SECRETS_KEY_FILE);
+	assert_non_null(test_ctx->keyfile);
+
+	test_ctx->dbpath = talloc_asprintf(test_ctx,
+			TEST_BE"://%s", test_ctx->dbfile);
+	assert_non_null(test_ctx->dbpath);
+
+	unlink_old_db(test_ctx);
+
+	rc = ldb_connect(test_ctx->ldb, test_ctx->dbpath, 0, NULL);
+	assert_int_equal(rc, 0);
+	*state = test_ctx;
+	return 0;
+}
+
+static int setup_with_key(void **state)
+{
+	struct ldbtest_ctx *test_ctx = NULL;
+	DATA_BLOB key = data_blob_null;
+	uint8_t key_data[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			      0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f};
+	int rc;
+
+	setup(state);
+	key.data   = key_data;
+	key.length = sizeof(key_data);
+
+	write_key(state, key);
+
+	test_ctx = talloc_get_type_abort(*state, struct ldbtest_ctx);
+	{
+		struct ldb_message *msg = ldb_msg_new(test_ctx->ldb);
+		msg->dn = ldb_dn_new(msg, test_ctx->ldb, "@SAMBA_DSDB");
+		ldb_msg_add_string(
+			msg,
+			SAMBA_REQUIRED_FEATURES_ATTR,
+			SAMBA_ENCRYPTED_SECRETS_FEATURE);
+		ldb_add(test_ctx->ldb, msg);
+	}
+
+	rc = es_init(test_ctx->module);
+	assert_int_equal(rc, LDB_SUCCESS);
+
+	return 0;
+}
+
+static int teardown(void **state)
+{
+	struct ldbtest_ctx *test_ctx = talloc_get_type_abort(*state,
+							struct ldbtest_ctx);
+
+	unlink_old_db(test_ctx);
+	talloc_free(test_ctx);
+	return 0;
+}
+/*
+ * No key file present.
+ *
+ * The key should be empty and encrypt_secrets should be false.
+ */
+static void test_no_key_file(void **state)
+{
+	struct ldbtest_ctx *test_ctx =
+		talloc_get_type_abort(*state, struct ldbtest_ctx);
+	struct es_data *data = NULL;
+
+	int rc;
+
+	rc = es_init(test_ctx->module);
+	assert_int_equal(rc, LDB_SUCCESS);
+
+	data = talloc_get_type(ldb_module_get_private(test_ctx->module),
+			       struct es_data);
+
+	assert_false(data->encrypt_secrets);
+	assert_int_equal(0, data->keys[0].length);
+
+}
+
+/*
+ * Key file present.
+ *
+ * The key should be loaded and encrypt secrets should be true;
+ */
+static void test_key_file(void **state)
+{
+	struct ldbtest_ctx *test_ctx =
+		talloc_get_type_abort(*state, struct ldbtest_ctx);
+	struct es_data *data = NULL;
+	int rc;
+	DATA_BLOB key = data_blob_null;
+	uint8_t key_data[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			      0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f};
+
+	key.data   = key_data;
+	key.length = sizeof(key_data);
+
+	write_key(state, key);
+
+
+	rc = es_init(test_ctx->module);
+	assert_int_equal(rc, LDB_SUCCESS);
+
+	data = talloc_get_type(ldb_module_get_private(test_ctx->module),
+			       struct es_data);
+
+	assert_true(data->encrypt_secrets);
+	assert_int_equal(16, data->keys[0].length);
+	assert_int_equal(0, data_blob_cmp(&key, &data->keys[0]));
+
+}
+
+/*
+ * Key file present, short key.
+ *
+ * The key should be not be loaded and an error returned.
+ */
+static void test_key_file_short_key(void **state)
+{
+	struct ldbtest_ctx *test_ctx =
+		talloc_get_type_abort(*state, struct ldbtest_ctx);
+	int rc;
+	DATA_BLOB key = data_blob_null;
+	uint8_t key_data[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			      0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e};
+
+	key.data   = key_data;
+	key.length = sizeof(key_data);
+
+	write_key(state, key);
+
+
+	rc = es_init(test_ctx->module);
+	assert_int_equal(rc, LDB_ERR_OPERATIONS_ERROR);
+}
+
+/*
+ * Key file present, long key.
+ *
+ * Only the first 16 bytes of the key should be loaded.
+ */
+static void test_key_file_long_key(void **state)
+{
+	struct ldbtest_ctx *test_ctx =
+		talloc_get_type_abort(*state, struct ldbtest_ctx);
+	struct es_data *data = NULL;
+	int rc;
+	DATA_BLOB key = data_blob_null;
+	uint8_t key_data[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			      0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0xf,
+	                      0x10};
+
+	key.data   = key_data;
+	key.length = sizeof(key_data);
+
+	write_key(state, key);
+
+	rc = es_init(test_ctx->module);
+	assert_int_equal(rc, LDB_SUCCESS);
+
+	data = talloc_get_type(ldb_module_get_private(test_ctx->module),
+			       struct es_data);
+
+	assert_true(data->encrypt_secrets);
+	assert_int_equal(16, data->keys[0].length);
+
+	/*
+	 * Should have only read the first 16 bytes of the written key
+	 */
+	key.length = 16;
+	assert_int_equal(0, data_blob_cmp(&key, &data->keys[0]));
+}
+
+/*
+ *  Test gnutls_encryption and decryption.
+ */
+static void test_gnutls_value_decryption(void **state)
+{
+	struct ldbtest_ctx *test_ctx =
+		talloc_get_type_abort(*state, struct ldbtest_ctx);
+	const struct ldb_val plain_text =
+		data_blob_string_const("A text value");
+	unsigned char iv_data[] = {
+		0xe7, 0xa3, 0x85, 0x17, 0x45, 0x73, 0xf4, 0x25,
+		0xa5, 0x56, 0xde, 0x4c,
+	};
+	unsigned char encrypted_data[] = {
+		0xac, 0x13, 0x86, 0x94, 0x3b, 0xed, 0xf2, 0x51,
+		0xec, 0x85, 0x4d, 0x00, 0x37, 0x81, 0x46, 0x15,
+		0x42, 0x13, 0xb1, 0x69, 0x49, 0x10, 0xe7, 0x9e,
+		0x15, 0xbd, 0x95, 0x75, 0x6b, 0x0c, 0xc0, 0xa4,
+	};
+	struct EncryptedSecret es = {
+		.iv = {
+			.data = iv_data,
+			.length = sizeof(iv_data),
+		},
+		.header = {
+			.magic = ENCRYPTED_SECRET_MAGIC_VALUE,
+			.version = SECRET_ATTRIBUTE_VERSION,
+			.algorithm = ENC_SECRET_AES_128_AEAD,
+		},
+		.encrypted = {
+			.data = encrypted_data,
+			.length = sizeof(encrypted_data),
+		}
+	};
+	unsigned char es_keys_blob[] = {
+		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+		0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+	};
+	struct es_data data = {
+		.encrypt_secrets = true,
+		.keys[0] = {
+			.data = es_keys_blob,
+			.length = sizeof(es_keys_blob),
+		},
+		.encryption_algorithm = GNUTLS_CIPHER_AES_128_GCM,
+	};
+	struct PlaintextSecret *decrypted =
+		talloc_zero(test_ctx, struct PlaintextSecret);
+	int err = LDB_SUCCESS;
+
+	gnutls_decrypt_aead(&err,
+			    test_ctx,
+			    test_ctx->ldb,
+			    &es,
+			    decrypted,
+			    &data);
+	assert_int_equal(LDB_SUCCESS, err);
+	assert_int_equal(plain_text.length, decrypted->cleartext.length);
+	assert_int_equal(0, data_blob_cmp(&decrypted->cleartext, &plain_text));
+}
+
+/*
+ *  Test gnutls_encryption and decryption.
+ */
+static void test_gnutls_value_encryption(void **state)
+{
+	struct ldbtest_ctx *test_ctx =
+		talloc_get_type_abort(*state, struct ldbtest_ctx);
+	struct ldb_val plain_text = data_blob_null;
+	struct ldb_val cipher_text = data_blob_null;
+	struct EncryptedSecret es;
+
+	struct es_data *data = talloc_get_type(
+		ldb_module_get_private(test_ctx->module),
+		struct es_data);
+	int err = LDB_SUCCESS;
+	int rc;
+
+	plain_text = data_blob_string_const("A text value");
+	cipher_text = gnutls_encrypt_aead(
+			&err,
+			test_ctx,
+			test_ctx->ldb,
+			plain_text,
+			data);
+	assert_int_equal(LDB_SUCCESS, err);
+
+	rc = ndr_pull_struct_blob(
+		&cipher_text,
+		test_ctx,
+		&es,
+		(ndr_pull_flags_fn_t) ndr_pull_EncryptedSecret);
+	assert_true(NDR_ERR_CODE_IS_SUCCESS(rc));
+	assert_true(check_header(&es));
+
+	{
+		struct PlaintextSecret *decrypted =
+			talloc_zero(test_ctx, struct PlaintextSecret);
+		gnutls_decrypt_aead(
+			&err,
+			test_ctx,
+			test_ctx->ldb,
+			&es,
+			decrypted,
+			data);
+		assert_int_equal(LDB_SUCCESS, err);
+		assert_int_equal(
+			plain_text.length,
+			decrypted->cleartext.length);
+		assert_int_equal(0,
+			data_blob_cmp(
+				&decrypted->cleartext,
+				&plain_text));
+	}
+}
+
+static void test_gnutls_altered_header(void **state)
+{
+	struct ldbtest_ctx *test_ctx =
+		talloc_get_type_abort(*state, struct ldbtest_ctx);
+	struct ldb_val plain_text = data_blob_null;
+	struct ldb_val cipher_text = data_blob_null;
+	struct EncryptedSecret es;
+
+	struct es_data *data = talloc_get_type(
+		ldb_module_get_private(test_ctx->module),
+		struct es_data);
+	int err = LDB_SUCCESS;
+	int rc;
+
+	plain_text = data_blob_string_const("A text value");
+	cipher_text = gnutls_encrypt_aead(
+			&err,
+			test_ctx,
+			test_ctx->ldb,
+			plain_text,
+			data);
+	assert_int_equal(LDB_SUCCESS, err);
+
+	rc = ndr_pull_struct_blob(
+		&cipher_text,
+		test_ctx,
+		&es,
+		(ndr_pull_flags_fn_t) ndr_pull_EncryptedSecret);
+	assert_true(NDR_ERR_CODE_IS_SUCCESS(rc));
+	assert_true(check_header(&es));
+
+	{
+		struct PlaintextSecret *decrypted =
+			talloc_zero(test_ctx, struct PlaintextSecret);
+		gnutls_decrypt_aead(
+			&err,
+			test_ctx,
+			test_ctx->ldb,
+			&es,
+			decrypted,
+			data);
+		assert_int_equal(LDB_SUCCESS, err);
+		assert_int_equal(
+			plain_text.length,
+			decrypted->cleartext.length);
+		assert_int_equal(0,
+			data_blob_cmp(
+				&decrypted->cleartext,
+				&plain_text));
+	}
+	es.header.flags = es.header.flags ^ 0xffffffff;
+	{
+		struct PlaintextSecret *decrypted =
+			talloc_zero(test_ctx, struct PlaintextSecret);
+		gnutls_decrypt_aead(
+			&err,
+			test_ctx,
+			test_ctx->ldb,
+			&es,
+			decrypted,
+			data);
+		assert_int_equal(LDB_ERR_OPERATIONS_ERROR, err);
+	}
+}
+
+static void test_gnutls_altered_data(void **state)
+{
+	struct ldbtest_ctx *test_ctx =
+		talloc_get_type_abort(*state, struct ldbtest_ctx);
+	struct ldb_val plain_text = data_blob_null;
+	struct ldb_val cipher_text = data_blob_null;
+	struct EncryptedSecret es;
+
+	struct es_data *data = talloc_get_type(
+		ldb_module_get_private(test_ctx->module),
+		struct es_data);
+	int err = LDB_SUCCESS;
+	int rc;
+
+	plain_text = data_blob_string_const("A text value");
+	cipher_text = gnutls_encrypt_aead(
+			&err,
+			test_ctx,
+			test_ctx->ldb,
+			plain_text,
+			data);
+	assert_int_equal(LDB_SUCCESS, err);
+
+	rc = ndr_pull_struct_blob(
+		&cipher_text,
+		test_ctx,
+		&es,
+		(ndr_pull_flags_fn_t) ndr_pull_EncryptedSecret);
+	assert_true(NDR_ERR_CODE_IS_SUCCESS(rc));
+	assert_true(check_header(&es));
+
+	{
+		struct PlaintextSecret *decrypted =
+			talloc_zero(test_ctx, struct PlaintextSecret);
+		gnutls_decrypt_aead(
+			&err,
+			test_ctx,
+			test_ctx->ldb,
+			&es,
+			decrypted,
+			data);
+		assert_int_equal(LDB_SUCCESS, err);
+		assert_int_equal(
+			plain_text.length,
+			decrypted->cleartext.length);
+		assert_int_equal(0,
+			data_blob_cmp(
+				&decrypted->cleartext,
+				&plain_text));
+	}
+	es.encrypted.data[0] = es.encrypted.data[0] ^ 0xff;
+	{
+		struct PlaintextSecret *decrypted =
+			talloc_zero(test_ctx, struct PlaintextSecret);
+		gnutls_decrypt_aead(
+			&err,
+			test_ctx,
+			test_ctx->ldb,
+			&es,
+			decrypted,
+			data);
+		assert_int_equal(LDB_ERR_OPERATIONS_ERROR, err);
+	}
+}
+
+static void test_gnutls_altered_iv(void **state)
+{
+	struct ldbtest_ctx *test_ctx =
+		talloc_get_type_abort(*state, struct ldbtest_ctx);
+	struct ldb_val plain_text = data_blob_null;
+	struct ldb_val cipher_text = data_blob_null;
+	struct EncryptedSecret es;
+
+	struct es_data *data = talloc_get_type(
+		ldb_module_get_private(test_ctx->module),
+		struct es_data);
+	int err = LDB_SUCCESS;
+	int rc;
+
+	plain_text = data_blob_string_const("A text value");
+	cipher_text = gnutls_encrypt_aead(
+			&err,
+			test_ctx,
+			test_ctx->ldb,
+			plain_text,
+			data);
+	assert_int_equal(LDB_SUCCESS, err);
+
+	rc = ndr_pull_struct_blob(
+		&cipher_text,
+		test_ctx,
+		&es,
+		(ndr_pull_flags_fn_t) ndr_pull_EncryptedSecret);
+	assert_true(NDR_ERR_CODE_IS_SUCCESS(rc));
+	assert_true(check_header(&es));
+
+	{
+		struct PlaintextSecret *decrypted =
+			talloc_zero(test_ctx, struct PlaintextSecret);
+		gnutls_decrypt_aead(
+			&err,
+			test_ctx,
+			test_ctx->ldb,
+			&es,
+			decrypted,
+			data);
+		assert_int_equal(LDB_SUCCESS, err);
+		assert_int_equal(
+			plain_text.length,
+			decrypted->cleartext.length);
+		assert_int_equal(0,
+			data_blob_cmp(
+				&decrypted->cleartext,
+				&plain_text));
+	}
+	es.iv.data[0] = es.iv.data[0] ^ 0xff;
+	{
+		struct PlaintextSecret *decrypted =
+			talloc_zero(test_ctx, struct PlaintextSecret);
+		gnutls_decrypt_aead(
+			&err,
+			test_ctx,
+			test_ctx->ldb,
+			&es,
+			decrypted,
+			data);
+		assert_int_equal(LDB_ERR_OPERATIONS_ERROR, err);
+	}
+}
+
+/*
+ *  Test samba encryption and decryption and decryption.
+ */
+
+/*
+ *  Test message encryption.
+ *  Test the secret attributes of a message are encrypted and decrypted.
+ *  Test that the non secret attributes are not encrypted.
+ *
+ */
+static void test_message_encryption_decryption(void **state)
+{
+	struct ldbtest_ctx *test_ctx =
+		talloc_get_type_abort(*state, struct ldbtest_ctx);
+	struct ldb_context *ldb = test_ctx->ldb;
+	const char * const secrets[] = {DSDB_SECRET_ATTRIBUTES};
+	const size_t num_secrets
+		= (sizeof(secrets)/sizeof(secrets[0]));
+	struct ldb_message *msg = ldb_msg_new(ldb);
+	const struct ldb_message *encrypted_msg = NULL;
+	struct es_data *data = talloc_get_type(
+		ldb_module_get_private(test_ctx->module),
+		struct es_data);
+	struct ldb_message_element *el = NULL;
+	int ret = LDB_SUCCESS;
+	size_t i;
+	unsigned int j;
+
+	msg->dn = ldb_dn_new(msg, ldb, "dc=test");
+	ldb_msg_add_string(msg, "cmocka_test_name01", "value01");
+	for (i=0; i < num_secrets; i++) {
+		ldb_msg_add_string(
+			msg,
+			secrets[i],
+			secrets[i]);
+	}
+	ldb_msg_add_string(msg, "cmocka_test_name02", "value02");
+
+	encrypted_msg = encrypt_secret_attributes(
+		&ret,
+		test_ctx,
+		test_ctx->ldb,
+		msg,
+		data);
+	assert_int_equal(LDB_SUCCESS, ret);
+
+	/*
+	 * Check that all the secret attributes have been encrypted
+	 *
+	 */
+	for (i=0; i < num_secrets; i++) {
+		el = ldb_msg_find_element(encrypted_msg, secrets[i]);
+		assert_non_null(el);
+		for (j = 0; j < el->num_values; j++) {
+			int rc = LDB_SUCCESS;
+			struct ldb_val dc = decrypt_value(
+				&rc,
+				test_ctx,
+				test_ctx->ldb,
+				el->values[j],
+				data);
+			assert_int_equal(LDB_SUCCESS, rc);
+			assert_memory_equal(
+				secrets[i],
+				dc.data,
+				dc.length);
+			TALLOC_FREE(dc.data);
+		}
+	}
+
+	/*
+	 * Check that the normal attributes have not been encrypted
+	 */
+	el = ldb_msg_find_element(encrypted_msg, "cmocka_test_name01");
+	assert_non_null(el);
+	assert_memory_equal(
+		"value01",
+		el->values[0].data,
+		el->values[0].length);
+
+	el = ldb_msg_find_element(encrypted_msg, "cmocka_test_name02");
+	assert_non_null(el);
+	assert_memory_equal(
+		"value02",
+		el->values[0].data,
+		el->values[0].length);
+
+	/*
+	 * Now decrypt the message
+	 */
+	ret = decrypt_secret_attributes(test_ctx->ldb,
+					discard_const(encrypted_msg),
+					data);
+	assert_int_equal(LDB_SUCCESS, ret);
+
+	/*
+	 * Check that all the secret attributes have been decrypted
+	 */
+	for (i=0; i < num_secrets; i++) {
+		el = ldb_msg_find_element(encrypted_msg, secrets[i]);
+		assert_non_null(el);
+		for (j = 0; j < el->num_values; j++) {
+			assert_memory_equal(
+				secrets[i],
+				el->values[j].data,
+				el->values[j].length);
+		}
+	}
+
+	/*
+	 * Check that the normal attributes are intact
+	 */
+	el = ldb_msg_find_element(msg, "cmocka_test_name01");
+	assert_non_null(el);
+	assert_memory_equal(
+		"value01",
+		el->values[0].data,
+		el->values[0].length);
+
+	el = ldb_msg_find_element(msg, "cmocka_test_name02");
+	assert_non_null(el);
+	assert_memory_equal(
+		"value02",
+		el->values[0].data,
+		el->values[0].length);
+
+}
+
+static void test_check_header(void **state)
+{
+	struct ldbtest_ctx *test_ctx =
+		talloc_get_type_abort(*state, struct ldbtest_ctx);
+
+	struct ldb_val enc = data_blob_null;
+	struct EncryptedSecret *es = NULL;
+	int rc;
+
+	/*
+	 * Valid EncryptedSecret
+	 */
+	es = makeEncryptedSecret(test_ctx->ldb, test_ctx);
+	rc = ndr_push_struct_blob(
+		&enc,
+		test_ctx,
+		es,
+		(ndr_push_flags_fn_t) ndr_push_EncryptedSecret);
+	assert_true(NDR_ERR_CODE_IS_SUCCESS(rc));
+	assert_true(check_header(es));
+	TALLOC_FREE(enc.data);
+	TALLOC_FREE(es);
+
+	/*
+	 * invalid magic value
+	 */
+	es = makeEncryptedSecret(test_ctx->ldb, test_ctx);
+	es->header.magic = 0xca5cadee;
+	rc = ndr_push_struct_blob(
+		&enc,
+		test_ctx,
+		es,
+		(ndr_push_flags_fn_t) ndr_push_EncryptedSecret);
+	assert_true(NDR_ERR_CODE_IS_SUCCESS(rc));
+	assert_false(check_header(es));
+	TALLOC_FREE(enc.data);
+	TALLOC_FREE(es);
+
+	/*
+	 * invalid version
+	 */
+	es = makeEncryptedSecret(test_ctx->ldb, test_ctx);
+	es->header.version = SECRET_ATTRIBUTE_VERSION + 1;
+	rc = ndr_push_struct_blob(
+		&enc,
+		test_ctx,
+		es,
+		(ndr_push_flags_fn_t) ndr_push_EncryptedSecret);
+	assert_true(NDR_ERR_CODE_IS_SUCCESS(rc));
+	assert_false(check_header(es));
+	TALLOC_FREE(enc.data);
+	TALLOC_FREE(es);
+
+	/*
+	 * invalid algorithm
+	 */
+	es = makeEncryptedSecret(test_ctx->ldb, test_ctx);
+	es->header.algorithm = SECRET_ENCRYPTION_ALGORITHM + 1;
+	rc = ndr_push_struct_blob(
+		&enc,
+		test_ctx,
+		es,
+		(ndr_push_flags_fn_t) ndr_push_EncryptedSecret);
+	assert_true(NDR_ERR_CODE_IS_SUCCESS(rc));
+	assert_false(check_header(es));
+	TALLOC_FREE(enc.data);
+	TALLOC_FREE(es);
+}
+
+/*
+ * Attempt to decrypt a message containing an unencrypted secret attribute
+ * this should fail
+ */
+static void test_unencrypted_secret(void **state)
+{
+	struct ldbtest_ctx *test_ctx =
+		talloc_get_type_abort(*state, struct ldbtest_ctx);
+	struct ldb_context *ldb = test_ctx->ldb;
+	struct ldb_message *msg = ldb_msg_new(ldb);
+	struct es_data *data = talloc_get_type(
+		ldb_module_get_private(test_ctx->module),
+		struct es_data);
+	int ret = LDB_SUCCESS;
+
+	msg->dn = ldb_dn_new(msg, ldb, "dc=test");
+	ldb_msg_add_string(msg, "unicodePwd", "value01");
+
+	ret = decrypt_secret_attributes(test_ctx->ldb, msg, data);
+	assert_int_equal(LDB_ERR_OPERATIONS_ERROR, ret);
+}
+
+/*
+ *  Test full decryption of a static value with static key
+ */
+static void test_record_decryption(void **state)
+{
+	struct ldbtest_ctx *test_ctx =
+		talloc_get_type_abort(*state, struct ldbtest_ctx);
+	unsigned char plain_data[] = {
+		0xe6, 0xa6, 0xb8, 0xff, 0xdf, 0x06, 0x6c, 0xe3,
+		0xea, 0xd0, 0x94, 0xbb, 0x79, 0xbd, 0x0a, 0x24
+	};
+	unsigned char encrypted_data[] = {
+		0x0c, 0x00, 0x00, 0x00, 0x33, 0x91, 0x74, 0x25,
+		0x26, 0xcc, 0x0b, 0x8c, 0x21, 0xc1, 0x13, 0xe2,
+		0xed, 0xad, 0x5c, 0xca, 0x01, 0x00, 0x00, 0x00,
+		0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		0x1a, 0xdc, 0xc9, 0x11, 0x08, 0xca, 0x2c, 0xfb,
+		0xc8, 0x32, 0x6b, 0x1b, 0x25, 0x7f, 0x52, 0xbb,
+		0xae, 0x9b, 0x88, 0x52, 0xb0, 0x18, 0x6d, 0x9d,
+		0x9b, 0xdd, 0xcd, 0x1b, 0x5f, 0x4a, 0x5c, 0x29,
+		0xca, 0x0b, 0x36, 0xaa
+	};
+	struct ldb_val cipher_text
+		= data_blob_const(encrypted_data,
+				  sizeof(encrypted_data));
+	unsigned char es_keys_blob[] = {
+		0x1d, 0xae, 0xf5, 0xaa, 0xa3, 0x85, 0x0d, 0x0a,
+		0x8c, 0x24, 0x5c, 0x4c, 0xa7, 0x0f, 0x81, 0x79
+	};
+	struct es_data data = {
+		.encrypt_secrets = true,
+		.keys[0] = {
+			.data = es_keys_blob,
+			.length = sizeof(es_keys_blob),
+		},
+		.encryption_algorithm = GNUTLS_CIPHER_AES_128_GCM,
+	};
+	int err = LDB_SUCCESS;
+	struct ldb_val dec = decrypt_value(&err, test_ctx, test_ctx->ldb, cipher_text,
+					   &data);
+	assert_int_equal(LDB_SUCCESS, err);
+	assert_int_equal(sizeof(plain_data), dec.length);
+	assert_memory_equal(dec.data, plain_data, sizeof(plain_data));
+}
+
+
+int main(void) {
+	const struct CMUnitTest tests[] = {
+		cmocka_unit_test_setup_teardown(
+			test_no_key_file,
+			setup,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_key_file,
+			setup,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_key_file_short_key,
+			setup,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_key_file_long_key,
+			setup,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_check_header,
+			setup,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_gnutls_value_decryption,
+			setup_with_key,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_gnutls_value_encryption,
+			setup_with_key,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_gnutls_altered_header,
+			setup_with_key,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_gnutls_altered_data,
+			setup_with_key,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_gnutls_altered_iv,
+			setup_with_key,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_message_encryption_decryption,
+			setup_with_key,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_unencrypted_secret,
+			setup_with_key,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_record_decryption,
+			setup_with_key,
+			teardown),
+	};
+
+	cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
+	return cmocka_run_group_tests(tests, NULL, NULL);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/tests/test_group_audit.c b/source4/dsdb/samdb/ldb_modules/tests/test_group_audit.c
new file mode 100644
index 0000000..f7075f3
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/tests/test_group_audit.c
@@ -0,0 +1,2022 @@
+/*
+   Unit tests for the dsdb group auditing code in group_audit.c
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2018
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <stdarg.h>
+#include <stddef.h>
+#include <setjmp.h>
+#include <unistd.h>
+#include <cmocka.h>
+
+int ldb_group_audit_log_module_init(const char *version);
+#include "../group_audit.c"
+
+#include "lib/ldb/include/ldb_private.h"
+#include <regex.h>
+
+/*
+ * Mock version of dsdb_search_one
+ */
+struct ldb_dn *g_basedn = NULL;
+enum ldb_scope g_scope;
+const char * const *g_attrs = NULL;
+uint32_t g_dsdb_flags;
+const char *g_exp_fmt;
+const char *g_dn = NULL;
+int g_status = LDB_SUCCESS;
+struct ldb_result *g_result = NULL;
+
+int dsdb_search_one(struct ldb_context *ldb,
+		    TALLOC_CTX *mem_ctx,
+		    struct ldb_message **msg,
+		    struct ldb_dn *basedn,
+		    enum ldb_scope scope,
+		    const char * const *attrs,
+		    uint32_t dsdb_flags,
+		    const char *exp_fmt, ...) _PRINTF_ATTRIBUTE(8, 9)
+{
+	struct ldb_dn *dn = ldb_dn_new(mem_ctx, ldb, g_dn);
+	struct ldb_message *m = talloc_zero(mem_ctx, struct ldb_message);
+	m->dn = dn;
+	*msg = m;
+
+	g_basedn = basedn;
+	g_scope = scope;
+	g_attrs = attrs;
+	g_dsdb_flags = dsdb_flags;
+	g_exp_fmt = exp_fmt;
+
+	return g_status;
+}
+
+int dsdb_module_search_dn(
+	struct ldb_module *module,
+	TALLOC_CTX *mem_ctx,
+	struct ldb_result **res,
+	struct ldb_dn *basedn,
+	const char * const *attrs,
+	uint32_t dsdb_flags,
+	struct ldb_request *parent)
+{
+
+	g_basedn = basedn;
+	g_attrs = attrs;
+	g_dsdb_flags = dsdb_flags;
+
+	*res = g_result;
+
+	return g_status;
+}
+/*
+ * Mock version of audit_log_json
+ */
+
+#define MAX_EXPECTED_MESSAGES 16
+static struct json_object messages[MAX_EXPECTED_MESSAGES];
+static size_t messages_sent = 0;
+
+void audit_message_send(
+	struct imessaging_context *msg_ctx,
+	const char *server_name,
+	uint32_t message_type,
+	struct json_object *message)
+{
+	messages[messages_sent].root = json_deep_copy(message->root);
+	messages[messages_sent].valid = message->valid;
+	messages_sent++;
+}
+
+#define check_group_change_message(m, u, a, e)                                 \
+	_check_group_change_message(m, u, a, e, __FILE__, __LINE__);
+/*
+ * declare the internal cmocka cm_print_error so that we can output messages
+ * in sub unit format
+ */
+void cm_print_error(const char * const format, ...);
+
+/*
+ * Validate a group change JSON audit message
+ *
+ * It should contain 3 elements.
+ * Have a type of "groupChange"
+ * Have a groupChange element
+ *
+ * The group change element should have 10 elements.
+ *
+ * There should be a user element matching the expected value
+ * There should be an action matching the expected value
+ */
+static void _check_group_change_message(const int message,
+					const char *user,
+					const char *action,
+					enum event_id_type event_id,
+					const char *file,
+					const int line)
+{
+	struct json_object json;
+	json_t *audit = NULL;
+	json_t *v = NULL;
+	const char* value;
+	int int_value;
+	int cmp;
+
+	json = messages[message];
+
+	/*
+	 * Validate the root JSON element
+	 * check the number of elements
+	 */
+	if (json_object_size(json.root) != 3) {
+		cm_print_error(
+		    "Unexpected number of elements in root %zu != %d\n",
+		    json_object_size(json.root),
+		    3);
+		_fail(file, line);
+	}
+
+	/*
+	 * Check the type element
+	 */
+	v = json_object_get(json.root, "type");
+	if (v == NULL) {
+		cm_print_error( "No \"type\" element\n");
+		_fail(file, line);
+	}
+
+	value = json_string_value(v);
+	cmp = strcmp("groupChange", value);
+	if (cmp != 0) {
+		cm_print_error(
+		    "Unexpected type \"%s\" != \"groupChange\"\n",
+		    value);
+		_fail(file, line);
+	}
+
+
+	audit = json_object_get(json.root, "groupChange");
+	if (audit == NULL) {
+		cm_print_error("No groupChange element\n");
+		_fail(file, line);
+	}
+
+	/*
+	 * Validate the groupChange element
+	 */
+	if ((event_id == EVT_ID_NONE && json_object_size(audit) != 10) ||
+	    (event_id != EVT_ID_NONE && json_object_size(audit) != 11)) {
+		cm_print_error("Unexpected number of elements in groupChange "
+			       "%zu != %d\n",
+			       json_object_size(audit),
+			       11);
+		_fail(file, line);
+	}
+	/*
+	 * Validate the user element
+	 */
+	v = json_object_get(audit, "user");
+	if (v == NULL) {
+		cm_print_error( "No user element\n");
+		_fail(file, line);
+	}
+
+	value = json_string_value(v);
+	cmp = strcmp(user, value);
+	if (cmp != 0) {
+		cm_print_error(
+		    "Unexpected user name \"%s\" != \"%s\"\n",
+		    value,
+		    user);
+		_fail(file, line);
+	}
+	/*
+	 * Validate the action element
+	 */
+	v = json_object_get(audit, "action");
+	if (v == NULL) {
+		cm_print_error( "No action element\n");
+		_fail(file, line);
+	}
+
+	value = json_string_value(v);
+	cmp = strcmp(action, value);
+	if (cmp != 0) {
+		print_error(
+		    "Unexpected action \"%s\" != \"%s\"\n",
+		    value,
+		    action);
+		_fail(file, line);
+	}
+
+	/*
+	 * Validate the eventId element
+	 */
+	v = json_object_get(audit, "eventId");
+	if (event_id == EVT_ID_NONE) {
+		if (v != NULL) {
+			int_value = json_integer_value(v);
+			cm_print_error("Unexpected eventId \"%d\", it should "
+				       "NOT be present",
+				       int_value);
+			_fail(file, line);
+		}
+	}
+	else {
+		if (v == NULL) {
+			cm_print_error("No eventId element\n");
+			_fail(file, line);
+		}
+
+		int_value = json_integer_value(v);
+		if (int_value != event_id) {
+			cm_print_error("Unexpected eventId \"%d\" != \"%d\"\n",
+				       int_value,
+				       event_id);
+			_fail(file, line);
+		}
+	}
+}
+
+#define check_timestamp(b, t)\
+	_check_timestamp(b, t, __FILE__, __LINE__);
+/*
+ * Test helper to check ISO 8601 timestamps for validity
+ */
+static void _check_timestamp(
+	time_t before,
+	const char *timestamp,
+	const char *file,
+	const int line)
+{
+	int rc;
+	int usec, tz;
+	char c[2];
+	struct tm tm;
+	time_t after;
+	time_t actual;
+	struct timeval tv;
+
+
+	rc = gettimeofday(&tv, NULL);
+	assert_return_code(rc, errno);
+	after = tv.tv_sec;
+
+	/*
+	 * Convert the ISO 8601 timestamp into a time_t
+	 * Note for convenience we ignore the value of the microsecond
+	 * part of the time stamp.
+	 */
+	rc = sscanf(
+		timestamp,
+		"%4d-%2d-%2dT%2d:%2d:%2d.%6d%1c%4d",
+		&tm.tm_year,
+		&tm.tm_mon,
+		&tm.tm_mday,
+		&tm.tm_hour,
+		&tm.tm_min,
+		&tm.tm_sec,
+		&usec,
+		c,
+		&tz);
+	assert_int_equal(9, rc);
+	tm.tm_year = tm.tm_year - 1900;
+	tm.tm_mon = tm.tm_mon - 1;
+	tm.tm_isdst = -1;
+	actual = mktime(&tm);
+
+	/*
+	 * The time stamp should be before <= actual <= after
+	 */
+	if (difftime(actual, before) < 0) {
+		char buffer[40];
+		strftime(buffer,
+			 sizeof(buffer)-1,
+			 "%Y-%m-%dT%T",
+			 localtime(&before));
+		cm_print_error(
+		    "time stamp \"%s\" is before start time \"%s\"\n",
+		    timestamp,
+		    buffer);
+		_fail(file, line);
+	}
+	if (difftime(after, actual) < 0) {
+		char buffer[40];
+		strftime(buffer,
+			 sizeof(buffer)-1,
+			 "%Y-%m-%dT%T",
+			 localtime(&after));
+		cm_print_error(
+		    "time stamp \"%s\" is after finish time \"%s\"\n",
+		    timestamp,
+		    buffer);
+		_fail(file, line);
+	}
+}
+
+#define check_version(v, m, n)\
+	_check_version(v, m, n, __FILE__, __LINE__);
+/*
+ * Test helper to validate a version object.
+ */
+static void _check_version(
+	struct json_t *version,
+	int major,
+	int minor,
+	const char* file,
+	const int line)
+{
+	struct json_t *v = NULL;
+	int value;
+
+	if (!json_is_object(version)) {
+		cm_print_error("version is not a JSON object\n");
+		_fail(file, line);
+	}
+
+	if (json_object_size(version) != 2) {
+		cm_print_error(
+		    "Unexpected number of elements in version %zu != %d\n",
+		    json_object_size(version),
+		    2);
+		_fail(file, line);
+	}
+
+	/*
+	 * Validate the major version number element
+	 */
+	v = json_object_get(version, "major");
+	if (v == NULL) {
+		cm_print_error( "No major element\n");
+		_fail(file, line);
+	}
+
+	value = json_integer_value(v);
+	if (value != major) {
+		print_error(
+		    "Unexpected major version number \"%d\" != \"%d\"\n",
+		    value,
+		    major);
+		_fail(file, line);
+	}
+
+	/*
+	 * Validate the minor version number element
+	 */
+	v = json_object_get(version, "minor");
+	if (v == NULL) {
+		cm_print_error( "No minor element\n");
+		_fail(file, line);
+	}
+
+	value = json_integer_value(v);
+	if (value != minor) {
+		print_error(
+		    "Unexpected minor version number \"%d\" != \"%d\"\n",
+		    value,
+		    minor);
+		_fail(file, line);
+	}
+}
+
+/*
+ * Test helper to insert a transaction_id into a request.
+ */
+static void add_transaction_id(struct ldb_request *req, const char *id)
+{
+	struct GUID guid;
+	struct dsdb_control_transaction_identifier *transaction_id = NULL;
+
+	transaction_id = talloc_zero(
+		req,
+		struct dsdb_control_transaction_identifier);
+	assert_non_null(transaction_id);
+	GUID_from_string(id, &guid);
+	transaction_id->transaction_guid = guid;
+	ldb_request_add_control(
+		req,
+		DSDB_CONTROL_TRANSACTION_IDENTIFIER_OID,
+		false,
+		transaction_id);
+}
+
+/*
+ * Test helper to add a session id and user SID
+ */
+static void add_session_data(
+	TALLOC_CTX *ctx,
+	struct ldb_context *ldb,
+	const char *session,
+	const char *user_sid)
+{
+	struct auth_session_info *sess = NULL;
+	struct security_token *token = NULL;
+	struct dom_sid *sid = NULL;
+	struct GUID session_id;
+	bool ok;
+
+	sess = talloc_zero(ctx, struct auth_session_info);
+	token = talloc_zero(ctx, struct security_token);
+	sid = talloc_zero(ctx, struct dom_sid);
+	ok = string_to_sid(sid, user_sid);
+	assert_true(ok);
+	token->sids = sid;
+	sess->security_token = token;
+	GUID_from_string(session, &session_id);
+	sess->unique_session_token = session_id;
+	ldb_set_opaque(ldb, DSDB_SESSION_INFO, sess);
+}
+
+static void test_get_transaction_id(void **state)
+{
+	struct ldb_request *req = NULL;
+	struct GUID *guid;
+	const char * const ID = "7130cb06-2062-6a1b-409e-3514c26b1773";
+	char *guid_str = NULL;
+	struct GUID_txt_buf guid_buff;
+
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+
+	/*
+	 * No transaction id, should return a zero guid
+	 */
+	req = talloc_zero(ctx, struct ldb_request);
+	guid = get_transaction_id(req);
+	assert_null(guid);
+	TALLOC_FREE(req);
+
+	/*
+	 * And now test with the transaction_id set
+	 */
+	req = talloc_zero(ctx, struct ldb_request);
+	assert_non_null(req);
+	add_transaction_id(req, ID);
+
+	guid = get_transaction_id(req);
+	guid_str = GUID_buf_string(guid, &guid_buff);
+	assert_string_equal(ID, guid_str);
+	TALLOC_FREE(req);
+
+	TALLOC_FREE(ctx);
+}
+
+static void test_audit_group_hr(void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_module  *module = NULL;
+	struct ldb_request *req = NULL;
+
+	struct tsocket_address *ts = NULL;
+
+	const char *const SID = "S-1-5-21-2470180966-3899876309-2637894779";
+	const char * const SESSION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+
+	struct GUID transaction_id;
+	const char *const TRANSACTION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+
+
+	char *line = NULL;
+	const char *rs = NULL;
+	regex_t regex;
+	int ret;
+
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	ldb = ldb_init(ctx, NULL);
+
+	GUID_from_string(TRANSACTION, &transaction_id);
+
+	module = talloc_zero(ctx, struct ldb_module);
+	module->ldb = ldb;
+
+	tsocket_address_inet_from_strings(ctx, "ip", "127.0.0.1", 0, &ts);
+	ldb_set_opaque(ldb, "remoteAddress", ts);
+
+	add_session_data(ctx, ldb, SESSION, SID);
+
+	req = talloc_zero(ctx, struct ldb_request);
+	req->operation =  LDB_ADD;
+	add_transaction_id(req, TRANSACTION);
+
+	line = audit_group_human_readable(
+		ctx,
+		module,
+		req,
+		"the-action",
+		"the-user-name",
+		"the-group-name",
+		LDB_ERR_OPERATIONS_ERROR);
+	assert_non_null(line);
+
+	rs = 	"\\[the-action\\] at \\["
+		"[^]]*"
+		"\\] status \\[Operations error\\] "
+		"Remote host \\[ipv4:127.0.0.1:0\\] "
+		"SID \\[S-1-5-21-2470180966-3899876309-2637894779\\] "
+		"Group \\[the-group-name\\] "
+		"User \\[the-user-name\\]";
+
+	ret = regcomp(&regex, rs, 0);
+	assert_int_equal(0, ret);
+
+	ret = regexec(&regex, line, 0, NULL, 0);
+	assert_int_equal(0, ret);
+
+	regfree(&regex);
+	TALLOC_FREE(ctx);
+
+}
+
+/*
+ * test get_parsed_dns
+ * For this test we assume Valgrind or Address Sanitizer will detect any over
+ * runs. Also we don't care that the values are DN's only that the value in the
+ * element is copied to the parsed_dns.
+ */
+static void test_get_parsed_dns(void **state)
+{
+	struct ldb_message_element *el = NULL;
+	struct parsed_dn *dns = NULL;
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	el = talloc_zero(ctx, struct ldb_message_element);
+
+	/*
+	 * empty element, zero dns
+	 */
+	dns = get_parsed_dns(ctx, el);
+	assert_null(dns);
+
+	/*
+	 * one entry
+	 */
+	el->num_values = 1;
+	el->values = talloc_zero_array(ctx, DATA_BLOB, 1);
+	el->values[0] = data_blob_string_const("The first value");
+
+	dns = get_parsed_dns(ctx, el);
+
+	assert_ptr_equal(el->values[0].data, dns[0].v->data);
+	assert_int_equal(el->values[0].length, dns[0].v->length);
+
+	TALLOC_FREE(dns);
+	TALLOC_FREE(el);
+
+
+	/*
+	 * Multiple values
+	 */
+	el = talloc_zero(ctx, struct ldb_message_element);
+	el->num_values = 2;
+	el->values = talloc_zero_array(ctx, DATA_BLOB, 2);
+	el->values[0] = data_blob_string_const("The first value");
+	el->values[0] = data_blob_string_const("The second value");
+
+	dns = get_parsed_dns(ctx, el);
+
+	assert_ptr_equal(el->values[0].data, dns[0].v->data);
+	assert_int_equal(el->values[0].length, dns[0].v->length);
+
+	assert_ptr_equal(el->values[1].data, dns[1].v->data);
+	assert_int_equal(el->values[1].length, dns[1].v->length);
+
+	TALLOC_FREE(ctx);
+}
+
+static void test_dn_compare(void **state)
+{
+
+	struct ldb_context *ldb = NULL;
+	struct parsed_dn *a;
+	DATA_BLOB ab;
+
+	struct parsed_dn *b;
+	DATA_BLOB bb;
+
+	int res;
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+	const struct GUID *ZERO_GUID = talloc_zero(ctx, struct GUID);
+
+	ldb = ldb_init(ctx, NULL);
+	ldb_register_samba_handlers(ldb);
+
+
+	/*
+	 * Identical binary DN's
+	 */
+	ab = data_blob_string_const(
+		"<GUID=fbee08fd-6f75-4bd4-af3f-e4f063a6379e>;"
+		"OU=Domain Controllers,DC=ad,DC=testing,DC=samba,DC=org");
+	a = talloc_zero(ctx, struct parsed_dn);
+	a->v = &ab;
+
+	bb = data_blob_string_const(
+		"<GUID=fbee08fd-6f75-4bd4-af3f-e4f063a6379e>;"
+		"OU=Domain Controllers,DC=ad,DC=testing,DC=samba,DC=org");
+	b = talloc_zero(ctx, struct parsed_dn);
+	b->v = &bb;
+
+	res = dn_compare(ctx, ldb, a, b);
+	assert_int_equal(BINARY_EQUAL, res);
+	/*
+	 * DN's should not have been parsed
+	 */
+	assert_null(a->dsdb_dn);
+	assert_memory_equal(ZERO_GUID, &a->guid, sizeof(struct GUID));
+	assert_null(b->dsdb_dn);
+	assert_memory_equal(ZERO_GUID, &b->guid, sizeof(struct GUID));
+
+	TALLOC_FREE(a);
+	TALLOC_FREE(b);
+
+	/*
+	 * differing binary DN's but equal GUID's
+	 */
+	ab = data_blob_string_const(
+		"<GUID=efdc91e5-5a5a-493e-9606-166ed0c2651e>;"
+		"OU=Domain Controllers,DC=ad,DC=testing,DC=samba,DC=com");
+	a = talloc_zero(ctx, struct parsed_dn);
+	a->v = &ab;
+
+	bb = data_blob_string_const(
+		"<GUID=efdc91e5-5a5a-493e-9606-166ed0c2651e>;"
+		"OU=Domain Controllers,DC=ad,DC=testing,DC=samba,DC=org");
+	b = talloc_zero(ctx, struct parsed_dn);
+	b->v = &bb;
+
+	res = dn_compare(ctx, ldb, a, b);
+	assert_int_equal(EQUAL, res);
+	/*
+	 * DN's should have been parsed
+	 */
+	assert_non_null(a->dsdb_dn);
+	assert_memory_not_equal(ZERO_GUID, &a->guid, sizeof(struct GUID));
+	assert_non_null(b->dsdb_dn);
+	assert_memory_not_equal(ZERO_GUID, &b->guid, sizeof(struct GUID));
+
+	TALLOC_FREE(a);
+	TALLOC_FREE(b);
+
+	/*
+	 * differing binary DN's but and second guid greater
+	 */
+	ab = data_blob_string_const(
+		"<GUID=efdc91e5-5a5a-493e-9606-166ed0c2651d>;"
+		"OU=Domain Controllers,DC=ad,DC=testing,DC=samba,DC=com");
+	a = talloc_zero(ctx, struct parsed_dn);
+	a->v = &ab;
+
+	bb = data_blob_string_const(
+		"<GUID=efdc91e5-5a5a-493e-9606-166ed0c2651e>;"
+		"OU=Domain Controllers,DC=ad,DC=testing,DC=samba,DC=org");
+	b = talloc_zero(ctx, struct parsed_dn);
+	b->v = &bb;
+
+	res = dn_compare(ctx, ldb, a, b);
+	assert_int_equal(LESS_THAN, res);
+	/*
+	 * DN's should have been parsed
+	 */
+	assert_non_null(a->dsdb_dn);
+	assert_memory_not_equal(ZERO_GUID, &a->guid, sizeof(struct GUID));
+	assert_non_null(b->dsdb_dn);
+	assert_memory_not_equal(ZERO_GUID, &b->guid, sizeof(struct GUID));
+
+	TALLOC_FREE(a);
+	TALLOC_FREE(b);
+
+	/*
+	 * differing binary DN's but and second guid less
+	 */
+	ab = data_blob_string_const(
+		"<GUID=efdc91e5-5a5a-493e-9606-166ed0c2651d>;"
+		"OU=Domain Controllers,DC=ad,DC=testing,DC=samba,DC=com");
+	a = talloc_zero(ctx, struct parsed_dn);
+	a->v = &ab;
+
+	bb = data_blob_string_const(
+		"<GUID=efdc91e5-5a5a-493e-9606-166ed0c2651c>;"
+		"OU=Domain Controllers,DC=ad,DC=testing,DC=samba,DC=org");
+	b = talloc_zero(ctx, struct parsed_dn);
+	b->v = &bb;
+
+	res = dn_compare(ctx, ldb, a, b);
+	assert_int_equal(GREATER_THAN, res);
+	/*
+	 * DN's should have been parsed
+	 */
+	assert_non_null(a->dsdb_dn);
+	assert_memory_not_equal(ZERO_GUID, &a->guid, sizeof(struct GUID));
+	assert_non_null(b->dsdb_dn);
+	assert_memory_not_equal(ZERO_GUID, &b->guid, sizeof(struct GUID));
+
+	TALLOC_FREE(a);
+	TALLOC_FREE(b);
+
+	TALLOC_FREE(ctx);
+}
+
+static void test_get_primary_group_dn(void **state)
+{
+
+	struct ldb_context *ldb = NULL;
+	struct ldb_module *module = NULL;
+	const uint32_t RID = 71;
+	struct dom_sid sid;
+	const char *SID = "S-1-5-21-2470180966-3899876309-2637894779";
+	const char *DN = "OU=Things,DC=ad,DC=testing,DC=samba,DC=org";
+	const char *dn;
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	ldb = ldb_init(ctx, NULL);
+	ldb_register_samba_handlers(ldb);
+
+	module = talloc_zero(ctx, struct ldb_module);
+	module->ldb = ldb;
+
+	/*
+	 * Pass an empty dom sid this will cause dom_sid_split_rid to fail;
+	 * assign to sid.num_auths to suppress a valgrind warning.
+	 */
+	sid.num_auths = 0;
+	dn = get_primary_group_dn(ctx, module, &sid, RID);
+	assert_null(dn);
+
+	/*
+	 * A valid dom sid
+	 */
+	assert_true(string_to_sid(&sid, SID));
+	g_dn = DN;
+	dn = get_primary_group_dn(ctx, module, &sid, RID);
+	assert_non_null(dn);
+	assert_string_equal(DN, dn);
+	assert_int_equal(LDB_SCOPE_BASE, g_scope);
+	assert_int_equal(0, g_dsdb_flags);
+	assert_null(g_attrs);
+	assert_null(g_exp_fmt);
+	assert_string_equal
+		("<SID=S-1-5-21-2470180966-3899876309-71>",
+		ldb_dn_get_extended_linearized(ctx, g_basedn, 1));
+
+	/*
+	 * Test dsdb search failure
+	 */
+	g_status = LDB_ERR_NO_SUCH_OBJECT;
+	dn = get_primary_group_dn(ctx, module, &sid, RID);
+	assert_null(dn);
+
+	TALLOC_FREE(ldb);
+	TALLOC_FREE(ctx);
+}
+
+static void test_audit_group_json(void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_module  *module = NULL;
+	struct ldb_request *req = NULL;
+
+	struct tsocket_address *ts = NULL;
+
+	const char *const SID = "S-1-5-21-2470180966-3899876309-2637894779";
+	const char * const SESSION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+
+	struct GUID transaction_id;
+	const char *const TRANSACTION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+
+	enum event_id_type event_id = EVT_ID_USER_ADDED_TO_GLOBAL_SEC_GROUP;
+
+	struct json_object json;
+	json_t *audit = NULL;
+	json_t *v = NULL;
+	json_t *o = NULL;
+	time_t before;
+	struct timeval tv;
+	int rc;
+
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	ldb = ldb_init(ctx, NULL);
+
+	GUID_from_string(TRANSACTION, &transaction_id);
+
+	module = talloc_zero(ctx, struct ldb_module);
+	module->ldb = ldb;
+
+	tsocket_address_inet_from_strings(ctx, "ip", "127.0.0.1", 0, &ts);
+	ldb_set_opaque(ldb, "remoteAddress", ts);
+
+	add_session_data(ctx, ldb, SESSION, SID);
+
+	req = talloc_zero(ctx, struct ldb_request);
+	req->operation =  LDB_ADD;
+	add_transaction_id(req, TRANSACTION);
+
+	rc = gettimeofday(&tv, NULL);
+	assert_return_code(rc, errno);
+	before = tv.tv_sec;
+	json = audit_group_json(module,
+				req,
+				"the-action",
+				"the-user-name",
+				"the-group-name",
+				event_id,
+				LDB_SUCCESS);
+	assert_int_equal(3, json_object_size(json.root));
+
+	v = json_object_get(json.root, "type");
+	assert_non_null(v);
+	assert_string_equal("groupChange", json_string_value(v));
+
+	v = json_object_get(json.root, "timestamp");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	check_timestamp(before, json_string_value(v));
+
+	audit = json_object_get(json.root, "groupChange");
+	assert_non_null(audit);
+	assert_true(json_is_object(audit));
+	assert_int_equal(11, json_object_size(audit));
+
+	o = json_object_get(audit, "version");
+	assert_non_null(o);
+	check_version(o, AUDIT_MAJOR, AUDIT_MINOR);
+
+	v = json_object_get(audit, "eventId");
+	assert_non_null(v);
+	assert_true(json_is_integer(v));
+	assert_int_equal(EVT_ID_USER_ADDED_TO_GLOBAL_SEC_GROUP,
+			 json_integer_value(v));
+
+	v = json_object_get(audit, "statusCode");
+	assert_non_null(v);
+	assert_true(json_is_integer(v));
+	assert_int_equal(LDB_SUCCESS, json_integer_value(v));
+
+	v = json_object_get(audit, "status");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal("Success", json_string_value(v));
+
+	v = json_object_get(audit, "user");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal("the-user-name", json_string_value(v));
+
+	v = json_object_get(audit, "group");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal("the-group-name", json_string_value(v));
+
+	v = json_object_get(audit, "action");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal("the-action", json_string_value(v));
+
+	json_free(&json);
+	TALLOC_FREE(ctx);
+}
+
+static void test_audit_group_json_error(void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_module  *module = NULL;
+	struct ldb_request *req = NULL;
+
+	struct tsocket_address *ts = NULL;
+
+	const char *const SID = "S-1-5-21-2470180966-3899876309-2637894779";
+	const char * const SESSION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+
+	struct GUID transaction_id;
+	const char *const TRANSACTION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+
+	enum event_id_type event_id = EVT_ID_USER_ADDED_TO_GLOBAL_SEC_GROUP;
+
+	struct json_object json;
+	json_t *audit = NULL;
+	json_t *v = NULL;
+	json_t *o = NULL;
+	time_t before;
+	struct timeval tv;
+	int rc;
+
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	ldb = ldb_init(ctx, NULL);
+
+	GUID_from_string(TRANSACTION, &transaction_id);
+
+	module = talloc_zero(ctx, struct ldb_module);
+	module->ldb = ldb;
+
+	tsocket_address_inet_from_strings(ctx, "ip", "127.0.0.1", 0, &ts);
+	ldb_set_opaque(ldb, "remoteAddress", ts);
+
+	add_session_data(ctx, ldb, SESSION, SID);
+
+	req = talloc_zero(ctx, struct ldb_request);
+	req->operation =  LDB_ADD;
+	add_transaction_id(req, TRANSACTION);
+
+	rc = gettimeofday(&tv, NULL);
+	assert_return_code(rc, errno);
+	before = tv.tv_sec;
+	json = audit_group_json(module,
+				req,
+				"the-action",
+				"the-user-name",
+				"the-group-name",
+				event_id,
+				LDB_ERR_OPERATIONS_ERROR);
+	assert_int_equal(3, json_object_size(json.root));
+
+	v = json_object_get(json.root, "type");
+	assert_non_null(v);
+	assert_string_equal("groupChange", json_string_value(v));
+
+	v = json_object_get(json.root, "timestamp");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	check_timestamp(before, json_string_value(v));
+
+	audit = json_object_get(json.root, "groupChange");
+	assert_non_null(audit);
+	assert_true(json_is_object(audit));
+	assert_int_equal(11, json_object_size(audit));
+
+	o = json_object_get(audit, "version");
+	assert_non_null(o);
+	check_version(o, AUDIT_MAJOR, AUDIT_MINOR);
+
+	v = json_object_get(audit, "eventId");
+	assert_non_null(v);
+	assert_true(json_is_integer(v));
+	assert_int_equal(
+		EVT_ID_USER_ADDED_TO_GLOBAL_SEC_GROUP,
+		json_integer_value(v));
+
+	v = json_object_get(audit, "statusCode");
+	assert_non_null(v);
+	assert_true(json_is_integer(v));
+	assert_int_equal(LDB_ERR_OPERATIONS_ERROR, json_integer_value(v));
+
+	v = json_object_get(audit, "status");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal("Operations error", json_string_value(v));
+
+	v = json_object_get(audit, "user");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal("the-user-name", json_string_value(v));
+
+	v = json_object_get(audit, "group");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal("the-group-name", json_string_value(v));
+
+	v = json_object_get(audit, "action");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal("the-action", json_string_value(v));
+
+	json_free(&json);
+	TALLOC_FREE(ctx);
+}
+
+static void test_audit_group_json_no_event(void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_module  *module = NULL;
+	struct ldb_request *req = NULL;
+
+	struct tsocket_address *ts = NULL;
+
+	const char *const SID = "S-1-5-21-2470180966-3899876309-2637894779";
+	const char * const SESSION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+
+	struct GUID transaction_id;
+	const char *const TRANSACTION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+
+	enum event_id_type event_id = EVT_ID_NONE;
+
+	struct json_object json;
+	json_t *audit = NULL;
+	json_t *v = NULL;
+	json_t *o = NULL;
+	time_t before;
+	struct timeval tv;
+	int rc;
+
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	ldb = ldb_init(ctx, NULL);
+
+	GUID_from_string(TRANSACTION, &transaction_id);
+
+	module = talloc_zero(ctx, struct ldb_module);
+	module->ldb = ldb;
+
+	tsocket_address_inet_from_strings(ctx, "ip", "127.0.0.1", 0, &ts);
+	ldb_set_opaque(ldb, "remoteAddress", ts);
+
+	add_session_data(ctx, ldb, SESSION, SID);
+
+	req = talloc_zero(ctx, struct ldb_request);
+	req->operation =  LDB_ADD;
+	add_transaction_id(req, TRANSACTION);
+
+	rc = gettimeofday(&tv, NULL);
+	assert_return_code(rc, errno);
+	before = tv.tv_sec;
+	json = audit_group_json(module,
+				req,
+				"the-action",
+				"the-user-name",
+				"the-group-name",
+				event_id,
+				LDB_SUCCESS);
+	assert_int_equal(3, json_object_size(json.root));
+
+	v = json_object_get(json.root, "type");
+	assert_non_null(v);
+	assert_string_equal("groupChange", json_string_value(v));
+
+	v = json_object_get(json.root, "timestamp");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	check_timestamp(before, json_string_value(v));
+
+	audit = json_object_get(json.root, "groupChange");
+	assert_non_null(audit);
+	assert_true(json_is_object(audit));
+	assert_int_equal(10, json_object_size(audit));
+
+	o = json_object_get(audit, "version");
+	assert_non_null(o);
+	check_version(o, AUDIT_MAJOR, AUDIT_MINOR);
+
+	v = json_object_get(audit, "eventId");
+	assert_null(v);
+
+	v = json_object_get(audit, "statusCode");
+	assert_non_null(v);
+	assert_true(json_is_integer(v));
+	assert_int_equal(LDB_SUCCESS, json_integer_value(v));
+
+	v = json_object_get(audit, "status");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal("Success", json_string_value(v));
+
+	v = json_object_get(audit, "user");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal("the-user-name", json_string_value(v));
+
+	v = json_object_get(audit, "group");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal("the-group-name", json_string_value(v));
+
+	v = json_object_get(audit, "action");
+	assert_non_null(v);
+	assert_true(json_is_string(v));
+	assert_string_equal("the-action", json_string_value(v));
+
+	json_free(&json);
+	TALLOC_FREE(ctx);
+}
+static void setup_ldb(
+	TALLOC_CTX *ctx,
+	struct ldb_context **ldb,
+	struct ldb_module **module,
+	const char *ip,
+	const char *session,
+	const char *sid)
+{
+	struct tsocket_address *ts = NULL;
+	struct audit_context *context = NULL;
+
+	*ldb = ldb_init(ctx, NULL);
+	ldb_register_samba_handlers(*ldb);
+
+
+	*module = talloc_zero(ctx, struct ldb_module);
+	(*module)->ldb = *ldb;
+
+	context = talloc_zero(*module, struct audit_context);
+	context->send_events = true;
+	context->msg_ctx = (struct imessaging_context *) 0x01;
+
+	ldb_module_set_private(*module, context);
+
+	tsocket_address_inet_from_strings(ctx, "ip", "127.0.0.1", 0, &ts);
+	ldb_set_opaque(*ldb, "remoteAddress", ts);
+
+	add_session_data(ctx, *ldb, session, sid);
+}
+
+/*
+ * Test the removal of a user from a group.
+ *
+ * The new element contains one group member
+ * The old element contains two group member
+ *
+ * Expect to see the removed entry logged.
+ *
+ * This test confirms bug 13664
+ * https://bugzilla.samba.org/show_bug.cgi?id=13664
+ */
+static void test_log_membership_changes_removed(void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_module  *module = NULL;
+	const char * const SID = "S-1-5-21-2470180966-3899876309-2637894779";
+	const char * const SESSION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+	const char * const TRANSACTION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+	const char * const IP = "127.0.0.1";
+	struct ldb_request *req = NULL;
+	struct ldb_message_element *new_el = NULL;
+	struct ldb_message_element *old_el = NULL;
+	uint32_t group_type = GTYPE_SECURITY_GLOBAL_GROUP;
+	int status = 0;
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	setup_ldb(ctx, &ldb, &module, IP, SESSION, SID);
+
+	/*
+	 * Build the ldb_request
+	 */
+	req = talloc_zero(ctx, struct ldb_request);
+	req->operation =  LDB_ADD;
+	add_transaction_id(req, TRANSACTION);
+
+	/*
+	 * Populate the new elements, containing one entry.
+	 * Indicating that one element has been removed
+	 */
+	new_el = talloc_zero(ctx, struct ldb_message_element);
+	new_el->num_values = 1;
+	new_el->values = talloc_zero_array(ctx, DATA_BLOB, 1);
+	new_el->values[0] = data_blob_string_const(
+		"<GUID=081519b5-a709-44a0-bc95-dd4bfe809bf8>;"
+		"CN=testuser131953,CN=Users,DC=addom,DC=samba,"
+		"DC=example,DC=com");
+
+	/*
+	 * Populate the old elements, with two elements
+	 * The first is the same as the one in new elements.
+	 */
+	old_el = talloc_zero(ctx, struct ldb_message_element);
+	old_el->num_values = 2;
+	old_el->values = talloc_zero_array(ctx, DATA_BLOB, 2);
+	old_el->values[0] = data_blob_string_const(
+		"<GUID=cb8c2777-dcf5-419c-ab57-f645dbdf681b>;"
+		"cn=grpadttstuser01,cn=users,DC=addom,"
+		"DC=samba,DC=example,DC=com");
+	old_el->values[1] = data_blob_string_const(
+		"<GUID=081519b5-a709-44a0-bc95-dd4bfe809bf8>;"
+		"CN=testuser131953,CN=Users,DC=addom,DC=samba,"
+		"DC=example,DC=com");
+
+	/*
+	 * call log_membership_changes
+	 */
+	messages_sent = 0;
+	log_membership_changes(module, req, new_el, old_el, group_type, status);
+
+	/*
+	 * Check the results
+	 */
+	assert_int_equal(1, messages_sent);
+
+	check_group_change_message(
+	    0,
+	    "cn=grpadttstuser01,cn=users,DC=addom,DC=samba,DC=example,DC=com",
+	    "Removed",
+	    EVT_ID_USER_REMOVED_FROM_GLOBAL_SEC_GROUP);
+
+	/*
+	 * Clean up
+	 */
+	json_free(&messages[0]);
+	TALLOC_FREE(ctx);
+}
+
+/* test log_membership_changes
+ *
+ * old contains 2 user dn's
+ * new contains 0 user dn's
+ *
+ * Expect to see both dn's logged as deleted.
+ */
+static void test_log_membership_changes_remove_all(void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_module  *module = NULL;
+	const char * const SID = "S-1-5-21-2470180966-3899876309-2637894779";
+	const char * const SESSION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+	const char * const TRANSACTION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+	const char * const IP = "127.0.0.1";
+	struct ldb_request *req = NULL;
+	struct ldb_message_element *new_el = NULL;
+	struct ldb_message_element *old_el = NULL;
+	int status = 0;
+	uint32_t group_type = GTYPE_SECURITY_BUILTIN_LOCAL_GROUP;
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	setup_ldb(ctx, &ldb, &module, IP, SESSION, SID);
+
+	/*
+	 * Build the ldb_request
+	 */
+	req = talloc_zero(ctx, struct ldb_request);
+	req->operation =  LDB_ADD;
+	add_transaction_id(req, TRANSACTION);
+
+	/*
+	 * Populate the new elements, containing no entries.
+	 * Indicating that all elements have been removed
+	 */
+	new_el = talloc_zero(ctx, struct ldb_message_element);
+	new_el->num_values = 0;
+	new_el->values = NULL;
+
+	/*
+	 * Populate the old elements, with two elements
+	 */
+	old_el = talloc_zero(ctx, struct ldb_message_element);
+	old_el->num_values = 2;
+	old_el->values = talloc_zero_array(ctx, DATA_BLOB, 2);
+	old_el->values[0] = data_blob_string_const(
+		"<GUID=cb8c2777-dcf5-419c-ab57-f645dbdf681b>;"
+		"cn=grpadttstuser01,cn=users,DC=addom,"
+		"DC=samba,DC=example,DC=com");
+	old_el->values[1] = data_blob_string_const(
+		"<GUID=081519b5-a709-44a0-bc95-dd4bfe809bf8>;"
+		"CN=testuser131953,CN=Users,DC=addom,DC=samba,"
+		"DC=example,DC=com");
+
+	/*
+	 * call log_membership_changes
+	 */
+	messages_sent = 0;
+	log_membership_changes(module, req, new_el, old_el, group_type, status);
+
+	/*
+	 * Check the results
+	 */
+	assert_int_equal(2, messages_sent);
+
+	check_group_change_message(
+	    0,
+	    "cn=grpadttstuser01,cn=users,DC=addom,DC=samba,DC=example,DC=com",
+	    "Removed",
+	    EVT_ID_USER_REMOVED_FROM_LOCAL_SEC_GROUP);
+
+	check_group_change_message(
+	    1,
+	    "CN=testuser131953,CN=Users,DC=addom,DC=samba,DC=example,DC=com",
+	    "Removed",
+	    EVT_ID_USER_REMOVED_FROM_LOCAL_SEC_GROUP);
+
+	/*
+	 * Clean up
+	 */
+	json_free(&messages[0]);
+	json_free(&messages[1]);
+	TALLOC_FREE(ctx);
+}
+
+/* test log_membership_changes
+ *
+ * Add an entry.
+ *
+ * Old entries contains a single user dn
+ * New entries contains 2 user dn's, one matching the dn in old entries
+ *
+ * Should see a single new entry logged.
+ */
+static void test_log_membership_changes_added(void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_module  *module = NULL;
+	const char * const SID = "S-1-5-21-2470180966-3899876309-2637894779";
+	const char * const SESSION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+	const char * const TRANSACTION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+	const char * const IP = "127.0.0.1";
+	struct ldb_request *req = NULL;
+	struct ldb_message_element *new_el = NULL;
+	struct ldb_message_element *old_el = NULL;
+	uint32_t group_type = GTYPE_SECURITY_DOMAIN_LOCAL_GROUP;
+	int status = 0;
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	setup_ldb(ctx, &ldb, &module, IP, SESSION, SID);
+
+	/*
+	 * Build the ldb_request
+	 */
+	req = talloc_zero(ctx, struct ldb_request);
+	req->operation =  LDB_ADD;
+	add_transaction_id(req, TRANSACTION);
+
+	/*
+	 * Populate the old elements adding a single entry.
+	 */
+	old_el = talloc_zero(ctx, struct ldb_message_element);
+	old_el->num_values = 1;
+	old_el->values = talloc_zero_array(ctx, DATA_BLOB, 1);
+	old_el->values[0] = data_blob_string_const(
+		"<GUID=081519b5-a709-44a0-bc95-dd4bfe809bf8>;"
+		"CN=testuser131953,CN=Users,DC=addom,DC=samba,"
+		"DC=example,DC=com");
+
+	/*
+	 * Populate the new elements adding two entries. One matches the entry
+	 * in old elements. We expect to see the other element logged as Added
+	 */
+	new_el = talloc_zero(ctx, struct ldb_message_element);
+	new_el->num_values = 2;
+	new_el->values = talloc_zero_array(ctx, DATA_BLOB, 2);
+	new_el->values[0] = data_blob_string_const(
+		"<GUID=cb8c2777-dcf5-419c-ab57-f645dbdf681b>;"
+		"cn=grpadttstuser01,cn=users,DC=addom,"
+		"DC=samba,DC=example,DC=com");
+	new_el->values[1] = data_blob_string_const(
+		"<GUID=081519b5-a709-44a0-bc95-dd4bfe809bf8>;"
+		"CN=testuser131953,CN=Users,DC=addom,DC=samba,"
+		"DC=example,DC=com");
+
+	/*
+	 * call log_membership_changes
+	 */
+	messages_sent = 0;
+	log_membership_changes(module, req, new_el, old_el, group_type, status);
+
+	/*
+	 * Check the results
+	 */
+	assert_int_equal(1, messages_sent);
+
+	check_group_change_message(
+	    0,
+	    "cn=grpadttstuser01,cn=users,DC=addom,DC=samba,DC=example,DC=com",
+	    "Added",
+	    EVT_ID_USER_ADDED_TO_LOCAL_SEC_GROUP);
+
+	/*
+	 * Clean up
+	 */
+	json_free(&messages[0]);
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * test log_membership_changes.
+ *
+ * Old entries is empty
+ * New entries contains 2 user dn's
+ *
+ * Expect to see log messages for two added users
+ */
+static void test_log_membership_changes_add_to_empty(void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_module  *module = NULL;
+	const char * const SID = "S-1-5-21-2470180966-3899876309-2637894779";
+	const char * const SESSION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+	const char * const TRANSACTION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+	const char * const IP = "127.0.0.1";
+	struct ldb_request *req = NULL;
+	struct ldb_message_element *new_el = NULL;
+	struct ldb_message_element *old_el = NULL;
+	uint32_t group_type = GTYPE_SECURITY_UNIVERSAL_GROUP;
+	int status = 0;
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	/*
+	 * Set up the ldb and module structures
+	 */
+	setup_ldb(ctx, &ldb, &module, IP, SESSION, SID);
+
+	/*
+	 * Build the request structure
+	 */
+	req = talloc_zero(ctx, struct ldb_request);
+	req->operation =  LDB_ADD;
+	add_transaction_id(req, TRANSACTION);
+
+	/*
+	 * Build the element containing the old values
+	 */
+	old_el = talloc_zero(ctx, struct ldb_message_element);
+	old_el->num_values = 0;
+	old_el->values = NULL;
+
+	/*
+	 * Build the element containing the new values
+	 */
+	new_el = talloc_zero(ctx, struct ldb_message_element);
+	new_el->num_values = 2;
+	new_el->values = talloc_zero_array(ctx, DATA_BLOB, 2);
+	new_el->values[0] = data_blob_string_const(
+		"<GUID=cb8c2777-dcf5-419c-ab57-f645dbdf681b>;"
+		"cn=grpadttstuser01,cn=users,DC=addom,"
+		"DC=samba,DC=example,DC=com");
+	new_el->values[1] = data_blob_string_const(
+		"<GUID=081519b5-a709-44a0-bc95-dd4bfe809bf8>;"
+		"CN=testuser131953,CN=Users,DC=addom,DC=samba,"
+		"DC=example,DC=com");
+
+	/*
+	 * Run log membership changes
+	 */
+	messages_sent = 0;
+	log_membership_changes(module, req, new_el, old_el, group_type, status);
+	assert_int_equal(2, messages_sent);
+
+	check_group_change_message(
+	    0,
+	    "cn=grpadttstuser01,cn=users,DC=addom,DC=samba,DC=example,DC=com",
+	    "Added",
+	    EVT_ID_USER_ADDED_TO_UNIVERSAL_SEC_GROUP);
+
+	check_group_change_message(
+	    1,
+	    "CN=testuser131953,CN=Users,DC=addom,DC=samba,DC=example,DC=com",
+	    "Added",
+	    EVT_ID_USER_ADDED_TO_UNIVERSAL_SEC_GROUP);
+
+	json_free(&messages[0]);
+	json_free(&messages[1]);
+	TALLOC_FREE(ctx);
+}
+
+/* test log_membership_changes
+ *
+ * Test Replication Meta Data flag handling.
+ *
+ * 4 entries in old and new entries with their RMD_FLAGS set as below:
+ *    old   new
+ * 1)  0     0    Not logged
+ * 2)  1     1    Both deleted, no change not logged
+ * 3)  0     1    New tagged as deleted, log as deleted
+ * 4)  1     0    Has been undeleted, log as an add
+ *
+ * Should see a single new entry logged.
+ */
+static void test_log_membership_changes_rmd_flags(void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_module  *module = NULL;
+	const char * const SID = "S-1-5-21-2470180966-3899876309-2637894779";
+	const char * const SESSION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+	const char * const TRANSACTION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+	const char * const IP = "127.0.0.1";
+	struct ldb_request *req = NULL;
+	struct ldb_message_element *new_el = NULL;
+	struct ldb_message_element *old_el = NULL;
+	uint32_t group_type = GTYPE_SECURITY_GLOBAL_GROUP;
+	int status = 0;
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	setup_ldb(ctx, &ldb, &module, IP, SESSION, SID);
+
+	/*
+	 * Build the ldb_request
+	 */
+	req = talloc_zero(ctx, struct ldb_request);
+	req->operation =  LDB_ADD;
+	add_transaction_id(req, TRANSACTION);
+
+	/*
+	 * Populate the old elements.
+	 */
+	old_el = talloc_zero(ctx, struct ldb_message_element);
+	old_el->num_values = 4;
+	old_el->values = talloc_zero_array(ctx, DATA_BLOB, 4);
+	old_el->values[0] = data_blob_string_const(
+		"<GUID=cb8c2777-dcf5-419c-ab57-f645dbdf681b>;"
+		"<RMD_FLAGS=0>;"
+		"cn=grpadttstuser01,cn=users,DC=addom,"
+		"DC=samba,DC=example,DC=com");
+	old_el->values[1] = data_blob_string_const(
+		"<GUID=cb8c2777-dcf5-419c-ab57-f645dbdf681c>;"
+		"<RMD_FLAGS=1>;"
+		"cn=grpadttstuser02,cn=users,DC=addom,"
+		"DC=samba,DC=example,DC=com");
+	old_el->values[2] = data_blob_string_const(
+		"<GUID=cb8c2777-dcf5-419c-ab57-f645dbdf681d>;"
+		"<RMD_FLAGS=0>;"
+		"cn=grpadttstuser03,cn=users,DC=addom,"
+		"DC=samba,DC=example,DC=com");
+	old_el->values[3] = data_blob_string_const(
+		"<GUID=cb8c2777-dcf5-419c-ab57-f645dbdf681e>;"
+		"<RMD_FLAGS=1>;"
+		"cn=grpadttstuser04,cn=users,DC=addom,"
+		"DC=samba,DC=example,DC=com");
+
+	/*
+	 * Populate the new elements.
+	 */
+	new_el = talloc_zero(ctx, struct ldb_message_element);
+	new_el->num_values = 4;
+	new_el->values = talloc_zero_array(ctx, DATA_BLOB, 4);
+	new_el->values[0] = data_blob_string_const(
+		"<GUID=cb8c2777-dcf5-419c-ab57-f645dbdf681b>;"
+		"<RMD_FLAGS=0>;"
+		"cn=grpadttstuser01,cn=users,DC=addom,"
+		"DC=samba,DC=example,DC=com");
+	new_el->values[1] = data_blob_string_const(
+		"<GUID=cb8c2777-dcf5-419c-ab57-f645dbdf681c>;"
+		"<RMD_FLAGS=1>;"
+		"cn=grpadttstuser02,cn=users,DC=addom,"
+		"DC=samba,DC=example,DC=com");
+	new_el->values[2] = data_blob_string_const(
+		"<GUID=cb8c2777-dcf5-419c-ab57-f645dbdf681d>;"
+		"<RMD_FLAGS=1>;"
+		"cn=grpadttstuser03,cn=users,DC=addom,"
+		"DC=samba,DC=example,DC=com");
+	new_el->values[3] = data_blob_string_const(
+		"<GUID=cb8c2777-dcf5-419c-ab57-f645dbdf681e>;"
+		"<RMD_FLAGS=0>;"
+		"cn=grpadttstuser04,cn=users,DC=addom,"
+		"DC=samba,DC=example,DC=com");
+
+	/*
+	 * call log_membership_changes
+	 */
+	messages_sent = 0;
+	log_membership_changes(module, req, new_el, old_el, group_type, status);
+
+	/*
+	 * Check the results
+	 */
+	assert_int_equal(2, messages_sent);
+
+	check_group_change_message(
+	    0,
+	    "cn=grpadttstuser03,cn=users,DC=addom,DC=samba,DC=example,DC=com",
+	    "Removed",
+	    EVT_ID_USER_REMOVED_FROM_GLOBAL_SEC_GROUP);
+	check_group_change_message(
+	    1,
+	    "cn=grpadttstuser04,cn=users,DC=addom,DC=samba,DC=example,DC=com",
+	    "Added",
+	    EVT_ID_USER_ADDED_TO_GLOBAL_SEC_GROUP);
+
+	/*
+	 * Clean up
+	 */
+	json_free(&messages[0]);
+	json_free(&messages[1]);
+	TALLOC_FREE(ctx);
+}
+
+static void test_get_add_member_event(void **state)
+{
+	assert_int_equal(
+	    EVT_ID_USER_ADDED_TO_LOCAL_SEC_GROUP,
+	    get_add_member_event(GTYPE_SECURITY_BUILTIN_LOCAL_GROUP));
+
+	assert_int_equal(EVT_ID_USER_ADDED_TO_GLOBAL_SEC_GROUP,
+			 get_add_member_event(GTYPE_SECURITY_GLOBAL_GROUP));
+
+	assert_int_equal(
+	    EVT_ID_USER_ADDED_TO_LOCAL_SEC_GROUP,
+	    get_add_member_event(GTYPE_SECURITY_DOMAIN_LOCAL_GROUP));
+
+	assert_int_equal(EVT_ID_USER_ADDED_TO_UNIVERSAL_SEC_GROUP,
+			 get_add_member_event(GTYPE_SECURITY_UNIVERSAL_GROUP));
+
+	assert_int_equal(EVT_ID_USER_ADDED_TO_GLOBAL_GROUP,
+			 get_add_member_event(GTYPE_DISTRIBUTION_GLOBAL_GROUP));
+
+	assert_int_equal(
+	    EVT_ID_USER_ADDED_TO_LOCAL_GROUP,
+	    get_add_member_event(GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP));
+
+	assert_int_equal(
+	    EVT_ID_USER_ADDED_TO_UNIVERSAL_GROUP,
+	    get_add_member_event(GTYPE_DISTRIBUTION_UNIVERSAL_GROUP));
+
+	assert_int_equal(EVT_ID_NONE, get_add_member_event(0));
+
+	assert_int_equal(EVT_ID_NONE, get_add_member_event(UINT32_MAX));
+}
+
+static void test_get_remove_member_event(void **state)
+{
+	assert_int_equal(
+	    EVT_ID_USER_REMOVED_FROM_LOCAL_SEC_GROUP,
+	    get_remove_member_event(GTYPE_SECURITY_BUILTIN_LOCAL_GROUP));
+
+	assert_int_equal(EVT_ID_USER_REMOVED_FROM_GLOBAL_SEC_GROUP,
+			 get_remove_member_event(GTYPE_SECURITY_GLOBAL_GROUP));
+
+	assert_int_equal(
+	    EVT_ID_USER_REMOVED_FROM_LOCAL_SEC_GROUP,
+	    get_remove_member_event(GTYPE_SECURITY_DOMAIN_LOCAL_GROUP));
+
+	assert_int_equal(
+	    EVT_ID_USER_REMOVED_FROM_UNIVERSAL_SEC_GROUP,
+	    get_remove_member_event(GTYPE_SECURITY_UNIVERSAL_GROUP));
+
+	assert_int_equal(
+	    EVT_ID_USER_REMOVED_FROM_GLOBAL_GROUP,
+	    get_remove_member_event(GTYPE_DISTRIBUTION_GLOBAL_GROUP));
+
+	assert_int_equal(
+	    EVT_ID_USER_REMOVED_FROM_LOCAL_GROUP,
+	    get_remove_member_event(GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP));
+
+	assert_int_equal(
+	    EVT_ID_USER_REMOVED_FROM_UNIVERSAL_GROUP,
+	    get_remove_member_event(GTYPE_DISTRIBUTION_UNIVERSAL_GROUP));
+
+	assert_int_equal(EVT_ID_NONE, get_remove_member_event(0));
+
+	assert_int_equal(EVT_ID_NONE, get_remove_member_event(UINT32_MAX));
+}
+
+/* test log_group_membership_changes
+ *
+ * Happy path test case
+ *
+ */
+static void test_log_group_membership_changes(void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_module  *module = NULL;
+	const char * const SID = "S-1-5-21-2470180966-3899876309-2637894779";
+	const char * const SESSION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+	const char * const TRANSACTION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+	const char * const IP = "127.0.0.1";
+	struct ldb_request *req = NULL;
+	struct ldb_message *msg = NULL;
+	struct ldb_message_element *el = NULL;
+	struct audit_callback_context *acc = NULL;
+	struct ldb_result *res = NULL;
+	struct ldb_message *new_msg = NULL;
+	struct ldb_message_element *group_type = NULL;
+	const char *group_type_str = NULL;
+	struct ldb_message_element *new_el = NULL;
+	struct ldb_message_element *old_el = NULL;
+	int status = 0;
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	setup_ldb(ctx, &ldb, &module, IP, SESSION, SID);
+
+	/*
+	 * Build the ldb message
+	 */
+	msg = talloc_zero(ctx, struct ldb_message);
+
+	/*
+	 * Populate message elements, adding a new entry to the membership list
+	 *
+	 */
+
+	el = talloc_zero(ctx, struct ldb_message_element);
+	el->name = "member";
+	el->num_values = 1;
+	el->values = talloc_zero_array(ctx, DATA_BLOB, 1);
+	el->values[0] = data_blob_string_const(
+		"<GUID=081519b5-a709-44a0-bc95-dd4bfe809bf8>;"
+		"CN=testuser131953,CN=Users,DC=addom,DC=samba,"
+		"DC=example,DC=com");
+	msg->elements = el;
+	msg->num_elements = 1;
+
+	/*
+	 * Build the ldb_request
+	 */
+	req = talloc_zero(ctx, struct ldb_request);
+	req->operation = LDB_ADD;
+	req->op.add.message = msg;
+	add_transaction_id(req, TRANSACTION);
+
+	/*
+	 * Build the initial state of the database
+	 */
+	old_el = talloc_zero(ctx, struct ldb_message_element);
+	old_el->name = "member";
+	old_el->num_values = 1;
+	old_el->values = talloc_zero_array(ctx, DATA_BLOB, 1);
+	old_el->values[0] = data_blob_string_const(
+		"<GUID=cb8c2777-dcf5-419c-ab57-f645dbdf681b>;"
+		"cn=grpadttstuser01,cn=users,DC=addom,"
+		"DC=samba,DC=example,DC=com");
+
+	/*
+	 * Build the updated state of the database
+	 */
+	res = talloc_zero(ctx, struct ldb_result);
+	new_msg = talloc_zero(ctx, struct ldb_message);
+	new_el = talloc_zero(ctx, struct ldb_message_element);
+	new_el->name = "member";
+	new_el->num_values = 2;
+	new_el->values = talloc_zero_array(ctx, DATA_BLOB, 2);
+	new_el->values[0] = data_blob_string_const(
+		"<GUID=cb8c2777-dcf5-419c-ab57-f645dbdf681b>;"
+		"cn=grpadttstuser01,cn=users,DC=addom,"
+		"DC=samba,DC=example,DC=com");
+	new_el->values[1] = data_blob_string_const(
+		"<GUID=081519b5-a709-44a0-bc95-dd4bfe809bf8>;"
+		"CN=testuser131953,CN=Users,DC=addom,DC=samba,"
+		"DC=example,DC=com");
+
+	group_type = talloc_zero(ctx, struct ldb_message_element);
+	group_type->name = "groupType";
+	group_type->num_values = 1;
+	group_type->values = talloc_zero_array(ctx, DATA_BLOB, 1);
+	group_type_str = talloc_asprintf(ctx, "%u", GTYPE_SECURITY_GLOBAL_GROUP);
+	group_type->values[0] = data_blob_string_const(group_type_str);
+
+
+	new_msg->elements = talloc_zero_array(ctx, struct ldb_message_element, 2);
+	new_msg->num_elements = 2;
+	new_msg->elements[0] = *new_el;
+	new_msg->elements[1] = *group_type;
+
+	res->count = 1;
+	res->msgs = &new_msg;
+
+	acc = talloc_zero(ctx, struct audit_callback_context);
+	acc->request = req;
+	acc->module = module;
+	acc->members = old_el;
+	/*
+	 * call log_membership_changes
+	 */
+	messages_sent = 0;
+	g_result = res;
+	g_status = LDB_SUCCESS;
+	log_group_membership_changes(acc, status);
+	g_result = NULL;
+
+	/*
+	 * Check the results
+	 */
+	assert_int_equal(1, messages_sent);
+
+	check_group_change_message(
+	    0,
+	    "CN=testuser131953,CN=Users,DC=addom,DC=samba,DC=example,DC=com",
+	    "Added",
+	    EVT_ID_USER_ADDED_TO_GLOBAL_SEC_GROUP);
+
+	/*
+	 * Clean up
+	 */
+	json_free(&messages[0]);
+	TALLOC_FREE(ctx);
+}
+
+/* test log_group_membership_changes
+ *
+ * The ldb query to retrieve the new values failed.
+ *
+ * Should generate group membership change Failure message.
+ *
+ */
+static void test_log_group_membership_changes_read_new_failure(void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_module  *module = NULL;
+	const char * const SID = "S-1-5-21-2470180966-3899876309-2637894779";
+	const char * const SESSION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+	const char * const TRANSACTION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+	const char * const IP = "127.0.0.1";
+	struct ldb_request *req = NULL;
+	struct ldb_message *msg = NULL;
+	struct ldb_message_element *el = NULL;
+	struct audit_callback_context *acc = NULL;
+	struct ldb_message_element *old_el = NULL;
+	int status = 0;
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	setup_ldb(ctx, &ldb, &module, IP, SESSION, SID);
+
+	/*
+	 * Build the ldb message
+	 */
+	msg = talloc_zero(ctx, struct ldb_message);
+
+	/*
+	 * Populate message elements, adding a new entry to the membership list
+	 *
+	 */
+
+	el = talloc_zero(ctx, struct ldb_message_element);
+	el->name = "member";
+	el->num_values = 1;
+	el->values = talloc_zero_array(ctx, DATA_BLOB, 1);
+	el->values[0] = data_blob_string_const(
+		"<GUID=081519b5-a709-44a0-bc95-dd4bfe809bf8>;"
+		"CN=testuser131953,CN=Users,DC=addom,DC=samba,"
+		"DC=example,DC=com");
+	msg->elements = el;
+	msg->num_elements = 1;
+
+	/*
+	 * Build the ldb_request
+	 */
+	req = talloc_zero(ctx, struct ldb_request);
+	req->operation = LDB_ADD;
+	req->op.add.message = msg;
+	add_transaction_id(req, TRANSACTION);
+
+	/*
+	 * Build the initial state of the database
+	 */
+	old_el = talloc_zero(ctx, struct ldb_message_element);
+	old_el->name = "member";
+	old_el->num_values = 1;
+	old_el->values = talloc_zero_array(ctx, DATA_BLOB, 1);
+	old_el->values[0] = data_blob_string_const(
+		"<GUID=cb8c2777-dcf5-419c-ab57-f645dbdf681b>;"
+		"cn=grpadttstuser01,cn=users,DC=addom,"
+		"DC=samba,DC=example,DC=com");
+
+	acc = talloc_zero(ctx, struct audit_callback_context);
+	acc->request = req;
+	acc->module = module;
+	acc->members = old_el;
+	/*
+	 * call log_membership_changes
+	 */
+	messages_sent = 0;
+	g_result = NULL;
+	g_status = LDB_ERR_NO_SUCH_OBJECT;
+	log_group_membership_changes(acc, status);
+
+	/*
+	 * Check the results
+	 */
+	assert_int_equal(1, messages_sent);
+
+	check_group_change_message(
+	    0,
+	    "",
+	    "Failure",
+	    EVT_ID_NONE);
+
+	/*
+	 * Clean up
+	 */
+	json_free(&messages[0]);
+	TALLOC_FREE(ctx);
+}
+
+/* test log_group_membership_changes
+ *
+ * The operation failed.
+ *
+ * Should generate group membership change Failure message.
+ *
+ */
+static void test_log_group_membership_changes_error(void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_module  *module = NULL;
+	const char * const SID = "S-1-5-21-2470180966-3899876309-2637894779";
+	const char * const SESSION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+	const char * const TRANSACTION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+	const char * const IP = "127.0.0.1";
+	struct ldb_request *req = NULL;
+	struct ldb_message *msg = NULL;
+	struct ldb_message_element *el = NULL;
+	struct ldb_message_element *old_el = NULL;
+	struct audit_callback_context *acc = NULL;
+	int status = LDB_ERR_OPERATIONS_ERROR;
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	setup_ldb(ctx, &ldb, &module, IP, SESSION, SID);
+
+	/*
+	 * Build the ldb message
+	 */
+	msg = talloc_zero(ctx, struct ldb_message);
+
+	/*
+	 * Populate message elements, adding a new entry to the membership list
+	 *
+	 */
+
+	el = talloc_zero(ctx, struct ldb_message_element);
+	el->name = "member";
+	el->num_values = 1;
+	el->values = talloc_zero_array(ctx, DATA_BLOB, 1);
+	el->values[0] = data_blob_string_const(
+		"<GUID=081519b5-a709-44a0-bc95-dd4bfe809bf8>;"
+		"CN=testuser131953,CN=Users,DC=addom,DC=samba,"
+		"DC=example,DC=com");
+	msg->elements = el;
+	msg->num_elements = 1;
+
+	/*
+	 * Build the ldb_request
+	 */
+	req = talloc_zero(ctx, struct ldb_request);
+	req->operation = LDB_ADD;
+	req->op.add.message = msg;
+	add_transaction_id(req, TRANSACTION);
+
+	/*
+	 * Build the initial state of the database
+	 */
+	old_el = talloc_zero(ctx, struct ldb_message_element);
+	old_el->name = "member";
+	old_el->num_values = 1;
+	old_el->values = talloc_zero_array(ctx, DATA_BLOB, 1);
+	old_el->values[0] = data_blob_string_const(
+		"<GUID=cb8c2777-dcf5-419c-ab57-f645dbdf681b>;"
+		"cn=grpadttstuser01,cn=users,DC=addom,"
+		"DC=samba,DC=example,DC=com");
+
+
+	acc = talloc_zero(ctx, struct audit_callback_context);
+	acc->request = req;
+	acc->module = module;
+	acc->members = old_el;
+	/*
+	 * call log_membership_changes
+	 */
+	messages_sent = 0;
+	log_group_membership_changes(acc, status);
+
+	/*
+	 * Check the results
+	 */
+	assert_int_equal(1, messages_sent);
+
+	check_group_change_message(
+	    0,
+	    "",
+	    "Failure",
+	    EVT_ID_NONE);
+
+	/*
+	 * Clean up
+	 */
+	json_free(&messages[0]);
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * Note: to run under valgrind us:
+ *       valgrind --suppressions=test_group_audit.valgrind bin/test_group_audit
+ *       This suppresses the errors generated because the ldb_modules are not
+ *       de-registered.
+ *
+ */
+int main(void) {
+	const struct CMUnitTest tests[] = {
+	    cmocka_unit_test(test_audit_group_json),
+	    cmocka_unit_test(test_audit_group_json_error),
+	    cmocka_unit_test(test_audit_group_json_no_event),
+	    cmocka_unit_test(test_get_transaction_id),
+	    cmocka_unit_test(test_audit_group_hr),
+	    cmocka_unit_test(test_get_parsed_dns),
+	    cmocka_unit_test(test_dn_compare),
+	    cmocka_unit_test(test_get_primary_group_dn),
+	    cmocka_unit_test(test_log_membership_changes_removed),
+	    cmocka_unit_test(test_log_membership_changes_remove_all),
+	    cmocka_unit_test(test_log_membership_changes_added),
+	    cmocka_unit_test(test_log_membership_changes_add_to_empty),
+	    cmocka_unit_test(test_log_membership_changes_rmd_flags),
+	    cmocka_unit_test(test_get_add_member_event),
+	    cmocka_unit_test(test_get_remove_member_event),
+	    cmocka_unit_test(test_log_group_membership_changes),
+	    cmocka_unit_test(test_log_group_membership_changes_read_new_failure),
+	    cmocka_unit_test(test_log_group_membership_changes_error),
+	};
+
+	cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
+	return cmocka_run_group_tests(tests, NULL, NULL);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/tests/test_group_audit.valgrind b/source4/dsdb/samdb/ldb_modules/tests/test_group_audit.valgrind
new file mode 100644
index 0000000..1cf2b4e
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/tests/test_group_audit.valgrind
@@ -0,0 +1,19 @@
+{
+   ldb_modules_load modules not are freed
+   Memcheck:Leak
+   match-leak-kinds: possible
+   fun:malloc
+   fun:__talloc_with_prefix
+   fun:__talloc
+   fun:_talloc_named_const
+   fun:talloc_named_const
+   fun:ldb_register_module
+   fun:ldb_init_module
+   fun:ldb_modules_load_path
+   fun:ldb_modules_load_dir
+   fun:ldb_modules_load_path
+   fun:ldb_modules_load
+   fun:ldb_init
+}
+
+
diff --git a/source4/dsdb/samdb/ldb_modules/tests/test_group_audit_errors.c b/source4/dsdb/samdb/ldb_modules/tests/test_group_audit_errors.c
new file mode 100644
index 0000000..ea9f2b7
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/tests/test_group_audit_errors.c
@@ -0,0 +1,266 @@
+/*
+   Unit tests for the dsdb group auditing code in group_audit.c
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2018
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ * These tests exercise the error handling routines.
+ */
+
+#include <stdarg.h>
+#include <stddef.h>
+#include <setjmp.h>
+#include <unistd.h>
+#include <cmocka.h>
+
+int ldb_group_audit_log_module_init(const char *version);
+#include "../group_audit.c"
+
+#include "lib/ldb/include/ldb_private.h"
+
+/*
+ * cmocka wrappers for json_new_object
+ */
+struct json_object __wrap_json_new_object(void);
+struct json_object __real_json_new_object(void);
+struct json_object __wrap_json_new_object(void)
+{
+
+	bool use_real = (bool)mock();
+	if (!use_real) {
+		return json_empty_object;
+	}
+	return __real_json_new_object();
+}
+
+/*
+ * cmocka wrappers for json_add_version
+ */
+int __wrap_json_add_version(struct json_object *object, int major, int minor);
+int __real_json_add_version(struct json_object *object, int major, int minor);
+int __wrap_json_add_version(struct json_object *object, int major, int minor)
+{
+
+	int ret = (int)mock();
+	if (ret) {
+		return ret;
+	}
+	return __real_json_add_version(object, major, minor);
+}
+
+/*
+ * cmocka wrappers for json_add_version
+ */
+int __wrap_json_add_timestamp(struct json_object *object);
+int __real_json_add_timestamp(struct json_object *object);
+int __wrap_json_add_timestamp(struct json_object *object)
+{
+
+	int ret = (int)mock();
+	if (ret) {
+		return ret;
+	}
+	return __real_json_add_timestamp(object);
+}
+
+/*
+ * Test helper to add a session id and user SID
+ */
+static void add_session_data(
+	TALLOC_CTX *ctx,
+	struct ldb_context *ldb,
+	const char *session,
+	const char *user_sid)
+{
+	struct auth_session_info *sess = NULL;
+	struct security_token *token = NULL;
+	struct dom_sid *sid = NULL;
+	struct GUID session_id;
+	bool ok;
+
+	sess = talloc_zero(ctx, struct auth_session_info);
+	token = talloc_zero(ctx, struct security_token);
+	sid = talloc_zero(ctx, struct dom_sid);
+	ok = string_to_sid(sid, user_sid);
+	assert_true(ok);
+	token->sids = sid;
+	sess->security_token = token;
+	GUID_from_string(session, &session_id);
+	sess->unique_session_token = session_id;
+	ldb_set_opaque(ldb, DSDB_SESSION_INFO, sess);
+}
+
+/*
+ * Test helper to insert a transaction_id into a request.
+ */
+static void add_transaction_id(struct ldb_request *req, const char *id)
+{
+	struct GUID guid;
+	struct dsdb_control_transaction_identifier *transaction_id = NULL;
+
+	transaction_id = talloc_zero(
+		req,
+		struct dsdb_control_transaction_identifier);
+	assert_non_null(transaction_id);
+	GUID_from_string(id, &guid);
+	transaction_id->transaction_guid = guid;
+	ldb_request_add_control(
+		req,
+		DSDB_CONTROL_TRANSACTION_IDENTIFIER_OID,
+		false,
+		transaction_id);
+}
+
+static void test_audit_group_json(void **state)
+{
+	struct ldb_context *ldb = NULL;
+	struct ldb_module  *module = NULL;
+	struct ldb_request *req = NULL;
+
+	struct tsocket_address *ts = NULL;
+
+	const char *const SID = "S-1-5-21-2470180966-3899876309-2637894779";
+	const char * const SESSION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+
+	struct GUID transaction_id;
+	const char *const TRANSACTION = "7130cb06-2062-6a1b-409e-3514c26b1773";
+
+	enum event_id_type event_id = EVT_ID_USER_REMOVED_FROM_GLOBAL_SEC_GROUP;
+
+	struct json_object json;
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	ldb = ldb_init(ctx, NULL);
+
+	GUID_from_string(TRANSACTION, &transaction_id);
+
+	module = talloc_zero(ctx, struct ldb_module);
+	module->ldb = ldb;
+
+	tsocket_address_inet_from_strings(ctx, "ip", "127.0.0.1", 0, &ts);
+	ldb_set_opaque(ldb, "remoteAddress", ts);
+
+	add_session_data(ctx, ldb, SESSION, SID);
+
+	req = talloc_zero(ctx, struct ldb_request);
+	req->operation =  LDB_ADD;
+	add_transaction_id(req, TRANSACTION);
+
+	/*
+	 * Fail on the creation of the audit json object
+	 */
+
+	will_return(__wrap_json_new_object, false);
+
+	json = audit_group_json(module,
+				req,
+				"the-action",
+				"the-user-name",
+				"the-group-name",
+				event_id,
+				LDB_ERR_OPERATIONS_ERROR);
+	assert_true(json_is_invalid(&json));
+
+	/*
+	 * Fail adding the version object .
+	 */
+
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_add_version, JSON_ERROR);
+
+	json = audit_group_json(module,
+				req,
+				"the-action",
+				"the-user-name",
+				"the-group-name",
+				event_id,
+				LDB_ERR_OPERATIONS_ERROR);
+	assert_true(json_is_invalid(&json));
+
+	/*
+	 * Fail on creation of the wrapper.
+	 */
+
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_add_version, 0);
+	will_return(__wrap_json_new_object, false);
+
+	json = audit_group_json(module,
+				req,
+				"the-action",
+				"the-user-name",
+				"the-group-name",
+				event_id,
+				LDB_ERR_OPERATIONS_ERROR);
+	assert_true(json_is_invalid(&json));
+
+	/*
+	 * Fail adding the timestamp to the wrapper object.
+	 */
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_add_version, 0);
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_add_timestamp, JSON_ERROR);
+
+	json = audit_group_json(module,
+				req,
+				"the-action",
+				"the-user-name",
+				"the-group-name",
+				event_id,
+				LDB_ERR_OPERATIONS_ERROR);
+	assert_true(json_is_invalid(&json));
+
+
+	/*
+	 * Now test the happy path
+	 */
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_add_version, 0);
+	will_return(__wrap_json_new_object, true);
+	will_return(__wrap_json_add_timestamp, 0);
+
+	json = audit_group_json(module,
+				req,
+				"the-action",
+				"the-user-name",
+				"the-group-name",
+				event_id,
+				LDB_ERR_OPERATIONS_ERROR);
+	assert_false(json_is_invalid(&json));
+
+	json_free(&json);
+	TALLOC_FREE(ctx);
+
+}
+
+/*
+ * Note: to run under valgrind us:
+ *       valgrind --suppressions=test_group_audit.valgrind bin/test_group_audit
+ *       This suppresses the errors generated because the ldb_modules are not
+ *       de-registered.
+ *
+ */
+int main(void) {
+	const struct CMUnitTest tests[] = {
+		cmocka_unit_test(test_audit_group_json),
+	};
+
+	cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
+	return cmocka_run_group_tests(tests, NULL, NULL);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/tests/test_unique_object_sids.c b/source4/dsdb/samdb/ldb_modules/tests/test_unique_object_sids.c
new file mode 100644
index 0000000..2d37d53
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/tests/test_unique_object_sids.c
@@ -0,0 +1,514 @@
+/*
+   Unit tests for the unique objectSID code in unique_object_sids.c
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2017
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <stdarg.h>
+#include <stddef.h>
+#include <setjmp.h>
+#include <unistd.h>
+#include <cmocka.h>
+
+int ldb_unique_object_sids_init(const char *version);
+#include "../unique_object_sids.c"
+
+#include "../libcli/security/dom_sid.h"
+#include "librpc/gen_ndr/ndr_security.h"
+
+#define TEST_BE "tdb"
+
+#define DOMAIN_SID  "S-1-5-21-2470180966-3899876309-2637894779"
+#define LOCAL_SID   "S-1-5-21-2470180966-3899876309-2637894779-1000"
+#define FOREIGN_SID "S-1-5-21-2470180966-3899876309-2637894778-1000"
+
+static struct ldb_request *last_request;
+
+/*
+ * ldb_next_request mock, records the request passed in last_request
+ * so it can be examined in the test cases.
+ */
+int ldb_next_request(
+	struct ldb_module *module,
+	struct ldb_request *request)
+{
+	last_request = request;
+	return ldb_module_done(request, NULL, NULL, LDB_SUCCESS);
+}
+
+/*
+ * Test context
+ */
+struct ldbtest_ctx {
+	struct tevent_context *ev;
+	struct ldb_context *ldb;
+	struct ldb_module *module;
+
+	const char *dbfile;
+	const char *lockfile;   /* lockfile is separate */
+
+	const char *dbpath;
+	struct dom_sid *domain_sid;
+};
+
+/*
+ * Remove any database files created by the tests
+ */
+static void unlink_old_db(struct ldbtest_ctx *test_ctx)
+{
+	int ret;
+
+	errno = 0;
+	ret = unlink(test_ctx->lockfile);
+	if (ret == -1 && errno != ENOENT) {
+		fail();
+	}
+
+	errno = 0;
+	ret = unlink(test_ctx->dbfile);
+	if (ret == -1 && errno != ENOENT) {
+		fail();
+	}
+}
+
+/*
+ * Empty module to signal the end of the module list
+ */
+static const struct ldb_module_ops eol_ops = {
+	.name              = "eol",
+	.search            = NULL,
+	.add		   = NULL,
+	.modify		   = NULL,
+	.del		   = NULL,
+	.rename		   = NULL,
+	.init_context	   = NULL
+};
+
+/*
+ * Test set up
+ */
+static int setup(void **state)
+{
+	struct ldbtest_ctx *test_ctx	= NULL;
+	struct ldb_module *eol		= NULL;
+	int rc;
+
+	test_ctx = talloc_zero(NULL, struct ldbtest_ctx);
+	assert_non_null(test_ctx);
+
+	test_ctx->ev = tevent_context_init(test_ctx);
+	assert_non_null(test_ctx->ev);
+
+	test_ctx->ldb = ldb_init(test_ctx, test_ctx->ev);
+	assert_non_null(test_ctx->ldb);
+
+	test_ctx->domain_sid = talloc_zero(test_ctx, struct dom_sid);
+	assert_non_null(test_ctx->domain_sid);
+	assert_true(string_to_sid(test_ctx->domain_sid, DOMAIN_SID));
+	ldb_set_opaque(test_ctx->ldb, "cache.domain_sid", test_ctx->domain_sid);
+
+        test_ctx->module = ldb_module_new(
+		test_ctx,
+		test_ctx->ldb,
+		"unique_object_sids",
+		&ldb_unique_object_sids_module_ops);
+	assert_non_null(test_ctx->module);
+	eol = ldb_module_new(test_ctx, test_ctx->ldb, "eol", &eol_ops);
+	assert_non_null(eol);
+	ldb_module_set_next(test_ctx->module, eol);
+
+	test_ctx->dbfile = talloc_strdup(test_ctx, "duptest.ldb");
+	assert_non_null(test_ctx->dbfile);
+
+	test_ctx->lockfile = talloc_asprintf(test_ctx, "%s-lock",
+					     test_ctx->dbfile);
+	assert_non_null(test_ctx->lockfile);
+
+	test_ctx->dbpath = talloc_asprintf(test_ctx,
+			TEST_BE"://%s", test_ctx->dbfile);
+	assert_non_null(test_ctx->dbpath);
+
+	unlink_old_db(test_ctx);
+
+	rc = ldb_connect(test_ctx->ldb, test_ctx->dbpath, 0, NULL);
+	assert_int_equal(rc, LDB_SUCCESS);
+
+	rc = unique_object_sids_init(test_ctx->module);
+	assert_int_equal(rc, LDB_SUCCESS);
+
+	*state = test_ctx;
+
+	last_request = NULL;
+	return 0;
+}
+
+/*
+ * Test clean up
+ */
+static int teardown(void **state)
+{
+	struct ldbtest_ctx *test_ctx = talloc_get_type_abort(*state,
+							struct ldbtest_ctx);
+
+	unlink_old_db(test_ctx);
+	talloc_free(test_ctx);
+	return 0;
+}
+
+/*
+ * Add an objectSID in string form to the supplied message
+ *
+ *
+ */
+static void add_sid(
+	struct ldb_message *msg,
+	const char *sid_str)
+{
+	struct ldb_val v;
+	enum ndr_err_code ndr_err;
+	struct dom_sid *sid = NULL;
+
+	sid = talloc_zero(msg, struct dom_sid);
+	assert_non_null(sid);
+	assert_true(string_to_sid(sid, sid_str));
+	ndr_err = ndr_push_struct_blob(&v, msg, sid,
+				       (ndr_push_flags_fn_t)ndr_push_dom_sid);
+	assert_true(NDR_ERR_CODE_IS_SUCCESS(ndr_err));
+	assert_int_equal(0, ldb_msg_add_value(msg, "objectSID", &v, NULL));
+}
+
+/*
+ * The object is in the current local domain so it should have
+ * DB_FLAG_INTERNAL_UNIQUE_VALUE set
+ */
+static void test_objectSID_in_domain(void **state)
+{
+	struct ldbtest_ctx *test_ctx =
+		talloc_get_type_abort(*state, struct ldbtest_ctx);
+	struct ldb_context *ldb 		= test_ctx->ldb;
+	struct ldb_message *msg			= ldb_msg_new(test_ctx);
+	struct ldb_message_element *el		= NULL;
+	struct ldb_request *request		= NULL;
+	struct ldb_request *original_request	= NULL;
+	int rc;
+
+	msg->dn = ldb_dn_new(msg, ldb, "dc=test");
+	add_sid(msg, LOCAL_SID);
+
+	rc = ldb_build_add_req(
+		&request,
+		test_ctx->ldb,
+		test_ctx,
+		msg,
+		NULL,
+		NULL,
+		ldb_op_default_callback,
+		NULL);
+
+	assert_int_equal(rc, LDB_SUCCESS);
+	assert_non_null(request);
+	original_request = request;
+
+	rc = unique_object_sids_add(test_ctx->module, request);
+	assert_int_equal(rc, LDB_SUCCESS);
+
+	/*
+	 * Check that a copy of the request was passed to the next module
+	 * and not the original request
+	 */
+	assert_ptr_not_equal(last_request, original_request);
+
+	/*
+	 * Check the flag was set on the request passed to the next
+	 * module
+	 */
+	el = ldb_msg_find_element(last_request->op.add.message, "objectSID");
+	assert_non_null(el);
+	assert_true(el->flags & LDB_FLAG_INTERNAL_FORCE_UNIQUE_INDEX);
+
+	/*
+	 * Check the flag was not  set on the original request
+	 */
+	el = ldb_msg_find_element(request->op.add.message, "objectSID");
+	assert_non_null(el);
+	assert_false(el->flags & LDB_FLAG_INTERNAL_FORCE_UNIQUE_INDEX);
+
+}
+
+/*
+ * The object is not in the current local domain so it should NOT have
+ * DB_FLAG_INTERNAL_UNIQUE_VALUE set
+ */
+static void test_objectSID_not_in_domain(void **state)
+{
+	struct ldbtest_ctx *test_ctx =
+		talloc_get_type_abort(*state, struct ldbtest_ctx);
+	struct ldb_context *ldb			= test_ctx->ldb;
+	struct ldb_message *msg			= ldb_msg_new(test_ctx);
+	struct ldb_message_element *el		= NULL;
+	struct ldb_request *request		= NULL;
+	struct ldb_request *original_request	= NULL;
+	int rc;
+
+	msg->dn = ldb_dn_new(msg, ldb, "dc=test");
+	add_sid(msg, FOREIGN_SID);
+
+	rc = ldb_build_add_req(
+		&request,
+		test_ctx->ldb,
+		test_ctx,
+		msg,
+		NULL,
+		NULL,
+		ldb_op_default_callback,
+		NULL);
+
+	assert_int_equal(rc, LDB_SUCCESS);
+	assert_non_null(request);
+	original_request = request;
+
+	rc = unique_object_sids_add(test_ctx->module, request);
+	assert_int_equal(rc, LDB_SUCCESS);
+
+	/*
+	 * Check that the original request was passed to the next module
+	 * and not a copy
+	 */
+	assert_ptr_equal(last_request, original_request);
+
+	/*
+	 * Check that the flag was not set on the objectSID element
+	 */
+	el = ldb_msg_find_element(msg, "objectSID");
+	assert_non_null(el);
+	assert_false(el->flags & LDB_FLAG_INTERNAL_FORCE_UNIQUE_INDEX);
+}
+
+/*
+ * No objectSID on the record so it should pass through the module untouched
+ *
+ */
+static void test_no_objectSID(void **state)
+{
+	struct ldbtest_ctx *test_ctx =
+		talloc_get_type_abort(*state, struct ldbtest_ctx);
+	struct ldb_context *ldb			= test_ctx->ldb;
+	struct ldb_message *msg			= ldb_msg_new(test_ctx);
+	struct ldb_request *request		= NULL;
+	struct ldb_request *original_request	= NULL;
+	int rc;
+
+	msg->dn = ldb_dn_new(msg, ldb, "dc=test");
+	assert_int_equal(LDB_SUCCESS, ldb_msg_add_string(msg, "cn", "test"));
+
+	rc = ldb_build_add_req(
+		&request,
+		test_ctx->ldb,
+		test_ctx,
+		msg,
+		NULL,
+		NULL,
+		ldb_op_default_callback,
+		NULL);
+
+	assert_int_equal(rc, LDB_SUCCESS);
+	assert_non_null(request);
+	original_request = request;
+
+	rc = unique_object_sids_add(test_ctx->module, request);
+	assert_int_equal(rc, LDB_SUCCESS);
+
+	/*
+	 * Check that the original request was passed to the next module
+	 * and not a copy
+	 */
+	assert_ptr_equal(last_request, original_request);
+
+}
+
+/*
+ * Attempt to modify an objectSID DSDB_CONTROL_REPLICATED_UPDATE_OID not set
+ * this should fail with LDB_ERR_UNWILLING_TO_PERFORM
+ */
+static void test_modify_of_objectSID_not_replicated(void **state)
+{
+	struct ldbtest_ctx *test_ctx =
+		talloc_get_type_abort(*state, struct ldbtest_ctx);
+	struct ldb_context *ldb 		= test_ctx->ldb;
+	struct ldb_message *msg			= ldb_msg_new(test_ctx);
+	struct ldb_request *request		= NULL;
+	int rc;
+
+	msg->dn = ldb_dn_new(msg, ldb, "dc=test");
+	add_sid(msg, LOCAL_SID);
+
+	rc = ldb_build_mod_req(
+		&request,
+		test_ctx->ldb,
+		test_ctx,
+		msg,
+		NULL,
+		NULL,
+		ldb_op_default_callback,
+		NULL);
+
+	assert_int_equal(rc, LDB_SUCCESS);
+	assert_non_null(request);
+
+	rc = unique_object_sids_modify(test_ctx->module, request);
+
+	assert_int_equal(rc, LDB_ERR_UNWILLING_TO_PERFORM);
+}
+
+
+/*
+ * Attempt to modify an objectSID DSDB_CONTROL_REPLICATED_UPDATE_OID set
+ * this should succeed
+ */
+static void test_modify_of_objectSID_replicated(void **state)
+{
+	struct ldbtest_ctx *test_ctx =
+		talloc_get_type_abort(*state, struct ldbtest_ctx);
+	struct ldb_context *ldb 		= test_ctx->ldb;
+	struct ldb_message *msg			= ldb_msg_new(test_ctx);
+	struct ldb_message_element *el		= NULL;
+	struct ldb_request *request		= NULL;
+	struct ldb_request *original_request	= NULL;
+	int rc;
+
+	msg->dn = ldb_dn_new(msg, ldb, "dc=test");
+	add_sid(msg, LOCAL_SID);
+
+	rc = ldb_build_mod_req(
+		&request,
+		test_ctx->ldb,
+		test_ctx,
+		msg,
+		NULL,
+		NULL,
+		ldb_op_default_callback,
+		NULL);
+	assert_int_equal(rc, LDB_SUCCESS);
+	assert_non_null(request);
+	original_request = request;
+
+	rc = ldb_request_add_control(
+		request,
+		DSDB_CONTROL_REPLICATED_UPDATE_OID,
+		false,
+		NULL);
+	assert_int_equal(rc, LDB_SUCCESS);
+
+	rc = unique_object_sids_modify(test_ctx->module, request);
+
+	assert_int_equal(rc, LDB_SUCCESS);
+
+	/*
+	 * Check that a copy of the request was passed to the next module
+	 * and not the original request
+	 */
+	assert_ptr_not_equal(last_request, original_request);
+
+	/*
+	 * Check the flag was set on the request passed to the next
+	 * module
+	 */
+	el = ldb_msg_find_element(last_request->op.add.message, "objectSID");
+	assert_non_null(el);
+	assert_true(el->flags & LDB_FLAG_INTERNAL_FORCE_UNIQUE_INDEX);
+
+	/*
+	 * Check the flag was not  set on the original request
+	 */
+	el = ldb_msg_find_element(request->op.add.message, "objectSID");
+	assert_non_null(el);
+	assert_false(el->flags & LDB_FLAG_INTERNAL_FORCE_UNIQUE_INDEX);
+
+}
+
+/*
+ * Test that a modify with no object SID is passed through correctly
+ *
+ */
+static void test_modify_no_objectSID(void **state)
+{
+	struct ldbtest_ctx *test_ctx =
+		talloc_get_type_abort(*state, struct ldbtest_ctx);
+	struct ldb_context *ldb			= test_ctx->ldb;
+	struct ldb_message *msg			= ldb_msg_new(test_ctx);
+	struct ldb_request *request		= NULL;
+	struct ldb_request *original_request	= NULL;
+	int rc;
+
+	msg->dn = ldb_dn_new(msg, ldb, "dc=test");
+	assert_int_equal(LDB_SUCCESS, ldb_msg_add_string(msg, "cn", "test"));
+
+	rc = ldb_build_mod_req(
+		&request,
+		test_ctx->ldb,
+		test_ctx,
+		msg,
+		NULL,
+		NULL,
+		ldb_op_default_callback,
+		NULL);
+
+	assert_int_equal(rc, LDB_SUCCESS);
+	assert_non_null(request);
+	original_request = request;
+
+	rc = unique_object_sids_modify(test_ctx->module, request);
+	assert_int_equal(rc, LDB_SUCCESS);
+
+	/*
+	 * Check that the original request was passed to the next module
+	 * and not a copy
+	 */
+	assert_ptr_equal(last_request, original_request);
+
+}
+
+int main(void) {
+	const struct CMUnitTest tests[] = {
+		cmocka_unit_test_setup_teardown(
+			test_objectSID_in_domain,
+			setup,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_objectSID_not_in_domain,
+			setup,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_no_objectSID,
+			setup,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_modify_no_objectSID,
+			setup,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_modify_of_objectSID_not_replicated,
+			setup,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_modify_of_objectSID_replicated,
+			setup,
+			teardown),
+	};
+
+	cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
+	return cmocka_run_group_tests(tests, NULL, NULL);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/tombstone_reanimate.c b/source4/dsdb/samdb/ldb_modules/tombstone_reanimate.c
new file mode 100644
index 0000000..99c5955
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/tombstone_reanimate.c
@@ -0,0 +1,423 @@
+/*
+   ldb database library
+
+   Copyright (C) Kamen Mazdrashki <kamenim@samba.org> 2014
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: tombstone_reanimate
+ *
+ *  Component: Handle Tombstone reanimation requests
+ *
+ *  Description:
+ *  	Tombstone reanimation requests are plain ldap modify request like:
+ *  	  dn: CN=tombi 1\0ADEL:e6e17ff7-8986-4cdd-87ad-afb683ccbb89,CN=Deleted Objects,DC=samba4,DC=devel
+ *  	  changetype: modify
+ *  	  delete: isDeleted
+ *  	  -
+ *  	  replace: distinguishedName
+ *  	  distinguishedName: CN=Tombi 1,CN=Users,DC=samba4,DC=devel
+ *  	  -
+ *
+ *	Usually we don't allow distinguishedName modifications (see rdn_name.c)
+ *	Reanimating Tombstones is described here:
+ *	  - http://msdn.microsoft.com/en-us/library/cc223467.aspx
+ *
+ *  Author: Kamen Mazdrashki
+ */
+
+
+#include "includes.h"
+#include "ldb_module.h"
+#include "dsdb/samdb/samdb.h"
+#include "librpc/ndr/libndr.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "libcli/security/security.h"
+#include "auth/auth.h"
+#include "param/param.h"
+#include "../libds/common/flags.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+#include "libds/common/flag_mapping.h"
+
+struct tr_context {
+	struct ldb_module *module;
+
+	struct ldb_request *req;
+	const struct ldb_message *req_msg;
+
+	struct ldb_result *search_res;
+	const struct ldb_message *search_msg;
+
+	struct ldb_message *mod_msg;
+	struct ldb_result *mod_res;
+	struct ldb_request *mod_req;
+
+	struct ldb_dn *rename_dn;
+	struct ldb_result *rename_res;
+	struct ldb_request *rename_req;
+
+	const struct dsdb_schema *schema;
+};
+
+static struct tr_context *tr_init_context(struct ldb_module *module,
+					  struct ldb_request *req)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct tr_context *ac;
+
+	ac = talloc_zero(req, struct tr_context);
+	if (ac == NULL) {
+		ldb_oom(ldb);
+		return NULL;
+	}
+
+	ac->module = module;
+	ac->req = req;
+	ac->req_msg = req->op.mod.message;
+	ac->schema = dsdb_get_schema(ldb, ac);
+
+	return ac;
+}
+
+
+static bool is_tombstone_reanimate_request(struct ldb_request *req,
+					   const struct ldb_message_element **pel_dn)
+{
+	struct ldb_message_element *el_dn;
+	struct ldb_message_element *el_deleted;
+
+	/* check distinguishedName requirement */
+	el_dn = ldb_msg_find_element(req->op.mod.message, "distinguishedName");
+	if (el_dn == NULL) {
+		return false;
+	}
+	if (LDB_FLAG_MOD_TYPE(el_dn->flags) != LDB_FLAG_MOD_REPLACE) {
+		return false;
+	}
+	if (el_dn->num_values != 1) {
+		return false;
+	}
+
+	/* check isDeleted requirement */
+	el_deleted = ldb_msg_find_element(req->op.mod.message, "isDeleted");
+	if (el_deleted == NULL) {
+		return false;
+	}
+
+	if (LDB_FLAG_MOD_TYPE(el_deleted->flags) != LDB_FLAG_MOD_DELETE) {
+		return false;
+	}
+
+	*pel_dn = el_dn;
+	return true;
+}
+
+/**
+ * Local rename implementation based on dsdb_module_rename()
+ * so we could fine tune it and add more controls
+ */
+static int tr_prepare_rename(struct tr_context *ac,
+			     const struct ldb_message_element *new_dn)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+	int ret;
+
+	ac->rename_dn = ldb_dn_from_ldb_val(ac, ldb, &new_dn->values[0]);
+	if (ac->rename_dn == NULL) {
+		return ldb_module_oom(ac->module);
+	}
+
+	ac->rename_res = talloc_zero(ac, struct ldb_result);
+	if (ac->rename_res == NULL) {
+		return ldb_module_oom(ac->module);
+	}
+
+	ret = ldb_build_rename_req(&ac->rename_req, ldb, ac,
+				   ac->req_msg->dn,
+				   ac->rename_dn,
+				   NULL,
+				   ac->rename_res,
+				   ldb_modify_default_callback,
+				   ac->req);
+	LDB_REQ_SET_LOCATION(ac->rename_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return ret;
+}
+
+/**
+ * Local rename implementation based on dsdb_module_modify()
+ * so we could fine tune it and add more controls
+ */
+static int tr_do_down_req(struct tr_context *ac, struct ldb_request *down_req)
+{
+	int ret;
+
+	/* We need this since object is 'delete' atm */
+	ret = ldb_request_add_control(down_req,
+				      LDB_CONTROL_SHOW_DELETED_OID,
+				      false, NULL);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/* mark request as part of Tombstone reanimation */
+	ret = ldb_request_add_control(down_req,
+				      DSDB_CONTROL_RESTORE_TOMBSTONE_OID,
+				      false, NULL);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/* Run request from Next module */
+	ret = ldb_next_request(ac->module, down_req);
+	if (ret == LDB_SUCCESS) {
+		ret = ldb_wait(down_req->handle, LDB_WAIT_ALL);
+	}
+
+	return ret;
+}
+
+static int tr_prepare_attributes(struct tr_context *ac)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+	int ret;
+	struct ldb_message_element *el = NULL;
+	uint32_t account_type, user_account_control;
+	struct ldb_dn *objectcategory = NULL;
+
+	ac->mod_msg = ldb_msg_copy_shallow(ac, ac->req_msg);
+	if (ac->mod_msg == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	ac->mod_res = talloc_zero(ac, struct ldb_result);
+	if (ac->mod_res == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	ret = ldb_build_mod_req(&ac->mod_req, ldb, ac,
+				ac->mod_msg,
+				NULL,
+				ac->mod_res,
+				ldb_modify_default_callback,
+				ac->req);
+	LDB_REQ_SET_LOCATION(ac->mod_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/* - remove distinguishedName - we don't need it */
+	ldb_msg_remove_attr(ac->mod_msg, "distinguishedName");
+
+	/* remove isRecycled */
+	ret = ldb_msg_add_empty(ac->mod_msg, "isRecycled",
+				LDB_FLAG_MOD_DELETE, NULL);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb, "Failed to reset isRecycled attribute: %s", ldb_strerror(ret));
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	/* objectClass is USER */
+	if (samdb_find_attribute(ldb, ac->search_msg, "objectclass", "user") != NULL) {
+		uint32_t primary_group_rid;
+		/* restoring 'user' instance attribute is heavily borrowed from samldb.c */
+
+		/* Default values */
+		ret = dsdb_user_obj_set_defaults(ldb, ac->mod_msg, ac->mod_req);
+		if (ret != LDB_SUCCESS) return ret;
+
+		/* "userAccountControl" must exists on deleted object */
+		user_account_control = ldb_msg_find_attr_as_uint(ac->search_msg,
+							"userAccountControl",
+							(uint32_t)-1);
+		if (user_account_control == (uint32_t)-1) {
+			return ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR,
+					 "reanimate: No 'userAccountControl' attribute found!");
+		}
+
+		/* restore "sAMAccountType" */
+		ret = dsdb_user_obj_set_account_type(ldb, ac->mod_msg,
+						     user_account_control, NULL);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		/* "userAccountControl" -> "primaryGroupID" mapping */
+		ret = dsdb_user_obj_set_primary_group_id(ldb, ac->mod_msg,
+							 user_account_control,
+							 &primary_group_rid);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+		/*
+		 * Older AD deployments don't know about the
+		 * RODC group
+		 */
+		if (primary_group_rid == DOMAIN_RID_READONLY_DCS) {
+			/* TODO:  check group exists */
+		}
+
+	}
+
+	/* objectClass is GROUP */
+	if (samdb_find_attribute(ldb, ac->search_msg, "objectclass", "group") != NULL) {
+		/* "groupType" -> "sAMAccountType" */
+		uint32_t group_type;
+
+		el = ldb_msg_find_element(ac->search_msg, "groupType");
+		if (el == NULL) {
+			return ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR,
+					 "reanimate: Unexpected: missing groupType attribute.");
+		}
+
+		group_type = ldb_msg_find_attr_as_uint(ac->search_msg,
+						       "groupType", 0);
+
+		account_type = ds_gtype2atype(group_type);
+		if (account_type == 0) {
+			return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM,
+					 "reanimate: Unrecognized account type!");
+		}
+		ret = samdb_msg_append_uint(ldb, ac->mod_msg, ac->mod_msg,
+					    "sAMAccountType", account_type,
+					    LDB_FLAG_MOD_REPLACE);
+		if (ret != LDB_SUCCESS) {
+			return ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR,
+					 "reanimate: Failed to add sAMAccountType to restored object.");
+		}
+
+		/* Default values set by Windows */
+		ret = samdb_find_or_add_attribute(ldb, ac->mod_msg,
+						  "adminCount", "0");
+		if (ret != LDB_SUCCESS) return ret;
+		ret = samdb_find_or_add_attribute(ldb, ac->mod_msg,
+						  "operatorCount", "0");
+		if (ret != LDB_SUCCESS) return ret;
+	}
+
+	/* - restore objectCategory if not present */
+	objectcategory = ldb_msg_find_attr_as_dn(ldb, ac, ac->search_msg,
+						 "objectCategory");
+	if (objectcategory == NULL) {
+		const char *value;
+
+		ret = dsdb_make_object_category(ldb, ac->schema, ac->search_msg,
+						ac->mod_msg, &value);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		ret = ldb_msg_append_string(ac->mod_msg, "objectCategory", value,
+					    LDB_FLAG_MOD_ADD);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+
+	return LDB_SUCCESS;
+}
+
+/**
+ * Handle special LDAP modify request to restore deleted objects
+ */
+static int tombstone_reanimate_modify(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	const struct ldb_message_element *el_dn = NULL;
+	struct tr_context *ac = NULL;
+	int ret;
+
+	ldb_debug(ldb, LDB_DEBUG_TRACE, "%s\n", __PRETTY_FUNCTION__);
+
+	/* do not manipulate our control entries */
+	if (ldb_dn_is_special(req->op.mod.message->dn)) {
+		return ldb_next_request(module, req);
+	}
+
+	/* Check if this is a reanimate request */
+	if (!is_tombstone_reanimate_request(req, &el_dn)) {
+		return ldb_next_request(module, req);
+	}
+
+	ac = tr_init_context(module, req);
+	if (ac == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	/* Load original object */
+	ret = dsdb_module_search_dn(module, ac, &ac->search_res,
+				    ac->req_msg->dn, NULL,
+				    DSDB_FLAG_TOP_MODULE |
+				    DSDB_SEARCH_SHOW_DELETED,
+				    req);
+	if (ret != LDB_SUCCESS) {
+		return ldb_operr(ldb);
+	}
+	ac->search_msg = ac->search_res->msgs[0];
+
+	/* check if it a Deleted Object */
+	if (!ldb_msg_find_attr_as_bool(ac->search_msg, "isDeleted", false)) {
+		return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM, "Trying to restore not deleted object\n");
+	}
+
+	/* Simple implementation */
+
+	/* prepare attributed depending on objectClass */
+	ret = tr_prepare_attributes(ac);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/* Rename request to modify distinguishedName */
+	ret = tr_prepare_rename(ac, el_dn);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/* restore attributed depending on objectClass */
+	ret = tr_do_down_req(ac, ac->mod_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/* Rename request to modify distinguishedName */
+	ret = tr_do_down_req(ac, ac->rename_req);
+	if (ret != LDB_SUCCESS) {
+		ldb_debug(ldb, LDB_DEBUG_ERROR, "Renaming object to %s has failed with %s\n", el_dn->values[0].data, ldb_strerror(ret));
+		if (ret != LDB_ERR_ENTRY_ALREADY_EXISTS && ret != LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS ) {
+			/* Windows returns Operations Error in case we can't rename the object */
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+		return ret;
+	}
+
+	return ldb_module_done(ac->req, NULL, NULL, LDB_SUCCESS);
+}
+
+
+static const struct ldb_module_ops ldb_reanimate_module_ops = {
+	.name		= "tombstone_reanimate",
+	.modify		= tombstone_reanimate_modify,
+};
+
+int ldb_tombstone_reanimate_module_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_reanimate_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/unique_object_sids.c b/source4/dsdb/samdb/ldb_modules/unique_object_sids.c
new file mode 100644
index 0000000..f8427bc
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/unique_object_sids.c
@@ -0,0 +1,262 @@
+/*
+   ldb database module to enforce unique local objectSIDs
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2017
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+
+   Duplicate ObjectSIDs are possible on foreign security principals and
+   replication conflict records.  However a duplicate objectSID within
+   the local domainSID is an error.
+
+   As the uniqueness requirement depends on the source domain it is not possible
+   to enforce this with a unique index.
+
+   This module sets the LDB_FLAG_FORCE_UNIQUE_INDEX for objectSIDs in the
+   local domain.
+*/
+
+#include "includes.h"
+#include "ldb_module.h"
+#include "dsdb/samdb/samdb.h"
+#include "libcli/security/dom_sid.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+
+struct private_data {
+	const struct dom_sid *domain_sid;
+};
+
+
+/*
+ * Does the add request contain a local objectSID
+ */
+static bool message_contains_local_objectSID(
+	struct ldb_module *module,
+	const struct ldb_message *msg)
+{
+	struct dom_sid *objectSID	= NULL;
+
+	struct private_data *data =
+		talloc_get_type(
+			ldb_module_get_private(module),
+			struct private_data);
+
+	TALLOC_CTX *frame = talloc_stackframe();
+
+	objectSID = samdb_result_dom_sid(frame, msg, "objectSID");
+	if (objectSID == NULL) {
+		TALLOC_FREE(frame);
+		return false;
+	}
+
+	/*
+	 * data->domain_sid can be NULL but dom_sid_in_domain handles this
+	 * case correctly. See unique_object_sids_init for more details.
+	 */
+	if (!dom_sid_in_domain(data->domain_sid, objectSID)) {
+		TALLOC_FREE(frame);
+		return false;
+	}
+	TALLOC_FREE(frame);
+	return true;
+}
+
+static int flag_objectSID(
+	struct ldb_module *module,
+	struct ldb_request *req,
+	const struct ldb_message *msg,
+	struct ldb_message **new_msg)
+{
+	struct ldb_message_element *el	= NULL;
+
+	*new_msg = ldb_msg_copy_shallow(req, msg);
+	if (!*new_msg) {
+		return ldb_module_oom(module);
+	}
+
+	el = ldb_msg_find_element(*new_msg, "objectSID");
+	if (el == NULL) {
+		struct ldb_context *ldb = NULL;
+		ldb = ldb_module_get_ctx(module);
+		ldb_asprintf_errstring(
+			ldb,
+			"Unable to locate objectSID in copied request\n");
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	el->flags |= LDB_FLAG_INTERNAL_FORCE_UNIQUE_INDEX;
+	return LDB_SUCCESS;
+}
+
+/* add */
+static int unique_object_sids_add(
+	struct ldb_module *module,
+	struct ldb_request *req)
+{
+	const struct ldb_message *msg = req->op.add.message;
+	struct ldb_message *new_msg	= NULL;
+	struct ldb_request *new_req	= NULL;
+	struct ldb_context *ldb		= NULL;
+	int rc;
+
+	if (!message_contains_local_objectSID(module, msg)) {
+		/*
+		 * Request does not contain a local objectSID so chain the
+		 * next module
+		 */
+		return ldb_next_request(module, req);
+	}
+
+	/*
+	 * The add request contains an objectSID for the local domain
+	 */
+
+	rc = flag_objectSID(module, req, msg, &new_msg);
+	if (rc != LDB_SUCCESS) {
+		return rc;
+	}
+
+	ldb = ldb_module_get_ctx(module);
+	rc = ldb_build_add_req(
+		&new_req,
+		ldb,
+		req,
+		new_msg,
+		req->controls,
+		req,
+		dsdb_next_callback,
+		req);
+	if (rc != LDB_SUCCESS) {
+		return rc;
+	}
+
+	return ldb_next_request(module, new_req);
+}
+
+/* modify */
+static int unique_object_sids_modify(
+	struct ldb_module *module,
+	struct ldb_request *req)
+{
+
+	const struct ldb_message *msg	= req->op.mod.message;
+	struct ldb_message *new_msg	= NULL;
+	struct ldb_request *new_req	= NULL;
+	struct ldb_context *ldb		= NULL;
+	int rc;
+
+	if (!message_contains_local_objectSID(module, msg)) {
+		/*
+		 * Request does not contain a local objectSID so chain the
+		 * next module
+		 */
+		return ldb_next_request(module, req);
+	}
+
+	ldb = ldb_module_get_ctx(module);
+
+	/*
+	 * If DSDB_CONTROL_REPLICATED_UPDATE_OID replicated is set we know
+	 * that the modify request is well formed and objectSID only appears
+	 * once.
+	 *
+	 * Enforcing this assumption simplifies the subsequent code.
+	 *
+	 */
+	if(!ldb_request_get_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID)) {
+		ldb_asprintf_errstring(
+			ldb,
+			"Modify of %s rejected, "
+			"as it is modifying an objectSID\n",
+			ldb_dn_get_linearized(msg->dn));
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+
+	rc = flag_objectSID(module, req, msg, &new_msg);
+	if (rc != LDB_SUCCESS) {
+		return rc;
+	}
+
+	ldb = ldb_module_get_ctx(module);
+	rc = ldb_build_mod_req(
+		&new_req,
+		ldb,
+		req,
+		new_msg,
+		req->controls,
+		req,
+		dsdb_next_callback,
+		req);
+	if (rc != LDB_SUCCESS) {
+		return rc;
+	}
+
+	return ldb_next_request(module, new_req);
+}
+
+/* init */
+static int unique_object_sids_init(
+	struct ldb_module *module)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct private_data *data = NULL;
+	int ret;
+
+	ret = ldb_next_init(module);
+
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	data = talloc_zero(module, struct private_data);
+	if (!data) {
+		return ldb_module_oom(module);
+	}
+
+	data->domain_sid = samdb_domain_sid(ldb);
+	if (data->domain_sid == NULL) {
+		/*
+		 * Unable to determine the domainSID, this normally occurs
+		 * when provisioning. As there is no easy way to detect
+		 * that we are provisioning.  We currently just log this as a
+		 * warning.
+		 */
+		ldb_debug(
+			ldb,
+			LDB_DEBUG_WARNING,
+			"Unable to determine the DomainSID, "
+			"can not enforce uniqueness constraint on local "
+			"domainSIDs\n");
+	}
+
+	ldb_module_set_private(module, data);
+
+	return LDB_SUCCESS;
+}
+
+static const struct ldb_module_ops ldb_unique_object_sids_module_ops = {
+	.name		   = "unique_object_sids",
+	.init_context	   = unique_object_sids_init,
+	.add               = unique_object_sids_add,
+	.modify            = unique_object_sids_modify,
+};
+
+int ldb_unique_object_sids_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_unique_object_sids_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/update_keytab.c b/source4/dsdb/samdb/ldb_modules/update_keytab.c
new file mode 100644
index 0000000..780eb81
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/update_keytab.c
@@ -0,0 +1,510 @@
+/* 
+   ldb database library
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2007
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: ldb
+ *
+ *  Component: ldb update_keytabs module
+ *
+ *  Description: Update keytabs whenever their matching secret record changes
+ *
+ *  Author: Andrew Bartlett
+ */
+
+#include "includes.h"
+#include "ldb_module.h"
+#include "lib/util/dlinklist.h"
+#include "auth/credentials/credentials.h"
+#include "auth/credentials/credentials_krb5.h"
+#include "system/kerberos.h"
+#include "auth/kerberos/kerberos.h"
+#include "auth/kerberos/kerberos_srv_keytab.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+#include "param/secrets.h"
+
+struct dn_list {
+	struct ldb_message *msg;
+	bool do_delete;
+	struct dn_list *prev, *next;
+};
+
+struct update_kt_private {
+	struct dn_list *changed_dns;
+};
+
+struct update_kt_ctx {
+	struct ldb_module *module;
+	struct ldb_request *req;
+
+	struct ldb_dn *dn;
+	bool do_delete;
+
+	struct ldb_reply *op_reply;
+	bool found;
+};
+
+static struct update_kt_ctx *update_kt_ctx_init(struct ldb_module *module,
+						struct ldb_request *req)
+{
+	struct update_kt_ctx *ac;
+
+	ac = talloc_zero(req, struct update_kt_ctx);
+	if (ac == NULL) {
+		ldb_oom(ldb_module_get_ctx(module));
+		return NULL;
+	}
+
+	ac->module = module;
+	ac->req = req;
+
+	return ac;
+}
+
+/* FIXME: too many semi-async searches here for my taste, direct and indirect as
+ * cli_credentials_set_secrets() performs a sync ldb search.
+ * Just hope we are lucky and nothing breaks (using the tdb backend masks a lot
+ * of async issues). -SSS
+ */
+static int add_modified(struct ldb_module *module, struct ldb_dn *dn, bool do_delete,
+			struct ldb_request *parent)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct update_kt_private *data = talloc_get_type(ldb_module_get_private(module), struct update_kt_private);
+	struct dn_list *item;
+	char *filter;
+	struct ldb_result *res;
+	int ret;
+
+	filter = talloc_asprintf(data,
+				 "(&(objectClass=kerberosSecret)(privateKeytab=*))");
+	if (!filter) {
+		return ldb_oom(ldb);
+	}
+
+	ret = dsdb_module_search(module, data, &res,
+				 dn, LDB_SCOPE_BASE, NULL,
+				 DSDB_FLAG_NEXT_MODULE, parent,
+				 "%s", filter);
+	talloc_free(filter);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (res->count != 1) {
+		/* if it's not a kerberosSecret then we don't have anything to update */
+		talloc_free(res);
+		return LDB_SUCCESS;
+	}
+
+	item = talloc(data->changed_dns? (void *)data->changed_dns: (void *)data, struct dn_list);
+	if (!item) {
+		talloc_free(res);
+		return ldb_oom(ldb);
+	}
+
+	item->msg = talloc_steal(item, res->msgs[0]);
+	item->do_delete = do_delete;
+	talloc_free(res);
+
+	DLIST_ADD_END(data->changed_dns, item);
+	return LDB_SUCCESS;
+}
+
+static int ukt_search_modified(struct update_kt_ctx *ac);
+
+static int update_kt_op_callback(struct ldb_request *req,
+				 struct ldb_reply *ares)
+{
+	struct ldb_context *ldb;
+	struct update_kt_ctx *ac;
+	int ret;
+
+	ac = talloc_get_type(req->context, struct update_kt_ctx);
+	ldb = ldb_module_get_ctx(ac->module);
+
+	if (!ares) {
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	if (ares->type != LDB_REPLY_DONE) {
+		ldb_set_errstring(ldb, "Invalid request type!\n");
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+
+	if (ac->do_delete) {
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, LDB_SUCCESS);
+	}
+
+	ac->op_reply = talloc_steal(ac, ares);
+
+	ret = ukt_search_modified(ac);
+	if (ret != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, NULL, NULL, ret);
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int ukt_del_op(struct update_kt_ctx *ac)
+{
+	struct ldb_context *ldb;
+	struct ldb_request *down_req;
+	int ret;
+
+	ldb = ldb_module_get_ctx(ac->module);
+
+	ret = ldb_build_del_req(&down_req, ldb, ac,
+				ac->dn,
+				ac->req->controls,
+				ac, update_kt_op_callback,
+				ac->req);
+	LDB_REQ_SET_LOCATION(down_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	return ldb_next_request(ac->module, down_req);
+}
+
+static int ukt_search_modified_callback(struct ldb_request *req,
+					struct ldb_reply *ares)
+{
+	struct update_kt_ctx *ac;
+	int ret;
+
+	ac = talloc_get_type(req->context, struct update_kt_ctx);
+
+	if (!ares) {
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+
+		ac->found = true;
+		break;
+
+	case LDB_REPLY_REFERRAL:
+		/* ignore */
+		break;
+
+	case LDB_REPLY_DONE:
+
+		if (ac->found) {
+			/* do the dirty sync job here :/ */
+			ret = add_modified(ac->module, ac->dn, ac->do_delete, ac->req);
+		}
+
+		if (ac->do_delete) {
+			ret = ukt_del_op(ac);
+			if (ret != LDB_SUCCESS) {
+				return ldb_module_done(ac->req,
+							NULL, NULL, ret);
+			}
+			break;
+		}
+
+		return ldb_module_done(ac->req, ac->op_reply->controls,
+					ac->op_reply->response, LDB_SUCCESS);
+	}
+
+	talloc_free(ares);
+	return LDB_SUCCESS;
+}
+
+static int ukt_search_modified(struct update_kt_ctx *ac)
+{
+	struct ldb_context *ldb;
+	static const char * const no_attrs[] = { NULL };
+	struct ldb_request *search_req;
+	int ret;
+
+	ldb = ldb_module_get_ctx(ac->module);
+
+	ret = ldb_build_search_req(&search_req, ldb, ac,
+				   ac->dn, LDB_SCOPE_BASE,
+				   "(&(objectClass=kerberosSecret)"
+				     "(privateKeytab=*))", no_attrs,
+				   NULL,
+				   ac, ukt_search_modified_callback,
+				   ac->req);
+	LDB_REQ_SET_LOCATION(search_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	return ldb_next_request(ac->module, search_req);
+}
+
+
+/* add */
+static int update_kt_add(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct update_kt_ctx *ac;
+	struct ldb_request *down_req;
+	int ret;
+
+	ldb = ldb_module_get_ctx(module);
+
+	ac = update_kt_ctx_init(module, req);
+	if (ac == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	ac->dn = req->op.add.message->dn;
+
+	ret = ldb_build_add_req(&down_req, ldb, ac,
+				req->op.add.message,
+				req->controls,
+				ac, update_kt_op_callback,
+				req);
+	LDB_REQ_SET_LOCATION(down_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return ldb_next_request(module, down_req);
+}
+
+/* modify */
+static int update_kt_modify(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct update_kt_ctx *ac;
+	struct ldb_request *down_req;
+	int ret;
+
+	ldb = ldb_module_get_ctx(module);
+
+	ac = update_kt_ctx_init(module, req);
+	if (ac == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	ac->dn = req->op.mod.message->dn;
+
+	ret = ldb_build_mod_req(&down_req, ldb, ac,
+				req->op.mod.message,
+				req->controls,
+				ac, update_kt_op_callback,
+				req);
+	LDB_REQ_SET_LOCATION(down_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return ldb_next_request(module, down_req);
+}
+
+/* delete */
+static int update_kt_delete(struct ldb_module *module, struct ldb_request *req)
+{
+	struct update_kt_ctx *ac;
+
+	ac = update_kt_ctx_init(module, req);
+	if (ac == NULL) {
+		return ldb_operr(ldb_module_get_ctx(module));
+	}
+
+	ac->dn = req->op.del.dn;
+	ac->do_delete = true;
+
+	return ukt_search_modified(ac);
+}
+
+/* rename */
+static int update_kt_rename(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct update_kt_ctx *ac;
+	struct ldb_request *down_req;
+	int ret;
+
+	ldb = ldb_module_get_ctx(module);
+
+	ac = update_kt_ctx_init(module, req);
+	if (ac == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	ac->dn = req->op.rename.newdn;
+
+	ret = ldb_build_rename_req(&down_req, ldb, ac,
+				req->op.rename.olddn,
+				req->op.rename.newdn,
+				req->controls,
+				ac, update_kt_op_callback,
+				req);
+	LDB_REQ_SET_LOCATION(down_req);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return ldb_next_request(module, down_req);
+}
+
+/* prepare for a commit */
+static int update_kt_prepare_commit(struct ldb_module *module)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct update_kt_private *data = talloc_get_type(ldb_module_get_private(module), struct update_kt_private);
+	struct dn_list *p;
+	struct smb_krb5_context *smb_krb5_context;
+	int krb5_ret = smb_krb5_init_context(data,
+					     ldb_get_opaque(ldb, "loadparm"),
+					     &smb_krb5_context);
+	TALLOC_CTX *tmp_ctx = NULL;
+
+	if (krb5_ret != 0) {
+		ldb_asprintf_errstring(ldb, "Failed to setup krb5_context: %s", error_message(krb5_ret));
+		goto fail;
+	}
+
+	tmp_ctx = talloc_new(data);
+	if (!tmp_ctx) {
+		ldb_oom(ldb);
+		goto fail;
+	}
+
+	for (p=data->changed_dns; p; p = p->next) {
+		const char *error_string;
+		const char *realm;
+		char *upper_realm;
+		struct ldb_message_element *spn_el = ldb_msg_find_element(p->msg, "servicePrincipalName");
+		const char **SPNs = NULL;
+		int num_SPNs = 0;
+		int i;
+
+		realm = ldb_msg_find_attr_as_string(p->msg, "realm", NULL);
+
+		if (spn_el) {
+			upper_realm = strupper_talloc(tmp_ctx, realm);
+			if (!upper_realm) {
+				ldb_oom(ldb);
+				goto fail;
+			}
+
+			num_SPNs = spn_el->num_values;
+			SPNs = talloc_array(tmp_ctx, const char *, num_SPNs);
+			if (!SPNs) {
+				ldb_oom(ldb);
+				goto fail;
+			}
+			for (i = 0; i < num_SPNs; i++) {
+				SPNs[i] = talloc_asprintf(SPNs, "%*.*s@%s",
+							  (int)spn_el->values[i].length,
+							  (int)spn_el->values[i].length,
+							  (const char *)spn_el->values[i].data,
+							  upper_realm);
+				if (!SPNs[i]) {
+					ldb_oom(ldb);
+					goto fail;
+				}
+			}
+		}
+
+		krb5_ret = smb_krb5_update_keytab(tmp_ctx, smb_krb5_context->krb5_context,
+						  keytab_name_from_msg(tmp_ctx, ldb, p->msg),
+						  ldb_msg_find_attr_as_string(p->msg, "samAccountName", NULL),
+						  realm, SPNs, num_SPNs,
+						  ldb_msg_find_attr_as_string(p->msg, "saltPrincipal", NULL),
+						  ldb_msg_find_attr_as_string(p->msg, "secret", NULL),
+						  ldb_msg_find_attr_as_string(p->msg, "priorSecret", NULL),
+						  ldb_msg_find_attr_as_int(p->msg, "msDS-KeyVersionNumber", 0),
+						  (uint32_t)ldb_msg_find_attr_as_int(p->msg, "msDS-SupportedEncryptionTypes", ENC_ALL_TYPES),
+						  p->do_delete, NULL, &error_string);
+		if (krb5_ret != 0) {
+			ldb_asprintf_errstring(ldb, "Failed to update keytab from entry %s in %s: %s",
+					       ldb_dn_get_linearized(p->msg->dn),
+					       (const char *)ldb_get_opaque(ldb, "ldb_url"),
+					       error_string);
+			goto fail;
+		}
+	}
+
+	talloc_free(data->changed_dns);
+	data->changed_dns = NULL;
+	talloc_free(tmp_ctx);
+
+	return ldb_next_prepare_commit(module);
+
+fail:
+	talloc_free(data->changed_dns);
+	data->changed_dns = NULL;
+	talloc_free(tmp_ctx);
+	return LDB_ERR_OPERATIONS_ERROR;
+}
+
+/* end a transaction */
+static int update_kt_del_trans(struct ldb_module *module)
+{
+	struct update_kt_private *data = talloc_get_type(ldb_module_get_private(module), struct update_kt_private);
+
+	talloc_free(data->changed_dns);
+	data->changed_dns = NULL;
+
+	return ldb_next_del_trans(module);
+}
+
+static int update_kt_init(struct ldb_module *module)
+{
+	struct ldb_context *ldb;
+	struct update_kt_private *data;
+
+	ldb = ldb_module_get_ctx(module);
+
+	data = talloc(module, struct update_kt_private);
+	if (data == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	data->changed_dns = NULL;
+
+	ldb_module_set_private(module, data);
+
+	return ldb_next_init(module);
+}
+
+static const struct ldb_module_ops ldb_update_keytab_module_ops = {
+	.name		   = "update_keytab",
+	.init_context	   = update_kt_init,
+	.add               = update_kt_add,
+	.modify            = update_kt_modify,
+	.rename            = update_kt_rename,
+	.del               = update_kt_delete,
+	.prepare_commit    = update_kt_prepare_commit,
+	.del_transaction   = update_kt_del_trans,
+};
+
+int ldb_update_keytab_module_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_update_keytab_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/util.c b/source4/dsdb/samdb/ldb_modules/util.c
new file mode 100644
index 0000000..0342da3
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/util.c
@@ -0,0 +1,1921 @@
+/*
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+
+   Copyright (C) Andrew Tridgell 2009
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2009
+   Copyright (C) Matthieu Patou <mat@matws.net> 2011
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "ldb.h"
+#include "ldb_module.h"
+#include "librpc/ndr/libndr.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
+#include "libcli/security/security.h"
+
+#undef strcasecmp
+
+/*
+  search for attrs on one DN, in the modules below
+ */
+int dsdb_module_search_dn(struct ldb_module *module,
+			  TALLOC_CTX *mem_ctx,
+			  struct ldb_result **_res,
+			  struct ldb_dn *basedn,
+			  const char * const *attrs,
+			  uint32_t dsdb_flags,
+			  struct ldb_request *parent)
+{
+	int ret;
+	struct ldb_request *req;
+	TALLOC_CTX *tmp_ctx;
+	struct ldb_result *res;
+
+	tmp_ctx = talloc_new(mem_ctx);
+
+	res = talloc_zero(tmp_ctx, struct ldb_result);
+	if (!res) {
+		talloc_free(tmp_ctx);
+		return ldb_oom(ldb_module_get_ctx(module));
+	}
+
+	ret = ldb_build_search_req(&req, ldb_module_get_ctx(module), tmp_ctx,
+				   basedn,
+				   LDB_SCOPE_BASE,
+				   NULL,
+				   attrs,
+				   NULL,
+				   res,
+				   ldb_search_default_callback,
+				   parent);
+	LDB_REQ_SET_LOCATION(req);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	ret = dsdb_request_add_controls(req, dsdb_flags);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	if (dsdb_flags & DSDB_FLAG_TRUSTED) {
+		ldb_req_mark_trusted(req);
+	}
+
+	/* Run the new request */
+	if (dsdb_flags & DSDB_FLAG_NEXT_MODULE) {
+		ret = ldb_next_request(module, req);
+	} else if (dsdb_flags & DSDB_FLAG_TOP_MODULE) {
+		ret = ldb_request(ldb_module_get_ctx(module), req);
+	} else {
+		const struct ldb_module_ops *ops = ldb_module_get_ops(module);
+		SMB_ASSERT(dsdb_flags & DSDB_FLAG_OWN_MODULE);
+		ret = ops->search(module, req);
+	}
+	if (ret == LDB_SUCCESS) {
+		ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+	}
+
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	if (res->count != 1) {
+		/* we may be reading a DB that does not have the 'check base on search' option... */
+		ret = LDB_ERR_NO_SUCH_OBJECT;
+		ldb_asprintf_errstring(ldb_module_get_ctx(module),
+				       "dsdb_module_search_dn: did not find base dn %s (%d results)",
+				       ldb_dn_get_linearized(basedn), res->count);
+	} else {
+		*_res = talloc_steal(mem_ctx, res);
+	}
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+int dsdb_module_search_tree(struct ldb_module *module,
+		       TALLOC_CTX *mem_ctx,
+		       struct ldb_result **_res,
+		       struct ldb_dn *basedn,
+		       enum ldb_scope scope,
+		       struct ldb_parse_tree *tree,
+		       const char * const *attrs,
+		       int dsdb_flags,
+		       struct ldb_request *parent)
+{
+	int ret;
+	struct ldb_request *req;
+	TALLOC_CTX *tmp_ctx;
+	struct ldb_result *res;
+
+	tmp_ctx = talloc_new(mem_ctx);
+
+	/* cross-partitions searches with a basedn break multi-domain support */
+	SMB_ASSERT(basedn == NULL || (dsdb_flags & DSDB_SEARCH_SEARCH_ALL_PARTITIONS) == 0);
+
+	res = talloc_zero(tmp_ctx, struct ldb_result);
+	if (!res) {
+		talloc_free(tmp_ctx);
+		return ldb_oom(ldb_module_get_ctx(module));
+	}
+
+	ret = ldb_build_search_req_ex(&req, ldb_module_get_ctx(module), tmp_ctx,
+				   basedn,
+				   scope,
+				   tree,
+				   attrs,
+				   NULL,
+				   res,
+				   ldb_search_default_callback,
+				   parent);
+	LDB_REQ_SET_LOCATION(req);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	ret = dsdb_request_add_controls(req, dsdb_flags);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	if (dsdb_flags & DSDB_FLAG_TRUSTED) {
+		ldb_req_mark_trusted(req);
+	}
+
+	if (dsdb_flags & DSDB_FLAG_NEXT_MODULE) {
+		ret = ldb_next_request(module, req);
+	} else if (dsdb_flags & DSDB_FLAG_TOP_MODULE) {
+		ret = ldb_request(ldb_module_get_ctx(module), req);
+	} else {
+		const struct ldb_module_ops *ops = ldb_module_get_ops(module);
+		SMB_ASSERT(dsdb_flags & DSDB_FLAG_OWN_MODULE);
+		ret = ops->search(module, req);
+	}
+	if (ret == LDB_SUCCESS) {
+		ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+	}
+
+	if (dsdb_flags & DSDB_SEARCH_ONE_ONLY) {
+		if (res->count == 0) {
+			talloc_free(tmp_ctx);
+			return ldb_error(ldb_module_get_ctx(module), LDB_ERR_NO_SUCH_OBJECT, __func__);
+		}
+		if (res->count != 1) {
+			talloc_free(tmp_ctx);
+			ldb_reset_err_string(ldb_module_get_ctx(module));
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+	}
+
+	talloc_free(req);
+	if (ret == LDB_SUCCESS) {
+		*_res = talloc_steal(mem_ctx, res);
+	}
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+/*
+  search for attrs in the modules below
+ */
+int dsdb_module_search(struct ldb_module *module,
+		       TALLOC_CTX *mem_ctx,
+		       struct ldb_result **_res,
+		       struct ldb_dn *basedn, enum ldb_scope scope,
+		       const char * const *attrs,
+		       int dsdb_flags,
+		       struct ldb_request *parent,
+		       const char *format, ...) _PRINTF_ATTRIBUTE(9, 10)
+{
+	int ret;
+	TALLOC_CTX *tmp_ctx;
+	va_list ap;
+	char *expression;
+	struct ldb_parse_tree *tree;
+
+	/* cross-partitions searches with a basedn break multi-domain support */
+	SMB_ASSERT(basedn == NULL || (dsdb_flags & DSDB_SEARCH_SEARCH_ALL_PARTITIONS) == 0);
+
+	tmp_ctx = talloc_new(mem_ctx);
+
+	if (format) {
+		va_start(ap, format);
+		expression = talloc_vasprintf(tmp_ctx, format, ap);
+		va_end(ap);
+
+		if (!expression) {
+			talloc_free(tmp_ctx);
+			return ldb_oom(ldb_module_get_ctx(module));
+		}
+	} else {
+		expression = NULL;
+	}
+
+	tree = ldb_parse_tree(tmp_ctx, expression);
+	if (tree == NULL) {
+		talloc_free(tmp_ctx);
+		ldb_set_errstring(ldb_module_get_ctx(module),
+				"Unable to parse search expression");
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	ret = dsdb_module_search_tree(module,
+		       mem_ctx,
+		       _res,
+		       basedn,
+		       scope,
+		       tree,
+		       attrs,
+		       dsdb_flags,
+		       parent);
+
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+/*
+  find an object given a GUID. This searches across all partitions
+ */
+int dsdb_module_obj_by_guid(struct ldb_module *module,
+			    TALLOC_CTX *mem_ctx,
+			    struct ldb_message **_msg,
+			    const struct GUID *guid,
+			    const char * const *attrs,
+			    struct ldb_request *parent)
+{
+	struct ldb_result *res;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	int ret;
+
+	ret = dsdb_module_search(module, tmp_ctx, &res, NULL, LDB_SCOPE_SUBTREE,
+				 attrs,
+				 DSDB_FLAG_NEXT_MODULE |
+				 DSDB_SEARCH_SHOW_RECYCLED |
+				 DSDB_SEARCH_SEARCH_ALL_PARTITIONS |
+				 DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT,
+				 parent,
+				 "objectGUID=%s", GUID_string(tmp_ctx, guid));
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+	if (res->count == 0) {
+		talloc_free(tmp_ctx);
+		return ldb_error(ldb_module_get_ctx(module), LDB_ERR_NO_SUCH_OBJECT, __func__);
+	}
+	if (res->count != 1) {
+		ldb_asprintf_errstring(ldb_module_get_ctx(module), "More than one object found matching objectGUID %s\n",
+				       GUID_string(tmp_ctx, guid));
+		talloc_free(tmp_ctx);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	*_msg = talloc_steal(mem_ctx, res->msgs[0]);
+
+	talloc_free(tmp_ctx);
+	return LDB_SUCCESS;
+}
+
+/*
+  find a DN given a GUID. This searches across all partitions
+ */
+int dsdb_module_dn_by_guid(struct ldb_module *module, TALLOC_CTX *mem_ctx,
+			   const struct GUID *guid, struct ldb_dn **dn,
+			   struct ldb_request *parent)
+{
+	struct ldb_message *msg = NULL;
+	static const char * const attrs[] = { NULL };
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	int ret;
+
+	ret = dsdb_module_obj_by_guid(module,
+				      tmp_ctx,
+				      &msg,
+				      guid,
+				      attrs,
+				      parent);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	*dn = talloc_steal(mem_ctx, msg->dn);
+
+	talloc_free(tmp_ctx);
+	return LDB_SUCCESS;
+}
+
+/*
+  find a GUID given a DN.
+ */
+int dsdb_module_guid_by_dn(struct ldb_module *module, struct ldb_dn *dn, struct GUID *guid,
+			   struct ldb_request *parent)
+{
+	static const char * const attrs[] = { NULL };
+	struct ldb_result *res;
+	TALLOC_CTX *tmp_ctx = talloc_new(module);
+	int ret;
+	NTSTATUS status;
+
+	ret = dsdb_module_search_dn(module, tmp_ctx, &res, dn, attrs,
+	                            DSDB_FLAG_NEXT_MODULE |
+	                            DSDB_SEARCH_SHOW_RECYCLED |
+				    DSDB_SEARCH_SHOW_EXTENDED_DN,
+				    parent);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb_module_get_ctx(module), "Failed to find GUID for %s",
+				       ldb_dn_get_linearized(dn));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	status = dsdb_get_extended_dn_guid(res->msgs[0]->dn, guid, "GUID");
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(tmp_ctx);
+		return ldb_operr(ldb_module_get_ctx(module));
+	}
+
+	talloc_free(tmp_ctx);
+	return LDB_SUCCESS;
+}
+
+
+/*
+  a ldb_extended request operating on modules below the
+  current module
+
+  Note that this does not automatically start a transaction. If you
+  need a transaction the caller needs to start it as needed.
+ */
+int dsdb_module_extended(struct ldb_module *module,
+			 TALLOC_CTX *mem_ctx,
+			 struct ldb_result **_res,
+			 const char* oid, void* data,
+			 uint32_t dsdb_flags,
+			 struct ldb_request *parent)
+{
+	struct ldb_request *req;
+	int ret;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	TALLOC_CTX *tmp_ctx = talloc_new(module);
+	struct ldb_result *res;
+
+	if (_res != NULL) {
+		(*_res) = NULL;
+	}
+
+	res = talloc_zero(tmp_ctx, struct ldb_result);
+	if (!res) {
+		talloc_free(tmp_ctx);
+		return ldb_oom(ldb_module_get_ctx(module));
+	}
+
+	ret = ldb_build_extended_req(&req, ldb,
+			tmp_ctx,
+			oid,
+			data,
+			NULL,
+			res, ldb_extended_default_callback,
+			parent);
+
+	LDB_REQ_SET_LOCATION(req);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	ret = dsdb_request_add_controls(req, dsdb_flags);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	if (dsdb_flags & DSDB_FLAG_TRUSTED) {
+		ldb_req_mark_trusted(req);
+	}
+
+	/* Run the new request */
+	if (dsdb_flags & DSDB_FLAG_NEXT_MODULE) {
+		ret = ldb_next_request(module, req);
+	} else if (dsdb_flags & DSDB_FLAG_TOP_MODULE) {
+		ret = ldb_request(ldb_module_get_ctx(module), req);
+	} else {
+		const struct ldb_module_ops *ops = ldb_module_get_ops(module);
+		SMB_ASSERT(dsdb_flags & DSDB_FLAG_OWN_MODULE);
+		ret = ops->extended(module, req);
+	}
+	if (ret == LDB_SUCCESS) {
+		ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+	}
+
+	if (_res != NULL && ret == LDB_SUCCESS) {
+		(*_res) = talloc_steal(mem_ctx, res);
+	}
+
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+
+/*
+  a ldb_modify request operating on modules below the
+  current module
+ */
+int dsdb_module_modify(struct ldb_module *module,
+		       const struct ldb_message *message,
+		       uint32_t dsdb_flags,
+		       struct ldb_request *parent)
+{
+	struct ldb_request *mod_req;
+	int ret;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	TALLOC_CTX *tmp_ctx = talloc_new(module);
+	struct ldb_result *res;
+
+	res = talloc_zero(tmp_ctx, struct ldb_result);
+	if (!res) {
+		talloc_free(tmp_ctx);
+		return ldb_oom(ldb_module_get_ctx(module));
+	}
+
+	ret = ldb_build_mod_req(&mod_req, ldb, tmp_ctx,
+				message,
+				NULL,
+				res,
+				ldb_modify_default_callback,
+				parent);
+	LDB_REQ_SET_LOCATION(mod_req);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	ret = dsdb_request_add_controls(mod_req, dsdb_flags);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	if (dsdb_flags & DSDB_FLAG_TRUSTED) {
+		ldb_req_mark_trusted(mod_req);
+	}
+
+	/* Run the new request */
+	if (dsdb_flags & DSDB_FLAG_NEXT_MODULE) {
+		ret = ldb_next_request(module, mod_req);
+	} else if (dsdb_flags & DSDB_FLAG_TOP_MODULE) {
+		ret = ldb_request(ldb_module_get_ctx(module), mod_req);
+	} else {
+		const struct ldb_module_ops *ops = ldb_module_get_ops(module);
+		SMB_ASSERT(dsdb_flags & DSDB_FLAG_OWN_MODULE);
+		ret = ops->modify(module, mod_req);
+	}
+	if (ret == LDB_SUCCESS) {
+		ret = ldb_wait(mod_req->handle, LDB_WAIT_ALL);
+	}
+
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+
+
+/*
+  a ldb_rename request operating on modules below the
+  current module
+ */
+int dsdb_module_rename(struct ldb_module *module,
+		       struct ldb_dn *olddn, struct ldb_dn *newdn,
+		       uint32_t dsdb_flags,
+		       struct ldb_request *parent)
+{
+	struct ldb_request *req;
+	int ret;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	TALLOC_CTX *tmp_ctx = talloc_new(module);
+	struct ldb_result *res;
+
+	res = talloc_zero(tmp_ctx, struct ldb_result);
+	if (!res) {
+		talloc_free(tmp_ctx);
+		return ldb_oom(ldb_module_get_ctx(module));
+	}
+
+	ret = ldb_build_rename_req(&req, ldb, tmp_ctx,
+				   olddn,
+				   newdn,
+				   NULL,
+				   res,
+				   ldb_modify_default_callback,
+				   parent);
+	LDB_REQ_SET_LOCATION(req);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	ret = dsdb_request_add_controls(req, dsdb_flags);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	if (dsdb_flags & DSDB_FLAG_TRUSTED) {
+		ldb_req_mark_trusted(req);
+	}
+
+	/* Run the new request */
+	if (dsdb_flags & DSDB_FLAG_NEXT_MODULE) {
+		ret = ldb_next_request(module, req);
+	} else if (dsdb_flags & DSDB_FLAG_TOP_MODULE) {
+		ret = ldb_request(ldb_module_get_ctx(module), req);
+	} else {
+		const struct ldb_module_ops *ops = ldb_module_get_ops(module);
+		SMB_ASSERT(dsdb_flags & DSDB_FLAG_OWN_MODULE);
+		ret = ops->rename(module, req);
+	}
+	if (ret == LDB_SUCCESS) {
+		ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+	}
+
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+/*
+  a ldb_add request operating on modules below the
+  current module
+ */
+int dsdb_module_add(struct ldb_module *module,
+		    const struct ldb_message *message,
+		    uint32_t dsdb_flags,
+		    struct ldb_request *parent)
+{
+	struct ldb_request *req;
+	int ret;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	TALLOC_CTX *tmp_ctx = talloc_new(module);
+	struct ldb_result *res;
+
+	res = talloc_zero(tmp_ctx, struct ldb_result);
+	if (!res) {
+		talloc_free(tmp_ctx);
+		return ldb_oom(ldb_module_get_ctx(module));
+	}
+
+	ret = ldb_build_add_req(&req, ldb, tmp_ctx,
+				message,
+				NULL,
+				res,
+				ldb_modify_default_callback,
+				parent);
+	LDB_REQ_SET_LOCATION(req);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	ret = dsdb_request_add_controls(req, dsdb_flags);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	if (dsdb_flags & DSDB_FLAG_TRUSTED) {
+		ldb_req_mark_trusted(req);
+	}
+
+	/* Run the new request */
+	if (dsdb_flags & DSDB_FLAG_NEXT_MODULE) {
+		ret = ldb_next_request(module, req);
+	} else if (dsdb_flags & DSDB_FLAG_TOP_MODULE) {
+		ret = ldb_request(ldb_module_get_ctx(module), req);
+	} else {
+		const struct ldb_module_ops *ops = ldb_module_get_ops(module);
+		SMB_ASSERT(dsdb_flags & DSDB_FLAG_OWN_MODULE);
+		ret = ops->add(module, req);
+	}
+	if (ret == LDB_SUCCESS) {
+		ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+	}
+
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+/*
+  a ldb_delete request operating on modules below the
+  current module
+ */
+int dsdb_module_del(struct ldb_module *module,
+		    struct ldb_dn *dn,
+		    uint32_t dsdb_flags,
+		    struct ldb_request *parent)
+{
+	struct ldb_request *req;
+	int ret;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	TALLOC_CTX *tmp_ctx = talloc_new(module);
+	struct ldb_result *res;
+
+	res = talloc_zero(tmp_ctx, struct ldb_result);
+	if (!res) {
+		talloc_free(tmp_ctx);
+		return ldb_oom(ldb);
+	}
+
+	ret = ldb_build_del_req(&req, ldb, tmp_ctx,
+				dn,
+				NULL,
+				res,
+				ldb_modify_default_callback,
+				parent);
+	LDB_REQ_SET_LOCATION(req);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	ret = dsdb_request_add_controls(req, dsdb_flags);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	if (dsdb_flags & DSDB_FLAG_TRUSTED) {
+		ldb_req_mark_trusted(req);
+	}
+
+	/* Run the new request */
+	if (dsdb_flags & DSDB_FLAG_NEXT_MODULE) {
+		ret = ldb_next_request(module, req);
+	} else if (dsdb_flags & DSDB_FLAG_TOP_MODULE) {
+		ret = ldb_request(ldb_module_get_ctx(module), req);
+	} else {
+		const struct ldb_module_ops *ops = ldb_module_get_ops(module);
+		SMB_ASSERT(dsdb_flags & DSDB_FLAG_OWN_MODULE);
+		ret = ops->del(module, req);
+	}
+	if (ret == LDB_SUCCESS) {
+		ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+	}
+
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+/*
+  check if a single valued link has multiple non-deleted values
+
+  This is needed when we will be using the RELAX control to stop
+  ldb_tdb from checking single valued links
+ */
+int dsdb_check_single_valued_link(const struct dsdb_attribute *attr,
+				  const struct ldb_message_element *el)
+{
+	bool found_active = false;
+	unsigned int i;
+
+	if (!(attr->ldb_schema_attribute->flags & LDB_ATTR_FLAG_SINGLE_VALUE) ||
+	    el->num_values < 2) {
+		return LDB_SUCCESS;
+	}
+
+	for (i=0; i<el->num_values; i++) {
+		if (!dsdb_dn_is_deleted_val(&el->values[i])) {
+			if (found_active) {
+				return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS;
+			}
+			found_active = true;
+		}
+	}
+
+	return LDB_SUCCESS;
+}
+
+
+int dsdb_check_samba_compatible_feature(struct ldb_module *module,
+					const char *feature,
+					bool *found)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct ldb_result *res;
+	static const char * const samba_dsdb_attrs[] = {
+		SAMBA_COMPATIBLE_FEATURES_ATTR,
+		NULL
+	};
+	int ret;
+	struct ldb_dn *samba_dsdb_dn = NULL;
+	TALLOC_CTX *tmp_ctx = talloc_new(ldb);
+	if (tmp_ctx == NULL) {
+		*found = false;
+		return ldb_oom(ldb);
+	}
+	*found = false;
+
+	samba_dsdb_dn = ldb_dn_new(tmp_ctx, ldb, "@SAMBA_DSDB");
+	if (samba_dsdb_dn == NULL) {
+		TALLOC_FREE(tmp_ctx);
+		return ldb_oom(ldb);
+	}
+
+	ret = dsdb_module_search_dn(module,
+				    tmp_ctx,
+				    &res,
+				    samba_dsdb_dn,
+				    samba_dsdb_attrs,
+				    DSDB_FLAG_NEXT_MODULE,
+				    NULL);
+	if (ret == LDB_SUCCESS) {
+		*found = ldb_msg_check_string_attribute(
+			res->msgs[0],
+			SAMBA_COMPATIBLE_FEATURES_ATTR,
+			feature);
+	} else if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+		/* it is not an error not to find it */
+		ret = LDB_SUCCESS;
+	}
+	TALLOC_FREE(tmp_ctx);
+	return ret;
+}
+
+
+/*
+  check if an optional feature is enabled on our own NTDS DN
+
+  Note that features can be marked as enabled in more than one
+  place. For example, the recyclebin feature is marked as enabled both
+  on the CN=Partitions,CN=Configuration object and on the NTDS DN of
+  each DC in the forest. It seems likely that it is the job of the KCC
+  to propagate between the two
+ */
+int dsdb_check_optional_feature(struct ldb_module *module, struct GUID op_feature_guid, bool *feature_enabled)
+{
+	TALLOC_CTX *tmp_ctx;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct ldb_result *res;
+	struct ldb_dn *search_dn;
+	struct GUID search_guid;
+	static const char * const attrs[] = {"msDS-EnabledFeature", NULL};
+	int ret;
+	unsigned int i;
+	struct ldb_message_element *el;
+	struct ldb_dn *feature_dn;
+
+	tmp_ctx = talloc_new(ldb);
+
+	feature_dn = samdb_ntds_settings_dn(ldb_module_get_ctx(module), tmp_ctx);
+	if (feature_dn == NULL) {
+		talloc_free(tmp_ctx);
+		return ldb_operr(ldb_module_get_ctx(module));
+	}
+
+	*feature_enabled = false;
+
+	ret = dsdb_module_search_dn(module, tmp_ctx, &res, feature_dn, attrs, DSDB_FLAG_NEXT_MODULE, NULL);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb,
+				"Could not find the feature object - dn: %s\n",
+				ldb_dn_get_linearized(feature_dn));
+		talloc_free(tmp_ctx);
+		return LDB_ERR_NO_SUCH_OBJECT;
+	}
+	if (res->msgs[0]->num_elements > 0) {
+		static const char * const attrs2[] = {"msDS-OptionalFeatureGUID", NULL};
+
+		el = ldb_msg_find_element(res->msgs[0],"msDS-EnabledFeature");
+
+		for (i=0; i<el->num_values; i++) {
+			search_dn = ldb_dn_from_ldb_val(tmp_ctx, ldb, &el->values[i]);
+
+			ret = dsdb_module_search_dn(module, tmp_ctx, &res,
+						    search_dn, attrs2, DSDB_FLAG_NEXT_MODULE, NULL);
+			if (ret != LDB_SUCCESS) {
+				ldb_asprintf_errstring(ldb,
+						"Could no find object dn: %s\n",
+						ldb_dn_get_linearized(search_dn));
+				talloc_free(tmp_ctx);
+				return LDB_ERR_OPERATIONS_ERROR;
+			}
+
+			search_guid = samdb_result_guid(res->msgs[0], "msDS-OptionalFeatureGUID");
+
+			if (GUID_equal(&search_guid, &op_feature_guid)) {
+				*feature_enabled = true;
+				break;
+			}
+		}
+	}
+	talloc_free(tmp_ctx);
+	return LDB_SUCCESS;
+}
+
+/*
+  find the NTDS GUID from a computers DN record
+ */
+int dsdb_module_find_ntdsguid_for_computer(struct ldb_module *module,
+					   TALLOC_CTX *mem_ctx,
+					   struct ldb_dn *computer_dn,
+					   struct GUID *ntds_guid,
+					   struct ldb_request *parent)
+{
+	int ret;
+	struct ldb_dn *dn;
+
+	*ntds_guid = GUID_zero();
+
+	ret = dsdb_module_reference_dn(module, mem_ctx, computer_dn,
+				       "serverReferenceBL", &dn, parent);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (!ldb_dn_add_child_fmt(dn, "CN=NTDS Settings")) {
+		talloc_free(dn);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	ret = dsdb_module_guid_by_dn(module, dn, ntds_guid, parent);
+	talloc_free(dn);
+	return ret;
+}
+
+/*
+  find a 'reference' DN that points at another object
+  (eg. serverReference, rIDManagerReference etc)
+ */
+int dsdb_module_reference_dn(struct ldb_module *module, TALLOC_CTX *mem_ctx, struct ldb_dn *base,
+			     const char *attribute, struct ldb_dn **dn, struct ldb_request *parent)
+{
+	const char *attrs[2];
+	struct ldb_result *res;
+	int ret;
+
+	attrs[0] = attribute;
+	attrs[1] = NULL;
+
+	ret = dsdb_module_search_dn(module, mem_ctx, &res, base, attrs,
+	                            DSDB_FLAG_NEXT_MODULE | DSDB_SEARCH_SHOW_EXTENDED_DN, parent);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	*dn = ldb_msg_find_attr_as_dn(ldb_module_get_ctx(module),
+				      mem_ctx, res->msgs[0], attribute);
+	if (!*dn) {
+		ldb_reset_err_string(ldb_module_get_ctx(module));
+		talloc_free(res);
+		return LDB_ERR_NO_SUCH_ATTRIBUTE;
+	}
+
+	talloc_free(res);
+	return LDB_SUCCESS;
+}
+
+/*
+  find the RID Manager$ DN via the rIDManagerReference attribute in the
+  base DN
+ */
+int dsdb_module_rid_manager_dn(struct ldb_module *module, TALLOC_CTX *mem_ctx, struct ldb_dn **dn,
+			       struct ldb_request *parent)
+{
+	return dsdb_module_reference_dn(module, mem_ctx,
+					ldb_get_default_basedn(ldb_module_get_ctx(module)),
+					"rIDManagerReference", dn, parent);
+}
+
+/*
+  used to chain to the callers callback
+ */
+int dsdb_next_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	struct ldb_request *up_req = talloc_get_type(req->context, struct ldb_request);
+
+	if (!ares) {
+		return ldb_module_done(up_req, NULL, NULL,
+				       LDB_ERR_OPERATIONS_ERROR);
+	}
+
+	if (ares->error != LDB_SUCCESS || ares->type == LDB_REPLY_DONE) {
+		return ldb_module_done(up_req, ares->controls,
+				       ares->response, ares->error);
+	}
+
+	/* Otherwise pass on the callback */
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+		return ldb_module_send_entry(up_req, ares->message,
+					     ares->controls);
+
+	case LDB_REPLY_REFERRAL:
+		return ldb_module_send_referral(up_req,
+						ares->referral);
+	default:
+		/* Can't happen */
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+}
+
+/*
+  load the uSNHighest and the uSNUrgent attributes from the @REPLCHANGED
+  object for a partition
+ */
+int dsdb_module_load_partition_usn(struct ldb_module *module, struct ldb_dn *dn,
+				   uint64_t *uSN, uint64_t *urgent_uSN, struct ldb_request *parent)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct ldb_request *req;
+	int ret;
+	TALLOC_CTX *tmp_ctx = talloc_new(module);
+	struct dsdb_control_current_partition *p_ctrl;
+	struct ldb_result *res;
+
+	res = talloc_zero(tmp_ctx, struct ldb_result);
+	if (!res) {
+		talloc_free(tmp_ctx);
+		return ldb_module_oom(module);
+	}
+
+	ret = ldb_build_search_req(&req, ldb, tmp_ctx,
+				   ldb_dn_new(tmp_ctx, ldb, "@REPLCHANGED"),
+				   LDB_SCOPE_BASE,
+				   NULL, NULL,
+				   NULL,
+				   res, ldb_search_default_callback,
+				   parent);
+	LDB_REQ_SET_LOCATION(req);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	p_ctrl = talloc(req, struct dsdb_control_current_partition);
+	if (p_ctrl == NULL) {
+		talloc_free(tmp_ctx);
+		return ldb_module_oom(module);
+	}
+	p_ctrl->version = DSDB_CONTROL_CURRENT_PARTITION_VERSION;
+	p_ctrl->dn = dn;
+
+
+	ret = ldb_request_add_control(req,
+				      DSDB_CONTROL_CURRENT_PARTITION_OID,
+				      false, p_ctrl);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	/* Run the new request */
+	ret = ldb_next_request(module, req);
+
+	if (ret == LDB_SUCCESS) {
+		ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+	}
+
+	if (ret == LDB_ERR_NO_SUCH_OBJECT || ret == LDB_ERR_INVALID_DN_SYNTAX) {
+		/* it hasn't been created yet, which means
+		   an implicit value of zero */
+		*uSN = 0;
+		talloc_free(tmp_ctx);
+		ldb_reset_err_string(ldb);
+		return LDB_SUCCESS;
+	}
+
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	if (res->count != 1) {
+		*uSN = 0;
+		if (urgent_uSN) {
+			*urgent_uSN = 0;
+		}
+	} else {
+		*uSN = ldb_msg_find_attr_as_uint64(res->msgs[0], "uSNHighest", 0);
+		if (urgent_uSN) {
+			*urgent_uSN = ldb_msg_find_attr_as_uint64(res->msgs[0], "uSNUrgent", 0);
+		}
+	}
+
+	talloc_free(tmp_ctx);
+
+	return LDB_SUCCESS;
+}
+
+/*
+  save uSNHighest and uSNUrgent attributes in the @REPLCHANGED object for a
+  partition
+ */
+int dsdb_module_save_partition_usn(struct ldb_module *module, struct ldb_dn *dn,
+				   uint64_t uSN, uint64_t urgent_uSN,
+				   struct ldb_request *parent)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct ldb_request *req;
+	struct ldb_message *msg;
+	struct dsdb_control_current_partition *p_ctrl;
+	int ret;
+	struct ldb_result *res;
+
+	msg = ldb_msg_new(module);
+	if (msg == NULL) {
+		return ldb_module_oom(module);
+	}
+
+	msg->dn = ldb_dn_new(msg, ldb, "@REPLCHANGED");
+	if (msg->dn == NULL) {
+		talloc_free(msg);
+		return ldb_operr(ldb_module_get_ctx(module));
+	}
+
+	res = talloc_zero(msg, struct ldb_result);
+	if (!res) {
+		talloc_free(msg);
+		return ldb_module_oom(module);
+	}
+
+	ret = samdb_msg_add_uint64(ldb, msg, msg, "uSNHighest", uSN);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(msg);
+		return ret;
+	}
+	msg->elements[0].flags = LDB_FLAG_MOD_REPLACE;
+
+	/* urgent_uSN is optional so may not be stored */
+	if (urgent_uSN) {
+		ret = samdb_msg_add_uint64(ldb, msg, msg, "uSNUrgent",
+					   urgent_uSN);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(msg);
+			return ret;
+		}
+		msg->elements[1].flags = LDB_FLAG_MOD_REPLACE;
+	}
+
+
+	p_ctrl = talloc(msg, struct dsdb_control_current_partition);
+	if (p_ctrl == NULL) {
+		talloc_free(msg);
+		return ldb_oom(ldb);
+	}
+	p_ctrl->version = DSDB_CONTROL_CURRENT_PARTITION_VERSION;
+	p_ctrl->dn = dn;
+	ret = ldb_build_mod_req(&req, ldb, msg,
+				msg,
+				NULL,
+				res,
+				ldb_modify_default_callback,
+				parent);
+	LDB_REQ_SET_LOCATION(req);
+again:
+	if (ret != LDB_SUCCESS) {
+		talloc_free(msg);
+		return ret;
+	}
+
+	ret = ldb_request_add_control(req,
+				      DSDB_CONTROL_CURRENT_PARTITION_OID,
+				      false, p_ctrl);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(msg);
+		return ret;
+	}
+
+	/* Run the new request */
+	ret = ldb_next_request(module, req);
+
+	if (ret == LDB_SUCCESS) {
+		ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+	}
+	if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+		ret = ldb_build_add_req(&req, ldb, msg,
+					msg,
+					NULL,
+					res,
+					ldb_modify_default_callback,
+					parent);
+		LDB_REQ_SET_LOCATION(req);
+		goto again;
+	}
+
+	talloc_free(msg);
+
+	return ret;
+}
+
+bool dsdb_module_am_system(struct ldb_module *module)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct auth_session_info *session_info
+		= talloc_get_type(
+			ldb_get_opaque(ldb, DSDB_SESSION_INFO),
+			struct auth_session_info);
+	return security_session_user_level(session_info, NULL) == SECURITY_SYSTEM;
+}
+
+bool dsdb_module_am_administrator(struct ldb_module *module)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct auth_session_info *session_info
+		= talloc_get_type(
+			ldb_get_opaque(ldb, DSDB_SESSION_INFO),
+			struct auth_session_info);
+	return security_session_user_level(session_info, NULL) == SECURITY_ADMINISTRATOR;
+}
+
+/*
+  check if the recyclebin is enabled
+ */
+int dsdb_recyclebin_enabled(struct ldb_module *module, bool *enabled)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct GUID recyclebin_guid;
+	int ret;
+
+	GUID_from_string(DS_GUID_FEATURE_RECYCLE_BIN, &recyclebin_guid);
+
+	ret = dsdb_check_optional_feature(module, recyclebin_guid, enabled);
+	if (ret != LDB_SUCCESS) {
+		ldb_asprintf_errstring(ldb, "Could not verify if Recycle Bin is enabled \n");
+		return ret;
+	}
+
+	return LDB_SUCCESS;
+}
+
+int dsdb_msg_constrainted_update_int32(struct ldb_module *module,
+				       struct ldb_message *msg,
+				       const char *attr,
+				       const int32_t *old_val,
+				       const int32_t *new_val)
+{
+	struct ldb_message_element *el;
+	int ret;
+	char *vstring;
+
+	if (old_val) {
+		ret = ldb_msg_add_empty(msg, attr, LDB_FLAG_MOD_DELETE, &el);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+		el->num_values = 1;
+		el->values = talloc_array(msg, struct ldb_val, el->num_values);
+		if (!el->values) {
+			return ldb_module_oom(module);
+		}
+		vstring = talloc_asprintf(el->values, "%ld", (long)*old_val);
+		if (!vstring) {
+			return ldb_module_oom(module);
+		}
+		*el->values = data_blob_string_const(vstring);
+	}
+
+	if (new_val) {
+		ret = ldb_msg_add_empty(msg, attr, LDB_FLAG_MOD_ADD, &el);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+		el->num_values = 1;
+		el->values = talloc_array(msg, struct ldb_val, el->num_values);
+		if (!el->values) {
+			return ldb_module_oom(module);
+		}
+		vstring = talloc_asprintf(el->values, "%ld", (long)*new_val);
+		if (!vstring) {
+			return ldb_module_oom(module);
+		}
+		*el->values = data_blob_string_const(vstring);
+	}
+
+	return LDB_SUCCESS;
+}
+
+int dsdb_msg_constrainted_update_uint32(struct ldb_module *module,
+					struct ldb_message *msg,
+					const char *attr,
+					const uint32_t *old_val,
+					const uint32_t *new_val)
+{
+	return dsdb_msg_constrainted_update_int32(module, msg, attr,
+						  (const int32_t *)old_val,
+						  (const int32_t *)new_val);
+}
+
+int dsdb_msg_constrainted_update_int64(struct ldb_module *module,
+				       struct ldb_message *msg,
+				       const char *attr,
+				       const int64_t *old_val,
+				       const int64_t *new_val)
+{
+	struct ldb_message_element *el;
+	int ret;
+	char *vstring;
+
+	if (old_val) {
+		ret = ldb_msg_add_empty(msg, attr, LDB_FLAG_MOD_DELETE, &el);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+		el->num_values = 1;
+		el->values = talloc_array(msg, struct ldb_val, el->num_values);
+		if (!el->values) {
+			return ldb_module_oom(module);
+		}
+		vstring = talloc_asprintf(el->values, "%lld", (long long)*old_val);
+		if (!vstring) {
+			return ldb_module_oom(module);
+		}
+		*el->values = data_blob_string_const(vstring);
+	}
+
+	if (new_val) {
+		ret = ldb_msg_add_empty(msg, attr, LDB_FLAG_MOD_ADD, &el);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+		el->num_values = 1;
+		el->values = talloc_array(msg, struct ldb_val, el->num_values);
+		if (!el->values) {
+			return ldb_module_oom(module);
+		}
+		vstring = talloc_asprintf(el->values, "%lld", (long long)*new_val);
+		if (!vstring) {
+			return ldb_module_oom(module);
+		}
+		*el->values = data_blob_string_const(vstring);
+	}
+
+	return LDB_SUCCESS;
+}
+
+int dsdb_msg_constrainted_update_uint64(struct ldb_module *module,
+					struct ldb_message *msg,
+					const char *attr,
+					const uint64_t *old_val,
+					const uint64_t *new_val)
+{
+	return dsdb_msg_constrainted_update_int64(module, msg, attr,
+						  (const int64_t *)old_val,
+						  (const int64_t *)new_val);
+}
+
+/*
+  update an int32 attribute safely via a constrained delete/add
+ */
+int dsdb_module_constrainted_update_int32(struct ldb_module *module,
+					  struct ldb_dn *dn,
+					  const char *attr,
+					  const int32_t *old_val,
+					  const int32_t *new_val,
+					  struct ldb_request *parent)
+{
+	struct ldb_message *msg;
+	int ret;
+
+	msg = ldb_msg_new(module);
+	if (msg == NULL) {
+		return ldb_module_oom(module);
+	}
+	msg->dn = dn;
+
+	ret = dsdb_msg_constrainted_update_int32(module,
+						 msg, attr,
+						 old_val,
+						 new_val);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(msg);
+		return ret;
+	}
+
+	ret = dsdb_module_modify(module, msg, DSDB_FLAG_NEXT_MODULE, parent);
+	talloc_free(msg);
+	return ret;
+}
+
+int dsdb_module_constrainted_update_uint32(struct ldb_module *module,
+					   struct ldb_dn *dn,
+					   const char *attr,
+					   const uint32_t *old_val,
+					   const uint32_t *new_val,
+					   struct ldb_request *parent)
+{
+	return dsdb_module_constrainted_update_int32(module, dn, attr,
+						     (const int32_t *)old_val,
+						     (const int32_t *)new_val, parent);
+}
+
+/*
+  update an int64 attribute safely via a constrained delete/add
+ */
+int dsdb_module_constrainted_update_int64(struct ldb_module *module,
+					  struct ldb_dn *dn,
+					  const char *attr,
+					  const int64_t *old_val,
+					  const int64_t *new_val,
+					  struct ldb_request *parent)
+{
+	struct ldb_message *msg;
+	int ret;
+
+	msg = ldb_msg_new(module);
+	if (msg == NULL) {
+		return ldb_module_oom(module);
+	}
+	msg->dn = dn;
+
+	ret = dsdb_msg_constrainted_update_int64(module,
+						 msg, attr,
+						 old_val,
+						 new_val);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(msg);
+		return ret;
+	}
+
+	ret = dsdb_module_modify(module, msg, DSDB_FLAG_NEXT_MODULE, parent);
+	talloc_free(msg);
+	return ret;
+}
+
+int dsdb_module_constrainted_update_uint64(struct ldb_module *module,
+					   struct ldb_dn *dn,
+					   const char *attr,
+					   const uint64_t *old_val,
+					   const uint64_t *new_val,
+					   struct ldb_request *parent)
+{
+	return dsdb_module_constrainted_update_int64(module, dn, attr,
+						     (const int64_t *)old_val,
+						     (const int64_t *)new_val,
+						     parent);
+}
+
+
+const struct ldb_val *dsdb_module_find_dsheuristics(struct ldb_module *module,
+						    TALLOC_CTX *mem_ctx, struct ldb_request *parent)
+{
+	int ret;
+	struct ldb_dn *new_dn;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	static const char * const attrs[] = { "dSHeuristics", NULL };
+	struct ldb_result *res;
+
+	new_dn = ldb_dn_copy(mem_ctx, ldb_get_config_basedn(ldb));
+	if (!ldb_dn_add_child_fmt(new_dn,
+				   "CN=Directory Service,CN=Windows NT,CN=Services")) {
+		talloc_free(new_dn);
+		return NULL;
+	}
+	ret = dsdb_module_search_dn(module, mem_ctx, &res,
+				    new_dn,
+				    attrs,
+				    DSDB_FLAG_NEXT_MODULE,
+				    parent);
+	if (ret == LDB_SUCCESS && res->count == 1) {
+		talloc_free(new_dn);
+		return ldb_msg_find_ldb_val(res->msgs[0],
+					    "dSHeuristics");
+	}
+	talloc_free(new_dn);
+	return NULL;
+}
+
+bool dsdb_block_anonymous_ops(struct ldb_module *module, struct ldb_request *parent)
+{
+	TALLOC_CTX *tmp_ctx = talloc_new(module);
+	bool result;
+	const struct ldb_val *hr_val = dsdb_module_find_dsheuristics(module,
+								     tmp_ctx, parent);
+	if (hr_val == NULL || hr_val->length < DS_HR_BLOCK_ANONYMOUS_OPS) {
+		result = true;
+	} else if (hr_val->data[DS_HR_BLOCK_ANONYMOUS_OPS -1] == '2') {
+		result = false;
+	} else {
+		result = true;
+	}
+
+	talloc_free(tmp_ctx);
+	return result;
+}
+
+bool dsdb_user_password_support(struct ldb_module *module,
+				TALLOC_CTX *mem_ctx,
+				struct ldb_request *parent)
+{
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	bool result;
+	const struct ldb_val *hr_val = dsdb_module_find_dsheuristics(module,
+								     tmp_ctx,
+								     parent);
+	if (hr_val == NULL || hr_val->length < DS_HR_USER_PASSWORD_SUPPORT) {
+		result = false;
+	} else if ((hr_val->data[DS_HR_USER_PASSWORD_SUPPORT -1] == '2') ||
+		   (hr_val->data[DS_HR_USER_PASSWORD_SUPPORT -1] == '0')) {
+		result = false;
+	} else {
+		result = true;
+	}
+
+	talloc_free(tmp_ctx);
+	return result;
+}
+
+bool dsdb_do_list_object(struct ldb_module *module,
+			 TALLOC_CTX *mem_ctx,
+			 struct ldb_request *parent)
+{
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	bool result;
+	const struct ldb_val *hr_val = dsdb_module_find_dsheuristics(module,
+								     tmp_ctx,
+								     parent);
+	if (hr_val == NULL || hr_val->length < DS_HR_DOLISTOBJECT) {
+		result = false;
+	} else if (hr_val->data[DS_HR_DOLISTOBJECT -1] == '1') {
+		result = true;
+	} else {
+		result = false;
+	}
+
+	talloc_free(tmp_ctx);
+	return result;
+}
+
+bool dsdb_attribute_authz_on_ldap_add(struct ldb_module *module,
+				      TALLOC_CTX *mem_ctx,
+				      struct ldb_request *parent)
+{
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	bool result = false;
+	const struct ldb_val *hr_val = dsdb_module_find_dsheuristics(module,
+								     tmp_ctx,
+								     parent);
+	if (hr_val != NULL && hr_val->length >= DS_HR_ATTR_AUTHZ_ON_LDAP_ADD) {
+		uint8_t val = hr_val->data[DS_HR_ATTR_AUTHZ_ON_LDAP_ADD - 1];
+		if (val != '0' && val != '2') {
+			result = true;
+		}
+	}
+
+	talloc_free(tmp_ctx);
+	return result;
+}
+
+bool dsdb_block_owner_implicit_rights(struct ldb_module *module,
+				      TALLOC_CTX *mem_ctx,
+				      struct ldb_request *parent)
+{
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	bool result = false;
+	const struct ldb_val *hr_val = dsdb_module_find_dsheuristics(module,
+								     tmp_ctx,
+								     parent);
+	if (hr_val != NULL && hr_val->length >= DS_HR_BLOCK_OWNER_IMPLICIT_RIGHTS) {
+		uint8_t val = hr_val->data[DS_HR_BLOCK_OWNER_IMPLICIT_RIGHTS - 1];
+		if (val != '0' && val != '2') {
+			result = true;
+		}
+	}
+
+	talloc_free(tmp_ctx);
+	return result;
+}
+
+/*
+  show the chain of requests, useful for debugging async requests
+ */
+void dsdb_req_chain_debug(struct ldb_request *req, int level)
+{
+	char *s = ldb_module_call_chain(req, req);
+	DEBUG(level, ("%s\n", s));
+	talloc_free(s);
+}
+
+/*
+ * Get all the values that *might* be added by an ldb message, as a composite
+ * ldb element.
+ *
+ * This is useful when we need to check all the possible values against some
+ * criteria.
+ *
+ * In cases where a modify message mixes multiple ADDs, DELETEs, and REPLACES,
+ * the returned element might contain more values than would actually end up
+ * in the database if the message was run to its conclusion.
+ *
+ * If the operation is not LDB_ADD or LDB_MODIFY, an operations error is
+ * returned.
+ *
+ * The returned element might not be new, and should not be modified or freed
+ * before the message is finished.
+ */
+
+int dsdb_get_expected_new_values(TALLOC_CTX *mem_ctx,
+				 const struct ldb_message *msg,
+				 const char *attr_name,
+				 struct ldb_message_element **el,
+				 enum ldb_request_type operation)
+{
+	unsigned int i;
+	unsigned int el_count = 0;
+	unsigned int val_count = 0;
+	struct ldb_val *v = NULL;
+	struct ldb_message_element *_el = NULL;
+	*el = NULL;
+
+	if (operation != LDB_ADD && operation != LDB_MODIFY) {
+		DBG_ERR("inapplicable operation type: %d\n", operation);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	/* count the adding or replacing elements */
+	for (i = 0; i < msg->num_elements; i++) {
+		if (ldb_attr_cmp(msg->elements[i].name, attr_name) == 0) {
+			unsigned int tmp;
+			if ((operation == LDB_MODIFY) &&
+			    (LDB_FLAG_MOD_TYPE(msg->elements[i].flags)
+						== LDB_FLAG_MOD_DELETE)) {
+				continue;
+			}
+			el_count++;
+			tmp = val_count + msg->elements[i].num_values;
+			if (unlikely(tmp < val_count)) {
+				DBG_ERR("too many values for one element!\n");
+				return LDB_ERR_OPERATIONS_ERROR;
+			}
+			val_count = tmp;
+		}
+	}
+	if (el_count == 0) {
+		/* nothing to see here */
+		return LDB_SUCCESS;
+	}
+
+	if (el_count == 1 || val_count == 0) {
+		/*
+		 * There is one effective element, which we can return as-is,
+		 * OR there are only elements with zero values -- any of which
+		 * will do.
+		 */
+		for (i = 0; i < msg->num_elements; i++) {
+			if (ldb_attr_cmp(msg->elements[i].name, attr_name) == 0) {
+				if ((operation == LDB_MODIFY) &&
+				    (LDB_FLAG_MOD_TYPE(msg->elements[i].flags)
+				     == LDB_FLAG_MOD_DELETE)) {
+					continue;
+				}
+				*el = &msg->elements[i];
+				return LDB_SUCCESS;
+			}
+		}
+	}
+
+	_el = talloc_zero(mem_ctx, struct ldb_message_element);
+	if (_el == NULL) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	_el->name = attr_name;
+
+	if (val_count == 0) {
+		/*
+		 * Seems unlikely, but sometimes we might be adding zero
+		 * values in multiple separate elements. The talloc zero has
+		 * already set the expected values = NULL, num_values = 0.
+		 */
+		*el = _el;
+		return LDB_SUCCESS;
+	}
+
+	_el->values = talloc_array(_el, struct ldb_val, val_count);
+	if (_el->values == NULL) {
+		talloc_free(_el);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	_el->num_values = val_count;
+
+	v = _el->values;
+
+	for (i = 0; i < msg->num_elements; i++) {
+		if (ldb_attr_cmp(msg->elements[i].name, attr_name) == 0) {
+			const struct ldb_message_element *tmp_el = &msg->elements[i];
+			if ((operation == LDB_MODIFY) &&
+			    (LDB_FLAG_MOD_TYPE(tmp_el->flags)
+						== LDB_FLAG_MOD_DELETE)) {
+				continue;
+			}
+			if (tmp_el->values == NULL || tmp_el->num_values == 0) {
+				continue;
+			}
+			memcpy(v,
+			       tmp_el->values,
+			       tmp_el->num_values * sizeof(*v));
+			v += tmp_el->num_values;
+		}
+	}
+
+	*el = _el;
+	return LDB_SUCCESS;
+}
+
+
+/*
+ * Get the value of a single-valued attribute from an ADDed message. 'val' will only live as
+ * long as 'msg' and 'original_val' do, and must not be freed.
+ */
+int dsdb_msg_add_get_single_value(const struct ldb_message *msg,
+                                  const char *attr_name,
+                                  const struct ldb_val **val)
+{
+	const struct ldb_message_element *el = NULL;
+
+	/*
+	 * The ldb_msg_normalize() call in ldb_request() ensures that
+	 * there is at most one message element for each
+	 * attribute. Thus, we don't need a loop to deal with an
+	 * LDB_ADD.
+	 */
+	el = ldb_msg_find_element(msg, attr_name);
+	if (el == NULL) {
+		*val = NULL;
+		return LDB_SUCCESS;
+	}
+	if (el->num_values != 1) {
+		return LDB_ERR_CONSTRAINT_VIOLATION;
+	}
+
+	*val = &el->values[0];
+	return LDB_SUCCESS;
+}
+
+/*
+ * Get the value of a single-valued attribute after processing a
+ * message. 'operation' is either LDB_ADD or LDB_MODIFY. 'val' will only live as
+ * long as 'msg' and 'original_val' do, and must not be freed.
+ */
+int dsdb_msg_get_single_value(const struct ldb_message *msg,
+			      const char *attr_name,
+			      const struct ldb_val *original_val,
+			      const struct ldb_val **val,
+			      enum ldb_request_type operation)
+{
+	unsigned idx;
+
+	*val = NULL;
+
+	if (operation == LDB_ADD) {
+		if (original_val != NULL) {
+			/* This is an error on the caller's part. */
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+		return dsdb_msg_add_get_single_value(msg, attr_name, val);
+	}
+
+	SMB_ASSERT(operation == LDB_MODIFY);
+
+	*val = original_val;
+
+	for (idx = 0; idx < msg->num_elements; ++idx) {
+		const struct ldb_message_element *el = &msg->elements[idx];
+
+		if (ldb_attr_cmp(el->name, attr_name) != 0) {
+			continue;
+		}
+
+		switch (el->flags & LDB_FLAG_MOD_MASK) {
+		case LDB_FLAG_MOD_ADD:
+			if (el->num_values != 1) {
+				return LDB_ERR_CONSTRAINT_VIOLATION;
+			}
+			if (*val != NULL) {
+				return LDB_ERR_CONSTRAINT_VIOLATION;
+			}
+
+			*val = &el->values[0];
+
+			break;
+
+		case LDB_FLAG_MOD_REPLACE:
+			if (el->num_values > 1) {
+				return LDB_ERR_CONSTRAINT_VIOLATION;
+			}
+
+			*val = el->num_values ? &el->values[0] : NULL;
+
+			break;
+
+		case LDB_FLAG_MOD_DELETE:
+			if (el->num_values > 1) {
+				return LDB_ERR_CONSTRAINT_VIOLATION;
+			}
+
+			/*
+			 * If a value was specified for the delete, we don't
+			 * bother checking it matches the value we currently
+			 * have. Any mismatch will be caught later (e.g. in
+			 * ldb_kv_modify_internal).
+			 */
+
+			*val = NULL;
+
+			break;
+		}
+	}
+
+	return LDB_SUCCESS;
+}
+
+/*
+ * This function determines the (last) structural or 88 object class of a passed
+ * "objectClass" attribute - per MS-ADTS 3.1.1.1.4 this is the last value.
+ * Without schema this does not work and hence NULL is returned.
+ */
+const struct dsdb_class *dsdb_get_last_structural_class(const struct dsdb_schema *schema,
+							const struct ldb_message_element *element)
+{
+	const struct dsdb_class *last_class;
+
+	if (schema == NULL) {
+		return NULL;
+	}
+
+	if (element->num_values == 0) {
+		return NULL;
+	}
+
+	last_class = dsdb_class_by_lDAPDisplayName_ldb_val(schema,
+							   &element->values[element->num_values-1]);
+	if (last_class == NULL) {
+		return NULL;
+	}
+	if (last_class->objectClassCategory > 1) {
+		return NULL;
+	}
+
+	return last_class;
+}
+
+const struct dsdb_class *dsdb_get_structural_oc_from_msg(const struct dsdb_schema *schema,
+							 const struct ldb_message *msg)
+{
+	struct ldb_message_element *oc_el;
+
+	oc_el = ldb_msg_find_element(msg, "objectClass");
+	if (!oc_el) {
+		return NULL;
+	}
+
+	return dsdb_get_last_structural_class(schema, oc_el);
+}
+
+/*
+  Get the parent class of an objectclass, or NULL if none exists.
+ */
+const struct dsdb_class *dsdb_get_parent_class(const struct dsdb_schema *schema,
+					       const struct dsdb_class *objectclass)
+{
+	if (ldb_attr_cmp(objectclass->lDAPDisplayName, "top") == 0) {
+		return NULL;
+	}
+
+	if (objectclass->subClassOf == NULL) {
+		return NULL;
+	}
+
+	return dsdb_class_by_lDAPDisplayName(schema, objectclass->subClassOf);
+}
+
+/*
+  Return true if 'struct_objectclass' is a subclass of 'other_objectclass'. The
+  two objectclasses must originate from the same schema, to allow for
+  pointer-based identity comparison.
+ */
+bool dsdb_is_subclass_of(const struct dsdb_schema *schema,
+			 const struct dsdb_class *struct_objectclass,
+			 const struct dsdb_class *other_objectclass)
+{
+	while (struct_objectclass != NULL) {
+		/* Pointer comparison can be used due to the same schema str. */
+		if (struct_objectclass == other_objectclass) {
+			return true;
+		}
+
+		struct_objectclass = dsdb_get_parent_class(schema, struct_objectclass);
+	}
+
+	return false;
+}
+
+/* Fix the DN so that the relative attribute names are in upper case so that the DN:
+   cn=Administrator,cn=users,dc=samba,dc=example,dc=com becomes
+   CN=Administrator,CN=users,DC=samba,DC=example,DC=com
+*/
+int dsdb_fix_dn_rdncase(struct ldb_context *ldb, struct ldb_dn *dn)
+{
+	int i, ret;
+	char *upper_rdn_attr;
+
+	for (i=0; i < ldb_dn_get_comp_num(dn); i++) {
+		/* We need the attribute name in upper case */
+		upper_rdn_attr = strupper_talloc(dn,
+						 ldb_dn_get_component_name(dn, i));
+		if (!upper_rdn_attr) {
+			return ldb_oom(ldb);
+		}
+		ret = ldb_dn_set_component(dn, i, upper_rdn_attr,
+					   *ldb_dn_get_component_val(dn, i));
+		talloc_free(upper_rdn_attr);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+	}
+	return LDB_SUCCESS;
+}
+
+/**
+ * Make most specific objectCategory for the objectClass of passed object
+ * NOTE: In this implementation we count that it is called on already
+ * verified objectClass attribute value. See objectclass.c thorough
+ * implementation for all the magic that involves
+ *
+ * @param ldb	ldb context
+ * @param schema cached schema for ldb. We may get it, but it is very time consuming.
+ * 			Hence leave the responsibility to the caller.
+ * @param obj	AD object to determine objectCategory for
+ * @param mem_ctx Memory context - usually it is obj actually
+ * @param pobjectcategory location to store found objectCategory
+ *
+ * @return LDB_SUCCESS or error including out of memory error
+ */
+int dsdb_make_object_category(struct ldb_context *ldb, const struct dsdb_schema *schema,
+			      const struct ldb_message *obj,
+			      TALLOC_CTX *mem_ctx, const char **pobjectcategory)
+{
+	const struct dsdb_class			*objectclass;
+	struct ldb_message_element		*objectclass_element;
+	struct dsdb_extended_dn_store_format	*dn_format;
+
+	objectclass_element = ldb_msg_find_element(obj, "objectClass");
+	if (!objectclass_element) {
+		ldb_asprintf_errstring(ldb, "dsdb: Cannot add %s, no objectclass specified!",
+				       ldb_dn_get_linearized(obj->dn));
+		return LDB_ERR_OBJECT_CLASS_VIOLATION;
+	}
+	if (objectclass_element->num_values == 0) {
+		ldb_asprintf_errstring(ldb, "dsdb: Cannot add %s, at least one (structural) objectclass has to be specified!",
+				       ldb_dn_get_linearized(obj->dn));
+		return LDB_ERR_CONSTRAINT_VIOLATION;
+	}
+
+	/*
+	 * Get the new top-most structural object class and check for
+	 * unrelated structural classes
+	 */
+	objectclass = dsdb_get_last_structural_class(schema,
+						     objectclass_element);
+	if (objectclass == NULL) {
+		ldb_asprintf_errstring(ldb,
+				       "Failed to find a structural class for %s",
+				       ldb_dn_get_linearized(obj->dn));
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
+	dn_format = talloc_get_type(ldb_get_opaque(ldb, DSDB_EXTENDED_DN_STORE_FORMAT_OPAQUE_NAME),
+				    struct dsdb_extended_dn_store_format);
+	if (dn_format && dn_format->store_extended_dn_in_ldb == false) {
+		/* Strip off extended components */
+		struct ldb_dn *dn = ldb_dn_new(mem_ctx, ldb,
+					       objectclass->defaultObjectCategory);
+		*pobjectcategory = ldb_dn_alloc_linearized(mem_ctx, dn);
+		talloc_free(dn);
+	} else {
+		*pobjectcategory = talloc_strdup(mem_ctx, objectclass->defaultObjectCategory);
+	}
+
+	if (*pobjectcategory == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	return LDB_SUCCESS;
+}
diff --git a/source4/dsdb/samdb/ldb_modules/util.h b/source4/dsdb/samdb/ldb_modules/util.h
new file mode 100644
index 0000000..63726c0
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/util.h
@@ -0,0 +1,43 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+
+   Copyright (C) Andrew Tridgell 2009
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/* predeclare some structures used by utility functions */
+struct dsdb_schema;
+struct dsdb_attribute;
+struct dsdb_fsmo_extended_op;
+struct security_descriptor;
+struct dom_sid;
+struct netlogon_samlogon_response;
+
+#include "librpc/gen_ndr/misc.h"
+#include "librpc/gen_ndr/security.h"
+#include "dsdb/samdb/ldb_modules/util_proto.h"
+#include "dsdb/common/util.h"
+#include "../libcli/netlogon/netlogon.h"
+
+/* extend the dsdb_request_add_controls() flags for module
+   specific functions */
+#define DSDB_FLAG_NEXT_MODULE		      0x00100000
+#define DSDB_FLAG_OWN_MODULE		      0x00400000
+#define DSDB_FLAG_TOP_MODULE		      0x00800000
+#define DSDB_FLAG_TRUSTED		      0x01000000
+#define DSDB_FLAG_REPLICATED_UPDATE           0x02000000
+#define DSDB_FLAG_FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE 0x04000000
diff --git a/source4/dsdb/samdb/ldb_modules/vlv_pagination.c b/source4/dsdb/samdb/ldb_modules/vlv_pagination.c
new file mode 100644
index 0000000..b389d3f
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/vlv_pagination.c
@@ -0,0 +1,946 @@
+/*
+   ldb database library
+
+   Copyright (C) Simo Sorce  2005-2008
+   Copyright (C) Catalyst IT 2016
+
+     ** NOTE! The following LGPL license applies to the ldb
+     ** library. This does NOT imply that all of Samba is released
+     ** under the LGPL
+
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 3 of the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with this library; if not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: vlv_pagination
+ *
+ *  Component: ldb vlv pagination control module
+ *
+ *  Description: this module caches a complete search and sends back
+ *  		 results in chunks as asked by the client
+ *
+ *  Originally based on paged_results.c by Simo Sorce
+ *  Modified by Douglas Bagnall and Garming Sam for Catalyst.
+ */
+
+#include "includes.h"
+#include "auth/auth.h"
+#include <ldb.h>
+#include "dsdb/samdb/samdb.h"
+#include "libcli/security/security.h"
+#include "libcli/ldap/ldap_errors.h"
+#include <ldb.h>
+#include "replace.h"
+#include "system/filesys.h"
+#include "system/time.h"
+#include "ldb_module.h"
+#include "dsdb/samdb/samdb.h"
+
+#include "dsdb/common/util.h"
+#include "lib/util/binsearch.h"
+
+/* This is the number of concurrent searches per connection to cache. */
+#define VLV_N_SEARCHES 5
+
+
+struct results_store {
+	uint32_t contextId;
+	time_t timestamp;
+
+	struct GUID *results;
+	size_t num_entries;
+	size_t result_array_size;
+
+	struct referral_store *first_ref;
+	struct referral_store *last_ref;
+
+	struct ldb_control **controls;
+	struct ldb_control **down_controls;
+	struct ldb_vlv_req_control *vlv_details;
+	struct ldb_server_sort_control *sort_details;
+};
+
+struct private_data {
+	uint32_t next_free_id;
+	struct results_store **store;
+	int n_stores;
+};
+
+
+struct vlv_context {
+	struct ldb_module *module;
+	struct ldb_request *req;
+	struct results_store *store;
+	struct ldb_control **controls;
+	struct private_data *priv;
+};
+
+
+static struct results_store *new_store(struct private_data *priv)
+{
+	struct results_store *store;
+	int i;
+	int best = 0;
+	time_t oldest = TIME_T_MAX;
+	for (i = 0; i < priv->n_stores; i++) {
+		if (priv->store[i] == NULL) {
+			best = i;
+			break;
+		} else if (priv->store[i]->timestamp < oldest){
+			best = i;
+			oldest = priv->store[i]->timestamp;
+		}
+	}
+
+	store = talloc_zero(priv, struct results_store);
+	if (store == NULL) {
+		return NULL;
+	}
+	if (priv->store[best] != NULL) {
+		TALLOC_FREE(priv->store[best]);
+	}
+	priv->store[best] = store;
+	store->timestamp = time(NULL);
+	return store;
+}
+
+
+struct vlv_sort_context {
+	struct ldb_context *ldb;
+	ldb_attr_comparison_t comparison_fn;
+	const char *attr;
+	struct vlv_context *ac;
+	int status;
+	struct ldb_val value;
+};
+
+
+/* Referrals are temporarily stored in a linked list */
+struct referral_store {
+	char *ref;
+	struct referral_store *next;
+};
+
+/*
+  search for attrs on one DN, by the GUID of the DN, with true
+  LDB controls
+ */
+
+static int vlv_search_by_dn_guid(struct ldb_module *module,
+				 struct vlv_context *ac,
+				 struct ldb_result **result,
+				 const struct GUID *guid,
+				 const char * const *attrs)
+{
+	struct ldb_dn *dn;
+	struct ldb_request *req;
+	struct ldb_result *res;
+	int ret;
+	struct GUID_txt_buf guid_str;
+	struct ldb_control **controls = ac->store->down_controls;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+
+	dn = ldb_dn_new_fmt(ac, ldb, "<GUID=%s>",
+			    GUID_buf_string(guid, &guid_str));
+	if (dn == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	res = talloc_zero(ac, struct ldb_result);
+	if (res == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	ret = ldb_build_search_req(&req, ldb, ac,
+				   dn,
+				   LDB_SCOPE_BASE,
+				   NULL,
+				   attrs,
+				   controls,
+				   res,
+				   ldb_search_default_callback,
+				   ac->req);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(res);
+		return ret;
+	}
+
+	ret = ldb_request(ldb, req);
+	if (ret == LDB_SUCCESS) {
+		ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+	}
+
+	talloc_free(req);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(res);
+		return ret;
+	}
+
+	*result = res;
+	return ret;
+}
+
+
+static int save_referral(struct results_store *store, char *ref)
+{
+	struct referral_store *node = talloc(store,
+					     struct referral_store);
+	if (node == NULL) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	node->next = NULL;
+	node->ref = talloc_steal(node, ref);
+
+	if (store->first_ref == NULL) {
+		store->first_ref = node;
+	} else {
+		store->last_ref->next = node;
+	}
+	store->last_ref = node;
+	return LDB_SUCCESS;
+}
+
+static int send_referrals(struct results_store *store,
+			  struct ldb_request *req)
+{
+	int ret;
+	struct referral_store *node;
+	while (store->first_ref != NULL) {
+		node = store->first_ref;
+		ret = ldb_module_send_referral(req, node->ref);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+		store->first_ref = node->next;
+		talloc_free(node);
+	}
+	return LDB_SUCCESS;
+}
+
+
+/* vlv_value_compare() is used in a binary search */
+
+static int vlv_value_compare(struct vlv_sort_context *target,
+			     struct GUID *guid)
+{
+	struct ldb_result *result = NULL;
+	struct ldb_message_element *el = NULL;
+	struct vlv_context *ac = target->ac;
+	int ret;
+	const char *attrs[2] = {
+		target->attr,
+		NULL
+	};
+
+	ret = vlv_search_by_dn_guid(ac->module, ac, &result, guid, attrs);
+
+	if (ret != LDB_SUCCESS) {
+		target->status = ret;
+		/* returning 0 ends the search. */
+		return 0;
+	}
+
+	el = ldb_msg_find_element(result->msgs[0], target->attr);
+	return target->comparison_fn(target->ldb, ac,
+				     &target->value, &el->values[0]);
+
+}
+
+/* The same as vlv_value_compare() but sorting in the opposite direction. */
+static int vlv_value_compare_rev(struct vlv_sort_context *target,
+			     struct GUID *guid)
+{
+	return -vlv_value_compare(target, guid);
+}
+
+
+
+/* Convert a "greater than or equal to" VLV query into an index. This is
+   zero-based, so one less than the equivalent VLV offset query.
+
+   If the query value is greater than (or less than in the reverse case) all
+   the items, An index just beyond the last position is used.
+
+   If an error occurs during the search for the index, we stash it in the
+   status argument.
+ */
+
+static int vlv_gt_eq_to_index(struct vlv_context *ac,
+			      struct GUID *guid_array,
+			      struct ldb_vlv_req_control *vlv_details,
+			      struct ldb_server_sort_control *sort_details,
+			      int *status)
+{
+	/* this has a >= comparison string, which needs to be
+	 * converted into indices.
+	 */
+	size_t len = ac->store->num_entries;
+	struct ldb_context *ldb;
+	const struct ldb_schema_attribute *a;
+	struct GUID *result = NULL;
+	struct vlv_sort_context context;
+	struct ldb_val value = {
+		.data = (uint8_t *)vlv_details->match.gtOrEq.value,
+		.length = vlv_details->match.gtOrEq.value_len
+	};
+	ldb = ldb_module_get_ctx(ac->module);
+	a = ldb_schema_attribute_by_name(ldb, sort_details->attributeName);
+
+	context = (struct vlv_sort_context){
+		.ldb = ldb,
+		.comparison_fn = a->syntax->comparison_fn,
+		.attr = sort_details->attributeName,
+		.ac = ac,
+		.status = LDB_SUCCESS,
+		.value = value
+	};
+
+	if (sort_details->reverse) {
+		/* when the sort is reversed, "gtOrEq" means
+		   "less than or equal" */
+		BINARY_ARRAY_SEARCH_GTE(guid_array, len, &context,
+					vlv_value_compare_rev,
+					result, result);
+	} else {
+		BINARY_ARRAY_SEARCH_GTE(guid_array, len, &context,
+					vlv_value_compare,
+					result, result);
+	}
+	if (context.status != LDB_SUCCESS) {
+		*status = context.status;
+		return len;
+	}
+	*status = LDB_SUCCESS;
+
+	if (result == NULL) {
+		/* the target is beyond the end of the array */
+		return len;
+	}
+	return result - guid_array;
+
+}
+
+/* return the zero-based index into the sorted results, or -1 on error.
+
+   The VLV index is one-base, so one greater than this.
+ */
+
+static int vlv_calc_real_offset(int offset, int denominator, int n_entries)
+{
+	double fraction;
+
+	/* An offset of 0 (or less) is an error, unless the denominator is
+	   also zero. */
+	if (offset <= 0 && denominator != 0) {
+		return -1;
+	}
+
+	/* a denominator of zero means the server should use the estimated
+	   number of entries. */
+	if (denominator == 0) {
+		if (offset == 0) {
+                        /* 0/0 means the last one */
+			return n_entries - 1;
+		}
+		denominator = n_entries;
+	}
+
+	if (denominator == 1) {
+		/* The 1/1 case means the LAST index.
+		   Strangely, for n > 1, n/1 means the FIRST index.
+		*/
+		if (offset == 1) {
+			return n_entries - 1;
+		}
+		return 0;
+	}
+
+	if (offset >= denominator) {
+		/* we want the last one */
+		return n_entries - 1;
+	}
+	/* if the denominator is exactly the number of entries, the offset is
+	   already correct. */
+
+	if (denominator == n_entries) {
+		return offset - 1;
+	}
+
+	/* The following formula was discovered by probing Windows. */
+	fraction = (offset - 1.0) / (denominator - 1.0);
+	return (int)(fraction * (n_entries - 1.0) + 0.5);
+}
+
+
+/* vlv_results() is called when there is a valid contextID -- meaning the search
+   has been prepared earlier and saved -- or by vlv_search_callback() when a
+   search has just been completed. */
+
+static int vlv_results(struct vlv_context *ac, struct ldb_reply *ares)
+{
+	struct ldb_extended *response = (ares != NULL ? ares->response : NULL);
+	struct ldb_vlv_resp_control *vlv;
+	unsigned int num_ctrls;
+	int ret, i, first_i, last_i;
+	struct ldb_vlv_req_control *vlv_details;
+	struct ldb_server_sort_control *sort_details;
+	int target = 0;
+
+	if (ac->store == NULL) {
+		ret = LDB_ERR_OPERATIONS_ERROR;
+		return ldb_module_done(
+			ac->req, ac->controls, response, ret);
+	}
+
+	if (ac->store->first_ref) {
+		/* There is no right place to put references in the sorted
+		   results, so we send them as soon as possible.
+		*/
+		ret = send_referrals(ac->store, ac->req);
+		if (ret != LDB_SUCCESS) {
+			/*
+			 * send_referrals will have called ldb_module_done
+			 * if there was an error.
+			 */
+			return ret;
+		}
+	}
+
+	vlv_details = ac->store->vlv_details;
+	sort_details = ac->store->sort_details;
+
+	if (ac->store->num_entries != 0) {
+		if (vlv_details->type == 1) {
+			target = vlv_gt_eq_to_index(ac, ac->store->results,
+						    vlv_details,
+						    sort_details, &ret);
+			if (ret != LDB_SUCCESS) {
+				return ldb_module_done(
+					ac->req,
+					ac->controls,
+					response,
+					ret);
+			}
+		} else {
+			target = vlv_calc_real_offset(vlv_details->match.byOffset.offset,
+						      vlv_details->match.byOffset.contentCount,
+						      ac->store->num_entries);
+			if (target == -1) {
+				ret = LDB_ERR_OPERATIONS_ERROR;
+				return ldb_module_done(
+					ac->req,
+					ac->controls,
+					response,
+					ret);
+			}
+		}
+
+		/* send the results */
+		first_i = MAX(target - vlv_details->beforeCount, 0);
+		last_i = MIN(target + vlv_details->afterCount,
+			     ac->store->num_entries - 1);
+
+		for (i = first_i; i <= last_i; i++) {
+			struct ldb_result *result = NULL;
+			struct GUID *guid = &ac->store->results[i];
+
+			ret = vlv_search_by_dn_guid(ac->module, ac, &result, guid,
+						    ac->req->op.search.attrs);
+
+			if (ret == LDAP_NO_SUCH_OBJECT
+			    || result->count != 1) {
+				/*
+				 * The thing isn't there, which we quietly
+				 * ignore and go on to send an extra one
+				 * instead.
+				 *
+				 * result->count == 0 or > 1 can only
+				 * happen if ASQ (which breaks all the
+				 * rules) is somehow invoked (as this
+				 * is a BASE search).
+				 *
+				 * (We skip the ASQ cookie for the
+				 * GUID searches)
+				 */
+				if (last_i < ac->store->num_entries - 1) {
+					last_i++;
+				}
+				continue;
+			} else if (ret != LDB_SUCCESS) {
+				return ldb_module_done(
+					ac->req,
+					ac->controls,
+					response,
+					ret);
+			}
+
+			ret = ldb_module_send_entry(ac->req, result->msgs[0],
+						    NULL);
+			if (ret != LDB_SUCCESS) {
+				/*
+				 * ldb_module_send_entry will have called
+				 * ldb_module_done if there was an error
+				 */
+				return ret;
+			}
+		}
+	} else {
+		target = -1;
+	}
+
+	/* return result done */
+	num_ctrls = 1;
+	i = 0;
+
+	if (ac->store->controls != NULL) {
+		while (ac->store->controls[i]){
+			i++; /* counting */
+		}
+		num_ctrls += i;
+	}
+
+	ac->controls = talloc_array(ac, struct ldb_control *, num_ctrls + 1);
+	if (ac->controls == NULL) {
+		ret = LDB_ERR_OPERATIONS_ERROR;
+		return ldb_module_done(
+			ac->req, ac->controls, response, ret);
+	}
+	ac->controls[num_ctrls] = NULL;
+
+	for (i = 0; i < (num_ctrls -1); i++) {
+		ac->controls[i] = talloc_reference(ac->controls, ac->store->controls[i]);
+	}
+
+	ac->controls[i] = talloc(ac->controls, struct ldb_control);
+	if (ac->controls[i] == NULL) {
+		ret = LDB_ERR_OPERATIONS_ERROR;
+		return ldb_module_done(
+			ac->req, ac->controls, response, ret);
+	}
+
+	ac->controls[i]->oid = talloc_strdup(ac->controls[i],
+					     LDB_CONTROL_VLV_RESP_OID);
+	if (ac->controls[i]->oid == NULL) {
+		ret = LDB_ERR_OPERATIONS_ERROR;
+		return ldb_module_done(
+			ac->req, ac->controls, response, ret);
+	}
+
+	ac->controls[i]->critical = 0;
+
+	vlv = talloc(ac->controls[i], struct ldb_vlv_resp_control);
+	if (vlv == NULL) {
+		ret = LDB_ERR_OPERATIONS_ERROR;
+		return ldb_module_done(
+			ac->req, ac->controls, response, ret);
+	}
+	ac->controls[i]->data = vlv;
+
+	ac->store->timestamp = time(NULL);
+
+	ac->store->contextId = ac->priv->next_free_id;
+	ac->priv->next_free_id++;
+	vlv->contextId = talloc_memdup(vlv, &ac->store->contextId, sizeof(uint32_t));
+	vlv->ctxid_len = sizeof(uint32_t);
+	vlv->vlv_result = 0;
+	vlv->contentCount = ac->store->num_entries;
+	if (target >= 0) {
+		vlv->targetPosition = target + 1;
+	} else if (vlv_details->type == 1) {
+		vlv->targetPosition = ac->store->num_entries + 1;
+	} else {
+		vlv->targetPosition = 0;
+	}
+	return LDB_SUCCESS;
+}
+
+
+/* vlv_search_callback() collects GUIDs found by the original search */
+
+static int vlv_search_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	struct vlv_context *ac;
+	struct results_store *store;
+	int ret;
+
+	ac = talloc_get_type(req->context, struct vlv_context);
+	store = ac->store;
+
+	if (!ares) {
+		return ldb_module_done(ac->req, NULL, NULL,
+					LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_module_done(ac->req, ares->controls,
+					ares->response, ares->error);
+	}
+
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+		if (store->results == NULL) {
+			store->num_entries = 0;
+			store->result_array_size = 16;
+			store->results = talloc_array(store, struct GUID,
+						      store->result_array_size);
+			if (store->results == NULL) {
+				return ldb_module_done(ac->req, NULL, NULL,
+						       LDB_ERR_OPERATIONS_ERROR);
+			}
+		} else if (store->num_entries == store->result_array_size) {
+			store->result_array_size *= 2;
+			store->results = talloc_realloc(store, store->results,
+							struct GUID,
+							store->result_array_size);
+			if (store->results == NULL) {
+				return ldb_module_done(ac->req, NULL, NULL,
+						       LDB_ERR_OPERATIONS_ERROR);
+			}
+		}
+		store->results[store->num_entries] = \
+			samdb_result_guid(ares->message, "objectGUID");
+		store->num_entries++;
+		break;
+
+	case LDB_REPLY_REFERRAL:
+		ret = save_referral(store, ares->referral);
+		if (ret != LDB_SUCCESS) {
+			return ldb_module_done(ac->req, NULL, NULL, ret);
+		}
+		break;
+
+	case LDB_REPLY_DONE:
+		if (store->num_entries != 0) {
+			store->results = talloc_realloc(store, store->results,
+							struct GUID,
+							store->num_entries);
+			if (store->results == NULL) {
+				return ldb_module_done(ac->req, NULL, NULL,
+						       LDB_ERR_OPERATIONS_ERROR);
+			}
+		}
+		store->result_array_size = store->num_entries;
+
+		ac->store->controls = talloc_move(ac->store, &ares->controls);
+		ret = vlv_results(ac, ares);
+		if (ret != LDB_SUCCESS) {
+			/* vlv_results will have called ldb_module_done
+			 * if there was an error.
+			 */
+			return ret;
+		}
+		return ldb_module_done(ac->req, ac->controls,
+					ares->response, ret);
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int copy_search_details(struct results_store *store,
+			       struct ldb_vlv_req_control *vlv_ctrl,
+			       struct ldb_server_sort_control *sort_ctrl)
+{
+	/* free the old details which are no longer going to be reachable. */
+	if (store->vlv_details != NULL){
+		TALLOC_FREE(store->vlv_details);
+	}
+
+	if (store->sort_details != NULL){
+		TALLOC_FREE(store->sort_details);
+	}
+
+	store->vlv_details = talloc(store, struct ldb_vlv_req_control);
+	if (store->vlv_details == NULL) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	*store->vlv_details = *vlv_ctrl;
+	store->vlv_details->contextId = talloc_memdup(store, vlv_ctrl->contextId,
+						      vlv_ctrl->ctxid_len);
+	if (store->vlv_details->contextId == NULL) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	if (vlv_ctrl->type == 1) {
+		char *v = talloc_array(store, char,
+				       vlv_ctrl->match.gtOrEq.value_len + 1);
+
+		if (v == NULL) {
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+
+		memcpy(v, vlv_ctrl->match.gtOrEq.value, vlv_ctrl->match.gtOrEq.value_len);
+		v[vlv_ctrl->match.gtOrEq.value_len] = '\0';
+
+		store->vlv_details->match.gtOrEq.value = v;
+	}
+
+	store->sort_details = talloc(store, struct ldb_server_sort_control);
+	if (store->sort_details == NULL) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	store->sort_details->attributeName = talloc_strdup(store,
+							   sort_ctrl->attributeName);
+	if (store->sort_details->attributeName == NULL) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	if (sort_ctrl->orderingRule == NULL) {
+		store->sort_details->orderingRule = NULL;
+	} else {
+		store->sort_details->orderingRule = talloc_strdup(store,
+								  sort_ctrl->orderingRule);
+		if (store->sort_details->orderingRule == NULL) {
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+	}
+	store->sort_details->reverse = sort_ctrl->reverse;
+
+	return LDB_SUCCESS;
+}
+
+
+static struct ldb_control **
+vlv_copy_down_controls(TALLOC_CTX *mem_ctx, struct ldb_control **controls)
+{
+
+	struct ldb_control **new_controls;
+	unsigned int i, j, num_ctrls;
+	if (controls == NULL) {
+		return NULL;
+	}
+
+	for (num_ctrls = 0; controls[num_ctrls]; num_ctrls++);
+
+	new_controls = talloc_array(mem_ctx, struct ldb_control *, num_ctrls);
+	if (new_controls == NULL) {
+		return NULL;
+	}
+
+	for (j = 0, i = 0; i < (num_ctrls); i++) {
+		struct ldb_control *control = controls[i];
+		if (control->oid == NULL) {
+			break;
+		}
+		/*
+		 * Do not re-use VLV, nor the server-sort, both are
+		 * already handled here.
+		 */
+		if (strcmp(control->oid, LDB_CONTROL_VLV_REQ_OID) == 0 ||
+		    strcmp(control->oid, LDB_CONTROL_SERVER_SORT_OID) == 0) {
+			continue;
+		}
+		/*
+		 * ASQ changes everything, do not copy it down for the
+		 * per-GUID search
+		 */
+		if (strcmp(control->oid, LDB_CONTROL_ASQ_OID) == 0) {
+			continue;
+		}
+		new_controls[j] = talloc_steal(new_controls, control);
+		/*
+		 * Sadly the caller is not obliged to make this a
+		 * proper talloc tree, so we do so here.
+		 */
+		if (control->data) {
+			talloc_steal(control, control->data);
+		}
+		j++;
+	}
+	new_controls[j] = NULL;
+	return new_controls;
+}
+
+static int vlv_search(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb;
+	struct ldb_control *control;
+	struct ldb_control *sort_control;
+	struct private_data *priv;
+	struct ldb_vlv_req_control *vlv_ctrl;
+	struct ldb_server_sort_control **sort_ctrl;
+	struct ldb_request *search_req;
+	struct vlv_context *ac;
+	int ret, i, critical;
+
+	ldb = ldb_module_get_ctx(module);
+
+	control = ldb_request_get_control(req, LDB_CONTROL_VLV_REQ_OID);
+	if (control == NULL) {
+		/* There is no VLV. go on */
+		return ldb_next_request(module, req);
+	}
+	critical = control->critical;
+	control->critical = 0;
+
+	sort_control = ldb_request_get_control(req, LDB_CONTROL_SERVER_SORT_OID);
+	if (sort_control == NULL) {
+		/* VLV needs sort */
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	vlv_ctrl = talloc_get_type(control->data, struct ldb_vlv_req_control);
+	if (vlv_ctrl == NULL) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	sort_ctrl = talloc_get_type(sort_control->data, struct ldb_server_sort_control *);
+	if (sort_ctrl == NULL) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	priv = talloc_get_type(ldb_module_get_private(module),
+			       struct private_data);
+
+	ac = talloc_zero(req, struct vlv_context);
+	if (ac == NULL) {
+		ldb_set_errstring(ldb, "Out of Memory");
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	ac->module = module;
+	ac->req = req;
+	ac->priv = priv;
+	/* If there is no cookie, this is a new request, and we need to do the
+	 * search in the database. Otherwise we try to refer to a previously
+	 * saved search.
+	 */
+	if (vlv_ctrl->ctxid_len == 0) {
+		static const char * const attrs[2] = {
+			"objectGUID", NULL
+		};
+
+		ac->store = new_store(priv);
+		if (ac->store == NULL) {
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+
+		ret = copy_search_details(ac->store, vlv_ctrl, sort_ctrl[0]);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		ret = ldb_build_search_req_ex(&search_req, ldb, ac,
+					      req->op.search.base,
+					      req->op.search.scope,
+					      req->op.search.tree,
+					      attrs,
+					      req->controls,
+					      ac,
+					      vlv_search_callback,
+					      req);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+		/* save it locally and remove it from the list */
+		/* we do not need to replace them later as we
+		 * are keeping the original req intact */
+		if (!ldb_save_controls(control, search_req, NULL)) {
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+
+		ac->store->down_controls = vlv_copy_down_controls(ac->store,
+								  req->controls);
+
+		if (ac->store->down_controls == NULL) {
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+
+		return ldb_next_request(module, search_req);
+
+	} else {
+		struct results_store *current = NULL;
+		uint8_t *id = vlv_ctrl->contextId;
+
+		if (vlv_ctrl->ctxid_len != sizeof(uint32_t)){
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+
+		for (i = 0; i < priv->n_stores; i++) {
+			current = priv->store[i];
+			if (current == NULL) {
+				continue;
+			}
+			if (memcmp(&current->contextId, id, sizeof(uint32_t)) == 0) {
+				current->timestamp = time(NULL);
+				break;
+			}
+		}
+		if (i == priv->n_stores) {
+			/* We were given a context id that we don't know about. */
+			if (critical) {
+				return LDAP_UNAVAILABLE_CRITICAL_EXTENSION;
+			} else {
+				return ldb_next_request(module, req);
+			}
+		}
+
+		ac->store = current;
+		ret = copy_search_details(ac->store, vlv_ctrl, sort_ctrl[0]);
+		if (ret != LDB_SUCCESS) {
+			return ret;
+		}
+
+		ret = vlv_results(ac, NULL);
+		if (ret != LDB_SUCCESS) {
+			/*
+			 * vlv_results() will have called ldb_module_done
+			 * if there was an error.
+			 */
+			return ret;
+		}
+		return ldb_module_done(req, ac->controls, NULL,
+				       LDB_SUCCESS);
+	}
+}
+
+
+static int vlv_request_init(struct ldb_module *module)
+{
+	struct ldb_context *ldb;
+	struct private_data *data;
+	int ret;
+
+	ldb = ldb_module_get_ctx(module);
+
+	data = talloc(module, struct private_data);
+	if (data == NULL) {
+		return LDB_ERR_OTHER;
+	}
+
+	data->next_free_id = 1;
+	data->n_stores = VLV_N_SEARCHES;
+	data->store = talloc_zero_array(data, struct results_store *, data->n_stores);
+
+	ldb_module_set_private(module, data);
+
+	ret = ldb_mod_register_control(module, LDB_CONTROL_VLV_REQ_OID);
+	if (ret != LDB_SUCCESS) {
+		ldb_debug(ldb, LDB_DEBUG_WARNING,
+			  "vlv:"
+			  "Unable to register control with rootdse!");
+	}
+
+	return ldb_next_init(module);
+}
+
+static const struct ldb_module_ops ldb_vlv_module_ops = {
+	.name           = "vlv",
+	.search         = vlv_search,
+	.init_context 	= vlv_request_init
+};
+
+int ldb_vlv_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_vlv_module_ops);
+}
diff --git a/source4/dsdb/samdb/ldb_modules/wscript b/source4/dsdb/samdb/ldb_modules/wscript
new file mode 100644
index 0000000..ce7f48d
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/wscript
@@ -0,0 +1,38 @@
+
+import sys
+from waflib import Logs, Options
+import samba3
+
+def options(opt):
+    help =  "Build with gpgme support (default=auto). "
+    help += "This requires gpgme devel and python packages "
+    help += "(e.g. libgpgme11-dev, python-gpgme on debian/ubuntu)."
+
+    opt.samba_add_onoff_option('gpgme', default=True, help=(help))
+
+    return
+
+def configure(conf):
+    conf.SET_TARGET_TYPE('gpgme', 'EMPTY')
+
+    if not Options.options.without_ad_dc \
+       and Options.options.with_gpgme != False:
+        conf.find_program('gpgme-config', var='GPGME_CONFIG')
+
+        if conf.env.GPGME_CONFIG:
+            conf.CHECK_CFG(path=conf.env.GPGME_CONFIG, args="--cflags --libs",
+                           package="", uselib_store="gpgme",
+                           msg='Checking for gpgme support')
+
+        if conf.CHECK_FUNCS_IN('gpgme_new', 'gpgme', headers='gpgme.h'):
+            conf.DEFINE('ENABLE_GPGME', '1')
+
+        if not conf.CONFIG_SET('ENABLE_GPGME'):
+            conf.fatal("GPGME support not found. "
+                       "Try installing libgpgme11-dev or gpgme-devel "
+		       "and python-gpgme. "
+                       "Otherwise, use --without-gpgme to build without "
+                       "GPGME support or --without-ad-dc to build without "
+		       "the Samba AD DC. "
+                       "GPGME support is required for the GPG encrypted "
+                       "password sync feature")
diff --git a/source4/dsdb/samdb/ldb_modules/wscript_build b/source4/dsdb/samdb/ldb_modules/wscript_build
new file mode 100644
index 0000000..c3e8b54
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/wscript_build
@@ -0,0 +1,60 @@
+#!/usr/bin/env python
+
+bld.SAMBA_LIBRARY('dsdb-module',
+	source=[],
+	deps='DSDB_MODULE_HELPERS DSDB_MODULE_HELPER_RIDALLOC',
+	private_library=True,
+	grouping_library=True)
+
+bld.SAMBA_SUBSYSTEM('DSDB_MODULE_HELPERS',
+	source='util.c acl_util.c schema_util.c netlogon.c',
+	autoproto='util_proto.h',
+	deps='ldb ndr samdb-common samba-security'
+	)
+
+bld.SAMBA_SUBSYSTEM('DSDB_MODULE_HELPER_RIDALLOC',
+	source='ridalloc.c',
+	autoproto='ridalloc.h',
+	deps='MESSAGING',
+	)
+
+# Build the cmocka unit tests
+bld.SAMBA_BINARY('test_unique_object_sids',
+        source='tests/test_unique_object_sids.c',
+        deps='''
+            talloc
+            samdb
+            cmocka
+            DSDB_MODULE_HELPERS
+        ''',
+        for_selftest=True)
+bld.SAMBA_BINARY('test_encrypted_secrets_tdb',
+        source='tests/test_encrypted_secrets.c',
+        cflags='-DTEST_BE=\"tdb\"',
+        deps='''
+            talloc
+            samba-util
+            samdb-common
+            samdb
+            cmocka
+            gnutls
+            DSDB_MODULE_HELPERS
+        ''',
+        for_selftest=True)
+if conf.env.HAVE_LMDB:
+    bld.SAMBA_BINARY('test_encrypted_secrets_mdb',
+            source='tests/test_encrypted_secrets.c',
+            cflags='-DTEST_BE=\"mdb\"',
+            deps='''
+                talloc
+                samba-util
+                samdb-common
+                samdb
+                cmocka
+                gnutls
+                DSDB_MODULE_HELPERS
+            ''',
+            for_selftest=True)
+
+if bld.AD_DC_BUILD_IS_ENABLED():
+    bld.PROCESS_SEPARATE_RULE("server")
diff --git a/source4/dsdb/samdb/ldb_modules/wscript_build_server b/source4/dsdb/samdb/ldb_modules/wscript_build_server
new file mode 100644
index 0000000..7a63f43
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/wscript_build_server
@@ -0,0 +1,539 @@
+#!/usr/bin/env python
+
+bld.SAMBA_SUBSYSTEM('DSDB_MODULE_HELPERS_AUDIT',
+	            source='audit_util.c',
+	            autoproto='audit_util_proto.h',
+	            deps='DSDB_MODULE_HELPERS audit_logging')
+
+#
+# These tests require JANSSON, so we only build them if we are doing a
+# build on the AD DC (where Jansson is required).
+#
+
+bld.SAMBA_BINARY('test_audit_util',
+                 source='tests/test_audit_util.c',
+                 deps='''
+                 talloc
+                 samba-util
+                 samdb-common
+                 samdb
+                 cmocka
+                 audit_logging
+                 DSDB_MODULE_HELPERS
+                 ''',
+                 for_selftest=True)
+
+bld.SAMBA_BINARY('test_audit_log',
+                 source='tests/test_audit_log.c',
+                 deps='''
+                 talloc
+                 samba-util
+                 samdb-common
+                 samdb
+                 cmocka
+                 audit_logging
+                 DSDB_MODULE_HELPERS
+                 DSDB_MODULE_HELPERS_AUDIT
+                 ''',
+                 for_selftest=True)
+
+bld.SAMBA_BINARY('test_audit_log_errors',
+                 source='tests/test_audit_log_errors.c',
+                 deps='''
+                 talloc
+                 samba-util
+                 samdb-common
+                 samdb
+                 cmocka
+                 audit_logging
+                 DSDB_MODULE_HELPERS
+                 DSDB_MODULE_HELPERS_AUDIT
+                 ''',
+                 ldflags='''
+                     -Wl,--wrap,json_new_object
+                     -Wl,--wrap,json_add_version
+                     -Wl,--wrap,json_add_timestamp
+                 ''',
+                 for_selftest=True)
+
+bld.SAMBA_BINARY('test_group_audit',
+                 source='tests/test_group_audit.c',
+                 deps='''
+                 talloc
+                 samba-util
+                 samdb-common
+                 samdb
+                 cmocka
+                 audit_logging
+                 DSDB_MODULE_HELPERS
+                 DSDB_MODULE_HELPERS_AUDIT
+                 ''',
+                 for_selftest=True)
+
+bld.SAMBA_BINARY('test_group_audit_errors',
+                 source='tests/test_group_audit_errors.c',
+                 deps='''
+                 talloc
+                 samba-util
+                 samdb-common
+                 samdb
+                 cmocka
+                 audit_logging
+                 DSDB_MODULE_HELPERS
+                 DSDB_MODULE_HELPERS_AUDIT
+                 ''',
+                 ldflags='''
+                     -Wl,--wrap,json_new_object
+                     -Wl,--wrap,json_add_version
+                     -Wl,--wrap,json_add_timestamp
+                 ''',
+                 for_selftest=True)
+
+bld.SAMBA_MODULE('ldb_samba_dsdb',
+	source='samba_dsdb.c',
+	subsystem='ldb',
+	init_function='ldb_samba_dsdb_module_init',
+	module_init_name='ldb_init_module',
+	deps='samdb talloc ndr DSDB_MODULE_HELPERS',
+	internal_module=False,
+	)
+
+
+bld.SAMBA_MODULE('ldb_samba_secrets',
+	source='samba_secrets.c',
+	subsystem='ldb',
+	init_function='ldb_samba_secrets_module_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='samdb talloc ndr'
+	)
+
+
+bld.SAMBA_MODULE('ldb_objectguid',
+	source='objectguid.c',
+	subsystem='ldb',
+	init_function='ldb_objectguid_module_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='samdb talloc ndr DSDB_MODULE_HELPERS'
+	)
+
+
+bld.SAMBA_MODULE('ldb_repl_meta_data',
+	source='repl_meta_data.c',
+	subsystem='ldb',
+	init_function='ldb_repl_meta_data_module_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='samdb talloc ndr NDR_DRSUAPI NDR_DRSBLOBS ndr DSDB_MODULE_HELPERS samba-security'
+	)
+
+
+bld.SAMBA_MODULE('ldb_schema_load',
+	source='schema_load.c',
+	subsystem='ldb',
+	init_function='ldb_schema_load_module_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='samdb talloc DSDB_MODULE_HELPERS'
+	)
+
+
+bld.SAMBA_MODULE('ldb_schema_data',
+	source='schema_data.c',
+	subsystem='ldb',
+	init_function='ldb_schema_data_module_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='samdb talloc DSDB_MODULE_HELPERS'
+	)
+
+
+bld.SAMBA_MODULE('ldb_samldb',
+	source='samldb.c',
+	subsystem='ldb',
+	init_function='ldb_samldb_module_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='talloc samdb DSDB_MODULE_HELPERS DSDB_MODULE_HELPER_RIDALLOC'
+	)
+
+
+bld.SAMBA_MODULE('ldb_samba3sam',
+	source='samba3sam.c',
+	subsystem='ldb',
+	init_function='ldb_samba3sam_module_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='talloc ldb smbpasswdparser samba-security NDR_SECURITY'
+	)
+
+
+bld.SAMBA_MODULE('ldb_samba3sid',
+	source='samba3sid.c',
+	subsystem='ldb',
+	init_function='ldb_samba3sid_module_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='talloc ldb samba-security NDR_SECURITY ldbsamba DSDB_MODULE_HELPERS'
+	)
+
+
+bld.SAMBA_MODULE('ldb_rootdse',
+	source='rootdse.c',
+	subsystem='ldb',
+	init_function='ldb_rootdse_module_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='talloc samdb MESSAGING samba-security DSDB_MODULE_HELPERS RPC_NDR_IRPC'
+	)
+
+
+bld.SAMBA_MODULE('ldb_password_hash',
+	source='password_hash.c',
+	subsystem='ldb',
+	init_function='ldb_password_hash_module_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='talloc samdb LIBCLI_AUTH NDR_DRSBLOBS authkrb5 krb5 gpgme DSDB_MODULE_HELPERS crypt db-glue'
+	)
+
+
+bld.SAMBA_MODULE('ldb_extended_dn_in',
+	source='extended_dn_in.c',
+	subsystem='ldb',
+	init_function='ldb_extended_dn_in_module_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='ldb talloc samba-util DSDB_MODULE_HELPERS'
+	)
+
+
+bld.SAMBA_MODULE('ldb_extended_dn_out',
+	source='extended_dn_out.c',
+	init_function='ldb_extended_dn_out_module_init',
+	module_init_name='ldb_init_module',
+	subsystem='ldb',
+	deps='talloc ndr samba-util samdb DSDB_MODULE_HELPERS',
+	internal_module=False,
+	)
+
+
+bld.SAMBA_MODULE('ldb_extended_dn_store',
+	source='extended_dn_store.c',
+	subsystem='ldb',
+	init_function='ldb_extended_dn_store_module_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='talloc samba-util samdb DSDB_MODULE_HELPERS'
+	)
+
+
+bld.SAMBA_MODULE('ldb_show_deleted',
+	source='show_deleted.c',
+	subsystem='ldb',
+	init_function='ldb_show_deleted_module_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='talloc samba-util DSDB_MODULE_HELPERS'
+	)
+
+
+bld.SAMBA_MODULE('ldb_partition',
+	source='partition.c partition_init.c partition_metadata.c',
+	autoproto='partition_proto.h',
+	subsystem='ldb',
+	init_function='ldb_partition_module_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='talloc samdb DSDB_MODULE_HELPERS'
+	)
+
+
+bld.SAMBA_MODULE('ldb_new_partition',
+	source='new_partition.c',
+	subsystem='ldb',
+	init_function='ldb_new_partition_module_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='talloc samdb DSDB_MODULE_HELPERS'
+	)
+
+
+bld.SAMBA_MODULE('ldb_update_keytab',
+	source='update_keytab.c',
+	subsystem='ldb',
+	init_function='ldb_update_keytab_module_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='talloc samba-credentials ldb com_err KERBEROS_SRV_KEYTAB SECRETS DSDB_MODULE_HELPERS'
+	)
+
+bld.SAMBA_MODULE('ldb_secrets_tdb_sync',
+	source='secrets_tdb_sync.c',
+	subsystem='ldb',
+	init_function='ldb_secrets_tdb_sync_module_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='talloc secrets3 DSDB_MODULE_HELPERS dbwrap gssapi'
+	)
+
+
+bld.SAMBA_MODULE('ldb_objectclass',
+	source='objectclass.c',
+	subsystem='ldb',
+	init_function='ldb_objectclass_module_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='talloc samdb DSDB_MODULE_HELPERS samba-util'
+	)
+
+
+bld.SAMBA_MODULE('ldb_objectclass_attrs',
+	source='objectclass_attrs.c',
+	subsystem='ldb',
+	init_function='ldb_objectclass_attrs_module_init',
+	module_init_name='ldb_init_module',
+	deps='talloc samdb DSDB_MODULE_HELPERS samba-util',
+	internal_module=False,
+	)
+
+
+bld.SAMBA_MODULE('ldb_subtree_rename',
+	source='subtree_rename.c',
+	subsystem='ldb',
+	init_function='ldb_subtree_rename_module_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='talloc samba-util ldb samdb-common DSDB_MODULE_HELPERS'
+	)
+
+
+bld.SAMBA_MODULE('ldb_subtree_delete',
+	source='subtree_delete.c',
+	subsystem='ldb',
+	init_function='ldb_subtree_delete_module_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='talloc samba-util DSDB_MODULE_HELPERS'
+	)
+
+
+bld.SAMBA_MODULE('ldb_linked_attributes',
+	source='linked_attributes.c',
+	subsystem='ldb',
+	init_function='ldb_linked_attributes_module_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='talloc samdb DSDB_MODULE_HELPERS'
+	)
+
+
+bld.SAMBA_MODULE('ldb_ranged_results',
+	source='ranged_results.c',
+	subsystem='ldb',
+	init_function='ldb_ranged_results_module_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='talloc samba-util ldb'
+	)
+
+
+bld.SAMBA_MODULE('ldb_anr',
+	source='anr.c',
+	subsystem='ldb',
+	init_function='ldb_anr_module_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='talloc samba-util samdb'
+	)
+
+
+bld.SAMBA_MODULE('ldb_instancetype',
+	source='instancetype.c',
+	subsystem='ldb',
+	init_function='ldb_instancetype_module_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='talloc samba-util samdb DSDB_MODULE_HELPERS'
+	)
+
+
+bld.SAMBA_MODULE('ldb_operational',
+	source='operational.c',
+	subsystem='ldb',
+	init_function='ldb_operational_module_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='talloc samba-util samdb-common DSDB_MODULE_HELPERS samdb'
+	)
+
+
+bld.SAMBA_MODULE('ldb_descriptor',
+	source='descriptor.c',
+	subsystem='ldb',
+	init_function='ldb_descriptor_module_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='talloc samba-security NDR_SECURITY samdb DSDB_MODULE_HELPERS'
+	)
+
+
+bld.SAMBA_MODULE('ldb_resolve_oids',
+	source='resolve_oids.c',
+	subsystem='ldb',
+	init_function='ldb_resolve_oids_module_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='samdb talloc ndr'
+	)
+
+
+bld.SAMBA_MODULE('ldb_acl',
+	source='acl.c',
+	subsystem='ldb',
+	init_function='ldb_acl_module_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='talloc samba-util samba-security samdb DSDB_MODULE_HELPERS krb5samba'
+	)
+
+
+bld.SAMBA_MODULE('ldb_lazy_commit',
+	source='lazy_commit.c',
+	subsystem='ldb',
+	internal_module=False,
+	module_init_name='ldb_init_module',
+	init_function='ldb_lazy_commit_module_init',
+	deps='samdb DSDB_MODULE_HELPERS'
+	)
+
+bld.SAMBA_MODULE('ldb_aclread',
+	source='acl_read.c',
+	subsystem='ldb',
+	init_function='ldb_aclread_module_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='talloc samba-security samdb DSDB_MODULE_HELPERS',
+	)
+
+bld.SAMBA_MODULE('ldb_dirsync',
+	source='dirsync.c',
+	subsystem='ldb',
+	init_function='ldb_dirsync_module_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='talloc samba-security samdb DSDB_MODULE_HELPERS'
+	)
+
+bld.SAMBA_MODULE('ldb_dsdb_notification',
+	source='dsdb_notification.c',
+	subsystem='ldb',
+	init_function='ldb_dsdb_notification_module_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='talloc samba-security samdb DSDB_MODULE_HELPERS'
+	)
+
+bld.SAMBA_MODULE('ldb_dns_notify',
+	source='dns_notify.c',
+	subsystem='ldb',
+	init_function='ldb_dns_notify_module_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='talloc samdb DSDB_MODULE_HELPERS MESSAGING RPC_NDR_IRPC'
+	)
+
+bld.SAMBA_MODULE('tombstone_reanimate',
+	source='tombstone_reanimate.c',
+	subsystem='ldb',
+	init_function='ldb_tombstone_reanimate_module_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='talloc samba-util DSDB_MODULE_HELPERS'
+	)
+
+bld.SAMBA_MODULE('ldb_vlv',
+	'vlv_pagination.c',
+	init_function='ldb_vlv_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='samdb-common',
+	subsystem='ldb'
+	)
+
+bld.SAMBA_MODULE('ldb_paged_results',
+	'paged_results.c',
+	init_function='ldb_dsdb_paged_results_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='samdb-common',
+	subsystem='ldb'
+	)
+
+bld.SAMBA_MODULE('ldb_unique_object_sids',
+	'unique_object_sids.c',
+	init_function='ldb_unique_object_sids_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='samdb-common DSDB_MODULE_HELPERS',
+	subsystem='ldb'
+	)
+
+bld.SAMBA_MODULE('ldb_encrypted_secrets',
+	source='encrypted_secrets.c',
+	subsystem='ldb',
+	init_function='ldb_encrypted_secrets_module_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='''
+            talloc
+            samba-util
+            samdb-common
+            DSDB_MODULE_HELPERS
+            samdb
+            gnutls
+        '''
+	)
+
+bld.SAMBA_MODULE('ldb_audit_log',
+	source='audit_log.c',
+	subsystem='ldb',
+	init_function='ldb_audit_log_module_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='''
+            audit_logging
+            talloc
+            samba-util
+            samdb-common
+            DSDB_MODULE_HELPERS_AUDIT
+            samdb
+        '''
+	)
+
+bld.SAMBA_MODULE('ldb_group_audit_log',
+	source='group_audit.c',
+	subsystem='ldb',
+	init_function='ldb_group_audit_log_module_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='''
+            audit_logging
+            talloc
+            samba-util
+            samdb-common
+            DSDB_MODULE_HELPERS_AUDIT
+            samdb
+        '''
+	)
+
+
+bld.SAMBA_MODULE('count_attrs',
+	'count_attrs.c',
+	init_function='ldb_count_attrs_init',
+	module_init_name='ldb_init_module',
+	internal_module=False,
+	deps='samdb-common DSDB_MODULE_HELPERS',
+	subsystem='ldb'
+)
diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c
new file mode 100644
index 0000000..42375a8
--- /dev/null
+++ b/source4/dsdb/samdb/samdb.c
@@ -0,0 +1,344 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   interface functions for the sam database
+
+   Copyright (C) Andrew Tridgell 2004
+   Copyright (C) Volker Lendecke 2004
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2006
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_netlogon.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "lib/events/events.h"
+#include "lib/ldb-samba/ldb_wrap.h"
+#include <ldb.h>
+#include <ldb_errors.h>
+#include "libcli/security/security.h"
+#include "libcli/security/claims-conversions.h"
+#include "libcli/auth/libcli_auth.h"
+#include "libcli/ldap/ldap_ndr.h"
+#include "system/time.h"
+#include "system/filesys.h"
+#include "ldb_wrap.h"
+#include "../lib/util/util_ldb.h"
+#include "dsdb/samdb/samdb.h"
+#include "../libds/common/flags.h"
+#include "param/param.h"
+#include "lib/events/events.h"
+#include "auth/credentials/credentials.h"
+#include "param/secrets.h"
+#include "auth/auth.h"
+#include "lib/tsocket/tsocket.h"
+#include "lib/param/loadparm.h"
+
+/*
+  connect to the SAM database specified by URL
+  return an opaque context pointer on success, or NULL on failure
+ */
+int samdb_connect_url(TALLOC_CTX *mem_ctx,
+		      struct tevent_context *ev_ctx,
+		      struct loadparm_context *lp_ctx,
+		      struct auth_session_info *session_info,
+		      unsigned int flags,
+		      const char *url,
+		      const struct tsocket_address *remote_address,
+		      struct ldb_context **ldb_ret,
+		      char **errstring)
+{
+	struct ldb_context *ldb = NULL;
+	int ret;
+	*ldb_ret = NULL;
+	*errstring = NULL;
+
+	/* We create sam.ldb in provision, and never anywhere else */
+	flags |= LDB_FLG_DONT_CREATE_DB;
+
+	if (remote_address == NULL) {
+		ldb = ldb_wrap_find(url, ev_ctx, lp_ctx,
+				    session_info, NULL, flags);
+		if (ldb != NULL) {
+			*ldb_ret = talloc_reference(mem_ctx, ldb);
+			if (*ldb_ret == NULL) {
+				return LDB_ERR_OPERATIONS_ERROR;
+			}
+			return LDB_SUCCESS;
+		}
+	}
+
+	ldb = samba_ldb_init(mem_ctx, ev_ctx, lp_ctx, session_info, NULL);
+
+	if (ldb == NULL) {
+		*errstring = talloc_asprintf(mem_ctx,
+					     "Failed to set up Samba ldb "
+					     "wrappers with samba_ldb_init() "
+					     "to connect to %s",
+					     url);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	dsdb_set_global_schema(ldb);
+
+	ret = samba_ldb_connect(ldb, lp_ctx, url, flags);
+	if (ret != LDB_SUCCESS) {
+		*errstring = talloc_asprintf(mem_ctx,
+					     "Failed to connect to %s: %s",
+					     url,
+					     ldb_errstring(ldb));
+		talloc_free(ldb);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	/*
+	 * If a remote_address was specified, then set it on the DB
+	 * and do not add to the wrap list (as we need to keep the LDB
+	 * pointer unique for the address).
+	 *
+	 * We use this for audit logging and for the "netlogon" attribute
+	 */
+	if (remote_address != NULL) {
+		ldb_set_opaque(ldb, "remoteAddress",
+			       discard_const(remote_address));
+		*ldb_ret = ldb;
+		return LDB_SUCCESS;
+	}
+		
+	if (!ldb_wrap_add(url, ev_ctx, lp_ctx, session_info, NULL, flags, ldb)) {
+		*errstring = talloc_asprintf(mem_ctx,
+					     "Failed to add cached DB reference"
+					     " to %s",
+					     url);
+		talloc_free(ldb);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	*ldb_ret = ldb;
+	return LDB_SUCCESS;
+}
+
+
+/*
+  connect to the SAM database
+  return an opaque context pointer on success, or NULL on failure
+ */
+struct ldb_context *samdb_connect(TALLOC_CTX *mem_ctx,
+				  struct tevent_context *ev_ctx,
+				  struct loadparm_context *lp_ctx,
+				  struct auth_session_info *session_info,
+				  const struct tsocket_address *remote_address,
+				  unsigned int flags)
+{
+	char *errstring;
+	struct ldb_context *ldb;
+	int ret = samdb_connect_url(mem_ctx,
+				    ev_ctx,
+				    lp_ctx,
+				    session_info,
+				    flags,
+				    "sam.ldb",
+				    remote_address,
+				    &ldb,
+				    &errstring);
+	if (ret == LDB_SUCCESS) {
+		return ldb;
+	}
+	return NULL;
+}
+
+/****************************************************************************
+ Create the SID list for this user.
+****************************************************************************/
+NTSTATUS security_token_create(TALLOC_CTX *mem_ctx, 
+			       struct loadparm_context *lp_ctx,
+			       uint32_t num_sids,
+			       const struct auth_SidAttr *sids,
+			       uint32_t num_device_sids,
+			       const struct auth_SidAttr *device_sids,
+			       struct auth_claims auth_claims,
+			       uint32_t session_info_flags,
+			       struct security_token **token)
+{
+	struct security_token *ptoken;
+	uint32_t i;
+	NTSTATUS status;
+	enum claims_evaluation_control evaluate_claims;
+	bool sids_are_valid = false;
+	bool device_sids_are_valid = false;
+	bool authentication_was_compounded = session_info_flags & AUTH_SESSION_INFO_FORCE_COMPOUNDED_AUTHENTICATION;
+
+	/*
+	 * Some special-case callers can't supply the lp_ctx, but do
+	 * not interact with claims or conditional ACEs
+	 */
+	if (lp_ctx == NULL) {
+		evaluate_claims = CLAIMS_EVALUATION_INVALID_STATE;
+	} else {
+		enum acl_claims_evaluation claims_evaultion_setting
+			= lpcfg_acl_claims_evaluation(lp_ctx);
+
+		/*
+		 * We are well inside the AD DC, so we do not need to check
+		 * the server role etc
+		 */
+		switch (claims_evaultion_setting) {
+		case ACL_CLAIMS_EVALUATION_AD_DC_ONLY:
+			evaluate_claims = CLAIMS_EVALUATION_ALWAYS;
+			break;
+		default:
+			evaluate_claims = CLAIMS_EVALUATION_NEVER;
+		}
+	}
+
+	ptoken = security_token_initialise(mem_ctx, evaluate_claims);
+	NT_STATUS_HAVE_NO_MEMORY(ptoken);
+
+	if (num_sids > UINT32_MAX - 6) {
+		talloc_free(ptoken);
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+	ptoken->sids = talloc_array(ptoken, struct dom_sid, num_sids + 6 /* over-allocate */);
+	if (ptoken->sids == NULL) {
+		talloc_free(ptoken);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ptoken->num_sids = 0;
+
+	for (i = 0; i < num_sids; i++) {
+		uint32_t check_sid_idx;
+		for (check_sid_idx = 0;
+		     check_sid_idx < ptoken->num_sids;
+		     check_sid_idx++) {
+			if (dom_sid_equal(&ptoken->sids[check_sid_idx], &sids[i].sid)) {
+				break;
+			}
+		}
+
+		if (check_sid_idx == ptoken->num_sids) {
+			const struct dom_sid *sid = &sids[i].sid;
+
+			sids_are_valid = sids_are_valid || dom_sid_equal(
+				sid, &global_sid_Claims_Valid);
+			authentication_was_compounded = authentication_was_compounded || dom_sid_equal(
+				sid, &global_sid_Compounded_Authentication);
+
+			ptoken->sids = talloc_realloc(ptoken, ptoken->sids, struct dom_sid, ptoken->num_sids + 1);
+			if (ptoken->sids == NULL) {
+				talloc_free(ptoken);
+				return NT_STATUS_NO_MEMORY;
+			}
+
+			ptoken->sids[ptoken->num_sids] = *sid;
+			ptoken->num_sids++;
+		}
+	}
+
+	if (authentication_was_compounded && num_device_sids) {
+		ptoken->device_sids = talloc_array(ptoken, struct dom_sid, num_device_sids);
+		if (ptoken->device_sids == NULL) {
+			talloc_free(ptoken);
+			return NT_STATUS_NO_MEMORY;
+		}
+		for (i = 0; i < num_device_sids; i++) {
+			uint32_t check_sid_idx;
+			for (check_sid_idx = 0;
+			     check_sid_idx < ptoken->num_device_sids;
+			     check_sid_idx++) {
+				if (dom_sid_equal(&ptoken->device_sids[check_sid_idx], &device_sids[i].sid)) {
+					break;
+				}
+			}
+
+			if (check_sid_idx == ptoken->num_device_sids) {
+				const struct dom_sid *device_sid = &device_sids[i].sid;
+
+				device_sids_are_valid = device_sids_are_valid || dom_sid_equal(
+					device_sid, &global_sid_Claims_Valid);
+
+				ptoken->device_sids = talloc_realloc(ptoken,
+								     ptoken->device_sids,
+								     struct dom_sid,
+								     ptoken->num_device_sids + 1);
+				if (ptoken->device_sids == NULL) {
+					talloc_free(ptoken);
+					return NT_STATUS_NO_MEMORY;
+				}
+
+				ptoken->device_sids[ptoken->num_device_sids] = *device_sid;
+				ptoken->num_device_sids++;
+			}
+		}
+	}
+
+	/* The caller may have requested simple privileges, for example if there isn't a local DB */
+	if (session_info_flags & AUTH_SESSION_INFO_SIMPLE_PRIVILEGES) {
+		/* Shortcuts to prevent recursion and avoid lookups */
+		if (ptoken->sids == NULL) {
+			ptoken->privilege_mask = 0;
+		} else if (security_token_is_system(ptoken)) {
+			ptoken->privilege_mask = ~0;
+		} else if (security_token_is_anonymous(ptoken)) {
+			ptoken->privilege_mask = 0;
+		} else if (security_token_has_builtin_administrators(ptoken)) {
+			ptoken->privilege_mask = ~0;
+		} else {
+			/* All other 'users' get a empty priv set so far */
+			ptoken->privilege_mask = 0;
+		}
+	} else {
+		/* setup the privilege mask for this token */
+		status = samdb_privilege_setup(lp_ctx, ptoken);
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(ptoken);
+			DEBUG(1,("Unable to access privileges database\n"));
+			return status;
+		}
+	}
+
+	/*
+	 * TODO: we might want to regard ‘session_info_flags’ for the device
+	 * SIDs as well as for the client SIDs.
+	 */
+
+	if (sids_are_valid) {
+		status = claims_data_security_claims(ptoken,
+						     auth_claims.user_claims,
+						     &ptoken->user_claims,
+						     &ptoken->num_user_claims);
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(ptoken);
+			return status;
+		}
+	}
+
+	if (device_sids_are_valid && authentication_was_compounded) {
+		status = claims_data_security_claims(ptoken,
+						     auth_claims.device_claims,
+						     &ptoken->device_claims,
+						     &ptoken->num_device_claims);
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(ptoken);
+			return status;
+		}
+	}
+
+	security_token_debug(0, 10, ptoken);
+
+	*token = ptoken;
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/dsdb/samdb/samdb.h b/source4/dsdb/samdb/samdb.h
new file mode 100644
index 0000000..ba7cd1b
--- /dev/null
+++ b/source4/dsdb/samdb/samdb.h
@@ -0,0 +1,410 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   interface functions for the sam database
+
+   Copyright (C) Andrew Tridgell 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __SAMDB_H__
+#define __SAMDB_H__
+
+struct auth_SidAttr;
+struct auth_session_info;
+struct dsdb_control_current_partition;
+struct dsdb_extended_replicated_object;
+struct dsdb_extended_replicated_objects;
+struct loadparm_context;
+struct tevent_context;
+struct tsocket_address;
+struct dsdb_trust_routing_table;
+
+enum dsdb_password_checked {
+	DSDB_PASSWORD_NOT_CHECKED = 0, /* unused */
+	DSDB_PASSWORD_RESET,
+	DSDB_PASSWORD_CHECKED_AND_CORRECT
+};
+
+#include "librpc/gen_ndr/security.h"
+#include <ldb.h>
+#include "lib/ldb-samba/ldif_handlers.h"
+#include "librpc/gen_ndr/samr.h"
+#include "librpc/gen_ndr/drsuapi.h"
+#include "librpc/gen_ndr/drsblobs.h"
+#include "dsdb/schema/schema.h"
+#include "auth/session.h"
+#include "dsdb/samdb/samdb_proto.h"
+#include "dsdb/common/dsdb_dn.h"
+#include "dsdb/common/util_links.h"
+#include "dsdb/common/proto.h"
+#include "../libds/common/flags.h"
+
+#define DSDB_CONTROL_CURRENT_PARTITION_OID "1.3.6.1.4.1.7165.4.3.2"
+struct dsdb_control_current_partition {
+	/*
+	 * this is the version of the dsdb_control_current_partition
+	 * version 0: initial implementation
+	 * version 1: got rid of backend and module fields
+	 */
+#define DSDB_CONTROL_CURRENT_PARTITION_VERSION 1
+	uint32_t version;
+	struct ldb_dn *dn;
+};
+
+
+/*
+  flags in dsdb_repl_flags to control replication logic
+ */
+#define DSDB_REPL_FLAG_PRIORITISE_INCOMING 1
+#define DSDB_REPL_FLAG_PARTIAL_REPLICA     2
+#define DSDB_REPL_FLAG_ADD_NCNAME	   4
+#define DSDB_REPL_FLAG_EXPECT_NO_SECRETS   8
+#define DSDB_REPL_FLAG_OBJECT_SUBSET       16
+#define DSDB_REPL_FLAG_TARGETS_UPTODATE    32
+
+#define DSDB_CONTROL_REPLICATED_UPDATE_OID "1.3.6.1.4.1.7165.4.3.3"
+
+#define DSDB_CONTROL_DN_STORAGE_FORMAT_OID "1.3.6.1.4.1.7165.4.3.4"
+/* DSDB_CONTROL_DN_STORAGE_FORMAT_OID has NULL data and behaves very
+ * much like LDB_CONTROL_EXTENDED_DN_OID when the DB stores an
+ * extended DN, and otherwise returns normal DNs */
+
+#define DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID "1.3.6.1.4.1.7165.4.3.8"
+
+struct dsdb_user_pwd_settings {
+	uint32_t pwdProperties;
+	uint32_t pwdHistoryLength;
+	int64_t maxPwdAge;
+	int64_t minPwdAge;
+	uint32_t minPwdLength;
+	bool store_cleartext;
+	const char *netbios_domain;
+	const char *dns_domain;
+	const char *realm;
+};
+
+struct dsdb_control_password_change_status {
+	struct dsdb_user_pwd_settings domain_data;
+	enum samPwdChangeReason reject_reason;
+};
+
+#define DSDB_CONTROL_PASSWORD_HASH_VALUES_OID "1.3.6.1.4.1.7165.4.3.9"
+
+#define DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID "1.3.6.1.4.1.7165.4.3.10"
+struct dsdb_control_password_change {
+	enum dsdb_password_checked old_password_checked;
+};
+
+/**
+   DSDB_CONTROL_APPLY_LINKS is internal to Samba4 - a token passed between repl_meta_data and linked_attributes modules
+*/
+#define DSDB_CONTROL_APPLY_LINKS "1.3.6.1.4.1.7165.4.3.11"
+
+/*
+ * this should only be used for importing users from Samba3
+ */
+#define DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID "1.3.6.1.4.1.7165.4.3.12"
+
+/**
+  OID used to allow the replacement of replPropertyMetaData.
+  It is used when the current replmetadata needs to be edited.
+*/
+#define DSDB_CONTROL_CHANGEREPLMETADATA_OID "1.3.6.1.4.1.7165.4.3.14"
+
+/* passed when we want to get the behaviour of the non-global catalog port */
+#define DSDB_CONTROL_NO_GLOBAL_CATALOG "1.3.6.1.4.1.7165.4.3.17"
+
+/* passed when we want special behaviour for partial replicas */
+#define DSDB_CONTROL_PARTIAL_REPLICA "1.3.6.1.4.1.7165.4.3.18"
+
+/* passed when we want special behaviour for dbcheck */
+#define DSDB_CONTROL_DBCHECK "1.3.6.1.4.1.7165.4.3.19"
+
+/* passed when dbcheck wants to modify a read only replica (very special case) */
+#define DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA "1.3.6.1.4.1.7165.4.3.19.1"
+
+/* passed by dbcheck to fix duplicate linked attributes (bug #13095) */
+#define DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS "1.3.6.1.4.1.7165.4.3.19.2"
+
+/* passed by dbcheck to fix the DN string of a one-way-link (bug #13495) */
+#define DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME "1.3.6.1.4.1.7165.4.3.19.3"
+
+/* passed by dbcheck to fix the DN SID of a one-way-link (bug #13418) */
+#define DSDB_CONTROL_DBCHECK_FIX_LINK_DN_SID "1.3.6.1.4.1.7165.4.3.19.4"
+
+/* passed when importing plain text password on upgrades */
+#define DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID "1.3.6.1.4.1.7165.4.3.20"
+
+/*
+ * passed from the descriptor module in order to
+ * store the recalculated nTSecurityDescriptor without
+ * modifying the replPropertyMetaData.
+ */
+#define DSDB_CONTROL_SEC_DESC_PROPAGATION_OID "1.3.6.1.4.1.7165.4.3.21"
+
+/*
+ * passed when creating a interdomain trust account through LSA
+ * to relax constraints in the samldb ldb module.
+ */
+#define DSDB_CONTROL_PERMIT_INTERDOMAIN_TRUST_UAC_OID "1.3.6.1.4.1.7165.4.3.23"
+
+/*
+ * Internal control to mark requests as being part of Tombstone restoring
+ * procedure - it requires slightly special behavior like:
+ *  - a bit different security checks
+ *  - restoring certain attributes to their default values, etc
+ */
+#define DSDB_CONTROL_RESTORE_TOMBSTONE_OID "1.3.6.1.4.1.7165.4.3.24"
+
+/**
+  OID used to allow the replacement of replPropertyMetaData.
+  It is used when the current replmetadata needs only to be re-sorted, but not edited.
+*/
+#define DSDB_CONTROL_CHANGEREPLMETADATA_RESORT_OID "1.3.6.1.4.1.7165.4.3.25"
+
+/*
+ * pass the default state of pwdLastSet between the "samldb" and "password_hash"
+ * modules.
+ */
+#define DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET_OID "1.3.6.1.4.1.7165.4.3.26"
+
+/*
+ * pass the userAccountControl changes between the "samldb" and "password_hash"
+ * modules.
+ */
+#define DSDB_CONTROL_PASSWORD_USER_ACCOUNT_CONTROL_OID "1.3.6.1.4.1.7165.4.3.27"
+struct dsdb_control_password_user_account_control {
+	uint32_t req_flags; /* the flags given by the client request */
+	uint32_t old_flags; /* the old flags stored (0 on add) */
+	uint32_t new_flags; /* the new flags stored */
+};
+
+/*
+ * Ignores strict checking when adding objects to samldb.
+ * This is used when provisioning, as checking all objects when added
+ * was slow due to an unindexed search.
+ */
+#define DSDB_CONTROL_SKIP_DUPLICATES_CHECK_OID "1.3.6.1.4.1.7165.4.3.28"
+
+/* passed when we want to thoroughly delete linked attributes */
+#define DSDB_CONTROL_REPLMD_VANISH_LINKS "1.3.6.1.4.1.7165.4.3.29"
+
+/*
+ * lockoutTime is a replicated attribute, but must be modified before
+ * connectivity occurs to allow password lockouts.
+ */
+#define DSDB_CONTROL_FORCE_RODC_LOCAL_CHANGE "1.3.6.1.4.1.7165.4.3.31"
+
+#define DSDB_CONTROL_INVALID_NOT_IMPLEMENTED "1.3.6.1.4.1.7165.4.3.32"
+
+/*
+ * Used to pass "user password change" vs "password reset" from the ACL to the
+ * password_hash module, ensuring both modules treat the request identical.
+ */
+#define DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID "1.3.6.1.4.1.7165.4.3.33"
+struct dsdb_control_password_acl_validation {
+	bool pwd_reset;
+};
+
+/*
+ * Used to pass the current transaction identifier from the audit_log
+ * module to group membership auditing module
+ */
+#define DSDB_CONTROL_TRANSACTION_IDENTIFIER_OID "1.3.6.1.4.1.7165.4.3.34"
+struct dsdb_control_transaction_identifier {
+	struct GUID transaction_guid;
+};
+
+/*
+ * passed when we want to allow validated writes to dNSHostName and
+ * servicePrincipalName.
+ */
+#define DSDB_CONTROL_FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE_OID "1.3.6.1.4.1.7165.4.3.35"
+
+/*
+ * Used by descriptor module to pass a special SD to acl module,
+ * one without the user-provided descriptor taken into account
+ */
+
+#define DSDB_CONTROL_CALCULATED_DEFAULT_SD_OID "1.3.6.1.4.1.7165.4.3.36"
+struct dsdb_control_calculated_default_sd {
+	struct security_descriptor *default_sd;
+	bool specified_sd:1;
+	bool specified_sacl:1;
+};
+
+#define DSDB_CONTROL_ACL_READ_OID "1.3.6.1.4.1.7165.4.3.37"
+
+#define DSDB_EXTENDED_REPLICATED_OBJECTS_OID "1.3.6.1.4.1.7165.4.4.1"
+struct dsdb_extended_replicated_object {
+	struct ldb_message *msg;
+	struct GUID object_guid;
+	struct GUID *parent_guid;
+	const char *when_changed;
+	struct replPropertyMetaDataBlob *meta_data;
+
+	/* Only used for internal processing in repl_meta_data */
+	struct ldb_dn *last_known_parent;
+	struct ldb_dn *local_parent_dn;
+};
+
+/*
+ * the schema_dn is passed as struct ldb_dn in
+ * req->op.extended.data
+ */
+#define DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID "1.3.6.1.4.1.7165.4.4.2"
+
+struct dsdb_extended_replicated_objects {
+	/*
+	 * this is the version of the dsdb_extended_replicated_objects
+	 * version 0: initial implementation
+	 */
+#define DSDB_EXTENDED_REPLICATED_OBJECTS_VERSION 3
+	uint32_t version;
+
+	/* DSDB_REPL_FLAG_* flags */
+	uint32_t dsdb_repl_flags;
+
+	struct ldb_dn *partition_dn;
+
+	const struct repsFromTo1 *source_dsa;
+	const struct drsuapi_DsReplicaCursor2CtrEx *uptodateness_vector;
+
+	uint32_t num_objects;
+	struct dsdb_extended_replicated_object *objects;
+
+	uint32_t linked_attributes_count;
+	struct drsuapi_DsReplicaLinkedAttribute *linked_attributes;
+
+	WERROR error;
+
+	bool originating_updates;
+};
+
+/* In ldb.h: LDB_EXTENDED_SEQUENCE_NUMBER 1.3.6.1.4.1.7165.4.4.3 */
+
+#define DSDB_EXTENDED_CREATE_PARTITION_OID "1.3.6.1.4.1.7165.4.4.4"
+struct dsdb_create_partition_exop {
+	struct ldb_dn *new_dn;
+};
+
+/* this takes a struct dsdb_fsmo_extended_op */
+#define DSDB_EXTENDED_ALLOCATE_RID_POOL "1.3.6.1.4.1.7165.4.4.5"
+
+struct dsdb_fsmo_extended_op {
+	uint64_t fsmo_info;
+	struct GUID destination_dsa_guid;
+};
+
+#define DSDB_EXTENDED_SCHEMA_UPGRADE_IN_PROGRESS_OID "1.3.6.1.4.1.7165.4.4.6"
+
+/*
+ * passed from the descriptor module in order to
+ * store the recalculated nTSecurityDescriptor without
+ * modifying the replPropertyMetaData.
+ */
+#define DSDB_EXTENDED_SEC_DESC_PROPAGATION_OID "1.3.6.1.4.1.7165.4.4.7"
+struct dsdb_extended_sec_desc_propagation_op {
+	struct ldb_dn *nc_root;
+	struct GUID guid;
+	bool include_self;
+	struct GUID parent_guid;
+};
+
+/* this takes no data */
+#define DSDB_EXTENDED_CREATE_OWN_RID_SET "1.3.6.1.4.1.7165.4.4.8"
+
+/* this takes a struct dsdb_extended_allocate_rid */
+#define DSDB_EXTENDED_ALLOCATE_RID "1.3.6.1.4.1.7165.4.4.9"
+
+struct dsdb_extended_allocate_rid {
+	uint32_t rid;
+};
+
+#define DSDB_EXTENDED_SCHEMA_LOAD "1.3.6.1.4.1.7165.4.4.10"
+
+#define DSDB_OPENLDAP_DEREFERENCE_CONTROL "1.3.6.1.4.1.4203.666.5.16"
+
+struct dsdb_openldap_dereference {
+	const char *source_attribute;
+	const char **dereference_attribute;
+};
+
+struct dsdb_openldap_dereference_control {
+	struct dsdb_openldap_dereference **dereference;
+};
+
+struct dsdb_openldap_dereference_result {
+	const char *source_attribute;
+	const char *dereferenced_dn;
+	int num_attributes;
+	struct ldb_message_element *attributes;
+};
+
+struct dsdb_openldap_dereference_result_control {
+	struct dsdb_openldap_dereference_result **attributes;
+};
+
+struct samldb_msds_intid_persistant {
+	uint32_t msds_intid;
+};
+
+#define SAMLDB_MSDS_INTID_OPAQUE "SAMLDB_MSDS_INTID_OPAQUE"
+
+#define DSDB_PARTITION_DN "@PARTITION"
+#define DSDB_PARTITION_ATTR "partition"
+
+#define DSDB_EXTENDED_DN_STORE_FORMAT_OPAQUE_NAME "dsdb_extended_dn_store_format"
+struct dsdb_extended_dn_store_format {
+	bool store_extended_dn_in_ldb;
+};
+
+#define DSDB_OPAQUE_PARTITION_MODULE_MSG_OPAQUE_NAME "DSDB_OPAQUE_PARTITION_MODULE_MSG"
+
+#define DSDB_FULL_JOIN_REPLICATION_COMPLETED_OPAQUE_NAME "DSDB_FULL_JOIN_REPLICATION_COMPLETED"
+
+#define DSDB_OPAQUE_ENCRYPTED_CONNECTION_STATE_NAME "DSDB_OPAQUE_ENCRYPTED_CONNECTION_STATE_MSG"
+struct dsdb_encrypted_connection_state {
+	bool using_encrypted_connection;
+};
+
+#define DSDB_SAMDB_MINIMUM_ALLOWED_RID   1000
+
+#define DSDB_METADATA_SCHEMA_SEQ_NUM	"SCHEMA_SEQ_NUM"
+
+/*
+ * must be in LDB_FLAG_INTERNAL_MASK
+ * see also the values in lib/ldb/include/ldb_module.h
+ */
+#define DSDB_FLAG_INTERNAL_FORCE_META_DATA 0x10000
+
+#define SAMBA_COMPATIBLE_FEATURES_ATTR "compatibleFeatures"
+#define SAMBA_REQUIRED_FEATURES_ATTR "requiredFeatures"
+#define SAMBA_FEATURES_SUPPORTED_FLAG "@SAMBA_FEATURES_SUPPORTED"
+
+#define SAMBA_SORTED_LINKS_FEATURE "sortedLinks"
+#define SAMBA_ENCRYPTED_SECRETS_FEATURE "encryptedSecrets"
+/*
+ * lmdb level one feature is an experimental release with basic support
+ * for lmdb database files, instead of tdb.
+ * - Keys are limited to 511 bytes long so GUID indexes are required
+ * - Currently only the:
+ *     partition data files
+ *   are in lmdb format.
+ */
+#define SAMBA_LMDB_LEVEL_ONE_FEATURE "lmdbLevelOne"
+
+#endif /* __SAMDB_H__ */
diff --git a/source4/dsdb/samdb/samdb_privilege.c b/source4/dsdb/samdb/samdb_privilege.c
new file mode 100644
index 0000000..c50243c
--- /dev/null
+++ b/source4/dsdb/samdb/samdb_privilege.c
@@ -0,0 +1,134 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   manipulate privilege records in samdb
+
+   Copyright (C) Andrew Tridgell 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/ldap/ldap_ndr.h"
+#include "dsdb/samdb/samdb.h"
+#include "auth/auth.h"
+#include "libcli/security/security.h"
+#include "../lib/util/util_ldb.h"
+#include "param/param.h"
+#include "ldb_wrap.h"
+
+/* connect to the privilege database */
+struct ldb_context *privilege_connect(TALLOC_CTX *mem_ctx, 
+				      struct loadparm_context *lp_ctx)
+{
+	return ldb_wrap_connect(mem_ctx, NULL, lp_ctx, "privilege.ldb",
+				NULL, NULL, 0);
+}
+
+/*
+  add privilege bits for one sid to a security_token
+*/
+static NTSTATUS samdb_privilege_setup_sid(struct ldb_context *pdb, TALLOC_CTX *mem_ctx,
+					  struct security_token *token,
+					  const struct dom_sid *sid)
+{
+	const char * const attrs[] = { "privilege", NULL };
+	struct ldb_message **res = NULL;
+	struct ldb_message_element *el;
+	unsigned int i;
+	int ret;
+	char *sidstr;
+
+	sidstr = ldap_encode_ndr_dom_sid(mem_ctx, sid);
+	NT_STATUS_HAVE_NO_MEMORY(sidstr);
+
+	ret = gendb_search(pdb, mem_ctx, NULL, &res, attrs, "objectSid=%s", sidstr);
+	talloc_free(sidstr);
+	if (ret != 1) {
+		/* not an error to not match */
+		return NT_STATUS_OK;
+	}
+
+	el = ldb_msg_find_element(res[0], "privilege");
+	if (el == NULL) {
+		return NT_STATUS_OK;
+	}
+
+	for (i=0;i<el->num_values;i++) {
+		const char *priv_str = (const char *)el->values[i].data;
+		enum sec_privilege privilege = sec_privilege_id(priv_str);
+		if (privilege == SEC_PRIV_INVALID) {
+			uint32_t right_bit = sec_right_bit(priv_str);
+			security_token_set_right_bit(token, right_bit);
+			if (right_bit == 0) {
+				DEBUG(1,("Unknown privilege '%s' in samdb\n",
+					 priv_str));
+			}
+			continue;
+		}
+		security_token_set_privilege(token, privilege);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  setup the privilege mask for this security token based on our
+  local SAM
+*/
+NTSTATUS samdb_privilege_setup(struct loadparm_context *lp_ctx, struct security_token *token)
+{
+	struct ldb_context *pdb;
+	TALLOC_CTX *mem_ctx;
+	unsigned int i;
+	NTSTATUS status;
+
+	/* Shortcuts to prevent recursion and avoid lookups */
+	if (token->sids == NULL) {
+		token->privilege_mask = 0;
+		return NT_STATUS_OK;
+	}
+
+	if (security_token_is_system(token)) {
+		token->privilege_mask = ~0;
+		return NT_STATUS_OK;
+	}
+
+	if (security_token_is_anonymous(token)) {
+		token->privilege_mask = 0;
+		return NT_STATUS_OK;
+	}
+
+	mem_ctx = talloc_new(token);
+	pdb = privilege_connect(mem_ctx, lp_ctx);
+	if (pdb == NULL) {
+		talloc_free(mem_ctx);
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	token->privilege_mask = 0;
+	
+	for (i=0;i<token->num_sids;i++) {
+		status = samdb_privilege_setup_sid(pdb, mem_ctx,
+						   token, &token->sids[i]);
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(mem_ctx);
+			return status;
+		}
+	}
+
+	talloc_free(mem_ctx);
+
+	return NT_STATUS_OK;	
+}
diff --git a/source4/dsdb/schema/dsdb_dn.c b/source4/dsdb/schema/dsdb_dn.c
new file mode 100644
index 0000000..06565a9
--- /dev/null
+++ b/source4/dsdb/schema/dsdb_dn.c
@@ -0,0 +1,102 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+
+   Copyright (C) Andrew Tridgell 2009
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "dsdb/samdb/samdb.h"
+#include <ldb_module.h>
+#include "librpc/ndr/libndr.h"
+#include "libcli/security/dom_sid.h"
+
+/*
+   convert a dsdb_dn to a linked attribute data blob
+*/
+WERROR dsdb_dn_la_to_blob(struct ldb_context *sam_ctx,
+			  const struct dsdb_attribute *schema_attrib,
+			  const struct dsdb_schema *schema,
+			  TALLOC_CTX *mem_ctx,
+			  struct dsdb_dn *dsdb_dn, DATA_BLOB **blob)
+{
+	struct ldb_val v;
+	WERROR werr;
+	struct ldb_message_element val_el;
+	struct drsuapi_DsReplicaAttribute drs;
+	struct dsdb_syntax_ctx syntax_ctx;
+
+	/* use default syntax conversion context */
+	dsdb_syntax_ctx_init(&syntax_ctx, sam_ctx, schema);
+
+	/* we need a message_element with just one value in it */
+	v = data_blob_string_const(dsdb_dn_get_extended_linearized(mem_ctx, dsdb_dn, 1));
+
+	val_el.name = schema_attrib->lDAPDisplayName;
+	val_el.values = &v;
+	val_el.num_values = 1;
+
+	werr = schema_attrib->syntax->ldb_to_drsuapi(&syntax_ctx, schema_attrib, &val_el, mem_ctx, &drs);
+	W_ERROR_NOT_OK_RETURN(werr);
+
+	if (drs.value_ctr.num_values != 1) {
+		DEBUG(1,(__location__ ": Failed to build DRS blob for linked attribute %s\n",
+			 schema_attrib->lDAPDisplayName));
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	*blob = drs.value_ctr.values[0].blob;
+	return WERR_OK;
+}
+
+/*
+  convert a data blob to a dsdb_dn
+ */
+WERROR dsdb_dn_la_from_blob(struct ldb_context *sam_ctx,
+			    const struct dsdb_attribute *schema_attrib,
+			    const struct dsdb_schema *schema,
+			    TALLOC_CTX *mem_ctx,
+			    DATA_BLOB *blob,
+			    struct dsdb_dn **dsdb_dn)
+{
+	WERROR werr;
+	struct ldb_message_element new_el;
+	struct drsuapi_DsReplicaAttribute drs;
+	struct drsuapi_DsAttributeValue val;
+	struct dsdb_syntax_ctx syntax_ctx;
+
+	/* use default syntax conversion context */
+	dsdb_syntax_ctx_init(&syntax_ctx, sam_ctx, schema);
+
+	drs.value_ctr.num_values = 1;
+	drs.value_ctr.values = &val;
+	val.blob = blob;
+
+	werr = schema_attrib->syntax->drsuapi_to_ldb(&syntax_ctx, schema_attrib, &drs, mem_ctx, &new_el);
+	W_ERROR_NOT_OK_RETURN(werr);
+
+	if (new_el.num_values != 1) {
+		return WERR_INTERNAL_ERROR;
+	}
+
+	*dsdb_dn = dsdb_dn_parse(mem_ctx, sam_ctx, &new_el.values[0], schema_attrib->syntax->ldap_oid);
+	if (!*dsdb_dn) {
+		return WERR_INTERNAL_ERROR;
+	}
+
+	return WERR_OK;
+}
diff --git a/source4/dsdb/schema/prefixmap.h b/source4/dsdb/schema/prefixmap.h
new file mode 100644
index 0000000..339a221
--- /dev/null
+++ b/source4/dsdb/schema/prefixmap.h
@@ -0,0 +1,54 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   DRS::prefixMap data structures
+
+   Copyright (C) Kamen Mazdrashki <kamen.mazdrashki@postpath.com> 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _DSDB_PREFIXMAP_H
+#define _DSDB_PREFIXMAP_H
+
+/**
+ * ATTRTYP ranges
+ * Ref: MS-ADTS, 3.1.1.2.6 ATTRTYP
+ */
+enum dsdb_attid_type {
+	DSDB_ATTID_TYPE_PFM = 1,	/* attid in [0x00000000..0x7FFFFFFF] */
+	DSDB_ATTID_TYPE_INTID = 2,	/* attid in [0x80000000..0xBFFFFFFF] */
+	DSDB_ATTID_TYPE_RESERVED = 3,	/* attid in [0xC0000000..0xFFFEFFFF] */
+	DSDB_ATTID_TYPE_INTERNAL = 4,	/* attid in [0xFFFF0000..0xFFFFFFFF] */
+};
+
+/**
+ * oid-prefix in prefixmap
+ */
+struct dsdb_schema_prefixmap_oid {
+	uint32_t  id;
+	DATA_BLOB bin_oid; /* partial binary-oid prefix */
+};
+
+/**
+ * DSDB prefixMap internal presentation
+ */
+struct dsdb_schema_prefixmap {
+	uint32_t length;
+	struct dsdb_schema_prefixmap_oid *prefixes;
+};
+
+
+
+#endif /* _DSDB_PREFIXMAP_H */
diff --git a/source4/dsdb/schema/schema.h b/source4/dsdb/schema/schema.h
new file mode 100644
index 0000000..700f404
--- /dev/null
+++ b/source4/dsdb/schema/schema.h
@@ -0,0 +1,351 @@
+/* 
+   Unix SMB/CIFS Implementation.
+   DSDB schema header
+   
+   Copyright (C) Stefan Metzmacher <metze@samba.org> 2006
+    
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+   
+*/
+
+#ifndef _DSDB_SCHEMA_H
+#define _DSDB_SCHEMA_H
+
+#include "prefixmap.h"
+
+enum dsdb_dn_format {
+	DSDB_NORMAL_DN,
+	DSDB_BINARY_DN,
+	DSDB_STRING_DN,
+	DSDB_INVALID_DN
+};
+
+
+struct dsdb_attribute;
+struct dsdb_class;
+struct dsdb_schema;
+struct dsdb_dn;
+
+struct dsdb_syntax_ctx {
+	struct ldb_context *ldb;
+	const struct dsdb_schema *schema;
+
+	/* set when converting objects under Schema NC */
+	bool is_schema_nc;
+
+	/* remote prefixMap to be used for drsuapi_to_ldb conversions */
+	const struct dsdb_schema_prefixmap *pfm_remote;
+};
+
+
+struct dsdb_syntax {
+	const char *name;
+	const char *ldap_oid;
+	uint32_t oMSyntax;
+	struct ldb_val oMObjectClass;
+	const char *attributeSyntax_oid;
+	const char *equality;
+	const char *substring;
+	const char *comment;
+	const char *ldb_syntax;
+
+	WERROR (*drsuapi_to_ldb)(const struct dsdb_syntax_ctx *ctx,
+				 const struct dsdb_attribute *attr,
+				 const struct drsuapi_DsReplicaAttribute *in,
+				 TALLOC_CTX *mem_ctx,
+				 struct ldb_message_element *out);
+	WERROR (*ldb_to_drsuapi)(const struct dsdb_syntax_ctx *ctx,
+				 const struct dsdb_attribute *attr,
+				 const struct ldb_message_element *in,
+				 TALLOC_CTX *mem_ctx,
+				 struct drsuapi_DsReplicaAttribute *out);
+	WERROR (*validate_ldb)(const struct dsdb_syntax_ctx *ctx,
+			       const struct dsdb_attribute *attr,
+			       const struct ldb_message_element *in);
+	bool auto_normalise;
+	bool userParameters; /* Indicates the syntax userParameters should be forced to */
+};
+
+struct dsdb_attribute {
+	struct dsdb_attribute *prev, *next;
+
+	const char *cn;
+	const char *lDAPDisplayName;
+	const char *attributeID_oid;
+	uint32_t attributeID_id;
+	struct GUID schemaIDGUID;
+	uint32_t mAPIID;
+	uint32_t msDS_IntId;
+
+	struct GUID attributeSecurityGUID;
+	struct GUID objectGUID;
+
+	uint32_t searchFlags;
+	uint32_t systemFlags;
+	bool isMemberOfPartialAttributeSet;
+	uint32_t linkID;
+
+	const char *attributeSyntax_oid;
+	uint32_t attributeSyntax_id;
+	uint32_t oMSyntax;
+	struct ldb_val oMObjectClass;
+
+	bool isSingleValued;
+	uint32_t *rangeLower;
+	uint32_t *rangeUpper;
+	bool extendedCharsAllowed;
+
+	uint32_t schemaFlagsEx;
+	struct ldb_val msDs_Schema_Extensions;
+
+	bool showInAdvancedViewOnly;
+	const char *adminDisplayName;
+	const char *adminDescription;
+	const char *classDisplayName;
+	bool isEphemeral;
+	bool isDefunct;
+	bool systemOnly;
+
+	bool one_way_link;
+	bool bl_maybe_invisible;
+	enum dsdb_dn_format dn_format;
+
+	/* internal stuff */
+	const struct dsdb_syntax *syntax;
+	const struct ldb_schema_attribute *ldb_schema_attribute;
+};
+
+struct dsdb_class {
+	struct dsdb_class *prev, *next;
+
+	const char *cn;
+	const char *lDAPDisplayName;
+	const char *governsID_oid;
+	uint32_t governsID_id;
+	struct GUID schemaIDGUID;
+	struct GUID objectGUID;
+
+	uint32_t objectClassCategory;
+	const char *rDNAttID;
+	const char *defaultObjectCategory;
+
+	const char *subClassOf;
+
+	const char **systemAuxiliaryClass;
+	const char **systemPossSuperiors;
+	const char **systemMustContain;
+	const char **systemMayContain;
+
+	const char **auxiliaryClass;
+	const char **possSuperiors;
+	const char **mustContain;
+	const char **mayContain;
+	const char **possibleInferiors;
+	const char **systemPossibleInferiors;
+
+	const char *defaultSecurityDescriptor;
+
+	uint32_t schemaFlagsEx;
+	uint32_t systemFlags;
+	struct ldb_val msDs_Schema_Extensions;
+
+	bool showInAdvancedViewOnly;
+	const char *adminDisplayName;
+	const char *adminDescription;
+	const char *classDisplayName;
+	bool defaultHidingValue;
+	bool isDefunct;
+	bool systemOnly;
+
+	uint32_t subClassOf_id;
+	uint32_t *systemAuxiliaryClass_ids;
+	uint32_t *auxiliaryClass_ids;
+	uint32_t *systemMayContain_ids;
+	uint32_t *systemMustContain_ids;
+	uint32_t *possSuperiors_ids;
+	uint32_t *mustContain_ids;
+	uint32_t *mayContain_ids;
+	uint32_t *systemPossSuperiors_ids;
+
+	/* An ordered index showing how this subClass fits into the
+	 * subClass tree.  that is, an objectclass that is not
+	 * subClassOf anything is 0 (just in case), and top is 1, and
+	 * subClasses of top are 2, subclasses of those classes are
+	 * 3 */ 
+	uint32_t subClass_order;
+
+	struct {
+		const char **supclasses;
+		const char **subclasses;
+		const char **subclasses_direct;
+		const char **posssuperiors;
+	} tmp;
+};
+
+enum schema_set_enum {
+	SCHEMA_MEMORY_ONLY = 0,
+	SCHEMA_WRITE = 1,
+	SCHEMA_COMPARE = 2,
+};
+
+/**
+ * data stored in schemaInfo attribute
+ */
+struct dsdb_schema_info {
+	uint32_t 	revision;
+	struct GUID	invocation_id;
+};
+
+
+struct dsdb_schema {
+	struct dsdb_schema_prefixmap *prefixmap;
+
+	/* 
+	 * the last element of the prefix mapping table isn't a oid,
+	 * it starts with 0xFF and has 21 bytes and is maybe a schema
+	 * version number
+	 *
+	 * this is the content of the schemaInfo attribute of the
+	 * Schema-Partition head object.
+	 */
+	struct dsdb_schema_info *schema_info;
+
+	struct dsdb_attribute *attributes;
+	struct dsdb_class *classes;
+
+	struct dsdb_attribute **attributes_to_remove;
+	uint32_t attributes_to_remove_size;
+	struct dsdb_class **classes_to_remove;
+	uint32_t classes_to_remove_size;
+
+	/* lists of classes sorted by various attributes, for faster
+	   access */
+	uint32_t num_classes;
+	struct dsdb_class **classes_by_lDAPDisplayName;
+	struct dsdb_class **classes_by_governsID_id;
+	struct dsdb_class **classes_by_governsID_oid;
+	struct dsdb_class **classes_by_cn;
+
+	/* lists of attributes sorted by various fields */
+	uint32_t num_attributes;
+	struct dsdb_attribute **attributes_by_lDAPDisplayName;
+	struct dsdb_attribute **attributes_by_attributeID_id;
+	struct dsdb_attribute **attributes_by_attributeID_oid;
+	struct dsdb_attribute **attributes_by_linkID;
+	struct dsdb_attribute **attributes_by_cn;
+	uint32_t num_int_id_attr;
+	struct dsdb_attribute **attributes_by_msDS_IntId;
+
+	struct {
+		bool we_are_master;
+		bool update_allowed;
+		struct ldb_dn *master_dn;
+	} fsmo;
+
+	/* Was this schema loaded from ldb (if so, then we will reload it when we detect a change in ldb) */
+	bool refresh_in_progress;
+	time_t ts_last_change;
+	/* This 'opaque' is stored in the metadata and is used to check if the currently
+	 * loaded schema needs a reload because another process has signaled that it has been
+	 * requested to reload the schema (either due through DRS or via the schemaUpdateNow).
+	 */
+	uint64_t metadata_usn;
+
+	/* Should the syntax handlers in this case handle all incoming OIDs automatically, assigning them as an OID if no text name is known? */
+	bool relax_OID_conversions;
+
+	/*
+	 * we're currently trying to construct a working_schema
+	 * in order to replicate the schema partition.
+	 *
+	 * We use this in order to avoid temporary failure DEBUG messages
+	 */
+	bool resolving_in_progress;
+};
+
+#define DSDB_SCHEMA_COMMON_ATTRS			\
+	        "objectClass",				\
+		"cn",				        \
+		"lDAPDisplayName",			\
+		"schemaIDGUID",				\
+		"objectGUID",				\
+		"systemFlags",				\
+		"schemaFlagsEx",			\
+		"msDs-Schema-Extensions",		\
+		"showInAdvancedViewOnly",		\
+		"adminDisplayName",			\
+		"adminDescription",			\
+		"isDefunct",				\
+		"systemOnly"
+
+#define DSDB_SCHEMA_ATTR_ATTRS				\
+	        "attributeID",				\
+		"msDS-IntId",				\
+		"mAPIID",				\
+		"attributeSecurityGUID",		\
+		"searchFlags",				\
+		"isMemberOfPartialAttributeSet",	\
+		"linkID",				\
+		"attributeSyntax",			\
+		"oMSyntax",				\
+		"oMObjectClass",			\
+		"isSingleValued",			\
+		"rangeLower",				\
+		"rangeUpper",				\
+		"extendedCharsAllowed",			\
+		"classDisplayName",			\
+		"isEphemeral"
+
+#define DSDB_SCHEMA_CLASS_ATTRS				\
+                "governsID",				\
+		"objectClassCategory",			\
+		"rDNAttID",				\
+		"defaultObjectCategory",		\
+		"subClassOf",				\
+		"systemAuxiliaryClass",			\
+		"auxiliaryClass",			\
+		"systemMustContain",			\
+		"systemMayContain",			\
+		"mustContain",				\
+		"mayContain",				\
+		"systemPossSuperiors",			\
+		"possSuperiors",			\
+		"defaultSecurityDescriptor",		\
+		"classDisplayName",			\
+		"defaultHidingValue"
+
+enum dsdb_attr_list_query {
+	DSDB_SCHEMA_ALL_MAY,
+	DSDB_SCHEMA_ALL_MUST,
+	DSDB_SCHEMA_SYS_MAY,
+	DSDB_SCHEMA_SYS_MUST,
+	DSDB_SCHEMA_MAY,
+	DSDB_SCHEMA_MUST,
+	DSDB_SCHEMA_ALL
+};
+
+enum dsdb_schema_convert_target {
+	TARGET_OPENLDAP,
+	TARGET_FEDORA_DS,
+	TARGET_AD_SCHEMA_SUBENTRY
+};
+
+struct ldb_module;
+
+typedef struct dsdb_schema *(*dsdb_schema_refresh_fn)(struct ldb_module *module,
+						      struct tevent_context *ev,
+						      struct dsdb_schema *schema, bool is_global_schema);
+#include "dsdb/schema/proto.h"
+
+#endif /* _DSDB_SCHEMA_H */
diff --git a/source4/dsdb/schema/schema_convert_to_ol.c b/source4/dsdb/schema/schema_convert_to_ol.c
new file mode 100644
index 0000000..013787e
--- /dev/null
+++ b/source4/dsdb/schema/schema_convert_to_ol.c
@@ -0,0 +1,377 @@
+/*
+   schema conversion routines
+
+   Copyright (C) Andrew Bartlett 2006-2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+#include "includes.h"
+#include "ldb.h"
+#include "dsdb/samdb/samdb.h"
+#include "system/locale.h"
+
+#undef strcasecmp
+
+#define SEPARATOR "\n  "
+
+struct attr_map {
+	char *old_attr;
+	char *new_attr;
+};
+
+struct oid_map {
+	char *old_oid;
+	char *new_oid;
+};
+
+static char *print_schema_recursive(char *append_to_string, struct dsdb_schema *schema, const char *print_class,
+				    enum dsdb_schema_convert_target target,
+				    const char **attrs_skip, const struct attr_map *attr_map, const struct oid_map *oid_map)
+{
+	char *out = append_to_string;
+	const struct dsdb_class *objectclass;
+	objectclass = dsdb_class_by_lDAPDisplayName(schema, print_class);
+	if (!objectclass) {
+		DEBUG(0, ("Cannot find class %s in schema\n", print_class));
+		return NULL;
+	}
+
+	/* We have been asked to skip some attributes/objectClasses */
+	if (attrs_skip == NULL || !str_list_check_ci(attrs_skip, objectclass->lDAPDisplayName)) {
+		TALLOC_CTX *mem_ctx = talloc_new(append_to_string);
+		const char *name = objectclass->lDAPDisplayName;
+		const char *oid = objectclass->governsID_oid;
+		const char *subClassOf = objectclass->subClassOf;
+		int objectClassCategory = objectclass->objectClassCategory;
+		const char **must;
+		const char **may;
+		char *schema_entry = NULL;
+		struct ldb_val objectclass_name_as_ldb_val = data_blob_string_const(objectclass->lDAPDisplayName);
+		struct ldb_message_element objectclass_name_as_el = {
+			.name = "objectClass",
+			.num_values = 1,
+			.values = &objectclass_name_as_ldb_val
+		};
+		unsigned int j;
+		unsigned int attr_idx;
+
+		if (!mem_ctx) {
+			DEBUG(0, ("Failed to create new talloc context\n"));
+			return NULL;
+		}
+
+		/* We might have been asked to remap this oid, due to a conflict */
+		for (j=0; oid_map && oid_map[j].old_oid; j++) {
+			if (strcasecmp(oid, oid_map[j].old_oid) == 0) {
+				oid =  oid_map[j].new_oid;
+				break;
+			}
+		}
+
+		/* We might have been asked to remap this name, due to a conflict */
+		for (j=0; name && attr_map && attr_map[j].old_attr; j++) {
+			if (strcasecmp(name, attr_map[j].old_attr) == 0) {
+				name =  attr_map[j].new_attr;
+				break;
+			}
+		}
+
+		/* We might have been asked to remap this subClassOf, due to a conflict */
+		for (j=0; subClassOf && attr_map && attr_map[j].old_attr; j++) {
+			if (strcasecmp(subClassOf, attr_map[j].old_attr) == 0) {
+				subClassOf =  attr_map[j].new_attr;
+				break;
+			}
+		}
+
+		may = dsdb_full_attribute_list(mem_ctx, schema, &objectclass_name_as_el, DSDB_SCHEMA_ALL_MAY);
+
+		for (j=0; may && may[j]; j++) {
+			/* We might have been asked to remap this name, due to a conflict */
+			for (attr_idx=0; attr_map && attr_map[attr_idx].old_attr; attr_idx++) {
+				if (strcasecmp(may[j], attr_map[attr_idx].old_attr) == 0) {
+					may[j] =  attr_map[attr_idx].new_attr;
+					break;
+				}
+			}
+		}
+
+		must = dsdb_full_attribute_list(mem_ctx, schema, &objectclass_name_as_el, DSDB_SCHEMA_ALL_MUST);
+
+		for (j=0; must && must[j]; j++) {
+			/* We might have been asked to remap this name, due to a conflict */
+			for (attr_idx=0; attr_map && attr_map[attr_idx].old_attr; attr_idx++) {
+				if (strcasecmp(must[j], attr_map[attr_idx].old_attr) == 0) {
+					must[j] =  attr_map[attr_idx].new_attr;
+					break;
+				}
+			}
+		}
+
+		schema_entry = schema_class_description(mem_ctx, target,
+							SEPARATOR,
+							oid,
+							name,
+							NULL,
+							subClassOf,
+							objectClassCategory,
+							must,
+							may,
+							NULL);
+		if (schema_entry == NULL) {
+			talloc_free(mem_ctx);
+			DEBUG(0, ("failed to generate schema description for %s\n", name));
+			return NULL;
+		}
+
+		switch (target) {
+		case TARGET_OPENLDAP:
+			out = talloc_asprintf_append(out, "objectclass %s\n\n", schema_entry);
+			break;
+		case TARGET_FEDORA_DS:
+			out = talloc_asprintf_append(out, "objectClasses: %s\n", schema_entry);
+			break;
+		default:
+			talloc_free(mem_ctx);
+			DEBUG(0,(__location__ " Wrong type of target %u!\n", (unsigned)target));
+			return NULL;
+		}
+		talloc_free(mem_ctx);
+	}
+
+
+	for (objectclass=schema->classes; objectclass; objectclass = objectclass->next) {
+		if (ldb_attr_cmp(objectclass->subClassOf, print_class) == 0
+		    && ldb_attr_cmp(objectclass->lDAPDisplayName, print_class) != 0) {
+			out = print_schema_recursive(out, schema, objectclass->lDAPDisplayName,
+						     target, attrs_skip, attr_map, oid_map);
+		}
+	}
+	return out;
+}
+
+/* Routine to linearise our internal schema into the format that
+   OpenLDAP and Fedora DS use for their backend.
+
+   The 'mappings' are of a format like:
+
+#Standard OpenLDAP attributes
+labeledURI
+#The memberOf plugin provides this attribute
+memberOf
+#These conflict with OpenLDAP builtins
+attributeTypes:samba4AttributeTypes
+2.5.21.5:1.3.6.1.4.1.7165.4.255.7
+
+*/
+
+
+char *dsdb_convert_schema_to_openldap(struct ldb_context *ldb, char *target_str, const char *mappings)
+{
+	/* Read list of attributes to skip, OIDs to map */
+	TALLOC_CTX *mem_ctx = talloc_new(ldb);
+	char *line;
+	char *out;
+	const char **attrs_skip = NULL;
+	unsigned int num_skip = 0;
+	struct oid_map *oid_map = NULL;
+	unsigned int num_oid_maps = 0;
+	struct attr_map *attr_map = NULL;
+	unsigned int num_attr_maps = 0;
+	struct dsdb_attribute *attribute;
+	struct dsdb_schema *schema;
+	enum dsdb_schema_convert_target target;
+
+	char *next_line = talloc_strdup(mem_ctx, mappings);
+
+	if (!target_str || strcasecmp(target_str, "openldap") == 0) {
+		target = TARGET_OPENLDAP;
+	} else if (strcasecmp(target_str, "fedora-ds") == 0) {
+		target = TARGET_FEDORA_DS;
+	} else {
+		talloc_free(mem_ctx);
+		DEBUG(0, ("Invalid target type for schema conversion %s\n", target_str));
+		return NULL;
+	}
+
+	/* The mappings are line-separated, and specify details such as OIDs to skip etc */
+	while (1) {
+		line = next_line;
+		next_line = strchr(line, '\n');
+		if (!next_line) {
+			break;
+		}
+		next_line[0] = '\0';
+		next_line++;
+
+		/* Blank Line */
+		if (line[0] == '\0') {
+			continue;
+		}
+		/* Comment */
+		if (line[0] == '#') {
+			continue;
+		}
+
+		if (isdigit(line[0])) {
+			char *p = strchr(line, ':');
+			if (!p) {
+				DEBUG(0, ("schema mapping file line has OID but no OID to map to: %s\n", line));
+				return NULL;
+			}
+			p[0] = '\0';
+			p++;
+			oid_map = talloc_realloc(mem_ctx, oid_map, struct oid_map, num_oid_maps + 2);
+			trim_string(line, " ", " ");
+			oid_map[num_oid_maps].old_oid = talloc_strdup(oid_map, line);
+			trim_string(p, " ", " ");
+			oid_map[num_oid_maps].new_oid = p;
+			num_oid_maps++;
+			oid_map[num_oid_maps].old_oid = NULL;
+		} else {
+			char *p = strchr(line, ':');
+			if (p) {
+				/* remap attribute/objectClass */
+				p[0] = '\0';
+				p++;
+				attr_map = talloc_realloc(mem_ctx, attr_map, struct attr_map, num_attr_maps + 2);
+				trim_string(line, " ", " ");
+				attr_map[num_attr_maps].old_attr = talloc_strdup(attr_map, line);
+				trim_string(p, " ", " ");
+				attr_map[num_attr_maps].new_attr = p;
+				num_attr_maps++;
+				attr_map[num_attr_maps].old_attr = NULL;
+			} else {
+				/* skip attribute/objectClass */
+				attrs_skip = talloc_realloc(mem_ctx, attrs_skip, const char *, num_skip + 2);
+				trim_string(line, " ", " ");
+				attrs_skip[num_skip] = talloc_strdup(attrs_skip, line);
+				num_skip++;
+				attrs_skip[num_skip] = NULL;
+			}
+		}
+	}
+
+	schema = dsdb_get_schema(ldb, mem_ctx);
+	if (!schema) {
+		talloc_free(mem_ctx);
+		DEBUG(0, ("No schema on ldb to convert!\n"));
+		return NULL;
+	}
+
+	switch (target) {
+	case TARGET_OPENLDAP:
+		out = talloc_strdup(mem_ctx, "");
+		break;
+	case TARGET_FEDORA_DS:
+		out = talloc_strdup(mem_ctx, "dn: cn=schema\n");
+		break;
+	default:
+		talloc_free(mem_ctx);
+		DEBUG(0,(__location__ " Wrong type of target %u!\n", (unsigned)target));
+		return NULL;
+	}
+
+	for (attribute=schema->attributes; attribute; attribute = attribute->next) {
+		const char *name = attribute->lDAPDisplayName;
+		const char *oid = attribute->attributeID_oid;
+		const char *syntax = attribute->attributeSyntax_oid;
+		const char *equality = NULL, *substring = NULL;
+		bool single_value = attribute->isSingleValued;
+
+		char *schema_entry = NULL;
+		unsigned int j;
+
+		/* We have been asked to skip some attributes/objectClasses */
+		if (attrs_skip && str_list_check_ci(attrs_skip, name)) {
+			continue;
+		}
+
+		/* We might have been asked to remap this oid, due to a conflict */
+		for (j=0; oid && oid_map && oid_map[j].old_oid; j++) {
+			if (strcasecmp(oid, oid_map[j].old_oid) == 0) {
+				oid =  oid_map[j].new_oid;
+				break;
+			}
+		}
+
+		if (attribute->syntax) {
+			/* We might have been asked to remap this oid,
+			 * due to a conflict, or lack of
+			 * implementation */
+			syntax = attribute->syntax->ldap_oid;
+			/* We might have been asked to remap this oid, due to a conflict */
+			for (j=0; syntax && oid_map && oid_map[j].old_oid; j++) {
+				if (strcasecmp(syntax, oid_map[j].old_oid) == 0) {
+					syntax =  oid_map[j].new_oid;
+					break;
+				}
+			}
+
+			equality = attribute->syntax->equality;
+			substring = attribute->syntax->substring;
+		}
+
+		/* We might have been asked to remap this name, due to a conflict */
+		for (j=0; name && attr_map && attr_map[j].old_attr; j++) {
+			if (strcasecmp(name, attr_map[j].old_attr) == 0) {
+				name =  attr_map[j].new_attr;
+				break;
+			}
+		}
+
+		schema_entry = schema_attribute_description(mem_ctx,
+							    target,
+							    SEPARATOR,
+							    oid,
+							    name,
+							    equality,
+							    substring,
+							    syntax,
+							    single_value,
+							    false,
+							    NULL, NULL,
+							    NULL, NULL,
+							    false, false);
+
+		if (schema_entry == NULL) {
+			talloc_free(mem_ctx);
+			DEBUG(0, ("failed to generate attribute description for %s\n", name));
+			return NULL;
+		}
+
+		switch (target) {
+		case TARGET_OPENLDAP:
+			out = talloc_asprintf_append(out, "attributetype %s\n\n", schema_entry);
+			break;
+		case TARGET_FEDORA_DS:
+			out = talloc_asprintf_append(out, "attributeTypes: %s\n", schema_entry);
+			break;
+		default:
+			talloc_free(mem_ctx);
+			DEBUG(0,(__location__ " Wrong type of target %u!\n", (unsigned)target));
+			return NULL;
+		}
+	}
+
+	out = print_schema_recursive(out, schema, "top", target, attrs_skip, attr_map, oid_map);
+
+	talloc_steal(ldb, out);
+	talloc_free(mem_ctx);
+
+	return out;
+}
+
diff --git a/source4/dsdb/schema/schema_description.c b/source4/dsdb/schema/schema_description.c
new file mode 100644
index 0000000..5fc7015
--- /dev/null
+++ b/source4/dsdb/schema/schema_description.c
@@ -0,0 +1,397 @@
+/* 
+   Unix SMB/CIFS Implementation.
+   Print schema info into string format
+   
+   Copyright (C) Andrew Bartlett 2006-2008
+    
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+   
+*/
+#include "includes.h"
+#include "dsdb/samdb/samdb.h"
+#include "librpc/ndr/libndr.h"
+
+#undef strcasecmp
+
+char *schema_attribute_description(TALLOC_CTX *mem_ctx, 
+					  enum dsdb_schema_convert_target target,
+					  const char *separator,
+					  const char *oid, 
+					  const char *name,
+					  const char *equality, 
+					  const char *substring, 
+					  const char *syntax,
+					  bool single_value, bool operational,
+					  uint32_t *range_lower,
+					  uint32_t *range_upper,
+					  const char *property_guid,
+					  const char *property_set_guid,
+					  bool indexed, bool system_only)
+{
+	char *schema_entry = talloc_asprintf(mem_ctx, 
+					     "(%s%s%s", separator, oid, separator);
+
+	talloc_asprintf_addbuf(
+		&schema_entry, "NAME '%s'%s", name, separator);
+
+	if (equality) {
+		talloc_asprintf_addbuf(
+			&schema_entry, "EQUALITY %s%s", equality, separator);
+	}
+	if (substring) {
+		talloc_asprintf_addbuf(
+			&schema_entry, "SUBSTR %s%s", substring, separator);
+	}
+
+	if (syntax) {
+		talloc_asprintf_addbuf(
+			&schema_entry, "SYNTAX %s%s", syntax, separator);
+	}
+
+	if (single_value) {
+		talloc_asprintf_addbuf(
+			&schema_entry, "SINGLE-VALUE%s", separator);
+	}
+
+	if (operational) {
+		talloc_asprintf_addbuf(
+			&schema_entry, "NO-USER-MODIFICATION%s", separator);
+	}
+
+	if (range_lower) {
+		talloc_asprintf_addbuf(
+			&schema_entry,
+			"RANGE-LOWER '%u'%s",
+			*range_lower,
+			separator);
+	}
+
+	if (range_upper) {
+		talloc_asprintf_addbuf(
+			&schema_entry,
+			"RANGE-UPPER '%u'%s",
+			*range_upper,
+			separator);
+	}
+
+	if (property_guid) {
+		talloc_asprintf_addbuf(
+			&schema_entry,
+			"PROPERTY-GUID '%s'%s",
+			property_guid,
+			separator);
+	}
+
+	if (property_set_guid) {
+		talloc_asprintf_addbuf(
+			&schema_entry,
+			"PROPERTY-SET-GUID '%s'%s",
+			property_set_guid,
+			separator);
+	}
+
+	if (indexed) {
+		talloc_asprintf_addbuf(
+			&schema_entry, "INDEXED%s", separator);
+	}
+
+	if (system_only) {
+		talloc_asprintf_addbuf(
+			&schema_entry, "SYSTEM-ONLY%s", separator);
+	}
+
+	talloc_asprintf_addbuf(&schema_entry, ")");
+
+	return schema_entry;
+}
+
+char *schema_attribute_to_description(TALLOC_CTX *mem_ctx, const struct dsdb_attribute *attribute) 
+{
+	char *schema_description;
+	const char *syntax = attribute->syntax->ldap_oid;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	if (!tmp_ctx) {
+		return NULL;
+	}
+
+	schema_description 
+		= schema_attribute_description(mem_ctx, 
+					       TARGET_AD_SCHEMA_SUBENTRY,
+					       " ",
+					       attribute->attributeID_oid,
+					       attribute->lDAPDisplayName,
+					       NULL, NULL, talloc_asprintf(tmp_ctx, "'%s'", syntax),
+					       attribute->isSingleValued,
+					       attribute->systemOnly,/* TODO: is this correct? */
+					       NULL, NULL, NULL, NULL,
+					       false, false);
+	talloc_free(tmp_ctx);
+	return schema_description;
+}
+
+char *schema_attribute_to_extendedInfo(TALLOC_CTX *mem_ctx, const struct dsdb_attribute *attribute)
+{
+	char *schema_description;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	if (!tmp_ctx) {
+		return NULL;
+	}
+
+	schema_description
+		= schema_attribute_description(mem_ctx,
+					       TARGET_AD_SCHEMA_SUBENTRY,
+					       " ",
+					       attribute->attributeID_oid,
+					       attribute->lDAPDisplayName,
+					       NULL, NULL, NULL,
+					       false, false,
+					       attribute->rangeLower,
+					       attribute->rangeUpper,
+					       GUID_hexstring(tmp_ctx, &attribute->schemaIDGUID),
+					       GUID_hexstring(tmp_ctx, &attribute->attributeSecurityGUID),
+					       /*
+						* We actually ignore the indexed
+						* flag for confidential
+						* attributes, but we'll include
+						* it for the purposes of
+						* description.
+						*/
+					       (attribute->searchFlags & SEARCH_FLAG_ATTINDEX),
+					       attribute->systemOnly);
+	talloc_free(tmp_ctx);
+	return schema_description;
+}
+
+#define APPEND_ATTRS(attributes)				\
+	do {								\
+		unsigned int k;						\
+		for (k=0; attributes && attributes[k]; k++) {		\
+			const char *attr_name = attributes[k];		\
+									\
+			talloc_asprintf_addbuf(&schema_entry,           \
+							      "%s ",	\
+							      attr_name); \
+			if (attributes[k+1]) {				\
+				if (target == TARGET_OPENLDAP && ((k+1)%5 == 0)) { \
+					talloc_asprintf_addbuf(&schema_entry, \
+									      "$%s ", separator); \
+				} else {				\
+					talloc_asprintf_addbuf(&schema_entry, \
+									      "$ "); \
+				}					\
+			}						\
+		}							\
+	} while (0)
+	
+
+/* Print a schema class or dITContentRule as a string.  
+ *
+ * To print a scheam class, specify objectClassCategory but not auxillary_classes
+ * To print a dITContentRule, specify auxillary_classes but set objectClassCategory == -1
+ *
+ */
+
+char *schema_class_description(TALLOC_CTX *mem_ctx, 
+			       enum dsdb_schema_convert_target target,
+			       const char *separator,
+			       const char *oid, 
+			       const char *name,
+			       const char **auxillary_classes,
+			       const char *subClassOf,
+			       int objectClassCategory,
+			       const char **must,
+			       const char **may,
+			       const char *schemaHexGUID)
+{
+	char *schema_entry = talloc_asprintf(mem_ctx, 
+					     "(%s%s%s", separator, oid, separator);
+
+	talloc_asprintf_addbuf(&schema_entry, "NAME '%s'%s", name, separator);
+
+	if (auxillary_classes) {
+		talloc_asprintf_addbuf(&schema_entry, "AUX ( ");
+
+		APPEND_ATTRS(auxillary_classes);
+
+		talloc_asprintf_addbuf(&schema_entry, ")%s", separator);
+	}
+
+	if (subClassOf && strcasecmp(subClassOf, name) != 0) {
+		talloc_asprintf_addbuf(
+			&schema_entry, "SUP %s%s", subClassOf, separator);
+	}
+
+	switch (objectClassCategory) {
+	case -1:
+		break;
+		/* Dummy case for when used for printing ditContentRules */
+	case 0:
+		/*
+		 * NOTE: this is an type 88 class
+		 *       e.g. 2.5.6.6 NAME 'person'
+		 *	 but w2k3 gives STRUCTURAL here!
+		 */
+		talloc_asprintf_addbuf(
+			&schema_entry, "STRUCTURAL%s", separator);
+		break;
+	case 1:
+		talloc_asprintf_addbuf(
+			&schema_entry, "STRUCTURAL%s", separator);
+		break;
+	case 2:
+		talloc_asprintf_addbuf(
+			&schema_entry, "ABSTRACT%s", separator);
+		break;
+	case 3:
+		talloc_asprintf_addbuf(
+			&schema_entry, "AUXILIARY%s", separator);
+		break;
+	}
+
+	if (must) {
+		talloc_asprintf_addbuf(
+			&schema_entry,
+			"MUST (%s",
+			target == TARGET_AD_SCHEMA_SUBENTRY ? "" : " ");
+
+		APPEND_ATTRS(must);
+
+		talloc_asprintf_addbuf(
+			&schema_entry, ")%s", separator);
+	}
+
+	if (may) {
+		talloc_asprintf_addbuf(
+			&schema_entry,
+			"MAY (%s",
+			target == TARGET_AD_SCHEMA_SUBENTRY ? "" : " ");
+
+		APPEND_ATTRS(may);
+
+		talloc_asprintf_addbuf(
+			&schema_entry, ")%s", separator);
+	}
+
+	if (schemaHexGUID) {
+		talloc_asprintf_addbuf(
+			&schema_entry,
+			"CLASS-GUID '%s'%s",
+			schemaHexGUID,
+			separator);
+	}
+
+	talloc_asprintf_addbuf(&schema_entry, ")");
+
+	return schema_entry;
+}
+
+char *schema_class_to_description(TALLOC_CTX *mem_ctx, const struct dsdb_class *sclass)
+{
+	char *schema_description;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	if (!tmp_ctx) {
+		return NULL;
+	}
+	
+	schema_description
+		= schema_class_description(mem_ctx, 
+					   TARGET_AD_SCHEMA_SUBENTRY,
+					   " ",
+					   sclass->governsID_oid,
+					   sclass->lDAPDisplayName,
+					   NULL, 
+					   sclass->subClassOf,
+					   sclass->objectClassCategory,
+					   dsdb_attribute_list(tmp_ctx, 
+							       sclass, DSDB_SCHEMA_ALL_MUST),
+					   dsdb_attribute_list(tmp_ctx, 
+							       sclass, DSDB_SCHEMA_ALL_MAY),
+					   NULL);
+	talloc_free(tmp_ctx);
+	return schema_description;
+}
+
+char *schema_class_to_dITContentRule(TALLOC_CTX *mem_ctx, const struct dsdb_class *sclass,
+				     const struct dsdb_schema *schema)
+{
+	unsigned int i;
+	char *schema_description;
+	const char **aux_class_list = NULL;
+	const char **attrs;
+	const char **must_attr_list = NULL;
+	const char **may_attr_list = NULL;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	const struct dsdb_class *aux_class;
+	if (!tmp_ctx) {
+		return NULL;
+	}
+
+	aux_class_list = merge_attr_list(tmp_ctx, aux_class_list, sclass->systemAuxiliaryClass);
+	aux_class_list = merge_attr_list(tmp_ctx, aux_class_list, sclass->auxiliaryClass);
+
+	for (i=0; aux_class_list && aux_class_list[i]; i++) {
+		aux_class = dsdb_class_by_lDAPDisplayName(schema, aux_class_list[i]);
+		
+		attrs = dsdb_attribute_list(mem_ctx, aux_class, DSDB_SCHEMA_ALL_MUST);
+		must_attr_list = merge_attr_list(mem_ctx, must_attr_list, attrs);
+
+		attrs = dsdb_attribute_list(mem_ctx, aux_class, DSDB_SCHEMA_ALL_MAY);
+		may_attr_list = merge_attr_list(mem_ctx, may_attr_list, attrs);
+	}
+
+	schema_description
+		= schema_class_description(mem_ctx, 
+					   TARGET_AD_SCHEMA_SUBENTRY,
+					   " ",
+					   sclass->governsID_oid,
+					   sclass->lDAPDisplayName,
+					   (const char **)aux_class_list,
+					   NULL, /* Must not specify a
+						  * SUP (subclass) in
+						  * ditContentRules
+						  * per MS-ADTS
+						  * 3.1.1.3.1.1.1 */
+					   -1, must_attr_list, may_attr_list,
+					   NULL);
+	talloc_free(tmp_ctx);
+	return schema_description;
+}
+
+char *schema_class_to_extendedInfo(TALLOC_CTX *mem_ctx, const struct dsdb_class *sclass)
+{
+	char *schema_description = NULL;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	if (!tmp_ctx) {
+		return NULL;
+	}
+
+	schema_description
+		= schema_class_description(mem_ctx,
+					   TARGET_AD_SCHEMA_SUBENTRY,
+					   " ",
+					   sclass->governsID_oid,
+					   sclass->lDAPDisplayName,
+					   NULL,
+					   NULL, /* Must not specify a
+						  * SUP (subclass) in
+						  * ditContentRules
+						  * per MS-ADTS
+						  * 3.1.1.3.1.1.1 */
+					   -1, NULL, NULL,
+					   GUID_hexstring(tmp_ctx, &sclass->schemaIDGUID));
+	talloc_free(tmp_ctx);
+	return schema_description;
+}
+
+
diff --git a/source4/dsdb/schema/schema_filtered.c b/source4/dsdb/schema/schema_filtered.c
new file mode 100644
index 0000000..d341040
--- /dev/null
+++ b/source4/dsdb/schema/schema_filtered.c
@@ -0,0 +1,101 @@
+/* 
+   Unix SMB/CIFS Implementation.
+   API for determining af an attribute belongs to the filtered set.
+   
+   Copyright (C) Nadezhda Ivanova <nivanova@samba.org> 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+   
+*/
+#include "includes.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
+#include <ldb_errors.h>
+#include "../lib/util/dlinklist.h"
+#include "param/param.h"
+
+static const char * const never_in_filtered_attrs[] = {
+				     "accountExpires",
+				     "codePage",
+				     "creationTime",
+				     "dNSHostName",
+				     "displayName",
+				     "domainReplica",
+				     "fSMORoleOwner",
+				     "flatName",
+				     "isCriticalSystemObject",
+				     "lockOutObservationWindow",
+				     "lockoutDuration",
+				     "lockoutTime",
+				     "logonHours",
+				     "maxPwdAge",
+				     "minPwdAge",
+				     "minPwdLength",
+				     "msDS-AdditionalDnsHostName",
+				     "msDS-AdditionalSamAccountName",
+				     "msDS-AllowedToDelegateTo",
+				     "msDS-AuthenticatedAtDC",
+				     "msDS-ExecuteScriptPassword",
+				     "msDS-KrbTgtLink",
+				     "msDS-SPNSuffixes",
+				     "msDS-SupportedEncryptionTypes",
+				     "msDS-TrustForestTrustInfo",
+				     "nETBIOSName",
+				     "nTMixedDomain",
+				     "notFiltlockoutThreshold",
+				     "operatingSystem",
+				     "operatingSystemServicePack",
+				     "operatingSystemVersion",
+				     "pwdHistoryLength",
+				     "pwdLastSet",
+				     "pwdProperties",
+				     "rid",
+				     "sIDHistory",
+				     "securityIdentifier",
+				     "servicePrincipalName",
+				     "trustAttributes",
+				     "trustDirection",
+				     "trustParent",
+				     "trustPartner",
+				     "trustPosixOffset",
+				     "trustType",
+				     DSDB_SECRET_ATTRIBUTES
+};
+
+/* returns true if the attribute can be in a filtered replica */
+
+bool dsdb_attribute_is_attr_in_filtered_replica(struct dsdb_attribute *attribute)
+{
+	int i, size = sizeof(never_in_filtered_attrs)/sizeof(char *);
+	if (attribute->systemOnly ||
+	    attribute->schemaFlagsEx & SCHEMA_FLAG_ATTR_IS_CRITICAL) {
+		return false;
+	}
+	if (attribute->systemFlags & (DS_FLAG_ATTR_NOT_REPLICATED |
+				      DS_FLAG_ATTR_REQ_PARTIAL_SET_MEMBER |
+				      DS_FLAG_ATTR_IS_CONSTRUCTED)) {
+		return false;
+	}
+
+	for (i=0; i < size; i++) {
+		if (strcmp(attribute->lDAPDisplayName, never_in_filtered_attrs[i]) == 0) {
+			return false;
+		}
+	}
+
+	if (attribute->searchFlags & SEARCH_FLAG_RODC_ATTRIBUTE) {
+		return false;
+	}
+	return true;
+}
diff --git a/source4/dsdb/schema/schema_inferiors.c b/source4/dsdb/schema/schema_inferiors.c
new file mode 100644
index 0000000..56f5733
--- /dev/null
+++ b/source4/dsdb/schema/schema_inferiors.c
@@ -0,0 +1,347 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   implement possibleInferiors calculation
+   
+   Copyright (C) Andrew Tridgell 2009
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+   
+*/
+/*
+  This module is a C implementation of the logic in the
+  dsdb/samdb/ldb_modules/tests/possibleInferiors.py code
+
+  To understand the C code, please see the python code first
+ */
+
+#include "includes.h"
+#include "dsdb/samdb/samdb.h"
+
+
+/*
+  create the SUPCLASSES() list
+ */
+static const char **schema_supclasses(const struct dsdb_schema *schema,
+				      struct dsdb_class *schema_class)
+{
+	const char **list;
+
+	if (schema_class->tmp.supclasses) {
+		return schema_class->tmp.supclasses;
+	}
+
+	list = const_str_list(str_list_make_empty(schema_class));
+	if (list == NULL) {
+		DEBUG(0,(__location__ " out of memory\n"));
+		return NULL;
+	}
+
+	/* Cope with 'top SUP top', i.e. top is subClassOf top */
+	if (schema_class->subClassOf &&
+	    strcmp(schema_class->lDAPDisplayName, schema_class->subClassOf) == 0) {
+		schema_class->tmp.supclasses = list;
+		return list;
+	}
+
+	if (schema_class->subClassOf) {
+		const struct dsdb_class *schema_class2 = dsdb_class_by_lDAPDisplayName(schema, schema_class->subClassOf);
+		const char **list2;
+		list = str_list_add_const(list,	schema_class->subClassOf);
+
+		list2 = schema_supclasses(schema, discard_const_p(struct dsdb_class, schema_class2));
+		list = str_list_append_const(list, list2);
+	}
+
+	schema_class->tmp.supclasses = str_list_unique(list);
+
+	return schema_class->tmp.supclasses;
+}
+
+/*
+  this one is used internally
+  matches SUBCLASSES() python function
+ */
+static const char **schema_subclasses(const struct dsdb_schema *schema,
+				      TALLOC_CTX *mem_ctx,
+				      const char **oclist)
+{
+	const char **list = const_str_list(str_list_make_empty(mem_ctx));
+	unsigned int i;
+
+	for (i=0; oclist && oclist[i]; i++) {
+		const struct dsdb_class *schema_class =	dsdb_class_by_lDAPDisplayName(schema, oclist[i]);
+		if (!schema_class) {
+			DEBUG(0, ("ERROR: Unable to locate subClass: '%s'\n", oclist[i]));
+			continue;
+		}
+		list = str_list_append_const(list, schema_class->tmp.subclasses);
+	}
+	return list;
+}
+
+
+/* 
+   equivalent of the POSSSUPERIORS() python function
+ */
+static const char **schema_posssuperiors(const struct dsdb_schema *schema,
+					 struct dsdb_class *schema_class)
+{
+	if (schema_class->tmp.posssuperiors == NULL) {
+		const char **list2 = const_str_list(str_list_make_empty(schema_class));
+		const char **list3;
+		unsigned int i;
+
+		list2 = str_list_append_const(list2, schema_class->systemPossSuperiors);
+		list2 = str_list_append_const(list2, schema_class->possSuperiors);
+		list3 = schema_supclasses(schema, schema_class);
+		for (i=0; list3 && list3[i]; i++) {
+			const struct dsdb_class *class2 = dsdb_class_by_lDAPDisplayName(schema, list3[i]);
+			if (!class2) {
+				DEBUG(0, ("ERROR: Unable to locate supClass: '%s'\n", list3[i]));
+				continue;
+			}
+			list2 = str_list_append_const(list2, schema_posssuperiors(schema,
+				discard_const_p(struct dsdb_class, class2)));
+		}
+		list2 = str_list_append_const(list2, schema_subclasses(schema, list2, list2));
+
+		schema_class->tmp.posssuperiors = str_list_unique(list2);
+	}
+
+	return schema_class->tmp.posssuperiors;
+}
+
+static const char **schema_subclasses_recurse(const struct dsdb_schema *schema,
+					      struct dsdb_class *schema_class)
+{
+	const char **list = str_list_copy_const(schema_class, schema_class->tmp.subclasses_direct);
+	unsigned int i;
+	for (i=0;list && list[i]; i++) {
+		const struct dsdb_class *schema_class2 = dsdb_class_by_lDAPDisplayName(schema, list[i]);
+		if (schema_class != schema_class2) {
+			list = str_list_append_const(list, schema_subclasses_recurse(schema,
+				discard_const_p(struct dsdb_class, schema_class2)));
+		}
+	}
+	return list;
+}
+
+/* Walk down the subClass tree, setting a higher index as we go down
+ * each level.  top is 1, subclasses of top are 2, etc */
+static void schema_subclasses_order_recurse(const struct dsdb_schema *schema,
+					    struct dsdb_class *schema_class,
+					    const int order)
+{
+	const char **list = schema_class->tmp.subclasses_direct;
+	unsigned int i;
+	schema_class->subClass_order = order;
+	for (i=0;list && list[i]; i++) {
+		const struct dsdb_class *schema_class2 = dsdb_class_by_lDAPDisplayName(schema, list[i]);
+		schema_subclasses_order_recurse(schema, discard_const_p(struct dsdb_class, schema_class2), order+1);
+	}
+	return;
+}
+
+static int schema_create_subclasses(const struct dsdb_schema *schema)
+{
+	struct dsdb_class *schema_class, *top;
+
+	for (schema_class=schema->classes; schema_class; schema_class=schema_class->next) {
+		struct dsdb_class *schema_class2 = discard_const_p(struct dsdb_class,
+			dsdb_class_by_lDAPDisplayName(schema, schema_class->subClassOf));
+		if (schema_class2 == NULL) {
+			DEBUG(0,("ERROR: no subClassOf '%s' for '%s'\n",
+				 schema_class->subClassOf,
+				 schema_class->lDAPDisplayName));
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+		if (schema_class2 && schema_class != schema_class2) {
+			if (schema_class2->tmp.subclasses_direct == NULL) {
+				schema_class2->tmp.subclasses_direct = const_str_list(str_list_make_empty(schema_class2));
+				if (!schema_class2->tmp.subclasses_direct) {
+					return LDB_ERR_OPERATIONS_ERROR;
+				}
+			}
+			schema_class2->tmp.subclasses_direct = str_list_add_const(schema_class2->tmp.subclasses_direct,
+						schema_class->lDAPDisplayName);
+		}
+	}
+
+	for (schema_class=schema->classes; schema_class; schema_class=schema_class->next) {
+		schema_class->tmp.subclasses = str_list_unique(schema_subclasses_recurse(schema, schema_class));
+
+		/* Initialize the subClass order, to ensure we can't have uninitialized sort on the subClass hierarchy */
+		schema_class->subClass_order = 0;
+	}
+
+	top = discard_const_p(struct dsdb_class, dsdb_class_by_lDAPDisplayName(schema, "top"));
+	if (!top) {
+		DEBUG(0,("ERROR: no 'top' class in loaded schema\n"));
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	schema_subclasses_order_recurse(schema, top, 1);
+	return LDB_SUCCESS;
+}
+
+static void schema_fill_possible_inferiors(const struct dsdb_schema *schema,
+					   struct dsdb_class *schema_class)
+{
+	struct dsdb_class *c2;
+	const char **poss_inf = NULL;
+	const char **sys_poss_inf = NULL;
+
+	for (c2 = schema->classes; c2; c2 = c2->next) {
+		const char **superiors = schema_posssuperiors(schema, c2);
+		if (c2->objectClassCategory != 2 &&
+		    c2->objectClassCategory != 3 &&
+		    str_list_check(superiors, schema_class->lDAPDisplayName))
+		{
+			if (c2->systemOnly == false) {
+				if (poss_inf == NULL) {
+					poss_inf = const_str_list(str_list_make_empty(schema_class));
+				}
+				poss_inf = str_list_add_const(poss_inf,
+							      c2->lDAPDisplayName);
+			}
+			if (sys_poss_inf == NULL) {
+				sys_poss_inf = const_str_list(str_list_make_empty(schema_class));
+			}
+			sys_poss_inf = str_list_add_const(sys_poss_inf,
+							  c2->lDAPDisplayName);
+		}
+	}
+	schema_class->systemPossibleInferiors = str_list_unique(sys_poss_inf);
+	schema_class->possibleInferiors = str_list_unique(poss_inf);
+}
+
+/*
+  fill in a string class name from a governs_ID
+ */
+static void schema_fill_from_class_one(const struct dsdb_schema *schema,
+				       const struct dsdb_class *c,
+				       const char **s,
+				       const uint32_t id)
+{
+	if (*s == NULL && id != 0) {
+		const struct dsdb_class *c2 =
+					dsdb_class_by_governsID_id(schema, id);
+		if (c2) {
+			*s = c2->lDAPDisplayName;
+		}
+	}
+}
+
+/*
+  fill in a list of string class names from a governs_ID list
+ */
+static void schema_fill_from_class_list(const struct dsdb_schema *schema,
+					const struct dsdb_class *c,
+					const char ***s,
+					const uint32_t *ids)
+{
+	if (*s == NULL && ids != NULL) {
+		unsigned int i;
+		for (i=0;ids[i];i++) ;
+		*s = talloc_array(c, const char *, i+1);
+		for (i=0;ids[i];i++) {
+			const struct dsdb_class *c2 =
+				dsdb_class_by_governsID_id(schema, ids[i]);
+			if (c2) {
+				(*s)[i] = c2->lDAPDisplayName;
+			} else {
+				(*s)[i] = NULL;				
+			}
+		}
+		(*s)[i] = NULL;				
+	}
+}
+
+/*
+  fill in a list of string attribute names from a attributeID list
+ */
+static void schema_fill_from_attribute_list(const struct dsdb_schema *schema,
+					    const struct dsdb_class *c,
+					    const char ***s,
+					    const uint32_t *ids)
+{
+	if (*s == NULL && ids != NULL) {
+		unsigned int i;
+		for (i=0;ids[i];i++) ;
+		*s = talloc_array(c, const char *, i+1);
+		for (i=0;ids[i];i++) {
+			const struct dsdb_attribute *a =
+				dsdb_attribute_by_attributeID_id(schema, ids[i]);
+			if (a) {
+				(*s)[i] = a->lDAPDisplayName;
+			} else {
+				(*s)[i] = NULL;				
+			}
+		}
+		(*s)[i] = NULL;				
+	}
+}
+
+/*
+  if the schema came from DRS then some attributes will be setup as IDs
+ */
+static void schema_fill_from_ids(const struct dsdb_schema *schema)
+{
+	struct dsdb_class *c;
+	for (c=schema->classes; c; c=c->next) {
+		schema_fill_from_class_one(schema, c, &c->subClassOf, c->subClassOf_id);
+		schema_fill_from_attribute_list(schema, c, &c->systemMayContain, c->systemMayContain_ids);
+		schema_fill_from_attribute_list(schema, c, &c->systemMustContain, c->systemMustContain_ids);
+		schema_fill_from_attribute_list(schema, c, &c->mustContain, c->mustContain_ids);
+		schema_fill_from_attribute_list(schema, c, &c->mayContain, c->mayContain_ids);
+		schema_fill_from_class_list(schema, c, &c->possSuperiors, c->possSuperiors_ids);
+		schema_fill_from_class_list(schema, c, &c->systemPossSuperiors, c->systemPossSuperiors_ids);
+		schema_fill_from_class_list(schema, c, &c->systemAuxiliaryClass, c->systemAuxiliaryClass_ids);
+		schema_fill_from_class_list(schema, c, &c->auxiliaryClass, c->auxiliaryClass_ids);
+	}
+}
+
+int schema_fill_constructed(const struct dsdb_schema *schema)
+{
+	int ret;
+	struct dsdb_class *schema_class;
+
+	/* make sure we start with a clean cache */
+	for (schema_class=schema->classes; schema_class; schema_class=schema_class->next) {
+		ZERO_STRUCT(schema_class->tmp);
+	}
+
+	schema_fill_from_ids(schema);
+
+	ret = schema_create_subclasses(schema);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	for (schema_class=schema->classes; schema_class; schema_class=schema_class->next) {
+		schema_fill_possible_inferiors(schema, schema_class);
+	}
+
+	/* free up our internal cache elements */
+	for (schema_class=schema->classes; schema_class; schema_class=schema_class->next) {
+		TALLOC_FREE(schema_class->tmp.supclasses);
+		TALLOC_FREE(schema_class->tmp.subclasses_direct);
+		TALLOC_FREE(schema_class->tmp.subclasses);
+		TALLOC_FREE(schema_class->tmp.posssuperiors);
+	}
+
+	return LDB_SUCCESS;
+}
diff --git a/source4/dsdb/schema/schema_info_attr.c b/source4/dsdb/schema/schema_info_attr.c
new file mode 100644
index 0000000..04b2964
--- /dev/null
+++ b/source4/dsdb/schema/schema_info_attr.c
@@ -0,0 +1,235 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   SCHEMA::schemaInfo implementation
+
+   Copyright (C) Kamen Mazdrashki <kamenim@samba.org> 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "dsdb/common/util.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+#include <ldb_module.h>
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "param/param.h"
+
+
+/**
+ * Creates and initializes new dsdb_schema_info value.
+ * Initial schemaInfo values is with:
+ *   revision = 0
+ *   invocationId = GUID_ZERO
+ */
+WERROR dsdb_schema_info_new(TALLOC_CTX *mem_ctx, struct dsdb_schema_info **_schema_info)
+{
+	struct dsdb_schema_info *schema_info;
+
+	schema_info = talloc_zero(mem_ctx, struct dsdb_schema_info);
+	W_ERROR_HAVE_NO_MEMORY(schema_info);
+
+	*_schema_info = schema_info;
+
+	return WERR_OK;
+}
+
+/**
+ * Creates and initializes new dsdb_schema_info blob value.
+ * Initial schemaInfo values is with:
+ *   revision = 0
+ *   invocationId = GUID_ZERO
+ */
+WERROR dsdb_schema_info_blob_new(TALLOC_CTX *mem_ctx, DATA_BLOB *_schema_info_blob)
+{
+	DATA_BLOB blob;
+
+	blob = data_blob_talloc_zero(mem_ctx, 21);
+	W_ERROR_HAVE_NO_MEMORY(blob.data);
+
+	/* Set the schemaInfo marker to 0xFF */
+	blob.data[0] = 0xFF;
+
+	*_schema_info_blob = blob;
+
+	return WERR_OK;
+}
+
+
+/**
+ * Verify the 'blob' is a valid schemaInfo blob
+ */
+bool dsdb_schema_info_blob_is_valid(const DATA_BLOB *blob)
+{
+	if (!blob || !blob->data) {
+		return false;
+	}
+
+	/* schemaInfo blob must be 21 bytes long */
+	if (blob->length != 21) {
+		return false;
+	}
+
+	/* schemaInfo blob should start with 0xFF */
+	if (blob->data[0] != 0xFF) {
+		return false;
+	}
+
+	return true;
+}
+
+/**
+ * Parse schemaInfo structure from a data_blob
+ * (DATA_BLOB or ldb_val).
+ * Suitable for parsing blobs that come from
+ * DRS interface or from LDB database
+ */
+WERROR dsdb_schema_info_from_blob(const DATA_BLOB *blob,
+				  TALLOC_CTX *mem_ctx, struct dsdb_schema_info **_schema_info)
+{
+	TALLOC_CTX *temp_ctx;
+	enum ndr_err_code ndr_err;
+	struct dsdb_schema_info *schema_info;
+	struct schemaInfoBlob schema_info_blob;
+
+	/* verify schemaInfo blob is valid */
+	if (!dsdb_schema_info_blob_is_valid(blob)) {
+		return WERR_INVALID_PARAMETER;
+	}
+
+	temp_ctx = talloc_new(mem_ctx);
+	W_ERROR_HAVE_NO_MEMORY(temp_ctx);
+
+	ndr_err = ndr_pull_struct_blob_all(blob, temp_ctx,
+	                                   &schema_info_blob,
+	                                   (ndr_pull_flags_fn_t)ndr_pull_schemaInfoBlob);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
+		talloc_free(temp_ctx);
+		return ntstatus_to_werror(nt_status);
+	}
+
+	schema_info = talloc(mem_ctx, struct dsdb_schema_info);
+	if (!schema_info) {
+		talloc_free(temp_ctx);
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	/* note that we accept revision numbers of zero now - w2k8r2
+	   sends a revision of zero on initial vampire */
+	schema_info->revision      = schema_info_blob.revision;
+	schema_info->invocation_id = schema_info_blob.invocation_id;
+	*_schema_info = schema_info;
+
+	talloc_free(temp_ctx);
+	return WERR_OK;
+}
+
+/**
+ * Creates a blob from schemaInfo structure
+ * Suitable for packing schemaInfo into a blob
+ * which is to be used in DRS interface of LDB database
+ */
+WERROR dsdb_blob_from_schema_info(const struct dsdb_schema_info *schema_info,
+				  TALLOC_CTX *mem_ctx, DATA_BLOB *blob)
+{
+	enum ndr_err_code ndr_err;
+	struct schemaInfoBlob schema_info_blob;
+
+	schema_info_blob.marker		= 0xFF;
+	schema_info_blob.revision	= schema_info->revision;
+	schema_info_blob.invocation_id  = schema_info->invocation_id;
+
+	ndr_err = ndr_push_struct_blob(blob, mem_ctx,
+	                               &schema_info_blob,
+	                               (ndr_push_flags_fn_t)ndr_push_schemaInfoBlob);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
+		return ntstatus_to_werror(nt_status);
+	}
+
+	return WERR_OK;
+}
+
+/**
+ * Compares schemaInfo signatures in dsdb_schema and prefixMap.
+ * NOTE: At present function compares schemaInfo values
+ * as string without taking into account schemaVersion field
+ *
+ * @return WERR_OK if schemaInfos are equal
+ * 	   WERR_DS_DRA_SCHEMA_MISMATCH if schemaInfos are different
+ */
+WERROR dsdb_schema_info_cmp(const struct dsdb_schema *schema,
+			    const struct drsuapi_DsReplicaOIDMapping_Ctr *ctr)
+{
+	TALLOC_CTX *frame = NULL;
+	DATA_BLOB blob = data_blob_null;
+	struct dsdb_schema_info *schema_info = NULL;
+	const struct drsuapi_DsReplicaOIDMapping *mapping = NULL;
+	WERROR werr;
+
+	/* we should have at least schemaInfo element */
+	if (ctr->num_mappings < 1) {
+		return WERR_INVALID_PARAMETER;
+	}
+
+	/* verify schemaInfo element is valid */
+	mapping = &ctr->mappings[ctr->num_mappings - 1];
+	if (mapping->id_prefix != 0) {
+		return WERR_INVALID_PARAMETER;
+	}
+
+	blob = data_blob_const(mapping->oid.binary_oid, mapping->oid.length);
+	if (!dsdb_schema_info_blob_is_valid(&blob)) {
+		return WERR_INVALID_PARAMETER;
+	}
+
+	frame = talloc_stackframe();
+	werr = dsdb_schema_info_from_blob(&blob, frame, &schema_info);
+	if (!W_ERROR_IS_OK(werr)) {
+		TALLOC_FREE(frame);
+		return werr;
+	}
+
+	/*
+	 * shouldn't really be possible is dsdb_schema_info_from_blob
+	 * succeeded, this check is just to satisfy static checker
+	 */
+	if (schema_info == NULL) {
+		TALLOC_FREE(frame);
+		return WERR_INVALID_PARAMETER;
+	}
+
+	if (schema->schema_info->revision > schema_info->revision) {
+		/*
+		 * It's ok if our schema is newer than the remote one
+		 */
+		werr = WERR_OK;
+	} else if (schema->schema_info->revision < schema_info->revision) {
+		werr = WERR_DS_DRA_SCHEMA_MISMATCH;
+	} else if (!GUID_equal(&schema->schema_info->invocation_id,
+		   &schema_info->invocation_id))
+	{
+		werr = WERR_DS_DRA_SCHEMA_CONFLICT;
+	} else {
+		werr = WERR_OK;
+	}
+
+	TALLOC_FREE(frame);
+	return werr;
+}
+
+
diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c
new file mode 100644
index 0000000..c8197b8
--- /dev/null
+++ b/source4/dsdb/schema/schema_init.c
@@ -0,0 +1,1038 @@
+/* 
+   Unix SMB/CIFS Implementation.
+   DSDB schema header
+   
+   Copyright (C) Stefan Metzmacher <metze@samba.org> 2006-2007
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2006-2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+   
+*/
+
+#include "includes.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
+#include <ldb_errors.h>
+#include "../lib/util/dlinklist.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "param/param.h"
+#include <ldb_module.h>
+#include "../lib/util/asn1.h"
+
+#undef strcasecmp
+
+struct dsdb_schema *dsdb_new_schema(TALLOC_CTX *mem_ctx)
+{
+	struct dsdb_schema *schema = talloc_zero(mem_ctx, struct dsdb_schema);
+	if (!schema) {
+		return NULL;
+	}
+
+	return schema;
+}
+
+struct dsdb_schema *dsdb_schema_copy_shallow(TALLOC_CTX *mem_ctx,
+					     struct ldb_context *ldb,
+					     const struct dsdb_schema *schema)
+{
+	int ret;
+	struct dsdb_class *cls;
+	struct dsdb_attribute *attr;
+	struct dsdb_schema *schema_copy;
+
+	schema_copy = dsdb_new_schema(mem_ctx);
+	if (!schema_copy) {
+		return NULL;
+	}
+
+	/* copy prexiMap & schemaInfo */
+	schema_copy->prefixmap = dsdb_schema_pfm_copy_shallow(schema_copy,
+							      schema->prefixmap);
+	if (!schema_copy->prefixmap) {
+		goto failed;
+	}
+
+	schema_copy->schema_info = talloc(schema_copy, struct dsdb_schema_info);
+	if (!schema_copy->schema_info) {
+		goto failed;
+	}
+	*schema_copy->schema_info = *schema->schema_info;
+
+	/* copy classes and attributes*/
+	for (cls = schema->classes; cls; cls = cls->next) {
+		struct dsdb_class *class_copy = talloc_memdup(schema_copy,
+							      cls, sizeof(*cls));
+		if (!class_copy) {
+			goto failed;
+		}
+		DLIST_ADD(schema_copy->classes, class_copy);
+	}
+	schema_copy->num_classes = schema->num_classes;
+
+	for (attr = schema->attributes; attr; attr = attr->next) {
+		struct dsdb_attribute *a_copy = talloc_memdup(schema_copy,
+							      attr, sizeof(*attr));
+		if (!a_copy) {
+			goto failed;
+		}
+		DLIST_ADD(schema_copy->attributes, a_copy);
+	}
+	schema_copy->num_attributes = schema->num_attributes;
+
+	/* rebuild indexes */
+	ret = dsdb_setup_sorted_accessors(ldb, schema_copy);
+	if (ret != LDB_SUCCESS) {
+		goto failed;
+	}
+
+	/* leave reload_seq_number = 0 so it will be refresh ASAP */
+
+	return schema_copy;
+
+failed:
+	talloc_free(schema_copy);
+	return NULL;
+}
+
+
+WERROR dsdb_load_prefixmap_from_drsuapi(struct dsdb_schema *schema,
+					const struct drsuapi_DsReplicaOIDMapping_Ctr *ctr)
+{
+	WERROR werr;
+	struct dsdb_schema_info *schema_info = NULL;
+	struct dsdb_schema_prefixmap *pfm = NULL;
+
+	werr = dsdb_schema_pfm_from_drsuapi_pfm(ctr, true, schema, &pfm, &schema_info);
+	W_ERROR_NOT_OK_RETURN(werr);
+
+	/* set loaded prefixMap */
+	talloc_free(schema->prefixmap);
+	schema->prefixmap = pfm;
+
+	talloc_free(schema->schema_info);
+	schema->schema_info = schema_info;
+
+	return WERR_OK;
+}
+
+static WERROR _dsdb_prefixmap_from_ldb_val(const struct ldb_val *pfm_ldb_val,
+					   TALLOC_CTX *mem_ctx,
+					   struct dsdb_schema_prefixmap **_pfm)
+{
+	WERROR werr;
+	enum ndr_err_code ndr_err;
+	struct prefixMapBlob pfm_blob;
+
+	TALLOC_CTX *temp_ctx = talloc_new(mem_ctx);
+	W_ERROR_HAVE_NO_MEMORY(temp_ctx);
+
+	ndr_err = ndr_pull_struct_blob(pfm_ldb_val, temp_ctx,
+				&pfm_blob,
+				(ndr_pull_flags_fn_t)ndr_pull_prefixMapBlob);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
+		DEBUG(0,("_dsdb_prefixmap_from_ldb_val: Failed to parse prefixmap of length %u: %s\n",
+			 (unsigned int)pfm_ldb_val->length, ndr_map_error2string(ndr_err)));
+		talloc_free(temp_ctx);
+		return ntstatus_to_werror(nt_status);
+	}
+
+	if (pfm_blob.version != PREFIX_MAP_VERSION_DSDB) {
+		DEBUG(0,("_dsdb_prefixmap_from_ldb_val: pfm_blob->version %u incorrect\n", (unsigned int)pfm_blob.version));
+		talloc_free(temp_ctx);
+		return WERR_VERSION_PARSE_ERROR;
+	}
+
+	/* call the drsuapi version */
+	werr = dsdb_schema_pfm_from_drsuapi_pfm(&pfm_blob.ctr.dsdb, false, mem_ctx, _pfm, NULL);
+	if (!W_ERROR_IS_OK(werr)) {
+		DEBUG(0, (__location__ " dsdb_schema_pfm_from_drsuapi_pfm failed: %s\n", win_errstr(werr)));
+		talloc_free(temp_ctx);
+		return werr;
+	}
+
+	talloc_free(temp_ctx);
+
+	return werr;
+}
+
+WERROR dsdb_load_oid_mappings_ldb(struct dsdb_schema *schema,
+				  const struct ldb_val *prefixMap,
+				  const struct ldb_val *schemaInfo)
+{
+	WERROR werr;
+	struct dsdb_schema_info *schema_info = NULL;
+	struct dsdb_schema_prefixmap *pfm = NULL;
+	TALLOC_CTX *mem_ctx;
+
+	/* verify schemaInfo blob is valid one */
+	if (!dsdb_schema_info_blob_is_valid(schemaInfo)) {
+		DEBUG(0,(__location__": dsdb_schema_info_blob_is_valid() failed.\n"));
+	        return WERR_INVALID_PARAMETER;
+	}
+
+	mem_ctx = talloc_new(schema);
+	W_ERROR_HAVE_NO_MEMORY(mem_ctx);
+
+	/* fetch prefixMap */
+	werr = _dsdb_prefixmap_from_ldb_val(prefixMap,
+					    mem_ctx, &pfm);
+	if (!W_ERROR_IS_OK(werr)) {
+		DEBUG(0, (__location__ " _dsdb_prefixmap_from_ldb_val failed: %s\n", win_errstr(werr)));
+		talloc_free(mem_ctx);
+		return werr;
+	}
+
+	/* decode schema_info */
+	werr = dsdb_schema_info_from_blob(schemaInfo, mem_ctx, &schema_info);
+	if (!W_ERROR_IS_OK(werr)) {
+		DEBUG(0, (__location__ " dsdb_schema_info_from_blob failed: %s\n", win_errstr(werr)));
+		talloc_free(mem_ctx);
+		return werr;
+	}
+
+	/* store prefixMap and schema_info into cached Schema */
+	talloc_free(schema->prefixmap);
+	schema->prefixmap = talloc_steal(schema, pfm);
+
+	talloc_free(schema->schema_info);
+	schema->schema_info = talloc_steal(schema, schema_info);
+
+	/* clean up locally allocated mem */
+	talloc_free(mem_ctx);
+
+	return WERR_OK;
+}
+
+WERROR dsdb_get_oid_mappings_drsuapi(const struct dsdb_schema *schema,
+				     bool include_schema_info,
+				     TALLOC_CTX *mem_ctx,
+				     struct drsuapi_DsReplicaOIDMapping_Ctr **_ctr)
+{
+	return dsdb_drsuapi_pfm_from_schema_pfm(schema->prefixmap,
+						include_schema_info ? schema->schema_info : NULL,
+						mem_ctx, _ctr);
+}
+
+WERROR dsdb_get_drsuapi_prefixmap_as_blob(const struct drsuapi_DsReplicaOIDMapping_Ctr *ctr,
+					  TALLOC_CTX *mem_ctx,
+					  struct ldb_val *prefixMap)
+{
+	struct prefixMapBlob pfm;
+	enum ndr_err_code ndr_err;
+	pfm.version	= PREFIX_MAP_VERSION_DSDB;
+	pfm.reserved	= 0;
+	pfm.ctr.dsdb	= *ctr;
+
+	ndr_err = ndr_push_struct_blob(prefixMap, mem_ctx, &pfm,
+					(ndr_push_flags_fn_t)ndr_push_prefixMapBlob);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
+		return ntstatus_to_werror(nt_status);
+	}
+	return WERR_OK;
+}
+
+WERROR dsdb_get_oid_mappings_ldb(const struct dsdb_schema *schema,
+				 TALLOC_CTX *mem_ctx,
+				 struct ldb_val *prefixMap,
+				 struct ldb_val *schemaInfo)
+{
+	WERROR status;
+	struct drsuapi_DsReplicaOIDMapping_Ctr *ctr;
+
+	status = dsdb_get_oid_mappings_drsuapi(schema, false, mem_ctx, &ctr);
+	W_ERROR_NOT_OK_RETURN(status);
+
+	status = dsdb_get_drsuapi_prefixmap_as_blob(ctr, mem_ctx, prefixMap);
+	talloc_free(ctr);
+	W_ERROR_NOT_OK_RETURN(status);
+
+	status = dsdb_blob_from_schema_info(schema->schema_info, mem_ctx, schemaInfo);
+	W_ERROR_NOT_OK_RETURN(status);
+
+	return WERR_OK;
+}
+
+
+/*
+ * this function is called from within a ldb transaction from the schema_fsmo module
+ */
+WERROR dsdb_create_prefix_mapping(struct ldb_context *ldb, struct dsdb_schema *schema, const char *full_oid)
+{
+	WERROR status;
+	uint32_t attid;
+	TALLOC_CTX *mem_ctx;
+	struct dsdb_schema_prefixmap *pfm;
+	struct dsdb_schema_prefixmap *orig_pfm = NULL;
+
+	mem_ctx = talloc_new(ldb);
+	W_ERROR_HAVE_NO_MEMORY(mem_ctx);
+
+	/* Read prefixes from disk*/
+	status = dsdb_read_prefixes_from_ldb(ldb, mem_ctx, &pfm);
+	if (!W_ERROR_IS_OK(status)) {
+		DEBUG(0,("dsdb_create_prefix_mapping: dsdb_read_prefixes_from_ldb: %s\n",
+			win_errstr(status)));
+		talloc_free(mem_ctx);
+		return status;
+	}
+
+	/* Check if there is a prefix for the oid in the prefixes array*/
+	status = dsdb_schema_pfm_find_oid(pfm, full_oid, NULL);
+	if (W_ERROR_IS_OK(status)) {
+		/* prefix found*/
+		talloc_free(mem_ctx);
+		return status;
+	} else if (!W_ERROR_EQUAL(status, WERR_NOT_FOUND)) {
+		/* error */
+		DEBUG(0,("dsdb_create_prefix_mapping: dsdb_find_prefix_for_oid: %s\n",
+			win_errstr(status)));
+		talloc_free(mem_ctx);
+		return status;
+	}
+
+	/* Create the new mapping for the prefix of full_oid */
+	status = dsdb_schema_pfm_make_attid(pfm, full_oid, &attid);
+	if (!W_ERROR_IS_OK(status)) {
+		DEBUG(0,("dsdb_create_prefix_mapping: dsdb_schema_pfm_make_attid: %s\n",
+			win_errstr(status)));
+		talloc_free(mem_ctx);
+		return status;
+	}
+
+	/*
+	 * We temporary replcate schema->prefixmap.
+	 */
+	orig_pfm = schema->prefixmap;
+	schema->prefixmap = pfm;
+
+	/* Update prefixMap in ldb*/
+	status = dsdb_write_prefixes_from_schema_to_ldb(mem_ctx, ldb, schema);
+	if (!W_ERROR_IS_OK(status)) {
+		DEBUG(0,("dsdb_create_prefix_mapping: dsdb_write_prefixes_to_ldb: %s\n",
+			win_errstr(status)));
+		talloc_free(mem_ctx);
+		return status;
+	}
+
+	DEBUG(2,(__location__ " Added prefixMap %s - now have %u prefixes\n",
+		 full_oid, schema->prefixmap->length));
+
+	/*
+	 * We restore the original prefix map.
+	 *
+	 * The next schema reload should get an updated prefix map!
+	 */
+	schema->prefixmap = orig_pfm;
+
+	talloc_free(mem_ctx);
+	return status;
+}
+
+
+WERROR dsdb_write_prefixes_from_schema_to_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *ldb,
+					      const struct dsdb_schema *schema)
+{
+	WERROR status;
+	int ldb_ret;
+	struct ldb_message *msg;
+	struct ldb_dn *schema_dn;
+	struct prefixMapBlob pfm_blob;
+	struct ldb_val ndr_blob;
+	enum ndr_err_code ndr_err;
+	TALLOC_CTX *temp_ctx;
+	struct drsuapi_DsReplicaOIDMapping_Ctr *ctr;
+
+	schema_dn = ldb_get_schema_basedn(ldb);
+	if (!schema_dn) {
+		DEBUG(0,("dsdb_write_prefixes_from_schema_to_ldb: no schema dn present\n"));
+		return WERR_FOOBAR;
+	}
+
+	temp_ctx = talloc_new(mem_ctx);
+	W_ERROR_HAVE_NO_MEMORY(temp_ctx);
+
+	/* convert schema_prefixMap to prefixMap blob */
+	status = dsdb_get_oid_mappings_drsuapi(schema, false, temp_ctx, &ctr);
+	if (!W_ERROR_IS_OK(status)) {
+		talloc_free(temp_ctx);
+		return status;
+	}
+
+	pfm_blob.version	= PREFIX_MAP_VERSION_DSDB;
+	pfm_blob.ctr.dsdb	= *ctr;
+
+	ndr_err = ndr_push_struct_blob(&ndr_blob, temp_ctx,
+				       &pfm_blob,
+				       (ndr_push_flags_fn_t)ndr_push_prefixMapBlob);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(temp_ctx);
+		return WERR_FOOBAR;
+	}
+ 
+	/* write serialized prefixMap into LDB */
+	msg = ldb_msg_new(temp_ctx);
+	if (!msg) {
+		talloc_free(temp_ctx);
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	msg->dn = schema_dn;
+	ldb_ret = ldb_msg_add_value(msg, "prefixMap", &ndr_blob, NULL);
+	if (ldb_ret != 0) {
+		talloc_free(temp_ctx);
+		DEBUG(0,("dsdb_write_prefixes_from_schema_to_ldb: ldb_msg_add_value failed\n"));	
+		return WERR_NOT_ENOUGH_MEMORY;
+ 	}
+ 
+	ldb_ret = dsdb_replace(ldb, msg, DSDB_FLAG_AS_SYSTEM);
+
+	talloc_free(temp_ctx);
+
+	if (ldb_ret != 0) {
+		DEBUG(0,("dsdb_write_prefixes_from_schema_to_ldb: dsdb_replace failed\n"));
+		return WERR_FOOBAR;
+ 	}
+ 
+	return WERR_OK;
+}
+
+WERROR dsdb_read_prefixes_from_ldb(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, struct dsdb_schema_prefixmap **_pfm)
+{
+	WERROR werr;
+	int ldb_ret;
+	const struct ldb_val *prefix_val;
+	struct ldb_dn *schema_dn;
+	struct ldb_result *schema_res = NULL;
+	static const char *schema_attrs[] = {
+		"prefixMap",
+		NULL
+	};
+
+	schema_dn = ldb_get_schema_basedn(ldb);
+	if (!schema_dn) {
+		DEBUG(0,("dsdb_read_prefixes_from_ldb: no schema dn present\n"));
+		return WERR_FOOBAR;
+	}
+
+	ldb_ret = ldb_search(ldb, mem_ctx, &schema_res, schema_dn, LDB_SCOPE_BASE, schema_attrs, NULL);
+	if (ldb_ret == LDB_ERR_NO_SUCH_OBJECT) {
+		DEBUG(0,("dsdb_read_prefixes_from_ldb: no prefix map present\n"));
+		talloc_free(schema_res);
+		return WERR_FOOBAR;
+	} else if (ldb_ret != LDB_SUCCESS) {
+		DEBUG(0,("dsdb_read_prefixes_from_ldb: failed to search the schema head\n"));
+		talloc_free(schema_res);
+		return WERR_FOOBAR;
+	}
+
+	prefix_val = ldb_msg_find_ldb_val(schema_res->msgs[0], "prefixMap");
+	if (!prefix_val) {
+		DEBUG(0,("dsdb_read_prefixes_from_ldb: no prefixMap attribute found\n"));
+		talloc_free(schema_res);
+		return WERR_FOOBAR;
+	}
+
+	werr = _dsdb_prefixmap_from_ldb_val(prefix_val,
+					    mem_ctx,
+					    _pfm);
+	talloc_free(schema_res);
+	W_ERROR_NOT_OK_RETURN(werr);
+
+	return WERR_OK;
+}
+
+/*
+  this will be replaced with something that looks at the right part of
+  the schema once we know where unique indexing information is hidden
+ */
+static bool dsdb_schema_unique_attribute(const char *attr)
+{
+	const char *attrs[] = { "objectGUID", NULL };
+	unsigned int i;
+	for (i=0;attrs[i];i++) {
+		if (ldb_attr_cmp(attr, attrs[i]) == 0) {
+			return true;
+		}
+	}
+	return false;
+}
+
+
+/*
+  setup the ldb_schema_attribute field for a dsdb_attribute
+ */
+static int dsdb_schema_setup_ldb_schema_attribute(struct ldb_context *ldb, 
+						  struct dsdb_attribute *attr)
+{
+	const char *syntax = attr->syntax->ldb_syntax;
+	const struct ldb_schema_syntax *s;
+	struct ldb_schema_attribute *a;
+
+	if (!syntax) {
+		syntax = attr->syntax->ldap_oid;
+	}
+
+	s = ldb_samba_syntax_by_lDAPDisplayName(ldb, attr->lDAPDisplayName);
+	if (s == NULL) {
+		s = ldb_samba_syntax_by_name(ldb, syntax);
+	}
+	if (s == NULL) {
+		s = ldb_standard_syntax_by_name(ldb, syntax);
+	}
+
+	if (s == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	attr->ldb_schema_attribute = a = talloc(attr, struct ldb_schema_attribute);
+	if (attr->ldb_schema_attribute == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	a->name = attr->lDAPDisplayName;
+	a->flags = 0;
+	a->syntax = s;
+
+	if (dsdb_schema_unique_attribute(a->name)) {
+		a->flags |= LDB_ATTR_FLAG_UNIQUE_INDEX;
+	}
+	if (attr->isSingleValued) {
+		a->flags |= LDB_ATTR_FLAG_SINGLE_VALUE;
+	}
+
+	/*
+	 * Is the attribute indexed? By treating confidential attributes as
+	 * unindexed, we force searches to go through the unindexed search path,
+	 * avoiding observable timing differences.
+	 */
+	if (attr->searchFlags & SEARCH_FLAG_ATTINDEX &&
+	    !(attr->searchFlags & SEARCH_FLAG_CONFIDENTIAL))
+	{
+		a->flags |= LDB_ATTR_FLAG_INDEXED;
+	}
+
+	
+	return LDB_SUCCESS;
+}
+
+
+#define GET_STRING_LDB(msg, attr, mem_ctx, p, elem, strict) do { \
+	const struct ldb_val *get_string_val = ldb_msg_find_ldb_val(msg, attr); \
+	if (get_string_val == NULL) { \
+		if (strict) {					  \
+			d_printf("%s: %s == NULL in %s\n", __location__, attr, ldb_dn_get_linearized(msg->dn)); \
+			return WERR_INVALID_PARAMETER;			\
+		} else {						\
+			(p)->elem = NULL;				\
+		}							\
+	} else {							\
+		(p)->elem = talloc_strndup(mem_ctx,			\
+					   (const char *)get_string_val->data, \
+					   get_string_val->length); \
+		if (!(p)->elem) {					\
+			d_printf("%s: talloc_strndup failed for %s\n", __location__, attr); \
+			return WERR_NOT_ENOUGH_MEMORY;				\
+		}							\
+	}								\
+} while (0)
+
+#define GET_STRING_LIST_LDB(msg, attr, mem_ctx, p, elem) do {	\
+	int get_string_list_counter;					\
+	struct ldb_message_element *get_string_list_el = ldb_msg_find_element(msg, attr); \
+	/* We may get empty attributes over the replication channel */	\
+	if (get_string_list_el == NULL || get_string_list_el->num_values == 0) {				\
+		(p)->elem = NULL;					\
+		break;							\
+	}								\
+	(p)->elem = talloc_array(mem_ctx, const char *, get_string_list_el->num_values + 1); \
+        for (get_string_list_counter=0;					\
+	     get_string_list_counter < get_string_list_el->num_values;	\
+	     get_string_list_counter++) {				\
+		(p)->elem[get_string_list_counter] = talloc_strndup((p)->elem, \
+								    (const char *)get_string_list_el->values[get_string_list_counter].data, \
+								    get_string_list_el->values[get_string_list_counter].length); \
+		if (!(p)->elem[get_string_list_counter]) {		\
+			d_printf("%s: talloc_strndup failed for %s\n", __location__, attr); \
+			return WERR_NOT_ENOUGH_MEMORY;				\
+		}							\
+		(p)->elem[get_string_list_counter+1] = NULL;		\
+	}								\
+	talloc_steal(mem_ctx, (p)->elem);				\
+} while (0)
+
+#define GET_BOOL_LDB(msg, attr, p, elem, strict) do { \
+	const char *str; \
+	str = ldb_msg_find_attr_as_string(msg, attr, NULL);\
+	if (str == NULL) { \
+		if (strict) { \
+			d_printf("%s: %s == NULL\n", __location__, attr); \
+			return WERR_INVALID_PARAMETER; \
+		} else { \
+			(p)->elem = false; \
+		} \
+	} else if (strcasecmp("TRUE", str) == 0) { \
+		(p)->elem = true; \
+	} else if (strcasecmp("FALSE", str) == 0) { \
+		(p)->elem = false; \
+	} else { \
+		d_printf("%s: %s == %s\n", __location__, attr, str); \
+		return WERR_INVALID_PARAMETER; \
+	} \
+} while (0)
+
+#define GET_UINT32_LDB(msg, attr, p, elem) do { \
+	(p)->elem = ldb_msg_find_attr_as_uint(msg, attr, 0);\
+} while (0)
+
+#define GET_UINT32_PTR_LDB(msg, attr, mem_ctx, p, elem) do {		\
+	uint64_t _v = ldb_msg_find_attr_as_uint64(msg, attr, UINT64_MAX);\
+	if (_v == UINT64_MAX) { \
+		(p)->elem = NULL; \
+	} else if (_v > UINT32_MAX) { \
+		d_printf("%s: %s == 0x%llX\n", __location__, \
+			 attr, (unsigned long long)_v); \
+		return WERR_INVALID_PARAMETER; \
+	} else { \
+		(p)->elem = talloc(mem_ctx, uint32_t); \
+		if (!(p)->elem) { \
+			d_printf("%s: talloc failed for %s\n", __location__, attr); \
+			return WERR_NOT_ENOUGH_MEMORY; \
+		} \
+		*(p)->elem = (uint32_t)_v; \
+	} \
+} while (0)
+
+#define GET_GUID_LDB(msg, attr, p, elem) do { \
+	(p)->elem = samdb_result_guid(msg, attr);\
+} while (0)
+
+#define GET_BLOB_LDB(msg, attr, mem_ctx, p, elem) do { \
+	const struct ldb_val *_val;\
+	_val = ldb_msg_find_ldb_val(msg, attr);\
+	if (_val) {\
+		(p)->elem = *_val;\
+		talloc_steal(mem_ctx, (p)->elem.data);\
+	} else {\
+		ZERO_STRUCT((p)->elem);\
+	}\
+} while (0)
+
+/** Create an dsdb_attribute out of ldb message, attr must be already talloced
+ *
+ * If supplied the attribute will be checked against the prefixmap to
+ * ensure it can be mapped.  However we can't have this attribute
+ * const as dsdb_schema_pfm_attid_from_oid calls
+ * dsdb_schema_pfm_make_attid_impl() which may modify prefixmap in
+ * other situations.
+ */
+
+WERROR dsdb_attribute_from_ldb(struct dsdb_schema_prefixmap *prefixmap,
+			       struct ldb_message *msg,
+			       struct dsdb_attribute *attr)
+{
+	WERROR status;
+	if (attr == NULL) {
+		DEBUG(0, ("%s: attr is null, it's expected not to be so\n", __location__));
+		return WERR_INVALID_PARAMETER;
+	}
+
+	GET_STRING_LDB(msg, "cn", attr, attr, cn, false);
+
+	/*
+	 * This allows for the fact that the CN attribute is not
+	 * replicated over DRS, it is only replicated under the alias
+	 * 'name'.
+	 */
+	if (attr->cn == NULL) {
+		GET_STRING_LDB(msg, "name", attr, attr, cn, true);
+	}
+
+	GET_STRING_LDB(msg, "lDAPDisplayName", attr, attr, lDAPDisplayName, true);
+	GET_STRING_LDB(msg, "attributeID", attr, attr, attributeID_oid, true);
+	if (!prefixmap || prefixmap->length == 0) {
+		/* set an invalid value */
+		attr->attributeID_id = DRSUAPI_ATTID_INVALID;
+	} else {
+		status = dsdb_schema_pfm_attid_from_oid(prefixmap,
+							attr->attributeID_oid,
+							&attr->attributeID_id);
+		if (!W_ERROR_IS_OK(status)) {
+			DEBUG(0,("%s: '%s': unable to map attributeID %s: %s\n",
+				__location__, attr->lDAPDisplayName, attr->attributeID_oid,
+				win_errstr(status)));
+			return status;
+		}
+	}
+	/* fetch msDS-IntId to be used in resolving ATTRTYP values */
+	GET_UINT32_LDB(msg, "msDS-IntId", attr, msDS_IntId);
+
+	GET_GUID_LDB(msg, "schemaIDGUID", attr, schemaIDGUID);
+	GET_UINT32_LDB(msg, "mAPIID", attr, mAPIID);
+
+	GET_GUID_LDB(msg, "attributeSecurityGUID", attr, attributeSecurityGUID);
+
+	GET_GUID_LDB(msg, "objectGUID", attr, objectGUID);
+
+	GET_UINT32_LDB(msg, "searchFlags", attr, searchFlags);
+	GET_UINT32_LDB(msg, "systemFlags", attr, systemFlags);
+	GET_BOOL_LDB(msg, "isMemberOfPartialAttributeSet", attr, isMemberOfPartialAttributeSet, false);
+	GET_UINT32_LDB(msg, "linkID", attr, linkID);
+
+	GET_STRING_LDB(msg, "attributeSyntax", attr, attr, attributeSyntax_oid, true);
+	if (!prefixmap || prefixmap->length == 0) {
+		/* set an invalid value */
+		attr->attributeSyntax_id = DRSUAPI_ATTID_INVALID;
+	} else {
+		status = dsdb_schema_pfm_attid_from_oid(prefixmap,
+							attr->attributeSyntax_oid,
+							&attr->attributeSyntax_id);
+		if (!W_ERROR_IS_OK(status)) {
+			DEBUG(0,("%s: '%s': unable to map attributeSyntax_ %s: %s\n",
+				__location__, attr->lDAPDisplayName, attr->attributeSyntax_oid,
+				win_errstr(status)));
+			return status;
+		}
+	}
+	GET_UINT32_LDB(msg, "oMSyntax", attr, oMSyntax);
+	GET_BLOB_LDB(msg, "oMObjectClass", attr, attr, oMObjectClass);
+
+	GET_BOOL_LDB(msg, "isSingleValued", attr, isSingleValued, true);
+	GET_UINT32_PTR_LDB(msg, "rangeLower", attr, attr, rangeLower);
+	GET_UINT32_PTR_LDB(msg, "rangeUpper", attr, attr, rangeUpper);
+	GET_BOOL_LDB(msg, "extendedCharsAllowed", attr, extendedCharsAllowed, false);
+
+	GET_UINT32_LDB(msg, "schemaFlagsEx", attr, schemaFlagsEx);
+	GET_BLOB_LDB(msg, "msDs-Schema-Extensions", attr, attr, msDs_Schema_Extensions);
+
+	GET_BOOL_LDB(msg, "showInAdvancedViewOnly", attr, showInAdvancedViewOnly, false);
+	GET_STRING_LDB(msg, "adminDisplayName", attr, attr, adminDisplayName, false);
+	GET_STRING_LDB(msg, "adminDescription", attr, attr, adminDescription, false);
+	GET_STRING_LDB(msg, "classDisplayName", attr, attr, classDisplayName, false);
+	GET_BOOL_LDB(msg, "isEphemeral", attr, isEphemeral, false);
+	GET_BOOL_LDB(msg, "isDefunct", attr, isDefunct, false);
+	GET_BOOL_LDB(msg, "systemOnly", attr, systemOnly, false);
+
+	return WERR_OK;
+}
+
+WERROR dsdb_set_attribute_from_ldb_dups(struct ldb_context *ldb,
+					struct dsdb_schema *schema,
+					struct ldb_message *msg,
+					bool checkdups)
+{
+	WERROR status;
+	struct dsdb_attribute *attr = talloc_zero(schema, struct dsdb_attribute);
+	if (!attr) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	status = dsdb_attribute_from_ldb(schema->prefixmap, msg, attr);
+	if (!W_ERROR_IS_OK(status)) {
+		return status;
+	}
+
+	attr->syntax = dsdb_syntax_for_attribute(attr);
+	if (!attr->syntax) {
+		DEBUG(0,(__location__ ": Unknown schema syntax for %s\n",
+			 attr->lDAPDisplayName));
+		return WERR_DS_ATT_SCHEMA_REQ_SYNTAX;
+	}
+
+	if (dsdb_schema_setup_ldb_schema_attribute(ldb, attr) != LDB_SUCCESS) {
+		DEBUG(0,(__location__ ": Unknown schema syntax for %s - ldb_syntax: %s, ldap_oid: %s\n",
+			 attr->lDAPDisplayName,
+			 attr->syntax->ldb_syntax,
+			 attr->syntax->ldap_oid));
+		return WERR_DS_ATT_SCHEMA_REQ_SYNTAX;
+	}
+
+	if (checkdups) {
+		const struct dsdb_attribute *a2;
+		struct dsdb_attribute **a;
+		uint32_t i;
+
+		a2 = dsdb_attribute_by_attributeID_id(schema,
+						      attr->attributeID_id);
+		if (a2 == NULL) {
+			goto done;
+		}
+
+		i = schema->attributes_to_remove_size;
+		a = talloc_realloc(schema, schema->attributes_to_remove,
+				   struct dsdb_attribute *, i + 1);
+		if (a == NULL) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+		/* Mark the old attribute as to be removed */
+		a[i] = discard_const_p(struct dsdb_attribute, a2);
+		schema->attributes_to_remove = a;
+		schema->attributes_to_remove_size++;
+	}
+
+done:
+	DLIST_ADD(schema->attributes, attr);
+	return WERR_OK;
+}
+
+WERROR dsdb_set_attribute_from_ldb(struct ldb_context *ldb,
+				   struct dsdb_schema *schema,
+				   struct ldb_message *msg)
+{
+	return dsdb_set_attribute_from_ldb_dups(ldb, schema, msg, false);
+}
+
+WERROR dsdb_set_class_from_ldb_dups(struct dsdb_schema *schema,
+				    struct ldb_message *msg,
+				    bool checkdups)
+{
+	WERROR status;
+	struct dsdb_class *obj = talloc_zero(schema, struct dsdb_class);
+	if (!obj) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+	GET_STRING_LDB(msg, "cn", obj, obj, cn, false);
+
+	/*
+	 * This allows for the fact that the CN attribute is not
+	 * replicated over DRS, it is only replicated under the alias
+	 * 'name'.
+	 */
+	if (obj->cn == NULL) {
+		GET_STRING_LDB(msg, "name", obj, obj, cn, true);
+	}
+
+	GET_STRING_LDB(msg, "lDAPDisplayName", obj, obj, lDAPDisplayName, true);
+	GET_STRING_LDB(msg, "governsID", obj, obj, governsID_oid, true);
+	if (!schema->prefixmap || schema->prefixmap->length == 0) {
+		/* set an invalid value */
+		obj->governsID_id = DRSUAPI_ATTID_INVALID;
+	} else {
+		status = dsdb_schema_pfm_attid_from_oid(schema->prefixmap,
+							obj->governsID_oid,
+							&obj->governsID_id);
+		if (!W_ERROR_IS_OK(status)) {
+			DEBUG(0,("%s: '%s': unable to map governsID %s: %s\n",
+				__location__, obj->lDAPDisplayName, obj->governsID_oid,
+				win_errstr(status)));
+			return status;
+		}
+	}
+	GET_GUID_LDB(msg, "schemaIDGUID", obj, schemaIDGUID);
+	GET_GUID_LDB(msg, "objectGUID", obj, objectGUID);
+
+	GET_UINT32_LDB(msg, "objectClassCategory", obj, objectClassCategory);
+	GET_STRING_LDB(msg, "rDNAttID", obj, obj, rDNAttID, false);
+	GET_STRING_LDB(msg, "defaultObjectCategory", obj, obj, defaultObjectCategory, true);
+ 
+	GET_STRING_LDB(msg, "subClassOf", obj, obj, subClassOf, true);
+
+	GET_STRING_LIST_LDB(msg, "systemAuxiliaryClass", obj, obj, systemAuxiliaryClass);
+	GET_STRING_LIST_LDB(msg, "auxiliaryClass", obj, obj, auxiliaryClass);
+
+	GET_STRING_LIST_LDB(msg, "systemMustContain", obj, obj, systemMustContain);
+	GET_STRING_LIST_LDB(msg, "systemMayContain", obj, obj, systemMayContain);
+	GET_STRING_LIST_LDB(msg, "mustContain", obj, obj, mustContain);
+	GET_STRING_LIST_LDB(msg, "mayContain", obj, obj, mayContain);
+
+	GET_STRING_LIST_LDB(msg, "systemPossSuperiors", obj, obj, systemPossSuperiors);
+	GET_STRING_LIST_LDB(msg, "possSuperiors", obj, obj, possSuperiors);
+
+	GET_STRING_LDB(msg, "defaultSecurityDescriptor", obj, obj, defaultSecurityDescriptor, false);
+
+	GET_UINT32_LDB(msg, "schemaFlagsEx", obj, schemaFlagsEx);
+	GET_UINT32_LDB(msg, "systemFlags", obj, systemFlags);
+	GET_BLOB_LDB(msg, "msDs-Schema-Extensions", obj, obj, msDs_Schema_Extensions);
+
+	GET_BOOL_LDB(msg, "showInAdvancedViewOnly", obj, showInAdvancedViewOnly, false);
+	GET_STRING_LDB(msg, "adminDisplayName", obj, obj, adminDisplayName, false);
+	GET_STRING_LDB(msg, "adminDescription", obj, obj, adminDescription, false);
+	GET_STRING_LDB(msg, "classDisplayName", obj, obj, classDisplayName, false);
+	GET_BOOL_LDB(msg, "defaultHidingValue", obj, defaultHidingValue, false);
+	GET_BOOL_LDB(msg, "isDefunct", obj, isDefunct, false);
+	GET_BOOL_LDB(msg, "systemOnly", obj, systemOnly, false);
+
+	if (checkdups) {
+		const struct dsdb_class *c2;
+		struct dsdb_class **c;
+		uint32_t i;
+
+		c2 = dsdb_class_by_governsID_id(schema, obj->governsID_id);
+		if (c2 == NULL) {
+			goto done;
+		}
+
+		i = schema->classes_to_remove_size;
+		c = talloc_realloc(schema, schema->classes_to_remove,
+				   struct dsdb_class *, i + 1);
+		if (c == NULL) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+		/* Mark the old class to be removed */
+		c[i] = discard_const_p(struct dsdb_class, c2);
+		schema->classes_to_remove = c;
+		schema->classes_to_remove_size++;
+	}
+
+done:
+	DLIST_ADD(schema->classes, obj);
+	return WERR_OK;
+}
+
+WERROR dsdb_set_class_from_ldb(struct dsdb_schema *schema,
+			       struct ldb_message *msg)
+{
+	return dsdb_set_class_from_ldb_dups(schema, msg, false);
+}
+
+#define dsdb_oom(error_string, mem_ctx) *error_string = talloc_asprintf(mem_ctx, "dsdb out of memory at %s:%d\n", __FILE__, __LINE__)
+
+/* 
+ Fill a DSDB schema from the ldb results provided.  This is called
+ directly when a schema must be created with a pre-initialised prefixMap
+*/
+
+int dsdb_load_ldb_results_into_schema(TALLOC_CTX *mem_ctx, struct ldb_context *ldb,
+				      struct dsdb_schema *schema,
+				      struct ldb_result *attrs_class_res,
+				      char **error_string)
+{
+	unsigned int i;
+	WERROR status;
+
+	schema->ts_last_change = 0;
+	for (i=0; i < attrs_class_res->count; i++) {
+		const char *prefixMap = NULL;
+		/*
+		 * attrs_class_res also includes the schema object;
+		 * we only want to process classes & attributes
+		 */
+		prefixMap = ldb_msg_find_attr_as_string(
+				attrs_class_res->msgs[i],
+				"prefixMap", NULL);
+		if (prefixMap != NULL) {
+			continue;
+		}
+
+		status = dsdb_schema_set_el_from_ldb_msg(ldb, schema,
+							 attrs_class_res->msgs[i]);
+		if (!W_ERROR_IS_OK(status)) {
+			*error_string = talloc_asprintf(mem_ctx,
+				      "dsdb_load_ldb_results_into_schema: failed to load attribute or class definition: %s:%s",
+				      ldb_dn_get_linearized(attrs_class_res->msgs[i]->dn),
+				      win_errstr(status));
+			DEBUG(0,(__location__ ": %s\n", *error_string));
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+	}
+
+	return LDB_SUCCESS;
+}
+
+/*
+ Create a DSDB schema from the ldb results provided.  This is called
+ directly when the schema is provisioned from an on-disk LDIF file, or
+ from dsdb_schema_from_schema_dn in schema_fsmo
+*/
+
+int dsdb_schema_from_ldb_results(TALLOC_CTX *mem_ctx, struct ldb_context *ldb,
+				 struct ldb_message *schema_msg,
+				 struct ldb_result *attrs_class_res,
+				 struct dsdb_schema **schema_out,
+				 char **error_string)
+{
+	WERROR status;
+	const struct ldb_val *prefix_val;
+	const struct ldb_val *info_val;
+	struct ldb_val info_val_default;
+	struct dsdb_schema *schema;
+	void *lp_opaque = ldb_get_opaque(ldb, "loadparm");
+	int ret;
+
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	if (!tmp_ctx) {
+		dsdb_oom(error_string, mem_ctx);
+		return ldb_operr(ldb);
+	}
+
+	schema = dsdb_new_schema(tmp_ctx);
+	if (!schema) {
+		dsdb_oom(error_string, mem_ctx);
+		talloc_free(tmp_ctx);
+		return ldb_operr(ldb);
+	}
+
+	if (lp_opaque) {
+		struct loadparm_context *lp_ctx = talloc_get_type_abort(lp_opaque, struct loadparm_context);
+		schema->fsmo.update_allowed = lpcfg_parm_bool(lp_ctx, NULL,
+							      "dsdb", "schema update allowed",
+							      false);
+	}
+
+	prefix_val = ldb_msg_find_ldb_val(schema_msg, "prefixMap");
+	if (!prefix_val) {
+		*error_string = talloc_asprintf(mem_ctx, 
+						"schema_fsmo_init: no prefixMap attribute found");
+		DEBUG(0,(__location__ ": %s\n", *error_string));
+		talloc_free(tmp_ctx);
+		return LDB_ERR_CONSTRAINT_VIOLATION;
+	}
+	info_val = ldb_msg_find_ldb_val(schema_msg, "schemaInfo");
+	if (!info_val) {
+		status = dsdb_schema_info_blob_new(mem_ctx, &info_val_default);
+		if (!W_ERROR_IS_OK(status)) {
+			*error_string = talloc_asprintf(mem_ctx,
+			                                "schema_fsmo_init: dsdb_schema_info_blob_new() failed - %s",
+			                                win_errstr(status));
+			DEBUG(0,(__location__ ": %s\n", *error_string));
+			talloc_free(tmp_ctx);
+			return ldb_operr(ldb);
+		}
+		info_val = &info_val_default;
+	}
+
+	status = dsdb_load_oid_mappings_ldb(schema, prefix_val, info_val);
+	if (!W_ERROR_IS_OK(status)) {
+		*error_string = talloc_asprintf(mem_ctx, 
+			      "schema_fsmo_init: failed to load oid mappings: %s",
+			      win_errstr(status));
+		DEBUG(0,(__location__ ": %s\n", *error_string));
+		talloc_free(tmp_ctx);
+		return LDB_ERR_CONSTRAINT_VIOLATION;
+	}
+
+	ret = dsdb_load_ldb_results_into_schema(mem_ctx, ldb, schema, attrs_class_res, error_string);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	schema->fsmo.master_dn = ldb_msg_find_attr_as_dn(ldb, schema, schema_msg, "fSMORoleOwner");
+	if (ldb_dn_compare(samdb_ntds_settings_dn(ldb, tmp_ctx), schema->fsmo.master_dn) == 0) {
+		schema->fsmo.we_are_master = true;
+	} else {
+		schema->fsmo.we_are_master = false;
+	}
+
+	DEBUG(5, ("schema_fsmo_init: we are master[%s] updates allowed[%s]\n",
+		  (schema->fsmo.we_are_master?"yes":"no"),
+		  (schema->fsmo.update_allowed?"yes":"no")));
+
+	*schema_out = talloc_steal(mem_ctx, schema);
+	talloc_free(tmp_ctx);
+	return LDB_SUCCESS;
+}
diff --git a/source4/dsdb/schema/schema_prefixmap.c b/source4/dsdb/schema/schema_prefixmap.c
new file mode 100644
index 0000000..3a6a130
--- /dev/null
+++ b/source4/dsdb/schema/schema_prefixmap.c
@@ -0,0 +1,710 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   DRS::prefixMap implementation
+
+   Copyright (C) Kamen Mazdrashki <kamen.mazdrashki@postpath.com> 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "dsdb/samdb/samdb.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "../lib/util/asn1.h"
+#include "lib/util/smb_strtox.h"
+
+
+/**
+ * Determine range type for supplied ATTID
+ */
+enum dsdb_attid_type dsdb_pfm_get_attid_type(uint32_t attid)
+{
+	if (attid <= 0x7FFFFFFF) {
+		return DSDB_ATTID_TYPE_PFM;
+	}
+	else if (attid <= 0xBFFFFFFF) {
+		return DSDB_ATTID_TYPE_INTID;
+	}
+	else if (attid <= 0xFFFEFFFF) {
+		return DSDB_ATTID_TYPE_RESERVED;
+	}
+	else {
+		return DSDB_ATTID_TYPE_INTERNAL;
+	}
+}
+
+/**
+ * Allocates schema_prefixMap object in supplied memory context
+ */
+static struct dsdb_schema_prefixmap *_dsdb_schema_prefixmap_talloc(TALLOC_CTX *mem_ctx,
+								   uint32_t length)
+{
+	struct dsdb_schema_prefixmap *pfm;
+
+	pfm = talloc_zero(mem_ctx, struct dsdb_schema_prefixmap);
+	if (!pfm) {
+		return NULL;
+	}
+
+	pfm->length = length;
+	pfm->prefixes = talloc_zero_array(pfm, struct dsdb_schema_prefixmap_oid,
+					  pfm->length);
+	if (!pfm->prefixes) {
+		talloc_free(pfm);
+		return NULL;
+	}
+
+	return pfm;
+}
+
+/**
+ * Initial prefixMap creation according to:
+ * [MS-DRSR] section 5.12.2
+ */
+WERROR dsdb_schema_pfm_new(TALLOC_CTX *mem_ctx, struct dsdb_schema_prefixmap **_pfm)
+{
+	uint32_t i;
+	struct dsdb_schema_prefixmap *pfm;
+	const struct {
+		uint32_t	id;
+		const char	*oid_prefix;
+	} pfm_init_data[] = {
+		{.id=0x00000000, .oid_prefix="2.5.4"},
+		{.id=0x00000001, .oid_prefix="2.5.6"},
+		{.id=0x00000002, .oid_prefix="1.2.840.113556.1.2"},
+		{.id=0x00000003, .oid_prefix="1.2.840.113556.1.3"},
+		{.id=0x00000004, .oid_prefix="2.16.840.1.101.2.2.1"},
+		{.id=0x00000005, .oid_prefix="2.16.840.1.101.2.2.3"},
+		{.id=0x00000006, .oid_prefix="2.16.840.1.101.2.1.5"},
+		{.id=0x00000007, .oid_prefix="2.16.840.1.101.2.1.4"},
+		{.id=0x00000008, .oid_prefix="2.5.5"},
+		{.id=0x00000009, .oid_prefix="1.2.840.113556.1.4"},
+		{.id=0x0000000A, .oid_prefix="1.2.840.113556.1.5"},
+		{.id=0x00000013, .oid_prefix="0.9.2342.19200300.100"},
+		{.id=0x00000014, .oid_prefix="2.16.840.1.113730.3"},
+		{.id=0x00000015, .oid_prefix="0.9.2342.19200300.100.1"},
+		{.id=0x00000016, .oid_prefix="2.16.840.1.113730.3.1"},
+		{.id=0x00000017, .oid_prefix="1.2.840.113556.1.5.7000"},
+		{.id=0x00000018, .oid_prefix="2.5.21"},
+		{.id=0x00000019, .oid_prefix="2.5.18"},
+		{.id=0x0000001A, .oid_prefix="2.5.20"},
+	};
+
+	/* allocate mem for prefix map */
+	pfm = _dsdb_schema_prefixmap_talloc(mem_ctx, ARRAY_SIZE(pfm_init_data));
+	W_ERROR_HAVE_NO_MEMORY(pfm);
+
+	/* build prefixes */
+	for (i = 0; i < pfm->length; i++) {
+		if (!ber_write_partial_OID_String(pfm, &pfm->prefixes[i].bin_oid, pfm_init_data[i].oid_prefix)) {
+			talloc_free(pfm);
+			return WERR_INTERNAL_ERROR;
+		}
+		pfm->prefixes[i].id = pfm_init_data[i].id;
+	}
+
+	*_pfm = pfm;
+
+	return WERR_OK;
+}
+
+
+struct dsdb_schema_prefixmap *dsdb_schema_pfm_copy_shallow(TALLOC_CTX *mem_ctx,
+							   const struct dsdb_schema_prefixmap *pfm)
+{
+	uint32_t i;
+	struct dsdb_schema_prefixmap *pfm_copy;
+
+	pfm_copy = _dsdb_schema_prefixmap_talloc(mem_ctx, pfm->length);
+	if (!pfm_copy) {
+		return NULL;
+	}
+	for (i = 0; i < pfm_copy->length; i++) {
+		pfm_copy->prefixes[i] = pfm->prefixes[i];
+	}
+
+	return pfm_copy;
+}
+
+/**
+ * Adds oid to prefix map.
+ * On success returns ID for newly added index
+ * or ID of existing entry that matches oid
+ * Reference: [MS-DRSR] section 5.12.2
+ *
+ * \param pfm prefixMap
+ * \param bin_oid OID prefix to be added to prefixMap
+ * \param pfm_id Location where to store prefixMap entry ID
+ */
+WERROR dsdb_schema_pfm_add_entry(struct dsdb_schema_prefixmap *pfm,
+				 DATA_BLOB bin_oid,
+				 const uint32_t *remote_id,
+				 uint32_t *_idx)
+{
+	uint32_t i;
+	struct dsdb_schema_prefixmap_oid * pfm_entry;
+	struct dsdb_schema_prefixmap_oid * prefixes_new;
+
+	/* dup memory for bin-oid prefix to be added */
+	bin_oid = data_blob_dup_talloc(pfm, bin_oid);
+	W_ERROR_HAVE_NO_MEMORY(bin_oid.data);
+
+	/* make room for new entry */
+	prefixes_new = talloc_realloc(pfm, pfm->prefixes, struct dsdb_schema_prefixmap_oid, pfm->length + 1);
+	if (!prefixes_new) {
+		talloc_free(bin_oid.data);
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+	pfm->prefixes = prefixes_new;
+
+	/* make new unique ID in prefixMap */
+	pfm_entry = &pfm->prefixes[pfm->length];
+	pfm_entry->id = 0;
+	for (i = 0; i < pfm->length; i++) {
+		if (pfm_entry->id < pfm->prefixes[i].id) {
+			pfm_entry->id = pfm->prefixes[i].id;
+		}
+
+		if (remote_id == NULL) {
+			continue;
+		}
+
+		if (pfm->prefixes[i].id == *remote_id) {
+			/*
+			 * We can't use the remote id.
+			 * it's already in use.
+			 */
+			remote_id = NULL;
+		}
+	}
+
+	/* add new bin-oid prefix */
+	if (remote_id != NULL) {
+		pfm_entry->id = *remote_id;
+	} else {
+		pfm_entry->id++;
+	}
+	pfm_entry->bin_oid = bin_oid;
+
+	if (_idx != NULL) {
+		*_idx = pfm->length;
+	}
+	pfm->length++;
+
+	return WERR_OK;
+}
+
+
+/**
+ * Make partial binary OID for supplied OID.
+ * Reference: [MS-DRSR] section 5.12.2
+ */
+static WERROR _dsdb_pfm_make_binary_oid(const char *full_oid, TALLOC_CTX *mem_ctx,
+					DATA_BLOB *_bin_oid, uint32_t *_last_subid)
+{
+	uint32_t last_subid;
+	const char *oid_subid;
+	int error = 0;
+
+	/* make last sub-identifier value */
+	oid_subid = strrchr(full_oid, '.');
+	if (!oid_subid) {
+		return WERR_INVALID_PARAMETER;
+	}
+	oid_subid++;
+	last_subid = smb_strtoul(oid_subid, NULL, 10, &error, SMB_STR_STANDARD);
+	if (error != 0) {
+		return WERR_INVALID_PARAMETER;
+	}
+
+	/* encode oid in BER format */
+	if (!ber_write_OID_String(mem_ctx, _bin_oid, full_oid)) {
+		DEBUG(0,("ber_write_OID_String() failed for %s\n", full_oid));
+		return WERR_INTERNAL_ERROR;
+	}
+
+	/* get the prefix of the OID */
+	if (last_subid < 128) {
+		_bin_oid->length -= 1;
+	} else {
+		_bin_oid->length -= 2;
+	}
+
+	/* return last_value if requested */
+	if (_last_subid) {
+		*_last_subid = last_subid;
+	}
+
+	return WERR_OK;
+}
+
+/**
+ * Lookup partial-binary-oid in prefixMap
+ */
+WERROR dsdb_schema_pfm_find_binary_oid(const struct dsdb_schema_prefixmap *pfm,
+				       DATA_BLOB bin_oid,
+				       uint32_t *_idx)
+{
+	uint32_t i;
+
+	for (i = 0; i < pfm->length; i++) {
+		if (pfm->prefixes[i].bin_oid.length != bin_oid.length) {
+			continue;
+		}
+
+		if (memcmp(pfm->prefixes[i].bin_oid.data, bin_oid.data, bin_oid.length) == 0) {
+			if (_idx) {
+				*_idx = i;
+			}
+			return WERR_OK;
+		}
+	}
+
+	return WERR_NOT_FOUND;
+}
+
+/**
+ * Lookup full-oid in prefixMap
+ * Note: this may be slow.
+ */
+WERROR dsdb_schema_pfm_find_oid(const struct dsdb_schema_prefixmap *pfm,
+				const char *full_oid,
+				uint32_t *_idx)
+{
+	WERROR werr;
+	DATA_BLOB bin_oid;
+
+	ZERO_STRUCT(bin_oid);
+
+	/* make partial-binary-oid to look for */
+	werr = _dsdb_pfm_make_binary_oid(full_oid, NULL, &bin_oid, NULL);
+	W_ERROR_NOT_OK_RETURN(werr);
+
+	/* lookup the partial-oid */
+	werr = dsdb_schema_pfm_find_binary_oid(pfm, bin_oid, _idx);
+
+	data_blob_free(&bin_oid);
+
+	return werr;
+}
+
+/**
+ * Make ATTID for given OID
+ * If OID is not in prefixMap, new prefix
+ * may be added depending on 'can_change_pfm' flag
+ * Reference: [MS-DRSR] section 5.12.2
+ */
+static WERROR dsdb_schema_pfm_make_attid_impl(struct dsdb_schema_prefixmap *pfm,
+					      const char *oid,
+					      bool can_change_pfm,
+					      uint32_t *attid)
+{
+	WERROR werr;
+	uint32_t idx;
+	uint32_t lo_word, hi_word;
+	uint32_t last_subid;
+	DATA_BLOB bin_oid;
+
+	if (!pfm) {
+		return WERR_INVALID_PARAMETER;
+	}
+	if (!oid) {
+		return WERR_INVALID_PARAMETER;
+	}
+
+	werr = _dsdb_pfm_make_binary_oid(oid, pfm, &bin_oid, &last_subid);
+	W_ERROR_NOT_OK_RETURN(werr);
+
+	/* search the prefix in the prefix table, if none found, add
+	 * one entry for new prefix.
+	 */
+	werr = dsdb_schema_pfm_find_binary_oid(pfm, bin_oid, &idx);
+	if (W_ERROR_IS_OK(werr)) {
+		/* free memory allocated for bin_oid */
+		data_blob_free(&bin_oid);
+	} else {
+		/* return error in read-only mode */
+		if (!can_change_pfm) {
+			DEBUG(0, ("Unable to convert %s to an attid, and can_change_pfm=false!\n", oid));
+			return werr;
+		}
+
+		/* entry does not exists, add it */
+		werr = dsdb_schema_pfm_add_entry(pfm, bin_oid, NULL, &idx);
+		W_ERROR_NOT_OK_RETURN(werr);
+	}
+
+	/* compose the attid */
+	lo_word = last_subid % 16384;	/* actually get lower 14 bits: lo_word & 0x3FFF */
+	if (last_subid >= 16384) {
+		/* mark it so that it is known to not be the whole lastValue
+		 * This will raise 16-th bit*/
+		lo_word += 32768;
+	}
+	hi_word = pfm->prefixes[idx].id;
+
+	/* make ATTID:
+	 * HIWORD is prefixMap id
+	 * LOWORD is truncated binary-oid */
+	*attid = (hi_word * 65536) + lo_word;
+
+	return WERR_OK;
+}
+
+/**
+ * Make ATTID for given OID
+ * Reference: [MS-DRSR] section 5.12.2
+ *
+ * Note: This function may change prefixMap if prefix
+ * for supplied 'oid' doesn't exists yet.
+ * It is recommended to be used mostly when caller
+ * want to add new prefixes.
+ * Otherwise dsdb_schema_pfm_attid_from_oid() should be used.
+ */
+WERROR dsdb_schema_pfm_make_attid(struct dsdb_schema_prefixmap *pfm,
+				  const char *oid,
+				  uint32_t *attid)
+{
+	return dsdb_schema_pfm_make_attid_impl(pfm, oid, true, attid);
+}
+
+/**
+ * Make ATTID for given OID
+ * Reference: [MS-DRSR] section 5.12.2
+ */
+WERROR dsdb_schema_pfm_attid_from_oid(struct dsdb_schema_prefixmap *pfm,
+				      const char *oid,
+				      uint32_t *attid)
+{
+	return dsdb_schema_pfm_make_attid_impl(pfm, oid, false, attid);
+}
+
+/**
+ * Make OID for given ATTID.
+ * Reference: [MS-DRSR] section 5.12.2
+ */
+WERROR dsdb_schema_pfm_oid_from_attid(const struct dsdb_schema_prefixmap *pfm,
+				      uint32_t attid,
+				      TALLOC_CTX *mem_ctx, const char **_oid)
+{
+	uint32_t i;
+	uint32_t hi_word, lo_word;
+	DATA_BLOB bin_oid = {NULL, 0};
+	char *oid;
+	struct dsdb_schema_prefixmap_oid *pfm_entry;
+	WERROR werr = WERR_OK;
+
+	/* sanity check for attid requested */
+	if (dsdb_pfm_get_attid_type(attid) != DSDB_ATTID_TYPE_PFM) {
+		return WERR_INVALID_PARAMETER;
+	}
+
+	/* crack attid value */
+	hi_word = attid >> 16;
+	lo_word = attid & 0xFFFF;
+
+	/* locate corRespoNding prefixMap entry */
+	pfm_entry = NULL;
+	for (i = 0; i < pfm->length; i++) {
+		if (hi_word == pfm->prefixes[i].id) {
+			pfm_entry = &pfm->prefixes[i];
+			break;
+		}
+	}
+
+	if (!pfm_entry) {
+		DEBUG(1,("Failed to find prefixMap entry for ATTID = 0x%08X (%d)\n",
+			 attid, attid));
+		return WERR_DS_NO_ATTRIBUTE_OR_VALUE;
+	}
+
+	/* copy oid prefix making enough room */
+	bin_oid.length = pfm_entry->bin_oid.length + 2;
+	bin_oid.data = talloc_array(mem_ctx, uint8_t, bin_oid.length);
+	W_ERROR_HAVE_NO_MEMORY(bin_oid.data);
+	memcpy(bin_oid.data, pfm_entry->bin_oid.data, pfm_entry->bin_oid.length);
+
+	if (lo_word < 128) {
+		bin_oid.length = bin_oid.length - 1;
+		bin_oid.data[bin_oid.length-1] = lo_word;
+	}
+	else {
+		if (lo_word >= 32768) {
+			lo_word -= 32768;
+		}
+		bin_oid.data[bin_oid.length-2] = (0x80 | ((lo_word>>7) & 0x7f));
+		bin_oid.data[bin_oid.length-1] = lo_word & 0x7f;
+	}
+
+	if (!ber_read_OID_String(mem_ctx, bin_oid, &oid)) {
+		DEBUG(0,("ber_read_OID_String() failed for %s\n",
+			 hex_encode_talloc(bin_oid.data, bin_oid.data, bin_oid.length)));
+		werr = WERR_INTERNAL_ERROR;
+	}
+
+	/* free locally allocated memory */
+	talloc_free(bin_oid.data);
+
+	*_oid = oid;
+
+	return werr;
+}
+
+
+/**
+ * Verifies drsuapi mappings.
+ */
+static WERROR _dsdb_drsuapi_pfm_verify(const struct drsuapi_DsReplicaOIDMapping_Ctr *ctr,
+				       bool have_schema_info)
+{
+	uint32_t i;
+	uint32_t num_mappings;
+	struct drsuapi_DsReplicaOIDMapping *mapping;
+
+	/* check input params */
+	if (!ctr) {
+		return WERR_INVALID_PARAMETER;
+	}
+	if (!ctr->mappings) {
+		return WERR_INVALID_PARAMETER;
+	}
+	num_mappings = ctr->num_mappings;
+
+	if (have_schema_info) {
+		DATA_BLOB blob;
+
+		if (ctr->num_mappings < 2) {
+			return WERR_INVALID_PARAMETER;
+		}
+
+		/* check last entry for being special */
+		mapping = &ctr->mappings[ctr->num_mappings - 1];
+		if (mapping->id_prefix != 0) {
+			return WERR_INVALID_PARAMETER;
+		}
+
+		/* verify schemaInfo blob is valid one */
+		blob = data_blob_const(mapping->oid.binary_oid, mapping->oid.length);
+		if (!dsdb_schema_info_blob_is_valid(&blob)) {
+			return WERR_INVALID_PARAMETER;
+		}
+
+		/* get number of read mappings in the map */
+		num_mappings--;
+	}
+
+	/* now, verify rest of entries for being at least not null */
+	for (i = 0; i < num_mappings; i++) {
+		mapping = &ctr->mappings[i];
+		if (!mapping->oid.length) {
+			return WERR_INVALID_PARAMETER;
+		}
+		if (!mapping->oid.binary_oid) {
+			return WERR_INVALID_PARAMETER;
+		}
+		/* check it is not the special entry */
+		if (*mapping->oid.binary_oid == 0xFF) {
+			return WERR_INVALID_PARAMETER;
+		}
+	}
+
+	return WERR_OK;
+}
+
+/**
+ * Convert drsuapi_ prefix map to prefixMap internal presentation.
+ *
+ * \param ctr Pointer to drsuapi_DsReplicaOIDMapping_Ctr which represents drsuapi_ prefixMap
+ * \param have_schema_info if drsuapi_prefixMap have schem_info in it or not
+ * \param mem_ctx TALLOC_CTX to make allocations in
+ * \param _pfm Out pointer to hold newly created prefixMap
+ * \param _schema_info Out param to store schema_info to. If NULL, schema_info is not decoded
+ */
+WERROR dsdb_schema_pfm_from_drsuapi_pfm(const struct drsuapi_DsReplicaOIDMapping_Ctr *ctr,
+					bool have_schema_info,
+					TALLOC_CTX *mem_ctx,
+					struct dsdb_schema_prefixmap **_pfm,
+					struct dsdb_schema_info **_schema_info)
+{
+	WERROR werr;
+	uint32_t i;
+	DATA_BLOB blob;
+	uint32_t num_mappings;
+	struct dsdb_schema_prefixmap *pfm;
+
+	if (!_pfm) {
+		return WERR_INVALID_PARAMETER;
+	}
+
+	/*
+	 * error out if schema_info is requested
+	 * but it is not in the drsuapi_prefixMap
+	 */
+	if (_schema_info && !have_schema_info) {
+		return WERR_INVALID_PARAMETER;
+	}
+
+	/* verify drsuapi_pefixMap */
+	werr =_dsdb_drsuapi_pfm_verify(ctr, have_schema_info);
+	W_ERROR_NOT_OK_RETURN(werr);
+
+	/* allocate mem for prefix map */
+	num_mappings = ctr->num_mappings;
+	if (have_schema_info) {
+		num_mappings--;
+	}
+	pfm = _dsdb_schema_prefixmap_talloc(mem_ctx, num_mappings);
+	W_ERROR_HAVE_NO_MEMORY(pfm);
+
+	/* copy entries from drsuapi_prefixMap */
+	for (i = 0; i < pfm->length; i++) {
+		blob = data_blob_talloc(pfm,
+					ctr->mappings[i].oid.binary_oid,
+					ctr->mappings[i].oid.length);
+		if (!blob.data) {
+			talloc_free(pfm);
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+		pfm->prefixes[i].id = ctr->mappings[i].id_prefix;
+		pfm->prefixes[i].bin_oid = blob;
+	}
+
+	/* fetch schema_info if requested */
+	if (_schema_info) {
+		/* by this time, i should have this value,
+		 *  but set it here for clarity */
+		i = ctr->num_mappings - 1;
+
+		blob = data_blob_const(ctr->mappings[i].oid.binary_oid,
+				       ctr->mappings[i].oid.length);
+		werr = dsdb_schema_info_from_blob(&blob, mem_ctx, _schema_info);
+		if (!W_ERROR_IS_OK(werr)) {
+			talloc_free(pfm);
+			return werr;
+		}
+	}
+
+	/* schema_prefixMap created successfully */
+	*_pfm = pfm;
+
+	return WERR_OK;
+}
+
+/**
+ * Convert drsuapi_ prefix map to prefixMap internal presentation.
+ *
+ * \param pfm Schema prefixMap to be converted
+ * \param schema_info schema_info string - if NULL, we don't need it
+ * \param mem_ctx TALLOC_CTX to make allocations in
+ * \param _ctr Out pointer to drsuapi_DsReplicaOIDMapping_Ctr prefix map structure
+ */
+WERROR dsdb_drsuapi_pfm_from_schema_pfm(const struct dsdb_schema_prefixmap *pfm,
+					const struct dsdb_schema_info *schema_info,
+					TALLOC_CTX *mem_ctx,
+					struct drsuapi_DsReplicaOIDMapping_Ctr **_ctr)
+{
+	uint32_t i;
+	DATA_BLOB blob;
+	struct drsuapi_DsReplicaOIDMapping_Ctr *ctr;
+
+	if (!_ctr) {
+		return WERR_INVALID_PARAMETER;
+	}
+	if (!pfm) {
+		return WERR_INVALID_PARAMETER;
+	}
+	if (pfm->length == 0) {
+		return WERR_INVALID_PARAMETER;
+	}
+
+	/* allocate memory for the structure */
+	ctr = talloc_zero(mem_ctx, struct drsuapi_DsReplicaOIDMapping_Ctr);
+	W_ERROR_HAVE_NO_MEMORY(ctr);
+
+	ctr->num_mappings = (schema_info ? pfm->length + 1 : pfm->length);
+	ctr->mappings = talloc_array(ctr, struct drsuapi_DsReplicaOIDMapping, ctr->num_mappings);
+	if (!ctr->mappings) {
+		talloc_free(ctr);
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	/* copy entries from schema_prefixMap */
+	for (i = 0; i < pfm->length; i++) {
+		blob = data_blob_dup_talloc(ctr, pfm->prefixes[i].bin_oid);
+		if (!blob.data) {
+			talloc_free(ctr);
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+		ctr->mappings[i].id_prefix = pfm->prefixes[i].id;
+		ctr->mappings[i].oid.length = blob.length;
+		ctr->mappings[i].oid.binary_oid = blob.data;
+	}
+
+	/* make schema_info entry if needed */
+	if (schema_info) {
+		WERROR werr;
+
+		/* by this time, i should have this value,
+		 *  but set it here for clarity */
+		i = ctr->num_mappings - 1;
+
+		werr = dsdb_blob_from_schema_info(schema_info, ctr, &blob);
+		if (!W_ERROR_IS_OK(werr)) {
+			talloc_free(ctr);
+			return werr;
+		}
+
+		ctr->mappings[i].id_prefix = 0;
+		ctr->mappings[i].oid.length = blob.length;
+		ctr->mappings[i].oid.binary_oid = blob.data;
+	}
+
+	/* drsuapi_prefixMap constructed successfully */
+	*_ctr = ctr;
+
+	return WERR_OK;
+}
+
+/**
+ * Verifies schema prefixMap and drsuapi prefixMap are same.
+ * Note that we just need to verify pfm contains prefixes
+ * from ctr, not that those prefixes has same id_prefix.
+ */
+WERROR dsdb_schema_pfm_contains_drsuapi_pfm(const struct dsdb_schema_prefixmap *pfm,
+					    const struct drsuapi_DsReplicaOIDMapping_Ctr *ctr)
+{
+	WERROR werr;
+	uint32_t i;
+	uint32_t idx;
+	DATA_BLOB bin_oid;
+
+	/* verify drsuapi_pefixMap */
+	werr = _dsdb_drsuapi_pfm_verify(ctr, true);
+	W_ERROR_NOT_OK_RETURN(werr);
+
+	/* check pfm contains every entry from ctr, except the last one */
+	for (i = 0; i < ctr->num_mappings - 1; i++) {
+		bin_oid.length = ctr->mappings[i].oid.length;
+		bin_oid.data   = ctr->mappings[i].oid.binary_oid;
+
+		werr = dsdb_schema_pfm_find_binary_oid(pfm, bin_oid, &idx);
+		if (!W_ERROR_IS_OK(werr)) {
+			return WERR_DS_DRA_SCHEMA_MISMATCH;
+		}
+	}
+
+	return WERR_OK;
+}
diff --git a/source4/dsdb/schema/schema_query.c b/source4/dsdb/schema/schema_query.c
new file mode 100644
index 0000000..0721e99
--- /dev/null
+++ b/source4/dsdb/schema/schema_query.c
@@ -0,0 +1,620 @@
+/* 
+   Unix SMB/CIFS Implementation.
+   DSDB schema header
+   
+   Copyright (C) Stefan Metzmacher <metze@samba.org> 2006-2007
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2006-2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+   
+*/
+
+#include "includes.h"
+#include "dsdb/samdb/samdb.h"
+#include <ldb_module.h>
+#include "lib/util/binsearch.h"
+#include "lib/util/tsort.h"
+#include "util/dlinklist.h"
+
+#undef strcasecmp
+#undef strncasecmp
+
+static const char **dsdb_full_attribute_list_internal(TALLOC_CTX *mem_ctx, 
+						      const struct dsdb_schema *schema, 
+						      const char **class_list,
+						      enum dsdb_attr_list_query query);
+
+static int uint32_cmp(uint32_t c1, uint32_t c2) 
+{
+	if (c1 == c2) return 0;
+	return c1 > c2 ? 1 : -1;
+}
+
+static int strcasecmp_with_ldb_val(const struct ldb_val *target, const char *str)
+{
+	int ret = strncasecmp((const char *)target->data, str, target->length);
+	if (ret == 0) {
+		size_t len = strlen(str);
+		if (target->length > len) {
+			if (target->data[len] == 0) {
+				return 0;
+			}
+			return 1;
+		}
+		return (target->length - len);
+	}
+	return ret;
+}
+
+const struct dsdb_attribute *dsdb_attribute_by_attributeID_id(const struct dsdb_schema *schema,
+							      uint32_t id)
+{
+	struct dsdb_attribute *c;
+
+	/*
+	 * 0xFFFFFFFF is used as value when no mapping table is available,
+	 * so don't try to match with it
+	 */
+	if (id == 0xFFFFFFFF) return NULL;
+
+	/* check for msDS-IntId type attribute */
+	if (dsdb_pfm_get_attid_type(id) == DSDB_ATTID_TYPE_INTID) {
+		BINARY_ARRAY_SEARCH_P(schema->attributes_by_msDS_IntId,
+				      schema->num_int_id_attr, msDS_IntId, id, uint32_cmp, c);
+		return c;
+	}
+
+	BINARY_ARRAY_SEARCH_P(schema->attributes_by_attributeID_id,
+			      schema->num_attributes, attributeID_id, id, uint32_cmp, c);
+	return c;
+}
+
+const struct dsdb_attribute *dsdb_attribute_by_attributeID_oid(const struct dsdb_schema *schema,
+							       const char *oid)
+{
+	struct dsdb_attribute *c;
+
+	if (!oid) return NULL;
+
+	BINARY_ARRAY_SEARCH_P(schema->attributes_by_attributeID_oid,
+			      schema->num_attributes, attributeID_oid, oid, strcasecmp, c);
+	return c;
+}
+
+const struct dsdb_attribute *dsdb_attribute_by_lDAPDisplayName(const struct dsdb_schema *schema,
+							       const char *name)
+{
+	struct dsdb_attribute *c;
+
+	if (!name) return NULL;
+
+	BINARY_ARRAY_SEARCH_P(schema->attributes_by_lDAPDisplayName,
+			      schema->num_attributes, lDAPDisplayName, name, strcasecmp, c);
+	return c;
+}
+
+const struct dsdb_attribute *dsdb_attribute_by_lDAPDisplayName_ldb_val(const struct dsdb_schema *schema,
+								       const struct ldb_val *name)
+{
+	struct dsdb_attribute *a;
+
+	if (!name) return NULL;
+
+	BINARY_ARRAY_SEARCH_P(schema->attributes_by_lDAPDisplayName,
+			      schema->num_attributes, lDAPDisplayName, name, strcasecmp_with_ldb_val, a);
+	return a;
+}
+
+const struct dsdb_attribute *dsdb_attribute_by_linkID(const struct dsdb_schema *schema,
+						      int linkID)
+{
+	struct dsdb_attribute *c;
+
+	BINARY_ARRAY_SEARCH_P(schema->attributes_by_linkID,
+			      schema->num_attributes, linkID, linkID, uint32_cmp, c);
+	return c;
+}
+
+const struct dsdb_attribute *dsdb_attribute_by_cn_ldb_val(const struct dsdb_schema *schema,
+							  const struct ldb_val *cn)
+{
+	struct dsdb_attribute *c;
+
+	BINARY_ARRAY_SEARCH_P(schema->attributes_by_cn,
+			      schema->num_attributes, cn, cn, strcasecmp_with_ldb_val, c);
+	return c;
+}
+
+const struct dsdb_class *dsdb_class_by_governsID_id(const struct dsdb_schema *schema,
+						    uint32_t id)
+{
+	struct dsdb_class *c;
+
+	/*
+	 * 0xFFFFFFFF is used as value when no mapping table is available,
+	 * so don't try to match with it
+	 */
+	if (id == 0xFFFFFFFF) return NULL;
+
+	BINARY_ARRAY_SEARCH_P(schema->classes_by_governsID_id,
+			      schema->num_classes, governsID_id, id, uint32_cmp, c);
+	return c;
+}
+
+const struct dsdb_class *dsdb_class_by_governsID_oid(const struct dsdb_schema *schema,
+						     const char *oid)
+{
+	struct dsdb_class *c;
+	if (!oid) return NULL;
+	BINARY_ARRAY_SEARCH_P(schema->classes_by_governsID_oid,
+			      schema->num_classes, governsID_oid, oid, strcasecmp, c);
+	return c;
+}
+
+const struct dsdb_class *dsdb_class_by_lDAPDisplayName(const struct dsdb_schema *schema,
+						       const char *name)
+{
+	struct dsdb_class *c;
+	if (!name) return NULL;
+	BINARY_ARRAY_SEARCH_P(schema->classes_by_lDAPDisplayName,
+			      schema->num_classes, lDAPDisplayName, name, strcasecmp, c);
+	return c;
+}
+
+const struct dsdb_class *dsdb_class_by_lDAPDisplayName_ldb_val(const struct dsdb_schema *schema,
+							       const struct ldb_val *name)
+{
+	struct dsdb_class *c;
+	if (!name) return NULL;
+	BINARY_ARRAY_SEARCH_P(schema->classes_by_lDAPDisplayName,
+			      schema->num_classes, lDAPDisplayName, name, strcasecmp_with_ldb_val, c);
+	return c;
+}
+
+const struct dsdb_class *dsdb_class_by_cn_ldb_val(const struct dsdb_schema *schema,
+						  const struct ldb_val *cn)
+{
+	struct dsdb_class *c;
+	if (!cn) return NULL;
+	BINARY_ARRAY_SEARCH_P(schema->classes_by_cn,
+			      schema->num_classes, cn, cn, strcasecmp_with_ldb_val, c);
+	return c;
+}
+
+const char *dsdb_lDAPDisplayName_by_id(const struct dsdb_schema *schema,
+				       uint32_t id)
+{
+	const struct dsdb_attribute *a;
+	const struct dsdb_class *c;
+
+	a = dsdb_attribute_by_attributeID_id(schema, id);
+	if (a) {
+		return a->lDAPDisplayName;
+	}
+
+	c = dsdb_class_by_governsID_id(schema, id);
+	if (c) {
+		return c->lDAPDisplayName;
+	}
+
+	return NULL;
+}
+
+/** 
+    Return a list of linked attributes, in lDAPDisplayName format.
+
+    This may be used to determine if a modification would require
+    backlinks to be updated, for example
+*/
+
+WERROR dsdb_linked_attribute_lDAPDisplayName_list(const struct dsdb_schema *schema, TALLOC_CTX *mem_ctx, const char ***attr_list_ret)
+{
+	const char **attr_list = NULL;
+	struct dsdb_attribute *cur;
+	unsigned int i = 0;
+	for (cur = schema->attributes; cur; cur = cur->next) {
+		if (cur->linkID == 0) continue;
+		
+		attr_list = talloc_realloc(mem_ctx, attr_list, const char *, i+2);
+		if (!attr_list) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+		attr_list[i] = cur->lDAPDisplayName;
+		i++;
+	}
+	if (attr_list != NULL && attr_list[i] != NULL) {
+		attr_list[i] = NULL;
+	}
+	*attr_list_ret = attr_list;
+	return WERR_OK;
+}
+
+const char **merge_attr_list(TALLOC_CTX *mem_ctx, 
+		       const char **attrs, const char * const*new_attrs) 
+{
+	const char **ret_attrs;
+	unsigned int i;
+	size_t new_len, new_attr_len, orig_len = str_list_length(attrs);
+	if (new_attrs == NULL || new_attrs[0] == NULL) {
+		return attrs;
+	}
+	new_attr_len = str_list_length(new_attrs);
+
+	ret_attrs = talloc_realloc(mem_ctx,
+				   attrs, const char *, orig_len + new_attr_len + 1);
+	if (ret_attrs) {
+		for (i = 0; i < new_attr_len; i++) {
+			ret_attrs[orig_len + i] = new_attrs[i];
+		}
+		new_len = orig_len + new_attr_len;
+
+		ret_attrs[new_len] = NULL;
+	}
+
+	return ret_attrs;
+}
+
+/*
+  Return a merged list of the attributes of exactly one class (not
+  considering subclasses, auxiliary classes etc)
+*/
+
+const char **dsdb_attribute_list(TALLOC_CTX *mem_ctx, const struct dsdb_class *sclass, enum dsdb_attr_list_query query)
+{
+	const char **attr_list = NULL;
+	switch (query) {
+	case DSDB_SCHEMA_ALL_MAY:
+		attr_list = merge_attr_list(mem_ctx, attr_list, sclass->mayContain);
+		attr_list = merge_attr_list(mem_ctx, attr_list, sclass->systemMayContain);
+		break;
+		
+	case DSDB_SCHEMA_ALL_MUST:
+		attr_list = merge_attr_list(mem_ctx, attr_list, sclass->mustContain);
+		attr_list = merge_attr_list(mem_ctx, attr_list, sclass->systemMustContain);
+		break;
+		
+	case DSDB_SCHEMA_SYS_MAY:
+		attr_list = merge_attr_list(mem_ctx, attr_list, sclass->systemMayContain);
+		break;
+		
+	case DSDB_SCHEMA_SYS_MUST:
+		attr_list = merge_attr_list(mem_ctx, attr_list, sclass->systemMustContain);
+		break;
+		
+	case DSDB_SCHEMA_MAY:
+		attr_list = merge_attr_list(mem_ctx, attr_list, sclass->mayContain);
+		break;
+		
+	case DSDB_SCHEMA_MUST:
+		attr_list = merge_attr_list(mem_ctx, attr_list, sclass->mustContain);
+		break;
+		
+	case DSDB_SCHEMA_ALL:
+		attr_list = merge_attr_list(mem_ctx, attr_list, sclass->mayContain);
+		attr_list = merge_attr_list(mem_ctx, attr_list, sclass->systemMayContain);
+		attr_list = merge_attr_list(mem_ctx, attr_list, sclass->mustContain);
+		attr_list = merge_attr_list(mem_ctx, attr_list, sclass->systemMustContain);
+		break;
+	}
+	return attr_list;
+}
+
+static const char **attribute_list_from_class(TALLOC_CTX *mem_ctx,
+					      const struct dsdb_schema *schema, 
+					      const struct dsdb_class *sclass,
+					      enum dsdb_attr_list_query query) 
+{
+	const char **this_class_list;
+	const char **system_recursive_list;
+	const char **recursive_list;
+	const char **attr_list;
+
+	this_class_list = dsdb_attribute_list(mem_ctx, sclass, query);
+	
+	recursive_list = dsdb_full_attribute_list_internal(mem_ctx, schema, 
+							   sclass->systemAuxiliaryClass,
+							   query);
+	
+	system_recursive_list = dsdb_full_attribute_list_internal(mem_ctx, schema, 
+								  sclass->auxiliaryClass,
+								  query);
+	
+	attr_list = this_class_list;
+	attr_list = merge_attr_list(mem_ctx, attr_list, recursive_list);
+	attr_list = merge_attr_list(mem_ctx, attr_list, system_recursive_list);
+	return attr_list;
+}
+
+/* Return a full attribute list for a given class list
+
+   Via attribute_list_from_class() this calls itself when recursing on auxiliary classes
+ */
+static const char **dsdb_full_attribute_list_internal(TALLOC_CTX *mem_ctx, 
+						      const struct dsdb_schema *schema, 
+						      const char **class_list,
+						      enum dsdb_attr_list_query query)
+{
+	unsigned int i;
+	const char **attr_list = NULL;
+
+	for (i=0; class_list && class_list[i]; i++) {
+		const char **sclass_list
+			= attribute_list_from_class(mem_ctx, schema,
+						    dsdb_class_by_lDAPDisplayName(schema, class_list[i]),
+						    query);
+
+		attr_list = merge_attr_list(mem_ctx, attr_list, sclass_list);
+	}
+	return attr_list;
+}
+
+/* Return a full attribute list for a given class list (as a ldb_message_element)
+
+   Using the ldb_message_element ensures we do length-limited
+   comparisons, rather than casting the possibly-unterminated string
+
+   Via attribute_list_from_class() this calls 
+   dsdb_full_attribute_list_internal() when recursing on auxiliary classes
+ */
+static const char **dsdb_full_attribute_list_internal_el(TALLOC_CTX *mem_ctx, 
+							 const struct dsdb_schema *schema, 
+							 const struct ldb_message_element *el,
+							 enum dsdb_attr_list_query query)
+{
+	unsigned int i;
+	const char **attr_list = NULL;
+
+	for (i=0; i < el->num_values; i++) {
+		const char **sclass_list
+			= attribute_list_from_class(mem_ctx, schema,
+						    dsdb_class_by_lDAPDisplayName_ldb_val(schema, &el->values[i]),
+						    query);
+		
+		attr_list = merge_attr_list(mem_ctx, attr_list, sclass_list);
+	}
+	return attr_list;
+}
+
+static int qsort_string(const char **s1, const char **s2)
+{
+	return strcasecmp(*s1, *s2);
+}
+
+/* Helper function to remove duplicates from the attribute list to be returned */
+static const char **dedup_attr_list(const char **attr_list) 
+{
+	size_t new_len = str_list_length(attr_list);
+	/* Remove duplicates */
+	if (new_len > 1) {
+		size_t i;
+		TYPESAFE_QSORT(attr_list, new_len, qsort_string);
+		
+		for (i=1; i < new_len; i++) {
+			const char **val1 = &attr_list[i-1];
+			const char **val2 = &attr_list[i];
+			if (ldb_attr_cmp(*val1, *val2) == 0) {
+				memmove(val1, val2, (new_len - i) * sizeof( *attr_list)); 
+				attr_list[new_len-1] = NULL;
+				new_len--;
+				i--;
+			}
+		}
+	}
+	return attr_list;
+}
+
+/* Return a full attribute list for a given class list (as a ldb_message_element)
+
+   Using the ldb_message_element ensures we do length-limited
+   comparisons, rather than casting the possibly-unterminated string
+
+   The result contains only unique values
+ */
+const char **dsdb_full_attribute_list(TALLOC_CTX *mem_ctx, 
+				      const struct dsdb_schema *schema, 
+				      const struct ldb_message_element *class_list,
+				      enum dsdb_attr_list_query query)
+{
+	const char **attr_list = dsdb_full_attribute_list_internal_el(mem_ctx, schema, class_list, query);
+	return dedup_attr_list(attr_list);
+}
+
+/* Return the schemaIDGUID of a class */
+
+const struct GUID *class_schemaid_guid_by_lDAPDisplayName(const struct dsdb_schema *schema,
+                                                          const char *name)
+{
+        const struct dsdb_class *object_class = dsdb_class_by_lDAPDisplayName(schema, name);
+        if (!object_class)
+                return NULL;
+
+        return &object_class->schemaIDGUID;
+}
+
+const struct GUID *attribute_schemaid_guid_by_lDAPDisplayName(const struct dsdb_schema *schema,
+							      const char *name)
+{
+        const struct dsdb_attribute *attr = dsdb_attribute_by_lDAPDisplayName(schema, name);
+        if (!attr)
+                return NULL;
+
+        return &attr->schemaIDGUID;
+}
+
+/*
+ * Sort a "objectClass" attribute (LDB message element "objectclass_element")
+ * into correct order and validate that all object classes specified actually
+ * exist in the schema.
+ * The output is written in an existing LDB message element
+ * "out_objectclass_element" where the values will be allocated on "mem_ctx".
+ */
+int dsdb_sort_objectClass_attr(struct ldb_context *ldb,
+			       const struct dsdb_schema *schema,
+			       const struct ldb_message_element *objectclass_element,
+			       TALLOC_CTX *mem_ctx,
+			       struct ldb_message_element *out_objectclass_element)
+{
+	unsigned int i, lowest;
+	struct class_list {
+		struct class_list *prev, *next;
+		const struct dsdb_class *objectclass;
+	} *unsorted = NULL, *sorted = NULL, *current = NULL,
+	  *poss_parent = NULL, *new_parent = NULL,
+	  *current_lowest = NULL, *current_lowest_struct = NULL;
+	struct ldb_message_element *el;
+	TALLOC_CTX *tmp_mem_ctx;
+
+	tmp_mem_ctx = talloc_new(mem_ctx);
+	if (tmp_mem_ctx == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	/*
+	 * DESIGN:
+	 *
+	 * We work on 4 different 'bins' (implemented here as linked lists):
+	 *
+	 * * sorted:       the eventual list, in the order we wish to push
+	 *                 into the database.  This is the only ordered list.
+	 *
+	 * * parent_class: The current parent class 'bin' we are
+	 *                 trying to find subclasses for
+	 *
+	 * * subclass:     The subclasses we have found so far
+	 *
+	 * * unsorted:     The remaining objectClasses
+	 *
+	 * The process is a matter of filtering objectClasses up from
+	 * unsorted into sorted.  Order is irrelevant in the later 3 'bins'.
+	 *
+	 * We start with 'top' (found and promoted to parent_class
+	 * initially).  Then we find (in unsorted) all the direct
+	 * subclasses of 'top'.  parent_classes is concatenated onto
+	 * the end of 'sorted', and subclass becomes the list in
+	 * parent_class.
+	 *
+	 * We then repeat, until we find no more subclasses.  Any left
+	 * over classes are added to the end.
+	 *
+	 */
+
+	/*
+	 * Firstly, dump all the "objectClass" values into the unsorted bin,
+	 * except for 'top', which is special
+	 */
+	for (i=0; i < objectclass_element->num_values; i++) {
+		current = talloc(tmp_mem_ctx, struct class_list);
+		if (!current) {
+			talloc_free(tmp_mem_ctx);
+			return ldb_oom(ldb);
+		}
+		current->objectclass = dsdb_class_by_lDAPDisplayName_ldb_val(schema, &objectclass_element->values[i]);
+		if (!current->objectclass) {
+			ldb_asprintf_errstring(ldb, "objectclass %.*s is not a valid objectClass in schema",
+					       (int)objectclass_element->values[i].length, (const char *)objectclass_element->values[i].data);
+			/* This looks weird, but windows apparently returns this for invalid objectClass values */
+			talloc_free(tmp_mem_ctx);
+			return LDB_ERR_NO_SUCH_ATTRIBUTE;
+		} else if (current->objectclass->isDefunct) {
+			ldb_asprintf_errstring(ldb, "objectclass %.*s marked as isDefunct objectClass in schema - not valid for new objects",
+					       (int)objectclass_element->values[i].length, (const char *)objectclass_element->values[i].data);
+			/* This looks weird, but windows apparently returns this for invalid objectClass values */
+			talloc_free(tmp_mem_ctx);
+			return LDB_ERR_NO_SUCH_ATTRIBUTE;
+		}
+
+		/* Don't add top to list, we will do that later */
+		if (ldb_attr_cmp("top", current->objectclass->lDAPDisplayName) != 0) {
+			DLIST_ADD_END(unsorted, current);
+		}
+	}
+
+
+	/* Add top here, to prevent duplicates */
+	current = talloc(tmp_mem_ctx, struct class_list);
+	current->objectclass = dsdb_class_by_lDAPDisplayName(schema, "top");
+	DLIST_ADD_END(sorted, current);
+
+	/* For each object: find parent chain */
+	for (current = unsorted; current != NULL; current = current->next) {
+		for (poss_parent = unsorted; poss_parent; poss_parent = poss_parent->next) {
+			if (ldb_attr_cmp(poss_parent->objectclass->lDAPDisplayName, current->objectclass->subClassOf) == 0) {
+				break;
+			}
+		}
+		/* If we didn't get to the end of the list, we need to add this parent */
+		if (poss_parent || (ldb_attr_cmp("top", current->objectclass->subClassOf) == 0)) {
+			continue;
+		}
+
+		new_parent = talloc(tmp_mem_ctx, struct class_list);
+		new_parent->objectclass = dsdb_class_by_lDAPDisplayName(schema, current->objectclass->subClassOf);
+		DLIST_ADD_END(unsorted, new_parent);
+	}
+
+	/* For each object: order by hierarchy */
+	while (unsorted != NULL) {
+		lowest = UINT_MAX;
+		current_lowest = current_lowest_struct = NULL;
+		for (current = unsorted; current != NULL; current = current->next) {
+			if (current->objectclass->subClass_order <= lowest) {
+				/*
+				 * According to MS-ADTS 3.1.1.1.4 structural
+				 * and 88 object classes are always listed after
+				 * the other class types in a subclass hierarchy
+				 */
+				if (current->objectclass->objectClassCategory > 1) {
+					current_lowest = current;
+				} else {
+					current_lowest_struct = current;
+				}
+				lowest = current->objectclass->subClass_order;
+			}
+		}
+		if (current_lowest == NULL) {
+			current_lowest = current_lowest_struct;
+		}
+
+		if (current_lowest != NULL) {
+			DLIST_REMOVE(unsorted,current_lowest);
+			DLIST_ADD_END(sorted,current_lowest);
+		}
+	}
+
+	/* Now rebuild the sorted "objectClass" message element */
+	el = out_objectclass_element;
+
+	el->flags = objectclass_element->flags;
+	el->name = talloc_strdup(mem_ctx, objectclass_element->name);
+	if (el->name == NULL) {
+		talloc_free(tmp_mem_ctx);
+		return ldb_oom(ldb);
+	}
+	el->num_values = 0;
+	el->values = NULL;
+	for (current = sorted; current != NULL; current = current->next) {
+		el->values = talloc_realloc(mem_ctx, el->values,
+					    struct ldb_val, el->num_values + 1);
+		if (el->values == NULL) {
+			talloc_free(tmp_mem_ctx);
+			return ldb_oom(ldb);
+		}
+		el->values[el->num_values] = data_blob_string_const(current->objectclass->lDAPDisplayName);
+
+		++(el->num_values);
+	}
+
+	talloc_free(tmp_mem_ctx);
+	return LDB_SUCCESS;
+}
diff --git a/source4/dsdb/schema/schema_set.c b/source4/dsdb/schema/schema_set.c
new file mode 100644
index 0000000..398091c
--- /dev/null
+++ b/source4/dsdb/schema/schema_set.c
@@ -0,0 +1,1191 @@
+/*
+   Unix SMB/CIFS implementation.
+   DSDB schema header
+
+   Copyright (C) Stefan Metzmacher <metze@samba.org> 2006-2007
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2006-2008
+   Copyright (C) Matthieu Patou <mat@matws.net> 2011
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+#include "includes.h"
+#include "lib/util/dlinklist.h"
+#include "dsdb/samdb/samdb.h"
+#include <ldb_module.h>
+#include "param/param.h"
+#include "librpc/ndr/libndr.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "lib/util/tsort.h"
+
+#undef strcasecmp
+
+/* change this when we change something in our schema code that
+ * requires a re-index of the database
+ */
+#define SAMDB_INDEXING_VERSION "3"
+
+/*
+  override the name to attribute handler function
+ */
+const struct ldb_schema_attribute *dsdb_attribute_handler_override(struct ldb_context *ldb,
+								   void *private_data,
+								   const char *name)
+{
+	struct dsdb_schema *schema = talloc_get_type_abort(private_data, struct dsdb_schema);
+	const struct dsdb_attribute *a = dsdb_attribute_by_lDAPDisplayName(schema, name);
+	if (a == NULL) {
+		/* this will fall back to ldb internal handling */
+		return NULL;
+	}
+	return a->ldb_schema_attribute;
+}
+
+/*
+ * Set the attribute handlers onto the LDB, and potentially write the
+ * @INDEXLIST, @IDXONE and @ATTRIBUTES records.  The @ATTRIBUTES records
+ * are required so we can operate on a schema-less database (say the
+ * backend during emergency fixes) and during the schema load.
+ */
+int dsdb_schema_set_indices_and_attributes(struct ldb_context *ldb,
+					   struct dsdb_schema *schema,
+					   enum schema_set_enum mode)
+{
+	int ret = LDB_SUCCESS;
+	struct ldb_result *res;
+	struct ldb_result *res_idx;
+	struct dsdb_attribute *attr;
+	struct ldb_message *mod_msg;
+	TALLOC_CTX *mem_ctx;
+	struct ldb_message *msg;
+	struct ldb_message *msg_idx;
+
+	struct loadparm_context *lp_ctx =
+		talloc_get_type(ldb_get_opaque(ldb, "loadparm"),
+				struct loadparm_context);
+	bool guid_indexing = true;
+	bool declare_ordered_integer_in_attributes = true;
+	uint32_t pack_format_override;
+	if (lp_ctx != NULL) {
+		/*
+		 * GUID indexing is wanted by Samba by default.  This allows
+		 * an override in a specific case for downgrades.
+		 */
+		guid_indexing = lpcfg_parm_bool(lp_ctx,
+						NULL,
+						"dsdb",
+						"guid index",
+						true);
+		/*
+		 * If the pack format has been overridden to a previous
+		 * version, then act like ORDERED_INTEGER doesn't exist,
+		 * because it's a new type and we don't want to deal with
+		 * possible issues with databases containing version 1 pack
+		 * format and ordered types.
+		 *
+		 * This approach means that the @ATTRIBUTES will be
+		 * incorrect for integers.  Many other @ATTRIBUTES
+		 * values are gross simplifications, but the presence
+		 * of the ORDERED_INTEGER keyword prevents the old
+		 * Samba from starting and then forcing a reindex.
+		 *
+		 * It is too difficult to override the actual index
+		 * formatter, but this doesn't matter in practice.
+		 */
+		pack_format_override =
+			(intptr_t)ldb_get_opaque(ldb, "pack_format_override");
+		if (pack_format_override == LDB_PACKING_FORMAT ||
+		    pack_format_override == LDB_PACKING_FORMAT_NODN) {
+			declare_ordered_integer_in_attributes = false;
+		}
+	}
+	/* setup our own attribute name to schema handler */
+	ldb_schema_attribute_set_override_handler(ldb, dsdb_attribute_handler_override, schema);
+	ldb_schema_set_override_indexlist(ldb, true);
+	if (guid_indexing) {
+		ldb_schema_set_override_GUID_index(ldb, "objectGUID", "GUID");
+	}
+
+	if (mode == SCHEMA_MEMORY_ONLY) {
+		return ret;
+	}
+
+	mem_ctx = talloc_new(ldb);
+	if (!mem_ctx) {
+		return ldb_oom(ldb);
+	}
+
+	msg = ldb_msg_new(mem_ctx);
+	if (!msg) {
+		ldb_oom(ldb);
+		goto op_error;
+	}
+	msg_idx = ldb_msg_new(mem_ctx);
+	if (!msg_idx) {
+		ldb_oom(ldb);
+		goto op_error;
+	}
+	msg->dn = ldb_dn_new(msg, ldb, "@ATTRIBUTES");
+	if (!msg->dn) {
+		ldb_oom(ldb);
+		goto op_error;
+	}
+	msg_idx->dn = ldb_dn_new(msg_idx, ldb, "@INDEXLIST");
+	if (!msg_idx->dn) {
+		ldb_oom(ldb);
+		goto op_error;
+	}
+
+	ret = ldb_msg_add_string(msg_idx, "@IDXONE", "1");
+	if (ret != LDB_SUCCESS) {
+		goto op_error;
+	}
+
+	if (guid_indexing) {
+		ret = ldb_msg_add_string(msg_idx, "@IDXGUID", "objectGUID");
+		if (ret != LDB_SUCCESS) {
+			goto op_error;
+		}
+
+		ret = ldb_msg_add_string(msg_idx, "@IDX_DN_GUID", "GUID");
+		if (ret != LDB_SUCCESS) {
+			goto op_error;
+		}
+	}
+
+	ret = ldb_msg_add_string(msg_idx, "@SAMDB_INDEXING_VERSION", SAMDB_INDEXING_VERSION);
+	if (ret != LDB_SUCCESS) {
+		goto op_error;
+	}
+
+	ret = ldb_msg_add_string(msg_idx, SAMBA_FEATURES_SUPPORTED_FLAG, "1");
+	if (ret != LDB_SUCCESS) {
+		goto op_error;
+	}
+
+	for (attr = schema->attributes; attr; attr = attr->next) {
+		const char *syntax = attr->syntax->ldb_syntax;
+
+		if (!syntax) {
+			syntax = attr->syntax->ldap_oid;
+		}
+
+		/*
+		 * Write out a rough approximation of the schema
+		 * as an @ATTRIBUTES value, for bootstrapping.
+		 * Only write ORDERED_INTEGER if we're using GUID indexes,
+		 */
+		if (strcmp(syntax, LDB_SYNTAX_INTEGER) == 0) {
+			ret = ldb_msg_add_string(msg, attr->lDAPDisplayName, "INTEGER");
+		} else if (strcmp(syntax, LDB_SYNTAX_ORDERED_INTEGER) == 0) {
+			if (declare_ordered_integer_in_attributes &&
+			    guid_indexing) {
+				/*
+				 * The normal production case
+				 */
+				ret = ldb_msg_add_string(msg,
+							 attr->lDAPDisplayName,
+							 "ORDERED_INTEGER");
+			} else {
+				/*
+				 * For this mode, we are going back to
+				 * before GUID indexing so we write it out
+				 * as INTEGER
+				 *
+				 * Down in LDB, the special handler
+				 * (index_format_fn) that made
+				 * ORDERED_INTEGER and INTEGER
+				 * different has been disabled.
+				 */
+				ret = ldb_msg_add_string(msg,
+							 attr->lDAPDisplayName,
+							 "INTEGER");
+			}
+		} else if (strcmp(syntax, LDB_SYNTAX_DIRECTORY_STRING) == 0) {
+			ret = ldb_msg_add_string(msg, attr->lDAPDisplayName,
+						 "CASE_INSENSITIVE");
+		}
+		if (ret != LDB_SUCCESS) {
+			break;
+		}
+
+		/*
+		 * Is the attribute indexed? By treating confidential attributes
+		 * as unindexed, we force searches to go through the unindexed
+		 * search path, avoiding observable timing differences.
+		 */
+		if (attr->searchFlags & SEARCH_FLAG_ATTINDEX &&
+		    !(attr->searchFlags & SEARCH_FLAG_CONFIDENTIAL))
+		{
+			/*
+			 * When preparing to downgrade Samba, we need to write
+			 * out an LDB without the new key word ORDERED_INTEGER.
+			 */
+			if (strcmp(syntax, LDB_SYNTAX_ORDERED_INTEGER) == 0
+			    && !declare_ordered_integer_in_attributes) {
+				/*
+				 * Ugly, but do nothing, the best
+				 * thing is to omit the reference
+				 * entirely, the next transaction will
+				 * spot this and rewrite everything.
+				 *
+				 * This way nothing will look at the
+				 * index for this attribute until
+				 * Samba starts and this is all
+				 * rewritten.
+				 */
+			} else {
+				ret = ldb_msg_add_string(msg_idx, "@IDXATTR", attr->lDAPDisplayName);
+				if (ret != LDB_SUCCESS) {
+					break;
+				}
+			}
+		}
+	}
+
+	if (ret != LDB_SUCCESS) {
+		talloc_free(mem_ctx);
+		return ret;
+	}
+
+	/*
+	 * Try to avoid churning the attributes too much,
+	 * we only want to do this if they have changed
+	 */
+	ret = ldb_search(ldb, mem_ctx, &res, msg->dn, LDB_SCOPE_BASE, NULL,
+			 NULL);
+	if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+		if (mode == SCHEMA_COMPARE) {
+			/* We are probably not in a transaction */
+			goto wrong_mode;
+		}
+		ret = ldb_add(ldb, msg);
+	} else if (ret != LDB_SUCCESS) {
+	} else if (res->count != 1) {
+		if (mode == SCHEMA_COMPARE) {
+			/* We are probably not in a transaction */
+			goto wrong_mode;
+		}
+		ret = ldb_add(ldb, msg);
+	} else {
+		/* Annoyingly added to our search results */
+		ldb_msg_remove_attr(res->msgs[0], "distinguishedName");
+
+		ret = ldb_msg_difference(ldb, mem_ctx,
+		                         res->msgs[0], msg, &mod_msg);
+		if (ret != LDB_SUCCESS) {
+			goto op_error;
+		}
+		if (mod_msg->num_elements > 0) {
+			/*
+			 * Do the replace with the difference, as we
+			 * are under the read lock and we wish to do a
+			 * delete of any removed/renamed attributes
+			 */
+			if (mode == SCHEMA_COMPARE) {
+				/* We are probably not in a transaction */
+				goto wrong_mode;
+			}
+			ret = dsdb_modify(ldb, mod_msg, 0);
+		}
+		talloc_free(mod_msg);
+	}
+
+	if (ret == LDB_ERR_OPERATIONS_ERROR || ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS || ret == LDB_ERR_INVALID_DN_SYNTAX) {
+		/* We might be on a read-only DB or LDAP */
+		ret = LDB_SUCCESS;
+	}
+	if (ret != LDB_SUCCESS) {
+		DBG_ERR("Failed to set schema into @ATTRIBUTES: %s\n",
+			ldb_errstring(ldb));
+		talloc_free(mem_ctx);
+		return ret;
+	}
+
+	/* Now write out the indexes, as found in the schema (if they have changed) */
+
+	ret = ldb_search(ldb, mem_ctx, &res_idx, msg_idx->dn, LDB_SCOPE_BASE,
+			 NULL, NULL);
+	if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+		if (mode == SCHEMA_COMPARE) {
+			/* We are probably not in a transaction */
+			goto wrong_mode;
+		}
+		ret = ldb_add(ldb, msg_idx);
+	} else if (ret != LDB_SUCCESS) {
+	} else if (res_idx->count != 1) {
+		if (mode == SCHEMA_COMPARE) {
+			/* We are probably not in a transaction */
+			goto wrong_mode;
+		}
+		ret = ldb_add(ldb, msg_idx);
+	} else {
+		/* Annoyingly added to our search results */
+		ldb_msg_remove_attr(res_idx->msgs[0], "distinguishedName");
+
+		ret = ldb_msg_difference(ldb, mem_ctx,
+		                         res_idx->msgs[0], msg_idx, &mod_msg);
+		if (ret != LDB_SUCCESS) {
+			goto op_error;
+		}
+
+		/*
+		 * We don't want to re-index just because we didn't
+		 * see this flag
+		 *
+		 * DO NOT backport this logic earlier than 4.7, it
+		 * isn't needed and would be dangerous before 4.6,
+		 * where we add logic to samba_dsdb to manage
+		 * @SAMBA_FEATURES_SUPPORTED and need to know if the
+		 * DB has been re-opened by an earlier version.
+		 *
+		 */
+
+		if (mod_msg->num_elements == 1
+		    && ldb_attr_cmp(mod_msg->elements[0].name,
+				    SAMBA_FEATURES_SUPPORTED_FLAG) == 0) {
+			/*
+			 * Ignore only adding
+			 * @SAMBA_FEATURES_SUPPORTED
+			 */
+		} else if (mod_msg->num_elements > 0) {
+
+			/*
+			 * Do the replace with the difference, as we
+			 * are under the read lock and we wish to do a
+			 * delete of any removed/renamed attributes
+			 */
+			if (mode == SCHEMA_COMPARE) {
+				/* We are probably not in a transaction */
+				goto wrong_mode;
+			}
+			ret = dsdb_modify(ldb, mod_msg, 0);
+		}
+		talloc_free(mod_msg);
+	}
+	if (ret == LDB_ERR_OPERATIONS_ERROR || ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS || ret == LDB_ERR_INVALID_DN_SYNTAX) {
+		/* We might be on a read-only DB */
+		ret = LDB_SUCCESS;
+	}
+
+	if (ret != LDB_SUCCESS) {
+		DBG_ERR("Failed to set schema into @INDEXLIST: %s\n",
+			ldb_errstring(ldb));
+	}
+
+	talloc_free(mem_ctx);
+	return ret;
+
+op_error:
+	talloc_free(mem_ctx);
+	return ldb_operr(ldb);
+
+wrong_mode:
+	talloc_free(mem_ctx);
+	return LDB_ERR_BUSY;
+}
+
+
+/*
+  create extra attribute shortcuts
+ */
+static void dsdb_setup_attribute_shortcuts(struct ldb_context *ldb, struct dsdb_schema *schema)
+{
+	struct dsdb_attribute *attribute;
+	const struct dsdb_class *top_class = NULL;
+	TALLOC_CTX *frame = talloc_stackframe();
+	const char **top_allowed_attrs = NULL;
+
+	top_class = dsdb_class_by_lDAPDisplayName(schema, "top");
+	if (top_class != NULL) {
+		top_allowed_attrs = dsdb_attribute_list(frame,
+							top_class,
+							DSDB_SCHEMA_ALL);
+	}
+
+	/* setup fast access to one_way_link and DN format */
+	for (attribute=schema->attributes; attribute; attribute=attribute->next) {
+		attribute->dn_format = dsdb_dn_oid_to_format(attribute->syntax->ldap_oid);
+
+		attribute->bl_maybe_invisible = false;
+
+		if (attribute->dn_format == DSDB_INVALID_DN) {
+			attribute->one_way_link = false;
+			continue;
+		}
+
+		/* these are not considered to be one way links for
+		   the purpose of DN link fixups */
+		if (ldb_attr_cmp("distinguishedName", attribute->lDAPDisplayName) == 0 ||
+		    ldb_attr_cmp("objectCategory", attribute->lDAPDisplayName) == 0) {
+			attribute->one_way_link = false;
+			continue;
+		}
+
+		if (attribute->linkID == 0) {
+			attribute->one_way_link = true;
+			continue;
+		}
+
+		if (attribute->linkID & 1) {
+			const struct dsdb_attribute *fw_attr = NULL;
+			bool in_top = false;
+
+			if (top_allowed_attrs != NULL) {
+				in_top = str_list_check(top_allowed_attrs,
+						attribute->lDAPDisplayName);
+			}
+
+			if (in_top) {
+				continue;
+			}
+
+			attribute->bl_maybe_invisible = true;
+
+			fw_attr = dsdb_attribute_by_linkID(schema,
+							attribute->linkID - 1);
+			if (fw_attr != NULL) {
+				struct dsdb_attribute *_fw_attr =
+					discard_const_p(struct dsdb_attribute,
+							fw_attr);
+				_fw_attr->bl_maybe_invisible = true;
+			}
+
+			continue;
+		}
+
+		/* handle attributes with a linkID but no backlink */
+		if ((attribute->linkID & 1) == 0 &&
+		    dsdb_attribute_by_linkID(schema, attribute->linkID + 1) == NULL) {
+			attribute->one_way_link = true;
+			continue;
+		}
+		attribute->one_way_link = false;
+	}
+
+	TALLOC_FREE(frame);
+}
+
+static int uint32_cmp(uint32_t c1, uint32_t c2)
+{
+	if (c1 == c2) return 0;
+	return c1 > c2 ? 1 : -1;
+}
+
+static int dsdb_compare_class_by_lDAPDisplayName(struct dsdb_class **c1, struct dsdb_class **c2)
+{
+	return strcasecmp((*c1)->lDAPDisplayName, (*c2)->lDAPDisplayName);
+}
+static int dsdb_compare_class_by_governsID_id(struct dsdb_class **c1, struct dsdb_class **c2)
+{
+	return uint32_cmp((*c1)->governsID_id, (*c2)->governsID_id);
+}
+static int dsdb_compare_class_by_governsID_oid(struct dsdb_class **c1, struct dsdb_class **c2)
+{
+	return strcasecmp((*c1)->governsID_oid, (*c2)->governsID_oid);
+}
+static int dsdb_compare_class_by_cn(struct dsdb_class **c1, struct dsdb_class **c2)
+{
+	return strcasecmp((*c1)->cn, (*c2)->cn);
+}
+
+static int dsdb_compare_attribute_by_lDAPDisplayName(struct dsdb_attribute **a1, struct dsdb_attribute **a2)
+{
+	return strcasecmp((*a1)->lDAPDisplayName, (*a2)->lDAPDisplayName);
+}
+static int dsdb_compare_attribute_by_attributeID_id(struct dsdb_attribute **a1, struct dsdb_attribute **a2)
+{
+	return uint32_cmp((*a1)->attributeID_id, (*a2)->attributeID_id);
+}
+static int dsdb_compare_attribute_by_msDS_IntId(struct dsdb_attribute **a1, struct dsdb_attribute **a2)
+{
+	return uint32_cmp((*a1)->msDS_IntId, (*a2)->msDS_IntId);
+}
+static int dsdb_compare_attribute_by_attributeID_oid(struct dsdb_attribute **a1, struct dsdb_attribute **a2)
+{
+	return strcasecmp((*a1)->attributeID_oid, (*a2)->attributeID_oid);
+}
+static int dsdb_compare_attribute_by_linkID(struct dsdb_attribute **a1, struct dsdb_attribute **a2)
+{
+	return uint32_cmp((*a1)->linkID, (*a2)->linkID);
+}
+static int dsdb_compare_attribute_by_cn(struct dsdb_attribute **a1, struct dsdb_attribute **a2)
+{
+	return strcasecmp((*a1)->cn, (*a2)->cn);
+}
+
+/**
+ * Clean up Classes and Attributes accessor arrays
+ */
+static void dsdb_sorted_accessors_free(struct dsdb_schema *schema)
+{
+	/* free classes accessors */
+	TALLOC_FREE(schema->classes_by_lDAPDisplayName);
+	TALLOC_FREE(schema->classes_by_governsID_id);
+	TALLOC_FREE(schema->classes_by_governsID_oid);
+	TALLOC_FREE(schema->classes_by_cn);
+	/* free attribute accessors */
+	TALLOC_FREE(schema->attributes_by_lDAPDisplayName);
+	TALLOC_FREE(schema->attributes_by_attributeID_id);
+	TALLOC_FREE(schema->attributes_by_msDS_IntId);
+	TALLOC_FREE(schema->attributes_by_attributeID_oid);
+	TALLOC_FREE(schema->attributes_by_linkID);
+	TALLOC_FREE(schema->attributes_by_cn);
+}
+
+/*
+  create the sorted accessor arrays for the schema
+ */
+int dsdb_setup_sorted_accessors(struct ldb_context *ldb,
+				struct dsdb_schema *schema)
+{
+	struct dsdb_class *cur;
+	struct dsdb_attribute *a;
+	unsigned int i;
+	unsigned int num_int_id;
+	int ret;
+
+	for (i=0; i < schema->classes_to_remove_size; i++) {
+		DLIST_REMOVE(schema->classes, schema->classes_to_remove[i]);
+		TALLOC_FREE(schema->classes_to_remove[i]);
+	}
+	for (i=0; i < schema->attributes_to_remove_size; i++) {
+		DLIST_REMOVE(schema->attributes, schema->attributes_to_remove[i]);
+		TALLOC_FREE(schema->attributes_to_remove[i]);
+	}
+
+	TALLOC_FREE(schema->classes_to_remove);
+	schema->classes_to_remove_size = 0;
+	TALLOC_FREE(schema->attributes_to_remove);
+	schema->attributes_to_remove_size = 0;
+
+	/* free all caches */
+	dsdb_sorted_accessors_free(schema);
+
+	/* count the classes */
+	for (i=0, cur=schema->classes; cur; i++, cur=cur->next) /* noop */ ;
+	schema->num_classes = i;
+
+	/* setup classes_by_* */
+	schema->classes_by_lDAPDisplayName = talloc_array(schema, struct dsdb_class *, i);
+	schema->classes_by_governsID_id    = talloc_array(schema, struct dsdb_class *, i);
+	schema->classes_by_governsID_oid   = talloc_array(schema, struct dsdb_class *, i);
+	schema->classes_by_cn              = talloc_array(schema, struct dsdb_class *, i);
+	if (schema->classes_by_lDAPDisplayName == NULL ||
+	    schema->classes_by_governsID_id == NULL ||
+	    schema->classes_by_governsID_oid == NULL ||
+	    schema->classes_by_cn == NULL) {
+		goto failed;
+	}
+
+	for (i=0, cur=schema->classes; cur; i++, cur=cur->next) {
+		schema->classes_by_lDAPDisplayName[i] = cur;
+		schema->classes_by_governsID_id[i]    = cur;
+		schema->classes_by_governsID_oid[i]   = cur;
+		schema->classes_by_cn[i]              = cur;
+	}
+
+	/* sort the arrays */
+	TYPESAFE_QSORT(schema->classes_by_lDAPDisplayName, schema->num_classes, dsdb_compare_class_by_lDAPDisplayName);
+	TYPESAFE_QSORT(schema->classes_by_governsID_id, schema->num_classes, dsdb_compare_class_by_governsID_id);
+	TYPESAFE_QSORT(schema->classes_by_governsID_oid, schema->num_classes, dsdb_compare_class_by_governsID_oid);
+	TYPESAFE_QSORT(schema->classes_by_cn, schema->num_classes, dsdb_compare_class_by_cn);
+
+	/* now build the attribute accessor arrays */
+
+	/* count the attributes
+	 * and attributes with msDS-IntId set */
+	num_int_id = 0;
+	for (i=0, a=schema->attributes; a; i++, a=a->next) {
+		if (a->msDS_IntId != 0) {
+			num_int_id++;
+		}
+	}
+	schema->num_attributes = i;
+	schema->num_int_id_attr = num_int_id;
+
+	/* setup attributes_by_* */
+	schema->attributes_by_lDAPDisplayName = talloc_array(schema, struct dsdb_attribute *, i);
+	schema->attributes_by_attributeID_id    = talloc_array(schema, struct dsdb_attribute *, i);
+	schema->attributes_by_msDS_IntId        = talloc_array(schema,
+	                                                       struct dsdb_attribute *, num_int_id);
+	schema->attributes_by_attributeID_oid   = talloc_array(schema, struct dsdb_attribute *, i);
+	schema->attributes_by_linkID              = talloc_array(schema, struct dsdb_attribute *, i);
+	schema->attributes_by_cn                  = talloc_array(schema, struct dsdb_attribute *, i);
+	if (schema->attributes_by_lDAPDisplayName == NULL ||
+	    schema->attributes_by_attributeID_id == NULL ||
+	    schema->attributes_by_msDS_IntId == NULL ||
+	    schema->attributes_by_attributeID_oid == NULL ||
+	    schema->attributes_by_linkID == NULL ||
+	    schema->attributes_by_cn == NULL) {
+		goto failed;
+	}
+
+	num_int_id = 0;
+	for (i=0, a=schema->attributes; a; i++, a=a->next) {
+		schema->attributes_by_lDAPDisplayName[i] = a;
+		schema->attributes_by_attributeID_id[i]    = a;
+		schema->attributes_by_attributeID_oid[i]   = a;
+		schema->attributes_by_linkID[i]          = a;
+		schema->attributes_by_cn[i]              = a;
+		/* append attr-by-msDS-IntId values */
+		if (a->msDS_IntId != 0) {
+			schema->attributes_by_msDS_IntId[num_int_id] = a;
+			num_int_id++;
+		}
+	}
+	SMB_ASSERT(num_int_id == schema->num_int_id_attr);
+
+	/* sort the arrays */
+	TYPESAFE_QSORT(schema->attributes_by_lDAPDisplayName, schema->num_attributes, dsdb_compare_attribute_by_lDAPDisplayName);
+	TYPESAFE_QSORT(schema->attributes_by_attributeID_id, schema->num_attributes, dsdb_compare_attribute_by_attributeID_id);
+	TYPESAFE_QSORT(schema->attributes_by_msDS_IntId, schema->num_int_id_attr, dsdb_compare_attribute_by_msDS_IntId);
+	TYPESAFE_QSORT(schema->attributes_by_attributeID_oid, schema->num_attributes, dsdb_compare_attribute_by_attributeID_oid);
+	TYPESAFE_QSORT(schema->attributes_by_linkID, schema->num_attributes, dsdb_compare_attribute_by_linkID);
+	TYPESAFE_QSORT(schema->attributes_by_cn, schema->num_attributes, dsdb_compare_attribute_by_cn);
+
+	dsdb_setup_attribute_shortcuts(ldb, schema);
+
+	ret = schema_fill_constructed(schema);
+	if (ret != LDB_SUCCESS) {
+		dsdb_sorted_accessors_free(schema);
+		return ret;
+	}
+
+	return LDB_SUCCESS;
+
+failed:
+	dsdb_sorted_accessors_free(schema);
+	return ldb_oom(ldb);
+}
+
+/**
+ * Attach the schema to an opaque pointer on the ldb,
+ * so ldb modules can find it
+ */
+int dsdb_set_schema_refresh_function(struct ldb_context *ldb,
+				     dsdb_schema_refresh_fn refresh_fn,
+				     struct ldb_module *module)
+{
+	int ret = ldb_set_opaque(ldb, "dsdb_schema_refresh_fn", refresh_fn);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = ldb_set_opaque(ldb, "dsdb_schema_refresh_fn_private_data", module);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	return LDB_SUCCESS;
+}
+
+/**
+ * Attach the schema to an opaque pointer on the ldb,
+ * so ldb modules can find it
+ */
+int dsdb_set_schema(struct ldb_context *ldb,
+		    struct dsdb_schema *schema,
+		    enum schema_set_enum write_indices_and_attributes)
+{
+	struct dsdb_schema *old_schema;
+	int ret;
+
+	ret = dsdb_setup_sorted_accessors(ldb, schema);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	old_schema = ldb_get_opaque(ldb, "dsdb_schema");
+
+	ret = ldb_set_opaque(ldb, "dsdb_use_global_schema", NULL);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = ldb_set_opaque(ldb, "dsdb_schema", schema);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	talloc_steal(ldb, schema);
+
+	/* Set the new attributes based on the new schema */
+	ret = dsdb_schema_set_indices_and_attributes(ldb, schema,
+						     write_indices_and_attributes);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/*
+	 * Remove the reference to the schema we just overwrote - if there was
+	 * none, NULL is harmless here.
+	 */
+	if (old_schema != schema) {
+		talloc_unlink(ldb, old_schema);
+	}
+
+	return ret;
+}
+
+/**
+ * Global variable to hold one copy of the schema, used to avoid memory bloat
+ */
+static struct dsdb_schema *global_schema;
+
+/**
+ * Make this ldb use a specified schema, already fully calculated and belonging to another ldb
+ *
+ * The write_indices_and_attributes controls writing of the @ records
+ * because we cannot write to a database that does not yet exist on
+ * disk.
+ */
+int dsdb_reference_schema(struct ldb_context *ldb, struct dsdb_schema *schema,
+			  enum schema_set_enum write_indices_and_attributes)
+{
+	int ret;
+	void *ptr;
+	void *schema_parent = NULL;
+	bool is_already_parent;
+	struct dsdb_schema *old_schema;
+	old_schema = ldb_get_opaque(ldb, "dsdb_schema");
+	ret = ldb_set_opaque(ldb, "dsdb_schema", schema);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/* Remove the reference to the schema we just overwrote - if there was
+	 * none, NULL is harmless here */
+	talloc_unlink(ldb, old_schema);
+
+	/* Reference schema on ldb if it wasn't done already */
+	schema_parent = talloc_parent(schema);
+	is_already_parent = (schema_parent == ldb);
+	if (!is_already_parent) {
+		ptr = talloc_reference(ldb, schema);
+		if (ptr == NULL) {
+			return ldb_oom(ldb);
+		}
+	}
+
+	/* Make this ldb use local schema preferably */
+	ret = ldb_set_opaque(ldb, "dsdb_use_global_schema", NULL);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = ldb_set_opaque(ldb, "dsdb_refresh_fn", NULL);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = ldb_set_opaque(ldb, "dsdb_refresh_fn_private_data", NULL);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = dsdb_schema_set_indices_and_attributes(ldb, schema, write_indices_and_attributes);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	return LDB_SUCCESS;
+}
+
+/**
+ * Make this ldb use the 'global' schema, setup to avoid having multiple copies in this process
+ */
+int dsdb_set_global_schema(struct ldb_context *ldb)
+{
+	int ret;
+	void *use_global_schema = (void *)1;
+	void *ptr;
+	struct dsdb_schema *old_schema = ldb_get_opaque(ldb, "dsdb_schema");
+
+	ret = ldb_set_opaque(ldb, "dsdb_use_global_schema", use_global_schema);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (global_schema == NULL) {
+		return LDB_SUCCESS;
+	}
+
+	/* Remove any pointer to a previous schema */
+	ret = ldb_set_opaque(ldb, "dsdb_schema", NULL);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/* Remove the reference to the schema we just overwrote - if there was
+	 * none, NULL is harmless here */
+	talloc_unlink(ldb, old_schema);
+
+	/* Set the new attributes based on the new schema */
+	/* Don't write indices and attributes, it's expensive */
+	ret = dsdb_schema_set_indices_and_attributes(ldb, global_schema, SCHEMA_MEMORY_ONLY);
+	if (ret == LDB_SUCCESS) {
+		void *schema_parent = talloc_parent(global_schema);
+		bool is_already_parent =
+			(schema_parent == ldb);
+		if (!is_already_parent) {
+			ptr = talloc_reference(ldb, global_schema);
+			if (ptr == NULL) {
+				return ldb_oom(ldb);
+			}
+			ret = ldb_set_opaque(ldb, "dsdb_schema", global_schema);
+		}
+	}
+
+	return ret;
+}
+
+bool dsdb_uses_global_schema(struct ldb_context *ldb)
+{
+	return (ldb_get_opaque(ldb, "dsdb_use_global_schema") != NULL);
+}
+
+/**
+ * Find the schema object for this ldb
+ *
+ * If reference_ctx is not NULL, then talloc_reference onto that context
+ */
+
+struct dsdb_schema *dsdb_get_schema(struct ldb_context *ldb, TALLOC_CTX *reference_ctx)
+{
+	const void *p;
+	struct dsdb_schema *schema_out = NULL;
+	struct dsdb_schema *schema_in = NULL;
+	dsdb_schema_refresh_fn refresh_fn;
+	struct ldb_module *loaded_from_module;
+	bool use_global_schema;
+	TALLOC_CTX *tmp_ctx = talloc_new(reference_ctx);
+	if (tmp_ctx == NULL) {
+		return NULL;
+	}
+
+	/* see if we have a cached copy */
+	use_global_schema = dsdb_uses_global_schema(ldb);
+	if (use_global_schema) {
+		schema_in = global_schema;
+	} else {
+		p = ldb_get_opaque(ldb, "dsdb_schema");
+		if (p != NULL) {
+			schema_in = talloc_get_type_abort(p, struct dsdb_schema);
+		}
+	}
+
+	refresh_fn = ldb_get_opaque(ldb, "dsdb_schema_refresh_fn");
+	if (refresh_fn) {
+		loaded_from_module = ldb_get_opaque(ldb, "dsdb_schema_refresh_fn_private_data");
+
+		SMB_ASSERT(loaded_from_module && (ldb_module_get_ctx(loaded_from_module) == ldb));
+	}
+
+	if (refresh_fn) {
+		/* We need to guard against recursive calls here */
+		if (ldb_set_opaque(ldb, "dsdb_schema_refresh_fn", NULL) != LDB_SUCCESS) {
+			ldb_debug_set(ldb, LDB_DEBUG_FATAL,
+				      "dsdb_get_schema: clearing dsdb_schema_refresh_fn failed");
+		} else {
+			schema_out = refresh_fn(loaded_from_module,
+						ldb_get_event_context(ldb),
+						schema_in,
+						use_global_schema);
+		}
+		if (ldb_set_opaque(ldb, "dsdb_schema_refresh_fn", refresh_fn) != LDB_SUCCESS) {
+			ldb_debug_set(ldb, LDB_DEBUG_FATAL,
+				      "dsdb_get_schema: re-setting dsdb_schema_refresh_fn failed");
+		}
+		if (!schema_out) {
+			schema_out = schema_in;
+			ldb_debug_set(ldb, LDB_DEBUG_FATAL,
+				      "dsdb_get_schema: refresh_fn() failed");
+		}
+	} else {
+		schema_out = schema_in;
+	}
+
+	/* This removes the extra reference above */
+	talloc_free(tmp_ctx);
+
+	/*
+	 * If ref ctx exists and doesn't already reference schema, then add
+	 * a reference.  Otherwise, just return schema.
+	 *
+	 * We must use talloc_parent(), which is not quite free (there
+	 * is no direct parent pointer in talloc, only one on the
+	 * first child within a linked list), but is much cheaper than
+	 * talloc_is_parent() which walks the whole tree up to the top
+	 * looking for a potential grand-grand(etc)-parent.
+	 */
+	if (reference_ctx == NULL) {
+		return schema_out;
+	} else {
+		void *schema_parent = talloc_parent(schema_out);
+		bool is_already_parent =
+			schema_parent == reference_ctx;
+		if (is_already_parent) {
+			return schema_out;
+		} else {
+			return talloc_reference(reference_ctx,
+						schema_out);
+		}
+	}
+}
+
+/**
+ * Make the schema found on this ldb the 'global' schema
+ */
+
+void dsdb_make_schema_global(struct ldb_context *ldb, struct dsdb_schema *schema)
+{
+	if (!schema) {
+		return;
+	}
+
+	if (global_schema) {
+		talloc_unlink(NULL, global_schema);
+	}
+
+	/* we want the schema to be around permanently */
+	talloc_reparent(ldb, NULL, schema);
+	global_schema = schema;
+
+	/* This calls the talloc_reference() of the global schema back onto the ldb */
+	dsdb_set_global_schema(ldb);
+}
+
+/**
+ * When loading the schema from LDIF files, we don't get the extended DNs.
+ *
+ * We need to set these up, so that from the moment we start the provision,
+ * the defaultObjectCategory links are set up correctly.
+ */
+int dsdb_schema_fill_extended_dn(struct ldb_context *ldb, struct dsdb_schema *schema)
+{
+	struct dsdb_class *cur;
+	const struct dsdb_class *target_class;
+	for (cur = schema->classes; cur; cur = cur->next) {
+		const struct ldb_val *rdn;
+		struct ldb_val guid;
+		NTSTATUS status;
+		int ret;
+		struct ldb_dn *dn = ldb_dn_new(NULL, ldb, cur->defaultObjectCategory);
+
+		if (!dn) {
+			return LDB_ERR_INVALID_DN_SYNTAX;
+		}
+		rdn = ldb_dn_get_component_val(dn, 0);
+		if (!rdn) {
+			talloc_free(dn);
+			return LDB_ERR_INVALID_DN_SYNTAX;
+		}
+		target_class = dsdb_class_by_cn_ldb_val(schema, rdn);
+		if (!target_class) {
+			talloc_free(dn);
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+
+		status = GUID_to_ndr_blob(&target_class->objectGUID, dn, &guid);
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(dn);
+			return ldb_operr(ldb);
+		}
+		ret = ldb_dn_set_extended_component(dn, "GUID", &guid);
+		if (ret != LDB_SUCCESS) {
+			ret = ldb_error(ldb, ret, "Could not set GUID");
+			talloc_free(dn);
+			return ret;
+		}
+
+		cur->defaultObjectCategory = ldb_dn_get_extended_linearized(cur, dn, 1);
+		talloc_free(dn);
+	}
+	return LDB_SUCCESS;
+}
+
+/**
+ * @brief Add a new element to the schema and checks if it's a duplicate
+ *
+ * This function will add a new element to the schema and checks for existing
+ * duplicates.
+ *
+ * @param[in]  ldb                A pointer to an LDB context
+ *
+ * @param[in]  schema             A pointer to the dsdb_schema where the element
+ *                                will be added.
+ *
+ * @param[in]  msg                The ldb_message object representing the element
+ *                                to add.
+ *
+ * @param[in]  checkdups          A boolean to indicate if checks for duplicates
+ *                                should be done.
+ *
+ * @return                        A WERROR code
+ */
+WERROR dsdb_schema_set_el_from_ldb_msg_dups(struct ldb_context *ldb, struct dsdb_schema *schema,
+					    struct ldb_message *msg, bool checkdups)
+{
+	const char* tstring;
+	time_t ts;
+	tstring = ldb_msg_find_attr_as_string(msg, "whenChanged", NULL);
+	/* keep a trace of the ts of the most recently changed object */
+	if (tstring) {
+		ts = ldb_string_to_time(tstring);
+		if (ts > schema->ts_last_change) {
+			schema->ts_last_change = ts;
+		}
+	}
+	if (samdb_find_attribute(ldb, msg,
+				 "objectclass", "attributeSchema") != NULL) {
+
+		return dsdb_set_attribute_from_ldb_dups(ldb, schema, msg, checkdups);
+	} else if (samdb_find_attribute(ldb, msg,
+				 "objectclass", "classSchema") != NULL) {
+		return dsdb_set_class_from_ldb_dups(schema, msg, checkdups);
+	}
+	/* Don't fail on things not classes or attributes */
+	return WERR_OK;
+}
+
+WERROR dsdb_schema_set_el_from_ldb_msg(struct ldb_context *ldb,
+				       struct dsdb_schema *schema,
+				       struct ldb_message *msg)
+{
+	return dsdb_schema_set_el_from_ldb_msg_dups(ldb, schema, msg, false);
+}
+
+/**
+ * Rather than read a schema from the LDB itself, read it from an ldif
+ * file.  This allows schema to be loaded and used while adding the
+ * schema itself to the directory.
+ *
+ * Should be called with a transaction (or failing that, have no concurrent
+ * access while called).
+ */
+
+WERROR dsdb_set_schema_from_ldif(struct ldb_context *ldb,
+				 const char *pf, const char *df,
+				 const char *dn)
+{
+	struct ldb_ldif *ldif;
+	struct ldb_message *msg;
+	TALLOC_CTX *mem_ctx;
+	WERROR status;
+	int ret;
+	struct dsdb_schema *schema;
+	const struct ldb_val *prefix_val;
+	const struct ldb_val *info_val;
+	struct ldb_val info_val_default;
+
+
+	mem_ctx = talloc_new(ldb);
+	if (!mem_ctx) {
+		goto nomem;
+	}
+
+	schema = dsdb_new_schema(mem_ctx);
+	if (!schema) {
+		goto nomem;
+	}
+	schema->fsmo.we_are_master = true;
+	schema->fsmo.update_allowed = true;
+	schema->fsmo.master_dn = ldb_dn_new(schema, ldb, "@PROVISION_SCHEMA_MASTER");
+	if (!schema->fsmo.master_dn) {
+		goto nomem;
+	}
+
+	/*
+	 * load the prefixMap attribute from pf
+	 */
+	ldif = ldb_ldif_read_string(ldb, &pf);
+	if (!ldif) {
+		status = WERR_INVALID_PARAMETER;
+		goto failed;
+	}
+	talloc_steal(mem_ctx, ldif);
+
+	ret = ldb_msg_normalize(ldb, mem_ctx, ldif->msg, &msg);
+	if (ret != LDB_SUCCESS) {
+		goto nomem;
+	}
+	talloc_free(ldif);
+
+	prefix_val = ldb_msg_find_ldb_val(msg, "prefixMap");
+	if (!prefix_val) {
+		status = WERR_INVALID_PARAMETER;
+		goto failed;
+	}
+
+	info_val = ldb_msg_find_ldb_val(msg, "schemaInfo");
+	if (!info_val) {
+		status = dsdb_schema_info_blob_new(mem_ctx, &info_val_default);
+		W_ERROR_NOT_OK_GOTO(status, failed);
+		info_val = &info_val_default;
+	}
+
+	status = dsdb_load_oid_mappings_ldb(schema, prefix_val, info_val);
+	if (!W_ERROR_IS_OK(status)) {
+		DEBUG(0,("ERROR: dsdb_load_oid_mappings_ldb() failed with %s\n", win_errstr(status)));
+		goto failed;
+	}
+
+	schema->ts_last_change = 0;
+	/* load the attribute and class definitions out of df */
+	while ((ldif = ldb_ldif_read_string(ldb, &df))) {
+		talloc_steal(mem_ctx, ldif);
+
+		ret = ldb_msg_normalize(ldb, ldif, ldif->msg, &msg);
+		if (ret != LDB_SUCCESS) {
+			goto nomem;
+		}
+
+		status = dsdb_schema_set_el_from_ldb_msg(ldb, schema, msg);
+		talloc_free(ldif);
+		if (!W_ERROR_IS_OK(status)) {
+			goto failed;
+		}
+	}
+
+	/*
+	 * TODO We may need a transaction here, otherwise this causes races.
+	 *
+	 * To do so may require an ldb_in_transaction function. In the
+	 * meantime, assume that this is always called with a transaction or in
+	 * isolation.
+	 */
+	ret = dsdb_set_schema(ldb, schema, SCHEMA_WRITE);
+	if (ret != LDB_SUCCESS) {
+		status = WERR_FOOBAR;
+		DEBUG(0,("ERROR: dsdb_set_schema() failed with %s / %s\n",
+			 ldb_strerror(ret), ldb_errstring(ldb)));
+		goto failed;
+	}
+
+	ret = dsdb_schema_fill_extended_dn(ldb, schema);
+	if (ret != LDB_SUCCESS) {
+		status = WERR_FOOBAR;
+		goto failed;
+	}
+
+	goto done;
+
+nomem:
+	status = WERR_NOT_ENOUGH_MEMORY;
+failed:
+done:
+	talloc_free(mem_ctx);
+	return status;
+}
diff --git a/source4/dsdb/schema/schema_syntax.c b/source4/dsdb/schema/schema_syntax.c
new file mode 100644
index 0000000..3bcf80d
--- /dev/null
+++ b/source4/dsdb/schema/schema_syntax.c
@@ -0,0 +1,2811 @@
+/*
+   Unix SMB/CIFS Implementation.
+   DSDB schema syntaxes
+
+   Copyright (C) Stefan Metzmacher <metze@samba.org> 2006
+   Copyright (C) Simo Sorce 2005
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+*/
+#include "includes.h"
+#include "dsdb/samdb/samdb.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include <ldb.h>
+#include <ldb_errors.h>
+#include "system/time.h"
+#include "../lib/util/charset/charset.h"
+#include "librpc/ndr/libndr.h"
+#include "../lib/util/asn1.h"
+
+#undef strcasecmp
+
+/**
+ * Initialize dsdb_syntax_ctx with default values
+ * for common cases.
+ */
+void dsdb_syntax_ctx_init(struct dsdb_syntax_ctx *ctx,
+			  struct ldb_context *ldb,
+			  const struct dsdb_schema *schema)
+{
+	ctx->ldb 	= ldb;
+	ctx->schema 	= schema;
+
+	/*
+	 * 'true' will keep current behavior,
+	 * i.e. attributeID_id will be returned by default
+	 */
+	ctx->is_schema_nc = true;
+
+	ctx->pfm_remote = NULL;
+}
+
+
+/**
+ * Returns ATTID for DRS attribute.
+ *
+ * ATTID depends on whether we are replicating
+ * Schema NC or msDs-IntId is set for schemaAttribute
+ * for the attribute.
+ */
+uint32_t dsdb_attribute_get_attid(const struct dsdb_attribute *attr,
+				  bool for_schema_nc)
+{
+	if (!for_schema_nc && attr->msDS_IntId) {
+		return attr->msDS_IntId;
+	}
+
+	return attr->attributeID_id;
+}
+
+/**
+ * Map an ATTID from remote DC to a local ATTID
+ * using remote prefixMap
+ */
+static bool dsdb_syntax_attid_from_remote_attid(const struct dsdb_syntax_ctx *ctx,
+						TALLOC_CTX *mem_ctx,
+						uint32_t id_remote,
+						uint32_t *id_local)
+{
+	WERROR werr;
+	const char *oid;
+
+	/*
+	 * map remote ATTID to local directly in case
+	 * of no remote prefixMap (during provision for instance)
+	 */
+	if (!ctx->pfm_remote) {
+		*id_local = id_remote;
+		return true;
+	}
+
+	werr = dsdb_schema_pfm_oid_from_attid(ctx->pfm_remote, id_remote, mem_ctx, &oid);
+	if (!W_ERROR_IS_OK(werr)) {
+		DEBUG(0,("ATTID->OID failed (%s) for: 0x%08X\n", win_errstr(werr), id_remote));
+		return false;
+	}
+
+	werr = dsdb_schema_pfm_attid_from_oid(ctx->schema->prefixmap, oid, id_local);
+	if (!W_ERROR_IS_OK(werr)) {
+		DEBUG(0,("OID->ATTID failed (%s) for: %s\n", win_errstr(werr), oid));
+		return false;
+	}
+
+	return true;
+}
+
+static WERROR dsdb_syntax_FOOBAR_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
+						const struct dsdb_attribute *attr,
+						const struct drsuapi_DsReplicaAttribute *in,
+						TALLOC_CTX *mem_ctx,
+						struct ldb_message_element *out)
+{
+	unsigned int i;
+
+	out->flags	= 0;
+	out->name	= talloc_strdup(mem_ctx, attr->lDAPDisplayName);
+	W_ERROR_HAVE_NO_MEMORY(out->name);
+
+	out->num_values	= in->value_ctr.num_values;
+	out->values	= talloc_array(mem_ctx, struct ldb_val, out->num_values);
+	W_ERROR_HAVE_NO_MEMORY(out->values);
+
+	for (i=0; i < out->num_values; i++) {
+		char *str;
+
+		if (in->value_ctr.values[i].blob == NULL) {
+			return WERR_FOOBAR;
+		}
+
+		str = talloc_asprintf(out->values, "%s: not implemented",
+				      attr->syntax->name);
+		W_ERROR_HAVE_NO_MEMORY(str);
+
+		out->values[i] = data_blob_string_const(str);
+	}
+
+	return WERR_OK;
+}
+
+static WERROR dsdb_syntax_FOOBAR_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
+						const struct dsdb_attribute *attr,
+						const struct ldb_message_element *in,
+						TALLOC_CTX *mem_ctx,
+						struct drsuapi_DsReplicaAttribute *out)
+{
+	return WERR_FOOBAR;
+}
+
+static WERROR dsdb_syntax_FOOBAR_validate_ldb(const struct dsdb_syntax_ctx *ctx,
+					      const struct dsdb_attribute *attr,
+					      const struct ldb_message_element *in)
+{
+	return WERR_FOOBAR;
+}
+
+static WERROR dsdb_syntax_BOOL_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
+					      const struct dsdb_attribute *attr,
+					      const struct drsuapi_DsReplicaAttribute *in,
+					      TALLOC_CTX *mem_ctx,
+					      struct ldb_message_element *out)
+{
+	unsigned int i;
+
+	out->flags	= 0;
+	out->name	= talloc_strdup(mem_ctx, attr->lDAPDisplayName);
+	W_ERROR_HAVE_NO_MEMORY(out->name);
+
+	out->num_values	= in->value_ctr.num_values;
+	out->values	= talloc_array(mem_ctx, struct ldb_val, out->num_values);
+	W_ERROR_HAVE_NO_MEMORY(out->values);
+
+	for (i=0; i < out->num_values; i++) {
+		uint32_t v;
+		char *str;
+
+		if (in->value_ctr.values[i].blob == NULL) {
+			return WERR_FOOBAR;
+		}
+
+		if (in->value_ctr.values[i].blob->length != 4) {
+			return WERR_FOOBAR;
+		}
+
+		v = IVAL(in->value_ctr.values[i].blob->data, 0);
+
+		if (v != 0) {
+			str = talloc_strdup(out->values, "TRUE");
+			W_ERROR_HAVE_NO_MEMORY(str);
+		} else {
+			str = talloc_strdup(out->values, "FALSE");
+			W_ERROR_HAVE_NO_MEMORY(str);
+		}
+
+		out->values[i] = data_blob_string_const(str);
+	}
+
+	return WERR_OK;
+}
+
+static WERROR dsdb_syntax_BOOL_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
+					      const struct dsdb_attribute *attr,
+					      const struct ldb_message_element *in,
+					      TALLOC_CTX *mem_ctx,
+					      struct drsuapi_DsReplicaAttribute *out)
+{
+	unsigned int i;
+	DATA_BLOB *blobs;
+
+	if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
+		return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
+	}
+
+	out->attid			= dsdb_attribute_get_attid(attr,
+								   ctx->is_schema_nc);
+	out->value_ctr.num_values	= in->num_values;
+	out->value_ctr.values		= talloc_array(mem_ctx,
+						       struct drsuapi_DsAttributeValue,
+						       in->num_values);
+	W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
+
+	blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
+	W_ERROR_HAVE_NO_MEMORY(blobs);
+
+	for (i=0; i < in->num_values; i++) {
+		out->value_ctr.values[i].blob	= &blobs[i];
+
+		blobs[i] = data_blob_talloc(blobs, NULL, 4);
+		W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
+
+		if (in->values[i].length >= 4 &&
+		    strncmp("TRUE", (const char *)in->values[i].data, in->values[i].length) == 0) {
+			SIVAL(blobs[i].data, 0, 0x00000001);
+		} else if (in->values[i].length >= 5 &&
+			   strncmp("FALSE", (const char *)in->values[i].data, in->values[i].length) == 0) {
+			SIVAL(blobs[i].data, 0, 0x00000000);
+		} else {
+			return WERR_FOOBAR;
+		}
+	}
+
+	return WERR_OK;
+}
+
+static WERROR dsdb_syntax_BOOL_validate_ldb(const struct dsdb_syntax_ctx *ctx,
+					    const struct dsdb_attribute *attr,
+					    const struct ldb_message_element *in)
+{
+	unsigned int i;
+
+	if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
+		return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
+	}
+
+	for (i=0; i < in->num_values; i++) {
+		if (in->values[i].length == 0) {
+			return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+		}
+
+		if (in->values[i].length >= 4 &&
+		    strncmp("TRUE",
+			    (const char *)in->values[i].data,
+			    in->values[i].length) == 0) {
+			continue;
+		}
+		if (in->values[i].length >= 5 &&
+		    strncmp("FALSE",
+			    (const char *)in->values[i].data,
+			    in->values[i].length) == 0) {
+			continue;
+		}
+		return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+	}
+
+	return WERR_OK;
+}
+
+static WERROR dsdb_syntax_INT32_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
+					       const struct dsdb_attribute *attr,
+					       const struct drsuapi_DsReplicaAttribute *in,
+					       TALLOC_CTX *mem_ctx,
+					       struct ldb_message_element *out)
+{
+	unsigned int i;
+
+	out->flags	= 0;
+	out->name	= talloc_strdup(mem_ctx, attr->lDAPDisplayName);
+	W_ERROR_HAVE_NO_MEMORY(out->name);
+
+	out->num_values	= in->value_ctr.num_values;
+	out->values	= talloc_array(mem_ctx, struct ldb_val, out->num_values);
+	W_ERROR_HAVE_NO_MEMORY(out->values);
+
+	for (i=0; i < out->num_values; i++) {
+		int32_t v;
+		char *str;
+
+		if (in->value_ctr.values[i].blob == NULL) {
+			return WERR_FOOBAR;
+		}
+
+		if (in->value_ctr.values[i].blob->length != 4) {
+			return WERR_FOOBAR;
+		}
+
+		v = IVALS(in->value_ctr.values[i].blob->data, 0);
+
+		str = talloc_asprintf(out->values, "%d", v);
+		W_ERROR_HAVE_NO_MEMORY(str);
+
+		out->values[i] = data_blob_string_const(str);
+	}
+
+	return WERR_OK;
+}
+
+static WERROR dsdb_syntax_INT32_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
+					       const struct dsdb_attribute *attr,
+					       const struct ldb_message_element *in,
+					       TALLOC_CTX *mem_ctx,
+					       struct drsuapi_DsReplicaAttribute *out)
+{
+	unsigned int i;
+	DATA_BLOB *blobs;
+
+	if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
+		return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
+	}
+
+	out->attid			= dsdb_attribute_get_attid(attr,
+								   ctx->is_schema_nc);
+	out->value_ctr.num_values	= in->num_values;
+	out->value_ctr.values		= talloc_array(mem_ctx,
+						       struct drsuapi_DsAttributeValue,
+						       in->num_values);
+	W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
+
+	blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
+	W_ERROR_HAVE_NO_MEMORY(blobs);
+
+	for (i=0; i < in->num_values; i++) {
+		int32_t v;
+
+		out->value_ctr.values[i].blob	= &blobs[i];
+
+		blobs[i] = data_blob_talloc(blobs, NULL, 4);
+		W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
+
+		/* We've to use "strtoll" here to have the intended overflows.
+		 * Otherwise we may get "LONG_MAX" and the conversion is wrong. */
+		v = (int32_t) strtoll((char *)in->values[i].data, NULL, 0);
+
+		SIVALS(blobs[i].data, 0, v);
+	}
+
+	return WERR_OK;
+}
+
+static WERROR dsdb_syntax_INT32_validate_ldb(const struct dsdb_syntax_ctx *ctx,
+					     const struct dsdb_attribute *attr,
+					     const struct ldb_message_element *in)
+{
+	unsigned int i;
+
+	if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
+		return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
+	}
+
+	for (i=0; i < in->num_values; i++) {
+		long v;
+		char buf[sizeof("-2147483648")];
+		char *end = NULL;
+
+		ZERO_STRUCT(buf);
+		if (in->values[i].length >= sizeof(buf)) {
+			return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+		}
+
+		memcpy(buf, in->values[i].data, in->values[i].length);
+		errno = 0;
+		v = strtol(buf, &end, 10);
+		if (errno != 0) {
+			return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+		}
+		if (end && end[0] != '\0') {
+			return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+		}
+
+		if (attr->rangeLower) {
+			if ((int32_t)v < (int32_t)*attr->rangeLower) {
+				return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+			}
+		}
+
+		if (attr->rangeUpper) {
+			if ((int32_t)v > (int32_t)*attr->rangeUpper) {
+				return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+			}
+		}
+	}
+
+	return WERR_OK;
+}
+
+static WERROR dsdb_syntax_INT64_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
+					       const struct dsdb_attribute *attr,
+					       const struct drsuapi_DsReplicaAttribute *in,
+					       TALLOC_CTX *mem_ctx,
+					       struct ldb_message_element *out)
+{
+	unsigned int i;
+
+	out->flags	= 0;
+	out->name	= talloc_strdup(mem_ctx, attr->lDAPDisplayName);
+	W_ERROR_HAVE_NO_MEMORY(out->name);
+
+	out->num_values	= in->value_ctr.num_values;
+	out->values	= talloc_array(mem_ctx, struct ldb_val, out->num_values);
+	W_ERROR_HAVE_NO_MEMORY(out->values);
+
+	for (i=0; i < out->num_values; i++) {
+		int64_t v;
+		char *str;
+
+		if (in->value_ctr.values[i].blob == NULL) {
+			return WERR_FOOBAR;
+		}
+
+		if (in->value_ctr.values[i].blob->length != 8) {
+			return WERR_FOOBAR;
+		}
+
+		v = BVALS(in->value_ctr.values[i].blob->data, 0);
+
+		str = talloc_asprintf(out->values, "%lld", (long long int)v);
+		W_ERROR_HAVE_NO_MEMORY(str);
+
+		out->values[i] = data_blob_string_const(str);
+	}
+
+	return WERR_OK;
+}
+
+static WERROR dsdb_syntax_INT64_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
+					       const struct dsdb_attribute *attr,
+					       const struct ldb_message_element *in,
+					       TALLOC_CTX *mem_ctx,
+					       struct drsuapi_DsReplicaAttribute *out)
+{
+	unsigned int i;
+	DATA_BLOB *blobs;
+
+	if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
+		return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
+	}
+
+	out->attid			= dsdb_attribute_get_attid(attr,
+								   ctx->is_schema_nc);
+	out->value_ctr.num_values	= in->num_values;
+	out->value_ctr.values		= talloc_array(mem_ctx,
+						       struct drsuapi_DsAttributeValue,
+						       in->num_values);
+	W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
+
+	blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
+	W_ERROR_HAVE_NO_MEMORY(blobs);
+
+	for (i=0; i < in->num_values; i++) {
+		int64_t v;
+
+		out->value_ctr.values[i].blob	= &blobs[i];
+
+		blobs[i] = data_blob_talloc(blobs, NULL, 8);
+		W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
+
+		v = strtoll((const char *)in->values[i].data, NULL, 10);
+
+		SBVALS(blobs[i].data, 0, v);
+	}
+
+	return WERR_OK;
+}
+
+static WERROR dsdb_syntax_INT64_validate_ldb(const struct dsdb_syntax_ctx *ctx,
+					     const struct dsdb_attribute *attr,
+					     const struct ldb_message_element *in)
+{
+	unsigned int i;
+
+	if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
+		return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
+	}
+
+	for (i=0; i < in->num_values; i++) {
+		long long v;
+		char buf[sizeof("-9223372036854775808")];
+		char *end = NULL;
+
+		ZERO_STRUCT(buf);
+		if (in->values[i].length >= sizeof(buf)) {
+			return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+		}
+		memcpy(buf, in->values[i].data, in->values[i].length);
+
+		errno = 0;
+		v = strtoll(buf, &end, 10);
+		if (errno != 0) {
+			return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+		}
+		if (end && end[0] != '\0') {
+			return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+		}
+
+		if (attr->rangeLower) {
+			if ((int64_t)v < (int64_t)*attr->rangeLower) {
+				return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+			}
+		}
+
+		if (attr->rangeUpper) {
+			if ((int64_t)v > (int64_t)*attr->rangeUpper) {
+				return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+			}
+		}
+	}
+
+	return WERR_OK;
+}
+static WERROR dsdb_syntax_NTTIME_UTC_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
+						    const struct dsdb_attribute *attr,
+						    const struct drsuapi_DsReplicaAttribute *in,
+						    TALLOC_CTX *mem_ctx,
+						    struct ldb_message_element *out)
+{
+	unsigned int i;
+
+	out->flags	= 0;
+	out->name	= talloc_strdup(mem_ctx, attr->lDAPDisplayName);
+	W_ERROR_HAVE_NO_MEMORY(out->name);
+
+	out->num_values	= in->value_ctr.num_values;
+	out->values	= talloc_array(mem_ctx, struct ldb_val, out->num_values);
+	W_ERROR_HAVE_NO_MEMORY(out->values);
+
+	for (i=0; i < out->num_values; i++) {
+		NTTIME v;
+		time_t t;
+		char *str;
+
+		if (in->value_ctr.values[i].blob == NULL) {
+			return WERR_FOOBAR;
+		}
+
+		if (in->value_ctr.values[i].blob->length != 8) {
+			return WERR_FOOBAR;
+		}
+
+		v = BVAL(in->value_ctr.values[i].blob->data, 0);
+		if (v == 0) {
+			/* special case for 1601 zero timestamp */
+			out->values[i] = data_blob_string_const("16010101000000.0Z");
+			continue;
+		}
+		v *= 10000000;
+		t = nt_time_to_unix(v);
+
+		/*
+		 * NOTE: On a w2k3 server you can set a GeneralizedTime string
+		 *       via LDAP, but you get back an UTCTime string,
+		 *       but via DRSUAPI you get back the NTTIME_1sec value
+		 *       that represents the GeneralizedTime value!
+		 *
+		 *       So if we store the UTCTime string in our ldb
+		 *       we'll loose information!
+		 */
+		str = ldb_timestring_utc(out->values, t);
+		W_ERROR_HAVE_NO_MEMORY(str);
+		out->values[i] = data_blob_string_const(str);
+	}
+
+	return WERR_OK;
+}
+
+static WERROR dsdb_syntax_NTTIME_UTC_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
+						    const struct dsdb_attribute *attr,
+						    const struct ldb_message_element *in,
+						    TALLOC_CTX *mem_ctx,
+						    struct drsuapi_DsReplicaAttribute *out)
+{
+	unsigned int i;
+	DATA_BLOB *blobs;
+
+	if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
+		return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
+	}
+
+	out->attid			= dsdb_attribute_get_attid(attr,
+								   ctx->is_schema_nc);
+	out->value_ctr.num_values	= in->num_values;
+	out->value_ctr.values		= talloc_array(mem_ctx,
+						       struct drsuapi_DsAttributeValue,
+						       in->num_values);
+	W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
+
+	blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
+	W_ERROR_HAVE_NO_MEMORY(blobs);
+
+	for (i=0; i < in->num_values; i++) {
+		NTTIME v;
+		time_t t;
+
+		out->value_ctr.values[i].blob	= &blobs[i];
+
+		blobs[i] = data_blob_talloc(blobs, NULL, 8);
+		W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
+
+		if (ldb_val_string_cmp(&in->values[i], "16010101000000.0Z") == 0) {
+			SBVALS(blobs[i].data, 0, 0);
+			continue;
+		}
+
+		t = ldb_string_utc_to_time((const char *)in->values[i].data);
+		unix_to_nt_time(&v, t);
+		v /= 10000000;
+
+		SBVAL(blobs[i].data, 0, v);
+	}
+
+	return WERR_OK;
+}
+
+static WERROR dsdb_syntax_NTTIME_UTC_validate_ldb(const struct dsdb_syntax_ctx *ctx,
+						  const struct dsdb_attribute *attr,
+						  const struct ldb_message_element *in)
+{
+	unsigned int i;
+
+	if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
+		return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
+	}
+
+	for (i=0; i < in->num_values; i++) {
+		time_t t;
+		char buf[sizeof("090826075717Z")];
+
+		ZERO_STRUCT(buf);
+		if (in->values[i].length >= sizeof(buf)) {
+			return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+		}
+		memcpy(buf, in->values[i].data, in->values[i].length);
+
+		t = ldb_string_utc_to_time(buf);
+		if (t == 0) {
+			return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+		}
+
+		if (attr->rangeLower) {
+			if ((int32_t)t < (int32_t)*attr->rangeLower) {
+				return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+			}
+		}
+
+		if (attr->rangeUpper) {
+			if ((int32_t)t > (int32_t)*attr->rangeUpper) {
+				return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+			}
+		}
+
+		/*
+		 * TODO: verify the comment in the
+		 * dsdb_syntax_NTTIME_UTC_drsuapi_to_ldb() function!
+		 */
+	}
+
+	return WERR_OK;
+}
+
+static WERROR dsdb_syntax_NTTIME_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
+						const struct dsdb_attribute *attr,
+						const struct drsuapi_DsReplicaAttribute *in,
+						TALLOC_CTX *mem_ctx,
+						struct ldb_message_element *out)
+{
+	unsigned int i;
+
+	out->flags	= 0;
+	out->name	= talloc_strdup(mem_ctx, attr->lDAPDisplayName);
+	W_ERROR_HAVE_NO_MEMORY(out->name);
+
+	out->num_values	= in->value_ctr.num_values;
+	out->values	= talloc_array(mem_ctx, struct ldb_val, out->num_values);
+	W_ERROR_HAVE_NO_MEMORY(out->values);
+
+	for (i=0; i < out->num_values; i++) {
+		NTTIME v;
+		time_t t;
+		char *str;
+
+		if (in->value_ctr.values[i].blob == NULL) {
+			return WERR_FOOBAR;
+		}
+
+		if (in->value_ctr.values[i].blob->length != 8) {
+			return WERR_FOOBAR;
+		}
+
+		v = BVAL(in->value_ctr.values[i].blob->data, 0);
+		if (v == 0) {
+			/* special case for 1601 zero timestamp */
+			out->values[i] = data_blob_string_const("16010101000000.0Z");
+			continue;
+		}
+		v *= 10000000;
+		t = nt_time_to_unix(v);
+
+		str = ldb_timestring(out->values, t);
+		W_ERROR_HAVE_NO_MEMORY(str);
+
+		out->values[i] = data_blob_string_const(str);
+	}
+
+	return WERR_OK;
+}
+
+static WERROR dsdb_syntax_NTTIME_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
+						const struct dsdb_attribute *attr,
+						const struct ldb_message_element *in,
+						TALLOC_CTX *mem_ctx,
+						struct drsuapi_DsReplicaAttribute *out)
+{
+	unsigned int i;
+	DATA_BLOB *blobs;
+
+	if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
+		return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
+	}
+
+	out->attid			= dsdb_attribute_get_attid(attr,
+								   ctx->is_schema_nc);
+	out->value_ctr.num_values	= in->num_values;
+	out->value_ctr.values		= talloc_array(mem_ctx,
+						       struct drsuapi_DsAttributeValue,
+						       in->num_values);
+	W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
+
+	blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
+	W_ERROR_HAVE_NO_MEMORY(blobs);
+
+	for (i=0; i < in->num_values; i++) {
+		NTTIME v;
+		time_t t;
+		int ret;
+
+		out->value_ctr.values[i].blob	= &blobs[i];
+
+		blobs[i] = data_blob_talloc(blobs, NULL, 8);
+		W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
+
+		if (ldb_val_string_cmp(&in->values[i], "16010101000000.0Z") == 0) {
+			SBVALS(blobs[i].data, 0, 0);
+			continue;
+		}
+
+		ret = ldb_val_to_time(&in->values[i], &t);
+		if (ret != LDB_SUCCESS) {
+			return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+		}
+		unix_to_nt_time(&v, t);
+		v /= 10000000;
+
+		SBVAL(blobs[i].data, 0, v);
+	}
+
+	return WERR_OK;
+}
+
+static WERROR dsdb_syntax_NTTIME_validate_ldb(const struct dsdb_syntax_ctx *ctx,
+					      const struct dsdb_attribute *attr,
+					      const struct ldb_message_element *in)
+{
+	unsigned int i;
+
+	if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
+		return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
+	}
+
+	for (i=0; i < in->num_values; i++) {
+		time_t t;
+		int ret;
+
+		ret = ldb_val_to_time(&in->values[i], &t);
+		if (ret != LDB_SUCCESS) {
+			return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+		}
+
+		if (attr->rangeLower) {
+			if ((int32_t)t < (int32_t)*attr->rangeLower) {
+				return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+			}
+		}
+
+		if (attr->rangeUpper) {
+			if ((int32_t)t > (int32_t)*attr->rangeUpper) {
+				return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+			}
+		}
+	}
+
+	return WERR_OK;
+}
+
+static WERROR dsdb_syntax_DATA_BLOB_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
+						   const struct dsdb_attribute *attr,
+						   const struct drsuapi_DsReplicaAttribute *in,
+						   TALLOC_CTX *mem_ctx,
+						   struct ldb_message_element *out)
+{
+	unsigned int i;
+
+	out->flags	= 0;
+	out->name	= talloc_strdup(mem_ctx, attr->lDAPDisplayName);
+	W_ERROR_HAVE_NO_MEMORY(out->name);
+
+	out->num_values	= in->value_ctr.num_values;
+	out->values	= talloc_array(mem_ctx, struct ldb_val, out->num_values);
+	W_ERROR_HAVE_NO_MEMORY(out->values);
+
+	for (i=0; i < out->num_values; i++) {
+		if (in->value_ctr.values[i].blob == NULL) {
+			return WERR_FOOBAR;
+		}
+
+		if (in->value_ctr.values[i].blob->length == 0) {
+			return WERR_FOOBAR;
+		}
+
+		out->values[i] = data_blob_dup_talloc(out->values,
+						      *in->value_ctr.values[i].blob);
+		W_ERROR_HAVE_NO_MEMORY(out->values[i].data);
+	}
+
+	return WERR_OK;
+}
+
+static WERROR dsdb_syntax_DATA_BLOB_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
+						   const struct dsdb_attribute *attr,
+						   const struct ldb_message_element *in,
+						   TALLOC_CTX *mem_ctx,
+						   struct drsuapi_DsReplicaAttribute *out)
+{
+	unsigned int i;
+	DATA_BLOB *blobs;
+
+	if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
+		return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
+	}
+
+	out->attid			= dsdb_attribute_get_attid(attr,
+								   ctx->is_schema_nc);
+	out->value_ctr.num_values	= in->num_values;
+	out->value_ctr.values		= talloc_array(mem_ctx,
+						       struct drsuapi_DsAttributeValue,
+						       in->num_values);
+	W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
+
+	blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
+	W_ERROR_HAVE_NO_MEMORY(blobs);
+
+	for (i=0; i < in->num_values; i++) {
+		out->value_ctr.values[i].blob	= &blobs[i];
+
+		blobs[i] = data_blob_dup_talloc(blobs, in->values[i]);
+		W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
+	}
+
+	return WERR_OK;
+}
+
+static WERROR dsdb_syntax_DATA_BLOB_validate_one_val(const struct dsdb_syntax_ctx *ctx,
+						     const struct dsdb_attribute *attr,
+						     const struct ldb_val *val)
+{
+	if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
+		return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
+	}
+
+	if (attr->rangeLower) {
+		if ((uint32_t)val->length < (uint32_t)*attr->rangeLower) {
+			return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+		}
+	}
+
+	if (attr->rangeUpper) {
+		if ((uint32_t)val->length > (uint32_t)*attr->rangeUpper) {
+			return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+		}
+	}
+
+	return WERR_OK;
+}
+
+static WERROR dsdb_syntax_DATA_BLOB_validate_ldb(const struct dsdb_syntax_ctx *ctx,
+						 const struct dsdb_attribute *attr,
+						 const struct ldb_message_element *in)
+{
+	unsigned int i;
+	WERROR status;
+
+	if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
+		return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
+	}
+
+	for (i=0; i < in->num_values; i++) {
+		if (in->values[i].length == 0) {
+			return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+		}
+
+		status = dsdb_syntax_DATA_BLOB_validate_one_val(ctx,
+								attr,
+								&in->values[i]);
+		if (!W_ERROR_IS_OK(status)) {
+			return status;
+		}
+	}
+
+	return WERR_OK;
+}
+
+static WERROR _dsdb_syntax_auto_OID_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
+						   const struct dsdb_attribute *attr,
+						   const struct drsuapi_DsReplicaAttribute *in,
+						   TALLOC_CTX *mem_ctx,
+						   struct ldb_message_element *out)
+{
+	unsigned int i;
+
+	out->flags	= 0;
+	out->name	= talloc_strdup(mem_ctx, attr->lDAPDisplayName);
+	W_ERROR_HAVE_NO_MEMORY(out->name);
+
+	out->num_values	= in->value_ctr.num_values;
+	out->values	= talloc_array(mem_ctx, struct ldb_val, out->num_values);
+	W_ERROR_HAVE_NO_MEMORY(out->values);
+
+	for (i=0; i < out->num_values; i++) {
+		uint32_t v;
+		const struct dsdb_class *c;
+		const struct dsdb_attribute *a;
+		const char *str = NULL;
+
+		if (in->value_ctr.values[i].blob == NULL) {
+			return WERR_FOOBAR;
+		}
+
+		if (in->value_ctr.values[i].blob->length != 4) {
+			return WERR_FOOBAR;
+		}
+
+		v = IVAL(in->value_ctr.values[i].blob->data, 0);
+
+		if ((c = dsdb_class_by_governsID_id(ctx->schema, v))) {
+			str = talloc_strdup(out->values, c->lDAPDisplayName);
+		} else if ((a = dsdb_attribute_by_attributeID_id(ctx->schema, v))) {
+			str = talloc_strdup(out->values, a->lDAPDisplayName);
+		} else {
+			WERROR werr;
+			SMB_ASSERT(ctx->pfm_remote);
+			werr = dsdb_schema_pfm_oid_from_attid(ctx->pfm_remote, v,
+							      out->values, &str);
+			W_ERROR_NOT_OK_RETURN(werr);
+		}
+		W_ERROR_HAVE_NO_MEMORY(str);
+
+		/* the values need to be reversed */
+		out->values[out->num_values - (i + 1)] = data_blob_string_const(str);
+	}
+
+	return WERR_OK;
+}
+
+static WERROR _dsdb_syntax_OID_obj_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
+						  const struct dsdb_attribute *attr,
+						  const struct drsuapi_DsReplicaAttribute *in,
+						  TALLOC_CTX *mem_ctx,
+						  struct ldb_message_element *out)
+{
+	unsigned int i;
+
+	out->flags	= 0;
+	out->name	= talloc_strdup(mem_ctx, attr->lDAPDisplayName);
+	W_ERROR_HAVE_NO_MEMORY(out->name);
+
+	out->num_values	= in->value_ctr.num_values;
+	out->values	= talloc_array(mem_ctx, struct ldb_val, out->num_values);
+	W_ERROR_HAVE_NO_MEMORY(out->values);
+
+	for (i=0; i < out->num_values; i++) {
+		uint32_t v, vo;
+		const struct dsdb_class *c;
+		const char *str;
+
+		if (in->value_ctr.values[i].blob == NULL) {
+			return WERR_FOOBAR;
+		}
+
+		if (in->value_ctr.values[i].blob->length != 4) {
+			return WERR_FOOBAR;
+		}
+
+		v = IVAL(in->value_ctr.values[i].blob->data, 0);
+		vo = v;
+
+		/* convert remote ATTID to local ATTID */
+		if (!dsdb_syntax_attid_from_remote_attid(ctx, mem_ctx, v, &v)) {
+			DEBUG(1,(__location__ ": Failed to map remote ATTID to local ATTID!\n"));
+			return WERR_FOOBAR;
+		}
+
+		c = dsdb_class_by_governsID_id(ctx->schema, v);
+		if (!c) {
+			int dbg_level = ctx->schema->resolving_in_progress ? 10 : 0;
+			DEBUG(dbg_level,(__location__ ": %s unknown local governsID 0x%08X remote 0x%08X%s\n",
+			      attr->lDAPDisplayName, v, vo,
+			      ctx->schema->resolving_in_progress ? "resolving in progress" : ""));
+			return WERR_DS_OBJ_CLASS_NOT_DEFINED;
+		}
+
+		str = talloc_strdup(out->values, c->lDAPDisplayName);
+		W_ERROR_HAVE_NO_MEMORY(str);
+
+		/* the values need to be reversed */
+		out->values[out->num_values - (i + 1)] = data_blob_string_const(str);
+	}
+
+	return WERR_OK;
+}
+
+static WERROR _dsdb_syntax_OID_attr_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
+						   const struct dsdb_attribute *attr,
+						   const struct drsuapi_DsReplicaAttribute *in,
+						   TALLOC_CTX *mem_ctx,
+						   struct ldb_message_element *out)
+{
+	unsigned int i;
+
+	out->flags	= 0;
+	out->name	= talloc_strdup(mem_ctx, attr->lDAPDisplayName);
+	W_ERROR_HAVE_NO_MEMORY(out->name);
+
+	out->num_values	= in->value_ctr.num_values;
+	out->values	= talloc_array(mem_ctx, struct ldb_val, out->num_values);
+	W_ERROR_HAVE_NO_MEMORY(out->values);
+
+	for (i=0; i < out->num_values; i++) {
+		uint32_t v, vo;
+		const struct dsdb_attribute *a;
+		const char *str;
+
+		if (in->value_ctr.values[i].blob == NULL) {
+			DEBUG(0, ("Attribute has no value\n"));
+			return WERR_FOOBAR;
+		}
+
+		if (in->value_ctr.values[i].blob->length != 4) {
+			DEBUG(0, ("Attribute has a value with 0 length\n"));
+			return WERR_FOOBAR;
+		}
+
+		v = IVAL(in->value_ctr.values[i].blob->data, 0);
+		vo = v;
+
+		/* convert remote ATTID to local ATTID */
+		if (!dsdb_syntax_attid_from_remote_attid(ctx, mem_ctx, v, &v)) {
+			DEBUG(1,(__location__ ": Failed to map remote ATTID to local ATTID!\n"));
+			return WERR_FOOBAR;
+		}
+
+		a = dsdb_attribute_by_attributeID_id(ctx->schema, v);
+		if (!a) {
+			int dbg_level = ctx->schema->resolving_in_progress ? 10 : 0;
+			DEBUG(dbg_level,(__location__ ": %s unknown local attributeID_id 0x%08X remote 0x%08X%s\n",
+			      attr->lDAPDisplayName, v, vo,
+			      ctx->schema->resolving_in_progress ? "resolving in progress" : ""));
+			return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
+		}
+
+		str = talloc_strdup(out->values, a->lDAPDisplayName);
+		W_ERROR_HAVE_NO_MEMORY(str);
+
+		/* the values need to be reversed */
+		out->values[out->num_values - (i + 1)] = data_blob_string_const(str);
+	}
+
+	return WERR_OK;
+}
+
+static WERROR _dsdb_syntax_OID_oid_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
+						  const struct dsdb_attribute *attr,
+						  const struct drsuapi_DsReplicaAttribute *in,
+						  TALLOC_CTX *mem_ctx,
+						  struct ldb_message_element *out)
+{
+	unsigned int i;
+	const struct dsdb_schema_prefixmap *prefixmap;
+
+	if (ctx->pfm_remote != NULL) {
+		prefixmap = ctx->pfm_remote;
+	} else {
+		prefixmap = ctx->schema->prefixmap;
+	}
+	SMB_ASSERT(prefixmap);
+
+	out->flags	= 0;
+	out->name	= talloc_strdup(mem_ctx, attr->lDAPDisplayName);
+	W_ERROR_HAVE_NO_MEMORY(out->name);
+
+	out->num_values	= in->value_ctr.num_values;
+	out->values	= talloc_array(mem_ctx, struct ldb_val, out->num_values);
+	W_ERROR_HAVE_NO_MEMORY(out->values);
+
+	for (i=0; i < out->num_values; i++) {
+		uint32_t attid;
+		WERROR status;
+		const char *oid;
+
+		if (in->value_ctr.values[i].blob == NULL) {
+			return WERR_FOOBAR;
+		}
+
+		if (in->value_ctr.values[i].blob->length != 4) {
+			return WERR_FOOBAR;
+		}
+
+		attid = IVAL(in->value_ctr.values[i].blob->data, 0);
+
+		status = dsdb_schema_pfm_oid_from_attid(prefixmap, attid,
+							out->values, &oid);
+		if (!W_ERROR_IS_OK(status)) {
+			DEBUG(0,(__location__ ": Error: Unknown ATTID 0x%08X\n",
+				 attid));
+			return status;
+		}
+
+		out->values[i] = data_blob_string_const(oid);
+	}
+
+	return WERR_OK;
+}
+
+static WERROR _dsdb_syntax_auto_OID_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
+						   const struct dsdb_attribute *attr,
+						   const struct ldb_message_element *in,
+						   TALLOC_CTX *mem_ctx,
+						   struct drsuapi_DsReplicaAttribute *out)
+{
+        unsigned int i;
+        DATA_BLOB *blobs;
+
+        out->attid= dsdb_attribute_get_attid(attr,
+					     ctx->is_schema_nc);
+        out->value_ctr.num_values= in->num_values;
+        out->value_ctr.values= talloc_array(mem_ctx,
+                                            struct drsuapi_DsAttributeValue,
+                                            in->num_values);
+        W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
+
+        blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
+        W_ERROR_HAVE_NO_MEMORY(blobs);
+
+        for (i=0; i < in->num_values; i++) {
+		const struct dsdb_class *obj_class;
+		const struct dsdb_attribute *obj_attr;
+		struct ldb_val *v;
+
+		out->value_ctr.values[i].blob= &blobs[i];
+
+		blobs[i] = data_blob_talloc(blobs, NULL, 4);
+		W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
+
+		/* in DRS windows puts the classes in the opposite
+		   order to the order used in ldap */
+		v = &in->values[(in->num_values-1)-i];
+
+		if ((obj_class = dsdb_class_by_lDAPDisplayName_ldb_val(ctx->schema, v))) {
+			SIVAL(blobs[i].data, 0, obj_class->governsID_id);
+		} else if ((obj_attr = dsdb_attribute_by_lDAPDisplayName_ldb_val(ctx->schema, v))) {
+			SIVAL(blobs[i].data, 0, obj_attr->attributeID_id);
+		} else {
+			uint32_t attid;
+			WERROR werr;
+			werr = dsdb_schema_pfm_attid_from_oid(ctx->schema->prefixmap,
+							      (const char *)v->data,
+							      &attid);
+			W_ERROR_NOT_OK_RETURN(werr);
+			SIVAL(blobs[i].data, 0, attid);
+		}
+
+        }
+
+
+        return WERR_OK;
+}
+
+static WERROR _dsdb_syntax_OID_obj_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
+						  const struct dsdb_attribute *attr,
+						  const struct ldb_message_element *in,
+						  TALLOC_CTX *mem_ctx,
+						  struct drsuapi_DsReplicaAttribute *out)
+{
+        unsigned int i;
+        DATA_BLOB *blobs;
+
+        out->attid= dsdb_attribute_get_attid(attr,
+					     ctx->is_schema_nc);
+        out->value_ctr.num_values= in->num_values;
+        out->value_ctr.values= talloc_array(mem_ctx,
+                                            struct drsuapi_DsAttributeValue,
+                                            in->num_values);
+        W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
+
+        blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
+        W_ERROR_HAVE_NO_MEMORY(blobs);
+
+        for (i=0; i < in->num_values; i++) {
+		const struct dsdb_class *obj_class;
+
+		out->value_ctr.values[i].blob= &blobs[i];
+
+		blobs[i] = data_blob_talloc(blobs, NULL, 4);
+		W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
+
+		/* in DRS windows puts the classes in the opposite
+		   order to the order used in ldap */
+		obj_class = dsdb_class_by_lDAPDisplayName(ctx->schema,
+							  (const char *)in->values[(in->num_values-1)-i].data);
+		if (!obj_class) {
+			return WERR_FOOBAR;
+		}
+		SIVAL(blobs[i].data, 0, obj_class->governsID_id);
+        }
+
+
+        return WERR_OK;
+}
+
+static WERROR _dsdb_syntax_OID_attr_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
+						   const struct dsdb_attribute *attr,
+						   const struct ldb_message_element *in,
+						   TALLOC_CTX *mem_ctx,
+						   struct drsuapi_DsReplicaAttribute *out)
+{
+        unsigned int i;
+        DATA_BLOB *blobs;
+
+        out->attid= dsdb_attribute_get_attid(attr,
+					     ctx->is_schema_nc);
+        out->value_ctr.num_values= in->num_values;
+        out->value_ctr.values= talloc_array(mem_ctx,
+                                            struct drsuapi_DsAttributeValue,
+                                            in->num_values);
+        W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
+
+        blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
+        W_ERROR_HAVE_NO_MEMORY(blobs);
+
+        for (i=0; i < in->num_values; i++) {
+		const struct dsdb_attribute *obj_attr;
+
+		out->value_ctr.values[i].blob= &blobs[i];
+
+		blobs[i] = data_blob_talloc(blobs, NULL, 4);
+		W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
+
+		obj_attr = dsdb_attribute_by_lDAPDisplayName(ctx->schema, (const char *)in->values[i].data);
+		if (!obj_attr) {
+			DEBUG(0, ("Unable to find attribute %s in the schema\n", (const char *)in->values[i].data));
+			return WERR_FOOBAR;
+		}
+		SIVAL(blobs[i].data, 0, obj_attr->attributeID_id);
+        }
+
+
+        return WERR_OK;
+}
+
+static WERROR _dsdb_syntax_OID_oid_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
+						  const struct dsdb_attribute *attr,
+						  const struct ldb_message_element *in,
+						  TALLOC_CTX *mem_ctx,
+						  struct drsuapi_DsReplicaAttribute *out)
+{
+	unsigned int i;
+	DATA_BLOB *blobs;
+
+	out->attid= dsdb_attribute_get_attid(attr,
+					     ctx->is_schema_nc);
+	out->value_ctr.num_values= in->num_values;
+	out->value_ctr.values= talloc_array(mem_ctx,
+					    struct drsuapi_DsAttributeValue,
+					    in->num_values);
+	W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
+
+	blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
+	W_ERROR_HAVE_NO_MEMORY(blobs);
+
+	for (i=0; i < in->num_values; i++) {
+		uint32_t attid;
+		WERROR status;
+
+		out->value_ctr.values[i].blob= &blobs[i];
+
+		blobs[i] = data_blob_talloc(blobs, NULL, 4);
+		W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
+
+		status = dsdb_schema_pfm_attid_from_oid(ctx->schema->prefixmap,
+						        (const char *)in->values[i].data,
+						        &attid);
+		W_ERROR_NOT_OK_RETURN(status);
+
+		SIVAL(blobs[i].data, 0, attid);
+	}
+
+	return WERR_OK;
+}
+
+static WERROR dsdb_syntax_OID_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
+					     const struct dsdb_attribute *attr,
+					     const struct drsuapi_DsReplicaAttribute *in,
+					     TALLOC_CTX *mem_ctx,
+					     struct ldb_message_element *out)
+{
+	WERROR werr;
+
+	switch (attr->attributeID_id) {
+	case DRSUAPI_ATTID_objectClass:
+	case DRSUAPI_ATTID_subClassOf:
+	case DRSUAPI_ATTID_auxiliaryClass:
+	case DRSUAPI_ATTID_systemAuxiliaryClass:
+	case DRSUAPI_ATTID_systemPossSuperiors:
+	case DRSUAPI_ATTID_possSuperiors:
+		werr = _dsdb_syntax_OID_obj_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
+		break;
+	case DRSUAPI_ATTID_systemMustContain:
+	case DRSUAPI_ATTID_systemMayContain:
+	case DRSUAPI_ATTID_mustContain:
+	case DRSUAPI_ATTID_rDNAttId:
+	case DRSUAPI_ATTID_transportAddressAttribute:
+	case DRSUAPI_ATTID_mayContain:
+		werr = _dsdb_syntax_OID_attr_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
+		break;
+	case DRSUAPI_ATTID_governsID:
+	case DRSUAPI_ATTID_attributeID:
+	case DRSUAPI_ATTID_attributeSyntax:
+		werr = _dsdb_syntax_OID_oid_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
+		break;
+	default:
+		DEBUG(0,(__location__ ": Unknown handling for attributeID_id for %s\n",
+			 attr->lDAPDisplayName));
+		return _dsdb_syntax_auto_OID_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
+	}
+
+	/* When we are doing the vampire of a schema, we don't want
+	 * the inability to reference an OID to get in the way.
+	 * Otherwise, we won't get the new schema with which to
+	 * understand this */
+	if (!W_ERROR_IS_OK(werr) && ctx->schema->relax_OID_conversions) {
+		return _dsdb_syntax_OID_oid_drsuapi_to_ldb(ctx, attr, in, mem_ctx, out);
+	}
+	return werr;
+}
+
+static WERROR dsdb_syntax_OID_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
+					     const struct dsdb_attribute *attr,
+					     const struct ldb_message_element *in,
+					     TALLOC_CTX *mem_ctx,
+					     struct drsuapi_DsReplicaAttribute *out)
+{
+	if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
+		return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
+	}
+
+	switch (attr->attributeID_id) {
+	case DRSUAPI_ATTID_objectClass:
+	case DRSUAPI_ATTID_subClassOf:
+	case DRSUAPI_ATTID_auxiliaryClass:
+	case DRSUAPI_ATTID_systemAuxiliaryClass:
+	case DRSUAPI_ATTID_systemPossSuperiors:
+	case DRSUAPI_ATTID_possSuperiors:
+		return _dsdb_syntax_OID_obj_ldb_to_drsuapi(ctx, attr, in, mem_ctx, out);
+	case DRSUAPI_ATTID_systemMustContain:
+	case DRSUAPI_ATTID_systemMayContain:
+	case DRSUAPI_ATTID_mustContain:
+	case DRSUAPI_ATTID_rDNAttId:
+	case DRSUAPI_ATTID_transportAddressAttribute:
+	case DRSUAPI_ATTID_mayContain:
+		return _dsdb_syntax_OID_attr_ldb_to_drsuapi(ctx, attr, in, mem_ctx, out);
+	case DRSUAPI_ATTID_governsID:
+	case DRSUAPI_ATTID_attributeID:
+	case DRSUAPI_ATTID_attributeSyntax:
+		return _dsdb_syntax_OID_oid_ldb_to_drsuapi(ctx, attr, in, mem_ctx, out);
+	}
+
+	DEBUG(0,(__location__ ": Unknown handling for attributeID_id for %s\n",
+		 attr->lDAPDisplayName));
+
+	return _dsdb_syntax_auto_OID_ldb_to_drsuapi(ctx, attr, in, mem_ctx, out);
+}
+
+static WERROR _dsdb_syntax_OID_validate_numericoid(const struct dsdb_syntax_ctx *ctx,
+						   const struct dsdb_attribute *attr,
+						   const struct ldb_message_element *in)
+{
+	unsigned int i;
+	TALLOC_CTX *tmp_ctx;
+
+	tmp_ctx = talloc_new(ctx->ldb);
+	W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
+
+	for (i=0; i < in->num_values; i++) {
+		DATA_BLOB blob;
+		char *oid_out;
+		const char *oid = (const char*)in->values[i].data;
+
+		if (in->values[i].length == 0) {
+			talloc_free(tmp_ctx);
+			return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+		}
+
+		if (!ber_write_OID_String(tmp_ctx, &blob, oid)) {
+			DEBUG(0,("ber_write_OID_String() failed for %s\n", oid));
+			talloc_free(tmp_ctx);
+			return WERR_INVALID_PARAMETER;
+		}
+
+		if (!ber_read_OID_String(tmp_ctx, blob, &oid_out)) {
+			DEBUG(0,("ber_read_OID_String() failed for %s\n",
+				 hex_encode_talloc(tmp_ctx, blob.data, blob.length)));
+			talloc_free(tmp_ctx);
+			return WERR_INVALID_PARAMETER;
+		}
+
+		if (strcmp(oid, oid_out) != 0) {
+			talloc_free(tmp_ctx);
+			return WERR_INVALID_PARAMETER;
+		}
+	}
+
+	talloc_free(tmp_ctx);
+	return WERR_OK;
+}
+
+static WERROR dsdb_syntax_OID_validate_ldb(const struct dsdb_syntax_ctx *ctx,
+					   const struct dsdb_attribute *attr,
+					   const struct ldb_message_element *in)
+{
+	WERROR status;
+	struct drsuapi_DsReplicaAttribute drs_tmp;
+	struct ldb_message_element ldb_tmp;
+	TALLOC_CTX *tmp_ctx;
+
+	if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
+		return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
+	}
+
+	switch (attr->attributeID_id) {
+	case DRSUAPI_ATTID_governsID:
+	case DRSUAPI_ATTID_attributeID:
+	case DRSUAPI_ATTID_attributeSyntax:
+		return _dsdb_syntax_OID_validate_numericoid(ctx, attr, in);
+	}
+
+	/*
+	 * TODO: optimize and verify this code
+	 */
+
+	tmp_ctx = talloc_new(ctx->ldb);
+	W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
+
+	status = dsdb_syntax_OID_ldb_to_drsuapi(ctx,
+						attr,
+						in,
+						tmp_ctx,
+						&drs_tmp);
+	if (!W_ERROR_IS_OK(status)) {
+		talloc_free(tmp_ctx);
+		return status;
+	}
+
+	status = dsdb_syntax_OID_drsuapi_to_ldb(ctx,
+						attr,
+						&drs_tmp,
+						tmp_ctx,
+						&ldb_tmp);
+	if (!W_ERROR_IS_OK(status)) {
+		talloc_free(tmp_ctx);
+		return status;
+	}
+
+	talloc_free(tmp_ctx);
+	return WERR_OK;
+}
+
+static WERROR dsdb_syntax_UNICODE_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
+						 const struct dsdb_attribute *attr,
+						 const struct drsuapi_DsReplicaAttribute *in,
+						 TALLOC_CTX *mem_ctx,
+						 struct ldb_message_element *out)
+{
+	unsigned int i;
+
+	out->flags	= 0;
+	out->name	= talloc_strdup(mem_ctx, attr->lDAPDisplayName);
+	W_ERROR_HAVE_NO_MEMORY(out->name);
+
+	out->num_values	= in->value_ctr.num_values;
+	out->values	= talloc_array(mem_ctx, struct ldb_val, out->num_values);
+	W_ERROR_HAVE_NO_MEMORY(out->values);
+
+	for (i=0; i < out->num_values; i++) {
+		size_t converted_size = 0;
+		char *str;
+
+		if (in->value_ctr.values[i].blob == NULL) {
+			return WERR_FOOBAR;
+		}
+
+		if (in->value_ctr.values[i].blob->length == 0) {
+			return WERR_FOOBAR;
+		}
+
+		if (!convert_string_talloc(out->values,
+					   CH_UTF16, CH_UNIX,
+					   in->value_ctr.values[i].blob->data,
+					   in->value_ctr.values[i].blob->length,
+					   &str, &converted_size)) {
+			return WERR_FOOBAR;
+		}
+
+		out->values[i] = data_blob_const(str, converted_size);
+	}
+
+	return WERR_OK;
+}
+
+static WERROR dsdb_syntax_UNICODE_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
+						 const struct dsdb_attribute *attr,
+						 const struct ldb_message_element *in,
+						 TALLOC_CTX *mem_ctx,
+						 struct drsuapi_DsReplicaAttribute *out)
+{
+	unsigned int i;
+	DATA_BLOB *blobs;
+
+	if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
+		return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
+	}
+
+	out->attid			= dsdb_attribute_get_attid(attr,
+								   ctx->is_schema_nc);
+	out->value_ctr.num_values	= in->num_values;
+	out->value_ctr.values		= talloc_array(mem_ctx,
+						       struct drsuapi_DsAttributeValue,
+						       in->num_values);
+	W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
+
+	blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
+	W_ERROR_HAVE_NO_MEMORY(blobs);
+
+	for (i=0; i < in->num_values; i++) {
+		out->value_ctr.values[i].blob	= &blobs[i];
+
+		if (!convert_string_talloc(blobs,
+					   CH_UNIX, CH_UTF16,
+					   in->values[i].data, in->values[i].length,
+					   &blobs[i].data, &blobs[i].length)) {
+			return WERR_FOOBAR;
+		}
+	}
+
+	return WERR_OK;
+}
+
+static WERROR dsdb_syntax_UNICODE_validate_one_val(const struct dsdb_syntax_ctx *ctx,
+						   const struct dsdb_attribute *attr,
+						   const struct ldb_val *val)
+{
+	void *dst = NULL;
+	size_t size;
+	bool ok;
+
+	if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
+		return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
+	}
+
+	ok = convert_string_talloc(ctx->ldb,
+				   CH_UNIX, CH_UTF16,
+				   val->data,
+				   val->length,
+				   &dst,
+				   &size);
+	TALLOC_FREE(dst);
+	if (!ok) {
+		return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+	}
+
+	if (attr->rangeLower) {
+		if ((size/2) < *attr->rangeLower) {
+			return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+		}
+	}
+
+	if (attr->rangeUpper) {
+		if ((size/2) > *attr->rangeUpper) {
+			return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+		}
+	}
+
+	return WERR_OK;
+}
+
+static WERROR dsdb_syntax_UNICODE_validate_ldb(const struct dsdb_syntax_ctx *ctx,
+					       const struct dsdb_attribute *attr,
+					       const struct ldb_message_element *in)
+{
+	WERROR status;
+	unsigned int i;
+
+	if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
+		return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
+	}
+
+	for (i=0; i < in->num_values; i++) {
+		if (in->values[i].length == 0) {
+			return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+		}
+
+		status = dsdb_syntax_UNICODE_validate_one_val(ctx,
+							      attr,
+							      &in->values[i]);
+		if (!W_ERROR_IS_OK(status)) {
+			return status;
+		}
+	}
+
+	return WERR_OK;
+}
+
+static WERROR dsdb_syntax_one_DN_drsuapi_to_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *ldb,
+						const struct dsdb_syntax *syntax,
+						const DATA_BLOB *in, DATA_BLOB *out)
+{
+	struct drsuapi_DsReplicaObjectIdentifier3 id3;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB guid_blob;
+	struct ldb_dn *dn;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	int ret;
+	NTSTATUS status;
+
+	if (!tmp_ctx) {
+		W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
+	}
+
+	if (in == NULL) {
+		talloc_free(tmp_ctx);
+		return WERR_FOOBAR;
+	}
+
+	if (in->length == 0) {
+		talloc_free(tmp_ctx);
+		return WERR_FOOBAR;
+	}
+
+
+	/* windows sometimes sends an extra two pad bytes here */
+	ndr_err = ndr_pull_struct_blob(in,
+				       tmp_ctx, &id3,
+				       (ndr_pull_flags_fn_t)ndr_pull_drsuapi_DsReplicaObjectIdentifier3);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		status = ndr_map_error2ntstatus(ndr_err);
+		talloc_free(tmp_ctx);
+		return ntstatus_to_werror(status);
+	}
+
+	dn = ldb_dn_new(tmp_ctx, ldb, id3.dn);
+	if (!dn) {
+		talloc_free(tmp_ctx);
+		/* If this fails, it must be out of memory, as it does not do much parsing */
+		W_ERROR_HAVE_NO_MEMORY(dn);
+	}
+
+	if (!GUID_all_zero(&id3.guid)) {
+		status = GUID_to_ndr_blob(&id3.guid, tmp_ctx, &guid_blob);
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(tmp_ctx);
+			return ntstatus_to_werror(status);
+		}
+
+		ret = ldb_dn_set_extended_component(dn, "GUID", &guid_blob);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return WERR_FOOBAR;
+		}
+		talloc_free(guid_blob.data);
+	}
+
+	if (id3.__ndr_size_sid) {
+		DATA_BLOB sid_blob;
+		ndr_err = ndr_push_struct_blob(&sid_blob, tmp_ctx, &id3.sid,
+					       (ndr_push_flags_fn_t)ndr_push_dom_sid);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			status = ndr_map_error2ntstatus(ndr_err);
+			talloc_free(tmp_ctx);
+			return ntstatus_to_werror(status);
+		}
+
+		ret = ldb_dn_set_extended_component(dn, "SID", &sid_blob);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(tmp_ctx);
+			return WERR_FOOBAR;
+		}
+	}
+
+	*out = data_blob_string_const(ldb_dn_get_extended_linearized(mem_ctx, dn, 1));
+	talloc_free(tmp_ctx);
+	W_ERROR_HAVE_NO_MEMORY(out->data);
+	return WERR_OK;
+}
+
+static WERROR dsdb_syntax_DN_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
+					    const struct dsdb_attribute *attr,
+					    const struct drsuapi_DsReplicaAttribute *in,
+					    TALLOC_CTX *mem_ctx,
+					    struct ldb_message_element *out)
+{
+	unsigned int i;
+
+	out->flags	= 0;
+	out->name	= talloc_strdup(mem_ctx, attr->lDAPDisplayName);
+	W_ERROR_HAVE_NO_MEMORY(out->name);
+
+	out->num_values	= in->value_ctr.num_values;
+	out->values	= talloc_array(mem_ctx, struct ldb_val, out->num_values);
+	W_ERROR_HAVE_NO_MEMORY(out->values);
+
+	for (i=0; i < out->num_values; i++) {
+		WERROR status = dsdb_syntax_one_DN_drsuapi_to_ldb(out->values, ctx->ldb, attr->syntax,
+								  in->value_ctr.values[i].blob,
+								  &out->values[i]);
+		if (!W_ERROR_IS_OK(status)) {
+			return status;
+		}
+
+	}
+
+	return WERR_OK;
+}
+
+static WERROR dsdb_syntax_DN_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
+					    const struct dsdb_attribute *attr,
+					    const struct ldb_message_element *in,
+					    TALLOC_CTX *mem_ctx,
+					    struct drsuapi_DsReplicaAttribute *out)
+{
+	unsigned int i;
+	DATA_BLOB *blobs;
+
+	if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
+		return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
+	}
+
+	out->attid			= dsdb_attribute_get_attid(attr,
+								   ctx->is_schema_nc);
+	out->value_ctr.num_values	= in->num_values;
+	out->value_ctr.values		= talloc_array(mem_ctx,
+						       struct drsuapi_DsAttributeValue,
+						       in->num_values);
+	W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
+
+	blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
+	W_ERROR_HAVE_NO_MEMORY(blobs);
+
+	for (i=0; i < in->num_values; i++) {
+		struct drsuapi_DsReplicaObjectIdentifier3 id3;
+		enum ndr_err_code ndr_err;
+		struct ldb_dn *dn;
+		TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+		NTSTATUS status;
+
+		W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
+
+		out->value_ctr.values[i].blob	= &blobs[i];
+
+		dn = ldb_dn_from_ldb_val(tmp_ctx, ctx->ldb, &in->values[i]);
+
+		W_ERROR_HAVE_NO_MEMORY(dn);
+
+		ZERO_STRUCT(id3);
+
+		status = dsdb_get_extended_dn_guid(dn, &id3.guid, "GUID");
+		if (!NT_STATUS_IS_OK(status) &&
+		    !NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+			talloc_free(tmp_ctx);
+			return ntstatus_to_werror(status);
+		}
+
+		status = dsdb_get_extended_dn_sid(dn, &id3.sid, "SID");
+		if (!NT_STATUS_IS_OK(status) &&
+		    !NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+			talloc_free(tmp_ctx);
+			return ntstatus_to_werror(status);
+		}
+
+		id3.dn = ldb_dn_get_linearized(dn);
+
+		ndr_err = ndr_push_struct_blob(&blobs[i], blobs, &id3, (ndr_push_flags_fn_t)ndr_push_drsuapi_DsReplicaObjectIdentifier3);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			status = ndr_map_error2ntstatus(ndr_err);
+			talloc_free(tmp_ctx);
+			return ntstatus_to_werror(status);
+		}
+		talloc_free(tmp_ctx);
+	}
+
+	return WERR_OK;
+}
+
+static WERROR dsdb_syntax_DN_validate_one_val(const struct dsdb_syntax_ctx *ctx,
+					      const struct dsdb_attribute *attr,
+					      const struct ldb_val *val,
+					      TALLOC_CTX *mem_ctx,
+					      struct dsdb_dn **_dsdb_dn)
+{
+	static const char * const extended_list[] = { "GUID", "SID", NULL };
+	enum ndr_err_code ndr_err;
+	struct GUID guid;
+	struct dom_sid sid;
+	const DATA_BLOB *sid_blob;
+	struct dsdb_dn *dsdb_dn;
+	struct ldb_dn *dn;
+	char *dn_str;
+	struct ldb_dn *dn2;
+	char *dn2_str;
+	int num_components;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	NTSTATUS status;
+
+	W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
+
+	if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
+		return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
+	}
+
+	dsdb_dn = dsdb_dn_parse(tmp_ctx, ctx->ldb, val,
+				attr->syntax->ldap_oid);
+	if (!dsdb_dn) {
+		talloc_free(tmp_ctx);
+		return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+	}
+	dn = dsdb_dn->dn;
+
+	dn2 = ldb_dn_copy(tmp_ctx, dn);
+	if (dn == NULL) {
+		talloc_free(tmp_ctx);
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	num_components = ldb_dn_get_comp_num(dn);
+
+	status = dsdb_get_extended_dn_guid(dn, &guid, "GUID");
+	if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+		num_components++;
+	} else if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(tmp_ctx);
+		return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+	}
+
+	sid_blob = ldb_dn_get_extended_component(dn, "SID");
+	if (sid_blob) {
+		num_components++;
+		ndr_err = ndr_pull_struct_blob_all(sid_blob,
+						   tmp_ctx,
+						   &sid,
+						   (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			talloc_free(tmp_ctx);
+			return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+		}
+	}
+
+	/* Do not allow links to the RootDSE */
+	if (num_components == 0) {
+		talloc_free(tmp_ctx);
+		return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+	}
+
+	/*
+	 * We need to check that only "GUID" and "SID" are
+	 * specified as extended components, we do that
+	 * by comparing the dn's after removing all components
+	 * from one dn and only the allowed subset from the other
+	 * one.
+	 */
+	ldb_dn_extended_filter(dn, extended_list);
+
+	dn_str = ldb_dn_get_extended_linearized(tmp_ctx, dn, 0);
+	if (dn_str == NULL) {
+		talloc_free(tmp_ctx);
+		return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+	}
+	dn2_str = ldb_dn_get_extended_linearized(tmp_ctx, dn2, 0);
+	if (dn2_str == NULL) {
+		talloc_free(tmp_ctx);
+		return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+	}
+
+	if (strcmp(dn_str, dn2_str) != 0) {
+		talloc_free(tmp_ctx);
+		return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+	}
+
+	*_dsdb_dn = talloc_move(mem_ctx, &dsdb_dn);
+	talloc_free(tmp_ctx);
+	return WERR_OK;
+}
+
+static WERROR dsdb_syntax_DN_validate_ldb(const struct dsdb_syntax_ctx *ctx,
+					  const struct dsdb_attribute *attr,
+					  const struct ldb_message_element *in)
+{
+	unsigned int i;
+
+	if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
+		return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
+	}
+
+	for (i=0; i < in->num_values; i++) {
+		WERROR status;
+		struct dsdb_dn *dsdb_dn;
+		TALLOC_CTX *tmp_ctx = talloc_new(ctx->ldb);
+		W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
+
+		status = dsdb_syntax_DN_validate_one_val(ctx,
+							 attr,
+							 &in->values[i],
+							 tmp_ctx, &dsdb_dn);
+		if (!W_ERROR_IS_OK(status)) {
+			talloc_free(tmp_ctx);
+			return status;
+		}
+
+		if (dsdb_dn->dn_format != DSDB_NORMAL_DN) {
+			talloc_free(tmp_ctx);
+			return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+		}
+
+		talloc_free(tmp_ctx);
+	}
+
+	return WERR_OK;
+}
+
+static WERROR dsdb_syntax_DN_BINARY_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
+						   const struct dsdb_attribute *attr,
+						   const struct drsuapi_DsReplicaAttribute *in,
+						   TALLOC_CTX *mem_ctx,
+						   struct ldb_message_element *out)
+{
+	unsigned int i;
+	int ret;
+
+	out->flags	= 0;
+	out->name	= talloc_strdup(mem_ctx, attr->lDAPDisplayName);
+	W_ERROR_HAVE_NO_MEMORY(out->name);
+
+	out->num_values	= in->value_ctr.num_values;
+	out->values	= talloc_array(mem_ctx, struct ldb_val, out->num_values);
+	W_ERROR_HAVE_NO_MEMORY(out->values);
+
+	for (i=0; i < out->num_values; i++) {
+		struct drsuapi_DsReplicaObjectIdentifier3Binary id3;
+		enum ndr_err_code ndr_err;
+		DATA_BLOB guid_blob;
+		struct ldb_dn *dn;
+		struct dsdb_dn *dsdb_dn;
+		NTSTATUS status;
+		TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+		if (!tmp_ctx) {
+			W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
+		}
+
+		if (in->value_ctr.values[i].blob == NULL) {
+			talloc_free(tmp_ctx);
+			return WERR_FOOBAR;
+		}
+
+		if (in->value_ctr.values[i].blob->length == 0) {
+			talloc_free(tmp_ctx);
+			return WERR_FOOBAR;
+		}
+
+
+		/* windows sometimes sends an extra two pad bytes here */
+		ndr_err = ndr_pull_struct_blob(in->value_ctr.values[i].blob,
+					       tmp_ctx, &id3,
+					       (ndr_pull_flags_fn_t)ndr_pull_drsuapi_DsReplicaObjectIdentifier3Binary);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			status = ndr_map_error2ntstatus(ndr_err);
+			talloc_free(tmp_ctx);
+			return ntstatus_to_werror(status);
+		}
+
+		dn = ldb_dn_new(tmp_ctx, ctx->ldb, id3.dn);
+		if (!dn) {
+			talloc_free(tmp_ctx);
+			/* If this fails, it must be out of memory, as it does not do much parsing */
+			W_ERROR_HAVE_NO_MEMORY(dn);
+		}
+
+		if (!GUID_all_zero(&id3.guid)) {
+			status = GUID_to_ndr_blob(&id3.guid, tmp_ctx, &guid_blob);
+			if (!NT_STATUS_IS_OK(status)) {
+				talloc_free(tmp_ctx);
+				return ntstatus_to_werror(status);
+			}
+
+			ret = ldb_dn_set_extended_component(dn, "GUID", &guid_blob);
+			if (ret != LDB_SUCCESS) {
+				talloc_free(tmp_ctx);
+				return WERR_FOOBAR;
+			}
+			talloc_free(guid_blob.data);
+		}
+
+		if (id3.__ndr_size_sid) {
+			DATA_BLOB sid_blob;
+			ndr_err = ndr_push_struct_blob(&sid_blob, tmp_ctx, &id3.sid,
+						       (ndr_push_flags_fn_t)ndr_push_dom_sid);
+			if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+				status = ndr_map_error2ntstatus(ndr_err);
+				talloc_free(tmp_ctx);
+				return ntstatus_to_werror(status);
+			}
+
+			ret = ldb_dn_set_extended_component(dn, "SID", &sid_blob);
+			if (ret != LDB_SUCCESS) {
+				talloc_free(tmp_ctx);
+				return WERR_FOOBAR;
+			}
+		}
+
+		/* set binary stuff */
+		dsdb_dn = dsdb_dn_construct(tmp_ctx, dn, id3.binary, attr->syntax->ldap_oid);
+		if (!dsdb_dn) {
+			if (errno == EINVAL) {
+				/*
+				 * This might be Object(OR-Name)
+				 * failing because of a non empty
+				 * binary part.
+				 */
+				talloc_free(tmp_ctx);
+				return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+			}
+			talloc_free(tmp_ctx);
+			W_ERROR_HAVE_NO_MEMORY(dsdb_dn);
+		}
+		out->values[i] = data_blob_string_const(dsdb_dn_get_extended_linearized(out->values, dsdb_dn, 1));
+		talloc_free(tmp_ctx);
+		W_ERROR_HAVE_NO_MEMORY(out->values[i].data);
+	}
+
+	return WERR_OK;
+}
+
+static WERROR dsdb_syntax_DN_BINARY_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
+						   const struct dsdb_attribute *attr,
+						   const struct ldb_message_element *in,
+						   TALLOC_CTX *mem_ctx,
+						   struct drsuapi_DsReplicaAttribute *out)
+{
+	unsigned int i;
+	DATA_BLOB *blobs;
+
+	if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
+		return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
+	}
+
+	out->attid			= dsdb_attribute_get_attid(attr,
+								   ctx->is_schema_nc);
+	out->value_ctr.num_values	= in->num_values;
+	out->value_ctr.values		= talloc_array(mem_ctx,
+						       struct drsuapi_DsAttributeValue,
+						       in->num_values);
+	W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
+
+	blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
+	W_ERROR_HAVE_NO_MEMORY(blobs);
+
+	for (i=0; i < in->num_values; i++) {
+		struct drsuapi_DsReplicaObjectIdentifier3Binary id3;
+		enum ndr_err_code ndr_err;
+		const DATA_BLOB *sid_blob;
+		struct dsdb_dn *dsdb_dn;
+		TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+		NTSTATUS status;
+
+		W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
+
+		out->value_ctr.values[i].blob	= &blobs[i];
+
+		dsdb_dn = dsdb_dn_parse(tmp_ctx, ctx->ldb, &in->values[i], attr->syntax->ldap_oid);
+
+		if (!dsdb_dn) {
+			talloc_free(tmp_ctx);
+			return ntstatus_to_werror(NT_STATUS_INVALID_PARAMETER);
+		}
+
+		ZERO_STRUCT(id3);
+
+		status = dsdb_get_extended_dn_guid(dsdb_dn->dn, &id3.guid, "GUID");
+		if (!NT_STATUS_IS_OK(status) &&
+		    !NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+			talloc_free(tmp_ctx);
+			return ntstatus_to_werror(status);
+		}
+
+		sid_blob = ldb_dn_get_extended_component(dsdb_dn->dn, "SID");
+		if (sid_blob) {
+
+			ndr_err = ndr_pull_struct_blob_all(sid_blob,
+							   tmp_ctx, &id3.sid,
+							   (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
+			if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+				status = ndr_map_error2ntstatus(ndr_err);
+				talloc_free(tmp_ctx);
+				return ntstatus_to_werror(status);
+			}
+		}
+
+		id3.dn = ldb_dn_get_linearized(dsdb_dn->dn);
+
+		/* get binary stuff */
+		id3.binary = dsdb_dn->extra_part;
+
+		ndr_err = ndr_push_struct_blob(&blobs[i], blobs, &id3, (ndr_push_flags_fn_t)ndr_push_drsuapi_DsReplicaObjectIdentifier3Binary);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			status = ndr_map_error2ntstatus(ndr_err);
+			talloc_free(tmp_ctx);
+			return ntstatus_to_werror(status);
+		}
+		talloc_free(tmp_ctx);
+	}
+
+	return WERR_OK;
+}
+
+static WERROR dsdb_syntax_DN_BINARY_validate_ldb(const struct dsdb_syntax_ctx *ctx,
+						 const struct dsdb_attribute *attr,
+						 const struct ldb_message_element *in)
+{
+	unsigned int i;
+
+	if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
+		return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
+	}
+
+	for (i=0; i < in->num_values; i++) {
+		WERROR status;
+		struct dsdb_dn *dsdb_dn;
+		TALLOC_CTX *tmp_ctx = talloc_new(ctx->ldb);
+		W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
+
+		status = dsdb_syntax_DN_validate_one_val(ctx,
+							 attr,
+							 &in->values[i],
+							 tmp_ctx, &dsdb_dn);
+		if (!W_ERROR_IS_OK(status)) {
+			talloc_free(tmp_ctx);
+			return status;
+		}
+
+		if (dsdb_dn->dn_format != DSDB_BINARY_DN) {
+			talloc_free(tmp_ctx);
+			return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+		}
+
+		status = dsdb_syntax_DATA_BLOB_validate_one_val(ctx,
+								attr,
+								&dsdb_dn->extra_part);
+		if (!W_ERROR_IS_OK(status)) {
+			talloc_free(tmp_ctx);
+			return status;
+		}
+
+		talloc_free(tmp_ctx);
+	}
+
+	return WERR_OK;
+}
+
+static WERROR dsdb_syntax_DN_STRING_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
+						   const struct dsdb_attribute *attr,
+						   const struct drsuapi_DsReplicaAttribute *in,
+						   TALLOC_CTX *mem_ctx,
+						   struct ldb_message_element *out)
+{
+	return dsdb_syntax_DN_BINARY_drsuapi_to_ldb(ctx,
+						    attr,
+						    in,
+						    mem_ctx,
+						    out);
+}
+
+static WERROR dsdb_syntax_DN_STRING_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
+						   const struct dsdb_attribute *attr,
+						   const struct ldb_message_element *in,
+						   TALLOC_CTX *mem_ctx,
+						   struct drsuapi_DsReplicaAttribute *out)
+{
+	return dsdb_syntax_DN_BINARY_ldb_to_drsuapi(ctx,
+						    attr,
+						    in,
+						    mem_ctx,
+						    out);
+}
+
+static WERROR dsdb_syntax_DN_STRING_validate_ldb(const struct dsdb_syntax_ctx *ctx,
+						 const struct dsdb_attribute *attr,
+						 const struct ldb_message_element *in)
+{
+	unsigned int i;
+
+	if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
+		return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
+	}
+
+	for (i=0; i < in->num_values; i++) {
+		WERROR status;
+		struct dsdb_dn *dsdb_dn;
+		TALLOC_CTX *tmp_ctx = talloc_new(ctx->ldb);
+		W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
+
+		status = dsdb_syntax_DN_validate_one_val(ctx,
+							 attr,
+							 &in->values[i],
+							 tmp_ctx, &dsdb_dn);
+		if (!W_ERROR_IS_OK(status)) {
+			talloc_free(tmp_ctx);
+			return status;
+		}
+
+		if (dsdb_dn->dn_format != DSDB_STRING_DN) {
+			talloc_free(tmp_ctx);
+			return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+		}
+
+		status = dsdb_syntax_UNICODE_validate_one_val(ctx,
+							      attr,
+							      &dsdb_dn->extra_part);
+		if (!W_ERROR_IS_OK(status)) {
+			talloc_free(tmp_ctx);
+			return status;
+		}
+
+		talloc_free(tmp_ctx);
+	}
+
+	return WERR_OK;
+}
+
+static WERROR dsdb_syntax_PRESENTATION_ADDRESS_drsuapi_to_ldb(const struct dsdb_syntax_ctx *ctx,
+							      const struct dsdb_attribute *attr,
+							      const struct drsuapi_DsReplicaAttribute *in,
+							      TALLOC_CTX *mem_ctx,
+							      struct ldb_message_element *out)
+{
+	unsigned int i;
+
+	out->flags	= 0;
+	out->name	= talloc_strdup(mem_ctx, attr->lDAPDisplayName);
+	W_ERROR_HAVE_NO_MEMORY(out->name);
+
+	out->num_values	= in->value_ctr.num_values;
+	out->values	= talloc_array(mem_ctx, struct ldb_val, out->num_values);
+	W_ERROR_HAVE_NO_MEMORY(out->values);
+
+	for (i=0; i < out->num_values; i++) {
+		size_t len;
+		size_t converted_size = 0;
+		char *str;
+
+		if (in->value_ctr.values[i].blob == NULL) {
+			return WERR_FOOBAR;
+		}
+
+		if (in->value_ctr.values[i].blob->length < 4) {
+			return WERR_FOOBAR;
+		}
+
+		len = IVAL(in->value_ctr.values[i].blob->data, 0);
+
+		if (len != in->value_ctr.values[i].blob->length) {
+			return WERR_FOOBAR;
+		}
+
+		if (!convert_string_talloc(out->values, CH_UTF16, CH_UNIX,
+					   in->value_ctr.values[i].blob->data+4,
+					   in->value_ctr.values[i].blob->length-4,
+					   (void **)&str, &converted_size)) {
+			return WERR_FOOBAR;
+		}
+
+		out->values[i] = data_blob_string_const(str);
+	}
+
+	return WERR_OK;
+}
+
+static WERROR dsdb_syntax_PRESENTATION_ADDRESS_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
+							      const struct dsdb_attribute *attr,
+							      const struct ldb_message_element *in,
+							      TALLOC_CTX *mem_ctx,
+							      struct drsuapi_DsReplicaAttribute *out)
+{
+	unsigned int i;
+	DATA_BLOB *blobs;
+
+	if (attr->attributeID_id == DRSUAPI_ATTID_INVALID) {
+		return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
+	}
+
+	out->attid			= dsdb_attribute_get_attid(attr,
+								   ctx->is_schema_nc);
+	out->value_ctr.num_values	= in->num_values;
+	out->value_ctr.values		= talloc_array(mem_ctx,
+						       struct drsuapi_DsAttributeValue,
+						       in->num_values);
+	W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
+
+	blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
+	W_ERROR_HAVE_NO_MEMORY(blobs);
+
+	for (i=0; i < in->num_values; i++) {
+		uint8_t *data;
+		size_t ret;
+
+		out->value_ctr.values[i].blob	= &blobs[i];
+
+		if (!convert_string_talloc(blobs, CH_UNIX, CH_UTF16,
+					   in->values[i].data,
+					   in->values[i].length,
+					   (void **)&data, &ret)) {
+			return WERR_FOOBAR;
+		}
+
+		blobs[i] = data_blob_talloc(blobs, NULL, 4 + ret);
+		W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
+
+		SIVAL(blobs[i].data, 0, 4 + ret);
+
+		if (ret > 0) {
+			memcpy(blobs[i].data + 4, data, ret);
+			talloc_free(data);
+		}
+	}
+
+	return WERR_OK;
+}
+
+static WERROR dsdb_syntax_PRESENTATION_ADDRESS_validate_ldb(const struct dsdb_syntax_ctx *ctx,
+							    const struct dsdb_attribute *attr,
+							    const struct ldb_message_element *in)
+{
+	return dsdb_syntax_UNICODE_validate_ldb(ctx,
+						attr,
+						in);
+}
+
+#define OMOBJECTCLASS(val) { .length = sizeof(val) - 1, .data = discard_const_p(uint8_t, val) }
+
+static const struct dsdb_syntax dsdb_syntaxes[] = {
+	{
+		.name			= "Boolean",
+		.ldap_oid		= LDB_SYNTAX_BOOLEAN,
+		.oMSyntax		= 1,
+		.attributeSyntax_oid	= "2.5.5.8",
+		.drsuapi_to_ldb		= dsdb_syntax_BOOL_drsuapi_to_ldb,
+		.ldb_to_drsuapi		= dsdb_syntax_BOOL_ldb_to_drsuapi,
+		.validate_ldb		= dsdb_syntax_BOOL_validate_ldb,
+		.equality               = "booleanMatch",
+		.comment                = "Boolean",
+		.auto_normalise		= true
+	},{
+		.name			= "Integer",
+		.ldap_oid		= LDB_SYNTAX_INTEGER,
+		.oMSyntax		= 2,
+		.attributeSyntax_oid	= "2.5.5.9",
+		.drsuapi_to_ldb		= dsdb_syntax_INT32_drsuapi_to_ldb,
+		.ldb_to_drsuapi		= dsdb_syntax_INT32_ldb_to_drsuapi,
+		.validate_ldb		= dsdb_syntax_INT32_validate_ldb,
+		.equality               = "integerMatch",
+		.comment                = "Integer",
+		.ldb_syntax		= LDB_SYNTAX_SAMBA_INT32,
+		.auto_normalise		= true
+	},{
+		.name			= "String(Octet)",
+		.ldap_oid		= LDB_SYNTAX_OCTET_STRING,
+		.oMSyntax		= 4,
+		.attributeSyntax_oid	= "2.5.5.10",
+		.drsuapi_to_ldb		= dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
+		.ldb_to_drsuapi		= dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
+		.validate_ldb		= dsdb_syntax_DATA_BLOB_validate_ldb,
+		.equality               = "octetStringMatch",
+		.comment                = "Octet String",
+		.userParameters         = true,
+		.ldb_syntax             = LDB_SYNTAX_SAMBA_OCTET_STRING
+	},{
+		.name			= "String(Sid)",
+		.ldap_oid		= LDB_SYNTAX_OCTET_STRING,
+		.oMSyntax		= 4,
+		.attributeSyntax_oid	= "2.5.5.17",
+		.drsuapi_to_ldb		= dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
+		.ldb_to_drsuapi		= dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
+		.validate_ldb		= dsdb_syntax_DATA_BLOB_validate_ldb,
+		.equality               = "octetStringMatch",
+		.comment                = "Octet String - Security Identifier (SID)",
+		.ldb_syntax             = LDB_SYNTAX_SAMBA_SID
+	},{
+		.name			= "String(Object-Identifier)",
+		.ldap_oid		= "1.3.6.1.4.1.1466.115.121.1.38",
+		.oMSyntax		= 6,
+		.attributeSyntax_oid	= "2.5.5.2",
+		.drsuapi_to_ldb		= dsdb_syntax_OID_drsuapi_to_ldb,
+		.ldb_to_drsuapi		= dsdb_syntax_OID_ldb_to_drsuapi,
+		.validate_ldb		= dsdb_syntax_OID_validate_ldb,
+		.equality               = "caseIgnoreMatch", /* Would use "objectIdentifierMatch" but most are ldap attribute/class names */
+		.comment                = "OID String",
+		.ldb_syntax             = LDB_SYNTAX_DIRECTORY_STRING
+	},{
+		.name			= "Enumeration",
+		.ldap_oid		= LDB_SYNTAX_INTEGER,
+		.oMSyntax		= 10,
+		.attributeSyntax_oid	= "2.5.5.9",
+		.drsuapi_to_ldb		= dsdb_syntax_INT32_drsuapi_to_ldb,
+		.ldb_to_drsuapi		= dsdb_syntax_INT32_ldb_to_drsuapi,
+		.validate_ldb		= dsdb_syntax_INT32_validate_ldb,
+		.ldb_syntax		= LDB_SYNTAX_SAMBA_INT32,
+		.auto_normalise		= true
+	},{
+	/* not used in w2k3 forest */
+		.name			= "String(Numeric)",
+		.ldap_oid		= "1.3.6.1.4.1.1466.115.121.1.36",
+		.oMSyntax		= 18,
+		.attributeSyntax_oid	= "2.5.5.6",
+		.drsuapi_to_ldb		= dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
+		.ldb_to_drsuapi		= dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
+		.validate_ldb		= dsdb_syntax_DATA_BLOB_validate_ldb,
+		.equality               = "numericStringMatch",
+		.substring              = "numericStringSubstringsMatch",
+		.comment                = "Numeric String",
+		.ldb_syntax             = LDB_SYNTAX_DIRECTORY_STRING,
+	},{
+		.name			= "String(Printable)",
+		.ldap_oid		= "1.3.6.1.4.1.1466.115.121.1.44",
+		.oMSyntax		= 19,
+		.attributeSyntax_oid	= "2.5.5.5",
+		.drsuapi_to_ldb		= dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
+		.ldb_to_drsuapi		= dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
+		.validate_ldb		= dsdb_syntax_DATA_BLOB_validate_ldb,
+		.ldb_syntax		= LDB_SYNTAX_SAMBA_OCTET_STRING,
+	},{
+		.name			= "String(Teletex)",
+		.ldap_oid		= "1.2.840.113556.1.4.905",
+		.oMSyntax		= 20,
+		.attributeSyntax_oid	= "2.5.5.4",
+		.drsuapi_to_ldb		= dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
+		.ldb_to_drsuapi		= dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
+		.validate_ldb		= dsdb_syntax_DATA_BLOB_validate_ldb,
+		.equality               = "caseIgnoreMatch",
+		.substring              = "caseIgnoreSubstringsMatch",
+		.comment                = "Case Insensitive String",
+		.ldb_syntax             = LDB_SYNTAX_DIRECTORY_STRING,
+	},{
+		.name			= "String(IA5)",
+		.ldap_oid		= "1.3.6.1.4.1.1466.115.121.1.26",
+		.oMSyntax		= 22,
+		.attributeSyntax_oid	= "2.5.5.5",
+		.drsuapi_to_ldb		= dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
+		.ldb_to_drsuapi		= dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
+		.validate_ldb		= dsdb_syntax_DATA_BLOB_validate_ldb,
+		.equality               = "caseExactIA5Match",
+		.comment                = "Printable String",
+		.ldb_syntax		= LDB_SYNTAX_SAMBA_OCTET_STRING,
+	},{
+		.name			= "String(UTC-Time)",
+		.ldap_oid		= "1.3.6.1.4.1.1466.115.121.1.53",
+		.oMSyntax		= 23,
+		.attributeSyntax_oid	= "2.5.5.11",
+		.drsuapi_to_ldb		= dsdb_syntax_NTTIME_UTC_drsuapi_to_ldb,
+		.ldb_to_drsuapi		= dsdb_syntax_NTTIME_UTC_ldb_to_drsuapi,
+		.validate_ldb		= dsdb_syntax_NTTIME_UTC_validate_ldb,
+		.equality               = "generalizedTimeMatch",
+		.comment                = "UTC Time",
+		.auto_normalise		= true
+	},{
+		.name			= "String(Generalized-Time)",
+		.ldap_oid		= "1.3.6.1.4.1.1466.115.121.1.24",
+		.oMSyntax		= 24,
+		.attributeSyntax_oid	= "2.5.5.11",
+		.drsuapi_to_ldb		= dsdb_syntax_NTTIME_drsuapi_to_ldb,
+		.ldb_to_drsuapi		= dsdb_syntax_NTTIME_ldb_to_drsuapi,
+		.validate_ldb		= dsdb_syntax_NTTIME_validate_ldb,
+		.equality               = "generalizedTimeMatch",
+		.comment                = "Generalized Time",
+		.auto_normalise		= true
+	},{
+	/* not used in w2k3 schema */
+		.name			= "String(Case Sensitive)",
+		.ldap_oid		= "1.2.840.113556.1.4.1362",
+		.oMSyntax		= 27,
+		.attributeSyntax_oid	= "2.5.5.3",
+		.drsuapi_to_ldb		= dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
+		.ldb_to_drsuapi		= dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
+		.validate_ldb		= dsdb_syntax_DATA_BLOB_validate_ldb,
+		.equality               = "caseExactMatch",
+		.substring              = "caseExactSubstringsMatch",
+		/* TODO (kim): according to LDAP rfc we should be using same comparison
+		 * as Directory String (LDB_SYNTAX_DIRECTORY_STRING), but case sensitive.
+		 * But according to ms docs binary compare should do the job:
+		 * http://msdn.microsoft.com/en-us/library/cc223200(v=PROT.10).aspx */
+		.ldb_syntax		= LDB_SYNTAX_SAMBA_OCTET_STRING,
+	},{
+		.name			= "String(Unicode)",
+		.ldap_oid		= LDB_SYNTAX_DIRECTORY_STRING,
+		.oMSyntax		= 64,
+		.attributeSyntax_oid	= "2.5.5.12",
+		.drsuapi_to_ldb		= dsdb_syntax_UNICODE_drsuapi_to_ldb,
+		.ldb_to_drsuapi		= dsdb_syntax_UNICODE_ldb_to_drsuapi,
+		.validate_ldb		= dsdb_syntax_UNICODE_validate_ldb,
+		.equality               = "caseIgnoreMatch",
+		.substring              = "caseIgnoreSubstringsMatch",
+		.comment                = "Directory String",
+	},{
+		.name			= "Interval/LargeInteger",
+		.ldap_oid		= "1.2.840.113556.1.4.906",
+		.oMSyntax		= 65,
+		.attributeSyntax_oid	= "2.5.5.16",
+		.drsuapi_to_ldb		= dsdb_syntax_INT64_drsuapi_to_ldb,
+		.ldb_to_drsuapi		= dsdb_syntax_INT64_ldb_to_drsuapi,
+		.validate_ldb		= dsdb_syntax_INT64_validate_ldb,
+		.equality               = "integerMatch",
+		.comment                = "Large Integer",
+		.ldb_syntax             = LDB_SYNTAX_ORDERED_INTEGER,
+		.auto_normalise		= true
+	},{
+		.name			= "String(NT-Sec-Desc)",
+		.ldap_oid		= LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR,
+		.oMSyntax		= 66,
+		.attributeSyntax_oid	= "2.5.5.15",
+		.drsuapi_to_ldb		= dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
+		.ldb_to_drsuapi		= dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
+		.validate_ldb		= dsdb_syntax_DATA_BLOB_validate_ldb,
+	},{
+		.name			= "Object(DS-DN)",
+		.ldap_oid		= LDB_SYNTAX_DN,
+		.oMSyntax		= 127,
+		.oMObjectClass		= OMOBJECTCLASS("\x2b\x0c\x02\x87\x73\x1c\x00\x85\x4a"),
+		.attributeSyntax_oid	= "2.5.5.1",
+		.drsuapi_to_ldb		= dsdb_syntax_DN_drsuapi_to_ldb,
+		.ldb_to_drsuapi		= dsdb_syntax_DN_ldb_to_drsuapi,
+		.validate_ldb		= dsdb_syntax_DN_validate_ldb,
+		.equality               = "distinguishedNameMatch",
+		.comment                = "Object(DS-DN) == a DN",
+	},{
+		.name			= "Object(DN-Binary)",
+		.ldap_oid		= DSDB_SYNTAX_BINARY_DN,
+		.oMSyntax		= 127,
+		.oMObjectClass		= OMOBJECTCLASS("\x2a\x86\x48\x86\xf7\x14\x01\x01\x01\x0b"),
+		.attributeSyntax_oid	= "2.5.5.7",
+		.drsuapi_to_ldb		= dsdb_syntax_DN_BINARY_drsuapi_to_ldb,
+		.ldb_to_drsuapi		= dsdb_syntax_DN_BINARY_ldb_to_drsuapi,
+		.validate_ldb		= dsdb_syntax_DN_BINARY_validate_ldb,
+		.equality               = "octetStringMatch",
+		.comment                = "OctetString: Binary+DN",
+	},{
+	/* not used in w2k3 schema, but used in Exchange schema*/
+		.name			= "Object(OR-Name)",
+		.ldap_oid		= DSDB_SYNTAX_OR_NAME,
+		.oMSyntax		= 127,
+		.oMObjectClass		= OMOBJECTCLASS("\x56\x06\x01\x02\x05\x0b\x1D"),
+		.attributeSyntax_oid	= "2.5.5.7",
+		.drsuapi_to_ldb		= dsdb_syntax_DN_BINARY_drsuapi_to_ldb,
+		.ldb_to_drsuapi		= dsdb_syntax_DN_BINARY_ldb_to_drsuapi,
+		.validate_ldb		= dsdb_syntax_DN_validate_ldb,
+		.equality               = "distinguishedNameMatch",
+		.ldb_syntax		= LDB_SYNTAX_DN,
+	},{
+	/*
+	 * TODO: verify if DATA_BLOB is correct here...!
+	 *
+	 *       repsFrom and repsTo are the only attributes using
+	 *       this attribute syntax, but they're not replicated...
+	 */
+		.name			= "Object(Replica-Link)",
+		.ldap_oid		= "1.3.6.1.4.1.1466.115.121.1.40",
+		.oMSyntax		= 127,
+		.oMObjectClass		= OMOBJECTCLASS("\x2a\x86\x48\x86\xf7\x14\x01\x01\x01\x06"),
+		.attributeSyntax_oid	= "2.5.5.10",
+		.drsuapi_to_ldb		= dsdb_syntax_DATA_BLOB_drsuapi_to_ldb,
+		.ldb_to_drsuapi		= dsdb_syntax_DATA_BLOB_ldb_to_drsuapi,
+		.validate_ldb		= dsdb_syntax_DATA_BLOB_validate_ldb,
+	},{
+		.name			= "Object(Presentation-Address)",
+		.ldap_oid		= "1.3.6.1.4.1.1466.115.121.1.43",
+		.oMSyntax		= 127,
+		.oMObjectClass		= OMOBJECTCLASS("\x2b\x0c\x02\x87\x73\x1c\x00\x85\x5c"),
+		.attributeSyntax_oid	= "2.5.5.13",
+		.drsuapi_to_ldb		= dsdb_syntax_PRESENTATION_ADDRESS_drsuapi_to_ldb,
+		.ldb_to_drsuapi		= dsdb_syntax_PRESENTATION_ADDRESS_ldb_to_drsuapi,
+		.validate_ldb		= dsdb_syntax_PRESENTATION_ADDRESS_validate_ldb,
+		.comment                = "Presentation Address",
+		.ldb_syntax             = LDB_SYNTAX_DIRECTORY_STRING,
+	},{
+	/* not used in w2k3 schema */
+		.name			= "Object(Access-Point)",
+		.ldap_oid		= DSDB_SYNTAX_ACCESS_POINT,
+		.oMSyntax		= 127,
+		.oMObjectClass		= OMOBJECTCLASS("\x2b\x0c\x02\x87\x73\x1c\x00\x85\x3e"),
+		.attributeSyntax_oid	= "2.5.5.14",
+		.drsuapi_to_ldb		= dsdb_syntax_FOOBAR_drsuapi_to_ldb,
+		.ldb_to_drsuapi		= dsdb_syntax_FOOBAR_ldb_to_drsuapi,
+		.validate_ldb		= dsdb_syntax_FOOBAR_validate_ldb,
+		.ldb_syntax             = LDB_SYNTAX_DIRECTORY_STRING,
+	},{
+	/* not used in w2k3 schema */
+		.name			= "Object(DN-String)",
+		.ldap_oid		= DSDB_SYNTAX_STRING_DN,
+		.oMSyntax		= 127,
+		.oMObjectClass		= OMOBJECTCLASS("\x2a\x86\x48\x86\xf7\x14\x01\x01\x01\x0c"),
+		.attributeSyntax_oid	= "2.5.5.14",
+		.drsuapi_to_ldb		= dsdb_syntax_DN_STRING_drsuapi_to_ldb,
+		.ldb_to_drsuapi		= dsdb_syntax_DN_STRING_ldb_to_drsuapi,
+		.validate_ldb		= dsdb_syntax_DN_STRING_validate_ldb,
+		.equality               = "octetStringMatch",
+		.comment                = "OctetString: String+DN",
+	}
+};
+
+const struct dsdb_syntax *find_syntax_map_by_ad_oid(const char *ad_oid)
+{
+	unsigned int i;
+	for (i=0; i < ARRAY_SIZE(dsdb_syntaxes); i++) {
+		if (strcasecmp(ad_oid, dsdb_syntaxes[i].attributeSyntax_oid) == 0) {
+			return &dsdb_syntaxes[i];
+		}
+	}
+	return NULL;
+}
+
+const struct dsdb_syntax *find_syntax_map_by_ad_syntax(int oMSyntax)
+{
+	unsigned int i;
+	for (i=0; i < ARRAY_SIZE(dsdb_syntaxes); i++) {
+		if (oMSyntax == dsdb_syntaxes[i].oMSyntax) {
+			return &dsdb_syntaxes[i];
+		}
+	}
+	return NULL;
+}
+
+const struct dsdb_syntax *find_syntax_map_by_standard_oid(const char *standard_oid)
+{
+	unsigned int i;
+	for (i=0; i < ARRAY_SIZE(dsdb_syntaxes); i++) {
+		if (strcasecmp(standard_oid, dsdb_syntaxes[i].ldap_oid) == 0) {
+			return &dsdb_syntaxes[i];
+		}
+	}
+	return NULL;
+}
+
+const struct dsdb_syntax *dsdb_syntax_for_attribute(const struct dsdb_attribute *attr)
+{
+	unsigned int i;
+
+	for (i=0; i < ARRAY_SIZE(dsdb_syntaxes); i++) {
+		/*
+		 * We must pretend that userParameters was declared
+		 * binary string, so we can store the 'UTF16' (not
+		 * really string) structure as given over SAMR to samba
+		 */
+		if (dsdb_syntaxes[i].userParameters &&
+		    (strcasecmp(attr->lDAPDisplayName, "userParameters") == 0))
+		{
+			return &dsdb_syntaxes[i];
+		}
+		if (attr->oMSyntax != dsdb_syntaxes[i].oMSyntax) continue;
+
+		if (attr->oMObjectClass.length != dsdb_syntaxes[i].oMObjectClass.length) continue;
+
+		if (attr->oMObjectClass.length) {
+			int ret;
+			ret = memcmp(attr->oMObjectClass.data,
+				     dsdb_syntaxes[i].oMObjectClass.data,
+				     attr->oMObjectClass.length);
+			if (ret != 0) continue;
+		}
+
+		if (strcmp(attr->attributeSyntax_oid, dsdb_syntaxes[i].attributeSyntax_oid) != 0) continue;
+
+		return &dsdb_syntaxes[i];
+	}
+
+	return NULL;
+}
+
+WERROR dsdb_attribute_drsuapi_remote_to_local(const struct dsdb_syntax_ctx *ctx,
+					      enum drsuapi_DsAttributeId remote_attid_as_enum,
+					      enum drsuapi_DsAttributeId *local_attid_as_enum,
+					      const struct dsdb_attribute **_sa)
+{
+	TALLOC_CTX *frame = talloc_stackframe();
+	const struct dsdb_attribute *sa;
+	uint32_t attid_local;
+	bool ok;
+
+	if (ctx->pfm_remote == NULL) {
+		smb_panic(__location__);
+	}
+
+	switch (dsdb_pfm_get_attid_type(remote_attid_as_enum)) {
+	case DSDB_ATTID_TYPE_PFM:
+		/* map remote ATTID to local ATTID */
+		ok = dsdb_syntax_attid_from_remote_attid(ctx, frame,
+							 remote_attid_as_enum,
+							 &attid_local);
+		if (!ok) {
+			DEBUG(0,(__location__ ": Can't find local ATTID for 0x%08X\n",
+				 remote_attid_as_enum));
+			TALLOC_FREE(frame);
+			return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
+		}
+		break;
+	case DSDB_ATTID_TYPE_INTID:
+		/* use IntId value directly */
+		attid_local = remote_attid_as_enum;
+		break;
+	default:
+		/* we should never get here */
+		DEBUG(0,(__location__ ": Invalid ATTID type passed for conversion - 0x%08X\n",
+			 remote_attid_as_enum));
+		TALLOC_FREE(frame);
+		return WERR_INVALID_PARAMETER;
+	}
+
+	sa = dsdb_attribute_by_attributeID_id(ctx->schema, attid_local);
+	if (!sa) {
+		int dbg_level = ctx->schema->resolving_in_progress ? 10 : 0;
+		DEBUG(dbg_level,(__location__ ": Unknown local attributeID_id 0x%08X remote 0x%08X%s\n",
+		      attid_local, remote_attid_as_enum,
+		      ctx->schema->resolving_in_progress ? "resolving in progress" : ""));
+		TALLOC_FREE(frame);
+		return WERR_DS_ATT_NOT_DEF_IN_SCHEMA;
+	}
+
+	/*
+	 * We return the same class of attid as we were given.  That
+	 * is, we trust the remote server not to use an
+	 * msDS-IntId value in the schema partition
+	 */
+	if (local_attid_as_enum != NULL) {
+		*local_attid_as_enum = (enum drsuapi_DsAttributeId)attid_local;
+	}
+
+	if (_sa != NULL) {
+		*_sa = sa;
+	}
+
+	TALLOC_FREE(frame);
+	return WERR_OK;
+}
+
+WERROR dsdb_attribute_drsuapi_to_ldb(struct ldb_context *ldb,
+				     const struct dsdb_schema *schema,
+				     const struct dsdb_schema_prefixmap *pfm_remote,
+				     const struct drsuapi_DsReplicaAttribute *in,
+				     TALLOC_CTX *mem_ctx,
+				     struct ldb_message_element *out,
+				     enum drsuapi_DsAttributeId *local_attid_as_enum)
+{
+	struct dsdb_syntax_ctx syntax_ctx;
+	const struct dsdb_attribute *sa = NULL;
+	WERROR werr;
+
+	/* use default syntax conversion context */
+	dsdb_syntax_ctx_init(&syntax_ctx, ldb, schema);
+	syntax_ctx.pfm_remote = pfm_remote;
+
+	werr = dsdb_attribute_drsuapi_remote_to_local(&syntax_ctx,
+						      in->attid,
+						      local_attid_as_enum,
+						      &sa);
+	if (!W_ERROR_IS_OK(werr)) {
+		return werr;
+	}
+
+	return sa->syntax->drsuapi_to_ldb(&syntax_ctx, sa, in, mem_ctx, out);
+}
diff --git a/source4/dsdb/schema/tests/schema_syntax.c b/source4/dsdb/schema/tests/schema_syntax.c
new file mode 100644
index 0000000..7eba102
--- /dev/null
+++ b/source4/dsdb/schema/tests/schema_syntax.c
@@ -0,0 +1,271 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Test DSDB syntax functions
+
+   Copyright (C) Andrew Bartlet <abartlet@samba.org> 2008
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include <ldb.h>
+#include <ldb_errors.h>
+#include "lib/ldb-samba/ldif_handlers.h"
+#include "ldb_wrap.h"
+#include "dsdb/samdb/samdb.h"
+#include "param/param.h"
+#include "torture/smbtorture.h"
+#include "torture/local/proto.h"
+#include "param/provision.h"
+
+
+struct torture_dsdb_syntax {
+	struct ldb_context *ldb;
+	struct dsdb_schema *schema;
+};
+
+DATA_BLOB hexstr_to_data_blob(TALLOC_CTX *mem_ctx, const char *string) 
+{
+	DATA_BLOB binary = data_blob_talloc(mem_ctx, NULL, strlen(string)/2);
+	binary.length = strhex_to_str((char *)binary.data, binary.length, string, strlen(string));
+	return binary;
+}
+
+static bool torture_syntax_add_OR_Name(struct torture_context *tctx,
+				       struct ldb_context *ldb,
+				       struct dsdb_schema *schema)
+{
+	WERROR werr;
+	int ldb_res;
+	struct ldb_ldif *ldif;
+	const char *ldif_str =	"dn: CN=ms-Exch-Auth-Orig,CN=Schema,CN=Configuration,DC=kma-exch,DC=devel\n"
+				"changetype: add\n"
+				"cn: ms-Exch-Auth-Orig\n"
+				"attributeID: 1.2.840.113556.1.2.129\n"
+				"attributeSyntax: 2.5.5.7\n"
+				"isSingleValued: FALSE\n"
+				"linkID: 110\n"
+				"showInAdvancedViewOnly: TRUE\n"
+				"adminDisplayName: ms-Exch-Auth-Orig\n"
+				"oMObjectClass:: VgYBAgULHQ==\n"
+				"adminDescription: ms-Exch-Auth-Orig\n"
+				"oMSyntax: 127\n"
+				"searchFlags: 16\n"
+				"lDAPDisplayName: authOrig\n"
+				"name: ms-Exch-Auth-Orig\n"
+				"objectGUID:: 7tqEWktjAUqsZXqsFPQpRg==\n"
+				"schemaIDGUID:: l3PfqOrF0RG7ywCAx2ZwwA==\n"
+				"attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==\n"
+				"isMemberOfPartialAttributeSet: TRUE\n";
+
+	ldif = ldb_ldif_read_string(ldb, &ldif_str);
+	torture_assert(tctx, ldif, "Failed to parse LDIF for authOrig");
+
+	werr = dsdb_set_attribute_from_ldb(ldb, schema, ldif->msg);
+	ldb_ldif_read_free(ldb, ldif);
+	torture_assert_werr_ok(tctx, werr, "dsdb_set_attribute_from_ldb() failed!");
+
+	ldb_res = dsdb_set_schema(ldb, schema, SCHEMA_WRITE);
+	torture_assert_int_equal(tctx, ldb_res, LDB_SUCCESS, "dsdb_set_schema() failed");
+
+	return true;
+};
+
+static bool torture_test_syntax(struct torture_context *torture,
+				struct torture_dsdb_syntax *priv,
+				const char *oid,
+				const char *attr_string,
+				const char *ldb_str,
+				const char *drs_str)
+{
+	TALLOC_CTX *tmp_ctx = talloc_new(torture);
+	DATA_BLOB drs_binary = hexstr_to_data_blob(tmp_ctx, drs_str);
+	DATA_BLOB ldb_blob = data_blob_string_const(ldb_str);
+	struct drsuapi_DsReplicaAttribute drs, drs2;
+	struct drsuapi_DsAttributeValue val;
+	const struct dsdb_syntax *syntax;
+	const struct dsdb_attribute *attr;
+	struct ldb_message_element el;
+	struct ldb_context *ldb = priv->ldb;
+	struct dsdb_schema *schema = priv->schema;
+	struct dsdb_syntax_ctx syntax_ctx;
+
+	/* use default syntax conversion context */
+	dsdb_syntax_ctx_init(&syntax_ctx, ldb, schema);
+
+	drs.value_ctr.num_values = 1;
+	drs.value_ctr.values = &val;
+	val.blob = &drs_binary;
+
+	torture_assert(torture, syntax = find_syntax_map_by_standard_oid(oid), "Failed to find syntax handler");
+	torture_assert(torture, attr = dsdb_attribute_by_lDAPDisplayName(schema, attr_string), "Failed to find attribute handler");
+	torture_assert_str_equal(torture, attr->syntax->name, syntax->name, "Syntax from schema not as expected");
+	
+
+	torture_assert_werr_ok(torture, syntax->drsuapi_to_ldb(&syntax_ctx, attr, &drs, tmp_ctx, &el), "Failed to convert from DRS to ldb format");
+
+	torture_assert_data_blob_equal(torture, el.values[0], ldb_blob, "Incorrect conversion from DRS to ldb format");
+
+	torture_assert_werr_ok(torture, syntax->validate_ldb(&syntax_ctx, attr, &el), "Failed to validate ldb format");
+
+	torture_assert_werr_ok(torture, syntax->ldb_to_drsuapi(&syntax_ctx, attr, &el, tmp_ctx, &drs2), "Failed to convert from ldb to DRS format");
+	
+	torture_assert(torture, drs2.value_ctr.values[0].blob, "No blob returned from conversion");
+
+	torture_assert_data_blob_equal(torture, *drs2.value_ctr.values[0].blob, drs_binary, "Incorrect conversion from ldb to DRS format");
+	return true;
+}
+
+static bool torture_dsdb_drs_DN_BINARY(struct torture_context *torture, struct torture_dsdb_syntax *priv)
+{
+	bool ret;
+	const char *ldb_str = "B:32:A9D1CA15768811D1ADED00C04FD8D5CD:<GUID=a8378c29-6319-45b3-b216-6a3108452d6c>;CN=Users,DC=ad,DC=ruth,DC=abartlet,DC=net";
+	const char *drs_str = "8C00000000000000298C37A81963B345B2166A3108452D6C000000000000000000000000000000000000000000000000000000002900000043004E003D00550073006500720073002C00440043003D00610064002C00440043003D0072007500740068002C00440043003D00610062006100720074006C00650074002C00440043003D006E0065007400000014000000A9D1CA15768811D1ADED00C04FD8D5CD";
+	const char *ldb_str2 = "B:8:00000002:<GUID=2b475208-3180-4ad4-b6bb-a26cfb44ac50>;<SID=S-1-5-21-3686369990-3108025515-1819299124>;DC=ad,DC=ruth,DC=abartlet,DC=net";
+	const char *drs_str2 = "7A000000180000000852472B8031D44AB6BBA26CFB44AC50010400000000000515000000C68AB9DBABB440B9344D706C0000000020000000440043003D00610064002C00440043003D0072007500740068002C00440043003D00610062006100720074006C00650074002C00440043003D006E0065007400000000000800000000000002";
+	ret = torture_test_syntax(torture, priv, DSDB_SYNTAX_BINARY_DN, "wellKnownObjects", ldb_str, drs_str);
+	if (!ret) return false;
+	return torture_test_syntax(torture, priv, DSDB_SYNTAX_BINARY_DN, "msDS-HasInstantiatedNCs", ldb_str2, drs_str2);
+}
+
+static bool torture_dsdb_drs_DN(struct torture_context *torture, struct torture_dsdb_syntax *priv)
+{
+	const char *ldb_str = "<GUID=fbee08fd-6f75-4bd4-af3f-e4f063a6379e>;OU=Domain Controllers,DC=ad,DC=naomi,DC=abartlet,DC=net";
+	const char *drs_str = "A800000000000000FD08EEFB756FD44BAF3FE4F063A6379E00000000000000000000000000000000000000000000000000000000370000004F0055003D0044006F006D00610069006E00200043006F006E00740072006F006C006C006500720073002C00440043003D00610064002C00440043003D006E0061006F006D0069002C00440043003D00610062006100720074006C00650074002C00440043003D006E00650074000000";
+	if (!torture_test_syntax(torture, priv, LDB_SYNTAX_DN, "lastKnownParent", ldb_str, drs_str)) {
+		return false;
+	}
+
+	/* extended_dn with GUID and SID in it */
+	ldb_str = "<GUID=23cc7d16-3da0-4f3a-9921-0ad60a99230f>;<SID=S-1-5-21-3427639452-1671929926-2759570404-500>;CN=Administrator,CN=Users,DC=kma-exch,DC=devel";
+	drs_str = "960000001C000000167DCC23A03D3A4F99210AD60A99230F0105000000000005150000009CA04DCC46A0A763E4B37BA4F40100002E00000043004E003D00410064006D0069006E006900730074007200610074006F0072002C0043004E003D00550073006500720073002C00440043003D006B006D0061002D0065007800630068002C00440043003D0064006500760065006C000000";
+	return torture_test_syntax(torture, priv, LDB_SYNTAX_DN, "lastKnownParent", ldb_str, drs_str);
+}
+
+static bool torture_dsdb_drs_OR_Name(struct torture_context *torture, struct torture_dsdb_syntax *priv)
+{
+	const char *ldb_str = "<GUID=23cc7d16-3da0-4f3a-9921-0ad60a99230f>;<SID=S-1-5-21-3427639452-1671929926-2759570404-500>;CN=Administrator,CN=Users,DC=kma-exch,DC=devel";
+	const char *drs_str = "960000001C000000167DCC23A03D3A4F99210AD60A99230F0105000000000005150000009CA04DCC46A0A763E4B37BA4F40100002E00000043004E003D00410064006D0069006E006900730074007200610074006F0072002C0043004E003D00550073006500720073002C00440043003D006B006D0061002D0065007800630068002C00440043003D0064006500760065006C000000000004000000";
+	return torture_test_syntax(torture, priv, DSDB_SYNTAX_OR_NAME, "authOrig", ldb_str, drs_str);
+}
+
+static bool torture_dsdb_drs_INT32(struct torture_context *torture, struct torture_dsdb_syntax *priv)
+{
+	const char *ldb_str = "532480";
+	const char *drs_str = "00200800";
+	return torture_test_syntax(torture, priv, LDB_SYNTAX_INTEGER, "userAccountControl", ldb_str, drs_str);
+}
+
+static bool torture_dsdb_drs_INT64(struct torture_context *torture, struct torture_dsdb_syntax *priv)
+{
+	const char *ldb_str = "129022979538281250";
+	const char *drs_str = "22E33D5FB761CA01";
+	return torture_test_syntax(torture, priv, "1.2.840.113556.1.4.906", "pwdLastSet", ldb_str, drs_str);
+}
+
+static bool torture_dsdb_drs_NTTIME(struct torture_context *torture, struct torture_dsdb_syntax *priv)
+{
+	const char *ldb_str = "20091109003446.0Z";
+	const char *drs_str = "A6F4070103000000";
+	return torture_test_syntax(torture, priv, "1.3.6.1.4.1.1466.115.121.1.24", "whenCreated", ldb_str, drs_str);
+}
+
+static bool torture_dsdb_drs_BOOL(struct torture_context *torture, struct torture_dsdb_syntax *priv)
+{
+	const char *ldb_str = "TRUE";
+	const char *drs_str = "01000000";
+	return torture_test_syntax(torture, priv, LDB_SYNTAX_BOOLEAN, "isDeleted", ldb_str, drs_str);
+}
+
+static bool torture_dsdb_drs_UNICODE(struct torture_context *torture, struct torture_dsdb_syntax *priv)
+{
+	const char *ldb_str = "primaryTelexNumber,Numéro de télex";
+	const char *drs_str = "7000720069006D00610072007900540065006C00650078004E0075006D006200650072002C004E0075006D00E90072006F0020006400650020007400E9006C0065007800";
+	return torture_test_syntax(torture, priv, LDB_SYNTAX_DIRECTORY_STRING, "attributeDisplayNames", ldb_str, drs_str);
+}
+
+/*
+ * DSDB-SYNTAX fixture setup/teardown handlers implementation
+ */
+static bool torture_dsdb_syntax_tcase_setup(struct torture_context *tctx, void **data)
+{
+	struct torture_dsdb_syntax *priv;
+
+	priv = talloc_zero(tctx, struct torture_dsdb_syntax);
+	torture_assert(tctx, priv, "No memory");
+
+	priv->ldb = provision_get_schema(priv, tctx->lp_ctx, NULL, NULL);
+	torture_assert(tctx, priv->ldb, "Failed to load schema from disk");
+
+	priv->schema = dsdb_get_schema(priv->ldb, NULL);
+	torture_assert(tctx, priv->schema, "Failed to fetch schema");
+
+	/* add 'authOrig' attribute with OR-Name syntax to schema */
+	if (!torture_syntax_add_OR_Name(tctx, priv->ldb, priv->schema)) {
+		return false;
+	}
+
+	*data = priv;
+	return true;
+}
+
+static bool torture_dsdb_syntax_tcase_teardown(struct torture_context *tctx, void *data)
+{
+	struct torture_dsdb_syntax *priv;
+
+	priv = talloc_get_type_abort(data, struct torture_dsdb_syntax);
+	talloc_unlink(priv, priv->ldb);
+	talloc_free(priv);
+
+	return true;
+}
+
+/**
+ * DSDB-SYNTAX test suite creation
+ */
+struct torture_suite *torture_dsdb_syntax(TALLOC_CTX *mem_ctx)
+{
+	typedef bool (*pfn_run)(struct torture_context *, void *);
+
+	struct torture_tcase *tc;
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "dsdb.syntax");
+
+	if (suite == NULL) {
+		return NULL;
+	}
+
+	tc = torture_suite_add_tcase(suite, "tc");
+	if (!tc) {
+		return NULL;
+	}
+
+	torture_tcase_set_fixture(tc,
+				  torture_dsdb_syntax_tcase_setup,
+				  torture_dsdb_syntax_tcase_teardown);
+
+	torture_tcase_add_simple_test(tc, "DN-BINARY", (pfn_run)torture_dsdb_drs_DN_BINARY);
+	torture_tcase_add_simple_test(tc, "DN", (pfn_run)torture_dsdb_drs_DN);
+	torture_tcase_add_simple_test(tc, "OR-Name", (pfn_run)torture_dsdb_drs_OR_Name);
+	torture_tcase_add_simple_test(tc, "INT32", (pfn_run)torture_dsdb_drs_INT32);
+	torture_tcase_add_simple_test(tc, "INT64", (pfn_run)torture_dsdb_drs_INT64);
+	torture_tcase_add_simple_test(tc, "NTTIME", (pfn_run)torture_dsdb_drs_NTTIME);
+	torture_tcase_add_simple_test(tc, "BOOL", (pfn_run)torture_dsdb_drs_BOOL);
+	torture_tcase_add_simple_test(tc, "UNICODE", (pfn_run)torture_dsdb_drs_UNICODE);
+
+	suite->description = talloc_strdup(suite, "DSDB syntax tests");
+
+	return suite;
+}
diff --git a/source4/dsdb/tests/python/acl.py b/source4/dsdb/tests/python/acl.py
new file mode 100755
index 0000000..cc2b31c
--- /dev/null
+++ b/source4/dsdb/tests/python/acl.py
@@ -0,0 +1,5795 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+# This is unit with tests for LDAP access checks
+
+import optparse
+import sys
+import base64
+import re
+sys.path.insert(0, "bin/python")
+import samba
+
+from samba.tests import DynamicTestCase
+from samba.tests.subunitrun import SubunitOptions, TestProgram
+from samba.common import get_string
+
+import samba.getopt as options
+from samba.join import DCJoinContext
+
+from ldb import (
+    SCOPE_BASE, SCOPE_ONELEVEL, SCOPE_SUBTREE, LdbError, ERR_NO_SUCH_OBJECT,
+    ERR_UNWILLING_TO_PERFORM, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+from ldb import ERR_CONSTRAINT_VIOLATION
+from ldb import ERR_OPERATIONS_ERROR
+from ldb import Message, MessageElement, Dn
+from ldb import FLAG_MOD_REPLACE, FLAG_MOD_ADD, FLAG_MOD_DELETE
+from samba.dcerpc import security, drsuapi, misc
+
+from samba.auth import system_session
+from samba import gensec, sd_utils, werror
+from samba.samdb import SamDB
+from samba.credentials import Credentials, DONT_USE_KERBEROS
+import samba.tests
+from samba.tests import delete_force
+import samba.dsdb
+from samba.tests.password_test import PasswordCommon
+from samba.ndr import ndr_pack
+
+parser = optparse.OptionParser("acl.py [options] <host>")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+subunitopts = SubunitOptions(parser)
+parser.add_option_group(subunitopts)
+
+opts, args = parser.parse_args()
+
+if len(args) < 1:
+    parser.print_usage()
+    sys.exit(1)
+
+host = args[0]
+if "://" not in host:
+    ldaphost = "ldap://%s" % host
+else:
+    ldaphost = host
+    start = host.rindex("://")
+    host = host.lstrip(start + 3)
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
+
+#
+# Tests start here
+#
+
+
+class AclTests(samba.tests.TestCase):
+
+    def setUp(self):
+        super(AclTests, self).setUp()
+
+        strict_checking = samba.tests.env_get_var_value('STRICT_CHECKING', allow_missing=True)
+        if strict_checking is None:
+            strict_checking = '1'
+        self.strict_checking = bool(int(strict_checking))
+
+        self.ldb_admin = SamDB(ldaphost, credentials=creds, session_info=system_session(lp), lp=lp)
+        self.base_dn = self.ldb_admin.domain_dn()
+        self.domain_sid = security.dom_sid(self.ldb_admin.get_domain_sid())
+        self.user_pass = "samba123@"
+        self.configuration_dn = self.ldb_admin.get_config_basedn().get_linearized()
+        self.sd_utils = sd_utils.SDUtils(self.ldb_admin)
+        self.addCleanup(self.delete_admin_connection)
+        # used for anonymous login
+        self.creds_tmp = Credentials()
+        self.creds_tmp.set_username("")
+        self.creds_tmp.set_password("")
+        self.creds_tmp.set_domain(creds.get_domain())
+        self.creds_tmp.set_realm(creds.get_realm())
+        self.creds_tmp.set_workstation(creds.get_workstation())
+        print("baseDN: %s" % self.base_dn)
+
+        # set AttributeAuthorizationOnLDAPAdd and BlockOwnerImplicitRights
+        self.set_heuristic(samba.dsdb.DS_HR_ATTR_AUTHZ_ON_LDAP_ADD, b'11')
+
+    def set_heuristic(self, index, values):
+        self.assertGreater(index, 0)
+        self.assertLess(index, 30)
+        self.assertIsInstance(values, bytes)
+
+        # Get the old "dSHeuristics" if it was set
+        dsheuristics = self.ldb_admin.get_dsheuristics()
+        # Reset the "dSHeuristics" as they were before
+        self.addCleanup(self.ldb_admin.set_dsheuristics, dsheuristics)
+        # Set the "dSHeuristics" to activate the correct behaviour
+        default_heuristics = b"000000000100000000020000000003"
+        if dsheuristics is None:
+            dsheuristics = b""
+        dsheuristics += default_heuristics[len(dsheuristics):]
+        dsheuristics = (dsheuristics[:index - 1] +
+                        values +
+                        dsheuristics[index - 1 + len(values):])
+        self.ldb_admin.set_dsheuristics(dsheuristics)
+
+    def get_user_dn(self, name):
+        return "CN=%s,CN=Users,%s" % (name, self.base_dn)
+
+    def get_ldb_connection(self, target_username, target_password):
+        creds_tmp = Credentials()
+        creds_tmp.set_username(target_username)
+        creds_tmp.set_password(target_password)
+        creds_tmp.set_domain(creds.get_domain())
+        creds_tmp.set_realm(creds.get_realm())
+        creds_tmp.set_workstation(creds.get_workstation())
+        creds_tmp.set_gensec_features(creds_tmp.get_gensec_features()
+                                      | gensec.FEATURE_SEAL)
+        creds_tmp.set_kerberos_state(DONT_USE_KERBEROS)  # kinit is too expensive to use in a tight loop
+        ldb_target = SamDB(url=ldaphost, credentials=creds_tmp, lp=lp)
+        return ldb_target
+
+    # Test if we have any additional groups for users than default ones
+    def assert_user_no_group_member(self, username):
+        res = self.ldb_admin.search(self.base_dn, expression="(distinguishedName=%s)" % self.get_user_dn(username))
+        try:
+            self.assertEqual(res[0]["memberOf"][0], "")
+        except KeyError:
+            pass
+        else:
+            self.fail()
+
+    def delete_admin_connection(self):
+        del self.sd_utils
+        del self.ldb_admin
+
+# tests on ldap add operations
+
+
+class AclAddTests(AclTests):
+
+    def setUp(self):
+        super(AclAddTests, self).setUp()
+        # Domain admin that will be creator of OU parent-child structure
+        self.usr_admin_owner = "acl_add_user1"
+        # Second domain admin that will not be creator of OU parent-child structure
+        self.usr_admin_not_owner = "acl_add_user2"
+        # Regular user
+        self.regular_user = "acl_add_user3"
+        self.regular_user2 = "acl_add_user4"
+        self.regular_user3 = "acl_add_user5"
+        self.test_user1 = "test_add_user1"
+        self.test_user2 = "test_add_user2"
+        self.test_user3 = "test_add_user3"
+        self.test_user4 = "test_add_user4"
+        self.test_group1 = "test_add_group1"
+        self.ou1 = "OU=test_add_ou1"
+        self.ou2 = "OU=test_add_ou2,%s" % self.ou1
+        delete_force(self.ldb_admin, self.get_user_dn(self.usr_admin_owner))
+        delete_force(self.ldb_admin, self.get_user_dn(self.usr_admin_not_owner))
+        delete_force(self.ldb_admin, self.get_user_dn(self.regular_user))
+        delete_force(self.ldb_admin, self.get_user_dn(self.regular_user2))
+        self.ldb_admin.newuser(self.usr_admin_owner, self.user_pass)
+        self.ldb_admin.newuser(self.usr_admin_not_owner, self.user_pass)
+        self.ldb_admin.newuser(self.regular_user, self.user_pass)
+        self.ldb_admin.newuser(self.regular_user2, self.user_pass)
+
+        # add admins to the Domain Admins group
+        self.ldb_admin.add_remove_group_members("Domain Admins", [self.usr_admin_owner],
+                                                add_members_operation=True)
+        self.ldb_admin.add_remove_group_members("Domain Admins", [self.usr_admin_not_owner],
+                                                add_members_operation=True)
+
+        self.ldb_owner = self.get_ldb_connection(self.usr_admin_owner, self.user_pass)
+        self.ldb_notowner = self.get_ldb_connection(self.usr_admin_not_owner, self.user_pass)
+        self.ldb_user = self.get_ldb_connection(self.regular_user, self.user_pass)
+        self.ldb_user2 = self.get_ldb_connection(self.regular_user2, self.user_pass)
+
+    def tearDown(self):
+        super(AclAddTests, self).tearDown()
+        delete_force(self.ldb_admin, "CN=%s,%s,%s" %
+                     (self.test_user1, self.ou2, self.base_dn))
+        delete_force(self.ldb_admin, "CN=%s,%s,%s" %
+                     (self.test_user1, self.ou1, self.base_dn))
+        delete_force(self.ldb_admin, "CN=%s,%s,%s" %
+                     (self.test_user2, self.ou1, self.base_dn))
+        delete_force(self.ldb_admin, "CN=%s,%s,%s" %
+                     (self.test_user3, self.ou1, self.base_dn))
+        delete_force(self.ldb_admin, "CN=%s,%s,%s" %
+                     (self.test_user4, self.ou1, self.base_dn))
+        delete_force(self.ldb_admin, "CN=%s,%s,%s" %
+                     (self.test_group1, self.ou2, self.base_dn))
+        delete_force(self.ldb_admin, "CN=test_computer2,%s,%s" %
+                     (self.ou1, self.base_dn))
+        delete_force(self.ldb_admin, "CN=test_computer1,%s,%s" %
+                     (self.ou1, self.base_dn))
+        delete_force(self.ldb_admin, "%s,%s" % (self.ou2, self.base_dn))
+        delete_force(self.ldb_admin, "%s,%s" % (self.ou1, self.base_dn))
+        delete_force(self.ldb_admin, self.get_user_dn(self.usr_admin_owner))
+        delete_force(self.ldb_admin, self.get_user_dn(self.usr_admin_not_owner))
+        delete_force(self.ldb_admin, self.get_user_dn(self.regular_user))
+        delete_force(self.ldb_admin, self.get_user_dn(self.regular_user2))
+        delete_force(self.ldb_admin, self.get_user_dn("test_add_anonymous"))
+
+        del self.ldb_notowner
+        del self.ldb_owner
+        del self.ldb_user
+        del self.ldb_user2
+
+    # Make sure top OU is deleted (and so everything under it)
+    def assert_top_ou_deleted(self):
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(distinguishedName=%s,%s)" % (
+                                        "OU=test_add_ou1", self.base_dn))
+        self.assertEqual(len(res), 0)
+
+    def test_add_u1(self):
+        """Testing OU with the rights of Domain Admin not creator of the OU """
+        self.assert_top_ou_deleted()
+        # Change descriptor for top level OU
+        self.ldb_owner.create_ou("OU=test_add_ou1," + self.base_dn)
+        self.ldb_owner.create_ou("OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
+        user_sid = self.sd_utils.get_object_sid(self.get_user_dn(self.usr_admin_not_owner))
+        mod = "(D;CI;WPCC;;;%s)" % str(user_sid)
+        self.sd_utils.dacl_add_ace("OU=test_add_ou1," + self.base_dn, mod)
+        # Test user and group creation with another domain admin's credentials
+        self.ldb_notowner.newuser(self.test_user1, self.user_pass, userou=self.ou2)
+        self.ldb_notowner.newgroup("test_add_group1", groupou="OU=test_add_ou2,OU=test_add_ou1",
+                                   grouptype=samba.dsdb.GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP)
+        # Make sure we HAVE created the two objects -- user and group
+        # !!! We should not be able to do that, but however because of ACE ordering our inherited Deny ACE
+        # !!! comes after explicit (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA) that comes from somewhere
+        res = self.ldb_admin.search(self.base_dn, expression="(distinguishedName=%s,%s)" % ("CN=test_add_user1,OU=test_add_ou2,OU=test_add_ou1", self.base_dn))
+        self.assertGreater(len(res), 0)
+        res = self.ldb_admin.search(self.base_dn, expression="(distinguishedName=%s,%s)" % ("CN=test_add_group1,OU=test_add_ou2,OU=test_add_ou1", self.base_dn))
+        self.assertGreater(len(res), 0)
+
+    def test_add_u2(self):
+        """Testing OU with the regular user that has no rights granted over the OU """
+        self.assert_top_ou_deleted()
+        # Create a parent-child OU structure with domain admin credentials
+        self.ldb_owner.create_ou("OU=test_add_ou1," + self.base_dn)
+        self.ldb_owner.create_ou("OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
+        # Test user and group creation with regular user credentials
+        try:
+            self.ldb_user.newuser(self.test_user1, self.user_pass, userou=self.ou2)
+            self.ldb_user.newgroup("test_add_group1", groupou="OU=test_add_ou2,OU=test_add_ou1",
+                                   grouptype=samba.dsdb.GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP)
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+        else:
+            self.fail()
+        # Make sure we HAVEN'T created any of two objects -- user or group
+        res = self.ldb_admin.search(self.base_dn, expression="(distinguishedName=%s,%s)" % ("CN=test_add_user1,OU=test_add_ou2,OU=test_add_ou1", self.base_dn))
+        self.assertEqual(len(res), 0)
+        res = self.ldb_admin.search(self.base_dn, expression="(distinguishedName=%s,%s)" % ("CN=test_add_group1,OU=test_add_ou2,OU=test_add_ou1", self.base_dn))
+        self.assertEqual(len(res), 0)
+
+    def test_add_u3(self):
+        """Testing OU with the rights of regular user granted the right 'Create User child objects' """
+        self.assert_top_ou_deleted()
+        # Change descriptor for top level OU
+        self.ldb_owner.create_ou("OU=test_add_ou1," + self.base_dn)
+        user_sid = self.sd_utils.get_object_sid(self.get_user_dn(self.regular_user))
+        mod = "(OA;CI;CC;bf967aba-0de6-11d0-a285-00aa003049e2;;%s)" % str(user_sid)
+        self.sd_utils.dacl_add_ace("OU=test_add_ou1," + self.base_dn, mod)
+        self.ldb_owner.create_ou("OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
+        # Test user and group creation with granted user only to one of the objects
+        self.ldb_user.newuser(self.test_user1, self.user_pass, userou=self.ou2, setpassword=False)
+        try:
+            self.ldb_user.newgroup("test_add_group1", groupou="OU=test_add_ou2,OU=test_add_ou1",
+                                   grouptype=samba.dsdb.GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP)
+        except LdbError as e1:
+            (num, _) = e1.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+        else:
+            self.fail()
+        # Make sure we HAVE created the one of two objects -- user
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(distinguishedName=%s,%s)" %
+                                    ("CN=test_add_user1,OU=test_add_ou2,OU=test_add_ou1",
+                                     self.base_dn))
+        self.assertNotEqual(len(res), 0)
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(distinguishedName=%s,%s)" %
+                                    ("CN=test_add_group1,OU=test_add_ou2,OU=test_add_ou1",
+                                     self.base_dn))
+        self.assertEqual(len(res), 0)
+
+    def test_add_u4(self):
+        """ 4 Testing OU with the rights of Domain Admin creator of the OU"""
+        self.assert_top_ou_deleted()
+        self.ldb_owner.create_ou("OU=test_add_ou1," + self.base_dn)
+        self.ldb_owner.create_ou("OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
+        self.ldb_owner.newuser(self.test_user1, self.user_pass, userou=self.ou2)
+        self.ldb_owner.newgroup("test_add_group1", groupou="OU=test_add_ou2,OU=test_add_ou1",
+                                grouptype=samba.dsdb.GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP)
+        # Make sure we have successfully created the two objects -- user and group
+        res = self.ldb_admin.search(self.base_dn, expression="(distinguishedName=%s,%s)" % ("CN=test_add_user1,OU=test_add_ou2,OU=test_add_ou1", self.base_dn))
+        self.assertGreater(len(res), 0)
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(distinguishedName=%s,%s)" % ("CN=test_add_group1,OU=test_add_ou2,OU=test_add_ou1", self.base_dn))
+        self.assertGreater(len(res), 0)
+
+    def test_add_c1(self):
+        """Testing adding a computer object with the rights of regular user granted the right 'Create Computer child objects' """
+        self.assert_top_ou_deleted()
+        # Change descriptor for top level OU
+        self.ldb_owner.create_ou("OU=test_add_ou1," + self.base_dn)
+        user_sid = self.sd_utils.get_object_sid(self.get_user_dn(self.regular_user))
+        mod = f"(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})"
+        self.sd_utils.dacl_add_ace("OU=test_add_ou1," + self.base_dn, mod)
+        mod = f"(OA;CI;WP;{samba.dsdb.DS_GUID_SCHEMA_ATTR_SERVICE_PRINCIPAL_NAME};;{user_sid})"
+        self.sd_utils.dacl_add_ace("OU=test_add_ou1," + self.base_dn, mod)
+
+        # Add a computer object, specifying an explicit SD to grant WP to the creator
+        print("Test adding a user with explicit nTSecurityDescriptor")
+        wp_ace = "(A;;WP;;;%s)" % str(user_sid)
+        tmp_desc = security.descriptor.from_sddl("D:%s" % wp_ace, self.domain_sid)
+        dn = "CN=%s,OU=test_add_ou1,%s" % (self.test_user1, self.base_dn)
+        samaccountname = self.test_user1 + "$"
+        # This should fail, the user has no WD or WO
+        try:
+            self.ldb_user.add({
+                "dn": dn,
+                "objectclass": "computer",
+                "sAMAccountName": samaccountname,
+                "userAccountControl": str(samba.dsdb.UF_WORKSTATION_TRUST_ACCOUNT),
+                "servicePrincipalName": "host/" + self.test_user1,
+                "nTSecurityDescriptor": ndr_pack(tmp_desc)})
+        except LdbError as e3:
+            (num, _) = e3.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+        else:
+            self.fail()
+
+    def test_add_c2(self):
+        """Testing adding a computer object with the rights of regular user granted the right 'Create User child objects' and WO"""
+        self.assert_top_ou_deleted()
+        # Change descriptor for top level OU
+        self.ldb_owner.create_ou("OU=test_add_ou1," + self.base_dn)
+        user_sid = self.sd_utils.get_object_sid(self.get_user_dn(self.regular_user))
+        mod = f"(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})"
+        self.sd_utils.dacl_add_ace("OU=test_add_ou1," + self.base_dn, mod)
+        mod = f"(OA;CI;WP;{samba.dsdb.DS_GUID_SCHEMA_ATTR_SERVICE_PRINCIPAL_NAME};;{user_sid})"
+        self.sd_utils.dacl_add_ace("OU=test_add_ou1," + self.base_dn, mod)
+        # Grant WO, we should still not be able to specify a DACL
+        mod = "(A;CI;WO;;;%s)" % str(user_sid)
+        self.sd_utils.dacl_add_ace("OU=test_add_ou1," + self.base_dn, mod)
+        # Add a computer object, specifying an explicit SD to grant WP to the creator
+        print("Test adding a user with explicit nTSecurityDescriptor")
+        wp_ace = "(A;;WP;;;%s)" % str(user_sid)
+        tmp_desc = security.descriptor.from_sddl("D:%s" % wp_ace, self.domain_sid)
+        dn = "CN=%s,OU=test_add_ou1,%s" % (self.test_user1, self.base_dn)
+        samaccountname = self.test_user1 + "$"
+        # This should fail, the user has no WD
+        try:
+            self.ldb_user.add({
+                "dn": dn,
+                "objectclass": "computer",
+                "sAMAccountName": samaccountname,
+                "userAccountControl": str(samba.dsdb.UF_WORKSTATION_TRUST_ACCOUNT),
+                "servicePrincipalName": "host/" + self.test_user1,
+                "nTSecurityDescriptor": ndr_pack(tmp_desc)})
+        except LdbError as e3:
+            (num, _) = e3.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+        else:
+            self.fail()
+
+        # We still cannot modify the owner or group
+        sd_sddl = f"O:{user_sid}G:{user_sid}"
+        tmp_desc = security.descriptor.from_sddl(sd_sddl, self.domain_sid)
+        try:
+            self.ldb_user.add({
+                "dn": dn,
+                "objectclass": "computer",
+                "sAMAccountName": samaccountname,
+                "userAccountControl": str(samba.dsdb.UF_WORKSTATION_TRUST_ACCOUNT),
+                "servicePrincipalName": "host/" + self.test_user1,
+                "nTSecurityDescriptor": ndr_pack(tmp_desc)})
+        except LdbError as e3:
+            (num, _) = e3.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+        else:
+            self.fail()
+
+    def test_add_c3(self):
+        """Testing adding a computer object with the rights of regular user granted the right 'Create Computer child objects' and WD"""
+        self.assert_top_ou_deleted()
+        # Change descriptor for top level OU
+        self.ldb_owner.create_ou("OU=test_add_ou1," + self.base_dn)
+        user_sid = self.sd_utils.get_object_sid(self.get_user_dn(self.regular_user))
+        mod = f"(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})"
+        self.sd_utils.dacl_add_ace("OU=test_add_ou1," + self.base_dn, mod)
+        mod = f"(OA;CI;WP;{samba.dsdb.DS_GUID_SCHEMA_ATTR_SERVICE_PRINCIPAL_NAME};;{user_sid})"
+        self.sd_utils.dacl_add_ace("OU=test_add_ou1," + self.base_dn, mod)
+        # Grant WD, we should still not be able to specify a DACL
+        mod = "(A;CI;WD;;;%s)" % str(user_sid)
+        self.sd_utils.dacl_add_ace("OU=test_add_ou1," + self.base_dn, mod)
+        # Add a computer object, specifying an explicit SD to grant WP to the creator
+        print("Test adding a user with explicit nTSecurityDescriptor")
+        wp_ace = "(A;;WP;;;%s)" % str(user_sid)
+        sd_sddl = f"O:{user_sid}G:BA"
+        tmp_desc = security.descriptor.from_sddl(sd_sddl, self.domain_sid)
+        dn = "CN=%s,OU=test_add_ou1,%s" % (self.test_user1, self.base_dn)
+        samaccountname = self.test_user1 + "$"
+        # The user has no WO, but this succeeds, because WD means we skip further per-attribute checks
+        try:
+            self.ldb_user.add({
+                "dn": dn,
+                "objectclass": "computer",
+                "sAMAccountName": samaccountname,
+                "userAccountControl": str(samba.dsdb.UF_WORKSTATION_TRUST_ACCOUNT),
+                "servicePrincipalName": "host/" + self.test_user1,
+                "nTSecurityDescriptor": ndr_pack(tmp_desc)})
+        except LdbError as e3:
+            self.fail(str(e3))
+
+        # we should be able to modify the DACL
+        tmp_desc = security.descriptor.from_sddl("D:%s" % wp_ace, self.domain_sid)
+        dn = "CN=%s,OU=test_add_ou1,%s" % (self.test_user2, self.base_dn)
+        samaccountname = self.test_user2 + "$"
+        try:
+            self.ldb_user.add({
+                "dn": dn,
+                "objectclass": "computer",
+                "sAMAccountName": samaccountname,
+                "userAccountControl": str(samba.dsdb.UF_WORKSTATION_TRUST_ACCOUNT),
+                "servicePrincipalName": "host/" + self.test_user2,
+                "nTSecurityDescriptor": ndr_pack(tmp_desc)})
+        except LdbError as e3:
+            self.fail(str(e3))
+
+        # verify the ace is present
+        new_sd = self.sd_utils.get_sd_as_sddl("CN=test_add_user2,OU=test_add_ou1,%s" %
+                                              self.base_dn)
+        self.assertIn(wp_ace, new_sd)
+
+    def test_add_c4(self):
+        """Testing adding a computer object with the rights of regular user granted the right 'Create User child objects' and WDWO"""
+        self.assert_top_ou_deleted()
+        # Change descriptor for top level OU
+        self.ldb_owner.create_ou("OU=test_add_ou1," + self.base_dn)
+        user_sid = self.sd_utils.get_object_sid(self.get_user_dn(self.regular_user))
+        mod = f"(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})"
+        self.sd_utils.dacl_add_ace("OU=test_add_ou1," + self.base_dn, mod)
+        mod = f"(OA;CI;WP;{samba.dsdb.DS_GUID_SCHEMA_ATTR_SERVICE_PRINCIPAL_NAME};;{user_sid})"
+        self.sd_utils.dacl_add_ace("OU=test_add_ou1," + self.base_dn, mod)
+        # Grant WD and WO, we should be able to update the SD
+        mod = "(A;CI;WDWO;;;%s)" % str(user_sid)
+        self.sd_utils.dacl_add_ace("OU=test_add_ou1," + self.base_dn, mod)
+        # Add a computer object, specifying an explicit SD to grant WP to the creator
+        print("Test adding a user with explicit nTSecurityDescriptor")
+        wp_ace = "(A;;WP;;;%s)" % str(user_sid)
+        sd_sddl = "O:%sG:BAD:(A;;WP;;;%s)" % (str(user_sid), str(user_sid))
+        tmp_desc = security.descriptor.from_sddl(sd_sddl, self.domain_sid)
+        dn = "CN=%s,OU=test_add_ou1,%s" % (self.test_user1, self.base_dn)
+        samaccountname = self.test_user1 + "$"
+        try:
+            self.ldb_user.add({
+                "dn": dn,
+                "objectclass": "computer",
+                "sAMAccountName": samaccountname,
+                "userAccountControl": str(samba.dsdb.UF_WORKSTATION_TRUST_ACCOUNT),
+                "servicePrincipalName": "host/" + self.test_user1,
+                "nTSecurityDescriptor": ndr_pack(tmp_desc)})
+        except LdbError as e3:
+            self.fail(str(e3))
+
+        # verify the owner and group is present
+        new_sd = self.sd_utils.get_sd_as_sddl("CN=test_add_user1,OU=test_add_ou1,%s" %
+                                              self.base_dn)
+        self.assertIn(f"O:{user_sid}G:BA", new_sd)
+        self.assertIn(wp_ace, new_sd)
+
+    def test_add_c5(self):
+        """Testing adding a computer with an optional attribute """
+        self.assert_top_ou_deleted()
+        # Change descriptor for top level OU
+        self.ldb_owner.create_ou("OU=test_add_ou1," + self.base_dn)
+        user_sid = self.sd_utils.get_object_sid(self.get_user_dn(self.regular_user))
+        mod = f"(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})"
+        self.sd_utils.dacl_add_ace("OU=test_add_ou1," + self.base_dn, mod)
+        # servicePrincipalName
+        mod = f"(OA;CI;WP;{samba.dsdb.DS_GUID_SCHEMA_ATTR_SERVICE_PRINCIPAL_NAME};;{user_sid})"
+        self.sd_utils.dacl_add_ace("OU=test_add_ou1," + self.base_dn, mod)
+        dn = "CN=%s,OU=test_add_ou1,%s" % (self.test_user3, self.base_dn)
+        samaccountname = self.test_user3 + "$"
+        try:
+            self.ldb_user.add({
+                "dn": dn,
+                "objectclass": "computer",
+                "sAMAccountName": samaccountname,
+                "userAccountControl": str(samba.dsdb.UF_WORKSTATION_TRUST_ACCOUNT),
+                "servicePrincipalName": "host/" + self.test_user3,
+                "department": "Ministry of Silly Walks"})
+        except LdbError as e3:
+            (num, _) = e3.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+        else:
+            self.fail()
+
+        # grant WP for that attribute and try again
+        mod = f"(OA;CI;WP;{samba.dsdb.DS_GUID_SCHEMA_ATTR_DEPARTMENT};;{user_sid})"
+        self.sd_utils.dacl_add_ace("OU=test_add_ou1," + self.base_dn, mod)
+        try:
+            self.ldb_user.add({
+                "dn": dn,
+                "objectclass": "computer",
+                "sAMAccountName": samaccountname,
+                "userAccountControl": str(samba.dsdb.UF_WORKSTATION_TRUST_ACCOUNT),
+                "servicePrincipalName": "host/" + self.test_user3,
+                "department": "Ministry of Silly Walks"})
+        except LdbError as e3:
+            self.fail(str(e3))
+
+    def test_add_c6(self):
+        """Test creating a computer with a mandatory attribute(sAMAccountName)"""
+        self.ldb_owner.create_ou("OU=test_add_ou1," + self.base_dn)
+        user_sid = self.sd_utils.get_object_sid(self.get_user_dn(self.regular_user))
+        mod = f"(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})"
+        self.sd_utils.dacl_add_ace("OU=test_add_ou1," + self.base_dn, mod)
+        # servicePrincipalName
+        mod = f"(OA;CI;WP;{samba.dsdb.DS_GUID_SCHEMA_ATTR_SERVICE_PRINCIPAL_NAME};;{user_sid})"
+        self.sd_utils.dacl_add_ace("OU=test_add_ou1," + self.base_dn, mod)
+        # userAccountControl
+        mod = f"(OA;CI;WP;{samba.dsdb.DS_GUID_SCHEMA_ATTR_USER_ACCOUNT_CONTROL};;{user_sid})"
+        self.sd_utils.dacl_add_ace("OU=test_add_ou1," + self.base_dn, mod)
+        dn = "CN=%s,OU=test_add_ou1,%s" % (self.test_user4, self.base_dn)
+        samaccountname = self.test_user4 + "$"
+        try:
+            self.ldb_user.add({
+                "dn": dn,
+                "objectclass": "computer",
+                "sAMAccountName": samaccountname,
+                "userAccountControl": str(samba.dsdb.UF_WORKSTATION_TRUST_ACCOUNT),
+                "servicePrincipalName": "host/" + self.test_user4})
+        except LdbError as e3:
+            self.fail(str(e3))
+
+    def test_add_computer1(self):
+        """Testing Computer with the rights of regular user granted the right 'Create Computer child objects' """
+        self.assert_top_ou_deleted()
+        # Change descriptor for top level OU
+        self.ldb_owner.create_ou("OU=test_add_ou1," + self.base_dn)
+        user_sid = self.sd_utils.get_object_sid(self.get_user_dn(self.regular_user))
+        mod = f"(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})"
+        self.sd_utils.dacl_add_ace("OU=test_add_ou1," + self.base_dn, mod)
+        mod = f"(OA;CI;SW;{samba.dsdb.DS_GUID_SCHEMA_ATTR_SERVICE_PRINCIPAL_NAME};;CO)"
+        self.sd_utils.dacl_add_ace("OU=test_add_ou1," + self.base_dn, mod)
+
+        # add a Computer object with servicePrincipalName
+        # Creator-Owner has SW from the default SD
+        dn = "CN=test_computer1,OU=test_add_ou1,%s" % (self.base_dn)
+        samaccountname = "test_computer1$"
+        try:
+            self.ldb_user.add({
+                "dn": dn,
+                "objectclass": "computer",
+                "sAMAccountName": samaccountname,
+                "userAccountControl": str(samba.dsdb.UF_WORKSTATION_TRUST_ACCOUNT),
+                "servicePrincipalName": "nosuchservice/abcd/abcd"})
+        except LdbError as e3:
+            (num, _) = e3.args
+            if self.strict_checking:
+                self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+            else:
+                self.assertIn(num, (ERR_INSUFFICIENT_ACCESS_RIGHTS,
+                                    ERR_CONSTRAINT_VIOLATION))
+        else:
+            self.fail()
+
+        # Inherited Deny from the parent will not work, because of ordering rules
+        mod = f"(OD;CI;SW;{samba.dsdb.DS_GUID_SCHEMA_ATTR_SERVICE_PRINCIPAL_NAME};;{user_sid})"
+        self.sd_utils.dacl_add_ace("OU=test_add_ou1," + self.base_dn, mod)
+        try:
+            self.ldb_user.add({
+                "dn": dn,
+                "objectclass": "computer",
+                "sAMAccountName": samaccountname,
+                "userAccountControl": str(samba.dsdb.UF_WORKSTATION_TRUST_ACCOUNT),
+                "servicePrincipalName": "nosuchservice/abcd/abcd"})
+        except LdbError as e3:
+            (num, _) = e3.args
+            if self.strict_checking:
+                self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+            else:
+                self.assertIn(num, (ERR_INSUFFICIENT_ACCESS_RIGHTS,
+                                    ERR_CONSTRAINT_VIOLATION))
+        else:
+            self.fail()
+
+    def test_add_optional_attr(self):
+        '''Show that adding a computer object with an optional attribute is disallowed'''
+
+        self.assert_top_ou_deleted()
+        self.ldb_owner.create_ou(f'{self.ou1},{self.base_dn}')
+
+        user_sid = self.sd_utils.get_object_sid(
+            self.get_user_dn(self.regular_user))
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})')
+        dn = f'CN={self.test_user1},{self.ou1},{self.base_dn}'
+        account_name = f'{self.test_user1}$'
+        try:
+            self.ldb_user.add({
+                'dn': dn,
+                'objectclass': 'computer',
+                'sAMAccountName': account_name,
+                'msSFU30Name': 'foo',
+            })
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+            if self.strict_checking:
+                self.assertIn('000021CC', estr)
+        else:
+            self.fail('expected to fail')
+
+    def test_add_domain_admins(self):
+        '''Show that adding a computer object with an optional attribute is allowed if the user is a Domain Administrator'''
+
+        self.assert_top_ou_deleted()
+        self.ldb_owner.create_ou(f'{self.ou1},{self.base_dn}')
+
+        self.ldb_admin.add_remove_group_members('Domain Admins',
+                                                [self.regular_user],
+                                                add_members_operation=True)
+        ldb_domain_admin = self.get_ldb_connection(self.regular_user,
+                                                   self.user_pass)
+
+        user_sid = self.sd_utils.get_object_sid(
+            self.get_user_dn(self.regular_user))
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})')
+        dn = f'CN={self.test_user1},{self.ou1},{self.base_dn}'
+        account_name = f'{self.test_user1}$'
+        try:
+            ldb_domain_admin.add({
+                'dn': dn,
+                'objectclass': 'computer',
+                'sAMAccountName': account_name,
+                'msSFU30Name': 'foo',
+            })
+        except LdbError as err:
+            self.fail(err)
+
+    def test_add_enterprise_admins(self):
+        '''Show that adding a computer object with an optional attribute is allowed if the user is an Enterprise Administrator'''
+
+        self.assert_top_ou_deleted()
+        self.ldb_owner.create_ou(f'{self.ou1},{self.base_dn}')
+
+        self.ldb_admin.add_remove_group_members('Enterprise Admins',
+                                                [self.regular_user],
+                                                add_members_operation=True)
+        ldb_enterprise_admin = self.get_ldb_connection(self.regular_user,
+                                                       self.user_pass)
+
+        user_sid = self.sd_utils.get_object_sid(
+            self.get_user_dn(self.regular_user))
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})')
+        dn = f'CN={self.test_user1},{self.ou1},{self.base_dn}'
+        account_name = f'{self.test_user1}$'
+        try:
+            ldb_enterprise_admin.add({
+                'dn': dn,
+                'objectclass': 'computer',
+                'sAMAccountName': account_name,
+                'msSFU30Name': 'foo',
+            })
+        except LdbError as err:
+            self.fail(err)
+
+    def test_add_non_computer(self):
+        '''Show that adding a non-computer object with an optional attribute is allowed'''
+
+        self.assert_top_ou_deleted()
+        self.ldb_owner.create_ou(f'{self.ou1},{self.base_dn}')
+
+        user_sid = self.sd_utils.get_object_sid(
+            self.get_user_dn(self.regular_user))
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_USER};;{user_sid})')
+        dn = f'CN={self.test_user1},{self.ou1},{self.base_dn}'
+        account_name = self.test_user1
+        try:
+            self.ldb_user.add({
+                'dn': dn,
+                'objectclass': 'user',
+                'sAMAccountName': account_name,
+                'msSFU30Name': 'foo',
+            })
+        except LdbError as err:
+            self.fail(err)
+
+    def test_add_derived_computer(self):
+        '''Show that adding an object derived from computer with an optional attribute is disallowed'''
+
+        self.assert_top_ou_deleted()
+        self.ldb_owner.create_ou(f'{self.ou1},{self.base_dn}')
+
+        user_sid = self.sd_utils.get_object_sid(
+            self.get_user_dn(self.regular_user))
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_MANAGED_SERVICE_ACCOUNT};;{user_sid})')
+        dn = f'CN={self.test_user1},{self.ou1},{self.base_dn}'
+        account_name = f'{self.test_user1}$'
+        try:
+            self.ldb_user.add({
+                'dn': dn,
+                'objectclass': 'msDS-ManagedServiceAccount',
+                'sAMAccountName': account_name,
+                'msSFU30Name': 'foo',
+            })
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+            if self.strict_checking:
+                self.assertIn('000021CC', estr)
+        else:
+            self.fail('expected to fail')
+
+    def test_add_write_dac(self):
+        '''Show that adding a computer object with an optional attribute is allowed if the security descriptor gives WRITE_DAC access'''
+
+        self.assert_top_ou_deleted()
+        self.ldb_owner.create_ou(f'{self.ou1},{self.base_dn}')
+
+        user_sid = self.sd_utils.get_object_sid(
+            self.get_user_dn(self.regular_user))
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})')
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(A;CI;WD;;;{user_sid})')
+        dn = f'CN={self.test_user1},{self.ou1},{self.base_dn}'
+        account_name = f'{self.test_user1}$'
+        try:
+            self.ldb_user.add({
+                'dn': dn,
+                'objectclass': 'computer',
+                'sAMAccountName': account_name,
+                'msSFU30Name': 'foo',
+            })
+        except LdbError as err:
+            self.fail(err)
+
+    def test_add_system_must_contain(self):
+        '''Show that adding a computer object with only systemMustContain attributes is allowed'''
+
+        self.assert_top_ou_deleted()
+        self.ldb_owner.create_ou(f'{self.ou1},{self.base_dn}')
+
+        user_sid = self.sd_utils.get_object_sid(
+            self.get_user_dn(self.regular_user))
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})')
+        dn = f'CN={self.test_user1},{self.ou1},{self.base_dn}'
+        account_name = f'{self.test_user1}$'
+        try:
+            self.ldb_user.add({
+                'dn': dn,
+                'objectclass': 'computer',
+                'sAMAccountName': account_name,
+                'instanceType': '4',
+            })
+        except LdbError as err:
+            self.fail(err)
+
+    def test_add_system_must_contain_denied(self):
+        '''Show that adding a computer object with only systemMustContain attributes is allowed, even when explicitly denied'''
+
+        self.assert_top_ou_deleted()
+        self.ldb_owner.create_ou(f'{self.ou1},{self.base_dn}')
+
+        user_sid = self.sd_utils.get_object_sid(
+            self.get_user_dn(self.regular_user))
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})')
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(D;CI;WP;{samba.dsdb.DS_GUID_SCHEMA_ATTR_INSTANCE_TYPE};;{user_sid})')
+        dn = f'CN={self.test_user1},{self.ou1},{self.base_dn}'
+        account_name = f'{self.test_user1}$'
+        try:
+            self.ldb_user.add({
+                'dn': dn,
+                'objectclass': 'computer',
+                'sAMAccountName': account_name,
+                'instanceType': '4',
+            })
+        except LdbError as err:
+            self.fail(err)
+
+    def test_add_unicode_pwd(self):
+        '''Show that adding a computer object with a unicodePwd is allowed'''
+
+        self.assert_top_ou_deleted()
+        self.ldb_owner.create_ou(f'{self.ou1},{self.base_dn}')
+
+        user_sid = self.sd_utils.get_object_sid(
+            self.get_user_dn(self.regular_user))
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})')
+        dn = f'CN={self.test_user1},{self.ou1},{self.base_dn}'
+        account_name = f'{self.test_user1}$'
+        password = 'Secret007'
+        utf16pw = f'"{password}"'.encode('utf-16-le')
+        try:
+            self.ldb_user.add({
+                'dn': dn,
+                'objectclass': 'computer',
+                'sAMAccountName': account_name,
+                'unicodePwd': utf16pw,
+            })
+        except LdbError as err:
+            self.fail(err)
+
+    def test_add_user_password(self):
+        '''Show that adding a computer object with a userPassword is allowed'''
+
+        self.assert_top_ou_deleted()
+        self.ldb_owner.create_ou(f'{self.ou1},{self.base_dn}')
+
+        user_sid = self.sd_utils.get_object_sid(
+            self.get_user_dn(self.regular_user))
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})')
+        dn = f'CN={self.test_user1},{self.ou1},{self.base_dn}'
+        account_name = f'{self.test_user1}$'
+        password = 'Secret007'
+        try:
+            self.ldb_user.add({
+                'dn': dn,
+                'objectclass': 'computer',
+                'sAMAccountName': account_name,
+                'userPassword': password,
+            })
+        except LdbError as err:
+            self.fail(err)
+
+    def test_add_user_password_denied(self):
+        '''Show that adding a computer object with a userPassword is allowed, even when explicitly denied'''
+
+        self.assert_top_ou_deleted()
+        self.ldb_owner.create_ou(f'{self.ou1},{self.base_dn}')
+
+        user_sid = self.sd_utils.get_object_sid(
+            self.get_user_dn(self.regular_user))
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})')
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(D;CI;WP;{samba.dsdb.DS_GUID_SCHEMA_ATTR_USER_PASSWORD};;{user_sid})')
+        dn = f'CN={self.test_user1},{self.ou1},{self.base_dn}'
+        account_name = f'{self.test_user1}$'
+        password = 'Secret007'
+        try:
+            self.ldb_user.add({
+                'dn': dn,
+                'objectclass': 'computer',
+                'sAMAccountName': account_name,
+                'userPassword': password,
+            })
+        except LdbError as err:
+            self.fail(err)
+
+    def test_add_clear_text_password(self):
+        '''Show that adding a computer object with a clearTextPassword is allowed
+
+Note: this does not work on Windows.'''
+
+        self.assert_top_ou_deleted()
+        self.ldb_owner.create_ou(f'{self.ou1},{self.base_dn}')
+
+        user_sid = self.sd_utils.get_object_sid(
+            self.get_user_dn(self.regular_user))
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})')
+        dn = f'CN={self.test_user1},{self.ou1},{self.base_dn}'
+        account_name = f'{self.test_user1}$'
+        password = 'Secret007'.encode('utf-16-le')
+        try:
+            self.ldb_user.add({
+                'dn': dn,
+                'objectclass': 'computer',
+                'sAMAccountName': account_name,
+                'clearTextPassword': password,
+            })
+        except LdbError as err:
+            self.fail(err)
+
+    def test_add_disallowed_attr(self):
+        '''Show that adding a computer object with a denied attribute is disallowed'''
+
+        self.assert_top_ou_deleted()
+        self.ldb_owner.create_ou(f'{self.ou1},{self.base_dn}')
+
+        user_sid = self.sd_utils.get_object_sid(
+            self.get_user_dn(self.regular_user))
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})')
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(D;CI;WP;{samba.dsdb.DS_GUID_SCHEMA_ATTR_MS_SFU_30};;{user_sid})')
+        dn = f'CN={self.test_user1},{self.ou1},{self.base_dn}'
+        account_name = f'{self.test_user1}$'
+        try:
+            self.ldb_user.add({
+                'dn': dn,
+                'objectclass': 'computer',
+                'sAMAccountName': account_name,
+                'msSFU30Name': 'foo',
+            })
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+            if self.strict_checking:
+                self.assertIn('000021CC', estr)
+        else:
+            self.fail('expected to fail')
+
+    def test_add_allowed_attr(self):
+        '''Show that adding a computer object with an allowed attribute is allowed'''
+
+        self.assert_top_ou_deleted()
+        self.ldb_owner.create_ou(f'{self.ou1},{self.base_dn}')
+
+        user_sid = self.sd_utils.get_object_sid(
+            self.get_user_dn(self.regular_user))
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})')
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(OA;CI;WP;{samba.dsdb.DS_GUID_SCHEMA_ATTR_MS_SFU_30};;{user_sid})')
+        dn = f'CN={self.test_user1},{self.ou1},{self.base_dn}'
+        account_name = f'{self.test_user1}$'
+        try:
+            self.ldb_user.add({
+                'dn': dn,
+                'objectclass': 'computer',
+                'sAMAccountName': account_name,
+                'msSFU30Name': 'foo',
+            })
+        except LdbError as err:
+            self.fail(err)
+
+    def test_add_optional_attr_heuristic_0(self):
+        '''Show that adding a computer object with an optional attribute is allowed when AttributeAuthorizationOnLDAPAdd == 0'''
+
+        self.assert_top_ou_deleted()
+        self.ldb_owner.create_ou(f'{self.ou1},{self.base_dn}')
+
+        self.set_heuristic(samba.dsdb.DS_HR_ATTR_AUTHZ_ON_LDAP_ADD, b'0')
+
+        user_sid = self.sd_utils.get_object_sid(
+            self.get_user_dn(self.regular_user))
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})')
+        dn = f'CN={self.test_user1},{self.ou1},{self.base_dn}'
+        account_name = f'{self.test_user1}$'
+        try:
+            self.ldb_user.add({
+                'dn': dn,
+                'objectclass': 'computer',
+                'sAMAccountName': account_name,
+                'msSFU30Name': 'foo',
+            })
+        except LdbError as err:
+            self.fail(err)
+
+    def test_add_optional_attr_heuristic_2(self):
+        '''Show that adding a computer object with an optional attribute is allowed when AttributeAuthorizationOnLDAPAdd == 2'''
+
+        self.assert_top_ou_deleted()
+        self.ldb_owner.create_ou(f'{self.ou1},{self.base_dn}')
+
+        self.set_heuristic(samba.dsdb.DS_HR_ATTR_AUTHZ_ON_LDAP_ADD, b'2')
+
+        user_sid = self.sd_utils.get_object_sid(
+            self.get_user_dn(self.regular_user))
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})')
+        dn = f'CN={self.test_user1},{self.ou1},{self.base_dn}'
+        account_name = f'{self.test_user1}$'
+        try:
+            self.ldb_user.add({
+                'dn': dn,
+                'objectclass': 'computer',
+                'sAMAccountName': account_name,
+                'msSFU30Name': 'foo',
+            })
+        except LdbError as err:
+            self.fail(err)
+
+    def test_add_security_descriptor_implicit_right(self):
+        '''Show that adding a computer object with a security descriptor is allowed when BlockOwnerImplicitRights != 1'''
+
+        self.assert_top_ou_deleted()
+        self.ldb_owner.create_ou(f'{self.ou1},{self.base_dn}')
+
+        self.set_heuristic(samba.dsdb.DS_HR_BLOCK_OWNER_IMPLICIT_RIGHTS, b'0')
+
+        user_sid = self.sd_utils.get_object_sid(
+            self.get_user_dn(self.regular_user))
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})')
+        dn = f'CN={self.test_user1},{self.ou1},{self.base_dn}'
+        account_name = f'{self.test_user1}$'
+        sd_sddl = f'O:{user_sid}G:{user_sid}'
+        tmp_desc = security.descriptor.from_sddl(sd_sddl, self.domain_sid)
+        try:
+            self.ldb_user.add({
+                'dn': dn,
+                'objectclass': 'computer',
+                'sAMAccountName': account_name,
+                'ntSecurityDescriptor': ndr_pack(tmp_desc),
+            })
+        except LdbError as err:
+            self.fail(err)
+
+    def test_add_security_descriptor_implicit_right_optional_attr(self):
+        '''Show that adding a computer object with a security descriptor and an optional attribute is disallowed when BlockOwnerImplicitRights != 1'''
+
+        self.assert_top_ou_deleted()
+        self.ldb_owner.create_ou(f'{self.ou1},{self.base_dn}')
+
+        self.set_heuristic(samba.dsdb.DS_HR_BLOCK_OWNER_IMPLICIT_RIGHTS, b'0')
+
+        user_sid = self.sd_utils.get_object_sid(
+            self.get_user_dn(self.regular_user))
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})')
+        dn = f'CN={self.test_user1},{self.ou1},{self.base_dn}'
+        account_name = f'{self.test_user1}$'
+        sd_sddl = f'O:{user_sid}G:{user_sid}'
+        tmp_desc = security.descriptor.from_sddl(sd_sddl, self.domain_sid)
+        try:
+            self.ldb_user.add({
+                'dn': dn,
+                'objectclass': 'computer',
+                'sAMAccountName': account_name,
+                'msSFU30Name': 'foo',
+                'ntSecurityDescriptor': ndr_pack(tmp_desc),
+            })
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+            if self.strict_checking:
+                self.assertIn('000021CC', estr)
+        else:
+            self.fail('expected to fail')
+
+    def test_add_security_descriptor_explicit_right(self):
+        '''Show that a computer object with a security descriptor can be added if BlockOwnerImplicitRights == 1 and WRITE_DAC is granted'''
+
+        self.assert_top_ou_deleted()
+        self.ldb_owner.create_ou(f'{self.ou1},{self.base_dn}')
+
+        self.set_heuristic(samba.dsdb.DS_HR_BLOCK_OWNER_IMPLICIT_RIGHTS, b'1')
+
+        user_sid = self.sd_utils.get_object_sid(
+            self.get_user_dn(self.regular_user))
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})')
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(A;CI;WD;;;{user_sid})')
+        dn = f'CN={self.test_user1},{self.ou1},{self.base_dn}'
+        account_name = f'{self.test_user1}$'
+        sd_sddl = (f'O:{user_sid}G:{user_sid}'
+                   f'D:(A;;WP;;;{user_sid})')
+        tmp_desc = security.descriptor.from_sddl(sd_sddl, self.domain_sid)
+        try:
+            self.ldb_user.add({
+                'dn': dn,
+                'objectclass': 'computer',
+                'sAMAccountName': account_name,
+                'ntSecurityDescriptor': ndr_pack(tmp_desc),
+            })
+        except LdbError as err:
+            self.fail(err)
+
+    def test_add_security_descriptor_explicit_right_no_owner_disallow(self):
+        '''Show that a computer object with a security descriptor can be added if BlockOwnerImplicitRights == 1, WRITE_DAC is granted, and WRITE_OWNER is denied'''
+
+        self.assert_top_ou_deleted()
+        self.ldb_owner.create_ou(f'{self.ou1},{self.base_dn}')
+
+        self.set_heuristic(samba.dsdb.DS_HR_BLOCK_OWNER_IMPLICIT_RIGHTS, b'1')
+
+        user_sid = self.sd_utils.get_object_sid(
+            self.get_user_dn(self.regular_user))
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})')
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(A;CI;WD;;;{user_sid})')
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(D;CI;WO;;;{user_sid})')
+        dn = f'CN={self.test_user1},{self.ou1},{self.base_dn}'
+        account_name = f'{self.test_user1}$'
+        sd_sddl = f'D:(A;;WP;;;{user_sid})'
+        tmp_desc = security.descriptor.from_sddl(sd_sddl, self.domain_sid)
+        try:
+            self.ldb_user.add({
+                'dn': dn,
+                'objectclass': 'computer',
+                'sAMAccountName': account_name,
+                'ntSecurityDescriptor': ndr_pack(tmp_desc),
+            })
+        except LdbError as err:
+            self.fail(err)
+
+    def test_add_security_descriptor_explicit_right_owner_disallow(self):
+        '''Show that a computer object with a security descriptor containing an owner and group can be added if BlockOwnerImplicitRights == 1, WRITE_DAC is granted, and WRITE_OWNER is denied'''
+
+        self.assert_top_ou_deleted()
+        self.ldb_owner.create_ou(f'{self.ou1},{self.base_dn}')
+
+        self.set_heuristic(samba.dsdb.DS_HR_BLOCK_OWNER_IMPLICIT_RIGHTS, b'1')
+
+        user_sid = self.sd_utils.get_object_sid(
+            self.get_user_dn(self.regular_user))
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})')
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(A;CI;WD;;;{user_sid})')
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(D;CI;WO;;;{user_sid})')
+        dn = f'CN={self.test_user1},{self.ou1},{self.base_dn}'
+        account_name = f'{self.test_user1}$'
+        sd_sddl = (f'O:{user_sid}G:{user_sid}'
+                   f'D:(A;;WP;;;{user_sid})')
+        tmp_desc = security.descriptor.from_sddl(sd_sddl, self.domain_sid)
+        try:
+            self.ldb_user.add({
+                'dn': dn,
+                'objectclass': 'computer',
+                'sAMAccountName': account_name,
+                'ntSecurityDescriptor': ndr_pack(tmp_desc),
+            })
+        except LdbError as err:
+            self.fail(err)
+
+    def test_add_security_descriptor_explicit_right_sacl(self):
+        '''Show that adding a computer object with a security descriptor containing a SACL is disallowed if BlockOwnerImplicitRights == 1 and WRITE_DAC is granted'''
+
+        self.assert_top_ou_deleted()
+        self.ldb_owner.create_ou(f'{self.ou1},{self.base_dn}')
+
+        self.set_heuristic(samba.dsdb.DS_HR_BLOCK_OWNER_IMPLICIT_RIGHTS, b'1')
+
+        user_sid = self.sd_utils.get_object_sid(
+            self.get_user_dn(self.regular_user))
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})')
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(A;CI;WD;;;{user_sid})')
+        dn = f'CN={self.test_user1},{self.ou1},{self.base_dn}'
+        account_name = f'{self.test_user1}$'
+        sd_sddl = (f'O:{user_sid}G:{user_sid}'
+                   f'D:(A;;WP;;;{user_sid})S:(A;;WP;;;{user_sid})')
+        tmp_desc = security.descriptor.from_sddl(sd_sddl, self.domain_sid)
+        try:
+            self.ldb_user.add({
+                'dn': dn,
+                'objectclass': 'computer',
+                'sAMAccountName': account_name,
+                'ntSecurityDescriptor': ndr_pack(tmp_desc),
+            })
+        except LdbError as err:
+            num, estr = err.args
+            if self.strict_checking:
+                self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+                self.assertIn(f'{werror.WERR_PRIVILEGE_NOT_HELD:08X}', estr)
+            else:
+                self.assertIn(num, (ERR_CONSTRAINT_VIOLATION,
+                                    ERR_INSUFFICIENT_ACCESS_RIGHTS))
+        else:
+            self.fail('expected to fail')
+
+    def test_add_security_descriptor_explicit_right_owner_not_us(self):
+        '''Show that adding a computer object with a security descriptor owned by another is disallowed if BlockOwnerImplicitRights == 1 and WRITE_DAC is granted'''
+
+        self.assert_top_ou_deleted()
+        self.ldb_owner.create_ou(f'{self.ou1},{self.base_dn}')
+
+        self.set_heuristic(samba.dsdb.DS_HR_BLOCK_OWNER_IMPLICIT_RIGHTS, b'1')
+
+        user_sid = self.sd_utils.get_object_sid(
+            self.get_user_dn(self.regular_user))
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})')
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(A;CI;WD;;;{user_sid})')
+        dn = f'CN={self.test_user1},{self.ou1},{self.base_dn}'
+        account_name = f'{self.test_user1}$'
+        sd_sddl = 'O:BA'
+        tmp_desc = security.descriptor.from_sddl(sd_sddl, self.domain_sid)
+        try:
+            self.ldb_user.add({
+                'dn': dn,
+                'objectclass': 'computer',
+                'sAMAccountName': account_name,
+                'ntSecurityDescriptor': ndr_pack(tmp_desc),
+            })
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+            self.assertIn(f'{werror.WERR_INVALID_OWNER:08X}', estr)
+        else:
+            self.fail('expected to fail')
+
+    def test_add_security_descriptor_explicit_right_owner_not_us_admin(self):
+        '''Show that adding a computer object with a security descriptor owned by another is allowed if BlockOwnerImplicitRights == 1, WRITE_DAC is granted, and we are in Domain Admins'''
+
+        self.assert_top_ou_deleted()
+        self.ldb_owner.create_ou(f'{self.ou1},{self.base_dn}')
+
+        self.set_heuristic(samba.dsdb.DS_HR_BLOCK_OWNER_IMPLICIT_RIGHTS, b'1')
+
+        user_sid = self.sd_utils.get_object_sid(
+            self.get_user_dn(self.regular_user))
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})')
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(A;CI;WD;;;{user_sid})')
+        dn = f'CN={self.test_user1},{self.ou1},{self.base_dn}'
+        account_name = f'{self.test_user1}$'
+        sd_sddl = 'O:BA'
+        tmp_desc = security.descriptor.from_sddl(sd_sddl, self.domain_sid)
+        try:
+            self.ldb_admin.add({
+                'dn': dn,
+                'objectclass': 'computer',
+                'sAMAccountName': account_name,
+                'ntSecurityDescriptor': ndr_pack(tmp_desc),
+            })
+        except LdbError as err:
+            self.fail(err)
+
+    def test_add_no_implicit_right(self):
+        '''Show that adding a computer object without a security descriptor is allowed when BlockOwnerImplicitRights == 1'''
+
+        self.assert_top_ou_deleted()
+        self.ldb_owner.create_ou(f'{self.ou1},{self.base_dn}')
+
+        self.set_heuristic(samba.dsdb.DS_HR_BLOCK_OWNER_IMPLICIT_RIGHTS, b'1')
+
+        user_sid = self.sd_utils.get_object_sid(
+            self.get_user_dn(self.regular_user))
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})')
+        dn = f'CN={self.test_user1},{self.ou1},{self.base_dn}'
+        account_name = f'{self.test_user1}$'
+        try:
+            self.ldb_user.add({
+                'dn': dn,
+                'objectclass': 'computer',
+                'sAMAccountName': account_name,
+            })
+        except LdbError as err:
+            self.fail(err)
+
+    def test_add_security_descriptor_owner(self):
+        '''Show that adding a computer object with a security descriptor containing an owner is disallowed when BlockOwnerImplicitRights == 1'''
+
+        self.assert_top_ou_deleted()
+        self.ldb_owner.create_ou(f'{self.ou1},{self.base_dn}')
+
+        self.set_heuristic(samba.dsdb.DS_HR_BLOCK_OWNER_IMPLICIT_RIGHTS, b'1')
+
+        user_sid = self.sd_utils.get_object_sid(
+            self.get_user_dn(self.regular_user))
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})')
+        dn = f'CN={self.test_user1},{self.ou1},{self.base_dn}'
+        account_name = f'{self.test_user1}$'
+        sd_sddl = f'O:{user_sid}'
+        tmp_desc = security.descriptor.from_sddl(sd_sddl, self.domain_sid)
+        try:
+            self.ldb_user.add({
+                'dn': dn,
+                'objectclass': 'computer',
+                'sAMAccountName': account_name,
+                'ntSecurityDescriptor': ndr_pack(tmp_desc),
+            })
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+            if self.strict_checking:
+                self.assertIn('000021CC', estr)
+        else:
+            self.fail('expected to fail')
+
+    def test_add_security_descriptor_owner_implicit(self):
+        '''Show that adding a computer object with a security descriptor containing an owner is disallowed when BlockOwnerImplicitRights == 1, even when we are the owner of the OU security descriptor'''
+
+        self.assert_top_ou_deleted()
+        self.ldb_owner.create_ou(f'{self.ou1},{self.base_dn}')
+
+        self.set_heuristic(samba.dsdb.DS_HR_BLOCK_OWNER_IMPLICIT_RIGHTS, b'1')
+
+        user_sid = self.sd_utils.get_object_sid(
+            self.get_user_dn(self.regular_user))
+
+        ou_controls = [
+            f'sd_flags:1:{security.SECINFO_OWNER|security.SECINFO_DACL}']
+        ou_sddl = (f'O:{user_sid}'
+                   f'D:(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})')
+        ou_desc = security.descriptor.from_sddl(ou_sddl, self.domain_sid)
+        self.sd_utils.modify_sd_on_dn(f'{self.ou1},{self.base_dn}', ou_desc,
+                                      controls=ou_controls)
+
+        dn = f'CN={self.test_user1},{self.ou1},{self.base_dn}'
+        account_name = f'{self.test_user1}$'
+        sd_sddl = f'O:{user_sid}'
+        tmp_desc = security.descriptor.from_sddl(sd_sddl, self.domain_sid)
+        try:
+            self.ldb_user.add({
+                'dn': dn,
+                'objectclass': 'computer',
+                'sAMAccountName': account_name,
+                'ntSecurityDescriptor': ndr_pack(tmp_desc),
+            })
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+            if self.strict_checking:
+                self.assertIn('000021CC', estr)
+        else:
+            self.fail('expected to fail')
+
+    def test_add_security_descriptor_owner_explicit_right(self):
+        '''Show that adding a computer object with a security descriptor containing an owner is disallowed when BlockOwnerImplicitRights == 1, even with WO'''
+
+        self.assert_top_ou_deleted()
+        self.ldb_owner.create_ou(f'{self.ou1},{self.base_dn}')
+
+        self.set_heuristic(samba.dsdb.DS_HR_BLOCK_OWNER_IMPLICIT_RIGHTS, b'1')
+
+        user_sid = self.sd_utils.get_object_sid(
+            self.get_user_dn(self.regular_user))
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})')
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(A;CI;WO;;;{user_sid})')
+        dn = f'CN={self.test_user1},{self.ou1},{self.base_dn}'
+        account_name = f'{self.test_user1}$'
+        sd_sddl = f'O:{user_sid}'
+        tmp_desc = security.descriptor.from_sddl(sd_sddl, self.domain_sid)
+        try:
+            self.ldb_user.add({
+                'dn': dn,
+                'objectclass': 'computer',
+                'sAMAccountName': account_name,
+                'ntSecurityDescriptor': ndr_pack(tmp_desc),
+            })
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+            if self.strict_checking:
+                self.assertIn('000021CC', estr)
+        else:
+            self.fail('expected to fail')
+
+    def test_add_security_descriptor_group(self):
+        '''Show that adding a computer object with a security descriptor containing an group is disallowed when BlockOwnerImplicitRights == 1'''
+
+        self.assert_top_ou_deleted()
+        self.ldb_owner.create_ou(f'{self.ou1},{self.base_dn}')
+
+        self.set_heuristic(samba.dsdb.DS_HR_BLOCK_OWNER_IMPLICIT_RIGHTS, b'1')
+
+        user_sid = self.sd_utils.get_object_sid(
+            self.get_user_dn(self.regular_user))
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})')
+        dn = f'CN={self.test_user1},{self.ou1},{self.base_dn}'
+        account_name = f'{self.test_user1}$'
+        sd_sddl = f'G:{user_sid}'
+        tmp_desc = security.descriptor.from_sddl(sd_sddl, self.domain_sid)
+        try:
+            self.ldb_user.add({
+                'dn': dn,
+                'objectclass': 'computer',
+                'sAMAccountName': account_name,
+                'ntSecurityDescriptor': ndr_pack(tmp_desc),
+            })
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+            if self.strict_checking:
+                self.assertIn('000021CC', estr)
+        else:
+            self.fail('expected to fail')
+
+    def test_add_security_descriptor_group_explicit_right(self):
+        '''Show that adding a computer object with a security descriptor containing an group is disallowed when BlockOwnerImplicitRights == 1, even with WO'''
+
+        self.assert_top_ou_deleted()
+        self.ldb_owner.create_ou(f'{self.ou1},{self.base_dn}')
+
+        self.set_heuristic(samba.dsdb.DS_HR_BLOCK_OWNER_IMPLICIT_RIGHTS, b'1')
+
+        user_sid = self.sd_utils.get_object_sid(
+            self.get_user_dn(self.regular_user))
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})')
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(A;CI;WO;;;{user_sid})')
+        dn = f'CN={self.test_user1},{self.ou1},{self.base_dn}'
+        account_name = f'{self.test_user1}$'
+        sd_sddl = f'G:{user_sid}'
+        tmp_desc = security.descriptor.from_sddl(sd_sddl, self.domain_sid)
+        try:
+            self.ldb_user.add({
+                'dn': dn,
+                'objectclass': 'computer',
+                'sAMAccountName': account_name,
+                'ntSecurityDescriptor': ndr_pack(tmp_desc),
+            })
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+            if self.strict_checking:
+                self.assertIn('000021CC', estr)
+        else:
+            self.fail('expected to fail')
+
+    def test_add_security_descriptor_group_implicit(self):
+        '''Show that adding a computer object with a security descriptor containing an group is disallowed when BlockOwnerImplicitRights == 1, even when we are the owner of the OU security descriptor'''
+
+        self.assert_top_ou_deleted()
+        self.ldb_owner.create_ou(f'{self.ou1},{self.base_dn}')
+
+        self.set_heuristic(samba.dsdb.DS_HR_BLOCK_OWNER_IMPLICIT_RIGHTS, b'1')
+
+        user_sid = self.sd_utils.get_object_sid(
+            self.get_user_dn(self.regular_user))
+
+        ou_controls = [
+            f'sd_flags:1:{security.SECINFO_OWNER|security.SECINFO_DACL}']
+        ou_sddl = (f'O:{user_sid}'
+                   f'D:(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})')
+        ou_desc = security.descriptor.from_sddl(ou_sddl, self.domain_sid)
+        self.sd_utils.modify_sd_on_dn(f'{self.ou1},{self.base_dn}', ou_desc,
+                                      controls=ou_controls)
+
+        dn = f'CN={self.test_user1},{self.ou1},{self.base_dn}'
+        account_name = f'{self.test_user1}$'
+        sd_sddl = f'G:{user_sid}'
+        tmp_desc = security.descriptor.from_sddl(sd_sddl, self.domain_sid)
+        try:
+            self.ldb_user.add({
+                'dn': dn,
+                'objectclass': 'computer',
+                'sAMAccountName': account_name,
+                'ntSecurityDescriptor': ndr_pack(tmp_desc),
+            })
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+            if self.strict_checking:
+                self.assertIn('000021CC', estr)
+        else:
+            self.fail('expected to fail')
+
+    def test_add_security_descriptor_dacl(self):
+        '''Show that adding a computer object with a security descriptor containing a DACL is disallowed when BlockOwnerImplicitRights == 1'''
+
+        self.assert_top_ou_deleted()
+        self.ldb_owner.create_ou(f'{self.ou1},{self.base_dn}')
+
+        self.set_heuristic(samba.dsdb.DS_HR_BLOCK_OWNER_IMPLICIT_RIGHTS, b'1')
+
+        user_sid = self.sd_utils.get_object_sid(
+            self.get_user_dn(self.regular_user))
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})')
+        dn = f'CN={self.test_user1},{self.ou1},{self.base_dn}'
+        account_name = f'{self.test_user1}$'
+        sd_sddl = f'D:(A;;WP;;;{user_sid})'
+        tmp_desc = security.descriptor.from_sddl(sd_sddl, self.domain_sid)
+        try:
+            self.ldb_user.add({
+                'dn': dn,
+                'objectclass': 'computer',
+                'sAMAccountName': account_name,
+                'ntSecurityDescriptor': ndr_pack(tmp_desc),
+            })
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+            if self.strict_checking:
+                self.assertIn('000021CC', estr)
+        else:
+            self.fail('expected to fail')
+
+    def test_add_security_descriptor_dacl_implicit(self):
+        '''Show that adding a computer object with a security descriptor containing a DACL is disallowed when BlockOwnerImplicitRights == 1, even when we are the owner of the OU security descriptor'''
+
+        self.assert_top_ou_deleted()
+        self.ldb_owner.create_ou(f'{self.ou1},{self.base_dn}')
+
+        self.set_heuristic(samba.dsdb.DS_HR_BLOCK_OWNER_IMPLICIT_RIGHTS, b'1')
+
+        user_sid = self.sd_utils.get_object_sid(
+            self.get_user_dn(self.regular_user))
+
+        ou_controls = [
+            f'sd_flags:1:{security.SECINFO_OWNER|security.SECINFO_DACL}']
+        ou_sddl = (f'O:{user_sid}'
+                   f'D:(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})')
+        ou_desc = security.descriptor.from_sddl(ou_sddl, self.domain_sid)
+        self.sd_utils.modify_sd_on_dn(f'{self.ou1},{self.base_dn}', ou_desc,
+                                      controls=ou_controls)
+
+        dn = f'CN={self.test_user1},{self.ou1},{self.base_dn}'
+        account_name = f'{self.test_user1}$'
+        sd_sddl = f'D:(A;;WP;;;{user_sid})'
+        tmp_desc = security.descriptor.from_sddl(sd_sddl, self.domain_sid)
+        try:
+            self.ldb_user.add({
+                'dn': dn,
+                'objectclass': 'computer',
+                'sAMAccountName': account_name,
+                'ntSecurityDescriptor': ndr_pack(tmp_desc),
+            })
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+            if self.strict_checking:
+                self.assertIn('000021CC', estr)
+        else:
+            self.fail('expected to fail')
+
+    def test_add_security_descriptor_sacl(self):
+        '''Show that adding a computer object with a security descriptor containing a SACL is disallowed when BlockOwnerImplicitRights == 1'''
+
+        self.assert_top_ou_deleted()
+        self.ldb_owner.create_ou(f'{self.ou1},{self.base_dn}')
+
+        self.set_heuristic(samba.dsdb.DS_HR_BLOCK_OWNER_IMPLICIT_RIGHTS, b'1')
+
+        user_sid = self.sd_utils.get_object_sid(
+            self.get_user_dn(self.regular_user))
+        self.sd_utils.dacl_add_ace(
+            f'{self.ou1},{self.base_dn}',
+            f'(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})')
+        dn = f'CN={self.test_user1},{self.ou1},{self.base_dn}'
+        account_name = f'{self.test_user1}$'
+        sd_sddl = f'S:(A;;WP;;;{user_sid})'
+        tmp_desc = security.descriptor.from_sddl(sd_sddl, self.domain_sid)
+        try:
+            self.ldb_user.add({
+                'dn': dn,
+                'objectclass': 'computer',
+                'sAMAccountName': account_name,
+                'ntSecurityDescriptor': ndr_pack(tmp_desc),
+            })
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+            if self.strict_checking:
+                self.assertIn('000021CC', estr)
+        else:
+            self.fail('expected to fail')
+
+    def test_add_security_descriptor_empty(self):
+        '''Show that adding a computer object with an empty security descriptor is disallowed when BlockOwnerImplicitRights == 1, even when we are the owner of the OU security descriptor'''
+
+        self.assert_top_ou_deleted()
+        self.ldb_owner.create_ou(f'{self.ou1},{self.base_dn}')
+
+        self.set_heuristic(samba.dsdb.DS_HR_BLOCK_OWNER_IMPLICIT_RIGHTS, b'1')
+
+        user_sid = self.sd_utils.get_object_sid(
+            self.get_user_dn(self.regular_user))
+
+        ou_controls = [
+            f'sd_flags:1:{security.SECINFO_OWNER|security.SECINFO_DACL}']
+        ou_sddl = (f'O:{user_sid}'
+                   f'D:(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})')
+        ou_desc = security.descriptor.from_sddl(ou_sddl, self.domain_sid)
+        self.sd_utils.modify_sd_on_dn(f'{self.ou1},{self.base_dn}', ou_desc,
+                                      controls=ou_controls)
+
+        dn = f'CN={self.test_user1},{self.ou1},{self.base_dn}'
+        account_name = f'{self.test_user1}$'
+        tmp_desc = security.descriptor.from_sddl('', self.domain_sid)
+        try:
+            self.ldb_user.add({
+                'dn': dn,
+                'objectclass': 'computer',
+                'sAMAccountName': account_name,
+                'ntSecurityDescriptor': ndr_pack(tmp_desc),
+            })
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+            if self.strict_checking:
+                self.assertIn('000021CC', estr)
+        else:
+            self.fail('expected to fail')
+
+    def test_add_anonymous(self):
+        """Test add operation with anonymous user"""
+        anonymous = SamDB(url=ldaphost, credentials=self.creds_tmp, lp=lp)
+        try:
+            anonymous.newuser("test_add_anonymous", self.user_pass)
+        except LdbError as e2:
+            (num, _) = e2.args
+            self.assertEqual(num, ERR_OPERATIONS_ERROR)
+        else:
+            self.fail()
+
+# tests on ldap modify operations
+
+
+class AclModifyTests(AclTests):
+
+    def setUp(self):
+        super(AclModifyTests, self).setUp()
+        self.user_with_wp = "acl_mod_user1"
+        self.user_with_sm = "acl_mod_user2"
+        self.user_with_group_sm = "acl_mod_user3"
+        self.ldb_admin.newuser(self.user_with_wp, self.user_pass)
+        self.ldb_admin.newuser(self.user_with_sm, self.user_pass)
+        self.ldb_admin.newuser(self.user_with_group_sm, self.user_pass)
+        self.ldb_user = self.get_ldb_connection(self.user_with_wp, self.user_pass)
+        self.ldb_user2 = self.get_ldb_connection(self.user_with_sm, self.user_pass)
+        self.ldb_user3 = self.get_ldb_connection(self.user_with_group_sm, self.user_pass)
+        self.user_sid = self.sd_utils.get_object_sid(self.get_user_dn(self.user_with_wp))
+        self.ldb_admin.newgroup("test_modify_group2", grouptype=samba.dsdb.GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP)
+        self.ldb_admin.newgroup("test_modify_group3", grouptype=samba.dsdb.GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP)
+        self.ldb_admin.newuser("test_modify_user2", self.user_pass)
+
+    def tearDown(self):
+        super(AclModifyTests, self).tearDown()
+        delete_force(self.ldb_admin, self.get_user_dn("test_modify_user1"))
+        delete_force(self.ldb_admin, "CN=test_modify_group1,CN=Users," + self.base_dn)
+        delete_force(self.ldb_admin, "CN=test_modify_group2,CN=Users," + self.base_dn)
+        delete_force(self.ldb_admin, "CN=test_modify_group3,CN=Users," + self.base_dn)
+        delete_force(self.ldb_admin, "CN=test_mod_hostname,OU=test_modify_ou1," + self.base_dn)
+        delete_force(self.ldb_admin, "CN=test_modify_ou1_user,OU=test_modify_ou1," + self.base_dn)
+        delete_force(self.ldb_admin, "OU=test_modify_ou1," + self.base_dn)
+        delete_force(self.ldb_admin, self.get_user_dn(self.user_with_wp))
+        delete_force(self.ldb_admin, self.get_user_dn(self.user_with_sm))
+        delete_force(self.ldb_admin, self.get_user_dn(self.user_with_group_sm))
+        delete_force(self.ldb_admin, self.get_user_dn("test_modify_user2"))
+        delete_force(self.ldb_admin, self.get_user_dn("test_anonymous"))
+
+        del self.ldb_user
+        del self.ldb_user2
+        del self.ldb_user3
+
+    def get_sd_rights_effective(self, samdb, dn):
+        res = samdb.search(dn,
+                           scope=SCOPE_BASE,
+                           attrs=['sDRightsEffective'])
+        sd_rights = res[0].get('sDRightsEffective', idx=0)
+        if sd_rights is not None:
+            sd_rights = int(sd_rights)
+
+        return sd_rights
+
+    def test_modify_u1(self):
+        """5 Modify one attribute if you have DS_WRITE_PROPERTY for it"""
+        mod = "(OA;;WP;bf967953-0de6-11d0-a285-00aa003049e2;;%s)" % str(self.user_sid)
+        # First test object -- User
+        print("Testing modify on User object")
+        self.ldb_admin.newuser("test_modify_user1", self.user_pass)
+        self.sd_utils.dacl_add_ace(self.get_user_dn("test_modify_user1"), mod)
+        ldif = """
+dn: """ + self.get_user_dn("test_modify_user1") + """
+changetype: modify
+replace: displayName
+displayName: test_changed"""
+        self.ldb_user.modify_ldif(ldif)
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(distinguishedName=%s)" % self.get_user_dn("test_modify_user1"))
+        self.assertEqual(str(res[0]["displayName"][0]), "test_changed")
+        # Second test object -- Group
+        print("Testing modify on Group object")
+        self.ldb_admin.newgroup("test_modify_group1",
+                                grouptype=samba.dsdb.GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP)
+        self.sd_utils.dacl_add_ace("CN=test_modify_group1,CN=Users," + self.base_dn, mod)
+        ldif = """
+dn: CN=test_modify_group1,CN=Users,""" + self.base_dn + """
+changetype: modify
+replace: displayName
+displayName: test_changed"""
+        self.ldb_user.modify_ldif(ldif)
+        res = self.ldb_admin.search(self.base_dn, expression="(distinguishedName=%s)" % str("CN=test_modify_group1,CN=Users," + self.base_dn))
+        self.assertEqual(str(res[0]["displayName"][0]), "test_changed")
+        # Third test object -- Organizational Unit
+        print("Testing modify on OU object")
+        #delete_force(self.ldb_admin, "OU=test_modify_ou1," + self.base_dn)
+        self.ldb_admin.create_ou("OU=test_modify_ou1," + self.base_dn)
+        self.sd_utils.dacl_add_ace("OU=test_modify_ou1," + self.base_dn, mod)
+        ldif = """
+dn: OU=test_modify_ou1,""" + self.base_dn + """
+changetype: modify
+replace: displayName
+displayName: test_changed"""
+        self.ldb_user.modify_ldif(ldif)
+        res = self.ldb_admin.search(self.base_dn, expression="(distinguishedName=%s)" % str("OU=test_modify_ou1," + self.base_dn))
+        self.assertEqual(str(res[0]["displayName"][0]), "test_changed")
+
+    def test_modify_u2(self):
+        """6 Modify two attributes as you have DS_WRITE_PROPERTY granted only for one of them"""
+        mod = "(OA;;WP;bf967953-0de6-11d0-a285-00aa003049e2;;%s)" % str(self.user_sid)
+        # First test object -- User
+        print("Testing modify on User object")
+        #delete_force(self.ldb_admin, self.get_user_dn("test_modify_user1"))
+        self.ldb_admin.newuser("test_modify_user1", self.user_pass)
+        self.sd_utils.dacl_add_ace(self.get_user_dn("test_modify_user1"), mod)
+        # Modify on attribute you have rights for
+        ldif = """
+dn: """ + self.get_user_dn("test_modify_user1") + """
+changetype: modify
+replace: displayName
+displayName: test_changed"""
+        self.ldb_user.modify_ldif(ldif)
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(distinguishedName=%s)" %
+                                    self.get_user_dn("test_modify_user1"))
+        self.assertEqual(str(res[0]["displayName"][0]), "test_changed")
+        # Modify on attribute you do not have rights for granted
+        ldif = """
+dn: """ + self.get_user_dn("test_modify_user1") + """
+changetype: modify
+replace: url
+url: www.samba.org"""
+        try:
+            self.ldb_user.modify_ldif(ldif)
+        except LdbError as e3:
+            (num, _) = e3.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+        else:
+            # This 'modify' operation should always throw ERR_INSUFFICIENT_ACCESS_RIGHTS
+            self.fail()
+        # Second test object -- Group
+        print("Testing modify on Group object")
+        self.ldb_admin.newgroup("test_modify_group1",
+                                grouptype=samba.dsdb.GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP)
+        self.sd_utils.dacl_add_ace("CN=test_modify_group1,CN=Users," + self.base_dn, mod)
+        ldif = """
+dn: CN=test_modify_group1,CN=Users,""" + self.base_dn + """
+changetype: modify
+replace: displayName
+displayName: test_changed"""
+        self.ldb_user.modify_ldif(ldif)
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(distinguishedName=%s)" %
+                                    str("CN=test_modify_group1,CN=Users," + self.base_dn))
+        self.assertEqual(str(res[0]["displayName"][0]), "test_changed")
+        # Modify on attribute you do not have rights for granted
+        ldif = """
+dn: CN=test_modify_group1,CN=Users,""" + self.base_dn + """
+changetype: modify
+replace: url
+url: www.samba.org"""
+        try:
+            self.ldb_user.modify_ldif(ldif)
+        except LdbError as e4:
+            (num, _) = e4.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+        else:
+            # This 'modify' operation should always throw ERR_INSUFFICIENT_ACCESS_RIGHTS
+            self.fail()
+        # Modify on attribute you do not have rights for granted while also modifying something you do have rights for
+        ldif = """
+dn: CN=test_modify_group1,CN=Users,""" + self.base_dn + """
+changetype: modify
+replace: url
+url: www.samba.org
+replace: displayName
+displayName: test_changed"""
+        try:
+            self.ldb_user.modify_ldif(ldif)
+        except LdbError as e5:
+            (num, _) = e5.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+        else:
+            # This 'modify' operation should always throw ERR_INSUFFICIENT_ACCESS_RIGHTS
+            self.fail()
+        # Second test object -- Organizational Unit
+        print("Testing modify on OU object")
+        self.ldb_admin.create_ou("OU=test_modify_ou1," + self.base_dn)
+        self.sd_utils.dacl_add_ace("OU=test_modify_ou1," + self.base_dn, mod)
+        ldif = """
+dn: OU=test_modify_ou1,""" + self.base_dn + """
+changetype: modify
+replace: displayName
+displayName: test_changed"""
+        self.ldb_user.modify_ldif(ldif)
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(distinguishedName=%s)" % str("OU=test_modify_ou1,"
+                                                                              + self.base_dn))
+        self.assertEqual(str(res[0]["displayName"][0]), "test_changed")
+        # Modify on attribute you do not have rights for granted
+        ldif = """
+dn: OU=test_modify_ou1,""" + self.base_dn + """
+changetype: modify
+replace: url
+url: www.samba.org"""
+        try:
+            self.ldb_user.modify_ldif(ldif)
+        except LdbError as e6:
+            (num, _) = e6.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+        else:
+            # This 'modify' operation should always throw ERR_INSUFFICIENT_ACCESS_RIGHTS
+            self.fail()
+
+    def test_modify_u3(self):
+        """7 Modify one attribute as you have no what so ever rights granted"""
+        # First test object -- User
+        print("Testing modify on User object")
+        self.ldb_admin.newuser("test_modify_user1", self.user_pass)
+        # Modify on attribute you do not have rights for granted
+        ldif = """
+dn: """ + self.get_user_dn("test_modify_user1") + """
+changetype: modify
+replace: url
+url: www.samba.org"""
+        try:
+            self.ldb_user.modify_ldif(ldif)
+        except LdbError as e7:
+            (num, _) = e7.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+        else:
+            # This 'modify' operation should always throw ERR_INSUFFICIENT_ACCESS_RIGHTS
+            self.fail()
+
+        # Second test object -- Group
+        print("Testing modify on Group object")
+        self.ldb_admin.newgroup("test_modify_group1",
+                                grouptype=samba.dsdb.GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP)
+        # Modify on attribute you do not have rights for granted
+        ldif = """
+dn: CN=test_modify_group1,CN=Users,""" + self.base_dn + """
+changetype: modify
+replace: url
+url: www.samba.org"""
+        try:
+            self.ldb_user.modify_ldif(ldif)
+        except LdbError as e8:
+            (num, _) = e8.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+        else:
+            # This 'modify' operation should always throw ERR_INSUFFICIENT_ACCESS_RIGHTS
+            self.fail()
+
+        # Second test object -- Organizational Unit
+        print("Testing modify on OU object")
+        #delete_force(self.ldb_admin, "OU=test_modify_ou1," + self.base_dn)
+        self.ldb_admin.create_ou("OU=test_modify_ou1," + self.base_dn)
+        # Modify on attribute you do not have rights for granted
+        ldif = """
+dn: OU=test_modify_ou1,""" + self.base_dn + """
+changetype: modify
+replace: url
+url: www.samba.org"""
+        try:
+            self.ldb_user.modify_ldif(ldif)
+        except LdbError as e9:
+            (num, _) = e9.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+        else:
+            # This 'modify' operation should always throw ERR_INSUFFICIENT_ACCESS_RIGHTS
+            self.fail()
+
+    def test_modify_u4(self):
+        """11 Grant WP to PRINCIPAL_SELF and test modify"""
+        ldif = """
+dn: """ + self.get_user_dn(self.user_with_wp) + """
+changetype: modify
+add: adminDescription
+adminDescription: blah blah blah"""
+        try:
+            self.ldb_user.modify_ldif(ldif)
+        except LdbError as e10:
+            (num, _) = e10.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+        else:
+            # This 'modify' operation should always throw ERR_INSUFFICIENT_ACCESS_RIGHTS
+            self.fail()
+
+        mod = "(OA;;WP;bf967919-0de6-11d0-a285-00aa003049e2;;PS)"
+        self.sd_utils.dacl_add_ace(self.get_user_dn(self.user_with_wp), mod)
+        # Modify on attribute you have rights for
+        self.ldb_user.modify_ldif(ldif)
+        res = self.ldb_admin.search(self.base_dn, expression="(distinguishedName=%s)"
+                                    % self.get_user_dn(self.user_with_wp), attrs=["adminDescription"])
+        self.assertEqual(str(res[0]["adminDescription"][0]), "blah blah blah")
+
+    def test_modify_u5(self):
+        """12 test self membership"""
+        ldif = """
+dn: CN=test_modify_group2,CN=Users,""" + self.base_dn + """
+changetype: modify
+add: Member
+Member: """ + self.get_user_dn(self.user_with_sm)
+# the user has no rights granted, this should fail
+        try:
+            self.ldb_user2.modify_ldif(ldif)
+        except LdbError as e11:
+            (num, _) = e11.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+        else:
+            # This 'modify' operation should always throw ERR_INSUFFICIENT_ACCESS_RIGHTS
+            self.fail()
+
+# grant self-membership, should be able to add himself
+        user_sid = self.sd_utils.get_object_sid(self.get_user_dn(self.user_with_sm))
+        mod = "(OA;;SW;bf9679c0-0de6-11d0-a285-00aa003049e2;;%s)" % str(user_sid)
+        self.sd_utils.dacl_add_ace("CN=test_modify_group2,CN=Users," + self.base_dn, mod)
+        self.ldb_user2.modify_ldif(ldif)
+        res = self.ldb_admin.search(self.base_dn, expression="(distinguishedName=%s)"
+                                    % ("CN=test_modify_group2,CN=Users," + self.base_dn), attrs=["Member"])
+        self.assertEqual(str(res[0]["Member"][0]), self.get_user_dn(self.user_with_sm))
+# but not other users
+        ldif = """
+dn: CN=test_modify_group2,CN=Users,""" + self.base_dn + """
+changetype: modify
+add: Member
+Member: CN=test_modify_user2,CN=Users,""" + self.base_dn
+        try:
+            self.ldb_user2.modify_ldif(ldif)
+        except LdbError as e12:
+            (num, _) = e12.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+        else:
+            self.fail()
+
+    def test_modify_u6(self):
+        """13 test self membership"""
+        ldif = """
+dn: CN=test_modify_group2,CN=Users,""" + self.base_dn + """
+changetype: modify
+add: Member
+Member: """ + self.get_user_dn(self.user_with_sm) + """
+Member: CN=test_modify_user2,CN=Users,""" + self.base_dn
+
+# grant self-membership, should be able to add himself  but not others at the same time
+        user_sid = self.sd_utils.get_object_sid(self.get_user_dn(self.user_with_sm))
+        mod = "(OA;;SW;bf9679c0-0de6-11d0-a285-00aa003049e2;;%s)" % str(user_sid)
+        self.sd_utils.dacl_add_ace("CN=test_modify_group2,CN=Users," + self.base_dn, mod)
+        try:
+            self.ldb_user2.modify_ldif(ldif)
+        except LdbError as e13:
+            (num, _) = e13.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+        else:
+            self.fail()
+
+    def test_modify_u7(self):
+        """13 User with WP modifying Member"""
+# a second user is given write property permission
+        user_sid = self.sd_utils.get_object_sid(self.get_user_dn(self.user_with_wp))
+        mod = "(A;;WP;;;%s)" % str(user_sid)
+        self.sd_utils.dacl_add_ace("CN=test_modify_group2,CN=Users," + self.base_dn, mod)
+        ldif = """
+dn: CN=test_modify_group2,CN=Users,""" + self.base_dn + """
+changetype: modify
+add: Member
+Member: """ + self.get_user_dn(self.user_with_wp)
+        self.ldb_user.modify_ldif(ldif)
+        res = self.ldb_admin.search(self.base_dn, expression="(distinguishedName=%s)"
+                                    % ("CN=test_modify_group2,CN=Users," + self.base_dn), attrs=["Member"])
+        self.assertEqual(str(res[0]["Member"][0]), self.get_user_dn(self.user_with_wp))
+        ldif = """
+dn: CN=test_modify_group2,CN=Users,""" + self.base_dn + """
+changetype: modify
+delete: Member"""
+        self.ldb_user.modify_ldif(ldif)
+        ldif = """
+dn: CN=test_modify_group2,CN=Users,""" + self.base_dn + """
+changetype: modify
+add: Member
+Member: CN=test_modify_user2,CN=Users,""" + self.base_dn
+        self.ldb_user.modify_ldif(ldif)
+        res = self.ldb_admin.search(self.base_dn, expression="(distinguishedName=%s)"
+                                    % ("CN=test_modify_group2,CN=Users," + self.base_dn), attrs=["Member"])
+        self.assertEqual(str(res[0]["Member"][0]), "CN=test_modify_user2,CN=Users," + self.base_dn)
+
+    def test_modify_dacl_explicit_user(self):
+        '''Modify the DACL of a user's security descriptor when we have RIGHT_WRITE_DAC'''
+
+        ou_name = 'test_modify_ou1'
+        ou_dn = f'OU={ou_name},{self.base_dn}'
+
+        username = 'test_modify_ou1_user'
+        user_dn = Dn(self.ldb_admin, f'CN={username},{ou_dn}')
+
+        sd_sddl = 'D:(A;;WP;;;BA)'
+        descriptor = security.descriptor.from_sddl(sd_sddl, self.domain_sid)
+
+        ou_sddl = f'D:(OA;CI;WP;{samba.dsdb.DS_GUID_SCHEMA_ATTR_NT_SECURITY_DESCRIPTOR};;{self.user_sid})'
+        ou_desc = security.descriptor.from_sddl(ou_sddl, self.domain_sid)
+        self.ldb_admin.create_ou(ou_dn, name=ou_name, sd=ou_desc)
+
+        self.ldb_admin.newuser(username, self.user_pass,
+                               userou=f'OU={ou_name}',
+                               sd=descriptor)
+
+        new_sddl = f'D:(A;;WP;;;{self.user_sid})'
+        new_desc = security.descriptor.from_sddl(new_sddl, self.domain_sid)
+
+        controls = [f'sd_flags:1:{security.SECINFO_DACL}']
+
+        # Check our effective rights.
+        effective_rights = self.get_sd_rights_effective(self.ldb_user, user_dn)
+        expected_rights = 0
+        self.assertEqual(expected_rights, effective_rights)
+
+        # The user should not be able to modify the DACL.
+        message = Message(user_dn)
+        message['nTSecurityDescriptor'] = MessageElement(
+            ndr_pack(new_desc),
+            FLAG_MOD_REPLACE,
+            'nTSecurityDescriptor')
+
+        # The update fails since we don't have WRITE_DAC.
+        try:
+            self.ldb_user.modify(message, controls=controls)
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(ERR_INSUFFICIENT_ACCESS_RIGHTS, num)
+            if self.strict_checking:
+                self.assertIn(f'{werror.WERR_ACCESS_DENIED:08X}', estr)
+        else:
+            self.fail()
+
+        # Grant ourselves WRITE_DAC.
+        write_dac_sddl = f'(A;CI;WD;;;{self.user_sid})'
+        self.sd_utils.dacl_add_ace(ou_dn, write_dac_sddl)
+
+        # Check our effective rights.
+        effective_rights = self.get_sd_rights_effective(self.ldb_user, user_dn)
+        expected_rights = security.SECINFO_DACL
+        self.assertEqual(expected_rights, effective_rights)
+
+        # The update fails if we don't specify the controls.
+        try:
+            self.ldb_user.modify(message)
+        except LdbError as err:
+            if self.strict_checking:
+                num, estr = err.args
+                self.assertEqual(ERR_INSUFFICIENT_ACCESS_RIGHTS, num)
+                self.assertIn(f'{werror.WERR_ACCESS_DENIED:08X}', estr)
+        else:
+            self.fail()
+
+        # The update succeeds when specifying the controls.
+        self.ldb_user.modify(message, controls=controls)
+
+    def test_modify_dacl_explicit_computer(self):
+        '''Modify the DACL of a computer's security descriptor when we have RIGHT_WRITE_DAC'''
+
+        ou_name = 'test_modify_ou1'
+        ou_dn = f'OU={ou_name},{self.base_dn}'
+
+        account_name = 'test_mod_hostname'
+        dn = Dn(self.ldb_admin, f'CN={account_name},{ou_dn}')
+
+        sd_sddl = 'D:(A;;WP;;;BA)'
+        descriptor = security.descriptor.from_sddl(sd_sddl, self.domain_sid)
+
+        ou_sddl = f'D:(OA;CI;WP;{samba.dsdb.DS_GUID_SCHEMA_ATTR_NT_SECURITY_DESCRIPTOR};;{self.user_sid})'
+        ou_desc = security.descriptor.from_sddl(ou_sddl, self.domain_sid)
+        self.ldb_admin.create_ou(ou_dn, name=ou_name, sd=ou_desc)
+
+        # Create the account.
+        self.ldb_admin.add({
+            'dn': dn,
+            'objectClass': 'computer',
+            'sAMAccountName': f'{account_name}$',
+            'nTSecurityDescriptor': ndr_pack(descriptor),
+        })
+
+        new_sddl = f'D:(A;;WP;;;{self.user_sid})'
+        new_desc = security.descriptor.from_sddl(new_sddl, self.domain_sid)
+
+        controls = [f'sd_flags:1:{security.SECINFO_DACL}']
+
+        # Check our effective rights.
+        effective_rights = self.get_sd_rights_effective(self.ldb_user, dn)
+        expected_rights = None
+        self.assertEqual(expected_rights, effective_rights)
+
+        # The user should not be able to modify the DACL.
+        message = Message(dn)
+        message['nTSecurityDescriptor'] = MessageElement(
+            ndr_pack(new_desc),
+            FLAG_MOD_REPLACE,
+            'nTSecurityDescriptor')
+
+        # The update fails since we don't have WRITE_DAC.
+        try:
+            self.ldb_user.modify(message, controls=controls)
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(ERR_INSUFFICIENT_ACCESS_RIGHTS, num)
+            if self.strict_checking:
+                self.assertIn(f'{werror.WERR_ACCESS_DENIED:08X}', estr)
+        else:
+            self.fail()
+
+        # Grant ourselves WRITE_DAC.
+        write_dac_sddl = f'(A;CI;WD;;;{self.user_sid})'
+        self.sd_utils.dacl_add_ace(ou_dn, write_dac_sddl)
+
+        # Check our effective rights.
+        effective_rights = self.get_sd_rights_effective(self.ldb_user, dn)
+        expected_rights = None
+        self.assertEqual(expected_rights, effective_rights)
+
+        # The update fails if we don't specify the controls.
+        try:
+            self.ldb_user.modify(message)
+        except LdbError as err:
+            if self.strict_checking:
+                num, estr = err.args
+                self.assertEqual(ERR_INSUFFICIENT_ACCESS_RIGHTS, num)
+                self.assertIn(f'{werror.WERR_ACCESS_DENIED:08X}', estr)
+        else:
+            self.fail()
+
+        # The update succeeds when specifying the controls.
+        self.ldb_user.modify(message, controls=controls)
+
+    def test_modify_dacl_owner_user(self):
+        '''Modify the DACL of a user's security descriptor when we are its owner'''
+
+        ou_name = 'test_modify_ou1'
+        ou_dn = f'OU={ou_name},{self.base_dn}'
+
+        username = 'test_modify_ou1_user'
+        user_dn = Dn(self.ldb_admin, f'CN={username},{ou_dn}')
+
+        sd_sddl = 'O:BA'
+        descriptor = security.descriptor.from_sddl(sd_sddl, self.domain_sid)
+
+        ou_sddl = f'D:(OA;CI;WP;{samba.dsdb.DS_GUID_SCHEMA_ATTR_NT_SECURITY_DESCRIPTOR};;{self.user_sid})'
+        ou_desc = security.descriptor.from_sddl(ou_sddl, self.domain_sid)
+        self.ldb_admin.create_ou(ou_dn, name=ou_name, sd=ou_desc)
+
+        self.ldb_admin.newuser(username, self.user_pass,
+                               userou=f'OU={ou_name}',
+                               sd=descriptor)
+
+        new_sddl = f'D:(A;;WP;;;{self.user_sid})'
+        new_desc = security.descriptor.from_sddl(new_sddl, self.domain_sid)
+
+        owner_controls = [f'sd_flags:1:{security.SECINFO_OWNER}']
+        dacl_controls = [f'sd_flags:1:{security.SECINFO_DACL}']
+
+        # Check our effective rights.
+        effective_rights = self.get_sd_rights_effective(self.ldb_user, user_dn)
+        expected_rights = 0
+        self.assertEqual(expected_rights, effective_rights)
+
+        # The user should not be able to modify the DACL.
+        message = Message(user_dn)
+        message['nTSecurityDescriptor'] = MessageElement(
+            ndr_pack(new_desc),
+            FLAG_MOD_REPLACE,
+            'nTSecurityDescriptor')
+
+        # The update fails since we are not the owner.
+        try:
+            self.ldb_user.modify(message, controls=dacl_controls)
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(ERR_INSUFFICIENT_ACCESS_RIGHTS, num)
+            if self.strict_checking:
+                self.assertIn(f'{werror.WERR_ACCESS_DENIED:08X}', estr)
+        else:
+            self.fail()
+
+        # Make ourselves the owner of the security descriptor.
+        owner_sddl = f'O:{self.user_sid}'
+        owner_desc = security.descriptor.from_sddl(owner_sddl, self.domain_sid)
+        self.sd_utils.modify_sd_on_dn(user_dn, owner_desc,
+                                      controls=owner_controls)
+
+        # Check our effective rights.
+        effective_rights = self.get_sd_rights_effective(self.ldb_user, user_dn)
+        expected_rights = security.SECINFO_DACL
+        self.assertEqual(expected_rights, effective_rights)
+
+        # The update fails if we don't specify the controls.
+        try:
+            self.ldb_user.modify(message)
+        except LdbError as err:
+            if self.strict_checking:
+                num, estr = err.args
+                self.assertEqual(ERR_INSUFFICIENT_ACCESS_RIGHTS, num)
+                self.assertIn(f'{werror.WERR_ACCESS_DENIED:08X}', estr)
+        else:
+            self.fail()
+
+        # The update succeeds when specifying the controls.
+        self.ldb_user.modify(message, controls=dacl_controls)
+
+    def test_modify_dacl_owner_computer_implicit_right_blocked(self):
+        '''Show that we cannot modify the DACL of a computer's security descriptor when we are its owner and BlockOwnerImplicitRights == 1'''
+
+        ou_name = 'test_modify_ou1'
+        ou_dn = f'OU={ou_name},{self.base_dn}'
+
+        account_name = 'test_mod_hostname'
+        dn = Dn(self.ldb_admin, f'CN={account_name},{ou_dn}')
+
+        sd_sddl = 'O:BA'
+        descriptor = security.descriptor.from_sddl(sd_sddl, self.domain_sid)
+
+        ou_sddl = f'D:(OA;CI;WP;{samba.dsdb.DS_GUID_SCHEMA_ATTR_NT_SECURITY_DESCRIPTOR};;{self.user_sid})'
+        ou_desc = security.descriptor.from_sddl(ou_sddl, self.domain_sid)
+        self.ldb_admin.create_ou(ou_dn, name=ou_name, sd=ou_desc)
+
+        # Create the account.
+        self.ldb_admin.add({
+            'dn': dn,
+            'objectClass': 'computer',
+            'sAMAccountName': f'{account_name}$',
+            'nTSecurityDescriptor': ndr_pack(descriptor),
+        })
+
+        new_sddl = f'D:(A;;WP;;;{self.user_sid})'
+        new_desc = security.descriptor.from_sddl(new_sddl, self.domain_sid)
+
+        owner_controls = [f'sd_flags:1:{security.SECINFO_OWNER}']
+        dacl_controls = [f'sd_flags:1:{security.SECINFO_DACL}']
+
+        # Check our effective rights.
+        effective_rights = self.get_sd_rights_effective(self.ldb_user, dn)
+        expected_rights = None
+        self.assertEqual(expected_rights, effective_rights)
+
+        # The user should not be able to modify the DACL.
+        message = Message(dn)
+        message['nTSecurityDescriptor'] = MessageElement(
+            ndr_pack(new_desc),
+            FLAG_MOD_REPLACE,
+            'nTSecurityDescriptor')
+
+        # The update fails since we are not the owner.
+        try:
+            self.ldb_user.modify(message, controls=dacl_controls)
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(ERR_INSUFFICIENT_ACCESS_RIGHTS, num)
+            if self.strict_checking:
+                self.assertIn(f'{werror.WERR_ACCESS_DENIED:08X}', estr)
+        else:
+            self.fail()
+
+        # Make ourselves the owner of the security descriptor.
+        owner_sddl = f'O:{self.user_sid}'
+        owner_desc = security.descriptor.from_sddl(owner_sddl, self.domain_sid)
+        self.sd_utils.modify_sd_on_dn(dn, owner_desc,
+                                      controls=owner_controls)
+
+        # Check our effective rights.
+        effective_rights = self.get_sd_rights_effective(self.ldb_user, dn)
+        expected_rights = None
+        self.assertEqual(expected_rights, effective_rights)
+
+        # The update fails even when specifying the controls.
+        try:
+            self.ldb_user.modify(message, controls=dacl_controls)
+        except LdbError as err:
+            if self.strict_checking:
+                num, estr = err.args
+                self.assertEqual(ERR_INSUFFICIENT_ACCESS_RIGHTS, num)
+                self.assertIn(f'{werror.WERR_ACCESS_DENIED:08X}', estr)
+        else:
+            self.fail()
+
+    def test_modify_dacl_owner_computer_implicit_right_allowed(self):
+        '''Modify the DACL of a computer's security descriptor when we are its owner and BlockOwnerImplicitRights != 1'''
+
+        self.set_heuristic(samba.dsdb.DS_HR_BLOCK_OWNER_IMPLICIT_RIGHTS, b'0')
+
+        ou_name = 'test_modify_ou1'
+        ou_dn = f'OU={ou_name},{self.base_dn}'
+
+        account_name = 'test_mod_hostname'
+        dn = Dn(self.ldb_admin, f'CN={account_name},{ou_dn}')
+
+        sd_sddl = 'O:BA'
+        descriptor = security.descriptor.from_sddl(sd_sddl, self.domain_sid)
+
+        ou_sddl = f'D:(OA;CI;WP;{samba.dsdb.DS_GUID_SCHEMA_ATTR_NT_SECURITY_DESCRIPTOR};;{self.user_sid})'
+        ou_desc = security.descriptor.from_sddl(ou_sddl, self.domain_sid)
+        self.ldb_admin.create_ou(ou_dn, name=ou_name, sd=ou_desc)
+
+        # Create the account.
+        self.ldb_admin.add({
+            'dn': dn,
+            'objectClass': 'computer',
+            'sAMAccountName': f'{account_name}$',
+            'nTSecurityDescriptor': ndr_pack(descriptor),
+        })
+
+        new_sddl = f'D:(A;;WP;;;{self.user_sid})'
+        new_desc = security.descriptor.from_sddl(new_sddl, self.domain_sid)
+
+        owner_controls = [f'sd_flags:1:{security.SECINFO_OWNER}']
+        dacl_controls = [f'sd_flags:1:{security.SECINFO_DACL}']
+
+        # Check our effective rights.
+        effective_rights = self.get_sd_rights_effective(self.ldb_user, dn)
+        expected_rights = None
+        self.assertEqual(expected_rights, effective_rights)
+
+        # The user should not be able to modify the DACL.
+        message = Message(dn)
+        message['nTSecurityDescriptor'] = MessageElement(
+            ndr_pack(new_desc),
+            FLAG_MOD_REPLACE,
+            'nTSecurityDescriptor')
+
+        # The update fails since we are not the owner.
+        try:
+            self.ldb_user.modify(message, controls=dacl_controls)
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(ERR_INSUFFICIENT_ACCESS_RIGHTS, num)
+            if self.strict_checking:
+                self.assertIn(f'{werror.WERR_ACCESS_DENIED:08X}', estr)
+        else:
+            self.fail()
+
+        # Make ourselves the owner of the security descriptor.
+        owner_sddl = f'O:{self.user_sid}'
+        owner_desc = security.descriptor.from_sddl(owner_sddl, self.domain_sid)
+        self.sd_utils.modify_sd_on_dn(dn, owner_desc,
+                                      controls=owner_controls)
+
+        # Check our effective rights.
+        effective_rights = self.get_sd_rights_effective(self.ldb_user, dn)
+        expected_rights = None
+        self.assertEqual(expected_rights, effective_rights)
+
+        # The update fails if we don't specify the controls.
+        try:
+            self.ldb_user.modify(message)
+        except LdbError as err:
+            if self.strict_checking:
+                num, estr = err.args
+                self.assertEqual(ERR_INSUFFICIENT_ACCESS_RIGHTS, num)
+                self.assertIn(f'{werror.WERR_ACCESS_DENIED:08X}', estr)
+        else:
+            self.fail()
+
+        # The update succeeds when specifying the controls.
+        self.ldb_user.modify(message, controls=dacl_controls)
+
+    def test_modify_owner_explicit_user(self):
+        '''Modify the owner of a user's security descriptor when we have RIGHT_WRITE_OWNER'''
+
+        ou_name = 'test_modify_ou1'
+        ou_dn = f'OU={ou_name},{self.base_dn}'
+
+        username = 'test_modify_ou1_user'
+        user_dn = Dn(self.ldb_admin, f'CN={username},{ou_dn}')
+
+        sd_sddl = 'O:BA'
+        descriptor = security.descriptor.from_sddl(sd_sddl, self.domain_sid)
+
+        ou_sddl = f'D:(OA;CI;WP;{samba.dsdb.DS_GUID_SCHEMA_ATTR_NT_SECURITY_DESCRIPTOR};;{self.user_sid})'
+        ou_desc = security.descriptor.from_sddl(ou_sddl, self.domain_sid)
+        self.ldb_admin.create_ou(ou_dn, name=ou_name, sd=ou_desc)
+
+        self.ldb_admin.newuser(username, self.user_pass,
+                               userou=f'OU={ou_name}',
+                               sd=descriptor)
+
+        # Try to modify the owner to ourselves.
+        new_sddl = f'O:{self.user_sid}'
+        new_desc = security.descriptor.from_sddl(new_sddl, self.domain_sid)
+
+        owner_controls = [f'sd_flags:1:{security.SECINFO_OWNER}']
+
+        # Check our effective rights.
+        effective_rights = self.get_sd_rights_effective(self.ldb_user, user_dn)
+        expected_rights = 0
+        self.assertEqual(expected_rights, effective_rights)
+
+        # The user should not be able to modify the owner.
+        message = Message(user_dn)
+        message['nTSecurityDescriptor'] = MessageElement(
+            ndr_pack(new_desc),
+            FLAG_MOD_REPLACE,
+            'nTSecurityDescriptor')
+
+        # The update fails since we don't have WRITE_OWNER.
+        try:
+            self.ldb_user.modify(message, controls=owner_controls)
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(ERR_INSUFFICIENT_ACCESS_RIGHTS, num)
+            if self.strict_checking:
+                self.assertIn(f'{werror.WERR_ACCESS_DENIED:08X}', estr)
+        else:
+            self.fail()
+
+        # Grant ourselves WRITE_OWNER.
+        owner_sddl = f'(A;CI;WO;;;{self.user_sid})'
+        self.sd_utils.dacl_add_ace(ou_dn, owner_sddl)
+
+        # Check our effective rights.
+        effective_rights = self.get_sd_rights_effective(self.ldb_user, user_dn)
+        expected_rights = security.SECINFO_OWNER | security.SECINFO_GROUP
+        self.assertEqual(expected_rights, effective_rights)
+
+        # The update fails if we don't specify the controls.
+        try:
+            self.ldb_user.modify(message)
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(ERR_INSUFFICIENT_ACCESS_RIGHTS, num)
+            if self.strict_checking:
+                self.assertIn(f'{werror.WERR_ACCESS_DENIED:08X}', estr)
+        else:
+            self.fail()
+
+        # The update succeeds when specifying the controls.
+        self.ldb_user.modify(message, controls=owner_controls)
+
+    def test_modify_owner_explicit_computer(self):
+        '''Modify the owner of a computer's security descriptor when we have RIGHT_WRITE_OWNER'''
+
+        ou_name = 'test_modify_ou1'
+        ou_dn = f'OU={ou_name},{self.base_dn}'
+
+        account_name = 'test_mod_hostname'
+        dn = Dn(self.ldb_admin, f'CN={account_name},{ou_dn}')
+
+        sd_sddl = 'O:BA'
+        descriptor = security.descriptor.from_sddl(sd_sddl, self.domain_sid)
+
+        ou_sddl = f'D:(OA;CI;WP;{samba.dsdb.DS_GUID_SCHEMA_ATTR_NT_SECURITY_DESCRIPTOR};;{self.user_sid})'
+        ou_desc = security.descriptor.from_sddl(ou_sddl, self.domain_sid)
+        self.ldb_admin.create_ou(ou_dn, name=ou_name, sd=ou_desc)
+
+        # Create the account.
+        self.ldb_admin.add({
+            'dn': dn,
+            'objectClass': 'computer',
+            'sAMAccountName': f'{account_name}$',
+            'nTSecurityDescriptor': ndr_pack(descriptor),
+        })
+
+        # Try to modify the owner to ourselves.
+        new_sddl = f'O:{self.user_sid}'
+        new_desc = security.descriptor.from_sddl(new_sddl, self.domain_sid)
+
+        owner_controls = [f'sd_flags:1:{security.SECINFO_OWNER}']
+
+        # Check our effective rights.
+        effective_rights = self.get_sd_rights_effective(self.ldb_user, dn)
+        expected_rights = None
+        self.assertEqual(expected_rights, effective_rights)
+
+        # The user should not be able to modify the owner.
+        message = Message(dn)
+        message['nTSecurityDescriptor'] = MessageElement(
+            ndr_pack(new_desc),
+            FLAG_MOD_REPLACE,
+            'nTSecurityDescriptor')
+
+        # The update fails since we don't have WRITE_OWNER.
+        try:
+            self.ldb_user.modify(message, controls=owner_controls)
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(ERR_INSUFFICIENT_ACCESS_RIGHTS, num)
+            if self.strict_checking:
+                self.assertIn(f'{werror.WERR_ACCESS_DENIED:08X}', estr)
+        else:
+            self.fail()
+
+        # Grant ourselves WRITE_OWNER.
+        owner_sddl = f'(A;CI;WO;;;{self.user_sid})'
+        self.sd_utils.dacl_add_ace(ou_dn, owner_sddl)
+
+        # Check our effective rights.
+        effective_rights = self.get_sd_rights_effective(self.ldb_user, dn)
+        expected_rights = None
+        self.assertEqual(expected_rights, effective_rights)
+
+        # The update fails if we don't specify the controls.
+        try:
+            self.ldb_user.modify(message)
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(ERR_INSUFFICIENT_ACCESS_RIGHTS, num)
+            if self.strict_checking:
+                self.assertIn(f'{werror.WERR_ACCESS_DENIED:08X}', estr)
+        else:
+            self.fail()
+
+        # The update succeeds when specifying the controls.
+        self.ldb_user.modify(message, controls=owner_controls)
+
+    def test_modify_group_explicit_user(self):
+        '''Modify the group of a user's security descriptor when we have RIGHT_WRITE_OWNER'''
+
+        ou_name = 'test_modify_ou1'
+        ou_dn = f'OU={ou_name},{self.base_dn}'
+
+        username = 'test_modify_ou1_user'
+        user_dn = Dn(self.ldb_admin, f'CN={username},{ou_dn}')
+
+        sd_sddl = 'O:BA'
+        descriptor = security.descriptor.from_sddl(sd_sddl, self.domain_sid)
+
+        ou_sddl = f'D:(OA;CI;WP;{samba.dsdb.DS_GUID_SCHEMA_ATTR_NT_SECURITY_DESCRIPTOR};;{self.user_sid})'
+        ou_desc = security.descriptor.from_sddl(ou_sddl, self.domain_sid)
+        self.ldb_admin.create_ou(ou_dn, name=ou_name, sd=ou_desc)
+
+        self.ldb_admin.newuser(username, self.user_pass,
+                               userou=f'OU={ou_name}',
+                               sd=descriptor)
+
+        # Try to modify the group to ourselves.
+        new_sddl = f'G:{self.user_sid}'
+        new_desc = security.descriptor.from_sddl(new_sddl, self.domain_sid)
+
+        group_controls = [f'sd_flags:1:{security.SECINFO_GROUP}']
+
+        # Check our effective rights.
+        effective_rights = self.get_sd_rights_effective(self.ldb_user, user_dn)
+        expected_rights = 0
+        self.assertEqual(expected_rights, effective_rights)
+
+        # The user should not be able to modify the group.
+        message = Message(user_dn)
+        message['nTSecurityDescriptor'] = MessageElement(
+            ndr_pack(new_desc),
+            FLAG_MOD_REPLACE,
+            'nTSecurityDescriptor')
+
+        # The update fails since we don't have WRITE_OWNER.
+        try:
+            self.ldb_user.modify(message, controls=group_controls)
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(ERR_INSUFFICIENT_ACCESS_RIGHTS, num)
+            if self.strict_checking:
+                self.assertIn(f'{werror.WERR_ACCESS_DENIED:08X}', estr)
+        else:
+            self.fail()
+
+        # Grant ourselves WRITE_OWNER.
+        owner_sddl = f'(A;CI;WO;;;{self.user_sid})'
+        self.sd_utils.dacl_add_ace(ou_dn, owner_sddl)
+
+        # Check our effective rights.
+        effective_rights = self.get_sd_rights_effective(self.ldb_user, user_dn)
+        expected_rights = security.SECINFO_OWNER | security.SECINFO_GROUP
+        self.assertEqual(expected_rights, effective_rights)
+
+        # The update fails if we don't specify the controls.
+        try:
+            self.ldb_user.modify(message)
+        except LdbError as err:
+            if self.strict_checking:
+                num, estr = err.args
+                self.assertEqual(ERR_INSUFFICIENT_ACCESS_RIGHTS, num)
+                self.assertIn(f'{werror.WERR_ACCESS_DENIED:08X}', estr)
+        else:
+            self.fail()
+
+        # The update succeeds when specifying the controls.
+        self.ldb_user.modify(message, controls=group_controls)
+
+    def test_modify_group_explicit_computer(self):
+        '''Modify the group of a computer's security descriptor when we have RIGHT_WRITE_OWNER'''
+
+        ou_name = 'test_modify_ou1'
+        ou_dn = f'OU={ou_name},{self.base_dn}'
+
+        account_name = 'test_mod_hostname'
+        dn = Dn(self.ldb_admin, f'CN={account_name},{ou_dn}')
+
+        sd_sddl = 'O:BA'
+        descriptor = security.descriptor.from_sddl(sd_sddl, self.domain_sid)
+
+        ou_sddl = f'D:(OA;CI;WP;{samba.dsdb.DS_GUID_SCHEMA_ATTR_NT_SECURITY_DESCRIPTOR};;{self.user_sid})'
+        ou_desc = security.descriptor.from_sddl(ou_sddl, self.domain_sid)
+        self.ldb_admin.create_ou(ou_dn, name=ou_name, sd=ou_desc)
+
+        # Create the account.
+        self.ldb_admin.add({
+            'dn': dn,
+            'objectClass': 'computer',
+            'sAMAccountName': f'{account_name}$',
+            'nTSecurityDescriptor': ndr_pack(descriptor),
+        })
+
+        # Try to modify the group to ourselves.
+        new_sddl = f'G:{self.user_sid}'
+        new_desc = security.descriptor.from_sddl(new_sddl, self.domain_sid)
+
+        group_controls = [f'sd_flags:1:{security.SECINFO_GROUP}']
+
+        # Check our effective rights.
+        effective_rights = self.get_sd_rights_effective(self.ldb_user, dn)
+        expected_rights = None
+        self.assertEqual(expected_rights, effective_rights)
+
+        # The user should not be able to modify the group.
+        message = Message(dn)
+        message['nTSecurityDescriptor'] = MessageElement(
+            ndr_pack(new_desc),
+            FLAG_MOD_REPLACE,
+            'nTSecurityDescriptor')
+
+        # The update fails since we don't have WRITE_OWNER.
+        try:
+            self.ldb_user.modify(message, controls=group_controls)
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(ERR_INSUFFICIENT_ACCESS_RIGHTS, num)
+            if self.strict_checking:
+                self.assertIn(f'{werror.WERR_ACCESS_DENIED:08X}', estr)
+        else:
+            self.fail()
+
+        # Grant ourselves WRITE_OWNER.
+        owner_sddl = f'(A;CI;WO;;;{self.user_sid})'
+        self.sd_utils.dacl_add_ace(ou_dn, owner_sddl)
+
+        # Check our effective rights.
+        effective_rights = self.get_sd_rights_effective(self.ldb_user, dn)
+        expected_rights = None
+        self.assertEqual(expected_rights, effective_rights)
+
+        # The update fails if we don't specify the controls.
+        try:
+            self.ldb_user.modify(message)
+        except LdbError as err:
+            if self.strict_checking:
+                num, estr = err.args
+                self.assertEqual(ERR_INSUFFICIENT_ACCESS_RIGHTS, num)
+                self.assertIn(f'{werror.WERR_ACCESS_DENIED:08X}', estr)
+        else:
+            self.fail()
+
+        # The update succeeds when specifying the controls.
+        self.ldb_user.modify(message, controls=group_controls)
+
+    def test_modify_owner_other_user(self):
+        '''Show we cannot set the owner of a user's security descriptor to another SID'''
+
+        ou_name = 'test_modify_ou1'
+        ou_dn = f'OU={ou_name},{self.base_dn}'
+
+        username = 'test_modify_ou1_user'
+        user_dn = Dn(self.ldb_admin, f'CN={username},{ou_dn}')
+
+        sd_sddl = 'O:BA'
+        descriptor = security.descriptor.from_sddl(sd_sddl, self.domain_sid)
+
+        ou_sddl = f'D:(OA;CI;WP;{samba.dsdb.DS_GUID_SCHEMA_ATTR_NT_SECURITY_DESCRIPTOR};;{self.user_sid})'
+        ou_desc = security.descriptor.from_sddl(ou_sddl, self.domain_sid)
+        self.ldb_admin.create_ou(ou_dn, name=ou_name, sd=ou_desc)
+
+        self.ldb_admin.newuser(username, self.user_pass,
+                               userou=f'OU={ou_name}',
+                               sd=descriptor)
+
+        # Try to modify the owner to someone other than ourselves.
+        new_sddl = 'O:BA'
+        new_desc = security.descriptor.from_sddl(new_sddl, self.domain_sid)
+
+        owner_controls = [f'sd_flags:1:{security.SECINFO_OWNER}']
+
+        # Check our effective rights.
+        effective_rights = self.get_sd_rights_effective(self.ldb_user, user_dn)
+        expected_rights = 0
+        self.assertEqual(expected_rights, effective_rights)
+
+        # The user should not be able to modify the owner.
+        message = Message(user_dn)
+        message['nTSecurityDescriptor'] = MessageElement(
+            ndr_pack(new_desc),
+            FLAG_MOD_REPLACE,
+            'nTSecurityDescriptor')
+
+        # Grant ourselves WRITE_OWNER.
+        owner_sddl = f'(A;CI;WO;;;{self.user_sid})'
+        self.sd_utils.dacl_add_ace(ou_dn, owner_sddl)
+
+        # Check our effective rights.
+        effective_rights = self.get_sd_rights_effective(self.ldb_user, user_dn)
+        expected_rights = security.SECINFO_OWNER | security.SECINFO_GROUP
+        self.assertEqual(expected_rights, effective_rights)
+
+        # The update fails when trying to specify another user.
+        try:
+            self.ldb_user.modify(message, controls=owner_controls)
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(ERR_CONSTRAINT_VIOLATION, num)
+            if self.strict_checking:
+                self.assertIn(f'{werror.WERR_INVALID_OWNER:08X}', estr)
+        else:
+            self.fail('expected an error')
+
+    def test_modify_owner_other_computer(self):
+        '''Show we cannot set the owner of a computer's security descriptor to another SID'''
+
+        ou_name = 'test_modify_ou1'
+        ou_dn = f'OU={ou_name},{self.base_dn}'
+
+        account_name = 'test_mod_hostname'
+        dn = Dn(self.ldb_admin, f'CN={account_name},{ou_dn}')
+
+        sd_sddl = 'O:BA'
+        descriptor = security.descriptor.from_sddl(sd_sddl, self.domain_sid)
+
+        ou_sddl = f'D:(OA;CI;WP;{samba.dsdb.DS_GUID_SCHEMA_ATTR_NT_SECURITY_DESCRIPTOR};;{self.user_sid})'
+        ou_desc = security.descriptor.from_sddl(ou_sddl, self.domain_sid)
+        self.ldb_admin.create_ou(ou_dn, name=ou_name, sd=ou_desc)
+
+        # Create the account.
+        self.ldb_admin.add({
+            'dn': dn,
+            'objectClass': 'computer',
+            'sAMAccountName': f'{account_name}$',
+            'nTSecurityDescriptor': ndr_pack(descriptor),
+        })
+
+        # Try to modify the owner to someone other than ourselves.
+        new_sddl = 'O:BA'
+        new_desc = security.descriptor.from_sddl(new_sddl, self.domain_sid)
+
+        owner_controls = [f'sd_flags:1:{security.SECINFO_OWNER}']
+
+        # Check our effective rights.
+        effective_rights = self.get_sd_rights_effective(self.ldb_user, dn)
+        expected_rights = None
+        self.assertEqual(expected_rights, effective_rights)
+
+        # The user should not be able to modify the owner.
+        message = Message(dn)
+        message['nTSecurityDescriptor'] = MessageElement(
+            ndr_pack(new_desc),
+            FLAG_MOD_REPLACE,
+            'nTSecurityDescriptor')
+
+        # Grant ourselves WRITE_OWNER.
+        owner_sddl = f'(A;CI;WO;;;{self.user_sid})'
+        self.sd_utils.dacl_add_ace(ou_dn, owner_sddl)
+
+        # Check our effective rights.
+        effective_rights = self.get_sd_rights_effective(self.ldb_user, dn)
+        expected_rights = None
+        self.assertEqual(expected_rights, effective_rights)
+
+        # The update fails when trying to specify another user.
+        try:
+            self.ldb_user.modify(message, controls=owner_controls)
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(ERR_CONSTRAINT_VIOLATION, num)
+            if self.strict_checking:
+                self.assertIn(f'{werror.WERR_INVALID_OWNER:08X}', estr)
+        else:
+            self.fail('expected an error')
+
+    def test_modify_owner_other_admin_user(self):
+        '''Show a domain admin cannot set the owner of a user's security descriptor to another SID'''
+
+        ou_name = 'test_modify_ou1'
+        ou_dn = f'OU={ou_name},{self.base_dn}'
+
+        username = 'test_modify_ou1_user'
+        user_dn = Dn(self.ldb_admin, f'CN={username},{ou_dn}')
+
+        sd_sddl = 'O:BA'
+        descriptor = security.descriptor.from_sddl(sd_sddl, self.domain_sid)
+
+        ou_sddl = f'D:(OA;CI;WP;{samba.dsdb.DS_GUID_SCHEMA_ATTR_NT_SECURITY_DESCRIPTOR};;{self.user_sid})'
+        ou_desc = security.descriptor.from_sddl(ou_sddl, self.domain_sid)
+        self.ldb_admin.create_ou(ou_dn, name=ou_name, sd=ou_desc)
+
+        self.ldb_admin.newuser(username, self.user_pass,
+                               userou=f'OU={ou_name}',
+                               sd=descriptor)
+
+        # Try to modify the owner to someone other than ourselves.
+        new_sddl = 'O:BA'
+        new_desc = security.descriptor.from_sddl(new_sddl, self.domain_sid)
+
+        owner_controls = [f'sd_flags:1:{security.SECINFO_OWNER}']
+
+        # Check our effective rights.
+        effective_rights = self.get_sd_rights_effective(self.ldb_user, user_dn)
+        expected_rights = 0
+        self.assertEqual(expected_rights, effective_rights)
+
+        # The user should not be able to modify the owner.
+        message = Message(user_dn)
+        message['nTSecurityDescriptor'] = MessageElement(
+            ndr_pack(new_desc),
+            FLAG_MOD_REPLACE,
+            'nTSecurityDescriptor')
+
+        # Grant ourselves WRITE_OWNER.
+        owner_sddl = f'(A;CI;WO;;;{self.user_sid})'
+        self.sd_utils.dacl_add_ace(ou_dn, owner_sddl)
+
+        # Check our effective rights.
+        effective_rights = self.get_sd_rights_effective(self.ldb_user, user_dn)
+        expected_rights = security.SECINFO_OWNER | security.SECINFO_GROUP
+        self.assertEqual(expected_rights, effective_rights)
+
+        # The update succeeds as admin when trying to specify another user.
+        self.ldb_admin.modify(message, controls=owner_controls)
+
+    def test_modify_owner_other_admin_computer(self):
+        '''Show a domain admin cannot set the owner of a computer's security descriptor to another SID'''
+
+        ou_name = 'test_modify_ou1'
+        ou_dn = f'OU={ou_name},{self.base_dn}'
+
+        account_name = 'test_mod_hostname'
+        dn = Dn(self.ldb_admin, f'CN={account_name},{ou_dn}')
+
+        sd_sddl = 'O:BA'
+        descriptor = security.descriptor.from_sddl(sd_sddl, self.domain_sid)
+
+        ou_sddl = f'D:(OA;CI;WP;{samba.dsdb.DS_GUID_SCHEMA_ATTR_NT_SECURITY_DESCRIPTOR};;{self.user_sid})'
+        ou_desc = security.descriptor.from_sddl(ou_sddl, self.domain_sid)
+        self.ldb_admin.create_ou(ou_dn, name=ou_name, sd=ou_desc)
+
+        # Create the account.
+        self.ldb_admin.add({
+            'dn': dn,
+            'objectClass': 'computer',
+            'sAMAccountName': f'{account_name}$',
+            'nTSecurityDescriptor': ndr_pack(descriptor),
+        })
+
+        # Try to modify the owner to someone other than ourselves.
+        new_sddl = 'O:BA'
+        new_desc = security.descriptor.from_sddl(new_sddl, self.domain_sid)
+
+        owner_controls = [f'sd_flags:1:{security.SECINFO_OWNER}']
+
+        # Check our effective rights.
+        effective_rights = self.get_sd_rights_effective(self.ldb_user, dn)
+        expected_rights = None
+        self.assertEqual(expected_rights, effective_rights)
+
+        # The user should not be able to modify the owner.
+        message = Message(dn)
+        message['nTSecurityDescriptor'] = MessageElement(
+            ndr_pack(new_desc),
+            FLAG_MOD_REPLACE,
+            'nTSecurityDescriptor')
+
+        # Grant ourselves WRITE_OWNER.
+        owner_sddl = f'(A;CI;WO;;;{self.user_sid})'
+        self.sd_utils.dacl_add_ace(ou_dn, owner_sddl)
+
+        # Check our effective rights.
+        effective_rights = self.get_sd_rights_effective(self.ldb_user, dn)
+        expected_rights = None
+        self.assertEqual(expected_rights, effective_rights)
+
+        # The update succeeds as admin when trying to specify another user.
+        self.ldb_admin.modify(message, controls=owner_controls)
+
+    def test_modify_owner_admin_user(self):
+        '''Show a domain admin can set the owner of a user's security descriptor to Domain Admins'''
+
+        ou_name = 'test_modify_ou1'
+        ou_dn = f'OU={ou_name},{self.base_dn}'
+
+        username = 'test_modify_ou1_user'
+        user_dn = Dn(self.ldb_admin, f'CN={username},{ou_dn}')
+
+        sd_sddl = 'O:BA'
+        descriptor = security.descriptor.from_sddl(sd_sddl, self.domain_sid)
+
+        ou_sddl = f'D:(OA;CI;WP;{samba.dsdb.DS_GUID_SCHEMA_ATTR_NT_SECURITY_DESCRIPTOR};;{self.user_sid})'
+        ou_desc = security.descriptor.from_sddl(ou_sddl, self.domain_sid)
+        self.ldb_admin.create_ou(ou_dn, name=ou_name, sd=ou_desc)
+
+        self.ldb_admin.newuser(username, self.user_pass,
+                               userou=f'OU={ou_name}',
+                               sd=descriptor)
+
+        # Try to modify the owner to Domain Admins.
+        new_sddl = 'O:DA'
+        new_desc = security.descriptor.from_sddl(new_sddl, self.domain_sid)
+
+        owner_controls = [f'sd_flags:1:{security.SECINFO_OWNER}']
+
+        # Check our effective rights.
+        effective_rights = self.get_sd_rights_effective(self.ldb_user, user_dn)
+        expected_rights = 0
+        self.assertEqual(expected_rights, effective_rights)
+
+        # The user should not be able to modify the owner.
+        message = Message(user_dn)
+        message['nTSecurityDescriptor'] = MessageElement(
+            ndr_pack(new_desc),
+            FLAG_MOD_REPLACE,
+            'nTSecurityDescriptor')
+
+        # Grant ourselves WRITE_OWNER.
+        owner_sddl = f'(A;CI;WO;;;{self.user_sid})'
+        self.sd_utils.dacl_add_ace(ou_dn, owner_sddl)
+
+        # Check our effective rights.
+        effective_rights = self.get_sd_rights_effective(self.ldb_user, user_dn)
+        expected_rights = security.SECINFO_OWNER | security.SECINFO_GROUP
+        self.assertEqual(expected_rights, effective_rights)
+
+        # The update succeeds as admin when specifying Domain Admins.
+        self.ldb_admin.modify(message, controls=owner_controls)
+
+    def test_modify_owner_admin_computer(self):
+        '''Show a domain admin can set the owner of a computer's security descriptor to Domain Admins'''
+
+        ou_name = 'test_modify_ou1'
+        ou_dn = f'OU={ou_name},{self.base_dn}'
+
+        account_name = 'test_mod_hostname'
+        dn = Dn(self.ldb_admin, f'CN={account_name},{ou_dn}')
+
+        sd_sddl = 'O:BA'
+        descriptor = security.descriptor.from_sddl(sd_sddl, self.domain_sid)
+
+        ou_sddl = f'D:(OA;CI;WP;{samba.dsdb.DS_GUID_SCHEMA_ATTR_NT_SECURITY_DESCRIPTOR};;{self.user_sid})'
+        ou_desc = security.descriptor.from_sddl(ou_sddl, self.domain_sid)
+        self.ldb_admin.create_ou(ou_dn, name=ou_name, sd=ou_desc)
+
+        # Create the account.
+        self.ldb_admin.add({
+            'dn': dn,
+            'objectClass': 'computer',
+            'sAMAccountName': f'{account_name}$',
+            'nTSecurityDescriptor': ndr_pack(descriptor),
+        })
+
+        # Try to modify the owner to Domain Admins.
+        new_sddl = 'O:DA'
+        new_desc = security.descriptor.from_sddl(new_sddl, self.domain_sid)
+
+        owner_controls = [f'sd_flags:1:{security.SECINFO_OWNER}']
+
+        # Check our effective rights.
+        effective_rights = self.get_sd_rights_effective(self.ldb_user, dn)
+        expected_rights = None
+        self.assertEqual(expected_rights, effective_rights)
+
+        # The user should not be able to modify the owner.
+        message = Message(dn)
+        message['nTSecurityDescriptor'] = MessageElement(
+            ndr_pack(new_desc),
+            FLAG_MOD_REPLACE,
+            'nTSecurityDescriptor')
+
+        # Grant ourselves WRITE_OWNER.
+        owner_sddl = f'(A;CI;WO;;;{self.user_sid})'
+        self.sd_utils.dacl_add_ace(ou_dn, owner_sddl)
+
+        # Check our effective rights.
+        effective_rights = self.get_sd_rights_effective(self.ldb_user, dn)
+        expected_rights = None
+        self.assertEqual(expected_rights, effective_rights)
+
+        # The update succeeds as admin when specifying Domain Admins.
+        self.ldb_admin.modify(message, controls=owner_controls)
+
+    def test_modify_anonymous(self):
+        """Test add operation with anonymous user"""
+        anonymous = SamDB(url=ldaphost, credentials=self.creds_tmp, lp=lp)
+        self.ldb_admin.newuser("test_anonymous", "samba123@")
+        m = Message()
+        m.dn = Dn(anonymous, self.get_user_dn("test_anonymous"))
+
+        m["description"] = MessageElement("sambauser2",
+                                          FLAG_MOD_ADD,
+                                          "description")
+        try:
+            anonymous.modify(m)
+        except LdbError as e14:
+            (num, _) = e14.args
+            self.assertEqual(num, ERR_OPERATIONS_ERROR)
+        else:
+            self.fail()
+
+    def test_modify_dns_host_name(self):
+        '''Test modifying dNSHostName with validated write'''
+
+        ou_dn = f'OU=test_modify_ou1,{self.base_dn}'
+
+        account_name = 'test_mod_hostname'
+        dn = f'CN={account_name},{ou_dn}'
+
+        self.ldb_admin.create_ou(ou_dn)
+
+        # Grant Validated Write.
+        mod = (f'(OA;CI;SW;{security.GUID_DRS_DNS_HOST_NAME};;'
+               f'{self.user_sid})')
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+
+        # Create the account.
+        self.ldb_admin.add({
+            'dn': dn,
+            'objectClass': 'computer',
+            'sAMAccountName': f'{account_name}$',
+        })
+
+        host_name = f'{account_name}.{self.ldb_user.domain_dns_name()}'
+
+        m = Message(Dn(self.ldb_user, dn))
+        m['dNSHostName'] = MessageElement(host_name,
+                                          FLAG_MOD_REPLACE,
+                                          'dNSHostName')
+        try:
+            self.ldb_user.modify(m)
+        except LdbError:
+            self.fail()
+
+    def test_modify_dns_host_name_no_validated_write(self):
+        '''Test modifying dNSHostName without validated write'''
+
+        ou_dn = f'OU=test_modify_ou1,{self.base_dn}'
+
+        account_name = 'test_mod_hostname'
+        dn = f'CN={account_name},{ou_dn}'
+
+        self.ldb_admin.create_ou(ou_dn)
+
+        # Create the account.
+        self.ldb_admin.add({
+            'dn': dn,
+            'objectClass': 'computer',
+            'sAMAccountName': f'{account_name}$',
+        })
+
+        host_name = f'{account_name}.{self.ldb_user.domain_dns_name()}'
+
+        m = Message(Dn(self.ldb_user, dn))
+        m['dNSHostName'] = MessageElement(host_name,
+                                          FLAG_MOD_REPLACE,
+                                          'dNSHostName')
+        try:
+            self.ldb_user.modify(m)
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(ERR_INSUFFICIENT_ACCESS_RIGHTS, num)
+        else:
+            self.fail()
+
+    def test_modify_dns_host_name_invalid(self):
+        '''Test modifying dNSHostName to an invalid value'''
+
+        ou_dn = f'OU=test_modify_ou1,{self.base_dn}'
+
+        account_name = 'test_mod_hostname'
+        dn = f'CN={account_name},{ou_dn}'
+
+        self.ldb_admin.create_ou(ou_dn)
+
+        # Grant Validated Write.
+        mod = (f'(OA;CI;SW;{security.GUID_DRS_DNS_HOST_NAME};;'
+               f'{self.user_sid})')
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+
+        # Create the account.
+        self.ldb_admin.add({
+            'dn': dn,
+            'objectClass': 'computer',
+            'sAMAccountName': f'{account_name}$',
+        })
+
+        host_name = 'invalid'
+
+        m = Message(Dn(self.ldb_user, dn))
+        m['dNSHostName'] = MessageElement(host_name,
+                                          FLAG_MOD_REPLACE,
+                                          'dNSHostName')
+        try:
+            self.ldb_user.modify(m)
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(ERR_CONSTRAINT_VIOLATION, num)
+        else:
+            self.fail()
+
+    def test_modify_dns_host_name_invalid_wp(self):
+        '''Test modifying dNSHostName to an invalid value when we have WP'''
+
+        ou_dn = f'OU=test_modify_ou1,{self.base_dn}'
+
+        account_name = 'test_mod_hostname'
+        dn = f'CN={account_name},{ou_dn}'
+
+        self.ldb_admin.create_ou(ou_dn)
+
+        # Grant Write Property.
+        mod = (f'(OA;CI;WP;{security.GUID_DRS_DNS_HOST_NAME};;'
+               f'{self.user_sid})')
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+
+        # Create the account.
+        self.ldb_admin.add({
+            'dn': dn,
+            'objectClass': 'computer',
+            'sAMAccountName': f'{account_name}$',
+        })
+
+        host_name = 'invalid'
+
+        m = Message(Dn(self.ldb_user, dn))
+        m['dNSHostName'] = MessageElement(host_name,
+                                          FLAG_MOD_REPLACE,
+                                          'dNSHostName')
+        try:
+            self.ldb_user.modify(m)
+        except LdbError:
+            self.fail()
+
+    def test_modify_dns_host_name_invalid_non_computer(self):
+        '''Test modifying dNSHostName to an invalid value on a non-computer'''
+
+        ou_dn = f'OU=test_modify_ou1,{self.base_dn}'
+
+        account_name = 'test_mod_hostname'
+        dn = f'CN={account_name},{ou_dn}'
+
+        self.ldb_admin.create_ou(ou_dn)
+
+        # Grant Validated Write.
+        mod = (f'(OA;CI;SW;{security.GUID_DRS_DNS_HOST_NAME};;'
+               f'{self.user_sid})')
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+
+        # Create the account.
+        self.ldb_admin.add({
+            'dn': dn,
+            'objectClass': 'user',
+            'sAMAccountName': f'{account_name}',
+        })
+
+        host_name = 'invalid'
+
+        m = Message(Dn(self.ldb_user, dn))
+        m['dNSHostName'] = MessageElement(host_name,
+                                          FLAG_MOD_REPLACE,
+                                          'dNSHostName')
+        try:
+            self.ldb_user.modify(m)
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(ERR_INSUFFICIENT_ACCESS_RIGHTS, num)
+        else:
+            self.fail()
+
+    def test_modify_dns_host_name_no_value(self):
+        '''Test modifying dNSHostName with validated write with no value'''
+
+        ou_dn = f'OU=test_modify_ou1,{self.base_dn}'
+
+        account_name = 'test_mod_hostname'
+        dn = f'CN={account_name},{ou_dn}'
+
+        self.ldb_admin.create_ou(ou_dn)
+
+        # Grant Validated Write.
+        mod = (f'(OA;CI;SW;{security.GUID_DRS_DNS_HOST_NAME};;'
+               f'{self.user_sid})')
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+
+        # Create the account.
+        self.ldb_admin.add({
+            'dn': dn,
+            'objectClass': 'computer',
+            'sAMAccountName': f'{account_name}$',
+        })
+
+        m = Message(Dn(self.ldb_user, dn))
+        m['dNSHostName'] = MessageElement([],
+                                          FLAG_MOD_REPLACE,
+                                          'dNSHostName')
+        try:
+            self.ldb_user.modify(m)
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(ERR_OPERATIONS_ERROR, num)
+        else:
+            # Windows accepts this.
+            pass
+
+    def test_modify_dns_host_name_empty_string(self):
+        '''Test modifying dNSHostName with validated write of an empty string'''
+
+        ou_dn = f'OU=test_modify_ou1,{self.base_dn}'
+
+        account_name = 'test_mod_hostname'
+        dn = f'CN={account_name},{ou_dn}'
+
+        self.ldb_admin.create_ou(ou_dn)
+
+        # Grant Validated Write.
+        mod = (f'(OA;CI;SW;{security.GUID_DRS_DNS_HOST_NAME};;'
+               f'{self.user_sid})')
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+
+        # Create the account.
+        self.ldb_admin.add({
+            'dn': dn,
+            'objectClass': 'computer',
+            'sAMAccountName': f'{account_name}$',
+        })
+
+        m = Message(Dn(self.ldb_user, dn))
+        m['dNSHostName'] = MessageElement('\0',
+                                          FLAG_MOD_REPLACE,
+                                          'dNSHostName')
+        try:
+            self.ldb_user.modify(m)
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(ERR_CONSTRAINT_VIOLATION, num)
+        else:
+            self.fail()
+
+    def test_modify_dns_host_name_dollar(self):
+        '''Test modifying dNSHostName with validated write of a value including a dollar'''
+
+        ou_dn = f'OU=test_modify_ou1,{self.base_dn}'
+
+        account_name = 'test_mod_hostname'
+        dn = f'CN={account_name},{ou_dn}'
+
+        self.ldb_admin.create_ou(ou_dn)
+
+        # Grant Validated Write.
+        mod = (f'(OA;CI;SW;{security.GUID_DRS_DNS_HOST_NAME};;'
+               f'{self.user_sid})')
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+
+        # Create the account.
+        self.ldb_admin.add({
+            'dn': dn,
+            'objectClass': 'computer',
+            'sAMAccountName': f'{account_name}$',
+        })
+
+        host_name = f'{account_name}$.{self.ldb_user.domain_dns_name()}'
+
+        m = Message(Dn(self.ldb_user, dn))
+        m['dNSHostName'] = MessageElement(host_name,
+                                          FLAG_MOD_REPLACE,
+                                          'dNSHostName')
+        try:
+            self.ldb_user.modify(m)
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(ERR_CONSTRAINT_VIOLATION, num)
+        else:
+            self.fail()
+
+    def test_modify_dns_host_name_account_no_dollar(self):
+        '''Test modifying dNSHostName with validated write with no dollar in sAMAccountName'''
+
+        ou_dn = f'OU=test_modify_ou1,{self.base_dn}'
+
+        account_name = 'test_mod_hostname'
+        dn = f'CN={account_name},{ou_dn}'
+
+        self.ldb_admin.create_ou(ou_dn)
+
+        # Grant Validated Write.
+        mod = (f'(OA;CI;SW;{security.GUID_DRS_DNS_HOST_NAME};;'
+               f'{self.user_sid})')
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+
+        # Create the account.
+        self.ldb_admin.add({
+            'dn': dn,
+            'objectClass': 'computer',
+            'sAMAccountName': f'{account_name}',
+        })
+
+        host_name = f'{account_name}.{self.ldb_user.domain_dns_name()}'
+
+        m = Message(Dn(self.ldb_user, dn))
+        m['dNSHostName'] = MessageElement(host_name,
+                                          FLAG_MOD_REPLACE,
+                                          'dNSHostName')
+        try:
+            self.ldb_user.modify(m)
+        except LdbError:
+            self.fail()
+
+    def test_modify_dns_host_name_no_suffix(self):
+        '''Test modifying dNSHostName with validated write of a value missing the suffix'''
+
+        ou_dn = f'OU=test_modify_ou1,{self.base_dn}'
+
+        account_name = 'test_mod_hostname'
+        dn = f'CN={account_name},{ou_dn}'
+
+        self.ldb_admin.create_ou(ou_dn)
+
+        # Grant Validated Write.
+        mod = (f'(OA;CI;SW;{security.GUID_DRS_DNS_HOST_NAME};;'
+               f'{self.user_sid})')
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+
+        # Create the account.
+        self.ldb_admin.add({
+            'dn': dn,
+            'objectClass': 'computer',
+            'sAMAccountName': f'{account_name}$',
+        })
+
+        host_name = f'{account_name}'
+
+        m = Message(Dn(self.ldb_user, dn))
+        m['dNSHostName'] = MessageElement(host_name,
+                                          FLAG_MOD_REPLACE,
+                                          'dNSHostName')
+        try:
+            self.ldb_user.modify(m)
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(ERR_CONSTRAINT_VIOLATION, num)
+        else:
+            self.fail()
+
+    def test_modify_dns_host_name_wrong_prefix(self):
+        '''Test modifying dNSHostName with validated write of a value with the wrong prefix'''
+
+        ou_dn = f'OU=test_modify_ou1,{self.base_dn}'
+
+        account_name = 'test_mod_hostname'
+        dn = f'CN={account_name},{ou_dn}'
+
+        self.ldb_admin.create_ou(ou_dn)
+
+        # Grant Validated Write.
+        mod = (f'(OA;CI;SW;{security.GUID_DRS_DNS_HOST_NAME};;'
+               f'{self.user_sid})')
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+
+        # Create the account.
+        self.ldb_admin.add({
+            'dn': dn,
+            'objectClass': 'computer',
+            'sAMAccountName': f'{account_name}$',
+        })
+
+        host_name = f'invalid.{self.ldb_user.domain_dns_name()}'
+
+        m = Message(Dn(self.ldb_user, dn))
+        m['dNSHostName'] = MessageElement(host_name,
+                                          FLAG_MOD_REPLACE,
+                                          'dNSHostName')
+        try:
+            self.ldb_user.modify(m)
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(ERR_CONSTRAINT_VIOLATION, num)
+        else:
+            self.fail()
+
+    def test_modify_dns_host_name_wrong_suffix(self):
+        '''Test modifying dNSHostName with validated write of a value with the wrong suffix'''
+
+        ou_dn = f'OU=test_modify_ou1,{self.base_dn}'
+
+        account_name = 'test_mod_hostname'
+        dn = f'CN={account_name},{ou_dn}'
+
+        self.ldb_admin.create_ou(ou_dn)
+
+        # Grant Validated Write.
+        mod = (f'(OA;CI;SW;{security.GUID_DRS_DNS_HOST_NAME};;'
+               f'{self.user_sid})')
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+
+        # Create the account.
+        self.ldb_admin.add({
+            'dn': dn,
+            'objectClass': 'computer',
+            'sAMAccountName': f'{account_name}$',
+        })
+
+        host_name = f'{account_name}.invalid.example.com'
+
+        m = Message(Dn(self.ldb_user, dn))
+        m['dNSHostName'] = MessageElement(host_name,
+                                          FLAG_MOD_REPLACE,
+                                          'dNSHostName')
+        try:
+            self.ldb_user.modify(m)
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(ERR_CONSTRAINT_VIOLATION, num)
+        else:
+            self.fail()
+
+    def test_modify_dns_host_name_case(self):
+        '''Test modifying dNSHostName with validated write of a value with irregular case'''
+
+        ou_dn = f'OU=test_modify_ou1,{self.base_dn}'
+
+        account_name = 'test_mod_hostname'
+        dn = f'CN={account_name},{ou_dn}'
+
+        self.ldb_admin.create_ou(ou_dn)
+
+        # Grant Validated Write.
+        mod = (f'(OA;CI;SW;{security.GUID_DRS_DNS_HOST_NAME};;'
+               f'{self.user_sid})')
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+
+        # Create the account.
+        self.ldb_admin.add({
+            'dn': dn,
+            'objectClass': 'computer',
+            'sAMAccountName': f'{account_name}$',
+        })
+
+        host_name = f'{account_name}.{self.ldb_user.domain_dns_name()}'
+        host_name = host_name.capitalize()
+
+        m = Message(Dn(self.ldb_user, dn))
+        m['dNSHostName'] = MessageElement(host_name,
+                                          FLAG_MOD_REPLACE,
+                                          'dNSHostName')
+        try:
+            self.ldb_user.modify(m)
+        except LdbError:
+            self.fail()
+
+    def test_modify_dns_host_name_allowed_suffixes(self):
+        '''Test modifying dNSHostName with validated write and an allowed suffix'''
+
+        allowed_suffix = 'suffix.that.is.allowed'
+
+        # Add the allowed suffix.
+
+        res = self.ldb_admin.search(self.base_dn,
+                                    scope=SCOPE_BASE,
+                                    attrs=['msDS-AllowedDNSSuffixes'])
+        self.assertEqual(1, len(res))
+        old_allowed_suffixes = res[0].get('msDS-AllowedDNSSuffixes')
+
+        def modify_allowed_suffixes(suffixes):
+            if suffixes is None:
+                suffixes = []
+                flag = FLAG_MOD_DELETE
+            else:
+                flag = FLAG_MOD_REPLACE
+
+            m = Message(Dn(self.ldb_admin, self.base_dn))
+            m['msDS-AllowedDNSSuffixes'] = MessageElement(
+                suffixes,
+                flag,
+                'msDS-AllowedDNSSuffixes')
+            self.ldb_admin.modify(m)
+
+        self.addCleanup(modify_allowed_suffixes, old_allowed_suffixes)
+
+        if old_allowed_suffixes is None:
+            allowed_suffixes = []
+        else:
+            allowed_suffixes = list(old_allowed_suffixes)
+
+        if (allowed_suffix not in allowed_suffixes and
+            allowed_suffix.encode('utf-8') not in allowed_suffixes):
+                allowed_suffixes.append(allowed_suffix)
+
+        modify_allowed_suffixes(allowed_suffixes)
+
+        # Create the account and run the test.
+
+        ou_dn = f'OU=test_modify_ou1,{self.base_dn}'
+
+        account_name = 'test_mod_hostname'
+        dn = f'CN={account_name},{ou_dn}'
+
+        self.ldb_admin.create_ou(ou_dn)
+
+        # Grant Validated Write.
+        mod = (f'(OA;CI;SW;{security.GUID_DRS_DNS_HOST_NAME};;'
+               f'{self.user_sid})')
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+
+        # Create the account.
+        self.ldb_admin.add({
+            'dn': dn,
+            'objectClass': 'computer',
+            'sAMAccountName': f'{account_name}$',
+        })
+
+        host_name = f'{account_name}.{allowed_suffix}'
+
+        m = Message(Dn(self.ldb_user, dn))
+        m['dNSHostName'] = MessageElement(host_name,
+                                          FLAG_MOD_REPLACE,
+                                          'dNSHostName')
+        try:
+            self.ldb_user.modify(m)
+        except LdbError:
+            self.fail()
+
+    def test_modify_dns_host_name_spn(self):
+        '''Test modifying dNSHostName and SPN with validated write'''
+
+        ou_dn = f'OU=test_modify_ou1,{self.base_dn}'
+
+        account_name = 'test_mod_hostname'
+        dn = f'CN={account_name},{ou_dn}'
+
+        self.ldb_admin.create_ou(ou_dn)
+
+        # Grant Validated Write.
+        mod = (f'(OA;CI;SW;{security.GUID_DRS_DNS_HOST_NAME};;'
+               f'{self.user_sid})')
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+        mod = (f'(OA;CI;SW;{security.GUID_DRS_VALIDATE_SPN};;'
+               f'{self.user_sid})')
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+
+        # Create the account.
+        self.ldb_admin.add({
+            'dn': dn,
+            'objectClass': 'computer',
+            'sAMAccountName': f'{account_name}$',
+        })
+
+        host_name = f'{account_name}.{self.ldb_user.domain_dns_name()}'
+        spn = f'host/{host_name}'
+
+        m = Message(Dn(self.ldb_user, dn))
+        m['0'] = MessageElement(host_name,
+                                FLAG_MOD_REPLACE,
+                                'dNSHostName')
+        m['1'] = MessageElement(spn,
+                                FLAG_MOD_ADD,
+                                'servicePrincipalName')
+        try:
+            self.ldb_user.modify(m)
+        except LdbError:
+            self.fail()
+
+    def test_modify_spn_matching_dns_host_name_invalid(self):
+        '''Test modifying SPN with validated write, matching a valid dNSHostName '''
+
+        ou_dn = f'OU=test_modify_ou1,{self.base_dn}'
+
+        account_name = 'test_mod_hostname'
+        dn = f'CN={account_name},{ou_dn}'
+
+        self.ldb_admin.create_ou(ou_dn)
+
+        # Grant Write Property.
+        mod = (f'(OA;CI;WP;{security.GUID_DRS_DNS_HOST_NAME};;'
+               f'{self.user_sid})')
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+        # Grant Validated Write.
+        mod = (f'(OA;CI;SW;{security.GUID_DRS_VALIDATE_SPN};;'
+               f'{self.user_sid})')
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+
+        # Create the account.
+        self.ldb_admin.add({
+            'dn': dn,
+            'objectClass': 'computer',
+            'sAMAccountName': f'{account_name}$',
+        })
+
+        invalid_host_name = 'invalid'
+
+        host_name = f'{account_name}.{self.ldb_user.domain_dns_name()}'
+        spn = f'host/{host_name}'
+
+        m = Message(Dn(self.ldb_user, dn))
+        m['0'] = MessageElement(invalid_host_name,
+                                FLAG_MOD_REPLACE,
+                                'dNSHostName')
+        m['1'] = MessageElement(spn,
+                                FLAG_MOD_ADD,
+                                'servicePrincipalName')
+        m['2'] = MessageElement(host_name,
+                                FLAG_MOD_REPLACE,
+                                'dNSHostName')
+        try:
+            self.ldb_user.modify(m)
+        except LdbError:
+            self.fail()
+
+    def test_modify_spn_matching_dns_host_name_original(self):
+        '''Test modifying SPN with validated write, matching the original dNSHostName '''
+
+        ou_dn = f'OU=test_modify_ou1,{self.base_dn}'
+
+        account_name = 'test_mod_hostname'
+        dn = f'CN={account_name},{ou_dn}'
+
+        self.ldb_admin.create_ou(ou_dn)
+
+        # Grant Validated Write.
+        mod = (f'(OA;CI;SW;{security.GUID_DRS_DNS_HOST_NAME};;'
+               f'{self.user_sid})')
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+        mod = (f'(OA;CI;SW;{security.GUID_DRS_VALIDATE_SPN};;'
+               f'{self.user_sid})')
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+
+        original_host_name = 'invalid_host_name'
+        original_spn = 'host/{original_host_name}'
+
+        # Create the account.
+        self.ldb_admin.add({
+            'dn': dn,
+            'objectClass': 'computer',
+            'sAMAccountName': f'{account_name}$',
+            'dNSHostName': original_host_name,
+        })
+
+        host_name = f'{account_name}.{self.ldb_user.domain_dns_name()}'
+
+        m = Message(Dn(self.ldb_user, dn))
+        m['0'] = MessageElement(original_spn,
+                                FLAG_MOD_ADD,
+                                'servicePrincipalName')
+        m['1'] = MessageElement(host_name,
+                                FLAG_MOD_REPLACE,
+                                'dNSHostName')
+        try:
+            self.ldb_user.modify(m)
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(ERR_CONSTRAINT_VIOLATION, num)
+        else:
+            self.fail()
+
+    def test_modify_dns_host_name_spn_matching_account_name_original(self):
+        '''Test modifying dNSHostName and SPN with validated write, matching the original sAMAccountName'''
+
+        ou_dn = f'OU=test_modify_ou1,{self.base_dn}'
+
+        account_name = 'test_mod_hostname'
+        dn = f'CN={account_name},{ou_dn}'
+
+        self.ldb_admin.create_ou(ou_dn)
+
+        sam_account_name = '3e0abfd0-126a-11d0-a060-00aa006c33ed'
+
+        # Grant Write Property.
+        mod = (f'(OA;CI;WP;{sam_account_name};;'
+               f'{self.user_sid})')
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+        # Grant Validated Write.
+        mod = (f'(OA;CI;SW;{security.GUID_DRS_DNS_HOST_NAME};;'
+               f'{self.user_sid})')
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+        mod = (f'(OA;CI;SW;{security.GUID_DRS_VALIDATE_SPN};;'
+               f'{self.user_sid})')
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+
+        # Create the account.
+        self.ldb_admin.add({
+            'dn': dn,
+            'objectClass': 'computer',
+            'sAMAccountName': f'{account_name}$',
+        })
+
+        new_account_name = 'test_mod_hostname2'
+        host_name = f'{account_name}.{self.ldb_user.domain_dns_name()}'
+        spn = f'host/{host_name}'
+
+        m = Message(Dn(self.ldb_user, dn))
+        m['0'] = MessageElement(host_name,
+                                FLAG_MOD_REPLACE,
+                                'dNSHostName')
+        m['1'] = MessageElement(spn,
+                                FLAG_MOD_ADD,
+                                'servicePrincipalName')
+        m['2'] = MessageElement(f'{new_account_name}$',
+                                FLAG_MOD_REPLACE,
+                                'sAMAccountName')
+        try:
+            self.ldb_user.modify(m)
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(ERR_CONSTRAINT_VIOLATION, num)
+        else:
+            self.fail()
+
+    def test_modify_dns_host_name_spn_matching_account_name_new(self):
+        '''Test modifying dNSHostName and SPN with validated write, matching the new sAMAccountName'''
+
+        ou_dn = f'OU=test_modify_ou1,{self.base_dn}'
+
+        account_name = 'test_mod_hostname'
+        dn = f'CN={account_name},{ou_dn}'
+
+        self.ldb_admin.create_ou(ou_dn)
+
+        sam_account_name = '3e0abfd0-126a-11d0-a060-00aa006c33ed'
+
+        # Grant Write Property.
+        mod = (f'(OA;CI;WP;{sam_account_name};;'
+               f'{self.user_sid})')
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+        # Grant Validated Write.
+        mod = (f'(OA;CI;SW;{security.GUID_DRS_DNS_HOST_NAME};;'
+               f'{self.user_sid})')
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+        mod = (f'(OA;CI;SW;{security.GUID_DRS_VALIDATE_SPN};;'
+               f'{self.user_sid})')
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+
+        # Create the account.
+        self.ldb_admin.add({
+            'dn': dn,
+            'objectClass': 'computer',
+            'sAMAccountName': f'{account_name}$',
+        })
+
+        new_account_name = 'test_mod_hostname2'
+        new_host_name = f'{new_account_name}.{self.ldb_user.domain_dns_name()}'
+        new_spn = f'host/{new_host_name}'
+
+        m = Message(Dn(self.ldb_user, dn))
+        m['0'] = MessageElement(new_spn,
+                                FLAG_MOD_ADD,
+                                'servicePrincipalName')
+        m['1'] = MessageElement(new_host_name,
+                                FLAG_MOD_REPLACE,
+                                'dNSHostName')
+        m['2'] = MessageElement(f'{new_account_name}$',
+                                FLAG_MOD_REPLACE,
+                                'sAMAccountName')
+        try:
+            self.ldb_user.modify(m)
+        except LdbError:
+            self.fail()
+
+# enable these when we have search implemented
+
+
+class AclSearchTests(AclTests):
+
+    def setUp(self):
+        super(AclSearchTests, self).setUp()
+
+        # permit password changes during this test
+        PasswordCommon.allow_password_changes(self, self.ldb_admin)
+
+        self.u1 = "search_u1"
+        self.u2 = "search_u2"
+        self.u3 = "search_u3"
+        self.group1 = "group1"
+        self.ldb_admin.newuser(self.u1, self.user_pass)
+        self.ldb_admin.newuser(self.u2, self.user_pass)
+        self.ldb_admin.newuser(self.u3, self.user_pass)
+        self.ldb_admin.newgroup(self.group1, grouptype=samba.dsdb.GTYPE_SECURITY_GLOBAL_GROUP)
+        self.ldb_admin.add_remove_group_members(self.group1, [self.u2],
+                                                add_members_operation=True)
+        self.ldb_user = self.get_ldb_connection(self.u1, self.user_pass)
+        self.ldb_user2 = self.get_ldb_connection(self.u2, self.user_pass)
+        self.ldb_user3 = self.get_ldb_connection(self.u3, self.user_pass)
+        self.full_list = [Dn(self.ldb_admin, "OU=ou2,OU=ou1," + self.base_dn),
+                          Dn(self.ldb_admin, "OU=ou1," + self.base_dn),
+                          Dn(self.ldb_admin, "OU=ou3,OU=ou2,OU=ou1," + self.base_dn),
+                          Dn(self.ldb_admin, "OU=ou4,OU=ou2,OU=ou1," + self.base_dn),
+                          Dn(self.ldb_admin, "OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn),
+                          Dn(self.ldb_admin, "OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn)]
+        self.user_sid = self.sd_utils.get_object_sid(self.get_user_dn(self.u1))
+        self.group_sid = self.sd_utils.get_object_sid(self.get_user_dn(self.group1))
+
+    def create_clean_ou(self, object_dn):
+        """ Base repeating setup for unittests to follow """
+        res = self.ldb_admin.search(base=self.base_dn, scope=SCOPE_SUBTREE,
+                                    expression="distinguishedName=%s" % object_dn)
+        # Make sure top testing OU has been deleted before starting the test
+        self.assertEqual(len(res), 0)
+        self.ldb_admin.create_ou(object_dn)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        # Make sure there are inheritable ACEs initially
+        self.assertTrue("CI" in desc_sddl or "OI" in desc_sddl)
+        # Find and remove all inherit ACEs
+        res = re.findall(r"\(.*?\)", desc_sddl)
+        res = [x for x in res if ("CI" in x) or ("OI" in x)]
+        for x in res:
+            desc_sddl = desc_sddl.replace(x, "")
+        # Add flag 'protected' in both DACL and SACL so no inherit ACEs
+        # can propagate from above
+        # remove SACL, we are not interested
+        desc_sddl = desc_sddl.replace(":AI", ":AIP")
+        self.sd_utils.modify_sd_on_dn(object_dn, desc_sddl)
+        # Verify all inheritable ACEs are gone
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        self.assertNotIn("CI", desc_sddl)
+        self.assertNotIn("OI", desc_sddl)
+
+    def tearDown(self):
+        super(AclSearchTests, self).tearDown()
+        delete_force(self.ldb_admin, "OU=test_search_ou2,OU=test_search_ou1," + self.base_dn)
+        delete_force(self.ldb_admin, "OU=test_search_ou1," + self.base_dn)
+        delete_force(self.ldb_admin, "OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn)
+        delete_force(self.ldb_admin, "OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn)
+        delete_force(self.ldb_admin, "OU=ou4,OU=ou2,OU=ou1," + self.base_dn)
+        delete_force(self.ldb_admin, "OU=ou3,OU=ou2,OU=ou1," + self.base_dn)
+        delete_force(self.ldb_admin, "OU=ou2,OU=ou1," + self.base_dn)
+        delete_force(self.ldb_admin, "OU=ou1," + self.base_dn)
+        delete_force(self.ldb_admin, self.get_user_dn("search_u1"))
+        delete_force(self.ldb_admin, self.get_user_dn("search_u2"))
+        delete_force(self.ldb_admin, self.get_user_dn("search_u3"))
+        delete_force(self.ldb_admin, self.get_user_dn("group1"))
+
+        del self.ldb_user
+        del self.ldb_user2
+        del self.ldb_user3
+
+    def test_search_anonymous1(self):
+        """Verify access of rootDSE with the correct request"""
+        anonymous = SamDB(url=ldaphost, credentials=self.creds_tmp, lp=lp)
+        res = anonymous.search("", expression="(objectClass=*)", scope=SCOPE_BASE)
+        self.assertEqual(len(res), 1)
+        # verify some of the attributes
+        # don't care about values
+        self.assertIn("ldapServiceName", res[0])
+        self.assertIn("namingContexts", res[0])
+        self.assertIn("isSynchronized", res[0])
+        self.assertIn("dsServiceName", res[0])
+        self.assertIn("supportedSASLMechanisms", res[0])
+        self.assertIn("isGlobalCatalogReady", res[0])
+        self.assertIn("domainControllerFunctionality", res[0])
+        self.assertIn("serverName", res[0])
+
+    def test_search_anonymous2(self):
+        """Make sure we cannot access anything else"""
+        anonymous = SamDB(url=ldaphost, credentials=self.creds_tmp, lp=lp)
+        try:
+            anonymous.search("", expression="(objectClass=*)", scope=SCOPE_SUBTREE)
+        except LdbError as e15:
+            (num, _) = e15.args
+            self.assertEqual(num, ERR_OPERATIONS_ERROR)
+        else:
+            self.fail()
+        try:
+            anonymous.search(self.base_dn, expression="(objectClass=*)", scope=SCOPE_SUBTREE)
+        except LdbError as e16:
+            (num, _) = e16.args
+            self.assertEqual(num, ERR_OPERATIONS_ERROR)
+        else:
+            self.fail()
+        try:
+            anonymous.search(anonymous.get_config_basedn(), expression="(objectClass=*)",
+                             scope=SCOPE_SUBTREE)
+        except LdbError as e17:
+            (num, _) = e17.args
+            self.assertEqual(num, ERR_OPERATIONS_ERROR)
+        else:
+            self.fail()
+
+    def test_search_anonymous3(self):
+        """Set dsHeuristics and repeat"""
+        self.ldb_admin.set_dsheuristics("0000002")
+        self.ldb_admin.create_ou("OU=test_search_ou1," + self.base_dn)
+        mod = "(A;CI;LC;;;AN)"
+        self.sd_utils.dacl_add_ace("OU=test_search_ou1," + self.base_dn, mod)
+        self.ldb_admin.create_ou("OU=test_search_ou2,OU=test_search_ou1," + self.base_dn)
+        anonymous = SamDB(url=ldaphost, credentials=self.creds_tmp, lp=lp)
+        res = anonymous.search("OU=test_search_ou2,OU=test_search_ou1," + self.base_dn,
+                               expression="(objectClass=*)", scope=SCOPE_SUBTREE)
+        self.assertEqual(len(res), 1)
+        self.assertIn("dn", res[0])
+        self.assertEqual(res[0]["dn"], Dn(self.ldb_admin,
+                                          "OU=test_search_ou2,OU=test_search_ou1," + self.base_dn))
+        res = anonymous.search(anonymous.get_config_basedn(), expression="(objectClass=*)",
+                               scope=SCOPE_SUBTREE)
+        self.assertEqual(len(res), 1)
+        self.assertIn("dn", res[0])
+        self.assertEqual(res[0]["dn"], Dn(self.ldb_admin, self.configuration_dn))
+
+    def test_search1(self):
+        """Make sure users can see us if given LC to user and group"""
+        self.create_clean_ou("OU=ou1," + self.base_dn)
+        mod = "(A;;LC;;;%s)(A;;LC;;;%s)" % (str(self.user_sid), str(self.group_sid))
+        self.sd_utils.dacl_add_ace("OU=ou1," + self.base_dn, mod)
+        tmp_desc = security.descriptor.from_sddl("D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod,
+                                                 self.domain_sid)
+        self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+        self.ldb_admin.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+        self.ldb_admin.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+        self.ldb_admin.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+        self.ldb_admin.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+
+        # regular users must see only ou1 and ou2
+        res = self.ldb_user3.search("OU=ou1," + self.base_dn, expression="(objectClass=*)",
+                                    scope=SCOPE_SUBTREE)
+        self.assertEqual(len(res), 2)
+        ok_list = [Dn(self.ldb_admin, "OU=ou2,OU=ou1," + self.base_dn),
+                   Dn(self.ldb_admin, "OU=ou1," + self.base_dn)]
+
+        res_list = [x["dn"] for x in res if x["dn"] in ok_list]
+        self.assertEqual(sorted(res_list), sorted(ok_list))
+
+        # these users should see all ous
+        res = self.ldb_user.search("OU=ou1," + self.base_dn, expression="(objectClass=*)",
+                                   scope=SCOPE_SUBTREE)
+        self.assertEqual(len(res), 6)
+        res_list = [x["dn"] for x in res if x["dn"] in self.full_list]
+        self.assertEqual(sorted(res_list), sorted(self.full_list))
+
+        res = self.ldb_user2.search("OU=ou1," + self.base_dn, expression="(objectClass=*)",
+                                    scope=SCOPE_SUBTREE)
+        self.assertEqual(len(res), 6)
+        res_list = [x["dn"] for x in res if x["dn"] in self.full_list]
+        self.assertEqual(sorted(res_list), sorted(self.full_list))
+
+    def test_search2(self):
+        """Make sure users can't see us if access is explicitly denied"""
+        self.create_clean_ou("OU=ou1," + self.base_dn)
+        self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn)
+        self.ldb_admin.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn)
+        self.ldb_admin.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn)
+        self.ldb_admin.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn)
+        self.ldb_admin.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn)
+        mod = "(D;;LC;;;%s)(D;;LC;;;%s)" % (str(self.user_sid), str(self.group_sid))
+        self.sd_utils.dacl_add_ace("OU=ou2,OU=ou1," + self.base_dn, mod)
+        res = self.ldb_user3.search("OU=ou1," + self.base_dn, expression="(objectClass=*)",
+                                    scope=SCOPE_SUBTREE)
+        # this user should see all ous
+        res_list = [x["dn"] for x in res if x["dn"] in self.full_list]
+        self.assertEqual(sorted(res_list), sorted(self.full_list))
+
+        # these users should see ou1, 2, 5 and 6 but not 3 and 4
+        res = self.ldb_user.search("OU=ou1," + self.base_dn, expression="(objectClass=*)",
+                                   scope=SCOPE_SUBTREE)
+        ok_list = [Dn(self.ldb_admin, "OU=ou2,OU=ou1," + self.base_dn),
+                   Dn(self.ldb_admin, "OU=ou1," + self.base_dn),
+                   Dn(self.ldb_admin, "OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn),
+                   Dn(self.ldb_admin, "OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn)]
+        res_list = [x["dn"] for x in res if x["dn"] in ok_list]
+        self.assertEqual(sorted(res_list), sorted(ok_list))
+
+        res = self.ldb_user2.search("OU=ou1," + self.base_dn, expression="(objectClass=*)",
+                                    scope=SCOPE_SUBTREE)
+        self.assertEqual(len(res), 4)
+        res_list = [x["dn"] for x in res if x["dn"] in ok_list]
+        self.assertEqual(sorted(res_list), sorted(ok_list))
+
+    def test_search3(self):
+        """Make sure users can't see ous if access is explicitly denied - 2"""
+        self.create_clean_ou("OU=ou1," + self.base_dn)
+        mod = "(A;CI;LC;;;%s)(A;CI;LC;;;%s)" % (str(self.user_sid), str(self.group_sid))
+        self.sd_utils.dacl_add_ace("OU=ou1," + self.base_dn, mod)
+        tmp_desc = security.descriptor.from_sddl("D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod,
+                                                 self.domain_sid)
+        self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+        self.ldb_admin.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+        self.ldb_admin.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+        self.ldb_admin.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+        self.ldb_admin.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+
+        print("Testing correct behavior on nonaccessible search base")
+        try:
+            self.ldb_user3.search("OU=ou3,OU=ou2,OU=ou1," + self.base_dn, expression="(objectClass=*)",
+                                  scope=SCOPE_BASE)
+        except LdbError as e18:
+            (num, _) = e18.args
+            self.assertEqual(num, ERR_NO_SUCH_OBJECT)
+        else:
+            self.fail()
+
+        mod = "(D;;LC;;;%s)(D;;LC;;;%s)" % (str(self.user_sid), str(self.group_sid))
+        self.sd_utils.dacl_add_ace("OU=ou2,OU=ou1," + self.base_dn, mod)
+
+        ok_list = [Dn(self.ldb_admin, "OU=ou2,OU=ou1," + self.base_dn),
+                   Dn(self.ldb_admin, "OU=ou1," + self.base_dn)]
+
+        res = self.ldb_user3.search("OU=ou1," + self.base_dn, expression="(objectClass=*)",
+                                    scope=SCOPE_SUBTREE)
+        res_list = [x["dn"] for x in res if x["dn"] in ok_list]
+        self.assertEqual(sorted(res_list), sorted(ok_list))
+
+        ok_list = [Dn(self.ldb_admin, "OU=ou2,OU=ou1," + self.base_dn),
+                   Dn(self.ldb_admin, "OU=ou1," + self.base_dn),
+                   Dn(self.ldb_admin, "OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn),
+                   Dn(self.ldb_admin, "OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn)]
+
+        # should not see ou3 and ou4, but should see ou5 and ou6
+        res = self.ldb_user.search("OU=ou1," + self.base_dn, expression="(objectClass=*)",
+                                   scope=SCOPE_SUBTREE)
+        self.assertEqual(len(res), 4)
+        res_list = [x["dn"] for x in res if x["dn"] in ok_list]
+        self.assertEqual(sorted(res_list), sorted(ok_list))
+
+        res = self.ldb_user2.search("OU=ou1," + self.base_dn, expression="(objectClass=*)",
+                                    scope=SCOPE_SUBTREE)
+        self.assertEqual(len(res), 4)
+        res_list = [x["dn"] for x in res if x["dn"] in ok_list]
+        self.assertEqual(sorted(res_list), sorted(ok_list))
+
+    def test_search4(self):
+        """There is no difference in visibility if the user is also creator"""
+        self.create_clean_ou("OU=ou1," + self.base_dn)
+        mod = "(A;CI;CCWD;;;%s)" % (str(self.user_sid))
+        self.sd_utils.dacl_add_ace("OU=ou1," + self.base_dn, mod)
+        tmp_desc = security.descriptor.from_sddl("D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod,
+                                                 self.domain_sid)
+        self.ldb_user.create_ou("OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+        self.ldb_user.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+        self.ldb_user.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+        self.ldb_user.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+        self.ldb_user.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+
+        ok_list = [Dn(self.ldb_admin, "OU=ou2,OU=ou1," + self.base_dn),
+                   Dn(self.ldb_admin, "OU=ou1," + self.base_dn)]
+        res = self.ldb_user3.search("OU=ou1," + self.base_dn, expression="(objectClass=*)",
+                                    scope=SCOPE_SUBTREE)
+        self.assertEqual(len(res), 2)
+        res_list = [x["dn"] for x in res if x["dn"] in ok_list]
+        self.assertEqual(sorted(res_list), sorted(ok_list))
+
+        res = self.ldb_user.search("OU=ou1," + self.base_dn, expression="(objectClass=*)",
+                                   scope=SCOPE_SUBTREE)
+        self.assertEqual(len(res), 2)
+        res_list = [x["dn"] for x in res if x["dn"] in ok_list]
+        self.assertEqual(sorted(res_list), sorted(ok_list))
+
+    def test_search5(self):
+        """Make sure users can see only attributes they are allowed to see"""
+        self.create_clean_ou("OU=ou1," + self.base_dn)
+        mod = "(A;CI;LC;;;%s)" % (str(self.user_sid))
+        self.sd_utils.dacl_add_ace("OU=ou1," + self.base_dn, mod)
+        tmp_desc = security.descriptor.from_sddl("D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod,
+                                                 self.domain_sid)
+        self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+        # assert user can only see dn
+        res = self.ldb_user.search("OU=ou2,OU=ou1," + self.base_dn, expression="(objectClass=*)",
+                                   scope=SCOPE_SUBTREE)
+        ok_list = ['dn']
+        self.assertEqual(len(res), 1)
+        res_list = list(res[0].keys())
+        self.assertEqual(res_list, ok_list)
+
+        res = self.ldb_user.search("OU=ou2,OU=ou1," + self.base_dn, expression="(objectClass=*)",
+                                   scope=SCOPE_BASE, attrs=["ou"])
+
+        self.assertEqual(len(res), 1)
+        res_list = list(res[0].keys())
+        self.assertEqual(res_list, ok_list)
+
+        # give read property on ou and assert user can only see dn and ou
+        mod = "(OA;;RP;bf9679f0-0de6-11d0-a285-00aa003049e2;;%s)" % (str(self.user_sid))
+        self.sd_utils.dacl_add_ace("OU=ou1," + self.base_dn, mod)
+        self.sd_utils.dacl_add_ace("OU=ou2,OU=ou1," + self.base_dn, mod)
+        res = self.ldb_user.search("OU=ou2,OU=ou1," + self.base_dn, expression="(objectClass=*)",
+                                   scope=SCOPE_SUBTREE)
+        ok_list = ['dn', 'ou']
+        self.assertEqual(len(res), 1)
+        res_list = list(res[0].keys())
+        self.assertEqual(sorted(res_list), sorted(ok_list))
+
+        # give read property on Public Information and assert user can see ou and other members
+        mod = "(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;%s)" % (str(self.user_sid))
+        self.sd_utils.dacl_add_ace("OU=ou1," + self.base_dn, mod)
+        self.sd_utils.dacl_add_ace("OU=ou2,OU=ou1," + self.base_dn, mod)
+        res = self.ldb_user.search("OU=ou2,OU=ou1," + self.base_dn, expression="(objectClass=*)",
+                                   scope=SCOPE_SUBTREE)
+
+        ok_list = ['dn', 'objectClass', 'ou', 'distinguishedName', 'name', 'objectGUID', 'objectCategory']
+        res_list = list(res[0].keys())
+        self.assertEqual(sorted(res_list), sorted(ok_list))
+
+    def test_search6(self):
+        """If an attribute that cannot be read is used in a filter, it is as if the attribute does not exist"""
+        self.create_clean_ou("OU=ou1," + self.base_dn)
+        mod = "(A;CI;LCCCWD;;;%s)" % (str(self.user_sid))
+        self.sd_utils.dacl_add_ace("OU=ou1," + self.base_dn, mod)
+        tmp_desc = security.descriptor.from_sddl("D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod,
+                                                 self.domain_sid)
+        self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+        self.ldb_user.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+
+        res = self.ldb_user.search("OU=ou1," + self.base_dn, expression="(ou=ou3)",
+                                   scope=SCOPE_SUBTREE)
+        # nothing should be returned as ou is not accessible
+        self.assertEqual(len(res), 0)
+
+        # give read property on ou and assert user can only see dn and ou
+        mod = "(OA;;RP;bf9679f0-0de6-11d0-a285-00aa003049e2;;%s)" % (str(self.user_sid))
+        self.sd_utils.dacl_add_ace("OU=ou3,OU=ou2,OU=ou1," + self.base_dn, mod)
+        res = self.ldb_user.search("OU=ou1," + self.base_dn, expression="(ou=ou3)",
+                                   scope=SCOPE_SUBTREE)
+        self.assertEqual(len(res), 1)
+        ok_list = ['dn', 'ou']
+        res_list = list(res[0].keys())
+        self.assertEqual(sorted(res_list), sorted(ok_list))
+
+        # give read property on Public Information and assert user can see ou and other members
+        mod = "(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;%s)" % (str(self.user_sid))
+        self.sd_utils.dacl_add_ace("OU=ou2,OU=ou1," + self.base_dn, mod)
+        res = self.ldb_user.search("OU=ou1," + self.base_dn, expression="(ou=ou2)",
+                                   scope=SCOPE_SUBTREE)
+        self.assertEqual(len(res), 1)
+        ok_list = ['dn', 'objectClass', 'ou', 'distinguishedName', 'name', 'objectGUID', 'objectCategory']
+        res_list = list(res[0].keys())
+        self.assertEqual(sorted(res_list), sorted(ok_list))
+
+    def assert_search_on_attr(self, dn, samdb, attr, expected_list):
+
+        expected_num = len(expected_list)
+        res = samdb.search(dn, expression="(%s=*)" % attr, scope=SCOPE_SUBTREE)
+        self.assertEqual(len(res), expected_num)
+
+        res_list = [ x["dn"] for x in res if x["dn"] in expected_list ]
+        self.assertEqual(sorted(res_list), sorted(expected_list))
+
+    def test_search7(self):
+        """Checks object search visibility when users don't have full rights"""
+        self.create_clean_ou("OU=ou1," + self.base_dn)
+        mod = "(A;;LC;;;%s)(A;;LC;;;%s)" % (str(self.user_sid),
+                                            str(self.group_sid))
+        self.sd_utils.dacl_add_ace("OU=ou1," + self.base_dn, mod)
+        tmp_desc = security.descriptor.from_sddl("D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod,
+                                                 self.domain_sid)
+        self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+        self.ldb_admin.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
+                                 sd=tmp_desc)
+        self.ldb_admin.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
+                                 sd=tmp_desc)
+        self.ldb_admin.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
+                                 sd=tmp_desc)
+        self.ldb_admin.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
+                                 sd=tmp_desc)
+
+        ou2_dn = Dn(self.ldb_admin,  "OU=ou2,OU=ou1," + self.base_dn)
+        ou1_dn = Dn(self.ldb_admin,  "OU=ou1," + self.base_dn)
+
+        # even though unprivileged users can't read these attributes for OU2,
+        # the object should still be visible in searches, because they have
+        # 'List Contents' rights still. This isn't really disclosive because
+        # ALL objects have these attributes
+        visible_attrs = ["objectClass", "distinguishedName", "name",
+                         "objectGUID"]
+        two_objects = [ou2_dn, ou1_dn]
+
+        for attr in visible_attrs:
+            # a regular user should just see the 2 objects
+            self.assert_search_on_attr(str(ou1_dn), self.ldb_user3, attr,
+                                       expected_list=two_objects)
+
+            # whereas the following users have LC rights for all the objects,
+            # so they should see them all
+            self.assert_search_on_attr(str(ou1_dn), self.ldb_user, attr,
+                                       expected_list=self.full_list)
+            self.assert_search_on_attr(str(ou1_dn), self.ldb_user2, attr,
+                                       expected_list=self.full_list)
+
+        # however when searching on the following attributes, objects will not
+        # be visible unless the user has Read Property rights
+        hidden_attrs = ["objectCategory", "instanceType", "ou", "uSNChanged",
+                        "uSNCreated", "whenCreated"]
+        one_object = [ou1_dn]
+
+        for attr in hidden_attrs:
+            self.assert_search_on_attr(str(ou1_dn), self.ldb_user3, attr,
+                                       expected_list=one_object)
+            self.assert_search_on_attr(str(ou1_dn), self.ldb_user, attr,
+                                       expected_list=one_object)
+            self.assert_search_on_attr(str(ou1_dn), self.ldb_user2, attr,
+                                       expected_list=one_object)
+
+            # admin has RP rights so can still see all the objects
+            self.assert_search_on_attr(str(ou1_dn), self.ldb_admin, attr,
+                                       expected_list=self.full_list)
+
+
+# tests on ldap delete operations
+
+
+class AclDeleteTests(AclTests):
+
+    def setUp(self):
+        super(AclDeleteTests, self).setUp()
+        self.regular_user = "acl_delete_user1"
+        # Create regular user
+        self.ldb_admin.newuser(self.regular_user, self.user_pass)
+        self.ldb_user = self.get_ldb_connection(self.regular_user, self.user_pass)
+
+    def tearDown(self):
+        super(AclDeleteTests, self).tearDown()
+        delete_force(self.ldb_admin, self.get_user_dn("test_delete_user1"))
+        delete_force(self.ldb_admin, self.get_user_dn(self.regular_user))
+        delete_force(self.ldb_admin, self.get_user_dn("test_anonymous"))
+
+        del self.ldb_user
+
+    def test_delete_u1(self):
+        """User is prohibited by default to delete another User object"""
+        # Create user that we try to delete
+        self.ldb_admin.newuser("test_delete_user1", self.user_pass)
+        # Here delete User object should ALWAYS through exception
+        try:
+            self.ldb_user.delete(self.get_user_dn("test_delete_user1"))
+        except LdbError as e19:
+            (num, _) = e19.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+        else:
+            self.fail()
+
+    def test_delete_u2(self):
+        """User's group has RIGHT_DELETE to another User object"""
+        user_dn = self.get_user_dn("test_delete_user1")
+        # Create user that we try to delete
+        self.ldb_admin.newuser("test_delete_user1", self.user_pass)
+        mod = "(A;;SD;;;AU)"
+        self.sd_utils.dacl_add_ace(user_dn, mod)
+        # Try to delete User object
+        self.ldb_user.delete(user_dn)
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(distinguishedName=%s)" % user_dn)
+        self.assertEqual(len(res), 0)
+
+    def test_delete_u3(self):
+        """User identified by SID has RIGHT_DELETE to another User object"""
+        user_dn = self.get_user_dn("test_delete_user1")
+        # Create user that we try to delete
+        self.ldb_admin.newuser("test_delete_user1", self.user_pass)
+        mod = "(A;;SD;;;%s)" % self.sd_utils.get_object_sid(self.get_user_dn(self.regular_user))
+        self.sd_utils.dacl_add_ace(user_dn, mod)
+        # Try to delete User object
+        self.ldb_user.delete(user_dn)
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(distinguishedName=%s)" % user_dn)
+        self.assertEqual(len(res), 0)
+
+    def test_delete_anonymous(self):
+        """Test add operation with anonymous user"""
+        anonymous = SamDB(url=ldaphost, credentials=self.creds_tmp, lp=lp)
+        self.ldb_admin.newuser("test_anonymous", "samba123@")
+
+        try:
+            anonymous.delete(self.get_user_dn("test_anonymous"))
+        except LdbError as e20:
+            (num, _) = e20.args
+            self.assertEqual(num, ERR_OPERATIONS_ERROR)
+        else:
+            self.fail()
+
+# tests on ldap rename operations
+
+
+class AclRenameTests(AclTests):
+
+    def setUp(self):
+        super(AclRenameTests, self).setUp()
+        self.regular_user = "acl_rename_user1"
+        self.ou1 = "OU=test_rename_ou1"
+        self.ou2 = "OU=test_rename_ou2"
+        self.ou3 = "OU=test_rename_ou3,%s" % self.ou2
+        self.testuser1 = "test_rename_user1"
+        self.testuser2 = "test_rename_user2"
+        self.testuser3 = "test_rename_user3"
+        self.testuser4 = "test_rename_user4"
+        self.testuser5 = "test_rename_user5"
+        # Create regular user
+        self.ldb_admin.newuser(self.regular_user, self.user_pass)
+        self.ldb_user = self.get_ldb_connection(self.regular_user, self.user_pass)
+
+    def tearDown(self):
+        super(AclRenameTests, self).tearDown()
+        # Rename OU3
+        delete_force(self.ldb_admin, "CN=%s,%s,%s" % (self.testuser1, self.ou3, self.base_dn))
+        delete_force(self.ldb_admin, "CN=%s,%s,%s" % (self.testuser2, self.ou3, self.base_dn))
+        delete_force(self.ldb_admin, "CN=%s,%s,%s" % (self.testuser5, self.ou3, self.base_dn))
+        delete_force(self.ldb_admin, "%s,%s" % (self.ou3, self.base_dn))
+        # Rename OU2
+        delete_force(self.ldb_admin, "CN=%s,%s,%s" % (self.testuser1, self.ou2, self.base_dn))
+        delete_force(self.ldb_admin, "CN=%s,%s,%s" % (self.testuser2, self.ou2, self.base_dn))
+        delete_force(self.ldb_admin, "CN=%s,%s,%s" % (self.testuser5, self.ou2, self.base_dn))
+        delete_force(self.ldb_admin, "%s,%s" % (self.ou2, self.base_dn))
+        # Rename OU1
+        delete_force(self.ldb_admin, "CN=%s,%s,%s" % (self.testuser1, self.ou1, self.base_dn))
+        delete_force(self.ldb_admin, "CN=%s,%s,%s" % (self.testuser2, self.ou1, self.base_dn))
+        delete_force(self.ldb_admin, "CN=%s,%s,%s" % (self.testuser5, self.ou1, self.base_dn))
+        delete_force(self.ldb_admin, "OU=test_rename_ou3,%s,%s" % (self.ou1, self.base_dn))
+        delete_force(self.ldb_admin, "%s,%s" % (self.ou1, self.base_dn))
+        delete_force(self.ldb_admin, self.get_user_dn(self.regular_user))
+
+        del self.ldb_user
+
+    def test_rename_u1(self):
+        """Regular user fails to rename 'User object' within single OU"""
+        # Create OU structure
+        self.ldb_admin.create_ou("OU=test_rename_ou1," + self.base_dn)
+        self.ldb_admin.newuser(self.testuser1, self.user_pass, userou=self.ou1)
+        try:
+            self.ldb_user.rename("CN=%s,%s,%s" % (self.testuser1, self.ou1, self.base_dn),
+                                 "CN=%s,%s,%s" % (self.testuser5, self.ou1, self.base_dn))
+        except LdbError as e21:
+            (num, _) = e21.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+        else:
+            self.fail()
+
+    def test_rename_u2(self):
+        """Grant WRITE_PROPERTY to AU so regular user can rename 'User object' within single OU"""
+        ou_dn = "OU=test_rename_ou1," + self.base_dn
+        user_dn = "CN=test_rename_user1," + ou_dn
+        rename_user_dn = "CN=test_rename_user5," + ou_dn
+        # Create OU structure
+        self.ldb_admin.create_ou(ou_dn)
+        self.ldb_admin.newuser(self.testuser1, self.user_pass, userou=self.ou1)
+        mod = "(A;;WP;;;AU)"
+        self.sd_utils.dacl_add_ace(user_dn, mod)
+        # Rename 'User object' having WP to AU
+        self.ldb_user.rename(user_dn, rename_user_dn)
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(distinguishedName=%s)" % user_dn)
+        self.assertEqual(len(res), 0)
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(distinguishedName=%s)" % rename_user_dn)
+        self.assertNotEqual(len(res), 0)
+
+    def test_rename_u3(self):
+        """Test rename with rights granted to 'User object' SID"""
+        ou_dn = "OU=test_rename_ou1," + self.base_dn
+        user_dn = "CN=test_rename_user1," + ou_dn
+        rename_user_dn = "CN=test_rename_user5," + ou_dn
+        # Create OU structure
+        self.ldb_admin.create_ou(ou_dn)
+        self.ldb_admin.newuser(self.testuser1, self.user_pass, userou=self.ou1)
+        sid = self.sd_utils.get_object_sid(self.get_user_dn(self.regular_user))
+        mod = "(A;;WP;;;%s)" % str(sid)
+        self.sd_utils.dacl_add_ace(user_dn, mod)
+        # Rename 'User object' having WP to AU
+        self.ldb_user.rename(user_dn, rename_user_dn)
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(distinguishedName=%s)" % user_dn)
+        self.assertEqual(len(res), 0)
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(distinguishedName=%s)" % rename_user_dn)
+        self.assertNotEqual(len(res), 0)
+
+    def test_rename_u4(self):
+        """Rename 'User object' cross OU with WP, SD and CC right granted on reg. user to AU"""
+        ou1_dn = "OU=test_rename_ou1," + self.base_dn
+        ou2_dn = "OU=test_rename_ou2," + self.base_dn
+        user_dn = "CN=test_rename_user2," + ou1_dn
+        rename_user_dn = "CN=test_rename_user5," + ou2_dn
+        # Create OU structure
+        self.ldb_admin.create_ou(ou1_dn)
+        self.ldb_admin.create_ou(ou2_dn)
+        self.ldb_admin.newuser(self.testuser2, self.user_pass, userou=self.ou1)
+        mod = "(A;;WPSD;;;AU)"
+        self.sd_utils.dacl_add_ace(user_dn, mod)
+        mod = "(A;;CC;;;AU)"
+        self.sd_utils.dacl_add_ace(ou2_dn, mod)
+        # Rename 'User object' having SD and CC to AU
+        self.ldb_user.rename(user_dn, rename_user_dn)
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(distinguishedName=%s)" % user_dn)
+        self.assertEqual(len(res), 0)
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(distinguishedName=%s)" % rename_user_dn)
+        self.assertNotEqual(len(res), 0)
+
+    def test_rename_u5(self):
+        """Test rename with rights granted to 'User object' SID"""
+        ou1_dn = "OU=test_rename_ou1," + self.base_dn
+        ou2_dn = "OU=test_rename_ou2," + self.base_dn
+        user_dn = "CN=test_rename_user2," + ou1_dn
+        rename_user_dn = "CN=test_rename_user5," + ou2_dn
+        # Create OU structure
+        self.ldb_admin.create_ou(ou1_dn)
+        self.ldb_admin.create_ou(ou2_dn)
+        self.ldb_admin.newuser(self.testuser2, self.user_pass, userou=self.ou1)
+        sid = self.sd_utils.get_object_sid(self.get_user_dn(self.regular_user))
+        mod = "(A;;WPSD;;;%s)" % str(sid)
+        self.sd_utils.dacl_add_ace(user_dn, mod)
+        mod = "(A;;CC;;;%s)" % str(sid)
+        self.sd_utils.dacl_add_ace(ou2_dn, mod)
+        # Rename 'User object' having SD and CC to AU
+        self.ldb_user.rename(user_dn, rename_user_dn)
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(distinguishedName=%s)" % user_dn)
+        self.assertEqual(len(res), 0)
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(distinguishedName=%s)" % rename_user_dn)
+        self.assertNotEqual(len(res), 0)
+
+    def test_rename_u6(self):
+        """Rename 'User object' cross OU with WP, DC and CC right granted on OU & user to AU"""
+        ou1_dn = "OU=test_rename_ou1," + self.base_dn
+        ou2_dn = "OU=test_rename_ou2," + self.base_dn
+        user_dn = "CN=test_rename_user2," + ou1_dn
+        rename_user_dn = "CN=test_rename_user2," + ou2_dn
+        # Create OU structure
+        self.ldb_admin.create_ou(ou1_dn)
+        self.ldb_admin.create_ou(ou2_dn)
+        #mod = "(A;CI;DCWP;;;AU)"
+        mod = "(A;;DC;;;AU)"
+        self.sd_utils.dacl_add_ace(ou1_dn, mod)
+        mod = "(A;;CC;;;AU)"
+        self.sd_utils.dacl_add_ace(ou2_dn, mod)
+        self.ldb_admin.newuser(self.testuser2, self.user_pass, userou=self.ou1)
+        mod = "(A;;WP;;;AU)"
+        self.sd_utils.dacl_add_ace(user_dn, mod)
+        # Rename 'User object' having SD and CC to AU
+        self.ldb_user.rename(user_dn, rename_user_dn)
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(distinguishedName=%s)" % user_dn)
+        self.assertEqual(len(res), 0)
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(distinguishedName=%s)" % rename_user_dn)
+        self.assertNotEqual(len(res), 0)
+
+    def test_rename_u7(self):
+        """Rename 'User object' cross OU (second level) with WP, DC and CC right granted on OU to AU"""
+        ou1_dn = "OU=test_rename_ou1," + self.base_dn
+        ou2_dn = "OU=test_rename_ou2," + self.base_dn
+        ou3_dn = "OU=test_rename_ou3," + ou2_dn
+        user_dn = "CN=test_rename_user2," + ou1_dn
+        rename_user_dn = "CN=test_rename_user5," + ou3_dn
+        # Create OU structure
+        self.ldb_admin.create_ou(ou1_dn)
+        self.ldb_admin.create_ou(ou2_dn)
+        self.ldb_admin.create_ou(ou3_dn)
+        mod = "(A;CI;WPDC;;;AU)"
+        self.sd_utils.dacl_add_ace(ou1_dn, mod)
+        mod = "(A;;CC;;;AU)"
+        self.sd_utils.dacl_add_ace(ou3_dn, mod)
+        self.ldb_admin.newuser(self.testuser2, self.user_pass, userou=self.ou1)
+        # Rename 'User object' having SD and CC to AU
+        self.ldb_user.rename(user_dn, rename_user_dn)
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(distinguishedName=%s)" % user_dn)
+        self.assertEqual(len(res), 0)
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(distinguishedName=%s)" % rename_user_dn)
+        self.assertNotEqual(len(res), 0)
+
+    def test_rename_u8(self):
+        """Test rename on an object with and without modify access on the RDN attribute"""
+        ou1_dn = "OU=test_rename_ou1," + self.base_dn
+        ou2_dn = "OU=test_rename_ou2," + ou1_dn
+        ou3_dn = "OU=test_rename_ou3," + ou1_dn
+        # Create OU structure
+        self.ldb_admin.create_ou(ou1_dn)
+        self.ldb_admin.create_ou(ou2_dn)
+        sid = self.sd_utils.get_object_sid(self.get_user_dn(self.regular_user))
+        mod = "(OA;;WP;bf967a0e-0de6-11d0-a285-00aa003049e2;;%s)" % str(sid)
+        self.sd_utils.dacl_add_ace(ou2_dn, mod)
+        mod = "(OD;;WP;bf9679f0-0de6-11d0-a285-00aa003049e2;;%s)" % str(sid)
+        self.sd_utils.dacl_add_ace(ou2_dn, mod)
+        try:
+            self.ldb_user.rename(ou2_dn, ou3_dn)
+        except LdbError as e22:
+            (num, _) = e22.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+        else:
+            # This rename operation should always throw ERR_INSUFFICIENT_ACCESS_RIGHTS
+            self.fail()
+        sid = self.sd_utils.get_object_sid(self.get_user_dn(self.regular_user))
+        mod = "(A;;WP;bf9679f0-0de6-11d0-a285-00aa003049e2;;%s)" % str(sid)
+        self.sd_utils.dacl_add_ace(ou2_dn, mod)
+        self.ldb_user.rename(ou2_dn, ou3_dn)
+        res = self.ldb_admin.search(self.base_dn, expression="(distinguishedName=%s)" % ou2_dn)
+        self.assertEqual(len(res), 0)
+        res = self.ldb_admin.search(self.base_dn, expression="(distinguishedName=%s)" % ou3_dn)
+        self.assertNotEqual(len(res), 0)
+
+    def test_rename_u9(self):
+        """Rename 'User object' cross OU, with explicit deny on sd and dc"""
+        ou1_dn = "OU=test_rename_ou1," + self.base_dn
+        ou2_dn = "OU=test_rename_ou2," + self.base_dn
+        user_dn = "CN=test_rename_user2," + ou1_dn
+        rename_user_dn = "CN=test_rename_user5," + ou2_dn
+        # Create OU structure
+        self.ldb_admin.create_ou(ou1_dn)
+        self.ldb_admin.create_ou(ou2_dn)
+        self.ldb_admin.newuser(self.testuser2, self.user_pass, userou=self.ou1)
+        mod = "(D;;SD;;;DA)"
+        self.sd_utils.dacl_add_ace(user_dn, mod)
+        mod = "(D;;DC;;;DA)"
+        self.sd_utils.dacl_add_ace(ou1_dn, mod)
+        # Rename 'User object' having SD and CC to AU
+        try:
+            self.ldb_admin.rename(user_dn, rename_user_dn)
+        except LdbError as e23:
+            (num, _) = e23.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+        else:
+            self.fail()
+        # add an allow ace so we can delete this ou
+        mod = "(A;;DC;;;DA)"
+        self.sd_utils.dacl_add_ace(ou1_dn, mod)
+
+
+# tests on Control Access Rights
+class AclCARTests(AclTests):
+
+    def setUp(self):
+        super(AclCARTests, self).setUp()
+
+        # Get the old "dSHeuristics" if it was set
+        dsheuristics = self.ldb_admin.get_dsheuristics()
+        # Reset the "dSHeuristics" as they were before
+        self.addCleanup(self.ldb_admin.set_dsheuristics, dsheuristics)
+        # Set the "dSHeuristics" to activate the correct "userPassword" behaviour
+        self.ldb_admin.set_dsheuristics("000000001")
+        # Get the old "minPwdAge"
+        minPwdAge = self.ldb_admin.get_minPwdAge()
+        # Reset the "minPwdAge" as it was before
+        self.addCleanup(self.ldb_admin.set_minPwdAge, minPwdAge)
+        # Set it temporarily to "0"
+        self.ldb_admin.set_minPwdAge("0")
+
+        self.user_with_wp = "acl_car_user1"
+        self.user_with_pc = "acl_car_user2"
+        self.ldb_admin.newuser(self.user_with_wp, self.user_pass)
+        self.ldb_admin.newuser(self.user_with_pc, self.user_pass)
+        self.ldb_user = self.get_ldb_connection(self.user_with_wp, self.user_pass)
+        self.ldb_user2 = self.get_ldb_connection(self.user_with_pc, self.user_pass)
+
+    def tearDown(self):
+        super(AclCARTests, self).tearDown()
+        delete_force(self.ldb_admin, self.get_user_dn(self.user_with_wp))
+        delete_force(self.ldb_admin, self.get_user_dn(self.user_with_pc))
+
+        del self.ldb_user
+        del self.ldb_user2
+
+    def test_change_password1(self):
+        """Try a password change operation without any CARs given"""
+        # users have change password by default - remove for negative testing
+        desc = self.sd_utils.read_sd_on_dn(self.get_user_dn(self.user_with_wp))
+        sddl = desc.as_sddl(self.domain_sid)
+        sddl = sddl.replace("(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)", "")
+        sddl = sddl.replace("(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)", "")
+        self.sd_utils.modify_sd_on_dn(self.get_user_dn(self.user_with_wp), sddl)
+        try:
+            self.ldb_user.modify_ldif("""
+dn: """ + self.get_user_dn(self.user_with_wp) + """
+changetype: modify
+delete: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"samba123@\"".encode('utf-16-le')).decode('utf8') + """
+add: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS2\"".encode('utf-16-le')).decode('utf8') + """
+""")
+        except LdbError as e24:
+            (num, _) = e24.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+        else:
+            # for some reason we get constraint violation instead of insufficient access error
+            self.fail()
+
+    def test_change_password2(self):
+        """Make sure WP has no influence"""
+        desc = self.sd_utils.read_sd_on_dn(self.get_user_dn(self.user_with_wp))
+        sddl = desc.as_sddl(self.domain_sid)
+        sddl = sddl.replace("(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)", "")
+        sddl = sddl.replace("(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)", "")
+        self.sd_utils.modify_sd_on_dn(self.get_user_dn(self.user_with_wp), sddl)
+        mod = "(A;;WP;;;PS)"
+        self.sd_utils.dacl_add_ace(self.get_user_dn(self.user_with_wp), mod)
+        try:
+            self.ldb_user.modify_ldif("""
+dn: """ + self.get_user_dn(self.user_with_wp) + """
+changetype: modify
+delete: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"samba123@\"".encode('utf-16-le')).decode('utf8') + """
+add: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS2\"".encode('utf-16-le')).decode('utf8') + """
+""")
+        except LdbError as e25:
+            (num, _) = e25.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+        else:
+            # for some reason we get constraint violation instead of insufficient access error
+            self.fail()
+
+    def test_change_password3(self):
+        """Make sure WP has no influence"""
+        mod = "(D;;WP;;;PS)"
+        self.sd_utils.dacl_add_ace(self.get_user_dn(self.user_with_wp), mod)
+        self.ldb_user.modify_ldif("""
+dn: """ + self.get_user_dn(self.user_with_wp) + """
+changetype: modify
+delete: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"samba123@\"".encode('utf-16-le')).decode('utf8') + """
+add: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS2\"".encode('utf-16-le')).decode('utf8') + """
+""")
+
+    def test_change_password5(self):
+        """Make sure rights have no influence on dBCSPwd"""
+        desc = self.sd_utils.read_sd_on_dn(self.get_user_dn(self.user_with_wp))
+        sddl = desc.as_sddl(self.domain_sid)
+        sddl = sddl.replace("(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)", "")
+        sddl = sddl.replace("(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)", "")
+        self.sd_utils.modify_sd_on_dn(self.get_user_dn(self.user_with_wp), sddl)
+        mod = "(D;;WP;;;PS)"
+        self.sd_utils.dacl_add_ace(self.get_user_dn(self.user_with_wp), mod)
+        try:
+            self.ldb_user.modify_ldif("""
+dn: """ + self.get_user_dn(self.user_with_wp) + """
+changetype: modify
+delete: dBCSPwd
+dBCSPwd: XXXXXXXXXXXXXXXX
+add: dBCSPwd
+dBCSPwd: YYYYYYYYYYYYYYYY
+""")
+        except LdbError as e26:
+            (num, _) = e26.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+        else:
+            self.fail()
+
+    def test_change_password6(self):
+        """Test uneven delete/adds"""
+        try:
+            self.ldb_user.modify_ldif("""
+dn: """ + self.get_user_dn(self.user_with_wp) + """
+changetype: modify
+delete: userPassword
+userPassword: thatsAcomplPASS1
+delete: userPassword
+userPassword: thatsAcomplPASS1
+add: userPassword
+userPassword: thatsAcomplPASS2
+""")
+        except LdbError as e27:
+            (num, _) = e27.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+        else:
+            self.fail()
+        mod = "(OA;;CR;00299570-246d-11d0-a768-00aa006e0529;;PS)"
+        self.sd_utils.dacl_add_ace(self.get_user_dn(self.user_with_wp), mod)
+        try:
+            self.ldb_user.modify_ldif("""
+dn: """ + self.get_user_dn(self.user_with_wp) + """
+changetype: modify
+delete: userPassword
+userPassword: thatsAcomplPASS1
+delete: userPassword
+userPassword: thatsAcomplPASS1
+add: userPassword
+userPassword: thatsAcomplPASS2
+""")
+            # This fails on Windows 2000 domain level with constraint violation
+        except LdbError as e28:
+            (num, _) = e28.args
+            self.assertIn(num, (ERR_CONSTRAINT_VIOLATION,
+                                ERR_UNWILLING_TO_PERFORM))
+        else:
+            self.fail()
+
+    def test_change_password7(self):
+        """Try a password change operation without any CARs given"""
+        # users have change password by default - remove for negative testing
+        desc = self.sd_utils.read_sd_on_dn(self.get_user_dn(self.user_with_wp))
+        sddl = desc.as_sddl(self.domain_sid)
+        self.sd_utils.modify_sd_on_dn(self.get_user_dn(self.user_with_wp), sddl)
+        # first change our own password
+        self.ldb_user2.modify_ldif("""
+dn: """ + self.get_user_dn(self.user_with_pc) + """
+changetype: modify
+delete: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"samba123@\"".encode('utf-16-le')).decode('utf8') + """
+add: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS1\"".encode('utf-16-le')).decode('utf8') + """
+""")
+        # then someone else's
+        self.ldb_user2.modify_ldif("""
+dn: """ + self.get_user_dn(self.user_with_wp) + """
+changetype: modify
+delete: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"samba123@\"".encode('utf-16-le')).decode('utf8') + """
+add: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS2\"".encode('utf-16-le')).decode('utf8') + """
+""")
+
+    def test_reset_password1(self):
+        """Try a user password reset operation (unicodePwd) before and after granting CAR"""
+        try:
+            self.ldb_user.modify_ldif("""
+dn: """ + self.get_user_dn(self.user_with_wp) + """
+changetype: modify
+replace: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS1\"".encode('utf-16-le')).decode('utf8') + """
+""")
+        except LdbError as e29:
+            (num, _) = e29.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+        else:
+            self.fail()
+        mod = "(OA;;CR;00299570-246d-11d0-a768-00aa006e0529;;PS)"
+        self.sd_utils.dacl_add_ace(self.get_user_dn(self.user_with_wp), mod)
+        self.ldb_user.modify_ldif("""
+dn: """ + self.get_user_dn(self.user_with_wp) + """
+changetype: modify
+replace: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS1\"".encode('utf-16-le')).decode('utf8') + """
+""")
+
+    def test_reset_password2(self):
+        """Try a user password reset operation (userPassword) before and after granting CAR"""
+        try:
+            self.ldb_user.modify_ldif("""
+dn: """ + self.get_user_dn(self.user_with_wp) + """
+changetype: modify
+replace: userPassword
+userPassword: thatsAcomplPASS1
+""")
+        except LdbError as e30:
+            (num, _) = e30.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+        else:
+            self.fail()
+        mod = "(OA;;CR;00299570-246d-11d0-a768-00aa006e0529;;PS)"
+        self.sd_utils.dacl_add_ace(self.get_user_dn(self.user_with_wp), mod)
+        try:
+            self.ldb_user.modify_ldif("""
+dn: """ + self.get_user_dn(self.user_with_wp) + """
+changetype: modify
+replace: userPassword
+userPassword: thatsAcomplPASS1
+""")
+            # This fails on Windows 2000 domain level with constraint violation
+        except LdbError as e31:
+            (num, _) = e31.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+        else:
+            pass # Not self.fail() as we normally want success.
+
+    def test_reset_password3(self):
+        """Grant WP and see what happens (unicodePwd)"""
+        mod = "(A;;WP;;;PS)"
+        self.sd_utils.dacl_add_ace(self.get_user_dn(self.user_with_wp), mod)
+        try:
+            self.ldb_user.modify_ldif("""
+dn: """ + self.get_user_dn(self.user_with_wp) + """
+changetype: modify
+replace: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS1\"".encode('utf-16-le')).decode('utf8') + """
+""")
+        except LdbError as e32:
+            (num, _) = e32.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+        else:
+            self.fail()
+
+    def test_reset_password4(self):
+        """Grant WP and see what happens (userPassword)"""
+        mod = "(A;;WP;;;PS)"
+        self.sd_utils.dacl_add_ace(self.get_user_dn(self.user_with_wp), mod)
+        try:
+            self.ldb_user.modify_ldif("""
+dn: """ + self.get_user_dn(self.user_with_wp) + """
+changetype: modify
+replace: userPassword
+userPassword: thatsAcomplPASS1
+""")
+        except LdbError as e33:
+            (num, _) = e33.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+        else:
+            self.fail()
+
+    def test_reset_password5(self):
+        """Explicitly deny WP but grant CAR (unicodePwd)"""
+        mod = "(D;;WP;;;PS)(OA;;CR;00299570-246d-11d0-a768-00aa006e0529;;PS)"
+        self.sd_utils.dacl_add_ace(self.get_user_dn(self.user_with_wp), mod)
+        self.ldb_user.modify_ldif("""
+dn: """ + self.get_user_dn(self.user_with_wp) + """
+changetype: modify
+replace: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS1\"".encode('utf-16-le')).decode('utf8') + """
+""")
+
+    def test_reset_password6(self):
+        """Explicitly deny WP but grant CAR (userPassword)"""
+        mod = "(D;;WP;;;PS)(OA;;CR;00299570-246d-11d0-a768-00aa006e0529;;PS)"
+        self.sd_utils.dacl_add_ace(self.get_user_dn(self.user_with_wp), mod)
+        try:
+            self.ldb_user.modify_ldif("""
+dn: """ + self.get_user_dn(self.user_with_wp) + """
+changetype: modify
+replace: userPassword
+userPassword: thatsAcomplPASS1
+""")
+            # This fails on Windows 2000 domain level with constraint violation
+        except LdbError as e34:
+            (num, _) = e34.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+        else:
+            pass # Not self.fail() as we normally want success
+
+
+class AclExtendedTests(AclTests):
+
+    def setUp(self):
+        super(AclExtendedTests, self).setUp()
+        # regular user, will be the creator
+        self.u1 = "ext_u1"
+        # regular user
+        self.u2 = "ext_u2"
+        # admin user
+        self.u3 = "ext_u3"
+        self.ldb_admin.newuser(self.u1, self.user_pass)
+        self.ldb_admin.newuser(self.u2, self.user_pass)
+        self.ldb_admin.newuser(self.u3, self.user_pass)
+        self.ldb_admin.add_remove_group_members("Domain Admins", [self.u3],
+                                                add_members_operation=True)
+        self.ldb_user1 = self.get_ldb_connection(self.u1, self.user_pass)
+        self.ldb_user2 = self.get_ldb_connection(self.u2, self.user_pass)
+        self.ldb_user3 = self.get_ldb_connection(self.u3, self.user_pass)
+        self.user_sid1 = self.sd_utils.get_object_sid(self.get_user_dn(self.u1))
+        self.user_sid2 = self.sd_utils.get_object_sid(self.get_user_dn(self.u2))
+
+    def tearDown(self):
+        super(AclExtendedTests, self).tearDown()
+        delete_force(self.ldb_admin, self.get_user_dn(self.u1))
+        delete_force(self.ldb_admin, self.get_user_dn(self.u2))
+        delete_force(self.ldb_admin, self.get_user_dn(self.u3))
+        delete_force(self.ldb_admin, "CN=ext_group1,OU=ext_ou1," + self.base_dn)
+        delete_force(self.ldb_admin, "ou=ext_ou1," + self.base_dn)
+
+        del self.ldb_user1
+        del self.ldb_user2
+        del self.ldb_user3
+
+    def test_ntSecurityDescriptor(self):
+        # create empty ou
+        self.ldb_admin.create_ou("ou=ext_ou1," + self.base_dn)
+        # give u1 Create children access
+        mod = "(A;;CC;;;%s)" % str(self.user_sid1)
+        self.sd_utils.dacl_add_ace("OU=ext_ou1," + self.base_dn, mod)
+        mod = "(A;;LC;;;%s)" % str(self.user_sid2)
+        self.sd_utils.dacl_add_ace("OU=ext_ou1," + self.base_dn, mod)
+        # create a group under that, grant RP to u2
+        self.ldb_user1.newgroup("ext_group1", groupou="OU=ext_ou1",
+                                grouptype=samba.dsdb.GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP)
+        mod = "(A;;RP;;;%s)" % str(self.user_sid2)
+        self.sd_utils.dacl_add_ace("CN=ext_group1,OU=ext_ou1," + self.base_dn, mod)
+        # u2 must not read the descriptor
+        res = self.ldb_user2.search("CN=ext_group1,OU=ext_ou1," + self.base_dn,
+                                    SCOPE_BASE, None, ["nTSecurityDescriptor"])
+        self.assertNotEqual(len(res), 0)
+        self.assertNotIn("nTSecurityDescriptor", res[0].keys())
+        # grant RC to u2 - still no access
+        mod = "(A;;RC;;;%s)" % str(self.user_sid2)
+        self.sd_utils.dacl_add_ace("CN=ext_group1,OU=ext_ou1," + self.base_dn, mod)
+        res = self.ldb_user2.search("CN=ext_group1,OU=ext_ou1," + self.base_dn,
+                                    SCOPE_BASE, None, ["nTSecurityDescriptor"])
+        self.assertNotEqual(len(res), 0)
+        self.assertNotIn("nTSecurityDescriptor", res[0].keys())
+        # u3 is member of administrators group, should be able to read sd
+        res = self.ldb_user3.search("CN=ext_group1,OU=ext_ou1," + self.base_dn,
+                                    SCOPE_BASE, None, ["nTSecurityDescriptor"])
+        self.assertEqual(len(res), 1)
+        self.assertIn("nTSecurityDescriptor", res[0].keys())
+
+
+class AclUndeleteTests(AclTests):
+
+    def setUp(self):
+        super(AclUndeleteTests, self).setUp()
+        self.regular_user = "undeleter1"
+        self.ou1 = "OU=undeleted_ou,"
+        self.testuser1 = "to_be_undeleted1"
+        self.testuser2 = "to_be_undeleted2"
+        self.testuser3 = "to_be_undeleted3"
+        self.testuser4 = "to_be_undeleted4"
+        self.testuser5 = "to_be_undeleted5"
+        self.testuser6 = "to_be_undeleted6"
+
+        self.new_dn_ou = "CN=" + self.testuser4 + "," + self.ou1 + self.base_dn
+
+        # Create regular user
+        self.testuser1_dn = self.get_user_dn(self.testuser1)
+        self.testuser2_dn = self.get_user_dn(self.testuser2)
+        self.testuser3_dn = self.get_user_dn(self.testuser3)
+        self.testuser4_dn = self.get_user_dn(self.testuser4)
+        self.testuser5_dn = self.get_user_dn(self.testuser5)
+        self.deleted_dn1 = self.create_delete_user(self.testuser1)
+        self.deleted_dn2 = self.create_delete_user(self.testuser2)
+        self.deleted_dn3 = self.create_delete_user(self.testuser3)
+        self.deleted_dn4 = self.create_delete_user(self.testuser4)
+        self.deleted_dn5 = self.create_delete_user(self.testuser5)
+
+        self.ldb_admin.create_ou(self.ou1 + self.base_dn)
+
+        self.ldb_admin.newuser(self.regular_user, self.user_pass)
+        self.ldb_admin.add_remove_group_members("Domain Admins", [self.regular_user],
+                                                add_members_operation=True)
+        self.ldb_user = self.get_ldb_connection(self.regular_user, self.user_pass)
+        self.sid = self.sd_utils.get_object_sid(self.get_user_dn(self.regular_user))
+
+    def tearDown(self):
+        super(AclUndeleteTests, self).tearDown()
+        delete_force(self.ldb_admin, self.get_user_dn(self.regular_user))
+        delete_force(self.ldb_admin, self.get_user_dn(self.testuser1))
+        delete_force(self.ldb_admin, self.get_user_dn(self.testuser2))
+        delete_force(self.ldb_admin, self.get_user_dn(self.testuser3))
+        delete_force(self.ldb_admin, self.get_user_dn(self.testuser4))
+        delete_force(self.ldb_admin, self.get_user_dn(self.testuser5))
+        delete_force(self.ldb_admin, self.new_dn_ou)
+        delete_force(self.ldb_admin, self.ou1 + self.base_dn)
+
+        del self.ldb_user
+
+    def GUID_string(self, guid):
+        return get_string(ldb.schema_format_value("objectGUID", guid))
+
+    def create_delete_user(self, new_user):
+        self.ldb_admin.newuser(new_user, self.user_pass)
+
+        res = self.ldb_admin.search(expression="(objectClass=*)",
+                                    base=self.get_user_dn(new_user),
+                                    scope=SCOPE_BASE,
+                                    controls=["show_deleted:1"])
+        guid = res[0]["objectGUID"][0]
+        self.ldb_admin.delete(self.get_user_dn(new_user))
+        res = self.ldb_admin.search(base="<GUID=%s>" % self.GUID_string(guid),
+                                    scope=SCOPE_BASE, controls=["show_deleted:1"])
+        self.assertEqual(len(res), 1)
+        return str(res[0].dn)
+
+    def undelete_deleted(self, olddn, newdn):
+        msg = Message()
+        msg.dn = Dn(self.ldb_user, olddn)
+        msg["isDeleted"] = MessageElement([], FLAG_MOD_DELETE, "isDeleted")
+        msg["distinguishedName"] = MessageElement([newdn], FLAG_MOD_REPLACE, "distinguishedName")
+        self.ldb_user.modify(msg, ["show_recycled:1"])
+
+    def undelete_deleted_with_mod(self, olddn, newdn):
+        msg = Message()
+        msg.dn = Dn(ldb, olddn)
+        msg["isDeleted"] = MessageElement([], FLAG_MOD_DELETE, "isDeleted")
+        msg["distinguishedName"] = MessageElement([newdn], FLAG_MOD_REPLACE, "distinguishedName")
+        msg["url"] = MessageElement(["www.samba.org"], FLAG_MOD_REPLACE, "url")
+        self.ldb_user.modify(msg, ["show_deleted:1"])
+
+    def test_undelete(self):
+        # it appears the user has to have LC on the old parent to be able to move the object
+        # otherwise we get no such object. Since only System can modify the SD on deleted object
+        # we cannot grant this permission via LDAP, and this leaves us with "negative" tests at the moment
+
+        # deny write property on rdn, should fail
+        mod = "(OD;;WP;bf967a0e-0de6-11d0-a285-00aa003049e2;;%s)" % str(self.sid)
+        self.sd_utils.dacl_add_ace(self.deleted_dn1, mod)
+        try:
+            self.undelete_deleted(self.deleted_dn1, self.testuser1_dn)
+            self.fail()
+        except LdbError as e35:
+            (num, _) = e35.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+
+        # seems that permissions on isDeleted and distinguishedName are irrelevant
+        mod = "(OD;;WP;bf96798f-0de6-11d0-a285-00aa003049e2;;%s)" % str(self.sid)
+        self.sd_utils.dacl_add_ace(self.deleted_dn2, mod)
+        mod = "(OD;;WP;bf9679e4-0de6-11d0-a285-00aa003049e2;;%s)" % str(self.sid)
+        self.sd_utils.dacl_add_ace(self.deleted_dn2, mod)
+        self.undelete_deleted(self.deleted_dn2, self.testuser2_dn)
+
+        # attempt undelete with simultaneous addition of url, WP to which is denied
+        mod = "(OD;;WP;9a9a0221-4a5b-11d1-a9c3-0000f80367c1;;%s)" % str(self.sid)
+        self.sd_utils.dacl_add_ace(self.deleted_dn3, mod)
+        try:
+            self.undelete_deleted_with_mod(self.deleted_dn3, self.testuser3_dn)
+            self.fail()
+        except LdbError as e36:
+            (num, _) = e36.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+
+        # undelete in an ou, in which we have no right to create children
+        mod = "(D;;CC;;;%s)" % str(self.sid)
+        self.sd_utils.dacl_add_ace(self.ou1 + self.base_dn, mod)
+        try:
+            self.undelete_deleted(self.deleted_dn4, self.new_dn_ou)
+            self.fail()
+        except LdbError as e37:
+            (num, _) = e37.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+
+        # delete is not required
+        mod = "(D;;SD;;;%s)" % str(self.sid)
+        self.sd_utils.dacl_add_ace(self.deleted_dn5, mod)
+        self.undelete_deleted(self.deleted_dn5, self.testuser5_dn)
+
+        # deny Reanimate-Tombstone, should fail
+        mod = "(OD;;CR;45ec5156-db7e-47bb-b53f-dbeb2d03c40f;;%s)" % str(self.sid)
+        self.sd_utils.dacl_add_ace(self.base_dn, mod)
+        try:
+            self.undelete_deleted(self.deleted_dn4, self.testuser4_dn)
+            self.fail()
+        except LdbError as e38:
+            (num, _) = e38.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+        self.sd_utils.dacl_delete_aces(self.base_dn, mod)
+
+
+class AclSPNTests(AclTests):
+
+    def setUp(self):
+        super(AclSPNTests, self).setUp()
+        self.dcname = "TESTSRV8"
+        self.rodcname = "TESTRODC8"
+        self.computername = "testcomp8"
+        self.test_user = "spn_test_user8"
+        self.computerdn = "CN=%s,CN=computers,%s" % (self.computername, self.base_dn)
+        self.user_object = "user_with_spn"
+        self.user_object_dn = "CN=%s,CN=Users,%s" % (self.user_object, self.base_dn)
+        self.dc_dn = "CN=%s,OU=Domain Controllers,%s" % (self.dcname, self.base_dn)
+        self.site = "Default-First-Site-Name"
+        self.rodcctx = DCJoinContext(server=host, creds=creds, lp=lp,
+                                     site=self.site, netbios_name=self.rodcname,
+                                     targetdir=None, domain=None)
+        self.dcctx = DCJoinContext(server=host, creds=creds, lp=lp,
+                                   site=self.site, netbios_name=self.dcname,
+                                   targetdir=None, domain=None)
+        self.ldb_admin.newuser(self.test_user, self.user_pass)
+        self.ldb_user1 = self.get_ldb_connection(self.test_user, self.user_pass)
+        self.user_sid1 = self.sd_utils.get_object_sid(self.get_user_dn(self.test_user))
+        self.create_computer(self.computername, self.dcctx.dnsdomain)
+        self.create_rodc(self.rodcctx)
+        self.create_dc(self.dcctx)
+
+    def tearDown(self):
+        super(AclSPNTests, self).tearDown()
+        self.rodcctx.cleanup_old_join()
+        self.dcctx.cleanup_old_join()
+        delete_force(self.ldb_admin, "cn=%s,cn=computers,%s" % (self.computername, self.base_dn))
+        delete_force(self.ldb_admin, self.get_user_dn(self.test_user))
+        delete_force(self.ldb_admin, self.user_object_dn)
+
+        del self.ldb_user1
+
+    def replace_spn(self, _ldb, dn, spn):
+        print("Setting spn %s on %s" % (spn, dn))
+        res = self.ldb_admin.search(dn, expression="(objectClass=*)",
+                                    scope=SCOPE_BASE, attrs=["servicePrincipalName"])
+        if "servicePrincipalName" in res[0].keys():
+            flag = FLAG_MOD_REPLACE
+        else:
+            flag = FLAG_MOD_ADD
+
+        msg = Message()
+        msg.dn = Dn(self.ldb_admin, dn)
+        msg["servicePrincipalName"] = MessageElement(spn, flag,
+                                                     "servicePrincipalName")
+        _ldb.modify(msg)
+
+    def create_computer(self, computername, domainname):
+        dn = "CN=%s,CN=computers,%s" % (computername, self.base_dn)
+        samaccountname = computername + "$"
+        dnshostname = "%s.%s" % (computername, domainname)
+        self.ldb_admin.add({
+            "dn": dn,
+            "objectclass": "computer",
+            "sAMAccountName": samaccountname,
+            "userAccountControl": str(samba.dsdb.UF_WORKSTATION_TRUST_ACCOUNT),
+            "dNSHostName": dnshostname})
+
+    # same as for join_RODC, but do not set any SPNs
+    def create_rodc(self, ctx):
+        ctx.nc_list = [ctx.base_dn, ctx.config_dn, ctx.schema_dn]
+        ctx.full_nc_list = [ctx.base_dn, ctx.config_dn, ctx.schema_dn]
+        ctx.krbtgt_dn = "CN=krbtgt_%s,CN=Users,%s" % (ctx.myname, ctx.base_dn)
+
+        ctx.never_reveal_sid = ["<SID=%s-%s>" % (ctx.domsid, security.DOMAIN_RID_RODC_DENY),
+                                "<SID=%s>" % security.SID_BUILTIN_ADMINISTRATORS,
+                                "<SID=%s>" % security.SID_BUILTIN_SERVER_OPERATORS,
+                                "<SID=%s>" % security.SID_BUILTIN_BACKUP_OPERATORS,
+                                "<SID=%s>" % security.SID_BUILTIN_ACCOUNT_OPERATORS]
+        ctx.reveal_sid = "<SID=%s-%s>" % (ctx.domsid, security.DOMAIN_RID_RODC_ALLOW)
+
+        mysid = ctx.get_mysid()
+        admin_dn = "<SID=%s>" % mysid
+        ctx.managedby = admin_dn
+
+        ctx.userAccountControl = (samba.dsdb.UF_WORKSTATION_TRUST_ACCOUNT |
+                                  samba.dsdb.UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION |
+                                  samba.dsdb.UF_PARTIAL_SECRETS_ACCOUNT)
+
+        ctx.connection_dn = "CN=RODC Connection (FRS),%s" % ctx.ntds_dn
+        ctx.secure_channel_type = misc.SEC_CHAN_RODC
+        ctx.RODC = True
+        ctx.replica_flags = (drsuapi.DRSUAPI_DRS_INIT_SYNC |
+                             drsuapi.DRSUAPI_DRS_PER_SYNC |
+                             drsuapi.DRSUAPI_DRS_GET_ANC |
+                             drsuapi.DRSUAPI_DRS_NEVER_SYNCED |
+                             drsuapi.DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING)
+
+        ctx.join_add_objects()
+
+    def create_dc(self, ctx):
+        ctx.nc_list = [ctx.base_dn, ctx.config_dn, ctx.schema_dn]
+        ctx.full_nc_list = [ctx.base_dn, ctx.config_dn, ctx.schema_dn]
+        ctx.userAccountControl = samba.dsdb.UF_SERVER_TRUST_ACCOUNT | samba.dsdb.UF_TRUSTED_FOR_DELEGATION
+        ctx.secure_channel_type = misc.SEC_CHAN_BDC
+        ctx.replica_flags = (drsuapi.DRSUAPI_DRS_WRIT_REP |
+                             drsuapi.DRSUAPI_DRS_INIT_SYNC |
+                             drsuapi.DRSUAPI_DRS_PER_SYNC |
+                             drsuapi.DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS |
+                             drsuapi.DRSUAPI_DRS_NEVER_SYNCED)
+
+        ctx.join_add_objects()
+
+    def dc_spn_test(self, ctx):
+        netbiosdomain = self.dcctx.get_domain_name()
+        try:
+            self.replace_spn(self.ldb_user1, ctx.acct_dn, "HOST/%s/%s" % (ctx.myname, netbiosdomain))
+        except LdbError as e39:
+            (num, _) = e39.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+        else:
+            self.fail()
+
+        mod = "(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;%s)" % str(self.user_sid1)
+        self.sd_utils.dacl_add_ace(ctx.acct_dn, mod)
+        self.replace_spn(self.ldb_user1, ctx.acct_dn, "HOST/%s/%s" % (ctx.myname, netbiosdomain))
+        self.replace_spn(self.ldb_user1, ctx.acct_dn, "HOST/%s" % (ctx.myname))
+        self.replace_spn(self.ldb_user1, ctx.acct_dn, "HOST/%s.%s/%s" %
+                         (ctx.myname, ctx.dnsdomain, netbiosdomain))
+        self.replace_spn(self.ldb_user1, ctx.acct_dn, "HOST/%s/%s" % (ctx.myname, ctx.dnsdomain))
+        self.replace_spn(self.ldb_user1, ctx.acct_dn, "HOST/%s.%s/%s" %
+                         (ctx.myname, ctx.dnsdomain, ctx.dnsdomain))
+        self.replace_spn(self.ldb_user1, ctx.acct_dn, "GC/%s.%s/%s" %
+                         (ctx.myname, ctx.dnsdomain, ctx.dnsforest))
+        self.replace_spn(self.ldb_user1, ctx.acct_dn, "ldap/%s/%s" % (ctx.myname, netbiosdomain))
+        self.replace_spn(self.ldb_user1, ctx.acct_dn, "ldap/%s.%s/%s" %
+                         (ctx.myname, ctx.dnsdomain, netbiosdomain))
+        self.replace_spn(self.ldb_user1, ctx.acct_dn, "ldap/%s" % (ctx.myname))
+        self.replace_spn(self.ldb_user1, ctx.acct_dn, "ldap/%s/%s" % (ctx.myname, ctx.dnsdomain))
+        self.replace_spn(self.ldb_user1, ctx.acct_dn, "ldap/%s.%s/%s" %
+                         (ctx.myname, ctx.dnsdomain, ctx.dnsdomain))
+        self.replace_spn(self.ldb_user1, ctx.acct_dn, "DNS/%s/%s" % (ctx.myname, ctx.dnsdomain))
+        self.replace_spn(self.ldb_user1, ctx.acct_dn, "RestrictedKrbHost/%s/%s" %
+                         (ctx.myname, ctx.dnsdomain))
+        self.replace_spn(self.ldb_user1, ctx.acct_dn, "RestrictedKrbHost/%s" %
+                         (ctx.myname))
+        self.replace_spn(self.ldb_user1, ctx.acct_dn, "Dfsr-12F9A27C-BF97-4787-9364-D31B6C55EB04/%s/%s" %
+                         (ctx.myname, ctx.dnsdomain))
+        self.replace_spn(self.ldb_user1, ctx.acct_dn, "NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/%s/%s" %
+                         (ctx.myname, ctx.dnsdomain))
+        self.replace_spn(self.ldb_user1, ctx.acct_dn, "ldap/%s._msdcs.%s" %
+                         (ctx.ntds_guid, ctx.dnsdomain))
+
+        # the following spns do not match the restrictions and should fail
+        try:
+            self.replace_spn(self.ldb_user1, ctx.acct_dn, "ldap/%s.%s/ForestDnsZones.%s" %
+                             (ctx.myname, ctx.dnsdomain, ctx.dnsdomain))
+        except LdbError as e40:
+            (num, _) = e40.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+        else:
+            self.fail()
+        try:
+            self.replace_spn(self.ldb_user1, ctx.acct_dn, "ldap/%s.%s/DomainDnsZones.%s" %
+                             (ctx.myname, ctx.dnsdomain, ctx.dnsdomain))
+        except LdbError as e41:
+            (num, _) = e41.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+        else:
+            self.fail()
+        try:
+            self.replace_spn(self.ldb_user1, ctx.acct_dn, "nosuchservice/%s/%s" % ("abcd", "abcd"))
+        except LdbError as e42:
+            (num, _) = e42.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+        else:
+            self.fail()
+        try:
+            self.replace_spn(self.ldb_user1, ctx.acct_dn, "GC/%s.%s/%s" %
+                             (ctx.myname, ctx.dnsdomain, netbiosdomain))
+        except LdbError as e43:
+            (num, _) = e43.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+        else:
+            self.fail()
+        try:
+            self.replace_spn(self.ldb_user1, ctx.acct_dn, "E3514235-4B06-11D1-AB04-00C04FC2DCD2/%s/%s" %
+                             (ctx.ntds_guid, ctx.dnsdomain))
+        except LdbError as e44:
+            (num, _) = e44.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+        else:
+            self.fail()
+
+    def test_computer_spn(self):
+        # with WP, any value can be set
+        netbiosdomain = self.dcctx.get_domain_name()
+        self.replace_spn(self.ldb_admin, self.computerdn, "HOST/%s/%s" %
+                         (self.computername, netbiosdomain))
+        self.replace_spn(self.ldb_admin, self.computerdn, "HOST/%s" % (self.computername))
+        self.replace_spn(self.ldb_admin, self.computerdn, "HOST/%s.%s/%s" %
+                         (self.computername, self.dcctx.dnsdomain, netbiosdomain))
+        self.replace_spn(self.ldb_admin, self.computerdn, "HOST/%s/%s" %
+                         (self.computername, self.dcctx.dnsdomain))
+        self.replace_spn(self.ldb_admin, self.computerdn, "HOST/%s.%s/%s" %
+                         (self.computername, self.dcctx.dnsdomain, self.dcctx.dnsdomain))
+        self.replace_spn(self.ldb_admin, self.computerdn, "GC/%s.%s/%s" %
+                         (self.computername, self.dcctx.dnsdomain, self.dcctx.dnsforest))
+        self.replace_spn(self.ldb_admin, self.computerdn, "ldap/%s/%s" % (self.computername, netbiosdomain))
+        self.replace_spn(self.ldb_admin, self.computerdn, "ldap/%s.%s/ForestDnsZones.%s" %
+                         (self.computername, self.dcctx.dnsdomain, self.dcctx.dnsdomain))
+        self.replace_spn(self.ldb_admin, self.computerdn, "ldap/%s.%s/DomainDnsZones.%s" %
+                         (self.computername, self.dcctx.dnsdomain, self.dcctx.dnsdomain))
+        self.replace_spn(self.ldb_admin, self.computerdn, "ldap/%s.%s/%s" %
+                         (self.computername, self.dcctx.dnsdomain, netbiosdomain))
+        self.replace_spn(self.ldb_admin, self.computerdn, "ldap/%s" % (self.computername))
+        self.replace_spn(self.ldb_admin, self.computerdn, "ldap/%s/%s" %
+                         (self.computername, self.dcctx.dnsdomain))
+        self.replace_spn(self.ldb_admin, self.computerdn, "ldap/%s.%s/%s" %
+                         (self.computername, self.dcctx.dnsdomain, self.dcctx.dnsdomain))
+        self.replace_spn(self.ldb_admin, self.computerdn, "DNS/%s/%s" %
+                         (self.computername, self.dcctx.dnsdomain))
+        self.replace_spn(self.ldb_admin, self.computerdn, "RestrictedKrbHost/%s/%s" %
+                         (self.computername, self.dcctx.dnsdomain))
+        self.replace_spn(self.ldb_admin, self.computerdn, "RestrictedKrbHost/%s" %
+                         (self.computername))
+        self.replace_spn(self.ldb_admin, self.computerdn, "Dfsr-12F9A27C-BF97-4787-9364-D31B6C55EB04/%s/%s" %
+                         (self.computername, self.dcctx.dnsdomain))
+        self.replace_spn(self.ldb_admin, self.computerdn, "NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/%s/%s" %
+                         (self.computername, self.dcctx.dnsdomain))
+        self.replace_spn(self.ldb_admin, self.computerdn, "nosuchservice/%s/%s" % ("abcd", "abcd"))
+
+        # user has neither WP nor Validated-SPN, access denied expected
+        try:
+            self.replace_spn(self.ldb_user1, self.computerdn, "HOST/%s/%s" % (self.computername, netbiosdomain))
+        except LdbError as e45:
+            (num, _) = e45.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+        else:
+            self.fail()
+
+        mod = "(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;%s)" % str(self.user_sid1)
+        self.sd_utils.dacl_add_ace(self.computerdn, mod)
+        # grant Validated-SPN and check which values are accepted
+        # see 3.1.1.5.3.1.1.4 servicePrincipalName for reference
+
+        # for regular computer objects we shouldalways get constraint violation
+
+        # This does not pass against Windows, although it should according to docs
+        self.replace_spn(self.ldb_user1, self.computerdn, "HOST/%s" % (self.computername))
+        self.replace_spn(self.ldb_user1, self.computerdn, "HOST/%s.%s" %
+                         (self.computername, self.dcctx.dnsdomain))
+
+        try:
+            self.replace_spn(self.ldb_user1, self.computerdn, "HOST/%s/%s" % (self.computername, netbiosdomain))
+        except LdbError as e46:
+            (num, _) = e46.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+        else:
+            self.fail()
+        try:
+            self.replace_spn(self.ldb_user1, self.computerdn, "HOST/%s.%s/%s" %
+                             (self.computername, self.dcctx.dnsdomain, netbiosdomain))
+        except LdbError as e47:
+            (num, _) = e47.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+        else:
+            self.fail()
+        try:
+            self.replace_spn(self.ldb_user1, self.computerdn, "HOST/%s/%s" %
+                             (self.computername, self.dcctx.dnsdomain))
+        except LdbError as e48:
+            (num, _) = e48.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+        else:
+            self.fail()
+        try:
+            self.replace_spn(self.ldb_user1, self.computerdn, "HOST/%s.%s/%s" %
+                             (self.computername, self.dcctx.dnsdomain, self.dcctx.dnsdomain))
+        except LdbError as e49:
+            (num, _) = e49.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+        else:
+            self.fail()
+        try:
+            self.replace_spn(self.ldb_user1, self.computerdn, "GC/%s.%s/%s" %
+                             (self.computername, self.dcctx.dnsdomain, self.dcctx.dnsforest))
+        except LdbError as e50:
+            (num, _) = e50.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+        else:
+            self.fail()
+        try:
+            self.replace_spn(self.ldb_user1, self.computerdn, "ldap/%s/%s" % (self.computername, netbiosdomain))
+        except LdbError as e51:
+            (num, _) = e51.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+        else:
+            self.fail()
+        try:
+            self.replace_spn(self.ldb_user1, self.computerdn, "ldap/%s.%s/ForestDnsZones.%s" %
+                             (self.computername, self.dcctx.dnsdomain, self.dcctx.dnsdomain))
+        except LdbError as e52:
+            (num, _) = e52.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+        else:
+            self.fail()
+
+    def test_spn_rwdc(self):
+        self.dc_spn_test(self.dcctx)
+
+    def test_spn_rodc(self):
+        self.dc_spn_test(self.rodcctx)
+
+    def test_user_spn(self):
+        #grant SW to a regular user and try to set the spn on a user object
+        #should get  ERR_INSUFFICIENT_ACCESS_RIGHTS, since Validate-SPN only applies to computer
+        self.ldb_admin.newuser(self.user_object, self.user_pass)
+        mod = "(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;%s)" % str(self.user_sid1)
+        self.sd_utils.dacl_add_ace(self.user_object_dn, mod)
+        try:
+            self.replace_spn(self.ldb_user1, self.user_object_dn, "nosuchservice/%s/%s" % ("abcd", "abcd"))
+        except LdbError as e60:
+            (num, _) = e60.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+        else:
+            self.fail()
+
+    def test_delete_add_spn(self):
+        # Grant Validated-SPN property.
+        mod = f'(OA;;SW;{security.GUID_DRS_VALIDATE_SPN};;{self.user_sid1})'
+        self.sd_utils.dacl_add_ace(self.computerdn, mod)
+
+        spn_base = f'HOST/{self.computername}'
+
+        allowed_spn = f'{spn_base}.{self.dcctx.dnsdomain}'
+        not_allowed_spn = f'{spn_base}/{self.dcctx.get_domain_name()}'
+
+        # Ensure we are able to add an allowed SPN.
+        msg = Message(Dn(self.ldb_user1, self.computerdn))
+        msg['servicePrincipalName'] = MessageElement(allowed_spn,
+                                                     FLAG_MOD_ADD,
+                                                     'servicePrincipalName')
+        self.ldb_user1.modify(msg)
+
+        # Ensure we are not able to add a disallowed SPN.
+        msg = Message(Dn(self.ldb_user1, self.computerdn))
+        msg['servicePrincipalName'] = MessageElement(not_allowed_spn,
+                                                     FLAG_MOD_ADD,
+                                                     'servicePrincipalName')
+        try:
+            self.ldb_user1.modify(msg)
+        except LdbError as e:
+            num, _ = e.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+        else:
+            self.fail(f'able to add disallowed SPN {not_allowed_spn}')
+
+        # Ensure that deleting an existing SPN followed by adding a disallowed
+        # SPN fails.
+        msg = Message(Dn(self.ldb_user1, self.computerdn))
+        msg['0'] = MessageElement([],
+                                  FLAG_MOD_DELETE,
+                                  'servicePrincipalName')
+        msg['1'] = MessageElement(not_allowed_spn,
+                                  FLAG_MOD_ADD,
+                                  'servicePrincipalName')
+        try:
+            self.ldb_user1.modify(msg)
+        except LdbError as e:
+            num, _ = e.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+        else:
+            self.fail(f'able to add disallowed SPN {not_allowed_spn}')
+
+    def test_delete_disallowed_spn(self):
+        # Grant Validated-SPN property.
+        mod = f'(OA;;SW;{security.GUID_DRS_VALIDATE_SPN};;{self.user_sid1})'
+        self.sd_utils.dacl_add_ace(self.computerdn, mod)
+
+        spn_base = f'HOST/{self.computername}'
+
+        not_allowed_spn = f'{spn_base}/{self.dcctx.get_domain_name()}'
+
+        # Add a disallowed SPN as admin.
+        msg = Message(Dn(self.ldb_admin, self.computerdn))
+        msg['servicePrincipalName'] = MessageElement(not_allowed_spn,
+                                                     FLAG_MOD_ADD,
+                                                     'servicePrincipalName')
+        self.ldb_admin.modify(msg)
+
+        # Ensure we are able to delete a disallowed SPN.
+        msg = Message(Dn(self.ldb_user1, self.computerdn))
+        msg['servicePrincipalName'] = MessageElement(not_allowed_spn,
+                                                     FLAG_MOD_DELETE,
+                                                     'servicePrincipalName')
+        try:
+            self.ldb_user1.modify(msg)
+        except LdbError:
+            self.fail(f'unable to delete disallowed SPN {not_allowed_spn}')
+
+
+# tests SEC_ADS_LIST vs. SEC_ADS_LIST_OBJECT
+@DynamicTestCase
+class AclVisibiltyTests(AclTests):
+
+    envs = {
+        "No": False,
+        "Do": True,
+    }
+    modes = {
+        "Allow": False,
+        "Deny": True,
+    }
+    perms = {
+        "nn": 0,
+        "Cn": security.SEC_ADS_LIST,
+        "nO": security.SEC_ADS_LIST_OBJECT,
+        "CO": security.SEC_ADS_LIST | security.SEC_ADS_LIST_OBJECT,
+    }
+
+    @classmethod
+    def setUpDynamicTestCases(cls):
+        for le in cls.envs.keys():
+            for lm in cls.modes.keys():
+                for l1 in cls.perms.keys():
+                    for l2 in cls.perms.keys():
+                        for l3 in cls.perms.keys():
+                            tname = "%s_%s_%s_%s_%s" % (le, lm, l1, l2, l3)
+                            ve = cls.envs[le]
+                            vm = cls.modes[lm]
+                            v1 = cls.perms[l1]
+                            v2 = cls.perms[l2]
+                            v3 = cls.perms[l3]
+                            targs = (tname, ve, vm, v1, v2, v3)
+                            cls.generate_dynamic_test("test_visibility",
+                                                      tname, *targs)
+        return
+
+    def setUp(self):
+        super(AclVisibiltyTests, self).setUp()
+
+        # Get the old "dSHeuristics" if it was set
+        self.dsheuristics = self.ldb_admin.get_dsheuristics()
+        # Reset the "dSHeuristics" as they were before
+        self.addCleanup(self.ldb_admin.set_dsheuristics, self.dsheuristics)
+
+        # Domain Admins and SYSTEM get full access
+        self.sddl_dacl = "D:PAI(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)"
+        self.set_dacl_control = ["sd_flags:1:%d" % security.SECINFO_DACL]
+
+        self.level_idxs = [ 1, 2, 3, 4 ]
+        self.oul1 = "OU=acl_visibility_oul1"
+        self.oul1_dn_str = "%s,%s" % (self.oul1, self.base_dn)
+        self.oul2 = "OU=oul2,%s" % self.oul1
+        self.oul2_dn_str = "%s,%s" % (self.oul2, self.base_dn)
+        self.oul3 = "OU=oul3,%s" % self.oul2
+        self.oul3_dn_str = "%s,%s" % (self.oul3, self.base_dn)
+        self.user_name = "acl_visibility_user"
+        self.user_dn_str = "CN=%s,%s" % (self.user_name, self.oul3_dn_str)
+        delete_force(self.ldb_admin, self.user_dn_str)
+        delete_force(self.ldb_admin, self.oul3_dn_str)
+        delete_force(self.ldb_admin, self.oul2_dn_str)
+        delete_force(self.ldb_admin, self.oul1_dn_str)
+        self.ldb_admin.create_ou(self.oul1_dn_str)
+        self.sd_utils.modify_sd_on_dn(self.oul1_dn_str,
+                                      self.sddl_dacl,
+                                      controls=self.set_dacl_control)
+        self.ldb_admin.create_ou(self.oul2_dn_str)
+        self.sd_utils.modify_sd_on_dn(self.oul2_dn_str,
+                                      self.sddl_dacl,
+                                      controls=self.set_dacl_control)
+        self.ldb_admin.create_ou(self.oul3_dn_str)
+        self.sd_utils.modify_sd_on_dn(self.oul3_dn_str,
+                                      self.sddl_dacl,
+                                      controls=self.set_dacl_control)
+
+        self.ldb_admin.newuser(self.user_name, self.user_pass, userou=self.oul3)
+        self.user_sid = self.sd_utils.get_object_sid(self.user_dn_str)
+        self.ldb_user = self.get_ldb_connection(self.user_name, self.user_pass)
+
+    def tearDown(self):
+        super(AclVisibiltyTests, self).tearDown()
+        delete_force(self.ldb_admin, self.user_dn_str)
+        delete_force(self.ldb_admin, self.oul3_dn_str)
+        delete_force(self.ldb_admin, self.oul2_dn_str)
+        delete_force(self.ldb_admin, self.oul1_dn_str)
+
+        del self.ldb_user
+
+    def _test_visibility_with_args(self,
+                                   tname,
+                                   fDoListObject,
+                                   modeDeny,
+                                   l1_allow,
+                                   l2_allow,
+                                   l3_allow):
+        l1_deny = 0
+        l2_deny = 0
+        l3_deny = 0
+        if modeDeny:
+            l1_deny = ~l1_allow
+            l2_deny = ~l2_allow
+            l3_deny = ~l3_allow
+        print("Testing: fDoListObject=%s, modeDeny=%s, l1_allow=0x%02x, l2_allow=0x%02x, l3_allow=0x%02x)" % (
+              fDoListObject, modeDeny, l1_allow, l2_allow, l3_allow))
+        if fDoListObject:
+            self.ldb_admin.set_dsheuristics("001")
+        else:
+            self.ldb_admin.set_dsheuristics("000")
+
+        def _generate_dacl(allow, deny):
+            dacl = self.sddl_dacl
+            drights = ""
+            if deny & security.SEC_ADS_LIST:
+                drights += "LC"
+            if deny & security.SEC_ADS_LIST_OBJECT:
+                drights += "LO"
+            if len(drights) > 0:
+                dacl += "(D;;%s;;;%s)" % (drights, self.user_sid)
+            arights = ""
+            if allow & security.SEC_ADS_LIST:
+                arights += "LC"
+            if allow & security.SEC_ADS_LIST_OBJECT:
+                arights += "LO"
+            if len(arights) > 0:
+                dacl += "(A;;%s;;;%s)" % (arights, self.user_sid)
+            print("dacl: %s" % dacl)
+            return dacl
+
+        l1_dacl = _generate_dacl(l1_allow, l1_deny)
+        l2_dacl = _generate_dacl(l2_allow, l2_deny)
+        l3_dacl = _generate_dacl(l3_allow, l3_deny)
+        self.sd_utils.modify_sd_on_dn(self.oul1_dn_str,
+                                      l1_dacl,
+                                      controls=self.set_dacl_control)
+        self.sd_utils.modify_sd_on_dn(self.oul2_dn_str,
+                                      l2_dacl,
+                                      controls=self.set_dacl_control)
+        self.sd_utils.modify_sd_on_dn(self.oul3_dn_str,
+                                      l3_dacl,
+                                      controls=self.set_dacl_control)
+
+        def _generate_levels(_l1_allow,
+                             _l1_deny,
+                             _l2_allow,
+                             _l2_deny,
+                             _l3_allow,
+                             _l3_deny):
+            _l0_allow = security.SEC_ADS_LIST | security.SEC_ADS_LIST_OBJECT | security.SEC_ADS_READ_PROP
+            _l0_deny = 0
+            _l4_allow = security.SEC_ADS_LIST | security.SEC_ADS_LIST_OBJECT | security.SEC_ADS_READ_PROP
+            _l4_deny = 0
+            _levels = [{
+                "dn": str(self.base_dn),
+                "allow": _l0_allow,
+                "deny": _l0_deny,
+            },{
+                "dn": str(self.oul1_dn_str),
+                "allow": _l1_allow,
+                "deny": _l1_deny,
+            },{
+                "dn": str(self.oul2_dn_str),
+                "allow": _l2_allow,
+                "deny": _l2_deny,
+            },{
+                "dn": str(self.oul3_dn_str),
+                "allow": _l3_allow,
+                "deny": _l3_deny,
+            },{
+                "dn": str(self.user_dn_str),
+                "allow": _l4_allow,
+                "deny": _l4_deny,
+            }]
+            return _levels
+
+        def _generate_admin_levels():
+            _l1_allow = security.SEC_ADS_LIST | security.SEC_ADS_READ_PROP
+            _l1_deny = 0
+            _l2_allow = security.SEC_ADS_LIST | security.SEC_ADS_READ_PROP
+            _l2_deny = 0
+            _l3_allow = security.SEC_ADS_LIST | security.SEC_ADS_READ_PROP
+            _l3_deny = 0
+            return _generate_levels(_l1_allow, _l1_deny,
+                                    _l2_allow, _l2_deny,
+                                    _l3_allow, _l3_deny)
+
+        def _generate_user_levels():
+            return _generate_levels(l1_allow, l1_deny,
+                                    l2_allow, l2_deny,
+                                    l3_allow, l3_deny)
+
+        admin_levels = _generate_admin_levels()
+        user_levels = _generate_user_levels()
+
+        def _msg_require_name(msg, idx, e):
+            self.assertIn("name", msg)
+            self.assertEqual(len(msg["name"]), 1)
+
+        def _msg_no_name(msg, idx, e):
+            self.assertNotIn("name", msg)
+
+        def _has_right(allow, deny, bit):
+            if allow & bit:
+                if not (deny & bit):
+                    return True
+            return False
+
+        def _is_visible(p_allow, p_deny, o_allow, o_deny):
+            plc = _has_right(p_allow, p_deny, security.SEC_ADS_LIST)
+            if plc:
+                return True
+            if not fDoListObject:
+                return False
+            plo = _has_right(p_allow, p_deny, security.SEC_ADS_LIST_OBJECT)
+            if not plo:
+                return False
+            olo = _has_right(o_allow, o_deny, security.SEC_ADS_LIST_OBJECT)
+            if not olo:
+                return False
+            return True
+
+        def _generate_expected(scope, base_level, levels):
+            expected = {}
+
+            p = levels[base_level-1]
+            o = levels[base_level]
+            base_visible = _is_visible(p["allow"], p["deny"],
+                                       o["allow"], o["deny"])
+
+            if scope == SCOPE_BASE:
+                lmin = base_level
+                lmax = base_level
+            elif scope == SCOPE_ONELEVEL:
+                lmin = base_level+1
+                lmax = base_level+1
+            else:
+                lmin = base_level
+                lmax = len(levels)
+
+            next_idx = 0
+            for li in self.level_idxs:
+                if li < lmin:
+                    continue
+                if li > lmax:
+                    break
+                p = levels[li-1]
+                o = levels[li]
+                visible = _is_visible(p["allow"], p["deny"],
+                                      o["allow"], o["deny"])
+                if not visible:
+                    continue
+                read = _has_right(o["allow"], o["deny"], security.SEC_ADS_READ_PROP)
+                if read:
+                    check_msg_fn = _msg_require_name
+                else:
+                    check_msg_fn = _msg_no_name
+                expected[o["dn"]] = {
+                    "idx": next_idx,
+                    "check_msg_fn": check_msg_fn,
+                }
+                next_idx += 1
+
+            if len(expected) == 0 and not base_visible:
+                # This means we're expecting NO_SUCH_OBJECT
+                return None
+            return expected
+
+        def _verify_result_array(results,
+                                 description,
+                                 expected):
+            print("%s Results: %d" % (description, len(results)))
+            for msg in results:
+                print("%s" % msg)
+            self.assertIsNotNone(expected)
+            print("%s Expected: %d" % (description, len(expected)))
+            for e in expected:
+                print("%s" % e)
+            self.assertEqual(len(results), len(expected))
+            idx = 0
+            found = {}
+            for msg in results:
+                dn_str = str(msg.dn)
+                self.assertIn(dn_str, expected)
+                self.assertNotIn(dn_str, found)
+                found[dn_str] = idx
+                e = expected[dn_str]
+                if self.strict_checking:
+                    self.assertEqual(idx, int(e["idx"]))
+                if "check_msg_fn" in e:
+                    check_msg_fn = e["check_msg_fn"]
+                    check_msg_fn(msg, idx, e)
+                idx += 1
+
+            return
+
+        for li in self.level_idxs:
+            base_dn = admin_levels[li]["dn"]
+            for scope in [SCOPE_BASE, SCOPE_ONELEVEL, SCOPE_SUBTREE]:
+                print("\nTesting SCOPE[%d] %s" % (scope, base_dn))
+                admin_expected = _generate_expected(scope, li, admin_levels)
+                admin_res = self.ldb_admin.search(base_dn, scope=scope, attrs=["name"])
+                _verify_result_array(admin_res, "Admin", admin_expected)
+
+                user_expected = _generate_expected(scope, li, user_levels)
+                try:
+                    user_res = self.ldb_user.search(base_dn, scope=scope, attrs=["name"])
+                except LdbError as e:
+                    (num, _) = e.args
+                    if user_expected is None:
+                        self.assertEqual(num, ERR_NO_SUCH_OBJECT)
+                        print("User: NO_SUCH_OBJECT")
+                        continue
+                    self.fail(e)
+                _verify_result_array(user_res, "User", user_expected)
+
+# Important unit running information
+
+ldb = SamDB(ldaphost, credentials=creds, session_info=system_session(lp), lp=lp)
+
+TestProgram(module=__name__, opts=subunitopts)
diff --git a/source4/dsdb/tests/python/acl_modify.py b/source4/dsdb/tests/python/acl_modify.py
new file mode 100755
index 0000000..cb59901
--- /dev/null
+++ b/source4/dsdb/tests/python/acl_modify.py
@@ -0,0 +1,179 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+
+import optparse
+import sys
+sys.path.insert(0, "bin/python")
+import samba
+
+from samba.tests.subunitrun import SubunitOptions, TestProgram
+
+import samba.getopt as options
+
+from ldb import ERR_INSUFFICIENT_ACCESS_RIGHTS
+from ldb import Message, MessageElement, Dn
+from ldb import FLAG_MOD_REPLACE, FLAG_MOD_DELETE
+
+from samba.auth import system_session
+from samba import gensec
+from samba.samdb import SamDB
+from samba.credentials import Credentials, DONT_USE_KERBEROS
+import samba.tests
+import samba.dsdb
+
+
+parser = optparse.OptionParser("acl_modify.py [options] <host>")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+subunitopts = SubunitOptions(parser)
+parser.add_option_group(subunitopts)
+
+opts, args = parser.parse_args()
+
+if len(args) < 1:
+    parser.print_usage()
+    sys.exit(1)
+
+host = args[0]
+if "://" not in host:
+    ldaphost = "ldap://%s" % host
+else:
+    ldaphost = host
+    start = host.rindex("://")
+    host = host.lstrip(start + 3)
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
+
+#
+# Tests start here
+#
+
+
+class AclTests(samba.tests.TestCase):
+
+    def setUp(self):
+        super(AclTests, self).setUp()
+
+        self.ldb_admin = SamDB(ldaphost, credentials=creds, session_info=system_session(lp), lp=lp)
+        self.base_dn = self.ldb_admin.domain_dn()
+        print("baseDN: %s" % self.base_dn)
+
+    def get_ldb_connection(self, target_username, target_password):
+        creds_tmp = Credentials()
+        creds_tmp.set_username(target_username)
+        creds_tmp.set_password(target_password)
+        creds_tmp.set_domain(creds.get_domain())
+        creds_tmp.set_realm(creds.get_realm())
+        creds_tmp.set_workstation(creds.get_workstation())
+        creds_tmp.set_gensec_features(creds_tmp.get_gensec_features()
+                                      | gensec.FEATURE_SEAL)
+        creds_tmp.set_kerberos_state(DONT_USE_KERBEROS)  # kinit is too expensive to use in a tight loop
+        ldb_target = SamDB(url=ldaphost, credentials=creds_tmp, lp=lp)
+        return ldb_target
+
+
+class AclModifyTests(AclTests):
+
+    def setup_computer_with_hostname(self, account_name):
+        ou_dn = f'OU={account_name},{self.base_dn}'
+        dn = f'CN={account_name},{ou_dn}'
+
+        user, password = "mouse", "mus musculus 123!"
+        self.addCleanup(self.ldb_admin.deleteuser, user)
+
+        self.ldb_admin.newuser(user, password)
+        self.ldb_user = self.get_ldb_connection(user, password)
+
+        self.addCleanup(self.ldb_admin.delete, ou_dn,
+                        controls=["tree_delete:0"])
+        self.ldb_admin.create_ou(ou_dn)
+
+        self.ldb_admin.add({
+            'dn': dn,
+            'objectClass': 'computer',
+            'sAMAccountName': account_name + '$',
+        })
+
+        host_name = f'{account_name}.{self.ldb_user.domain_dns_name()}'
+
+        m = Message(Dn(self.ldb_admin, dn))
+        m['dNSHostName'] = MessageElement(host_name,
+                                          FLAG_MOD_REPLACE,
+                                          'dNSHostName')
+
+        self.ldb_admin.modify(m)
+        return host_name, dn
+
+    def test_modify_delete_dns_host_name_specified(self):
+        '''Test deleting dNSHostName'''
+        account_name = self.id().rsplit(".", 1)[1][:63]
+        host_name, dn = self.setup_computer_with_hostname(account_name)
+
+        m = Message(Dn(self.ldb_user, dn))
+        m['dNSHostName'] = MessageElement(host_name,
+                                          FLAG_MOD_DELETE,
+                                          'dNSHostName')
+
+        self.assertRaisesLdbError(
+            ERR_INSUFFICIENT_ACCESS_RIGHTS,
+            "User able to delete dNSHostName (with specified name)",
+            self.ldb_user.modify, m)
+
+    def test_modify_delete_dns_host_name_unspecified(self):
+        '''Test deleting dNSHostName'''
+        account_name = self.id().rsplit(".", 1)[1][:63]
+        host_name, dn = self.setup_computer_with_hostname(account_name)
+
+        m = Message(Dn(self.ldb_user, dn))
+        m['dNSHostName'] = MessageElement([],
+                                          FLAG_MOD_DELETE,
+                                          'dNSHostName')
+
+        self.assertRaisesLdbError(
+            ERR_INSUFFICIENT_ACCESS_RIGHTS,
+            "User able to delete dNSHostName (without specified name)",
+            self.ldb_user.modify, m)
+
+    def test_modify_delete_dns_host_name_ldif_specified(self):
+        '''Test deleting dNSHostName'''
+        account_name = self.id().rsplit(".", 1)[1][:63]
+        host_name, dn = self.setup_computer_with_hostname(account_name)
+
+        ldif = f"""
+dn: {dn}
+changetype: modify
+delete: dNSHostName
+dNSHostName: {host_name}
+"""
+        self.assertRaisesLdbError(
+            ERR_INSUFFICIENT_ACCESS_RIGHTS,
+            "User able to delete dNSHostName (with specified name)",
+            self.ldb_user.modify_ldif, ldif)
+
+    def test_modify_delete_dns_host_name_ldif_unspecified(self):
+        '''Test deleting dNSHostName'''
+        account_name = self.id().rsplit(".", 1)[1][:63]
+        host_name, dn = self.setup_computer_with_hostname(account_name)
+
+        ldif = f"""
+dn: {dn}
+changetype: modify
+delete: dNSHostName
+"""
+        self.assertRaisesLdbError(
+            ERR_INSUFFICIENT_ACCESS_RIGHTS,
+            "User able to delete dNSHostName (without specific name)",
+            self.ldb_user.modify_ldif, ldif)
+
+
+ldb = SamDB(ldaphost, credentials=creds, session_info=system_session(lp), lp=lp)
+
+TestProgram(module=__name__, opts=subunitopts)
diff --git a/source4/dsdb/tests/python/ad_dc_medley_performance.py b/source4/dsdb/tests/python/ad_dc_medley_performance.py
new file mode 100644
index 0000000..39f9e67
--- /dev/null
+++ b/source4/dsdb/tests/python/ad_dc_medley_performance.py
@@ -0,0 +1,523 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+import optparse
+import sys
+sys.path.insert(0, 'bin/python')
+
+import os
+import samba
+import samba.getopt as options
+import random
+import tempfile
+import shutil
+import time
+import itertools
+
+from samba.netcmd.main import samba_tool
+
+# We try to use the test infrastructure of Samba 4.3+, but if it
+# doesn't work, we are probably in a back-ported patch and trying to
+# run on 4.1 or something.
+#
+# Don't copy this horror into ordinary tests -- it is special for
+# performance tests that want to apply to old versions.
+try:
+    from samba.tests.subunitrun import SubunitOptions, TestProgram
+    ANCIENT_SAMBA = False
+except ImportError:
+    ANCIENT_SAMBA = True
+    samba.ensure_external_module("testtools", "testtools")
+    samba.ensure_external_module("subunit", "subunit/python")
+    from subunit.run import SubunitTestRunner
+    import unittest
+
+from samba.samdb import SamDB
+from samba.auth import system_session
+from ldb import Message, MessageElement, Dn, LdbError
+from ldb import FLAG_MOD_ADD, FLAG_MOD_DELETE
+from ldb import SCOPE_BASE, SCOPE_SUBTREE
+from ldb import ERR_NO_SUCH_OBJECT
+
+parser = optparse.OptionParser("ad_dc_medley_performance.py [options] <host>")
+sambaopts = options.SambaOptions(parser)
+sambaopts.add_option("-p", "--use-paged-search", action="store_true",
+                     help="Use paged search module")
+
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+
+if not ANCIENT_SAMBA:
+    subunitopts = SubunitOptions(parser)
+    parser.add_option_group(subunitopts)
+
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+opts, args = parser.parse_args()
+
+if len(args) < 1:
+    parser.print_usage()
+    sys.exit(1)
+
+host = args[0]
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+
+random.seed(1)
+
+
+class PerfTestException(Exception):
+    pass
+
+
+BATCH_SIZE = 2000
+LINK_BATCH_SIZE = 1000
+DELETE_BATCH_SIZE = 50
+N_GROUPS = 29
+
+
+class GlobalState(object):
+    next_user_id = 0
+    n_groups = 0
+    next_linked_user = 0
+    next_relinked_user = 0
+    next_linked_user_3 = 0
+    next_removed_link_0 = 0
+    test_number = 0
+    active_links = set()
+
+
+class UserTests(samba.tests.TestCase):
+
+    def add_if_possible(self, *args, **kwargs):
+        """In these tests sometimes things are left in the database
+        deliberately, so we don't worry if we fail to add them a second
+        time."""
+        try:
+            self.ldb.add(*args, **kwargs)
+        except LdbError:
+            pass
+
+    def setUp(self):
+        super(UserTests, self).setUp()
+        self.state = GlobalState  # the class itself, not an instance
+        self.lp = lp
+
+        kwargs = {}
+        if opts.use_paged_search:
+            kwargs["options"] = ["modules:paged_searches"]
+
+        self.ldb = SamDB(host, credentials=creds,
+                         session_info=system_session(lp), lp=lp, **kwargs)
+        self.base_dn = self.ldb.domain_dn()
+        self.ou = "OU=pid%s,%s" % (os.getpid(), self.base_dn)
+        self.ou_users = "OU=users,%s" % self.ou
+        self.ou_groups = "OU=groups,%s" % self.ou
+        self.ou_computers = "OU=computers,%s" % self.ou
+
+        self.state.test_number += 1
+        random.seed(self.state.test_number)
+
+    def tearDown(self):
+        super(UserTests, self).tearDown()
+
+    def test_00_00_do_nothing(self):
+        # this gives us an idea of the overhead
+        pass
+
+    def test_00_01_do_nothing_relevant(self):
+        # takes around 1 second on i7-4770
+        j = 0
+        for i in range(30000000):
+            j += i
+
+    def test_00_02_do_nothing_sleepily(self):
+        time.sleep(1)
+
+    def test_00_03_add_ous_and_groups(self):
+        # initialise the database
+        for dn in (self.ou,
+                   self.ou_users,
+                   self.ou_groups,
+                   self.ou_computers):
+            self.ldb.add({
+                "dn": dn,
+                "objectclass": "organizationalUnit"
+            })
+
+        for i in range(N_GROUPS):
+            self.ldb.add({
+                "dn": "cn=g%d,%s" % (i, self.ou_groups),
+                "objectclass": "group"
+            })
+
+        self.state.n_groups = N_GROUPS
+
+    def _add_users(self, start, end):
+        for i in range(start, end):
+            self.ldb.add({
+                "dn": "cn=u%d,%s" % (i, self.ou_users),
+                "objectclass": "user"
+            })
+
+    def _add_users_ldif(self, start, end):
+        lines = []
+        for i in range(start, end):
+            lines.append("dn: cn=u%d,%s" % (i, self.ou_users))
+            lines.append("objectclass: user")
+            lines.append("")
+        self.ldb.add_ldif('\n'.join(lines))
+
+    def _test_join(self):
+        tmpdir = tempfile.mkdtemp()
+        if '://' in host:
+            server = host.split('://', 1)[1]
+        else:
+            server = host
+        result = samba_tool('domain', 'join',
+                            creds.get_realm(),
+                            "dc", "-U%s%%%s" % (creds.get_username(),
+                                                creds.get_password()),
+                            '--targetdir=%s' % tmpdir,
+                            '--server=%s' % server)
+        self.assertIsNone(result)
+
+        shutil.rmtree(tmpdir)
+
+    def _test_unindexed_search(self):
+        expressions = [
+            ('(&(objectclass=user)(description='
+             'Built-in account for adminstering the computer/domain))'),
+            '(description=Built-in account for adminstering the computer/domain)',
+            '(objectCategory=*)',
+            '(samaccountname=Administrator*)'
+        ]
+        for expression in expressions:
+            t = time.time()
+            for i in range(25):
+                self.ldb.search(self.ou,
+                                expression=expression,
+                                scope=SCOPE_SUBTREE,
+                                attrs=['cn'])
+            print('%d %s took %s' % (i, expression,
+                                     time.time() - t),
+                  file=sys.stderr)
+
+    def _test_indexed_search(self):
+        expressions = ['(objectclass=group)',
+                       '(samaccountname=Administrator)'
+                       ]
+        for expression in expressions:
+            t = time.time()
+            for i in range(4000):
+                self.ldb.search(self.ou,
+                                expression=expression,
+                                scope=SCOPE_SUBTREE,
+                                attrs=['cn'])
+            print('%d runs %s took %s' % (i, expression,
+                                          time.time() - t),
+                  file=sys.stderr)
+
+    def _test_base_search(self):
+        for dn in [self.base_dn, self.ou, self.ou_users,
+                   self.ou_groups, self.ou_computers]:
+            for i in range(4000):
+                try:
+                    self.ldb.search(dn,
+                                    scope=SCOPE_BASE,
+                                    attrs=['cn'])
+                except LdbError as e:
+                    (num, msg) = e.args
+                    if num != ERR_NO_SUCH_OBJECT:
+                        raise
+
+    def _test_base_search_failing(self):
+        pattern = 'missing%d' + self.ou
+        for i in range(4000):
+            try:
+                self.ldb.search(pattern % i,
+                                scope=SCOPE_BASE,
+                                attrs=['cn'])
+            except LdbError as e:
+                (num, msg) = e.args
+                if num != ERR_NO_SUCH_OBJECT:
+                    raise
+
+    def search_expression_list(self, expressions, rounds,
+                               attrs=None,
+                               scope=SCOPE_SUBTREE):
+        if attrs is None:
+            attrs = ['cn']
+        for expression in expressions:
+            t = time.time()
+            for i in range(rounds):
+                self.ldb.search(self.ou,
+                                expression=expression,
+                                scope=scope,
+                                attrs=attrs)
+            print('%d runs %s took %s' % (i, expression,
+                                          time.time() - t),
+                  file=sys.stderr)
+
+    def _test_complex_search(self, n=100):
+        classes = ['samaccountname', 'objectCategory', 'dn', 'member']
+        values = ['*', '*t*', 'g*', 'user']
+        comparators = ['=', '<=', '>=']  # '~=' causes error
+        maybe_not = ['!(', '']
+        joiners = ['&', '|']
+
+        # The number of permutations is 18432, which is not huge but
+        # would take hours to search. So we take a sample.
+        all_permutations = list(itertools.product(joiners,
+                                                  classes, classes,
+                                                  values, values,
+                                                  comparators, comparators,
+                                                  maybe_not, maybe_not))
+
+        expressions = []
+
+        for (j, c1, c2, v1, v2,
+             o1, o2, n1, n2) in random.sample(all_permutations, n):
+            expression = ''.join(['(', j,
+                                  '(', n1, c1, o1, v1,
+                                  '))' if n1 else ')',
+                                  '(', n2, c2, o2, v2,
+                                  '))' if n2 else ')',
+                                  ')'])
+            expressions.append(expression)
+
+        self.search_expression_list(expressions, 1)
+
+    def _test_member_search(self, rounds=10):
+        expressions = []
+        for d in range(20):
+            expressions.append('(member=cn=u%d,%s)' % (d + 500, self.ou_users))
+            expressions.append('(member=u%d*)' % (d + 700,))
+
+        self.search_expression_list(expressions, rounds)
+
+    def _test_memberof_search(self, rounds=200):
+        expressions = []
+        for i in range(min(self.state.n_groups, rounds)):
+            expressions.append('(memberOf=cn=g%d,%s)' % (i, self.ou_groups))
+            expressions.append('(memberOf=cn=g%d*)' % (i,))
+            expressions.append('(memberOf=cn=*%s*)' % self.ou_groups)
+
+        self.search_expression_list(expressions, 2)
+
+    def _test_add_many_users(self, n=BATCH_SIZE):
+        s = self.state.next_user_id
+        e = s + n
+        self._add_users(s, e)
+        self.state.next_user_id = e
+
+    def _test_add_many_users_ldif(self, n=BATCH_SIZE):
+        s = self.state.next_user_id
+        e = s + n
+        self._add_users_ldif(s, e)
+        self.state.next_user_id = e
+
+    def _link_user_and_group(self, u, g):
+        link = (u, g)
+        if link in self.state.active_links:
+            return False
+
+        m = Message()
+        m.dn = Dn(self.ldb, "CN=g%d,%s" % (g, self.ou_groups))
+        m["member"] = MessageElement("cn=u%d,%s" % (u, self.ou_users),
+                                     FLAG_MOD_ADD, "member")
+        self.ldb.modify(m)
+        self.state.active_links.add(link)
+        return True
+
+    def _unlink_user_and_group(self, u, g):
+        link = (u, g)
+        if link not in self.state.active_links:
+            return False
+
+        user = "cn=u%d,%s" % (u, self.ou_users)
+        group = "CN=g%d,%s" % (g, self.ou_groups)
+        m = Message()
+        m.dn = Dn(self.ldb, group)
+        m["member"] = MessageElement(user, FLAG_MOD_DELETE, "member")
+        self.ldb.modify(m)
+        self.state.active_links.remove(link)
+        return True
+
+    def _test_link_many_users(self, n=LINK_BATCH_SIZE):
+        # this links unevenly, putting more users in the first group
+        # and fewer in the last.
+        ng = self.state.n_groups
+        nu = self.state.next_user_id
+        while n:
+            u = random.randrange(nu)
+            g = random.randrange(random.randrange(ng) + 1)
+            if self._link_user_and_group(u, g):
+                n -= 1
+
+    def _test_link_many_users_batch(self, n=(LINK_BATCH_SIZE * 10)):
+        # this links unevenly, putting more users in the first group
+        # and fewer in the last.
+        ng = self.state.n_groups
+        nu = self.state.next_user_id
+        messages = []
+        for g in range(ng):
+            m = Message()
+            m.dn = Dn(self.ldb, "CN=g%d,%s" % (g, self.ou_groups))
+            messages.append(m)
+
+        while n:
+            u = random.randrange(nu)
+            g = random.randrange(random.randrange(ng) + 1)
+            link = (u, g)
+            if link in self.state.active_links:
+                continue
+            m = messages[g]
+            m["member%s" % u] = MessageElement("cn=u%d,%s" %
+                                               (u, self.ou_users),
+                                               FLAG_MOD_ADD, "member")
+            self.state.active_links.add(link)
+            n -= 1
+
+        for m in messages:
+            try:
+                self.ldb.modify(m)
+            except LdbError as e:
+                print(e)
+                print(m)
+
+    def _test_remove_some_links(self, n=(LINK_BATCH_SIZE // 2)):
+        victims = random.sample(list(self.state.active_links), n)
+        for x in victims:
+            self._unlink_user_and_group(*x)
+
+    test_00_11_join_empty_dc = _test_join
+
+    test_00_12_adding_users_2000 = _test_add_many_users
+
+    test_00_20_join_unlinked_2k_users = _test_join
+    test_00_21_unindexed_search_2k_users = _test_unindexed_search
+    test_00_22_indexed_search_2k_users = _test_indexed_search
+
+    test_00_23_complex_search_2k_users = _test_complex_search
+    test_00_24_member_search_2k_users = _test_member_search
+    test_00_25_memberof_search_2k_users = _test_memberof_search
+
+    test_00_27_base_search_2k_users = _test_base_search
+    test_00_28_base_search_failing_2k_users = _test_base_search_failing
+
+    test_01_01_link_2k_users = _test_link_many_users
+    test_01_02_link_2k_users_batch = _test_link_many_users_batch
+
+    test_02_10_join_2k_linked_dc = _test_join
+    test_02_11_unindexed_search_2k_linked_dc = _test_unindexed_search
+    test_02_12_indexed_search_2k_linked_dc = _test_indexed_search
+
+    test_04_01_remove_some_links_2k = _test_remove_some_links
+
+    test_05_01_adding_users_after_links_4k_ldif = _test_add_many_users_ldif
+
+    test_06_04_link_users_4k = _test_link_many_users
+    test_06_05_link_users_4k_batch = _test_link_many_users_batch
+
+    test_07_01_adding_users_after_links_6k = _test_add_many_users
+
+    def _test_ldif_well_linked_group(self, link_chance=1.0):
+        g = self.state.n_groups
+        self.state.n_groups += 1
+        lines = ["dn: CN=g%d,%s" % (g, self.ou_groups),
+                 "objectclass: group"]
+
+        for i in range(self.state.next_user_id):
+            if random.random() <= link_chance:
+                lines.append("member: cn=u%d,%s" % (i, self.ou_users))
+                self.state.active_links.add((i, g))
+
+        lines.append("")
+        self.ldb.add_ldif('\n'.join(lines))
+
+    test_09_01_add_fully_linked_group = _test_ldif_well_linked_group
+
+    def test_09_02_add_exponentially_diminishing_linked_groups(self):
+        linkage = 0.8
+        while linkage > 0.01:
+            self._test_ldif_well_linked_group(linkage)
+            linkage *= 0.75
+
+    test_09_04_link_users_6k = _test_link_many_users
+
+    test_10_01_unindexed_search_6k_users = _test_unindexed_search
+    test_10_02_indexed_search_6k_users = _test_indexed_search
+
+    test_10_27_base_search_6k_users = _test_base_search
+    test_10_28_base_search_failing_6k_users = _test_base_search_failing
+
+    def test_10_03_complex_search_6k_users(self):
+        self._test_complex_search(n=50)
+
+    def test_10_04_member_search_6k_users(self):
+        self._test_member_search(rounds=1)
+
+    def test_10_05_memberof_search_6k_users(self):
+        self._test_memberof_search(rounds=5)
+
+    test_11_02_join_full_dc = _test_join
+
+    test_12_01_remove_some_links_6k = _test_remove_some_links
+
+    def _test_delete_many_users(self, n=DELETE_BATCH_SIZE):
+        e = self.state.next_user_id
+        s = max(0, e - n)
+        self.state.next_user_id = s
+        for i in range(s, e):
+            self.ldb.delete("cn=u%d,%s" % (i, self.ou_users))
+
+        for x in tuple(self.state.active_links):
+            if s >= x[0] > e:
+                self.state.active_links.remove(x)
+
+    test_20_01_delete_users_6k = _test_delete_many_users
+
+    def test_21_01_delete_10_groups(self):
+        for i in range(self.state.n_groups - 10, self.state.n_groups):
+            self.ldb.delete("cn=g%d,%s" % (i, self.ou_groups))
+        self.state.n_groups -= 10
+        for x in tuple(self.state.active_links):
+            if x[1] >= self.state.n_groups:
+                self.state.active_links.remove(x)
+
+    test_21_02_delete_users_5950 = _test_delete_many_users
+
+    def test_22_01_delete_all_groups(self):
+        for i in range(self.state.n_groups):
+            self.ldb.delete("cn=g%d,%s" % (i, self.ou_groups))
+        self.state.n_groups = 0
+        self.state.active_links = set()
+
+    # XXX assert the state is as we think, using searches
+
+    def test_23_01_delete_users_5900_after_groups(self):
+        # we do not delete everything because it takes too long
+        n = 4 * DELETE_BATCH_SIZE
+        self._test_delete_many_users(n=n)
+
+    test_24_02_join_after_partial_cleanup = _test_join
+
+
+if "://" not in host:
+    if os.path.isfile(host):
+        host = "tdb://%s" % host
+    else:
+        host = "ldap://%s" % host
+
+
+if ANCIENT_SAMBA:
+    runner = SubunitTestRunner()
+    if not runner.run(unittest.TestLoader().loadTestsFromTestCase(
+            UserTests)).wasSuccessful():
+        sys.exit(1)
+    sys.exit(0)
+else:
+    TestProgram(module=__name__, opts=subunitopts)
diff --git a/source4/dsdb/tests/python/ad_dc_multi_bind.py b/source4/dsdb/tests/python/ad_dc_multi_bind.py
new file mode 100644
index 0000000..93a1c30
--- /dev/null
+++ b/source4/dsdb/tests/python/ad_dc_multi_bind.py
@@ -0,0 +1,88 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+import optparse
+import sys
+sys.path.insert(0, 'bin/python')
+
+import os
+import samba
+import samba.getopt as options
+
+# We try to use the test infrastructure of Samba 4.3+, but if it
+# doesn't work, we are probably in a back-ported patch and trying to
+# run on 4.1 or something.
+#
+# Don't copy this horror into ordinary tests -- it is special for
+# performance tests that want to apply to old versions.
+try:
+    from samba.tests.subunitrun import SubunitOptions, TestProgram
+    ANCIENT_SAMBA = False
+except ImportError:
+    ANCIENT_SAMBA = True
+    samba.ensure_external_module("testtools", "testtools")
+    samba.ensure_external_module("subunit", "subunit/python")
+    from subunit.run import SubunitTestRunner
+    import unittest
+
+from samba.samdb import SamDB
+from samba.auth import system_session
+from ldb import SCOPE_BASE
+
+parser = optparse.OptionParser("ad_dc_multi_bind.py [options] <host>")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+
+if not ANCIENT_SAMBA:
+    subunitopts = SubunitOptions(parser)
+    parser.add_option_group(subunitopts)
+
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+opts, args = parser.parse_args()
+
+
+if len(args) < 1:
+    parser.print_usage()
+    sys.exit(1)
+
+host = args[0]
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+
+
+class UserTests(samba.tests.TestCase):
+
+    def setUp(self):
+        super(UserTests, self).setUp()
+        self.lp = lp
+
+    def tearDown(self):
+        super(UserTests, self).tearDown()
+
+    def test_1000_binds(self):
+
+        for x in range(1, 1000):
+            samdb = SamDB(host, credentials=creds,
+                          session_info=system_session(self.lp), lp=self.lp)
+            samdb.search(base=samdb.domain_dn(),
+                         scope=SCOPE_BASE, attrs=["*"])
+
+
+if "://" not in host:
+    if os.path.isfile(host):
+        host = "tdb://%s" % host
+    else:
+        host = "ldap://%s" % host
+
+
+if ANCIENT_SAMBA:
+    runner = SubunitTestRunner()
+    if not runner.run(unittest.TestLoader().loadTestsFromTestCase(
+            UserTests)).wasSuccessful():
+        sys.exit(1)
+    sys.exit(0)
+else:
+    TestProgram(module=__name__, opts=subunitopts)
diff --git a/source4/dsdb/tests/python/ad_dc_performance.py b/source4/dsdb/tests/python/ad_dc_performance.py
new file mode 100644
index 0000000..b8863b5
--- /dev/null
+++ b/source4/dsdb/tests/python/ad_dc_performance.py
@@ -0,0 +1,340 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+import optparse
+import sys
+sys.path.insert(0, 'bin/python')
+
+import os
+import samba
+import samba.getopt as options
+import random
+import tempfile
+import shutil
+import time
+
+from samba.netcmd.main import samba_tool
+
+# We try to use the test infrastructure of Samba 4.3+, but if it
+# doesn't work, we are probably in a back-ported patch and trying to
+# run on 4.1 or something.
+#
+# Don't copy this horror into ordinary tests -- it is special for
+# performance tests that want to apply to old versions.
+try:
+    from samba.tests.subunitrun import SubunitOptions, TestProgram
+    ANCIENT_SAMBA = False
+except ImportError:
+    ANCIENT_SAMBA = True
+    samba.ensure_external_module("testtools", "testtools")
+    samba.ensure_external_module("subunit", "subunit/python")
+    from subunit.run import SubunitTestRunner
+    import unittest
+
+from samba.samdb import SamDB
+from samba.auth import system_session
+from ldb import Message, MessageElement, Dn, LdbError
+from ldb import FLAG_MOD_ADD, FLAG_MOD_DELETE
+from ldb import SCOPE_SUBTREE
+
+parser = optparse.OptionParser("ad_dc_performance.py [options] <host>")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+
+if not ANCIENT_SAMBA:
+    subunitopts = SubunitOptions(parser)
+    parser.add_option_group(subunitopts)
+
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+opts, args = parser.parse_args()
+
+
+if len(args) < 1:
+    parser.print_usage()
+    sys.exit(1)
+
+host = args[0]
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+
+random.seed(1)
+
+
+class PerfTestException(Exception):
+    pass
+
+
+BATCH_SIZE = 1000
+N_GROUPS = 5
+
+
+class GlobalState(object):
+    next_user_id = 0
+    n_groups = 0
+    next_linked_user = 0
+    next_relinked_user = 0
+    next_linked_user_3 = 0
+    next_removed_link_0 = 0
+
+
+class UserTests(samba.tests.TestCase):
+
+    def add_if_possible(self, *args, **kwargs):
+        """In these tests sometimes things are left in the database
+        deliberately, so we don't worry if we fail to add them a second
+        time."""
+        try:
+            self.ldb.add(*args, **kwargs)
+        except LdbError:
+            pass
+
+    def setUp(self):
+        super(UserTests, self).setUp()
+        self.state = GlobalState  # the class itself, not an instance
+        self.lp = lp
+        self.ldb = SamDB(host, credentials=creds,
+                         session_info=system_session(lp), lp=lp)
+        self.base_dn = self.ldb.domain_dn()
+        self.ou = "OU=pid%s,%s" % (os.getpid(), self.base_dn)
+        self.ou_users = "OU=users,%s" % self.ou
+        self.ou_groups = "OU=groups,%s" % self.ou
+        self.ou_computers = "OU=computers,%s" % self.ou
+
+        for dn in (self.ou, self.ou_users, self.ou_groups,
+                   self.ou_computers):
+            self.add_if_possible({
+                "dn": dn,
+                "objectclass": "organizationalUnit"})
+
+    def tearDown(self):
+        super(UserTests, self).tearDown()
+
+    def test_00_00_do_nothing(self):
+        # this gives us an idea of the overhead
+        pass
+
+    def _prepare_n_groups(self, n):
+        self.state.n_groups = n
+        for i in range(n):
+            self.add_if_possible({
+                "dn": "cn=g%d,%s" % (i, self.ou_groups),
+                "objectclass": "group"})
+
+    def _add_users(self, start, end):
+        for i in range(start, end):
+            self.ldb.add({
+                "dn": "cn=u%d,%s" % (i, self.ou_users),
+                "objectclass": "user"})
+
+    def _test_join(self):
+        tmpdir = tempfile.mkdtemp()
+        if '://' in host:
+            server = host.split('://', 1)[1]
+        else:
+            server = host
+        result = samba_tool('domain', 'join',
+                            creds.get_realm(),
+                            "dc", "-U%s%%%s" % (creds.get_username(),
+                                                creds.get_password()),
+                            '--targetdir=%s' % tmpdir,
+                            '--server=%s' % server)
+        self.assertIsNone(result)
+
+        shutil.rmtree(tmpdir)
+
+    def _test_unindexed_search(self):
+        expressions = [
+            ('(&(objectclass=user)(description='
+             'Built-in account for adminstering the computer/domain))'),
+            '(description=Built-in account for adminstering the computer/domain)',
+            '(objectCategory=*)',
+            '(samaccountname=Administrator*)'
+        ]
+        for expression in expressions:
+            t = time.time()
+            for i in range(10):
+                self.ldb.search(self.ou,
+                                expression=expression,
+                                scope=SCOPE_SUBTREE,
+                                attrs=['cn'])
+            print('%d %s took %s' % (i, expression,
+                                     time.time() - t), file=sys.stderr)
+
+    def _test_indexed_search(self):
+        expressions = ['(objectclass=group)',
+                       '(samaccountname=Administrator)'
+                       ]
+        for expression in expressions:
+            t = time.time()
+            for i in range(100):
+                self.ldb.search(self.ou,
+                                expression=expression,
+                                scope=SCOPE_SUBTREE,
+                                attrs=['cn'])
+            print('%d runs %s took %s' % (i, expression,
+                                          time.time() - t), file=sys.stderr)
+
+    def _test_add_many_users(self, n=BATCH_SIZE):
+        s = self.state.next_user_id
+        e = s + n
+        self._add_users(s, e)
+        self.state.next_user_id = e
+
+    test_00_00_join_empty_dc = _test_join
+
+    test_00_01_adding_users_1000 = _test_add_many_users
+    test_00_02_adding_users_2000 = _test_add_many_users
+    test_00_03_adding_users_3000 = _test_add_many_users
+
+    test_00_10_join_unlinked_dc = _test_join
+    test_00_11_unindexed_search_3k_users = _test_unindexed_search
+    test_00_12_indexed_search_3k_users = _test_indexed_search
+
+    def _link_user_and_group(self, u, g):
+        m = Message()
+        m.dn = Dn(self.ldb, "CN=g%d,%s" % (g, self.ou_groups))
+        m["member"] = MessageElement("cn=u%d,%s" % (u, self.ou_users),
+                                     FLAG_MOD_ADD, "member")
+        self.ldb.modify(m)
+
+    def _unlink_user_and_group(self, u, g):
+        user = "cn=u%d,%s" % (u, self.ou_users)
+        group = "CN=g%d,%s" % (g, self.ou_groups)
+        m = Message()
+        m.dn = Dn(self.ldb, group)
+        m["member"] = MessageElement(user, FLAG_MOD_DELETE, "member")
+        self.ldb.modify(m)
+
+    def _test_link_many_users(self, n=BATCH_SIZE):
+        self._prepare_n_groups(N_GROUPS)
+        s = self.state.next_linked_user
+        e = s + n
+        for i in range(s, e):
+            g = i % N_GROUPS
+            self._link_user_and_group(i, g)
+        self.state.next_linked_user = e
+
+    test_01_01_link_users_1000 = _test_link_many_users
+    test_01_02_link_users_2000 = _test_link_many_users
+    test_01_03_link_users_3000 = _test_link_many_users
+
+    def _test_link_many_users_offset_1(self, n=BATCH_SIZE):
+        s = self.state.next_relinked_user
+        e = s + n
+        for i in range(s, e):
+            g = (i + 1) % N_GROUPS
+            self._link_user_and_group(i, g)
+        self.state.next_relinked_user = e
+
+    test_02_01_link_users_again_1000 = _test_link_many_users_offset_1
+    test_02_02_link_users_again_2000 = _test_link_many_users_offset_1
+    test_02_03_link_users_again_3000 = _test_link_many_users_offset_1
+
+    test_02_10_join_partially_linked_dc = _test_join
+    test_02_11_unindexed_search_partially_linked_dc = _test_unindexed_search
+    test_02_12_indexed_search_partially_linked_dc = _test_indexed_search
+
+    def _test_link_many_users_3_groups(self, n=BATCH_SIZE, groups=3):
+        s = self.state.next_linked_user_3
+        e = s + n
+        self.state.next_linked_user_3 = e
+        for i in range(s, e):
+            g = (i + 2) % groups
+            if g not in (i % N_GROUPS, (i + 1) % N_GROUPS):
+                self._link_user_and_group(i, g)
+
+    test_03_01_link_users_again_1000_few_groups = _test_link_many_users_3_groups
+    test_03_02_link_users_again_2000_few_groups = _test_link_many_users_3_groups
+    test_03_03_link_users_again_3000_few_groups = _test_link_many_users_3_groups
+
+    def _test_remove_links_0(self, n=BATCH_SIZE):
+        s = self.state.next_removed_link_0
+        e = s + n
+        self.state.next_removed_link_0 = e
+        for i in range(s, e):
+            g = i % N_GROUPS
+            self._unlink_user_and_group(i, g)
+
+    test_04_01_remove_some_links_1000 = _test_remove_links_0
+    test_04_02_remove_some_links_2000 = _test_remove_links_0
+    test_04_03_remove_some_links_3000 = _test_remove_links_0
+
+    # back to using _test_add_many_users
+    test_05_01_adding_users_after_links_4000 = _test_add_many_users
+
+    # reset the link count, to replace the original links
+    def test_06_01_relink_users_1000(self):
+        self.state.next_linked_user = 0
+        self._test_link_many_users()
+
+    test_06_02_link_users_2000 = _test_link_many_users
+    test_06_03_link_users_3000 = _test_link_many_users
+    test_06_04_link_users_4000 = _test_link_many_users
+    test_06_05_link_users_again_4000 = _test_link_many_users_offset_1
+    test_06_06_link_users_again_4000_few_groups = _test_link_many_users_3_groups
+
+    test_07_01_adding_users_after_links_5000 = _test_add_many_users
+
+    def _test_link_random_users_and_groups(self, n=BATCH_SIZE, groups=100):
+        self._prepare_n_groups(groups)
+        for i in range(n):
+            u = random.randrange(self.state.next_user_id)
+            g = random.randrange(groups)
+            try:
+                self._link_user_and_group(u, g)
+            except LdbError:
+                pass
+
+    test_08_01_link_random_users_100_groups = _test_link_random_users_and_groups
+    test_08_02_link_random_users_100_groups = _test_link_random_users_and_groups
+
+    test_10_01_unindexed_search_full_dc = _test_unindexed_search
+    test_10_02_indexed_search_full_dc = _test_indexed_search
+    test_11_02_join_full_dc = _test_join
+
+    def test_20_01_delete_50_groups(self):
+        for i in range(self.state.n_groups - 50, self.state.n_groups):
+            self.ldb.delete("cn=g%d,%s" % (i, self.ou_groups))
+        self.state.n_groups -= 50
+
+    def _test_delete_many_users(self, n=BATCH_SIZE):
+        e = self.state.next_user_id
+        s = max(0, e - n)
+        self.state.next_user_id = s
+        for i in range(s, e):
+            self.ldb.delete("cn=u%d,%s" % (i, self.ou_users))
+
+    test_21_01_delete_users_5000_lightly_linked = _test_delete_many_users
+    test_21_02_delete_users_4000_lightly_linked = _test_delete_many_users
+    test_21_03_delete_users_3000 = _test_delete_many_users
+
+    def test_22_01_delete_all_groups(self):
+        for i in range(self.state.n_groups):
+            self.ldb.delete("cn=g%d,%s" % (i, self.ou_groups))
+        self.state.n_groups = 0
+
+    test_23_01_delete_users_after_groups_2000 = _test_delete_many_users
+    test_23_00_delete_users_after_groups_1000 = _test_delete_many_users
+
+    test_24_02_join_after_cleanup = _test_join
+
+
+if "://" not in host:
+    if os.path.isfile(host):
+        host = "tdb://%s" % host
+    else:
+        host = "ldap://%s" % host
+
+
+if ANCIENT_SAMBA:
+    runner = SubunitTestRunner()
+    if not runner.run(unittest.TestLoader().loadTestsFromTestCase(
+            UserTests)).wasSuccessful():
+        sys.exit(1)
+    sys.exit(0)
+else:
+    TestProgram(module=__name__, opts=subunitopts)
diff --git a/source4/dsdb/tests/python/ad_dc_provision_performance.py b/source4/dsdb/tests/python/ad_dc_provision_performance.py
new file mode 100644
index 0000000..bfe9226
--- /dev/null
+++ b/source4/dsdb/tests/python/ad_dc_provision_performance.py
@@ -0,0 +1,131 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+import optparse
+import sys
+sys.path.insert(0, 'bin/python')
+
+import os
+import samba
+import samba.getopt as options
+import random
+import tempfile
+import shutil
+import subprocess
+
+from samba.netcmd.main import samba_tool
+
+# We try to use the test infrastructure of Samba 4.3+, but if it
+# doesn't work, we are probably in a back-ported patch and trying to
+# run on 4.1 or something.
+#
+# Don't copy this horror into ordinary tests -- it is special for
+# performance tests that want to apply to old versions.
+try:
+    from samba.tests.subunitrun import SubunitOptions, TestProgram
+    ANCIENT_SAMBA = False
+except ImportError:
+    ANCIENT_SAMBA = True
+    samba.ensure_external_module("testtools", "testtools")
+    samba.ensure_external_module("subunit", "subunit/python")
+    from subunit.run import SubunitTestRunner
+    import unittest
+
+parser = optparse.OptionParser("ad_dc_provision_performance.py [options] <host>")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+
+if not ANCIENT_SAMBA:
+    subunitopts = SubunitOptions(parser)
+    parser.add_option_group(subunitopts)
+
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+opts, args = parser.parse_args()
+
+
+if len(args) < 1:
+    parser.print_usage()
+    sys.exit(1)
+
+host = args[0]
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+
+random.seed(1)
+
+
+class PerfTestException(Exception):
+    pass
+
+
+class UserTests(samba.tests.TestCase):
+
+    def setUp(self):
+        super(UserTests, self).setUp()
+        self.tmpdir = tempfile.mkdtemp()
+
+    def tearDown(self):
+        shutil.rmtree(self.tmpdir)
+
+    def test_00_00_do_nothing(self):
+        # this gives us an idea of the overhead
+        pass
+
+    def _test_provision_subprocess(self, options=None, subdir=None):
+        if subdir is None:
+            d = self.tmpdir
+        else:
+            d = os.path.join(self.tmpdir, str(subdir))
+            os.mkdir(d)
+
+        cmd = ['bin/samba-tool', 'domain', 'provision', '--targetdir',
+               d, '--realm=realm.com', '--use-ntvfs', '--domain=dom']
+
+        if options:
+            options.extend(options)
+        subprocess.check_call(cmd)
+
+    test_01_00_provision_subprocess = _test_provision_subprocess
+
+    def test_01_00_provision_subprocess_overwrite(self):
+        for i in range(2):
+            self._test_provision_subprocess()
+
+    def test_02_00_provision_cmd_sambatool(self):
+        result = samba_tool('domain', 'provision',
+                            '--targetdir=%s' % self.tmpdir,
+                            '--use-ntvfs')
+        self.assertIsNone(result)
+
+    def test_03_00_provision_server_role(self):
+        for role in ('member', 'server', 'member', 'standalone'):
+            self._test_provision_subprocess(options=['--server-role', role],
+                                            subdir=role)
+
+    def test_04_00_provision_blank(self):
+        for i in range(2):
+            self._test_provision_subprocess(options=['--blank'],
+                                            subdir=i)
+
+    def test_05_00_provision_partitions_only(self):
+        self._test_provision_subprocess(options=['--partitions-only'])
+
+
+if "://" not in host:
+    if os.path.isfile(host):
+        host = "tdb://%s" % host
+    else:
+        host = "ldap://%s" % host
+
+
+if ANCIENT_SAMBA:
+    runner = SubunitTestRunner()
+    if not runner.run(unittest.TestLoader().loadTestsFromTestCase(
+            UserTests)).wasSuccessful():
+        sys.exit(1)
+    sys.exit(0)
+else:
+    TestProgram(module=__name__, opts=subunitopts)
diff --git a/source4/dsdb/tests/python/ad_dc_search_performance.py b/source4/dsdb/tests/python/ad_dc_search_performance.py
new file mode 100644
index 0000000..aabcc22
--- /dev/null
+++ b/source4/dsdb/tests/python/ad_dc_search_performance.py
@@ -0,0 +1,296 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+import optparse
+import sys
+sys.path.insert(0, 'bin/python')
+
+import os
+import samba
+import samba.getopt as options
+import random
+import time
+import itertools
+
+# We try to use the test infrastructure of Samba 4.3+, but if it
+# doesn't work, we are probably in a back-ported patch and trying to
+# run on 4.1 or something.
+#
+# Don't copy this horror into ordinary tests -- it is special for
+# performance tests that want to apply to old versions.
+try:
+    from samba.tests.subunitrun import SubunitOptions, TestProgram
+    ANCIENT_SAMBA = False
+except ImportError:
+    ANCIENT_SAMBA = True
+    samba.ensure_external_module("testtools", "testtools")
+    samba.ensure_external_module("subunit", "subunit/python")
+    from subunit.run import SubunitTestRunner
+    import unittest
+
+from samba.samdb import SamDB
+from samba.auth import system_session
+from ldb import Message, MessageElement, Dn, LdbError
+from ldb import FLAG_MOD_ADD
+from ldb import SCOPE_SUBTREE
+
+parser = optparse.OptionParser("ad_dc_search_performance.py [options] <host>")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+
+if not ANCIENT_SAMBA:
+    subunitopts = SubunitOptions(parser)
+    parser.add_option_group(subunitopts)
+
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+opts, args = parser.parse_args()
+
+
+if len(args) < 1:
+    parser.print_usage()
+    sys.exit(1)
+
+host = args[0]
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+
+random.seed(1)
+
+
+class PerfTestException(Exception):
+    pass
+
+
+BATCH_SIZE = 1000
+N_GROUPS = 5
+
+
+class GlobalState(object):
+    next_user_id = 0
+    n_groups = 0
+    next_linked_user = 0
+    next_relinked_user = 0
+    next_linked_user_3 = 0
+    next_removed_link_0 = 0
+
+
+class UserTests(samba.tests.TestCase):
+
+    def add_if_possible(self, *args, **kwargs):
+        """In these tests sometimes things are left in the database
+        deliberately, so we don't worry if we fail to add them a second
+        time."""
+        try:
+            self.ldb.add(*args, **kwargs)
+        except LdbError:
+            pass
+
+    def setUp(self):
+        super(UserTests, self).setUp()
+        self.state = GlobalState  # the class itself, not an instance
+        self.lp = lp
+        self.ldb = SamDB(host, credentials=creds,
+                         session_info=system_session(lp), lp=lp)
+        self.base_dn = self.ldb.domain_dn()
+        self.ou = "OU=pid%s,%s" % (os.getpid(), self.base_dn)
+        self.ou_users = "OU=users,%s" % self.ou
+        self.ou_groups = "OU=groups,%s" % self.ou
+        self.ou_computers = "OU=computers,%s" % self.ou
+
+        for dn in (self.ou, self.ou_users, self.ou_groups,
+                   self.ou_computers):
+            self.add_if_possible({
+                "dn": dn,
+                "objectclass": "organizationalUnit"})
+
+    def tearDown(self):
+        super(UserTests, self).tearDown()
+
+    def test_00_00_do_nothing(self):
+        # this gives us an idea of the overhead
+        pass
+
+    def _prepare_n_groups(self, n):
+        self.state.n_groups = n
+        for i in range(n):
+            self.add_if_possible({
+                "dn": "cn=g%d,%s" % (i, self.ou_groups),
+                "objectclass": "group"})
+
+    def _add_users(self, start, end):
+        for i in range(start, end):
+            self.ldb.add({
+                "dn": "cn=u%d,%s" % (i, self.ou_users),
+                "objectclass": "user"})
+
+    def _add_users_ldif(self, start, end):
+        lines = []
+        for i in range(start, end):
+            lines.append("dn: cn=u%d,%s" % (i, self.ou_users))
+            lines.append("objectclass: user")
+            lines.append("")
+        self.ldb.add_ldif('\n'.join(lines))
+
+    def _test_unindexed_search(self):
+        expressions = [
+            ('(&(objectclass=user)(description='
+             'Built-in account for adminstering the computer/domain))'),
+            '(description=Built-in account for adminstering the computer/domain)',
+            '(objectCategory=*)',
+            '(samaccountname=Administrator*)'
+        ]
+        for expression in expressions:
+            t = time.time()
+            for i in range(50):
+                self.ldb.search(self.ou,
+                                expression=expression,
+                                scope=SCOPE_SUBTREE,
+                                attrs=['cn'])
+            print('%d %s took %s' % (i, expression,
+                                     time.time() - t),
+                  file=sys.stderr)
+
+    def _test_indexed_search(self):
+        expressions = ['(objectclass=group)',
+                       '(samaccountname=Administrator)'
+                       ]
+        for expression in expressions:
+            t = time.time()
+            for i in range(10000):
+                self.ldb.search(self.ou,
+                                expression=expression,
+                                scope=SCOPE_SUBTREE,
+                                attrs=['cn'])
+            print('%d runs %s took %s' % (i, expression,
+                                          time.time() - t),
+                  file=sys.stderr)
+
+    def _test_complex_search(self):
+        classes = ['samaccountname', 'objectCategory', 'dn', 'member']
+        values = ['*', '*t*', 'g*', 'user']
+        comparators = ['=', '<=', '>=']  # '~=' causes error
+        maybe_not = ['!(', '']
+        joiners = ['&', '|']
+
+        # The number of permutations is 18432, which is not huge but
+        # would take hours to search. So we take a sample.
+        all_permutations = list(itertools.product(joiners,
+                                                  classes, classes,
+                                                  values, values,
+                                                  comparators, comparators,
+                                                  maybe_not, maybe_not))
+        random.seed(1)
+
+        for (j, c1, c2, v1, v2,
+             o1, o2, n1, n2) in random.sample(all_permutations, 100):
+            expression = ''.join(['(', j,
+                                  '(', n1, c1, o1, v1,
+                                  '))' if n1 else ')',
+                                  '(', n2, c2, o2, v2,
+                                  '))' if n2 else ')',
+                                  ')'])
+            print(expression)
+            self.ldb.search(self.ou,
+                            expression=expression,
+                            scope=SCOPE_SUBTREE,
+                            attrs=['cn'])
+
+    def _test_member_search(self, rounds=10):
+        expressions = []
+        for d in range(50):
+            expressions.append('(member=cn=u%d,%s)' % (d + 500, self.ou_users))
+            expressions.append('(member=u%d*)' % (d + 700,))
+        for i in range(N_GROUPS):
+            expressions.append('(memberOf=cn=g%d,%s)' % (i, self.ou_groups))
+            expressions.append('(memberOf=cn=g%d*)' % (i,))
+            expressions.append('(memberOf=cn=*%s*)' % self.ou_groups)
+
+        for expression in expressions:
+            t = time.time()
+            for i in range(rounds):
+                self.ldb.search(self.ou,
+                                expression=expression,
+                                scope=SCOPE_SUBTREE,
+                                attrs=['cn'])
+            print('%d runs %s took %s' % (i, expression,
+                                          time.time() - t),
+                  file=sys.stderr)
+
+    def _test_add_many_users(self, n=BATCH_SIZE):
+        s = self.state.next_user_id
+        e = s + n
+        self._add_users(s, e)
+        self.state.next_user_id = e
+
+    def _test_add_many_users_ldif(self, n=BATCH_SIZE):
+        s = self.state.next_user_id
+        e = s + n
+        self._add_users_ldif(s, e)
+        self.state.next_user_id = e
+
+    def _link_user_and_group(self, u, g):
+        m = Message()
+        m.dn = Dn(self.ldb, "CN=g%d,%s" % (g, self.ou_groups))
+        m["member"] = MessageElement("cn=u%d,%s" % (u, self.ou_users),
+                                     FLAG_MOD_ADD, "member")
+        self.ldb.modify(m)
+
+    def _test_link_many_users(self, n=BATCH_SIZE):
+        self._prepare_n_groups(N_GROUPS)
+        s = self.state.next_linked_user
+        e = s + n
+        for i in range(s, e):
+            # put everyone in group 0, and one other group
+            g = i % (N_GROUPS - 1) + 1
+            self._link_user_and_group(i, g)
+            self._link_user_and_group(i, 0)
+        self.state.next_linked_user = e
+
+    test_00_01_adding_users_1000 = _test_add_many_users
+
+    test_00_10_complex_search_1k_users = _test_complex_search
+    test_00_11_unindexed_search_1k_users = _test_unindexed_search
+    test_00_12_indexed_search_1k_users = _test_indexed_search
+    test_00_13_member_search_1k_users = _test_member_search
+
+    test_01_02_adding_users_2000_ldif = _test_add_many_users_ldif
+    test_01_03_adding_users_3000 = _test_add_many_users
+
+    test_01_10_complex_search_3k_users = _test_complex_search
+    test_01_11_unindexed_search_3k_users = _test_unindexed_search
+    test_01_12_indexed_search_3k_users = _test_indexed_search
+
+    def test_01_13_member_search_3k_users(self):
+        self._test_member_search(rounds=5)
+
+    test_02_01_link_users_1000 = _test_link_many_users
+    test_02_02_link_users_2000 = _test_link_many_users
+    test_02_03_link_users_3000 = _test_link_many_users
+
+    test_03_10_complex_search_linked_users = _test_complex_search
+    test_03_11_unindexed_search_linked_users = _test_unindexed_search
+    test_03_12_indexed_search_linked_users = _test_indexed_search
+
+    def test_03_13_member_search_linked_users(self):
+        self._test_member_search(rounds=2)
+
+
+if "://" not in host:
+    if os.path.isfile(host):
+        host = "tdb://%s" % host
+    else:
+        host = "ldap://%s" % host
+
+
+if ANCIENT_SAMBA:
+    runner = SubunitTestRunner()
+    if not runner.run(unittest.TestLoader().loadTestsFromTestCase(
+            UserTests)).wasSuccessful():
+        sys.exit(1)
+    sys.exit(0)
+else:
+    TestProgram(module=__name__, opts=subunitopts)
diff --git a/source4/dsdb/tests/python/asq.py b/source4/dsdb/tests/python/asq.py
new file mode 100644
index 0000000..72fa8bb
--- /dev/null
+++ b/source4/dsdb/tests/python/asq.py
@@ -0,0 +1,225 @@
+#!/usr/bin/env python3
+#
+# Test ASQ LDAP control behaviour in Samba
+# Copyright (C) Andrew Bartlett 2019-2020
+#
+# Based on Unit tests for the notification control
+# Copyright (C) Stefan Metzmacher 2016
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import optparse
+import sys
+import os
+import random
+
+sys.path.insert(0, "bin/python")
+import samba
+from samba.tests.subunitrun import SubunitOptions, TestProgram
+
+import samba.getopt as options
+
+from samba.auth import system_session
+from samba import ldb
+from samba.samdb import SamDB
+from samba.ndr import ndr_unpack
+from samba import gensec
+from samba.credentials import Credentials
+import samba.tests
+
+from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError
+from ldb import ERR_TIME_LIMIT_EXCEEDED, ERR_ADMIN_LIMIT_EXCEEDED, ERR_UNWILLING_TO_PERFORM
+from ldb import Message
+
+parser = optparse.OptionParser("asq.py [options] <host>")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+subunitopts = SubunitOptions(parser)
+parser.add_option_group(subunitopts)
+opts, args = parser.parse_args()
+
+if len(args) < 1:
+    parser.print_usage()
+    sys.exit(1)
+
+url = args[0]
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+
+
+class ASQLDAPTest(samba.tests.TestCase):
+
+    def setUp(self):
+        super(ASQLDAPTest, self).setUp()
+        self.ldb = samba.Ldb(url, credentials=creds, session_info=system_session(lp), lp=lp)
+        self.base_dn = self.ldb.get_default_basedn()
+        self.NAME_ASQ="asq_" + format(random.randint(0, 99999), "05")
+        self.OU_NAME_ASQ= self.NAME_ASQ + "_ou"
+        self.ou_dn = ldb.Dn(self.ldb, "ou=" + self.OU_NAME_ASQ + "," + str(self.base_dn))
+
+        samba.tests.delete_force(self.ldb, self.ou_dn,
+                                 controls=['tree_delete:1'])
+
+        self.ldb.add({
+            "dn": self.ou_dn,
+            "objectclass": "organizationalUnit",
+            "ou": self.OU_NAME_ASQ})
+
+        self.members = []
+        self.members2 = []
+
+        for x in range(20):
+            name = self.NAME_ASQ + "_" + str(x)
+            dn = ldb.Dn(self.ldb,
+                        "cn=" + name + "," + str(self.ou_dn))
+            self.members.append(dn)
+            self.ldb.add({
+                "dn": dn,
+                "objectclass": "group"})
+
+        for x in range(20):
+            name = self.NAME_ASQ + "_" + str(x + 20)
+            dn = ldb.Dn(self.ldb,
+                        "cn=" + name + "," + str(self.ou_dn))
+            self.members2.append(dn)
+            self.ldb.add({
+                "dn": dn,
+                "objectclass": "group",
+                "member": [str(x) for x in self.members]})
+
+        name = self.NAME_ASQ + "_" + str(x + 40)
+        self.top_dn = ldb.Dn(self.ldb,
+                             "cn=" + name + "," + str(self.ou_dn))
+        self.ldb.add({
+            "dn": self.top_dn,
+            "objectclass": "group",
+            "member": [str(x) for x in self.members2]})
+
+    def tearDown(self):
+        samba.tests.delete_force(self.ldb, self.ou_dn,
+                                 controls=['tree_delete:1'])
+
+    def test_asq(self):
+        """Testing ASQ behaviour.
+
+        ASQ is very strange, it turns a BASE search into a search for
+        all the objects pointed to by the specified attribute,
+        returning multiple entries!
+
+        """
+
+        msgs = self.ldb.search(base=self.top_dn,
+                               scope=ldb.SCOPE_BASE,
+                               attrs=["objectGUID", "cn", "member"],
+                               controls=["asq:1:member"])
+
+        self.assertEqual(len(msgs), 20)
+
+        for msg in msgs:
+            self.assertNotEqual(msg.dn, self.top_dn)
+            self.assertIn(msg.dn, self.members2)
+            for group in msg["member"]:
+                self.assertIn(ldb.Dn(self.ldb, str(group)),
+                              self.members)
+
+    def test_asq_paged(self):
+        """Testing ASQ behaviour with paged_results set.
+
+        ASQ is very strange, it turns a BASE search into a search for
+        all the objects pointed to by the specified attribute,
+        returning multiple entries!
+
+        """
+
+        msgs = self.ldb.search(base=self.top_dn,
+                               scope=ldb.SCOPE_BASE,
+                               attrs=["objectGUID", "cn", "member"],
+                               controls=["asq:1:member",
+                                         "paged_results:1:1024"])
+
+        self.assertEqual(len(msgs), 20)
+
+        for msg in msgs:
+            self.assertNotEqual(msg.dn, self.top_dn)
+            self.assertIn(msg.dn, self.members2)
+            for group in msg["member"]:
+                self.assertIn(ldb.Dn(self.ldb, str(group)),
+                              self.members)
+
+    def test_asq_vlv(self):
+        """Testing ASQ behaviour with VLV set.
+
+        ASQ is very strange, it turns a BASE search into a search for
+        all the objects pointed to by the specified attribute,
+        returning multiple entries!
+
+        """
+
+        sort_control = "server_sort:1:0:cn"
+
+        msgs = self.ldb.search(base=self.top_dn,
+                               scope=ldb.SCOPE_BASE,
+                               attrs=["objectGUID", "cn", "member"],
+                               controls=["asq:1:member",
+                                         sort_control,
+                                         "vlv:1:20:20:11:0"])
+
+        self.assertEqual(len(msgs), 20)
+
+        for msg in msgs:
+            self.assertNotEqual(msg.dn, self.top_dn)
+            self.assertIn(msg.dn, self.members2)
+            for group in msg["member"]:
+                self.assertIn(ldb.Dn(self.ldb, str(group)),
+                              self.members)
+
+    def test_asq_vlv_paged(self):
+        """Testing ASQ behaviour with VLV and paged_results set.
+
+        ASQ is very strange, it turns a BASE search into a search for
+        all the objects pointed to by the specified attribute,
+        returning multiple entries!
+
+        Thankfully combining both of these gives
+        unavailable-critical-extension against Windows 1709
+
+        """
+
+        sort_control = "server_sort:1:0:cn"
+
+        try:
+            msgs = self.ldb.search(base=self.top_dn,
+                                   scope=ldb.SCOPE_BASE,
+                                   attrs=["objectGUID", "cn", "member"],
+                                   controls=["asq:1:member",
+                                             sort_control,
+                                             "vlv:1:20:20:11:0",
+                                             "paged_results:1:1024"])
+            self.fail("should have failed with LDAP_UNAVAILABLE_CRITICAL_EXTENSION")
+        except ldb.LdbError as e:
+            (enum, estr) = e.args
+            self.assertEqual(enum, ldb.ERR_UNSUPPORTED_CRITICAL_EXTENSION)
+
+if "://" not in url:
+    if os.path.isfile(url):
+        url = "tdb://%s" % url
+    else:
+        url = "ldap://%s" % url
+
+TestProgram(module=__name__, opts=subunitopts)
diff --git a/source4/dsdb/tests/python/attr_from_server.py b/source4/dsdb/tests/python/attr_from_server.py
new file mode 100644
index 0000000..aca356b
--- /dev/null
+++ b/source4/dsdb/tests/python/attr_from_server.py
@@ -0,0 +1,149 @@
+# -*- coding: utf-8 -*-
+#
+# Tests a corner-case involving the fromServer attribute, which is slightly
+# unique: it's an Object(DS-DN) (like a one-way link), but it is also a
+# mandatory attribute (for nTDSConnection). The corner-case is that the
+# fromServer can potentially end up pointing to a non-existent object.
+# This can happen with other one-way links, but these other one-way links
+# are not mandatory attributes.
+#
+# Copyright (C) Andrew Bartlett 2018
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+import optparse
+import sys
+sys.path.insert(0, "bin/python")
+import samba
+import os
+import time
+import ldb
+import samba.tests
+from samba.tests.subunitrun import TestProgram, SubunitOptions
+from samba.dcerpc import misc
+from samba.provision import DEFAULTSITE
+
+# note we must connect to the local ldb file on disk, in order to
+# add system-only nTDSDSA objects
+parser = optparse.OptionParser("attr_from_server.py <LDB-filepath>")
+subunitopts = SubunitOptions(parser)
+parser.add_option_group(subunitopts)
+opts, args = parser.parse_args()
+
+if len(args) < 1:
+    parser.print_usage()
+    sys.exit(1)
+
+ldb_path = args[0]
+
+
+class FromServerAttrTest(samba.tests.TestCase):
+    def setUp(self):
+        super(FromServerAttrTest, self).setUp()
+        self.ldb = samba.tests.connect_samdb(ldb_path)
+
+    def tearDown(self):
+        super(FromServerAttrTest, self).tearDown()
+
+    def set_attribute(self, dn, attr, value, operation=ldb.FLAG_MOD_ADD):
+        """Modifies an attribute for an object"""
+        m = ldb.Message()
+        m.dn = ldb.Dn(self.ldb, dn)
+        m[attr] = ldb.MessageElement(value, operation, attr)
+        self.ldb.modify(m)
+
+    def get_object_guid(self, dn):
+        res = self.ldb.search(base=dn, attrs=["objectGUID"],
+                              scope=ldb.SCOPE_BASE)
+        self.assertTrue(len(res) == 1)
+        return str(misc.GUID(res[0]['objectGUID'][0]))
+
+    def test_dangling_server_attr(self):
+        """
+        Tests a scenario where an object has a fromServer attribute that points
+        to an object that no longer exists.
+        """
+
+        # add a temporary server and its associated NTDS Settings object
+        config_dn = self.ldb.get_config_basedn()
+        sites_dn = "CN=Sites,{0}".format(config_dn)
+        servers_dn = "CN=Servers,CN={0},{1}".format(DEFAULTSITE, sites_dn)
+        tmp_server = "CN=TMPSERVER,{0}".format(servers_dn)
+        self.ldb.add({"dn": tmp_server, "objectclass": "server"})
+        server_guid = self.get_object_guid(tmp_server)
+        tmp_ntds_settings = "CN=NTDS Settings,{0}".format(tmp_server)
+        self.ldb.add({"dn": tmp_ntds_settings, "objectClass": "nTDSDSA"},
+                     ["relax:0"])
+
+        # add an NTDS connection under the testenv DC that points to the tmp DC
+        testenv_dc = "CN={0},{1}".format(os.environ["SERVER"], servers_dn)
+        ntds_conn = "CN=Test-NTDS-Conn,CN=NTDS Settings,{0}".format(testenv_dc)
+        ldif = """
+dn: {dn}
+objectClass: nTDSConnection
+fromServer: CN=NTDS Settings,{fromServer}
+options: 1
+enabledConnection: TRUE
+""".format(dn=ntds_conn, fromServer=tmp_server)
+        self.ldb.add_ldif(ldif)
+        self.addCleanup(self.ldb.delete, ntds_conn)
+
+        # sanity-check we can modify the NTDS Connection object
+        self.set_attribute(ntds_conn, 'description', 'Test-value')
+
+        # sanity-check we can't modify the fromServer to point to a bad DN
+        try:
+            bad_dn = "CN=NTDS Settings,CN=BAD-DC,{0}".format(servers_dn)
+            self.set_attribute(ntds_conn, 'fromServer', bad_dn,
+                               operation=ldb.FLAG_MOD_REPLACE)
+            self.fail("Successfully set fromServer to bad DN")
+        except ldb.LdbError as err:
+            enum = err.args[0]
+            self.assertEqual(enum, ldb.ERR_CONSTRAINT_VIOLATION)
+
+        # delete the tmp server, i.e. pretend we demoted it
+        self.ldb.delete(tmp_server, ["tree_delete:1"])
+
+        # check we can still see the deleted server object
+        search_expr = '(objectGUID={0})'.format(server_guid)
+        res = self.ldb.search(config_dn, scope=ldb.SCOPE_SUBTREE,
+                              expression=search_expr,
+                              controls=["show_deleted:1"])
+        self.assertTrue(len(res) == 1, "Could not find deleted server entry")
+
+        # now pretend some time has passed and the deleted server object
+        # has been tombstone-expunged from the DB
+        time.sleep(1)
+        current_time = int(time.time())
+        self.ldb.garbage_collect_tombstones([str(config_dn)], current_time,
+                                            tombstone_lifetime=0)
+
+        # repeat the search to sanity-check the deleted object is really gone
+        res = self.ldb.search(config_dn, scope=ldb.SCOPE_SUBTREE,
+                              expression=search_expr,
+                              controls=["show_deleted:1"])
+        self.assertTrue(len(res) == 0, "Did not expunge deleted server")
+
+        # the nTDSConnection now has a (mandatory) fromServer attribute that
+        # points to an object that no longer exists. Now try to modify an
+        # unrelated attribute on the nTDSConnection
+        try:
+            self.set_attribute(ntds_conn, 'description', 'Test-value-2',
+                               operation=ldb.FLAG_MOD_REPLACE)
+        except ldb.LdbError as err:
+            print(err)
+            self.fail("Could not modify NTDS connection")
+
+
+TestProgram(module=__name__, opts=subunitopts)
diff --git a/source4/dsdb/tests/python/confidential_attr.py b/source4/dsdb/tests/python/confidential_attr.py
new file mode 100755
index 0000000..edbc959
--- /dev/null
+++ b/source4/dsdb/tests/python/confidential_attr.py
@@ -0,0 +1,1137 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# Tests that confidential attributes (or attributes protected by a ACL that
+# denies read access) cannot be guessed through wildcard DB searches.
+#
+# Copyright (C) Catalyst.Net Ltd
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+import optparse
+import sys
+sys.path.insert(0, "bin/python")
+
+import samba
+import random
+import statistics
+import time
+from samba.tests.subunitrun import SubunitOptions, TestProgram
+import samba.getopt as options
+from ldb import SCOPE_BASE, SCOPE_SUBTREE
+from samba.dsdb import SEARCH_FLAG_CONFIDENTIAL, SEARCH_FLAG_RODC_ATTRIBUTE, SEARCH_FLAG_PRESERVEONDELETE
+from ldb import Message, MessageElement, Dn
+from ldb import FLAG_MOD_REPLACE, FLAG_MOD_ADD
+from samba.auth import system_session
+from samba import gensec, sd_utils
+from samba.samdb import SamDB
+from samba.credentials import Credentials, DONT_USE_KERBEROS
+from samba.dcerpc import security
+
+import samba.tests
+import samba.dsdb
+
+parser = optparse.OptionParser("confidential_attr.py [options] <host>")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+subunitopts = SubunitOptions(parser)
+parser.add_option_group(subunitopts)
+
+opts, args = parser.parse_args()
+
+if len(args) < 1:
+    parser.print_usage()
+    sys.exit(1)
+
+host = args[0]
+if "://" not in host:
+    ldaphost = "ldap://%s" % host
+else:
+    ldaphost = host
+    start = host.rindex("://")
+    host = host.lstrip(start + 3)
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
+
+#
+# Tests start here
+#
+class ConfidentialAttrCommon(samba.tests.TestCase):
+
+    def setUp(self):
+        super(ConfidentialAttrCommon, self).setUp()
+
+        self.ldb_admin = SamDB(ldaphost, credentials=creds,
+                               session_info=system_session(lp), lp=lp)
+        self.user_pass = "samba123@"
+        self.base_dn = self.ldb_admin.domain_dn()
+        self.schema_dn = self.ldb_admin.get_schema_basedn()
+        self.sd_utils = sd_utils.SDUtils(self.ldb_admin)
+
+        # the tests work by setting the 'Confidential' bit in the searchFlags
+        # for an existing schema attribute. This only works against Windows if
+        # the systemFlags does not have FLAG_SCHEMA_BASE_OBJECT set for the
+        # schema attribute being modified. There are only a few attributes that
+        # meet this criteria (most of which only apply to 'user' objects)
+        self.conf_attr = "homePostalAddress"
+        attr_cn = "CN=Address-Home"
+        # schemaIdGuid for homePostalAddress (used for ACE tests)
+        self.conf_attr_guid = "16775781-47f3-11d1-a9c3-0000f80367c1"
+        self.conf_attr_sec_guid = "77b5b886-944a-11d1-aebd-0000f80367c1"
+        self.attr_dn = "{0},{1}".format(attr_cn, self.schema_dn)
+
+        userou = "OU=conf-attr-test"
+        self.ou = "{0},{1}".format(userou, self.base_dn)
+        samba.tests.delete_force(self.ldb_admin, self.ou, controls=['tree_delete:1'])
+        self.ldb_admin.create_ou(self.ou)
+        self.addCleanup(samba.tests.delete_force, self.ldb_admin, self.ou, controls=['tree_delete:1'])
+
+        # use a common username prefix, so we can use sAMAccountName=CATC-* as
+        # a search filter to only return the users we're interested in
+        self.user_prefix = "catc-"
+
+        # add a test object with this attribute set
+        self.conf_value = "abcdef"
+        self.conf_user = "{0}conf-user".format(self.user_prefix)
+        self.ldb_admin.newuser(self.conf_user, self.user_pass, userou=userou)
+        self.conf_dn = self.get_user_dn(self.conf_user)
+        self.add_attr(self.conf_dn, self.conf_attr, self.conf_value)
+
+        # add a sneaky user that will try to steal our secrets
+        self.user = "{0}sneaky-user".format(self.user_prefix)
+        self.ldb_admin.newuser(self.user, self.user_pass, userou=userou)
+        self.ldb_user = self.get_ldb_connection(self.user, self.user_pass)
+
+        self.all_users = [self.user, self.conf_user]
+
+        # add some other users that also have confidential attributes, so we
+        # check we don't disclose their details, particularly in '!' searches
+        for i in range(1, 3):
+            username = "{0}other-user{1}".format(self.user_prefix, i)
+            self.ldb_admin.newuser(username, self.user_pass, userou=userou)
+            userdn = self.get_user_dn(username)
+            self.add_attr(userdn, self.conf_attr, "xyz{0}".format(i))
+            self.all_users.append(username)
+
+        # there are 4 users in the OU, plus the OU itself
+        self.test_dn = self.ou
+        self.total_objects = len(self.all_users) + 1
+        self.objects_with_attr = 3
+
+        # sanity-check the flag is not already set (this'll cause problems if
+        # previous test run didn't clean up properly)
+        search_flags = int(self.get_attr_search_flags(self.attr_dn))
+        if search_flags & SEARCH_FLAG_CONFIDENTIAL|SEARCH_FLAG_RODC_ATTRIBUTE:
+            self.set_attr_search_flags(self.attr_dn, str(search_flags &~ (SEARCH_FLAG_CONFIDENTIAL|SEARCH_FLAG_RODC_ATTRIBUTE)))
+        search_flags = int(self.get_attr_search_flags(self.attr_dn))
+        self.assertEqual(0, search_flags & (SEARCH_FLAG_CONFIDENTIAL|SEARCH_FLAG_RODC_ATTRIBUTE),
+                         f"{self.conf_attr} searchFlags did not reset to omit SEARCH_FLAG_CONFIDENTIAL and SEARCH_FLAG_RODC_ATTRIBUTE ({search_flags})")
+
+    def add_attr(self, dn, attr, value):
+        m = Message()
+        m.dn = Dn(self.ldb_admin, dn)
+        m[attr] = MessageElement(value, FLAG_MOD_ADD, attr)
+        self.ldb_admin.modify(m)
+
+    def set_attr_search_flags(self, attr_dn, flags):
+        """Modifies the searchFlags for an object in the schema"""
+        m = Message()
+        m.dn = Dn(self.ldb_admin, attr_dn)
+        m['searchFlags'] = MessageElement(flags, FLAG_MOD_REPLACE,
+                                          'searchFlags')
+        self.ldb_admin.modify(m)
+
+        # note we have to update the schema for this change to take effect (on
+        # Windows, at least)
+        self.ldb_admin.set_schema_update_now()
+
+    def get_attr_search_flags(self, attr_dn):
+        """Marks the attribute under test as being confidential"""
+        res = self.ldb_admin.search(attr_dn, scope=SCOPE_BASE,
+                                    attrs=['searchFlags'])
+        return res[0]['searchFlags'][0]
+
+    def make_attr_confidential(self):
+        """Marks the attribute under test as being confidential"""
+
+        # work out the original 'searchFlags' value before we overwrite it
+        old_value = self.get_attr_search_flags(self.attr_dn)
+
+        self.set_attr_search_flags(self.attr_dn, str(SEARCH_FLAG_CONFIDENTIAL))
+
+        # reset the value after the test completes
+        self.addCleanup(self.set_attr_search_flags, self.attr_dn, old_value)
+
+    def get_user_dn(self, name):
+        return "CN={0},{1}".format(name, self.ou)
+
+    def get_user_sid_string(self, username):
+        user_dn = self.get_user_dn(username)
+        user_sid = self.sd_utils.get_object_sid(user_dn)
+        return str(user_sid)
+
+    def get_ldb_connection(self, target_username, target_password):
+        creds_tmp = Credentials()
+        creds_tmp.set_username(target_username)
+        creds_tmp.set_password(target_password)
+        creds_tmp.set_domain(creds.get_domain())
+        creds_tmp.set_realm(creds.get_realm())
+        creds_tmp.set_workstation(creds.get_workstation())
+        features = creds_tmp.get_gensec_features() | gensec.FEATURE_SEAL
+        creds_tmp.set_gensec_features(features)
+        creds_tmp.set_kerberos_state(DONT_USE_KERBEROS)
+        ldb_target = SamDB(url=ldaphost, credentials=creds_tmp, lp=lp)
+        return ldb_target
+
+    def assert_search_result(self, expected_num, expr, samdb):
+
+        # try asking for different attributes back: None/all, the confidential
+        # attribute itself, and a random unrelated attribute
+        attr_filters = [None, ["*"], [self.conf_attr], ['name']]
+        for attr in attr_filters:
+            res = samdb.search(self.test_dn, expression=expr,
+                               scope=SCOPE_SUBTREE, attrs=attr)
+            self.assertEqual(len(res), expected_num,
+                             "%u results, not %u for search %s, attr %s" %
+                             (len(res), expected_num, expr, str(attr)))
+
+    # return a selection of searches that match exactly against the test object
+    def get_exact_match_searches(self):
+        first_char = self.conf_value[:1]
+        last_char = self.conf_value[-1:]
+        test_attr = self.conf_attr
+
+        searches = [
+            # search for the attribute using a sub-string wildcard
+            # (which could reveal the attribute's actual value)
+            "({0}={1}*)".format(test_attr, first_char),
+            "({0}=*{1})".format(test_attr, last_char),
+
+            # sanity-check equality against an exact match on value
+            "({0}={1})".format(test_attr, self.conf_value),
+
+            # '~=' searches don't work against Samba
+            # sanity-check an approx search against an exact match on value
+            # "({0}~={1})".format(test_attr, self.conf_value),
+
+            # check wildcard in an AND search...
+            "(&({0}={1}*)(objectclass=*))".format(test_attr, first_char),
+
+            # ...an OR search (against another term that will never match)
+            "(|({0}={1}*)(objectclass=banana))".format(test_attr, first_char)]
+
+        return searches
+
+    # return searches that match any object with the attribute under test
+    def get_match_all_searches(self):
+        searches = [
+            # check a full wildcard against the confidential attribute
+            # (which could reveal the attribute's presence/absence)
+            "({0}=*)".format(self.conf_attr),
+
+            # check wildcard in an AND search...
+            "(&(objectclass=*)({0}=*))".format(self.conf_attr),
+
+            # ...an OR search (against another term that will never match)
+            "(|(objectclass=banana)({0}=*))".format(self.conf_attr),
+
+            # check <=, and >= expressions that would normally find a match
+            "({0}>=0)".format(self.conf_attr),
+            "({0}<=ZZZZZZZZZZZ)".format(self.conf_attr)]
+
+        return searches
+
+    def assert_conf_attr_searches(self, has_rights_to=0, samdb=None):
+        """Check searches against the attribute under test work as expected"""
+
+        if samdb is None:
+            samdb = self.ldb_user
+
+        if has_rights_to == "all":
+            has_rights_to = self.objects_with_attr
+
+        # these first few searches we just expect to match against the one
+        # object under test that we're trying to guess the value of
+        expected_num = 1 if has_rights_to > 0 else 0
+        for search in self.get_exact_match_searches():
+            self.assert_search_result(expected_num, search, samdb)
+
+        # these next searches will match any objects we have rights to see
+        expected_num = has_rights_to
+        for search in self.get_match_all_searches():
+            self.assert_search_result(expected_num, search, samdb)
+
+    # The following are double negative searches (i.e. NOT non-matching-
+    # condition) which will therefore match ALL objects, including the test
+    # object(s).
+    def get_negative_match_all_searches(self):
+        first_char = self.conf_value[:1]
+        last_char = self.conf_value[-1:]
+        not_first_char = chr(ord(first_char) + 1)
+        not_last_char = chr(ord(last_char) + 1)
+
+        searches = [
+            "(!({0}={1}*))".format(self.conf_attr, not_first_char),
+            "(!({0}=*{1}))".format(self.conf_attr, not_last_char)]
+        return searches
+
+    # the following searches will not match against the test object(s). So
+    # a user with sufficient rights will see an inverse sub-set of objects.
+    # (An unprivileged user would either see all objects on Windows, or no
+    # objects on Samba)
+    def get_inverse_match_searches(self):
+        first_char = self.conf_value[:1]
+        last_char = self.conf_value[-1:]
+        searches = [
+            "(!({0}={1}*))".format(self.conf_attr, first_char),
+            "(!({0}=*{1}))".format(self.conf_attr, last_char)]
+        return searches
+
+    def negative_searches_all_rights(self, total_objects=None):
+        expected_results = {}
+
+        if total_objects is None:
+            total_objects = self.total_objects
+
+        # these searches should match ALL objects (including the OU)
+        for search in self.get_negative_match_all_searches():
+            expected_results[search] = total_objects
+
+        # a ! wildcard should only match the objects without the attribute
+        search = "(!({0}=*))".format(self.conf_attr)
+        expected_results[search] = total_objects - self.objects_with_attr
+
+        # whereas the inverse searches should match all objects *except* the
+        # one under test
+        for search in self.get_inverse_match_searches():
+            expected_results[search] = total_objects - 1
+
+        return expected_results
+
+    # Returns the expected negative (i.e. '!') search behaviour when talking to
+    # a DC, i.e. we assert that users
+    # without rights always see ALL objects in '!' searches
+    def negative_searches_return_all(self, has_rights_to=0,
+                                     total_objects=None):
+        """Asserts user without rights cannot see objects in '!' searches"""
+        expected_results = {}
+
+        if total_objects is None:
+            total_objects = self.total_objects
+
+        # Windows 'hides' objects by always returning all of them, so negative
+        # searches that match all objects will simply return all objects
+        for search in self.get_negative_match_all_searches():
+            expected_results[search] = total_objects
+
+        # if we're matching on everything except the one object under test
+        # (i.e. the inverse subset), we'll still see all objects if
+        # has_rights_to == 0. Or we'll see all bar one if has_rights_to == 1.
+        inverse_searches = self.get_inverse_match_searches()
+        inverse_searches += ["(!({0}=*))".format(self.conf_attr)]
+
+        for search in inverse_searches:
+            expected_results[search] = total_objects - has_rights_to
+
+        return expected_results
+
+    # Returns the expected negative (i.e. '!') search behaviour. This varies
+    # depending on what type of DC we're talking to (i.e. Windows or Samba)
+    # and what access rights the user has.
+    # Note we only handle has_rights_to="all", 1 (the test object), or 0 (i.e.
+    # we don't have rights to any objects)
+    def negative_search_expected_results(self, has_rights_to, total_objects=None):
+
+        if has_rights_to == "all":
+            expect_results = self.negative_searches_all_rights(total_objects)
+
+        else:
+            expect_results = self.negative_searches_return_all(has_rights_to,
+                                                               total_objects)
+        return expect_results
+
+    def assert_negative_searches(self, has_rights_to=0, samdb=None):
+        """Asserts user without rights cannot see objects in '!' searches"""
+
+        if samdb is None:
+            samdb = self.ldb_user
+
+        # build a dictionary of key=search-expr, value=expected_num assertions
+        expected_results = self.negative_search_expected_results(has_rights_to)
+
+        for search, expected_num in expected_results.items():
+            self.assert_search_result(expected_num, search, samdb)
+
+    def assert_attr_returned(self, expect_attr, samdb, attrs):
+        # does a query that should always return a successful result, and
+        # checks whether the confidential attribute is present
+        res = samdb.search(self.conf_dn, expression="(objectClass=*)",
+                           scope=SCOPE_SUBTREE, attrs=attrs)
+        self.assertEqual(1, len(res))
+
+        attr_returned = False
+        for msg in res:
+            if self.conf_attr in msg:
+                attr_returned = True
+        self.assertEqual(expect_attr, attr_returned)
+
+    def assert_attr_visible(self, expect_attr, samdb=None):
+        if samdb is None:
+            samdb = self.ldb_user
+
+        # sanity-check confidential attribute is/isn't returned as expected
+        # based on the filter attributes we ask for
+        self.assert_attr_returned(expect_attr, samdb, attrs=None)
+        self.assert_attr_returned(expect_attr, samdb, attrs=["*"])
+        self.assert_attr_returned(expect_attr, samdb, attrs=[self.conf_attr])
+
+        # filtering on a different attribute should never return the conf_attr
+        self.assert_attr_returned(expect_attr=False, samdb=samdb,
+                                  attrs=['name'])
+
+    def assert_attr_visible_to_admin(self):
+        # sanity-check the admin user can always see the confidential attribute
+        self.assert_conf_attr_searches(has_rights_to="all",
+                                       samdb=self.ldb_admin)
+        self.assert_negative_searches(has_rights_to="all",
+                                      samdb=self.ldb_admin)
+        self.assert_attr_visible(expect_attr=True, samdb=self.ldb_admin)
+
+
+class ConfidentialAttrTest(ConfidentialAttrCommon):
+    def test_basic_search(self):
+        """Basic test confidential attributes aren't disclosed via searches"""
+
+        # check we can see a non-confidential attribute in a basic searches
+        self.assert_conf_attr_searches(has_rights_to="all")
+        self.assert_negative_searches(has_rights_to="all")
+        self.assert_attr_visible(expect_attr=True)
+
+        # now make the attribute confidential. Repeat the tests and check that
+        # an ordinary user can't see the attribute, or indirectly match on the
+        # attribute via the search expression
+        self.make_attr_confidential()
+
+        self.assert_conf_attr_searches(has_rights_to=0)
+        self.assert_negative_searches(has_rights_to=0)
+        self.assert_attr_visible(expect_attr=False)
+
+        # sanity-check we haven't hidden the attribute from the admin as well
+        self.assert_attr_visible_to_admin()
+
+    def _test_search_with_allow_acl(self, allow_ace):
+        """Checks a ACE with 'CR' rights can override a confidential attr"""
+        # make the test attribute confidential and check user can't see it
+        self.make_attr_confidential()
+
+        self.assert_conf_attr_searches(has_rights_to=0)
+        self.assert_negative_searches(has_rights_to=0)
+        self.assert_attr_visible(expect_attr=False)
+
+        # apply the allow ACE to the object under test
+        self.sd_utils.dacl_add_ace(self.conf_dn, allow_ace)
+
+        # the user should now be able to see the attribute for the one object
+        # we gave it rights to
+        self.assert_conf_attr_searches(has_rights_to=1)
+        self.assert_negative_searches(has_rights_to=1)
+        self.assert_attr_visible(expect_attr=True)
+
+        # sanity-check the admin can still see the attribute
+        self.assert_attr_visible_to_admin()
+
+    def test_search_with_attr_acl_override(self):
+        """Make the confidential attr visible via an OA attr ACE"""
+
+        # set the SEC_ADS_CONTROL_ACCESS bit ('CR') for the user for the
+        # attribute under test, so the user can see it once more
+        user_sid = self.get_user_sid_string(self.user)
+        ace = "(OA;;CR;{0};;{1})".format(self.conf_attr_guid, user_sid)
+
+        self._test_search_with_allow_acl(ace)
+
+    def test_search_with_propset_acl_override(self):
+        """Make the confidential attr visible via a Property-set ACE"""
+
+        # set the SEC_ADS_CONTROL_ACCESS bit ('CR') for the user for the
+        # property-set containing the attribute under test (i.e. the
+        # attributeSecurityGuid), so the user can see it once more
+        user_sid = self.get_user_sid_string(self.user)
+        ace = "(OA;;CR;{0};;{1})".format(self.conf_attr_sec_guid, user_sid)
+
+        self._test_search_with_allow_acl(ace)
+
+    def test_search_with_acl_override(self):
+        """Make the confidential attr visible via a general 'allow' ACE"""
+
+        # set the allow SEC_ADS_CONTROL_ACCESS bit ('CR') for the user
+        user_sid = self.get_user_sid_string(self.user)
+        ace = "(A;;CR;;;{0})".format(user_sid)
+
+        self._test_search_with_allow_acl(ace)
+
+    def test_search_with_blanket_oa_acl(self):
+        """Make the confidential attr visible via a non-specific OA ACE"""
+
+        # this just checks that an Object Access (OA) ACE without a GUID
+        # specified will work the same as an 'Access' (A) ACE
+        user_sid = self.get_user_sid_string(self.user)
+        ace = "(OA;;CR;;;{0})".format(user_sid)
+
+        self._test_search_with_allow_acl(ace)
+
+    def _test_search_with_neutral_acl(self, neutral_ace):
+        """Checks that a user does NOT gain access via an unrelated ACE"""
+
+        # make the test attribute confidential and check user can't see it
+        self.make_attr_confidential()
+
+        self.assert_conf_attr_searches(has_rights_to=0)
+        self.assert_negative_searches(has_rights_to=0)
+        self.assert_attr_visible(expect_attr=False)
+
+        # apply the ACE to the object under test
+        self.sd_utils.dacl_add_ace(self.conf_dn, neutral_ace)
+
+        # this should make no difference to the user's ability to see the attr
+        self.assert_conf_attr_searches(has_rights_to=0)
+        self.assert_negative_searches(has_rights_to=0)
+        self.assert_attr_visible(expect_attr=False)
+
+        # sanity-check the admin can still see the attribute
+        self.assert_attr_visible_to_admin()
+
+    def test_search_with_neutral_acl(self):
+        """Give the user all rights *except* CR for any attributes"""
+
+        # give the user all rights *except* CR and check it makes no difference
+        user_sid = self.get_user_sid_string(self.user)
+        ace = "(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;{0})".format(user_sid)
+        self._test_search_with_neutral_acl(ace)
+
+    def test_search_with_neutral_attr_acl(self):
+        """Give the user all rights *except* CR for the attribute under test"""
+
+        # giving user all OA rights *except* CR should make no difference
+        user_sid = self.get_user_sid_string(self.user)
+        rights = "RPWPCCDCLCLORCWOWDSDDTSW"
+        ace = "(OA;;{0};{1};;{2})".format(rights, self.conf_attr_guid, user_sid)
+        self._test_search_with_neutral_acl(ace)
+
+    def test_search_with_neutral_cr_acl(self):
+        """Give the user CR rights for *another* unrelated attribute"""
+
+        # giving user object-access CR rights to an unrelated attribute
+        user_sid = self.get_user_sid_string(self.user)
+        # use the GUID for sAMAccountName here (for no particular reason)
+        unrelated_attr = "3e0abfd0-126a-11d0-a060-00aa006c33ed"
+        ace = "(OA;;CR;{0};;{1})".format(unrelated_attr, user_sid)
+        self._test_search_with_neutral_acl(ace)
+
+
+# Check that a Deny ACL on an attribute doesn't reveal confidential info
+class ConfidentialAttrTestDenyAcl(ConfidentialAttrCommon):
+
+    def assert_not_in_result(self, res, exclude_dn):
+        for msg in res:
+            self.assertNotEqual(msg.dn, exclude_dn,
+                                "Search revealed object {0}".format(exclude_dn))
+
+    # deny ACL tests are slightly different as we are only denying access to
+    # the one object under test (rather than any objects with that attribute).
+    # Therefore we need an extra check that we don't reveal the test object
+    # in the search, if we're not supposed to
+    def assert_search_result(self, expected_num, expr, samdb,
+                             excl_testobj=False):
+
+        # try asking for different attributes back: None/all, the confidential
+        # attribute itself, and a random unrelated attribute
+        attr_filters = [None, ["*"], [self.conf_attr], ['name']]
+        for attr in attr_filters:
+            res = samdb.search(self.test_dn, expression=expr,
+                               scope=SCOPE_SUBTREE, attrs=attr)
+            self.assertEqual(len(res), expected_num,
+                             "%u results, not %u for search %s, attr %s" %
+                             (len(res), expected_num, expr, str(attr)))
+
+            # assert we haven't revealed the hidden test-object
+            if excl_testobj:
+                self.assert_not_in_result(res, exclude_dn=self.conf_dn)
+
+    # we make a few tweaks to the regular version of this function to cater to
+    # denying specifically one object via an ACE
+    def assert_conf_attr_searches(self, has_rights_to=0, samdb=None):
+        """Check searches against the attribute under test work as expected"""
+
+        if samdb is None:
+            samdb = self.ldb_user
+
+        # make sure the test object is not returned if we've been denied rights
+        # to it via an ACE
+        excl_testobj = has_rights_to == "deny-one"
+
+        # these first few searches we just expect to match against the one
+        # object under test that we're trying to guess the value of
+        expected_num = 1 if has_rights_to == "all" else 0
+
+        for search in self.get_exact_match_searches():
+            self.assert_search_result(expected_num, search, samdb,
+                                      excl_testobj)
+
+        # these next searches will match any objects with the attribute that
+        # we have rights to see (i.e. all except the object under test)
+        if has_rights_to == "all":
+            expected_num = self.objects_with_attr
+        elif has_rights_to == "deny-one":
+            expected_num = self.objects_with_attr - 1
+
+        for search in self.get_match_all_searches():
+            self.assert_search_result(expected_num, search, samdb,
+                                      excl_testobj)
+
+    # override method specifically for deny ACL test cases
+    def negative_searches_return_all(self, has_rights_to=0,
+                                     total_objects=None):
+        expected_results = {}
+
+        # When a user lacks access rights to an object, Windows 'hides' it in
+        # '!' searches by always returning it, regardless of whether it matches
+        searches = self.get_negative_match_all_searches()
+        searches += self.get_inverse_match_searches()
+        for search in searches:
+            expected_results[search] = self.total_objects
+
+        # in the wildcard case, the one object we don't have rights to gets
+        # bundled in with the objects that don't have the attribute at all
+        search = "(!({0}=*))".format(self.conf_attr)
+        has_rights_to = self.objects_with_attr - 1
+        expected_results[search] = self.total_objects - has_rights_to
+        return expected_results
+
+    # override method specifically for deny ACL test cases
+    def assert_negative_searches(self, has_rights_to=0, samdb=None):
+        """Asserts user without rights cannot see objects in '!' searches"""
+
+        if samdb is None:
+            samdb = self.ldb_user
+
+        # As the deny ACL is only denying access to one particular object, add
+        # an extra check that the denied object is not returned. (We can only
+        # assert this if the '!'/negative search behaviour is to suppress any
+        # objects we don't have access rights to)
+        excl_testobj = False
+
+        # build a dictionary of key=search-expr, value=expected_num assertions
+        expected_results = self.negative_search_expected_results(has_rights_to)
+
+        for search, expected_num in expected_results.items():
+            self.assert_search_result(expected_num, search, samdb,
+                                      excl_testobj=excl_testobj)
+
+    def _test_search_with_deny_acl(self, ace):
+        # check the user can see the attribute initially
+        self.assert_conf_attr_searches(has_rights_to="all")
+        self.assert_negative_searches(has_rights_to="all")
+        self.assert_attr_visible(expect_attr=True)
+
+        # add the ACE that denies access to the attr under test
+        self.sd_utils.dacl_add_ace(self.conf_dn, ace)
+
+        # the user shouldn't be able to see the attribute anymore
+        self.assert_conf_attr_searches(has_rights_to="deny-one")
+        self.assert_negative_searches(has_rights_to="deny-one")
+        self.assert_attr_visible(expect_attr=False)
+
+        # sanity-check we haven't hidden the attribute from the admin as well
+        self.assert_attr_visible_to_admin()
+
+    def test_search_with_deny_attr_acl(self):
+        """Checks a deny ACE works the same way as a confidential attribute"""
+
+        # add an ACE that denies the user Read Property (RP) access to the attr
+        # (which is similar to making the attribute confidential)
+        user_sid = self.get_user_sid_string(self.user)
+        ace = "(OD;;RP;{0};;{1})".format(self.conf_attr_guid, user_sid)
+
+        # check the user cannot see the attribute anymore
+        self._test_search_with_deny_acl(ace)
+
+    def test_search_with_deny_acl(self):
+        """Checks a blanket deny ACE denies access to an object's attributes"""
+
+        # add an blanket deny ACE for Read Property (RP) rights
+        user_dn = self.get_user_dn(self.user)
+        user_sid = self.sd_utils.get_object_sid(user_dn)
+        ace = "(D;;RP;;;{0})".format(str(user_sid))
+
+        # check the user cannot see the attribute anymore
+        self._test_search_with_deny_acl(ace)
+
+    def test_search_with_deny_propset_acl(self):
+        """Checks a deny ACE on the attribute's Property-Set"""
+
+        # add an blanket deny ACE for Read Property (RP) rights
+        user_sid = self.get_user_sid_string(self.user)
+        ace = "(OD;;RP;{0};;{1})".format(self.conf_attr_sec_guid, user_sid)
+
+        # check the user cannot see the attribute anymore
+        self._test_search_with_deny_acl(ace)
+
+    def test_search_with_blanket_oa_deny_acl(self):
+        """Checks a non-specific 'OD' ACE works the same as a 'D' ACE"""
+
+        # this just checks that adding a 'Object Deny' (OD) ACE without
+        # specifying a GUID will work the same way as a 'Deny' (D) ACE
+        user_sid = self.get_user_sid_string(self.user)
+        ace = "(OD;;RP;;;{0})".format(user_sid)
+
+        # check the user cannot see the attribute anymore
+        self._test_search_with_deny_acl(ace)
+
+
+# Check that using the dirsync controls doesn't reveal confidential attributes
+class ConfidentialAttrTestDirsync(ConfidentialAttrCommon):
+
+    def setUp(self):
+        super(ConfidentialAttrTestDirsync, self).setUp()
+        self.dirsync = ["dirsync:1:1:1000"]
+
+        # because we need to search on the base DN when using the dirsync
+        # controls, we need an extra filter for the inverse ('!') search,
+        # so we don't get thousands of objects returned
+        self.extra_filter = \
+            "(&(samaccountname={0}*)(!(isDeleted=*)))".format(self.user_prefix)
+        self.single_obj_filter = \
+            "(&(samaccountname={0})(!(isDeleted=*)))".format(self.conf_user)
+
+        self.attr_filters = [None, ["*"], ["name"]]
+
+        # Note dirsync behaviour is slightly different for the attribute under
+        # test - when you have full access rights, it only returns the objects
+        # that actually have this attribute (i.e. it doesn't return an empty
+        # message with just the DN). So we add the 'name' attribute into the
+        # attribute filter to avoid complicating our assertions further
+        self.attr_filters += [[self.conf_attr, "name"]]
+
+    # override method specifically for dirsync, i.e. add dirsync controls
+    def assert_search_result(self, expected_num, expr, samdb, base_dn=None):
+
+        # Note dirsync must always search on the partition base DN
+        base_dn = self.base_dn
+
+        # we need an extra filter for dirsync because:
+        # - we search on the base DN, so otherwise the '!' searches return
+        #   thousands of unrelated results, and
+        # - we make the test attribute preserve-on-delete in one case, so we
+        #   want to weed out results from any previous test runs
+        search = "(&{0}{1})".format(expr, self.extra_filter)
+
+        # If we expect to return multiple results, only check the first
+        if expected_num > 0:
+            attr_filters = [self.attr_filters[0]]
+        else:
+            attr_filters = self.attr_filters
+
+        for attr in attr_filters:
+            res = samdb.search(base_dn, expression=search, scope=SCOPE_SUBTREE,
+                               attrs=attr, controls=self.dirsync)
+            self.assertEqual(len(res), expected_num,
+                            "%u results, not %u for search %s, attr %s" %
+                            (len(res), expected_num, search, str(attr)))
+
+    # override method specifically for dirsync, i.e. add dirsync controls
+    def assert_attr_returned(self, expect_attr, samdb, attrs,
+                             no_result_ok=False):
+
+        # When using dirsync, the base DN we search on needs to be a naming
+        # context. Add an extra filter to ignore all the objects we aren't
+        # interested in
+        expr = self.single_obj_filter
+        res = samdb.search(self.base_dn, expression=expr, scope=SCOPE_SUBTREE,
+                           attrs=attrs, controls=self.dirsync)
+        if not no_result_ok:
+            self.assertEqual(1, len(res))
+
+        attr_returned = False
+        for msg in res:
+            if self.conf_attr in msg and len(msg[self.conf_attr]) > 0:
+                attr_returned = True
+        self.assertEqual(expect_attr, attr_returned)
+
+    # override method specifically for dirsync (it has slightly different
+    # behaviour to normal when requesting specific attributes)
+    def assert_attr_visible(self, expect_attr, samdb=None):
+        if samdb is None:
+            samdb = self.ldb_user
+
+        # sanity-check confidential attribute is/isn't returned as expected
+        # based on the filter attributes we ask for
+        self.assert_attr_returned(expect_attr, samdb, attrs=None)
+        self.assert_attr_returned(expect_attr, samdb, attrs=["*"])
+
+        if expect_attr:
+            self.assert_attr_returned(expect_attr, samdb,
+                                      attrs=[self.conf_attr])
+        else:
+            # The behaviour with dirsync when asking solely for an attribute
+            # that you don't have rights to is a bit strange. Samba returns
+            # no result rather than an empty message with just the DN.
+            # Presumably this is due to dirsync module behaviour. It's not
+            # disclosive in that the DC behaves the same way as if you asked
+            # for a garbage/non-existent attribute
+            self.assert_attr_returned(expect_attr, samdb,
+                                      attrs=[self.conf_attr],
+                                      no_result_ok=True)
+            self.assert_attr_returned(expect_attr, samdb,
+                                      attrs=["garbage"], no_result_ok=True)
+
+        # filtering on a different attribute should never return the conf_attr
+        self.assert_attr_returned(expect_attr=False, samdb=samdb,
+                                  attrs=['name'])
+
+    # override method specifically for dirsync (total object count differs)
+    def assert_negative_searches(self, has_rights_to=0, samdb=None):
+        """Asserts user without rights cannot see objects in '!' searches"""
+
+        if samdb is None:
+            samdb = self.ldb_user
+
+        # because dirsync uses an extra filter, the total objects we expect
+        # here only includes the user objects (not the parent OU)
+        total_objects = len(self.all_users)
+        expected_results = self.negative_search_expected_results(has_rights_to,
+                                                                 total_objects)
+
+        for search, expected_num in expected_results.items():
+            self.assert_search_result(expected_num, search, samdb)
+
+    def test_search_with_dirsync(self):
+        """Checks dirsync controls don't reveal confidential attributes"""
+
+        self.assert_conf_attr_searches(has_rights_to="all")
+        self.assert_attr_visible(expect_attr=True)
+        self.assert_negative_searches(has_rights_to="all")
+
+        # make the test attribute confidential and check user can't see it,
+        # even if they use the dirsync controls
+        self.make_attr_confidential()
+
+        self.assert_conf_attr_searches(has_rights_to=0)
+        self.assert_attr_visible(expect_attr=False)
+        self.assert_negative_searches(has_rights_to=0)
+
+        # as a final sanity-check, make sure the admin can still see the attr
+        self.assert_conf_attr_searches(has_rights_to="all",
+                                       samdb=self.ldb_admin)
+        self.assert_attr_visible(expect_attr=True, samdb=self.ldb_admin)
+        self.assert_negative_searches(has_rights_to="all",
+                                      samdb=self.ldb_admin)
+
+    def get_guid_string(self, dn):
+        """Returns an object's GUID (in string format)"""
+        res = self.ldb_admin.search(base=dn, attrs=["objectGUID"],
+                                    scope=SCOPE_BASE)
+        guid = res[0]['objectGUID'][0]
+        return self.ldb_admin.schema_format_value("objectGUID", guid).decode('utf-8')
+
+    def make_attr_preserve_on_delete(self):
+        """Marks the attribute under test as being preserve on delete"""
+
+        # work out the original 'searchFlags' value before we overwrite it
+        search_flags = int(self.get_attr_search_flags(self.attr_dn))
+
+        # check we've already set the confidential flag
+        self.assertNotEqual(0, search_flags & SEARCH_FLAG_CONFIDENTIAL)
+        search_flags |= SEARCH_FLAG_PRESERVEONDELETE
+
+        self.set_attr_search_flags(self.attr_dn, str(search_flags))
+
+    def change_attr_under_test(self, attr_name, attr_cn):
+        # change the attribute that the test code uses
+        self.conf_attr = attr_name
+        self.attr_dn = "{0},{1}".format(attr_cn, self.schema_dn)
+
+        # set the new attribute for the user-under-test
+        self.add_attr(self.conf_dn, self.conf_attr, self.conf_value)
+
+        # 2 other users also have the attribute-under-test set (to a randomish
+        # value). Set the new attribute for them now (normally this gets done
+        # in the setUp())
+        for username in self.all_users:
+            if "other-user" in username:
+                dn = self.get_user_dn(username)
+                self.add_attr(dn, self.conf_attr, "xyz-blah")
+
+    def test_search_with_dirsync_deleted_objects(self):
+        """Checks dirsync doesn't reveal confidential info for deleted objs"""
+
+        # change the attribute we're testing (we'll preserve on delete for this
+        # test case, which means the attribute-under-test hangs around after
+        # the test case finishes, and would interfere with the searches for
+        # subsequent other test cases)
+        self.change_attr_under_test("carLicense", "CN=carLicense")
+
+        # Windows dirsync behaviour is a little strange when you request
+        # attributes that deleted objects no longer have, so just request 'all
+        # attributes' to simplify the test logic
+        self.attr_filters = [None, ["*"]]
+
+        # normally dirsync uses extra filters to exclude deleted objects that
+        # we're not interested in. Override these filters so they WILL include
+        # deleted objects, but only from this particular test run. We can do
+        # this by matching lastKnownParent against this test case's OU, which
+        # will match any deleted child objects.
+        ou_guid = self.get_guid_string(self.ou)
+        deleted_filter = "(lastKnownParent=<GUID={0}>)".format(ou_guid)
+
+        # the extra-filter will get combined via AND with the search expression
+        # we're testing, i.e. filter on the confidential attribute AND only
+        # include non-deleted objects, OR deleted objects from this test run
+        exclude_deleted_objs_filter = self.extra_filter
+        self.extra_filter = "(|{0}{1})".format(exclude_deleted_objs_filter,
+                                               deleted_filter)
+
+        # for matching on a single object, the search expresseion becomes:
+        # match exactly by account-name AND either a non-deleted object OR a
+        # deleted object from this test run
+        match_by_name = "(samaccountname={0})".format(self.conf_user)
+        not_deleted = "(!(isDeleted=*))"
+        self.single_obj_filter = "(&{0}(|{1}{2}))".format(match_by_name,
+                                                          not_deleted,
+                                                          deleted_filter)
+
+        # check that the search filters work as expected
+        self.assert_conf_attr_searches(has_rights_to="all")
+        self.assert_attr_visible(expect_attr=True)
+        self.assert_negative_searches(has_rights_to="all")
+
+        # make the test attribute confidential *and* preserve on delete.
+        self.make_attr_confidential()
+        self.make_attr_preserve_on_delete()
+
+        # check we can't see the objects now, even with using dirsync controls
+        self.assert_conf_attr_searches(has_rights_to=0)
+        self.assert_attr_visible(expect_attr=False)
+        self.assert_negative_searches(has_rights_to=0)
+
+        # now delete the users (except for the user whose LDB connection
+        # we're currently using)
+        for user in self.all_users:
+            if user is not self.user:
+                self.ldb_admin.delete(self.get_user_dn(user))
+
+        # check we still can't see the objects
+        self.assert_conf_attr_searches(has_rights_to=0)
+        self.assert_negative_searches(has_rights_to=0)
+
+    def test_timing_attack(self):
+        # Create the machine account.
+        mach_name = f'conf_timing_{random.randint(0, 0xffff)}'
+        mach_dn = Dn(self.ldb_admin, f'CN={mach_name},{self.ou}')
+        details = {
+            'dn': mach_dn,
+            'objectclass': 'computer',
+            'sAMAccountName': f'{mach_name}$',
+        }
+        self.ldb_admin.add(details)
+
+        # Get the machine account's GUID.
+        res = self.ldb_admin.search(mach_dn,
+                                    attrs=['objectGUID'],
+                                    scope=SCOPE_BASE)
+        mach_guid = res[0].get('objectGUID', idx=0)
+
+        # Now we can create an msFVE-RecoveryInformation object that is a child
+        # of the machine account object.
+        recovery_dn = Dn(self.ldb_admin, str(mach_dn))
+        recovery_dn.add_child('CN=recovery_info')
+
+        secret_pw = 'Secret007'
+        not_secret_pw = 'Secret008'
+
+        secret_pw_utf8 = secret_pw.encode('utf-8')
+
+        # The crucial attribute, msFVE-RecoveryPassword, is a confidential
+        # attribute.
+        conf_attr = 'msFVE-RecoveryPassword'
+
+        m = Message(recovery_dn)
+        m['objectClass'] = 'msFVE-RecoveryInformation'
+        m['msFVE-RecoveryGuid'] = mach_guid
+        m[conf_attr] = secret_pw
+        self.ldb_admin.add(m)
+
+        attrs = [conf_attr]
+
+        # Search for the confidential attribute as administrator, ensuring it
+        # is visible.
+        res = self.ldb_admin.search(recovery_dn,
+                                    attrs=attrs,
+                                    scope=SCOPE_BASE)
+        self.assertEqual(1, len(res))
+        pw = res[0].get(conf_attr, idx=0)
+        self.assertEqual(secret_pw_utf8, pw)
+
+        # Repeat the search with an expression matching on the confidential
+        # attribute. This should also work.
+        res = self.ldb_admin.search(
+            recovery_dn,
+            attrs=attrs,
+            expression=f'({conf_attr}={secret_pw})',
+            scope=SCOPE_BASE)
+        self.assertEqual(1, len(res))
+        pw = res[0].get(conf_attr, idx=0)
+        self.assertEqual(secret_pw_utf8, pw)
+
+        # Search for the attribute as an unprivileged user. It should not be
+        # visible.
+        user_res = self.ldb_user.search(recovery_dn,
+                                        attrs=attrs,
+                                        scope=SCOPE_BASE)
+        pw = user_res[0].get(conf_attr, idx=0)
+        # The attribute should be None.
+        self.assertIsNone(pw)
+
+        # We use LDAP_MATCHING_RULE_TRANSITIVE_EVAL to create a search
+        # expression that takes a long time to execute, by setting off another
+        # search each time it is evaluated. It makes no difference that the
+        # object on which we're searching has no 'member' attribute.
+        dummy_dn = 'cn=user,cn=users,dc=samba,dc=example,dc=com'
+        slow_subexpr = f'(member:1.2.840.113556.1.4.1941:={dummy_dn})'
+        slow_expr = f'(|{slow_subexpr * 100})'
+
+        # The full search expression. It comprises a match on the confidential
+        # attribute joined by an AND to our slow search expression, The AND
+        # operator is short-circuiting, so if our first subexpression fails to
+        # match, we'll bail out of the search early. Otherwise, we'll evaluate
+        # the slow part; as its subexpressions are joined by ORs, and will all
+        # fail to match, every one of them will need to be evaluated. By
+        # measuring how long the search takes, we'll be able to infer whether
+        # the confidential attribute matched or not.
+
+        # This is bad if we are not an administrator, and are able to use this
+        # to determine the values of confidential attributes. Therefore we need
+        # to ensure we can't observe any difference in timing.
+        correct_expr = f'(&({conf_attr}={secret_pw}){slow_expr})'
+        wrong_expr = f'(&({conf_attr}={not_secret_pw}){slow_expr})'
+
+        def standard_uncertainty_bounds(times):
+            mean = statistics.mean(times)
+            stdev = statistics.stdev(times, mean)
+
+            return (mean - stdev, mean + stdev)
+
+        # Perform a number of searches with both correct and incorrect
+        # expressions, and return the uncertainty bounds for each.
+        def time_searches(samdb):
+            warmup_samples = 3
+            samples = 10
+            matching_times = []
+            non_matching_times = []
+
+            for _ in range(warmup_samples):
+                samdb.search(recovery_dn,
+                             attrs=attrs,
+                             expression=correct_expr,
+                             scope=SCOPE_BASE)
+
+            for _ in range(samples):
+                # Measure the time taken for a search, for both a matching and
+                # a non-matching search expression.
+
+                prev = time.time()
+                samdb.search(recovery_dn,
+                             attrs=attrs,
+                             expression=correct_expr,
+                             scope=SCOPE_BASE)
+                now = time.time()
+                matching_times.append(now - prev)
+
+                prev = time.time()
+                samdb.search(recovery_dn,
+                             attrs=attrs,
+                             expression=wrong_expr,
+                             scope=SCOPE_BASE)
+                now = time.time()
+                non_matching_times.append(now - prev)
+
+            matching = standard_uncertainty_bounds(matching_times)
+            non_matching = standard_uncertainty_bounds(non_matching_times)
+            return matching, non_matching
+
+        def assertRangesDistinct(a, b):
+            a0, a1 = a
+            b0, b1 = b
+            self.assertLess(min(a1, b1), max(a0, b0))
+
+        def assertRangesOverlap(a, b):
+            a0, a1 = a
+            b0, b1 = b
+            self.assertGreaterEqual(min(a1, b1), max(a0, b0))
+
+        # For an administrator, the uncertainty bounds for matching and
+        # non-matching searches should be distinct. This shows that the two
+        # cases are distinguishable, and therefore that confidential attributes
+        # are visible.
+        admin_matching, admin_non_matching = time_searches(self.ldb_admin)
+        assertRangesDistinct(admin_matching, admin_non_matching)
+
+        # The user cannot view the confidential attribute, so the uncertainty
+        # bounds for matching and non-matching searches must overlap. The two
+        # cases must be indistinguishable.
+        user_matching, user_non_matching = time_searches(self.ldb_user)
+        assertRangesOverlap(user_matching, user_non_matching)
+
+# Check that using the dirsync controls doesn't reveal confidential
+# "RODC filtered attribute" values to users with only
+# GUID_DRS_GET_CHANGES.  The tests is so similar to the Confidential
+# attribute test we base it on that.
+class RodcFilteredAttrDirsync(ConfidentialAttrTestDirsync):
+
+    def setUp(self):
+        super().setUp()
+        self.dirsync = ["dirsync:1:0:1000"]
+
+        user_sid = self.sd_utils.get_object_sid(self.get_user_dn(self.user))
+        mod = "(OA;;CR;%s;;%s)" % (security.GUID_DRS_GET_CHANGES,
+                                   str(user_sid))
+        self.sd_utils.dacl_add_ace(self.base_dn, mod)
+
+        self.ldb_user = self.get_ldb_connection(self.user, self.user_pass)
+
+        self.addCleanup(self.sd_utils.dacl_delete_aces, self.base_dn, mod)
+
+    def make_attr_confidential(self):
+        """Marks the attribute under test as being confidential AND RODC
+           filtered (which should mean it is not visible with only
+           GUID_DRS_GET_CHANGES)
+        """
+
+        # work out the original 'searchFlags' value before we overwrite it
+        old_value = self.get_attr_search_flags(self.attr_dn)
+
+        self.set_attr_search_flags(self.attr_dn, str(SEARCH_FLAG_RODC_ATTRIBUTE|SEARCH_FLAG_CONFIDENTIAL))
+
+        # reset the value after the test completes
+        self.addCleanup(self.set_attr_search_flags, self.attr_dn, old_value)
+
+
+TestProgram(module=__name__, opts=subunitopts)
diff --git a/source4/dsdb/tests/python/deletetest.py b/source4/dsdb/tests/python/deletetest.py
new file mode 100755
index 0000000..118e6b5
--- /dev/null
+++ b/source4/dsdb/tests/python/deletetest.py
@@ -0,0 +1,565 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+import optparse
+import sys
+import os
+
+sys.path.insert(0, "bin/python")
+import samba
+
+from samba.tests.subunitrun import SubunitOptions, TestProgram
+
+import samba.getopt as options
+
+from samba.auth import system_session
+from ldb import SCOPE_BASE, LdbError
+from ldb import ERR_NO_SUCH_OBJECT, ERR_NOT_ALLOWED_ON_NON_LEAF
+from ldb import ERR_UNWILLING_TO_PERFORM
+from samba.samdb import SamDB
+from samba.tests import delete_force
+from samba import dsdb
+from samba.common import get_string
+
+parser = optparse.OptionParser("deletetest.py [options] <host|file>")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+subunitopts = SubunitOptions(parser)
+parser.add_option_group(subunitopts)
+opts, args = parser.parse_args()
+
+if len(args) < 1:
+    parser.print_usage()
+    sys.exit(1)
+
+host = args[0]
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+
+
+class BaseDeleteTests(samba.tests.TestCase):
+
+    def GUID_string(self, guid):
+        return get_string(self.ldb.schema_format_value("objectGUID", guid))
+
+    def setUp(self):
+        super(BaseDeleteTests, self).setUp()
+        self.ldb = SamDB(host, credentials=creds, session_info=system_session(lp), lp=lp)
+
+        self.base_dn = self.ldb.domain_dn()
+        self.configuration_dn = self.ldb.get_config_basedn().get_linearized()
+
+    def search_guid(self, guid):
+        print("SEARCH by GUID %s" % self.GUID_string(guid))
+
+        res = self.ldb.search(base="<GUID=%s>" % self.GUID_string(guid),
+                              scope=SCOPE_BASE,
+                              controls=["show_deleted:1"],
+                              attrs=["*", "parentGUID"])
+        self.assertEqual(len(res), 1)
+        return res[0]
+
+    def search_dn(self, dn):
+        print("SEARCH by DN %s" % dn)
+
+        res = self.ldb.search(expression="(objectClass=*)",
+                              base=dn,
+                              scope=SCOPE_BASE,
+                              controls=["show_deleted:1"],
+                              attrs=["*", "parentGUID"])
+        self.assertEqual(len(res), 1)
+        return res[0]
+
+
+class BasicDeleteTests(BaseDeleteTests):
+
+    def setUp(self):
+        super(BasicDeleteTests, self).setUp()
+
+    def del_attr_values(self, delObj):
+        print("Checking attributes for %s" % delObj["dn"])
+
+        self.assertEqual(str(delObj["isDeleted"][0]), "TRUE")
+        self.assertTrue(not("objectCategory" in delObj))
+        self.assertTrue(not("sAMAccountType" in delObj))
+
+    def preserved_attributes_list(self, liveObj, delObj):
+        print("Checking for preserved attributes list")
+
+        preserved_list = ["nTSecurityDescriptor", "attributeID", "attributeSyntax", "dNReferenceUpdate", "dNSHostName",
+                          "flatName", "governsID", "groupType", "instanceType", "lDAPDisplayName", "legacyExchangeDN",
+                          "isDeleted", "isRecycled", "lastKnownParent", "msDS-LastKnownRDN", "mS-DS-CreatorSID",
+                          "mSMQOwnerID", "nCName", "objectClass", "distinguishedName", "objectGUID", "objectSid",
+                          "oMSyntax", "proxiedObjectName", "name", "replPropertyMetaData", "sAMAccountName",
+                          "securityIdentifier", "sIDHistory", "subClassOf", "systemFlags", "trustPartner", "trustDirection",
+                          "trustType", "trustAttributes", "userAccountControl", "uSNChanged", "uSNCreated", "whenCreated"]
+
+        for a in liveObj:
+            if a in preserved_list:
+                self.assertTrue(a in delObj)
+
+    def check_rdn(self, liveObj, delObj, rdnName):
+        print("Checking for correct rDN")
+        rdn = liveObj[rdnName][0]
+        rdn2 = delObj[rdnName][0]
+        name2 = delObj["name"][0]
+        dn_rdn = delObj.dn.get_rdn_value()
+        guid = liveObj["objectGUID"][0]
+        self.assertEqual(str(rdn2), ("%s\nDEL:%s" % (rdn, self.GUID_string(guid))))
+        self.assertEqual(str(name2), ("%s\nDEL:%s" % (rdn, self.GUID_string(guid))))
+        self.assertEqual(str(name2), dn_rdn)
+
+    def delete_deleted(self, ldb, dn):
+        print("Testing the deletion of the already deleted dn %s" % dn)
+
+        try:
+            ldb.delete(dn)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_NO_SUCH_OBJECT)
+
+    def test_delete_protection(self):
+        """Delete protection tests"""
+
+        print(self.base_dn)
+
+        delete_force(self.ldb, "cn=entry1,cn=ldaptestcontainer," + self.base_dn)
+        delete_force(self.ldb, "cn=entry2,cn=ldaptestcontainer," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
+
+        self.ldb.add({
+            "dn": "cn=ldaptestcontainer," + self.base_dn,
+            "objectclass": "container"})
+        self.ldb.add({
+            "dn": "cn=entry1,cn=ldaptestcontainer," + self.base_dn,
+            "objectclass": "container"})
+        self.ldb.add({
+            "dn": "cn=entry2,cn=ldaptestcontainer," + self.base_dn,
+            "objectclass": "container"})
+
+        try:
+            self.ldb.delete("cn=ldaptestcontainer," + self.base_dn)
+            self.fail()
+        except LdbError as e1:
+            (num, _) = e1.args
+            self.assertEqual(num, ERR_NOT_ALLOWED_ON_NON_LEAF)
+
+        self.ldb.delete("cn=ldaptestcontainer," + self.base_dn, ["tree_delete:1"])
+
+        try:
+            res = self.ldb.search("cn=ldaptestcontainer," + self.base_dn,
+                                  scope=SCOPE_BASE, attrs=[])
+            self.fail()
+        except LdbError as e2:
+            (num, _) = e2.args
+            self.assertEqual(num, ERR_NO_SUCH_OBJECT)
+        try:
+            res = self.ldb.search("cn=entry1,cn=ldaptestcontainer," + self.base_dn,
+                                  scope=SCOPE_BASE, attrs=[])
+            self.fail()
+        except LdbError as e3:
+            (num, _) = e3.args
+            self.assertEqual(num, ERR_NO_SUCH_OBJECT)
+        try:
+            res = self.ldb.search("cn=entry2,cn=ldaptestcontainer," + self.base_dn,
+                                  scope=SCOPE_BASE, attrs=[])
+            self.fail()
+        except LdbError as e4:
+            (num, _) = e4.args
+            self.assertEqual(num, ERR_NO_SUCH_OBJECT)
+
+        delete_force(self.ldb, "cn=entry1,cn=ldaptestcontainer," + self.base_dn)
+        delete_force(self.ldb, "cn=entry2,cn=ldaptestcontainer," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
+
+        # Performs some protected object delete testing
+
+        res = self.ldb.search(base="", expression="", scope=SCOPE_BASE,
+                              attrs=["dsServiceName", "dNSHostName"])
+        self.assertEqual(len(res), 1)
+
+        # Delete failing since DC's nTDSDSA object is protected
+        try:
+            self.ldb.delete(res[0]["dsServiceName"][0])
+            self.fail()
+        except LdbError as e5:
+            (num, _) = e5.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        res = self.ldb.search(self.base_dn, attrs=["rIDSetReferences"],
+                              expression="(&(objectClass=computer)(dNSHostName=" + str(res[0]["dNSHostName"][0]) + "))")
+        self.assertEqual(len(res), 1)
+
+        # Deletes failing since DC's rIDSet object is protected
+        try:
+            self.ldb.delete(res[0]["rIDSetReferences"][0])
+            self.fail()
+        except LdbError as e6:
+            (num, _) = e6.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+        try:
+            self.ldb.delete(res[0]["rIDSetReferences"][0], ["tree_delete:1"])
+            self.fail()
+        except LdbError as e7:
+            (num, _) = e7.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        # Deletes failing since three main crossRef objects are protected
+
+        try:
+            self.ldb.delete("cn=Enterprise Schema,cn=Partitions," + self.configuration_dn)
+            self.fail()
+        except LdbError as e8:
+            (num, _) = e8.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+        try:
+            self.ldb.delete("cn=Enterprise Schema,cn=Partitions," + self.configuration_dn, ["tree_delete:1"])
+            self.fail()
+        except LdbError as e9:
+            (num, _) = e9.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        try:
+            self.ldb.delete("cn=Enterprise Configuration,cn=Partitions," + self.configuration_dn)
+            self.fail()
+        except LdbError as e10:
+            (num, _) = e10.args
+            self.assertEqual(num, ERR_NOT_ALLOWED_ON_NON_LEAF)
+        try:
+            self.ldb.delete("cn=Enterprise Configuration,cn=Partitions," + self.configuration_dn, ["tree_delete:1"])
+            self.fail()
+        except LdbError as e11:
+            (num, _) = e11.args
+            self.assertEqual(num, ERR_NOT_ALLOWED_ON_NON_LEAF)
+
+        res = self.ldb.search("cn=Partitions," + self.configuration_dn, attrs=[],
+                              expression="(nCName=%s)" % self.base_dn)
+        self.assertEqual(len(res), 1)
+
+        try:
+            self.ldb.delete(res[0].dn)
+            self.fail()
+        except LdbError as e12:
+            (num, _) = e12.args
+            self.assertEqual(num, ERR_NOT_ALLOWED_ON_NON_LEAF)
+        try:
+            self.ldb.delete(res[0].dn, ["tree_delete:1"])
+            self.fail()
+        except LdbError as e13:
+            (num, _) = e13.args
+            self.assertEqual(num, ERR_NOT_ALLOWED_ON_NON_LEAF)
+
+        # Delete failing since "SYSTEM_FLAG_DISALLOW_DELETE"
+        try:
+            self.ldb.delete("CN=Users," + self.base_dn)
+            self.fail()
+        except LdbError as e14:
+            (num, _) = e14.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        # Tree-delete failing since "isCriticalSystemObject"
+        try:
+            self.ldb.delete("CN=Computers," + self.base_dn, ["tree_delete:1"])
+            self.fail()
+        except LdbError as e15:
+            (num, _) = e15.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+
+class BasicTreeDeleteTests(BasicDeleteTests):
+
+    def setUp(self):
+        super(BasicTreeDeleteTests, self).setUp()
+
+        # user current time in ms to make unique objects
+        import time
+        marker = str(int(round(time.time() * 1000)))
+        usr1_name = "u_" + marker
+        usr2_name = "u2_" + marker
+        grp_name = "g1_" + marker
+        site_name = "s1_" + marker
+
+        self.usr1 = "cn=%s,cn=users,%s" % (usr1_name, self.base_dn)
+        self.usr2 = "cn=%s,cn=users,%s" % (usr2_name, self.base_dn)
+        self.grp1 = "cn=%s,cn=users,%s" % (grp_name, self.base_dn)
+        self.sit1 = "cn=%s,cn=sites,%s" % (site_name, self.configuration_dn)
+        self.ss1 = "cn=NTDS Site Settings,cn=%s,cn=sites,%s" % (site_name, self.configuration_dn)
+        self.srv1 = "cn=Servers,cn=%s,cn=sites,%s" % (site_name, self.configuration_dn)
+        self.srv2 = "cn=TESTSRV,cn=Servers,cn=%s,cn=sites,%s" % (site_name, self.configuration_dn)
+
+        delete_force(self.ldb, self.usr1)
+        delete_force(self.ldb, self.usr2)
+        delete_force(self.ldb, self.grp1)
+        delete_force(self.ldb, self.ss1)
+        delete_force(self.ldb, self.srv2)
+        delete_force(self.ldb, self.srv1)
+        delete_force(self.ldb, self.sit1)
+
+        self.ldb.add({
+            "dn": self.usr1,
+            "objectclass": "user",
+            "description": "test user description",
+            "samaccountname": usr1_name})
+
+        self.ldb.add({
+            "dn": self.usr2,
+            "objectclass": "user",
+            "description": "test user 2 description",
+            "samaccountname": usr2_name})
+
+        self.ldb.add({
+            "dn": self.grp1,
+            "objectclass": "group",
+            "description": "test group",
+            "samaccountname": grp_name,
+            "member": [self.usr1, self.usr2],
+            "isDeleted": "FALSE"})
+
+        self.ldb.add({
+            "dn": self.sit1,
+            "objectclass": "site"})
+
+        self.ldb.add({
+            "dn": self.ss1,
+            "objectclass": ["applicationSiteSettings", "nTDSSiteSettings"]})
+
+        self.ldb.add({
+            "dn": self.srv1,
+            "objectclass": "serversContainer"})
+
+        self.ldb.add({
+            "dn": self.srv2,
+            "objectClass": "server"})
+
+        self.objLive1 = self.search_dn(self.usr1)
+        self.guid1 = self.objLive1["objectGUID"][0]
+
+        self.objLive2 = self.search_dn(self.usr2)
+        self.guid2 = self.objLive2["objectGUID"][0]
+
+        self.objLive3 = self.search_dn(self.grp1)
+        self.guid3 = self.objLive3["objectGUID"][0]
+
+        self.objLive4 = self.search_dn(self.sit1)
+        self.guid4 = self.objLive4["objectGUID"][0]
+
+        self.objLive5 = self.search_dn(self.ss1)
+        self.guid5 = self.objLive5["objectGUID"][0]
+
+        self.objLive6 = self.search_dn(self.srv1)
+        self.guid6 = self.objLive6["objectGUID"][0]
+
+        self.objLive7 = self.search_dn(self.srv2)
+        self.guid7 = self.objLive7["objectGUID"][0]
+
+        self.deleted_objects_config_dn \
+            = self.ldb.get_wellknown_dn(self.ldb.get_config_basedn(),
+                                        dsdb.DS_GUID_DELETED_OBJECTS_CONTAINER)
+        deleted_objects_config_obj \
+            = self.search_dn(self.deleted_objects_config_dn)
+
+        self.deleted_objects_config_guid \
+            = deleted_objects_config_obj["objectGUID"][0]
+
+        self.deleted_objects_domain_dn \
+            = self.ldb.get_wellknown_dn(self.ldb.get_default_basedn(),
+                                        dsdb.DS_GUID_DELETED_OBJECTS_CONTAINER)
+        deleted_objects_domain_obj \
+            = self.search_dn(self.deleted_objects_domain_dn)
+
+        self.deleted_objects_domain_guid \
+            = deleted_objects_domain_obj["objectGUID"][0]
+
+        self.deleted_objects_domain_dn \
+            = self.ldb.get_wellknown_dn(self.ldb.get_default_basedn(),
+                                        dsdb.DS_GUID_DELETED_OBJECTS_CONTAINER)
+        sites_obj = self.search_dn("cn=sites,%s"
+                                   % self.ldb.get_config_basedn())
+        self.sites_dn = sites_obj.dn
+        self.sites_guid \
+            = sites_obj["objectGUID"][0]
+
+    def test_all(self):
+        """Basic delete tests"""
+
+        self.ldb.delete(self.usr1)
+        self.ldb.delete(self.usr2)
+        self.ldb.delete(self.grp1)
+        self.ldb.delete(self.srv1, ["tree_delete:1"])
+        self.ldb.delete(self.sit1, ["tree_delete:1"])
+
+        self.check_all()
+
+    def test_tree_delete(self):
+        """Basic delete tests,
+           but use just one tree delete for the config records
+        """
+
+        self.ldb.delete(self.usr1)
+        self.ldb.delete(self.usr2)
+        self.ldb.delete(self.grp1)
+        self.ldb.delete(self.sit1, ["tree_delete:1"])
+
+        self.check_all()
+
+    def check_all(self):
+        objDeleted1 = self.search_guid(self.guid1)
+        objDeleted2 = self.search_guid(self.guid2)
+        objDeleted3 = self.search_guid(self.guid3)
+        objDeleted4 = self.search_guid(self.guid4)
+        objDeleted5 = self.search_guid(self.guid5)
+        objDeleted6 = self.search_guid(self.guid6)
+        objDeleted7 = self.search_guid(self.guid7)
+
+        self.del_attr_values(objDeleted1)
+        self.del_attr_values(objDeleted2)
+        self.del_attr_values(objDeleted3)
+        self.del_attr_values(objDeleted4)
+        self.del_attr_values(objDeleted5)
+        self.del_attr_values(objDeleted6)
+        self.del_attr_values(objDeleted7)
+
+        self.preserved_attributes_list(self.objLive1, objDeleted1)
+        self.preserved_attributes_list(self.objLive2, objDeleted2)
+        self.preserved_attributes_list(self.objLive3, objDeleted3)
+        self.preserved_attributes_list(self.objLive4, objDeleted4)
+        self.preserved_attributes_list(self.objLive5, objDeleted5)
+        self.preserved_attributes_list(self.objLive6, objDeleted6)
+        self.preserved_attributes_list(self.objLive7, objDeleted7)
+
+        self.check_rdn(self.objLive1, objDeleted1, "cn")
+        self.check_rdn(self.objLive2, objDeleted2, "cn")
+        self.check_rdn(self.objLive3, objDeleted3, "cn")
+        self.check_rdn(self.objLive4, objDeleted4, "cn")
+        self.check_rdn(self.objLive5, objDeleted5, "cn")
+        self.check_rdn(self.objLive6, objDeleted6, "cn")
+        self.check_rdn(self.objLive7, objDeleted7, "cn")
+
+        self.delete_deleted(self.ldb, self.usr1)
+        self.delete_deleted(self.ldb, self.usr2)
+        self.delete_deleted(self.ldb, self.grp1)
+        self.delete_deleted(self.ldb, self.sit1)
+        self.delete_deleted(self.ldb, self.ss1)
+        self.delete_deleted(self.ldb, self.srv1)
+        self.delete_deleted(self.ldb, self.srv2)
+
+        self.assertTrue("CN=Deleted Objects" in str(objDeleted1.dn))
+        self.assertEqual(objDeleted1.dn.parent(),
+                         self.deleted_objects_domain_dn)
+        self.assertEqual(objDeleted1["parentGUID"][0],
+                         self.deleted_objects_domain_guid)
+
+        self.assertTrue("CN=Deleted Objects" in str(objDeleted2.dn))
+        self.assertEqual(objDeleted2.dn.parent(),
+                         self.deleted_objects_domain_dn)
+        self.assertEqual(objDeleted2["parentGUID"][0],
+                         self.deleted_objects_domain_guid)
+
+        self.assertTrue("CN=Deleted Objects" in str(objDeleted3.dn))
+        self.assertEqual(objDeleted3.dn.parent(),
+                         self.deleted_objects_domain_dn)
+        self.assertEqual(objDeleted3["parentGUID"][0],
+                         self.deleted_objects_domain_guid)
+
+        self.assertFalse("CN=Deleted Objects" in str(objDeleted4.dn))
+        self.assertEqual(objDeleted4.dn.parent(),
+                         self.sites_dn)
+        self.assertEqual(objDeleted4["parentGUID"][0],
+                         self.sites_guid)
+
+        self.assertTrue("CN=Deleted Objects" in str(objDeleted5.dn))
+        self.assertEqual(objDeleted5.dn.parent(),
+                         self.deleted_objects_config_dn)
+        self.assertEqual(objDeleted5["parentGUID"][0],
+                         self.deleted_objects_config_guid)
+
+        self.assertFalse("CN=Deleted Objects" in str(objDeleted6.dn))
+        self.assertEqual(objDeleted6.dn.parent(),
+                         objDeleted4.dn)
+        self.assertEqual(objDeleted6["parentGUID"][0],
+                         objDeleted4["objectGUID"][0])
+
+        self.assertFalse("CN=Deleted Objects" in str(objDeleted7.dn))
+        self.assertEqual(objDeleted7.dn.parent(),
+                         objDeleted6.dn)
+        self.assertEqual(objDeleted7["parentGUID"][0],
+                         objDeleted6["objectGUID"][0])
+
+        objDeleted1 = self.search_guid(self.guid1)
+        objDeleted2 = self.search_guid(self.guid2)
+        objDeleted3 = self.search_guid(self.guid3)
+        objDeleted4 = self.search_guid(self.guid4)
+        objDeleted5 = self.search_guid(self.guid5)
+        objDeleted6 = self.search_guid(self.guid6)
+        objDeleted7 = self.search_guid(self.guid7)
+
+        self.del_attr_values(objDeleted1)
+        self.del_attr_values(objDeleted2)
+        self.del_attr_values(objDeleted3)
+        self.del_attr_values(objDeleted4)
+        self.del_attr_values(objDeleted5)
+        self.del_attr_values(objDeleted6)
+        self.del_attr_values(objDeleted7)
+
+        self.preserved_attributes_list(self.objLive1, objDeleted1)
+        self.preserved_attributes_list(self.objLive2, objDeleted2)
+        self.preserved_attributes_list(self.objLive3, objDeleted3)
+        self.preserved_attributes_list(self.objLive4, objDeleted4)
+        self.preserved_attributes_list(self.objLive5, objDeleted5)
+        self.preserved_attributes_list(self.objLive6, objDeleted6)
+        self.preserved_attributes_list(self.objLive7, objDeleted7)
+
+        self.check_rdn(self.objLive1, objDeleted1, "cn")
+        self.check_rdn(self.objLive2, objDeleted2, "cn")
+        self.check_rdn(self.objLive3, objDeleted3, "cn")
+        self.check_rdn(self.objLive4, objDeleted4, "cn")
+        self.check_rdn(self.objLive5, objDeleted5, "cn")
+        self.check_rdn(self.objLive6, objDeleted6, "cn")
+        self.check_rdn(self.objLive7, objDeleted7, "cn")
+
+        self.delete_deleted(self.ldb, self.usr1)
+        self.delete_deleted(self.ldb, self.usr2)
+        self.delete_deleted(self.ldb, self.grp1)
+        self.delete_deleted(self.ldb, self.sit1)
+        self.delete_deleted(self.ldb, self.ss1)
+        self.delete_deleted(self.ldb, self.srv1)
+        self.delete_deleted(self.ldb, self.srv2)
+
+        self.assertTrue("CN=Deleted Objects" in str(objDeleted1.dn))
+        self.assertEqual(objDeleted1.dn.parent(),
+                         self.deleted_objects_domain_dn)
+        self.assertEqual(objDeleted1["parentGUID"][0],
+                         self.deleted_objects_domain_guid)
+        self.assertTrue("CN=Deleted Objects" in str(objDeleted2.dn))
+        self.assertEqual(objDeleted2.dn.parent(),
+                         self.deleted_objects_domain_dn)
+        self.assertEqual(objDeleted2["parentGUID"][0],
+                         self.deleted_objects_domain_guid)
+        self.assertTrue("CN=Deleted Objects" in str(objDeleted3.dn))
+        self.assertEqual(objDeleted3.dn.parent(),
+                         self.deleted_objects_domain_dn)
+        self.assertEqual(objDeleted3["parentGUID"][0],
+                         self.deleted_objects_domain_guid)
+        self.assertFalse("CN=Deleted Objects" in str(objDeleted4.dn))
+        self.assertTrue("CN=Deleted Objects" in str(objDeleted5.dn))
+        self.assertEqual(objDeleted5.dn.parent(),
+                         self.deleted_objects_config_dn)
+        self.assertEqual(objDeleted5["parentGUID"][0],
+                         self.deleted_objects_config_guid)
+        self.assertFalse("CN=Deleted Objects" in str(objDeleted6.dn))
+        self.assertFalse("CN=Deleted Objects" in str(objDeleted7.dn))
+
+
+if "://" not in host:
+    if os.path.isfile(host):
+        host = "tdb://%s" % host
+    else:
+        host = "ldap://%s" % host
+
+TestProgram(module=__name__, opts=subunitopts)
diff --git a/source4/dsdb/tests/python/dirsync.py b/source4/dsdb/tests/python/dirsync.py
new file mode 100755
index 0000000..db39692
--- /dev/null
+++ b/source4/dsdb/tests/python/dirsync.py
@@ -0,0 +1,1107 @@
+#!/usr/bin/env python3
+#
+# Unit tests for dirsync control
+# Copyright (C) Matthieu Patou <mat@matws.net> 2011
+# Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2014
+# Copyright (C) Catalyst.Net Ltd
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+
+import optparse
+import sys
+sys.path.insert(0, "bin/python")
+import samba
+from samba.tests.subunitrun import TestProgram, SubunitOptions
+
+import samba.getopt as options
+import base64
+
+import ldb
+from ldb import LdbError, SCOPE_BASE
+from ldb import Message, MessageElement, Dn
+from ldb import FLAG_MOD_ADD, FLAG_MOD_DELETE, FLAG_MOD_REPLACE
+from samba.dsdb import SEARCH_FLAG_CONFIDENTIAL, SEARCH_FLAG_RODC_ATTRIBUTE
+from samba.dcerpc import security, misc, drsblobs
+from samba.ndr import ndr_unpack, ndr_pack
+
+from samba.auth import system_session
+from samba import gensec, sd_utils
+from samba.samdb import SamDB
+from samba.credentials import Credentials, DONT_USE_KERBEROS
+import samba.tests
+from samba.tests import delete_force
+
+parser = optparse.OptionParser("dirsync.py [options] <host>")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+subunitopts = SubunitOptions(parser)
+parser.add_option_group(subunitopts)
+opts, args = parser.parse_args()
+
+if len(args) < 1:
+    parser.print_usage()
+    sys.exit(1)
+
+host = args.pop()
+if "://" not in host:
+    ldaphost = "ldap://%s" % host
+else:
+    ldaphost = host
+    start = host.rindex("://")
+    host = host.lstrip(start + 3)
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+
+#
+# Tests start here
+#
+
+
+class DirsyncBaseTests(samba.tests.TestCase):
+
+    def setUp(self):
+        super().setUp()
+        self.ldb_admin = SamDB(ldaphost, credentials=creds, session_info=system_session(lp), lp=lp)
+        self.base_dn = self.ldb_admin.domain_dn()
+        self.domain_sid = security.dom_sid(self.ldb_admin.get_domain_sid())
+        self.user_pass = samba.generate_random_password(12, 16)
+        self.configuration_dn = self.ldb_admin.get_config_basedn().get_linearized()
+        self.sd_utils = sd_utils.SDUtils(self.ldb_admin)
+        # used for anonymous login
+        print("baseDN: %s" % self.base_dn)
+
+        userou = "OU=dirsync-test"
+        self.ou = f"{userou},{self.base_dn}"
+        samba.tests.delete_force(self.ldb_admin, self.ou, controls=['tree_delete:1'])
+        self.ldb_admin.create_ou(self.ou)
+        self.addCleanup(samba.tests.delete_force, self.ldb_admin, self.ou, controls=['tree_delete:1'])
+
+        # Regular user
+        self.dirsync_user = "test_dirsync_user"
+        self.simple_user = "test_simple_user"
+        self.admin_user = "test_admin_user"
+        self.dirsync_pass = self.user_pass
+        self.simple_pass = self.user_pass
+        self.admin_pass = self.user_pass
+
+        self.ldb_admin.newuser(self.dirsync_user, self.dirsync_pass, userou=userou)
+        self.ldb_admin.newuser(self.simple_user, self.simple_pass, userou=userou)
+        self.ldb_admin.newuser(self.admin_user, self.admin_pass, userou=userou)
+        self.desc_sddl = self.sd_utils.get_sd_as_sddl(self.base_dn)
+
+        user_sid = self.sd_utils.get_object_sid(self.get_user_dn(self.dirsync_user))
+        mod = "(OA;;CR;%s;;%s)" % (security.GUID_DRS_GET_CHANGES,
+                                   str(user_sid))
+        self.sd_utils.dacl_add_ace(self.base_dn, mod)
+        self.addCleanup(self.sd_utils.dacl_delete_aces, self.base_dn, mod)
+
+        # add admins to the Domain Admins group
+        self.ldb_admin.add_remove_group_members("Domain Admins", [self.admin_user],
+                                                add_members_operation=True)
+
+    def get_user_dn(self, name):
+        return ldb.Dn(self.ldb_admin, "CN={0},{1}".format(name, self.ou))
+
+    def get_ldb_connection(self, target_username, target_password):
+        creds_tmp = Credentials()
+        creds_tmp.set_username(target_username)
+        creds_tmp.set_password(target_password)
+        creds_tmp.set_domain(creds.get_domain())
+        creds_tmp.set_realm(creds.get_realm())
+        creds_tmp.set_workstation(creds.get_workstation())
+        creds_tmp.set_gensec_features(creds_tmp.get_gensec_features()
+                                      | gensec.FEATURE_SEAL)
+        creds_tmp.set_kerberos_state(DONT_USE_KERBEROS)  # kinit is too expensive to use in a tight loop
+        ldb_target = SamDB(url=ldaphost, credentials=creds_tmp, lp=lp)
+        return ldb_target
+
+# tests on ldap add operations
+class SimpleDirsyncTests(DirsyncBaseTests):
+
+    # def test_dirsync_errors(self):
+
+    def test_dirsync_supported(self):
+        """Test the basic of the dirsync is supported"""
+        self.ldb_dirsync = self.get_ldb_connection(self.dirsync_user, self.user_pass)
+        self.ldb_simple = self.get_ldb_connection(self.simple_user, self.simple_pass)
+        res = self.ldb_admin.search(self.base_dn, expression="samaccountname=*", controls=["dirsync:1:0:1"])
+        res = self.ldb_dirsync.search(self.base_dn, expression="samaccountname=*", controls=["dirsync:1:0:1"])
+        try:
+            self.ldb_simple.search(self.base_dn,
+                                   expression="samaccountname=*",
+                                   controls=["dirsync:1:0:1"])
+        except LdbError as l:
+            self.assertTrue(str(l).find("LDAP_INSUFFICIENT_ACCESS_RIGHTS") != -1)
+
+    def test_parentGUID_referrals(self):
+        res2 = self.ldb_admin.search(self.base_dn, scope=SCOPE_BASE, attrs=["objectGUID"])
+
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="name=Configuration",
+                                    controls=["dirsync:1:0:1"])
+        self.assertEqual(res2[0].get("objectGUID"), res[0].get("parentGUID"))
+
+    def test_ok_not_rootdc(self):
+        """Test if it's ok to do dirsync on another NC that is not the root DC"""
+        self.ldb_admin.search(self.ldb_admin.get_config_basedn(),
+                              expression="samaccountname=*",
+                              controls=["dirsync:1:0:1"])
+
+    def test_dirsync_errors(self):
+        """Test if dirsync returns the correct LDAP errors in case of pb"""
+        self.ldb_simple = self.get_ldb_connection(self.simple_user, self.simple_pass)
+        self.ldb_dirsync = self.get_ldb_connection(self.dirsync_user, self.dirsync_pass)
+        try:
+            self.ldb_simple.search(self.base_dn,
+                                   expression="samaccountname=*",
+                                   controls=["dirsync:1:0:1"])
+        except LdbError as l:
+            print(l)
+            self.assertTrue(str(l).find("LDAP_INSUFFICIENT_ACCESS_RIGHTS") != -1)
+
+        try:
+            self.ldb_simple.search("CN=Users,%s" % self.base_dn,
+                                   expression="samaccountname=*",
+                                   controls=["dirsync:1:0:1"])
+        except LdbError as l:
+            print(l)
+            self.assertTrue(str(l).find("LDAP_INSUFFICIENT_ACCESS_RIGHTS") != -1)
+
+        try:
+            self.ldb_simple.search("CN=Users,%s" % self.base_dn,
+                                   expression="samaccountname=*",
+                                   controls=["dirsync:1:1:1"])
+        except LdbError as l:
+            print(l)
+            self.assertTrue(str(l).find("LDAP_UNWILLING_TO_PERFORM") != -1)
+
+        try:
+            self.ldb_dirsync.search("CN=Users,%s" % self.base_dn,
+                                    expression="samaccountname=*",
+                                    controls=["dirsync:1:0:1"])
+        except LdbError as l:
+            print(l)
+            self.assertTrue(str(l).find("LDAP_INSUFFICIENT_ACCESS_RIGHTS") != -1)
+
+        try:
+            self.ldb_admin.search("CN=Users,%s" % self.base_dn,
+                                  expression="samaccountname=*",
+                                  controls=["dirsync:1:0:1"])
+        except LdbError as l:
+            print(l)
+            self.assertTrue(str(l).find("LDAP_INSUFFICIENT_ACCESS_RIGHTS") != -1)
+
+        try:
+            self.ldb_admin.search("CN=Users,%s" % self.base_dn,
+                                  expression="samaccountname=*",
+                                  controls=["dirsync:1:1:1"])
+        except LdbError as l:
+            print(l)
+            self.assertTrue(str(l).find("LDAP_UNWILLING_TO_PERFORM") != -1)
+
+    def test_dirsync_attributes(self):
+        """Check behavior with some attributes """
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="samaccountname=*",
+                                    controls=["dirsync:1:0:1"])
+        # Check that nTSecurityDescriptor is returned as it's the case when doing dirsync
+        self.assertTrue(res.msgs[0].get("ntsecuritydescriptor") is not None)
+        # Check that non replicated attributes are not returned
+        self.assertTrue(res.msgs[0].get("badPwdCount") is None)
+        # Check that non forward link are not returned
+        self.assertTrue(res.msgs[0].get("memberof") is None)
+
+        # Asking for instanceType will return also objectGUID
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="samaccountname=Administrator",
+                                    attrs=["instanceType"],
+                                    controls=["dirsync:1:0:1"])
+        self.assertTrue(res.msgs[0].get("objectGUID") is not None)
+        self.assertTrue(res.msgs[0].get("instanceType") is not None)
+
+        # We don't return an entry if asked for objectGUID
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(distinguishedName=%s)" % str(self.base_dn),
+                                    attrs=["objectGUID"],
+                                    controls=["dirsync:1:0:1"])
+        self.assertEqual(len(res.msgs), 0)
+
+        # a request on the root of a NC didn't return parentGUID
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(distinguishedName=%s)" % str(self.base_dn),
+                                    attrs=["name"],
+                                    controls=["dirsync:1:0:1"])
+        self.assertTrue(res.msgs[0].get("objectGUID") is not None)
+        self.assertTrue(res.msgs[0].get("name") is not None)
+        self.assertTrue(res.msgs[0].get("parentGUID") is None)
+        self.assertTrue(res.msgs[0].get("instanceType") is not None)
+
+        # Asking for name will return also objectGUID and parentGUID
+        # and instanceType and of course name
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="samaccountname=Administrator",
+                                    attrs=["name"],
+                                    controls=["dirsync:1:0:1"])
+        self.assertTrue(res.msgs[0].get("objectGUID") is not None)
+        self.assertTrue(res.msgs[0].get("name") is not None)
+        self.assertTrue(res.msgs[0].get("parentGUID") is not None)
+        self.assertTrue(res.msgs[0].get("instanceType") is not None)
+
+        # Asking for dn will not return not only DN but more like if attrs=*
+        # parentGUID should be returned
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="samaccountname=Administrator",
+                                    attrs=["dn"],
+                                    controls=["dirsync:1:0:1"])
+        count = len(res.msgs[0])
+        res2 = self.ldb_admin.search(self.base_dn,
+                                     expression="samaccountname=Administrator",
+                                     controls=["dirsync:1:0:1"])
+        count2 = len(res2.msgs[0])
+        self.assertEqual(count, count2)
+
+        # Asking for cn will return nothing on objects that have CN as RDN
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="samaccountname=Administrator",
+                                    attrs=["cn"],
+                                    controls=["dirsync:1:0:1"])
+        self.assertEqual(len(res.msgs), 0)
+        # Asking for parentGUID will return nothing too
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="samaccountname=Administrator",
+                                    attrs=["parentGUID"],
+                                    controls=["dirsync:1:0:1"])
+        self.assertEqual(len(res.msgs), 0)
+        ouname = "OU=testou,%s" % self.ou
+        self.ouname = ouname
+        self.ldb_admin.create_ou(ouname)
+        delta = Message()
+        delta.dn = Dn(self.ldb_admin, ouname)
+        delta["cn"] = MessageElement("test ou",
+                                     FLAG_MOD_ADD,
+                                     "cn")
+        self.ldb_admin.modify(delta)
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="name=testou",
+                                    attrs=["cn"],
+                                    controls=["dirsync:1:0:1"])
+
+        self.assertEqual(len(res.msgs), 1)
+        self.assertEqual(len(res.msgs[0]), 3)
+        delete_force(self.ldb_admin, ouname)
+
+    def test_dirsync_with_controls(self):
+        """Check that dirsync return correct information when dealing with the NC"""
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(distinguishedName=%s)" % str(self.base_dn),
+                                    attrs=["name"],
+                                    controls=["dirsync:1:0:10000", "extended_dn:1", "show_deleted:1"])
+
+    def test_dirsync_basenc(self):
+        """Check that dirsync return correct information when dealing with the NC"""
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(distinguishedName=%s)" % str(self.base_dn),
+                                    attrs=["name"],
+                                    controls=["dirsync:1:0:10000"])
+        self.assertEqual(len(res.msgs), 1)
+        self.assertEqual(len(res.msgs[0]), 3)
+
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(distinguishedName=%s)" % str(self.base_dn),
+                                    attrs=["ntSecurityDescriptor"],
+                                    controls=["dirsync:1:0:10000"])
+        self.assertEqual(len(res.msgs), 1)
+        self.assertEqual(len(res.msgs[0]), 3)
+
+    def test_dirsync_othernc(self):
+        """Check that dirsync return information for entries that are normally referrals (ie. other NCs)"""
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(objectclass=configuration)",
+                                    attrs=["name"],
+                                    controls=["dirsync:1:0:10000"])
+        self.assertEqual(len(res.msgs), 1)
+        self.assertEqual(len(res.msgs[0]), 4)
+
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(objectclass=configuration)",
+                                    attrs=["ntSecurityDescriptor"],
+                                    controls=["dirsync:1:0:10000"])
+        self.assertEqual(len(res.msgs), 1)
+        self.assertEqual(len(res.msgs[0]), 3)
+
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(objectclass=domaindns)",
+                                    attrs=["ntSecurityDescriptor"],
+                                    controls=["dirsync:1:0:10000"])
+        nb = len(res.msgs)
+
+        # only sub nc returns a result when asked for objectGUID
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(objectclass=domaindns)",
+                                    attrs=["objectGUID"],
+                                    controls=["dirsync:1:0:0"])
+        self.assertEqual(len(res.msgs), nb - 1)
+        if nb > 1:
+            self.assertTrue(res.msgs[0].get("objectGUID") is not None)
+        else:
+            res = self.ldb_admin.search(self.base_dn,
+                                        expression="(objectclass=configuration)",
+                                        attrs=["objectGUID"],
+                                        controls=["dirsync:1:0:0"])
+
+    def test_dirsync_send_delta(self):
+        """Check that dirsync return correct delta when sending the last cookie"""
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(&(samaccountname=test*)(!(isDeleted=*)))",
+                                    controls=["dirsync:1:0:10000"])
+        ctl = str(res.controls[0]).split(":")
+        ctl[1] = "1"
+        ctl[2] = "0"
+        ctl[3] = "10000"
+        control = str(":".join(ctl))
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(&(samaccountname=test*)(!(isDeleted=*)))",
+                                    controls=[control])
+        self.assertEqual(len(res), 0)
+
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(&(objectClass=organizationalUnit)(!(isDeleted=*)))",
+                                    controls=["dirsync:1:0:100000"])
+
+        ctl = str(res.controls[0]).split(":")
+        ctl[1] = "1"
+        ctl[2] = "0"
+        ctl[3] = "10000"
+        control2 = str(":".join(ctl))
+
+        # Let's create an OU
+        ouname = "OU=testou2,%s" % self.base_dn
+        self.ouname = ouname
+        self.ldb_admin.create_ou(ouname)
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(&(objectClass=organizationalUnit)(!(isDeleted=*)))",
+                                    controls=[control2])
+        self.assertEqual(len(res), 1)
+        ctl = str(res.controls[0]).split(":")
+        ctl[1] = "1"
+        ctl[2] = "0"
+        ctl[3] = "10000"
+        control3 = str(":".join(ctl))
+
+        delta = Message()
+        delta.dn = Dn(self.ldb_admin, str(ouname))
+
+        delta["cn"] = MessageElement("test ou",
+                                     FLAG_MOD_ADD,
+                                     "cn")
+        self.ldb_admin.modify(delta)
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(&(objectClass=organizationalUnit)(!(isDeleted=*)))",
+                                    controls=[control3])
+
+        self.assertEqual(len(res.msgs), 1)
+        # 3 attributes: instanceType, cn and objectGUID
+        self.assertEqual(len(res.msgs[0]), 3)
+
+        delta = Message()
+        delta.dn = Dn(self.ldb_admin, str(ouname))
+        delta["cn"] = MessageElement([],
+                                     FLAG_MOD_DELETE,
+                                     "cn")
+        self.ldb_admin.modify(delta)
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(&(objectClass=organizationalUnit)(!(isDeleted=*)))",
+                                    controls=[control3])
+
+        self.assertEqual(len(res.msgs), 1)
+        # So we won't have much attribute returned but instanceType and GUID
+        # are.
+        # 3 attributes: instanceType and objectGUID and cn but empty
+        self.assertEqual(len(res.msgs[0]), 3)
+        ouname = "OU=newouname,%s" % self.base_dn
+        self.ldb_admin.rename(str(res[0].dn), str(Dn(self.ldb_admin, ouname)))
+        self.ouname = ouname
+        ctl = str(res.controls[0]).split(":")
+        ctl[1] = "1"
+        ctl[2] = "0"
+        ctl[3] = "10000"
+        control4 = str(":".join(ctl))
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(&(objectClass=organizationalUnit)(!(isDeleted=*)))",
+                                    controls=[control4])
+
+        self.assertTrue(res[0].get("parentGUID") is not None)
+        self.assertTrue(res[0].get("name") is not None)
+        delete_force(self.ldb_admin, ouname)
+
+    def test_dirsync_linkedattributes_OBJECT_SECURITY(self):
+        """Check that dirsync returned deleted objects too"""
+        # Let's search for members
+        self.ldb_simple = self.get_ldb_connection(self.simple_user, self.simple_pass)
+        res = self.ldb_simple.search(self.base_dn,
+                                     expression="(name=Administrators)",
+                                     controls=["dirsync:1:1:1"])
+
+        self.assertTrue(len(res[0].get("member")) > 0)
+        size = len(res[0].get("member"))
+
+        ctl = str(res.controls[0]).split(":")
+        ctl[1] = "1"
+        ctl[2] = "1"
+        ctl[3] = "10000"
+        control1 = str(":".join(ctl))
+        self.ldb_admin.add_remove_group_members("Administrators", [self.simple_user],
+                                                add_members_operation=True)
+
+        res = self.ldb_simple.search(self.base_dn,
+                                     expression="(name=Administrators)",
+                                     controls=[control1])
+
+        self.assertEqual(len(res[0].get("member")), size + 1)
+        ctl = str(res.controls[0]).split(":")
+        ctl[1] = "1"
+        ctl[2] = "1"
+        ctl[3] = "10000"
+        control1 = str(":".join(ctl))
+
+        # remove the user from the group
+        self.ldb_admin.add_remove_group_members("Administrators", [self.simple_user],
+                                                add_members_operation=False)
+
+        res = self.ldb_simple.search(self.base_dn,
+                                     expression="(name=Administrators)",
+                                     controls=[control1])
+
+        self.assertEqual(len(res[0].get("member")), size)
+
+        self.ldb_admin.newgroup("testgroup")
+        self.addCleanup(self.ldb_admin.deletegroup, "testgroup")
+        self.ldb_admin.add_remove_group_members("testgroup", [self.simple_user],
+                                                add_members_operation=True)
+
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(name=testgroup)",
+                                    controls=["dirsync:1:0:1"])
+
+        self.assertEqual(len(res[0].get("member")), 1)
+        self.assertTrue(res[0].get("member") != "")
+
+        ctl = str(res.controls[0]).split(":")
+        ctl[1] = "1"
+        ctl[2] = "0"
+        ctl[3] = "1"
+        control1 = str(":".join(ctl))
+
+        # Check that reasking the same question but with an updated cookie
+        # didn't return any results.
+        print(control1)
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(name=testgroup)",
+                                    controls=[control1])
+        self.assertEqual(len(res), 0)
+
+        ctl = str(res.controls[0]).split(":")
+        ctl[1] = "1"
+        ctl[2] = "1"
+        ctl[3] = "10000"
+        control1 = str(":".join(ctl))
+
+        self.ldb_admin.add_remove_group_members("testgroup", [self.simple_user],
+                                                add_members_operation=False)
+
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(name=testgroup)",
+                                    attrs=["member"],
+                                    controls=[control1])
+
+        self.assertEqual(len(res[0].get("member")), 0)
+
+    def test_dirsync_deleted_items(self):
+        """Check that dirsync returned deleted objects too"""
+        # Let's create an OU
+        ouname = "OU=testou3,%s" % self.base_dn
+        self.ouname = ouname
+        self.ldb_admin.create_ou(ouname)
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(&(objectClass=organizationalUnit)(!(isDeleted=*)))",
+                                    controls=["dirsync:1:0:1"])
+        guid = None
+        for e in res:
+            if str(e["name"]) == "testou3":
+                guid = str(ndr_unpack(misc.GUID, e.get("objectGUID")[0]))
+
+        ctl = str(res.controls[0]).split(":")
+        ctl[1] = "1"
+        ctl[2] = "0"
+        ctl[3] = "10000"
+        control1 = str(":".join(ctl))
+
+        # So now delete the object and check that
+        # we can see the object but deleted when admin
+        delete_force(self.ldb_admin, ouname)
+
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(objectClass=organizationalUnit)",
+                                    controls=[control1])
+        self.assertEqual(len(res), 1)
+        guid2 = str(ndr_unpack(misc.GUID, res[0].get("objectGUID")[0]))
+        self.assertEqual(guid2, guid)
+        self.assertTrue(res[0].get("isDeleted"))
+        self.assertTrue(res[0].get("name") is not None)
+
+    def test_cookie_from_others(self):
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(&(objectClass=organizationalUnit)(!(isDeleted=*)))",
+                                    controls=["dirsync:1:0:1"])
+        ctl = str(res.controls[0]).split(":")
+        cookie = ndr_unpack(drsblobs.ldapControlDirSyncCookie, base64.b64decode(str(ctl[4])))
+        cookie.blob.guid1 = misc.GUID("128a99bf-abcd-1234-abcd-1fb625e530db")
+        controls = ["dirsync:1:0:0:%s" % base64.b64encode(ndr_pack(cookie)).decode('utf8')]
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(&(objectClass=organizationalUnit)(!(isDeleted=*)))",
+                                    controls=controls)
+
+    def test_dirsync_linkedattributes_range(self):
+        self.ldb_simple = self.get_ldb_connection(self.simple_user, self.simple_pass)
+        res = self.ldb_admin.search(self.base_dn,
+                                    attrs=["member;range=1-1"],
+                                    expression="(name=Administrators)",
+                                    controls=["dirsync:1:0:0"])
+
+        self.assertTrue(len(res) > 0)
+        self.assertTrue(res[0].get("member;range=1-1") is None)
+        self.assertTrue(res[0].get("member") is not None)
+        self.assertTrue(len(res[0].get("member")) > 0)
+
+    def test_dirsync_linkedattributes_range_user(self):
+        self.ldb_simple = self.get_ldb_connection(self.simple_user, self.simple_pass)
+        try:
+            res = self.ldb_simple.search(self.base_dn,
+                                         attrs=["member;range=1-1"],
+                                         expression="(name=Administrators)",
+                                        controls=["dirsync:1:0:0"])
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS)
+        else:
+            self.fail()
+
+    def test_dirsync_linkedattributes(self):
+        flag_incr_linked = 2147483648
+        self.ldb_simple = self.get_ldb_connection(self.simple_user, self.simple_pass)
+        res = self.ldb_admin.search(self.base_dn,
+                                    attrs=["member"],
+                                    expression="(name=Administrators)",
+                                    controls=["dirsync:1:%d:1" % flag_incr_linked])
+
+        self.assertTrue(res[0].get("member;range=1-1") is not None)
+        self.assertTrue(len(res[0].get("member;range=1-1")) > 0)
+        size = len(res[0].get("member;range=1-1"))
+
+        ctl = str(res.controls[0]).split(":")
+        ctl[1] = "1"
+        ctl[2] = "%d" % flag_incr_linked
+        ctl[3] = "10000"
+        control1 = str(":".join(ctl))
+        self.ldb_admin.add_remove_group_members("Administrators", [self.simple_user],
+                                                add_members_operation=True)
+        self.ldb_admin.add_remove_group_members("Administrators", [self.dirsync_user],
+                                                add_members_operation=True)
+
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(name=Administrators)",
+                                    controls=[control1])
+
+        self.assertEqual(len(res[0].get("member;range=1-1")), 2)
+        ctl = str(res.controls[0]).split(":")
+        ctl[1] = "1"
+        ctl[2] = "%d" % flag_incr_linked
+        ctl[3] = "10000"
+        control1 = str(":".join(ctl))
+
+        # remove the user from the group
+        self.ldb_admin.add_remove_group_members("Administrators", [self.simple_user],
+                                                add_members_operation=False)
+
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(name=Administrators)",
+                                    controls=[control1])
+
+        self.assertEqual(res[0].get("member;range=1-1"), None)
+        self.assertEqual(len(res[0].get("member;range=0-0")), 1)
+
+        ctl = str(res.controls[0]).split(":")
+        ctl[1] = "1"
+        ctl[2] = "%d" % flag_incr_linked
+        ctl[3] = "10000"
+        control2 = str(":".join(ctl))
+
+        self.ldb_admin.add_remove_group_members("Administrators", [self.dirsync_user],
+                                                add_members_operation=False)
+
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(name=Administrators)",
+                                    controls=[control2])
+
+        self.assertEqual(res[0].get("member;range=1-1"), None)
+        self.assertEqual(len(res[0].get("member;range=0-0")), 1)
+
+        res = self.ldb_admin.search(self.base_dn,
+                                    expression="(name=Administrators)",
+                                    controls=[control1])
+
+        self.assertEqual(res[0].get("member;range=1-1"), None)
+        self.assertEqual(len(res[0].get("member;range=0-0")), 2)
+
+    def test_dirsync_extended_dn(self):
+        """Check that dirsync works together with the extended_dn control"""
+        # Let's search for members
+        self.ldb_simple = self.get_ldb_connection(self.simple_user, self.simple_pass)
+        res = self.ldb_simple.search(self.base_dn,
+                                     expression="(name=Administrators)",
+                                     controls=["dirsync:1:1:1"])
+
+        self.assertTrue(len(res[0].get("member")) > 0)
+        size = len(res[0].get("member"))
+
+        resEX1 = self.ldb_simple.search(self.base_dn,
+                                        expression="(name=Administrators)",
+                                        controls=["dirsync:1:1:1","extended_dn:1:1"])
+        self.assertTrue(len(resEX1[0].get("member")) > 0)
+        sizeEX1 = len(resEX1[0].get("member"))
+        self.assertEqual(sizeEX1, size)
+        self.assertIn(res[0]["member"][0], resEX1[0]["member"][0])
+        self.assertIn(b"<GUID=", resEX1[0]["member"][0])
+        self.assertIn(b">;<SID=S-1-5-21-", resEX1[0]["member"][0])
+
+        resEX0 = self.ldb_simple.search(self.base_dn,
+                                        expression="(name=Administrators)",
+                                        controls=["dirsync:1:1:1","extended_dn:1:0"])
+        self.assertTrue(len(resEX0[0].get("member")) > 0)
+        sizeEX0 = len(resEX0[0].get("member"))
+        self.assertEqual(sizeEX0, size)
+        self.assertIn(res[0]["member"][0], resEX0[0]["member"][0])
+        self.assertIn(b"<GUID=", resEX0[0]["member"][0])
+        self.assertIn(b">;<SID=010500000000000515", resEX0[0]["member"][0])
+
+    def test_dirsync_deleted_items_OBJECT_SECURITY(self):
+        """Check that dirsync returned deleted objects too"""
+        # Let's create an OU
+        self.ldb_simple = self.get_ldb_connection(self.simple_user, self.simple_pass)
+        ouname = "OU=testou3,%s" % self.base_dn
+        self.ouname = ouname
+        self.ldb_admin.create_ou(ouname)
+
+        # Specify LDAP_DIRSYNC_OBJECT_SECURITY
+        res = self.ldb_simple.search(self.base_dn,
+                                     expression="(&(objectClass=organizationalUnit)(!(isDeleted=*)))",
+                                     controls=["dirsync:1:1:1"])
+
+        guid = None
+        for e in res:
+            if str(e["name"]) == "testou3":
+                guid = str(ndr_unpack(misc.GUID, e.get("objectGUID")[0]))
+
+        self.assertTrue(guid is not None)
+        ctl = str(res.controls[0]).split(":")
+        ctl[1] = "1"
+        ctl[2] = "1"
+        ctl[3] = "10000"
+        control1 = str(":".join(ctl))
+
+        # So now delete the object and check that
+        # we can see the object but deleted when admin
+        # we just see the objectGUID when simple user
+        delete_force(self.ldb_admin, ouname)
+
+        res = self.ldb_simple.search(self.base_dn,
+                                     expression="(objectClass=organizationalUnit)",
+                                     controls=[control1])
+        self.assertEqual(len(res), 1)
+        guid2 = str(ndr_unpack(misc.GUID, res[0].get("objectGUID")[0]))
+        self.assertEqual(guid2, guid)
+        self.assertEqual(str(res[0].dn), "")
+
+class SpecialDirsyncTests(DirsyncBaseTests):
+
+    def setUp(self):
+        super().setUp()
+
+        self.schema_dn = self.ldb_admin.get_schema_basedn()
+
+        # the tests work by setting the 'Confidential' or 'RODC Filtered' bit in the searchFlags
+        # for an existing schema attribute. This only works against Windows if
+        # the systemFlags does not have FLAG_SCHEMA_BASE_OBJECT set for the
+        # schema attribute being modified. There are only a few attributes that
+        # meet this criteria (most of which only apply to 'user' objects)
+        self.conf_attr = "homePostalAddress"
+        attr_cn = "CN=Address-Home"
+        # schemaIdGuid for homePostalAddress (used for ACE tests)
+        self.attr_dn = f"{attr_cn},{self.schema_dn}"
+
+        userou = "OU=conf-attr-test"
+        self.ou = "{0},{1}".format(userou, self.base_dn)
+        samba.tests.delete_force(self.ldb_admin, self.ou, controls=['tree_delete:1'])
+        self.ldb_admin.create_ou(self.ou)
+        self.addCleanup(samba.tests.delete_force, self.ldb_admin, self.ou, controls=['tree_delete:1'])
+
+        # add a test object with this attribute set
+        self.conf_value = "abcdef"
+        self.conf_user = "conf-user"
+        self.ldb_admin.newuser(self.conf_user, self.user_pass, userou=userou)
+        self.conf_dn = self.get_user_dn(self.conf_user)
+        self.add_attr(self.conf_dn, self.conf_attr, self.conf_value)
+
+        # sanity-check the flag is not already set (this'll cause problems if
+        # previous test run didn't clean up properly)
+
+        search_flags = int(self.get_attr_search_flags(self.attr_dn))
+        if search_flags & SEARCH_FLAG_CONFIDENTIAL|SEARCH_FLAG_RODC_ATTRIBUTE:
+            self.set_attr_search_flags(self.attr_dn, str(search_flags &~ (SEARCH_FLAG_CONFIDENTIAL|SEARCH_FLAG_RODC_ATTRIBUTE)))
+        search_flags = int(self.get_attr_search_flags(self.attr_dn))
+        self.assertEqual(0, search_flags & (SEARCH_FLAG_CONFIDENTIAL|SEARCH_FLAG_RODC_ATTRIBUTE),
+                         f"{self.conf_attr} searchFlags did not reset to omit SEARCH_FLAG_CONFIDENTIAL and SEARCH_FLAG_RODC_ATTRIBUTE ({search_flags})")
+
+        # work out the original 'searchFlags' value before we overwrite it
+        old_value = self.get_attr_search_flags(self.attr_dn)
+
+        self.set_attr_search_flags(self.attr_dn, str(self.flag_under_test))
+
+        # reset the value after the test completes
+        self.addCleanup(self.set_attr_search_flags, self.attr_dn, old_value)
+
+    def add_attr(self, dn, attr, value):
+        m = Message()
+        m.dn = dn
+        m[attr] = MessageElement(value, FLAG_MOD_ADD, attr)
+        self.ldb_admin.modify(m)
+
+    def set_attr_search_flags(self, attr_dn, flags):
+        """Modifies the searchFlags for an object in the schema"""
+        m = Message()
+        m.dn = Dn(self.ldb_admin, attr_dn)
+        m['searchFlags'] = MessageElement(flags, FLAG_MOD_REPLACE,
+                                          'searchFlags')
+        self.ldb_admin.modify(m)
+
+        # note we have to update the schema for this change to take effect (on
+        # Windows, at least)
+        self.ldb_admin.set_schema_update_now()
+
+    def get_attr_search_flags(self, attr_dn):
+        res = self.ldb_admin.search(attr_dn, scope=SCOPE_BASE,
+                                    attrs=['searchFlags'])
+        return res[0]['searchFlags'][0]
+
+    def find_under_current_ou(self, res):
+        for msg in res:
+            if msg.dn == self.conf_dn:
+                return msg
+        self.fail(f"Failed to find object {self.conf_dn} in {len(res)} results")
+
+
+class ConfidentialDirsyncTests(SpecialDirsyncTests):
+
+    def setUp(self):
+        self.flag_under_test = SEARCH_FLAG_CONFIDENTIAL
+        super().setUp()
+
+    def test_unicodePwd_normal(self):
+        res = self.ldb_admin.search(self.base_dn,
+                                    attrs=["unicodePwd", "supplementalCredentials", "samAccountName"],
+                                    expression=f"(samAccountName={self.conf_user})")
+
+        msg = res[0]
+
+        self.assertTrue("samAccountName" in msg)
+        # This form ensures this is a case insensitive comparison
+        self.assertTrue(msg.get("samAccountName"))
+        self.assertTrue(msg.get("unicodePwd") is None)
+        self.assertTrue(msg.get("supplementalCredentials") is None)
+
+    def _test_dirsync_unicodePwd(self, ldb_conn, control=None, insist_on_empty_element=False):
+        res = ldb_conn.search(self.base_dn,
+                         attrs=["unicodePwd", "supplementalCredentials", "samAccountName"],
+                         expression=f"(samAccountName={self.conf_user})",
+                         controls=[control])
+
+        msg = self.find_under_current_ou(res)
+
+        self.assertTrue("samAccountName" in msg)
+        # This form ensures this is a case insensitive comparison
+        self.assertTrue(msg.get("samAccountName"))
+        if insist_on_empty_element:
+            self.assertTrue(msg.get("unicodePwd") is not None)
+            self.assertEqual(len(msg.get("unicodePwd")), 0)
+            self.assertTrue(msg.get("supplementalCredentials") is not None)
+            self.assertEqual(len(msg.get("supplementalCredentials")), 0)
+        else:
+            self.assertTrue(msg.get("unicodePwd") is None
+                            or len(msg.get("unicodePwd")) == 0)
+            self.assertTrue(msg.get("supplementalCredentials") is None
+                            or len(msg.get("supplementalCredentials")) == 0)
+
+    def test_dirsync_unicodePwd_OBJ_SEC(self):
+        ldb_conn = self.get_ldb_connection(self.simple_user, self.simple_pass)
+        self._test_dirsync_unicodePwd(ldb_conn, control="dirsync:1:1:0")
+
+    def test_dirsync_unicodePwd_OBJ_SEC_insist_on_empty_element(self):
+        ldb_conn = self.get_ldb_connection(self.simple_user, self.simple_pass)
+        self._test_dirsync_unicodePwd(ldb_conn, control="dirsync:1:1:0", insist_on_empty_element=True)
+
+    def test_dirsync_unicodePwd_with_GET_CHANGES_OBJ_SEC(self):
+        ldb_conn = self.get_ldb_connection(self.dirsync_user, self.dirsync_pass)
+        self._test_dirsync_unicodePwd(ldb_conn, control="dirsync:1:1:0")
+
+    def test_dirsync_unicodePwd_with_GET_CHANGES_OBJ_SEC_insist_on_empty_element(self):
+        ldb_conn = self.get_ldb_connection(self.dirsync_user, self.dirsync_pass)
+        self._test_dirsync_unicodePwd(ldb_conn, control="dirsync:1:1:0", insist_on_empty_element=True)
+
+    def test_dirsync_unicodePwd_with_GET_CHANGES(self):
+        ldb_conn = self.get_ldb_connection(self.dirsync_user, self.dirsync_pass)
+        self._test_dirsync_unicodePwd(ldb_conn, control="dirsync:1:0:0")
+
+    def test_dirsync_unicodePwd_with_GET_CHANGES_insist_on_empty_element(self):
+        ldb_conn = self.get_ldb_connection(self.dirsync_user, self.dirsync_pass)
+        self._test_dirsync_unicodePwd(ldb_conn, control="dirsync:1:0:0", insist_on_empty_element=True)
+
+    def test_normal(self):
+        ldb_conn = self.get_ldb_connection(self.simple_user, self.simple_pass)
+        res = ldb_conn.search(self.base_dn,
+                         attrs=[self.conf_attr, "samAccountName"],
+                         expression=f"(samAccountName={self.conf_user})")
+
+        msg = res[0]
+        self.assertTrue("samAccountName" in msg)
+        # This form ensures this is a case insensitive comparison
+        self.assertTrue(msg.get("samAccountName"))
+        self.assertTrue(msg.get(self.conf_attr) is None)
+
+    def _test_dirsync_OBJECT_SECURITY(self, ldb_conn, insist_on_empty_element=False):
+        res = ldb_conn.search(self.base_dn,
+                              attrs=[self.conf_attr, "samAccountName"],
+                              expression=f"(samAccountName={self.conf_user})",
+                              controls=["dirsync:1:1:0"])
+
+        msg = self.find_under_current_ou(res)
+        self.assertTrue("samAccountName" in msg)
+        # This form ensures this is a case insensitive comparison
+        self.assertTrue(msg.get("samAccountName"))
+        if insist_on_empty_element:
+            self.assertTrue(msg.get(self.conf_attr) is not None)
+            self.assertEqual(len(msg.get(self.conf_attr)), 0)
+        else:
+            self.assertTrue(msg.get(self.conf_attr) is None
+                            or len(msg.get(self.conf_attr)) == 0)
+
+    def test_dirsync_OBJECT_SECURITY(self):
+        ldb_conn = self.get_ldb_connection(self.simple_user, self.simple_pass)
+        self._test_dirsync_OBJECT_SECURITY(ldb_conn)
+
+    def test_dirsync_OBJECT_SECURITY_insist_on_empty_element(self):
+        ldb_conn = self.get_ldb_connection(self.simple_user, self.simple_pass)
+        self._test_dirsync_OBJECT_SECURITY(ldb_conn, insist_on_empty_element=True)
+
+    def test_dirsync_with_GET_CHANGES(self):
+        ldb_conn = self.get_ldb_connection(self.dirsync_user, self.dirsync_pass)
+        res = ldb_conn.search(self.base_dn,
+                         attrs=[self.conf_attr, "samAccountName"],
+                         expression=f"(samAccountName={self.conf_user})",
+                         controls=["dirsync:1:0:0"])
+
+        msg = self.find_under_current_ou(res)
+        # This form ensures this is a case insensitive comparison
+        self.assertTrue(msg.get("samAccountName"))
+        self.assertTrue(msg.get(self.conf_attr))
+        self.assertEqual(len(msg.get(self.conf_attr)), 1)
+
+    def test_dirsync_with_GET_CHANGES_OBJECT_SECURITY(self):
+        ldb_conn = self.get_ldb_connection(self.dirsync_user, self.dirsync_pass)
+        self._test_dirsync_OBJECT_SECURITY(ldb_conn)
+
+    def test_dirsync_with_GET_CHANGES_OBJECT_SECURITY_insist_on_empty_element(self):
+        ldb_conn = self.get_ldb_connection(self.dirsync_user, self.dirsync_pass)
+        self._test_dirsync_OBJECT_SECURITY(ldb_conn, insist_on_empty_element=True)
+
+class FilteredDirsyncTests(SpecialDirsyncTests):
+
+    def setUp(self):
+        self.flag_under_test = SEARCH_FLAG_RODC_ATTRIBUTE
+        super().setUp()
+
+    def test_attr(self):
+        ldb_conn = self.get_ldb_connection(self.simple_user, self.simple_pass)
+        res = ldb_conn.search(self.base_dn,
+                         attrs=[self.conf_attr, "samAccountName"],
+                         expression=f"(samAccountName={self.conf_user})")
+
+        msg = res[0]
+        self.assertTrue("samAccountName" in msg)
+        # This form ensures this is a case insensitive comparison
+        self.assertTrue(msg.get("samAccountName"))
+        self.assertTrue(msg.get(self.conf_attr))
+        self.assertEqual(len(msg.get(self.conf_attr)), 1)
+
+    def _test_dirsync_OBJECT_SECURITY(self, ldb_conn):
+        res = ldb_conn.search(self.base_dn,
+                         attrs=[self.conf_attr, "samAccountName"],
+                         expression=f"(samAccountName={self.conf_user})",
+                         controls=["dirsync:1:1:0"])
+
+        msg = self.find_under_current_ou(res)
+        self.assertTrue("samAccountName" in msg)
+        # This form ensures this is a case insensitive comparison
+        self.assertTrue(msg.get("samAccountName"))
+        self.assertTrue(msg.get(self.conf_attr))
+        self.assertEqual(len(msg.get(self.conf_attr)), 1)
+
+    def test_dirsync_OBJECT_SECURITY(self):
+        ldb_conn = self.get_ldb_connection(self.simple_user, self.simple_pass)
+        self._test_dirsync_OBJECT_SECURITY(ldb_conn)
+
+    def test_dirsync_OBJECT_SECURITY_with_GET_CHANGES(self):
+        ldb_conn = self.get_ldb_connection(self.dirsync_user, self.dirsync_pass)
+        self._test_dirsync_OBJECT_SECURITY(ldb_conn)
+
+    def _test_dirsync_with_GET_CHANGES(self, insist_on_empty_element=False):
+        ldb_conn = self.get_ldb_connection(self.dirsync_user, self.dirsync_pass)
+        res = ldb_conn.search(self.base_dn,
+                         expression=f"(samAccountName={self.conf_user})",
+                         controls=["dirsync:1:0:0"])
+
+        msg = self.find_under_current_ou(res)
+        # This form ensures this is a case insensitive comparison
+        self.assertTrue(msg.get("samAccountName"))
+        if insist_on_empty_element:
+            self.assertTrue(msg.get(self.conf_attr) is not None)
+            self.assertEqual(len(msg.get(self.conf_attr)), 0)
+        else:
+            self.assertTrue(msg.get(self.conf_attr) is None
+                            or len(msg.get(self.conf_attr)) == 0)
+
+    def test_dirsync_with_GET_CHANGES(self):
+        self._test_dirsync_with_GET_CHANGES()
+
+    def test_dirsync_with_GET_CHANGES_insist_on_empty_element(self):
+        self._test_dirsync_with_GET_CHANGES(insist_on_empty_element=True)
+
+    def test_dirsync_with_GET_CHANGES_attr(self):
+        ldb_conn = self.get_ldb_connection(self.dirsync_user, self.dirsync_pass)
+        try:
+            res = ldb_conn.search(self.base_dn,
+                                  attrs=[self.conf_attr, "samAccountName"],
+                                  expression=f"(samAccountName={self.conf_user})",
+                                  controls=["dirsync:1:0:0"])
+            self.fail("ldb.search() should have failed with LDAP_INSUFFICIENT_ACCESS_RIGHTS")
+        except ldb.LdbError as e:
+            (errno, errstr) = e.args
+            self.assertEqual(errno, ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS)
+
+class ConfidentialFilteredDirsyncTests(SpecialDirsyncTests):
+
+    def setUp(self):
+        self.flag_under_test = SEARCH_FLAG_RODC_ATTRIBUTE|SEARCH_FLAG_CONFIDENTIAL
+        super().setUp()
+
+    def test_attr(self):
+        ldb_conn = self.get_ldb_connection(self.simple_user, self.simple_pass)
+        res = ldb_conn.search(self.base_dn,
+                         attrs=["unicodePwd", "supplementalCredentials", "samAccountName"],
+                         expression=f"(samAccountName={self.conf_user})")
+
+        msg = res[0]
+        self.assertTrue(msg.get("samAccountName"))
+        self.assertTrue(msg.get(self.conf_attr) is None)
+
+    def _test_dirsync_OBJECT_SECURITY(self, ldb_conn, insist_on_empty_element=False):
+        res = ldb_conn.search(self.base_dn,
+                              attrs=[self.conf_attr, "samAccountName"],
+                              expression=f"(samAccountName={self.conf_user})",
+                              controls=["dirsync:1:1:0"])
+
+        msg = self.find_under_current_ou(res)
+        self.assertTrue("samAccountName" in msg)
+        # This form ensures this is a case insensitive comparison
+        self.assertTrue(msg.get("samAccountName"))
+        if insist_on_empty_element:
+            self.assertTrue(msg.get(self.conf_attr) is not None)
+            self.assertEqual(len(msg.get(self.conf_attr)), 0)
+        else:
+            self.assertTrue(msg.get(self.conf_attr) is None
+                            or len(msg.get(self.conf_attr)) == 0)
+
+    def test_dirsync_OBJECT_SECURITY(self):
+        ldb_conn = self.get_ldb_connection(self.simple_user, self.simple_pass)
+        self._test_dirsync_OBJECT_SECURITY(ldb_conn)
+
+    def test_dirsync_OBJECT_SECURITY_insist_on_empty_element(self):
+        ldb_conn = self.get_ldb_connection(self.simple_user, self.simple_pass)
+        self._test_dirsync_OBJECT_SECURITY(ldb_conn, insist_on_empty_element=True)
+
+    def test_dirsync_OBJECT_SECURITY_with_GET_CHANGES(self):
+        ldb_conn = self.get_ldb_connection(self.dirsync_user, self.dirsync_pass)
+        self._test_dirsync_OBJECT_SECURITY(ldb_conn)
+
+    def test_dirsync_OBJECT_SECURITY_with_GET_CHANGES_insist_on_empty_element(self):
+        ldb_conn = self.get_ldb_connection(self.dirsync_user, self.dirsync_pass)
+        self._test_dirsync_OBJECT_SECURITY(ldb_conn, insist_on_empty_element=True)
+
+    def _test_dirsync_with_GET_CHANGES(self, insist_on_empty_element=False):
+        ldb_conn = self.get_ldb_connection(self.dirsync_user, self.dirsync_pass)
+        res = ldb_conn.search(self.base_dn,
+                         expression=f"(samAccountName={self.conf_user})",
+                         controls=["dirsync:1:0:0"])
+
+        msg = self.find_under_current_ou(res)
+        # This form ensures this is a case insensitive comparison
+        self.assertTrue(msg.get("samAccountName"))
+        if insist_on_empty_element:
+            self.assertTrue(msg.get(self.conf_attr) is not None)
+            self.assertEqual(len(msg.get(self.conf_attr)), 0)
+        else:
+            self.assertTrue(msg.get(self.conf_attr) is None
+                            or len(msg.get(self.conf_attr)) == 0)
+
+    def test_dirsync_with_GET_CHANGES(self):
+        self._test_dirsync_with_GET_CHANGES()
+
+    def test_dirsync_with_GET_CHANGES_insist_on_empty_element(self):
+        self._test_dirsync_with_GET_CHANGES(insist_on_empty_element=True)
+
+    def test_dirsync_with_GET_CHANGES_attr(self):
+        ldb_conn = self.get_ldb_connection(self.dirsync_user, self.dirsync_pass)
+        try:
+            res = ldb_conn.search(self.base_dn,
+                                  attrs=[self.conf_attr, "samAccountName"],
+                                  expression=f"(samAccountName={self.conf_user})",
+                                  controls=["dirsync:1:0:0"])
+            self.fail("ldb.search() should have failed with LDAP_INSUFFICIENT_ACCESS_RIGHTS")
+        except ldb.LdbError as e:
+            (errno, errstr) = e.args
+            self.assertEqual(errno, ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS)
+
+
+if not getattr(opts, "listtests", False):
+    lp = sambaopts.get_loadparm()
+    samba.tests.cmdline_credentials = credopts.get_credentials(lp)
+
+
+TestProgram(module=__name__, opts=subunitopts)
diff --git a/source4/dsdb/tests/python/dsdb_schema_info.py b/source4/dsdb/tests/python/dsdb_schema_info.py
new file mode 100644
index 0000000..e3178d1
--- /dev/null
+++ b/source4/dsdb/tests/python/dsdb_schema_info.py
@@ -0,0 +1,203 @@
+# -*- coding: utf-8 -*-
+#
+# Unix SMB/CIFS implementation.
+# Copyright (C) Kamen Mazdrashki <kamenim@samba.org> 2010
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+#
+# Usage:
+#  export DC_SERVER=target_dc_or_local_samdb_url
+#  export SUBUNITRUN=$samba4srcdir/scripting/bin/subunitrun
+#  PYTHONPATH="$PYTHONPATH:$samba4srcdir/lib/ldb/tests/python" $SUBUNITRUN dsdb_schema_info -U"$DOMAIN/$DC_USERNAME"%"$DC_PASSWORD"
+#
+
+import sys
+import time
+import random
+
+sys.path.insert(0, "bin/python")
+import samba.tests
+
+from ldb import SCOPE_BASE, LdbError
+
+import samba.dcerpc.drsuapi
+from samba.dcerpc.drsblobs import schemaInfoBlob
+from samba.ndr import ndr_unpack
+from samba.dcerpc.misc import GUID
+
+
+class SchemaInfoTestCase(samba.tests.TestCase):
+
+    # static SamDB connection
+    sam_db = None
+
+    def setUp(self):
+        super(SchemaInfoTestCase, self).setUp()
+
+        # connect SamDB if we haven't yet
+        if self.sam_db is None:
+            ldb_url = "ldap://%s" % samba.tests.env_get_var_value("DC_SERVER")
+            SchemaInfoTestCase.sam_db = samba.tests.connect_samdb(ldb_url)
+
+        # fetch rootDSE
+        res = self.sam_db.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
+        self.assertEqual(len(res), 1)
+        self.schema_dn = res[0]["schemaNamingContext"][0]
+        self.base_dn = res[0]["defaultNamingContext"][0]
+        self.forest_level = int(res[0]["forestFunctionality"][0])
+
+        # get DC invocation_id
+        self.invocation_id = GUID(self.sam_db.get_invocation_id())
+
+    def tearDown(self):
+        super(SchemaInfoTestCase, self).tearDown()
+
+    def _getSchemaInfo(self):
+        try:
+            schema_info_data = self.sam_db.searchone(attribute="schemaInfo",
+                                                     basedn=self.schema_dn,
+                                                     expression="(objectClass=*)",
+                                                     scope=SCOPE_BASE)
+            self.assertEqual(len(schema_info_data), 21)
+            schema_info = ndr_unpack(schemaInfoBlob, schema_info_data)
+            self.assertEqual(schema_info.marker, 0xFF)
+        except KeyError:
+            # create default schemaInfo if
+            # attribute value is not created yet
+            schema_info = schemaInfoBlob()
+            schema_info.revision = 0
+            schema_info.invocation_id = self.invocation_id
+        return schema_info
+
+    def _checkSchemaInfo(self, schi_before, schi_after):
+        self.assertEqual(schi_before.revision + 1, schi_after.revision)
+        self.assertEqual(schi_before.invocation_id, schi_after.invocation_id)
+        self.assertEqual(schi_after.invocation_id, self.invocation_id)
+
+    def _ldap_schemaUpdateNow(self):
+        ldif = """
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+"""
+        self.sam_db.modify_ldif(ldif)
+
+    def _make_obj_names(self, prefix):
+        obj_name = prefix + time.strftime("%s", time.gmtime())
+        obj_ldap_name = obj_name.replace("-", "")
+        obj_dn = "CN=%s,%s" % (obj_name, self.schema_dn)
+        return (obj_name, obj_ldap_name, obj_dn)
+
+    def _make_attr_ldif(self, attr_name, attr_dn, sub_oid):
+        ldif = """
+dn: """ + attr_dn + """
+objectClass: top
+objectClass: attributeSchema
+adminDescription: """ + attr_name + """
+adminDisplayName: """ + attr_name + """
+cn: """ + attr_name + """
+attributeId: 1.3.6.1.4.1.7165.4.6.1.7.%d.""" % sub_oid + str(random.randint(1, 100000)) + """
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+instanceType: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+"""
+        return ldif
+
+    def test_AddModifyAttribute(self):
+        # get initial schemaInfo
+        schi_before = self._getSchemaInfo()
+
+        # create names for an attribute to add
+        (attr_name, attr_ldap_name, attr_dn) = self._make_obj_names("schemaInfo-Attr-")
+        ldif = self._make_attr_ldif(attr_name, attr_dn, 1)
+
+        # add the new attribute
+        self.sam_db.add_ldif(ldif)
+        self._ldap_schemaUpdateNow()
+        # compare resulting schemaInfo
+        schi_after = self._getSchemaInfo()
+        self._checkSchemaInfo(schi_before, schi_after)
+
+        # rename the Attribute
+        attr_dn_new = attr_dn.replace(attr_name, attr_name + "-NEW")
+        try:
+            self.sam_db.rename(attr_dn, attr_dn_new)
+        except LdbError as e:
+            (num, _) = e.args
+            self.fail("failed to change CN for %s: %s" % (attr_name, _))
+
+        # compare resulting schemaInfo
+        schi_after = self._getSchemaInfo()
+        self._checkSchemaInfo(schi_before, schi_after)
+        pass
+
+    def _make_class_ldif(self, class_name, class_dn, sub_oid):
+        ldif = """
+dn: """ + class_dn + """
+objectClass: top
+objectClass: classSchema
+adminDescription: """ + class_name + """
+adminDisplayName: """ + class_name + """
+cn: """ + class_name + """
+governsId: 1.3.6.1.4.1.7165.4.6.2.7.%d.""" % sub_oid + str(random.randint(1, 100000)) + """
+instanceType: 4
+objectClassCategory: 1
+subClassOf: organizationalPerson
+rDNAttID: cn
+systemMustContain: cn
+systemOnly: FALSE
+"""
+        return ldif
+
+    def test_AddModifyClass(self, controls=None, class_pre="schemaInfo-Class-"):
+        if controls is None:
+            controls = []
+
+        # get initial schemaInfo
+        schi_before = self._getSchemaInfo()
+
+        # create names for a Class to add
+        (class_name, class_ldap_name, class_dn) =\
+                self._make_obj_names(class_pre)
+        ldif = self._make_class_ldif(class_name, class_dn, 1)
+
+        # add the new Class
+        self.sam_db.add_ldif(ldif, controls=controls)
+        self._ldap_schemaUpdateNow()
+        # compare resulting schemaInfo
+        schi_after = self._getSchemaInfo()
+        self._checkSchemaInfo(schi_before, schi_after)
+
+        # rename the Class
+        class_dn_new = class_dn.replace(class_name, class_name + "-NEW")
+        try:
+            self.sam_db.rename(class_dn, class_dn_new, controls=controls)
+        except LdbError as e1:
+            (num, _) = e1.args
+            self.fail("failed to change CN for %s: %s" % (class_name, _))
+
+        # compare resulting schemaInfo
+        schi_after = self._getSchemaInfo()
+        self._checkSchemaInfo(schi_before, schi_after)
+
+    def test_AddModifyClassLocalRelaxed(self):
+        lp = self.get_loadparm()
+        self.sam_db = samba.tests.connect_samdb(lp.samdb_url())
+        self.test_AddModifyClass(controls=["relax:0"],
+                                 class_pre="schemaInfo-Relaxed-")
diff --git a/source4/dsdb/tests/python/large_ldap.py b/source4/dsdb/tests/python/large_ldap.py
new file mode 100644
index 0000000..ab4cebe
--- /dev/null
+++ b/source4/dsdb/tests/python/large_ldap.py
@@ -0,0 +1,338 @@
+#!/usr/bin/env python3
+#
+# Test large LDAP response behaviour in Samba
+# Copyright (C) Andrew Bartlett 2019
+#
+# Based on Unit tests for the notification control
+# Copyright (C) Stefan Metzmacher 2016
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import optparse
+import sys
+import os
+import random
+import time
+
+sys.path.insert(0, "bin/python")
+import samba
+from samba.tests.subunitrun import SubunitOptions, TestProgram
+
+import samba.getopt as options
+
+from samba.auth import system_session
+from samba import ldb, sd_utils
+from samba.samdb import SamDB
+import samba.tests
+
+from ldb import LdbError
+
+parser = optparse.OptionParser("large_ldap.py [options] <host>")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+subunitopts = SubunitOptions(parser)
+parser.add_option_group(subunitopts)
+opts, args = parser.parse_args()
+
+if len(args) < 1:
+    parser.print_usage()
+    sys.exit(1)
+
+url = args[0]
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+
+
+class ManyLDAPTest(samba.tests.TestCase):
+
+    @classmethod
+    def setUpClass(cls):
+        super().setUpClass()
+        cls.ldb = SamDB(url, credentials=creds, session_info=system_session(lp), lp=lp)
+        cls.base_dn = cls.ldb.domain_dn()
+        cls.OU_NAME_MANY="many_ou" + format(random.randint(0, 99999), "05")
+        cls.ou_dn = ldb.Dn(cls.ldb, "ou=" + cls.OU_NAME_MANY + "," + str(cls.base_dn))
+
+        samba.tests.delete_force(cls.ldb, cls.ou_dn,
+                                 controls=['tree_delete:1'])
+
+        cls.ldb.add({
+            "dn": cls.ou_dn,
+            "objectclass": "organizationalUnit",
+            "ou": cls.OU_NAME_MANY})
+
+        for x in range(2000):
+            ou_name = cls.OU_NAME_MANY + str(x)
+            cls.ldb.add({
+                "dn": "ou=" + ou_name + "," + str(cls.ou_dn),
+                "objectclass": "organizationalUnit",
+                "ou": ou_name})
+
+    @classmethod
+    def tearDownClass(cls):
+        samba.tests.delete_force(cls.ldb, cls.ou_dn,
+                                 controls=['tree_delete:1'])
+
+    def test_unindexed_iterator_search(self):
+        """Testing a search for all the OUs.
+
+        Needed to test that more that IOV_MAX responses can be returned
+        """
+        if not url.startswith("ldap"):
+            self.fail(msg="This test is only valid on ldap")
+
+        count = 0
+        search1 = self.ldb.search_iterator(base=self.ou_dn,
+                                           expression="(ou=" + self.OU_NAME_MANY + "*)",
+                                           scope=ldb.SCOPE_SUBTREE,
+                                           attrs=["objectGUID", "samAccountName"])
+
+        for reply in search1:
+            self.assertIsInstance(reply, ldb.Message)
+            count += 1
+        search1.result()
+
+        # Check we got everything
+        self.assertEqual(count, 2001)
+
+class LargeLDAPTest(samba.tests.TestCase):
+
+    @classmethod
+    def setUpClass(cls):
+        super().setUpClass()
+        cls.ldb = SamDB(url, credentials=creds, session_info=system_session(lp), lp=lp)
+        cls.base_dn = cls.ldb.domain_dn()
+
+        cls.sd_utils = sd_utils.SDUtils(cls.ldb)
+        cls.USER_NAME = "large_user" + format(random.randint(0, 99999), "05") + "-"
+        cls.OU_NAME="large_user_ou" + format(random.randint(0, 99999), "05")
+        cls.ou_dn = ldb.Dn(cls.ldb, "ou=" + cls.OU_NAME + "," + str(cls.base_dn))
+
+        samba.tests.delete_force(cls.ldb, cls.ou_dn,
+                                 controls=['tree_delete:1'])
+
+        cls.ldb.add({
+            "dn": cls.ou_dn,
+            "objectclass": "organizationalUnit",
+            "ou": cls.OU_NAME})
+
+        for x in range(200):
+            user_name = cls.USER_NAME + format(x, "03")
+            cls.ldb.add({
+                "dn": "cn=" + user_name + "," + str(cls.ou_dn),
+                "objectclass": "user",
+                "sAMAccountName": user_name,
+                "jpegPhoto": b'a' * (2 * 1024 * 1024)})
+
+            ace = "(OD;;RP;6bc69afa-7bd9-4184-88f5-28762137eb6a;;S-1-%d)" % x
+            dn = ldb.Dn(cls.ldb, "cn=" + user_name + "," + str(cls.ou_dn))
+
+            # add an ACE that denies access to the above random attr
+            # for a not-existing user.  This makes each SD distinct
+            # and so will slow SD parsing.
+            cls.sd_utils.dacl_add_ace(dn, ace)
+
+    @classmethod
+    def tearDownClass(cls):
+        # Remake the connection for tear-down (old Samba drops the socket)
+        cls.ldb = SamDB(url, credentials=creds, session_info=system_session(lp), lp=lp)
+        samba.tests.delete_force(cls.ldb, cls.ou_dn,
+                                 controls=['tree_delete:1'])
+
+    def test_unindexed_iterator_search(self):
+        """Testing an unindexed search that will break the result size limit"""
+        if not url.startswith("ldap"):
+            self.fail(msg="This test is only valid on ldap")
+
+        count = 0
+        search1 = self.ldb.search_iterator(base=self.ou_dn,
+                                           expression="(sAMAccountName=" + self.USER_NAME + "*)",
+                                           scope=ldb.SCOPE_SUBTREE,
+                                           attrs=["objectGUID", "samAccountName"])
+
+        for reply in search1:
+            self.assertIsInstance(reply, ldb.Message)
+            count += 1
+
+        search1.result()
+
+        self.assertEqual(count, 200)
+
+        # Now try breaking the 256MB limit
+
+        count_jpeg = 0
+        search1 = self.ldb.search_iterator(base=self.ou_dn,
+                                           expression="(sAMAccountName=" + self.USER_NAME + "*)",
+                                           scope=ldb.SCOPE_SUBTREE,
+                                           attrs=["objectGUID", "samAccountName", "jpegPhoto"])
+        try:
+            for reply in search1:
+                self.assertIsInstance(reply, ldb.Message)
+                count_jpeg += 1
+        except LdbError as err:
+            enum = err.args[0]
+            self.assertEqual(enum, ldb.ERR_SIZE_LIMIT_EXCEEDED)
+        else:
+            # FIXME: Due to a bug in the client, the second exception to
+            # transmit the iteration error isn't raised. We must still check
+            # that the number of results is fewer than the total count.
+
+            # self.fail('expected to fail with ERR_SIZE_LIMIT_EXCEEDED')
+
+            pass
+
+        # Assert we don't get all the entries but still the error
+        self.assertGreater(count, count_jpeg)
+
+        # Now try for just 100MB (server will do some chunking for this)
+
+        count_jpeg2 = 0
+        try:
+            search1 = self.ldb.search_iterator(base=self.ou_dn,
+                                               expression="(sAMAccountName=" + self.USER_NAME + "1*)",
+                                               scope=ldb.SCOPE_SUBTREE,
+                                               attrs=["objectGUID", "samAccountName", "jpegPhoto"])
+        except LdbError as e:
+            enum = e.args[0]
+            estr = e.args[1]
+            self.fail(estr)
+
+        for reply in search1:
+            self.assertIsInstance(reply, ldb.Message)
+            count_jpeg2 += 1
+
+        # Assert we got some entries
+        self.assertEqual(count_jpeg2, 100)
+
+    def test_iterator_search(self):
+        """Testing an indexed search that will break the result size limit"""
+        if not url.startswith("ldap"):
+            self.fail(msg="This test is only valid on ldap")
+
+        count = 0
+        search1 = self.ldb.search_iterator(base=self.ou_dn,
+                                           expression="(&(objectClass=user)(sAMAccountName=" + self.USER_NAME + "*))",
+                                           scope=ldb.SCOPE_SUBTREE,
+                                           attrs=["objectGUID", "samAccountName"])
+
+        for reply in search1:
+            self.assertIsInstance(reply, ldb.Message)
+            count += 1
+        search1.result()
+
+        self.assertEqual(count, 200)
+
+        # Now try breaking the 256MB limit
+
+        count_jpeg = 0
+        search1 = self.ldb.search_iterator(base=self.ou_dn,
+                                           expression="(&(objectClass=user)(sAMAccountName=" + self.USER_NAME + "*))",
+                                           scope=ldb.SCOPE_SUBTREE,
+                                           attrs=["objectGUID", "samAccountName", "jpegPhoto"])
+        try:
+            for reply in search1:
+                self.assertIsInstance(reply, ldb.Message)
+                count_jpeg += 1
+        except LdbError as err:
+            enum = err.args[0]
+            self.assertEqual(enum, ldb.ERR_SIZE_LIMIT_EXCEEDED)
+        else:
+            # FIXME: Due to a bug in the client, the second exception to
+            # transmit the iteration error isn't raised. We must still check
+            # that the number of results is fewer than the total count.
+
+            # self.fail('expected to fail with ERR_SIZE_LIMIT_EXCEEDED')
+
+            pass
+
+        # Assert we don't get all the entries but still the error
+        self.assertGreater(count, count_jpeg)
+
+    def test_timeout(self):
+
+        policy_dn = ldb.Dn(self.ldb,
+                           'CN=Default Query Policy,CN=Query-Policies,'
+                           'CN=Directory Service,CN=Windows NT,CN=Services,'
+                           f'{self.ldb.get_config_basedn().get_linearized()}')
+
+        # Get the current value of lDAPAdminLimits.
+        res = self.ldb.search(base=policy_dn,
+                              scope=ldb.SCOPE_BASE,
+                              attrs=['lDAPAdminLimits'])
+        msg = res[0]
+        admin_limits = msg['lDAPAdminLimits']
+
+        # Ensure we restore the previous value of the attribute.
+        admin_limits.set_flags(ldb.FLAG_MOD_REPLACE)
+        self.addCleanup(self.ldb.modify, msg)
+
+        # Temporarily lower the value of MaxQueryDuration so we can test
+        # timeout behaviour.
+        timeout = 5
+        query_duration = f'MaxQueryDuration={timeout}'.encode()
+
+        admin_limits = [limit for limit in admin_limits
+                        if not limit.lower().startswith(b'maxqueryduration=')]
+        admin_limits.append(query_duration)
+
+        # Set the new attribute value.
+        msg = ldb.Message(policy_dn)
+        msg['lDAPAdminLimits'] = ldb.MessageElement(admin_limits,
+                                                    ldb.FLAG_MOD_REPLACE,
+                                                    'lDAPAdminLimits')
+        self.ldb.modify(msg)
+
+        # Use a new connection so that the limits are reloaded.
+        samdb = SamDB(url, credentials=creds,
+                      session_info=system_session(lp),
+                      lp=lp)
+
+        # Create a large search expression that will take a long time to
+        # evaluate.
+        expression = '(jpegPhoto=*X*)' * 2000
+        expression = f'(|{expression})'
+
+        # Perform the LDAP search.
+        prev = time.time()
+        with self.assertRaises(ldb.LdbError) as err:
+            samdb.search(base=self.ou_dn,
+                         scope=ldb.SCOPE_SUBTREE,
+                         expression=expression,
+                         attrs=['objectGUID'])
+        now = time.time()
+        duration = now - prev
+
+        # Ensure that we timed out.
+        enum, _ = err.exception.args
+        self.assertEqual(ldb.ERR_TIME_LIMIT_EXCEEDED, enum)
+
+        # Ensure that the time spent searching is within the limit we
+        # set.  We allow a marginal amount over as the Samba timeout
+        # handling is not very accurate (and does not need to be)
+        self.assertLess(timeout - 1, duration)
+        self.assertLess(duration, timeout * 4)
+
+
+if "://" not in url:
+    if os.path.isfile(url):
+        url = "tdb://%s" % url
+    else:
+        url = "ldap://%s" % url
+
+TestProgram(module=__name__, opts=subunitopts)
diff --git a/source4/dsdb/tests/python/ldap.py b/source4/dsdb/tests/python/ldap.py
new file mode 100755
index 0000000..54219ee
--- /dev/null
+++ b/source4/dsdb/tests/python/ldap.py
@@ -0,0 +1,3332 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+# This is a port of the original in testprogs/ejs/ldap.js
+
+# Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2008-2011
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import optparse
+import sys
+import time
+import base64
+import os
+
+sys.path.insert(0, "bin/python")
+import samba
+from samba.tests.subunitrun import SubunitOptions, TestProgram
+import samba.getopt as options
+
+from samba.auth import system_session
+from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError
+from ldb import ERR_NO_SUCH_OBJECT, ERR_ATTRIBUTE_OR_VALUE_EXISTS
+from ldb import ERR_ENTRY_ALREADY_EXISTS, ERR_UNWILLING_TO_PERFORM
+from ldb import ERR_NOT_ALLOWED_ON_NON_LEAF, ERR_OTHER, ERR_INVALID_DN_SYNTAX
+from ldb import ERR_NO_SUCH_ATTRIBUTE, ERR_INVALID_ATTRIBUTE_SYNTAX
+from ldb import ERR_OBJECT_CLASS_VIOLATION, ERR_NOT_ALLOWED_ON_RDN
+from ldb import ERR_NAMING_VIOLATION, ERR_CONSTRAINT_VIOLATION
+from ldb import Message, MessageElement, Dn
+from ldb import FLAG_MOD_ADD, FLAG_MOD_REPLACE, FLAG_MOD_DELETE
+from ldb import timestring
+from samba import Ldb
+from samba.samdb import SamDB
+from samba.dsdb import (UF_NORMAL_ACCOUNT,
+                        UF_WORKSTATION_TRUST_ACCOUNT,
+                        UF_PASSWD_NOTREQD, UF_ACCOUNTDISABLE, ATYPE_NORMAL_ACCOUNT,
+                        ATYPE_WORKSTATION_TRUST, SYSTEM_FLAG_DOMAIN_DISALLOW_MOVE,
+                        SYSTEM_FLAG_CONFIG_ALLOW_RENAME, SYSTEM_FLAG_CONFIG_ALLOW_MOVE,
+                        SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE)
+from samba.dcerpc.security import DOMAIN_RID_DOMAIN_MEMBERS
+
+from samba.ndr import ndr_pack, ndr_unpack
+from samba.dcerpc import security, lsa
+from samba.tests import delete_force
+from samba.common import get_string
+
+parser = optparse.OptionParser("ldap.py [options] <host>")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+subunitopts = SubunitOptions(parser)
+parser.add_option_group(subunitopts)
+opts, args = parser.parse_args()
+
+if len(args) < 1:
+    parser.print_usage()
+    sys.exit(1)
+
+host = args[0]
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+
+
+class BasicTests(samba.tests.TestCase):
+
+    def setUp(self):
+        super(BasicTests, self).setUp()
+        self.ldb = ldb
+        self.gc_ldb = gc_ldb
+        self.base_dn = ldb.domain_dn()
+        self.configuration_dn = ldb.get_config_basedn().get_linearized()
+        self.schema_dn = ldb.get_schema_basedn().get_linearized()
+        self.domain_sid = security.dom_sid(ldb.get_domain_sid())
+
+        delete_force(self.ldb, "cn=posixuser,cn=users," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer2," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptest2computer,cn=computers," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestutf8user èùéìòà,cn=users," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestutf8user2  èùéìòà,cn=users," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestcontainer2," + self.base_dn)
+        delete_force(self.ldb, "cn=parentguidtest,cn=users," + self.base_dn)
+        delete_force(self.ldb, "cn=parentguidtest,cn=testotherusers," + self.base_dn)
+        delete_force(self.ldb, "cn=testotherusers," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
+        delete_force(self.ldb, "description=xyz,cn=users," + self.base_dn)
+        delete_force(self.ldb, "ou=testou,cn=users," + self.base_dn)
+        delete_force(self.ldb, "cn=Test Secret,cn=system," + self.base_dn)
+        delete_force(self.ldb, "cn=testtimevaluesuser1,cn=users," + self.base_dn)
+
+    def test_objectclasses(self):
+        """Test objectClass behaviour"""
+        # Invalid objectclass specified
+        try:
+            self.ldb.add({
+                "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+                "objectClass": []})
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        # Invalid objectclass specified
+        try:
+            self.ldb.add({
+                "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+                "objectClass": "X"})
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_NO_SUCH_ATTRIBUTE)
+
+        # Invalid objectCategory specified
+        try:
+            self.ldb.add({
+                "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+                "objectClass": "person",
+                "objectCategory": self.base_dn})
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_OBJECT_CLASS_VIOLATION)
+
+        # Multi-valued "systemFlags"
+        try:
+            self.ldb.add({
+                "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+                "objectClass": "person",
+                "systemFlags": ["0", str(SYSTEM_FLAG_DOMAIN_DISALLOW_MOVE)]})
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        # We cannot instantiate from an abstract object class ("connectionPoint"
+        # or "leaf"). In the first case we use "connectionPoint" (subclass of
+        # "leaf") to prevent a naming violation - this returns us a
+        # "ERR_UNWILLING_TO_PERFORM" since it is not structural. In the second
+        # case however we get "ERR_OBJECT_CLASS_VIOLATION" since an abstract
+        # class is also not allowed to be auxiliary.
+        try:
+            self.ldb.add({
+                "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+                "objectClass": "connectionPoint"})
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+        try:
+            self.ldb.add({
+                "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+                "objectClass": ["person", "leaf"]})
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_OBJECT_CLASS_VIOLATION)
+
+        # Objects instantiated using "satisfied" abstract classes (concrete
+        # subclasses) are allowed
+        self.ldb.add({
+            "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+            "objectClass": ["top", "leaf", "connectionPoint", "serviceConnectionPoint"]})
+
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+        # Two disjoint top-most structural object classes aren't allowed
+        try:
+            self.ldb.add({
+                "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+                "objectClass": ["person", "container"]})
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_OBJECT_CLASS_VIOLATION)
+
+        # Test allowed system flags
+        self.ldb.add({
+            "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+            "objectClass": "person",
+            "systemFlags": str(~(SYSTEM_FLAG_CONFIG_ALLOW_RENAME | SYSTEM_FLAG_CONFIG_ALLOW_MOVE | SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE))})
+
+        res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["systemFlags"])
+        self.assertTrue(len(res) == 1)
+        self.assertEqual(str(res[0]["systemFlags"][0]), "0")
+
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+        self.ldb.add({
+            "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+            "objectClass": "person"})
+
+        # We can remove derivation classes of the structural objectclass
+        # but they're going to be re-added afterwards
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["objectClass"] = MessageElement("top", FLAG_MOD_DELETE,
+                                          "objectClass")
+        ldb.modify(m)
+
+        res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["objectClass"])
+        self.assertTrue(len(res) == 1)
+        self.assertTrue(b"top" in res[0]["objectClass"])
+
+        # The top-most structural class cannot be deleted since there are
+        # attributes of it in use
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["objectClass"] = MessageElement("person", FLAG_MOD_DELETE,
+                                          "objectClass")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_OBJECT_CLASS_VIOLATION)
+
+        # We cannot delete classes which weren't specified
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["objectClass"] = MessageElement("computer", FLAG_MOD_DELETE,
+                                          "objectClass")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_NO_SUCH_ATTRIBUTE)
+
+        # An invalid class cannot be added
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["objectClass"] = MessageElement("X", FLAG_MOD_ADD,
+                                          "objectClass")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_NO_SUCH_ATTRIBUTE)
+
+        # We cannot add a new top-most structural class "user" here since
+        # we are missing at least one new mandatory attribute (in this case
+        # "sAMAccountName")
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["objectClass"] = MessageElement("user", FLAG_MOD_ADD,
+                                          "objectClass")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_OBJECT_CLASS_VIOLATION)
+
+        # An already specified objectclass cannot be added another time
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["objectClass"] = MessageElement("person", FLAG_MOD_ADD,
+                                          "objectClass")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
+
+        # Auxiliary classes can always be added
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["objectClass"] = MessageElement("bootableDevice", FLAG_MOD_ADD,
+                                          "objectClass")
+        ldb.modify(m)
+
+        # This does not work since object class "leaf" is not auxiliary nor it
+        # stands in direct relation to "person" (and it is abstract too!)
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["objectClass"] = MessageElement("leaf", FLAG_MOD_ADD,
+                                          "objectClass")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_OBJECT_CLASS_VIOLATION)
+
+        # Objectclass replace operations can be performed as well
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["objectClass"] = MessageElement(["top", "person", "bootableDevice"],
+                                          FLAG_MOD_REPLACE, "objectClass")
+        ldb.modify(m)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["objectClass"] = MessageElement(["person", "bootableDevice"],
+                                          FLAG_MOD_REPLACE, "objectClass")
+        ldb.modify(m)
+
+        # This does not work since object class "leaf" is not auxiliary nor it
+        # stands in direct relation to "person" (and it is abstract too!)
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["objectClass"] = MessageElement(["top", "person", "bootableDevice",
+                                           "leaf"], FLAG_MOD_REPLACE, "objectClass")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_OBJECT_CLASS_VIOLATION)
+
+        # More than one change operation is allowed
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m.add(MessageElement("bootableDevice", FLAG_MOD_DELETE, "objectClass"))
+        m.add(MessageElement("bootableDevice", FLAG_MOD_ADD, "objectClass"))
+        ldb.modify(m)
+
+        # We cannot remove all object classes by an empty replace
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["objectClass"] = MessageElement([], FLAG_MOD_REPLACE, "objectClass")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_OBJECT_CLASS_VIOLATION)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["objectClass"] = MessageElement(["top", "computer"], FLAG_MOD_REPLACE,
+                                          "objectClass")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_OBJECT_CLASS_VIOLATION)
+
+        # Classes can be removed unless attributes of them are used.
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["objectClass"] = MessageElement("bootableDevice", FLAG_MOD_DELETE,
+                                          "objectClass")
+        ldb.modify(m)
+
+        res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["objectClass"])
+        self.assertTrue(len(res) == 1)
+        self.assertFalse("bootableDevice" in res[0]["objectClass"])
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["objectClass"] = MessageElement("bootableDevice", FLAG_MOD_ADD,
+                                          "objectClass")
+        ldb.modify(m)
+
+        # Add an attribute specific to the "bootableDevice" class
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["bootParameter"] = MessageElement("test", FLAG_MOD_ADD,
+                                            "bootParameter")
+        ldb.modify(m)
+
+        # Classes can be removed unless attributes of them are used. Now there
+        # exist such attributes on the entry.
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["objectClass"] = MessageElement("bootableDevice", FLAG_MOD_DELETE,
+                                          "objectClass")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_OBJECT_CLASS_VIOLATION)
+
+        # Remove the previously specified attribute
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["bootParameter"] = MessageElement("test", FLAG_MOD_DELETE,
+                                            "bootParameter")
+        ldb.modify(m)
+
+        # Classes can be removed unless attributes of them are used.
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["objectClass"] = MessageElement("bootableDevice", FLAG_MOD_DELETE,
+                                          "objectClass")
+        ldb.modify(m)
+
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+        self.ldb.add({
+            "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+            "objectClass": "user"})
+
+        # Add a new top-most structural class "container". This does not work
+        # since it stands in no direct relation to the current one.
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["objectClass"] = MessageElement("container", FLAG_MOD_ADD,
+                                          "objectClass")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_OBJECT_CLASS_VIOLATION)
+
+        # Try to add a new top-most structural class "inetOrgPerson"
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["objectClass"] = MessageElement("inetOrgPerson", FLAG_MOD_ADD,
+                                          "objectClass")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_OBJECT_CLASS_VIOLATION)
+
+        # Try to remove the structural class "user"
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["objectClass"] = MessageElement("user", FLAG_MOD_DELETE,
+                                          "objectClass")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_OBJECT_CLASS_VIOLATION)
+
+        # Try to replace top-most structural class to "inetOrgPerson"
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["objectClass"] = MessageElement("inetOrgPerson", FLAG_MOD_REPLACE,
+                                          "objectClass")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_OBJECT_CLASS_VIOLATION)
+
+        # Add a new auxiliary object class "posixAccount" to "ldaptestuser"
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["objectClass"] = MessageElement("posixAccount", FLAG_MOD_ADD,
+                                          "objectClass")
+        ldb.modify(m)
+
+        # Be sure that "top" is the first and the (most) structural object class
+        # the last value of the "objectClass" attribute - MS-ADTS 3.1.1.1.4
+        res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["objectClass"])
+        self.assertTrue(len(res) == 1)
+        self.assertEqual(str(res[0]["objectClass"][0]), "top")
+        self.assertEqual(str(res[0]["objectClass"][len(res[0]["objectClass"]) - 1]), "user")
+
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+    def test_system_only(self):
+        """Test systemOnly objects"""
+        try:
+            self.ldb.add({
+                "dn": "cn=ldaptestobject," + self.base_dn,
+                "objectclass": "configuration"})
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        try:
+            self.ldb.add({
+                "dn": "cn=Test Secret,cn=system," + self.base_dn,
+                "objectclass": "secret"})
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
+        delete_force(self.ldb, "cn=Test Secret,cn=system," + self.base_dn)
+
+        # Create secret over LSA and try to change it
+
+        lsa_conn = lsa.lsarpc("ncacn_np:%s" % args[0], lp, creds)
+        lsa_handle = lsa_conn.OpenPolicy2(system_name="\\",
+                                          attr=lsa.ObjectAttribute(),
+                                          access_mask=security.SEC_FLAG_MAXIMUM_ALLOWED)
+        secret_name = lsa.String()
+        secret_name.string = "G$Test"
+        sec_handle = lsa_conn.CreateSecret(handle=lsa_handle,
+                                           name=secret_name,
+                                           access_mask=security.SEC_FLAG_MAXIMUM_ALLOWED)
+        lsa_conn.Close(lsa_handle)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=Test Secret,cn=system," + self.base_dn)
+        m["description"] = MessageElement("desc", FLAG_MOD_REPLACE,
+                                          "description")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        delete_force(self.ldb, "cn=Test Secret,cn=system," + self.base_dn)
+
+        try:
+            self.ldb.add({
+                "dn": "cn=ldaptestcontainer," + self.base_dn,
+                "objectclass": "container",
+                "isCriticalSystemObject": "TRUE"})
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        self.ldb.add({
+            "dn": "cn=ldaptestcontainer," + self.base_dn,
+            "objectclass": "container"})
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcontainer," + self.base_dn)
+        m["isCriticalSystemObject"] = MessageElement("TRUE", FLAG_MOD_REPLACE,
+                                                     "isCriticalSystemObject")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
+
+        # Proof if DC SAM object has "isCriticalSystemObject" set
+        res = self.ldb.search("", scope=SCOPE_BASE, attrs=["serverName"])
+        self.assertTrue(len(res) == 1)
+        self.assertTrue("serverName" in res[0])
+        res = self.ldb.search(res[0]["serverName"][0], scope=SCOPE_BASE,
+                              attrs=["serverReference"])
+        self.assertTrue(len(res) == 1)
+        self.assertTrue("serverReference" in res[0])
+        res = self.ldb.search(res[0]["serverReference"][0], scope=SCOPE_BASE,
+                              attrs=["isCriticalSystemObject"])
+        self.assertTrue(len(res) == 1)
+        self.assertTrue("isCriticalSystemObject" in res[0])
+        self.assertEqual(str(res[0]["isCriticalSystemObject"][0]), "TRUE")
+
+    def test_invalid_parent(self):
+        """Test adding an object with invalid parent"""
+        try:
+            self.ldb.add({
+                "dn": "cn=ldaptestgroup,cn=thisdoesnotexist123,"
+                + self.base_dn,
+                "objectclass": "group"})
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_NO_SUCH_OBJECT)
+
+        delete_force(self.ldb, "cn=ldaptestgroup,cn=thisdoesnotexist123,"
+                     + self.base_dn)
+
+        try:
+            self.ldb.add({
+                "dn": "ou=testou,cn=users," + self.base_dn,
+                "objectclass": "organizationalUnit"})
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_NAMING_VIOLATION)
+
+        delete_force(self.ldb, "ou=testou,cn=users," + self.base_dn)
+
+    def test_invalid_attribute(self):
+        """Test invalid attributes on schema/objectclasses"""
+        # attributes not in schema test
+
+        # add operation
+
+        try:
+            self.ldb.add({
+                "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+                "objectclass": "group",
+                "thisdoesnotexist": "x"})
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_NO_SUCH_ATTRIBUTE)
+
+        self.ldb.add({
+            "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+            "objectclass": "group"})
+
+        # modify operation
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["thisdoesnotexist"] = MessageElement("x", FLAG_MOD_REPLACE,
+                                               "thisdoesnotexist")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_NO_SUCH_ATTRIBUTE)
+
+        #
+        # When searching the unknown attribute should be ignored
+        expr = "(|(cn=ldaptestgroup)(thisdoesnotexist=x))"
+        res = ldb.search(base=self.base_dn,
+                         expression=expr,
+                         scope=SCOPE_SUBTREE)
+        self.assertTrue(len(res) == 1,
+                        "Search including unknown attribute failed")
+
+        # likewise, if we specifically request an unknown attribute
+        res = ldb.search(base=self.base_dn,
+                         expression="(cn=ldaptestgroup)",
+                         scope=SCOPE_SUBTREE,
+                         attrs=["thisdoesnotexist"])
+        self.assertTrue(len(res) == 1,
+                        "Search requesting unknown attribute failed")
+
+        delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+
+        # attributes not in objectclasses and mandatory attributes missing test
+        # Use here a non-SAM entry since it doesn't have special triggers
+        # associated which have an impact on the error results.
+
+        # add operations
+
+        # mandatory attribute missing
+        try:
+            self.ldb.add({
+                "dn": "cn=ldaptestobject," + self.base_dn,
+                "objectclass": "ipProtocol"})
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_OBJECT_CLASS_VIOLATION)
+
+        # inadequate but schema-valid attribute specified
+        try:
+            self.ldb.add({
+                "dn": "cn=ldaptestobject," + self.base_dn,
+                "objectclass": "ipProtocol",
+                "ipProtocolNumber": "1",
+                "uid": "0"})
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_OBJECT_CLASS_VIOLATION)
+
+        self.ldb.add({
+            "dn": "cn=ldaptestobject," + self.base_dn,
+            "objectclass": "ipProtocol",
+            "ipProtocolNumber": "1"})
+
+        # modify operations
+
+        # inadequate but schema-valid attribute add trial
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestobject," + self.base_dn)
+        m["uid"] = MessageElement("0", FLAG_MOD_ADD, "uid")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_OBJECT_CLASS_VIOLATION)
+
+        # mandatory attribute delete trial
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestobject," + self.base_dn)
+        m["ipProtocolNumber"] = MessageElement([], FLAG_MOD_DELETE,
+                                               "ipProtocolNumber")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_OBJECT_CLASS_VIOLATION)
+
+        # mandatory attribute delete trial
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestobject," + self.base_dn)
+        m["ipProtocolNumber"] = MessageElement([], FLAG_MOD_REPLACE,
+                                               "ipProtocolNumber")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_OBJECT_CLASS_VIOLATION)
+
+        delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
+
+    def test_single_valued_attributes(self):
+        """Test single-valued attributes"""
+        try:
+            self.ldb.add({
+                "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+                "objectclass": "group",
+                "sAMAccountName": ["nam1", "nam2"]})
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        self.ldb.add({
+            "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+            "objectclass": "group"})
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["sAMAccountName"] = MessageElement(["nam1", "nam2"], FLAG_MOD_REPLACE,
+                                             "sAMAccountName")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["sAMAccountName"] = MessageElement("testgroupXX", FLAG_MOD_REPLACE,
+                                             "sAMAccountName")
+        ldb.modify(m)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["sAMAccountName"] = MessageElement("testgroupXX2", FLAG_MOD_ADD,
+                                             "sAMAccountName")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
+
+        delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+
+    def test_single_valued_linked_attributes(self):
+        """Test managedBy, a single-valued linked attribute.
+
+        (The single-valuedness of this is enforced differently, in
+        repl_meta_data.c)
+        """
+        ou = 'OU=svla,%s' % (self.base_dn)
+
+        delete_force(self.ldb, ou, controls=['tree_delete:1'])
+
+        self.ldb.add({'objectclass': 'organizationalUnit',
+                      'dn': ou})
+
+        managers = []
+        for x in range(3):
+            m = "cn=manager%d,%s" % (x, ou)
+            self.ldb.add({
+                "dn": m,
+                "objectclass": "user"})
+            managers.append(m)
+
+        try:
+            self.ldb.add({
+                "dn": "cn=group1," + ou,
+                "objectclass": "group",
+                "managedBy": managers
+            })
+            self.fail("failed to fail to add multiple managedBy attributes")
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        managee = "cn=group2," + ou
+        self.ldb.add({
+            "dn": managee,
+            "objectclass": "group",
+            "managedBy": [managers[0]]})
+
+        m = Message()
+        m.dn = Dn(ldb, managee)
+        m["managedBy"] = MessageElement(managers, FLAG_MOD_REPLACE,
+                                        "managedBy")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        m = Message()
+        m.dn = Dn(ldb, managee)
+        m["managedBy"] = MessageElement(managers[1], FLAG_MOD_REPLACE,
+                                        "managedBy")
+        ldb.modify(m)
+
+        m = Message()
+        m.dn = Dn(ldb, managee)
+        m["managedBy"] = MessageElement(managers[2], FLAG_MOD_ADD,
+                                        "managedBy")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
+
+        self.ldb.delete(ou, ['tree_delete:1'])
+
+    def test_multivalued_attributes(self):
+        """Test multi-valued attributes"""
+        ou = 'OU=mvattr,%s' % (self.base_dn)
+        delete_force(self.ldb, ou, controls=['tree_delete:1'])
+        self.ldb.add({'objectclass': 'organizationalUnit',
+                      'dn': ou})
+
+        # beyond 1210, Win2012r2 gives LDAP_ADMIN_LIMIT_EXCEEDED
+        ranges = (3, 30, 300, 1210)
+
+        for n in ranges:
+            self.ldb.add({
+                "dn": "cn=ldaptestuser%d,%s" % (n, ou),
+                "objectclass": "user",
+                "carLicense": ["car%d" % x for x in range(n)]})
+
+        # add some more
+        for n in ranges:
+            m = Message()
+            m.dn = Dn(ldb, "cn=ldaptestuser%d,%s" % (n, ou))
+            m["carLicense"] = MessageElement(["another"],
+                                             FLAG_MOD_ADD,
+                                             "carLicense")
+            ldb.modify(m)
+
+            m = Message()
+            m.dn = Dn(ldb, "cn=ldaptestuser%d,%s" % (n, ou))
+            m["carLicense"] = MessageElement(["foo%d" % x for x in range(4)],
+                                             FLAG_MOD_ADD,
+                                             "carLicense")
+            ldb.modify(m)
+
+            m = Message()
+            m.dn = Dn(ldb, "cn=ldaptestuser%d,%s" % (n, ou))
+            m["carLicense"] = MessageElement(["bar%d" % x for x in range(40)],
+                                             FLAG_MOD_ADD,
+                                             "carLicense")
+            ldb.modify(m)
+
+        for n in ranges:
+            m = Message()
+            dn = "cn=ldaptestuser%d,%s" % (n, ou)
+            m.dn = Dn(ldb, dn)
+            m["carLicense"] = MessageElement(["replacement"],
+                                             FLAG_MOD_REPLACE,
+                                             "carLicense")
+            ldb.modify(m)
+
+            m = Message()
+            m.dn = Dn(ldb, dn)
+            m["carLicense"] = MessageElement(["replacement%d" % x for x in range(n)],
+                                             FLAG_MOD_REPLACE,
+                                             "carLicense")
+            ldb.modify(m)
+
+            m = Message()
+            m.dn = Dn(ldb, dn)
+            m["carLicense"] = MessageElement(["again%d" % x for x in range(n)],
+                                             FLAG_MOD_REPLACE,
+                                             "carLicense")
+            ldb.modify(m)
+
+            m = Message()
+            m.dn = Dn(ldb, dn)
+            m["carLicense"] = MessageElement(["andagain%d" % x for x in range(n)],
+                                             FLAG_MOD_REPLACE,
+                                             "carLicense")
+            ldb.modify(m)
+
+        self.ldb.delete(ou, ['tree_delete:1'])
+
+    def test_attribute_ranges(self):
+        """Test attribute ranges"""
+        # Too short (min. 1)
+        try:
+            ldb.add({
+                "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+                "objectClass": "person",
+                "sn": ""})
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_INVALID_ATTRIBUTE_SYNTAX)
+
+        ldb.add({
+            "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+            "objectClass": "person"})
+
+        # Too short (min. 1)
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["sn"] = MessageElement("", FLAG_MOD_REPLACE, "sn")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_INVALID_ATTRIBUTE_SYNTAX)
+
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["sn"] = MessageElement("x", FLAG_MOD_REPLACE, "sn")
+        ldb.modify(m)
+
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+    def test_attribute_ranges_too_long(self):
+        """Test attribute ranges"""
+        # This is knownfail with the wrong error
+        # (INVALID_ATTRIBUTE_SYNTAX vs CONSTRAINT_VIOLATION per Windows)
+
+        # Too long (max. 64)
+        try:
+            ldb.add({
+               "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+               "objectClass": "person",
+               "sn": "x" * 65 })
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        ldb.add({
+            "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+            "objectClass": "person"})
+
+        # Too long (max. 64)
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["sn"] = MessageElement("x" * 66, FLAG_MOD_REPLACE, "sn")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            self.assertEqual(e.args[0], ERR_CONSTRAINT_VIOLATION)
+
+    def test_empty_messages(self):
+        """Test empty messages"""
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+
+        try:
+            ldb.add(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_OBJECT_CLASS_VIOLATION)
+
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+
+    def test_empty_attributes(self):
+        """Test empty attributes"""
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["objectClass"] = MessageElement("group", FLAG_MOD_ADD, "objectClass")
+        m["description"] = MessageElement([], FLAG_MOD_ADD, "description")
+
+        try:
+            ldb.add(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        self.ldb.add({
+            "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+            "objectclass": "group"})
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["description"] = MessageElement([], FLAG_MOD_ADD, "description")
+
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["description"] = MessageElement([], FLAG_MOD_REPLACE, "description")
+        ldb.modify(m)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["description"] = MessageElement([], FLAG_MOD_DELETE, "description")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_NO_SUCH_ATTRIBUTE)
+
+        delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+
+    def test_instanceType(self):
+        """Tests the 'instanceType' attribute"""
+        # The instance type is single-valued
+        try:
+            self.ldb.add({
+                "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+                "objectclass": "group",
+                "instanceType": ["0", "1"]})
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        # The head NC flag cannot be set without the write flag
+        try:
+            self.ldb.add({
+                "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+                "objectclass": "group",
+                "instanceType": "1"})
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        # We cannot manipulate NCs without the head NC flag
+        try:
+            self.ldb.add({
+                "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+                "objectclass": "group",
+                "instanceType": "32"})
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        self.ldb.add({
+            "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+            "objectclass": "group"})
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["instanceType"] = MessageElement("0", FLAG_MOD_REPLACE,
+                                           "instanceType")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["instanceType"] = MessageElement([], FLAG_MOD_REPLACE,
+                                           "instanceType")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["instanceType"] = MessageElement([], FLAG_MOD_DELETE, "instanceType")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+
+        # only write is allowed with NC_HEAD for originating updates
+        try:
+            self.ldb.add({
+                "dn": "cn=ldaptestuser2,cn=users," + self.base_dn,
+                "objectclass": "user",
+                "instanceType": "3"})
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+        delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
+
+    def test_distinguished_name(self):
+        """Tests the 'distinguishedName' attribute"""
+        # The "dn" shortcut isn't supported
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["objectClass"] = MessageElement("group", 0, "objectClass")
+        m["dn"] = MessageElement("cn=ldaptestgroup,cn=users," + self.base_dn, 0,
+                                 "dn")
+        try:
+            ldb.add(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_NO_SUCH_ATTRIBUTE)
+
+        # a wrong "distinguishedName" attribute is obviously tolerated
+        self.ldb.add({
+            "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+            "objectclass": "group",
+            "distinguishedName": "cn=ldaptest,cn=users," + self.base_dn})
+
+        # proof if the DN has been set correctly
+        res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["distinguishedName"])
+        self.assertTrue(len(res) == 1)
+        self.assertTrue("distinguishedName" in res[0])
+        self.assertTrue(Dn(ldb, str(res[0]["distinguishedName"][0]))
+                        == Dn(ldb, "cn=ldaptestgroup, cn=users," + self.base_dn))
+
+        # The "dn" shortcut isn't supported
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["dn"] = MessageElement(
+            "cn=ldaptestgroup,cn=users," + self.base_dn, FLAG_MOD_REPLACE,
+            "dn")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_NO_SUCH_ATTRIBUTE)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["distinguishedName"] = MessageElement(
+            "cn=ldaptestuser,cn=users," + self.base_dn, FLAG_MOD_ADD,
+            "distinguishedName")
+
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["distinguishedName"] = MessageElement(
+            "cn=ldaptestuser,cn=users," + self.base_dn, FLAG_MOD_REPLACE,
+            "distinguishedName")
+
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["distinguishedName"] = MessageElement(
+            "cn=ldaptestuser,cn=users," + self.base_dn, FLAG_MOD_DELETE,
+            "distinguishedName")
+
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+
+    def test_rdn_name(self):
+        """Tests the RDN"""
+        # Search
+
+        # empty RDN
+        try:
+            self.ldb.search("=,cn=users," + self.base_dn, scope=SCOPE_BASE)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_INVALID_DN_SYNTAX)
+
+        # empty RDN name
+        try:
+            self.ldb.search("cn=,cn=users," + self.base_dn, scope=SCOPE_BASE)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_INVALID_DN_SYNTAX)
+
+        try:
+            self.ldb.search("=ldaptestgroup,cn=users," + self.base_dn, scope=SCOPE_BASE)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_INVALID_DN_SYNTAX)
+
+        # Add
+
+        # empty RDN
+        try:
+            self.ldb.add({
+                "dn": "=,cn=users," + self.base_dn,
+                "objectclass": "group"})
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_INVALID_DN_SYNTAX)
+
+        # empty RDN name
+        try:
+            self.ldb.add({
+                "dn": "=ldaptestgroup,cn=users," + self.base_dn,
+                "objectclass": "group"})
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_INVALID_DN_SYNTAX)
+
+        # empty RDN value
+        try:
+            self.ldb.add({
+                "dn": "cn=,cn=users," + self.base_dn,
+                "objectclass": "group"})
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_INVALID_DN_SYNTAX)
+
+        # a wrong RDN candidate
+        try:
+            self.ldb.add({
+                "dn": "description=xyz,cn=users," + self.base_dn,
+                "objectclass": "group"})
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_NAMING_VIOLATION)
+
+        delete_force(self.ldb, "description=xyz,cn=users," + self.base_dn)
+
+        # a wrong "name" attribute is obviously tolerated
+        self.ldb.add({
+            "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+            "objectclass": "group",
+            "name": "ldaptestgroupx"})
+
+        # proof if the name has been set correctly
+        res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["name"])
+        self.assertTrue(len(res) == 1)
+        self.assertTrue("name" in res[0])
+        self.assertTrue(str(res[0]["name"][0]) == "ldaptestgroup")
+
+        # Modify
+
+        # empty RDN value
+        m = Message()
+        m.dn = Dn(ldb, "cn=,cn=users," + self.base_dn)
+        m["description"] = "test"
+        try:
+            self.ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_INVALID_DN_SYNTAX)
+
+        # Delete
+
+        # empty RDN value
+        try:
+            self.ldb.delete("cn=,cn=users," + self.base_dn)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_INVALID_DN_SYNTAX)
+
+        # Rename
+
+        # new empty RDN
+        try:
+            self.ldb.rename("cn=ldaptestgroup,cn=users," + self.base_dn,
+                            "=,cn=users," + self.base_dn)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_INVALID_DN_SYNTAX)
+
+        # new empty RDN name
+        try:
+            self.ldb.rename("cn=ldaptestgroup,cn=users," + self.base_dn,
+                            "=ldaptestgroup,cn=users," + self.base_dn)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_INVALID_DN_SYNTAX)
+
+        # new empty RDN value
+        try:
+            self.ldb.rename("cn=ldaptestgroup,cn=users," + self.base_dn,
+                            "cn=,cn=users," + self.base_dn)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_NAMING_VIOLATION)
+
+        # new wrong RDN candidate
+        try:
+            self.ldb.rename("cn=ldaptestgroup,cn=users," + self.base_dn,
+                            "description=xyz,cn=users," + self.base_dn)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        delete_force(self.ldb, "description=xyz,cn=users," + self.base_dn)
+
+        # old empty RDN value
+        try:
+            self.ldb.rename("cn=,cn=users," + self.base_dn,
+                            "cn=ldaptestgroup,cn=users," + self.base_dn)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_INVALID_DN_SYNTAX)
+
+        # names
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["name"] = MessageElement("cn=ldaptestuser", FLAG_MOD_REPLACE,
+                                   "name")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_NOT_ALLOWED_ON_RDN)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["cn"] = MessageElement("ldaptestuser",
+                                 FLAG_MOD_REPLACE, "cn")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_NOT_ALLOWED_ON_RDN)
+
+        delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+
+        # this test needs to be disabled until we really understand
+        # what the rDN length constraints are
+
+    def DISABLED_test_largeRDN(self):
+        """Testing large rDN (limit 64 characters)"""
+        rdn = "CN=a012345678901234567890123456789012345678901234567890123456789012"
+        delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
+        ldif = """
+dn: %s,%s""" % (rdn, self.base_dn) + """
+objectClass: container
+"""
+        self.ldb.add_ldif(ldif)
+        delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
+
+        rdn = "CN=a0123456789012345678901234567890123456789012345678901234567890120"
+        delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
+        try:
+            ldif = """
+dn: %s,%s""" % (rdn, self.base_dn) + """
+objectClass: container
+"""
+            self.ldb.add_ldif(ldif)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+        delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
+
+    def test_rename(self):
+        """Tests the rename operation"""
+        try:
+            # cannot rename to be a child of itself
+            ldb.rename(self.base_dn, "dc=test," + self.base_dn)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        try:
+            # inexistent object
+            ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser2,cn=users," + self.base_dn)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_NO_SUCH_OBJECT)
+
+        self.ldb.add({
+            "dn": "cn=ldaptestuser2,cn=users," + self.base_dn,
+            "objectclass": "user"})
+
+        ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser2,cn=users," + self.base_dn)
+        ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=users," + self.base_dn)
+        ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestUSER3,cn=users," + self.base_dn)
+
+        try:
+            # containment problem: a user entry cannot contain user entries
+            ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser4,cn=ldaptestuser3,cn=users," + self.base_dn)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_NAMING_VIOLATION)
+
+        try:
+            # invalid parent
+            ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=people,cn=users," + self.base_dn)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_OTHER)
+
+        try:
+            # invalid target DN syntax
+            ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, ",cn=users," + self.base_dn)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_INVALID_DN_SYNTAX)
+
+        try:
+            # invalid RDN name
+            ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "ou=ldaptestuser3,cn=users," + self.base_dn)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn)
+
+        # Performs some "systemFlags" testing
+
+        # Move failing since no "SYSTEM_FLAG_CONFIG_ALLOW_MOVE"
+        try:
+            ldb.rename("CN=DisplaySpecifiers," + self.configuration_dn, "CN=DisplaySpecifiers,CN=Services," + self.configuration_dn)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        # Limited move failing since no "SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE"
+        try:
+            ldb.rename("CN=Directory Service,CN=Windows NT,CN=Services," + self.configuration_dn, "CN=Directory Service,CN=RRAS,CN=Services," + self.configuration_dn)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        # Rename failing since no "SYSTEM_FLAG_CONFIG_ALLOW_RENAME"
+        try:
+            ldb.rename("CN=DisplaySpecifiers," + self.configuration_dn, "CN=DisplaySpecifiers2," + self.configuration_dn)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        # It's not really possible to test moves on the schema partition since
+        # there don't exist subcontainers on it.
+
+        # Rename failing since "SYSTEM_FLAG_SCHEMA_BASE_OBJECT"
+        try:
+            ldb.rename("CN=Top," + self.schema_dn, "CN=Top2," + self.schema_dn)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        # Move failing since "SYSTEM_FLAG_DOMAIN_DISALLOW_MOVE"
+        try:
+            ldb.rename("CN=Users," + self.base_dn, "CN=Users,CN=Computers," + self.base_dn)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        # Rename failing since "SYSTEM_FLAG_DOMAIN_DISALLOW_RENAME"
+        try:
+            ldb.rename("CN=Users," + self.base_dn, "CN=Users2," + self.base_dn)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        # Performs some other constraints testing
+
+        try:
+            ldb.rename("CN=Policies,CN=System," + self.base_dn, "CN=Users2," + self.base_dn)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_OTHER)
+
+    def test_rename_twice(self):
+        """Tests the rename operation twice - this corresponds to a past bug"""
+        self.ldb.add({
+            "dn": "cn=ldaptestuser5,cn=users," + self.base_dn,
+            "objectclass": "user"})
+
+        ldb.rename("cn=ldaptestuser5,cn=users," + self.base_dn, "cn=ldaptestUSER5,cn=users," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
+        self.ldb.add({
+            "dn": "cn=ldaptestuser5,cn=users," + self.base_dn,
+            "objectclass": "user"})
+        ldb.rename("cn=ldaptestuser5,cn=Users," + self.base_dn, "cn=ldaptestUSER5,cn=users," + self.base_dn)
+        res = ldb.search(expression="cn=ldaptestuser5")
+        self.assertEqual(len(res), 1, "Wrong number of hits for cn=ldaptestuser5")
+        res = ldb.search(expression="(&(cn=ldaptestuser5)(objectclass=user))")
+        self.assertEqual(len(res), 1, "Wrong number of hits for (&(cn=ldaptestuser5)(objectclass=user))")
+        delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
+
+    def test_objectGUID(self):
+        """Test objectGUID behaviour"""
+        # The objectGUID cannot directly be set
+        try:
+            self.ldb.add_ldif("""
+dn: cn=ldaptestcontainer,""" + self.base_dn + """
+objectClass: container
+objectGUID: bd3480c9-58af-4cd8-92df-bc4a18b6e44d
+""")
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        self.ldb.add({
+            "dn": "cn=ldaptestcontainer," + self.base_dn,
+            "objectClass": "container"})
+
+        # The objectGUID cannot directly be changed
+        try:
+            self.ldb.modify_ldif("""
+dn: cn=ldaptestcontainer,""" + self.base_dn + """
+changetype: modify
+replace: objectGUID
+objectGUID: bd3480c9-58af-4cd8-92df-bc4a18b6e44d
+""")
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
+
+    def test_parentGUID(self):
+        """Test parentGUID behaviour"""
+        self.ldb.add({
+            "dn": "cn=parentguidtest,cn=users," + self.base_dn,
+            "objectclass": "user",
+            "samaccountname": "parentguidtest"})
+        res1 = ldb.search(base="cn=parentguidtest,cn=users," + self.base_dn, scope=SCOPE_BASE,
+                          attrs=["parentGUID", "samaccountname"])
+        res2 = ldb.search(base="cn=users," + self.base_dn, scope=SCOPE_BASE,
+                          attrs=["objectGUID"])
+        res3 = ldb.search(base=self.base_dn, scope=SCOPE_BASE,
+                          attrs=["parentGUID"])
+        res4 = ldb.search(base=self.configuration_dn, scope=SCOPE_BASE,
+                          attrs=["parentGUID"])
+        res5 = ldb.search(base=self.schema_dn, scope=SCOPE_BASE,
+                          attrs=["parentGUID"])
+
+        """Check if the parentGUID is valid """
+        self.assertEqual(res1[0]["parentGUID"], res2[0]["objectGUID"])
+
+        """Check if it returns nothing when there is no parent object - default NC"""
+        has_parentGUID = False
+        for key in res3[0].keys():
+            if key == "parentGUID":
+                has_parentGUID = True
+                break
+        self.assertFalse(has_parentGUID)
+
+        """Check if it returns nothing when there is no parent object - configuration NC"""
+        has_parentGUID = False
+        for key in res4[0].keys():
+            if key == "parentGUID":
+                has_parentGUID = True
+                break
+        self.assertFalse(has_parentGUID)
+
+        """Check if it returns nothing when there is no parent object - schema NC"""
+        has_parentGUID = False
+        for key in res5[0].keys():
+            if key == "parentGUID":
+                has_parentGUID = True
+                break
+        self.assertFalse(has_parentGUID)
+
+        """Ensures that if you look for another object attribute after the constructed
+            parentGUID, it will return correctly"""
+        has_another_attribute = False
+        for key in res1[0].keys():
+            if key == "sAMAccountName":
+                has_another_attribute = True
+                break
+        self.assertTrue(has_another_attribute)
+        self.assertTrue(len(res1[0]["samaccountname"]) == 1)
+        self.assertEqual(str(res1[0]["samaccountname"][0]), "parentguidtest")
+
+        # Testing parentGUID behaviour on rename\
+
+        self.ldb.add({
+            "dn": "cn=testotherusers," + self.base_dn,
+            "objectclass": "container"})
+        res1 = ldb.search(base="cn=testotherusers," + self.base_dn, scope=SCOPE_BASE,
+                          attrs=["objectGUID"])
+        ldb.rename("cn=parentguidtest,cn=users," + self.base_dn,
+                   "cn=parentguidtest,cn=testotherusers," + self.base_dn)
+        res2 = ldb.search(base="cn=parentguidtest,cn=testotherusers," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["parentGUID"])
+        self.assertEqual(res1[0]["objectGUID"], res2[0]["parentGUID"])
+
+        delete_force(self.ldb, "cn=parentguidtest,cn=testotherusers," + self.base_dn)
+        delete_force(self.ldb, "cn=testotherusers," + self.base_dn)
+
+    def test_usnChanged(self):
+        """Test usnChanged behaviour"""
+
+        self.ldb.add({
+            "dn": "cn=ldaptestcontainer," + self.base_dn,
+            "objectClass": "container"})
+
+        res = ldb.search("cn=ldaptestcontainer," + self.base_dn,
+                         scope=SCOPE_BASE,
+                         attrs=["objectGUID", "uSNCreated", "uSNChanged", "whenCreated", "whenChanged", "description"])
+        self.assertTrue(len(res) == 1)
+        self.assertFalse("description" in res[0])
+        self.assertTrue("objectGUID" in res[0])
+        self.assertTrue("uSNCreated" in res[0])
+        self.assertTrue("uSNChanged" in res[0])
+        self.assertTrue("whenCreated" in res[0])
+        self.assertTrue("whenChanged" in res[0])
+
+        delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
+
+        # All these attributes are specifiable on add operations
+        self.ldb.add({
+            "dn": "cn=ldaptestcontainer," + self.base_dn,
+            "objectclass": "container",
+            "uSNCreated": "1",
+            "uSNChanged": "1",
+            "whenCreated": timestring(int(time.time())),
+            "whenChanged": timestring(int(time.time()))})
+
+        res = ldb.search("cn=ldaptestcontainer," + self.base_dn,
+                         scope=SCOPE_BASE,
+                         attrs=["objectGUID", "uSNCreated", "uSNChanged", "whenCreated", "whenChanged", "description"])
+        self.assertTrue(len(res) == 1)
+        self.assertFalse("description" in res[0])
+        self.assertTrue("objectGUID" in res[0])
+        self.assertTrue("uSNCreated" in res[0])
+        self.assertFalse(res[0]["uSNCreated"][0] == "1")  # these are corrected
+        self.assertTrue("uSNChanged" in res[0])
+        self.assertFalse(res[0]["uSNChanged"][0] == "1")  # these are corrected
+        self.assertTrue("whenCreated" in res[0])
+        self.assertTrue("whenChanged" in res[0])
+
+        ldb.modify_ldif("""
+dn: cn=ldaptestcontainer,""" + self.base_dn + """
+changetype: modify
+replace: description
+""")
+
+        res2 = ldb.search("cn=ldaptestcontainer," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["uSNCreated", "uSNChanged", "description"])
+        self.assertTrue(len(res) == 1)
+        self.assertFalse("description" in res2[0])
+        self.assertEqual(res[0]["usnCreated"], res2[0]["usnCreated"])
+        self.assertEqual(res[0]["usnCreated"], res2[0]["usnChanged"])
+        self.assertEqual(res[0]["usnChanged"], res2[0]["usnChanged"])
+
+        ldb.modify_ldif("""
+dn: cn=ldaptestcontainer,""" + self.base_dn + """
+changetype: modify
+replace: description
+description: test
+""")
+
+        res3 = ldb.search("cn=ldaptestcontainer," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["uSNCreated", "uSNChanged", "description"])
+        self.assertTrue(len(res) == 1)
+        self.assertTrue("description" in res3[0])
+        self.assertEqual("test", str(res3[0]["description"][0]))
+        self.assertEqual(res[0]["usnCreated"], res3[0]["usnCreated"])
+        self.assertNotEqual(res[0]["usnCreated"], res3[0]["usnChanged"])
+        self.assertNotEqual(res[0]["usnChanged"], res3[0]["usnChanged"])
+
+        ldb.modify_ldif("""
+dn: cn=ldaptestcontainer,""" + self.base_dn + """
+changetype: modify
+replace: description
+description: test
+""")
+
+        res4 = ldb.search("cn=ldaptestcontainer," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["uSNCreated", "uSNChanged", "description"])
+        self.assertTrue(len(res) == 1)
+        self.assertTrue("description" in res4[0])
+        self.assertEqual("test", str(res4[0]["description"][0]))
+        self.assertEqual(res[0]["usnCreated"], res4[0]["usnCreated"])
+        self.assertNotEqual(res3[0]["usnCreated"], res4[0]["usnChanged"])
+        self.assertEqual(res3[0]["usnChanged"], res4[0]["usnChanged"])
+
+        ldb.modify_ldif("""
+dn: cn=ldaptestcontainer,""" + self.base_dn + """
+changetype: modify
+replace: description
+description: test2
+""")
+
+        res5 = ldb.search("cn=ldaptestcontainer," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["uSNCreated", "uSNChanged", "description"])
+        self.assertTrue(len(res) == 1)
+        self.assertTrue("description" in res5[0])
+        self.assertEqual("test2", str(res5[0]["description"][0]))
+        self.assertEqual(res[0]["usnCreated"], res5[0]["usnCreated"])
+        self.assertNotEqual(res3[0]["usnChanged"], res5[0]["usnChanged"])
+
+        ldb.modify_ldif("""
+dn: cn=ldaptestcontainer,""" + self.base_dn + """
+changetype: modify
+delete: description
+description: test2
+""")
+
+        res6 = ldb.search("cn=ldaptestcontainer," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["uSNCreated", "uSNChanged", "description"])
+        self.assertTrue(len(res) == 1)
+        self.assertFalse("description" in res6[0])
+        self.assertEqual(res[0]["usnCreated"], res6[0]["usnCreated"])
+        self.assertNotEqual(res5[0]["usnChanged"], res6[0]["usnChanged"])
+
+        ldb.modify_ldif("""
+dn: cn=ldaptestcontainer,""" + self.base_dn + """
+changetype: modify
+add: description
+description: test3
+""")
+
+        res7 = ldb.search("cn=ldaptestcontainer," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["uSNCreated", "uSNChanged", "description"])
+        self.assertTrue(len(res) == 1)
+        self.assertTrue("description" in res7[0])
+        self.assertEqual("test3", str(res7[0]["description"][0]))
+        self.assertEqual(res[0]["usnCreated"], res7[0]["usnCreated"])
+        self.assertNotEqual(res6[0]["usnChanged"], res7[0]["usnChanged"])
+
+        ldb.modify_ldif("""
+dn: cn=ldaptestcontainer,""" + self.base_dn + """
+changetype: modify
+delete: description
+""")
+
+        res8 = ldb.search("cn=ldaptestcontainer," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["uSNCreated", "uSNChanged", "description"])
+        self.assertTrue(len(res) == 1)
+        self.assertFalse("description" in res8[0])
+        self.assertEqual(res[0]["usnCreated"], res8[0]["usnCreated"])
+        self.assertNotEqual(res7[0]["usnChanged"], res8[0]["usnChanged"])
+
+        delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
+
+    def test_groupType_int32(self):
+        """Test groupType (int32) behaviour (should appear to be cast to a 32 bit signed integer before comparison)"""
+
+        res1 = ldb.search(base=self.base_dn, scope=SCOPE_SUBTREE,
+                          attrs=["groupType"], expression="groupType=2147483653")
+
+        res2 = ldb.search(base=self.base_dn, scope=SCOPE_SUBTREE,
+                          attrs=["groupType"], expression="groupType=-2147483643")
+
+        self.assertEqual(len(res1), len(res2))
+
+        self.assertTrue(res1.count > 0)
+
+        self.assertEqual(str(res1[0]["groupType"][0]), "-2147483643")
+
+    def test_linked_attributes(self):
+        """This tests the linked attribute behaviour"""
+
+        ldb.add({
+            "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+            "objectclass": "group"})
+
+        # This should not work since "memberOf" is linked to "member"
+        try:
+            ldb.add({
+                "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+                "objectclass": "user",
+                "memberOf": "cn=ldaptestgroup,cn=users," + self.base_dn})
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        ldb.add({
+            "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+            "objectclass": "user"})
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["memberOf"] = MessageElement("cn=ldaptestgroup,cn=users," + self.base_dn,
+                                       FLAG_MOD_ADD, "memberOf")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
+                                     FLAG_MOD_ADD, "member")
+        ldb.modify(m)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["memberOf"] = MessageElement("cn=ldaptestgroup,cn=users," + self.base_dn,
+                                       FLAG_MOD_REPLACE, "memberOf")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["memberOf"] = MessageElement("cn=ldaptestgroup,cn=users," + self.base_dn,
+                                       FLAG_MOD_DELETE, "memberOf")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
+                                     FLAG_MOD_DELETE, "member")
+        ldb.modify(m)
+
+        # This should yield no results since the member attribute for
+        # "ldaptestuser" should have been deleted
+        res1 = ldb.search("cn=ldaptestgroup, cn=users," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          expression="(member=cn=ldaptestuser,cn=users," + self.base_dn + ")",
+                          attrs=[])
+        self.assertTrue(len(res1) == 0)
+
+        delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+
+        ldb.add({
+            "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+            "objectclass": "group",
+            "member": "cn=ldaptestuser,cn=users," + self.base_dn})
+
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+        # Make sure that the "member" attribute for "ldaptestuser" has been
+        # removed
+        res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["member"])
+        self.assertTrue(len(res) == 1)
+        self.assertFalse("member" in res[0])
+
+        delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+
+    def test_wkguid(self):
+        """Test Well known GUID behaviours (including DN+Binary)"""
+
+        res = self.ldb.search(base=("<WKGUID=ab1d30f3768811d1aded00c04fd8d5cd,%s>" % self.base_dn), scope=SCOPE_BASE, attrs=[])
+        self.assertEqual(len(res), 1)
+
+        res2 = self.ldb.search(scope=SCOPE_BASE, attrs=["wellKnownObjects"], expression=("wellKnownObjects=B:32:ab1d30f3768811d1aded00c04fd8d5cd:%s" % res[0].dn))
+        self.assertEqual(len(res2), 1)
+
+        # Prove that the matching rule is over the whole DN+Binary
+        res2 = self.ldb.search(scope=SCOPE_BASE, attrs=["wellKnownObjects"], expression=("wellKnownObjects=B:32:ab1d30f3768811d1aded00c04fd8d5cd"))
+        self.assertEqual(len(res2), 0)
+        # Prove that the matching rule is over the whole DN+Binary
+        res2 = self.ldb.search(scope=SCOPE_BASE, attrs=["wellKnownObjects"], expression=("wellKnownObjects=%s") % res[0].dn)
+        self.assertEqual(len(res2), 0)
+
+    def test_subschemasubentry(self):
+        """Test subSchemaSubEntry appears when requested, but not when not requested"""
+
+        res = self.ldb.search(base=self.base_dn, scope=SCOPE_BASE, attrs=["subSchemaSubEntry"])
+        self.assertEqual(len(res), 1)
+        self.assertEqual(str(res[0]["subSchemaSubEntry"][0]), "CN=Aggregate," + self.schema_dn)
+
+        res = self.ldb.search(base=self.base_dn, scope=SCOPE_BASE, attrs=["*"])
+        self.assertEqual(len(res), 1)
+        self.assertTrue("subScheamSubEntry" not in res[0])
+
+    def test_all(self):
+        """Basic tests"""
+
+        # Testing user add
+
+        ldb.add({
+            "dn": "cn=ldaptestuser,cn=uSers," + self.base_dn,
+            "objectclass": "user",
+            "cN": "LDAPtestUSER",
+            "givenname": "ldap",
+            "sn": "testy"})
+
+        ldb.add({
+            "dn": "cn=ldaptestgroup,cn=uSers," + self.base_dn,
+            "objectclass": "group",
+            "member": "cn=ldaptestuser,cn=useRs," + self.base_dn})
+
+        ldb.add({
+            "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
+            "objectclass": "computer",
+            "cN": "LDAPtestCOMPUTER"})
+
+        ldb.add({"dn": "cn=ldaptest2computer,cn=computers," + self.base_dn,
+                 "objectClass": "computer",
+                 "cn": "LDAPtest2COMPUTER",
+                 "userAccountControl": str(UF_WORKSTATION_TRUST_ACCOUNT),
+                 "displayname": "ldap testy"})
+
+        try:
+            ldb.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self.base_dn,
+                     "objectClass": "computer",
+                     "cn": "LDAPtest2COMPUTER"
+                     })
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_INVALID_DN_SYNTAX)
+
+        try:
+            ldb.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self.base_dn,
+                     "objectClass": "computer",
+                     "cn": "ldaptestcomputer3",
+                     "sAMAccountType": str(ATYPE_NORMAL_ACCOUNT)
+                     })
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        ldb.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self.base_dn,
+                 "objectClass": "computer",
+                 "cn": "LDAPtestCOMPUTER3"
+                 })
+
+        # Testing ldb.search for (&(cn=ldaptestcomputer3)(objectClass=user))
+        res = ldb.search(self.base_dn, expression="(&(cn=ldaptestcomputer3)(objectClass=user))")
+        self.assertEqual(len(res), 1, "Found only %d for (&(cn=ldaptestcomputer3)(objectClass=user))" % len(res))
+
+        self.assertEqual(str(res[0].dn), ("CN=ldaptestcomputer3,CN=Computers," + self.base_dn))
+        self.assertEqual(str(res[0]["cn"][0]), "ldaptestcomputer3")
+        self.assertEqual(str(res[0]["name"][0]), "ldaptestcomputer3")
+        self.assertEqual(str(res[0]["objectClass"][0]), "top")
+        self.assertEqual(str(res[0]["objectClass"][1]), "person")
+        self.assertEqual(str(res[0]["objectClass"][2]), "organizationalPerson")
+        self.assertEqual(str(res[0]["objectClass"][3]), "user")
+        self.assertEqual(str(res[0]["objectClass"][4]), "computer")
+        self.assertTrue("objectGUID" in res[0])
+        self.assertTrue("whenCreated" in res[0])
+        self.assertEqual(str(res[0]["objectCategory"][0]), ("CN=Computer,%s" % ldb.get_schema_basedn()))
+        self.assertEqual(int(res[0]["primaryGroupID"][0]), DOMAIN_RID_DOMAIN_MEMBERS)
+        self.assertEqual(int(res[0]["sAMAccountType"][0]), ATYPE_WORKSTATION_TRUST)
+        self.assertEqual(int(res[0]["userAccountControl"][0]), UF_WORKSTATION_TRUST_ACCOUNT | UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE)
+
+        delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn)
+
+        # Testing attribute or value exists behaviour
+        try:
+            ldb.modify_ldif("""
+dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
+changetype: modify
+replace: servicePrincipalName
+servicePrincipalName: host/ldaptest2computer
+servicePrincipalName: host/ldaptest2computer
+servicePrincipalName: cifs/ldaptest2computer
+""")
+            self.fail()
+        except LdbError as e:
+            (num, msg) = e.args
+            self.assertEqual(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
+
+        ldb.modify_ldif("""
+dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
+changetype: modify
+replace: servicePrincipalName
+servicePrincipalName: host/ldaptest2computer
+servicePrincipalName: cifs/ldaptest2computer
+""")
+        try:
+            ldb.modify_ldif("""
+dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
+changetype: modify
+add: servicePrincipalName
+servicePrincipalName: host/ldaptest2computer
+""")
+            self.fail()
+        except LdbError as e:
+            (num, msg) = e.args
+            self.assertEqual(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
+
+        # Testing ranged results
+        ldb.modify_ldif("""
+dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
+changetype: modify
+replace: servicePrincipalName
+""")
+
+        ldb.modify_ldif("""
+dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
+changetype: modify
+add: servicePrincipalName
+servicePrincipalName: host/ldaptest2computer0
+servicePrincipalName: host/ldaptest2computer1
+servicePrincipalName: host/ldaptest2computer2
+servicePrincipalName: host/ldaptest2computer3
+servicePrincipalName: host/ldaptest2computer4
+servicePrincipalName: host/ldaptest2computer5
+servicePrincipalName: host/ldaptest2computer6
+servicePrincipalName: host/ldaptest2computer7
+servicePrincipalName: host/ldaptest2computer8
+servicePrincipalName: host/ldaptest2computer9
+servicePrincipalName: host/ldaptest2computer10
+servicePrincipalName: host/ldaptest2computer11
+servicePrincipalName: host/ldaptest2computer12
+servicePrincipalName: host/ldaptest2computer13
+servicePrincipalName: host/ldaptest2computer14
+servicePrincipalName: host/ldaptest2computer15
+servicePrincipalName: host/ldaptest2computer16
+servicePrincipalName: host/ldaptest2computer17
+servicePrincipalName: host/ldaptest2computer18
+servicePrincipalName: host/ldaptest2computer19
+servicePrincipalName: host/ldaptest2computer20
+servicePrincipalName: host/ldaptest2computer21
+servicePrincipalName: host/ldaptest2computer22
+servicePrincipalName: host/ldaptest2computer23
+servicePrincipalName: host/ldaptest2computer24
+servicePrincipalName: host/ldaptest2computer25
+servicePrincipalName: host/ldaptest2computer26
+servicePrincipalName: host/ldaptest2computer27
+servicePrincipalName: host/ldaptest2computer28
+servicePrincipalName: host/ldaptest2computer29
+""")
+
+        res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE,
+                         attrs=["servicePrincipalName;range=0-*"])
+        self.assertEqual(len(res), 1, "Could not find (cn=ldaptest2computer)")
+        self.assertEqual(len(res[0]["servicePrincipalName;range=0-*"]), 30)
+
+        res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-19"])
+        self.assertEqual(len(res), 1, "Could not find (cn=ldaptest2computer)")
+        self.assertEqual(len(res[0]["servicePrincipalName;range=0-19"]), 20)
+
+        res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-30"])
+        self.assertEqual(len(res), 1, "Could not find (cn=ldaptest2computer)")
+        self.assertEqual(len(res[0]["servicePrincipalName;range=0-*"]), 30)
+
+        res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-40"])
+        self.assertEqual(len(res), 1, "Could not find (cn=ldaptest2computer)")
+        self.assertEqual(len(res[0]["servicePrincipalName;range=0-*"]), 30)
+
+        res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=30-40"])
+        self.assertEqual(len(res), 1, "Could not find (cn=ldaptest2computer)")
+        self.assertEqual(len(res[0]["servicePrincipalName;range=30-*"]), 0)
+
+        res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=10-40"])
+        self.assertEqual(len(res), 1, "Could not find (cn=ldaptest2computer)")
+        self.assertEqual(len(res[0]["servicePrincipalName;range=10-*"]), 20)
+        # pos_11 = res[0]["servicePrincipalName;range=10-*"][18]
+
+        res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=11-40"])
+        self.assertEqual(len(res), 1, "Could not find (cn=ldaptest2computer)")
+        self.assertEqual(len(res[0]["servicePrincipalName;range=11-*"]), 19)
+        # self.assertEqual((res[0]["servicePrincipalName;range=11-*"][18]), pos_11)
+
+        res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=11-15"])
+        self.assertEqual(len(res), 1, "Could not find (cn=ldaptest2computer)")
+        self.assertEqual(len(res[0]["servicePrincipalName;range=11-15"]), 5)
+        # self.assertEqual(res[0]["servicePrincipalName;range=11-15"][4], pos_11)
+
+        res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName"])
+        self.assertEqual(len(res), 1, "Could not find (cn=ldaptest2computer)")
+        self.assertEqual(len(res[0]["servicePrincipalName"]), 30)
+        # self.assertEqual(res[0]["servicePrincipalName"][18], pos_11)
+
+        delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
+        ldb.add({
+            "dn": "cn=ldaptestuser2,cn=useRs," + self.base_dn,
+            "objectClass": "user",
+            "cn": "LDAPtestUSER2",
+            "givenname": "testy",
+            "sn": "ldap user2"})
+
+        # Testing Ambiguous Name Resolution
+        # Testing ldb.search for (&(anr=ldap testy)(objectClass=user))
+        res = ldb.search(expression="(&(anr=ldap testy)(objectClass=user))")
+        self.assertEqual(len(res), 3, "Found only %d of 3 for (&(anr=ldap testy)(objectClass=user))" % len(res))
+
+        # Testing ldb.search for (&(anr=testy ldap)(objectClass=user))
+        res = ldb.search(expression="(&(anr=testy ldap)(objectClass=user))")
+        self.assertEqual(len(res), 2, "Found only %d of 2 for (&(anr=testy ldap)(objectClass=user))" % len(res))
+
+        # Testing ldb.search for (&(anr=ldap)(objectClass=user))
+        res = ldb.search(expression="(&(anr=ldap)(objectClass=user))")
+        self.assertEqual(len(res), 4, "Found only %d of 4 for (&(anr=ldap)(objectClass=user))" % len(res))
+
+        # Testing ldb.search for (&(anr==ldap)(objectClass=user))
+        res = ldb.search(expression="(&(anr==ldap)(objectClass=user))")
+        self.assertEqual(len(res), 1, "Could not find (&(anr==ldap)(objectClass=user)). Found only %d for (&(anr=ldap)(objectClass=user))" % len(res))
+
+        self.assertEqual(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + self.base_dn))
+        self.assertEqual(str(res[0]["cn"][0]), "ldaptestuser")
+        self.assertEqual(str(res[0]["name"]), "ldaptestuser")
+
+        # Testing ldb.search for (&(anr=testy)(objectClass=user))
+        res = ldb.search(expression="(&(anr=testy)(objectClass=user))")
+        self.assertEqual(len(res), 2, "Found only %d for (&(anr=testy)(objectClass=user))" % len(res))
+
+        # Testing ldb.search for (&(anr=testy ldap)(objectClass=user))
+        res = ldb.search(expression="(&(anr=testy ldap)(objectClass=user))")
+        self.assertEqual(len(res), 2, "Found only %d for (&(anr=testy ldap)(objectClass=user))" % len(res))
+
+        # Testing ldb.search for (&(anr==testy ldap)(objectClass=user))
+# this test disabled for the moment, as anr with == tests are not understood
+#        res = ldb.search(expression="(&(anr==testy ldap)(objectClass=user))")
+#        self.assertEqual(len(res), 1, "Found only %d for (&(anr==testy ldap)(objectClass=user))" % len(res))
+
+#        self.assertEqual(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + self.base_dn))
+#        self.assertEqual(res[0]["cn"][0], "ldaptestuser")
+#        self.assertEqual(res[0]["name"][0], "ldaptestuser")
+
+        # Testing ldb.search for (&(anr==testy ldap)(objectClass=user))
+#        res = ldb.search(expression="(&(anr==testy ldap)(objectClass=user))")
+#        self.assertEqual(len(res), 1, "Could not find (&(anr==testy ldap)(objectClass=user))")
+
+#        self.assertEqual(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + self.base_dn))
+#        self.assertEqual(res[0]["cn"][0], "ldaptestuser")
+#        self.assertEqual(res[0]["name"][0], "ldaptestuser")
+
+        # Testing ldb.search for (&(anr=testy ldap user)(objectClass=user))
+        res = ldb.search(expression="(&(anr=testy ldap user)(objectClass=user))")
+        self.assertEqual(len(res), 1, "Could not find (&(anr=testy ldap user)(objectClass=user))")
+
+        self.assertEqual(str(res[0].dn), ("CN=ldaptestuser2,CN=Users," + self.base_dn))
+        self.assertEqual(str(res[0]["cn"]), "ldaptestuser2")
+        self.assertEqual(str(res[0]["name"]), "ldaptestuser2")
+
+        # Testing ldb.search for (&(anr==testy ldap user2)(objectClass=user))
+#        res = ldb.search(expression="(&(anr==testy ldap user2)(objectClass=user))")
+#        self.assertEqual(len(res), 1, "Could not find (&(anr==testy ldap user2)(objectClass=user))")
+
+        self.assertEqual(str(res[0].dn), ("CN=ldaptestuser2,CN=Users," + self.base_dn))
+        self.assertEqual(str(res[0]["cn"]), "ldaptestuser2")
+        self.assertEqual(str(res[0]["name"]), "ldaptestuser2")
+
+        # Testing ldb.search for (&(anr==ldap user2)(objectClass=user))
+#        res = ldb.search(expression="(&(anr==ldap user2)(objectClass=user))")
+#        self.assertEqual(len(res), 1, "Could not find (&(anr==ldap user2)(objectClass=user))")
+
+        self.assertEqual(str(res[0].dn), ("CN=ldaptestuser2,CN=Users," + self.base_dn))
+        self.assertEqual(str(res[0]["cn"]), "ldaptestuser2")
+        self.assertEqual(str(res[0]["name"]), "ldaptestuser2")
+
+        # Testing ldb.search for (&(anr==not ldap user2)(objectClass=user))
+#        res = ldb.search(expression="(&(anr==not ldap user2)(objectClass=user))")
+#        self.assertEqual(len(res), 0, "Must not find (&(anr==not ldap user2)(objectClass=user))")
+
+        # Testing ldb.search for (&(anr=not ldap user2)(objectClass=user))
+        res = ldb.search(expression="(&(anr=not ldap user2)(objectClass=user))")
+        self.assertEqual(len(res), 0, "Must not find (&(anr=not ldap user2)(objectClass=user))")
+
+        # Testing ldb.search for (&(anr="testy ldap")(objectClass=user)) (ie, with quotes)
+#        res = ldb.search(expression="(&(anr==\"testy ldap\")(objectClass=user))")
+#        self.assertEqual(len(res), 0, "Found (&(anr==\"testy ldap\")(objectClass=user))")
+
+        # Testing Renames
+
+        attrs = ["objectGUID", "objectSid"]
+        # Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))
+        res_user = ldb.search(self.base_dn, expression="(&(cn=ldaptestUSer2)(objectClass=user))", scope=SCOPE_SUBTREE, attrs=attrs)
+        self.assertEqual(len(res_user), 1, "Could not find (&(cn=ldaptestUSer2)(objectClass=user))")
+
+        # Check rename works with extended/alternate DN forms
+        ldb.rename("<SID=" + get_string(ldb.schema_format_value("objectSID", res_user[0]["objectSID"][0])) + ">", "cn=ldaptestUSER3,cn=users," + self.base_dn)
+
+        # Testing ldb.search for (&(cn=ldaptestuser3)(objectClass=user))
+        res = ldb.search(expression="(&(cn=ldaptestuser3)(objectClass=user))")
+        self.assertEqual(len(res), 1, "Could not find (&(cn=ldaptestuser3)(objectClass=user))")
+
+        self.assertEqual(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
+        self.assertEqual(str(res[0]["cn"]), "ldaptestUSER3")
+        self.assertEqual(str(res[0]["name"]), "ldaptestUSER3")
+
+        #"Testing ldb.search for (&(&(cn=ldaptestuser3)(userAccountControl=*))(objectClass=user))"
+        res = ldb.search(expression="(&(&(cn=ldaptestuser3)(userAccountControl=*))(objectClass=user))")
+        self.assertEqual(len(res), 1, "(&(&(cn=ldaptestuser3)(userAccountControl=*))(objectClass=user))")
+
+        self.assertEqual(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
+        self.assertEqual(str(res[0]["cn"]), "ldaptestUSER3")
+        self.assertEqual(str(res[0]["name"]), "ldaptestUSER3")
+
+        #"Testing ldb.search for (&(&(cn=ldaptestuser3)(userAccountControl=546))(objectClass=user))"
+        res = ldb.search(expression="(&(&(cn=ldaptestuser3)(userAccountControl=546))(objectClass=user))")
+        self.assertEqual(len(res), 1, "(&(&(cn=ldaptestuser3)(userAccountControl=546))(objectClass=user))")
+
+        self.assertEqual(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
+        self.assertEqual(str(res[0]["cn"]), "ldaptestUSER3")
+        self.assertEqual(str(res[0]["name"]), "ldaptestUSER3")
+
+        #"Testing ldb.search for (&(&(cn=ldaptestuser3)(userAccountControl=547))(objectClass=user))"
+        res = ldb.search(expression="(&(&(cn=ldaptestuser3)(userAccountControl=547))(objectClass=user))")
+        self.assertEqual(len(res), 0, "(&(&(cn=ldaptestuser3)(userAccountControl=547))(objectClass=user))")
+
+        # Testing ldb.search for (dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ") - should not work
+        res = ldb.search(expression="(dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")")
+        self.assertEqual(len(res), 0, "Could find (dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")")
+
+        # Testing ldb.search for (distinguishedName=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")
+        res = ldb.search(expression="(distinguishedName=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")")
+        self.assertEqual(len(res), 1, "Could not find (distinguishedName=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")")
+        self.assertEqual(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
+        self.assertEqual(str(res[0]["cn"]), "ldaptestUSER3")
+        self.assertEqual(str(res[0]["name"]), "ldaptestUSER3")
+
+        # ensure we cannot add it again
+        try:
+            ldb.add({"dn": "cn=ldaptestuser3,cn=userS," + self.base_dn,
+                     "objectClass": "user",
+                     "cn": "LDAPtestUSER3"})
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_ENTRY_ALREADY_EXISTS)
+
+        # rename back
+        ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser2,cn=users," + self.base_dn)
+
+        # ensure we cannot rename it twice
+        try:
+            ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn,
+                       "cn=ldaptestuser2,cn=users," + self.base_dn)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_NO_SUCH_OBJECT)
+
+        # ensure can now use that name
+        ldb.add({"dn": "cn=ldaptestuser3,cn=users," + self.base_dn,
+                 "objectClass": "user",
+                 "cn": "LDAPtestUSER3"})
+
+        # ensure we now cannot rename
+        try:
+            ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=users," + self.base_dn)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_ENTRY_ALREADY_EXISTS)
+        try:
+            ldb.rename("cn=ldaptestuser3,cn=users,%s" % self.base_dn, "cn=ldaptestuser3,%s" % ldb.get_config_basedn())
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertTrue(num in (71, 64))
+
+        ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser5,cn=users," + self.base_dn)
+
+        ldb.delete("cn=ldaptestuser5,cn=users," + self.base_dn)
+
+        delete_force(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
+
+        ldb.rename("cn=ldaptestgroup,cn=users," + self.base_dn, "cn=ldaptestgroup2,cn=users," + self.base_dn)
+
+        # Testing subtree renames
+
+        ldb.add({"dn": "cn=ldaptestcontainer," + self.base_dn,
+                 "objectClass": "container"})
+
+        ldb.add({"dn": "CN=ldaptestuser4,CN=ldaptestcontainer," + self.base_dn,
+                 "objectClass": "user",
+                 "cn": "LDAPtestUSER4"})
+
+        # Here we don't enforce these hard "description" constraints
+        ldb.modify_ldif("""
+dn: cn=ldaptestcontainer,""" + self.base_dn + """
+changetype: modify
+replace: description
+description: desc1
+description: desc2
+""")
+
+        ldb.modify_ldif("""
+dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
+changetype: modify
+add: member
+member: cn=ldaptestuser4,cn=ldaptestcontainer,""" + self.base_dn + """
+member: cn=ldaptestcomputer,cn=computers,""" + self.base_dn + """
+member: cn=ldaptestuser2,cn=users,""" + self.base_dn + """
+""")
+
+        # Testing ldb.rename of cn=ldaptestcontainer," + self.base_dn + " to cn=ldaptestcontainer2," + self.base_dn
+        ldb.rename("CN=ldaptestcontainer," + self.base_dn, "CN=ldaptestcontainer2," + self.base_dn)
+
+        # Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user))
+        res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))")
+        self.assertEqual(len(res), 1, "Could not find (&(cn=ldaptestuser4)(objectClass=user))")
+
+        # Testing subtree ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + self.base_dn
+        try:
+            res = ldb.search("cn=ldaptestcontainer," + self.base_dn,
+                             expression="(&(cn=ldaptestuser4)(objectClass=user))",
+                             scope=SCOPE_SUBTREE)
+            self.fail(res)
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_NO_SUCH_OBJECT)
+
+        # Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + self.base_dn
+        try:
+            res = ldb.search("cn=ldaptestcontainer," + self.base_dn,
+                             expression="(&(cn=ldaptestuser4)(objectClass=user))", scope=SCOPE_ONELEVEL)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_NO_SUCH_OBJECT)
+
+        # Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in renamed container"
+        res = ldb.search("cn=ldaptestcontainer2," + self.base_dn, expression="(&(cn=ldaptestuser4)(objectClass=user))", scope=SCOPE_SUBTREE)
+        self.assertEqual(len(res), 1, "Could not find (&(cn=ldaptestuser4)(objectClass=user)) under cn=ldaptestcontainer2," + self.base_dn)
+
+        self.assertEqual(str(res[0].dn), ("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn))
+        self.assertEqual(str(res[0]["memberOf"][0]).upper(), ("CN=ldaptestgroup2,CN=Users," + self.base_dn).upper())
+
+        time.sleep(4)
+
+        # Testing ldb.search for (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn + ")(objectclass=group)) to check subtree renames and linked attributes"
+        res = ldb.search(self.base_dn, expression="(&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn + ")(objectclass=group))", scope=SCOPE_SUBTREE)
+        self.assertEqual(len(res), 1, "Could not find (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn + ")(objectclass=group)), perhaps linked attributes are not consistent with subtree renames?")
+
+        # Testing ldb.rename (into itself) of cn=ldaptestcontainer2," + self.base_dn + " to cn=ldaptestcontainer,cn=ldaptestcontainer2," + self.base_dn
+        try:
+            ldb.rename("cn=ldaptestcontainer2," + self.base_dn, "cn=ldaptestcontainer,cn=ldaptestcontainer2," + self.base_dn)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        # Testing ldb.rename (into non-existent container) of cn=ldaptestcontainer2," + self.base_dn + " to cn=ldaptestcontainer,cn=ldaptestcontainer3," + self.base_dn
+        try:
+            ldb.rename("cn=ldaptestcontainer2," + self.base_dn, "cn=ldaptestcontainer,cn=ldaptestcontainer3," + self.base_dn)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertTrue(num in (ERR_UNWILLING_TO_PERFORM, ERR_OTHER))
+
+        # Testing delete (should fail, not a leaf node) of renamed cn=ldaptestcontainer2," + self.base_dn
+        try:
+            ldb.delete("cn=ldaptestcontainer2," + self.base_dn)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_NOT_ALLOWED_ON_NON_LEAF)
+
+        # Testing base ldb.search for CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn
+        res = ldb.search(expression="(objectclass=*)", base=("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn), scope=SCOPE_BASE)
+        self.assertEqual(len(res), 1)
+        res = ldb.search(expression="(cn=ldaptestuser40)", base=("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn), scope=SCOPE_BASE)
+        self.assertEqual(len(res), 0)
+
+        # Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2," + self.base_dn
+        res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))", base=("cn=ldaptestcontainer2," + self.base_dn), scope=SCOPE_ONELEVEL)
+        self.assertEqual(len(res), 1)
+
+        # Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2," + self.base_dn
+        res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))", base=("cn=ldaptestcontainer2," + self.base_dn), scope=SCOPE_SUBTREE)
+        self.assertEqual(len(res), 1)
+
+        # Testing delete of subtree renamed "+("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn)
+        ldb.delete(("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn))
+        # Testing delete of renamed cn=ldaptestcontainer2," + self.base_dn
+        ldb.delete("cn=ldaptestcontainer2," + self.base_dn)
+
+        ldb.add({"dn": "cn=ldaptestutf8user èùéìòà,cn=users," + self.base_dn, "objectClass": "user"})
+
+        ldb.add({"dn": "cn=ldaptestutf8user2  èùéìòà,cn=users," + self.base_dn, "objectClass": "user"})
+
+        # Testing ldb.search for (&(cn=ldaptestuser)(objectClass=user))"
+        res = ldb.search(expression="(&(cn=ldaptestuser)(objectClass=user))")
+        self.assertEqual(len(res), 1, "Could not find (&(cn=ldaptestuser)(objectClass=user))")
+
+        self.assertEqual(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + self.base_dn))
+        self.assertEqual(str(res[0]["cn"]), "ldaptestuser")
+        self.assertEqual(str(res[0]["name"]), "ldaptestuser")
+        self.assertEqual(set(res[0]["objectClass"]), set([b"top", b"person", b"organizationalPerson", b"user"]))
+        self.assertTrue("objectGUID" in res[0])
+        self.assertTrue("whenCreated" in res[0])
+        self.assertEqual(str(res[0]["objectCategory"]), ("CN=Person,%s" % ldb.get_schema_basedn()))
+        self.assertEqual(int(res[0]["sAMAccountType"][0]), ATYPE_NORMAL_ACCOUNT)
+        self.assertEqual(int(res[0]["userAccountControl"][0]), UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE)
+        self.assertEqual(str(res[0]["memberOf"][0]).upper(), ("CN=ldaptestgroup2,CN=Users," + self.base_dn).upper())
+        self.assertEqual(len(res[0]["memberOf"]), 1)
+
+        # Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=cn=person,%s))" % ldb.get_schema_basedn()
+        res2 = ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=cn=person,%s))" % ldb.get_schema_basedn())
+        self.assertEqual(len(res2), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=cn=person,%s))" % ldb.get_schema_basedn())
+
+        self.assertEqual(res[0].dn, res2[0].dn)
+
+        # Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon))"
+        res3 = ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=PerSon))")
+        self.assertEqual(len(res3), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)): matched %d" % len(res3))
+
+        self.assertEqual(res[0].dn, res3[0].dn)
+
+        if gc_ldb is not None:
+            # Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog"
+            res3gc = gc_ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=PerSon))")
+            self.assertEqual(len(res3gc), 1)
+
+            self.assertEqual(res[0].dn, res3gc[0].dn)
+
+        # Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in with 'phantom root' control"
+
+        if gc_ldb is not None:
+            res3control = gc_ldb.search(self.base_dn, expression="(&(cn=ldaptestuser)(objectCategory=PerSon))", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:2"])
+            self.assertEqual(len(res3control), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog")
+
+            self.assertEqual(res[0].dn, res3control[0].dn)
+
+        ldb.delete(res[0].dn)
+
+        # Testing ldb.search for (&(cn=ldaptestcomputer)(objectClass=user))"
+        res = ldb.search(expression="(&(cn=ldaptestcomputer)(objectClass=user))")
+        self.assertEqual(len(res), 1, "Could not find (&(cn=ldaptestuser)(objectClass=user))")
+
+        self.assertEqual(str(res[0].dn), ("CN=ldaptestcomputer,CN=Computers," + self.base_dn))
+        self.assertEqual(str(res[0]["cn"]), "ldaptestcomputer")
+        self.assertEqual(str(res[0]["name"]), "ldaptestcomputer")
+        self.assertEqual(set(res[0]["objectClass"]), set([b"top", b"person", b"organizationalPerson", b"user", b"computer"]))
+        self.assertTrue("objectGUID" in res[0])
+        self.assertTrue("whenCreated" in res[0])
+        self.assertEqual(str(res[0]["objectCategory"]), ("CN=Computer,%s" % ldb.get_schema_basedn()))
+        self.assertEqual(int(res[0]["primaryGroupID"][0]), DOMAIN_RID_DOMAIN_MEMBERS)
+        self.assertEqual(int(res[0]["sAMAccountType"][0]), ATYPE_WORKSTATION_TRUST)
+        self.assertEqual(int(res[0]["userAccountControl"][0]), UF_WORKSTATION_TRUST_ACCOUNT | UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE)
+        self.assertEqual(str(res[0]["memberOf"][0]).upper(), ("CN=ldaptestgroup2,CN=Users," + self.base_dn).upper())
+        self.assertEqual(len(res[0]["memberOf"]), 1)
+
+        # Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,%s))" % ldb.get_schema_basedn()
+        res2 = ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,%s))" % ldb.get_schema_basedn())
+        self.assertEqual(len(res2), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,%s))" % ldb.get_schema_basedn())
+
+        self.assertEqual(res[0].dn, res2[0].dn)
+
+        if gc_ldb is not None:
+            # Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,%s)) in Global Catalog" % gc_ldb.get_schema_basedn()
+            res2gc = gc_ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,%s))" % gc_ldb.get_schema_basedn())
+            self.assertEqual(len(res2gc), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,%s)) In Global Catalog" % gc_ldb.get_schema_basedn())
+
+            self.assertEqual(res[0].dn, res2gc[0].dn)
+
+        # Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER))"
+        res3 = ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=compuTER))")
+        self.assertEqual(len(res3), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER))")
+
+        self.assertEqual(res[0].dn, res3[0].dn)
+
+        if gc_ldb is not None:
+            # Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog"
+            res3gc = gc_ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=compuTER))")
+            self.assertEqual(len(res3gc), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog")
+
+            self.assertEqual(res[0].dn, res3gc[0].dn)
+
+        # Testing ldb.search for (&(cn=ldaptestcomp*r)(objectCategory=compuTER))"
+        res4 = ldb.search(expression="(&(cn=ldaptestcomp*r)(objectCategory=compuTER))")
+        self.assertEqual(len(res4), 1, "Could not find (&(cn=ldaptestcomp*r)(objectCategory=compuTER))")
+
+        self.assertEqual(res[0].dn, res4[0].dn)
+
+        # Testing ldb.search for (&(cn=ldaptestcomput*)(objectCategory=compuTER))"
+        res5 = ldb.search(expression="(&(cn=ldaptestcomput*)(objectCategory=compuTER))")
+        self.assertEqual(len(res5), 1, "Could not find (&(cn=ldaptestcomput*)(objectCategory=compuTER))")
+
+        self.assertEqual(res[0].dn, res5[0].dn)
+
+        # Testing ldb.search for (&(cn=*daptestcomputer)(objectCategory=compuTER))"
+        res6 = ldb.search(expression="(&(cn=*daptestcomputer)(objectCategory=compuTER))")
+        self.assertEqual(len(res6), 1, "Could not find (&(cn=*daptestcomputer)(objectCategory=compuTER))")
+
+        self.assertEqual(res[0].dn, res6[0].dn)
+
+        ldb.delete("<GUID=" + get_string(ldb.schema_format_value("objectGUID", res[0]["objectGUID"][0])) + ">")
+
+        # Testing ldb.search for (&(cn=ldaptest2computer)(objectClass=user))"
+        res = ldb.search(expression="(&(cn=ldaptest2computer)(objectClass=user))")
+        self.assertEqual(len(res), 1, "Could not find (&(cn=ldaptest2computer)(objectClass=user))")
+
+        self.assertEqual(str(res[0].dn), "CN=ldaptest2computer,CN=Computers," + self.base_dn)
+        self.assertEqual(str(res[0]["cn"]), "ldaptest2computer")
+        self.assertEqual(str(res[0]["name"]), "ldaptest2computer")
+        self.assertEqual(list(res[0]["objectClass"]), [b"top", b"person", b"organizationalPerson", b"user", b"computer"])
+        self.assertTrue("objectGUID" in res[0])
+        self.assertTrue("whenCreated" in res[0])
+        self.assertEqual(str(res[0]["objectCategory"][0]), "CN=Computer,%s" % ldb.get_schema_basedn())
+        self.assertEqual(int(res[0]["sAMAccountType"][0]), ATYPE_WORKSTATION_TRUST)
+        self.assertEqual(int(res[0]["userAccountControl"][0]), UF_WORKSTATION_TRUST_ACCOUNT)
+
+        ldb.delete("<SID=" + get_string(ldb.schema_format_value("objectSID", res[0]["objectSID"][0])) + ">")
+
+        attrs = ["cn", "name", "objectClass", "objectGUID", "objectSID", "whenCreated", "nTSecurityDescriptor", "memberOf", "allowedAttributes", "allowedAttributesEffective"]
+        # Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))"
+        res_user = ldb.search(self.base_dn, expression="(&(cn=ldaptestUSer2)(objectClass=user))", scope=SCOPE_SUBTREE, attrs=attrs)
+        self.assertEqual(len(res_user), 1, "Could not find (&(cn=ldaptestUSer2)(objectClass=user))")
+
+        self.assertEqual(str(res_user[0].dn), ("CN=ldaptestuser2,CN=Users," + self.base_dn))
+        self.assertEqual(str(res_user[0]["cn"]), "ldaptestuser2")
+        self.assertEqual(str(res_user[0]["name"]), "ldaptestuser2")
+        self.assertEqual(list(res_user[0]["objectClass"]), [b"top", b"person", b"organizationalPerson", b"user"])
+        self.assertTrue("objectSid" in res_user[0])
+        self.assertTrue("objectGUID" in res_user[0])
+        self.assertTrue("whenCreated" in res_user[0])
+        self.assertTrue("nTSecurityDescriptor" in res_user[0])
+        self.assertTrue("allowedAttributes" in res_user[0])
+        self.assertTrue("allowedAttributesEffective" in res_user[0])
+        self.assertEqual(str(res_user[0]["memberOf"][0]).upper(), ("CN=ldaptestgroup2,CN=Users," + self.base_dn).upper())
+
+        ldaptestuser2_sid = res_user[0]["objectSid"][0]
+        ldaptestuser2_guid = res_user[0]["objectGUID"][0]
+
+        attrs = ["cn", "name", "objectClass", "objectGUID", "objectSID", "whenCreated", "nTSecurityDescriptor", "member", "allowedAttributes", "allowedAttributesEffective"]
+        # Testing ldb.search for (&(cn=ldaptestgroup2)(objectClass=group))"
+        res = ldb.search(self.base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
+        self.assertEqual(len(res), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))")
+
+        self.assertEqual(str(res[0].dn), ("CN=ldaptestgroup2,CN=Users," + self.base_dn))
+        self.assertEqual(str(res[0]["cn"]), "ldaptestgroup2")
+        self.assertEqual(str(res[0]["name"]), "ldaptestgroup2")
+        self.assertEqual(list(res[0]["objectClass"]), [b"top", b"group"])
+        self.assertTrue("objectGUID" in res[0])
+        self.assertTrue("objectSid" in res[0])
+        self.assertTrue("whenCreated" in res[0])
+        self.assertTrue("nTSecurityDescriptor" in res[0])
+        self.assertTrue("allowedAttributes" in res[0])
+        self.assertTrue("allowedAttributesEffective" in res[0])
+        memberUP = []
+        for m in res[0]["member"]:
+            memberUP.append(str(m).upper())
+        self.assertTrue(("CN=ldaptestuser2,CN=Users," + self.base_dn).upper() in memberUP)
+
+        res = ldb.search(self.base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs, controls=["extended_dn:1:1"])
+        self.assertEqual(len(res), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))")
+
+        print(res[0]["member"])
+        memberUP = []
+        for m in res[0]["member"]:
+            memberUP.append(str(m).upper())
+        print(("<GUID=" + get_string(ldb.schema_format_value("objectGUID", ldaptestuser2_guid)) + ">;<SID=" + get_string(ldb.schema_format_value("objectSid", ldaptestuser2_sid)) + ">;CN=ldaptestuser2,CN=Users," + self.base_dn).upper())
+
+        self.assertTrue(("<GUID=" + get_string(ldb.schema_format_value("objectGUID", ldaptestuser2_guid)) + ">;<SID=" + get_string(ldb.schema_format_value("objectSid", ldaptestuser2_sid)) + ">;CN=ldaptestuser2,CN=Users," + self.base_dn).upper() in memberUP)
+
+        # Quicktest for linked attributes"
+        ldb.modify_ldif("""
+dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
+changetype: modify
+replace: member
+member: CN=ldaptestuser2,CN=Users,""" + self.base_dn + """
+member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
+""")
+
+        ldb.modify_ldif("""
+dn: <GUID=""" + get_string(ldb.schema_format_value("objectGUID", res[0]["objectGUID"][0])) + """>
+changetype: modify
+replace: member
+member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
+""")
+
+        ldb.modify_ldif("""
+dn: <SID=""" + get_string(ldb.schema_format_value("objectSid", res[0]["objectSid"][0])) + """>
+changetype: modify
+delete: member
+""")
+
+        ldb.modify_ldif("""
+dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
+changetype: modify
+add: member
+member: <GUID=""" + get_string(ldb.schema_format_value("objectGUID", res[0]["objectGUID"][0])) + """>
+member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
+""")
+
+        ldb.modify_ldif("""
+dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
+changetype: modify
+replace: member
+""")
+
+        ldb.modify_ldif("""
+dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
+changetype: modify
+add: member
+member: <SID=""" + get_string(ldb.schema_format_value("objectSid", res_user[0]["objectSid"][0])) + """>
+member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
+""")
+
+        ldb.modify_ldif("""
+dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: member
+member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
+""")
+
+        res = ldb.search(self.base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
+        self.assertEqual(len(res), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))")
+
+        self.assertEqual(str(res[0].dn), ("CN=ldaptestgroup2,CN=Users," + self.base_dn))
+        self.assertEqual(str(res[0]["member"][0]), ("CN=ldaptestuser2,CN=Users," + self.base_dn))
+        self.assertEqual(len(res[0]["member"]), 1)
+
+        ldb.delete(("CN=ldaptestuser2,CN=Users," + self.base_dn))
+
+        time.sleep(4)
+
+        attrs = ["cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor", "member"]
+        # Testing ldb.search for (&(cn=ldaptestgroup2)(objectClass=group)) to check linked delete"
+        res = ldb.search(self.base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
+        self.assertEqual(len(res), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group)) to check linked delete")
+
+        self.assertEqual(str(res[0].dn), ("CN=ldaptestgroup2,CN=Users," + self.base_dn))
+        self.assertTrue("member" not in res[0])
+
+        # Testing ldb.search for (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))"
+        res = ldb.search(expression="(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
+        self.assertEqual(len(res), 1, "Could not find (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
+        res = ldb.search(expression="(&(cn=ldaptestutf8user èùéìòà)(objectclass=user))")
+        self.assertEqual(len(res), 1, "Could not find (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
+
+        self.assertEqual(str(res[0].dn), ("CN=ldaptestutf8user èùéìòà,CN=Users," + self.base_dn))
+        self.assertEqual(str(res[0]["cn"]), "ldaptestutf8user èùéìòà")
+        self.assertEqual(str(res[0]["name"]), "ldaptestutf8user èùéìòà")
+        self.assertEqual(list(res[0]["objectClass"]), [b"top", b"person", b"organizationalPerson", b"user"])
+        self.assertTrue("objectGUID" in res[0])
+        self.assertTrue("whenCreated" in res[0])
+
+        # delete "ldaptestutf8user"
+        ldb.delete(res[0].dn)
+
+        # Testing ldb.search for (&(cn=ldaptestutf8user2*)(objectClass=user))"
+        res = ldb.search(expression="(&(cn=ldaptestutf8user2*)(objectClass=user))")
+        self.assertEqual(len(res), 1, "Could not find (&(cn=ldaptestutf8user2*)(objectClass=user))")
+
+        # Testing ldb.search for (&(cn=ldaptestutf8user2  ÈÙÉÌÒÀ)(objectClass=user))"
+        res = ldb.search(expression="(&(cn=ldaptestutf8user2  ÈÙÉÌÒÀ)(objectClass=user))")
+        self.assertEqual(len(res), 1, "Could not find (&(cn=ldaptestutf8user2  ÈÙÉÌÒÀ)(objectClass=user))")
+
+        # delete "ldaptestutf8user2 "
+        ldb.delete(res[0].dn)
+
+        ldb.delete(("CN=ldaptestgroup2,CN=Users," + self.base_dn))
+
+        # Testing that we can't get at the configuration DN from the main search base"
+        res = ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
+        self.assertEqual(len(res), 0)
+
+        # Testing that we can get at the configuration DN from the main search base on the LDAP port with the 'phantom root' search_options control"
+        res = ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:2"])
+        self.assertTrue(len(res) > 0)
+
+        if gc_ldb is not None:
+            # Testing that we can get at the configuration DN from the main search base on the GC port with the search_options control == 0"
+
+            res = gc_ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:0"])
+            self.assertTrue(len(res) > 0)
+
+            # Testing that we do find configuration elements in the global catlog"
+            res = gc_ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
+            self.assertTrue(len(res) > 0)
+
+            # Testing that we do find configuration elements and user elements at the same time"
+            res = gc_ldb.search(self.base_dn, expression="(|(objectClass=crossRef)(objectClass=person))", scope=SCOPE_SUBTREE, attrs=["cn"])
+            self.assertTrue(len(res) > 0)
+
+            # Testing that we do find configuration elements in the global catlog, with the configuration basedn"
+            res = gc_ldb.search(self.configuration_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
+            self.assertTrue(len(res) > 0)
+
+        # Testing that we can get at the configuration DN on the main LDAP port"
+        res = ldb.search(self.configuration_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
+        self.assertTrue(len(res) > 0)
+
+        # Testing objectCategory canonicalisation"
+        res = ldb.search(self.configuration_dn, expression="objectCategory=ntDsDSA", scope=SCOPE_SUBTREE, attrs=["cn"])
+        self.assertTrue(len(res) > 0, "Didn't find any records with objectCategory=ntDsDSA")
+        self.assertTrue(len(res) != 0)
+
+        res = ldb.search(self.configuration_dn, expression="objectCategory=CN=ntDs-DSA," + self.schema_dn, scope=SCOPE_SUBTREE, attrs=["cn"])
+        self.assertTrue(len(res) > 0, "Didn't find any records with objectCategory=CN=ntDs-DSA," + self.schema_dn)
+        self.assertTrue(len(res) != 0)
+
+        # Testing objectClass attribute order on "+ self.base_dn
+        res = ldb.search(expression="objectClass=domain", base=self.base_dn,
+                         scope=SCOPE_BASE, attrs=["objectClass"])
+        self.assertEqual(len(res), 1)
+
+        self.assertEqual(list(res[0]["objectClass"]), [b"top", b"domain", b"domainDNS"])
+
+    #  check enumeration
+
+        # Testing ldb.search for objectCategory=person"
+        res = ldb.search(self.base_dn, expression="objectCategory=person", scope=SCOPE_SUBTREE, attrs=["cn"])
+        self.assertTrue(len(res) > 0)
+
+        # Testing ldb.search for objectCategory=person with domain scope control"
+        res = ldb.search(self.base_dn, expression="objectCategory=person", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
+        self.assertTrue(len(res) > 0)
+
+        # Testing ldb.search for objectCategory=user"
+        res = ldb.search(self.base_dn, expression="objectCategory=user", scope=SCOPE_SUBTREE, attrs=["cn"])
+        self.assertTrue(len(res) > 0)
+
+        # Testing ldb.search for objectCategory=user with domain scope control"
+        res = ldb.search(self.base_dn, expression="objectCategory=user", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
+        self.assertTrue(len(res) > 0)
+
+        # Testing ldb.search for objectCategory=group"
+        res = ldb.search(self.base_dn, expression="objectCategory=group", scope=SCOPE_SUBTREE, attrs=["cn"])
+        self.assertTrue(len(res) > 0)
+
+        # Testing ldb.search for objectCategory=group with domain scope control"
+        res = ldb.search(self.base_dn, expression="objectCategory=group", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
+        self.assertTrue(len(res) > 0)
+
+        # Testing creating a user with the posixAccount objectClass"
+        self.ldb.add_ldif("""dn: cn=posixuser,CN=Users,%s
+objectClass: top
+objectClass: person
+objectClass: posixAccount
+objectClass: user
+objectClass: organizationalPerson
+cn: posixuser
+uid: posixuser
+sn: posixuser
+uidNumber: 10126
+gidNumber: 10126
+homeDirectory: /home/posixuser
+loginShell: /bin/bash
+gecos: Posix User;;;
+description: A POSIX user""" % (self.base_dn))
+
+        # Testing removing the posixAccount objectClass from an existing user"
+        self.ldb.modify_ldif("""dn: cn=posixuser,CN=Users,%s
+changetype: modify
+delete: objectClass
+objectClass: posixAccount""" % (self.base_dn))
+
+        # Testing adding the posixAccount objectClass to an existing user"
+        self.ldb.modify_ldif("""dn: cn=posixuser,CN=Users,%s
+changetype: modify
+add: objectClass
+objectClass: posixAccount""" % (self.base_dn))
+
+        delete_force(self.ldb, "cn=posixuser,cn=users," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer2," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptest2computer,cn=computers," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestutf8user èùéìòà,cn=users," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestutf8user2  èùéìòà,cn=users," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestcontainer2," + self.base_dn)
+
+    def test_security_descriptor_add(self):
+        """ Testing ldb.add_ldif() for nTSecurityDescriptor """
+        user_name = "testdescriptoruser1"
+        user_dn = "CN=%s,CN=Users,%s" % (user_name, self.base_dn)
+        #
+        # Test an empty security descriptor (naturally this shouldn't work)
+        #
+        delete_force(self.ldb, user_dn)
+        try:
+            self.ldb.add({"dn": user_dn,
+                          "objectClass": "user",
+                          "sAMAccountName": user_name,
+                          "nTSecurityDescriptor": []})
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+        finally:
+            delete_force(self.ldb, user_dn)
+        #
+        # Test add_ldif() with SDDL security descriptor input
+        #
+        try:
+            sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
+            self.ldb.add_ldif("""
+dn: """ + user_dn + """
+objectclass: user
+sAMAccountName: """ + user_name + """
+nTSecurityDescriptor: """ + sddl)
+            res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
+            desc = res[0]["nTSecurityDescriptor"][0]
+            desc = ndr_unpack(security.descriptor, desc)
+            desc_sddl = desc.as_sddl(self.domain_sid)
+            self.assertEqual(desc_sddl, sddl)
+        finally:
+            delete_force(self.ldb, user_dn)
+        #
+        # Test add_ldif() with BASE64 security descriptor
+        #
+        try:
+            sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
+            desc = security.descriptor.from_sddl(sddl, self.domain_sid)
+            desc_binary = ndr_pack(desc)
+            desc_base64 = base64.b64encode(desc_binary).decode('utf8')
+            self.ldb.add_ldif("""
+dn: """ + user_dn + """
+objectclass: user
+sAMAccountName: """ + user_name + """
+nTSecurityDescriptor:: """ + desc_base64)
+            res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
+            desc = res[0]["nTSecurityDescriptor"][0]
+            desc = ndr_unpack(security.descriptor, desc)
+            desc_sddl = desc.as_sddl(self.domain_sid)
+            self.assertEqual(desc_sddl, sddl)
+        finally:
+            delete_force(self.ldb, user_dn)
+
+    def test_security_descriptor_add_neg(self):
+        """Test add_ldif() with BASE64 security descriptor input using WRONG domain SID
+            Negative test
+        """
+        user_name = "testdescriptoruser1"
+        user_dn = "CN=%s,CN=Users,%s" % (user_name, self.base_dn)
+        delete_force(self.ldb, user_dn)
+        try:
+            sddl = "O:DUG:DUD:AI(A;;RPWP;;;AU)S:PAI"
+            desc = security.descriptor.from_sddl(sddl, security.dom_sid('S-1-5-21'))
+            desc_base64 = base64.b64encode(ndr_pack(desc)).decode('utf8')
+            self.ldb.add_ldif("""
+dn: """ + user_dn + """
+objectclass: user
+sAMAccountName: """ + user_name + """
+nTSecurityDescriptor:: """ + desc_base64)
+            res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
+            self.assertTrue("nTSecurityDescriptor" in res[0])
+            desc = res[0]["nTSecurityDescriptor"][0]
+            desc = ndr_unpack(security.descriptor, desc)
+            desc_sddl = desc.as_sddl(self.domain_sid)
+            self.assertTrue("O:S-1-5-21-513G:S-1-5-21-513D:AI(A;;RPWP;;;AU)" in desc_sddl)
+        finally:
+            delete_force(self.ldb, user_dn)
+
+    def test_security_descriptor_modify(self):
+        """ Testing ldb.modify_ldif() for nTSecurityDescriptor """
+        user_name = "testdescriptoruser2"
+        user_dn = "CN=%s,CN=Users,%s" % (user_name, self.base_dn)
+        #
+        # Test an empty security descriptor (naturally this shouldn't work)
+        #
+        delete_force(self.ldb, user_dn)
+        self.ldb.add({"dn": user_dn,
+                      "objectClass": "user",
+                      "sAMAccountName": user_name})
+
+        m = Message()
+        m.dn = Dn(ldb, user_dn)
+        m["nTSecurityDescriptor"] = MessageElement([], FLAG_MOD_ADD,
+                                                   "nTSecurityDescriptor")
+        try:
+            self.ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        m = Message()
+        m.dn = Dn(ldb, user_dn)
+        m["nTSecurityDescriptor"] = MessageElement([], FLAG_MOD_REPLACE,
+                                                   "nTSecurityDescriptor")
+        try:
+            self.ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        m = Message()
+        m.dn = Dn(ldb, user_dn)
+        m["nTSecurityDescriptor"] = MessageElement([], FLAG_MOD_DELETE,
+                                                   "nTSecurityDescriptor")
+        try:
+            self.ldb.modify(m)
+            self.fail()
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        delete_force(self.ldb, user_dn)
+        #
+        # Test modify_ldif() with SDDL security descriptor input
+        # Add ACE to the original descriptor test
+        #
+        try:
+            self.ldb.add_ldif("""
+dn: """ + user_dn + """
+objectclass: user
+sAMAccountName: """ + user_name)
+            # Modify descriptor
+            res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
+            desc = res[0]["nTSecurityDescriptor"][0]
+            desc = ndr_unpack(security.descriptor, desc)
+            desc_sddl = desc.as_sddl(self.domain_sid)
+            sddl = desc_sddl[:desc_sddl.find("(")] + "(A;;RPWP;;;AU)" + desc_sddl[desc_sddl.find("("):]
+            mod = """
+dn: """ + user_dn + """
+changetype: modify
+replace: nTSecurityDescriptor
+nTSecurityDescriptor: """ + sddl
+            self.ldb.modify_ldif(mod)
+            # Read modified descriptor
+            res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
+            desc = res[0]["nTSecurityDescriptor"][0]
+            desc = ndr_unpack(security.descriptor, desc)
+            desc_sddl = desc.as_sddl(self.domain_sid)
+            self.assertEqual(desc_sddl, sddl)
+        finally:
+            delete_force(self.ldb, user_dn)
+        #
+        # Test modify_ldif() with SDDL security descriptor input
+        # New descriptor test
+        #
+        try:
+            self.ldb.add_ldif("""
+dn: """ + user_dn + """
+objectclass: user
+sAMAccountName: """ + user_name)
+            # Modify descriptor
+            sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
+            mod = """
+dn: """ + user_dn + """
+changetype: modify
+replace: nTSecurityDescriptor
+nTSecurityDescriptor: """ + sddl
+            self.ldb.modify_ldif(mod)
+            # Read modified descriptor
+            res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
+            desc = res[0]["nTSecurityDescriptor"][0]
+            desc = ndr_unpack(security.descriptor, desc)
+            desc_sddl = desc.as_sddl(self.domain_sid)
+            self.assertEqual(desc_sddl, sddl)
+        finally:
+            delete_force(self.ldb, user_dn)
+        #
+        # Test modify_ldif() with BASE64 security descriptor input
+        # Add ACE to the original descriptor test
+        #
+        try:
+            self.ldb.add_ldif("""
+dn: """ + user_dn + """
+objectclass: user
+sAMAccountName: """ + user_name)
+            # Modify descriptor
+            res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
+            desc = res[0]["nTSecurityDescriptor"][0]
+            desc = ndr_unpack(security.descriptor, desc)
+            desc_sddl = desc.as_sddl(self.domain_sid)
+            sddl = desc_sddl[:desc_sddl.find("(")] + "(A;;RPWP;;;AU)" + desc_sddl[desc_sddl.find("("):]
+            desc = security.descriptor.from_sddl(sddl, self.domain_sid)
+            desc_base64 = base64.b64encode(ndr_pack(desc)).decode('utf8')
+            mod = """
+dn: """ + user_dn + """
+changetype: modify
+replace: nTSecurityDescriptor
+nTSecurityDescriptor:: """ + desc_base64
+            self.ldb.modify_ldif(mod)
+            # Read modified descriptor
+            res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
+            desc = res[0]["nTSecurityDescriptor"][0]
+            desc = ndr_unpack(security.descriptor, desc)
+            desc_sddl = desc.as_sddl(self.domain_sid)
+            self.assertEqual(desc_sddl, sddl)
+        finally:
+            delete_force(self.ldb, user_dn)
+        #
+        # Test modify_ldif() with BASE64 security descriptor input
+        # New descriptor test
+        #
+        try:
+            delete_force(self.ldb, user_dn)
+            self.ldb.add_ldif("""
+dn: """ + user_dn + """
+objectclass: user
+sAMAccountName: """ + user_name)
+            # Modify descriptor
+            sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
+            desc = security.descriptor.from_sddl(sddl, self.domain_sid)
+            desc_base64 = base64.b64encode(ndr_pack(desc)).decode('utf8')
+            mod = """
+dn: """ + user_dn + """
+changetype: modify
+replace: nTSecurityDescriptor
+nTSecurityDescriptor:: """ + desc_base64
+            self.ldb.modify_ldif(mod)
+            # Read modified descriptor
+            res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
+            desc = res[0]["nTSecurityDescriptor"][0]
+            desc = ndr_unpack(security.descriptor, desc)
+            desc_sddl = desc.as_sddl(self.domain_sid)
+            self.assertEqual(desc_sddl, sddl)
+        finally:
+            delete_force(self.ldb, user_dn)
+
+    def test_dsheuristics(self):
+        """Tests the 'dSHeuristics' attribute"""
+        # Tests the 'dSHeuristics' attribute"
+
+        # Get the current value to restore it later
+        dsheuristics = self.ldb.get_dsheuristics()
+        # Perform the length checks: for each decade (except the 0th) we need
+        # the first index to be the number. This goes till the 9th one, beyond
+        # there does not seem to be another limitation.
+        try:
+            dshstr = ""
+            for i in range(1, 11):
+                # This is in the range
+                self.ldb.set_dsheuristics(dshstr + "x")
+                self.ldb.set_dsheuristics(dshstr + "xxxxx")
+                dshstr = dshstr + "xxxxxxxxx"
+                if i < 10:
+                    # Not anymore in the range, new decade specifier needed
+                    try:
+                        self.ldb.set_dsheuristics(dshstr + "x")
+                        self.fail()
+                    except LdbError as e:
+                        (num, _) = e.args
+                        self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+                    dshstr = dshstr + str(i)
+                else:
+                    # There does not seem to be an upper limit
+                    self.ldb.set_dsheuristics(dshstr + "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx")
+            # apart from the above, all char values are accepted
+            self.ldb.set_dsheuristics("123ABC-+!1asdfg@#^")
+            self.assertEqual(self.ldb.get_dsheuristics(), b"123ABC-+!1asdfg@#^")
+        finally:
+            # restore old value
+            self.ldb.set_dsheuristics(dsheuristics)
+
+    def test_ldapControlReturn(self):
+        """Testing that if we request a control that return a control it
+           really return something"""
+        res = self.ldb.search(attrs=["cn"],
+                              controls=["paged_results:1:10"])
+        self.assertEqual(len(res.controls), 1)
+        self.assertEqual(res.controls[0].oid, "1.2.840.113556.1.4.319")
+        s = str(res.controls[0])
+
+    def test_operational(self):
+        """Tests operational attributes"""
+        # Tests operational attributes"
+
+        res = self.ldb.search(self.base_dn, scope=SCOPE_BASE,
+                              attrs=["createTimeStamp", "modifyTimeStamp",
+                                     "structuralObjectClass", "whenCreated",
+                                     "whenChanged"])
+        self.assertEqual(len(res), 1)
+        self.assertTrue("createTimeStamp" in res[0])
+        self.assertTrue("modifyTimeStamp" in res[0])
+        self.assertTrue("structuralObjectClass" in res[0])
+        self.assertTrue("whenCreated" in res[0])
+        self.assertTrue("whenChanged" in res[0])
+
+    def test_timevalues1(self):
+        """Tests possible syntax of time attributes"""
+
+        user_name = "testtimevaluesuser1"
+        user_dn = "CN=%s,CN=Users,%s" % (user_name, self.base_dn)
+
+        delete_force(self.ldb, user_dn)
+        self.ldb.add({"dn": user_dn,
+                      "objectClass": "user",
+                      "sAMAccountName": user_name})
+
+        #
+        # We check the following values:
+        #
+        #   370101000000Z     => 20370101000000.0Z
+        # 20370102000000.*Z   => 20370102000000.0Z
+        #
+        ext = ["Z", ".0Z", ".Z", ".000Z", ".RandomIgnoredCharacters...987654321Z"]
+        for i in range(0, len(ext)):
+            v_raw = "203701%02d000000" % (i + 1)
+            if ext[i] == "Z":
+                v_set = v_raw[2:] + ext[i]
+            else:
+                v_set = v_raw + ext[i]
+            v_get = v_raw + ".0Z"
+
+            m = Message()
+            m.dn = Dn(ldb, user_dn)
+            m["msTSExpireDate"] = MessageElement([v_set],
+                                                 FLAG_MOD_REPLACE,
+                                                 "msTSExpireDate")
+            self.ldb.modify(m)
+
+            res = self.ldb.search(base=user_dn, scope=SCOPE_BASE, attrs=["msTSExpireDate"])
+            self.assertTrue(len(res) == 1)
+            self.assertTrue("msTSExpireDate" in res[0])
+            self.assertTrue(len(res[0]["msTSExpireDate"]) == 1)
+            self.assertEqual(str(res[0]["msTSExpireDate"][0]), v_get)
+
+    def test_ldapSearchNoAttributes(self):
+        """Testing ldap search with no attributes"""
+
+        user_name = "testemptyattributesuser"
+        user_dn = "CN=%s,%s" % (user_name, self.base_dn)
+        delete_force(self.ldb, user_dn)
+
+        self.ldb.add({"dn": user_dn,
+                      "objectClass": "user",
+                      "sAMAccountName": user_name})
+
+        res = self.ldb.search(user_dn, scope=SCOPE_BASE, attrs=[])
+        delete_force(self.ldb, user_dn)
+
+        self.assertEqual(len(res), 1)
+        self.assertEqual(len(res[0]), 0)
+
+
+class BaseDnTests(samba.tests.TestCase):
+
+    def setUp(self):
+        super(BaseDnTests, self).setUp()
+        self.ldb = ldb
+
+    def test_rootdse_attrs(self):
+        """Testing for all rootDSE attributes"""
+        res = self.ldb.search("", scope=SCOPE_BASE, attrs=[])
+        self.assertEqual(len(res), 1)
+
+    def test_highestcommittedusn(self):
+        """Testing for highestCommittedUSN"""
+        res = self.ldb.search("", scope=SCOPE_BASE, attrs=["highestCommittedUSN"])
+        self.assertEqual(len(res), 1)
+        self.assertTrue(int(res[0]["highestCommittedUSN"][0]) != 0)
+
+    def test_netlogon(self):
+        """Testing for netlogon via LDAP"""
+        res = self.ldb.search("", scope=SCOPE_BASE, attrs=["netlogon"])
+        self.assertEqual(len(res), 0)
+
+    def test_netlogon_highestcommitted_usn(self):
+        """Testing for netlogon and highestCommittedUSN via LDAP"""
+        res = self.ldb.search("", scope=SCOPE_BASE,
+                              attrs=["netlogon", "highestCommittedUSN"])
+        self.assertEqual(len(res), 0)
+
+    def test_namingContexts(self):
+        """Testing for namingContexts in rootDSE"""
+        res = self.ldb.search("", scope=SCOPE_BASE,
+                              attrs=["namingContexts", "defaultNamingContext", "schemaNamingContext", "configurationNamingContext"])
+        self.assertEqual(len(res), 1)
+
+        ncs = set([])
+        for nc in res[0]["namingContexts"]:
+            self.assertTrue(nc not in ncs)
+            ncs.add(nc)
+
+        self.assertTrue(res[0]["defaultNamingContext"][0] in ncs)
+        self.assertTrue(res[0]["configurationNamingContext"][0] in ncs)
+        self.assertTrue(res[0]["schemaNamingContext"][0] in ncs)
+
+    def test_serverPath(self):
+        """Testing the server paths in rootDSE"""
+        res = self.ldb.search("", scope=SCOPE_BASE,
+                              attrs=["dsServiceName", "serverName"])
+        self.assertEqual(len(res), 1)
+
+        self.assertTrue("CN=Servers" in str(res[0]["dsServiceName"][0]))
+        self.assertTrue("CN=Sites" in str(res[0]["dsServiceName"][0]))
+        self.assertTrue("CN=NTDS Settings" in str(res[0]["dsServiceName"][0]))
+        self.assertTrue("CN=Servers" in str(res[0]["serverName"][0]))
+        self.assertTrue("CN=Sites" in str(res[0]["serverName"][0]))
+        self.assertFalse("CN=NTDS Settings" in str(res[0]["serverName"][0]))
+
+    def test_functionality(self):
+        """Testing the server paths in rootDSE"""
+        res = self.ldb.search("", scope=SCOPE_BASE,
+                              attrs=["forestFunctionality", "domainFunctionality", "domainControllerFunctionality"])
+        self.assertEqual(len(res), 1)
+        self.assertEqual(len(res[0]["forestFunctionality"]), 1)
+        self.assertEqual(len(res[0]["domainFunctionality"]), 1)
+        self.assertEqual(len(res[0]["domainControllerFunctionality"]), 1)
+
+        self.assertTrue(int(res[0]["forestFunctionality"][0]) <= int(res[0]["domainFunctionality"][0]))
+        self.assertTrue(int(res[0]["domainControllerFunctionality"][0]) >= int(res[0]["domainFunctionality"][0]))
+
+        res2 = self.ldb.search("", scope=SCOPE_BASE,
+                               attrs=["dsServiceName", "serverName"])
+        self.assertEqual(len(res2), 1)
+        self.assertEqual(len(res2[0]["dsServiceName"]), 1)
+
+        res3 = self.ldb.search(res2[0]["dsServiceName"][0], scope=SCOPE_BASE, attrs=["msDS-Behavior-Version"])
+        self.assertEqual(len(res3), 1)
+        self.assertEqual(len(res3[0]["msDS-Behavior-Version"]), 1)
+        self.assertEqual(int(res[0]["domainControllerFunctionality"][0]), int(res3[0]["msDS-Behavior-Version"][0]))
+
+        res4 = self.ldb.search(ldb.domain_dn(), scope=SCOPE_BASE, attrs=["msDS-Behavior-Version"])
+        self.assertEqual(len(res4), 1)
+        self.assertEqual(len(res4[0]["msDS-Behavior-Version"]), 1)
+        self.assertEqual(int(res[0]["domainFunctionality"][0]), int(res4[0]["msDS-Behavior-Version"][0]))
+
+        res5 = self.ldb.search("cn=partitions,%s" % ldb.get_config_basedn(), scope=SCOPE_BASE, attrs=["msDS-Behavior-Version"])
+        self.assertEqual(len(res5), 1)
+        self.assertEqual(len(res5[0]["msDS-Behavior-Version"]), 1)
+        self.assertEqual(int(res[0]["forestFunctionality"][0]), int(res5[0]["msDS-Behavior-Version"][0]))
+
+    def test_dnsHostname(self):
+        """Testing the DNS hostname in rootDSE"""
+        res = self.ldb.search("", scope=SCOPE_BASE,
+                              attrs=["dnsHostName", "serverName"])
+        self.assertEqual(len(res), 1)
+
+        res2 = self.ldb.search(res[0]["serverName"][0], scope=SCOPE_BASE,
+                               attrs=["dNSHostName"])
+        self.assertEqual(len(res2), 1)
+
+        self.assertEqual(res[0]["dnsHostName"][0], res2[0]["dNSHostName"][0])
+
+    def test_ldapServiceName(self):
+        """Testing the ldap service name in rootDSE"""
+        res = self.ldb.search("", scope=SCOPE_BASE,
+                              attrs=["ldapServiceName", "dnsHostName"])
+        self.assertEqual(len(res), 1)
+        self.assertTrue("ldapServiceName" in res[0])
+        self.assertTrue("dnsHostName" in res[0])
+
+        (hostname, _, dns_domainname) = str(res[0]["dnsHostName"][0]).partition(".")
+
+        given = str(res[0]["ldapServiceName"][0])
+        expected = "%s:%s$@%s" % (dns_domainname.lower(), hostname.lower(), dns_domainname.upper())
+        self.assertEqual(given, expected)
+
+
+if "://" not in host:
+    if os.path.isfile(host):
+        host = "tdb://%s" % host
+    else:
+        host = "ldap://%s" % host
+
+ldb = SamDB(host, credentials=creds, session_info=system_session(lp), lp=lp)
+if "tdb://" not in host:
+    gc_ldb = Ldb("%s:3268" % host, credentials=creds,
+                 session_info=system_session(lp), lp=lp)
+else:
+    gc_ldb = None
+
+TestProgram(module=__name__, opts=subunitopts)
diff --git a/source4/dsdb/tests/python/ldap_modify_order.py b/source4/dsdb/tests/python/ldap_modify_order.py
new file mode 100644
index 0000000..80c4a3a
--- /dev/null
+++ b/source4/dsdb/tests/python/ldap_modify_order.py
@@ -0,0 +1,371 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2008-2011
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import optparse
+import sys
+import os
+from itertools import permutations
+import traceback
+
+sys.path.insert(0, "bin/python")
+import samba
+from samba.tests.subunitrun import SubunitOptions, TestProgram
+import samba.getopt as options
+
+from samba.auth import system_session
+from ldb import SCOPE_BASE, LdbError
+from ldb import Message, MessageElement, Dn
+from ldb import FLAG_MOD_ADD, FLAG_MOD_REPLACE, FLAG_MOD_DELETE
+from samba.samdb import SamDB
+
+from samba.tests import delete_force
+
+TEST_DATA_DIR = os.path.join(
+    os.path.dirname(__file__),
+    'testdata')
+
+LDB_STRERR = {}
+def _build_ldb_strerr():
+    import ldb
+    for k, v in vars(ldb).items():
+        if k.startswith('ERR_') and isinstance(v, int):
+            LDB_STRERR[v] = k
+
+_build_ldb_strerr()
+
+
+class ModifyOrderTests(samba.tests.TestCase):
+
+    def setUp(self):
+        super().setUp()
+        self.admin_dsdb = get_dsdb(admin_creds)
+        self.base_dn = self.admin_dsdb.domain_dn()
+
+    def delete_object(self, dn):
+        delete_force(self.admin_dsdb, dn)
+
+    def get_user_dn(self, name):
+        return "CN=%s,CN=Users,%s" % (name, self.base_dn)
+
+    def _test_modify_order(self,
+                           start_attrs,
+                           mod_attrs,
+                           extra_search_attrs=(),
+                           name=None):
+        if name is None:
+            name = traceback.extract_stack()[-2][2][5:]
+
+        if opts.normal_user:
+            name += '-non-admin'
+            username = "user123"
+            password = "pass123@#$@#"
+            self.admin_dsdb.newuser(username, password)
+            self.addCleanup(self.delete_object, self.get_user_dn(username))
+            mod_creds = self.insta_creds(template=admin_creds,
+                                         username=username,
+                                         userpass=password)
+        else:
+            mod_creds = admin_creds
+
+        mod_dsdb = get_dsdb(mod_creds)
+        sig = []
+        op_lut = ['', 'add', 'replace', 'delete']
+
+        search_attrs = set(extra_search_attrs)
+        lines = [name, "initial attrs:"]
+        for k, v in start_attrs:
+            lines.append("%20s: %r" % (k, v))
+            search_attrs.add(k)
+
+        for k, v, op in mod_attrs:
+            search_attrs.add(k)
+
+        search_attrs = sorted(search_attrs)
+        header = "\n".join(lines)
+        sig.append(header)
+
+        clusters = {}
+        for i, attrs in enumerate(permutations(mod_attrs)):
+            # for each permutation we construct a string describing the
+            # requested operations, and a string describing the result
+            # (which may be an exception). The we cluster the
+            # attribute strings by their results.
+            dn = "cn=ldaptest_%s_%d,cn=users,%s" % (name, i, self.base_dn)
+            m = Message()
+            m.dn = Dn(self.admin_dsdb, dn)
+
+            # We are using Message objects here for add (rather than the
+            # more convenient dict) because we maybe care about the order
+            # in which attributes are added.
+
+            for k, v in start_attrs:
+                m[k] = MessageElement(v, 0, k)
+
+            self.admin_dsdb.add(m)
+            self.addCleanup(self.delete_object, dn)
+
+            m = Message()
+            m.dn = Dn(mod_dsdb, dn)
+
+            attr_lines = []
+            for k, v, op in attrs:
+                if v is None:
+                    v = dn
+                m[k] = MessageElement(v, op, k)
+                attr_lines.append("%16s %-8s %s" % (k, op_lut[op], v))
+
+            attr_str = '\n'.join(attr_lines)
+
+            try:
+                mod_dsdb.modify(m)
+            except LdbError as e:
+                err, _ = e.args
+                s = LDB_STRERR.get(err, "unknown error")
+                result_str = "%s (%d)" % (s, err)
+            else:
+                res = self.admin_dsdb.search(base=dn, scope=SCOPE_BASE,
+                                             attrs=search_attrs)
+
+                lines = []
+                for k, v in sorted(dict(res[0]).items()):
+                    if k != "dn" or k in extra_search_attrs:
+                        lines.append("%20s: %r" % (k, sorted(v)))
+
+                result_str = '\n'.join(lines)
+
+            clusters.setdefault(result_str, []).append(attr_str)
+
+        for s, attrs in sorted(clusters.items()):
+            sig.extend([
+                "== result ===[%3d]=======================" % len(attrs),
+                s,
+                "-- operations ---------------------------"])
+            for a in attrs:
+                sig.append(a)
+                sig.append("-" * 34)
+
+        sig = '\n'.join(sig).replace(self.base_dn, "{base dn}")
+
+        if opts.verbose:
+            print(sig)
+
+        if opts.rewrite_ground_truth:
+            f = open(os.path.join(TEST_DATA_DIR, name + '.expected'), 'w')
+            f.write(sig)
+            f.close()
+        f = open(os.path.join(TEST_DATA_DIR, name + '.expected'))
+        expected = f.read()
+        f.close()
+
+        self.assertStringsEqual(sig, expected)
+
+    def test_modify_order_mixed(self):
+        start_attrs = [("objectclass", "user"),
+                       ("carLicense", ["1", "2", "3"]),
+                       ("otherTelephone", "123")]
+
+        mod_attrs = [("carLicense", "3", FLAG_MOD_DELETE),
+                     ("carLicense", "4", FLAG_MOD_ADD),
+                     ("otherTelephone", "4", FLAG_MOD_REPLACE),
+                     ("otherTelephone", "123", FLAG_MOD_DELETE)]
+        self._test_modify_order(start_attrs, mod_attrs)
+
+    def test_modify_order_mixed2(self):
+        start_attrs = [("objectclass", "user"),
+                       ("carLicense", ["1", "2", "3"]),
+                       ("ipPhone", "123")]
+
+        mod_attrs = [("carLicense", "3", FLAG_MOD_DELETE),
+                     ("carLicense", "4", FLAG_MOD_ADD),
+                     ("ipPhone", "4", FLAG_MOD_REPLACE),
+                     ("ipPhone", "123", FLAG_MOD_DELETE)]
+        self._test_modify_order(start_attrs, mod_attrs)
+
+    def test_modify_order_telephone(self):
+        start_attrs = [("objectclass", "user"),
+                       ("otherTelephone", "123")]
+
+        mod_attrs = [("carLicense", "3", FLAG_MOD_REPLACE),
+                     ("carLicense", "4", FLAG_MOD_ADD),
+                     ("otherTelephone", "4", FLAG_MOD_REPLACE),
+                     ("otherTelephone", "4", FLAG_MOD_ADD),
+                     ("otherTelephone", "123", FLAG_MOD_DELETE)]
+        self._test_modify_order(start_attrs, mod_attrs)
+
+    def test_modify_order_telephone_delete_delete(self):
+        start_attrs = [("objectclass", "user"),
+                       ("otherTelephone", "123")]
+
+        mod_attrs = [("carLicense", "3", FLAG_MOD_REPLACE),
+                     ("carLicense", "4", FLAG_MOD_DELETE),
+                     ("otherTelephone", "4", FLAG_MOD_REPLACE),
+                     ("otherTelephone", "4", FLAG_MOD_DELETE),
+                     ("otherTelephone", "123", FLAG_MOD_DELETE)]
+        self._test_modify_order(start_attrs, mod_attrs)
+
+    def test_modify_order_objectclass(self):
+        start_attrs = [("objectclass", "user"),
+                       ("otherTelephone", "123")]
+
+        mod_attrs = [("objectclass", "computer", FLAG_MOD_REPLACE),
+                     ("objectclass", "user", FLAG_MOD_DELETE),
+                     ("objectclass", "person", FLAG_MOD_DELETE)]
+        self._test_modify_order(start_attrs, mod_attrs)
+
+    def test_modify_order_objectclass2(self):
+        start_attrs = [("objectclass", "user")]
+
+        mod_attrs = [("objectclass", "computer", FLAG_MOD_REPLACE),
+                     ("objectclass", "user", FLAG_MOD_ADD),
+                     ("objectclass", "attributeSchema", FLAG_MOD_REPLACE),
+                     ("objectclass", "inetOrgPerson", FLAG_MOD_ADD),
+                     ("objectclass", "person", FLAG_MOD_DELETE)]
+        self._test_modify_order(start_attrs, mod_attrs)
+
+    def test_modify_order_singlevalue(self):
+        start_attrs = [("objectclass", "user"),
+                       ("givenName", "a")]
+
+        mod_attrs = [("givenName", "a", FLAG_MOD_REPLACE),
+                     ("givenName", ["b", "a"], FLAG_MOD_REPLACE),
+                     ("givenName", "b", FLAG_MOD_DELETE),
+                     ("givenName", "a", FLAG_MOD_DELETE),
+                     ("givenName", "c", FLAG_MOD_ADD)]
+        self._test_modify_order(start_attrs, mod_attrs)
+
+    def test_modify_order_inapplicable(self):
+        #attributes that don't go on a user
+        start_attrs = [("objectclass", "user"),
+                       ("givenName", "a")]
+
+        mod_attrs = [("dhcpSites", "b", FLAG_MOD_REPLACE),
+                     ("dhcpSites", "b", FLAG_MOD_DELETE),
+                     ("dhcpSites", "c", FLAG_MOD_ADD)]
+        self._test_modify_order(start_attrs, mod_attrs)
+
+    def test_modify_order_sometimes_inapplicable(self):
+        # attributes that don't go on a user, but do on a computer,
+        # which we sometimes change into.
+        start_attrs = [("objectclass", "user"),
+                       ("givenName", "a")]
+
+        mod_attrs = [("objectclass", "computer", FLAG_MOD_REPLACE),
+                     ("objectclass", "person", FLAG_MOD_DELETE),
+                     ("dnsHostName", "b", FLAG_MOD_ADD),
+                     ("dnsHostName", "c", FLAG_MOD_REPLACE)]
+        self._test_modify_order(start_attrs, mod_attrs)
+
+    def test_modify_order_account_locality_device(self):
+        # account, locality, and device all take l (locality name) but
+        # only device takes owner. We shouldn't be able to change
+        # objectclass at all.
+        start_attrs = [("objectclass", "account"),
+                       ("l", "a")]
+
+        mod_attrs = [("objectclass", ["device", "top"], FLAG_MOD_REPLACE),
+                     ("l", "a", FLAG_MOD_DELETE),
+                     ("owner", "c", FLAG_MOD_ADD)
+        ]
+        self._test_modify_order(start_attrs, mod_attrs)
+
+    def test_modify_order_container_flags_multivalue(self):
+        # account, locality, and device all take l (locality name)
+        # but only device takes owner
+        start_attrs = [("objectclass", "container"),
+                       ("wWWHomePage", "a")]
+
+        mod_attrs = [("flags", ["0", "1"], FLAG_MOD_ADD),
+                     ("flags", "65355", FLAG_MOD_ADD),
+                     ("flags", "65355", FLAG_MOD_DELETE),
+                     ("flags", ["2", "101"], FLAG_MOD_REPLACE),
+        ]
+        self._test_modify_order(start_attrs, mod_attrs)
+
+    def test_modify_order_container_flags(self):
+        #flags should be an integer
+        start_attrs = [("objectclass", "container")]
+
+        mod_attrs = [("flags", "0x6", FLAG_MOD_ADD),
+                     ("flags", "5", FLAG_MOD_ADD),
+                     ("flags", "101", FLAG_MOD_REPLACE),
+                     ("flags", "c", FLAG_MOD_DELETE),
+        ]
+        self._test_modify_order(start_attrs, mod_attrs)
+
+    def test_modify_order_member(self):
+        name = "modify_order_member_other_group"
+
+        dn2 = "cn=%s,%s" % (name, self.base_dn)
+        m = Message()
+        m.dn = Dn(self.admin_dsdb, dn2)
+        self.admin_dsdb.add({"dn": dn2, "objectclass": "group"})
+        self.addCleanup(self.delete_object, dn2)
+
+        start_attrs = [("objectclass", "group"),
+                       ("member", dn2)]
+
+        mod_attrs = [("member", None, FLAG_MOD_DELETE),
+                     ("member", None, FLAG_MOD_REPLACE),
+                     ("member", dn2, FLAG_MOD_DELETE),
+                     ("member", None, FLAG_MOD_ADD),
+        ]
+        self._test_modify_order(start_attrs, mod_attrs, ["memberOf"])
+
+
+def get_dsdb(creds=None):
+    if creds is None:
+        creds = admin_creds
+    dsdb = SamDB(host,
+                 credentials=creds,
+                 session_info=system_session(lp),
+                 lp=lp)
+    return dsdb
+
+
+parser = optparse.OptionParser("ldap_modify_order.py [options] <host>")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+subunitopts = SubunitOptions(parser)
+parser.add_option_group(subunitopts)
+parser.add_option("--rewrite-ground-truth", action="store_true",
+                  help="write expected values")
+parser.add_option("-v", "--verbose", action="store_true")
+parser.add_option("--normal-user", action="store_true")
+
+opts, args = parser.parse_args()
+
+if len(args) < 1:
+    parser.print_usage()
+    sys.exit(1)
+
+host = args[0]
+
+lp = sambaopts.get_loadparm()
+admin_creds = credopts.get_credentials(lp)
+
+if "://" not in host:
+    if os.path.isfile(host):
+        host = "tdb://%s" % host
+    else:
+        host = "ldap://%s" % host
+
+
+TestProgram(module=__name__, opts=subunitopts)
diff --git a/source4/dsdb/tests/python/ldap_schema.py b/source4/dsdb/tests/python/ldap_schema.py
new file mode 100755
index 0000000..e2fceb7
--- /dev/null
+++ b/source4/dsdb/tests/python/ldap_schema.py
@@ -0,0 +1,1597 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+# This is a port of the original in testprogs/ejs/ldap.js
+
+# Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2008-2011
+# Copyright (C) Catalyst.Net Ltd 2017
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+
+import optparse
+import sys
+import time
+import random
+import os
+
+sys.path.insert(0, "bin/python")
+import samba
+from samba.tests.subunitrun import TestProgram, SubunitOptions
+
+import samba.getopt as options
+
+from samba.auth import system_session
+from ldb import SCOPE_ONELEVEL, SCOPE_BASE, LdbError
+from ldb import ERR_NO_SUCH_OBJECT
+from ldb import ERR_UNWILLING_TO_PERFORM
+from ldb import ERR_ENTRY_ALREADY_EXISTS
+from ldb import ERR_CONSTRAINT_VIOLATION
+from ldb import ERR_OBJECT_CLASS_VIOLATION
+from ldb import Message, MessageElement, Dn
+from ldb import FLAG_MOD_REPLACE
+from samba.samdb import SamDB
+from samba.dsdb import DS_DOMAIN_FUNCTION_2003
+from samba.tests import delete_force
+from samba.ndr import ndr_unpack
+from samba.dcerpc import drsblobs
+
+parser = optparse.OptionParser("ldap_schema.py [options] <host>")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+subunitopts = SubunitOptions(parser)
+parser.add_option_group(subunitopts)
+opts, args = parser.parse_args()
+
+if len(args) < 1:
+    parser.print_usage()
+    sys.exit(1)
+
+host = args[0]
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+
+
+class SchemaTests(samba.tests.TestCase):
+
+    def setUp(self):
+        super(SchemaTests, self).setUp()
+        self.ldb = SamDB(host, credentials=creds,
+                         session_info=system_session(lp), lp=lp, options=ldb_options)
+        self.base_dn = self.ldb.domain_dn()
+        self.schema_dn = self.ldb.get_schema_basedn().get_linearized()
+
+    def test_generated_schema(self):
+        """Testing we can read the generated schema via LDAP"""
+        res = self.ldb.search("cn=aggregate," + self.schema_dn, scope=SCOPE_BASE,
+                              attrs=["objectClasses", "attributeTypes", "dITContentRules"])
+        self.assertEqual(len(res), 1)
+        self.assertTrue("dITContentRules" in res[0])
+        self.assertTrue("objectClasses" in res[0])
+        self.assertTrue("attributeTypes" in res[0])
+
+    def test_generated_schema_is_operational(self):
+        """Testing we don't get the generated schema via LDAP by default"""
+        # Must keep the "*" form
+        res = self.ldb.search("cn=aggregate," + self.schema_dn, scope=SCOPE_BASE,
+                              attrs=["*"])
+        self.assertEqual(len(res), 1)
+        self.assertFalse("dITContentRules" in res[0])
+        self.assertFalse("objectClasses" in res[0])
+        self.assertFalse("attributeTypes" in res[0])
+
+    def test_schemaUpdateNow(self):
+        """Testing schemaUpdateNow"""
+        rand = str(random.randint(1, 100000))
+        attr_name = "test-Attr" + time.strftime("%s", time.gmtime()) + "-" + rand
+        attr_ldap_display_name = attr_name.replace("-", "")
+
+        ldif = """
+dn: CN=%s,%s""" % (attr_name, self.schema_dn) + """
+objectClass: top
+objectClass: attributeSchema
+adminDescription: """ + attr_name + """
+adminDisplayName: """ + attr_name + """
+cn: """ + attr_name + """
+attributeId: 1.3.6.1.4.1.7165.4.6.1.6.1.""" + rand + """
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+instanceType: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+"""
+        self.ldb.add_ldif(ldif)
+        # We must do a schemaUpdateNow otherwise it's not 100% sure that the schema
+        # will contain the new attribute
+        ldif = """
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+"""
+        self.ldb.modify_ldif(ldif)
+
+        # Search for created attribute
+        res = []
+        res = self.ldb.search("cn=%s,%s" % (attr_name, self.schema_dn), scope=SCOPE_BASE,
+                              attrs=["lDAPDisplayName", "schemaIDGUID", "msDS-IntID"])
+        self.assertEqual(len(res), 1)
+        self.assertEqual(str(res[0]["lDAPDisplayName"][0]), attr_ldap_display_name)
+        self.assertTrue("schemaIDGUID" in res[0])
+        if "msDS-IntId" in res[0]:
+            msDS_IntId = int(res[0]["msDS-IntId"][0])
+            if msDS_IntId < 0:
+                msDS_IntId += (1 << 32)
+        else:
+            msDS_IntId = None
+
+        class_name = "test-Class" + time.strftime("%s", time.gmtime())
+        class_ldap_display_name = class_name.replace("-", "")
+
+        # First try to create a class with a wrong "defaultObjectCategory"
+        ldif = """
+dn: CN=%s,%s""" % (class_name, self.schema_dn) + """
+objectClass: top
+objectClass: classSchema
+defaultObjectCategory: CN=_
+adminDescription: """ + class_name + """
+adminDisplayName: """ + class_name + """
+cn: """ + class_name + """
+governsId: 1.3.6.1.4.1.7165.4.6.2.6.1.""" + str(random.randint(1, 100000)) + """
+instanceType: 4
+objectClassCategory: 1
+subClassOf: organizationalPerson
+systemFlags: 16
+rDNAttID: cn
+systemMustContain: cn
+systemMustContain: """ + attr_ldap_display_name + """
+systemOnly: FALSE
+"""
+        try:
+            self.ldb.add_ldif(ldif)
+            self.fail()
+        except LdbError as e1:
+            (num, _) = e1.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        ldif = """
+dn: CN=%s,%s""" % (class_name, self.schema_dn) + """
+objectClass: top
+objectClass: classSchema
+adminDescription: """ + class_name + """
+adminDisplayName: """ + class_name + """
+cn: """ + class_name + """
+governsId: 1.3.6.1.4.1.7165.4.6.2.6.2.""" + str(random.randint(1, 100000)) + """
+instanceType: 4
+objectClassCategory: 1
+subClassOf: organizationalPerson
+systemFlags: 16
+rDNAttID: cn
+systemMustContain: cn
+systemMustContain: """ + attr_ldap_display_name + """
+systemOnly: FALSE
+"""
+        self.ldb.add_ldif(ldif)
+
+        # Search for created objectclass
+        res = []
+        res = self.ldb.search("cn=%s,%s" % (class_name, self.schema_dn), scope=SCOPE_BASE,
+                              attrs=["lDAPDisplayName", "defaultObjectCategory", "schemaIDGUID", "distinguishedName"])
+        self.assertEqual(len(res), 1)
+        self.assertEqual(str(res[0]["lDAPDisplayName"][0]), class_ldap_display_name)
+        self.assertEqual(res[0]["defaultObjectCategory"][0], res[0]["distinguishedName"][0])
+        self.assertTrue("schemaIDGUID" in res[0])
+
+        ldif = """
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+"""
+        self.ldb.modify_ldif(ldif)
+
+        object_name = "obj" + time.strftime("%s", time.gmtime())
+
+        ldif = """
+dn: CN=%s,CN=Users,%s""" % (object_name, self.base_dn) + """
+objectClass: organizationalPerson
+objectClass: person
+objectClass: """ + class_ldap_display_name + """
+objectClass: top
+cn: """ + object_name + """
+instanceType: 4
+objectCategory: CN=%s,%s""" % (class_name, self.schema_dn) + """
+distinguishedName: CN=%s,CN=Users,%s""" % (object_name, self.base_dn) + """
+name: """ + object_name + """
+""" + attr_ldap_display_name + """: test
+"""
+        self.ldb.add_ldif(ldif)
+
+        # Search for created object
+        obj_res = self.ldb.search("cn=%s,cn=Users,%s" % (object_name, self.base_dn), scope=SCOPE_BASE, attrs=["replPropertyMetaData"])
+
+        self.assertEqual(len(obj_res), 1)
+        self.assertTrue("replPropertyMetaData" in obj_res[0])
+        val = obj_res[0]["replPropertyMetaData"][0]
+        repl = ndr_unpack(drsblobs.replPropertyMetaDataBlob, val)
+
+        # Windows 2000 functional level won't have this.  It is too
+        # hard to work it out from the prefixmap however, so we skip
+        # this test in that case.
+        if msDS_IntId is not None:
+            found = False
+            for o in repl.ctr.array:
+                if o.attid == msDS_IntId:
+                    found = True
+                    break
+            self.assertTrue(found, "Did not find 0x%08x in replPropertyMetaData" % msDS_IntId)
+        # Delete the object
+        delete_force(self.ldb, "cn=%s,cn=Users,%s" % (object_name, self.base_dn))
+
+    def test_subClassOf(self):
+        """ Testing usage of custom child classSchema
+        """
+
+        class_name = "my-Class" + time.strftime("%s", time.gmtime())
+        class_ldap_display_name = class_name.replace("-", "")
+
+        ldif = """
+dn: CN=%s,%s""" % (class_name, self.schema_dn) + """
+objectClass: top
+objectClass: classSchema
+adminDescription: """ + class_name + """
+adminDisplayName: """ + class_name + """
+cn: """ + class_name + """
+governsId: 1.3.6.1.4.1.7165.4.6.2.6.3.""" + str(random.randint(1, 100000)) + """
+instanceType: 4
+objectClassCategory: 1
+subClassOf: organizationalUnit
+systemFlags: 16
+systemOnly: FALSE
+"""
+        self.ldb.add_ldif(ldif)
+
+        # Search for created objectclass
+        res = []
+        res = self.ldb.search("cn=%s,%s" % (class_name, self.schema_dn), scope=SCOPE_BASE,
+                              attrs=["lDAPDisplayName", "defaultObjectCategory",
+                                     "schemaIDGUID", "distinguishedName"])
+        self.assertEqual(len(res), 1)
+        self.assertEqual(str(res[0]["lDAPDisplayName"][0]), class_ldap_display_name)
+        self.assertEqual(res[0]["defaultObjectCategory"][0], res[0]["distinguishedName"][0])
+        self.assertTrue("schemaIDGUID" in res[0])
+
+        ldif = """
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+"""
+        self.ldb.modify_ldif(ldif)
+
+        object_name = "org" + time.strftime("%s", time.gmtime())
+
+        ldif = """
+dn: OU=%s,%s""" % (object_name, self.base_dn) + """
+objectClass: """ + class_ldap_display_name + """
+ou: """ + object_name + """
+instanceType: 4
+"""
+        self.ldb.add_ldif(ldif)
+
+        # Search for created object
+        res = []
+        res = self.ldb.search("ou=%s,%s" % (object_name, self.base_dn), scope=SCOPE_BASE, attrs=["dn"])
+        self.assertEqual(len(res), 1)
+        # Delete the object
+        delete_force(self.ldb, "ou=%s,%s" % (object_name, self.base_dn))
+
+    def test_duplicate_attributeID(self):
+        """Testing creating a duplicate attribute"""
+        rand = str(random.randint(1, 100000))
+        attr_name = "test-Attr" + time.strftime("%s", time.gmtime()) + "-" + rand
+        attributeID = "1.3.6.1.4.1.7165.4.6.1.6.2." + rand
+        ldif = """
+dn: CN=%s,%s""" % (attr_name, self.schema_dn) + """
+objectClass: top
+objectClass: attributeSchema
+adminDescription: """ + attr_name + """
+adminDisplayName: """ + attr_name + """
+cn: """ + attr_name + """
+attributeId: """ + attributeID + """
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+instanceType: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+"""
+        self.ldb.add_ldif(ldif)
+
+        ldif = """
+dn: CN=%s-dup,%s""" % (attr_name, self.schema_dn) + """
+objectClass: top
+objectClass: attributeSchema
+adminDescription: """ + attr_name + """dup
+adminDisplayName: """ + attr_name + """dup
+cn: """ + attr_name + """-dup
+attributeId: """ + attributeID + """
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+instanceType: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+"""
+        try:
+            self.ldb.add_ldif(ldif)
+            self.fail("Should have failed to add duplicate attributeID value")
+        except LdbError as e2:
+            (enum, estr) = e2.args
+            self.assertEqual(enum, ERR_UNWILLING_TO_PERFORM)
+
+    def test_duplicate_attributeID_governsID(self):
+        """Testing creating a duplicate attribute and class"""
+        rand = str(random.randint(1, 100000))
+        attr_name = "test-Attr" + time.strftime("%s", time.gmtime()) + "-" + rand
+        attributeID = "1.3.6.1.4.1.7165.4.6.1.6.3." + rand
+        ldif = """
+dn: CN=%s,%s""" % (attr_name, self.schema_dn) + """
+objectClass: top
+objectClass: attributeSchema
+adminDescription: """ + attr_name + """
+adminDisplayName: """ + attr_name + """
+cn: """ + attr_name + """
+attributeId: """ + attributeID + """
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+instanceType: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+"""
+        self.ldb.add_ldif(ldif)
+
+        ldif = """
+dn: CN=%s-dup,%s""" % (attr_name, self.schema_dn) + """
+objectClass: top
+objectClass: classSchema
+adminDescription: """ + attr_name + """dup
+adminDisplayName: """ + attr_name + """dup
+cn: """ + attr_name + """-dup
+governsId: """ + attributeID + """
+instanceType: 4
+objectClassCategory: 1
+subClassOf: organizationalPerson
+rDNAttID: cn
+systemMustContain: cn
+systemOnly: FALSE
+"""
+        try:
+            self.ldb.add_ldif(ldif)
+            self.fail("Should have failed to add duplicate governsID conflicting with attributeID value")
+        except LdbError as e3:
+            (enum, estr) = e3.args
+            self.assertEqual(enum, ERR_UNWILLING_TO_PERFORM)
+
+    def test_duplicate_cn(self):
+        """Testing creating a duplicate attribute"""
+        rand = str(random.randint(1, 100000))
+        attr_name = "test-Attr" + time.strftime("%s", time.gmtime()) + "-" + rand
+        attributeID = "1.3.6.1.4.1.7165.4.6.1.6.4." + rand
+        ldif = """
+dn: CN=%s,%s""" % (attr_name, self.schema_dn) + """
+objectClass: top
+objectClass: attributeSchema
+adminDescription: """ + attr_name + """
+adminDisplayName: """ + attr_name + """
+cn: """ + attr_name + """
+attributeId: """ + attributeID + """
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+instanceType: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+"""
+        self.ldb.add_ldif(ldif)
+
+        ldif = """
+dn: CN=%s,%s""" % (attr_name, self.schema_dn) + """
+objectClass: top
+objectClass: attributeSchema
+adminDescription: """ + attr_name + """dup
+adminDisplayName: """ + attr_name + """dup
+cn: """ + attr_name + """
+attributeId: """ + attributeID + """.1
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+instanceType: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+"""
+        try:
+            self.ldb.add_ldif(ldif)
+            self.fail("Should have failed to add attribute with duplicate CN")
+        except LdbError as e4:
+            (enum, estr) = e4.args
+            self.assertEqual(enum, ERR_ENTRY_ALREADY_EXISTS)
+
+    def test_duplicate_implicit_ldapdisplayname(self):
+        """Testing creating a duplicate attribute ldapdisplayname"""
+        rand = str(random.randint(1, 100000))
+        attr_name = "test-Attr" + time.strftime("%s", time.gmtime()) + "-" + rand
+        attr_ldap_display_name = attr_name.replace("-", "")
+        attributeID = "1.3.6.1.4.1.7165.4.6.1.6.5." + rand
+        ldif = """
+dn: CN=%s,%s""" % (attr_name, self.schema_dn) + """
+objectClass: top
+objectClass: attributeSchema
+adminDescription: """ + attr_name + """
+adminDisplayName: """ + attr_name + """
+cn: """ + attr_name + """
+attributeId: """ + attributeID + """
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+instanceType: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+"""
+        self.ldb.add_ldif(ldif)
+
+        ldif = """
+dn: CN=%s-dup,%s""" % (attr_name, self.schema_dn) + """
+objectClass: top
+objectClass: attributeSchema
+adminDescription: """ + attr_name + """dup
+adminDisplayName: """ + attr_name + """dup
+cn: """ + attr_name + """-dup
+ldapDisplayName: """ + attr_ldap_display_name + """
+attributeId: """ + attributeID + """.1
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+instanceType: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+"""
+        try:
+            self.ldb.add_ldif(ldif)
+            self.fail("Should have failed to add attribute with duplicate of the implicit ldapDisplayName")
+        except LdbError as e5:
+            (enum, estr) = e5.args
+            self.assertEqual(enum, ERR_UNWILLING_TO_PERFORM)
+
+    def test_duplicate_explicit_ldapdisplayname(self):
+        """Testing creating a duplicate attribute ldapdisplayname"""
+        rand = str(random.randint(1, 100000))
+        attr_name = "test-Attr" + time.strftime("%s", time.gmtime()) + "-" + rand
+        attr_ldap_display_name = attr_name.replace("-", "")
+        attributeID = "1.3.6.1.4.1.7165.4.6.1.6.6." + rand
+        ldif = """
+dn: CN=%s,%s""" % (attr_name, self.schema_dn) + """
+objectClass: top
+objectClass: attributeSchema
+adminDescription: """ + attr_name + """
+adminDisplayName: """ + attr_name + """
+cn: """ + attr_name + """
+attributeId: """ + attributeID + """
+attributeSyntax: 2.5.5.12
+ldapDisplayName: """ + attr_ldap_display_name + """
+omSyntax: 64
+instanceType: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+"""
+        self.ldb.add_ldif(ldif)
+
+        ldif = """
+dn: CN=%s-dup,%s""" % (attr_name, self.schema_dn) + """
+objectClass: top
+objectClass: attributeSchema
+adminDescription: """ + attr_name + """dup
+adminDisplayName: """ + attr_name + """dup
+cn: """ + attr_name + """-dup
+ldapDisplayName: """ + attr_ldap_display_name + """
+attributeId: """ + attributeID + """.1
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+instanceType: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+"""
+        try:
+            self.ldb.add_ldif(ldif)
+            self.fail("Should have failed to add attribute with duplicate ldapDisplayName")
+        except LdbError as e6:
+            (enum, estr) = e6.args
+            self.assertEqual(enum, ERR_UNWILLING_TO_PERFORM)
+
+    def test_duplicate_explicit_ldapdisplayname_with_class(self):
+        """Testing creating a duplicate attribute ldapdisplayname between
+        and attribute and a class"""
+        rand = str(random.randint(1, 100000))
+        attr_name = "test-Attr" + time.strftime("%s", time.gmtime()) + "-" + rand
+        attr_ldap_display_name = attr_name.replace("-", "")
+        attributeID = "1.3.6.1.4.1.7165.4.6.1.6.7." + rand
+        governsID   = "1.3.6.1.4.1.7165.4.6.2.6.4." + rand
+        ldif = """
+dn: CN=%s,%s""" % (attr_name, self.schema_dn) + """
+objectClass: top
+objectClass: attributeSchema
+adminDescription: """ + attr_name + """
+adminDisplayName: """ + attr_name + """
+cn: """ + attr_name + """
+attributeId: """ + attributeID + """
+attributeSyntax: 2.5.5.12
+ldapDisplayName: """ + attr_ldap_display_name + """
+omSyntax: 64
+instanceType: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+"""
+        self.ldb.add_ldif(ldif)
+
+        ldif = """
+dn: CN=%s-dup,%s""" % (attr_name, self.schema_dn) + """
+objectClass: top
+objectClass: classSchema
+adminDescription: """ + attr_name + """dup
+adminDisplayName: """ + attr_name + """dup
+cn: """ + attr_name + """-dup
+ldapDisplayName: """ + attr_ldap_display_name + """
+governsID: """ + governsID + """
+instanceType: 4
+objectClassCategory: 1
+subClassOf: organizationalPerson
+rDNAttID: cn
+systemMustContain: cn
+systemOnly: FALSE
+"""
+        try:
+            self.ldb.add_ldif(ldif)
+            self.fail("Should have failed to add class with duplicate ldapDisplayName")
+        except LdbError as e7:
+            (enum, estr) = e7.args
+            self.assertEqual(enum, ERR_UNWILLING_TO_PERFORM)
+
+    def test_duplicate_via_rename_ldapdisplayname(self):
+        """Testing creating a duplicate attribute ldapdisplayname"""
+        rand = str(random.randint(1, 100000))
+        attr_name = "test-Attr" + time.strftime("%s", time.gmtime()) + "-" + rand
+        attr_ldap_display_name = attr_name.replace("-", "")
+        attributeID = "1.3.6.1.4.1.7165.4.6.1.6.8." + rand
+        ldif = """
+dn: CN=%s,%s""" % (attr_name, self.schema_dn) + """
+objectClass: top
+objectClass: attributeSchema
+adminDescription: """ + attr_name + """
+adminDisplayName: """ + attr_name + """
+cn: """ + attr_name + """
+attributeId: """ + attributeID + """
+attributeSyntax: 2.5.5.12
+ldapDisplayName: """ + attr_ldap_display_name + """
+omSyntax: 64
+instanceType: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+"""
+        self.ldb.add_ldif(ldif)
+
+        ldif = """
+dn: CN=%s-dup,%s""" % (attr_name, self.schema_dn) + """
+objectClass: top
+objectClass: attributeSchema
+adminDescription: """ + attr_name + """dup
+adminDisplayName: """ + attr_name + """dup
+cn: """ + attr_name + """-dup
+ldapDisplayName: """ + attr_ldap_display_name + """dup
+attributeId: """ + attributeID + """.1
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+instanceType: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+"""
+        self.ldb.add_ldif(ldif)
+
+        ldif = """
+dn: CN=%s-dup,%s""" % (attr_name, self.schema_dn) + """
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: """ + attr_ldap_display_name + """
+-
+"""
+        try:
+            self.ldb.modify_ldif(ldif)
+            self.fail("Should have failed to modify schema to have attribute with duplicate ldapDisplayName")
+        except LdbError as e8:
+            (enum, estr) = e8.args
+            self.assertEqual(enum, ERR_UNWILLING_TO_PERFORM)
+
+    def test_duplicate_via_rename_attributeID(self):
+        """Testing creating a duplicate attributeID"""
+        rand = str(random.randint(1, 100000))
+        attr_name = "test-Attr" + time.strftime("%s", time.gmtime()) + "-" + rand
+        attr_ldap_display_name = attr_name.replace("-", "")
+        attributeID = "1.3.6.1.4.1.7165.4.6.1.6.9." + rand
+        ldif = """
+dn: CN=%s,%s""" % (attr_name, self.schema_dn) + """
+objectClass: top
+objectClass: attributeSchema
+adminDescription: """ + attr_name + """
+adminDisplayName: """ + attr_name + """
+cn: """ + attr_name + """
+attributeId: """ + attributeID + """
+attributeSyntax: 2.5.5.12
+ldapDisplayName: """ + attr_ldap_display_name + """
+omSyntax: 64
+instanceType: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+"""
+        self.ldb.add_ldif(ldif)
+
+        ldif = """
+dn: CN=%s-dup,%s""" % (attr_name, self.schema_dn) + """
+objectClass: top
+objectClass: attributeSchema
+adminDescription: """ + attr_name + """dup
+adminDisplayName: """ + attr_name + """dup
+cn: """ + attr_name + """-dup
+ldapDisplayName: """ + attr_ldap_display_name + """dup
+attributeId: """ + attributeID + """.1
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+instanceType: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+"""
+        self.ldb.add_ldif(ldif)
+
+        ldif = """
+dn: CN=%s-dup,%s""" % (attr_name, self.schema_dn) + """
+changetype: modify
+replace: attributeId
+attributeId: """ + attributeID + """
+-
+"""
+        try:
+            self.ldb.modify_ldif(ldif)
+            self.fail("Should have failed to modify schema to have attribute with duplicate attributeID")
+        except LdbError as e9:
+            (enum, estr) = e9.args
+            self.assertEqual(enum, ERR_CONSTRAINT_VIOLATION)
+
+    def test_remove_ldapdisplayname(self):
+        """Testing removing the ldapdisplayname"""
+        rand = str(random.randint(1, 100000))
+        attr_name = "test-Attr" + time.strftime("%s", time.gmtime()) + "-" + rand
+        attr_ldap_display_name = attr_name.replace("-", "")
+        attributeID = "1.3.6.1.4.1.7165.4.6.1.6.10." + rand
+        ldif = """
+dn: CN=%s,%s""" % (attr_name, self.schema_dn) + """
+objectClass: top
+objectClass: attributeSchema
+adminDescription: """ + attr_name + """
+adminDisplayName: """ + attr_name + """
+cn: """ + attr_name + """
+attributeId: """ + attributeID + """
+attributeSyntax: 2.5.5.12
+ldapDisplayName: """ + attr_ldap_display_name + """
+omSyntax: 64
+instanceType: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+"""
+        self.ldb.add_ldif(ldif)
+
+        ldif = """
+dn: CN=%s,%s""" % (attr_name, self.schema_dn) + """
+changetype: modify
+replace: ldapDisplayName
+-
+"""
+        try:
+            self.ldb.modify_ldif(ldif)
+            self.fail("Should have failed to remove the ldapdisplayname")
+        except LdbError as e10:
+            (enum, estr) = e10.args
+            self.assertEqual(enum, ERR_OBJECT_CLASS_VIOLATION)
+
+    def test_rename_ldapdisplayname(self):
+        """Testing renaming ldapdisplayname"""
+        rand = str(random.randint(1, 100000))
+        attr_name = "test-Attr" + time.strftime("%s", time.gmtime()) + "-" + rand
+        attr_ldap_display_name = attr_name.replace("-", "")
+        attributeID = "1.3.6.1.4.1.7165.4.6.1.6.11." + rand
+        ldif = """
+dn: CN=%s,%s""" % (attr_name, self.schema_dn) + """
+objectClass: top
+objectClass: attributeSchema
+adminDescription: """ + attr_name + """
+adminDisplayName: """ + attr_name + """
+cn: """ + attr_name + """
+attributeId: """ + attributeID + """
+attributeSyntax: 2.5.5.12
+ldapDisplayName: """ + attr_ldap_display_name + """
+omSyntax: 64
+instanceType: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+"""
+        self.ldb.add_ldif(ldif)
+
+        ldif = """
+dn: CN=%s,%s""" % (attr_name, self.schema_dn) + """
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: """ + attr_ldap_display_name + """2
+-
+"""
+        self.ldb.modify_ldif(ldif)
+
+    def test_change_attributeID(self):
+        """Testing change the attributeID"""
+        rand = str(random.randint(1, 100000))
+        attr_name = "test-Attr" + time.strftime("%s", time.gmtime()) + "-" + rand
+        attr_ldap_display_name = attr_name.replace("-", "")
+        attributeID = "1.3.6.1.4.1.7165.4.6.1.6.12." + rand
+        ldif = """
+dn: CN=%s,%s""" % (attr_name, self.schema_dn) + """
+objectClass: top
+objectClass: attributeSchema
+adminDescription: """ + attr_name + """
+adminDisplayName: """ + attr_name + """
+cn: """ + attr_name + """
+attributeId: """ + attributeID + """
+attributeSyntax: 2.5.5.12
+ldapDisplayName: """ + attr_ldap_display_name + """
+omSyntax: 64
+instanceType: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+"""
+        self.ldb.add_ldif(ldif)
+
+        ldif = """
+dn: CN=%s,%s""" % (attr_name, self.schema_dn) + """
+changetype: modify
+replace: attributeID
+attributeId: """ + attributeID + """.1
+
+"""
+        try:
+            self.ldb.modify_ldif(ldif)
+            self.fail("Should have failed to modify schema to have different attributeID")
+        except LdbError as e11:
+            (enum, estr) = e11.args
+            self.assertEqual(enum, ERR_CONSTRAINT_VIOLATION)
+
+    def test_change_attributeID_same(self):
+        """Testing change the attributeID to the same value"""
+        rand = str(random.randint(1, 100000))
+        attr_name = "test-Attr" + time.strftime("%s", time.gmtime()) + "-" + rand
+        attr_ldap_display_name = attr_name.replace("-", "")
+        attributeID = "1.3.6.1.4.1.7165.4.6.1.6.13." + rand
+        ldif = """
+dn: CN=%s,%s""" % (attr_name, self.schema_dn) + """
+objectClass: top
+objectClass: attributeSchema
+adminDescription: """ + attr_name + """
+adminDisplayName: """ + attr_name + """
+cn: """ + attr_name + """
+attributeId: """ + attributeID + """
+attributeSyntax: 2.5.5.12
+ldapDisplayName: """ + attr_ldap_display_name + """
+omSyntax: 64
+instanceType: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+"""
+        self.ldb.add_ldif(ldif)
+
+        ldif = """
+dn: CN=%s,%s""" % (attr_name, self.schema_dn) + """
+changetype: modify
+replace: attributeID
+attributeId: """ + attributeID + """
+
+"""
+        try:
+            self.ldb.modify_ldif(ldif)
+            self.fail("Should have failed to modify schema to have the same attributeID")
+        except LdbError as e12:
+            (enum, estr) = e12.args
+            self.assertEqual(enum, ERR_CONSTRAINT_VIOLATION)
+
+    def test_generated_linkID(self):
+        """
+        Test that we automatically generate a linkID if the
+        OID "1.2.840.113556.1.2.50" is given as the linkID
+        of a new attribute, and that we don't get/can't add
+        duplicate linkIDs. Also test that we can add a backlink
+        by providing the attributeID or ldapDisplayName of
+        a forwards link in the linkID attribute.
+        """
+
+        # linkID generation isn't available before 2003
+        res = self.ldb.search(base="", expression="", scope=SCOPE_BASE,
+                              attrs=["domainControllerFunctionality"])
+        self.assertEqual(len(res), 1)
+        dc_level = int(res[0]["domainControllerFunctionality"][0])
+        if dc_level < DS_DOMAIN_FUNCTION_2003:
+            return
+
+        rand = str(random.randint(1, 100000))
+
+        attr_name_1 = "test-generated-linkID" + time.strftime("%s", time.gmtime()) + "-" + rand
+        attr_ldap_display_name_1 = attr_name_1.replace("-", "")
+        attributeID_1 = "1.3.6.1.4.1.7165.4.6.1.6.16." + rand
+        ldif = """
+dn: CN=%s,%s""" % (attr_name_1, self.schema_dn) + """
+objectClass: top
+objectClass: attributeSchema
+adminDescription: """ + attr_name_1 + """
+adminDisplayName: """ + attr_name_1 + """
+cn: """ + attr_name_1 + """
+attributeId: """ + attributeID_1 + """
+linkID: 1.2.840.113556.1.2.50
+attributeSyntax: 2.5.5.1
+ldapDisplayName: """ + attr_ldap_display_name_1 + """
+omSyntax: 127
+instanceType: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+"""
+
+        try:
+            self.ldb.add_ldif(ldif)
+        except LdbError as e13:
+            (enum, estr) = e13.args
+            self.fail(estr)
+
+        attr_name_2 = "test-generated-linkID-2" + time.strftime("%s", time.gmtime()) + "-" + rand
+        attr_ldap_display_name_2 = attr_name_2.replace("-", "")
+        attributeID_2 = "1.3.6.1.4.1.7165.4.6.1.6.17." + rand
+        ldif = """
+dn: CN=%s,%s""" % (attr_name_2, self.schema_dn) + """
+objectClass: top
+objectClass: attributeSchema
+adminDescription: """ + attr_name_2 + """
+adminDisplayName: """ + attr_name_2 + """
+cn: """ + attr_name_2 + """
+attributeId: """ + attributeID_2 + """
+linkID: 1.2.840.113556.1.2.50
+attributeSyntax: 2.5.5.1
+ldapDisplayName: """ + attr_ldap_display_name_2 + """
+omSyntax: 127
+instanceType: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+"""
+
+        try:
+            self.ldb.add_ldif(ldif)
+        except LdbError as e14:
+            (enum, estr) = e14.args
+            self.fail(estr)
+
+        res = self.ldb.search("CN=%s,%s" % (attr_name_1, self.schema_dn),
+                              scope=SCOPE_BASE,
+                              attrs=["linkID"])
+        self.assertEqual(len(res), 1)
+        linkID_1 = int(res[0]["linkID"][0])
+
+        res = self.ldb.search("CN=%s,%s" % (attr_name_2, self.schema_dn),
+                              scope=SCOPE_BASE,
+                              attrs=["linkID"])
+        self.assertEqual(len(res), 1)
+        linkID_2 = int(res[0]["linkID"][0])
+
+        # 0 should never be generated as a linkID
+        self.assertFalse(linkID_1 == 0)
+        self.assertFalse(linkID_2 == 0)
+
+        # The generated linkID should always be even, because
+        # it should assume we're adding a forward link.
+        self.assertTrue(linkID_1 % 2 == 0)
+        self.assertTrue(linkID_2 % 2 == 0)
+
+        self.assertFalse(linkID_1 == linkID_2)
+
+        # This is only necessary against Windows, since we depend
+        # on the previously added links in the next ones and Windows
+        # won't refresh the schema as we add them.
+        ldif = """
+dn:
+changetype: modify
+replace: schemaupdatenow
+schemaupdatenow: 1
+"""
+        self.ldb.modify_ldif(ldif)
+
+        # If we add a new link with the same linkID, it should fail
+        attr_name = "test-generated-linkID-duplicate" + time.strftime("%s", time.gmtime()) + "-" + rand
+        attr_ldap_display_name = attr_name.replace("-", "")
+        attributeID = "1.3.6.1.4.1.7165.4.6.1.6.18." + rand
+        ldif = """
+dn: CN=%s,%s""" % (attr_name, self.schema_dn) + """
+objectClass: top
+objectClass: attributeSchema
+adminDescription: """ + attr_name + """
+adminDisplayName: """ + attr_name + """
+cn: """ + attr_name + """
+attributeId: """ + attributeID + """
+linkID: """ + str(linkID_1) + """
+attributeSyntax: 2.5.5.1
+ldapDisplayName: """ + attr_ldap_display_name + """
+omSyntax: 127
+instanceType: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+"""
+
+        try:
+            self.ldb.add_ldif(ldif)
+            self.fail("Should have failed to add duplicate linkID value")
+        except LdbError as e15:
+            (enum, estr) = e15.args
+            self.assertEqual(enum, ERR_UNWILLING_TO_PERFORM)
+
+        # If we add another attribute with the attributeID or lDAPDisplayName
+        # of a forward link in its linkID field, it should add as a backlink
+
+        attr_name_3 = "test-generated-linkID-backlink" + time.strftime("%s", time.gmtime()) + "-" + rand
+        attr_ldap_display_name_3 = attr_name_3.replace("-", "")
+        attributeID_3 = "1.3.6.1.4.1.7165.4.6.1.6.19." + rand
+        ldif = """
+dn: CN=%s,%s""" % (attr_name_3, self.schema_dn) + """
+objectClass: top
+objectClass: attributeSchema
+adminDescription: """ + attr_name_3 + """
+adminDisplayName: """ + attr_name_3 + """
+cn: """ + attr_name_3 + """
+attributeId: """ + attributeID_3 + """
+linkID: """ + str(linkID_1 + 1) + """
+attributeSyntax: 2.5.5.1
+ldapDisplayName: """ + attr_ldap_display_name_3 + """
+omSyntax: 127
+instanceType: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+"""
+
+        try:
+            self.ldb.add_ldif(ldif)
+        except LdbError as e16:
+            (enum, estr) = e16.args
+            self.fail(estr)
+
+        res = self.ldb.search("CN=%s,%s" % (attr_name_3, self.schema_dn),
+                              scope=SCOPE_BASE,
+                              attrs=["linkID"])
+        self.assertEqual(len(res), 1)
+        linkID = int(res[0]["linkID"][0])
+        self.assertEqual(linkID, linkID_1 + 1)
+
+        attr_name_4 = "test-generated-linkID-backlink-2" + time.strftime("%s", time.gmtime()) + "-" + rand
+        attr_ldap_display_name_4 = attr_name_4.replace("-", "")
+        attributeID_4 = "1.3.6.1.4.1.7165.4.6.1.6.20." + rand
+        ldif = """
+dn: CN=%s,%s""" % (attr_name_4, self.schema_dn) + """
+objectClass: top
+objectClass: attributeSchema
+adminDescription: """ + attr_name_4 + """
+adminDisplayName: """ + attr_name_4 + """
+cn: """ + attr_name_4 + """
+attributeId: """ + attributeID_4 + """
+linkID: """ + attr_ldap_display_name_2 + """
+attributeSyntax: 2.5.5.1
+ldapDisplayName: """ + attr_ldap_display_name_4 + """
+omSyntax: 127
+instanceType: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+"""
+
+        try:
+            self.ldb.add_ldif(ldif)
+        except LdbError as e17:
+            (enum, estr) = e17.args
+            self.fail(estr)
+
+        res = self.ldb.search("CN=%s,%s" % (attr_name_4, self.schema_dn),
+                              scope=SCOPE_BASE,
+                              attrs=["linkID"])
+        self.assertEqual(len(res), 1)
+        linkID = int(res[0]["linkID"][0])
+        self.assertEqual(linkID, linkID_2 + 1)
+
+        # If we then try to add another backlink in the same way
+        # for the same forwards link, we should fail.
+
+        attr_name = "test-generated-linkID-backlink-duplicate" + time.strftime("%s", time.gmtime()) + "-" + rand
+        attr_ldap_display_name = attr_name.replace("-", "")
+        attributeID = "1.3.6.1.4.1.7165.4.6.1.6.21." + rand
+        ldif = """
+dn: CN=%s,%s""" % (attr_name, self.schema_dn) + """
+objectClass: top
+objectClass: attributeSchema
+adminDescription: """ + attr_name + """
+adminDisplayName: """ + attr_name + """
+cn: """ + attr_name + """
+attributeId: """ + attributeID + """
+linkID: """ + attributeID_1 + """
+attributeSyntax: 2.5.5.1
+ldapDisplayName: """ + attr_ldap_display_name + """
+omSyntax: 127
+instanceType: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+"""
+
+        try:
+            self.ldb.add_ldif(ldif)
+            self.fail("Should have failed to add duplicate backlink")
+        except LdbError as e18:
+            (enum, estr) = e18.args
+            self.assertEqual(enum, ERR_UNWILLING_TO_PERFORM)
+
+        # If we try to supply the attributeID or ldapDisplayName
+        # of an existing backlink in the linkID field of a new link,
+        # it should fail.
+
+        attr_name = "test-generated-linkID-backlink-invalid" + time.strftime("%s", time.gmtime()) + "-" + rand
+        attr_ldap_display_name = attr_name.replace("-", "")
+        attributeID = "1.3.6.1.4.1.7165.4.6.1.6.22." + rand
+        ldif = """
+dn: CN=%s,%s""" % (attr_name, self.schema_dn) + """
+objectClass: top
+objectClass: attributeSchema
+adminDescription: """ + attr_name + """
+adminDisplayName: """ + attr_name + """
+cn: """ + attr_name + """
+attributeId: """ + attributeID + """
+linkID: """ + attributeID_3 + """
+attributeSyntax: 2.5.5.1
+ldapDisplayName: """ + attr_ldap_display_name + """
+omSyntax: 127
+instanceType: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+"""
+
+        try:
+            self.ldb.add_ldif(ldif)
+            self.fail("Should have failed to add backlink of backlink")
+        except LdbError as e19:
+            (enum, estr) = e19.args
+            self.assertEqual(enum, ERR_UNWILLING_TO_PERFORM)
+
+        attr_name = "test-generated-linkID-backlink-invalid-2" + time.strftime("%s", time.gmtime()) + "-" + rand
+        attr_ldap_display_name = attr_name.replace("-", "")
+        attributeID = "1.3.6.1.4.1.7165.4.6.1.6.23." + rand
+        ldif = """
+dn: CN=%s,%s""" % (attr_name, self.schema_dn) + """
+objectClass: top
+objectClass: attributeSchema
+adminDescription: """ + attr_name + """
+adminDisplayName: """ + attr_name + """
+cn: """ + attr_name + """
+attributeId: """ + attributeID + """
+linkID: """ + attr_ldap_display_name_4 + """
+attributeSyntax: 2.5.5.1
+ldapDisplayName: """ + attr_ldap_display_name + """
+omSyntax: 127
+instanceType: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+"""
+
+        try:
+            self.ldb.add_ldif(ldif)
+            self.fail("Should have failed to add backlink of backlink")
+        except LdbError as e20:
+            (enum, estr) = e20.args
+            self.assertEqual(enum, ERR_UNWILLING_TO_PERFORM)
+
+    def test_generated_mAPIID(self):
+        """
+        Test that we automatically generate a mAPIID if the
+        OID "1.2.840.113556.1.2.49" is given as the mAPIID
+        of a new attribute, and that we don't get/can't add
+        duplicate mAPIIDs.
+        """
+
+        rand = str(random.randint(1, 100000))
+
+        attr_name_1 = "test-generated-mAPIID" + time.strftime("%s", time.gmtime()) + "-" + rand
+        attr_ldap_display_name_1 = attr_name_1.replace("-", "")
+        attributeID_1 = "1.3.6.1.4.1.7165.4.6.1.6.24." + rand
+        ldif = """
+dn: CN=%s,%s""" % (attr_name_1, self.schema_dn) + """
+objectClass: top
+objectClass: attributeSchema
+adminDescription: """ + attr_name_1 + """
+adminDisplayName: """ + attr_name_1 + """
+cn: """ + attr_name_1 + """
+attributeId: """ + attributeID_1 + """
+mAPIID: 1.2.840.113556.1.2.49
+attributeSyntax: 2.5.5.1
+ldapDisplayName: """ + attr_ldap_display_name_1 + """
+omSyntax: 127
+instanceType: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+"""
+
+        try:
+            self.ldb.add_ldif(ldif)
+        except LdbError as e21:
+            (enum, estr) = e21.args
+            self.fail(estr)
+
+        res = self.ldb.search("CN=%s,%s" % (attr_name_1, self.schema_dn),
+                              scope=SCOPE_BASE,
+                              attrs=["mAPIID"])
+        self.assertEqual(len(res), 1)
+        mAPIID_1 = int(res[0]["mAPIID"][0])
+
+        ldif = """
+dn:
+changetype: modify
+replace: schemaupdatenow
+schemaupdatenow: 1
+"""
+        self.ldb.modify_ldif(ldif)
+
+        # If we add a new attribute with the same mAPIID, it should fail
+        attr_name = "test-generated-mAPIID-duplicate" + time.strftime("%s", time.gmtime()) + "-" + rand
+        attr_ldap_display_name = attr_name.replace("-", "")
+        attributeID = "1.3.6.1.4.1.7165.4.6.1.6.25." + rand
+        ldif = """
+dn: CN=%s,%s""" % (attr_name, self.schema_dn) + """
+objectClass: top
+objectClass: attributeSchema
+adminDescription: """ + attr_name + """
+adminDisplayName: """ + attr_name + """
+cn: """ + attr_name + """
+attributeId: """ + attributeID + """
+mAPIID: """ + str(mAPIID_1) + """
+attributeSyntax: 2.5.5.1
+ldapDisplayName: """ + attr_ldap_display_name + """
+omSyntax: 127
+instanceType: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+"""
+
+        try:
+            self.ldb.add_ldif(ldif)
+            self.fail("Should have failed to add duplicate mAPIID value")
+        except LdbError as e22:
+            (enum, estr) = e22.args
+            self.assertEqual(enum, ERR_UNWILLING_TO_PERFORM)
+
+    def test_change_governsID(self):
+        """Testing change the governsID"""
+        rand = str(random.randint(1, 100000))
+        class_name = "test-Class" + time.strftime("%s", time.gmtime()) + "-" + rand
+        class_ldap_display_name = class_name.replace("-", "")
+        governsID = "1.3.6.1.4.1.7165.4.6.2.6.5." + rand
+        ldif = """
+dn: CN=%s,%s""" % (class_name, self.schema_dn) + """
+objectClass: top
+objectClass: classSchema
+adminDescription: """ + class_name + """
+adminDisplayName: """ + class_name + """
+cn: """ + class_name + """
+governsId: """ + governsID + """
+ldapDisplayName: """ + class_ldap_display_name + """
+instanceType: 4
+objectClassCategory: 1
+subClassOf: organizationalPerson
+rDNAttID: cn
+systemMustContain: cn
+systemOnly: FALSE
+"""
+        self.ldb.add_ldif(ldif)
+
+        ldif = """
+dn: CN=%s,%s""" % (class_name, self.schema_dn) + """
+changetype: modify
+replace: governsID
+governsId: """ + governsID + """.1
+
+"""
+        try:
+            self.ldb.modify_ldif(ldif)
+            self.fail("Should have failed to modify schema to have different governsID")
+        except LdbError as e23:
+            (enum, estr) = e23.args
+            self.assertEqual(enum, ERR_CONSTRAINT_VIOLATION)
+
+    def test_change_governsID_same(self):
+        """Testing change the governsID"""
+        rand = str(random.randint(1, 100000))
+        class_name = "test-Class" + time.strftime("%s", time.gmtime()) + "-" + rand
+        class_ldap_display_name = class_name.replace("-", "")
+        governsID = "1.3.6.1.4.1.7165.4.6.2.6.6." + rand
+        ldif = """
+dn: CN=%s,%s""" % (class_name, self.schema_dn) + """
+objectClass: top
+objectClass: classSchema
+adminDescription: """ + class_name + """
+adminDisplayName: """ + class_name + """
+cn: """ + class_name + """
+governsId: """ + governsID + """
+ldapDisplayName: """ + class_ldap_display_name + """
+instanceType: 4
+objectClassCategory: 1
+subClassOf: organizationalPerson
+rDNAttID: cn
+systemMustContain: cn
+systemOnly: FALSE
+"""
+        self.ldb.add_ldif(ldif)
+
+        ldif = """
+dn: CN=%s,%s""" % (class_name, self.schema_dn) + """
+changetype: modify
+replace: governsID
+governsId: """ + governsID + """.1
+
+"""
+        try:
+            self.ldb.modify_ldif(ldif)
+            self.fail("Should have failed to modify schema to have the same governsID")
+        except LdbError as e24:
+            (enum, estr) = e24.args
+            self.assertEqual(enum, ERR_CONSTRAINT_VIOLATION)
+
+
+class SchemaTests_msDS_IntId(samba.tests.TestCase):
+
+    def setUp(self):
+        super(SchemaTests_msDS_IntId, self).setUp()
+        self.ldb = SamDB(host, credentials=creds,
+                         session_info=system_session(lp), lp=lp, options=ldb_options)
+        res = self.ldb.search(base="", expression="", scope=SCOPE_BASE,
+                              attrs=["schemaNamingContext", "defaultNamingContext",
+                                     "forestFunctionality"])
+        self.assertEqual(len(res), 1)
+        self.schema_dn = res[0]["schemaNamingContext"][0]
+        self.base_dn = res[0]["defaultNamingContext"][0]
+        self.forest_level = int(res[0]["forestFunctionality"][0])
+
+    def _ldap_schemaUpdateNow(self):
+        ldif = """
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+"""
+        self.ldb.modify_ldif(ldif)
+
+    def _make_obj_names(self, prefix):
+        class_name = prefix + time.strftime("%s", time.gmtime())
+        class_ldap_name = class_name.replace("-", "")
+        class_dn = "CN=%s,%s" % (class_name, self.schema_dn)
+        return (class_name, class_ldap_name, class_dn)
+
+    def _is_schema_base_object(self, ldb_msg):
+        """Test systemFlags for SYSTEM_FLAG_SCHEMA_BASE_OBJECT (16)"""
+        systemFlags = 0
+        if "systemFlags" in ldb_msg:
+            systemFlags = int(ldb_msg["systemFlags"][0])
+        return (systemFlags & 16) != 0
+
+    def _make_attr_ldif(self, attr_name, attr_dn):
+        ldif = """
+dn: """ + attr_dn + """
+objectClass: top
+objectClass: attributeSchema
+adminDescription: """ + attr_name + """
+adminDisplayName: """ + attr_name + """
+cn: """ + attr_name + """
+attributeId: 1.3.6.1.4.1.7165.4.6.1.6.14.""" + str(random.randint(1, 100000)) + """
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+instanceType: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+"""
+        return ldif
+
+    def test_msDS_IntId_on_attr(self):
+        """Testing msDs-IntId creation for Attributes.
+        See MS-ADTS - 3.1.1.Attributes
+
+        This test should verify that:
+        - Creating attribute with 'msDS-IntId' fails with ERR_UNWILLING_TO_PERFORM
+        - Adding 'msDS-IntId' on existing attribute fails with ERR_CONSTRAINT_VIOLATION
+        - Creating attribute with 'msDS-IntId' set and FLAG_SCHEMA_BASE_OBJECT flag
+          set fails with ERR_UNWILLING_TO_PERFORM
+        - Attributes created with FLAG_SCHEMA_BASE_OBJECT not set have
+          'msDS-IntId' attribute added internally
+        """
+
+        # 1. Create attribute without systemFlags
+        # msDS-IntId should be created if forest functional
+        # level is >= DS_DOMAIN_FUNCTION_2003
+        # and missing otherwise
+        (attr_name, attr_ldap_name, attr_dn) = self._make_obj_names("msDS-IntId-Attr-1-")
+        ldif = self._make_attr_ldif(attr_name, attr_dn)
+
+        # try to add msDS-IntId during Attribute creation
+        ldif_fail = ldif + "msDS-IntId: -1993108831\n"
+        try:
+            self.ldb.add_ldif(ldif_fail)
+            self.fail("Adding attribute with preset msDS-IntId should fail")
+        except LdbError as e25:
+            (num, _) = e25.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        # add the new attribute and update schema
+        self.ldb.add_ldif(ldif)
+        self._ldap_schemaUpdateNow()
+
+        # Search for created attribute
+        res = []
+        res = self.ldb.search(attr_dn, scope=SCOPE_BASE,
+                              attrs=["lDAPDisplayName", "msDS-IntId", "systemFlags"])
+        self.assertEqual(len(res), 1)
+        self.assertEqual(str(res[0]["lDAPDisplayName"][0]), attr_ldap_name)
+        if self.forest_level >= DS_DOMAIN_FUNCTION_2003:
+            if self._is_schema_base_object(res[0]):
+                self.assertTrue("msDS-IntId" not in res[0])
+            else:
+                self.assertTrue("msDS-IntId" in res[0])
+        else:
+            self.assertTrue("msDS-IntId" not in res[0])
+
+        msg = Message()
+        msg.dn = Dn(self.ldb, attr_dn)
+        msg["msDS-IntId"] = MessageElement("-1993108831", FLAG_MOD_REPLACE, "msDS-IntId")
+        try:
+            self.ldb.modify(msg)
+            self.fail("Modifying msDS-IntId should return error")
+        except LdbError as e26:
+            (num, _) = e26.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        # 2. Create attribute with systemFlags = FLAG_SCHEMA_BASE_OBJECT
+        # msDS-IntId should be created if forest functional
+        # level is >= DS_DOMAIN_FUNCTION_2003
+        # and missing otherwise
+        (attr_name, attr_ldap_name, attr_dn) = self._make_obj_names("msDS-IntId-Attr-2-")
+        ldif = self._make_attr_ldif(attr_name, attr_dn)
+        ldif += "systemFlags: 16\n"
+
+        # try to add msDS-IntId during Attribute creation
+        ldif_fail = ldif + "msDS-IntId: -1993108831\n"
+        try:
+            self.ldb.add_ldif(ldif_fail)
+            self.fail("Adding attribute with preset msDS-IntId should fail")
+        except LdbError as e27:
+            (num, _) = e27.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        # add the new attribute and update schema
+        self.ldb.add_ldif(ldif)
+        self._ldap_schemaUpdateNow()
+
+        # Search for created attribute
+        res = []
+        res = self.ldb.search(attr_dn, scope=SCOPE_BASE,
+                              attrs=["lDAPDisplayName", "msDS-IntId"])
+        self.assertEqual(len(res), 1)
+        self.assertEqual(str(res[0]["lDAPDisplayName"][0]), attr_ldap_name)
+        if self.forest_level >= DS_DOMAIN_FUNCTION_2003:
+            if self._is_schema_base_object(res[0]):
+                self.assertTrue("msDS-IntId" not in res[0])
+            else:
+                self.assertTrue("msDS-IntId" in res[0])
+        else:
+            self.assertTrue("msDS-IntId" not in res[0])
+
+        msg = Message()
+        msg.dn = Dn(self.ldb, attr_dn)
+        msg["msDS-IntId"] = MessageElement("-1993108831", FLAG_MOD_REPLACE, "msDS-IntId")
+        try:
+            self.ldb.modify(msg)
+            self.fail("Modifying msDS-IntId should return error")
+        except LdbError as e28:
+            (num, _) = e28.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+    def _make_class_ldif(self, class_dn, class_name, sub_oid):
+        ldif = """
+dn: """ + class_dn + """
+objectClass: top
+objectClass: classSchema
+adminDescription: """ + class_name + """
+adminDisplayName: """ + class_name + """
+cn: """ + class_name + """
+governsId: 1.3.6.1.4.1.7165.4.6.2.6.%d.""" % sub_oid + str(random.randint(1, 100000)) + """
+instanceType: 4
+objectClassCategory: 1
+subClassOf: organizationalPerson
+rDNAttID: cn
+systemMustContain: cn
+systemOnly: FALSE
+"""
+        return ldif
+
+    def test_msDS_IntId_on_class(self):
+        """Testing msDs-IntId creation for Class
+           Reference: MS-ADTS - 3.1.1.2.4.8 Class classSchema"""
+
+        # 1. Create Class without systemFlags
+        # msDS-IntId should be created if forest functional
+        # level is >= DS_DOMAIN_FUNCTION_2003
+        # and missing otherwise
+        (class_name, class_ldap_name, class_dn) = self._make_obj_names("msDS-IntId-Class-1-")
+        ldif = self._make_class_ldif(class_dn, class_name, 8)
+
+        # try to add msDS-IntId during Class creation
+        ldif_add = ldif + "msDS-IntId: -1993108831\n"
+        self.ldb.add_ldif(ldif_add)
+        self._ldap_schemaUpdateNow()
+
+        res = self.ldb.search(class_dn, scope=SCOPE_BASE, attrs=["msDS-IntId"])
+        self.assertEqual(len(res), 1)
+        self.assertEqual(str(res[0]["msDS-IntId"][0]), "-1993108831")
+
+        # add a new Class and update schema
+        (class_name, class_ldap_name, class_dn) = self._make_obj_names("msDS-IntId-Class-2-")
+        ldif = self._make_class_ldif(class_dn, class_name, 9)
+
+        self.ldb.add_ldif(ldif)
+        self._ldap_schemaUpdateNow()
+
+        # Search for created Class
+        res = self.ldb.search(class_dn, scope=SCOPE_BASE, attrs=["msDS-IntId"])
+        self.assertEqual(len(res), 1)
+        self.assertFalse("msDS-IntId" in res[0])
+
+        msg = Message()
+        msg.dn = Dn(self.ldb, class_dn)
+        msg["msDS-IntId"] = MessageElement("-1993108831", FLAG_MOD_REPLACE, "msDS-IntId")
+        try:
+            self.ldb.modify(msg)
+            self.fail("Modifying msDS-IntId should return error")
+        except LdbError as e29:
+            (num, _) = e29.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        # 2. Create Class with systemFlags = FLAG_SCHEMA_BASE_OBJECT
+        # msDS-IntId should be created if forest functional
+        # level is >= DS_DOMAIN_FUNCTION_2003
+        # and missing otherwise
+        (class_name, class_ldap_name, class_dn) = self._make_obj_names("msDS-IntId-Class-3-")
+        ldif = self._make_class_ldif(class_dn, class_name, 10)
+        ldif += "systemFlags: 16\n"
+
+        # try to add msDS-IntId during Class creation
+        ldif_add = ldif + "msDS-IntId: -1993108831\n"
+        self.ldb.add_ldif(ldif_add)
+
+        res = self.ldb.search(class_dn, scope=SCOPE_BASE, attrs=["msDS-IntId"])
+        self.assertEqual(len(res), 1)
+        self.assertEqual(str(res[0]["msDS-IntId"][0]), "-1993108831")
+
+        # add the new Class and update schema
+        (class_name, class_ldap_name, class_dn) = self._make_obj_names("msDS-IntId-Class-4-")
+        ldif = self._make_class_ldif(class_dn, class_name, 11)
+        ldif += "systemFlags: 16\n"
+
+        self.ldb.add_ldif(ldif)
+        self._ldap_schemaUpdateNow()
+
+        # Search for created Class
+        res = self.ldb.search(class_dn, scope=SCOPE_BASE, attrs=["msDS-IntId"])
+        self.assertEqual(len(res), 1)
+        self.assertFalse("msDS-IntId" in res[0])
+
+        msg = Message()
+        msg.dn = Dn(self.ldb, class_dn)
+        msg["msDS-IntId"] = MessageElement("-1993108831", FLAG_MOD_REPLACE, "msDS-IntId")
+        try:
+            self.ldb.modify(msg)
+            self.fail("Modifying msDS-IntId should return error")
+        except LdbError as e30:
+            (num, _) = e30.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+        res = self.ldb.search(class_dn, scope=SCOPE_BASE, attrs=["msDS-IntId"])
+        self.assertEqual(len(res), 1)
+        self.assertFalse("msDS-IntId" in res[0])
+
+    def test_verify_msDS_IntId(self):
+        """Verify msDS-IntId exists only on attributes without FLAG_SCHEMA_BASE_OBJECT flag set"""
+        count = 0
+        res = self.ldb.search(self.schema_dn, scope=SCOPE_ONELEVEL,
+                              expression="objectClass=attributeSchema",
+                              attrs=["systemFlags", "msDS-IntId", "attributeID", "cn"])
+        self.assertTrue(len(res) > 1)
+        for ldb_msg in res:
+            if self.forest_level >= DS_DOMAIN_FUNCTION_2003:
+                if self._is_schema_base_object(ldb_msg):
+                    self.assertTrue("msDS-IntId" not in ldb_msg)
+                else:
+                    # don't assert here as there are plenty of
+                    # attributes under w2k8 that are not part of
+                    # Base Schema (SYSTEM_FLAG_SCHEMA_BASE_OBJECT flag not set)
+                    # has not msDS-IntId attribute set
+                    #self.assertTrue("msDS-IntId" in ldb_msg, "msDS-IntId expected on: %s" % ldb_msg.dn)
+                    if "msDS-IntId" not in ldb_msg:
+                        count = count + 1
+                        print("%3d warning: msDS-IntId expected on: %-30s %s" % (count, ldb_msg["attributeID"], ldb_msg["cn"]))
+            else:
+                self.assertTrue("msDS-IntId" not in ldb_msg)
+
+
+class SchemaTests_msDS_isRODC(samba.tests.TestCase):
+
+    def setUp(self):
+        super(SchemaTests_msDS_isRODC, self).setUp()
+        self.ldb = SamDB(host, credentials=creds,
+                         session_info=system_session(lp), lp=lp, options=ldb_options)
+        res = self.ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["defaultNamingContext"])
+        self.assertEqual(len(res), 1)
+        self.base_dn = res[0]["defaultNamingContext"][0]
+
+    def test_objectClass_ntdsdsa(self):
+        res = self.ldb.search(self.base_dn, expression="objectClass=nTDSDSA",
+                              attrs=["msDS-isRODC"], controls=["search_options:1:2"])
+        for ldb_msg in res:
+            self.assertTrue("msDS-isRODC" in ldb_msg)
+
+    def test_objectClass_server(self):
+        res = self.ldb.search(self.base_dn, expression="objectClass=server",
+                              attrs=["msDS-isRODC"], controls=["search_options:1:2"])
+        for ldb_msg in res:
+            ntds_search_dn = "CN=NTDS Settings,%s" % ldb_msg['dn']
+            try:
+                res_check = self.ldb.search(ntds_search_dn, attrs=["objectCategory"])
+            except LdbError as e:
+                (num, _) = e.args
+                self.assertEqual(num, ERR_NO_SUCH_OBJECT)
+                print("Server entry %s doesn't have a NTDS settings object" % res[0]['dn'])
+            else:
+                self.assertTrue("objectCategory" in res_check[0])
+                self.assertTrue("msDS-isRODC" in ldb_msg)
+
+    def test_objectClass_computer(self):
+        res = self.ldb.search(self.base_dn, expression="objectClass=computer",
+                              attrs=["serverReferenceBL", "msDS-isRODC"], controls=["search_options:1:2"])
+        for ldb_msg in res:
+            if "serverReferenceBL" not in ldb_msg:
+                print("Computer entry %s doesn't have a serverReferenceBL attribute" % ldb_msg['dn'])
+            else:
+                self.assertTrue("msDS-isRODC" in ldb_msg)
+
+
+if "://" not in host:
+    if os.path.isfile(host):
+        host = "tdb://%s" % host
+    else:
+        host = "ldap://%s" % host
+
+ldb_options = []
+if host.startswith("ldap://"):
+    # user 'paged_search' module when connecting remotely
+    ldb_options = ["modules:paged_searches"]
+
+TestProgram(module=__name__, opts=subunitopts)
diff --git a/source4/dsdb/tests/python/ldap_syntaxes.py b/source4/dsdb/tests/python/ldap_syntaxes.py
new file mode 100755
index 0000000..081c280
--- /dev/null
+++ b/source4/dsdb/tests/python/ldap_syntaxes.py
@@ -0,0 +1,388 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+# Tests for LDAP syntaxes
+
+import optparse
+import sys
+import time
+import random
+import uuid
+
+sys.path.insert(0, "bin/python")
+import samba
+
+from samba.tests.subunitrun import SubunitOptions, TestProgram
+
+import samba.getopt as options
+
+from samba.auth import system_session
+from ldb import SCOPE_BASE, SCOPE_SUBTREE, LdbError
+from ldb import ERR_CONSTRAINT_VIOLATION
+from ldb import ERR_INVALID_ATTRIBUTE_SYNTAX
+from ldb import ERR_ENTRY_ALREADY_EXISTS
+
+import samba.tests
+
+parser = optparse.OptionParser("ldap_syntaxes.py [options] <host>")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+subunitopts = SubunitOptions(parser)
+parser.add_option_group(subunitopts)
+opts, args = parser.parse_args()
+
+if len(args) < 1:
+    parser.print_usage()
+    sys.exit(1)
+
+host = args[0]
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+
+
+class SyntaxTests(samba.tests.TestCase):
+
+    def setUp(self):
+        super(SyntaxTests, self).setUp()
+        self.ldb = samba.tests.connect_samdb(host, credentials=creds,
+                                             session_info=system_session(lp), lp=lp)
+        self.base_dn = self.ldb.domain_dn()
+        self.schema_dn = self.ldb.get_schema_basedn().get_linearized()
+        self._setup_dn_string_test()
+        self._setup_dn_binary_test()
+
+    def _setup_dn_string_test(self):
+        """Testing DN+String syntax"""
+        attr_name = "test-Attr-DN-String" + time.strftime("%s", time.gmtime())
+        attr_ldap_display_name = attr_name.replace("-", "")
+
+        ldif = """
+dn: CN=%s,%s""" % (attr_name, self.schema_dn) + """
+ldapDisplayName: """ + attr_ldap_display_name + """
+objectClass: top
+objectClass: attributeSchema
+cn: """ + attr_name + """
+attributeId: 1.3.6.1.4.1.7165.4.6.1.1.""" + str(random.randint(1, 100000)) + """
+attributeSyntax: 2.5.5.14
+omSyntax: 127
+omObjectClass: \x2A\x86\x48\x86\xF7\x14\x01\x01\x01\x0C
+isSingleValued: FALSE
+schemaIdGuid: """ + str(uuid.uuid4()) + """
+systemOnly: FALSE
+"""
+        self.ldb.add_ldif(ldif)
+
+        # search for created attribute
+        res = []
+        res = self.ldb.search("cn=%s,%s" % (attr_name, self.schema_dn), scope=SCOPE_BASE, attrs=["*"])
+        self.assertEqual(len(res), 1)
+        self.assertEqual(res[0]["lDAPDisplayName"][0], attr_ldap_display_name)
+        self.assertTrue("schemaIDGUID" in res[0])
+
+        class_name = "test-Class-DN-String" + time.strftime("%s", time.gmtime())
+        class_ldap_display_name = class_name.replace("-", "")
+
+        ldif = """
+dn: CN=%s,%s""" % (class_name, self.schema_dn) + """
+objectClass: top
+objectClass: classSchema
+adminDescription: """ + class_name + """
+adminDisplayName: """ + class_name + """
+cn: """ + class_name + """
+governsId: 1.3.6.1.4.1.7165.4.6.2.1.""" + str(random.randint(1, 100000)) + """
+schemaIdGuid: """ + str(uuid.uuid4()) + """
+objectClassCategory: 1
+subClassOf: organizationalPerson
+systemMayContain: """ + attr_ldap_display_name + """
+systemOnly: FALSE
+"""
+        self.ldb.add_ldif(ldif)
+
+        # search for created objectclass
+        res = []
+        res = self.ldb.search("cn=%s,%s" % (class_name, self.schema_dn), scope=SCOPE_BASE, attrs=["*"])
+        self.assertEqual(len(res), 1)
+        self.assertEqual(res[0]["lDAPDisplayName"][0], class_ldap_display_name)
+        self.assertEqual(res[0]["defaultObjectCategory"][0], res[0]["distinguishedName"][0])
+        self.assertTrue("schemaIDGUID" in res[0])
+
+        # store the class and the attribute
+        self.dn_string_class_ldap_display_name = class_ldap_display_name
+        self.dn_string_attribute = attr_ldap_display_name
+        self.dn_string_class_name = class_name
+
+    def _setup_dn_binary_test(self):
+        """Testing DN+Binary syntaxes"""
+        attr_name = "test-Attr-DN-Binary" + time.strftime("%s", time.gmtime())
+        attr_ldap_display_name = attr_name.replace("-", "")
+
+        ldif = """
+dn: CN=%s,%s""" % (attr_name, self.schema_dn) + """
+ldapDisplayName: """ + attr_ldap_display_name + """
+objectClass: top
+objectClass: attributeSchema
+cn: """ + attr_name + """
+attributeId: 1.3.6.1.4.1.7165.4.6.1.2.""" + str(random.randint(1, 100000)) + """
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: \x2A\x86\x48\x86\xF7\x14\x01\x01\x01\x0B
+isSingleValued: FALSE
+schemaIdGuid: """ + str(uuid.uuid4()) + """
+systemOnly: FALSE
+"""
+        self.ldb.add_ldif(ldif)
+
+        # search for created attribute
+        res = []
+        res = self.ldb.search("cn=%s,%s" % (attr_name, self.schema_dn), scope=SCOPE_BASE, attrs=["*"])
+        self.assertEqual(len(res), 1)
+        self.assertEqual(res[0]["lDAPDisplayName"][0], attr_ldap_display_name)
+        self.assertTrue("schemaIDGUID" in res[0])
+
+        class_name = "test-Class-DN-Binary" + time.strftime("%s", time.gmtime())
+        class_ldap_display_name = class_name.replace("-", "")
+
+        ldif = """
+dn: CN=%s,%s""" % (class_name, self.schema_dn) + """
+objectClass: top
+objectClass: classSchema
+adminDescription: """ + class_name + """
+adminDisplayName: """ + class_name + """
+cn: """ + class_name + """
+governsId: 1.3.6.1.4.1.7165.4.6.2.2.""" + str(random.randint(1, 100000)) + """
+schemaIdGuid: """ + str(uuid.uuid4()) + """
+objectClassCategory: 1
+subClassOf: organizationalPerson
+systemMayContain: """ + attr_ldap_display_name + """
+systemOnly: FALSE
+"""
+        self.ldb.add_ldif(ldif)
+
+        # search for created objectclass
+        res = []
+        res = self.ldb.search("cn=%s,%s" % (class_name, self.schema_dn), scope=SCOPE_BASE, attrs=["*"])
+        self.assertEqual(len(res), 1)
+        self.assertEqual(res[0]["lDAPDisplayName"][0], class_ldap_display_name)
+        self.assertEqual(res[0]["defaultObjectCategory"][0], res[0]["distinguishedName"][0])
+        self.assertTrue("schemaIDGUID" in res[0])
+
+        # store the class and the attribute
+        self.dn_binary_class_ldap_display_name = class_ldap_display_name
+        self.dn_binary_attribute = attr_ldap_display_name
+        self.dn_binary_class_name = class_name
+
+    def _get_object_ldif(self, object_name, class_name, class_ldap_display_name, attr_name, attr_value):
+        # add object with correct syntax
+        ldif = """
+dn: CN=%s,CN=Users,%s""" % (object_name, self.base_dn) + """
+objectClass: organizationalPerson
+objectClass: person
+objectClass: """ + class_ldap_display_name + """
+objectClass: top
+cn: """ + object_name + """
+instanceType: 4
+objectCategory: CN=%s,%s""" % (class_name, self.schema_dn) + """
+distinguishedName: CN=%s,CN=Users,%s""" % (object_name, self.base_dn) + """
+name: """ + object_name + """
+""" + attr_name + attr_value  + """
+"""
+        return ldif
+
+    def test_dn_string(self):
+        # add object with correct value
+        object_name1 = "obj-DN-String1" + time.strftime("%s", time.gmtime())
+        ldif = self._get_object_ldif(object_name1, self.dn_string_class_name, self.dn_string_class_ldap_display_name,
+                                     self.dn_string_attribute, ": S:5:ABCDE:" + self.base_dn)
+        self.ldb.add_ldif(ldif)
+
+        # search by specifying the DN part only
+        res = self.ldb.search(base=self.base_dn,
+                              scope=SCOPE_SUBTREE,
+                              expression="(%s=%s)" % (self.dn_string_attribute, self.base_dn))
+        self.assertEqual(len(res), 0)
+
+        # search by specifying the string part only
+        res = self.ldb.search(base=self.base_dn,
+                              scope=SCOPE_SUBTREE,
+                              expression="(%s=S:5:ABCDE)" % self.dn_string_attribute)
+        self.assertEqual(len(res), 0)
+
+        # search by DN+String
+        res = self.ldb.search(base=self.base_dn,
+                              scope=SCOPE_SUBTREE,
+                              expression="(%s=S:5:ABCDE:%s)" % (self.dn_string_attribute, self.base_dn))
+        self.assertEqual(len(res), 1)
+
+        # add object with wrong format
+        object_name2 = "obj-DN-String2" + time.strftime("%s", time.gmtime())
+        ldif = self._get_object_ldif(object_name2, self.dn_string_class_name, self.dn_string_class_ldap_display_name,
+                                     self.dn_string_attribute, ": S:5:ABCD:" + self.base_dn)
+        try:
+            self.ldb.add_ldif(ldif)
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_INVALID_ATTRIBUTE_SYNTAX)
+
+        # add object with the same dn but with different string value in case
+        ldif = self._get_object_ldif(object_name1, self.dn_string_class_name, self.dn_string_class_ldap_display_name,
+                                     self.dn_string_attribute, ": S:5:abcde:" + self.base_dn)
+        try:
+            self.ldb.add_ldif(ldif)
+        except LdbError as e1:
+            (num, _) = e1.args
+            self.assertEqual(num, ERR_ENTRY_ALREADY_EXISTS)
+
+        # add object with the same dn but with different string value
+        ldif = self._get_object_ldif(object_name1, self.dn_string_class_name, self.dn_string_class_ldap_display_name,
+                                     self.dn_string_attribute, ": S:5:FGHIJ:" + self.base_dn)
+        try:
+            self.ldb.add_ldif(ldif)
+        except LdbError as e2:
+            (num, _) = e2.args
+            self.assertEqual(num, ERR_ENTRY_ALREADY_EXISTS)
+
+        # add object with the same dn but with different dn and string value
+        ldif = self._get_object_ldif(object_name1, self.dn_string_class_name, self.dn_string_class_ldap_display_name,
+                                     self.dn_string_attribute, ": S:5:FGHIJ:" + self.schema_dn)
+        try:
+            self.ldb.add_ldif(ldif)
+        except LdbError as e3:
+            (num, _) = e3.args
+            self.assertEqual(num, ERR_ENTRY_ALREADY_EXISTS)
+
+        # add object with the same dn but with different dn value
+        ldif = self._get_object_ldif(object_name1, self.dn_string_class_name, self.dn_string_class_ldap_display_name,
+                                     self.dn_string_attribute, ": S:5:ABCDE:" + self.schema_dn)
+        try:
+            self.ldb.add_ldif(ldif)
+        except LdbError as e4:
+            (num, _) = e4.args
+            self.assertEqual(num, ERR_ENTRY_ALREADY_EXISTS)
+
+        # add object with GUID instead of DN
+        object_name3 = "obj-DN-String3" + time.strftime("%s", time.gmtime())
+        ldif = self._get_object_ldif(object_name3, self.dn_string_class_name, self.dn_string_class_ldap_display_name,
+                                     self.dn_string_attribute, ": S:5:ABCDE:<GUID=%s>" % str(uuid.uuid4()))
+        try:
+            self.ldb.add_ldif(ldif)
+        except LdbError as e5:
+            (num, _) = e5.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        # add object with SID instead of DN
+        object_name4 = "obj-DN-String4" + time.strftime("%s", time.gmtime())
+        ldif = self._get_object_ldif(object_name4, self.dn_string_class_name, self.dn_string_class_ldap_display_name,
+                                     self.dn_string_attribute, ": S:5:ABCDE:<SID=%s>" % self.ldb.get_domain_sid())
+        try:
+            self.ldb.add_ldif(ldif)
+        except LdbError as e6:
+            (num, _) = e6.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        # add object with random string instead of DN
+        object_name5 = "obj-DN-String5" + time.strftime("%s", time.gmtime())
+        ldif = self._get_object_ldif(object_name5, self.dn_string_class_name, self.dn_string_class_ldap_display_name,
+                                     self.dn_string_attribute, ": S:5:ABCDE:randomSTRING")
+        try:
+            self.ldb.add_ldif(ldif)
+        except LdbError as e7:
+            (num, _) = e7.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+    def test_dn_binary(self):
+        # add object with correct value
+        object_name1 = "obj-DN-Binary1" + time.strftime("%s", time.gmtime())
+        ldif = self._get_object_ldif(object_name1, self.dn_binary_class_name, self.dn_binary_class_ldap_display_name,
+                                     self.dn_binary_attribute, ": B:4:1234:" + self.base_dn)
+        self.ldb.add_ldif(ldif)
+
+        # search by specifyingthe DN part
+        res = self.ldb.search(base=self.base_dn,
+                              scope=SCOPE_SUBTREE,
+                              expression="(%s=%s)" % (self.dn_binary_attribute, self.base_dn))
+        self.assertEqual(len(res), 0)
+
+        # search by specifying the binary part
+        res = self.ldb.search(base=self.base_dn,
+                              scope=SCOPE_SUBTREE,
+                              expression="(%s=B:4:1234)" % self.dn_binary_attribute)
+        self.assertEqual(len(res), 0)
+
+        # search by DN+Binary
+        res = self.ldb.search(base=self.base_dn,
+                              scope=SCOPE_SUBTREE,
+                              expression="(%s=B:4:1234:%s)" % (self.dn_binary_attribute, self.base_dn))
+        self.assertEqual(len(res), 1)
+
+        # add object with wrong format - 5 bytes instead of 4, 8, 16, 32...
+        object_name2 = "obj-DN-Binary2" + time.strftime("%s", time.gmtime())
+        ldif = self._get_object_ldif(object_name2, self.dn_binary_class_name, self.dn_binary_class_ldap_display_name,
+                                     self.dn_binary_attribute, ": B:5:67890:" + self.base_dn)
+        try:
+            self.ldb.add_ldif(ldif)
+        except LdbError as e8:
+            (num, _) = e8.args
+            self.assertEqual(num, ERR_INVALID_ATTRIBUTE_SYNTAX)
+
+        # add object with the same dn but with different binary value
+        ldif = self._get_object_ldif(object_name1, self.dn_binary_class_name, self.dn_binary_class_ldap_display_name,
+                                     self.dn_binary_attribute, ": B:4:5678:" + self.base_dn)
+        try:
+            self.ldb.add_ldif(ldif)
+        except LdbError as e9:
+            (num, _) = e9.args
+            self.assertEqual(num, ERR_ENTRY_ALREADY_EXISTS)
+
+        # add object with the same dn but with different binary and dn value
+        ldif = self._get_object_ldif(object_name1, self.dn_binary_class_name, self.dn_binary_class_ldap_display_name,
+                                     self.dn_binary_attribute, ": B:4:5678:" + self.schema_dn)
+        try:
+            self.ldb.add_ldif(ldif)
+        except LdbError as e10:
+            (num, _) = e10.args
+            self.assertEqual(num, ERR_ENTRY_ALREADY_EXISTS)
+
+        # add object with the same dn but with different dn value
+        ldif = self._get_object_ldif(object_name1, self.dn_binary_class_name, self.dn_binary_class_ldap_display_name,
+                                     self.dn_binary_attribute, ": B:4:1234:" + self.schema_dn)
+        try:
+            self.ldb.add_ldif(ldif)
+        except LdbError as e11:
+            (num, _) = e11.args
+            self.assertEqual(num, ERR_ENTRY_ALREADY_EXISTS)
+
+        # add object with GUID instead of DN
+        object_name3 = "obj-DN-Binary3" + time.strftime("%s", time.gmtime())
+        ldif = self._get_object_ldif(object_name3, self.dn_binary_class_name, self.dn_binary_class_ldap_display_name,
+                                     self.dn_binary_attribute, ": B:4:1234:<GUID=%s>" % str(uuid.uuid4()))
+        try:
+            self.ldb.add_ldif(ldif)
+        except LdbError as e12:
+            (num, _) = e12.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        # add object with SID instead of DN
+        object_name4 = "obj-DN-Binary4" + time.strftime("%s", time.gmtime())
+        ldif = self._get_object_ldif(object_name4, self.dn_binary_class_name, self.dn_binary_class_ldap_display_name,
+                                     self.dn_binary_attribute, ": B:4:1234:<SID=%s>" % self.ldb.get_domain_sid())
+        try:
+            self.ldb.add_ldif(ldif)
+        except LdbError as e13:
+            (num, _) = e13.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        # add object with random string instead of DN
+        object_name5 = "obj-DN-Binary5" + time.strftime("%s", time.gmtime())
+        ldif = self._get_object_ldif(object_name5, self.dn_binary_class_name, self.dn_binary_class_ldap_display_name,
+                                     self.dn_binary_attribute, ": B:4:1234:randomSTRING")
+        try:
+            self.ldb.add_ldif(ldif)
+        except LdbError as e14:
+            (num, _) = e14.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+
+TestProgram(module=__name__, opts=subunitopts)
diff --git a/source4/dsdb/tests/python/linked_attributes.py b/source4/dsdb/tests/python/linked_attributes.py
new file mode 100644
index 0000000..24ad0c4
--- /dev/null
+++ b/source4/dsdb/tests/python/linked_attributes.py
@@ -0,0 +1,839 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+# Originally based on ./sam.py
+import optparse
+import sys
+import os
+import itertools
+
+sys.path.insert(0, "bin/python")
+import samba
+from samba.tests.subunitrun import SubunitOptions, TestProgram
+
+import samba.getopt as options
+
+from samba.auth import system_session
+import ldb
+from samba.samdb import SamDB
+from samba.dcerpc import misc
+
+parser = optparse.OptionParser("linked_attributes.py [options] <host>")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+subunitopts = SubunitOptions(parser)
+parser.add_option_group(subunitopts)
+
+parser.add_option('--delete-in-setup', action='store_true',
+                  help="cleanup in setup")
+
+parser.add_option('--no-cleanup', action='store_true',
+                  help="don't cleanup in teardown")
+
+parser.add_option('--no-reveal-internals', action='store_true',
+                  help="Only use windows compatible ldap controls")
+
+opts, args = parser.parse_args()
+
+if len(args) < 1:
+    parser.print_usage()
+    sys.exit(1)
+
+host = args[0]
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+
+
+class LATestException(Exception):
+    pass
+
+
+class LATests(samba.tests.TestCase):
+
+    def setUp(self):
+        super(LATests, self).setUp()
+        self.samdb = SamDB(host, credentials=creds,
+                           session_info=system_session(lp), lp=lp)
+
+        self.base_dn = self.samdb.domain_dn()
+        self.testbase = "CN=LATests,%s" % self.base_dn
+        if opts.delete_in_setup:
+            try:
+                self.samdb.delete(self.testbase, ['tree_delete:1'])
+            except ldb.LdbError as e:
+                print("tried deleting %s, got error %s" % (self.testbase, e))
+        self.samdb.add({'objectclass': 'container',
+                        'dn': self.testbase})
+
+    def tearDown(self):
+        super(LATests, self).tearDown()
+        if not opts.no_cleanup:
+            self.samdb.delete(self.testbase, ['tree_delete:1'])
+
+    def add_object(self, cn, objectclass, more_attrs=None):
+        if more_attrs is None:
+            more_attrs = {}
+
+        dn = "CN=%s,%s" % (cn, self.testbase)
+        attrs = {'cn': cn,
+                 'objectclass': objectclass,
+                 'dn': dn}
+        attrs.update(more_attrs)
+        self.samdb.add(attrs)
+
+        return dn
+
+    def add_objects(self, n, objectclass, prefix=None, more_attrs=None):
+        if more_attrs is None:
+            more_attrs = {}
+        if prefix is None:
+            prefix = objectclass
+        dns = []
+        for i in range(n):
+            dns.append(self.add_object("%s%d" % (prefix, i + 1),
+                                       objectclass,
+                                       more_attrs=more_attrs))
+        return dns
+
+    def add_linked_attribute(self, src, dest, attr='member',
+                             controls=None):
+        m = ldb.Message()
+        m.dn = ldb.Dn(self.samdb, src)
+        m[attr] = ldb.MessageElement(dest, ldb.FLAG_MOD_ADD, attr)
+        self.samdb.modify(m, controls=controls)
+
+    def remove_linked_attribute(self, src, dest, attr='member',
+                                controls=None):
+        m = ldb.Message()
+        m.dn = ldb.Dn(self.samdb, src)
+        m[attr] = ldb.MessageElement(dest, ldb.FLAG_MOD_DELETE, attr)
+        self.samdb.modify(m, controls=controls)
+
+    def replace_linked_attribute(self, src, dest, attr='member',
+                                 controls=None):
+        m = ldb.Message()
+        m.dn = ldb.Dn(self.samdb, src)
+        m[attr] = ldb.MessageElement(dest, ldb.FLAG_MOD_REPLACE, attr)
+        self.samdb.modify(m, controls=controls)
+
+    def attr_search(self, obj, attr, scope=ldb.SCOPE_BASE, **controls):
+        if opts.no_reveal_internals:
+            if 'reveal_internals' in controls:
+                del controls['reveal_internals']
+
+        controls = ['%s:%d' % (k, int(v)) for k, v in controls.items()]
+
+        res = self.samdb.search(obj,
+                                scope=scope,
+                                attrs=[attr],
+                                controls=controls)
+        return res
+
+    def assert_links(self, obj, expected, attr, msg='', **kwargs):
+        res = self.attr_search(obj, attr, **kwargs)
+
+        if len(expected) == 0:
+            if attr in res[0]:
+                self.fail("found attr '%s' in %s" % (attr, res[0]))
+            return
+
+        try:
+            results = [str(x) for x in res[0][attr]]
+        except KeyError:
+            self.fail("missing attr '%s' on %s" % (attr, obj))
+
+        expected = sorted(expected)
+        results = sorted(results)
+
+        if expected != results:
+            print(msg)
+            print("expected %s" % expected)
+            print("received %s" % results)
+
+        self.assertEqual(results, expected)
+
+    def assert_back_links(self, obj, expected, attr='memberOf', **kwargs):
+        self.assert_links(obj, expected, attr=attr,
+                          msg='back links do not match', **kwargs)
+
+    def assert_forward_links(self, obj, expected, attr='member', **kwargs):
+        self.assert_links(obj, expected, attr=attr,
+                          msg='forward links do not match', **kwargs)
+
+    def get_object_guid(self, dn):
+        res = self.samdb.search(dn,
+                                scope=ldb.SCOPE_BASE,
+                                attrs=['objectGUID'])
+        return str(misc.GUID(res[0]['objectGUID'][0]))
+
+    def _test_la_backlinks(self, reveal=False):
+        tag = 'backlinks'
+        kwargs = {}
+        if reveal:
+            tag += '_reveal'
+            kwargs = {'reveal_internals': 0}
+
+        u1, u2 = self.add_objects(2, 'user', 'u_%s' % tag)
+        g1, g2 = self.add_objects(2, 'group', 'g_%s' % tag)
+
+        self.add_linked_attribute(g1, u1)
+        self.add_linked_attribute(g2, u1)
+        self.add_linked_attribute(g2, u2)
+
+        self.assert_back_links(u1, [g1, g2], **kwargs)
+        self.assert_back_links(u2, [g2], **kwargs)
+
+    def test_la_backlinks(self):
+        self._test_la_backlinks()
+
+    def test_la_backlinks_reveal(self):
+        if opts.no_reveal_internals:
+            print('skipping because --no-reveal-internals')
+            return
+        self._test_la_backlinks(True)
+
+    def _test_la_backlinks_delete_group(self, reveal=False):
+        tag = 'del_group'
+        kwargs = {}
+        if reveal:
+            tag += '_reveal'
+            kwargs = {'reveal_internals': 0}
+
+        u1, u2 = self.add_objects(2, 'user', 'u_' + tag)
+        g1, g2 = self.add_objects(2, 'group', 'g_' + tag)
+
+        self.add_linked_attribute(g1, u1)
+        self.add_linked_attribute(g2, u1)
+        self.add_linked_attribute(g2, u2)
+
+        self.samdb.delete(g2, ['tree_delete:1'])
+
+        self.assert_back_links(u1, [g1], **kwargs)
+        self.assert_back_links(u2, set(), **kwargs)
+
+    def test_la_backlinks_delete_group(self):
+        self._test_la_backlinks_delete_group()
+
+    def test_la_backlinks_delete_group_reveal(self):
+        if opts.no_reveal_internals:
+            print('skipping because --no-reveal-internals')
+            return
+        self._test_la_backlinks_delete_group(True)
+
+    def test_links_all_delete_group(self):
+        u1, u2 = self.add_objects(2, 'user', 'u_all_del_group')
+        g1, g2 = self.add_objects(2, 'group', 'g_all_del_group')
+        g2guid = self.get_object_guid(g2)
+
+        self.add_linked_attribute(g1, u1)
+        self.add_linked_attribute(g2, u1)
+        self.add_linked_attribute(g2, u2)
+
+        self.samdb.delete(g2)
+        self.assert_back_links(u1, [g1], show_deleted=1, show_recycled=1,
+                               show_deactivated_link=0)
+        self.assert_back_links(u2, set(), show_deleted=1, show_recycled=1,
+                               show_deactivated_link=0)
+        self.assert_forward_links(g1, [u1], show_deleted=1, show_recycled=1,
+                                  show_deactivated_link=0)
+        self.assert_forward_links('<GUID=%s>' % g2guid,
+                                  [], show_deleted=1, show_recycled=1,
+                                  show_deactivated_link=0)
+
+    def test_links_all_delete_group_reveal(self):
+        u1, u2 = self.add_objects(2, 'user', 'u_all_del_group_reveal')
+        g1, g2 = self.add_objects(2, 'group', 'g_all_del_group_reveal')
+        g2guid = self.get_object_guid(g2)
+
+        self.add_linked_attribute(g1, u1)
+        self.add_linked_attribute(g2, u1)
+        self.add_linked_attribute(g2, u2)
+
+        self.samdb.delete(g2)
+        self.assert_back_links(u1, [g1], show_deleted=1, show_recycled=1,
+                               show_deactivated_link=0,
+                               reveal_internals=0)
+        self.assert_back_links(u2, set(), show_deleted=1, show_recycled=1,
+                               show_deactivated_link=0,
+                               reveal_internals=0)
+        self.assert_forward_links(g1, [u1], show_deleted=1, show_recycled=1,
+                                  show_deactivated_link=0,
+                                  reveal_internals=0)
+        self.assert_forward_links('<GUID=%s>' % g2guid,
+                                  [], show_deleted=1, show_recycled=1,
+                                  show_deactivated_link=0,
+                                  reveal_internals=0)
+
+    def test_la_links_delete_link(self):
+        u1, u2 = self.add_objects(2, 'user', 'u_del_link')
+        g1, g2 = self.add_objects(2, 'group', 'g_del_link')
+
+        res = self.samdb.search(g1, scope=ldb.SCOPE_BASE,
+                                attrs=['uSNChanged'])
+        old_usn1 = int(res[0]['uSNChanged'][0])
+
+        self.add_linked_attribute(g1, u1)
+
+        res = self.samdb.search(g1, scope=ldb.SCOPE_BASE,
+                                attrs=['uSNChanged'])
+        new_usn1 = int(res[0]['uSNChanged'][0])
+
+        self.assertNotEqual(old_usn1, new_usn1, "USN should have incremented")
+
+        self.add_linked_attribute(g2, u1)
+        self.add_linked_attribute(g2, u2)
+
+        res = self.samdb.search(g2, scope=ldb.SCOPE_BASE,
+                                attrs=['uSNChanged'])
+        old_usn2 = int(res[0]['uSNChanged'][0])
+
+        self.remove_linked_attribute(g2, u1)
+
+        res = self.samdb.search(g2, scope=ldb.SCOPE_BASE,
+                                attrs=['uSNChanged'])
+        new_usn2 = int(res[0]['uSNChanged'][0])
+
+        self.assertNotEqual(old_usn2, new_usn2, "USN should have incremented")
+
+        self.assert_forward_links(g1, [u1])
+        self.assert_forward_links(g2, [u2])
+
+        self.add_linked_attribute(g2, u1)
+        self.assert_forward_links(g2, [u1, u2])
+        self.remove_linked_attribute(g2, u2)
+        self.assert_forward_links(g2, [u1])
+        self.remove_linked_attribute(g2, u1)
+        self.assert_forward_links(g2, [])
+        self.remove_linked_attribute(g1, [])
+        self.assert_forward_links(g1, [])
+
+        # removing a duplicate link in the same message should fail
+        self.add_linked_attribute(g2, [u1, u2])
+        self.assertRaises(ldb.LdbError,
+                          self.remove_linked_attribute, g2, [u1, u1])
+
+    def _test_la_links_delete_link_reveal(self):
+        u1, u2 = self.add_objects(2, 'user', 'u_del_link_reveal')
+        g1, g2 = self.add_objects(2, 'group', 'g_del_link_reveal')
+
+        self.add_linked_attribute(g1, u1)
+        self.add_linked_attribute(g2, u1)
+        self.add_linked_attribute(g2, u2)
+
+        self.remove_linked_attribute(g2, u1)
+
+        self.assert_forward_links(g2, [u1, u2], show_deleted=1,
+                                  show_recycled=1,
+                                  show_deactivated_link=0,
+                                  reveal_internals=0
+                                  )
+
+    def test_la_links_delete_link_reveal(self):
+        if opts.no_reveal_internals:
+            print('skipping because --no-reveal-internals')
+            return
+        self._test_la_links_delete_link_reveal()
+
+    def test_la_links_delete_user(self):
+        u1, u2 = self.add_objects(2, 'user', 'u_del_user')
+        g1, g2 = self.add_objects(2, 'group', 'g_del_user')
+
+        self.add_linked_attribute(g1, u1)
+        self.add_linked_attribute(g2, u1)
+        self.add_linked_attribute(g2, u2)
+
+        res = self.samdb.search(g1, scope=ldb.SCOPE_BASE,
+                                attrs=['uSNChanged'])
+        old_usn1 = int(res[0]['uSNChanged'][0])
+
+        res = self.samdb.search(g2, scope=ldb.SCOPE_BASE,
+                                attrs=['uSNChanged'])
+        old_usn2 = int(res[0]['uSNChanged'][0])
+
+        self.samdb.delete(u1)
+
+        self.assert_forward_links(g1, [])
+        self.assert_forward_links(g2, [u2])
+
+        res = self.samdb.search(g1, scope=ldb.SCOPE_BASE,
+                                attrs=['uSNChanged'])
+        new_usn1 = int(res[0]['uSNChanged'][0])
+
+        res = self.samdb.search(g2, scope=ldb.SCOPE_BASE,
+                                attrs=['uSNChanged'])
+        new_usn2 = int(res[0]['uSNChanged'][0])
+
+        # Assert the USN on the alternate object is unchanged
+        self.assertEqual(old_usn1, new_usn1)
+        self.assertEqual(old_usn2, new_usn2)
+
+    def test_la_links_delete_user_reveal(self):
+        u1, u2 = self.add_objects(2, 'user', 'u_del_user_reveal')
+        g1, g2 = self.add_objects(2, 'group', 'g_del_user_reveal')
+
+        self.add_linked_attribute(g1, u1)
+        self.add_linked_attribute(g2, u1)
+        self.add_linked_attribute(g2, u2)
+
+        self.samdb.delete(u1)
+
+        self.assert_forward_links(g2, [u2],
+                                  show_deleted=1, show_recycled=1,
+                                  show_deactivated_link=0,
+                                  reveal_internals=0)
+        self.assert_forward_links(g1, [],
+                                  show_deleted=1, show_recycled=1,
+                                  show_deactivated_link=0,
+                                  reveal_internals=0)
+
+    def test_multiple_links(self):
+        u1, u2, u3, u4 = self.add_objects(4, 'user', 'u_multiple_links')
+        g1, g2, g3, g4 = self.add_objects(4, 'group', 'g_multiple_links')
+
+        self.add_linked_attribute(g1, [u1, u2, u3, u4])
+        self.add_linked_attribute(g2, [u3, u1])
+        self.add_linked_attribute(g3, u2)
+
+        self.assertRaisesLdbError(ldb.ERR_ENTRY_ALREADY_EXISTS,
+                                  "adding duplicate values",
+                                  self.add_linked_attribute, g2,
+                                  [u1, u2, u3, u2])
+
+        self.assert_forward_links(g1, [u1, u2, u3, u4])
+        self.assert_forward_links(g2, [u3, u1])
+        self.assert_forward_links(g3, [u2])
+        self.assert_back_links(u1, [g2, g1])
+        self.assert_back_links(u2, [g3, g1])
+        self.assert_back_links(u3, [g2, g1])
+        self.assert_back_links(u4, [g1])
+
+        self.remove_linked_attribute(g2, [u1, u3])
+        self.remove_linked_attribute(g1, [u1, u3])
+
+        self.assert_forward_links(g1, [u2, u4])
+        self.assert_forward_links(g2, [])
+        self.assert_forward_links(g3, [u2])
+        self.assert_back_links(u1, [])
+        self.assert_back_links(u2, [g3, g1])
+        self.assert_back_links(u3, [])
+        self.assert_back_links(u4, [g1])
+
+        self.add_linked_attribute(g1, [u1, u3])
+        self.add_linked_attribute(g2, [u3, u1])
+        self.add_linked_attribute(g3, [u1, u3])
+
+        self.assert_forward_links(g1, [u1, u2, u3, u4])
+        self.assert_forward_links(g2, [u1, u3])
+        self.assert_forward_links(g3, [u1, u2, u3])
+        self.assert_back_links(u1, [g1, g2, g3])
+        self.assert_back_links(u2, [g3, g1])
+        self.assert_back_links(u3, [g3, g2, g1])
+        self.assert_back_links(u4, [g1])
+
+    def test_la_links_replace(self):
+        u1, u2, u3, u4 = self.add_objects(4, 'user', 'u_replace')
+        g1, g2, g3, g4 = self.add_objects(4, 'group', 'g_replace')
+
+        self.add_linked_attribute(g1, [u1, u2])
+        self.add_linked_attribute(g2, [u1, u3])
+        self.add_linked_attribute(g3, u1)
+
+        self.replace_linked_attribute(g1, [u2])
+        self.replace_linked_attribute(g2, [u2, u3])
+        self.replace_linked_attribute(g3, [u1, u3])
+        self.replace_linked_attribute(g4, [u4])
+
+        self.assert_forward_links(g1, [u2])
+        self.assert_forward_links(g2, [u3, u2])
+        self.assert_forward_links(g3, [u3, u1])
+        self.assert_forward_links(g4, [u4])
+        self.assert_back_links(u1, [g3])
+        self.assert_back_links(u2, [g1, g2])
+        self.assert_back_links(u3, [g2, g3])
+        self.assert_back_links(u4, [g4])
+
+        self.replace_linked_attribute(g1, [u1, u2, u3])
+        self.replace_linked_attribute(g2, [u1])
+        self.replace_linked_attribute(g3, [u2])
+        self.replace_linked_attribute(g4, [])
+
+        self.assert_forward_links(g1, [u1, u2, u3])
+        self.assert_forward_links(g2, [u1])
+        self.assert_forward_links(g3, [u2])
+        self.assert_forward_links(g4, [])
+        self.assert_back_links(u1, [g1, g2])
+        self.assert_back_links(u2, [g1, g3])
+        self.assert_back_links(u3, [g1])
+        self.assert_back_links(u4, [])
+
+        self.assertRaisesLdbError(ldb.ERR_ENTRY_ALREADY_EXISTS,
+                                  "replacing duplicate values",
+                                  self.replace_linked_attribute, g2,
+                                  [u1, u2, u3, u2])
+
+    def test_la_links_replace2(self):
+        users = self.add_objects(12, 'user', 'u_replace2')
+        g1, = self.add_objects(1, 'group', 'g_replace2')
+
+        self.add_linked_attribute(g1, users[:6])
+        self.assert_forward_links(g1, users[:6])
+        self.replace_linked_attribute(g1, users)
+        self.assert_forward_links(g1, users)
+        self.replace_linked_attribute(g1, users[6:])
+        self.assert_forward_links(g1, users[6:])
+        self.remove_linked_attribute(g1, users[6:9])
+        self.assert_forward_links(g1, users[9:])
+        self.remove_linked_attribute(g1, users[9:])
+        self.assert_forward_links(g1, [])
+
+    def test_la_links_permutations(self):
+        """Make sure the order in which we add links doesn't matter."""
+        users = self.add_objects(3, 'user', 'u_permutations')
+        groups = self.add_objects(6, 'group', 'g_permutations')
+
+        for g, p in zip(groups, itertools.permutations(users)):
+            self.add_linked_attribute(g, p)
+
+        # everyone should be in every group
+        for g in groups:
+            self.assert_forward_links(g, users)
+
+        for u in users:
+            self.assert_back_links(u, groups)
+
+        for g, p in zip(groups[::-1], itertools.permutations(users)):
+            self.replace_linked_attribute(g, p)
+
+        for g in groups:
+            self.assert_forward_links(g, users)
+
+        for u in users:
+            self.assert_back_links(u, groups)
+
+        for g, p in zip(groups, itertools.permutations(users)):
+            self.remove_linked_attribute(g, p)
+
+        for g in groups:
+            self.assert_forward_links(g, [])
+
+        for u in users:
+            self.assert_back_links(u, [])
+
+    def test_la_links_relaxed(self):
+        """Check that the relax control doesn't mess with linked attributes."""
+        relax_control = ['relax:0']
+
+        users = self.add_objects(10, 'user', 'u_relax')
+        groups = self.add_objects(3, 'group', 'g_relax',
+                                  more_attrs={'member': users[:2]})
+        g_relax1, g_relax2, g_uptight = groups
+
+        # g_relax1 has all users added at once
+        # g_relax2 gets them one at a time in reverse order
+        # g_uptight never relaxes
+
+        self.add_linked_attribute(g_relax1, users[2:5], controls=relax_control)
+
+        for u in reversed(users[2:5]):
+            self.add_linked_attribute(g_relax2, u, controls=relax_control)
+            self.add_linked_attribute(g_uptight, u)
+
+        for g in groups:
+            self.assert_forward_links(g, users[:5])
+
+            self.add_linked_attribute(g, users[5:7])
+            self.assert_forward_links(g, users[:7])
+
+            for u in users[7:]:
+                self.add_linked_attribute(g, u)
+
+            self.assert_forward_links(g, users)
+
+        for u in users:
+            self.assert_back_links(u, groups)
+
+        # try some replacement permutations
+        import random
+        random.seed(1)
+        users2 = users[:]
+        for i in range(5):
+            random.shuffle(users2)
+            self.replace_linked_attribute(g_relax1, users2,
+                                          controls=relax_control)
+
+            self.assert_forward_links(g_relax1, users)
+
+        for i in range(5):
+            random.shuffle(users2)
+            self.remove_linked_attribute(g_relax2, users2,
+                                         controls=relax_control)
+            self.remove_linked_attribute(g_uptight, users2)
+
+            self.replace_linked_attribute(g_relax1, [], controls=relax_control)
+
+            random.shuffle(users2)
+            self.add_linked_attribute(g_relax2, users2,
+                                      controls=relax_control)
+            self.add_linked_attribute(g_uptight, users2)
+            self.replace_linked_attribute(g_relax1, users2,
+                                          controls=relax_control)
+
+            self.assert_forward_links(g_relax1, users)
+            self.assert_forward_links(g_relax2, users)
+            self.assert_forward_links(g_uptight, users)
+
+        for u in users:
+            self.assert_back_links(u, groups)
+
+    def test_add_all_at_once(self):
+        """All these other tests are creating linked attributes after the
+        objects are there. We want to test creating them all at once
+        using LDIF.
+        """
+        users = self.add_objects(7, 'user', 'u_all_at_once')
+        g1, g3 = self.add_objects(2, 'group', 'g_all_at_once',
+                                  more_attrs={'member': users})
+        (g2,) = self.add_objects(1, 'group', 'g_all_at_once2',
+                                 more_attrs={'member': users[:5]})
+
+        self.assertRaisesLdbError(ldb.ERR_ENTRY_ALREADY_EXISTS,
+                                  "adding multiple duplicate values",
+                                  self.add_objects, 1, 'group',
+                                  'g_with_duplicate_links',
+                                  more_attrs={'member': users[:5] + users[1:2]})
+
+        self.assert_forward_links(g1, users)
+        self.assert_forward_links(g2, users[:5])
+        self.assert_forward_links(g3, users)
+        for u in users[:5]:
+            self.assert_back_links(u, [g1, g2, g3])
+        for u in users[5:]:
+            self.assert_back_links(u, [g1, g3])
+
+        self.remove_linked_attribute(g2, users[0])
+        self.remove_linked_attribute(g2, users[1])
+        self.add_linked_attribute(g2, users[1])
+        self.add_linked_attribute(g2, users[5])
+        self.add_linked_attribute(g2, users[6])
+
+        self.assert_forward_links(g1, users)
+        self.assert_forward_links(g2, users[1:])
+
+        for u in users[1:]:
+            self.remove_linked_attribute(g2, u)
+        self.remove_linked_attribute(g1, users)
+
+        for u in users:
+            self.samdb.delete(u)
+
+        self.assert_forward_links(g1, [])
+        self.assert_forward_links(g2, [])
+        self.assert_forward_links(g3, [])
+
+    def test_one_way_attributes(self):
+        e1, e2 = self.add_objects(2, 'msExchConfigurationContainer',
+                                  'e_one_way')
+        guid = self.get_object_guid(e2)
+
+        self.add_linked_attribute(e1, e2, attr="addressBookRoots")
+        self.assert_forward_links(e1, [e2], attr='addressBookRoots')
+
+        self.samdb.delete(e2)
+
+        res = self.samdb.search("<GUID=%s>" % guid,
+                                scope=ldb.SCOPE_BASE,
+                                controls=['show_deleted:1',
+                                          'show_recycled:1'])
+
+        new_dn = str(res[0].dn)
+        self.assert_forward_links(e1, [new_dn], attr='addressBookRoots')
+        self.assert_forward_links(e1, [new_dn],
+                                  attr='addressBookRoots',
+                                  show_deactivated_link=0)
+
+    def test_one_way_attributes_delete_link(self):
+        e1, e2 = self.add_objects(2, 'msExchConfigurationContainer',
+                                  'e_one_way')
+        guid = self.get_object_guid(e2)
+
+        self.add_linked_attribute(e1, e2, attr="addressBookRoots")
+        self.assert_forward_links(e1, [e2], attr='addressBookRoots')
+
+        self.remove_linked_attribute(e1, e2, attr="addressBookRoots")
+
+        self.assert_forward_links(e1, [], attr='addressBookRoots')
+        self.assert_forward_links(e1, [], attr='addressBookRoots',
+                                  show_deactivated_link=0)
+
+    def test_pretend_one_way_attributes(self):
+        e1, e2 = self.add_objects(2, 'msExchConfigurationContainer',
+                                  'e_one_way')
+        guid = self.get_object_guid(e2)
+
+        self.add_linked_attribute(e1, e2, attr="addressBookRoots2")
+        self.assert_forward_links(e1, [e2], attr='addressBookRoots2')
+
+        self.samdb.delete(e2)
+        res = self.samdb.search("<GUID=%s>" % guid,
+                                scope=ldb.SCOPE_BASE,
+                                controls=['show_deleted:1',
+                                          'show_recycled:1'])
+
+        new_dn = str(res[0].dn)
+
+        self.assert_forward_links(e1, [], attr='addressBookRoots2')
+        self.assert_forward_links(e1, [], attr='addressBookRoots2',
+                                  show_deactivated_link=0)
+
+    def test_pretend_one_way_attributes_delete_link(self):
+        e1, e2 = self.add_objects(2, 'msExchConfigurationContainer',
+                                  'e_one_way')
+        guid = self.get_object_guid(e2)
+
+        self.add_linked_attribute(e1, e2, attr="addressBookRoots2")
+        self.assert_forward_links(e1, [e2], attr='addressBookRoots2')
+
+        self.remove_linked_attribute(e1, e2, attr="addressBookRoots2")
+
+        self.assert_forward_links(e1, [], attr='addressBookRoots2')
+        self.assert_forward_links(e1, [], attr='addressBookRoots2',
+                                  show_deactivated_link=0)
+
+
+    def test_self_link(self):
+        e1, = self.add_objects(1, 'group',
+                              'e_self_link')
+
+        guid = self.get_object_guid(e1)
+        self.add_linked_attribute(e1, e1, attr="member")
+        self.assert_forward_links(e1, [e1], attr='member')
+        self.assert_back_links(e1, [e1], attr='memberOf')
+
+        try:
+            self.samdb.delete(e1)
+        except ldb.LdbError:
+            # Cope with the current bug to make this a failure
+            self.remove_linked_attribute(e1, e1, attr="member")
+            self.samdb.delete(e1)
+            self.fail("could not delete object with link to itself")
+
+        self.assert_forward_links('<GUID=%s>' % guid, [], attr='member',
+                                  show_deleted=1)
+        self.assert_forward_links('<GUID=%s>' % guid, [], attr='member',
+                                  show_deactivated_link=0,
+                                  show_deleted=1)
+        self.assert_back_links('<GUID=%s>' % guid, [], attr='memberOf',
+                               show_deleted=1)
+
+    def test_la_invisible_backlink(self):
+        u1, = self.add_objects(1, 'user', 'u_invisible_bl')
+        k1, = self.add_objects(1, 'msDS-KeyCredential', 'k1_invisible_bl',
+                                more_attrs={'msDS-KeyId': 'KeyId1', })
+        c2, = self.add_objects(1, 'container', 'c_invisible_bl')
+        k2, = self.add_objects(1, 'msDS-KeyCredential', 'k2_invisible_bl',
+                                more_attrs={'msDS-KeyId': 'KeyId2', })
+
+        # msDS-KeyPrincipalBL is allowed on objectClass 'user'
+        # so the msDS-KeyPrincipalBL attribute is visible by
+        # default (asking for '*')
+        self.add_linked_attribute(k1, u1, attr="msDS-KeyPrincipal")
+        self.assert_forward_links(k1, [u1], attr="msDS-KeyPrincipal")
+        self.assert_back_links(u1, [k1], attr="msDS-KeyPrincipalBL")
+        res = self.samdb.search(u1, scope=ldb.SCOPE_BASE, attrs=["*"])
+        self.assertIn("msDS-KeyPrincipalBL", res[0])
+        res = self.samdb.search(u1, scope=ldb.SCOPE_BASE,
+                                expression='(msDS-KeyPrincipalBL=*)',
+                                attrs=["*"])
+        self.assertIn("msDS-KeyPrincipalBL", res[0])
+        expression = '(msDS-KeyPrincipalBL=%s)' % ldb.binary_encode(str(k1))
+        res = self.samdb.search(self.testbase, scope=ldb.SCOPE_SUBTREE,
+                                expression=expression, attrs=["*"])
+        self.assertEqual(len(res), 1)
+        self.assertEqual(str(res[0].dn), u1)
+        self.assertIn("msDS-KeyPrincipalBL", res[0])
+
+        # msDS-KeyPrincipalBL is allowed on objectClass 'msDS-KeyPrincipal'
+        # so the msDS-KeyPrincipalBL attribute is not visible by
+        # default (asking for '*'), it is only visible if
+        # explicitly requested
+        self.add_linked_attribute(k2, c2, attr="msDS-KeyPrincipal")
+        self.assert_forward_links(k2, [c2], attr="msDS-KeyPrincipal")
+        self.assert_back_links(c2, [k2], attr="msDS-KeyPrincipalBL")
+        res = self.samdb.search(c2, scope=ldb.SCOPE_BASE, attrs=["*"])
+        self.assertNotIn("msDS-KeyPrincipalBL", res[0])
+        res = self.samdb.search(c2, scope=ldb.SCOPE_BASE,
+                                expression='(msDS-KeyPrincipalBL=*)',
+                                attrs=["*"])
+        self.assertNotIn("msDS-KeyPrincipalBL", res[0])
+        res = self.samdb.search(c2, scope=ldb.SCOPE_BASE,
+                                attrs=["*", "msDS-KeyPrincipalBL"])
+        self.assertIn("msDS-KeyPrincipalBL", res[0])
+        res = self.samdb.search(c2, scope=ldb.SCOPE_BASE,
+                                expression='(msDS-KeyPrincipalBL=*)',
+                                attrs=["*", "msDS-KeyPrincipalBL"])
+        self.assertIn("msDS-KeyPrincipalBL", res[0])
+        expression = '(msDS-KeyPrincipalBL=%s)' % ldb.binary_encode(str(k2))
+        res = self.samdb.search(self.testbase, scope=ldb.SCOPE_SUBTREE,
+                                expression=expression,
+                                attrs=["*"])
+        self.assertEqual(len(res), 1)
+        self.assertEqual(str(res[0].dn), c2)
+        self.assertNotIn("msDS-KeyPrincipalBL", res[0])
+        res = self.samdb.search(self.testbase, scope=ldb.SCOPE_SUBTREE,
+                                expression=expression,
+                                attrs=["*", "msDS-KeyPrincipalBL"])
+        self.assertEqual(len(res), 1)
+        self.assertEqual(str(res[0].dn), c2)
+        self.assertIn("msDS-KeyPrincipalBL", res[0])
+
+        # msDS-KeyCredentialLink-BL is allowed on any objectClass at all
+        # so the msDS-KeyCredentialLink-BL attribute is not visible by
+        # default (asking for '*'), it is only visible if
+        # explicitly requested...
+
+        cl1a = "B:4:AAAA:%s" % u1
+        self.add_linked_attribute(u1, cl1a, attr="msDS-KeyCredentialLink")
+        self.assert_forward_links(u1, [cl1a], attr="msDS-KeyCredentialLink")
+        self.assert_back_links(u1, [u1], attr="msDS-KeyCredentialLink-BL")
+        res = self.samdb.search(u1, scope=ldb.SCOPE_BASE, attrs=["*"])
+        self.assertNotIn("msDS-KeyCredentialLink-BL", res[0])
+        res = self.samdb.search(u1, scope=ldb.SCOPE_BASE,
+                                attrs=["*", "msDS-KeyCredentialLink-BL"])
+        self.assertIn("msDS-KeyCredentialLink-BL", res[0])
+        self.assertEqual(1, len(res[0]["msDS-KeyCredentialLink-BL"]))
+
+        cl1b = "B:4:BBBB:%s" % u1
+        self.add_linked_attribute(u1, cl1b, attr="msDS-KeyCredentialLink")
+        self.assert_forward_links(u1, [cl1a,cl1b], attr="msDS-KeyCredentialLink")
+        self.assert_back_links(u1, [u1,u1], attr="msDS-KeyCredentialLink-BL")
+        res = self.samdb.search(u1, scope=ldb.SCOPE_BASE, attrs=["*"])
+        self.assertNotIn("msDS-KeyCredentialLink-BL", res[0])
+        res = self.samdb.search(u1, scope=ldb.SCOPE_BASE,
+                                attrs=["*", "msDS-KeyCredentialLink-BL"])
+        self.assertIn("msDS-KeyCredentialLink-BL", res[0])
+        self.assertEqual(2, len(res[0]["msDS-KeyCredentialLink-BL"]))
+
+        cl1c = "B:4:CCCC:%s" % k1
+        self.add_linked_attribute(u1, cl1c, attr="msDS-KeyCredentialLink")
+        self.assert_forward_links(u1, [cl1a,cl1b,cl1c], attr="msDS-KeyCredentialLink")
+        self.assert_back_links(u1, [u1,u1], attr="msDS-KeyCredentialLink-BL")
+        self.assert_back_links(k1, [u1], attr="msDS-KeyCredentialLink-BL")
+        res = self.samdb.search(k1, scope=ldb.SCOPE_BASE, attrs=["*"])
+        self.assertNotIn("msDS-KeyCredentialLink-BL", res[0])
+        res = self.samdb.search(k1, scope=ldb.SCOPE_BASE,
+                                attrs=["*", "msDS-KeyCredentialLink-BL"])
+        self.assertIn("msDS-KeyCredentialLink-BL", res[0])
+        self.assertEqual(1, len(res[0]["msDS-KeyCredentialLink-BL"]))
+
+if "://" not in host:
+    if os.path.isfile(host):
+        host = "tdb://%s" % host
+    else:
+        host = "ldap://%s" % host
+
+
+TestProgram(module=__name__, opts=subunitopts)
diff --git a/source4/dsdb/tests/python/login_basics.py b/source4/dsdb/tests/python/login_basics.py
new file mode 100755
index 0000000..46983e8
--- /dev/null
+++ b/source4/dsdb/tests/python/login_basics.py
@@ -0,0 +1,273 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# Basic sanity-checks of user login. This sanity-checks that a user can login
+# over both NTLM and Kerberos, that incorrect passwords are rejected, and that
+# the user can change their password successfully.
+#
+# Copyright Andrew Bartlett 2018
+#
+import optparse
+import sys
+from samba.tests.subunitrun import TestProgram, SubunitOptions
+import samba.getopt as options
+from samba.auth import system_session
+from samba.credentials import MUST_USE_KERBEROS
+from samba.dsdb import UF_NORMAL_ACCOUNT
+from samba.samdb import SamDB
+from password_lockout_base import BasePasswordTestCase
+
+sys.path.insert(0, "bin/python")
+
+parser = optparse.OptionParser("login_basics.py [options] <host>")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+subunitopts = SubunitOptions(parser)
+parser.add_option_group(subunitopts)
+opts, args = parser.parse_args()
+
+if len(args) < 1:
+    parser.print_usage()
+    sys.exit(1)
+
+host = args[0]
+
+lp = sambaopts.get_loadparm()
+global_creds = credopts.get_credentials(lp)
+
+
+#
+# Tests start here
+#
+class BasicUserAuthTests(BasePasswordTestCase):
+
+    def setUp(self):
+        self.host = host
+        self.host_url = "ldap://%s" % host
+        self.host_url_ldaps = "ldaps://%s" % host
+        self.lp = lp
+        self.global_creds = global_creds
+        self.ldb = SamDB(url=self.host_url, credentials=self.global_creds,
+                         session_info=system_session(self.lp), lp=self.lp)
+        super(BasicUserAuthTests, self).setUp()
+
+    def _test_login_basics(self, creds, simple=False):
+        username = creds.get_username()
+        userpass = creds.get_password()
+        userdn = "cn=%s,cn=users,%s" % (username, self.base_dn)
+        if creds.get_kerberos_state() == MUST_USE_KERBEROS:
+            logoncount_relation = 'greater'
+            lastlogon_relation = 'greater'
+            ldap_url = self.host_url
+            print("Performs a lockout attempt against LDAP using Kerberos")
+        elif simple:
+            logoncount_relation = 'equal'
+            lastlogon_relation = 'equal'
+            ldap_url = self.host_url_ldaps
+            print("Performs a lockout attempt against LDAP using Simple")
+        else:
+            logoncount_relation = 'equal'
+            lastlogon_relation = 'equal'
+            ldap_url = self.host_url
+            print("Performs a lockout attempt against LDAP using NTLM")
+
+        # get the initial logon values for this user
+        res = self._check_account(userdn,
+                                  badPwdCount=0,
+                                  badPasswordTime=("greater", 0),
+                                  logonCount=(logoncount_relation, 0),
+                                  lastLogon=("greater", 0),
+                                  lastLogonTimestamp=("greater", 0),
+                                  userAccountControl=UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0,
+                                  msg='Initial test setup...')
+        badPasswordTime = int(res[0]["badPasswordTime"][0])
+        logonCount = int(res[0]["logonCount"][0])
+        lastLogon = int(res[0]["lastLogon"][0])
+        lastLogonTimestamp = int(res[0]["lastLogonTimestamp"][0])
+
+        test_creds = self.insta_creds(creds)
+
+        # check logging in with the wrong password fails
+        test_creds.set_password("thatsAcomplPASS1xBAD")
+        self.assertLoginFailure(ldap_url, test_creds, self.lp)
+        res = self._check_account(userdn,
+                                  badPwdCount=1,
+                                  badPasswordTime=("greater", badPasswordTime),
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0,
+                                  msg='Test login with wrong password')
+        badPasswordTime = int(res[0]["badPasswordTime"][0])
+
+        # check logging in with the correct password succeeds
+        test_creds.set_password(userpass)
+        user_ldb = self.assertLoginSuccess(ldap_url, test_creds, self.lp)
+        res = self._check_account(userdn,
+                                  badPwdCount=0,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=(logoncount_relation, logonCount),
+                                  lastLogon=('greater', lastLogon),
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0,
+                                  msg='Test login with correct password')
+        logonCount = int(res[0]["logonCount"][0])
+        lastLogon = int(res[0]["lastLogon"][0])
+
+        # check that the user can change its password
+        too_old_password = "thatsAcomplTooOldPass1!"
+        user_ldb.modify_ldif("""
+dn: %s
+changetype: modify
+delete: userPassword
+userPassword: %s
+add: userPassword
+userPassword: %s
+""" % (userdn, userpass, too_old_password))
+
+        # change the password again
+        older_password = "thatsAcomplOlderPass1!"
+        user_ldb.modify_ldif("""
+dn: %s
+changetype: modify
+delete: userPassword
+userPassword: %s
+add: userPassword
+userPassword: %s
+""" % (userdn, too_old_password, older_password))
+
+        # change the password again
+        old_password = "thatsAcomplOldPass1!"
+        user_ldb.modify_ldif("""
+dn: %s
+changetype: modify
+delete: userPassword
+userPassword: %s
+add: userPassword
+userPassword: %s
+""" % (userdn, older_password, old_password))
+
+        # change the password once more
+        new_password = "thatsAcomplNewPass1!"
+        user_ldb.modify_ldif("""
+dn: %s
+changetype: modify
+delete: userPassword
+userPassword: %s
+add: userPassword
+userPassword: %s
+""" % (userdn, old_password, new_password))
+
+        # discard the old creds (i.e. get rid of our valid Kerberos ticket)
+        del test_creds
+        test_creds = self.insta_creds(creds)
+        test_creds.set_password(older_password)
+
+        self.assertLoginFailure(ldap_url, test_creds, self.lp)
+        res = self._check_account(userdn,
+                                  badPwdCount=0,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0,
+                                  msg='Test with older password fails (but badPwdCount=0)')
+
+        del test_creds
+        test_creds = self.insta_creds(creds)
+        test_creds.set_password(old_password)
+
+        # for Kerberos, logging in with the old password fails
+        if creds.get_kerberos_state() == MUST_USE_KERBEROS:
+            self.assertLoginFailure(ldap_url, test_creds, self.lp)
+            info_msg = 'Test Kerberos login with old password fails (but badPwdCount=0)'
+            res = self._check_account(userdn,
+                                      badPwdCount=0,
+                                      badPasswordTime=badPasswordTime,
+                                      logonCount=logonCount,
+                                      lastLogon=lastLogon,
+                                      lastLogonTimestamp=lastLogonTimestamp,
+                                      userAccountControl=UF_NORMAL_ACCOUNT,
+                                      msDSUserAccountControlComputed=0,
+                                      msg=info_msg)
+        else:
+            # for NTLM, logging in with the old password succeeds
+            user_ldb = self.assertLoginSuccess(ldap_url, test_creds, self.lp)
+            if simple:
+                info_msg = 'Test simple-bind login with old password succeeds'
+            else:
+                info_msg = 'Test NTLM login with old password succeeds'
+            res = self._check_account(userdn,
+                                      badPwdCount=0,
+                                      badPasswordTime=badPasswordTime,
+                                      logonCount=logonCount,
+                                      lastLogon=lastLogon,
+                                      lastLogonTimestamp=lastLogonTimestamp,
+                                      userAccountControl=UF_NORMAL_ACCOUNT,
+                                      msDSUserAccountControlComputed=0,
+                                      msg=info_msg)
+            logonCount = int(res[0]["logonCount"][0])
+            lastLogon = int(res[0]["lastLogon"][0])
+
+        # check logging in with the correct password succeeds
+        test_creds.set_password(new_password)
+        user_ldb = self.assertLoginSuccess(ldap_url, test_creds, self.lp)
+        res = self._check_account(userdn,
+                                  badPwdCount=0,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=(logoncount_relation, logonCount),
+                                  lastLogon=(lastlogon_relation, lastLogon),
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0,
+                                  msg='Test login with new password succeeds')
+        logonCount = int(res[0]["logonCount"][0])
+        lastLogon = int(res[0]["lastLogon"][0])
+
+        del test_creds
+        test_creds = self.insta_creds(creds)
+        test_creds.set_password(too_old_password)
+
+        self.assertLoginFailure(ldap_url, test_creds, self.lp)
+        res = self._check_account(userdn,
+                                  badPwdCount=1,
+                                  badPasswordTime=("greater", badPasswordTime),
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0,
+                                  msg='Test login with too old password fails')
+        badPasswordTime = int(res[0]["badPasswordTime"][0])
+
+        # check logging in with the correct password succeeds
+        test_creds.set_password(new_password)
+        user_ldb = self.assertLoginSuccess(ldap_url, test_creds, self.lp)
+        res = self._check_account(userdn,
+                                  badPwdCount=0,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=(logoncount_relation, logonCount),
+                                  lastLogon=('greater', lastLogon),
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0,
+                                  msg='Test login with new password succeeds again')
+
+    def test_login_basics_krb5(self):
+        self._test_login_basics(self.lockout1krb5_creds)
+
+    def test_login_basics_ntlm(self):
+        self._test_login_basics(self.lockout1ntlm_creds)
+
+    def test_login_basics_simple(self):
+        self._test_login_basics(self.lockout1simple_creds, simple=True)
+
+TestProgram(module=__name__, opts=subunitopts)
diff --git a/source4/dsdb/tests/python/ndr_pack_performance.py b/source4/dsdb/tests/python/ndr_pack_performance.py
new file mode 100644
index 0000000..45c1816
--- /dev/null
+++ b/source4/dsdb/tests/python/ndr_pack_performance.py
@@ -0,0 +1,215 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+import optparse
+import sys
+sys.path.insert(0, 'bin/python')
+
+import samba
+import gzip
+
+# We try to use the test infrastructure of Samba 4.3+, but if it
+# doesn't work, we are probably in a back-ported patch and trying to
+# run on 4.1 or something.
+#
+# Don't copy this horror into ordinary tests -- it is special for
+# performance tests that want to apply to old versions.
+
+from samba.tests.subunitrun import TestProgram
+
+from samba.ndr import ndr_pack, ndr_unpack
+from samba.dcerpc import security
+from samba.dcerpc import drsuapi
+
+
+BIG_SD_SDDL = ''.join(
+    """O:S-1-5-21-3328325300-3937145445-4190589019-512G:S-1-5-2
+1-3328325300-3937145445-4190589019-512D:AI(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;S-
+1-5-21-3328325300-3937145445-4190589019-512)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;
+SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(O
+A;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU)(OA;;RP;46a9b11d-60ae-405a-b7e
+8-ff8a58d456d2;;S-1-5-32-560)(OA;CIIOID;RP;4c164200-20c0-11d0-a768-00aa006e05
+29;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIOID;RP;4c164200-20c0-11d0-a
+768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIOID;RP;5f2020
+10-79a5-11d0-9020-00c04fc2d4cf;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CI
+IOID;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa0030
+49e2;RU)(OA;CIIOID;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828cc14-1437-45bc
+-9b07-ad6f015e5f28;RU)(OA;CIIOID;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf96
+7aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIOID;RP;59ba2f42-79a2-11d0-9020-00c
+04fc2d3cf;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIOID;RP;59ba2f42-79a2
+-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIOID;RP
+;037088f8-0ae1-11d2-b422-00a0c968f939;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU
+)(OA;CIIOID;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-0
+0aa003049e2;RU)(OA;CIIOID;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0d
+e6-11d0-a285-00aa003049e2;ED)(OA;CIID;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608
+;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIOID;RP;b7c69e6d-2cc7-11d2-854
+e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIOID;RPLCLORC;;4
+828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIID;RPLCLORC;;bf967a9c-0de6-11d0-
+a285-00aa003049e2;RU)(OA;CIIOID;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e
+2;RU)(OA;CIID;RPWPCR;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)(A;CIID;RPWPCRC
+CDCLCLORCWOWDSDDTSW;;;S-1-5-21-3328325300-3937145445-4190589019-519)(A;CIID;L
+C;;;RU)(A;CIID;RPWPCRCCLCLORCWOWDSDSW;;;BA)(OA;CIIOID;RP;4c164200-20c0-11d0-a
+768-00aa006e0529;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIOID;RP;4c1642
+00-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CI
+IOID;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828cc14-1437-45bc-9b07-ad6f015e
+5f28;RU)(OA;CIIOID;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0
+-a285-00aa003049e2;RU)(OA;CIIOID;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828
+cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIOID;RP;bc0ac240-79a9-11d0-9020-00c
+04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIOID;RP;59ba2f42-79a2
+-11d0-9020-00c04fc2d3cf;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIOID;RP
+;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU
+)(OA;CIIOID;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828cc14-1437-45bc-9b07-a
+d6f015e5f28;RU)(OA;CIIOID;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0d
+e6-11d0-a285-00aa003049e2;RU)(OA;CIIOID;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f6
+08;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;CIID;RP;b7c69e6d-2cc7-11d2-854
+e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIOID;RP;b7c69e6d
+-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO
+ID;RPLCLORC;;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIID;RPLCLORC;;bf967
+a9c-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIOID;RPLCLORC;;bf967aba-0de6-11d0-a2
+85-00aa003049e2;RU)(OA;CIID;RPWPCR;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)(
+A;CIID;RPWPCRCCDCLCLORCWOWDSDDTSW;;;S-1-5-21-3328325300-3937145445-4190589019
+-519)(A;CIID;LC;;;RU)(A;CIID;RPWPCRCCLCLORCWOWDSDSW;;;BA)S:AI(OU;CIIOIDSA;WP;
+f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
+(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-
+00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5
+-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f
+80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)""".split())
+
+LITTLE_SD_SDDL = ''.join(
+    """O:S-1-5-21-3328325300-3937145445-4190589019-512G:S-1-5-2
+1-3328325300-3937145445-4190589019-512D:AI(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;S-
+1-5-21-3328325300-3937145445-4190589019-512)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;
+SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(O
+A;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU)(OA;;RP;46a9b11d-60ae-405a-b7e
+8-ff8a58d456d2;;S-1-5-32-560)(OA;CIIOID;RP;4c164200-20c0-11d0-a768-00aa006e05
+29;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIOID;RP;4c164200-20c0-11d0-a
+768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIOID;RP;5f2020
+10-79a5-11d0-9020-00c04fc2d4cf;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CI
+IOID;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa0030
+49e2;RU)(OA;CIIOID;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828cc14-1437-45bc
+-9b07-ad6f015e5f28;RU)(OA;CIIOID;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf96
+7aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIOID;RP;59ba2f42-79a2-11d0-9020-00c
+04fc2d3cf;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIOID;RP;59ba2f42-79a2
+-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIOID;RP
+;037088f8-0ae1-11d2-b422-00a0c968f939;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU
+)(OA;CIIOID;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-0
+0aa003049e2;RU)(OA;CIIOID;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0d
+e6-11d0-a285-00aa003049e2;ED)""".split())
+
+
+CONDITIONAL_ACE_SDDL = ('O:SYG:SYD:(XA;OICI;CR;;;WD;'
+                        '(@USER.ad://ext/AuthenticationSilo == "siloname"))')
+
+NON_OBJECT_SDDL = (
+    "O:S-1-5-21-2212615479-2695158682-2101375468-512"
+    "G:S-1-5-21-2212615479-2695158682-2101375468-513"
+    "D:P(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375468-512)"
+    "(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375468-519)"
+    "(A;OICIIO;FA;;;CO)"
+    "(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375468-512)"
+    "(A;OICI;FA;;;SY)"
+    "(A;OICI;0x1200a9;;;AU)"
+    "(A;OICI;0x1200a9;;;ED)")
+
+
+
+# set SCALE = 100 for normal test, or 1 for testing the test.
+SCALE = 100
+
+
+class UserTests(samba.tests.TestCase):
+
+    def get_file_blob(self, filename):
+        if filename.endswith('.gz'):
+            f = gzip.open(filename)
+        else:
+            f = open(filename)
+        return f.read()
+
+    def get_desc(self, sddl):
+        dummy_sid = security.dom_sid("S-1-2-3")
+        return security.descriptor.from_sddl(sddl, dummy_sid)
+
+    def get_blob(self, sddl):
+        return ndr_pack(self.get_desc(sddl))
+
+    def test_00_00_do_nothing(self, cycles=10000):
+        # this gives us an idea of the overhead
+        for i in range(SCALE * cycles):
+            pass
+
+    def _test_pack(self, unpacked, cycles=10000):
+        pack = unpacked.__ndr_pack__
+        for i in range(SCALE * cycles):
+            pack()
+
+    def _test_unpack(self, blob, cycles=10000, cls=security.descriptor):
+        for i in range(SCALE * cycles):
+            cls().__ndr_unpack__(blob)
+
+    def _test_pack_unpack(self, desc, cycles=5000, cls=security.descriptor):
+        blob2 = ndr_pack(desc)
+        for i in range(SCALE * cycles):
+            blob = ndr_pack(desc)
+            desc = ndr_unpack(cls, blob)
+
+        self.assertEqual(blob, blob2)
+
+    def test_pack_big_sd_with_object_aces(self):
+        unpacked = self.get_desc(BIG_SD_SDDL)
+        self._test_pack(unpacked)
+
+    def test_unpack_big_sd_with_object_aces(self):
+        blob = self.get_blob(BIG_SD_SDDL)
+        self._test_unpack(blob)
+
+    def test_pack_unpack_big_sd_with_object_aces(self):
+        unpacked = self.get_desc(BIG_SD_SDDL)
+        self._test_pack_unpack(unpacked)
+
+    def test_pack_little_sd_with_object_aces(self):
+        unpacked = self.get_desc(LITTLE_SD_SDDL)
+        self._test_pack(unpacked)
+
+    def test_unpack_little_sd_with_object_aces(self):
+        blob = self.get_blob(LITTLE_SD_SDDL)
+        self._test_unpack(blob)
+
+    def test_pack_unpack_little_sd_with_object_aces(self):
+        unpacked = self.get_desc(LITTLE_SD_SDDL)
+        self._test_pack_unpack(unpacked)
+
+    def test_pack_conditional_ace_sd(self):
+        unpacked = self.get_desc(CONDITIONAL_ACE_SDDL)
+        self._test_pack(unpacked)
+
+    def test_unpack_conditional_ace_sd(self):
+        blob = self.get_blob(CONDITIONAL_ACE_SDDL)
+        self._test_unpack(blob)
+
+    def test_pack_unpack_conditional_ace_sd(self):
+        unpacked = self.get_desc(CONDITIONAL_ACE_SDDL)
+        self._test_pack_unpack(unpacked)
+
+    def test_pack_non_object_sd(self):
+        unpacked = self.get_desc(NON_OBJECT_SDDL)
+        self._test_pack(unpacked)
+
+    def test_unpack_non_object_sd(self):
+        blob = self.get_blob(NON_OBJECT_SDDL)
+        self._test_unpack(blob)
+
+    def test_pack_unpack_non_object_sd(self):
+        unpacked = self.get_desc(NON_OBJECT_SDDL)
+        self._test_pack_unpack(unpacked)
+
+    def test_unpack_repl_sample(self):
+        blob = self.get_file_blob('testdata/replication-ndrpack-example.gz')
+        self._test_unpack(blob, cycles=20, cls=drsuapi.DsGetNCChangesCtr6)
+
+    def test_pack_repl_sample(self):
+        blob = self.get_file_blob('testdata/replication-ndrpack-example.gz')
+        desc = ndr_unpack(drsuapi.DsGetNCChangesCtr6, blob)
+        self._test_pack(desc, cycles=20)
+
+
+TestProgram(module=__name__)
diff --git a/source4/dsdb/tests/python/notification.py b/source4/dsdb/tests/python/notification.py
new file mode 100755
index 0000000..1124af1
--- /dev/null
+++ b/source4/dsdb/tests/python/notification.py
@@ -0,0 +1,367 @@
+#!/usr/bin/env python3
+#
+# Unit tests for the notification control
+# Copyright (C) Stefan Metzmacher 2016
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import optparse
+import sys
+import os
+
+sys.path.insert(0, "bin/python")
+import samba
+
+from samba.tests.subunitrun import SubunitOptions, TestProgram
+
+import samba.getopt as options
+
+from samba.auth import system_session
+from samba import ldb
+from samba.samdb import SamDB
+from samba.ndr import ndr_unpack
+import samba.tests
+
+from ldb import LdbError
+from ldb import ERR_TIME_LIMIT_EXCEEDED, ERR_ADMIN_LIMIT_EXCEEDED, ERR_UNWILLING_TO_PERFORM
+
+parser = optparse.OptionParser("notification.py [options] <host>")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+subunitopts = SubunitOptions(parser)
+parser.add_option_group(subunitopts)
+opts, args = parser.parse_args()
+
+if len(args) < 1:
+    parser.print_usage()
+    sys.exit(1)
+
+url = args[0]
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+
+
+class LDAPNotificationTest(samba.tests.TestCase):
+
+    def setUp(self):
+        super(LDAPNotificationTest, self).setUp()
+        self.ldb = SamDB(url, credentials=creds, session_info=system_session(lp), lp=lp)
+        self.base_dn = self.ldb.domain_dn()
+
+        res = self.ldb.search("", scope=ldb.SCOPE_BASE, attrs=["tokenGroups"])
+        self.assertEqual(len(res), 1)
+
+        self.user_sid_dn = "<SID=%s>" % str(ndr_unpack(samba.dcerpc.security.dom_sid, res[0]["tokenGroups"][0]))
+
+    def test_simple_search(self):
+        """Testing a notification with an modify and a timeout"""
+        if not url.startswith("ldap"):
+            self.fail(msg="This test is only valid on ldap")
+
+        msg1 = None
+        search1 = self.ldb.search_iterator(base=self.user_sid_dn,
+                                           expression="(objectClass=*)",
+                                           scope=ldb.SCOPE_SUBTREE,
+                                           attrs=["name", "objectGUID", "displayName"])
+        for reply in search1:
+            self.assertIsInstance(reply, ldb.Message)
+            self.assertIsNone(msg1)
+            msg1 = reply
+        res1 = search1.result()
+
+        search2 = self.ldb.search_iterator(base=self.base_dn,
+                                           expression="(objectClass=*)",
+                                           scope=ldb.SCOPE_SUBTREE,
+                                           attrs=["name", "objectGUID", "displayName"])
+        refs2 = 0
+        msg2 = None
+        for reply in search2:
+            if isinstance(reply, str):
+                refs2 += 1
+                continue
+            self.assertIsInstance(reply, ldb.Message)
+            if reply["objectGUID"][0] == msg1["objectGUID"][0]:
+                self.assertIsNone(msg2)
+                msg2 = reply
+                self.assertEqual(msg1.dn, msg2.dn)
+                self.assertEqual(len(msg1), len(msg2))
+                self.assertEqual(msg1["name"], msg2["name"])
+                #self.assertEqual(msg1["displayName"], msg2["displayName"])
+        res2 = search2.result()
+
+        self.ldb.modify_ldif("""
+dn: """ + self.user_sid_dn + """
+changetype: modify
+replace: otherLoginWorkstations
+otherLoginWorkstations: BEFORE"
+""")
+        notify1 = self.ldb.search_iterator(base=self.base_dn,
+                                           expression="(objectClass=*)",
+                                           scope=ldb.SCOPE_SUBTREE,
+                                           attrs=["name", "objectGUID", "displayName"],
+                                           controls=["notification:1"],
+                                           timeout=1)
+
+        self.ldb.modify_ldif("""
+dn: """ + self.user_sid_dn + """
+changetype: modify
+replace: otherLoginWorkstations
+otherLoginWorkstations: AFTER"
+""")
+
+        msg3 = None
+        for reply in notify1:
+            self.assertIsInstance(reply, ldb.Message)
+            if reply["objectGUID"][0] == msg1["objectGUID"][0]:
+                self.assertIsNone(msg3)
+                msg3 = reply
+                self.assertEqual(msg1.dn, msg3.dn)
+                self.assertEqual(len(msg1), len(msg3))
+                self.assertEqual(msg1["name"], msg3["name"])
+                #self.assertEqual(msg1["displayName"], msg3["displayName"])
+        try:
+            res = notify1.result()
+            self.fail()
+        except LdbError as e10:
+            (num, _) = e10.args
+            self.assertEqual(num, ERR_TIME_LIMIT_EXCEEDED)
+        self.assertIsNotNone(msg3)
+
+        self.ldb.modify_ldif("""
+dn: """ + self.user_sid_dn + """
+changetype: modify
+delete: otherLoginWorkstations
+""")
+
+    def test_max_search(self):
+        """Testing the max allowed notifications"""
+        if not url.startswith("ldap"):
+            self.fail(msg="This test is only valid on ldap")
+
+        max_notifications = 5
+
+        notifies = [None] * (max_notifications + 1)
+        for i in range(0, max_notifications + 1):
+            notifies[i] = self.ldb.search_iterator(base=self.base_dn,
+                                                   expression="(objectClass=*)",
+                                                   scope=ldb.SCOPE_SUBTREE,
+                                                   attrs=["name"],
+                                                   controls=["notification:1"],
+                                                   timeout=1)
+        num_admin_limit = 0
+        num_time_limit = 0
+        for i in range(0, max_notifications + 1):
+            try:
+                for msg in notifies[i]:
+                    continue
+                res = notifies[i].result()
+                self.fail()
+            except LdbError as e:
+                (num, _) = e.args
+                if num == ERR_ADMIN_LIMIT_EXCEEDED:
+                    num_admin_limit += 1
+                    continue
+                if num == ERR_TIME_LIMIT_EXCEEDED:
+                    num_time_limit += 1
+                    continue
+                raise
+        self.assertEqual(num_admin_limit, 1)
+        self.assertEqual(num_time_limit, max_notifications)
+
+    def test_invalid_filter(self):
+        """Testing invalid filters for notifications"""
+        if not url.startswith("ldap"):
+            self.fail(msg="This test is only valid on ldap")
+
+        valid_attrs = ["objectClass", "objectGUID", "distinguishedName", "name"]
+
+        for va in valid_attrs:
+            try:
+                hnd = self.ldb.search_iterator(base=self.base_dn,
+                                               expression="(%s=*)" % va,
+                                               scope=ldb.SCOPE_SUBTREE,
+                                               attrs=["name"],
+                                               controls=["notification:1"],
+                                               timeout=1)
+                for reply in hnd:
+                    self.fail()
+                res = hnd.result()
+                self.fail()
+            except LdbError as e1:
+                (num, _) = e1.args
+                self.assertEqual(num, ERR_TIME_LIMIT_EXCEEDED)
+
+            try:
+                hnd = self.ldb.search_iterator(base=self.base_dn,
+                                               expression="(|(%s=*)(%s=value))" % (va, va),
+                                               scope=ldb.SCOPE_SUBTREE,
+                                               attrs=["name"],
+                                               controls=["notification:1"],
+                                               timeout=1)
+                for reply in hnd:
+                    self.fail()
+                res = hnd.result()
+                self.fail()
+            except LdbError as e2:
+                (num, _) = e2.args
+                self.assertEqual(num, ERR_TIME_LIMIT_EXCEEDED)
+
+            try:
+                hnd = self.ldb.search_iterator(base=self.base_dn,
+                                               expression="(&(%s=*)(%s=value))" % (va, va),
+                                               scope=ldb.SCOPE_SUBTREE,
+                                               attrs=["name"],
+                                               controls=["notification:1"],
+                                               timeout=0)
+                for reply in hnd:
+                    self.fail()
+                res = hnd.result()
+                self.fail()
+            except LdbError as e3:
+                (num, _) = e3.args
+                self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+            try:
+                hnd = self.ldb.search_iterator(base=self.base_dn,
+                                               expression="(%s=value)" % va,
+                                               scope=ldb.SCOPE_SUBTREE,
+                                               attrs=["name"],
+                                               controls=["notification:1"],
+                                               timeout=0)
+                for reply in hnd:
+                    self.fail()
+                res = hnd.result()
+                self.fail()
+            except LdbError as e4:
+                (num, _) = e4.args
+                self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+            try:
+                hnd = self.ldb.search_iterator(base=self.base_dn,
+                                               expression="(%s>=value)" % va,
+                                               scope=ldb.SCOPE_SUBTREE,
+                                               attrs=["name"],
+                                               controls=["notification:1"],
+                                               timeout=0)
+                for reply in hnd:
+                    self.fail()
+                res = hnd.result()
+                self.fail()
+            except LdbError as e5:
+                (num, _) = e5.args
+                self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+            try:
+                hnd = self.ldb.search_iterator(base=self.base_dn,
+                                               expression="(%s<=value)" % va,
+                                               scope=ldb.SCOPE_SUBTREE,
+                                               attrs=["name"],
+                                               controls=["notification:1"],
+                                               timeout=0)
+                for reply in hnd:
+                    self.fail()
+                res = hnd.result()
+                self.fail()
+            except LdbError as e6:
+                (num, _) = e6.args
+                self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+            try:
+                hnd = self.ldb.search_iterator(base=self.base_dn,
+                                               expression="(%s=*value*)" % va,
+                                               scope=ldb.SCOPE_SUBTREE,
+                                               attrs=["name"],
+                                               controls=["notification:1"],
+                                               timeout=0)
+                for reply in hnd:
+                    self.fail()
+                res = hnd.result()
+                self.fail()
+            except LdbError as e7:
+                (num, _) = e7.args
+                self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+            try:
+                hnd = self.ldb.search_iterator(base=self.base_dn,
+                                               expression="(!(%s=*))" % va,
+                                               scope=ldb.SCOPE_SUBTREE,
+                                               attrs=["name"],
+                                               controls=["notification:1"],
+                                               timeout=0)
+                for reply in hnd:
+                    self.fail()
+                res = hnd.result()
+                self.fail()
+            except LdbError as e8:
+                (num, _) = e8.args
+                self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        res = self.ldb.search(base=self.ldb.get_schema_basedn(),
+                              expression="(objectClass=attributeSchema)",
+                              scope=ldb.SCOPE_ONELEVEL,
+                              attrs=["lDAPDisplayName"],
+                              controls=["paged_results:1:2500"])
+        for msg in res:
+            va = str(msg["lDAPDisplayName"][0])
+            if va in valid_attrs:
+                continue
+
+            try:
+                hnd = self.ldb.search_iterator(base=self.base_dn,
+                                               expression="(%s=*)" % va,
+                                               scope=ldb.SCOPE_SUBTREE,
+                                               attrs=["name"],
+                                               controls=["notification:1"],
+                                               timeout=0)
+                for reply in hnd:
+                    self.fail()
+                res = hnd.result()
+                self.fail()
+            except LdbError as e9:
+                (num, _) = e9.args
+                if num != ERR_UNWILLING_TO_PERFORM:
+                    print("va[%s]" % va)
+                self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        try:
+            va = "noneAttributeName"
+            hnd = self.ldb.search_iterator(base=self.base_dn,
+                                           expression="(%s=*)" % va,
+                                           scope=ldb.SCOPE_SUBTREE,
+                                           attrs=["name"],
+                                           controls=["notification:1"],
+                                           timeout=0)
+            for reply in hnd:
+                self.fail()
+            res = hnd.result()
+            self.fail()
+        except LdbError as e11:
+            (num, _) = e11.args
+            if num != ERR_UNWILLING_TO_PERFORM:
+                print("va[%s]" % va)
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+
+if "://" not in url:
+    if os.path.isfile(url):
+        url = "tdb://%s" % url
+    else:
+        url = "ldap://%s" % url
+
+TestProgram(module=__name__, opts=subunitopts)
diff --git a/source4/dsdb/tests/python/password_lockout.py b/source4/dsdb/tests/python/password_lockout.py
new file mode 100755
index 0000000..78edcce
--- /dev/null
+++ b/source4/dsdb/tests/python/password_lockout.py
@@ -0,0 +1,1704 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+# This tests the password lockout behavior for AD implementations
+#
+# Copyright Matthias Dieter Wallnoefer 2010
+# Copyright Andrew Bartlett 2013
+# Copyright Stefan Metzmacher 2014
+#
+
+import optparse
+import sys
+import base64
+import time
+
+sys.path.insert(0, "bin/python")
+import samba
+
+from samba.tests.subunitrun import TestProgram, SubunitOptions
+from samba.netcmd.main import samba_tool
+
+import samba.getopt as options
+
+from samba.auth import system_session
+from samba.credentials import DONT_USE_KERBEROS, MUST_USE_KERBEROS
+from ldb import SCOPE_BASE, LdbError
+from ldb import ERR_CONSTRAINT_VIOLATION
+from ldb import ERR_INVALID_CREDENTIALS
+from ldb import Message, MessageElement, Dn
+from ldb import FLAG_MOD_REPLACE
+from samba import dsdb
+from samba.samdb import SamDB
+from samba.tests import delete_force
+from samba.dcerpc import security, samr
+from samba.tests.pso import PasswordSettings
+from samba.net import Net
+from samba import NTSTATUSError, ntstatus
+import ctypes
+
+parser = optparse.OptionParser("password_lockout.py [options] <host>")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+subunitopts = SubunitOptions(parser)
+parser.add_option_group(subunitopts)
+opts, args = parser.parse_args()
+
+if len(args) < 1:
+    parser.print_usage()
+    sys.exit(1)
+
+host = args[0]
+
+lp = sambaopts.get_loadparm()
+global_creds = credopts.get_credentials(lp)
+
+import password_lockout_base
+
+#
+# Tests start here
+#
+
+
+class PasswordTests(password_lockout_base.BasePasswordTestCase):
+    def setUp(self):
+        self.host = host
+        self.host_url = "ldap://%s" % host
+        self.host_url_ldaps = "ldaps://%s" % host
+        self.lp = lp
+        self.global_creds = global_creds
+        self.ldb = SamDB(url=self.host_url, session_info=system_session(self.lp),
+                         credentials=self.global_creds, lp=self.lp)
+        super(PasswordTests, self).setUp()
+
+        self.lockout2krb5_creds = self.insta_creds(self.template_creds,
+                                                   username="lockout2krb5",
+                                                   userpass="thatsAcomplPASS0",
+                                                   kerberos_state=MUST_USE_KERBEROS)
+        self._readd_user(self.lockout2krb5_creds,
+                         lockOutObservationWindow=self.lockout_observation_window)
+        self.lockout2krb5_ldb = SamDB(url=self.host_url,
+                                      credentials=self.lockout2krb5_creds,
+                                      lp=lp)
+
+        self.lockout2ntlm_creds = self.insta_creds(self.template_creds,
+                                                   username="lockout2ntlm",
+                                                   userpass="thatsAcomplPASS0",
+                                                   kerberos_state=DONT_USE_KERBEROS)
+        self._readd_user(self.lockout2ntlm_creds,
+                         lockOutObservationWindow=self.lockout_observation_window)
+        self.lockout2ntlm_ldb = SamDB(url=self.host_url,
+                                      credentials=self.lockout2ntlm_creds,
+                                      lp=lp)
+
+
+    def use_pso_lockout_settings(self, creds):
+
+        # create a PSO with the lockout settings the test cases normally expect
+        #
+        # Some test cases sleep() for self.account_lockout_duration
+        pso = PasswordSettings("lockout-PSO", self.ldb, lockout_attempts=3,
+                               lockout_duration=self.account_lockout_duration)
+        self.addCleanup(self.ldb.delete, pso.dn)
+
+        userdn = "cn=%s,cn=users,%s" % (creds.get_username(), self.base_dn)
+        pso.apply_to(userdn)
+
+        # update the global lockout settings to be wildly different to what
+        # the test cases normally expect
+        self.update_lockout_settings(threshold=10, duration=600,
+                                     observation_window=600)
+
+    def _reset_samr(self, res):
+
+        # Now reset the lockout, by removing ACB_AUTOLOCK (which removes the lock, despite being a generated attribute)
+        samr_user = self._open_samr_user(res)
+        acb_info = self.samr.QueryUserInfo(samr_user, 16)
+        acb_info.acct_flags &= ~samr.ACB_AUTOLOCK
+        self.samr.SetUserInfo(samr_user, 16, acb_info)
+        self.samr.Close(samr_user)
+
+
+class PasswordTestsWithoutSleep(PasswordTests):
+    def setUp(self):
+        # The tests in this class do not sleep, so we can have a
+        # longer window and not flap on slower hosts
+        self.account_lockout_duration = 30
+        self.lockout_observation_window = 30
+        super(PasswordTestsWithoutSleep, self).setUp()
+
+    def _reset_ldap_lockoutTime(self, res):
+        self.ldb.modify_ldif("""
+dn: """ + str(res[0].dn) + """
+changetype: modify
+replace: lockoutTime
+lockoutTime: 0
+""")
+
+    def _reset_samba_tool(self, res):
+        username = res[0]["sAMAccountName"][0]
+
+        result = samba_tool('user', 'unlock', username,
+                            "-H%s" % self.host_url,
+                            "-U%s%%%s" % (global_creds.get_username(),
+                                          global_creds.get_password()))
+        self.assertEqual(result, None)
+
+    def _reset_ldap_userAccountControl(self, res):
+        self.assertIn("userAccountControl", res[0])
+        self.assertIn("msDS-User-Account-Control-Computed", res[0])
+
+        uac = int(res[0]["userAccountControl"][0])
+        uacc = int(res[0]["msDS-User-Account-Control-Computed"][0])
+
+        uac |= uacc
+        uac = uac & ~dsdb.UF_LOCKOUT
+
+        self.ldb.modify_ldif("""
+dn: """ + str(res[0].dn) + """
+changetype: modify
+replace: userAccountControl
+userAccountControl: %d
+""" % uac)
+
+    def _reset_by_method(self, res, method):
+        if method == "ldap_userAccountControl":
+            self._reset_ldap_userAccountControl(res)
+        elif method == "ldap_lockoutTime":
+            self._reset_ldap_lockoutTime(res)
+        elif method == "samr":
+            self._reset_samr(res)
+        elif method == "samba-tool":
+            self._reset_samba_tool(res)
+        else:
+            self.fail("Invalid reset method[%s]" % method)
+
+    def _test_userPassword_lockout_with_clear_change(self, creds, other_ldb, method,
+                                                     initial_lastlogon_relation=None):
+        """
+        Tests user lockout behaviour when we try to change the user's password
+        but specify an incorrect old-password. The method parameter specifies
+        how to reset the locked out account (e.g. by resetting lockoutTime)
+        """
+        # Notice: This works only against Windows if "dSHeuristics" has been set
+        # properly
+        username = creds.get_username()
+        userpass = creds.get_password()
+        userdn = "cn=%s,cn=users,%s" % (username, self.base_dn)
+
+        use_kerberos = creds.get_kerberos_state()
+        if use_kerberos == MUST_USE_KERBEROS:
+            logoncount_relation = 'greater'
+            lastlogon_relation = 'greater'
+            self.debug("Performs a password cleartext change operation on 'userPassword' using Kerberos")
+        else:
+            logoncount_relation = 'equal'
+            lastlogon_relation = 'equal'
+            self.debug("Performs a password cleartext change operation on 'userPassword' using NTLMSSP")
+
+        if initial_lastlogon_relation is not None:
+            lastlogon_relation = initial_lastlogon_relation
+
+        res = self._check_account(userdn,
+                                  badPwdCount=0,
+                                  badPasswordTime=("greater", 0),
+                                  logonCount=(logoncount_relation, 0),
+                                  lastLogon=(lastlogon_relation, 0),
+                                  lastLogonTimestamp=('greater', 0),
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+        badPasswordTime = int(res[0]["badPasswordTime"][0])
+        logonCount = int(res[0]["logonCount"][0])
+        lastLogon = int(res[0]["lastLogon"][0])
+        lastLogonTimestamp = int(res[0]["lastLogonTimestamp"][0])
+        if lastlogon_relation == 'greater':
+            self.assertGreater(lastLogon, badPasswordTime)
+            self.assertGreaterEqual(lastLogon, lastLogonTimestamp)
+
+        # Change password on a connection as another user
+
+        # Wrong old password
+        try:
+            other_ldb.modify_ldif("""
+dn: """ + userdn + """
+changetype: modify
+delete: userPassword
+userPassword: thatsAcomplPASS1x
+add: userPassword
+userPassword: thatsAcomplPASS2
+""")
+            self.fail()
+        except LdbError as e:
+            (num, msg) = e.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+            self.assertIn('00000056', msg)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=1,
+                                  badPasswordTime=("greater", badPasswordTime),
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+        badPasswordTime = int(res[0]["badPasswordTime"][0])
+
+        # Correct old password
+        other_ldb.modify_ldif("""
+dn: """ + userdn + """
+changetype: modify
+delete: userPassword
+userPassword: """ + userpass + """
+add: userPassword
+userPassword: thatsAcomplPASS2
+""")
+
+        res = self._check_account(userdn,
+                                  badPwdCount=1,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+
+        # Wrong old password
+        try:
+            other_ldb.modify_ldif("""
+dn: """ + userdn + """
+changetype: modify
+delete: userPassword
+userPassword: thatsAcomplPASS1x
+add: userPassword
+userPassword: thatsAcomplPASS2
+""")
+            self.fail()
+        except LdbError as e1:
+            (num, msg) = e1.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+            self.assertIn('00000056', msg)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=2,
+                                  badPasswordTime=("greater", badPasswordTime),
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+        badPasswordTime = int(res[0]["badPasswordTime"][0])
+
+        self.debug("two failed password change")
+
+        # Wrong old password
+        try:
+            other_ldb.modify_ldif("""
+dn: """ + userdn + """
+changetype: modify
+delete: userPassword
+userPassword: thatsAcomplPASS1x
+add: userPassword
+userPassword: thatsAcomplPASS2
+""")
+            self.fail()
+        except LdbError as e2:
+            (num, msg) = e2.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+            self.assertIn('00000056', msg)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=3,
+                                  badPasswordTime=("greater", badPasswordTime),
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  lockoutTime=("greater", badPasswordTime),
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=dsdb.UF_LOCKOUT)
+        badPasswordTime = int(res[0]["badPasswordTime"][0])
+        lockoutTime = int(res[0]["lockoutTime"][0])
+
+        # Wrong old password
+        try:
+            other_ldb.modify_ldif("""
+dn: """ + userdn + """
+changetype: modify
+delete: userPassword
+userPassword: thatsAcomplPASS1x
+add: userPassword
+userPassword: thatsAcomplPASS2
+""")
+            self.fail()
+        except LdbError as e3:
+            (num, msg) = e3.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+            self.assertIn('00000775', msg)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=3,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  lockoutTime=lockoutTime,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=dsdb.UF_LOCKOUT)
+
+        # Wrong old password
+        try:
+            other_ldb.modify_ldif("""
+dn: """ + userdn + """
+changetype: modify
+delete: userPassword
+userPassword: thatsAcomplPASS1x
+add: userPassword
+userPassword: thatsAcomplPASS2
+""")
+            self.fail()
+        except LdbError as e4:
+            (num, msg) = e4.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+            self.assertIn('00000775', msg)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=3,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=logonCount,
+                                  lockoutTime=lockoutTime,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=dsdb.UF_LOCKOUT)
+
+        try:
+            # Correct old password
+            other_ldb.modify_ldif("""
+dn: """ + userdn + """
+changetype: modify
+delete: userPassword
+userPassword: thatsAcomplPASS2
+add: userPassword
+userPassword: thatsAcomplPASS2x
+""")
+            self.fail()
+        except LdbError as e5:
+            (num, msg) = e5.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+            self.assertIn('00000775', msg)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=3,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  lockoutTime=lockoutTime,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=dsdb.UF_LOCKOUT)
+
+        # Now reset the password, which does NOT change the lockout!
+        self.ldb.modify_ldif("""
+dn: """ + userdn + """
+changetype: modify
+replace: userPassword
+userPassword: thatsAcomplPASS2
+""")
+
+        res = self._check_account(userdn,
+                                  badPwdCount=3,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  lockoutTime=lockoutTime,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=dsdb.UF_LOCKOUT)
+
+        try:
+            # Correct old password
+            other_ldb.modify_ldif("""
+dn: """ + userdn + """
+changetype: modify
+delete: userPassword
+userPassword: thatsAcomplPASS2
+add: userPassword
+userPassword: thatsAcomplPASS2x
+""")
+            self.fail()
+        except LdbError as e6:
+            (num, msg) = e6.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+            self.assertIn('00000775', msg)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=3,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  lockoutTime=lockoutTime,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=dsdb.UF_LOCKOUT)
+
+        m = Message()
+        m.dn = Dn(self.ldb, userdn)
+        m["userAccountControl"] = MessageElement(
+            str(dsdb.UF_LOCKOUT),
+          FLAG_MOD_REPLACE, "userAccountControl")
+
+        self.ldb.modify(m)
+
+        # This shows that setting the UF_LOCKOUT flag alone makes no difference
+        res = self._check_account(userdn,
+                                  badPwdCount=3,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  lockoutTime=lockoutTime,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=dsdb.UF_LOCKOUT)
+
+        # This shows that setting the UF_LOCKOUT flag makes no difference
+        try:
+            # Correct old password
+            other_ldb.modify_ldif("""
+dn: """ + userdn + """
+changetype: modify
+delete: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS2\"".encode('utf-16-le')).decode('utf8') + """
+add: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS2x\"".encode('utf-16-le')).decode('utf8') + """
+""")
+            self.fail()
+        except LdbError as e7:
+            (num, msg) = e7.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+            self.assertIn('00000775', msg)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=3,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=logonCount,
+                                  lockoutTime=lockoutTime,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=dsdb.UF_LOCKOUT)
+
+        self._reset_by_method(res, method)
+
+        # Here bad password counts are reset without logon success.
+        res = self._check_account(userdn,
+                                  badPwdCount=0,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=logonCount,
+                                  lockoutTime=0,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+
+        # The correct password after doing the unlock
+
+        other_ldb.modify_ldif("""
+dn: """ + userdn + """
+changetype: modify
+delete: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS2\"".encode('utf-16-le')).decode('utf8') + """
+add: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS2x\"".encode('utf-16-le')).decode('utf8') + """
+""")
+        userpass = "thatsAcomplPASS2x"
+        creds.set_password(userpass)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=0,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=logonCount,
+                                  lockoutTime=0,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+
+        # Wrong old password
+        try:
+            other_ldb.modify_ldif("""
+dn: """ + userdn + """
+changetype: modify
+delete: userPassword
+userPassword: thatsAcomplPASS1xyz
+add: userPassword
+userPassword: thatsAcomplPASS2XYZ
+""")
+            self.fail()
+        except LdbError as e8:
+            (num, msg) = e8.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+            self.assertIn('00000056', msg)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=1,
+                                  badPasswordTime=("greater", badPasswordTime),
+                                  logonCount=logonCount,
+                                  lockoutTime=0,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+        badPasswordTime = int(res[0]["badPasswordTime"][0])
+
+        # Wrong old password
+        try:
+            other_ldb.modify_ldif("""
+dn: """ + userdn + """
+changetype: modify
+delete: userPassword
+userPassword: thatsAcomplPASS1xyz
+add: userPassword
+userPassword: thatsAcomplPASS2XYZ
+""")
+            self.fail()
+        except LdbError as e9:
+            (num, msg) = e9.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+            self.assertIn('00000056', msg)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=2,
+                                  badPasswordTime=("greater", badPasswordTime),
+                                  logonCount=logonCount,
+                                  lockoutTime=0,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+        badPasswordTime = int(res[0]["badPasswordTime"][0])
+
+        self._reset_ldap_lockoutTime(res)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=0,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  lockoutTime=0,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+
+    # The following test lockout behaviour when modifying a user's password
+    # and specifying an invalid old password. There are variants for both
+    # NTLM and kerberos user authentication. As well as that, there are 3 ways
+    # to reset the locked out account: by clearing the lockout bit for
+    # userAccountControl (via LDAP), resetting it via SAMR, and by resetting
+    # the lockoutTime.
+    def test_userPassword_lockout_with_clear_change_krb5_ldap_userAccountControl(self):
+        self._test_userPassword_lockout_with_clear_change(self.lockout1krb5_creds,
+                                                          self.lockout2krb5_ldb,
+                                                          "ldap_userAccountControl")
+
+    def test_userPassword_lockout_with_clear_change_krb5_ldap_lockoutTime(self):
+        self._test_userPassword_lockout_with_clear_change(self.lockout1krb5_creds,
+                                                          self.lockout2krb5_ldb,
+                                                          "ldap_lockoutTime")
+
+    def test_userPassword_lockout_with_clear_change_krb5_samr(self):
+        self._test_userPassword_lockout_with_clear_change(self.lockout1krb5_creds,
+                                                          self.lockout2krb5_ldb,
+                                                          "samr")
+
+    def test_userPassword_lockout_with_clear_change_ntlm_ldap_userAccountControl(self):
+        self._test_userPassword_lockout_with_clear_change(self.lockout1ntlm_creds,
+                                                          self.lockout2ntlm_ldb,
+                                                          "ldap_userAccountControl",
+                                                          initial_lastlogon_relation='greater')
+
+    def test_userPassword_lockout_with_clear_change_ntlm_ldap_lockoutTime(self):
+        self._test_userPassword_lockout_with_clear_change(self.lockout1ntlm_creds,
+                                                          self.lockout2ntlm_ldb,
+                                                          "ldap_lockoutTime",
+                                                          initial_lastlogon_relation='greater')
+
+    def test_userPassword_lockout_with_clear_change_ntlm_samr(self):
+        self._test_userPassword_lockout_with_clear_change(self.lockout1ntlm_creds,
+                                                          self.lockout2ntlm_ldb,
+                                                          "samr",
+                                                          initial_lastlogon_relation='greater')
+
+    # For PSOs, just test a selection of the above combinations
+    def test_pso_userPassword_lockout_with_clear_change_krb5_ldap_userAccountControl(self):
+        self.use_pso_lockout_settings(self.lockout1krb5_creds)
+        self._test_userPassword_lockout_with_clear_change(self.lockout1krb5_creds,
+                                                          self.lockout2krb5_ldb,
+                                                          "ldap_userAccountControl")
+
+    def test_pso_userPassword_lockout_with_clear_change_ntlm_ldap_lockoutTime(self):
+        self.use_pso_lockout_settings(self.lockout1ntlm_creds)
+        self._test_userPassword_lockout_with_clear_change(self.lockout1ntlm_creds,
+                                                          self.lockout2ntlm_ldb,
+                                                          "ldap_lockoutTime",
+                                                          initial_lastlogon_relation='greater')
+
+    def test_pso_userPassword_lockout_with_clear_change_ntlm_samr(self):
+        self.use_pso_lockout_settings(self.lockout1ntlm_creds)
+        self._test_userPassword_lockout_with_clear_change(self.lockout1ntlm_creds,
+                                                          self.lockout2ntlm_ldb,
+                                                          "samr",
+                                                          initial_lastlogon_relation='greater')
+
+    # just test "samba-tool user unlock" command once
+    def test_userPassword_lockout_with_clear_change_krb5_ldap_samba_tool(self):
+        self._test_userPassword_lockout_with_clear_change(self.lockout1krb5_creds,
+                                                          self.lockout2krb5_ldb,
+                                                          "samba-tool")
+
+    def test_multiple_logon_krb5(self):
+        self._test_multiple_logon(self.lockout1krb5_creds)
+
+    def test_multiple_logon_ntlm(self):
+        self._test_multiple_logon(self.lockout1ntlm_creds)
+
+    def _test_samr_password_change(self, creds, other_creds, lockout_threshold=3):
+        """Tests user lockout by using bad password in SAMR password_change"""
+
+        # create a connection for SAMR using another user's credentials
+        lp = self.get_loadparm()
+        net = Net(other_creds, lp, server=self.host)
+
+        # work out the initial account values for this user
+        username = creds.get_username()
+        userdn = "cn=%s,cn=users,%s" % (username, self.base_dn)
+        res = self._check_account(userdn,
+                                  badPwdCount=0,
+                                  badPasswordTime=("greater", 0),
+                                  badPwdCountOnly=True)
+        badPasswordTime = int(res[0]["badPasswordTime"][0])
+        logonCount = int(res[0]["logonCount"][0])
+        lastLogon = int(res[0]["lastLogon"][0])
+        lastLogonTimestamp = int(res[0]["lastLogonTimestamp"][0])
+
+        # prove we can change the user password (using the correct password)
+        new_password = "thatsAcomplPASS2"
+        net.change_password(newpassword=new_password,
+                            username=username,
+                            oldpassword=creds.get_password())
+        creds.set_password(new_password)
+
+        # try entering 'x' many bad passwords in a row to lock the user out
+        new_password = "thatsAcomplPASS3"
+        for i in range(lockout_threshold):
+            badPwdCount = i + 1
+            try:
+                self.debug("Trying bad password, attempt #%u" % badPwdCount)
+                net.change_password(newpassword=new_password,
+                                    username=creds.get_username(),
+                                    oldpassword="bad-password")
+                self.fail("Invalid SAMR change_password accepted")
+            except NTSTATUSError as e:
+                enum = ctypes.c_uint32(e.args[0]).value
+                self.assertEqual(enum, ntstatus.NT_STATUS_WRONG_PASSWORD)
+
+            # check the status of the account is updated after each bad attempt
+            account_flags = 0
+            lockoutTime = None
+            if badPwdCount >= lockout_threshold:
+                account_flags = dsdb.UF_LOCKOUT
+                lockoutTime = ("greater", badPasswordTime)
+
+            res = self._check_account(userdn,
+                                      badPwdCount=badPwdCount,
+                                      badPasswordTime=("greater", badPasswordTime),
+                                      logonCount=logonCount,
+                                      lastLogon=lastLogon,
+                                      lastLogonTimestamp=lastLogonTimestamp,
+                                      lockoutTime=lockoutTime,
+                                      userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                      msDSUserAccountControlComputed=account_flags)
+            badPasswordTime = int(res[0]["badPasswordTime"][0])
+
+        # the user is now locked out
+        lockoutTime = int(res[0]["lockoutTime"][0])
+
+        # check the user remains locked out regardless of whether they use a
+        # good or a bad password now
+        for password in (creds.get_password(), "bad-password"):
+            try:
+                self.debug("Trying password %s" % password)
+                net.change_password(newpassword=new_password,
+                                    username=creds.get_username(),
+                                    oldpassword=password)
+                self.fail("Invalid SAMR change_password accepted")
+            except NTSTATUSError as e:
+                enum = ctypes.c_uint32(e.args[0]).value
+                self.assertEqual(enum, ntstatus.NT_STATUS_ACCOUNT_LOCKED_OUT)
+
+            res = self._check_account(userdn,
+                                      badPwdCount=lockout_threshold,
+                                      badPasswordTime=badPasswordTime,
+                                      logonCount=logonCount,
+                                      lastLogon=lastLogon,
+                                      lastLogonTimestamp=lastLogonTimestamp,
+                                      lockoutTime=lockoutTime,
+                                      userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                      msDSUserAccountControlComputed=dsdb.UF_LOCKOUT)
+
+        # reset the user account lockout
+        self._reset_samr(res)
+
+        # check bad password counts are reset
+        res = self._check_account(userdn,
+                                  badPwdCount=0,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=logonCount,
+                                  lockoutTime=0,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+
+        # check we can change the user password successfully now
+        net.change_password(newpassword=new_password,
+                            username=username,
+                            oldpassword=creds.get_password())
+        creds.set_password(new_password)
+
+    def test_samr_change_password(self):
+        self._test_samr_password_change(self.lockout1ntlm_creds,
+                                        other_creds=self.lockout2ntlm_creds)
+
+    # same as above, but use a PSO to enforce the lockout
+    def test_pso_samr_change_password(self):
+        self.use_pso_lockout_settings(self.lockout1ntlm_creds)
+        self._test_samr_password_change(self.lockout1ntlm_creds,
+                                        other_creds=self.lockout2ntlm_creds)
+
+    def test_ntlm_lockout_protected(self):
+        creds = self.lockout1ntlm_creds
+        self.assertEqual(DONT_USE_KERBEROS, creds.get_kerberos_state())
+
+        # Work out the initial account values for this user.
+        username = creds.get_username()
+        userdn = f'cn={username},cn=users,{self.base_dn}'
+        res = self._check_account(userdn,
+                                  badPwdCount=0,
+                                  badPasswordTime=('greater', 0),
+                                  badPwdCountOnly=True)
+        badPasswordTime = int(res[0]['badPasswordTime'][0])
+        logonCount = int(res[0]['logonCount'][0])
+        lastLogon = int(res[0]['lastLogon'][0])
+        lastLogonTimestamp = int(res[0]['lastLogonTimestamp'][0])
+
+        # Add the user to the Protected Users group.
+
+        # Search for the Protected Users group.
+        group_dn = Dn(self.ldb,
+                      f'<SID={self.ldb.get_domain_sid()}-'
+                      f'{security.DOMAIN_RID_PROTECTED_USERS}>')
+        try:
+            group_res = self.ldb.search(base=group_dn,
+                                        scope=SCOPE_BASE,
+                                        attrs=['member'])
+        except LdbError as err:
+            self.fail(err)
+
+        orig_msg = group_res[0]
+
+        # Add the user to the list of members.
+        members = list(orig_msg.get('member', ()))
+        self.assertNotIn(userdn, members, 'account already in Protected Users')
+        members.append(userdn)
+
+        m = Message(group_dn)
+        m['member'] = MessageElement(members,
+                                     FLAG_MOD_REPLACE,
+                                     'member')
+        cleanup = self.ldb.msg_diff(m, orig_msg)
+        self.ldb.modify(m)
+
+        password = creds.get_password()
+        creds.set_password('wrong_password')
+
+        lockout_threshold = 5
+
+        lp = self.get_loadparm()
+        server = f'ldap://{self.ldb.host_dns_name()}'
+
+        for _ in range(lockout_threshold):
+            with self.assertRaises(LdbError) as err:
+                SamDB(url=server,
+                      credentials=creds,
+                      lp=lp)
+
+            num, _ = err.exception.args
+            self.assertEqual(ERR_INVALID_CREDENTIALS, num)
+
+            res = self._check_account(
+                userdn,
+                badPwdCount=0,
+                badPasswordTime=badPasswordTime,
+                logonCount=logonCount,
+                lastLogon=lastLogon,
+                lastLogonTimestamp=lastLogonTimestamp,
+                lockoutTime=None,
+                userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                msDSUserAccountControlComputed=0)
+
+        # The user should not be locked out.
+        self.assertNotIn('lockoutTime', res[0],
+                         'account unexpectedly locked out')
+
+        # Move the account out of 'Protected Users'.
+        self.ldb.modify(cleanup)
+
+        # The account should not be locked out.
+        creds.set_password(password)
+
+        try:
+            SamDB(url=server,
+                  credentials=creds,
+                  lp=lp)
+        except LdbError:
+            self.fail('account unexpectedly locked out')
+
+    def test_samr_change_password_protected(self):
+        """Tests the SAMR password change method for Protected Users"""
+
+        creds = self.lockout1ntlm_creds
+        other_creds = self.lockout2ntlm_creds
+        lockout_threshold = 5
+
+        # Create a connection for SAMR using another user's credentials.
+        lp = self.get_loadparm()
+        net = Net(other_creds, lp, server=self.host)
+
+        # Work out the initial account values for this user.
+        username = creds.get_username()
+        userdn = f'cn={username},cn=users,{self.base_dn}'
+        res = self._check_account(userdn,
+                                  badPwdCount=0,
+                                  badPasswordTime=('greater', 0),
+                                  badPwdCountOnly=True)
+        badPasswordTime = int(res[0]['badPasswordTime'][0])
+        logonCount = int(res[0]['logonCount'][0])
+        lastLogon = int(res[0]['lastLogon'][0])
+        lastLogonTimestamp = int(res[0]['lastLogonTimestamp'][0])
+
+        # prove we can change the user password (using the correct password)
+        new_password = 'thatsAcomplPASS1'
+        net.change_password(newpassword=new_password,
+                            username=username,
+                            oldpassword=creds.get_password())
+        creds.set_password(new_password)
+
+        # Add the user to the Protected Users group.
+
+        # Search for the Protected Users group.
+        group_dn = Dn(self.ldb,
+                      f'<SID={self.ldb.get_domain_sid()}-'
+                      f'{security.DOMAIN_RID_PROTECTED_USERS}>')
+        try:
+            group_res = self.ldb.search(base=group_dn,
+                                        scope=SCOPE_BASE,
+                                        attrs=['member'])
+        except LdbError as err:
+            self.fail(err)
+
+        orig_msg = group_res[0]
+
+        # Add the user to the list of members.
+        members = list(orig_msg.get('member', ()))
+        self.assertNotIn(userdn, members, 'account already in Protected Users')
+        members.append(userdn)
+
+        m = Message(group_dn)
+        m['member'] = MessageElement(members,
+                                     FLAG_MOD_REPLACE,
+                                     'member')
+        self.ldb.modify(m)
+
+        # Try entering the correct password 'x' times in a row, which should
+        # fail, but not lock the user out.
+        new_password = 'thatsAcomplPASS2'
+        for i in range(lockout_threshold):
+            with self.assertRaises(
+                    NTSTATUSError,
+                    msg='Invalid SAMR change_password accepted') as err:
+                self.debug(f'Trying correct password, attempt #{i}')
+                net.change_password(newpassword=new_password,
+                                    username=username,
+                                    oldpassword=creds.get_password())
+
+            enum = ctypes.c_uint32(err.exception.args[0]).value
+            self.assertEqual(enum, ntstatus.NT_STATUS_ACCOUNT_RESTRICTION)
+
+            res = self._check_account(
+                userdn,
+                badPwdCount=0,
+                badPasswordTime=badPasswordTime,
+                logonCount=logonCount,
+                lastLogon=lastLogon,
+                lastLogonTimestamp=lastLogonTimestamp,
+                lockoutTime=None,
+                userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                msDSUserAccountControlComputed=0)
+
+        # The user should not be locked out.
+        self.assertNotIn('lockoutTime', res[0])
+
+        # Ensure that the password can still be changed via LDAP.
+        self.ldb.modify_ldif(f'''
+dn: {userdn}
+changetype: modify
+delete: userPassword
+userPassword: {creds.get_password()}
+add: userPassword
+userPassword: {new_password}
+''')
+
+    def test_samr_set_password_protected(self):
+        """Tests the SAMR password set method for Protected Users"""
+
+        creds = self.lockout1ntlm_creds
+        lockout_threshold = 5
+
+        # create a connection for SAMR using another user's credentials
+        lp = self.get_loadparm()
+        net = Net(self.global_creds, lp, server=self.host)
+
+        # work out the initial account values for this user
+        username = creds.get_username()
+        userdn = f'cn={username},cn=users,{self.base_dn}'
+        res = self._check_account(userdn,
+                                  badPwdCount=0,
+                                  badPasswordTime=('greater', 0),
+                                  badPwdCountOnly=True)
+        badPasswordTime = int(res[0]['badPasswordTime'][0])
+        logonCount = int(res[0]['logonCount'][0])
+        lastLogon = int(res[0]['lastLogon'][0])
+        lastLogonTimestamp = int(res[0]['lastLogonTimestamp'][0])
+
+        # prove we can change the user password (using the correct password)
+        new_password = 'thatsAcomplPASS1'
+        net.set_password(newpassword=new_password,
+                         account_name=username,
+                         domain_name=creds.get_domain())
+        creds.set_password(new_password)
+
+        # Add the user to the Protected Users group.
+
+        # Search for the Protected Users group.
+        group_dn = Dn(self.ldb,
+                      f'<SID={self.ldb.get_domain_sid()}-'
+                      f'{security.DOMAIN_RID_PROTECTED_USERS}>')
+        try:
+            group_res = self.ldb.search(base=group_dn,
+                                        scope=SCOPE_BASE,
+                                        attrs=['member'])
+        except LdbError as err:
+            self.fail(err)
+
+        orig_msg = group_res[0]
+
+        # Add the user to the list of members.
+        members = list(orig_msg.get('member', ()))
+        self.assertNotIn(userdn, members, 'account already in Protected Users')
+        members.append(userdn)
+
+        m = Message(group_dn)
+        m['member'] = MessageElement(members,
+                                     FLAG_MOD_REPLACE,
+                                     'member')
+        self.ldb.modify(m)
+
+        # Try entering the correct password 'x' times in a row, which should
+        # fail, but not lock the user out.
+        new_password = 'thatsAcomplPASS2'
+        for i in range(lockout_threshold):
+            with self.assertRaises(
+                    NTSTATUSError,
+                    msg='Invalid SAMR set_password accepted') as err:
+                self.debug(f'Trying correct password, attempt #{i}')
+                net.set_password(newpassword=new_password,
+                                 account_name=username,
+                                 domain_name=creds.get_domain())
+
+            enum = ctypes.c_uint32(err.exception.args[0]).value
+            self.assertEqual(enum, ntstatus.NT_STATUS_ACCOUNT_RESTRICTION)
+
+            res = self._check_account(
+                userdn,
+                badPwdCount=0,
+                badPasswordTime=badPasswordTime,
+                logonCount=logonCount,
+                lastLogon=lastLogon,
+                lastLogonTimestamp=lastLogonTimestamp,
+                lockoutTime=None,
+                userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                msDSUserAccountControlComputed=0)
+
+        # The user should not be locked out.
+        self.assertNotIn('lockoutTime', res[0])
+
+        # Ensure that the password can still be changed via LDAP.
+        self.ldb.modify_ldif(f'''
+dn: {userdn}
+changetype: modify
+delete: userPassword
+userPassword: {creds.get_password()}
+add: userPassword
+userPassword: {new_password}
+''')
+
+
+class PasswordTestsWithSleep(PasswordTests):
+    def setUp(self):
+        super(PasswordTestsWithSleep, self).setUp()
+
+    def _test_unicodePwd_lockout_with_clear_change(self, creds, other_ldb,
+                                                   initial_logoncount_relation=None):
+        self.debug("Performs a password cleartext change operation on 'unicodePwd'")
+        username = creds.get_username()
+        userpass = creds.get_password()
+        userdn = "cn=%s,cn=users,%s" % (username, self.base_dn)
+        if initial_logoncount_relation is not None:
+            logoncount_relation = initial_logoncount_relation
+        else:
+            logoncount_relation = "greater"
+
+        res = self._check_account(userdn,
+                                  badPwdCount=0,
+                                  badPasswordTime=("greater", 0),
+                                  logonCount=(logoncount_relation, 0),
+                                  lastLogon=("greater", 0),
+                                  lastLogonTimestamp=("greater", 0),
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+        badPasswordTime = int(res[0]["badPasswordTime"][0])
+        logonCount = int(res[0]["logonCount"][0])
+        lastLogon = int(res[0]["lastLogon"][0])
+        lastLogonTimestamp = int(res[0]["lastLogonTimestamp"][0])
+        self.assertGreater(lastLogonTimestamp, badPasswordTime)
+        self.assertGreaterEqual(lastLogon, lastLogonTimestamp)
+
+        # Change password on a connection as another user
+
+        # Wrong old password
+        try:
+            other_ldb.modify_ldif("""
+dn: """ + userdn + """
+changetype: modify
+delete: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS1x\"".encode('utf-16-le')).decode('utf8') + """
+add: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS2\"".encode('utf-16-le')).decode('utf8') + """
+""")
+            self.fail()
+        except LdbError as e10:
+            (num, msg) = e10.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+            self.assertIn('00000056', msg)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=1,
+                                  badPasswordTime=("greater", badPasswordTime),
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+        badPasswordTime = int(res[0]["badPasswordTime"][0])
+
+        # Correct old password
+        old_utf16 = ("\"%s\"" % userpass).encode('utf-16-le')
+        invalid_utf16 = "\"thatsAcomplPASSX\"".encode('utf-16-le')
+        userpass = "thatsAcomplPASS2"
+        creds.set_password(userpass)
+        new_utf16 = ("\"%s\"" % userpass).encode('utf-16-le')
+
+        other_ldb.modify_ldif("""
+dn: """ + userdn + """
+changetype: modify
+delete: unicodePwd
+unicodePwd:: """ + base64.b64encode(old_utf16).decode('utf8') + """
+add: unicodePwd
+unicodePwd:: """ + base64.b64encode(new_utf16).decode('utf8') + """
+""")
+
+        res = self._check_account(userdn,
+                                  badPwdCount=1,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+
+        # Wrong old password
+        try:
+            other_ldb.modify_ldif("""
+dn: """ + userdn + """
+changetype: modify
+delete: unicodePwd
+unicodePwd:: """ + base64.b64encode(old_utf16).decode('utf8') + """
+add: unicodePwd
+unicodePwd:: """ + base64.b64encode(new_utf16).decode('utf8') + """
+""")
+            self.fail()
+        except LdbError as e11:
+            (num, msg) = e11.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+            self.assertIn('00000056', msg)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=2,
+                                  badPasswordTime=("greater", badPasswordTime),
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+        badPasswordTime = int(res[0]["badPasswordTime"][0])
+
+        # SAMR doesn't have any impact if dsdb.UF_LOCKOUT isn't present.
+        # It doesn't create "lockoutTime" = 0 and doesn't
+        # reset "badPwdCount" = 0.
+        self._reset_samr(res)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=2,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+
+        self.debug("two failed password change")
+
+        # Wrong old password
+        try:
+            other_ldb.modify_ldif("""
+dn: """ + userdn + """
+changetype: modify
+delete: unicodePwd
+unicodePwd:: """ + base64.b64encode(invalid_utf16).decode('utf8') + """
+add: unicodePwd
+unicodePwd:: """ + base64.b64encode(new_utf16).decode('utf8') + """
+""")
+            self.fail()
+        except LdbError as e12:
+            (num, msg) = e12.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+            self.assertIn('00000056', msg)
+
+        # this is strange, why do we have lockoutTime=badPasswordTime here?
+        res = self._check_account(userdn,
+                                  badPwdCount=3,
+                                  badPasswordTime=("greater", badPasswordTime),
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  lockoutTime=("greater", badPasswordTime),
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=dsdb.UF_LOCKOUT)
+        badPasswordTime = int(res[0]["badPasswordTime"][0])
+        lockoutTime = int(res[0]["lockoutTime"][0])
+
+        # Wrong old password
+        try:
+            other_ldb.modify_ldif("""
+dn: """ + userdn + """
+changetype: modify
+delete: unicodePwd
+unicodePwd:: """ + base64.b64encode(invalid_utf16).decode('utf8') + """
+add: unicodePwd
+unicodePwd:: """ + base64.b64encode(new_utf16).decode('utf8') + """
+""")
+            self.fail()
+        except LdbError as e13:
+            (num, msg) = e13.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+            self.assertIn('00000775', msg)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=3,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  lockoutTime=lockoutTime,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=dsdb.UF_LOCKOUT)
+
+        # Wrong old password
+        try:
+            other_ldb.modify_ldif("""
+dn: """ + userdn + """
+changetype: modify
+delete: unicodePwd
+unicodePwd:: """ + base64.b64encode(invalid_utf16).decode('utf8') + """
+add: unicodePwd
+unicodePwd:: """ + base64.b64encode(new_utf16).decode('utf8') + """
+""")
+            self.fail()
+        except LdbError as e14:
+            (num, msg) = e14.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+            self.assertIn('00000775', msg)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=3,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  lockoutTime=lockoutTime,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=dsdb.UF_LOCKOUT)
+
+        try:
+            # Correct old password
+            other_ldb.modify_ldif("""
+dn: """ + userdn + """
+changetype: modify
+delete: unicodePwd
+unicodePwd:: """ + base64.b64encode(new_utf16).decode('utf8') + """
+add: unicodePwd
+unicodePwd:: """ + base64.b64encode(invalid_utf16).decode('utf8') + """
+""")
+            self.fail()
+        except LdbError as e15:
+            (num, msg) = e15.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+            self.assertIn('00000775', msg)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=3,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  lockoutTime=lockoutTime,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=dsdb.UF_LOCKOUT)
+
+        # Now reset the lockout, by removing ACB_AUTOLOCK (which removes the lock, despite being a generated attribute)
+        self._reset_samr(res)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=0,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  lockoutTime=0,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+
+        # Correct old password
+        old_utf16 = ("\"%s\"" % userpass).encode('utf-16-le')
+        invalid_utf16 = "\"thatsAcomplPASSiX\"".encode('utf-16-le')
+        userpass = "thatsAcomplPASS2x"
+        creds.set_password(userpass)
+        new_utf16 = ("\"%s\"" % userpass).encode('utf-16-le')
+
+        other_ldb.modify_ldif("""
+dn: """ + userdn + """
+changetype: modify
+delete: unicodePwd
+unicodePwd:: """ + base64.b64encode(old_utf16).decode('utf8') + """
+add: unicodePwd
+unicodePwd:: """ + base64.b64encode(new_utf16).decode('utf8') + """
+""")
+
+        res = self._check_account(userdn,
+                                  badPwdCount=0,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  lockoutTime=0,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+
+        # Wrong old password
+        try:
+            other_ldb.modify_ldif("""
+dn: """ + userdn + """
+changetype: modify
+delete: unicodePwd
+unicodePwd:: """ + base64.b64encode(invalid_utf16).decode('utf8') + """
+add: unicodePwd
+unicodePwd:: """ + base64.b64encode(new_utf16).decode('utf8') + """
+""")
+            self.fail()
+        except LdbError as e16:
+            (num, msg) = e16.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+            self.assertIn('00000056', msg)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=1,
+                                  badPasswordTime=("greater", badPasswordTime),
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  lockoutTime=0,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+        badPasswordTime = int(res[0]["badPasswordTime"][0])
+
+        # Wrong old password
+        try:
+            other_ldb.modify_ldif("""
+dn: """ + userdn + """
+changetype: modify
+delete: unicodePwd
+unicodePwd:: """ + base64.b64encode(invalid_utf16).decode('utf8') + """
+add: unicodePwd
+unicodePwd:: """ + base64.b64encode(new_utf16).decode('utf8') + """
+""")
+            self.fail()
+        except LdbError as e17:
+            (num, msg) = e17.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+            self.assertIn('00000056', msg)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=2,
+                                  badPasswordTime=("greater", badPasswordTime),
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  lockoutTime=0,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+        badPasswordTime = int(res[0]["badPasswordTime"][0])
+
+        # SAMR doesn't have any impact if dsdb.UF_LOCKOUT isn't present.
+        # It doesn't reset "badPwdCount" = 0.
+        self._reset_samr(res)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=2,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  lockoutTime=0,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+
+        # Wrong old password
+        try:
+            other_ldb.modify_ldif("""
+dn: """ + userdn + """
+changetype: modify
+delete: unicodePwd
+unicodePwd:: """ + base64.b64encode(invalid_utf16).decode('utf8') + """
+add: unicodePwd
+unicodePwd:: """ + base64.b64encode(new_utf16).decode('utf8') + """
+""")
+            self.fail()
+        except LdbError as e18:
+            (num, msg) = e18.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+            self.assertIn('00000056', msg)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=3,
+                                  badPasswordTime=("greater", badPasswordTime),
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  lockoutTime=("greater", badPasswordTime),
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=dsdb.UF_LOCKOUT)
+        badPasswordTime = int(res[0]["badPasswordTime"][0])
+        lockoutTime = int(res[0]["lockoutTime"][0])
+
+        time.sleep(self.account_lockout_duration + 1)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=3, effective_bad_password_count=0,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  lockoutTime=lockoutTime,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+
+        # SAMR doesn't have any impact if dsdb.UF_LOCKOUT isn't present.
+        # It doesn't reset "lockoutTime" = 0 and doesn't
+        # reset "badPwdCount" = 0.
+        self._reset_samr(res)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=3, effective_bad_password_count=0,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=logonCount,
+                                  lockoutTime=lockoutTime,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+
+    def test_unicodePwd_lockout_with_clear_change_krb5(self):
+        self._test_unicodePwd_lockout_with_clear_change(self.lockout1krb5_creds,
+                                                        self.lockout2krb5_ldb)
+
+    def test_unicodePwd_lockout_with_clear_change_ntlm(self):
+        self._test_unicodePwd_lockout_with_clear_change(self.lockout1ntlm_creds,
+                                                        self.lockout2ntlm_ldb,
+                                                        initial_logoncount_relation="equal")
+
+    def test_login_lockout_krb5(self):
+        self._test_login_lockout(self.lockout1krb5_creds)
+
+    def test_login_lockout_ntlm(self):
+        self._test_login_lockout(self.lockout1ntlm_creds)
+
+    # Repeat the login lockout tests using PSOs
+    def test_pso_login_lockout_krb5(self):
+        """Check the PSO lockout settings get applied to the user correctly"""
+        self.use_pso_lockout_settings(self.lockout1krb5_creds)
+        self._test_login_lockout(self.lockout1krb5_creds)
+
+    def test_pso_login_lockout_ntlm(self):
+        """Check the PSO lockout settings get applied to the user correctly"""
+        self.use_pso_lockout_settings(self.lockout1ntlm_creds)
+        self._test_login_lockout(self.lockout1ntlm_creds)
+
+    def _testing_add_user(self, creds, lockOutObservationWindow=0):
+        username = creds.get_username()
+        userpass = creds.get_password()
+        userdn = "cn=%s,cn=users,%s" % (username, self.base_dn)
+
+        use_kerberos = creds.get_kerberos_state()
+        if use_kerberos == MUST_USE_KERBEROS:
+            logoncount_relation = 'greater'
+            lastlogon_relation = 'greater'
+        else:
+            logoncount_relation = 'equal'
+            if lockOutObservationWindow == 0:
+                lastlogon_relation = 'greater'
+            else:
+                lastlogon_relation = 'equal'
+
+        delete_force(self.ldb, userdn)
+        self.ldb.add({
+             "dn": userdn,
+             "objectclass": "user",
+             "sAMAccountName": username})
+
+        self.addCleanup(delete_force, self.ldb, userdn)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=0,
+                                  badPasswordTime=0,
+                                  logonCount=0,
+                                  lastLogon=0,
+                                  lastLogonTimestamp=('absent', None),
+                                  userAccountControl=(dsdb.UF_NORMAL_ACCOUNT |
+                                                      dsdb.UF_ACCOUNTDISABLE |
+                                                      dsdb.UF_PASSWD_NOTREQD),
+                                  msDSUserAccountControlComputed=dsdb.UF_PASSWORD_EXPIRED)
+
+        # SAMR doesn't have any impact if dsdb.UF_LOCKOUT isn't present.
+        # It doesn't create "lockoutTime" = 0.
+        self._reset_samr(res)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=0,
+                                  badPasswordTime=0,
+                                  logonCount=0,
+                                  lastLogon=0,
+                                  lastLogonTimestamp=('absent', None),
+                                  userAccountControl=(dsdb.UF_NORMAL_ACCOUNT |
+                                                      dsdb.UF_ACCOUNTDISABLE |
+                                                      dsdb.UF_PASSWD_NOTREQD),
+                                  msDSUserAccountControlComputed=dsdb.UF_PASSWORD_EXPIRED)
+
+        # Tests a password change when we don't have any password yet with a
+        # wrong old password
+        try:
+            self.ldb.modify_ldif("""
+dn: """ + userdn + """
+changetype: modify
+delete: userPassword
+userPassword: noPassword
+add: userPassword
+userPassword: thatsAcomplPASS2
+""")
+            self.fail()
+        except LdbError as e19:
+            (num, msg) = e19.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+            # Windows (2008 at least) seems to have some small bug here: it
+            # returns "0000056A" on longer (always wrong) previous passwords.
+            self.assertIn('00000056', msg)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=1,
+                                  badPasswordTime=("greater", 0),
+                                  logonCount=0,
+                                  lastLogon=0,
+                                  lastLogonTimestamp=('absent', None),
+                                  userAccountControl=(dsdb.UF_NORMAL_ACCOUNT |
+                                                      dsdb.UF_ACCOUNTDISABLE |
+                                                      dsdb.UF_PASSWD_NOTREQD),
+                                  msDSUserAccountControlComputed=dsdb.UF_PASSWORD_EXPIRED)
+        badPwdCount = int(res[0]["badPwdCount"][0])
+        badPasswordTime = int(res[0]["badPasswordTime"][0])
+
+        # Sets the initial user password with a "special" password change
+        # I think that this internally is a password set operation and it can
+        # only be performed by someone which has password set privileges on the
+        # account (at least in s4 we do handle it like that).
+        self.ldb.modify_ldif("""
+dn: """ + userdn + """
+changetype: modify
+delete: userPassword
+add: userPassword
+userPassword: """ + userpass + """
+""")
+
+        res = self._check_account(userdn,
+                                  badPwdCount=badPwdCount,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=0,
+                                  lastLogon=0,
+                                  lastLogonTimestamp=('absent', None),
+                                  userAccountControl=(dsdb.UF_NORMAL_ACCOUNT |
+                                                      dsdb.UF_ACCOUNTDISABLE |
+                                                      dsdb.UF_PASSWD_NOTREQD),
+                                  msDSUserAccountControlComputed=0)
+
+        # Enables the user account
+        self.ldb.enable_account("(sAMAccountName=%s)" % username)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=badPwdCount,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=0,
+                                  lastLogon=0,
+                                  lastLogonTimestamp=('absent', None),
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+        if lockOutObservationWindow != 0:
+            time.sleep(lockOutObservationWindow + 1)
+            effective_bad_password_count = 0
+        else:
+            effective_bad_password_count = badPwdCount
+
+        res = self._check_account(userdn,
+                                  badPwdCount=badPwdCount,
+                                  effective_bad_password_count=effective_bad_password_count,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=0,
+                                  lastLogon=0,
+                                  lastLogonTimestamp=('absent', None),
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+
+        ldb = SamDB(url=self.host_url, credentials=creds, lp=self.lp)
+
+        if lockOutObservationWindow == 0:
+            badPwdCount = 0
+            effective_bad_password_count = 0
+        if use_kerberos == MUST_USE_KERBEROS:
+            badPwdCount = 0
+            effective_bad_password_count = 0
+
+        res = self._check_account(userdn,
+                                  badPwdCount=badPwdCount,
+                                  effective_bad_password_count=effective_bad_password_count,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=(logoncount_relation, 0),
+                                  lastLogon=(lastlogon_relation, 0),
+                                  lastLogonTimestamp=('greater', badPasswordTime),
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+
+        logonCount = int(res[0]["logonCount"][0])
+        lastLogon = int(res[0]["lastLogon"][0])
+        lastLogonTimestamp = int(res[0]["lastLogonTimestamp"][0])
+        if lastlogon_relation == 'greater':
+            self.assertGreater(lastLogon, badPasswordTime)
+            self.assertGreaterEqual(lastLogon, lastLogonTimestamp)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=badPwdCount,
+                                  effective_bad_password_count=effective_bad_password_count,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+        return ldb
+
+    def test_lockout_observation_window(self):
+        lockout3krb5_creds = self.insta_creds(self.template_creds,
+                                              username="lockout3krb5",
+                                              userpass="thatsAcomplPASS0",
+                                              kerberos_state=MUST_USE_KERBEROS)
+        self._testing_add_user(lockout3krb5_creds)
+
+        lockout4krb5_creds = self.insta_creds(self.template_creds,
+                                              username="lockout4krb5",
+                                              userpass="thatsAcomplPASS0",
+                                              kerberos_state=MUST_USE_KERBEROS)
+        self._testing_add_user(lockout4krb5_creds,
+                               lockOutObservationWindow=self.lockout_observation_window)
+
+        lockout3ntlm_creds = self.insta_creds(self.template_creds,
+                                              username="lockout3ntlm",
+                                              userpass="thatsAcomplPASS0",
+                                              kerberos_state=DONT_USE_KERBEROS)
+        self._testing_add_user(lockout3ntlm_creds)
+        lockout4ntlm_creds = self.insta_creds(self.template_creds,
+                                              username="lockout4ntlm",
+                                              userpass="thatsAcomplPASS0",
+                                              kerberos_state=DONT_USE_KERBEROS)
+        self._testing_add_user(lockout4ntlm_creds,
+                               lockOutObservationWindow=self.lockout_observation_window)
+
+class PasswordTestsWithDefaults(PasswordTests):
+    def setUp(self):
+        # The tests in this class do not sleep, so we can use the default
+        # timeout windows here
+        self.account_lockout_duration = 30 * 60
+        self.lockout_observation_window = 30 * 60
+        super(PasswordTestsWithDefaults, self).setUp()
+
+    # sanity-check that user lockout works with the default settings (we just
+    # check the user is locked out - we don't wait for the lockout to expire)
+    def test_login_lockout_krb5(self):
+        self._test_login_lockout(self.lockout1krb5_creds,
+                                 wait_lockout_duration=False)
+
+    def test_login_lockout_ntlm(self):
+        self._test_login_lockout(self.lockout1ntlm_creds,
+                                 wait_lockout_duration=False)
+
+    # Repeat the login lockout tests using PSOs
+    def test_pso_login_lockout_krb5(self):
+        """Check the PSO lockout settings get applied to the user correctly"""
+        self.use_pso_lockout_settings(self.lockout1krb5_creds)
+        self._test_login_lockout(self.lockout1krb5_creds,
+                                 wait_lockout_duration=False)
+
+    def test_pso_login_lockout_ntlm(self):
+        """Check the PSO lockout settings get applied to the user correctly"""
+        self.use_pso_lockout_settings(self.lockout1ntlm_creds)
+        self._test_login_lockout(self.lockout1ntlm_creds,
+                                 wait_lockout_duration=False)
+
+TestProgram(module=__name__, opts=subunitopts)
diff --git a/source4/dsdb/tests/python/password_lockout_base.py b/source4/dsdb/tests/python/password_lockout_base.py
new file mode 100644
index 0000000..77529b7
--- /dev/null
+++ b/source4/dsdb/tests/python/password_lockout_base.py
@@ -0,0 +1,785 @@
+from samba.credentials import Credentials, DONT_USE_KERBEROS, MUST_USE_KERBEROS
+from ldb import SCOPE_BASE, LdbError
+from ldb import ERR_INVALID_CREDENTIALS
+from ldb import SUCCESS as LDB_SUCCESS
+from ldb import Message, MessageElement, Dn
+from ldb import FLAG_MOD_REPLACE
+from samba import gensec, dsdb
+from samba.samdb import SamDB
+from samba.tests import delete_force
+from samba.dcerpc import security, samr
+from samba.ndr import ndr_unpack
+from samba.tests.password_test import PasswordTestCase
+
+import time
+
+
+class BasePasswordTestCase(PasswordTestCase):
+    if False:
+        debug = print
+    else:
+        def debug(self, *args, **kwargs):
+            pass
+
+    def _open_samr_user(self, res):
+        self.assertIn("objectSid", res[0])
+
+        (domain_sid, rid) = ndr_unpack(security.dom_sid, res[0]["objectSid"][0]).split()
+        self.assertEqual(self.domain_sid, domain_sid)
+
+        return self.samr.OpenUser(self.samr_domain, security.SEC_FLAG_MAXIMUM_ALLOWED, rid)
+
+    def _check_attribute(self, res, name, value):
+        if value is None:
+            self.assertNotIn(name, res[0],
+                             msg="attr[%s]=%r on dn[%s]" %
+                             (name, res[0], res[0].dn))
+            return
+
+        if isinstance(value, tuple):
+            (mode, value) = value
+        else:
+            mode = "equal"
+
+        if mode == "ignore":
+            return
+
+        if mode == "absent":
+            self.assertNotIn(name, res[0],
+                             msg="attr[%s] not missing on dn[%s]" %
+                             (name, res[0].dn))
+            return
+
+        self.assertIn(name, res[0],
+                      msg="attr[%s] missing on dn[%s]" %
+                      (name, res[0].dn))
+        self.assertEqual(1, len(res[0][name]),
+                         msg="attr[%s]=%r on dn[%s]" %
+                         (name, res[0][name], res[0].dn))
+
+        self.debug("%s = '%s'" % (name, res[0][name][0]))
+
+        if mode == "present":
+            return
+
+        if mode == "equal":
+            v = int(res[0][name][0])
+            value = int(value)
+            msg = ("attr[%s]=[%s] != [%s] on dn[%s]\n"
+                   "(diff %d; actual value is %s than expected)"  %
+                   (name, v, value, res[0].dn, v - value,
+                    ('less' if v < value else 'greater')))
+
+            self.assertEqual(v, value, msg)
+            return
+
+        if mode == "greater":
+            v = int(res[0][name][0])
+            self.assertGreater(v, int(value),
+                               msg="attr[%s]=[%s] <= [%s] on dn[%s] (diff %d)" %
+                               (name, v, int(value), res[0].dn, v - int(value)))
+            return
+        if mode == "less":
+            v = int(res[0][name][0])
+            self.assertLess(v, int(value),
+                            msg="attr[%s]=[%s] >= [%s] on dn[%s] (diff %d)" %
+                            (name, v, int(value), res[0].dn, v - int(value)))
+            return
+        self.fail("Invalid Mode[%s]" % mode)
+
+    def _check_account_initial(self, userdn):
+        self._check_account(userdn,
+                            badPwdCount=0,
+                            badPasswordTime=0,
+                            logonCount=0,
+                            lastLogon=0,
+                            lastLogonTimestamp=("absent", None),
+                            userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                            msDSUserAccountControlComputed=0)
+
+    def _check_account(self, dn,
+                       badPwdCount=None,
+                       badPasswordTime=None,
+                       logonCount=None,
+                       lastLogon=None,
+                       lastLogonTimestamp=None,
+                       lockoutTime=None,
+                       userAccountControl=None,
+                       msDSUserAccountControlComputed=None,
+                       effective_bad_password_count=None,
+                       msg=None,
+                       badPwdCountOnly=False):
+        self.debug('-=' * 36)
+        if msg is not None:
+            self.debug("\033[01;32m %s \033[00m\n" % msg)
+        attrs = [
+            "objectSid",
+           "sAMAccountName",
+           "badPwdCount",
+           "badPasswordTime",
+           "lastLogon",
+           "lastLogonTimestamp",
+           "logonCount",
+           "lockoutTime",
+           "userAccountControl",
+           "msDS-User-Account-Control-Computed"
+        ]
+
+        # in order to prevent some time resolution problems we sleep for
+        # 10 micro second
+        time.sleep(0.01)
+
+        res = self.ldb.search(dn, scope=SCOPE_BASE, attrs=attrs)
+        self.assertEqual(1, len(res))
+        self._check_attribute(res, "badPwdCount", badPwdCount)
+        self._check_attribute(res, "lockoutTime", lockoutTime)
+        self._check_attribute(res, "badPasswordTime", badPasswordTime)
+        if not badPwdCountOnly:
+            self._check_attribute(res, "logonCount", logonCount)
+            self._check_attribute(res, "lastLogon", lastLogon)
+            self._check_attribute(res, "lastLogonTimestamp", lastLogonTimestamp)
+            self._check_attribute(res, "userAccountControl", userAccountControl)
+            self._check_attribute(res, "msDS-User-Account-Control-Computed",
+                                  msDSUserAccountControlComputed)
+
+            lastLogon = int(res[0]["lastLogon"][0])
+            logonCount = int(res[0]["logonCount"][0])
+
+        samr_user = self._open_samr_user(res)
+        uinfo3 = self.samr.QueryUserInfo(samr_user, 3)
+        uinfo5 = self.samr.QueryUserInfo(samr_user, 5)
+        uinfo16 = self.samr.QueryUserInfo(samr_user, 16)
+        uinfo21 = self.samr.QueryUserInfo(samr_user, 21)
+        self.samr.Close(samr_user)
+
+        expected_acb_info = 0
+        if not badPwdCountOnly:
+            if userAccountControl & dsdb.UF_NORMAL_ACCOUNT:
+                expected_acb_info |= samr.ACB_NORMAL
+            if userAccountControl & dsdb.UF_ACCOUNTDISABLE:
+                expected_acb_info |= samr.ACB_DISABLED
+            if userAccountControl & dsdb.UF_PASSWD_NOTREQD:
+                expected_acb_info |= samr.ACB_PWNOTREQ
+            if msDSUserAccountControlComputed & dsdb.UF_LOCKOUT:
+                expected_acb_info |= samr.ACB_AUTOLOCK
+            if msDSUserAccountControlComputed & dsdb.UF_PASSWORD_EXPIRED:
+                expected_acb_info |= samr.ACB_PW_EXPIRED
+
+            self.assertEqual(uinfo3.acct_flags, expected_acb_info)
+            self.assertEqual(uinfo3.last_logon, lastLogon)
+            self.assertEqual(uinfo3.logon_count, logonCount)
+
+        expected_bad_password_count = 0
+        if badPwdCount is not None:
+            expected_bad_password_count = badPwdCount
+        if effective_bad_password_count is None:
+            effective_bad_password_count = expected_bad_password_count
+
+        self.assertEqual(uinfo3.bad_password_count, expected_bad_password_count)
+
+        if not badPwdCountOnly:
+            self.assertEqual(uinfo5.acct_flags, expected_acb_info)
+            self.assertEqual(uinfo5.bad_password_count, effective_bad_password_count)
+            self.assertEqual(uinfo5.last_logon, lastLogon)
+            self.assertEqual(uinfo5.logon_count, logonCount)
+
+            self.assertEqual(uinfo16.acct_flags, expected_acb_info)
+
+            self.assertEqual(uinfo21.acct_flags, expected_acb_info)
+            self.assertEqual(uinfo21.bad_password_count, effective_bad_password_count)
+            self.assertEqual(uinfo21.last_logon, lastLogon)
+            self.assertEqual(uinfo21.logon_count, logonCount)
+
+        # check LDAP again and make sure the samr.QueryUserInfo
+        # doesn't have any impact.
+        res2 = self.ldb.search(dn, scope=SCOPE_BASE, attrs=attrs)
+        self.assertEqual(res[0], res2[0])
+
+        # in order to prevent some time resolution problems we sleep for
+        # 10 micro second
+        time.sleep(0.01)
+        return res
+
+    def update_lockout_settings(self, threshold, duration, observation_window):
+        """Updates the global user lockout settings"""
+        m = Message()
+        m.dn = Dn(self.ldb, self.base_dn)
+        account_lockout_duration_ticks = -int(duration * (1e7))
+        m["lockoutDuration"] = MessageElement(str(account_lockout_duration_ticks),
+                                              FLAG_MOD_REPLACE, "lockoutDuration")
+        m["lockoutThreshold"] = MessageElement(str(threshold),
+                                               FLAG_MOD_REPLACE, "lockoutThreshold")
+        lockout_observation_window_ticks = -int(observation_window * (1e7))
+        m["lockOutObservationWindow"] = MessageElement(str(lockout_observation_window_ticks),
+                                                       FLAG_MOD_REPLACE, "lockOutObservationWindow")
+        self.ldb.modify(m)
+
+    def _readd_user(self, creds, lockOutObservationWindow=0, simple=False):
+        username = creds.get_username()
+        userpass = creds.get_password()
+        userdn = "cn=%s,cn=users,%s" % (username, self.base_dn)
+
+        if simple:
+            creds.set_bind_dn(userdn)
+            ldap_url = self.host_url_ldaps
+        else:
+            ldap_url = self.host_url
+
+        delete_force(self.ldb, userdn)
+        self.ldb.add({
+             "dn": userdn,
+             "objectclass": "user",
+             "sAMAccountName": username})
+
+        self.addCleanup(delete_force, self.ldb, userdn)
+
+        # Sets the initial user password with a "special" password change
+        # I think that this internally is a password set operation and it can
+        # only be performed by someone which has password set privileges on the
+        # account (at least in s4 we do handle it like that).
+        self.ldb.modify_ldif("""
+dn: """ + userdn + """
+changetype: modify
+delete: userPassword
+add: userPassword
+userPassword: """ + userpass + """
+""")
+        # Enables the user account
+        self.ldb.enable_account("(sAMAccountName=%s)" % username)
+
+        use_kerberos = creds.get_kerberos_state()
+        fail_creds = self.insta_creds(self.template_creds,
+                                      username=username,
+                                      userpass=userpass + "X",
+                                      kerberos_state=use_kerberos)
+        if simple:
+            fail_creds.set_bind_dn(userdn)
+
+        self._check_account_initial(userdn)
+
+        # Fail once to get a badPasswordTime
+        self.assertLoginFailure(ldap_url, fail_creds, self.lp)
+
+        # Always reset with Simple bind or Kerberos, allows testing without NTLM
+        if simple or use_kerberos == MUST_USE_KERBEROS:
+            success_creds = creds
+        else:
+            success_creds = self.insta_creds(self.template_creds,
+                                             username=username,
+                                             userpass=userpass)
+            success_creds.set_bind_dn(userdn)
+            ldap_url = self.host_url_ldaps
+
+        # Succeed to reset everything to 0
+        self.assertLoginSuccess(ldap_url, success_creds, self.lp)
+
+    def assertLoginFailure(self, url, creds, lp, errno=ERR_INVALID_CREDENTIALS):
+        try:
+            SamDB(url=url, credentials=creds, lp=lp)
+            self.fail("Login unexpectedly succeeded")
+        except LdbError as e1:
+            (num, msg) = e1.args
+            if errno is not None:
+                self.assertEqual(num, errno, ("Login failed in the wrong way"
+                                               "(got err %d, expected %d)" %
+                                               (num, errno)))
+
+    def assertLoginSuccess(self, url, creds, lp):
+        try:
+            ldb = SamDB(url=url, credentials=creds, lp=lp)
+            return ldb
+        except LdbError as e1:
+            (num, msg) = e1.args
+            self.assertEqual(num, LDB_SUCCESS,
+                             ("Login failed - %d - %s" % (
+                              num, msg)))
+
+
+    def setUp(self):
+        super(BasePasswordTestCase, self).setUp()
+
+        self.global_creds.set_gensec_features(self.global_creds.get_gensec_features() |
+                                              gensec.FEATURE_SEAL)
+
+        self.template_creds = Credentials()
+        self.template_creds.set_username("testuser")
+        self.template_creds.set_password("thatsAcomplPASS1")
+        self.template_creds.set_domain(self.global_creds.get_domain())
+        self.template_creds.set_realm(self.global_creds.get_realm())
+        self.template_creds.set_workstation(self.global_creds.get_workstation())
+        self.template_creds.set_gensec_features(self.global_creds.get_gensec_features())
+        self.template_creds.set_kerberos_state(self.global_creds.get_kerberos_state())
+
+        # Gets back the basedn
+        base_dn = self.ldb.domain_dn()
+
+        res = self.ldb.search(base_dn,
+                              scope=SCOPE_BASE, attrs=["lockoutDuration", "lockOutObservationWindow", "lockoutThreshold"])
+
+        if "lockoutDuration" in res[0]:
+            lockoutDuration = res[0]["lockoutDuration"][0]
+        else:
+            lockoutDuration = 0
+
+        if "lockoutObservationWindow" in res[0]:
+            lockoutObservationWindow = res[0]["lockoutObservationWindow"][0]
+        else:
+            lockoutObservationWindow = 0
+
+        if "lockoutThreshold" in res[0]:
+            lockoutThreshold = res[0]["lockoutThreshold"][0]
+        else:
+            lockoutThreshold = 0
+
+        self.addCleanup(self.ldb.modify_ldif, """
+dn: """ + base_dn + """
+changetype: modify
+replace: lockoutDuration
+lockoutDuration: """ + str(lockoutDuration) + """
+replace: lockoutObservationWindow
+lockoutObservationWindow: """ + str(lockoutObservationWindow) + """
+replace: lockoutThreshold
+lockoutThreshold: """ + str(lockoutThreshold) + """
+""")
+
+        self.base_dn = self.ldb.domain_dn()
+
+        #
+        # Some test cases sleep() for self.account_lockout_duration
+        # so allow it to be controlled via the subclass
+        #
+        if not hasattr(self, 'account_lockout_duration'):
+            self.account_lockout_duration = 3
+        if not hasattr(self, 'lockout_observation_window'):
+            self.lockout_observation_window = 3
+        self.update_lockout_settings(threshold=3,
+                                     duration=self.account_lockout_duration,
+                                     observation_window=self.lockout_observation_window)
+
+        # update DC to allow password changes for the duration of this test
+        self.allow_password_changes()
+
+        self.domain_sid = security.dom_sid(self.ldb.get_domain_sid())
+        self.samr = samr.samr("ncacn_ip_tcp:%s[seal]" % self.host, self.lp, self.global_creds)
+        self.samr_handle = self.samr.Connect2(None, security.SEC_FLAG_MAXIMUM_ALLOWED)
+        self.samr_domain = self.samr.OpenDomain(self.samr_handle, security.SEC_FLAG_MAXIMUM_ALLOWED, self.domain_sid)
+
+        self.addCleanup(self.delete_ldb_connections)
+
+        # (Re)adds the test user accounts
+        self.lockout1krb5_creds = self.insta_creds(self.template_creds,
+                                                   username="lockout1krb5",
+                                                   userpass="thatsAcomplPASS0",
+                                                   kerberos_state=MUST_USE_KERBEROS)
+        self._readd_user(self.lockout1krb5_creds)
+        self.lockout1ntlm_creds = self.insta_creds(self.template_creds,
+                                                   username="lockout1ntlm",
+                                                   userpass="thatsAcomplPASS0",
+                                                   kerberos_state=DONT_USE_KERBEROS)
+        self._readd_user(self.lockout1ntlm_creds)
+        self.lockout1simple_creds = self.insta_creds(self.template_creds,
+                                                     username="lockout1simple",
+                                                     userpass="thatsAcomplPASS0",
+                                                     kerberos_state=DONT_USE_KERBEROS)
+        self._readd_user(self.lockout1simple_creds,
+                         simple=True)
+
+    def delete_ldb_connections(self):
+        del self.ldb
+
+    def tearDown(self):
+        super(BasePasswordTestCase, self).tearDown()
+
+    def _test_login_lockout(self, creds, wait_lockout_duration=True):
+        username = creds.get_username()
+        userpass = creds.get_password()
+        userdn = "cn=%s,cn=users,%s" % (username, self.base_dn)
+
+        use_kerberos = creds.get_kerberos_state()
+        # This unlocks by waiting for account_lockout_duration
+        if use_kerberos == MUST_USE_KERBEROS:
+            logoncount_relation = 'greater'
+            lastlogon_relation = 'greater'
+            self.debug("Performs a lockout attempt against LDAP using Kerberos")
+        else:
+            logoncount_relation = 'equal'
+            lastlogon_relation = 'equal'
+            self.debug("Performs a lockout attempt against LDAP using NTLM")
+
+        # Change password on a connection as another user
+        res = self._check_account(userdn,
+                                  badPwdCount=0,
+                                  badPasswordTime=("greater", 0),
+                                  logonCount=(logoncount_relation, 0),
+                                  lastLogon=("greater", 0),
+                                  lastLogonTimestamp=("greater", 0),
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+        badPasswordTime = int(res[0]["badPasswordTime"][0])
+        logonCount = int(res[0]["logonCount"][0])
+        lastLogon = int(res[0]["lastLogon"][0])
+        firstLogon = lastLogon
+        lastLogonTimestamp = int(res[0]["lastLogonTimestamp"][0])
+        self.debug(firstLogon)
+        self.debug(lastLogonTimestamp)
+
+        self.assertGreater(lastLogon, badPasswordTime)
+        self.assertGreaterEqual(lastLogon, lastLogonTimestamp)
+
+        # Open a second LDB connection with the user credentials. Use the
+        # command line credentials for information like the domain, the realm
+        # and the workstation.
+        creds_lockout = self.insta_creds(creds)
+
+        # The wrong password
+        creds_lockout.set_password("thatsAcomplPASS1x")
+
+        self.assertLoginFailure(self.host_url, creds_lockout, self.lp)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=1,
+                                  badPasswordTime=("greater", badPasswordTime),
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0,
+                                  msg='lastlogontimestamp with wrong password')
+        badPasswordTime = int(res[0]["badPasswordTime"][0])
+
+        # Correct old password
+        creds_lockout.set_password(userpass)
+
+        SamDB(url=self.host_url, credentials=creds_lockout, lp=self.lp)
+
+        # lastLogonTimestamp should not change
+        # lastLogon increases if badPwdCount is non-zero (!)
+        res = self._check_account(userdn,
+                                  badPwdCount=0,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=(logoncount_relation, logonCount),
+                                  lastLogon=('greater', lastLogon),
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0,
+                                  msg='LLTimestamp is updated to lastlogon')
+
+        logonCount = int(res[0]["logonCount"][0])
+        lastLogon = int(res[0]["lastLogon"][0])
+        self.assertGreater(lastLogon, badPasswordTime)
+        self.assertGreaterEqual(lastLogon, lastLogonTimestamp)
+
+        # The wrong password
+        creds_lockout.set_password("thatsAcomplPASS1x")
+
+        self.assertLoginFailure(self.host_url, creds_lockout, self.lp)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=1,
+                                  badPasswordTime=("greater", badPasswordTime),
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+        badPasswordTime = int(res[0]["badPasswordTime"][0])
+
+        # The wrong password
+        creds_lockout.set_password("thatsAcomplPASS1x")
+
+        try:
+            SamDB(url=self.host_url, credentials=creds_lockout, lp=self.lp)
+            self.fail()
+
+        except LdbError as e2:
+            (num, msg) = e2.args
+            self.assertEqual(num, ERR_INVALID_CREDENTIALS)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=2,
+                                  badPasswordTime=("greater", badPasswordTime),
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+        badPasswordTime = int(res[0]["badPasswordTime"][0])
+
+        self.debug("two failed password change")
+
+        # The wrong password
+        creds_lockout.set_password("thatsAcomplPASS1x")
+
+        try:
+            SamDB(url=self.host_url, credentials=creds_lockout, lp=self.lp)
+            self.fail()
+
+        except LdbError as e3:
+            (num, msg) = e3.args
+            self.assertEqual(num, ERR_INVALID_CREDENTIALS)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=3,
+                                  badPasswordTime=("greater", badPasswordTime),
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  lockoutTime=("greater", badPasswordTime),
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=dsdb.UF_LOCKOUT)
+        badPasswordTime = int(res[0]["badPasswordTime"][0])
+        lockoutTime = int(res[0]["lockoutTime"][0])
+
+        # The wrong password
+        creds_lockout.set_password("thatsAcomplPASS1x")
+        try:
+            SamDB(url=self.host_url, credentials=creds_lockout, lp=self.lp)
+            self.fail()
+        except LdbError as e4:
+            (num, msg) = e4.args
+            self.assertEqual(num, ERR_INVALID_CREDENTIALS)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=3,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  lockoutTime=lockoutTime,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=dsdb.UF_LOCKOUT)
+
+        # The wrong password
+        creds_lockout.set_password("thatsAcomplPASS1x")
+        try:
+            SamDB(url=self.host_url, credentials=creds_lockout, lp=self.lp)
+            self.fail()
+        except LdbError as e5:
+            (num, msg) = e5.args
+            self.assertEqual(num, ERR_INVALID_CREDENTIALS)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=3,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  lockoutTime=lockoutTime,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=dsdb.UF_LOCKOUT)
+
+        # The correct password, but we are locked out
+        creds_lockout.set_password(userpass)
+        try:
+            SamDB(url=self.host_url, credentials=creds_lockout, lp=self.lp)
+            self.fail()
+        except LdbError as e6:
+            (num, msg) = e6.args
+            self.assertEqual(num, ERR_INVALID_CREDENTIALS)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=3,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  lockoutTime=lockoutTime,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=dsdb.UF_LOCKOUT)
+
+        # if we're just checking the user gets locked out, we can stop here
+        if not wait_lockout_duration:
+            return
+
+        # wait for the lockout to end
+        time.sleep(self.account_lockout_duration + 1)
+        self.debug(self.account_lockout_duration + 1)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=3, effective_bad_password_count=0,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=logonCount,
+                                  lockoutTime=lockoutTime,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+
+        # The correct password after letting the timeout expire
+
+        creds_lockout.set_password(userpass)
+
+        creds_lockout2 = self.insta_creds(creds_lockout)
+
+        SamDB(url=self.host_url, credentials=creds_lockout2, lp=self.lp)
+        time.sleep(3)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=0,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=(logoncount_relation, logonCount),
+                                  lastLogon=(lastlogon_relation, lastLogon),
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  lockoutTime=0,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0,
+                                  msg="lastLogon is way off")
+
+        logonCount = int(res[0]["logonCount"][0])
+        lastLogon = int(res[0]["lastLogon"][0])
+
+        # The wrong password
+        creds_lockout.set_password("thatsAcomplPASS1x")
+        try:
+            SamDB(url=self.host_url, credentials=creds_lockout, lp=self.lp)
+            self.fail()
+        except LdbError as e7:
+            (num, msg) = e7.args
+            self.assertEqual(num, ERR_INVALID_CREDENTIALS)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=1,
+                                  badPasswordTime=("greater", badPasswordTime),
+                                  logonCount=logonCount,
+                                  lockoutTime=0,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+        badPasswordTime = int(res[0]["badPasswordTime"][0])
+
+        # The wrong password
+        creds_lockout.set_password("thatsAcomplPASS1x")
+        try:
+            SamDB(url=self.host_url, credentials=creds_lockout, lp=self.lp)
+            self.fail()
+        except LdbError as e8:
+            (num, msg) = e8.args
+            self.assertEqual(num, ERR_INVALID_CREDENTIALS)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=2,
+                                  badPasswordTime=("greater", badPasswordTime),
+                                  logonCount=logonCount,
+                                  lockoutTime=0,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+        badPasswordTime = int(res[0]["badPasswordTime"][0])
+
+        time.sleep(self.lockout_observation_window + 1)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=2, effective_bad_password_count=0,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=logonCount,
+                                  lockoutTime=0,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+
+        # The wrong password
+        creds_lockout.set_password("thatsAcomplPASS1x")
+        try:
+            SamDB(url=self.host_url, credentials=creds_lockout, lp=self.lp)
+            self.fail()
+        except LdbError as e9:
+            (num, msg) = e9.args
+            self.assertEqual(num, ERR_INVALID_CREDENTIALS)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=1,
+                                  badPasswordTime=("greater", badPasswordTime),
+                                  logonCount=logonCount,
+                                  lockoutTime=0,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+        badPasswordTime = int(res[0]["badPasswordTime"][0])
+
+        # The correct password without letting the timeout expire
+        creds_lockout.set_password(userpass)
+        SamDB(url=self.host_url, credentials=creds_lockout, lp=self.lp)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=0,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=(logoncount_relation, logonCount),
+                                  lockoutTime=0,
+                                  lastLogon=("greater", lastLogon),
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+
+    def _test_multiple_logon(self, creds):
+        # Test the happy case in which a user logs on correctly, then
+        # logs on correctly again, so that the bad password and
+        # lockout times are both zero the second time. The lastlogon
+        # time should increase.
+
+        # Open a second LDB connection with the user credentials. Use the
+        # command line credentials for information like the domain, the realm
+        # and the workstation.
+        username = creds.get_username()
+        userdn = "cn=%s,cn=users,%s" % (username, self.base_dn)
+
+        use_kerberos = creds.get_kerberos_state()
+        if use_kerberos == MUST_USE_KERBEROS:
+            self.debug("Testing multiple logon with Kerberos")
+            logoncount_relation = 'greater'
+            lastlogon_relation = 'greater'
+        else:
+            self.debug("Testing multiple logon with NTLM")
+            logoncount_relation = 'equal'
+            lastlogon_relation = 'equal'
+
+        SamDB(url=self.host_url, credentials=self.insta_creds(creds), lp=self.lp)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=0,
+                                  badPasswordTime=("greater", 0),
+                                  logonCount=(logoncount_relation, 0),
+                                  lastLogon=("greater", 0),
+                                  lastLogonTimestamp=("greater", 0),
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+        badPasswordTime = int(res[0]["badPasswordTime"][0])
+        logonCount = int(res[0]["logonCount"][0])
+        lastLogon = int(res[0]["lastLogon"][0])
+        lastLogonTimestamp = int(res[0]["lastLogonTimestamp"][0])
+        firstLogon = lastLogon
+        self.debug("last logon is %d" % lastLogon)
+        self.assertGreater(lastLogon, badPasswordTime)
+        self.assertGreaterEqual(lastLogon, lastLogonTimestamp)
+
+        time.sleep(1)
+        SamDB(url=self.host_url, credentials=self.insta_creds(creds), lp=self.lp)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=0,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=(logoncount_relation, logonCount),
+                                  lastLogon=(lastlogon_relation, lastLogon),
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0,
+                                  msg=("second logon, firstlogon was %s" %
+                                       firstLogon))
+
+        lastLogon = int(res[0]["lastLogon"][0])
+
+        time.sleep(1)
+
+        SamDB(url=self.host_url, credentials=self.insta_creds(creds), lp=self.lp)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=0,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=(logoncount_relation, logonCount),
+                                  lastLogon=(lastlogon_relation, lastLogon),
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
diff --git a/source4/dsdb/tests/python/password_settings.py b/source4/dsdb/tests/python/password_settings.py
new file mode 100644
index 0000000..cdaad05
--- /dev/null
+++ b/source4/dsdb/tests/python/password_settings.py
@@ -0,0 +1,876 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# Tests for Password Settings Objects.
+#
+# This also tests the default password complexity (i.e. pwdProperties),
+# minPwdLength, pwdHistoryLength settings as a side-effect.
+#
+# Copyright (C) Andrew Bartlett <abartlet@samba.org> 2018
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+#
+# Usage:
+#  export SERVER_IP=target_dc
+#  export SUBUNITRUN=$samba4srcdir/scripting/bin/subunitrun
+#  PYTHONPATH="$PYTHONPATH:$samba4srcdir/dsdb/tests/python" $SUBUNITRUN \
+#       password_settings -U"$DOMAIN/$DC_USERNAME"%"$DC_PASSWORD"
+#
+
+import samba.tests
+import ldb
+from ldb import FLAG_MOD_DELETE, FLAG_MOD_ADD, FLAG_MOD_REPLACE
+from samba import dsdb
+import time
+from samba.tests.password_test import PasswordTestCase
+from samba.tests.pso import TestUser
+from samba.tests.pso import PasswordSettings
+from samba.tests import env_get_var_value
+from samba.credentials import Credentials
+from samba import gensec
+import base64
+
+
+class PasswordSettingsTestCase(PasswordTestCase):
+    def setUp(self):
+        super(PasswordSettingsTestCase, self).setUp()
+
+        self.host_url = "ldap://%s" % env_get_var_value("SERVER_IP")
+        self.ldb = samba.tests.connect_samdb(self.host_url)
+
+        # create a temp OU to put this test's users into
+        self.ou = samba.tests.create_test_ou(self.ldb, "password_settings")
+
+        # update DC to allow password changes for the duration of this test
+        self.allow_password_changes()
+
+        # store the current password-settings for the domain
+        self.pwd_defaults = PasswordSettings(None, self.ldb)
+        self.test_objs = []
+
+    def tearDown(self):
+        super(PasswordSettingsTestCase, self).tearDown()
+
+        # remove all objects under the top-level OU
+        self.ldb.delete(self.ou, ["tree_delete:1"])
+
+        # PSOs can't reside within an OU so they get cleaned up separately
+        for obj in self.test_objs:
+            self.ldb.delete(obj)
+
+    def add_obj_cleanup(self, dn_list):
+        """Handles cleanup of objects outside of the test OU in the tearDown"""
+        self.test_objs.extend(dn_list)
+
+    def add_group(self, group_name):
+        """Creates a new group"""
+        dn = "CN=%s,%s" % (group_name, self.ou)
+        self.ldb.add({"dn": dn, "objectclass": "group"})
+        return dn
+
+    def set_attribute(self, dn, attr, value, operation=FLAG_MOD_ADD,
+                      samdb=None):
+        """Modifies an attribute for an object"""
+        if samdb is None:
+            samdb = self.ldb
+        m = ldb.Message()
+        m.dn = ldb.Dn(samdb, dn)
+        m[attr] = ldb.MessageElement(value, operation, attr)
+        samdb.modify(m)
+
+    def add_user(self, username):
+        # add a new user to the DB under our top-level OU
+        userou = "ou=%s" % self.ou.get_component_value(0)
+        return TestUser(username, self.ldb, userou=userou)
+
+    def assert_password_invalid(self, user, password):
+        """
+        Check we can't set a password that violates complexity or length
+        constraints
+        """
+        try:
+            user.set_password(password)
+            # fail the test if no exception was encountered
+            self.fail("Password '%s' should have been rejected" % password)
+        except ldb.LdbError as e:
+            (num, msg) = e.args
+            self.assertEqual(num, ldb.ERR_CONSTRAINT_VIOLATION, msg)
+            self.assertTrue('0000052D' in msg, msg)
+
+    def assert_password_valid(self, user, password):
+        """Checks that we can set a password successfully"""
+        try:
+            user.set_password(password)
+        except ldb.LdbError as e:
+            (num, msg) = e.args
+            # fail the test (rather than throw an error)
+            self.fail("Password '%s' unexpectedly rejected: %s" % (password,
+                                                                   msg))
+
+    def assert_PSO_applied(self, user, pso):
+        """
+        Asserts the expected PSO is applied by checking the msDS-ResultantPSO
+        attribute, as well as checking the corresponding password-length,
+        complexity, and history are enforced correctly
+        """
+        resultant_pso = user.get_resultant_PSO()
+        self.assertTrue(resultant_pso == pso.dn,
+                        "Expected PSO %s, not %s" % (pso.name,
+                                                     str(resultant_pso)))
+
+        # we're mirroring the pwd_history for the user, so make sure this is
+        # up-to-date, before we start making password changes
+        if user.last_pso:
+            user.pwd_history_change(user.last_pso.history_len, pso.history_len)
+        user.last_pso = pso
+
+        # check if we can set a sufficiently long, but non-complex, password.
+        # (We use the history-size to generate a unique password for each
+        # assertion - otherwise, if the password is already in the history,
+        # then it'll be rejected)
+        unique_char = chr(ord('a') + len(user.all_old_passwords))
+        noncomplex_pwd = "%cabcdefghijklmnopqrst" % unique_char
+
+        if pso.complexity:
+            self.assert_password_invalid(user, noncomplex_pwd)
+        else:
+            self.assert_password_valid(user, noncomplex_pwd)
+
+        # use a unique and sufficiently complex base-string to check pwd-length
+        pass_phrase = "%d#AaBbCcDdEeFfGgHhIi" % len(user.all_old_passwords)
+
+        # check that passwords less than the specified length are rejected
+        for i in range(3, pso.password_len):
+            self.assert_password_invalid(user, pass_phrase[:i])
+
+        # check we can set a password that's exactly the minimum length
+        self.assert_password_valid(user, pass_phrase[:pso.password_len])
+
+        # check the password history is enforced correctly.
+        # first, check the last n items in the password history are invalid
+        invalid_passwords = user.old_invalid_passwords(pso.history_len)
+        for pwd in invalid_passwords:
+            self.assert_password_invalid(user, pwd)
+
+        # next, check any passwords older than the history-len can be re-used
+        valid_passwords = user.old_valid_passwords(pso.history_len)
+        for pwd in valid_passwords:
+            self.assert_set_old_password(user, pwd, pso)
+
+    def password_is_complex(self, password):
+        # non-complex passwords used in the tests are all lower-case letters
+        # If it's got a number in the password, assume it's complex
+        return any(c.isdigit() for c in password)
+
+    def assert_set_old_password(self, user, password, pso):
+        """
+        Checks a user password can be set (if the password conforms to the PSO
+        settings). Used to check an old password that falls outside the history
+        length, but might still be invalid for other reasons.
+        """
+        if self.password_is_complex(password):
+            # check password conforms to length requirements
+            if len(password) < pso.password_len:
+                self.assert_password_invalid(user, password)
+            else:
+                self.assert_password_valid(user, password)
+        else:
+            # password is not complex, check PSO handles it appropriately
+            if pso.complexity:
+                self.assert_password_invalid(user, password)
+            else:
+                self.assert_password_valid(user, password)
+
+    def test_pso_basics(self):
+        """Simple tests that a PSO takes effect when applied to a group/user"""
+
+        # create some PSOs that vary in priority and basic password-len
+        best_pso = PasswordSettings("highest-priority-PSO", self.ldb,
+                                    precedence=5, password_len=16,
+                                    history_len=6)
+        medium_pso = PasswordSettings("med-priority-PSO", self.ldb,
+                                      precedence=15, password_len=10,
+                                      history_len=4)
+        worst_pso = PasswordSettings("lowest-priority-PSO", self.ldb,
+                                     precedence=100, complexity=False,
+                                     password_len=4, history_len=2)
+
+        # handle PSO clean-up (as they're outside the top-level test OU)
+        self.add_obj_cleanup([worst_pso.dn, medium_pso.dn, best_pso.dn])
+
+        # create some groups and apply the PSOs to the groups
+        group1 = self.add_group("Group-1")
+        group2 = self.add_group("Group-2")
+        group3 = self.add_group("Group-3")
+        group4 = self.add_group("Group-4")
+        worst_pso.apply_to(group1)
+        medium_pso.apply_to(group2)
+        best_pso.apply_to(group3)
+        worst_pso.apply_to(group4)
+
+        # create a user and check the default settings apply to it
+        user = self.add_user("testuser")
+        self.assert_PSO_applied(user, self.pwd_defaults)
+
+        # add user to a group. Check that the group's PSO applies to the user
+        self.set_attribute(group1, "member", user.dn)
+        self.assert_PSO_applied(user, worst_pso)
+
+        # add the user to a group with a higher precedence PSO and and check
+        # that now trumps the previous PSO
+        self.set_attribute(group2, "member", user.dn)
+        self.assert_PSO_applied(user, medium_pso)
+
+        # add the user to the remaining groups. The highest precedence PSO
+        # should now take effect
+        self.set_attribute(group3, "member", user.dn)
+        self.set_attribute(group4, "member", user.dn)
+        self.assert_PSO_applied(user, best_pso)
+
+        # delete a group membership and check the PSO changes
+        self.set_attribute(group3, "member", user.dn,
+                           operation=FLAG_MOD_DELETE)
+        self.assert_PSO_applied(user, medium_pso)
+
+        # apply the low-precedence PSO directly to the user
+        # (directly applied PSOs should trump higher precedence group PSOs)
+        worst_pso.apply_to(user.dn)
+        self.assert_PSO_applied(user, worst_pso)
+
+        # remove applying the PSO directly to the user and check PSO changes
+        worst_pso.unapply(user.dn)
+        self.assert_PSO_applied(user, medium_pso)
+
+        # remove all appliesTo and check we have the default settings again
+        worst_pso.unapply(group1)
+        medium_pso.unapply(group2)
+        worst_pso.unapply(group4)
+        self.assert_PSO_applied(user, self.pwd_defaults)
+
+    def test_pso_nested_groups(self):
+        """PSOs operate correctly when applied to nested groups"""
+
+        # create some PSOs that vary in priority and basic password-len
+        group1_pso = PasswordSettings("group1-PSO", self.ldb, precedence=50,
+                                      password_len=12, history_len=3)
+        group2_pso = PasswordSettings("group2-PSO", self.ldb, precedence=25,
+                                      password_len=10, history_len=5,
+                                      complexity=False)
+        group3_pso = PasswordSettings("group3-PSO", self.ldb, precedence=10,
+                                      password_len=6, history_len=2)
+
+        # create some groups and apply the PSOs to the groups
+        group1 = self.add_group("Group-1")
+        group2 = self.add_group("Group-2")
+        group3 = self.add_group("Group-3")
+        group4 = self.add_group("Group-4")
+        group1_pso.apply_to(group1)
+        group2_pso.apply_to(group2)
+        group3_pso.apply_to(group3)
+
+        # create a PSO and apply it to a group that the user is not a member
+        # of - it should not have any effect on the user
+        unused_pso = PasswordSettings("unused-PSO", self.ldb, precedence=1,
+                                      password_len=20)
+        unused_pso.apply_to(group4)
+
+        # handle PSO clean-up (as they're outside the top-level test OU)
+        self.add_obj_cleanup([group1_pso.dn, group2_pso.dn, group3_pso.dn,
+                              unused_pso.dn])
+
+        # create a user and check the default settings apply to it
+        user = self.add_user("testuser")
+        self.assert_PSO_applied(user, self.pwd_defaults)
+
+        # add user to a group. Check that the group's PSO applies to the user
+        self.set_attribute(group1, "member", user.dn)
+        self.set_attribute(group2, "member", group1)
+        self.assert_PSO_applied(user, group2_pso)
+
+        # add another level to the group hierarchy & check this PSO takes effect
+        self.set_attribute(group3, "member", group2)
+        self.assert_PSO_applied(user, group3_pso)
+
+        # invert the PSO precedence and check the new lowest value takes effect
+        group1_pso.set_precedence(3)
+        group2_pso.set_precedence(13)
+        group3_pso.set_precedence(33)
+        self.assert_PSO_applied(user, group1_pso)
+
+        # delete a PSO and check it no longer applies
+        self.ldb.delete(group1_pso.dn)
+        self.test_objs.remove(group1_pso.dn)
+        self.assert_PSO_applied(user, group2_pso)
+
+    def get_guid(self, dn):
+        res = self.ldb.search(base=dn, attrs=["objectGUID"],
+                              scope=ldb.SCOPE_BASE)
+        return res[0]['objectGUID'][0]
+
+    def guid_string(self, guid):
+        return self.ldb.schema_format_value("objectGUID", guid)
+
+    def PSO_with_lowest_GUID(self, pso_list):
+        """Returns the PSO object in the list with the lowest GUID"""
+        # go through each PSO and fetch its GUID
+        guid_list = []
+        mapping = {}
+        for pso in pso_list:
+            guid = self.get_guid(pso.dn)
+            guid_list.append(guid)
+            # remember which GUID maps to what PSO
+            mapping[guid] = pso
+
+        # sort the GUID list to work out the lowest/best GUID
+        guid_list.sort()
+        best_guid = guid_list[0]
+
+        # sanity-check the mapping between GUID and DN is correct
+        best_pso_dn = mapping[best_guid].dn
+        self.assertEqual(self.guid_string(self.get_guid(best_pso_dn)),
+                         self.guid_string(best_guid))
+
+        # return the PSO that this GUID corresponds to
+        return mapping[best_guid]
+
+    def test_pso_equal_precedence(self):
+        """Tests expected PSO wins when several have the same precedence"""
+
+        # create some PSOs that vary in priority and basic password-len
+        pso1 = PasswordSettings("PSO-1", self.ldb, precedence=5, history_len=1,
+                                password_len=11)
+        pso2 = PasswordSettings("PSO-2", self.ldb, precedence=5, history_len=2,
+                                password_len=8)
+        pso3 = PasswordSettings("PSO-3", self.ldb, precedence=5, history_len=3,
+                                password_len=5, complexity=False)
+        pso4 = PasswordSettings("PSO-4", self.ldb, precedence=5, history_len=4,
+                                password_len=13, complexity=False)
+
+        # handle PSO clean-up (as they're outside the top-level test OU)
+        self.add_obj_cleanup([pso1.dn, pso2.dn, pso3.dn, pso4.dn])
+
+        # create some groups and apply the PSOs to the groups
+        group1 = self.add_group("Group-1")
+        group2 = self.add_group("Group-2")
+        group3 = self.add_group("Group-3")
+        group4 = self.add_group("Group-4")
+        pso1.apply_to(group1)
+        pso2.apply_to(group2)
+        pso3.apply_to(group3)
+        pso4.apply_to(group4)
+
+        # create a user and check the default settings apply to it
+        user = self.add_user("testuser")
+        self.assert_PSO_applied(user, self.pwd_defaults)
+
+        # add the user to all the groups
+        self.set_attribute(group1, "member", user.dn)
+        self.set_attribute(group2, "member", user.dn)
+        self.set_attribute(group3, "member", user.dn)
+        self.set_attribute(group4, "member", user.dn)
+
+        # precedence is equal, so the PSO with lowest GUID gets applied
+        pso_list = [pso1, pso2, pso3, pso4]
+        best_pso = self.PSO_with_lowest_GUID(pso_list)
+        self.assert_PSO_applied(user, best_pso)
+
+        # excluding the winning PSO, apply the other PSOs directly to the user
+        pso_list.remove(best_pso)
+        for pso in pso_list:
+            pso.apply_to(user.dn)
+
+        # we should now have a different PSO applied (the 2nd lowest GUID)
+        next_best_pso = self.PSO_with_lowest_GUID(pso_list)
+        self.assertTrue(next_best_pso is not best_pso)
+        self.assert_PSO_applied(user, next_best_pso)
+
+        # bump the precedence of another PSO and it should now win
+        pso_list.remove(next_best_pso)
+        best_pso = pso_list[0]
+        best_pso.set_precedence(4)
+        self.assert_PSO_applied(user, best_pso)
+
+    def test_pso_invalid_location(self):
+        """Tests that PSOs in an invalid location have no effect"""
+
+        # PSOs should only be able to be created within a Password Settings
+        # Container object. Trying to create one under an OU should fail
+        try:
+            rogue_pso = PasswordSettings("rogue-PSO", self.ldb, precedence=1,
+                                         complexity=False, password_len=20,
+                                         container=self.ou)
+            self.fail()
+        except ldb.LdbError as e:
+            (num, msg) = e.args
+            self.assertEqual(num, ldb.ERR_NAMING_VIOLATION, msg)
+            # Windows returns 2099 (Illegal superior), Samba returns 2037
+            # (Naming violation - "not a valid child class")
+            self.assertTrue('00002099' in msg or '00002037' in msg, msg)
+
+        # we can't create Password Settings Containers under an OU either
+        try:
+            rogue_psc = "CN=Rogue-PSO-container,%s" % self.ou
+            self.ldb.add({"dn": rogue_psc,
+                          "objectclass": "msDS-PasswordSettingsContainer"})
+            self.fail()
+        except ldb.LdbError as e:
+            (num, msg) = e.args
+            self.assertEqual(num, ldb.ERR_NAMING_VIOLATION, msg)
+            self.assertTrue('00002099' in msg or '00002037' in msg, msg)
+
+        base_dn = self.ldb.get_default_basedn()
+        rogue_psc = "CN=Rogue-PSO-container,CN=Computers,%s" % base_dn
+        self.ldb.add({"dn": rogue_psc,
+                      "objectclass": "msDS-PasswordSettingsContainer"})
+
+        rogue_pso = PasswordSettings("rogue-PSO", self.ldb, precedence=1,
+                                     container=rogue_psc, password_len=20)
+        self.add_obj_cleanup([rogue_pso.dn, rogue_psc])
+
+        # apply the PSO to a group and check it has no effect on the user
+        user = self.add_user("testuser")
+        group = self.add_group("Group-1")
+        rogue_pso.apply_to(group)
+        self.set_attribute(group, "member", user.dn)
+        self.assert_PSO_applied(user, self.pwd_defaults)
+
+        # apply the PSO directly to the user and check it has no effect
+        rogue_pso.apply_to(user.dn)
+        self.assert_PSO_applied(user, self.pwd_defaults)
+
+    # the PSOs created in these test-cases all use a default min-age of zero.
+    # This is the only test case that checks the PSO's min-age is enforced
+    def test_pso_min_age(self):
+        """Tests that a PSO's min-age is enforced"""
+        pso = PasswordSettings("min-age-PSO", self.ldb, password_len=10,
+                               password_age_min=2, complexity=False)
+        self.add_obj_cleanup([pso.dn])
+
+        # create a user and apply the PSO
+        user = self.add_user("testuser")
+        pso.apply_to(user.dn)
+        self.assertTrue(user.get_resultant_PSO() == pso.dn)
+
+        # changing the password immediately should fail, even if the password
+        # is valid
+        valid_password = "min-age-passwd"
+        self.assert_password_invalid(user, valid_password)
+        # then trying the same password later should succeed
+        time.sleep(pso.password_age_min + 0.5)
+        self.assert_password_valid(user, valid_password)
+
+    def test_pso_max_age(self):
+        """Tests that a PSO's max-age is used"""
+
+        # create PSOs that use the domain's max-age +/- 1 day
+        domain_max_age = self.pwd_defaults.password_age_max
+        day_in_secs = 60 * 60 * 24
+        higher_max_age = domain_max_age + day_in_secs
+        lower_max_age = domain_max_age - day_in_secs
+        longer_pso = PasswordSettings("longer-age-PSO", self.ldb, precedence=5,
+                                      password_age_max=higher_max_age)
+        shorter_pso = PasswordSettings("shorter-age-PSO", self.ldb,
+                                       precedence=1,
+                                       password_age_max=lower_max_age)
+        self.add_obj_cleanup([longer_pso.dn, shorter_pso.dn])
+
+        user = self.add_user("testuser")
+
+        # we can't wait around long enough for the max-age to expire, so
+        # instead just check the msDS-UserPasswordExpiryTimeComputed for
+        # the user
+        attrs = ['msDS-UserPasswordExpiryTimeComputed']
+        res = self.ldb.search(user.dn, attrs=attrs)
+        domain_expiry = int(res[0]['msDS-UserPasswordExpiryTimeComputed'][0])
+
+        # apply the longer PSO and check the expiry-time becomes longer
+        longer_pso.apply_to(user.dn)
+        self.assertTrue(user.get_resultant_PSO() == longer_pso.dn)
+        res = self.ldb.search(user.dn, attrs=attrs)
+        new_expiry = int(res[0]['msDS-UserPasswordExpiryTimeComputed'][0])
+
+        # use timestamp diff of 1 day - 1 minute. The new expiry should still
+        # be greater than this, without getting into nano-second granularity
+        approx_timestamp_diff = (day_in_secs - 60) * (1e7)
+        self.assertTrue(new_expiry > domain_expiry + approx_timestamp_diff)
+
+        # apply the shorter PSO and check the expiry-time is shorter
+        shorter_pso.apply_to(user.dn)
+        self.assertTrue(user.get_resultant_PSO() == shorter_pso.dn)
+        res = self.ldb.search(user.dn, attrs=attrs)
+        new_expiry = int(res[0]['msDS-UserPasswordExpiryTimeComputed'][0])
+        self.assertTrue(new_expiry < domain_expiry - approx_timestamp_diff)
+
+    def test_pso_special_groups(self):
+        """Checks applying a PSO to built-in AD groups takes effect"""
+
+        # create some PSOs that will apply to special groups
+        default_pso = PasswordSettings("default-PSO", self.ldb, precedence=20,
+                                       password_len=8, complexity=False)
+        guest_pso = PasswordSettings("guest-PSO", self.ldb, history_len=4,
+                                     precedence=5, password_len=5)
+        builtin_pso = PasswordSettings("builtin-PSO", self.ldb, history_len=9,
+                                       precedence=1, password_len=9)
+        admin_pso = PasswordSettings("admin-PSO", self.ldb, history_len=0,
+                                     precedence=2, password_len=10)
+        self.add_obj_cleanup([default_pso.dn, guest_pso.dn, admin_pso.dn,
+                              builtin_pso.dn])
+        base_dn = self.ldb.domain_dn()
+        domain_users = "CN=Domain Users,CN=Users,%s" % base_dn
+        domain_guests = "CN=Domain Guests,CN=Users,%s" % base_dn
+        admin_users = "CN=Domain Admins,CN=Users,%s" % base_dn
+
+        # if we apply a PSO to Domain Users (which all users are a member of)
+        # then that PSO should take effect on a new user
+        default_pso.apply_to(domain_users)
+        user = self.add_user("testuser")
+        self.assert_PSO_applied(user, default_pso)
+
+        # Apply a PSO to a builtin group. 'Domain Users' should be a member of
+        # Builtin/Users, but builtin groups should be excluded from the PSO
+        # calculation, so this should have no effect
+        builtin_pso.apply_to("CN=Users,CN=Builtin,%s" % base_dn)
+        builtin_pso.apply_to("CN=Administrators,CN=Builtin,%s" % base_dn)
+        self.assert_PSO_applied(user, default_pso)
+
+        # change the user's primary group to another group (the primaryGroupID
+        # is a little odd in that there's no memberOf backlink for it)
+        self.set_attribute(domain_guests, "member", user.dn)
+        user.set_primary_group(domain_guests)
+        # No PSO is applied to the Domain Guests yet, so the default PSO should
+        # still apply
+        self.assert_PSO_applied(user, default_pso)
+
+        # now apply a PSO to the guests group, which should trump the default
+        # PSO (because the guest PSO has a better precedence)
+        guest_pso.apply_to(domain_guests)
+        self.assert_PSO_applied(user, guest_pso)
+
+        # create a new group that's a member of Admin Users
+        nested_group = self.add_group("nested-group")
+        self.set_attribute(admin_users, "member", nested_group)
+        # set the user's primary-group to be the new group
+        self.set_attribute(nested_group, "member", user.dn)
+        user.set_primary_group(nested_group)
+        # we've only changed group membership so far, not the PSO
+        self.assert_PSO_applied(user, guest_pso)
+
+        # now apply the best-precedence PSO to Admin Users and check it applies
+        # to the user (via the nested-group's membership)
+        admin_pso.apply_to(admin_users)
+        self.assert_PSO_applied(user, admin_pso)
+
+        # restore the default primaryGroupID so we can safely delete the group
+        user.set_primary_group(domain_users)
+
+    def test_pso_none_applied(self):
+        """Tests cases where no Resultant PSO should be returned"""
+
+        # create a PSO that we will check *doesn't* get returned
+        dummy_pso = PasswordSettings("dummy-PSO", self.ldb, password_len=20)
+        self.add_obj_cleanup([dummy_pso.dn])
+
+        # you can apply a PSO to other objects (like OUs), but the resultantPSO
+        # attribute should only be returned for users
+        dummy_pso.apply_to(str(self.ou))
+        res = self.ldb.search(self.ou, attrs=['msDS-ResultantPSO'])
+        self.assertFalse('msDS-ResultantPSO' in res[0])
+
+        # create a dummy user and apply the PSO
+        user = self.add_user("testuser")
+        dummy_pso.apply_to(user.dn)
+        self.assertTrue(user.get_resultant_PSO() == dummy_pso.dn)
+
+        try:
+            # now clear the ADS_UF_NORMAL_ACCOUNT flag for the user, which should
+            # mean a resultant PSO is no longer returned (we're essentially turning
+            # the user into a DC here, which is a little overkill but tests
+            # behaviour as per the Windows specification)
+            self.set_attribute(user.dn, "userAccountControl",
+                               str(dsdb.UF_WORKSTATION_TRUST_ACCOUNT),
+                               operation=FLAG_MOD_REPLACE)
+        except ldb.LdbError as e:
+            (num, msg) = e.args
+            self.fail(f"Failed to change user into a workstation: {msg}")
+        self.assertIsNone(user.get_resultant_PSO())
+
+        try:
+            # reset it back to a normal user account
+            self.set_attribute(user.dn, "userAccountControl",
+                               str(dsdb.UF_NORMAL_ACCOUNT),
+                               operation=FLAG_MOD_REPLACE)
+        except ldb.LdbError as e:
+            (num, msg) = e.args
+            self.fail(f"Failed to change user back into a user: {msg}")
+        self.assertTrue(user.get_resultant_PSO() == dummy_pso.dn)
+
+        # no PSO should be returned if RID is equal to DOMAIN_USER_RID_KRBTGT
+        # (note this currently fails against Windows due to a Windows bug)
+        krbtgt_user = "CN=krbtgt,CN=Users,%s" % self.ldb.domain_dn()
+        dummy_pso.apply_to(krbtgt_user)
+        res = self.ldb.search(krbtgt_user, attrs=['msDS-ResultantPSO'])
+        self.assertFalse('msDS-ResultantPSO' in res[0])
+
+    def get_ldb_connection(self, username, password, ldaphost):
+        """Returns an LDB connection using the specified user's credentials"""
+        creds = self.get_credentials()
+        creds_tmp = Credentials()
+        creds_tmp.set_username(username)
+        creds_tmp.set_password(password)
+        creds_tmp.set_domain(creds.get_domain())
+        creds_tmp.set_realm(creds.get_realm())
+        creds_tmp.set_workstation(creds.get_workstation())
+        features = creds_tmp.get_gensec_features() | gensec.FEATURE_SEAL
+        creds_tmp.set_gensec_features(features)
+        return samba.tests.connect_samdb(ldaphost, credentials=creds_tmp)
+
+    def test_pso_permissions(self):
+        """Checks that regular users can't modify/view PSO objects"""
+
+        user = self.add_user("testuser")
+
+        # get an ldb connection with the new user's privileges
+        user_ldb = self.get_ldb_connection("testuser", user.get_password(),
+                                           self.host_url)
+
+        # regular users should not be able to create a PSO (at least, not in
+        # the default Password Settings container)
+        try:
+            priv_pso = PasswordSettings("priv-PSO", user_ldb, password_len=20)
+            self.fail()
+        except ldb.LdbError as e:
+            (num, msg) = e.args
+            self.assertEqual(num, ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS, msg)
+
+        # create a PSO as the admin user
+        priv_pso = PasswordSettings("priv-PSO", self.ldb, password_len=20)
+        self.add_obj_cleanup([priv_pso.dn])
+
+        # regular users should not be able to apply a PSO to a user
+        try:
+            self.set_attribute(priv_pso.dn, "msDS-PSOAppliesTo", user.dn,
+                               samdb=user_ldb)
+            self.fail()
+        except ldb.LdbError as e:
+            (num, msg) = e.args
+            self.assertEqual(num, ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS, msg)
+            self.assertTrue('00002098' in msg, msg)
+
+        self.set_attribute(priv_pso.dn, "msDS-PSOAppliesTo", user.dn,
+                           samdb=self.ldb)
+
+        # regular users should not be able to change a PSO's precedence
+        try:
+            priv_pso.set_precedence(100, samdb=user_ldb)
+            self.fail()
+        except ldb.LdbError as e:
+            (num, msg) = e.args
+            self.assertEqual(num, ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS, msg)
+            self.assertTrue('00002098' in msg, msg)
+
+        priv_pso.set_precedence(100, samdb=self.ldb)
+
+        # regular users should not be able to view a PSO's settings
+        pso_attrs = ["msDS-PSOAppliesTo", "msDS-PasswordSettingsPrecedence",
+                     "msDS-PasswordHistoryLength", "msDS-LockoutThreshold",
+                     "msDS-PasswordComplexityEnabled"]
+
+        # users can see the PSO object's DN, but not its attributes
+        res = user_ldb.search(priv_pso.dn, scope=ldb.SCOPE_BASE,
+                              attrs=pso_attrs)
+        self.assertTrue(str(priv_pso.dn) == str(res[0].dn))
+        for attr in pso_attrs:
+            self.assertFalse(attr in res[0])
+
+        # whereas admin users can see everything
+        res = self.ldb.search(priv_pso.dn, scope=ldb.SCOPE_BASE,
+                              attrs=pso_attrs)
+        for attr in pso_attrs:
+            self.assertTrue(attr in res[0])
+
+        # check replace/delete operations can't be performed by regular users
+        operations = [FLAG_MOD_REPLACE, FLAG_MOD_DELETE]
+
+        for oper in operations:
+            try:
+                self.set_attribute(priv_pso.dn, "msDS-PSOAppliesTo", user.dn,
+                                   samdb=user_ldb, operation=oper)
+                self.fail()
+            except ldb.LdbError as e:
+                (num, msg) = e.args
+                self.assertEqual(num, ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS, msg)
+                self.assertTrue('00002098' in msg, msg)
+
+            # ...but can be performed by the admin user
+            self.set_attribute(priv_pso.dn, "msDS-PSOAppliesTo", user.dn,
+                               samdb=self.ldb, operation=oper)
+
+    def format_password_for_ldif(self, password):
+        """Encodes/decodes the password so that it's accepted in an LDIF"""
+        pwd = '"{0}"'.format(password)
+        return base64.b64encode(pwd.encode('utf-16-le')).decode('utf8')
+
+    # The 'user add' case is a bit more complicated as you can't really query
+    # the msDS-ResultantPSO attribute on a user that doesn't exist yet (it
+    # won't have any group membership or PSOs applied directly against it yet).
+    # In theory it's possible to still get an applicable PSO via the user's
+    # primaryGroupID (i.e. 'Domain Users' by default). However, testing against
+    # Windows shows that the PSO doesn't take effect during the user add
+    # operation. (However, the Windows GUI tools presumably adds the user in 2
+    # steps, because it does enforce the PSO for users added via the GUI).
+    def test_pso_add_user(self):
+        """Tests against a 'Domain Users' PSO taking effect on a new user"""
+
+        # create a PSO that will apply to users by default
+        default_pso = PasswordSettings("default-PSO", self.ldb, precedence=20,
+                                       password_len=12, complexity=False)
+        self.add_obj_cleanup([default_pso.dn])
+
+        # apply the PSO to Domain Users (which all users are a member of). In
+        # theory, this PSO *could* take effect on a new user (but it doesn't)
+        domain_users = "CN=Domain Users,CN=Users,%s" % self.ldb.domain_dn()
+        default_pso.apply_to(domain_users)
+
+        # first try to add a user with a password that doesn't meet the domain
+        # defaults, to prove that the DC will reject bad passwords during a
+        # user add
+        userdn = "CN=testuser,%s" % self.ou
+        password = self.format_password_for_ldif('abcdef')
+
+        # Note we use an LDIF operation to ensure that the password gets set
+        # as part of the 'add' operation (whereas self.add_user() adds the user
+        # first, then sets the password later in a 2nd step)
+        try:
+            ldif = """
+dn: %s
+objectClass: user
+sAMAccountName: testuser
+unicodePwd:: %s
+""" % (userdn, password)
+            self.ldb.add_ldif(ldif)
+            self.fail()
+        except ldb.LdbError as e:
+                (num, msg) = e.args
+                # error codes differ between Samba and Windows
+                self.assertTrue(num == ldb.ERR_UNWILLING_TO_PERFORM or
+                                num == ldb.ERR_CONSTRAINT_VIOLATION, msg)
+                self.assertTrue('0000052D' in msg, msg)
+
+        # now use a password that meets the domain defaults, but doesn't meet
+        # the PSO requirements. Note that Windows allows this, i.e. it doesn't
+        # honour the PSO during the add operation
+        password = self.format_password_for_ldif('abcde12#')
+        ldif = """
+dn: %s
+objectClass: user
+sAMAccountName: testuser
+unicodePwd:: %s
+""" % (userdn, password)
+        self.ldb.add_ldif(ldif)
+
+        # Now do essentially the same thing, but set the password in a 2nd step
+        # which proves that the same password doesn't meet the PSO requirements
+        userdn = "CN=testuser2,%s" % self.ou
+        ldif = """
+dn: %s
+objectClass: user
+sAMAccountName: testuser2
+""" % userdn
+        self.ldb.add_ldif(ldif)
+
+        # now that the user exists, assert that the PSO is honoured
+        try:
+            ldif = """
+dn: %s
+changetype: modify
+delete: unicodePwd
+add: unicodePwd
+unicodePwd:: %s
+""" % (userdn, password)
+            self.ldb.modify_ldif(ldif)
+            self.fail()
+        except ldb.LdbError as e:
+                (num, msg) = e.args
+                self.assertEqual(num, ldb.ERR_CONSTRAINT_VIOLATION, msg)
+                self.assertTrue('0000052D' in msg, msg)
+
+        # check setting a password that meets the PSO settings works
+        password = self.format_password_for_ldif('abcdefghijkl')
+        ldif = """
+dn: %s
+changetype: modify
+delete: unicodePwd
+add: unicodePwd
+unicodePwd:: %s
+""" % (userdn, password)
+        self.ldb.modify_ldif(ldif)
+
+    def set_domain_pwdHistoryLength(self, value):
+        m = ldb.Message()
+        m.dn = ldb.Dn(self.ldb, self.ldb.domain_dn())
+        m["pwdHistoryLength"] = ldb.MessageElement(value,
+                                                   ldb.FLAG_MOD_REPLACE,
+                                                   "pwdHistoryLength")
+        self.ldb.modify(m)
+
+    def test_domain_pwd_history(self):
+        """Non-PSO test for domain's pwdHistoryLength setting"""
+
+        # restore the current pwdHistoryLength setting after the test completes
+        curr_hist_len = str(self.pwd_defaults.history_len)
+        self.addCleanup(self.set_domain_pwdHistoryLength, curr_hist_len)
+
+        self.set_domain_pwdHistoryLength("4")
+        user = self.add_user("testuser")
+
+        initial_pwd = user.get_password()
+        passwords = ["First12#", "Second12#", "Third12#", "Fourth12#"]
+
+        # we should be able to set the password to new values OK
+        for pwd in passwords:
+            self.assert_password_valid(user, pwd)
+
+        # the 2nd time round it should fail because they're in the history now
+        for pwd in passwords:
+            self.assert_password_invalid(user, pwd)
+
+        # but the initial password is now outside the history, so should be OK
+        self.assert_password_valid(user, initial_pwd)
+
+        # if we set the history to zero, all the old passwords should now be OK
+        self.set_domain_pwdHistoryLength("0")
+        for pwd in passwords:
+            self.assert_password_valid(user, pwd)
+
+    def test_domain_pwd_history_zero(self):
+        """Non-PSO test for pwdHistoryLength going from zero to non-zero"""
+
+        # restore the current pwdHistoryLength setting after the test completes
+        curr_hist_len = str(self.pwd_defaults.history_len)
+        self.addCleanup(self.set_domain_pwdHistoryLength, curr_hist_len)
+
+        self.set_domain_pwdHistoryLength("0")
+        user = self.add_user("testuser")
+
+        self.assert_password_valid(user, "NewPwd12#")
+        # we can set the exact same password again because there's no history
+        self.assert_password_valid(user, "NewPwd12#")
+
+        # When going from zero to non-zero password-history, Windows treats
+        # the current user's password as invalid (even though the password has
+        # not been altered since the setting changed).
+        self.set_domain_pwdHistoryLength("1")
+        self.assert_password_invalid(user, "NewPwd12#")
diff --git a/source4/dsdb/tests/python/passwords.py b/source4/dsdb/tests/python/passwords.py
new file mode 100755
index 0000000..d431486
--- /dev/null
+++ b/source4/dsdb/tests/python/passwords.py
@@ -0,0 +1,1451 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+# This tests the password changes over LDAP for AD implementations
+#
+# Copyright Matthias Dieter Wallnoefer 2010
+#
+# Notice: This tests will also work against Windows Server if the connection is
+# secured enough (SASL with a minimum of 128 Bit encryption) - consider
+# MS-ADTS 3.1.1.3.1.5
+
+import optparse
+import sys
+import base64
+import time
+import os
+
+sys.path.insert(0, "bin/python")
+
+from samba.tests.subunitrun import SubunitOptions, TestProgram
+from samba.tests.password_test import PasswordTestCase
+
+import samba.getopt as options
+
+from samba.auth import system_session
+from samba.credentials import Credentials
+from samba.dcerpc import security
+from samba.hresult import HRES_SEC_E_INVALID_TOKEN
+from ldb import SCOPE_BASE, LdbError
+from ldb import ERR_ATTRIBUTE_OR_VALUE_EXISTS
+from ldb import ERR_UNWILLING_TO_PERFORM, ERR_INSUFFICIENT_ACCESS_RIGHTS
+from ldb import ERR_NO_SUCH_ATTRIBUTE
+from ldb import ERR_CONSTRAINT_VIOLATION
+from ldb import ERR_INVALID_CREDENTIALS
+from ldb import Message, MessageElement, Dn
+from ldb import FLAG_MOD_ADD, FLAG_MOD_REPLACE, FLAG_MOD_DELETE
+from samba import gensec, werror
+from samba.samdb import SamDB
+from samba.tests import delete_force
+
+parser = optparse.OptionParser("passwords.py [options] <host>")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+subunitopts = SubunitOptions(parser)
+parser.add_option_group(subunitopts)
+
+opts, args = parser.parse_args()
+
+if len(args) < 1:
+    parser.print_usage()
+    sys.exit(1)
+
+host = args[0]
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+
+# Force an encrypted connection
+creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
+
+#
+# Tests start here
+#
+
+
+class PasswordTests(PasswordTestCase):
+
+    def setUp(self):
+        super(PasswordTests, self).setUp()
+        self.ldb = SamDB(url=host, session_info=system_session(lp), credentials=creds, lp=lp)
+
+        # permit password changes during this test
+        self.allow_password_changes()
+
+        self.base_dn = self.ldb.domain_dn()
+
+        # (Re)adds the test user "testuser" with no password atm
+        delete_force(self.ldb, "cn=testuser,cn=users," + self.base_dn)
+        self.ldb.add({
+             "dn": "cn=testuser,cn=users," + self.base_dn,
+             "objectclass": "user",
+             "sAMAccountName": "testuser"})
+
+        # Tests a password change when we don't have any password yet with a
+        # wrong old password
+        try:
+            self.ldb.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: userPassword
+userPassword: noPassword
+add: userPassword
+userPassword: thatsAcomplPASS2
+""")
+            self.fail()
+        except LdbError as e:
+            (num, msg) = e.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+            # Windows (2008 at least) seems to have some small bug here: it
+            # returns "0000056A" on longer (always wrong) previous passwords.
+            self.assertTrue('00000056' in msg)
+
+        # Sets the initial user password with a "special" password change
+        # I think that this internally is a password set operation and it can
+        # only be performed by someone which has password set privileges on the
+        # account (at least in s4 we do handle it like that).
+        self.ldb.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: userPassword
+add: userPassword
+userPassword: thatsAcomplPASS1
+""")
+
+        # But in the other way around this special syntax doesn't work
+        try:
+            self.ldb.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: userPassword
+userPassword: thatsAcomplPASS1
+add: userPassword
+""")
+            self.fail()
+        except LdbError as e1:
+            (num, _) = e1.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        # Enables the user account
+        self.ldb.enable_account("(sAMAccountName=testuser)")
+
+        # Open a second LDB connection with the user credentials. Use the
+        # command line credentials for information like the domain, the realm
+        # and the workstation.
+        creds2 = Credentials()
+        creds2.set_username("testuser")
+        creds2.set_password("thatsAcomplPASS1")
+        creds2.set_domain(creds.get_domain())
+        creds2.set_realm(creds.get_realm())
+        creds2.set_workstation(creds.get_workstation())
+        creds2.set_gensec_features(creds2.get_gensec_features()
+                                   | gensec.FEATURE_SEAL)
+        self.ldb2 = SamDB(url=host, credentials=creds2, lp=lp)
+        self.creds = creds2
+
+    def test_unicodePwd_hash_set(self):
+        """Performs a password hash set operation on 'unicodePwd' which should be prevented"""
+        # Notice: Direct hash password sets should never work
+
+        m = Message()
+        m.dn = Dn(self.ldb, "cn=testuser,cn=users," + self.base_dn)
+        m["unicodePwd"] = MessageElement("XXXXXXXXXXXXXXXX", FLAG_MOD_REPLACE,
+                                         "unicodePwd")
+        try:
+            self.ldb.modify(m)
+            self.fail()
+        except LdbError as e2:
+            (num, _) = e2.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+    def test_unicodePwd_hash_change(self):
+        """Performs a password hash change operation on 'unicodePwd' which should be prevented"""
+        # Notice: Direct hash password changes should never work
+
+        # Hash password changes should never work
+        try:
+            self.ldb2.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: unicodePwd
+unicodePwd: XXXXXXXXXXXXXXXX
+add: unicodePwd
+unicodePwd: YYYYYYYYYYYYYYYY
+""")
+            self.fail()
+        except LdbError as e3:
+            (num, _) = e3.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+    def test_unicodePwd_clear_set(self):
+        """Performs a password cleartext set operation on 'unicodePwd'"""
+
+        m = Message()
+        m.dn = Dn(self.ldb, "cn=testuser,cn=users," + self.base_dn)
+        m["unicodePwd"] = MessageElement("\"thatsAcomplPASS2\"".encode('utf-16-le'),
+                                         FLAG_MOD_REPLACE, "unicodePwd")
+        self.ldb.modify(m)
+
+    def test_unicodePwd_clear_change(self):
+        """Performs a password cleartext change operation on 'unicodePwd'"""
+
+        self.ldb2.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS1\"".encode('utf-16-le')).decode('utf8') + """
+add: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS2\"".encode('utf-16-le')).decode('utf8') + """
+""")
+
+        # Wrong old password
+        try:
+            self.ldb2.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS3\"".encode('utf-16-le')).decode('utf8') + """
+add: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS4\"".encode('utf-16-le')).decode('utf8') + """
+""")
+            self.fail()
+        except LdbError as e4:
+            (num, msg) = e4.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+            self.assertTrue('00000056' in msg)
+
+        # A change to the same password again will not work (password history)
+        try:
+            self.ldb2.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS2\"".encode('utf-16-le')).decode('utf8') + """
+add: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS2\"".encode('utf-16-le')).decode('utf8') + """
+""")
+            self.fail()
+        except LdbError as e5:
+            (num, msg) = e5.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+            self.assertTrue('0000052D' in msg)
+
+    def test_old_password_simple_bind(self):
+        """Shows that we can log in with the immediate previous password, but not any earlier passwords."""
+
+        user_dn_str = f'CN=testuser,CN=Users,{self.base_dn}'
+        user_dn = Dn(self.ldb, user_dn_str)
+
+        # Change the account password.
+        m = Message(user_dn)
+        m['0'] = MessageElement(self.creds.get_password(),
+                                FLAG_MOD_DELETE, 'userPassword')
+        m['1'] = MessageElement('Password#2',
+                                FLAG_MOD_ADD, 'userPassword')
+        self.ldb.modify(m)
+
+        # Show we can still log in using the previous password.
+        self.creds.set_bind_dn(user_dn_str)
+        try:
+            SamDB(url=host_ldaps,
+                  credentials=self.creds, lp=lp)
+        except LdbError:
+            self.fail('failed to login with previous password!')
+
+        # Change the account password a second time.
+        m = Message(user_dn)
+        m['0'] = MessageElement('Password#2',
+                                FLAG_MOD_DELETE, 'userPassword')
+        m['1'] = MessageElement('Password#3',
+                                FLAG_MOD_ADD, 'userPassword')
+        self.ldb.modify(m)
+
+        # Show we can no longer log in using the original password.
+        try:
+            SamDB(url=host_ldaps,
+                  credentials=self.creds, lp=lp)
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(ERR_INVALID_CREDENTIALS, num)
+            self.assertIn(f"{HRES_SEC_E_INVALID_TOKEN:08X}", estr)
+        else:
+            self.fail('should have failed to login with previous password!')
+
+    def test_old_password_attempt_reuse(self):
+        """Shows that we cannot reuse the original password after changing the password twice."""
+        res = self.ldb.search(self.ldb.domain_dn(), scope=SCOPE_BASE,
+                              attrs=['pwdHistoryLength'])
+
+        history_len = int(res[0].get('pwdHistoryLength', idx=0))
+        self.assertGreaterEqual(history_len, 3)
+
+        user_dn_str = f'CN=testuser,CN=Users,{self.base_dn}'
+        user_dn = Dn(self.ldb, user_dn_str)
+
+        first_pwd = self.creds.get_password()
+        previous_pwd = first_pwd
+
+        for new_pwd in ['Password#0', 'Password#1']:
+            # Change the account password.
+            m = Message(user_dn)
+            m['0'] = MessageElement(previous_pwd,
+                                    FLAG_MOD_DELETE, 'userPassword')
+            m['1'] = MessageElement(new_pwd,
+                                    FLAG_MOD_ADD, 'userPassword')
+            self.ldb.modify(m)
+
+            # Show that the original password is in the history by trying to
+            # set it as our new password.
+            m = Message(user_dn)
+            m['0'] = MessageElement(new_pwd,
+                                    FLAG_MOD_DELETE, 'userPassword')
+            m['1'] = MessageElement(first_pwd,
+                                    FLAG_MOD_ADD, 'userPassword')
+            try:
+                self.ldb.modify(m)
+            except LdbError as err:
+                num, estr = err.args
+                self.assertEqual(ERR_CONSTRAINT_VIOLATION, num)
+                self.assertIn(f'{werror.WERR_PASSWORD_RESTRICTION:08X}', estr)
+            else:
+                self.fail('should not have been able to reuse password!')
+
+            previous_pwd = new_pwd
+
+    def test_old_password_rename_simple_bind(self):
+        """Shows that we can log in with the previous password after renaming the account."""
+        user_dn_str = f'CN=testuser,CN=Users,{self.base_dn}'
+        user_dn = Dn(self.ldb, user_dn_str)
+
+        # Change the account password.
+        m = Message(user_dn)
+        m['0'] = MessageElement(self.creds.get_password(),
+                                FLAG_MOD_DELETE, 'userPassword')
+        m['1'] = MessageElement('Password#2',
+                                FLAG_MOD_ADD, 'userPassword')
+        self.ldb.modify(m)
+
+        # Show we can still log in using the previous password.
+        self.creds.set_bind_dn(user_dn_str)
+        try:
+            SamDB(url=host_ldaps,
+                  credentials=self.creds, lp=lp)
+        except LdbError:
+            self.fail('failed to login with previous password!')
+
+        # Rename the account, causing the salt to change.
+        m = Message(user_dn)
+        m['1'] = MessageElement('testuser_2',
+                                FLAG_MOD_REPLACE, 'sAMAccountName')
+        self.ldb.modify(m)
+
+        # Show that a simple bind can still be performed using the previous
+        # password.
+        self.creds.set_username('testuser_2')
+        try:
+            SamDB(url=host_ldaps,
+                  credentials=self.creds, lp=lp)
+        except LdbError:
+            self.fail('failed to login with previous password!')
+
+    def test_old_password_rename_simple_bind_2(self):
+        """Shows that we can rename the account, change the password and log in with the previous password."""
+        user_dn_str = f'CN=testuser,CN=Users,{self.base_dn}'
+        user_dn = Dn(self.ldb, user_dn_str)
+
+        # Rename the account, causing the salt to change.
+        m = Message(user_dn)
+        m['1'] = MessageElement('testuser_2',
+                                FLAG_MOD_REPLACE, 'sAMAccountName')
+        self.ldb.modify(m)
+
+        # Change the account password, causing the new salt to be stored.
+        m = Message(user_dn)
+        m['0'] = MessageElement(self.creds.get_password(),
+                                FLAG_MOD_DELETE, 'userPassword')
+        m['1'] = MessageElement('Password#2',
+                                FLAG_MOD_ADD, 'userPassword')
+        self.ldb.modify(m)
+
+        # Show that a simple bind can still be performed using the previous
+        # password.
+        self.creds.set_bind_dn(user_dn_str)
+        self.creds.set_username('testuser_2')
+        try:
+            SamDB(url=host_ldaps,
+                  credentials=self.creds, lp=lp)
+        except LdbError:
+            self.fail('failed to login with previous password!')
+
+    def test_old_password_rename_attempt_reuse(self):
+        """Shows that we cannot reuse the original password after renaming the account."""
+        user_dn_str = f'CN=testuser,CN=Users,{self.base_dn}'
+        user_dn = Dn(self.ldb, user_dn_str)
+
+        # Change the account password.
+        m = Message(user_dn)
+        m['0'] = MessageElement(self.creds.get_password(),
+                                FLAG_MOD_DELETE, 'userPassword')
+        m['1'] = MessageElement('Password#2',
+                                FLAG_MOD_ADD, 'userPassword')
+        self.ldb.modify(m)
+
+        # Show that the previous password is in the history by trying to set it
+        # as our new password.
+        m = Message(user_dn)
+        m['0'] = MessageElement('Password#2',
+                                FLAG_MOD_DELETE, 'userPassword')
+        m['1'] = MessageElement(self.creds.get_password(),
+                                FLAG_MOD_ADD, 'userPassword')
+        try:
+            self.ldb.modify(m)
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(ERR_CONSTRAINT_VIOLATION, num)
+            self.assertIn(f'{werror.WERR_PASSWORD_RESTRICTION:08X}', estr)
+        else:
+            self.fail('should not have been able to reuse password!')
+
+        # Rename the account, causing the salt to change.
+        m = Message(user_dn)
+        m['1'] = MessageElement('testuser_2',
+                                FLAG_MOD_REPLACE, 'sAMAccountName')
+        self.ldb.modify(m)
+
+        # Show that the previous password is still in the history by trying to
+        # set it as our new password.
+        m = Message(user_dn)
+        m['0'] = MessageElement('Password#2',
+                                FLAG_MOD_DELETE, 'userPassword')
+        m['1'] = MessageElement(self.creds.get_password(),
+                                FLAG_MOD_ADD, 'userPassword')
+        try:
+            self.ldb.modify(m)
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(ERR_CONSTRAINT_VIOLATION, num)
+            self.assertIn(f'{werror.WERR_PASSWORD_RESTRICTION:08X}', estr)
+        else:
+            self.fail('should not have been able to reuse password!')
+
+    def test_old_password_rename_attempt_reuse_2(self):
+        """Shows that we cannot reuse the original password after renaming the account and changing the password."""
+        user_dn_str = f'CN=testuser,CN=Users,{self.base_dn}'
+        user_dn = Dn(self.ldb, user_dn_str)
+
+        # Rename the account, causing the salt to change.
+        m = Message(user_dn)
+        m['1'] = MessageElement('testuser_2',
+                                FLAG_MOD_REPLACE, 'sAMAccountName')
+        self.ldb.modify(m)
+
+        # Change the account password, causing the new salt to be stored.
+        m = Message(user_dn)
+        m['0'] = MessageElement(self.creds.get_password(),
+                                FLAG_MOD_DELETE, 'userPassword')
+        m['1'] = MessageElement('Password#2',
+                                FLAG_MOD_ADD, 'userPassword')
+        self.ldb.modify(m)
+
+        # Show that the previous password is in the history by trying to set it
+        # as our new password.
+        m = Message(user_dn)
+        m['0'] = MessageElement('Password#2',
+                                FLAG_MOD_DELETE, 'userPassword')
+        m['1'] = MessageElement(self.creds.get_password(),
+                                FLAG_MOD_ADD, 'userPassword')
+        try:
+            self.ldb.modify(m)
+        except LdbError as err:
+            num, estr = err.args
+            self.assertEqual(ERR_CONSTRAINT_VIOLATION, num)
+            self.assertIn(f'{werror.WERR_PASSWORD_RESTRICTION:08X}', estr)
+        else:
+            self.fail('should not have been able to reuse password!')
+
+    def test_protected_unicodePwd_clear_set(self):
+        """Performs a password cleartext set operation on 'unicodePwd' with the user in
+the Protected Users group"""
+
+        user_dn = f'cn=testuser,cn=users,{self.base_dn}'
+
+        # Add the user to the Protected Users group.
+
+        # Search for the Protected Users group.
+        group_dn = Dn(self.ldb,
+                      f'<SID={self.ldb.get_domain_sid()}-'
+                      f'{security.DOMAIN_RID_PROTECTED_USERS}>')
+        try:
+            group_res = self.ldb.search(base=group_dn,
+                                        scope=SCOPE_BASE,
+                                        attrs=['member'])
+        except LdbError as err:
+            self.fail(err)
+
+        # Add the user to the list of members.
+        members = list(group_res[0].get('member', ()))
+        members.append(user_dn)
+
+        m = Message(group_dn)
+        m['member'] = MessageElement(members,
+                                     FLAG_MOD_REPLACE,
+                                     'member')
+        self.ldb.modify(m)
+
+        m = Message()
+        m.dn = Dn(self.ldb, user_dn)
+        m['unicodePwd'] = MessageElement(
+            '"thatsAcomplPASS2"'.encode('utf-16-le'),
+            FLAG_MOD_REPLACE, 'unicodePwd')
+        self.ldb.modify(m)
+
+    def test_protected_unicodePwd_clear_change(self):
+        """Performs a password cleartext change operation on 'unicodePwd' with the user
+in the Protected Users group"""
+
+        user_dn = f'cn=testuser,cn=users,{self.base_dn}'
+
+        # Add the user to the Protected Users group.
+
+        # Search for the Protected Users group.
+        group_dn = Dn(self.ldb,
+                      f'<SID={self.ldb.get_domain_sid()}-'
+                      f'{security.DOMAIN_RID_PROTECTED_USERS}>')
+        try:
+            group_res = self.ldb.search(base=group_dn,
+                                        scope=SCOPE_BASE,
+                                        attrs=['member'])
+        except LdbError as err:
+            self.fail(err)
+
+        # Add the user to the list of members.
+        members = list(group_res[0].get('member', ()))
+        members.append(user_dn)
+
+        m = Message(group_dn)
+        m['member'] = MessageElement(members,
+                                     FLAG_MOD_REPLACE,
+                                     'member')
+        self.ldb.modify(m)
+
+        self.ldb2.modify_ldif(f"""
+dn: cn=testuser,cn=users,{self.base_dn}
+changetype: modify
+delete: unicodePwd
+unicodePwd:: {base64.b64encode('"thatsAcomplPASS1"'.encode('utf-16-le'))
+        .decode('utf8')}
+add: unicodePwd
+unicodePwd:: {base64.b64encode('"thatsAcomplPASS2"'.encode('utf-16-le'))
+        .decode('utf8')}
+""")
+
+    def test_dBCSPwd_hash_set(self):
+        """Performs a password hash set operation on 'dBCSPwd' which should be prevented"""
+        # Notice: Direct hash password sets should never work
+
+        m = Message()
+        m.dn = Dn(self.ldb, "cn=testuser,cn=users," + self.base_dn)
+        m["dBCSPwd"] = MessageElement("XXXXXXXXXXXXXXXX", FLAG_MOD_REPLACE,
+                                      "dBCSPwd")
+        try:
+            self.ldb.modify(m)
+            self.fail()
+        except LdbError as e6:
+            (num, _) = e6.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+    def test_dBCSPwd_hash_change(self):
+        """Performs a password hash change operation on 'dBCSPwd' which should be prevented"""
+        # Notice: Direct hash password changes should never work
+
+        try:
+            self.ldb2.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: dBCSPwd
+dBCSPwd: XXXXXXXXXXXXXXXX
+add: dBCSPwd
+dBCSPwd: YYYYYYYYYYYYYYYY
+""")
+            self.fail()
+        except LdbError as e7:
+            (num, _) = e7.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+    def test_userPassword_clear_set(self):
+        """Performs a password cleartext set operation on 'userPassword'"""
+        # Notice: This works only against Windows if "dSHeuristics" has been set
+        # properly
+
+        m = Message()
+        m.dn = Dn(self.ldb, "cn=testuser,cn=users," + self.base_dn)
+        m["userPassword"] = MessageElement("thatsAcomplPASS2", FLAG_MOD_REPLACE,
+                                           "userPassword")
+        self.ldb.modify(m)
+
+    def test_userPassword_clear_change(self):
+        """Performs a password cleartext change operation on 'userPassword'"""
+        # Notice: This works only against Windows if "dSHeuristics" has been set
+        # properly
+
+        self.ldb2.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: userPassword
+userPassword: thatsAcomplPASS1
+add: userPassword
+userPassword: thatsAcomplPASS2
+""")
+
+        # Wrong old password
+        try:
+            self.ldb2.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: userPassword
+userPassword: thatsAcomplPASS3
+add: userPassword
+userPassword: thatsAcomplPASS4
+""")
+            self.fail()
+        except LdbError as e8:
+            (num, msg) = e8.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+            self.assertTrue('00000056' in msg)
+
+        # A change to the same password again will not work (password history)
+        try:
+            self.ldb2.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: userPassword
+userPassword: thatsAcomplPASS2
+add: userPassword
+userPassword: thatsAcomplPASS2
+""")
+            self.fail()
+        except LdbError as e9:
+            (num, msg) = e9.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+            self.assertTrue('0000052D' in msg)
+
+    def test_clearTextPassword_clear_set(self):
+        """Performs a password cleartext set operation on 'clearTextPassword'"""
+        # Notice: This never works against Windows - only supported by us
+
+        try:
+            m = Message()
+            m.dn = Dn(self.ldb, "cn=testuser,cn=users," + self.base_dn)
+            m["clearTextPassword"] = MessageElement("thatsAcomplPASS2".encode('utf-16-le'),
+                                                    FLAG_MOD_REPLACE, "clearTextPassword")
+            self.ldb.modify(m)
+            # this passes against s4
+        except LdbError as e10:
+            (num, msg) = e10.args
+            # "NO_SUCH_ATTRIBUTE" is returned by Windows -> ignore it
+            if num != ERR_NO_SUCH_ATTRIBUTE:
+                raise LdbError(num, msg)
+
+    def test_clearTextPassword_clear_change(self):
+        """Performs a password cleartext change operation on 'clearTextPassword'"""
+        # Notice: This never works against Windows - only supported by us
+
+        try:
+            self.ldb2.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: clearTextPassword
+clearTextPassword:: """ + base64.b64encode("thatsAcomplPASS1".encode('utf-16-le')).decode('utf8') + """
+add: clearTextPassword
+clearTextPassword:: """ + base64.b64encode("thatsAcomplPASS2".encode('utf-16-le')).decode('utf8') + """
+""")
+            # this passes against s4
+        except LdbError as e11:
+            (num, msg) = e11.args
+            # "NO_SUCH_ATTRIBUTE" is returned by Windows -> ignore it
+            if num != ERR_NO_SUCH_ATTRIBUTE:
+                raise LdbError(num, msg)
+
+        # Wrong old password
+        try:
+            self.ldb2.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: clearTextPassword
+clearTextPassword:: """ + base64.b64encode("thatsAcomplPASS3".encode('utf-16-le')).decode('utf8') + """
+add: clearTextPassword
+clearTextPassword:: """ + base64.b64encode("thatsAcomplPASS4".encode('utf-16-le')).decode('utf8') + """
+""")
+            self.fail()
+        except LdbError as e12:
+            (num, msg) = e12.args
+            # "NO_SUCH_ATTRIBUTE" is returned by Windows -> ignore it
+            if num != ERR_NO_SUCH_ATTRIBUTE:
+                self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+                self.assertTrue('00000056' in msg)
+
+        # A change to the same password again will not work (password history)
+        try:
+            self.ldb2.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: clearTextPassword
+clearTextPassword:: """ + base64.b64encode("thatsAcomplPASS2".encode('utf-16-le')).decode('utf8') + """
+add: clearTextPassword
+clearTextPassword:: """ + base64.b64encode("thatsAcomplPASS2".encode('utf-16-le')).decode('utf8') + """
+""")
+            self.fail()
+        except LdbError as e13:
+            (num, msg) = e13.args
+            # "NO_SUCH_ATTRIBUTE" is returned by Windows -> ignore it
+            if num != ERR_NO_SUCH_ATTRIBUTE:
+                self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+                self.assertTrue('0000052D' in msg)
+
+    def test_failures(self):
+        """Performs some failure testing"""
+
+        try:
+            self.ldb.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: userPassword
+userPassword: thatsAcomplPASS1
+""")
+            self.fail()
+        except LdbError as e14:
+            (num, _) = e14.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        try:
+            self.ldb2.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: userPassword
+userPassword: thatsAcomplPASS1
+""")
+            self.fail()
+        except LdbError as e15:
+            (num, _) = e15.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        try:
+            self.ldb.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: userPassword
+""")
+            self.fail()
+        except LdbError as e16:
+            (num, _) = e16.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        try:
+            self.ldb2.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: userPassword
+""")
+            self.fail()
+        except LdbError as e17:
+            (num, _) = e17.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        try:
+            self.ldb.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+add: userPassword
+userPassword: thatsAcomplPASS1
+""")
+            self.fail()
+        except LdbError as e18:
+            (num, _) = e18.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        try:
+            self.ldb2.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+add: userPassword
+userPassword: thatsAcomplPASS1
+""")
+            self.fail()
+        except LdbError as e19:
+            (num, _) = e19.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+
+        try:
+            self.ldb.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: userPassword
+userPassword: thatsAcomplPASS1
+add: userPassword
+userPassword: thatsAcomplPASS2
+userPassword: thatsAcomplPASS2
+""")
+            self.fail()
+        except LdbError as e20:
+            (num, _) = e20.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        try:
+            self.ldb2.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: userPassword
+userPassword: thatsAcomplPASS1
+add: userPassword
+userPassword: thatsAcomplPASS2
+userPassword: thatsAcomplPASS2
+""")
+            self.fail()
+        except LdbError as e21:
+            (num, _) = e21.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        try:
+            self.ldb.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: userPassword
+userPassword: thatsAcomplPASS1
+userPassword: thatsAcomplPASS1
+add: userPassword
+userPassword: thatsAcomplPASS2
+""")
+            self.fail()
+        except LdbError as e22:
+            (num, _) = e22.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        try:
+            self.ldb2.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: userPassword
+userPassword: thatsAcomplPASS1
+userPassword: thatsAcomplPASS1
+add: userPassword
+userPassword: thatsAcomplPASS2
+""")
+            self.fail()
+        except LdbError as e23:
+            (num, _) = e23.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        try:
+            self.ldb.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: userPassword
+userPassword: thatsAcomplPASS1
+add: userPassword
+userPassword: thatsAcomplPASS2
+add: userPassword
+userPassword: thatsAcomplPASS2
+""")
+            self.fail()
+        except LdbError as e24:
+            (num, _) = e24.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        try:
+            self.ldb2.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: userPassword
+userPassword: thatsAcomplPASS1
+add: userPassword
+userPassword: thatsAcomplPASS2
+add: userPassword
+userPassword: thatsAcomplPASS2
+""")
+            self.fail()
+        except LdbError as e25:
+            (num, _) = e25.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+
+        try:
+            self.ldb.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: userPassword
+userPassword: thatsAcomplPASS1
+delete: userPassword
+userPassword: thatsAcomplPASS1
+add: userPassword
+userPassword: thatsAcomplPASS2
+""")
+            self.fail()
+        except LdbError as e26:
+            (num, _) = e26.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        try:
+            self.ldb2.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: userPassword
+userPassword: thatsAcomplPASS1
+delete: userPassword
+userPassword: thatsAcomplPASS1
+add: userPassword
+userPassword: thatsAcomplPASS2
+""")
+            self.fail()
+        except LdbError as e27:
+            (num, _) = e27.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+
+        try:
+            self.ldb.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: userPassword
+userPassword: thatsAcomplPASS1
+add: userPassword
+userPassword: thatsAcomplPASS2
+replace: userPassword
+userPassword: thatsAcomplPASS3
+""")
+            self.fail()
+        except LdbError as e28:
+            (num, _) = e28.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        try:
+            self.ldb2.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: userPassword
+userPassword: thatsAcomplPASS1
+add: userPassword
+userPassword: thatsAcomplPASS2
+replace: userPassword
+userPassword: thatsAcomplPASS3
+""")
+            self.fail()
+        except LdbError as e29:
+            (num, _) = e29.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+
+        # Reverse order does work
+        self.ldb2.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+add: userPassword
+userPassword: thatsAcomplPASS2
+delete: userPassword
+userPassword: thatsAcomplPASS1
+""")
+
+        try:
+            self.ldb2.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: userPassword
+userPassword: thatsAcomplPASS2
+add: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS3\"".encode('utf-16-le')).decode('utf8') + """
+""")
+            # this passes against s4
+        except LdbError as e30:
+            (num, _) = e30.args
+            self.assertEqual(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
+
+        try:
+            self.ldb2.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS3\"".encode('utf-16-le')).decode('utf8') + """
+add: userPassword
+userPassword: thatsAcomplPASS4
+""")
+            # this passes against s4
+        except LdbError as e31:
+            (num, _) = e31.args
+            self.assertEqual(num, ERR_NO_SUCH_ATTRIBUTE)
+
+        # Several password changes at once are allowed
+        self.ldb.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+replace: userPassword
+userPassword: thatsAcomplPASS1
+userPassword: thatsAcomplPASS2
+""")
+
+        # Several password changes at once are allowed
+        self.ldb.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+replace: userPassword
+userPassword: thatsAcomplPASS1
+userPassword: thatsAcomplPASS2
+replace: userPassword
+userPassword: thatsAcomplPASS3
+replace: userPassword
+userPassword: thatsAcomplPASS4
+""")
+
+        # This surprisingly should work
+        delete_force(self.ldb, "cn=testuser2,cn=users," + self.base_dn)
+        self.ldb.add({
+             "dn": "cn=testuser2,cn=users," + self.base_dn,
+             "objectclass": "user",
+             "userPassword": ["thatsAcomplPASS1", "thatsAcomplPASS2"]})
+
+        # This surprisingly should work
+        delete_force(self.ldb, "cn=testuser2,cn=users," + self.base_dn)
+        self.ldb.add({
+             "dn": "cn=testuser2,cn=users," + self.base_dn,
+             "objectclass": "user",
+             "userPassword": ["thatsAcomplPASS1", "thatsAcomplPASS1"]})
+
+    def test_empty_passwords(self):
+        print("Performs some empty passwords testing")
+
+        try:
+            self.ldb.add({
+                 "dn": "cn=testuser2,cn=users," + self.base_dn,
+                 "objectclass": "user",
+                 "unicodePwd": []})
+            self.fail()
+        except LdbError as e32:
+            (num, _) = e32.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        try:
+            self.ldb.add({
+                 "dn": "cn=testuser2,cn=users," + self.base_dn,
+                 "objectclass": "user",
+                 "dBCSPwd": []})
+            self.fail()
+        except LdbError as e33:
+            (num, _) = e33.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        try:
+            self.ldb.add({
+                 "dn": "cn=testuser2,cn=users," + self.base_dn,
+                 "objectclass": "user",
+                 "userPassword": []})
+            self.fail()
+        except LdbError as e34:
+            (num, _) = e34.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        try:
+            self.ldb.add({
+                 "dn": "cn=testuser2,cn=users," + self.base_dn,
+                 "objectclass": "user",
+                 "clearTextPassword": []})
+            self.fail()
+        except LdbError as e35:
+            (num, _) = e35.args
+            self.assertTrue(num == ERR_CONSTRAINT_VIOLATION or
+                            num == ERR_NO_SUCH_ATTRIBUTE)  # for Windows
+
+        delete_force(self.ldb, "cn=testuser2,cn=users," + self.base_dn)
+
+        m = Message()
+        m.dn = Dn(self.ldb, "cn=testuser,cn=users," + self.base_dn)
+        m["unicodePwd"] = MessageElement([], FLAG_MOD_ADD, "unicodePwd")
+        try:
+            self.ldb.modify(m)
+            self.fail()
+        except LdbError as e36:
+            (num, _) = e36.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        m = Message()
+        m.dn = Dn(self.ldb, "cn=testuser,cn=users," + self.base_dn)
+        m["dBCSPwd"] = MessageElement([], FLAG_MOD_ADD, "dBCSPwd")
+        try:
+            self.ldb.modify(m)
+            self.fail()
+        except LdbError as e37:
+            (num, _) = e37.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        m = Message()
+        m.dn = Dn(self.ldb, "cn=testuser,cn=users," + self.base_dn)
+        m["userPassword"] = MessageElement([], FLAG_MOD_ADD, "userPassword")
+        try:
+            self.ldb.modify(m)
+            self.fail()
+        except LdbError as e38:
+            (num, _) = e38.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        m = Message()
+        m.dn = Dn(self.ldb, "cn=testuser,cn=users," + self.base_dn)
+        m["clearTextPassword"] = MessageElement([], FLAG_MOD_ADD, "clearTextPassword")
+        try:
+            self.ldb.modify(m)
+            self.fail()
+        except LdbError as e39:
+            (num, _) = e39.args
+            self.assertTrue(num == ERR_CONSTRAINT_VIOLATION or
+                            num == ERR_NO_SUCH_ATTRIBUTE)  # for Windows
+
+        m = Message()
+        m.dn = Dn(self.ldb, "cn=testuser,cn=users," + self.base_dn)
+        m["unicodePwd"] = MessageElement([], FLAG_MOD_REPLACE, "unicodePwd")
+        try:
+            self.ldb.modify(m)
+            self.fail()
+        except LdbError as e40:
+            (num, _) = e40.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        m = Message()
+        m.dn = Dn(self.ldb, "cn=testuser,cn=users," + self.base_dn)
+        m["dBCSPwd"] = MessageElement([], FLAG_MOD_REPLACE, "dBCSPwd")
+        try:
+            self.ldb.modify(m)
+            self.fail()
+        except LdbError as e41:
+            (num, _) = e41.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        m = Message()
+        m.dn = Dn(self.ldb, "cn=testuser,cn=users," + self.base_dn)
+        m["userPassword"] = MessageElement([], FLAG_MOD_REPLACE, "userPassword")
+        try:
+            self.ldb.modify(m)
+            self.fail()
+        except LdbError as e42:
+            (num, _) = e42.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        m = Message()
+        m.dn = Dn(self.ldb, "cn=testuser,cn=users," + self.base_dn)
+        m["clearTextPassword"] = MessageElement([], FLAG_MOD_REPLACE, "clearTextPassword")
+        try:
+            self.ldb.modify(m)
+            self.fail()
+        except LdbError as e43:
+            (num, _) = e43.args
+            self.assertTrue(num == ERR_UNWILLING_TO_PERFORM or
+                            num == ERR_NO_SUCH_ATTRIBUTE)  # for Windows
+
+        m = Message()
+        m.dn = Dn(self.ldb, "cn=testuser,cn=users," + self.base_dn)
+        m["unicodePwd"] = MessageElement([], FLAG_MOD_DELETE, "unicodePwd")
+        try:
+            self.ldb.modify(m)
+            self.fail()
+        except LdbError as e44:
+            (num, _) = e44.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        m = Message()
+        m.dn = Dn(self.ldb, "cn=testuser,cn=users," + self.base_dn)
+        m["dBCSPwd"] = MessageElement([], FLAG_MOD_DELETE, "dBCSPwd")
+        try:
+            self.ldb.modify(m)
+            self.fail()
+        except LdbError as e45:
+            (num, _) = e45.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        m = Message()
+        m.dn = Dn(self.ldb, "cn=testuser,cn=users," + self.base_dn)
+        m["userPassword"] = MessageElement([], FLAG_MOD_DELETE, "userPassword")
+        try:
+            self.ldb.modify(m)
+            self.fail()
+        except LdbError as e46:
+            (num, _) = e46.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        m = Message()
+        m.dn = Dn(self.ldb, "cn=testuser,cn=users," + self.base_dn)
+        m["clearTextPassword"] = MessageElement([], FLAG_MOD_DELETE, "clearTextPassword")
+        try:
+            self.ldb.modify(m)
+            self.fail()
+        except LdbError as e47:
+            (num, _) = e47.args
+            self.assertTrue(num == ERR_CONSTRAINT_VIOLATION or
+                            num == ERR_NO_SUCH_ATTRIBUTE)  # for Windows
+
+    def test_plain_userPassword(self):
+        print("Performs testing about the standard 'userPassword' behaviour")
+
+        # Delete the "dSHeuristics"
+        self.ldb.set_dsheuristics(None)
+
+        time.sleep(1)  # This switching time is strictly needed!
+
+        m = Message()
+        m.dn = Dn(self.ldb, "cn=testuser,cn=users," + self.base_dn)
+        m["userPassword"] = MessageElement("myPassword", FLAG_MOD_ADD,
+                                           "userPassword")
+        self.ldb.modify(m)
+
+        res = self.ldb.search("cn=testuser,cn=users," + self.base_dn,
+                              scope=SCOPE_BASE, attrs=["userPassword"])
+        self.assertTrue(len(res) == 1)
+        self.assertTrue("userPassword" in res[0])
+        self.assertEqual(str(res[0]["userPassword"][0]), "myPassword")
+
+        m = Message()
+        m.dn = Dn(self.ldb, "cn=testuser,cn=users," + self.base_dn)
+        m["userPassword"] = MessageElement("myPassword2", FLAG_MOD_REPLACE,
+                                           "userPassword")
+        self.ldb.modify(m)
+
+        res = self.ldb.search("cn=testuser,cn=users," + self.base_dn,
+                              scope=SCOPE_BASE, attrs=["userPassword"])
+        self.assertTrue(len(res) == 1)
+        self.assertTrue("userPassword" in res[0])
+        self.assertEqual(str(res[0]["userPassword"][0]), "myPassword2")
+
+        m = Message()
+        m.dn = Dn(self.ldb, "cn=testuser,cn=users," + self.base_dn)
+        m["userPassword"] = MessageElement([], FLAG_MOD_DELETE,
+                                           "userPassword")
+        self.ldb.modify(m)
+
+        res = self.ldb.search("cn=testuser,cn=users," + self.base_dn,
+                              scope=SCOPE_BASE, attrs=["userPassword"])
+        self.assertTrue(len(res) == 1)
+        self.assertFalse("userPassword" in res[0])
+
+        # Set the test "dSHeuristics" to deactivate "userPassword" pwd changes
+        self.ldb.set_dsheuristics("000000000")
+
+        m = Message()
+        m.dn = Dn(self.ldb, "cn=testuser,cn=users," + self.base_dn)
+        m["userPassword"] = MessageElement("myPassword3", FLAG_MOD_REPLACE,
+                                           "userPassword")
+        self.ldb.modify(m)
+
+        res = self.ldb.search("cn=testuser,cn=users," + self.base_dn,
+                              scope=SCOPE_BASE, attrs=["userPassword"])
+        self.assertTrue(len(res) == 1)
+        self.assertTrue("userPassword" in res[0])
+        self.assertEqual(str(res[0]["userPassword"][0]), "myPassword3")
+
+        # Set the test "dSHeuristics" to deactivate "userPassword" pwd changes
+        self.ldb.set_dsheuristics("000000002")
+
+        m = Message()
+        m.dn = Dn(self.ldb, "cn=testuser,cn=users," + self.base_dn)
+        m["userPassword"] = MessageElement("myPassword4", FLAG_MOD_REPLACE,
+                                           "userPassword")
+        self.ldb.modify(m)
+
+        res = self.ldb.search("cn=testuser,cn=users," + self.base_dn,
+                              scope=SCOPE_BASE, attrs=["userPassword"])
+        self.assertTrue(len(res) == 1)
+        self.assertTrue("userPassword" in res[0])
+        self.assertEqual(str(res[0]["userPassword"][0]), "myPassword4")
+
+        # Reset the test "dSHeuristics" (reactivate "userPassword" pwd changes)
+        self.ldb.set_dsheuristics("000000001")
+
+    def test_modify_dsheuristics_userPassword(self):
+        print("Performs testing about reading userPassword between dsHeuristic modifies")
+
+        # Make sure userPassword cannot be read
+        self.ldb.set_dsheuristics("000000000")
+
+        # Open a new connection (with dsHeuristic=000000000)
+        ldb1 = SamDB(url=host, session_info=system_session(lp),
+                     credentials=creds, lp=lp)
+
+        # Set userPassword to be read
+        # This setting only affects newer connections (ldb2)
+        ldb1.set_dsheuristics("000000001")
+        time.sleep(1)
+
+        m = Message()
+        m.dn = Dn(ldb1, "cn=testuser,cn=users," + self.base_dn)
+        m["userPassword"] = MessageElement("thatsAcomplPASS1", FLAG_MOD_REPLACE,
+                                           "userPassword")
+        ldb1.modify(m)
+
+        res = ldb1.search("cn=testuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["userPassword"])
+
+        # userPassword cannot be read, it wasn't set, instead the
+        # password was
+        self.assertTrue(len(res) == 1)
+        self.assertFalse("userPassword" in res[0])
+
+        # Open another new connection (with dsHeuristic=000000001)
+        ldb2 = SamDB(url=host, session_info=system_session(lp),
+                     credentials=creds, lp=lp)
+
+        res = ldb2.search("cn=testuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["userPassword"])
+
+        # Check on the new connection that userPassword was not stored
+        # from ldb1 or is not readable
+        self.assertTrue(len(res) == 1)
+        self.assertFalse("userPassword" in res[0])
+
+        # Set userPassword to be readable
+        # This setting does not affect this connection
+        ldb2.set_dsheuristics("000000000")
+        time.sleep(1)
+
+        res = ldb2.search("cn=testuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["userPassword"])
+
+        # Check that userPassword was not stored from ldb1
+        self.assertTrue(len(res) == 1)
+        self.assertFalse("userPassword" in res[0])
+
+        m = Message()
+        m.dn = Dn(ldb2, "cn=testuser,cn=users," + self.base_dn)
+        m["userPassword"] = MessageElement("thatsAcomplPASS2", FLAG_MOD_REPLACE,
+                                           "userPassword")
+        ldb2.modify(m)
+
+        res = ldb2.search("cn=testuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["userPassword"])
+
+        # Check despite setting it with userPassword support disabled
+        # on this connection it should still not be readable
+        self.assertTrue(len(res) == 1)
+        self.assertFalse("userPassword" in res[0])
+
+        # Only password from ldb1 is the user's password
+        creds2 = Credentials()
+        creds2.set_username("testuser")
+        creds2.set_password("thatsAcomplPASS1")
+        creds2.set_domain(creds.get_domain())
+        creds2.set_realm(creds.get_realm())
+        creds2.set_workstation(creds.get_workstation())
+        creds2.set_gensec_features(creds2.get_gensec_features()
+                                   | gensec.FEATURE_SEAL)
+
+        try:
+            SamDB(url=host, credentials=creds2, lp=lp)
+        except:
+            self.fail("testuser used the wrong password")
+
+        ldb3 = SamDB(url=host, session_info=system_session(lp),
+                     credentials=creds, lp=lp)
+
+        # Check that userPassword was stored from ldb2
+        res = ldb3.search("cn=testuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["userPassword"])
+
+        # userPassword can be read
+        self.assertTrue(len(res) == 1)
+        self.assertTrue("userPassword" in res[0])
+        self.assertEqual(str(res[0]["userPassword"][0]), "thatsAcomplPASS2")
+
+        # Reset the test "dSHeuristics" (reactivate "userPassword" pwd changes)
+        self.ldb.set_dsheuristics("000000001")
+
+        ldb4 = SamDB(url=host, session_info=system_session(lp),
+                     credentials=creds, lp=lp)
+
+        # Check that userPassword that was stored from ldb2
+        res = ldb4.search("cn=testuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["userPassword"])
+
+        # userPassword can be not be read
+        self.assertTrue(len(res) == 1)
+        self.assertFalse("userPassword" in res[0])
+
+    def test_zero_length(self):
+        # Get the old "minPwdLength"
+        minPwdLength = self.ldb.get_minPwdLength()
+        # Set it temporarily to "0"
+        self.ldb.set_minPwdLength("0")
+
+        # Get the old "pwdProperties"
+        pwdProperties = self.ldb.get_pwdProperties()
+        # Set them temporarily to "0" (to deactivate eventually the complexity)
+        self.ldb.set_pwdProperties("0")
+
+        self.ldb.setpassword("(sAMAccountName=testuser)", "")
+
+        # Reset the "pwdProperties" as they were before
+        self.ldb.set_pwdProperties(pwdProperties)
+
+        # Reset the "minPwdLength" as it was before
+        self.ldb.set_minPwdLength(minPwdLength)
+
+    def test_pw_change_delete_no_value_userPassword(self):
+        """Test password change with userPassword where the delete attribute doesn't have a value"""
+
+        try:
+            self.ldb2.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: userPassword
+add: userPassword
+userPassword: thatsAcomplPASS1
+""")
+        except LdbError as e:
+            (num, msg) = e.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+        else:
+            self.fail()
+
+    def test_pw_change_delete_no_value_clearTextPassword(self):
+        """Test password change with clearTextPassword where the delete attribute doesn't have a value"""
+
+        try:
+            self.ldb2.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: clearTextPassword
+add: clearTextPassword
+clearTextPassword: thatsAcomplPASS2
+""")
+        except LdbError as e:
+            (num, msg) = e.args
+            self.assertTrue(num == ERR_CONSTRAINT_VIOLATION or
+                            num == ERR_NO_SUCH_ATTRIBUTE)  # for Windows
+        else:
+            self.fail()
+
+    def test_pw_change_delete_no_value_unicodePwd(self):
+        """Test password change with unicodePwd where the delete attribute doesn't have a value"""
+
+        try:
+            self.ldb2.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: unicodePwd
+add: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS3\"".encode('utf-16-le')).decode('utf8') + """
+""")
+        except LdbError as e:
+            (num, msg) = e.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+        else:
+            self.fail()
+
+    def tearDown(self):
+        super(PasswordTests, self).tearDown()
+        delete_force(self.ldb, "cn=testuser,cn=users," + self.base_dn)
+        delete_force(self.ldb, "cn=testuser2,cn=users," + self.base_dn)
+        # Close the second LDB connection (with the user credentials)
+        self.ldb2 = None
+
+
+if "://" not in host:
+    if os.path.isfile(host):
+        host_ldaps = None
+        host = "tdb://%s" % host
+    else:
+        host_ldaps = "ldaps://%s" % host
+        host = "ldap://%s" % host
+
+TestProgram(module=__name__, opts=subunitopts)
diff --git a/source4/dsdb/tests/python/priv_attrs.py b/source4/dsdb/tests/python/priv_attrs.py
new file mode 100644
index 0000000..5c9db73
--- /dev/null
+++ b/source4/dsdb/tests/python/priv_attrs.py
@@ -0,0 +1,392 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+# This tests the restrictions on userAccountControl that apply even if write access is permitted
+#
+# Copyright Samuel Cabrero 2014 <samuelcabrero@kernevil.me>
+# Copyright Andrew Bartlett 2014 <abartlet@samba.org>
+#
+# Licenced under the GPLv3
+#
+
+import optparse
+import sys
+import unittest
+import samba
+import samba.getopt as options
+import samba.tests
+import ldb
+
+sys.path.insert(0, "bin/python")
+from samba.tests import DynamicTestCase
+from samba.subunit.run import SubunitTestRunner
+from samba.samdb import SamDB
+from samba.dcerpc import security
+from samba.credentials import Credentials
+from samba.ndr import ndr_pack
+from samba.tests import delete_force
+from samba import gensec, sd_utils
+from samba.credentials import DONT_USE_KERBEROS
+from ldb import SCOPE_BASE, LdbError
+from samba.dsdb import (
+    UF_NORMAL_ACCOUNT,
+    UF_PARTIAL_SECRETS_ACCOUNT,
+    UF_PASSWD_NOTREQD,
+    UF_SERVER_TRUST_ACCOUNT,
+    UF_TRUSTED_FOR_DELEGATION,
+    UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION,
+    UF_WORKSTATION_TRUST_ACCOUNT,
+)
+
+
+parser = optparse.OptionParser("priv_attrs.py [options] <host>")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+opts, args = parser.parse_args()
+
+if len(args) < 1:
+    parser.print_usage()
+    sys.exit(1)
+host = args[0]
+
+if "://" not in host:
+    ldaphost = "ldap://%s" % host
+else:
+    ldaphost = host
+    start = host.rindex("://")
+    host = host.lstrip(start + 3)
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
+
+
+"""
+Check the combinations of:
+
+rodc kdc
+a2d2
+useraccountcontrol (trusted for delegation)
+sidHistory
+
+x
+
+add
+modify(replace)
+modify(add)
+
+x
+
+sd WP on add
+cc default perms
+admin created, WP to user
+
+x
+
+computer
+user
+"""
+
+attrs = {"sidHistory":
+         {"value": ndr_pack(security.dom_sid(security.SID_BUILTIN_ADMINISTRATORS)),
+          "priv-error": ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS,
+          "unpriv-error": ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS},
+
+         "msDS-AllowedToDelegateTo":
+         {"value": f"host/{host}",
+          "unpriv-error": ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS},
+
+         "userAccountControl-a2d-user":
+         {"attr": "userAccountControl",
+          "value": str(UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION|UF_NORMAL_ACCOUNT|UF_PASSWD_NOTREQD),
+          "unpriv-error": ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS},
+
+         "userAccountControl-a2d-computer":
+         {"attr": "userAccountControl",
+          "value": str(UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION|UF_WORKSTATION_TRUST_ACCOUNT),
+          "unpriv-error": ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS,
+          "only-1": "computer"},
+
+         # This flag makes many legitimate authenticated clients
+         # send a forwardable ticket-granting-ticket to the server
+         "userAccountControl-t4d-user":
+         {"attr": "userAccountControl",
+          "value": str(UF_TRUSTED_FOR_DELEGATION|UF_NORMAL_ACCOUNT|UF_PASSWD_NOTREQD),
+          "unpriv-error": ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS},
+
+         "userAccountControl-t4d-computer":
+         {"attr": "userAccountControl",
+          "value": str(UF_TRUSTED_FOR_DELEGATION|UF_WORKSTATION_TRUST_ACCOUNT),
+          "unpriv-error": ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS,
+          "only-1": "computer"},
+
+         "userAccountControl-DC":
+         {"attr": "userAccountControl",
+          "value": str(UF_SERVER_TRUST_ACCOUNT),
+          "unpriv-error": ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS,
+          "only-2": "computer"},
+
+         "userAccountControl-RODC":
+         {"attr": "userAccountControl",
+          "value": str(UF_PARTIAL_SECRETS_ACCOUNT|UF_WORKSTATION_TRUST_ACCOUNT),
+          "unpriv-error": ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS,
+          "only-1": "computer"},
+
+         "msDS-SecondaryKrbTgtNumber":
+         {"value": "65536",
+          "unpriv-error": ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS},
+         "primaryGroupID":
+         {"value": str(security.DOMAIN_RID_ADMINS),
+          "priv-error": ldb.ERR_UNWILLING_TO_PERFORM,
+          "unpriv-add-error": ldb.ERR_UNWILLING_TO_PERFORM,
+          "unpriv-error": ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS}
+        }
+
+
+
+@DynamicTestCase
+class PrivAttrsTests(samba.tests.TestCase):
+
+    def get_creds(self, target_username, target_password):
+        creds_tmp = Credentials()
+        creds_tmp.set_username(target_username)
+        creds_tmp.set_password(target_password)
+        creds_tmp.set_domain(creds.get_domain())
+        creds_tmp.set_realm(creds.get_realm())
+        creds_tmp.set_workstation(creds.get_workstation())
+        creds_tmp.set_gensec_features(creds_tmp.get_gensec_features()
+                                      | gensec.FEATURE_SEAL)
+        creds_tmp.set_kerberos_state(DONT_USE_KERBEROS)  # kinit is too expensive to use in a tight loop
+        return creds_tmp
+
+    def assertGotLdbError(self, wanted, got):
+        if not self.strict_checking:
+            self.assertNotEqual(got, ldb.SUCCESS)
+        else:
+            self.assertEqual(got, wanted)
+
+    def setUp(self):
+        super().setUp()
+
+        strict_checking = samba.tests.env_get_var_value('STRICT_CHECKING', allow_missing=True)
+        if strict_checking is None:
+            strict_checking = '1'
+        self.strict_checking = bool(int(strict_checking))
+
+        self.admin_creds = creds
+        self.admin_samdb = SamDB(url=ldaphost, credentials=self.admin_creds, lp=lp)
+        self.domain_sid = security.dom_sid(self.admin_samdb.get_domain_sid())
+        self.base_dn = self.admin_samdb.domain_dn()
+
+        self.unpriv_user = "testuser1"
+        self.unpriv_user_pw = "samba123@"
+        self.unpriv_creds = self.get_creds(self.unpriv_user, self.unpriv_user_pw)
+
+        self.admin_sd_utils = sd_utils.SDUtils(self.admin_samdb)
+
+        self.test_ou_name = "OU=test_priv_attrs"
+        self.test_ou = self.test_ou_name + "," + self.base_dn
+
+        delete_force(self.admin_samdb, self.test_ou, controls=["tree_delete:0"])
+
+        self.admin_samdb.create_ou(self.test_ou)
+
+        expected_user_dn = f"CN={self.unpriv_user},{self.test_ou_name},{self.base_dn}"
+
+        self.admin_samdb.newuser(self.unpriv_user, self.unpriv_user_pw, userou=self.test_ou_name)
+        res = self.admin_samdb.search(expected_user_dn,
+                                      scope=SCOPE_BASE,
+                                      attrs=["objectSid"])
+
+        self.assertEqual(1, len(res))
+
+        self.unpriv_user_dn = res[0].dn
+        self.addCleanup(delete_force, self.admin_samdb, self.unpriv_user_dn, controls=["tree_delete:0"])
+
+        self.unpriv_user_sid = self.admin_sd_utils.get_object_sid(self.unpriv_user_dn)
+
+        self.unpriv_samdb = SamDB(url=ldaphost, credentials=self.unpriv_creds, lp=lp)
+
+    @classmethod
+    def setUpDynamicTestCases(cls):
+        for test_name in attrs.keys():
+            for add_or_mod in ["add", "mod-del-add", "mod-replace"]:
+                for permission in ["admin-add", "CC"]:
+                    for sd in ["default", "WP"]:
+                        for objectclass in ["computer", "user"]:
+                            tname = f"{test_name}_{add_or_mod}_{permission}_{sd}_{objectclass}"
+                            targs = (test_name,
+                                     add_or_mod,
+                                     permission,
+                                     sd,
+                                     objectclass)
+                            cls.generate_dynamic_test("test_priv_attr",
+                                                      tname,
+                                                      *targs)
+
+    def add_computer_ldap(self, computername, others=None, samdb=None):
+        dn = "CN=%s,%s" % (computername, self.test_ou)
+        samaccountname = "%s$" % computername
+        msg_dict = {
+            "dn": dn,
+            "objectclass": "computer"}
+        if others is not None:
+            msg_dict = dict(list(msg_dict.items()) + list(others.items()))
+
+        msg = ldb.Message.from_dict(samdb, msg_dict)
+        msg["sAMAccountName"] = samaccountname
+
+        print("Adding computer account %s" % computername)
+        try:
+            samdb.add(msg)
+        except ldb.LdbError:
+            print(msg)
+            raise
+        return msg.dn
+
+    def add_user_ldap(self, username, others=None, samdb=None):
+        dn = "CN=%s,%s" % (username, self.test_ou)
+        samaccountname = "%s$" % username
+        msg_dict = {
+            "dn": dn,
+            "objectclass": "user"}
+        if others is not None:
+            msg_dict = dict(list(msg_dict.items()) + list(others.items()))
+
+        msg = ldb.Message.from_dict(samdb, msg_dict)
+        msg["sAMAccountName"] = samaccountname
+
+        print("Adding user account %s" % username)
+        try:
+            samdb.add(msg)
+        except ldb.LdbError:
+            print(msg)
+            raise
+        return msg.dn
+
+    def add_thing_ldap(self, user, others, samdb, objectclass):
+        if objectclass == "user":
+            dn = self.add_user_ldap(user, others, samdb=samdb)
+        elif objectclass == "computer":
+            dn = self.add_computer_ldap(user, others, samdb=samdb)
+        return dn
+
+    def _test_priv_attr_with_args(self, test_name, add_or_mod, permission, sd, objectclass):
+        user="privattrs"
+        if "attr" in attrs[test_name]:
+            attr = attrs[test_name]["attr"]
+        else:
+            attr = test_name
+        if add_or_mod == "add":
+            others = {attr: attrs[test_name]["value"]}
+        else:
+            others = {}
+
+        if permission == "CC":
+            samdb = self.unpriv_samdb
+            # Set CC on container to allow user add
+            mod = "(OA;CI;CC;bf967aba-0de6-11d0-a285-00aa003049e2;;%s)" % str(self.unpriv_user_sid)
+            self.admin_sd_utils.dacl_add_ace(self.test_ou, mod)
+            mod = "(OA;CI;CC;bf967a86-0de6-11d0-a285-00aa003049e2;;%s)" % str(self.unpriv_user_sid)
+            self.admin_sd_utils.dacl_add_ace(self.test_ou, mod)
+
+        else:
+            samdb = self.admin_samdb
+
+        if sd == "WP":
+            # Set SD to WP to the target user as part of add
+            sd = "O:%sG:DUD:(OA;CIID;RPWP;;;%s)(OA;;CR;00299570-246d-11d0-a768-00aa006e0529;;%s)" % (self.unpriv_user_sid, self.unpriv_user_sid, self.unpriv_user_sid)
+            tmp_desc = security.descriptor.from_sddl(sd, self.domain_sid)
+            others["ntSecurityDescriptor"] = ndr_pack(tmp_desc)
+
+        if add_or_mod == "add":
+
+            # only-1 and only-2 are due to windows behaviour
+
+            if "only-1" in attrs[test_name] and \
+                 attrs[test_name]["only-1"] != objectclass:
+                try:
+                    dn = self.add_thing_ldap(user, others, samdb, objectclass)
+                    self.fail(f"{test_name}: Unexpectedly able to set {attr} on new {objectclass} as ADMIN (should fail LDAP_OBJECT_CLASS_VIOLATION)")
+                except LdbError as e5:
+                    (enum, estr) = e5.args
+                    self.assertGotLdbError(ldb.ERR_OBJECT_CLASS_VIOLATION, enum)
+            elif permission == "CC":
+                try:
+                    dn = self.add_thing_ldap(user, others, samdb, objectclass)
+                    self.fail(f"{test_name}: Unexpectedly able to set {attr} on new {objectclass}")
+                except LdbError as e5:
+                    (enum, estr) = e5.args
+                    if "unpriv-add-error" in attrs[test_name]:
+                        self.assertGotLdbError(attrs[test_name]["unpriv-add-error"],
+                                               enum)
+                    else:
+                        self.assertGotLdbError(attrs[test_name]["unpriv-error"],
+                                               enum)
+            elif "only-2" in attrs[test_name] and \
+                 attrs[test_name]["only-2"] != objectclass:
+                try:
+                    dn = self.add_thing_ldap(user, others, samdb, objectclass)
+                    self.fail(f"{test_name}: Unexpectedly able to set {attr} on new {objectclass} as ADMIN (should fail LDAP_OBJECT_CLASS_VIOLATION)")
+                except LdbError as e5:
+                    (enum, estr) = e5.args
+                    self.assertGotLdbError(ldb.ERR_OBJECT_CLASS_VIOLATION, enum)
+            elif "priv-error" in attrs[test_name]:
+                try:
+                    dn = self.add_thing_ldap(user, others, samdb, objectclass)
+                    self.fail(f"{test_name}: Unexpectedly able to set {attr} on new {objectclass} as ADMIN")
+                except LdbError as e5:
+                    (enum, estr) = e5.args
+                    self.assertGotLdbError(attrs[test_name]["priv-error"], enum)
+            else:
+                try:
+                    dn = self.add_thing_ldap(user, others, samdb, objectclass)
+                except LdbError as e5:
+                    (enum, estr) = e5.args
+                    self.fail(f"Failed to add account {user} as objectclass {objectclass}")
+        else:
+            try:
+                 dn = self.add_thing_ldap(user, others, samdb, objectclass)
+            except LdbError as e5:
+                (enum, estr) = e5.args
+                self.fail(f"Failed to add account {user} as objectclass {objectclass}")
+
+        if add_or_mod == "add":
+            return
+
+        m = ldb.Message()
+        m.dn = dn
+
+        # Do modify
+        if add_or_mod == "mod-del-add":
+            m["0"] = ldb.MessageElement([],
+                                          ldb.FLAG_MOD_DELETE,
+                                          attr)
+            m["1"] = ldb.MessageElement(attrs[test_name]["value"],
+                                                ldb.FLAG_MOD_ADD,
+                                                attr)
+        else:
+            m["0"] = ldb.MessageElement(attrs[test_name]["value"],
+                                      ldb.FLAG_MOD_REPLACE,
+                                      attr)
+
+        try:
+            self.unpriv_samdb.modify(m)
+            self.fail(f"{test_name}: Unexpectedly able to set {attr} on {m.dn}")
+        except LdbError as e5:
+            (enum, estr) = e5.args
+            self.assertGotLdbError(attrs[test_name]["unpriv-error"], enum)
+
+
+
+
+runner = SubunitTestRunner()
+rc = 0
+if not runner.run(unittest.TestLoader().loadTestsFromTestCase(
+        PrivAttrsTests)).wasSuccessful():
+    rc = 1
+sys.exit(rc)
diff --git a/source4/dsdb/tests/python/rodc.py b/source4/dsdb/tests/python/rodc.py
new file mode 100755
index 0000000..b089a27
--- /dev/null
+++ b/source4/dsdb/tests/python/rodc.py
@@ -0,0 +1,254 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+import optparse
+import sys
+import os
+import re
+import uuid
+
+sys.path.insert(0, "bin/python")
+import samba
+from samba.tests.subunitrun import SubunitOptions, TestProgram
+
+import samba.getopt as options
+
+from samba.auth import system_session
+import ldb
+from samba.samdb import SamDB
+from samba.ndr import ndr_pack, ndr_unpack
+from samba.dcerpc import drsblobs
+
+
+class RodcTestException(Exception):
+    pass
+
+
+class RodcTests(samba.tests.TestCase):
+
+    def setUp(self):
+        super(RodcTests, self).setUp()
+        self.samdb = SamDB(HOST, credentials=CREDS,
+                           session_info=system_session(LP), lp=LP)
+
+        self.base_dn = self.samdb.domain_dn()
+
+        root = self.samdb.search(base='', scope=ldb.SCOPE_BASE,
+                                 attrs=['dsServiceName'])
+        self.service = root[0]['dsServiceName'][0]
+        self.tag = uuid.uuid4().hex
+
+    def test_add_replicated_objects(self):
+        for o in (
+                {
+                    'dn': "ou=%s1,%s" % (self.tag, self.base_dn),
+                    "objectclass": "organizationalUnit"
+                },
+                {
+                    'dn': "cn=%s2,%s" % (self.tag, self.base_dn),
+                    "objectclass": "user"
+                },
+                {
+                    'dn': "cn=%s3,%s" % (self.tag, self.base_dn),
+                    "objectclass": "group"
+                },
+                {
+                    'dn': "cn=%s4,%s" % (self.tag, self.service),
+                    "objectclass": "NTDSConnection",
+                    'enabledConnection': 'TRUE',
+                    'fromServer': self.base_dn,
+                    'options': '0'
+                },
+        ):
+            try:
+                self.samdb.add(o)
+                self.fail("Failed to fail to add %s" % o['dn'])
+            except ldb.LdbError as e:
+                (ecode, emsg) = e.args
+                if ecode != ldb.ERR_REFERRAL:
+                    print(emsg)
+                    self.fail("Adding %s: ldb error: %s %s, wanted referral" %
+                              (o['dn'], ecode, emsg))
+                else:
+                    m = re.search(r'(ldap://[^>]+)>', emsg)
+                    if m is None:
+                        self.fail("referral seems not to refer to anything")
+                    address = m.group(1)
+
+                    try:
+                        tmpdb = SamDB(address, credentials=CREDS,
+                                      session_info=system_session(LP), lp=LP)
+                        tmpdb.add(o)
+                        tmpdb.delete(o['dn'])
+                    except ldb.LdbError as e:
+                        self.fail("couldn't modify referred location %s" %
+                                  address)
+
+                    if address.lower().startswith(self.samdb.domain_dns_name()):
+                        self.fail("referral address did not give a specific DC")
+
+    def test_modify_replicated_attributes(self):
+        # some timestamp ones
+        dn = 'CN=Guest,CN=Users,' + self.base_dn
+        value = 'hallooo'
+        for attr in ['carLicense', 'middleName']:
+            msg = ldb.Message()
+            msg.dn = ldb.Dn(self.samdb, dn)
+            msg[attr] = ldb.MessageElement(value,
+                                           ldb.FLAG_MOD_REPLACE,
+                                           attr)
+            try:
+                self.samdb.modify(msg)
+                self.fail("Failed to fail to modify %s %s" % (dn, attr))
+            except ldb.LdbError as e1:
+                (ecode, emsg) = e1.args
+                if ecode != ldb.ERR_REFERRAL:
+                    self.fail("Failed to REFER when trying to modify %s %s" %
+                              (dn, attr))
+                else:
+                    m = re.search(r'(ldap://[^>]+)>', emsg)
+                    if m is None:
+                        self.fail("referral seems not to refer to anything")
+                    address = m.group(1)
+
+                    try:
+                        tmpdb = SamDB(address, credentials=CREDS,
+                                      session_info=system_session(LP), lp=LP)
+                        tmpdb.modify(msg)
+                    except ldb.LdbError as e:
+                        self.fail("couldn't modify referred location %s" %
+                                  address)
+
+                    if address.lower().startswith(self.samdb.domain_dns_name()):
+                        self.fail("referral address did not give a specific DC")
+
+    def test_modify_nonreplicated_attributes(self):
+        # some timestamp ones
+        dn = 'CN=Guest,CN=Users,' + self.base_dn
+        value = '123456789'
+        for attr in ['badPwdCount', 'lastLogon', 'lastLogoff']:
+            m = ldb.Message()
+            m.dn = ldb.Dn(self.samdb, dn)
+            m[attr] = ldb.MessageElement(value,
+                                         ldb.FLAG_MOD_REPLACE,
+                                         attr)
+            # Windows refers these ones even though they are non-replicated
+            try:
+                self.samdb.modify(m)
+                self.fail("Failed to fail to modify %s %s" % (dn, attr))
+            except ldb.LdbError as e2:
+                (ecode, emsg) = e2.args
+                if ecode != ldb.ERR_REFERRAL:
+                    self.fail("Failed to REFER when trying to modify %s %s" %
+                              (dn, attr))
+                else:
+                    m = re.search(r'(ldap://[^>]+)>', emsg)
+                    if m is None:
+                        self.fail("referral seems not to refer to anything")
+                    address = m.group(1)
+
+                    if address.lower().startswith(self.samdb.domain_dns_name()):
+                        self.fail("referral address did not give a specific DC")
+
+    def test_modify_nonreplicated_reps_attributes(self):
+        # some timestamp ones
+        dn = self.base_dn
+
+        m = ldb.Message()
+        m.dn = ldb.Dn(self.samdb, dn)
+        attr = 'repsFrom'
+
+        res = self.samdb.search(dn, scope=ldb.SCOPE_BASE,
+                                attrs=['repsFrom'])
+        rep = ndr_unpack(drsblobs.repsFromToBlob, res[0]['repsFrom'][0],
+                         allow_remaining=True)
+        rep.ctr.result_last_attempt = -1
+        value = ndr_pack(rep)
+
+        m[attr] = ldb.MessageElement(value,
+                                     ldb.FLAG_MOD_REPLACE,
+                                     attr)
+        try:
+            self.samdb.modify(m)
+            self.fail("Failed to fail to modify %s %s" % (dn, attr))
+        except ldb.LdbError as e3:
+            (ecode, emsg) = e3.args
+            if ecode != ldb.ERR_REFERRAL:
+                self.fail("Failed to REFER when trying to modify %s %s" %
+                          (dn, attr))
+            else:
+                m = re.search(r'(ldap://[^>]+)>', emsg)
+                if m is None:
+                    self.fail("referral seems not to refer to anything")
+                address = m.group(1)
+
+                if address.lower().startswith(self.samdb.domain_dns_name()):
+                    self.fail("referral address did not give a specific DC")
+
+    def test_delete_special_objects(self):
+        dn = 'CN=Guest,CN=Users,' + self.base_dn
+        try:
+            self.samdb.delete(dn)
+            self.fail("Failed to fail to delete %s" % (dn))
+        except ldb.LdbError as e4:
+            (ecode, emsg) = e4.args
+            if ecode != ldb.ERR_REFERRAL:
+                print(ecode, emsg)
+                self.fail("Failed to REFER when trying to delete %s" % dn)
+            else:
+                m = re.search(r'(ldap://[^>]+)>', emsg)
+                if m is None:
+                    self.fail("referral seems not to refer to anything")
+                address = m.group(1)
+
+                if address.lower().startswith(self.samdb.domain_dns_name()):
+                    self.fail("referral address did not give a specific DC")
+
+    def test_no_delete_nonexistent_objects(self):
+        dn = 'CN=does-not-exist-%s,CN=Users,%s' % (self.tag, self.base_dn)
+        try:
+            self.samdb.delete(dn)
+            self.fail("Failed to fail to delete %s" % (dn))
+        except ldb.LdbError as e5:
+            (ecode, emsg) = e5.args
+            if ecode != ldb.ERR_NO_SUCH_OBJECT:
+                print(ecode, emsg)
+                self.fail("Failed to NO_SUCH_OBJECT when trying to delete "
+                          "%s (which does not exist)" % dn)
+
+
+def main():
+    global HOST, CREDS, LP
+    parser = optparse.OptionParser("rodc.py [options] <host>")
+
+    sambaopts = options.SambaOptions(parser)
+    versionopts = options.VersionOptions(parser)
+    credopts = options.CredentialsOptions(parser)
+    subunitopts = SubunitOptions(parser)
+
+    parser.add_option_group(sambaopts)
+    parser.add_option_group(versionopts)
+    parser.add_option_group(credopts)
+    parser.add_option_group(subunitopts)
+
+    opts, args = parser.parse_args()
+
+    LP = sambaopts.get_loadparm()
+    CREDS = credopts.get_credentials(LP)
+
+    try:
+        HOST = args[0]
+    except IndexError:
+        parser.print_usage()
+        sys.exit(1)
+
+    if "://" not in HOST:
+        if os.path.isfile(HOST):
+            HOST = "tdb://%s" % HOST
+        else:
+            HOST = "ldap://%s" % HOST
+
+    TestProgram(module=__name__, opts=subunitopts)
+
+
+main()
diff --git a/source4/dsdb/tests/python/rodc_rwdc.py b/source4/dsdb/tests/python/rodc_rwdc.py
new file mode 100644
index 0000000..b2e8c73
--- /dev/null
+++ b/source4/dsdb/tests/python/rodc_rwdc.py
@@ -0,0 +1,1324 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+"""Test communication of credentials etc, between an RODC and a RWDC.
+
+How does it work when the password is changed on the RWDC?
+"""
+
+import optparse
+import sys
+import base64
+import uuid
+import subprocess
+import itertools
+import time
+
+sys.path.insert(0, "bin/python")
+import ldb
+
+from samba.tests.subunitrun import SubunitOptions, TestProgram
+import samba.getopt as options
+
+from samba.auth import system_session
+from samba.samdb import SamDB
+from samba.credentials import Credentials, DONT_USE_KERBEROS, MUST_USE_KERBEROS
+from samba import gensec, dsdb
+from ldb import LdbError, ERR_INVALID_CREDENTIALS
+from samba.dcerpc import security, samr
+import os
+
+import password_lockout_base
+
+def adjust_cmd_for_py_version(parts):
+    if os.getenv("PYTHON", None):
+        parts.insert(0, os.environ["PYTHON"])
+    return parts
+
+def passwd_encode(pw):
+    return base64.b64encode(('"%s"' % pw).encode('utf-16-le')).decode('utf8')
+
+
+class RodcRwdcTestException(Exception):
+    pass
+
+
+def make_creds(username, password, kerberos_state=None, simple_dn=None):
+    # use the global CREDS as a template
+    c = Credentials()
+    c.set_username(username)
+    c.set_password(password)
+    c.set_domain(CREDS.get_domain())
+    c.set_realm(CREDS.get_realm())
+    c.set_workstation(CREDS.get_workstation())
+
+    if simple_dn is not None:
+        c.set_bind_dn(simple_dn)
+
+    if kerberos_state is None:
+        kerberos_state = CREDS.get_kerberos_state()
+    c.set_kerberos_state(kerberos_state)
+
+    print('-' * 73)
+    if kerberos_state == MUST_USE_KERBEROS:
+        print("we seem to be using kerberos for %s %s" % (username, password))
+    elif kerberos_state == DONT_USE_KERBEROS:
+        print("NOT using kerberos for %s %s" % (username, password))
+    else:
+        print("kerberos state is %s" % kerberos_state)
+
+    c.set_gensec_features(c.get_gensec_features() |
+                          gensec.FEATURE_SEAL)
+    return c
+
+
+def set_auto_replication(dc, allow):
+    credstring = '-U%s%%%s' % (CREDS.get_username(),
+                               CREDS.get_password())
+
+    on_or_off = '-' if allow else '+'
+
+    for opt in ['DISABLE_INBOUND_REPL',
+                'DISABLE_OUTBOUND_REPL']:
+        cmd = adjust_cmd_for_py_version(['bin/samba-tool',
+               'drs', 'options',
+               credstring, dc,
+               "--dsa-option=%s%s" % (on_or_off, opt)])
+
+        p = subprocess.Popen(cmd,
+                             stderr=subprocess.PIPE,
+                             stdout=subprocess.PIPE)
+        stdout, stderr = p.communicate()
+        if p.returncode:
+            if b'LDAP_REFERRAL' not in stderr:
+                raise RodcRwdcTestException()
+            print("ignoring +%s REFERRAL error; assuming %s is RODC" %
+                  (opt, dc))
+
+
+def preload_rodc_user(user_dn):
+    credstring = '-U%s%%%s' % (CREDS.get_username(),
+                               CREDS.get_password())
+
+    set_auto_replication(RWDC, True)
+    cmd = adjust_cmd_for_py_version(['bin/samba-tool',
+           'rodc', 'preload',
+           user_dn,
+           credstring,
+           '--server', RWDC, ])
+
+    print(' '.join(cmd))
+    subprocess.check_call(cmd)
+    set_auto_replication(RWDC, False)
+
+
+def get_server_ref_from_samdb(samdb):
+    server_name = samdb.get_serverName()
+    res = samdb.search(server_name,
+                       scope=ldb.SCOPE_BASE,
+                       attrs=['serverReference'])
+
+    return res[0]['serverReference'][0]
+
+
+class RodcRwdcCachedTests(password_lockout_base.BasePasswordTestCase):
+
+    def _check_account_initial(self, dn):
+        self.force_replication()
+        return super(RodcRwdcCachedTests, self)._check_account_initial(dn)
+
+    def _check_account(self, dn,
+                       badPwdCount=None,
+                       badPasswordTime=None,
+                       logonCount=None,
+                       lastLogon=None,
+                       lastLogonTimestamp=None,
+                       lockoutTime=None,
+                       userAccountControl=None,
+                       msDSUserAccountControlComputed=None,
+                       effective_bad_password_count=None,
+                       msg=None,
+                       badPwdCountOnly=False):
+        # Wait for the RWDC to get any delayed messages
+        # e.g. SendToSam or KRB5 bad passwords via winbindd
+        if (self.kerberos and isinstance(badPasswordTime, tuple) or
+            badPwdCount == 0):
+            time.sleep(5)
+
+        return super(RodcRwdcCachedTests,
+                     self)._check_account(dn, badPwdCount, badPasswordTime,
+                                          logonCount, lastLogon,
+                                          lastLogonTimestamp, lockoutTime,
+                                          userAccountControl,
+                                          msDSUserAccountControlComputed,
+                                          effective_bad_password_count, msg,
+                                          True)
+
+    def force_replication(self, base=None):
+        if base is None:
+            base = self.base_dn
+
+        # XXX feels like a horrendous way to do it.
+        credstring = '-U%s%%%s' % (CREDS.get_username(),
+                                   CREDS.get_password())
+        cmd = adjust_cmd_for_py_version(['bin/samba-tool',
+               'drs', 'replicate',
+               RODC, RWDC, base,
+               credstring,
+               '--sync-forced'])
+
+        p = subprocess.Popen(cmd,
+                             stderr=subprocess.PIPE,
+                             stdout=subprocess.PIPE)
+        stdout, stderr = p.communicate()
+        if p.returncode:
+            print("failed with code %s" % p.returncode)
+            print(' '.join(cmd))
+            print("stdout")
+            print(stdout)
+            print("stderr")
+            print(stderr)
+            raise RodcRwdcTestException()
+
+    def _change_password(self, user_dn, old_password, new_password):
+        self.rwdc_db.modify_ldif(
+            "dn: %s\n"
+            "changetype: modify\n"
+            "delete: userPassword\n"
+            "userPassword: %s\n"
+            "add: userPassword\n"
+            "userPassword: %s\n" % (user_dn, old_password, new_password))
+
+    def tearDown(self):
+        super(RodcRwdcCachedTests, self).tearDown()
+        set_auto_replication(RWDC, True)
+
+    def setUp(self):
+        self.kerberos = False  # To be set later
+
+        self.rodc_db = SamDB('ldap://%s' % RODC, credentials=CREDS,
+                             session_info=system_session(LP), lp=LP)
+
+        self.rwdc_db = SamDB('ldap://%s' % RWDC, credentials=CREDS,
+                             session_info=system_session(LP), lp=LP)
+
+        # Define variables for BasePasswordTestCase
+        self.lp = LP
+        self.global_creds = CREDS
+        self.host = RWDC
+        self.host_url = 'ldap://%s' % RWDC
+        self.host_url_ldaps = 'ldaps://%s' % RWDC
+        self.ldb = SamDB(url='ldap://%s' % RWDC, session_info=system_session(self.lp),
+                         credentials=self.global_creds, lp=self.lp)
+
+        super(RodcRwdcCachedTests, self).setUp()
+        self.host_url = 'ldap://%s' % RODC
+        self.host_url_ldaps = 'ldaps://%s' % RODC
+
+        self.samr = samr.samr("ncacn_ip_tcp:%s[seal]" % self.host, self.lp, self.global_creds)
+        self.samr_handle = self.samr.Connect2(None, security.SEC_FLAG_MAXIMUM_ALLOWED)
+        self.samr_domain = self.samr.OpenDomain(self.samr_handle, security.SEC_FLAG_MAXIMUM_ALLOWED, self.domain_sid)
+
+        self.base_dn = self.rwdc_db.domain_dn()
+
+        root = self.rodc_db.search(base='', scope=ldb.SCOPE_BASE,
+                                   attrs=['dsServiceName'])
+        self.service = root[0]['dsServiceName'][0]
+        self.tag = uuid.uuid4().hex
+
+        self.rwdc_dsheuristics = self.rwdc_db.get_dsheuristics()
+        self.rwdc_db.set_dsheuristics("000000001")
+
+        set_auto_replication(RWDC, False)
+
+        # make sure DCs are synchronized before the test
+        self.force_replication()
+
+    def delete_ldb_connections(self):
+        super(RodcRwdcCachedTests, self).delete_ldb_connections()
+        del self.rwdc_db
+        del self.rodc_db
+
+    def test_cache_and_flush_password(self):
+        username = self.lockout1krb5_creds.get_username()
+        userpass = self.lockout1krb5_creds.get_password()
+        userdn = "cn=%s,cn=users,%s" % (username, self.base_dn)
+
+        ldb_system = SamDB(session_info=system_session(self.lp),
+                           credentials=self.global_creds, lp=self.lp)
+
+        res = ldb_system.search(userdn, attrs=['unicodePwd'])
+        self.assertFalse('unicodePwd' in res[0])
+
+        preload_rodc_user(userdn)
+
+        res = ldb_system.search(userdn, attrs=['unicodePwd'])
+        self.assertTrue('unicodePwd' in res[0])
+
+        # force replication here to flush any pending preloads (this
+        # was a racy test).
+        self.force_replication()
+
+        newpass = userpass + '!'
+
+        # Forcing replication should blank out password (when changed)
+        self._change_password(userdn, userpass, newpass)
+        self.force_replication()
+
+        res = ldb_system.search(userdn, attrs=['unicodePwd'])
+        self.assertFalse('unicodePwd' in res[0])
+
+    def test_login_lockout_krb5(self):
+        username = self.lockout1krb5_creds.get_username()
+        userpass = self.lockout1krb5_creds.get_password()
+        userdn = "cn=%s,cn=users,%s" % (username, self.base_dn)
+
+        preload_rodc_user(userdn)
+
+        self.kerberos = True
+
+        self.rodc_dn = get_server_ref_from_samdb(self.rodc_db)
+
+        res = self.rodc_db.search(self.rodc_dn,
+                                  scope=ldb.SCOPE_BASE,
+                                  attrs=['msDS-RevealOnDemandGroup'])
+
+        group = res[0]['msDS-RevealOnDemandGroup'][0].decode('utf8')
+
+        m = ldb.Message()
+        m.dn = ldb.Dn(self.rwdc_db, group)
+        m['member'] = ldb.MessageElement(userdn, ldb.FLAG_MOD_ADD, 'member')
+        self.rwdc_db.modify(m)
+
+        m = ldb.Message()
+        m.dn = ldb.Dn(self.ldb, self.base_dn)
+
+        self.account_lockout_duration = 15
+        account_lockout_duration_ticks = -int(self.account_lockout_duration * (1e7))
+
+        m["lockoutDuration"] = ldb.MessageElement(str(account_lockout_duration_ticks),
+                                                  ldb.FLAG_MOD_REPLACE,
+                                                  "lockoutDuration")
+
+        self.lockout_observation_window = 15
+        lockout_observation_window_ticks = -int(self.lockout_observation_window * (1e7))
+
+        m["lockOutObservationWindow"] = ldb.MessageElement(str(lockout_observation_window_ticks),
+                                                           ldb.FLAG_MOD_REPLACE,
+                                                           "lockOutObservationWindow")
+
+        self.rwdc_db.modify(m)
+        self.force_replication()
+
+        self._test_login_lockout_rodc_rwdc(self.lockout1krb5_creds, userdn)
+
+    def test_login_lockout_ntlm(self):
+        username = self.lockout1ntlm_creds.get_username()
+        userpass = self.lockout1ntlm_creds.get_password()
+        userdn = "cn=%s,cn=users,%s" % (username, self.base_dn)
+
+        preload_rodc_user(userdn)
+
+        self.kerberos = False
+
+        self.rodc_dn = get_server_ref_from_samdb(self.rodc_db)
+
+        res = self.rodc_db.search(self.rodc_dn,
+                                  scope=ldb.SCOPE_BASE,
+                                  attrs=['msDS-RevealOnDemandGroup'])
+
+        group = res[0]['msDS-RevealOnDemandGroup'][0].decode('utf8')
+
+        m = ldb.Message()
+        m.dn = ldb.Dn(self.rwdc_db, group)
+        m['member'] = ldb.MessageElement(userdn, ldb.FLAG_MOD_ADD, 'member')
+        self.rwdc_db.modify(m)
+
+        self._test_login_lockout_rodc_rwdc(self.lockout1ntlm_creds, userdn)
+
+    def test_login_lockout_not_revealed(self):
+        '''Test that SendToSam is restricted by preloaded users/groups'''
+
+        username = self.lockout1ntlm_creds.get_username()
+        userpass = self.lockout1ntlm_creds.get_password()
+        userdn = "cn=%s,cn=users,%s" % (username, self.base_dn)
+
+        # Preload but do not add to revealed group
+        preload_rodc_user(userdn)
+
+        self.kerberos = False
+
+        creds = self.lockout1ntlm_creds
+
+        # Open a second LDB connection with the user credentials. Use the
+        # command line credentials for information like the domain, the realm
+        # and the workstation.
+        creds_lockout = self.insta_creds(creds)
+
+        # The wrong password
+        creds_lockout.set_password("thatsAcomplPASS1x")
+
+        self.assertLoginFailure(self.host_url, creds_lockout, self.lp)
+
+        badPasswordTime = 0
+        logonCount = 0
+        lastLogon = 0
+        lastLogonTimestamp = 0
+        logoncount_relation = ''
+        lastlogon_relation = ''
+
+        res = self._check_account(userdn,
+                                  badPwdCount=1,
+                                  badPasswordTime=("greater", badPasswordTime),
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0,
+                                  msg='lastlogontimestamp with wrong password')
+        badPasswordTime = int(res[0]["badPasswordTime"][0])
+
+        # BadPwdCount on RODC increases alongside RWDC
+        res = self.rodc_db.search(userdn, attrs=['badPwdCount'])
+        self.assertTrue('badPwdCount' in res[0])
+        self.assertEqual(int(res[0]['badPwdCount'][0]), 1)
+
+        # Correct old password
+        creds_lockout.set_password(userpass)
+
+        ldb_lockout = SamDB(url=self.host_url, credentials=creds_lockout, lp=self.lp)
+
+        # Wait for potential SendToSam...
+        time.sleep(5)
+
+        # BadPwdCount on RODC decreases, but not the RWDC
+        res = self._check_account(userdn,
+                                  badPwdCount=1,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=(logoncount_relation, logonCount),
+                                  lastLogon=('greater', lastLogon),
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0,
+                                  msg='badPwdCount not reset on RWDC')
+
+        res = self.rodc_db.search(userdn, attrs=['badPwdCount'])
+        self.assertTrue('badPwdCount' in res[0])
+        self.assertEqual(int(res[0]['badPwdCount'][0]), 0)
+
+    def _test_login_lockout_rodc_rwdc(self, creds, userdn):
+        username = creds.get_username()
+        userpass = creds.get_password()
+
+        # Open a second LDB connection with the user credentials. Use the
+        # command line credentials for information like the domain, the realm
+        # and the workstation.
+        creds_lockout = self.insta_creds(creds)
+
+        # The wrong password
+        creds_lockout.set_password("thatsAcomplPASS1x")
+
+        self.assertLoginFailure(self.host_url, creds_lockout, self.lp)
+
+        badPasswordTime = 0
+        logonCount = 0
+        lastLogon = 0
+        lastLogonTimestamp = 0
+        logoncount_relation = ''
+        lastlogon_relation = ''
+
+        res = self._check_account(userdn,
+                                  badPwdCount=1,
+                                  badPasswordTime=("greater", badPasswordTime),
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0,
+                                  msg='lastlogontimestamp with wrong password')
+        badPasswordTime = int(res[0]["badPasswordTime"][0])
+
+        # Correct old password
+        creds_lockout.set_password(userpass)
+
+        ldb_lockout = SamDB(url=self.host_url, credentials=creds_lockout, lp=self.lp)
+
+        # lastLogonTimestamp should not change
+        # lastLogon increases if badPwdCount is non-zero (!)
+        res = self._check_account(userdn,
+                                  badPwdCount=0,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=(logoncount_relation, logonCount),
+                                  lastLogon=('greater', lastLogon),
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0,
+                                  msg='LLTimestamp is updated to lastlogon')
+
+        logonCount = int(res[0]["logonCount"][0])
+        lastLogon = int(res[0]["lastLogon"][0])
+
+        # The wrong password
+        creds_lockout.set_password("thatsAcomplPASS1x")
+
+        self.assertLoginFailure(self.host_url, creds_lockout, self.lp)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=1,
+                                  badPasswordTime=("greater", badPasswordTime),
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+        badPasswordTime = int(res[0]["badPasswordTime"][0])
+
+        # The wrong password
+        creds_lockout.set_password("thatsAcomplPASS1x")
+
+        try:
+            ldb_lockout = SamDB(url=self.host_url, credentials=creds_lockout, lp=self.lp)
+            self.fail()
+
+        except LdbError as e1:
+            (num, msg) = e1.args
+            self.assertEqual(num, ERR_INVALID_CREDENTIALS)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=2,
+                                  badPasswordTime=("greater", badPasswordTime),
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+        badPasswordTime = int(res[0]["badPasswordTime"][0])
+
+        print("two failed password change")
+
+        # The wrong password
+        creds_lockout.set_password("thatsAcomplPASS1x")
+
+        try:
+            ldb_lockout = SamDB(url=self.host_url, credentials=creds_lockout, lp=self.lp)
+            self.fail()
+
+        except LdbError as e2:
+            (num, msg) = e2.args
+            self.assertEqual(num, ERR_INVALID_CREDENTIALS)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=3,
+                                  badPasswordTime=("greater", badPasswordTime),
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  lockoutTime=("greater", badPasswordTime),
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=dsdb.UF_LOCKOUT)
+        badPasswordTime = int(res[0]["badPasswordTime"][0])
+        lockoutTime = int(res[0]["lockoutTime"][0])
+
+        # The wrong password
+        creds_lockout.set_password("thatsAcomplPASS1x")
+        try:
+            ldb_lockout = SamDB(url=self.host_url, credentials=creds_lockout, lp=self.lp)
+            self.fail()
+        except LdbError as e3:
+            (num, msg) = e3.args
+            self.assertEqual(num, ERR_INVALID_CREDENTIALS)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=3,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  lockoutTime=lockoutTime,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=dsdb.UF_LOCKOUT)
+
+        # The wrong password
+        creds_lockout.set_password("thatsAcomplPASS1x")
+        try:
+            ldb_lockout = SamDB(url=self.host_url, credentials=creds_lockout, lp=self.lp)
+            self.fail()
+        except LdbError as e4:
+            (num, msg) = e4.args
+            self.assertEqual(num, ERR_INVALID_CREDENTIALS)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=3,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  lockoutTime=lockoutTime,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=dsdb.UF_LOCKOUT)
+
+        # The correct password, but we are locked out
+        creds_lockout.set_password(userpass)
+        try:
+            ldb_lockout = SamDB(url=self.host_url, credentials=creds_lockout, lp=self.lp)
+            self.fail()
+        except LdbError as e5:
+            (num, msg) = e5.args
+            self.assertEqual(num, ERR_INVALID_CREDENTIALS)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=3,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=logonCount,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  lockoutTime=lockoutTime,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=dsdb.UF_LOCKOUT)
+
+        # wait for the lockout to end
+        time.sleep(self.account_lockout_duration + 1)
+        print(self.account_lockout_duration + 1)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=3, effective_bad_password_count=0,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=logonCount,
+                                  lockoutTime=lockoutTime,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+
+        # The correct password after letting the timeout expire
+
+        creds_lockout.set_password(userpass)
+
+        creds_lockout2 = self.insta_creds(creds_lockout)
+
+        ldb_lockout = SamDB(url=self.host_url, credentials=creds_lockout2, lp=self.lp)
+        time.sleep(3)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=0,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=(logoncount_relation, logonCount),
+                                  lastLogon=(lastlogon_relation, lastLogon),
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  lockoutTime=lockoutTime,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0,
+                                  msg="lastLogon is way off")
+
+        # The wrong password
+        creds_lockout.set_password("thatsAcomplPASS1x")
+        try:
+            ldb_lockout = SamDB(url=self.host_url, credentials=creds_lockout, lp=self.lp)
+            self.fail()
+        except LdbError as e6:
+            (num, msg) = e6.args
+            self.assertEqual(num, ERR_INVALID_CREDENTIALS)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=1,
+                                  badPasswordTime=("greater", badPasswordTime),
+                                  logonCount=logonCount,
+                                  lockoutTime=lockoutTime,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+        badPasswordTime = int(res[0]["badPasswordTime"][0])
+
+        # The wrong password
+        creds_lockout.set_password("thatsAcomplPASS1x")
+        try:
+            ldb_lockout = SamDB(url=self.host_url, credentials=creds_lockout, lp=self.lp)
+            self.fail()
+        except LdbError as e7:
+            (num, msg) = e7.args
+            self.assertEqual(num, ERR_INVALID_CREDENTIALS)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=2,
+                                  badPasswordTime=("greater", badPasswordTime),
+                                  logonCount=logonCount,
+                                  lockoutTime=lockoutTime,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+        badPasswordTime = int(res[0]["badPasswordTime"][0])
+
+        time.sleep(self.lockout_observation_window + 1)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=2, effective_bad_password_count=0,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=logonCount,
+                                  lockoutTime=lockoutTime,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+
+        # The wrong password
+        creds_lockout.set_password("thatsAcomplPASS1x")
+        try:
+            ldb_lockout = SamDB(url=self.host_url, credentials=creds_lockout, lp=self.lp)
+            self.fail()
+        except LdbError as e8:
+            (num, msg) = e8.args
+            self.assertEqual(num, ERR_INVALID_CREDENTIALS)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=1,
+                                  badPasswordTime=("greater", badPasswordTime),
+                                  logonCount=logonCount,
+                                  lockoutTime=lockoutTime,
+                                  lastLogon=lastLogon,
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+        badPasswordTime = int(res[0]["badPasswordTime"][0])
+
+        # The correct password without letting the timeout expire
+        creds_lockout.set_password(userpass)
+        ldb_lockout = SamDB(url=self.host_url, credentials=creds_lockout, lp=self.lp)
+
+        res = self._check_account(userdn,
+                                  badPwdCount=0,
+                                  badPasswordTime=badPasswordTime,
+                                  logonCount=(logoncount_relation, logonCount),
+                                  lockoutTime=lockoutTime,
+                                  lastLogon=("greater", lastLogon),
+                                  lastLogonTimestamp=lastLogonTimestamp,
+                                  userAccountControl=dsdb.UF_NORMAL_ACCOUNT,
+                                  msDSUserAccountControlComputed=0)
+
+
+class RodcRwdcTests(password_lockout_base.BasePasswordTestCase):
+    counter = itertools.count(1, 1)
+
+    def force_replication(self, base=None):
+        if base is None:
+            base = self.base_dn
+
+        # XXX feels like a horrendous way to do it.
+        credstring = '-U%s%%%s' % (CREDS.get_username(),
+                                   CREDS.get_password())
+        cmd = adjust_cmd_for_py_version(['bin/samba-tool',
+               'drs', 'replicate',
+               RODC, RWDC, base,
+               credstring,
+               '--sync-forced'])
+
+        p = subprocess.Popen(cmd,
+                             stderr=subprocess.PIPE,
+                             stdout=subprocess.PIPE)
+        stdout, stderr = p.communicate()
+        if p.returncode:
+            print("failed with code %s" % p.returncode)
+            print(' '.join(cmd))
+            print("stdout")
+            print(stdout)
+            print("stderr")
+            print(stderr)
+            raise RodcRwdcTestException()
+
+    def _check_account_initial(self, dn):
+        self.force_replication()
+        return super(RodcRwdcTests, self)._check_account_initial(dn)
+
+    def tearDown(self):
+        super(RodcRwdcTests, self).tearDown()
+        self.rwdc_db.set_dsheuristics(self.rwdc_dsheuristics)
+        CREDS.set_kerberos_state(DONT_USE_KERBEROS)
+        set_auto_replication(RWDC, True)
+
+    def setUp(self):
+        self.rodc_db = SamDB('ldap://%s' % RODC, credentials=CREDS,
+                             session_info=system_session(LP), lp=LP)
+
+        self.rwdc_db = SamDB('ldap://%s' % RWDC, credentials=CREDS,
+                             session_info=system_session(LP), lp=LP)
+
+        # Define variables for BasePasswordTestCase
+        self.lp = LP
+        self.global_creds = CREDS
+        self.host = RWDC
+        self.host_url = 'ldap://%s' % RWDC
+        self.host_url_ldaps = 'ldaps://%s' % RWDC
+        self.ldb = SamDB(url='ldap://%s' % RWDC, session_info=system_session(self.lp),
+                         credentials=self.global_creds, lp=self.lp)
+
+        super(RodcRwdcTests, self).setUp()
+        self.host = RODC
+        self.host_url = 'ldap://%s' % RODC
+        self.host_url_ldaps = 'ldaps://%s' % RODC
+        self.ldb = SamDB(url='ldap://%s' % RODC, session_info=system_session(self.lp),
+                         credentials=self.global_creds, lp=self.lp)
+
+        self.samr = samr.samr("ncacn_ip_tcp:%s[seal]" % self.host, self.lp, self.global_creds)
+        self.samr_handle = self.samr.Connect2(None, security.SEC_FLAG_MAXIMUM_ALLOWED)
+        self.samr_domain = self.samr.OpenDomain(self.samr_handle, security.SEC_FLAG_MAXIMUM_ALLOWED, self.domain_sid)
+
+        self.base_dn = self.rwdc_db.domain_dn()
+
+        root = self.rodc_db.search(base='', scope=ldb.SCOPE_BASE,
+                                   attrs=['dsServiceName'])
+        self.service = root[0]['dsServiceName'][0]
+        self.tag = uuid.uuid4().hex
+
+        self.rwdc_dsheuristics = self.rwdc_db.get_dsheuristics()
+        self.rwdc_db.set_dsheuristics("000000001")
+
+        set_auto_replication(RWDC, False)
+
+        # make sure DCs are synchronized before the test
+        self.force_replication()
+        self.rwdc_dn = get_server_ref_from_samdb(self.rwdc_db)
+        self.rodc_dn = get_server_ref_from_samdb(self.rodc_db)
+
+    def delete_ldb_connections(self):
+        super(RodcRwdcTests, self).delete_ldb_connections()
+        del self.rwdc_db
+        del self.rodc_db
+
+    def assertReferral(self, fn, *args, **kwargs):
+        try:
+            fn(*args, **kwargs)
+            self.fail("failed to raise ldap referral")
+        except ldb.LdbError as e9:
+            (code, msg) = e9.args
+            self.assertEqual(code, ldb.ERR_REFERRAL,
+                             "expected referral, got %s %s" % (code, msg))
+
+    def _test_rodc_dsheuristics(self):
+        d = self.rodc_db.get_dsheuristics()
+        self.assertReferral(self.rodc_db.set_dsheuristics, "000000001")
+        self.assertReferral(self.rodc_db.set_dsheuristics, d)
+
+    def TEST_rodc_heuristics_kerberos(self):
+        CREDS.set_kerberos_state(MUST_USE_KERBEROS)
+        self._test_rodc_dsheuristics()
+
+    def TEST_rodc_heuristics_ntlm(self):
+        CREDS.set_kerberos_state(DONT_USE_KERBEROS)
+        self._test_rodc_dsheuristics()
+
+    def _test_add(self, objects, cross_ncs=False):
+        for o in objects:
+            dn = o['dn']
+            if cross_ncs:
+                base = str(self.rwdc_db.get_config_basedn())
+                controls = ["search_options:1:2"]
+                cn = dn.split(',', 1)[0]
+                expression = '(%s)' % cn
+            else:
+                base = dn
+                controls = []
+                expression = None
+
+            try:
+                res = self.rodc_db.search(base,
+                                          expression=expression,
+                                          scope=ldb.SCOPE_SUBTREE,
+                                          attrs=['dn'],
+                                          controls=controls)
+                self.assertEqual(len(res), 0)
+            except ldb.LdbError as e:
+                if e.args[0] != ldb.ERR_NO_SUCH_OBJECT:
+                    raise
+
+            try:
+                self.rwdc_db.add(o)
+            except ldb.LdbError as e:
+                (ecode, emsg) = e.args
+                self.fail("Failed to add %s to rwdc: ldb error: %s %s" %
+                          (o, ecode, emsg))
+
+            if cross_ncs:
+                self.force_replication(base=base)
+            else:
+                self.force_replication()
+
+            try:
+                res = self.rodc_db.search(base,
+                                          expression=expression,
+                                          scope=ldb.SCOPE_SUBTREE,
+                                          attrs=['dn'],
+                                          controls=controls)
+                self.assertEqual(len(res), 1)
+            except ldb.LdbError as e:
+                self.assertNotEqual(e.args[0], ldb.ERR_NO_SUCH_OBJECT,
+                                    "replication seems to have failed")
+
+    def _test_add_replicated_objects(self, mode):
+        tag = "%s%s" % (self.tag, mode)
+        self._test_add([
+            {
+                'dn': "ou=%s1,%s" % (tag, self.base_dn),
+                "objectclass": "organizationalUnit"
+            },
+            {
+                'dn': "cn=%s2,%s" % (tag, self.base_dn),
+                "objectclass": "user"
+            },
+            {
+                'dn': "cn=%s3,%s" % (tag, self.base_dn),
+                "objectclass": "group"
+            },
+        ])
+        self.rwdc_db.delete("ou=%s1,%s" % (tag, self.base_dn))
+        self.rwdc_db.delete("cn=%s2,%s" % (tag, self.base_dn))
+        self.rwdc_db.delete("cn=%s3,%s" % (tag, self.base_dn))
+
+    def test_add_replicated_objects_kerberos(self):
+        CREDS.set_kerberos_state(MUST_USE_KERBEROS)
+        self._test_add_replicated_objects('kerberos')
+
+    def test_add_replicated_objects_ntlm(self):
+        CREDS.set_kerberos_state(DONT_USE_KERBEROS)
+        self._test_add_replicated_objects('ntlm')
+
+    def _test_add_replicated_connections(self, mode):
+        tag = "%s%s" % (self.tag, mode)
+        self._test_add([
+            {
+                'dn': "cn=%sfoofoofoo,%s" % (tag, self.service),
+                "objectclass": "NTDSConnection",
+                'enabledConnection': 'TRUE',
+                'fromServer': self.base_dn,
+                'options': '0'
+            },
+        ], cross_ncs=True)
+        self.rwdc_db.delete("cn=%sfoofoofoo,%s" % (tag, self.service))
+
+    def test_add_replicated_connections_kerberos(self):
+        CREDS.set_kerberos_state(MUST_USE_KERBEROS)
+        self._test_add_replicated_connections('kerberos')
+
+    def test_add_replicated_connections_ntlm(self):
+        CREDS.set_kerberos_state(DONT_USE_KERBEROS)
+        self._test_add_replicated_connections('ntlm')
+
+    def _test_modify_replicated_attributes(self):
+        dn = 'CN=Guest,CN=Users,' + self.base_dn
+        value = self.tag
+        for attr in ['carLicense', 'middleName']:
+            m = ldb.Message()
+            m.dn = ldb.Dn(self.rwdc_db, dn)
+            m[attr] = ldb.MessageElement(value,
+                                         ldb.FLAG_MOD_REPLACE,
+                                         attr)
+            try:
+                self.rwdc_db.modify(m)
+            except ldb.LdbError as e:
+                self.fail("Failed to modify %s %s on RWDC %s with %s" %
+                          (dn, attr, RWDC, e))
+
+            self.force_replication()
+
+            try:
+                res = self.rodc_db.search(dn,
+                                          scope=ldb.SCOPE_SUBTREE,
+                                          attrs=[attr])
+                results = [str(x[attr][0]) for x in res]
+                self.assertEqual(results, [value])
+            except ldb.LdbError as e:
+                self.assertNotEqual(e.args[0], ldb.ERR_NO_SUCH_OBJECT,
+                                    "replication seems to have failed")
+
+    def test_modify_replicated_attributes_kerberos(self):
+        CREDS.set_kerberos_state(MUST_USE_KERBEROS)
+        self._test_modify_replicated_attributes()
+
+    def test_modify_replicated_attributes_ntlm(self):
+        CREDS.set_kerberos_state(DONT_USE_KERBEROS)
+        self._test_modify_replicated_attributes()
+
+    def _test_add_modify_delete(self):
+        dn = "cn=%s_add_modify,%s" % (self.tag, self.base_dn)
+        values = ["%s%s" % (i, self.tag) for i in range(3)]
+        attr = "carLicense"
+        self._test_add([
+            {
+                'dn': dn,
+                "objectclass": "user",
+                attr: values[0]
+            },
+        ])
+        self.force_replication()
+        for value in values[1:]:
+
+            m = ldb.Message()
+            m.dn = ldb.Dn(self.rwdc_db, dn)
+            m[attr] = ldb.MessageElement(value,
+                                         ldb.FLAG_MOD_REPLACE,
+                                         attr)
+            try:
+                self.rwdc_db.modify(m)
+            except ldb.LdbError as e:
+                self.fail("Failed to modify %s %s on RWDC %s with %s" %
+                          (dn, attr, RWDC, e))
+
+            self.force_replication()
+
+            try:
+                res = self.rodc_db.search(dn,
+                                          scope=ldb.SCOPE_SUBTREE,
+                                          attrs=[attr])
+                results = [str(x[attr][0]) for x in res]
+                self.assertEqual(results, [value])
+            except ldb.LdbError as e:
+                self.assertNotEqual(e.args[0], ldb.ERR_NO_SUCH_OBJECT,
+                                    "replication seems to have failed")
+
+        self.rwdc_db.delete(dn)
+        self.force_replication()
+        try:
+            res = self.rodc_db.search(dn,
+                                      scope=ldb.SCOPE_SUBTREE,
+                                      attrs=[attr])
+            if len(res) > 0:
+                self.fail("Failed to delete %s" % (dn))
+        except ldb.LdbError as e:
+            self.assertEqual(e.args[0], ldb.ERR_NO_SUCH_OBJECT,
+                             "Failed to delete %s" % (dn))
+
+    def test_add_modify_delete_kerberos(self):
+        CREDS.set_kerberos_state(MUST_USE_KERBEROS)
+        self._test_add_modify_delete()
+
+    def test_add_modify_delete_ntlm(self):
+        CREDS.set_kerberos_state(DONT_USE_KERBEROS)
+        self._test_add_modify_delete()
+
+    def _new_user(self):
+        username = "u%sX%s" % (self.tag[:12], next(self.counter))
+        password = 'password#1'
+        dn = 'CN=%s,CN=Users,%s' % (username, self.base_dn)
+        o = {
+            'dn': dn,
+            "objectclass": "user",
+            'sAMAccountName': username,
+        }
+        try:
+            self.rwdc_db.add(o)
+        except ldb.LdbError as e:
+            self.fail("Failed to add %s to rwdc: ldb error: %s" % (o, e))
+
+        self.rwdc_db.modify_ldif("dn: %s\n"
+                                 "changetype: modify\n"
+                                 "delete: userPassword\n"
+                                 "add: userPassword\n"
+                                 "userPassword: %s\n" % (dn, password))
+        self.rwdc_db.enable_account("(sAMAccountName=%s)" % username)
+        return (dn, username, password)
+
+    def _change_password(self, user_dn, old_password, new_password):
+        self.rwdc_db.modify_ldif(
+            "dn: %s\n"
+            "changetype: modify\n"
+            "delete: userPassword\n"
+            "userPassword: %s\n"
+            "add: userPassword\n"
+            "userPassword: %s\n" % (user_dn, old_password, new_password))
+
+    def try_ldap_logon(self, server, creds, errno=None, simple=False):
+        try:
+            if simple:
+                tmpdb = SamDB('ldaps://%s' % server, credentials=creds,
+                              session_info=system_session(LP), lp=LP)
+            else:
+                tmpdb = SamDB('ldap://%s' % server, credentials=creds,
+                              session_info=system_session(LP), lp=LP)
+            if errno is not None:
+                self.fail("logon failed to fail with ldb error %s" % errno)
+        except ldb.LdbError as e10:
+            (code, msg) = e10.args
+            if code != errno:
+                if errno is None:
+                    self.fail("logon incorrectly raised ldb error (code=%s)" %
+                              code)
+                else:
+                    self.fail("logon failed to raise correct ldb error"
+                              "Expected: %s Got: %s" %
+                              (errno, code))
+
+    def zero_min_password_age(self):
+        min_pwd_age = int(self.rwdc_db.get_minPwdAge())
+        if min_pwd_age != 0:
+            self.rwdc_db.set_minPwdAge('0')
+
+    def _test_ldap_change_password(self, errno=None, simple=False):
+        self.zero_min_password_age()
+
+        dn, username, password = self._new_user()
+
+        simple_dn = dn if simple else None
+
+        creds1 = make_creds(username, password, simple_dn=simple_dn)
+
+        # With NTLM, this should fail on RODC before replication,
+        # because the user isn't known.
+        self.try_ldap_logon(RODC, creds1, ldb.ERR_INVALID_CREDENTIALS,
+                            simple=simple)
+        self.force_replication()
+
+        # Now the user is replicated to RODC, so logon should work
+        self.try_ldap_logon(RODC, creds1, simple=simple)
+
+        passwords = ['password#%s' % i for i in range(1, 6)]
+        for prev, password in zip(passwords[:-1], passwords[1:]):
+            self._change_password(dn, prev, password)
+
+        # The password has changed enough times to make the old
+        # password invalid (though with kerberos that doesn't matter).
+        # For NTLM, the old creds should always fail
+        self.try_ldap_logon(RODC, creds1, errno, simple=simple)
+        self.try_ldap_logon(RWDC, creds1, errno, simple=simple)
+
+        creds2 = make_creds(username, password, simple_dn=simple_dn)
+
+        # new creds work straight away with NTLM, because although it
+        # doesn't have the password, it knows the user and forwards
+        # the query.
+        self.try_ldap_logon(RODC, creds2, simple=simple)
+        self.try_ldap_logon(RWDC, creds2, simple=simple)
+
+        self.force_replication()
+
+        # After another replication check RODC still works and fails,
+        # as appropriate to various creds
+        self.try_ldap_logon(RODC, creds2, simple=simple)
+        self.try_ldap_logon(RODC, creds1, errno, simple=simple)
+
+        prev = password
+        password = 'password#6'
+        self._change_password(dn, prev, password)
+        creds3 = make_creds(username, password, simple_dn=simple_dn)
+
+        # previous password should still work.
+        self.try_ldap_logon(RWDC, creds2, simple=simple)
+        self.try_ldap_logon(RODC, creds2, simple=simple)
+
+        # new password should still work.
+        self.try_ldap_logon(RWDC, creds3, simple=simple)
+        self.try_ldap_logon(RODC, creds3, simple=simple)
+
+        # old password should still fail (but not on kerberos).
+        self.try_ldap_logon(RWDC, creds1, errno, simple=simple)
+        self.try_ldap_logon(RODC, creds1, errno, simple=simple)
+
+    def test_ldap_change_password_kerberos(self):
+        CREDS.set_kerberos_state(MUST_USE_KERBEROS)
+        self._test_ldap_change_password()
+
+    def test_ldap_change_password_ntlm(self):
+        CREDS.set_kerberos_state(DONT_USE_KERBEROS)
+        self._test_ldap_change_password(ldb.ERR_INVALID_CREDENTIALS)
+
+    def test_ldap_change_password_simple_bind(self):
+        CREDS.set_kerberos_state(DONT_USE_KERBEROS)
+        self._test_ldap_change_password(ldb.ERR_INVALID_CREDENTIALS, simple=True)
+
+    def _test_ldap_change_password_reveal_on_demand(self, errno=None):
+        self.zero_min_password_age()
+
+        res = self.rodc_db.search(self.rodc_dn,
+                                  scope=ldb.SCOPE_BASE,
+                                  attrs=['msDS-RevealOnDemandGroup'])
+
+        group = res[0]['msDS-RevealOnDemandGroup'][0].decode('utf8')
+
+        user_dn, username, password = self._new_user()
+        creds1 = make_creds(username, password)
+
+        m = ldb.Message()
+        m.dn = ldb.Dn(self.rwdc_db, group)
+        m['member'] = ldb.MessageElement(user_dn, ldb.FLAG_MOD_ADD, 'member')
+        self.rwdc_db.modify(m)
+
+        # Against Windows, this will just forward if no account exists on the KDC
+        # Therefore, this does not error on Windows.
+        self.try_ldap_logon(RODC, creds1, ldb.ERR_INVALID_CREDENTIALS)
+
+        self.force_replication()
+
+        # The proxy case
+        self.try_ldap_logon(RODC, creds1)
+        preload_rodc_user(user_dn)
+
+        # Now the user AND password are replicated to RODC, so logon should work (not proxy case)
+        self.try_ldap_logon(RODC, creds1)
+
+        passwords = ['password#%s' % i for i in range(1, 6)]
+        for prev, password in zip(passwords[:-1], passwords[1:]):
+            self._change_password(user_dn, prev, password)
+
+        # The password has changed enough times to make the old
+        # password invalid, but the RODC shouldn't know that.
+        self.try_ldap_logon(RODC, creds1)
+        self.try_ldap_logon(RWDC, creds1, errno)
+
+        creds2 = make_creds(username, password)
+        self.try_ldap_logon(RWDC, creds2)
+        # The RODC forward WRONG_PASSWORD to the RWDC
+        self.try_ldap_logon(RODC, creds2)
+
+    def test_change_password_reveal_on_demand_ntlm(self):
+        CREDS.set_kerberos_state(DONT_USE_KERBEROS)
+        self._test_ldap_change_password_reveal_on_demand(ldb.ERR_INVALID_CREDENTIALS)
+
+    def test_change_password_reveal_on_demand_kerberos(self):
+        CREDS.set_kerberos_state(MUST_USE_KERBEROS)
+        self._test_ldap_change_password_reveal_on_demand()
+
+    def test_login_lockout_krb5(self):
+        username = self.lockout1krb5_creds.get_username()
+        userpass = self.lockout1krb5_creds.get_password()
+        userdn = "cn=%s,cn=users,%s" % (username, self.base_dn)
+
+        preload_rodc_user(userdn)
+
+        use_kerberos = self.lockout1krb5_creds.get_kerberos_state()
+        fail_creds = self.insta_creds(self.template_creds,
+                                      username=username,
+                                      userpass=userpass + "X",
+                                      kerberos_state=use_kerberos)
+
+        try:
+            ldb = SamDB(url=self.host_url, credentials=fail_creds, lp=self.lp)
+            self.fail()
+        except LdbError as e11:
+            (num, msg) = e11.args
+            self.assertEqual(num, ERR_INVALID_CREDENTIALS)
+
+        # Succeed to reset everything to 0
+        success_creds = self.insta_creds(self.template_creds,
+                                         username=username,
+                                         userpass=userpass,
+                                         kerberos_state=use_kerberos)
+
+        ldb = SamDB(url=self.host_url, credentials=success_creds, lp=self.lp)
+
+        self._test_login_lockout(self.lockout1krb5_creds)
+
+    def test_login_lockout_ntlm(self):
+        username = self.lockout1ntlm_creds.get_username()
+        userpass = self.lockout1ntlm_creds.get_password()
+        userdn = "cn=%s,cn=users,%s" % (username, self.base_dn)
+
+        preload_rodc_user(userdn)
+
+        use_kerberos = self.lockout1ntlm_creds.get_kerberos_state()
+        fail_creds = self.insta_creds(self.template_creds,
+                                      username=username,
+                                      userpass=userpass + "X",
+                                      kerberos_state=use_kerberos)
+
+        try:
+            ldb = SamDB(url=self.host_url, credentials=fail_creds, lp=self.lp)
+            self.fail()
+        except LdbError as e12:
+            (num, msg) = e12.args
+            self.assertEqual(num, ERR_INVALID_CREDENTIALS)
+
+        # Succeed to reset everything to 0
+        ldb = SamDB(url=self.host_url, credentials=self.lockout1ntlm_creds, lp=self.lp)
+
+        self._test_login_lockout(self.lockout1ntlm_creds)
+
+    def test_multiple_logon_krb5(self):
+        username = self.lockout1krb5_creds.get_username()
+        userpass = self.lockout1krb5_creds.get_password()
+        userdn = "cn=%s,cn=users,%s" % (username, self.base_dn)
+
+        preload_rodc_user(userdn)
+
+        use_kerberos = self.lockout1krb5_creds.get_kerberos_state()
+        fail_creds = self.insta_creds(self.template_creds,
+                                      username=username,
+                                      userpass=userpass + "X",
+                                      kerberos_state=use_kerberos)
+
+        try:
+            ldb = SamDB(url=self.host_url, credentials=fail_creds, lp=self.lp)
+            self.fail()
+        except LdbError as e13:
+            (num, msg) = e13.args
+            self.assertEqual(num, ERR_INVALID_CREDENTIALS)
+
+        # Succeed to reset everything to 0
+        success_creds = self.insta_creds(self.template_creds,
+                                         username=username,
+                                         userpass=userpass,
+                                         kerberos_state=use_kerberos)
+
+        ldb = SamDB(url=self.host_url, credentials=success_creds, lp=self.lp)
+
+        self._test_multiple_logon(self.lockout1krb5_creds)
+
+    def test_multiple_logon_ntlm(self):
+        username = self.lockout1ntlm_creds.get_username()
+        userdn = "cn=%s,cn=users,%s" % (username, self.base_dn)
+        userpass = self.lockout1ntlm_creds.get_password()
+
+        preload_rodc_user(userdn)
+
+        use_kerberos = self.lockout1ntlm_creds.get_kerberos_state()
+        fail_creds = self.insta_creds(self.template_creds,
+                                      username=username,
+                                      userpass=userpass + "X",
+                                      kerberos_state=use_kerberos)
+
+        try:
+            ldb = SamDB(url=self.host_url, credentials=fail_creds, lp=self.lp)
+            self.fail()
+        except LdbError as e14:
+            (num, msg) = e14.args
+            self.assertEqual(num, ERR_INVALID_CREDENTIALS)
+
+        # Succeed to reset everything to 0
+        ldb = SamDB(url=self.host_url, credentials=self.lockout1ntlm_creds, lp=self.lp)
+
+        self._test_multiple_logon(self.lockout1ntlm_creds)
+
+
+def main():
+    global RODC, RWDC, CREDS, LP
+    parser = optparse.OptionParser(
+        "rodc_rwdc.py [options] <rodc host> <rwdc host>")
+
+    sambaopts = options.SambaOptions(parser)
+    versionopts = options.VersionOptions(parser)
+    credopts = options.CredentialsOptions(parser)
+    subunitopts = SubunitOptions(parser)
+
+    parser.add_option_group(sambaopts)
+    parser.add_option_group(versionopts)
+    parser.add_option_group(credopts)
+    parser.add_option_group(subunitopts)
+
+    opts, args = parser.parse_args()
+
+    LP = sambaopts.get_loadparm()
+    CREDS = credopts.get_credentials(LP)
+    CREDS.set_gensec_features(CREDS.get_gensec_features() |
+                              gensec.FEATURE_SEAL)
+
+    try:
+        RODC, RWDC = args
+    except ValueError:
+        parser.print_usage()
+        sys.exit(1)
+
+    set_auto_replication(RWDC, True)
+    try:
+        TestProgram(module=__name__, opts=subunitopts)
+    finally:
+        set_auto_replication(RWDC, True)
+
+
+main()
diff --git a/source4/dsdb/tests/python/sam.py b/source4/dsdb/tests/python/sam.py
new file mode 100755
index 0000000..f1c1c0f
--- /dev/null
+++ b/source4/dsdb/tests/python/sam.py
@@ -0,0 +1,3874 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+# This is a port of the original in testprogs/ejs/ldap.js
+
+import optparse
+import sys
+import os
+import time
+
+sys.path.insert(0, "bin/python")
+import samba
+from samba.hresult import HRES_SEC_E_INVALID_TOKEN, HRES_SEC_E_LOGON_DENIED
+from samba.tests.subunitrun import SubunitOptions, TestProgram
+
+import samba.getopt as options
+
+from samba.credentials import Credentials, DONT_USE_KERBEROS
+from samba.auth import system_session
+from samba.common import get_string
+
+from ldb import SCOPE_BASE, LdbError
+from ldb import ERR_NO_SUCH_OBJECT, ERR_ATTRIBUTE_OR_VALUE_EXISTS
+from ldb import ERR_ENTRY_ALREADY_EXISTS, ERR_UNWILLING_TO_PERFORM
+from ldb import ERR_OTHER, ERR_NO_SUCH_ATTRIBUTE
+from ldb import ERR_OBJECT_CLASS_VIOLATION
+from ldb import ERR_CONSTRAINT_VIOLATION
+from ldb import ERR_UNDEFINED_ATTRIBUTE_TYPE
+from ldb import ERR_INSUFFICIENT_ACCESS_RIGHTS
+from ldb import ERR_INVALID_CREDENTIALS
+from ldb import ERR_STRONG_AUTH_REQUIRED
+from ldb import Message, MessageElement, Dn
+from ldb import FLAG_MOD_ADD, FLAG_MOD_REPLACE, FLAG_MOD_DELETE
+from samba.samdb import SamDB
+from samba.dsdb import (UF_NORMAL_ACCOUNT, UF_ACCOUNTDISABLE,
+                        UF_WORKSTATION_TRUST_ACCOUNT, UF_SERVER_TRUST_ACCOUNT,
+                        UF_PARTIAL_SECRETS_ACCOUNT, UF_TEMP_DUPLICATE_ACCOUNT,
+                        UF_INTERDOMAIN_TRUST_ACCOUNT, UF_SMARTCARD_REQUIRED,
+                        UF_PASSWD_NOTREQD, UF_LOCKOUT, UF_PASSWORD_EXPIRED, ATYPE_NORMAL_ACCOUNT,
+                        GTYPE_SECURITY_BUILTIN_LOCAL_GROUP, GTYPE_SECURITY_DOMAIN_LOCAL_GROUP,
+                        GTYPE_SECURITY_GLOBAL_GROUP, GTYPE_SECURITY_UNIVERSAL_GROUP,
+                        GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP, GTYPE_DISTRIBUTION_GLOBAL_GROUP,
+                        GTYPE_DISTRIBUTION_UNIVERSAL_GROUP,
+                        ATYPE_SECURITY_GLOBAL_GROUP, ATYPE_SECURITY_UNIVERSAL_GROUP,
+                        ATYPE_SECURITY_LOCAL_GROUP, ATYPE_DISTRIBUTION_GLOBAL_GROUP,
+                        ATYPE_DISTRIBUTION_UNIVERSAL_GROUP, ATYPE_DISTRIBUTION_LOCAL_GROUP,
+                        ATYPE_WORKSTATION_TRUST)
+from samba.dcerpc.security import (DOMAIN_RID_USERS, DOMAIN_RID_ADMINS,
+                                   DOMAIN_RID_DOMAIN_MEMBERS, DOMAIN_RID_DCS, DOMAIN_RID_READONLY_DCS)
+
+from samba.ndr import ndr_unpack
+from samba.dcerpc import drsblobs
+from samba.dcerpc import drsuapi
+from samba.dcerpc import security
+from samba.tests import delete_force
+from samba import gensec
+from samba import werror
+
+parser = optparse.OptionParser("sam.py [options] <host>")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+subunitopts = SubunitOptions(parser)
+parser.add_option_group(subunitopts)
+opts, args = parser.parse_args()
+
+if len(args) < 1:
+    parser.print_usage()
+    sys.exit(1)
+
+host = args[0]
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
+
+
+class SamTests(samba.tests.TestCase):
+
+    def setUp(self):
+        super(SamTests, self).setUp()
+        self.ldb = ldb
+        self.base_dn = ldb.domain_dn()
+
+        print("baseDN: %s\n" % self.base_dn)
+
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
+        delete_force(self.ldb, r"cn=ldaptest\,specialuser,cn=users," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestcomputer2,cn=computers," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
+
+    def test_users_groups(self):
+        """This tests the SAM users and groups behaviour"""
+        print("Testing users and groups behaviour\n")
+
+        ldb.add({
+            "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+            "objectclass": "group"})
+
+        ldb.add({
+            "dn": "cn=ldaptestgroup2,cn=users," + self.base_dn,
+            "objectclass": "group"})
+
+        res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["objectSID"])
+        self.assertTrue(len(res1) == 1)
+        obj_sid = get_string(ldb.schema_format_value("objectSID",
+                                                     res1[0]["objectSID"][0]))
+        group_rid_1 = security.dom_sid(obj_sid).split()[1]
+
+        res1 = ldb.search("cn=ldaptestgroup2,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["objectSID"])
+        self.assertTrue(len(res1) == 1)
+        obj_sid = get_string(ldb.schema_format_value("objectSID",
+                                                     res1[0]["objectSID"][0]))
+        group_rid_2 = security.dom_sid(obj_sid).split()[1]
+
+        # Try to create a user with an invalid account name
+        try:
+            ldb.add({
+                "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+                "objectclass": "user",
+                "sAMAccountName": "administrator"})
+            self.fail()
+        except LdbError as e9:
+            (num, _) = e9.args
+            self.assertEqual(num, ERR_ENTRY_ALREADY_EXISTS)
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+        # Try to create a user with an invalid account name
+        try:
+            ldb.add({
+                "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+                "objectclass": "user",
+                "sAMAccountName": []})
+            self.fail()
+        except LdbError as e10:
+            (num, _) = e10.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+        # Try to create a user with an invalid primary group
+        try:
+            ldb.add({
+                "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+                "objectclass": "user",
+                "primaryGroupID": "0"})
+            self.fail()
+        except LdbError as e11:
+            (num, _) = e11.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+        # Try to Create a user with a valid primary group
+        try:
+            ldb.add({
+                "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+                "objectclass": "user",
+                "primaryGroupID": str(group_rid_1)})
+            self.fail()
+        except LdbError as e12:
+            (num, _) = e12.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+        # Test to see how we should behave when the user account doesn't
+        # exist
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["primaryGroupID"] = MessageElement("0", FLAG_MOD_REPLACE,
+                                             "primaryGroupID")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e13:
+            (num, _) = e13.args
+            self.assertEqual(num, ERR_NO_SUCH_OBJECT)
+
+        # Test to see how we should behave when the account isn't a user
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["primaryGroupID"] = MessageElement("0", FLAG_MOD_REPLACE,
+                                             "primaryGroupID")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e14:
+            (num, _) = e14.args
+            self.assertEqual(num, ERR_OBJECT_CLASS_VIOLATION)
+
+        # Test default primary groups on add operations
+
+        ldb.add({
+            "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+            "objectclass": "user"})
+
+        res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["primaryGroupID"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["primaryGroupID"][0]), DOMAIN_RID_USERS)
+
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+        ldb.add({
+            "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+            "objectclass": "user",
+            "userAccountControl": str(UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD)})
+
+        res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["primaryGroupID"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["primaryGroupID"][0]), DOMAIN_RID_USERS)
+
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+        # unfortunately the INTERDOMAIN_TRUST_ACCOUNT case cannot be tested
+        # since such accounts aren't directly creatable (ACCESS_DENIED)
+
+        ldb.add({
+            "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+            "objectclass": "computer",
+            "userAccountControl": str(UF_WORKSTATION_TRUST_ACCOUNT |
+                                      UF_PASSWD_NOTREQD)})
+
+        res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["primaryGroupID"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["primaryGroupID"][0]),
+                          DOMAIN_RID_DOMAIN_MEMBERS)
+
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+        ldb.add({
+            "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+            "objectclass": "computer",
+            "userAccountControl": str(UF_SERVER_TRUST_ACCOUNT |
+                                      UF_PASSWD_NOTREQD)})
+
+        res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["primaryGroupID"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["primaryGroupID"][0]), DOMAIN_RID_DCS)
+
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+        # Read-only DC accounts are only creatable by
+        # UF_WORKSTATION_TRUST_ACCOUNT and work only on DCs >= 2008 (therefore
+        # we have a fallback in the assertion)
+        ldb.add({
+            "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+            "objectclass": "computer",
+            "userAccountControl": str(UF_PARTIAL_SECRETS_ACCOUNT |
+                                      UF_WORKSTATION_TRUST_ACCOUNT |
+                                      UF_PASSWD_NOTREQD)})
+
+        res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["primaryGroupID"])
+        self.assertTrue(len(res1) == 1)
+        self.assertTrue(int(res1[0]["primaryGroupID"][0]) == DOMAIN_RID_READONLY_DCS or
+                        int(res1[0]["primaryGroupID"][0]) == DOMAIN_RID_DOMAIN_MEMBERS)
+
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+        # Test default primary groups on modify operations
+
+        ldb.add({
+            "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+            "objectclass": "user"})
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["userAccountControl"] = MessageElement(str(UF_NORMAL_ACCOUNT |
+                                                     UF_PASSWD_NOTREQD),
+                                                 FLAG_MOD_REPLACE,
+                                                 "userAccountControl")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["primaryGroupID"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["primaryGroupID"][0]), DOMAIN_RID_USERS)
+
+        # unfortunately the INTERDOMAIN_TRUST_ACCOUNT case cannot be tested
+        # since such accounts aren't directly creatable (ACCESS_DENIED)
+
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+        ldb.add({
+            "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+            "objectclass": "computer",
+            "userAccountControl": str(UF_NORMAL_ACCOUNT |
+                                      UF_PASSWD_NOTREQD)})
+
+        res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["primaryGroupID"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["primaryGroupID"][0]), DOMAIN_RID_USERS)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["userAccountControl"] = MessageElement(str(UF_WORKSTATION_TRUST_ACCOUNT |
+                                                     UF_PASSWD_NOTREQD),
+                                                 FLAG_MOD_REPLACE,
+                                                 "userAccountControl")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["primaryGroupID"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["primaryGroupID"][0]), DOMAIN_RID_DOMAIN_MEMBERS)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["userAccountControl"] = MessageElement(str(UF_SERVER_TRUST_ACCOUNT |
+                                                     UF_PASSWD_NOTREQD),
+                                                 FLAG_MOD_REPLACE,
+                                                 "userAccountControl")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["primaryGroupID"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["primaryGroupID"][0]), DOMAIN_RID_DCS)
+
+        # Read-only DC accounts are only creatable by
+        # UF_WORKSTATION_TRUST_ACCOUNT and work only on DCs >= 2008 (therefore
+        # we have a fallback in the assertion)
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["userAccountControl"] = MessageElement(str(UF_PARTIAL_SECRETS_ACCOUNT |
+                                                     UF_WORKSTATION_TRUST_ACCOUNT |
+                                                     UF_PASSWD_NOTREQD),
+                                                 FLAG_MOD_REPLACE,
+                                                 "userAccountControl")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["primaryGroupID"])
+        self.assertTrue(len(res1) == 1)
+        self.assertTrue(int(res1[0]["primaryGroupID"][0]) == DOMAIN_RID_READONLY_DCS or
+                        int(res1[0]["primaryGroupID"][0]) == DOMAIN_RID_DOMAIN_MEMBERS)
+
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+        # Recreate account for further tests
+
+        ldb.add({
+            "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+            "objectclass": "user"})
+
+        # Try to set an invalid account name
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["sAMAccountName"] = MessageElement("administrator", FLAG_MOD_REPLACE,
+                                             "sAMAccountName")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e15:
+            (num, _) = e15.args
+            self.assertEqual(num, ERR_ENTRY_ALREADY_EXISTS)
+
+        # But to reset the actual "sAMAccountName" should still be possible
+        res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountName"])
+        self.assertTrue(len(res1) == 1)
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["sAMAccountName"] = MessageElement(res1[0]["sAMAccountName"][0], FLAG_MOD_REPLACE,
+                                             "sAMAccountName")
+        ldb.modify(m)
+
+        # And another (free) name should be possible as well
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["sAMAccountName"] = MessageElement("xxx_ldaptestuser_xxx", FLAG_MOD_REPLACE,
+                                             "sAMAccountName")
+        ldb.modify(m)
+
+        # We should be able to reset our actual primary group
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["primaryGroupID"] = MessageElement(str(DOMAIN_RID_USERS), FLAG_MOD_REPLACE,
+                                             "primaryGroupID")
+        ldb.modify(m)
+
+        # Try to add invalid primary group
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["primaryGroupID"] = MessageElement("0", FLAG_MOD_REPLACE,
+                                             "primaryGroupID")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e16:
+            (num, _) = e16.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        # Try to make group 1 primary - should be denied since it is not yet
+        # secondary
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["primaryGroupID"] = MessageElement(str(group_rid_1),
+                                             FLAG_MOD_REPLACE, "primaryGroupID")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e17:
+            (num, _) = e17.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        # Make group 1 secondary
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
+                                     FLAG_MOD_REPLACE, "member")
+        ldb.modify(m)
+
+        # Make group 1 primary
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["primaryGroupID"] = MessageElement(str(group_rid_1),
+                                             FLAG_MOD_REPLACE, "primaryGroupID")
+        ldb.modify(m)
+
+        # Try to delete group 1 - should be denied
+        try:
+            ldb.delete("cn=ldaptestgroup,cn=users," + self.base_dn)
+            self.fail()
+        except LdbError as e18:
+            (num, _) = e18.args
+            self.assertEqual(num, ERR_ENTRY_ALREADY_EXISTS)
+
+        # Try to add group 1 also as secondary - should be denied
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
+                                     FLAG_MOD_ADD, "member")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e19:
+            (num, _) = e19.args
+            self.assertEqual(num, ERR_ENTRY_ALREADY_EXISTS)
+
+        # Try to add invalid member to group 1 - should be denied
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["member"] = MessageElement(
+            "cn=ldaptestuser3,cn=users," + self.base_dn,
+            FLAG_MOD_ADD, "member")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e20:
+            (num, _) = e20.args
+            self.assertEqual(num, ERR_NO_SUCH_OBJECT)
+
+        # Make group 2 secondary
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
+        m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
+                                     FLAG_MOD_ADD, "member")
+        ldb.modify(m)
+
+        # Swap the groups
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["primaryGroupID"] = MessageElement(str(group_rid_2),
+                                             FLAG_MOD_REPLACE, "primaryGroupID")
+        ldb.modify(m)
+
+        # Swap the groups (does not really make sense but does the same)
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["primaryGroupID"] = MessageElement(str(group_rid_1),
+                                             FLAG_MOD_REPLACE, "primaryGroupID")
+        m["primaryGroupID"] = MessageElement(str(group_rid_2),
+                                             FLAG_MOD_REPLACE, "primaryGroupID")
+        ldb.modify(m)
+
+        # Old primary group should contain a "member" attribute for the user,
+        # the new shouldn't contain anymore one
+        res1 = ldb.search("cn=ldaptestgroup, cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["member"])
+        self.assertTrue(len(res1) == 1)
+        self.assertTrue(len(res1[0]["member"]) == 1)
+        self.assertEqual(str(res1[0]["member"][0]).lower(),
+                          ("cn=ldaptestuser,cn=users," + self.base_dn).lower())
+
+        res1 = ldb.search("cn=ldaptestgroup2, cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["member"])
+        self.assertTrue(len(res1) == 1)
+        self.assertFalse("member" in res1[0])
+
+        # Primary group member
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
+        m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
+                                     FLAG_MOD_DELETE, "member")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e21:
+            (num, _) = e21.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        # Delete invalid group member
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
+        m["member"] = MessageElement("cn=ldaptestuser1,cn=users," + self.base_dn,
+                                     FLAG_MOD_DELETE, "member")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e22:
+            (num, _) = e22.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        # Also this should be denied
+        try:
+            ldb.add({
+                "dn": "cn=ldaptestuser2,cn=users," + self.base_dn,
+                "objectclass": "user",
+                "primaryGroupID": "0"})
+            self.fail()
+        except LdbError as e23:
+            (num, _) = e23.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        # Recreate user accounts
+
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+        ldb.add({
+            "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+            "objectclass": "user"})
+
+        ldb.add({
+            "dn": "cn=ldaptestuser2,cn=users," + self.base_dn,
+            "objectclass": "user"})
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
+        m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
+                                     FLAG_MOD_ADD, "member")
+        ldb.modify(m)
+
+        # Already added
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
+        m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
+                                     FLAG_MOD_ADD, "member")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e24:
+            (num, _) = e24.args
+            self.assertEqual(num, ERR_ENTRY_ALREADY_EXISTS)
+
+        # Already added, but as <SID=...>
+        res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["objectSid"])
+        self.assertTrue(len(res1) == 1)
+        sid_bin = res1[0]["objectSid"][0]
+        sid_str = ("<SID=" + get_string(ldb.schema_format_value("objectSid", sid_bin)) + ">").upper()
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
+        m["member"] = MessageElement(sid_str, FLAG_MOD_ADD, "member")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e25:
+            (num, _) = e25.args
+            self.assertEqual(num, ERR_ENTRY_ALREADY_EXISTS)
+
+        # Invalid member
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
+        m["member"] = MessageElement("cn=ldaptestuser1,cn=users," + self.base_dn,
+                                     FLAG_MOD_REPLACE, "member")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e26:
+            (num, _) = e26.args
+            self.assertEqual(num, ERR_NO_SUCH_OBJECT)
+
+        # Invalid member
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
+        m["member"] = MessageElement(["cn=ldaptestuser,cn=users," + self.base_dn,
+                                      "cn=ldaptestuser1,cn=users," + self.base_dn],
+                                     FLAG_MOD_REPLACE, "member")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e27:
+            (num, _) = e27.args
+            self.assertEqual(num, ERR_NO_SUCH_OBJECT)
+
+        # Invalid member
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
+        m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
+                                     FLAG_MOD_REPLACE, "member")
+        m["member"] = MessageElement("cn=ldaptestuser1,cn=users," + self.base_dn,
+                                     FLAG_MOD_ADD, "member")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e28:
+            (num, _) = e28.args
+            self.assertEqual(num, ERR_NO_SUCH_OBJECT)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
+        m["member"] = MessageElement(["cn=ldaptestuser,cn=users," + self.base_dn,
+                                      "cn=ldaptestuser2,cn=users," + self.base_dn],
+                                     FLAG_MOD_REPLACE, "member")
+        ldb.modify(m)
+
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
+
+        # Make also a small test for accounts with special DNs ("," in this case)
+        ldb.add({
+            "dn": r"cn=ldaptest\,specialuser,cn=users," + self.base_dn,
+            "objectclass": "user"})
+        delete_force(self.ldb, r"cn=ldaptest\,specialuser,cn=users," + self.base_dn)
+
+    def test_sam_attributes(self):
+        """Test the behaviour of special attributes of SAM objects"""
+        print("Testing the behaviour of special attributes of SAM objects\n")
+
+        ldb.add({
+            "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+            "objectclass": "user"})
+        ldb.add({
+            "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+            "objectclass": "group"})
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["groupType"] = MessageElement(str(GTYPE_SECURITY_GLOBAL_GROUP), FLAG_MOD_ADD,
+                                        "groupType")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e29:
+            (num, _) = e29.args
+            self.assertEqual(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
+
+        # Delete protection tests
+
+        for attr in ["nTSecurityDescriptor", "objectSid", "sAMAccountType",
+                     "sAMAccountName", "groupType"]:
+
+            m = Message()
+            m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+            m[attr] = MessageElement([], FLAG_MOD_REPLACE, attr)
+            try:
+                ldb.modify(m)
+                self.fail()
+            except LdbError as e:
+                (num, _) = e.args
+                self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+            m = Message()
+            m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+            m[attr] = MessageElement([], FLAG_MOD_DELETE, attr)
+            try:
+                ldb.modify(m)
+                self.fail()
+            except LdbError as e1:
+                (num, _) = e1.args
+                self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["primaryGroupID"] = MessageElement("513", FLAG_MOD_ADD,
+                                             "primaryGroupID")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e30:
+            (num, _) = e30.args
+            self.assertEqual(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["userAccountControl"] = MessageElement(str(UF_NORMAL_ACCOUNT |
+                                                     UF_PASSWD_NOTREQD),
+                                                 FLAG_MOD_ADD,
+                                                 "userAccountControl")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e31:
+            (num, _) = e31.args
+            self.assertEqual(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["objectSid"] = MessageElement("xxxxxxxxxxxxxxxx", FLAG_MOD_ADD,
+                                        "objectSid")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e32:
+            (num, _) = e32.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["sAMAccountType"] = MessageElement("0", FLAG_MOD_ADD,
+                                             "sAMAccountType")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e33:
+            (num, _) = e33.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["sAMAccountName"] = MessageElement("test", FLAG_MOD_ADD,
+                                             "sAMAccountName")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e34:
+            (num, _) = e34.args
+            self.assertEqual(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
+
+        # Delete protection tests
+
+        for attr in ["nTSecurityDescriptor", "objectSid", "sAMAccountType",
+                     "sAMAccountName", "primaryGroupID", "userAccountControl",
+                     "accountExpires", "badPasswordTime", "badPwdCount",
+                     "codePage", "countryCode", "lastLogoff", "lastLogon",
+                     "logonCount", "pwdLastSet"]:
+
+            m = Message()
+            m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+            m[attr] = MessageElement([], FLAG_MOD_REPLACE, attr)
+            try:
+                ldb.modify(m)
+                self.fail()
+            except LdbError as e2:
+                (num, _) = e2.args
+                self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+            m = Message()
+            m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+            m[attr] = MessageElement([], FLAG_MOD_DELETE, attr)
+            try:
+                ldb.modify(m)
+                self.fail()
+            except LdbError as e3:
+                (num, _) = e3.args
+                self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+
+    def test_primary_group_token_constructed(self):
+        """Test the primary group token behaviour (hidden-generated-readonly attribute on groups) and some other constructed attributes"""
+        print("Testing primary group token behaviour and other constructed attributes\n")
+
+        try:
+            ldb.add({
+                "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+                "objectclass": "group",
+                "primaryGroupToken": "100"})
+            self.fail()
+        except LdbError as e35:
+            (num, _) = e35.args
+            self.assertEqual(num, ERR_UNDEFINED_ATTRIBUTE_TYPE)
+        delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+
+        ldb.add({
+            "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+            "objectclass": "user"})
+
+        ldb.add({
+            "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+            "objectclass": "group"})
+
+        # Testing for one invalid, and one valid operational attribute, but also the things they are built from
+        res1 = ldb.search(self.base_dn,
+                          scope=SCOPE_BASE, attrs=["primaryGroupToken", "canonicalName", "objectClass", "objectSid"])
+        self.assertTrue(len(res1) == 1)
+        self.assertFalse("primaryGroupToken" in res1[0])
+        self.assertTrue("canonicalName" in res1[0])
+        self.assertTrue("objectClass" in res1[0])
+        self.assertTrue("objectSid" in res1[0])
+
+        res1 = ldb.search(self.base_dn,
+                          scope=SCOPE_BASE, attrs=["primaryGroupToken", "canonicalName"])
+        self.assertTrue(len(res1) == 1)
+        self.assertFalse("primaryGroupToken" in res1[0])
+        self.assertFalse("objectSid" in res1[0])
+        self.assertFalse("objectClass" in res1[0])
+        self.assertTrue("canonicalName" in res1[0])
+
+        res1 = ldb.search("cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["primaryGroupToken"])
+        self.assertTrue(len(res1) == 1)
+        self.assertFalse("primaryGroupToken" in res1[0])
+
+        res1 = ldb.search("cn=ldaptestuser, cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["primaryGroupToken"])
+        self.assertTrue(len(res1) == 1)
+        self.assertFalse("primaryGroupToken" in res1[0])
+
+        res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE)
+        self.assertTrue(len(res1) == 1)
+        self.assertFalse("primaryGroupToken" in res1[0])
+
+        res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["primaryGroupToken", "objectSID"])
+        self.assertTrue(len(res1) == 1)
+        primary_group_token = int(res1[0]["primaryGroupToken"][0])
+
+        obj_sid = get_string(ldb.schema_format_value("objectSID", res1[0]["objectSID"][0]))
+        rid = security.dom_sid(obj_sid).split()[1]
+        self.assertEqual(primary_group_token, rid)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["primaryGroupToken"] = "100"
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e36:
+            (num, _) = e36.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+
+    def test_tokenGroups(self):
+        """Test the tokenGroups behaviour (hidden-generated-readonly attribute on SAM objects)"""
+        print("Testing tokenGroups behaviour\n")
+
+        # The domain object shouldn't contain any "tokenGroups" entry
+        res = ldb.search(self.base_dn, scope=SCOPE_BASE, attrs=["tokenGroups"])
+        self.assertTrue(len(res) == 1)
+        self.assertFalse("tokenGroups" in res[0])
+
+        # The domain administrator should contain "tokenGroups" entries
+        # (the exact number depends on the domain/forest function level and the
+        # DC software versions)
+        res = ldb.search("cn=Administrator,cn=Users," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["tokenGroups"])
+        self.assertTrue(len(res) == 1)
+        self.assertTrue("tokenGroups" in res[0])
+
+        ldb.add({
+            "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+            "objectclass": "user"})
+
+        # This testuser should contain at least two "tokenGroups" entries
+        # (exactly two on an unmodified "Domain Users" and "Users" group)
+        res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["tokenGroups"])
+        self.assertTrue(len(res) == 1)
+        self.assertTrue(len(res[0]["tokenGroups"]) >= 2)
+
+        # one entry which we need to find should point to domains "Domain Users"
+        # group and another entry should point to the builtin "Users"group
+        domain_users_group_found = False
+        users_group_found = False
+        for sid in res[0]["tokenGroups"]:
+            obj_sid = get_string(ldb.schema_format_value("objectSID", sid))
+            rid = security.dom_sid(obj_sid).split()[1]
+            if rid == 513:
+                domain_users_group_found = True
+            if rid == 545:
+                users_group_found = True
+
+        self.assertTrue(domain_users_group_found)
+        self.assertTrue(users_group_found)
+
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+    def test_groupType(self):
+        """Test the groupType behaviour"""
+        print("Testing groupType behaviour\n")
+
+        # You can never create or change to a
+        # "GTYPE_SECURITY_BUILTIN_LOCAL_GROUP"
+
+        # Add operation
+
+        # Invalid attribute
+        try:
+            ldb.add({
+                "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+                "objectclass": "group",
+                "groupType": "0"})
+            self.fail()
+        except LdbError as e37:
+            (num, _) = e37.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+        delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+
+        try:
+            ldb.add({
+                "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+                "objectclass": "group",
+                "groupType": str(GTYPE_SECURITY_BUILTIN_LOCAL_GROUP)})
+            self.fail()
+        except LdbError as e38:
+            (num, _) = e38.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+        delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+
+        ldb.add({
+            "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+            "objectclass": "group",
+            "groupType": str(GTYPE_SECURITY_GLOBAL_GROUP)})
+
+        res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountType"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_SECURITY_GLOBAL_GROUP)
+        delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+
+        ldb.add({
+            "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+            "objectclass": "group",
+            "groupType": str(GTYPE_SECURITY_UNIVERSAL_GROUP)})
+
+        res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountType"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_SECURITY_UNIVERSAL_GROUP)
+        delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+
+        ldb.add({
+            "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+            "objectclass": "group",
+            "groupType": str(GTYPE_SECURITY_DOMAIN_LOCAL_GROUP)})
+
+        res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountType"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_SECURITY_LOCAL_GROUP)
+        delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+
+        ldb.add({
+            "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+            "objectclass": "group",
+            "groupType": str(GTYPE_DISTRIBUTION_GLOBAL_GROUP)})
+
+        res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountType"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_DISTRIBUTION_GLOBAL_GROUP)
+        delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+
+        ldb.add({
+            "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+            "objectclass": "group",
+            "groupType": str(GTYPE_DISTRIBUTION_UNIVERSAL_GROUP)})
+
+        res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountType"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_DISTRIBUTION_UNIVERSAL_GROUP)
+        delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+
+        ldb.add({
+            "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+            "objectclass": "group",
+            "groupType": str(GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP)})
+
+        res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountType"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_DISTRIBUTION_LOCAL_GROUP)
+        delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+
+        # Modify operation
+
+        ldb.add({
+            "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+            "objectclass": "group"})
+
+        # We can change in this direction: global <-> universal <-> local
+        # On each step also the group type itself (security/distribution) is
+        # variable.
+
+        # After creation we should have a "security global group"
+        res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountType"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_SECURITY_GLOBAL_GROUP)
+
+        # Invalid attribute
+        try:
+            m = Message()
+            m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+            m["groupType"] = MessageElement("0",
+                                            FLAG_MOD_REPLACE, "groupType")
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e39:
+            (num, _) = e39.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        # Security groups
+
+        # Default is "global group"
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["groupType"] = MessageElement(
+            str(GTYPE_SECURITY_GLOBAL_GROUP),
+            FLAG_MOD_REPLACE, "groupType")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountType"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_SECURITY_GLOBAL_GROUP)
+
+        # Change to "local" (shouldn't work)
+
+        try:
+            m = Message()
+            m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+            m["groupType"] = MessageElement(
+                str(GTYPE_SECURITY_DOMAIN_LOCAL_GROUP),
+                FLAG_MOD_REPLACE, "groupType")
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e40:
+            (num, _) = e40.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        # Change to "universal"
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["groupType"] = MessageElement(
+            str(GTYPE_SECURITY_UNIVERSAL_GROUP),
+            FLAG_MOD_REPLACE, "groupType")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountType"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_SECURITY_UNIVERSAL_GROUP)
+
+        # Change back to "global"
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["groupType"] = MessageElement(
+            str(GTYPE_SECURITY_GLOBAL_GROUP),
+            FLAG_MOD_REPLACE, "groupType")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountType"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_SECURITY_GLOBAL_GROUP)
+
+        # Change back to "universal"
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["groupType"] = MessageElement(
+            str(GTYPE_SECURITY_UNIVERSAL_GROUP),
+            FLAG_MOD_REPLACE, "groupType")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountType"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_SECURITY_UNIVERSAL_GROUP)
+
+        # Change to "local"
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["groupType"] = MessageElement(
+            str(GTYPE_SECURITY_DOMAIN_LOCAL_GROUP),
+            FLAG_MOD_REPLACE, "groupType")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountType"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_SECURITY_LOCAL_GROUP)
+
+        # Change to "global" (shouldn't work)
+
+        try:
+            m = Message()
+            m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+            m["groupType"] = MessageElement(
+                str(GTYPE_SECURITY_GLOBAL_GROUP),
+                FLAG_MOD_REPLACE, "groupType")
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e41:
+            (num, _) = e41.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        # Change to "builtin local" (shouldn't work)
+
+        try:
+            m = Message()
+            m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+            m["groupType"] = MessageElement(
+                str(GTYPE_SECURITY_BUILTIN_LOCAL_GROUP),
+                FLAG_MOD_REPLACE, "groupType")
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e42:
+            (num, _) = e42.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+
+        # Change back to "universal"
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["groupType"] = MessageElement(
+            str(GTYPE_SECURITY_UNIVERSAL_GROUP),
+            FLAG_MOD_REPLACE, "groupType")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountType"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_SECURITY_UNIVERSAL_GROUP)
+
+        # Change to "builtin local" (shouldn't work)
+
+        try:
+            m = Message()
+            m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+            m["groupType"] = MessageElement(
+                str(GTYPE_SECURITY_BUILTIN_LOCAL_GROUP),
+                FLAG_MOD_REPLACE, "groupType")
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e43:
+            (num, _) = e43.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        # Change back to "global"
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["groupType"] = MessageElement(
+            str(GTYPE_SECURITY_GLOBAL_GROUP),
+            FLAG_MOD_REPLACE, "groupType")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountType"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_SECURITY_GLOBAL_GROUP)
+
+        # Change to "builtin local" (shouldn't work)
+
+        try:
+            m = Message()
+            m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+            m["groupType"] = MessageElement(
+                str(GTYPE_SECURITY_BUILTIN_LOCAL_GROUP),
+                FLAG_MOD_REPLACE, "groupType")
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e44:
+            (num, _) = e44.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        # Distribution groups
+
+        # Default is "global group"
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["groupType"] = MessageElement(
+            str(GTYPE_DISTRIBUTION_GLOBAL_GROUP),
+            FLAG_MOD_REPLACE, "groupType")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountType"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_DISTRIBUTION_GLOBAL_GROUP)
+
+        # Change to local (shouldn't work)
+
+        try:
+            m = Message()
+            m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+            m["groupType"] = MessageElement(
+                str(GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP),
+                FLAG_MOD_REPLACE, "groupType")
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e45:
+            (num, _) = e45.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        # Change to "universal"
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["groupType"] = MessageElement(
+            str(GTYPE_DISTRIBUTION_UNIVERSAL_GROUP),
+            FLAG_MOD_REPLACE, "groupType")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountType"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_DISTRIBUTION_UNIVERSAL_GROUP)
+
+        # Change back to "global"
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["groupType"] = MessageElement(
+            str(GTYPE_DISTRIBUTION_GLOBAL_GROUP),
+            FLAG_MOD_REPLACE, "groupType")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountType"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_DISTRIBUTION_GLOBAL_GROUP)
+
+        # Change back to "universal"
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["groupType"] = MessageElement(
+            str(GTYPE_DISTRIBUTION_UNIVERSAL_GROUP),
+            FLAG_MOD_REPLACE, "groupType")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountType"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_DISTRIBUTION_UNIVERSAL_GROUP)
+
+        # Change to "local"
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["groupType"] = MessageElement(
+            str(GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP),
+            FLAG_MOD_REPLACE, "groupType")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountType"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_DISTRIBUTION_LOCAL_GROUP)
+
+        # Change to "global" (shouldn't work)
+
+        try:
+            m = Message()
+            m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+            m["groupType"] = MessageElement(
+                str(GTYPE_DISTRIBUTION_GLOBAL_GROUP),
+                FLAG_MOD_REPLACE, "groupType")
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e46:
+            (num, _) = e46.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        # Change back to "universal"
+
+        # Try to add invalid member to group 1 - should be denied
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["member"] = MessageElement(
+            "cn=ldaptestuser3,cn=users," + self.base_dn,
+            FLAG_MOD_ADD, "member")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e47:
+            (num, _) = e47.args
+            self.assertEqual(num, ERR_NO_SUCH_OBJECT)
+
+        # Make group 2 secondary
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["groupType"] = MessageElement(
+            str(GTYPE_DISTRIBUTION_UNIVERSAL_GROUP),
+            FLAG_MOD_REPLACE, "groupType")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountType"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_DISTRIBUTION_UNIVERSAL_GROUP)
+
+        # Change back to "global"
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["groupType"] = MessageElement(
+            str(GTYPE_DISTRIBUTION_GLOBAL_GROUP),
+            FLAG_MOD_REPLACE, "groupType")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountType"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_DISTRIBUTION_GLOBAL_GROUP)
+
+        # Both group types: this performs only random checks - all possibilities
+        # would require too much code.
+
+        # Default is "global group"
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["groupType"] = MessageElement(
+            str(GTYPE_SECURITY_GLOBAL_GROUP),
+            FLAG_MOD_REPLACE, "groupType")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountType"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_SECURITY_GLOBAL_GROUP)
+
+        # Change to "local" (shouldn't work)
+
+        try:
+            m = Message()
+            m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+            m["groupType"] = MessageElement(
+                str(GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP),
+                FLAG_MOD_REPLACE, "groupType")
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e48:
+            (num, _) = e48.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        # Change to "universal"
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["groupType"] = MessageElement(
+            str(GTYPE_DISTRIBUTION_UNIVERSAL_GROUP),
+            FLAG_MOD_REPLACE, "groupType")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountType"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_DISTRIBUTION_UNIVERSAL_GROUP)
+
+        # Change back to "global"
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["groupType"] = MessageElement(
+            str(GTYPE_SECURITY_GLOBAL_GROUP),
+            FLAG_MOD_REPLACE, "groupType")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountType"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_SECURITY_GLOBAL_GROUP)
+
+        # Change back to "universal"
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["groupType"] = MessageElement(
+            str(GTYPE_SECURITY_UNIVERSAL_GROUP),
+            FLAG_MOD_REPLACE, "groupType")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountType"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_SECURITY_UNIVERSAL_GROUP)
+
+        # Change to "local"
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["groupType"] = MessageElement(
+            str(GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP),
+            FLAG_MOD_REPLACE, "groupType")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountType"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_DISTRIBUTION_LOCAL_GROUP)
+
+        # Change to "global" (shouldn't work)
+
+        try:
+            m = Message()
+            m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+            m["groupType"] = MessageElement(
+                str(GTYPE_DISTRIBUTION_GLOBAL_GROUP),
+                FLAG_MOD_REPLACE, "groupType")
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e49:
+            (num, _) = e49.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        # Change back to "universal"
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["groupType"] = MessageElement(
+            str(GTYPE_SECURITY_UNIVERSAL_GROUP),
+            FLAG_MOD_REPLACE, "groupType")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountType"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_SECURITY_UNIVERSAL_GROUP)
+
+        # Change back to "global"
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["groupType"] = MessageElement(
+            str(GTYPE_SECURITY_GLOBAL_GROUP),
+            FLAG_MOD_REPLACE, "groupType")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountType"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_SECURITY_GLOBAL_GROUP)
+
+        delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+
+    def test_pwdLastSet(self):
+        """Test the pwdLastSet behaviour"""
+        print("Testing pwdLastSet behaviour\n")
+
+        ldb.add({
+            "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+            "objectclass": "user",
+            "pwdLastSet": "0"})
+
+        res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["sAMAccountType", "userAccountControl", "pwdLastSet"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                         ATYPE_NORMAL_ACCOUNT)
+        self.assertEqual(int(res1[0]["userAccountControl"][0]),
+                         UF_NORMAL_ACCOUNT | UF_ACCOUNTDISABLE | UF_PASSWD_NOTREQD)
+        self.assertEqual(int(res1[0]["pwdLastSet"][0]), 0)
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+        ldb.add({
+            "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+            "objectclass": "user",
+            "pwdLastSet": "-1"})
+
+        res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["sAMAccountType", "userAccountControl", "pwdLastSet"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                         ATYPE_NORMAL_ACCOUNT)
+        self.assertEqual(int(res1[0]["userAccountControl"][0]),
+                         UF_NORMAL_ACCOUNT | UF_ACCOUNTDISABLE | UF_PASSWD_NOTREQD)
+        self.assertNotEqual(int(res1[0]["pwdLastSet"][0]), 0)
+        lastset = int(res1[0]["pwdLastSet"][0])
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+        try:
+            ldb.add({
+                "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+                "objectclass": "user",
+                "pwdLastSet": str(1)})
+            self.fail()
+        except LdbError as e50:
+            (num, msg) = e50.args
+            self.assertEqual(num, ERR_OTHER)
+            self.assertTrue('00000057' in msg)
+
+        try:
+            ldb.add({
+                "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+                "objectclass": "user",
+                "pwdLastSet": str(lastset)})
+            self.fail()
+        except LdbError as e51:
+            (num, msg) = e51.args
+            self.assertEqual(num, ERR_OTHER)
+            self.assertTrue('00000057' in msg)
+
+        ldb.add({
+            "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+            "objectclass": "user"})
+
+        res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["sAMAccountType", "userAccountControl", "pwdLastSet"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                         ATYPE_NORMAL_ACCOUNT)
+        self.assertEqual(int(res1[0]["userAccountControl"][0]),
+                         UF_NORMAL_ACCOUNT | UF_ACCOUNTDISABLE | UF_PASSWD_NOTREQD)
+        self.assertEqual(int(res1[0]["pwdLastSet"][0]), 0)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["pls1"] = MessageElement(str(0),
+                                   FLAG_MOD_REPLACE,
+                                   "pwdLastSet")
+        ldb.modify(m)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["pls1"] = MessageElement(str(0),
+                                   FLAG_MOD_DELETE,
+                                   "pwdLastSet")
+        m["pls2"] = MessageElement(str(0),
+                                   FLAG_MOD_ADD,
+                                   "pwdLastSet")
+        ldb.modify(m)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["pls1"] = MessageElement(str(-1),
+                                   FLAG_MOD_REPLACE,
+                                   "pwdLastSet")
+        ldb.modify(m)
+        res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["sAMAccountType", "userAccountControl", "pwdLastSet"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                         ATYPE_NORMAL_ACCOUNT)
+        self.assertEqual(int(res1[0]["userAccountControl"][0]),
+                         UF_NORMAL_ACCOUNT | UF_ACCOUNTDISABLE | UF_PASSWD_NOTREQD)
+        self.assertGreater(int(res1[0]["pwdLastSet"][0]), lastset)
+        lastset = int(res1[0]["pwdLastSet"][0])
+
+        try:
+            m = Message()
+            m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+            m["pls1"] = MessageElement(str(0),
+                                       FLAG_MOD_DELETE,
+                                       "pwdLastSet")
+            m["pls2"] = MessageElement(str(0),
+                                       FLAG_MOD_ADD,
+                                       "pwdLastSet")
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e52:
+            (num, msg) = e52.args
+            self.assertEqual(num, ERR_NO_SUCH_ATTRIBUTE)
+            self.assertTrue('00002085' in msg)
+
+        try:
+            m = Message()
+            m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+            m["pls1"] = MessageElement(str(-1),
+                                       FLAG_MOD_DELETE,
+                                       "pwdLastSet")
+            m["pls2"] = MessageElement(str(0),
+                                       FLAG_MOD_ADD,
+                                       "pwdLastSet")
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e53:
+            (num, msg) = e53.args
+            self.assertEqual(num, ERR_NO_SUCH_ATTRIBUTE)
+            self.assertTrue('00002085' in msg)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["pls1"] = MessageElement(str(lastset),
+                                   FLAG_MOD_DELETE,
+                                   "pwdLastSet")
+        m["pls2"] = MessageElement(str(-1),
+                                   FLAG_MOD_ADD,
+                                   "pwdLastSet")
+        time.sleep(0.2)
+        ldb.modify(m)
+        res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["sAMAccountType", "userAccountControl", "pwdLastSet"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                         ATYPE_NORMAL_ACCOUNT)
+        self.assertEqual(int(res1[0]["userAccountControl"][0]),
+                         UF_NORMAL_ACCOUNT | UF_ACCOUNTDISABLE | UF_PASSWD_NOTREQD)
+        self.assertEqual(int(res1[0]["pwdLastSet"][0]), lastset)
+
+        try:
+            m = Message()
+            m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+            m["pls1"] = MessageElement(str(lastset),
+                                       FLAG_MOD_DELETE,
+                                       "pwdLastSet")
+            m["pls2"] = MessageElement(str(lastset),
+                                       FLAG_MOD_ADD,
+                                       "pwdLastSet")
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e54:
+            (num, msg) = e54.args
+            self.assertEqual(num, ERR_OTHER)
+            self.assertTrue('00000057' in msg)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["pls1"] = MessageElement(str(lastset),
+                                   FLAG_MOD_DELETE,
+                                   "pwdLastSet")
+        m["pls2"] = MessageElement(str(0),
+                                   FLAG_MOD_ADD,
+                                   "pwdLastSet")
+        ldb.modify(m)
+        res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["sAMAccountType", "userAccountControl", "pwdLastSet"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                         ATYPE_NORMAL_ACCOUNT)
+        self.assertEqual(int(res1[0]["userAccountControl"][0]),
+                         UF_NORMAL_ACCOUNT | UF_ACCOUNTDISABLE | UF_PASSWD_NOTREQD)
+        uac = int(res1[0]["userAccountControl"][0])
+        self.assertEqual(int(res1[0]["pwdLastSet"][0]), 0)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["uac1"] = MessageElement(str(uac |UF_PASSWORD_EXPIRED),
+                                   FLAG_MOD_REPLACE,
+                                   "userAccountControl")
+        ldb.modify(m)
+        res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["sAMAccountType", "userAccountControl", "pwdLastSet"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                         ATYPE_NORMAL_ACCOUNT)
+        self.assertEqual(int(res1[0]["userAccountControl"][0]),
+                         UF_NORMAL_ACCOUNT | UF_ACCOUNTDISABLE | UF_PASSWD_NOTREQD)
+        self.assertEqual(int(res1[0]["pwdLastSet"][0]), 0)
+
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+    def test_ldap_bind_must_change_pwd(self):
+        """Test the error messages for failing LDAP binds"""
+        print("Test the error messages for failing LDAP binds\n")
+
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+        def format_error_msg(hresult_v, dsid_v, werror_v):
+            #
+            # There are 4 lower case hex digits following 'v' at the end,
+            # but different Windows Versions return different values:
+            #
+            # Windows 2008R2 uses 'v1db1'
+            # Windows 2012R2 uses 'v2580'
+            #
+            return "%08X: LdapErr: DSID-%08X, comment: AcceptSecurityContext error, data %x, v" % (
+                    hresult_v, dsid_v, werror_v)
+
+        sasl_bind_dsid = 0x0C0904DC
+        simple_bind_dsid = 0x0C0903A9
+
+        error_msg_sasl_wrong_pw = format_error_msg(
+                                HRES_SEC_E_LOGON_DENIED,
+                                sasl_bind_dsid,
+                                werror.WERR_LOGON_FAILURE)
+        error_msg_sasl_must_change = format_error_msg(
+                                HRES_SEC_E_LOGON_DENIED,
+                                sasl_bind_dsid,
+                                werror.WERR_PASSWORD_MUST_CHANGE)
+        error_msg_simple_wrong_pw = format_error_msg(
+                                HRES_SEC_E_INVALID_TOKEN,
+                                simple_bind_dsid,
+                                werror.WERR_LOGON_FAILURE)
+        error_msg_simple_must_change = format_error_msg(
+                                HRES_SEC_E_INVALID_TOKEN,
+                                simple_bind_dsid,
+                                werror.WERR_PASSWORD_MUST_CHANGE)
+
+        username = "ldaptestuser"
+        password = "thatsAcomplPASS2"
+        utf16pw = ('"' + password + '"').encode('utf-16-le')
+
+        ldb.add({
+            "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+            "objectclass": "user",
+            "sAMAccountName": username,
+            "userAccountControl": str(UF_NORMAL_ACCOUNT),
+            "unicodePwd": utf16pw,
+        })
+
+        res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["sAMAccountName", "sAMAccountType", "userAccountControl", "pwdLastSet"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(str(res1[0]["sAMAccountName"][0]), username)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]), ATYPE_NORMAL_ACCOUNT)
+        self.assertEqual(int(res1[0]["userAccountControl"][0]), UF_NORMAL_ACCOUNT)
+        self.assertNotEqual(int(res1[0]["pwdLastSet"][0]), 0)
+
+        # Open a second LDB connection with the user credentials. Use the
+        # command line credentials for information like the domain, the realm
+        # and the workstation.
+        sasl_creds = Credentials()
+        sasl_creds.set_username(username)
+        sasl_creds.set_password(password)
+        sasl_creds.set_domain(creds.get_domain())
+        sasl_creds.set_workstation(creds.get_workstation())
+        sasl_creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
+        sasl_creds.set_kerberos_state(DONT_USE_KERBEROS)
+
+        sasl_wrong_creds = Credentials()
+        sasl_wrong_creds.set_username(username)
+        sasl_wrong_creds.set_password("wrong")
+        sasl_wrong_creds.set_domain(creds.get_domain())
+        sasl_wrong_creds.set_workstation(creds.get_workstation())
+        sasl_wrong_creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
+        sasl_wrong_creds.set_kerberos_state(DONT_USE_KERBEROS)
+
+        simple_creds = Credentials()
+        simple_creds.set_bind_dn("cn=ldaptestuser,cn=users," + self.base_dn)
+        simple_creds.set_username(username)
+        simple_creds.set_password(password)
+        simple_creds.set_domain(creds.get_domain())
+        simple_creds.set_workstation(creds.get_workstation())
+        simple_creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
+        simple_creds.set_kerberos_state(DONT_USE_KERBEROS)
+
+        simple_wrong_creds = Credentials()
+        simple_wrong_creds.set_bind_dn("cn=ldaptestuser,cn=users," + self.base_dn)
+        simple_wrong_creds.set_username(username)
+        simple_wrong_creds.set_password("wrong")
+        simple_wrong_creds.set_domain(creds.get_domain())
+        simple_wrong_creds.set_workstation(creds.get_workstation())
+        simple_wrong_creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
+        simple_wrong_creds.set_kerberos_state(DONT_USE_KERBEROS)
+
+        sasl_ldb = SamDB(url=host, credentials=sasl_creds, lp=lp)
+        self.assertIsNotNone(sasl_ldb)
+        del sasl_ldb
+
+        requires_strong_auth = False
+        try:
+            simple_ldb = SamDB(url=host, credentials=simple_creds, lp=lp)
+            self.assertIsNotNone(simple_ldb)
+            del simple_ldb
+        except LdbError as e55:
+            (num, msg) = e55.args
+            if num != ERR_STRONG_AUTH_REQUIRED:
+                raise
+            requires_strong_auth = True
+
+        def assertLDAPErrorMsg(msg, expected_msg):
+            self.assertTrue(expected_msg in msg,
+                            "msg[%s] does not contain expected[%s]" % (
+                                msg, expected_msg))
+
+        try:
+            SamDB(url=host, credentials=sasl_wrong_creds, lp=lp)
+            self.fail()
+        except LdbError as e56:
+            (num, msg) = e56.args
+            self.assertEqual(num, ERR_INVALID_CREDENTIALS)
+            self.assertTrue(error_msg_sasl_wrong_pw in msg)
+
+        if not requires_strong_auth:
+            try:
+                SamDB(url=host, credentials=simple_wrong_creds, lp=lp)
+                self.fail()
+            except LdbError as e4:
+                (num, msg) = e4.args
+                self.assertEqual(num, ERR_INVALID_CREDENTIALS)
+                assertLDAPErrorMsg(msg, error_msg_simple_wrong_pw)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["pls1"] = MessageElement(str(0),
+                                   FLAG_MOD_REPLACE,
+                                   "pwdLastSet")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["pwdLastSet"])
+        self.assertEqual(int(res1[0]["pwdLastSet"][0]), 0)
+
+        try:
+            SamDB(url=host, credentials=sasl_wrong_creds, lp=lp)
+            self.fail()
+        except LdbError as e57:
+            (num, msg) = e57.args
+            self.assertEqual(num, ERR_INVALID_CREDENTIALS)
+            assertLDAPErrorMsg(msg, error_msg_sasl_wrong_pw)
+
+        try:
+            SamDB(url=host, credentials=sasl_creds, lp=lp)
+            self.fail()
+        except LdbError as e58:
+            (num, msg) = e58.args
+            self.assertEqual(num, ERR_INVALID_CREDENTIALS)
+            assertLDAPErrorMsg(msg, error_msg_sasl_must_change)
+
+        if not requires_strong_auth:
+            try:
+                SamDB(url=host, credentials=simple_wrong_creds, lp=lp)
+                self.fail()
+            except LdbError as e5:
+                (num, msg) = e5.args
+                self.assertEqual(num, ERR_INVALID_CREDENTIALS)
+                assertLDAPErrorMsg(msg, error_msg_simple_wrong_pw)
+
+            try:
+                SamDB(url=host, credentials=simple_creds, lp=lp)
+                self.fail()
+            except LdbError as e6:
+                (num, msg) = e6.args
+                self.assertEqual(num, ERR_INVALID_CREDENTIALS)
+                assertLDAPErrorMsg(msg, error_msg_simple_must_change)
+
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+    def test_userAccountControl_user_add_0_uac(self):
+        """Test the userAccountControl behaviour"""
+        print("Testing userAccountControl behaviour\n")
+
+        # With a user object
+
+        # Add operation
+
+        # As user you can only set a normal account.
+        # The UF_PASSWD_NOTREQD flag is needed since we haven't requested a
+        # password yet.
+        # With SYSTEM rights you can set a interdomain trust account.
+
+        ldb.add({
+            "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+            "objectclass": "user",
+            "userAccountControl": "0"})
+
+        res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["sAMAccountType", "userAccountControl"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_NORMAL_ACCOUNT)
+        self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_ACCOUNTDISABLE == 0)
+        self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_PASSWD_NOTREQD == 0)
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+    def test_userAccountControl_user_add_normal(self):
+        """Test the userAccountControl behaviour"""
+        ldb.add({
+            "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+            "objectclass": "user",
+            "userAccountControl": str(UF_NORMAL_ACCOUNT)})
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+    def test_userAccountControl_user_add_normal_pwnotreq(self):
+        ldb.add({
+            "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+            "objectclass": "user",
+            "userAccountControl": str(UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD)})
+
+        res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["sAMAccountType", "userAccountControl"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_NORMAL_ACCOUNT)
+        self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_ACCOUNTDISABLE == 0)
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+    def test_userAccountControl_user_add_normal_pwnotreq_lockout_expired(self):
+        ldb.add({
+            "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+            "objectclass": "user",
+            "userAccountControl": str(UF_NORMAL_ACCOUNT |
+                                      UF_PASSWD_NOTREQD |
+                                      UF_LOCKOUT |
+                                      UF_PASSWORD_EXPIRED)})
+
+        res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["sAMAccountType", "userAccountControl", "lockoutTime", "pwdLastSet"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_NORMAL_ACCOUNT)
+        self.assertTrue(int(res1[0]["userAccountControl"][0]) & (UF_LOCKOUT | UF_PASSWORD_EXPIRED) == 0)
+        self.assertFalse("lockoutTime" in res1[0])
+        self.assertTrue(int(res1[0]["pwdLastSet"][0]) == 0)
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+    def test_userAccountControl_user_add_temp_dup(self):
+        try:
+            ldb.add({
+                "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+                "objectclass": "user",
+                "userAccountControl": str(UF_TEMP_DUPLICATE_ACCOUNT)})
+            self.fail()
+        except LdbError as e59:
+            (num, _) = e59.args
+            self.assertEqual(num, ERR_OTHER)
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+    def test_userAccountControl_user_add_server(self):
+        try:
+            ldb.add({
+                "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+                "objectclass": "user",
+                "userAccountControl": str(UF_SERVER_TRUST_ACCOUNT)})
+            self.fail()
+        except LdbError as e60:
+            (num, _) = e60.args
+            self.assertEqual(num, ERR_OBJECT_CLASS_VIOLATION)
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+    def test_userAccountControl_user_add_workstation(self):
+        try:
+            ldb.add({
+                "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+                "objectclass": "user",
+                "userAccountControl": str(UF_WORKSTATION_TRUST_ACCOUNT)})
+        except LdbError as e61:
+            (num, _) = e61.args
+            self.assertEqual(num, ERR_OBJECT_CLASS_VIOLATION)
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+    def test_userAccountControl_user_add_rodc(self):
+        try:
+            ldb.add({
+                "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+                "objectclass": "user",
+                "userAccountControl": str(UF_WORKSTATION_TRUST_ACCOUNT | UF_PARTIAL_SECRETS_ACCOUNT)})
+        except LdbError as e62:
+            (num, _) = e62.args
+            self.assertEqual(num, ERR_OBJECT_CLASS_VIOLATION)
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+    def test_userAccountControl_user_add_trust(self):
+        try:
+            ldb.add({
+                "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+                "objectclass": "user",
+                "userAccountControl": str(UF_INTERDOMAIN_TRUST_ACCOUNT)})
+            self.fail()
+        except LdbError as e63:
+            (num, _) = e63.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+        # Modify operation
+
+    def test_userAccountControl_user_modify(self):
+        ldb.add({
+            "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+            "objectclass": "user"})
+
+        # After creation we should have a normal account
+        res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["sAMAccountType", "userAccountControl"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_NORMAL_ACCOUNT)
+        self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_ACCOUNTDISABLE != 0)
+
+        # As user you can only switch from a normal account to a workstation
+        # trust account and back.
+        # The UF_PASSWD_NOTREQD flag is needed since we haven't requested a
+        # password yet.
+        # With SYSTEM rights you can switch to a interdomain trust account.
+
+        # Invalid attribute
+        try:
+            m = Message()
+            m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+            m["userAccountControl"] = MessageElement("0",
+                                                     FLAG_MOD_REPLACE, "userAccountControl")
+            ldb.modify(m)
+        except LdbError as e64:
+            (num, _) = e64.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        try:
+            m = Message()
+            m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+            m["userAccountControl"] = MessageElement(
+                str(UF_NORMAL_ACCOUNT),
+                FLAG_MOD_REPLACE, "userAccountControl")
+            ldb.modify(m)
+        except LdbError as e65:
+            (num, _) = e65.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["userAccountControl"] = MessageElement(
+            str(UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD),
+            FLAG_MOD_REPLACE, "userAccountControl")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["sAMAccountType", "userAccountControl"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_NORMAL_ACCOUNT)
+        self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_ACCOUNTDISABLE == 0)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["userAccountControl"] = MessageElement(
+            str(UF_ACCOUNTDISABLE),
+            FLAG_MOD_REPLACE, "userAccountControl")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["sAMAccountType", "userAccountControl"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_NORMAL_ACCOUNT)
+        self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_NORMAL_ACCOUNT != 0)
+        self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_ACCOUNTDISABLE != 0)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["lockoutTime"] = MessageElement(str(samba.unix2nttime(0)), FLAG_MOD_REPLACE, "lockoutTime")
+        m["pwdLastSet"] = MessageElement(str(samba.unix2nttime(0)), FLAG_MOD_REPLACE, "pwdLastSet")
+        ldb.modify(m)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["userAccountControl"] = MessageElement(
+            str(UF_LOCKOUT | UF_PASSWORD_EXPIRED),
+            FLAG_MOD_REPLACE, "userAccountControl")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["sAMAccountType", "userAccountControl", "lockoutTime", "pwdLastSet"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_NORMAL_ACCOUNT)
+        self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_NORMAL_ACCOUNT != 0)
+        self.assertTrue(int(res1[0]["userAccountControl"][0]) & (UF_LOCKOUT | UF_PASSWORD_EXPIRED) == 0)
+        self.assertTrue(int(res1[0]["lockoutTime"][0]) == 0)
+        self.assertTrue(int(res1[0]["pwdLastSet"][0]) == 0)
+
+        try:
+            m = Message()
+            m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+            m["userAccountControl"] = MessageElement(
+                str(UF_TEMP_DUPLICATE_ACCOUNT),
+                FLAG_MOD_REPLACE, "userAccountControl")
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e66:
+            (num, _) = e66.args
+            self.assertEqual(num, ERR_OTHER)
+
+        try:
+            m = Message()
+            m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+            m["userAccountControl"] = MessageElement(
+                str(UF_SERVER_TRUST_ACCOUNT),
+                FLAG_MOD_REPLACE, "userAccountControl")
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e67:
+            (num, _) = e67.args
+            self.assertEqual(num, ERR_OBJECT_CLASS_VIOLATION)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["userAccountControl"] = MessageElement(
+            str(UF_WORKSTATION_TRUST_ACCOUNT),
+            FLAG_MOD_REPLACE, "userAccountControl")
+        ldb.modify(m)
+
+        try:
+            m = Message()
+            m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+            m["userAccountControl"] = MessageElement(
+                str(UF_WORKSTATION_TRUST_ACCOUNT | UF_PARTIAL_SECRETS_ACCOUNT),
+                FLAG_MOD_REPLACE, "userAccountControl")
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e68:
+            (num, _) = e68.args
+            self.assertEqual(num, ERR_OBJECT_CLASS_VIOLATION)
+
+        res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountType"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_WORKSTATION_TRUST)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["userAccountControl"] = MessageElement(
+            str(UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD),
+            FLAG_MOD_REPLACE, "userAccountControl")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountType"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_NORMAL_ACCOUNT)
+
+        try:
+            m = Message()
+            m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+            m["userAccountControl"] = MessageElement(
+                str(UF_INTERDOMAIN_TRUST_ACCOUNT),
+                FLAG_MOD_REPLACE, "userAccountControl")
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e69:
+            (num, _) = e69.args
+            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+
+    def test_userAccountControl_computer_add_0_uac(self):
+        # With a computer object
+
+        # Add operation
+
+        # As computer you can set a normal account and a server trust account.
+        # The UF_PASSWD_NOTREQD flag is needed since we haven't requested a
+        # password yet.
+        # With SYSTEM rights you can set a interdomain trust account.
+
+        ldb.add({
+            "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
+            "objectclass": "computer",
+            "userAccountControl": "0"})
+
+        res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["sAMAccountType", "userAccountControl"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_WORKSTATION_TRUST)
+        self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_ACCOUNTDISABLE == 0)
+        self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_PASSWD_NOTREQD == 0)
+        delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+
+    def test_userAccountControl_computer_add_normal(self):
+        ldb.add({
+            "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
+            "objectclass": "computer",
+            "userAccountControl": str(UF_NORMAL_ACCOUNT)})
+        delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+
+    def test_userAccountControl_computer_add_normal_pwnotreqd(self):
+        ldb.add({
+            "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
+            "objectclass": "computer",
+            "userAccountControl": str(UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD)})
+
+        res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["sAMAccountType", "userAccountControl"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_NORMAL_ACCOUNT)
+        self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_ACCOUNTDISABLE == 0)
+        delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+
+    def test_userAccountControl_computer_add_normal_pwnotreqd_lockout_expired(self):
+        ldb.add({
+            "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
+            "objectclass": "computer",
+            "userAccountControl": str(UF_NORMAL_ACCOUNT |
+                                      UF_PASSWD_NOTREQD |
+                                      UF_LOCKOUT |
+                                      UF_PASSWORD_EXPIRED)})
+
+        res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["sAMAccountType", "userAccountControl", "lockoutTime", "pwdLastSet"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_NORMAL_ACCOUNT)
+        self.assertTrue(int(res1[0]["userAccountControl"][0]) & (UF_LOCKOUT | UF_PASSWORD_EXPIRED) == 0)
+        self.assertFalse("lockoutTime" in res1[0])
+        self.assertTrue(int(res1[0]["pwdLastSet"][0]) == 0)
+        delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+
+    def test_userAccountControl_computer_add_temp_dup(self):
+        try:
+            ldb.add({
+                "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                "objectclass": "computer",
+                "userAccountControl": str(UF_TEMP_DUPLICATE_ACCOUNT)})
+            self.fail()
+        except LdbError as e70:
+            (num, _) = e70.args
+            self.assertEqual(num, ERR_OTHER)
+        delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+
+    def test_userAccountControl_computer_add_server(self):
+        ldb.add({
+            "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
+            "objectclass": "computer",
+            "userAccountControl": str(UF_SERVER_TRUST_ACCOUNT)})
+
+        res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountType"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_WORKSTATION_TRUST)
+        delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+
+    def test_userAccountControl_computer_add_workstation(self):
+        try:
+            ldb.add({
+                "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                "objectclass": "computer",
+                "userAccountControl": str(UF_WORKSTATION_TRUST_ACCOUNT)})
+        except LdbError as e71:
+            (num, _) = e71.args
+            self.assertEqual(num, ERR_OBJECT_CLASS_VIOLATION)
+        delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+
+    def test_userAccountControl_computer_add_trust(self):
+        try:
+            ldb.add({
+                "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                "objectclass": "computer",
+                "userAccountControl": str(UF_INTERDOMAIN_TRUST_ACCOUNT)})
+            self.fail()
+        except LdbError as e72:
+            (num, _) = e72.args
+            self.assertEqual(num, ERR_OBJECT_CLASS_VIOLATION)
+        delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+
+    def test_userAccountControl_computer_modify(self):
+        # Modify operation
+
+        ldb.add({
+            "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
+            "objectclass": "computer"})
+
+        # After creation we should have a normal account
+        res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["sAMAccountType", "userAccountControl"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_WORKSTATION_TRUST)
+        self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_ACCOUNTDISABLE != 0)
+
+        # As computer you can switch from a normal account to a workstation
+        # or server trust account and back (also swapping between trust
+        # accounts is allowed).
+        # The UF_PASSWD_NOTREQD flag is needed since we haven't requested a
+        # password yet.
+        # With SYSTEM rights you can switch to a interdomain trust account.
+
+        # Invalid attribute
+        try:
+            m = Message()
+            m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+            m["userAccountControl"] = MessageElement("0",
+                                                     FLAG_MOD_REPLACE, "userAccountControl")
+            ldb.modify(m)
+        except LdbError as e73:
+            (num, _) = e73.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        try:
+            m = Message()
+            m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+            m["userAccountControl"] = MessageElement(
+                str(UF_NORMAL_ACCOUNT),
+                FLAG_MOD_REPLACE, "userAccountControl")
+            ldb.modify(m)
+        except LdbError as e74:
+            (num, _) = e74.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["userAccountControl"] = MessageElement(
+            str(UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD),
+            FLAG_MOD_REPLACE, "userAccountControl")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["sAMAccountType", "userAccountControl"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_NORMAL_ACCOUNT)
+        self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_ACCOUNTDISABLE == 0)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["userAccountControl"] = MessageElement(
+            str(UF_ACCOUNTDISABLE),
+            FLAG_MOD_REPLACE, "userAccountControl")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["sAMAccountType", "userAccountControl"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_NORMAL_ACCOUNT)
+        self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_NORMAL_ACCOUNT != 0)
+        self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_ACCOUNTDISABLE != 0)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["lockoutTime"] = MessageElement(str(samba.unix2nttime(0)), FLAG_MOD_REPLACE, "lockoutTime")
+        m["pwdLastSet"] = MessageElement(str(samba.unix2nttime(0)), FLAG_MOD_REPLACE, "pwdLastSet")
+        ldb.modify(m)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["userAccountControl"] = MessageElement(
+            str(UF_LOCKOUT | UF_PASSWORD_EXPIRED),
+            FLAG_MOD_REPLACE, "userAccountControl")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["sAMAccountType", "userAccountControl", "lockoutTime", "pwdLastSet"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_NORMAL_ACCOUNT)
+        self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_NORMAL_ACCOUNT != 0)
+        self.assertTrue(int(res1[0]["userAccountControl"][0]) & (UF_LOCKOUT | UF_PASSWORD_EXPIRED) == 0)
+        self.assertTrue(int(res1[0]["lockoutTime"][0]) == 0)
+        self.assertTrue(int(res1[0]["pwdLastSet"][0]) == 0)
+
+        try:
+            m = Message()
+            m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+            m["userAccountControl"] = MessageElement(
+                str(UF_TEMP_DUPLICATE_ACCOUNT),
+                FLAG_MOD_REPLACE, "userAccountControl")
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e75:
+            (num, _) = e75.args
+            self.assertEqual(num, ERR_OTHER)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["userAccountControl"] = MessageElement(
+            str(UF_SERVER_TRUST_ACCOUNT),
+            FLAG_MOD_REPLACE, "userAccountControl")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountType"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_WORKSTATION_TRUST)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["userAccountControl"] = MessageElement(
+            str(UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD),
+            FLAG_MOD_REPLACE, "userAccountControl")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountType"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_NORMAL_ACCOUNT)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["userAccountControl"] = MessageElement(
+            str(UF_WORKSTATION_TRUST_ACCOUNT),
+            FLAG_MOD_REPLACE, "userAccountControl")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountType"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_WORKSTATION_TRUST)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["userAccountControl"] = MessageElement(
+            str(UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD),
+            FLAG_MOD_REPLACE, "userAccountControl")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountType"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_NORMAL_ACCOUNT)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["userAccountControl"] = MessageElement(
+            str(UF_SERVER_TRUST_ACCOUNT),
+            FLAG_MOD_REPLACE, "userAccountControl")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountType"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_WORKSTATION_TRUST)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["userAccountControl"] = MessageElement(
+            str(UF_WORKSTATION_TRUST_ACCOUNT),
+            FLAG_MOD_REPLACE, "userAccountControl")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["sAMAccountType"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["sAMAccountType"][0]),
+                          ATYPE_WORKSTATION_TRUST)
+
+        try:
+            m = Message()
+            m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+            m["userAccountControl"] = MessageElement(
+                str(UF_INTERDOMAIN_TRUST_ACCOUNT),
+                FLAG_MOD_REPLACE, "userAccountControl")
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e76:
+            (num, _) = e76.args
+            self.assertEqual(num, ERR_OBJECT_CLASS_VIOLATION)
+
+        # "primaryGroupID" does not change if account type remains the same
+
+        # For a user account
+
+        ldb.add({
+            "dn": "cn=ldaptestuser2,cn=users," + self.base_dn,
+            "objectclass": "user",
+            "userAccountControl": str(UF_NORMAL_ACCOUNT |
+                                      UF_PASSWD_NOTREQD |
+                                      UF_ACCOUNTDISABLE)})
+
+        res1 = ldb.search("cn=ldaptestuser2,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["userAccountControl"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["userAccountControl"][0]),
+                          UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE)
+
+        m = Message()
+        m.dn = Dn(ldb, "<SID=" + ldb.get_domain_sid() + "-" + str(DOMAIN_RID_ADMINS) + ">")
+        m["member"] = MessageElement(
+            "cn=ldaptestuser2,cn=users," + self.base_dn, FLAG_MOD_ADD, "member")
+        ldb.modify(m)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
+        m["primaryGroupID"] = MessageElement(str(DOMAIN_RID_ADMINS),
+                                             FLAG_MOD_REPLACE, "primaryGroupID")
+        ldb.modify(m)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
+        m["userAccountControl"] = MessageElement(
+            str(UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD),
+            FLAG_MOD_REPLACE, "userAccountControl")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestuser2,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["userAccountControl", "primaryGroupID"])
+        self.assertTrue(len(res1) == 1)
+        self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_ACCOUNTDISABLE == 0)
+        self.assertEqual(int(res1[0]["primaryGroupID"][0]), DOMAIN_RID_ADMINS)
+
+        # For a workstation account
+
+        res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["primaryGroupID"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["primaryGroupID"][0]), DOMAIN_RID_DOMAIN_MEMBERS)
+
+        m = Message()
+        m.dn = Dn(ldb, "<SID=" + ldb.get_domain_sid() + "-" + str(DOMAIN_RID_USERS) + ">")
+        m["member"] = MessageElement(
+            "cn=ldaptestcomputer,cn=computers," + self.base_dn, FLAG_MOD_ADD, "member")
+        ldb.modify(m)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["primaryGroupID"] = MessageElement(str(DOMAIN_RID_USERS),
+                                             FLAG_MOD_REPLACE, "primaryGroupID")
+        ldb.modify(m)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["userAccountControl"] = MessageElement(
+            str(UF_WORKSTATION_TRUST_ACCOUNT),
+            FLAG_MOD_REPLACE, "userAccountControl")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["primaryGroupID"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(int(res1[0]["primaryGroupID"][0]), DOMAIN_RID_USERS)
+
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+
+    def find_repl_meta_data(self, rpmd, attid):
+        for i in range(0, rpmd.ctr.count):
+            m = rpmd.ctr.array[i]
+            if m.attid == attid:
+                return m
+        return None
+
+    def test_smartcard_required1(self):
+        """Test the UF_SMARTCARD_REQUIRED behaviour"""
+        print("Testing UF_SMARTCARD_REQUIRED behaviour\n")
+
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+        ldb.add({
+            "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+            "objectclass": "user",
+            "userAccountControl": str(UF_NORMAL_ACCOUNT),
+            "unicodePwd": "\"thatsAcomplPASS2\"".encode('utf-16-le')
+        })
+
+        res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                         scope=SCOPE_BASE,
+                         attrs=["sAMAccountType", "userAccountControl",
+                                "pwdLastSet", "msDS-KeyVersionNumber",
+                                "replPropertyMetaData"])
+        self.assertTrue(len(res) == 1)
+        self.assertEqual(int(res[0]["sAMAccountType"][0]),
+                         ATYPE_NORMAL_ACCOUNT)
+        self.assertEqual(int(res[0]["userAccountControl"][0]),
+                         UF_NORMAL_ACCOUNT)
+        self.assertNotEqual(int(res[0]["pwdLastSet"][0]), 0)
+        lastset = int(res[0]["pwdLastSet"][0])
+        self.assertEqual(int(res[0]["msDS-KeyVersionNumber"][0]), 1)
+        self.assertTrue(len(res[0]["replPropertyMetaData"]) == 1)
+        rpmd = ndr_unpack(drsblobs.replPropertyMetaDataBlob,
+                          res[0]["replPropertyMetaData"][0])
+        lastsetmd = self.find_repl_meta_data(rpmd,
+                                             drsuapi.DRSUAPI_ATTID_pwdLastSet)
+        self.assertIsNotNone(lastsetmd)
+        self.assertEqual(lastsetmd.version, 1)
+        nthashmd = self.find_repl_meta_data(rpmd,
+                                            drsuapi.DRSUAPI_ATTID_unicodePwd)
+        self.assertIsNotNone(nthashmd)
+        self.assertEqual(nthashmd.version, 1)
+        nthistmd = self.find_repl_meta_data(rpmd,
+                                            drsuapi.DRSUAPI_ATTID_ntPwdHistory)
+        self.assertIsNotNone(nthistmd)
+        self.assertEqual(nthistmd.version, 1)
+        lmhashmd = self.find_repl_meta_data(rpmd,
+                                            drsuapi.DRSUAPI_ATTID_dBCSPwd)
+        self.assertIsNotNone(lmhashmd)
+        self.assertEqual(lmhashmd.version, 1)
+        lmhistmd = self.find_repl_meta_data(rpmd,
+                                            drsuapi.DRSUAPI_ATTID_lmPwdHistory)
+        self.assertIsNotNone(lmhistmd)
+        self.assertEqual(lmhistmd.version, 1)
+        spcbmd = self.find_repl_meta_data(rpmd,
+                                          drsuapi.DRSUAPI_ATTID_supplementalCredentials)
+        self.assertIsNotNone(spcbmd)
+        self.assertEqual(spcbmd.version, 1)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["userAccountControl"] = MessageElement(
+            str(UF_NORMAL_ACCOUNT |UF_SMARTCARD_REQUIRED),
+            FLAG_MOD_REPLACE, "userAccountControl")
+        ldb.modify(m)
+
+        res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                         scope=SCOPE_BASE,
+                         attrs=["sAMAccountType", "userAccountControl",
+                                "pwdLastSet", "msDS-KeyVersionNumber",
+                                "replPropertyMetaData"])
+        self.assertTrue(len(res) == 1)
+        self.assertEqual(int(res[0]["sAMAccountType"][0]),
+                         ATYPE_NORMAL_ACCOUNT)
+        self.assertEqual(int(res[0]["userAccountControl"][0]),
+                         UF_NORMAL_ACCOUNT |UF_SMARTCARD_REQUIRED)
+        self.assertEqual(int(res[0]["pwdLastSet"][0]), lastset)
+        self.assertEqual(int(res[0]["msDS-KeyVersionNumber"][0]), 2)
+        self.assertTrue(len(res[0]["replPropertyMetaData"]) == 1)
+        rpmd = ndr_unpack(drsblobs.replPropertyMetaDataBlob,
+                          res[0]["replPropertyMetaData"][0])
+        lastsetmd = self.find_repl_meta_data(rpmd,
+                                             drsuapi.DRSUAPI_ATTID_pwdLastSet)
+        self.assertIsNotNone(lastsetmd)
+        self.assertEqual(lastsetmd.version, 1)
+        nthashmd = self.find_repl_meta_data(rpmd,
+                                            drsuapi.DRSUAPI_ATTID_unicodePwd)
+        self.assertIsNotNone(nthashmd)
+        self.assertEqual(nthashmd.version, 2)
+        nthistmd = self.find_repl_meta_data(rpmd,
+                                            drsuapi.DRSUAPI_ATTID_ntPwdHistory)
+        self.assertIsNotNone(nthistmd)
+        self.assertEqual(nthistmd.version, 2)
+        lmhashmd = self.find_repl_meta_data(rpmd,
+                                            drsuapi.DRSUAPI_ATTID_dBCSPwd)
+        self.assertIsNotNone(lmhashmd)
+        self.assertEqual(lmhashmd.version, 2)
+        lmhistmd = self.find_repl_meta_data(rpmd,
+                                            drsuapi.DRSUAPI_ATTID_lmPwdHistory)
+        self.assertIsNotNone(lmhistmd)
+        self.assertEqual(lmhistmd.version, 2)
+        spcbmd = self.find_repl_meta_data(rpmd,
+                                          drsuapi.DRSUAPI_ATTID_supplementalCredentials)
+        self.assertIsNotNone(spcbmd)
+        self.assertEqual(spcbmd.version, 2)
+
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+    def test_smartcard_required2(self):
+        """Test the UF_SMARTCARD_REQUIRED behaviour"""
+        print("Testing UF_SMARTCARD_REQUIRED behaviour\n")
+
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+        ldb.add({
+            "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+            "objectclass": "user",
+            "userAccountControl": str(UF_NORMAL_ACCOUNT |UF_ACCOUNTDISABLE),
+        })
+
+        res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                         scope=SCOPE_BASE,
+                         attrs=["sAMAccountType", "userAccountControl",
+                                "pwdLastSet", "msDS-KeyVersionNumber",
+                                "replPropertyMetaData"])
+        self.assertTrue(len(res) == 1)
+        self.assertEqual(int(res[0]["sAMAccountType"][0]),
+                         ATYPE_NORMAL_ACCOUNT)
+        self.assertEqual(int(res[0]["userAccountControl"][0]),
+                         UF_NORMAL_ACCOUNT |UF_ACCOUNTDISABLE)
+        self.assertEqual(int(res[0]["pwdLastSet"][0]), 0)
+        self.assertTrue("msDS-KeyVersionNumber" in res[0])
+        self.assertEqual(int(res[0]["msDS-KeyVersionNumber"][0]), 1)
+        self.assertTrue(len(res[0]["replPropertyMetaData"]) == 1)
+        rpmd = ndr_unpack(drsblobs.replPropertyMetaDataBlob,
+                          res[0]["replPropertyMetaData"][0])
+        lastsetmd = self.find_repl_meta_data(rpmd,
+                                             drsuapi.DRSUAPI_ATTID_pwdLastSet)
+        self.assertIsNotNone(lastsetmd)
+        self.assertEqual(lastsetmd.version, 1)
+        nthashmd = self.find_repl_meta_data(rpmd,
+                                            drsuapi.DRSUAPI_ATTID_unicodePwd)
+        self.assertIsNotNone(nthashmd)
+        self.assertEqual(nthashmd.version, 1)
+        nthistmd = self.find_repl_meta_data(rpmd,
+                                            drsuapi.DRSUAPI_ATTID_ntPwdHistory)
+        self.assertIsNotNone(nthistmd)
+        self.assertEqual(nthistmd.version, 1)
+        lmhashmd = self.find_repl_meta_data(rpmd,
+                                            drsuapi.DRSUAPI_ATTID_dBCSPwd)
+        self.assertIsNotNone(lmhashmd)
+        self.assertEqual(lmhashmd.version, 1)
+        lmhistmd = self.find_repl_meta_data(rpmd,
+                                            drsuapi.DRSUAPI_ATTID_lmPwdHistory)
+        self.assertIsNotNone(lmhistmd)
+        self.assertEqual(lmhistmd.version, 1)
+        spcbmd = self.find_repl_meta_data(rpmd,
+                                          drsuapi.DRSUAPI_ATTID_supplementalCredentials)
+        self.assertIsNone(spcbmd)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["userAccountControl"] = MessageElement(
+            str(UF_NORMAL_ACCOUNT |UF_ACCOUNTDISABLE |UF_SMARTCARD_REQUIRED),
+            FLAG_MOD_REPLACE, "userAccountControl")
+        ldb.modify(m)
+
+        res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                         scope=SCOPE_BASE,
+                         attrs=["sAMAccountType", "userAccountControl",
+                                "pwdLastSet", "msDS-KeyVersionNumber",
+                                "replPropertyMetaData"])
+        self.assertTrue(len(res) == 1)
+        self.assertEqual(int(res[0]["sAMAccountType"][0]),
+                         ATYPE_NORMAL_ACCOUNT)
+        self.assertEqual(int(res[0]["userAccountControl"][0]),
+                         UF_NORMAL_ACCOUNT |UF_ACCOUNTDISABLE |UF_SMARTCARD_REQUIRED)
+        self.assertEqual(int(res[0]["pwdLastSet"][0]), 0)
+        self.assertEqual(int(res[0]["msDS-KeyVersionNumber"][0]), 2)
+        self.assertTrue(len(res[0]["replPropertyMetaData"]) == 1)
+        rpmd = ndr_unpack(drsblobs.replPropertyMetaDataBlob,
+                          res[0]["replPropertyMetaData"][0])
+        lastsetmd = self.find_repl_meta_data(rpmd,
+                                             drsuapi.DRSUAPI_ATTID_pwdLastSet)
+        self.assertIsNotNone(lastsetmd)
+        self.assertEqual(lastsetmd.version, 1)
+        nthashmd = self.find_repl_meta_data(rpmd,
+                                            drsuapi.DRSUAPI_ATTID_unicodePwd)
+        self.assertIsNotNone(nthashmd)
+        self.assertEqual(nthashmd.version, 2)
+        nthistmd = self.find_repl_meta_data(rpmd,
+                                            drsuapi.DRSUAPI_ATTID_ntPwdHistory)
+        self.assertIsNotNone(nthistmd)
+        self.assertEqual(nthistmd.version, 2)
+        lmhashmd = self.find_repl_meta_data(rpmd,
+                                            drsuapi.DRSUAPI_ATTID_dBCSPwd)
+        self.assertIsNotNone(lmhashmd)
+        self.assertEqual(lmhashmd.version, 2)
+        lmhistmd = self.find_repl_meta_data(rpmd,
+                                            drsuapi.DRSUAPI_ATTID_lmPwdHistory)
+        self.assertIsNotNone(lmhistmd)
+        self.assertEqual(lmhistmd.version, 2)
+        spcbmd = self.find_repl_meta_data(rpmd,
+                                          drsuapi.DRSUAPI_ATTID_supplementalCredentials)
+        self.assertIsNotNone(spcbmd)
+        self.assertEqual(spcbmd.version, 1)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["userAccountControl"] = MessageElement(
+            str(UF_NORMAL_ACCOUNT |UF_SMARTCARD_REQUIRED),
+            FLAG_MOD_REPLACE, "userAccountControl")
+        ldb.modify(m)
+
+        res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                         scope=SCOPE_BASE,
+                         attrs=["sAMAccountType", "userAccountControl",
+                                "pwdLastSet", "msDS-KeyVersionNumber",
+                                "replPropertyMetaData"])
+        self.assertTrue(len(res) == 1)
+        self.assertEqual(int(res[0]["sAMAccountType"][0]),
+                         ATYPE_NORMAL_ACCOUNT)
+        self.assertEqual(int(res[0]["userAccountControl"][0]),
+                         UF_NORMAL_ACCOUNT |UF_SMARTCARD_REQUIRED)
+        self.assertEqual(int(res[0]["pwdLastSet"][0]), 0)
+        self.assertEqual(int(res[0]["msDS-KeyVersionNumber"][0]), 2)
+        self.assertTrue(len(res[0]["replPropertyMetaData"]) == 1)
+        rpmd = ndr_unpack(drsblobs.replPropertyMetaDataBlob,
+                          res[0]["replPropertyMetaData"][0])
+        lastsetmd = self.find_repl_meta_data(rpmd,
+                                             drsuapi.DRSUAPI_ATTID_pwdLastSet)
+        self.assertIsNotNone(lastsetmd)
+        self.assertEqual(lastsetmd.version, 1)
+        nthashmd = self.find_repl_meta_data(rpmd,
+                                            drsuapi.DRSUAPI_ATTID_unicodePwd)
+        self.assertIsNotNone(nthashmd)
+        self.assertEqual(nthashmd.version, 2)
+        nthistmd = self.find_repl_meta_data(rpmd,
+                                            drsuapi.DRSUAPI_ATTID_ntPwdHistory)
+        self.assertIsNotNone(nthistmd)
+        self.assertEqual(nthistmd.version, 2)
+        lmhashmd = self.find_repl_meta_data(rpmd,
+                                            drsuapi.DRSUAPI_ATTID_dBCSPwd)
+        self.assertIsNotNone(lmhashmd)
+        self.assertEqual(lmhashmd.version, 2)
+        lmhistmd = self.find_repl_meta_data(rpmd,
+                                            drsuapi.DRSUAPI_ATTID_lmPwdHistory)
+        self.assertIsNotNone(lmhistmd)
+        self.assertEqual(lmhistmd.version, 2)
+        spcbmd = self.find_repl_meta_data(rpmd,
+                                          drsuapi.DRSUAPI_ATTID_supplementalCredentials)
+        self.assertIsNotNone(spcbmd)
+        self.assertEqual(spcbmd.version, 1)
+
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+    def test_smartcard_required3(self):
+        """Test the UF_SMARTCARD_REQUIRED behaviour"""
+        print("Testing UF_SMARTCARD_REQUIRED behaviour\n")
+
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+        ldb.add({
+            "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+            "objectclass": "user",
+            "userAccountControl": str(UF_NORMAL_ACCOUNT |UF_SMARTCARD_REQUIRED |UF_ACCOUNTDISABLE),
+        })
+
+        res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                         scope=SCOPE_BASE,
+                         attrs=["sAMAccountType", "userAccountControl",
+                                "pwdLastSet", "msDS-KeyVersionNumber",
+                                "replPropertyMetaData"])
+        self.assertTrue(len(res) == 1)
+        self.assertEqual(int(res[0]["sAMAccountType"][0]),
+                         ATYPE_NORMAL_ACCOUNT)
+        self.assertEqual(int(res[0]["userAccountControl"][0]),
+                         UF_NORMAL_ACCOUNT |UF_SMARTCARD_REQUIRED |UF_ACCOUNTDISABLE)
+        self.assertEqual(int(res[0]["pwdLastSet"][0]), 0)
+        self.assertEqual(int(res[0]["msDS-KeyVersionNumber"][0]), 1)
+        self.assertTrue(len(res[0]["replPropertyMetaData"]) == 1)
+        rpmd = ndr_unpack(drsblobs.replPropertyMetaDataBlob,
+                          res[0]["replPropertyMetaData"][0])
+        lastsetmd = self.find_repl_meta_data(rpmd,
+                                             drsuapi.DRSUAPI_ATTID_pwdLastSet)
+        self.assertIsNotNone(lastsetmd)
+        self.assertEqual(lastsetmd.version, 1)
+        nthashmd = self.find_repl_meta_data(rpmd,
+                                            drsuapi.DRSUAPI_ATTID_unicodePwd)
+        self.assertIsNotNone(nthashmd)
+        self.assertEqual(nthashmd.version, 1)
+        nthistmd = self.find_repl_meta_data(rpmd,
+                                            drsuapi.DRSUAPI_ATTID_ntPwdHistory)
+        self.assertIsNotNone(nthistmd)
+        self.assertEqual(nthistmd.version, 1)
+        lmhashmd = self.find_repl_meta_data(rpmd,
+                                            drsuapi.DRSUAPI_ATTID_dBCSPwd)
+        self.assertIsNotNone(lmhashmd)
+        self.assertEqual(lmhashmd.version, 1)
+        lmhistmd = self.find_repl_meta_data(rpmd,
+                                            drsuapi.DRSUAPI_ATTID_lmPwdHistory)
+        self.assertIsNotNone(lmhistmd)
+        self.assertEqual(lmhistmd.version, 1)
+        spcbmd = self.find_repl_meta_data(rpmd,
+                                          drsuapi.DRSUAPI_ATTID_supplementalCredentials)
+        self.assertIsNotNone(spcbmd)
+        self.assertEqual(spcbmd.version, 1)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["userAccountControl"] = MessageElement(
+            str(UF_NORMAL_ACCOUNT |UF_SMARTCARD_REQUIRED),
+            FLAG_MOD_REPLACE, "userAccountControl")
+        ldb.modify(m)
+
+        res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                         scope=SCOPE_BASE,
+                         attrs=["sAMAccountType", "userAccountControl",
+                                "pwdLastSet", "msDS-KeyVersionNumber",
+                                "replPropertyMetaData"])
+        self.assertTrue(len(res) == 1)
+        self.assertEqual(int(res[0]["sAMAccountType"][0]),
+                         ATYPE_NORMAL_ACCOUNT)
+        self.assertEqual(int(res[0]["userAccountControl"][0]),
+                         UF_NORMAL_ACCOUNT |UF_SMARTCARD_REQUIRED)
+        self.assertEqual(int(res[0]["pwdLastSet"][0]), 0)
+        self.assertEqual(int(res[0]["msDS-KeyVersionNumber"][0]), 1)
+        self.assertTrue(len(res[0]["replPropertyMetaData"]) == 1)
+        rpmd = ndr_unpack(drsblobs.replPropertyMetaDataBlob,
+                          res[0]["replPropertyMetaData"][0])
+        lastsetmd = self.find_repl_meta_data(rpmd,
+                                             drsuapi.DRSUAPI_ATTID_pwdLastSet)
+        self.assertIsNotNone(lastsetmd)
+        self.assertEqual(lastsetmd.version, 1)
+        nthashmd = self.find_repl_meta_data(rpmd,
+                                            drsuapi.DRSUAPI_ATTID_unicodePwd)
+        self.assertIsNotNone(nthashmd)
+        self.assertEqual(nthashmd.version, 1)
+        nthistmd = self.find_repl_meta_data(rpmd,
+                                            drsuapi.DRSUAPI_ATTID_ntPwdHistory)
+        self.assertIsNotNone(nthistmd)
+        self.assertEqual(nthistmd.version, 1)
+        lmhashmd = self.find_repl_meta_data(rpmd,
+                                            drsuapi.DRSUAPI_ATTID_dBCSPwd)
+        self.assertIsNotNone(lmhashmd)
+        self.assertEqual(lmhashmd.version, 1)
+        lmhistmd = self.find_repl_meta_data(rpmd,
+                                            drsuapi.DRSUAPI_ATTID_lmPwdHistory)
+        self.assertIsNotNone(lmhistmd)
+        self.assertEqual(lmhistmd.version, 1)
+        spcbmd = self.find_repl_meta_data(rpmd,
+                                          drsuapi.DRSUAPI_ATTID_supplementalCredentials)
+        self.assertIsNotNone(spcbmd)
+        self.assertEqual(spcbmd.version, 1)
+
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+    def test_isCriticalSystemObject_user(self):
+        """Test the isCriticalSystemObject behaviour"""
+        print("Testing isCriticalSystemObject behaviour\n")
+
+        # Add tests (of a user)
+
+        ldb.add({
+            "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+            "objectclass": "user"})
+
+        res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["isCriticalSystemObject"])
+        self.assertTrue(len(res1) == 1)
+        self.assertTrue("isCriticalSystemObject" not in res1[0])
+
+        # Modification tests
+        m = Message()
+
+        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+        m["userAccountControl"] = MessageElement(str(UF_WORKSTATION_TRUST_ACCOUNT),
+                                                 FLAG_MOD_REPLACE, "userAccountControl")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["isCriticalSystemObject"])
+        self.assertTrue(len(res1) == 1)
+        self.assertTrue("isCriticalSystemObject" in res1[0])
+        self.assertEqual(str(res1[0]["isCriticalSystemObject"][0]), "FALSE")
+
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+    def test_isCriticalSystemObject(self):
+        """Test the isCriticalSystemObject behaviour"""
+        print("Testing isCriticalSystemObject behaviour\n")
+
+        # Add tests
+
+        ldb.add({
+            "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
+            "objectclass": "computer"})
+
+        res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["isCriticalSystemObject"])
+        self.assertTrue(len(res1) == 1)
+        self.assertTrue("isCriticalSystemObject" in res1[0])
+        self.assertEqual(str(res1[0]["isCriticalSystemObject"][0]), "FALSE")
+
+        delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+
+        ldb.add({
+            "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
+            "objectclass": "computer",
+            "userAccountControl": str(UF_WORKSTATION_TRUST_ACCOUNT)})
+
+        res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["isCriticalSystemObject"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(str(res1[0]["isCriticalSystemObject"][0]), "FALSE")
+
+        delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+
+        ldb.add({
+            "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
+            "objectclass": "computer",
+            "userAccountControl": str(UF_WORKSTATION_TRUST_ACCOUNT | UF_PARTIAL_SECRETS_ACCOUNT)})
+
+        res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["isCriticalSystemObject"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(str(res1[0]["isCriticalSystemObject"][0]), "TRUE")
+
+        delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+
+        ldb.add({
+            "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
+            "objectclass": "computer",
+            "userAccountControl": str(UF_SERVER_TRUST_ACCOUNT)})
+
+        res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["isCriticalSystemObject"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(str(res1[0]["isCriticalSystemObject"][0]), "TRUE")
+
+        # Modification tests
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["userAccountControl"] = MessageElement(str(UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD),
+                                                 FLAG_MOD_REPLACE, "userAccountControl")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["isCriticalSystemObject"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(str(res1[0]["isCriticalSystemObject"][0]), "TRUE")
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["userAccountControl"] = MessageElement(str(UF_WORKSTATION_TRUST_ACCOUNT),
+                                                 FLAG_MOD_REPLACE, "userAccountControl")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["isCriticalSystemObject"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(str(res1[0]["isCriticalSystemObject"][0]), "FALSE")
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["userAccountControl"] = MessageElement(
+            str(UF_WORKSTATION_TRUST_ACCOUNT | UF_PARTIAL_SECRETS_ACCOUNT),
+            FLAG_MOD_REPLACE, "userAccountControl")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["isCriticalSystemObject"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(str(res1[0]["isCriticalSystemObject"][0]), "TRUE")
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["userAccountControl"] = MessageElement(str(UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD),
+                                                 FLAG_MOD_REPLACE, "userAccountControl")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["isCriticalSystemObject"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(str(res1[0]["isCriticalSystemObject"][0]), "TRUE")
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["userAccountControl"] = MessageElement(str(UF_SERVER_TRUST_ACCOUNT),
+                                                 FLAG_MOD_REPLACE, "userAccountControl")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["isCriticalSystemObject"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(str(res1[0]["isCriticalSystemObject"][0]), "TRUE")
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["userAccountControl"] = MessageElement(str(UF_WORKSTATION_TRUST_ACCOUNT),
+                                                 FLAG_MOD_REPLACE, "userAccountControl")
+        ldb.modify(m)
+
+        res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                          scope=SCOPE_BASE,
+                          attrs=["isCriticalSystemObject"])
+        self.assertTrue(len(res1) == 1)
+        self.assertEqual(str(res1[0]["isCriticalSystemObject"][0]), "FALSE")
+
+        delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+
+    def test_service_principal_name_updates(self):
+        """Test the servicePrincipalNames update behaviour"""
+        print("Testing servicePrincipalNames update behaviour\n")
+
+        ldb.add({
+            "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
+            "objectclass": "computer",
+            "dNSHostName": "testname.testdom"})
+
+        res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["servicePrincipalName"])
+        self.assertTrue(len(res) == 1)
+        self.assertFalse("servicePrincipalName" in res[0])
+
+        delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+
+        ldb.add({
+            "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
+            "objectclass": "computer",
+            "servicePrincipalName": "HOST/testname.testdom"})
+
+        res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["dNSHostName"])
+        self.assertTrue(len(res) == 1)
+        self.assertFalse("dNSHostName" in res[0])
+
+        delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+
+        ldb.add({
+            "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
+            "objectclass": "computer",
+            "dNSHostName": "testname2.testdom",
+            "servicePrincipalName": "HOST/testname.testdom"})
+
+        res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["dNSHostName"])
+        self.assertTrue(len(res) == 1)
+        self.assertEqual(str(res[0]["dNSHostName"][0]), "testname2.testdom")
+
+        res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["servicePrincipalName"])
+        self.assertTrue(len(res) == 1)
+        self.assertEqual(str(res[0]["servicePrincipalName"][0]),
+                          "HOST/testname.testdom")
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["dNSHostName"] = MessageElement("testname.testdoM",
+                                          FLAG_MOD_REPLACE, "dNSHostName")
+        ldb.modify(m)
+
+        res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["servicePrincipalName"])
+        self.assertTrue(len(res) == 1)
+        self.assertEqual(str(res[0]["servicePrincipalName"][0]),
+                          "HOST/testname.testdom")
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["dNSHostName"] = MessageElement("testname2.testdom2",
+                                          FLAG_MOD_REPLACE, "dNSHostName")
+        ldb.modify(m)
+
+        res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["servicePrincipalName"])
+        self.assertTrue(len(res) == 1)
+        self.assertEqual(str(res[0]["servicePrincipalName"][0]),
+                          "HOST/testname2.testdom2")
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["dNSHostName"] = MessageElement([],
+                                          FLAG_MOD_DELETE, "dNSHostName")
+        ldb.modify(m)
+
+        res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["servicePrincipalName"])
+        self.assertTrue(len(res) == 1)
+        self.assertEqual(str(res[0]["servicePrincipalName"][0]),
+                          "HOST/testname2.testdom2")
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["dNSHostName"] = MessageElement("testname.testdom3",
+                                          FLAG_MOD_REPLACE, "dNSHostName")
+        ldb.modify(m)
+
+        res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["servicePrincipalName"])
+        self.assertTrue(len(res) == 1)
+        self.assertEqual(str(res[0]["servicePrincipalName"][0]),
+                          "HOST/testname2.testdom2")
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["dNSHostName"] = MessageElement("testname2.testdom2",
+                                          FLAG_MOD_REPLACE, "dNSHostName")
+        ldb.modify(m)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["dNSHostName"] = MessageElement("testname3.testdom3",
+                                          FLAG_MOD_REPLACE, "dNSHostName")
+        m["servicePrincipalName"] = MessageElement("HOST/testname2.testdom2",
+                                                   FLAG_MOD_REPLACE,
+                                                   "servicePrincipalName")
+        ldb.modify(m)
+
+        res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["servicePrincipalName"])
+        self.assertTrue(len(res) == 1)
+        self.assertEqual(str(res[0]["servicePrincipalName"][0]),
+                          "HOST/testname3.testdom3")
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["servicePrincipalName"] = MessageElement("HOST/testname2.testdom2",
+                                                   FLAG_MOD_REPLACE,
+                                                   "servicePrincipalName")
+        m["dNSHostName"] = MessageElement("testname4.testdom4",
+                                          FLAG_MOD_REPLACE, "dNSHostName")
+        ldb.modify(m)
+
+        res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["servicePrincipalName"])
+        self.assertTrue(len(res) == 1)
+        self.assertEqual(str(res[0]["servicePrincipalName"][0]),
+                          "HOST/testname2.testdom2")
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["servicePrincipalName"] = MessageElement([],
+                                                   FLAG_MOD_DELETE,
+                                                   "servicePrincipalName")
+        ldb.modify(m)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["dNSHostName"] = MessageElement("testname2.testdom2",
+                                          FLAG_MOD_REPLACE, "dNSHostName")
+        ldb.modify(m)
+
+        res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["servicePrincipalName"])
+        self.assertTrue(len(res) == 1)
+        self.assertFalse("servicePrincipalName" in res[0])
+
+        delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+
+        ldb.add({
+            "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
+            "objectclass": "computer",
+            "sAMAccountName": "testname$"})
+
+        res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["servicePrincipalName"])
+        self.assertTrue(len(res) == 1)
+        self.assertFalse("servicePrincipalName" in res[0])
+
+        delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+
+        ldb.add({
+            "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
+            "objectclass": "computer",
+            "servicePrincipalName": "HOST/testname"})
+
+        res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["sAMAccountName"])
+        self.assertTrue(len(res) == 1)
+        self.assertTrue("sAMAccountName" in res[0])
+
+        delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+
+        ldb.add({
+            "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
+            "objectclass": "computer",
+            "sAMAccountName": "testname$",
+            "servicePrincipalName": "HOST/testname"})
+
+        res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["sAMAccountName"])
+        self.assertTrue(len(res) == 1)
+        self.assertEqual(str(res[0]["sAMAccountName"][0]), "testname$")
+
+        res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["servicePrincipalName"])
+        self.assertTrue(len(res) == 1)
+        self.assertEqual(str(res[0]["servicePrincipalName"][0]),
+                          "HOST/testname")
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["sAMAccountName"] = MessageElement("testnamE$",
+                                             FLAG_MOD_REPLACE, "sAMAccountName")
+        ldb.modify(m)
+
+        res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["servicePrincipalName"])
+        self.assertTrue(len(res) == 1)
+        self.assertEqual(str(res[0]["servicePrincipalName"][0]),
+                          "HOST/testname")
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["sAMAccountName"] = MessageElement("testname",
+                                             FLAG_MOD_REPLACE, "sAMAccountName")
+        ldb.modify(m)
+
+        res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["servicePrincipalName"])
+        self.assertTrue(len(res) == 1)
+        self.assertEqual(str(res[0]["servicePrincipalName"][0]),
+                          "HOST/testname")
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["sAMAccountName"] = MessageElement("test$name$",
+                                             FLAG_MOD_REPLACE, "sAMAccountName")
+        ldb.modify(m)
+
+        res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["servicePrincipalName"])
+        self.assertTrue(len(res) == 1)
+        self.assertEqual(str(res[0]["servicePrincipalName"][0]),
+                          "HOST/test$name")
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["sAMAccountName"] = MessageElement("testname2",
+                                             FLAG_MOD_REPLACE, "sAMAccountName")
+        ldb.modify(m)
+
+        res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["servicePrincipalName"])
+        self.assertTrue(len(res) == 1)
+        self.assertEqual(str(res[0]["servicePrincipalName"][0]),
+                          "HOST/testname2")
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["sAMAccountName"] = MessageElement("testname3",
+                                             FLAG_MOD_REPLACE, "sAMAccountName")
+        m["servicePrincipalName"] = MessageElement("HOST/testname2",
+                                                   FLAG_MOD_REPLACE,
+                                                   "servicePrincipalName")
+        ldb.modify(m)
+
+        res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["servicePrincipalName"])
+        self.assertTrue(len(res) == 1)
+        self.assertEqual(str(res[0]["servicePrincipalName"][0]),
+                          "HOST/testname3")
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["servicePrincipalName"] = MessageElement("HOST/testname2",
+                                                   FLAG_MOD_REPLACE,
+                                                   "servicePrincipalName")
+        m["sAMAccountName"] = MessageElement("testname4",
+                                             FLAG_MOD_REPLACE, "sAMAccountName")
+        ldb.modify(m)
+
+        res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["servicePrincipalName"])
+        self.assertTrue(len(res) == 1)
+        self.assertEqual(str(res[0]["servicePrincipalName"][0]),
+                          "HOST/testname2")
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["servicePrincipalName"] = MessageElement([],
+                                                   FLAG_MOD_DELETE,
+                                                   "servicePrincipalName")
+        ldb.modify(m)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["sAMAccountName"] = MessageElement("testname2",
+                                             FLAG_MOD_REPLACE, "sAMAccountName")
+        ldb.modify(m)
+
+        res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["servicePrincipalName"])
+        self.assertTrue(len(res) == 1)
+        self.assertFalse("servicePrincipalName" in res[0])
+
+        delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+
+        ldb.add({
+            "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
+            "objectclass": "computer",
+            "dNSHostName": "testname.testdom",
+            "sAMAccountName": "testname$",
+            "servicePrincipalName": ["HOST/testname.testdom", "HOST/testname"]
+        })
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["dNSHostName"] = MessageElement("testname2.testdom",
+                                          FLAG_MOD_REPLACE, "dNSHostName")
+        m["sAMAccountName"] = MessageElement("testname2$",
+                                             FLAG_MOD_REPLACE, "sAMAccountName")
+        ldb.modify(m)
+
+        res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["dNSHostName", "sAMAccountName", "servicePrincipalName"])
+        self.assertTrue(len(res) == 1)
+        self.assertEqual(str(res[0]["dNSHostName"][0]), "testname2.testdom")
+        self.assertEqual(str(res[0]["sAMAccountName"][0]), "testname2$")
+        self.assertTrue(str(res[0]["servicePrincipalName"][0]) == "HOST/testname2" or
+                        str(res[0]["servicePrincipalName"][1]) == "HOST/testname2")
+        self.assertTrue(str(res[0]["servicePrincipalName"][0]) == "HOST/testname2.testdom" or
+                        str(res[0]["servicePrincipalName"][1]) == "HOST/testname2.testdom")
+
+        delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+
+        ldb.add({
+            "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
+            "objectclass": "computer",
+            "dNSHostName": "testname.testdom",
+            "sAMAccountName": "testname$",
+            "servicePrincipalName": ["HOST/testname.testdom", "HOST/testname"]
+        })
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["sAMAccountName"] = MessageElement("testname2$",
+                                             FLAG_MOD_REPLACE, "sAMAccountName")
+        m["dNSHostName"] = MessageElement("testname2.testdom",
+                                          FLAG_MOD_REPLACE, "dNSHostName")
+        ldb.modify(m)
+
+        res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["dNSHostName", "sAMAccountName", "servicePrincipalName"])
+        self.assertTrue(len(res) == 1)
+        self.assertEqual(str(res[0]["dNSHostName"][0]), "testname2.testdom")
+        self.assertEqual(str(res[0]["sAMAccountName"][0]), "testname2$")
+        self.assertTrue(len(res[0]["servicePrincipalName"]) == 2)
+        self.assertTrue("HOST/testname2" in [str(x) for x in res[0]["servicePrincipalName"]])
+        self.assertTrue("HOST/testname2.testdom" in [str(x) for x in res[0]["servicePrincipalName"]])
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["servicePrincipalName"] = MessageElement("HOST/testname2.testdom",
+                                                   FLAG_MOD_ADD, "servicePrincipalName")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e77:
+            (num, _) = e77.args
+            self.assertEqual(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["servicePrincipalName"] = MessageElement("HOST/testname3",
+                                                   FLAG_MOD_ADD, "servicePrincipalName")
+        ldb.modify(m)
+
+        res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["dNSHostName", "sAMAccountName", "servicePrincipalName"])
+        self.assertTrue(len(res) == 1)
+        self.assertEqual(str(res[0]["dNSHostName"][0]), "testname2.testdom")
+        self.assertEqual(str(res[0]["sAMAccountName"][0]), "testname2$")
+        self.assertTrue(len(res[0]["servicePrincipalName"]) == 3)
+        self.assertTrue("HOST/testname2" in [str(x) for x in res[0]["servicePrincipalName"]])
+        self.assertTrue("HOST/testname3" in [str(x) for x in res[0]["servicePrincipalName"]])
+        self.assertTrue("HOST/testname2.testdom" in [str(x) for x in res[0]["servicePrincipalName"]])
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        m["dNSHostName"] = MessageElement("testname3.testdom",
+                                          FLAG_MOD_REPLACE, "dNSHostName")
+        m["servicePrincipalName"] = MessageElement("HOST/testname3.testdom",
+                                                   FLAG_MOD_ADD, "servicePrincipalName")
+        ldb.modify(m)
+
+        res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["dNSHostName", "sAMAccountName", "servicePrincipalName"])
+        self.assertTrue(len(res) == 1)
+        self.assertEqual(str(res[0]["dNSHostName"][0]), "testname3.testdom")
+        self.assertEqual(str(res[0]["sAMAccountName"][0]), "testname2$")
+        self.assertTrue(len(res[0]["servicePrincipalName"]) == 3)
+        self.assertTrue("HOST/testname2" in [str(x) for x in res[0]["servicePrincipalName"]])
+        self.assertTrue("HOST/testname3" in [str(x) for x in res[0]["servicePrincipalName"]])
+        self.assertTrue("HOST/testname3.testdom" in [str(x) for x in res[0]["servicePrincipalName"]])
+
+        delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+
+    def test_service_principal_name_uniqueness(self):
+        """Test the servicePrincipalName uniqueness behaviour"""
+        print("Testing servicePrincipalName uniqueness behaviour")
+
+        ldb.add({
+            "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
+            "objectclass": "computer",
+            "servicePrincipalName": "HOST/testname.testdom"})
+
+        try:
+            ldb.add({
+                "dn": "cn=ldaptestcomputer2,cn=computers," + self.base_dn,
+                "objectclass": "computer",
+                "servicePrincipalName": "HOST/testname.testdom"})
+        except LdbError as e:
+            num, _ = e.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+        else:
+            self.fail()
+
+    def test_sam_description_attribute(self):
+        """Test SAM description attribute"""
+        print("Test SAM description attribute")
+
+        self.ldb.add({
+            "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+            "objectclass": "group",
+            "description": "desc1"
+        })
+
+        res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["description"])
+        self.assertTrue(len(res) == 1)
+        self.assertTrue("description" in res[0])
+        self.assertTrue(len(res[0]["description"]) == 1)
+        self.assertEqual(str(res[0]["description"][0]), "desc1")
+
+        delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+
+        self.ldb.add({
+            "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+            "objectclass": "group",
+            "description": ["desc1", "desc2"]})
+
+        res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["description"])
+        self.assertTrue(len(res) == 1)
+        self.assertTrue("description" in res[0])
+        self.assertTrue(len(res[0]["description"]) == 2)
+        self.assertTrue(str(res[0]["description"][0]) == "desc1" or
+                        str(res[0]["description"][1]) == "desc1")
+        self.assertTrue(str(res[0]["description"][0]) == "desc2" or
+                        str(res[0]["description"][1]) == "desc2")
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["description"] = MessageElement(["desc1", "desc2"], FLAG_MOD_REPLACE,
+                                          "description")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e78:
+            (num, _) = e78.args
+            self.assertEqual(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["description"] = MessageElement(["desc1", "desc2"], FLAG_MOD_DELETE,
+                                          "description")
+        ldb.modify(m)
+
+        delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+
+        self.ldb.add({
+            "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+            "objectclass": "group"})
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["description"] = MessageElement("desc1", FLAG_MOD_REPLACE,
+                                          "description")
+        ldb.modify(m)
+
+        res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["description"])
+        self.assertTrue(len(res) == 1)
+        self.assertTrue("description" in res[0])
+        self.assertTrue(len(res[0]["description"]) == 1)
+        self.assertEqual(str(res[0]["description"][0]), "desc1")
+
+        delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+
+        self.ldb.add({
+            "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+            "objectclass": "group",
+            "description": ["desc1", "desc2"]})
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["description"] = MessageElement("desc1", FLAG_MOD_REPLACE,
+                                          "description")
+        ldb.modify(m)
+
+        res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["description"])
+        self.assertTrue(len(res) == 1)
+        self.assertTrue("description" in res[0])
+        self.assertTrue(len(res[0]["description"]) == 1)
+        self.assertEqual(str(res[0]["description"][0]), "desc1")
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["description"] = MessageElement("desc3", FLAG_MOD_ADD,
+                                          "description")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e79:
+            (num, _) = e79.args
+            self.assertEqual(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["description"] = MessageElement(["desc1", "desc2"], FLAG_MOD_DELETE,
+                                          "description")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e80:
+            (num, _) = e80.args
+            self.assertEqual(num, ERR_NO_SUCH_ATTRIBUTE)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["description"] = MessageElement("desc1", FLAG_MOD_DELETE,
+                                          "description")
+        ldb.modify(m)
+        res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["description"])
+        self.assertTrue(len(res) == 1)
+        self.assertFalse("description" in res[0])
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["description"] = MessageElement(["desc1", "desc2"], FLAG_MOD_REPLACE,
+                                          "description")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e81:
+            (num, _) = e81.args
+            self.assertEqual(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["description"] = MessageElement(["desc3", "desc4"], FLAG_MOD_ADD,
+                                          "description")
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e82:
+            (num, _) = e82.args
+            self.assertEqual(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m["description"] = MessageElement("desc1", FLAG_MOD_ADD,
+                                          "description")
+        ldb.modify(m)
+
+        res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["description"])
+        self.assertTrue(len(res) == 1)
+        self.assertTrue("description" in res[0])
+        self.assertTrue(len(res[0]["description"]) == 1)
+        self.assertEqual(str(res[0]["description"][0]), "desc1")
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m.add(MessageElement("desc1", FLAG_MOD_DELETE, "description"))
+        m.add(MessageElement("desc2", FLAG_MOD_ADD, "description"))
+        ldb.modify(m)
+
+        res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                         scope=SCOPE_BASE, attrs=["description"])
+        self.assertTrue(len(res) == 1)
+        self.assertTrue("description" in res[0])
+        self.assertTrue(len(res[0]["description"]) == 1)
+        self.assertEqual(str(res[0]["description"][0]), "desc2")
+
+        delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+
+    def test_fSMORoleOwner_attribute(self):
+        """Test fSMORoleOwner attribute"""
+        print("Test fSMORoleOwner attribute")
+
+        ds_service_name = self.ldb.get_dsServiceName()
+
+        # The "fSMORoleOwner" attribute can only be set to "nTDSDSA" entries,
+        # invalid DNs return ERR_UNWILLING_TO_PERFORM
+
+        try:
+            self.ldb.add({
+                "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+                "objectclass": "group",
+                "fSMORoleOwner": self.base_dn})
+            self.fail()
+        except LdbError as e83:
+            (num, _) = e83.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        try:
+            self.ldb.add({
+                "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+                "objectclass": "group",
+                "fSMORoleOwner": []})
+            self.fail()
+        except LdbError as e84:
+            (num, _) = e84.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+
+        # We are able to set it to a valid "nTDSDSA" entry if the server is
+        # capable of handling the role
+
+        self.ldb.add({
+            "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+            "objectclass": "group",
+            "fSMORoleOwner": ds_service_name})
+
+        delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+
+        self.ldb.add({
+            "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+            "objectclass": "group"})
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m.add(MessageElement(self.base_dn, FLAG_MOD_REPLACE, "fSMORoleOwner"))
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e85:
+            (num, _) = e85.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m.add(MessageElement([], FLAG_MOD_REPLACE, "fSMORoleOwner"))
+        try:
+            ldb.modify(m)
+            self.fail()
+        except LdbError as e86:
+            (num, _) = e86.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+        # We are able to set it to a valid "nTDSDSA" entry if the server is
+        # capable of handling the role
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m.add(MessageElement(ds_service_name, FLAG_MOD_REPLACE, "fSMORoleOwner"))
+        ldb.modify(m)
+
+        # A clean-out works on plain entries, not master (schema, PDC...) DNs
+
+        m = Message()
+        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        m.add(MessageElement([], FLAG_MOD_DELETE, "fSMORoleOwner"))
+        ldb.modify(m)
+
+        delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+
+    def test_protected_sid_objects(self):
+        """Test deletion of objects with RID < 1000"""
+        # a list of some well-known sids
+        # objects in Builtin are already covered by objectclass
+        protected_list = [
+            ["CN=Domain Admins", "CN=Users,"],
+            ["CN=Schema Admins", "CN=Users,"],
+            ["CN=Enterprise Admins", "CN=Users,"],
+            ["CN=Administrator", "CN=Users,"],
+            ["CN=Domain Controllers", "CN=Users,"],
+            ["CN=Protected Users", "CN=Users,"],
+        ]
+
+        for pr_object in protected_list:
+            try:
+                self.ldb.delete(pr_object[0] + "," + pr_object[1] + self.base_dn)
+            except LdbError as e7:
+                (num, _) = e7.args
+                self.assertEqual(num, ERR_OTHER)
+            else:
+                self.fail("Deleted " + pr_object[0])
+
+            try:
+                self.ldb.rename(pr_object[0] + "," + pr_object[1] + self.base_dn,
+                                pr_object[0] + "2," + pr_object[1] + self.base_dn)
+            except LdbError as e8:
+                (num, _) = e8.args
+                self.fail("Could not rename " + pr_object[0])
+
+            self.ldb.rename(pr_object[0] + "2," + pr_object[1] + self.base_dn,
+                            pr_object[0] + "," + pr_object[1] + self.base_dn)
+
+    def test_new_user_default_attributes(self):
+        """Test default attributes for new user objects"""
+        print("Test default attributes for new User objects\n")
+
+        user_name = "ldaptestuser"
+        user_dn = "CN=%s,CN=Users,%s" % (user_name, self.base_dn)
+        ldb.add({
+            "dn": user_dn,
+            "objectclass": "user",
+            "sAMAccountName": user_name})
+
+        res = ldb.search(user_dn, scope=SCOPE_BASE)
+        self.assertTrue(len(res) == 1)
+        user_obj = res[0]
+
+        expected_attrs = {"primaryGroupID": MessageElement(["513"]),
+                          "logonCount": MessageElement(["0"]),
+                          "cn": MessageElement([user_name]),
+                          "countryCode": MessageElement(["0"]),
+                          "objectClass": MessageElement(["top", "person", "organizationalPerson", "user"]),
+                          "instanceType": MessageElement(["4"]),
+                          "distinguishedName": MessageElement([user_dn]),
+                          "sAMAccountType": MessageElement(["805306368"]),
+                          "objectSid": "**SKIP**",
+                          "whenCreated": "**SKIP**",
+                          "uSNCreated": "**SKIP**",
+                          "badPasswordTime": MessageElement(["0"]),
+                          "dn": Dn(ldb, user_dn),
+                          "pwdLastSet": MessageElement(["0"]),
+                          "sAMAccountName": MessageElement([user_name]),
+                          "objectCategory": MessageElement(["CN=Person,%s" % ldb.get_schema_basedn().get_linearized()]),
+                          "objectGUID": "**SKIP**",
+                          "whenChanged": "**SKIP**",
+                          "badPwdCount": MessageElement(["0"]),
+                          "accountExpires": MessageElement(["9223372036854775807"]),
+                          "name": MessageElement([user_name]),
+                          "codePage": MessageElement(["0"]),
+                          "userAccountControl": MessageElement(["546"]),
+                          "lastLogon": MessageElement(["0"]),
+                          "uSNChanged": "**SKIP**",
+                          "lastLogoff": MessageElement(["0"])}
+        # assert we have expected attribute names
+        actual_names = set(user_obj.keys())
+        # Samba does not use 'dSCorePropagationData', so skip it
+        actual_names -= set(['dSCorePropagationData'])
+        self.assertEqual(set(expected_attrs.keys()), actual_names, "Actual object does not have expected attributes")
+        # check attribute values
+        for name in expected_attrs.keys():
+            actual_val = user_obj.get(name)
+            self.assertFalse(actual_val is None, "No value for attribute '%s'" % name)
+            expected_val = expected_attrs[name]
+            if expected_val == "**SKIP**":
+                # "**ANY**" values means "any"
+                continue
+            self.assertEqual(expected_val, actual_val,
+                             "Unexpected value[%r] for '%s' expected[%r]" %
+                             (actual_val, name, expected_val))
+        # clean up
+        delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+
+if "://" not in host:
+    if os.path.isfile(host):
+        host = "tdb://%s" % host
+    else:
+        host = "ldap://%s" % host
+
+ldb = SamDB(host, credentials=creds, session_info=system_session(lp), lp=lp)
+
+TestProgram(module=__name__, opts=subunitopts)
diff --git a/source4/dsdb/tests/python/sec_descriptor.py b/source4/dsdb/tests/python/sec_descriptor.py
new file mode 100755
index 0000000..1f22b2b
--- /dev/null
+++ b/source4/dsdb/tests/python/sec_descriptor.py
@@ -0,0 +1,2705 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+import optparse
+import sys
+import os
+import base64
+import re
+import random
+
+sys.path.insert(0, "bin/python")
+import samba
+
+from samba.tests.subunitrun import SubunitOptions, TestProgram
+
+import samba.getopt as options
+
+# Some error messages that are being tested
+from ldb import SCOPE_SUBTREE, SCOPE_BASE, LdbError, ERR_NO_SUCH_OBJECT
+
+# For running the test unit
+from samba.ndr import ndr_pack, ndr_unpack
+from samba.dcerpc import security
+
+from samba import gensec, sd_utils
+from samba.samdb import SamDB
+from samba.credentials import Credentials, DONT_USE_KERBEROS
+from samba.auth import system_session
+from samba.dsdb import DS_DOMAIN_FUNCTION_2008
+from samba.dcerpc.security import (
+    SECINFO_OWNER, SECINFO_GROUP, SECINFO_DACL, SECINFO_SACL)
+import samba.tests
+from samba.tests import delete_force
+
+parser = optparse.OptionParser("sec_descriptor.py [options] <host>")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+subunitopts = SubunitOptions(parser)
+parser.add_option_group(subunitopts)
+
+opts, args = parser.parse_args()
+
+if len(args) < 1:
+    parser.print_usage()
+    sys.exit(1)
+
+host = args[0]
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
+
+#
+# Tests start here
+#
+
+
+class DescriptorTests(samba.tests.TestCase):
+
+    def get_users_domain_dn(self, name):
+        return "CN=%s,CN=Users,%s" % (name, self.base_dn)
+
+    def create_schema_class(self, _ldb, desc=None):
+        while True:
+            class_id = random.randint(0, 65535)
+            class_name = "descriptor-test-class%s" % class_id
+            class_dn = "CN=%s,%s" % (class_name, self.schema_dn)
+            try:
+                self.ldb_admin.search(base=class_dn, attrs=["name"])
+            except LdbError as e:
+                (num, _) = e.args
+                self.assertEqual(num, ERR_NO_SUCH_OBJECT)
+                break
+
+        ldif = """
+dn: """ + class_dn + """
+objectClass: classSchema
+objectCategory: CN=Class-Schema,""" + self.schema_dn + """
+defaultObjectCategory: """ + class_dn + """
+governsId: 1.3.6.1.4.1.7165.4.6.2.3.""" + str(class_id) + """
+instanceType: 4
+objectClassCategory: 1
+subClassOf: organizationalPerson
+systemFlags: 16
+rDNAttID: cn
+systemMustContain: cn
+systemOnly: FALSE
+"""
+        if desc:
+            assert(isinstance(desc, str) or isinstance(desc, security.descriptor))
+            if isinstance(desc, str):
+                ldif += "nTSecurityDescriptor: %s" % desc
+            elif isinstance(desc, security.descriptor):
+                ldif += "nTSecurityDescriptor:: %s" % base64.b64encode(ndr_pack(desc)).decode('utf8')
+        _ldb.add_ldif(ldif)
+        return class_dn
+
+    def create_configuration_container(self, _ldb, object_dn, desc=None):
+        ldif = """
+dn: """ + object_dn + """
+objectClass: container
+objectCategory: CN=Container,""" + self.schema_dn + """
+showInAdvancedViewOnly: TRUE
+instanceType: 4
+"""
+        if desc:
+            assert(isinstance(desc, str) or isinstance(desc, security.descriptor))
+            if isinstance(desc, str):
+                ldif += "nTSecurityDescriptor: %s" % desc
+            elif isinstance(desc, security.descriptor):
+                ldif += "nTSecurityDescriptor:: %s" % base64.b64encode(ndr_pack(desc)).decode('utf8')
+        _ldb.add_ldif(ldif)
+
+    def create_configuration_specifier(self, _ldb, object_dn, desc=None):
+        ldif = """
+dn: """ + object_dn + """
+objectClass: displaySpecifier
+showInAdvancedViewOnly: TRUE
+"""
+        if desc:
+            assert(isinstance(desc, str) or isinstance(desc, security.descriptor))
+            if isinstance(desc, str):
+                ldif += "nTSecurityDescriptor: %s" % desc
+            elif isinstance(desc, security.descriptor):
+                ldif += "nTSecurityDescriptor:: %s" % base64.b64encode(ndr_pack(desc)).decode('utf8')
+        _ldb.add_ldif(ldif)
+
+    def get_ldb_connection(self, target_username, target_password):
+        creds_tmp = Credentials()
+        creds_tmp.set_username(target_username)
+        creds_tmp.set_password(target_password)
+        creds_tmp.set_domain(creds.get_domain())
+        creds_tmp.set_realm(creds.get_realm())
+        creds_tmp.set_workstation(creds.get_workstation())
+        creds_tmp.set_gensec_features(creds_tmp.get_gensec_features()
+                                      | gensec.FEATURE_SEAL)
+        creds_tmp.set_kerberos_state(DONT_USE_KERBEROS)  # kinit is too expensive to use in a tight loop
+        ldb_target = SamDB(url=host, credentials=creds_tmp, lp=lp)
+        return ldb_target
+
+    def setUp(self):
+        super(DescriptorTests, self).setUp()
+        self.ldb_admin = SamDB(host, credentials=creds, session_info=system_session(lp), lp=lp,
+                               options=ldb_options)
+        self.base_dn = self.ldb_admin.domain_dn()
+        self.configuration_dn = self.ldb_admin.get_config_basedn().get_linearized()
+        self.schema_dn = self.ldb_admin.get_schema_basedn().get_linearized()
+        self.domain_sid = security.dom_sid(self.ldb_admin.get_domain_sid())
+        self.sd_utils = sd_utils.SDUtils(self.ldb_admin)
+        self.addCleanup(self.delete_admin_connection)
+        print("baseDN: %s" % self.base_dn)
+
+    def delete_admin_connection(self):
+        del self.sd_utils
+        del self.ldb_admin
+
+    ################################################################################################
+
+    # Tests for DOMAIN
+
+    # Default descriptor tests #####################################################################
+
+
+class OwnerGroupDescriptorTests(DescriptorTests):
+
+    def deleteAll(self):
+        delete_force(self.ldb_admin, self.get_users_domain_dn("testuser1"))
+        delete_force(self.ldb_admin, self.get_users_domain_dn("testuser2"))
+        delete_force(self.ldb_admin, self.get_users_domain_dn("testuser3"))
+        delete_force(self.ldb_admin, self.get_users_domain_dn("testuser4"))
+        delete_force(self.ldb_admin, self.get_users_domain_dn("testuser5"))
+        delete_force(self.ldb_admin, self.get_users_domain_dn("testuser6"))
+        delete_force(self.ldb_admin, self.get_users_domain_dn("testuser7"))
+        delete_force(self.ldb_admin, self.get_users_domain_dn("testuser8"))
+        # DOMAIN
+        delete_force(self.ldb_admin, self.get_users_domain_dn("test_domain_group1"))
+        delete_force(self.ldb_admin, "CN=test_domain_user1,OU=test_domain_ou1," + self.base_dn)
+        delete_force(self.ldb_admin, "OU=test_domain_ou2,OU=test_domain_ou1," + self.base_dn)
+        delete_force(self.ldb_admin, "OU=test_domain_ou1," + self.base_dn)
+        # SCHEMA
+        mod = "(A;CI;WDCC;;;AU)(A;;CC;;;AU)"
+        self.sd_utils.dacl_delete_aces(self.schema_dn, mod)
+        # CONFIGURATION
+        delete_force(self.ldb_admin, "CN=test-specifier1,CN=test-container1,CN=DisplaySpecifiers,"
+                     + self.configuration_dn)
+        delete_force(self.ldb_admin, "CN=test-container1,CN=DisplaySpecifiers," + self.configuration_dn)
+
+    def setUp(self):
+        super(OwnerGroupDescriptorTests, self).setUp()
+        self.deleteAll()
+        # Create users
+        # User 1 - Enterprise Admins
+        self.ldb_admin.newuser("testuser1", "samba123@")
+        # User 2 - Domain Admins
+        self.ldb_admin.newuser("testuser2", "samba123@")
+        # User 3 - Schema Admins
+        self.ldb_admin.newuser("testuser3", "samba123@")
+        # User 4 - regular user
+        self.ldb_admin.newuser("testuser4", "samba123@")
+        # User 5 - Enterprise Admins and Domain Admins
+        self.ldb_admin.newuser("testuser5", "samba123@")
+        # User 6 - Enterprise Admins, Domain Admins, Schema Admins
+        self.ldb_admin.newuser("testuser6", "samba123@")
+        # User 7 - Domain Admins and Schema Admins
+        self.ldb_admin.newuser("testuser7", "samba123@")
+        # User 5 - Enterprise Admins and Schema Admins
+        self.ldb_admin.newuser("testuser8", "samba123@")
+
+        self.ldb_admin.add_remove_group_members("Enterprise Admins",
+                                                ["testuser1", "testuser5", "testuser6", "testuser8"],
+                                                add_members_operation=True)
+        self.ldb_admin.add_remove_group_members("Domain Admins",
+                                                ["testuser2", "testuser5", "testuser6", "testuser7"],
+                                                add_members_operation=True)
+        self.ldb_admin.add_remove_group_members("Schema Admins",
+                                                ["testuser3", "testuser6", "testuser7", "testuser8"],
+                                                add_members_operation=True)
+
+        self.results = {
+            # msDS-Behavior-Version < DS_DOMAIN_FUNCTION_2008
+            "ds_behavior_win2003": {
+                "100": "O:EAG:DU",
+                "101": "O:DAG:DU",
+                "102": "O:%sG:DU",
+                "103": "O:%sG:DU",
+                "104": "O:DAG:DU",
+                "105": "O:DAG:DU",
+                "106": "O:DAG:DU",
+                "107": "O:EAG:DU",
+                "108": "O:DAG:DA",
+                "109": "O:DAG:DA",
+                "110": "O:%sG:DA",
+                "111": "O:%sG:DA",
+                "112": "O:DAG:DA",
+                "113": "O:DAG:DA",
+                "114": "O:DAG:DA",
+                "115": "O:DAG:DA",
+                "130": "O:EAG:DU",
+                "131": "O:DAG:DU",
+                "132": "O:SAG:DU",
+                "133": "O:%sG:DU",
+                "134": "O:EAG:DU",
+                "135": "O:SAG:DU",
+                "136": "O:SAG:DU",
+                "137": "O:SAG:DU",
+                "138": "O:DAG:DA",
+                "139": "O:DAG:DA",
+                "140": "O:%sG:DA",
+                "141": "O:%sG:DA",
+                "142": "O:DAG:DA",
+                "143": "O:DAG:DA",
+                "144": "O:DAG:DA",
+                "145": "O:DAG:DA",
+                "160": "O:EAG:DU",
+                "161": "O:DAG:DU",
+                "162": "O:%sG:DU",
+                "163": "O:%sG:DU",
+                "164": "O:EAG:DU",
+                "165": "O:EAG:DU",
+                "166": "O:DAG:DU",
+                "167": "O:EAG:DU",
+                "168": "O:DAG:DA",
+                "169": "O:DAG:DA",
+                "170": "O:%sG:DA",
+                "171": "O:%sG:DA",
+                "172": "O:DAG:DA",
+                "173": "O:DAG:DA",
+                "174": "O:DAG:DA",
+                "175": "O:DAG:DA",
+            },
+            # msDS-Behavior-Version >= DS_DOMAIN_FUNCTION_2008
+            "ds_behavior_win2008": {
+                "100": "O:EAG:EA",
+                "101": "O:DAG:DA",
+                "102": "O:%sG:DU",
+                "103": "O:%sG:DU",
+                "104": "O:DAG:DA",
+                "105": "O:DAG:DA",
+                "106": "O:DAG:DA",
+                "107": "O:EAG:EA",
+                "108": "O:DAG:DA",
+                "109": "O:DAG:DA",
+                "110": "O:%sG:DA",
+                "111": "O:%sG:DA",
+                "112": "O:DAG:DA",
+                "113": "O:DAG:DA",
+                "114": "O:DAG:DA",
+                "115": "O:DAG:DA",
+                "130": "O:EAG:EA",
+                "131": "O:DAG:DA",
+                "132": "O:SAG:SA",
+                "133": "O:%sG:DU",
+                "134": "O:EAG:EA",
+                "135": "O:SAG:SA",
+                "136": "O:SAG:SA",
+                "137": "O:SAG:SA",
+                "138": "",
+                "139": "",
+                "140": "O:%sG:DA",
+                "141": "O:%sG:DA",
+                "142": "",
+                "143": "",
+                "144": "",
+                "145": "",
+                "160": "O:EAG:EA",
+                "161": "O:DAG:DA",
+                "162": "O:%sG:DU",
+                "163": "O:%sG:DU",
+                "164": "O:EAG:EA",
+                "165": "O:EAG:EA",
+                "166": "O:DAG:DA",
+                "167": "O:EAG:EA",
+                "168": "O:DAG:DA",
+                "169": "O:DAG:DA",
+                "170": "O:%sG:DA",
+                "171": "O:%sG:DA",
+                "172": "O:DAG:DA",
+                "173": "O:DAG:DA",
+                "174": "O:DAG:DA",
+                "175": "O:DAG:DA",
+            },
+        }
+        # Discover 'domainControllerFunctionality'
+        res = self.ldb_admin.search(base="", scope=SCOPE_BASE,
+                                    attrs=['domainControllerFunctionality'])
+        res = int(res[0]['domainControllerFunctionality'][0])
+        if res < DS_DOMAIN_FUNCTION_2008:
+            self.DS_BEHAVIOR = "ds_behavior_win2003"
+        else:
+            self.DS_BEHAVIOR = "ds_behavior_win2008"
+
+    def tearDown(self):
+        super(OwnerGroupDescriptorTests, self).tearDown()
+        self.deleteAll()
+
+    def check_user_belongs(self, user_dn, groups=None):
+        """ Test whether user is member of the expected group(s) """
+        if groups is None:
+            groups = []
+
+        if groups != []:
+            # User is member of at least one additional group
+            res = self.ldb_admin.search(user_dn, attrs=["memberOf"])
+            res = [str(x).upper() for x in sorted(list(res[0]["memberOf"]))]
+            expected = []
+            for x in groups:
+                expected.append(self.get_users_domain_dn(x))
+            expected = [x.upper() for x in sorted(expected)]
+            self.assertEqual(expected, res)
+        else:
+            # User is not a member of any additional groups but default
+            res = self.ldb_admin.search(user_dn, attrs=["*"])
+            res = [x.upper() for x in res[0].keys()]
+            self.assertNotIn("MEMBEROF", res)
+
+    def check_modify_inheritance(self, _ldb, object_dn, owner_group=""):
+        # Modify
+        sd_user_utils = sd_utils.SDUtils(_ldb)
+        ace = "(D;;CC;;;LG)"  # Deny Create Children to Guest account
+        if owner_group != "":
+            sd_user_utils.modify_sd_on_dn(object_dn, owner_group + "D:" + ace)
+        else:
+            sd_user_utils.modify_sd_on_dn(object_dn, "D:" + ace)
+        # Make sure the modify operation has been applied
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        self.assertIn(ace, desc_sddl)
+        # Make sure we have identical result for both "add" and "modify"
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        print(self._testMethodName)
+        test_number = self._testMethodName[5:]
+        self.assertEqual(self.results[self.DS_BEHAVIOR][test_number], res)
+
+    def test_100(self):
+        """ Enterprise admin group member creates object (default nTSecurityDescriptor) in DOMAIN
+        """
+        user_name = "testuser1"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Enterprise Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        object_dn = "CN=test_domain_group1,CN=Users," + self.base_dn
+        delete_force(self.ldb_admin, object_dn)
+        _ldb.newgroup("test_domain_group1", grouptype=4)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]], res)
+        self.check_modify_inheritance(_ldb, object_dn)
+
+    def test_101(self):
+        """ Domain admin group member creates object (default nTSecurityDescriptor) in DOMAIN
+        """
+        user_name = "testuser2"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Domain Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        object_dn = "CN=test_domain_group1,CN=Users," + self.base_dn
+        delete_force(self.ldb_admin, object_dn)
+        _ldb.newgroup("test_domain_group1", grouptype=4)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]], res)
+        self.check_modify_inheritance(_ldb, object_dn)
+
+    def test_102(self):
+        """ Schema admin group member with CC right creates object (default nTSecurityDescriptor) in DOMAIN
+        """
+        user_name = "testuser3"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Schema Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        object_dn = "OU=test_domain_ou1," + self.base_dn
+        delete_force(self.ldb_admin, object_dn)
+        self.ldb_admin.create_ou(object_dn)
+        user_sid = self.sd_utils.get_object_sid(self.get_users_domain_dn(user_name))
+        mod = "(A;CI;WPWDCC;;;%s)" % str(user_sid)
+        self.sd_utils.dacl_add_ace(object_dn, mod)
+        # Create additional object into the first one
+        object_dn = "CN=test_domain_user1," + object_dn
+        delete_force(self.ldb_admin, object_dn)
+        _ldb.newuser("test_domain_user1", "samba123@",
+                     userou="OU=test_domain_ou1", setpassword=False)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]] % str(user_sid), res)
+        # This fails, research why
+        #self.check_modify_inheritance(_ldb, object_dn)
+
+    def test_103(self):
+        """ Regular user with CC right creates object (default nTSecurityDescriptor) in DOMAIN
+        """
+        user_name = "testuser4"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), [])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        object_dn = "OU=test_domain_ou1," + self.base_dn
+        delete_force(self.ldb_admin, object_dn)
+        self.ldb_admin.create_ou(object_dn)
+        user_sid = self.sd_utils.get_object_sid(self.get_users_domain_dn(user_name))
+        mod = "(A;CI;WPWDCC;;;%s)" % str(user_sid)
+        self.sd_utils.dacl_add_ace(object_dn, mod)
+        # Create additional object into the first one
+        object_dn = "CN=test_domain_user1," + object_dn
+        delete_force(self.ldb_admin, object_dn)
+        _ldb.newuser("test_domain_user1", "samba123@",
+                     userou="OU=test_domain_ou1", setpassword=False)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]] % str(user_sid), res)
+        # this fails, research why
+        #self.check_modify_inheritance(_ldb, object_dn)
+
+    def test_104(self):
+        """ Enterprise & Domain admin group member creates object (default nTSecurityDescriptor) in DOMAIN
+        """
+        user_name = "testuser5"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Enterprise Admins", "Domain Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        object_dn = "CN=test_domain_group1,CN=Users," + self.base_dn
+        delete_force(self.ldb_admin, object_dn)
+        _ldb.newgroup("test_domain_group1", grouptype=4)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]], res)
+        self.check_modify_inheritance(_ldb, object_dn)
+
+    def test_105(self):
+        """ Enterprise & Domain & Schema admin group member creates object (default nTSecurityDescriptor) in DOMAIN
+        """
+        user_name = "testuser6"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Enterprise Admins", "Domain Admins", "Schema Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        object_dn = "CN=test_domain_group1,CN=Users," + self.base_dn
+        delete_force(self.ldb_admin, object_dn)
+        _ldb.newgroup("test_domain_group1", grouptype=4)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]], res)
+        self.check_modify_inheritance(_ldb, object_dn)
+
+    def test_106(self):
+        """ Domain & Schema admin group member creates object (default nTSecurityDescriptor) in DOMAIN
+        """
+        user_name = "testuser7"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Domain Admins", "Schema Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        object_dn = "CN=test_domain_group1,CN=Users," + self.base_dn
+        delete_force(self.ldb_admin, object_dn)
+        _ldb.newgroup("test_domain_group1", grouptype=4)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]], res)
+        self.check_modify_inheritance(_ldb, object_dn)
+
+    def test_107(self):
+        """ Enterprise & Schema admin group member creates object (default nTSecurityDescriptor) in DOMAIN
+        """
+        user_name = "testuser8"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Enterprise Admins", "Schema Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        object_dn = "CN=test_domain_group1,CN=Users," + self.base_dn
+        delete_force(self.ldb_admin, object_dn)
+        _ldb.newgroup("test_domain_group1", grouptype=4)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]], res)
+        self.check_modify_inheritance(_ldb, object_dn)
+
+    # Control descriptor tests #####################################################################
+
+    def test_108(self):
+        """ Enterprise admin group member creates object (custom descriptor) in DOMAIN
+        """
+        user_name = "testuser1"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Enterprise Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        object_dn = "CN=test_domain_group1,CN=Users," + self.base_dn
+        delete_force(self.ldb_admin, object_dn)
+        # Create a custom security descriptor
+        sddl = "O:DAG:DAD:(A;;RP;;;DU)"
+        tmp_desc = security.descriptor.from_sddl(sddl, self.domain_sid)
+        _ldb.newgroup("test_domain_group1", grouptype=4, sd=tmp_desc)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]], res)
+
+    def test_109(self):
+        """ Domain admin group member creates object (custom descriptor) in DOMAIN
+        """
+        user_name = "testuser2"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Domain Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        object_dn = "CN=test_domain_group1,CN=Users," + self.base_dn
+        delete_force(self.ldb_admin, object_dn)
+        # Create a custom security descriptor
+        sddl = "O:DAG:DAD:(A;;RP;;;DU)"
+        tmp_desc = security.descriptor.from_sddl(sddl, self.domain_sid)
+        _ldb.newgroup("test_domain_group1", grouptype=4, sd=tmp_desc)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]], res)
+
+    def test_110(self):
+        """ Schema admin group member with CC right creates object (custom descriptor) in DOMAIN
+        """
+        user_name = "testuser3"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Schema Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        object_dn = "OU=test_domain_ou1," + self.base_dn
+        delete_force(self.ldb_admin, object_dn)
+        self.ldb_admin.create_ou(object_dn)
+        user_sid = self.sd_utils.get_object_sid(self.get_users_domain_dn(user_name))
+        mod = "(A;CI;WOWDCC;;;%s)" % str(user_sid)
+        self.sd_utils.dacl_add_ace(object_dn, mod)
+        # Create a custom security descriptor
+        # NB! Problematic owner part won't accept DA only <User Sid> !!!
+        sddl = "O:%sG:DAD:(A;;RP;;;DU)" % str(user_sid)
+        tmp_desc = security.descriptor.from_sddl(sddl, self.domain_sid)
+        # Create additional object into the first one
+        object_dn = "CN=test_domain_user1," + object_dn
+        delete_force(self.ldb_admin, object_dn)
+        _ldb.newuser("test_domain_user1", "samba123@",
+                     userou="OU=test_domain_ou1", sd=tmp_desc, setpassword=False)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]] % str(user_sid), res)
+
+    def test_111(self):
+        """ Regular user with CC right creates object (custom descriptor) in DOMAIN
+        """
+        user_name = "testuser4"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), [])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        object_dn = "OU=test_domain_ou1," + self.base_dn
+        delete_force(self.ldb_admin, object_dn)
+        self.ldb_admin.create_ou(object_dn)
+        user_sid = self.sd_utils.get_object_sid(self.get_users_domain_dn(user_name))
+        mod = "(A;CI;WOWDCC;;;%s)" % str(user_sid)
+        self.sd_utils.dacl_add_ace(object_dn, mod)
+        # Create a custom security descriptor
+        # NB! Problematic owner part won't accept DA only <User Sid> !!!
+        sddl = "O:%sG:DAD:(A;;RP;;;DU)" % str(user_sid)
+        tmp_desc = security.descriptor.from_sddl(sddl, self.domain_sid)
+        # Create additional object into the first one
+        object_dn = "CN=test_domain_user1," + object_dn
+        delete_force(self.ldb_admin, object_dn)
+        _ldb.newuser("test_domain_user1", "samba123@",
+                     userou="OU=test_domain_ou1", sd=tmp_desc, setpassword=False)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]] % str(user_sid), res)
+
+    def test_112(self):
+        """ Domain & Enterprise admin group member creates object (custom descriptor) in DOMAIN
+        """
+        user_name = "testuser5"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Enterprise Admins", "Domain Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        object_dn = "CN=test_domain_group1,CN=Users," + self.base_dn
+        delete_force(self.ldb_admin, object_dn)
+        # Create a custom security descriptor
+        sddl = "O:DAG:DAD:(A;;RP;;;DU)"
+        tmp_desc = security.descriptor.from_sddl(sddl, self.domain_sid)
+        _ldb.newgroup("test_domain_group1", grouptype=4, sd=tmp_desc)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]], res)
+
+    def test_113(self):
+        """ Domain & Enterprise & Schema admin group  member creates object (custom descriptor) in DOMAIN
+        """
+        user_name = "testuser6"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Enterprise Admins", "Domain Admins", "Schema Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        object_dn = "CN=test_domain_group1,CN=Users," + self.base_dn
+        delete_force(self.ldb_admin, object_dn)
+        # Create a custom security descriptor
+        sddl = "O:DAG:DAD:(A;;RP;;;DU)"
+        tmp_desc = security.descriptor.from_sddl(sddl, self.domain_sid)
+        _ldb.newgroup("test_domain_group1", grouptype=4, sd=tmp_desc)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]], res)
+
+    def test_114(self):
+        """ Domain & Schema admin group  member creates object (custom descriptor) in DOMAIN
+        """
+        user_name = "testuser7"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Domain Admins", "Schema Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        object_dn = "CN=test_domain_group1,CN=Users," + self.base_dn
+        delete_force(self.ldb_admin, object_dn)
+        # Create a custom security descriptor
+        sddl = "O:DAG:DAD:(A;;RP;;;DU)"
+        tmp_desc = security.descriptor.from_sddl(sddl, self.domain_sid)
+        _ldb.newgroup("test_domain_group1", grouptype=4, sd=tmp_desc)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]], res)
+
+    def test_115(self):
+        """ Enterprise & Schema admin group  member creates object (custom descriptor) in DOMAIN
+        """
+        user_name = "testuser8"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Enterprise Admins", "Schema Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        object_dn = "CN=test_domain_group1,CN=Users," + self.base_dn
+        delete_force(self.ldb_admin, object_dn)
+        # Create a custom security descriptor
+        sddl = "O:DAG:DAD:(A;;RP;;;DU)"
+        tmp_desc = security.descriptor.from_sddl(sddl, self.domain_sid)
+        _ldb.newgroup("test_domain_group1", grouptype=4, sd=tmp_desc)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]], res)
+
+    def test_999(self):
+        user_name = "Administrator"
+        object_dn = "OU=test_domain_ou1," + self.base_dn
+        delete_force(self.ldb_admin, object_dn)
+        self.ldb_admin.create_ou(object_dn)
+        user_sid = self.sd_utils.get_object_sid(self.get_users_domain_dn(user_name))
+        mod = "(D;CI;WP;;;S-1-3-0)"
+        #mod = ""
+        self.sd_utils.dacl_add_ace(object_dn, mod)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        # Create additional object into the first one
+        object_dn = "OU=test_domain_ou2," + object_dn
+        delete_force(self.ldb_admin, object_dn)
+        self.ldb_admin.create_ou(object_dn)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+
+    # Tests for SCHEMA
+
+    # Default descriptor tests ##################################################################
+
+    def test_130(self):
+        user_name = "testuser1"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Enterprise Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        # Change Schema partition descriptor
+        mod = "(A;CI;WDCC;;;AU)"
+        self.sd_utils.dacl_add_ace(self.schema_dn, mod)
+        # Create example Schema class
+        try:
+            class_dn = self.create_schema_class(_ldb)
+        except LdbError:
+            self.fail()
+        desc_sddl = self.sd_utils.get_sd_as_sddl(class_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]], res)
+        self.check_modify_inheritance(_ldb, class_dn)
+
+    def test_131(self):
+        user_name = "testuser2"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Domain Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        # Change Schema partition descriptor
+        mod = "(A;CI;WDCC;;;AU)"
+        self.sd_utils.dacl_add_ace(self.schema_dn, mod)
+        # Create example Schema class
+        class_dn = self.create_schema_class(_ldb)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(class_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]], res)
+        self.check_modify_inheritance(_ldb, class_dn)
+
+    def test_132(self):
+        user_name = "testuser3"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Schema Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        # Change Schema partition descriptor
+        mod = "(A;CI;WDCC;;;AU)"
+        self.sd_utils.dacl_add_ace(self.schema_dn, mod)
+        # Create example Schema class
+        class_dn = self.create_schema_class(_ldb)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(class_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]], res)
+        #self.check_modify_inheritance(_ldb, class_dn)
+
+    def test_133(self):
+        user_name = "testuser4"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), [])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        # Change Schema partition descriptor
+        user_sid = self.sd_utils.get_object_sid(self.get_users_domain_dn(user_name))
+        mod = "(A;CI;WDCC;;;AU)"
+        self.sd_utils.dacl_add_ace(self.schema_dn, mod)
+        # Create example Schema class
+        class_dn = self.create_schema_class(_ldb)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(class_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]] % str(user_sid), res)
+        #self.check_modify_inheritance(_ldb, class_dn)
+
+    def test_134(self):
+        user_name = "testuser5"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Enterprise Admins", "Domain Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        # Change Schema partition descriptor
+        mod = "(A;CI;WDCC;;;AU)"
+        self.sd_utils.dacl_add_ace(self.schema_dn, mod)
+        # Create example Schema class
+        class_dn = self.create_schema_class(_ldb)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(class_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]], res)
+        self.check_modify_inheritance(_ldb, class_dn)
+
+    def test_135(self):
+        user_name = "testuser6"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Enterprise Admins", "Domain Admins", "Schema Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        # Change Schema partition descriptor
+        mod = "(A;CI;WDCC;;;AU)"
+        self.sd_utils.dacl_add_ace(self.schema_dn, mod)
+        # Create example Schema class
+        class_dn = self.create_schema_class(_ldb)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(class_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]], res)
+        self.check_modify_inheritance(_ldb, class_dn)
+
+    def test_136(self):
+        user_name = "testuser7"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Domain Admins", "Schema Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        # Change Schema partition descriptor
+        mod = "(A;CI;WDCC;;;AU)"
+        self.sd_utils.dacl_add_ace(self.schema_dn, mod)
+        # Create example Schema class
+        class_dn = self.create_schema_class(_ldb)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(class_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]], res)
+        self.check_modify_inheritance(_ldb, class_dn)
+
+    def test_137(self):
+        user_name = "testuser8"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Enterprise Admins", "Schema Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        # Change Schema partition descriptor
+        mod = "(A;CI;WDCC;;;AU)"
+        self.sd_utils.dacl_add_ace(self.schema_dn, mod)
+        # Create example Schema class
+        class_dn = self.create_schema_class(_ldb)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(class_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]], res)
+        self.check_modify_inheritance(_ldb, class_dn)
+
+    # Custom descriptor tests ##################################################################
+
+    def test_138(self):
+        user_name = "testuser1"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Enterprise Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        # Change Schema partition descriptor
+        mod = "(A;;CC;;;AU)"
+        self.sd_utils.dacl_add_ace(self.schema_dn, mod)
+        # Create a custom security descriptor
+        desc_sddl = "O:DAG:DAD:(A;;RP;;;DU)"
+        # Create example Schema class
+        class_dn = self.create_schema_class(_ldb, desc_sddl)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(class_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual("O:DAG:DA", res)
+
+    def test_139(self):
+        user_name = "testuser2"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Domain Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        # Change Schema partition descriptor
+        mod = "(A;;CC;;;AU)"
+        self.sd_utils.dacl_add_ace(self.schema_dn, mod)
+        # Create a custom security descriptor
+        desc_sddl = "O:DAG:DAD:(A;;RP;;;DU)"
+        # Create example Schema class
+        class_dn = self.create_schema_class(_ldb, desc_sddl)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(class_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual("O:DAG:DA", res)
+
+    def test_140(self):
+        user_name = "testuser3"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Schema Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        # Create a custom security descriptor
+        # NB! Problematic owner part won't accept DA only <User Sid> !!!
+        user_sid = self.sd_utils.get_object_sid(self.get_users_domain_dn(user_name))
+        desc_sddl = "O:%sG:DAD:(A;;RP;;;DU)" % str(user_sid)
+        # Create example Schema class
+        class_dn = self.create_schema_class(_ldb, desc_sddl)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(class_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]] % str(user_sid), res)
+
+    def test_141(self):
+        user_name = "testuser4"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), [])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        # Change Schema partition descriptor
+        mod = "(A;;CC;;;AU)"
+        self.sd_utils.dacl_add_ace(self.schema_dn, mod)
+        # Create a custom security descriptor
+        # NB! Problematic owner part won't accept DA only <User Sid> !!!
+        user_sid = self.sd_utils.get_object_sid(self.get_users_domain_dn(user_name))
+        desc_sddl = "O:%sG:DAD:(A;;RP;;;DU)" % str(user_sid)
+        # Create example Schema class
+        class_dn = self.create_schema_class(_ldb, desc_sddl)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(class_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]] % str(user_sid), res)
+
+    def test_142(self):
+        user_name = "testuser5"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Enterprise Admins", "Domain Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        # Change Schema partition descriptor
+        mod = "(A;;CC;;;AU)"
+        self.sd_utils.dacl_add_ace(self.schema_dn, mod)
+        # Create a custom security descriptor
+        desc_sddl = "O:DAG:DAD:(A;;RP;;;DU)"
+        # Create example Schema class
+        class_dn = self.create_schema_class(_ldb, desc_sddl)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(class_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual("O:DAG:DA", res)
+
+    def test_143(self):
+        user_name = "testuser6"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Enterprise Admins", "Domain Admins", "Schema Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        # Change Schema partition descriptor
+        mod = "(A;;CC;;;AU)"
+        self.sd_utils.dacl_add_ace(self.schema_dn, mod)
+        # Create a custom security descriptor
+        desc_sddl = "O:DAG:DAD:(A;;RP;;;DU)"
+        # Create example Schema class
+        class_dn = self.create_schema_class(_ldb, desc_sddl)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(class_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual("O:DAG:DA", res)
+
+    def test_144(self):
+        user_name = "testuser7"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Domain Admins", "Schema Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        # Change Schema partition descriptor
+        mod = "(A;;CC;;;AU)"
+        self.sd_utils.dacl_add_ace(self.schema_dn, mod)
+        # Create a custom security descriptor
+        desc_sddl = "O:DAG:DAD:(A;;RP;;;DU)"
+        # Create example Schema class
+        class_dn = self.create_schema_class(_ldb, desc_sddl)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(class_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual("O:DAG:DA", res)
+
+    def test_145(self):
+        user_name = "testuser8"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Enterprise Admins", "Schema Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        # Change Schema partition descriptor
+        mod = "(A;;CC;;;AU)"
+        self.sd_utils.dacl_add_ace(self.schema_dn, mod)
+        # Create a custom security descriptor
+        desc_sddl = "O:DAG:DAD:(A;;RP;;;DU)"
+        # Create example Schema class
+        class_dn = self.create_schema_class(_ldb, desc_sddl)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(class_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual("O:DAG:DA", res)
+
+    # Tests for CONFIGURATION
+
+    # Default descriptor tests ##################################################################
+
+    def test_160(self):
+        user_name = "testuser1"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Enterprise Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        # Create example Configuration container
+        container_name = "test-container1"
+        object_dn = "CN=%s,CN=DisplaySpecifiers,%s" % (container_name, self.configuration_dn)
+        delete_force(self.ldb_admin, object_dn)
+        self.create_configuration_container(_ldb, object_dn, )
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]], res)
+        self.check_modify_inheritance(_ldb, object_dn)
+
+    def test_161(self):
+        user_name = "testuser2"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Domain Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        # Create example Configuration container
+        container_name = "test-container1"
+        object_dn = "CN=%s,CN=DisplaySpecifiers,%s" % (container_name, self.configuration_dn)
+        delete_force(self.ldb_admin, object_dn)
+        self.create_configuration_container(_ldb, object_dn, )
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]], res)
+        self.check_modify_inheritance(_ldb, object_dn)
+
+    def test_162(self):
+        user_name = "testuser3"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Schema Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        # Create example Configuration container
+        object_dn = "CN=test-container1,CN=DisplaySpecifiers," + self.configuration_dn
+        delete_force(self.ldb_admin, object_dn)
+        self.create_configuration_container(self.ldb_admin, object_dn, )
+        user_sid = self.sd_utils.get_object_sid(self.get_users_domain_dn(user_name))
+        mod = "(A;CI;WDCC;;;AU)"
+        self.sd_utils.dacl_add_ace(object_dn, mod)
+        # Create child object with user's credentials
+        object_dn = "CN=test-specifier1," + object_dn
+        delete_force(self.ldb_admin, object_dn)
+        try:
+            self.create_configuration_specifier(_ldb, object_dn)
+        except LdbError:
+            self.fail()
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]] % str(user_sid), res)
+        #self.check_modify_inheritance(_ldb, object_dn)
+
+    def test_163(self):
+        user_name = "testuser4"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), [])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        # Create example Configuration container
+        object_dn = "CN=test-container1,CN=DisplaySpecifiers," + self.configuration_dn
+        delete_force(self.ldb_admin, object_dn)
+        self.create_configuration_container(self.ldb_admin, object_dn, )
+        user_sid = self.sd_utils.get_object_sid(self.get_users_domain_dn(user_name))
+        mod = "(A;CI;WDCC;;;AU)"
+        self.sd_utils.dacl_add_ace(object_dn, mod)
+        # Create child object with user's credentials
+        object_dn = "CN=test-specifier1," + object_dn
+        delete_force(self.ldb_admin, object_dn)
+        self.create_configuration_specifier(_ldb, object_dn)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]] % str(user_sid), res)
+        #self.check_modify_inheritance(_ldb, object_dn)
+
+    def test_164(self):
+        user_name = "testuser5"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Enterprise Admins", "Domain Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        # Create example Configuration container
+        container_name = "test-container1"
+        object_dn = "CN=%s,CN=DisplaySpecifiers,%s" % (container_name, self.configuration_dn)
+        delete_force(self.ldb_admin, object_dn)
+        self.create_configuration_container(_ldb, object_dn, )
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]], res)
+        self.check_modify_inheritance(_ldb, object_dn)
+
+    def test_165(self):
+        user_name = "testuser6"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Enterprise Admins", "Domain Admins", "Schema Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        # Create example Configuration container
+        container_name = "test-container1"
+        object_dn = "CN=%s,CN=DisplaySpecifiers,%s" % (container_name, self.configuration_dn)
+        delete_force(self.ldb_admin, object_dn)
+        self.create_configuration_container(_ldb, object_dn, )
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]], res)
+        self.check_modify_inheritance(_ldb, object_dn)
+
+    def test_166(self):
+        user_name = "testuser7"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Domain Admins", "Schema Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        # Create example Configuration container
+        container_name = "test-container1"
+        object_dn = "CN=%s,CN=DisplaySpecifiers,%s" % (container_name, self.configuration_dn)
+        delete_force(self.ldb_admin, object_dn)
+        self.create_configuration_container(_ldb, object_dn, )
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]], res)
+        self.check_modify_inheritance(_ldb, object_dn)
+
+    def test_167(self):
+        user_name = "testuser8"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Enterprise Admins", "Schema Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        # Create example Configuration container
+        container_name = "test-container1"
+        object_dn = "CN=%s,CN=DisplaySpecifiers,%s" % (container_name, self.configuration_dn)
+        delete_force(self.ldb_admin, object_dn)
+        self.create_configuration_container(_ldb, object_dn, )
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]], res)
+        self.check_modify_inheritance(_ldb, object_dn)
+
+    # Custom descriptor tests ##################################################################
+
+    def test_168(self):
+        user_name = "testuser1"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Enterprise Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        # Create example Configuration container
+        container_name = "test-container1"
+        object_dn = "CN=%s,CN=DisplaySpecifiers,%s" % (container_name, self.configuration_dn)
+        delete_force(self.ldb_admin, object_dn)
+        # Create a custom security descriptor
+        desc_sddl = "O:DAG:DAD:(A;;RP;;;DU)"
+        self.create_configuration_container(_ldb, object_dn, desc_sddl)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual("O:DAG:DA", res)
+
+    def test_169(self):
+        user_name = "testuser2"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Domain Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        # Create example Configuration container
+        container_name = "test-container1"
+        object_dn = "CN=%s,CN=DisplaySpecifiers,%s" % (container_name, self.configuration_dn)
+        delete_force(self.ldb_admin, object_dn)
+        # Create a custom security descriptor
+        desc_sddl = "O:DAG:DAD:(A;;RP;;;DU)"
+        self.create_configuration_container(_ldb, object_dn, desc_sddl)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual("O:DAG:DA", res)
+
+    def test_170(self):
+        user_name = "testuser3"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Schema Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        # Create example Configuration container
+        object_dn = "CN=test-container1,CN=DisplaySpecifiers," + self.configuration_dn
+        delete_force(self.ldb_admin, object_dn)
+        self.create_configuration_container(self.ldb_admin, object_dn, )
+        user_sid = self.sd_utils.get_object_sid(self.get_users_domain_dn(user_name))
+        mod = "(A;CI;CCWD;;;AU)"
+        self.sd_utils.dacl_add_ace(object_dn, mod)
+        # Create child object with user's credentials
+        object_dn = "CN=test-specifier1," + object_dn
+        delete_force(self.ldb_admin, object_dn)
+        # Create a custom security descriptor
+        # NB! Problematic owner part won't accept DA only <User Sid> !!!
+        desc_sddl = "O:%sG:DAD:(A;;RP;;;DU)" % str(user_sid)
+        try:
+            self.create_configuration_specifier(_ldb, object_dn, desc_sddl)
+        except LdbError:
+            self.fail()
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]] % str(user_sid), res)
+
+    def test_171(self):
+        user_name = "testuser4"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), [])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        # Create example Configuration container
+        object_dn = "CN=test-container1,CN=DisplaySpecifiers," + self.configuration_dn
+        delete_force(self.ldb_admin, object_dn)
+        self.create_configuration_container(self.ldb_admin, object_dn, )
+        user_sid = self.sd_utils.get_object_sid(self.get_users_domain_dn(user_name))
+        mod = "(A;CI;CCWD;;;AU)"
+        self.sd_utils.dacl_add_ace(object_dn, mod)
+        # Create child object with user's credentials
+        object_dn = "CN=test-specifier1," + object_dn
+        delete_force(self.ldb_admin, object_dn)
+        # Create a custom security descriptor
+        # NB! Problematic owner part won't accept DA only <User Sid> !!!
+        desc_sddl = "O:%sG:DAD:(A;;RP;;;DU)" % str(user_sid)
+        try:
+            self.create_configuration_specifier(_ldb, object_dn, desc_sddl)
+        except LdbError:
+            self.fail()
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]] % str(user_sid), res)
+
+    def test_172(self):
+        user_name = "testuser5"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Enterprise Admins", "Domain Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        # Create example Configuration container
+        container_name = "test-container1"
+        object_dn = "CN=%s,CN=DisplaySpecifiers,%s" % (container_name, self.configuration_dn)
+        delete_force(self.ldb_admin, object_dn)
+        # Create a custom security descriptor
+        desc_sddl = "O:DAG:DAD:(A;;RP;;;DU)"
+        self.create_configuration_container(_ldb, object_dn, desc_sddl)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual("O:DAG:DA", res)
+
+    def test_173(self):
+        user_name = "testuser6"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Enterprise Admins", "Domain Admins", "Schema Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        # Create example Configuration container
+        container_name = "test-container1"
+        object_dn = "CN=%s,CN=DisplaySpecifiers,%s" % (container_name, self.configuration_dn)
+        delete_force(self.ldb_admin, object_dn)
+        # Create a custom security descriptor
+        desc_sddl = "O:DAG:DAD:(A;;RP;;;DU)"
+        self.create_configuration_container(_ldb, object_dn, desc_sddl)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual("O:DAG:DA", res)
+
+    def test_174(self):
+        user_name = "testuser7"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Domain Admins", "Schema Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        # Create example Configuration container
+        container_name = "test-container1"
+        object_dn = "CN=%s,CN=DisplaySpecifiers,%s" % (container_name, self.configuration_dn)
+        delete_force(self.ldb_admin, object_dn)
+        # Create a custom security descriptor
+        desc_sddl = "O:DAG:DAD:(A;;RP;;;DU)"
+        self.create_configuration_container(_ldb, object_dn, desc_sddl)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual("O:DAG:DA", res)
+
+    def test_175(self):
+        user_name = "testuser8"
+        self.check_user_belongs(self.get_users_domain_dn(user_name), ["Enterprise Admins", "Schema Admins"])
+        # Open Ldb connection with the tested user
+        _ldb = self.get_ldb_connection(user_name, "samba123@")
+        # Create example Configuration container
+        container_name = "test-container1"
+        object_dn = "CN=%s,CN=DisplaySpecifiers,%s" % (container_name, self.configuration_dn)
+        delete_force(self.ldb_admin, object_dn)
+        # Create a custom security descriptor
+        desc_sddl = "O:DAG:DAD:(A;;RP;;;DU)"
+        self.create_configuration_container(_ldb, object_dn, desc_sddl)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
+        self.assertEqual("O:DAG:DA", res)
+
+    ########################################################################################
+    # Inheritance tests for DACL
+
+
+class DaclDescriptorTests(DescriptorTests):
+
+    def deleteAll(self):
+        delete_force(self.ldb_admin, "CN=test_inherit_group,OU=test_inherit_ou," + self.base_dn)
+        delete_force(self.ldb_admin, "OU=test_inherit_ou5,OU=test_inherit_ou1,OU=test_inherit_ou_p," + self.base_dn)
+        delete_force(self.ldb_admin, "OU=test_inherit_ou6,OU=test_inherit_ou2,OU=test_inherit_ou_p," + self.base_dn)
+        delete_force(self.ldb_admin, "OU=test_inherit_ou1,OU=test_inherit_ou_p," + self.base_dn)
+        delete_force(self.ldb_admin, "OU=test_inherit_ou2,OU=test_inherit_ou_p," + self.base_dn)
+        delete_force(self.ldb_admin, "OU=test_inherit_ou3,OU=test_inherit_ou_p," + self.base_dn)
+        delete_force(self.ldb_admin, "OU=test_inherit_ou4,OU=test_inherit_ou_p," + self.base_dn)
+        delete_force(self.ldb_admin, "OU=test_inherit_ou_p," + self.base_dn)
+        delete_force(self.ldb_admin, "OU=test_inherit_ou," + self.base_dn)
+
+    def setUp(self):
+        super(DaclDescriptorTests, self).setUp()
+        self.deleteAll()
+
+    def create_clean_ou(self, object_dn):
+        """ Base repeating setup for unittests to follow """
+        res = self.ldb_admin.search(base=self.base_dn, scope=SCOPE_SUBTREE,
+                                    expression="distinguishedName=%s" % object_dn)
+        # Make sure top testing OU has been deleted before starting the test
+        self.assertEqual(len(res), 0)
+        self.ldb_admin.create_ou(object_dn)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        # Make sure there are inheritable ACEs initially
+        self.assertTrue("CI" in desc_sddl or "OI" in desc_sddl)
+        # Find and remove all inherit ACEs
+        res = re.findall(r"\(.*?\)", desc_sddl)
+        res = [x for x in res if ("CI" in x) or ("OI" in x)]
+        for x in res:
+            desc_sddl = desc_sddl.replace(x, "")
+        # Add flag 'protected' in both DACL and SACL so no inherit ACEs
+        # can propagate from above
+        # remove SACL, we are not interested
+        desc_sddl = desc_sddl.replace(":AI", ":AIP")
+        self.sd_utils.modify_sd_on_dn(object_dn, desc_sddl)
+        # Verify all inheritable ACEs are gone
+        desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
+        self.assertNotIn("CI", desc_sddl)
+        self.assertNotIn("OI", desc_sddl)
+
+    def test_200(self):
+        """ OU with protected flag and child group. See if the group has inherit ACEs.
+        """
+        ou_dn = "OU=test_inherit_ou," + self.base_dn
+        group_dn = "CN=test_inherit_group," + ou_dn
+        # Create inheritable-free OU
+        self.create_clean_ou(ou_dn)
+        # Create group child object
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4)
+        # Make sure created group object contains NO inherit ACEs
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertNotIn("ID", desc_sddl)
+
+    def test_201(self):
+        """ OU with protected flag and no inherit ACEs, child group with custom descriptor.
+            Verify group has custom and default ACEs only.
+        """
+        ou_dn = "OU=test_inherit_ou," + self.base_dn
+        group_dn = "CN=test_inherit_group," + ou_dn
+        # Create inheritable-free OU
+        self.create_clean_ou(ou_dn)
+        # Create group child object using custom security descriptor
+        sddl = "O:AUG:AUD:AI(D;;WP;;;DU)"
+        tmp_desc = security.descriptor.from_sddl(sddl, self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
+        # Make sure created group descriptor has NO additional ACEs
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertEqual(desc_sddl, sddl)
+        sddl = "O:AUG:AUD:AI(D;;CC;;;LG)"
+        try:
+            self.sd_utils.modify_sd_on_dn(group_dn, sddl)
+        except LdbError as e:
+            self.fail(str(e))
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertEqual(desc_sddl, sddl)
+
+    def test_202(self):
+        """ OU with protected flag and add couple non-inheritable ACEs, child group.
+            See if the group has any of the added ACEs.
+        """
+        ou_dn = "OU=test_inherit_ou," + self.base_dn
+        group_dn = "CN=test_inherit_group," + ou_dn
+        # Create inheritable-free OU
+        self.create_clean_ou(ou_dn)
+        # Add some custom non-inheritable ACEs
+        mod = "(D;;WP;;;DU)(A;;RP;;;DU)"
+        moded = "(D;;CC;;;LG)"
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+        # Verify all inheritable ACEs are gone
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+        # Create group child object
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4)
+        # Make sure created group object contains NO inherit ACEs
+        # also make sure the added above non-inheritable ACEs are absent too
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertNotIn("ID", desc_sddl)
+        for x in re.findall(r"\(.*?\)", mod):
+            self.assertNotIn(x, desc_sddl)
+        try:
+            self.sd_utils.modify_sd_on_dn(group_dn, "D:" + moded)
+        except LdbError as e:
+            self.fail(str(e))
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertNotIn("ID", desc_sddl)
+        for x in re.findall(r"\(.*?\)", mod):
+            self.assertNotIn(x, desc_sddl)
+
+    def test_203(self):
+        """ OU with protected flag and add 'CI' ACE, child group.
+            See if the group has the added inherited ACE.
+        """
+        ou_dn = "OU=test_inherit_ou," + self.base_dn
+        group_dn = "CN=test_inherit_group," + ou_dn
+        # Create inheritable-free OU
+        self.create_clean_ou(ou_dn)
+        # Add some custom 'CI' ACE
+        mod = "(D;CI;WP;;;DU)"
+        moded = "(D;;CC;;;LG)"
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+        # Create group child object
+        tmp_desc = security.descriptor.from_sddl("O:AUG:AUD:AI(A;;CC;;;AU)", self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
+        # Make sure created group object contains only the above inherited ACE
+        # that we've added manually
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        mod = mod.replace(";CI;", ";CIID;")
+        self.assertIn(mod, desc_sddl)
+        try:
+            self.sd_utils.modify_sd_on_dn(group_dn, "D:" + moded)
+        except LdbError as e:
+            self.fail(str(e))
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertIn(moded, desc_sddl)
+        self.assertIn(mod, desc_sddl)
+
+    def test_204(self):
+        """ OU with protected flag and add 'OI' ACE, child group.
+            See if the group has the added inherited ACE.
+        """
+        ou_dn = "OU=test_inherit_ou," + self.base_dn
+        group_dn = "CN=test_inherit_group," + ou_dn
+        # Create inheritable-free OU
+        self.create_clean_ou(ou_dn)
+        # Add some custom 'CI' ACE
+        mod = "(D;OI;WP;;;DU)"
+        moded = "(D;;CC;;;LG)"
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+        # Create group child object
+        tmp_desc = security.descriptor.from_sddl("O:AUG:AUD:AI(A;;CC;;;AU)", self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
+        # Make sure created group object contains only the above inherited ACE
+        # that we've added manually
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        mod = mod.replace(";OI;", ";OIIOID;")  # change it how it's gonna look like
+        self.assertIn(mod, desc_sddl)
+        try:
+            self.sd_utils.modify_sd_on_dn(group_dn, "D:" + moded)
+        except LdbError as e:
+            self.fail(str(e))
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertIn(moded, desc_sddl)
+        self.assertIn(mod, desc_sddl)
+
+    def test_205(self):
+        """ OU with protected flag and add 'OA' for GUID & 'CI' ACE, child group.
+            See if the group has the added inherited ACE.
+        """
+        ou_dn = "OU=test_inherit_ou," + self.base_dn
+        group_dn = "CN=test_inherit_group," + ou_dn
+        # Create inheritable-free OU
+        self.create_clean_ou(ou_dn)
+        # Add some custom 'OA' for 'name' attribute & 'CI' ACE
+        mod = "(OA;CI;WP;bf967a0e-0de6-11d0-a285-00aa003049e2;;DU)"
+        moded = "(D;;CC;;;LG)"
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+        # Create group child object
+        tmp_desc = security.descriptor.from_sddl("O:AUG:AUD:AI(A;;CC;;;AU)", self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
+        # Make sure created group object contains only the above inherited ACE
+        # that we've added manually
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        mod = mod.replace(";CI;", ";CIID;")  # change it how it's gonna look like
+        self.assertIn(mod, desc_sddl)
+        try:
+            self.sd_utils.modify_sd_on_dn(group_dn, "D:" + moded)
+        except LdbError as e:
+            self.fail(str(e))
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertIn(moded, desc_sddl)
+        self.assertIn(mod, desc_sddl)
+
+    def test_206(self):
+        """ OU with protected flag and add 'OA' for GUID & 'OI' ACE, child group.
+            See if the group has the added inherited ACE.
+        """
+        ou_dn = "OU=test_inherit_ou," + self.base_dn
+        group_dn = "CN=test_inherit_group," + ou_dn
+        # Create inheritable-free OU
+        self.create_clean_ou(ou_dn)
+        # Add some custom 'OA' for 'name' attribute & 'OI' ACE
+        mod = "(OA;OI;WP;bf967a0e-0de6-11d0-a285-00aa003049e2;;DU)"
+        moded = "(D;;CC;;;LG)"
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+        # Create group child object
+        tmp_desc = security.descriptor.from_sddl("O:AUG:AUD:AI(A;;CC;;;AU)", self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
+        # Make sure created group object contains only the above inherited ACE
+        # that we've added manually
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        mod = mod.replace(";OI;", ";OIIOID;")  # change it how it's gonna look like
+        self.assertIn(mod, desc_sddl)
+        try:
+            self.sd_utils.modify_sd_on_dn(group_dn, "D:" + moded)
+        except LdbError as e:
+            self.fail(str(e))
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertIn(moded, desc_sddl)
+        self.assertIn(mod, desc_sddl)
+
+    def test_207(self):
+        """ OU with protected flag and add 'OA' for OU specific GUID & 'CI' ACE, child group.
+            See if the group has the added inherited ACE.
+        """
+        ou_dn = "OU=test_inherit_ou," + self.base_dn
+        group_dn = "CN=test_inherit_group," + ou_dn
+        # Create inheritable-free OU
+        self.create_clean_ou(ou_dn)
+        # Add some custom 'OA' for 'st' attribute (OU specific) & 'CI' ACE
+        mod = "(OA;CI;WP;bf967a39-0de6-11d0-a285-00aa003049e2;;DU)"
+        moded = "(D;;CC;;;LG)"
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+        # Create group child object
+        tmp_desc = security.descriptor.from_sddl("O:AUG:AUD:AI(A;;CC;;;AU)", self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
+        # Make sure created group object contains only the above inherited ACE
+        # that we've added manually
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        mod = mod.replace(";CI;", ";CIID;")  # change it how it's gonna look like
+        self.assertIn(mod, desc_sddl)
+        try:
+            self.sd_utils.modify_sd_on_dn(group_dn, "D:" + moded)
+        except LdbError as e:
+            self.fail(str(e))
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertIn(moded, desc_sddl)
+        self.assertIn(mod, desc_sddl)
+
+    def test_208(self):
+        """ OU with protected flag and add 'OA' for OU specific GUID & 'OI' ACE, child group.
+            See if the group has the added inherited ACE.
+        """
+        ou_dn = "OU=test_inherit_ou," + self.base_dn
+        group_dn = "CN=test_inherit_group," + ou_dn
+        # Create inheritable-free OU
+        self.create_clean_ou(ou_dn)
+        # Add some custom 'OA' for 'st' attribute (OU specific) & 'OI' ACE
+        mod = "(OA;OI;WP;bf967a39-0de6-11d0-a285-00aa003049e2;;DU)"
+        moded = "(D;;CC;;;LG)"
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+        # Create group child object
+        tmp_desc = security.descriptor.from_sddl("O:AUG:AUD:AI(A;;CC;;;AU)", self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
+        # Make sure created group object contains only the above inherited ACE
+        # that we've added manually
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        mod = mod.replace(";OI;", ";OIIOID;")  # change it how it's gonna look like
+        self.assertIn(mod, desc_sddl)
+        try:
+            self.sd_utils.modify_sd_on_dn(group_dn, "D:(OA;OI;WP;bf967a39-0de6-11d0-a285-00aa003049e2;;DU)" + moded)
+        except LdbError as e:
+            self.fail(str(e))
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertIn(moded, desc_sddl)
+        self.assertIn(mod, desc_sddl)
+
+    def test_209(self):
+        """ OU with protected flag and add 'CI' ACE with 'CO' SID, child group.
+            See if the group has the added inherited ACE.
+        """
+        ou_dn = "OU=test_inherit_ou," + self.base_dn
+        group_dn = "CN=test_inherit_group," + ou_dn
+        # Create inheritable-free OU
+        self.create_clean_ou(ou_dn)
+        # Add some custom 'CI' ACE
+        mod = "(D;CI;WP;;;CO)"
+        moded = "(D;;CC;;;LG)"
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+        # Create group child object
+        tmp_desc = security.descriptor.from_sddl("O:AUG:AUD:AI(A;;CC;;;AU)", self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
+        # Make sure created group object contains only the above inherited ACE(s)
+        # that we've added manually
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertIn("(D;ID;WP;;;AU)", desc_sddl)
+        self.assertIn("(D;CIIOID;WP;;;CO)", desc_sddl)
+        try:
+            self.sd_utils.modify_sd_on_dn(group_dn, "D:" + moded)
+        except LdbError as e:
+            self.fail(str(e))
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertIn(moded, desc_sddl)
+        self.assertIn("(D;ID;WP;;;DA)", desc_sddl)
+        self.assertIn("(D;CIIOID;WP;;;CO)", desc_sddl)
+
+    def test_210(self):
+        """ OU with protected flag, provide ACEs with ID flag raised. Should be ignored.
+        """
+        ou_dn = "OU=test_inherit_ou," + self.base_dn
+        group_dn = "CN=test_inherit_group," + ou_dn
+        self.create_clean_ou(ou_dn)
+        # Add some custom  ACE
+        mod = "D:(D;CIIO;WP;;;CO)(A;ID;WP;;;AU)"
+        tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
+        # Make sure created group object does not contain the ID ace
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertNotIn("(A;ID;WP;;;AU)", desc_sddl)
+
+    def test_211(self):
+        """ Provide ACE with CO SID, should be expanded and replaced
+        """
+        ou_dn = "OU=test_inherit_ou," + self.base_dn
+        group_dn = "CN=test_inherit_group," + ou_dn
+        # Create inheritable-free OU
+        self.create_clean_ou(ou_dn)
+        # Add some custom 'CI' ACE
+        mod = "D:(D;CI;WP;;;CO)"
+        tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertIn("(D;;WP;;;DA)", desc_sddl)
+        self.assertIn("(D;CIIO;WP;;;CO)", desc_sddl)
+
+    def test_212(self):
+        """ Provide ACE with IO flag, should be ignored
+        """
+        ou_dn = "OU=test_inherit_ou," + self.base_dn
+        group_dn = "CN=test_inherit_group," + ou_dn
+        # Create inheritable-free OU
+        self.create_clean_ou(ou_dn)
+        # Add some custom 'CI' ACE
+        mod = "D:(D;CIIO;WP;;;CO)"
+        tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
+        # Make sure created group object contains only the above inherited ACE(s)
+        # that we've added manually
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertIn("(D;CIIO;WP;;;CO)", desc_sddl)
+        self.assertNotIn("(D;;WP;;;DA)", desc_sddl)
+        self.assertNotIn("(D;CIIO;WP;;;CO)(D;CIIO;WP;;;CO)", desc_sddl)
+
+    def test_213(self):
+        """ Provide ACE with IO flag, should be ignored
+        """
+        ou_dn = "OU=test_inherit_ou," + self.base_dn
+        group_dn = "CN=test_inherit_group," + ou_dn
+        # Create inheritable-free OU
+        self.create_clean_ou(ou_dn)
+        mod = "D:(D;IO;WP;;;DA)"
+        tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
+        # Make sure created group object contains only the above inherited ACE(s)
+        # that we've added manually
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertNotIn("(D;IO;WP;;;DA)", desc_sddl)
+
+    def test_214(self):
+        """ Test behavior of ACEs containing generic rights
+        """
+        ou_dn = "OU=test_inherit_ou_p," + self.base_dn
+        ou_dn1 = "OU=test_inherit_ou1," + ou_dn
+        ou_dn2 = "OU=test_inherit_ou2," + ou_dn
+        ou_dn3 = "OU=test_inherit_ou3," + ou_dn
+        ou_dn4 = "OU=test_inherit_ou4," + ou_dn
+        ou_dn5 = "OU=test_inherit_ou5," + ou_dn1
+        ou_dn6 = "OU=test_inherit_ou6," + ou_dn2
+        # Create inheritable-free OU
+        mod = "D:P(A;CI;WPRPLCCCDCWDRCSD;;;DA)"
+        tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid)
+        self.ldb_admin.create_ou(ou_dn, sd=tmp_desc)
+        mod = "D:(A;CI;GA;;;DU)"
+        tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid)
+        self.ldb_admin.create_ou(ou_dn1, sd=tmp_desc)
+        mod = "D:(A;CIIO;GA;;;DU)"
+        tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid)
+        self.ldb_admin.create_ou(ou_dn2, sd=tmp_desc)
+        mod = "D:(A;;GA;;;DU)"
+        tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid)
+        self.ldb_admin.create_ou(ou_dn3, sd=tmp_desc)
+        mod = "D:(A;IO;GA;;;DU)"
+        tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid)
+        self.ldb_admin.create_ou(ou_dn4, sd=tmp_desc)
+
+        self.ldb_admin.create_ou(ou_dn5)
+        self.ldb_admin.create_ou(ou_dn6)
+
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn1)
+        self.assertIn("(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DU)", desc_sddl)
+        self.assertIn("(A;CIIO;GA;;;DU)", desc_sddl)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn2)
+        self.assertNotIn("(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DU)", desc_sddl)
+        self.assertIn("(A;CIIO;GA;;;DU)", desc_sddl)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn3)
+        self.assertIn("(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DU)", desc_sddl)
+        self.assertNotIn("(A;CIIO;GA;;;DU)", desc_sddl)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn4)
+        self.assertNotIn("(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DU)", desc_sddl)
+        self.assertNotIn("(A;CIIO;GA;;;DU)", desc_sddl)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn5)
+        self.assertIn("(A;ID;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DU)", desc_sddl)
+        self.assertIn("(A;CIIOID;GA;;;DU)", desc_sddl)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn6)
+        self.assertIn("(A;ID;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DU)", desc_sddl)
+        self.assertIn("(A;CIIOID;GA;;;DU)", desc_sddl)
+
+    def test_215(self):
+        """ Make sure IO flag is removed in child objects
+        """
+        ou_dn = "OU=test_inherit_ou_p," + self.base_dn
+        ou_dn1 = "OU=test_inherit_ou1," + ou_dn
+        ou_dn5 = "OU=test_inherit_ou5," + ou_dn1
+        # Create inheritable-free OU
+        mod = "D:P(A;CI;WPRPLCCCDCWDRCSD;;;DA)"
+        tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid)
+        self.ldb_admin.create_ou(ou_dn, sd=tmp_desc)
+        mod = "D:(A;CIIO;WP;;;DU)"
+        tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid)
+        self.ldb_admin.create_ou(ou_dn1, sd=tmp_desc)
+        self.ldb_admin.create_ou(ou_dn5)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn5)
+        self.assertIn("(A;CIID;WP;;;DU)", desc_sddl)
+        self.assertNotIn("(A;CIIOID;WP;;;DU)", desc_sddl)
+
+    def test_216(self):
+        """ Make sure ID ACES provided by user are ignored
+        """
+        ou_dn = "OU=test_inherit_ou," + self.base_dn
+        group_dn = "CN=test_inherit_group," + ou_dn
+        mod = "D:P(A;;WPRPLCCCDCWDRCSD;;;DA)"
+        tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid)
+        self.ldb_admin.create_ou(ou_dn, sd=tmp_desc)
+        # Add some custom  ACE
+        mod = "D:(D;ID;WP;;;AU)"
+        tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
+        # Make sure created group object does not contain the ID ace
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertNotIn("(A;ID;WP;;;AU)", desc_sddl)
+        self.assertNotIn("(A;;WP;;;AU)", desc_sddl)
+
+    def test_217(self):
+        """ Make sure ID ACES provided by user are not ignored if P flag is set
+        """
+        ou_dn = "OU=test_inherit_ou," + self.base_dn
+        group_dn = "CN=test_inherit_group," + ou_dn
+        mod = "D:P(A;;WPRPLCCCDCWDRCSD;;;DA)"
+        tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid)
+        self.ldb_admin.create_ou(ou_dn, sd=tmp_desc)
+        # Add some custom  ACE
+        mod = "D:P(A;ID;WP;;;AU)"
+        tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
+        # Make sure created group object does not contain the ID ace
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertNotIn("(A;ID;WP;;;AU)", desc_sddl)
+        self.assertIn("(A;;WP;;;AU)", desc_sddl)
+
+    def test_ci_and_io_on_attribute(self):
+        ou_dn = "OU=test_inherit_ou," + self.base_dn
+        group_dn = "CN=test_inherit_group," + ou_dn
+        # Create inheritable-free OU
+        self.create_clean_ou(ou_dn)
+        mod = "(OA;CIOI;WP;bf967a0e-0de6-11d0-a285-00aa003049e2;;DU)"
+        moded = "(D;;CC;;;LG)"
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+        # Create group child object
+        tmp_desc = security.descriptor.from_sddl("O:AUG:AUD:AI(A;;CC;;;AU)", self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        mod = mod.replace(";CIOI;", ";OICIID;")  # change it how it's gonna look like
+        self.assertIn(mod, desc_sddl)
+        try:
+            self.sd_utils.modify_sd_on_dn(group_dn, "D:" + moded)
+        except LdbError as e:
+            self.fail(str(e))
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertIn(moded, desc_sddl)
+        self.assertIn(mod, desc_sddl)
+
+    def test_ci_and_np_on_attribute(self):
+        ou_dn = "OU=test_inherit_ou," + self.base_dn
+        group_dn = "CN=test_inherit_group," + ou_dn
+        # Create inheritable-free OU
+        self.create_clean_ou(ou_dn)
+        mod = "(OA;CINP;WP;bf967a0e-0de6-11d0-a285-00aa003049e2;;DU)"
+        moded = "(D;;CC;;;LG)"
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+        # Create group child object
+        tmp_desc = security.descriptor.from_sddl("O:AUG:AUD:AI(A;;CC;;;AU)", self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        mod = mod.replace(";CINP;", ";ID;")  # change it how it's gonna look like
+        self.assertIn(mod, desc_sddl)
+        try:
+            self.sd_utils.modify_sd_on_dn(group_dn, "D:" + moded)
+        except LdbError as e:
+            self.fail(str(e))
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertIn(moded, desc_sddl)
+        self.assertIn(mod, desc_sddl)
+
+    def test_oi_and_np_on_attribute(self):
+        ou_dn = "OU=test_inherit_ou," + self.base_dn
+        group_dn = "CN=test_inherit_group," + ou_dn
+        # Create inheritable-free OU
+        self.create_clean_ou(ou_dn)
+        mod = "(OA;OINP;WP;bf967a0e-0de6-11d0-a285-00aa003049e2;;DU)"
+        moded = "(D;;CC;;;LG)"
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+        # Create group child object
+        tmp_desc = security.descriptor.from_sddl("O:AUG:AUD:AI(A;;CC;;;AU)", self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        mod = mod.replace(";OINP;", ";ID;")  # change it how it's gonna look like
+        self.assertNotIn(mod, desc_sddl)
+        self.assertNotIn("bf967a0e-0de6-11d0-a285-00aa003049e2", desc_sddl)
+        try:
+            self.sd_utils.modify_sd_on_dn(group_dn, "D:" + moded)
+        except LdbError as e:
+            self.fail(str(e))
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertIn(moded, desc_sddl)
+        self.assertNotIn(mod, desc_sddl)
+        self.assertNotIn("bf967a0e-0de6-11d0-a285-00aa003049e2", desc_sddl)
+
+    def test_ci_ga_no_attr_objectclass_same(self):
+        ou_dn = "OU=test_inherit_ou," + self.base_dn
+        group_dn = "CN=test_inherit_group," + ou_dn
+        # Create inheritable-free OU
+        self.create_clean_ou(ou_dn)
+        mod = "(OA;CI;GA;;bf967a9c-0de6-11d0-a285-00aa003049e2;DA)"
+        modob = "(A;ID;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DA)"
+        modid = "(OA;CIIOID;GA;;bf967a9c-0de6-11d0-a285-00aa003049e2;DA)"
+        moded = "(D;;CC;;;LG)"
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+        # Create group child object
+        tmp_desc = security.descriptor.from_sddl("O:AUG:AUD:AI(A;;CC;;;AU)", self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertIn(modob, desc_sddl)
+        self.assertIn(modid, desc_sddl)
+        try:
+            self.sd_utils.modify_sd_on_dn(group_dn, "D:" + moded)
+        except LdbError as e:
+            self.fail(str(e))
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertIn(moded, desc_sddl)
+        self.assertIn(modob, desc_sddl)
+        self.assertIn(modid, desc_sddl)
+
+    def test_ci_ga_no_attr_objectclass_different(self):
+        ou_dn = "OU=test_inherit_ou," + self.base_dn
+        group_dn = "CN=test_inherit_group," + ou_dn
+        # Create inheritable-free OU
+        self.create_clean_ou(ou_dn)
+        mod = "(OA;CI;GA;;aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee;DA)"
+        modno = "(A;ID;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DA)"
+        modid = "(OA;CIIOID;GA;;aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee;DA)"
+        moded = "(D;;CC;;;LG)"
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+        # Create group child object
+        tmp_desc = security.descriptor.from_sddl("O:AUG:AUD:AI(A;;CC;;;AU)", self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertNotIn(modno, desc_sddl)
+        self.assertIn(modid, desc_sddl)
+        try:
+            self.sd_utils.modify_sd_on_dn(group_dn, "D:" + moded)
+        except LdbError as e:
+            self.fail(str(e))
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertIn(moded, desc_sddl)
+        self.assertNotIn(modno, desc_sddl)
+        self.assertIn(modid, desc_sddl)
+
+    def test_ci_ga_name_attr_objectclass_same(self):
+        ou_dn = "OU=test_inherit_ou," + self.base_dn
+        group_dn = "CN=test_inherit_group," + ou_dn
+        # Create inheritable-free OU
+        self.create_clean_ou(ou_dn)
+        mod = "(OA;CI;GA;bf967a0e-0de6-11d0-a285-00aa003049e2;bf967a9c-0de6-11d0-a285-00aa003049e2;DA)"
+        modob = "(OA;ID;CCDCLCSWRPWPDTLOCRSDRCWDWO;bf967a0e-0de6-11d0-a285-00aa003049e2;;DA)"
+        modid = "(OA;CIIOID;GA;bf967a0e-0de6-11d0-a285-00aa003049e2;bf967a9c-0de6-11d0-a285-00aa003049e2;DA)"
+        moded = "(D;;CC;;;LG)"
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+        # Create group child object
+        tmp_desc = security.descriptor.from_sddl("O:AUG:AUD:AI(A;;CC;;;AU)", self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertIn(modob, desc_sddl)
+        self.assertIn(modid, desc_sddl)
+        try:
+            self.sd_utils.modify_sd_on_dn(group_dn, "D:" + moded)
+        except LdbError as e:
+            self.fail(str(e))
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertIn(moded, desc_sddl)
+        self.assertIn(modob, desc_sddl)
+        self.assertIn(modid, desc_sddl)
+
+    def test_ci_ga_name_attr_objectclass_different(self):
+        ou_dn = "OU=test_inherit_ou," + self.base_dn
+        group_dn = "CN=test_inherit_group," + ou_dn
+        # Create inheritable-free OU
+        self.create_clean_ou(ou_dn)
+        mod = "(OA;CI;GA;bf967a0e-0de6-11d0-a285-00aa003049e2;aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee;DA)"
+        modno = "(OA;ID;CCDCLCSWRPWPDTLOCRSDRCWDWO;bf967a0e-0de6-11d0-a285-00aa003049e2;;DA)"
+        modid = "(OA;CIIOID;GA;bf967a0e-0de6-11d0-a285-00aa003049e2;aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee;DA)"
+        moded = "(D;;CC;;;LG)"
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+        # Create group child object
+        tmp_desc = security.descriptor.from_sddl("O:AUG:AUD:AI(A;;CC;;;AU)", self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertNotIn(modno, desc_sddl)
+        self.assertIn(modid, desc_sddl)
+        try:
+            self.sd_utils.modify_sd_on_dn(group_dn, "D:" + moded)
+        except LdbError as e:
+            self.fail(str(e))
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertIn(moded, desc_sddl)
+        self.assertNotIn(modno, desc_sddl)
+        self.assertIn(modid, desc_sddl)
+
+    def test_ci_lc_no_attr_objectclass_same(self):
+        ou_dn = "OU=test_inherit_ou," + self.base_dn
+        group_dn = "CN=test_inherit_group," + ou_dn
+        # Create inheritable-free OU
+        self.create_clean_ou(ou_dn)
+        mod = "(OA;CI;LC;;bf967a9c-0de6-11d0-a285-00aa003049e2;DA)"
+        modno = "(A;ID;LC;;;DA)"
+        modid = "(OA;CIID;LC;;bf967a9c-0de6-11d0-a285-00aa003049e2;DA)"
+        moded = "(D;;CC;;;LG)"
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+        # Create group child object
+        tmp_desc = security.descriptor.from_sddl("O:AUG:AUD:AI(A;;CC;;;AU)", self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertNotIn(modno, desc_sddl)
+        self.assertIn(modid, desc_sddl)
+        try:
+            self.sd_utils.modify_sd_on_dn(group_dn, "D:" + moded)
+        except LdbError as e:
+            self.fail(str(e))
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertIn(moded, desc_sddl)
+        self.assertNotIn(modno, desc_sddl)
+        self.assertIn(modid, desc_sddl)
+
+    def test_ci_lc_no_attr_objectclass_different(self):
+        ou_dn = "OU=test_inherit_ou," + self.base_dn
+        group_dn = "CN=test_inherit_group," + ou_dn
+        # Create inheritable-free OU
+        self.create_clean_ou(ou_dn)
+        mod = "(OA;CI;LC;;aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee;DA)"
+        modno = "(A;ID;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DA)"
+        modid = "(OA;CIIOID;LC;;aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee;DA)"
+        moded = "(D;;CC;;;LG)"
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+        # Create group child object
+        tmp_desc = security.descriptor.from_sddl("O:AUG:AUD:AI(A;;CC;;;AU)", self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertNotIn(modno, desc_sddl)
+        self.assertIn(modid, desc_sddl)
+        try:
+            self.sd_utils.modify_sd_on_dn(group_dn, "D:" + moded)
+        except LdbError as e:
+            self.fail(str(e))
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertIn(moded, desc_sddl)
+        self.assertNotIn(modno, desc_sddl)
+        self.assertIn(modid, desc_sddl)
+
+    def test_ci_lc_name_attr_objectclass_same(self):
+        ou_dn = "OU=test_inherit_ou," + self.base_dn
+        group_dn = "CN=test_inherit_group," + ou_dn
+        # Create inheritable-free OU
+        self.create_clean_ou(ou_dn)
+        mod = "(OA;CI;LC;bf967a0e-0de6-11d0-a285-00aa003049e2;bf967a9c-0de6-11d0-a285-00aa003049e2;DA)"
+        modob = "(OA;ID;LC;bf967a0e-0de6-11d0-a285-00aa003049e2;;DA)"
+        modid = "(OA;CIID;LC;bf967a0e-0de6-11d0-a285-00aa003049e2;bf967a9c-0de6-11d0-a285-00aa003049e2;DA)"
+        moded = "(D;;CC;;;LG)"
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+        # Create group child object
+        tmp_desc = security.descriptor.from_sddl("O:AUG:AUD:AI(A;;CC;;;AU)", self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertNotIn(modob, desc_sddl)
+        self.assertIn(modid, desc_sddl)
+        try:
+            self.sd_utils.modify_sd_on_dn(group_dn, "D:" + moded)
+        except LdbError as e:
+            self.fail(str(e))
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertIn(moded, desc_sddl)
+        self.assertNotIn(modob, desc_sddl)
+        self.assertIn(modid, desc_sddl)
+
+    def test_ci_lc_name_attr_objectclass_different(self):
+        ou_dn = "OU=test_inherit_ou," + self.base_dn
+        group_dn = "CN=test_inherit_group," + ou_dn
+        # Create inheritable-free OU
+        self.create_clean_ou(ou_dn)
+        mod = "(OA;CI;LC;bf967a0e-0de6-11d0-a285-00aa003049e2;aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee;DA)"
+        modno = "(OA;ID;LC;bf967a0e-0de6-11d0-a285-00aa003049e2;;DA)"
+        modid = "(OA;CIIOID;LC;bf967a0e-0de6-11d0-a285-00aa003049e2;aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee;DA)"
+        moded = "(D;;CC;;;LG)"
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+        # Create group child object
+        tmp_desc = security.descriptor.from_sddl("O:AUG:AUD:AI(A;;CC;;;AU)", self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertNotIn(modno, desc_sddl)
+        self.assertIn(modid, desc_sddl)
+        try:
+            self.sd_utils.modify_sd_on_dn(group_dn, "D:" + moded)
+        except LdbError as e:
+            self.fail(str(e))
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertIn(moded, desc_sddl)
+        self.assertNotIn(modno, desc_sddl)
+        self.assertIn(modid, desc_sddl)
+
+    def test_ci_np_ga_no_attr_objectclass_same(self):
+        ou_dn = "OU=test_inherit_ou," + self.base_dn
+        group_dn = "CN=test_inherit_group," + ou_dn
+        # Create inheritable-free OU
+        self.create_clean_ou(ou_dn)
+        # Add some custom 'OA' for 'name' attribute & 'CI'+'OI' ACE
+        mod = "(OA;CINP;GA;;bf967a9c-0de6-11d0-a285-00aa003049e2;DA)"
+        modob = "(A;ID;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DA)"
+        modid = "(OA;CIIOID;GA;;bf967a9c-0de6-11d0-a285-00aa003049e2;DA)"
+        moded = "(D;;CC;;;LG)"
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+        # Create group child object
+        tmp_desc = security.descriptor.from_sddl("O:AUG:AUD:AI(A;;CC;;;AU)", self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertIn(modob, desc_sddl)
+        self.assertNotIn(modid, desc_sddl)
+        self.assertNotIn("bf967a9c-0de6-11d0-a285-00aa003049e2", desc_sddl)
+        try:
+            self.sd_utils.modify_sd_on_dn(group_dn, "D:" + moded)
+        except LdbError as e:
+            self.fail(str(e))
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertIn(moded, desc_sddl)
+        self.assertNotIn(modid, desc_sddl)
+        self.assertNotIn("bf967a9c-0de6-11d0-a285-00aa003049e2", desc_sddl)
+
+    def test_ci_np_ga_no_attr_objectclass_different(self):
+        ou_dn = "OU=test_inherit_ou," + self.base_dn
+        group_dn = "CN=test_inherit_group," + ou_dn
+        # Create inheritable-free OU
+        self.create_clean_ou(ou_dn)
+        mod = "(OA;CINP;GA;;aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee;DA)"
+        modno = "(A;ID;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DA)"
+        modid = "(OA;CIIOID;GA;;aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee;DA)"
+        moded = "(D;;CC;;;LG)"
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+        # Create group child object
+        tmp_desc = security.descriptor.from_sddl("O:AUG:AUD:AI(A;;CC;;;AU)", self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertNotIn(modno, desc_sddl)
+        self.assertNotIn(modid, desc_sddl)
+        self.assertNotIn("aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee", desc_sddl)
+        try:
+            self.sd_utils.modify_sd_on_dn(group_dn, "D:" + moded)
+        except LdbError as e:
+            self.fail(str(e))
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertIn(moded, desc_sddl)
+        self.assertNotIn(modno, desc_sddl)
+        self.assertNotIn(modid, desc_sddl)
+        self.assertNotIn("aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee", desc_sddl)
+
+    def test_ci_np_ga_name_attr_objectclass_same(self):
+        ou_dn = "OU=test_inherit_ou," + self.base_dn
+        group_dn = "CN=test_inherit_group," + ou_dn
+        # Create inheritable-free OU
+        self.create_clean_ou(ou_dn)
+        mod = "(OA;CINP;GA;bf967a0e-0de6-11d0-a285-00aa003049e2;bf967a9c-0de6-11d0-a285-00aa003049e2;DA)"
+        modob = "(OA;ID;CCDCLCSWRPWPDTLOCRSDRCWDWO;bf967a0e-0de6-11d0-a285-00aa003049e2;;DA)"
+        modid = "(OA;CIIOID;GA;bf967a0e-0de6-11d0-a285-00aa003049e2;bf967a9c-0de6-11d0-a285-00aa003049e2;DA)"
+        moded = "(D;;CC;;;LG)"
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+        # Create group child object
+        tmp_desc = security.descriptor.from_sddl("O:AUG:AUD:AI(A;;CC;;;AU)", self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertIn(modob, desc_sddl)
+        self.assertNotIn(modid, desc_sddl)
+        self.assertNotIn("bf967a9c-0de6-11d0-a285-00aa003049e2", desc_sddl)
+        try:
+            self.sd_utils.modify_sd_on_dn(group_dn, "D:" + moded)
+        except LdbError as e:
+            self.fail(str(e))
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertIn(moded, desc_sddl)
+        self.assertIn(modob, desc_sddl)
+        self.assertNotIn(modid, desc_sddl)
+        self.assertNotIn("bf967a9c-0de6-11d0-a285-00aa003049e2", desc_sddl)
+
+    def test_ci_np_ga_name_attr_objectclass_different(self):
+        ou_dn = "OU=test_inherit_ou," + self.base_dn
+        group_dn = "CN=test_inherit_group," + ou_dn
+        # Create inheritable-free OU
+        self.create_clean_ou(ou_dn)
+        mod = "(OA;CINP;GA;bf967a0e-0de6-11d0-a285-00aa003049e2;aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee;DA)"
+        moded = "(D;;CC;;;LG)"
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+        # Create group child object
+        tmp_desc = security.descriptor.from_sddl("O:AUG:AUD:AI(A;;CC;;;AU)", self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertNotIn("bf967a0e-0de6-11d0-a285-00aa003049e2", desc_sddl)
+        self.assertNotIn("aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee", desc_sddl)
+        try:
+            self.sd_utils.modify_sd_on_dn(group_dn, "D:" + moded)
+        except LdbError as e:
+            self.fail(str(e))
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertIn(moded, desc_sddl)
+        self.assertNotIn("bf967a0e-0de6-11d0-a285-00aa003049e2", desc_sddl)
+        self.assertNotIn("aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee", desc_sddl)
+
+    def test_ci_np_lc_no_attr_objectclass_same(self):
+        ou_dn = "OU=test_inherit_ou," + self.base_dn
+        group_dn = "CN=test_inherit_group," + ou_dn
+        # Create inheritable-free OU
+        self.create_clean_ou(ou_dn)
+        mod = "(OA;CINP;LC;;bf967a9c-0de6-11d0-a285-00aa003049e2;DA)"
+        modno = "(A;ID;LC;;;DA)"
+        modid = "(OA;CIID;LC;;bf967a9c-0de6-11d0-a285-00aa003049e2;DA)"
+        moded = "(D;;CC;;;LG)"
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+        # Create group child object
+        tmp_desc = security.descriptor.from_sddl("O:AUG:AUD:AI(A;;CC;;;AU)", self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertIn(modno, desc_sddl)
+        self.assertNotIn(modid, desc_sddl)
+        self.assertNotIn("bf967a9c-0de6-11d0-a285-00aa003049e2", desc_sddl)
+        try:
+            self.sd_utils.modify_sd_on_dn(group_dn, "D:" + moded)
+        except LdbError as e:
+            self.fail(str(e))
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertIn(moded, desc_sddl)
+        self.assertIn(modno, desc_sddl)
+        self.assertNotIn(modid, desc_sddl)
+        self.assertNotIn("bf967a9c-0de6-11d0-a285-00aa003049e2", desc_sddl)
+
+    def test_ci_np_lc_no_attr_objectclass_different(self):
+        ou_dn = "OU=test_inherit_ou," + self.base_dn
+        group_dn = "CN=test_inherit_group," + ou_dn
+        # Create inheritable-free OU
+        self.create_clean_ou(ou_dn)
+        mod = "(OA;CINP;LC;;aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee;DA)"
+        modno = "(A;ID;LC;;;DA)"
+        modid = "(OA;CIIOID;LC;;aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee;DA)"
+        moded = "(D;;CC;;;LG)"
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+        # Create group child object
+        tmp_desc = security.descriptor.from_sddl("O:AUG:AUD:AI(A;;CC;;;AU)", self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertNotIn(modno, desc_sddl)
+        self.assertNotIn(modid, desc_sddl)
+        self.assertNotIn("aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee", desc_sddl)
+        try:
+            self.sd_utils.modify_sd_on_dn(group_dn, "D:" + moded)
+        except LdbError as e:
+            self.fail(str(e))
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertIn(moded, desc_sddl)
+        self.assertNotIn(modno, desc_sddl)
+        self.assertNotIn(modid, desc_sddl)
+        self.assertNotIn("aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee", desc_sddl)
+
+    def test_ci_np_lc_name_attr_objectclass_same(self):
+        ou_dn = "OU=test_inherit_ou," + self.base_dn
+        group_dn = "CN=test_inherit_group," + ou_dn
+        # Create inheritable-free OU
+        self.create_clean_ou(ou_dn)
+        mod = "(OA;CINP;LC;bf967a0e-0de6-11d0-a285-00aa003049e2;bf967a9c-0de6-11d0-a285-00aa003049e2;DA)"
+        modob = "(OA;ID;LC;bf967a0e-0de6-11d0-a285-00aa003049e2;;DA)"
+        modid = "(OA;CIID;LC;bf967a0e-0de6-11d0-a285-00aa003049e2;bf967a9c-0de6-11d0-a285-00aa003049e2;DA)"
+        moded = "(D;;CC;;;LG)"
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+        # Create group child object
+        tmp_desc = security.descriptor.from_sddl("O:AUG:AUD:AI(A;;CC;;;AU)", self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertIn(modob, desc_sddl)
+        self.assertNotIn(modid, desc_sddl)
+        self.assertNotIn("bf967a9c-0de6-11d0-a285-00aa003049e2", desc_sddl)
+        try:
+            self.sd_utils.modify_sd_on_dn(group_dn, "D:" + moded)
+        except LdbError as e:
+            self.fail(str(e))
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertIn(moded, desc_sddl)
+        self.assertIn(modob, desc_sddl)
+        self.assertNotIn(modid, desc_sddl)
+        self.assertNotIn("bf967a9c-0de6-11d0-a285-00aa003049e2", desc_sddl)
+
+    def test_ci_np_lc_name_attr_objectclass_different(self):
+        ou_dn = "OU=test_inherit_ou," + self.base_dn
+        group_dn = "CN=test_inherit_group," + ou_dn
+        # Create inheritable-free OU
+        self.create_clean_ou(ou_dn)
+        mod = "(OA;CINP;LC;bf967a0e-0de6-11d0-a285-00aa003049e2;aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee;DA)"
+        modno = "(OA;ID;LC;bf967a0e-0de6-11d0-a285-00aa003049e2;;DA)"
+        modid = "(OA;CIIOID;LC;bf967a0e-0de6-11d0-a285-00aa003049e2;aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee;DA)"
+        moded = "(D;;CC;;;LG)"
+        self.sd_utils.dacl_add_ace(ou_dn, mod)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+        # Create group child object
+        tmp_desc = security.descriptor.from_sddl("O:AUG:AUD:AI(A;;CC;;;AU)", self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertNotIn(modno, desc_sddl)
+        self.assertNotIn(modid, desc_sddl)
+        self.assertNotIn("bf967a0e-0de6-11d0-a285-00aa003049e2", desc_sddl)
+        self.assertNotIn("aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee", desc_sddl)
+        try:
+            self.sd_utils.modify_sd_on_dn(group_dn, "D:" + moded)
+        except LdbError as e:
+            self.fail(str(e))
+        desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+        self.assertIn(moded, desc_sddl)
+        self.assertNotIn(modno, desc_sddl)
+        self.assertNotIn(modid, desc_sddl)
+        self.assertNotIn("bf967a0e-0de6-11d0-a285-00aa003049e2", desc_sddl)
+        self.assertNotIn("aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee", desc_sddl)
+
+    ########################################################################################
+
+
+class SdFlagsDescriptorTests(DescriptorTests):
+    def deleteAll(self):
+        delete_force(self.ldb_admin, "OU=test_sdflags_ou," + self.base_dn)
+
+    def setUp(self):
+        super(SdFlagsDescriptorTests, self).setUp()
+        self.test_descr = "O:AUG:AUD:(D;;CC;;;LG)S:(OU;;WP;;;AU)"
+        self.deleteAll()
+
+    def test_301(self):
+        """ Modify a descriptor with OWNER_SECURITY_INFORMATION set.
+            See that only the owner has been changed.
+        """
+        ou_dn = "OU=test_sdflags_ou," + self.base_dn
+        self.ldb_admin.create_ou(ou_dn)
+        self.sd_utils.modify_sd_on_dn(ou_dn, self.test_descr, controls=["sd_flags:1:%d" % (SECINFO_OWNER)])
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+        # make sure we have modified the owner
+        self.assertIn("O:AU", desc_sddl)
+        # make sure nothing else has been modified
+        self.assertNotIn("G:AU", desc_sddl)
+        self.assertNotIn("D:(D;;CC;;;LG)", desc_sddl)
+        self.assertNotIn("(OU;;WP;;;AU)", desc_sddl)
+
+    def test_302(self):
+        """ Modify a descriptor with GROUP_SECURITY_INFORMATION set.
+            See that only the owner has been changed.
+        """
+        ou_dn = "OU=test_sdflags_ou," + self.base_dn
+        self.ldb_admin.create_ou(ou_dn)
+        self.sd_utils.modify_sd_on_dn(ou_dn, self.test_descr, controls=["sd_flags:1:%d" % (SECINFO_GROUP)])
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+        # make sure we have modified the group
+        self.assertIn("G:AU", desc_sddl)
+        # make sure nothing else has been modified
+        self.assertNotIn("O:AU", desc_sddl)
+        self.assertNotIn("D:(D;;CC;;;LG)", desc_sddl)
+        self.assertNotIn("(OU;;WP;;;AU)", desc_sddl)
+
+    def test_303(self):
+        """ Modify a descriptor with SACL_SECURITY_INFORMATION set.
+            See that only the owner has been changed.
+        """
+        ou_dn = "OU=test_sdflags_ou," + self.base_dn
+        self.ldb_admin.create_ou(ou_dn)
+        self.sd_utils.modify_sd_on_dn(ou_dn, self.test_descr, controls=["sd_flags:1:%d" % (SECINFO_DACL)])
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+        # make sure we have modified the DACL
+        self.assertIn("(D;;CC;;;LG)", desc_sddl)
+        # make sure nothing else has been modified
+        self.assertNotIn("O:AU", desc_sddl)
+        self.assertNotIn("G:AU", desc_sddl)
+        self.assertNotIn("(OU;;WP;;;AU)", desc_sddl)
+
+    def test_304(self):
+        """ Modify a descriptor with SACL_SECURITY_INFORMATION set.
+            See that only the owner has been changed.
+        """
+        ou_dn = "OU=test_sdflags_ou," + self.base_dn
+        self.ldb_admin.create_ou(ou_dn)
+        self.sd_utils.modify_sd_on_dn(ou_dn, self.test_descr, controls=["sd_flags:1:%d" % (SECINFO_SACL)])
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+        # make sure we have modified the DACL
+        self.assertIn("(OU;;WP;;;AU)", desc_sddl)
+        # make sure nothing else has been modified
+        self.assertNotIn("O:AU", desc_sddl)
+        self.assertNotIn("G:AU", desc_sddl)
+        self.assertNotIn("(D;;CC;;;LG)", desc_sddl)
+
+    def test_305(self):
+        """ Modify a descriptor with 0x0 set.
+            Contrary to logic this is interpreted as no control,
+            which is the same as 0xF
+        """
+        ou_dn = "OU=test_sdflags_ou," + self.base_dn
+        self.ldb_admin.create_ou(ou_dn)
+        self.sd_utils.modify_sd_on_dn(ou_dn, self.test_descr, controls=["sd_flags:1:0"])
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+        # make sure we have modified the DACL
+        self.assertIn("(OU;;WP;;;AU)", desc_sddl)
+        # make sure nothing else has been modified
+        self.assertIn("O:AU", desc_sddl)
+        self.assertIn("G:AU", desc_sddl)
+        self.assertIn("(D;;CC;;;LG)", desc_sddl)
+
+    def test_306(self):
+        """ Modify a descriptor with 0xF set.
+        """
+        ou_dn = "OU=test_sdflags_ou," + self.base_dn
+        self.ldb_admin.create_ou(ou_dn)
+        self.sd_utils.modify_sd_on_dn(ou_dn, self.test_descr, controls=["sd_flags:1:15"])
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+        # make sure we have modified the DACL
+        self.assertIn("(OU;;WP;;;AU)", desc_sddl)
+        # make sure nothing else has been modified
+        self.assertIn("O:AU", desc_sddl)
+        self.assertIn("G:AU", desc_sddl)
+        self.assertIn("(D;;CC;;;LG)", desc_sddl)
+
+    def test_307(self):
+        """ Read a descriptor with OWNER_SECURITY_INFORMATION
+            Only the owner part should be returned.
+        """
+        ou_dn = "OU=test_sdflags_ou," + self.base_dn
+        self.ldb_admin.create_ou(ou_dn)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn, controls=["sd_flags:1:%d" % (SECINFO_OWNER)])
+        # make sure we have read the owner
+        self.assertIn("O:", desc_sddl)
+        # make sure we have read nothing else
+        self.assertNotIn("G:", desc_sddl)
+        self.assertNotIn("D:", desc_sddl)
+        self.assertNotIn("S:", desc_sddl)
+
+    def test_308(self):
+        """ Read a descriptor with GROUP_SECURITY_INFORMATION
+            Only the group part should be returned.
+        """
+        ou_dn = "OU=test_sdflags_ou," + self.base_dn
+        self.ldb_admin.create_ou(ou_dn)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn, controls=["sd_flags:1:%d" % (SECINFO_GROUP)])
+        # make sure we have read the owner
+        self.assertIn("G:", desc_sddl)
+        # make sure we have read nothing else
+        self.assertNotIn("O:", desc_sddl)
+        self.assertNotIn("D:", desc_sddl)
+        self.assertNotIn("S:", desc_sddl)
+
+    def test_309(self):
+        """ Read a descriptor with SACL_SECURITY_INFORMATION
+            Only the sacl part should be returned.
+        """
+        ou_dn = "OU=test_sdflags_ou," + self.base_dn
+        self.ldb_admin.create_ou(ou_dn)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn, controls=["sd_flags:1:%d" % (SECINFO_SACL)])
+        # make sure we have read the owner
+        self.assertIn("S:", desc_sddl)
+        # make sure we have read nothing else
+        self.assertNotIn("O:", desc_sddl)
+        self.assertNotIn("D:", desc_sddl)
+        self.assertNotIn("G:", desc_sddl)
+
+    def test_310(self):
+        """ Read a descriptor with DACL_SECURITY_INFORMATION
+            Only the dacl part should be returned.
+        """
+        ou_dn = "OU=test_sdflags_ou," + self.base_dn
+        self.ldb_admin.create_ou(ou_dn)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn, controls=["sd_flags:1:%d" % (SECINFO_DACL)])
+        # make sure we have read the owner
+        self.assertIn("D:", desc_sddl)
+        # make sure we have read nothing else
+        self.assertNotIn("O:", desc_sddl)
+        self.assertNotIn("S:", desc_sddl)
+        self.assertNotIn("G:", desc_sddl)
+
+    def test_311(self):
+        sd_flags = (SECINFO_OWNER |
+                    SECINFO_GROUP |
+                    SECINFO_DACL |
+                    SECINFO_SACL)
+
+        res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
+                                    [], controls=None)
+        self.assertNotIn("nTSecurityDescriptor", res[0])
+
+        res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
+                                    ["name"], controls=None)
+        self.assertNotIn("nTSecurityDescriptor", res[0])
+
+        res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
+                                    ["name"], controls=["sd_flags:1:%d" % (sd_flags)])
+        self.assertNotIn("nTSecurityDescriptor", res[0])
+
+        res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
+                                    controls=["sd_flags:1:%d" % (sd_flags)])
+        self.assertIn("nTSecurityDescriptor", res[0])
+        tmp = res[0]["nTSecurityDescriptor"][0]
+        sd = ndr_unpack(security.descriptor, tmp)
+        sddl = sd.as_sddl(self.sd_utils.domain_sid)
+        self.assertIn("O:", sddl)
+        self.assertIn("G:", sddl)
+        self.assertIn("D:", sddl)
+        self.assertIn("S:", sddl)
+
+        res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
+                                    ["*"], controls=["sd_flags:1:%d" % (sd_flags)])
+        self.assertIn("nTSecurityDescriptor", res[0])
+        tmp = res[0]["nTSecurityDescriptor"][0]
+        sd = ndr_unpack(security.descriptor, tmp)
+        sddl = sd.as_sddl(self.sd_utils.domain_sid)
+        self.assertIn("O:", sddl)
+        self.assertIn("G:", sddl)
+        self.assertIn("D:", sddl)
+        self.assertIn("S:", sddl)
+
+        res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
+                                    ["nTSecurityDescriptor", "*"], controls=["sd_flags:1:%d" % (sd_flags)])
+        self.assertIn("nTSecurityDescriptor", res[0])
+        tmp = res[0]["nTSecurityDescriptor"][0]
+        sd = ndr_unpack(security.descriptor, tmp)
+        sddl = sd.as_sddl(self.sd_utils.domain_sid)
+        self.assertIn("O:", sddl)
+        self.assertIn("G:", sddl)
+        self.assertIn("D:", sddl)
+        self.assertIn("S:", sddl)
+
+        res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
+                                    ["*", "nTSecurityDescriptor"], controls=["sd_flags:1:%d" % (sd_flags)])
+        self.assertIn("nTSecurityDescriptor", res[0])
+        tmp = res[0]["nTSecurityDescriptor"][0]
+        sd = ndr_unpack(security.descriptor, tmp)
+        sddl = sd.as_sddl(self.sd_utils.domain_sid)
+        self.assertIn("O:", sddl)
+        self.assertIn("G:", sddl)
+        self.assertIn("D:", sddl)
+        self.assertIn("S:", sddl)
+
+        res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
+                                    ["nTSecurityDescriptor", "name"], controls=["sd_flags:1:%d" % (sd_flags)])
+        self.assertIn("nTSecurityDescriptor", res[0])
+        tmp = res[0]["nTSecurityDescriptor"][0]
+        sd = ndr_unpack(security.descriptor, tmp)
+        sddl = sd.as_sddl(self.sd_utils.domain_sid)
+        self.assertIn("O:", sddl)
+        self.assertIn("G:", sddl)
+        self.assertIn("D:", sddl)
+        self.assertIn("S:", sddl)
+
+        res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
+                                    ["name", "nTSecurityDescriptor"], controls=["sd_flags:1:%d" % (sd_flags)])
+        self.assertIn("nTSecurityDescriptor", res[0])
+        tmp = res[0]["nTSecurityDescriptor"][0]
+        sd = ndr_unpack(security.descriptor, tmp)
+        sddl = sd.as_sddl(self.sd_utils.domain_sid)
+        self.assertIn("O:", sddl)
+        self.assertIn("G:", sddl)
+        self.assertIn("D:", sddl)
+        self.assertIn("S:", sddl)
+
+        res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
+                                    ["nTSecurityDescriptor"], controls=None)
+        self.assertIn("nTSecurityDescriptor", res[0])
+        tmp = res[0]["nTSecurityDescriptor"][0]
+        sd = ndr_unpack(security.descriptor, tmp)
+        sddl = sd.as_sddl(self.sd_utils.domain_sid)
+        self.assertIn("O:", sddl)
+        self.assertIn("G:", sddl)
+        self.assertIn("D:", sddl)
+        self.assertIn("S:", sddl)
+
+        res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
+                                    ["name", "nTSecurityDescriptor"], controls=None)
+        self.assertIn("nTSecurityDescriptor", res[0])
+        tmp = res[0]["nTSecurityDescriptor"][0]
+        sd = ndr_unpack(security.descriptor, tmp)
+        sddl = sd.as_sddl(self.sd_utils.domain_sid)
+        self.assertIn("O:", sddl)
+        self.assertIn("G:", sddl)
+        self.assertIn("D:", sddl)
+        self.assertIn("S:", sddl)
+
+        res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
+                                    ["nTSecurityDescriptor", "name"], controls=None)
+        self.assertIn("nTSecurityDescriptor", res[0])
+        tmp = res[0]["nTSecurityDescriptor"][0]
+        sd = ndr_unpack(security.descriptor, tmp)
+        sddl = sd.as_sddl(self.sd_utils.domain_sid)
+        self.assertIn("O:", sddl)
+        self.assertIn("G:", sddl)
+        self.assertIn("D:", sddl)
+        self.assertIn("S:", sddl)
+
+    def test_312(self):
+        """This search is done by the windows dc join..."""
+
+        res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None, ["1.1"],
+                                    controls=["extended_dn:1:0", "sd_flags:1:0", "search_options:1:1"])
+        self.assertNotIn("nTSecurityDescriptor", res[0])
+
+
+class RightsAttributesTests(DescriptorTests):
+
+    def deleteAll(self):
+        delete_force(self.ldb_admin, self.get_users_domain_dn("testuser_attr"))
+        delete_force(self.ldb_admin, self.get_users_domain_dn("testuser_attr2"))
+        delete_force(self.ldb_admin, "OU=test_domain_ou1," + self.base_dn)
+
+    def setUp(self):
+        super(RightsAttributesTests, self).setUp()
+        self.deleteAll()
+        # Create users
+        # User 1
+        self.ldb_admin.newuser("testuser_attr", "samba123@")
+        # User 2, Domain Admins
+        self.ldb_admin.newuser("testuser_attr2", "samba123@")
+        self.ldb_admin.add_remove_group_members("Domain Admins",
+                                                ["testuser_attr2"],
+                                                add_members_operation=True)
+
+    def test_sDRightsEffective(self):
+        object_dn = "OU=test_domain_ou1," + self.base_dn
+        delete_force(self.ldb_admin, object_dn)
+        self.ldb_admin.create_ou(object_dn)
+        print(self.get_users_domain_dn("testuser_attr"))
+        user_sid = self.sd_utils.get_object_sid(self.get_users_domain_dn("testuser_attr"))
+        # give testuser1 read access so attributes can be retrieved
+        mod = "(A;CI;RP;;;%s)" % str(user_sid)
+        self.sd_utils.dacl_add_ace(object_dn, mod)
+        _ldb = self.get_ldb_connection("testuser_attr", "samba123@")
+        res = _ldb.search(base=object_dn, expression="", scope=SCOPE_BASE,
+                          attrs=["sDRightsEffective"])
+        # user should have no rights at all
+        self.assertEqual(len(res), 1)
+        self.assertEqual(str(res[0]["sDRightsEffective"][0]), "0")
+        # give the user Write DACL and see what happens
+        mod = "(A;CI;WD;;;%s)" % str(user_sid)
+        self.sd_utils.dacl_add_ace(object_dn, mod)
+        res = _ldb.search(base=object_dn, expression="", scope=SCOPE_BASE,
+                          attrs=["sDRightsEffective"])
+        # user should have DACL_SECURITY_INFORMATION
+        self.assertEqual(len(res), 1)
+        self.assertEqual(str(res[0]["sDRightsEffective"][0]), ("%d") % SECINFO_DACL)
+        # give the user Write Owners and see what happens
+        mod = "(A;CI;WO;;;%s)" % str(user_sid)
+        self.sd_utils.dacl_add_ace(object_dn, mod)
+        res = _ldb.search(base=object_dn, expression="", scope=SCOPE_BASE,
+                          attrs=["sDRightsEffective"])
+        # user should have DACL_SECURITY_INFORMATION, OWNER_SECURITY_INFORMATION, GROUP_SECURITY_INFORMATION
+        self.assertEqual(len(res), 1)
+        self.assertEqual(str(res[0]["sDRightsEffective"][0]), ("%d") % (SECINFO_DACL | SECINFO_GROUP | SECINFO_OWNER))
+        # no way to grant security privilege bu adding ACE's so we use a member of Domain Admins
+        _ldb = self.get_ldb_connection("testuser_attr2", "samba123@")
+        res = _ldb.search(base=object_dn, expression="", scope=SCOPE_BASE,
+                          attrs=["sDRightsEffective"])
+        # user should have DACL_SECURITY_INFORMATION, OWNER_SECURITY_INFORMATION, GROUP_SECURITY_INFORMATION
+        self.assertEqual(len(res), 1)
+        self.assertEqual(str(res[0]["sDRightsEffective"][0]),
+                          ("%d") % (SECINFO_DACL | SECINFO_GROUP | SECINFO_OWNER | SECINFO_SACL))
+
+    def test_allowedChildClassesEffective(self):
+        object_dn = "OU=test_domain_ou1," + self.base_dn
+        delete_force(self.ldb_admin, object_dn)
+        self.ldb_admin.create_ou(object_dn)
+        user_sid = self.sd_utils.get_object_sid(self.get_users_domain_dn("testuser_attr"))
+        # give testuser1 read access so attributes can be retrieved
+        mod = "(A;CI;RP;;;%s)" % str(user_sid)
+        self.sd_utils.dacl_add_ace(object_dn, mod)
+        _ldb = self.get_ldb_connection("testuser_attr", "samba123@")
+        res = _ldb.search(base=object_dn, expression="", scope=SCOPE_BASE,
+                          attrs=["allowedChildClassesEffective"])
+        # there should be no allowed child classes
+        self.assertEqual(len(res), 1)
+        self.assertNotIn("allowedChildClassesEffective", res[0].keys())
+        # give the user the right to create children of type user
+        mod = "(OA;CI;CC;bf967aba-0de6-11d0-a285-00aa003049e2;;%s)" % str(user_sid)
+        self.sd_utils.dacl_add_ace(object_dn, mod)
+        res = _ldb.search(base=object_dn, expression="", scope=SCOPE_BASE,
+                          attrs=["allowedChildClassesEffective"])
+        # allowedChildClassesEffective should only have one value, user
+        self.assertEqual(len(res), 1)
+        self.assertEqual(len(res[0]["allowedChildClassesEffective"]), 1)
+        self.assertEqual(str(res[0]["allowedChildClassesEffective"][0]), "user")
+
+    def test_allowedAttributesEffective(self):
+        object_dn = "OU=test_domain_ou1," + self.base_dn
+        delete_force(self.ldb_admin, object_dn)
+        self.ldb_admin.create_ou(object_dn)
+        user_sid = self.sd_utils.get_object_sid(self.get_users_domain_dn("testuser_attr"))
+        # give testuser1 read access so attributes can be retrieved
+        mod = "(A;CI;RP;;;%s)" % str(user_sid)
+        self.sd_utils.dacl_add_ace(object_dn, mod)
+        _ldb = self.get_ldb_connection("testuser_attr", "samba123@")
+        res = _ldb.search(base=object_dn, expression="", scope=SCOPE_BASE,
+                          attrs=["allowedAttributesEffective"])
+        # there should be no allowed attributes
+        self.assertEqual(len(res), 1)
+        self.assertNotIn("allowedAttributesEffective", res[0].keys())
+        # give the user the right to write displayName and managedBy
+        mod2 = "(OA;CI;WP;bf967953-0de6-11d0-a285-00aa003049e2;;%s)" % str(user_sid)
+        mod = "(OA;CI;WP;0296c120-40da-11d1-a9c0-0000f80367c1;;%s)" % str(user_sid)
+        # also rights to modify an read only attribute, fromEntry
+        mod3 = "(OA;CI;WP;9a7ad949-ca53-11d1-bbd0-0080c76670c0;;%s)" % str(user_sid)
+        self.sd_utils.dacl_add_ace(object_dn, mod + mod2 + mod3)
+        res = _ldb.search(base=object_dn, expression="", scope=SCOPE_BASE,
+                          attrs=["allowedAttributesEffective"])
+        # value should only contain user and managedBy
+        self.assertEqual(len(res), 1)
+        self.assertEqual(len(res[0]["allowedAttributesEffective"]), 2)
+        self.assertIn(b"displayName", res[0]["allowedAttributesEffective"])
+        self.assertIn(b"managedBy", res[0]["allowedAttributesEffective"])
+
+
+class SdAutoInheritTests(DescriptorTests):
+    def deleteAll(self):
+        delete_force(self.ldb_admin, self.sub_dn)
+        delete_force(self.ldb_admin, self.ou_dn)
+
+    def setUp(self):
+        super(SdAutoInheritTests, self).setUp()
+        self.ou_dn = "OU=test_SdAutoInherit_ou," + self.base_dn
+        self.sub_dn = "OU=test_sub," + self.ou_dn
+        self.deleteAll()
+
+    def test_301(self):
+        """ Modify a descriptor with OWNER_SECURITY_INFORMATION set.
+            See that only the owner has been changed.
+        """
+        attrs = ["nTSecurityDescriptor", "replPropertyMetaData", "uSNChanged"]
+        controls = ["sd_flags:1:%d" % (SECINFO_DACL)]
+        ace = "(A;CI;CC;;;NU)"
+        sub_ace = "(A;CIID;CC;;;NU)"
+        sd_sddl = "O:BAG:BAD:P(A;CI;0x000f01ff;;;AU)"
+        sd = security.descriptor.from_sddl(sd_sddl, self.domain_sid)
+
+        self.ldb_admin.create_ou(self.ou_dn, sd=sd)
+        self.ldb_admin.create_ou(self.sub_dn)
+
+        ou_res0 = self.sd_utils.ldb.search(self.ou_dn, SCOPE_BASE,
+                                           None, attrs, controls=controls)
+        sub_res0 = self.sd_utils.ldb.search(self.sub_dn, SCOPE_BASE,
+                                            None, attrs, controls=controls)
+
+        ou_sd0 = ndr_unpack(security.descriptor, ou_res0[0]["nTSecurityDescriptor"][0])
+        sub_sd0 = ndr_unpack(security.descriptor, sub_res0[0]["nTSecurityDescriptor"][0])
+
+        ou_sddl0 = ou_sd0.as_sddl(self.domain_sid)
+        sub_sddl0 = sub_sd0.as_sddl(self.domain_sid)
+
+        self.assertNotIn(ace, ou_sddl0)
+        self.assertNotIn(ace, sub_sddl0)
+
+        ou_sddl1 = (ou_sddl0[:ou_sddl0.index("(")] + ace +
+                    ou_sddl0[ou_sddl0.index("("):])
+
+        sub_sddl1 = (sub_sddl0[:sub_sddl0.index("(")] + ace +
+                     sub_sddl0[sub_sddl0.index("("):])
+
+        self.sd_utils.modify_sd_on_dn(self.ou_dn, ou_sddl1, controls=controls)
+
+        self.sd_utils.modify_sd_on_dn(self.sub_dn, sub_sddl1, controls=controls)
+
+        sub_res2 = self.sd_utils.ldb.search(self.sub_dn, SCOPE_BASE,
+                                            None, attrs, controls=controls)
+        ou_res2 = self.sd_utils.ldb.search(self.ou_dn, SCOPE_BASE,
+                                           None, attrs, controls=controls)
+
+        ou_sd2 = ndr_unpack(security.descriptor, ou_res2[0]["nTSecurityDescriptor"][0])
+        sub_sd2 = ndr_unpack(security.descriptor, sub_res2[0]["nTSecurityDescriptor"][0])
+
+        ou_sddl2 = ou_sd2.as_sddl(self.domain_sid)
+        sub_sddl2 = sub_sd2.as_sddl(self.domain_sid)
+
+        self.assertNotEqual(ou_sddl2, ou_sddl0)
+        self.assertNotEqual(sub_sddl2, sub_sddl0)
+
+        if ace not in ou_sddl2:
+            print("ou0: %s" % ou_sddl0)
+            print("ou2: %s" % ou_sddl2)
+
+        if sub_ace not in sub_sddl2:
+            print("sub0: %s" % sub_sddl0)
+            print("sub2: %s" % sub_sddl2)
+
+        self.assertIn(ace, ou_sddl2)
+        self.assertIn(sub_ace, sub_sddl2)
+
+        ou_usn0 = int(ou_res0[0]["uSNChanged"][0])
+        ou_usn2 = int(ou_res2[0]["uSNChanged"][0])
+        self.assertGreater(ou_usn2, ou_usn0)
+
+        sub_usn0 = int(sub_res0[0]["uSNChanged"][0])
+        sub_usn2 = int(sub_res2[0]["uSNChanged"][0])
+        self.assertGreater(sub_usn2, sub_usn0)
+
+
+if "://" not in host:
+    if os.path.isfile(host):
+        host = "tdb://%s" % host
+    else:
+        host = "ldap://%s" % host
+
+# use 'paged_search' module when connecting remotely
+if host.lower().startswith("ldap://"):
+    ldb_options = ["modules:paged_searches"]
+
+TestProgram(module=__name__, opts=subunitopts)
diff --git a/source4/dsdb/tests/python/sites.py b/source4/dsdb/tests/python/sites.py
new file mode 100755
index 0000000..f6efdae
--- /dev/null
+++ b/source4/dsdb/tests/python/sites.py
@@ -0,0 +1,637 @@
+#!/usr/bin/env python3
+#
+# Unit tests for sites manipulation in samba
+# Copyright (C) Matthieu Patou <mat@matws.net> 2011
+#
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import optparse
+import sys
+sys.path.insert(0, "bin/python")
+import samba
+
+from samba.tests.subunitrun import TestProgram, SubunitOptions
+
+import samba.getopt as options
+from samba import sites
+from samba import subnets
+from samba.auth import system_session
+from samba.samdb import SamDB
+from samba import gensec
+from samba.credentials import Credentials, DONT_USE_KERBEROS
+import samba.tests
+from samba.tests import delete_force
+from samba.dcerpc import security
+from ldb import SCOPE_SUBTREE, LdbError, ERR_INSUFFICIENT_ACCESS_RIGHTS
+
+parser = optparse.OptionParser("sites.py [options] <host>")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+subunitopts = SubunitOptions(parser)
+parser.add_option_group(subunitopts)
+
+opts, args = parser.parse_args()
+
+if len(args) < 1:
+    parser.print_usage()
+    sys.exit(1)
+
+host = args[0]
+if "://" not in host:
+    ldaphost = "ldap://%s" % host
+else:
+    ldaphost = host
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+
+#
+# Tests start here
+#
+
+
+class SitesBaseTests(samba.tests.TestCase):
+
+    def setUp(self):
+        super(SitesBaseTests, self).setUp()
+        self.ldb = SamDB(ldaphost, credentials=creds,
+                         session_info=system_session(lp), lp=lp)
+        self.base_dn = self.ldb.domain_dn()
+        self.domain_sid = security.dom_sid(self.ldb.get_domain_sid())
+        self.configuration_dn = self.ldb.get_config_basedn().get_linearized()
+
+    def get_user_dn(self, name):
+        return "CN=%s,CN=Users,%s" % (name, self.base_dn)
+
+
+# tests on sites
+class SimpleSitesTests(SitesBaseTests):
+
+    def test_create_and_delete(self):
+        """test creation and deletion of 1 site"""
+
+        sites.create_site(self.ldb, self.ldb.get_config_basedn(),
+                          "testsamba")
+
+        self.assertRaises(sites.SiteAlreadyExistsException,
+                          sites.create_site, self.ldb,
+                          self.ldb.get_config_basedn(),
+                          "testsamba")
+
+        sites.delete_site(self.ldb, self.ldb.get_config_basedn(),
+                          "testsamba")
+
+        self.assertRaises(sites.SiteNotFoundException,
+                          sites.delete_site, self.ldb,
+                          self.ldb.get_config_basedn(),
+                          "testsamba")
+
+    def test_delete_not_empty(self):
+        """test removal of 1 site with servers"""
+
+        self.assertRaises(sites.SiteServerNotEmptyException,
+                          sites.delete_site, self.ldb,
+                          self.ldb.get_config_basedn(),
+                          "Default-First-Site-Name")
+
+
+# tests for subnets
+class SimpleSubnetTests(SitesBaseTests):
+
+    def setUp(self):
+        super(SimpleSubnetTests, self).setUp()
+        self.basedn = self.ldb.get_config_basedn()
+        self.sitename = "testsite"
+        self.sitename2 = "testsite2"
+        self.ldb.transaction_start()
+        sites.create_site(self.ldb, self.basedn, self.sitename)
+        sites.create_site(self.ldb, self.basedn, self.sitename2)
+        self.ldb.transaction_commit()
+
+    def tearDown(self):
+        self.ldb.transaction_start()
+        sites.delete_site(self.ldb, self.basedn, self.sitename)
+        sites.delete_site(self.ldb, self.basedn, self.sitename2)
+        self.ldb.transaction_commit()
+        super(SimpleSubnetTests, self).tearDown()
+
+    def test_create_delete(self):
+        """Create a subnet and delete it again."""
+        basedn = self.ldb.get_config_basedn()
+        cidr = "10.11.12.0/24"
+
+        subnets.create_subnet(self.ldb, basedn, cidr, self.sitename)
+
+        self.assertRaises(subnets.SubnetAlreadyExists,
+                          subnets.create_subnet, self.ldb, basedn, cidr,
+                          self.sitename)
+
+        subnets.delete_subnet(self.ldb, basedn, cidr)
+
+        ret = self.ldb.search(base=basedn, scope=SCOPE_SUBTREE,
+                              expression='(&(objectclass=subnet)(cn=%s))' % cidr)
+
+        self.assertEqual(len(ret), 0, 'Failed to delete subnet %s' % cidr)
+
+    def test_create_shift_delete(self):
+        """Create a subnet, shift it to another site, then delete it."""
+        basedn = self.ldb.get_config_basedn()
+        cidr = "10.11.12.0/24"
+
+        subnets.create_subnet(self.ldb, basedn, cidr, self.sitename)
+
+        subnets.set_subnet_site(self.ldb, basedn, cidr, self.sitename2)
+
+        ret = self.ldb.search(base=basedn, scope=SCOPE_SUBTREE,
+                              expression='(&(objectclass=subnet)(cn=%s))' % cidr)
+
+        sites = ret[0]['siteObject']
+        self.assertEqual(len(sites), 1)
+        self.assertEqual(str(sites[0]),
+                         'CN=testsite2,CN=Sites,%s' % self.ldb.get_config_basedn())
+
+        self.assertRaises(subnets.SubnetAlreadyExists,
+                          subnets.create_subnet, self.ldb, basedn, cidr,
+                          self.sitename)
+
+        subnets.delete_subnet(self.ldb, basedn, cidr)
+
+        ret = self.ldb.search(base=basedn, scope=SCOPE_SUBTREE,
+                              expression='(&(objectclass=subnet)(cn=%s))' % cidr)
+
+        self.assertEqual(len(ret), 0, 'Failed to delete subnet %s' % cidr)
+
+    def test_delete_subnet_that_does_not_exist(self):
+        """Ensure we can't delete a site that isn't there."""
+        basedn = self.ldb.get_config_basedn()
+        cidr = "10.15.0.0/16"
+
+        self.assertRaises(subnets.SubnetNotFound,
+                          subnets.delete_subnet, self.ldb, basedn, cidr)
+
+    def get_user_and_ldb(self, username, password, hostname=ldaphost):
+        """Get a connection for a temporarily user that will vanish as soon as
+        the test is over."""
+        user = self.ldb.newuser(username, password)
+        creds_tmp = Credentials()
+        creds_tmp.set_username(username)
+        creds_tmp.set_password(password)
+        creds_tmp.set_domain(creds.get_domain())
+        creds_tmp.set_realm(creds.get_realm())
+        creds_tmp.set_workstation(creds.get_workstation())
+        creds_tmp.set_gensec_features(creds_tmp.get_gensec_features()
+                                      | gensec.FEATURE_SEAL)
+        creds_tmp.set_kerberos_state(DONT_USE_KERBEROS)
+        ldb_target = SamDB(url=hostname, credentials=creds_tmp, lp=lp)
+        self.addCleanup(delete_force, self.ldb, self.get_user_dn(username))
+        return (user, ldb_target)
+
+    def test_rename_delete_good_subnet_to_good_subnet_other_user(self):
+        """Make sure that we can't rename or delete subnets when we aren't
+        admin."""
+        basedn = self.ldb.get_config_basedn()
+        cidr = "10.16.0.0/24"
+        new_cidr = "10.16.1.0/24"
+        subnets.create_subnet(self.ldb, basedn, cidr, self.sitename)
+        user, non_admin_ldb = self.get_user_and_ldb("notadmin", "samba123@")
+        try:
+            subnets.rename_subnet(non_admin_ldb, basedn, cidr, new_cidr)
+        except LdbError as e:
+            self.assertEqual(e.args[0], ERR_INSUFFICIENT_ACCESS_RIGHTS,
+                             ("subnet rename by non-admin failed "
+                              "in the wrong way: %s" % e))
+        else:
+            self.fail("subnet rename by non-admin succeeded")
+
+        ret = self.ldb.search(base=basedn, scope=SCOPE_SUBTREE,
+                              expression='(&(objectclass=subnet)(cn=%s))' % cidr)
+
+        self.assertEqual(len(ret), 1, ('Subnet %s destroyed or renamed '
+                                       'by non-admin' % cidr))
+
+        ret = self.ldb.search(base=basedn, scope=SCOPE_SUBTREE,
+                              expression=('(&(objectclass=subnet)(cn=%s))'
+                                          % new_cidr))
+
+        self.assertEqual(len(ret), 0,
+                         'New subnet %s created by non-admin' % cidr)
+
+        try:
+            subnets.delete_subnet(non_admin_ldb, basedn, cidr)
+        except LdbError as e:
+            self.assertEqual(e.args[0], ERR_INSUFFICIENT_ACCESS_RIGHTS,
+                             ("subnet delete by non-admin failed "
+                              "in the wrong way: %s" % e))
+        else:
+            self.fail("subnet delete by non-admin succeeded:")
+
+        ret = self.ldb.search(base=basedn, scope=SCOPE_SUBTREE,
+                              expression='(&(objectclass=subnet)(cn=%s))' % cidr)
+
+        self.assertEqual(len(ret), 1, 'Subnet %s deleted non-admin' % cidr)
+
+        subnets.delete_subnet(self.ldb, basedn, cidr)
+
+    def test_create_good_subnet_other_user(self):
+        """Make sure that we can't create subnets when we aren't admin."""
+        basedn = self.ldb.get_config_basedn()
+        cidr = "10.16.0.0/24"
+        user, non_admin_ldb = self.get_user_and_ldb("notadmin", "samba123@")
+        try:
+            subnets.create_subnet(non_admin_ldb, basedn, cidr, self.sitename)
+        except LdbError as e:
+            self.assertEqual(e.args[0], ERR_INSUFFICIENT_ACCESS_RIGHTS,
+                             ("subnet create by non-admin failed "
+                              "in the wrong way: %s" % e))
+        else:
+            subnets.delete_subnet(self.ldb, basedn, cidr)
+            self.fail("subnet create by non-admin succeeded: %s")
+
+        ret = self.ldb.search(base=basedn, scope=SCOPE_SUBTREE,
+                              expression='(&(objectclass=subnet)(cn=%s))' % cidr)
+
+        self.assertEqual(len(ret), 0, 'New subnet %s created by non-admin' % cidr)
+
+    def test_rename_good_subnet_to_good_subnet(self):
+        """Make sure that we can rename subnets"""
+        basedn = self.ldb.get_config_basedn()
+        cidr = "10.16.0.0/24"
+        new_cidr = "10.16.1.0/24"
+
+        subnets.create_subnet(self.ldb, basedn, cidr, self.sitename)
+
+        subnets.rename_subnet(self.ldb, basedn, cidr, new_cidr)
+
+        ret = self.ldb.search(base=basedn, scope=SCOPE_SUBTREE,
+                              expression='(&(objectclass=subnet)(cn=%s))' % new_cidr)
+
+        self.assertEqual(len(ret), 1, 'Failed to rename subnet %s' % cidr)
+
+        ret = self.ldb.search(base=basedn, scope=SCOPE_SUBTREE,
+                              expression='(&(objectclass=subnet)(cn=%s))' % cidr)
+
+        self.assertEqual(len(ret), 0, 'Failed to remove old subnet during rename %s' % cidr)
+
+        subnets.delete_subnet(self.ldb, basedn, new_cidr)
+
+    def test_rename_good_subnet_to_bad_subnet(self):
+        """Make sure that the CIDR checking runs during rename"""
+        basedn = self.ldb.get_config_basedn()
+        cidr = "10.17.0.0/24"
+        bad_cidr = "10.11.12.0/14"
+
+        subnets.create_subnet(self.ldb, basedn, cidr, self.sitename)
+
+        self.assertRaises(subnets.SubnetInvalid, subnets.rename_subnet,
+                          self.ldb, basedn, cidr, bad_cidr)
+
+        ret = self.ldb.search(base=basedn, scope=SCOPE_SUBTREE,
+                              expression='(&(objectclass=subnet)(cn=%s))' % bad_cidr)
+
+        self.assertEqual(len(ret), 0, 'Failed to rename subnet %s' % cidr)
+
+        ret = self.ldb.search(base=basedn, scope=SCOPE_SUBTREE,
+                              expression='(&(objectclass=subnet)(cn=%s))' % cidr)
+
+        self.assertEqual(len(ret), 1, 'Failed to remove old subnet during rename %s' % cidr)
+
+        subnets.delete_subnet(self.ldb, basedn, cidr)
+
+    def test_create_bad_ranges(self):
+        """These CIDR ranges all have something wrong with them, and they
+        should all fail."""
+        basedn = self.ldb.get_config_basedn()
+
+        cidrs = [
+            # IPv4
+            # insufficient zeros
+            "10.11.12.0/14",
+            "110.0.0.0/6",
+            "1.0.0.0/0",
+            "10.11.13.1/24",
+            "1.2.3.4/29",
+            "10.11.12.0/21",
+            # out of range mask
+            "110.0.0.0/33",
+            "110.0.0.0/-1",
+            "4.0.0.0/111",
+            # out of range address
+            "310.0.0.0/24",
+            "10.0.0.256/32",
+            "1.1.-20.0/24",
+            # badly formed
+            "1.0.0.0/1e",
+            "1.0.0.0/24.0",
+            "1.0.0.0/1/1",
+            "1.0.0.0",
+            "1.c.0.0/24",
+            "1.2.0.0.0/27",
+            "1.23.0/24",
+            "1.23.0.-7/24",
+            "1.-23.0.7/24",
+            "1.23.-0.7/24",
+            "1.23.0.0/0x10",
+            # IPv6 insufficient zeros -- this could be a subtle one
+            # due to the vagaries of endianness in the 16 bit groups.
+            "aaaa:bbbb:cccc:dddd:eeee:ffff:2222:1100/119",
+            "aaaa:bbbb::/31",
+            "a:b::/31",
+            "c000::/1",
+            "a::b00/119",
+            "1::1/127",
+            "1::2/126",
+            "1::100/119",
+            "1::8000/112",
+            # out of range mask
+            "a:b::/130",
+            "a:b::/-1",
+            "::/129",
+            # An IPv4 address can't be exactly the bitmask (MS ADTS)
+            "128.0.0.0/1",
+            "192.0.0.0/2",
+            "255.192.0.0/10",
+            "255.255.255.0/24",
+            "255.255.255.255/32",
+            "0.0.0.0/0",
+            # The address can't have leading zeros (not RFC 4632, but MS ADTS)
+            "00.1.2.0/24",
+            "003.1.2.0/24",
+            "022.1.0.0/16",
+            "00000000000000000000000003.1.2.0/24",
+            "09876::abfc/126",
+            "0aaaa:bbbb::/32",
+            "009876::abfc/126",
+            "000a:bbbb::/32",
+
+            # How about extraneous zeros later on
+            "3.01.2.0/24",
+            "3.1.2.00/24",
+            "22.001.0.0/16",
+            "3.01.02.0/24",
+            "100a:0bbb:0023::/48",
+            "100a::0023/128",
+
+            # Windows doesn't like the zero IPv4 address
+            "0.0.0.0/8",
+            # or the zero mask on IPv6
+            "::/0",
+
+            # various violations of RFC5952
+            "0:0:0:0:0:0:0:0/8",
+            "0::0/0",
+            "::0:0/48",
+            "::0:4/128",
+            "0::/8",
+            "0::4f/128",
+            "0::42:0:0:0:0/64",
+            "4f::0/48",
+
+            # badly formed -- mostly the wrong arrangement of colons
+            "a::b::0/120",
+            "a::abcdf:0/120",
+            "a::g:0/120",
+            "::0::3/48",
+            "2001:3::110::3/118",
+            "aaaa:bbbb:cccc:dddd:eeee:ffff:2222:1111:0000/128",
+            "a:::5:0/120",
+
+            # non-canonical representations (vs RFC 5952)
+            # "2001:0:c633:63::1:0/120"  is correct
+            "2001:0:c633:63:0:0:1:0/120",
+            "2001::c633:63:0:0:1:0/120",
+            "2001:0:c633:63:0:0:1::/120",
+
+            # "10:0:0:42::/64" is correct
+            "10::42:0:0:0:0/64",
+            "10:0:0:42:0:0:0:0/64",
+
+            # "1::4:5:0:0:8/127" is correct
+            "1:0:0:4:5:0:0:8/127",
+            "1:0:0:4:5::8/127",
+
+            # "2001:db8:0:1:1:1:1:1/128" is correct
+            "2001:db8::1:1:1:1:1/128",
+
+            # IP4 embedded - rejected
+            "a::10.0.0.0/120",
+            "a::10.9.8.7/128",
+
+            # The next ones tinker indirectly with IPv4 embedding,
+            # where Windows has some odd behaviour.
+            #
+            # Samba's libreplace inet_ntop6 expects IPv4 embedding
+            # with addresses in these forms:
+            #
+            #     ::wx:yz
+            #     ::FFFF:wx:yz
+            #
+            # these will be stringified with trailing dottted decimal, thus:
+            #
+            #     ::w.x.y.z
+            #     ::ffff:w.x.y.z
+            #
+            # and this will cause the address to be rejected by Samba,
+            # because it uses a inet_pton / inet_ntop round trip to
+            # ascertain correctness.
+
+            "::ffff:0:0/96",  # this one fails on WIN2012r2
+            "::ffff:aaaa:a000/120",
+            "::ffff:10:0/120",
+            "::ffff:2:300/120",
+            "::3:0/120",
+            "::2:30/124",
+            "::ffff:2:30/124",
+
+            # completely wrong
+            None,
+            "bob",
+            3.1415,
+            False,
+            "10.11.16.0/24\x00hidden bytes past a zero",
+            self,
+        ]
+
+        failures = []
+        for cidr in cidrs:
+            try:
+                subnets.create_subnet(self.ldb, basedn, cidr, self.sitename)
+            except subnets.SubnetInvalid:
+                print("%s fails properly" % (cidr,), file=sys.stderr)
+                continue
+
+            # we are here because it succeeded when it shouldn't have.
+            print("CIDR %s fails to fail" % (cidr,), file=sys.stderr)
+            failures.append(cidr)
+            subnets.delete_subnet(self.ldb, basedn, cidr)
+
+        if failures:
+            print("These bad subnet names were accepted:")
+            for cidr in failures:
+                print("    %s" % cidr)
+            self.fail()
+
+    def test_create_good_ranges(self):
+        """All of these CIDRs are good, and the subnet creation should
+        succeed."""
+        basedn = self.ldb.get_config_basedn()
+
+        cidrs = [
+            # IPv4
+            "10.11.12.0/24",
+            "10.11.12.0/23",
+            "10.11.12.0/25",
+            "110.0.0.0/7",
+            "1.0.0.0/32",
+            "10.11.13.0/32",
+            "10.11.13.1/32",
+            "99.0.97.0/24",
+            "1.2.3.4/30",
+            "10.11.12.0/22",
+            "0.12.13.0/24",
+            # IPv6
+            "aaaa:bbbb:cccc:dddd:eeee:ffff:2222:1100/120",
+            "aaaa:bbbb:cccc:dddd:eeee:ffff:2222:11f0/124",
+            "aaaa:bbbb:cccc:dddd:eeee:ffff:2222:11fc/126",
+            # don't forget upper case
+            "FFFF:FFFF:FFFF:FFFF:ABCD:EfFF:FFFF:FFeF/128",
+            "9876::ab00/120",
+            "9876::abf0/124",
+            "9876::abfc/126",
+            "aaaa:bbbb::/32",
+            "aaaa:bbba::/31",
+            "aaaa:ba00::/23",
+            "aaaa:bb00::/24",
+            "aaaa:bb00::/77",
+            "::/48",
+            "a:b::/32",
+            "c000::/2",
+            "a::b00/120",
+            "1::2/127",
+            # this pattern of address suffix == mask is forbidden with
+            # IPv4 but OK for IPv6.
+            "8000::/1",
+            "c000::/2",
+            "ffff:ffff:ffc0::/42",
+            "FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF/128",
+            # leading zeros are forbidden, but implicit IPv6 zeros
+            # (via "::") are OK.
+            "::1000/116",
+            "::8000/113",
+            # taken to the logical conclusion, "::/0" should be OK, but no.
+            "::/48",
+
+            # Try some reserved ranges, which it might be reasonable
+            # to exclude, but which are not excluded in practice.
+            "129.0.0.0/16",
+            "129.255.0.0/16",
+            "100.64.0.0/10",
+            "127.0.0.0/8",
+            "127.0.0.0/24",
+            "169.254.0.0/16",
+            "169.254.1.0/24",
+            "192.0.0.0/24",
+            "192.0.2.0/24",
+            "198.18.0.0/15",
+            "198.51.100.0/24",
+            "203.0.113.0/24",
+            "224.0.0.0/4",
+            "130.129.0.0/16",
+            "130.255.0.0/16",
+            "192.12.0.0/24",
+            "223.255.255.0/24",
+            "240.255.255.0/24",
+            "224.0.0.0/8",
+            "::/96",
+            "100::/64",
+            "2001:10::/28",
+            "fec0::/10",
+            "ff00::/8",
+            "::1/128",
+            "2001:db8::/32",
+            "2001:10::/28",
+            "2002::/24",
+            "2002:a00::/24",
+            "2002:7f00::/24",
+            "2002:a9fe::/32",
+            "2002:ac10::/28",
+            "2002:c000::/40",
+            "2002:c000:200::/40",
+            "2002:c0a8::/32",
+            "2002:c612::/31",
+            "2002:c633:6400::/40",
+            "2002:cb00:7100::/40",
+            "2002:e000::/20",
+            "2002:f000::/20",
+            "2002:ffff:ffff::/48",
+            "2001::/40",
+            "2001:0:a00::/40",
+            "2001:0:7f00::/40",
+            "2001:0:a9fe::/48",
+            "2001:0:ac10::/44",
+            "2001:0:c000::/56",
+            "2001:0:c000:200::/56",
+            "2001:0:c0a8::/48",
+            "2001:0:c612::/47",
+            "2001:0:c633:6400::/56",
+            "2001:0:cb00:7100::/56",
+            "2001:0:e000::/36",
+            "2001:0:f000::/36",
+            "2001:0:ffff:ffff::/64",
+
+            # non-RFC-5952 versions of these are tested in create_bad_ranges
+            "2001:0:c633:63::1:0/120",
+            "10:0:0:42::/64",
+            "1::4:5:0:0:8/127",
+            "2001:db8:0:1:1:1:1:1/128",
+
+            # The "well-known prefix" 64::ff9b is another IPv4
+            # embedding scheme. Let's try that.
+            "64:ff9b::aaaa:aaaa/127",
+            "64:ff9b::/120",
+            "64:ff9b::ffff:2:3/128",
+        ]
+        failures = []
+
+        for cidr in cidrs:
+            try:
+                subnets.create_subnet(self.ldb, basedn, cidr, self.sitename)
+            except subnets.SubnetInvalid as e:
+                print(e)
+                failures.append(cidr)
+                continue
+
+            ret = self.ldb.search(base=basedn, scope=SCOPE_SUBTREE,
+                                  expression=('(&(objectclass=subnet)(cn=%s))' %
+                                              cidr))
+
+            if len(ret) != 1:
+                print("%s was not created" % cidr)
+                failures.append(cidr)
+                continue
+            subnets.delete_subnet(self.ldb, basedn, cidr)
+
+        if failures:
+            print("These good subnet names were not accepted:")
+            for cidr in failures:
+                print("    %s" % cidr)
+            self.fail()
+
+
+TestProgram(module=__name__, opts=subunitopts)
diff --git a/source4/dsdb/tests/python/sort.py b/source4/dsdb/tests/python/sort.py
new file mode 100644
index 0000000..8c5ba4e
--- /dev/null
+++ b/source4/dsdb/tests/python/sort.py
@@ -0,0 +1,379 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+# Originally based on ./sam.py
+from unicodedata import normalize
+import locale
+locale.setlocale(locale.LC_ALL, ('en_US', 'UTF-8'))
+
+import optparse
+import sys
+import os
+import re
+
+sys.path.insert(0, "bin/python")
+import samba
+from samba.tests.subunitrun import SubunitOptions
+from samba.common import cmp
+from functools import cmp_to_key
+import samba.getopt as options
+
+from samba.auth import system_session
+import ldb
+from samba.samdb import SamDB
+
+parser = optparse.OptionParser("sort.py [options] <host>")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+subunitopts = SubunitOptions(parser)
+parser.add_option_group(subunitopts)
+
+parser.add_option('--elements', type='int', default=33,
+                  help="use this many elements in the tests")
+
+opts, args = parser.parse_args()
+
+if len(args) < 1:
+    parser.print_usage()
+    sys.exit(1)
+
+datadir = os.getenv("DATA_DIR", None)
+if not datadir:
+    print("Please specify the location of the sort expected results with env variable DATA_DIR")
+    sys.exit(1)
+
+host = os.getenv("SERVER", None)
+if not host:
+    print("Please specify the host with env variable SERVER")
+    sys.exit(1)
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+
+
+def norm(x):
+    if not isinstance(x, str):
+        x = x.decode('utf8')
+    return normalize('NFKC', x).upper()
+
+
+# Python, Windows, and Samba all sort the following sequence in
+# drastically different ways. The order here is what you get from
+# Windows2012R2.
+FIENDISH_TESTS = [' ', ' e', '\t-\t', '\n\t\t', '!@#!@#!', '¼', '¹', '1',
+                  '1/4', '1�4', '1\xe2\x81\x845', '3', 'abc', 'fo\x00od',
+
+                  # Here we also had '\x00food', but that seems to sort
+                  # non-deterministically on Windows vis-a-vis 'fo\x00od'.
+
+                  'k�kako', 'ŋđ¼³ŧ “«đð', 'ŋđ¼³ŧ“«đð',
+                  'ｓorttest', 'sorttēst11,', 'śorttest2', 'śoRttest2',
+                  'ś-o-r-t-t-e-s-t-2', 'soRTTēst2,', 'ṡorttest4', 'ṡorttesT4',
+                  'sörttest-5', 'sÖrttest-5', 'so-rttest7,', '桑巴']
+
+
+class BaseSortTests(samba.tests.TestCase):
+    avoid_tricky_sort = False
+    maxDiff = 2000
+
+    def create_user(self, i, n, prefix='sorttest', suffix='', attrs=None,
+                    tricky=False):
+        name = "%s%d%s" % (prefix, i, suffix)
+        user = {
+            'cn': name,
+            "objectclass": "user",
+            'givenName': "abcdefghijklmnopqrstuvwxyz"[i % 26],
+            "roomNumber": "%sb\x00c" % (n - i),
+            # with python3 re.sub(r'[^\w,.]', repl, string) doesn't
+            # work as expected with unicode as value for carLicense
+            "carLicense": "XXXXXXXXX" if self.avoid_tricky_sort else "���",
+            "employeeNumber": "%s%sx" % (abs(i * (99 - i)), '\n' * (i & 255)),
+            "accountExpires": "%s" % (10 ** 9 + 1000000 * i),
+            "msTSExpireDate4": "19%02d0101010000.0Z" % (i % 100),
+            "flags": str(i * (n - i)),
+            "serialNumber": "abc %s%s%s" % ('AaBb |-/'[i & 7],
+                                            ' 3z}'[i & 3],
+                                            '"@'[i & 1],),
+            "comment": "Favourite colour is %d" % (n % (i + 1)),
+        }
+
+        if self.avoid_tricky_sort:
+            # We are not even going to try passing tests that assume
+            # some kind of Unicode awareness.
+            for k, v in user.items():
+                user[k] = re.sub(r'[^\w,.]', 'X', v)
+        else:
+            # Add some even trickier ones!
+            fiendish_index = i % len(FIENDISH_TESTS)
+            user.update({
+                # Sort doesn't look past a NUL byte.
+                "photo": "\x00%d" % (n - i),
+                "audio": "%sn octet string %s%s ♫♬\x00lalala" % ('Aa'[i & 1],
+                                                                 chr(i & 255),
+                                                                 i),
+                "displayNamePrintable": "%d\x00%c" % (i, i & 255),
+                "adminDisplayName": "%d\x00b" % (n - i),
+                "title": "%d%sb" % (n - i, '\x00' * i),
+
+                # Names that vary only in case. Windows returns
+                # equivalent addresses in the order they were put
+                # in ('a st', 'A st',...). We don't check that.
+                "street": "%s st" % (chr(65 | (i & 14) | ((i & 1) * 32))),
+
+                "streetAddress": FIENDISH_TESTS[fiendish_index],
+                "postalAddress": FIENDISH_TESTS[-fiendish_index],
+            })
+
+        if attrs is not None:
+            user.update(attrs)
+
+        user['dn'] = "cn=%s,%s" % (user['cn'], self.ou)
+
+        self.users.append(user)
+        self.ldb.add(user)
+        return user
+
+    def setUp(self):
+        super(BaseSortTests, self).setUp()
+        self.ldb = SamDB(host, credentials=creds,
+                         session_info=system_session(lp), lp=lp)
+
+        self.base_dn = self.ldb.domain_dn()
+        self.ou = "ou=sort,%s" % self.base_dn
+        if False:
+            try:
+                self.ldb.delete(self.ou, ['tree_delete:1'])
+            except ldb.LdbError as e:
+                print("tried deleting %s, got error %s" % (self.ou, e))
+
+        self.ldb.add({
+            "dn": self.ou,
+            "objectclass": "organizationalUnit"})
+        self.users = []
+        n = opts.elements
+        for i in range(n):
+            self.create_user(i, n)
+
+        attrs = set(self.users[0].keys()) - set([
+            'objectclass', 'dn'])
+        self.binary_sorted_keys = attrs.intersection(['audio',
+                                                      'photo',
+                                                      "msTSExpireDate4",
+                                                      'serialNumber',
+                                                      "displayNamePrintable"])
+
+        self.numeric_sorted_keys = attrs.intersection(['flags',
+                                                       'accountExpires'])
+
+        self.timestamp_keys = attrs.intersection(['msTSExpireDate4'])
+
+        self.int64_keys = set(['accountExpires'])
+
+        self.locale_sorted_keys = [x for x in attrs if
+                                   x not in (self.binary_sorted_keys |
+                                             self.numeric_sorted_keys)]
+
+        self.expected_results = {}
+        self.expected_results_binary = {}
+
+        for k in self.binary_sorted_keys:
+            forward = sorted((x[k] for x in self.users))
+            reverse = list(reversed(forward))
+            self.expected_results_binary[k] = (forward, reverse)
+
+        # FYI: Expected result data was generated from the old
+        # code that was manually sorting (while executing with
+        # python2)
+        # The resulting data was injected into the data file with
+        # code similar to:
+        #
+        # for k in self.expected_results:
+        #     f.write("%s = %s\n" % (k,  repr(self.expected_results[k][0])))
+
+        f = open(self.results_file, "r")
+        for line in f:
+            if len(line.split('=', 1)) == 2:
+                key = line.split('=', 1)[0].strip()
+                value = line.split('=', 1)[1].strip()
+                if value.startswith('['):
+                    import ast
+                    fwd_list = ast.literal_eval(value)
+                    rev_list = list(reversed(fwd_list))
+                    self.expected_results[key] = (fwd_list, rev_list)
+        f.close()
+    def tearDown(self):
+        super(BaseSortTests, self).tearDown()
+        self.ldb.delete(self.ou, ['tree_delete:1'])
+
+    def _test_server_sort_default(self):
+        attrs = self.locale_sorted_keys
+
+        for attr in attrs:
+            for rev in (0, 1):
+                res = self.ldb.search(self.ou,
+                                      scope=ldb.SCOPE_ONELEVEL, attrs=[attr],
+                                      controls=["server_sort:1:%d:%s" %
+                                                (rev, attr)])
+                self.assertEqual(len(res), len(self.users))
+
+                expected_order = self.expected_results[attr][rev]
+                received_order = [norm(x[attr][0]) for x in res]
+                if expected_order != received_order:
+                    print(attr, ['forward', 'reverse'][rev])
+                    print("expected", expected_order)
+                    print("received", received_order)
+                    print("unnormalised:", [x[attr][0] for x in res])
+                    print("unnormalised: «%s»" % '»  «'.join(str(x[attr][0])
+                                                             for x in res))
+                self.assertEqual(expected_order, received_order)
+
+    def _test_server_sort_binary(self):
+        for attr in self.binary_sorted_keys:
+            for rev in (0, 1):
+                res = self.ldb.search(self.ou,
+                                      scope=ldb.SCOPE_ONELEVEL, attrs=[attr],
+                                      controls=["server_sort:1:%d:%s" %
+                                                (rev, attr)])
+
+                self.assertEqual(len(res), len(self.users))
+                expected_order = self.expected_results_binary[attr][rev]
+                received_order = [str(x[attr][0]) for x in res]
+                if expected_order != received_order:
+                    print(attr)
+                    print(expected_order)
+                    print(received_order)
+                self.assertEqual(expected_order, received_order)
+
+    def _test_server_sort_us_english(self):
+        # Windows doesn't support many matching rules, but does allow
+        # the locale specific sorts -- if it has the locale installed.
+        # The most reliable locale is the default US English, which
+        # won't change the sort order.
+
+        for lang, oid in [('en_US', '1.2.840.113556.1.4.1499'),
+                          ]:
+
+            for attr in self.locale_sorted_keys:
+                for rev in (0, 1):
+                    res = self.ldb.search(self.ou,
+                                          scope=ldb.SCOPE_ONELEVEL,
+                                          attrs=[attr],
+                                          controls=["server_sort:1:%d:%s:%s" %
+                                                    (rev, attr, oid)])
+
+                    self.assertTrue(len(res) == len(self.users))
+                    expected_order = self.expected_results[attr][rev]
+                    received_order = [norm(x[attr][0]) for x in res]
+                    if expected_order != received_order:
+                        print(attr, lang)
+                        print(['forward', 'reverse'][rev])
+                        print("expected: ", expected_order)
+                        print("received: ", received_order)
+                        print("unnormalised:", [x[attr][0] for x in res])
+                        print("unnormalised: «%s»" % '»  «'.join(str(x[attr][0])
+                                                                 for x in res))
+
+                    self.assertEqual(expected_order, received_order)
+
+    def _test_server_sort_different_attr(self):
+
+        def cmp_locale(a, b):
+            return locale.strcoll(a[0], b[0])
+
+        def cmp_binary(a, b):
+            return cmp(a[0], b[0])
+
+        def cmp_numeric(a, b):
+            return cmp(int(a[0]), int(b[0]))
+
+        # For testing simplicity, the attributes in here need to be
+        # unique for each user. Otherwise there are multiple possible
+        # valid answers.
+        sort_functions = {'cn': cmp_binary,
+                          "employeeNumber": cmp_locale,
+                          "accountExpires": cmp_numeric,
+                          "msTSExpireDate4": cmp_binary}
+        attrs = list(sort_functions.keys())
+        attr_pairs = zip(attrs, attrs[1:] + attrs[:1])
+
+        for sort_attr, result_attr in attr_pairs:
+            forward = sorted(((norm(x[sort_attr]), norm(x[result_attr]))
+                             for x in self.users),
+                             key=cmp_to_key(sort_functions[sort_attr]))
+            reverse = list(reversed(forward))
+
+            for rev in (0, 1):
+                res = self.ldb.search(self.ou,
+                                      scope=ldb.SCOPE_ONELEVEL,
+                                      attrs=[result_attr],
+                                      controls=["server_sort:1:%d:%s" %
+                                                (rev, sort_attr)])
+                self.assertEqual(len(res), len(self.users))
+                pairs = (forward, reverse)[rev]
+
+                expected_order = [x[1] for x in pairs]
+                received_order = [norm(x[result_attr][0]) for x in res]
+
+                if expected_order != received_order:
+                    print(sort_attr, result_attr, ['forward', 'reverse'][rev])
+                    print("expected", expected_order)
+                    print("received", received_order)
+                    print("unnormalised:", [x[result_attr][0] for x in res])
+                    print("unnormalised: «%s»" % '»  «'.join(str(x[result_attr][0])
+                                                             for x in res))
+                    print("pairs:", pairs)
+                    # There are bugs in Windows that we don't want (or
+                    # know how) to replicate regarding timestamp sorting.
+                    # Let's remind ourselves.
+                    if result_attr == "msTSExpireDate4":
+                        print('-' * 72)
+                        print("This test fails against Windows with the "
+                              "default number of elements (33).")
+                        print("Try with --elements=27 (or similar).")
+                        print('-' * 72)
+
+                self.assertEqual(expected_order, received_order)
+                for x in res:
+                    if sort_attr in x:
+                        self.fail('the search for %s should not return %s' %
+                                  (result_attr, sort_attr))
+
+
+class SimpleSortTests(BaseSortTests):
+    avoid_tricky_sort = True
+    results_file = os.path.join(datadir, "simplesort.expected")
+    def test_server_sort_different_attr(self):
+        self._test_server_sort_different_attr()
+
+    def test_server_sort_default(self):
+        self._test_server_sort_default()
+
+    def test_server_sort_binary(self):
+        self._test_server_sort_binary()
+
+    def test_server_sort_us_english(self):
+        self._test_server_sort_us_english()
+
+
+class UnicodeSortTests(BaseSortTests):
+    avoid_tricky_sort = False
+    results_file = os.path.join(datadir, "unicodesort.expected")
+
+    def test_server_sort_default(self):
+        self._test_server_sort_default()
+
+    def test_server_sort_us_english(self):
+        self._test_server_sort_us_english()
+
+    def test_server_sort_different_attr(self):
+        self._test_server_sort_different_attr()
+
+
+if "://" not in host:
+    if os.path.isfile(host):
+        host = "tdb://%s" % host
+    else:
+        host = "ldap://%s" % host
diff --git a/source4/dsdb/tests/python/subtree_rename.py b/source4/dsdb/tests/python/subtree_rename.py
new file mode 100644
index 0000000..2828fe5
--- /dev/null
+++ b/source4/dsdb/tests/python/subtree_rename.py
@@ -0,0 +1,422 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+# Originally based on ./sam.py
+import optparse
+import sys
+import os
+from time import time
+from binascii import hexlify
+
+sys.path.insert(0, "bin/python")
+import samba
+from samba.tests.subunitrun import SubunitOptions, TestProgram
+
+import samba.getopt as options
+
+from samba.auth import system_session
+import ldb
+from samba.samdb import SamDB
+from samba.dcerpc import misc
+from samba import colour
+
+parser = optparse.OptionParser("subtree_rename.py [options] <host>")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+subunitopts = SubunitOptions(parser)
+parser.add_option_group(subunitopts)
+
+parser.add_option('--delete-in-setup', action='store_true',
+                  help="cleanup in setup")
+
+parser.add_option('--no-cleanup', action='store_true',
+                  help="don't cleanup in teardown")
+
+opts, args = parser.parse_args()
+
+if len(args) < 1:
+    parser.print_usage()
+    sys.exit(1)
+
+host = args[0]
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+
+
+def debug(*args, **kwargs):
+    kwargs['file'] = sys.stderr
+    print(*args, **kwargs)
+
+
+class SubtreeRenameTestException(Exception):
+    pass
+
+
+class SubtreeRenameTests(samba.tests.TestCase):
+
+    def delete_ous(self):
+        for ou in (self.ou1, self.ou2, self.ou3):
+            try:
+                self.samdb.delete(ou, ['tree_delete:1'])
+            except ldb.LdbError as e:
+                pass
+
+    def setUp(self):
+        super(SubtreeRenameTests, self).setUp()
+        self.samdb = SamDB(host, credentials=creds,
+                           session_info=system_session(lp), lp=lp)
+
+        self.base_dn = self.samdb.domain_dn()
+        self.ou1 = "OU=subtree1,%s" % self.base_dn
+        self.ou2 = "OU=subtree2,%s" % self.base_dn
+        self.ou3 = "OU=subtree3,%s" % self.base_dn
+        if opts.delete_in_setup:
+            self.delete_ous()
+        self.samdb.add({'objectclass': 'organizationalUnit',
+                        'dn': self.ou1})
+        self.samdb.add({'objectclass': 'organizationalUnit',
+                        'dn': self.ou2})
+
+        debug(colour.c_REV_RED(self.id()))
+
+    def tearDown(self):
+        super(SubtreeRenameTests, self).tearDown()
+        if not opts.no_cleanup:
+            self.delete_ous()
+
+    def add_object(self, cn, objectclass, ou=None, more_attrs=None):
+        if more_attrs is None:
+            more_attrs = {}
+
+        dn = "CN=%s,%s" % (cn, ou)
+        attrs = {'cn': cn,
+                 'objectclass': objectclass,
+                 'dn': dn}
+        attrs.update(more_attrs)
+        self.samdb.add(attrs)
+
+        return dn
+
+    def add_objects(self, n, objectclass, prefix=None, ou=None, more_attrs=None):
+        if more_attrs is None:
+            more_attrs = {}
+
+        if prefix is None:
+            prefix = objectclass
+        dns = []
+        for i in range(n):
+            dns.append(self.add_object("%s%d" % (prefix, i + 1),
+                                       objectclass,
+                                       more_attrs=more_attrs,
+                                       ou=ou))
+        return dns
+
+    def add_linked_attribute(self, src, dest, attr='member',
+                             controls=None):
+        m = ldb.Message()
+        m.dn = ldb.Dn(self.samdb, src)
+        m[attr] = ldb.MessageElement(dest, ldb.FLAG_MOD_ADD, attr)
+        self.samdb.modify(m, controls=controls)
+
+    def remove_linked_attribute(self, src, dest, attr='member',
+                                controls=None):
+        m = ldb.Message()
+        m.dn = ldb.Dn(self.samdb, src)
+        m[attr] = ldb.MessageElement(dest, ldb.FLAG_MOD_DELETE, attr)
+        self.samdb.modify(m, controls=controls)
+
+    def add_binary_link(self, src, dest, binary,
+                        attr='msDS-RevealedUsers',
+                        controls=None):
+        b = hexlify(str(binary).encode('utf-8')).decode('utf-8').upper()
+        dest = 'B:%d:%s:%s' % (len(b), b, dest)
+        self.add_linked_attribute(src, dest, attr, controls)
+        return dest
+
+    def remove_binary_link(self, src, dest, binary,
+                           attr='msDS-RevealedUsers',
+                           controls=None):
+        b = str(binary).encode('utf-8')
+        dest = 'B:%s:%s' % (hexlify(b), dest)
+        self.remove_linked_attribute(src, dest, attr, controls)
+
+    def replace_linked_attribute(self, src, dest, attr='member',
+                                 controls=None):
+        m = ldb.Message()
+        m.dn = ldb.Dn(self.samdb, src)
+        m[attr] = ldb.MessageElement(dest, ldb.FLAG_MOD_REPLACE, attr)
+        self.samdb.modify(m, controls=controls)
+
+    def attr_search(self, obj, attr, scope=ldb.SCOPE_BASE, **controls):
+
+        controls = ['%s:%d' % (k, int(v)) for k, v in controls.items()]
+
+        res = self.samdb.search(obj,
+                                scope=scope,
+                                attrs=[attr],
+                                controls=controls)
+        return res
+
+    def assert_links(self, obj, expected, attr, msg='', **kwargs):
+        res = self.attr_search(obj, attr, **kwargs)
+
+        if len(expected) == 0:
+            if attr in res[0]:
+                self.fail("found attr '%s' in %s" % (attr, res[0]))
+            return
+
+        try:
+            results = [str(x) for x in res[0][attr]]
+        except KeyError:
+            self.fail("missing attr '%s' on %s" % (attr, obj))
+
+        expected = sorted(expected)
+        results = sorted(results)
+
+        if expected != results:
+            debug(msg)
+            debug("expected %s" % expected)
+            debug("received %s" % results)
+            debug("missing    %s" % (sorted(set(expected) - set(results))))
+            debug("unexpected %s" % (sorted(set(results) - set(expected))))
+
+
+        self.assertEqual(results, expected)
+
+    def assert_back_links(self, obj, expected, attr='memberOf', **kwargs):
+        self.assert_links(obj, expected, attr=attr,
+                          msg='%s back links do not match for %s' %
+                          (attr, obj),
+                          **kwargs)
+
+    def assert_forward_links(self, obj, expected, attr='member', **kwargs):
+        self.assert_links(obj, expected, attr=attr,
+                          msg='%s forward links do not match for %s' %
+                          (attr, obj),
+                          **kwargs)
+
+    def get_object_guid(self, dn):
+        res = self.samdb.search(dn,
+                                scope=ldb.SCOPE_BASE,
+                                attrs=['objectGUID'])
+        return str(misc.GUID(res[0]['objectGUID'][0]))
+
+    def test_la_move_ou_tree(self):
+        tag = 'move_tree'
+
+        u1, u2 = self.add_objects(2, 'user', '%s_u_' % tag, ou=self.ou1)
+        g1, g2 = self.add_objects(2, 'group', '%s_g_' % tag, ou=self.ou1)
+        c1, c2, c3 = self.add_objects(3, 'computer',
+                                      '%s_c_' % tag,
+                                      ou=self.ou1)
+
+        self.add_linked_attribute(g1, u1)
+        self.add_linked_attribute(g1, g2)
+        self.add_linked_attribute(g2, u1)
+        self.add_linked_attribute(g2, u2)
+        c1u1 = self.add_binary_link(c1, u1, 'a').replace(self.ou1, self.ou3)
+        c2u1 = self.add_binary_link(c2, u1, 'b').replace(self.ou1, self.ou3)
+        c3u1 = self.add_binary_link(c3, u1, 124.543).replace(self.ou1, self.ou3)
+        c1g1 = self.add_binary_link(c1, g1, 'd').replace(self.ou1, self.ou3)
+        c2g2 = self.add_binary_link(c2, g2, 'd').replace(self.ou1, self.ou3)
+        c2c1 = self.add_binary_link(c2, c1, 'd').replace(self.ou1, self.ou3)
+        c1u2 = self.add_binary_link(c1, u2, 'd').replace(self.ou1, self.ou3)
+        c1u1_2 = self.add_binary_link(c1, u1, 'b').replace(self.ou1, self.ou3)
+
+        self.assertRaisesLdbError(20,
+                                  "Attribute msDS-RevealedUsers already exists",
+                                  self.add_binary_link, c1, u2, 'd')
+
+        self.samdb.rename(self.ou1, self.ou3)
+        debug(colour.c_CYAN("rename FINISHED"))
+        u1, u2, g1, g2, c1, c2, c3 = [x.replace(self.ou1, self.ou3)
+                                      for x in (u1, u2, g1, g2, c1, c2, c3)]
+
+        self.samdb.delete(g2, ['tree_delete:1'])
+
+        self.assert_forward_links(g1, [u1])
+        self.assert_back_links(u1, [g1])
+        self.assert_back_links(u2, set())
+        self.assert_forward_links(c1, [c1u1, c1u1_2, c1u2, c1g1],
+                                  attr='msDS-RevealedUsers')
+        self.assert_forward_links(c2, [c2u1, c2c1], attr='msDS-RevealedUsers')
+        self.assert_forward_links(c3, [c3u1], attr='msDS-RevealedUsers')
+        self.assert_back_links(u1, [c1, c1, c2, c3], attr='msDS-RevealedDSAs')
+        self.assert_back_links(u2, [c1], attr='msDS-RevealedDSAs')
+        self.assert_back_links(g1, [c1], attr='msDS-RevealedDSAs')
+        self.assert_back_links(c1, [c2], attr='msDS-RevealedDSAs')
+
+    def test_la_move_ou_groups(self):
+        tag = 'move_groups'
+
+        u1, u2 = self.add_objects(2, 'user', '%s_u_' % tag, ou=self.ou2)
+        g1, g2 = self.add_objects(2, 'group', '%s_g_' % tag, ou=self.ou1)
+        c1, c2, c3 = self.add_objects(3, 'computer',
+                                      '%s_c_' % tag,
+                                      ou=self.ou1)
+
+        self.add_linked_attribute(g1, u1)
+        self.add_linked_attribute(g1, g2)
+        self.add_linked_attribute(g2, u1)
+        self.add_linked_attribute(g2, u2)
+        c1u1 = self.add_binary_link(c1, u1, 'a').replace(self.ou1, self.ou3)
+        c2u1 = self.add_binary_link(c2, u1, 'b').replace(self.ou1, self.ou3)
+        c3u1 = self.add_binary_link(c3, u1, 124.543).replace(self.ou1, self.ou3)
+        c1g1 = self.add_binary_link(c1, g1, 'd').replace(self.ou1, self.ou3)
+        c2g2 = self.add_binary_link(c2, g2, 'd').replace(self.ou1, self.ou3)
+        c2c1 = self.add_binary_link(c2, c1, 'd').replace(self.ou1, self.ou3)
+        c1u2 = self.add_binary_link(c1, u2, 'd').replace(self.ou1, self.ou3)
+        c1u1_2 = self.add_binary_link(c1, u1, 'b').replace(self.ou1, self.ou3)
+
+        self.samdb.rename(self.ou1, self.ou3)
+        debug(colour.c_CYAN("rename FINISHED"))
+        u1, u2, g1, g2, c1, c2, c3 = [x.replace(self.ou1, self.ou3)
+                                      for x in (u1, u2, g1, g2, c1, c2, c3)]
+
+        self.samdb.delete(g2, ['tree_delete:1'])
+
+        self.assert_forward_links(g1, [u1])
+        self.assert_back_links(u1, [g1])
+        self.assert_back_links(u2, set())
+        self.assert_forward_links(c1, [c1u1, c1u1_2, c1u2, c1g1],
+                                  attr='msDS-RevealedUsers')
+        self.assert_forward_links(c2, [c2u1, c2c1], attr='msDS-RevealedUsers')
+        self.assert_forward_links(c3, [c3u1], attr='msDS-RevealedUsers')
+        self.assert_back_links(u1, [c1, c1, c2, c3], attr='msDS-RevealedDSAs')
+        self.assert_back_links(u2, [c1], attr='msDS-RevealedDSAs')
+        self.assert_back_links(g1, [c1], attr='msDS-RevealedDSAs')
+        self.assert_back_links(c1, [c2], attr='msDS-RevealedDSAs')
+
+    def test_la_move_ou_users(self):
+        tag = 'move_users'
+
+        u1, u2 = self.add_objects(2, 'user', '%s_u_' % tag, ou=self.ou1)
+        g1, g2 = self.add_objects(2, 'group', '%s_g_' % tag, ou=self.ou2)
+        c1, c2 = self.add_objects(2, 'computer', '%s_c_' % tag, ou=self.ou1)
+
+        self.add_linked_attribute(g1, u1)
+        self.add_linked_attribute(g1, g2)
+        self.add_linked_attribute(g2, u1)
+        self.add_linked_attribute(g2, u2)
+        c1u1 = self.add_binary_link(c1, u1, 'a').replace(self.ou1, self.ou3)
+        c2u1 = self.add_binary_link(c2, u1, 'b').replace(self.ou1, self.ou3)
+        c1g1 = self.add_binary_link(c1, g1, 'd').replace(self.ou1, self.ou3)
+        c2g2 = self.add_binary_link(c2, g2, 'd').replace(self.ou1, self.ou3)
+        c2c1 = self.add_binary_link(c2, c1, 'd').replace(self.ou1, self.ou3)
+        c1u2 = self.add_binary_link(c1, u2, 'd').replace(self.ou1, self.ou3)
+        c1u1_2 = self.add_binary_link(c1, u1, 'b').replace(self.ou1, self.ou3)
+
+
+        self.samdb.rename(self.ou1, self.ou3)
+        debug(colour.c_CYAN("rename FINISHED"))
+        u1, u2, g1, g2, c1, c2 = [x.replace(self.ou1, self.ou3)
+                                  for x in (u1, u2, g1, g2, c1, c2)]
+
+        self.samdb.delete(g2, ['tree_delete:1'])
+
+        self.assert_forward_links(g1, [u1])
+        self.assert_back_links(u1, [g1])
+        self.assert_back_links(u2, set())
+        self.assert_forward_links(c1, [c1u1, c1u1_2, c1u2, c1g1],
+                                  attr='msDS-RevealedUsers')
+        self.assert_forward_links(c2, [c2u1, c2c1], attr='msDS-RevealedUsers')
+        self.assert_back_links(u1, [c1, c1, c2], attr='msDS-RevealedDSAs')
+        self.assert_back_links(u2, [c1], attr='msDS-RevealedDSAs')
+        self.assert_back_links(g1, [c1], attr='msDS-RevealedDSAs')
+        self.assert_back_links(c1, [c2], attr='msDS-RevealedDSAs')
+
+    def test_la_move_ou_noncomputers(self):
+        """Here we are especially testing the msDS-RevealedDSAs links"""
+        tag = 'move_noncomputers'
+
+        u1, u2 = self.add_objects(2, 'user', '%s_u_' % tag, ou=self.ou1)
+        g1, g2 = self.add_objects(2, 'group', '%s_g_' % tag, ou=self.ou1)
+        c1, c2, c3 = self.add_objects(3, 'computer', '%s_c_' % tag, ou=self.ou2)
+
+        self.add_linked_attribute(g1, u1)
+        self.add_linked_attribute(g1, g2)
+        c1u1 = self.add_binary_link(c1, u1, 'a').replace(self.ou1, self.ou3)
+        c2u1 = self.add_binary_link(c2, u1, 'b').replace(self.ou1, self.ou3)
+        c2u1_2 = self.add_binary_link(c2, u1, 'c').replace(self.ou1, self.ou3)
+        c3u1 = self.add_binary_link(c3, g1, 'b').replace(self.ou1, self.ou3)
+        c1g1 = self.add_binary_link(c1, g1, 'd').replace(self.ou1, self.ou3)
+        c2g2 = self.add_binary_link(c2, g2, 'd').replace(self.ou1, self.ou3)
+        c2c1 = self.add_binary_link(c2, c1, 'd').replace(self.ou1, self.ou3)
+        c1u2 = self.add_binary_link(c1, u2, 'd').replace(self.ou1, self.ou3)
+        c1u1_2 = self.add_binary_link(c1, u1, 'b').replace(self.ou1, self.ou3)
+        c1u1_3 = self.add_binary_link(c1, u1, 'c').replace(self.ou1, self.ou3)
+        c2u1_3 = self.add_binary_link(c2, u1, 'e').replace(self.ou1, self.ou3)
+        c3u2 = self.add_binary_link(c3, u2, 'b').replace(self.ou1, self.ou3)
+
+        self.samdb.rename(self.ou1, self.ou3)
+        debug(colour.c_CYAN("rename FINISHED"))
+        u1, u2, g1, g2, c1, c2, c3 = [x.replace(self.ou1, self.ou3)
+                                      for x in (u1, u2, g1, g2, c1, c2, c3)]
+
+        self.samdb.delete(c3, ['tree_delete:1'])
+
+        self.assert_forward_links(g1, [g2, u1])
+        self.assert_back_links(u1, [g1])
+        self.assert_back_links(u2, [])
+        self.assert_forward_links(c1, [c1u1, c1u1_2, c1u1_3, c1u2, c1g1],
+                                  attr='msDS-RevealedUsers')
+        self.assert_forward_links(c2, [c2u1, c2u1_2, c2u1_3, c2c1, c2g2],
+                                  attr='msDS-RevealedUsers')
+        self.assert_back_links(u1, [c1, c1, c1, c2, c2, c2],
+                               attr='msDS-RevealedDSAs')
+        self.assert_back_links(u2, [c1], attr='msDS-RevealedDSAs')
+        self.assert_back_links(g1, [c1], attr='msDS-RevealedDSAs')
+        self.assert_back_links(c1, [c2], attr='msDS-RevealedDSAs')
+
+    def test_la_move_ou_tree_big(self):
+        tag = 'move_ou_big'
+        USERS, GROUPS, COMPUTERS = 50, 10, 7
+
+        users = self.add_objects(USERS, 'user', '%s_u_' % tag, ou=self.ou1)
+        groups = self.add_objects(GROUPS, 'group', '%s_g_' % tag, ou=self.ou1)
+        computers = self.add_objects(COMPUTERS, 'computer', '%s_c_' % tag,
+                                     ou=self.ou1)
+
+        start = time()
+        for i in range(USERS):
+            u = users[i]
+            for j in range(i % GROUPS):
+                g = groups[j]
+                self.add_linked_attribute(g, u)
+            for j in range(i % COMPUTERS):
+                c = computers[j]
+                self.add_binary_link(c, u, 'a')
+
+        debug("linking took %.3fs" % (time() - start))
+        start = time()
+        self.samdb.rename(self.ou1, self.ou3)
+        debug("rename ou took %.3fs" % (time() - start))
+
+        g1 = groups[0].replace(self.ou1, self.ou3)
+        start = time()
+        self.samdb.rename(g1, g1.replace(self.ou3, self.ou2))
+        debug("rename group took %.3fs" % (time() - start))
+
+        u1 = users[0].replace(self.ou1, self.ou3)
+        start = time()
+        self.samdb.rename(u1, u1.replace(self.ou3, self.ou2))
+        debug("rename user took %.3fs" % (time() - start))
+
+        c1 = computers[0].replace(self.ou1, self.ou3)
+        start = time()
+        self.samdb.rename(c1, c1.replace(self.ou3, self.ou2))
+        debug("rename computer took %.3fs" % (time() - start))
+
+
+if "://" not in host:
+    if os.path.isfile(host):
+        host = "tdb://%s" % host
+    else:
+        host = "ldap://%s" % host
+
+
+TestProgram(module=__name__, opts=subunitopts)
diff --git a/source4/dsdb/tests/python/testdata/modify_order_account_locality_device-non-admin.expected b/source4/dsdb/tests/python/testdata/modify_order_account_locality_device-non-admin.expected
new file mode 100644
index 0000000..572ed5e
--- /dev/null
+++ b/source4/dsdb/tests/python/testdata/modify_order_account_locality_device-non-admin.expected
@@ -0,0 +1,31 @@
+modify_order_account_locality_device-non-admin
+initial attrs:
+         objectclass: 'account'
+                   l: 'a'
+== result ===[  6]=======================
+ERR_INSUFFICIENT_ACCESS_RIGHTS (50)
+-- operations ---------------------------
+     objectclass replace  ['device', 'top']
+               l delete   a
+           owner add      c
+----------------------------------
+     objectclass replace  ['device', 'top']
+           owner add      c
+               l delete   a
+----------------------------------
+               l delete   a
+     objectclass replace  ['device', 'top']
+           owner add      c
+----------------------------------
+               l delete   a
+           owner add      c
+     objectclass replace  ['device', 'top']
+----------------------------------
+           owner add      c
+     objectclass replace  ['device', 'top']
+               l delete   a
+----------------------------------
+           owner add      c
+               l delete   a
+     objectclass replace  ['device', 'top']
+----------------------------------
\ No newline at end of file
diff --git a/source4/dsdb/tests/python/testdata/modify_order_account_locality_device.expected b/source4/dsdb/tests/python/testdata/modify_order_account_locality_device.expected
new file mode 100644
index 0000000..dc5e162
--- /dev/null
+++ b/source4/dsdb/tests/python/testdata/modify_order_account_locality_device.expected
@@ -0,0 +1,34 @@
+modify_order_account_locality_device
+initial attrs:
+         objectclass: 'account'
+                   l: 'a'
+== result ===[  3]=======================
+ERR_CONSTRAINT_VIOLATION (19)
+-- operations ---------------------------
+               l delete   a
+           owner add      c
+     objectclass replace  ['device', 'top']
+----------------------------------
+           owner add      c
+     objectclass replace  ['device', 'top']
+               l delete   a
+----------------------------------
+           owner add      c
+               l delete   a
+     objectclass replace  ['device', 'top']
+----------------------------------
+== result ===[  3]=======================
+ERR_OBJECT_CLASS_VIOLATION (65)
+-- operations ---------------------------
+     objectclass replace  ['device', 'top']
+               l delete   a
+           owner add      c
+----------------------------------
+     objectclass replace  ['device', 'top']
+           owner add      c
+               l delete   a
+----------------------------------
+               l delete   a
+     objectclass replace  ['device', 'top']
+           owner add      c
+----------------------------------
\ No newline at end of file
diff --git a/source4/dsdb/tests/python/testdata/modify_order_container_flags-non-admin.expected b/source4/dsdb/tests/python/testdata/modify_order_container_flags-non-admin.expected
new file mode 100644
index 0000000..9a46588
--- /dev/null
+++ b/source4/dsdb/tests/python/testdata/modify_order_container_flags-non-admin.expected
@@ -0,0 +1,129 @@
+modify_order_container_flags-non-admin
+initial attrs:
+         objectclass: 'container'
+== result ===[ 12]=======================
+ERR_INSUFFICIENT_ACCESS_RIGHTS (50)
+-- operations ---------------------------
+           flags add      0x6
+           flags add      5
+           flags delete   c
+           flags replace  101
+----------------------------------
+           flags add      0x6
+           flags replace  101
+           flags delete   c
+           flags add      5
+----------------------------------
+           flags add      0x6
+           flags delete   c
+           flags add      5
+           flags replace  101
+----------------------------------
+           flags add      0x6
+           flags delete   c
+           flags replace  101
+           flags add      5
+----------------------------------
+           flags add      5
+           flags add      0x6
+           flags delete   c
+           flags replace  101
+----------------------------------
+           flags add      5
+           flags delete   c
+           flags add      0x6
+           flags replace  101
+----------------------------------
+           flags replace  101
+           flags add      0x6
+           flags delete   c
+           flags add      5
+----------------------------------
+           flags replace  101
+           flags delete   c
+           flags add      0x6
+           flags add      5
+----------------------------------
+           flags delete   c
+           flags add      0x6
+           flags add      5
+           flags replace  101
+----------------------------------
+           flags delete   c
+           flags add      0x6
+           flags replace  101
+           flags add      5
+----------------------------------
+           flags delete   c
+           flags add      5
+           flags add      0x6
+           flags replace  101
+----------------------------------
+           flags delete   c
+           flags replace  101
+           flags add      0x6
+           flags add      5
+----------------------------------
+== result ===[ 12]=======================
+ERR_INVALID_ATTRIBUTE_SYNTAX (21)
+-- operations ---------------------------
+           flags add      0x6
+           flags add      5
+           flags replace  101
+           flags delete   c
+----------------------------------
+           flags add      0x6
+           flags replace  101
+           flags add      5
+           flags delete   c
+----------------------------------
+           flags add      5
+           flags add      0x6
+           flags replace  101
+           flags delete   c
+----------------------------------
+           flags add      5
+           flags replace  101
+           flags add      0x6
+           flags delete   c
+----------------------------------
+           flags add      5
+           flags replace  101
+           flags delete   c
+           flags add      0x6
+----------------------------------
+           flags add      5
+           flags delete   c
+           flags replace  101
+           flags add      0x6
+----------------------------------
+           flags replace  101
+           flags add      0x6
+           flags add      5
+           flags delete   c
+----------------------------------
+           flags replace  101
+           flags add      5
+           flags add      0x6
+           flags delete   c
+----------------------------------
+           flags replace  101
+           flags add      5
+           flags delete   c
+           flags add      0x6
+----------------------------------
+           flags replace  101
+           flags delete   c
+           flags add      5
+           flags add      0x6
+----------------------------------
+           flags delete   c
+           flags add      5
+           flags replace  101
+           flags add      0x6
+----------------------------------
+           flags delete   c
+           flags replace  101
+           flags add      5
+           flags add      0x6
+----------------------------------
\ No newline at end of file
diff --git a/source4/dsdb/tests/python/testdata/modify_order_container_flags.expected b/source4/dsdb/tests/python/testdata/modify_order_container_flags.expected
new file mode 100644
index 0000000..eee3c52
--- /dev/null
+++ b/source4/dsdb/tests/python/testdata/modify_order_container_flags.expected
@@ -0,0 +1,134 @@
+modify_order_container_flags
+initial attrs:
+         objectclass: 'container'
+== result ===[  6]=======================
+               flags: [b'101']
+         objectClass: [b'container', b'top']
+-- operations ---------------------------
+           flags add      0x6
+           flags add      5
+           flags delete   c
+           flags replace  101
+----------------------------------
+           flags add      0x6
+           flags delete   c
+           flags add      5
+           flags replace  101
+----------------------------------
+           flags add      5
+           flags add      0x6
+           flags delete   c
+           flags replace  101
+----------------------------------
+           flags add      5
+           flags delete   c
+           flags add      0x6
+           flags replace  101
+----------------------------------
+           flags delete   c
+           flags add      0x6
+           flags add      5
+           flags replace  101
+----------------------------------
+           flags delete   c
+           flags add      5
+           flags add      0x6
+           flags replace  101
+----------------------------------
+== result ===[  6]=======================
+               flags: [b'5']
+         objectClass: [b'container', b'top']
+-- operations ---------------------------
+           flags add      0x6
+           flags replace  101
+           flags delete   c
+           flags add      5
+----------------------------------
+           flags add      0x6
+           flags delete   c
+           flags replace  101
+           flags add      5
+----------------------------------
+           flags replace  101
+           flags add      0x6
+           flags delete   c
+           flags add      5
+----------------------------------
+           flags replace  101
+           flags delete   c
+           flags add      0x6
+           flags add      5
+----------------------------------
+           flags delete   c
+           flags add      0x6
+           flags replace  101
+           flags add      5
+----------------------------------
+           flags delete   c
+           flags replace  101
+           flags add      0x6
+           flags add      5
+----------------------------------
+== result ===[ 12]=======================
+ERR_INVALID_ATTRIBUTE_SYNTAX (21)
+-- operations ---------------------------
+           flags add      0x6
+           flags add      5
+           flags replace  101
+           flags delete   c
+----------------------------------
+           flags add      0x6
+           flags replace  101
+           flags add      5
+           flags delete   c
+----------------------------------
+           flags add      5
+           flags add      0x6
+           flags replace  101
+           flags delete   c
+----------------------------------
+           flags add      5
+           flags replace  101
+           flags add      0x6
+           flags delete   c
+----------------------------------
+           flags add      5
+           flags replace  101
+           flags delete   c
+           flags add      0x6
+----------------------------------
+           flags add      5
+           flags delete   c
+           flags replace  101
+           flags add      0x6
+----------------------------------
+           flags replace  101
+           flags add      0x6
+           flags add      5
+           flags delete   c
+----------------------------------
+           flags replace  101
+           flags add      5
+           flags add      0x6
+           flags delete   c
+----------------------------------
+           flags replace  101
+           flags add      5
+           flags delete   c
+           flags add      0x6
+----------------------------------
+           flags replace  101
+           flags delete   c
+           flags add      5
+           flags add      0x6
+----------------------------------
+           flags delete   c
+           flags add      5
+           flags replace  101
+           flags add      0x6
+----------------------------------
+           flags delete   c
+           flags replace  101
+           flags add      5
+           flags add      0x6
+----------------------------------
\ No newline at end of file
diff --git a/source4/dsdb/tests/python/testdata/modify_order_container_flags_multivalue-non-admin.expected b/source4/dsdb/tests/python/testdata/modify_order_container_flags_multivalue-non-admin.expected
new file mode 100644
index 0000000..c6f89c0
--- /dev/null
+++ b/source4/dsdb/tests/python/testdata/modify_order_container_flags_multivalue-non-admin.expected
@@ -0,0 +1,127 @@
+modify_order_container_flags_multivalue-non-admin
+initial attrs:
+         objectclass: 'container'
+         wWWHomePage: 'a'
+== result ===[ 24]=======================
+ERR_INSUFFICIENT_ACCESS_RIGHTS (50)
+-- operations ---------------------------
+           flags add      ['0', '1']
+           flags add      65355
+           flags delete   65355
+           flags replace  ['2', '101']
+----------------------------------
+           flags add      ['0', '1']
+           flags add      65355
+           flags replace  ['2', '101']
+           flags delete   65355
+----------------------------------
+           flags add      ['0', '1']
+           flags delete   65355
+           flags add      65355
+           flags replace  ['2', '101']
+----------------------------------
+           flags add      ['0', '1']
+           flags delete   65355
+           flags replace  ['2', '101']
+           flags add      65355
+----------------------------------
+           flags add      ['0', '1']
+           flags replace  ['2', '101']
+           flags add      65355
+           flags delete   65355
+----------------------------------
+           flags add      ['0', '1']
+           flags replace  ['2', '101']
+           flags delete   65355
+           flags add      65355
+----------------------------------
+           flags add      65355
+           flags add      ['0', '1']
+           flags delete   65355
+           flags replace  ['2', '101']
+----------------------------------
+           flags add      65355
+           flags add      ['0', '1']
+           flags replace  ['2', '101']
+           flags delete   65355
+----------------------------------
+           flags add      65355
+           flags delete   65355
+           flags add      ['0', '1']
+           flags replace  ['2', '101']
+----------------------------------
+           flags add      65355
+           flags delete   65355
+           flags replace  ['2', '101']
+           flags add      ['0', '1']
+----------------------------------
+           flags add      65355
+           flags replace  ['2', '101']
+           flags add      ['0', '1']
+           flags delete   65355
+----------------------------------
+           flags add      65355
+           flags replace  ['2', '101']
+           flags delete   65355
+           flags add      ['0', '1']
+----------------------------------
+           flags delete   65355
+           flags add      ['0', '1']
+           flags add      65355
+           flags replace  ['2', '101']
+----------------------------------
+           flags delete   65355
+           flags add      ['0', '1']
+           flags replace  ['2', '101']
+           flags add      65355
+----------------------------------
+           flags delete   65355
+           flags add      65355
+           flags add      ['0', '1']
+           flags replace  ['2', '101']
+----------------------------------
+           flags delete   65355
+           flags add      65355
+           flags replace  ['2', '101']
+           flags add      ['0', '1']
+----------------------------------
+           flags delete   65355
+           flags replace  ['2', '101']
+           flags add      ['0', '1']
+           flags add      65355
+----------------------------------
+           flags delete   65355
+           flags replace  ['2', '101']
+           flags add      65355
+           flags add      ['0', '1']
+----------------------------------
+           flags replace  ['2', '101']
+           flags add      ['0', '1']
+           flags add      65355
+           flags delete   65355
+----------------------------------
+           flags replace  ['2', '101']
+           flags add      ['0', '1']
+           flags delete   65355
+           flags add      65355
+----------------------------------
+           flags replace  ['2', '101']
+           flags add      65355
+           flags add      ['0', '1']
+           flags delete   65355
+----------------------------------
+           flags replace  ['2', '101']
+           flags add      65355
+           flags delete   65355
+           flags add      ['0', '1']
+----------------------------------
+           flags replace  ['2', '101']
+           flags delete   65355
+           flags add      ['0', '1']
+           flags add      65355
+----------------------------------
+           flags replace  ['2', '101']
+           flags delete   65355
+           flags add      65355
+           flags add      ['0', '1']
+----------------------------------
\ No newline at end of file
diff --git a/source4/dsdb/tests/python/testdata/modify_order_container_flags_multivalue.expected b/source4/dsdb/tests/python/testdata/modify_order_container_flags_multivalue.expected
new file mode 100644
index 0000000..99ee5a7
--- /dev/null
+++ b/source4/dsdb/tests/python/testdata/modify_order_container_flags_multivalue.expected
@@ -0,0 +1,138 @@
+modify_order_container_flags_multivalue
+initial attrs:
+         objectclass: 'container'
+         wWWHomePage: 'a'
+== result ===[  6]=======================
+               flags: [b'65355']
+         objectClass: [b'container', b'top']
+         wWWHomePage: [b'a']
+-- operations ---------------------------
+           flags add      ['0', '1']
+           flags delete   65355
+           flags replace  ['2', '101']
+           flags add      65355
+----------------------------------
+           flags add      ['0', '1']
+           flags replace  ['2', '101']
+           flags delete   65355
+           flags add      65355
+----------------------------------
+           flags delete   65355
+           flags add      ['0', '1']
+           flags replace  ['2', '101']
+           flags add      65355
+----------------------------------
+           flags delete   65355
+           flags replace  ['2', '101']
+           flags add      ['0', '1']
+           flags add      65355
+----------------------------------
+           flags replace  ['2', '101']
+           flags add      ['0', '1']
+           flags delete   65355
+           flags add      65355
+----------------------------------
+           flags replace  ['2', '101']
+           flags delete   65355
+           flags add      ['0', '1']
+           flags add      65355
+----------------------------------
+== result ===[  6]=======================
+ERR_ATTRIBUTE_OR_VALUE_EXISTS (20)
+-- operations ---------------------------
+           flags add      65355
+           flags delete   65355
+           flags replace  ['2', '101']
+           flags add      ['0', '1']
+----------------------------------
+           flags add      65355
+           flags replace  ['2', '101']
+           flags delete   65355
+           flags add      ['0', '1']
+----------------------------------
+           flags delete   65355
+           flags add      65355
+           flags replace  ['2', '101']
+           flags add      ['0', '1']
+----------------------------------
+           flags delete   65355
+           flags replace  ['2', '101']
+           flags add      65355
+           flags add      ['0', '1']
+----------------------------------
+           flags replace  ['2', '101']
+           flags add      65355
+           flags delete   65355
+           flags add      ['0', '1']
+----------------------------------
+           flags replace  ['2', '101']
+           flags delete   65355
+           flags add      65355
+           flags add      ['0', '1']
+----------------------------------
+== result ===[  6]=======================
+ERR_CONSTRAINT_VIOLATION (19)
+-- operations ---------------------------
+           flags add      ['0', '1']
+           flags add      65355
+           flags delete   65355
+           flags replace  ['2', '101']
+----------------------------------
+           flags add      ['0', '1']
+           flags delete   65355
+           flags add      65355
+           flags replace  ['2', '101']
+----------------------------------
+           flags add      65355
+           flags add      ['0', '1']
+           flags delete   65355
+           flags replace  ['2', '101']
+----------------------------------
+           flags add      65355
+           flags delete   65355
+           flags add      ['0', '1']
+           flags replace  ['2', '101']
+----------------------------------
+           flags delete   65355
+           flags add      ['0', '1']
+           flags add      65355
+           flags replace  ['2', '101']
+----------------------------------
+           flags delete   65355
+           flags add      65355
+           flags add      ['0', '1']
+           flags replace  ['2', '101']
+----------------------------------
+== result ===[  6]=======================
+ERR_NO_SUCH_ATTRIBUTE (16)
+-- operations ---------------------------
+           flags add      ['0', '1']
+           flags add      65355
+           flags replace  ['2', '101']
+           flags delete   65355
+----------------------------------
+           flags add      ['0', '1']
+           flags replace  ['2', '101']
+           flags add      65355
+           flags delete   65355
+----------------------------------
+           flags add      65355
+           flags add      ['0', '1']
+           flags replace  ['2', '101']
+           flags delete   65355
+----------------------------------
+           flags add      65355
+           flags replace  ['2', '101']
+           flags add      ['0', '1']
+           flags delete   65355
+----------------------------------
+           flags replace  ['2', '101']
+           flags add      ['0', '1']
+           flags add      65355
+           flags delete   65355
+----------------------------------
+           flags replace  ['2', '101']
+           flags add      65355
+           flags add      ['0', '1']
+           flags delete   65355
+----------------------------------
\ No newline at end of file
diff --git a/source4/dsdb/tests/python/testdata/modify_order_inapplicable-non-admin.expected b/source4/dsdb/tests/python/testdata/modify_order_inapplicable-non-admin.expected
new file mode 100644
index 0000000..0adb093
--- /dev/null
+++ b/source4/dsdb/tests/python/testdata/modify_order_inapplicable-non-admin.expected
@@ -0,0 +1,31 @@
+modify_order_inapplicable-non-admin
+initial attrs:
+         objectclass: 'user'
+           givenName: 'a'
+== result ===[  6]=======================
+ERR_INSUFFICIENT_ACCESS_RIGHTS (50)
+-- operations ---------------------------
+       dhcpSites replace  b
+       dhcpSites delete   b
+       dhcpSites add      c
+----------------------------------
+       dhcpSites replace  b
+       dhcpSites add      c
+       dhcpSites delete   b
+----------------------------------
+       dhcpSites delete   b
+       dhcpSites replace  b
+       dhcpSites add      c
+----------------------------------
+       dhcpSites delete   b
+       dhcpSites add      c
+       dhcpSites replace  b
+----------------------------------
+       dhcpSites add      c
+       dhcpSites replace  b
+       dhcpSites delete   b
+----------------------------------
+       dhcpSites add      c
+       dhcpSites delete   b
+       dhcpSites replace  b
+----------------------------------
\ No newline at end of file
diff --git a/source4/dsdb/tests/python/testdata/modify_order_inapplicable.expected b/source4/dsdb/tests/python/testdata/modify_order_inapplicable.expected
new file mode 100644
index 0000000..f16ef8c
--- /dev/null
+++ b/source4/dsdb/tests/python/testdata/modify_order_inapplicable.expected
@@ -0,0 +1,34 @@
+modify_order_inapplicable
+initial attrs:
+         objectclass: 'user'
+           givenName: 'a'
+== result ===[  2]=======================
+ERR_NO_SUCH_ATTRIBUTE (16)
+-- operations ---------------------------
+       dhcpSites replace  b
+       dhcpSites add      c
+       dhcpSites delete   b
+----------------------------------
+       dhcpSites add      c
+       dhcpSites replace  b
+       dhcpSites delete   b
+----------------------------------
+== result ===[  4]=======================
+ERR_OBJECT_CLASS_VIOLATION (65)
+-- operations ---------------------------
+       dhcpSites replace  b
+       dhcpSites delete   b
+       dhcpSites add      c
+----------------------------------
+       dhcpSites delete   b
+       dhcpSites replace  b
+       dhcpSites add      c
+----------------------------------
+       dhcpSites delete   b
+       dhcpSites add      c
+       dhcpSites replace  b
+----------------------------------
+       dhcpSites add      c
+       dhcpSites delete   b
+       dhcpSites replace  b
+----------------------------------
\ No newline at end of file
diff --git a/source4/dsdb/tests/python/testdata/modify_order_member-non-admin.expected b/source4/dsdb/tests/python/testdata/modify_order_member-non-admin.expected
new file mode 100644
index 0000000..ea7d26b
--- /dev/null
+++ b/source4/dsdb/tests/python/testdata/modify_order_member-non-admin.expected
@@ -0,0 +1,127 @@
+modify_order_member-non-admin
+initial attrs:
+         objectclass: 'group'
+              member: 'cn=modify_order_member_other_group,{base dn}'
+== result ===[ 24]=======================
+ERR_INSUFFICIENT_ACCESS_RIGHTS (50)
+-- operations ---------------------------
+          member delete   cn=ldaptest_modify_order_member-non-admin_0,cn=users,{base dn}
+          member replace  cn=ldaptest_modify_order_member-non-admin_0,cn=users,{base dn}
+          member delete   cn=modify_order_member_other_group,{base dn}
+          member add      cn=ldaptest_modify_order_member-non-admin_0,cn=users,{base dn}
+----------------------------------
+          member delete   cn=ldaptest_modify_order_member-non-admin_1,cn=users,{base dn}
+          member replace  cn=ldaptest_modify_order_member-non-admin_1,cn=users,{base dn}
+          member add      cn=ldaptest_modify_order_member-non-admin_1,cn=users,{base dn}
+          member delete   cn=modify_order_member_other_group,{base dn}
+----------------------------------
+          member delete   cn=ldaptest_modify_order_member-non-admin_2,cn=users,{base dn}
+          member delete   cn=modify_order_member_other_group,{base dn}
+          member replace  cn=ldaptest_modify_order_member-non-admin_2,cn=users,{base dn}
+          member add      cn=ldaptest_modify_order_member-non-admin_2,cn=users,{base dn}
+----------------------------------
+          member delete   cn=ldaptest_modify_order_member-non-admin_3,cn=users,{base dn}
+          member delete   cn=modify_order_member_other_group,{base dn}
+          member add      cn=ldaptest_modify_order_member-non-admin_3,cn=users,{base dn}
+          member replace  cn=ldaptest_modify_order_member-non-admin_3,cn=users,{base dn}
+----------------------------------
+          member delete   cn=ldaptest_modify_order_member-non-admin_4,cn=users,{base dn}
+          member add      cn=ldaptest_modify_order_member-non-admin_4,cn=users,{base dn}
+          member replace  cn=ldaptest_modify_order_member-non-admin_4,cn=users,{base dn}
+          member delete   cn=modify_order_member_other_group,{base dn}
+----------------------------------
+          member delete   cn=ldaptest_modify_order_member-non-admin_5,cn=users,{base dn}
+          member add      cn=ldaptest_modify_order_member-non-admin_5,cn=users,{base dn}
+          member delete   cn=modify_order_member_other_group,{base dn}
+          member replace  cn=ldaptest_modify_order_member-non-admin_5,cn=users,{base dn}
+----------------------------------
+          member replace  cn=ldaptest_modify_order_member-non-admin_6,cn=users,{base dn}
+          member delete   cn=ldaptest_modify_order_member-non-admin_6,cn=users,{base dn}
+          member delete   cn=modify_order_member_other_group,{base dn}
+          member add      cn=ldaptest_modify_order_member-non-admin_6,cn=users,{base dn}
+----------------------------------
+          member replace  cn=ldaptest_modify_order_member-non-admin_7,cn=users,{base dn}
+          member delete   cn=ldaptest_modify_order_member-non-admin_7,cn=users,{base dn}
+          member add      cn=ldaptest_modify_order_member-non-admin_7,cn=users,{base dn}
+          member delete   cn=modify_order_member_other_group,{base dn}
+----------------------------------
+          member replace  cn=ldaptest_modify_order_member-non-admin_8,cn=users,{base dn}
+          member delete   cn=modify_order_member_other_group,{base dn}
+          member delete   cn=ldaptest_modify_order_member-non-admin_8,cn=users,{base dn}
+          member add      cn=ldaptest_modify_order_member-non-admin_8,cn=users,{base dn}
+----------------------------------
+          member replace  cn=ldaptest_modify_order_member-non-admin_9,cn=users,{base dn}
+          member delete   cn=modify_order_member_other_group,{base dn}
+          member add      cn=ldaptest_modify_order_member-non-admin_9,cn=users,{base dn}
+          member delete   cn=ldaptest_modify_order_member-non-admin_9,cn=users,{base dn}
+----------------------------------
+          member replace  cn=ldaptest_modify_order_member-non-admin_10,cn=users,{base dn}
+          member add      cn=ldaptest_modify_order_member-non-admin_10,cn=users,{base dn}
+          member delete   cn=ldaptest_modify_order_member-non-admin_10,cn=users,{base dn}
+          member delete   cn=modify_order_member_other_group,{base dn}
+----------------------------------
+          member replace  cn=ldaptest_modify_order_member-non-admin_11,cn=users,{base dn}
+          member add      cn=ldaptest_modify_order_member-non-admin_11,cn=users,{base dn}
+          member delete   cn=modify_order_member_other_group,{base dn}
+          member delete   cn=ldaptest_modify_order_member-non-admin_11,cn=users,{base dn}
+----------------------------------
+          member delete   cn=modify_order_member_other_group,{base dn}
+          member delete   cn=ldaptest_modify_order_member-non-admin_12,cn=users,{base dn}
+          member replace  cn=ldaptest_modify_order_member-non-admin_12,cn=users,{base dn}
+          member add      cn=ldaptest_modify_order_member-non-admin_12,cn=users,{base dn}
+----------------------------------
+          member delete   cn=modify_order_member_other_group,{base dn}
+          member delete   cn=ldaptest_modify_order_member-non-admin_13,cn=users,{base dn}
+          member add      cn=ldaptest_modify_order_member-non-admin_13,cn=users,{base dn}
+          member replace  cn=ldaptest_modify_order_member-non-admin_13,cn=users,{base dn}
+----------------------------------
+          member delete   cn=modify_order_member_other_group,{base dn}
+          member replace  cn=ldaptest_modify_order_member-non-admin_14,cn=users,{base dn}
+          member delete   cn=ldaptest_modify_order_member-non-admin_14,cn=users,{base dn}
+          member add      cn=ldaptest_modify_order_member-non-admin_14,cn=users,{base dn}
+----------------------------------
+          member delete   cn=modify_order_member_other_group,{base dn}
+          member replace  cn=ldaptest_modify_order_member-non-admin_15,cn=users,{base dn}
+          member add      cn=ldaptest_modify_order_member-non-admin_15,cn=users,{base dn}
+          member delete   cn=ldaptest_modify_order_member-non-admin_15,cn=users,{base dn}
+----------------------------------
+          member delete   cn=modify_order_member_other_group,{base dn}
+          member add      cn=ldaptest_modify_order_member-non-admin_16,cn=users,{base dn}
+          member delete   cn=ldaptest_modify_order_member-non-admin_16,cn=users,{base dn}
+          member replace  cn=ldaptest_modify_order_member-non-admin_16,cn=users,{base dn}
+----------------------------------
+          member delete   cn=modify_order_member_other_group,{base dn}
+          member add      cn=ldaptest_modify_order_member-non-admin_17,cn=users,{base dn}
+          member replace  cn=ldaptest_modify_order_member-non-admin_17,cn=users,{base dn}
+          member delete   cn=ldaptest_modify_order_member-non-admin_17,cn=users,{base dn}
+----------------------------------
+          member add      cn=ldaptest_modify_order_member-non-admin_18,cn=users,{base dn}
+          member delete   cn=ldaptest_modify_order_member-non-admin_18,cn=users,{base dn}
+          member replace  cn=ldaptest_modify_order_member-non-admin_18,cn=users,{base dn}
+          member delete   cn=modify_order_member_other_group,{base dn}
+----------------------------------
+          member add      cn=ldaptest_modify_order_member-non-admin_19,cn=users,{base dn}
+          member delete   cn=ldaptest_modify_order_member-non-admin_19,cn=users,{base dn}
+          member delete   cn=modify_order_member_other_group,{base dn}
+          member replace  cn=ldaptest_modify_order_member-non-admin_19,cn=users,{base dn}
+----------------------------------
+          member add      cn=ldaptest_modify_order_member-non-admin_20,cn=users,{base dn}
+          member replace  cn=ldaptest_modify_order_member-non-admin_20,cn=users,{base dn}
+          member delete   cn=ldaptest_modify_order_member-non-admin_20,cn=users,{base dn}
+          member delete   cn=modify_order_member_other_group,{base dn}
+----------------------------------
+          member add      cn=ldaptest_modify_order_member-non-admin_21,cn=users,{base dn}
+          member replace  cn=ldaptest_modify_order_member-non-admin_21,cn=users,{base dn}
+          member delete   cn=modify_order_member_other_group,{base dn}
+          member delete   cn=ldaptest_modify_order_member-non-admin_21,cn=users,{base dn}
+----------------------------------
+          member add      cn=ldaptest_modify_order_member-non-admin_22,cn=users,{base dn}
+          member delete   cn=modify_order_member_other_group,{base dn}
+          member delete   cn=ldaptest_modify_order_member-non-admin_22,cn=users,{base dn}
+          member replace  cn=ldaptest_modify_order_member-non-admin_22,cn=users,{base dn}
+----------------------------------
+          member add      cn=ldaptest_modify_order_member-non-admin_23,cn=users,{base dn}
+          member delete   cn=modify_order_member_other_group,{base dn}
+          member replace  cn=ldaptest_modify_order_member-non-admin_23,cn=users,{base dn}
+          member delete   cn=ldaptest_modify_order_member-non-admin_23,cn=users,{base dn}
+----------------------------------
\ No newline at end of file
diff --git a/source4/dsdb/tests/python/testdata/modify_order_member.expected b/source4/dsdb/tests/python/testdata/modify_order_member.expected
new file mode 100644
index 0000000..1882c34
--- /dev/null
+++ b/source4/dsdb/tests/python/testdata/modify_order_member.expected
@@ -0,0 +1,190 @@
+modify_order_member
+initial attrs:
+         objectclass: 'group'
+              member: 'cn=modify_order_member_other_group,{base dn}'
+== result ===[  1]=======================
+              member: [b'CN=ldaptest_modify_order_member_0,CN=Users,{base dn}', b'CN=modify_order_member_other_group,{base dn}']
+            memberOf: [b'CN=ldaptest_modify_order_member_0,CN=Users,{base dn}']
+         objectClass: [b'group', b'top']
+-- operations ---------------------------
+          member delete   cn=ldaptest_modify_order_member_0,cn=users,{base dn}
+          member replace  cn=ldaptest_modify_order_member_0,cn=users,{base dn}
+          member delete   cn=modify_order_member_other_group,{base dn}
+          member add      cn=ldaptest_modify_order_member_0,cn=users,{base dn}
+----------------------------------
+== result ===[  1]=======================
+              member: [b'CN=ldaptest_modify_order_member_12,CN=Users,{base dn}', b'CN=modify_order_member_other_group,{base dn}']
+            memberOf: [b'CN=ldaptest_modify_order_member_12,CN=Users,{base dn}']
+         objectClass: [b'group', b'top']
+-- operations ---------------------------
+          member delete   cn=modify_order_member_other_group,{base dn}
+          member delete   cn=ldaptest_modify_order_member_12,cn=users,{base dn}
+          member replace  cn=ldaptest_modify_order_member_12,cn=users,{base dn}
+          member add      cn=ldaptest_modify_order_member_12,cn=users,{base dn}
+----------------------------------
+== result ===[  1]=======================
+              member: [b'CN=ldaptest_modify_order_member_13,CN=Users,{base dn}']
+            memberOf: [b'CN=ldaptest_modify_order_member_13,CN=Users,{base dn}']
+         objectClass: [b'group', b'top']
+-- operations ---------------------------
+          member delete   cn=modify_order_member_other_group,{base dn}
+          member delete   cn=ldaptest_modify_order_member_13,cn=users,{base dn}
+          member add      cn=ldaptest_modify_order_member_13,cn=users,{base dn}
+          member replace  cn=ldaptest_modify_order_member_13,cn=users,{base dn}
+----------------------------------
+== result ===[  1]=======================
+              member: [b'CN=ldaptest_modify_order_member_14,CN=Users,{base dn}', b'CN=modify_order_member_other_group,{base dn}']
+            memberOf: [b'CN=ldaptest_modify_order_member_14,CN=Users,{base dn}']
+         objectClass: [b'group', b'top']
+-- operations ---------------------------
+          member delete   cn=modify_order_member_other_group,{base dn}
+          member replace  cn=ldaptest_modify_order_member_14,cn=users,{base dn}
+          member delete   cn=ldaptest_modify_order_member_14,cn=users,{base dn}
+          member add      cn=ldaptest_modify_order_member_14,cn=users,{base dn}
+----------------------------------
+== result ===[  1]=======================
+              member: [b'CN=ldaptest_modify_order_member_16,CN=Users,{base dn}']
+            memberOf: [b'CN=ldaptest_modify_order_member_16,CN=Users,{base dn}']
+         objectClass: [b'group', b'top']
+-- operations ---------------------------
+          member delete   cn=modify_order_member_other_group,{base dn}
+          member add      cn=ldaptest_modify_order_member_16,cn=users,{base dn}
+          member delete   cn=ldaptest_modify_order_member_16,cn=users,{base dn}
+          member replace  cn=ldaptest_modify_order_member_16,cn=users,{base dn}
+----------------------------------
+== result ===[  1]=======================
+              member: [b'CN=ldaptest_modify_order_member_19,CN=Users,{base dn}']
+            memberOf: [b'CN=ldaptest_modify_order_member_19,CN=Users,{base dn}']
+         objectClass: [b'group', b'top']
+-- operations ---------------------------
+          member add      cn=ldaptest_modify_order_member_19,cn=users,{base dn}
+          member delete   cn=ldaptest_modify_order_member_19,cn=users,{base dn}
+          member delete   cn=modify_order_member_other_group,{base dn}
+          member replace  cn=ldaptest_modify_order_member_19,cn=users,{base dn}
+----------------------------------
+== result ===[  1]=======================
+              member: [b'CN=ldaptest_modify_order_member_2,CN=Users,{base dn}', b'CN=modify_order_member_other_group,{base dn}']
+            memberOf: [b'CN=ldaptest_modify_order_member_2,CN=Users,{base dn}']
+         objectClass: [b'group', b'top']
+-- operations ---------------------------
+          member delete   cn=ldaptest_modify_order_member_2,cn=users,{base dn}
+          member delete   cn=modify_order_member_other_group,{base dn}
+          member replace  cn=ldaptest_modify_order_member_2,cn=users,{base dn}
+          member add      cn=ldaptest_modify_order_member_2,cn=users,{base dn}
+----------------------------------
+== result ===[  1]=======================
+              member: [b'CN=ldaptest_modify_order_member_22,CN=Users,{base dn}']
+            memberOf: [b'CN=ldaptest_modify_order_member_22,CN=Users,{base dn}']
+         objectClass: [b'group', b'top']
+-- operations ---------------------------
+          member add      cn=ldaptest_modify_order_member_22,cn=users,{base dn}
+          member delete   cn=modify_order_member_other_group,{base dn}
+          member delete   cn=ldaptest_modify_order_member_22,cn=users,{base dn}
+          member replace  cn=ldaptest_modify_order_member_22,cn=users,{base dn}
+----------------------------------
+== result ===[  1]=======================
+              member: [b'CN=ldaptest_modify_order_member_3,CN=Users,{base dn}']
+            memberOf: [b'CN=ldaptest_modify_order_member_3,CN=Users,{base dn}']
+         objectClass: [b'group', b'top']
+-- operations ---------------------------
+          member delete   cn=ldaptest_modify_order_member_3,cn=users,{base dn}
+          member delete   cn=modify_order_member_other_group,{base dn}
+          member add      cn=ldaptest_modify_order_member_3,cn=users,{base dn}
+          member replace  cn=ldaptest_modify_order_member_3,cn=users,{base dn}
+----------------------------------
+== result ===[  1]=======================
+              member: [b'CN=ldaptest_modify_order_member_5,CN=Users,{base dn}']
+            memberOf: [b'CN=ldaptest_modify_order_member_5,CN=Users,{base dn}']
+         objectClass: [b'group', b'top']
+-- operations ---------------------------
+          member delete   cn=ldaptest_modify_order_member_5,cn=users,{base dn}
+          member add      cn=ldaptest_modify_order_member_5,cn=users,{base dn}
+          member delete   cn=modify_order_member_other_group,{base dn}
+          member replace  cn=ldaptest_modify_order_member_5,cn=users,{base dn}
+----------------------------------
+== result ===[  1]=======================
+              member: [b'CN=ldaptest_modify_order_member_6,CN=Users,{base dn}', b'CN=modify_order_member_other_group,{base dn}']
+            memberOf: [b'CN=ldaptest_modify_order_member_6,CN=Users,{base dn}']
+         objectClass: [b'group', b'top']
+-- operations ---------------------------
+          member replace  cn=ldaptest_modify_order_member_6,cn=users,{base dn}
+          member delete   cn=ldaptest_modify_order_member_6,cn=users,{base dn}
+          member delete   cn=modify_order_member_other_group,{base dn}
+          member add      cn=ldaptest_modify_order_member_6,cn=users,{base dn}
+----------------------------------
+== result ===[  1]=======================
+              member: [b'CN=ldaptest_modify_order_member_8,CN=Users,{base dn}', b'CN=modify_order_member_other_group,{base dn}']
+            memberOf: [b'CN=ldaptest_modify_order_member_8,CN=Users,{base dn}']
+         objectClass: [b'group', b'top']
+-- operations ---------------------------
+          member replace  cn=ldaptest_modify_order_member_8,cn=users,{base dn}
+          member delete   cn=modify_order_member_other_group,{base dn}
+          member delete   cn=ldaptest_modify_order_member_8,cn=users,{base dn}
+          member add      cn=ldaptest_modify_order_member_8,cn=users,{base dn}
+----------------------------------
+== result ===[  6]=======================
+         objectClass: [b'group', b'top']
+-- operations ---------------------------
+          member delete   cn=ldaptest_modify_order_member_1,cn=users,{base dn}
+          member replace  cn=ldaptest_modify_order_member_1,cn=users,{base dn}
+          member add      cn=ldaptest_modify_order_member_1,cn=users,{base dn}
+          member delete   cn=modify_order_member_other_group,{base dn}
+----------------------------------
+          member delete   cn=ldaptest_modify_order_member_4,cn=users,{base dn}
+          member add      cn=ldaptest_modify_order_member_4,cn=users,{base dn}
+          member replace  cn=ldaptest_modify_order_member_4,cn=users,{base dn}
+          member delete   cn=modify_order_member_other_group,{base dn}
+----------------------------------
+          member replace  cn=ldaptest_modify_order_member_7,cn=users,{base dn}
+          member delete   cn=ldaptest_modify_order_member_7,cn=users,{base dn}
+          member add      cn=ldaptest_modify_order_member_7,cn=users,{base dn}
+          member delete   cn=modify_order_member_other_group,{base dn}
+----------------------------------
+          member replace  cn=ldaptest_modify_order_member_10,cn=users,{base dn}
+          member add      cn=ldaptest_modify_order_member_10,cn=users,{base dn}
+          member delete   cn=ldaptest_modify_order_member_10,cn=users,{base dn}
+          member delete   cn=modify_order_member_other_group,{base dn}
+----------------------------------
+          member add      cn=ldaptest_modify_order_member_18,cn=users,{base dn}
+          member delete   cn=ldaptest_modify_order_member_18,cn=users,{base dn}
+          member replace  cn=ldaptest_modify_order_member_18,cn=users,{base dn}
+          member delete   cn=modify_order_member_other_group,{base dn}
+----------------------------------
+          member add      cn=ldaptest_modify_order_member_20,cn=users,{base dn}
+          member replace  cn=ldaptest_modify_order_member_20,cn=users,{base dn}
+          member delete   cn=ldaptest_modify_order_member_20,cn=users,{base dn}
+          member delete   cn=modify_order_member_other_group,{base dn}
+----------------------------------
+== result ===[  6]=======================
+ERR_UNWILLING_TO_PERFORM (53)
+-- operations ---------------------------
+          member replace  cn=ldaptest_modify_order_member_9,cn=users,{base dn}
+          member delete   cn=modify_order_member_other_group,{base dn}
+          member add      cn=ldaptest_modify_order_member_9,cn=users,{base dn}
+          member delete   cn=ldaptest_modify_order_member_9,cn=users,{base dn}
+----------------------------------
+          member replace  cn=ldaptest_modify_order_member_11,cn=users,{base dn}
+          member add      cn=ldaptest_modify_order_member_11,cn=users,{base dn}
+          member delete   cn=modify_order_member_other_group,{base dn}
+          member delete   cn=ldaptest_modify_order_member_11,cn=users,{base dn}
+----------------------------------
+          member delete   cn=modify_order_member_other_group,{base dn}
+          member replace  cn=ldaptest_modify_order_member_15,cn=users,{base dn}
+          member add      cn=ldaptest_modify_order_member_15,cn=users,{base dn}
+          member delete   cn=ldaptest_modify_order_member_15,cn=users,{base dn}
+----------------------------------
+          member delete   cn=modify_order_member_other_group,{base dn}
+          member add      cn=ldaptest_modify_order_member_17,cn=users,{base dn}
+          member replace  cn=ldaptest_modify_order_member_17,cn=users,{base dn}
+          member delete   cn=ldaptest_modify_order_member_17,cn=users,{base dn}
+----------------------------------
+          member add      cn=ldaptest_modify_order_member_21,cn=users,{base dn}
+          member replace  cn=ldaptest_modify_order_member_21,cn=users,{base dn}
+          member delete   cn=modify_order_member_other_group,{base dn}
+          member delete   cn=ldaptest_modify_order_member_21,cn=users,{base dn}
+----------------------------------
+          member add      cn=ldaptest_modify_order_member_23,cn=users,{base dn}
+          member delete   cn=modify_order_member_other_group,{base dn}
+          member replace  cn=ldaptest_modify_order_member_23,cn=users,{base dn}
+          member delete   cn=ldaptest_modify_order_member_23,cn=users,{base dn}
+----------------------------------
\ No newline at end of file
diff --git a/source4/dsdb/tests/python/testdata/modify_order_mixed-non-admin.expected b/source4/dsdb/tests/python/testdata/modify_order_mixed-non-admin.expected
new file mode 100644
index 0000000..544c31c
--- /dev/null
+++ b/source4/dsdb/tests/python/testdata/modify_order_mixed-non-admin.expected
@@ -0,0 +1,128 @@
+modify_order_mixed-non-admin
+initial attrs:
+         objectclass: 'user'
+          carLicense: ['1', '2', '3']
+      otherTelephone: '123'
+== result ===[ 24]=======================
+ERR_INSUFFICIENT_ACCESS_RIGHTS (50)
+-- operations ---------------------------
+      carLicense delete   3
+      carLicense add      4
+  otherTelephone replace  4
+  otherTelephone delete   123
+----------------------------------
+      carLicense delete   3
+      carLicense add      4
+  otherTelephone delete   123
+  otherTelephone replace  4
+----------------------------------
+      carLicense delete   3
+  otherTelephone replace  4
+      carLicense add      4
+  otherTelephone delete   123
+----------------------------------
+      carLicense delete   3
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense add      4
+----------------------------------
+      carLicense delete   3
+  otherTelephone delete   123
+      carLicense add      4
+  otherTelephone replace  4
+----------------------------------
+      carLicense delete   3
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense add      4
+----------------------------------
+      carLicense add      4
+      carLicense delete   3
+  otherTelephone replace  4
+  otherTelephone delete   123
+----------------------------------
+      carLicense add      4
+      carLicense delete   3
+  otherTelephone delete   123
+  otherTelephone replace  4
+----------------------------------
+      carLicense add      4
+  otherTelephone replace  4
+      carLicense delete   3
+  otherTelephone delete   123
+----------------------------------
+      carLicense add      4
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense delete   3
+----------------------------------
+      carLicense add      4
+  otherTelephone delete   123
+      carLicense delete   3
+  otherTelephone replace  4
+----------------------------------
+      carLicense add      4
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense delete   3
+----------------------------------
+  otherTelephone replace  4
+      carLicense delete   3
+      carLicense add      4
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone replace  4
+      carLicense delete   3
+  otherTelephone delete   123
+      carLicense add      4
+----------------------------------
+  otherTelephone replace  4
+      carLicense add      4
+      carLicense delete   3
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone replace  4
+      carLicense add      4
+  otherTelephone delete   123
+      carLicense delete   3
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense delete   3
+      carLicense add      4
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense add      4
+      carLicense delete   3
+----------------------------------
+  otherTelephone delete   123
+      carLicense delete   3
+      carLicense add      4
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   123
+      carLicense delete   3
+  otherTelephone replace  4
+      carLicense add      4
+----------------------------------
+  otherTelephone delete   123
+      carLicense add      4
+      carLicense delete   3
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   123
+      carLicense add      4
+  otherTelephone replace  4
+      carLicense delete   3
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense delete   3
+      carLicense add      4
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense add      4
+      carLicense delete   3
+----------------------------------
\ No newline at end of file
diff --git a/source4/dsdb/tests/python/testdata/modify_order_mixed.expected b/source4/dsdb/tests/python/testdata/modify_order_mixed.expected
new file mode 100644
index 0000000..d80f572
--- /dev/null
+++ b/source4/dsdb/tests/python/testdata/modify_order_mixed.expected
@@ -0,0 +1,143 @@
+modify_order_mixed
+initial attrs:
+         objectclass: 'user'
+          carLicense: ['1', '2', '3']
+      otherTelephone: '123'
+== result ===[  6]=======================
+          carLicense: [b'1', b'2', b'3', b'4']
+         objectClass: [b'organizationalPerson', b'person', b'top', b'user']
+-- operations ---------------------------
+      carLicense delete   3
+      carLicense add      4
+  otherTelephone replace  4
+  otherTelephone delete   123
+----------------------------------
+      carLicense delete   3
+  otherTelephone replace  4
+      carLicense add      4
+  otherTelephone delete   123
+----------------------------------
+      carLicense delete   3
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense add      4
+----------------------------------
+  otherTelephone replace  4
+      carLicense delete   3
+      carLicense add      4
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone replace  4
+      carLicense delete   3
+  otherTelephone delete   123
+      carLicense add      4
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense delete   3
+      carLicense add      4
+----------------------------------
+== result ===[  6]=======================
+          carLicense: [b'1', b'2', b'3', b'4']
+         objectClass: [b'organizationalPerson', b'person', b'top', b'user']
+      otherTelephone: [b'4']
+-- operations ---------------------------
+      carLicense delete   3
+      carLicense add      4
+  otherTelephone delete   123
+  otherTelephone replace  4
+----------------------------------
+      carLicense delete   3
+  otherTelephone delete   123
+      carLicense add      4
+  otherTelephone replace  4
+----------------------------------
+      carLicense delete   3
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense add      4
+----------------------------------
+  otherTelephone delete   123
+      carLicense delete   3
+      carLicense add      4
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   123
+      carLicense delete   3
+  otherTelephone replace  4
+      carLicense add      4
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense delete   3
+      carLicense add      4
+----------------------------------
+== result ===[  6]=======================
+          carLicense: [b'1', b'2']
+         objectClass: [b'organizationalPerson', b'person', b'top', b'user']
+-- operations ---------------------------
+      carLicense add      4
+      carLicense delete   3
+  otherTelephone replace  4
+  otherTelephone delete   123
+----------------------------------
+      carLicense add      4
+  otherTelephone replace  4
+      carLicense delete   3
+  otherTelephone delete   123
+----------------------------------
+      carLicense add      4
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense delete   3
+----------------------------------
+  otherTelephone replace  4
+      carLicense add      4
+      carLicense delete   3
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone replace  4
+      carLicense add      4
+  otherTelephone delete   123
+      carLicense delete   3
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense add      4
+      carLicense delete   3
+----------------------------------
+== result ===[  6]=======================
+          carLicense: [b'1', b'2']
+         objectClass: [b'organizationalPerson', b'person', b'top', b'user']
+      otherTelephone: [b'4']
+-- operations ---------------------------
+      carLicense add      4
+      carLicense delete   3
+  otherTelephone delete   123
+  otherTelephone replace  4
+----------------------------------
+      carLicense add      4
+  otherTelephone delete   123
+      carLicense delete   3
+  otherTelephone replace  4
+----------------------------------
+      carLicense add      4
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense delete   3
+----------------------------------
+  otherTelephone delete   123
+      carLicense add      4
+      carLicense delete   3
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   123
+      carLicense add      4
+  otherTelephone replace  4
+      carLicense delete   3
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense add      4
+      carLicense delete   3
+----------------------------------
\ No newline at end of file
diff --git a/source4/dsdb/tests/python/testdata/modify_order_mixed2-non-admin.expected b/source4/dsdb/tests/python/testdata/modify_order_mixed2-non-admin.expected
new file mode 100644
index 0000000..7f812cc
--- /dev/null
+++ b/source4/dsdb/tests/python/testdata/modify_order_mixed2-non-admin.expected
@@ -0,0 +1,128 @@
+modify_order_mixed2-non-admin
+initial attrs:
+         objectclass: 'user'
+          carLicense: ['1', '2', '3']
+             ipPhone: '123'
+== result ===[ 24]=======================
+ERR_INSUFFICIENT_ACCESS_RIGHTS (50)
+-- operations ---------------------------
+      carLicense delete   3
+      carLicense add      4
+         ipPhone replace  4
+         ipPhone delete   123
+----------------------------------
+      carLicense delete   3
+      carLicense add      4
+         ipPhone delete   123
+         ipPhone replace  4
+----------------------------------
+      carLicense delete   3
+         ipPhone replace  4
+      carLicense add      4
+         ipPhone delete   123
+----------------------------------
+      carLicense delete   3
+         ipPhone replace  4
+         ipPhone delete   123
+      carLicense add      4
+----------------------------------
+      carLicense delete   3
+         ipPhone delete   123
+      carLicense add      4
+         ipPhone replace  4
+----------------------------------
+      carLicense delete   3
+         ipPhone delete   123
+         ipPhone replace  4
+      carLicense add      4
+----------------------------------
+      carLicense add      4
+      carLicense delete   3
+         ipPhone replace  4
+         ipPhone delete   123
+----------------------------------
+      carLicense add      4
+      carLicense delete   3
+         ipPhone delete   123
+         ipPhone replace  4
+----------------------------------
+      carLicense add      4
+         ipPhone replace  4
+      carLicense delete   3
+         ipPhone delete   123
+----------------------------------
+      carLicense add      4
+         ipPhone replace  4
+         ipPhone delete   123
+      carLicense delete   3
+----------------------------------
+      carLicense add      4
+         ipPhone delete   123
+      carLicense delete   3
+         ipPhone replace  4
+----------------------------------
+      carLicense add      4
+         ipPhone delete   123
+         ipPhone replace  4
+      carLicense delete   3
+----------------------------------
+         ipPhone replace  4
+      carLicense delete   3
+      carLicense add      4
+         ipPhone delete   123
+----------------------------------
+         ipPhone replace  4
+      carLicense delete   3
+         ipPhone delete   123
+      carLicense add      4
+----------------------------------
+         ipPhone replace  4
+      carLicense add      4
+      carLicense delete   3
+         ipPhone delete   123
+----------------------------------
+         ipPhone replace  4
+      carLicense add      4
+         ipPhone delete   123
+      carLicense delete   3
+----------------------------------
+         ipPhone replace  4
+         ipPhone delete   123
+      carLicense delete   3
+      carLicense add      4
+----------------------------------
+         ipPhone replace  4
+         ipPhone delete   123
+      carLicense add      4
+      carLicense delete   3
+----------------------------------
+         ipPhone delete   123
+      carLicense delete   3
+      carLicense add      4
+         ipPhone replace  4
+----------------------------------
+         ipPhone delete   123
+      carLicense delete   3
+         ipPhone replace  4
+      carLicense add      4
+----------------------------------
+         ipPhone delete   123
+      carLicense add      4
+      carLicense delete   3
+         ipPhone replace  4
+----------------------------------
+         ipPhone delete   123
+      carLicense add      4
+         ipPhone replace  4
+      carLicense delete   3
+----------------------------------
+         ipPhone delete   123
+         ipPhone replace  4
+      carLicense delete   3
+      carLicense add      4
+----------------------------------
+         ipPhone delete   123
+         ipPhone replace  4
+      carLicense add      4
+      carLicense delete   3
+----------------------------------
\ No newline at end of file
diff --git a/source4/dsdb/tests/python/testdata/modify_order_mixed2.expected b/source4/dsdb/tests/python/testdata/modify_order_mixed2.expected
new file mode 100644
index 0000000..3500a8c
--- /dev/null
+++ b/source4/dsdb/tests/python/testdata/modify_order_mixed2.expected
@@ -0,0 +1,143 @@
+modify_order_mixed2
+initial attrs:
+         objectclass: 'user'
+          carLicense: ['1', '2', '3']
+             ipPhone: '123'
+== result ===[  6]=======================
+          carLicense: [b'1', b'2', b'3', b'4']
+             ipPhone: [b'4']
+         objectClass: [b'organizationalPerson', b'person', b'top', b'user']
+-- operations ---------------------------
+      carLicense delete   3
+      carLicense add      4
+         ipPhone delete   123
+         ipPhone replace  4
+----------------------------------
+      carLicense delete   3
+         ipPhone delete   123
+      carLicense add      4
+         ipPhone replace  4
+----------------------------------
+      carLicense delete   3
+         ipPhone delete   123
+         ipPhone replace  4
+      carLicense add      4
+----------------------------------
+         ipPhone delete   123
+      carLicense delete   3
+      carLicense add      4
+         ipPhone replace  4
+----------------------------------
+         ipPhone delete   123
+      carLicense delete   3
+         ipPhone replace  4
+      carLicense add      4
+----------------------------------
+         ipPhone delete   123
+         ipPhone replace  4
+      carLicense delete   3
+      carLicense add      4
+----------------------------------
+== result ===[  6]=======================
+          carLicense: [b'1', b'2', b'3', b'4']
+         objectClass: [b'organizationalPerson', b'person', b'top', b'user']
+-- operations ---------------------------
+      carLicense delete   3
+      carLicense add      4
+         ipPhone replace  4
+         ipPhone delete   123
+----------------------------------
+      carLicense delete   3
+         ipPhone replace  4
+      carLicense add      4
+         ipPhone delete   123
+----------------------------------
+      carLicense delete   3
+         ipPhone replace  4
+         ipPhone delete   123
+      carLicense add      4
+----------------------------------
+         ipPhone replace  4
+      carLicense delete   3
+      carLicense add      4
+         ipPhone delete   123
+----------------------------------
+         ipPhone replace  4
+      carLicense delete   3
+         ipPhone delete   123
+      carLicense add      4
+----------------------------------
+         ipPhone replace  4
+         ipPhone delete   123
+      carLicense delete   3
+      carLicense add      4
+----------------------------------
+== result ===[  6]=======================
+          carLicense: [b'1', b'2']
+             ipPhone: [b'4']
+         objectClass: [b'organizationalPerson', b'person', b'top', b'user']
+-- operations ---------------------------
+      carLicense add      4
+      carLicense delete   3
+         ipPhone delete   123
+         ipPhone replace  4
+----------------------------------
+      carLicense add      4
+         ipPhone delete   123
+      carLicense delete   3
+         ipPhone replace  4
+----------------------------------
+      carLicense add      4
+         ipPhone delete   123
+         ipPhone replace  4
+      carLicense delete   3
+----------------------------------
+         ipPhone delete   123
+      carLicense add      4
+      carLicense delete   3
+         ipPhone replace  4
+----------------------------------
+         ipPhone delete   123
+      carLicense add      4
+         ipPhone replace  4
+      carLicense delete   3
+----------------------------------
+         ipPhone delete   123
+         ipPhone replace  4
+      carLicense add      4
+      carLicense delete   3
+----------------------------------
+== result ===[  6]=======================
+          carLicense: [b'1', b'2']
+         objectClass: [b'organizationalPerson', b'person', b'top', b'user']
+-- operations ---------------------------
+      carLicense add      4
+      carLicense delete   3
+         ipPhone replace  4
+         ipPhone delete   123
+----------------------------------
+      carLicense add      4
+         ipPhone replace  4
+      carLicense delete   3
+         ipPhone delete   123
+----------------------------------
+      carLicense add      4
+         ipPhone replace  4
+         ipPhone delete   123
+      carLicense delete   3
+----------------------------------
+         ipPhone replace  4
+      carLicense add      4
+      carLicense delete   3
+         ipPhone delete   123
+----------------------------------
+         ipPhone replace  4
+      carLicense add      4
+         ipPhone delete   123
+      carLicense delete   3
+----------------------------------
+         ipPhone replace  4
+         ipPhone delete   123
+      carLicense add      4
+      carLicense delete   3
+----------------------------------
\ No newline at end of file
diff --git a/source4/dsdb/tests/python/testdata/modify_order_objectclass-non-admin.expected b/source4/dsdb/tests/python/testdata/modify_order_objectclass-non-admin.expected
new file mode 100644
index 0000000..1e9650a
--- /dev/null
+++ b/source4/dsdb/tests/python/testdata/modify_order_objectclass-non-admin.expected
@@ -0,0 +1,31 @@
+modify_order_objectclass-non-admin
+initial attrs:
+         objectclass: 'user'
+      otherTelephone: '123'
+== result ===[  6]=======================
+ERR_INSUFFICIENT_ACCESS_RIGHTS (50)
+-- operations ---------------------------
+     objectclass replace  computer
+     objectclass delete   user
+     objectclass delete   person
+----------------------------------
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass delete   user
+----------------------------------
+     objectclass delete   user
+     objectclass replace  computer
+     objectclass delete   person
+----------------------------------
+     objectclass delete   user
+     objectclass delete   person
+     objectclass replace  computer
+----------------------------------
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass delete   user
+----------------------------------
+     objectclass delete   person
+     objectclass delete   user
+     objectclass replace  computer
+----------------------------------
\ No newline at end of file
diff --git a/source4/dsdb/tests/python/testdata/modify_order_objectclass.expected b/source4/dsdb/tests/python/testdata/modify_order_objectclass.expected
new file mode 100644
index 0000000..0ec6d4a
--- /dev/null
+++ b/source4/dsdb/tests/python/testdata/modify_order_objectclass.expected
@@ -0,0 +1,35 @@
+modify_order_objectclass
+initial attrs:
+         objectclass: 'user'
+      otherTelephone: '123'
+== result ===[  2]=======================
+         objectClass: [b'organizationalPerson', b'person', b'top', b'user']
+      otherTelephone: [b'123']
+-- operations ---------------------------
+     objectclass replace  computer
+     objectclass delete   user
+     objectclass delete   person
+----------------------------------
+     objectclass delete   user
+     objectclass replace  computer
+     objectclass delete   person
+----------------------------------
+== result ===[  4]=======================
+ERR_OBJECT_CLASS_VIOLATION (65)
+-- operations ---------------------------
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass delete   user
+----------------------------------
+     objectclass delete   user
+     objectclass delete   person
+     objectclass replace  computer
+----------------------------------
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass delete   user
+----------------------------------
+     objectclass delete   person
+     objectclass delete   user
+     objectclass replace  computer
+----------------------------------
\ No newline at end of file
diff --git a/source4/dsdb/tests/python/testdata/modify_order_objectclass2-non-admin.expected b/source4/dsdb/tests/python/testdata/modify_order_objectclass2-non-admin.expected
new file mode 100644
index 0000000..2515154
--- /dev/null
+++ b/source4/dsdb/tests/python/testdata/modify_order_objectclass2-non-admin.expected
@@ -0,0 +1,726 @@
+modify_order_objectclass2-non-admin
+initial attrs:
+         objectclass: 'user'
+== result ===[120]=======================
+ERR_INSUFFICIENT_ACCESS_RIGHTS (50)
+-- operations ---------------------------
+     objectclass replace  computer
+     objectclass add      user
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+----------------------------------
+     objectclass replace  computer
+     objectclass add      user
+     objectclass replace  attributeSchema
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass replace  computer
+     objectclass add      user
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+     objectclass delete   person
+----------------------------------
+     objectclass replace  computer
+     objectclass add      user
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass replace  computer
+     objectclass add      user
+     objectclass delete   person
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass replace  computer
+     objectclass add      user
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+     objectclass add      user
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+----------------------------------
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+     objectclass add      user
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+     objectclass add      user
+     objectclass delete   person
+----------------------------------
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+     objectclass add      user
+----------------------------------
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+     objectclass delete   person
+     objectclass add      user
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+     objectclass add      user
+----------------------------------
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+     objectclass add      user
+     objectclass replace  attributeSchema
+     objectclass delete   person
+----------------------------------
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+     objectclass add      user
+     objectclass delete   person
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+     objectclass add      user
+     objectclass delete   person
+----------------------------------
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+     objectclass delete   person
+     objectclass add      user
+----------------------------------
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+     objectclass add      user
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+     objectclass replace  attributeSchema
+     objectclass add      user
+----------------------------------
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass add      user
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass add      user
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass replace  attributeSchema
+     objectclass add      user
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+     objectclass add      user
+----------------------------------
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+     objectclass add      user
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+     objectclass add      user
+----------------------------------
+     objectclass add      user
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+----------------------------------
+     objectclass add      user
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass add      user
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+     objectclass delete   person
+----------------------------------
+     objectclass add      user
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass add      user
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass add      user
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass add      user
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+----------------------------------
+     objectclass add      user
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass add      user
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+     objectclass delete   person
+----------------------------------
+     objectclass add      user
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+     objectclass replace  computer
+----------------------------------
+     objectclass add      user
+     objectclass replace  attributeSchema
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass add      user
+     objectclass replace  attributeSchema
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+----------------------------------
+     objectclass add      user
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+     objectclass delete   person
+----------------------------------
+     objectclass add      user
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass add      user
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+     objectclass delete   person
+----------------------------------
+     objectclass add      user
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+     objectclass delete   person
+     objectclass replace  computer
+----------------------------------
+     objectclass add      user
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass add      user
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+----------------------------------
+     objectclass add      user
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass add      user
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass add      user
+     objectclass delete   person
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass add      user
+     objectclass delete   person
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+----------------------------------
+     objectclass add      user
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass add      user
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+     objectclass add      user
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+     objectclass add      user
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+     objectclass add      user
+     objectclass delete   person
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+     objectclass add      user
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass add      user
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+     objectclass add      user
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass add      user
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass add      user
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass add      user
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+     objectclass delete   person
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass add      user
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+     objectclass replace  computer
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass add      user
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass add      user
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+     objectclass add      user
+     objectclass delete   person
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass add      user
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+     objectclass add      user
+     objectclass replace  computer
+     objectclass delete   person
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+     objectclass add      user
+     objectclass delete   person
+     objectclass replace  computer
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass add      user
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+     objectclass add      user
+     objectclass replace  computer
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass add      user
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+     objectclass add      user
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass delete   person
+     objectclass add      user
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass delete   person
+     objectclass add      user
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+     objectclass add      user
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+     objectclass add      user
+     objectclass replace  computer
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+     objectclass add      user
+     objectclass replace  attributeSchema
+     objectclass delete   person
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+     objectclass add      user
+     objectclass delete   person
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+     objectclass add      user
+     objectclass delete   person
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+     objectclass delete   person
+     objectclass add      user
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass add      user
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass replace  attributeSchema
+     objectclass add      user
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass add      user
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+     objectclass delete   person
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass add      user
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass add      user
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+     objectclass delete   person
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass add      user
+     objectclass replace  attributeSchema
+     objectclass delete   person
+     objectclass replace  computer
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass add      user
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass add      user
+     objectclass delete   person
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+     objectclass add      user
+     objectclass delete   person
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass add      user
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+     objectclass add      user
+     objectclass replace  computer
+     objectclass delete   person
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+     objectclass add      user
+     objectclass delete   person
+     objectclass replace  computer
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass add      user
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+     objectclass delete   person
+     objectclass add      user
+     objectclass replace  computer
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass add      user
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+     objectclass add      user
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+     objectclass add      user
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+     objectclass add      user
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+     objectclass add      user
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+     objectclass replace  attributeSchema
+     objectclass add      user
+     objectclass replace  computer
+----------------------------------
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass add      user
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass add      user
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+     objectclass add      user
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+     objectclass add      user
+----------------------------------
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+     objectclass add      user
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+     objectclass add      user
+----------------------------------
+     objectclass delete   person
+     objectclass add      user
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass delete   person
+     objectclass add      user
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass delete   person
+     objectclass add      user
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass delete   person
+     objectclass add      user
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+----------------------------------
+     objectclass delete   person
+     objectclass add      user
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass delete   person
+     objectclass add      user
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+----------------------------------
+     objectclass delete   person
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+     objectclass add      user
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass delete   person
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+     objectclass add      user
+----------------------------------
+     objectclass delete   person
+     objectclass replace  attributeSchema
+     objectclass add      user
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass delete   person
+     objectclass replace  attributeSchema
+     objectclass add      user
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+----------------------------------
+     objectclass delete   person
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+     objectclass add      user
+----------------------------------
+     objectclass delete   person
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+     objectclass add      user
+     objectclass replace  computer
+----------------------------------
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+     objectclass add      user
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+     objectclass add      user
+----------------------------------
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+     objectclass add      user
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+     objectclass add      user
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+----------------------------------
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+     objectclass add      user
+----------------------------------
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+     objectclass add      user
+     objectclass replace  computer
+----------------------------------
\ No newline at end of file
diff --git a/source4/dsdb/tests/python/testdata/modify_order_objectclass2.expected b/source4/dsdb/tests/python/testdata/modify_order_objectclass2.expected
new file mode 100644
index 0000000..4f51708
--- /dev/null
+++ b/source4/dsdb/tests/python/testdata/modify_order_objectclass2.expected
@@ -0,0 +1,735 @@
+modify_order_objectclass2
+initial attrs:
+         objectclass: 'user'
+== result ===[ 24]=======================
+         objectClass: [b'inetOrgPerson', b'organizationalPerson', b'person', b'top', b'user']
+-- operations ---------------------------
+     objectclass replace  computer
+     objectclass add      user
+     objectclass replace  attributeSchema
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass replace  computer
+     objectclass add      user
+     objectclass delete   person
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+     objectclass add      user
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+     objectclass delete   person
+     objectclass add      user
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass add      user
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass replace  attributeSchema
+     objectclass add      user
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass add      user
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass add      user
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass add      user
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass add      user
+     objectclass replace  attributeSchema
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass add      user
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass add      user
+     objectclass delete   person
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+     objectclass add      user
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass add      user
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass add      user
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass add      user
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass add      user
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass delete   person
+     objectclass add      user
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass add      user
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+     objectclass add      user
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass delete   person
+     objectclass add      user
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass delete   person
+     objectclass add      user
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass delete   person
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+     objectclass add      user
+     objectclass add      inetOrgPerson
+----------------------------------
+     objectclass delete   person
+     objectclass replace  attributeSchema
+     objectclass add      user
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+----------------------------------
+== result ===[ 24]=======================
+         objectClass: [b'organizationalPerson', b'person', b'top', b'user']
+-- operations ---------------------------
+     objectclass replace  computer
+     objectclass add      user
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+----------------------------------
+     objectclass replace  computer
+     objectclass add      user
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+     objectclass delete   person
+----------------------------------
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+     objectclass add      user
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+----------------------------------
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+     objectclass add      user
+     objectclass delete   person
+----------------------------------
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+     objectclass add      user
+     objectclass replace  attributeSchema
+     objectclass delete   person
+----------------------------------
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+     objectclass add      user
+     objectclass delete   person
+----------------------------------
+     objectclass add      user
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+----------------------------------
+     objectclass add      user
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+     objectclass delete   person
+----------------------------------
+     objectclass add      user
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+----------------------------------
+     objectclass add      user
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+     objectclass delete   person
+----------------------------------
+     objectclass add      user
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+     objectclass delete   person
+----------------------------------
+     objectclass add      user
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+     objectclass delete   person
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+     objectclass add      user
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+     objectclass add      user
+     objectclass delete   person
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass add      user
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass add      user
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+     objectclass delete   person
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+     objectclass add      user
+     objectclass delete   person
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+     objectclass add      user
+     objectclass replace  computer
+     objectclass delete   person
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+     objectclass add      user
+     objectclass replace  attributeSchema
+     objectclass delete   person
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+     objectclass add      user
+     objectclass delete   person
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass add      user
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+     objectclass delete   person
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass add      user
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+     objectclass delete   person
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+     objectclass add      user
+     objectclass delete   person
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+     objectclass add      user
+     objectclass replace  computer
+     objectclass delete   person
+----------------------------------
+== result ===[ 24]=======================
+ERR_ATTRIBUTE_OR_VALUE_EXISTS (20)
+-- operations ---------------------------
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+     objectclass add      user
+----------------------------------
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+     objectclass add      user
+----------------------------------
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+     objectclass delete   person
+     objectclass add      user
+----------------------------------
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+     objectclass replace  attributeSchema
+     objectclass add      user
+----------------------------------
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+     objectclass add      user
+----------------------------------
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+     objectclass add      user
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+     objectclass add      user
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+     objectclass add      user
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass add      user
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass add      user
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+     objectclass add      user
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+     objectclass add      user
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+     objectclass delete   person
+     objectclass add      user
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass replace  attributeSchema
+     objectclass add      user
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass add      user
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass add      user
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+     objectclass add      user
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+     objectclass add      user
+----------------------------------
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+     objectclass add      user
+----------------------------------
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+     objectclass add      user
+----------------------------------
+     objectclass delete   person
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+     objectclass add      user
+----------------------------------
+     objectclass delete   person
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+     objectclass add      user
+----------------------------------
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+     objectclass add      user
+----------------------------------
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+     objectclass add      user
+----------------------------------
+== result ===[ 48]=======================
+ERR_OBJECT_CLASS_VIOLATION (65)
+-- operations ---------------------------
+     objectclass replace  computer
+     objectclass add      user
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass replace  computer
+     objectclass add      user
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+     objectclass add      user
+     objectclass delete   person
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+     objectclass add      user
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass add      user
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+     objectclass add      user
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass add      user
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass add      user
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass add      user
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+     objectclass replace  computer
+----------------------------------
+     objectclass add      user
+     objectclass replace  attributeSchema
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+----------------------------------
+     objectclass add      user
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass add      user
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+     objectclass delete   person
+     objectclass replace  computer
+----------------------------------
+     objectclass add      user
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass add      user
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+----------------------------------
+     objectclass add      user
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass add      user
+     objectclass delete   person
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+----------------------------------
+     objectclass add      user
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass add      user
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass add      user
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+     objectclass replace  computer
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass add      user
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+     objectclass add      user
+     objectclass delete   person
+     objectclass replace  computer
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+     objectclass add      user
+     objectclass replace  computer
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass delete   person
+     objectclass add      user
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+----------------------------------
+     objectclass replace  attributeSchema
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+     objectclass add      user
+     objectclass replace  computer
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+     objectclass add      user
+     objectclass delete   person
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass add      user
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass add      user
+     objectclass replace  computer
+     objectclass delete   person
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass add      user
+     objectclass replace  attributeSchema
+     objectclass delete   person
+     objectclass replace  computer
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass add      user
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass add      user
+     objectclass delete   person
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+     objectclass add      user
+     objectclass delete   person
+     objectclass replace  computer
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+     objectclass delete   person
+     objectclass add      user
+     objectclass replace  computer
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass add      user
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+     objectclass add      user
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+     objectclass add      user
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+----------------------------------
+     objectclass add      inetOrgPerson
+     objectclass delete   person
+     objectclass replace  attributeSchema
+     objectclass add      user
+     objectclass replace  computer
+----------------------------------
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass add      user
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass delete   person
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+     objectclass add      user
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass delete   person
+     objectclass add      user
+     objectclass replace  computer
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass delete   person
+     objectclass add      user
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+----------------------------------
+     objectclass delete   person
+     objectclass add      user
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass delete   person
+     objectclass add      user
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+----------------------------------
+     objectclass delete   person
+     objectclass replace  attributeSchema
+     objectclass add      user
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+----------------------------------
+     objectclass delete   person
+     objectclass replace  attributeSchema
+     objectclass add      inetOrgPerson
+     objectclass add      user
+     objectclass replace  computer
+----------------------------------
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+     objectclass replace  computer
+     objectclass add      user
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+     objectclass add      user
+     objectclass replace  computer
+     objectclass replace  attributeSchema
+----------------------------------
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+     objectclass add      user
+     objectclass replace  attributeSchema
+     objectclass replace  computer
+----------------------------------
+     objectclass delete   person
+     objectclass add      inetOrgPerson
+     objectclass replace  attributeSchema
+     objectclass add      user
+     objectclass replace  computer
+----------------------------------
\ No newline at end of file
diff --git a/source4/dsdb/tests/python/testdata/modify_order_singlevalue-non-admin.expected b/source4/dsdb/tests/python/testdata/modify_order_singlevalue-non-admin.expected
new file mode 100644
index 0000000..f9d717d
--- /dev/null
+++ b/source4/dsdb/tests/python/testdata/modify_order_singlevalue-non-admin.expected
@@ -0,0 +1,727 @@
+modify_order_singlevalue-non-admin
+initial attrs:
+         objectclass: 'user'
+           givenName: 'a'
+== result ===[120]=======================
+ERR_INSUFFICIENT_ACCESS_RIGHTS (50)
+-- operations ---------------------------
+       givenName replace  a
+       givenName replace  ['b', 'a']
+       givenName delete   b
+       givenName delete   a
+       givenName add      c
+----------------------------------
+       givenName replace  a
+       givenName replace  ['b', 'a']
+       givenName delete   b
+       givenName add      c
+       givenName delete   a
+----------------------------------
+       givenName replace  a
+       givenName replace  ['b', 'a']
+       givenName delete   a
+       givenName delete   b
+       givenName add      c
+----------------------------------
+       givenName replace  a
+       givenName replace  ['b', 'a']
+       givenName delete   a
+       givenName add      c
+       givenName delete   b
+----------------------------------
+       givenName replace  a
+       givenName replace  ['b', 'a']
+       givenName add      c
+       givenName delete   b
+       givenName delete   a
+----------------------------------
+       givenName replace  a
+       givenName replace  ['b', 'a']
+       givenName add      c
+       givenName delete   a
+       givenName delete   b
+----------------------------------
+       givenName replace  a
+       givenName delete   b
+       givenName replace  ['b', 'a']
+       givenName delete   a
+       givenName add      c
+----------------------------------
+       givenName replace  a
+       givenName delete   b
+       givenName replace  ['b', 'a']
+       givenName add      c
+       givenName delete   a
+----------------------------------
+       givenName replace  a
+       givenName delete   b
+       givenName delete   a
+       givenName replace  ['b', 'a']
+       givenName add      c
+----------------------------------
+       givenName replace  a
+       givenName delete   b
+       givenName delete   a
+       givenName add      c
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName replace  a
+       givenName delete   b
+       givenName add      c
+       givenName replace  ['b', 'a']
+       givenName delete   a
+----------------------------------
+       givenName replace  a
+       givenName delete   b
+       givenName add      c
+       givenName delete   a
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName replace  a
+       givenName delete   a
+       givenName replace  ['b', 'a']
+       givenName delete   b
+       givenName add      c
+----------------------------------
+       givenName replace  a
+       givenName delete   a
+       givenName replace  ['b', 'a']
+       givenName add      c
+       givenName delete   b
+----------------------------------
+       givenName replace  a
+       givenName delete   a
+       givenName delete   b
+       givenName replace  ['b', 'a']
+       givenName add      c
+----------------------------------
+       givenName replace  a
+       givenName delete   a
+       givenName delete   b
+       givenName add      c
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName replace  a
+       givenName delete   a
+       givenName add      c
+       givenName replace  ['b', 'a']
+       givenName delete   b
+----------------------------------
+       givenName replace  a
+       givenName delete   a
+       givenName add      c
+       givenName delete   b
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName replace  a
+       givenName add      c
+       givenName replace  ['b', 'a']
+       givenName delete   b
+       givenName delete   a
+----------------------------------
+       givenName replace  a
+       givenName add      c
+       givenName replace  ['b', 'a']
+       givenName delete   a
+       givenName delete   b
+----------------------------------
+       givenName replace  a
+       givenName add      c
+       givenName delete   b
+       givenName replace  ['b', 'a']
+       givenName delete   a
+----------------------------------
+       givenName replace  a
+       givenName add      c
+       givenName delete   b
+       givenName delete   a
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName replace  a
+       givenName add      c
+       givenName delete   a
+       givenName replace  ['b', 'a']
+       givenName delete   b
+----------------------------------
+       givenName replace  a
+       givenName add      c
+       givenName delete   a
+       givenName delete   b
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName replace  a
+       givenName delete   b
+       givenName delete   a
+       givenName add      c
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName replace  a
+       givenName delete   b
+       givenName add      c
+       givenName delete   a
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName replace  a
+       givenName delete   a
+       givenName delete   b
+       givenName add      c
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName replace  a
+       givenName delete   a
+       givenName add      c
+       givenName delete   b
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName replace  a
+       givenName add      c
+       givenName delete   b
+       givenName delete   a
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName replace  a
+       givenName add      c
+       givenName delete   a
+       givenName delete   b
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName delete   b
+       givenName replace  a
+       givenName delete   a
+       givenName add      c
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName delete   b
+       givenName replace  a
+       givenName add      c
+       givenName delete   a
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName delete   b
+       givenName delete   a
+       givenName replace  a
+       givenName add      c
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName delete   b
+       givenName delete   a
+       givenName add      c
+       givenName replace  a
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName delete   b
+       givenName add      c
+       givenName replace  a
+       givenName delete   a
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName delete   b
+       givenName add      c
+       givenName delete   a
+       givenName replace  a
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName delete   a
+       givenName replace  a
+       givenName delete   b
+       givenName add      c
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName delete   a
+       givenName replace  a
+       givenName add      c
+       givenName delete   b
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName delete   a
+       givenName delete   b
+       givenName replace  a
+       givenName add      c
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName delete   a
+       givenName delete   b
+       givenName add      c
+       givenName replace  a
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName delete   a
+       givenName add      c
+       givenName replace  a
+       givenName delete   b
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName delete   a
+       givenName add      c
+       givenName delete   b
+       givenName replace  a
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName add      c
+       givenName replace  a
+       givenName delete   b
+       givenName delete   a
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName add      c
+       givenName replace  a
+       givenName delete   a
+       givenName delete   b
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName add      c
+       givenName delete   b
+       givenName replace  a
+       givenName delete   a
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName add      c
+       givenName delete   b
+       givenName delete   a
+       givenName replace  a
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName add      c
+       givenName delete   a
+       givenName replace  a
+       givenName delete   b
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName add      c
+       givenName delete   a
+       givenName delete   b
+       givenName replace  a
+----------------------------------
+       givenName delete   b
+       givenName replace  a
+       givenName replace  ['b', 'a']
+       givenName delete   a
+       givenName add      c
+----------------------------------
+       givenName delete   b
+       givenName replace  a
+       givenName replace  ['b', 'a']
+       givenName add      c
+       givenName delete   a
+----------------------------------
+       givenName delete   b
+       givenName replace  a
+       givenName delete   a
+       givenName replace  ['b', 'a']
+       givenName add      c
+----------------------------------
+       givenName delete   b
+       givenName replace  a
+       givenName delete   a
+       givenName add      c
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName delete   b
+       givenName replace  a
+       givenName add      c
+       givenName replace  ['b', 'a']
+       givenName delete   a
+----------------------------------
+       givenName delete   b
+       givenName replace  a
+       givenName add      c
+       givenName delete   a
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName delete   b
+       givenName replace  ['b', 'a']
+       givenName replace  a
+       givenName delete   a
+       givenName add      c
+----------------------------------
+       givenName delete   b
+       givenName replace  ['b', 'a']
+       givenName replace  a
+       givenName add      c
+       givenName delete   a
+----------------------------------
+       givenName delete   b
+       givenName replace  ['b', 'a']
+       givenName delete   a
+       givenName replace  a
+       givenName add      c
+----------------------------------
+       givenName delete   b
+       givenName replace  ['b', 'a']
+       givenName delete   a
+       givenName add      c
+       givenName replace  a
+----------------------------------
+       givenName delete   b
+       givenName replace  ['b', 'a']
+       givenName add      c
+       givenName replace  a
+       givenName delete   a
+----------------------------------
+       givenName delete   b
+       givenName replace  ['b', 'a']
+       givenName add      c
+       givenName delete   a
+       givenName replace  a
+----------------------------------
+       givenName delete   b
+       givenName delete   a
+       givenName replace  a
+       givenName replace  ['b', 'a']
+       givenName add      c
+----------------------------------
+       givenName delete   b
+       givenName delete   a
+       givenName replace  a
+       givenName add      c
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName delete   b
+       givenName delete   a
+       givenName replace  ['b', 'a']
+       givenName replace  a
+       givenName add      c
+----------------------------------
+       givenName delete   b
+       givenName delete   a
+       givenName replace  ['b', 'a']
+       givenName add      c
+       givenName replace  a
+----------------------------------
+       givenName delete   b
+       givenName delete   a
+       givenName add      c
+       givenName replace  a
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName delete   b
+       givenName delete   a
+       givenName add      c
+       givenName replace  ['b', 'a']
+       givenName replace  a
+----------------------------------
+       givenName delete   b
+       givenName add      c
+       givenName replace  a
+       givenName replace  ['b', 'a']
+       givenName delete   a
+----------------------------------
+       givenName delete   b
+       givenName add      c
+       givenName replace  a
+       givenName delete   a
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName delete   b
+       givenName add      c
+       givenName replace  ['b', 'a']
+       givenName replace  a
+       givenName delete   a
+----------------------------------
+       givenName delete   b
+       givenName add      c
+       givenName replace  ['b', 'a']
+       givenName delete   a
+       givenName replace  a
+----------------------------------
+       givenName delete   b
+       givenName add      c
+       givenName delete   a
+       givenName replace  a
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName delete   b
+       givenName add      c
+       givenName delete   a
+       givenName replace  ['b', 'a']
+       givenName replace  a
+----------------------------------
+       givenName delete   a
+       givenName replace  a
+       givenName replace  ['b', 'a']
+       givenName delete   b
+       givenName add      c
+----------------------------------
+       givenName delete   a
+       givenName replace  a
+       givenName replace  ['b', 'a']
+       givenName add      c
+       givenName delete   b
+----------------------------------
+       givenName delete   a
+       givenName replace  a
+       givenName delete   b
+       givenName replace  ['b', 'a']
+       givenName add      c
+----------------------------------
+       givenName delete   a
+       givenName replace  a
+       givenName delete   b
+       givenName add      c
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName delete   a
+       givenName replace  a
+       givenName add      c
+       givenName replace  ['b', 'a']
+       givenName delete   b
+----------------------------------
+       givenName delete   a
+       givenName replace  a
+       givenName add      c
+       givenName delete   b
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName delete   a
+       givenName replace  ['b', 'a']
+       givenName replace  a
+       givenName delete   b
+       givenName add      c
+----------------------------------
+       givenName delete   a
+       givenName replace  ['b', 'a']
+       givenName replace  a
+       givenName add      c
+       givenName delete   b
+----------------------------------
+       givenName delete   a
+       givenName replace  ['b', 'a']
+       givenName delete   b
+       givenName replace  a
+       givenName add      c
+----------------------------------
+       givenName delete   a
+       givenName replace  ['b', 'a']
+       givenName delete   b
+       givenName add      c
+       givenName replace  a
+----------------------------------
+       givenName delete   a
+       givenName replace  ['b', 'a']
+       givenName add      c
+       givenName replace  a
+       givenName delete   b
+----------------------------------
+       givenName delete   a
+       givenName replace  ['b', 'a']
+       givenName add      c
+       givenName delete   b
+       givenName replace  a
+----------------------------------
+       givenName delete   a
+       givenName delete   b
+       givenName replace  a
+       givenName replace  ['b', 'a']
+       givenName add      c
+----------------------------------
+       givenName delete   a
+       givenName delete   b
+       givenName replace  a
+       givenName add      c
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName delete   a
+       givenName delete   b
+       givenName replace  ['b', 'a']
+       givenName replace  a
+       givenName add      c
+----------------------------------
+       givenName delete   a
+       givenName delete   b
+       givenName replace  ['b', 'a']
+       givenName add      c
+       givenName replace  a
+----------------------------------
+       givenName delete   a
+       givenName delete   b
+       givenName add      c
+       givenName replace  a
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName delete   a
+       givenName delete   b
+       givenName add      c
+       givenName replace  ['b', 'a']
+       givenName replace  a
+----------------------------------
+       givenName delete   a
+       givenName add      c
+       givenName replace  a
+       givenName replace  ['b', 'a']
+       givenName delete   b
+----------------------------------
+       givenName delete   a
+       givenName add      c
+       givenName replace  a
+       givenName delete   b
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName delete   a
+       givenName add      c
+       givenName replace  ['b', 'a']
+       givenName replace  a
+       givenName delete   b
+----------------------------------
+       givenName delete   a
+       givenName add      c
+       givenName replace  ['b', 'a']
+       givenName delete   b
+       givenName replace  a
+----------------------------------
+       givenName delete   a
+       givenName add      c
+       givenName delete   b
+       givenName replace  a
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName delete   a
+       givenName add      c
+       givenName delete   b
+       givenName replace  ['b', 'a']
+       givenName replace  a
+----------------------------------
+       givenName add      c
+       givenName replace  a
+       givenName replace  ['b', 'a']
+       givenName delete   b
+       givenName delete   a
+----------------------------------
+       givenName add      c
+       givenName replace  a
+       givenName replace  ['b', 'a']
+       givenName delete   a
+       givenName delete   b
+----------------------------------
+       givenName add      c
+       givenName replace  a
+       givenName delete   b
+       givenName replace  ['b', 'a']
+       givenName delete   a
+----------------------------------
+       givenName add      c
+       givenName replace  a
+       givenName delete   b
+       givenName delete   a
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName add      c
+       givenName replace  a
+       givenName delete   a
+       givenName replace  ['b', 'a']
+       givenName delete   b
+----------------------------------
+       givenName add      c
+       givenName replace  a
+       givenName delete   a
+       givenName delete   b
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName add      c
+       givenName replace  ['b', 'a']
+       givenName replace  a
+       givenName delete   b
+       givenName delete   a
+----------------------------------
+       givenName add      c
+       givenName replace  ['b', 'a']
+       givenName replace  a
+       givenName delete   a
+       givenName delete   b
+----------------------------------
+       givenName add      c
+       givenName replace  ['b', 'a']
+       givenName delete   b
+       givenName replace  a
+       givenName delete   a
+----------------------------------
+       givenName add      c
+       givenName replace  ['b', 'a']
+       givenName delete   b
+       givenName delete   a
+       givenName replace  a
+----------------------------------
+       givenName add      c
+       givenName replace  ['b', 'a']
+       givenName delete   a
+       givenName replace  a
+       givenName delete   b
+----------------------------------
+       givenName add      c
+       givenName replace  ['b', 'a']
+       givenName delete   a
+       givenName delete   b
+       givenName replace  a
+----------------------------------
+       givenName add      c
+       givenName delete   b
+       givenName replace  a
+       givenName replace  ['b', 'a']
+       givenName delete   a
+----------------------------------
+       givenName add      c
+       givenName delete   b
+       givenName replace  a
+       givenName delete   a
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName add      c
+       givenName delete   b
+       givenName replace  ['b', 'a']
+       givenName replace  a
+       givenName delete   a
+----------------------------------
+       givenName add      c
+       givenName delete   b
+       givenName replace  ['b', 'a']
+       givenName delete   a
+       givenName replace  a
+----------------------------------
+       givenName add      c
+       givenName delete   b
+       givenName delete   a
+       givenName replace  a
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName add      c
+       givenName delete   b
+       givenName delete   a
+       givenName replace  ['b', 'a']
+       givenName replace  a
+----------------------------------
+       givenName add      c
+       givenName delete   a
+       givenName replace  a
+       givenName replace  ['b', 'a']
+       givenName delete   b
+----------------------------------
+       givenName add      c
+       givenName delete   a
+       givenName replace  a
+       givenName delete   b
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName add      c
+       givenName delete   a
+       givenName replace  ['b', 'a']
+       givenName replace  a
+       givenName delete   b
+----------------------------------
+       givenName add      c
+       givenName delete   a
+       givenName replace  ['b', 'a']
+       givenName delete   b
+       givenName replace  a
+----------------------------------
+       givenName add      c
+       givenName delete   a
+       givenName delete   b
+       givenName replace  a
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName add      c
+       givenName delete   a
+       givenName delete   b
+       givenName replace  ['b', 'a']
+       givenName replace  a
+----------------------------------
\ No newline at end of file
diff --git a/source4/dsdb/tests/python/testdata/modify_order_singlevalue.expected b/source4/dsdb/tests/python/testdata/modify_order_singlevalue.expected
new file mode 100644
index 0000000..9946165
--- /dev/null
+++ b/source4/dsdb/tests/python/testdata/modify_order_singlevalue.expected
@@ -0,0 +1,740 @@
+modify_order_singlevalue
+initial attrs:
+         objectclass: 'user'
+           givenName: 'a'
+== result ===[ 24]=======================
+           givenName: [b'a']
+         objectClass: [b'organizationalPerson', b'person', b'top', b'user']
+-- operations ---------------------------
+       givenName replace  ['b', 'a']
+       givenName delete   b
+       givenName delete   a
+       givenName add      c
+       givenName replace  a
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName delete   b
+       givenName add      c
+       givenName delete   a
+       givenName replace  a
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName delete   a
+       givenName delete   b
+       givenName add      c
+       givenName replace  a
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName delete   a
+       givenName add      c
+       givenName delete   b
+       givenName replace  a
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName add      c
+       givenName delete   b
+       givenName delete   a
+       givenName replace  a
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName add      c
+       givenName delete   a
+       givenName delete   b
+       givenName replace  a
+----------------------------------
+       givenName delete   b
+       givenName replace  ['b', 'a']
+       givenName delete   a
+       givenName add      c
+       givenName replace  a
+----------------------------------
+       givenName delete   b
+       givenName replace  ['b', 'a']
+       givenName add      c
+       givenName delete   a
+       givenName replace  a
+----------------------------------
+       givenName delete   b
+       givenName delete   a
+       givenName replace  ['b', 'a']
+       givenName add      c
+       givenName replace  a
+----------------------------------
+       givenName delete   b
+       givenName delete   a
+       givenName add      c
+       givenName replace  ['b', 'a']
+       givenName replace  a
+----------------------------------
+       givenName delete   b
+       givenName add      c
+       givenName replace  ['b', 'a']
+       givenName delete   a
+       givenName replace  a
+----------------------------------
+       givenName delete   b
+       givenName add      c
+       givenName delete   a
+       givenName replace  ['b', 'a']
+       givenName replace  a
+----------------------------------
+       givenName delete   a
+       givenName replace  ['b', 'a']
+       givenName delete   b
+       givenName add      c
+       givenName replace  a
+----------------------------------
+       givenName delete   a
+       givenName replace  ['b', 'a']
+       givenName add      c
+       givenName delete   b
+       givenName replace  a
+----------------------------------
+       givenName delete   a
+       givenName delete   b
+       givenName replace  ['b', 'a']
+       givenName add      c
+       givenName replace  a
+----------------------------------
+       givenName delete   a
+       givenName delete   b
+       givenName add      c
+       givenName replace  ['b', 'a']
+       givenName replace  a
+----------------------------------
+       givenName delete   a
+       givenName add      c
+       givenName replace  ['b', 'a']
+       givenName delete   b
+       givenName replace  a
+----------------------------------
+       givenName delete   a
+       givenName add      c
+       givenName delete   b
+       givenName replace  ['b', 'a']
+       givenName replace  a
+----------------------------------
+       givenName add      c
+       givenName replace  ['b', 'a']
+       givenName delete   b
+       givenName delete   a
+       givenName replace  a
+----------------------------------
+       givenName add      c
+       givenName replace  ['b', 'a']
+       givenName delete   a
+       givenName delete   b
+       givenName replace  a
+----------------------------------
+       givenName add      c
+       givenName delete   b
+       givenName replace  ['b', 'a']
+       givenName delete   a
+       givenName replace  a
+----------------------------------
+       givenName add      c
+       givenName delete   b
+       givenName delete   a
+       givenName replace  ['b', 'a']
+       givenName replace  a
+----------------------------------
+       givenName add      c
+       givenName delete   a
+       givenName replace  ['b', 'a']
+       givenName delete   b
+       givenName replace  a
+----------------------------------
+       givenName add      c
+       givenName delete   a
+       givenName delete   b
+       givenName replace  ['b', 'a']
+       givenName replace  a
+----------------------------------
+== result ===[ 24]=======================
+         objectClass: [b'organizationalPerson', b'person', b'top', b'user']
+-- operations ---------------------------
+       givenName replace  a
+       givenName replace  ['b', 'a']
+       givenName delete   b
+       givenName add      c
+       givenName delete   a
+----------------------------------
+       givenName replace  a
+       givenName replace  ['b', 'a']
+       givenName add      c
+       givenName delete   b
+       givenName delete   a
+----------------------------------
+       givenName replace  a
+       givenName delete   b
+       givenName replace  ['b', 'a']
+       givenName add      c
+       givenName delete   a
+----------------------------------
+       givenName replace  a
+       givenName delete   b
+       givenName add      c
+       givenName replace  ['b', 'a']
+       givenName delete   a
+----------------------------------
+       givenName replace  a
+       givenName add      c
+       givenName replace  ['b', 'a']
+       givenName delete   b
+       givenName delete   a
+----------------------------------
+       givenName replace  a
+       givenName add      c
+       givenName delete   b
+       givenName replace  ['b', 'a']
+       givenName delete   a
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName replace  a
+       givenName delete   b
+       givenName add      c
+       givenName delete   a
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName replace  a
+       givenName add      c
+       givenName delete   b
+       givenName delete   a
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName delete   b
+       givenName replace  a
+       givenName add      c
+       givenName delete   a
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName delete   b
+       givenName add      c
+       givenName replace  a
+       givenName delete   a
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName add      c
+       givenName replace  a
+       givenName delete   b
+       givenName delete   a
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName add      c
+       givenName delete   b
+       givenName replace  a
+       givenName delete   a
+----------------------------------
+       givenName delete   b
+       givenName replace  a
+       givenName replace  ['b', 'a']
+       givenName add      c
+       givenName delete   a
+----------------------------------
+       givenName delete   b
+       givenName replace  a
+       givenName add      c
+       givenName replace  ['b', 'a']
+       givenName delete   a
+----------------------------------
+       givenName delete   b
+       givenName replace  ['b', 'a']
+       givenName replace  a
+       givenName add      c
+       givenName delete   a
+----------------------------------
+       givenName delete   b
+       givenName replace  ['b', 'a']
+       givenName add      c
+       givenName replace  a
+       givenName delete   a
+----------------------------------
+       givenName delete   b
+       givenName add      c
+       givenName replace  a
+       givenName replace  ['b', 'a']
+       givenName delete   a
+----------------------------------
+       givenName delete   b
+       givenName add      c
+       givenName replace  ['b', 'a']
+       givenName replace  a
+       givenName delete   a
+----------------------------------
+       givenName add      c
+       givenName replace  a
+       givenName replace  ['b', 'a']
+       givenName delete   b
+       givenName delete   a
+----------------------------------
+       givenName add      c
+       givenName replace  a
+       givenName delete   b
+       givenName replace  ['b', 'a']
+       givenName delete   a
+----------------------------------
+       givenName add      c
+       givenName replace  ['b', 'a']
+       givenName replace  a
+       givenName delete   b
+       givenName delete   a
+----------------------------------
+       givenName add      c
+       givenName replace  ['b', 'a']
+       givenName delete   b
+       givenName replace  a
+       givenName delete   a
+----------------------------------
+       givenName add      c
+       givenName delete   b
+       givenName replace  a
+       givenName replace  ['b', 'a']
+       givenName delete   a
+----------------------------------
+       givenName add      c
+       givenName delete   b
+       givenName replace  ['b', 'a']
+       givenName replace  a
+       givenName delete   a
+----------------------------------
+== result ===[ 24]=======================
+ERR_ATTRIBUTE_OR_VALUE_EXISTS (20)
+-- operations ---------------------------
+       givenName replace  a
+       givenName replace  ['b', 'a']
+       givenName delete   b
+       givenName delete   a
+       givenName add      c
+----------------------------------
+       givenName replace  a
+       givenName replace  ['b', 'a']
+       givenName delete   a
+       givenName delete   b
+       givenName add      c
+----------------------------------
+       givenName replace  a
+       givenName delete   b
+       givenName replace  ['b', 'a']
+       givenName delete   a
+       givenName add      c
+----------------------------------
+       givenName replace  a
+       givenName delete   b
+       givenName delete   a
+       givenName replace  ['b', 'a']
+       givenName add      c
+----------------------------------
+       givenName replace  a
+       givenName delete   a
+       givenName replace  ['b', 'a']
+       givenName delete   b
+       givenName add      c
+----------------------------------
+       givenName replace  a
+       givenName delete   a
+       givenName delete   b
+       givenName replace  ['b', 'a']
+       givenName add      c
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName replace  a
+       givenName delete   b
+       givenName delete   a
+       givenName add      c
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName replace  a
+       givenName delete   a
+       givenName delete   b
+       givenName add      c
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName delete   b
+       givenName replace  a
+       givenName delete   a
+       givenName add      c
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName delete   b
+       givenName delete   a
+       givenName replace  a
+       givenName add      c
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName delete   a
+       givenName replace  a
+       givenName delete   b
+       givenName add      c
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName delete   a
+       givenName delete   b
+       givenName replace  a
+       givenName add      c
+----------------------------------
+       givenName delete   b
+       givenName replace  a
+       givenName replace  ['b', 'a']
+       givenName delete   a
+       givenName add      c
+----------------------------------
+       givenName delete   b
+       givenName replace  a
+       givenName delete   a
+       givenName replace  ['b', 'a']
+       givenName add      c
+----------------------------------
+       givenName delete   b
+       givenName replace  ['b', 'a']
+       givenName replace  a
+       givenName delete   a
+       givenName add      c
+----------------------------------
+       givenName delete   b
+       givenName replace  ['b', 'a']
+       givenName delete   a
+       givenName replace  a
+       givenName add      c
+----------------------------------
+       givenName delete   b
+       givenName delete   a
+       givenName replace  a
+       givenName replace  ['b', 'a']
+       givenName add      c
+----------------------------------
+       givenName delete   b
+       givenName delete   a
+       givenName replace  ['b', 'a']
+       givenName replace  a
+       givenName add      c
+----------------------------------
+       givenName delete   a
+       givenName replace  a
+       givenName replace  ['b', 'a']
+       givenName delete   b
+       givenName add      c
+----------------------------------
+       givenName delete   a
+       givenName replace  a
+       givenName delete   b
+       givenName replace  ['b', 'a']
+       givenName add      c
+----------------------------------
+       givenName delete   a
+       givenName replace  ['b', 'a']
+       givenName replace  a
+       givenName delete   b
+       givenName add      c
+----------------------------------
+       givenName delete   a
+       givenName replace  ['b', 'a']
+       givenName delete   b
+       givenName replace  a
+       givenName add      c
+----------------------------------
+       givenName delete   a
+       givenName delete   b
+       givenName replace  a
+       givenName replace  ['b', 'a']
+       givenName add      c
+----------------------------------
+       givenName delete   a
+       givenName delete   b
+       givenName replace  ['b', 'a']
+       givenName replace  a
+       givenName add      c
+----------------------------------
+== result ===[ 24]=======================
+ERR_CONSTRAINT_VIOLATION (19)
+-- operations ---------------------------
+       givenName replace  a
+       givenName delete   b
+       givenName delete   a
+       givenName add      c
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName replace  a
+       givenName delete   b
+       givenName add      c
+       givenName delete   a
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName replace  a
+       givenName delete   a
+       givenName delete   b
+       givenName add      c
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName replace  a
+       givenName delete   a
+       givenName add      c
+       givenName delete   b
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName replace  a
+       givenName add      c
+       givenName delete   b
+       givenName delete   a
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName replace  a
+       givenName add      c
+       givenName delete   a
+       givenName delete   b
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName delete   b
+       givenName replace  a
+       givenName delete   a
+       givenName add      c
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName delete   b
+       givenName replace  a
+       givenName add      c
+       givenName delete   a
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName delete   b
+       givenName delete   a
+       givenName replace  a
+       givenName add      c
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName delete   b
+       givenName delete   a
+       givenName add      c
+       givenName replace  a
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName delete   b
+       givenName add      c
+       givenName replace  a
+       givenName delete   a
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName delete   b
+       givenName add      c
+       givenName delete   a
+       givenName replace  a
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName delete   a
+       givenName replace  a
+       givenName delete   b
+       givenName add      c
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName delete   a
+       givenName replace  a
+       givenName add      c
+       givenName delete   b
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName delete   a
+       givenName delete   b
+       givenName replace  a
+       givenName add      c
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName delete   a
+       givenName delete   b
+       givenName add      c
+       givenName replace  a
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName delete   a
+       givenName add      c
+       givenName replace  a
+       givenName delete   b
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName delete   a
+       givenName add      c
+       givenName delete   b
+       givenName replace  a
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName add      c
+       givenName replace  a
+       givenName delete   b
+       givenName delete   a
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName add      c
+       givenName replace  a
+       givenName delete   a
+       givenName delete   b
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName add      c
+       givenName delete   b
+       givenName replace  a
+       givenName delete   a
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName add      c
+       givenName delete   b
+       givenName delete   a
+       givenName replace  a
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName add      c
+       givenName delete   a
+       givenName replace  a
+       givenName delete   b
+       givenName replace  ['b', 'a']
+----------------------------------
+       givenName add      c
+       givenName delete   a
+       givenName delete   b
+       givenName replace  a
+       givenName replace  ['b', 'a']
+----------------------------------
+== result ===[ 24]=======================
+ERR_NO_SUCH_ATTRIBUTE (16)
+-- operations ---------------------------
+       givenName replace  a
+       givenName replace  ['b', 'a']
+       givenName delete   a
+       givenName add      c
+       givenName delete   b
+----------------------------------
+       givenName replace  a
+       givenName replace  ['b', 'a']
+       givenName add      c
+       givenName delete   a
+       givenName delete   b
+----------------------------------
+       givenName replace  a
+       givenName delete   a
+       givenName replace  ['b', 'a']
+       givenName add      c
+       givenName delete   b
+----------------------------------
+       givenName replace  a
+       givenName delete   a
+       givenName add      c
+       givenName replace  ['b', 'a']
+       givenName delete   b
+----------------------------------
+       givenName replace  a
+       givenName add      c
+       givenName replace  ['b', 'a']
+       givenName delete   a
+       givenName delete   b
+----------------------------------
+       givenName replace  a
+       givenName add      c
+       givenName delete   a
+       givenName replace  ['b', 'a']
+       givenName delete   b
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName replace  a
+       givenName delete   a
+       givenName add      c
+       givenName delete   b
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName replace  a
+       givenName add      c
+       givenName delete   a
+       givenName delete   b
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName delete   a
+       givenName replace  a
+       givenName add      c
+       givenName delete   b
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName delete   a
+       givenName add      c
+       givenName replace  a
+       givenName delete   b
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName add      c
+       givenName replace  a
+       givenName delete   a
+       givenName delete   b
+----------------------------------
+       givenName replace  ['b', 'a']
+       givenName add      c
+       givenName delete   a
+       givenName replace  a
+       givenName delete   b
+----------------------------------
+       givenName delete   a
+       givenName replace  a
+       givenName replace  ['b', 'a']
+       givenName add      c
+       givenName delete   b
+----------------------------------
+       givenName delete   a
+       givenName replace  a
+       givenName add      c
+       givenName replace  ['b', 'a']
+       givenName delete   b
+----------------------------------
+       givenName delete   a
+       givenName replace  ['b', 'a']
+       givenName replace  a
+       givenName add      c
+       givenName delete   b
+----------------------------------
+       givenName delete   a
+       givenName replace  ['b', 'a']
+       givenName add      c
+       givenName replace  a
+       givenName delete   b
+----------------------------------
+       givenName delete   a
+       givenName add      c
+       givenName replace  a
+       givenName replace  ['b', 'a']
+       givenName delete   b
+----------------------------------
+       givenName delete   a
+       givenName add      c
+       givenName replace  ['b', 'a']
+       givenName replace  a
+       givenName delete   b
+----------------------------------
+       givenName add      c
+       givenName replace  a
+       givenName replace  ['b', 'a']
+       givenName delete   a
+       givenName delete   b
+----------------------------------
+       givenName add      c
+       givenName replace  a
+       givenName delete   a
+       givenName replace  ['b', 'a']
+       givenName delete   b
+----------------------------------
+       givenName add      c
+       givenName replace  ['b', 'a']
+       givenName replace  a
+       givenName delete   a
+       givenName delete   b
+----------------------------------
+       givenName add      c
+       givenName replace  ['b', 'a']
+       givenName delete   a
+       givenName replace  a
+       givenName delete   b
+----------------------------------
+       givenName add      c
+       givenName delete   a
+       givenName replace  a
+       givenName replace  ['b', 'a']
+       givenName delete   b
+----------------------------------
+       givenName add      c
+       givenName delete   a
+       givenName replace  ['b', 'a']
+       givenName replace  a
+       givenName delete   b
+----------------------------------
\ No newline at end of file
diff --git a/source4/dsdb/tests/python/testdata/modify_order_sometimes_inapplicable-non-admin.expected b/source4/dsdb/tests/python/testdata/modify_order_sometimes_inapplicable-non-admin.expected
new file mode 100644
index 0000000..fd144d7
--- /dev/null
+++ b/source4/dsdb/tests/python/testdata/modify_order_sometimes_inapplicable-non-admin.expected
@@ -0,0 +1,127 @@
+modify_order_sometimes_inapplicable-non-admin
+initial attrs:
+         objectclass: 'user'
+           givenName: 'a'
+== result ===[ 24]=======================
+ERR_INSUFFICIENT_ACCESS_RIGHTS (50)
+-- operations ---------------------------
+     objectclass replace  computer
+     objectclass delete   person
+     dnsHostName add      b
+     dnsHostName replace  c
+----------------------------------
+     objectclass replace  computer
+     objectclass delete   person
+     dnsHostName replace  c
+     dnsHostName add      b
+----------------------------------
+     objectclass replace  computer
+     dnsHostName add      b
+     objectclass delete   person
+     dnsHostName replace  c
+----------------------------------
+     objectclass replace  computer
+     dnsHostName add      b
+     dnsHostName replace  c
+     objectclass delete   person
+----------------------------------
+     objectclass replace  computer
+     dnsHostName replace  c
+     objectclass delete   person
+     dnsHostName add      b
+----------------------------------
+     objectclass replace  computer
+     dnsHostName replace  c
+     dnsHostName add      b
+     objectclass delete   person
+----------------------------------
+     objectclass delete   person
+     objectclass replace  computer
+     dnsHostName add      b
+     dnsHostName replace  c
+----------------------------------
+     objectclass delete   person
+     objectclass replace  computer
+     dnsHostName replace  c
+     dnsHostName add      b
+----------------------------------
+     objectclass delete   person
+     dnsHostName add      b
+     objectclass replace  computer
+     dnsHostName replace  c
+----------------------------------
+     objectclass delete   person
+     dnsHostName add      b
+     dnsHostName replace  c
+     objectclass replace  computer
+----------------------------------
+     objectclass delete   person
+     dnsHostName replace  c
+     objectclass replace  computer
+     dnsHostName add      b
+----------------------------------
+     objectclass delete   person
+     dnsHostName replace  c
+     dnsHostName add      b
+     objectclass replace  computer
+----------------------------------
+     dnsHostName add      b
+     objectclass replace  computer
+     objectclass delete   person
+     dnsHostName replace  c
+----------------------------------
+     dnsHostName add      b
+     objectclass replace  computer
+     dnsHostName replace  c
+     objectclass delete   person
+----------------------------------
+     dnsHostName add      b
+     objectclass delete   person
+     objectclass replace  computer
+     dnsHostName replace  c
+----------------------------------
+     dnsHostName add      b
+     objectclass delete   person
+     dnsHostName replace  c
+     objectclass replace  computer
+----------------------------------
+     dnsHostName add      b
+     dnsHostName replace  c
+     objectclass replace  computer
+     objectclass delete   person
+----------------------------------
+     dnsHostName add      b
+     dnsHostName replace  c
+     objectclass delete   person
+     objectclass replace  computer
+----------------------------------
+     dnsHostName replace  c
+     objectclass replace  computer
+     objectclass delete   person
+     dnsHostName add      b
+----------------------------------
+     dnsHostName replace  c
+     objectclass replace  computer
+     dnsHostName add      b
+     objectclass delete   person
+----------------------------------
+     dnsHostName replace  c
+     objectclass delete   person
+     objectclass replace  computer
+     dnsHostName add      b
+----------------------------------
+     dnsHostName replace  c
+     objectclass delete   person
+     dnsHostName add      b
+     objectclass replace  computer
+----------------------------------
+     dnsHostName replace  c
+     dnsHostName add      b
+     objectclass replace  computer
+     objectclass delete   person
+----------------------------------
+     dnsHostName replace  c
+     dnsHostName add      b
+     objectclass delete   person
+     objectclass replace  computer
+----------------------------------
\ No newline at end of file
diff --git a/source4/dsdb/tests/python/testdata/modify_order_sometimes_inapplicable.expected b/source4/dsdb/tests/python/testdata/modify_order_sometimes_inapplicable.expected
new file mode 100644
index 0000000..a8af7f0
--- /dev/null
+++ b/source4/dsdb/tests/python/testdata/modify_order_sometimes_inapplicable.expected
@@ -0,0 +1,127 @@
+modify_order_sometimes_inapplicable
+initial attrs:
+         objectclass: 'user'
+           givenName: 'a'
+== result ===[ 24]=======================
+ERR_OBJECT_CLASS_VIOLATION (65)
+-- operations ---------------------------
+     objectclass replace  computer
+     objectclass delete   person
+     dnsHostName add      b
+     dnsHostName replace  c
+----------------------------------
+     objectclass replace  computer
+     objectclass delete   person
+     dnsHostName replace  c
+     dnsHostName add      b
+----------------------------------
+     objectclass replace  computer
+     dnsHostName add      b
+     objectclass delete   person
+     dnsHostName replace  c
+----------------------------------
+     objectclass replace  computer
+     dnsHostName add      b
+     dnsHostName replace  c
+     objectclass delete   person
+----------------------------------
+     objectclass replace  computer
+     dnsHostName replace  c
+     objectclass delete   person
+     dnsHostName add      b
+----------------------------------
+     objectclass replace  computer
+     dnsHostName replace  c
+     dnsHostName add      b
+     objectclass delete   person
+----------------------------------
+     objectclass delete   person
+     objectclass replace  computer
+     dnsHostName add      b
+     dnsHostName replace  c
+----------------------------------
+     objectclass delete   person
+     objectclass replace  computer
+     dnsHostName replace  c
+     dnsHostName add      b
+----------------------------------
+     objectclass delete   person
+     dnsHostName add      b
+     objectclass replace  computer
+     dnsHostName replace  c
+----------------------------------
+     objectclass delete   person
+     dnsHostName add      b
+     dnsHostName replace  c
+     objectclass replace  computer
+----------------------------------
+     objectclass delete   person
+     dnsHostName replace  c
+     objectclass replace  computer
+     dnsHostName add      b
+----------------------------------
+     objectclass delete   person
+     dnsHostName replace  c
+     dnsHostName add      b
+     objectclass replace  computer
+----------------------------------
+     dnsHostName add      b
+     objectclass replace  computer
+     objectclass delete   person
+     dnsHostName replace  c
+----------------------------------
+     dnsHostName add      b
+     objectclass replace  computer
+     dnsHostName replace  c
+     objectclass delete   person
+----------------------------------
+     dnsHostName add      b
+     objectclass delete   person
+     objectclass replace  computer
+     dnsHostName replace  c
+----------------------------------
+     dnsHostName add      b
+     objectclass delete   person
+     dnsHostName replace  c
+     objectclass replace  computer
+----------------------------------
+     dnsHostName add      b
+     dnsHostName replace  c
+     objectclass replace  computer
+     objectclass delete   person
+----------------------------------
+     dnsHostName add      b
+     dnsHostName replace  c
+     objectclass delete   person
+     objectclass replace  computer
+----------------------------------
+     dnsHostName replace  c
+     objectclass replace  computer
+     objectclass delete   person
+     dnsHostName add      b
+----------------------------------
+     dnsHostName replace  c
+     objectclass replace  computer
+     dnsHostName add      b
+     objectclass delete   person
+----------------------------------
+     dnsHostName replace  c
+     objectclass delete   person
+     objectclass replace  computer
+     dnsHostName add      b
+----------------------------------
+     dnsHostName replace  c
+     objectclass delete   person
+     dnsHostName add      b
+     objectclass replace  computer
+----------------------------------
+     dnsHostName replace  c
+     dnsHostName add      b
+     objectclass replace  computer
+     objectclass delete   person
+----------------------------------
+     dnsHostName replace  c
+     dnsHostName add      b
+     objectclass delete   person
+     objectclass replace  computer
+----------------------------------
\ No newline at end of file
diff --git a/source4/dsdb/tests/python/testdata/modify_order_telephone-non-admin.expected b/source4/dsdb/tests/python/testdata/modify_order_telephone-non-admin.expected
new file mode 100644
index 0000000..fd46b3a
--- /dev/null
+++ b/source4/dsdb/tests/python/testdata/modify_order_telephone-non-admin.expected
@@ -0,0 +1,727 @@
+modify_order_telephone-non-admin
+initial attrs:
+         objectclass: 'user'
+      otherTelephone: '123'
+== result ===[120]=======================
+ERR_INSUFFICIENT_ACCESS_RIGHTS (50)
+-- operations ---------------------------
+      carLicense replace  3
+      carLicense add      4
+  otherTelephone replace  4
+  otherTelephone add      4
+  otherTelephone delete   123
+----------------------------------
+      carLicense replace  3
+      carLicense add      4
+  otherTelephone replace  4
+  otherTelephone delete   123
+  otherTelephone add      4
+----------------------------------
+      carLicense replace  3
+      carLicense add      4
+  otherTelephone add      4
+  otherTelephone replace  4
+  otherTelephone delete   123
+----------------------------------
+      carLicense replace  3
+      carLicense add      4
+  otherTelephone add      4
+  otherTelephone delete   123
+  otherTelephone replace  4
+----------------------------------
+      carLicense replace  3
+      carLicense add      4
+  otherTelephone delete   123
+  otherTelephone replace  4
+  otherTelephone add      4
+----------------------------------
+      carLicense replace  3
+      carLicense add      4
+  otherTelephone delete   123
+  otherTelephone add      4
+  otherTelephone replace  4
+----------------------------------
+      carLicense replace  3
+  otherTelephone replace  4
+      carLicense add      4
+  otherTelephone add      4
+  otherTelephone delete   123
+----------------------------------
+      carLicense replace  3
+  otherTelephone replace  4
+      carLicense add      4
+  otherTelephone delete   123
+  otherTelephone add      4
+----------------------------------
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone add      4
+      carLicense add      4
+  otherTelephone delete   123
+----------------------------------
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone add      4
+  otherTelephone delete   123
+      carLicense add      4
+----------------------------------
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense add      4
+  otherTelephone add      4
+----------------------------------
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone delete   123
+  otherTelephone add      4
+      carLicense add      4
+----------------------------------
+      carLicense replace  3
+  otherTelephone add      4
+      carLicense add      4
+  otherTelephone replace  4
+  otherTelephone delete   123
+----------------------------------
+      carLicense replace  3
+  otherTelephone add      4
+      carLicense add      4
+  otherTelephone delete   123
+  otherTelephone replace  4
+----------------------------------
+      carLicense replace  3
+  otherTelephone add      4
+  otherTelephone replace  4
+      carLicense add      4
+  otherTelephone delete   123
+----------------------------------
+      carLicense replace  3
+  otherTelephone add      4
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense add      4
+----------------------------------
+      carLicense replace  3
+  otherTelephone add      4
+  otherTelephone delete   123
+      carLicense add      4
+  otherTelephone replace  4
+----------------------------------
+      carLicense replace  3
+  otherTelephone add      4
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense add      4
+----------------------------------
+      carLicense replace  3
+  otherTelephone delete   123
+      carLicense add      4
+  otherTelephone replace  4
+  otherTelephone add      4
+----------------------------------
+      carLicense replace  3
+  otherTelephone delete   123
+      carLicense add      4
+  otherTelephone add      4
+  otherTelephone replace  4
+----------------------------------
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense add      4
+  otherTelephone add      4
+----------------------------------
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone replace  4
+  otherTelephone add      4
+      carLicense add      4
+----------------------------------
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone add      4
+      carLicense add      4
+  otherTelephone replace  4
+----------------------------------
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone add      4
+  otherTelephone replace  4
+      carLicense add      4
+----------------------------------
+      carLicense add      4
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone add      4
+  otherTelephone delete   123
+----------------------------------
+      carLicense add      4
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone delete   123
+  otherTelephone add      4
+----------------------------------
+      carLicense add      4
+      carLicense replace  3
+  otherTelephone add      4
+  otherTelephone replace  4
+  otherTelephone delete   123
+----------------------------------
+      carLicense add      4
+      carLicense replace  3
+  otherTelephone add      4
+  otherTelephone delete   123
+  otherTelephone replace  4
+----------------------------------
+      carLicense add      4
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone replace  4
+  otherTelephone add      4
+----------------------------------
+      carLicense add      4
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone add      4
+  otherTelephone replace  4
+----------------------------------
+      carLicense add      4
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone add      4
+  otherTelephone delete   123
+----------------------------------
+      carLicense add      4
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone add      4
+----------------------------------
+      carLicense add      4
+  otherTelephone replace  4
+  otherTelephone add      4
+      carLicense replace  3
+  otherTelephone delete   123
+----------------------------------
+      carLicense add      4
+  otherTelephone replace  4
+  otherTelephone add      4
+  otherTelephone delete   123
+      carLicense replace  3
+----------------------------------
+      carLicense add      4
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone add      4
+----------------------------------
+      carLicense add      4
+  otherTelephone replace  4
+  otherTelephone delete   123
+  otherTelephone add      4
+      carLicense replace  3
+----------------------------------
+      carLicense add      4
+  otherTelephone add      4
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone delete   123
+----------------------------------
+      carLicense add      4
+  otherTelephone add      4
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone replace  4
+----------------------------------
+      carLicense add      4
+  otherTelephone add      4
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone delete   123
+----------------------------------
+      carLicense add      4
+  otherTelephone add      4
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense replace  3
+----------------------------------
+      carLicense add      4
+  otherTelephone add      4
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone replace  4
+----------------------------------
+      carLicense add      4
+  otherTelephone add      4
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense replace  3
+----------------------------------
+      carLicense add      4
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone add      4
+----------------------------------
+      carLicense add      4
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone add      4
+  otherTelephone replace  4
+----------------------------------
+      carLicense add      4
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone add      4
+----------------------------------
+      carLicense add      4
+  otherTelephone delete   123
+  otherTelephone replace  4
+  otherTelephone add      4
+      carLicense replace  3
+----------------------------------
+      carLicense add      4
+  otherTelephone delete   123
+  otherTelephone add      4
+      carLicense replace  3
+  otherTelephone replace  4
+----------------------------------
+      carLicense add      4
+  otherTelephone delete   123
+  otherTelephone add      4
+  otherTelephone replace  4
+      carLicense replace  3
+----------------------------------
+  otherTelephone replace  4
+      carLicense replace  3
+      carLicense add      4
+  otherTelephone add      4
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone replace  4
+      carLicense replace  3
+      carLicense add      4
+  otherTelephone delete   123
+  otherTelephone add      4
+----------------------------------
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone add      4
+      carLicense add      4
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone add      4
+  otherTelephone delete   123
+      carLicense add      4
+----------------------------------
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone delete   123
+      carLicense add      4
+  otherTelephone add      4
+----------------------------------
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone add      4
+      carLicense add      4
+----------------------------------
+  otherTelephone replace  4
+      carLicense add      4
+      carLicense replace  3
+  otherTelephone add      4
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone replace  4
+      carLicense add      4
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone add      4
+----------------------------------
+  otherTelephone replace  4
+      carLicense add      4
+  otherTelephone add      4
+      carLicense replace  3
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone replace  4
+      carLicense add      4
+  otherTelephone add      4
+  otherTelephone delete   123
+      carLicense replace  3
+----------------------------------
+  otherTelephone replace  4
+      carLicense add      4
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone add      4
+----------------------------------
+  otherTelephone replace  4
+      carLicense add      4
+  otherTelephone delete   123
+  otherTelephone add      4
+      carLicense replace  3
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone add      4
+      carLicense replace  3
+      carLicense add      4
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone add      4
+      carLicense replace  3
+  otherTelephone delete   123
+      carLicense add      4
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone add      4
+      carLicense add      4
+      carLicense replace  3
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone add      4
+      carLicense add      4
+  otherTelephone delete   123
+      carLicense replace  3
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone add      4
+  otherTelephone delete   123
+      carLicense replace  3
+      carLicense add      4
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone add      4
+  otherTelephone delete   123
+      carLicense add      4
+      carLicense replace  3
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense replace  3
+      carLicense add      4
+  otherTelephone add      4
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone add      4
+      carLicense add      4
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense add      4
+      carLicense replace  3
+  otherTelephone add      4
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense add      4
+  otherTelephone add      4
+      carLicense replace  3
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   123
+  otherTelephone add      4
+      carLicense replace  3
+      carLicense add      4
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   123
+  otherTelephone add      4
+      carLicense add      4
+      carLicense replace  3
+----------------------------------
+  otherTelephone add      4
+      carLicense replace  3
+      carLicense add      4
+  otherTelephone replace  4
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone add      4
+      carLicense replace  3
+      carLicense add      4
+  otherTelephone delete   123
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone add      4
+      carLicense replace  3
+  otherTelephone replace  4
+      carLicense add      4
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone add      4
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense add      4
+----------------------------------
+  otherTelephone add      4
+      carLicense replace  3
+  otherTelephone delete   123
+      carLicense add      4
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone add      4
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense add      4
+----------------------------------
+  otherTelephone add      4
+      carLicense add      4
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone add      4
+      carLicense add      4
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone add      4
+      carLicense add      4
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone add      4
+      carLicense add      4
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense replace  3
+----------------------------------
+  otherTelephone add      4
+      carLicense add      4
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone add      4
+      carLicense add      4
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense replace  3
+----------------------------------
+  otherTelephone add      4
+  otherTelephone replace  4
+      carLicense replace  3
+      carLicense add      4
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone add      4
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone delete   123
+      carLicense add      4
+----------------------------------
+  otherTelephone add      4
+  otherTelephone replace  4
+      carLicense add      4
+      carLicense replace  3
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone add      4
+  otherTelephone replace  4
+      carLicense add      4
+  otherTelephone delete   123
+      carLicense replace  3
+----------------------------------
+  otherTelephone add      4
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense replace  3
+      carLicense add      4
+----------------------------------
+  otherTelephone add      4
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense add      4
+      carLicense replace  3
+----------------------------------
+  otherTelephone add      4
+  otherTelephone delete   123
+      carLicense replace  3
+      carLicense add      4
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone add      4
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone replace  4
+      carLicense add      4
+----------------------------------
+  otherTelephone add      4
+  otherTelephone delete   123
+      carLicense add      4
+      carLicense replace  3
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone add      4
+  otherTelephone delete   123
+      carLicense add      4
+  otherTelephone replace  4
+      carLicense replace  3
+----------------------------------
+  otherTelephone add      4
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense replace  3
+      carLicense add      4
+----------------------------------
+  otherTelephone add      4
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense add      4
+      carLicense replace  3
+----------------------------------
+  otherTelephone delete   123
+      carLicense replace  3
+      carLicense add      4
+  otherTelephone replace  4
+  otherTelephone add      4
+----------------------------------
+  otherTelephone delete   123
+      carLicense replace  3
+      carLicense add      4
+  otherTelephone add      4
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone replace  4
+      carLicense add      4
+  otherTelephone add      4
+----------------------------------
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone add      4
+      carLicense add      4
+----------------------------------
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone add      4
+      carLicense add      4
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone add      4
+  otherTelephone replace  4
+      carLicense add      4
+----------------------------------
+  otherTelephone delete   123
+      carLicense add      4
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone add      4
+----------------------------------
+  otherTelephone delete   123
+      carLicense add      4
+      carLicense replace  3
+  otherTelephone add      4
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   123
+      carLicense add      4
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone add      4
+----------------------------------
+  otherTelephone delete   123
+      carLicense add      4
+  otherTelephone replace  4
+  otherTelephone add      4
+      carLicense replace  3
+----------------------------------
+  otherTelephone delete   123
+      carLicense add      4
+  otherTelephone add      4
+      carLicense replace  3
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   123
+      carLicense add      4
+  otherTelephone add      4
+  otherTelephone replace  4
+      carLicense replace  3
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense replace  3
+      carLicense add      4
+  otherTelephone add      4
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone add      4
+      carLicense add      4
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense add      4
+      carLicense replace  3
+  otherTelephone add      4
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense add      4
+  otherTelephone add      4
+      carLicense replace  3
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone replace  4
+  otherTelephone add      4
+      carLicense replace  3
+      carLicense add      4
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone replace  4
+  otherTelephone add      4
+      carLicense add      4
+      carLicense replace  3
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone add      4
+      carLicense replace  3
+      carLicense add      4
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone add      4
+      carLicense replace  3
+  otherTelephone replace  4
+      carLicense add      4
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone add      4
+      carLicense add      4
+      carLicense replace  3
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone add      4
+      carLicense add      4
+  otherTelephone replace  4
+      carLicense replace  3
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone add      4
+  otherTelephone replace  4
+      carLicense replace  3
+      carLicense add      4
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone add      4
+  otherTelephone replace  4
+      carLicense add      4
+      carLicense replace  3
+----------------------------------
\ No newline at end of file
diff --git a/source4/dsdb/tests/python/testdata/modify_order_telephone.expected b/source4/dsdb/tests/python/testdata/modify_order_telephone.expected
new file mode 100644
index 0000000..d17de03
--- /dev/null
+++ b/source4/dsdb/tests/python/testdata/modify_order_telephone.expected
@@ -0,0 +1,752 @@
+modify_order_telephone
+initial attrs:
+         objectclass: 'user'
+      otherTelephone: '123'
+== result ===[ 20]=======================
+          carLicense: [b'3']
+         objectClass: [b'organizationalPerson', b'person', b'top', b'user']
+-- operations ---------------------------
+      carLicense add      4
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone add      4
+  otherTelephone delete   123
+----------------------------------
+      carLicense add      4
+      carLicense replace  3
+  otherTelephone add      4
+  otherTelephone replace  4
+  otherTelephone delete   123
+----------------------------------
+      carLicense add      4
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone add      4
+  otherTelephone delete   123
+----------------------------------
+      carLicense add      4
+  otherTelephone replace  4
+  otherTelephone add      4
+      carLicense replace  3
+  otherTelephone delete   123
+----------------------------------
+      carLicense add      4
+  otherTelephone replace  4
+  otherTelephone add      4
+  otherTelephone delete   123
+      carLicense replace  3
+----------------------------------
+      carLicense add      4
+  otherTelephone add      4
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone delete   123
+----------------------------------
+      carLicense add      4
+  otherTelephone add      4
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone delete   123
+----------------------------------
+      carLicense add      4
+  otherTelephone add      4
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense replace  3
+----------------------------------
+  otherTelephone replace  4
+      carLicense add      4
+      carLicense replace  3
+  otherTelephone add      4
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone replace  4
+      carLicense add      4
+  otherTelephone add      4
+      carLicense replace  3
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone replace  4
+      carLicense add      4
+  otherTelephone add      4
+  otherTelephone delete   123
+      carLicense replace  3
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone add      4
+      carLicense add      4
+      carLicense replace  3
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone add      4
+      carLicense add      4
+  otherTelephone delete   123
+      carLicense replace  3
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone add      4
+  otherTelephone delete   123
+      carLicense add      4
+      carLicense replace  3
+----------------------------------
+  otherTelephone add      4
+      carLicense add      4
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone add      4
+      carLicense add      4
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone add      4
+      carLicense add      4
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense replace  3
+----------------------------------
+  otherTelephone add      4
+  otherTelephone replace  4
+      carLicense add      4
+      carLicense replace  3
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone add      4
+  otherTelephone replace  4
+      carLicense add      4
+  otherTelephone delete   123
+      carLicense replace  3
+----------------------------------
+  otherTelephone add      4
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense add      4
+      carLicense replace  3
+----------------------------------
+== result ===[ 20]=======================
+          carLicense: [b'3']
+         objectClass: [b'organizationalPerson', b'person', b'top', b'user']
+      otherTelephone: [b'123', b'4']
+-- operations ---------------------------
+      carLicense add      4
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone delete   123
+  otherTelephone add      4
+----------------------------------
+      carLicense add      4
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone replace  4
+  otherTelephone add      4
+----------------------------------
+      carLicense add      4
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone add      4
+----------------------------------
+      carLicense add      4
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone add      4
+----------------------------------
+      carLicense add      4
+  otherTelephone replace  4
+  otherTelephone delete   123
+  otherTelephone add      4
+      carLicense replace  3
+----------------------------------
+      carLicense add      4
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone add      4
+----------------------------------
+      carLicense add      4
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone add      4
+----------------------------------
+      carLicense add      4
+  otherTelephone delete   123
+  otherTelephone replace  4
+  otherTelephone add      4
+      carLicense replace  3
+----------------------------------
+  otherTelephone replace  4
+      carLicense add      4
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone add      4
+----------------------------------
+  otherTelephone replace  4
+      carLicense add      4
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone add      4
+----------------------------------
+  otherTelephone replace  4
+      carLicense add      4
+  otherTelephone delete   123
+  otherTelephone add      4
+      carLicense replace  3
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense add      4
+      carLicense replace  3
+  otherTelephone add      4
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense add      4
+  otherTelephone add      4
+      carLicense replace  3
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   123
+  otherTelephone add      4
+      carLicense add      4
+      carLicense replace  3
+----------------------------------
+  otherTelephone delete   123
+      carLicense add      4
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone add      4
+----------------------------------
+  otherTelephone delete   123
+      carLicense add      4
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone add      4
+----------------------------------
+  otherTelephone delete   123
+      carLicense add      4
+  otherTelephone replace  4
+  otherTelephone add      4
+      carLicense replace  3
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense add      4
+      carLicense replace  3
+  otherTelephone add      4
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense add      4
+  otherTelephone add      4
+      carLicense replace  3
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone replace  4
+  otherTelephone add      4
+      carLicense add      4
+      carLicense replace  3
+----------------------------------
+== result ===[ 20]=======================
+          carLicense: [b'3']
+         objectClass: [b'organizationalPerson', b'person', b'top', b'user']
+      otherTelephone: [b'4']
+-- operations ---------------------------
+      carLicense add      4
+      carLicense replace  3
+  otherTelephone add      4
+  otherTelephone delete   123
+  otherTelephone replace  4
+----------------------------------
+      carLicense add      4
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone add      4
+  otherTelephone replace  4
+----------------------------------
+      carLicense add      4
+  otherTelephone add      4
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone replace  4
+----------------------------------
+      carLicense add      4
+  otherTelephone add      4
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone replace  4
+----------------------------------
+      carLicense add      4
+  otherTelephone add      4
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense replace  3
+----------------------------------
+      carLicense add      4
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone add      4
+  otherTelephone replace  4
+----------------------------------
+      carLicense add      4
+  otherTelephone delete   123
+  otherTelephone add      4
+      carLicense replace  3
+  otherTelephone replace  4
+----------------------------------
+      carLicense add      4
+  otherTelephone delete   123
+  otherTelephone add      4
+  otherTelephone replace  4
+      carLicense replace  3
+----------------------------------
+  otherTelephone add      4
+      carLicense add      4
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone add      4
+      carLicense add      4
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone add      4
+      carLicense add      4
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense replace  3
+----------------------------------
+  otherTelephone add      4
+  otherTelephone delete   123
+      carLicense add      4
+      carLicense replace  3
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone add      4
+  otherTelephone delete   123
+      carLicense add      4
+  otherTelephone replace  4
+      carLicense replace  3
+----------------------------------
+  otherTelephone add      4
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense add      4
+      carLicense replace  3
+----------------------------------
+  otherTelephone delete   123
+      carLicense add      4
+      carLicense replace  3
+  otherTelephone add      4
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   123
+      carLicense add      4
+  otherTelephone add      4
+      carLicense replace  3
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   123
+      carLicense add      4
+  otherTelephone add      4
+  otherTelephone replace  4
+      carLicense replace  3
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone add      4
+      carLicense add      4
+      carLicense replace  3
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone add      4
+      carLicense add      4
+  otherTelephone replace  4
+      carLicense replace  3
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone add      4
+  otherTelephone replace  4
+      carLicense add      4
+      carLicense replace  3
+----------------------------------
+== result ===[ 20]=======================
+          carLicense: [b'4']
+         objectClass: [b'organizationalPerson', b'person', b'top', b'user']
+-- operations ---------------------------
+      carLicense replace  3
+      carLicense add      4
+  otherTelephone replace  4
+  otherTelephone add      4
+  otherTelephone delete   123
+----------------------------------
+      carLicense replace  3
+      carLicense add      4
+  otherTelephone add      4
+  otherTelephone replace  4
+  otherTelephone delete   123
+----------------------------------
+      carLicense replace  3
+  otherTelephone replace  4
+      carLicense add      4
+  otherTelephone add      4
+  otherTelephone delete   123
+----------------------------------
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone add      4
+      carLicense add      4
+  otherTelephone delete   123
+----------------------------------
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone add      4
+  otherTelephone delete   123
+      carLicense add      4
+----------------------------------
+      carLicense replace  3
+  otherTelephone add      4
+      carLicense add      4
+  otherTelephone replace  4
+  otherTelephone delete   123
+----------------------------------
+      carLicense replace  3
+  otherTelephone add      4
+  otherTelephone replace  4
+      carLicense add      4
+  otherTelephone delete   123
+----------------------------------
+      carLicense replace  3
+  otherTelephone add      4
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense add      4
+----------------------------------
+  otherTelephone replace  4
+      carLicense replace  3
+      carLicense add      4
+  otherTelephone add      4
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone add      4
+      carLicense add      4
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone add      4
+  otherTelephone delete   123
+      carLicense add      4
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone add      4
+      carLicense replace  3
+      carLicense add      4
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone add      4
+      carLicense replace  3
+  otherTelephone delete   123
+      carLicense add      4
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone add      4
+  otherTelephone delete   123
+      carLicense replace  3
+      carLicense add      4
+----------------------------------
+  otherTelephone add      4
+      carLicense replace  3
+      carLicense add      4
+  otherTelephone replace  4
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone add      4
+      carLicense replace  3
+  otherTelephone replace  4
+      carLicense add      4
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone add      4
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense add      4
+----------------------------------
+  otherTelephone add      4
+  otherTelephone replace  4
+      carLicense replace  3
+      carLicense add      4
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone add      4
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone delete   123
+      carLicense add      4
+----------------------------------
+  otherTelephone add      4
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense replace  3
+      carLicense add      4
+----------------------------------
+== result ===[ 20]=======================
+          carLicense: [b'4']
+         objectClass: [b'organizationalPerson', b'person', b'top', b'user']
+      otherTelephone: [b'123', b'4']
+-- operations ---------------------------
+      carLicense replace  3
+      carLicense add      4
+  otherTelephone replace  4
+  otherTelephone delete   123
+  otherTelephone add      4
+----------------------------------
+      carLicense replace  3
+      carLicense add      4
+  otherTelephone delete   123
+  otherTelephone replace  4
+  otherTelephone add      4
+----------------------------------
+      carLicense replace  3
+  otherTelephone replace  4
+      carLicense add      4
+  otherTelephone delete   123
+  otherTelephone add      4
+----------------------------------
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense add      4
+  otherTelephone add      4
+----------------------------------
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone delete   123
+  otherTelephone add      4
+      carLicense add      4
+----------------------------------
+      carLicense replace  3
+  otherTelephone delete   123
+      carLicense add      4
+  otherTelephone replace  4
+  otherTelephone add      4
+----------------------------------
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense add      4
+  otherTelephone add      4
+----------------------------------
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone replace  4
+  otherTelephone add      4
+      carLicense add      4
+----------------------------------
+  otherTelephone replace  4
+      carLicense replace  3
+      carLicense add      4
+  otherTelephone delete   123
+  otherTelephone add      4
+----------------------------------
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone delete   123
+      carLicense add      4
+  otherTelephone add      4
+----------------------------------
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone add      4
+      carLicense add      4
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense replace  3
+      carLicense add      4
+  otherTelephone add      4
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone add      4
+      carLicense add      4
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   123
+  otherTelephone add      4
+      carLicense replace  3
+      carLicense add      4
+----------------------------------
+  otherTelephone delete   123
+      carLicense replace  3
+      carLicense add      4
+  otherTelephone replace  4
+  otherTelephone add      4
+----------------------------------
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone replace  4
+      carLicense add      4
+  otherTelephone add      4
+----------------------------------
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone add      4
+      carLicense add      4
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense replace  3
+      carLicense add      4
+  otherTelephone add      4
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone add      4
+      carLicense add      4
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone replace  4
+  otherTelephone add      4
+      carLicense replace  3
+      carLicense add      4
+----------------------------------
+== result ===[ 20]=======================
+          carLicense: [b'4']
+         objectClass: [b'organizationalPerson', b'person', b'top', b'user']
+      otherTelephone: [b'4']
+-- operations ---------------------------
+      carLicense replace  3
+      carLicense add      4
+  otherTelephone add      4
+  otherTelephone delete   123
+  otherTelephone replace  4
+----------------------------------
+      carLicense replace  3
+      carLicense add      4
+  otherTelephone delete   123
+  otherTelephone add      4
+  otherTelephone replace  4
+----------------------------------
+      carLicense replace  3
+  otherTelephone add      4
+      carLicense add      4
+  otherTelephone delete   123
+  otherTelephone replace  4
+----------------------------------
+      carLicense replace  3
+  otherTelephone add      4
+  otherTelephone delete   123
+      carLicense add      4
+  otherTelephone replace  4
+----------------------------------
+      carLicense replace  3
+  otherTelephone add      4
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense add      4
+----------------------------------
+      carLicense replace  3
+  otherTelephone delete   123
+      carLicense add      4
+  otherTelephone add      4
+  otherTelephone replace  4
+----------------------------------
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone add      4
+      carLicense add      4
+  otherTelephone replace  4
+----------------------------------
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone add      4
+  otherTelephone replace  4
+      carLicense add      4
+----------------------------------
+  otherTelephone add      4
+      carLicense replace  3
+      carLicense add      4
+  otherTelephone delete   123
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone add      4
+      carLicense replace  3
+  otherTelephone delete   123
+      carLicense add      4
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone add      4
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense add      4
+----------------------------------
+  otherTelephone add      4
+  otherTelephone delete   123
+      carLicense replace  3
+      carLicense add      4
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone add      4
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone replace  4
+      carLicense add      4
+----------------------------------
+  otherTelephone add      4
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense replace  3
+      carLicense add      4
+----------------------------------
+  otherTelephone delete   123
+      carLicense replace  3
+      carLicense add      4
+  otherTelephone add      4
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone add      4
+      carLicense add      4
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone add      4
+  otherTelephone replace  4
+      carLicense add      4
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone add      4
+      carLicense replace  3
+      carLicense add      4
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone add      4
+      carLicense replace  3
+  otherTelephone replace  4
+      carLicense add      4
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone add      4
+  otherTelephone replace  4
+      carLicense replace  3
+      carLicense add      4
+----------------------------------
\ No newline at end of file
diff --git a/source4/dsdb/tests/python/testdata/modify_order_telephone_delete_delete-non-admin.expected b/source4/dsdb/tests/python/testdata/modify_order_telephone_delete_delete-non-admin.expected
new file mode 100644
index 0000000..96fc4fd
--- /dev/null
+++ b/source4/dsdb/tests/python/testdata/modify_order_telephone_delete_delete-non-admin.expected
@@ -0,0 +1,727 @@
+modify_order_telephone_delete_delete-non-admin
+initial attrs:
+         objectclass: 'user'
+      otherTelephone: '123'
+== result ===[120]=======================
+ERR_INSUFFICIENT_ACCESS_RIGHTS (50)
+-- operations ---------------------------
+      carLicense replace  3
+      carLicense delete   4
+  otherTelephone replace  4
+  otherTelephone delete   4
+  otherTelephone delete   123
+----------------------------------
+      carLicense replace  3
+      carLicense delete   4
+  otherTelephone replace  4
+  otherTelephone delete   123
+  otherTelephone delete   4
+----------------------------------
+      carLicense replace  3
+      carLicense delete   4
+  otherTelephone delete   4
+  otherTelephone replace  4
+  otherTelephone delete   123
+----------------------------------
+      carLicense replace  3
+      carLicense delete   4
+  otherTelephone delete   4
+  otherTelephone delete   123
+  otherTelephone replace  4
+----------------------------------
+      carLicense replace  3
+      carLicense delete   4
+  otherTelephone delete   123
+  otherTelephone replace  4
+  otherTelephone delete   4
+----------------------------------
+      carLicense replace  3
+      carLicense delete   4
+  otherTelephone delete   123
+  otherTelephone delete   4
+  otherTelephone replace  4
+----------------------------------
+      carLicense replace  3
+  otherTelephone replace  4
+      carLicense delete   4
+  otherTelephone delete   4
+  otherTelephone delete   123
+----------------------------------
+      carLicense replace  3
+  otherTelephone replace  4
+      carLicense delete   4
+  otherTelephone delete   123
+  otherTelephone delete   4
+----------------------------------
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone delete   4
+      carLicense delete   4
+  otherTelephone delete   123
+----------------------------------
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone delete   4
+  otherTelephone delete   123
+      carLicense delete   4
+----------------------------------
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense delete   4
+  otherTelephone delete   4
+----------------------------------
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone delete   123
+  otherTelephone delete   4
+      carLicense delete   4
+----------------------------------
+      carLicense replace  3
+  otherTelephone delete   4
+      carLicense delete   4
+  otherTelephone replace  4
+  otherTelephone delete   123
+----------------------------------
+      carLicense replace  3
+  otherTelephone delete   4
+      carLicense delete   4
+  otherTelephone delete   123
+  otherTelephone replace  4
+----------------------------------
+      carLicense replace  3
+  otherTelephone delete   4
+  otherTelephone replace  4
+      carLicense delete   4
+  otherTelephone delete   123
+----------------------------------
+      carLicense replace  3
+  otherTelephone delete   4
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense delete   4
+----------------------------------
+      carLicense replace  3
+  otherTelephone delete   4
+  otherTelephone delete   123
+      carLicense delete   4
+  otherTelephone replace  4
+----------------------------------
+      carLicense replace  3
+  otherTelephone delete   4
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense delete   4
+----------------------------------
+      carLicense replace  3
+  otherTelephone delete   123
+      carLicense delete   4
+  otherTelephone replace  4
+  otherTelephone delete   4
+----------------------------------
+      carLicense replace  3
+  otherTelephone delete   123
+      carLicense delete   4
+  otherTelephone delete   4
+  otherTelephone replace  4
+----------------------------------
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense delete   4
+  otherTelephone delete   4
+----------------------------------
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone replace  4
+  otherTelephone delete   4
+      carLicense delete   4
+----------------------------------
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone delete   4
+      carLicense delete   4
+  otherTelephone replace  4
+----------------------------------
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone delete   4
+  otherTelephone replace  4
+      carLicense delete   4
+----------------------------------
+      carLicense delete   4
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone delete   4
+  otherTelephone delete   123
+----------------------------------
+      carLicense delete   4
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone delete   123
+  otherTelephone delete   4
+----------------------------------
+      carLicense delete   4
+      carLicense replace  3
+  otherTelephone delete   4
+  otherTelephone replace  4
+  otherTelephone delete   123
+----------------------------------
+      carLicense delete   4
+      carLicense replace  3
+  otherTelephone delete   4
+  otherTelephone delete   123
+  otherTelephone replace  4
+----------------------------------
+      carLicense delete   4
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone replace  4
+  otherTelephone delete   4
+----------------------------------
+      carLicense delete   4
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone delete   4
+  otherTelephone replace  4
+----------------------------------
+      carLicense delete   4
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone delete   4
+  otherTelephone delete   123
+----------------------------------
+      carLicense delete   4
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone delete   4
+----------------------------------
+      carLicense delete   4
+  otherTelephone replace  4
+  otherTelephone delete   4
+      carLicense replace  3
+  otherTelephone delete   123
+----------------------------------
+      carLicense delete   4
+  otherTelephone replace  4
+  otherTelephone delete   4
+  otherTelephone delete   123
+      carLicense replace  3
+----------------------------------
+      carLicense delete   4
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone delete   4
+----------------------------------
+      carLicense delete   4
+  otherTelephone replace  4
+  otherTelephone delete   123
+  otherTelephone delete   4
+      carLicense replace  3
+----------------------------------
+      carLicense delete   4
+  otherTelephone delete   4
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone delete   123
+----------------------------------
+      carLicense delete   4
+  otherTelephone delete   4
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone replace  4
+----------------------------------
+      carLicense delete   4
+  otherTelephone delete   4
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone delete   123
+----------------------------------
+      carLicense delete   4
+  otherTelephone delete   4
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense replace  3
+----------------------------------
+      carLicense delete   4
+  otherTelephone delete   4
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone replace  4
+----------------------------------
+      carLicense delete   4
+  otherTelephone delete   4
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense replace  3
+----------------------------------
+      carLicense delete   4
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone delete   4
+----------------------------------
+      carLicense delete   4
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone delete   4
+  otherTelephone replace  4
+----------------------------------
+      carLicense delete   4
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone delete   4
+----------------------------------
+      carLicense delete   4
+  otherTelephone delete   123
+  otherTelephone replace  4
+  otherTelephone delete   4
+      carLicense replace  3
+----------------------------------
+      carLicense delete   4
+  otherTelephone delete   123
+  otherTelephone delete   4
+      carLicense replace  3
+  otherTelephone replace  4
+----------------------------------
+      carLicense delete   4
+  otherTelephone delete   123
+  otherTelephone delete   4
+  otherTelephone replace  4
+      carLicense replace  3
+----------------------------------
+  otherTelephone replace  4
+      carLicense replace  3
+      carLicense delete   4
+  otherTelephone delete   4
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone replace  4
+      carLicense replace  3
+      carLicense delete   4
+  otherTelephone delete   123
+  otherTelephone delete   4
+----------------------------------
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone delete   4
+      carLicense delete   4
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone delete   4
+  otherTelephone delete   123
+      carLicense delete   4
+----------------------------------
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone delete   123
+      carLicense delete   4
+  otherTelephone delete   4
+----------------------------------
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone delete   4
+      carLicense delete   4
+----------------------------------
+  otherTelephone replace  4
+      carLicense delete   4
+      carLicense replace  3
+  otherTelephone delete   4
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone replace  4
+      carLicense delete   4
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone delete   4
+----------------------------------
+  otherTelephone replace  4
+      carLicense delete   4
+  otherTelephone delete   4
+      carLicense replace  3
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone replace  4
+      carLicense delete   4
+  otherTelephone delete   4
+  otherTelephone delete   123
+      carLicense replace  3
+----------------------------------
+  otherTelephone replace  4
+      carLicense delete   4
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone delete   4
+----------------------------------
+  otherTelephone replace  4
+      carLicense delete   4
+  otherTelephone delete   123
+  otherTelephone delete   4
+      carLicense replace  3
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   4
+      carLicense replace  3
+      carLicense delete   4
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   4
+      carLicense replace  3
+  otherTelephone delete   123
+      carLicense delete   4
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   4
+      carLicense delete   4
+      carLicense replace  3
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   4
+      carLicense delete   4
+  otherTelephone delete   123
+      carLicense replace  3
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   4
+  otherTelephone delete   123
+      carLicense replace  3
+      carLicense delete   4
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   4
+  otherTelephone delete   123
+      carLicense delete   4
+      carLicense replace  3
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense replace  3
+      carLicense delete   4
+  otherTelephone delete   4
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone delete   4
+      carLicense delete   4
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense delete   4
+      carLicense replace  3
+  otherTelephone delete   4
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense delete   4
+  otherTelephone delete   4
+      carLicense replace  3
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   123
+  otherTelephone delete   4
+      carLicense replace  3
+      carLicense delete   4
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   123
+  otherTelephone delete   4
+      carLicense delete   4
+      carLicense replace  3
+----------------------------------
+  otherTelephone delete   4
+      carLicense replace  3
+      carLicense delete   4
+  otherTelephone replace  4
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone delete   4
+      carLicense replace  3
+      carLicense delete   4
+  otherTelephone delete   123
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   4
+      carLicense replace  3
+  otherTelephone replace  4
+      carLicense delete   4
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone delete   4
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense delete   4
+----------------------------------
+  otherTelephone delete   4
+      carLicense replace  3
+  otherTelephone delete   123
+      carLicense delete   4
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   4
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense delete   4
+----------------------------------
+  otherTelephone delete   4
+      carLicense delete   4
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone delete   4
+      carLicense delete   4
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   4
+      carLicense delete   4
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone delete   4
+      carLicense delete   4
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense replace  3
+----------------------------------
+  otherTelephone delete   4
+      carLicense delete   4
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   4
+      carLicense delete   4
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense replace  3
+----------------------------------
+  otherTelephone delete   4
+  otherTelephone replace  4
+      carLicense replace  3
+      carLicense delete   4
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone delete   4
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone delete   123
+      carLicense delete   4
+----------------------------------
+  otherTelephone delete   4
+  otherTelephone replace  4
+      carLicense delete   4
+      carLicense replace  3
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone delete   4
+  otherTelephone replace  4
+      carLicense delete   4
+  otherTelephone delete   123
+      carLicense replace  3
+----------------------------------
+  otherTelephone delete   4
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense replace  3
+      carLicense delete   4
+----------------------------------
+  otherTelephone delete   4
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense delete   4
+      carLicense replace  3
+----------------------------------
+  otherTelephone delete   4
+  otherTelephone delete   123
+      carLicense replace  3
+      carLicense delete   4
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   4
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone replace  4
+      carLicense delete   4
+----------------------------------
+  otherTelephone delete   4
+  otherTelephone delete   123
+      carLicense delete   4
+      carLicense replace  3
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   4
+  otherTelephone delete   123
+      carLicense delete   4
+  otherTelephone replace  4
+      carLicense replace  3
+----------------------------------
+  otherTelephone delete   4
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense replace  3
+      carLicense delete   4
+----------------------------------
+  otherTelephone delete   4
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense delete   4
+      carLicense replace  3
+----------------------------------
+  otherTelephone delete   123
+      carLicense replace  3
+      carLicense delete   4
+  otherTelephone replace  4
+  otherTelephone delete   4
+----------------------------------
+  otherTelephone delete   123
+      carLicense replace  3
+      carLicense delete   4
+  otherTelephone delete   4
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone replace  4
+      carLicense delete   4
+  otherTelephone delete   4
+----------------------------------
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone delete   4
+      carLicense delete   4
+----------------------------------
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone delete   4
+      carLicense delete   4
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone delete   4
+  otherTelephone replace  4
+      carLicense delete   4
+----------------------------------
+  otherTelephone delete   123
+      carLicense delete   4
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone delete   4
+----------------------------------
+  otherTelephone delete   123
+      carLicense delete   4
+      carLicense replace  3
+  otherTelephone delete   4
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   123
+      carLicense delete   4
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone delete   4
+----------------------------------
+  otherTelephone delete   123
+      carLicense delete   4
+  otherTelephone replace  4
+  otherTelephone delete   4
+      carLicense replace  3
+----------------------------------
+  otherTelephone delete   123
+      carLicense delete   4
+  otherTelephone delete   4
+      carLicense replace  3
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   123
+      carLicense delete   4
+  otherTelephone delete   4
+  otherTelephone replace  4
+      carLicense replace  3
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense replace  3
+      carLicense delete   4
+  otherTelephone delete   4
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone delete   4
+      carLicense delete   4
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense delete   4
+      carLicense replace  3
+  otherTelephone delete   4
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense delete   4
+  otherTelephone delete   4
+      carLicense replace  3
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone replace  4
+  otherTelephone delete   4
+      carLicense replace  3
+      carLicense delete   4
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone replace  4
+  otherTelephone delete   4
+      carLicense delete   4
+      carLicense replace  3
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone delete   4
+      carLicense replace  3
+      carLicense delete   4
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone delete   4
+      carLicense replace  3
+  otherTelephone replace  4
+      carLicense delete   4
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone delete   4
+      carLicense delete   4
+      carLicense replace  3
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone delete   4
+      carLicense delete   4
+  otherTelephone replace  4
+      carLicense replace  3
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone delete   4
+  otherTelephone replace  4
+      carLicense replace  3
+      carLicense delete   4
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone delete   4
+  otherTelephone replace  4
+      carLicense delete   4
+      carLicense replace  3
+----------------------------------
\ No newline at end of file
diff --git a/source4/dsdb/tests/python/testdata/modify_order_telephone_delete_delete.expected b/source4/dsdb/tests/python/testdata/modify_order_telephone_delete_delete.expected
new file mode 100644
index 0000000..14983ba
--- /dev/null
+++ b/source4/dsdb/tests/python/testdata/modify_order_telephone_delete_delete.expected
@@ -0,0 +1,736 @@
+modify_order_telephone_delete_delete
+initial attrs:
+         objectclass: 'user'
+      otherTelephone: '123'
+== result ===[ 20]=======================
+          carLicense: [b'3']
+         objectClass: [b'organizationalPerson', b'person', b'top', b'user']
+-- operations ---------------------------
+      carLicense delete   4
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone delete   4
+  otherTelephone delete   123
+----------------------------------
+      carLicense delete   4
+      carLicense replace  3
+  otherTelephone delete   4
+  otherTelephone replace  4
+  otherTelephone delete   123
+----------------------------------
+      carLicense delete   4
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone delete   4
+  otherTelephone delete   123
+----------------------------------
+      carLicense delete   4
+  otherTelephone replace  4
+  otherTelephone delete   4
+      carLicense replace  3
+  otherTelephone delete   123
+----------------------------------
+      carLicense delete   4
+  otherTelephone replace  4
+  otherTelephone delete   4
+  otherTelephone delete   123
+      carLicense replace  3
+----------------------------------
+      carLicense delete   4
+  otherTelephone delete   4
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone delete   123
+----------------------------------
+      carLicense delete   4
+  otherTelephone delete   4
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone delete   123
+----------------------------------
+      carLicense delete   4
+  otherTelephone delete   4
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense replace  3
+----------------------------------
+  otherTelephone replace  4
+      carLicense delete   4
+      carLicense replace  3
+  otherTelephone delete   4
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone replace  4
+      carLicense delete   4
+  otherTelephone delete   4
+      carLicense replace  3
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone replace  4
+      carLicense delete   4
+  otherTelephone delete   4
+  otherTelephone delete   123
+      carLicense replace  3
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   4
+      carLicense delete   4
+      carLicense replace  3
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   4
+      carLicense delete   4
+  otherTelephone delete   123
+      carLicense replace  3
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   4
+  otherTelephone delete   123
+      carLicense delete   4
+      carLicense replace  3
+----------------------------------
+  otherTelephone delete   4
+      carLicense delete   4
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone delete   4
+      carLicense delete   4
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone delete   4
+      carLicense delete   4
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense replace  3
+----------------------------------
+  otherTelephone delete   4
+  otherTelephone replace  4
+      carLicense delete   4
+      carLicense replace  3
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone delete   4
+  otherTelephone replace  4
+      carLicense delete   4
+  otherTelephone delete   123
+      carLicense replace  3
+----------------------------------
+  otherTelephone delete   4
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense delete   4
+      carLicense replace  3
+----------------------------------
+== result ===[ 20]=======================
+          carLicense: [b'3']
+         objectClass: [b'organizationalPerson', b'person', b'top', b'user']
+      otherTelephone: [b'4']
+-- operations ---------------------------
+      carLicense delete   4
+      carLicense replace  3
+  otherTelephone delete   4
+  otherTelephone delete   123
+  otherTelephone replace  4
+----------------------------------
+      carLicense delete   4
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone delete   4
+  otherTelephone replace  4
+----------------------------------
+      carLicense delete   4
+  otherTelephone delete   4
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone replace  4
+----------------------------------
+      carLicense delete   4
+  otherTelephone delete   4
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone replace  4
+----------------------------------
+      carLicense delete   4
+  otherTelephone delete   4
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense replace  3
+----------------------------------
+      carLicense delete   4
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone delete   4
+  otherTelephone replace  4
+----------------------------------
+      carLicense delete   4
+  otherTelephone delete   123
+  otherTelephone delete   4
+      carLicense replace  3
+  otherTelephone replace  4
+----------------------------------
+      carLicense delete   4
+  otherTelephone delete   123
+  otherTelephone delete   4
+  otherTelephone replace  4
+      carLicense replace  3
+----------------------------------
+  otherTelephone delete   4
+      carLicense delete   4
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   4
+      carLicense delete   4
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   4
+      carLicense delete   4
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense replace  3
+----------------------------------
+  otherTelephone delete   4
+  otherTelephone delete   123
+      carLicense delete   4
+      carLicense replace  3
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   4
+  otherTelephone delete   123
+      carLicense delete   4
+  otherTelephone replace  4
+      carLicense replace  3
+----------------------------------
+  otherTelephone delete   4
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense delete   4
+      carLicense replace  3
+----------------------------------
+  otherTelephone delete   123
+      carLicense delete   4
+      carLicense replace  3
+  otherTelephone delete   4
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   123
+      carLicense delete   4
+  otherTelephone delete   4
+      carLicense replace  3
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   123
+      carLicense delete   4
+  otherTelephone delete   4
+  otherTelephone replace  4
+      carLicense replace  3
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone delete   4
+      carLicense delete   4
+      carLicense replace  3
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone delete   4
+      carLicense delete   4
+  otherTelephone replace  4
+      carLicense replace  3
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone delete   4
+  otherTelephone replace  4
+      carLicense delete   4
+      carLicense replace  3
+----------------------------------
+== result ===[ 80]=======================
+ERR_NO_SUCH_ATTRIBUTE (16)
+-- operations ---------------------------
+      carLicense replace  3
+      carLicense delete   4
+  otherTelephone replace  4
+  otherTelephone delete   4
+  otherTelephone delete   123
+----------------------------------
+      carLicense replace  3
+      carLicense delete   4
+  otherTelephone replace  4
+  otherTelephone delete   123
+  otherTelephone delete   4
+----------------------------------
+      carLicense replace  3
+      carLicense delete   4
+  otherTelephone delete   4
+  otherTelephone replace  4
+  otherTelephone delete   123
+----------------------------------
+      carLicense replace  3
+      carLicense delete   4
+  otherTelephone delete   4
+  otherTelephone delete   123
+  otherTelephone replace  4
+----------------------------------
+      carLicense replace  3
+      carLicense delete   4
+  otherTelephone delete   123
+  otherTelephone replace  4
+  otherTelephone delete   4
+----------------------------------
+      carLicense replace  3
+      carLicense delete   4
+  otherTelephone delete   123
+  otherTelephone delete   4
+  otherTelephone replace  4
+----------------------------------
+      carLicense replace  3
+  otherTelephone replace  4
+      carLicense delete   4
+  otherTelephone delete   4
+  otherTelephone delete   123
+----------------------------------
+      carLicense replace  3
+  otherTelephone replace  4
+      carLicense delete   4
+  otherTelephone delete   123
+  otherTelephone delete   4
+----------------------------------
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone delete   4
+      carLicense delete   4
+  otherTelephone delete   123
+----------------------------------
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone delete   4
+  otherTelephone delete   123
+      carLicense delete   4
+----------------------------------
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense delete   4
+  otherTelephone delete   4
+----------------------------------
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone delete   123
+  otherTelephone delete   4
+      carLicense delete   4
+----------------------------------
+      carLicense replace  3
+  otherTelephone delete   4
+      carLicense delete   4
+  otherTelephone replace  4
+  otherTelephone delete   123
+----------------------------------
+      carLicense replace  3
+  otherTelephone delete   4
+      carLicense delete   4
+  otherTelephone delete   123
+  otherTelephone replace  4
+----------------------------------
+      carLicense replace  3
+  otherTelephone delete   4
+  otherTelephone replace  4
+      carLicense delete   4
+  otherTelephone delete   123
+----------------------------------
+      carLicense replace  3
+  otherTelephone delete   4
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense delete   4
+----------------------------------
+      carLicense replace  3
+  otherTelephone delete   4
+  otherTelephone delete   123
+      carLicense delete   4
+  otherTelephone replace  4
+----------------------------------
+      carLicense replace  3
+  otherTelephone delete   4
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense delete   4
+----------------------------------
+      carLicense replace  3
+  otherTelephone delete   123
+      carLicense delete   4
+  otherTelephone replace  4
+  otherTelephone delete   4
+----------------------------------
+      carLicense replace  3
+  otherTelephone delete   123
+      carLicense delete   4
+  otherTelephone delete   4
+  otherTelephone replace  4
+----------------------------------
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense delete   4
+  otherTelephone delete   4
+----------------------------------
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone replace  4
+  otherTelephone delete   4
+      carLicense delete   4
+----------------------------------
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone delete   4
+      carLicense delete   4
+  otherTelephone replace  4
+----------------------------------
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone delete   4
+  otherTelephone replace  4
+      carLicense delete   4
+----------------------------------
+      carLicense delete   4
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone delete   123
+  otherTelephone delete   4
+----------------------------------
+      carLicense delete   4
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone replace  4
+  otherTelephone delete   4
+----------------------------------
+      carLicense delete   4
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone delete   4
+----------------------------------
+      carLicense delete   4
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone delete   4
+----------------------------------
+      carLicense delete   4
+  otherTelephone replace  4
+  otherTelephone delete   123
+  otherTelephone delete   4
+      carLicense replace  3
+----------------------------------
+      carLicense delete   4
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone delete   4
+----------------------------------
+      carLicense delete   4
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone delete   4
+----------------------------------
+      carLicense delete   4
+  otherTelephone delete   123
+  otherTelephone replace  4
+  otherTelephone delete   4
+      carLicense replace  3
+----------------------------------
+  otherTelephone replace  4
+      carLicense replace  3
+      carLicense delete   4
+  otherTelephone delete   4
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone replace  4
+      carLicense replace  3
+      carLicense delete   4
+  otherTelephone delete   123
+  otherTelephone delete   4
+----------------------------------
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone delete   4
+      carLicense delete   4
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone delete   4
+  otherTelephone delete   123
+      carLicense delete   4
+----------------------------------
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone delete   123
+      carLicense delete   4
+  otherTelephone delete   4
+----------------------------------
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone delete   4
+      carLicense delete   4
+----------------------------------
+  otherTelephone replace  4
+      carLicense delete   4
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone delete   4
+----------------------------------
+  otherTelephone replace  4
+      carLicense delete   4
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone delete   4
+----------------------------------
+  otherTelephone replace  4
+      carLicense delete   4
+  otherTelephone delete   123
+  otherTelephone delete   4
+      carLicense replace  3
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   4
+      carLicense replace  3
+      carLicense delete   4
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   4
+      carLicense replace  3
+  otherTelephone delete   123
+      carLicense delete   4
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   4
+  otherTelephone delete   123
+      carLicense replace  3
+      carLicense delete   4
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense replace  3
+      carLicense delete   4
+  otherTelephone delete   4
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone delete   4
+      carLicense delete   4
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense delete   4
+      carLicense replace  3
+  otherTelephone delete   4
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense delete   4
+  otherTelephone delete   4
+      carLicense replace  3
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   123
+  otherTelephone delete   4
+      carLicense replace  3
+      carLicense delete   4
+----------------------------------
+  otherTelephone replace  4
+  otherTelephone delete   123
+  otherTelephone delete   4
+      carLicense delete   4
+      carLicense replace  3
+----------------------------------
+  otherTelephone delete   4
+      carLicense replace  3
+      carLicense delete   4
+  otherTelephone replace  4
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone delete   4
+      carLicense replace  3
+      carLicense delete   4
+  otherTelephone delete   123
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   4
+      carLicense replace  3
+  otherTelephone replace  4
+      carLicense delete   4
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone delete   4
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense delete   4
+----------------------------------
+  otherTelephone delete   4
+      carLicense replace  3
+  otherTelephone delete   123
+      carLicense delete   4
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   4
+      carLicense replace  3
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense delete   4
+----------------------------------
+  otherTelephone delete   4
+  otherTelephone replace  4
+      carLicense replace  3
+      carLicense delete   4
+  otherTelephone delete   123
+----------------------------------
+  otherTelephone delete   4
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone delete   123
+      carLicense delete   4
+----------------------------------
+  otherTelephone delete   4
+  otherTelephone replace  4
+  otherTelephone delete   123
+      carLicense replace  3
+      carLicense delete   4
+----------------------------------
+  otherTelephone delete   4
+  otherTelephone delete   123
+      carLicense replace  3
+      carLicense delete   4
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   4
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone replace  4
+      carLicense delete   4
+----------------------------------
+  otherTelephone delete   4
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense replace  3
+      carLicense delete   4
+----------------------------------
+  otherTelephone delete   123
+      carLicense replace  3
+      carLicense delete   4
+  otherTelephone replace  4
+  otherTelephone delete   4
+----------------------------------
+  otherTelephone delete   123
+      carLicense replace  3
+      carLicense delete   4
+  otherTelephone delete   4
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone replace  4
+      carLicense delete   4
+  otherTelephone delete   4
+----------------------------------
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone delete   4
+      carLicense delete   4
+----------------------------------
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone delete   4
+      carLicense delete   4
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   123
+      carLicense replace  3
+  otherTelephone delete   4
+  otherTelephone replace  4
+      carLicense delete   4
+----------------------------------
+  otherTelephone delete   123
+      carLicense delete   4
+      carLicense replace  3
+  otherTelephone replace  4
+  otherTelephone delete   4
+----------------------------------
+  otherTelephone delete   123
+      carLicense delete   4
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone delete   4
+----------------------------------
+  otherTelephone delete   123
+      carLicense delete   4
+  otherTelephone replace  4
+  otherTelephone delete   4
+      carLicense replace  3
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense replace  3
+      carLicense delete   4
+  otherTelephone delete   4
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense replace  3
+  otherTelephone delete   4
+      carLicense delete   4
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense delete   4
+      carLicense replace  3
+  otherTelephone delete   4
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone replace  4
+      carLicense delete   4
+  otherTelephone delete   4
+      carLicense replace  3
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone replace  4
+  otherTelephone delete   4
+      carLicense replace  3
+      carLicense delete   4
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone replace  4
+  otherTelephone delete   4
+      carLicense delete   4
+      carLicense replace  3
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone delete   4
+      carLicense replace  3
+      carLicense delete   4
+  otherTelephone replace  4
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone delete   4
+      carLicense replace  3
+  otherTelephone replace  4
+      carLicense delete   4
+----------------------------------
+  otherTelephone delete   123
+  otherTelephone delete   4
+  otherTelephone replace  4
+      carLicense replace  3
+      carLicense delete   4
+----------------------------------
\ No newline at end of file
diff --git a/source4/dsdb/tests/python/testdata/simplesort.expected b/source4/dsdb/tests/python/testdata/simplesort.expected
new file mode 100644
index 0000000..045337b
--- /dev/null
+++ b/source4/dsdb/tests/python/testdata/simplesort.expected
@@ -0,0 +1,8 @@
+comment = [u'FAVOURITEXCOLOURXISX0', u'FAVOURITEXCOLOURXISX0', u'FAVOURITEXCOLOURXISX0', u'FAVOURITEXCOLOURXISX0', u'FAVOURITEXCOLOURXISX1', u'FAVOURITEXCOLOURXISX1', u'FAVOURITEXCOLOURXISX1', u'FAVOURITEXCOLOURXISX1', u'FAVOURITEXCOLOURXISX1', u'FAVOURITEXCOLOURXISX10', u'FAVOURITEXCOLOURXISX11', u'FAVOURITEXCOLOURXISX12', u'FAVOURITEXCOLOURXISX13', u'FAVOURITEXCOLOURXISX14', u'FAVOURITEXCOLOURXISX15', u'FAVOURITEXCOLOURXISX16', u'FAVOURITEXCOLOURXISX2', u'FAVOURITEXCOLOURXISX3', u'FAVOURITEXCOLOURXISX3', u'FAVOURITEXCOLOURXISX3', u'FAVOURITEXCOLOURXISX3', u'FAVOURITEXCOLOURXISX3', u'FAVOURITEXCOLOURXISX4', u'FAVOURITEXCOLOURXISX5', u'FAVOURITEXCOLOURXISX5', u'FAVOURITEXCOLOURXISX5', u'FAVOURITEXCOLOURXISX6', u'FAVOURITEXCOLOURXISX6', u'FAVOURITEXCOLOURXISX7', u'FAVOURITEXCOLOURXISX7', u'FAVOURITEXCOLOURXISX8', u'FAVOURITEXCOLOURXISX9', u'FAVOURITEXCOLOURXISX9']
+msTSExpireDate4 = ['19000101010000.0Z', '19010101010000.0Z', '19020101010000.0Z', '19030101010000.0Z', '19040101010000.0Z', '19050101010000.0Z', '19060101010000.0Z', '19070101010000.0Z', '19080101010000.0Z', '19090101010000.0Z', '19100101010000.0Z', '19110101010000.0Z', '19120101010000.0Z', '19130101010000.0Z', '19140101010000.0Z', '19150101010000.0Z', '19160101010000.0Z', '19170101010000.0Z', '19180101010000.0Z', '19190101010000.0Z', '19200101010000.0Z', '19210101010000.0Z', '19220101010000.0Z', '19230101010000.0Z', '19240101010000.0Z', '19250101010000.0Z', '19260101010000.0Z', '19270101010000.0Z', '19280101010000.0Z', '19290101010000.0Z', '19300101010000.0Z', '19310101010000.0Z', '19320101010000.0Z']
+cn = [u'SORTTEST0', u'SORTTEST1', u'SORTTEST10', u'SORTTEST11', u'SORTTEST12', u'SORTTEST13', u'SORTTEST14', u'SORTTEST15', u'SORTTEST16', u'SORTTEST17', u'SORTTEST18', u'SORTTEST19', u'SORTTEST2', u'SORTTEST20', u'SORTTEST21', u'SORTTEST22', u'SORTTEST23', u'SORTTEST24', u'SORTTEST25', u'SORTTEST26', u'SORTTEST27', u'SORTTEST28', u'SORTTEST29', u'SORTTEST3', u'SORTTEST30', u'SORTTEST31', u'SORTTEST32', u'SORTTEST4', u'SORTTEST5', u'SORTTEST6', u'SORTTEST7', u'SORTTEST8', u'SORTTEST9']
+serialNumber = ['abcXAXX', 'abcXAXX', 'abcXAXX', 'abcXAXX', 'abcXAXX', 'abcXBzX', 'abcXBzX', 'abcXBzX', 'abcXBzX', 'abcXX3X', 'abcXX3X', 'abcXX3X', 'abcXX3X', 'abcXXXX', 'abcXXXX', 'abcXXXX', 'abcXXXX', 'abcXXXX', 'abcXXXX', 'abcXXXX', 'abcXXXX', 'abcXXzX', 'abcXXzX', 'abcXXzX', 'abcXXzX', 'abcXa3X', 'abcXa3X', 'abcXa3X', 'abcXa3X', 'abcXbXX', 'abcXbXX', 'abcXbXX', 'abcXbXX']
+roomNumber = [u'10BXC', u'11BXC', u'12BXC', u'13BXC', u'14BXC', u'15BXC', u'16BXC', u'17BXC', u'18BXC', u'19BXC', u'1BXC', u'20BXC', u'21BXC', u'22BXC', u'23BXC', u'24BXC', u'25BXC', u'26BXC', u'27BXC', u'28BXC', u'29BXC', u'2BXC', u'30BXC', u'31BXC', u'32BXC', u'33BXC', u'3BXC', u'4BXC', u'5BXC', u'6BXC', u'7BXC', u'8BXC', u'9BXC']
+carLicense = [u'XXXXXXXXX', u'XXXXXXXXX', u'XXXXXXXXX', u'XXXXXXXXX', u'XXXXXXXXX', u'XXXXXXXXX', u'XXXXXXXXX', u'XXXXXXXXX', u'XXXXXXXXX', u'XXXXXXXXX', u'XXXXXXXXX', u'XXXXXXXXX', u'XXXXXXXXX', u'XXXXXXXXX', u'XXXXXXXXX', u'XXXXXXXXX', u'XXXXXXXXX', u'XXXXXXXXX', u'XXXXXXXXX', u'XXXXXXXXX', u'XXXXXXXXX', u'XXXXXXXXX', u'XXXXXXXXX', u'XXXXXXXXX', u'XXXXXXXXX', u'XXXXXXXXX', u'XXXXXXXXX', u'XXXXXXXXX', u'XXXXXXXXX', u'XXXXXXXXX', u'XXXXXXXXX', u'XXXXXXXXX', u'XXXXXXXXX']
+employeeNumber = [u'0X', u'1044XXXXXXXXXXXXX', u'1118XXXXXXXXXXXXXX', u'1190XXXXXXXXXXXXXXX', u'1260XXXXXXXXXXXXXXXX', u'1328XXXXXXXXXXXXXXXXX', u'1394XXXXXXXXXXXXXXXXXX', u'1458XXXXXXXXXXXXXXXXXXX', u'1520XXXXXXXXXXXXXXXXXXXX', u'1580XXXXXXXXXXXXXXXXXXXXX', u'1638XXXXXXXXXXXXXXXXXXXXXX', u'1694XXXXXXXXXXXXXXXXXXXXXXX', u'1748XXXXXXXXXXXXXXXXXXXXXXXX', u'1800XXXXXXXXXXXXXXXXXXXXXXXXX', u'1850XXXXXXXXXXXXXXXXXXXXXXXXXX', u'1898XXXXXXXXXXXXXXXXXXXXXXXXXXX', u'1944XXXXXXXXXXXXXXXXXXXXXXXXXXXX', u'194XXX', u'1988XXXXXXXXXXXXXXXXXXXXXXXXXXXXX', u'2030XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', u'2070XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', u'2108XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', u'2144XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', u'288XXXX', u'380XXXXX', u'470XXXXXX', u'558XXXXXXX', u'644XXXXXXXX', u'728XXXXXXXXX', u'810XXXXXXXXXX', u'890XXXXXXXXXXX', u'968XXXXXXXXXXXX', u'98XX']
+givenName = [u'A', u'A', u'B', u'B', u'C', u'C', u'D', u'D', u'E', u'E', u'F', u'F', u'G', u'G', u'H', u'I', u'J', u'K', u'L', u'M', u'N', u'O', u'P', u'Q', u'R', u'S', u'T', u'U', u'V', u'W', u'X', u'Y', u'Z']
diff --git a/source4/dsdb/tests/python/testdata/unicodesort.expected b/source4/dsdb/tests/python/testdata/unicodesort.expected
new file mode 100644
index 0000000..de07cfc
--- /dev/null
+++ b/source4/dsdb/tests/python/testdata/unicodesort.expected
@@ -0,0 +1,16 @@
+comment = [u'FAVOURITE COLOUR IS 0', u'FAVOURITE COLOUR IS 0', u'FAVOURITE COLOUR IS 0', u'FAVOURITE COLOUR IS 0', u'FAVOURITE COLOUR IS 1', u'FAVOURITE COLOUR IS 1', u'FAVOURITE COLOUR IS 1', u'FAVOURITE COLOUR IS 1', u'FAVOURITE COLOUR IS 1', u'FAVOURITE COLOUR IS 10', u'FAVOURITE COLOUR IS 11', u'FAVOURITE COLOUR IS 12', u'FAVOURITE COLOUR IS 13', u'FAVOURITE COLOUR IS 14', u'FAVOURITE COLOUR IS 15', u'FAVOURITE COLOUR IS 16', u'FAVOURITE COLOUR IS 2', u'FAVOURITE COLOUR IS 3', u'FAVOURITE COLOUR IS 3', u'FAVOURITE COLOUR IS 3', u'FAVOURITE COLOUR IS 3', u'FAVOURITE COLOUR IS 3', u'FAVOURITE COLOUR IS 4', u'FAVOURITE COLOUR IS 5', u'FAVOURITE COLOUR IS 5', u'FAVOURITE COLOUR IS 5', u'FAVOURITE COLOUR IS 6', u'FAVOURITE COLOUR IS 6', u'FAVOURITE COLOUR IS 7', u'FAVOURITE COLOUR IS 7', u'FAVOURITE COLOUR IS 8', u'FAVOURITE COLOUR IS 9', u'FAVOURITE COLOUR IS 9']
+msTSExpireDate4 = ['19000101010000.0Z', '19010101010000.0Z', '19020101010000.0Z', '19030101010000.0Z', '19040101010000.0Z', '19050101010000.0Z', '19060101010000.0Z', '19070101010000.0Z', '19080101010000.0Z', '19090101010000.0Z', '19100101010000.0Z', '19110101010000.0Z', '19120101010000.0Z', '19130101010000.0Z', '19140101010000.0Z', '19150101010000.0Z', '19160101010000.0Z', '19170101010000.0Z', '19180101010000.0Z', '19190101010000.0Z', '19200101010000.0Z', '19210101010000.0Z', '19220101010000.0Z', '19230101010000.0Z', '19240101010000.0Z', '19250101010000.0Z', '19260101010000.0Z', '19270101010000.0Z', '19280101010000.0Z', '19290101010000.0Z', '19300101010000.0Z', '19310101010000.0Z', '19320101010000.0Z']
+audio = ['An octet string \x000 \xe2\x99\xab\xe2\x99\xac\x00lalala', 'An octet string \x022 \xe2\x99\xab\xe2\x99\xac\x00lalala', 'An octet string \x044 \xe2\x99\xab\xe2\x99\xac\x00lalala', 'An octet string \x066 \xe2\x99\xab\xe2\x99\xac\x00lalala', 'An octet string \x088 \xe2\x99\xab\xe2\x99\xac\x00lalala', 'An octet string \n10 \xe2\x99\xab\xe2\x99\xac\x00lalala', 'An octet string \x0c12 \xe2\x99\xab\xe2\x99\xac\x00lalala', 'An octet string \x0e14 \xe2\x99\xab\xe2\x99\xac\x00lalala', 'An octet string \x1016 \xe2\x99\xab\xe2\x99\xac\x00lalala', 'An octet string \x1218 \xe2\x99\xab\xe2\x99\xac\x00lalala', 'An octet string \x1420 \xe2\x99\xab\xe2\x99\xac\x00lalala', 'An octet string \x1622 \xe2\x99\xab\xe2\x99\xac\x00lalala', 'An octet string \x1824 \xe2\x99\xab\xe2\x99\xac\x00lalala', 'An octet string \x1a26 \xe2\x99\xab\xe2\x99\xac\x00lalala', 'An octet string \x1c28 \xe2\x99\xab\xe2\x99\xac\x00lalala', 'An octet string \x1e30 \xe2\x99\xab\xe2\x99\xac\x00lalala', 'An octet string  32 \xe2\x99\xab\xe2\x99\xac\x00lalala', 'an octet string \x011 \xe2\x99\xab\xe2\x99\xac\x00lalala', 'an octet string \x033 \xe2\x99\xab\xe2\x99\xac\x00lalala', 'an octet string \x055 \xe2\x99\xab\xe2\x99\xac\x00lalala', 'an octet string \x077 \xe2\x99\xab\xe2\x99\xac\x00lalala', 'an octet string \t9 \xe2\x99\xab\xe2\x99\xac\x00lalala', 'an octet string \x0b11 \xe2\x99\xab\xe2\x99\xac\x00lalala', 'an octet string \r13 \xe2\x99\xab\xe2\x99\xac\x00lalala', 'an octet string \x0f15 \xe2\x99\xab\xe2\x99\xac\x00lalala', 'an octet string \x1117 \xe2\x99\xab\xe2\x99\xac\x00lalala', 'an octet string \x1319 \xe2\x99\xab\xe2\x99\xac\x00lalala', 'an octet string \x1521 \xe2\x99\xab\xe2\x99\xac\x00lalala', 'an octet string \x1723 \xe2\x99\xab\xe2\x99\xac\x00lalala', 'an octet string \x1925 \xe2\x99\xab\xe2\x99\xac\x00lalala', 'an octet string \x1b27 \xe2\x99\xab\xe2\x99\xac\x00lalala', 'an octet string \x1d29 \xe2\x99\xab\xe2\x99\xac\x00lalala', 'an octet string \x1f31 \xe2\x99\xab\xe2\x99\xac\x00lalala']
+adminDisplayName = [u'10\x00B', u'11\x00B', u'12\x00B', u'13\x00B', u'14\x00B', u'15\x00B', u'16\x00B', u'17\x00B', u'18\x00B', u'19\x00B', u'1\x00B', u'20\x00B', u'21\x00B', u'22\x00B', u'23\x00B', u'24\x00B', u'25\x00B', u'26\x00B', u'27\x00B', u'28\x00B', u'29\x00B', u'2\x00B', u'30\x00B', u'31\x00B', u'32\x00B', u'33\x00B', u'3\x00B', u'4\x00B', u'5\x00B', u'6\x00B', u'7\x00B', u'8\x00B', u'9\x00B']
+cn = [u'SORTTEST0', u'SORTTEST1', u'SORTTEST10', u'SORTTEST11', u'SORTTEST12', u'SORTTEST13', u'SORTTEST14', u'SORTTEST15', u'SORTTEST16', u'SORTTEST17', u'SORTTEST18', u'SORTTEST19', u'SORTTEST2', u'SORTTEST20', u'SORTTEST21', u'SORTTEST22', u'SORTTEST23', u'SORTTEST24', u'SORTTEST25', u'SORTTEST26', u'SORTTEST27', u'SORTTEST28', u'SORTTEST29', u'SORTTEST3', u'SORTTEST30', u'SORTTEST31', u'SORTTEST32', u'SORTTEST4', u'SORTTEST5', u'SORTTEST6', u'SORTTEST7', u'SORTTEST8', u'SORTTEST9']
+title = [u'10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B', u'11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B', u'12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B', u'13\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B', u'14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B', u'15\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B', u'16\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B', u'17\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B', u'18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B', u'19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B', u'1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B', u'20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B', u'21\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B', u'22\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B', u'23\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B', u'24\x00\x00\x00\x00\x00\x00\x00\x00\x00B', u'25\x00\x00\x00\x00\x00\x00\x00\x00B', u'26\x00\x00\x00\x00\x00\x00\x00B', u'27\x00\x00\x00\x00\x00\x00B', u'28\x00\x00\x00\x00\x00B', u'29\x00\x00\x00\x00B', u'2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B', u'30\x00\x00\x00B', u'31\x00\x00B', u'32\x00B', u'33B', u'3\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B', u'4\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B', u'5\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B', u'6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B', u'7\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B', u'8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B', u'9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B']
+photo = ['\x001', '\x0010', '\x0011', '\x0012', '\x0013', '\x0014', '\x0015', '\x0016', '\x0017', '\x0018', '\x0019', '\x002', '\x0020', '\x0021', '\x0022', '\x0023', '\x0024', '\x0025', '\x0026', '\x0027', '\x0028', '\x0029', '\x003', '\x0030', '\x0031', '\x0032', '\x0033', '\x004', '\x005', '\x006', '\x007', '\x008', '\x009']
+serialNumber = ['abc   "', 'abc   "', 'abc   "', 'abc   "', 'abc -z"', 'abc -z"', 'abc -z"', 'abc -z"', 'abc /}@', 'abc /}@', 'abc /}@', 'abc /}@', 'abc A "', 'abc A "', 'abc A "', 'abc A "', 'abc A "', 'abc Bz"', 'abc Bz"', 'abc Bz"', 'abc Bz"', 'abc a3@', 'abc a3@', 'abc a3@', 'abc a3@', 'abc b}@', 'abc b}@', 'abc b}@', 'abc b}@', 'abc |3@', 'abc |3@', 'abc |3@', 'abc |3@']
+roomNumber = [u'10B\x00C', u'11B\x00C', u'12B\x00C', u'13B\x00C', u'14B\x00C', u'15B\x00C', u'16B\x00C', u'17B\x00C', u'18B\x00C', u'19B\x00C', u'1B\x00C', u'20B\x00C', u'21B\x00C', u'22B\x00C', u'23B\x00C', u'24B\x00C', u'25B\x00C', u'26B\x00C', u'27B\x00C', u'28B\x00C', u'29B\x00C', u'2B\x00C', u'30B\x00C', u'31B\x00C', u'32B\x00C', u'33B\x00C', u'3B\x00C', u'4B\x00C', u'5B\x00C', u'6B\x00C', u'7B\x00C', u'8B\x00C', u'9B\x00C']
+carLicense = [u'\u540e\u6765\u7ecf', u'\u540e\u6765\u7ecf', u'\u540e\u6765\u7ecf', u'\u540e\u6765\u7ecf', u'\u540e\u6765\u7ecf', u'\u540e\u6765\u7ecf', u'\u540e\u6765\u7ecf', u'\u540e\u6765\u7ecf', u'\u540e\u6765\u7ecf', u'\u540e\u6765\u7ecf', u'\u540e\u6765\u7ecf', u'\u540e\u6765\u7ecf', u'\u540e\u6765\u7ecf', u'\u540e\u6765\u7ecf', u'\u540e\u6765\u7ecf', u'\u540e\u6765\u7ecf', u'\u540e\u6765\u7ecf', u'\u540e\u6765\u7ecf', u'\u540e\u6765\u7ecf', u'\u540e\u6765\u7ecf', u'\u540e\u6765\u7ecf', u'\u540e\u6765\u7ecf', u'\u540e\u6765\u7ecf', u'\u540e\u6765\u7ecf', u'\u540e\u6765\u7ecf', u'\u540e\u6765\u7ecf', u'\u540e\u6765\u7ecf', u'\u540e\u6765\u7ecf', u'\u540e\u6765\u7ecf', u'\u540e\u6765\u7ecf', u'\u540e\u6765\u7ecf', u'\u540e\u6765\u7ecf', u'\u540e\u6765\u7ecf']
+streetAddress = [u' ', u' ', u' E', u' E', u'\t-\t', u'\t-\t', u'\n\t\t', u'\n\t\t', u'!@#!@#!', u'1\u20444', u'1', u'1', u'1/4', u'1\u20444', u'1\u20445', u'3', u'ABC', u'K\u014cKAKO', u'\u014a\u01101\u204443\u0166 \u201c\xab\u0110\xd0', u'\u014a\u01101\u204443\u0166\u201c\xab\u0110\xd0', u'SORTTEST', u'SORTT\u0112ST11,', u'\u015aORTTEST2', u'\u015aORTTEST2', u'\u015a-O-R-T-T-E-S-T-2', u'SORTT\u0112ST2,', u'\u1e60ORTTEST4', u'\u1e60ORTTEST4', u'S\xd6RTTEST-5', u'S\xd6RTTEST-5', u'SO-RTTEST7,', u'\u6851\u5df4', u'FO\x00OD']
+street = [u'A ST', u'A ST', u'A ST', u'A ST', u'A ST', u'C ST', u'C ST', u'C ST', u'C ST', u'E ST', u'E ST', u'E ST', u'E ST', u'G ST', u'G ST', u'G ST', u'G ST', u'I ST', u'I ST', u'I ST', u'I ST', u'K ST', u'K ST', u'K ST', u'K ST', u'M ST', u'M ST', u'M ST', u'M ST', u'O ST', u'O ST', u'O ST', u'O ST']
+employeeNumber = [u'0X', u'1044\n\n\n\n\n\n\n\n\n\n\n\nX', u'1118\n\n\n\n\n\n\n\n\n\n\n\n\nX', u'1190\n\n\n\n\n\n\n\n\n\n\n\n\n\nX', u'1260\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nX', u'1328\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nX', u'1394\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nX', u'1458\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nX', u'1520\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nX', u'1580\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nX', u'1638\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nX', u'1694\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nX', u'1748\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nX', u'1800\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nX', u'1850\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nX', u'1898\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nX', u'194\n\nX', u'1944\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nX', u'1988\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nX', u'2030\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nX', u'2070\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nX', u'2108\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nX', u'2144\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nX', u'288\n\n\nX', u'380\n\n\n\nX', u'470\n\n\n\n\nX', u'558\n\n\n\n\n\nX', u'644\n\n\n\n\n\n\nX', u'728\n\n\n\n\n\n\n\nX', u'810\n\n\n\n\n\n\n\n\nX', u'890\n\n\n\n\n\n\n\n\n\nX', u'968\n\n\n\n\n\n\n\n\n\n\nX', u'98\nX']
+postalAddress = [u' ', u' ', u' E', u'\t-\t', u'\n\t\t', u'!@#!@#!', u'1\u20444', u'1', u'1', u'1/4', u'1\u20444', u'1\u20445', u'3', u'ABC', u'K\u014cKAKO', u'\u014a\u01101\u204443\u0166 \u201c\xab\u0110\xd0', u'\u014a\u01101\u204443\u0166\u201c\xab\u0110\xd0', u'SORTTEST', u'SORTT\u0112ST11,', u'\u015aORTTEST2', u'\u015aORTTEST2', u'\u015a-O-R-T-T-E-S-T-2', u'SORTT\u0112ST2,', u'\u1e60ORTTEST4', u'\u1e60ORTTEST4', u'S\xd6RTTEST-5', u'S\xd6RTTEST-5', u'SO-RTTEST7,', u'SO-RTTEST7,', u'\u6851\u5df4', u'\u6851\u5df4', u'FO\x00OD', u'FO\x00OD']
+givenName = [u'A', u'A', u'B', u'B', u'C', u'C', u'D', u'D', u'E', u'E', u'F', u'F', u'G', u'G', u'H', u'I', u'J', u'K', u'L', u'M', u'N', u'O', u'P', u'Q', u'R', u'S', u'T', u'U', u'V', u'W', u'X', u'Y', u'Z']
+displayNamePrintable = ['0\x00\x00', '1\x00\x01', '10\x00\n', '11\x00\x0b', '12\x00\x0c', '13\x00\r', '14\x00\x0e', '15\x00\x0f', '16\x00\x10', '17\x00\x11', '18\x00\x12', '19\x00\x13', '2\x00\x02', '20\x00\x14', '21\x00\x15', '22\x00\x16', '23\x00\x17', '24\x00\x18', '25\x00\x19', '26\x00\x1a', '27\x00\x1b', '28\x00\x1c', '29\x00\x1d', '3\x00\x03', '30\x00\x1e', '31\x00\x1f', '32\x00 ', '4\x00\x04', '5\x00\x05', '6\x00\x06', '7\x00\x07', '8\x00\x08', '9\x00\t']
diff --git a/source4/dsdb/tests/python/token_group.py b/source4/dsdb/tests/python/token_group.py
new file mode 100755
index 0000000..df45ee0
--- /dev/null
+++ b/source4/dsdb/tests/python/token_group.py
@@ -0,0 +1,738 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+# test tokengroups attribute against internal token calculation
+
+import optparse
+import sys
+import os
+
+sys.path.insert(0, "bin/python")
+import samba
+
+from samba.tests.subunitrun import SubunitOptions, TestProgram
+
+import samba.getopt as options
+
+from samba.auth import system_session
+from samba import ldb, dsdb
+from samba.samdb import SamDB
+from samba.auth import AuthContext
+from samba.ndr import ndr_unpack
+from samba import gensec
+from samba.credentials import Credentials, DONT_USE_KERBEROS, MUST_USE_KERBEROS, AUTO_USE_KERBEROS
+from samba.dsdb import GTYPE_SECURITY_GLOBAL_GROUP, GTYPE_SECURITY_UNIVERSAL_GROUP
+import samba.tests
+from samba.tests import delete_force
+from samba.dcerpc import security
+from samba.auth import AUTH_SESSION_INFO_DEFAULT_GROUPS, AUTH_SESSION_INFO_AUTHENTICATED, AUTH_SESSION_INFO_SIMPLE_PRIVILEGES, AUTH_SESSION_INFO_NTLM
+
+
+parser = optparse.OptionParser("token_group.py [options] <host>")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+subunitopts = SubunitOptions(parser)
+parser.add_option_group(subunitopts)
+opts, args = parser.parse_args()
+
+if len(args) < 1:
+    parser.print_usage()
+    sys.exit(1)
+
+url = args[0]
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
+
+
+def closure(vSet, wSet, aSet):
+    for edge in aSet:
+        start, end = edge
+        if start in wSet:
+            if end not in wSet and end in vSet:
+                wSet.add(end)
+                closure(vSet, wSet, aSet)
+
+
+class StaticTokenTest(samba.tests.TestCase):
+
+    def setUp(self):
+        super(StaticTokenTest, self).setUp()
+
+        self.assertNotEqual(creds.get_kerberos_state(), AUTO_USE_KERBEROS)
+
+        self.ldb = SamDB(url, credentials=creds, session_info=system_session(lp), lp=lp)
+        self.base_dn = self.ldb.domain_dn()
+
+        res = self.ldb.search("", scope=ldb.SCOPE_BASE, attrs=["tokenGroups"])
+        self.assertEqual(len(res), 1)
+
+        self.user_sid_dn = "<SID=%s>" % str(ndr_unpack(samba.dcerpc.security.dom_sid, res[0]["tokenGroups"][0]))
+
+        session_info_flags = (AUTH_SESSION_INFO_DEFAULT_GROUPS |
+                              AUTH_SESSION_INFO_AUTHENTICATED |
+                              AUTH_SESSION_INFO_SIMPLE_PRIVILEGES)
+        if creds.get_kerberos_state() == DONT_USE_KERBEROS:
+            session_info_flags |= AUTH_SESSION_INFO_NTLM
+
+        session = samba.auth.user_session(self.ldb, lp_ctx=lp, dn=self.user_sid_dn,
+                                          session_info_flags=session_info_flags)
+
+        token = session.security_token
+        self.user_sids = []
+        for s in token.sids:
+            self.user_sids.append(str(s))
+
+        # Add asserted identity and Claims Valid for Kerberos
+        if creds.get_kerberos_state() == MUST_USE_KERBEROS:
+            self.user_sids.append(str(security.SID_AUTHENTICATION_AUTHORITY_ASSERTED_IDENTITY))
+            self.user_sids.append(str(security.SID_CLAIMS_VALID))
+
+
+    def test_rootDSE_tokenGroups(self):
+        """Testing rootDSE tokengroups against internal calculation"""
+        if not url.startswith("ldap"):
+            self.fail(msg="This test is only valid on ldap")
+
+        res = self.ldb.search("", scope=ldb.SCOPE_BASE, attrs=["tokenGroups"])
+        self.assertEqual(len(res), 1)
+
+        print("Getting tokenGroups from rootDSE")
+        tokengroups = []
+        for sid in res[0]['tokenGroups']:
+            tokengroups.append(str(ndr_unpack(samba.dcerpc.security.dom_sid, sid)))
+
+        sidset1 = set(tokengroups)
+        sidset2 = set(self.user_sids)
+        if len(sidset1.symmetric_difference(sidset2)):
+            print("token sids don't match")
+            print("tokengroups: %s" % tokengroups)
+            print("calculated : %s" % self.user_sids)
+            print("difference : %s" % sidset1.symmetric_difference(sidset2))
+            self.fail(msg="calculated groups don't match against rootDSE tokenGroups")
+
+    def test_dn_tokenGroups(self):
+        print("Getting tokenGroups from user DN")
+        res = self.ldb.search(self.user_sid_dn, scope=ldb.SCOPE_BASE, attrs=["tokenGroups"])
+        self.assertEqual(len(res), 1)
+
+        dn_tokengroups = []
+        for sid in res[0]['tokenGroups']:
+            dn_tokengroups.append(str(ndr_unpack(samba.dcerpc.security.dom_sid, sid)))
+
+        sidset1 = set(dn_tokengroups)
+        sidset2 = set(self.user_sids)
+
+        # The tokenGroups is just a subset of the user_sids
+        # so we don't check symmetric_difference() here.
+        if len(sidset1.difference(sidset2)):
+            print("dn token sids no subset of user token")
+            print("tokengroups: %s" % dn_tokengroups)
+            print("user sids : %s" % self.user_sids)
+            print("difference : %s" % sidset1.difference(sidset2))
+            self.fail(msg="DN tokenGroups no subset of full user token")
+
+        missing_sidset = sidset2.difference(sidset1)
+
+        extra_sids = []
+        extra_sids.append(self.user_sids[0])
+        extra_sids.append(security.SID_WORLD)
+        extra_sids.append(security.SID_NT_NETWORK)
+        extra_sids.append(security.SID_NT_AUTHENTICATED_USERS)
+        extra_sids.append(security.SID_BUILTIN_PREW2K)
+        if creds.get_kerberos_state() == MUST_USE_KERBEROS:
+            extra_sids.append(security.SID_AUTHENTICATION_AUTHORITY_ASSERTED_IDENTITY)
+            extra_sids.append(security.SID_CLAIMS_VALID)
+        if creds.get_kerberos_state() == DONT_USE_KERBEROS:
+            extra_sids.append(security.SID_NT_NTLM_AUTHENTICATION)
+
+        extra_sidset = set(extra_sids)
+
+        if len(missing_sidset.symmetric_difference(extra_sidset)):
+            print("dn token sids unexpected")
+            print("tokengroups: %s" % dn_tokengroups)
+            print("user sids: %s" % self.user_sids)
+            print("actual difference: %s" % missing_sidset)
+            print("expected difference: %s" % extra_sidset)
+            print("unexpected difference : %s" %
+                    missing_sidset.symmetric_difference(extra_sidset))
+            self.fail(msg="DN tokenGroups unexpected difference to full user token")
+
+    def test_pac_groups(self):
+        if creds.get_kerberos_state() != MUST_USE_KERBEROS:
+            self.skipTest("Kerberos disabled, skipping PAC test")
+
+        settings = {}
+        settings["lp_ctx"] = lp
+        settings["target_hostname"] = lp.get("netbios name")
+
+        gensec_client = gensec.Security.start_client(settings)
+        gensec_client.set_credentials(creds)
+        gensec_client.want_feature(gensec.FEATURE_SEAL)
+        gensec_client.start_mech_by_sasl_name("GSSAPI")
+
+        auth_context = AuthContext(lp_ctx=lp, ldb=self.ldb, methods=[])
+
+        gensec_server = gensec.Security.start_server(settings, auth_context)
+        machine_creds = Credentials()
+        machine_creds.guess(lp)
+        machine_creds.set_machine_account(lp)
+        gensec_server.set_credentials(machine_creds)
+
+        gensec_server.want_feature(gensec.FEATURE_SEAL)
+        gensec_server.start_mech_by_sasl_name("GSSAPI")
+
+        client_finished = False
+        server_finished = False
+        server_to_client = b""
+
+        # Run the actual call loop.
+        while not client_finished and not server_finished:
+            if not client_finished:
+                print("running client gensec_update")
+                (client_finished, client_to_server) = gensec_client.update(server_to_client)
+            if not server_finished:
+                print("running server gensec_update")
+                (server_finished, server_to_client) = gensec_server.update(client_to_server)
+
+        session = gensec_server.session_info()
+
+        token = session.security_token
+        pac_sids = []
+        for s in token.sids:
+            pac_sids.append(str(s))
+
+        sidset1 = set(pac_sids)
+        sidset2 = set(self.user_sids)
+        if len(sidset1.symmetric_difference(sidset2)):
+            print("token sids don't match")
+            print("pac sids: %s" % pac_sids)
+            print("user sids : %s" % self.user_sids)
+            print("difference : %s" % sidset1.symmetric_difference(sidset2))
+            self.fail(msg="calculated groups don't match against user PAC tokenGroups")
+
+
+class DynamicTokenTest(samba.tests.TestCase):
+
+    def get_creds(self, target_username, target_password):
+        creds_tmp = Credentials()
+        creds_tmp.set_username(target_username)
+        creds_tmp.set_password(target_password)
+        creds_tmp.set_domain(creds.get_domain())
+        creds_tmp.set_realm(creds.get_realm())
+        creds_tmp.set_kerberos_state(creds.get_kerberos_state())
+        creds_tmp.set_workstation(creds.get_workstation())
+        creds_tmp.set_gensec_features(creds_tmp.get_gensec_features()
+                                      | gensec.FEATURE_SEAL)
+        return creds_tmp
+
+    def get_ldb_connection(self, target_username, target_password):
+        creds_tmp = self.get_creds(target_username, target_password)
+        ldb_target = SamDB(url=url, credentials=creds_tmp, lp=lp)
+        return ldb_target
+
+    def setUp(self):
+        super(DynamicTokenTest, self).setUp()
+
+        self.assertNotEqual(creds.get_kerberos_state(), AUTO_USE_KERBEROS)
+
+        self.admin_ldb = SamDB(url, credentials=creds, session_info=system_session(lp), lp=lp)
+
+        self.base_dn = self.admin_ldb.domain_dn()
+
+        self.test_user = "tokengroups_user1"
+        self.test_user_pass = "samba123@"
+        self.admin_ldb.newuser(self.test_user, self.test_user_pass)
+        self.test_group0 = "tokengroups_group0"
+        self.admin_ldb.newgroup(self.test_group0, grouptype=dsdb.GTYPE_SECURITY_DOMAIN_LOCAL_GROUP)
+        res = self.admin_ldb.search(base="cn=%s,cn=users,%s" % (self.test_group0, self.base_dn),
+                                    attrs=["objectSid"], scope=ldb.SCOPE_BASE)
+        self.test_group0_sid = ndr_unpack(samba.dcerpc.security.dom_sid, res[0]["objectSid"][0])
+
+        self.admin_ldb.add_remove_group_members(self.test_group0, [self.test_user],
+                                                add_members_operation=True)
+
+        self.test_group1 = "tokengroups_group1"
+        self.admin_ldb.newgroup(self.test_group1, grouptype=dsdb.GTYPE_SECURITY_GLOBAL_GROUP)
+        res = self.admin_ldb.search(base="cn=%s,cn=users,%s" % (self.test_group1, self.base_dn),
+                                    attrs=["objectSid"], scope=ldb.SCOPE_BASE)
+        self.test_group1_sid = ndr_unpack(samba.dcerpc.security.dom_sid, res[0]["objectSid"][0])
+
+        self.admin_ldb.add_remove_group_members(self.test_group1, [self.test_user],
+                                                add_members_operation=True)
+
+        self.test_group2 = "tokengroups_group2"
+        self.admin_ldb.newgroup(self.test_group2, grouptype=dsdb.GTYPE_SECURITY_UNIVERSAL_GROUP)
+
+        res = self.admin_ldb.search(base="cn=%s,cn=users,%s" % (self.test_group2, self.base_dn),
+                                    attrs=["objectSid"], scope=ldb.SCOPE_BASE)
+        self.test_group2_sid = ndr_unpack(samba.dcerpc.security.dom_sid, res[0]["objectSid"][0])
+
+        self.admin_ldb.add_remove_group_members(self.test_group2, [self.test_user],
+                                                add_members_operation=True)
+
+        self.test_group3 = "tokengroups_group3"
+        self.admin_ldb.newgroup(self.test_group3, grouptype=dsdb.GTYPE_SECURITY_UNIVERSAL_GROUP)
+
+        res = self.admin_ldb.search(base="cn=%s,cn=users,%s" % (self.test_group3, self.base_dn),
+                                    attrs=["objectSid"], scope=ldb.SCOPE_BASE)
+        self.test_group3_sid = ndr_unpack(samba.dcerpc.security.dom_sid, res[0]["objectSid"][0])
+
+        self.admin_ldb.add_remove_group_members(self.test_group3, [self.test_group1],
+                                                add_members_operation=True)
+
+        self.test_group4 = "tokengroups_group4"
+        self.admin_ldb.newgroup(self.test_group4, grouptype=dsdb.GTYPE_SECURITY_UNIVERSAL_GROUP)
+
+        res = self.admin_ldb.search(base="cn=%s,cn=users,%s" % (self.test_group4, self.base_dn),
+                                    attrs=["objectSid"], scope=ldb.SCOPE_BASE)
+        self.test_group4_sid = ndr_unpack(samba.dcerpc.security.dom_sid, res[0]["objectSid"][0])
+
+        self.admin_ldb.add_remove_group_members(self.test_group4, [self.test_group3],
+                                                add_members_operation=True)
+
+        self.test_group5 = "tokengroups_group5"
+        self.admin_ldb.newgroup(self.test_group5, grouptype=dsdb.GTYPE_SECURITY_DOMAIN_LOCAL_GROUP)
+
+        res = self.admin_ldb.search(base="cn=%s,cn=users,%s" % (self.test_group5, self.base_dn),
+                                    attrs=["objectSid"], scope=ldb.SCOPE_BASE)
+        self.test_group5_sid = ndr_unpack(samba.dcerpc.security.dom_sid, res[0]["objectSid"][0])
+
+        self.admin_ldb.add_remove_group_members(self.test_group5, [self.test_group4],
+                                                add_members_operation=True)
+
+        self.test_group6 = "tokengroups_group6"
+        self.admin_ldb.newgroup(self.test_group6, grouptype=dsdb.GTYPE_SECURITY_DOMAIN_LOCAL_GROUP)
+
+        res = self.admin_ldb.search(base="cn=%s,cn=users,%s" % (self.test_group6, self.base_dn),
+                                    attrs=["objectSid"], scope=ldb.SCOPE_BASE)
+        self.test_group6_sid = ndr_unpack(samba.dcerpc.security.dom_sid, res[0]["objectSid"][0])
+
+        self.admin_ldb.add_remove_group_members(self.test_group6, [self.test_user],
+                                                add_members_operation=True)
+
+        self.ldb = self.get_ldb_connection(self.test_user, self.test_user_pass)
+
+        res = self.ldb.search("", scope=ldb.SCOPE_BASE, attrs=["tokenGroups"])
+        self.assertEqual(len(res), 1)
+
+        self.user_sid = ndr_unpack(samba.dcerpc.security.dom_sid, res[0]["tokenGroups"][0])
+        self.user_sid_dn = "<SID=%s>" % str(self.user_sid)
+
+        res = self.ldb.search(self.user_sid_dn, scope=ldb.SCOPE_BASE, attrs=[])
+        self.assertEqual(len(res), 1)
+
+        self.test_user_dn = res[0].dn
+
+        session_info_flags = (AUTH_SESSION_INFO_DEFAULT_GROUPS |
+                              AUTH_SESSION_INFO_AUTHENTICATED |
+                              AUTH_SESSION_INFO_SIMPLE_PRIVILEGES)
+
+        if creds.get_kerberos_state() == DONT_USE_KERBEROS:
+            session_info_flags |= AUTH_SESSION_INFO_NTLM
+
+        session = samba.auth.user_session(self.ldb, lp_ctx=lp, dn=self.user_sid_dn,
+                                          session_info_flags=session_info_flags)
+
+        token = session.security_token
+        self.user_sids = []
+        for s in token.sids:
+            self.user_sids.append(str(s))
+
+        # Add asserted identity and Claims Valid for Kerberos
+        if creds.get_kerberos_state() == MUST_USE_KERBEROS:
+            self.user_sids.append(str(security.SID_AUTHENTICATION_AUTHORITY_ASSERTED_IDENTITY))
+            self.user_sids.append(str(security.SID_CLAIMS_VALID))
+
+    def tearDown(self):
+        super(DynamicTokenTest, self).tearDown()
+        delete_force(self.admin_ldb, "CN=%s,%s,%s" %
+                     (self.test_user, "cn=users", self.base_dn))
+        delete_force(self.admin_ldb, "CN=%s,%s,%s" %
+                     (self.test_group0, "cn=users", self.base_dn))
+        delete_force(self.admin_ldb, "CN=%s,%s,%s" %
+                     (self.test_group1, "cn=users", self.base_dn))
+        delete_force(self.admin_ldb, "CN=%s,%s,%s" %
+                     (self.test_group2, "cn=users", self.base_dn))
+        delete_force(self.admin_ldb, "CN=%s,%s,%s" %
+                     (self.test_group3, "cn=users", self.base_dn))
+        delete_force(self.admin_ldb, "CN=%s,%s,%s" %
+                     (self.test_group4, "cn=users", self.base_dn))
+        delete_force(self.admin_ldb, "CN=%s,%s,%s" %
+                     (self.test_group5, "cn=users", self.base_dn))
+        delete_force(self.admin_ldb, "CN=%s,%s,%s" %
+                     (self.test_group6, "cn=users", self.base_dn))
+
+    def test_rootDSE_tokenGroups(self):
+        """Testing rootDSE tokengroups against internal calculation"""
+        if not url.startswith("ldap"):
+            self.fail(msg="This test is only valid on ldap")
+
+        res = self.ldb.search("", scope=ldb.SCOPE_BASE, attrs=["tokenGroups"])
+        self.assertEqual(len(res), 1)
+
+        print("Getting tokenGroups from rootDSE")
+        tokengroups = []
+        for sid in res[0]['tokenGroups']:
+            tokengroups.append(str(ndr_unpack(samba.dcerpc.security.dom_sid, sid)))
+
+        sidset1 = set(tokengroups)
+        sidset2 = set(self.user_sids)
+        if len(sidset1.symmetric_difference(sidset2)):
+            print("token sids don't match")
+            print("tokengroups: %s" % tokengroups)
+            print("calculated : %s" % self.user_sids)
+            print("difference : %s" % sidset1.symmetric_difference(sidset2))
+            self.fail(msg="calculated groups don't match against rootDSE tokenGroups")
+
+    def test_dn_tokenGroups(self):
+        print("Getting tokenGroups from user DN")
+        res = self.ldb.search(self.user_sid_dn, scope=ldb.SCOPE_BASE, attrs=["tokenGroups"])
+        self.assertEqual(len(res), 1)
+
+        dn_tokengroups = []
+        for sid in res[0]['tokenGroups']:
+            dn_tokengroups.append(str(ndr_unpack(samba.dcerpc.security.dom_sid, sid)))
+
+        sidset1 = set(dn_tokengroups)
+        sidset2 = set(self.user_sids)
+
+        # The tokenGroups is just a subset of the user_sids
+        # so we don't check symmetric_difference() here.
+        if len(sidset1.difference(sidset2)):
+            print("dn token sids no subset of user token")
+            print("tokengroups: %s" % dn_tokengroups)
+            print("user sids : %s" % self.user_sids)
+            print("difference : %s" % sidset1.difference(sidset2))
+            self.fail(msg="DN tokenGroups no subset of full user token")
+
+        missing_sidset = sidset2.difference(sidset1)
+
+        extra_sids = []
+        extra_sids.append(self.user_sids[0])
+        extra_sids.append(security.SID_WORLD)
+        extra_sids.append(security.SID_NT_NETWORK)
+        extra_sids.append(security.SID_NT_AUTHENTICATED_USERS)
+        extra_sids.append(security.SID_BUILTIN_PREW2K)
+        if creds.get_kerberos_state() == MUST_USE_KERBEROS:
+            extra_sids.append(security.SID_AUTHENTICATION_AUTHORITY_ASSERTED_IDENTITY)
+            extra_sids.append(security.SID_CLAIMS_VALID)
+        if creds.get_kerberos_state() == DONT_USE_KERBEROS:
+            extra_sids.append(security.SID_NT_NTLM_AUTHENTICATION)
+
+        extra_sidset = set(extra_sids)
+
+        if len(missing_sidset.symmetric_difference(extra_sidset)):
+            print("dn token sids unexpected")
+            print("tokengroups: %s" % dn_tokengroups)
+            print("user sids: %s" % self.user_sids)
+            print("actual difference: %s" % missing_sidset)
+            print("expected difference: %s" % extra_sidset)
+            print("unexpected difference : %s" %
+                    missing_sidset.symmetric_difference(extra_sidset))
+            self.fail(msg="DN tokenGroups unexpected difference to full user token")
+
+    def test_pac_groups(self):
+        if creds.get_kerberos_state() != MUST_USE_KERBEROS:
+            self.skipTest("Kerberos disabled, skipping PAC test")
+
+        settings = {}
+        settings["lp_ctx"] = lp
+        settings["target_hostname"] = lp.get("netbios name")
+
+        gensec_client = gensec.Security.start_client(settings)
+        gensec_client.set_credentials(self.get_creds(self.test_user, self.test_user_pass))
+        gensec_client.want_feature(gensec.FEATURE_SEAL)
+        gensec_client.start_mech_by_sasl_name("GSSAPI")
+
+        auth_context = AuthContext(lp_ctx=lp, ldb=self.ldb, methods=[])
+
+        gensec_server = gensec.Security.start_server(settings, auth_context)
+        machine_creds = Credentials()
+        machine_creds.guess(lp)
+        machine_creds.set_machine_account(lp)
+        gensec_server.set_credentials(machine_creds)
+
+        gensec_server.want_feature(gensec.FEATURE_SEAL)
+        gensec_server.start_mech_by_sasl_name("GSSAPI")
+
+        client_finished = False
+        server_finished = False
+        server_to_client = b""
+
+        # Run the actual call loop.
+        while not client_finished and not server_finished:
+            if not client_finished:
+                print("running client gensec_update")
+                (client_finished, client_to_server) = gensec_client.update(server_to_client)
+            if not server_finished:
+                print("running server gensec_update")
+                (server_finished, server_to_client) = gensec_server.update(client_to_server)
+
+        session = gensec_server.session_info()
+
+        token = session.security_token
+        pac_sids = []
+        for s in token.sids:
+            pac_sids.append(str(s))
+
+        sidset1 = set(pac_sids)
+        sidset2 = set(self.user_sids)
+        if len(sidset1.symmetric_difference(sidset2)):
+            print("token sids don't match")
+            print("pac sids: %s" % pac_sids)
+            print("user sids : %s" % self.user_sids)
+            print("difference : %s" % sidset1.symmetric_difference(sidset2))
+            self.fail(msg="calculated groups don't match against user PAC tokenGroups")
+
+    def test_tokenGroups_manual(self):
+        # Manually run the tokenGroups algorithm from MS-ADTS 3.1.1.4.5.19 and MS-DRSR 4.1.8.3
+        # and compare the result
+        res = self.admin_ldb.search(base=self.base_dn, scope=ldb.SCOPE_SUBTREE,
+                                    expression="(|(objectclass=user)(objectclass=group))",
+                                    attrs=["memberOf"])
+        aSet = set()
+        aSetR = set()
+        vSet = set()
+        for obj in res:
+            if "memberOf" in obj:
+                for dn in obj["memberOf"]:
+                    first = obj.dn.get_casefold()
+                    second = ldb.Dn(self.admin_ldb, dn.decode('utf8')).get_casefold()
+                    aSet.add((first, second))
+                    aSetR.add((second, first))
+                    vSet.add(first)
+                    vSet.add(second)
+
+        res = self.admin_ldb.search(base=self.base_dn, scope=ldb.SCOPE_SUBTREE,
+                                    expression="(objectclass=user)",
+                                    attrs=["primaryGroupID"])
+        for obj in res:
+            if "primaryGroupID" in obj:
+                sid = "%s-%d" % (self.admin_ldb.get_domain_sid(), int(obj["primaryGroupID"][0]))
+                res2 = self.admin_ldb.search(base="<SID=%s>" % sid, scope=ldb.SCOPE_BASE,
+                                             attrs=[])
+                first = obj.dn.get_casefold()
+                second = res2[0].dn.get_casefold()
+
+                aSet.add((first, second))
+                aSetR.add((second, first))
+                vSet.add(first)
+                vSet.add(second)
+
+        wSet = set()
+        wSet.add(self.test_user_dn.get_casefold())
+        closure(vSet, wSet, aSet)
+        wSet.remove(self.test_user_dn.get_casefold())
+
+        tokenGroupsSet = set()
+
+        res = self.ldb.search(self.user_sid_dn, scope=ldb.SCOPE_BASE, attrs=["tokenGroups"])
+        self.assertEqual(len(res), 1)
+
+        for sid in res[0]['tokenGroups']:
+            sid = ndr_unpack(samba.dcerpc.security.dom_sid, sid)
+            res3 = self.admin_ldb.search(base="<SID=%s>" % sid, scope=ldb.SCOPE_BASE,
+                                         attrs=[])
+            tokenGroupsSet.add(res3[0].dn.get_casefold())
+
+        if len(wSet.difference(tokenGroupsSet)):
+            self.fail(msg="additional calculated: %s" % wSet.difference(tokenGroupsSet))
+
+        if len(tokenGroupsSet.difference(wSet)):
+            self.fail(msg="additional tokenGroups: %s" % tokenGroupsSet.difference(wSet))
+
+    def filtered_closure(self, wSet, filter_grouptype):
+        res = self.admin_ldb.search(base=self.base_dn, scope=ldb.SCOPE_SUBTREE,
+                                    expression="(|(objectclass=user)(objectclass=group))",
+                                    attrs=["memberOf"])
+        aSet = set()
+        aSetR = set()
+        vSet = set()
+        for obj in res:
+            vSet.add(obj.dn.get_casefold())
+            if "memberOf" in obj:
+                for dn in obj["memberOf"]:
+                    first = obj.dn.get_casefold()
+                    second = ldb.Dn(self.admin_ldb, dn.decode('utf8')).get_casefold()
+                    aSet.add((first, second))
+                    aSetR.add((second, first))
+                    vSet.add(first)
+                    vSet.add(second)
+
+        res = self.admin_ldb.search(base=self.base_dn, scope=ldb.SCOPE_SUBTREE,
+                                    expression="(objectclass=user)",
+                                    attrs=["primaryGroupID"])
+        for obj in res:
+            if "primaryGroupID" in obj:
+                sid = "%s-%d" % (self.admin_ldb.get_domain_sid(), int(obj["primaryGroupID"][0]))
+                res2 = self.admin_ldb.search(base="<SID=%s>" % sid, scope=ldb.SCOPE_BASE,
+                                             attrs=[])
+                first = obj.dn.get_casefold()
+                second = res2[0].dn.get_casefold()
+
+                aSet.add((first, second))
+                aSetR.add((second, first))
+                vSet.add(first)
+                vSet.add(second)
+
+        uSet = set()
+        for v in vSet:
+            res_group = self.admin_ldb.search(base=v, scope=ldb.SCOPE_BASE,
+                                              attrs=["groupType"],
+                                              expression="objectClass=group")
+            if len(res_group) == 1:
+                if hex(int(res_group[0]["groupType"][0]) & 0x00000000FFFFFFFF) == hex(filter_grouptype):
+                    uSet.add(v)
+            else:
+                uSet.add(v)
+
+        closure(uSet, wSet, aSet)
+
+    def test_tokenGroupsGlobalAndUniversal_manual(self):
+        # Manually run the tokenGroups algorithm from MS-ADTS 3.1.1.4.5.19 and MS-DRSR 4.1.8.3
+        # and compare the result
+
+        # The variable names come from MS-ADTS May 15, 2014
+
+        S = set()
+        S.add(self.test_user_dn.get_casefold())
+
+        self.filtered_closure(S, GTYPE_SECURITY_GLOBAL_GROUP)
+
+        T = set()
+        # Not really a SID, we do this on DNs...
+        for sid in S:
+            X = set()
+            X.add(sid)
+            self.filtered_closure(X, GTYPE_SECURITY_UNIVERSAL_GROUP)
+
+            T = T.union(X)
+
+        T.remove(self.test_user_dn.get_casefold())
+
+        tokenGroupsSet = set()
+
+        res = self.ldb.search(self.user_sid_dn, scope=ldb.SCOPE_BASE, attrs=["tokenGroupsGlobalAndUniversal"])
+        self.assertEqual(len(res), 1)
+
+        for sid in res[0]['tokenGroupsGlobalAndUniversal']:
+            sid = ndr_unpack(samba.dcerpc.security.dom_sid, sid)
+            res3 = self.admin_ldb.search(base="<SID=%s>" % sid, scope=ldb.SCOPE_BASE,
+                                         attrs=[])
+            tokenGroupsSet.add(res3[0].dn.get_casefold())
+
+        if len(T.difference(tokenGroupsSet)):
+            self.fail(msg="additional calculated: %s" % T.difference(tokenGroupsSet))
+
+        if len(tokenGroupsSet.difference(T)):
+            self.fail(msg="additional tokenGroupsGlobalAndUniversal: %s" % tokenGroupsSet.difference(T))
+
+    def test_samr_GetGroupsForUser(self):
+        # Confirm that we get the correct results against SAMR also
+        if not url.startswith("ldap://"):
+            self.fail(msg="This test is only valid on ldap (so we an find the hostname and use SAMR)")
+        host = url.split("://")[1]
+        (domain_sid, user_rid) = self.user_sid.split()
+        samr_conn = samba.dcerpc.samr.samr("ncacn_ip_tcp:%s[seal]" % host, lp, creds)
+        samr_handle = samr_conn.Connect2(None, security.SEC_FLAG_MAXIMUM_ALLOWED)
+        samr_domain = samr_conn.OpenDomain(samr_handle, security.SEC_FLAG_MAXIMUM_ALLOWED,
+                                           domain_sid)
+        user_handle = samr_conn.OpenUser(samr_domain, security.SEC_FLAG_MAXIMUM_ALLOWED, user_rid)
+        rids = samr_conn.GetGroupsForUser(user_handle)
+        samr_dns = set()
+        for rid in rids.rids:
+            self.assertEqual(rid.attributes, security.SE_GROUP_DEFAULT_FLAGS)
+            sid = "%s-%d" % (domain_sid, rid.rid)
+            res = self.admin_ldb.search(base="<SID=%s>" % sid, scope=ldb.SCOPE_BASE,
+                                        attrs=[])
+            samr_dns.add(res[0].dn.get_casefold())
+
+        user_info = samr_conn.QueryUserInfo(user_handle, 1)
+        self.assertEqual(rids.rids[0].rid, user_info.primary_gid)
+
+        tokenGroupsSet = set()
+        res = self.ldb.search(self.user_sid_dn, scope=ldb.SCOPE_BASE, attrs=["tokenGroupsGlobalAndUniversal"])
+        for sid in res[0]['tokenGroupsGlobalAndUniversal']:
+            sid = ndr_unpack(samba.dcerpc.security.dom_sid, sid)
+            res3 = self.admin_ldb.search(base="<SID=%s>" % sid, scope=ldb.SCOPE_BASE,
+                                         attrs=[],
+                                         expression="(&(|(grouptype=%d)(grouptype=%d))(objectclass=group))"
+                                         % (GTYPE_SECURITY_GLOBAL_GROUP, GTYPE_SECURITY_UNIVERSAL_GROUP))
+            if len(res) == 1:
+                tokenGroupsSet.add(res3[0].dn.get_casefold())
+
+        if len(samr_dns.difference(tokenGroupsSet)):
+            self.fail(msg="additional samr_GetUserGroups over tokenGroups: %s" % samr_dns.difference(tokenGroupsSet))
+
+        memberOf = set()
+        # Add the primary group
+        primary_group_sid = "%s-%d" % (domain_sid, user_info.primary_gid)
+        res2 = self.admin_ldb.search(base="<SID=%s>" % primary_group_sid, scope=ldb.SCOPE_BASE,
+                                     attrs=[])
+
+        memberOf.add(res2[0].dn.get_casefold())
+        res = self.ldb.search(self.user_sid_dn, scope=ldb.SCOPE_BASE, attrs=["memberOf"])
+        for dn in res[0]['memberOf']:
+            res3 = self.admin_ldb.search(base=dn, scope=ldb.SCOPE_BASE,
+                                         attrs=[],
+                                         expression="(&(|(grouptype=%d)(grouptype=%d))(objectclass=group))"
+                                         % (GTYPE_SECURITY_GLOBAL_GROUP, GTYPE_SECURITY_UNIVERSAL_GROUP))
+            if len(res3) == 1:
+                memberOf.add(res3[0].dn.get_casefold())
+
+        if len(memberOf.difference(samr_dns)):
+            self.fail(msg="additional memberOf over samr_GetUserGroups: %s" % memberOf.difference(samr_dns))
+
+        if len(samr_dns.difference(memberOf)):
+            self.fail(msg="additional samr_GetUserGroups over memberOf: %s" % samr_dns.difference(memberOf))
+
+        S = set()
+        S.add(self.test_user_dn.get_casefold())
+
+        self.filtered_closure(S, GTYPE_SECURITY_GLOBAL_GROUP)
+        self.filtered_closure(S, GTYPE_SECURITY_UNIVERSAL_GROUP)
+
+        # Now remove the user DN and primary group
+        S.remove(self.test_user_dn.get_casefold())
+
+        if len(samr_dns.difference(S)):
+            self.fail(msg="additional samr_GetUserGroups over filtered_closure: %s" % samr_dns.difference(S))
+
+    def test_samr_GetGroupsForUser_nomember(self):
+        # Confirm that we get the correct results against SAMR also
+        if not url.startswith("ldap://"):
+            self.fail(msg="This test is only valid on ldap (so we an find the hostname and use SAMR)")
+        host = url.split("://")[1]
+
+        test_user = "tokengroups_user2"
+        self.admin_ldb.newuser(test_user, self.test_user_pass)
+        res = self.admin_ldb.search(base="cn=%s,cn=users,%s" % (test_user, self.base_dn),
+                                    attrs=["objectSid"], scope=ldb.SCOPE_BASE)
+        user_sid = ndr_unpack(samba.dcerpc.security.dom_sid, res[0]["objectSid"][0])
+
+        (domain_sid, user_rid) = user_sid.split()
+        samr_conn = samba.dcerpc.samr.samr("ncacn_ip_tcp:%s[seal]" % host, lp, creds)
+        samr_handle = samr_conn.Connect2(None, security.SEC_FLAG_MAXIMUM_ALLOWED)
+        samr_domain = samr_conn.OpenDomain(samr_handle, security.SEC_FLAG_MAXIMUM_ALLOWED,
+                                           domain_sid)
+        user_handle = samr_conn.OpenUser(samr_domain, security.SEC_FLAG_MAXIMUM_ALLOWED, user_rid)
+        rids = samr_conn.GetGroupsForUser(user_handle)
+        user_info = samr_conn.QueryUserInfo(user_handle, 1)
+        delete_force(self.admin_ldb, "CN=%s,%s,%s" %
+                     (test_user, "cn=users", self.base_dn))
+        self.assertEqual(len(rids.rids), 1)
+        self.assertEqual(rids.rids[0].rid, user_info.primary_gid)
+
+
+if "://" not in url:
+    if os.path.isfile(url):
+        url = "tdb://%s" % url
+    else:
+        url = "ldap://%s" % url
+
+TestProgram(module=__name__, opts=subunitopts)
diff --git a/source4/dsdb/tests/python/tombstone_reanimation.py b/source4/dsdb/tests/python/tombstone_reanimation.py
new file mode 100755
index 0000000..88aebd6
--- /dev/null
+++ b/source4/dsdb/tests/python/tombstone_reanimation.py
@@ -0,0 +1,958 @@
+#!/usr/bin/env python3
+#
+# Tombstone reanimation tests
+#
+# Copyright (C) Kamen Mazdrashki <kamenim@samba.org> 2014
+# Copyright (C) Nadezhda Ivanova <nivanova@symas.com> 2014
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import sys
+import unittest
+
+sys.path.insert(0, "bin/python")
+import samba
+
+from samba.ndr import ndr_unpack, ndr_print
+from samba.dcerpc import misc
+from samba.dcerpc import drsblobs
+from samba.dcerpc.drsuapi import *
+from samba.tests.password_test import PasswordCommon
+from samba.common import get_string
+
+import samba.tests
+from ldb import (SCOPE_BASE, FLAG_MOD_ADD, FLAG_MOD_DELETE, FLAG_MOD_REPLACE, Dn, Message,
+                 MessageElement, LdbError,
+                 ERR_ATTRIBUTE_OR_VALUE_EXISTS, ERR_NO_SUCH_OBJECT, ERR_ENTRY_ALREADY_EXISTS,
+                 ERR_OPERATIONS_ERROR, ERR_UNWILLING_TO_PERFORM)
+
+
+class RestoredObjectAttributesBaseTestCase(samba.tests.TestCase):
+    """ verify Samba restores required attributes when
+        user restores a Deleted object
+    """
+
+    def setUp(self):
+        super(RestoredObjectAttributesBaseTestCase, self).setUp()
+        self.samdb = samba.tests.connect_samdb_env("TEST_SERVER", "TEST_USERNAME", "TEST_PASSWORD")
+        self.base_dn = self.samdb.domain_dn()
+        self.schema_dn = self.samdb.get_schema_basedn().get_linearized()
+        self.configuration_dn = self.samdb.get_config_basedn().get_linearized()
+
+        # permit password changes during this test
+        PasswordCommon.allow_password_changes(self, self.samdb)
+
+    def tearDown(self):
+        super(RestoredObjectAttributesBaseTestCase, self).tearDown()
+
+    def GUID_string(self, guid):
+        return get_string(self.samdb.schema_format_value("objectGUID", guid))
+
+    def search_guid(self, guid, attrs=None):
+        if attrs is None:
+            attrs = ["*"]
+
+        res = self.samdb.search(base="<GUID=%s>" % self.GUID_string(guid),
+                                scope=SCOPE_BASE, attrs=attrs,
+                                controls=["show_deleted:1"])
+        self.assertEqual(len(res), 1)
+        return res[0]
+
+    def search_dn(self, dn):
+        res = self.samdb.search(expression="(objectClass=*)",
+                                base=dn,
+                                scope=SCOPE_BASE,
+                                controls=["show_recycled:1"])
+        self.assertEqual(len(res), 1)
+        return res[0]
+
+    def _create_object(self, msg):
+        """:param msg: dict with dn and attributes to create an object from"""
+        # delete an object if leftover from previous test
+        samba.tests.delete_force(self.samdb, msg['dn'])
+        self.samdb.add(msg)
+        return self.search_dn(msg['dn'])
+
+    def assertNamesEqual(self, attrs_expected, attrs_extra):
+        self.assertEqual(attrs_expected, attrs_extra,
+                         "Actual object does not have expected attributes, missing from expected (%s), extra (%s)"
+                         % (str(attrs_expected.difference(attrs_extra)), str(attrs_extra.difference(attrs_expected))))
+
+    def assertAttributesEqual(self, obj_orig, attrs_orig, obj_restored, attrs_rest):
+        self.assertNamesEqual(attrs_orig, attrs_rest)
+        # remove volatile attributes, they can't be equal
+        attrs_orig -= set(["uSNChanged", "dSCorePropagationData", "whenChanged"])
+        for attr in attrs_orig:
+            # convert original attr value to ldif
+            orig_val = obj_orig.get(attr)
+            if orig_val is None:
+                continue
+            if not isinstance(orig_val, MessageElement):
+                orig_val = MessageElement(str(orig_val), 0, attr)
+            m = Message()
+            m.add(orig_val)
+            orig_ldif = self.samdb.write_ldif(m, 0)
+            # convert restored attr value to ldif
+            rest_val = obj_restored.get(attr)
+            self.assertFalse(rest_val is None)
+            m = Message()
+            if not isinstance(rest_val, MessageElement):
+                rest_val = MessageElement(str(rest_val), 0, attr)
+            m.add(rest_val)
+            rest_ldif = self.samdb.write_ldif(m, 0)
+            # compare generated ldif's
+            self.assertEqual(orig_ldif, rest_ldif)
+
+    def assertAttributesExists(self, attr_expected, obj_msg):
+        """Check object contains at least expected attrbigutes
+        :param attr_expected: dict of expected attributes with values. ** is any value
+        :param obj_msg: Ldb.Message for the object under test
+        """
+        actual_names = set(obj_msg.keys())
+        # Samba does not use 'dSCorePropagationData', so skip it
+        actual_names -= set(['dSCorePropagationData'])
+        expected_names = set(attr_expected.keys())
+        self.assertNamesEqual(expected_names, actual_names)
+        for name in attr_expected.keys():
+            expected_val = attr_expected[name]
+            actual_val = obj_msg.get(name)
+            self.assertFalse(actual_val is None, "No value for attribute '%s'" % name)
+            if expected_val == "**":
+                # "**" values means "any"
+                continue
+            # if expected_val is e.g. ldb.bytes we can't depend on
+            # str(actual_value) working, we may just get a decoding
+            # error. Better to just compare raw values
+            if not isinstance(expected_val, str):
+                actual_val = actual_val[0]
+            else:
+                actual_val = str(actual_val)
+            self.assertEqual(expected_val, actual_val,
+                             "Unexpected value (%s) for '%s', expected (%s)" % (
+                             repr(actual_val), name, repr(expected_val)))
+
+    def _check_metadata(self, metadata, expected):
+        repl = ndr_unpack(drsblobs.replPropertyMetaDataBlob, metadata[0])
+
+        repl_array = []
+        for o in repl.ctr.array:
+            repl_array.append((o.attid, o.version))
+        repl_set = set(repl_array)
+
+        expected_set = set(expected)
+        self.assertEqual(len(repl_set), len(expected),
+                         "Unexpected metadata, missing from expected (%s), extra (%s)), repl: \n%s" % (
+                         str(expected_set.difference(repl_set)),
+                         str(repl_set.difference(expected_set)),
+                         ndr_print(repl)))
+
+        i = 0
+        for o in repl.ctr.array:
+            e = expected[i]
+            (attid, version) = e
+            self.assertEqual(attid, o.attid,
+                              "(LDAP) Wrong attid "
+                              "for expected value %d, wanted 0x%08x got 0x%08x, "
+                              "repl: \n%s"
+                              % (i, attid, o.attid, ndr_print(repl)))
+            # Allow version to be skipped when it does not matter
+            if version is not None:
+                self.assertEqual(o.version, version,
+                                  "(LDAP) Wrong version for expected value %d, "
+                                  "attid 0x%08x, "
+                                  "wanted %d got %d, repl: \n%s"
+                                  % (i, o.attid,
+                                     version, o.version, ndr_print(repl)))
+            i = i + 1
+
+    @staticmethod
+    def restore_deleted_object(samdb, del_dn, new_dn, new_attrs=None):
+        """Restores a deleted object
+        :param samdb: SamDB connection to SAM
+        :param del_dn: str Deleted object DN
+        :param new_dn: str Where to restore the object
+        :param new_attrs: dict Additional attributes to set
+        """
+        msg = Message()
+        msg.dn = Dn(samdb, str(del_dn))
+        msg["isDeleted"] = MessageElement([], FLAG_MOD_DELETE, "isDeleted")
+        msg["distinguishedName"] = MessageElement([str(new_dn)], FLAG_MOD_REPLACE, "distinguishedName")
+        if new_attrs is not None:
+            assert isinstance(new_attrs, dict)
+            for attr in new_attrs:
+                msg[attr] = MessageElement(new_attrs[attr], FLAG_MOD_REPLACE, attr)
+        samdb.modify(msg, ["show_deleted:1"])
+
+
+class BaseRestoreObjectTestCase(RestoredObjectAttributesBaseTestCase):
+    def setUp(self):
+        super(BaseRestoreObjectTestCase, self).setUp()
+
+    def enable_recycle_bin(self):
+        msg = Message()
+        msg.dn = Dn(self.samdb, "")
+        msg["enableOptionalFeature"] = MessageElement(
+            "CN=Partitions," + self.configuration_dn + ":766ddcd8-acd0-445e-f3b9-a7f9b6744f2a",
+            FLAG_MOD_ADD, "enableOptionalFeature")
+        try:
+            self.samdb.modify(msg)
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
+
+    def test_undelete(self):
+        print("Testing standard undelete operation")
+        usr1 = "cn=testuser,cn=users," + self.base_dn
+        samba.tests.delete_force(self.samdb, usr1)
+        self.samdb.add({
+            "dn": usr1,
+            "objectclass": "user",
+            "description": "test user description",
+            "samaccountname": "testuser"})
+        objLive1 = self.search_dn(usr1)
+        guid1 = objLive1["objectGUID"][0]
+        self.samdb.delete(usr1)
+        objDeleted1 = self.search_guid(guid1)
+        self.restore_deleted_object(self.samdb, objDeleted1.dn, usr1)
+        objLive2 = self.search_dn(usr1)
+        self.assertEqual(str(objLive2.dn).lower(), str(objLive1.dn).lower())
+        samba.tests.delete_force(self.samdb, usr1)
+
+    def test_rename(self):
+        print("Testing attempt to rename deleted object")
+        usr1 = "cn=testuser,cn=users," + self.base_dn
+        self.samdb.add({
+            "dn": usr1,
+            "objectclass": "user",
+            "description": "test user description",
+            "samaccountname": "testuser"})
+        objLive1 = self.search_dn(usr1)
+        guid1 = objLive1["objectGUID"][0]
+        self.samdb.delete(usr1)
+        objDeleted1 = self.search_guid(guid1)
+        # just to make sure we get the correct error if the show deleted is missing
+        try:
+            self.samdb.rename(str(objDeleted1.dn), usr1)
+            self.fail()
+        except LdbError as e1:
+            (num, _) = e1.args
+            self.assertEqual(num, ERR_NO_SUCH_OBJECT)
+
+        try:
+            self.samdb.rename(str(objDeleted1.dn), usr1, ["show_deleted:1"])
+            self.fail()
+        except LdbError as e2:
+            (num, _) = e2.args
+            self.assertEqual(num, ERR_UNWILLING_TO_PERFORM)
+
+    def test_undelete_with_mod(self):
+        print("Testing standard undelete operation with modification of additional attributes")
+        usr1 = "cn=testuser,cn=users," + self.base_dn
+        self.samdb.add({
+            "dn": usr1,
+            "objectclass": "user",
+            "description": "test user description",
+            "samaccountname": "testuser"})
+        objLive1 = self.search_dn(usr1)
+        guid1 = objLive1["objectGUID"][0]
+        self.samdb.delete(usr1)
+        objDeleted1 = self.search_guid(guid1)
+        self.restore_deleted_object(self.samdb, objDeleted1.dn, usr1, {"url": "www.samba.org"})
+        objLive2 = self.search_dn(usr1)
+        self.assertEqual(str(objLive2["url"][0]), "www.samba.org")
+        samba.tests.delete_force(self.samdb, usr1)
+
+    def test_undelete_newuser(self):
+        print("Testing undelete user with a different dn")
+        usr1 = "cn=testuser,cn=users," + self.base_dn
+        usr2 = "cn=testuser2,cn=users," + self.base_dn
+        samba.tests.delete_force(self.samdb, usr1)
+        self.samdb.add({
+            "dn": usr1,
+            "objectclass": "user",
+            "description": "test user description",
+            "samaccountname": "testuser"})
+        objLive1 = self.search_dn(usr1)
+        guid1 = objLive1["objectGUID"][0]
+        self.samdb.delete(usr1)
+        objDeleted1 = self.search_guid(guid1)
+        self.restore_deleted_object(self.samdb, objDeleted1.dn, usr2)
+        objLive2 = self.search_dn(usr2)
+        samba.tests.delete_force(self.samdb, usr1)
+        samba.tests.delete_force(self.samdb, usr2)
+
+    def test_undelete_existing(self):
+        print("Testing undelete user after a user with the same dn has been created")
+        usr1 = "cn=testuser,cn=users," + self.base_dn
+        self.samdb.add({
+            "dn": usr1,
+            "objectclass": "user",
+            "description": "test user description",
+            "samaccountname": "testuser"})
+        objLive1 = self.search_dn(usr1)
+        guid1 = objLive1["objectGUID"][0]
+        self.samdb.delete(usr1)
+        self.samdb.add({
+            "dn": usr1,
+            "objectclass": "user",
+            "description": "test user description",
+            "samaccountname": "testuser"})
+        objDeleted1 = self.search_guid(guid1)
+        try:
+            self.restore_deleted_object(self.samdb, objDeleted1.dn, usr1)
+            self.fail()
+        except LdbError as e3:
+            (num, _) = e3.args
+            self.assertEqual(num, ERR_ENTRY_ALREADY_EXISTS)
+
+    def test_undelete_cross_nc(self):
+        print("Cross NC undelete")
+        c1 = "cn=ldaptestcontainer," + self.base_dn
+        c2 = "cn=ldaptestcontainer2," + self.configuration_dn
+        c3 = "cn=ldaptestcontainer," + self.configuration_dn
+        c4 = "cn=ldaptestcontainer2," + self.base_dn
+        samba.tests.delete_force(self.samdb, c1)
+        samba.tests.delete_force(self.samdb, c2)
+        samba.tests.delete_force(self.samdb, c3)
+        samba.tests.delete_force(self.samdb, c4)
+        self.samdb.add({
+            "dn": c1,
+            "objectclass": "container"})
+        self.samdb.add({
+            "dn": c2,
+            "objectclass": "container"})
+        objLive1 = self.search_dn(c1)
+        objLive2 = self.search_dn(c2)
+        guid1 = objLive1["objectGUID"][0]
+        guid2 = objLive2["objectGUID"][0]
+        self.samdb.delete(c1)
+        self.samdb.delete(c2)
+        objDeleted1 = self.search_guid(guid1)
+        objDeleted2 = self.search_guid(guid2)
+        # try to undelete from base dn to config
+        try:
+            self.restore_deleted_object(self.samdb, objDeleted1.dn, c3)
+            self.fail()
+        except LdbError as e4:
+            (num, _) = e4.args
+            self.assertEqual(num, ERR_OPERATIONS_ERROR)
+        # try to undelete from config to base dn
+        try:
+            self.restore_deleted_object(self.samdb, objDeleted2.dn, c4)
+            self.fail()
+        except LdbError as e5:
+            (num, _) = e5.args
+            self.assertEqual(num, ERR_OPERATIONS_ERROR)
+        # assert undeletion will work in same nc
+        self.restore_deleted_object(self.samdb, objDeleted1.dn, c4)
+        self.restore_deleted_object(self.samdb, objDeleted2.dn, c3)
+
+
+class RestoreUserObjectTestCase(RestoredObjectAttributesBaseTestCase):
+    """Test cases for delete/reanimate user objects"""
+
+    def _expected_user_add_attributes(self, username, user_dn, category):
+        return {'dn': user_dn,
+                'objectClass': '**',
+                'cn': username,
+                'distinguishedName': user_dn,
+                'instanceType': '4',
+                'whenCreated': '**',
+                'whenChanged': '**',
+                'uSNCreated': '**',
+                'uSNChanged': '**',
+                'name': username,
+                'objectGUID': '**',
+                'userAccountControl': '546',
+                'badPwdCount': '0',
+                'badPasswordTime': '0',
+                'codePage': '0',
+                'countryCode': '0',
+                'lastLogon': '0',
+                'lastLogoff': '0',
+                'pwdLastSet': '0',
+                'primaryGroupID': '513',
+                'objectSid': '**',
+                'accountExpires': '9223372036854775807',
+                'logonCount': '0',
+                'sAMAccountName': username,
+                'sAMAccountType': '805306368',
+                'objectCategory': 'CN=%s,%s' % (category, self.schema_dn)
+                }
+
+    def _expected_user_add_metadata(self):
+        return [
+            (DRSUAPI_ATTID_objectClass, 1),
+            (DRSUAPI_ATTID_cn, 1),
+            (DRSUAPI_ATTID_instanceType, 1),
+            (DRSUAPI_ATTID_whenCreated, 1),
+            (DRSUAPI_ATTID_ntSecurityDescriptor, 1),
+            (DRSUAPI_ATTID_name, 1),
+            (DRSUAPI_ATTID_userAccountControl, None),
+            (DRSUAPI_ATTID_codePage, 1),
+            (DRSUAPI_ATTID_countryCode, 1),
+            (DRSUAPI_ATTID_dBCSPwd, 1),
+            (DRSUAPI_ATTID_logonHours, 1),
+            (DRSUAPI_ATTID_unicodePwd, 1),
+            (DRSUAPI_ATTID_ntPwdHistory, 1),
+            (DRSUAPI_ATTID_pwdLastSet, 1),
+            (DRSUAPI_ATTID_primaryGroupID, 1),
+            (DRSUAPI_ATTID_objectSid, 1),
+            (DRSUAPI_ATTID_accountExpires, 1),
+            (DRSUAPI_ATTID_lmPwdHistory, 1),
+            (DRSUAPI_ATTID_sAMAccountName, 1),
+            (DRSUAPI_ATTID_sAMAccountType, 1),
+            (DRSUAPI_ATTID_objectCategory, 1)]
+
+    def _expected_user_del_attributes(self, username, _guid, _sid):
+        guid = ndr_unpack(misc.GUID, _guid)
+        dn = "CN=%s\\0ADEL:%s,CN=Deleted Objects,%s" % (username, guid, self.base_dn)
+        cn = "%s\nDEL:%s" % (username, guid)
+        return {'dn': dn,
+                'objectClass': '**',
+                'cn': cn,
+                'distinguishedName': dn,
+                'isDeleted': 'TRUE',
+                'isRecycled': 'TRUE',
+                'instanceType': '4',
+                'whenCreated': '**',
+                'whenChanged': '**',
+                'uSNCreated': '**',
+                'uSNChanged': '**',
+                'name': cn,
+                'objectGUID': _guid,
+                'userAccountControl': '546',
+                'objectSid': _sid,
+                'sAMAccountName': username,
+                'lastKnownParent': 'CN=Users,%s' % self.base_dn,
+                }
+
+    def _expected_user_del_metadata(self):
+        return [
+            (DRSUAPI_ATTID_objectClass, 1),
+            (DRSUAPI_ATTID_cn, 2),
+            (DRSUAPI_ATTID_instanceType, 1),
+            (DRSUAPI_ATTID_whenCreated, 1),
+            (DRSUAPI_ATTID_isDeleted, 1),
+            (DRSUAPI_ATTID_ntSecurityDescriptor, 1),
+            (DRSUAPI_ATTID_name, 2),
+            (DRSUAPI_ATTID_userAccountControl, None),
+            (DRSUAPI_ATTID_codePage, 2),
+            (DRSUAPI_ATTID_countryCode, 2),
+            (DRSUAPI_ATTID_dBCSPwd, 1),
+            (DRSUAPI_ATTID_logonHours, 1),
+            (DRSUAPI_ATTID_unicodePwd, 1),
+            (DRSUAPI_ATTID_ntPwdHistory, 1),
+            (DRSUAPI_ATTID_pwdLastSet, 2),
+            (DRSUAPI_ATTID_primaryGroupID, 2),
+            (DRSUAPI_ATTID_objectSid, 1),
+            (DRSUAPI_ATTID_accountExpires, 2),
+            (DRSUAPI_ATTID_lmPwdHistory, 1),
+            (DRSUAPI_ATTID_sAMAccountName, 1),
+            (DRSUAPI_ATTID_sAMAccountType, 2),
+            (DRSUAPI_ATTID_lastKnownParent, 1),
+            (DRSUAPI_ATTID_objectCategory, 2),
+            (DRSUAPI_ATTID_isRecycled, 1)]
+
+    def _expected_user_restore_attributes(self, username, guid, sid, user_dn, category):
+        return {'dn': user_dn,
+                'objectClass': '**',
+                'cn': username,
+                'distinguishedName': user_dn,
+                'instanceType': '4',
+                'whenCreated': '**',
+                'whenChanged': '**',
+                'uSNCreated': '**',
+                'uSNChanged': '**',
+                'name': username,
+                'objectGUID': guid,
+                'userAccountControl': '546',
+                'badPwdCount': '0',
+                'badPasswordTime': '0',
+                'codePage': '0',
+                'countryCode': '0',
+                'lastLogon': '0',
+                'lastLogoff': '0',
+                'pwdLastSet': '0',
+                'primaryGroupID': '513',
+                'operatorCount': '0',
+                'objectSid': sid,
+                'adminCount': '0',
+                'accountExpires': '0',
+                'logonCount': '0',
+                'sAMAccountName': username,
+                'sAMAccountType': '805306368',
+                'lastKnownParent': 'CN=Users,%s' % self.base_dn,
+                'objectCategory': 'CN=%s,%s' % (category, self.schema_dn)
+                }
+
+    def _expected_user_restore_metadata(self):
+        return [
+            (DRSUAPI_ATTID_objectClass, 1),
+            (DRSUAPI_ATTID_cn, 3),
+            (DRSUAPI_ATTID_instanceType, 1),
+            (DRSUAPI_ATTID_whenCreated, 1),
+            (DRSUAPI_ATTID_isDeleted, 2),
+            (DRSUAPI_ATTID_ntSecurityDescriptor, 1),
+            (DRSUAPI_ATTID_name, 3),
+            (DRSUAPI_ATTID_userAccountControl, None),
+            (DRSUAPI_ATTID_codePage, 3),
+            (DRSUAPI_ATTID_countryCode, 3),
+            (DRSUAPI_ATTID_dBCSPwd, 1),
+            (DRSUAPI_ATTID_logonHours, 1),
+            (DRSUAPI_ATTID_unicodePwd, 1),
+            (DRSUAPI_ATTID_ntPwdHistory, 1),
+            (DRSUAPI_ATTID_pwdLastSet, 3),
+            (DRSUAPI_ATTID_primaryGroupID, 3),
+            (DRSUAPI_ATTID_operatorCount, 1),
+            (DRSUAPI_ATTID_objectSid, 1),
+            (DRSUAPI_ATTID_adminCount, 1),
+            (DRSUAPI_ATTID_accountExpires, 3),
+            (DRSUAPI_ATTID_lmPwdHistory, 1),
+            (DRSUAPI_ATTID_sAMAccountName, 1),
+            (DRSUAPI_ATTID_sAMAccountType, 3),
+            (DRSUAPI_ATTID_lastKnownParent, 1),
+            (DRSUAPI_ATTID_objectCategory, 3),
+            (DRSUAPI_ATTID_isRecycled, 2)]
+
+    def test_restore_user(self):
+        print("Test restored user attributes")
+        username = "restore_user"
+        usr_dn = "CN=%s,CN=Users,%s" % (username, self.base_dn)
+        samba.tests.delete_force(self.samdb, usr_dn)
+        self.samdb.add({
+            "dn": usr_dn,
+            "objectClass": "user",
+            "sAMAccountName": username})
+        obj = self.search_dn(usr_dn)
+        guid = obj["objectGUID"][0]
+        sid = obj["objectSID"][0]
+        obj_rmd = self.search_guid(guid, attrs=["replPropertyMetaData"])
+        self.assertAttributesExists(self._expected_user_add_attributes(username, usr_dn, "Person"), obj)
+        self._check_metadata(obj_rmd["replPropertyMetaData"],
+                             self._expected_user_add_metadata())
+        self.samdb.delete(usr_dn)
+        obj_del = self.search_guid(guid)
+        obj_del_rmd = self.search_guid(guid, attrs=["replPropertyMetaData"])
+        orig_attrs = set(obj.keys())
+        del_attrs = set(obj_del.keys())
+        self.assertAttributesExists(self._expected_user_del_attributes(username, guid, sid), obj_del)
+        self._check_metadata(obj_del_rmd["replPropertyMetaData"],
+                             self._expected_user_del_metadata())
+        # restore the user and fetch what's restored
+        self.restore_deleted_object(self.samdb, obj_del.dn, usr_dn)
+        obj_restore = self.search_guid(guid)
+        obj_restore_rmd = self.search_guid(guid, attrs=["replPropertyMetaData"])
+        # check original attributes and restored one are same
+        orig_attrs = set(obj.keys())
+        # windows restore more attributes that originally we have
+        orig_attrs.update(['adminCount', 'operatorCount', 'lastKnownParent'])
+        rest_attrs = set(obj_restore.keys())
+        self.assertAttributesExists(self._expected_user_restore_attributes(username, guid, sid, usr_dn, "Person"), obj_restore)
+        self._check_metadata(obj_restore_rmd["replPropertyMetaData"],
+                             self._expected_user_restore_metadata())
+
+
+class RestoreUserPwdObjectTestCase(RestoredObjectAttributesBaseTestCase):
+    """Test cases for delete/reanimate user objects with password"""
+
+    def _expected_userpw_add_attributes(self, username, user_dn, category):
+        return {'dn': user_dn,
+                'objectClass': '**',
+                'cn': username,
+                'distinguishedName': user_dn,
+                'instanceType': '4',
+                'whenCreated': '**',
+                'whenChanged': '**',
+                'uSNCreated': '**',
+                'uSNChanged': '**',
+                'name': username,
+                'objectGUID': '**',
+                'userAccountControl': '546',
+                'badPwdCount': '0',
+                'badPasswordTime': '0',
+                'codePage': '0',
+                'countryCode': '0',
+                'lastLogon': '0',
+                'lastLogoff': '0',
+                'pwdLastSet': '**',
+                'primaryGroupID': '513',
+                'objectSid': '**',
+                'accountExpires': '9223372036854775807',
+                'logonCount': '0',
+                'sAMAccountName': username,
+                'sAMAccountType': '805306368',
+                'objectCategory': 'CN=%s,%s' % (category, self.schema_dn)
+                }
+
+    def _expected_userpw_add_metadata(self):
+        return [
+            (DRSUAPI_ATTID_objectClass, 1),
+            (DRSUAPI_ATTID_cn, 1),
+            (DRSUAPI_ATTID_instanceType, 1),
+            (DRSUAPI_ATTID_whenCreated, 1),
+            (DRSUAPI_ATTID_ntSecurityDescriptor, 1),
+            (DRSUAPI_ATTID_name, 1),
+            (DRSUAPI_ATTID_userAccountControl, None),
+            (DRSUAPI_ATTID_codePage, 1),
+            (DRSUAPI_ATTID_countryCode, 1),
+            (DRSUAPI_ATTID_dBCSPwd, 1),
+            (DRSUAPI_ATTID_logonHours, 1),
+            (DRSUAPI_ATTID_unicodePwd, 1),
+            (DRSUAPI_ATTID_ntPwdHistory, 1),
+            (DRSUAPI_ATTID_pwdLastSet, 1),
+            (DRSUAPI_ATTID_primaryGroupID, 1),
+            (DRSUAPI_ATTID_supplementalCredentials, 1),
+            (DRSUAPI_ATTID_objectSid, 1),
+            (DRSUAPI_ATTID_accountExpires, 1),
+            (DRSUAPI_ATTID_lmPwdHistory, 1),
+            (DRSUAPI_ATTID_sAMAccountName, 1),
+            (DRSUAPI_ATTID_sAMAccountType, 1),
+            (DRSUAPI_ATTID_objectCategory, 1)]
+
+    def _expected_userpw_del_attributes(self, username, _guid, _sid):
+        guid = ndr_unpack(misc.GUID, _guid)
+        dn = "CN=%s\\0ADEL:%s,CN=Deleted Objects,%s" % (username, guid, self.base_dn)
+        cn = "%s\nDEL:%s" % (username, guid)
+        return {'dn': dn,
+                'objectClass': '**',
+                'cn': cn,
+                'distinguishedName': dn,
+                'isDeleted': 'TRUE',
+                'isRecycled': 'TRUE',
+                'instanceType': '4',
+                'whenCreated': '**',
+                'whenChanged': '**',
+                'uSNCreated': '**',
+                'uSNChanged': '**',
+                'name': cn,
+                'objectGUID': _guid,
+                'userAccountControl': '546',
+                'objectSid': _sid,
+                'sAMAccountName': username,
+                'lastKnownParent': 'CN=Users,%s' % self.base_dn,
+                }
+
+    def _expected_userpw_del_metadata(self):
+        return [
+            (DRSUAPI_ATTID_objectClass, 1),
+            (DRSUAPI_ATTID_cn, 2),
+            (DRSUAPI_ATTID_instanceType, 1),
+            (DRSUAPI_ATTID_whenCreated, 1),
+            (DRSUAPI_ATTID_isDeleted, 1),
+            (DRSUAPI_ATTID_ntSecurityDescriptor, 1),
+            (DRSUAPI_ATTID_name, 2),
+            (DRSUAPI_ATTID_userAccountControl, None),
+            (DRSUAPI_ATTID_codePage, 2),
+            (DRSUAPI_ATTID_countryCode, 2),
+            (DRSUAPI_ATTID_dBCSPwd, 1),
+            (DRSUAPI_ATTID_logonHours, 1),
+            (DRSUAPI_ATTID_unicodePwd, 2),
+            (DRSUAPI_ATTID_ntPwdHistory, 2),
+            (DRSUAPI_ATTID_pwdLastSet, 2),
+            (DRSUAPI_ATTID_primaryGroupID, 2),
+            (DRSUAPI_ATTID_supplementalCredentials, 2),
+            (DRSUAPI_ATTID_objectSid, 1),
+            (DRSUAPI_ATTID_accountExpires, 2),
+            (DRSUAPI_ATTID_lmPwdHistory, None),
+            (DRSUAPI_ATTID_sAMAccountName, 1),
+            (DRSUAPI_ATTID_sAMAccountType, 2),
+            (DRSUAPI_ATTID_lastKnownParent, 1),
+            (DRSUAPI_ATTID_objectCategory, 2),
+            (DRSUAPI_ATTID_isRecycled, 1)]
+
+    def _expected_userpw_restore_attributes(self, username, guid, sid, user_dn, category):
+        return {'dn': user_dn,
+                'objectClass': '**',
+                'cn': username,
+                'distinguishedName': user_dn,
+                'instanceType': '4',
+                'whenCreated': '**',
+                'whenChanged': '**',
+                'uSNCreated': '**',
+                'uSNChanged': '**',
+                'name': username,
+                'objectGUID': guid,
+                'userAccountControl': '546',
+                'badPwdCount': '0',
+                'badPasswordTime': '0',
+                'codePage': '0',
+                'countryCode': '0',
+                'lastLogon': '0',
+                'lastLogoff': '0',
+                'pwdLastSet': '**',
+                'primaryGroupID': '513',
+                'operatorCount': '0',
+                'objectSid': sid,
+                'adminCount': '0',
+                'accountExpires': '0',
+                'logonCount': '0',
+                'sAMAccountName': username,
+                'sAMAccountType': '805306368',
+                'lastKnownParent': 'CN=Users,%s' % self.base_dn,
+                'objectCategory': 'CN=%s,%s' % (category, self.schema_dn)
+                }
+
+    def _expected_userpw_restore_metadata(self):
+        return [
+            (DRSUAPI_ATTID_objectClass, 1),
+            (DRSUAPI_ATTID_cn, 3),
+            (DRSUAPI_ATTID_instanceType, 1),
+            (DRSUAPI_ATTID_whenCreated, 1),
+            (DRSUAPI_ATTID_isDeleted, 2),
+            (DRSUAPI_ATTID_ntSecurityDescriptor, 1),
+            (DRSUAPI_ATTID_name, 3),
+            (DRSUAPI_ATTID_userAccountControl, None),
+            (DRSUAPI_ATTID_codePage, 3),
+            (DRSUAPI_ATTID_countryCode, 3),
+            (DRSUAPI_ATTID_dBCSPwd, 2),
+            (DRSUAPI_ATTID_logonHours, 1),
+            (DRSUAPI_ATTID_unicodePwd, 3),
+            (DRSUAPI_ATTID_ntPwdHistory, 3),
+            (DRSUAPI_ATTID_pwdLastSet, 4),
+            (DRSUAPI_ATTID_primaryGroupID, 3),
+            (DRSUAPI_ATTID_supplementalCredentials, 3),
+            (DRSUAPI_ATTID_operatorCount, 1),
+            (DRSUAPI_ATTID_objectSid, 1),
+            (DRSUAPI_ATTID_adminCount, 1),
+            (DRSUAPI_ATTID_accountExpires, 3),
+            (DRSUAPI_ATTID_lmPwdHistory, None),
+            (DRSUAPI_ATTID_sAMAccountName, 1),
+            (DRSUAPI_ATTID_sAMAccountType, 3),
+            (DRSUAPI_ATTID_lastKnownParent, 1),
+            (DRSUAPI_ATTID_objectCategory, 3),
+            (DRSUAPI_ATTID_isRecycled, 2)]
+
+    def test_restorepw_user(self):
+        print("Test restored user attributes")
+        username = "restorepw_user"
+        usr_dn = "CN=%s,CN=Users,%s" % (username, self.base_dn)
+        samba.tests.delete_force(self.samdb, usr_dn)
+        self.samdb.add({
+            "dn": usr_dn,
+            "objectClass": "user",
+            "userPassword": "thatsAcomplPASS0",
+            "sAMAccountName": username})
+        obj = self.search_dn(usr_dn)
+        guid = obj["objectGUID"][0]
+        sid = obj["objectSID"][0]
+        obj_rmd = self.search_guid(guid, attrs=["replPropertyMetaData"])
+        self.assertAttributesExists(self._expected_userpw_add_attributes(username, usr_dn, "Person"), obj)
+        self._check_metadata(obj_rmd["replPropertyMetaData"],
+                             self._expected_userpw_add_metadata())
+        self.samdb.delete(usr_dn)
+        obj_del = self.search_guid(guid)
+        obj_del_rmd = self.search_guid(guid, attrs=["replPropertyMetaData"])
+        orig_attrs = set(obj.keys())
+        del_attrs = set(obj_del.keys())
+        self.assertAttributesExists(self._expected_userpw_del_attributes(username, guid, sid), obj_del)
+        self._check_metadata(obj_del_rmd["replPropertyMetaData"],
+                             self._expected_userpw_del_metadata())
+        # restore the user and fetch what's restored
+        self.restore_deleted_object(self.samdb, obj_del.dn, usr_dn, {"userPassword": ["thatsAcomplPASS1"]})
+        obj_restore = self.search_guid(guid)
+        obj_restore_rmd = self.search_guid(guid, attrs=["replPropertyMetaData"])
+        # check original attributes and restored one are same
+        orig_attrs = set(obj.keys())
+        # windows restore more attributes that originally we have
+        orig_attrs.update(['adminCount', 'operatorCount', 'lastKnownParent'])
+        rest_attrs = set(obj_restore.keys())
+        self.assertAttributesExists(self._expected_userpw_restore_attributes(username, guid, sid, usr_dn, "Person"), obj_restore)
+        self._check_metadata(obj_restore_rmd["replPropertyMetaData"],
+                             self._expected_userpw_restore_metadata())
+
+
+class RestoreGroupObjectTestCase(RestoredObjectAttributesBaseTestCase):
+    """Test different scenarios for delete/reanimate group objects"""
+
+    def _make_object_dn(self, name):
+        return "CN=%s,CN=Users,%s" % (name, self.base_dn)
+
+    def _create_test_user(self, user_name):
+        user_dn = self._make_object_dn(user_name)
+        ldif = {
+            "dn": user_dn,
+            "objectClass": "user",
+            "sAMAccountName": user_name,
+        }
+        # delete an object if leftover from previous test
+        samba.tests.delete_force(self.samdb, user_dn)
+        # finally, create the group
+        self.samdb.add(ldif)
+        return self.search_dn(user_dn)
+
+    def _create_test_group(self, group_name, members=None):
+        group_dn = self._make_object_dn(group_name)
+        ldif = {
+            "dn": group_dn,
+            "objectClass": "group",
+            "sAMAccountName": group_name,
+        }
+        try:
+            ldif["member"] = [str(usr_dn) for usr_dn in members]
+        except TypeError:
+            pass
+        # delete an object if leftover from previous test
+        samba.tests.delete_force(self.samdb, group_dn)
+        # finally, create the group
+        self.samdb.add(ldif)
+        return self.search_dn(group_dn)
+
+    def _expected_group_attributes(self, groupname, group_dn, category):
+        return {'dn': group_dn,
+                'groupType': '-2147483646',
+                'distinguishedName': group_dn,
+                'sAMAccountName': groupname,
+                'name': groupname,
+                'objectCategory': 'CN=%s,%s' % (category, self.schema_dn),
+                'objectClass': '**',
+                'objectGUID': '**',
+                'lastKnownParent': 'CN=Users,%s' % self.base_dn,
+                'whenChanged': '**',
+                'sAMAccountType': '268435456',
+                'objectSid': '**',
+                'whenCreated': '**',
+                'uSNCreated': '**',
+                'operatorCount': '0',
+                'uSNChanged': '**',
+                'instanceType': '4',
+                'adminCount': '0',
+                'cn': groupname}
+
+    def test_plain_group(self):
+        print("Test restored Group attributes")
+        # create test group
+        obj = self._create_test_group("r_group")
+        guid = obj["objectGUID"][0]
+        # delete the group
+        self.samdb.delete(str(obj.dn))
+        obj_del = self.search_guid(guid)
+        # restore the Group and fetch what's restored
+        self.restore_deleted_object(self.samdb, obj_del.dn, obj.dn)
+        obj_restore = self.search_guid(guid)
+        # check original attributes and restored one are same
+        attr_orig = set(obj.keys())
+        # windows restore more attributes that originally we have
+        attr_orig.update(['adminCount', 'operatorCount', 'lastKnownParent'])
+        attr_rest = set(obj_restore.keys())
+        self.assertAttributesEqual(obj, attr_orig, obj_restore, attr_rest)
+        self.assertAttributesExists(self._expected_group_attributes("r_group", str(obj.dn), "Group"), obj_restore)
+
+    def test_group_with_members(self):
+        print("Test restored Group with members attributes")
+        # create test group
+        usr1 = self._create_test_user("r_user_1")
+        usr2 = self._create_test_user("r_user_2")
+        obj = self._create_test_group("r_group", [usr1.dn, usr2.dn])
+        guid = obj["objectGUID"][0]
+        # delete the group
+        self.samdb.delete(str(obj.dn))
+        obj_del = self.search_guid(guid)
+        # restore the Group and fetch what's restored
+        self.restore_deleted_object(self.samdb, obj_del.dn, obj.dn)
+        obj_restore = self.search_guid(guid)
+        # check original attributes and restored one are same
+        attr_orig = set(obj.keys())
+        # windows restore more attributes that originally we have
+        attr_orig.update(['adminCount', 'operatorCount', 'lastKnownParent'])
+        # and does not restore following attributes
+        attr_orig.remove("member")
+        attr_rest = set(obj_restore.keys())
+        self.assertAttributesEqual(obj, attr_orig, obj_restore, attr_rest)
+        self.assertAttributesExists(self._expected_group_attributes("r_group", str(obj.dn), "Group"), obj_restore)
+
+
+class RestoreContainerObjectTestCase(RestoredObjectAttributesBaseTestCase):
+    """Test different scenarios for delete/reanimate OU/container objects"""
+
+    def _expected_container_attributes(self, rdn, name, dn, category):
+        if rdn == 'OU':
+            lastKnownParent = '%s' % self.base_dn
+        else:
+            lastKnownParent = 'CN=Users,%s' % self.base_dn
+        return {'dn': dn,
+                'distinguishedName': dn,
+                'name': name,
+                'objectCategory': 'CN=%s,%s' % (category, self.schema_dn),
+                'objectClass': '**',
+                'objectGUID': '**',
+                'lastKnownParent': lastKnownParent,
+                'whenChanged': '**',
+                'whenCreated': '**',
+                'uSNCreated': '**',
+                'uSNChanged': '**',
+                'instanceType': '4',
+                rdn.lower(): name}
+
+    def _create_test_ou(self, rdn, name=None, description=None):
+        ou_dn = "OU=%s,%s" % (rdn, self.base_dn)
+        # delete an object if leftover from previous test
+        samba.tests.delete_force(self.samdb, ou_dn)
+        # create ou and return created object
+        self.samdb.create_ou(ou_dn, name=name, description=description)
+        return self.search_dn(ou_dn)
+
+    def test_ou_with_name_description(self):
+        print("Test OU reanimation")
+        # create OU to test with
+        obj = self._create_test_ou(rdn="r_ou",
+                                   name="r_ou name",
+                                   description="r_ou description")
+        guid = obj["objectGUID"][0]
+        # delete the object
+        self.samdb.delete(str(obj.dn))
+        obj_del = self.search_guid(guid)
+        # restore the Object and fetch what's restored
+        self.restore_deleted_object(self.samdb, obj_del.dn, obj.dn)
+        obj_restore = self.search_guid(guid)
+        # check original attributes and restored one are same
+        attr_orig = set(obj.keys())
+        attr_rest = set(obj_restore.keys())
+        # windows restore more attributes that originally we have
+        attr_orig.update(["lastKnownParent"])
+        # and does not restore following attributes
+        attr_orig -= set(["description"])
+        self.assertAttributesEqual(obj, attr_orig, obj_restore, attr_rest)
+        expected_attrs = self._expected_container_attributes("OU", "r_ou", str(obj.dn), "Organizational-Unit")
+        self.assertAttributesExists(expected_attrs, obj_restore)
+
+    def test_container(self):
+        print("Test Container reanimation")
+        # create test Container
+        obj = self._create_object({
+            "dn": "CN=r_container,CN=Users,%s" % self.base_dn,
+            "objectClass": "container"
+        })
+        guid = obj["objectGUID"][0]
+        # delete the object
+        self.samdb.delete(str(obj.dn))
+        obj_del = self.search_guid(guid)
+        # restore the Object and fetch what's restored
+        self.restore_deleted_object(self.samdb, obj_del.dn, obj.dn)
+        obj_restore = self.search_guid(guid)
+        # check original attributes and restored one are same
+        attr_orig = set(obj.keys())
+        attr_rest = set(obj_restore.keys())
+        # windows restore more attributes that originally we have
+        attr_orig.update(["lastKnownParent"])
+        # and does not restore following attributes
+        attr_orig -= set(["showInAdvancedViewOnly"])
+        self.assertAttributesEqual(obj, attr_orig, obj_restore, attr_rest)
+        expected_attrs = self._expected_container_attributes("CN", "r_container",
+                                                             str(obj.dn), "Container")
+        self.assertAttributesExists(expected_attrs, obj_restore)
+
+
+if __name__ == '__main__':
+    unittest.main()
diff --git a/source4/dsdb/tests/python/unicodepwd_encrypted.py b/source4/dsdb/tests/python/unicodepwd_encrypted.py
new file mode 100644
index 0000000..768cbf8
--- /dev/null
+++ b/source4/dsdb/tests/python/unicodepwd_encrypted.py
@@ -0,0 +1,151 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+import sys
+import optparse
+
+sys.path.insert(0, "bin/python")
+import samba.getopt as options
+from ldb import Message, MessageElement, Dn
+from ldb import LdbError, FLAG_MOD_REPLACE, ERR_UNWILLING_TO_PERFORM, SCOPE_BASE
+from samba import gensec
+from samba.auth import system_session
+from samba.samdb import SamDB
+from samba.tests import delete_force
+from samba.tests.password_test import PasswordTestCase
+from samba.tests.subunitrun import SubunitOptions, TestProgram
+
+parser = optparse.OptionParser("unicodepwd_encrypted.py [options] <host>")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+subunitopts = SubunitOptions(parser)
+parser.add_option_group(subunitopts)
+lp = sambaopts.get_loadparm()
+opts, args = parser.parse_args()
+
+if len(args) < 1:
+    parser.print_usage()
+    sys.exit(1)
+
+host = args[0]
+host_ldaps = f"ldaps://{host}"
+host_ldap = f"ldap://{host}"
+
+
+class UnicodePwdEncryptedConnectionTests(PasswordTestCase):
+
+    def setUp(self):
+        super().setUp()
+        self.creds = self.insta_creds(template=credopts.get_credentials(lp))
+        self.ldb = SamDB(host_ldap, credentials=self.creds,
+                         session_info=system_session(lp),
+                         lp=lp)
+        self.base_dn = self.ldb.domain_dn()
+        self.user_dn_str = f"cn=testuser,cn=users,{self.base_dn}"
+        self.user_dn = Dn(self.ldb, self.user_dn_str)
+        print(f"baseDN: {self.base_dn}\n")
+
+        # permit password changes during this test
+        self.allow_password_changes()
+
+        # (Re)adds the test user "testuser" with no password.
+        delete_force(self.ldb, str(self.user_dn))
+        self.ldb.add({
+            "dn": str(self.user_dn),
+            "objectclass": "user",
+            "sAMAccountName": "testuser"
+        })
+
+        # Set the test user initial password and enable account.
+        m = Message(self.user_dn)
+        m["0"] = MessageElement("Password#2", FLAG_MOD_REPLACE, "userPassword")
+        self.ldb.modify(m)
+        self.ldb.enable_account("(sAMAccountName=testuser)")
+
+    def modify_unicode_pwd(self, ldb, password):
+        """Replaces user password using unicodePwd."""
+        m = Message()
+        m.dn = self.user_dn
+        m["unicodePwd"] = MessageElement(
+            f'"{password}"'.encode('utf-16-le'),
+            FLAG_MOD_REPLACE, "unicodePwd"
+        )
+        ldb.modify(m)
+
+    def get_admin_sid(self, ldb):
+        res = self.ldb.search(
+            base="", expression="", scope=SCOPE_BASE, attrs=["tokenGroups"])
+
+        return self.ldb.schema_format_value(
+            "tokenGroups", res[0]["tokenGroups"][0]).decode("utf8")
+
+    def test_with_seal(self):
+        """Test unicodePwd on connection with seal.
+
+        This should allow unicodePwd.
+        """
+        self.modify_unicode_pwd(self.ldb, "thatsAcomplPASS2")
+
+    def test_without_seal(self):
+        """Test unicodePwd on connection without seal.
+
+        Should not allow unicodePwd on an unencrypted connection.
+
+        Requires --use-kerberos=required, or it automatically upgrades
+        to an encrypted connection.
+        """
+        # Remove FEATURE_SEAL which gets added by insta_creds.
+        creds_noseal = self.insta_creds(template=credopts.get_credentials(lp))
+        creds_noseal.set_gensec_features(creds_noseal.get_gensec_features() &
+                                         ~gensec.FEATURE_SEAL)
+
+        sasl_wrap = lp.get('client ldap sasl wrapping')
+        self.addCleanup(lp.set, 'client ldap sasl wrapping', sasl_wrap)
+        lp.set('client ldap sasl wrapping', 'sign')
+
+        # Create a second ldb connection without seal.
+        ldb = SamDB(host_ldap, credentials=creds_noseal,
+                    session_info=system_session(lp),
+                    lp=lp)
+
+        with self.assertRaises(LdbError) as e:
+            self.modify_unicode_pwd(ldb, "thatsAcomplPASS2")
+
+        # Server should not allow unicodePwd on an unencrypted connection.
+        self.assertEqual(e.exception.args[0], ERR_UNWILLING_TO_PERFORM)
+        self.assertIn(
+            "Password modification over LDAP must be over an encrypted connection",
+            e.exception.args[1]
+        )
+
+    def test_simple_bind_plain(self):
+        """Test unicodePwd using simple bind without encryption."""
+        admin_sid = self.get_admin_sid(self.ldb)
+
+        self.creds.set_bind_dn(admin_sid)
+        ldb = SamDB(url=host_ldap, credentials=self.creds, lp=lp)
+
+        with self.assertRaises(LdbError) as e:
+            self.modify_unicode_pwd(ldb, "thatsAcomplPASS2")
+
+        # Server should not allow unicodePwd on an unencrypted connection.
+        self.assertEqual(e.exception.args[0], ERR_UNWILLING_TO_PERFORM)
+        self.assertIn(
+            "Password modification over LDAP must be over an encrypted connection",
+            e.exception.args[1]
+        )
+
+    def test_simple_bind_tls(self):
+        """Test unicodePwd using simple bind with encryption."""
+        admin_sid = self.get_admin_sid(self.ldb)
+
+        self.creds.set_bind_dn(admin_sid)
+        ldb = SamDB(url=host_ldaps, credentials=self.creds, lp=lp)
+
+        self.modify_unicode_pwd(ldb, "thatsAcomplPASS2")
+
+
+TestProgram(module=__name__, opts=subunitopts)
diff --git a/source4/dsdb/tests/python/urgent_replication.py b/source4/dsdb/tests/python/urgent_replication.py
new file mode 100755
index 0000000..0d39c38
--- /dev/null
+++ b/source4/dsdb/tests/python/urgent_replication.py
@@ -0,0 +1,339 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+import optparse
+import sys
+sys.path.insert(0, "bin/python")
+import samba
+from samba.tests.subunitrun import TestProgram, SubunitOptions
+
+from ldb import (LdbError, ERR_NO_SUCH_OBJECT, Message,
+                 MessageElement, Dn, FLAG_MOD_REPLACE)
+import samba.tests
+import samba.dsdb as dsdb
+import samba.getopt as options
+import random
+
+parser = optparse.OptionParser("urgent_replication.py [options] <host>")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+subunitopts = SubunitOptions(parser)
+parser.add_option_group(subunitopts)
+opts, args = parser.parse_args()
+
+if len(args) < 1:
+    parser.print_usage()
+    sys.exit(1)
+
+host = args[0]
+
+
+class UrgentReplicationTests(samba.tests.TestCase):
+
+    def delete_force(self, ldb, dn):
+        try:
+            ldb.delete(dn, ["relax:0"])
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_NO_SUCH_OBJECT)
+
+    def setUp(self):
+        super(UrgentReplicationTests, self).setUp()
+        self.ldb = samba.tests.connect_samdb(host, global_schema=False)
+        self.base_dn = self.ldb.domain_dn()
+
+        print("baseDN: %s\n" % self.base_dn)
+
+    def test_nonurgent_object(self):
+        """Test if the urgent replication is not activated when handling a non urgent object."""
+        self.ldb.add({
+            "dn": "cn=nonurgenttest,cn=users," + self.base_dn,
+            "objectclass": "user",
+            "samaccountname": "nonurgenttest",
+            "description": "nonurgenttest description"})
+
+        # urgent replication should not be enabled when creating
+        res = self.ldb.load_partition_usn(self.base_dn)
+        self.assertNotEqual(res["uSNHighest"], res["uSNUrgent"])
+
+        # urgent replication should not be enabled when modifying
+        m = Message()
+        m.dn = Dn(self.ldb, "cn=nonurgenttest,cn=users," + self.base_dn)
+        m["description"] = MessageElement("new description", FLAG_MOD_REPLACE,
+                                          "description")
+        self.ldb.modify(m)
+        res = self.ldb.load_partition_usn(self.base_dn)
+        self.assertNotEqual(res["uSNHighest"], res["uSNUrgent"])
+
+        # urgent replication should not be enabled when deleting
+        self.delete_force(self.ldb, "cn=nonurgenttest,cn=users," + self.base_dn)
+        res = self.ldb.load_partition_usn(self.base_dn)
+        self.assertNotEqual(res["uSNHighest"], res["uSNUrgent"])
+
+    def test_nTDSDSA_object(self):
+        """Test if the urgent replication is activated when handling a nTDSDSA object."""
+        self.ldb.add({
+            "dn": "cn=test server,cn=Servers,cn=Default-First-Site-Name,cn=Sites,%s" %
+            self.ldb.get_config_basedn(),
+            "objectclass": "server",
+            "cn": "test server",
+            "name": "test server",
+            "systemFlags": "50000000"}, ["relax:0"])
+
+        self.ldb.add_ldif(
+            """dn: cn=NTDS Settings test,cn=test server,cn=Servers,cn=Default-First-Site-Name,cn=Sites,cn=Configuration,%s""" % (self.base_dn) + """
+objectclass: nTDSDSA
+cn: NTDS Settings test
+options: 1
+instanceType: 4
+systemFlags: 33554432""", ["relax:0"])
+
+        # urgent replication should be enabled when creation
+        res = self.ldb.load_partition_usn("cn=Configuration," + self.base_dn)
+        self.assertEqual(res["uSNHighest"], res["uSNUrgent"])
+
+        # urgent replication should NOT be enabled when modifying
+        m = Message()
+        m.dn = Dn(self.ldb, "cn=NTDS Settings test,cn=test server,cn=Servers,cn=Default-First-Site-Name,cn=Sites,cn=Configuration," + self.base_dn)
+        m["options"] = MessageElement("0", FLAG_MOD_REPLACE,
+                                      "options")
+        self.ldb.modify(m)
+        res = self.ldb.load_partition_usn("cn=Configuration," + self.base_dn)
+        self.assertNotEqual(res["uSNHighest"], res["uSNUrgent"])
+
+        # urgent replication should be enabled when deleting
+        self.delete_force(self.ldb, "cn=NTDS Settings test,cn=test server,cn=Servers,cn=Default-First-Site-Name,cn=Sites,cn=Configuration," + self.base_dn)
+        res = self.ldb.load_partition_usn("cn=Configuration," + self.base_dn)
+        self.assertEqual(res["uSNHighest"], res["uSNUrgent"])
+
+        self.delete_force(self.ldb, "cn=test server,cn=Servers,cn=Default-First-Site-Name,cn=Sites,cn=Configuration," + self.base_dn)
+
+    def test_crossRef_object(self):
+        """Test if the urgent replication is activated when handling a crossRef object."""
+        self.ldb.add({
+            "dn": "CN=test crossRef,CN=Partitions,CN=Configuration," + self.base_dn,
+            "objectClass": "crossRef",
+            "cn": "test crossRef",
+            "dnsRoot": self.get_loadparm().get("realm").lower(),
+            "instanceType": "4",
+            "nCName": self.base_dn,
+            "showInAdvancedViewOnly": "TRUE",
+            "name": "test crossRef",
+            "systemFlags": "1"}, ["relax:0"])
+
+        # urgent replication should be enabled when creating
+        res = self.ldb.load_partition_usn("cn=Configuration," + self.base_dn)
+        self.assertEqual(res["uSNHighest"], res["uSNUrgent"])
+
+        # urgent replication should NOT be enabled when modifying
+        m = Message()
+        m.dn = Dn(self.ldb, "cn=test crossRef,CN=Partitions,CN=Configuration," + self.base_dn)
+        m["systemFlags"] = MessageElement("0", FLAG_MOD_REPLACE,
+                                          "systemFlags")
+        self.ldb.modify(m)
+        res = self.ldb.load_partition_usn("cn=Configuration," + self.base_dn)
+        self.assertNotEqual(res["uSNHighest"], res["uSNUrgent"])
+
+        # urgent replication should be enabled when deleting
+        self.delete_force(self.ldb, "cn=test crossRef,CN=Partitions,CN=Configuration," + self.base_dn)
+        res = self.ldb.load_partition_usn("cn=Configuration," + self.base_dn)
+        self.assertEqual(res["uSNHighest"], res["uSNUrgent"])
+
+    def test_attributeSchema_object(self):
+        """Test if the urgent replication is activated when handling an attributeSchema object"""
+
+        self.ldb.add_ldif(
+            """dn: CN=test attributeSchema,cn=Schema,CN=Configuration,%s""" % self.base_dn + """
+objectClass: attributeSchema
+cn: test attributeSchema
+instanceType: 4
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+attributeID: 1.3.6.1.4.1.7165.4.6.1.4.""" + str(random.randint(1, 100000)) + """
+attributeSyntax: 2.5.5.12
+adminDisplayName: test attributeSchema
+adminDescription: test attributeSchema
+oMSyntax: 64
+systemOnly: FALSE
+searchFlags: 8
+lDAPDisplayName: testAttributeSchema
+name: test attributeSchema""")
+
+        # urgent replication should be enabled when creating
+        res = self.ldb.load_partition_usn("cn=Schema,cn=Configuration," + self.base_dn)
+        self.assertEqual(res["uSNHighest"], res["uSNUrgent"])
+
+        # urgent replication should be enabled when modifying
+        m = Message()
+        m.dn = Dn(self.ldb, "CN=test attributeSchema,CN=Schema,CN=Configuration," + self.base_dn)
+        m["lDAPDisplayName"] = MessageElement("updatedTestAttributeSchema", FLAG_MOD_REPLACE,
+                                              "lDAPDisplayName")
+        self.ldb.modify(m)
+        res = self.ldb.load_partition_usn("cn=Schema,cn=Configuration," + self.base_dn)
+        self.assertEqual(res["uSNHighest"], res["uSNUrgent"])
+
+    def test_classSchema_object(self):
+        """Test if the urgent replication is activated when handling a classSchema object."""
+        try:
+            self.ldb.add_ldif(
+                            """dn: CN=test classSchema,CN=Schema,CN=Configuration,%s""" % self.base_dn + """
+objectClass: classSchema
+cn: test classSchema
+instanceType: 4
+subClassOf: top
+governsId: 1.3.6.1.4.1.7165.4.6.2.4.""" + str(random.randint(1, 100000)) + """
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: test classSchema
+adminDescription: test classSchema
+objectClassCategory: 1
+lDAPDisplayName: testClassSchema
+name: test classSchema
+systemOnly: FALSE
+systemPossSuperiors: dfsConfiguration
+systemMustContain: msDFS-SchemaMajorVersion
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCD
+ CLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE""")
+
+            # urgent replication should be enabled when creating
+            res = self.ldb.load_partition_usn("cn=Schema,cn=Configuration," + self.base_dn)
+            self.assertEqual(res["uSNHighest"], res["uSNUrgent"])
+
+        except LdbError:
+            print("Not testing urgent replication when creating classSchema object ...\n")
+
+        # urgent replication should be enabled when modifying
+        m = Message()
+        m.dn = Dn(self.ldb, "CN=test classSchema,CN=Schema,CN=Configuration," + self.base_dn)
+        m["lDAPDisplayName"] = MessageElement("updatedTestClassSchema", FLAG_MOD_REPLACE,
+                                              "lDAPDisplayName")
+        self.ldb.modify(m)
+        res = self.ldb.load_partition_usn("cn=Schema,cn=Configuration," + self.base_dn)
+        self.assertEqual(res["uSNHighest"], res["uSNUrgent"])
+
+    def test_secret_object(self):
+        """Test if the urgent replication is activated when handling a secret object."""
+
+        self.ldb.add({
+            "dn": "cn=test secret,cn=System," + self.base_dn,
+            "objectClass": "secret",
+            "cn": "test secret",
+            "name": "test secret",
+            "currentValue": "xxxxxxx"})
+
+        # urgent replication should be enabled when creating
+        res = self.ldb.load_partition_usn(self.base_dn)
+        self.assertEqual(res["uSNHighest"], res["uSNUrgent"])
+
+        # urgent replication should be enabled when modifying
+        m = Message()
+        m.dn = Dn(self.ldb, "cn=test secret,cn=System," + self.base_dn)
+        m["currentValue"] = MessageElement("yyyyyyyy", FLAG_MOD_REPLACE,
+                                           "currentValue")
+        self.ldb.modify(m)
+        res = self.ldb.load_partition_usn(self.base_dn)
+        self.assertEqual(res["uSNHighest"], res["uSNUrgent"])
+
+        # urgent replication should NOT be enabled when deleting
+        self.delete_force(self.ldb, "cn=test secret,cn=System," + self.base_dn)
+        res = self.ldb.load_partition_usn(self.base_dn)
+        self.assertNotEqual(res["uSNHighest"], res["uSNUrgent"])
+
+    def test_rIDManager_object(self):
+        """Test if the urgent replication is activated when handling a rIDManager object."""
+        self.ldb.add_ldif(
+            """dn: CN=RID Manager test,CN=System,%s""" % self.base_dn + """
+objectClass: rIDManager
+cn: RID Manager test
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: RID Manager test
+systemFlags: -1946157056
+isCriticalSystemObject: TRUE
+rIDAvailablePool: 133001-1073741823""", ["relax:0"])
+
+        # urgent replication should be enabled when creating
+        res = self.ldb.load_partition_usn(self.base_dn)
+        self.assertEqual(res["uSNHighest"], res["uSNUrgent"])
+
+        # urgent replication should be enabled when modifying
+        m = Message()
+        m.dn = Dn(self.ldb, "CN=RID Manager test,CN=System," + self.base_dn)
+        m["systemFlags"] = MessageElement("0", FLAG_MOD_REPLACE,
+                                          "systemFlags")
+        self.ldb.modify(m)
+        res = self.ldb.load_partition_usn(self.base_dn)
+        self.assertEqual(res["uSNHighest"], res["uSNUrgent"])
+
+        # urgent replication should NOT be enabled when deleting
+        self.delete_force(self.ldb, "CN=RID Manager test,CN=System," + self.base_dn)
+        res = self.ldb.load_partition_usn(self.base_dn)
+        self.assertNotEqual(res["uSNHighest"], res["uSNUrgent"])
+
+    def test_urgent_attributes(self):
+        """Test if the urgent replication is activated when handling urgent attributes of an object."""
+
+        self.ldb.add({
+            "dn": "cn=user UrgAttr test,cn=users," + self.base_dn,
+            "objectclass": "user",
+            "samaccountname": "user UrgAttr test",
+            "userAccountControl": str(dsdb.UF_NORMAL_ACCOUNT),
+            "lockoutTime": "0",
+            "pwdLastSet": "0",
+            "description": "urgent attributes test description"})
+
+        # urgent replication should NOT be enabled when creating
+        res = self.ldb.load_partition_usn(self.base_dn)
+        self.assertNotEqual(res["uSNHighest"], res["uSNUrgent"])
+
+        # urgent replication should be enabled when modifying userAccountControl
+        m = Message()
+        m.dn = Dn(self.ldb, "cn=user UrgAttr test,cn=users," + self.base_dn)
+        m["userAccountControl"] = MessageElement(str(dsdb.UF_NORMAL_ACCOUNT + dsdb.UF_DONT_EXPIRE_PASSWD), FLAG_MOD_REPLACE,
+                                                 "userAccountControl")
+        self.ldb.modify(m)
+        res = self.ldb.load_partition_usn(self.base_dn)
+        self.assertEqual(res["uSNHighest"], res["uSNUrgent"])
+
+        # urgent replication should be enabled when modifying lockoutTime
+        m = Message()
+        m.dn = Dn(self.ldb, "cn=user UrgAttr test,cn=users," + self.base_dn)
+        m["lockoutTime"] = MessageElement("1", FLAG_MOD_REPLACE,
+                                          "lockoutTime")
+        self.ldb.modify(m)
+        res = self.ldb.load_partition_usn(self.base_dn)
+        self.assertEqual(res["uSNHighest"], res["uSNUrgent"])
+
+        # urgent replication should be enabled when modifying pwdLastSet
+        m = Message()
+        m.dn = Dn(self.ldb, "cn=user UrgAttr test,cn=users," + self.base_dn)
+        m["pwdLastSet"] = MessageElement("-1", FLAG_MOD_REPLACE,
+                                         "pwdLastSet")
+        self.ldb.modify(m)
+        res = self.ldb.load_partition_usn(self.base_dn)
+        self.assertEqual(res["uSNHighest"], res["uSNUrgent"])
+
+        # urgent replication should NOT be enabled when modifying a not-urgent
+        # attribute
+        m = Message()
+        m.dn = Dn(self.ldb, "cn=user UrgAttr test,cn=users," + self.base_dn)
+        m["description"] = MessageElement("updated urgent attributes test description",
+                                          FLAG_MOD_REPLACE, "description")
+        self.ldb.modify(m)
+        res = self.ldb.load_partition_usn(self.base_dn)
+        self.assertNotEqual(res["uSNHighest"], res["uSNUrgent"])
+
+        # urgent replication should NOT be enabled when deleting
+        self.delete_force(self.ldb, "cn=user UrgAttr test,cn=users," + self.base_dn)
+        res = self.ldb.load_partition_usn(self.base_dn)
+        self.assertNotEqual(res["uSNHighest"], res["uSNUrgent"])
+
+
+TestProgram(module=__name__, opts=subunitopts)
diff --git a/source4/dsdb/tests/python/user_account_control.py b/source4/dsdb/tests/python/user_account_control.py
new file mode 100755
index 0000000..edc0fa0
--- /dev/null
+++ b/source4/dsdb/tests/python/user_account_control.py
@@ -0,0 +1,1298 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+# This tests the restrictions on userAccountControl that apply even if write access is permitted
+#
+# Copyright Samuel Cabrero 2014 <samuelcabrero@kernevil.me>
+# Copyright Andrew Bartlett 2014 <abartlet@samba.org>
+#
+# Licenced under the GPLv3
+#
+
+import optparse
+import sys
+import unittest
+import samba
+import samba.getopt as options
+import samba.tests
+import ldb
+
+sys.path.insert(0, "bin/python")
+
+from samba.subunit.run import SubunitTestRunner
+from samba.auth import system_session
+from samba.samdb import SamDB
+from samba.dcerpc import samr, security
+from samba.credentials import Credentials
+from samba.ndr import ndr_unpack, ndr_pack
+from samba.tests import delete_force, DynamicTestCase
+from samba import gensec, sd_utils
+from samba.credentials import DONT_USE_KERBEROS
+from ldb import SCOPE_SUBTREE, SCOPE_BASE, LdbError
+from samba.dsdb import UF_SCRIPT, UF_ACCOUNTDISABLE, UF_00000004, UF_HOMEDIR_REQUIRED, \
+    UF_LOCKOUT, UF_PASSWD_NOTREQD, UF_PASSWD_CANT_CHANGE, UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED,\
+    UF_TEMP_DUPLICATE_ACCOUNT, UF_NORMAL_ACCOUNT, UF_00000400, UF_INTERDOMAIN_TRUST_ACCOUNT, \
+    UF_WORKSTATION_TRUST_ACCOUNT, UF_SERVER_TRUST_ACCOUNT, UF_00004000, \
+    UF_00008000, UF_DONT_EXPIRE_PASSWD, UF_MNS_LOGON_ACCOUNT, UF_SMARTCARD_REQUIRED, \
+    UF_TRUSTED_FOR_DELEGATION, UF_NOT_DELEGATED, UF_USE_DES_KEY_ONLY, UF_DONT_REQUIRE_PREAUTH, \
+    UF_PASSWORD_EXPIRED, UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION, UF_NO_AUTH_DATA_REQUIRED, \
+    UF_PARTIAL_SECRETS_ACCOUNT, UF_USE_AES_KEYS
+from samba import dsdb
+
+
+parser = optparse.OptionParser("user_account_control.py [options] <host>")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+opts, args = parser.parse_args()
+
+if len(args) < 1:
+    parser.print_usage()
+    sys.exit(1)
+host = args[0]
+
+if "://" not in host:
+    ldaphost = "ldap://%s" % host
+else:
+    ldaphost = host
+    start = host.rindex("://")
+    host = host.lstrip(start + 3)
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
+
+bits = [UF_SCRIPT, UF_ACCOUNTDISABLE, UF_00000004, UF_HOMEDIR_REQUIRED,
+        UF_LOCKOUT, UF_PASSWD_NOTREQD, UF_PASSWD_CANT_CHANGE,
+        UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED,
+        UF_TEMP_DUPLICATE_ACCOUNT, UF_NORMAL_ACCOUNT, UF_00000400,
+        UF_INTERDOMAIN_TRUST_ACCOUNT,
+        UF_WORKSTATION_TRUST_ACCOUNT, UF_SERVER_TRUST_ACCOUNT, UF_00004000,
+        UF_00008000, UF_DONT_EXPIRE_PASSWD, UF_MNS_LOGON_ACCOUNT, UF_SMARTCARD_REQUIRED,
+        UF_TRUSTED_FOR_DELEGATION, UF_NOT_DELEGATED, UF_USE_DES_KEY_ONLY,
+        UF_DONT_REQUIRE_PREAUTH,
+        UF_PASSWORD_EXPIRED, UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION,
+        UF_NO_AUTH_DATA_REQUIRED,
+        UF_PARTIAL_SECRETS_ACCOUNT, UF_USE_AES_KEYS,
+        int("0x10000000", 16), int("0x20000000", 16), int("0x40000000", 16), int("0x80000000", 16)]
+
+account_types = set([UF_NORMAL_ACCOUNT, UF_WORKSTATION_TRUST_ACCOUNT, UF_SERVER_TRUST_ACCOUNT, UF_INTERDOMAIN_TRUST_ACCOUNT])
+
+
+@DynamicTestCase
+class UserAccountControlTests(samba.tests.TestCase):
+    @classmethod
+    def setUpDynamicTestCases(cls):
+        for priv in [(True, "priv"), (False, "cc")]:
+            for account_type in [UF_NORMAL_ACCOUNT,
+                                 UF_WORKSTATION_TRUST_ACCOUNT,
+                                 UF_SERVER_TRUST_ACCOUNT]:
+                account_type_str = dsdb.user_account_control_flag_bit_to_string(account_type)
+                for objectclass in ["computer", "user"]:
+                    for name in [("oc_uac_lock$", "withdollar"),
+                        ("oc_uac_lock", "plain")]:
+                        test_name = f"{account_type_str}_{objectclass}_{priv[1]}_{name[1]}"
+                        cls.generate_dynamic_test("test_objectclass_uac_dollar_lock",
+                                                  test_name,
+                                                  account_type,
+                                                  objectclass,
+                                                  name[0],
+                                                  priv[0])
+
+        for priv in [(True, "priv"), (False, "wp")]:
+            for account_type in [UF_NORMAL_ACCOUNT,
+                                 UF_WORKSTATION_TRUST_ACCOUNT,
+                                 UF_SERVER_TRUST_ACCOUNT]:
+                account_type_str = dsdb.user_account_control_flag_bit_to_string(account_type)
+                for account_type2 in [UF_NORMAL_ACCOUNT,
+                                      UF_WORKSTATION_TRUST_ACCOUNT,
+                                      UF_SERVER_TRUST_ACCOUNT]:
+                    for how in ["replace", "deladd"]:
+                        account_type2_str = dsdb.user_account_control_flag_bit_to_string(account_type2)
+                        test_name = f"{account_type_str}_{account_type2_str}_{how}_{priv[1]}"
+                        cls.generate_dynamic_test("test_objectclass_uac_mod_lock",
+                                                  test_name,
+                                                  account_type,
+                                                  account_type2,
+                                                  how,
+                                                  priv[0])
+
+            for objectclass in ["computer", "user"]:
+                account_types = [UF_NORMAL_ACCOUNT]
+                if objectclass == "computer":
+                    account_types.append(UF_WORKSTATION_TRUST_ACCOUNT)
+                    account_types.append(UF_SERVER_TRUST_ACCOUNT)
+
+                for account_type in account_types:
+                    account_type_str = (
+                        dsdb.user_account_control_flag_bit_to_string(
+                            account_type))
+                    for account_type2 in [UF_NORMAL_ACCOUNT,
+                                          UF_WORKSTATION_TRUST_ACCOUNT,
+                                          UF_SERVER_TRUST_ACCOUNT,
+                                          UF_PARTIAL_SECRETS_ACCOUNT,
+                                          None]:
+                        if account_type2 is None:
+                            account_type2_str = None
+                        else:
+                            account_type2_str = (
+                                dsdb.user_account_control_flag_bit_to_string(
+                                    account_type2))
+
+                            for objectclass2 in ["computer", "user", None]:
+                                for name2 in [("oc_uac_lock", "remove_dollar"),
+                                              (None, "keep_dollar")]:
+                                    test_name = (f"{priv[1]}_{objectclass}_"
+                                                 f"{account_type_str}_to_"
+                                                 f"{objectclass2}_"
+                                                 f"{account_type2_str}_"
+                                                 f"{name2[1]}")
+                                    cls.generate_dynamic_test("test_mod_lock",
+                                                              test_name,
+                                                              objectclass,
+                                                              objectclass2,
+                                                              account_type,
+                                                              account_type2,
+                                                              name2[0],
+                                                              priv[0])
+
+        for account_type in [UF_NORMAL_ACCOUNT,
+                             UF_WORKSTATION_TRUST_ACCOUNT,
+                             UF_SERVER_TRUST_ACCOUNT]:
+            account_type_str = dsdb.user_account_control_flag_bit_to_string(account_type)
+            for objectclass in ["user", "computer"]:
+                for how in ["replace", "deladd"]:
+                    test_name = f"{account_type_str}_{objectclass}_{how}"
+                    cls.generate_dynamic_test("test_objectclass_mod_lock",
+                                              test_name,
+                                              account_type,
+                                              objectclass,
+                                              how)
+
+        for account_type in [UF_NORMAL_ACCOUNT, UF_WORKSTATION_TRUST_ACCOUNT]:
+            account_type_str = dsdb.user_account_control_flag_bit_to_string(account_type)
+            cls.generate_dynamic_test("test_uac_bits_unrelated_modify",
+                                      account_type_str, account_type)
+
+        for bit in bits:
+            try:
+                bit_str = dsdb.user_account_control_flag_bit_to_string(bit)
+            except KeyError:
+                bit_str = hex(bit)
+
+            cls.generate_dynamic_test("test_uac_bits_add",
+                                      bit_str, bit, bit_str)
+
+            cls.generate_dynamic_test("test_uac_bits_set",
+                                      bit_str, bit, bit_str)
+
+        cls.generate_dynamic_test("test_uac_bits_add",
+                                  "UF_NORMAL_ACCOUNT_UF_PASSWD_NOTREQD",
+                                  UF_NORMAL_ACCOUNT|UF_PASSWD_NOTREQD,
+                                  "UF_NORMAL_ACCOUNT|UF_PASSWD_NOTREQD")
+
+
+    def add_computer_ldap(self, computername, others=None, samdb=None):
+        if samdb is None:
+            samdb = self.samdb
+        dn = "CN=%s,%s" % (computername, self.OU)
+        samaccountname = "%s$" % computername
+        msg_dict = {
+            "dn": dn,
+            "objectclass": "computer"}
+        if others is not None:
+            msg_dict = dict(list(msg_dict.items()) + list(others.items()))
+
+        msg = ldb.Message.from_dict(self.samdb, msg_dict)
+        msg["sAMAccountName"] = samaccountname
+
+        print("Adding computer account %s" % computername)
+        samdb.add(msg)
+
+    def add_user_ldap(self, username, others=None, samdb=None):
+        if samdb is None:
+            samdb = self.samdb
+        dn = "CN=%s,%s" % (username, self.OU)
+        samaccountname = "%s" % username
+        msg_dict = {
+            "dn": dn,
+            "objectclass": "user"}
+        if others is not None:
+            msg_dict = dict(list(msg_dict.items()) + list(others.items()))
+
+        msg = ldb.Message.from_dict(self.samdb, msg_dict)
+        msg["sAMAccountName"] = samaccountname
+
+        print("Adding user account %s" % username)
+        samdb.add(msg)
+
+    def get_creds(self, target_username, target_password):
+        creds_tmp = Credentials()
+        creds_tmp.set_username(target_username)
+        creds_tmp.set_password(target_password)
+        creds_tmp.set_domain(creds.get_domain())
+        creds_tmp.set_realm(creds.get_realm())
+        creds_tmp.set_workstation(creds.get_workstation())
+        creds_tmp.set_gensec_features(creds_tmp.get_gensec_features()
+                                      | gensec.FEATURE_SEAL)
+        creds_tmp.set_kerberos_state(DONT_USE_KERBEROS)  # kinit is too expensive to use in a tight loop
+        return creds_tmp
+
+    def setUp(self):
+        super(UserAccountControlTests, self).setUp()
+        self.admin_creds = creds
+        self.admin_samdb = SamDB(url=ldaphost,
+                                 session_info=system_session(),
+                                 credentials=self.admin_creds, lp=lp)
+        self.domain_sid = security.dom_sid(self.admin_samdb.get_domain_sid())
+        self.base_dn = self.admin_samdb.domain_dn()
+
+        self.unpriv_user = "testuser1"
+        self.unpriv_user_pw = "samba123@"
+        self.unpriv_creds = self.get_creds(self.unpriv_user, self.unpriv_user_pw)
+
+        self.OU = "OU=test_computer_ou1,%s" % (self.base_dn)
+
+        delete_force(self.admin_samdb, self.OU, controls=["tree_delete:0"])
+        delete_force(self.admin_samdb, "CN=%s,CN=Users,%s" % (self.unpriv_user, self.base_dn))
+
+        self.admin_samdb.newuser(self.unpriv_user, self.unpriv_user_pw)
+        res = self.admin_samdb.search("CN=%s,CN=Users,%s" % (self.unpriv_user, self.admin_samdb.domain_dn()),
+                                      scope=SCOPE_BASE,
+                                      attrs=["objectSid"])
+        self.assertEqual(1, len(res))
+
+        self.unpriv_user_sid = ndr_unpack(security.dom_sid, res[0]["objectSid"][0])
+        self.unpriv_user_dn = res[0].dn
+        self.addCleanup(self.admin_samdb.delete, self.unpriv_user_dn)
+
+        self.samdb = SamDB(url=ldaphost, credentials=self.unpriv_creds, lp=lp)
+
+        self.samr = samr.samr("ncacn_ip_tcp:%s[seal]" % host, lp, self.unpriv_creds)
+        self.samr_handle = self.samr.Connect2(None, security.SEC_FLAG_MAXIMUM_ALLOWED)
+        self.samr_domain = self.samr.OpenDomain(self.samr_handle, security.SEC_FLAG_MAXIMUM_ALLOWED, self.domain_sid)
+
+        self.sd_utils = sd_utils.SDUtils(self.admin_samdb)
+        self.admin_samdb.create_ou(self.OU)
+        self.addCleanup(self.admin_samdb.delete, self.OU, ["tree_delete:1"])
+
+        self.unpriv_user_sid = self.sd_utils.get_object_sid(self.unpriv_user_dn)
+        mod = "(OA;;CC;bf967a86-0de6-11d0-a285-00aa003049e2;;%s)" % str(self.unpriv_user_sid)
+
+        old_sd = self.sd_utils.read_sd_on_dn(self.OU)
+
+        self.sd_utils.dacl_add_ace(self.OU, mod)
+
+        self.add_computer_ldap("testcomputer-t")
+
+        self.sd_utils.modify_sd_on_dn(self.OU, old_sd)
+
+        self.computernames = ["testcomputer-0"]
+
+        # Get the SD of the template account, then force it to match
+        # what we expect for SeMachineAccountPrivilege accounts, so we
+        # can confirm we created the accounts correctly
+        self.sd_reference_cc = self.sd_utils.read_sd_on_dn("CN=testcomputer-t,%s" % (self.OU))
+
+        self.sd_reference_modify = self.sd_utils.read_sd_on_dn("CN=testcomputer-t,%s" % (self.OU))
+        for ace in self.sd_reference_modify.dacl.aces:
+            if ace.type == security.SEC_ACE_TYPE_ACCESS_ALLOWED and ace.trustee == self.unpriv_user_sid:
+                ace.access_mask = ace.access_mask | security.SEC_ADS_SELF_WRITE | security.SEC_ADS_WRITE_PROP
+
+        # Now reconnect without domain admin rights
+        self.samdb = SamDB(url=ldaphost, credentials=self.unpriv_creds, lp=lp)
+
+    def test_add_computer_sd_cc(self):
+        user_sid = self.sd_utils.get_object_sid(self.unpriv_user_dn)
+        mod = f"(OA;CI;WDCC;{dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})"
+
+        self.sd_utils.dacl_add_ace(self.OU, mod)
+
+        computername = self.computernames[0]
+        sd = ldb.MessageElement((ndr_pack(self.sd_reference_modify)),
+                                ldb.FLAG_MOD_ADD,
+                                "nTSecurityDescriptor")
+        try:
+            self.add_computer_ldap(computername,
+                                   others={"nTSecurityDescriptor": sd})
+        except LdbError as e:
+            self.fail(str(e))
+
+        res = self.admin_samdb.search("%s" % self.base_dn,
+                                      expression="(&(objectClass=computer)(samAccountName=%s$))" % computername,
+                                      scope=SCOPE_SUBTREE,
+                                      attrs=["ntSecurityDescriptor"])
+
+        desc = res[0]["nTSecurityDescriptor"][0]
+        desc = ndr_unpack(security.descriptor, desc, allow_remaining=True)
+
+        sddl = desc.as_sddl(self.domain_sid)
+        self.assertEqual(self.sd_reference_modify.as_sddl(self.domain_sid), sddl)
+
+        m = ldb.Message()
+        m.dn = res[0].dn
+        m["description"] = ldb.MessageElement(
+            ("A description"), ldb.FLAG_MOD_REPLACE,
+            "description")
+        self.samdb.modify(m)
+
+        m = ldb.Message()
+        m.dn = res[0].dn
+        m["userAccountControl"] = ldb.MessageElement(str(samba.dsdb.UF_SERVER_TRUST_ACCOUNT),
+                                                     ldb.FLAG_MOD_REPLACE, "userAccountControl")
+        self.assertRaisesLdbError(ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS,
+                                  f"Unexpectedly able to set userAccountControl to be a DC on {m.dn}",
+                                  self.samdb.modify, m)
+
+        m = ldb.Message()
+        m.dn = res[0].dn
+        m["userAccountControl"] = ldb.MessageElement(str(samba.dsdb.UF_WORKSTATION_TRUST_ACCOUNT |
+                                                         samba.dsdb.UF_PARTIAL_SECRETS_ACCOUNT),
+                                                     ldb.FLAG_MOD_REPLACE, "userAccountControl")
+
+        self.assertRaisesLdbError(ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS,
+                                  f"Unexpectedly able to set userAccountControl to be a RODC on {m.dn}",
+                                  self.samdb.modify, m)
+
+        m = ldb.Message()
+        m.dn = res[0].dn
+        m["userAccountControl"] = ldb.MessageElement(str(samba.dsdb.UF_WORKSTATION_TRUST_ACCOUNT),
+                                                     ldb.FLAG_MOD_REPLACE, "userAccountControl")
+        self.assertRaisesLdbError(ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS,
+                                  f"Unexpectedly able to set userAccountControl to be a Workstation on {m.dn}",
+                                  self.samdb.modify, m)
+
+        m = ldb.Message()
+        m.dn = res[0].dn
+        m["userAccountControl"] = ldb.MessageElement(str(samba.dsdb.UF_NORMAL_ACCOUNT|UF_PASSWD_NOTREQD),
+                                                     ldb.FLAG_MOD_REPLACE, "userAccountControl")
+        try:
+            self.samdb.modify(m)
+        except LdbError as e:
+            (enum, estr) = e.args
+            self.fail(f"got {estr} setting userAccountControl to UF_NORMAL_ACCOUNT|UF_PASSWD_NOTREQD")
+
+        m = ldb.Message()
+        m.dn = res[0].dn
+        m["primaryGroupID"] = ldb.MessageElement(str(security.DOMAIN_RID_ADMINS),
+                                                 ldb.FLAG_MOD_REPLACE, "primaryGroupID")
+        self.assertRaisesLdbError(ldb.ERR_UNWILLING_TO_PERFORM,
+                                  f"Unexpectedly able to set primaryGroupID on {m.dn}",
+                                  self.samdb.modify, m)
+
+
+    def test_mod_computer_cc(self):
+        user_sid = self.sd_utils.get_object_sid(self.unpriv_user_dn)
+        mod = "(OA;;CC;bf967a86-0de6-11d0-a285-00aa003049e2;;%s)" % str(user_sid)
+
+        self.sd_utils.dacl_add_ace(self.OU, mod)
+
+        computername = self.computernames[0]
+        self.add_computer_ldap(computername)
+
+        res = self.admin_samdb.search("%s" % self.base_dn,
+                                      expression="(&(objectClass=computer)(samAccountName=%s$))" % computername,
+                                      scope=SCOPE_SUBTREE,
+                                      attrs=[])
+
+        m = ldb.Message()
+        m.dn = res[0].dn
+        m["description"] = ldb.MessageElement(
+            ("A description"), ldb.FLAG_MOD_REPLACE,
+            "description")
+        self.samdb.modify(m)
+
+        m = ldb.Message()
+        m.dn = res[0].dn
+        m["userAccountControl"] = ldb.MessageElement(str(samba.dsdb.UF_WORKSTATION_TRUST_ACCOUNT |
+                                                         samba.dsdb.UF_PARTIAL_SECRETS_ACCOUNT),
+                                                     ldb.FLAG_MOD_REPLACE, "userAccountControl")
+        self.assertRaisesLdbError(ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS,
+                                  f"Unexpectedly able to set userAccountControl as RODC on {m.dn}",
+                                  self.samdb.modify, m)
+
+        m = ldb.Message()
+        m.dn = res[0].dn
+        m["userAccountControl"] = ldb.MessageElement(str(samba.dsdb.UF_SERVER_TRUST_ACCOUNT),
+                                                     ldb.FLAG_MOD_REPLACE, "userAccountControl")
+        self.assertRaisesLdbError(ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS,
+                                  f"Unexpectedly able to set userAccountControl as DC on {m.dn}",
+                                  self.samdb.modify, m)
+
+        m = ldb.Message()
+        m.dn = res[0].dn
+        m["userAccountControl"] = ldb.MessageElement(str(samba.dsdb.UF_NORMAL_ACCOUNT|UF_PASSWD_NOTREQD),
+                                                     ldb.FLAG_MOD_REPLACE, "userAccountControl")
+
+        self.assertRaisesLdbError(ldb.ERR_OBJECT_CLASS_VIOLATION,
+                                  f"Unexpectedly able to set userAccountControl as to UF_NORMAL_ACCOUNT|UF_PASSWD_NOTREQD on {m.dn}",
+                                  self.samdb.modify, m)
+
+        m = ldb.Message()
+        m.dn = res[0].dn
+        m["userAccountControl"] = ldb.MessageElement(str(samba.dsdb.UF_WORKSTATION_TRUST_ACCOUNT),
+                                                     ldb.FLAG_MOD_REPLACE, "userAccountControl")
+        self.assertRaisesLdbError(ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS,
+                                  f"Unexpectedly able to set userAccountControl to be a workstation on {m.dn}",
+                                  self.samdb.modify, m)
+
+
+    def test_add_computer_cc_normal_bare(self):
+        user_sid = self.sd_utils.get_object_sid(self.unpriv_user_dn)
+        mod = f"(OA;CI;CC;{dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})"
+
+        self.sd_utils.dacl_add_ace(self.OU, mod)
+
+        computername = self.computernames[0]
+        sd = ldb.MessageElement((ndr_pack(self.sd_reference_modify)),
+                                ldb.FLAG_MOD_ADD,
+                                "nTSecurityDescriptor")
+        try:
+            self.add_computer_ldap(computername,
+                                   others={"nTSecurityDescriptor": sd})
+        except LdbError as e:
+            self.fail(str(e))
+        res = self.admin_samdb.search("%s" % self.base_dn,
+                                      expression="(&(objectClass=computer)(samAccountName=%s$))" % computername,
+                                      scope=SCOPE_SUBTREE,
+                                      attrs=["ntSecurityDescriptor"])
+
+        desc = res[0]["nTSecurityDescriptor"][0]
+        desc = ndr_unpack(security.descriptor, desc, allow_remaining=True)
+
+        sddl = desc.as_sddl(self.domain_sid)
+        self.assertEqual(self.sd_reference_modify.as_sddl(self.domain_sid), sddl)
+
+        m = ldb.Message()
+        m.dn = res[0].dn
+        m["description"] = ldb.MessageElement(
+            ("A description"), ldb.FLAG_MOD_REPLACE,
+            "description")
+        self.samdb.modify(m)
+
+        m = ldb.Message()
+        m.dn = res[0].dn
+        m["userAccountControl"] = ldb.MessageElement(str(samba.dsdb.UF_NORMAL_ACCOUNT),
+                                                     ldb.FLAG_MOD_REPLACE, "userAccountControl")
+        self.assertRaisesLdbError([ldb.ERR_OBJECT_CLASS_VIOLATION,
+                                   ldb.ERR_UNWILLING_TO_PERFORM],
+                                  "Unexpectedly able to set userAccountControl to be a Normal "
+                                  "account without |UF_PASSWD_NOTREQD",
+                                  self.samdb.modify, m)
+
+
+    def test_admin_mod_uac(self):
+        computername = self.computernames[0]
+        self.add_computer_ldap(computername, samdb=self.admin_samdb)
+
+        res = self.admin_samdb.search("%s" % self.base_dn,
+                                      expression="(&(objectClass=computer)(samAccountName=%s$))" % computername,
+                                      scope=SCOPE_SUBTREE,
+                                      attrs=["userAccountControl"])
+
+        self.assertEqual(int(res[0]["userAccountControl"][0]), (UF_WORKSTATION_TRUST_ACCOUNT |
+                                                                UF_ACCOUNTDISABLE |
+                                                                UF_PASSWD_NOTREQD))
+
+        m = ldb.Message()
+        m.dn = res[0].dn
+        m["userAccountControl"] = ldb.MessageElement(str(UF_WORKSTATION_TRUST_ACCOUNT |
+                                                         UF_PARTIAL_SECRETS_ACCOUNT |
+                                                         UF_TRUSTED_FOR_DELEGATION),
+                                                     ldb.FLAG_MOD_REPLACE, "userAccountControl")
+        self.assertRaisesLdbError(ldb.ERR_OTHER,
+                                  "Unexpectedly able to set userAccountControl to "
+                                  "UF_WORKSTATION_TRUST_ACCOUNT|UF_PARTIAL_SECRETS_ACCOUNT|"
+                                  f"UF_TRUSTED_FOR_DELEGATION on {m.dn}",
+                                  self.admin_samdb.modify, m)
+
+        m = ldb.Message()
+        m.dn = res[0].dn
+        m["userAccountControl"] = ldb.MessageElement(str(UF_WORKSTATION_TRUST_ACCOUNT |
+                                                         UF_PARTIAL_SECRETS_ACCOUNT),
+                                                     ldb.FLAG_MOD_REPLACE, "userAccountControl")
+        self.admin_samdb.modify(m)
+
+        res = self.admin_samdb.search("%s" % self.base_dn,
+                                      expression="(&(objectClass=computer)(samAccountName=%s$))" % computername,
+                                      scope=SCOPE_SUBTREE,
+                                      attrs=["userAccountControl"])
+
+        self.assertEqual(int(res[0]["userAccountControl"][0]), (UF_WORKSTATION_TRUST_ACCOUNT |
+                                                                UF_PARTIAL_SECRETS_ACCOUNT))
+        m = ldb.Message()
+        m.dn = res[0].dn
+        m["userAccountControl"] = ldb.MessageElement(str(UF_ACCOUNTDISABLE),
+                                                     ldb.FLAG_MOD_REPLACE, "userAccountControl")
+        try:
+            self.admin_samdb.modify(m)
+        except LdbError as e:
+            (enum, estr) = e.args
+            self.fail(f"got {estr} setting userAccountControl to UF_ACCOUNTDISABLE (as admin)")
+
+        res = self.admin_samdb.search("%s" % self.base_dn,
+                                      expression="(&(objectClass=computer)(samAccountName=%s$))" % computername,
+                                      scope=SCOPE_SUBTREE,
+                                      attrs=["userAccountControl"])
+
+        self.assertEqual(int(res[0]["userAccountControl"][0]), UF_NORMAL_ACCOUNT | UF_ACCOUNTDISABLE)
+
+    def _test_uac_bits_set_with_args(self, bit, bit_str):
+        user_sid = self.sd_utils.get_object_sid(self.unpriv_user_dn)
+        # Allow the creation of any children and write to any
+        # attributes (this is not a test of ACLs, this is a test of
+        # non-ACL userAccountControl rules
+        mod = f"(OA;CI;WP;;;{user_sid})(OA;;CC;;;{user_sid})"
+
+        self.sd_utils.dacl_add_ace(self.OU, mod)
+
+        # We want to start with UF_NORMAL_ACCOUNT, so we make a user
+        computername = self.computernames[0]
+        self.add_user_ldap(computername)
+
+        res = self.admin_samdb.search("%s" % self.base_dn,
+                                      expression="(&(objectClass=user)(cn=%s))" % computername,
+                                      scope=SCOPE_SUBTREE,
+                                      attrs=[])
+
+        m = ldb.Message()
+        m.dn = res[0].dn
+        m["description"] = ldb.MessageElement(
+            ("A description"), ldb.FLAG_MOD_REPLACE,
+            "description")
+        self.samdb.modify(m)
+
+        # These bits are privileged, but authenticated users have that CAR by default, so this is a pain to test
+        priv_to_auth_users_bits = set([UF_PASSWD_NOTREQD, UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED,
+                                       UF_DONT_EXPIRE_PASSWD])
+
+        # These bits really are privileged, or can't be changed from UF_NORMAL as a non-admin
+        priv_bits = set([UF_INTERDOMAIN_TRUST_ACCOUNT, UF_SERVER_TRUST_ACCOUNT,
+                         UF_TRUSTED_FOR_DELEGATION, UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION,
+                         UF_WORKSTATION_TRUST_ACCOUNT])
+
+        invalid_bits = set([UF_TEMP_DUPLICATE_ACCOUNT, UF_PARTIAL_SECRETS_ACCOUNT])
+
+        m = ldb.Message()
+        m.dn = res[0].dn
+        m["userAccountControl"] = ldb.MessageElement(str(bit | UF_PASSWD_NOTREQD),
+                                                     ldb.FLAG_MOD_REPLACE, "userAccountControl")
+        try:
+            self.samdb.modify(m)
+            if (bit in priv_bits):
+                self.fail("Unexpectedly able to set userAccountControl bit 0x%08X (%s), on %s"
+                          % (bit, bit_str, m.dn))
+            if (bit in account_types and bit != UF_NORMAL_ACCOUNT):
+                self.fail("Unexpectedly able to set userAccountControl bit 0x%08X (%s), on %s"
+                          % (bit, bit_str, m.dn))
+        except LdbError as e:
+            (enum, estr) = e.args
+            if bit in invalid_bits:
+                self.assertEqual(enum,
+                                 ldb.ERR_OTHER,
+                                 "was not able to set 0x%08X (%s) on %s"
+                                 % (bit, bit_str, m.dn))
+            elif (bit in account_types):
+                self.assertIn(enum, [ldb.ERR_OBJECT_CLASS_VIOLATION, ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS])
+            elif (bit in priv_bits):
+                self.assertEqual(ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS, enum)
+            else:
+                self.fail("Unable to set userAccountControl bit 0x%08X (%s) on %s: %s"
+                          % (bit, bit_str, m.dn, estr))
+
+    def _test_uac_bits_unrelated_modify_with_args(self, account_type):
+        user_sid = self.sd_utils.get_object_sid(self.unpriv_user_dn)
+
+        # Allow the creation of any children and write to any
+        # attributes (this is not a test of ACLs, this is a test of
+        # non-ACL userAccountControl rules
+        mod = f"(OA;CI;WP;;;{user_sid})(OA;;CC;;;{user_sid})"
+
+        self.sd_utils.dacl_add_ace(self.OU, mod)
+
+        computername = self.computernames[0]
+        if account_type == UF_WORKSTATION_TRUST_ACCOUNT:
+            self.add_computer_ldap(computername)
+        else:
+            self.add_user_ldap(computername)
+
+        res = self.admin_samdb.search(self.OU,
+                                      expression=f"(&(objectclass=user)(cn={computername}))",
+                                      scope=SCOPE_SUBTREE,
+                                      attrs=["userAccountControl"])
+        self.assertEqual(len(res), 1)
+
+        orig_uac = int(res[0]["userAccountControl"][0])
+        self.assertEqual(orig_uac & account_type,
+                         account_type)
+
+        m = ldb.Message()
+        m.dn = res[0].dn
+        m["description"] = ldb.MessageElement(
+            ("A description"), ldb.FLAG_MOD_REPLACE,
+            "description")
+        self.samdb.modify(m)
+
+        invalid_bits = set([UF_TEMP_DUPLICATE_ACCOUNT, UF_PARTIAL_SECRETS_ACCOUNT])
+
+        # UF_LOCKOUT isn't actually ignored, it changes other
+        # attributes but does not stick here.  See MS-SAMR 2.2.1.13
+        # UF_FLAG Codes clarification that UF_SCRIPT and
+        # UF_PASSWD_CANT_CHANGE are simply ignored by both clients and
+        # servers.  Other bits are ignored as they are undefined, or
+        # are not set into the attribute (instead triggering other
+        # events).
+        ignored_bits = set([UF_SCRIPT, UF_00000004, UF_LOCKOUT, UF_PASSWD_CANT_CHANGE,
+                            UF_00000400, UF_00004000, UF_00008000, UF_PASSWORD_EXPIRED,
+                            int("0x10000000", 16), int("0x20000000", 16), int("0x40000000", 16), int("0x80000000", 16)])
+        super_priv_bits = set([UF_INTERDOMAIN_TRUST_ACCOUNT])
+
+        priv_to_remove_bits = set([UF_TRUSTED_FOR_DELEGATION, UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION, UF_WORKSTATION_TRUST_ACCOUNT])
+
+        for bit in bits:
+            # Reset this to the initial position, just to be sure
+            m = ldb.Message()
+            m.dn = res[0].dn
+            m["userAccountControl"] = ldb.MessageElement(str(orig_uac),
+                                                         ldb.FLAG_MOD_REPLACE, "userAccountControl")
+            try:
+                self.admin_samdb.modify(m)
+            except LdbError as e:
+                (enum, estr) = e.args
+                self.fail(f"got {estr} resetting userAccountControl to initial value {orig_uac:#08x}")
+
+            res = self.admin_samdb.search("%s" % self.base_dn,
+                                          expression="(&(objectClass=user)(cn=%s))" % computername,
+                                          scope=SCOPE_SUBTREE,
+                                          attrs=["userAccountControl"])
+
+            self.assertEqual(len(res), 1)
+            reset_uac = int(res[0]["userAccountControl"][0])
+            self.assertEqual(orig_uac, reset_uac)
+
+            m = ldb.Message()
+            m.dn = res[0].dn
+            m["userAccountControl"] = ldb.MessageElement(str(bit | UF_PASSWD_NOTREQD),
+                                                         ldb.FLAG_MOD_REPLACE, "userAccountControl")
+            try:
+                self.admin_samdb.modify(m)
+
+                if bit in invalid_bits:
+                    self.fail("Should have been unable to set userAccountControl bit 0x%08X on %s" % (bit, m.dn))
+
+            except LdbError as e1:
+                (enum, estr) = e1.args
+                if bit in invalid_bits:
+                    self.assertEqual(enum, ldb.ERR_OTHER)
+                    # No point going on, try the next bit
+                    continue
+                elif bit in super_priv_bits:
+                    self.assertIn(enum, (ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS,
+                                         ldb.ERR_OBJECT_CLASS_VIOLATION))
+                    # No point going on, try the next bit
+                    continue
+
+                elif (account_type == UF_NORMAL_ACCOUNT) \
+                   and (bit in account_types) \
+                   and (bit != account_type):
+                    self.assertIn(enum, (ldb.ERR_UNWILLING_TO_PERFORM,
+                                         ldb.ERR_OBJECT_CLASS_VIOLATION))
+                    continue
+
+                elif (account_type == UF_WORKSTATION_TRUST_ACCOUNT) \
+                   and (bit != UF_NORMAL_ACCOUNT) \
+                   and (bit != account_type):
+                    self.assertEqual(enum, ldb.ERR_UNWILLING_TO_PERFORM)
+                    continue
+
+                else:
+                    self.fail("Unable to set userAccountControl bit 0x%08X on %s: %s" % (bit, m.dn, estr))
+
+            res = self.admin_samdb.search("%s" % self.base_dn,
+                                          expression="(&(objectClass=user)(cn=%s))" % computername,
+                                          scope=SCOPE_SUBTREE,
+                                          attrs=["userAccountControl"])
+
+            if bit in ignored_bits:
+                self.assertEqual(int(res[0]["userAccountControl"][0]),
+                                 UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD,
+                                 "Bit 0x%08x shouldn't stick" % bit)
+            else:
+                if bit in account_types:
+                    self.assertEqual(int(res[0]["userAccountControl"][0]),
+                                     bit | UF_PASSWD_NOTREQD,
+                                     "Bit 0x%08x didn't stick" % bit)
+                else:
+                    self.assertEqual(int(res[0]["userAccountControl"][0]),
+                                     bit | UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD,
+                                     "Bit 0x%08x didn't stick" % bit)
+
+            try:
+                m = ldb.Message()
+                m.dn = res[0].dn
+                m["userAccountControl"] = ldb.MessageElement(str(bit | UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE),
+                                                             ldb.FLAG_MOD_REPLACE, "userAccountControl")
+                self.samdb.modify(m)
+
+            except LdbError as e2:
+                (enum, estr) = e2.args
+                self.fail("Unable to set userAccountControl bit 0x%08X on %s: %s" % (bit, m.dn, estr))
+
+            res = self.admin_samdb.search("%s" % self.base_dn,
+                                          expression="(&(objectClass=user)(cn=%s))" % computername,
+                                          scope=SCOPE_SUBTREE,
+                                          attrs=["userAccountControl"])
+
+            if bit in account_types:
+                self.assertEqual(int(res[0]["userAccountControl"][0]),
+                                 bit | UF_ACCOUNTDISABLE | UF_PASSWD_NOTREQD,
+                                 "bit 0X%08x should have been added (0X%08x vs 0X%08x)"
+                                 % (bit, int(res[0]["userAccountControl"][0]),
+                                    bit | UF_ACCOUNTDISABLE | UF_PASSWD_NOTREQD))
+            elif bit in ignored_bits:
+                self.assertEqual(int(res[0]["userAccountControl"][0]),
+                                 UF_NORMAL_ACCOUNT | UF_ACCOUNTDISABLE | UF_PASSWD_NOTREQD,
+                                 "bit 0X%08x should have been added (0X%08x vs 0X%08x)"
+                                 % (bit, int(res[0]["userAccountControl"][0]),
+                                    UF_NORMAL_ACCOUNT | UF_ACCOUNTDISABLE | UF_PASSWD_NOTREQD))
+
+            else:
+                self.assertEqual(int(res[0]["userAccountControl"][0]),
+                                 bit | UF_NORMAL_ACCOUNT | UF_ACCOUNTDISABLE | UF_PASSWD_NOTREQD,
+                                 "bit 0X%08x should have been added (0X%08x vs 0X%08x)"
+                                 % (bit, int(res[0]["userAccountControl"][0]),
+                                    bit | UF_NORMAL_ACCOUNT | UF_ACCOUNTDISABLE | UF_PASSWD_NOTREQD))
+
+            try:
+                m = ldb.Message()
+                m.dn = res[0].dn
+                m["userAccountControl"] = ldb.MessageElement(str(UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE),
+                                                             ldb.FLAG_MOD_REPLACE, "userAccountControl")
+                self.samdb.modify(m)
+                if bit in priv_to_remove_bits:
+                    self.fail("Should have been unable to remove userAccountControl bit 0x%08X on %s" % (bit, m.dn))
+
+            except LdbError as e3:
+                (enum, estr) = e3.args
+                if account_type == UF_WORKSTATION_TRUST_ACCOUNT:
+                    # Because removing any bit would change the account back to a user, which is locked by objectclass
+                    self.assertIn(enum, (ldb.ERR_OBJECT_CLASS_VIOLATION, ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS))
+                elif bit in priv_to_remove_bits:
+                    self.assertEqual(enum, ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS)
+                else:
+                    self.fail("Unexpectedly unable to remove userAccountControl bit 0x%08X on %s: %s" % (bit, m.dn, estr))
+
+            res = self.admin_samdb.search("%s" % self.base_dn,
+                                          expression="(&(objectClass=user)(cn=%s))" % computername,
+                                          scope=SCOPE_SUBTREE,
+                                          attrs=["userAccountControl"])
+
+            if bit in priv_to_remove_bits:
+                if bit in account_types:
+                    self.assertEqual(int(res[0]["userAccountControl"][0]),
+                                     bit | UF_ACCOUNTDISABLE | UF_PASSWD_NOTREQD,
+                                     "bit 0X%08x should not have been removed" % bit)
+                else:
+                    self.assertEqual(int(res[0]["userAccountControl"][0]),
+                                     bit | UF_NORMAL_ACCOUNT | UF_ACCOUNTDISABLE | UF_PASSWD_NOTREQD,
+                                     "bit 0X%08x should not have been removed" % bit)
+            elif account_type != UF_WORKSTATION_TRUST_ACCOUNT:
+                self.assertEqual(int(res[0]["userAccountControl"][0]),
+                                 UF_NORMAL_ACCOUNT | UF_ACCOUNTDISABLE | UF_PASSWD_NOTREQD,
+                                 "bit 0X%08x should have been removed" % bit)
+
+    def _test_uac_bits_add_with_args(self, bit, bit_str):
+        computername = self.computernames[0]
+
+        user_sid = self.sd_utils.get_object_sid(self.unpriv_user_dn)
+        mod = "(OA;;CC;bf967a86-0de6-11d0-a285-00aa003049e2;;%s)" % str(user_sid)
+
+        self.sd_utils.dacl_add_ace(self.OU, mod)
+
+        invalid_bits = set([UF_TEMP_DUPLICATE_ACCOUNT])
+        # UF_NORMAL_ACCOUNT is invalid alone, needs UF_PASSWD_NOTREQD
+        unwilling_bits = set([UF_NORMAL_ACCOUNT])
+
+        # These bits are privileged, but authenticated users have that CAR by default, so this is a pain to test
+        priv_to_auth_users_bits = set([UF_PASSWD_NOTREQD, UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED,
+                                       UF_DONT_EXPIRE_PASSWD])
+
+        # These bits really are privileged
+        priv_bits = set([UF_INTERDOMAIN_TRUST_ACCOUNT, UF_SERVER_TRUST_ACCOUNT,
+                         UF_TRUSTED_FOR_DELEGATION, UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION,
+                         UF_PARTIAL_SECRETS_ACCOUNT])
+
+        if bit not in account_types and ((bit & UF_NORMAL_ACCOUNT) == 0):
+            bit_add = bit|UF_WORKSTATION_TRUST_ACCOUNT
+        else:
+            bit_add = bit
+
+        try:
+
+            self.add_computer_ldap(computername, others={"userAccountControl": [str(bit_add)]})
+            delete_force(self.admin_samdb, "CN=%s,%s" % (computername, self.OU))
+            if bit in priv_bits:
+                self.fail("Unexpectedly able to set userAccountControl bit 0x%08X (%s) on %s"
+                          % (bit, bit_str, computername))
+
+        except LdbError as e4:
+            (enum, estr) = e4.args
+            if bit in invalid_bits:
+                self.assertEqual(enum,
+                                 ldb.ERR_OTHER,
+                                 "Invalid bit 0x%08X (%s) was able to be set on %s"
+                                 % (bit,
+                                    bit_str,
+                                    computername))
+            elif bit in priv_bits:
+                if bit == UF_INTERDOMAIN_TRUST_ACCOUNT:
+                    self.assertIn(enum, (ldb.ERR_OBJECT_CLASS_VIOLATION,
+                                         ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS))
+                else:
+                    self.assertEqual(enum, ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS)
+            elif bit in unwilling_bits:
+                # This can fail early as user in a computer is not permitted as non-admin
+                self.assertIn(enum, (ldb.ERR_UNWILLING_TO_PERFORM,
+                                     ldb.ERR_OBJECT_CLASS_VIOLATION))
+            elif bit & UF_NORMAL_ACCOUNT:
+                # This can fail early as user in a computer is not permitted as non-admin
+                self.assertIn(enum, (ldb.ERR_UNWILLING_TO_PERFORM,
+                                     ldb.ERR_OBJECT_CLASS_VIOLATION))
+            else:
+                self.fail("Unable to set userAccountControl bit 0x%08X (%s) on %s: %s"
+                          % (bit,
+                             bit_str,
+                             computername,
+                             estr))
+
+    def test_primarygroupID_cc_add(self):
+        computername = self.computernames[0]
+
+        user_sid = self.sd_utils.get_object_sid(self.unpriv_user_dn)
+        ace_cc = f"(OA;;CC;{dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})"
+        ace_wp_dnshostname = f"(OA;CI;WP;{dsdb.DS_GUID_SCHEMA_ATTR_DNS_HOST_NAME};;{user_sid})"
+        ace_wp_primarygroupid = f"(OA;CI;WP;{dsdb.DS_GUID_SCHEMA_ATTR_PRIMARY_GROUP_ID};;{user_sid})"
+        mod = ace_cc + ace_wp_dnshostname + ace_wp_primarygroupid
+
+        self.sd_utils.dacl_add_ace(self.OU, mod)
+        try:
+            # When creating a new object, you can not ever set the primaryGroupID
+            self.add_computer_ldap(computername, others={"primaryGroupID": [str(security.DOMAIN_RID_ADMINS)]})
+            self.fail("Unexpectedly able to set primaryGruopID to be an admin on %s" % computername)
+        except LdbError as e13:
+            (enum, estr) = e13.args
+            self.assertEqual(enum, ldb.ERR_UNWILLING_TO_PERFORM)
+
+    def test_primarygroupID_priv_DC_modify(self):
+        computername = self.computernames[0]
+
+        self.add_computer_ldap(computername,
+                               others={"userAccountControl": [str(UF_SERVER_TRUST_ACCOUNT)]},
+                               samdb=self.admin_samdb)
+        res = self.admin_samdb.search("%s" % self.base_dn,
+                                      expression="(&(objectClass=computer)(samAccountName=%s$))" % computername,
+                                      scope=SCOPE_SUBTREE,
+                                      attrs=[""])
+
+        m = ldb.Message()
+        m.dn = ldb.Dn(self.admin_samdb, "<SID=%s-%d>" % (str(self.domain_sid),
+                                                         security.DOMAIN_RID_USERS))
+        m["member"] = ldb.MessageElement(
+            [str(res[0].dn)], ldb.FLAG_MOD_ADD,
+            "member")
+        self.admin_samdb.modify(m)
+
+        m = ldb.Message()
+        m.dn = res[0].dn
+        m["primaryGroupID"] = ldb.MessageElement(
+            [str(security.DOMAIN_RID_USERS)], ldb.FLAG_MOD_REPLACE,
+            "primaryGroupID")
+        try:
+            self.admin_samdb.modify(m)
+
+            # When creating a new object, you can not ever set the primaryGroupID
+            self.fail("Unexpectedly able to set primaryGroupID to be other than DCS on %s" % computername)
+        except LdbError as e14:
+            (enum, estr) = e14.args
+            self.assertEqual(enum, ldb.ERR_UNWILLING_TO_PERFORM)
+
+    def test_primarygroupID_priv_member_modify(self):
+        computername = self.computernames[0]
+
+        self.add_computer_ldap(computername,
+                               others={"userAccountControl": [str(UF_WORKSTATION_TRUST_ACCOUNT | UF_PARTIAL_SECRETS_ACCOUNT)]},
+                               samdb=self.admin_samdb)
+        res = self.admin_samdb.search("%s" % self.base_dn,
+                                      expression="(&(objectClass=computer)(samAccountName=%s$))" % computername,
+                                      scope=SCOPE_SUBTREE,
+                                      attrs=[""])
+
+        m = ldb.Message()
+        m.dn = ldb.Dn(self.admin_samdb, "<SID=%s-%d>" % (str(self.domain_sid),
+                                                         security.DOMAIN_RID_USERS))
+        m["member"] = ldb.MessageElement(
+            [str(res[0].dn)], ldb.FLAG_MOD_ADD,
+            "member")
+        self.admin_samdb.modify(m)
+
+        m = ldb.Message()
+        m.dn = res[0].dn
+        m["primaryGroupID"] = ldb.MessageElement(
+            [str(security.DOMAIN_RID_USERS)], ldb.FLAG_MOD_REPLACE,
+            "primaryGroupID")
+
+        self.assertRaisesLdbError(ldb.ERR_UNWILLING_TO_PERFORM,
+                                  f"Unexpectedly able to set primaryGroupID to be other than DCS on {m.dn}",
+                                  self.admin_samdb.modify, m)
+
+    def test_primarygroupID_priv_user_modify(self):
+        computername = self.computernames[0]
+
+        self.add_computer_ldap(computername,
+                               others={"userAccountControl": [str(UF_WORKSTATION_TRUST_ACCOUNT)]},
+                               samdb=self.admin_samdb)
+        res = self.admin_samdb.search("%s" % self.base_dn,
+                                      expression="(&(objectClass=computer)(samAccountName=%s$))" % computername,
+                                      scope=SCOPE_SUBTREE,
+                                      attrs=[""])
+
+        m = ldb.Message()
+        m.dn = ldb.Dn(self.admin_samdb, "<SID=%s-%d>" % (str(self.domain_sid),
+                                                         security.DOMAIN_RID_ADMINS))
+        m["member"] = ldb.MessageElement(
+            [str(res[0].dn)], ldb.FLAG_MOD_ADD,
+            "member")
+        self.admin_samdb.modify(m)
+
+        m = ldb.Message()
+        m.dn = res[0].dn
+        m["primaryGroupID"] = ldb.MessageElement(
+            [str(security.DOMAIN_RID_ADMINS)], ldb.FLAG_MOD_REPLACE,
+            "primaryGroupID")
+        self.admin_samdb.modify(m)
+
+    def _test_objectclass_uac_dollar_lock_with_args(self,
+                                                    account_type,
+                                                    objectclass,
+                                                    name,
+                                                    priv):
+        dn = "CN=%s,%s" % (name, self.OU)
+        msg_dict = {
+            "dn": dn,
+            "objectclass": objectclass,
+            "samAccountName": name,
+            "userAccountControl": str(account_type | UF_PASSWD_NOTREQD)}
+
+        account_type_str = dsdb.user_account_control_flag_bit_to_string(account_type)
+
+        print(f"Adding account {name} as {account_type_str} with objectclass {objectclass}")
+
+        if priv:
+            samdb = self.admin_samdb
+        else:
+            user_sid = self.sd_utils.get_object_sid(self.unpriv_user_dn)
+            mod = "(OA;;CC;;;%s)" % str(user_sid)
+
+            self.sd_utils.dacl_add_ace(self.OU, mod)
+            samdb = self.samdb
+
+        enum = ldb.SUCCESS
+        try:
+            samdb.add(msg_dict)
+        except ldb.LdbError as e:
+            (enum, msg) = e.args
+
+        if (account_type == UF_SERVER_TRUST_ACCOUNT
+            and objectclass != "computer"):
+            self.assertEqual(enum, ldb.ERR_OBJECT_CLASS_VIOLATION)
+            return
+
+        if priv == False and account_type == UF_SERVER_TRUST_ACCOUNT:
+            self.assertEqual(enum, ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS)
+            return
+
+        if (objectclass == "user"
+            and account_type != UF_NORMAL_ACCOUNT):
+            self.assertEqual(enum, ldb.ERR_OBJECT_CLASS_VIOLATION)
+            return
+
+        if (not priv and objectclass == "computer"
+            and account_type == UF_NORMAL_ACCOUNT):
+            self.assertEqual(enum, ldb.ERR_OBJECT_CLASS_VIOLATION)
+            return
+
+        if priv and account_type == UF_NORMAL_ACCOUNT:
+            self.assertEqual(enum, 0)
+            return
+
+        if (priv == False and
+            account_type != UF_NORMAL_ACCOUNT and
+            name[-1] != '$'):
+            self.assertEqual(enum, ldb.ERR_UNWILLING_TO_PERFORM)
+            return
+
+        self.assertEqual(enum, 0)
+
+    def _test_mod_lock_with_args(self,
+                                 objectclass,
+                                 objectclass2,
+                                 account_type,
+                                 account_type2,
+                                 name2,
+                                 priv):
+        name = "oc_uac_lock$"
+
+        dn = "CN=%s,%s" % (name, self.OU)
+        msg_dict = {
+            "dn": dn,
+            "objectclass": objectclass,
+            "samAccountName": name,
+            "userAccountControl": str(account_type | UF_PASSWD_NOTREQD)}
+
+        account_type_str = dsdb.user_account_control_flag_bit_to_string(
+            account_type)
+
+        print(f"Adding account {name} as {account_type_str} "
+              f"with objectclass {objectclass}")
+
+        # Create the object as admin
+        self.admin_samdb.add(msg_dict)
+
+        if priv:
+            samdb = self.admin_samdb
+        else:
+            samdb = self.samdb
+
+        user_sid = self.sd_utils.get_object_sid(self.unpriv_user_dn)
+
+        # We want to test what the underlying rules for non-admins regardless
+        # of security descriptors are, so set this very, dangerously, broadly
+        mod = f"(OA;;WP;;;{user_sid})"
+
+        self.sd_utils.dacl_add_ace(dn, mod)
+
+        msg = "Modifying account"
+        if name2 is not None:
+            msg += f" to {name2}"
+        if account_type2 is not None:
+            account_type2_str = dsdb.user_account_control_flag_bit_to_string(
+                account_type2)
+            msg += f" as {account_type2_str}"
+        else:
+            account_type2_str = None
+        if objectclass2 is not None:
+            msg += f" with objectClass {objectclass2}"
+        print(msg)
+
+        msg = ldb.Message(ldb.Dn(samdb, dn))
+        if objectclass2 is not None:
+            msg["objectClass"] = ldb.MessageElement(objectclass2,
+                                                    ldb.FLAG_MOD_REPLACE,
+                                                    "objectClass")
+        if name2 is not None:
+            msg["sAMAccountName"] = ldb.MessageElement(name2,
+                                                       ldb.FLAG_MOD_REPLACE,
+                                                       "sAMAccountName")
+        if account_type2 is not None:
+            msg["userAccountControl"] = ldb.MessageElement(
+                str(account_type2 | UF_PASSWD_NOTREQD),
+                ldb.FLAG_MOD_REPLACE,
+                "userAccountControl")
+        enum = ldb.SUCCESS
+        try:
+            samdb.modify(msg)
+        except ldb.LdbError as e:
+            enum, _ = e.args
+
+        # Setting userAccountControl to be an RODC is not allowed.
+        if account_type2 == UF_PARTIAL_SECRETS_ACCOUNT:
+            self.assertEqual(enum, ldb.ERR_OTHER)
+            return
+
+        # Unprivileged users cannot change userAccountControl. The exception is
+        # changing a non-normal account to UF_WORKSTATION_TRUST_ACCOUNT, which
+        # is allowed.
+        if (not priv
+                and account_type2 is not None
+                and account_type != account_type2
+                and (account_type == UF_NORMAL_ACCOUNT
+                     or account_type2 != UF_WORKSTATION_TRUST_ACCOUNT)):
+            self.assertIn(enum, [ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS,
+                                 ldb.ERR_OBJECT_CLASS_VIOLATION])
+            return
+
+        # A non-computer account cannot have UF_SERVER_TRUST_ACCOUNT.
+        if objectclass == "user" and account_type2 == UF_SERVER_TRUST_ACCOUNT:
+            self.assertIn(enum, [ldb.ERR_UNWILLING_TO_PERFORM,
+                                 ldb.ERR_OBJECT_CLASS_VIOLATION])
+            return
+
+        # The objectClass is not allowed to change.
+        if objectclass2 is not None and objectclass != objectclass2:
+            self.assertIn(enum, [ldb.ERR_OBJECT_CLASS_VIOLATION,
+                                 ldb.ERR_UNWILLING_TO_PERFORM])
+            return
+
+        # Unprivileged users cannot remove the trailing dollar from a computer
+        # account.
+        if not priv and objectclass == "computer" and (
+                name2 is not None and name2[-1] != "$"):
+            self.assertEqual(enum, ldb.ERR_UNWILLING_TO_PERFORM)
+            return
+
+        self.assertEqual(enum, 0)
+        return
+
+    def _test_objectclass_uac_mod_lock_with_args(self,
+                                                 account_type,
+                                                 account_type2,
+                                                 how,
+                                                 priv):
+        name = "uac_mod_lock$"
+        dn = "CN=%s,%s" % (name, self.OU)
+        if account_type == UF_NORMAL_ACCOUNT:
+            objectclass = "user"
+        else:
+            objectclass = "computer"
+
+        msg_dict = {
+            "dn": dn,
+            "objectclass": objectclass,
+            "samAccountName": name,
+            "userAccountControl": str(account_type | UF_PASSWD_NOTREQD)}
+
+        account_type_str \
+            = dsdb.user_account_control_flag_bit_to_string(account_type)
+        account_type2_str \
+            = dsdb.user_account_control_flag_bit_to_string(account_type2)
+
+        print(f"Adding account {name} as {account_type_str} with objectclass {objectclass}")
+
+        if priv:
+            samdb = self.admin_samdb
+        else:
+            samdb = self.samdb
+
+        user_sid = self.sd_utils.get_object_sid(self.unpriv_user_dn)
+
+        # Create the object as admin
+        self.admin_samdb.add(msg_dict)
+
+        # We want to test what the underlying rules for non-admins
+        # regardless of security descriptors are, so set this very,
+        # dangerously, broadly
+        mod = "(OA;;WP;;;%s)" % str(user_sid)
+
+        self.sd_utils.dacl_add_ace(dn, mod)
+
+        m = ldb.Message()
+        m.dn = ldb.Dn(samdb, dn)
+        if how == "replace":
+            m["userAccountControl"] = ldb.MessageElement(str(account_type2 | UF_PASSWD_NOTREQD),
+                                                         ldb.FLAG_MOD_REPLACE, "userAccountControl")
+        elif how == "deladd":
+            m["0userAccountControl"] = ldb.MessageElement([],
+                                                          ldb.FLAG_MOD_DELETE, "userAccountControl")
+            m["1userAccountControl"] = ldb.MessageElement(str(account_type2 | UF_PASSWD_NOTREQD),
+                                                          ldb.FLAG_MOD_ADD, "userAccountControl")
+        else:
+            raise ValueError(f"{how} was not a valid argument")
+
+        if (account_type == account_type2):
+            samdb.modify(m)
+        elif (account_type == UF_NORMAL_ACCOUNT) and \
+               (account_type2 == UF_SERVER_TRUST_ACCOUNT) and not priv:
+                self.assertRaisesLdbError([ldb.ERR_OBJECT_CLASS_VIOLATION,
+                                           ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS],
+                                          f"Should have been unable to change {account_type_str} to {account_type2_str}",
+                                          samdb.modify, m)
+        elif (account_type == UF_NORMAL_ACCOUNT) and \
+               (account_type2 == UF_SERVER_TRUST_ACCOUNT) and priv:
+                self.assertRaisesLdbError([ldb.ERR_OBJECT_CLASS_VIOLATION,
+                                           ldb.ERR_UNWILLING_TO_PERFORM],
+                                          f"Should have been unable to change {account_type_str} to {account_type2_str}",
+                                          samdb.modify, m)
+        elif (account_type == UF_WORKSTATION_TRUST_ACCOUNT) and \
+               (account_type2 == UF_SERVER_TRUST_ACCOUNT) and not priv:
+                self.assertRaisesLdbError(ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS,
+                                          f"Should have been unable to change {account_type_str} to {account_type2_str}",
+                                          samdb.modify, m)
+        elif priv:
+            samdb.modify(m)
+        elif (account_type in [UF_SERVER_TRUST_ACCOUNT,
+                               UF_WORKSTATION_TRUST_ACCOUNT]) and \
+            (account_type2 in [UF_SERVER_TRUST_ACCOUNT,
+                               UF_WORKSTATION_TRUST_ACCOUNT]):
+            samdb.modify(m)
+        elif (account_type == account_type2):
+            samdb.modify(m)
+        else:
+            self.assertRaisesLdbError(ldb.ERR_OBJECT_CLASS_VIOLATION,
+                                      f"Should have been unable to change {account_type_str} to {account_type2_str}",
+                                      samdb.modify, m)
+
+    def _test_objectclass_mod_lock_with_args(self,
+                                             account_type,
+                                             objectclass,
+                                             how):
+        name = "uac_mod_lock$"
+        dn = "CN=%s,%s" % (name, self.OU)
+        if objectclass == "computer":
+            new_objectclass = ["top",
+                               "person",
+                               "organizationalPerson",
+                               "user"]
+        elif objectclass == "user":
+            new_objectclass = ["top",
+                               "person",
+                               "organizationalPerson",
+                               "user",
+                               "computer"]
+
+        msg_dict = {
+            "dn": dn,
+            "objectclass": objectclass,
+            "samAccountName": name,
+            "userAccountControl": str(account_type | UF_PASSWD_NOTREQD)}
+
+        account_type_str = dsdb.user_account_control_flag_bit_to_string(account_type)
+
+        print(f"Adding account {name} as {account_type_str} with objectclass {objectclass}")
+
+        try:
+            self.admin_samdb.add(msg_dict)
+            if (objectclass == "user"
+                and account_type != UF_NORMAL_ACCOUNT):
+                self.fail(f"Able to create {account_type_str} on {objectclass}")
+        except LdbError as e:
+            (enum, estr) = e.args
+            self.assertEqual(enum, ldb.ERR_OBJECT_CLASS_VIOLATION)
+
+        if objectclass == "user" and account_type != UF_NORMAL_ACCOUNT:
+            return
+
+        m = ldb.Message()
+        m.dn = ldb.Dn(self.admin_samdb, dn)
+        if how == "replace":
+            m["objectclass"] = ldb.MessageElement(new_objectclass,
+                                                  ldb.FLAG_MOD_REPLACE, "objectclass")
+        elif how == "adddel":
+            m["0objectclass"] = ldb.MessageElement([],
+                                                   ldb.FLAG_MOD_DELETE, "objectclass")
+            m["1objectclass"] = ldb.MessageElement(new_objectclass,
+                                                   ldb.FLAG_MOD_ADD, "objectclass")
+
+        self.assertRaisesLdbError([ldb.ERR_OBJECT_CLASS_VIOLATION,
+                                   ldb.ERR_UNWILLING_TO_PERFORM],
+                                  f"Should have been unable to change objectclass of a {objectclass}",
+                                  self.admin_samdb.modify, m)
+
+runner = SubunitTestRunner()
+rc = 0
+if not runner.run(unittest.TestLoader().loadTestsFromTestCase(
+        UserAccountControlTests)).wasSuccessful():
+    rc = 1
+sys.exit(rc)
diff --git a/source4/dsdb/tests/python/vlv.py b/source4/dsdb/tests/python/vlv.py
new file mode 100644
index 0000000..13fccba
--- /dev/null
+++ b/source4/dsdb/tests/python/vlv.py
@@ -0,0 +1,1786 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+# Originally based on ./sam.py
+import optparse
+import sys
+import os
+import base64
+import random
+import re
+
+sys.path.insert(0, "bin/python")
+import samba
+from samba.tests.subunitrun import SubunitOptions, TestProgram
+
+import samba.getopt as options
+
+from samba.auth import system_session
+import ldb
+from samba.samdb import SamDB
+from samba.common import get_bytes
+from samba.common import get_string
+
+import time
+
+parser = optparse.OptionParser("vlv.py [options] <host>")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+subunitopts = SubunitOptions(parser)
+parser.add_option_group(subunitopts)
+
+parser.add_option('--elements', type='int', default=20,
+                  help="use this many elements in the tests")
+
+parser.add_option('--delete-in-setup', action='store_true',
+                  help="cleanup in next setup rather than teardown")
+
+parser.add_option('--skip-attr-regex',
+                  help="ignore attributes matching this regex")
+
+opts, args = parser.parse_args()
+
+if len(args) < 1:
+    parser.print_usage()
+    sys.exit(1)
+
+host = args[0]
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+
+N_ELEMENTS = opts.elements
+
+
+class VlvTestException(Exception):
+    pass
+
+
+def encode_vlv_control(critical=1,
+                       before=0, after=0,
+                       offset=None,
+                       gte=None,
+                       n=0, cookie=None):
+
+    s = "vlv:%d:%d:%d:" % (critical, before, after)
+
+    if offset is not None:
+        m = "%d:%d" % (offset, n)
+    elif b':' in gte or b'\x00' in gte:
+        gte = get_string(base64.b64encode(gte))
+        m = "base64>=%s" % gte
+    else:
+        m = ">=%s" % get_string(gte)
+
+    if cookie is None:
+        return s + m
+
+    return s + m + ':' + cookie
+
+
+def get_cookie(controls, expected_n=None):
+    """Get the cookie, STILL base64 encoded, or raise ValueError."""
+    for c in list(controls):
+        cstr = str(c)
+        if cstr.startswith('vlv_resp'):
+            head, n, _, cookie = cstr.rsplit(':', 3)
+            if expected_n is not None and int(n) != expected_n:
+                raise ValueError("Expected %s items, server said %s" %
+                                 (expected_n, n))
+            return cookie
+    raise ValueError("there is no VLV response")
+
+
+class TestsWithUserOU(samba.tests.TestCase):
+
+    def create_user(self, i, n, prefix='vlvtest', suffix='', attrs=None):
+        name = "%s%d%s" % (prefix, i, suffix)
+        user = {
+            'cn': name,
+            "objectclass": "user",
+            'givenName': "abcdefghijklmnopqrstuvwxyz"[i % 26],
+            "roomNumber": "%sbc" % (n - i),
+            "carLicense": "���",
+            "facsimileTelephoneNumber": name,
+            "employeeNumber": "%s%sx" % (abs(i * (99 - i)), '\n' * (i & 255)),
+            "accountExpires": "%s" % (10 ** 9 + 1000000 * i),
+            "msTSExpireDate4": "19%02d0101010000.0Z" % (i % 100),
+            "flags": str(i * (n - i)),
+            "serialNumber": "abc %s%s%s" % ('AaBb |-/'[i & 7],
+                                            ' 3z}'[i & 3],
+                                            '"@'[i & 1],),
+        }
+
+        # _user_broken_attrs tests are broken due to problems outside
+        # of VLV.
+        _user_broken_attrs = {
+            # Sort doesn't look past a NUL byte.
+            "photo": "\x00%d" % (n - i),
+            "audio": "%sn octet string %s%s ♫♬\x00lalala" % ('Aa'[i & 1],
+                                                             chr(i & 255), i),
+            "displayNamePrintable": "%d\x00%c" % (i, i & 255),
+            "adminDisplayName": "%d\x00b" % (n - i),
+            "title": "%d%sb" % (n - i, '\x00' * i),
+            "comment": "Favourite colour is %d" % (n % (i + 1)),
+
+            # Names that vary only in case. Windows returns
+            # equivalent addresses in the order they were put
+            # in ('a st', 'A st',...).
+            "street": "%s st" % (chr(65 | (i & 14) | ((i & 1) * 32))),
+        }
+
+        if attrs is not None:
+            user.update(attrs)
+
+        user['dn'] = "cn=%s,%s" % (user['cn'], self.ou)
+
+        if opts.skip_attr_regex:
+            match = re.compile(opts.skip_attr_regex).search
+            for k in user.keys():
+                if match(k):
+                    del user[k]
+
+        self.users.append(user)
+        self.ldb.add(user)
+        return user
+
+    def setUp(self):
+        super(TestsWithUserOU, self).setUp()
+        self.ldb = SamDB(host, credentials=creds,
+                         session_info=system_session(lp), lp=lp)
+        self.ldb_ro = self.ldb
+        self.base_dn = self.ldb.domain_dn()
+        self.tree_dn = "ou=vlvtesttree,%s" % self.base_dn
+        self.ou = "ou=vlvou,%s" % self.tree_dn
+        if opts.delete_in_setup:
+            try:
+                self.ldb.delete(self.tree_dn, ['tree_delete:1'])
+            except ldb.LdbError as e:
+                print("tried deleting %s, got error %s" % (self.tree_dn, e))
+        self.ldb.add({
+            "dn": self.tree_dn,
+            "objectclass": "organizationalUnit"})
+        self.ldb.add({
+            "dn": self.ou,
+            "objectclass": "organizationalUnit"})
+
+        self.users = []
+        for i in range(N_ELEMENTS):
+            self.create_user(i, N_ELEMENTS)
+
+        attrs = self.users[0].keys()
+        self.binary_sorted_keys = ['audio',
+                                   'photo',
+                                   "msTSExpireDate4",
+                                   'serialNumber',
+                                   "displayNamePrintable"]
+
+        self.numeric_sorted_keys = ['flags',
+                                    'accountExpires']
+
+        self.timestamp_keys = ['msTSExpireDate4']
+
+        self.int64_keys = set(['accountExpires'])
+
+        self.locale_sorted_keys = [x for x in attrs if
+                                   x not in (self.binary_sorted_keys +
+                                             self.numeric_sorted_keys)]
+
+        # don't try spaces, etc in cn
+        self.delicate_keys = ['cn']
+
+    def tearDown(self):
+        super(TestsWithUserOU, self).tearDown()
+        if not opts.delete_in_setup:
+            self.ldb.delete(self.tree_dn, ['tree_delete:1'])
+
+
+class VLVTestsBase(TestsWithUserOU):
+
+    # Run a vlv search and return important fields of the response control
+    def vlv_search(self, attr, expr, cookie="", after_count=0, offset=1):
+        sort_ctrl = "server_sort:1:0:%s" % attr
+        ctrl = "vlv:1:0:%d:%d:0" % (after_count, offset)
+        if cookie:
+            ctrl += ":" + cookie
+
+        res = self.ldb_ro.search(self.ou,
+                              expression=expr,
+                              scope=ldb.SCOPE_ONELEVEL,
+                              attrs=[attr],
+                              controls=[ctrl, sort_ctrl])
+        results = [str(x[attr][0]) for x in res]
+
+        ctrls = [str(c) for c in res.controls if
+                 str(c).startswith('vlv')]
+        self.assertEqual(len(ctrls), 1)
+
+        spl = ctrls[0].rsplit(':')
+        cookie = ""
+        if len(spl) == 6:
+            cookie = spl[-1]
+
+        return results, cookie
+
+
+class VLVTestsRO(VLVTestsBase):
+    def test_vlv_simple_double_run(self):
+        """Do the simplest possible VLV query to confirm if VLV
+           works at all.  Useful for showing VLV as a whole works
+           on Global Catalog (for example)"""
+        attr = 'roomNumber'
+        expr = "(objectclass=user)"
+
+        # Start new search
+        full_results, cookie = self.vlv_search(attr, expr,
+                                               after_count=len(self.users))
+
+        results, cookie = self.vlv_search(attr, expr, cookie=cookie,
+                                          after_count=len(self.users))
+        expected_results = full_results
+        self.assertEqual(results, expected_results)
+
+
+class VLVTestsGC(VLVTestsRO):
+    def setUp(self):
+        super(VLVTestsRO, self).setUp()
+        self.ldb_ro = SamDB(host + ":3268", credentials=creds,
+                            session_info=system_session(lp), lp=lp)
+
+
+class VLVTests(VLVTestsBase):
+    def get_full_list(self, attr, include_cn=False):
+        """Fetch the whole list sorted on the attribute, using the VLV.
+        This way you get a VLV cookie."""
+        n_users = len(self.users)
+        sort_control = "server_sort:1:0:%s" % attr
+        half_n = n_users // 2
+        vlv_search = "vlv:1:%d:%d:%d:0" % (half_n, half_n, half_n + 1)
+        attrs = [attr]
+        if include_cn:
+            attrs.append('cn')
+        res = self.ldb.search(self.ou,
+                              scope=ldb.SCOPE_ONELEVEL,
+                              attrs=attrs,
+                              controls=[sort_control,
+                                        vlv_search])
+        if include_cn:
+            full_results = [(str(x[attr][0]), str(x['cn'][0])) for x in res]
+        else:
+            full_results = [str(x[attr][0]).lower() for x in res]
+        controls = res.controls
+        return full_results, controls, sort_control
+
+    def get_expected_order(self, attr, expression=None):
+        """Fetch the whole list sorted on the attribute, using sort only."""
+        sort_control = "server_sort:1:0:%s" % attr
+        res = self.ldb.search(self.ou,
+                              scope=ldb.SCOPE_ONELEVEL,
+                              expression=expression,
+                              attrs=[attr],
+                              controls=[sort_control])
+        results = [x[attr][0] for x in res]
+        return results
+
+    def delete_user(self, user):
+        self.ldb.delete(user['dn'])
+        del self.users[self.users.index(user)]
+
+    def get_gte_tests_and_order(self, attr, expression=None):
+        expected_order = self.get_expected_order(attr, expression=expression)
+        gte_users = []
+        if attr in self.delicate_keys:
+            gte_keys = [
+                '3',
+                'abc',
+                '¹',
+                'ŋđ¼³ŧ“«đð',
+                'æ¡‘å·´',
+            ]
+        elif attr in self.timestamp_keys:
+            gte_keys = [
+                '18560101010000.0Z',
+                '19140103010000.0Z',
+                '19560101010010.0Z',
+                '19700101000000.0Z',
+                '19991231211234.3Z',
+                '20061111211234.0Z',
+                '20390901041234.0Z',
+                '25560101010000.0Z',
+            ]
+        elif attr not in self.numeric_sorted_keys:
+            gte_keys = [
+                '3',
+                'abc',
+                ' ',
+                '!@#!@#!',
+                'k�kako',
+                '¹',
+                'ŋđ¼³ŧ“«đð',
+                '\n\t\t',
+                'æ¡‘å·´',
+                'zzzz',
+            ]
+            if expected_order:
+                gte_keys.append(expected_order[len(expected_order) // 2] + b' tail')
+
+        else:
+            # "numeric" means positive integers
+            # doesn't work with -1, 3.14, ' 3', '9' * 20
+            gte_keys = ['3',
+                        '1' * 10,
+                        '1',
+                        '9' * 7,
+                        '0']
+
+            if attr in self.int64_keys:
+                gte_keys += ['3' * 12, '71' * 8]
+
+        for i, x in enumerate(gte_keys):
+            user = self.create_user(i, N_ELEMENTS,
+                                    prefix='gte',
+                                    attrs={attr: x})
+            gte_users.append(user)
+
+        gte_order = self.get_expected_order(attr)
+        for user in gte_users:
+            self.delete_user(user)
+
+        # for sanity's sake
+        expected_order_2 = self.get_expected_order(attr, expression=expression)
+        self.assertEqual(expected_order, expected_order_2)
+
+        # Map gte tests to indexes in expected order. This will break
+        # if gte_order and expected_order are differently ordered (as
+        # it should).
+        gte_map = {}
+
+        # index to the first one with each value
+        index_map = {}
+        for i, k in enumerate(expected_order):
+            if k not in index_map:
+                index_map[k] = i
+
+        keys = []
+        for o in gte_order:
+            if o in index_map:
+                i = index_map[o]
+                gte_map[o] = i
+                for k in keys:
+                    gte_map[k] = i
+                keys = []
+            else:
+                keys.append(o)
+
+        for k in keys:
+            gte_map[k] = len(expected_order)
+
+        if False:
+            print("gte_map:")
+            for k in gte_order:
+                print("   %10s => %10s" % (k, gte_map[k]))
+
+        return gte_order, expected_order, gte_map
+
+    def assertCorrectResults(self, results, expected_order,
+                             offset, before, after):
+        """A helper to calculate offsets correctly and say as much as possible
+        when something goes wrong."""
+
+        start = max(offset - before - 1, 0)
+        end = offset + after
+        expected_results = expected_order[start: end]
+
+        # if it is a tuple with the cn, drop the cn
+        if expected_results and isinstance(expected_results[0], tuple):
+            expected_results = [x[0] for x in expected_results]
+
+        if expected_results == results:
+            return
+
+        if expected_order is not None:
+            print("expected order: %s" % expected_order[:20])
+            if len(expected_order) > 20:
+                print("... and %d more not shown" % (len(expected_order) - 20))
+
+        print("offset %d before %d after %d" % (offset, before, after))
+        print("start %d end %d" % (start, end))
+        print("expected: %s" % expected_results)
+        print("got     : %s" % results)
+        self.assertEqual(expected_results, results)
+
+    def test_server_vlv_with_cookie(self):
+        attrs = [x for x in self.users[0].keys() if x not in
+                 ('dn', 'objectclass')]
+        for attr in attrs:
+            expected_order = self.get_expected_order(attr)
+            sort_control = "server_sort:1:0:%s" % attr
+            res = None
+            n = len(self.users)
+            for before in [10, 0, 3, 1, 4, 5, 2]:
+                for after in [0, 3, 1, 4, 5, 2, 7]:
+                    for offset in range(max(1, before - 2),
+                                        min(n - after + 2, n)):
+                        if res is None:
+                            vlv_search = "vlv:1:%d:%d:%d:0" % (before, after,
+                                                               offset)
+                        else:
+                            cookie = get_cookie(res.controls, n)
+                            vlv_search = ("vlv:1:%d:%d:%d:%s:%s" %
+                                          (before, after, offset, n,
+                                           cookie))
+
+                        res = self.ldb.search(self.ou,
+                                              scope=ldb.SCOPE_ONELEVEL,
+                                              attrs=[attr],
+                                              controls=[sort_control,
+                                                        vlv_search])
+
+                        results = [x[attr][0] for x in res]
+
+                        self.assertCorrectResults(results, expected_order,
+                                                  offset, before, after)
+
+    def run_index_tests_with_expressions(self, expressions):
+        # Here we don't test every before/after combination.
+        attrs = [x for x in self.users[0].keys() if x not in
+                 ('dn', 'objectclass')]
+        for attr in attrs:
+            for expression in expressions:
+                expected_order = self.get_expected_order(attr, expression)
+                sort_control = "server_sort:1:0:%s" % attr
+                res = None
+                n = len(expected_order)
+                for before in range(0, 11):
+                    after = before
+                    for offset in range(max(1, before - 2),
+                                        min(n - after + 2, n)):
+                        if res is None:
+                            vlv_search = "vlv:1:%d:%d:%d:0" % (before, after,
+                                                               offset)
+                        else:
+                            cookie = get_cookie(res.controls)
+                            vlv_search = ("vlv:1:%d:%d:%d:%s:%s" %
+                                          (before, after, offset, n,
+                                           cookie))
+
+                        res = self.ldb.search(self.ou,
+                                              expression=expression,
+                                              scope=ldb.SCOPE_ONELEVEL,
+                                              attrs=[attr],
+                                              controls=[sort_control,
+                                                        vlv_search])
+
+                        results = [x[attr][0] for x in res]
+
+                        self.assertCorrectResults(results, expected_order,
+                                                  offset, before, after)
+
+    def test_server_vlv_with_expression(self):
+        """What happens when we run the VLV with an expression?"""
+        expressions = ["(objectClass=*)",
+                       "(cn=%s)" % self.users[-1]['cn'],
+                       "(roomNumber=%s)" % self.users[0]['roomNumber'],
+                       ]
+        self.run_index_tests_with_expressions(expressions)
+
+    def test_server_vlv_with_failing_expression(self):
+        """What happens when we run the VLV on an expression that matches
+        nothing?"""
+        expressions = ["(samaccountname=testferf)",
+                       "(cn=hefalump)",
+                       ]
+        self.run_index_tests_with_expressions(expressions)
+
+    def run_gte_tests_with_expressions(self, expressions):
+        # Here we don't test every before/after combination.
+        attrs = [x for x in self.users[0].keys() if x not in
+                 ('dn', 'objectclass')]
+        for expression in expressions:
+            for attr in attrs:
+                gte_order, expected_order, gte_map = \
+                    self.get_gte_tests_and_order(attr, expression)
+                # In case there is some order dependency, disorder tests
+                gte_tests = gte_order[:]
+                random.seed(2)
+                random.shuffle(gte_tests)
+                res = None
+                sort_control = "server_sort:1:0:%s" % attr
+                expected_order = self.get_expected_order(attr, expression)
+
+                for before in range(0, 11):
+                    after = before
+                    for gte in gte_tests:
+                        if res is not None:
+                            cookie = get_cookie(res.controls)
+                        else:
+                            cookie = None
+                        vlv_search = encode_vlv_control(before=before,
+                                                        after=after,
+                                                        gte=get_bytes(gte),
+                                                        cookie=cookie)
+
+                        res = self.ldb.search(self.ou,
+                                              scope=ldb.SCOPE_ONELEVEL,
+                                              expression=expression,
+                                              attrs=[attr],
+                                              controls=[sort_control,
+                                                        vlv_search])
+
+                        results = [x[attr][0] for x in res]
+                        offset = gte_map.get(gte, len(expected_order))
+
+                        # here offset is 0-based
+                        start = max(offset - before, 0)
+                        end = offset + 1 + after
+
+                        expected_results = expected_order[start: end]
+
+                        self.assertEqual(expected_results, results)
+
+    def test_vlv_gte_with_expression(self):
+        """What happens when we run the VLV with an expression?"""
+        expressions = ["(objectClass=*)",
+                       "(cn=%s)" % self.users[-1]['cn'],
+                       "(roomNumber=%s)" % self.users[0]['roomNumber'],
+                       ]
+        self.run_gte_tests_with_expressions(expressions)
+
+    def test_vlv_gte_with_failing_expression(self):
+        """What happens when we run the VLV on an expression that matches
+        nothing?"""
+        expressions = ["(samaccountname=testferf)",
+                       "(cn=hefalump)",
+                       ]
+        self.run_gte_tests_with_expressions(expressions)
+
+    def test_server_vlv_with_cookie_while_adding_and_deleting(self):
+        """What happens if we add or remove items in the middle of the VLV?
+
+        Nothing. The search and the sort is not repeated, and we only
+        deal with the objects originally found.
+        """
+        attrs = ['cn'] + [x for x in self.users[0].keys() if x not in
+                          ('dn', 'objectclass')]
+        user_number = 0
+        iteration = 0
+        for attr in attrs:
+            full_results, controls, sort_control = \
+                            self.get_full_list(attr, True)
+            original_n = len(self.users)
+
+            expected_order = full_results
+            random.seed(1)
+
+            for before in list(range(0, 3)) + [6, 11, 19]:
+                for after in list(range(0, 3)) + [6, 11, 19]:
+                    start = max(before - 1, 1)
+                    end = max(start + 4, original_n - after + 2)
+                    for offset in range(start, end):
+                        # if iteration > 2076:
+                        #    return
+                        cookie = get_cookie(controls, original_n)
+                        vlv_search = encode_vlv_control(before=before,
+                                                        after=after,
+                                                        offset=offset,
+                                                        n=original_n,
+                                                        cookie=cookie)
+
+                        iteration += 1
+                        res = self.ldb.search(self.ou,
+                                              scope=ldb.SCOPE_ONELEVEL,
+                                              attrs=[attr],
+                                              controls=[sort_control,
+                                                        vlv_search])
+
+                        controls = res.controls
+                        results = [x[attr][0] for x in res]
+                        real_offset = max(1, min(offset, len(expected_order)))
+
+                        expected_results = []
+                        skipped = 0
+                        begin_offset = max(real_offset - before - 1, 0)
+                        real_before = min(before, real_offset - 1)
+                        real_after = min(after,
+                                         len(expected_order) - real_offset)
+
+                        for x in expected_order[begin_offset:]:
+                            if x is not None:
+                                expected_results.append(get_bytes(x[0]))
+                                if (len(expected_results) ==
+                                    real_before + real_after + 1):
+                                    break
+                            else:
+                                skipped += 1
+
+                        if expected_results != results:
+                            print("attr %s before %d after %d offset %d" %
+                                  (attr, before, after, offset))
+                        self.assertEqual(expected_results, results)
+
+                        n = len(self.users)
+                        if random.random() < 0.1 + (n < 5) * 0.05:
+                            if n == 0:
+                                i = 0
+                            else:
+                                i = random.randrange(n)
+                            user = self.create_user(i, n, suffix='-%s' %
+                                                    user_number)
+                            user_number += 1
+                        if random.random() < 0.1  + (n > 50) * 0.02 and n:
+                            index = random.randrange(n)
+                            user = self.users.pop(index)
+
+                            self.ldb.delete(user['dn'])
+
+                            replaced = (user[attr], user['cn'])
+                            if replaced in expected_order:
+                                i = expected_order.index(replaced)
+                                expected_order[i] = None
+
+    def test_server_vlv_with_cookie_while_changing(self):
+        """What happens if we modify items in the middle of the VLV?
+
+        The expected behaviour (as found on Windows) is the sort is
+        not repeated, but the changes in attributes are reflected.
+        """
+        attrs = [x for x in self.users[0].keys() if x not in
+                 ('dn', 'objectclass', 'cn')]
+        for attr in attrs:
+            n_users = len(self.users)
+            expected_order = [x.upper() for x in self.get_expected_order(attr)]
+            sort_control = "server_sort:1:0:%s" % attr
+            res = None
+            i = 0
+
+            # First we'll fetch the whole list so we know the original
+            # sort order. This is necessary because we don't know how
+            # the server will order equivalent items. We are using the
+            # dn as a key.
+            half_n = n_users // 2
+            vlv_search = "vlv:1:%d:%d:%d:0" % (half_n, half_n, half_n + 1)
+            res = self.ldb.search(self.ou,
+                                  scope=ldb.SCOPE_ONELEVEL,
+                                  attrs=['dn', attr],
+                                  controls=[sort_control, vlv_search])
+
+            results = [x[attr][0].upper() for x in res]
+            #self.assertEqual(expected_order, results)
+
+            dn_order = [str(x['dn']) for x in res]
+            values = results[:]
+
+            for before in range(0, 3):
+                for after in range(0, 3):
+                    for offset in range(1 + before, n_users - after):
+                        cookie = get_cookie(res.controls, len(self.users))
+                        vlv_search = ("vlv:1:%d:%d:%d:%s:%s" %
+                                      (before, after, offset, len(self.users),
+                                       cookie))
+
+                        res = self.ldb.search(self.ou,
+                                              scope=ldb.SCOPE_ONELEVEL,
+                                              attrs=['dn', attr],
+                                              controls=[sort_control,
+                                                        vlv_search])
+
+                        dn_results = [str(x['dn']) for x in res]
+                        dn_expected = dn_order[offset - before - 1:
+                                               offset + after]
+
+                        self.assertEqual(dn_expected, dn_results)
+
+                        results = [x[attr][0].upper() for x in res]
+
+                        self.assertCorrectResults(results, values,
+                                                  offset, before, after)
+
+                        i += 1
+                        if i % 3 == 2:
+                            if (attr in self.locale_sorted_keys or
+                                attr in self.binary_sorted_keys):
+                                i1 = i % n_users
+                                i2 = (i ^ 255) % n_users
+                                dn1 = dn_order[i1]
+                                dn2 = dn_order[i2]
+                                v2 = values[i2]
+
+                                if v2 in self.locale_sorted_keys:
+                                    v2 += '-%d' % i
+                                cn1 = dn1.split(',', 1)[0][3:]
+                                cn2 = dn2.split(',', 1)[0][3:]
+
+                                values[i1] = v2
+
+                                m = ldb.Message()
+                                m.dn = ldb.Dn(self.ldb, dn1)
+                                m[attr] = ldb.MessageElement(v2,
+                                                             ldb.FLAG_MOD_REPLACE,
+                                                             attr)
+
+                                self.ldb.modify(m)
+
+    def test_server_vlv_fractions_with_cookie(self):
+        """What happens when the count is set to an arbitrary number?
+
+        In that case the offset and the count form a fraction, and the
+        VLV should be centred at a point offset/count of the way
+        through. For example, if offset is 3 and count is 6, the VLV
+        should be looking around halfway. The actual algorithm is a
+        bit fiddlier than that, because of the one-basedness of VLV.
+        """
+        attrs = [x for x in self.users[0].keys() if x not in
+                 ('dn', 'objectclass')]
+
+        n_users = len(self.users)
+
+        random.seed(4)
+
+        for attr in attrs:
+            full_results, controls, sort_control = self.get_full_list(attr)
+            self.assertEqual(len(full_results), n_users)
+            for before in range(0, 2):
+                for after in range(0, 2):
+                    for denominator in range(1, 20):
+                        for offset in range(1, denominator + 3):
+                            cookie = get_cookie(controls, len(self.users))
+                            vlv_search = ("vlv:1:%d:%d:%d:%s:%s" %
+                                          (before, after, offset,
+                                           denominator,
+                                           cookie))
+                            try:
+                                res = self.ldb.search(self.ou,
+                                                      scope=ldb.SCOPE_ONELEVEL,
+                                                      attrs=[attr],
+                                                      controls=[sort_control,
+                                                                vlv_search])
+                            except ldb.LdbError as e:
+                                if offset != 0:
+                                    raise
+                                print("offset %d denominator %d raised error "
+                                      "expected error %s\n"
+                                      "(offset zero is illegal unless "
+                                      "content count is zero)" %
+                                      (offset, denominator, e))
+                                continue
+
+                            results = [str(x[attr][0]).lower() for x in res]
+
+                            if denominator == 0:
+                                denominator = n_users
+                                if offset == 0:
+                                    offset = denominator
+                            elif denominator == 1:
+                                # the offset can only be 1, but the 1/1 case
+                                # means something special
+                                if offset == 1:
+                                    real_offset = n_users
+                                else:
+                                    real_offset = 1
+                            else:
+                                if offset > denominator:
+                                    offset = denominator
+                                real_offset = (1 +
+                                               int(round((n_users - 1) *
+                                                         (offset - 1) /
+                                                         (denominator - 1.0)))
+                                               )
+
+                            self.assertCorrectResults(results, full_results,
+                                                      real_offset, before,
+                                                      after)
+
+                            controls = res.controls
+                            if False:
+                                for c in list(controls):
+                                    cstr = str(c)
+                                    if cstr.startswith('vlv_resp'):
+                                        bits = cstr.rsplit(':')
+                                        print("the answer is %s; we said %d" %
+                                              (bits[2], real_offset))
+                                        break
+
+    def test_server_vlv_no_cookie(self):
+        attrs = [x for x in self.users[0].keys() if x not in
+                 ('dn', 'objectclass')]
+
+        for attr in attrs:
+            expected_order = self.get_expected_order(attr)
+            sort_control = "server_sort:1:0:%s" % attr
+            for before in range(0, 5):
+                for after in range(0, 7):
+                    for offset in range(1 + before, len(self.users) - after):
+                        res = self.ldb.search(self.ou,
+                                              scope=ldb.SCOPE_ONELEVEL,
+                                              attrs=[attr],
+                                              controls=[sort_control,
+                                                        "vlv:1:%d:%d:%d:0" %
+                                                        (before, after,
+                                                         offset)])
+                        results = [x[attr][0] for x in res]
+                        self.assertCorrectResults(results, expected_order,
+                                                  offset, before, after)
+
+    def get_expected_order_showing_deleted(self, attr,
+                                           expression="(|(cn=vlvtest*)(cn=vlv-deleted*))",
+                                           base=None,
+                                           scope=ldb.SCOPE_SUBTREE
+                                           ):
+        """Fetch the whole list sorted on the attribute, using sort only,
+        searching in the entire tree, not just our OU. This is the
+        way to find deleted objects.
+        """
+        if base is None:
+            base = self.base_dn
+        sort_control = "server_sort:1:0:%s" % attr
+        controls = [sort_control, "show_deleted:1"]
+
+        res = self.ldb.search(base,
+                              scope=scope,
+                              expression=expression,
+                              attrs=[attr],
+                              controls=controls)
+        results = [x[attr][0] for x in res]
+        return results
+
+    def add_deleted_users(self, n):
+        deleted_users = [self.create_user(i, n, prefix='vlv-deleted')
+                         for i in range(n)]
+
+        for user in deleted_users:
+            self.delete_user(user)
+
+    def test_server_vlv_no_cookie_show_deleted(self):
+        """What do we see with the show_deleted control?"""
+        attrs = ['objectGUID',
+                 'cn',
+                 'sAMAccountName',
+                 'objectSid',
+                 'name',
+                 'whenChanged',
+                 'usnChanged'
+                 ]
+
+        # add some deleted users first, just in case there are none
+        self.add_deleted_users(6)
+        random.seed(22)
+        expression = "(|(cn=vlvtest*)(cn=vlv-deleted*))"
+
+        for attr in attrs:
+            show_deleted_control = "show_deleted:1"
+            expected_order = self.get_expected_order_showing_deleted(attr,
+                                                                     expression)
+            n = len(expected_order)
+            sort_control = "server_sort:1:0:%s" % attr
+            for before in [3, 1, 0]:
+                for after in [0, 2]:
+                    # don't test every position, because there could be hundreds.
+                    # jump back and forth instead
+                    for i in range(20):
+                        offset = random.randrange(max(1, before - 2),
+                                                  min(n - after + 2, n))
+                        res = self.ldb.search(self.base_dn,
+                                              expression=expression,
+                                              scope=ldb.SCOPE_SUBTREE,
+                                              attrs=[attr],
+                                              controls=[sort_control,
+                                                        show_deleted_control,
+                                                        "vlv:1:%d:%d:%d:0" %
+                                                        (before, after,
+                                                         offset)
+                                                        ]
+                                              )
+                        results = [x[attr][0] for x in res]
+                        self.assertCorrectResults(results, expected_order,
+                                                  offset, before, after)
+
+    def test_server_vlv_no_cookie_show_deleted_only(self):
+        """What do we see with the show_deleted control when we're not looking
+        at any non-deleted things"""
+        attrs = ['objectGUID',
+                 'cn',
+                 'sAMAccountName',
+                 'objectSid',
+                 'whenChanged',
+                 ]
+
+        # add some deleted users first, just in case there are none
+        self.add_deleted_users(4)
+        base = 'CN=Deleted Objects,%s' % self.base_dn
+        expression = "(cn=vlv-deleted*)"
+        for attr in attrs:
+            show_deleted_control = "show_deleted:1"
+            expected_order = self.get_expected_order_showing_deleted(attr,
+                                                                     expression=expression,
+                                                                     base=base,
+                                                                     scope=ldb.SCOPE_ONELEVEL)
+            print("searching for attr %s amongst %d deleted objects" %
+                  (attr, len(expected_order)))
+            sort_control = "server_sort:1:0:%s" % attr
+            step = max(len(expected_order) // 10, 1)
+            for before in [3, 0]:
+                for after in [0, 2]:
+                    for offset in range(1 + before,
+                                        len(expected_order) - after,
+                                        step):
+                        res = self.ldb.search(base,
+                                              expression=expression,
+                                              scope=ldb.SCOPE_ONELEVEL,
+                                              attrs=[attr],
+                                              controls=[sort_control,
+                                                        show_deleted_control,
+                                                        "vlv:1:%d:%d:%d:0" %
+                                                        (before, after,
+                                                         offset)])
+                        results = [x[attr][0] for x in res]
+                        self.assertCorrectResults(results, expected_order,
+                                                  offset, before, after)
+
+    def test_server_vlv_with_cookie_show_deleted(self):
+        """What do we see with the show_deleted control?"""
+        attrs = ['objectGUID',
+                 'cn',
+                 'sAMAccountName',
+                 'objectSid',
+                 'name',
+                 'whenChanged',
+                 'usnChanged'
+                 ]
+        self.add_deleted_users(6)
+        random.seed(23)
+        for attr in attrs:
+            expected_order = self.get_expected_order(attr)
+            sort_control = "server_sort:1:0:%s" % attr
+            res = None
+            show_deleted_control = "show_deleted:1"
+            expected_order = self.get_expected_order_showing_deleted(attr)
+            n = len(expected_order)
+            expression = "(|(cn=vlvtest*)(cn=vlv-deleted*))"
+            for before in [3, 2, 1, 0]:
+                after = before
+                for i in range(20):
+                    offset = random.randrange(max(1, before - 2),
+                                              min(n - after + 2, n))
+                    if res is None:
+                        vlv_search = "vlv:1:%d:%d:%d:0" % (before, after,
+                                                           offset)
+                    else:
+                        cookie = get_cookie(res.controls, n)
+                        vlv_search = ("vlv:1:%d:%d:%d:%s:%s" %
+                                      (before, after, offset, n,
+                                       cookie))
+
+                    res = self.ldb.search(self.base_dn,
+                                          expression=expression,
+                                          scope=ldb.SCOPE_SUBTREE,
+                                          attrs=[attr],
+                                          controls=[sort_control,
+                                                    vlv_search,
+                                                    show_deleted_control])
+
+                    results = [x[attr][0] for x in res]
+
+                    self.assertCorrectResults(results, expected_order,
+                                              offset, before, after)
+
+    def test_server_vlv_gte_with_cookie(self):
+        attrs = [x for x in self.users[0].keys() if x not in
+                 ('dn', 'objectclass')]
+        for attr in attrs:
+            gte_order, expected_order, gte_map = \
+                                        self.get_gte_tests_and_order(attr)
+            # In case there is some order dependency, disorder tests
+            gte_tests = gte_order[:]
+            random.seed(1)
+            random.shuffle(gte_tests)
+            res = None
+            sort_control = "server_sort:1:0:%s" % attr
+            for before in [0, 1, 2, 4]:
+                for after in [0, 1, 3, 6]:
+                    for gte in gte_tests:
+                        if res is not None:
+                            cookie = get_cookie(res.controls, len(self.users))
+                        else:
+                            cookie = None
+                        vlv_search = encode_vlv_control(before=before,
+                                                        after=after,
+                                                        gte=get_bytes(gte),
+                                                        cookie=cookie)
+
+                        res = self.ldb.search(self.ou,
+                                              scope=ldb.SCOPE_ONELEVEL,
+                                              attrs=[attr],
+                                              controls=[sort_control,
+                                                        vlv_search])
+
+                        results = [x[attr][0] for x in res]
+                        offset = gte_map.get(gte, len(expected_order))
+
+                        # here offset is 0-based
+                        start = max(offset - before, 0)
+                        end = offset + 1 + after
+
+                        expected_results = expected_order[start: end]
+
+                        self.assertEqual(expected_results, results)
+
+    def test_server_vlv_gte_no_cookie(self):
+        attrs = [x for x in self.users[0].keys() if x not in
+                 ('dn', 'objectclass')]
+        iteration = 0
+        for attr in attrs:
+            gte_order, expected_order, gte_map = \
+                                        self.get_gte_tests_and_order(attr)
+            # In case there is some order dependency, disorder tests
+            gte_tests = gte_order[:]
+            random.seed(1)
+            random.shuffle(gte_tests)
+
+            sort_control = "server_sort:1:0:%s" % attr
+            for before in [0, 1, 3]:
+                for after in [0, 4]:
+                    for gte in gte_tests:
+                        vlv_search = encode_vlv_control(before=before,
+                                                        after=after,
+                                                        gte=get_bytes(gte))
+
+                        res = self.ldb.search(self.ou,
+                                              scope=ldb.SCOPE_ONELEVEL,
+                                              attrs=[attr],
+                                              controls=[sort_control,
+                                                        vlv_search])
+                        results = [x[attr][0] for x in res]
+
+                        # here offset is 0-based
+                        offset = gte_map.get(gte, len(expected_order))
+                        start = max(offset - before, 0)
+                        end = offset + after + 1
+                        expected_results = expected_order[start: end]
+                        iteration += 1
+                        if expected_results != results:
+                            middle = expected_order[len(expected_order) // 2]
+                            print(expected_results, results)
+                            print(middle)
+                            print(expected_order)
+                            print()
+                            print("\nattr %s offset %d before %d "
+                                  "after %d gte %s" %
+                                  (attr, offset, before, after, gte))
+                        self.assertEqual(expected_results, results)
+
+    def test_multiple_searches(self):
+        """The maximum number of concurrent vlv searches per connection is
+        currently set at 3. That means if you open 4 VLV searches the
+        cookie on the first one should fail.
+        """
+        # Windows has a limit of 10 VLVs where there are low numbers
+        # of objects in each search.
+        attrs = ([x for x in self.users[0].keys() if x not in
+                  ('dn', 'objectclass')] * 2)[:12]
+
+        vlv_cookies = []
+        for attr in attrs:
+            sort_control = "server_sort:1:0:%s" % attr
+
+            res = self.ldb.search(self.ou,
+                                  scope=ldb.SCOPE_ONELEVEL,
+                                  attrs=[attr],
+                                  controls=[sort_control,
+                                            "vlv:1:1:1:1:0"])
+
+            cookie = get_cookie(res.controls, len(self.users))
+            vlv_cookies.append(cookie)
+            time.sleep(0.2)
+
+        # now this one should fail
+        self.assertRaises(ldb.LdbError,
+                          self.ldb.search,
+                          self.ou,
+                          scope=ldb.SCOPE_ONELEVEL,
+                          attrs=[attr],
+                          controls=[sort_control,
+                                    "vlv:1:1:1:1:0:%s" % vlv_cookies[0]])
+
+        # and this one should succeed
+        res = self.ldb.search(self.ou,
+                              scope=ldb.SCOPE_ONELEVEL,
+                              attrs=[attr],
+                              controls=[sort_control,
+                                        "vlv:1:1:1:1:0:%s" % vlv_cookies[-1]])
+
+        # this one should fail because it is a new connection and
+        # doesn't share cookies
+        new_ldb = SamDB(host, credentials=creds,
+                        session_info=system_session(lp), lp=lp)
+
+        self.assertRaises(ldb.LdbError,
+                          new_ldb.search, self.ou,
+                          scope=ldb.SCOPE_ONELEVEL,
+                          attrs=[attr],
+                          controls=[sort_control,
+                                    "vlv:1:1:1:1:0:%s" % vlv_cookies[-1]])
+
+        # but now without the critical flag it just does no VLV.
+        new_ldb.search(self.ou,
+                       scope=ldb.SCOPE_ONELEVEL,
+                       attrs=[attr],
+                       controls=[sort_control,
+                                 "vlv:0:1:1:1:0:%s" % vlv_cookies[-1]])
+
+    def test_vlv_modify_during_view(self):
+        attr = 'roomNumber'
+        expr = "(objectclass=user)"
+
+        # Start new search
+        full_results, cookie = self.vlv_search(attr, expr,
+                                               after_count=len(self.users))
+
+        # Edit a user
+        edit_index = len(self.users)//2
+        edit_attr = full_results[edit_index]
+        users_with_attr = [u for u in self.users if u[attr] == edit_attr]
+        self.assertEqual(len(users_with_attr), 1)
+        edit_user = users_with_attr[0]
+
+        # Put z at the front of the val so it comes last in ordering
+        edit_val = "z_" + edit_user[attr]
+
+        m = ldb.Message()
+        m.dn = ldb.Dn(self.ldb, edit_user['dn'])
+        m[attr] = ldb.MessageElement(edit_val, ldb.FLAG_MOD_REPLACE, attr)
+        self.ldb.modify(m)
+
+        results, cookie = self.vlv_search(attr, expr, cookie=cookie,
+                                          after_count=len(self.users))
+
+        # Make expected_results by copying and editing full_results
+        expected_results = full_results[:]
+        expected_results[edit_index] = edit_val
+        self.assertEqual(results, expected_results)
+
+    # Test changing the search expression in a request on an initialised view
+    # Expected failure on samba, passes on windows
+    def test_vlv_change_search_expr(self):
+        attr = 'roomNumber'
+        expr = "(objectclass=user)"
+
+        # Start new search
+        full_results, cookie = self.vlv_search(attr, expr,
+                                               after_count=len(self.users))
+
+        middle_index = len(full_results)//2
+        # Search that excludes the old value but includes the new one
+        expr = "%s>=%s" % (attr, full_results[middle_index])
+        results, cookie = self.vlv_search(attr, expr, cookie=cookie,
+                                          after_count=len(self.users))
+        self.assertEqual(results, full_results[middle_index:])
+
+    # Check you can't add a value to a vlv view
+    def test_vlv_add_during_view(self):
+        attr = 'roomNumber'
+        expr = "(objectclass=user)"
+
+        # Start new search
+        full_results, cookie = self.vlv_search(attr, expr,
+                                               after_count=len(self.users))
+
+        # Add a user at the end of the sort order
+        add_val = "z_addedval"
+        user = {'cn': add_val, "objectclass": "user", attr: add_val}
+        user['dn'] = "cn=%s,%s" % (user['cn'], self.ou)
+        self.ldb.add(user)
+
+        results, cookie = self.vlv_search(attr, expr, cookie=cookie,
+                                          after_count=len(self.users)+1)
+        self.assertEqual(results, full_results)
+
+    def test_vlv_delete_during_view(self):
+        attr = 'roomNumber'
+        expr = "(objectclass=user)"
+
+        # Start new search
+        full_results, cookie = self.vlv_search(attr, expr,
+                                               after_count=len(self.users))
+
+        # Delete one of the users
+        del_index = len(self.users)//2
+        del_user = self.users[del_index]
+        self.ldb.delete(del_user['dn'])
+
+        results, cookie = self.vlv_search(attr, expr, cookie=cookie,
+                                          after_count=len(self.users))
+        expected_results = [r for r in full_results if r != del_user[attr]]
+        self.assertEqual(results, expected_results)
+
+    def test_vlv_change_during_search(self):
+        attr = 'facsimileTelephoneNumber'
+        prefix = "change_during_search_"
+        expr = "(&(objectClass=user)(cn=%s*))" % (prefix)
+        num_users = 3
+        users = [self.create_user(i, num_users, prefix=prefix)
+                 for i in range(num_users)]
+        expr = "(&(objectClass=user)(facsimileTelephoneNumber=%s*))" % (prefix)
+
+        # Start the VLV, change the searched attribute and try the
+        # cookie.
+        results, cookie = self.vlv_search(attr, expr)
+
+        for u in users:
+            self.ldb.modify_ldif("dn: %s\n"
+                                 "changetype: modify\n"
+                                 "replace: facsimileTelephoneNumber\n"
+                                 "facsimileTelephoneNumber: 123" % u['dn'])
+
+        for i in range(2):
+            results, cookie = self.vlv_search(attr, expr, cookie=cookie,
+                                              offset=i+1)
+
+
+
+class PagedResultsTests(TestsWithUserOU):
+
+    def paged_search(self, expr, cookie="", page_size=0, extra_ctrls=None,
+                     attrs=None, ou=None, subtree=False, sort=True):
+        ou = ou or self.ou
+        if cookie:
+            cookie = ":" + cookie
+        ctrl = "paged_results:1:" + str(page_size) + cookie
+        controls = [ctrl]
+
+        # If extra controls are provided then add them, else default to
+        # sort control on 'cn' attribute
+        if extra_ctrls is not None:
+            controls += extra_ctrls
+        elif sort:
+            sort_ctrl = "server_sort:1:0:cn"
+            controls.append(sort_ctrl)
+
+        kwargs = {}
+        if attrs is not None:
+            kwargs = {"attrs": attrs}
+
+        scope = ldb.SCOPE_ONELEVEL
+        if subtree:
+            scope = ldb.SCOPE_SUBTREE
+
+        res = self.ldb_ro.search(ou,
+                                 expression=expr,
+                                 scope=scope,
+                                 controls=controls,
+                                 **kwargs)
+        results = [str(r['cn'][0]) for r in res]
+
+        ctrls = [str(c) for c in res.controls if
+                 str(c).startswith("paged_results")]
+        assert len(ctrls) == 1, "no paged_results response"
+
+        spl = ctrls[0].rsplit(':', 3)
+        cookie = ""
+        if len(spl) == 3:
+            cookie = spl[-1]
+        return results, cookie
+
+
+class PagedResultsTestsRO(PagedResultsTests):
+
+    def test_paged_search_lockstep(self):
+        expr = "(objectClass=*)"
+        ps = 3
+
+        all_results, _ = self.paged_search(expr, page_size=len(self.users)+1)
+
+        # Run two different but overlapping paged searches simultaneously.
+        set_1_index = int((len(all_results))//3)
+        set_2_index = int((2*len(all_results))//3)
+        set_1 = all_results[set_1_index:]
+        set_2 = all_results[:set_2_index+1]
+        set_1_expr = "(cn>=%s)" % (all_results[set_1_index])
+        set_2_expr = "(cn<=%s)" % (all_results[set_2_index])
+
+        results, cookie1 = self.paged_search(set_1_expr, page_size=ps)
+        self.assertEqual(results, set_1[:ps])
+        results, cookie2 = self.paged_search(set_2_expr, page_size=ps)
+        self.assertEqual(results, set_2[:ps])
+
+        results, cookie1 = self.paged_search(set_1_expr, cookie=cookie1,
+                                             page_size=ps)
+        self.assertEqual(results, set_1[ps:ps*2])
+        results, cookie2 = self.paged_search(set_2_expr, cookie=cookie2,
+                                             page_size=ps)
+        self.assertEqual(results, set_2[ps:ps*2])
+
+        results, _ = self.paged_search(set_1_expr, cookie=cookie1,
+                                       page_size=len(self.users))
+        self.assertEqual(results, set_1[ps*2:])
+        results, _ = self.paged_search(set_2_expr, cookie=cookie2,
+                                       page_size=len(self.users))
+        self.assertEqual(results, set_2[ps*2:])
+
+
+class PagedResultsTestsGC(PagedResultsTestsRO):
+
+    def setUp(self):
+        super(PagedResultsTestsRO, self).setUp()
+        self.ldb_ro = SamDB(host + ":3268", credentials=creds,
+                            session_info=system_session(lp), lp=lp)
+
+
+class PagedResultsTestsRW(PagedResultsTests):
+
+    def test_paged_delete_during_search(self, sort=True):
+        expr = "(objectClass=*)"
+
+        # Start new search
+        first_page_size = 3
+        results, cookie = self.paged_search(expr, sort=sort,
+                                            page_size=first_page_size)
+
+        # Run normal search to get expected results
+        unedited_results, _ = self.paged_search(expr, sort=sort,
+                                                page_size=len(self.users))
+
+        # Get remaining users not returned by the search above
+        unreturned_users = [u for u in self.users if u['cn'] not in results]
+
+        # Delete one of the users
+        del_index = len(self.users)//2
+        del_user = unreturned_users[del_index]
+        self.ldb.delete(del_user['dn'])
+
+        # Run test
+        results, _ = self.paged_search(expr, cookie=cookie, sort=sort,
+                                       page_size=len(self.users))
+        expected_results = [r for r in unedited_results[first_page_size:]
+                            if r != del_user['cn']]
+        self.assertEqual(results, expected_results)
+
+    def test_paged_delete_during_search_unsorted(self):
+        self.test_paged_delete_during_search(sort=False)
+
+    def test_paged_show_deleted(self):
+        unique = time.strftime("%s", time.gmtime())[-5:]
+        prefix = "show_deleted_test_%s_" % (unique)
+        expr = "(&(objectClass=user)(cn=%s*))" % (prefix)
+        del_ctrl = "show_deleted:1"
+
+        num_users = 10
+        users = []
+        for i in range(num_users):
+            user = self.create_user(i, num_users, prefix=prefix)
+            users.append(user)
+
+        first_user = users[0]
+        self.ldb.delete(first_user['dn'])
+
+        # Start new search
+        first_page_size = 3
+        results, cookie = self.paged_search(expr, page_size=first_page_size,
+                                            extra_ctrls=[del_ctrl],
+                                            ou=self.base_dn,
+                                            subtree=True)
+
+        # Get remaining users not returned by the search above
+        unreturned_users = [u for u in users if u['cn'] not in results]
+
+        # Delete one of the users
+        del_index = len(users)//2
+        del_user = unreturned_users[del_index]
+        self.ldb.delete(del_user['dn'])
+
+        results2, _ = self.paged_search(expr, cookie=cookie,
+                                        page_size=len(users)*2,
+                                        extra_ctrls=[del_ctrl],
+                                        ou=self.base_dn,
+                                        subtree=True)
+
+        user_cns = {str(u['cn']) for u in users}
+        deleted_cns = {first_user['cn'], del_user['cn']}
+
+        all_results = results + results2
+        normal_results = {r for r in all_results if "DEL:" not in r}
+        self.assertEqual(normal_results, user_cns - deleted_cns)
+
+        # Deleted results get "\nDEL:<GUID>" added to the CN, so cut it out.
+        deleted_results = {r[:r.index('\n')] for r in all_results
+                           if "DEL:" in r}
+        self.assertEqual(deleted_results, deleted_cns)
+
+    def test_paged_add_during_search(self, sort=True):
+        expr = "(objectClass=*)"
+
+        # Start new search
+        first_page_size = 3
+        results, cookie = self.paged_search(expr, sort=sort,
+                                            page_size=first_page_size)
+
+        unedited_results, _ = self.paged_search(expr, sort=sort,
+                                                page_size=len(self.users)+1)
+
+        # Get remaining users not returned by the search above
+        unwalked_users = [cn for cn in unedited_results if cn not in results]
+
+        # Add a user in the middle of the sort order
+        middle_index = len(unwalked_users)//2
+        middle_user = unwalked_users[middle_index]
+
+        user = {'cn': middle_user + '_2', "objectclass": "user"}
+        user['dn'] = "cn=%s,%s" % (user['cn'], self.ou)
+        self.ldb.add(user)
+
+        results, _ = self.paged_search(expr, sort=sort, cookie=cookie,
+                                       page_size=len(self.users)+1)
+        expected_results = unwalked_users[:]
+
+        # Uncomment this line to assert that adding worked.
+        # expected_results.insert(middle_index+1, user['cn'])
+
+        self.assertEqual(results, expected_results)
+
+    # On Windows, when server_sort ctrl is NOT provided in the initial search,
+    # adding a record during the search will cause the modified record to
+    # be returned in a future page if it belongs there in the ordering.
+    # When server_sort IS provided, the added record will not be returned.
+    # Samba implements the latter behaviour. This test confirms Samba's
+    # implementation and will fail on Windows.
+    def test_paged_add_during_search_unsorted(self):
+        self.test_paged_add_during_search(sort=False)
+
+    def test_paged_modify_during_search(self, sort=True):
+        expr = "(objectClass=*)"
+
+        # Start new search
+        first_page_size = 3
+        results, cookie = self.paged_search(expr, sort=sort,
+                                            page_size=first_page_size)
+
+        unedited_results, _ = self.paged_search(expr, sort=sort,
+                                                page_size=len(self.users)+1)
+
+        # Modify user in the middle of the remaining sort order
+        unwalked_users = [cn for cn in unedited_results if cn not in results]
+        middle_index = len(unwalked_users)//2
+        middle_cn = unwalked_users[middle_index]
+
+        # Find user object
+        users_with_middle_cn = [u for u in self.users if u['cn'] == middle_cn]
+        self.assertEqual(len(users_with_middle_cn), 1)
+        middle_user = users_with_middle_cn[0]
+
+        # Rename object
+        edit_cn = "z_" + middle_cn
+        new_dn = middle_user['dn'].replace(middle_cn, edit_cn)
+        self.ldb.rename(middle_user['dn'], new_dn)
+
+        results, _ = self.paged_search(expr, cookie=cookie, sort=sort,
+                                       page_size=len(self.users)+1)
+        expected_results = unwalked_users[:]
+        expected_results[middle_index] = edit_cn
+        self.assertEqual(results, expected_results)
+
+    # On Windows, when server_sort ctrl is NOT provided in the initial search,
+    # modifying a record during the search will cause the modified record to
+    # be returned in its new place in a CN ordering.
+    # When server_sort IS provided, the record will be returned its old place
+    # in the control-specified ordering.
+    # Samba implements the latter behaviour. This test confirms Samba's
+    # implementation and will fail on Windows.
+    def test_paged_modify_during_search_unsorted(self):
+        self.test_paged_modify_during_search(sort=False)
+
+    def test_paged_modify_object_scope(self):
+        expr = "(objectClass=*)"
+
+        ou2 = "OU=vlvtestou2,%s" % (self.tree_dn)
+        self.ldb.add({"dn": ou2, "objectclass": "organizationalUnit"})
+
+        # Do a separate, full search to get all results
+        unedited_results, _ = self.paged_search(expr,
+                                                page_size=len(self.users)+1)
+
+        # Rename before starting a search
+        first_cn = self.users[0]['cn']
+        new_dn = "CN=%s,%s" % (first_cn, ou2)
+        self.ldb.rename(self.users[0]['dn'], new_dn)
+
+        # Start new search under the original OU
+        first_page_size = 3
+        results, cookie = self.paged_search(expr, page_size=first_page_size)
+        self.assertEqual(results, unedited_results[1:1+first_page_size])
+
+        # Get one of the users that is yet to be returned
+        unwalked_users = [cn for cn in unedited_results if cn not in results]
+        middle_index = len(unwalked_users)//2
+        middle_cn = unwalked_users[middle_index]
+
+        # Find user object
+        users_with_middle_cn = [u for u in self.users if u['cn'] == middle_cn]
+        self.assertEqual(len(users_with_middle_cn), 1)
+        middle_user = users_with_middle_cn[0]
+
+        # Rename
+        new_dn = "CN=%s,%s" % (middle_cn, ou2)
+        self.ldb.rename(middle_user['dn'], new_dn)
+
+        results, _ = self.paged_search(expr, cookie=cookie,
+                                       page_size=len(self.users)+1)
+
+        expected_results = unwalked_users[:]
+
+        # We should really expect that the object renamed into a different
+        # OU should vanish from the results, but turns out Windows does return
+        # the object in this case.  Our module matches the Windows behaviour.
+
+        # If behaviour changes, this line inverts the test's expectations to
+        # what you might expect.
+        # del expected_results[middle_index]
+
+        # But still expect the user we removed before the search to be gone
+        del expected_results[0]
+
+        self.assertEqual(results, expected_results)
+
+    def test_paged_modify_one_during_search(self):
+        prefix = "change_during_search_"
+        num_users = 5
+        users = [self.create_user(i, num_users, prefix=prefix)
+                 for i in range(num_users)]
+        expr = "(&(objectClass=user)(facsimileTelephoneNumber=%s*))" % (prefix)
+
+        # Get the first page, then change the searched attribute and
+        # try for the second page.
+        results, cookie = self.paged_search(expr, page_size=1)
+        self.assertEqual(len(results), 1)
+        unwalked_users = [u for u in users if u['cn'] != results[0]]
+        self.assertEqual(len(unwalked_users), num_users-1)
+
+        mod_dn = unwalked_users[0]['dn']
+        self.ldb.modify_ldif("dn: %s\n"
+                             "changetype: modify\n"
+                             "replace: facsimileTelephoneNumber\n"
+                             "facsimileTelephoneNumber: 123" % mod_dn)
+
+        results, _ = self.paged_search(expr, cookie=cookie,
+                                       page_size=len(self.users))
+        expected_cns = {u['cn'] for u in unwalked_users if u['dn'] != mod_dn}
+        self.assertEqual(set(results), expected_cns)
+
+    def test_paged_modify_all_during_search(self):
+        prefix = "change_during_search_"
+        num_users = 5
+        users = [self.create_user(i, num_users, prefix=prefix)
+                 for i in range(num_users)]
+        expr = "(&(objectClass=user)(facsimileTelephoneNumber=%s*))" % (prefix)
+
+        # Get the first page, then change the searched attribute and
+        # try for the second page.
+        results, cookie = self.paged_search(expr, page_size=1)
+        unwalked_users = [u for u in users if u['cn'] != results[0]]
+
+        for u in users:
+            self.ldb.modify_ldif("dn: %s\n"
+                                 "changetype: modify\n"
+                                 "replace: facsimileTelephoneNumber\n"
+                                 "facsimileTelephoneNumber: 123" % u['dn'])
+
+        results, _ = self.paged_search(expr, cookie=cookie,
+                                       page_size=len(self.users))
+        self.assertEqual(results, [])
+
+    def assertPagedSearchRaises(self, err_num, expr, cookie, attrs=None,
+                                extra_ctrls=None):
+        try:
+            results, _ = self.paged_search(expr, cookie=cookie,
+                                           page_size=2,
+                                           extra_ctrls=extra_ctrls,
+                                           attrs=attrs)
+        except ldb.LdbError as e:
+            self.assertEqual(e.args[0], err_num)
+            return
+
+        self.fail("No error raised by invalid search")
+
+    def test_paged_changed_expr(self):
+        # Initiate search then use a different expr in subsequent req
+        expr = "(objectClass=*)"
+        results, cookie = self.paged_search(expr, page_size=3)
+        expr = "cn>=a"
+        expected_error_num = 12
+        self.assertPagedSearchRaises(expected_error_num, expr, cookie)
+
+    def test_paged_changed_controls(self):
+        expr = "(objectClass=*)"
+        sort_ctrl = "server_sort:1:0:cn"
+        del_ctrl = "show_deleted:1"
+        expected_error_num = 12
+        ps = 3
+
+        # Initiate search with a sort control then remove in subsequent req
+        results, cookie = self.paged_search(expr, page_size=ps,
+                                            extra_ctrls=[sort_ctrl])
+        self.assertPagedSearchRaises(expected_error_num, expr,
+                                     cookie, extra_ctrls=[])
+
+        # Initiate search with no sort control then add one in subsequent req
+        results, cookie = self.paged_search(expr, page_size=ps,
+                                            extra_ctrls=[])
+        self.assertPagedSearchRaises(expected_error_num, expr,
+                                     cookie, extra_ctrls=[sort_ctrl])
+
+        # Initiate search with show-deleted control then
+        # remove it in subsequent req
+        results, cookie = self.paged_search(expr, page_size=ps,
+                                            extra_ctrls=[del_ctrl])
+        self.assertPagedSearchRaises(expected_error_num, expr,
+                                     cookie, extra_ctrls=[])
+
+        # Initiate normal search then add show-deleted control
+        # in subsequent req
+        results, cookie = self.paged_search(expr, page_size=ps,
+                                            extra_ctrls=[])
+        self.assertPagedSearchRaises(expected_error_num, expr,
+                                     cookie, extra_ctrls=[del_ctrl])
+
+        # Changing order of controls shouldn't break the search
+        results, cookie = self.paged_search(expr, page_size=ps,
+                                            extra_ctrls=[del_ctrl, sort_ctrl])
+        try:
+            results, cookie = self.paged_search(expr, page_size=ps,
+                                                extra_ctrls=[sort_ctrl,
+                                                             del_ctrl])
+        except ldb.LdbError as e:
+            self.fail(e)
+
+    def test_paged_cant_change_controls_data(self):
+        # Some defaults for the rest of the tests
+        expr = "(objectClass=*)"
+        sort_ctrl = "server_sort:1:0:cn"
+        expected_error_num = 12
+
+        # Initiate search with sort control then change it in subsequent req
+        results, cookie = self.paged_search(expr, page_size=3,
+                                            extra_ctrls=[sort_ctrl])
+        changed_sort_ctrl = "server_sort:1:0:roomNumber"
+        self.assertPagedSearchRaises(expected_error_num, expr,
+                                     cookie, extra_ctrls=[changed_sort_ctrl])
+
+        # Initiate search with a control with crit=1, then use crit=0
+        results, cookie = self.paged_search(expr, page_size=3,
+                                            extra_ctrls=[sort_ctrl])
+        changed_sort_ctrl = "server_sort:0:0:cn"
+        self.assertPagedSearchRaises(expected_error_num, expr,
+                                     cookie, extra_ctrls=[changed_sort_ctrl])
+
+    def test_paged_search_referrals(self):
+        expr = "(objectClass=*)"
+        paged_ctrl = "paged_results:1:5"
+        res = self.ldb.search(self.base_dn,
+                              expression=expr,
+                              attrs=['cn'],
+                              scope=ldb.SCOPE_SUBTREE,
+                              controls=[paged_ctrl])
+
+        # Do a paged search walk over the whole database and save a list
+        # of all the referrals returned by each search.
+        referral_lists = []
+
+        while True:
+            referral_lists.append(res.referals)
+
+            ctrls = [str(c) for c in res.controls if
+                     str(c).startswith("paged_results")]
+            self.assertEqual(len(ctrls), 1)
+            spl = ctrls[0].rsplit(':')
+            if len(spl) != 3:
+                break
+
+            cookie = spl[-1]
+            res = self.ldb.search(self.base_dn,
+                                  expression=expr,
+                                  attrs=['cn'],
+                                  scope=ldb.SCOPE_SUBTREE,
+                                  controls=[paged_ctrl + ":" + cookie])
+
+        ref_list = referral_lists[0]
+
+        # Sanity check to make sure the search actually did something
+        self.assertGreater(len(referral_lists), 2)
+
+        # Check the first referral set contains stuff
+        self.assertGreater(len(ref_list), 0)
+
+        # Check the others don't
+        self.assertTrue(all([len(l) == 0 for l in referral_lists[1:]]))
+
+        # Check the entries in the first referral list look like referrals
+        self.assertTrue(all([s.startswith('ldap://') for s in ref_list]))
+
+    def test_paged_change_attrs(self):
+        expr = "(objectClass=*)"
+        attrs = ['cn']
+        expected_error_num = 12
+
+        results, cookie = self.paged_search(expr, page_size=3, attrs=attrs)
+        results, cookie = self.paged_search(expr, cookie=cookie, page_size=3,
+                                            attrs=attrs)
+
+        changed_attrs = attrs + ['roomNumber']
+        self.assertPagedSearchRaises(expected_error_num, expr,
+                                     cookie, attrs=changed_attrs,
+                                     extra_ctrls=[])
+
+    def test_vlv_paged(self):
+        """Testing behaviour with VLV and paged_results set.
+
+        A strange combination, certainly
+
+        Thankfully combining both of these gives
+        unavailable-critical-extension against Windows 1709
+
+        """
+        sort_control = "server_sort:1:0:cn"
+
+        try:
+            msgs = self.ldb.search(base=self.base_dn,
+                                   scope=ldb.SCOPE_SUBTREE,
+                                   attrs=["objectGUID", "cn", "member"],
+                                   controls=["vlv:1:20:20:11:0",
+                                             sort_control,
+                                             "paged_results:1:1024"])
+            self.fail("should have failed with LDAP_UNAVAILABLE_CRITICAL_EXTENSION")
+        except ldb.LdbError as e:
+            (enum, estr) = e.args
+            self.assertEqual(enum, ldb.ERR_UNSUPPORTED_CRITICAL_EXTENSION)
+
+    def test_anr_paged(self):
+        """Testing behaviour with anr= searches and paged_results set.
+
+        A problematic combination, as anr involves filter rewriting
+
+        """
+        prefix = "anr"
+        num_users = 5
+        users = [self.create_user(i, num_users, prefix=prefix)
+                 for i in range(num_users)]
+        expr = f"(|(anr={prefix})(&(objectClass=user)(facsimileTelephoneNumber={prefix}*)))"
+
+        results, cookie = self.paged_search(expr, page_size=1)
+        self.assertEqual(len(results), 1)
+
+        results, cookie = self.paged_search(expr, page_size=2, cookie=cookie)
+        self.assertEqual(len(results), 2)
+
+        results, cookie = self.paged_search(expr, page_size=2, cookie=cookie)
+        self.assertEqual(len(results), 2)
+
+
+if "://" not in host:
+    if os.path.isfile(host):
+        host = "tdb://%s" % host
+    else:
+        host = "ldap://%s" % host
+
+
+TestProgram(module=__name__, opts=subunitopts)
diff --git a/source4/dsdb/wscript_build b/source4/dsdb/wscript_build
new file mode 100644
index 0000000..d0d6439
--- /dev/null
+++ b/source4/dsdb/wscript_build
@@ -0,0 +1,83 @@
+#!/usr/bin/env python
+
+bld.RECURSE('samdb/ldb_modules')
+
+bld.SAMBA_LIBRARY('samdb',
+	source='samdb/samdb.c samdb/samdb_privilege.c samdb/cracknames.c repl/replicated_objects.c',
+	pc_files='samdb.pc',
+	autoproto='samdb/samdb_proto.h',
+	public_deps='krb5',
+	public_headers='',
+	vnum='0.0.1',
+	deps='ndr NDR_DRSUAPI NDR_DRSBLOBS auth_system_session LIBCLI_AUTH ndr SAMDB_SCHEMA ldbsamba samdb-common LIBCLI_DRSUAPI cli-ldap-common samba-util com_err authkrb5 samba-credentials ldbwrap samba-errors krb5samba ldb',
+	)
+
+bld.SAMBA_LIBRARY('samdb-common',
+	source='common/util.c common/util_trusts.c common/util_groups.c common/util_samr.c common/dsdb_dn.c common/dsdb_access.c common/util_links.c common/rodc_helper.c',
+	autoproto='common/proto.h',
+	private_library=True,
+	deps='ldb NDR_DRSBLOBS util_ldb LIBCLI_AUTH samba-hostconfig samba_socket cli-ldap-common flag_mapping UTIL_RUNCMD SAMBA_VERSION samba-security'
+	)
+
+
+bld.SAMBA_SUBSYSTEM('SAMDB_SCHEMA',
+	source='schema/schema_init.c schema/schema_set.c schema/schema_query.c schema/schema_syntax.c schema/schema_description.c schema/schema_convert_to_ol.c schema/schema_inferiors.c schema/schema_prefixmap.c schema/schema_info_attr.c schema/schema_filtered.c schema/dsdb_dn.c',
+	autoproto='schema/proto.h',
+	deps='samdb-common NDR_DRSUAPI NDR_DRSBLOBS ldbsamba tevent'
+	)
+
+
+bld.SAMBA_MODULE('service_drepl',
+	source='repl/drepl_service.c repl/drepl_periodic.c repl/drepl_partitions.c repl/drepl_out_pull.c repl/drepl_out_helpers.c repl/drepl_notify.c repl/drepl_ridalloc.c repl/drepl_extended.c repl/drepl_fsmo.c repl/drepl_secret.c repl/drepl_replica.c',
+	autoproto='repl/drepl_service_proto.h',
+	subsystem='service',
+	init_function='server_service_drepl_init',
+	deps='samdb process_model RPC_NDR_DRSUAPI',
+	internal_module=False,
+	enabled=bld.AD_DC_BUILD_IS_ENABLED()
+	)
+
+bld.SAMBA_LIBRARY('dsdb_garbage_collect_tombstones',
+                  source='kcc/garbage_collect_tombstones.c',
+                  deps='samdb RPC_NDR_DRSUAPI',
+                  private_library=True,
+                  enabled=bld.AD_DC_BUILD_IS_ENABLED())
+
+bld.SAMBA_LIBRARY('scavenge_dns_records',
+                  source='kcc/scavenge_dns_records.c',
+                  deps='samdb RPC_NDR_DRSUAPI dnsserver_common',
+                  private_library=True,
+                  enabled=bld.AD_DC_BUILD_IS_ENABLED())
+
+bld.SAMBA_MODULE('service_kcc',
+	source='kcc/kcc_service.c kcc/kcc_connection.c kcc/kcc_periodic.c kcc/kcc_drs_replica_info.c',
+	autoproto='kcc/kcc_service_proto.h',
+	subsystem='service',
+	init_function='server_service_kcc_init',
+	deps='samdb process_model RPC_NDR_IRPC RPC_NDR_DRSUAPI UTIL_RUNCMD dsdb_garbage_collect_tombstones scavenge_dns_records',
+	internal_module=False,
+	enabled=bld.AD_DC_BUILD_IS_ENABLED()
+	)
+
+
+bld.SAMBA_MODULE('service_dns_update',
+	source='dns/dns_update.c',
+	subsystem='service',
+	init_function='server_service_dnsupdate_init',
+	deps='samdb UTIL_RUNCMD samba-util ldb samdb-common samba-errors talloc auth_system_session samba-hostconfig',
+	internal_module=False,
+	enabled=bld.AD_DC_BUILD_IS_ENABLED()
+	)
+
+pyldb_util = bld.pyembed_libname('pyldb-util')
+pyrpc_util = bld.pyembed_libname('pyrpc_util')
+pyparam_util = bld.pyembed_libname('pyparam_util')
+bld.SAMBA_PYTHON('python_dsdb',
+                 source='pydsdb.c',
+                 # the dependency on dcerpc here is because gensec
+                 # depends on dcerpc but the waf circular dependency finder
+                 # removes it so we end up with unresolved symbols.
+                 deps='samdb %s dcerpc com_err %s %s dsdb_garbage_collect_tombstones scavenge_dns_records' %\
+                 (pyldb_util, pyrpc_util, pyparam_util),
+                 realname='samba/dsdb.so'
+                 )
diff --git a/source4/echo_server/echo_server.c b/source4/echo_server/echo_server.c
new file mode 100644
index 0000000..54ab719
--- /dev/null
+++ b/source4/echo_server/echo_server.c
@@ -0,0 +1,336 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Echo server service example
+
+   Copyright (C) 2010 Kai Blin  <kai@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "echo_server/echo_server.h"
+/* Get at the config file settings */
+#include "param/param.h"
+/* This defines task_server_terminate */
+#include "samba/process_model.h"
+/* We get load_interface_list from here */
+#include "socket/netif.h"
+/* NTSTATUS-related stuff */
+#include "libcli/util/ntstatus.h"
+/* tsocket-related functions */
+#include "lib/tsocket/tsocket.h"
+#include "libds/common/roles.h"
+
+NTSTATUS server_service_echo_init(TALLOC_CTX *);
+
+/* Structure to hold an echo server socket */
+struct echo_socket {
+	/* This can come handy for the task struct in there */
+	struct echo_server *echo;
+	struct tsocket_address *local_address;
+};
+
+/* Structure to hold udp socket */
+struct echo_udp_socket {
+	struct echo_socket *echo_socket;
+	struct tdgram_context *dgram;
+	struct tevent_queue *send_queue;
+};
+
+/*
+ * Main processing function.
+ *
+ * This is the start of the package processing.
+ * In the echo server it doesn't do much, but for more complicated servers,
+ * your code goes here (or at least is called from here.
+ */
+static NTSTATUS echo_process(struct echo_server *echo,
+			     TALLOC_CTX *mem_ctx,
+			     DATA_BLOB *in,
+			     DATA_BLOB *out)
+{
+	uint8_t *buf = talloc_memdup(mem_ctx, in->data, in->length);
+	NT_STATUS_HAVE_NO_MEMORY(buf);
+
+	out->data = buf;
+	out->length = in->length;
+
+	return NT_STATUS_OK;
+}
+
+/* Structure keeping track of a single UDP echo server call */
+struct echo_udp_call {
+	/* The UDP packet came from here, our reply goes there as well */
+	struct tsocket_address *src;
+	DATA_BLOB in;
+	DATA_BLOB out;
+};
+
+/** Prototype of the send callback */
+static void echo_udp_call_sendto_done(struct tevent_req *subreq);
+
+/* Callback to receive UDP packets */
+static void echo_udp_call_loop(struct tevent_req *subreq)
+{
+	/*
+	 * Our socket structure is the callback data. Get it in a
+	 * type-safe way
+	 */
+	struct echo_udp_socket *sock = tevent_req_callback_data(subreq,
+				       struct echo_udp_socket);
+	struct echo_udp_call *call;
+	uint8_t *buf;
+	ssize_t len;
+	NTSTATUS status;
+	int sys_errno;
+
+	call = talloc(sock, struct echo_udp_call);
+	if (call == NULL) {
+		goto done;
+	}
+
+	len = tdgram_recvfrom_recv(subreq, &sys_errno, call, &buf, &call->src);
+	TALLOC_FREE(subreq);
+	if (len == -1) {
+		TALLOC_FREE(call);
+		goto done;
+	}
+
+	call->in.data = buf;
+	call->in.length = len;
+
+	DEBUG(10, ("Received echo UDP packet of %lu bytes from %s\n",
+		  (long)len, tsocket_address_string(call->src, call)));
+
+	/* Handle the data coming in and compute the reply */
+	status = echo_process(sock->echo_socket->echo, call,
+			      &call->in, &call->out);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(call);
+		DEBUG(0, ("echo_process returned %s\n",
+			  nt_errstr(status)));
+		goto done;
+	}
+
+	/* I said the task struct would come in handy. */
+	subreq = tdgram_sendto_queue_send(call,
+				sock->echo_socket->echo->task->event_ctx,
+				sock->dgram,
+				sock->send_queue,
+				call->out.data,
+				call->out.length,
+				call->src);
+	if (subreq == NULL) {
+		TALLOC_FREE(call);
+		goto done;
+	}
+
+	tevent_req_set_callback(subreq, echo_udp_call_sendto_done, call);
+
+done:
+	/* Now loop for the next incoming UDP packet, the async way */
+	subreq = tdgram_recvfrom_send(sock,
+				sock->echo_socket->echo->task->event_ctx,
+				sock->dgram);
+	if (subreq == NULL) {
+		task_server_terminate(sock->echo_socket->echo->task,
+				      "no memory for tdgram_recvfrom_send",
+				      true);
+		return;
+	}
+	tevent_req_set_callback(subreq, echo_udp_call_loop, sock);
+}
+
+/* Callback to send UDP replies */
+static void echo_udp_call_sendto_done(struct tevent_req *subreq)
+{
+	struct echo_udp_call *call = tevent_req_callback_data(subreq,
+				     struct echo_udp_call);
+	int sys_errno;
+
+	tdgram_sendto_queue_recv(subreq, &sys_errno);
+
+	/*
+	 * We don't actually care about the error, just get on with our life.
+	 * We already set a new echo_udp_call_loop callback already, so we're
+	 * almost done, just some memory to free.
+	 */
+	TALLOC_FREE(call);
+}
+
+/* Start listening on a given address */
+static NTSTATUS echo_add_socket(struct echo_server *echo,
+				const struct model_ops *ops,
+				const char *name,
+				const char *address,
+				uint16_t port)
+{
+	struct echo_socket *echo_socket;
+	struct echo_udp_socket *echo_udp_socket;
+	struct tevent_req *udpsubreq;
+	NTSTATUS status;
+	int ret;
+
+	echo_socket = talloc(echo, struct echo_socket);
+	NT_STATUS_HAVE_NO_MEMORY(echo_socket);
+
+	echo_socket->echo = echo;
+
+	/*
+	 * Initialize the tsocket_address.
+	 * The nifty part is the "ip" string. This tells tsocket to autodetect
+	 * ipv4 or ipv6 based on the IP address string passed.
+	 */
+	ret = tsocket_address_inet_from_strings(echo_socket, "ip",
+						address, port,
+						&echo_socket->local_address);
+	if (ret != 0) {
+		status = map_nt_error_from_unix_common(errno);
+		return status;
+	}
+
+	/* Now set up the udp socket */
+	echo_udp_socket = talloc(echo_socket, struct echo_udp_socket);
+	NT_STATUS_HAVE_NO_MEMORY(echo_udp_socket);
+
+	echo_udp_socket->echo_socket = echo_socket;
+
+	ret = tdgram_inet_udp_socket(echo_socket->local_address,
+				     NULL,
+				     echo_udp_socket,
+				     &echo_udp_socket->dgram);
+	if (ret != 0) {
+		status = map_nt_error_from_unix_common(errno);
+		DEBUG(0, ("Failed to bind to %s:%u UDP - %s\n",
+			  address, port, nt_errstr(status)));
+		return status;
+	}
+
+	/*
+	 * We set up a send queue so we can have multiple UDP packets in flight
+	 */
+	echo_udp_socket->send_queue = tevent_queue_create(echo_udp_socket,
+							"echo_udp_send_queue");
+	NT_STATUS_HAVE_NO_MEMORY(echo_udp_socket->send_queue);
+
+	/*
+	 * To handle the UDP requests, set up a new tevent request as a
+	 * subrequest of the current one.
+	 */
+	udpsubreq = tdgram_recvfrom_send(echo_udp_socket,
+					 echo->task->event_ctx,
+					 echo_udp_socket->dgram);
+	NT_STATUS_HAVE_NO_MEMORY(udpsubreq);
+	tevent_req_set_callback(udpsubreq, echo_udp_call_loop, echo_udp_socket);
+
+	return NT_STATUS_OK;
+}
+
+/* Set up the listening sockets */
+static NTSTATUS echo_startup_interfaces(struct echo_server *echo,
+					struct loadparm_context *lp_ctx,
+					struct interface *ifaces,
+					const struct model_ops *model_ops)
+{
+	int num_interfaces;
+	TALLOC_CTX *tmp_ctx = talloc_new(echo);
+	NTSTATUS status;
+	int i;
+
+	num_interfaces = iface_list_count(ifaces);
+
+	for(i=0; i<num_interfaces; i++) {
+		const char *address = talloc_strdup(tmp_ctx, iface_list_n_ip(ifaces, i));
+
+		status = echo_add_socket(echo, model_ops, "echo", address, ECHO_SERVICE_PORT);
+		NT_STATUS_NOT_OK_RETURN(status);
+	}
+
+	TALLOC_FREE(tmp_ctx);
+	return NT_STATUS_OK;
+}
+
+
+/* Do the basic task initialization, check if the task should run */
+
+static NTSTATUS echo_task_init(struct task_server *task)
+{
+	struct interface *ifaces;
+	struct echo_server *echo;
+	NTSTATUS status;
+
+	/*
+	 * For the purpose of the example, let's only start the server in DC
+	 * and standalone modes, and not as a member server.
+	 */
+	switch(lpcfg_server_role(task->lp_ctx)) {
+	case ROLE_STANDALONE:
+		/* Yes, we want to run the echo server */
+		break;
+	case ROLE_DOMAIN_MEMBER:
+		task_server_terminate(task, "echo: Not starting echo server " \
+				      "for domain members", false);
+		return NT_STATUS_INVALID_DOMAIN_ROLE;
+	case ROLE_ACTIVE_DIRECTORY_DC:
+		/* Yes, we want to run the echo server */
+		break;
+	}
+
+	load_interface_list(task, task->lp_ctx, &ifaces);
+
+	if (iface_list_count(ifaces) == 0) {
+		task_server_terminate(task,
+				      "echo: No network interfaces configured",
+				      false);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	task_server_set_title(task, "task[echo]");
+
+	echo = talloc_zero(task, struct echo_server);
+	if (echo == NULL) {
+		task_server_terminate(task, "echo: Out of memory", true);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	echo->task = task;
+
+	status = echo_startup_interfaces(echo, task->lp_ctx, ifaces,
+					 task->model_ops);
+	if (!NT_STATUS_IS_OK(status)) {
+		task_server_terminate(task, "echo: Failed to set up interfaces",
+				      true);
+		return status;
+	}
+	return NT_STATUS_OK;
+}
+
+/*
+ * Register this server service with the main samba process.
+ *
+ * This is the function you need to put into the wscript_build file as
+ * init_function. All the real work happens in "echo_task_init" above.
+ */
+NTSTATUS server_service_echo_init(TALLOC_CTX *ctx)
+{
+	static const struct service_details details = {
+		.inhibit_fork_on_accept = true,
+		.inhibit_pre_fork = false,
+		.task_init = echo_task_init,
+		.post_fork = NULL
+
+	};
+	return register_server_service(ctx, "echo", &details);
+}
diff --git a/source4/echo_server/echo_server.h b/source4/echo_server/echo_server.h
new file mode 100644
index 0000000..3c3e1ae
--- /dev/null
+++ b/source4/echo_server/echo_server.h
@@ -0,0 +1,33 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Echo structures, server service example
+
+   Copyright (C) 2010 Kai Blin  <kai@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __ECHO_SERVER_H__
+#define __ECHO_SERVER_H__
+
+struct task_server;
+
+struct echo_server {
+        struct task_server *task;
+};
+
+#define ECHO_SERVICE_PORT 7
+
+#endif /*__ECHO_SERVER_H__*/
diff --git a/source4/echo_server/wscript_build b/source4/echo_server/wscript_build
new file mode 100644
index 0000000..3d70f0c
--- /dev/null
+++ b/source4/echo_server/wscript_build
@@ -0,0 +1,10 @@
+#!/usr/bin/env python
+
+bld.SAMBA_MODULE('ECHO',
+        source='echo_server.c',
+        subsystem='service',
+        init_function='server_service_echo_init',
+        deps='samba-hostconfig LIBTSOCKET LIBSAMBA_TSOCKET',
+        local_include=False,
+        enabled=bld.CONFIG_GET('ENABLE_SELFTEST'),
+        )
diff --git a/source4/include/includes.h b/source4/include/includes.h
new file mode 100644
index 0000000..667f2b2
--- /dev/null
+++ b/source4/include/includes.h
@@ -0,0 +1,72 @@
+#ifndef _INCLUDES_H
+#define _INCLUDES_H
+/*
+   Unix SMB/CIFS implementation.
+   Machine customisation and include handling
+   Copyright (C) Andrew Tridgell 1994-1998
+   Copyright (C) 2002 by Martin Pool <mbp@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "../replace/replace.h"
+
+/* make sure we have included the correct config.h */
+#ifndef NO_CONFIG_H /* for some tests */
+#ifndef CONFIG_H_IS_FROM_SAMBA
+#error "make sure you have removed all config.h files from standalone builds!"
+#error "the included config.h isn't from samba!"
+#endif
+#endif /* NO_CONFIG_H */
+
+#include "system/time.h"
+#include "system/wait.h"
+#include "system/locale.h"
+
+/* only do the C++ reserved word check when we compile
+   to include --with-developer since too many systems
+   still have conflicts with their header files (e.g. IRIX 6.4) */
+
+#if !defined(__cplusplus) && defined(DEVELOPER) && defined(__linux__)
+#define class #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
+#define private #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
+#define public #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
+#define protected #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
+#define template #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
+#define this #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
+#define new #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
+#define delete #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
+#define friend #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
+#endif
+
+/* Lists, trees, caching, database... */
+#include <talloc.h>
+#ifndef _PRINTF_ATTRIBUTE
+#define _PRINTF_ATTRIBUTE(a1, a2) PRINTF_ATTRIBUTE(a1, a2)
+#endif
+#include "../lib/util/attr.h"
+
+/* debug.h need to be included before samba_util.h for the macro SMB_ASSERT */
+#include "../lib/util/debug.h"
+#include "../lib/util/samba_util.h"
+
+#include "libcli/util/error.h"
+
+/* String routines */
+#include "../lib/util/safe_string.h"
+
+/* samba_setXXid functions. */
+#include "../lib/util/setid.h"
+
+#endif /* _INCLUDES_H */
diff --git a/source4/kdc/ad_claims.c b/source4/kdc/ad_claims.c
new file mode 100644
index 0000000..b9a417c
--- /dev/null
+++ b/source4/kdc/ad_claims.c
@@ -0,0 +1,1225 @@
+/*
+   Unix SMB/CIFS implementation.
+   Samba Active Directory claims utility functions
+
+   Copyright (C) Catalyst.Net Ltd 2023
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "lib/replace/replace.h"
+#include "lib/util/debug.h"
+#include "lib/util/samba_util.h"
+#include "source4/kdc/ad_claims.h"
+#include "source4/kdc/authn_policy_util.h"
+#include "ldb_module.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+#include "librpc/gen_ndr/claims.h"
+#include "librpc/gen_ndr/ndr_claims.h"
+#include "librpc/gen_ndr/ndr_krb5pac.h"
+#include "lib/util/binsearch.h"
+#include "auth/session.h"
+
+#undef strcasecmp
+
+bool ad_claims_are_issued(struct ldb_context *samdb)
+{
+	/*
+	 * Claims aren’t issued by Samba unless the DC is at
+	 * FL2012.  This is to match Windows, which will offer
+	 * this feature as soon as the DC is upgraded.
+	 */
+	const int functional_level = dsdb_dc_functional_level(samdb);
+	return functional_level >= DS_DOMAIN_FUNCTION_2012;
+}
+
+static int acl_attr_cmp_fn(const char *a, const char * const *b)
+{
+	return ldb_attr_cmp(a, *b);
+}
+
+/*
+ * Add a single attribute to a list of attributes if it is not already
+ * present. The list is maintained in case-insensitive sorted order.
+ */
+static int add_attr_unique(TALLOC_CTX *mem_ctx,
+			   const char **attrs,
+			   unsigned *ad_claim_attrs_count,
+			   const char *attr)
+{
+	const unsigned count = *ad_claim_attrs_count;
+	const char * const *exact = NULL;
+	const char * const *next = NULL;
+
+	BINARY_ARRAY_SEARCH_GTE(attrs,
+				count,
+				attr,
+				acl_attr_cmp_fn,
+				exact,
+				next);
+	if (exact != NULL) {
+		/* The attribute is already present; there's nothing to do. */
+		return LDB_SUCCESS;
+	}
+
+	/* Make sure we don't overflow the array. */
+	SMB_ASSERT(count < talloc_array_length(attrs));
+	*ad_claim_attrs_count = count + 1;
+
+	if (next == NULL) {
+		/* Just add the new element on the end. */
+		attrs[count] = attr;
+	} else {
+		/* Shift all following elements over to make room. */
+		size_t next_idx = next - attrs;
+		size_t bytes_to_move = (count - next_idx) * sizeof (attrs[0]);
+		memmove(&attrs[next_idx + 1],
+			&attrs[next_idx],
+			bytes_to_move);
+
+		attrs[next_idx] = attr;
+	}
+
+	return LDB_SUCCESS;
+}
+
+/*
+ * Return true if a data_blob, interpreted as a string, is equal to another
+ * string. This is more efficient than strcmp(), particularly when comparing
+ * against a string constant. This assumes the data_blob's length does not
+ * include the zero-terminator.
+ */
+static inline bool data_blob_equals_str(const DATA_BLOB val, const char *str)
+{
+	size_t len = strlen(str);
+	if (val.length != len) {
+		return false;
+	}
+
+	return memcmp(val.data, str, len) == 0;
+}
+
+static int fill_claim_int64(TALLOC_CTX *mem_ctx,
+			    struct ldb_context *ldb,
+			    const struct ldb_message_element *principal_attribute,
+			    const struct ldb_val name,
+			    struct CLAIM_INT64 *claim)
+{
+	uint32_t i;
+
+	claim->value_count = 0;
+	claim->values = talloc_array(mem_ctx,
+				     int64_t,
+				     principal_attribute->num_values);
+	if (claim->values == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	for (i = 0; i < principal_attribute->num_values; ++i) {
+		const struct ldb_val *value = &principal_attribute->values[i];
+		int ret = ldb_val_as_int64(value, &claim->values[i]);
+		if (ret) {
+			char buf[1024];
+			const char *reason = NULL;
+			int err = strerror_r(ret, buf, sizeof(buf));
+			if (err == 0) {
+				reason = buf;
+			} else {
+				reason = "Unknown error";
+			}
+			DBG_WARNING("Failed to interpret value %s as INT64 "
+				    "while creating claim %s for attribute %s (%s); "
+				    "skipping value\n",
+				    (value->data != NULL) ? (const char *)value->data : "<unknown>",
+				    name.data, principal_attribute->name,
+				    reason);
+			continue;
+		}
+
+		++claim->value_count;
+	}
+
+	/* Shrink the array to fit. */
+	claim->values = talloc_realloc(mem_ctx,
+				       claim->values,
+				       int64_t,
+				       claim->value_count);
+	if (claim->value_count && claim->values == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int fill_claim_uint64(TALLOC_CTX *mem_ctx,
+			     struct ldb_context *ldb,
+			     const struct ldb_message_element *principal_attribute,
+			     const struct ldb_val name,
+			     struct CLAIM_UINT64 *claim)
+{
+	uint32_t i;
+
+	claim->value_count = 0;
+	claim->values = talloc_array(mem_ctx,
+				     uint64_t,
+				     principal_attribute->num_values);
+	if (claim->values == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	for (i = 0; i < principal_attribute->num_values; ++i) {
+		const struct ldb_val *value = &principal_attribute->values[i];
+		int ret = ldb_val_as_uint64(value, &claim->values[i]);
+		if (ret) {
+			char buf[1024];
+			const char *reason = NULL;
+			int err = strerror_r(ret, buf, sizeof(buf));
+			if (err == 0) {
+				reason = buf;
+			} else {
+				reason = "Unknown error";
+			}
+			DBG_WARNING("Failed to interpret value %s as UINT64 "
+				    "while creating claim %s for attribute %s (%s); "
+				    "skipping value\n",
+				    (value->data != NULL) ? (const char *)value->data : "<unknown>",
+				    name.data, principal_attribute->name,
+				    reason);
+			continue;
+		}
+
+		++claim->value_count;
+	}
+
+	/* Shrink the array to fit. */
+	claim->values = talloc_realloc(mem_ctx,
+				       claim->values,
+				       uint64_t,
+				       claim->value_count);
+	if (claim->value_count && claim->values == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int fill_claim_uint64_oid_syntax(TALLOC_CTX *mem_ctx,
+					struct ldb_context *ldb,
+					const struct dsdb_schema *schema,
+					const struct ldb_message_element *principal_attribute,
+					const struct ldb_val name,
+					struct CLAIM_UINT64 *claim)
+{
+	uint32_t i;
+
+	claim->value_count = 0;
+	claim->values = talloc_array(mem_ctx,
+				     uint64_t,
+				     principal_attribute->num_values);
+	if (claim->values == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	for (i = 0; i < principal_attribute->num_values; ++i) {
+		const struct dsdb_class *class_val = NULL;
+
+		/*
+		 * OID values for objectClass
+		 * are presented in reverse
+		 * order.
+		 */
+		const struct ldb_val *display_name = &principal_attribute->values[
+			principal_attribute->num_values - 1 - i];
+
+		class_val = dsdb_class_by_lDAPDisplayName_ldb_val(schema, display_name);
+		if (class_val == NULL) {
+			DBG_WARNING("Failed to look up OID for value %s "
+				    "while creating claim %s for attribute %s; "
+				    "skipping value\n",
+				    (display_name->data != NULL) ? (const char *)display_name->data : "<unknown>",
+				    name.data, principal_attribute->name);
+			continue;
+		}
+
+		claim->values[i] = class_val->governsID_id;
+		++claim->value_count;
+	}
+
+	/* Shrink the array to fit. */
+	claim->values = talloc_realloc(mem_ctx,
+				       claim->values,
+				       uint64_t,
+				       claim->value_count);
+	if (claim->value_count && claim->values == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int fill_claim_boolean(TALLOC_CTX *mem_ctx,
+			      struct ldb_context *ldb,
+			      const struct ldb_message_element *principal_attribute,
+			      const struct ldb_val name,
+			      struct CLAIM_UINT64 *claim)
+{
+	uint32_t i;
+
+	claim->value_count = 0;
+	claim->values = talloc_array(mem_ctx,
+				     uint64_t,
+				     principal_attribute->num_values);
+	if (claim->values == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	for (i = 0; i < principal_attribute->num_values; ++i) {
+		const struct ldb_val *value = &principal_attribute->values[i];
+		bool val = false;
+		int ret = ldb_val_as_bool(value, &val);
+		if (ret) {
+			char buf[1024];
+			const char *reason = NULL;
+			int err = strerror_r(ret, buf, sizeof(buf));
+			if (err == 0) {
+				reason = buf;
+			} else {
+				reason = "Unknown error";
+			}
+			DBG_WARNING("Failed to interpret value %s as BOOL "
+				    "while creating claim %s for attribute %s (%s); "
+				    "skipping value\n",
+				    (value->data != NULL) ? (const char *)value->data : "<unknown>",
+				    name.data, principal_attribute->name,
+				    reason);
+			continue;
+		}
+
+		claim->values[i] = val;
+		++claim->value_count;
+	}
+
+	/* Shrink the array to fit. */
+	claim->values = talloc_realloc(mem_ctx,
+				       claim->values,
+				       uint64_t,
+				       claim->value_count);
+	if (claim->value_count && claim->values == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int fill_claim_string(TALLOC_CTX *mem_ctx,
+			     struct ldb_context *ldb,
+			     const struct ldb_message_element *principal_attribute,
+			     struct CLAIM_STRING *claim)
+{
+	uint32_t i;
+
+	claim->value_count = 0;
+	claim->values = talloc_array(mem_ctx,
+				     const char *,
+				     principal_attribute->num_values);
+	if (claim->values == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	for (i = 0; i < principal_attribute->num_values; ++i) {
+		const char *val = NULL;
+		const struct ldb_val *v = &principal_attribute->values[i];
+
+		if (v == NULL || v->data == NULL) {
+			continue;
+		}
+
+		val = talloc_strndup(claim->values,
+				     (const char *)v->data,
+				     v->length);
+		if (val == NULL) {
+			return ldb_oom(ldb);
+		}
+
+		claim->values[i] = val;
+		++claim->value_count;
+	}
+
+	/* Shrink the array to fit. */
+	claim->values = talloc_realloc(mem_ctx,
+				       claim->values,
+				       const char *,
+				       claim->value_count);
+	if (claim->value_count && claim->values == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int fill_claim_string_sec_desc_syntax(TALLOC_CTX *mem_ctx,
+					     struct ldb_context *ldb,
+					     const struct ldb_message_element *principal_attribute,
+					     struct CLAIM_STRING *claim)
+{
+	TALLOC_CTX *tmp_ctx = NULL;
+	const struct dom_sid *domain_sid = NULL;
+	uint32_t i;
+
+	claim->value_count = 0;
+	claim->values = talloc_array(mem_ctx,
+				     const char *,
+				     principal_attribute->num_values);
+	if (claim->values == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	domain_sid = samdb_domain_sid(ldb);
+	if (domain_sid == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	for (i = 0; i < principal_attribute->num_values; ++i) {
+		const struct ldb_val *v = &principal_attribute->values[i];
+
+		enum ndr_err_code ndr_err;
+		struct security_descriptor desc = {};
+		const char *sddl = NULL;
+
+		if (v == NULL || v->data == NULL) {
+			continue;
+		}
+
+		ndr_err = ndr_pull_struct_blob(v,
+					       tmp_ctx,
+					       &desc,
+					       (ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
+			DBG_ERR("security_descriptor pull failed: %s\n",
+				nt_errstr(nt_status));
+			talloc_free(tmp_ctx);
+			return ldb_operr(ldb);
+		}
+
+		sddl = sddl_encode(mem_ctx,
+				   &desc,
+				   domain_sid);
+		if (sddl == NULL) {
+			talloc_free(tmp_ctx);
+			return ldb_oom(ldb);
+		}
+
+		claim->values[i] = sddl;
+		++claim->value_count;
+	}
+
+	talloc_free(tmp_ctx);
+
+	/* Shrink the array to fit. */
+	claim->values = talloc_realloc(mem_ctx,
+				       claim->values,
+				       const char *,
+				       claim->value_count);
+	if (claim->value_count && claim->values == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	return LDB_SUCCESS;
+}
+
+static int fill_claim_entry(TALLOC_CTX *mem_ctx,
+			    struct ldb_context *ldb,
+			    const struct dsdb_schema *schema,
+			    const struct ldb_message_element *principal_attribute,
+			    const struct ldb_val name,
+			    const DATA_BLOB syntax,
+			    enum CLAIM_TYPE claim_type,
+			    struct CLAIM_ENTRY *claim_entry)
+{
+
+	claim_entry->id = talloc_strndup(mem_ctx,
+				     (const char *)name.data,
+				     name.length);
+	if (claim_entry->id == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	claim_entry->type = claim_type;
+
+	switch (claim_type) {
+	case CLAIM_TYPE_INT64:
+		return fill_claim_int64(mem_ctx,
+					ldb,
+					principal_attribute,
+					name,
+					&claim_entry->values.claim_int64);
+	case CLAIM_TYPE_UINT64:
+		if (syntax.data != NULL && data_blob_equals_str(syntax, "2.5.5.2")) {
+			return fill_claim_uint64_oid_syntax(mem_ctx,
+						 ldb,
+						 schema,
+						 principal_attribute,
+						 name,
+						 &claim_entry->values.claim_uint64);
+		} else {
+			return fill_claim_uint64(mem_ctx,
+						 ldb,
+						 principal_attribute,
+						 name,
+						 &claim_entry->values.claim_uint64);
+		}
+	case CLAIM_TYPE_BOOLEAN:
+		return fill_claim_boolean(mem_ctx,
+					  ldb,
+					  principal_attribute,
+					  name,
+					  &claim_entry->values.claim_boolean);
+	case CLAIM_TYPE_STRING:
+	default:
+		if (syntax.data != NULL && data_blob_equals_str(syntax, "2.5.5.15")) {
+			return fill_claim_string_sec_desc_syntax(mem_ctx,
+								 ldb,
+								 principal_attribute,
+								 &claim_entry->values.claim_string);
+		} else {
+			return fill_claim_string(mem_ctx,
+						 ldb,
+						 principal_attribute,
+						 &claim_entry->values.claim_string);
+		}
+	}
+}
+
+/*
+ * Determine whether a claim applies to the most specific objectClass of the
+ * principal.
+ */
+static int claim_applies_to_class(TALLOC_CTX *mem_ctx,
+				  struct ldb_context *ldb,
+				  const struct dsdb_schema *schema,
+				  const struct ldb_message *claim_msg,
+				  const uint32_t principal_class_id,
+				  bool *applies)
+{
+	struct ldb_message_element *applies_to_class = NULL;
+	unsigned i;
+
+	applies_to_class = ldb_msg_find_element(claim_msg,
+						"msDS-ClaimTypeAppliesToClass");
+	if (applies_to_class == NULL) {
+		*applies = false;
+		return LDB_SUCCESS;
+	}
+
+	for (i = 0; i < applies_to_class->num_values; ++i) {
+		struct ldb_dn *class_dn = NULL;
+		const struct dsdb_class *class_val = NULL;
+		const struct ldb_val *class_rdn = NULL;
+
+		class_dn = ldb_dn_from_ldb_val(mem_ctx,
+					       ldb,
+					       &applies_to_class->values[i]);
+		if (class_dn == NULL) {
+			return ldb_oom(ldb);
+		}
+
+		class_rdn = ldb_dn_get_rdn_val(class_dn);
+		if (class_rdn == NULL) {
+			TALLOC_FREE(class_dn);
+			continue;
+		}
+
+		class_val = dsdb_class_by_cn_ldb_val(schema, class_rdn);
+		TALLOC_FREE(class_dn);
+		if (class_val == NULL) {
+			continue;
+		}
+
+		if (class_val->governsID_id == principal_class_id) {
+			*applies = true;
+			return LDB_SUCCESS;
+		}
+	}
+
+	*applies = false;
+	return LDB_SUCCESS;
+}
+
+struct assigned_silo {
+	const char *name;
+	bool is_initialised;
+	bool is_assigned;
+};
+
+static struct assigned_silo new_assigned_silo(void)
+{
+	return (struct assigned_silo) {
+		.name = NULL,
+		.is_initialised = false,
+		.is_assigned = false,
+	};
+}
+
+static bool silo_is_maybe_assigned(struct assigned_silo silo)
+{
+	return !silo.is_initialised || silo.is_assigned;
+}
+
+static int get_assigned_silo(struct ldb_context *ldb,
+			     TALLOC_CTX *mem_ctx,
+			     const struct ldb_message *principal,
+			     struct assigned_silo *assigned_silo)
+{
+	TALLOC_CTX *tmp_ctx = NULL;
+	int ret;
+
+	const struct ldb_message *silo_msg = NULL;
+	static const char * const silo_attrs[] = {
+		"msDS-AuthNPolicySiloEnforced",
+		"msDS-AuthNPolicySiloMembers",
+		"name",
+		NULL
+	};
+
+	bool is_silo_enforced = false;
+	const char *silo_name = NULL;
+
+	if (assigned_silo->is_initialised) {
+		return LDB_SUCCESS;
+	}
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	if (!authn_policy_silos_and_policies_in_effect(ldb)) {
+		/* No assigned silo. */
+		assigned_silo->is_assigned = false;
+		assigned_silo->is_initialised = true;
+
+		talloc_free(tmp_ctx);
+		return LDB_SUCCESS;
+	}
+
+	/* Check whether the user is assigned to an enforced silo. */
+	ret = authn_policy_get_assigned_silo(ldb,
+					     tmp_ctx,
+					     principal,
+					     silo_attrs,
+					     &silo_msg,
+					     &is_silo_enforced);
+	if (ret) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	if (silo_msg == NULL || !is_silo_enforced) {
+		/* No assigned silo. */
+		assigned_silo->is_assigned = false;
+		assigned_silo->is_initialised = true;
+
+		talloc_free(tmp_ctx);
+		return LDB_SUCCESS;
+	}
+
+	/* The user does belong to a silo, so return the name of the silo. */
+	silo_name = ldb_msg_find_attr_as_string(silo_msg,
+						"name",
+						NULL);
+	assigned_silo->name = talloc_steal(mem_ctx, silo_name);
+	assigned_silo->is_assigned = true;
+	assigned_silo->is_initialised = true;
+
+	talloc_free(tmp_ctx);
+	return LDB_SUCCESS;
+}
+
+static inline struct ldb_val talloc_steal_ldb_val(TALLOC_CTX *mem_ctx, struct ldb_val val)
+{
+	val.data = talloc_steal(mem_ctx, val.data);
+	return val;
+}
+
+static uint32_t claim_get_value_count(const struct CLAIM_ENTRY *claim)
+{
+	switch (claim->type) {
+	case CLAIM_TYPE_INT64:
+		return claim->values.claim_int64.value_count;
+	case CLAIM_TYPE_UINT64:
+		return claim->values.claim_uint64.value_count;
+	case CLAIM_TYPE_STRING:
+		return claim->values.claim_string.value_count;
+	case CLAIM_TYPE_BOOLEAN:
+		return claim->values.claim_boolean.value_count;
+	}
+
+	smb_panic(__location__ ": unknown claim type");
+	return 0;
+}
+
+static bool is_schema_dn(struct ldb_dn *dn,
+			 struct ldb_dn *schema_dn)
+{
+	if (ldb_dn_get_comp_num(dn) != (ldb_dn_get_comp_num(schema_dn) + 1)) {
+		return false;
+	}
+
+	return ldb_dn_compare_base(schema_dn, dn) == 0;
+}
+
+static bool is_valid_claim_attribute_syntax(const DATA_BLOB source_syntax,
+					    uint64_t claim_value_type)
+{
+	switch (claim_value_type) {
+	case CLAIM_TYPE_STRING:
+		if (data_blob_equals_str(source_syntax, "2.5.5.1")) {
+			return true;
+		}
+		if (data_blob_equals_str(source_syntax, "2.5.5.12")) {
+			return true;
+		}
+		if (data_blob_equals_str(source_syntax, "2.5.5.15")) {
+			return true;
+		}
+		break;
+	case CLAIM_TYPE_UINT64:
+		if (data_blob_equals_str(source_syntax, "2.5.5.2")) {
+			return true;
+		}
+		break;
+	case CLAIM_TYPE_INT64:
+		if (data_blob_equals_str(source_syntax, "2.5.5.9")) {
+			return true;
+		}
+		if (data_blob_equals_str(source_syntax, "2.5.5.16")) {
+			return true;
+		}
+		break;
+	case CLAIM_TYPE_BOOLEAN:
+		/* Note: MS-ADTS has a typo (2.2.5.8 instead of 2.5.5.8) */
+		if (data_blob_equals_str(source_syntax, "2.5.5.8")) {
+			return true;
+		}
+		break;
+	default:
+		break;
+	}
+
+	return false;
+}
+
+static int get_all_claims(struct ldb_context *ldb,
+			  TALLOC_CTX *mem_ctx,
+			  const struct ldb_message *principal,
+			  uint32_t principal_class_id,
+			  struct CLAIMS_SET **claims_set_out)
+{
+	TALLOC_CTX *tmp_ctx = NULL;
+
+	const struct dsdb_schema *schema = NULL;
+
+	struct ldb_dn *claim_config_container = NULL;
+	struct ldb_dn *claim_types_child = NULL;
+	struct ldb_dn *config_dn = ldb_get_config_basedn(ldb);
+	struct ldb_dn *schema_dn = ldb_get_schema_basedn(ldb);
+	bool ok;
+	int ret;
+	struct ldb_result *res = NULL;
+	static const char * const attrs[] = {
+		"Enabled",
+		"msDS-ClaimAttributeSource",
+		"msDS-ClaimSource",
+		"msDS-ClaimSourceType",
+		"msDS-ClaimTypeAppliesToClass",
+		"msDS-ClaimValueType",
+		"name",
+		NULL
+	};
+
+	const char **ad_claim_attrs = NULL;
+	unsigned int ad_claim_attrs_count;
+	struct ad_claim_info {
+		struct ldb_val name;
+		DATA_BLOB syntax;
+		const char *attribute;
+		enum CLAIM_TYPE claim_type;
+	} *ad_claims = NULL;
+	unsigned ad_claims_count;
+
+	unsigned i;
+
+	/* The structure which we'll use to build up the claims. */
+	struct CLAIMS_SET *claims_set = NULL;
+
+	struct CLAIMS_ARRAY *ad_sourced_constructed = NULL;
+
+	struct assigned_silo assigned_silo = new_assigned_silo();
+
+	*claims_set_out = NULL;
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		return ldb_oom(ldb);
+	}
+
+	claims_set = talloc_zero(tmp_ctx, struct CLAIMS_SET);
+	if (claims_set == NULL) {
+		talloc_free(tmp_ctx);
+		return ldb_oom(ldb);
+	}
+
+	schema = dsdb_get_schema(ldb, tmp_ctx);
+	if (schema == NULL) {
+		talloc_free(tmp_ctx);
+		return ldb_operr(ldb);
+	}
+
+	/* Get the DN of the claims container. */
+	claim_config_container = ldb_dn_copy(tmp_ctx, config_dn);
+	if (claim_config_container == NULL) {
+		talloc_free(tmp_ctx);
+		return ldb_oom(ldb);
+	}
+
+	claim_types_child = ldb_dn_new(tmp_ctx, ldb,
+				       "CN=Claim Types,CN=Claims Configuration,CN=Services");
+	if (claim_types_child == NULL) {
+		talloc_free(tmp_ctx);
+		return ldb_oom(ldb);
+	}
+
+	ok = ldb_dn_add_child(claim_config_container, claim_types_child);
+	TALLOC_FREE(claim_types_child);
+	if (!ok) {
+		talloc_free(tmp_ctx);
+		return ldb_operr(ldb);
+	}
+
+	/* Search for the claims container's children. */
+	ret = ldb_search(ldb, tmp_ctx, &res,
+			 claim_config_container,
+			 LDB_SCOPE_ONELEVEL,
+			 attrs, NULL);
+	if (ret) {
+		if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+			ret = LDB_SUCCESS;
+		}
+
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	/*
+	 * Allocate enough space for all AD claim attributes, followed by space
+	 * for a NULL marker (so it can be passed as the attributes filter to an
+	 * LDB search).
+	 */
+	ad_claim_attrs = talloc_array(tmp_ctx,
+				      const char *,
+				      res->count + 1);
+	if (ad_claim_attrs == NULL) {
+		talloc_free(tmp_ctx);
+		return ldb_oom(ldb);
+	}
+	ad_claims = talloc_array(tmp_ctx,
+				 struct ad_claim_info,
+				 res->count);
+	if (ad_claims == NULL) {
+		talloc_free(tmp_ctx);
+		return ldb_oom(ldb);
+	}
+	ad_claims_count = ad_claim_attrs_count = 0;
+
+	/* Loop through each child of the claims container. */
+	for (i = 0; i < res->count; ++i) {
+		bool claim_applies = false;
+
+		int enabled;
+		uint64_t claim_value_type;
+
+		const char *claim_source_type = NULL;
+		const struct ldb_val *claim_attribute_source = NULL;
+		const char *claim_source = NULL;
+
+		/*
+		 * Does this claim apply to the most specific objectClass of the
+		 * principal?
+		 */
+		ret = claim_applies_to_class(tmp_ctx,
+					     ldb,
+					     schema,
+					     res->msgs[i],
+					     principal_class_id,
+					     &claim_applies);
+		if (ret) {
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+		if (!claim_applies) {
+			/* If the claim doesn't apply, skip it. */
+			continue;
+		}
+
+		enabled = ldb_msg_find_attr_as_bool(res->msgs[i], "Enabled", 0);
+		if (!enabled) {
+			/* If the claim isn't enabled, skip it. */
+			continue;
+		}
+
+		claim_value_type = ldb_msg_find_attr_as_uint64(res->msgs[i],
+							       "msDS-ClaimValueType",
+							       0);
+		if (!claim_value_type) {
+			continue;
+		}
+
+		claim_source_type = ldb_msg_find_attr_as_string(res->msgs[i],
+								"msDS-ClaimSourceType",
+								"");
+
+		/* Get the attribute used by the claim. */
+		claim_attribute_source = ldb_msg_find_ldb_val(res->msgs[i],
+							      "msDS-ClaimAttributeSource");
+
+		claim_source = ldb_msg_find_attr_as_string(res->msgs[i],
+							   "msDS-ClaimSource",
+							   NULL);
+
+		if (strcasecmp(claim_source_type, "AD") == 0) {
+			struct ldb_dn *claim_attribute_source_dn = NULL;
+			const struct ldb_val *claim_attribute_source_rdn = NULL;
+			const struct dsdb_attribute *claim_attribute_source_class = NULL;
+
+			DATA_BLOB source_syntax;
+			const char *attribute = NULL;
+			const struct ldb_val *name = NULL;
+
+			if (claim_attribute_source == NULL) {
+				continue;
+			}
+
+			claim_attribute_source_dn = ldb_val_as_dn(ldb,
+								  tmp_ctx,
+								  claim_attribute_source);
+			if (claim_attribute_source_dn == NULL) {
+				talloc_free(tmp_ctx);
+				return ldb_operr(ldb);
+			}
+
+			if (!is_schema_dn(claim_attribute_source_dn, schema_dn)) {
+				/* This DN doesn't belong to the schema. */
+				continue;
+			}
+
+			claim_attribute_source_rdn = ldb_dn_get_rdn_val(claim_attribute_source_dn);
+			if (claim_attribute_source_rdn == NULL) {
+				/* No RDN, skip it. */
+				continue;
+			}
+
+			claim_attribute_source_class = dsdb_attribute_by_cn_ldb_val(schema,
+										    claim_attribute_source_rdn);
+			claim_attribute_source_rdn = NULL;
+			TALLOC_FREE(claim_attribute_source_dn);
+			if (claim_attribute_source_class == NULL) {
+				continue;
+			}
+
+			source_syntax = data_blob_string_const(claim_attribute_source_class->attributeSyntax_oid);
+			if (source_syntax.data == NULL) {
+				continue;
+			}
+
+			if (!is_valid_claim_attribute_syntax(source_syntax, claim_value_type)) {
+				continue;
+			}
+
+			attribute = claim_attribute_source_class->lDAPDisplayName;
+			if (attribute == NULL) {
+				continue;
+			}
+
+			ret = add_attr_unique(tmp_ctx,
+					      ad_claim_attrs,
+					      &ad_claim_attrs_count,
+					      attribute);
+			if (ret) {
+				talloc_free(tmp_ctx);
+				return ret;
+			}
+
+			name = ldb_msg_find_ldb_val(res->msgs[i], "name");
+			if (name == NULL) {
+				name = &data_blob_null;
+			}
+
+			ad_claims[ad_claims_count++] = (struct ad_claim_info) {
+				.name = *name,
+				.syntax = source_syntax,
+				.attribute = attribute,
+				.claim_type = claim_value_type,
+			};
+		} else if (silo_is_maybe_assigned(assigned_silo)
+			   && strcasecmp(claim_source_type, "Constructed") == 0)
+		{
+			const struct ldb_val *name = NULL;
+			struct CLAIM_STRING *claim = NULL;
+			struct CLAIM_ENTRY *claim_entry = NULL;
+			const char *claim_value = NULL;
+
+			if (claim_attribute_source != NULL) {
+				continue;
+			}
+
+			if (claim_source != NULL) {
+				continue;
+			}
+
+			name = ldb_msg_find_ldb_val(res->msgs[i], "name");
+			if (name == NULL || name->data == NULL) {
+				continue;
+			}
+			/* Does the claim ID match exactly in case? */
+			if (strcmp((const char *)name->data, "ad://ext/AuthenticationSilo") != 0) {
+				continue;
+			}
+
+			ret = get_assigned_silo(ldb, tmp_ctx, principal, &assigned_silo);
+			if (ret) {
+				talloc_free(tmp_ctx);
+				return ret;
+			}
+			if (!assigned_silo.is_assigned) {
+				continue;
+			}
+
+			if (ad_sourced_constructed == NULL) {
+				claims_set->claims_arrays = talloc_realloc(claims_set,
+									       claims_set->claims_arrays,
+									       struct CLAIMS_ARRAY,
+									       claims_set->claims_array_count + 1);
+				if (claims_set->claims_arrays == NULL) {
+					talloc_free(tmp_ctx);
+					return ldb_oom(ldb);
+				}
+
+				ad_sourced_constructed = &claims_set->claims_arrays[claims_set->claims_array_count++];
+				*ad_sourced_constructed = (struct CLAIMS_ARRAY) {
+					.claims_source_type = CLAIMS_SOURCE_TYPE_AD,
+				};
+			}
+
+			/* Add the claim to the array. */
+			ad_sourced_constructed->claim_entries = talloc_realloc(
+				claims_set->claims_arrays,
+				ad_sourced_constructed->claim_entries,
+				struct CLAIM_ENTRY,
+				ad_sourced_constructed->claims_count + 1);
+			if (ad_sourced_constructed->claim_entries == NULL) {
+				talloc_free(tmp_ctx);
+				return ldb_oom(ldb);
+			}
+
+			claim_entry = &ad_sourced_constructed->claim_entries[ad_sourced_constructed->claims_count++];
+
+			/* Fill in the claim details and return the claim. */
+			claim_entry->id = "ad://ext/AuthenticationSilo";
+			claim_entry->type = CLAIM_TYPE_STRING;
+
+			claim = &claim_entry->values.claim_string;
+
+			claim->value_count = 1;
+			claim->values = talloc_array(ad_sourced_constructed->claim_entries,
+						     const char *,
+						     claim->value_count);
+			if (claim->values == NULL) {
+				talloc_free(tmp_ctx);
+				return ldb_oom(ldb);
+			}
+
+			claim_value = talloc_strdup(claim->values, assigned_silo.name);
+			if (claim_value == NULL) {
+				talloc_free(tmp_ctx);
+				return ldb_oom(ldb);
+			}
+
+			claim->values[0] = claim_value;
+		}
+	}
+
+	if (ad_claims_count) {
+		struct ldb_message *principal_msg = NULL;
+
+		/* Shrink the arrays to remove any unused space. */
+		ad_claim_attrs = talloc_realloc(tmp_ctx,
+						ad_claim_attrs,
+						const char *,
+						ad_claim_attrs_count + 1);
+		if (ad_claim_attrs == NULL) {
+			talloc_free(tmp_ctx);
+			return ldb_oom(ldb);
+		}
+		ad_claim_attrs[ad_claim_attrs_count] = NULL;
+
+		ad_claims = talloc_realloc(tmp_ctx,
+					   ad_claims,
+					   struct ad_claim_info,
+					   ad_claims_count);
+		if (ad_claims == NULL) {
+			talloc_free(tmp_ctx);
+			return ldb_oom(ldb);
+		}
+
+		ret = dsdb_search_one(ldb,
+				      tmp_ctx,
+				      &principal_msg,
+				      principal->dn,
+				      LDB_SCOPE_BASE,
+				      ad_claim_attrs,
+				      0,
+				      NULL);
+		if (ret != LDB_SUCCESS) {
+			const char *dn = ldb_dn_get_linearized(principal->dn);
+			DBG_ERR("Failed to find principal %s to construct claims\n",
+				dn != NULL ? dn : "<NULL>");
+			talloc_free(tmp_ctx);
+			return ret;
+		}
+
+		/*
+		 * Ensure that only the attrs we asked for end up in the results
+		 * (it's fine if some are missing)
+		 */
+		SMB_ASSERT(principal_msg->num_elements <= ad_claim_attrs_count);
+
+		for (i = 0; i < ad_claims_count; ++i) {
+			const struct ldb_message_element *principal_attribute = NULL;
+			struct CLAIM_ENTRY *claim_entry = NULL;
+			uint32_t new_claims_array_count = claims_set->claims_array_count;
+
+			/* Get the value of the claim attribute for the principal. */
+			principal_attribute = ldb_msg_find_element(principal_msg,
+								   ad_claims[i].attribute);
+			if (principal_attribute == NULL) {
+				continue;
+			}
+
+			/* Add the claim to the array. */
+
+			if (ad_sourced_constructed == NULL) {
+				claims_set->claims_arrays = talloc_realloc(claims_set,
+									       claims_set->claims_arrays,
+									       struct CLAIMS_ARRAY,
+									       new_claims_array_count + 1);
+				if (claims_set->claims_arrays == NULL) {
+					talloc_free(tmp_ctx);
+					return ldb_oom(ldb);
+				}
+
+				ad_sourced_constructed = &claims_set->claims_arrays[new_claims_array_count++];
+				*ad_sourced_constructed = (struct CLAIMS_ARRAY) {
+					.claims_source_type = CLAIMS_SOURCE_TYPE_AD,
+				};
+			}
+
+			ad_sourced_constructed->claim_entries = talloc_realloc(
+				claims_set->claims_arrays,
+				ad_sourced_constructed->claim_entries,
+				struct CLAIM_ENTRY,
+				ad_sourced_constructed->claims_count + 1);
+			if (ad_sourced_constructed->claim_entries == NULL) {
+				talloc_free(tmp_ctx);
+				return ldb_oom(ldb);
+			}
+
+			claim_entry = &ad_sourced_constructed->claim_entries[
+				ad_sourced_constructed->claims_count];
+
+			ret = fill_claim_entry(ad_sourced_constructed->claim_entries,
+					       ldb,
+					       schema,
+					       principal_attribute,
+					       ad_claims[i].name,
+					       ad_claims[i].syntax,
+					       ad_claims[i].claim_type,
+					       claim_entry);
+			if (ret != LDB_SUCCESS) {
+				talloc_free(tmp_ctx);
+				return ret;
+			}
+
+			if (claim_get_value_count(claim_entry) > 0) {
+				/*
+				 * If the claim contains values, add it to the
+				 * array(s).
+				 */
+				++ad_sourced_constructed->claims_count;
+				claims_set->claims_array_count = new_claims_array_count;
+			}
+		}
+	}
+
+	if (claims_set->claims_array_count) {
+		*claims_set_out = talloc_steal(mem_ctx, claims_set);
+	}
+
+	talloc_free(tmp_ctx);
+	return LDB_SUCCESS;
+}
+
+int get_claims_set_for_principal(struct ldb_context *ldb,
+				 TALLOC_CTX *mem_ctx,
+				 const struct ldb_message *principal,
+				 struct CLAIMS_SET **claims_set_out)
+{
+	struct ldb_message_element *principal_class_el = NULL;
+	struct dsdb_schema *schema = NULL;
+	const struct dsdb_class *principal_class = NULL;
+
+	*claims_set_out = NULL;
+
+	if (!ad_claims_are_issued(ldb)) {
+		return LDB_SUCCESS;
+	}
+
+	principal_class_el = ldb_msg_find_element(principal,
+						  "objectClass");
+	if (principal_class_el == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	schema = dsdb_get_schema(ldb, mem_ctx);
+	if (schema == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	principal_class = dsdb_get_last_structural_class(schema, principal_class_el);
+	if (principal_class == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	return get_all_claims(ldb,
+			      mem_ctx,
+			      principal,
+			      principal_class->governsID_id,
+			      claims_set_out);
+}
diff --git a/source4/kdc/ad_claims.h b/source4/kdc/ad_claims.h
new file mode 100644
index 0000000..e54b1da
--- /dev/null
+++ b/source4/kdc/ad_claims.h
@@ -0,0 +1,36 @@
+/*
+   Unix SMB/CIFS implementation.
+   Samba Active Directory claims utility functions
+
+   Copyright (C) Catalyst.Net Ltd 2023
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef KDC_AD_CLAIMS_H
+#define KDC_AD_CLAIMS_H
+
+#include "lib/util/data_blob.h"
+#include "ldb.h"
+
+struct CLAIMS_SET;
+
+bool ad_claims_are_issued(struct ldb_context *samdb);
+
+int get_claims_set_for_principal(struct ldb_context *ldb,
+				 TALLOC_CTX *mem_ctx,
+				 const struct ldb_message *principal,
+				 struct CLAIMS_SET **claims_set_out);
+
+#endif
diff --git a/source4/kdc/authn_policy_util.c b/source4/kdc/authn_policy_util.c
new file mode 100644
index 0000000..60de61a
--- /dev/null
+++ b/source4/kdc/authn_policy_util.c
@@ -0,0 +1,1316 @@
+/*
+   Unix SMB/CIFS implementation.
+   Samba Active Directory authentication policy utility functions
+
+   Copyright (C) Catalyst.Net Ltd 2023
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "lib/replace/replace.h"
+#include "source4/kdc/authn_policy_util.h"
+#include "auth/authn_policy_impl.h"
+#include "lib/util/debug.h"
+#include "lib/util/samba_util.h"
+#include "libcli/security/security.h"
+#include "libcli/util/werror.h"
+#include "auth/common_auth.h"
+#include "source4/auth/session.h"
+#include "source4/dsdb/samdb/samdb.h"
+#include "source4/dsdb/samdb/ldb_modules/util.h"
+
+bool authn_policy_silos_and_policies_in_effect(struct ldb_context *samdb)
+{
+	/*
+	 * Authentication Silos and Authentication Policies are not
+	 * honoured by Samba unless the DC is at FL 2012 R2.  This is
+	 * to match Windows, which will offer these features as soon
+	 * as the DC is upgraded.
+	 */
+	const int functional_level = dsdb_dc_functional_level(samdb);
+	return functional_level >= DS_DOMAIN_FUNCTION_2012_R2;
+}
+
+bool authn_policy_allowed_ntlm_network_auth_in_effect(struct ldb_context *samdb)
+{
+	/*
+	 * The allowed NTLM network authentication Policies are not
+	 * honoured by Samba unless the DC is at FL2016.  This
+	 * is to match Windows, which will enforce these restrictions
+	 * as soon as the DC is upgraded.
+	 */
+	const int functional_level = dsdb_dc_functional_level(samdb);
+	return functional_level >= DS_DOMAIN_FUNCTION_2016;
+}
+
+/*
+ * Depending on the type of the account, we need to refer to different
+ * attributes of authentication silo objects. This structure keeps track of the
+ * attributes to use for a certain account type.
+ */
+struct authn_silo_attrs {
+	const char *policy;
+	const char *attrs[];
+};
+
+/*
+ * Depending on the type of the account, we need to refer to different
+ * attributes of authentication policy objects. This structure keeps track of
+ * the attributes to use for a certain account type.
+ */
+struct authn_policy_attrs {
+	/* This applies at FL2016 and up. */
+	const char *allowed_ntlm_network_auth;
+	/* The remainder apply at FL2012_R2 and up. */
+	const char *allowed_to_authenticate_from;
+	const char *allowed_to_authenticate_to;
+	const char *tgt_lifetime;
+	const char *attrs[];
+};
+
+struct authn_attrs {
+	const struct authn_silo_attrs *silo;
+	const struct authn_policy_attrs *policy;
+};
+
+/*
+ * Get the authentication attributes that apply to an account of a certain
+ * class.
+ */
+static const struct authn_attrs authn_policy_get_attrs(const struct ldb_message *msg)
+{
+	const struct authn_attrs null_authn_attrs = {
+		.silo = NULL,
+		.policy = NULL,
+	};
+	const struct ldb_message_element *objectclass_el = NULL;
+	unsigned i;
+
+	objectclass_el = ldb_msg_find_element(msg, "objectClass");
+	if (objectclass_el == NULL || objectclass_el->num_values == 0) {
+		return null_authn_attrs;
+	}
+
+	/*
+	 * Iterate over the objectClasses, starting at the most-derived class.
+	 */
+	for (i = objectclass_el->num_values; i > 0; --i) {
+		const struct ldb_val *objectclass_val = &objectclass_el->values[i - 1];
+		const char *objectclass = NULL;
+
+		objectclass = (const char *)objectclass_val->data;
+		if (objectclass == NULL) {
+			continue;
+		}
+
+#define COMMON_AUTHN_SILO_ATTRS \
+	"msDS-AuthNPolicySiloEnforced", \
+	"msDS-AuthNPolicySiloMembers", \
+	"name"
+
+#define COMMON_AUTHN_POLICY_ATTRS \
+	"msDS-AuthNPolicyEnforced", \
+	"msDS-StrongNTLMPolicy", \
+	"name"
+
+		/*
+		 * See which of three classes this object is most closely
+		 * derived from.
+		 */
+		if (strcasecmp(objectclass, "user") == 0) {
+			static const struct authn_silo_attrs user_authn_silo_attrs = {
+				.policy = "msDS-UserAuthNPolicy",
+				.attrs = {
+					COMMON_AUTHN_SILO_ATTRS,
+					"msDS-UserAuthNPolicy",
+					NULL,
+				},
+			};
+
+			static const struct authn_policy_attrs user_authn_policy_attrs = {
+				.allowed_ntlm_network_auth = "msDS-UserAllowedNTLMNetworkAuthentication",
+				.allowed_to_authenticate_from = "msDS-UserAllowedToAuthenticateFrom",
+				.allowed_to_authenticate_to = "msDS-UserAllowedToAuthenticateTo",
+				.tgt_lifetime = "msDS-UserTGTLifetime",
+				.attrs = {
+					COMMON_AUTHN_POLICY_ATTRS,
+					"msDS-UserAllowedNTLMNetworkAuthentication",
+					"msDS-UserAllowedToAuthenticateFrom",
+					"msDS-UserAllowedToAuthenticateTo",
+					"msDS-UserTGTLifetime",
+					NULL,
+				},
+			};
+
+			return (struct authn_attrs) {
+				.silo = &user_authn_silo_attrs,
+				.policy = &user_authn_policy_attrs,
+			};
+		}
+
+		if (strcasecmp(objectclass, "computer") == 0) {
+			static const struct authn_silo_attrs computer_authn_silo_attrs = {
+				.policy = "msDS-ComputerAuthNPolicy",
+				.attrs = {
+					COMMON_AUTHN_SILO_ATTRS,
+					"msDS-ComputerAuthNPolicy",
+					NULL,
+				},
+			};
+
+			static const struct authn_policy_attrs computer_authn_policy_attrs = {
+				.allowed_ntlm_network_auth = NULL,
+				.allowed_to_authenticate_from = NULL,
+				.allowed_to_authenticate_to = "msDS-ComputerAllowedToAuthenticateTo",
+				.tgt_lifetime = "msDS-ComputerTGTLifetime",
+				.attrs = {
+					COMMON_AUTHN_POLICY_ATTRS,
+					"msDS-ComputerAllowedToAuthenticateTo",
+					"msDS-ComputerTGTLifetime",
+					NULL,
+				},
+			};
+
+			return (struct authn_attrs) {
+				.silo = &computer_authn_silo_attrs,
+				.policy = &computer_authn_policy_attrs,
+			};
+		}
+
+		if (strcasecmp(objectclass, "msDS-ManagedServiceAccount") == 0) {
+			static const struct authn_silo_attrs service_authn_silo_attrs = {
+				.policy = "msDS-ServiceAuthNPolicy",
+				.attrs = {
+					COMMON_AUTHN_SILO_ATTRS,
+					"msDS-ServiceAuthNPolicy",
+					NULL,
+				},
+			};
+
+			static const struct authn_policy_attrs service_authn_policy_attrs = {
+				.allowed_ntlm_network_auth = "msDS-ServiceAllowedNTLMNetworkAuthentication",
+				.allowed_to_authenticate_from = "msDS-ServiceAllowedToAuthenticateFrom",
+				.allowed_to_authenticate_to = "msDS-ServiceAllowedToAuthenticateTo",
+				.tgt_lifetime = "msDS-ServiceTGTLifetime",
+				.attrs = {
+					COMMON_AUTHN_POLICY_ATTRS,
+					"msDS-ServiceAllowedNTLMNetworkAuthentication",
+					"msDS-ServiceAllowedToAuthenticateFrom",
+					"msDS-ServiceAllowedToAuthenticateTo",
+					"msDS-ServiceTGTLifetime",
+					NULL,
+				},
+			};
+
+			return (struct authn_attrs) {
+				.silo = &service_authn_silo_attrs,
+				.policy = &service_authn_policy_attrs,
+			};
+		}
+	}
+
+#undef COMMON_AUTHN_SILO_ATTRS
+#undef COMMON_AUTHN_POLICY_ATTRS
+
+	/* No match — this object is not a user. */
+	return null_authn_attrs;
+}
+
+/*
+ * Look up the silo assigned to an account. If one exists, returns its details
+ * and whether it is enforced or not. ‘silo_attrs’ comprises the attributes to
+ * include in the search result, the relevant set of which can differ depending
+ * on the account’s objectClass.
+ */
+int authn_policy_get_assigned_silo(struct ldb_context *samdb,
+				   TALLOC_CTX *mem_ctx,
+				   const struct ldb_message *msg,
+				   const char * const *silo_attrs,
+				   const struct ldb_message **silo_msg_out,
+				   bool *is_enforced)
+{
+	TALLOC_CTX *tmp_ctx = NULL;
+	int ret = 0;
+	const struct ldb_message_element *authn_silo = NULL;
+	struct ldb_dn *authn_silo_dn = NULL;
+	struct ldb_message *authn_silo_msg = NULL;
+	const struct ldb_message_element *members = NULL;
+	const char *linearized_dn = NULL;
+	struct ldb_val linearized_dn_val;
+
+	*silo_msg_out = NULL;
+	*is_enforced = true;
+
+	if (!authn_policy_silos_and_policies_in_effect(samdb)) {
+		return 0;
+	}
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		ret = ENOMEM;
+		goto out;
+	}
+
+	authn_silo = ldb_msg_find_element(msg, "msDS-AssignedAuthNPolicySilo");
+	/* Is the account assigned to a silo? */
+	if (authn_silo == NULL || !authn_silo->num_values) {
+		goto out;
+	}
+
+	authn_silo_dn = ldb_dn_from_ldb_val(tmp_ctx, samdb, &authn_silo->values[0]);
+	if (authn_silo_dn == NULL) {
+		ret = ENOMEM;
+		goto out;
+	}
+
+	ret = dsdb_search_one(samdb,
+			      tmp_ctx,
+			      &authn_silo_msg,
+			      authn_silo_dn,
+			      LDB_SCOPE_BASE,
+			      silo_attrs,
+			      0, NULL);
+	if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+		/* Not found. */
+		ret = 0;
+		goto out;
+	}
+	if (ret) {
+		goto out;
+	}
+
+	members = ldb_msg_find_element(authn_silo_msg,
+				       "msDS-AuthNPolicySiloMembers");
+	if (members == NULL) {
+		goto out;
+	}
+
+	linearized_dn = ldb_dn_get_linearized(msg->dn);
+	if (linearized_dn == NULL) {
+		ret = ENOMEM;
+		goto out;
+	}
+
+	linearized_dn_val = data_blob_string_const(linearized_dn);
+	/* Is the account a member of the silo? */
+	if (!ldb_msg_find_val(members, &linearized_dn_val)) {
+		goto out;
+	}
+
+	/* Is the silo actually enforced? */
+	*is_enforced = ldb_msg_find_attr_as_bool(
+		authn_silo_msg,
+		"msDS-AuthNPolicySiloEnforced",
+		false);
+
+	*silo_msg_out = talloc_move(mem_ctx, &authn_silo_msg);
+
+out:
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+/*
+ * Look up the authentication policy assigned to an account, returning its
+ * details if it exists. ‘authn_attrs’ specifies which attributes are relevant,
+ * and should be chosen based on the account’s objectClass.
+ */
+static int samba_kdc_authn_policy_msg(struct ldb_context *samdb,
+				      TALLOC_CTX *mem_ctx,
+				      const struct ldb_message *msg,
+				      const struct authn_attrs authn_attrs,
+				      struct ldb_message **authn_policy_msg_out,
+				      struct authn_policy *authn_policy_out)
+{
+	TALLOC_CTX *tmp_ctx = NULL;
+	int ret = 0;
+	const struct ldb_message *authn_silo_msg = NULL;
+	const struct ldb_message_element *authn_policy = NULL;
+	const char *silo_name = NULL;
+	const char *policy_name = NULL;
+	struct ldb_dn *authn_policy_dn = NULL;
+	struct ldb_message *authn_policy_msg = NULL;
+	bool belongs_to_silo = false;
+	bool is_enforced = true;
+
+	*authn_policy_msg_out = NULL;
+	*authn_policy_out = (struct authn_policy) {};
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		ret = ENOMEM;
+		goto out;
+	}
+
+	/* See whether the account is assigned to a silo. */
+	ret = authn_policy_get_assigned_silo(samdb,
+					     tmp_ctx,
+					     msg,
+					     authn_attrs.silo->attrs,
+					     &authn_silo_msg,
+					     &is_enforced);
+	if (ret) {
+		goto out;
+	}
+
+	if (authn_silo_msg != NULL) {
+		belongs_to_silo = true;
+
+		silo_name = ldb_msg_find_attr_as_string(authn_silo_msg, "name", NULL);
+
+		/* Get the applicable authentication policy. */
+		authn_policy = ldb_msg_find_element(
+			authn_silo_msg,
+			authn_attrs.silo->policy);
+	} else {
+		/*
+		 * If no silo is assigned, take the policy that is directly
+		 * assigned to the account.
+		 */
+		authn_policy = ldb_msg_find_element(msg, "msDS-AssignedAuthNPolicy");
+	}
+
+	if (authn_policy == NULL || !authn_policy->num_values) {
+		/* No policy applies; we’re done. */
+		goto out;
+	}
+
+	authn_policy_dn = ldb_dn_from_ldb_val(tmp_ctx, samdb, &authn_policy->values[0]);
+	if (authn_policy_dn == NULL) {
+		ret = ENOMEM;
+		goto out;
+	}
+
+	/* Look up the policy object. */
+	ret = dsdb_search_one(samdb,
+			      tmp_ctx,
+			      &authn_policy_msg,
+			      authn_policy_dn,
+			      LDB_SCOPE_BASE,
+			      authn_attrs.policy->attrs,
+			      0, NULL);
+	if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+		/* Not found. */
+		ret = 0;
+		goto out;
+	}
+	if (ret) {
+		goto out;
+	}
+
+	policy_name = ldb_msg_find_attr_as_string(authn_policy_msg, "name", NULL);
+
+	if (!belongs_to_silo) {
+		is_enforced = ldb_msg_find_attr_as_bool(
+			authn_policy_msg,
+			"msDS-AuthNPolicyEnforced",
+			false);
+	}
+
+	authn_policy_out->silo_name = talloc_move(mem_ctx, &silo_name);
+	authn_policy_out->policy_name = talloc_move(mem_ctx, &policy_name);
+	authn_policy_out->enforced = is_enforced;
+
+	*authn_policy_msg_out = talloc_move(mem_ctx, &authn_policy_msg);
+
+out:
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+/*
+ * Reference an existing authentication policy onto a talloc context, returning
+ * ‘true’ on success.
+ */
+static bool authn_policy_ref(TALLOC_CTX *mem_ctx,
+			     struct authn_policy *policy_out,
+			     const struct authn_policy *policy)
+{
+	const char *silo_name = NULL;
+	const char *policy_name = NULL;
+
+	if (policy->silo_name != NULL) {
+		silo_name = talloc_strdup(mem_ctx, policy->silo_name);
+		if (silo_name == NULL) {
+			return false;
+		}
+	}
+
+	if (policy->policy_name != NULL) {
+		policy_name = talloc_strdup(mem_ctx, policy->policy_name);
+		if (policy_name == NULL) {
+			/*
+			 * We can’t free ‘silo_name’ here, as it is declared
+			 * const. It will be freed with the parent context.
+			 */
+			return false;
+		}
+	}
+
+	*policy_out = (struct authn_policy) {
+		.silo_name = silo_name,
+		.policy_name = policy_name,
+		.enforced = policy->enforced,
+	};
+
+	return true;
+}
+
+/* Create a structure containing auditing information. */
+static NTSTATUS _authn_policy_audit_info(TALLOC_CTX *mem_ctx,
+					 const struct authn_policy *policy,
+					 const struct authn_int64_optional tgt_lifetime_raw,
+					 const struct auth_user_info_dc *client_info,
+					 const enum authn_audit_event event,
+					 const enum authn_audit_reason reason,
+					 const NTSTATUS policy_status,
+					 const char *location,
+					 struct authn_audit_info **audit_info_out)
+{
+	struct authn_audit_info *audit_info = NULL;
+	bool ok;
+
+	if (audit_info_out == NULL) {
+		return NT_STATUS_OK;
+	}
+
+	audit_info = talloc_zero(mem_ctx, struct authn_audit_info);
+	if (audit_info == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (client_info != NULL) {
+		/*
+		 * Keep a reference to the client’s user information so that it
+		 * is available to be logged later.
+		 */
+		audit_info->client_info = talloc_reference(audit_info, client_info);
+		if (audit_info->client_info == NULL) {
+			talloc_free(audit_info);
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
+	if (policy != NULL) {
+		audit_info->policy = talloc_zero(audit_info, struct authn_policy);
+		if (audit_info->policy == NULL) {
+			talloc_free(audit_info);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		ok = authn_policy_ref(audit_info, audit_info->policy, policy);
+		if (!ok) {
+			talloc_free(audit_info);
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
+	audit_info->event = event;
+	audit_info->reason = reason;
+	audit_info->policy_status = policy_status;
+	audit_info->location = location;
+	audit_info->tgt_lifetime_raw = tgt_lifetime_raw;
+
+	*audit_info_out = audit_info;
+	return NT_STATUS_OK;
+}
+
+/* Create a structure containing auditing information. */
+#define authn_policy_audit_info( \
+	mem_ctx, \
+	policy, \
+	tgt_lifetime_raw, \
+	client_info, \
+	event, \
+	reason, \
+	policy_status, \
+	audit_info_out) \
+	_authn_policy_audit_info( \
+		mem_ctx, \
+		policy, \
+		tgt_lifetime_raw, \
+		client_info, \
+		event, \
+		reason, \
+		policy_status, \
+		__location__, \
+		audit_info_out)
+
+/*
+ * Perform an access check against the security descriptor set in an
+ * authentication policy. ‘client_info’ must be talloc-allocated so that we can
+ * make a reference to it.
+ */
+static NTSTATUS _authn_policy_access_check(TALLOC_CTX *mem_ctx,
+					   struct ldb_context *samdb,
+					   struct loadparm_context* lp_ctx,
+					   const struct auth_user_info_dc *client_info,
+					   const struct auth_user_info_dc *device_info,
+					   const struct auth_claims auth_claims,
+					   const struct authn_policy *policy,
+					   const struct authn_int64_optional tgt_lifetime_raw,
+					   const enum authn_audit_event restriction_event,
+					   const struct authn_policy_flags authn_policy_flags,
+					   const DATA_BLOB *descriptor_blob,
+					   const char *location,
+					   struct authn_audit_info **audit_info_out)
+{
+	TALLOC_CTX *tmp_ctx = NULL;
+	NTSTATUS status = NT_STATUS_OK;
+	NTSTATUS status2;
+	enum ndr_err_code ndr_err;
+	struct security_descriptor *descriptor = NULL;
+	struct security_token *security_token = NULL;
+	uint32_t session_info_flags =
+		AUTH_SESSION_INFO_DEFAULT_GROUPS |
+		AUTH_SESSION_INFO_DEVICE_DEFAULT_GROUPS |
+		AUTH_SESSION_INFO_SIMPLE_PRIVILEGES;
+	const uint32_t access_desired = SEC_ADS_CONTROL_ACCESS;
+	uint32_t access_granted;
+	enum authn_audit_event event = restriction_event;
+	enum authn_audit_reason reason = AUTHN_AUDIT_REASON_NONE;
+
+	if (audit_info_out != NULL) {
+		*audit_info_out = NULL;
+	}
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		status = NT_STATUS_NO_MEMORY;
+		goto out;
+	}
+
+	if (!(client_info->info->user_flags & NETLOGON_GUEST)) {
+		session_info_flags |= AUTH_SESSION_INFO_AUTHENTICATED;
+	}
+
+	if (device_info != NULL && !(device_info->info->user_flags & NETLOGON_GUEST)) {
+		session_info_flags |= AUTH_SESSION_INFO_DEVICE_AUTHENTICATED;
+	}
+
+	if (authn_policy_flags.force_compounded_authentication) {
+		session_info_flags |= AUTH_SESSION_INFO_FORCE_COMPOUNDED_AUTHENTICATION;
+	}
+
+	descriptor = talloc(tmp_ctx, struct security_descriptor);
+	if (descriptor == NULL) {
+		status = NT_STATUS_NO_MEMORY;
+		goto out;
+	}
+
+	ndr_err = ndr_pull_struct_blob(descriptor_blob,
+				       tmp_ctx,
+				       descriptor,
+				       (ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		status = ndr_map_error2ntstatus(ndr_err);
+		DBG_ERR("Failed to unmarshall "
+			"security descriptor for authentication policy: %s\n",
+			nt_errstr(status));
+		reason = AUTHN_AUDIT_REASON_DESCRIPTOR_INVALID;
+		goto out;
+	}
+
+	/* Require that the security descriptor has an owner set. */
+	if (descriptor->owner_sid == NULL) {
+		status = NT_STATUS_INVALID_PARAMETER;
+		reason = AUTHN_AUDIT_REASON_DESCRIPTOR_NO_OWNER;
+		goto out;
+	}
+
+	status = auth_generate_security_token(tmp_ctx,
+					      lp_ctx,
+					      samdb,
+					      client_info,
+					      device_info,
+					      auth_claims,
+					      session_info_flags,
+					      &security_token);
+	if (!NT_STATUS_IS_OK(status)) {
+		reason = AUTHN_AUDIT_REASON_SECURITY_TOKEN_FAILURE;
+		goto out;
+	}
+
+	status = sec_access_check_ds(descriptor, security_token,
+					access_desired, &access_granted,
+					NULL, NULL);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+		status = NT_STATUS_AUTHENTICATION_FIREWALL_FAILED;
+		reason = AUTHN_AUDIT_REASON_ACCESS_DENIED;
+		goto out;
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		goto out;
+	}
+
+	event = AUTHN_AUDIT_EVENT_OK;
+out:
+	/*
+	 * Create the structure with auditing information here while we have all
+	 * the relevant information to hand. It will contain references to
+	 * information regarding the client and the policy, to be consulted
+	 * after the referents have possibly been freed.
+	 */
+	status2 = _authn_policy_audit_info(mem_ctx,
+					   policy,
+					   tgt_lifetime_raw,
+					   client_info,
+					   event,
+					   reason,
+					   status,
+					   location,
+					   audit_info_out);
+	if (!NT_STATUS_IS_OK(status2)) {
+		status = status2;
+	} else if (!authn_policy_is_enforced(policy)) {
+		status = NT_STATUS_OK;
+	}
+
+	talloc_free(tmp_ctx);
+	return status;
+}
+
+#define authn_policy_access_check(mem_ctx, \
+	samdb, \
+	lp_ctx, \
+	client_info, \
+	device_info, \
+	auth_claims, \
+	policy, \
+	tgt_lifetime_raw, \
+	restriction_event, \
+	authn_policy_flags, \
+	descriptor_blob, \
+	audit_info_out) \
+	_authn_policy_access_check(mem_ctx, \
+		samdb, \
+		lp_ctx, \
+		client_info, \
+		device_info, \
+		auth_claims, \
+		policy, \
+		tgt_lifetime_raw, \
+		restriction_event, \
+		authn_policy_flags,	\
+		descriptor_blob, \
+		__location__, \
+		audit_info_out)
+
+/* Return an authentication policy moved onto a talloc context. */
+static struct authn_policy authn_policy_move(TALLOC_CTX *mem_ctx,
+					     struct authn_policy *policy)
+{
+	return (struct authn_policy) {
+		.silo_name = talloc_move(mem_ctx, &policy->silo_name),
+		.policy_name = talloc_move(mem_ctx, &policy->policy_name),
+		.enforced = policy->enforced,
+	};
+}
+
+/* Authentication policies for Kerberos clients. */
+
+/*
+ * Get the applicable authentication policy for an account acting as a Kerberos
+ * client.
+ */
+int authn_policy_kerberos_client(struct ldb_context *samdb,
+				 TALLOC_CTX *mem_ctx,
+				 const struct ldb_message *msg,
+				 const struct authn_kerberos_client_policy **policy_out)
+{
+	TALLOC_CTX *tmp_ctx = NULL;
+	int ret = 0;
+	struct authn_attrs authn_attrs;
+	struct ldb_message *authn_policy_msg = NULL;
+	struct authn_kerberos_client_policy *client_policy = NULL;
+	struct authn_policy policy;
+
+	*policy_out = NULL;
+
+	if (!authn_policy_silos_and_policies_in_effect(samdb)) {
+		return 0;
+	}
+
+	/*
+	 * Get the silo and policy attributes that apply to objects of this
+	 * account’s objectclass.
+	 */
+	authn_attrs = authn_policy_get_attrs(msg);
+	if (authn_attrs.silo == NULL || authn_attrs.policy == NULL) {
+		/*
+		 * No applicable silo or policy attributes (somehow). Either
+		 * this account isn’t derived from ‘user’, or the message is
+		 * missing an objectClass element.
+		 */
+		goto out;
+	}
+
+	if (authn_attrs.policy->allowed_to_authenticate_from == NULL &&
+	    authn_attrs.policy->tgt_lifetime == NULL)
+	{
+		/* No relevant policy attributes apply. */
+		goto out;
+	}
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		ret = ENOMEM;
+		goto out;
+	}
+
+	ret = samba_kdc_authn_policy_msg(samdb,
+					 tmp_ctx,
+					 msg,
+					 authn_attrs,
+					 &authn_policy_msg,
+					 &policy);
+	if (ret) {
+		goto out;
+	}
+
+	if (authn_policy_msg == NULL) {
+		/* No policy applies. */
+		goto out;
+	}
+
+	client_policy = talloc_zero(tmp_ctx, struct authn_kerberos_client_policy);
+	if (client_policy == NULL) {
+		ret = ENOMEM;
+		goto out;
+	}
+
+	client_policy->policy = authn_policy_move(client_policy, &policy);
+
+	if (authn_attrs.policy->allowed_to_authenticate_from != NULL) {
+		const struct ldb_val *allowed_from = ldb_msg_find_ldb_val(
+			authn_policy_msg,
+			authn_attrs.policy->allowed_to_authenticate_from);
+
+		if (allowed_from != NULL && allowed_from->data != NULL) {
+			client_policy->allowed_to_authenticate_from = data_blob_const(
+				talloc_steal(client_policy, allowed_from->data),
+				allowed_from->length);
+		}
+	}
+
+	if (authn_attrs.policy->tgt_lifetime != NULL) {
+		client_policy->tgt_lifetime_raw = ldb_msg_find_attr_as_int64(
+			authn_policy_msg,
+			authn_attrs.policy->tgt_lifetime,
+			0);
+	}
+
+	*policy_out = talloc_move(mem_ctx, &client_policy);
+
+out:
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+/* Get device restrictions enforced by an authentication policy. */
+static const DATA_BLOB *authn_policy_kerberos_device_restrictions(const struct authn_kerberos_client_policy *policy)
+{
+	const DATA_BLOB *restrictions = NULL;
+
+	if (policy == NULL) {
+		return NULL;
+	}
+
+	restrictions = &policy->allowed_to_authenticate_from;
+	if (restrictions->data == NULL) {
+		return NULL;
+	}
+
+	return restrictions;
+}
+
+/* Return whether an authentication policy enforces device restrictions. */
+bool authn_policy_device_restrictions_present(const struct authn_kerberos_client_policy *policy)
+{
+	return authn_policy_kerberos_device_restrictions(policy) != NULL;
+}
+
+/*
+ * Perform an access check for the device with which the client is
+ * authenticating. ‘device_info’ must be talloc-allocated so that we can make a
+ * reference to it.
+ */
+NTSTATUS authn_policy_authenticate_from_device(TALLOC_CTX *mem_ctx,
+					       struct ldb_context *samdb,
+					       struct loadparm_context* lp_ctx,
+					       const struct auth_user_info_dc *device_info,
+					       const struct auth_claims auth_claims,
+					       const struct authn_kerberos_client_policy *client_policy,
+					       struct authn_audit_info **client_audit_info_out)
+{
+	NTSTATUS status = NT_STATUS_OK;
+	const DATA_BLOB *restrictions = NULL;
+
+	restrictions = authn_policy_kerberos_device_restrictions(client_policy);
+	if (restrictions == NULL) {
+		goto out;
+	}
+
+	status = authn_policy_access_check(mem_ctx,
+					   samdb,
+					   lp_ctx,
+					   device_info,
+					   /* The device itself has no device. */
+					   NULL /* device_info */,
+					   auth_claims,
+					   &client_policy->policy,
+					   authn_int64_some(client_policy->tgt_lifetime_raw),
+					   AUTHN_AUDIT_EVENT_KERBEROS_DEVICE_RESTRICTION,
+					   (struct authn_policy_flags) {},
+					   restrictions,
+					   client_audit_info_out);
+out:
+	return status;
+}
+
+/* Authentication policies for NTLM clients. */
+
+/*
+ * Get the applicable authentication policy for an account acting as an NTLM
+ * client.
+ */
+int authn_policy_ntlm_client(struct ldb_context *samdb,
+			     TALLOC_CTX *mem_ctx,
+			     const struct ldb_message *msg,
+			     const struct authn_ntlm_client_policy **policy_out)
+{
+	TALLOC_CTX *tmp_ctx = NULL;
+	int ret = 0;
+	struct authn_attrs authn_attrs;
+	struct ldb_message *authn_policy_msg = NULL;
+	struct authn_ntlm_client_policy *client_policy = NULL;
+	struct authn_policy policy;
+
+	*policy_out = NULL;
+
+	if (!authn_policy_silos_and_policies_in_effect(samdb)) {
+		return 0;
+	}
+
+	/*
+	 * Get the silo and policy attributes that apply to objects of this
+	 * account’s objectclass.
+	 */
+	authn_attrs = authn_policy_get_attrs(msg);
+	if (authn_attrs.silo == NULL || authn_attrs.policy == NULL) {
+		/*
+		 * No applicable silo or policy attributes (somehow). Either
+		 * this account isn’t derived from ‘user’, or the message is
+		 * missing an objectClass element.
+		 */
+		goto out;
+	}
+
+	if (authn_attrs.policy->allowed_to_authenticate_from == NULL &&
+	    authn_attrs.policy->allowed_ntlm_network_auth == NULL)
+	{
+		/* No relevant policy attributes apply. */
+		goto out;
+	}
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		ret = ENOMEM;
+		goto out;
+	}
+
+	ret = samba_kdc_authn_policy_msg(samdb,
+					 tmp_ctx,
+					 msg,
+					 authn_attrs,
+					 &authn_policy_msg,
+					 &policy);
+	if (ret) {
+		goto out;
+	}
+
+	if (authn_policy_msg == NULL) {
+		/* No policy applies. */
+		goto out;
+	}
+
+	client_policy = talloc_zero(tmp_ctx, struct authn_ntlm_client_policy);
+	if (client_policy == NULL) {
+		ret = ENOMEM;
+		goto out;
+	}
+
+	client_policy->policy = authn_policy_move(client_policy, &policy);
+
+	if (authn_attrs.policy->allowed_to_authenticate_from != NULL) {
+		const struct ldb_val *allowed_from = ldb_msg_find_ldb_val(
+			authn_policy_msg,
+			authn_attrs.policy->allowed_to_authenticate_from);
+
+		if (allowed_from != NULL && allowed_from->data != NULL) {
+			client_policy->allowed_to_authenticate_from = data_blob_const(
+				talloc_steal(client_policy, allowed_from->data),
+				allowed_from->length);
+		}
+	}
+
+	if (authn_attrs.policy->allowed_ntlm_network_auth != NULL &&
+	    authn_policy_allowed_ntlm_network_auth_in_effect(samdb))
+	{
+		client_policy->allowed_ntlm_network_auth = ldb_msg_find_attr_as_bool(
+			authn_policy_msg,
+			authn_attrs.policy->allowed_ntlm_network_auth,
+			false);
+	}
+
+	*policy_out = talloc_move(mem_ctx, &client_policy);
+
+out:
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+/* Return whether an authentication policy enforces device restrictions. */
+static bool authn_policy_ntlm_device_restrictions_present(const struct authn_ntlm_client_policy *policy)
+{
+	if (policy == NULL) {
+		return false;
+	}
+
+	return policy->allowed_to_authenticate_from.data != NULL;
+}
+
+/* Check whether the client is allowed to authenticate using NTLM. */
+NTSTATUS authn_policy_ntlm_apply_device_restriction(TALLOC_CTX *mem_ctx,
+						    const struct authn_ntlm_client_policy *client_policy,
+						    struct authn_audit_info **client_audit_info_out)
+{
+	NTSTATUS status;
+	NTSTATUS status2;
+
+	if (client_audit_info_out != NULL) {
+		*client_audit_info_out = NULL;
+	}
+
+	if (client_policy == NULL) {
+		return NT_STATUS_OK;
+	}
+
+	/*
+	 * Access control restrictions cannot be applied to NTLM.
+	 *
+	 * If NTLM authentication is disallowed and the policy enforces a device
+	 * restriction, deny the authentication.
+	 */
+
+	if (!authn_policy_ntlm_device_restrictions_present(client_policy)) {
+		return authn_policy_audit_info(mem_ctx,
+					       &client_policy->policy,
+					       authn_int64_none() /* tgt_lifetime_raw */,
+					       NULL /* client_info */,
+					       AUTHN_AUDIT_EVENT_OK,
+					       AUTHN_AUDIT_REASON_NONE,
+					       NT_STATUS_OK,
+					       client_audit_info_out);
+	}
+
+	/*
+	 * (Although MS-APDS doesn’t state it, AllowedNTLMNetworkAuthentication
+	 * applies to interactive logons too.)
+	 */
+	if (client_policy->allowed_ntlm_network_auth) {
+		return authn_policy_audit_info(mem_ctx,
+					       &client_policy->policy,
+					       authn_int64_none() /* tgt_lifetime_raw */,
+					       NULL /* client_info */,
+					       AUTHN_AUDIT_EVENT_OK,
+					       AUTHN_AUDIT_REASON_NONE,
+					       NT_STATUS_OK,
+					       client_audit_info_out);
+	}
+
+	status = NT_STATUS_ACCOUNT_RESTRICTION;
+	status2 = authn_policy_audit_info(mem_ctx,
+					  &client_policy->policy,
+					  authn_int64_none() /* tgt_lifetime_raw */,
+					  NULL /* client_info */,
+					  AUTHN_AUDIT_EVENT_NTLM_DEVICE_RESTRICTION,
+					  AUTHN_AUDIT_REASON_NONE,
+					  status,
+					  client_audit_info_out);
+	if (!NT_STATUS_IS_OK(status2)) {
+		status = status2;
+	} else if (!authn_policy_is_enforced(&client_policy->policy)) {
+		status = NT_STATUS_OK;
+	}
+
+	return status;
+}
+
+/* Authentication policies for servers. */
+
+/*
+ * Get the applicable authentication policy for an account acting as a
+ * server.
+ */
+int authn_policy_server(struct ldb_context *samdb,
+			TALLOC_CTX *mem_ctx,
+			const struct ldb_message *msg,
+			const struct authn_server_policy **policy_out)
+{
+	TALLOC_CTX *tmp_ctx = NULL;
+	int ret = 0;
+	struct authn_attrs authn_attrs;
+	struct ldb_message *authn_policy_msg = NULL;
+	struct authn_server_policy *server_policy = NULL;
+	struct authn_policy policy;
+
+	*policy_out = NULL;
+
+	if (!authn_policy_silos_and_policies_in_effect(samdb)) {
+		return 0;
+	}
+
+	/*
+	 * Get the silo and policy attributes that apply to objects of this
+	 * account’s objectclass.
+	 */
+	authn_attrs = authn_policy_get_attrs(msg);
+	if (authn_attrs.silo == NULL || authn_attrs.policy == NULL) {
+		/*
+		 * No applicable silo or policy attributes (somehow). Either
+		 * this account isn’t derived from ‘user’, or the message is
+		 * missing an objectClass element.
+		 */
+		goto out;
+	}
+
+	if (authn_attrs.policy->allowed_to_authenticate_to == NULL) {
+		/* The relevant policy attribute doesn’t apply. */
+		goto out;
+	}
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		ret = ENOMEM;
+		goto out;
+	}
+
+	ret = samba_kdc_authn_policy_msg(samdb,
+					 tmp_ctx,
+					 msg,
+					 authn_attrs,
+					 &authn_policy_msg,
+					 &policy);
+	if (ret) {
+		goto out;
+	}
+
+	if (authn_policy_msg == NULL) {
+		/* No policy applies. */
+		goto out;
+	}
+
+	server_policy = talloc_zero(tmp_ctx, struct authn_server_policy);
+	if (server_policy == NULL) {
+		ret = ENOMEM;
+		goto out;
+	}
+
+	server_policy->policy = authn_policy_move(server_policy, &policy);
+
+	if (authn_attrs.policy->allowed_to_authenticate_to != NULL) {
+		const struct ldb_val *allowed_to = ldb_msg_find_ldb_val(
+			authn_policy_msg,
+			authn_attrs.policy->allowed_to_authenticate_to);
+
+		if (allowed_to != NULL && allowed_to->data != NULL) {
+			server_policy->allowed_to_authenticate_to = data_blob_const(
+				talloc_steal(server_policy, allowed_to->data),
+				allowed_to->length);
+		}
+	}
+
+	*policy_out = talloc_move(mem_ctx, &server_policy);
+
+out:
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+/* Get restrictions enforced by an authentication policy. */
+static const DATA_BLOB *authn_policy_restrictions(const struct authn_server_policy *policy)
+{
+	const DATA_BLOB *restrictions = NULL;
+
+	if (policy == NULL) {
+		return NULL;
+	}
+
+	restrictions = &policy->allowed_to_authenticate_to;
+	if (restrictions->data == NULL) {
+		return NULL;
+	}
+
+	return restrictions;
+}
+
+/* Return whether an authentication policy enforces restrictions. */
+bool authn_policy_restrictions_present(const struct authn_server_policy *policy)
+{
+	return authn_policy_restrictions(policy) != NULL;
+}
+
+/*
+ * Perform an access check for the client attempting to authenticate to the
+ * server. ‘user_info’ must be talloc-allocated so that we can make a reference
+ * to it.
+ */
+NTSTATUS authn_policy_authenticate_to_service(TALLOC_CTX *mem_ctx,
+					      struct ldb_context *samdb,
+					      struct loadparm_context* lp_ctx,
+					      const enum authn_policy_auth_type auth_type,
+					      const struct auth_user_info_dc *user_info,
+					      const struct auth_user_info_dc *device_info,
+					      const struct auth_claims auth_claims,
+					      const struct authn_server_policy *server_policy,
+					      const struct authn_policy_flags authn_policy_flags,
+					      struct authn_audit_info **server_audit_info_out)
+{
+	NTSTATUS status = NT_STATUS_OK;
+	const DATA_BLOB *restrictions = NULL;
+	enum authn_audit_event event;
+
+	restrictions = authn_policy_restrictions(server_policy);
+	if (restrictions == NULL) {
+		return authn_server_policy_audit_info(mem_ctx,
+						      server_policy,
+						      user_info,
+						      AUTHN_AUDIT_EVENT_OK,
+						      AUTHN_AUDIT_REASON_NONE,
+						      NT_STATUS_OK,
+						      server_audit_info_out);
+	}
+
+	switch (auth_type) {
+	case AUTHN_POLICY_AUTH_TYPE_KERBEROS:
+		event = AUTHN_AUDIT_EVENT_KERBEROS_SERVER_RESTRICTION;
+		break;
+	case AUTHN_POLICY_AUTH_TYPE_NTLM:
+		event = AUTHN_AUDIT_EVENT_NTLM_SERVER_RESTRICTION;
+		break;
+	default:
+		return NT_STATUS_INVALID_PARAMETER_4;
+	}
+
+	status = authn_policy_access_check(mem_ctx,
+					   samdb,
+					   lp_ctx,
+					   user_info,
+					   device_info,
+					   auth_claims,
+					   &server_policy->policy,
+					   authn_int64_none() /* tgt_lifetime_raw */,
+					   event,
+					   authn_policy_flags,
+					   restrictions,
+					   server_audit_info_out);
+	return status;
+}
+
+/* Create a structure containing auditing information. */
+NTSTATUS _authn_kerberos_client_policy_audit_info(
+	TALLOC_CTX *mem_ctx,
+	const struct authn_kerberos_client_policy *client_policy,
+	const struct auth_user_info_dc *client_info,
+	const enum authn_audit_event event,
+	const enum authn_audit_reason reason,
+	const NTSTATUS policy_status,
+	const char *location,
+	struct authn_audit_info **audit_info_out)
+{
+	const struct authn_policy *policy = NULL;
+	struct authn_int64_optional tgt_lifetime_raw = authn_int64_none();
+
+	if (client_policy != NULL) {
+		policy = &client_policy->policy;
+		tgt_lifetime_raw = authn_int64_some(client_policy->tgt_lifetime_raw);
+	}
+
+	return _authn_policy_audit_info(mem_ctx,
+					policy,
+					tgt_lifetime_raw,
+					client_info,
+					event,
+					reason,
+					policy_status,
+					location,
+					audit_info_out);
+}
+
+/* Create a structure containing auditing information. */
+NTSTATUS _authn_ntlm_client_policy_audit_info(
+	TALLOC_CTX *mem_ctx,
+	const struct authn_ntlm_client_policy *client_policy,
+	const struct auth_user_info_dc *client_info,
+	const enum authn_audit_event event,
+	const enum authn_audit_reason reason,
+	const NTSTATUS policy_status,
+	const char *location,
+	struct authn_audit_info **audit_info_out)
+{
+	const struct authn_policy *policy = NULL;
+
+	if (client_policy != NULL) {
+		policy = &client_policy->policy;
+	}
+
+	return _authn_policy_audit_info(mem_ctx,
+					policy,
+					authn_int64_none() /* tgt_lifetime_raw */,
+					client_info,
+					event,
+					reason,
+					policy_status,
+					location,
+					audit_info_out);
+}
+
+/* Create a structure containing auditing information. */
+NTSTATUS _authn_server_policy_audit_info(
+	TALLOC_CTX *mem_ctx,
+	const struct authn_server_policy *server_policy,
+	const struct auth_user_info_dc *client_info,
+	const enum authn_audit_event event,
+	const enum authn_audit_reason reason,
+	const NTSTATUS policy_status,
+	const char *location,
+	struct authn_audit_info **audit_info_out)
+{
+	const struct authn_policy *policy = NULL;
+
+	if (server_policy != NULL) {
+		policy = &server_policy->policy;
+	}
+
+	return _authn_policy_audit_info(mem_ctx,
+					policy,
+					authn_int64_none() /* tgt_lifetime_raw */,
+					client_info,
+					event,
+					reason,
+					policy_status,
+					location,
+					audit_info_out);
+}
diff --git a/source4/kdc/authn_policy_util.h b/source4/kdc/authn_policy_util.h
new file mode 100644
index 0000000..4895803
--- /dev/null
+++ b/source4/kdc/authn_policy_util.h
@@ -0,0 +1,228 @@
+/*
+   Unix SMB/CIFS implementation.
+   Samba Active Directory authentication policy utility functions
+
+   Copyright (C) Catalyst.Net Ltd 2023
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef KDC_AUTHN_POLICY_UTIL_H
+#define KDC_AUTHN_POLICY_UTIL_H
+
+#include "lib/replace/replace.h"
+#include "auth/authn_policy.h"
+#include "auth/session.h"
+#include <talloc.h>
+
+struct ldb_context;
+struct loadparm_context;
+struct ldb_message;
+
+bool authn_policy_silos_and_policies_in_effect(struct ldb_context *samdb);
+
+bool authn_policy_allowed_ntlm_network_auth_in_effect(struct ldb_context *samdb);
+
+/*
+ * Look up the silo assigned to an account. If one exists, returns its details
+ * and whether it is enforced or not. ‘silo_attrs’ comprises the attributes to
+ * include in the search result, the relevant set of which can differ depending
+ * on the account’s objectClass.
+ */
+int authn_policy_get_assigned_silo(struct ldb_context *samdb,
+				   TALLOC_CTX *mem_ctx,
+				   const struct ldb_message *msg,
+				   const char *const *silo_attrs,
+				   const struct ldb_message **silo_msg_out,
+				   bool *is_enforced);
+
+struct auth_user_info_dc;
+
+/* Authentication policies for Kerberos clients. */
+
+/*
+ * Get the applicable authentication policy for an account acting as a Kerberos
+ * client.
+ */
+int authn_policy_kerberos_client(struct ldb_context *samdb,
+				 TALLOC_CTX *mem_ctx,
+				 const struct ldb_message *msg,
+				 const struct authn_kerberos_client_policy **policy_out);
+
+/*
+ * Perform an access check for the device with which the client is
+ * authenticating. ‘device_info’ must be talloc-allocated so that we can make a
+ * reference to it.
+ */
+NTSTATUS authn_policy_authenticate_from_device(TALLOC_CTX *mem_ctx,
+					       struct ldb_context *samdb,
+					       struct loadparm_context* lp_ctx,
+					       const struct auth_user_info_dc *device_info,
+					       const struct auth_claims auth_claims,
+					       const struct authn_kerberos_client_policy *client_policy,
+					       struct authn_audit_info **client_audit_info_out);
+
+/* Return whether an authentication policy enforces device restrictions. */
+bool authn_policy_device_restrictions_present(const struct authn_kerberos_client_policy *policy);
+
+/* Authentication policies for NTLM clients. */
+
+struct authn_ntlm_client_policy;
+
+/*
+ * Get the applicable authentication policy for an account acting as an NTLM
+ * client.
+ */
+int authn_policy_ntlm_client(struct ldb_context *samdb,
+			     TALLOC_CTX *mem_ctx,
+			     const struct ldb_message *msg,
+			     const struct authn_ntlm_client_policy **policy_out);
+
+/* Check whether the client is allowed to authenticate using NTLM. */
+NTSTATUS authn_policy_ntlm_apply_device_restriction(TALLOC_CTX *mem_ctx,
+						    const struct authn_ntlm_client_policy *client_policy,
+						    struct authn_audit_info **client_audit_info_out);
+
+/* Authentication policies for servers. */
+
+struct authn_server_policy;
+
+/*
+ * Get the applicable authentication policy for an account acting as a
+ * server.
+ */
+int authn_policy_server(struct ldb_context *samdb,
+			TALLOC_CTX *mem_ctx,
+			const struct ldb_message *msg,
+			const struct authn_server_policy **policy_out);
+
+/* Return whether an authentication policy enforces restrictions. */
+bool authn_policy_restrictions_present(const struct authn_server_policy *policy);
+
+enum authn_policy_auth_type {
+	AUTHN_POLICY_AUTH_TYPE_KERBEROS,
+	AUTHN_POLICY_AUTH_TYPE_NTLM,
+};
+
+struct authn_policy_flags {
+	bool force_compounded_authentication : 1;
+};
+
+/*
+ * Perform an access check for the client attempting to authenticate to the
+ * server. ‘user_info’ must be talloc-allocated so that we can make a reference
+ * to it.
+ */
+NTSTATUS authn_policy_authenticate_to_service(TALLOC_CTX *mem_ctx,
+					      struct ldb_context *samdb,
+					      struct loadparm_context* lp_ctx,
+					      enum authn_policy_auth_type auth_type,
+					      const struct auth_user_info_dc *user_info,
+					      const struct auth_user_info_dc *device_info,
+					      const struct auth_claims auth_claims,
+					      const struct authn_server_policy *server_policy,
+					      const struct authn_policy_flags authn_policy_flags,
+					      struct authn_audit_info **server_audit_info_out);
+
+/* Create a structure containing auditing information. */
+NTSTATUS _authn_kerberos_client_policy_audit_info(
+	TALLOC_CTX *mem_ctx,
+	const struct authn_kerberos_client_policy *client_policy,
+	const struct auth_user_info_dc *client_info,
+	enum authn_audit_event event,
+	enum authn_audit_reason reason,
+	NTSTATUS policy_status,
+	const char *location,
+	struct authn_audit_info **audit_info_out);
+
+/* Create a structure containing auditing information. */
+#define authn_kerberos_client_policy_audit_info( \
+	mem_ctx, \
+	policy, \
+	client_info, \
+	event, \
+	reason, \
+	policy_status, \
+	audit_info_out) \
+	_authn_kerberos_client_policy_audit_info( \
+		mem_ctx, \
+		policy, \
+		client_info, \
+		event, \
+		reason, \
+		policy_status, \
+		__location__, \
+		audit_info_out)
+
+/* Create a structure containing auditing information. */
+NTSTATUS _authn_ntlm_client_policy_audit_info(
+	TALLOC_CTX *mem_ctx,
+	const struct authn_ntlm_client_policy *policy,
+	const struct auth_user_info_dc *client_info,
+	enum authn_audit_event event,
+	enum authn_audit_reason reason,
+	NTSTATUS policy_status,
+	const char *location,
+	struct authn_audit_info **audit_info_out);
+
+/* Create a structure containing auditing information. */
+#define authn_ntlm_client_policy_audit_info( \
+	mem_ctx, \
+	policy, \
+	client_info, \
+	event, \
+	reason, \
+	policy_status, \
+	audit_info_out) \
+	_authn_ntlm_client_policy_audit_info( \
+		mem_ctx, \
+		policy, \
+		client_info, \
+		event, \
+		reason, \
+		policy_status, \
+		__location__, \
+		audit_info_out)
+
+/* Create a structure containing auditing information. */
+NTSTATUS _authn_server_policy_audit_info(
+	TALLOC_CTX *mem_ctx,
+	const struct authn_server_policy *policy,
+	const struct auth_user_info_dc *client_info,
+	enum authn_audit_event event,
+	enum authn_audit_reason reason,
+	NTSTATUS policy_status,
+	const char *location,
+	struct authn_audit_info **audit_info_out);
+
+/* Create a structure containing auditing information. */
+#define authn_server_policy_audit_info( \
+	mem_ctx, \
+	policy, \
+	client_info, \
+	event, \
+	reason, \
+	policy_status, \
+	audit_info_out) \
+	_authn_server_policy_audit_info( \
+		mem_ctx, \
+		policy, \
+		client_info, \
+		event, \
+		reason, \
+		policy_status, \
+		__location__, \
+		audit_info_out)
+
+#endif
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
new file mode 100644
index 0000000..3b2757a
--- /dev/null
+++ b/source4/kdc/db-glue.c
@@ -0,0 +1,3872 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Database Glue between Samba and the KDC
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2009
+   Copyright (C) Simo Sorce <idra@samba.org> 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/security/security.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "auth/auth.h"
+#include "auth/auth_sam.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "param/param.h"
+#include "param/secrets.h"
+#include "../lib/crypto/md4.h"
+#include "system/kerberos.h"
+#include "auth/kerberos/kerberos.h"
+#include "kdc/authn_policy_util.h"
+#include "kdc/sdb.h"
+#include "kdc/samba_kdc.h"
+#include "kdc/db-glue.h"
+#include "kdc/pac-glue.h"
+#include "librpc/gen_ndr/ndr_irpc_c.h"
+#include "lib/messaging/irpc.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_KERBEROS
+
+#undef strcasecmp
+#undef strncasecmp
+
+#define SAMBA_KVNO_GET_KRBTGT(kvno) \
+	((uint16_t)(((uint32_t)kvno) >> 16))
+
+#define SAMBA_KVNO_GET_VALUE(kvno) \
+	((uint16_t)(((uint32_t)kvno) & 0xFFFF))
+
+#define SAMBA_KVNO_AND_KRBTGT(kvno, krbtgt) \
+	((krb5_kvno)((((uint32_t)kvno) & 0xFFFF) | \
+	 ((((uint32_t)krbtgt) << 16) & 0xFFFF0000)))
+
+enum trust_direction {
+	UNKNOWN = 0,
+	INBOUND = LSA_TRUST_DIRECTION_INBOUND,
+	OUTBOUND = LSA_TRUST_DIRECTION_OUTBOUND
+};
+
+static const char *trust_attrs[] = {
+	"securityIdentifier",
+	"flatName",
+	"trustPartner",
+	"trustAttributes",
+	"trustDirection",
+	"trustType",
+	"msDS-TrustForestTrustInfo",
+	"trustAuthIncoming",
+	"trustAuthOutgoing",
+	"whenCreated",
+	"msDS-SupportedEncryptionTypes",
+	NULL
+};
+
+/*
+  send a message to the drepl server telling it to initiate a
+  REPL_SECRET getncchanges extended op to fetch the users secrets
+ */
+static void auth_sam_trigger_repl_secret(TALLOC_CTX *mem_ctx,
+                                  struct imessaging_context *msg_ctx,
+                                  struct tevent_context *event_ctx,
+                                  struct ldb_dn *user_dn)
+{
+        struct dcerpc_binding_handle *irpc_handle;
+        struct drepl_trigger_repl_secret r;
+        struct tevent_req *req;
+        TALLOC_CTX *tmp_ctx;
+
+        tmp_ctx = talloc_new(mem_ctx);
+        if (tmp_ctx == NULL) {
+                return;
+        }
+
+        irpc_handle = irpc_binding_handle_by_name(tmp_ctx, msg_ctx,
+                                                  "dreplsrv",
+                                                  &ndr_table_irpc);
+        if (irpc_handle == NULL) {
+                DBG_WARNING("Unable to get binding handle for dreplsrv\n");
+                TALLOC_FREE(tmp_ctx);
+                return;
+        }
+
+        r.in.user_dn = ldb_dn_get_linearized(user_dn);
+        if (r.in.user_dn == NULL) {
+                DBG_WARNING("Unable to get user DN\n");
+                TALLOC_FREE(tmp_ctx);
+                return;
+        }
+
+        /*
+         * This seem to rely on the current IRPC implementation,
+         * which delivers the message in the _send function.
+         *
+         * TODO: we need a ONE_WAY IRPC handle and register
+         * a callback and wait for it to be triggered!
+         */
+        req = dcerpc_drepl_trigger_repl_secret_r_send(tmp_ctx,
+                                                      event_ctx,
+                                                      irpc_handle,
+                                                      &r);
+
+        /* we aren't interested in a reply */
+        talloc_free(req);
+        TALLOC_FREE(tmp_ctx);
+}
+
+static time_t ldb_msg_find_krb5time_ldap_time(struct ldb_message *msg, const char *attr, time_t default_val)
+{
+    const struct ldb_val *gentime = NULL;
+    time_t t;
+    int ret;
+
+    gentime = ldb_msg_find_ldb_val(msg, attr);
+    ret = ldb_val_to_time(gentime, &t);
+    if (ret) {
+	    return default_val;
+    }
+
+    return t;
+}
+
+static struct SDBFlags uf2SDBFlags(krb5_context context, uint32_t userAccountControl, enum samba_kdc_ent_type ent_type)
+{
+	struct SDBFlags flags = {};
+
+	/* we don't allow kadmin deletes */
+	flags.immutable = 1;
+
+	/* mark the principal as invalid to start with */
+	flags.invalid = 1;
+
+	flags.renewable = 1;
+
+	/* All accounts are servers, but this may be disabled again in the caller */
+	flags.server = 1;
+
+	/* Account types - clear the invalid bit if it turns out to be valid */
+	if (userAccountControl & UF_NORMAL_ACCOUNT) {
+		if (ent_type == SAMBA_KDC_ENT_TYPE_CLIENT || ent_type == SAMBA_KDC_ENT_TYPE_ANY) {
+			flags.client = 1;
+		}
+		flags.invalid = 0;
+	}
+
+	if (userAccountControl & UF_INTERDOMAIN_TRUST_ACCOUNT) {
+		if (ent_type == SAMBA_KDC_ENT_TYPE_CLIENT || ent_type == SAMBA_KDC_ENT_TYPE_ANY) {
+			flags.client = 1;
+		}
+		flags.invalid = 0;
+	}
+	if (userAccountControl & UF_WORKSTATION_TRUST_ACCOUNT) {
+		if (ent_type == SAMBA_KDC_ENT_TYPE_CLIENT || ent_type == SAMBA_KDC_ENT_TYPE_ANY) {
+			flags.client = 1;
+		}
+		flags.invalid = 0;
+	}
+	if (userAccountControl & UF_SERVER_TRUST_ACCOUNT) {
+		if (ent_type == SAMBA_KDC_ENT_TYPE_CLIENT || ent_type == SAMBA_KDC_ENT_TYPE_ANY) {
+			flags.client = 1;
+		}
+		flags.invalid = 0;
+	}
+
+	/* Not permitted to act as a client if disabled */
+	if (userAccountControl & UF_ACCOUNTDISABLE) {
+		flags.client = 0;
+	}
+	if (userAccountControl & UF_LOCKOUT) {
+		flags.locked_out = 1;
+	}
+/*
+	if (userAccountControl & UF_PASSWD_NOTREQD) {
+		flags.invalid = 1;
+	}
+*/
+/*
+	UF_PASSWD_CANT_CHANGE and UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED are irrelevant
+*/
+	if (userAccountControl & UF_TEMP_DUPLICATE_ACCOUNT) {
+		flags.invalid = 1;
+	}
+
+/* UF_DONT_EXPIRE_PASSWD and UF_USE_DES_KEY_ONLY handled in samba_kdc_message2entry() */
+
+/*
+	if (userAccountControl & UF_MNS_LOGON_ACCOUNT) {
+		flags.invalid = 1;
+	}
+*/
+	if (userAccountControl & UF_SMARTCARD_REQUIRED) {
+		flags.require_hwauth = 1;
+	}
+	if (userAccountControl & UF_TRUSTED_FOR_DELEGATION) {
+		flags.ok_as_delegate = 1;
+	}
+	if (userAccountControl & UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION) {
+		/*
+		 * this is confusing...
+		 *
+		 * UF_TRUSTED_FOR_DELEGATION
+		 * => ok_as_delegate
+		 *
+		 * and
+		 *
+		 * UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
+		 * => trusted_for_delegation
+		 */
+		flags.trusted_for_delegation = 1;
+	}
+	if (!(userAccountControl & UF_NOT_DELEGATED)) {
+		flags.forwardable = 1;
+		flags.proxiable = 1;
+	}
+
+	if (userAccountControl & UF_DONT_REQUIRE_PREAUTH) {
+		flags.require_preauth = 0;
+	} else {
+		flags.require_preauth = 1;
+	}
+
+	if (userAccountControl & UF_NO_AUTH_DATA_REQUIRED) {
+		flags.no_auth_data_reqd = 1;
+	}
+
+	return flags;
+}
+
+static int samba_kdc_entry_destructor(struct samba_kdc_entry *p)
+{
+	if (p->db_entry != NULL) {
+		/*
+		 * A sdb_entry still has a reference
+		 */
+		return -1;
+	}
+
+	if (p->kdc_entry != NULL) {
+		/*
+		 * hdb_entry or krb5_db_entry still
+		 * have a reference...
+		 */
+		return -1;
+	}
+
+	return 0;
+}
+
+/*
+ * Sort keys in descending order of strength.
+ *
+ * Explanation from Greg Hudson:
+ *
+ * To encrypt tickets only the first returned key is used by the MIT KDC.  The
+ * other keys just communicate support for session key enctypes, and aren't
+ * really used.  The encryption key for the ticket enc part doesn't have
+ * to be of a type requested by the client. The session key enctype is chosen
+ * based on the client preference order, limited by the set of enctypes present
+ * in the server keys (unless the string attribute is set on the server
+ * principal overriding that set).
+ */
+
+static int sdb_key_strength_priority(krb5_enctype etype)
+{
+	static const krb5_enctype etype_list[] = {
+		ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+		ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+		ENCTYPE_DES3_CBC_SHA1,
+		ENCTYPE_ARCFOUR_HMAC,
+		ENCTYPE_DES_CBC_MD5,
+		ENCTYPE_DES_CBC_MD4,
+		ENCTYPE_DES_CBC_CRC,
+		ENCTYPE_NULL
+	};
+	int i;
+
+	for (i = 0; i < ARRAY_SIZE(etype_list); i++) {
+		if (etype == etype_list[i]) {
+			break;
+		}
+	}
+
+	return ARRAY_SIZE(etype_list) - i;
+}
+
+static int sdb_key_strength_cmp(const struct sdb_key *k1, const struct sdb_key *k2)
+{
+	int p1 = sdb_key_strength_priority(KRB5_KEY_TYPE(&k1->key));
+	int p2 = sdb_key_strength_priority(KRB5_KEY_TYPE(&k2->key));
+
+	if (p1 == p2) {
+		return 0;
+	}
+
+	if (p1 > p2) {
+		/*
+		 * Higher priority comes first
+		 */
+		return -1;
+	} else {
+		return 1;
+	}
+}
+
+static void samba_kdc_sort_keys(struct sdb_keys *keys)
+{
+	if (keys == NULL) {
+		return;
+	}
+
+	TYPESAFE_QSORT(keys->val, keys->len, sdb_key_strength_cmp);
+}
+
+int samba_kdc_set_fixed_keys(krb5_context context,
+			     const struct ldb_val *secretbuffer,
+			     uint32_t supported_enctypes,
+			     struct sdb_keys *keys)
+{
+	uint16_t allocated_keys = 0;
+	int ret;
+
+	allocated_keys = 3;
+	keys->len = 0;
+	keys->val = calloc(allocated_keys, sizeof(struct sdb_key));
+	if (keys->val == NULL) {
+		memset(secretbuffer->data, 0, secretbuffer->length);
+		ret = ENOMEM;
+		goto out;
+	}
+
+	if (supported_enctypes & ENC_HMAC_SHA1_96_AES256) {
+		struct sdb_key key = {};
+
+		ret = smb_krb5_keyblock_init_contents(context,
+						      ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+						      secretbuffer->data,
+						      MIN(secretbuffer->length, 32),
+						      &key.key);
+		if (ret) {
+			memset(secretbuffer->data, 0, secretbuffer->length);
+			goto out;
+		}
+
+		keys->val[keys->len] = key;
+		keys->len++;
+	}
+
+	if (supported_enctypes & ENC_HMAC_SHA1_96_AES128) {
+		struct sdb_key key = {};
+
+		ret = smb_krb5_keyblock_init_contents(context,
+						      ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+						      secretbuffer->data,
+						      MIN(secretbuffer->length, 16),
+						      &key.key);
+		if (ret) {
+			memset(secretbuffer->data, 0, secretbuffer->length);
+			goto out;
+		}
+
+		keys->val[keys->len] = key;
+		keys->len++;
+	}
+
+	if (supported_enctypes & ENC_RC4_HMAC_MD5) {
+		struct sdb_key key = {};
+
+		ret = smb_krb5_keyblock_init_contents(context,
+						      ENCTYPE_ARCFOUR_HMAC,
+						      secretbuffer->data,
+						      MIN(secretbuffer->length, 16),
+						      &key.key);
+		if (ret) {
+			memset(secretbuffer->data, 0, secretbuffer->length);
+			goto out;
+		}
+
+		keys->val[keys->len] = key;
+		keys->len++;
+	}
+	ret = 0;
+out:
+	return ret;
+}
+
+
+static int samba_kdc_set_random_keys(krb5_context context,
+				     uint32_t supported_enctypes,
+				     struct sdb_keys *keys)
+{
+	struct ldb_val secret_val;
+	uint8_t secretbuffer[32];
+
+	/*
+	 * Fake keys until we have a better way to reject
+	 * non-pkinit requests.
+	 *
+	 * We just need to indicate which encryption types are
+	 * supported.
+	 */
+	generate_secret_buffer(secretbuffer, sizeof(secretbuffer));
+
+	secret_val = data_blob_const(secretbuffer,
+				     sizeof(secretbuffer));
+	return samba_kdc_set_fixed_keys(context,
+					&secret_val,
+					supported_enctypes,
+					keys);
+}
+
+struct samba_kdc_user_keys {
+	struct sdb_keys *skeys;
+	uint32_t kvno;
+	uint32_t *returned_kvno;
+	uint32_t supported_enctypes;
+	uint32_t *available_enctypes;
+	const struct samr_Password *nthash;
+	const char *salt_string;
+	uint16_t num_pkeys;
+	const struct package_PrimaryKerberosKey4 *pkeys;
+};
+
+static krb5_error_code samba_kdc_fill_user_keys(krb5_context context,
+						struct samba_kdc_user_keys *p)
+{
+	/*
+	 * Make sure we'll never reveal DES keys
+	 */
+	uint32_t supported_enctypes = p->supported_enctypes &= ~(ENC_CRC32 | ENC_RSA_MD5);
+	uint32_t _available_enctypes = 0;
+	uint32_t *available_enctypes = p->available_enctypes;
+	uint32_t _returned_kvno = 0;
+	uint32_t *returned_kvno = p->returned_kvno;
+	uint32_t num_pkeys = p->num_pkeys;
+	uint32_t allocated_keys = num_pkeys;
+	uint32_t i;
+	int ret;
+
+	if (available_enctypes == NULL) {
+		available_enctypes = &_available_enctypes;
+	}
+
+	*available_enctypes = 0;
+
+	if (returned_kvno == NULL) {
+		returned_kvno = &_returned_kvno;
+	}
+
+	*returned_kvno = p->kvno;
+
+	if (p->nthash != NULL) {
+		allocated_keys += 1;
+	}
+
+	allocated_keys = MAX(1, allocated_keys);
+
+	/* allocate space to decode into */
+	p->skeys->len = 0;
+	p->skeys->val = calloc(allocated_keys, sizeof(struct sdb_key));
+	if (p->skeys->val == NULL) {
+		return ENOMEM;
+	}
+
+	for (i=0; i < num_pkeys; i++) {
+		struct sdb_key key = {};
+		uint32_t enctype_bit;
+
+		if (p->pkeys[i].value == NULL) {
+			continue;
+		}
+
+		enctype_bit = kerberos_enctype_to_bitmap(p->pkeys[i].keytype);
+		if (!(enctype_bit & supported_enctypes)) {
+			continue;
+		}
+
+		if (p->salt_string != NULL) {
+			DATA_BLOB salt;
+
+			salt = data_blob_string_const(p->salt_string);
+
+			key.salt = calloc(1, sizeof(*key.salt));
+			if (key.salt == NULL) {
+				ret = ENOMEM;
+				goto fail;
+			}
+
+			key.salt->type = KRB5_PW_SALT;
+
+			ret = smb_krb5_copy_data_contents(&key.salt->salt,
+							  salt.data,
+							  salt.length);
+			if (ret) {
+				*key.salt = (struct sdb_salt) {};
+				sdb_key_free(&key);
+				goto fail;
+			}
+		}
+
+		ret = smb_krb5_keyblock_init_contents(context,
+						      p->pkeys[i].keytype,
+						      p->pkeys[i].value->data,
+						      p->pkeys[i].value->length,
+						      &key.key);
+		if (ret == 0) {
+			p->skeys->val[p->skeys->len++] = key;
+			*available_enctypes |= enctype_bit;
+			continue;
+		}
+		ZERO_STRUCT(key.key);
+		sdb_key_free(&key);
+		if (ret == KRB5_PROG_ETYPE_NOSUPP) {
+			DEBUG(2,("Unsupported keytype ignored - type %u\n",
+				 p->pkeys[i].keytype));
+			ret = 0;
+			continue;
+		}
+
+		goto fail;
+	}
+
+	if (p->nthash != NULL && (supported_enctypes & ENC_RC4_HMAC_MD5)) {
+		struct sdb_key key = {};
+
+		ret = smb_krb5_keyblock_init_contents(context,
+						      ENCTYPE_ARCFOUR_HMAC,
+						      p->nthash->hash,
+						      sizeof(p->nthash->hash),
+						      &key.key);
+		if (ret == 0) {
+			p->skeys->val[p->skeys->len++] = key;
+
+			*available_enctypes |= ENC_RC4_HMAC_MD5;
+		} else if (ret == KRB5_PROG_ETYPE_NOSUPP) {
+			DEBUG(2,("Unsupported keytype ignored - type %u\n",
+				 ENCTYPE_ARCFOUR_HMAC));
+			ret = 0;
+		}
+		if (ret != 0) {
+			goto fail;
+		}
+	}
+
+	samba_kdc_sort_keys(p->skeys);
+
+	return 0;
+fail:
+	sdb_keys_free(p->skeys);
+	return ret;
+}
+
+krb5_error_code samba_kdc_message2entry_keys(krb5_context context,
+					     TALLOC_CTX *mem_ctx,
+					     const struct ldb_message *msg,
+					     bool is_krbtgt,
+					     bool is_rodc,
+					     uint32_t userAccountControl,
+					     enum samba_kdc_ent_type ent_type,
+					     unsigned flags,
+					     krb5_kvno requested_kvno,
+					     struct sdb_entry *entry,
+					     const uint32_t supported_enctypes_in,
+					     uint32_t *supported_enctypes_out)
+{
+	krb5_error_code ret = 0;
+	enum ndr_err_code ndr_err;
+	struct samr_Password *hash;
+	unsigned int num_ntPwdHistory = 0;
+	struct samr_Password *ntPwdHistory = NULL;
+	struct samr_Password *old_hash = NULL;
+	struct samr_Password *older_hash = NULL;
+	const struct ldb_val *sc_val;
+	struct supplementalCredentialsBlob scb;
+	struct supplementalCredentialsPackage *scpk = NULL;
+	struct package_PrimaryKerberosBlob _pkb;
+	struct package_PrimaryKerberosCtr4 *pkb4 = NULL;
+	int krbtgt_number = 0;
+	uint32_t current_kvno;
+	uint32_t old_kvno = 0;
+	uint32_t older_kvno = 0;
+	uint32_t returned_kvno = 0;
+	uint16_t i;
+	struct samba_kdc_user_keys keys = { .num_pkeys = 0, };
+	struct samba_kdc_user_keys old_keys = { .num_pkeys = 0, };
+	struct samba_kdc_user_keys older_keys = { .num_pkeys = 0, };
+	uint32_t available_enctypes = 0;
+	uint32_t supported_enctypes = supported_enctypes_in;
+
+	*supported_enctypes_out = 0;
+
+	/* Is this the krbtgt or a RODC krbtgt */
+	if (is_rodc) {
+		krbtgt_number = ldb_msg_find_attr_as_int(msg, "msDS-SecondaryKrbTgtNumber", -1);
+
+		if (krbtgt_number == -1) {
+			return EINVAL;
+		}
+		if (krbtgt_number == 0) {
+			return EINVAL;
+		}
+	}
+
+	if (flags & SDB_F_USER2USER_PRINCIPAL) {
+		/*
+		 * User2User uses the session key
+		 * from the additional ticket,
+		 * so we just provide random keys
+		 * here in order to make sure
+		 * we never expose the user password
+		 * keys.
+		 */
+		ret = samba_kdc_set_random_keys(context,
+						supported_enctypes,
+						&entry->keys);
+
+		*supported_enctypes_out = supported_enctypes & ENC_ALL_TYPES;
+
+		goto out;
+	}
+
+	if ((ent_type == SAMBA_KDC_ENT_TYPE_CLIENT)
+	    && (userAccountControl & UF_SMARTCARD_REQUIRED)) {
+		ret = samba_kdc_set_random_keys(context,
+						supported_enctypes,
+						&entry->keys);
+
+		*supported_enctypes_out = supported_enctypes & ENC_ALL_TYPES;
+
+		goto out;
+	}
+
+	current_kvno = ldb_msg_find_attr_as_int(msg, "msDS-KeyVersionNumber", 0);
+	if (current_kvno > 1) {
+		old_kvno = current_kvno - 1;
+	}
+	if (current_kvno > 2) {
+		older_kvno = current_kvno - 2;
+	}
+	if (is_krbtgt) {
+		/*
+		 * Even for the main krbtgt account
+		 * we have to strictly split the kvno into
+		 * two 16-bit parts and the upper 16-bit
+		 * need to be all zero, even if
+		 * the msDS-KeyVersionNumber has a value
+		 * larger than 65535.
+		 *
+		 * See https://bugzilla.samba.org/show_bug.cgi?id=14951
+		 */
+		current_kvno = SAMBA_KVNO_GET_VALUE(current_kvno);
+		old_kvno = SAMBA_KVNO_GET_VALUE(old_kvno);
+		older_kvno = SAMBA_KVNO_GET_VALUE(older_kvno);
+		requested_kvno = SAMBA_KVNO_GET_VALUE(requested_kvno);
+	}
+
+	/* Get keys from the db */
+
+	hash = samdb_result_hash(mem_ctx, msg, "unicodePwd");
+	num_ntPwdHistory = samdb_result_hashes(mem_ctx, msg,
+					       "ntPwdHistory",
+					       &ntPwdHistory);
+	if (num_ntPwdHistory > 1) {
+		old_hash = &ntPwdHistory[1];
+	}
+	if (num_ntPwdHistory > 2) {
+		older_hash = &ntPwdHistory[1];
+	}
+	sc_val = ldb_msg_find_ldb_val(msg, "supplementalCredentials");
+
+	/* supplementalCredentials if present */
+	if (sc_val) {
+		ndr_err = ndr_pull_struct_blob_all(sc_val, mem_ctx, &scb,
+						   (ndr_pull_flags_fn_t)ndr_pull_supplementalCredentialsBlob);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			ret = EINVAL;
+			goto out;
+		}
+
+		if (scb.sub.signature != SUPPLEMENTAL_CREDENTIALS_SIGNATURE) {
+			if (scb.sub.num_packages != 0) {
+				NDR_PRINT_DEBUG(supplementalCredentialsBlob, &scb);
+				ret = EINVAL;
+				goto out;
+			}
+		}
+
+		for (i=0; i < scb.sub.num_packages; i++) {
+			if (scb.sub.packages[i].name != NULL &&
+			    strcmp("Primary:Kerberos-Newer-Keys", scb.sub.packages[i].name) == 0)
+			{
+				scpk = &scb.sub.packages[i];
+				if (!scpk->data || !scpk->data[0]) {
+					scpk = NULL;
+					continue;
+				}
+				break;
+			}
+		}
+	}
+	/*
+	 * Primary:Kerberos-Newer-Keys element
+	 * of supplementalCredentials
+	 *
+	 * The legacy Primary:Kerberos only contains
+	 * single DES keys, which are completely ignored
+	 * now.
+	 */
+	if (scpk) {
+		DATA_BLOB blob;
+
+		blob = strhex_to_data_blob(mem_ctx, scpk->data);
+		if (!blob.data) {
+			ret = ENOMEM;
+			goto out;
+		}
+
+		/* we cannot use ndr_pull_struct_blob_all() here, as w2k and w2k3 add padding bytes */
+		ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, &_pkb,
+					       (ndr_pull_flags_fn_t)ndr_pull_package_PrimaryKerberosBlob);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			ret = EINVAL;
+			krb5_set_error_message(context, ret, "samba_kdc_message2entry_keys: could not parse package_PrimaryKerberosBlob");
+			krb5_warnx(context, "samba_kdc_message2entry_keys: could not parse package_PrimaryKerberosBlob");
+			goto out;
+		}
+
+		if (_pkb.version != 4) {
+			ret = EINVAL;
+			krb5_set_error_message(context, ret, "samba_kdc_message2entry_keys: Primary:Kerberos-Newer-Keys not version 4");
+			krb5_warnx(context, "samba_kdc_message2entry_keys: Primary:Kerberos-Newer-Keys not version 4");
+			goto out;
+		}
+
+		pkb4 = &_pkb.ctr.ctr4;
+	}
+
+	keys = (struct samba_kdc_user_keys) {
+		.kvno = current_kvno,
+		.supported_enctypes = supported_enctypes,
+		.nthash = hash,
+		.salt_string = pkb4 != NULL ? pkb4->salt.string : NULL,
+		.num_pkeys = pkb4 != NULL ? pkb4->num_keys : 0,
+		.pkeys = pkb4 != NULL ? pkb4->keys : NULL,
+	};
+
+	old_keys = (struct samba_kdc_user_keys) {
+		.kvno = old_kvno,
+		.supported_enctypes = supported_enctypes,
+		.nthash = old_hash,
+		.salt_string = pkb4 != NULL ? pkb4->salt.string : NULL,
+		.num_pkeys = pkb4 != NULL ? pkb4->num_old_keys : 0,
+		.pkeys = pkb4 != NULL ? pkb4->old_keys : NULL,
+	};
+	older_keys = (struct samba_kdc_user_keys) {
+		.kvno = older_kvno,
+		.supported_enctypes = supported_enctypes,
+		.nthash = older_hash,
+		.salt_string = pkb4 != NULL ? pkb4->salt.string : NULL,
+		.num_pkeys = pkb4 != NULL ? pkb4->num_older_keys : 0,
+		.pkeys = pkb4 != NULL ? pkb4->older_keys : NULL,
+	};
+
+	if (flags & SDB_F_KVNO_SPECIFIED) {
+		if (requested_kvno == keys.kvno) {
+			/*
+			 * The current kvno was requested,
+			 * so we return it.
+			 */
+			keys.skeys = &entry->keys;
+			keys.available_enctypes = &available_enctypes;
+			keys.returned_kvno = &returned_kvno;
+		} else if (requested_kvno == 0) {
+			/*
+			 * don't return any keys
+			 */
+		} else if (requested_kvno == old_keys.kvno) {
+			/*
+			 * return the old keys as default keys
+			 * with the requested kvno.
+			 */
+			old_keys.skeys = &entry->keys;
+			old_keys.available_enctypes = &available_enctypes;
+			old_keys.returned_kvno = &returned_kvno;
+		} else if (requested_kvno == older_keys.kvno) {
+			/*
+			 * return the older keys as default keys
+			 * with the requested kvno.
+			 */
+			older_keys.skeys = &entry->keys;
+			older_keys.available_enctypes = &available_enctypes;
+			older_keys.returned_kvno = &returned_kvno;
+		} else {
+			/*
+			 * don't return any keys
+			 */
+		}
+	} else {
+		bool include_history = false;
+
+		if ((flags & SDB_F_GET_CLIENT) && (flags & SDB_F_FOR_AS_REQ)) {
+			include_history = true;
+		} else if (flags & SDB_F_ADMIN_DATA) {
+			include_history = true;
+		}
+
+		keys.skeys = &entry->keys;
+		keys.available_enctypes = &available_enctypes;
+		keys.returned_kvno = &returned_kvno;
+
+		if (include_history && old_keys.kvno != 0) {
+			old_keys.skeys = &entry->old_keys;
+		}
+		if (include_history && older_keys.kvno != 0) {
+			older_keys.skeys = &entry->older_keys;
+		}
+	}
+
+	if (keys.skeys != NULL) {
+		ret = samba_kdc_fill_user_keys(context, &keys);
+		if (ret != 0) {
+			goto out;
+		}
+	}
+
+	if (old_keys.skeys != NULL) {
+		ret = samba_kdc_fill_user_keys(context, &old_keys);
+		if (ret != 0) {
+			goto out;
+		}
+	}
+
+	if (older_keys.skeys != NULL) {
+		ret = samba_kdc_fill_user_keys(context, &older_keys);
+		if (ret != 0) {
+			goto out;
+		}
+	}
+
+	*supported_enctypes_out |= available_enctypes;
+
+	if (is_krbtgt) {
+		/*
+		 * Even for the main krbtgt account
+		 * we have to strictly split the kvno into
+		 * two 16-bit parts and the upper 16-bit
+		 * need to be all zero, even if
+		 * the msDS-KeyVersionNumber has a value
+		 * larger than 65535.
+		 *
+		 * See https://bugzilla.samba.org/show_bug.cgi?id=14951
+		 */
+		returned_kvno = SAMBA_KVNO_AND_KRBTGT(returned_kvno, krbtgt_number);
+	}
+	entry->kvno = returned_kvno;
+
+out:
+	return ret;
+}
+
+static krb5_error_code is_principal_component_equal_impl(krb5_context context,
+							 krb5_const_principal principal,
+							 unsigned int component,
+							 const char *string,
+							 bool do_strcasecmp,
+							 bool *eq)
+{
+	const char *p;
+
+#if defined(HAVE_KRB5_PRINCIPAL_GET_COMP_STRING)
+	if (component >= krb5_princ_size(context, principal)) {
+		/* A non�existent component compares equal to no string. */
+		*eq = false;
+		return 0;
+	}
+	p = krb5_principal_get_comp_string(context, principal, component);
+	if (p == NULL) {
+		return ENOENT;
+	}
+	if (do_strcasecmp) {
+		*eq = strcasecmp(p, string) == 0;
+	} else {
+		*eq = strcmp(p, string) == 0;
+	}
+	return 0;
+#else
+	size_t len;
+	krb5_data d;
+	krb5_error_code ret = 0;
+
+	if (component > INT_MAX) {
+		return EINVAL;
+	}
+
+	if (component >= krb5_princ_size(context, principal)) {
+		/* A non�existent component compares equal to no string. */
+		*eq = false;
+		return 0;
+	}
+
+	ret = smb_krb5_princ_component(context, principal, component, &d);
+	if (ret) {
+		return ret;
+	}
+
+	p = d.data;
+
+	len = strlen(string);
+	if (d.length != len) {
+		*eq = false;
+		return 0;
+	}
+
+	if (do_strcasecmp) {
+		*eq = strncasecmp(p, string, len) == 0;
+	} else {
+		*eq = memcmp(p, string, len) == 0;
+	}
+	return 0;
+#endif
+}
+
+static krb5_error_code is_principal_component_equal_ignoring_case(krb5_context context,
+								  krb5_const_principal principal,
+								  unsigned int component,
+								  const char *string,
+								  bool *eq)
+{
+	return is_principal_component_equal_impl(context,
+						 principal,
+						 component,
+						 string,
+						 true /* do_strcasecmp */,
+						 eq);
+}
+
+static krb5_error_code is_principal_component_equal(krb5_context context,
+						    krb5_const_principal principal,
+						    unsigned int component,
+						    const char *string,
+						    bool *eq)
+{
+	return is_principal_component_equal_impl(context,
+						 principal,
+						 component,
+						 string,
+						 false /* do_strcasecmp */,
+						 eq);
+}
+
+static krb5_error_code is_kadmin_changepw(krb5_context context,
+					  krb5_const_principal principal,
+					  bool *is_changepw)
+{
+	krb5_error_code ret = 0;
+	bool eq = false;
+
+	if (krb5_princ_size(context, principal) != 2) {
+		*is_changepw = false;
+		return 0;
+	}
+
+	ret = is_principal_component_equal(context, principal, 0, "kadmin", &eq);
+	if (ret) {
+		return ret;
+	}
+
+	if (!eq) {
+		*is_changepw = false;
+		return 0;
+	}
+
+	ret = is_principal_component_equal(context, principal, 1, "changepw", &eq);
+	if (ret) {
+		return ret;
+	}
+
+	*is_changepw = eq;
+	return 0;
+}
+
+static krb5_error_code samba_kdc_get_entry_principal(
+		krb5_context context,
+		struct samba_kdc_db_context *kdc_db_ctx,
+		const char *samAccountName,
+		enum samba_kdc_ent_type ent_type,
+		unsigned flags,
+		bool is_kadmin_changepw,
+		krb5_const_principal in_princ,
+		krb5_principal *out_princ)
+{
+	struct loadparm_context *lp_ctx = kdc_db_ctx->lp_ctx;
+	krb5_error_code code = 0;
+	bool canon = flags & (SDB_F_CANON|SDB_F_FORCE_CANON);
+
+	/*
+	 * If we are set to canonicalize, we get back the fixed UPPER
+	 * case realm, and the real username (ie matching LDAP
+	 * samAccountName)
+	 *
+	 * Otherwise, if we are set to enterprise, we
+	 * get back the whole principal as-sent
+	 *
+	 * Finally, if we are not set to canonicalize, we get back the
+	 * fixed UPPER case realm, but the as-sent username
+	 */
+
+	/*
+	 * We need to ensure that the kadmin/changepw principal isn't able to
+	 * issue krbtgt tickets, even if canonicalization is turned on.
+	 */
+	if (!is_kadmin_changepw) {
+		if (ent_type == SAMBA_KDC_ENT_TYPE_KRBTGT && canon) {
+			/*
+			 * When requested to do so, ensure that both
+			 * the realm values in the principal are set
+			 * to the upper case, canonical realm
+			 */
+			code = smb_krb5_make_principal(context,
+						       out_princ,
+						       lpcfg_realm(lp_ctx),
+						       "krbtgt",
+						       lpcfg_realm(lp_ctx),
+						       NULL);
+			if (code != 0) {
+				return code;
+			}
+			smb_krb5_principal_set_type(context,
+						    *out_princ,
+						    KRB5_NT_SRV_INST);
+
+			return 0;
+		}
+
+		if ((canon && flags & (SDB_F_FORCE_CANON|SDB_F_FOR_AS_REQ)) ||
+		    (ent_type == SAMBA_KDC_ENT_TYPE_ANY && in_princ == NULL)) {
+			/*
+			 * SDB_F_CANON maps from the canonicalize flag in the
+			 * packet, and has a different meaning between AS-REQ
+			 * and TGS-REQ.  We only change the principal in the
+			 * AS-REQ case.
+			 *
+			 * The SDB_F_FORCE_CANON if for new MIT KDC code that
+			 * wants the canonical name in all lookups, and takes
+			 * care to canonicalize only when appropriate.
+			 */
+			code = smb_krb5_make_principal(context,
+						      out_princ,
+						      lpcfg_realm(lp_ctx),
+						      samAccountName,
+						      NULL);
+			return code;
+		}
+	}
+
+	/*
+	 * For a krbtgt entry, this appears to be required regardless of the
+	 * canonicalize flag from the client.
+	 */
+	code = krb5_copy_principal(context, in_princ, out_princ);
+	if (code != 0) {
+		return code;
+	}
+
+	/*
+	 * While we have copied the client principal, tests show that Win2k3
+	 * returns the 'corrected' realm, not the client-specified realm.  This
+	 * code attempts to replace the client principal's realm with the one
+	 * we determine from our records
+	 */
+	code = smb_krb5_principal_set_realm(context,
+					    *out_princ,
+					    lpcfg_realm(lp_ctx));
+
+	return code;
+}
+
+/*
+ * Construct an hdb_entry from a directory entry.
+ */
+static krb5_error_code samba_kdc_message2entry(krb5_context context,
+					       struct samba_kdc_db_context *kdc_db_ctx,
+					       TALLOC_CTX *mem_ctx,
+					       krb5_const_principal principal,
+					       enum samba_kdc_ent_type ent_type,
+					       unsigned flags,
+					       krb5_kvno kvno,
+					       struct ldb_dn *realm_dn,
+					       struct ldb_message *msg,
+					       struct sdb_entry *entry)
+{
+	TALLOC_CTX *tmp_ctx = NULL;
+	struct loadparm_context *lp_ctx = kdc_db_ctx->lp_ctx;
+	uint32_t userAccountControl;
+	uint32_t msDS_User_Account_Control_Computed;
+	krb5_error_code ret = 0;
+	krb5_boolean is_computer = FALSE;
+	struct samba_kdc_entry *p;
+	NTTIME acct_expiry;
+	NTSTATUS status;
+	bool protected_user = false;
+	struct dom_sid sid;
+	uint32_t rid;
+	bool is_krbtgt = false;
+	bool is_rodc = false;
+	bool force_rc4 = lpcfg_kdc_force_enable_rc4_weak_session_keys(lp_ctx);
+	struct ldb_message_element *objectclasses;
+	struct ldb_val computer_val = data_blob_string_const("computer");
+	uint32_t config_default_supported_enctypes = lpcfg_kdc_default_domain_supported_enctypes(lp_ctx);
+	uint32_t default_supported_enctypes =
+		config_default_supported_enctypes != 0 ?
+		config_default_supported_enctypes :
+		ENC_RC4_HMAC_MD5 | ENC_HMAC_SHA1_96_AES256_SK;
+	uint32_t supported_enctypes
+		= ldb_msg_find_attr_as_uint(msg,
+					    "msDS-SupportedEncryptionTypes",
+					    default_supported_enctypes);
+	uint32_t pa_supported_enctypes;
+	uint32_t supported_session_etypes;
+	uint32_t available_enctypes = 0;
+	/*
+	 * also legacy enctypes are announced,
+	 * but effectively restricted by kdc_enctypes
+	 */
+	uint32_t domain_enctypes = ENC_RC4_HMAC_MD5 | ENC_RSA_MD5 | ENC_CRC32;
+	uint32_t config_kdc_enctypes = lpcfg_kdc_supported_enctypes(lp_ctx);
+	uint32_t kdc_enctypes =
+		config_kdc_enctypes != 0 ?
+		config_kdc_enctypes :
+		ENC_ALL_TYPES;
+	const char *samAccountName = ldb_msg_find_attr_as_string(msg, "samAccountName", NULL);
+
+	const struct authn_kerberos_client_policy *authn_client_policy = NULL;
+	const struct authn_server_policy *authn_server_policy = NULL;
+	int64_t enforced_tgt_lifetime_raw;
+	const bool user2user = (flags & SDB_F_USER2USER_PRINCIPAL);
+
+	*entry = (struct sdb_entry) {};
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		return ENOMEM;
+	}
+
+	if (supported_enctypes == 0) {
+		supported_enctypes = default_supported_enctypes;
+	}
+
+	if (dsdb_functional_level(kdc_db_ctx->samdb) >= DS_DOMAIN_FUNCTION_2008) {
+		domain_enctypes |= ENC_HMAC_SHA1_96_AES128 | ENC_HMAC_SHA1_96_AES256;
+	}
+
+	if (ldb_msg_find_element(msg, "msDS-SecondaryKrbTgtNumber")) {
+		is_rodc = true;
+	}
+
+	if (!samAccountName) {
+		ret = ENOENT;
+		krb5_set_error_message(context, ret, "samba_kdc_message2entry: no samAccountName present");
+		goto out;
+	}
+
+	objectclasses = ldb_msg_find_element(msg, "objectClass");
+
+	if (objectclasses && ldb_msg_find_val(objectclasses, &computer_val)) {
+		is_computer = TRUE;
+	}
+
+	p = talloc_zero(tmp_ctx, struct samba_kdc_entry);
+	if (!p) {
+		ret = ENOMEM;
+		goto out;
+	}
+
+	p->is_rodc = is_rodc;
+	p->kdc_db_ctx = kdc_db_ctx;
+	p->realm_dn = talloc_reference(p, realm_dn);
+	if (!p->realm_dn) {
+		ret = ENOMEM;
+		goto out;
+	}
+
+	talloc_set_destructor(p, samba_kdc_entry_destructor);
+
+	entry->skdc_entry = p;
+
+	userAccountControl = ldb_msg_find_attr_as_uint(msg, "userAccountControl", 0);
+
+	msDS_User_Account_Control_Computed
+		= ldb_msg_find_attr_as_uint(msg,
+					    "msDS-User-Account-Control-Computed",
+					    UF_ACCOUNTDISABLE);
+
+	/*
+	 * This brings in the lockout flag, block the account if not
+	 * found.  We need the weird UF_ACCOUNTDISABLE check because
+	 * we do not want to fail open if the value is not returned,
+	 * but 0 is a valid value (all OK)
+	 */
+	if (msDS_User_Account_Control_Computed == UF_ACCOUNTDISABLE) {
+		ret = EINVAL;
+		krb5_set_error_message(context, ret, "samba_kdc_message2entry: "
+				"no msDS-User-Account-Control-Computed present");
+		goto out;
+	} else {
+		userAccountControl |= msDS_User_Account_Control_Computed;
+	}
+
+	if (ent_type == SAMBA_KDC_ENT_TYPE_KRBTGT) {
+		p->is_krbtgt = true;
+	}
+
+	/* First try and figure out the flags based on the userAccountControl */
+	entry->flags = uf2SDBFlags(context, userAccountControl, ent_type);
+
+	/*
+	 * Take control of the returned principal here, rather than
+	 * allowing the Heimdal code to do it as we have specific
+	 * behaviour around the forced realm to honour
+	 */
+	entry->flags.force_canonicalize = true;
+
+	/*
+	 * Windows 2008 seems to enforce this (very sensible) rule by
+	 * default - don't allow offline attacks on a user's password
+	 * by asking for a ticket to them as a service (encrypted with
+	 * their probably pathetically insecure password)
+	 *
+	 * But user2user avoids using the keys based on the password,
+	 * so we can allow it.
+	 */
+
+	if (entry->flags.server && !user2user
+	    && lpcfg_parm_bool(lp_ctx, NULL, "kdc", "require spn for service", true)) {
+		if (!is_computer && !ldb_msg_find_attr_as_string(msg, "servicePrincipalName", NULL)) {
+			entry->flags.server = 0;
+		}
+	}
+
+	/*
+	 * We restrict a 3-part SPN ending in my domain/realm to full
+	 * domain controllers.
+	 *
+	 * This avoids any cases where (eg) a demoted DC still has
+	 * these more restricted SPNs.
+	 */
+	if (krb5_princ_size(context, principal) > 2) {
+		char *third_part = NULL;
+		bool is_our_realm;
+		bool is_dc;
+
+		ret = smb_krb5_principal_get_comp_string(tmp_ctx,
+							 context,
+							 principal,
+							 2,
+							 &third_part);
+		if (ret) {
+			krb5_set_error_message(context, ret, "smb_krb5_principal_get_comp_string: out of memory");
+			goto out;
+		}
+
+		is_our_realm = lpcfg_is_my_domain_or_realm(lp_ctx,
+						     third_part);
+		is_dc = userAccountControl &
+			(UF_SERVER_TRUST_ACCOUNT | UF_PARTIAL_SECRETS_ACCOUNT);
+		if (is_our_realm && !is_dc) {
+			entry->flags.server = 0;
+		}
+	}
+	/*
+	 * To give the correct type of error to the client, we must
+	 * not just return the entry without .server set, we must
+	 * pretend the principal does not exist.  Otherwise we may
+	 * return ERR_POLICY instead of
+	 * KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN
+	 */
+	if (ent_type == SAMBA_KDC_ENT_TYPE_SERVER && entry->flags.server == 0) {
+		ret = SDB_ERR_NOENTRY;
+		krb5_set_error_message(context, ret, "samba_kdc_message2entry: no servicePrincipalName present for this server, refusing with no-such-entry");
+		goto out;
+	}
+	if (flags & SDB_F_ADMIN_DATA) {
+		/* These (created_by, modified_by) parts of the entry are not relevant for Samba4's use
+		 * of the Heimdal KDC.  They are stored in the traditional
+		 * DB for audit purposes, and still form part of the structure
+		 * we must return */
+
+		/* use 'whenCreated' */
+		entry->created_by.time = ldb_msg_find_krb5time_ldap_time(msg, "whenCreated", 0);
+		/* use 'kadmin' for now (needed by mit_samba) */
+
+		ret = smb_krb5_make_principal(context,
+					      &entry->created_by.principal,
+					      lpcfg_realm(lp_ctx), "kadmin", NULL);
+		if (ret) {
+			krb5_clear_error_message(context);
+			goto out;
+		}
+
+		entry->modified_by = calloc(1, sizeof(struct sdb_event));
+		if (entry->modified_by == NULL) {
+			ret = ENOMEM;
+			krb5_set_error_message(context, ret, "calloc: out of memory");
+			goto out;
+		}
+
+		/* use 'whenChanged' */
+		entry->modified_by->time = ldb_msg_find_krb5time_ldap_time(msg, "whenChanged", 0);
+		/* use 'kadmin' for now (needed by mit_samba) */
+		ret = smb_krb5_make_principal(context,
+					      &entry->modified_by->principal,
+					      lpcfg_realm(lp_ctx), "kadmin", NULL);
+		if (ret) {
+			krb5_clear_error_message(context);
+			goto out;
+		}
+	}
+
+
+	/* The lack of password controls etc applies to krbtgt by
+	 * virtue of being that particular RID */
+	ret = samdb_result_dom_sid_buf(msg, "objectSid", &sid);
+	if (ret) {
+		goto out;
+	}
+	status = dom_sid_split_rid(NULL, &sid, NULL, &rid);
+	if (!NT_STATUS_IS_OK(status)) {
+		ret = EINVAL;
+		goto out;
+	}
+
+	if (rid == DOMAIN_RID_KRBTGT) {
+		char *realm = NULL;
+
+		entry->valid_end = NULL;
+		entry->pw_end = NULL;
+
+		entry->flags.invalid = 0;
+		entry->flags.server = 1;
+
+		realm = smb_krb5_principal_get_realm(
+			tmp_ctx, context, principal);
+		if (realm == NULL) {
+			ret = ENOMEM;
+			goto out;
+		}
+
+		/* Don't mark all requests for the krbtgt/realm as
+		 * 'change password', as otherwise we could get into
+		 * trouble, and not enforce the password expiry.
+		 * Instead, only do it when request is for the kpasswd service */
+		if (ent_type == SAMBA_KDC_ENT_TYPE_SERVER) {
+			bool is_changepw = false;
+
+			ret = is_kadmin_changepw(context, principal, &is_changepw);
+			if (ret) {
+				goto out;
+			}
+
+			if (is_changepw && lpcfg_is_my_domain_or_realm(lp_ctx, realm)) {
+				entry->flags.change_pw = 1;
+			}
+		}
+
+		TALLOC_FREE(realm);
+
+		entry->flags.client = 0;
+		entry->flags.forwardable = 1;
+		entry->flags.ok_as_delegate = 1;
+	} else if (is_rodc) {
+		/* The RODC krbtgt account is like the main krbtgt,
+		 * but it does not have a changepw or kadmin
+		 * service */
+
+		entry->valid_end = NULL;
+		entry->pw_end = NULL;
+
+		/* Also don't allow the RODC krbtgt to be a client (it should not be needed) */
+		entry->flags.client = 0;
+		entry->flags.invalid = 0;
+		entry->flags.server = 1;
+
+		entry->flags.client = 0;
+		entry->flags.forwardable = 1;
+		entry->flags.ok_as_delegate = 0;
+	} else if (entry->flags.server && ent_type == SAMBA_KDC_ENT_TYPE_SERVER) {
+		/* The account/password expiry only applies when the account is used as a
+		 * client (ie password login), not when used as a server */
+
+		/* Make very well sure we don't use this for a client,
+		 * it could bypass the password restrictions */
+		entry->flags.client = 0;
+
+		entry->valid_end = NULL;
+		entry->pw_end = NULL;
+
+	} else {
+		NTTIME must_change_time
+			= samdb_result_nttime(msg,
+					"msDS-UserPasswordExpiryTimeComputed",
+					0);
+		if (must_change_time == 0x7FFFFFFFFFFFFFFFULL) {
+			entry->pw_end = NULL;
+		} else {
+			entry->pw_end = malloc(sizeof(*entry->pw_end));
+			if (entry->pw_end == NULL) {
+				ret = ENOMEM;
+				goto out;
+			}
+			*entry->pw_end = nt_time_to_unix(must_change_time);
+		}
+
+		acct_expiry = samdb_result_account_expires(msg);
+		if (acct_expiry == 0x7FFFFFFFFFFFFFFFULL) {
+			entry->valid_end = NULL;
+		} else {
+			entry->valid_end = malloc(sizeof(*entry->valid_end));
+			if (entry->valid_end == NULL) {
+				ret = ENOMEM;
+				goto out;
+			}
+			*entry->valid_end = nt_time_to_unix(acct_expiry);
+		}
+	}
+
+	ret = samba_kdc_get_entry_principal(context,
+					    kdc_db_ctx,
+					    samAccountName,
+					    ent_type,
+					    flags,
+					    entry->flags.change_pw,
+					    principal,
+					    &entry->principal);
+	if (ret != 0) {
+		krb5_clear_error_message(context);
+		goto out;
+	}
+
+	entry->valid_start = NULL;
+
+	entry->max_life = malloc(sizeof(*entry->max_life));
+	if (entry->max_life == NULL) {
+		ret = ENOMEM;
+		goto out;
+	}
+
+	if (ent_type == SAMBA_KDC_ENT_TYPE_SERVER) {
+		*entry->max_life = kdc_db_ctx->policy.svc_tkt_lifetime;
+	} else if (ent_type == SAMBA_KDC_ENT_TYPE_KRBTGT || ent_type == SAMBA_KDC_ENT_TYPE_CLIENT) {
+		*entry->max_life = kdc_db_ctx->policy.usr_tkt_lifetime;
+	} else {
+		*entry->max_life = MIN(kdc_db_ctx->policy.svc_tkt_lifetime,
+					        kdc_db_ctx->policy.usr_tkt_lifetime);
+	}
+
+	if (entry->flags.change_pw) {
+		/* Limit lifetime of kpasswd tickets to two minutes or less. */
+		*entry->max_life = MIN(*entry->max_life, CHANGEPW_LIFETIME);
+	}
+
+	entry->max_renew = malloc(sizeof(*entry->max_renew));
+	if (entry->max_renew == NULL) {
+		ret = ENOMEM;
+		goto out;
+	}
+
+	*entry->max_renew = kdc_db_ctx->policy.renewal_lifetime;
+
+	/*
+	 * A principal acting as a client that is not being looked up as the
+	 * principal of an armor ticket may have an authentication policy apply
+	 * to it.
+	 *
+	 * We won’t get an authentication policy for the client of an S4U2Self
+	 * or S4U2Proxy request. Those clients are looked up with
+	 * SDB_F_FOR_TGS_REQ instead of with SDB_F_FOR_AS_REQ.
+	 */
+	if (ent_type == SAMBA_KDC_ENT_TYPE_CLIENT &&
+	    (flags & SDB_F_FOR_AS_REQ) &&
+	    !(flags & SDB_F_ARMOR_PRINCIPAL))
+	{
+		ret = authn_policy_kerberos_client(kdc_db_ctx->samdb, tmp_ctx, msg,
+						   &authn_client_policy);
+		if (ret) {
+			goto out;
+		}
+	}
+
+	/*
+	 * A principal acting as a server may have an authentication policy
+	 * apply to it.
+	 */
+	if (ent_type == SAMBA_KDC_ENT_TYPE_SERVER) {
+		ret = authn_policy_server(kdc_db_ctx->samdb, tmp_ctx, msg,
+					  &authn_server_policy);
+		if (ret) {
+			goto out;
+		}
+	}
+
+	enforced_tgt_lifetime_raw = authn_policy_enforced_tgt_lifetime_raw(authn_client_policy);
+	if (enforced_tgt_lifetime_raw != 0) {
+		int64_t lifetime_secs = enforced_tgt_lifetime_raw;
+
+		lifetime_secs /= INT64_C(1000) * 1000 * 10;
+		lifetime_secs = MIN(lifetime_secs, INT_MAX);
+		lifetime_secs = MAX(lifetime_secs, INT_MIN);
+
+		/*
+		 * Set both lifetime and renewal time based only on the
+		 * configured maximum lifetime — not on the configured renewal
+		 * time. Yes, this is what Windows does.
+		 */
+		lifetime_secs = MIN(*entry->max_life, lifetime_secs);
+		*entry->max_life = lifetime_secs;
+		*entry->max_renew = lifetime_secs;
+	}
+
+	if (ent_type == SAMBA_KDC_ENT_TYPE_CLIENT && (flags & SDB_F_FOR_AS_REQ)) {
+		int result;
+		const struct auth_user_info_dc *user_info_dc = NULL;
+		/*
+		 * These protections only apply to clients, so servers in the
+		 * Protected Users group may still have service tickets to them
+		 * encrypted with RC4. For accounts looked up as servers, note
+		 * that 'msg' does not contain the 'memberOf' attribute for
+		 * determining whether the account is a member of Protected
+		 * Users.
+		 *
+		 * Additionally, Microsoft advises that accounts for services
+		 * and computers should never be members of Protected Users, or
+		 * they may fail to authenticate.
+		 */
+		ret = samba_kdc_get_user_info_from_db(tmp_ctx,
+						      kdc_db_ctx->samdb,
+						      p,
+						      msg,
+						      &user_info_dc);
+		if (ret) {
+			goto out;
+		}
+
+		result = dsdb_is_protected_user(kdc_db_ctx->samdb,
+						user_info_dc->sids,
+						user_info_dc->num_sids);
+		if (result == -1) {
+			ret = EINVAL;
+			goto out;
+		}
+
+		protected_user = result;
+
+		if (protected_user) {
+			entry->flags.forwardable = 0;
+			entry->flags.proxiable = 0;
+
+			if (enforced_tgt_lifetime_raw == 0) {
+				/*
+				 * If a TGT lifetime hasn’t been set, Protected
+				 * Users enforces a four hour TGT lifetime.
+				 */
+				*entry->max_life = MIN(*entry->max_life, 4 * 60 * 60);
+				*entry->max_renew = MIN(*entry->max_renew, 4 * 60 * 60);
+			}
+		}
+	}
+
+	if (rid == DOMAIN_RID_KRBTGT || is_rodc) {
+		bool enable_fast;
+
+		is_krbtgt = true;
+
+		/*
+		 * KDCs (and KDCs on RODCs)
+		 * ignore msDS-SupportedEncryptionTypes completely
+		 * but support all supported enctypes by the domain.
+		 */
+		supported_enctypes = domain_enctypes;
+
+		enable_fast = lpcfg_kdc_enable_fast(kdc_db_ctx->lp_ctx);
+		if (enable_fast) {
+			supported_enctypes |= ENC_FAST_SUPPORTED;
+		}
+
+		supported_enctypes |= ENC_CLAIMS_SUPPORTED;
+		supported_enctypes |= ENC_COMPOUND_IDENTITY_SUPPORTED;
+
+		/*
+		 * Resource SID compression is enabled implicitly, unless
+		 * disabled in msDS-SupportedEncryptionTypes.
+		 */
+
+	} else if (userAccountControl & (UF_PARTIAL_SECRETS_ACCOUNT|UF_SERVER_TRUST_ACCOUNT)) {
+		/*
+		 * DCs and RODCs computer accounts take
+		 * msDS-SupportedEncryptionTypes unmodified, but
+		 * force all enctypes supported by the domain.
+		 */
+		supported_enctypes |= domain_enctypes;
+
+	} else if (ent_type == SAMBA_KDC_ENT_TYPE_CLIENT ||
+		   (ent_type == SAMBA_KDC_ENT_TYPE_ANY)) {
+		/*
+		 * for AS-REQ the client chooses the enc types it
+		 * supports, and this will vary between computers a
+		 * user logs in from. Therefore, so that we accept any
+		 * of the client's keys for decrypting padata,
+		 * supported_enctypes should not restrict etype usage.
+		 *
+		 * likewise for 'any' return as much as is supported,
+		 * to export into a keytab.
+		 */
+		supported_enctypes |= ENC_ALL_TYPES;
+	}
+
+	/* If UF_USE_DES_KEY_ONLY has been set, then don't allow use of the newer enc types */
+	if (userAccountControl & UF_USE_DES_KEY_ONLY) {
+		supported_enctypes &= ~ENC_ALL_TYPES;
+	}
+
+	if (protected_user) {
+		supported_enctypes &= ~ENC_RC4_HMAC_MD5;
+	}
+
+	pa_supported_enctypes = supported_enctypes;
+	supported_session_etypes = supported_enctypes;
+	if (supported_session_etypes & ENC_HMAC_SHA1_96_AES256_SK) {
+		supported_session_etypes |= ENC_HMAC_SHA1_96_AES256;
+		supported_session_etypes |= ENC_HMAC_SHA1_96_AES128;
+	}
+	if (force_rc4) {
+		supported_session_etypes |= ENC_RC4_HMAC_MD5;
+	}
+	/*
+	 * now that we remembered what to announce in pa_supported_enctypes
+	 * and normalized ENC_HMAC_SHA1_96_AES256_SK, we restrict the
+	 * rest to the enc types the local kdc supports.
+	 */
+	supported_enctypes &= kdc_enctypes;
+	supported_session_etypes &= kdc_enctypes;
+
+	/* Get keys from the db */
+	ret = samba_kdc_message2entry_keys(context, p, msg,
+					   is_krbtgt, is_rodc,
+					   userAccountControl,
+					   ent_type, flags, kvno, entry,
+					   supported_enctypes,
+					   &available_enctypes);
+	if (ret) {
+		/* Could be bogus data in the entry, or out of memory */
+		goto out;
+	}
+
+	/*
+	 * If we only have a nthash stored,
+	 * but a better session key would be
+	 * available, we fallback to fetching the
+	 * RC4_HMAC_MD5, which implicitly also
+	 * would allow an RC4_HMAC_MD5 session key.
+	 * But only if the kdc actually supports
+	 * RC4_HMAC_MD5.
+	 */
+	if (available_enctypes == 0 &&
+	    (supported_enctypes & ENC_RC4_HMAC_MD5) == 0 &&
+	    (supported_enctypes & ~ENC_RC4_HMAC_MD5) != 0 &&
+	    (kdc_enctypes & ENC_RC4_HMAC_MD5) != 0)
+	{
+		supported_enctypes = ENC_RC4_HMAC_MD5;
+		ret = samba_kdc_message2entry_keys(context, p, msg,
+						   is_krbtgt, is_rodc,
+						   userAccountControl,
+						   ent_type, flags, kvno, entry,
+						   supported_enctypes,
+						   &available_enctypes);
+		if (ret) {
+			/* Could be bogus data in the entry, or out of memory */
+			goto out;
+		}
+	}
+
+	/*
+	 * We need to support all session keys enctypes for
+	 * all keys we provide
+	 */
+	supported_session_etypes |= available_enctypes;
+
+	ret = sdb_entry_set_etypes(entry);
+	if (ret) {
+		goto out;
+	}
+
+	if (entry->flags.server) {
+		bool add_aes256 =
+			supported_session_etypes & KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96;
+		bool add_aes128 =
+			supported_session_etypes & KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96;
+		bool add_rc4 =
+			supported_session_etypes & ENC_RC4_HMAC_MD5;
+		ret = sdb_entry_set_session_etypes(entry,
+						   add_aes256,
+						   add_aes128,
+						   add_rc4);
+		if (ret) {
+			goto out;
+		}
+	}
+
+	if (entry->keys.len != 0) {
+		/*
+		 * FIXME: Currently limited to Heimdal so as not to
+		 * break MIT KDCs, for which no fix is available.
+		 */
+#ifdef SAMBA4_USES_HEIMDAL
+		if (is_krbtgt) {
+			/*
+			 * The krbtgt account, having no reason to
+			 * issue tickets encrypted in weaker keys,
+			 * shall only make available its strongest
+			 * key. All weaker keys are stripped out. This
+			 * makes it impossible for an RC4-encrypted
+			 * TGT to be accepted when AES KDC keys exist.
+			 *
+			 * This controls the ticket key and so the PAC
+			 * signature algorithms indirectly, preventing
+			 * a weak KDC checksum from being accepted
+			 * when we verify the signatures for an
+			 * S4U2Proxy evidence ticket. As such, this is
+			 * indispensable for addressing
+			 * CVE-2022-37966.
+			 *
+			 * Being strict here also provides protection
+			 * against possible future attacks on weak
+			 * keys.
+			 */
+			entry->keys.len = 1;
+			if (entry->etypes != NULL) {
+				entry->etypes->len = MIN(entry->etypes->len, 1);
+			}
+			entry->old_keys.len = MIN(entry->old_keys.len, 1);
+			entry->older_keys.len = MIN(entry->older_keys.len, 1);
+		}
+#endif
+	} else if (kdc_db_ctx->rodc) {
+		/*
+		 * We are on an RODC, but don't have keys for this
+		 * account.  Signal this to the caller
+		 */
+		auth_sam_trigger_repl_secret(kdc_db_ctx,
+					     kdc_db_ctx->msg_ctx,
+					     kdc_db_ctx->ev_ctx,
+					     msg->dn);
+		ret = SDB_ERR_NOT_FOUND_HERE;
+		goto out;
+	} else {
+		/*
+		 * oh, no password.  Apparently (comment in
+		 * hdb-ldap.c) this violates the ASN.1, but this
+		 * allows an entry with no keys (yet).
+		 */
+	}
+
+	p->msg = talloc_steal(p, msg);
+	p->supported_enctypes = pa_supported_enctypes;
+
+	p->client_policy = talloc_steal(p, authn_client_policy);
+	p->server_policy = talloc_steal(p, authn_server_policy);
+
+	talloc_steal(kdc_db_ctx, p);
+
+out:
+	if (ret != 0) {
+		/* This doesn't free ent itself, that is for the eventual caller to do */
+		sdb_entry_free(entry);
+	}
+
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+/*
+ * Construct an hdb_entry from a directory entry.
+ * The kvno is what the remote client asked for
+ */
+static krb5_error_code samba_kdc_trust_message2entry(krb5_context context,
+					       struct samba_kdc_db_context *kdc_db_ctx,
+					       TALLOC_CTX *mem_ctx,
+					       enum trust_direction direction,
+					       struct ldb_dn *realm_dn,
+					       unsigned flags,
+					       uint32_t kvno,
+					       struct ldb_message *msg,
+					       struct sdb_entry *entry)
+{
+	TALLOC_CTX *tmp_ctx = NULL;
+	struct loadparm_context *lp_ctx = kdc_db_ctx->lp_ctx;
+	const char *our_realm = lpcfg_realm(lp_ctx);
+	char *partner_realm = NULL;
+	const char *realm = NULL;
+	const char *krbtgt_realm = NULL;
+	DATA_BLOB password_utf16 = data_blob_null;
+	DATA_BLOB password_utf8 = data_blob_null;
+	struct samr_Password _password_hash;
+	const struct samr_Password *password_hash = NULL;
+	const struct ldb_val *password_val;
+	struct trustAuthInOutBlob password_blob;
+	struct samba_kdc_entry *p;
+	bool use_previous = false;
+	uint32_t current_kvno;
+	uint32_t previous_kvno;
+	uint32_t num_keys = 0;
+	enum ndr_err_code ndr_err;
+	int ret;
+	unsigned int i;
+	struct AuthenticationInformationArray *auth_array;
+	struct timeval tv;
+	NTTIME an_hour_ago;
+	uint32_t *auth_kvno;
+	bool prefer_current = false;
+	bool force_rc4 = lpcfg_kdc_force_enable_rc4_weak_session_keys(lp_ctx);
+	uint32_t supported_enctypes = ENC_RC4_HMAC_MD5;
+	uint32_t pa_supported_enctypes;
+	uint32_t supported_session_etypes;
+	uint32_t config_kdc_enctypes = lpcfg_kdc_supported_enctypes(lp_ctx);
+	uint32_t kdc_enctypes =
+		config_kdc_enctypes != 0 ?
+		config_kdc_enctypes :
+		ENC_ALL_TYPES;
+	struct lsa_TrustDomainInfoInfoEx *tdo = NULL;
+	NTSTATUS status;
+
+	*entry = (struct sdb_entry) {};
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		return ENOMEM;
+	}
+
+	if (dsdb_functional_level(kdc_db_ctx->samdb) >= DS_DOMAIN_FUNCTION_2008) {
+		/* If not told otherwise, Windows now assumes that trusts support AES. */
+		supported_enctypes = ldb_msg_find_attr_as_uint(msg,
+					"msDS-SupportedEncryptionTypes",
+					ENC_HMAC_SHA1_96_AES256);
+	}
+
+	pa_supported_enctypes = supported_enctypes;
+	supported_session_etypes = supported_enctypes;
+	if (supported_session_etypes & ENC_HMAC_SHA1_96_AES256_SK) {
+		supported_session_etypes |= ENC_HMAC_SHA1_96_AES256;
+		supported_session_etypes |= ENC_HMAC_SHA1_96_AES128;
+	}
+	if (force_rc4) {
+		supported_session_etypes |= ENC_RC4_HMAC_MD5;
+	}
+	/*
+	 * now that we remembered what to announce in pa_supported_enctypes
+	 * and normalized ENC_HMAC_SHA1_96_AES256_SK, we restrict the
+	 * rest to the enc types the local kdc supports.
+	 */
+	supported_enctypes &= kdc_enctypes;
+	supported_session_etypes &= kdc_enctypes;
+
+	status = dsdb_trust_parse_tdo_info(tmp_ctx, msg, &tdo);
+	if (!NT_STATUS_IS_OK(status)) {
+		krb5_clear_error_message(context);
+		ret = ENOMEM;
+		goto out;
+	}
+
+	if (!(tdo->trust_direction & direction)) {
+		krb5_clear_error_message(context);
+		ret = SDB_ERR_NOENTRY;
+		goto out;
+	}
+
+	if (tdo->trust_type != LSA_TRUST_TYPE_UPLEVEL) {
+		/*
+		 * Only UPLEVEL domains support kerberos here,
+		 * as we don't support LSA_TRUST_TYPE_MIT.
+		 */
+		krb5_clear_error_message(context);
+		ret = SDB_ERR_NOENTRY;
+		goto out;
+	}
+
+	if (tdo->trust_attributes & LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION) {
+		/*
+		 * We don't support selective authentication yet.
+		 */
+		krb5_clear_error_message(context);
+		ret = SDB_ERR_NOENTRY;
+		goto out;
+	}
+
+	if (tdo->domain_name.string == NULL) {
+		krb5_clear_error_message(context);
+		ret = SDB_ERR_NOENTRY;
+		goto out;
+	}
+	partner_realm = strupper_talloc(tmp_ctx, tdo->domain_name.string);
+	if (partner_realm == NULL) {
+		krb5_clear_error_message(context);
+		ret = ENOMEM;
+		goto out;
+	}
+
+	if (direction == INBOUND) {
+		realm = our_realm;
+		krbtgt_realm = partner_realm;
+
+		password_val = ldb_msg_find_ldb_val(msg, "trustAuthIncoming");
+	} else { /* OUTBOUND */
+		realm = partner_realm;
+		krbtgt_realm = our_realm;
+
+		password_val = ldb_msg_find_ldb_val(msg, "trustAuthOutgoing");
+	}
+
+	if (password_val == NULL) {
+		krb5_clear_error_message(context);
+		ret = SDB_ERR_NOENTRY;
+		goto out;
+	}
+
+	ndr_err = ndr_pull_struct_blob(password_val, tmp_ctx, &password_blob,
+				       (ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		krb5_clear_error_message(context);
+		ret = EINVAL;
+		goto out;
+	}
+
+	p = talloc_zero(tmp_ctx, struct samba_kdc_entry);
+	if (!p) {
+		ret = ENOMEM;
+		goto out;
+	}
+
+	p->is_trust = true;
+	p->kdc_db_ctx = kdc_db_ctx;
+	p->realm_dn = realm_dn;
+	p->supported_enctypes = pa_supported_enctypes;
+
+	talloc_set_destructor(p, samba_kdc_entry_destructor);
+
+	entry->skdc_entry = p;
+
+	/* use 'whenCreated' */
+	entry->created_by.time = ldb_msg_find_krb5time_ldap_time(msg, "whenCreated", 0);
+	/* use 'kadmin' for now (needed by mit_samba) */
+	ret = smb_krb5_make_principal(context,
+				      &entry->created_by.principal,
+				      realm, "kadmin", NULL);
+	if (ret) {
+		krb5_clear_error_message(context);
+		goto out;
+	}
+
+	/*
+	 * We always need to generate the canonicalized principal
+	 * with the values of our database.
+	 */
+	ret = smb_krb5_make_principal(context, &entry->principal, realm,
+				      "krbtgt", krbtgt_realm, NULL);
+	if (ret) {
+		krb5_clear_error_message(context);
+		goto out;
+	}
+	smb_krb5_principal_set_type(context, entry->principal,
+				    KRB5_NT_SRV_INST);
+
+	entry->valid_start = NULL;
+
+	/* we need to work out if we are going to use the current or
+	 * the previous password hash.
+	 * We base this on the kvno the client passes in. If the kvno
+	 * passed in is equal to the current kvno in our database then
+	 * we use the current structure. If it is the current kvno-1,
+	 * then we use the previous substructure.
+	 */
+
+	/*
+	 * Windows prefers the previous key for one hour.
+	 */
+	tv = timeval_current();
+	if (tv.tv_sec > 3600) {
+		tv.tv_sec -= 3600;
+	}
+	an_hour_ago = timeval_to_nttime(&tv);
+
+	/* first work out the current kvno */
+	current_kvno = 0;
+	for (i=0; i < password_blob.count; i++) {
+		struct AuthenticationInformation *a =
+			&password_blob.current.array[i];
+
+		if (a->LastUpdateTime <= an_hour_ago) {
+			prefer_current = true;
+		}
+
+		if (a->AuthType == TRUST_AUTH_TYPE_VERSION) {
+			current_kvno = a->AuthInfo.version.version;
+		}
+	}
+	if (current_kvno == 0) {
+		previous_kvno = 255;
+	} else {
+		previous_kvno = current_kvno - 1;
+	}
+	for (i=0; i < password_blob.count; i++) {
+		struct AuthenticationInformation *a =
+			&password_blob.previous.array[i];
+
+		if (a->AuthType == TRUST_AUTH_TYPE_VERSION) {
+			previous_kvno = a->AuthInfo.version.version;
+		}
+	}
+
+	/* work out whether we will use the previous or current
+	   password */
+	if (password_blob.previous.count == 0) {
+		/* there is no previous password */
+		use_previous = false;
+	} else if (!(flags & SDB_F_KVNO_SPECIFIED)) {
+		/*
+		 * If not specified we use the lowest kvno
+		 * for the first hour after an update.
+		 */
+		if (prefer_current) {
+			use_previous = false;
+		} else if (previous_kvno < current_kvno) {
+			use_previous = true;
+		} else {
+			use_previous = false;
+		}
+	} else if (kvno == current_kvno) {
+		/*
+		 * Exact match ...
+		 */
+		use_previous = false;
+	} else if (kvno == previous_kvno) {
+		/*
+		 * Exact match ...
+		 */
+		use_previous = true;
+	} else {
+		/*
+		 * Fallback to the current one for anything else
+		 */
+		use_previous = false;
+	}
+
+	if (use_previous) {
+		auth_array = &password_blob.previous;
+		auth_kvno = &previous_kvno;
+	} else {
+		auth_array = &password_blob.current;
+		auth_kvno = &current_kvno;
+	}
+
+	/* use the kvno the client specified, if available */
+	if (flags & SDB_F_KVNO_SPECIFIED) {
+		entry->kvno = kvno;
+	} else {
+		entry->kvno = *auth_kvno;
+	}
+
+	for (i=0; i < auth_array->count; i++) {
+		if (auth_array->array[i].AuthType == TRUST_AUTH_TYPE_CLEAR) {
+			bool ok;
+
+			password_utf16 = data_blob_const(auth_array->array[i].AuthInfo.clear.password,
+							 auth_array->array[i].AuthInfo.clear.size);
+			if (password_utf16.length == 0) {
+				break;
+			}
+
+			if (supported_enctypes & ENC_RC4_HMAC_MD5) {
+				mdfour(_password_hash.hash, password_utf16.data, password_utf16.length);
+				if (password_hash == NULL) {
+					num_keys += 1;
+				}
+				password_hash = &_password_hash;
+			}
+
+			if (!(supported_enctypes & (ENC_HMAC_SHA1_96_AES128|ENC_HMAC_SHA1_96_AES256))) {
+				break;
+			}
+
+			ok = convert_string_talloc(tmp_ctx,
+						   CH_UTF16MUNGED, CH_UTF8,
+						   password_utf16.data,
+						   password_utf16.length,
+						   &password_utf8.data,
+						   &password_utf8.length);
+			if (!ok) {
+				krb5_clear_error_message(context);
+				ret = ENOMEM;
+				goto out;
+			}
+
+			if (supported_enctypes & ENC_HMAC_SHA1_96_AES128) {
+				num_keys += 1;
+			}
+			if (supported_enctypes & ENC_HMAC_SHA1_96_AES256) {
+				num_keys += 1;
+			}
+			break;
+		} else if (auth_array->array[i].AuthType == TRUST_AUTH_TYPE_NT4OWF) {
+			if (supported_enctypes & ENC_RC4_HMAC_MD5) {
+				password_hash = &auth_array->array[i].AuthInfo.nt4owf.password;
+				num_keys += 1;
+			}
+		}
+	}
+
+	/* Must have found a cleartext or MD4 password */
+	if (num_keys == 0) {
+		DBG_WARNING("no usable key found\n");
+		krb5_clear_error_message(context);
+		ret = SDB_ERR_NOENTRY;
+		goto out;
+	}
+
+	entry->keys.val = calloc(num_keys, sizeof(struct sdb_key));
+	if (entry->keys.val == NULL) {
+		krb5_clear_error_message(context);
+		ret = ENOMEM;
+		goto out;
+	}
+
+	if (password_utf8.length != 0) {
+		struct sdb_key key = {};
+		krb5_const_principal salt_principal = entry->principal;
+		krb5_data salt;
+		krb5_data cleartext_data;
+
+		cleartext_data.data = discard_const_p(char, password_utf8.data);
+		cleartext_data.length = password_utf8.length;
+
+		ret = smb_krb5_get_pw_salt(context,
+					   salt_principal,
+					   &salt);
+		if (ret != 0) {
+			goto out;
+		}
+
+		if (supported_enctypes & ENC_HMAC_SHA1_96_AES256) {
+			ret = smb_krb5_create_key_from_string(context,
+							      salt_principal,
+							      &salt,
+							      &cleartext_data,
+							      ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+							      &key.key);
+			if (ret != 0) {
+				smb_krb5_free_data_contents(context, &salt);
+				goto out;
+			}
+
+			entry->keys.val[entry->keys.len] = key;
+			entry->keys.len++;
+		}
+
+		if (supported_enctypes & ENC_HMAC_SHA1_96_AES128) {
+			ret = smb_krb5_create_key_from_string(context,
+							      salt_principal,
+							      &salt,
+							      &cleartext_data,
+							      ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+							      &key.key);
+			if (ret != 0) {
+				smb_krb5_free_data_contents(context, &salt);
+				goto out;
+			}
+
+			entry->keys.val[entry->keys.len] = key;
+			entry->keys.len++;
+		}
+
+		smb_krb5_free_data_contents(context, &salt);
+	}
+
+	if (password_hash != NULL) {
+		struct sdb_key key = {};
+
+		ret = smb_krb5_keyblock_init_contents(context,
+						      ENCTYPE_ARCFOUR_HMAC,
+						      password_hash->hash,
+						      sizeof(password_hash->hash),
+						      &key.key);
+		if (ret != 0) {
+			goto out;
+		}
+
+		entry->keys.val[entry->keys.len] = key;
+		entry->keys.len++;
+	}
+
+	entry->flags = (struct SDBFlags) {};
+	entry->flags.immutable = 1;
+	entry->flags.invalid = 0;
+	entry->flags.server = 1;
+	entry->flags.require_preauth = 1;
+
+	entry->pw_end = NULL;
+
+	entry->max_life = NULL;
+
+	entry->max_renew = NULL;
+
+	/* Match Windows behavior and allow forwardable flag in cross-realm. */
+	entry->flags.forwardable = 1;
+
+	samba_kdc_sort_keys(&entry->keys);
+
+	ret = sdb_entry_set_etypes(entry);
+	if (ret) {
+		goto out;
+	}
+
+	{
+		bool add_aes256 =
+			supported_session_etypes & KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96;
+		bool add_aes128 =
+			supported_session_etypes & KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96;
+		bool add_rc4 =
+			supported_session_etypes & ENC_RC4_HMAC_MD5;
+		ret = sdb_entry_set_session_etypes(entry,
+						   add_aes256,
+						   add_aes128,
+						   add_rc4);
+		if (ret) {
+			goto out;
+		}
+	}
+
+	p->msg = talloc_steal(p, msg);
+
+	talloc_steal(kdc_db_ctx, p);
+
+out:
+	TALLOC_FREE(partner_realm);
+
+	if (ret != 0) {
+		/* This doesn't free ent itself, that is for the eventual caller to do */
+		sdb_entry_free(entry);
+	}
+
+	talloc_free(tmp_ctx);
+	return ret;
+
+}
+
+static krb5_error_code samba_kdc_lookup_trust(krb5_context context, struct ldb_context *ldb_ctx,
+					TALLOC_CTX *mem_ctx,
+					const char *realm,
+					struct ldb_dn *realm_dn,
+					struct ldb_message **pmsg)
+{
+	NTSTATUS status;
+	const char * const *attrs = trust_attrs;
+
+	status = dsdb_trust_search_tdo(ldb_ctx, realm, realm,
+				       attrs, mem_ctx, pmsg);
+	if (NT_STATUS_IS_OK(status)) {
+		return 0;
+	} else if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+		return SDB_ERR_NOENTRY;
+	} else if (NT_STATUS_EQUAL(status, NT_STATUS_NO_MEMORY)) {
+		int ret = ENOMEM;
+		krb5_set_error_message(context, ret, "samba_kdc_lookup_trust: out of memory");
+		return ret;
+	} else {
+		int ret = EINVAL;
+		krb5_set_error_message(context, ret, "samba_kdc_lookup_trust: %s", nt_errstr(status));
+		return ret;
+	}
+}
+
+static krb5_error_code samba_kdc_lookup_client(krb5_context context,
+						struct samba_kdc_db_context *kdc_db_ctx,
+						TALLOC_CTX *mem_ctx,
+						krb5_const_principal principal,
+						const char **attrs,
+						struct ldb_dn **realm_dn,
+						struct ldb_message **msg)
+{
+	NTSTATUS nt_status;
+	char *principal_string = NULL;
+
+	if (smb_krb5_principal_get_type(context, principal) == KRB5_NT_ENTERPRISE_PRINCIPAL) {
+		krb5_error_code ret = 0;
+
+		ret = smb_krb5_principal_get_comp_string(mem_ctx, context,
+							 principal, 0, &principal_string);
+		if (ret) {
+			return ret;
+		}
+	} else {
+		char *principal_string_m = NULL;
+		krb5_error_code ret;
+
+		ret = krb5_unparse_name(context, principal, &principal_string_m);
+		if (ret != 0) {
+			return ret;
+		}
+
+		principal_string = talloc_strdup(mem_ctx, principal_string_m);
+		SAFE_FREE(principal_string_m);
+		if (principal_string == NULL) {
+			return ENOMEM;
+		}
+	}
+
+	nt_status = sam_get_results_principal(kdc_db_ctx->samdb,
+					      mem_ctx, principal_string, attrs,
+					      realm_dn, msg);
+	if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER)) {
+		krb5_principal fallback_principal = NULL;
+		unsigned int num_comp;
+		char *fallback_realm = NULL;
+		char *fallback_account = NULL;
+		krb5_error_code ret;
+
+		ret = krb5_parse_name(context, principal_string,
+				      &fallback_principal);
+		TALLOC_FREE(principal_string);
+		if (ret != 0) {
+			return ret;
+		}
+
+		num_comp = krb5_princ_size(context, fallback_principal);
+		fallback_realm = smb_krb5_principal_get_realm(
+			mem_ctx, context, fallback_principal);
+		if (fallback_realm == NULL) {
+			krb5_free_principal(context, fallback_principal);
+			return ENOMEM;
+		}
+
+		if (num_comp == 1) {
+			size_t len;
+
+			ret = smb_krb5_principal_get_comp_string(mem_ctx,
+								 context, fallback_principal, 0, &fallback_account);
+			if (ret) {
+				krb5_free_principal(context, fallback_principal);
+				TALLOC_FREE(fallback_realm);
+				return ret;
+			}
+
+			len = strlen(fallback_account);
+			if (len >= 2 && fallback_account[len - 1] == '$') {
+				TALLOC_FREE(fallback_account);
+			}
+		}
+		krb5_free_principal(context, fallback_principal);
+		fallback_principal = NULL;
+
+		if (fallback_account != NULL) {
+			char *with_dollar;
+
+			with_dollar = talloc_asprintf(mem_ctx, "%s$",
+						     fallback_account);
+			if (with_dollar == NULL) {
+				TALLOC_FREE(fallback_realm);
+				return ENOMEM;
+			}
+			TALLOC_FREE(fallback_account);
+
+			ret = smb_krb5_make_principal(context,
+						      &fallback_principal,
+						      fallback_realm,
+						      with_dollar, NULL);
+			TALLOC_FREE(with_dollar);
+			if (ret != 0) {
+				TALLOC_FREE(fallback_realm);
+				return ret;
+			}
+		}
+		TALLOC_FREE(fallback_realm);
+
+		if (fallback_principal != NULL) {
+			char *fallback_string = NULL;
+
+			ret = krb5_unparse_name(context,
+						fallback_principal,
+						&fallback_string);
+			if (ret != 0) {
+				krb5_free_principal(context, fallback_principal);
+				return ret;
+			}
+
+			nt_status = sam_get_results_principal(kdc_db_ctx->samdb,
+							      mem_ctx,
+							      fallback_string,
+							      attrs,
+							      realm_dn, msg);
+			SAFE_FREE(fallback_string);
+		}
+		krb5_free_principal(context, fallback_principal);
+		fallback_principal = NULL;
+	}
+	TALLOC_FREE(principal_string);
+
+	if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER)) {
+		return SDB_ERR_NOENTRY;
+	} else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_MEMORY)) {
+		return ENOMEM;
+	} else if (!NT_STATUS_IS_OK(nt_status)) {
+		return EINVAL;
+	}
+
+	return 0;
+}
+
+static krb5_error_code samba_kdc_fetch_client(krb5_context context,
+					       struct samba_kdc_db_context *kdc_db_ctx,
+					       TALLOC_CTX *mem_ctx,
+					       krb5_const_principal principal,
+					       unsigned flags,
+					       krb5_kvno kvno,
+					       struct sdb_entry *entry)
+{
+	struct ldb_dn *realm_dn;
+	krb5_error_code ret;
+	struct ldb_message *msg = NULL;
+
+	ret = samba_kdc_lookup_client(context, kdc_db_ctx,
+				      mem_ctx, principal, user_attrs,
+				      &realm_dn, &msg);
+	if (ret != 0) {
+		return ret;
+	}
+
+	ret = samba_kdc_message2entry(context, kdc_db_ctx, mem_ctx,
+				      principal, SAMBA_KDC_ENT_TYPE_CLIENT,
+				      flags, kvno,
+				      realm_dn, msg, entry);
+	return ret;
+}
+
+static krb5_error_code samba_kdc_fetch_krbtgt(krb5_context context,
+					      struct samba_kdc_db_context *kdc_db_ctx,
+					      TALLOC_CTX *mem_ctx,
+					      krb5_const_principal principal,
+					      unsigned flags,
+					      uint32_t kvno,
+					      struct sdb_entry *entry)
+{
+	TALLOC_CTX *tmp_ctx = NULL;
+	struct loadparm_context *lp_ctx = kdc_db_ctx->lp_ctx;
+	krb5_error_code ret = 0;
+	int is_krbtgt;
+	struct ldb_message *msg = NULL;
+	struct ldb_dn *realm_dn = ldb_get_default_basedn(kdc_db_ctx->samdb);
+	char *realm_from_princ;
+	char *realm_princ_comp = NULL;
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		ret = ENOMEM;
+		goto out;
+	}
+
+	realm_from_princ = smb_krb5_principal_get_realm(
+		tmp_ctx, context, principal);
+	if (realm_from_princ == NULL) {
+		/* can't happen */
+		ret = SDB_ERR_NOENTRY;
+		goto out;
+	}
+
+	is_krbtgt = smb_krb5_principal_is_tgs(context, principal);
+	if (is_krbtgt == -1) {
+		ret = ENOMEM;
+		goto out;
+	} else if (!is_krbtgt) {
+		/* Not a krbtgt */
+		ret = SDB_ERR_NOENTRY;
+		goto out;
+	}
+
+	/* krbtgt case.  Either us or a trusted realm */
+
+	ret = smb_krb5_principal_get_comp_string(tmp_ctx, context, principal, 1, &realm_princ_comp);
+	if (ret == ENOENT) {
+		/* OK. */
+	} else if (ret) {
+		goto out;
+	}
+
+	if (lpcfg_is_my_domain_or_realm(lp_ctx, realm_from_princ)
+	    && (realm_princ_comp == NULL || lpcfg_is_my_domain_or_realm(lp_ctx, realm_princ_comp))) {
+		/* us, or someone quite like us */
+		/* Kludge, kludge, kludge.  If the realm part of krbtgt/realm,
+ 		 * is in our db, then direct the caller at our primary
+ 		 * krbtgt */
+
+		int lret;
+		unsigned int krbtgt_number;
+		/* w2k8r2 sometimes gives us a kvno of 255 for inter-domain
+		   trust tickets. We don't yet know what this means, but we do
+		   seem to need to treat it as unspecified */
+		if (flags & (SDB_F_KVNO_SPECIFIED|SDB_F_RODC_NUMBER_SPECIFIED)) {
+			krbtgt_number = SAMBA_KVNO_GET_KRBTGT(kvno);
+			if (kdc_db_ctx->rodc) {
+				if (krbtgt_number != kdc_db_ctx->my_krbtgt_number) {
+					ret = SDB_ERR_NOT_FOUND_HERE;
+					goto out;
+				}
+			}
+		} else {
+			krbtgt_number = kdc_db_ctx->my_krbtgt_number;
+		}
+
+		if (krbtgt_number == kdc_db_ctx->my_krbtgt_number) {
+			lret = dsdb_search_one(kdc_db_ctx->samdb, tmp_ctx,
+					       &msg, kdc_db_ctx->krbtgt_dn, LDB_SCOPE_BASE,
+					       krbtgt_attrs, DSDB_SEARCH_NO_GLOBAL_CATALOG,
+					       "(objectClass=user)");
+		} else {
+			/* We need to look up an RODC krbtgt (perhaps
+			 * ours, if we are an RODC, perhaps another
+			 * RODC if we are a read-write DC */
+			lret = dsdb_search_one(kdc_db_ctx->samdb, tmp_ctx,
+					       &msg, realm_dn, LDB_SCOPE_SUBTREE,
+					       krbtgt_attrs,
+					       DSDB_SEARCH_SHOW_EXTENDED_DN | DSDB_SEARCH_NO_GLOBAL_CATALOG,
+					       "(&(objectClass=user)(msDS-SecondaryKrbTgtNumber=%u))", (unsigned)(krbtgt_number));
+		}
+
+		if (lret == LDB_ERR_NO_SUCH_OBJECT) {
+			krb5_warnx(context, "samba_kdc_fetch_krbtgt: could not find KRBTGT number %u in DB!",
+				   (unsigned)(krbtgt_number));
+			krb5_set_error_message(context, SDB_ERR_NOENTRY,
+					       "samba_kdc_fetch_krbtgt: could not find KRBTGT number %u in DB!",
+					       (unsigned)(krbtgt_number));
+			ret = SDB_ERR_NOENTRY;
+			goto out;
+		} else if (lret != LDB_SUCCESS) {
+			krb5_warnx(context, "samba_kdc_fetch_krbtgt: could not find KRBTGT number %u in DB!",
+				   (unsigned)(krbtgt_number));
+			krb5_set_error_message(context, SDB_ERR_NOENTRY,
+					       "samba_kdc_fetch_krbtgt: could not find KRBTGT number %u in DB!",
+					       (unsigned)(krbtgt_number));
+			ret = SDB_ERR_NOENTRY;
+			goto out;
+		}
+
+		ret = samba_kdc_message2entry(context, kdc_db_ctx, mem_ctx,
+					      principal, SAMBA_KDC_ENT_TYPE_KRBTGT,
+					      flags, kvno, realm_dn, msg, entry);
+		if (ret != 0) {
+			krb5_warnx(context, "samba_kdc_fetch_krbtgt: self krbtgt message2entry failed");
+		}
+	} else {
+		enum trust_direction direction = UNKNOWN;
+		const char *realm = NULL;
+
+		/* Either an inbound or outbound trust */
+
+		if (strcasecmp(lpcfg_realm(lp_ctx), realm_from_princ) == 0) {
+			/* look for inbound trust */
+			direction = INBOUND;
+			realm = realm_princ_comp;
+		} else {
+			bool eq = false;
+
+			ret = is_principal_component_equal_ignoring_case(context, principal, 1, lpcfg_realm(lp_ctx), &eq);
+			if (ret) {
+				goto out;
+			}
+
+			if (eq) {
+				/* look for outbound trust */
+				direction = OUTBOUND;
+				realm = realm_from_princ;
+			} else {
+				krb5_warnx(context, "samba_kdc_fetch_krbtgt: not our realm for trusts ('%s', '%s')",
+					   realm_from_princ,
+					   realm_princ_comp);
+				krb5_set_error_message(context, SDB_ERR_NOENTRY, "samba_kdc_fetch_krbtgt: not our realm for trusts ('%s', '%s')",
+						       realm_from_princ,
+						       realm_princ_comp);
+				ret = SDB_ERR_NOENTRY;
+				goto out;
+			}
+		}
+
+		/* Trusted domains are under CN=system */
+
+		ret = samba_kdc_lookup_trust(context, kdc_db_ctx->samdb,
+				       tmp_ctx,
+				       realm, realm_dn, &msg);
+
+		if (ret != 0) {
+			krb5_warnx(context, "samba_kdc_fetch_krbtgt: could not find principal in DB");
+			krb5_set_error_message(context, ret, "samba_kdc_fetch_krbtgt: could not find principal in DB");
+			goto out;
+		}
+
+		ret = samba_kdc_trust_message2entry(context, kdc_db_ctx, mem_ctx,
+						    direction,
+						    realm_dn, flags, kvno, msg, entry);
+		if (ret != 0) {
+			krb5_warnx(context, "samba_kdc_fetch_krbtgt: trust_message2entry failed for %s",
+				   ldb_dn_get_linearized(msg->dn));
+			krb5_set_error_message(context, ret, "samba_kdc_fetch_krbtgt: "
+					       "trust_message2entry failed for %s",
+					       ldb_dn_get_linearized(msg->dn));
+		}
+	}
+
+out:
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+static krb5_error_code samba_kdc_lookup_server(krb5_context context,
+					       struct samba_kdc_db_context *kdc_db_ctx,
+					       TALLOC_CTX *mem_ctx,
+					       krb5_const_principal principal,
+					       unsigned flags,
+					       const char **attrs,
+					       struct ldb_dn **realm_dn,
+					       struct ldb_message **msg)
+{
+	krb5_error_code ret;
+	if ((smb_krb5_principal_get_type(context, principal) != KRB5_NT_ENTERPRISE_PRINCIPAL)
+	    && krb5_princ_size(context, principal) >= 2) {
+		/* 'normal server' case */
+		int ldb_ret;
+		NTSTATUS nt_status;
+		struct ldb_dn *user_dn;
+		char *principal_string;
+
+		ret = krb5_unparse_name_flags(context, principal,
+					      KRB5_PRINCIPAL_UNPARSE_NO_REALM,
+					      &principal_string);
+		if (ret != 0) {
+			return ret;
+		}
+
+		/* At this point we may find the host is known to be
+		 * in a different realm, so we should generate a
+		 * referral instead */
+		nt_status = crack_service_principal_name(kdc_db_ctx->samdb,
+							 mem_ctx, principal_string,
+							 &user_dn, realm_dn);
+		free(principal_string);
+
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			return SDB_ERR_NOENTRY;
+		}
+
+		ldb_ret = dsdb_search_one(kdc_db_ctx->samdb,
+					  mem_ctx,
+					  msg, user_dn, LDB_SCOPE_BASE,
+					  attrs,
+					  DSDB_SEARCH_SHOW_EXTENDED_DN | DSDB_SEARCH_NO_GLOBAL_CATALOG,
+					  "(objectClass=*)");
+		if (ldb_ret != LDB_SUCCESS) {
+			return SDB_ERR_NOENTRY;
+		}
+		return 0;
+	} else if (!(flags & SDB_F_FOR_AS_REQ)
+		   && smb_krb5_principal_get_type(context, principal) == KRB5_NT_ENTERPRISE_PRINCIPAL) {
+		/*
+		 * The behaviour of accepting an
+		 * KRB5_NT_ENTERPRISE_PRINCIPAL server principal
+		 * containing a UPN only applies to TGS-REQ packets,
+		 * not AS-REQ packets.
+		 */
+		return samba_kdc_lookup_client(context, kdc_db_ctx,
+					       mem_ctx, principal, attrs,
+					       realm_dn, msg);
+	} else {
+		/*
+		 * This case is for:
+		 *  - the AS-REQ, where we only accept
+		 *    samAccountName based lookups for the server, no
+		 *    matter if the name is an
+		 *    KRB5_NT_ENTERPRISE_PRINCIPAL or not
+		 *  - for the TGS-REQ when we are not given an
+		 *    KRB5_NT_ENTERPRISE_PRINCIPAL, which also must
+		 *    only lookup samAccountName based names.
+		 */
+		int lret;
+		char *short_princ;
+		krb5_principal enterprise_principal = NULL;
+		krb5_const_principal used_principal = NULL;
+		char *name1 = NULL;
+		size_t len1 = 0;
+		char *filter = NULL;
+
+		if (smb_krb5_principal_get_type(context, principal) == KRB5_NT_ENTERPRISE_PRINCIPAL) {
+			char *str = NULL;
+			/* Need to reparse the enterprise principal to find the real target */
+			if (krb5_princ_size(context, principal) != 1) {
+				ret = KRB5_PARSE_MALFORMED;
+				krb5_set_error_message(context, ret, "samba_kdc_lookup_server: request for an "
+						       "enterprise principal with wrong (%d) number of components",
+						       krb5_princ_size(context, principal));
+				return ret;
+			}
+			ret = smb_krb5_principal_get_comp_string(mem_ctx, context, principal, 0, &str);
+			if (ret) {
+				return KRB5_PARSE_MALFORMED;
+			}
+			ret = krb5_parse_name(context, str,
+					      &enterprise_principal);
+			talloc_free(str);
+			if (ret) {
+				return ret;
+			}
+			used_principal = enterprise_principal;
+		} else {
+			used_principal = principal;
+		}
+
+		/* server as client principal case, but we must not lookup userPrincipalNames */
+		*realm_dn = ldb_get_default_basedn(kdc_db_ctx->samdb);
+
+		/* TODO: Check if it is our realm, otherwise give referral */
+
+		ret = krb5_unparse_name_flags(context, used_principal,
+					      KRB5_PRINCIPAL_UNPARSE_NO_REALM |
+					      KRB5_PRINCIPAL_UNPARSE_DISPLAY,
+					      &short_princ);
+		used_principal = NULL;
+		krb5_free_principal(context, enterprise_principal);
+		enterprise_principal = NULL;
+
+		if (ret != 0) {
+			krb5_set_error_message(context, ret, "samba_kdc_lookup_server: could not parse principal");
+			krb5_warnx(context, "samba_kdc_lookup_server: could not parse principal");
+			return ret;
+		}
+
+		name1 = ldb_binary_encode_string(mem_ctx, short_princ);
+		SAFE_FREE(short_princ);
+		if (name1 == NULL) {
+			return ENOMEM;
+		}
+		len1 = strlen(name1);
+		if (len1 >= 1 && name1[len1 - 1] != '$') {
+			filter = talloc_asprintf(mem_ctx,
+					"(&(objectClass=user)(|(samAccountName=%s)(samAccountName=%s$)))",
+					name1, name1);
+			if (filter == NULL) {
+				return ENOMEM;
+			}
+		} else {
+			filter = talloc_asprintf(mem_ctx,
+					"(&(objectClass=user)(samAccountName=%s))",
+					name1);
+			if (filter == NULL) {
+				return ENOMEM;
+			}
+		}
+
+		lret = dsdb_search_one(kdc_db_ctx->samdb, mem_ctx, msg,
+				       *realm_dn, LDB_SCOPE_SUBTREE,
+				       attrs,
+				       DSDB_SEARCH_SHOW_EXTENDED_DN | DSDB_SEARCH_NO_GLOBAL_CATALOG,
+				       "%s", filter);
+		if (lret == LDB_ERR_NO_SUCH_OBJECT) {
+			DBG_DEBUG("Failed to find an entry for %s filter:%s\n",
+				  name1, filter);
+			return SDB_ERR_NOENTRY;
+		}
+		if (lret == LDB_ERR_CONSTRAINT_VIOLATION) {
+			DBG_DEBUG("Failed to find unique entry for %s filter:%s\n",
+				  name1, filter);
+			return SDB_ERR_NOENTRY;
+		}
+		if (lret != LDB_SUCCESS) {
+			DBG_ERR("Failed single search for %s - %s\n",
+				name1, ldb_errstring(kdc_db_ctx->samdb));
+			return SDB_ERR_NOENTRY;
+		}
+		return 0;
+	}
+	return SDB_ERR_NOENTRY;
+}
+
+
+
+static krb5_error_code samba_kdc_fetch_server(krb5_context context,
+					      struct samba_kdc_db_context *kdc_db_ctx,
+					      TALLOC_CTX *mem_ctx,
+					      krb5_const_principal principal,
+					      unsigned flags,
+					      krb5_kvno kvno,
+					      struct sdb_entry *entry)
+{
+	krb5_error_code ret;
+	struct ldb_dn *realm_dn;
+	struct ldb_message *msg;
+
+	ret = samba_kdc_lookup_server(context, kdc_db_ctx, mem_ctx, principal,
+				      flags, server_attrs, &realm_dn, &msg);
+	if (ret != 0) {
+		return ret;
+	}
+
+	ret = samba_kdc_message2entry(context, kdc_db_ctx, mem_ctx,
+				      principal, SAMBA_KDC_ENT_TYPE_SERVER,
+				      flags, kvno,
+				      realm_dn, msg, entry);
+	if (ret != 0) {
+		char *client_name = NULL;
+		krb5_error_code code;
+
+		code = krb5_unparse_name(context, principal, &client_name);
+		if (code == 0) {
+			krb5_warnx(context,
+				   "samba_kdc_fetch_server: message2entry failed for "
+				   "%s",
+				   client_name);
+		} else {
+			krb5_warnx(context,
+				   "samba_kdc_fetch_server: message2entry and "
+				   "krb5_unparse_name failed");
+		}
+		SAFE_FREE(client_name);
+	}
+
+	return ret;
+}
+
+static krb5_error_code samba_kdc_lookup_realm(krb5_context context,
+					      struct samba_kdc_db_context *kdc_db_ctx,
+					      krb5_const_principal principal,
+					      unsigned flags,
+					      struct sdb_entry *entry)
+{
+	TALLOC_CTX *frame = talloc_stackframe();
+	NTSTATUS status;
+	krb5_error_code ret;
+	bool check_realm = false;
+	const char *realm = NULL;
+	struct dsdb_trust_routing_table *trt = NULL;
+	const struct lsa_TrustDomainInfoInfoEx *tdo = NULL;
+	unsigned int num_comp;
+	bool ok;
+	char *upper = NULL;
+
+	*entry = (struct sdb_entry) {};
+
+	num_comp = krb5_princ_size(context, principal);
+
+	if (flags & SDB_F_GET_CLIENT) {
+		if (flags & SDB_F_FOR_AS_REQ) {
+			check_realm = true;
+		}
+	}
+	if (flags & SDB_F_GET_SERVER) {
+		if (flags & SDB_F_FOR_TGS_REQ) {
+			check_realm = true;
+		}
+	}
+
+	if (!check_realm) {
+		TALLOC_FREE(frame);
+		return 0;
+	}
+
+	realm = smb_krb5_principal_get_realm(frame, context, principal);
+	if (realm == NULL) {
+		TALLOC_FREE(frame);
+		return ENOMEM;
+	}
+
+	/*
+	 * The requested realm needs to be our own
+	 */
+	ok = lpcfg_is_my_domain_or_realm(kdc_db_ctx->lp_ctx, realm);
+	if (!ok) {
+		/*
+		 * The request is not for us...
+		 */
+		TALLOC_FREE(frame);
+		return SDB_ERR_NOENTRY;
+	}
+
+	if (smb_krb5_principal_get_type(context, principal) == KRB5_NT_ENTERPRISE_PRINCIPAL) {
+		char *principal_string = NULL;
+		krb5_principal enterprise_principal = NULL;
+		char *enterprise_realm = NULL;
+
+		if (num_comp != 1) {
+			TALLOC_FREE(frame);
+			return SDB_ERR_NOENTRY;
+		}
+
+		ret = smb_krb5_principal_get_comp_string(frame, context,
+							 principal, 0, &principal_string);
+		if (ret) {
+			TALLOC_FREE(frame);
+			return ret;
+		}
+
+		ret = krb5_parse_name(context, principal_string,
+				      &enterprise_principal);
+		TALLOC_FREE(principal_string);
+		if (ret) {
+			TALLOC_FREE(frame);
+			return ret;
+		}
+
+		enterprise_realm = smb_krb5_principal_get_realm(
+			frame, context, enterprise_principal);
+		krb5_free_principal(context, enterprise_principal);
+		if (enterprise_realm != NULL) {
+			realm = enterprise_realm;
+		}
+	}
+
+	if (flags & SDB_F_GET_SERVER) {
+		bool is_krbtgt = false;
+
+		ret = is_principal_component_equal(context, principal, 0, KRB5_TGS_NAME, &is_krbtgt);
+		if (ret) {
+			TALLOC_FREE(frame);
+			return ret;
+		}
+
+		if (is_krbtgt) {
+			/*
+			 * we need to search krbtgt/ locally
+			 */
+			TALLOC_FREE(frame);
+			return 0;
+		}
+
+		/*
+		 * We need to check the last component against the routing table.
+		 *
+		 * Note this works only with 2 or 3 component principals, e.g:
+		 *
+		 * servicePrincipalName: ldap/W2K8R2-219.bla.base
+		 * servicePrincipalName: ldap/W2K8R2-219.bla.base/bla.base
+		 * servicePrincipalName: ldap/W2K8R2-219.bla.base/ForestDnsZones.bla.base
+		 * servicePrincipalName: ldap/W2K8R2-219.bla.base/DomainDnsZones.bla.base
+		 */
+
+		if (num_comp == 2 || num_comp == 3) {
+			char *service_realm = NULL;
+
+			ret = smb_krb5_principal_get_comp_string(frame,
+								 context,
+								 principal,
+								 num_comp - 1,
+								 &service_realm);
+			if (ret) {
+				TALLOC_FREE(frame);
+				return ret;
+			} else {
+				realm = service_realm;
+			}
+		}
+	}
+
+	ok = lpcfg_is_my_domain_or_realm(kdc_db_ctx->lp_ctx, realm);
+	if (ok) {
+		/*
+		 * skip the expensive routing lookup
+		 */
+		TALLOC_FREE(frame);
+		return 0;
+	}
+
+	status = dsdb_trust_routing_table_load(kdc_db_ctx->samdb,
+					       frame, &trt);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(frame);
+		return EINVAL;
+	}
+
+	tdo = dsdb_trust_routing_by_name(trt, realm);
+	if (tdo == NULL) {
+		/*
+		 * This principal has to be local
+		 */
+		TALLOC_FREE(frame);
+		return 0;
+	}
+
+	if (tdo->trust_attributes & LSA_TRUST_ATTRIBUTE_WITHIN_FOREST) {
+		/*
+		 * TODO: handle the routing within the forest
+		 *
+		 * This should likely be handled in
+		 * samba_kdc_message2entry() in case we're
+		 * a global catalog. We'd need to check
+		 * if realm_dn is our own domain and derive
+		 * the dns domain name from realm_dn and check that
+		 * against the routing table or fallback to
+		 * the tdo we found here.
+		 *
+		 * But for now we don't support multiple domains
+		 * in our forest correctly anyway.
+		 *
+		 * Just search in our local database.
+		 */
+		TALLOC_FREE(frame);
+		return 0;
+	}
+
+	ret = krb5_copy_principal(context, principal,
+				  &entry->principal);
+	if (ret) {
+		TALLOC_FREE(frame);
+		return ret;
+	}
+
+	upper = strupper_talloc(frame, tdo->domain_name.string);
+	if (upper == NULL) {
+		TALLOC_FREE(frame);
+		return ENOMEM;
+	}
+
+	ret = smb_krb5_principal_set_realm(context,
+					   entry->principal,
+					   upper);
+	if (ret) {
+		TALLOC_FREE(frame);
+		return ret;
+	}
+
+	TALLOC_FREE(frame);
+	return SDB_ERR_WRONG_REALM;
+}
+
+krb5_error_code samba_kdc_fetch(krb5_context context,
+				struct samba_kdc_db_context *kdc_db_ctx,
+				krb5_const_principal principal,
+				unsigned flags,
+				krb5_kvno kvno,
+				struct sdb_entry *entry)
+{
+	krb5_error_code ret = SDB_ERR_NOENTRY;
+	TALLOC_CTX *mem_ctx;
+
+	mem_ctx = talloc_named(kdc_db_ctx, 0, "samba_kdc_fetch context");
+	if (!mem_ctx) {
+		ret = ENOMEM;
+		krb5_set_error_message(context, ret, "samba_kdc_fetch: talloc_named() failed!");
+		return ret;
+	}
+
+	ret = samba_kdc_lookup_realm(context, kdc_db_ctx,
+				     principal, flags, entry);
+	if (ret != 0) {
+		goto done;
+	}
+
+	ret = SDB_ERR_NOENTRY;
+
+	if (flags & SDB_F_GET_CLIENT) {
+		ret = samba_kdc_fetch_client(context, kdc_db_ctx, mem_ctx, principal, flags, kvno, entry);
+		if (ret != SDB_ERR_NOENTRY) goto done;
+	}
+	if (flags & SDB_F_GET_SERVER) {
+		/* krbtgt fits into this situation for trusted realms, and for resolving different versions of our own realm name */
+		ret = samba_kdc_fetch_krbtgt(context, kdc_db_ctx, mem_ctx, principal, flags, kvno, entry);
+		if (ret != SDB_ERR_NOENTRY) goto done;
+
+		/* We return 'no entry' if it does not start with krbtgt/, so move to the common case quickly */
+		ret = samba_kdc_fetch_server(context, kdc_db_ctx, mem_ctx, principal, flags, kvno, entry);
+		if (ret != SDB_ERR_NOENTRY) goto done;
+	}
+	if (flags & SDB_F_GET_KRBTGT) {
+		ret = samba_kdc_fetch_krbtgt(context, kdc_db_ctx, mem_ctx, principal, flags, kvno, entry);
+		if (ret != SDB_ERR_NOENTRY) goto done;
+	}
+
+done:
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+struct samba_kdc_seq {
+	unsigned int index;
+	unsigned int count;
+	struct ldb_message **msgs;
+	struct ldb_dn *realm_dn;
+};
+
+static krb5_error_code samba_kdc_seq(krb5_context context,
+				     struct samba_kdc_db_context *kdc_db_ctx,
+				     struct sdb_entry *entry)
+{
+	krb5_error_code ret;
+	struct samba_kdc_seq *priv = kdc_db_ctx->seq_ctx;
+	const char *realm = lpcfg_realm(kdc_db_ctx->lp_ctx);
+	struct ldb_message *msg = NULL;
+	const char *sAMAccountName = NULL;
+	krb5_principal principal = NULL;
+	TALLOC_CTX *mem_ctx;
+
+	if (!priv) {
+		return SDB_ERR_NOENTRY;
+	}
+
+	mem_ctx = talloc_named(priv, 0, "samba_kdc_seq context");
+
+	if (!mem_ctx) {
+		ret = ENOMEM;
+		krb5_set_error_message(context, ret, "samba_kdc_seq: talloc_named() failed!");
+		goto out;
+	}
+
+	while (priv->index < priv->count) {
+		msg = priv->msgs[priv->index++];
+
+		sAMAccountName = ldb_msg_find_attr_as_string(msg, "sAMAccountName", NULL);
+		if (sAMAccountName != NULL) {
+			break;
+		}
+	}
+
+	if (sAMAccountName == NULL) {
+		ret = SDB_ERR_NOENTRY;
+		goto out;
+	}
+
+	ret = smb_krb5_make_principal(context, &principal,
+				      realm, sAMAccountName, NULL);
+	if (ret != 0) {
+		goto out;
+	}
+
+	ret = samba_kdc_message2entry(context, kdc_db_ctx, mem_ctx,
+				      principal, SAMBA_KDC_ENT_TYPE_ANY,
+				      SDB_F_ADMIN_DATA|SDB_F_GET_ANY,
+				      0 /* kvno */,
+				      priv->realm_dn, msg, entry);
+	krb5_free_principal(context, principal);
+
+out:
+	if (ret != 0) {
+		TALLOC_FREE(priv);
+		kdc_db_ctx->seq_ctx = NULL;
+	} else {
+		talloc_free(mem_ctx);
+	}
+
+	return ret;
+}
+
+krb5_error_code samba_kdc_firstkey(krb5_context context,
+				   struct samba_kdc_db_context *kdc_db_ctx,
+				   struct sdb_entry *entry)
+{
+	struct ldb_context *ldb_ctx = kdc_db_ctx->samdb;
+	struct samba_kdc_seq *priv = kdc_db_ctx->seq_ctx;
+	char *realm;
+	struct ldb_result *res = NULL;
+	krb5_error_code ret;
+	int lret;
+
+	if (priv) {
+		TALLOC_FREE(priv);
+		kdc_db_ctx->seq_ctx = NULL;
+	}
+
+	priv = (struct samba_kdc_seq *) talloc(kdc_db_ctx, struct samba_kdc_seq);
+	if (!priv) {
+		ret = ENOMEM;
+		krb5_set_error_message(context, ret, "talloc: out of memory");
+		return ret;
+	}
+
+	priv->index = 0;
+	priv->msgs = NULL;
+	priv->realm_dn = ldb_get_default_basedn(ldb_ctx);
+	priv->count = 0;
+
+	ret = krb5_get_default_realm(context, &realm);
+	if (ret != 0) {
+		TALLOC_FREE(priv);
+		return ret;
+	}
+	krb5_free_default_realm(context, realm);
+
+	lret = dsdb_search(ldb_ctx, priv, &res,
+			   priv->realm_dn, LDB_SCOPE_SUBTREE, user_attrs,
+			   DSDB_SEARCH_NO_GLOBAL_CATALOG,
+			   "(objectClass=user)");
+
+	if (lret != LDB_SUCCESS) {
+		TALLOC_FREE(priv);
+		return SDB_ERR_NOENTRY;
+	}
+
+	priv->count = res->count;
+	priv->msgs = talloc_steal(priv, res->msgs);
+	talloc_free(res);
+
+	kdc_db_ctx->seq_ctx = priv;
+
+	ret = samba_kdc_seq(context, kdc_db_ctx, entry);
+
+	if (ret != 0) {
+		TALLOC_FREE(priv);
+		kdc_db_ctx->seq_ctx = NULL;
+	}
+	return ret;
+}
+
+krb5_error_code samba_kdc_nextkey(krb5_context context,
+				  struct samba_kdc_db_context *kdc_db_ctx,
+				  struct sdb_entry *entry)
+{
+	return samba_kdc_seq(context, kdc_db_ctx, entry);
+}
+
+/* Check if a given entry may delegate or do s4u2self to this target principal
+ *
+ * The safest way to determine 'self' is to check the DB record made at
+ * the time the principal was presented to the KDC.
+ */
+krb5_error_code
+samba_kdc_check_client_matches_target_service(krb5_context context,
+					      struct samba_kdc_entry *skdc_entry_client,
+					      struct samba_kdc_entry *skdc_entry_server_target)
+{
+	struct dom_sid *orig_sid;
+	struct dom_sid *target_sid;
+	TALLOC_CTX *frame = talloc_stackframe();
+
+	orig_sid = samdb_result_dom_sid(frame,
+					skdc_entry_client->msg,
+					"objectSid");
+	target_sid = samdb_result_dom_sid(frame,
+					  skdc_entry_server_target->msg,
+					  "objectSid");
+
+	/*
+	 * Allow delegation to the same record (representing a
+	 * principal), even if by a different name.  The easy and safe
+	 * way to prove this is by SID comparison
+	 */
+	if (!(orig_sid && target_sid && dom_sid_equal(orig_sid, target_sid))) {
+		talloc_free(frame);
+		return KRB5KRB_AP_ERR_BADMATCH;
+	}
+
+	talloc_free(frame);
+	return 0;
+}
+
+/* Certificates printed by the Certificate Authority might have a
+ * slightly different form of the user principal name to that in the
+ * database.  Allow a mismatch where they both refer to the same
+ * SID */
+
+krb5_error_code
+samba_kdc_check_pkinit_ms_upn_match(krb5_context context,
+				    struct samba_kdc_db_context *kdc_db_ctx,
+				    struct samba_kdc_entry *skdc_entry,
+				     krb5_const_principal certificate_principal)
+{
+	krb5_error_code ret;
+	struct ldb_dn *realm_dn;
+	struct ldb_message *msg;
+	struct dom_sid *orig_sid;
+	struct dom_sid *target_sid;
+	const char *ms_upn_check_attrs[] = {
+		"objectSid", NULL
+	};
+
+	TALLOC_CTX *mem_ctx = talloc_named(kdc_db_ctx, 0, "samba_kdc_check_pkinit_ms_upn_match");
+
+	if (!mem_ctx) {
+		ret = ENOMEM;
+		krb5_set_error_message(context, ret, "samba_kdc_check_pkinit_ms_upn_match: talloc_named() failed!");
+		return ret;
+	}
+
+	ret = samba_kdc_lookup_client(context, kdc_db_ctx,
+				      mem_ctx, certificate_principal,
+				      ms_upn_check_attrs, &realm_dn, &msg);
+
+	if (ret != 0) {
+		talloc_free(mem_ctx);
+		return ret;
+	}
+
+	orig_sid = samdb_result_dom_sid(mem_ctx, skdc_entry->msg, "objectSid");
+	target_sid = samdb_result_dom_sid(mem_ctx, msg, "objectSid");
+
+	/* Consider these to be the same principal, even if by a different
+	 * name.  The easy and safe way to prove this is by SID
+	 * comparison */
+	if (!(orig_sid && target_sid && dom_sid_equal(orig_sid, target_sid))) {
+		talloc_free(mem_ctx);
+#if defined(KRB5KDC_ERR_CLIENT_NAME_MISMATCH) /* MIT */
+		return KRB5KDC_ERR_CLIENT_NAME_MISMATCH;
+#else /* Heimdal (where this is an enum) */
+		return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
+#endif
+	}
+
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+/*
+ * Check if a given entry may delegate to this target principal
+ * with S4U2Proxy.
+ */
+krb5_error_code
+samba_kdc_check_s4u2proxy(krb5_context context,
+			  struct samba_kdc_db_context *kdc_db_ctx,
+			  struct samba_kdc_entry *skdc_entry,
+			  krb5_const_principal target_principal)
+{
+	krb5_error_code ret;
+	char *tmp = NULL;
+	const char *client_dn = NULL;
+	const char *target_principal_name = NULL;
+	struct ldb_message_element *el;
+	struct ldb_val val;
+	unsigned int i;
+	bool found = false;
+
+	TALLOC_CTX *mem_ctx = talloc_named(kdc_db_ctx, 0, "samba_kdc_check_s4u2proxy");
+
+	if (!mem_ctx) {
+		ret = ENOMEM;
+		krb5_set_error_message(context, ret,
+				       "samba_kdc_check_s4u2proxy:"
+				       " talloc_named() failed!");
+		return ret;
+	}
+
+	client_dn = ldb_dn_get_linearized(skdc_entry->msg->dn);
+	if (!client_dn) {
+		if (errno == 0) {
+			errno = ENOMEM;
+		}
+		ret = errno;
+		krb5_set_error_message(context, ret,
+				       "samba_kdc_check_s4u2proxy:"
+				       " ldb_dn_get_linearized() failed!");
+		talloc_free(mem_ctx);
+		return ret;
+	}
+
+	el = ldb_msg_find_element(skdc_entry->msg, "msDS-AllowedToDelegateTo");
+	if (el == NULL) {
+		ret = ENOENT;
+		goto bad_option;
+	}
+	SMB_ASSERT(el->num_values != 0);
+
+	/*
+	 * This is the Microsoft forwardable flag behavior.
+	 *
+	 * If the proxy (target) principal is NULL, and we have any authorized
+	 * delegation target, allow to forward.
+	 */
+	if (target_principal == NULL) {
+		talloc_free(mem_ctx);
+		return 0;
+	}
+
+
+	/*
+	 * The main heimdal code already checked that the target_principal
+	 * belongs to the same realm as the client.
+	 *
+	 * So we just need the principal without the realm,
+	 * as that is what is configured in the "msDS-AllowedToDelegateTo"
+	 * attribute.
+	 */
+	ret = krb5_unparse_name_flags(context, target_principal,
+				      KRB5_PRINCIPAL_UNPARSE_NO_REALM, &tmp);
+	if (ret) {
+		talloc_free(mem_ctx);
+		krb5_set_error_message(context, ret,
+				       "samba_kdc_check_s4u2proxy:"
+				       " krb5_unparse_name_flags() failed!");
+		return ret;
+	}
+	DBG_DEBUG("client[%s] for target[%s]\n",
+		  client_dn, tmp);
+
+	target_principal_name = talloc_strdup(mem_ctx, tmp);
+	SAFE_FREE(tmp);
+	if (target_principal_name == NULL) {
+		ret = ENOMEM;
+		krb5_set_error_message(context, ret,
+				       "samba_kdc_check_s4u2proxy:"
+				       " talloc_strdup() failed!");
+		talloc_free(mem_ctx);
+		return ret;
+	}
+
+	val = data_blob_string_const(target_principal_name);
+
+	for (i=0; i<el->num_values; i++) {
+		struct ldb_val *val1 = &val;
+		struct ldb_val *val2 = &el->values[i];
+		int cmp;
+
+		if (val1->length != val2->length) {
+			continue;
+		}
+
+		cmp = strncasecmp((const char *)val1->data,
+				  (const char *)val2->data,
+				  val1->length);
+		if (cmp != 0) {
+			continue;
+		}
+
+		found = true;
+		break;
+	}
+
+	if (!found) {
+		ret = ENOENT;
+		goto bad_option;
+	}
+
+	DBG_DEBUG("client[%s] allowed target[%s]\n",
+		  client_dn, target_principal_name);
+	talloc_free(mem_ctx);
+	return 0;
+
+bad_option:
+	krb5_set_error_message(context, ret,
+			       "samba_kdc_check_s4u2proxy: client[%s] "
+			       "not allowed for delegation to target[%s]",
+			       client_dn,
+			       target_principal_name);
+	talloc_free(mem_ctx);
+	return KRB5KDC_ERR_BADOPTION;
+}
+
+/*
+ * This method is called for S4U2Proxy requests and implements the
+ * resource-based constrained delegation variant, which can support
+ * cross-realm delegation.
+ */
+krb5_error_code samba_kdc_check_s4u2proxy_rbcd(
+		krb5_context context,
+		struct samba_kdc_db_context *kdc_db_ctx,
+		krb5_const_principal client_principal,
+		krb5_const_principal server_principal,
+		const struct auth_user_info_dc *user_info_dc,
+		const struct auth_user_info_dc *device_info_dc,
+		const struct auth_claims auth_claims,
+		struct samba_kdc_entry *proxy_skdc_entry)
+{
+	krb5_error_code code;
+	enum ndr_err_code ndr_err;
+	char *client_name = NULL;
+	char *server_name = NULL;
+	const char *proxy_dn = NULL;
+	const DATA_BLOB *data = NULL;
+	struct security_descriptor *rbcd_security_descriptor = NULL;
+	struct security_token *security_token = NULL;
+	uint32_t session_info_flags =
+		AUTH_SESSION_INFO_DEFAULT_GROUPS |
+		AUTH_SESSION_INFO_DEVICE_DEFAULT_GROUPS |
+		AUTH_SESSION_INFO_SIMPLE_PRIVILEGES |
+		AUTH_SESSION_INFO_FORCE_COMPOUNDED_AUTHENTICATION;
+	/*
+	 * Testing shows that although Windows grants SEC_ADS_GENERIC_ALL access
+	 * in security descriptors it creates for RBCD, its KDC only requires
+	 * SEC_ADS_CONTROL_ACCESS for the access check to succeed.
+	 */
+	uint32_t access_desired = SEC_ADS_CONTROL_ACCESS;
+	uint32_t access_granted = 0;
+	NTSTATUS nt_status;
+	TALLOC_CTX *mem_ctx = NULL;
+
+	mem_ctx = talloc_named(kdc_db_ctx,
+			       0,
+			       "samba_kdc_check_s4u2proxy_rbcd");
+	if (mem_ctx == NULL) {
+		errno = ENOMEM;
+		code = errno;
+
+		return code;
+	}
+
+	proxy_dn = ldb_dn_get_linearized(proxy_skdc_entry->msg->dn);
+	if (proxy_dn == NULL) {
+		DBG_ERR("ldb_dn_get_linearized failed for proxy_dn!\n");
+		if (errno == 0) {
+			errno = ENOMEM;
+		}
+		code = errno;
+
+		goto out;
+	}
+
+	rbcd_security_descriptor = talloc_zero(mem_ctx,
+					       struct security_descriptor);
+	if (rbcd_security_descriptor == NULL) {
+		errno = ENOMEM;
+		code = errno;
+
+		goto out;
+	}
+
+	code = krb5_unparse_name_flags(context,
+				       client_principal,
+				       KRB5_PRINCIPAL_UNPARSE_DISPLAY,
+				       &client_name);
+	if (code != 0) {
+		DBG_ERR("Unable to parse client_principal!\n");
+		goto out;
+	}
+
+	code = krb5_unparse_name_flags(context,
+				       server_principal,
+				       KRB5_PRINCIPAL_UNPARSE_DISPLAY,
+				       &server_name);
+	if (code != 0) {
+		DBG_ERR("Unable to parse server_principal!\n");
+		goto out;
+	}
+
+	DBG_INFO("Check delegation from client[%s] to server[%s] via "
+		 "proxy[%s]\n",
+		 client_name,
+		 server_name,
+		 proxy_dn);
+
+	if (!(user_info_dc->info->user_flags & NETLOGON_GUEST)) {
+		session_info_flags |= AUTH_SESSION_INFO_AUTHENTICATED;
+	}
+
+	if (device_info_dc != NULL && !(device_info_dc->info->user_flags & NETLOGON_GUEST)) {
+		session_info_flags |= AUTH_SESSION_INFO_DEVICE_AUTHENTICATED;
+	}
+
+	nt_status = auth_generate_security_token(mem_ctx,
+						 kdc_db_ctx->lp_ctx,
+						 kdc_db_ctx->samdb,
+						 user_info_dc,
+						 device_info_dc,
+						 auth_claims,
+						 session_info_flags,
+						 &security_token);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		code = map_errno_from_nt_status(nt_status);
+		goto out;
+	}
+
+	data = ldb_msg_find_ldb_val(proxy_skdc_entry->msg,
+				    "msDS-AllowedToActOnBehalfOfOtherIdentity");
+	if (data == NULL) {
+		DBG_WARNING("Could not find security descriptor "
+			    "msDS-AllowedToActOnBehalfOfOtherIdentity in "
+			    "proxy[%s]\n",
+			    proxy_dn);
+		code = KRB5KDC_ERR_BADOPTION;
+		goto out;
+	}
+
+	ndr_err = ndr_pull_struct_blob(
+			data,
+			mem_ctx,
+			rbcd_security_descriptor,
+			(ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		errno = ndr_map_error2errno(ndr_err);
+		DBG_ERR("Failed to unmarshall "
+			"msDS-AllowedToActOnBehalfOfOtherIdentity "
+			"security descriptor of proxy[%s]\n",
+			proxy_dn);
+		code = KRB5KDC_ERR_BADOPTION;
+		goto out;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_DEBUG(security_token, security_token);
+		NDR_PRINT_DEBUG(security_descriptor, rbcd_security_descriptor);
+	}
+
+	nt_status = sec_access_check_ds(rbcd_security_descriptor,
+					security_token,
+					access_desired,
+					&access_granted,
+					NULL,
+					NULL);
+
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		DBG_WARNING("RBCD: sec_access_check_ds(access_desired=%#08x, "
+			    "access_granted:%#08x) failed with: %s\n",
+			    access_desired,
+			    access_granted,
+			    nt_errstr(nt_status));
+
+		code = KRB5KDC_ERR_BADOPTION;
+		goto out;
+	}
+
+	DBG_NOTICE("RBCD: Access granted for client[%s]\n", client_name);
+
+	code = 0;
+out:
+	SAFE_FREE(client_name);
+	SAFE_FREE(server_name);
+
+	TALLOC_FREE(mem_ctx);
+	return code;
+}
+
+NTSTATUS samba_kdc_setup_db_ctx(TALLOC_CTX *mem_ctx, struct samba_kdc_base_context *base_ctx,
+				struct samba_kdc_db_context **kdc_db_ctx_out)
+{
+	int ldb_ret;
+	struct ldb_message *msg = NULL;
+	struct auth_session_info *session_info = NULL;
+	struct samba_kdc_db_context *kdc_db_ctx = NULL;
+	/* The idea here is very simple.  Using Kerberos to
+	 * authenticate the KDC to the LDAP server is highly likely to
+	 * be circular.
+	 *
+	 * In future we may set this up to use EXTERNAL and SSL
+	 * certificates, for now it will almost certainly be NTLMSSP_SET_USERNAME
+	*/
+
+	kdc_db_ctx = talloc_zero(mem_ctx, struct samba_kdc_db_context);
+	if (kdc_db_ctx == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	kdc_db_ctx->ev_ctx = base_ctx->ev_ctx;
+	kdc_db_ctx->lp_ctx = base_ctx->lp_ctx;
+	kdc_db_ctx->msg_ctx = base_ctx->msg_ctx;
+
+	/* get default kdc policy */
+	lpcfg_default_kdc_policy(mem_ctx,
+				 base_ctx->lp_ctx,
+				 &kdc_db_ctx->policy.svc_tkt_lifetime,
+				 &kdc_db_ctx->policy.usr_tkt_lifetime,
+				 &kdc_db_ctx->policy.renewal_lifetime);
+
+	session_info = system_session(kdc_db_ctx->lp_ctx);
+	if (session_info == NULL) {
+		talloc_free(kdc_db_ctx);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	/* Setup the link to LDB */
+	kdc_db_ctx->samdb = samdb_connect(kdc_db_ctx,
+					  base_ctx->ev_ctx,
+					  base_ctx->lp_ctx,
+					  session_info,
+					  NULL,
+					  0);
+	if (kdc_db_ctx->samdb == NULL) {
+		DBG_WARNING("Cannot open samdb for KDC backend!\n");
+		talloc_free(kdc_db_ctx);
+		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+	}
+
+	/* Find out our own krbtgt kvno */
+	ldb_ret = samdb_rodc(kdc_db_ctx->samdb, &kdc_db_ctx->rodc);
+	if (ldb_ret != LDB_SUCCESS) {
+		DBG_WARNING("Cannot determine if we are an RODC in KDC backend: %s\n",
+			    ldb_errstring(kdc_db_ctx->samdb));
+		talloc_free(kdc_db_ctx);
+		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+	}
+	if (kdc_db_ctx->rodc) {
+		int my_krbtgt_number;
+		const char *secondary_keytab[] = { "msDS-SecondaryKrbTgtNumber", NULL };
+		struct ldb_dn *account_dn = NULL;
+		struct ldb_dn *server_dn = samdb_server_dn(kdc_db_ctx->samdb, kdc_db_ctx);
+		if (!server_dn) {
+			DBG_WARNING("Cannot determine server DN in KDC backend: %s\n",
+				    ldb_errstring(kdc_db_ctx->samdb));
+			talloc_free(kdc_db_ctx);
+			return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+		}
+
+		ldb_ret = samdb_reference_dn(kdc_db_ctx->samdb, kdc_db_ctx, server_dn,
+					     "serverReference", &account_dn);
+		if (ldb_ret != LDB_SUCCESS) {
+			DBG_WARNING("Cannot determine server account in KDC backend: %s\n",
+				    ldb_errstring(kdc_db_ctx->samdb));
+			talloc_free(kdc_db_ctx);
+			return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+		}
+
+		ldb_ret = samdb_reference_dn(kdc_db_ctx->samdb, kdc_db_ctx, account_dn,
+					     "msDS-KrbTgtLink", &kdc_db_ctx->krbtgt_dn);
+		talloc_free(account_dn);
+		if (ldb_ret != LDB_SUCCESS) {
+			DBG_WARNING("Cannot determine RODC krbtgt account in KDC backend: %s\n",
+				    ldb_errstring(kdc_db_ctx->samdb));
+			talloc_free(kdc_db_ctx);
+			return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+		}
+
+		ldb_ret = dsdb_search_one(kdc_db_ctx->samdb, kdc_db_ctx,
+					  &msg, kdc_db_ctx->krbtgt_dn, LDB_SCOPE_BASE,
+					  secondary_keytab,
+					  DSDB_SEARCH_NO_GLOBAL_CATALOG,
+					  "(&(objectClass=user)(msDS-SecondaryKrbTgtNumber=*))");
+		if (ldb_ret != LDB_SUCCESS) {
+			DBG_WARNING("Cannot read krbtgt account %s in KDC backend to get msDS-SecondaryKrbTgtNumber: %s: %s\n",
+				    ldb_dn_get_linearized(kdc_db_ctx->krbtgt_dn),
+				    ldb_errstring(kdc_db_ctx->samdb),
+				    ldb_strerror(ldb_ret));
+			talloc_free(kdc_db_ctx);
+			return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+		}
+		my_krbtgt_number = ldb_msg_find_attr_as_int(msg, "msDS-SecondaryKrbTgtNumber", -1);
+		if (my_krbtgt_number == -1) {
+			DBG_WARNING("Cannot read msDS-SecondaryKrbTgtNumber from krbtgt account %s in KDC backend: got %d\n",
+				    ldb_dn_get_linearized(kdc_db_ctx->krbtgt_dn),
+				    my_krbtgt_number);
+			talloc_free(kdc_db_ctx);
+			return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+		}
+		kdc_db_ctx->my_krbtgt_number = my_krbtgt_number;
+
+	} else {
+		kdc_db_ctx->my_krbtgt_number = 0;
+		ldb_ret = dsdb_search_one(kdc_db_ctx->samdb, kdc_db_ctx,
+					  &msg,
+					  ldb_get_default_basedn(kdc_db_ctx->samdb),
+					  LDB_SCOPE_SUBTREE,
+					  krbtgt_attrs,
+					  DSDB_SEARCH_NO_GLOBAL_CATALOG,
+					  "(&(objectClass=user)(samAccountName=krbtgt))");
+
+		if (ldb_ret != LDB_SUCCESS) {
+			DBG_WARNING("could not find own KRBTGT in DB: %s\n", ldb_errstring(kdc_db_ctx->samdb));
+			talloc_free(kdc_db_ctx);
+			return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+		}
+		kdc_db_ctx->krbtgt_dn = talloc_steal(kdc_db_ctx, msg->dn);
+		kdc_db_ctx->my_krbtgt_number = 0;
+		talloc_free(msg);
+	}
+	*kdc_db_ctx_out = kdc_db_ctx;
+	return NT_STATUS_OK;
+}
+
+krb5_error_code dsdb_extract_aes_256_key(krb5_context context,
+					 TALLOC_CTX *mem_ctx,
+					 const struct ldb_message *msg,
+					 uint32_t user_account_control,
+					 const uint32_t *kvno,
+					 uint32_t *kvno_out,
+					 DATA_BLOB *aes_256_key,
+					 DATA_BLOB *salt)
+{
+	krb5_error_code krb5_ret;
+	uint32_t supported_enctypes;
+	unsigned flags = SDB_F_GET_CLIENT;
+	struct sdb_entry sentry = {};
+
+	if (kvno != NULL) {
+		flags |= SDB_F_KVNO_SPECIFIED;
+	}
+
+	krb5_ret = samba_kdc_message2entry_keys(context,
+						mem_ctx,
+						msg,
+						false, /* is_krbtgt */
+						false, /* is_rodc */
+						user_account_control,
+						SAMBA_KDC_ENT_TYPE_CLIENT,
+						flags,
+						(kvno != NULL) ? *kvno : 0,
+						&sentry,
+						ENC_HMAC_SHA1_96_AES256,
+						&supported_enctypes);
+	if (krb5_ret != 0) {
+		const char *krb5_err = krb5_get_error_message(context, krb5_ret);
+
+		DBG_ERR("Failed to parse supplementalCredentials "
+			"of %s with %s kvno using "
+			"ENCTYPE_HMAC_SHA1_96_AES256 "
+			"Kerberos Key: %s\n",
+			ldb_dn_get_linearized(msg->dn),
+			(kvno != NULL) ? "previous" : "current",
+			krb5_err != NULL ? krb5_err : "<unknown>");
+
+		krb5_free_error_message(context, krb5_err);
+
+		return krb5_ret;
+	}
+
+	if ((supported_enctypes & ENC_HMAC_SHA1_96_AES256) == 0 ||
+	    sentry.keys.len != 1) {
+		DBG_INFO("Failed to find a ENCTYPE_HMAC_SHA1_96_AES256 "
+			 "key in supplementalCredentials "
+			 "of %s at KVNO %u (got %u keys, expected 1)\n",
+			 ldb_dn_get_linearized(msg->dn),
+			 sentry.kvno,
+			 sentry.keys.len);
+		sdb_entry_free(&sentry);
+		return ENOENT;
+	}
+
+	if (sentry.keys.val[0].salt == NULL) {
+		DBG_INFO("Failed to find a salt in "
+			 "supplementalCredentials "
+			 "of %s at KVNO %u\n",
+			 ldb_dn_get_linearized(msg->dn),
+			 sentry.kvno);
+		sdb_entry_free(&sentry);
+		return ENOENT;
+	}
+
+	if (aes_256_key != NULL) {
+		*aes_256_key = data_blob_talloc(mem_ctx,
+						KRB5_KEY_DATA(&sentry.keys.val[0].key),
+						KRB5_KEY_LENGTH(&sentry.keys.val[0].key));
+		if (aes_256_key->data == NULL) {
+			sdb_entry_free(&sentry);
+			return ENOMEM;
+		}
+		talloc_keep_secret(aes_256_key->data);
+	}
+
+	if (salt != NULL) {
+		*salt = data_blob_talloc(mem_ctx,
+					 sentry.keys.val[0].salt->salt.data,
+					 sentry.keys.val[0].salt->salt.length);
+		if (salt->data == NULL) {
+			sdb_entry_free(&sentry);
+			return ENOMEM;
+		}
+	}
+
+	if (kvno_out != NULL) {
+		*kvno_out = sentry.kvno;
+	}
+
+	sdb_entry_free(&sentry);
+
+	return 0;
+}
diff --git a/source4/kdc/db-glue.h b/source4/kdc/db-glue.h
new file mode 100644
index 0000000..fb74726
--- /dev/null
+++ b/source4/kdc/db-glue.h
@@ -0,0 +1,113 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Database Glue between Samba and the KDC
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2009
+   Copyright (C) Simo Sorce <idra@samba.org> 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+struct sdb_keys;
+struct sdb_entry;
+
+struct samba_kdc_base_context;
+struct samba_kdc_db_context;
+struct samba_kdc_entry;
+
+enum samba_kdc_ent_type {
+	SAMBA_KDC_ENT_TYPE_CLIENT,
+	SAMBA_KDC_ENT_TYPE_SERVER,
+	SAMBA_KDC_ENT_TYPE_KRBTGT,
+	SAMBA_KDC_ENT_TYPE_TRUST,
+	SAMBA_KDC_ENT_TYPE_ANY
+};
+
+/*
+ * This allows DSDB to parse Kerberos keys without duplicating this
+ * difficulty
+ */
+krb5_error_code samba_kdc_message2entry_keys(krb5_context context,
+					     TALLOC_CTX *mem_ctx,
+					     const struct ldb_message *msg,
+					     bool is_krbtgt,
+					     bool is_rodc,
+					     uint32_t userAccountControl,
+					     enum samba_kdc_ent_type ent_type,
+					     unsigned flags,
+					     krb5_kvno requested_kvno,
+					     struct sdb_entry *entry,
+					     const uint32_t supported_enctypes_in,
+					     uint32_t *supported_enctypes_out);
+
+int samba_kdc_set_fixed_keys(krb5_context context,
+			     const struct ldb_val *secretbuffer,
+			     uint32_t supported_enctypes,
+			     struct sdb_keys *keys);
+
+krb5_error_code samba_kdc_fetch(krb5_context context,
+				struct samba_kdc_db_context *kdc_db_ctx,
+				krb5_const_principal principal,
+				unsigned flags,
+				krb5_kvno kvno,
+				struct sdb_entry *entry);
+
+krb5_error_code samba_kdc_firstkey(krb5_context context,
+				   struct samba_kdc_db_context *kdc_db_ctx,
+				   struct sdb_entry *entry);
+
+krb5_error_code samba_kdc_nextkey(krb5_context context,
+				  struct samba_kdc_db_context *kdc_db_ctx,
+				  struct sdb_entry *entry);
+
+krb5_error_code
+samba_kdc_check_client_matches_target_service(krb5_context context,
+			 struct samba_kdc_entry *skdc_entry_client,
+			 struct samba_kdc_entry *skdc_entry_server_target);
+
+krb5_error_code
+samba_kdc_check_pkinit_ms_upn_match(krb5_context context,
+				    struct samba_kdc_db_context *kdc_db_ctx,
+				    struct samba_kdc_entry *skdc_entry,
+				    krb5_const_principal certificate_principal);
+
+krb5_error_code
+samba_kdc_check_s4u2proxy(krb5_context context,
+			  struct samba_kdc_db_context *kdc_db_ctx,
+			  struct samba_kdc_entry *skdc_entry,
+			  krb5_const_principal target_principal);
+
+krb5_error_code samba_kdc_check_s4u2proxy_rbcd(
+		krb5_context context,
+		struct samba_kdc_db_context *kdc_db_ctx,
+		krb5_const_principal client_principal,
+		krb5_const_principal server_principal,
+		const struct auth_user_info_dc *user_info_dc,
+		const struct auth_user_info_dc *device_info_dc,
+		const struct auth_claims auth_claims,
+		struct samba_kdc_entry *proxy_skdc_entry);
+
+NTSTATUS samba_kdc_setup_db_ctx(TALLOC_CTX *mem_ctx, struct samba_kdc_base_context *base_ctx,
+				struct samba_kdc_db_context **kdc_db_ctx_out);
+
+krb5_error_code dsdb_extract_aes_256_key(krb5_context context,
+					 TALLOC_CTX *mem_ctx,
+					 const struct ldb_message *msg,
+					 uint32_t user_account_control,
+					 const uint32_t *kvno,
+					 uint32_t *kvno_out,
+					 DATA_BLOB *aes_256_key,
+					 DATA_BLOB *salt);
diff --git a/source4/kdc/hdb-samba4-plugin.c b/source4/kdc/hdb-samba4-plugin.c
new file mode 100644
index 0000000..be6d243
--- /dev/null
+++ b/source4/kdc/hdb-samba4-plugin.c
@@ -0,0 +1,85 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   KDC Server startup
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-20011
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "kdc/kdc-glue.h"
+#include "lib/param/param.h"
+
+static krb5_error_code hdb_samba4_create(krb5_context context, struct HDB **db, const char *arg)
+{
+	NTSTATUS nt_status;
+	void *ptr = NULL;
+	struct samba_kdc_base_context *base_ctx = NULL;
+
+	if (sscanf(arg, "&%p", &ptr) != 1) {
+		return EINVAL;
+	}
+
+	base_ctx = talloc_get_type_abort(ptr, struct samba_kdc_base_context);
+
+	/* The global kdc_mem_ctx and kdc_lp_ctx, Disgusting, ugly hack, but it means one less private hook */
+	nt_status = hdb_samba4_kpasswd_create_kdc(base_ctx, context, db);
+
+	if (NT_STATUS_IS_OK(nt_status)) {
+		return 0;
+	} else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_ERROR_DS_INCOMPATIBLE_VERSION)) {
+		return EINVAL;
+	} else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_CANT_ACCESS_DOMAIN_INFO)) {
+		
+		krb5_set_error_message(context, EINVAL, "Failed to open Samba4 LDB at %s", lpcfg_private_path(base_ctx, base_ctx->lp_ctx, "sam.ldb"));
+	} else {
+		krb5_set_error_message(context, EINVAL, "Failed to connect to Samba4 DB: %s (%s)", get_friendly_nt_error_msg(nt_status), nt_errstr(nt_status));
+	}
+
+	return EINVAL;
+}
+
+#if (HDB_INTERFACE_VERSION != 11)
+#error "Unsupported Heimdal HDB version"
+#endif
+
+#if HDB_INTERFACE_VERSION >= 8
+static krb5_error_code hdb_samba4_init(krb5_context context, void **ctx)
+{
+	*ctx = NULL;
+	return 0;
+}
+
+static void hdb_samba4_fini(void *ctx)
+{
+}
+#endif
+
+/* Only used in the hdb-backed keytab code
+ * for a keytab of 'samba4&<address>' or samba4, to find
+ * kpasswd's key in the main DB
+ *
+ * The <address> is the string form of a pointer to a talloced struct hdb_samba_context
+ */
+struct hdb_method hdb_samba4_interface = {
+	HDB_INTERFACE_VERSION,
+#if HDB_INTERFACE_VERSION >= 8
+	.init = hdb_samba4_init,
+	.fini = hdb_samba4_fini,
+#endif
+	.prefix = "samba4",
+	.create = hdb_samba4_create
+};
diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c
new file mode 100644
index 0000000..40161b5
--- /dev/null
+++ b/source4/kdc/hdb-samba4.c
@@ -0,0 +1,1267 @@
+/*
+ * Copyright (c) 1999-2001, 2003, PADL Software Pty Ltd.
+ * Copyright (c) 2004-2009, Andrew Bartlett <abartlet@samba.org>.
+ * Copyright (c) 2004, Stefan Metzmacher <metze@samba.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of PADL Software  nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "includes.h"
+#include "kdc/kdc-glue.h"
+#include "kdc/db-glue.h"
+#include "kdc/pac-glue.h"
+#include "auth/auth_sam.h"
+#include "auth/common_auth.h"
+#include "auth/authn_policy.h"
+#include <ldb.h>
+#include "sdb.h"
+#include "sdb_hdb.h"
+#include "dsdb/samdb/samdb.h"
+#include "param/param.h"
+#include "../lib/tsocket/tsocket.h"
+#include "librpc/gen_ndr/ndr_winbind_c.h"
+#include "lib/messaging/irpc.h"
+#include "hdb.h"
+#include <kdc-audit.h>
+#include <kdc-plugin.h>
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_KERBEROS
+
+static krb5_error_code hdb_samba4_open(krb5_context context, HDB *db, int flags, mode_t mode)
+{
+	if (db->hdb_master_key_set) {
+		krb5_error_code ret = HDB_ERR_NOENTRY;
+		krb5_warnx(context, "hdb_samba4_open: use of a master key incompatible with LDB\n");
+		krb5_set_error_message(context, ret, "hdb_samba4_open: use of a master key incompatible with LDB\n");
+		return ret;
+	}
+
+	return 0;
+}
+
+static krb5_error_code hdb_samba4_close(krb5_context context, HDB *db)
+{
+	return 0;
+}
+
+static krb5_error_code hdb_samba4_lock(krb5_context context, HDB *db, int operation)
+{
+	return 0;
+}
+
+static krb5_error_code hdb_samba4_unlock(krb5_context context, HDB *db)
+{
+	return 0;
+}
+
+static krb5_error_code hdb_samba4_rename(krb5_context context, HDB *db, const char *new_name)
+{
+	return HDB_ERR_DB_INUSE;
+}
+
+static krb5_error_code hdb_samba4_store(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
+{
+	return HDB_ERR_DB_INUSE;
+}
+
+/*
+ * If we ever want kadmin to work fast, we might try and reopen the
+ * ldb with LDB_NOSYNC
+ */
+static krb5_error_code hdb_samba4_set_sync(krb5_context context, struct HDB *db, int set_sync)
+{
+	return 0;
+}
+
+static void hdb_samba4_free_entry_context(krb5_context context, struct HDB *db, hdb_entry *entry)
+{
+	/*
+	 * This function is now called for every HDB entry, not just those with
+	 * 'context' set, so we have to check that the context is not NULL.
+	*/
+	if (entry->context != NULL) {
+		struct samba_kdc_entry *skdc_entry =
+			talloc_get_type_abort(entry->context,
+			struct samba_kdc_entry);
+
+		/* this function is called only from hdb_free_entry().
+		 * Make sure we neutralize the destructor or we will
+		 * get a double free later when hdb_free_entry() will
+		 * try to call free_hdb_entry() */
+		entry->context = NULL;
+		skdc_entry->kdc_entry = NULL;
+		TALLOC_FREE(skdc_entry);
+	}
+}
+
+static krb5_error_code hdb_samba4_fetch_fast_cookie(krb5_context context,
+						    struct samba_kdc_db_context *kdc_db_ctx,
+						    hdb_entry *entry)
+{
+	DBG_ERR("Looked up HDB entry for unsupported FX-COOKIE.\n");
+	return HDB_ERR_NOENTRY;
+}
+
+static krb5_error_code hdb_samba4_fetch_kvno(krb5_context context, HDB *db,
+					     krb5_const_principal principal,
+					     unsigned flags,
+					     krb5_kvno kvno,
+					     hdb_entry *entry)
+{
+	struct samba_kdc_db_context *kdc_db_ctx;
+	struct sdb_entry sentry = {};
+	krb5_error_code code, ret;
+	uint32_t sflags;
+
+	kdc_db_ctx = talloc_get_type_abort(db->hdb_db,
+					   struct samba_kdc_db_context);
+
+	if (flags & HDB_F_GET_FAST_COOKIE) {
+		return hdb_samba4_fetch_fast_cookie(context,
+						    kdc_db_ctx,
+						    entry);
+	}
+
+	sflags = (flags & SDB_F_HDB_MASK);
+
+	ret = samba_kdc_fetch(context,
+			      kdc_db_ctx,
+			      principal,
+			      sflags,
+			      kvno,
+			      &sentry);
+	switch (ret) {
+	case 0:
+		code = 0;
+		break;
+	case SDB_ERR_WRONG_REALM:
+		/*
+		 * If SDB_ERR_WRONG_REALM is returned we need to process the
+		 * sdb_entry to fill the principal in the HDB entry.
+		 */
+		code = HDB_ERR_WRONG_REALM;
+		break;
+	case SDB_ERR_NOENTRY:
+		return HDB_ERR_NOENTRY;
+	case SDB_ERR_NOT_FOUND_HERE:
+		return HDB_ERR_NOT_FOUND_HERE;
+	default:
+		return ret;
+	}
+
+	ret = sdb_entry_to_hdb_entry(context, &sentry, entry);
+	sdb_entry_free(&sentry);
+
+	if (code == 0) {
+		code = ret;
+	}
+
+	return code;
+}
+
+static krb5_error_code hdb_samba4_kpasswd_fetch_kvno(krb5_context context, HDB *db,
+						     krb5_const_principal _principal,
+						     unsigned flags,
+						     krb5_kvno _kvno,
+						     hdb_entry *entry)
+{
+	struct samba_kdc_db_context *kdc_db_ctx = NULL;
+	krb5_error_code ret;
+	krb5_principal kpasswd_principal = NULL;
+
+	kdc_db_ctx = talloc_get_type_abort(db->hdb_db,
+					   struct samba_kdc_db_context);
+
+	ret = smb_krb5_make_principal(context, &kpasswd_principal,
+				      lpcfg_realm(kdc_db_ctx->lp_ctx),
+				      "kadmin", "changepw",
+				      NULL);
+	if (ret) {
+		return ret;
+	}
+	smb_krb5_principal_set_type(context, kpasswd_principal, KRB5_NT_SRV_INST);
+
+	/*
+	 * For the kpasswd service, always ensure we get the latest kvno. This
+	 * also means we (correctly) refuse RODC-issued tickets.
+	 */
+	flags &= ~HDB_F_KVNO_SPECIFIED;
+
+	/* Don't bother looking up a client or krbtgt. */
+	flags &= ~(HDB_F_GET_CLIENT|HDB_F_GET_KRBTGT);
+
+	ret = hdb_samba4_fetch_kvno(context, db,
+				    kpasswd_principal,
+				    flags,
+				    0,
+				    entry);
+
+	krb5_free_principal(context, kpasswd_principal);
+	return ret;
+}
+
+static krb5_error_code hdb_samba4_firstkey(krb5_context context, HDB *db, unsigned flags,
+					hdb_entry *entry)
+{
+	struct samba_kdc_db_context *kdc_db_ctx;
+	struct sdb_entry sentry = {};
+	krb5_error_code ret;
+
+	kdc_db_ctx = talloc_get_type_abort(db->hdb_db,
+					   struct samba_kdc_db_context);
+
+	ret = samba_kdc_firstkey(context, kdc_db_ctx, &sentry);
+	switch (ret) {
+	case 0:
+		break;
+	case SDB_ERR_WRONG_REALM:
+		return HDB_ERR_WRONG_REALM;
+	case SDB_ERR_NOENTRY:
+		return HDB_ERR_NOENTRY;
+	case SDB_ERR_NOT_FOUND_HERE:
+		return HDB_ERR_NOT_FOUND_HERE;
+	default:
+		return ret;
+	}
+
+	ret = sdb_entry_to_hdb_entry(context, &sentry, entry);
+	sdb_entry_free(&sentry);
+	return ret;
+}
+
+static krb5_error_code hdb_samba4_nextkey(krb5_context context, HDB *db, unsigned flags,
+				   hdb_entry *entry)
+{
+	struct samba_kdc_db_context *kdc_db_ctx;
+	struct sdb_entry sentry = {};
+	krb5_error_code ret;
+
+	kdc_db_ctx = talloc_get_type_abort(db->hdb_db,
+					   struct samba_kdc_db_context);
+
+	ret = samba_kdc_nextkey(context, kdc_db_ctx, &sentry);
+	switch (ret) {
+	case 0:
+		break;
+	case SDB_ERR_WRONG_REALM:
+		return HDB_ERR_WRONG_REALM;
+	case SDB_ERR_NOENTRY:
+		return HDB_ERR_NOENTRY;
+	case SDB_ERR_NOT_FOUND_HERE:
+		return HDB_ERR_NOT_FOUND_HERE;
+	default:
+		return ret;
+	}
+
+	ret = sdb_entry_to_hdb_entry(context, &sentry, entry);
+	sdb_entry_free(&sentry);
+	return ret;
+}
+
+static krb5_error_code hdb_samba4_nextkey_panic(krb5_context context, HDB *db,
+						unsigned flags,
+						hdb_entry *entry)
+{
+	DBG_ERR("Attempt to iterate kpasswd keytab => PANIC\n");
+	smb_panic("hdb_samba4_nextkey_panic: Attempt to iterate kpasswd keytab");
+}
+
+static krb5_error_code hdb_samba4_destroy(krb5_context context, HDB *db)
+{
+	talloc_free(db);
+	return 0;
+}
+
+static krb5_error_code
+hdb_samba4_check_constrained_delegation(krb5_context context, HDB *db,
+					hdb_entry *entry,
+					krb5_const_principal target_principal)
+{
+	struct samba_kdc_db_context *kdc_db_ctx = NULL;
+	struct samba_kdc_entry *skdc_entry = NULL;
+
+	kdc_db_ctx = talloc_get_type_abort(db->hdb_db,
+					   struct samba_kdc_db_context);
+	skdc_entry = talloc_get_type_abort(entry->context,
+					   struct samba_kdc_entry);
+
+	return samba_kdc_check_s4u2proxy(context, kdc_db_ctx,
+					 skdc_entry,
+					 target_principal);
+}
+
+static krb5_error_code
+hdb_samba4_check_rbcd(krb5_context context, HDB *db,
+		      const hdb_entry *client_krbtgt,
+		      const hdb_entry *client,
+		      const hdb_entry *device_krbtgt,
+		      const hdb_entry *device,
+		      krb5_const_principal server_principal,
+		      krb5_const_pac header_pac,
+		      krb5_const_pac device_pac,
+		      const hdb_entry *proxy)
+{
+	struct samba_kdc_db_context *kdc_db_ctx = NULL;
+	struct samba_kdc_entry *client_skdc_entry = NULL;
+	const struct samba_kdc_entry *client_krbtgt_skdc_entry = NULL;
+	struct samba_kdc_entry *proxy_skdc_entry = NULL;
+	const struct auth_user_info_dc *client_info = NULL;
+	const struct auth_user_info_dc *device_info = NULL;
+	struct samba_kdc_entry_pac client_pac_entry = {};
+	struct auth_claims auth_claims = {};
+	TALLOC_CTX *mem_ctx = NULL;
+	krb5_error_code code;
+
+	kdc_db_ctx = talloc_get_type_abort(db->hdb_db,
+					   struct samba_kdc_db_context);
+	client_skdc_entry = talloc_get_type_abort(client->context,
+						  struct samba_kdc_entry);
+	client_krbtgt_skdc_entry = talloc_get_type_abort(client_krbtgt->context,
+							 struct samba_kdc_entry);
+	proxy_skdc_entry = talloc_get_type_abort(proxy->context,
+						 struct samba_kdc_entry);
+
+	mem_ctx = talloc_new(kdc_db_ctx);
+	if (mem_ctx == NULL) {
+		return ENOMEM;
+	}
+
+	client_pac_entry = samba_kdc_entry_pac(header_pac,
+					       client_skdc_entry,
+					       samba_kdc_entry_is_trust(client_krbtgt_skdc_entry));
+
+	code = samba_kdc_get_user_info_dc(mem_ctx,
+					  context,
+					  kdc_db_ctx->samdb,
+					  client_pac_entry,
+					  &client_info,
+					  NULL /* resource_groups_out */);
+	if (code != 0) {
+		goto out;
+	}
+
+	code = samba_kdc_get_claims_data(mem_ctx,
+					 context,
+					 kdc_db_ctx->samdb,
+					 client_pac_entry,
+					 &auth_claims.user_claims);
+	if (code) {
+		goto out;
+	}
+
+	if (device != NULL) {
+		struct samba_kdc_entry *device_skdc_entry = NULL;
+		const struct samba_kdc_entry *device_krbtgt_skdc_entry = NULL;
+		struct samba_kdc_entry_pac device_pac_entry = {};
+
+		device_skdc_entry = talloc_get_type_abort(device->context,
+							  struct samba_kdc_entry);
+
+		if (device_krbtgt != NULL) {
+			device_krbtgt_skdc_entry = talloc_get_type_abort(device_krbtgt->context,
+									 struct samba_kdc_entry);
+		}
+
+		device_pac_entry = samba_kdc_entry_pac(device_pac,
+						       device_skdc_entry,
+						       samba_kdc_entry_is_trust(device_krbtgt_skdc_entry));
+
+		code = samba_kdc_get_user_info_dc(mem_ctx,
+						  context,
+						  kdc_db_ctx->samdb,
+						  device_pac_entry,
+						  &device_info,
+						  NULL /* resource_groups_out */);
+		if (code) {
+			goto out;
+		}
+
+		code = samba_kdc_get_claims_data(mem_ctx,
+						 context,
+						 kdc_db_ctx->samdb,
+						 device_pac_entry,
+						 &auth_claims.device_claims);
+		if (code) {
+			goto out;
+		}
+	}
+
+	code = samba_kdc_check_s4u2proxy_rbcd(context,
+					      kdc_db_ctx,
+					      client->principal,
+					      server_principal,
+					      client_info,
+					      device_info,
+					      auth_claims,
+					      proxy_skdc_entry);
+out:
+	talloc_free(mem_ctx);
+	return code;
+}
+
+static krb5_error_code
+hdb_samba4_check_pkinit_ms_upn_match(krb5_context context, HDB *db,
+				     hdb_entry *entry,
+				     krb5_const_principal certificate_principal)
+{
+	struct samba_kdc_db_context *kdc_db_ctx;
+	struct samba_kdc_entry *skdc_entry;
+	krb5_error_code ret;
+
+	kdc_db_ctx = talloc_get_type_abort(db->hdb_db,
+					   struct samba_kdc_db_context);
+	skdc_entry = talloc_get_type_abort(entry->context,
+					   struct samba_kdc_entry);
+
+	ret = samba_kdc_check_pkinit_ms_upn_match(context, kdc_db_ctx,
+						  skdc_entry,
+						  certificate_principal);
+	switch (ret) {
+	case 0:
+		break;
+	case SDB_ERR_WRONG_REALM:
+		ret = HDB_ERR_WRONG_REALM;
+		break;
+	case SDB_ERR_NOENTRY:
+		ret = HDB_ERR_NOENTRY;
+		break;
+	case SDB_ERR_NOT_FOUND_HERE:
+		ret = HDB_ERR_NOT_FOUND_HERE;
+		break;
+	default:
+		break;
+	}
+
+	return ret;
+}
+
+static krb5_error_code
+hdb_samba4_check_client_matches_target_service(krb5_context context, HDB *db,
+			  hdb_entry *client_entry,
+			  hdb_entry *server_target_entry)
+{
+	struct samba_kdc_entry *skdc_client_entry
+		= talloc_get_type_abort(client_entry->context,
+					struct samba_kdc_entry);
+	struct samba_kdc_entry *skdc_server_target_entry
+		= talloc_get_type_abort(server_target_entry->context,
+					struct samba_kdc_entry);
+
+	return samba_kdc_check_client_matches_target_service(context,
+							     skdc_client_entry,
+							     skdc_server_target_entry);
+}
+
+static void reset_bad_password_netlogon(TALLOC_CTX *mem_ctx,
+					struct samba_kdc_db_context *kdc_db_ctx,
+					struct netr_SendToSamBase *send_to_sam)
+{
+	struct dcerpc_binding_handle *irpc_handle;
+	struct winbind_SendToSam req;
+	struct tevent_req *subreq = NULL;
+
+	irpc_handle = irpc_binding_handle_by_name(mem_ctx, kdc_db_ctx->msg_ctx,
+						  "winbind_server",
+						  &ndr_table_winbind);
+
+	if (irpc_handle == NULL) {
+		DBG_ERR("No winbind_server running!\n");
+		return;
+	}
+
+	req.in.message = *send_to_sam;
+
+	/*
+	 * This seem to rely on the current IRPC implementation,
+	 * which delivers the message in the _send function.
+	 *
+	 * TODO: we need a ONE_WAY IRPC handle and register
+	 * a callback and wait for it to be triggered!
+	 */
+	subreq = dcerpc_winbind_SendToSam_r_send(mem_ctx, kdc_db_ctx->ev_ctx,
+						 irpc_handle, &req);
+
+	/* we aren't interested in a reply */
+	TALLOC_FREE(subreq);
+}
+
+#define SAMBA_HDB_AUTHN_AUDIT_INFO_OBJ "samba:authn_audit_info_obj"
+#define SAMBA_HDB_CLIENT_AUDIT_INFO "samba:client_audit_info"
+#define SAMBA_HDB_SERVER_AUDIT_INFO "samba:server_audit_info"
+
+#define SAMBA_HDB_NT_STATUS_OBJ "samba:nt_status_obj"
+#define SAMBA_HDB_NT_STATUS "samba:nt_status"
+
+struct hdb_audit_info_obj {
+	struct authn_audit_info *audit_info;
+};
+
+static void hdb_audit_info_obj_dealloc(void *ptr)
+{
+	struct hdb_audit_info_obj *audit_info_obj = ptr;
+
+	if (audit_info_obj == NULL) {
+		return;
+	}
+
+	TALLOC_FREE(audit_info_obj->audit_info);
+}
+
+/*
+ * Set talloc-allocated auditing information of the KDC request. On success,
+ * ‘audit_info’ is invalidated and may no longer be used by the caller.
+ */
+static krb5_error_code hdb_samba4_set_steal_audit_info(astgs_request_t r,
+						       const char *key,
+						       struct authn_audit_info *audit_info)
+{
+	struct hdb_audit_info_obj *audit_info_obj = NULL;
+
+	audit_info_obj = kdc_object_alloc(sizeof (*audit_info_obj),
+					  SAMBA_HDB_AUTHN_AUDIT_INFO_OBJ,
+					  hdb_audit_info_obj_dealloc);
+	if (audit_info_obj == NULL) {
+		return ENOMEM;
+	}
+
+	/*
+	 * Steal a handle to the audit information onto the NULL context —
+	 * Heimdal will be responsible for the deallocation of the object.
+	 */
+	audit_info_obj->audit_info = talloc_steal(NULL, audit_info);
+
+	heim_audit_setkv_object((heim_svc_req_desc)r, key, audit_info_obj);
+	heim_release(audit_info_obj);
+
+	return 0;
+}
+
+/*
+ * Set talloc-allocated client auditing information of the KDC request. On
+ * success, ‘client_audit_info’ is invalidated and may no longer be used by the
+ * caller.
+ */
+krb5_error_code hdb_samba4_set_steal_client_audit_info(astgs_request_t r,
+						       struct authn_audit_info *client_audit_info)
+{
+	return hdb_samba4_set_steal_audit_info(r,
+					       SAMBA_HDB_CLIENT_AUDIT_INFO,
+					       client_audit_info);
+}
+
+static const struct authn_audit_info *hdb_samba4_get_client_audit_info(hdb_request_t r)
+{
+	const struct hdb_audit_info_obj *audit_info_obj = NULL;
+
+	audit_info_obj = heim_audit_getkv((heim_svc_req_desc)r, SAMBA_HDB_CLIENT_AUDIT_INFO);
+	if (audit_info_obj == NULL) {
+		return NULL;
+	}
+
+	return audit_info_obj->audit_info;
+}
+
+/*
+ * Set talloc-allocated server auditing information of the KDC request. On
+ * success, ‘server_audit_info’ is invalidated and may no longer be used by the
+ * caller.
+ */
+krb5_error_code hdb_samba4_set_steal_server_audit_info(astgs_request_t r,
+						       struct authn_audit_info *server_audit_info)
+{
+	return hdb_samba4_set_steal_audit_info(r,
+					       SAMBA_HDB_SERVER_AUDIT_INFO,
+					       server_audit_info);
+}
+
+static const struct authn_audit_info *hdb_samba4_get_server_audit_info(hdb_request_t r)
+{
+	const struct hdb_audit_info_obj *audit_info_obj = NULL;
+
+	audit_info_obj = heim_audit_getkv((heim_svc_req_desc)r, SAMBA_HDB_SERVER_AUDIT_INFO);
+	if (audit_info_obj == NULL) {
+		return NULL;
+	}
+
+	return audit_info_obj->audit_info;
+}
+
+struct hdb_ntstatus_obj {
+	NTSTATUS status;
+	krb5_error_code current_error;
+};
+
+/*
+ * Add an NTSTATUS code to a Kerberos request. ‘error’ is the error value we
+ * want to return to the client. When it comes time to generating the error
+ * request, we shall compare this error value to whatever error we are about to
+ * return; if the two match, we shall replace the ‘e-data’ field in the reply
+ * with the NTSTATUS code.
+ */
+krb5_error_code hdb_samba4_set_ntstatus(astgs_request_t r,
+					const NTSTATUS status,
+					const krb5_error_code error)
+{
+	struct hdb_ntstatus_obj *status_obj = NULL;
+
+	status_obj = kdc_object_alloc(sizeof (*status_obj),
+				      SAMBA_HDB_NT_STATUS_OBJ,
+				      NULL);
+	if (status_obj == NULL) {
+		return ENOMEM;
+	}
+
+	*status_obj = (struct hdb_ntstatus_obj) {
+		.status = status,
+		.current_error = error,
+	};
+
+	heim_audit_setkv_object((heim_svc_req_desc)r, SAMBA_HDB_NT_STATUS, status_obj);
+	heim_release(status_obj);
+
+	return 0;
+}
+
+static krb5_error_code hdb_samba4_make_nt_status_edata(const NTSTATUS status,
+						       const uint32_t flags,
+						       krb5_data *edata_out)
+{
+    const uint32_t status_code = NT_STATUS_V(status);
+    const uint32_t zero = 0;
+    KERB_ERROR_DATA error_data;
+    krb5_data e_data;
+
+    krb5_error_code ret;
+    size_t size;
+
+    /* The raw KERB-ERR-TYPE-EXTENDED structure. */
+    uint8_t data[12];
+
+    PUSH_LE_U32(data, 0, status_code);
+    PUSH_LE_U32(data, 4, zero);
+    PUSH_LE_U32(data, 8, flags);
+
+    e_data = (krb5_data) {
+	    .data = &data,
+	    .length = sizeof(data),
+    };
+
+    error_data = (KERB_ERROR_DATA) {
+	    .data_type = kERB_ERR_TYPE_EXTENDED,
+	    .data_value = &e_data,
+    };
+
+    ASN1_MALLOC_ENCODE(KERB_ERROR_DATA,
+		       edata_out->data, edata_out->length,
+		       &error_data,
+		       &size, ret);
+    if (ret) {
+	    return ret;
+    }
+    if (size != edata_out->length) {
+	    /* Internal ASN.1 encoder error */
+	    krb5_data_free(edata_out);
+	    return KRB5KRB_ERR_GENERIC;
+    }
+
+    return 0;
+}
+
+static krb5_error_code hdb_samba4_set_edata_from_ntstatus(hdb_request_t r, const NTSTATUS status)
+{
+	const KDC_REQ *req = kdc_request_get_req((astgs_request_t)r);
+	krb5_error_code ret = 0;
+	krb5_data e_data;
+	uint32_t flags = 1;
+
+	if (req->msg_type == krb_tgs_req) {
+		/* This flag is used to indicate a TGS-REQ. */
+		flags |= 2;
+	}
+
+	ret = hdb_samba4_make_nt_status_edata(status, flags, &e_data);
+	if (ret) {
+		return ret;
+	}
+
+	ret = kdc_request_set_e_data((astgs_request_t)r, e_data);
+	if (ret) {
+		krb5_data_free(&e_data);
+	}
+
+	return ret;
+}
+
+static NTSTATUS hdb_samba4_get_ntstatus(hdb_request_t r)
+{
+	struct hdb_ntstatus_obj *status_obj = NULL;
+
+	status_obj = heim_audit_getkv((heim_svc_req_desc)r, SAMBA_HDB_NT_STATUS);
+	if (status_obj == NULL) {
+		return NT_STATUS_OK;
+	}
+
+	if (r->error_code != status_obj->current_error) {
+		/*
+		 * The error code has changed from what we expect. Consider the
+		 * NTSTATUS to be invalidated.
+		 */
+		return NT_STATUS_OK;
+	}
+
+	return status_obj->status;
+}
+
+static krb5_error_code hdb_samba4_tgs_audit(const struct samba_kdc_db_context *kdc_db_ctx,
+					    const hdb_entry *entry,
+					    hdb_request_t r)
+{
+	TALLOC_CTX *frame = talloc_stackframe();
+	const struct authn_audit_info *server_audit_info = NULL;
+	struct tsocket_address *remote_host = NULL;
+	struct samba_kdc_entry *client_entry = NULL;
+	struct dom_sid sid_buf = {};
+	const char *account_name = NULL;
+	const char *domain_name = NULL;
+	const struct dom_sid *sid = NULL;
+	size_t sa_socklen = 0;
+	NTSTATUS auth_status = NT_STATUS_OK;
+	krb5_error_code ret = 0;
+	krb5_error_code final_ret = 0;
+
+	/* Have we got a status code indicating an error? */
+	auth_status = hdb_samba4_get_ntstatus(r);
+	if (!NT_STATUS_IS_OK(auth_status)) {
+		/*
+		 * Include this status code in the ‘e-data’ field of the reply.
+		 */
+		ret = hdb_samba4_set_edata_from_ntstatus(r, auth_status);
+		if (ret) {
+			final_ret = ret;
+		}
+	} else if (entry == NULL) {
+		auth_status = NT_STATUS_NO_SUCH_USER;
+	} else if (r->error_code) {
+		/*
+		 * Don’t include a status code in the reply. Just log the
+		 * request as being unsuccessful.
+		 */
+		auth_status = NT_STATUS_UNSUCCESSFUL;
+	}
+
+	switch (r->addr->sa_family) {
+	case AF_INET:
+		sa_socklen = sizeof(struct sockaddr_in);
+		break;
+#ifdef HAVE_IPV6
+	case AF_INET6:
+		sa_socklen = sizeof(struct sockaddr_in6);
+		break;
+#endif
+	}
+
+	ret = tsocket_address_bsd_from_sockaddr(frame, r->addr,
+						sa_socklen,
+						&remote_host);
+	if (ret != 0) {
+		remote_host = NULL;
+		/* Ignore the error. */
+	}
+
+	server_audit_info = hdb_samba4_get_server_audit_info(r);
+
+	if (entry != NULL) {
+		client_entry = talloc_get_type_abort(entry->context,
+						     struct samba_kdc_entry);
+
+		ret = samdb_result_dom_sid_buf(client_entry->msg, "objectSid", &sid_buf);
+		if (ret) {
+			/* Ignore the error. */
+		} else {
+			sid = &sid_buf;
+		}
+
+		account_name = ldb_msg_find_attr_as_string(client_entry->msg, "sAMAccountName", NULL);
+		domain_name = lpcfg_sam_name(kdc_db_ctx->lp_ctx);
+	}
+
+	log_authz_event(kdc_db_ctx->msg_ctx,
+			kdc_db_ctx->lp_ctx,
+			remote_host,
+			NULL /* local */,
+			server_audit_info,
+			r->sname,
+			"TGS-REQ with Ticket-Granting Ticket",
+			domain_name,
+			account_name,
+			sid,
+			lpcfg_netbios_name(kdc_db_ctx->lp_ctx),
+			krb5_kdc_get_time(),
+			auth_status);
+
+	talloc_free(frame);
+	if (final_ret) {
+		r->error_code = final_ret;
+	}
+	return final_ret;
+}
+
+static krb5_error_code hdb_samba4_audit(krb5_context context,
+					HDB *db,
+					hdb_entry *entry,
+					hdb_request_t r)
+{
+	struct samba_kdc_db_context *kdc_db_ctx = talloc_get_type_abort(db->hdb_db,
+									struct samba_kdc_db_context);
+	struct ldb_dn *domain_dn = ldb_get_default_basedn(kdc_db_ctx->samdb);
+	heim_object_t auth_details_obj = NULL;
+	const char *auth_details = NULL;
+	char *etype_str = NULL;
+	heim_object_t hdb_auth_status_obj = NULL;
+	int hdb_auth_status;
+	heim_object_t pa_type_obj = NULL;
+	const char *pa_type = NULL;
+	struct auth_usersupplied_info ui;
+	size_t sa_socklen = 0;
+	const KDC_REQ *req = kdc_request_get_req((astgs_request_t)r);
+	krb5_error_code final_ret = 0;
+	NTSTATUS edata_status;
+
+	if (req->msg_type == krb_tgs_req) {
+		return hdb_samba4_tgs_audit(kdc_db_ctx, entry, r);
+	}
+
+	if (r->error_code == KRB5KDC_ERR_PREAUTH_REQUIRED) {
+		/* Let’s not log PREAUTH_REQUIRED errors. */
+		return 0;
+	}
+
+	edata_status = hdb_samba4_get_ntstatus(r);
+
+	hdb_auth_status_obj = heim_audit_getkv((heim_svc_req_desc)r, KDC_REQUEST_KV_AUTH_EVENT);
+	if (hdb_auth_status_obj == NULL) {
+		/* No status code found, so just return. */
+		return 0;
+	}
+
+	hdb_auth_status = heim_number_get_int(hdb_auth_status_obj);
+
+	pa_type_obj = heim_audit_getkv((heim_svc_req_desc)r, KDC_REQUEST_KV_PA_NAME);
+	if (pa_type_obj != NULL) {
+		pa_type = heim_string_get_utf8(pa_type_obj);
+	}
+
+	auth_details_obj = heim_audit_getkv((heim_svc_req_desc)r, KDC_REQUEST_KV_PKINIT_CLIENT_CERT);
+	if (auth_details_obj != NULL) {
+		auth_details = heim_string_get_utf8(auth_details_obj);
+	} else {
+		auth_details_obj = heim_audit_getkv((heim_svc_req_desc)r, KDC_REQUEST_KV_GSS_INITIATOR);
+		if (auth_details_obj != NULL) {
+			auth_details = heim_string_get_utf8(auth_details_obj);
+		} else {
+			heim_object_t etype_obj = heim_audit_getkv((heim_svc_req_desc)r, KDC_REQUEST_KV_PA_ETYPE);
+			if (etype_obj != NULL) {
+				int etype = heim_number_get_int(etype_obj);
+
+				krb5_error_code ret = krb5_enctype_to_string(r->context, etype, &etype_str);
+				if (ret == 0) {
+					auth_details = etype_str;
+				} else {
+					auth_details = "unknown enctype";
+				}
+			}
+		}
+	}
+
+	/*
+	 * Forcing this via the NTLM auth structure is not ideal, but
+	 * it is the most practical option right now, and ensures the
+	 * logs are consistent, even if some elements are always NULL.
+	 */
+	ui = (struct auth_usersupplied_info) {
+		.was_mapped = true,
+		.client = {
+			.account_name = r->cname,
+			.domain_name = NULL,
+		},
+		.service_description = "Kerberos KDC",
+		.auth_description = "Unknown Auth Description",
+		.password_type = auth_details,
+		.logon_id = generate_random_u64(),
+	};
+
+	switch (r->addr->sa_family) {
+	case AF_INET:
+		sa_socklen = sizeof(struct sockaddr_in);
+		break;
+#ifdef HAVE_IPV6
+	case AF_INET6:
+		sa_socklen = sizeof(struct sockaddr_in6);
+		break;
+#endif
+	}
+
+	switch (hdb_auth_status) {
+	default:
+	{
+		TALLOC_CTX *frame = talloc_stackframe();
+		struct samba_kdc_entry *p = talloc_get_type_abort(entry->context,
+								  struct samba_kdc_entry);
+		struct dom_sid *sid
+			= samdb_result_dom_sid(frame, p->msg, "objectSid");
+		const char *account_name
+			= ldb_msg_find_attr_as_string(p->msg, "sAMAccountName", NULL);
+		const char *domain_name = lpcfg_sam_name(p->kdc_db_ctx->lp_ctx);
+		struct tsocket_address *remote_host;
+		const char *auth_description = NULL;
+		const struct authn_audit_info *client_audit_info = NULL;
+		const struct authn_audit_info *server_audit_info = NULL;
+		NTSTATUS status;
+		int ret;
+		bool rwdc_fallback = false;
+
+		ret = tsocket_address_bsd_from_sockaddr(frame, r->addr,
+							sa_socklen,
+							&remote_host);
+		if (ret != 0) {
+			ui.remote_host = NULL;
+		} else {
+			ui.remote_host = remote_host;
+		}
+
+		ui.mapped.account_name = account_name;
+		ui.mapped.domain_name = domain_name;
+
+		if (pa_type != NULL) {
+			auth_description = talloc_asprintf(frame,
+							   "%s Pre-authentication",
+							   pa_type);
+			if (auth_description == NULL) {
+				auth_description = pa_type;
+			}
+		} else {
+			auth_description = "Unknown Pre-authentication";
+		}
+		ui.auth_description = auth_description;
+
+		if (hdb_auth_status == KDC_AUTH_EVENT_CLIENT_AUTHORIZED) {
+			struct netr_SendToSamBase *send_to_sam = NULL;
+
+			/*
+			 * TODO: We could log the AS-REQ authorization success here as
+			 * well.  However before we do that, we need to pass
+			 * in the PAC here or re-calculate it.
+			 */
+			status = authsam_logon_success_accounting(kdc_db_ctx->samdb, p->msg,
+								  domain_dn, true, frame, &send_to_sam);
+			if (NT_STATUS_EQUAL(status, NT_STATUS_ACCOUNT_LOCKED_OUT)) {
+				edata_status = status;
+
+				r->error_code = final_ret = KRB5KDC_ERR_CLIENT_REVOKED;
+				rwdc_fallback = kdc_db_ctx->rodc;
+			} else if (!NT_STATUS_IS_OK(status)) {
+				r->error_code = final_ret = KRB5KDC_ERR_CLIENT_REVOKED;
+				rwdc_fallback = kdc_db_ctx->rodc;
+			} else {
+				if (r->error_code == KRB5KDC_ERR_NEVER_VALID) {
+					edata_status = status = NT_STATUS_TIME_DIFFERENCE_AT_DC;
+				} else {
+					status = krb5_to_nt_status(r->error_code);
+				}
+
+				if (kdc_db_ctx->rodc && send_to_sam != NULL) {
+					reset_bad_password_netlogon(frame, kdc_db_ctx, send_to_sam);
+				}
+			}
+
+			/* This is the final success */
+		} else if (hdb_auth_status == KDC_AUTH_EVENT_VALIDATED_LONG_TERM_KEY) {
+			/*
+			 * This was only a pre-authentication success,
+			 * but we didn't reach the final
+			 * KDC_AUTH_EVENT_CLIENT_AUTHORIZED,
+			 * so consult the error code.
+			 */
+			if (r->error_code == 0) {
+				DBG_ERR("ERROR: VALIDATED_LONG_TERM_KEY "
+					"with error=0 => INTERNAL_ERROR\n");
+				status = NT_STATUS_INTERNAL_ERROR;
+				r->error_code = final_ret = KRB5KRB_ERR_GENERIC;
+			} else if (!NT_STATUS_IS_OK(p->reject_status)) {
+				status = p->reject_status;
+			} else {
+				status = krb5_to_nt_status(r->error_code);
+			}
+		} else if (hdb_auth_status == KDC_AUTH_EVENT_PREAUTH_SUCCEEDED) {
+			/*
+			 * This was only a pre-authentication success,
+			 * but we didn't reach the final
+			 * KDC_AUTH_EVENT_CLIENT_AUTHORIZED,
+			 * so consult the error code.
+			 */
+			if (r->error_code == 0) {
+				DBG_ERR("ERROR: PREAUTH_SUCCEEDED "
+					"with error=0 => INTERNAL_ERROR\n");
+				status = NT_STATUS_INTERNAL_ERROR;
+				r->error_code = final_ret = KRB5KRB_ERR_GENERIC;
+			} else if (!NT_STATUS_IS_OK(p->reject_status)) {
+				status = p->reject_status;
+			} else {
+				status = krb5_to_nt_status(r->error_code);
+			}
+		} else if (hdb_auth_status == KDC_AUTH_EVENT_CLIENT_FOUND) {
+			/*
+			 * We found the client principal,
+			 * but we didn’t reach the final
+			 * KDC_AUTH_EVENT_CLIENT_AUTHORIZED,
+			 * so consult the error code.
+			 */
+			if (r->error_code == 0) {
+				DBG_ERR("ERROR: CLIENT_FOUND "
+					"with error=0 => INTERNAL_ERROR\n");
+				status = NT_STATUS_INTERNAL_ERROR;
+				r->error_code = final_ret = KRB5KRB_ERR_GENERIC;
+			} else if (!NT_STATUS_IS_OK(p->reject_status)) {
+				status = p->reject_status;
+			} else {
+				status = krb5_to_nt_status(r->error_code);
+			}
+		} else if (hdb_auth_status == KDC_AUTH_EVENT_CLIENT_TIME_SKEW) {
+			status = NT_STATUS_TIME_DIFFERENCE_AT_DC;
+		} else if (hdb_auth_status == KDC_AUTH_EVENT_WRONG_LONG_TERM_KEY) {
+			status = authsam_update_bad_pwd_count(kdc_db_ctx->samdb, p->msg, domain_dn);
+			if (NT_STATUS_EQUAL(status, NT_STATUS_ACCOUNT_LOCKED_OUT)) {
+				edata_status = status;
+
+				r->error_code = final_ret = KRB5KDC_ERR_CLIENT_REVOKED;
+			} else {
+				status = NT_STATUS_WRONG_PASSWORD;
+			}
+			rwdc_fallback = kdc_db_ctx->rodc;
+		} else if (hdb_auth_status == KDC_AUTH_EVENT_HISTORIC_LONG_TERM_KEY) {
+			/*
+			 * The pre-authentication succeeds with a password
+			 * from the password history, so we don't
+			 * update the badPwdCount, but still return
+			 * PREAUTH_FAILED and need to forward to
+			 * a RWDC in order to produce an authoritative
+			 * response for the client.
+			 */
+			status = NT_STATUS_WRONG_PASSWORD;
+			rwdc_fallback = kdc_db_ctx->rodc;
+		} else if (hdb_auth_status == KDC_AUTH_EVENT_CLIENT_LOCKED_OUT) {
+			edata_status = status = NT_STATUS_ACCOUNT_LOCKED_OUT;
+			rwdc_fallback = kdc_db_ctx->rodc;
+		} else if (hdb_auth_status == KDC_AUTH_EVENT_CLIENT_NAME_UNAUTHORIZED) {
+			if (pa_type != NULL && strncmp(pa_type, "PK-INIT", strlen("PK-INIT")) == 0) {
+				status = NT_STATUS_PKINIT_NAME_MISMATCH;
+			} else {
+				status = NT_STATUS_ACCOUNT_RESTRICTION;
+			}
+			rwdc_fallback = kdc_db_ctx->rodc;
+		} else if (hdb_auth_status == KDC_AUTH_EVENT_PREAUTH_FAILED) {
+			if (pa_type != NULL && strncmp(pa_type, "PK-INIT", strlen("PK-INIT")) == 0) {
+				status = NT_STATUS_PKINIT_FAILURE;
+			} else {
+				status = NT_STATUS_GENERIC_COMMAND_FAILED;
+			}
+			rwdc_fallback = kdc_db_ctx->rodc;
+		} else {
+			DBG_ERR("Unhandled hdb_auth_status=%d => INTERNAL_ERROR\n",
+				hdb_auth_status);
+			status = NT_STATUS_INTERNAL_ERROR;
+			r->error_code = final_ret = KRB5KRB_ERR_GENERIC;
+		}
+
+		if (!NT_STATUS_IS_OK(edata_status)) {
+			krb5_error_code code;
+
+			code = hdb_samba4_set_edata_from_ntstatus(r, edata_status);
+			if (code) {
+				r->error_code = final_ret = code;
+			}
+		}
+
+		if (rwdc_fallback) {
+			/*
+			 * Forward the request to an RWDC in order
+			 * to give an authoritative answer to the client.
+			 */
+			auth_description = talloc_asprintf(frame,
+							   "%s,Forward-To-RWDC",
+							   ui.auth_description);
+			if (auth_description != NULL) {
+				ui.auth_description = auth_description;
+			}
+			final_ret = HDB_ERR_NOT_FOUND_HERE;
+		}
+
+		client_audit_info = hdb_samba4_get_client_audit_info(r);
+		server_audit_info = hdb_samba4_get_server_audit_info(r);
+
+		log_authentication_event(kdc_db_ctx->msg_ctx,
+					 kdc_db_ctx->lp_ctx,
+					 &r->tv_start,
+					 &ui,
+					 status,
+					 domain_name,
+					 account_name,
+					 sid,
+					 client_audit_info,
+					 server_audit_info);
+		if (final_ret == KRB5KRB_ERR_GENERIC && socket_wrapper_enabled()) {
+			/*
+			 * If we're running under make test
+			 * just panic
+			 */
+			DBG_ERR("Unexpected situation => PANIC\n");
+			smb_panic("hdb_samba4_audit: Unexpected situation");
+		}
+		TALLOC_FREE(frame);
+		break;
+	}
+	case KDC_AUTH_EVENT_CLIENT_UNKNOWN:
+	{
+		struct tsocket_address *remote_host;
+		int ret;
+		TALLOC_CTX *frame = talloc_stackframe();
+		ret = tsocket_address_bsd_from_sockaddr(frame, r->addr,
+							sa_socklen,
+							&remote_host);
+		if (ret != 0) {
+			ui.remote_host = NULL;
+		} else {
+			ui.remote_host = remote_host;
+		}
+
+		if (pa_type == NULL) {
+			pa_type = "AS-REQ";
+		}
+
+		ui.auth_description = pa_type;
+
+		/* Note this is not forwarded to an RWDC */
+
+		log_authentication_event(kdc_db_ctx->msg_ctx,
+					 kdc_db_ctx->lp_ctx,
+					 &r->tv_start,
+					 &ui,
+					 NT_STATUS_NO_SUCH_USER,
+					 NULL, NULL,
+					 NULL,
+					 NULL /* client_audit_info */,
+					 NULL /* server_audit_info */);
+		TALLOC_FREE(frame);
+		break;
+	}
+	}
+
+	free(etype_str);
+
+	return final_ret;
+}
+
+/* This interface is to be called by the KDC and libnet_keytab_dump,
+ * which is expecting Samba calling conventions.
+ * It is also called by a wrapper (hdb_samba4_create) from the
+ * kpasswdd -> krb5 -> keytab_hdb -> hdb code */
+
+NTSTATUS hdb_samba4_create_kdc(struct samba_kdc_base_context *base_ctx,
+			       krb5_context context, struct HDB **db)
+{
+	struct samba_kdc_db_context *kdc_db_ctx = NULL;
+	NTSTATUS nt_status;
+
+	if (hdb_interface_version != HDB_INTERFACE_VERSION) {
+		krb5_set_error_message(context, EINVAL, "Heimdal HDB interface version mismatch between build-time and run-time libraries!");
+		return NT_STATUS_ERROR_DS_INCOMPATIBLE_VERSION;
+	}
+
+	*db = talloc_zero(base_ctx, HDB);
+	if (!*db) {
+		krb5_set_error_message(context, ENOMEM, "talloc_zero: out of memory");
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	(*db)->hdb_master_key_set = 0;
+	(*db)->hdb_db = NULL;
+	(*db)->hdb_capability_flags = HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL;
+
+	nt_status = samba_kdc_setup_db_ctx(*db, base_ctx, &kdc_db_ctx);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(*db);
+		return nt_status;
+	}
+	(*db)->hdb_db = kdc_db_ctx;
+
+	(*db)->hdb_dbc = NULL;
+	(*db)->hdb_open = hdb_samba4_open;
+	(*db)->hdb_close = hdb_samba4_close;
+	(*db)->hdb_free_entry_context = hdb_samba4_free_entry_context;
+	(*db)->hdb_fetch_kvno = hdb_samba4_fetch_kvno;
+	(*db)->hdb_store = hdb_samba4_store;
+	(*db)->hdb_firstkey = hdb_samba4_firstkey;
+	(*db)->hdb_nextkey = hdb_samba4_nextkey;
+	(*db)->hdb_lock = hdb_samba4_lock;
+	(*db)->hdb_unlock = hdb_samba4_unlock;
+	(*db)->hdb_set_sync = hdb_samba4_set_sync;
+	(*db)->hdb_rename = hdb_samba4_rename;
+	/* we don't implement these, as we are not a lockable database */
+	(*db)->hdb__get = NULL;
+	(*db)->hdb__put = NULL;
+	/* kadmin should not be used for deletes - use other tools instead */
+	(*db)->hdb__del = NULL;
+	(*db)->hdb_destroy = hdb_samba4_destroy;
+
+	(*db)->hdb_audit = hdb_samba4_audit;
+	(*db)->hdb_check_constrained_delegation = hdb_samba4_check_constrained_delegation;
+	(*db)->hdb_check_rbcd = hdb_samba4_check_rbcd;
+	(*db)->hdb_check_pkinit_ms_upn_match = hdb_samba4_check_pkinit_ms_upn_match;
+	(*db)->hdb_check_client_matches_target_service = hdb_samba4_check_client_matches_target_service;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS hdb_samba4_kpasswd_create_kdc(struct samba_kdc_base_context *base_ctx,
+				       krb5_context context, struct HDB **db)
+{
+	NTSTATUS nt_status;
+
+	nt_status = hdb_samba4_create_kdc(base_ctx, context, db);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		return nt_status;
+	}
+
+	(*db)->hdb_fetch_kvno = hdb_samba4_kpasswd_fetch_kvno;
+	(*db)->hdb_firstkey = hdb_samba4_nextkey_panic;
+	(*db)->hdb_nextkey = hdb_samba4_nextkey_panic;
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/kdc/kdc-glue.c b/source4/kdc/kdc-glue.c
new file mode 100644
index 0000000..8b98d0f
--- /dev/null
+++ b/source4/kdc/kdc-glue.c
@@ -0,0 +1,92 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   PAC Glue between Samba and the KDC
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2009
+   Copyright (C) Simo Sorce <idra@samba.org> 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/kerberos.h"
+#include "auth/kerberos/kerberos.h"
+#include <hdb.h>
+#include "kdc/samba_kdc.h"
+#include "kdc/pac-glue.h"
+#include "librpc/gen_ndr/ndr_krb5pac.h"
+#include "auth/kerberos/pac_utils.h"
+#include "kdc/kdc-glue.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_KERBEROS
+
+int kdc_check_pac(krb5_context context,
+		  DATA_BLOB srv_sig,
+		  struct PAC_SIGNATURE_DATA *kdc_sig,
+		  hdb_entry *ent)
+{
+	krb5_enctype etype;
+	int ret;
+	krb5_keyblock keyblock;
+	Key *key;
+
+	if (kdc_sig->type == CKSUMTYPE_HMAC_MD5) {
+		etype = ENCTYPE_ARCFOUR_HMAC;
+	} else {
+		ret = krb5_cksumtype_to_enctype(context,
+						kdc_sig->type,
+						&etype);
+		if (ret != 0) {
+			return ret;
+		}
+	}
+
+	ret = hdb_enctype2key(context, ent, NULL, etype, &key);
+
+	if (ret != 0) {
+		return ret;
+	}
+
+	keyblock = key->key;
+
+	return check_pac_checksum(srv_sig, kdc_sig,
+				 context, &keyblock);
+}
+
+struct samba_kdc_entry_pac samba_kdc_get_device_pac(const astgs_request_t r)
+{
+	const hdb_entry *device = kdc_request_get_armor_client(r);
+	struct samba_kdc_entry *device_skdc_entry = NULL;
+	const hdb_entry *device_krbtgt = NULL;
+	const struct samba_kdc_entry *device_krbtgt_skdc_entry = NULL;
+	const krb5_const_pac device_pac = kdc_request_get_armor_pac(r);
+
+	if (device != NULL) {
+		device_skdc_entry = talloc_get_type_abort(device->context,
+							  struct samba_kdc_entry);
+
+		device_krbtgt = kdc_request_get_armor_server(r);
+		if (device_krbtgt != NULL) {
+			device_krbtgt_skdc_entry = talloc_get_type_abort(device_krbtgt->context,
+									 struct samba_kdc_entry);
+		}
+	}
+
+	return samba_kdc_entry_pac(device_pac,
+				   device_skdc_entry,
+				   samba_kdc_entry_is_trust(device_krbtgt_skdc_entry));
+}
diff --git a/source4/kdc/kdc-glue.h b/source4/kdc/kdc-glue.h
new file mode 100644
index 0000000..9497d06
--- /dev/null
+++ b/source4/kdc/kdc-glue.h
@@ -0,0 +1,62 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   KDC structures
+
+   Copyright (C) Andrew Tridgell	2005
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _KDC_KDC_H
+#define _KDC_KDC_H
+
+#include "system/kerberos.h"
+#include "auth/kerberos/kerberos.h"
+#include <hdb.h>
+#include <heimbase.h>
+#include <kdc.h>
+#include <krb5/kdc-plugin.h>
+#include "kdc/samba_kdc.h"
+#include "kdc/kdc-server.h"
+
+/* from hdb-samba4.c */
+NTSTATUS hdb_samba4_create_kdc(struct samba_kdc_base_context *base_ctx,
+			       krb5_context context, struct HDB **db);
+
+NTSTATUS hdb_samba4_kpasswd_create_kdc(struct samba_kdc_base_context *base_ctx,
+				       krb5_context context, struct HDB **db);
+
+krb5_error_code hdb_samba4_set_ntstatus(astgs_request_t r,
+					NTSTATUS status,
+					krb5_error_code error);
+
+struct authn_audit_info;
+
+krb5_error_code hdb_samba4_set_steal_client_audit_info(astgs_request_t r,
+						       struct authn_audit_info *client_audit_info);
+
+krb5_error_code hdb_samba4_set_steal_server_audit_info(astgs_request_t r,
+						       struct authn_audit_info *server_audit_info);
+
+/* from kdc-glue.c */
+int kdc_check_pac(krb5_context krb5_context,
+		  DATA_BLOB server_sig,
+		  struct PAC_SIGNATURE_DATA *kdc_sig,
+		  hdb_entry *ent);
+
+struct samba_kdc_entry_pac samba_kdc_get_device_pac(const astgs_request_t r);
+
+#endif
diff --git a/source4/kdc/kdc-heimdal.c b/source4/kdc/kdc-heimdal.c
new file mode 100644
index 0000000..4f7b80d
--- /dev/null
+++ b/source4/kdc/kdc-heimdal.c
@@ -0,0 +1,550 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   KDC Server startup
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2008
+   Copyright (C) Andrew Tridgell	2005
+   Copyright (C) Stefan Metzmacher	2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "samba/process_model.h"
+#include "lib/tsocket/tsocket.h"
+#include "lib/messaging/irpc.h"
+#include "librpc/gen_ndr/ndr_irpc.h"
+#include "librpc/gen_ndr/ndr_krb5pac.h"
+#include "lib/socket/netif.h"
+#include "param/param.h"
+#include "kdc/kdc-server.h"
+#include "kdc/kdc-proxy.h"
+#include "kdc/kdc-glue.h"
+#include "kdc/pac-glue.h"
+#include "kdc/kpasswd-service.h"
+#include "dsdb/samdb/samdb.h"
+#include "auth/session.h"
+#include "libds/common/roles.h"
+#include <kdc.h>
+#include <hdb.h>
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_KERBEROS
+
+NTSTATUS server_service_kdc_init(TALLOC_CTX *);
+
+extern struct krb5plugin_kdc_ftable kdc_plugin_table;
+
+/**
+   Wrapper for krb5_kdc_process_krb5_request, converting to/from Samba
+   calling conventions
+*/
+
+static kdc_code kdc_process(struct kdc_server *kdc,
+			    TALLOC_CTX *mem_ctx,
+			    DATA_BLOB *input,
+			    DATA_BLOB *reply,
+			    struct tsocket_address *peer_addr,
+			    struct tsocket_address *my_addr,
+			    int datagram_reply)
+{
+	int ret;
+	char *pa;
+	struct sockaddr_storage ss;
+	krb5_data k5_reply;
+	krb5_kdc_configuration *kdc_config =
+		(krb5_kdc_configuration *)kdc->private_data;
+
+	krb5_data_zero(&k5_reply);
+
+	krb5_kdc_update_time(NULL);
+
+	ret = tsocket_address_bsd_sockaddr(peer_addr, (struct sockaddr *) &ss,
+				sizeof(struct sockaddr_storage));
+	if (ret < 0) {
+		return KDC_ERROR;
+	}
+	pa = tsocket_address_string(peer_addr, mem_ctx);
+	if (pa == NULL) {
+		return KDC_ERROR;
+	}
+
+	DBG_DEBUG("Received KDC packet of length %zu from %s\n",
+		  input->length, pa);
+
+	ret = krb5_kdc_process_krb5_request(kdc->smb_krb5_context->krb5_context,
+					    kdc_config,
+					    input->data, input->length,
+					    &k5_reply,
+					    pa,
+					    (struct sockaddr *) &ss,
+					    datagram_reply);
+	if (ret == -1) {
+		*reply = data_blob(NULL, 0);
+		return KDC_ERROR;
+	}
+
+	if (ret == HDB_ERR_NOT_FOUND_HERE) {
+		*reply = data_blob(NULL, 0);
+		return KDC_PROXY_REQUEST;
+	}
+
+	if (k5_reply.length) {
+		*reply = data_blob_talloc(mem_ctx, k5_reply.data, k5_reply.length);
+		krb5_data_free(&k5_reply);
+	} else {
+		*reply = data_blob(NULL, 0);
+	}
+	return KDC_OK;
+}
+
+/*
+  setup our listening sockets on the configured network interfaces
+*/
+static NTSTATUS kdc_startup_interfaces(struct kdc_server *kdc,
+				       struct loadparm_context *lp_ctx,
+				       struct interface *ifaces,
+				       const struct model_ops *model_ops)
+{
+	int num_interfaces;
+	TALLOC_CTX *tmp_ctx = talloc_new(kdc);
+	NTSTATUS status;
+	int i;
+	uint16_t kdc_port = lpcfg_krb5_port(lp_ctx);
+	uint16_t kpasswd_port = lpcfg_kpasswd_port(lp_ctx);
+	bool done_wildcard = false;
+
+	num_interfaces = iface_list_count(ifaces);
+
+	/* if we are allowing incoming packets from any address, then
+	   we need to bind to the wildcard address */
+	if (!lpcfg_bind_interfaces_only(lp_ctx)) {
+		size_t num_binds = 0;
+		char **wcard = iface_list_wildcard(kdc);
+		NT_STATUS_HAVE_NO_MEMORY(wcard);
+		for (i=0; wcard[i]; i++) {
+			if (kdc_port) {
+				status = kdc_add_socket(kdc, model_ops,
+							"kdc", wcard[i], kdc_port,
+							kdc_process, false);
+				if (NT_STATUS_IS_OK(status)) {
+					num_binds++;
+				}
+			}
+
+			if (kpasswd_port) {
+				status = kdc_add_socket(kdc, model_ops,
+							"kpasswd", wcard[i], kpasswd_port,
+							kpasswd_process, false);
+				if (NT_STATUS_IS_OK(status)) {
+					num_binds++;
+				}
+			}
+		}
+		talloc_free(wcard);
+		if (num_binds == 0) {
+			return NT_STATUS_INVALID_PARAMETER_MIX;
+		}
+		done_wildcard = true;
+	}
+
+	for (i=0; i<num_interfaces; i++) {
+		const char *address = talloc_strdup(tmp_ctx, iface_list_n_ip(ifaces, i));
+
+		if (kdc_port) {
+			status = kdc_add_socket(kdc, model_ops,
+						"kdc", address, kdc_port,
+						kdc_process, done_wildcard);
+			NT_STATUS_NOT_OK_RETURN(status);
+		}
+
+		if (kpasswd_port) {
+			status = kdc_add_socket(kdc, model_ops,
+						"kpasswd", address, kpasswd_port,
+						kpasswd_process, done_wildcard);
+			NT_STATUS_NOT_OK_RETURN(status);
+		}
+	}
+
+	talloc_free(tmp_ctx);
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS kdc_check_generic_kerberos(struct irpc_message *msg,
+				 struct kdc_check_generic_kerberos *r)
+{
+	struct PAC_Validate pac_validate;
+	DATA_BLOB srv_sig;
+	struct PAC_SIGNATURE_DATA kdc_sig;
+	struct kdc_server *kdc = talloc_get_type(msg->private_data, struct kdc_server);
+	krb5_kdc_configuration *kdc_config =
+		(krb5_kdc_configuration *)kdc->private_data;
+	enum ndr_err_code ndr_err;
+	int ret;
+	hdb_entry ent;
+	krb5_principal principal;
+
+
+	/* There is no reply to this request */
+	r->out.generic_reply = data_blob(NULL, 0);
+
+	ndr_err = ndr_pull_struct_blob(&r->in.generic_request, msg, &pac_validate,
+				       (ndr_pull_flags_fn_t)ndr_pull_PAC_Validate);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (pac_validate.MessageType != NETLOGON_GENERIC_KRB5_PAC_VALIDATE) {
+		/* We don't implement any other message types - such as certificate validation - yet */
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (pac_validate.ChecksumAndSignature.length != (pac_validate.ChecksumLength + pac_validate.SignatureLength)
+	    || pac_validate.ChecksumAndSignature.length < pac_validate.ChecksumLength
+	    || pac_validate.ChecksumAndSignature.length < pac_validate.SignatureLength ) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	srv_sig = data_blob_const(pac_validate.ChecksumAndSignature.data,
+				  pac_validate.ChecksumLength);
+
+	ret = krb5_make_principal(kdc->smb_krb5_context->krb5_context, &principal,
+				  lpcfg_realm(kdc->task->lp_ctx),
+				  "krbtgt", lpcfg_realm(kdc->task->lp_ctx),
+				  NULL);
+
+	if (ret != 0) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ret = kdc_config->db[0]->hdb_fetch_kvno(kdc->smb_krb5_context->krb5_context,
+						 kdc_config->db[0],
+						 principal,
+						 HDB_F_GET_KRBTGT | HDB_F_DECRYPT,
+						 0,
+						 &ent);
+
+	if (ret != 0) {
+		hdb_free_entry(kdc->smb_krb5_context->krb5_context, kdc_config->db[0], &ent);
+		krb5_free_principal(kdc->smb_krb5_context->krb5_context, principal);
+
+		return NT_STATUS_LOGON_FAILURE;
+	}
+
+	kdc_sig.type = pac_validate.SignatureType;
+	kdc_sig.signature = data_blob_const(&pac_validate.ChecksumAndSignature.data[pac_validate.ChecksumLength],
+					    pac_validate.SignatureLength);
+
+	ret = kdc_check_pac(kdc->smb_krb5_context->krb5_context, srv_sig, &kdc_sig, &ent);
+
+	hdb_free_entry(kdc->smb_krb5_context->krb5_context, kdc_config->db[0], &ent);
+	krb5_free_principal(kdc->smb_krb5_context->krb5_context, principal);
+
+	if (ret != 0) {
+		return NT_STATUS_LOGON_FAILURE;
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  startup the kdc task
+*/
+static NTSTATUS kdc_task_init(struct task_server *task)
+{
+	struct kdc_server *kdc;
+	NTSTATUS status;
+	struct interface *ifaces;
+
+	switch (lpcfg_server_role(task->lp_ctx)) {
+	case ROLE_STANDALONE:
+		task_server_terminate(task, "kdc: no KDC required in standalone configuration", false);
+		return NT_STATUS_INVALID_DOMAIN_ROLE;
+	case ROLE_DOMAIN_MEMBER:
+		task_server_terminate(task, "kdc: no KDC required in member server configuration", false);
+		return NT_STATUS_INVALID_DOMAIN_ROLE;
+	case ROLE_DOMAIN_PDC:
+	case ROLE_DOMAIN_BDC:
+	case ROLE_IPA_DC:
+		task_server_terminate(
+		    task, "Cannot start KDC as a 'classic Samba' DC", false);
+		return NT_STATUS_INVALID_DOMAIN_ROLE;
+	case ROLE_ACTIVE_DIRECTORY_DC:
+		/* Yes, we want a KDC */
+		break;
+	}
+
+	load_interface_list(task, task->lp_ctx, &ifaces);
+
+	if (iface_list_count(ifaces) == 0) {
+		task_server_terminate(task, "kdc: no network interfaces configured", false);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	task_server_set_title(task, "task[kdc]");
+
+	kdc = talloc_zero(task, struct kdc_server);
+	if (kdc == NULL) {
+		task_server_terminate(task, "kdc: out of memory", true);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	kdc->task = task;
+	task->private_data = kdc;
+
+	/* start listening on the configured network interfaces */
+	status = kdc_startup_interfaces(kdc, task->lp_ctx, ifaces,
+					task->model_ops);
+	if (!NT_STATUS_IS_OK(status)) {
+		task_server_terminate(task, "kdc failed to setup interfaces", true);
+		return status;
+	}
+
+
+	return NT_STATUS_OK;
+}
+
+/*
+  initialise the kdc task after a fork
+*/
+static void kdc_post_fork(struct task_server *task, struct process_details *pd)
+{
+	struct kdc_server *kdc;
+	krb5_kdc_configuration *kdc_config = NULL;
+	NTSTATUS status;
+	krb5_error_code ret;
+	int ldb_ret;
+
+	if (task == NULL) {
+		task_server_terminate(task, "kdc: Null task", true);
+		return;
+	}
+	if (task->private_data == NULL) {
+		task_server_terminate(task, "kdc: No kdc_server info", true);
+		return;
+	}
+	kdc = talloc_get_type_abort(task->private_data, struct kdc_server);
+
+	/* get a samdb connection */
+	kdc->samdb = samdb_connect(kdc,
+				   kdc->task->event_ctx,
+				   kdc->task->lp_ctx,
+				   system_session(kdc->task->lp_ctx),
+				   NULL,
+				   0);
+	if (!kdc->samdb) {
+		DBG_WARNING("kdc_task_init: unable to connect to samdb\n");
+		task_server_terminate(task, "kdc: krb5_init_context samdb connect failed", true);
+		return;
+	}
+
+	ldb_ret = samdb_rodc(kdc->samdb, &kdc->am_rodc);
+	if (ldb_ret != LDB_SUCCESS) {
+		DBG_WARNING("kdc_task_init: "
+			    "Cannot determine if we are an RODC: %s\n",
+			    ldb_errstring(kdc->samdb));
+		task_server_terminate(task, "kdc: krb5_init_context samdb RODC connect failed", true);
+		return;
+	}
+
+	kdc->proxy_timeout = lpcfg_parm_int(kdc->task->lp_ctx, NULL, "kdc", "proxy timeout", 5);
+
+	initialize_krb5_error_table();
+
+	ret = smb_krb5_init_context(kdc, task->lp_ctx, &kdc->smb_krb5_context);
+	if (ret) {
+		DBG_WARNING("kdc_task_init: krb5_init_context failed (%s)\n",
+			    error_message(ret));
+		task_server_terminate(task, "kdc: krb5_init_context failed", true);
+		return;
+	}
+
+	krb5_add_et_list(kdc->smb_krb5_context->krb5_context, initialize_hdb_error_table_r);
+
+	ret = krb5_kdc_get_config(kdc->smb_krb5_context->krb5_context,
+				  &kdc_config);
+	if(ret) {
+		task_server_terminate(task, "kdc: failed to get KDC configuration", true);
+		return;
+	}
+
+	kdc_config->logf = (krb5_log_facility *)kdc->smb_krb5_context->pvt_log_data;
+	kdc_config->db = talloc(kdc, struct HDB *);
+	if (!kdc_config->db) {
+		task_server_terminate(task, "kdc: out of memory", true);
+		return;
+	}
+	kdc_config->num_db = 1;
+
+	/*
+	 * Note with the CVE-2022-37966 patches,
+	 * see https://bugzilla.samba.org/show_bug.cgi?id=15219
+	 * and https://bugzilla.samba.org/show_bug.cgi?id=15237
+	 * we want to use the strongest keys for everything.
+	 *
+	 * Some of these don't have any real effect anymore,
+	 * but it is better to have them as true...
+	 */
+	kdc_config->tgt_use_strongest_session_key = true;
+	kdc_config->preauth_use_strongest_session_key = true;
+	kdc_config->svc_use_strongest_session_key = true;
+	kdc_config->use_strongest_server_key = true;
+
+	kdc_config->force_include_pa_etype_salt = true;
+
+	/*
+	 * For Samba CVE-2020-25719 Require PAC to be present
+	 * This instructs Heimdal to match AD behaviour,
+	 * as seen after Microsoft's CVE-2021-42287 when
+	 * PacRequestorEnforcement is set to 2.
+	 *
+	 * Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=14686
+	 * REF: https://support.microsoft.com/en-au/topic/kb5008380-authentication-updates-cve-2021-42287-9dafac11-e0d0-4cb8-959a-143bd0201041
+	 */
+
+	kdc_config->require_pac = true;
+
+	/*
+	 * By default we enable RFC6113/FAST support,
+	 * but we have an option to disable in order to
+	 * test against a KDC with FAST support.
+	 */
+	kdc_config->enable_fast = lpcfg_kdc_enable_fast(task->lp_ctx);
+
+	{
+		static const char *dummy_string = "Microsoft";
+
+		/*
+		 * The FAST cookie is not cryptographically required,
+		 * provided that the non-AD gss-preauth authentication
+		 * method is removed (as this is the only multi-step
+		 * authentication method).
+		 *
+		 * gss-preauth has been disabled both by not being
+		 * configured and by being made dependent
+		 * configuration for a "real" fast cookie.
+		 *
+		 * The hide_client_names feature in Heimdal is the
+		 * only other state that is persisted in the cookie,
+		 * and this does not need to be in the cookie for
+		 * single-shot authentication protocols such as ENC-TS
+		 * and ENC-CHAL, the standard password protocols in
+		 * AD.
+		 *
+		 * Furthermore, the Heimdal KDC does not fail if the
+		 * client does not supply a FAST cookie, showing that
+		 * the presence of the cookie is not required.
+		 */
+		kdc_config->enable_fast_cookie = false;
+		kdc_config->dummy_fast_cookie = smb_krb5_make_data(discard_const_p(char, dummy_string),
+								   strlen(dummy_string));
+	}
+
+	/*
+	 * Match Windows and RFC6113 and Windows but break older
+	 * Heimdal clients.
+	 */
+	kdc_config->enable_armored_pa_enc_timestamp = false;
+
+	/* Register hdb-samba4 hooks for use as a keytab */
+
+	kdc->base_ctx = talloc_zero(kdc, struct samba_kdc_base_context);
+	if (!kdc->base_ctx) {
+		task_server_terminate(task, "kdc: out of memory", true);
+		return;
+	}
+
+	kdc->base_ctx->ev_ctx = task->event_ctx;
+	kdc->base_ctx->lp_ctx = task->lp_ctx;
+	kdc->base_ctx->msg_ctx = task->msg_ctx;
+
+	status = hdb_samba4_create_kdc(kdc->base_ctx,
+				       kdc->smb_krb5_context->krb5_context,
+				       &kdc_config->db[0]);
+	if (!NT_STATUS_IS_OK(status)) {
+		task_server_terminate(task, "kdc: hdb_samba4_create_kdc (setup KDC database) failed", true);
+		return;
+	}
+
+	ret = krb5_plugin_register(kdc->smb_krb5_context->krb5_context,
+				   PLUGIN_TYPE_DATA, "hdb_samba4_interface",
+				   &hdb_samba4_interface);
+	if(ret) {
+		task_server_terminate(task, "kdc: failed to register hdb plugin", true);
+		return;
+	}
+
+	kdc->kpasswd_keytab_name = talloc_asprintf(kdc, "HDBGET:samba4:&%p", kdc->base_ctx);
+	if (kdc->kpasswd_keytab_name == NULL) {
+		task_server_terminate(task,
+				      "kdc: Failed to set keytab name",
+				      true);
+		return;
+	}
+
+	ret = krb5_kt_register(kdc->smb_krb5_context->krb5_context, &hdb_get_kt_ops);
+	if(ret) {
+		task_server_terminate(task, "kdc: failed to register keytab plugin", true);
+		return;
+	}
+
+	/* Register KDC hooks */
+	ret = krb5_plugin_register(kdc->smb_krb5_context->krb5_context,
+				   PLUGIN_TYPE_DATA, "kdc",
+				   &kdc_plugin_table);
+	if(ret) {
+		task_server_terminate(task, "kdc: failed to register kdc plugin", true);
+		return;
+	}
+
+	ret = krb5_kdc_plugin_init(kdc->smb_krb5_context->krb5_context);
+
+	if(ret) {
+		task_server_terminate(task, "kdc: failed to init kdc plugin", true);
+		return;
+	}
+
+	ret = krb5_kdc_pkinit_config(kdc->smb_krb5_context->krb5_context, kdc_config);
+
+	if(ret) {
+		task_server_terminate(task, "kdc: failed to init kdc pkinit subsystem", true);
+		return;
+	}
+	kdc->private_data = kdc_config;
+
+	status = IRPC_REGISTER(task->msg_ctx, irpc, KDC_CHECK_GENERIC_KERBEROS,
+			       kdc_check_generic_kerberos, kdc);
+	if (!NT_STATUS_IS_OK(status)) {
+		task_server_terminate(task, "kdc failed to setup monitoring", true);
+		return;
+	}
+
+	irpc_add_name(task->msg_ctx, "kdc_server");
+}
+
+
+/* called at smbd startup - register ourselves as a server service */
+NTSTATUS server_service_kdc_init(TALLOC_CTX *ctx)
+{
+	static const struct service_details details = {
+		.inhibit_fork_on_accept = true,
+		.inhibit_pre_fork = false,
+		.task_init = kdc_task_init,
+		.post_fork = kdc_post_fork
+	};
+	return register_server_service(ctx, "kdc", &details);
+}
diff --git a/source4/kdc/kdc-proxy.c b/source4/kdc/kdc-proxy.c
new file mode 100644
index 0000000..83d552a
--- /dev/null
+++ b/source4/kdc/kdc-proxy.c
@@ -0,0 +1,596 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   KDC Server request proxying
+
+   Copyright (C) Andrew Tridgell	2010
+   Copyright (C) Andrew Bartlett        2010
+   Copyright (C) Stefan Metzmacher      2011
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "samba/process_model.h"
+#include "lib/tsocket/tsocket.h"
+#include "libcli/util/tstream.h"
+#include "lib/util/tevent_ntstatus.h"
+#include "lib/stream/packet.h"
+#include "kdc/kdc-server.h"
+#include "kdc/kdc-proxy.h"
+#include "dsdb/samdb/samdb.h"
+#include "libcli/composite/composite.h"
+#include "libcli/resolve/resolve.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_KERBEROS
+
+/*
+  get a list of our replication partners from repsFrom, returning it in *proxy_list
+ */
+static WERROR kdc_proxy_get_writeable_dcs(struct kdc_server *kdc, TALLOC_CTX *mem_ctx, char ***proxy_list)
+{
+	WERROR werr;
+	uint32_t count, i;
+	struct repsFromToBlob *reps;
+
+	werr = dsdb_loadreps(kdc->samdb, mem_ctx, ldb_get_default_basedn(kdc->samdb), "repsFrom", &reps, &count);
+	W_ERROR_NOT_OK_RETURN(werr);
+
+	if (count == 0) {
+		/* we don't have any DCs to replicate with. Very
+		   strange for a RODC */
+		DBG_WARNING("No replication sources for RODC in KDC proxy\n");
+		talloc_free(reps);
+		return WERR_DS_DRA_NO_REPLICA;
+	}
+
+	(*proxy_list) = talloc_array(mem_ctx, char *, count+1);
+	W_ERROR_HAVE_NO_MEMORY_AND_FREE(*proxy_list, reps);
+
+	talloc_steal(*proxy_list, reps);
+
+	for (i=0; i<count; i++) {
+		const char *dns_name = NULL;
+		if (reps->version == 1) {
+			dns_name = reps->ctr.ctr1.other_info->dns_name;
+		} else if (reps->version == 2) {
+			dns_name = reps->ctr.ctr2.other_info->dns_name1;
+		}
+		(*proxy_list)[i] = talloc_strdup(*proxy_list, dns_name);
+		W_ERROR_HAVE_NO_MEMORY_AND_FREE((*proxy_list)[i], *proxy_list);
+	}
+	(*proxy_list)[i] = NULL;
+
+	talloc_free(reps);
+
+	return WERR_OK;
+}
+
+
+struct kdc_udp_proxy_state {
+	struct tevent_context *ev;
+	struct kdc_server *kdc;
+	uint16_t port;
+	DATA_BLOB in;
+	DATA_BLOB out;
+	char **proxy_list;
+	uint32_t next_proxy;
+	struct {
+		struct nbt_name name;
+		const char *ip;
+		struct tdgram_context *dgram;
+	} proxy;
+};
+
+
+static void kdc_udp_next_proxy(struct tevent_req *req);
+
+struct tevent_req *kdc_udp_proxy_send(TALLOC_CTX *mem_ctx,
+				      struct tevent_context *ev,
+				      struct kdc_server *kdc,
+				      uint16_t port,
+				      DATA_BLOB in)
+{
+	struct tevent_req *req;
+	struct kdc_udp_proxy_state *state;
+	WERROR werr;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct kdc_udp_proxy_state);
+	if (req == NULL) {
+		return NULL;
+	}
+	state->ev = ev;
+	state->kdc  = kdc;
+	state->port = port;
+	state->in = in;
+
+	werr = kdc_proxy_get_writeable_dcs(kdc, state, &state->proxy_list);
+	if (!W_ERROR_IS_OK(werr)) {
+		NTSTATUS status = werror_to_ntstatus(werr);
+		tevent_req_nterror(req, status);
+		return tevent_req_post(req, ev);
+	}
+
+	kdc_udp_next_proxy(req);
+	if (!tevent_req_is_in_progress(req)) {
+		return tevent_req_post(req, ev);
+	}
+
+	return req;
+}
+
+static void kdc_udp_proxy_resolve_done(struct composite_context *csubreq);
+
+/*
+  try the next proxy in the list
+ */
+static void kdc_udp_next_proxy(struct tevent_req *req)
+{
+	struct kdc_udp_proxy_state *state =
+		tevent_req_data(req,
+		struct kdc_udp_proxy_state);
+	const char *proxy_dnsname = state->proxy_list[state->next_proxy];
+	struct composite_context *csubreq;
+
+	if (proxy_dnsname == NULL) {
+		tevent_req_nterror(req, NT_STATUS_NO_LOGON_SERVERS);
+		return;
+	}
+
+	state->next_proxy++;
+
+	/* make sure we close the socket of the last try */
+	TALLOC_FREE(state->proxy.dgram);
+	ZERO_STRUCT(state->proxy);
+
+	make_nbt_name(&state->proxy.name, proxy_dnsname, 0);
+
+	csubreq = resolve_name_ex_send(lpcfg_resolve_context(state->kdc->task->lp_ctx),
+				       state,
+				       RESOLVE_NAME_FLAG_FORCE_DNS,
+				       0,
+				       &state->proxy.name,
+				       state->ev);
+	if (tevent_req_nomem(csubreq, req)) {
+		return;
+	}
+	csubreq->async.fn = kdc_udp_proxy_resolve_done;
+	csubreq->async.private_data = req;
+}
+
+static void kdc_udp_proxy_sendto_done(struct tevent_req *subreq);
+static void kdc_udp_proxy_recvfrom_done(struct tevent_req *subreq);
+
+static void kdc_udp_proxy_resolve_done(struct composite_context *csubreq)
+{
+	struct tevent_req *req =
+		talloc_get_type_abort(csubreq->async.private_data,
+		struct tevent_req);
+	struct kdc_udp_proxy_state *state =
+		tevent_req_data(req,
+		struct kdc_udp_proxy_state);
+	NTSTATUS status;
+	struct tevent_req *subreq;
+	struct tsocket_address *local_addr, *proxy_addr;
+	int ret;
+	bool ok;
+
+	status = resolve_name_recv(csubreq, state, &state->proxy.ip);
+	if (!NT_STATUS_IS_OK(status)) {
+		DBG_ERR("Unable to resolve proxy[%s] - %s\n",
+			state->proxy.name.name, nt_errstr(status));
+		kdc_udp_next_proxy(req);
+		return;
+	}
+
+	/* get an address for us to use locally */
+	ret = tsocket_address_inet_from_strings(state, "ip", NULL, 0, &local_addr);
+	if (ret != 0) {
+		kdc_udp_next_proxy(req);
+		return;
+	}
+
+	ret = tsocket_address_inet_from_strings(state, "ip",
+						state->proxy.ip,
+						state->port,
+						&proxy_addr);
+	if (ret != 0) {
+		kdc_udp_next_proxy(req);
+		return;
+	}
+
+	/* create a socket for us to work on */
+	ret = tdgram_inet_udp_socket(local_addr, proxy_addr,
+				     state, &state->proxy.dgram);
+	if (ret != 0) {
+		kdc_udp_next_proxy(req);
+		return;
+	}
+
+	subreq = tdgram_sendto_send(state,
+				    state->ev,
+				    state->proxy.dgram,
+				    state->in.data,
+				    state->in.length,
+				    NULL);
+	if (tevent_req_nomem(subreq, req)) {
+		return;
+	}
+	tevent_req_set_callback(subreq, kdc_udp_proxy_sendto_done, req);
+
+	/* setup to receive the reply from the proxy */
+	subreq = tdgram_recvfrom_send(state, state->ev, state->proxy.dgram);
+	if (tevent_req_nomem(subreq, req)) {
+		return;
+	}
+	tevent_req_set_callback(subreq, kdc_udp_proxy_recvfrom_done, req);
+
+	ok = tevent_req_set_endtime(
+		subreq,
+		state->ev,
+		timeval_current_ofs(state->kdc->proxy_timeout, 0));
+	if (!ok) {
+		DBG_DEBUG("tevent_req_set_endtime failed\n");
+		return;
+	}
+
+	DEBUG(4,("kdc_udp_proxy: proxying request to %s[%s]\n",
+		 state->proxy.name.name, state->proxy.ip));
+}
+
+/*
+  called when the send of the call to the proxy is complete
+  this is used to get an errors from the sendto()
+ */
+static void kdc_udp_proxy_sendto_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req =
+		tevent_req_callback_data(subreq,
+		struct tevent_req);
+	struct kdc_udp_proxy_state *state =
+		tevent_req_data(req,
+		struct kdc_udp_proxy_state);
+	ssize_t ret;
+	int sys_errno;
+
+	ret = tdgram_sendto_recv(subreq, &sys_errno);
+	TALLOC_FREE(subreq);
+	if (ret == -1) {
+		DEBUG(4,("kdc_udp_proxy: sendto for %s[%s] gave %d : %s\n",
+			 state->proxy.name.name, state->proxy.ip,
+			 sys_errno, strerror(sys_errno)));
+		kdc_udp_next_proxy(req);
+	}
+}
+
+/*
+  called when the proxy replies
+ */
+static void kdc_udp_proxy_recvfrom_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req =
+		tevent_req_callback_data(subreq,
+		struct tevent_req);
+	struct kdc_udp_proxy_state *state =
+		tevent_req_data(req,
+		struct kdc_udp_proxy_state);
+	int sys_errno;
+	uint8_t *buf;
+	ssize_t len;
+
+	len = tdgram_recvfrom_recv(subreq, &sys_errno,
+				   state, &buf, NULL);
+	TALLOC_FREE(subreq);
+	if (len == -1) {
+		DEBUG(4,("kdc_udp_proxy: reply from %s[%s] gave %d : %s\n",
+			 state->proxy.name.name, state->proxy.ip,
+			 sys_errno, strerror(sys_errno)));
+		kdc_udp_next_proxy(req);
+		return;
+	}
+
+	/*
+	 * Check the reply came from the right IP?
+	 * As we use connected udp sockets, that should not be needed...
+	 */
+
+	state->out.length = len;
+	state->out.data = buf;
+
+	tevent_req_done(req);
+}
+
+NTSTATUS kdc_udp_proxy_recv(struct tevent_req *req,
+			    TALLOC_CTX *mem_ctx,
+			    DATA_BLOB *out)
+{
+	struct kdc_udp_proxy_state *state =
+		tevent_req_data(req,
+		struct kdc_udp_proxy_state);
+	NTSTATUS status;
+
+	if (tevent_req_is_nterror(req, &status)) {
+		tevent_req_received(req);
+		return status;
+	}
+
+	out->data = talloc_move(mem_ctx, &state->out.data);
+	out->length = state->out.length;
+
+	tevent_req_received(req);
+	return NT_STATUS_OK;
+}
+
+struct kdc_tcp_proxy_state {
+	struct tevent_context *ev;
+	struct kdc_server *kdc;
+	uint16_t port;
+	DATA_BLOB in;
+	uint8_t in_hdr[4];
+	struct iovec in_iov[2];
+	DATA_BLOB out;
+	char **proxy_list;
+	uint32_t next_proxy;
+	struct {
+		struct nbt_name name;
+		const char *ip;
+		struct tstream_context *stream;
+	} proxy;
+};
+
+static void kdc_tcp_next_proxy(struct tevent_req *req);
+
+struct tevent_req *kdc_tcp_proxy_send(TALLOC_CTX *mem_ctx,
+				      struct tevent_context *ev,
+				      struct kdc_server *kdc,
+				      uint16_t port,
+				      DATA_BLOB in)
+{
+	struct tevent_req *req;
+	struct kdc_tcp_proxy_state *state;
+	WERROR werr;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct kdc_tcp_proxy_state);
+	if (req == NULL) {
+		return NULL;
+	}
+	state->ev = ev;
+	state->kdc  = kdc;
+	state->port = port;
+	state->in = in;
+
+	werr = kdc_proxy_get_writeable_dcs(kdc, state, &state->proxy_list);
+	if (!W_ERROR_IS_OK(werr)) {
+		NTSTATUS status = werror_to_ntstatus(werr);
+		tevent_req_nterror(req, status);
+		return tevent_req_post(req, ev);
+	}
+
+	RSIVAL(state->in_hdr, 0, state->in.length);
+	state->in_iov[0].iov_base = (char *)state->in_hdr;
+	state->in_iov[0].iov_len = 4;
+	state->in_iov[1].iov_base = (char *)state->in.data;
+	state->in_iov[1].iov_len = state->in.length;
+
+	kdc_tcp_next_proxy(req);
+	if (!tevent_req_is_in_progress(req)) {
+		return tevent_req_post(req, ev);
+	}
+
+	return req;
+}
+
+static void kdc_tcp_proxy_resolve_done(struct composite_context *csubreq);
+
+/*
+  try the next proxy in the list
+ */
+static void kdc_tcp_next_proxy(struct tevent_req *req)
+{
+	struct kdc_tcp_proxy_state *state =
+		tevent_req_data(req,
+		struct kdc_tcp_proxy_state);
+	const char *proxy_dnsname = state->proxy_list[state->next_proxy];
+	struct composite_context *csubreq;
+
+	if (proxy_dnsname == NULL) {
+		tevent_req_nterror(req, NT_STATUS_NO_LOGON_SERVERS);
+		return;
+	}
+
+	state->next_proxy++;
+
+	/* make sure we close the socket of the last try */
+	TALLOC_FREE(state->proxy.stream);
+	ZERO_STRUCT(state->proxy);
+
+	make_nbt_name(&state->proxy.name, proxy_dnsname, 0);
+
+	csubreq = resolve_name_ex_send(lpcfg_resolve_context(state->kdc->task->lp_ctx),
+				       state,
+				       RESOLVE_NAME_FLAG_FORCE_DNS,
+				       0,
+				       &state->proxy.name,
+				       state->ev);
+	if (tevent_req_nomem(csubreq, req)) {
+		return;
+	}
+	csubreq->async.fn = kdc_tcp_proxy_resolve_done;
+	csubreq->async.private_data = req;
+}
+
+static void kdc_tcp_proxy_connect_done(struct tevent_req *subreq);
+
+static void kdc_tcp_proxy_resolve_done(struct composite_context *csubreq)
+{
+	struct tevent_req *req =
+		talloc_get_type_abort(csubreq->async.private_data,
+		struct tevent_req);
+	struct kdc_tcp_proxy_state *state =
+		tevent_req_data(req,
+		struct kdc_tcp_proxy_state);
+	NTSTATUS status;
+	struct tevent_req *subreq;
+	struct tsocket_address *local_addr, *proxy_addr;
+	int ret;
+
+	status = resolve_name_recv(csubreq, state, &state->proxy.ip);
+	if (!NT_STATUS_IS_OK(status)) {
+		DBG_ERR("Unable to resolve proxy[%s] - %s\n",
+			state->proxy.name.name, nt_errstr(status));
+		kdc_tcp_next_proxy(req);
+		return;
+	}
+
+	/* get an address for us to use locally */
+	ret = tsocket_address_inet_from_strings(state, "ip", NULL, 0, &local_addr);
+	if (ret != 0) {
+		kdc_tcp_next_proxy(req);
+		return;
+	}
+
+	ret = tsocket_address_inet_from_strings(state, "ip",
+						state->proxy.ip,
+						state->port,
+						&proxy_addr);
+	if (ret != 0) {
+		kdc_tcp_next_proxy(req);
+		return;
+	}
+
+	subreq = tstream_inet_tcp_connect_send(state, state->ev,
+					       local_addr, proxy_addr);
+	if (tevent_req_nomem(subreq, req)) {
+		return;
+	}
+	tevent_req_set_callback(subreq, kdc_tcp_proxy_connect_done, req);
+	tevent_req_set_endtime(subreq, state->ev,
+			       timeval_current_ofs(state->kdc->proxy_timeout, 0));
+}
+
+static void kdc_tcp_proxy_writev_done(struct tevent_req *subreq);
+static void kdc_tcp_proxy_read_pdu_done(struct tevent_req *subreq);
+
+static void kdc_tcp_proxy_connect_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req =
+		tevent_req_callback_data(subreq,
+		struct tevent_req);
+	struct kdc_tcp_proxy_state *state =
+		tevent_req_data(req,
+		struct kdc_tcp_proxy_state);
+	int ret, sys_errno;
+
+	ret = tstream_inet_tcp_connect_recv(subreq, &sys_errno,
+					    state, &state->proxy.stream, NULL);
+	TALLOC_FREE(subreq);
+	if (ret != 0) {
+		kdc_tcp_next_proxy(req);
+		return;
+	}
+
+	subreq = tstream_writev_send(state,
+				     state->ev,
+				     state->proxy.stream,
+				     state->in_iov, 2);
+	if (tevent_req_nomem(subreq, req)) {
+		return;
+	}
+	tevent_req_set_callback(subreq, kdc_tcp_proxy_writev_done, req);
+
+	subreq = tstream_read_pdu_blob_send(state,
+					    state->ev,
+					    state->proxy.stream,
+					    4, /* initial_read_size */
+					    tstream_full_request_u32,
+					    req);
+	if (tevent_req_nomem(subreq, req)) {
+		return;
+	}
+	tevent_req_set_callback(subreq, kdc_tcp_proxy_read_pdu_done, req);
+	tevent_req_set_endtime(subreq, state->kdc->task->event_ctx,
+			       timeval_current_ofs(state->kdc->proxy_timeout, 0));
+
+	DEBUG(4,("kdc_tcp_proxy: proxying request to %s[%s]\n",
+		 state->proxy.name.name, state->proxy.ip));
+}
+
+static void kdc_tcp_proxy_writev_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req =
+		tevent_req_callback_data(subreq,
+		struct tevent_req);
+	int ret, sys_errno;
+
+	ret = tstream_writev_recv(subreq, &sys_errno);
+	TALLOC_FREE(subreq);
+	if (ret == -1) {
+		kdc_tcp_next_proxy(req);
+	}
+}
+
+static void kdc_tcp_proxy_read_pdu_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req =
+		tevent_req_callback_data(subreq,
+		struct tevent_req);
+	struct kdc_tcp_proxy_state *state =
+		tevent_req_data(req,
+		struct kdc_tcp_proxy_state);
+	NTSTATUS status;
+	DATA_BLOB raw;
+
+	status = tstream_read_pdu_blob_recv(subreq, state, &raw);
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(status)) {
+		kdc_tcp_next_proxy(req);
+		return;
+	}
+
+	/*
+	 * raw blob has the length in the first 4 bytes,
+	 * which we do not need here.
+	 */
+	state->out = data_blob_talloc(state, raw.data + 4, raw.length - 4);
+	if (state->out.length != raw.length - 4) {
+		tevent_req_oom(req);
+		return;
+	}
+
+	tevent_req_done(req);
+}
+
+NTSTATUS kdc_tcp_proxy_recv(struct tevent_req *req,
+			    TALLOC_CTX *mem_ctx,
+			    DATA_BLOB *out)
+{
+	struct kdc_tcp_proxy_state *state =
+		tevent_req_data(req,
+		struct kdc_tcp_proxy_state);
+	NTSTATUS status;
+
+	if (tevent_req_is_nterror(req, &status)) {
+		tevent_req_received(req);
+		return status;
+	}
+
+	out->data = talloc_move(mem_ctx, &state->out.data);
+	out->length = state->out.length;
+
+	tevent_req_received(req);
+	return NT_STATUS_OK;
+}
diff --git a/source4/kdc/kdc-proxy.h b/source4/kdc/kdc-proxy.h
new file mode 100644
index 0000000..1ebe8da
--- /dev/null
+++ b/source4/kdc/kdc-proxy.h
@@ -0,0 +1,45 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   KDC related functions
+
+   Copyright (c) 2005-2008 Andrew Bartlett <abartlet@samba.org>
+   Copyright (c) 2005             Andrew Tridgell <tridge@samba.org>
+   Copyright (c) 2005             Stefan Metzmacher <metze@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _KDC_PROXY_H
+#define _KDC_PROXY_H
+
+struct tevent_req *kdc_udp_proxy_send(TALLOC_CTX *mem_ctx,
+				      struct tevent_context *ev,
+				      struct kdc_server *kdc,
+				      uint16_t port,
+				      DATA_BLOB in);
+NTSTATUS kdc_udp_proxy_recv(struct tevent_req *req,
+			    TALLOC_CTX *mem_ctx,
+			    DATA_BLOB *out);
+
+struct tevent_req *kdc_tcp_proxy_send(TALLOC_CTX *mem_ctx,
+				      struct tevent_context *ev,
+				      struct kdc_server *kdc,
+				      uint16_t port,
+				      DATA_BLOB in);
+NTSTATUS kdc_tcp_proxy_recv(struct tevent_req *req,
+			    TALLOC_CTX *mem_ctx,
+			    DATA_BLOB *out);
+
+#endif /* _KDC_PROXY_H */
diff --git a/source4/kdc/kdc-server.c b/source4/kdc/kdc-server.c
new file mode 100644
index 0000000..297d91e
--- /dev/null
+++ b/source4/kdc/kdc-server.c
@@ -0,0 +1,623 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   KDC related functions
+
+   Copyright (c) 2005-2008 Andrew Bartlett <abartlet@samba.org>
+   Copyright (c) 2005      Andrew Tridgell <tridge@samba.org>
+   Copyright (c) 2005      Stefan Metzmacher <metze@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "param/param.h"
+#include "samba/process_model.h"
+#include "lib/tsocket/tsocket.h"
+#include "libcli/util/tstream.h"
+#include "kdc/kdc-server.h"
+#include "kdc/kdc-proxy.h"
+#include "lib/stream/packet.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_KERBEROS
+
+/*
+ * State of an open tcp connection
+ */
+struct kdc_tcp_connection {
+	/* stream connection we belong to */
+	struct stream_connection *conn;
+
+	/* the kdc_server the connection belongs to */
+	struct kdc_socket *kdc_socket;
+
+	struct tstream_context *tstream;
+
+	struct tevent_queue *send_queue;
+};
+
+struct kdc_tcp_call {
+	struct kdc_tcp_connection *kdc_conn;
+	DATA_BLOB in;
+	DATA_BLOB out;
+	uint8_t out_hdr[4];
+	struct iovec out_iov[2];
+};
+
+struct kdc_udp_call {
+	struct kdc_udp_socket *sock;
+	struct tsocket_address *src;
+	DATA_BLOB in;
+	DATA_BLOB out;
+};
+
+static void kdc_udp_call_proxy_done(struct tevent_req *subreq);
+static void kdc_udp_call_sendto_done(struct tevent_req *subreq);
+
+static void kdc_tcp_call_writev_done(struct tevent_req *subreq);
+static void kdc_tcp_call_proxy_done(struct tevent_req *subreq);
+
+static void kdc_tcp_terminate_connection(struct kdc_tcp_connection *kdc_conn,
+					 const char *reason)
+{
+	stream_terminate_connection(kdc_conn->conn, reason);
+}
+
+static NTSTATUS kdc_proxy_unavailable_error(struct kdc_server *kdc,
+					    TALLOC_CTX *mem_ctx,
+					    DATA_BLOB *out)
+{
+	krb5_error_code code;
+	krb5_data enc_error;
+
+	code = smb_krb5_mk_error(kdc->smb_krb5_context->krb5_context,
+				 KRB5KDC_ERR_SVC_UNAVAILABLE,
+				 NULL,
+				 NULL,
+				 NULL,
+				 NULL,
+				 &enc_error);
+	if (code != 0) {
+		DBG_WARNING("Unable to form krb5 error reply\n");
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	*out = data_blob_talloc(mem_ctx, enc_error.data, enc_error.length);
+	smb_krb5_free_data_contents(kdc->smb_krb5_context->krb5_context,
+				    &enc_error);
+	if (!out->data) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	return NT_STATUS_OK;
+}
+
+static void kdc_udp_call_loop(struct tevent_req *subreq)
+{
+	struct kdc_udp_socket *sock = tevent_req_callback_data(subreq,
+				      struct kdc_udp_socket);
+	struct kdc_udp_call *call;
+	uint8_t *buf;
+	ssize_t len;
+	int sys_errno;
+	kdc_code ret;
+
+	call = talloc(sock, struct kdc_udp_call);
+	if (call == NULL) {
+		talloc_free(call);
+		goto done;
+	}
+	call->sock = sock;
+
+	len = tdgram_recvfrom_recv(subreq, &sys_errno,
+				   call, &buf, &call->src);
+	TALLOC_FREE(subreq);
+	if (len == -1) {
+		talloc_free(call);
+		goto done;
+	}
+
+	call->in.data = buf;
+	call->in.length = len;
+
+	DBG_DEBUG("Received krb5 UDP packet of length %zu from %s\n",
+		  call->in.length,
+		  tsocket_address_string(call->src, call));
+
+	/* Call krb5 */
+	ret = sock->kdc_socket->process(sock->kdc_socket->kdc,
+				       call,
+				       &call->in,
+				       &call->out,
+				       call->src,
+				       sock->kdc_socket->local_address,
+				       1 /* Datagram */);
+	if (ret == KDC_ERROR) {
+		talloc_free(call);
+		goto done;
+	}
+
+	if (ret == KDC_PROXY_REQUEST) {
+		uint16_t port;
+
+		if (!sock->kdc_socket->kdc->am_rodc) {
+			DBG_ERR("proxying requested when not RODC\n");
+			talloc_free(call);
+			goto done;
+		}
+
+		port = tsocket_address_inet_port(sock->kdc_socket->local_address);
+
+		subreq = kdc_udp_proxy_send(call,
+					    sock->kdc_socket->kdc->task->event_ctx,
+					    sock->kdc_socket->kdc,
+					    port,
+					    call->in);
+		if (subreq == NULL) {
+			talloc_free(call);
+			goto done;
+		}
+		tevent_req_set_callback(subreq, kdc_udp_call_proxy_done, call);
+		goto done;
+	}
+
+	subreq = tdgram_sendto_queue_send(call,
+					  sock->kdc_socket->kdc->task->event_ctx,
+					  sock->dgram,
+					  sock->send_queue,
+					  call->out.data,
+					  call->out.length,
+					  call->src);
+	if (subreq == NULL) {
+		talloc_free(call);
+		goto done;
+	}
+	tevent_req_set_callback(subreq, kdc_udp_call_sendto_done, call);
+
+done:
+	subreq = tdgram_recvfrom_send(sock,
+				      sock->kdc_socket->kdc->task->event_ctx,
+				      sock->dgram);
+	if (subreq == NULL) {
+		task_server_terminate(sock->kdc_socket->kdc->task,
+				      "no memory for tdgram_recvfrom_send",
+				      true);
+		return;
+	}
+	tevent_req_set_callback(subreq, kdc_udp_call_loop, sock);
+}
+
+static void kdc_udp_call_proxy_done(struct tevent_req *subreq)
+{
+	struct kdc_udp_call *call =
+		tevent_req_callback_data(subreq,
+		struct kdc_udp_call);
+	NTSTATUS status;
+
+	status = kdc_udp_proxy_recv(subreq, call, &call->out);
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(status)) {
+		/* generate an error packet */
+		status = kdc_proxy_unavailable_error(call->sock->kdc_socket->kdc,
+						     call, &call->out);
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(call);
+		return;
+	}
+
+	subreq = tdgram_sendto_queue_send(call,
+					  call->sock->kdc_socket->kdc->task->event_ctx,
+					  call->sock->dgram,
+					  call->sock->send_queue,
+					  call->out.data,
+					  call->out.length,
+					  call->src);
+	if (subreq == NULL) {
+		talloc_free(call);
+		return;
+	}
+
+	tevent_req_set_callback(subreq, kdc_udp_call_sendto_done, call);
+}
+
+static void kdc_udp_call_sendto_done(struct tevent_req *subreq)
+{
+	struct kdc_udp_call *call = tevent_req_callback_data(subreq,
+				       struct kdc_udp_call);
+	int sys_errno;
+
+	tdgram_sendto_queue_recv(subreq, &sys_errno);
+
+	/* We don't care about errors */
+
+	talloc_free(call);
+}
+
+static void kdc_tcp_call_loop(struct tevent_req *subreq)
+{
+	struct kdc_tcp_connection *kdc_conn = tevent_req_callback_data(subreq,
+				      struct kdc_tcp_connection);
+	struct kdc_tcp_call *call;
+	NTSTATUS status;
+	kdc_code ret;
+
+	call = talloc(kdc_conn, struct kdc_tcp_call);
+	if (call == NULL) {
+		kdc_tcp_terminate_connection(kdc_conn, "kdc_tcp_call_loop: "
+				"no memory for kdc_tcp_call");
+		return;
+	}
+	call->kdc_conn = kdc_conn;
+
+	status = tstream_read_pdu_blob_recv(subreq,
+					    call,
+					    &call->in);
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(status)) {
+		const char *reason;
+
+		reason = talloc_asprintf(call, "kdc_tcp_call_loop: "
+					 "tstream_read_pdu_blob_recv() - %s",
+					 nt_errstr(status));
+		if (!reason) {
+			reason = nt_errstr(status);
+		}
+
+		kdc_tcp_terminate_connection(kdc_conn, reason);
+		return;
+	}
+
+	DBG_DEBUG("Received krb5 TCP packet of length %zu from %s\n",
+		  call->in.length,
+		  tsocket_address_string(kdc_conn->conn->remote_address, call));
+
+	/* skip length header */
+	call->in.data +=4;
+	call->in.length -= 4;
+
+	/* Call krb5 */
+	ret = kdc_conn->kdc_socket->process(kdc_conn->kdc_socket->kdc,
+					   call,
+					   &call->in,
+					   &call->out,
+					   kdc_conn->conn->remote_address,
+					   kdc_conn->conn->local_address,
+					   0 /* Stream */);
+	if (ret == KDC_ERROR) {
+		kdc_tcp_terminate_connection(kdc_conn,
+				"kdc_tcp_call_loop: process function failed");
+		return;
+	}
+
+	if (ret == KDC_PROXY_REQUEST) {
+		uint16_t port;
+
+		if (!kdc_conn->kdc_socket->kdc->am_rodc) {
+			kdc_tcp_terminate_connection(kdc_conn,
+						     "kdc_tcp_call_loop: proxying requested when not RODC");
+			return;
+		}
+		port = tsocket_address_inet_port(kdc_conn->conn->local_address);
+
+		subreq = kdc_tcp_proxy_send(call,
+					    kdc_conn->conn->event.ctx,
+					    kdc_conn->kdc_socket->kdc,
+					    port,
+					    call->in);
+		if (subreq == NULL) {
+			kdc_tcp_terminate_connection(kdc_conn,
+				"kdc_tcp_call_loop: kdc_tcp_proxy_send failed");
+			return;
+		}
+		tevent_req_set_callback(subreq, kdc_tcp_call_proxy_done, call);
+		return;
+	}
+
+	/* First add the length of the out buffer */
+	RSIVAL(call->out_hdr, 0, call->out.length);
+	call->out_iov[0].iov_base = (char *) call->out_hdr;
+	call->out_iov[0].iov_len = 4;
+
+	call->out_iov[1].iov_base = (char *) call->out.data;
+	call->out_iov[1].iov_len = call->out.length;
+
+	subreq = tstream_writev_queue_send(call,
+					   kdc_conn->conn->event.ctx,
+					   kdc_conn->tstream,
+					   kdc_conn->send_queue,
+					   call->out_iov, 2);
+	if (subreq == NULL) {
+		kdc_tcp_terminate_connection(kdc_conn, "kdc_tcp_call_loop: "
+				"no memory for tstream_writev_queue_send");
+		return;
+	}
+	tevent_req_set_callback(subreq, kdc_tcp_call_writev_done, call);
+
+	/*
+	 * The krb5 tcp pdu's has the length as 4 byte (initial_read_size),
+	 * tstream_full_request_u32 provides the pdu length then.
+	 */
+	subreq = tstream_read_pdu_blob_send(kdc_conn,
+					    kdc_conn->conn->event.ctx,
+					    kdc_conn->tstream,
+					    4, /* initial_read_size */
+					    tstream_full_request_u32,
+					    kdc_conn);
+	if (subreq == NULL) {
+		kdc_tcp_terminate_connection(kdc_conn, "kdc_tcp_call_loop: "
+				"no memory for tstream_read_pdu_blob_send");
+		return;
+	}
+	tevent_req_set_callback(subreq, kdc_tcp_call_loop, kdc_conn);
+}
+
+static void kdc_tcp_call_proxy_done(struct tevent_req *subreq)
+{
+	struct kdc_tcp_call *call = tevent_req_callback_data(subreq,
+			struct kdc_tcp_call);
+	struct kdc_tcp_connection *kdc_conn = call->kdc_conn;
+	NTSTATUS status;
+
+	status = kdc_tcp_proxy_recv(subreq, call, &call->out);
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(status)) {
+		/* generate an error packet */
+		status = kdc_proxy_unavailable_error(kdc_conn->kdc_socket->kdc,
+						     call, &call->out);
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		const char *reason;
+
+		reason = talloc_asprintf(call, "kdc_tcp_call_proxy_done: "
+					 "kdc_proxy_unavailable_error - %s",
+					 nt_errstr(status));
+		if (!reason) {
+			reason = "kdc_tcp_call_proxy_done: kdc_proxy_unavailable_error() failed";
+		}
+
+		kdc_tcp_terminate_connection(call->kdc_conn, reason);
+		return;
+	}
+
+	/* First add the length of the out buffer */
+	RSIVAL(call->out_hdr, 0, call->out.length);
+	call->out_iov[0].iov_base = (char *) call->out_hdr;
+	call->out_iov[0].iov_len = 4;
+
+	call->out_iov[1].iov_base = (char *) call->out.data;
+	call->out_iov[1].iov_len = call->out.length;
+
+	subreq = tstream_writev_queue_send(call,
+					   kdc_conn->conn->event.ctx,
+					   kdc_conn->tstream,
+					   kdc_conn->send_queue,
+					   call->out_iov, 2);
+	if (subreq == NULL) {
+		kdc_tcp_terminate_connection(kdc_conn, "kdc_tcp_call_proxy_done: "
+				"no memory for tstream_writev_queue_send");
+		return;
+	}
+	tevent_req_set_callback(subreq, kdc_tcp_call_writev_done, call);
+
+	/*
+	 * The krb5 tcp pdu's has the length as 4 byte (initial_read_size),
+	 * tstream_full_request_u32 provides the pdu length then.
+	 */
+	subreq = tstream_read_pdu_blob_send(kdc_conn,
+					    kdc_conn->conn->event.ctx,
+					    kdc_conn->tstream,
+					    4, /* initial_read_size */
+					    tstream_full_request_u32,
+					    kdc_conn);
+	if (subreq == NULL) {
+		kdc_tcp_terminate_connection(kdc_conn, "kdc_tcp_call_proxy_done: "
+				"no memory for tstream_read_pdu_blob_send");
+		return;
+	}
+	tevent_req_set_callback(subreq, kdc_tcp_call_loop, kdc_conn);
+}
+
+static void kdc_tcp_call_writev_done(struct tevent_req *subreq)
+{
+	struct kdc_tcp_call *call = tevent_req_callback_data(subreq,
+			struct kdc_tcp_call);
+	int sys_errno;
+	int rc;
+
+	rc = tstream_writev_queue_recv(subreq, &sys_errno);
+	TALLOC_FREE(subreq);
+	if (rc == -1) {
+		const char *reason;
+
+		reason = talloc_asprintf(call, "kdc_tcp_call_writev_done: "
+					 "tstream_writev_queue_recv() - %d:%s",
+					 sys_errno, strerror(sys_errno));
+		if (!reason) {
+			reason = "kdc_tcp_call_writev_done: tstream_writev_queue_recv() failed";
+		}
+
+		kdc_tcp_terminate_connection(call->kdc_conn, reason);
+		return;
+	}
+
+	/* We don't care about errors */
+
+	talloc_free(call);
+}
+
+/*
+  called when we get a new connection
+*/
+static void kdc_tcp_accept(struct stream_connection *conn)
+{
+	struct kdc_socket *kdc_socket;
+	struct kdc_tcp_connection *kdc_conn;
+	struct tevent_req *subreq;
+	int rc;
+
+	kdc_conn = talloc_zero(conn, struct kdc_tcp_connection);
+	if (kdc_conn == NULL) {
+		stream_terminate_connection(conn,
+				"kdc_tcp_accept: out of memory");
+		return;
+	}
+
+	kdc_conn->send_queue = tevent_queue_create(conn, "kdc_tcp_accept");
+	if (kdc_conn->send_queue == NULL) {
+		stream_terminate_connection(conn,
+				"kdc_tcp_accept: out of memory");
+		return;
+	}
+
+	kdc_socket = talloc_get_type(conn->private_data, struct kdc_socket);
+
+	TALLOC_FREE(conn->event.fde);
+
+	rc = tstream_bsd_existing_socket(kdc_conn,
+			socket_get_fd(conn->socket),
+			&kdc_conn->tstream);
+	if (rc < 0) {
+		stream_terminate_connection(conn,
+				"kdc_tcp_accept: out of memory");
+		return;
+	}
+	/* as server we want to fail early */
+	tstream_bsd_fail_readv_first_error(kdc_conn->tstream, true);
+
+	kdc_conn->conn = conn;
+	kdc_conn->kdc_socket = kdc_socket;
+	conn->private_data = kdc_conn;
+
+	/*
+	 * The krb5 tcp pdu's has the length as 4 byte (initial_read_size),
+	 * tstream_full_request_u32 provides the pdu length then.
+	 */
+	subreq = tstream_read_pdu_blob_send(kdc_conn,
+					    kdc_conn->conn->event.ctx,
+					    kdc_conn->tstream,
+					    4, /* initial_read_size */
+					    tstream_full_request_u32,
+					    kdc_conn);
+	if (subreq == NULL) {
+		kdc_tcp_terminate_connection(kdc_conn, "kdc_tcp_accept: "
+				"no memory for tstream_read_pdu_blob_send");
+		return;
+	}
+	tevent_req_set_callback(subreq, kdc_tcp_call_loop, kdc_conn);
+}
+
+static void kdc_tcp_recv(struct stream_connection *conn, uint16_t flags)
+{
+	struct kdc_tcp_connection *kdcconn = talloc_get_type(conn->private_data,
+							     struct kdc_tcp_connection);
+	/* this should never be triggered! */
+	kdc_tcp_terminate_connection(kdcconn, "kdc_tcp_recv: called");
+}
+
+static void kdc_tcp_send(struct stream_connection *conn, uint16_t flags)
+{
+	struct kdc_tcp_connection *kdcconn = talloc_get_type(conn->private_data,
+							     struct kdc_tcp_connection);
+	/* this should never be triggered! */
+	kdc_tcp_terminate_connection(kdcconn, "kdc_tcp_send: called");
+}
+
+static const struct stream_server_ops kdc_tcp_stream_ops = {
+	.name			= "kdc_tcp",
+	.accept_connection	= kdc_tcp_accept,
+	.recv_handler		= kdc_tcp_recv,
+	.send_handler		= kdc_tcp_send
+};
+
+/*
+ * Start listening on the given address
+ */
+NTSTATUS kdc_add_socket(struct kdc_server *kdc,
+			const struct model_ops *model_ops,
+			const char *name,
+			const char *address,
+			uint16_t port,
+			kdc_process_fn_t process,
+			bool udp_only)
+{
+	struct kdc_socket *kdc_socket;
+	struct kdc_udp_socket *kdc_udp_socket;
+	struct tevent_req *udpsubreq;
+	NTSTATUS status;
+	int ret;
+
+	kdc_socket = talloc(kdc, struct kdc_socket);
+	NT_STATUS_HAVE_NO_MEMORY(kdc_socket);
+
+	kdc_socket->kdc = kdc;
+	kdc_socket->process = process;
+
+	ret = tsocket_address_inet_from_strings(kdc_socket, "ip",
+						address, port,
+						&kdc_socket->local_address);
+	if (ret != 0) {
+		status = map_nt_error_from_unix_common(errno);
+		return status;
+	}
+
+	if (!udp_only) {
+		status = stream_setup_socket(kdc->task,
+					     kdc->task->event_ctx,
+					     kdc->task->lp_ctx,
+					     model_ops,
+					     &kdc_tcp_stream_ops,
+					     "ip", address, &port,
+					     lpcfg_socket_options(kdc->task->lp_ctx),
+					     kdc_socket,
+					     kdc->task->process_context);
+		if (!NT_STATUS_IS_OK(status)) {
+			DBG_ERR("Failed to bind to %s:%u TCP - %s\n",
+				address, port, nt_errstr(status));
+			talloc_free(kdc_socket);
+			return status;
+		}
+	}
+
+	kdc_udp_socket = talloc(kdc_socket, struct kdc_udp_socket);
+	NT_STATUS_HAVE_NO_MEMORY(kdc_udp_socket);
+
+	kdc_udp_socket->kdc_socket = kdc_socket;
+
+	ret = tdgram_inet_udp_socket(kdc_socket->local_address,
+				     NULL,
+				     kdc_udp_socket,
+				     &kdc_udp_socket->dgram);
+	if (ret != 0) {
+		status = map_nt_error_from_unix_common(errno);
+		DBG_ERR("Failed to bind to %s:%u UDP - %s\n",
+			address, port, nt_errstr(status));
+		return status;
+	}
+
+	kdc_udp_socket->send_queue = tevent_queue_create(kdc_udp_socket,
+							 "kdc_udp_send_queue");
+	NT_STATUS_HAVE_NO_MEMORY(kdc_udp_socket->send_queue);
+
+	udpsubreq = tdgram_recvfrom_send(kdc_udp_socket,
+					 kdc->task->event_ctx,
+					 kdc_udp_socket->dgram);
+	NT_STATUS_HAVE_NO_MEMORY(udpsubreq);
+	tevent_req_set_callback(udpsubreq, kdc_udp_call_loop, kdc_udp_socket);
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/kdc/kdc-server.h b/source4/kdc/kdc-server.h
new file mode 100644
index 0000000..89b30f1
--- /dev/null
+++ b/source4/kdc/kdc-server.h
@@ -0,0 +1,83 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   KDC related functions
+
+   Copyright (c) 2005-2008 Andrew Bartlett <abartlet@samba.org>
+   Copyright (c) 2005             Andrew Tridgell <tridge@samba.org>
+   Copyright (c) 2005             Stefan Metzmacher <metze@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _KDC_SERVER_H
+#define _KDC_SERVER_H
+
+#include "system/kerberos.h"
+#include "auth/kerberos/kerberos.h"
+
+struct tsocket_address;
+struct model_ops;
+
+/*
+ * Context structure for the kdc server
+ */
+struct kdc_server {
+	struct task_server *task;
+	struct smb_krb5_context *smb_krb5_context;
+	struct samba_kdc_base_context *base_ctx;
+	struct ldb_context *samdb;
+	bool am_rodc;
+	uint32_t proxy_timeout;
+	const char *kpasswd_keytab_name;
+	void *private_data;
+};
+
+typedef enum kdc_code_e {
+	KDC_OK = 0,
+	KDC_ERROR,
+	KDC_PROXY_REQUEST
+} kdc_code;
+
+typedef kdc_code (*kdc_process_fn_t)(struct kdc_server *kdc,
+				     TALLOC_CTX *mem_ctx,
+				     DATA_BLOB *request,
+				     DATA_BLOB *reply,
+				     struct tsocket_address *remote_address,
+				     struct tsocket_address *local_address,
+				     int datagram);
+
+/* Information about one kdc socket */
+struct kdc_socket {
+	struct kdc_server *kdc;
+	struct tsocket_address *local_address;
+	kdc_process_fn_t process;
+};
+
+/* Information about one kdc/kpasswd udp socket */
+struct kdc_udp_socket {
+	struct kdc_socket *kdc_socket;
+	struct tdgram_context *dgram;
+	struct tevent_queue *send_queue;
+};
+
+NTSTATUS kdc_add_socket(struct kdc_server *kdc,
+			const struct model_ops *model_ops,
+			const char *name,
+			const char *address,
+			uint16_t port,
+			kdc_process_fn_t process,
+			bool udp_only);
+
+#endif /* _KDC_SERVER_H */
diff --git a/source4/kdc/kdc-service-mit.c b/source4/kdc/kdc-service-mit.c
new file mode 100644
index 0000000..5b1240c
--- /dev/null
+++ b/source4/kdc/kdc-service-mit.c
@@ -0,0 +1,395 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Start MIT krb5kdc server within Samba AD
+
+   Copyright (c) 2014-2016 Andreas Schneider <asn@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "talloc.h"
+#include "tevent.h"
+#include "system/filesys.h"
+#include "lib/param/param.h"
+#include "lib/util/samba_util.h"
+#include "source4/samba/service.h"
+#include "source4/samba/process_model.h"
+#include "kdc/kdc-service-mit.h"
+#include "dynconfig.h"
+#include "libds/common/roles.h"
+#include "lib/socket/netif.h"
+#include "samba/session.h"
+#include "dsdb/samdb/samdb.h"
+#include "kdc/samba_kdc.h"
+#include "kdc/kdc-server.h"
+#include "kdc/kpasswd-service.h"
+#include <kadm5/admin.h>
+#include <kdb.h>
+
+#include "source4/kdc/mit_kdc_irpc.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_KERBEROS
+
+/* PROTOTYPES */
+static void mitkdc_server_done(struct tevent_req *subreq);
+
+static int kdc_server_destroy(struct kdc_server *kdc)
+{
+	if (kdc->private_data != NULL) {
+		kadm5_destroy(kdc->private_data);
+	}
+
+	return 0;
+}
+
+static NTSTATUS startup_kpasswd_server(TALLOC_CTX *mem_ctx,
+				       struct kdc_server *kdc,
+				       struct loadparm_context *lp_ctx,
+				       struct interface *ifaces)
+{
+	int num_interfaces;
+	int i;
+	TALLOC_CTX *tmp_ctx;
+	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+	uint16_t kpasswd_port;
+	bool done_wildcard = false;
+	bool ok;
+
+	kpasswd_port = lpcfg_kpasswd_port(lp_ctx);
+	if (kpasswd_port == 0) {
+		return NT_STATUS_OK;
+	}
+
+	tmp_ctx = talloc_named_const(mem_ctx, 0, "kpasswd");
+	if (tmp_ctx == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	num_interfaces = iface_list_count(ifaces);
+
+	ok = lpcfg_bind_interfaces_only(lp_ctx);
+	if (!ok) {
+		int num_binds = 0;
+		char **wcard;
+
+		wcard = iface_list_wildcard(tmp_ctx);
+		if (wcard == NULL) {
+			status = NT_STATUS_NO_MEMORY;
+			goto out;
+		}
+
+		for (i = 0; wcard[i] != NULL; i++) {
+			status = kdc_add_socket(kdc,
+						kdc->task->model_ops,
+						"kpasswd",
+						wcard[i],
+						kpasswd_port,
+						kpasswd_process,
+						false);
+			if (NT_STATUS_IS_OK(status)) {
+				num_binds++;
+			}
+		}
+		talloc_free(wcard);
+
+		if (num_binds == 0) {
+			status = NT_STATUS_INVALID_PARAMETER_MIX;
+			goto out;
+		}
+
+		done_wildcard = true;
+	}
+
+	for (i = 0; i < num_interfaces; i++) {
+		const char *address = talloc_strdup(tmp_ctx, iface_list_n_ip(ifaces, i));
+
+		status = kdc_add_socket(kdc,
+					kdc->task->model_ops,
+					"kpasswd",
+					address,
+					kpasswd_port,
+					kpasswd_process,
+					done_wildcard);
+		if (NT_STATUS_IS_OK(status)) {
+			goto out;
+		}
+	}
+
+out:
+	talloc_free(tmp_ctx);
+	return status;
+}
+
+/*
+ * Startup a copy of the krb5kdc as a child daemon
+ */
+NTSTATUS mitkdc_task_init(struct task_server *task)
+{
+	struct tevent_req *subreq;
+	const char * const *kdc_cmd;
+	struct interface *ifaces;
+	char *kdc_config = NULL;
+	struct kdc_server *kdc;
+	krb5_error_code code;
+	NTSTATUS status;
+	kadm5_ret_t ret;
+	kadm5_config_params config;
+	void *server_handle;
+	int dbglvl = 0;
+
+	task_server_set_title(task, "task[mitkdc_parent]");
+
+	switch (lpcfg_server_role(task->lp_ctx)) {
+	case ROLE_STANDALONE:
+		task_server_terminate(task,
+				      "The KDC is not required in standalone "
+				      "server configuration, terminate!",
+				      false);
+		return NT_STATUS_INVALID_DOMAIN_ROLE;
+	case ROLE_DOMAIN_MEMBER:
+		task_server_terminate(task,
+				      "The KDC is not required in member "
+				      "server configuration",
+				      false);
+		return NT_STATUS_INVALID_DOMAIN_ROLE;
+	case ROLE_ACTIVE_DIRECTORY_DC:
+		/* Yes, we want to start the KDC */
+		break;
+	}
+
+	/* Load interfaces for kpasswd */
+	load_interface_list(task, task->lp_ctx, &ifaces);
+	if (iface_list_count(ifaces) == 0) {
+		task_server_terminate(task,
+				      "KDC: no network interfaces configured",
+				      false);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	kdc_config = talloc_asprintf(task,
+				     "%s/kdc.conf",
+				     lpcfg_private_dir(task->lp_ctx));
+	if (kdc_config == NULL) {
+		task_server_terminate(task,
+				      "KDC: no memory",
+				      false);
+		return NT_STATUS_NO_MEMORY;
+	}
+	setenv("KRB5_KDC_PROFILE", kdc_config, 0);
+	TALLOC_FREE(kdc_config);
+
+	dbglvl = debuglevel_get_class(DBGC_KERBEROS);
+	if (dbglvl >= 10) {
+		char *kdc_trace_file = talloc_asprintf(task,
+						       "%s/mit_kdc_trace.log",
+						       get_dyn_LOGFILEBASE());
+		if (kdc_trace_file == NULL) {
+			task_server_terminate(task,
+					"KDC: no memory",
+					false);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		setenv("KRB5_TRACE", kdc_trace_file, 1);
+	}
+
+	/* start it as a child process */
+	kdc_cmd = lpcfg_mit_kdc_command(task->lp_ctx);
+
+	subreq = samba_runcmd_send(task,
+				   task->event_ctx,
+				   timeval_zero(),
+				   1, /* stdout log level */
+				   0, /* stderr log level */
+				   kdc_cmd,
+				   "-n", /* Don't go into background */
+#if 0
+				   "-w 2", /* Start two workers */
+#endif
+				   NULL);
+	if (subreq == NULL) {
+		DBG_ERR("Failed to start MIT KDC as child daemon\n");
+
+		task_server_terminate(task,
+				      "Failed to startup mitkdc task",
+				      true);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	tevent_req_set_callback(subreq, mitkdc_server_done, task);
+
+	DBG_INFO("Started krb5kdc process\n");
+
+	status = samba_setup_mit_kdc_irpc(task);
+	if (!NT_STATUS_IS_OK(status)) {
+		task_server_terminate(task,
+				      "Failed to setup kdc irpc service",
+				      true);
+	}
+
+	DBG_INFO("Started irpc service for kdc_server\n");
+
+	kdc = talloc_zero(task, struct kdc_server);
+	if (kdc == NULL) {
+		task_server_terminate(task, "KDC: Out of memory", true);
+		return NT_STATUS_NO_MEMORY;
+	}
+	talloc_set_destructor(kdc, kdc_server_destroy);
+
+	kdc->task = task;
+
+	kdc->base_ctx = talloc_zero(kdc, struct samba_kdc_base_context);
+	if (kdc->base_ctx == NULL) {
+		task_server_terminate(task, "KDC: Out of memory", true);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	kdc->base_ctx->ev_ctx = task->event_ctx;
+	kdc->base_ctx->lp_ctx = task->lp_ctx;
+
+	initialize_krb5_error_table();
+
+	code = smb_krb5_init_context(kdc,
+				     kdc->task->lp_ctx,
+				     &kdc->smb_krb5_context);
+	if (code != 0) {
+		task_server_terminate(task,
+				      "KDC: Unable to initialize krb5 context",
+				      true);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	code = kadm5_init_krb5_context(&kdc->smb_krb5_context->krb5_context);
+	if (code != 0) {
+		task_server_terminate(task,
+				      "KDC: Unable to init kadm5 krb5_context",
+				      true);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	ZERO_STRUCT(config);
+	config.mask = KADM5_CONFIG_REALM;
+	config.realm = discard_const_p(char, lpcfg_realm(kdc->task->lp_ctx));
+
+	ret = kadm5_init(kdc->smb_krb5_context->krb5_context,
+			 discard_const_p(char, "kpasswd"),
+			 NULL, /* pass */
+			 discard_const_p(char, "kpasswd"),
+			 &config,
+			 KADM5_STRUCT_VERSION,
+			 KADM5_API_VERSION_4,
+			 NULL,
+			 &server_handle);
+	if (ret != 0) {
+		task_server_terminate(task,
+				      "KDC: Initialize kadm5",
+				      true);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+	kdc->private_data = server_handle;
+
+	code = krb5_db_register_keytab(kdc->smb_krb5_context->krb5_context);
+	if (code != 0) {
+		task_server_terminate(task,
+				      "KDC: Unable to KDB",
+				      true);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	kdc->kpasswd_keytab_name = talloc_asprintf(kdc, "KDB:");
+	if (kdc->kpasswd_keytab_name == NULL) {
+		task_server_terminate(task,
+				      "KDC: Out of memory",
+				      true);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	kdc->samdb = samdb_connect(kdc,
+				   kdc->task->event_ctx,
+				   kdc->task->lp_ctx,
+				   system_session(kdc->task->lp_ctx),
+				   NULL,
+				   0);
+	if (kdc->samdb == NULL) {
+		task_server_terminate(task,
+				      "KDC: Unable to connect to samdb",
+				      true);
+		return NT_STATUS_CONNECTION_INVALID;
+	}
+
+	status = startup_kpasswd_server(kdc,
+				    kdc,
+				    task->lp_ctx,
+				    ifaces);
+	if (!NT_STATUS_IS_OK(status)) {
+		task_server_terminate(task,
+				      "KDC: Unable to start kpasswd server",
+				      true);
+		return status;
+	}
+
+	DBG_INFO("Started kpasswd service for kdc_server\n");
+
+	return NT_STATUS_OK;
+}
+
+/*
+ * This gets called the kdc exits.
+ */
+static void mitkdc_server_done(struct tevent_req *subreq)
+{
+	struct task_server *task =
+		tevent_req_callback_data(subreq,
+		struct task_server);
+	int sys_errno;
+	int ret;
+
+	ret = samba_runcmd_recv(subreq, &sys_errno);
+	if (ret != 0) {
+		DBG_ERR("The MIT KDC daemon died with exit status %d\n",
+			sys_errno);
+	} else {
+		DBG_ERR("The MIT KDC daemon exited normally\n");
+	}
+
+	task_server_terminate(task, "mitkdc child process exited", true);
+}
+
+/* Called at MIT KRB5 startup - register ourselves as a server service */
+NTSTATUS server_service_mitkdc_init(TALLOC_CTX *mem_ctx);
+
+NTSTATUS server_service_mitkdc_init(TALLOC_CTX *mem_ctx)
+{
+	static const struct service_details details = {
+		.inhibit_fork_on_accept = true,
+		/*
+		 * Need to prevent pre-forking on kdc.
+		 * The task_init function is run on the master process only
+		 * and the irpc process name is registered in it's event loop.
+		 * The child worker processes initialise their event loops on
+		 * fork, so are not listening for the irpc event.
+		 *
+		 * The master process does not wait on that event context
+		 * the master process is responsible for managing the worker
+		 * processes not performing work.
+		 */
+		.inhibit_pre_fork = true,
+		.task_init = mitkdc_task_init,
+		.post_fork = NULL
+	};
+	return register_server_service(mem_ctx, "kdc", &details);
+}
diff --git a/source4/kdc/kdc-service-mit.h b/source4/kdc/kdc-service-mit.h
new file mode 100644
index 0000000..7943933
--- /dev/null
+++ b/source4/kdc/kdc-service-mit.h
@@ -0,0 +1,27 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Start MIT krb5kdc server within Samba AD
+
+   Copyright (c) 2014      Andreas Schneider <asn@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _KDC_SERVICE_MIT_H
+#define _KDC_SERVICE_MIT_H
+
+NTSTATUS mitkdc_task_init(struct task_server *task);
+
+#endif /* _KDC_SERVICE_MIT_H */
diff --git a/source4/kdc/kpasswd-helper.c b/source4/kdc/kpasswd-helper.c
new file mode 100644
index 0000000..3e4ea36
--- /dev/null
+++ b/source4/kdc/kpasswd-helper.c
@@ -0,0 +1,264 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Samba kpasswd implementation
+
+   Copyright (c) 2005      Andrew Bartlett <abartlet@samba.org>
+   Copyright (c) 2016      Andreas Schneider <asn@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/kerberos.h"
+#include "librpc/gen_ndr/samr.h"
+#include "dsdb/samdb/samdb.h"
+#include "auth/auth.h"
+#include "kdc/kpasswd-helper.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_KERBEROS
+
+bool kpasswd_make_error_reply(TALLOC_CTX *mem_ctx,
+			      krb5_error_code error_code,
+			      const char *error_string,
+			      DATA_BLOB *error_data)
+{
+	bool ok;
+	char *s;
+	size_t slen;
+
+	if (error_code == 0) {
+		DBG_DEBUG("kpasswd reply - %s\n", error_string);
+	} else {
+		DBG_INFO("kpasswd reply - %s\n", error_string);
+	}
+
+	ok = push_utf8_talloc(mem_ctx, &s, error_string, &slen);
+	if (!ok) {
+		return false;
+	}
+
+	/*
+	 * The string 's' has one terminating nul-byte which is also
+	 * reflected by 'slen'. We subtract it from the length.
+	 */
+	if (slen < 1) {
+		talloc_free(s);
+		return false;
+	}
+	slen--;
+
+	/* Two bytes are added to the length to account for the error code. */
+	if (2 + slen < slen) {
+		talloc_free(s);
+		return false;
+	}
+	error_data->length = 2 + slen;
+	error_data->data = talloc_size(mem_ctx, error_data->length);
+	if (error_data->data == NULL) {
+		talloc_free(s);
+		return false;
+	}
+
+	RSSVAL(error_data->data, 0, error_code);
+	memcpy(error_data->data + 2, s, slen);
+
+	talloc_free(s);
+
+	return true;
+}
+
+bool kpasswd_make_pwchange_reply(TALLOC_CTX *mem_ctx,
+				 NTSTATUS status,
+				 enum samPwdChangeReason reject_reason,
+				 struct samr_DomInfo1 *dominfo,
+				 DATA_BLOB *error_blob)
+{
+	const char *reject_string = NULL;
+
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) {
+		return kpasswd_make_error_reply(mem_ctx,
+						KRB5_KPASSWD_ACCESSDENIED,
+						"No such user when changing password",
+						error_blob);
+	} else if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+		return kpasswd_make_error_reply(mem_ctx,
+						KRB5_KPASSWD_ACCESSDENIED,
+						"Not permitted to change password",
+						error_blob);
+	}
+	if (dominfo != NULL &&
+	    NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
+		switch (reject_reason) {
+		case SAM_PWD_CHANGE_PASSWORD_TOO_SHORT:
+			reject_string =
+				talloc_asprintf(mem_ctx,
+						"Password too short, password "
+						"must be at least %d characters "
+						"long.",
+						dominfo->min_password_length);
+			if (reject_string == NULL) {
+				reject_string = "Password too short";
+			}
+			break;
+		case SAM_PWD_CHANGE_NOT_COMPLEX:
+			reject_string = "Password does not meet complexity "
+					"requirements";
+			break;
+		case SAM_PWD_CHANGE_PWD_IN_HISTORY:
+			reject_string =
+				talloc_asprintf(mem_ctx,
+						"Password is already in password "
+						"history. New password must not "
+						"match any of your %d previous "
+						"passwords.",
+						dominfo->password_history_length);
+			if (reject_string == NULL) {
+				reject_string = "Password is already in password "
+						"history";
+			}
+			break;
+		default:
+			reject_string = "Password change rejected, password "
+					"changes may not be permitted on this "
+					"account, or the minimum password age "
+					"may not have elapsed.";
+			break;
+		}
+
+		return kpasswd_make_error_reply(mem_ctx,
+						KRB5_KPASSWD_SOFTERROR,
+						reject_string,
+						error_blob);
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		reject_string = talloc_asprintf(mem_ctx,
+						"Failed to set password: %s",
+						nt_errstr(status));
+		if (reject_string == NULL) {
+			reject_string = "Failed to set password";
+		}
+		return kpasswd_make_error_reply(mem_ctx,
+						KRB5_KPASSWD_HARDERROR,
+						reject_string,
+						error_blob);
+	}
+
+	return kpasswd_make_error_reply(mem_ctx,
+					KRB5_KPASSWD_SUCCESS,
+					"Password changed",
+					error_blob);
+}
+
+NTSTATUS kpasswd_samdb_set_password(TALLOC_CTX *mem_ctx,
+				    struct tevent_context *event_ctx,
+				    struct loadparm_context *lp_ctx,
+				    struct auth_session_info *session_info,
+				    bool is_service_principal,
+				    const char *target_principal_name,
+				    DATA_BLOB *password,
+				    enum samPwdChangeReason *reject_reason,
+				    struct samr_DomInfo1 **dominfo)
+{
+	NTSTATUS status;
+	struct ldb_context *samdb;
+	struct ldb_dn *target_dn = NULL;
+	int rc;
+
+	samdb = samdb_connect(mem_ctx,
+			      event_ctx,
+			      lp_ctx,
+			      session_info,
+			      NULL,
+			      0);
+	if (samdb == NULL) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	DBG_INFO("%s\\%s (%s) is changing password of %s\n",
+		 session_info->info->domain_name,
+		 session_info->info->account_name,
+		 dom_sid_string(mem_ctx,
+				&session_info->security_token->sids[PRIMARY_USER_SID_INDEX]),
+		 target_principal_name);
+
+	rc = ldb_transaction_start(samdb);
+	if (rc != LDB_SUCCESS) {
+		return NT_STATUS_TRANSACTION_ABORTED;
+	}
+
+	if (is_service_principal) {
+		status = crack_service_principal_name(samdb,
+						      mem_ctx,
+						      target_principal_name,
+						      &target_dn,
+						      NULL);
+	} else {
+		status = crack_user_principal_name(samdb,
+						   mem_ctx,
+						   target_principal_name,
+						   &target_dn,
+						   NULL);
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		ldb_transaction_cancel(samdb);
+		return status;
+	}
+
+	status = samdb_set_password(samdb,
+				    mem_ctx,
+				    target_dn,
+				    NULL, /* domain_dn */
+				    password,
+				    NULL, /* ntNewHash */
+				    DSDB_PASSWORD_RESET,
+				    reject_reason,
+				    dominfo);
+	if (NT_STATUS_IS_OK(status)) {
+		rc = ldb_transaction_commit(samdb);
+		if (rc != LDB_SUCCESS) {
+			DBG_WARNING("Failed to commit transaction to "
+				    "set password on %s: %s\n",
+				    ldb_dn_get_linearized(target_dn),
+				    ldb_errstring(samdb));
+			return NT_STATUS_TRANSACTION_ABORTED;
+		}
+	} else {
+		ldb_transaction_cancel(samdb);
+	}
+
+	return status;
+}
+
+krb5_error_code kpasswd_check_non_tgt(struct auth_session_info *session_info,
+				      const char **error_string)
+{
+	switch(session_info->ticket_type) {
+	case TICKET_TYPE_TGT:
+		/* TGTs are disallowed here. */
+		*error_string = "A TGT may not be used as a ticket to kpasswd";
+		return KRB5_KPASSWD_AUTHERROR;
+	case TICKET_TYPE_NON_TGT:
+		/* Non-TGTs are permitted, and expected. */
+		break;
+	default:
+		/* In case we forgot to set the type. */
+		*error_string = "Failed to ascertain that ticket to kpasswd is not a TGT";
+		return KRB5_KPASSWD_HARDERROR;
+	}
+
+	return 0;
+}
diff --git a/source4/kdc/kpasswd-helper.h b/source4/kdc/kpasswd-helper.h
new file mode 100644
index 0000000..94a6e2a
--- /dev/null
+++ b/source4/kdc/kpasswd-helper.h
@@ -0,0 +1,48 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Samba kpasswd implementation
+
+   Copyright (c) 2016      Andreas Schneider <asn@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _KPASSWD_HELPER_H
+#define _KPASSWD_HELPER_H
+
+bool kpasswd_make_error_reply(TALLOC_CTX *mem_ctx,
+			      krb5_error_code error_code,
+			      const char *error_string,
+			      DATA_BLOB *error_data);
+
+bool kpasswd_make_pwchange_reply(TALLOC_CTX *mem_ctx,
+				 NTSTATUS status,
+				 enum samPwdChangeReason reject_reason,
+				 struct samr_DomInfo1 *dominfo,
+				 DATA_BLOB *error_blob);
+
+NTSTATUS kpasswd_samdb_set_password(TALLOC_CTX *mem_ctx,
+				    struct tevent_context *event_ctx,
+				    struct loadparm_context *lp_ctx,
+				    struct auth_session_info *session_info,
+				    bool is_service_principal,
+				    const char *target_principal_name,
+				    DATA_BLOB *password,
+				    enum samPwdChangeReason *reject_reason,
+				    struct samr_DomInfo1 **dominfo);
+
+krb5_error_code kpasswd_check_non_tgt(struct auth_session_info *session_info,
+				      const char **error_string);
+#endif /* _KPASSWD_HELPER_H */
diff --git a/source4/kdc/kpasswd-service-heimdal.c b/source4/kdc/kpasswd-service-heimdal.c
new file mode 100644
index 0000000..b4709de
--- /dev/null
+++ b/source4/kdc/kpasswd-service-heimdal.c
@@ -0,0 +1,326 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Samba kpasswd implementation
+
+   Copyright (c) 2016      Andreas Schneider <asn@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "samba/service_task.h"
+#include "param/param.h"
+#include "auth/auth.h"
+#include "auth/gensec/gensec.h"
+#include "gensec_krb5_helpers.h"
+#include "kdc/kdc-server.h"
+#include "kdc/kpasswd_glue.h"
+#include "kdc/kpasswd-service.h"
+#include "kdc/kpasswd-helper.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_KERBEROS
+
+static krb5_error_code kpasswd_change_password(struct kdc_server *kdc,
+					       TALLOC_CTX *mem_ctx,
+					       const struct gensec_security *gensec_security,
+					       struct auth_session_info *session_info,
+					       DATA_BLOB *password,
+					       DATA_BLOB *kpasswd_reply,
+					       const char **error_string)
+{
+	NTSTATUS status;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	enum samPwdChangeReason reject_reason;
+	const char *reject_string = NULL;
+	struct samr_DomInfo1 *dominfo;
+	bool ok;
+	int ret;
+
+	/*
+	 * We're doing a password change (rather than a password set), so check
+	 * that we were given an initial ticket.
+	 */
+	ret = gensec_krb5_initial_ticket(gensec_security);
+	if (ret != 1) {
+		*error_string = "Expected an initial ticket";
+		return KRB5_KPASSWD_INITIAL_FLAG_NEEDED;
+	}
+
+	status = samdb_kpasswd_change_password(mem_ctx,
+					       kdc->task->lp_ctx,
+					       kdc->task->event_ctx,
+					       session_info,
+					       password,
+					       &reject_reason,
+					       &dominfo,
+					       &reject_string,
+					       &result);
+	if (!NT_STATUS_IS_OK(status)) {
+		ok = kpasswd_make_error_reply(mem_ctx,
+					      KRB5_KPASSWD_ACCESSDENIED,
+					      reject_string,
+					      kpasswd_reply);
+		if (!ok) {
+			*error_string = "Failed to create reply";
+			return KRB5_KPASSWD_HARDERROR;
+		}
+		/* We want to send an an authenticated packet. */
+		return 0;
+	}
+
+	ok = kpasswd_make_pwchange_reply(mem_ctx,
+					 result,
+					 reject_reason,
+					 dominfo,
+					 kpasswd_reply);
+	if (!ok) {
+		*error_string = "Failed to create reply";
+		return KRB5_KPASSWD_HARDERROR;
+	}
+
+	return 0;
+}
+
+static krb5_error_code kpasswd_set_password(struct kdc_server *kdc,
+					    TALLOC_CTX *mem_ctx,
+					    const struct gensec_security *gensec_security,
+					    struct auth_session_info *session_info,
+					    DATA_BLOB *decoded_data,
+					    DATA_BLOB *kpasswd_reply,
+					    const char **error_string)
+{
+	krb5_context context = kdc->smb_krb5_context->krb5_context;
+	krb5_error_code code;
+	krb5_principal target_principal;
+	ChangePasswdDataMS chpw = {};
+	size_t chpw_len = 0;
+	DATA_BLOB password = data_blob_null;
+	enum samPwdChangeReason reject_reason = SAM_PWD_CHANGE_NO_ERROR;
+	struct samr_DomInfo1 *dominfo = NULL;
+	char *target_principal_string = NULL;
+	bool is_service_principal = false;
+	NTSTATUS status;
+	bool ok;
+
+	code = decode_ChangePasswdDataMS(decoded_data->data,
+					 decoded_data->length,
+					 &chpw,
+					 &chpw_len);
+	if (code != 0) {
+		DBG_WARNING("decode_ChangePasswdDataMS failed\n");
+		ok = kpasswd_make_error_reply(mem_ctx,
+					      KRB5_KPASSWD_MALFORMED,
+					      "Failed to decode packet",
+					      kpasswd_reply);
+		if (!ok) {
+			*error_string = "Failed to create reply";
+			return KRB5_KPASSWD_HARDERROR;
+		}
+		return 0;
+	}
+
+	ok = convert_string_talloc_handle(mem_ctx,
+					  lpcfg_iconv_handle(kdc->task->lp_ctx),
+					  CH_UTF8,
+					  CH_UTF16,
+					  chpw.newpasswd.data,
+					  chpw.newpasswd.length,
+					  &password.data,
+					  &password.length);
+	if (!ok) {
+		free_ChangePasswdDataMS(&chpw);
+		DBG_WARNING("String conversion failed\n");
+		*error_string = "String conversion failed";
+		return KRB5_KPASSWD_HARDERROR;
+	}
+
+	if ((chpw.targname != NULL && chpw.targrealm == NULL) ||
+	    (chpw.targname == NULL && chpw.targrealm != NULL)) {
+		free_ChangePasswdDataMS(&chpw);
+		ok = kpasswd_make_error_reply(mem_ctx,
+					      KRB5_KPASSWD_MALFORMED,
+					      "Realm and principal must be "
+					      "both present, or neither present",
+					      kpasswd_reply);
+		if (!ok) {
+			*error_string = "Failed to create reply";
+			return KRB5_KPASSWD_HARDERROR;
+		}
+		return 0;
+	}
+
+	if (chpw.targname == NULL || chpw.targrealm == NULL) {
+		free_ChangePasswdDataMS(&chpw);
+		return kpasswd_change_password(kdc,
+					       mem_ctx,
+					       gensec_security,
+					       session_info,
+					       &password,
+					       kpasswd_reply,
+					       error_string);
+	}
+	code = krb5_build_principal_ext(context,
+					&target_principal,
+					strlen(*chpw.targrealm),
+					*chpw.targrealm,
+					0);
+	if (code != 0) {
+		free_ChangePasswdDataMS(&chpw);
+		return kpasswd_make_error_reply(mem_ctx,
+						KRB5_KPASSWD_MALFORMED,
+						"Failed to parse principal",
+						kpasswd_reply);
+	}
+	code = copy_PrincipalName(chpw.targname,
+				  &target_principal->name);
+	free_ChangePasswdDataMS(&chpw);
+	if (code != 0) {
+		krb5_free_principal(context, target_principal);
+		return kpasswd_make_error_reply(mem_ctx,
+						KRB5_KPASSWD_MALFORMED,
+						"Failed to parse principal",
+						kpasswd_reply);
+	}
+
+	if (target_principal->name.name_string.len >= 2) {
+		is_service_principal = true;
+
+		code = krb5_unparse_name_short(context,
+					       target_principal,
+					       &target_principal_string);
+	} else {
+		code = krb5_unparse_name(context,
+					 target_principal,
+					 &target_principal_string);
+	}
+	krb5_free_principal(context, target_principal);
+	if (code != 0) {
+		ok = kpasswd_make_error_reply(mem_ctx,
+					      KRB5_KPASSWD_MALFORMED,
+					      "Failed to parse principal",
+					      kpasswd_reply);
+		if (!ok) {
+			*error_string = "Failed to create reply";
+			return KRB5_KPASSWD_HARDERROR;
+		}
+	}
+
+	status = kpasswd_samdb_set_password(mem_ctx,
+					    kdc->task->event_ctx,
+					    kdc->task->lp_ctx,
+					    session_info,
+					    is_service_principal,
+					    target_principal_string,
+					    &password,
+					    &reject_reason,
+					    &dominfo);
+	if (!NT_STATUS_IS_OK(status)) {
+		DBG_ERR("kpasswd_samdb_set_password failed - %s\n",
+			nt_errstr(status));
+	}
+
+	ok = kpasswd_make_pwchange_reply(mem_ctx,
+					 status,
+					 reject_reason,
+					 dominfo,
+					 kpasswd_reply);
+	if (!ok) {
+		*error_string = "Failed to create reply";
+		return KRB5_KPASSWD_HARDERROR;
+	}
+
+	return 0;
+}
+
+krb5_error_code kpasswd_handle_request(struct kdc_server *kdc,
+				       TALLOC_CTX *mem_ctx,
+				       struct gensec_security *gensec_security,
+				       uint16_t verno,
+				       DATA_BLOB *decoded_data,
+				       DATA_BLOB *kpasswd_reply,
+				       const char **error_string)
+{
+	struct auth_session_info *session_info;
+	NTSTATUS status;
+	krb5_error_code code;
+
+	status = gensec_session_info(gensec_security,
+				     mem_ctx,
+				     &session_info);
+	if (!NT_STATUS_IS_OK(status)) {
+		*error_string = talloc_asprintf(mem_ctx,
+						"gensec_session_info failed - %s",
+						nt_errstr(status));
+		return KRB5_KPASSWD_HARDERROR;
+	}
+
+	/*
+	 * Since the kpasswd service shares its keys with the krbtgt, we might
+	 * have received a TGT rather than a kpasswd ticket. We need to check
+	 * the ticket type to ensure that TGTs cannot be misused in this manner.
+	 */
+	code = kpasswd_check_non_tgt(session_info,
+				     error_string);
+	if (code != 0) {
+		DBG_WARNING("%s\n", *error_string);
+		return code;
+	}
+
+	switch(verno) {
+	case KRB5_KPASSWD_VERS_CHANGEPW: {
+		DATA_BLOB password = data_blob_null;
+		bool ok;
+
+		ok = convert_string_talloc_handle(mem_ctx,
+						  lpcfg_iconv_handle(kdc->task->lp_ctx),
+						  CH_UTF8,
+						  CH_UTF16,
+						  decoded_data->data,
+						  decoded_data->length,
+						  &password.data,
+						  &password.length);
+		if (!ok) {
+			*error_string = "String conversion failed!";
+			DBG_WARNING("%s\n", *error_string);
+			return KRB5_KPASSWD_HARDERROR;
+		}
+
+		return kpasswd_change_password(kdc,
+					       mem_ctx,
+					       gensec_security,
+					       session_info,
+					       &password,
+					       kpasswd_reply,
+					       error_string);
+	}
+	case KRB5_KPASSWD_VERS_SETPW: {
+		return kpasswd_set_password(kdc,
+					    mem_ctx,
+					    gensec_security,
+					    session_info,
+					    decoded_data,
+					    kpasswd_reply,
+					    error_string);
+	}
+	default:
+		*error_string = talloc_asprintf(mem_ctx,
+						"Protocol version %u not supported",
+						verno);
+		return KRB5_KPASSWD_BAD_VERSION;
+	}
+
+	return 0;
+}
diff --git a/source4/kdc/kpasswd-service-mit.c b/source4/kdc/kpasswd-service-mit.c
new file mode 100644
index 0000000..4c7e871
--- /dev/null
+++ b/source4/kdc/kpasswd-service-mit.c
@@ -0,0 +1,402 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Samba kpasswd implementation
+
+   Copyright (c) 2016      Andreas Schneider <asn@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "samba/service_task.h"
+#include "param/param.h"
+#include "auth/auth.h"
+#include "auth/gensec/gensec.h"
+#include "gensec_krb5_helpers.h"
+#include "kdc/kdc-server.h"
+#include "kdc/kpasswd_glue.h"
+#include "kdc/kpasswd-service.h"
+#include "kdc/kpasswd-helper.h"
+#include "../lib/util/asn1.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_KERBEROS
+
+#define RFC3244_VERSION 0xff80
+
+krb5_error_code decode_krb5_setpw_req(const krb5_data *code,
+				      krb5_data **password_out,
+				      krb5_principal *target_out);
+
+/*
+ * A fallback for when MIT refuses to parse a setpw structure without the
+ * (optional) target principal and realm
+ */
+static bool decode_krb5_setpw_req_simple(TALLOC_CTX *mem_ctx,
+					 const DATA_BLOB *decoded_data,
+					 DATA_BLOB *clear_data)
+{
+	struct asn1_data *asn1 = NULL;
+	bool ret;
+
+	asn1 = asn1_init(mem_ctx, 3);
+	if (asn1 == NULL) {
+		return false;
+	}
+
+	ret = asn1_load(asn1, *decoded_data);
+	if (!ret) {
+		goto out;
+	}
+
+	ret = asn1_start_tag(asn1, ASN1_SEQUENCE(0));
+	if (!ret) {
+		goto out;
+	}
+	ret = asn1_start_tag(asn1, ASN1_CONTEXT(0));
+	if (!ret) {
+		goto out;
+	}
+	ret = asn1_read_OctetString(asn1, mem_ctx, clear_data);
+	if (!ret) {
+		goto out;
+	}
+
+	ret = asn1_end_tag(asn1);
+	if (!ret) {
+		goto out;
+	}
+	ret = asn1_end_tag(asn1);
+
+out:
+	asn1_free(asn1);
+
+	return ret;
+}
+
+static krb5_error_code kpasswd_change_password(struct kdc_server *kdc,
+					       TALLOC_CTX *mem_ctx,
+					       const struct gensec_security *gensec_security,
+					       struct auth_session_info *session_info,
+					       DATA_BLOB *password,
+					       DATA_BLOB *kpasswd_reply,
+					       const char **error_string)
+{
+	NTSTATUS status;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	enum samPwdChangeReason reject_reason;
+	const char *reject_string = NULL;
+	struct samr_DomInfo1 *dominfo;
+	bool ok;
+	int ret;
+
+	/*
+	 * We're doing a password change (rather than a password set), so check
+	 * that we were given an initial ticket.
+	 */
+	ret = gensec_krb5_initial_ticket(gensec_security);
+	if (ret != 1) {
+		*error_string = "Expected an initial ticket";
+		return KRB5_KPASSWD_INITIAL_FLAG_NEEDED;
+	}
+
+	status = samdb_kpasswd_change_password(mem_ctx,
+					       kdc->task->lp_ctx,
+					       kdc->task->event_ctx,
+					       session_info,
+					       password,
+					       &reject_reason,
+					       &dominfo,
+					       &reject_string,
+					       &result);
+	if (!NT_STATUS_IS_OK(status)) {
+		ok = kpasswd_make_error_reply(mem_ctx,
+					      KRB5_KPASSWD_ACCESSDENIED,
+					      reject_string,
+					      kpasswd_reply);
+		if (!ok) {
+			*error_string = "Failed to create reply";
+			return KRB5_KPASSWD_HARDERROR;
+		}
+		/* We want to send an an authenticated packet. */
+		return 0;
+	}
+
+	ok = kpasswd_make_pwchange_reply(mem_ctx,
+					 result,
+					 reject_reason,
+					 dominfo,
+					 kpasswd_reply);
+	if (!ok) {
+		*error_string = "Failed to create reply";
+		return KRB5_KPASSWD_HARDERROR;
+	}
+
+	return 0;
+}
+
+static krb5_error_code kpasswd_set_password(struct kdc_server *kdc,
+					    TALLOC_CTX *mem_ctx,
+					    const struct gensec_security *gensec_security,
+					    struct auth_session_info *session_info,
+					    DATA_BLOB *decoded_data,
+					    DATA_BLOB *kpasswd_reply,
+					    const char **error_string)
+{
+	krb5_context context = kdc->smb_krb5_context->krb5_context;
+	DATA_BLOB clear_data;
+	krb5_data k_dec_data;
+	krb5_data *k_clear_data = NULL;
+	krb5_principal target_principal = NULL;
+	krb5_error_code code;
+	DATA_BLOB password;
+	char *target_realm = NULL;
+	char *target_name = NULL;
+	char *target_principal_string = NULL;
+	bool is_service_principal = false;
+	bool ok;
+	size_t num_components;
+	enum samPwdChangeReason reject_reason = SAM_PWD_CHANGE_NO_ERROR;
+	struct samr_DomInfo1 *dominfo = NULL;
+	NTSTATUS status;
+
+	k_dec_data = smb_krb5_data_from_blob(*decoded_data);
+
+	code = decode_krb5_setpw_req(&k_dec_data,
+				     &k_clear_data,
+				     &target_principal);
+	if (code == 0) {
+		clear_data.data = (uint8_t *)k_clear_data->data;
+		clear_data.length = k_clear_data->length;
+	} else {
+		target_principal = NULL;
+
+		/*
+		 * The MIT decode failed, so fall back to trying the simple
+		 * case, without target_principal.
+		 */
+		ok = decode_krb5_setpw_req_simple(mem_ctx,
+						  decoded_data,
+						  &clear_data);
+		if (!ok) {
+			DBG_WARNING("decode_krb5_setpw_req failed: %s\n",
+				    error_message(code));
+			ok = kpasswd_make_error_reply(mem_ctx,
+						      KRB5_KPASSWD_MALFORMED,
+						      "Failed to decode packet",
+						      kpasswd_reply);
+			if (!ok) {
+				*error_string = "Failed to create reply";
+				return KRB5_KPASSWD_HARDERROR;
+			}
+			return 0;
+		}
+	}
+
+	ok = convert_string_talloc_handle(mem_ctx,
+					  lpcfg_iconv_handle(kdc->task->lp_ctx),
+					  CH_UTF8,
+					  CH_UTF16,
+					  clear_data.data,
+					  clear_data.length,
+					  &password.data,
+					  &password.length);
+	if (k_clear_data != NULL) {
+		krb5_free_data(context, k_clear_data);
+	}
+	if (!ok) {
+		DBG_WARNING("String conversion failed\n");
+		*error_string = "String conversion failed";
+		return KRB5_KPASSWD_HARDERROR;
+	}
+
+	if (target_principal != NULL) {
+		target_realm = smb_krb5_principal_get_realm(
+			mem_ctx, context, target_principal);
+		code = krb5_unparse_name_flags(context,
+					       target_principal,
+					       KRB5_PRINCIPAL_UNPARSE_NO_REALM,
+					       &target_name);
+		if (code != 0) {
+			DBG_WARNING("Failed to parse principal\n");
+			*error_string = "String conversion failed";
+			return KRB5_KPASSWD_HARDERROR;
+		}
+	}
+
+	if ((target_name != NULL && target_realm == NULL) ||
+	    (target_name == NULL && target_realm != NULL)) {
+		krb5_free_principal(context, target_principal);
+		TALLOC_FREE(target_realm);
+		SAFE_FREE(target_name);
+
+		ok = kpasswd_make_error_reply(mem_ctx,
+					      KRB5_KPASSWD_MALFORMED,
+					      "Realm and principal must be "
+					      "both present, or neither "
+					      "present",
+					      kpasswd_reply);
+		if (!ok) {
+			*error_string = "Failed to create reply";
+			return KRB5_KPASSWD_HARDERROR;
+		}
+		return 0;
+	}
+
+	if (target_name != NULL && target_realm != NULL) {
+		TALLOC_FREE(target_realm);
+		SAFE_FREE(target_name);
+	} else {
+		krb5_free_principal(context, target_principal);
+		TALLOC_FREE(target_realm);
+		SAFE_FREE(target_name);
+
+		return kpasswd_change_password(kdc,
+					       mem_ctx,
+					       gensec_security,
+					       session_info,
+					       &password,
+					       kpasswd_reply,
+					       error_string);
+	}
+
+	num_components = krb5_princ_size(context, target_principal);
+	if (num_components >= 2) {
+		is_service_principal = true;
+		code = krb5_unparse_name_flags(context,
+					       target_principal,
+					       KRB5_PRINCIPAL_UNPARSE_SHORT,
+					       &target_principal_string);
+	} else {
+		code = krb5_unparse_name(context,
+					 target_principal,
+					 &target_principal_string);
+	}
+	krb5_free_principal(context, target_principal);
+	if (code != 0) {
+		ok = kpasswd_make_error_reply(mem_ctx,
+					      KRB5_KPASSWD_MALFORMED,
+					      "Failed to parse principal",
+					      kpasswd_reply);
+		if (!ok) {
+			*error_string = "Failed to create reply";
+			return KRB5_KPASSWD_HARDERROR;
+		}
+	}
+
+	status = kpasswd_samdb_set_password(mem_ctx,
+					    kdc->task->event_ctx,
+					    kdc->task->lp_ctx,
+					    session_info,
+					    is_service_principal,
+					    target_principal_string,
+					    &password,
+					    &reject_reason,
+					    &dominfo);
+	if (!NT_STATUS_IS_OK(status)) {
+		DBG_ERR("kpasswd_samdb_set_password failed - %s\n",
+			nt_errstr(status));
+	}
+
+	ok = kpasswd_make_pwchange_reply(mem_ctx,
+					 status,
+					 reject_reason,
+					 dominfo,
+					 kpasswd_reply);
+	if (!ok) {
+		*error_string = "Failed to create reply";
+		return KRB5_KPASSWD_HARDERROR;
+	}
+
+	return 0;
+}
+
+krb5_error_code kpasswd_handle_request(struct kdc_server *kdc,
+				       TALLOC_CTX *mem_ctx,
+				       struct gensec_security *gensec_security,
+				       uint16_t verno,
+				       DATA_BLOB *decoded_data,
+				       DATA_BLOB *kpasswd_reply,
+				       const char **error_string)
+{
+	struct auth_session_info *session_info;
+	NTSTATUS status;
+	krb5_error_code code;
+
+	status = gensec_session_info(gensec_security,
+				     mem_ctx,
+				     &session_info);
+	if (!NT_STATUS_IS_OK(status)) {
+		*error_string = talloc_asprintf(mem_ctx,
+						"gensec_session_info failed - "
+						"%s",
+						nt_errstr(status));
+		return KRB5_KPASSWD_HARDERROR;
+	}
+
+	/*
+	 * Since the kpasswd service shares its keys with the krbtgt, we might
+	 * have received a TGT rather than a kpasswd ticket. We need to check
+	 * the ticket type to ensure that TGTs cannot be misused in this manner.
+	 */
+	code = kpasswd_check_non_tgt(session_info,
+				     error_string);
+	if (code != 0) {
+		DBG_WARNING("%s\n", *error_string);
+		return code;
+	}
+
+	switch(verno) {
+	case 1: {
+		DATA_BLOB password;
+		bool ok;
+
+		ok = convert_string_talloc_handle(mem_ctx,
+						  lpcfg_iconv_handle(kdc->task->lp_ctx),
+						  CH_UTF8,
+						  CH_UTF16,
+						  decoded_data->data,
+						  decoded_data->length,
+						  &password.data,
+						  &password.length);
+		if (!ok) {
+			*error_string = "String conversion failed!";
+			DBG_WARNING("%s\n", *error_string);
+			return KRB5_KPASSWD_HARDERROR;
+		}
+
+		return kpasswd_change_password(kdc,
+					       mem_ctx,
+					       gensec_security,
+					       session_info,
+					       &password,
+					       kpasswd_reply,
+					       error_string);
+	}
+	case RFC3244_VERSION: {
+		return kpasswd_set_password(kdc,
+					    mem_ctx,
+					    gensec_security,
+					    session_info,
+					    decoded_data,
+					    kpasswd_reply,
+					    error_string);
+	}
+	default:
+		return KRB5_KPASSWD_BAD_VERSION;
+	}
+
+	return 0;
+}
diff --git a/source4/kdc/kpasswd-service.c b/source4/kdc/kpasswd-service.c
new file mode 100644
index 0000000..c671eb4
--- /dev/null
+++ b/source4/kdc/kpasswd-service.c
@@ -0,0 +1,395 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Samba kpasswd implementation
+
+   Copyright (c) 2005      Andrew Bartlett <abartlet@samba.org>
+   Copyright (c) 2016      Andreas Schneider <asn@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "samba/service_task.h"
+#include "tsocket/tsocket.h"
+#include "auth/credentials/credentials.h"
+#include "auth/auth.h"
+#include "auth/gensec/gensec.h"
+#include "kdc/kdc-server.h"
+#include "kdc/kpasswd-service.h"
+#include "kdc/kpasswd-helper.h"
+#include "param/param.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_KERBEROS
+
+#define HEADER_LEN 6
+#ifndef RFC3244_VERSION
+#define RFC3244_VERSION 0xff80
+#endif
+
+kdc_code kpasswd_process(struct kdc_server *kdc,
+			 TALLOC_CTX *mem_ctx,
+			 DATA_BLOB *request,
+			 DATA_BLOB *reply,
+			 struct tsocket_address *remote_addr,
+			 struct tsocket_address *local_addr,
+			 int datagram)
+{
+	uint16_t len;
+	uint16_t verno;
+	uint16_t ap_req_len;
+	uint16_t enc_data_len;
+	DATA_BLOB ap_req_blob = data_blob_null;
+	DATA_BLOB ap_rep_blob = data_blob_null;
+	DATA_BLOB enc_data_blob = data_blob_null;
+	DATA_BLOB dec_data_blob = data_blob_null;
+	DATA_BLOB kpasswd_dec_reply = data_blob_null;
+	const char *error_string = NULL;
+	krb5_error_code error_code = 0;
+	struct cli_credentials *server_credentials;
+	struct gensec_security *gensec_security;
+#ifndef SAMBA4_USES_HEIMDAL
+	struct sockaddr_storage remote_ss;
+#endif
+	struct sockaddr_storage local_ss;
+	ssize_t socklen;
+	TALLOC_CTX *tmp_ctx;
+	kdc_code rc = KDC_ERROR;
+	krb5_error_code code = 0;
+	NTSTATUS status;
+	int rv;
+	bool is_inet;
+	bool ok;
+
+	if (kdc->am_rodc) {
+		return KDC_PROXY_REQUEST;
+	}
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		return KDC_ERROR;
+	}
+
+	is_inet = tsocket_address_is_inet(remote_addr, "ip");
+	if (!is_inet) {
+		DBG_WARNING("Invalid remote IP address\n");
+		goto done;
+	}
+
+#ifndef SAMBA4_USES_HEIMDAL
+	/*
+	 * FIXME: Heimdal fails to to do a krb5_rd_req() in gensec_krb5 if we
+	 * set the remote address.
+	 */
+
+	/* remote_addr */
+	socklen = tsocket_address_bsd_sockaddr(remote_addr,
+					       (struct sockaddr *)&remote_ss,
+					       sizeof(struct sockaddr_storage));
+	if (socklen < 0) {
+		DBG_WARNING("Invalid remote IP address\n");
+		goto done;
+	}
+#endif
+
+	/* local_addr */
+	socklen = tsocket_address_bsd_sockaddr(local_addr,
+					       (struct sockaddr *)&local_ss,
+					       sizeof(struct sockaddr_storage));
+	if (socklen < 0) {
+		DBG_WARNING("Invalid local IP address\n");
+		goto done;
+	}
+
+	if (request->length <= HEADER_LEN) {
+		DBG_WARNING("Request truncated\n");
+		goto done;
+	}
+
+	len = RSVAL(request->data, 0);
+	if (request->length != len) {
+		DBG_WARNING("Request length does not match\n");
+		goto done;
+	}
+
+	verno = RSVAL(request->data, 2);
+	if (verno != 1 && verno != RFC3244_VERSION) {
+		DBG_WARNING("Unsupported version: 0x%04x\n", verno);
+	}
+
+	ap_req_len = RSVAL(request->data, 4);
+	if ((ap_req_len >= len) || ((ap_req_len + HEADER_LEN) >= len)) {
+		DBG_WARNING("AP_REQ truncated\n");
+		goto done;
+	}
+
+	ap_req_blob = data_blob_const(&request->data[HEADER_LEN], ap_req_len);
+
+	enc_data_len = len - ap_req_len;
+	enc_data_blob = data_blob_const(&request->data[HEADER_LEN + ap_req_len],
+					enc_data_len);
+
+	server_credentials = cli_credentials_init(tmp_ctx);
+	if (server_credentials == NULL) {
+		DBG_ERR("Failed to initialize server credentials!\n");
+		goto done;
+	}
+
+	/*
+	 * We want the credentials subsystem to use the krb5 context we already
+	 * have, rather than a new context.
+	 *
+	 * On this context the KDB plugin has been loaded, so we can access
+	 * dsdb.
+	 */
+	status = cli_credentials_set_krb5_context(server_credentials,
+						  kdc->smb_krb5_context);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
+
+	ok = cli_credentials_set_conf(server_credentials, kdc->task->lp_ctx);
+	if (!ok) {
+		goto done;
+	}
+
+	/*
+	 * After calling cli_credentials_set_conf(), explicitly set the realm
+	 * with CRED_SPECIFIED. We need to do this so the result of
+	 * principal_from_credentials() called from the gensec layer is
+	 * CRED_SPECIFIED rather than CRED_SMB_CONF, avoiding a fallback to
+	 * match-by-key (very undesirable in this case).
+	 */
+	ok = cli_credentials_set_realm(server_credentials,
+				       lpcfg_realm(kdc->task->lp_ctx),
+				       CRED_SPECIFIED);
+	if (!ok) {
+		goto done;
+	}
+
+	ok = cli_credentials_set_username(server_credentials,
+					  "kadmin/changepw",
+					  CRED_SPECIFIED);
+	if (!ok) {
+		goto done;
+	}
+
+	/* Check that the server principal is indeed CRED_SPECIFIED. */
+	{
+		char *principal = NULL;
+		enum credentials_obtained obtained;
+
+		principal = cli_credentials_get_principal_and_obtained(server_credentials,
+								       tmp_ctx,
+								       &obtained);
+		if (obtained < CRED_SPECIFIED) {
+			goto done;
+		}
+
+		TALLOC_FREE(principal);
+	}
+
+	rv = cli_credentials_set_keytab_name(server_credentials,
+					     kdc->task->lp_ctx,
+					     kdc->kpasswd_keytab_name,
+					     CRED_SPECIFIED);
+	if (rv != 0) {
+		DBG_ERR("Failed to set credentials keytab name\n");
+		goto done;
+	}
+
+	status = samba_server_gensec_start(tmp_ctx,
+					   kdc->task->event_ctx,
+					   kdc->task->msg_ctx,
+					   kdc->task->lp_ctx,
+					   server_credentials,
+					   "kpasswd",
+					   &gensec_security);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
+
+	status = gensec_set_local_address(gensec_security, local_addr);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
+
+#ifndef SAMBA4_USES_HEIMDAL
+	status = gensec_set_remote_address(gensec_security, remote_addr);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
+#endif
+
+	/* We want the GENSEC wrap calls to generate PRIV tokens */
+	gensec_want_feature(gensec_security, GENSEC_FEATURE_SEAL);
+
+	/* Use the krb5 gesec mechanism so we can load DB modules */
+	status = gensec_start_mech_by_name(gensec_security, "krb5");
+	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
+
+	/*
+	 * Accept the AP-REQ and generate the AP-REP we need for the reply
+	 *
+	 * We only allow KRB5 and make sure the backend to is RPC/IPC free.
+	 *
+	 * See gensec_krb5_update_internal() as GENSEC_SERVER.
+	 *
+	 * It allows gensec_update() not to block.
+	 *
+	 * If that changes in future we need to use
+	 * gensec_update_send/recv here!
+	 */
+	status = gensec_update(gensec_security, tmp_ctx,
+			       ap_req_blob, &ap_rep_blob);
+	if (!NT_STATUS_IS_OK(status) &&
+	    !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+		ap_rep_blob = data_blob_null;
+		error_code = KRB5_KPASSWD_HARDERROR;
+		error_string = talloc_asprintf(tmp_ctx,
+					       "gensec_update failed - %s\n",
+					       nt_errstr(status));
+		DBG_ERR("%s", error_string);
+		goto reply;
+	}
+
+	status = gensec_unwrap(gensec_security,
+			       tmp_ctx,
+			       &enc_data_blob,
+			       &dec_data_blob);
+	if (!NT_STATUS_IS_OK(status)) {
+		ap_rep_blob = data_blob_null;
+		error_code = KRB5_KPASSWD_HARDERROR;
+		error_string = talloc_asprintf(tmp_ctx,
+					       "gensec_unwrap failed - %s\n",
+					       nt_errstr(status));
+		DBG_ERR("%s", error_string);
+		goto reply;
+	}
+
+	code = kpasswd_handle_request(kdc,
+				      tmp_ctx,
+				      gensec_security,
+				      verno,
+				      &dec_data_blob,
+				      &kpasswd_dec_reply,
+				      &error_string);
+	if (code != 0) {
+		ap_rep_blob = data_blob_null;
+		error_code = code;
+		goto reply;
+	}
+
+	status = gensec_wrap(gensec_security,
+			     tmp_ctx,
+			     &kpasswd_dec_reply,
+			     &enc_data_blob);
+	if (!NT_STATUS_IS_OK(status)) {
+		ap_rep_blob = data_blob_null;
+		error_code = KRB5_KPASSWD_HARDERROR;
+		error_string = talloc_asprintf(tmp_ctx,
+					       "gensec_wrap failed - %s\n",
+					       nt_errstr(status));
+		DBG_ERR("%s", error_string);
+		goto reply;
+	}
+
+reply:
+	if (error_code != 0) {
+		krb5_data k_enc_data;
+		krb5_data k_dec_data;
+		const char *principal_string;
+		krb5_principal server_principal;
+
+		if (error_string == NULL) {
+			DBG_ERR("Invalid error string! This should not happen\n");
+			goto done;
+		}
+
+		ok = kpasswd_make_error_reply(tmp_ctx,
+					      error_code,
+					      error_string,
+					      &dec_data_blob);
+		if (!ok) {
+			DBG_ERR("Failed to create error reply\n");
+			goto done;
+		}
+
+		k_dec_data = smb_krb5_data_from_blob(dec_data_blob);
+
+		principal_string = cli_credentials_get_principal(server_credentials,
+								 tmp_ctx);
+		if (principal_string == NULL) {
+			goto done;
+		}
+
+		code = smb_krb5_parse_name(kdc->smb_krb5_context->krb5_context,
+					   principal_string,
+					   &server_principal);
+		if (code != 0) {
+			DBG_ERR("Failed to create principal: %s\n",
+				error_message(code));
+			goto done;
+		}
+
+		code = smb_krb5_mk_error(kdc->smb_krb5_context->krb5_context,
+					 KRB5KDC_ERR_NONE + error_code,
+					 NULL, /* e_text */
+					 &k_dec_data,
+					 NULL, /* client */
+					 server_principal,
+					 &k_enc_data);
+		krb5_free_principal(kdc->smb_krb5_context->krb5_context,
+				    server_principal);
+		if (code != 0) {
+			DBG_ERR("Failed to create krb5 error reply: %s\n",
+				error_message(code));
+			goto done;
+		}
+
+		enc_data_blob = data_blob_talloc(tmp_ctx,
+						 k_enc_data.data,
+						 k_enc_data.length);
+		if (enc_data_blob.data == NULL) {
+			DBG_ERR("Failed to allocate memory for error reply\n");
+			goto done;
+		}
+	}
+
+	*reply = data_blob_talloc(mem_ctx,
+				  NULL,
+				  HEADER_LEN + ap_rep_blob.length + enc_data_blob.length);
+	if (reply->data == NULL) {
+		goto done;
+	}
+	RSSVAL(reply->data, 0, reply->length);
+	RSSVAL(reply->data, 2, 1);
+	RSSVAL(reply->data, 4, ap_rep_blob.length);
+	if (ap_rep_blob.data != NULL) {
+		memcpy(reply->data + HEADER_LEN,
+		       ap_rep_blob.data,
+		       ap_rep_blob.length);
+	}
+	memcpy(reply->data + HEADER_LEN + ap_rep_blob.length,
+	       enc_data_blob.data,
+	       enc_data_blob.length);
+
+	rc = KDC_OK;
+done:
+	talloc_free(tmp_ctx);
+	return rc;
+}
diff --git a/source4/kdc/kpasswd-service.h b/source4/kdc/kpasswd-service.h
new file mode 100644
index 0000000..845d680
--- /dev/null
+++ b/source4/kdc/kpasswd-service.h
@@ -0,0 +1,43 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Samba kpasswd implementation
+
+   Copyright (c) 2016      Andreas Schneider <asn@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _KPASSWD_SERVICE_H
+#define _KPASSWD_SERVICE_H
+
+struct gensec_security;
+
+krb5_error_code kpasswd_handle_request(struct kdc_server *kdc,
+				       TALLOC_CTX *mem_ctx,
+				       struct gensec_security *gensec_security,
+				       uint16_t verno,
+				       DATA_BLOB *decoded_data,
+				       DATA_BLOB *kpasswd_reply,
+				       const char **error_string);
+
+kdc_code kpasswd_process(struct kdc_server *kdc,
+			 TALLOC_CTX *mem_ctx,
+			 DATA_BLOB *request,
+			 DATA_BLOB *reply,
+			 struct tsocket_address *remote_addr,
+			 struct tsocket_address *local_addr,
+			 int datagram);
+
+#endif /* _KPASSWD_SERVICE_H */
diff --git a/source4/kdc/kpasswd_glue.c b/source4/kdc/kpasswd_glue.c
new file mode 100644
index 0000000..df7668f
--- /dev/null
+++ b/source4/kdc/kpasswd_glue.c
@@ -0,0 +1,88 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   kpasswd Server implementation
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
+   Copyright (C) Andrew Tridgell	2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "dsdb/samdb/samdb.h"
+#include "../lib/util/util_ldb.h"
+#include "libcli/security/security.h"
+#include "dsdb/common/util.h"
+#include "auth/auth.h"
+#include "kdc/kpasswd_glue.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_KERBEROS
+
+/*
+   A user password change
+
+   Return true if there is a valid error packet (or success) formed in
+   the error_blob
+*/
+NTSTATUS samdb_kpasswd_change_password(TALLOC_CTX *mem_ctx,
+				       struct loadparm_context *lp_ctx,
+				       struct tevent_context *event_ctx,
+				       struct auth_session_info *session_info,
+				       const DATA_BLOB *password,
+				       enum samPwdChangeReason *reject_reason,
+				       struct samr_DomInfo1 **dominfo,
+				       const char **error_string,
+				       NTSTATUS *result)
+{
+	NTSTATUS status;
+	struct ldb_context *samdb = NULL;
+
+	/* Start a SAM with user privileges for the password change */
+	samdb = samdb_connect(mem_ctx,
+			      event_ctx,
+			      lp_ctx,
+			      session_info,
+			      NULL,
+			      0);
+	if (!samdb) {
+		*error_string = "Failed to open samdb";
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	DBG_NOTICE("Changing password of %s\\%s (%s)\n",
+		   session_info->info->domain_name,
+		   session_info->info->account_name,
+		   dom_sid_string(mem_ctx, &session_info->security_token->sids[PRIMARY_USER_SID_INDEX]));
+
+	/* Performs the password change */
+	status = samdb_set_password_sid(samdb,
+					mem_ctx,
+					&session_info->security_token->sids[PRIMARY_USER_SID_INDEX],
+					NULL,
+					password,
+					NULL,
+					DSDB_PASSWORD_CHECKED_AND_CORRECT,
+					reject_reason,
+					dominfo);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) {
+		*error_string = "No such user when changing password";
+	} else if (!NT_STATUS_IS_OK(status)) {
+		*error_string = nt_errstr(status);
+	}
+	*result = status;
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/kdc/kpasswd_glue.h b/source4/kdc/kpasswd_glue.h
new file mode 100644
index 0000000..49246af
--- /dev/null
+++ b/source4/kdc/kpasswd_glue.h
@@ -0,0 +1,31 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   kpasswd Server implementation
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
+   Copyright (C) Andrew Tridgell	2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+NTSTATUS samdb_kpasswd_change_password(TALLOC_CTX *mem_ctx,
+				       struct loadparm_context *lp_ctx,
+				       struct tevent_context *event_ctx,
+				       struct auth_session_info *session_info,
+				       const DATA_BLOB *password,
+				       enum samPwdChangeReason *reject_reason,
+				       struct samr_DomInfo1 **dominfo,
+				       const char **error_string,
+				       NTSTATUS *result);
diff --git a/source4/kdc/ktutil.c b/source4/kdc/ktutil.c
new file mode 100644
index 0000000..d29f4fd
--- /dev/null
+++ b/source4/kdc/ktutil.c
@@ -0,0 +1,122 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Minimal ktutil for selftest
+
+   Copyright (C) Ralph Boehme <slow@samba.org> 2016
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "krb5_wrap/krb5_samba.h"
+
+static void smb_krb5_err(TALLOC_CTX *mem_ctx,
+			 krb5_context context,
+			 int exit_code,
+			 krb5_error_code code,
+			 const char *msg)
+{
+	char *krb5_err_str = smb_get_krb5_error_message(context,
+							code,
+							mem_ctx);
+	printf("%s: %s\n", msg, krb5_err_str ? krb5_err_str : "UNKNOWN");
+
+	talloc_free(mem_ctx);
+	exit(exit_code);
+}
+
+int main (int argc, char **argv)
+{
+	TALLOC_CTX *mem_ctx = talloc_init("ktutil");
+	krb5_context context;
+	krb5_keytab keytab;
+	krb5_kt_cursor cursor;
+	krb5_keytab_entry entry;
+	krb5_error_code ret;
+	char *keytab_name = NULL;
+
+	if (mem_ctx == NULL) {
+		printf("talloc_init() failed\n");
+		exit(1);
+	}
+
+	if (argc != 2) {
+		printf("Usage: %s KEYTAB\n", argv[0]);
+		exit(1);
+	}
+
+	keytab_name = argv[1];
+
+	ret = smb_krb5_init_context_common(&context);
+	if (ret) {
+		DBG_ERR("kerberos init context failed (%s)\n",
+			error_message(ret));
+		smb_krb5_err(mem_ctx, context, 1, ret, "krb5_context");
+	}
+
+	ret = smb_krb5_kt_open_relative(context, keytab_name, false, &keytab);
+	if (ret) {
+		smb_krb5_err(mem_ctx, context, 1, ret, "open keytab");
+	}
+
+	ret = krb5_kt_start_seq_get(context, keytab, &cursor);
+	if (ret) {
+		smb_krb5_err(mem_ctx, context, 1, ret, "krb5_kt_start_seq_get");
+	}
+
+	for (ret = krb5_kt_next_entry(context, keytab, &entry, &cursor);
+	     ret == 0;
+	     ret = krb5_kt_next_entry(context, keytab, &entry, &cursor))
+	{
+		char *principal = NULL;
+		char *enctype_str = NULL;
+		krb5_enctype enctype = smb_krb5_kt_get_enctype_from_entry(&entry);
+
+		ret = smb_krb5_unparse_name(mem_ctx,
+					    context,
+					    entry.principal,
+					    &principal);
+		if (ret) {
+			smb_krb5_err(mem_ctx, context, 1, ret, "krb5_enctype_to_string");
+		}
+
+		ret = smb_krb5_enctype_to_string(context,
+						 enctype,
+						 &enctype_str);
+		if (ret) {
+			printf("%s (%d)\n", principal, (int)enctype);
+		} else {
+			printf("%s (%s)\n", principal, enctype_str);
+		}
+
+		TALLOC_FREE(principal);
+		SAFE_FREE(enctype_str);
+		smb_krb5_kt_free_entry(context, &entry);
+	}
+
+	ret = krb5_kt_end_seq_get(context, keytab, &cursor);
+	if (ret) {
+		smb_krb5_err(mem_ctx, context, 1, ret, "krb5_kt_end_seq_get");
+	}
+
+	ret = krb5_kt_close(context, keytab);
+	if (ret) {
+		smb_krb5_err(mem_ctx, context, 1, ret, "krb5_kt_close");
+	}
+
+	krb5_free_context(context);
+	talloc_free(mem_ctx);
+	return 0;
+}
diff --git a/source4/kdc/mit-kdb/kdb_samba.c b/source4/kdc/mit-kdb/kdb_samba.c
new file mode 100644
index 0000000..e8fcfc8
--- /dev/null
+++ b/source4/kdc/mit-kdb/kdb_samba.c
@@ -0,0 +1,178 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Samba KDB plugin for MIT Kerberos
+
+   Copyright (c) 2010      Simo Sorce <idra@samba.org>.
+   Copyright (c) 2014      Andreas Schneider <asn@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+
+#include "system/kerberos.h"
+
+#include <profile.h>
+#include <kdb.h>
+
+#include "kdc/samba_kdc.h"
+#include "kdc/mit_samba.h"
+#include "kdb_samba.h"
+
+static krb5_error_code kdb_samba_init_library(void)
+{
+	return 0;
+}
+
+static krb5_error_code kdb_samba_fini_library(void)
+{
+	return 0;
+}
+
+static krb5_error_code kdb_samba_init_module(krb5_context context,
+					     char *conf_section,
+					     char **db_args,
+					     int mode)
+{
+	/* TODO mit_samba_context_init */
+	struct mit_samba_context *mit_ctx;
+	krb5_error_code code;
+	int rc;
+
+	rc = mit_samba_context_init(&mit_ctx);
+	if (rc != 0) {
+		return ENOMEM;
+	}
+
+
+	code = krb5_db_set_context(context, mit_ctx);
+
+	return code;
+}
+static krb5_error_code kdb_samba_fini_module(krb5_context context)
+{
+	struct mit_samba_context *mit_ctx;
+
+	mit_ctx = ks_get_context(context);
+	if (mit_ctx == NULL) {
+		return 0;
+	}
+
+	mit_samba_context_free(mit_ctx);
+
+	return 0;
+}
+
+static krb5_error_code kdb_samba_db_create(krb5_context context,
+					   char *conf_section,
+					   char **db_args)
+{
+	/* NOTE: used only by kadmin */
+	return KRB5_KDB_DBTYPE_NOSUP;
+}
+
+static krb5_error_code kdb_samba_db_destroy(krb5_context context,
+					    char *conf_section,
+					    char **db_args)
+{
+	/* NOTE: used only by kadmin */
+	return KRB5_KDB_DBTYPE_NOSUP;
+}
+
+static krb5_error_code kdb_samba_db_get_age(krb5_context context,
+					    char *db_name,
+					    time_t *age)
+{
+	/* TODO: returns last modification time of the db */
+
+	/* NOTE: used by and affects only lookaside cache,
+	 *       defer implementation until needed as samba doesn't keep this
+	 *       specific value readily available and it would require a full
+	 *       database search to get it. */
+
+	*age = time(NULL);
+
+	return 0;
+}
+
+static krb5_error_code kdb_samba_db_lock(krb5_context context, int kmode)
+{
+
+	/* NOTE: important only for kadmin */
+	/* NOTE: deferred as samba's DB cannot be easily locked and doesn't
+	 * really make sense to do so anyway as the db is shared and support
+	 * transactions */
+	return 0;
+}
+
+static krb5_error_code kdb_samba_db_unlock(krb5_context context)
+{
+
+	/* NOTE: important only for kadmin */
+	/* NOTE: deferred as samba's DB cannot be easily locked and doesn't
+	 * really make sense to do so anyway as the db is shared and support
+	 * transactions */
+	return 0;
+}
+
+static void kdb_samba_db_free_principal_e_data(krb5_context context,
+					       krb5_octet *e_data)
+{
+	struct samba_kdc_entry *skdc_entry;
+
+	skdc_entry = talloc_get_type_abort(e_data,
+					   struct samba_kdc_entry);
+	skdc_entry->kdc_entry = NULL;
+	TALLOC_FREE(skdc_entry);
+}
+
+kdb_vftabl kdb_function_table = {
+	.maj_ver                   = KRB5_KDB_DAL_MAJOR_VERSION,
+	.min_ver                   = 0,
+
+	.init_library              = kdb_samba_init_library,
+	.fini_library              = kdb_samba_fini_library,
+	.init_module               = kdb_samba_init_module,
+	.fini_module               = kdb_samba_fini_module,
+
+	.create                    = kdb_samba_db_create,
+	.destroy                   = kdb_samba_db_destroy,
+	.get_age                   = kdb_samba_db_get_age,
+	.lock                      = kdb_samba_db_lock,
+	.unlock                    = kdb_samba_db_unlock,
+
+	.get_principal             = kdb_samba_db_get_principal,
+	.put_principal             = kdb_samba_db_put_principal,
+	.delete_principal          = kdb_samba_db_delete_principal,
+
+	.iterate                   = kdb_samba_db_iterate,
+
+	.fetch_master_key          = kdb_samba_fetch_master_key,
+	.fetch_master_key_list     = kdb_samba_fetch_master_key_list,
+
+	.change_pwd                = kdb_samba_change_pwd,
+
+	.decrypt_key_data          = kdb_samba_dbekd_decrypt_key_data,
+	.encrypt_key_data          = kdb_samba_dbekd_encrypt_key_data,
+
+	.check_policy_as           = kdb_samba_db_check_policy_as,
+	.audit_as_req              = kdb_samba_db_audit_as_req,
+	.check_allowed_to_delegate = kdb_samba_db_check_allowed_to_delegate,
+
+	.free_principal_e_data     = kdb_samba_db_free_principal_e_data,
+
+	.allowed_to_delegate_from  = kdb_samba_db_allowed_to_delegate_from,
+	.issue_pac                 = kdb_samba_db_issue_pac,
+};
diff --git a/source4/kdc/mit-kdb/kdb_samba.h b/source4/kdc/mit-kdb/kdb_samba.h
new file mode 100644
index 0000000..acd5a77
--- /dev/null
+++ b/source4/kdc/mit-kdb/kdb_samba.h
@@ -0,0 +1,182 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Samba KDB plugin for MIT Kerberos
+
+   Copyright (c) 2009      Simo Sorce <idra@samba.org>.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _KDB_SAMBA_H_
+#define _KDB_SAMBA_H_
+
+#include <stdbool.h>
+
+#include <krb5/krb5.h>
+#include <krb5/plugin.h>
+
+#define PAC_LOGON_INFO 1
+
+#ifndef discard_const_p
+#if defined(__intptr_t_defined) || defined(HAVE_INTPTR_T)
+# define discard_const_p(type, ptr) ((type *)((intptr_t)(ptr)))
+#else
+# define discard_const_p(type, ptr) ((type *)(ptr))
+#endif
+#endif
+
+/* from kdb_samba_common.c */
+
+struct mit_samba_context *ks_get_context(krb5_context kcontext);
+
+krb5_error_code ks_get_principal(krb5_context context,
+				 krb5_const_principal principal,
+				 unsigned int kflags,
+				 krb5_db_entry **kentry);
+
+void ks_free_principal(krb5_context context, krb5_db_entry *entry);
+
+bool ks_data_eq_string(krb5_data d, const char *s);
+
+krb5_boolean ks_is_kadmin(krb5_context context,
+			  krb5_const_principal princ);
+
+krb5_boolean ks_is_kadmin_history(krb5_context context,
+				  krb5_const_principal princ);
+
+krb5_boolean ks_is_kadmin_changepw(krb5_context context,
+				   krb5_const_principal princ);
+
+krb5_boolean ks_is_kadmin_admin(krb5_context context,
+				krb5_const_principal princ);
+
+/* from kdb_samba_principals.c */
+
+krb5_error_code kdb_samba_db_get_principal(krb5_context context,
+					   krb5_const_principal princ,
+					   unsigned int kflags,
+					   krb5_db_entry **kentry);
+
+krb5_error_code kdb_samba_db_put_principal(krb5_context context,
+					   krb5_db_entry *entry,
+					   char **db_args);
+
+krb5_error_code kdb_samba_db_delete_principal(krb5_context context,
+					      krb5_const_principal princ);
+
+krb5_error_code kdb_samba_db_iterate(krb5_context context,
+				     char *match_entry,
+				     int (*func)(krb5_pointer, krb5_db_entry *),
+				     krb5_pointer func_arg,
+				     krb5_flags iterflags);
+
+/* from kdb_samba_masterkey.c */
+
+krb5_error_code kdb_samba_fetch_master_key(krb5_context context,
+					   krb5_principal name,
+					   krb5_keyblock *key,
+					   krb5_kvno *kvno,
+					   char *db_args);
+
+krb5_error_code kdb_samba_fetch_master_key_list(krb5_context context,
+						krb5_principal mname,
+						const krb5_keyblock *key,
+						krb5_keylist_node **mkeys_list);
+
+/* from kdb_samba_pac.c */
+
+krb5_error_code kdb_samba_dbekd_decrypt_key_data(krb5_context context,
+						 const krb5_keyblock *mkey,
+						 const krb5_key_data *key_data,
+						 krb5_keyblock *kkey,
+						 krb5_keysalt *keysalt);
+
+krb5_error_code kdb_samba_dbekd_encrypt_key_data(krb5_context context,
+						 const krb5_keyblock *mkey,
+						 const krb5_keyblock *kkey,
+						 const krb5_keysalt *keysalt,
+						 int keyver,
+						 krb5_key_data *key_data);
+
+/* from kdb_samba_policies.c */
+krb5_error_code kdb_samba_db_issue_pac(krb5_context context,
+				       unsigned int flags,
+				       krb5_db_entry *client,
+				       krb5_keyblock *replaced_reply_key,
+				       krb5_db_entry *server,
+				       krb5_db_entry *signing_krbtgt,
+				       krb5_timestamp authtime,
+				       krb5_pac old_pac,
+				       krb5_pac new_pac,
+				       krb5_data ***auth_indicators);
+
+krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
+					    unsigned int flags,
+					    krb5_const_principal client_princ,
+					    krb5_const_principal server_princ,
+					    krb5_db_entry *client,
+					    krb5_db_entry *server,
+					    krb5_db_entry *krbtgt,
+					    krb5_db_entry *local_krbtgt,
+					    krb5_keyblock *client_key,
+					    krb5_keyblock *server_key,
+					    krb5_keyblock *krbtgt_key,
+					    krb5_keyblock *local_krbtgt_key,
+					    krb5_keyblock *session_key,
+					    krb5_timestamp authtime,
+					    krb5_authdata **tgt_auth_data,
+					    void *authdata_info,
+					    krb5_data ***auth_indicators,
+					    krb5_authdata ***signed_auth_data);
+
+krb5_error_code kdb_samba_db_check_policy_as(krb5_context context,
+					     krb5_kdc_req *kdcreq,
+					     krb5_db_entry *client,
+					     krb5_db_entry *server,
+					     krb5_timestamp kdc_time,
+					     const char **status,
+					     krb5_pa_data ***e_data_out);
+
+krb5_error_code kdb_samba_db_check_allowed_to_delegate(krb5_context context,
+						       krb5_const_principal client,
+						       const krb5_db_entry *server,
+						       krb5_const_principal proxy);
+
+krb5_error_code kdb_samba_db_allowed_to_delegate_from(
+		krb5_context context,
+		krb5_const_principal client,
+		krb5_const_principal server,
+		krb5_pac header_pac,
+		const krb5_db_entry *proxy);
+
+void kdb_samba_db_audit_as_req(krb5_context kcontext,
+			       krb5_kdc_req *request,
+			       const krb5_address *local_addr,
+			       const krb5_address *remote_addr,
+			       krb5_db_entry *client,
+			       krb5_db_entry *server,
+			       krb5_timestamp authtime,
+			       krb5_error_code error_code);
+
+/* from kdb_samba_change_pwd.c */
+
+krb5_error_code kdb_samba_change_pwd(krb5_context context,
+				     krb5_keyblock *master_key,
+				     krb5_key_salt_tuple *ks_tuple,
+				     int ks_tuple_count, char *passwd,
+				     int new_kvno, krb5_boolean keepold,
+				     krb5_db_entry *db_entry);
+
+#endif /* _KDB_SAMBA_H_ */
diff --git a/source4/kdc/mit-kdb/kdb_samba_change_pwd.c b/source4/kdc/mit-kdb/kdb_samba_change_pwd.c
new file mode 100644
index 0000000..ad7bb5d
--- /dev/null
+++ b/source4/kdc/mit-kdb/kdb_samba_change_pwd.c
@@ -0,0 +1,59 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Samba KDB plugin for MIT Kerberos
+
+   Copyright (c) 2010      Simo Sorce <idra@samba.org>.
+   Copyright (c) 2014      Andreas Schneider <asn@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+
+#include "system/kerberos.h"
+
+#include <profile.h>
+#include <kdb.h>
+
+#include "kdc/mit_samba.h"
+#include "kdb_samba.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_KERBEROS
+
+krb5_error_code kdb_samba_change_pwd(krb5_context context,
+				     krb5_keyblock *master_key,
+				     krb5_key_salt_tuple *ks_tuple,
+				     int ks_tuple_count, char *passwd,
+				     int new_kvno, krb5_boolean keepold,
+				     krb5_db_entry *db_entry)
+{
+	struct mit_samba_context *mit_ctx;
+	krb5_error_code code;
+
+	mit_ctx = ks_get_context(context);
+	if (mit_ctx == NULL) {
+		return KRB5_KDB_DBNOTINITED;
+	}
+
+	code = mit_samba_kpasswd_change_password(mit_ctx, passwd, db_entry);
+	if (code != 0) {
+		goto cleanup;
+	}
+
+cleanup:
+
+	return code;
+}
diff --git a/source4/kdc/mit-kdb/kdb_samba_common.c b/source4/kdc/mit-kdb/kdb_samba_common.c
new file mode 100644
index 0000000..5ba845e
--- /dev/null
+++ b/source4/kdc/mit-kdb/kdb_samba_common.c
@@ -0,0 +1,103 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Samba KDB plugin for MIT Kerberos
+
+   Copyright (c) 2010      Simo Sorce <idra@samba.org>.
+   Copyright (c) 2014      Andreas Schneider <asn@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+
+#include "system/kerberos.h"
+
+#include <profile.h>
+#include <kdb.h>
+
+#include "kdc/mit_samba.h"
+#include "kdb_samba.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_KERBEROS
+
+struct mit_samba_context *ks_get_context(krb5_context kcontext)
+{
+	struct mit_samba_context *mit_ctx = NULL;
+	void *db_ctx = NULL;
+	krb5_error_code code;
+
+	code = krb5_db_get_context(kcontext, &db_ctx);
+	if (code != 0) {
+		return NULL;
+	}
+
+	mit_ctx = talloc_get_type_abort(db_ctx, struct mit_samba_context);
+
+	/*
+	 * This is nomrally the starting point for Kerberos operations in
+	 * MIT KRB5, so reset errno to 0 for possible com_err debug messages.
+	 */
+	errno = 0;
+
+	return mit_ctx;
+}
+
+bool ks_data_eq_string(krb5_data d, const char *s)
+{
+	int rc;
+
+	if (d.length != strlen(s) || d.length == 0) {
+		return false;
+	}
+
+	rc = memcmp(d.data, s, d.length);
+	if (rc != 0) {
+		return false;
+	}
+
+	return true;
+}
+
+krb5_boolean ks_is_kadmin(krb5_context context,
+			  krb5_const_principal princ)
+{
+	return krb5_princ_size(context, princ) >= 1 &&
+	       ks_data_eq_string(princ->data[0], "kadmin");
+}
+
+krb5_boolean ks_is_kadmin_history(krb5_context context,
+				  krb5_const_principal princ)
+{
+	return krb5_princ_size(context, princ) == 2 &&
+	       ks_data_eq_string(princ->data[0], "kadmin") &&
+	       ks_data_eq_string(princ->data[1], "history");
+}
+
+krb5_boolean ks_is_kadmin_changepw(krb5_context context,
+				   krb5_const_principal princ)
+{
+	return krb5_princ_size(context, princ) == 2 &&
+	       ks_data_eq_string(princ->data[0], "kadmin") &&
+	       ks_data_eq_string(princ->data[1], "changepw");
+}
+
+krb5_boolean ks_is_kadmin_admin(krb5_context context,
+				krb5_const_principal princ)
+{
+	return krb5_princ_size(context, princ) == 2 &&
+	       ks_data_eq_string(princ->data[0], "kadmin") &&
+	       ks_data_eq_string(princ->data[1], "admin");
+}
diff --git a/source4/kdc/mit-kdb/kdb_samba_masterkey.c b/source4/kdc/mit-kdb/kdb_samba_masterkey.c
new file mode 100644
index 0000000..b068d96
--- /dev/null
+++ b/source4/kdc/mit-kdb/kdb_samba_masterkey.c
@@ -0,0 +1,69 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Samba KDB plugin for MIT Kerberos
+
+   Copyright (c) 2010      Simo Sorce <idra@samba.org>.
+   Copyright (c) 2014      Andreas Schneider <asn@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include "includes.h"
+
+#include "system/kerberos.h"
+
+#include <profile.h>
+#include <kdb.h>
+
+#include "kdc/mit_samba.h"
+#include "kdb_samba.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_KERBEROS
+
+krb5_error_code kdb_samba_fetch_master_key(krb5_context context,
+					   krb5_principal name,
+					   krb5_keyblock *key,
+					   krb5_kvno *kvno,
+					   char *db_args)
+{
+	return 0;
+}
+
+krb5_error_code kdb_samba_fetch_master_key_list(krb5_context context,
+						krb5_principal mname,
+						const krb5_keyblock *key,
+						krb5_keylist_node **mkeys_list)
+{
+	krb5_keylist_node *mkey;
+
+	/*
+	 * NOTE: samba does not support master keys
+	 *       so just return a dummy key
+	 */
+	mkey = calloc(1, sizeof(krb5_keylist_node));
+	if (mkey == NULL) {
+		return ENOMEM;
+	}
+
+	mkey->keyblock.magic = KV5M_KEYBLOCK;
+	mkey->keyblock.enctype = ENCTYPE_UNKNOWN;
+	mkey->kvno = 1;
+
+	*mkeys_list = mkey;
+
+	return 0;
+}
diff --git a/source4/kdc/mit-kdb/kdb_samba_pac.c b/source4/kdc/mit-kdb/kdb_samba_pac.c
new file mode 100644
index 0000000..75b05a6
--- /dev/null
+++ b/source4/kdc/mit-kdb/kdb_samba_pac.c
@@ -0,0 +1,115 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Samba KDB plugin for MIT Kerberos
+
+   Copyright (c) 2010      Simo Sorce <idra@samba.org>.
+   Copyright (c) 2014      Andreas Schneider <asn@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+
+#include "system/kerberos.h"
+
+#include <profile.h>
+#include <kdb.h>
+
+#include "kdc/mit_samba.h"
+#include "kdb_samba.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_KERBEROS
+
+krb5_error_code kdb_samba_dbekd_decrypt_key_data(krb5_context context,
+						 const krb5_keyblock *mkey,
+						 const krb5_key_data *key_data,
+						 krb5_keyblock *kkey,
+						 krb5_keysalt *keysalt)
+{
+	/*
+	 * NOTE: Samba doesn't use a master key, so we will just copy
+	 * the contents around untouched.
+	 */
+	ZERO_STRUCTP(kkey);
+
+	kkey->magic = KV5M_KEYBLOCK;
+	kkey->enctype = key_data->key_data_type[0];
+	kkey->contents = malloc(key_data->key_data_length[0]);
+	if (kkey->contents == NULL) {
+		return ENOMEM;
+	}
+	memcpy(kkey->contents,
+	       key_data->key_data_contents[0],
+	       key_data->key_data_length[0]);
+	kkey->length = key_data->key_data_length[0];
+
+	if (keysalt != NULL) {
+		keysalt->type = key_data->key_data_type[1];
+		keysalt->data.data = malloc(key_data->key_data_length[1]);
+		if (keysalt->data.data == NULL) {
+			free(kkey->contents);
+			return ENOMEM;
+		}
+		memcpy(keysalt->data.data,
+		       key_data->key_data_contents[1],
+		       key_data->key_data_length[1]);
+		keysalt->data.length = key_data->key_data_length[1];
+	}
+
+	return 0;
+}
+
+krb5_error_code kdb_samba_dbekd_encrypt_key_data(krb5_context context,
+						 const krb5_keyblock *mkey,
+						 const krb5_keyblock *kkey,
+						 const krb5_keysalt *keysalt,
+						 int keyver,
+						 krb5_key_data *key_data)
+{
+	/*
+	 * NOTE: samba doesn't use a master key, so we will just copy
+	 * the contents around untouched.
+	 */
+
+	ZERO_STRUCTP(key_data);
+
+	key_data->key_data_ver = KRB5_KDB_V1_KEY_DATA_ARRAY;
+	key_data->key_data_kvno = keyver;
+	key_data->key_data_type[0] = kkey->enctype;
+	key_data->key_data_contents[0] = malloc(kkey->length);
+	if (key_data->key_data_contents[0] == NULL) {
+		return ENOMEM;
+	}
+	memcpy(key_data->key_data_contents[0],
+	       kkey->contents,
+	       kkey->length);
+	key_data->key_data_length[0] = kkey->length;
+
+	if (keysalt != NULL) {
+		key_data->key_data_type[1] = keysalt->type;
+		key_data->key_data_contents[1] = malloc(keysalt->data.length);
+		if (key_data->key_data_contents[1] == NULL) {
+			free(key_data->key_data_contents[0]);
+			return ENOMEM;
+		}
+		memcpy(key_data->key_data_contents[1],
+		       keysalt->data.data,
+		       keysalt->data.length);
+		key_data->key_data_length[1] = keysalt->data.length;
+	}
+
+	return 0;
+}
diff --git a/source4/kdc/mit-kdb/kdb_samba_policies.c b/source4/kdc/mit-kdb/kdb_samba_policies.c
new file mode 100644
index 0000000..56bd0dd
--- /dev/null
+++ b/source4/kdc/mit-kdb/kdb_samba_policies.c
@@ -0,0 +1,397 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Samba KDB plugin for MIT Kerberos
+
+   Copyright (c) 2010      Simo Sorce <idra@samba.org>.
+   Copyright (c) 2014-2021 Andreas Schneider <asn@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "lib/replace/replace.h"
+#include "lib/replace/system/kerberos.h"
+#include "lib/util/data_blob.h"
+#include "lib/util/debug.h"
+#include "lib/util/fault.h"
+#include "lib/util/memory.h"
+#include "libcli/util/ntstatus.h"
+#include "lib/krb5_wrap/krb5_samba.h"
+
+#include <profile.h>
+#include <kdb.h>
+
+#include "kdc/mit_samba.h"
+#include "kdb_samba.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_KERBEROS
+
+/* FIXME: This is a krb5 function which is exported, but in no header */
+extern krb5_error_code decode_krb5_padata_sequence(const krb5_data *output,
+						   krb5_pa_data ***rep);
+
+static krb5_error_code ks_get_netbios_name(krb5_address **addrs, char **name)
+{
+	char *nb_name = NULL;
+	int len, i;
+
+	for (i = 0; addrs[i]; i++) {
+		if (addrs[i]->addrtype != ADDRTYPE_NETBIOS) {
+			continue;
+		}
+		len = MIN(addrs[i]->length, 15);
+		nb_name = strndup((const char *)addrs[i]->contents, len);
+		if (!nb_name) {
+			return ENOMEM;
+		}
+		break;
+	}
+
+	if (nb_name) {
+		/* Strip space padding */
+		i = strlen(nb_name) - 1;
+		for (i = strlen(nb_name) - 1;
+		     i > 0 && nb_name[i] == ' ';
+		     i--) {
+			nb_name[i] = '\0';
+		}
+	}
+
+	*name = nb_name;
+
+	return 0;
+}
+
+krb5_error_code kdb_samba_db_check_policy_as(krb5_context context,
+					     krb5_kdc_req *kdcreq,
+					     krb5_db_entry *client,
+					     krb5_db_entry *server,
+					     krb5_timestamp kdc_time,
+					     const char **status,
+					     krb5_pa_data ***e_data_out)
+{
+	struct mit_samba_context *mit_ctx;
+	krb5_error_code code;
+	char *client_name = NULL;
+	char *server_name = NULL;
+	char *netbios_name = NULL;
+	char *realm = NULL;
+	bool password_change = false;
+	krb5_const_principal client_princ;
+	DATA_BLOB int_data = { NULL, 0 };
+	krb5_data d;
+	krb5_pa_data **e_data;
+
+	mit_ctx = ks_get_context(context);
+	if (mit_ctx == NULL) {
+		return KRB5_KDB_DBNOTINITED;
+	}
+
+	/* Prefer canonicalised name from client entry */
+	client_princ = client ? client->princ : kdcreq->client;
+
+	if (client_princ == NULL || ks_is_kadmin(context, client_princ)) {
+		return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
+	}
+
+	if (krb5_princ_size(context, kdcreq->server) == 2 &&
+	    ks_is_kadmin_changepw(context, kdcreq->server)) {
+		code = krb5_get_default_realm(context, &realm);
+		if (code) {
+			goto done;
+		}
+
+		if (ks_data_eq_string(kdcreq->server->realm, realm)) {
+			password_change = true;
+		}
+	}
+
+	code = krb5_unparse_name(context, kdcreq->server, &server_name);
+	if (code) {
+		goto done;
+	}
+
+	code = krb5_unparse_name(context, client_princ, &client_name);
+	if (code) {
+		goto done;
+	}
+
+	if (kdcreq->addresses) {
+		code = ks_get_netbios_name(kdcreq->addresses, &netbios_name);
+		if (code) {
+			goto done;
+		}
+	}
+
+	code = mit_samba_check_client_access(mit_ctx,
+					     client,
+					     client_name,
+					     server,
+					     server_name,
+					     netbios_name,
+					     password_change,
+					     &int_data);
+
+	if (int_data.length && int_data.data) {
+
+		/* make sure the mapped return code is returned - gd */
+		int code_tmp;
+
+		d = smb_krb5_data_from_blob(int_data);
+
+		code_tmp = decode_krb5_padata_sequence(&d, &e_data);
+		if (code_tmp == 0) {
+			*e_data_out = e_data;
+		}
+	}
+done:
+	free(realm);
+	free(server_name);
+	free(client_name);
+	free(netbios_name);
+
+	return code;
+}
+
+static krb5_error_code ks_get_pac(krb5_context context,
+				  uint32_t flags,
+				  krb5_db_entry *client,
+				  krb5_db_entry *server,
+				  krb5_keyblock *client_key,
+				  krb5_pac *pac)
+{
+	struct mit_samba_context *mit_ctx;
+	krb5_error_code code;
+
+	mit_ctx = ks_get_context(context);
+	if (mit_ctx == NULL) {
+		return KRB5_KDB_DBNOTINITED;
+	}
+
+	code = mit_samba_get_pac(mit_ctx,
+				 context,
+				 flags,
+				 client,
+				 server,
+				 client_key,
+				 pac);
+	if (code != 0) {
+		return code;
+	}
+
+	return code;
+}
+
+static krb5_error_code ks_update_pac(krb5_context context,
+				     int flags,
+				     krb5_db_entry *client,
+				     krb5_db_entry *server,
+				     krb5_db_entry *signing_krbtgt,
+				     krb5_pac old_pac,
+				     krb5_pac new_pac)
+{
+	struct mit_samba_context *mit_ctx = NULL;
+	krb5_error_code code;
+
+	mit_ctx = ks_get_context(context);
+	if (mit_ctx == NULL) {
+		return KRB5_KDB_DBNOTINITED;
+	}
+
+	code = mit_samba_update_pac(mit_ctx,
+				    context,
+				    flags,
+				    client,
+				    server,
+				    signing_krbtgt,
+				    old_pac,
+				    new_pac);
+	if (code != 0) {
+		return code;
+	}
+
+	return code;
+}
+
+krb5_error_code kdb_samba_db_issue_pac(krb5_context context,
+				       unsigned int flags,
+				       krb5_db_entry *client,
+				       krb5_keyblock *replaced_reply_key,
+				       krb5_db_entry *server,
+				       krb5_db_entry *signing_krbtgt,
+				       krb5_timestamp authtime,
+				       krb5_pac old_pac,
+				       krb5_pac new_pac,
+				       krb5_data ***auth_indicators)
+{
+	char *client_name = NULL;
+	char *server_name = NULL;
+	krb5_error_code code = EINVAL;
+
+	/* The KDC handles both signing and verification for us. */
+
+	if (client != NULL) {
+		code = krb5_unparse_name(context,
+					 client->princ,
+					 &client_name);
+		if (code != 0) {
+			return code;
+		}
+	}
+
+	if (server != NULL) {
+		code = krb5_unparse_name(context,
+					 server->princ,
+					 &server_name);
+		if (code != 0) {
+			SAFE_FREE(client_name);
+			return code;
+		}
+	}
+
+	/*
+	 * Get a new PAC for AS-REQ or S4U2Self for our realm.
+	 *
+	 * For a simple cross-realm S4U2Proxy there will be the following TGS
+	 * requests after the client realm is identified:
+	 *
+	 * 1. server@SREALM to SREALM for krbtgt/CREALM@SREALM -- a regular TGS
+	 *    request with server's normal TGT and no S4U2Self padata.
+	 * 2. server@SREALM to CREALM for server@SREALM (expressed as an
+	 *    enterprise principal), with the TGT from #1 as header ticket and
+	 *    S4U2Self padata identifying the client.
+	 * 3. server@SREALM to SREALM for server@SREALM with S4U2Self padata,
+	 *    with the referral TGT from #2 as header ticket
+	 *
+	 * In request 2 the PROTOCOL_TRANSITION and CROSS_REALM flags are set,
+	 * and the request is for a local client (so client != NULL) and we
+	 * want to make a new PAC.
+	 *
+	 * In request 3 the PROTOCOL_TRANSITION and CROSS_REALM flags are also
+	 * set, but the request is for a non-local client (so client == NULL)
+	 * and we want to copy the subject PAC contained in the referral TGT.
+	 */
+	if (old_pac == NULL ||
+	    (client != NULL && (flags & KRB5_KDB_FLAG_PROTOCOL_TRANSITION))) {
+		DBG_NOTICE("Generate PAC for AS-REQ [client=%s, flags=%#08x]\n",
+			   client_name != NULL ? client_name : "<unknown>",
+			   flags);
+
+		code = ks_get_pac(context,
+				  flags,
+				  client,
+				  server,
+				  replaced_reply_key,
+				  &new_pac);
+	} else {
+		DBG_NOTICE("Update PAC for TGS-REQ [client=%s, server=%s, "
+			   "flags=%#08x]\n",
+			   client_name != NULL ? client_name : "<unknown>",
+			   server_name != NULL ? server_name : "<unknown>",
+			   flags);
+
+		code = ks_update_pac(context,
+				flags,
+				client,
+				server,
+				signing_krbtgt,
+				old_pac,
+				new_pac);
+	}
+	SAFE_FREE(client_name);
+	SAFE_FREE(server_name);
+
+	return code;
+}
+
+krb5_error_code kdb_samba_db_check_allowed_to_delegate(krb5_context context,
+						       krb5_const_principal client,
+						       const krb5_db_entry *server,
+						       krb5_const_principal proxy)
+{
+	struct mit_samba_context *mit_ctx = NULL;
+
+	mit_ctx = ks_get_context(context);
+	if (mit_ctx == NULL) {
+		return KRB5_KDB_DBNOTINITED;
+	}
+
+	return mit_samba_check_s4u2proxy(mit_ctx,
+					 server,
+					 proxy);
+
+}
+
+
+krb5_error_code kdb_samba_db_allowed_to_delegate_from(
+		krb5_context context,
+		krb5_const_principal client_principal,
+		krb5_const_principal server_principal,
+		krb5_pac header_pac,
+		const krb5_db_entry *proxy)
+{
+	struct mit_samba_context *mit_ctx = NULL;
+	krb5_error_code code;
+
+	mit_ctx = ks_get_context(context);
+	if (mit_ctx == NULL) {
+		return KRB5_KDB_DBNOTINITED;
+	}
+
+	code = mit_samba_check_allowed_to_delegate_from(mit_ctx,
+							client_principal,
+							server_principal,
+							header_pac,
+							proxy);
+
+	return code;
+}
+
+
+static void samba_bad_password_count(krb5_db_entry *client,
+				     krb5_error_code error_code)
+{
+	switch (error_code) {
+	case 0:
+		mit_samba_zero_bad_password_count(client);
+		break;
+	case KRB5KDC_ERR_PREAUTH_FAILED:
+	case KRB5KRB_AP_ERR_BAD_INTEGRITY:
+		mit_samba_update_bad_password_count(client);
+		break;
+	}
+}
+
+void kdb_samba_db_audit_as_req(krb5_context context,
+			       krb5_kdc_req *request,
+			       const krb5_address *local_addr,
+			       const krb5_address *remote_addr,
+			       krb5_db_entry *client,
+			       krb5_db_entry *server,
+			       krb5_timestamp authtime,
+			       krb5_error_code error_code)
+{
+	/*
+	 * FIXME: This segfaulted with a FAST test
+	 * FIND_FAST: <unknown client> for <unknown server>, Unknown FAST armor type 0
+	 */
+	if (client == NULL) {
+		return;
+	}
+
+	samba_bad_password_count(client, error_code);
+
+	/* TODO: perform proper audit logging for addresses */
+}
diff --git a/source4/kdc/mit-kdb/kdb_samba_principals.c b/source4/kdc/mit-kdb/kdb_samba_principals.c
new file mode 100644
index 0000000..2726018
--- /dev/null
+++ b/source4/kdc/mit-kdb/kdb_samba_principals.c
@@ -0,0 +1,397 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Samba KDB plugin for MIT Kerberos
+
+   Copyright (c) 2010      Simo Sorce <idra@samba.org>.
+   Copyright (c) 2014      Andreas Schneider <asn@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+
+#include "system/kerberos.h"
+
+#include <profile.h>
+#include <kdb.h>
+
+#include "kdc/samba_kdc.h"
+#include "kdc/mit_samba.h"
+#include "kdb_samba.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_KERBEROS
+
+#define ADMIN_LIFETIME 60*60*3 /* 3 hours */
+
+krb5_error_code ks_get_principal(krb5_context context,
+				 krb5_const_principal principal,
+				 unsigned int kflags,
+				 krb5_db_entry **kentry)
+{
+	struct mit_samba_context *mit_ctx;
+	krb5_error_code code;
+
+	mit_ctx = ks_get_context(context);
+	if (mit_ctx == NULL) {
+		return KRB5_KDB_DBNOTINITED;
+	}
+
+	code = mit_samba_get_principal(mit_ctx,
+				       principal,
+				       kflags,
+				       kentry);
+	if (code != 0) {
+		goto cleanup;
+	}
+
+cleanup:
+
+	return code;
+}
+
+static void ks_free_principal_e_data(krb5_context context, krb5_octet *e_data)
+{
+	struct samba_kdc_entry *skdc_entry;
+
+	skdc_entry = talloc_get_type_abort(e_data,
+					   struct samba_kdc_entry);
+	skdc_entry->kdc_entry = NULL;
+	TALLOC_FREE(skdc_entry);
+}
+
+void ks_free_principal(krb5_context context, krb5_db_entry *entry)
+{
+	krb5_tl_data *tl_data_next = NULL;
+	krb5_tl_data *tl_data = NULL;
+	size_t i, j;
+
+	if (entry != NULL) {
+		krb5_free_principal(context, entry->princ);
+
+		for (tl_data = entry->tl_data; tl_data; tl_data = tl_data_next) {
+			tl_data_next = tl_data->tl_data_next;
+			if (tl_data->tl_data_contents != NULL) {
+				free(tl_data->tl_data_contents);
+			}
+			free(tl_data);
+		}
+
+		if (entry->key_data != NULL) {
+			for (i = 0; i < entry->n_key_data; i++) {
+				for (j = 0; j < entry->key_data[i].key_data_ver; j++) {
+					if (entry->key_data[i].key_data_length[j] != 0) {
+						if (entry->key_data[i].key_data_contents[j] != NULL) {
+							memset(entry->key_data[i].key_data_contents[j], 0, entry->key_data[i].key_data_length[j]);
+							free(entry->key_data[i].key_data_contents[j]);
+						}
+					}
+					entry->key_data[i].key_data_contents[j] = NULL;
+					 entry->key_data[i].key_data_length[j] = 0;
+					 entry->key_data[i].key_data_type[j] = 0;
+				}
+			}
+			free(entry->key_data);
+		}
+
+		if (entry->e_data) {
+			ks_free_principal_e_data(context, entry->e_data);
+		}
+
+		free(entry);
+	}
+}
+
+static krb5_boolean ks_is_master_key_principal(krb5_context context,
+					       krb5_const_principal princ)
+{
+	return krb5_princ_size(context, princ) == 2 &&
+	       ks_data_eq_string(princ->data[0], "K") &&
+	       ks_data_eq_string(princ->data[1], "M");
+}
+
+static krb5_error_code ks_get_master_key_principal(krb5_context context,
+						   krb5_const_principal princ,
+						   krb5_db_entry **kentry_ptr)
+{
+	krb5_error_code code;
+	krb5_key_data *key_data;
+	krb5_timestamp now;
+	krb5_db_entry *kentry;
+
+	*kentry_ptr = NULL;
+
+	kentry = calloc(1, sizeof(krb5_db_entry));
+	if (kentry == NULL) {
+		return ENOMEM;
+	}
+
+	kentry->magic = KRB5_KDB_MAGIC_NUMBER;
+	kentry->len = KRB5_KDB_V1_BASE_LENGTH;
+	kentry->attributes = KRB5_KDB_DISALLOW_ALL_TIX;
+
+	if (princ == NULL) {
+		code = krb5_parse_name(context, KRB5_KDB_M_NAME, &kentry->princ);
+	} else {
+		code = krb5_copy_principal(context, princ, &kentry->princ);
+	}
+	if (code != 0) {
+		krb5_db_free_principal(context, kentry);
+		return code;
+	}
+
+	now = time(NULL);
+
+	code = krb5_dbe_update_mod_princ_data(context, kentry, now, kentry->princ);
+	if (code != 0) {
+		krb5_db_free_principal(context, kentry);
+		return code;
+	}
+
+	/* Return a dummy key */
+	kentry->n_key_data = 1;
+	kentry->key_data = calloc(1, sizeof(krb5_key_data));
+	if (code != 0) {
+		krb5_db_free_principal(context, kentry);
+		return code;
+	}
+
+	key_data = &kentry->key_data[0];
+
+	key_data->key_data_ver          = KRB5_KDB_V1_KEY_DATA_ARRAY;
+	key_data->key_data_kvno         = 1;
+	key_data->key_data_type[0]      = ENCTYPE_UNKNOWN;
+	if (code != 0) {
+		krb5_db_free_principal(context, kentry);
+		return code;
+	}
+
+	*kentry_ptr = kentry;
+
+	return 0;
+}
+
+static krb5_error_code ks_create_principal(krb5_context context,
+					   krb5_const_principal princ,
+					   int attributes,
+					   int max_life,
+					   const char *password,
+					   krb5_db_entry **kentry_ptr)
+{
+	krb5_error_code code;
+	krb5_key_data *key_data;
+	krb5_timestamp now;
+	krb5_db_entry *kentry;
+	krb5_keyblock key;
+	krb5_data salt;
+	krb5_data pwd;
+	int enctype = ENCTYPE_AES256_CTS_HMAC_SHA1_96;
+	int sts = KRB5_KDB_SALTTYPE_SPECIAL;
+
+	if (princ == NULL) {
+		return KRB5_KDB_NOENTRY;
+	}
+
+	*kentry_ptr = NULL;
+
+	kentry = calloc(1, sizeof(krb5_db_entry));
+	if (kentry == NULL) {
+		return ENOMEM;
+	}
+
+	kentry->magic = KRB5_KDB_MAGIC_NUMBER;
+	kentry->len = KRB5_KDB_V1_BASE_LENGTH;
+
+	if (attributes > 0) {
+		kentry->attributes = attributes;
+	}
+
+	if (max_life > 0) {
+		kentry->max_life = max_life;
+	}
+
+	code = krb5_copy_principal(context, princ, &kentry->princ);
+	if (code != 0) {
+		krb5_db_free_principal(context, kentry);
+		return code;
+	}
+
+	now = time(NULL);
+
+	code = krb5_dbe_update_mod_princ_data(context, kentry, now, kentry->princ);
+	if (code != 0) {
+		krb5_db_free_principal(context, kentry);
+		return code;
+	}
+
+	code = mit_samba_generate_salt(&salt);
+	if (code != 0) {
+		krb5_db_free_principal(context, kentry);
+		return code;
+	}
+
+	if (password != NULL) {
+		pwd.data = strdup(password);
+		pwd.length = strlen(password);
+	} else {
+		/* create a random password */
+		code = mit_samba_generate_random_password(&pwd);
+		if (code != 0) {
+			krb5_db_free_principal(context, kentry);
+			return code;
+		}
+	}
+
+	code = krb5_c_string_to_key(context, enctype, &pwd, &salt, &key);
+	SAFE_FREE(pwd.data);
+	if (code != 0) {
+		krb5_db_free_principal(context, kentry);
+		return code;
+	}
+
+	kentry->n_key_data = 1;
+	kentry->key_data = calloc(1, sizeof(krb5_key_data));
+	if (code != 0) {
+		krb5_db_free_principal(context, kentry);
+		return code;
+	}
+
+	key_data = &kentry->key_data[0];
+
+	key_data->key_data_ver          = KRB5_KDB_V1_KEY_DATA_ARRAY;
+	key_data->key_data_kvno         = 1;
+	key_data->key_data_type[0]      = key.enctype;
+	key_data->key_data_length[0]    = key.length;
+	key_data->key_data_contents[0]  = key.contents;
+	key_data->key_data_type[1]      = sts;
+	key_data->key_data_length[1]    = salt.length;
+	key_data->key_data_contents[1]  = (krb5_octet*)salt.data;
+
+	*kentry_ptr = kentry;
+
+	return 0;
+}
+
+static krb5_error_code ks_get_admin_principal(krb5_context context,
+					      krb5_const_principal princ,
+					      krb5_db_entry **kentry_ptr)
+{
+	krb5_error_code code = EINVAL;
+
+	code = ks_create_principal(context,
+				   princ,
+				   KRB5_KDB_DISALLOW_TGT_BASED,
+				   ADMIN_LIFETIME,
+				   NULL,
+				   kentry_ptr);
+
+	return code;
+}
+
+krb5_error_code kdb_samba_db_get_principal(krb5_context context,
+					   krb5_const_principal princ,
+					   unsigned int kflags,
+					   krb5_db_entry **kentry)
+{
+	struct mit_samba_context *mit_ctx;
+	krb5_error_code code;
+
+	mit_ctx = ks_get_context(context);
+	if (mit_ctx == NULL) {
+		return KRB5_KDB_DBNOTINITED;
+	}
+
+	if (ks_is_master_key_principal(context, princ)) {
+		return ks_get_master_key_principal(context, princ, kentry);
+	}
+
+	/*
+	 * Fake a kadmin/admin and kadmin/history principal so that kadmindd can
+	 * start
+	 */
+	if (ks_is_kadmin_admin(context, princ) ||
+	    ks_is_kadmin_history(context, princ)) {
+		return ks_get_admin_principal(context, princ, kentry);
+	}
+
+	code = ks_get_principal(context, princ, kflags, kentry);
+
+	/*
+	 * This restricts the changepw account so it isn't able to request a
+	 * service ticket. It also marks the principal as the changepw service.
+	 */
+	if (ks_is_kadmin_changepw(context, princ)) {
+		/* FIXME: shouldn't we also set KRB5_KDB_DISALLOW_TGT_BASED ?
+		 * testing showed that setpw kpasswd command fails then on the
+		 * server though... */
+		(*kentry)->attributes |= KRB5_KDB_PWCHANGE_SERVICE;
+		(*kentry)->max_life = CHANGEPW_LIFETIME;
+	}
+
+	return code;
+}
+
+krb5_error_code kdb_samba_db_put_principal(krb5_context context,
+					   krb5_db_entry *entry,
+					   char **db_args)
+{
+
+	/* NOTE: deferred, samba does not allow the KDC to store
+	 * principals for now. We should not return KRB5_KDB_DB_INUSE as this
+	 * would result in confusing error messages after password changes. */
+	return 0;
+}
+
+krb5_error_code kdb_samba_db_delete_principal(krb5_context context,
+					      krb5_const_principal princ)
+{
+
+	/* NOTE: deferred, samba does not allow the KDC to delete
+	 * principals for now */
+	return KRB5_KDB_DB_INUSE;
+}
+
+krb5_error_code kdb_samba_db_iterate(krb5_context context,
+				     char *match_entry,
+				     int (*func)(krb5_pointer, krb5_db_entry *),
+				     krb5_pointer func_arg,
+				     krb5_flags iterflags)
+{
+	struct mit_samba_context *mit_ctx;
+	krb5_db_entry *kentry = NULL;
+	krb5_error_code code;
+
+
+	mit_ctx = ks_get_context(context);
+	if (mit_ctx == NULL) {
+		return KRB5_KDB_DBNOTINITED;
+	}
+
+	code = mit_samba_get_firstkey(mit_ctx, &kentry);
+	while (code == 0) {
+		code = (*func)(func_arg, kentry);
+		if (code != 0) {
+			break;
+		}
+
+		code = mit_samba_get_nextkey(mit_ctx, &kentry);
+	}
+
+	if (code == KRB5_KDB_NOENTRY) {
+		code = 0;
+	}
+
+	return code;
+}
diff --git a/source4/kdc/mit-kdb/wscript_build b/source4/kdc/mit-kdb/wscript_build
new file mode 100644
index 0000000..82cea4a
--- /dev/null
+++ b/source4/kdc/mit-kdb/wscript_build
@@ -0,0 +1,22 @@
+#!/usr/bin/env python
+
+bld.SAMBA_LIBRARY('mit-kdb-samba',
+                  source='''
+                         kdb_samba.c
+                         kdb_samba_common.c
+                         kdb_samba_masterkey.c
+                         kdb_samba_pac.c
+                         kdb_samba_policies.c
+                         kdb_samba_principals.c
+                         kdb_samba_change_pwd.c
+                         ''',
+                  private_library=True,
+                  realname='samba.so',
+                  install_path='${LIBDIR}/krb5/plugins/kdb',
+                  deps='''
+                       MIT_SAMBA
+                       com_err
+                       krb5
+                       kdb5
+                       ''',
+                  enabled=bld.CONFIG_SET('HAVE_KDB_H'))
diff --git a/source4/kdc/mit_kdc_irpc.c b/source4/kdc/mit_kdc_irpc.c
new file mode 100644
index 0000000..92fb78d
--- /dev/null
+++ b/source4/kdc/mit_kdc_irpc.c
@@ -0,0 +1,204 @@
+/*
+ * Unix SMB/CIFS implementation.
+ *
+ * Copyright (c) 2015      Andreas Schneider <asn@samba.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "system/kerberos.h"
+#include "source4/auth/kerberos/kerberos.h"
+#include "auth/kerberos/pac_utils.h"
+
+#include "librpc/gen_ndr/irpc.h"
+#include "lib/messaging/irpc.h"
+#include "source4/librpc/gen_ndr/ndr_irpc.h"
+#include "source4/librpc/gen_ndr/irpc.h"
+
+#include "librpc/gen_ndr/ndr_krb5pac.h"
+
+#include "source4/samba/process_model.h"
+#include "lib/param/param.h"
+
+#include "samba_kdc.h"
+#include "db-glue.h"
+#include "sdb.h"
+#include "mit_kdc_irpc.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_KERBEROS
+
+struct mit_kdc_irpc_context {
+	struct task_server *task;
+	krb5_context krb5_context;
+	struct samba_kdc_db_context *db_ctx;
+};
+
+static NTSTATUS netr_samlogon_generic_logon(struct irpc_message *msg,
+					    struct kdc_check_generic_kerberos *r)
+{
+	struct PAC_Validate pac_validate;
+	DATA_BLOB pac_chksum;
+	struct PAC_SIGNATURE_DATA pac_kdc_sig;
+	struct mit_kdc_irpc_context *mki_ctx =
+		talloc_get_type(msg->private_data,
+				struct mit_kdc_irpc_context);
+	enum ndr_err_code ndr_err;
+	int code;
+	krb5_principal principal;
+	struct sdb_entry sentry = {};
+	struct sdb_keys skeys;
+	unsigned int i;
+	const uint8_t *d = NULL;
+
+	/* There is no reply to this request */
+	r->out.generic_reply = data_blob(NULL, 0);
+
+	ndr_err =
+		ndr_pull_struct_blob(&r->in.generic_request,
+				     msg,
+				     &pac_validate,
+				     (ndr_pull_flags_fn_t)ndr_pull_PAC_Validate);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (pac_validate.MessageType != NETLOGON_GENERIC_KRB5_PAC_VALIDATE) {
+		/*
+		 * We don't implement any other message types - such as
+		 * certificate validation - yet
+		 */
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if ((pac_validate.ChecksumAndSignature.length !=
+	    (pac_validate.ChecksumLength + pac_validate.SignatureLength)) ||
+	    (pac_validate.ChecksumAndSignature.length <
+	     pac_validate.ChecksumLength) ||
+	    (pac_validate.ChecksumAndSignature.length <
+	     pac_validate.SignatureLength)) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/* PAC Checksum */
+	pac_chksum = data_blob_const(pac_validate.ChecksumAndSignature.data,
+				     pac_validate.ChecksumLength);
+
+	/* Create the krbtgt principal */
+	code = smb_krb5_make_principal(mki_ctx->krb5_context,
+				      &principal,
+				      lpcfg_realm(mki_ctx->task->lp_ctx),
+				      "krbtgt",
+				      lpcfg_realm(mki_ctx->task->lp_ctx),
+				      NULL);
+	if (code != 0) {
+		DBG_ERR("Failed to create krbtgt@%s principal!\n",
+			lpcfg_realm(mki_ctx->task->lp_ctx));
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* Get the krbtgt from the DB */
+	code = samba_kdc_fetch(mki_ctx->krb5_context,
+			       mki_ctx->db_ctx,
+			       principal,
+			       SDB_F_GET_KRBTGT | SDB_F_DECRYPT,
+			       0,
+			       &sentry);
+	krb5_free_principal(mki_ctx->krb5_context, principal);
+	if (code != 0) {
+		DBG_ERR("Failed to fetch krbtgt@%s principal entry!\n",
+			lpcfg_realm(mki_ctx->task->lp_ctx));
+		return NT_STATUS_LOGON_FAILURE;
+	}
+
+	/* PAC Signature */
+	pac_kdc_sig.type = pac_validate.SignatureType;
+
+	d = &pac_validate.ChecksumAndSignature.data[pac_validate.ChecksumLength];
+	pac_kdc_sig.signature =
+		data_blob_const(d, pac_validate.SignatureLength);
+
+	/*
+	 * Brute force variant because MIT KRB5 doesn't provide a function like
+	 * krb5_checksum_to_enctype().
+	 */
+	skeys = sentry.keys;
+
+	code = EINVAL;
+	for (i = 0; i < skeys.len; i++) {
+		krb5_keyblock krbtgt_keyblock = skeys.val[i].key;
+
+		code = check_pac_checksum(pac_chksum,
+					  &pac_kdc_sig,
+					  mki_ctx->krb5_context,
+					  &krbtgt_keyblock);
+		if (code == 0) {
+			break;
+		}
+	}
+
+	sdb_entry_free(&sentry);
+
+	if (code != 0) {
+		return NT_STATUS_LOGON_FAILURE;
+	}
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS samba_setup_mit_kdc_irpc(struct task_server *task)
+{
+	struct samba_kdc_base_context base_ctx;
+	struct mit_kdc_irpc_context *mki_ctx;
+	NTSTATUS status;
+	int code;
+
+	mki_ctx = talloc_zero(task, struct mit_kdc_irpc_context);
+	if (mki_ctx == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	mki_ctx->task = task;
+
+	base_ctx.ev_ctx = task->event_ctx;
+	base_ctx.lp_ctx = task->lp_ctx;
+
+	/* db-glue.h */
+	status = samba_kdc_setup_db_ctx(mki_ctx,
+					&base_ctx,
+					&mki_ctx->db_ctx);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	code = smb_krb5_init_context_basic(mki_ctx,
+					   task->lp_ctx,
+					   &mki_ctx->krb5_context);
+	if (code != 0) {
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	status = IRPC_REGISTER(task->msg_ctx,
+			       irpc,
+			       KDC_CHECK_GENERIC_KERBEROS,
+			       netr_samlogon_generic_logon,
+			       mki_ctx);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	irpc_add_name(task->msg_ctx, "kdc_server");
+
+	return status;
+}
diff --git a/source4/kdc/mit_kdc_irpc.h b/source4/kdc/mit_kdc_irpc.h
new file mode 100644
index 0000000..943c76c
--- /dev/null
+++ b/source4/kdc/mit_kdc_irpc.h
@@ -0,0 +1,20 @@
+/*
+ * Unix SMB/CIFS implementation.
+ *
+ * Copyright (c) 2015      Andreas Schneider <asn@samba.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+NTSTATUS samba_setup_mit_kdc_irpc(struct task_server *task);
diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
new file mode 100644
index 0000000..ae8895d
--- /dev/null
+++ b/source4/kdc/mit_samba.c
@@ -0,0 +1,1065 @@
+/*
+   MIT-Samba4 library
+
+   Copyright (c) 2010, Simo Sorce <idra@samba.org>
+   Copyright (c) 2014-2015 Guenther Deschner <gd@samba.org>
+   Copyright (c) 2014-2016 Andreas Schneider <asn@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#define TEVENT_DEPRECATED 1
+
+#include "includes.h"
+#include "param/param.h"
+#include "dsdb/samdb/samdb.h"
+#include "system/kerberos.h"
+#include "lib/replace/system/filesys.h"
+#include <com_err.h>
+#include <kdb.h>
+#include <kadm5/kadm_err.h>
+#include "kdc/sdb.h"
+#include "kdc/sdb_kdb.h"
+#include "auth/kerberos/kerberos.h"
+#include "auth/kerberos/pac_utils.h"
+#include "kdc/samba_kdc.h"
+#include "kdc/pac-glue.h"
+#include "kdc/db-glue.h"
+#include "auth/auth.h"
+#include "kdc/kpasswd_glue.h"
+#include "auth/auth_sam.h"
+
+#include "mit_samba.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_KERBEROS
+
+void mit_samba_context_free(struct mit_samba_context *ctx)
+{
+	/* free MIT's krb5_context */
+	if (ctx->context) {
+		krb5_free_context(ctx->context);
+	}
+
+	/* then free everything else */
+	talloc_free(ctx);
+}
+
+/*
+ * Implement a callback to log to the MIT KDC log facility
+ *
+ * http://web.mit.edu/kerberos/krb5-devel/doc/plugindev/general.html#logging-from-kdc-and-kadmind-plugin-modules
+ */
+static void mit_samba_debug(void *private_ptr, int msg_level, const char *msg)
+{
+	int is_error = errno;
+
+	if (msg_level > 0) {
+		is_error = 0;
+	}
+
+	com_err("mitkdc", is_error, "%s", msg);
+}
+
+krb5_error_code mit_samba_context_init(struct mit_samba_context **_ctx)
+{
+	NTSTATUS status;
+	struct mit_samba_context *ctx;
+	const char *s4_conf_file;
+	krb5_error_code ret;
+	struct samba_kdc_base_context base_ctx;
+
+	ctx = talloc_zero(NULL, struct mit_samba_context);
+	if (!ctx) {
+		ret = ENOMEM;
+		goto done;
+	}
+
+	base_ctx.ev_ctx = tevent_context_init(ctx);
+	if (!base_ctx.ev_ctx) {
+		ret = ENOMEM;
+		goto done;
+	}
+	tevent_loop_allow_nesting(base_ctx.ev_ctx);
+	base_ctx.lp_ctx = loadparm_init_global(false);
+	if (!base_ctx.lp_ctx) {
+		ret = ENOMEM;
+		goto done;
+	}
+
+	debug_set_callback(NULL, mit_samba_debug);
+
+	/* init s4 configuration */
+	s4_conf_file = lpcfg_configfile(base_ctx.lp_ctx);
+	if (s4_conf_file != NULL) {
+		char *p = talloc_strdup(ctx, s4_conf_file);
+		if (p == NULL) {
+			ret = ENOMEM;
+			goto done;
+		}
+		lpcfg_load(base_ctx.lp_ctx, p);
+		TALLOC_FREE(p);
+	} else {
+		lpcfg_load_default(base_ctx.lp_ctx);
+	}
+
+	status = samba_kdc_setup_db_ctx(ctx, &base_ctx, &ctx->db_ctx);
+	if (!NT_STATUS_IS_OK(status)) {
+		ret = EINVAL;
+		goto done;
+	}
+
+	/* init MIT's krb_context and log facilities */
+	ret = smb_krb5_init_context_basic(ctx,
+					  ctx->db_ctx->lp_ctx,
+					  &ctx->context);
+	if (ret) {
+		goto done;
+	}
+
+	ret = 0;
+
+done:
+	if (ret) {
+		mit_samba_context_free(ctx);
+	} else {
+		*_ctx = ctx;
+	}
+	return ret;
+}
+
+int mit_samba_generate_salt(krb5_data *salt)
+{
+	if (salt == NULL) {
+		return EINVAL;
+	}
+
+	salt->length = 16;
+	salt->data = malloc(salt->length);
+	if (salt->data == NULL) {
+		return ENOMEM;
+	}
+
+	generate_random_buffer((uint8_t *)salt->data, salt->length);
+
+	return 0;
+}
+
+int mit_samba_generate_random_password(krb5_data *pwd)
+{
+	TALLOC_CTX *tmp_ctx;
+	char *password;
+	char *data = NULL;
+	const unsigned length = 24;
+
+	if (pwd == NULL) {
+		return EINVAL;
+	}
+
+	tmp_ctx = talloc_named(NULL,
+			       0,
+			       "mit_samba_generate_random_password context");
+	if (tmp_ctx == NULL) {
+		return ENOMEM;
+	}
+
+	password = generate_random_password(tmp_ctx, length, length);
+	if (password == NULL) {
+		talloc_free(tmp_ctx);
+		return ENOMEM;
+	}
+
+	data = strdup(password);
+	talloc_free(tmp_ctx);
+	if (data == NULL) {
+		return ENOMEM;
+	}
+
+	*pwd = smb_krb5_make_data(data, length);
+
+	return 0;
+}
+
+krb5_error_code mit_samba_get_principal(struct mit_samba_context *ctx,
+					krb5_const_principal principal,
+					unsigned int kflags,
+					krb5_db_entry **_kentry)
+{
+	struct sdb_entry sentry = {};
+	krb5_db_entry *kentry;
+	krb5_error_code ret;
+	uint32_t sflags = 0;
+	krb5_principal referral_principal = NULL;
+
+	kentry = calloc(1, sizeof(krb5_db_entry));
+	if (kentry == NULL) {
+		return ENOMEM;
+	}
+
+	/*
+	 * The MIT KDC code that wants the canonical name in all lookups, and
+	 * takes care to canonicalize only when appropriate.
+	 */
+	sflags |= SDB_F_FORCE_CANON;
+
+	if (kflags & KRB5_KDB_FLAG_REFERRAL_OK) {
+		sflags |= SDB_F_CANON;
+	}
+
+	if (kflags & KRB5_KDB_FLAG_CLIENT) {
+		sflags |= SDB_F_GET_CLIENT;
+		sflags |= SDB_F_FOR_AS_REQ;
+	} else {
+		int equal = smb_krb5_principal_is_tgs(ctx->context, principal);
+		if (equal == -1) {
+			return ENOMEM;
+		}
+
+		if (equal) {
+			sflags |= SDB_F_GET_KRBTGT;
+		} else {
+			sflags |= SDB_F_GET_SERVER;
+			sflags |= SDB_F_FOR_TGS_REQ;
+		}
+	}
+
+	/* always set this or the created_by data will not be populated by samba's
+	 * backend and we will fail to parse the entry later */
+	sflags |= SDB_F_ADMIN_DATA;
+
+
+fetch_referral_principal:
+	ret = samba_kdc_fetch(ctx->context, ctx->db_ctx,
+			      principal, sflags, 0, &sentry);
+	switch (ret) {
+	case 0:
+		break;
+	case SDB_ERR_NOENTRY:
+		ret = KRB5_KDB_NOENTRY;
+		goto done;
+	case SDB_ERR_WRONG_REALM: {
+		char *dest_realm = NULL;
+		const char *our_realm = lpcfg_realm(ctx->db_ctx->lp_ctx);
+
+		if (sflags & SDB_F_FOR_AS_REQ) {
+			/*
+			 * If this is a request for a TGT, we are done. The KDC
+			 * will return the correct error to the client.
+			 */
+			ret = 0;
+			break;
+		}
+
+		if (referral_principal != NULL) {
+			sdb_entry_free(&sentry);
+			ret = KRB5_KDB_NOENTRY;
+			goto done;
+		}
+
+		/*
+		 * We get a TGS request
+		 *
+		 *     cifs/dc7.SAMBA2008R2.EXAMPLE.COM@ADDOM.SAMBA.EXAMPLE.COM
+		 *
+		 * to our DC for the realm
+		 *
+		 *     ADDOM.SAMBA.EXAMPLE.COM
+		 *
+		 * We look up if we have an entry in the database and get an
+		 * entry with the principal:
+		 *
+		 *     cifs/dc7.SAMBA2008R2.EXAMPLE.COM@SAMBA2008R2.EXAMPLE.COM
+		 *
+		 * and the error: SDB_ERR_WRONG_REALM.
+		 *
+		 * In the case of a TGS-REQ we need to return a referral ticket
+		 * for the next trust hop to the client. This ticket will have
+		 * the following principal:
+		 *
+		 *     krbtgt/SAMBA2008R2.EXAMPLE.COM@ADDOM.SAMBA.EXAMPLE.COM
+		 *
+		 * We just redo the lookup in the database with the referral
+		 * principal and return success.
+		 */
+		dest_realm = smb_krb5_principal_get_realm(
+			ctx, ctx->context, sentry.principal);
+		sdb_entry_free(&sentry);
+		if (dest_realm == NULL) {
+			ret = KRB5_KDB_NOENTRY;
+			goto done;
+		}
+
+		ret = smb_krb5_make_principal(ctx->context,
+					      &referral_principal,
+					      our_realm,
+					      KRB5_TGS_NAME,
+					      dest_realm,
+					      NULL);
+		TALLOC_FREE(dest_realm);
+		if (ret != 0) {
+			goto done;
+		}
+
+		principal = referral_principal;
+		goto fetch_referral_principal;
+	}
+	case SDB_ERR_NOT_FOUND_HERE:
+		/* FIXME: RODC support */
+	default:
+		goto done;
+	}
+
+	ret = sdb_entry_to_krb5_db_entry(ctx->context, &sentry, kentry);
+
+	sdb_entry_free(&sentry);
+
+done:
+	krb5_free_principal(ctx->context, referral_principal);
+	referral_principal = NULL;
+
+	if (ret) {
+		free(kentry);
+	} else {
+		*_kentry = kentry;
+	}
+	return ret;
+}
+
+krb5_error_code mit_samba_get_firstkey(struct mit_samba_context *ctx,
+				       krb5_db_entry **_kentry)
+{
+	struct sdb_entry sentry = {};
+	krb5_db_entry *kentry;
+	krb5_error_code ret;
+
+	kentry = malloc(sizeof(krb5_db_entry));
+	if (kentry == NULL) {
+		return ENOMEM;
+	}
+
+	ret = samba_kdc_firstkey(ctx->context, ctx->db_ctx, &sentry);
+	switch (ret) {
+	case 0:
+		break;
+	case SDB_ERR_NOENTRY:
+		free(kentry);
+		return KRB5_KDB_NOENTRY;
+	case SDB_ERR_NOT_FOUND_HERE:
+		/* FIXME: RODC support */
+	default:
+		free(kentry);
+		return ret;
+	}
+
+	ret = sdb_entry_to_krb5_db_entry(ctx->context, &sentry, kentry);
+
+	sdb_entry_free(&sentry);
+
+	if (ret) {
+		free(kentry);
+	} else {
+		*_kentry = kentry;
+	}
+	return ret;
+}
+
+krb5_error_code mit_samba_get_nextkey(struct mit_samba_context *ctx,
+				      krb5_db_entry **_kentry)
+{
+	struct sdb_entry sentry = {};
+	krb5_db_entry *kentry;
+	krb5_error_code ret;
+
+	kentry = malloc(sizeof(krb5_db_entry));
+	if (kentry == NULL) {
+		return ENOMEM;
+	}
+
+	ret = samba_kdc_nextkey(ctx->context, ctx->db_ctx, &sentry);
+	switch (ret) {
+	case 0:
+		break;
+	case SDB_ERR_NOENTRY:
+		free(kentry);
+		return KRB5_KDB_NOENTRY;
+	case SDB_ERR_NOT_FOUND_HERE:
+		/* FIXME: RODC support */
+	default:
+		free(kentry);
+		return ret;
+	}
+
+	ret = sdb_entry_to_krb5_db_entry(ctx->context, &sentry, kentry);
+
+	sdb_entry_free(&sentry);
+
+	if (ret) {
+		free(kentry);
+	} else {
+		*_kentry = kentry;
+	}
+	return ret;
+}
+
+krb5_error_code mit_samba_get_pac(struct mit_samba_context *smb_ctx,
+				  krb5_context context,
+				  uint32_t flags,
+				  krb5_db_entry *client,
+				  krb5_db_entry *server,
+				  krb5_keyblock *replaced_reply_key,
+				  krb5_pac *pac)
+{
+	TALLOC_CTX *tmp_ctx;
+	const struct auth_user_info_dc *user_info_dc = NULL;
+	struct auth_user_info_dc *user_info_dc_shallow_copy = NULL;
+	DATA_BLOB *logon_info_blob = NULL;
+	DATA_BLOB *upn_dns_info_blob = NULL;
+	DATA_BLOB *cred_ndr = NULL;
+	DATA_BLOB **cred_ndr_ptr = NULL;
+	DATA_BLOB cred_blob = data_blob_null;
+	DATA_BLOB *pcred_blob = NULL;
+	DATA_BLOB *pac_attrs_blob = NULL;
+	DATA_BLOB *requester_sid_blob = NULL;
+	const DATA_BLOB *client_claims_blob = NULL;
+	NTSTATUS nt_status;
+	krb5_error_code code;
+	struct samba_kdc_entry *skdc_entry;
+	struct samba_kdc_entry *server_entry = NULL;
+	bool is_krbtgt;
+	/* Only include resource groups in a service ticket. */
+	enum auth_group_inclusion group_inclusion;
+	enum samba_asserted_identity asserted_identity =
+		(flags & KRB5_KDB_FLAG_PROTOCOL_TRANSITION) ?
+			SAMBA_ASSERTED_IDENTITY_SERVICE :
+			SAMBA_ASSERTED_IDENTITY_AUTHENTICATION_AUTHORITY;
+
+	if (client == NULL) {
+		return EINVAL;
+	}
+	skdc_entry = talloc_get_type_abort(client->e_data,
+					   struct samba_kdc_entry);
+
+	if (server == NULL) {
+		return EINVAL;
+	}
+	{
+		int result = smb_krb5_principal_is_tgs(smb_ctx->context, server->princ);
+		if (result == -1) {
+			return ENOMEM;
+		}
+
+		is_krbtgt = result;
+	}
+	server_entry = talloc_get_type_abort(server->e_data,
+					     struct samba_kdc_entry);
+
+	/* Only include resource groups in a service ticket. */
+	if (is_krbtgt) {
+		group_inclusion = AUTH_EXCLUDE_RESOURCE_GROUPS;
+	} else if (server_entry->supported_enctypes & KERB_ENCTYPE_RESOURCE_SID_COMPRESSION_DISABLED) {
+		group_inclusion = AUTH_INCLUDE_RESOURCE_GROUPS;
+	} else {
+		group_inclusion = AUTH_INCLUDE_RESOURCE_GROUPS_COMPRESSED;
+	}
+
+	tmp_ctx = talloc_named(smb_ctx,
+			       0,
+			       "mit_samba_get_pac context");
+	if (tmp_ctx == NULL) {
+		return ENOMEM;
+	}
+
+	/* Check if we have a PREAUTH key */
+	if (replaced_reply_key != NULL) {
+		cred_ndr_ptr = &cred_ndr;
+	}
+
+	code = samba_kdc_get_user_info_from_db(tmp_ctx,
+					       server_entry->kdc_db_ctx->samdb,
+					       skdc_entry,
+					       skdc_entry->msg,
+					       &user_info_dc);
+	if (code) {
+		talloc_free(tmp_ctx);
+		return code;
+	}
+
+	/* Make a shallow copy of the user_info_dc structure. */
+	nt_status = authsam_shallow_copy_user_info_dc(tmp_ctx,
+						      user_info_dc,
+						      &user_info_dc_shallow_copy);
+	user_info_dc = NULL;
+
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		DBG_ERR("Failed to allocate shallow copy of user_info_dc: %s\n",
+			nt_errstr(nt_status));
+		talloc_free(tmp_ctx);
+		return map_errno_from_nt_status(nt_status);
+	}
+
+
+	nt_status = samba_kdc_add_asserted_identity(asserted_identity,
+						    user_info_dc_shallow_copy);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		DBG_ERR("Failed to add asserted identity: %s\n",
+			nt_errstr(nt_status));
+		talloc_free(tmp_ctx);
+		return EINVAL;
+	}
+
+	nt_status = samba_kdc_add_claims_valid(user_info_dc_shallow_copy);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		DBG_ERR("Failed to add Claims Valid: %s\n",
+			nt_errstr(nt_status));
+		talloc_free(tmp_ctx);
+		return EINVAL;
+	}
+
+	/* We no longer need to modify this, so assign to const variable */
+	user_info_dc = user_info_dc_shallow_copy;
+
+	nt_status = samba_kdc_get_logon_info_blob(tmp_ctx,
+						  user_info_dc,
+						  group_inclusion,
+						  &logon_info_blob);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(tmp_ctx);
+		return EINVAL;
+	}
+
+	if (cred_ndr_ptr != NULL) {
+		nt_status = samba_kdc_get_cred_ndr_blob(tmp_ctx,
+							skdc_entry,
+							cred_ndr_ptr);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			talloc_free(tmp_ctx);
+			return EINVAL;
+		}
+	}
+
+	nt_status = samba_kdc_get_upn_info_blob(tmp_ctx,
+						user_info_dc,
+						&upn_dns_info_blob);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(tmp_ctx);
+		return EINVAL;
+	}
+
+	if (is_krbtgt) {
+		nt_status = samba_kdc_get_pac_attrs_blob(tmp_ctx,
+							 PAC_ATTRIBUTE_FLAG_PAC_WAS_GIVEN_IMPLICITLY,
+							 &pac_attrs_blob);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			talloc_free(tmp_ctx);
+			return EINVAL;
+		}
+
+		nt_status = samba_kdc_get_requester_sid_blob(tmp_ctx,
+							     user_info_dc,
+							     &requester_sid_blob);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			talloc_free(tmp_ctx);
+			return EINVAL;
+		}
+	}
+
+	nt_status = samba_kdc_get_claims_blob(tmp_ctx,
+					      skdc_entry,
+					      &client_claims_blob);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(tmp_ctx);
+		return EINVAL;
+	}
+
+	if (replaced_reply_key != NULL && cred_ndr != NULL) {
+		code = samba_kdc_encrypt_pac_credentials(context,
+							 replaced_reply_key,
+							 cred_ndr,
+							 tmp_ctx,
+							 &cred_blob);
+		if (code != 0) {
+			talloc_free(tmp_ctx);
+			return code;
+		}
+		pcred_blob = &cred_blob;
+	}
+
+	code = samba_make_krb5_pac(context,
+				   logon_info_blob,
+				   pcred_blob,
+				   upn_dns_info_blob,
+				   pac_attrs_blob,
+				   requester_sid_blob,
+				   NULL /* deleg_blob */,
+				   client_claims_blob,
+				   NULL /* device_info_blob */,
+				   NULL /* device_claims_blob */,
+				   *pac);
+
+	talloc_free(tmp_ctx);
+	return code;
+}
+
+krb5_error_code mit_samba_update_pac(struct mit_samba_context *ctx,
+				    krb5_context context,
+				    int kdc_flags,
+				    krb5_db_entry *client,
+				    krb5_db_entry *server,
+				    krb5_db_entry *krbtgt,
+				    krb5_pac old_pac,
+				    krb5_pac new_pac)
+{
+	TALLOC_CTX *tmp_ctx = NULL;
+	krb5_error_code code;
+	struct samba_kdc_entry *client_skdc_entry = NULL;
+	struct samba_kdc_entry *server_skdc_entry = NULL;
+	struct samba_kdc_entry *krbtgt_skdc_entry = NULL;
+	struct samba_kdc_entry_pac client_pac_entry = {};
+	bool is_in_db = false;
+	bool is_trusted = false;
+	uint32_t flags = 0;
+
+	/* Create a memory context early so code can use talloc_stackframe() */
+	tmp_ctx = talloc_named(ctx, 0, "mit_samba_update_pac context");
+	if (tmp_ctx == NULL) {
+		return ENOMEM;
+	}
+
+	if (client != NULL) {
+		client_skdc_entry =
+			talloc_get_type_abort(client->e_data,
+					      struct samba_kdc_entry);
+	}
+
+	if (krbtgt == NULL) {
+		code = EINVAL;
+		goto done;
+	}
+	krbtgt_skdc_entry =
+		talloc_get_type_abort(krbtgt->e_data,
+				      struct samba_kdc_entry);
+
+	if (server == NULL) {
+		code = EINVAL;
+		goto done;
+	}
+	server_skdc_entry =
+		talloc_get_type_abort(server->e_data,
+				      struct samba_kdc_entry);
+
+	/*
+	 * If the krbtgt was generated by an RODC, and we are not that
+	 * RODC, then we need to regenerate the PAC - we can't trust
+	 * it, and confirm that the RODC was permitted to print this ticket
+	 *
+	 * Because of the samba_kdc_validate_pac_blob() step we can be
+	 * sure that the record in 'client' or 'server' matches the SID in the
+	 * original PAC.
+	 */
+	code = samba_krbtgt_is_in_db(krbtgt_skdc_entry,
+				     &is_in_db,
+				     &is_trusted);
+	if (code != 0) {
+		goto done;
+	}
+
+	if (kdc_flags & KRB5_KDB_FLAG_PROTOCOL_TRANSITION) {
+		flags |= SAMBA_KDC_FLAG_PROTOCOL_TRANSITION;
+	}
+
+	if (kdc_flags & KRB5_KDB_FLAG_CONSTRAINED_DELEGATION) {
+		flags |= SAMBA_KDC_FLAG_CONSTRAINED_DELEGATION;
+	}
+
+	client_pac_entry = samba_kdc_entry_pac_from_trusted(old_pac,
+							    client_skdc_entry,
+							    samba_kdc_entry_is_trust(krbtgt_skdc_entry),
+							    is_trusted);
+
+	code = samba_kdc_verify_pac(tmp_ctx,
+				    context,
+				    krbtgt_skdc_entry->kdc_db_ctx->samdb,
+				    flags,
+				    client_pac_entry,
+				    krbtgt_skdc_entry);
+	if (code != 0) {
+		goto done;
+	}
+
+	code = samba_kdc_update_pac(tmp_ctx,
+				    context,
+				    krbtgt_skdc_entry->kdc_db_ctx->samdb,
+				    krbtgt_skdc_entry->kdc_db_ctx->lp_ctx,
+				    flags,
+				    client_pac_entry,
+				    server->princ,
+				    server_skdc_entry,
+				    NULL /* delegated_proxy_principal */,
+				    (struct samba_kdc_entry_pac) {} /* delegated_proxy */,
+				    (struct samba_kdc_entry_pac) {} /* device */,
+				    new_pac,
+				    NULL /* server_audit_info_out */,
+				    NULL /* status_out */);
+	if (code != 0) {
+		if (code == ENOATTR) {
+			/*
+			 * We can't tell the KDC to not issue a PAC. It will
+			 * just return the newly allocated empty PAC.
+			 */
+			code = 0;
+		}
+	}
+
+done:
+	talloc_free(tmp_ctx);
+	return code;
+}
+
+/* provide header, function is exported but there are no public headers */
+
+krb5_error_code encode_krb5_padata_sequence(krb5_pa_data *const *rep, krb5_data **code);
+
+/* this function allocates 'data' using malloc.
+ * The caller is responsible for freeing it */
+static void samba_kdc_build_edata_reply(NTSTATUS nt_status, DATA_BLOB *e_data)
+{
+	krb5_error_code ret = 0;
+	krb5_pa_data pa, *ppa[2];
+	krb5_data *d = NULL;
+
+	if (!e_data)
+		return;
+
+	e_data->data   = NULL;
+	e_data->length = 0;
+
+	pa.magic		= KV5M_PA_DATA;
+	pa.pa_type		= KRB5_PADATA_PW_SALT /* KERB_ERR_TYPE_EXTENDED */;
+	pa.length		= 12;
+	pa.contents		= malloc(pa.length);
+	if (!pa.contents) {
+		return;
+	}
+
+	SIVAL(pa.contents, 0, NT_STATUS_V(nt_status));
+	SIVAL(pa.contents, 4, 0);
+	SIVAL(pa.contents, 8, 1);
+
+	ppa[0] = &pa;
+	ppa[1] = NULL;
+
+	ret = encode_krb5_padata_sequence(ppa, &d);
+	free(pa.contents);
+	if (ret) {
+		return;
+	}
+
+	e_data->data   = (uint8_t *)d->data;
+	e_data->length = d->length;
+
+	/* free d, not d->data - gd */
+	free(d);
+
+	return;
+}
+
+krb5_error_code mit_samba_check_client_access(struct mit_samba_context *ctx,
+					      krb5_db_entry *client,
+					      const char *client_name,
+					      krb5_db_entry *server,
+					      const char *server_name,
+					      const char *netbios_name,
+					      bool password_change,
+					      DATA_BLOB *e_data)
+{
+	struct samba_kdc_entry *skdc_entry;
+	NTSTATUS nt_status;
+
+	skdc_entry = talloc_get_type(client->e_data, struct samba_kdc_entry);
+
+	nt_status = samba_kdc_check_client_access(skdc_entry,
+						  client_name,
+						  netbios_name,
+						  password_change);
+
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_MEMORY)) {
+			return ENOMEM;
+		}
+
+		samba_kdc_build_edata_reply(nt_status, e_data);
+
+		return samba_kdc_map_policy_err(nt_status);
+	}
+
+	return 0;
+}
+
+krb5_error_code mit_samba_check_s4u2proxy(struct mit_samba_context *ctx,
+					  const krb5_db_entry *server,
+					  krb5_const_principal target_principal)
+{
+	struct samba_kdc_entry *server_skdc_entry =
+		talloc_get_type_abort(server->e_data, struct samba_kdc_entry);
+	krb5_error_code code;
+
+	code = samba_kdc_check_s4u2proxy(ctx->context,
+					 ctx->db_ctx,
+					 server_skdc_entry,
+					 target_principal);
+
+	return code;
+}
+
+krb5_error_code mit_samba_check_allowed_to_delegate_from(
+		struct mit_samba_context *ctx,
+		krb5_const_principal client_principal,
+		krb5_const_principal server_principal,
+		krb5_pac header_pac,
+		const krb5_db_entry *proxy)
+{
+	struct samba_kdc_entry *proxy_skdc_entry =
+		talloc_get_type_abort(proxy->e_data, struct samba_kdc_entry);
+	struct auth_user_info_dc *user_info_dc = NULL;
+	TALLOC_CTX *mem_ctx = NULL;
+	krb5_error_code code;
+
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		return ENOMEM;
+	}
+
+	/*
+	 * FIXME: If ever we support RODCs, we must check that the PAC has not
+	 * been issued by an RODC (other than ourselves) — otherwise the PAC
+	 * cannot be trusted. Because the plugin interface does not give us the
+	 * client entry, we cannot look up its groups in the database.
+	 */
+	code = kerberos_pac_to_user_info_dc(mem_ctx,
+					    header_pac,
+					    ctx->context,
+					    &user_info_dc,
+					    AUTH_INCLUDE_RESOURCE_GROUPS,
+					    NULL,
+					    NULL,
+					    NULL);
+	if (code != 0) {
+		goto out;
+	}
+
+	code = samba_kdc_check_s4u2proxy_rbcd(ctx->context,
+					      ctx->db_ctx,
+					      client_principal,
+					      server_principal,
+					      user_info_dc,
+					      NULL /* device_info_dc */,
+					      (struct auth_claims) {},
+					      proxy_skdc_entry);
+out:
+	talloc_free(mem_ctx);
+	return code;
+}
+
+static krb5_error_code mit_samba_change_pwd_error(krb5_context context,
+						  NTSTATUS result,
+						  enum samPwdChangeReason reject_reason,
+						  struct samr_DomInfo1 *dominfo)
+{
+	krb5_error_code code = KADM5_PASS_Q_GENERIC;
+
+	if (NT_STATUS_EQUAL(result, NT_STATUS_NO_SUCH_USER)) {
+		code = KADM5_BAD_PRINCIPAL;
+		krb5_set_error_message(context,
+				       code,
+				       "No such user when changing password");
+	}
+	if (NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED)) {
+		code = KADM5_PASS_Q_GENERIC;
+		krb5_set_error_message(context,
+				       code,
+				       "Not permitted to change password");
+	}
+	if (NT_STATUS_EQUAL(result, NT_STATUS_PASSWORD_RESTRICTION) &&
+	    dominfo != NULL) {
+		switch (reject_reason) {
+		case SAM_PWD_CHANGE_PASSWORD_TOO_SHORT:
+			code = KADM5_PASS_Q_TOOSHORT;
+			krb5_set_error_message(context,
+					       code,
+					       "Password too short, password "
+					       "must be at least %d characters "
+					       "long.",
+					       dominfo->min_password_length);
+			break;
+		case SAM_PWD_CHANGE_NOT_COMPLEX:
+			code = KADM5_PASS_Q_DICT;
+			krb5_set_error_message(context,
+					       code,
+					       "Password does not meet "
+					       "complexity requirements");
+			break;
+		case SAM_PWD_CHANGE_PWD_IN_HISTORY:
+			code = KADM5_PASS_TOOSOON;
+			krb5_set_error_message(context,
+					       code,
+					       "Password is already in password "
+					       "history. New password must not "
+					       "match any of your %d previous "
+					       "passwords.",
+					       dominfo->password_history_length);
+			break;
+		default:
+			code = KADM5_PASS_Q_GENERIC;
+			krb5_set_error_message(context,
+					       code,
+					       "Password change rejected, "
+					       "password changes may not be "
+					       "permitted on this account, or "
+					       "the minimum password age may "
+					       "not have elapsed.");
+			break;
+		}
+	}
+
+	return code;
+}
+
+krb5_error_code mit_samba_kpasswd_change_password(struct mit_samba_context *ctx,
+						  char *pwd,
+						  krb5_db_entry *db_entry)
+{
+	NTSTATUS status;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	TALLOC_CTX *tmp_ctx;
+	DATA_BLOB password;
+	enum samPwdChangeReason reject_reason;
+	struct samr_DomInfo1 *dominfo;
+	const char *error_string = NULL;
+	const struct auth_user_info_dc *user_info_dc = NULL;
+	struct samba_kdc_entry *p =
+		talloc_get_type_abort(db_entry->e_data, struct samba_kdc_entry);
+	krb5_error_code code = 0;
+
+#ifdef DEBUG_PASSWORD
+	DBG_WARNING("mit_samba_kpasswd_change_password called with: %s\n", pwd);
+#endif
+
+	tmp_ctx = talloc_named(ctx, 0, "mit_samba_kpasswd_change_password");
+	if (tmp_ctx == NULL) {
+		return ENOMEM;
+	}
+
+	code = samba_kdc_get_user_info_from_db(tmp_ctx,
+					       ctx->db_ctx->samdb,
+					       p,
+					       p->msg,
+					       &user_info_dc);
+	if (code) {
+		const char *krb5err = krb5_get_error_message(ctx->context, code);
+		DBG_WARNING("samba_kdc_get_user_info_from_db failed: %s\n",
+			krb5err != NULL ? krb5err : "<unknown>");
+		krb5_free_error_message(ctx->context, krb5err);
+
+		goto out;
+	}
+
+	status = auth_generate_session_info(tmp_ctx,
+					    ctx->db_ctx->lp_ctx,
+					    ctx->db_ctx->samdb,
+					    user_info_dc,
+					    0, /* session_info_flags */
+					    &ctx->session_info);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		DBG_WARNING("auth_generate_session_info failed: %s\n",
+			    nt_errstr(status));
+		code = EINVAL;
+		goto out;
+	}
+
+	/* password is expected as UTF16 */
+
+	if (!convert_string_talloc(tmp_ctx, CH_UTF8, CH_UTF16,
+				   pwd, strlen(pwd),
+				   &password.data, &password.length)) {
+		DBG_WARNING("convert_string_talloc failed\n");
+		code = EINVAL;
+		goto out;
+	}
+
+	status = samdb_kpasswd_change_password(tmp_ctx,
+					       ctx->db_ctx->lp_ctx,
+					       ctx->db_ctx->ev_ctx,
+					       ctx->session_info,
+					       &password,
+					       &reject_reason,
+					       &dominfo,
+					       &error_string,
+					       &result);
+	if (!NT_STATUS_IS_OK(status)) {
+		DBG_WARNING("samdb_kpasswd_change_password failed: %s\n",
+			    nt_errstr(status));
+		code = KADM5_PASS_Q_GENERIC;
+		krb5_set_error_message(ctx->context, code, "%s", error_string);
+		goto out;
+	}
+
+	if (!NT_STATUS_IS_OK(result)) {
+		code = mit_samba_change_pwd_error(ctx->context,
+						  result,
+						  reject_reason,
+						  dominfo);
+	}
+
+out:
+	talloc_free(tmp_ctx);
+
+	return code;
+}
+
+void mit_samba_zero_bad_password_count(krb5_db_entry *db_entry)
+{
+	/* struct netr_SendToSamBase *send_to_sam = NULL; */
+	struct samba_kdc_entry *p =
+		talloc_get_type_abort(db_entry->e_data, struct samba_kdc_entry);
+	struct ldb_dn *domain_dn;
+
+	domain_dn = ldb_get_default_basedn(p->kdc_db_ctx->samdb);
+
+	authsam_logon_success_accounting(p->kdc_db_ctx->samdb,
+					 p->msg,
+					 domain_dn,
+					 true,
+					 NULL, NULL);
+	/* TODO: RODC support */
+}
+
+
+void mit_samba_update_bad_password_count(krb5_db_entry *db_entry)
+{
+	struct samba_kdc_entry *p =
+		talloc_get_type_abort(db_entry->e_data, struct samba_kdc_entry);
+
+	authsam_update_bad_pwd_count(p->kdc_db_ctx->samdb,
+				     p->msg,
+				     ldb_get_default_basedn(p->kdc_db_ctx->samdb));
+}
+
+bool mit_samba_princ_needs_pac(krb5_db_entry *db_entry)
+{
+	struct samba_kdc_entry *skdc_entry =
+		talloc_get_type_abort(db_entry->e_data, struct samba_kdc_entry);
+
+	return samba_princ_needs_pac(skdc_entry);
+}
diff --git a/source4/kdc/mit_samba.h b/source4/kdc/mit_samba.h
new file mode 100644
index 0000000..0357408
--- /dev/null
+++ b/source4/kdc/mit_samba.h
@@ -0,0 +1,106 @@
+/*
+   MIT-Samba4 library
+
+   Copyright (c) 2010, Simo Sorce <idra@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _MIT_SAMBA_H
+#define _MIT_SAMBA_H
+
+struct mit_samba_context {
+	struct auth_session_info *session_info;
+
+	/* for compat with hdb plugin common code */
+	krb5_context context;
+	struct samba_kdc_db_context *db_ctx;
+};
+
+int mit_samba_context_init(struct mit_samba_context **_ctx);
+
+void mit_samba_context_free(struct mit_samba_context *ctx);
+
+int mit_samba_generate_salt(krb5_data *salt);
+
+int mit_samba_generate_random_password(krb5_data *pwd);
+
+int mit_samba_get_principal(struct mit_samba_context *ctx,
+				   krb5_const_principal principal,
+				   unsigned int kflags,
+				   krb5_db_entry **_kentry);
+
+int mit_samba_get_firstkey(struct mit_samba_context *ctx,
+			   krb5_db_entry **_kentry);
+
+int mit_samba_get_nextkey(struct mit_samba_context *ctx,
+			  krb5_db_entry **_kentry);
+
+int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
+		      krb5_context context,
+		      uint32_t flags,
+		      krb5_db_entry *client,
+		      krb5_db_entry *server,
+		      krb5_keyblock *replaced_reply_key,
+		      krb5_pac *pac);
+
+krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
+				    krb5_context context,
+				    int flags,
+				    krb5_const_principal client_principal,
+				    krb5_db_entry *client,
+				    krb5_db_entry *server,
+				    krb5_db_entry *krbtgt,
+				    krb5_keyblock *krbtgt_keyblock,
+				    krb5_pac *pac);
+
+krb5_error_code mit_samba_update_pac(struct mit_samba_context *ctx,
+				    krb5_context context,
+				    int flags,
+				    krb5_db_entry *client,
+				    krb5_db_entry *server,
+				    krb5_db_entry *signing_krbtgt,
+				    krb5_pac old_pac,
+				    krb5_pac new_pac);
+
+int mit_samba_check_client_access(struct mit_samba_context *ctx,
+				  krb5_db_entry *client,
+				  const char *client_name,
+				  krb5_db_entry *server,
+				  const char *server_name,
+				  const char *netbios_name,
+				  bool password_change,
+				  DATA_BLOB *e_data);
+
+int mit_samba_check_s4u2proxy(struct mit_samba_context *ctx,
+			      const krb5_db_entry *server,
+			      krb5_const_principal target_principal);
+krb5_error_code mit_samba_check_allowed_to_delegate_from(
+		struct mit_samba_context *ctx,
+		krb5_const_principal client,
+		krb5_const_principal server,
+		krb5_pac header_pac,
+		const krb5_db_entry *proxy);
+
+int mit_samba_kpasswd_change_password(struct mit_samba_context *ctx,
+				      char *pwd,
+				      krb5_db_entry *db_entry);
+
+void mit_samba_zero_bad_password_count(krb5_db_entry *db_entry);
+
+void mit_samba_update_bad_password_count(krb5_db_entry *db_entry);
+
+bool mit_samba_princ_needs_pac(krb5_db_entry *db_entry);
+
+#endif /* _MIT_SAMBA_H */
diff --git a/source4/kdc/pac-blobs.c b/source4/kdc/pac-blobs.c
new file mode 100644
index 0000000..9cf79e7
--- /dev/null
+++ b/source4/kdc/pac-blobs.c
@@ -0,0 +1,253 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   PAC Glue between Samba and the KDC
+
+   Copyright (C) Catalyst.Net Ltd 2023
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "source4/kdc/pac-blobs.h"
+
+#include "lib/util/debug.h"
+#include "lib/util/samba_util.h"
+
+static inline size_t *pac_blobs_get_index(struct pac_blobs *pac_blobs, size_t type)
+{
+	/* Ensure the type is valid. */
+	SMB_ASSERT(type >= PAC_TYPE_BEGIN);
+	SMB_ASSERT(type < PAC_TYPE_END);
+
+	return &pac_blobs->type_index[type - PAC_TYPE_BEGIN];
+}
+
+static inline struct type_data *pac_blobs_get(struct pac_blobs *pac_blobs, size_t type)
+{
+	size_t index = *pac_blobs_get_index(pac_blobs, type);
+	SMB_ASSERT(index < pac_blobs->num_types);
+
+	return &pac_blobs->type_blobs[index];
+}
+
+krb5_error_code pac_blobs_from_krb5_pac(TALLOC_CTX *mem_ctx,
+					krb5_context context,
+					const krb5_const_pac pac,
+					struct pac_blobs **pac_blobs)
+{
+	krb5_error_code code = 0;
+	uint32_t *types = NULL;
+	struct pac_blobs *blobs = NULL;
+	size_t i;
+
+	SMB_ASSERT(pac_blobs != NULL);
+	*pac_blobs = NULL;
+
+	blobs = talloc(mem_ctx, struct pac_blobs);
+	if (blobs == NULL) {
+		code = ENOMEM;
+		goto out;
+	}
+
+	*blobs = (struct pac_blobs) {};
+
+	/* Initialize the array indices. */
+	for (i = 0; i < ARRAY_SIZE(blobs->type_index); ++i) {
+		blobs->type_index[i] = SIZE_MAX;
+	}
+
+	code = krb5_pac_get_types(context, pac, &blobs->num_types, &types);
+	if (code != 0) {
+		DBG_ERR("krb5_pac_get_types failed\n");
+		goto out;
+	}
+
+	blobs->type_blobs = talloc_array(blobs, struct type_data, blobs->num_types);
+	if (blobs->type_blobs == NULL) {
+		DBG_ERR("Out of memory\n");
+		code = ENOMEM;
+		goto out;
+	}
+
+	for (i = 0; i < blobs->num_types; ++i) {
+		uint32_t type = types[i];
+		size_t *type_index = NULL;
+
+		blobs->type_blobs[i] = (struct type_data) {
+			.type = type,
+			.data = NULL,
+		};
+
+		switch (type) {
+			/* PAC buffer types that we support. */
+		case PAC_TYPE_LOGON_INFO:
+		case PAC_TYPE_CREDENTIAL_INFO:
+		case PAC_TYPE_SRV_CHECKSUM:
+		case PAC_TYPE_KDC_CHECKSUM:
+		case PAC_TYPE_LOGON_NAME:
+		case PAC_TYPE_CONSTRAINED_DELEGATION:
+		case PAC_TYPE_UPN_DNS_INFO:
+		case PAC_TYPE_CLIENT_CLAIMS_INFO:
+		case PAC_TYPE_DEVICE_INFO:
+		case PAC_TYPE_DEVICE_CLAIMS_INFO:
+		case PAC_TYPE_TICKET_CHECKSUM:
+		case PAC_TYPE_ATTRIBUTES_INFO:
+		case PAC_TYPE_REQUESTER_SID:
+		case PAC_TYPE_FULL_CHECKSUM:
+			type_index = pac_blobs_get_index(blobs, type);
+			if (*type_index != SIZE_MAX) {
+				DBG_WARNING("PAC buffer type[%"PRIu32"] twice\n", type);
+				code = EINVAL;
+				goto out;
+			}
+			*type_index = i;
+
+			break;
+		default:
+			break;
+		}
+	}
+
+	*pac_blobs = blobs;
+	blobs = NULL;
+
+out:
+	SAFE_FREE(types);
+	TALLOC_FREE(blobs);
+	return code;
+}
+
+krb5_error_code _pac_blobs_ensure_exists(struct pac_blobs *pac_blobs,
+					 const uint32_t type,
+					 const char *name,
+					 const char *location,
+					 const char *function)
+{
+	if (*pac_blobs_get_index(pac_blobs, type) == SIZE_MAX) {
+		DEBUGLF(DBGLVL_ERR, ("%s: %s missing\n", function, name), location, function);
+		return EINVAL;
+	}
+
+	return 0;
+}
+
+krb5_error_code _pac_blobs_replace_existing(struct pac_blobs *pac_blobs,
+					    const uint32_t type,
+					    const char *name,
+					    const DATA_BLOB *blob,
+					    const char *location,
+					    const char *function)
+{
+	krb5_error_code code;
+
+	code = _pac_blobs_ensure_exists(pac_blobs,
+					type,
+					name,
+					location,
+					function);
+	if (code != 0) {
+		return code;
+	}
+
+	pac_blobs_get(pac_blobs, type)->data = blob;
+
+	return 0;
+}
+
+krb5_error_code pac_blobs_add_blob(struct pac_blobs *pac_blobs,
+				   const uint32_t type,
+				   const DATA_BLOB *blob)
+{
+	size_t *index = NULL;
+
+	if (blob == NULL) {
+		return 0;
+	}
+
+	index = pac_blobs_get_index(pac_blobs, type);
+	if (*index == SIZE_MAX) {
+		struct type_data *type_blobs = NULL;
+
+		type_blobs = talloc_realloc(pac_blobs,
+					    pac_blobs->type_blobs,
+					    struct type_data,
+					    pac_blobs->num_types + 1);
+		if (type_blobs == NULL) {
+			DBG_ERR("Out of memory\n");
+			return ENOMEM;
+		}
+
+		pac_blobs->type_blobs = type_blobs;
+		*index = pac_blobs->num_types++;
+	}
+
+	*pac_blobs_get(pac_blobs, type) = (struct type_data) {
+		.type = type,
+		.data = blob,
+	};
+
+	return 0;
+}
+
+void pac_blobs_remove_blob(struct pac_blobs *pac_blobs,
+			   const uint32_t type)
+{
+	struct type_data *type_blobs = NULL;
+	size_t found_index;
+	size_t i;
+
+	/* Get the index of this PAC buffer type. */
+	found_index = *pac_blobs_get_index(pac_blobs, type);
+	if (found_index == SIZE_MAX) {
+		/* We don't have a PAC buffer of this type, so we're done. */
+		return;
+	}
+
+	/* Since the PAC buffer is present, there will be at least one type in the array. */
+	SMB_ASSERT(pac_blobs->num_types > 0);
+
+	/* The index should be valid. */
+	SMB_ASSERT(found_index < pac_blobs->num_types);
+
+	/*
+	 * Even though a consistent ordering of PAC buffers is not to be relied
+	 * upon, we must still maintain the ordering we are given.
+	 */
+	for (i = found_index; i < pac_blobs->num_types - 1; ++i) {
+		size_t moved_type;
+
+		/* Shift each following element backwards by one. */
+		pac_blobs->type_blobs[i] = pac_blobs->type_blobs[i + 1];
+
+		/* Mark the new position of the moved element in the index. */
+		moved_type = pac_blobs->type_blobs[i].type;
+		if (moved_type >= PAC_TYPE_BEGIN && moved_type < PAC_TYPE_END) {
+			*pac_blobs_get_index(pac_blobs, moved_type) = i;
+		}
+	}
+
+	/* Mark the removed element as no longer present. */
+	*pac_blobs_get_index(pac_blobs, type) = SIZE_MAX;
+
+	/* We do not free the removed data blob, as it may be statically allocated (e.g., a null blob). */
+
+	/* Remove the last element from the array. */
+	type_blobs = talloc_realloc(pac_blobs,
+				    pac_blobs->type_blobs,
+				    struct type_data,
+				    --pac_blobs->num_types);
+	if (type_blobs != NULL) {
+		pac_blobs->type_blobs = type_blobs;
+	}
+}
diff --git a/source4/kdc/pac-blobs.h b/source4/kdc/pac-blobs.h
new file mode 100644
index 0000000..0c5f034
--- /dev/null
+++ b/source4/kdc/pac-blobs.h
@@ -0,0 +1,83 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   PAC Glue between Samba and the KDC
+
+   Copyright (C) Catalyst.Net Ltd 2023
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "lib/replace/replace.h"
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include "system/kerberos.h"
+#include "auth/kerberos/kerberos.h"
+#include <krb5/krb5.h>
+
+#include "lib/util/data_blob.h"
+#include "librpc/gen_ndr/ndr_krb5pac.h"
+
+struct type_data {
+	uint32_t type;
+	const DATA_BLOB *data;
+};
+
+struct pac_blobs {
+	size_t type_index[PAC_TYPE_COUNT];
+	struct type_data *type_blobs;
+	size_t num_types;
+};
+
+krb5_error_code pac_blobs_from_krb5_pac(TALLOC_CTX *mem_ctx,
+					krb5_context context,
+					const krb5_const_pac pac,
+					struct pac_blobs **pac_blobs);
+
+#define pac_blobs_ensure_exists(pac_blobs, type) \
+	_pac_blobs_ensure_exists(pac_blobs, \
+				 type, \
+				 #type, \
+				 __location__, \
+				 __func__)
+
+krb5_error_code _pac_blobs_ensure_exists(struct pac_blobs *pac_blobs,
+					 const uint32_t type,
+					 const char *name,
+					 const char *location,
+					 const char *function);
+
+#define pac_blobs_replace_existing(pac_blobs, type, blob) \
+	_pac_blobs_replace_existing(pac_blobs, \
+				    type, \
+				    #type, \
+				    blob, \
+				    __location__, \
+				    __func__)
+
+krb5_error_code _pac_blobs_replace_existing(struct pac_blobs *pac_blobs,
+					    const uint32_t type,
+					    const char *name,
+					    const DATA_BLOB *blob,
+					    const char *location,
+					    const char *function);
+
+krb5_error_code pac_blobs_add_blob(struct pac_blobs *pac_blobs,
+				   const uint32_t type,
+				   const DATA_BLOB *blob);
+
+void pac_blobs_remove_blob(struct pac_blobs *pac_blobs,
+			   const uint32_t type);
diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
new file mode 100644
index 0000000..12465b7
--- /dev/null
+++ b/source4/kdc/pac-glue.c
@@ -0,0 +1,3248 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   PAC Glue between Samba and the KDC
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2009
+   Copyright (C) Simo Sorce <idra@samba.org> 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "lib/replace/replace.h"
+#include "lib/replace/system/kerberos.h"
+#include "lib/replace/system/filesys.h"
+#include "lib/util/debug.h"
+#include "lib/util/samba_util.h"
+#include "lib/util/talloc_stack.h"
+
+#include "auth/auth_sam_reply.h"
+#include "auth/kerberos/kerberos.h"
+#include "auth/kerberos/pac_utils.h"
+#include "auth/authn_policy.h"
+#include "libcli/security/security.h"
+#include "libds/common/flags.h"
+#include "librpc/gen_ndr/ndr_krb5pac.h"
+#include "param/param.h"
+#include "source4/auth/auth.h"
+#include "source4/dsdb/common/util.h"
+#include "source4/dsdb/samdb/samdb.h"
+#include "source4/kdc/authn_policy_util.h"
+#include "source4/kdc/samba_kdc.h"
+#include "source4/kdc/pac-glue.h"
+#include "source4/kdc/ad_claims.h"
+#include "source4/kdc/pac-blobs.h"
+
+#include <ldb.h>
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_KERBEROS
+
+static
+NTSTATUS samba_get_logon_info_pac_blob(TALLOC_CTX *mem_ctx,
+				       const struct auth_user_info_dc *info,
+				       const struct PAC_DOMAIN_GROUP_MEMBERSHIP *override_resource_groups,
+				       const enum auth_group_inclusion group_inclusion,
+				       DATA_BLOB *pac_data)
+{
+	TALLOC_CTX *tmp_ctx = NULL;
+	struct netr_SamInfo3 *info3 = NULL;
+	struct PAC_DOMAIN_GROUP_MEMBERSHIP *_resource_groups = NULL;
+	struct PAC_DOMAIN_GROUP_MEMBERSHIP **resource_groups = NULL;
+	union PAC_INFO pac_info = {};
+	enum ndr_err_code ndr_err;
+	NTSTATUS nt_status = NT_STATUS_OK;
+
+	*pac_data = data_blob_null;
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (override_resource_groups == NULL) {
+		resource_groups = &_resource_groups;
+	} else if (group_inclusion != AUTH_EXCLUDE_RESOURCE_GROUPS) {
+		/*
+		 * It doesn't make sense to override resource groups if we claim
+		 * to want resource groups from user_info_dc.
+		 */
+		DBG_ERR("supplied resource groups with invalid group inclusion parameter: %u\n",
+			group_inclusion);
+		nt_status = NT_STATUS_INVALID_PARAMETER;
+		goto out;
+	}
+
+	nt_status = auth_convert_user_info_dc_saminfo3(tmp_ctx, info,
+						       group_inclusion,
+						       &info3,
+						       resource_groups);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		DBG_WARNING("Getting Samba info failed: %s\n",
+			    nt_errstr(nt_status));
+		goto out;
+	}
+
+	pac_info.logon_info.info = talloc_zero(tmp_ctx, struct PAC_LOGON_INFO);
+	if (!pac_info.logon_info.info) {
+		nt_status = NT_STATUS_NO_MEMORY;
+		goto out;
+	}
+
+	pac_info.logon_info.info->info3 = *info3;
+	if (_resource_groups != NULL) {
+		pac_info.logon_info.info->resource_groups = *_resource_groups;
+	}
+
+	if (override_resource_groups != NULL) {
+		pac_info.logon_info.info->resource_groups = *override_resource_groups;
+	}
+
+	if (group_inclusion != AUTH_EXCLUDE_RESOURCE_GROUPS) {
+		/*
+		 * Set the resource groups flag based on whether any groups are
+		 * present. Otherwise, the flag is propagated from the
+		 * originating PAC.
+		 */
+		if (pac_info.logon_info.info->resource_groups.groups.count > 0) {
+			pac_info.logon_info.info->info3.base.user_flags |= NETLOGON_RESOURCE_GROUPS;
+		} else {
+			pac_info.logon_info.info->info3.base.user_flags &= ~NETLOGON_RESOURCE_GROUPS;
+		}
+	}
+
+	ndr_err = ndr_push_union_blob(pac_data, mem_ctx, &pac_info,
+				      PAC_TYPE_LOGON_INFO,
+				      (ndr_push_flags_fn_t)ndr_push_PAC_INFO);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		nt_status = ndr_map_error2ntstatus(ndr_err);
+		DBG_WARNING("PAC_LOGON_INFO (presig) push failed: %s\n",
+			    nt_errstr(nt_status));
+		goto out;
+	}
+
+out:
+	talloc_free(tmp_ctx);
+	return nt_status;
+}
+
+static
+NTSTATUS samba_get_upn_info_pac_blob(TALLOC_CTX *mem_ctx,
+				     const struct auth_user_info_dc *info,
+				     DATA_BLOB *upn_data)
+{
+	TALLOC_CTX *tmp_ctx = NULL;
+	union PAC_INFO pac_upn = {};
+	enum ndr_err_code ndr_err;
+	NTSTATUS nt_status = NT_STATUS_OK;
+	bool ok;
+
+	*upn_data = data_blob_null;
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	pac_upn.upn_dns_info.upn_name = info->info->user_principal_name;
+	pac_upn.upn_dns_info.dns_domain_name = strupper_talloc(tmp_ctx,
+						info->info->dns_domain_name);
+	if (pac_upn.upn_dns_info.dns_domain_name == NULL) {
+		nt_status = NT_STATUS_NO_MEMORY;
+		goto out;
+	}
+	if (info->info->user_principal_constructed) {
+		pac_upn.upn_dns_info.flags |= PAC_UPN_DNS_FLAG_CONSTRUCTED;
+	}
+
+	pac_upn.upn_dns_info.flags |= PAC_UPN_DNS_FLAG_HAS_SAM_NAME_AND_SID;
+
+	pac_upn.upn_dns_info.ex.sam_name_and_sid.samaccountname
+		= info->info->account_name;
+
+	pac_upn.upn_dns_info.ex.sam_name_and_sid.objectsid
+		= &info->sids[PRIMARY_USER_SID_INDEX].sid;
+
+	ndr_err = ndr_push_union_blob(upn_data, mem_ctx, &pac_upn,
+				      PAC_TYPE_UPN_DNS_INFO,
+				      (ndr_push_flags_fn_t)ndr_push_PAC_INFO);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		nt_status = ndr_map_error2ntstatus(ndr_err);
+		DBG_WARNING("PAC UPN_DNS_INFO (presig) push failed: %s\n",
+			    nt_errstr(nt_status));
+		goto out;
+	}
+
+	ok = data_blob_pad(mem_ctx, upn_data, 8);
+	if (!ok) {
+		talloc_free(upn_data);
+		nt_status = NT_STATUS_NO_MEMORY;
+		goto out;
+	}
+
+out:
+	talloc_free(tmp_ctx);
+	return nt_status;
+}
+
+static
+NTSTATUS samba_get_cred_info_ndr_blob(TALLOC_CTX *mem_ctx,
+				      const struct ldb_message *msg,
+				      DATA_BLOB *cred_blob)
+{
+	enum ndr_err_code ndr_err;
+	NTSTATUS nt_status;
+	struct samr_Password *lm_hash = NULL;
+	struct samr_Password *nt_hash = NULL;
+	struct PAC_CREDENTIAL_NTLM_SECPKG ntlm_secpkg = {
+		.version = 0,
+	};
+	DATA_BLOB ntlm_blob = data_blob_null;
+	struct PAC_CREDENTIAL_SUPPLEMENTAL_SECPKG secpkgs[1] = {{
+		.credential_size = 0,
+	}};
+	struct PAC_CREDENTIAL_DATA cred_data = {
+		.credential_count = 0,
+	};
+	struct PAC_CREDENTIAL_DATA_NDR cred_ndr = {};
+
+	*cred_blob = data_blob_null;
+
+	lm_hash = samdb_result_hash(mem_ctx, msg, "dBCSPwd");
+	if (lm_hash != NULL) {
+		bool zero = all_zero(lm_hash->hash, 16);
+		if (zero) {
+			lm_hash = NULL;
+		}
+	}
+	if (lm_hash != NULL) {
+		DBG_INFO("Passing LM password hash through credentials set\n");
+		ntlm_secpkg.flags |= PAC_CREDENTIAL_NTLM_HAS_LM_HASH;
+		ntlm_secpkg.lm_password = *lm_hash;
+		ZERO_STRUCTP(lm_hash);
+		TALLOC_FREE(lm_hash);
+	}
+
+	nt_hash = samdb_result_hash(mem_ctx, msg, "unicodePwd");
+	if (nt_hash != NULL) {
+		bool zero = all_zero(nt_hash->hash, 16);
+		if (zero) {
+			nt_hash = NULL;
+		}
+	}
+	if (nt_hash != NULL) {
+		DBG_INFO("Passing NT password hash through credentials set\n");
+		ntlm_secpkg.flags |= PAC_CREDENTIAL_NTLM_HAS_NT_HASH;
+		ntlm_secpkg.nt_password = *nt_hash;
+		ZERO_STRUCTP(nt_hash);
+		TALLOC_FREE(nt_hash);
+	}
+
+	if (ntlm_secpkg.flags == 0) {
+		return NT_STATUS_OK;
+	}
+
+#ifdef DEBUG_PASSWORD
+	if (DEBUGLVL(11)) {
+		NDR_PRINT_DEBUG(PAC_CREDENTIAL_NTLM_SECPKG, &ntlm_secpkg);
+	}
+#endif
+
+	ndr_err = ndr_push_struct_blob(&ntlm_blob, mem_ctx, &ntlm_secpkg,
+			(ndr_push_flags_fn_t)ndr_push_PAC_CREDENTIAL_NTLM_SECPKG);
+	ZERO_STRUCT(ntlm_secpkg);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		nt_status = ndr_map_error2ntstatus(ndr_err);
+		DBG_WARNING("PAC_CREDENTIAL_NTLM_SECPKG (presig) push failed: %s\n",
+			    nt_errstr(nt_status));
+		return nt_status;
+	}
+
+	DBG_DEBUG("NTLM credential BLOB (len %zu) for user\n",
+		  ntlm_blob.length);
+	dump_data_pw("PAC_CREDENTIAL_NTLM_SECPKG",
+		     ntlm_blob.data, ntlm_blob.length);
+
+	secpkgs[0].package_name.string = discard_const_p(char, "NTLM");
+	secpkgs[0].credential_size = ntlm_blob.length;
+	secpkgs[0].credential = ntlm_blob.data;
+
+	cred_data.credential_count = ARRAY_SIZE(secpkgs);
+	cred_data.credentials = secpkgs;
+
+#ifdef DEBUG_PASSWORD
+	if (DEBUGLVL(11)) {
+		NDR_PRINT_DEBUG(PAC_CREDENTIAL_DATA, &cred_data);
+	}
+#endif
+
+	cred_ndr.ctr.data = &cred_data;
+
+#ifdef DEBUG_PASSWORD
+	if (DEBUGLVL(11)) {
+		NDR_PRINT_DEBUG(PAC_CREDENTIAL_DATA_NDR, &cred_ndr);
+	}
+#endif
+
+	ndr_err = ndr_push_struct_blob(cred_blob, mem_ctx, &cred_ndr,
+			(ndr_push_flags_fn_t)ndr_push_PAC_CREDENTIAL_DATA_NDR);
+	data_blob_clear(&ntlm_blob);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		nt_status = ndr_map_error2ntstatus(ndr_err);
+		DBG_WARNING("PAC_CREDENTIAL_DATA_NDR (presig) push failed: %s\n",
+			    nt_errstr(nt_status));
+		return nt_status;
+	}
+
+	DBG_DEBUG("Created credential BLOB (len %zu) for user\n",
+		  cred_blob->length);
+	dump_data_pw("PAC_CREDENTIAL_DATA_NDR",
+		     cred_blob->data, cred_blob->length);
+
+	return NT_STATUS_OK;
+}
+
+krb5_error_code samba_kdc_encrypt_pac_credentials(krb5_context context,
+						  const krb5_keyblock *pkreplykey,
+						  const DATA_BLOB *cred_ndr_blob,
+						  TALLOC_CTX *mem_ctx,
+						  DATA_BLOB *cred_info_blob)
+{
+#ifdef SAMBA4_USES_HEIMDAL
+	krb5_crypto cred_crypto;
+	krb5_enctype cred_enctype;
+	krb5_data cred_ndr_crypt;
+	struct PAC_CREDENTIAL_INFO pac_cred_info = { .version = 0, };
+	krb5_error_code ret;
+	const char *krb5err;
+	enum ndr_err_code ndr_err;
+	NTSTATUS nt_status;
+
+	*cred_info_blob = data_blob_null;
+
+	ret = krb5_crypto_init(context, pkreplykey, ETYPE_NULL,
+			       &cred_crypto);
+	if (ret != 0) {
+		krb5err = krb5_get_error_message(context, ret);
+		DBG_WARNING("Failed initializing cred data crypto: %s\n", krb5err);
+		krb5_free_error_message(context, krb5err);
+		return ret;
+	}
+
+	ret = krb5_crypto_getenctype(context, cred_crypto, &cred_enctype);
+	if (ret != 0) {
+		DBG_WARNING("Failed getting crypto type for key\n");
+		krb5_crypto_destroy(context, cred_crypto);
+		return ret;
+	}
+
+	DBG_DEBUG("Plain cred_ndr_blob (len %zu)\n",
+		  cred_ndr_blob->length);
+	dump_data_pw("PAC_CREDENTIAL_DATA_NDR",
+		     cred_ndr_blob->data, cred_ndr_blob->length);
+
+	ret = krb5_encrypt(context, cred_crypto,
+			   KRB5_KU_OTHER_ENCRYPTED,
+			   cred_ndr_blob->data, cred_ndr_blob->length,
+			   &cred_ndr_crypt);
+	krb5_crypto_destroy(context, cred_crypto);
+	if (ret != 0) {
+		krb5err = krb5_get_error_message(context, ret);
+		DBG_WARNING("Failed crypt of cred data: %s\n", krb5err);
+		krb5_free_error_message(context, krb5err);
+		return ret;
+	}
+
+	pac_cred_info.encryption_type = cred_enctype;
+	pac_cred_info.encrypted_data.length = cred_ndr_crypt.length;
+	pac_cred_info.encrypted_data.data = (uint8_t *)cred_ndr_crypt.data;
+
+	if (DEBUGLVL(10)) {
+		NDR_PRINT_DEBUG(PAC_CREDENTIAL_INFO, &pac_cred_info);
+	}
+
+	ndr_err = ndr_push_struct_blob(cred_info_blob, mem_ctx, &pac_cred_info,
+			(ndr_push_flags_fn_t)ndr_push_PAC_CREDENTIAL_INFO);
+	krb5_data_free(&cred_ndr_crypt);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		nt_status = ndr_map_error2ntstatus(ndr_err);
+		DBG_WARNING("PAC_CREDENTIAL_INFO (presig) push failed: %s\n",
+			    nt_errstr(nt_status));
+		return KRB5KDC_ERR_SVC_UNAVAILABLE;
+	}
+
+	DBG_DEBUG("Encrypted credential BLOB (len %zu) with alg %"PRId32"\n",
+		  cred_info_blob->length, pac_cred_info.encryption_type);
+	dump_data_pw("PAC_CREDENTIAL_INFO",
+		      cred_info_blob->data, cred_info_blob->length);
+
+	return 0;
+#else /* SAMBA4_USES_HEIMDAL */
+	TALLOC_CTX *tmp_ctx = NULL;
+	krb5_key cred_key;
+	krb5_enctype cred_enctype;
+	struct PAC_CREDENTIAL_INFO pac_cred_info = { .version = 0, };
+	krb5_error_code code = 0;
+	const char *krb5err;
+	enum ndr_err_code ndr_err;
+	NTSTATUS nt_status;
+	krb5_data cred_ndr_data;
+	krb5_enc_data cred_ndr_crypt;
+	size_t enc_len = 0;
+
+	*cred_info_blob = data_blob_null;
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		return ENOMEM;
+	}
+
+	code = krb5_k_create_key(context,
+				 pkreplykey,
+				 &cred_key);
+	if (code != 0) {
+		krb5err = krb5_get_error_message(context, code);
+		DBG_WARNING("Failed initializing cred data crypto: %s\n", krb5err);
+		krb5_free_error_message(context, krb5err);
+		goto out;
+	}
+
+	cred_enctype = krb5_k_key_enctype(context, cred_key);
+
+	DBG_DEBUG("Plain cred_ndr_blob (len %zu)\n",
+		  cred_ndr_blob->length);
+	dump_data_pw("PAC_CREDENTIAL_DATA_NDR",
+		     cred_ndr_blob->data, cred_ndr_blob->length);
+
+	pac_cred_info.encryption_type = cred_enctype;
+
+	cred_ndr_data = smb_krb5_data_from_blob(*cred_ndr_blob);
+
+	code = krb5_c_encrypt_length(context,
+				     cred_enctype,
+				     cred_ndr_data.length,
+				     &enc_len);
+	if (code != 0) {
+		krb5err = krb5_get_error_message(context, code);
+		DBG_WARNING("Failed initializing cred data crypto: %s\n", krb5err);
+		krb5_free_error_message(context, krb5err);
+		goto out;
+	}
+
+	pac_cred_info.encrypted_data = data_blob_talloc_zero(tmp_ctx, enc_len);
+	if (pac_cred_info.encrypted_data.data == NULL) {
+		DBG_ERR("Out of memory\n");
+		code = ENOMEM;
+		goto out;
+	}
+
+	cred_ndr_crypt.ciphertext = smb_krb5_data_from_blob(pac_cred_info.encrypted_data);
+
+	code = krb5_k_encrypt(context,
+			      cred_key,
+			      KRB5_KU_OTHER_ENCRYPTED,
+			      NULL,
+			      &cred_ndr_data,
+			      &cred_ndr_crypt);
+	krb5_k_free_key(context, cred_key);
+	if (code != 0) {
+		krb5err = krb5_get_error_message(context, code);
+		DBG_WARNING("Failed crypt of cred data: %s\n", krb5err);
+		krb5_free_error_message(context, krb5err);
+		goto out;
+	}
+
+	if (DEBUGLVL(10)) {
+		NDR_PRINT_DEBUG(PAC_CREDENTIAL_INFO, &pac_cred_info);
+	}
+
+	ndr_err = ndr_push_struct_blob(cred_info_blob, mem_ctx, &pac_cred_info,
+			(ndr_push_flags_fn_t)ndr_push_PAC_CREDENTIAL_INFO);
+	TALLOC_FREE(pac_cred_info.encrypted_data.data);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		nt_status = ndr_map_error2ntstatus(ndr_err);
+		DBG_WARNING("PAC_CREDENTIAL_INFO (presig) push failed: %s\n",
+			    nt_errstr(nt_status));
+		code = KRB5KDC_ERR_SVC_UNAVAILABLE;
+		goto out;
+	}
+
+	DBG_DEBUG("Encrypted credential BLOB (len %zu) with alg %"PRId32"\n",
+		  cred_info_blob->length, pac_cred_info.encryption_type);
+	dump_data_pw("PAC_CREDENTIAL_INFO",
+		      cred_info_blob->data, cred_info_blob->length);
+
+out:
+	talloc_free(tmp_ctx);
+	return code;
+#endif /* SAMBA4_USES_HEIMDAL */
+}
+
+
+/**
+ * @brief Create a PAC with the given blobs (logon, credentials, upn and
+ * delegation).
+ *
+ * @param[in] context   The KRB5 context to use.
+ *
+ * @param[in] logon_blob Fill the logon info PAC buffer with the given blob,
+ *                       use NULL to ignore it.
+ *
+ * @param[in] cred_blob  Fill the credentials info PAC buffer with the given
+ *                       blob, use NULL to ignore it.
+ *
+ * @param[in] upn_blob  Fill the UPN info PAC buffer with the given blob, use
+ *                      NULL to ignore it.
+ *
+ * @param[in] deleg_blob Fill the delegation info PAC buffer with the given
+ *                       blob, use NULL to ignore it.
+ *
+ * @param[in] client_claims_blob Fill the client claims info PAC buffer with the
+ *                               given blob, use NULL to ignore it.
+ *
+ * @param[in] device_info_blob Fill the device info PAC buffer with the given
+ *                             blob, use NULL to ignore it.
+ *
+ * @param[in] device_claims_blob Fill the device claims info PAC buffer with the given
+ *                               blob, use NULL to ignore it.
+ *
+ * @param[in] pac        The pac buffer to fill. This should be allocated with
+ *                       krb5_pac_init() already.
+ *
+ * @returns 0 on success or a corresponding KRB5 error.
+ */
+krb5_error_code samba_make_krb5_pac(krb5_context context,
+				    const DATA_BLOB *logon_blob,
+				    const DATA_BLOB *cred_blob,
+				    const DATA_BLOB *upn_blob,
+				    const DATA_BLOB *pac_attrs_blob,
+				    const DATA_BLOB *requester_sid_blob,
+				    const DATA_BLOB *deleg_blob,
+				    const DATA_BLOB *client_claims_blob,
+				    const DATA_BLOB *device_info_blob,
+				    const DATA_BLOB *device_claims_blob,
+				    krb5_pac pac)
+{
+	krb5_data logon_data;
+	krb5_error_code ret;
+	char null_byte = '\0';
+	krb5_data null_data = smb_krb5_make_data(&null_byte, 0);
+
+	/* The user account may be set not to want the PAC */
+	if (logon_blob == NULL) {
+		return 0;
+	}
+
+	logon_data = smb_krb5_data_from_blob(*logon_blob);
+	ret = krb5_pac_add_buffer(context, pac, PAC_TYPE_LOGON_INFO, &logon_data);
+	if (ret != 0) {
+		return ret;
+	}
+
+	if (device_info_blob != NULL) {
+		krb5_data device_info_data = smb_krb5_data_from_blob(*device_info_blob);
+		ret = krb5_pac_add_buffer(context, pac,
+					  PAC_TYPE_DEVICE_INFO,
+					  &device_info_data);
+		if (ret != 0) {
+			return ret;
+		}
+	}
+
+	if (client_claims_blob != NULL) {
+		krb5_data client_claims_data;
+		krb5_data *data = NULL;
+
+		if (client_claims_blob->length != 0) {
+			client_claims_data = smb_krb5_data_from_blob(*client_claims_blob);
+			data = &client_claims_data;
+		} else {
+			data = &null_data;
+		}
+
+		ret = krb5_pac_add_buffer(context, pac,
+					  PAC_TYPE_CLIENT_CLAIMS_INFO,
+					  data);
+		if (ret != 0) {
+			return ret;
+		}
+	}
+
+	if (device_claims_blob != NULL) {
+		krb5_data device_claims_data = smb_krb5_data_from_blob(*device_claims_blob);
+		ret = krb5_pac_add_buffer(context, pac,
+					  PAC_TYPE_DEVICE_CLAIMS_INFO,
+					  &device_claims_data);
+		if (ret != 0) {
+			return ret;
+		}
+	}
+
+	if (cred_blob != NULL) {
+		krb5_data cred_data = smb_krb5_data_from_blob(*cred_blob);
+		ret = krb5_pac_add_buffer(context, pac,
+					  PAC_TYPE_CREDENTIAL_INFO,
+					  &cred_data);
+		if (ret != 0) {
+			return ret;
+		}
+	}
+
+#ifdef SAMBA4_USES_HEIMDAL
+	/*
+	 * null_data will be filled by the generic KDC code in the caller
+	 * here we just add it in order to have it before
+	 * PAC_TYPE_UPN_DNS_INFO
+	 *
+	 * Not needed with MIT Kerberos - asn
+	 */
+	ret = krb5_pac_add_buffer(context, pac,
+				  PAC_TYPE_LOGON_NAME,
+				  &null_data);
+	if (ret != 0) {
+		return ret;
+	}
+#endif
+
+	if (upn_blob != NULL) {
+		krb5_data upn_data = smb_krb5_data_from_blob(*upn_blob);
+		ret = krb5_pac_add_buffer(context, pac,
+					  PAC_TYPE_UPN_DNS_INFO,
+					  &upn_data);
+		if (ret != 0) {
+			return ret;
+		}
+	}
+
+	if (pac_attrs_blob != NULL) {
+		krb5_data pac_attrs_data = smb_krb5_data_from_blob(*pac_attrs_blob);
+		ret = krb5_pac_add_buffer(context, pac,
+					  PAC_TYPE_ATTRIBUTES_INFO,
+					  &pac_attrs_data);
+		if (ret != 0) {
+			return ret;
+		}
+	}
+
+	if (requester_sid_blob != NULL) {
+		krb5_data requester_sid_data = smb_krb5_data_from_blob(*requester_sid_blob);
+		ret = krb5_pac_add_buffer(context, pac,
+					  PAC_TYPE_REQUESTER_SID,
+					  &requester_sid_data);
+		if (ret != 0) {
+			return ret;
+		}
+	}
+
+	if (deleg_blob != NULL) {
+		krb5_data deleg_data = smb_krb5_data_from_blob(*deleg_blob);
+		ret = krb5_pac_add_buffer(context, pac,
+					  PAC_TYPE_CONSTRAINED_DELEGATION,
+					  &deleg_data);
+		if (ret != 0) {
+			return ret;
+		}
+	}
+
+	return ret;
+}
+
+bool samba_princ_needs_pac(const struct samba_kdc_entry *skdc_entry)
+{
+
+	uint32_t userAccountControl;
+
+	/* The service account may be set not to want the PAC */
+	userAccountControl = ldb_msg_find_attr_as_uint(skdc_entry->msg, "userAccountControl", 0);
+	if (userAccountControl & UF_NO_AUTH_DATA_REQUIRED) {
+		return false;
+	}
+
+	return true;
+}
+
+static krb5_error_code samba_client_requested_pac(krb5_context context,
+						  const krb5_const_pac pac,
+						  TALLOC_CTX *mem_ctx,
+						  bool *requested_pac)
+{
+	enum ndr_err_code ndr_err;
+	krb5_data k5pac_attrs_in;
+	DATA_BLOB pac_attrs_in;
+	union PAC_INFO pac_attrs;
+	krb5_error_code ret;
+
+	*requested_pac = true;
+
+	ret = krb5_pac_get_buffer(context, pac, PAC_TYPE_ATTRIBUTES_INFO,
+				  &k5pac_attrs_in);
+	if (ret != 0) {
+		return ret == ENOENT ? 0 : ret;
+	}
+
+	pac_attrs_in = data_blob_const(k5pac_attrs_in.data,
+				       k5pac_attrs_in.length);
+
+	ndr_err = ndr_pull_union_blob(&pac_attrs_in, mem_ctx, &pac_attrs,
+				      PAC_TYPE_ATTRIBUTES_INFO,
+				      (ndr_pull_flags_fn_t)ndr_pull_PAC_INFO);
+	smb_krb5_free_data_contents(context, &k5pac_attrs_in);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
+		DBG_ERR("can't parse the PAC ATTRIBUTES_INFO: %s\n", nt_errstr(nt_status));
+		return map_errno_from_nt_status(nt_status);
+	}
+
+	if (pac_attrs.attributes_info.flags & (PAC_ATTRIBUTE_FLAG_PAC_WAS_GIVEN_IMPLICITLY
+					       | PAC_ATTRIBUTE_FLAG_PAC_WAS_REQUESTED)) {
+		*requested_pac = true;
+	} else {
+		*requested_pac = false;
+	}
+
+	return 0;
+}
+
+/* Was the krbtgt in this DB (ie, should we check the incoming signature) and was it an RODC */
+krb5_error_code samba_krbtgt_is_in_db(const struct samba_kdc_entry *p,
+				      bool *is_in_db,
+				      bool *is_trusted)
+{
+	NTSTATUS status;
+	krb5_error_code ret;
+	int rodc_krbtgt_number, trust_direction;
+	struct dom_sid sid;
+	uint32_t rid;
+
+	trust_direction = ldb_msg_find_attr_as_int(p->msg, "trustDirection", 0);
+
+	if (trust_direction != 0) {
+		/* Domain trust - we cannot check the sig, but we trust it for a correct PAC
+
+		   This is exactly where we should flag for SID
+		   validation when we do inter-forest trusts
+		 */
+		*is_trusted = true;
+		*is_in_db = false;
+		return 0;
+	}
+
+	/* The lack of password controls etc applies to krbtgt by
+	 * virtue of being that particular RID */
+	ret = samdb_result_dom_sid_buf(p->msg, "objectSid", &sid);
+	if (ret) {
+		return ret;
+	}
+
+	status = dom_sid_split_rid(NULL, &sid, NULL, &rid);
+	if (!NT_STATUS_IS_OK(status)) {
+		return map_errno_from_nt_status(status);
+	}
+
+	rodc_krbtgt_number = ldb_msg_find_attr_as_int(p->msg, "msDS-SecondaryKrbTgtNumber", -1);
+
+	if (p->kdc_db_ctx->my_krbtgt_number == 0) {
+		if (rid == DOMAIN_RID_KRBTGT) {
+			*is_trusted = true;
+			*is_in_db = true;
+			return 0;
+		} else if (rodc_krbtgt_number != -1) {
+			*is_in_db = true;
+			*is_trusted = false;
+			return 0;
+		}
+	} else if ((rid != DOMAIN_RID_KRBTGT) && (rodc_krbtgt_number == p->kdc_db_ctx->my_krbtgt_number)) {
+		*is_trusted = true;
+		*is_in_db = true;
+		return 0;
+	} else if (rid == DOMAIN_RID_KRBTGT) {
+		/* krbtgt viewed from an RODC */
+		*is_trusted = true;
+		*is_in_db = false;
+		return 0;
+	}
+
+	/* Another RODC */
+	*is_trusted = false;
+	*is_in_db = false;
+	return 0;
+}
+
+/*
+ * Because the KDC does not limit protocol transition, two new well-known SIDs
+ * were introduced to give this control to the resource administrator. These
+ * SIDs identify whether protocol transition has occurred, and can be used with
+ * standard access control lists to grant or limit access as needed.
+ *
+ * https://docs.microsoft.com/en-us/windows-server/security/kerberos/kerberos-constrained-delegation-overview
+ */
+NTSTATUS samba_kdc_add_asserted_identity(enum samba_asserted_identity ai,
+					 struct auth_user_info_dc *user_info_dc)
+{
+	const struct dom_sid *ai_sid = NULL;
+
+	switch (ai) {
+	case SAMBA_ASSERTED_IDENTITY_SERVICE:
+		ai_sid = &global_sid_Asserted_Identity_Service;
+		break;
+	case SAMBA_ASSERTED_IDENTITY_AUTHENTICATION_AUTHORITY:
+		ai_sid = &global_sid_Asserted_Identity_Authentication_Authority;
+		break;
+	case SAMBA_ASSERTED_IDENTITY_IGNORE:
+		return NT_STATUS_OK;
+	default:
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	return add_sid_to_array_attrs_unique(
+		user_info_dc,
+		ai_sid,
+		SE_GROUP_DEFAULT_FLAGS,
+		&user_info_dc->sids,
+		&user_info_dc->num_sids);
+}
+
+NTSTATUS samba_kdc_add_claims_valid(struct auth_user_info_dc *user_info_dc)
+{
+	return add_sid_to_array_attrs_unique(
+		user_info_dc,
+		&global_sid_Claims_Valid,
+		SE_GROUP_DEFAULT_FLAGS,
+		&user_info_dc->sids,
+		&user_info_dc->num_sids);
+}
+
+static NTSTATUS samba_kdc_add_compounded_auth(struct auth_user_info_dc *user_info_dc)
+{
+	return add_sid_to_array_attrs_unique(
+		user_info_dc,
+		&global_sid_Compounded_Authentication,
+		SE_GROUP_DEFAULT_FLAGS,
+		&user_info_dc->sids,
+		&user_info_dc->num_sids);
+}
+
+bool samba_kdc_entry_is_trust(const struct samba_kdc_entry *entry)
+{
+	return entry != NULL && entry->is_trust;
+}
+
+/*
+ * Return true if this entry has an associated PAC issued or signed by a KDC
+ * that our KDC trusts. We trust the main krbtgt account, but we don’t trust any
+ * RODC krbtgt besides ourselves.
+ */
+bool samba_krb5_pac_is_trusted(const struct samba_kdc_entry_pac pac)
+{
+	if (pac.pac == NULL) {
+		return false;
+	}
+
+#ifdef HAVE_KRB5_PAC_IS_TRUSTED /* Heimdal */
+	return krb5_pac_is_trusted(pac.pac);
+#else /* MIT */
+	return pac.pac_is_trusted;
+#endif /* HAVE_KRB5_PAC_IS_TRUSTED */
+}
+
+#ifdef HAVE_KRB5_PAC_IS_TRUSTED /* Heimdal */
+struct samba_kdc_entry_pac samba_kdc_entry_pac(krb5_const_pac pac,
+					       struct samba_kdc_entry *entry,
+					       bool is_from_trust)
+{
+	return (struct samba_kdc_entry_pac) {
+		.entry = entry,
+		.pac = pac,
+		.is_from_trust = is_from_trust,
+	};
+}
+#else /* MIT */
+struct samba_kdc_entry_pac samba_kdc_entry_pac_from_trusted(krb5_const_pac pac,
+							    struct samba_kdc_entry *entry,
+							    bool is_from_trust,
+							    bool is_trusted)
+{
+	return (struct samba_kdc_entry_pac) {
+		.entry = entry,
+		.pac = pac,
+		.is_from_trust = is_from_trust,
+		.pac_is_trusted = is_trusted,
+	};
+}
+#endif /* HAVE_KRB5_PAC_IS_TRUSTED */
+
+static bool samba_kdc_entry_pac_issued_by_trust(const struct samba_kdc_entry_pac entry)
+{
+	return entry.pac != NULL && entry.is_from_trust;
+}
+
+NTSTATUS samba_kdc_get_logon_info_blob(TALLOC_CTX *mem_ctx,
+				       const struct auth_user_info_dc *user_info_dc,
+				       const enum auth_group_inclusion group_inclusion,
+				       DATA_BLOB **_logon_info_blob)
+{
+	DATA_BLOB *logon_blob = NULL;
+	NTSTATUS nt_status;
+
+	*_logon_info_blob = NULL;
+
+	logon_blob = talloc_zero(mem_ctx, DATA_BLOB);
+	if (logon_blob == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	nt_status = samba_get_logon_info_pac_blob(logon_blob,
+						  user_info_dc,
+						  NULL,
+						  group_inclusion,
+						  logon_blob);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		DBG_ERR("Building PAC LOGON INFO failed: %s\n",
+			nt_errstr(nt_status));
+		talloc_free(logon_blob);
+		return nt_status;
+	}
+
+	*_logon_info_blob = logon_blob;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS samba_kdc_get_cred_ndr_blob(TALLOC_CTX *mem_ctx,
+				     const struct samba_kdc_entry *p,
+				     DATA_BLOB **_cred_ndr_blob)
+{
+	DATA_BLOB *cred_blob = NULL;
+	NTSTATUS nt_status;
+
+	SMB_ASSERT(_cred_ndr_blob != NULL);
+
+	*_cred_ndr_blob = NULL;
+
+	cred_blob = talloc_zero(mem_ctx, DATA_BLOB);
+	if (cred_blob == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	nt_status = samba_get_cred_info_ndr_blob(cred_blob,
+						 p->msg,
+						 cred_blob);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		DBG_ERR("Building PAC CRED INFO failed: %s\n",
+			nt_errstr(nt_status));
+		talloc_free(cred_blob);
+		return nt_status;
+	}
+
+	*_cred_ndr_blob = cred_blob;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS samba_kdc_get_upn_info_blob(TALLOC_CTX *mem_ctx,
+				     const struct auth_user_info_dc *user_info_dc,
+				     DATA_BLOB **_upn_info_blob)
+{
+	DATA_BLOB *upn_blob = NULL;
+	NTSTATUS nt_status;
+
+	*_upn_info_blob = NULL;
+
+	upn_blob = talloc_zero(mem_ctx, DATA_BLOB);
+	if (upn_blob == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	nt_status = samba_get_upn_info_pac_blob(upn_blob,
+						user_info_dc,
+						upn_blob);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		DBG_ERR("Building PAC UPN INFO failed: %s\n",
+			nt_errstr(nt_status));
+		talloc_free(upn_blob);
+		return nt_status;
+	}
+
+	*_upn_info_blob = upn_blob;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS samba_kdc_get_pac_attrs_blob(TALLOC_CTX *mem_ctx,
+				      uint64_t pac_attributes,
+				      DATA_BLOB **_pac_attrs_blob)
+{
+	DATA_BLOB *pac_attrs_blob = NULL;
+	union PAC_INFO pac_attrs = {};
+	enum ndr_err_code ndr_err;
+	NTSTATUS nt_status;
+
+	SMB_ASSERT(_pac_attrs_blob != NULL);
+
+	*_pac_attrs_blob = NULL;
+
+	pac_attrs_blob = talloc_zero(mem_ctx, DATA_BLOB);
+	if (pac_attrs_blob == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* Set the length of the flags in bits. */
+	pac_attrs.attributes_info.flags_length = 2;
+	pac_attrs.attributes_info.flags = pac_attributes;
+
+	ndr_err = ndr_push_union_blob(pac_attrs_blob, pac_attrs_blob, &pac_attrs,
+				      PAC_TYPE_ATTRIBUTES_INFO,
+				      (ndr_push_flags_fn_t)ndr_push_PAC_INFO);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		nt_status = ndr_map_error2ntstatus(ndr_err);
+		DBG_WARNING("PAC ATTRIBUTES_INFO (presig) push failed: %s\n",
+			    nt_errstr(nt_status));
+		DBG_ERR("Building PAC ATTRIBUTES failed: %s\n",
+			nt_errstr(nt_status));
+
+		talloc_free(pac_attrs_blob);
+		return nt_status;
+	}
+
+	*_pac_attrs_blob = pac_attrs_blob;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS samba_kdc_get_requester_sid_blob(TALLOC_CTX *mem_ctx,
+					  const struct auth_user_info_dc *user_info_dc,
+					  DATA_BLOB **_requester_sid_blob)
+{
+	DATA_BLOB *requester_sid_blob = NULL;
+	NTSTATUS nt_status;
+
+	SMB_ASSERT(_requester_sid_blob != NULL);
+
+	*_requester_sid_blob = NULL;
+
+	requester_sid_blob = talloc_zero(mem_ctx, DATA_BLOB);
+	if (requester_sid_blob == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (user_info_dc->num_sids > 0) {
+		union PAC_INFO pac_requester_sid = {};
+		enum ndr_err_code ndr_err;
+
+		pac_requester_sid.requester_sid.sid = user_info_dc->sids[PRIMARY_USER_SID_INDEX].sid;
+
+		ndr_err = ndr_push_union_blob(requester_sid_blob, requester_sid_blob,
+					      &pac_requester_sid,
+					      PAC_TYPE_REQUESTER_SID,
+					      (ndr_push_flags_fn_t)ndr_push_PAC_INFO);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			nt_status = ndr_map_error2ntstatus(ndr_err);
+			DBG_WARNING("PAC_REQUESTER_SID (presig) push failed: %s\n",
+				    nt_errstr(nt_status));
+			DBG_ERR("Building PAC REQUESTER SID failed: %s\n",
+				nt_errstr(nt_status));
+
+			talloc_free(requester_sid_blob);
+			return nt_status;
+		}
+	}
+
+	*_requester_sid_blob = requester_sid_blob;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS samba_kdc_get_claims_blob(TALLOC_CTX *mem_ctx,
+				   struct samba_kdc_entry *p,
+				   const DATA_BLOB **_claims_blob)
+{
+	DATA_BLOB *claims_blob = NULL;
+	struct claims_data *claims_data = NULL;
+	NTSTATUS nt_status;
+	int ret;
+
+	SMB_ASSERT(_claims_blob != NULL);
+
+	*_claims_blob = NULL;
+
+	claims_blob = talloc_zero(mem_ctx, DATA_BLOB);
+	if (claims_blob == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ret = samba_kdc_get_claims_data_from_db(p->kdc_db_ctx->samdb,
+						p,
+						&claims_data);
+	if (ret != LDB_SUCCESS) {
+		nt_status = dsdb_ldb_err_to_ntstatus(ret);
+		DBG_ERR("Building claims failed: %s\n",
+			nt_errstr(nt_status));
+		talloc_free(claims_blob);
+		return nt_status;
+	}
+
+	nt_status = claims_data_encoded_claims_set(claims_blob,
+						   claims_data,
+						   claims_blob);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(claims_blob);
+		return nt_status;
+	}
+
+	*_claims_blob = claims_blob;
+
+	return NT_STATUS_OK;
+}
+
+krb5_error_code samba_kdc_get_user_info_from_db(TALLOC_CTX *mem_ctx,
+						struct ldb_context *samdb,
+						struct samba_kdc_entry *entry,
+						const struct ldb_message *msg,
+						const struct auth_user_info_dc **info_out)
+{
+	NTSTATUS nt_status;
+
+	if (samdb == NULL) {
+		return EINVAL;
+	}
+
+	if (msg == NULL) {
+		return EINVAL;
+	}
+
+	if (info_out == NULL) {
+		return EINVAL;
+	}
+
+	if (entry == NULL) {
+		return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
+	}
+
+	*info_out = NULL;
+
+	if (entry->info_from_db == NULL) {
+		struct auth_user_info_dc *info_from_db = NULL;
+		struct loadparm_context *lp_ctx = entry->kdc_db_ctx->lp_ctx;
+
+		nt_status = authsam_make_user_info_dc(entry,
+						      samdb,
+						      lpcfg_netbios_name(lp_ctx),
+						      lpcfg_sam_name(lp_ctx),
+						      lpcfg_sam_dnsname(lp_ctx),
+						      entry->realm_dn,
+						      msg,
+						      data_blob_null,
+						      data_blob_null,
+						      &info_from_db);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			DBG_ERR("Getting user info for PAC failed: %s\n",
+				nt_errstr(nt_status));
+			/* NT_STATUS_OBJECT_NAME_NOT_FOUND is mapped to ENOENT. */
+			return map_errno_from_nt_status(nt_status);
+		}
+
+		entry->info_from_db = info_from_db;
+	}
+
+	*info_out = entry->info_from_db;
+
+	return 0;
+}
+
+/*
+ * Check whether a PAC contains the Authentication Authority Asserted Identity
+ * SID.
+ */
+static krb5_error_code samba_kdc_pac_contains_asserted_identity(
+	krb5_context context,
+	const struct samba_kdc_entry_pac entry,
+	bool *contains_out)
+{
+	TALLOC_CTX *frame = NULL;
+	struct auth_user_info_dc *info = NULL;
+	krb5_error_code ret = 0;
+
+	if (contains_out == NULL) {
+		ret = EINVAL;
+		goto out;
+	}
+	*contains_out = false;
+
+	frame = talloc_stackframe();
+
+	/*
+	 * Extract our info from the PAC. This does a bit of unnecessary work,
+	 * setting up fields we don’t care about — we only want the SIDs.
+	 */
+	ret = kerberos_pac_to_user_info_dc(frame,
+					   entry.pac,
+					   context,
+					   &info,
+					   AUTH_EXCLUDE_RESOURCE_GROUPS,
+					   NULL /* pac_srv_sig */,
+					   NULL /* pac_kdc_sig */,
+					   /* Ignore the resource groups. */
+					   NULL /* resource_groups */);
+	if (ret) {
+		const char *krb5err = krb5_get_error_message(context, ret);
+		DBG_ERR("kerberos_pac_to_user_info_dc failed: %s\n",
+			krb5err != NULL ? krb5err : "?");
+		krb5_free_error_message(context, krb5err);
+
+		goto out;
+	}
+
+	/* Determine whether the PAC contains the Asserted Identity SID. */
+	*contains_out = sid_attrs_contains_sid(
+		info->sids,
+		info->num_sids,
+		&global_sid_Asserted_Identity_Authentication_Authority);
+
+out:
+	talloc_free(frame);
+	return ret;
+}
+
+static krb5_error_code samba_kdc_get_user_info_from_pac(TALLOC_CTX *mem_ctx,
+							krb5_context context,
+							struct ldb_context *samdb,
+							const struct samba_kdc_entry_pac entry,
+							const struct auth_user_info_dc **info_out,
+							const struct PAC_DOMAIN_GROUP_MEMBERSHIP **resource_groups_out)
+{
+	TALLOC_CTX *frame = NULL;
+	struct auth_user_info_dc *info = NULL;
+	struct PAC_DOMAIN_GROUP_MEMBERSHIP *resource_groups = NULL;
+	krb5_error_code ret = 0;
+	NTSTATUS nt_status;
+
+	if (samdb == NULL) {
+		ret = EINVAL;
+		goto out;
+	}
+
+	if (!samba_krb5_pac_is_trusted(entry)) {
+		ret = EINVAL;
+		goto out;
+	}
+
+	if (info_out == NULL) {
+		ret = EINVAL;
+		goto out;
+	}
+
+	*info_out = NULL;
+	if (resource_groups_out != NULL) {
+		*resource_groups_out = NULL;
+	}
+
+	if (entry.entry == NULL || entry.entry->info_from_pac == NULL) {
+		frame = talloc_stackframe();
+
+		ret = kerberos_pac_to_user_info_dc(frame,
+						   entry.pac,
+						   context,
+						   &info,
+						   AUTH_EXCLUDE_RESOURCE_GROUPS,
+						   NULL,
+						   NULL,
+						   &resource_groups);
+		if (ret) {
+			const char *krb5err = krb5_get_error_message(context, ret);
+			DBG_ERR("kerberos_pac_to_user_info_dc failed: %s\n",
+				krb5err != NULL ? krb5err : "?");
+			krb5_free_error_message(context, krb5err);
+
+			goto out;
+		}
+
+		/*
+		 * We need to expand group memberships within our local domain,
+		 * as the token might be generated by a trusted domain.
+		 */
+		nt_status = authsam_update_user_info_dc(frame,
+							samdb,
+							info);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			DBG_ERR("authsam_update_user_info_dc failed: %s\n",
+				nt_errstr(nt_status));
+
+			ret = map_errno_from_nt_status(nt_status);
+			goto out;
+		}
+
+		if (entry.entry != NULL) {
+			entry.entry->info_from_pac = talloc_steal(entry.entry, info);
+			entry.entry->resource_groups_from_pac = talloc_steal(entry.entry, resource_groups);
+		}
+	}
+
+
+	if (entry.entry != NULL) {
+		/* Note: the caller does not own this! */
+		*info_out = entry.entry->info_from_pac;
+
+		if (resource_groups_out != NULL) {
+			/* Note: the caller does not own this! */
+			*resource_groups_out = entry.entry->resource_groups_from_pac;
+		}
+	} else {
+		*info_out = talloc_steal(mem_ctx, info);
+
+		if (resource_groups_out != NULL) {
+			*resource_groups_out = talloc_steal(mem_ctx, resource_groups);
+		}
+	}
+
+out:
+	talloc_free(frame);
+	return ret;
+}
+
+krb5_error_code samba_kdc_get_user_info_dc(TALLOC_CTX *mem_ctx,
+					   krb5_context context,
+					   struct ldb_context *samdb,
+					   const struct samba_kdc_entry_pac entry,
+					   const struct auth_user_info_dc **info_out,
+					   const struct PAC_DOMAIN_GROUP_MEMBERSHIP **resource_groups_out)
+{
+	const struct auth_user_info_dc *info = NULL;
+	struct auth_user_info_dc *info_shallow_copy = NULL;
+	bool pac_contains_asserted_identity = false;
+	krb5_error_code ret = 0;
+	NTSTATUS nt_status;
+
+	*info_out = NULL;
+	if (resource_groups_out != NULL) {
+		*resource_groups_out = NULL;
+	}
+
+	if (samba_krb5_pac_is_trusted(entry)) {
+		return samba_kdc_get_user_info_from_pac(mem_ctx,
+							context,
+							samdb,
+							entry,
+							info_out,
+							resource_groups_out);
+	}
+
+	if (entry.entry == NULL) {
+		return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
+	}
+
+	/*
+	 * In this case the RWDC discards the PAC an RODC generated.
+	 * Windows adds the asserted_identity in this case too.
+	 *
+	 * Note that SAMBA_KDC_FLAG_CONSTRAINED_DELEGATION
+	 * generates KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN.
+	 * So we can always use
+	 * SAMBA_ASSERTED_IDENTITY_AUTHENTICATION_AUTHORITY
+	 * here.
+	 */
+	ret = samba_kdc_get_user_info_from_db(mem_ctx,
+					      samdb,
+					      entry.entry,
+					      entry.entry->msg,
+					      &info);
+	if (ret) {
+		const char *krb5err = krb5_get_error_message(context, ret);
+		DBG_ERR("samba_kdc_get_user_info_from_db: %s\n",
+			krb5err != NULL ? krb5err : "?");
+		krb5_free_error_message(context, krb5err);
+
+		return KRB5KDC_ERR_TGT_REVOKED;
+	}
+
+	/* Make a shallow copy of the user_info_dc structure. */
+	nt_status = authsam_shallow_copy_user_info_dc(mem_ctx,
+						      info,
+						      &info_shallow_copy);
+	info = NULL;
+
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		DBG_ERR("Failed to allocate user_info_dc SIDs: %s\n",
+			nt_errstr(nt_status));
+		return map_errno_from_nt_status(nt_status);
+	}
+
+	/* Determine whether the PAC contains the Asserted Identity SID. */
+	ret = samba_kdc_pac_contains_asserted_identity(
+		context, entry, &pac_contains_asserted_identity);
+	if (ret) {
+		return ret;
+	}
+
+	if (pac_contains_asserted_identity) {
+		nt_status = samba_kdc_add_asserted_identity(
+			SAMBA_ASSERTED_IDENTITY_AUTHENTICATION_AUTHORITY,
+			info_shallow_copy);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			DBG_ERR("Failed to add asserted identity: %s\n",
+				nt_errstr(nt_status));
+			TALLOC_FREE(info_shallow_copy);
+			return KRB5KDC_ERR_TGT_REVOKED;
+		}
+	}
+
+	nt_status = samba_kdc_add_claims_valid(info_shallow_copy);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		DBG_ERR("Failed to add Claims Valid: %s\n",
+			nt_errstr(nt_status));
+		TALLOC_FREE(info_shallow_copy);
+		return KRB5KDC_ERR_TGT_REVOKED;
+	}
+
+	*info_out = info_shallow_copy;
+
+	return 0;
+}
+
+static NTSTATUS samba_kdc_update_delegation_info_blob(TALLOC_CTX *mem_ctx,
+						      krb5_context context,
+						      const krb5_const_pac pac,
+						      const krb5_const_principal server_principal,
+						      const krb5_const_principal proxy_principal,
+						      DATA_BLOB *new_blob)
+{
+	krb5_data old_data = {};
+	DATA_BLOB old_blob;
+	krb5_error_code ret;
+	NTSTATUS nt_status = NT_STATUS_OK;
+	enum ndr_err_code ndr_err;
+	union PAC_INFO info = {};
+	struct PAC_CONSTRAINED_DELEGATION _d = {};
+	struct PAC_CONSTRAINED_DELEGATION *d = NULL;
+	char *server = NULL;
+	char *proxy = NULL;
+	uint32_t i;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+
+	if (tmp_ctx == NULL) {
+		nt_status = NT_STATUS_NO_MEMORY;
+		goto out;
+	}
+
+	ret = krb5_pac_get_buffer(context, pac, PAC_TYPE_CONSTRAINED_DELEGATION, &old_data);
+	if (ret == ENOENT) {
+		/* OK. */
+	} else if (ret) {
+		nt_status = NT_STATUS_UNSUCCESSFUL;
+		goto out;
+	}
+
+	old_blob.length = old_data.length;
+	old_blob.data = (uint8_t *)old_data.data;
+
+	if (old_blob.length > 0) {
+		ndr_err = ndr_pull_union_blob(&old_blob, tmp_ctx,
+				&info, PAC_TYPE_CONSTRAINED_DELEGATION,
+				(ndr_pull_flags_fn_t)ndr_pull_PAC_INFO);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			smb_krb5_free_data_contents(context, &old_data);
+			nt_status = ndr_map_error2ntstatus(ndr_err);
+			DBG_ERR("can't parse the PAC LOGON_INFO: %s\n", nt_errstr(nt_status));
+			goto out;
+		}
+	} else {
+		info.constrained_delegation.info = &_d;
+	}
+	smb_krb5_free_data_contents(context, &old_data);
+
+	ret = krb5_unparse_name_flags(context, server_principal,
+				      KRB5_PRINCIPAL_UNPARSE_NO_REALM, &server);
+	if (ret) {
+		nt_status = NT_STATUS_INTERNAL_ERROR;
+		goto out;
+	}
+
+	ret = krb5_unparse_name(context, proxy_principal, &proxy);
+	if (ret) {
+		SAFE_FREE(server);
+		nt_status = NT_STATUS_INTERNAL_ERROR;
+		goto out;
+	}
+
+	d = info.constrained_delegation.info;
+	i = d->num_transited_services;
+	d->proxy_target.string = server;
+	d->transited_services = talloc_realloc(mem_ctx, d->transited_services,
+					       struct lsa_String, i + 1);
+	if (d->transited_services == NULL) {
+		SAFE_FREE(server);
+		SAFE_FREE(proxy);
+		nt_status = NT_STATUS_INTERNAL_ERROR;
+		goto out;
+	}
+	d->transited_services[i].string = proxy;
+	d->num_transited_services = i + 1;
+
+	ndr_err = ndr_push_union_blob(new_blob, mem_ctx,
+				&info, PAC_TYPE_CONSTRAINED_DELEGATION,
+				(ndr_push_flags_fn_t)ndr_push_PAC_INFO);
+	SAFE_FREE(server);
+	SAFE_FREE(proxy);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		smb_krb5_free_data_contents(context, &old_data);
+		nt_status = ndr_map_error2ntstatus(ndr_err);
+		DBG_ERR("can't parse the PAC LOGON_INFO: %s\n", nt_errstr(nt_status));
+		goto out;
+	}
+
+out:
+	talloc_free(tmp_ctx);
+	return nt_status;
+}
+
+/* function to map policy errors */
+krb5_error_code samba_kdc_map_policy_err(NTSTATUS nt_status)
+{
+	krb5_error_code ret;
+
+	if (NT_STATUS_EQUAL(nt_status, NT_STATUS_PASSWORD_MUST_CHANGE))
+		ret = KRB5KDC_ERR_KEY_EXP;
+	else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_PASSWORD_EXPIRED))
+		ret = KRB5KDC_ERR_KEY_EXP;
+	else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_ACCOUNT_EXPIRED))
+		ret = KRB5KDC_ERR_CLIENT_REVOKED;
+	else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_ACCOUNT_DISABLED))
+		ret = KRB5KDC_ERR_CLIENT_REVOKED;
+	else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_INVALID_LOGON_HOURS))
+		ret = KRB5KDC_ERR_CLIENT_REVOKED;
+	else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_ACCOUNT_LOCKED_OUT))
+		ret = KRB5KDC_ERR_CLIENT_REVOKED;
+	else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_INVALID_WORKSTATION))
+		ret = KRB5KDC_ERR_POLICY;
+	else
+		ret = KRB5KDC_ERR_POLICY;
+
+	return ret;
+}
+
+/* Given a kdc entry, consult the account_ok routine in auth/auth_sam.c
+ * for consistency */
+NTSTATUS samba_kdc_check_client_access(struct samba_kdc_entry *kdc_entry,
+				       const char *client_name,
+				       const char *workstation,
+				       bool password_change)
+{
+	TALLOC_CTX *tmp_ctx;
+	NTSTATUS nt_status;
+
+	tmp_ctx = talloc_named(NULL, 0, "samba_kdc_check_client_access");
+	if (!tmp_ctx) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* we allow all kinds of trusts here */
+	nt_status = authsam_account_ok(tmp_ctx,
+				       kdc_entry->kdc_db_ctx->samdb,
+				       MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT |
+				       MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT,
+				       kdc_entry->realm_dn, kdc_entry->msg,
+				       workstation, client_name,
+				       true, password_change);
+
+	kdc_entry->reject_status = nt_status;
+	talloc_free(tmp_ctx);
+	return nt_status;
+}
+
+static krb5_error_code samba_get_requester_sid(TALLOC_CTX *mem_ctx,
+					       krb5_const_pac pac,
+					       krb5_context context,
+					       struct dom_sid *sid)
+{
+	NTSTATUS nt_status;
+	enum ndr_err_code ndr_err;
+	krb5_error_code ret = 0;
+
+	DATA_BLOB pac_requester_sid_in;
+	krb5_data k5pac_requester_sid_in;
+
+	union PAC_INFO info;
+
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		ret = ENOMEM;
+		goto out;
+	}
+
+	ret = krb5_pac_get_buffer(context, pac, PAC_TYPE_REQUESTER_SID,
+				  &k5pac_requester_sid_in);
+	if (ret != 0) {
+		goto out;
+	}
+
+	pac_requester_sid_in = data_blob_const(k5pac_requester_sid_in.data,
+					       k5pac_requester_sid_in.length);
+
+	ndr_err = ndr_pull_union_blob(&pac_requester_sid_in, tmp_ctx, &info,
+				      PAC_TYPE_REQUESTER_SID,
+				      (ndr_pull_flags_fn_t)ndr_pull_PAC_INFO);
+	smb_krb5_free_data_contents(context, &k5pac_requester_sid_in);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		nt_status = ndr_map_error2ntstatus(ndr_err);
+		DBG_ERR("can't parse the PAC REQUESTER_SID: %s\n", nt_errstr(nt_status));
+		ret = map_errno_from_nt_status(nt_status);
+		goto out;
+	}
+
+	*sid = info.requester_sid.sid;
+
+out:
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+/* Does a parse and SID check, but no crypto. */
+static krb5_error_code samba_kdc_validate_pac_blob(
+		krb5_context context,
+		const struct samba_kdc_entry_pac client)
+{
+	TALLOC_CTX *frame = talloc_stackframe();
+	struct auth_user_info_dc *pac_user_info = NULL;
+	struct dom_sid client_sid;
+	struct dom_sid pac_sid;
+	krb5_error_code code;
+	bool ok;
+
+	/*
+	 * First, try to get the SID from the requester SID buffer in the PAC.
+	 */
+	code = samba_get_requester_sid(frame, client.pac, context, &pac_sid);
+
+	if (code == ENOENT) {
+		/*
+		 * If the requester SID buffer isn't present, fall back to the
+		 * SID in the LOGON_INFO PAC buffer.
+		 */
+		code = kerberos_pac_to_user_info_dc(frame,
+						    client.pac,
+						    context,
+						    &pac_user_info,
+						    AUTH_EXCLUDE_RESOURCE_GROUPS,
+						    NULL,
+						    NULL,
+						    NULL);
+		if (code != 0) {
+			goto out;
+		}
+
+		if (pac_user_info->num_sids == 0) {
+			code = EINVAL;
+			goto out;
+		}
+
+		pac_sid = pac_user_info->sids[PRIMARY_USER_SID_INDEX].sid;
+	} else if (code != 0) {
+		goto out;
+	}
+
+	code = samdb_result_dom_sid_buf(client.entry->msg,
+					"objectSid",
+					&client_sid);
+	if (code) {
+		goto out;
+	}
+
+	ok = dom_sid_equal(&pac_sid, &client_sid);
+	if (!ok) {
+		struct dom_sid_buf buf1;
+		struct dom_sid_buf buf2;
+
+		DBG_ERR("SID mismatch between PAC and looked up client: "
+			"PAC[%s] != CLI[%s]\n",
+			dom_sid_str_buf(&pac_sid, &buf1),
+			dom_sid_str_buf(&client_sid, &buf2));
+			code = KRB5KDC_ERR_TGT_REVOKED;
+		goto out;
+	}
+
+	code = 0;
+out:
+	TALLOC_FREE(frame);
+	return code;
+}
+
+
+/*
+ * In the RODC case, to confirm that the returned user is permitted to
+ * be replicated to the KDC (krbgtgt_xxx user) represented by *rodc
+ */
+static WERROR samba_rodc_confirm_user_is_allowed(uint32_t num_object_sids,
+						 const struct dom_sid *object_sids,
+						 const struct samba_kdc_entry *rodc,
+						 const struct samba_kdc_entry *object)
+{
+	int ret;
+	WERROR werr;
+	TALLOC_CTX *frame = talloc_stackframe();
+	const char *rodc_attrs[] = { "msDS-KrbTgtLink",
+				     "msDS-NeverRevealGroup",
+				     "msDS-RevealOnDemandGroup",
+				     "userAccountControl",
+				     "objectSid",
+				     NULL };
+	struct ldb_result *rodc_machine_account = NULL;
+	struct ldb_dn *rodc_machine_account_dn = samdb_result_dn(rodc->kdc_db_ctx->samdb,
+						 frame,
+						 rodc->msg,
+						 "msDS-KrbTgtLinkBL",
+						 NULL);
+	const struct dom_sid *rodc_machine_account_sid = NULL;
+
+	if (rodc_machine_account_dn == NULL) {
+		DBG_ERR("krbtgt account %s has no msDS-KrbTgtLinkBL to find RODC machine account for allow/deny list\n",
+			ldb_dn_get_linearized(rodc->msg->dn));
+		TALLOC_FREE(frame);
+		return WERR_DOMAIN_CONTROLLER_NOT_FOUND;
+	}
+
+	/*
+	 * Follow the link and get the RODC account (the krbtgt
+	 * account is the krbtgt_XXX account, but the
+	 * msDS-NeverRevealGroup and msDS-RevealOnDemandGroup is on
+	 * the RODC$ account)
+	 *
+	 * We need DSDB_SEARCH_SHOW_EXTENDED_DN as we get a SID lists
+	 * out of the extended DNs
+	 */
+
+	ret = dsdb_search_dn(rodc->kdc_db_ctx->samdb,
+			     frame,
+			     &rodc_machine_account,
+			     rodc_machine_account_dn,
+			     rodc_attrs,
+			     DSDB_SEARCH_SHOW_EXTENDED_DN);
+	if (ret != LDB_SUCCESS) {
+		DBG_ERR("Failed to fetch RODC machine account %s pointed to by %s to check allow/deny list: %s\n",
+			ldb_dn_get_linearized(rodc_machine_account_dn),
+			ldb_dn_get_linearized(rodc->msg->dn),
+			ldb_errstring(rodc->kdc_db_ctx->samdb));
+		TALLOC_FREE(frame);
+		return WERR_DOMAIN_CONTROLLER_NOT_FOUND;
+	}
+
+	if (rodc_machine_account->count != 1) {
+		DBG_ERR("Failed to fetch RODC machine account %s pointed to by %s to check allow/deny list: (%d)\n",
+			ldb_dn_get_linearized(rodc_machine_account_dn),
+			ldb_dn_get_linearized(rodc->msg->dn),
+			rodc_machine_account->count);
+		TALLOC_FREE(frame);
+		return WERR_DS_DRA_BAD_DN;
+	}
+
+	/* if the object SID is equal to the user_sid, allow */
+	rodc_machine_account_sid = samdb_result_dom_sid(frame,
+					  rodc_machine_account->msgs[0],
+					  "objectSid");
+	if (rodc_machine_account_sid == NULL) {
+		TALLOC_FREE(frame);
+		return WERR_DS_DRA_BAD_DN;
+	}
+
+	werr = samdb_confirm_rodc_allowed_to_repl_to_sid_list(rodc->kdc_db_ctx->samdb,
+							      rodc_machine_account_sid,
+							      rodc_machine_account->msgs[0],
+							      object->msg,
+							      num_object_sids,
+							      object_sids);
+
+	TALLOC_FREE(frame);
+	return werr;
+}
+
+/*
+ * Perform an access check for the client attempting to authenticate to the
+ * server. ‘client_info’ must be talloc-allocated so that we can make a
+ * reference to it.
+ */
+krb5_error_code samba_kdc_allowed_to_authenticate_to(TALLOC_CTX *mem_ctx,
+						     struct ldb_context *samdb,
+						     struct loadparm_context *lp_ctx,
+						     const struct samba_kdc_entry *client,
+						     const struct auth_user_info_dc *client_info,
+						     const struct auth_user_info_dc *device_info,
+						     const struct auth_claims auth_claims,
+						     const struct samba_kdc_entry *server,
+						     struct authn_audit_info **server_audit_info_out,
+						     NTSTATUS *status_out)
+{
+	krb5_error_code ret = 0;
+	NTSTATUS status;
+	_UNUSED_ NTSTATUS _status;
+	struct dom_sid server_sid = {};
+	const struct authn_server_policy *server_policy = server->server_policy;
+
+	if (status_out != NULL) {
+		*status_out = NT_STATUS_OK;
+	}
+
+	ret = samdb_result_dom_sid_buf(server->msg, "objectSid", &server_sid);
+	if (ret) {
+		/*
+		 * Ignore the return status — we are already in an error path,
+		 * and overwriting the real error code with the audit info
+		 * status is unhelpful.
+		 */
+		_status = authn_server_policy_audit_info(mem_ctx,
+							 server_policy,
+							 client_info,
+							 AUTHN_AUDIT_EVENT_OTHER_ERROR,
+							 AUTHN_AUDIT_REASON_NONE,
+							 dsdb_ldb_err_to_ntstatus(ret),
+							 server_audit_info_out);
+		goto out;
+	}
+
+	if (dom_sid_equal(&client_info->sids[PRIMARY_USER_SID_INDEX].sid, &server_sid)) {
+		/* Authenticating to ourselves is always allowed. */
+		status = authn_server_policy_audit_info(mem_ctx,
+							server_policy,
+							client_info,
+							AUTHN_AUDIT_EVENT_OK,
+							AUTHN_AUDIT_REASON_NONE,
+							NT_STATUS_OK,
+							server_audit_info_out);
+		if (!NT_STATUS_IS_OK(status)) {
+			ret = KRB5KRB_ERR_GENERIC;
+		}
+		goto out;
+	}
+
+	status = authn_policy_authenticate_to_service(mem_ctx,
+						      samdb,
+						      lp_ctx,
+						      AUTHN_POLICY_AUTH_TYPE_KERBEROS,
+						      client_info,
+						      device_info,
+						      auth_claims,
+						      server_policy,
+						      (struct authn_policy_flags) { .force_compounded_authentication = true },
+						      server_audit_info_out);
+	if (!NT_STATUS_IS_OK(status)) {
+		if (status_out != NULL) {
+			*status_out = status;
+		}
+		if (NT_STATUS_EQUAL(status, NT_STATUS_AUTHENTICATION_FIREWALL_FAILED)) {
+			ret = KRB5KDC_ERR_POLICY;
+		} else if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
+			ret = KRB5KDC_ERR_POLICY;
+		} else {
+			ret = KRB5KRB_ERR_GENERIC;
+		}
+	}
+
+out:
+	return ret;
+}
+
+static krb5_error_code samba_kdc_add_domain_group_sid(struct PAC_DEVICE_INFO *info,
+						      const struct netr_SidAttr *sid)
+{
+	uint32_t i;
+	uint32_t rid;
+	NTSTATUS status;
+
+	uint32_t domain_group_count = info->domain_group_count;
+	struct PAC_DOMAIN_GROUP_MEMBERSHIP *domain_group = NULL;
+	struct samr_RidWithAttribute *rids = NULL;
+
+	for (i = 0; i < domain_group_count; ++i) {
+		struct PAC_DOMAIN_GROUP_MEMBERSHIP *this_domain_group
+			= &info->domain_groups[i];
+
+		if (dom_sid_in_domain(this_domain_group->domain_sid, sid->sid)) {
+			domain_group = this_domain_group;
+			break;
+		}
+	}
+
+	if (domain_group == NULL) {
+		struct PAC_DOMAIN_GROUP_MEMBERSHIP *domain_groups = NULL;
+
+		if (domain_group_count == UINT32_MAX) {
+			return EINVAL;
+		}
+
+		domain_groups = talloc_realloc(
+			info,
+			info->domain_groups,
+			struct PAC_DOMAIN_GROUP_MEMBERSHIP,
+			domain_group_count + 1);
+		if (domain_groups == NULL) {
+			return ENOMEM;
+		}
+
+		info->domain_groups = domain_groups;
+
+		domain_group = &info->domain_groups[domain_group_count++];
+		*domain_group = (struct PAC_DOMAIN_GROUP_MEMBERSHIP) {};
+
+		status = dom_sid_split_rid(info->domain_groups,
+					   sid->sid,
+					   &domain_group->domain_sid,
+					   &rid);
+		if (!NT_STATUS_IS_OK(status)) {
+			return map_errno_from_nt_status(status);
+		}
+	} else {
+		status = dom_sid_split_rid(NULL,
+					   sid->sid,
+					   NULL,
+					   &rid);
+		if (!NT_STATUS_IS_OK(status)) {
+			return map_errno_from_nt_status(status);
+		}
+	}
+
+	if (domain_group->groups.count == UINT32_MAX) {
+		return EINVAL;
+	}
+
+	rids = talloc_realloc(info->domain_groups,
+			      domain_group->groups.rids,
+			      struct samr_RidWithAttribute,
+			      domain_group->groups.count + 1);
+	if (rids == NULL) {
+		return ENOMEM;
+	}
+
+	domain_group->groups.rids = rids;
+
+	domain_group->groups.rids[domain_group->groups.count] = (struct samr_RidWithAttribute) {
+		.rid = rid,
+		.attributes = sid->attributes,
+	};
+
+	++domain_group->groups.count;
+
+	info->domain_group_count = domain_group_count;
+
+	return 0;
+}
+
+static krb5_error_code samba_kdc_make_device_info(TALLOC_CTX *mem_ctx,
+						  const struct netr_SamInfo3 *info3,
+						  struct PAC_DOMAIN_GROUP_MEMBERSHIP *resource_groups,
+						  union PAC_INFO *info)
+{
+	TALLOC_CTX *tmp_ctx = NULL;
+	struct PAC_DEVICE_INFO *device_info = NULL;
+	uint32_t i;
+	krb5_error_code ret = 0;
+
+	*info = (union PAC_INFO) {};
+
+	info->device_info.info = NULL;
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		return ENOMEM;
+	}
+
+	device_info = talloc(tmp_ctx, struct PAC_DEVICE_INFO);
+	if (device_info == NULL) {
+		ret = ENOMEM;
+		goto out;
+	}
+
+	device_info->rid = info3->base.rid;
+	device_info->primary_gid = info3->base.primary_gid;
+	device_info->domain_sid = info3->base.domain_sid;
+	device_info->groups = info3->base.groups;
+
+	device_info->sid_count = 0;
+	device_info->sids = NULL;
+
+	if (resource_groups != NULL) {
+		/*
+		 * The account's resource groups all belong to the same domain,
+		 * so we can add them all in one go.
+		 */
+		device_info->domain_group_count = 1;
+		device_info->domain_groups = talloc_move(device_info, &resource_groups);
+	} else {
+		device_info->domain_group_count = 0;
+		device_info->domain_groups = NULL;
+	}
+
+	for (i = 0; i < info3->sidcount; ++i) {
+		const struct netr_SidAttr *device_sid = &info3->sids[i];
+
+		if (dom_sid_has_account_domain(device_sid->sid)) {
+			ret = samba_kdc_add_domain_group_sid(device_info, device_sid);
+			if (ret != 0) {
+				goto out;
+			}
+		} else {
+			device_info->sids = talloc_realloc(device_info, device_info->sids,
+							   struct netr_SidAttr,
+							   device_info->sid_count + 1);
+			if (device_info->sids == NULL) {
+				ret = ENOMEM;
+				goto out;
+			}
+
+			device_info->sids[device_info->sid_count].sid = dom_sid_dup(device_info->sids, device_sid->sid);
+			if (device_info->sids[device_info->sid_count].sid == NULL) {
+				ret = ENOMEM;
+				goto out;
+			}
+
+			device_info->sids[device_info->sid_count].attributes = device_sid->attributes;
+
+			++device_info->sid_count;
+		}
+	}
+
+	info->device_info.info = talloc_steal(mem_ctx, device_info);
+
+out:
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+static krb5_error_code samba_kdc_update_device_info(TALLOC_CTX *mem_ctx,
+						      struct ldb_context *samdb,
+						      const union PAC_INFO *logon_info,
+						      struct PAC_DEVICE_INFO *device_info)
+{
+	NTSTATUS nt_status;
+	struct auth_user_info_dc *device_info_dc = NULL;
+	union netr_Validation validation;
+	uint32_t i;
+	uint32_t num_existing_sids;
+
+	/*
+	 * This does a bit of unnecessary work, setting up fields we don't care
+	 * about -- we only want the SIDs.
+	 */
+	validation.sam3 = &logon_info->logon_info.info->info3;
+	nt_status = make_user_info_dc_netlogon_validation(mem_ctx, "", 3, &validation,
+							  true, /* This user was authenticated */
+							  &device_info_dc);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		return map_errno_from_nt_status(nt_status);
+	}
+
+	num_existing_sids = device_info_dc->num_sids;
+
+	/*
+	 * We need to expand group memberships within our local domain,
+	 * as the token might be generated by a trusted domain.
+	 */
+	nt_status = authsam_update_user_info_dc(mem_ctx,
+						samdb,
+						device_info_dc);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		return map_errno_from_nt_status(nt_status);
+	}
+
+	for (i = num_existing_sids; i < device_info_dc->num_sids; ++i) {
+		struct auth_SidAttr *device_sid = &device_info_dc->sids[i];
+		const struct netr_SidAttr sid = (struct netr_SidAttr) {
+			.sid = &device_sid->sid,
+			.attributes = device_sid->attrs,
+		};
+
+		krb5_error_code ret = samba_kdc_add_domain_group_sid(device_info, &sid);
+		if (ret != 0) {
+			return ret;
+		}
+	}
+
+	return 0;
+}
+
+static krb5_error_code samba_kdc_get_device_info_pac_blob(TALLOC_CTX *mem_ctx,
+							  union PAC_INFO *info,
+							  DATA_BLOB **_device_info_blob)
+{
+	DATA_BLOB *device_info_blob = NULL;
+	enum ndr_err_code ndr_err;
+
+	*_device_info_blob = NULL;
+
+	device_info_blob = talloc_zero(mem_ctx, DATA_BLOB);
+	if (device_info_blob == NULL) {
+		DBG_ERR("Out of memory\n");
+		return ENOMEM;
+	}
+
+	ndr_err = ndr_push_union_blob(device_info_blob, device_info_blob,
+				      info, PAC_TYPE_DEVICE_INFO,
+				      (ndr_push_flags_fn_t)ndr_push_PAC_INFO);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
+		DBG_WARNING("PAC_DEVICE_INFO (presig) push failed: %s\n",
+			    nt_errstr(nt_status));
+		talloc_free(device_info_blob);
+		return map_errno_from_nt_status(nt_status);
+	}
+
+	*_device_info_blob = device_info_blob;
+
+	return 0;
+}
+
+static krb5_error_code samba_kdc_create_device_info_blob(TALLOC_CTX *mem_ctx,
+							 krb5_context context,
+							 struct ldb_context *samdb,
+							 const krb5_const_pac device_pac,
+							 DATA_BLOB **device_info_blob)
+{
+	TALLOC_CTX *frame = NULL;
+	krb5_data device_logon_info;
+	krb5_error_code code = EINVAL;
+	NTSTATUS nt_status;
+
+	union PAC_INFO info;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB device_logon_info_blob;
+
+	union PAC_INFO logon_info;
+
+	code = krb5_pac_get_buffer(context, device_pac,
+				   PAC_TYPE_LOGON_INFO,
+				   &device_logon_info);
+	if (code != 0) {
+		if (code == ENOENT) {
+			DBG_ERR("Device PAC is missing LOGON_INFO\n");
+		} else {
+			DBG_ERR("Error getting LOGON_INFO from device PAC\n");
+		}
+		return code;
+	}
+
+	frame = talloc_stackframe();
+
+	device_logon_info_blob = data_blob_const(device_logon_info.data,
+						 device_logon_info.length);
+
+	ndr_err = ndr_pull_union_blob(&device_logon_info_blob, frame, &logon_info,
+				      PAC_TYPE_LOGON_INFO,
+				      (ndr_pull_flags_fn_t)ndr_pull_PAC_INFO);
+	smb_krb5_free_data_contents(context, &device_logon_info);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		nt_status = ndr_map_error2ntstatus(ndr_err);
+		DBG_ERR("can't parse device PAC LOGON_INFO: %s\n",
+			nt_errstr(nt_status));
+		talloc_free(frame);
+		return map_errno_from_nt_status(nt_status);
+	}
+
+	/*
+	 * When creating the device info structure, existing resource groups are
+	 * discarded.
+	 */
+	code = samba_kdc_make_device_info(frame,
+					  &logon_info.logon_info.info->info3,
+					  NULL, /* resource_groups */
+					  &info);
+	if (code != 0) {
+		talloc_free(frame);
+		return code;
+	}
+
+	code = samba_kdc_update_device_info(frame,
+					    samdb,
+					    &logon_info,
+					    info.device_info.info);
+	if (code != 0) {
+		talloc_free(frame);
+		return code;
+	}
+
+	code = samba_kdc_get_device_info_pac_blob(mem_ctx,
+						  &info,
+						  device_info_blob);
+
+	talloc_free(frame);
+	return code;
+}
+
+static krb5_error_code samba_kdc_get_device_info_blob(TALLOC_CTX *mem_ctx,
+						      krb5_context context,
+						      struct ldb_context *samdb,
+						      const struct samba_kdc_entry_pac device,
+						      DATA_BLOB **device_info_blob)
+{
+	TALLOC_CTX *frame = NULL;
+	krb5_error_code code = EINVAL;
+	NTSTATUS nt_status;
+
+	const struct auth_user_info_dc *device_info = NULL;
+	struct netr_SamInfo3 *info3 = NULL;
+	struct PAC_DOMAIN_GROUP_MEMBERSHIP *resource_groups = NULL;
+
+	union PAC_INFO info;
+
+	frame = talloc_stackframe();
+
+	code = samba_kdc_get_user_info_dc(frame,
+					  context,
+					  samdb,
+					  device,
+					  &device_info,
+					  NULL /* resource_groups_out */);
+	if (code) {
+		const char *krb5_err = krb5_get_error_message(context, code);
+		DBG_ERR("samba_kdc_get_user_info_dc failed: %s\n",
+			krb5_err != NULL ? krb5_err : "<unknown>");
+		krb5_free_error_message(context, krb5_err);
+
+		talloc_free(frame);
+		return KRB5KDC_ERR_TGT_REVOKED;
+	}
+
+	nt_status = auth_convert_user_info_dc_saminfo3(frame, device_info,
+						       AUTH_INCLUDE_RESOURCE_GROUPS_COMPRESSED,
+						       &info3,
+						       &resource_groups);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		DBG_WARNING("Getting Samba info failed: %s\n",
+			    nt_errstr(nt_status));
+		talloc_free(frame);
+		return nt_status_to_krb5(nt_status);
+	}
+
+	code = samba_kdc_make_device_info(frame,
+					  info3,
+					  resource_groups,
+					  &info);
+	if (code != 0) {
+		talloc_free(frame);
+		return code;
+	}
+
+	code = samba_kdc_get_device_info_pac_blob(mem_ctx,
+						  &info,
+						  device_info_blob);
+
+	talloc_free(frame);
+	return code;
+}
+
+/**
+ * @brief Verify a PAC
+ *
+ * @param mem_ctx   A talloc memory context
+ *
+ * @param context   A krb5 context
+ *
+ * @param samdb     An open samdb connection.
+ *
+ * @param flags     Bitwise OR'ed flags
+ *
+ * @param client    The client samba kdc PAC entry.
+
+ * @param krbtgt    The krbtgt samba kdc entry.
+ *
+ * @return A Kerberos error code.
+ */
+krb5_error_code samba_kdc_verify_pac(TALLOC_CTX *mem_ctx,
+				     krb5_context context,
+				     struct ldb_context *samdb,
+				     uint32_t flags,
+				     const struct samba_kdc_entry_pac client,
+				     const struct samba_kdc_entry *krbtgt)
+{
+	TALLOC_CTX *tmp_ctx = NULL;
+	struct pac_blobs *pac_blobs = NULL;
+	krb5_error_code code = EINVAL;
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		code = ENOMEM;
+		goto done;
+	}
+
+	if (client.entry != NULL) {
+		/*
+		 * Check the objectSID of the client and pac data are the same.
+		 * Does a parse and SID check, but no crypto.
+		 */
+		code = samba_kdc_validate_pac_blob(context, client);
+		if (code != 0) {
+			goto done;
+		}
+	}
+
+	if (!samba_krb5_pac_is_trusted(client)) {
+		const struct auth_user_info_dc *user_info_dc = NULL;
+		WERROR werr;
+
+		struct dom_sid *object_sids = NULL;
+		uint32_t j;
+
+		if (client.entry == NULL) {
+			code = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
+			goto done;
+		}
+
+		code = samba_kdc_get_user_info_from_db(tmp_ctx,
+						       samdb,
+						       client.entry,
+						       client.entry->msg,
+						       &user_info_dc);
+		if (code) {
+			const char *krb5_err = krb5_get_error_message(context, code);
+			DBG_ERR("Getting user info for PAC failed: %s\n",
+				krb5_err != NULL ? krb5_err : "<unknown>");
+			krb5_free_error_message(context, krb5_err);
+
+			code = KRB5KDC_ERR_TGT_REVOKED;
+			goto done;
+		}
+
+		/*
+		 * Check if the SID list in the user_info_dc intersects
+		 * correctly with the RODC allow/deny lists.
+		 */
+		object_sids = talloc_array(tmp_ctx, struct dom_sid, user_info_dc->num_sids);
+		if (object_sids == NULL) {
+			code = ENOMEM;
+			goto done;
+		}
+
+		for (j = 0; j < user_info_dc->num_sids; ++j) {
+			object_sids[j] = user_info_dc->sids[j].sid;
+		}
+
+		werr = samba_rodc_confirm_user_is_allowed(user_info_dc->num_sids,
+							  object_sids,
+							  krbtgt,
+							  client.entry);
+		if (!W_ERROR_IS_OK(werr)) {
+			code = KRB5KDC_ERR_TGT_REVOKED;
+			if (W_ERROR_EQUAL(werr,
+					  WERR_DOMAIN_CONTROLLER_NOT_FOUND)) {
+				code = KRB5KDC_ERR_POLICY;
+			}
+			goto done;
+		}
+
+		/*
+		 * The RODC PAC data isn't trusted for authorization as it may
+		 * be stale. The only thing meaningful we can do with an RODC
+		 * account on a full DC is exchange the RODC TGT for a 'real'
+		 * TGT.
+		 *
+		 * So we match Windows (at least server 2022) and
+		 * don't allow S4U2Self.
+		 *
+		 * https://lists.samba.org/archive/cifs-protocol/2022-April/003673.html
+		 */
+		if (flags & SAMBA_KDC_FLAG_PROTOCOL_TRANSITION) {
+			code = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
+			goto done;
+		}
+	}
+
+	/* Check the types of the given PAC */
+
+	code = pac_blobs_from_krb5_pac(tmp_ctx,
+				       context,
+				       client.pac,
+				       &pac_blobs);
+	if (code != 0) {
+		goto done;
+	}
+
+	code = pac_blobs_ensure_exists(pac_blobs,
+				       PAC_TYPE_LOGON_INFO);
+	if (code != 0) {
+		goto done;
+	}
+
+	code = pac_blobs_ensure_exists(pac_blobs,
+				       PAC_TYPE_LOGON_NAME);
+	if (code != 0) {
+		goto done;
+	}
+
+	code = pac_blobs_ensure_exists(pac_blobs,
+				       PAC_TYPE_SRV_CHECKSUM);
+	if (code != 0) {
+		goto done;
+	}
+
+	code = pac_blobs_ensure_exists(pac_blobs,
+				       PAC_TYPE_KDC_CHECKSUM);
+	if (code != 0) {
+		goto done;
+	}
+
+	if (!(flags & SAMBA_KDC_FLAG_CONSTRAINED_DELEGATION)) {
+		code = pac_blobs_ensure_exists(pac_blobs,
+					       PAC_TYPE_REQUESTER_SID);
+		if (code != 0) {
+			code = KRB5KDC_ERR_TGT_REVOKED;
+			goto done;
+		}
+	}
+
+	code = 0;
+
+done:
+	talloc_free(tmp_ctx);
+
+	return code;
+}
+
+/**
+ * @brief Update a PAC
+ *
+ * @param mem_ctx   A talloc memory context
+ *
+ * @param context   A krb5 context
+ *
+ * @param samdb     An open samdb connection.
+ *
+ * @param lp_ctx    A loadparm context.
+ *
+ * @param flags     Bitwise OR'ed flags
+ *
+ * @param device_pac_is_trusted Whether the device's PAC was issued by a trusted server,
+ *                              as opposed to an RODC.
+ *
+ * @param client    The client samba kdc PAC entry.
+ *
+ * @param server_principal  The server principal
+ *
+ * @param server    The server samba kdc entry.
+ *
+ * @param delegated_proxy_principal The delegated proxy principal used for
+ *                                  updating the constrained delegation PAC
+ *                                  buffer.
+ *
+ * @param delegated_proxy   The delegated proxy kdc PAC entry.
+ *
+ * @param device    The computer's samba kdc PAC entry; used for compound
+ *                  authentication.
+ *
+ * @param new_pac                   The new already allocated PAC
+ *
+ * @return A Kerberos error code. If no PAC should be returned, the code will be
+ * ENOATTR!
+ */
+krb5_error_code samba_kdc_update_pac(TALLOC_CTX *mem_ctx,
+				     krb5_context context,
+				     struct ldb_context *samdb,
+				     struct loadparm_context *lp_ctx,
+				     uint32_t flags,
+				     const struct samba_kdc_entry_pac client,
+				     const krb5_const_principal server_principal,
+				     const struct samba_kdc_entry *server,
+				     const krb5_const_principal delegated_proxy_principal,
+				     const struct samba_kdc_entry_pac delegated_proxy,
+				     const struct samba_kdc_entry_pac device,
+				     krb5_pac new_pac,
+				     struct authn_audit_info **server_audit_info_out,
+				     NTSTATUS *status_out)
+{
+	TALLOC_CTX *tmp_ctx = NULL;
+	krb5_error_code code = EINVAL;
+	NTSTATUS nt_status;
+	DATA_BLOB *pac_blob = NULL;
+	DATA_BLOB *upn_blob = NULL;
+	DATA_BLOB *deleg_blob = NULL;
+	DATA_BLOB *requester_sid_blob = NULL;
+	const DATA_BLOB *client_claims_blob = NULL;
+	DATA_BLOB device_claims_blob = {};
+	const DATA_BLOB *device_claims_blob_ptr = NULL;
+	struct auth_claims auth_claims = {};
+	DATA_BLOB *device_info_blob = NULL;
+	bool is_tgs = false;
+	bool server_restrictions_present = false;
+	struct pac_blobs *pac_blobs = NULL;
+	const struct auth_user_info_dc *user_info_dc_const = NULL;
+	struct auth_user_info_dc *user_info_dc_shallow_copy = NULL;
+	const struct PAC_DOMAIN_GROUP_MEMBERSHIP *_resource_groups = NULL;
+	enum auth_group_inclusion group_inclusion;
+	bool compounded_auth;
+	size_t i = 0;
+
+	if (server_audit_info_out != NULL) {
+		*server_audit_info_out = NULL;
+	}
+
+	if (status_out != NULL) {
+		*status_out = NT_STATUS_OK;
+	}
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		code = ENOMEM;
+		goto done;
+	}
+
+	{
+		int result = smb_krb5_principal_is_tgs(context, server_principal);
+		if (result == -1) {
+			code = ENOMEM;
+			goto done;
+		}
+
+		is_tgs = result;
+	}
+
+	server_restrictions_present = !is_tgs && authn_policy_restrictions_present(server->server_policy);
+
+	/* Only include resource groups in a service ticket. */
+	if (is_tgs) {
+		group_inclusion = AUTH_EXCLUDE_RESOURCE_GROUPS;
+	} else if (server->supported_enctypes & KERB_ENCTYPE_RESOURCE_SID_COMPRESSION_DISABLED) {
+		group_inclusion = AUTH_INCLUDE_RESOURCE_GROUPS;
+	} else {
+		group_inclusion = AUTH_INCLUDE_RESOURCE_GROUPS_COMPRESSED;
+	}
+
+	compounded_auth = device.entry != NULL && !is_tgs
+		&& server->supported_enctypes & KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED;
+
+	if (compounded_auth || (server_restrictions_present && device.entry != NULL)) {
+		/*
+		 * [MS-KILE] 3.3.5.7.4 Compound Identity: the client claims from
+		 * the device PAC become the device claims in the new PAC.
+		 */
+		code = samba_kdc_get_claims_data(tmp_ctx,
+						 context,
+						 samdb,
+						 device,
+						 &auth_claims.device_claims);
+		if (code) {
+			goto done;
+		}
+
+		if (compounded_auth) {
+			nt_status = claims_data_encoded_claims_set(tmp_ctx,
+								   auth_claims.device_claims,
+								   &device_claims_blob);
+			if (!NT_STATUS_IS_OK(nt_status)) {
+				DBG_ERR("claims_data_encoded_claims_set failed: %s\n",
+					nt_errstr(nt_status));
+				code = map_errno_from_nt_status(nt_status);
+				goto done;
+			}
+
+			device_claims_blob_ptr = &device_claims_blob;
+
+			if (samba_krb5_pac_is_trusted(device)) {
+				code = samba_kdc_create_device_info_blob(tmp_ctx,
+									 context,
+									 samdb,
+									 device.pac,
+									 &device_info_blob);
+				if (code != 0) {
+					goto done;
+				}
+			} else {
+				/* Don't trust an RODC�issued PAC; regenerate the device info. */
+				code = samba_kdc_get_device_info_blob(tmp_ctx,
+								      context,
+								      samdb,
+								      device,
+								      &device_info_blob);
+				if (code != 0) {
+					goto done;
+				}
+			}
+		}
+	}
+
+	if (delegated_proxy_principal != NULL) {
+		deleg_blob = talloc_zero(tmp_ctx, DATA_BLOB);
+		if (deleg_blob == NULL) {
+			code = ENOMEM;
+			goto done;
+		}
+
+		nt_status = samba_kdc_update_delegation_info_blob(
+				deleg_blob,
+				context,
+				client.pac,
+				server_principal,
+				delegated_proxy_principal,
+				deleg_blob);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			DBG_ERR("update delegation info blob failed: %s\n",
+				nt_errstr(nt_status));
+			code = map_errno_from_nt_status(nt_status);
+			goto done;
+		}
+	}
+
+	/*
+	 * If we are creating a TGT, resource groups from our domain are not to
+	 * be put into the PAC. Instead, we take the resource groups directly
+	 * from the original PAC and copy them unmodified into the new one.
+	 */
+	code = samba_kdc_get_user_info_dc(tmp_ctx,
+					  context,
+					  samdb,
+					  client,
+					  &user_info_dc_const,
+					  is_tgs ? &_resource_groups : NULL);
+	if (code != 0) {
+		const char *err_str = krb5_get_error_message(context, code);
+		DBG_ERR("samba_kdc_get_user_info_dc failed: %s\n",
+			err_str != NULL ? err_str : "<unknown>");
+		krb5_free_error_message(context, err_str);
+
+		goto done;
+	}
+
+	/*
+	 * Enforce the AllowedToAuthenticateTo part of an authentication policy,
+	 * if one is present.
+	 */
+	if (server_restrictions_present) {
+		struct samba_kdc_entry_pac auth_entry;
+		const struct auth_user_info_dc *auth_user_info_dc = NULL;
+		const struct auth_user_info_dc *device_info = NULL;
+
+		if (delegated_proxy.entry != NULL) {
+			auth_entry = delegated_proxy;
+
+			code = samba_kdc_get_user_info_dc(tmp_ctx,
+							  context,
+							  samdb,
+							  delegated_proxy,
+							  &auth_user_info_dc,
+							  NULL /* resource_groups_out */);
+			if (code) {
+				goto done;
+			}
+		} else {
+			auth_entry = client;
+			auth_user_info_dc = user_info_dc_const;
+		}
+
+		/* Fetch the user’s claims. */
+		code = samba_kdc_get_claims_data(tmp_ctx,
+						 context,
+						 samdb,
+						 auth_entry,
+						 &auth_claims.user_claims);
+		if (code) {
+			goto done;
+		}
+
+		if (device.entry != NULL) {
+			code = samba_kdc_get_user_info_dc(tmp_ctx,
+							  context,
+							  samdb,
+							  device,
+							  &device_info,
+							  NULL /* resource_groups_out */);
+			if (code) {
+				goto done;
+			}
+		}
+
+		/*
+		 * Allocate the audit info and output status on to the parent
+		 * mem_ctx, not the temporary context.
+		 */
+		code = samba_kdc_allowed_to_authenticate_to(mem_ctx,
+							    samdb,
+							    lp_ctx,
+							    auth_entry.entry,
+							    auth_user_info_dc,
+							    device_info,
+							    auth_claims,
+							    server,
+							    server_audit_info_out,
+							    status_out);
+		if (code) {
+			goto done;
+		}
+	}
+
+	if (compounded_auth) {
+		/* Make a shallow copy of the user_info_dc structure. */
+		nt_status = authsam_shallow_copy_user_info_dc(tmp_ctx,
+							      user_info_dc_const,
+							      &user_info_dc_shallow_copy);
+		user_info_dc_const = NULL;
+
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			DBG_ERR("Failed to copy user_info_dc: %s\n",
+				nt_errstr(nt_status));
+
+			code = KRB5KDC_ERR_TGT_REVOKED;
+			goto done;
+		}
+
+		nt_status = samba_kdc_add_compounded_auth(user_info_dc_shallow_copy);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			DBG_ERR("Failed to add Compounded Authentication: %s\n",
+				nt_errstr(nt_status));
+
+			code = KRB5KDC_ERR_TGT_REVOKED;
+			goto done;
+		}
+
+		/* We can now set back to the const, it will not be modified */
+		user_info_dc_const = user_info_dc_shallow_copy;
+	}
+
+	if (samba_krb5_pac_is_trusted(client)) {
+		pac_blob = talloc_zero(tmp_ctx, DATA_BLOB);
+		if (pac_blob == NULL) {
+			code = ENOMEM;
+			goto done;
+		}
+
+		nt_status = samba_get_logon_info_pac_blob(tmp_ctx,
+							  user_info_dc_const,
+							  _resource_groups,
+							  group_inclusion,
+							  pac_blob);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			DBG_ERR("samba_get_logon_info_pac_blob failed: %s\n",
+				nt_errstr(nt_status));
+
+			code = map_errno_from_nt_status(nt_status);
+			goto done;
+		}
+
+		/*
+		 * TODO: we need claim translation over trusts,
+		 * for now we just clear them...
+		 */
+		if (samba_kdc_entry_pac_issued_by_trust(client)) {
+			client_claims_blob = &data_blob_null;
+		}
+	} else {
+		nt_status = samba_kdc_get_logon_info_blob(tmp_ctx,
+							  user_info_dc_const,
+							  group_inclusion,
+							  &pac_blob);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			DBG_ERR("samba_kdc_get_logon_info_blob failed: %s\n",
+				nt_errstr(nt_status));
+			code = KRB5KDC_ERR_TGT_REVOKED;
+			goto done;
+		}
+
+		nt_status = samba_kdc_get_upn_info_blob(tmp_ctx,
+							user_info_dc_const,
+							&upn_blob);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			DBG_ERR("samba_kdc_get_upn_info_blob failed: %s\n",
+				nt_errstr(nt_status));
+			code = KRB5KDC_ERR_TGT_REVOKED;
+			goto done;
+		}
+
+		if (is_tgs) {
+			nt_status = samba_kdc_get_requester_sid_blob(tmp_ctx,
+								     user_info_dc_const,
+								     &requester_sid_blob);
+			if (!NT_STATUS_IS_OK(nt_status)) {
+				DBG_ERR("samba_kdc_get_requester_sid_blob failed: %s\n",
+					nt_errstr(nt_status));
+				code = KRB5KDC_ERR_TGT_REVOKED;
+				goto done;
+			}
+		}
+
+		/* Don't trust RODC-issued claims. Regenerate them. */
+		nt_status = samba_kdc_get_claims_blob(tmp_ctx,
+						      client.entry,
+						      &client_claims_blob);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			DBG_ERR("samba_kdc_get_claims_blob failed: %s\n",
+				nt_errstr(nt_status));
+			code = map_errno_from_nt_status(nt_status);
+			goto done;
+		}
+	}
+
+	/* Check the types of the given PAC */
+	code = pac_blobs_from_krb5_pac(tmp_ctx,
+				       context,
+				       client.pac,
+				       &pac_blobs);
+	if (code != 0) {
+		goto done;
+	}
+
+	code = pac_blobs_replace_existing(pac_blobs,
+					  PAC_TYPE_LOGON_INFO,
+					  pac_blob);
+	if (code != 0) {
+		goto done;
+	}
+
+#ifdef SAMBA4_USES_HEIMDAL
+	/* Not needed with MIT Kerberos */
+	code = pac_blobs_replace_existing(pac_blobs,
+					  PAC_TYPE_LOGON_NAME,
+					  &data_blob_null);
+	if (code != 0) {
+		goto done;
+	}
+
+	code = pac_blobs_replace_existing(pac_blobs,
+					  PAC_TYPE_SRV_CHECKSUM,
+					  &data_blob_null);
+	if (code != 0) {
+		goto done;
+	}
+
+	code = pac_blobs_replace_existing(pac_blobs,
+					  PAC_TYPE_KDC_CHECKSUM,
+					  &data_blob_null);
+	if (code != 0) {
+		goto done;
+	}
+#endif
+
+	code = pac_blobs_add_blob(pac_blobs,
+				  PAC_TYPE_CONSTRAINED_DELEGATION,
+				  deleg_blob);
+	if (code != 0) {
+		goto done;
+	}
+
+	code = pac_blobs_add_blob(pac_blobs,
+				  PAC_TYPE_UPN_DNS_INFO,
+				  upn_blob);
+	if (code != 0) {
+		goto done;
+	}
+
+	code = pac_blobs_add_blob(pac_blobs,
+				  PAC_TYPE_CLIENT_CLAIMS_INFO,
+				  client_claims_blob);
+	if (code != 0) {
+		goto done;
+	}
+
+	code = pac_blobs_add_blob(pac_blobs,
+				  PAC_TYPE_DEVICE_INFO,
+				  device_info_blob);
+	if (code != 0) {
+		goto done;
+	}
+
+	code = pac_blobs_add_blob(pac_blobs,
+				  PAC_TYPE_DEVICE_CLAIMS_INFO,
+				  device_claims_blob_ptr);
+	if (code != 0) {
+		goto done;
+	}
+
+	if (!samba_krb5_pac_is_trusted(client) || !is_tgs) {
+		pac_blobs_remove_blob(pac_blobs,
+				      PAC_TYPE_ATTRIBUTES_INFO);
+	}
+
+	if (!is_tgs) {
+		pac_blobs_remove_blob(pac_blobs,
+				      PAC_TYPE_REQUESTER_SID);
+	}
+
+	code = pac_blobs_add_blob(pac_blobs,
+				  PAC_TYPE_REQUESTER_SID,
+				  requester_sid_blob);
+	if (code != 0) {
+		goto done;
+	}
+
+	/*
+	 * The server account may be set not to want the PAC.
+	 *
+	 * While this is wasteful if the above calculations were done
+	 * and now thrown away, this is cleaner as we do any ticket
+	 * signature checking etc always.
+	 *
+	 * UF_NO_AUTH_DATA_REQUIRED is the rare case and most of the
+	 * time (eg not accepting a ticket from the RODC) we do not
+	 * need to re-generate anything anyway.
+	 */
+	if (!samba_princ_needs_pac(server)) {
+		code = ENOATTR;
+		goto done;
+	}
+
+	if (samba_krb5_pac_is_trusted(client) && !is_tgs) {
+		/*
+		 * The client may have requested no PAC when obtaining the
+		 * TGT.
+		 */
+		bool requested_pac = false;
+
+		code = samba_client_requested_pac(context,
+						  client.pac,
+						  tmp_ctx,
+						  &requested_pac);
+		if (code != 0 || !requested_pac) {
+			if (!requested_pac) {
+				code = ENOATTR;
+			}
+			goto done;
+		}
+	}
+
+	for (i = 0; i < pac_blobs->num_types; ++i) {
+		krb5_data type_data;
+		const DATA_BLOB *type_blob = pac_blobs->type_blobs[i].data;
+		uint32_t type = pac_blobs->type_blobs[i].type;
+
+		static char null_byte = '\0';
+		const krb5_data null_data = smb_krb5_make_data(&null_byte, 0);
+
+#ifndef SAMBA4_USES_HEIMDAL
+		/* Not needed with MIT Kerberos */
+		switch(type) {
+		case PAC_TYPE_LOGON_NAME:
+		case PAC_TYPE_SRV_CHECKSUM:
+		case PAC_TYPE_KDC_CHECKSUM:
+		case PAC_TYPE_FULL_CHECKSUM:
+			continue;
+		default:
+			break;
+		}
+#endif
+
+		if (type_blob != NULL) {
+			type_data = smb_krb5_data_from_blob(*type_blob);
+			/*
+			 * Passing a NULL pointer into krb5_pac_add_buffer() is
+			 * not allowed, so pass null_data instead if needed.
+			 */
+			code = krb5_pac_add_buffer(context,
+						   new_pac,
+						   type,
+						   (type_data.data != NULL) ? &type_data : &null_data);
+			if (code != 0) {
+				goto done;
+			}
+		} else if (samba_krb5_pac_is_trusted(client)) {
+			/*
+			 * Convey the buffer from the original PAC if we can
+			 * trust it.
+			 */
+
+			code = krb5_pac_get_buffer(context,
+						   client.pac,
+						   type,
+						   &type_data);
+			if (code != 0) {
+				goto done;
+			}
+			/*
+			 * Passing a NULL pointer into krb5_pac_add_buffer() is
+			 * not allowed, so pass null_data instead if needed.
+			 */
+			code = krb5_pac_add_buffer(context,
+						   new_pac,
+						   type,
+						   (type_data.data != NULL) ? &type_data : &null_data);
+			smb_krb5_free_data_contents(context, &type_data);
+			if (code != 0) {
+				goto done;
+			}
+		}
+	}
+
+	code = 0;
+done:
+	TALLOC_FREE(tmp_ctx);
+	return code;
+}
+
+krb5_error_code samba_kdc_get_claims_data(TALLOC_CTX *mem_ctx,
+					  krb5_context context,
+					  struct ldb_context *samdb,
+					  struct samba_kdc_entry_pac entry,
+					  struct claims_data **claims_data_out)
+{
+	if (samba_kdc_entry_pac_issued_by_trust(entry)) {
+		NTSTATUS status;
+
+		/*
+		 * TODO: we need claim translation over trusts; for now we just
+		 * clear them…
+		 */
+		status = claims_data_from_encoded_claims_set(mem_ctx,
+							     NULL,
+							     claims_data_out);
+		if (!NT_STATUS_IS_OK(status)) {
+			return map_errno_from_nt_status(status);
+		}
+
+		return 0;
+	}
+
+	if (samba_krb5_pac_is_trusted(entry)) {
+		return samba_kdc_get_claims_data_from_pac(mem_ctx,
+							  context,
+							  entry,
+							  claims_data_out);
+	}
+
+	return samba_kdc_get_claims_data_from_db(samdb,
+						 entry.entry,
+						 claims_data_out);
+}
+
+krb5_error_code samba_kdc_get_claims_data_from_pac(TALLOC_CTX *mem_ctx,
+						   krb5_context context,
+						   struct samba_kdc_entry_pac entry,
+						   struct claims_data **claims_data_out)
+{
+	TALLOC_CTX *frame = NULL;
+	krb5_data claims_info = {};
+	struct claims_data *claims_data = NULL;
+	NTSTATUS status = NT_STATUS_OK;
+	krb5_error_code code;
+
+	if (!samba_krb5_pac_is_trusted(entry)) {
+		code = EINVAL;
+		goto out;
+	}
+
+	if (samba_kdc_entry_pac_issued_by_trust(entry)) {
+		code = EINVAL;
+		goto out;
+	}
+
+	if (claims_data_out == NULL) {
+		code = EINVAL;
+		goto out;
+	}
+
+	*claims_data_out = NULL;
+
+	if (entry.entry != NULL && entry.entry->claims_from_pac_are_initialized) {
+		/* Note: the caller does not own this! */
+		*claims_data_out = entry.entry->claims_from_pac;
+		return 0;
+	}
+
+	frame = talloc_stackframe();
+
+	/* Fetch the claims from the PAC. */
+	code = krb5_pac_get_buffer(context, entry.pac,
+				   PAC_TYPE_CLIENT_CLAIMS_INFO,
+				   &claims_info);
+	if (code == ENOENT) {
+		/* OK. */
+	} else if (code != 0) {
+		DBG_ERR("Error getting CLIENT_CLAIMS_INFO from PAC\n");
+		goto out;
+	} else if (claims_info.length) {
+		DATA_BLOB claims_blob = data_blob_const(claims_info.data,
+							claims_info.length);
+
+		status = claims_data_from_encoded_claims_set(frame,
+							     &claims_blob,
+							     &claims_data);
+		if (!NT_STATUS_IS_OK(status)) {
+			code = map_errno_from_nt_status(status);
+			goto out;
+		}
+	}
+
+	if (entry.entry != NULL) {
+		/* Note: the caller does not own this! */
+		entry.entry->claims_from_pac = talloc_steal(entry.entry,
+							    claims_data);
+		entry.entry->claims_from_pac_are_initialized = true;
+	} else {
+		talloc_steal(mem_ctx, claims_data);
+	}
+
+	*claims_data_out = claims_data;
+
+out:
+	smb_krb5_free_data_contents(context, &claims_info);
+	talloc_free(frame);
+	return code;
+}
+
+krb5_error_code samba_kdc_get_claims_data_from_db(struct ldb_context *samdb,
+						  struct samba_kdc_entry *entry,
+						  struct claims_data **claims_data_out)
+{
+	TALLOC_CTX *frame = NULL;
+
+	struct claims_data *claims_data = NULL;
+	struct CLAIMS_SET *claims_set = NULL;
+	NTSTATUS status = NT_STATUS_OK;
+	krb5_error_code code;
+
+	if (samdb == NULL) {
+		code = EINVAL;
+		goto out;
+	}
+
+	if (claims_data_out == NULL) {
+		code = EINVAL;
+		goto out;
+	}
+
+	if (entry == NULL) {
+		code = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
+		goto out;
+	}
+
+	*claims_data_out = NULL;
+
+	if (entry->claims_from_db_are_initialized) {
+		/* Note: the caller does not own this! */
+		*claims_data_out = entry->claims_from_db;
+		return 0;
+	}
+
+	frame = talloc_stackframe();
+
+	code = get_claims_set_for_principal(samdb,
+					    frame,
+					    entry->msg,
+					    &claims_set);
+	if (code) {
+		DBG_ERR("Failed to fetch claims\n");
+		goto out;
+	}
+
+	if (claims_set != NULL) {
+		status = claims_data_from_claims_set(claims_data,
+						     claims_set,
+						     &claims_data);
+		if (!NT_STATUS_IS_OK(status)) {
+			code = map_errno_from_nt_status(status);
+			goto out;
+		}
+	}
+
+	entry->claims_from_db = talloc_steal(entry,
+					     claims_data);
+	entry->claims_from_db_are_initialized = true;
+
+	/* Note: the caller does not own this! */
+	*claims_data_out = entry->claims_from_db;
+
+out:
+	talloc_free(frame);
+	return code;
+}
+
+krb5_error_code samba_kdc_check_device(TALLOC_CTX *mem_ctx,
+				       krb5_context context,
+				       struct ldb_context *samdb,
+				       struct loadparm_context *lp_ctx,
+				       const struct samba_kdc_entry_pac device,
+				       const struct authn_kerberos_client_policy *client_policy,
+				       struct authn_audit_info **client_audit_info_out,
+				       NTSTATUS *status_out)
+{
+	TALLOC_CTX *frame = NULL;
+	krb5_error_code code = 0;
+	NTSTATUS nt_status;
+	const struct auth_user_info_dc *device_info = NULL;
+	struct authn_audit_info *client_audit_info = NULL;
+	struct auth_claims auth_claims = {};
+
+	if (status_out != NULL) {
+		*status_out = NT_STATUS_OK;
+	}
+
+	if (!authn_policy_device_restrictions_present(client_policy)) {
+		return 0;
+	}
+
+	if (device.entry == NULL || device.pac == NULL) {
+		NTSTATUS out_status = NT_STATUS_INVALID_WORKSTATION;
+
+		nt_status = authn_kerberos_client_policy_audit_info(mem_ctx,
+								    client_policy,
+								    NULL /* client_info */,
+								    AUTHN_AUDIT_EVENT_KERBEROS_DEVICE_RESTRICTION,
+								    AUTHN_AUDIT_REASON_FAST_REQUIRED,
+								    out_status,
+								    client_audit_info_out);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			code = KRB5KRB_ERR_GENERIC;
+		} else if (authn_kerberos_client_policy_is_enforced(client_policy)) {
+			code = KRB5KDC_ERR_POLICY;
+
+			if (status_out != NULL) {
+				*status_out = out_status;
+			}
+		} else {
+			/* OK. */
+			code = 0;
+		}
+
+		goto out;
+	}
+
+	frame = talloc_stackframe();
+
+	code = samba_kdc_get_user_info_dc(frame,
+					  context,
+					  samdb,
+					  device,
+					  &device_info,
+					  NULL);
+	if (code) {
+		goto out;
+	}
+
+	/*
+	 * The device claims become the *user* claims for the purpose of
+	 * evaluating a conditional ACE expression.
+	 */
+	code = samba_kdc_get_claims_data(frame,
+					 context,
+					 samdb,
+					 device,
+					 &auth_claims.user_claims);
+	if (code) {
+		goto out;
+	}
+
+	nt_status = authn_policy_authenticate_from_device(frame,
+							  samdb,
+							  lp_ctx,
+							  device_info,
+							  auth_claims,
+							  client_policy,
+							  &client_audit_info);
+	if (client_audit_info != NULL) {
+		*client_audit_info_out = talloc_move(mem_ctx, &client_audit_info);
+	}
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		if (NT_STATUS_EQUAL(nt_status, NT_STATUS_AUTHENTICATION_FIREWALL_FAILED)) {
+			code = KRB5KDC_ERR_POLICY;
+		} else {
+			code = KRB5KRB_ERR_GENERIC;
+		}
+
+		goto out;
+	}
+
+out:
+	talloc_free(frame);
+	return code;
+}
diff --git a/source4/kdc/pac-glue.h b/source4/kdc/pac-glue.h
new file mode 100644
index 0000000..1b4444a
--- /dev/null
+++ b/source4/kdc/pac-glue.h
@@ -0,0 +1,202 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   PAC Glue between Samba and the KDC
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2009
+   Copyright (C) Simo Sorce <idra@samba.org> 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "system/kerberos.h"
+#include "auth/kerberos/kerberos.h"
+#include <krb5/krb5.h>
+
+#include "lib/util/data_blob.h"
+#include "lib/util/time.h"
+#include "libcli/util/ntstatus.h"
+#include "libcli/util/werror.h"
+#include "librpc/gen_ndr/auth.h"
+#include "kdc/samba_kdc.h"
+#include "lib/krb5_wrap/krb5_samba.h"
+#include "auth/session.h"
+
+enum samba_asserted_identity {
+	SAMBA_ASSERTED_IDENTITY_IGNORE = 0,
+	SAMBA_ASSERTED_IDENTITY_SERVICE,
+	SAMBA_ASSERTED_IDENTITY_AUTHENTICATION_AUTHORITY,
+};
+
+enum {
+	SAMBA_KDC_FLAG_PROTOCOL_TRANSITION    = 0x00000001,
+	SAMBA_KDC_FLAG_CONSTRAINED_DELEGATION = 0x00000002,
+};
+
+bool samba_kdc_entry_is_trust(const struct samba_kdc_entry *entry);
+
+struct samba_kdc_entry_pac {
+	struct samba_kdc_entry *entry;
+	krb5_const_pac pac; /* NULL indicates that no PAC is present. */
+	bool is_from_trust : 1;
+#ifndef HAVE_KRB5_PAC_IS_TRUSTED /* MIT */
+	bool pac_is_trusted : 1;
+#endif /* HAVE_KRB5_PAC_IS_TRUSTED */
+};
+
+/*
+ * Return true if this entry has an associated PAC issued or signed by a KDC
+ * that our KDC trusts. We trust the main krbtgt account, but we don’t trust any
+ * RODC krbtgt besides ourselves.
+ */
+bool samba_krb5_pac_is_trusted(const struct samba_kdc_entry_pac pac);
+
+#ifdef HAVE_KRB5_PAC_IS_TRUSTED /* Heimdal */
+struct samba_kdc_entry_pac samba_kdc_entry_pac(krb5_const_pac pac,
+					       struct samba_kdc_entry *entry,
+					       bool is_from_trust);
+#else /* MIT */
+struct samba_kdc_entry_pac samba_kdc_entry_pac_from_trusted(krb5_const_pac pac,
+							    struct samba_kdc_entry *entry,
+							    bool is_from_trust,
+							    bool is_trusted);
+#endif /* HAVE_KRB5_PAC_IS_TRUSTED */
+
+krb5_error_code samba_kdc_encrypt_pac_credentials(krb5_context context,
+						  const krb5_keyblock *pkreplykey,
+						  const DATA_BLOB *cred_ndr_blob,
+						  TALLOC_CTX *mem_ctx,
+						  DATA_BLOB *cred_info_blob);
+
+krb5_error_code samba_make_krb5_pac(krb5_context context,
+				    const DATA_BLOB *logon_blob,
+				    const DATA_BLOB *cred_blob,
+				    const DATA_BLOB *upn_blob,
+				    const DATA_BLOB *pac_attrs_blob,
+				    const DATA_BLOB *requester_sid_blob,
+				    const DATA_BLOB *deleg_blob,
+				    const DATA_BLOB *client_claims_blob,
+				    const DATA_BLOB *device_info_blob,
+				    const DATA_BLOB *device_claims_blob,
+				    krb5_pac pac);
+
+bool samba_princ_needs_pac(const struct samba_kdc_entry *skdc_entry);
+
+krb5_error_code samba_krbtgt_is_in_db(const struct samba_kdc_entry *skdc_entry,
+				      bool *is_in_db,
+				      bool *is_trusted);
+
+krb5_error_code samba_kdc_get_user_info_dc(TALLOC_CTX *mem_ctx,
+					   krb5_context context,
+					   struct ldb_context *samdb,
+					   const struct samba_kdc_entry_pac entry,
+					   const struct auth_user_info_dc **info_out,
+					   const struct PAC_DOMAIN_GROUP_MEMBERSHIP **resource_groups_out);
+
+krb5_error_code samba_kdc_get_user_info_from_db(TALLOC_CTX *mem_ctx,
+						struct ldb_context *samdb,
+						struct samba_kdc_entry *entry,
+						const struct ldb_message *msg,
+						const struct auth_user_info_dc **info_out);
+
+krb5_error_code samba_kdc_map_policy_err(NTSTATUS nt_status);
+
+NTSTATUS samba_kdc_check_client_access(struct samba_kdc_entry *kdc_entry,
+				       const char *client_name,
+				       const char *workstation,
+				       bool password_change);
+
+krb5_error_code samba_kdc_verify_pac(TALLOC_CTX *mem_ctx,
+				     krb5_context context,
+				     struct ldb_context *samdb,
+				     uint32_t flags,
+				     const struct samba_kdc_entry_pac client,
+				     const struct samba_kdc_entry *krbtgt);
+
+struct authn_audit_info;
+krb5_error_code samba_kdc_update_pac(TALLOC_CTX *mem_ctx,
+				     krb5_context context,
+				     struct ldb_context *samdb,
+				     struct loadparm_context *lp_ctx,
+				     uint32_t flags,
+				     const struct samba_kdc_entry_pac client,
+				     const krb5_const_principal server_principal,
+				     const struct samba_kdc_entry *server,
+				     const krb5_const_principal delegated_proxy_principal,
+				     const struct samba_kdc_entry_pac delegated_proxy,
+				     const struct samba_kdc_entry_pac device,
+				     krb5_pac new_pac,
+				     struct authn_audit_info **server_audit_info_out,
+				     NTSTATUS *status_out);
+
+NTSTATUS samba_kdc_get_logon_info_blob(TALLOC_CTX *mem_ctx,
+				       const struct auth_user_info_dc *user_info_dc,
+				       enum auth_group_inclusion group_inclusion,
+				       DATA_BLOB **_logon_info_blob);
+NTSTATUS samba_kdc_get_cred_ndr_blob(TALLOC_CTX *mem_ctx,
+				     const struct samba_kdc_entry *p,
+				     DATA_BLOB **_cred_ndr_blob);
+NTSTATUS samba_kdc_get_upn_info_blob(TALLOC_CTX *mem_ctx,
+				     const struct auth_user_info_dc *user_info_dc,
+				     DATA_BLOB **_upn_info_blob);
+NTSTATUS samba_kdc_get_pac_attrs_blob(TALLOC_CTX *mem_ctx,
+				      uint64_t pac_attributes,
+				      DATA_BLOB **_pac_attrs_blob);
+NTSTATUS samba_kdc_get_requester_sid_blob(TALLOC_CTX *mem_ctx,
+					  const struct auth_user_info_dc *user_info_dc,
+					  DATA_BLOB **_requester_sid_blob);
+NTSTATUS samba_kdc_get_claims_blob(TALLOC_CTX *mem_ctx,
+				   struct samba_kdc_entry *p,
+				   const DATA_BLOB **_claims_blob);
+
+krb5_error_code samba_kdc_allowed_to_authenticate_to(TALLOC_CTX *mem_ctx,
+						     struct ldb_context *samdb,
+						     struct loadparm_context *lp_ctx,
+						     const struct samba_kdc_entry *client,
+						     const struct auth_user_info_dc *client_info,
+						     const struct auth_user_info_dc *device_info,
+						     const struct auth_claims auth_claims,
+						     const struct samba_kdc_entry *server,
+						     struct authn_audit_info **server_audit_info_out,
+						     NTSTATUS *status_out);
+
+krb5_error_code samba_kdc_check_device(TALLOC_CTX *mem_ctx,
+				       krb5_context context,
+				       struct ldb_context *samdb,
+				       struct loadparm_context *lp_ctx,
+				       const struct samba_kdc_entry_pac device,
+				       const struct authn_kerberos_client_policy *client_policy,
+				       struct authn_audit_info **client_audit_info_out,
+				       NTSTATUS *status_out);
+
+krb5_error_code samba_kdc_get_claims_data(TALLOC_CTX *mem_ctx,
+					  krb5_context context,
+					  struct ldb_context *samdb,
+					  struct samba_kdc_entry_pac entry,
+					  struct claims_data **claims_data_out);
+
+krb5_error_code samba_kdc_get_claims_data_from_pac(TALLOC_CTX *mem_ctx,
+						   krb5_context context,
+						   struct samba_kdc_entry_pac entry,
+						   struct claims_data **claims_data_out);
+
+krb5_error_code samba_kdc_get_claims_data_from_db(struct ldb_context *samdb,
+						  struct samba_kdc_entry *entry,
+						  struct claims_data **claims_data_out);
+
+NTSTATUS samba_kdc_add_asserted_identity(enum samba_asserted_identity ai,
+					 struct auth_user_info_dc *user_info_dc);
+
+NTSTATUS samba_kdc_add_claims_valid(struct auth_user_info_dc *user_info_dc);
diff --git a/source4/kdc/samba_kdc.h b/source4/kdc/samba_kdc.h
new file mode 100644
index 0000000..d1100f6
--- /dev/null
+++ b/source4/kdc/samba_kdc.h
@@ -0,0 +1,83 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   KDC structures
+
+   Copyright (C) Andrew Tridgell	2005
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
+   Copyright (C) Simo Sorce <idra@samba.org> 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _SAMBA_KDC_H_
+#define _SAMBA_KDC_H_
+
+#include "lib/replace/replace.h"
+#include "system/time.h"
+#include "libcli/util/ntstatus.h"
+
+struct samba_kdc_policy {
+	time_t svc_tkt_lifetime;
+	time_t usr_tkt_lifetime;
+	time_t renewal_lifetime;
+};
+
+struct samba_kdc_base_context {
+	struct tevent_context *ev_ctx;
+	struct loadparm_context *lp_ctx;
+	struct imessaging_context *msg_ctx;
+};
+
+struct samba_kdc_seq;
+
+struct samba_kdc_db_context {
+	struct tevent_context *ev_ctx;
+	struct loadparm_context *lp_ctx;
+	struct imessaging_context *msg_ctx;
+	struct ldb_context *samdb;
+	struct samba_kdc_seq *seq_ctx;
+	bool rodc;
+	unsigned int my_krbtgt_number;
+	struct ldb_dn *krbtgt_dn;
+	struct samba_kdc_policy policy;
+};
+
+struct samba_kdc_entry {
+	struct samba_kdc_db_context *kdc_db_ctx;
+	const struct sdb_entry *db_entry; /* this is only temporarily valid */
+	const void *kdc_entry; /* this is a reference to hdb_entry/krb5_db_entry */
+	struct ldb_message *msg;
+	struct ldb_dn *realm_dn;
+	struct claims_data *claims_from_pac;
+	struct claims_data *claims_from_db;
+	const struct auth_user_info_dc *info_from_pac;
+	const struct PAC_DOMAIN_GROUP_MEMBERSHIP *resource_groups_from_pac;
+	const struct auth_user_info_dc *info_from_db;
+	const struct authn_kerberos_client_policy *client_policy;
+	const struct authn_server_policy *server_policy;
+	uint32_t supported_enctypes;
+	NTSTATUS reject_status;
+	bool is_krbtgt : 1;
+	bool is_rodc : 1;
+	bool is_trust : 1;
+	bool claims_from_pac_are_initialized : 1;
+	bool claims_from_db_are_initialized : 1;
+};
+
+extern struct hdb_method hdb_samba4_interface;
+
+#define CHANGEPW_LIFETIME (60*2) /* 2 minutes */
+
+#endif /* _SAMBA_KDC_H_ */
diff --git a/source4/kdc/sdb.c b/source4/kdc/sdb.c
new file mode 100644
index 0000000..75f96bb
--- /dev/null
+++ b/source4/kdc/sdb.c
@@ -0,0 +1,195 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Database Glue between Samba and the KDC
+
+   Copyright (C) Guenther Deschner <gd@samba.org> 2014
+   Copyright (C) Andreas Schneider <asn@samba.org> 2014
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/kerberos.h"
+#include "sdb.h"
+#include "samba_kdc.h"
+#include "lib/krb5_wrap/krb5_samba.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_KERBEROS
+
+void sdb_key_free(struct sdb_key *k)
+{
+	if (k == NULL) {
+		return;
+	}
+
+	/*
+	 * Passing NULL as the Kerberos context is intentional here, as
+	 * both Heimdal and MIT libraries don't use the context when
+	 * clearing the keyblocks.
+	 */
+	krb5_free_keyblock_contents(NULL, &k->key);
+
+	if (k->salt) {
+		smb_krb5_free_data_contents(NULL, &k->salt->salt);
+		SAFE_FREE(k->salt);
+	}
+
+	ZERO_STRUCTP(k);
+}
+
+void sdb_keys_free(struct sdb_keys *keys)
+{
+	unsigned int i;
+
+	if (keys == NULL) {
+		return;
+	}
+
+	for (i=0; i < keys->len; i++) {
+		sdb_key_free(&keys->val[i]);
+	}
+
+	SAFE_FREE(keys->val);
+	ZERO_STRUCTP(keys);
+}
+
+void sdb_entry_free(struct sdb_entry *s)
+{
+	if (s->skdc_entry != NULL) {
+		s->skdc_entry->db_entry = NULL;
+		TALLOC_FREE(s->skdc_entry);
+	}
+
+	/*
+	 * Passing NULL as the Kerberos context is intentional here, as both
+	 * Heimdal and MIT libraries don't use the context when clearing the
+	 * principals.
+	 */
+	krb5_free_principal(NULL, s->principal);
+
+	sdb_keys_free(&s->keys);
+	SAFE_FREE(s->etypes);
+	sdb_keys_free(&s->old_keys);
+	sdb_keys_free(&s->older_keys);
+	if (s->session_etypes != NULL) {
+		SAFE_FREE(s->session_etypes->val);
+	}
+	SAFE_FREE(s->session_etypes);
+	krb5_free_principal(NULL, s->created_by.principal);
+	if (s->modified_by) {
+		krb5_free_principal(NULL, s->modified_by->principal);
+	}
+	SAFE_FREE(s->valid_start);
+	SAFE_FREE(s->valid_end);
+	SAFE_FREE(s->pw_end);
+	SAFE_FREE(s->max_life);
+	SAFE_FREE(s->max_renew);
+
+	ZERO_STRUCTP(s);
+}
+
+/* Set the etypes of an sdb_entry based on its available current keys. */
+krb5_error_code sdb_entry_set_etypes(struct sdb_entry *s)
+{
+	if (s->keys.val != NULL) {
+		unsigned i;
+
+		s->etypes = malloc(sizeof(*s->etypes));
+		if (s->etypes == NULL) {
+			return ENOMEM;
+		}
+
+		s->etypes->len = s->keys.len;
+
+		s->etypes->val = calloc(s->etypes->len, sizeof(*s->etypes->val));
+		if (s->etypes->val == NULL) {
+			SAFE_FREE(s->etypes);
+			return ENOMEM;
+		}
+
+		for (i = 0; i < s->etypes->len; i++) {
+			const struct sdb_key *k = &s->keys.val[i];
+
+			s->etypes->val[i] = KRB5_KEY_TYPE(&(k->key));
+		}
+	}
+
+	return 0;
+}
+
+/*
+ * Set the session etypes of a server sdb_entry based on its etypes, forcing in
+ * strong etypes as desired.
+ */
+krb5_error_code sdb_entry_set_session_etypes(struct sdb_entry *s,
+					     bool add_aes256,
+					     bool add_aes128,
+					     bool add_rc4)
+{
+	unsigned len = 0;
+
+	if (add_aes256) {
+		/* Reserve space for AES256 */
+		len += 1;
+	}
+
+	if (add_aes128) {
+		/* Reserve space for AES128 */
+		len += 1;
+	}
+
+	if (add_rc4) {
+		/* Reserve space for RC4. */
+		len += 1;
+	}
+
+	if (len != 0) {
+		unsigned j = 0;
+
+		s->session_etypes = malloc(sizeof(*s->session_etypes));
+		if (s->session_etypes == NULL) {
+			return ENOMEM;
+		}
+
+		/* session_etypes must be sorted in order of strength, with preferred etype first. */
+
+		s->session_etypes->val = calloc(len, sizeof(*s->session_etypes->val));
+		if (s->session_etypes->val == NULL) {
+			SAFE_FREE(s->session_etypes);
+			return ENOMEM;
+		}
+
+		if (add_aes256) {
+			/* Add AES256 */
+			s->session_etypes->val[j++] = ENCTYPE_AES256_CTS_HMAC_SHA1_96;
+		}
+
+		if (add_aes128) {
+			/* Add AES128. */
+			s->session_etypes->val[j++] = ENCTYPE_AES128_CTS_HMAC_SHA1_96;
+		}
+
+		if (add_rc4) {
+			/* Add RC4. */
+			s->session_etypes->val[j++] = ENCTYPE_ARCFOUR_HMAC;
+		}
+
+		s->session_etypes->len = j;
+	}
+
+	return 0;
+}
diff --git a/source4/kdc/sdb.h b/source4/kdc/sdb.h
new file mode 100644
index 0000000..820648a
--- /dev/null
+++ b/source4/kdc/sdb.h
@@ -0,0 +1,150 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Database Glue between Samba and the KDC
+
+   Copyright (C) Guenther Deschner <gd@samba.org> 2014
+   Copyright (C) Andreas Schneider <asn@samba.org> 2014
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _KDC_SDB_H_
+#define _KDC_SDB_H_
+
+struct sdb_salt {
+	unsigned int type;
+	krb5_data salt;
+};
+
+struct sdb_key {
+	krb5_keyblock key;
+	struct sdb_salt *salt;
+};
+
+struct sdb_keys {
+	unsigned int len;
+	struct sdb_key *val;
+};
+
+struct sdb_event {
+	krb5_principal principal;
+	time_t time;
+};
+
+struct sdb_etypes {
+	unsigned len;
+	krb5_enctype *val;
+};
+
+struct SDBFlags {
+	unsigned int initial:1;
+	unsigned int forwardable:1;
+	unsigned int proxiable:1;
+	unsigned int renewable:1;
+	unsigned int postdate:1;
+	unsigned int server:1;
+	unsigned int client:1;
+	unsigned int invalid:1;
+	unsigned int require_preauth:1;
+	unsigned int change_pw:1;
+	unsigned int require_hwauth:1;
+	unsigned int ok_as_delegate:1;
+	unsigned int user_to_user:1;
+	unsigned int immutable:1;
+	unsigned int trusted_for_delegation:1;
+	unsigned int allow_kerberos4:1;
+	unsigned int allow_digest:1;
+	unsigned int locked_out:1;
+	unsigned int require_pwchange:1;
+	unsigned int materialize:1;
+	unsigned int virtual_keys:1;
+	unsigned int virtual:1;
+	unsigned int synthetic:1;
+	unsigned int no_auth_data_reqd:1;
+	unsigned int auth_data_reqd:1;
+	unsigned int _unused25:1;
+	unsigned int _unused26:1;
+	unsigned int _unused27:1;
+	unsigned int _unused28:1;
+	unsigned int _unused29:1;
+	unsigned int force_canonicalize:1;
+	unsigned int do_not_store:1;
+};
+
+struct sdb_entry {
+	struct samba_kdc_entry *skdc_entry;
+	krb5_principal principal;
+	unsigned int kvno;
+	struct sdb_keys keys;
+	struct sdb_etypes *etypes;
+	struct sdb_keys old_keys;
+	struct sdb_keys older_keys;
+	struct sdb_etypes *session_etypes;
+	struct sdb_event created_by;
+	struct sdb_event *modified_by;
+	time_t *valid_start;
+	time_t *valid_end;
+	time_t *pw_end;
+	int *max_life;
+	int *max_renew;
+	struct SDBFlags flags;
+};
+
+#define SDB_ERR_NOENTRY 36150275
+#define SDB_ERR_NOT_FOUND_HERE 36150287
+#define SDB_ERR_WRONG_REALM 36150289
+
+/* These must match the values in hdb.h */
+
+#define SDB_F_DECRYPT		1	/* decrypt keys */
+#define SDB_F_GET_CLIENT	4	/* fetch client */
+#define SDB_F_GET_SERVER	8	/* fetch server */
+#define SDB_F_GET_KRBTGT	16	/* fetch krbtgt */
+#define SDB_F_GET_ANY		28	/* fetch any of client,server,krbtgt */
+#define SDB_F_CANON		32	/* want canonicalization */
+#define SDB_F_ADMIN_DATA	64	/* want data that kdc don't use  */
+#define SDB_F_KVNO_SPECIFIED	128	/* we want a particular KVNO */
+#define SDB_F_FOR_AS_REQ	4096	/* fetch is for a AS REQ */
+#define SDB_F_FOR_TGS_REQ	8192	/* fetch is for a TGS REQ */
+#define SDB_F_ARMOR_PRINCIPAL 262144	/* fetch is for the client of an armor ticket */
+#define SDB_F_USER2USER_PRINCIPAL 524288/* fetch is for the server of a user2user tgs-req */
+
+#define SDB_F_HDB_MASK		(SDB_F_DECRYPT | \
+				 SDB_F_GET_CLIENT| \
+				 SDB_F_GET_SERVER | \
+				 SDB_F_GET_KRBTGT | \
+				 SDB_F_CANON | \
+				 SDB_F_ADMIN_DATA | \
+				 SDB_F_KVNO_SPECIFIED | \
+				 SDB_F_FOR_AS_REQ | \
+				 SDB_F_FOR_TGS_REQ | \
+				 SDB_F_ARMOR_PRINCIPAL| \
+				 SDB_F_USER2USER_PRINCIPAL)
+
+/* These are not supported by HDB */
+#define SDB_F_FORCE_CANON	16384	/* force canonicalization */
+#define SDB_F_RODC_NUMBER_SPECIFIED	32768	/* we want a particular RODC number */
+
+void sdb_key_free(struct sdb_key *key);
+void sdb_keys_free(struct sdb_keys *keys);
+void sdb_entry_free(struct sdb_entry *e);
+krb5_error_code sdb_entry_set_etypes(struct sdb_entry *s);
+krb5_error_code sdb_entry_set_session_etypes(struct sdb_entry *s,
+					     bool add_aes256,
+					     bool add_aes128,
+					     bool add_rc4);
+
+#endif /* _KDC_SDB_H_ */
diff --git a/source4/kdc/sdb_to_hdb.c b/source4/kdc/sdb_to_hdb.c
new file mode 100644
index 0000000..4c4f2a5
--- /dev/null
+++ b/source4/kdc/sdb_to_hdb.c
@@ -0,0 +1,359 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Database Glue between Samba and the KDC
+
+   Copyright (C) Guenther Deschner <gd@samba.org> 2014
+   Copyright (C) Andreas Schneider <asn@samba.org> 2014
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <hdb.h>
+#include "sdb.h"
+#include "sdb_hdb.h"
+#include "lib/krb5_wrap/krb5_samba.h"
+#include "librpc/gen_ndr/security.h"
+#include "kdc/samba_kdc.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_KERBEROS
+
+static void sdb_flags_to_hdb_flags(const struct SDBFlags *s,
+				   HDBFlags *h)
+{
+	SMB_ASSERT(sizeof(struct SDBFlags) == sizeof(HDBFlags));
+
+	h->initial = s->initial;
+	h->forwardable = s->forwardable;
+	h->proxiable = s->proxiable;
+	h->renewable = s->renewable;
+	h->postdate = s->postdate;
+	h->server = s->server;
+	h->client = s->client;
+	h->invalid = s->invalid;
+	h->require_preauth = s->require_preauth;
+	h->change_pw = s->change_pw;
+	h->require_hwauth = s->require_hwauth;
+	h->ok_as_delegate = s->ok_as_delegate;
+	h->user_to_user = s->user_to_user;
+	h->immutable = s->immutable;
+	h->trusted_for_delegation = s->trusted_for_delegation;
+	h->allow_kerberos4 = s->allow_kerberos4;
+	h->allow_digest = s->allow_digest;
+	h->locked_out = s->locked_out;
+	h->require_pwchange = s->require_pwchange;
+	h->materialize = s->materialize;
+	h->virtual_keys = s->virtual_keys;
+	h->virtual = s->virtual;
+	h->synthetic = s->synthetic;
+	h->no_auth_data_reqd = s->no_auth_data_reqd;
+	h->auth_data_reqd = s->auth_data_reqd;
+	h->_unused25 = s->_unused25;
+	h->_unused26 = s->_unused26;
+	h->_unused27 = s->_unused27;
+	h->_unused28 = s->_unused28;
+	h->_unused29 = s->_unused29;
+	h->force_canonicalize = s->force_canonicalize;
+	h->do_not_store = s->do_not_store;
+}
+
+static int sdb_salt_to_Salt(const struct sdb_salt *s, Salt *h)
+{
+	int ret;
+
+	*h = (struct Salt) {};
+
+	h->type = s->type;
+	ret = smb_krb5_copy_data_contents(&h->salt, s->salt.data, s->salt.length);
+	if (ret != 0) {
+		free_Salt(h);
+		return ENOMEM;
+	}
+
+	return 0;
+}
+
+static int sdb_key_to_Key(const struct sdb_key *s, Key *h)
+{
+	int rc;
+
+	*h = (struct Key) {};
+
+	h->key.keytype = s->key.keytype;
+	rc = smb_krb5_copy_data_contents(&h->key.keyvalue,
+					 s->key.keyvalue.data,
+					 s->key.keyvalue.length);
+	if (rc != 0) {
+		goto error_nomem;
+	}
+
+	if (s->salt != NULL) {
+		h->salt = malloc(sizeof(Salt));
+		if (h->salt == NULL) {
+			goto error_nomem;
+		}
+
+		rc = sdb_salt_to_Salt(s->salt,
+				      h->salt);
+		if (rc != 0) {
+			goto error_nomem;
+		}
+	}
+
+	return 0;
+
+error_nomem:
+	free_Key(h);
+	return ENOMEM;
+}
+
+static int sdb_keys_to_Keys(const struct sdb_keys *s, Keys *h)
+{
+	int ret, i;
+
+	*h = (struct Keys) {};
+
+	if (s->val != NULL) {
+		h->val = malloc(s->len * sizeof(Key));
+		if (h->val == NULL) {
+			return ENOMEM;
+		}
+		for (i = 0; i < s->len; i++) {
+			ret = sdb_key_to_Key(&s->val[i],
+					     &h->val[i]);
+			if (ret != 0) {
+				free_Keys(h);
+				return ENOMEM;
+			}
+
+			++h->len;
+		}
+	}
+
+	return 0;
+}
+
+static int sdb_keys_to_HistKeys(krb5_context context,
+				const struct sdb_keys *s,
+				krb5_kvno kvno,
+				hdb_entry *h)
+{
+	unsigned int i;
+
+	for (i = 0; i < s->len; i++) {
+		Key k = { 0, };
+		int ret;
+
+		ret = sdb_key_to_Key(&s->val[i], &k);
+		if (ret != 0) {
+			return ENOMEM;
+		}
+		ret = hdb_add_history_key(context, h, kvno, &k);
+		free_Key(&k);
+		if (ret != 0) {
+			return ENOMEM;
+		}
+	}
+
+	return 0;
+}
+
+static int sdb_event_to_Event(krb5_context context,
+			      const struct sdb_event *s, Event *h)
+{
+	int ret;
+
+	*h = (struct Event) {};
+
+	if (s->principal != NULL) {
+		ret = krb5_copy_principal(context,
+					  s->principal,
+					  &h->principal);
+		if (ret != 0) {
+			free_Event(h);
+			return ret;
+		}
+	}
+	h->time = s->time;
+
+	return 0;
+}
+
+int sdb_entry_to_hdb_entry(krb5_context context,
+			   const struct sdb_entry *s,
+			   hdb_entry *h)
+{
+	struct samba_kdc_entry *ske = s->skdc_entry;
+	unsigned int i;
+	int rc;
+
+	*h = (hdb_entry) {};
+
+	if (s->principal != NULL) {
+		rc = krb5_copy_principal(context,
+					 s->principal,
+					 &h->principal);
+		if (rc != 0) {
+			return rc;
+		}
+	}
+
+	h->kvno = s->kvno;
+
+	rc = sdb_keys_to_Keys(&s->keys, &h->keys);
+	if (rc != 0) {
+		goto error;
+	}
+
+	if (h->kvno > 1) {
+		rc = sdb_keys_to_HistKeys(context,
+					  &s->old_keys,
+					  h->kvno - 1,
+					  h);
+		if (rc != 0) {
+			goto error;
+		}
+	}
+
+	if (h->kvno > 2) {
+		rc = sdb_keys_to_HistKeys(context,
+					  &s->older_keys,
+					  h->kvno - 2,
+					  h);
+		if (rc != 0) {
+			goto error;
+		}
+	}
+
+	rc = sdb_event_to_Event(context,
+				 &s->created_by,
+				 &h->created_by);
+	if (rc != 0) {
+		goto error;
+	}
+
+	if (s->modified_by) {
+		h->modified_by = malloc(sizeof(Event));
+		if (h->modified_by == NULL) {
+			rc = ENOMEM;
+			goto error;
+		}
+
+		rc = sdb_event_to_Event(context,
+					 s->modified_by,
+					 h->modified_by);
+		if (rc != 0) {
+			goto error;
+		}
+	}
+
+	if (s->valid_start != NULL) {
+		h->valid_start = malloc(sizeof(KerberosTime));
+		if (h->valid_start == NULL) {
+			rc = ENOMEM;
+			goto error;
+		}
+		*h->valid_start = *s->valid_start;
+	}
+
+	if (s->valid_end != NULL) {
+		h->valid_end = malloc(sizeof(KerberosTime));
+		if (h->valid_end == NULL) {
+			rc = ENOMEM;
+			goto error;
+		}
+		*h->valid_end = *s->valid_end;
+	}
+
+	if (s->pw_end != NULL) {
+		h->pw_end = malloc(sizeof(KerberosTime));
+		if (h->pw_end == NULL) {
+			rc = ENOMEM;
+			goto error;
+		}
+		*h->pw_end = *s->pw_end;
+	}
+
+	if (s->max_life != NULL) {
+		h->max_life = malloc(sizeof(*h->max_life));
+		if (h->max_life == NULL) {
+			rc = ENOMEM;
+			goto error;
+		}
+		*h->max_life = *s->max_life;
+	}
+
+	if (s->max_renew != NULL) {
+		h->max_renew = malloc(sizeof(*h->max_renew));
+		if (h->max_renew == NULL) {
+			rc = ENOMEM;
+			goto error;
+		}
+		*h->max_renew = *s->max_renew;
+	}
+
+	sdb_flags_to_hdb_flags(&s->flags, &h->flags);
+
+	if (s->etypes != NULL) {
+		h->etypes = malloc(sizeof(*h->etypes));
+		if (h->etypes == NULL) {
+			rc = ENOMEM;
+			goto error;
+		}
+
+		h->etypes->len = s->etypes->len;
+
+		h->etypes->val = calloc(h->etypes->len, sizeof(int));
+		if (h->etypes->val == NULL) {
+			rc = ENOMEM;
+			goto error;
+		}
+
+		for (i = 0; i < h->etypes->len; i++) {
+			h->etypes->val[i] = s->etypes->val[i];
+		}
+	}
+
+	if (s->session_etypes != NULL) {
+		h->session_etypes = malloc(sizeof(*h->session_etypes));
+		if (h->session_etypes == NULL) {
+			rc = ENOMEM;
+			goto error;
+		}
+
+		h->session_etypes->len = s->session_etypes->len;
+
+		h->session_etypes->val = calloc(h->session_etypes->len, sizeof(*h->session_etypes->val));
+		if (h->session_etypes->val == NULL) {
+			rc = ENOMEM;
+			goto error;
+		}
+
+		for (i = 0; i < h->session_etypes->len; ++i) {
+			h->session_etypes->val[i] = s->session_etypes->val[i];
+		}
+	}
+
+	h->context = ske;
+	if (ske != NULL) {
+		ske->kdc_entry = h;
+	}
+	return 0;
+error:
+	free_hdb_entry(h);
+	return rc;
+}
diff --git a/source4/kdc/sdb_to_kdb.c b/source4/kdc/sdb_to_kdb.c
new file mode 100644
index 0000000..7214cbc
--- /dev/null
+++ b/source4/kdc/sdb_to_kdb.c
@@ -0,0 +1,332 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Database Glue between Samba and the KDC
+
+   Copyright (C) Guenther Deschner <gd@samba.org> 2014
+   Copyright (C) Andreas Schneider <asn@samba.org> 2014
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <kdb.h>
+#include "sdb.h"
+#include "sdb_kdb.h"
+#include "kdc/samba_kdc.h"
+#include "lib/krb5_wrap/krb5_samba.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_KERBEROS
+
+static int SDBFlags_to_kflags(const struct SDBFlags *s,
+			      krb5_flags *k)
+{
+	*k = 0;
+
+	if (s->initial) {
+		*k |= KRB5_KDB_DISALLOW_TGT_BASED;
+	}
+	/* The forwardable and proxiable flags are set according to client and
+	 * server attributes. */
+	if (!s->forwardable) {
+		*k |= KRB5_KDB_DISALLOW_FORWARDABLE;
+	}
+	if (!s->proxiable) {
+		*k |= KRB5_KDB_DISALLOW_PROXIABLE;
+	}
+	if (s->renewable) {
+		;
+	}
+	if (s->postdate) {
+		;
+	}
+	if (s->server) {
+		;
+	}
+	if (s->client) {
+		;
+	}
+	if (s->invalid) {
+		*k |= KRB5_KDB_DISALLOW_ALL_TIX;
+	}
+	if (s->require_preauth) {
+		*k |= KRB5_KDB_REQUIRES_PRE_AUTH;
+	}
+	if (s->change_pw) {
+		*k |= KRB5_KDB_PWCHANGE_SERVICE;
+	}
+#if 0
+	/*
+	 * Do not set KRB5_KDB_REQUIRES_HW_AUTH as this would tell the client
+	 * to enforce hardware authentication. It prevents the use of files
+	 * based public key authentication which we use for testing.
+	 */
+	if (s->require_hwauth) {
+		*k |= KRB5_KDB_REQUIRES_HW_AUTH;
+	}
+#endif
+	if (s->ok_as_delegate) {
+		*k |= KRB5_KDB_OK_AS_DELEGATE;
+	}
+	if (s->user_to_user) {
+		;
+	}
+	if (s->immutable) {
+		;
+	}
+	if (s->trusted_for_delegation) {
+		*k |= KRB5_KDB_OK_TO_AUTH_AS_DELEGATE;
+	}
+	if (s->allow_kerberos4) {
+		;
+	}
+	if (s->allow_digest) {
+		;
+	}
+	if (s->no_auth_data_reqd) {
+		*k |= KRB5_KDB_NO_AUTH_DATA_REQUIRED;
+	}
+
+	return 0;
+}
+
+static int sdb_event_to_kmod(krb5_context context,
+			     const struct sdb_event *s,
+			     krb5_db_entry *k)
+{
+	krb5_error_code ret;
+	krb5_principal principal = NULL;
+
+	if (s->principal != NULL) {
+		ret = krb5_copy_principal(context,
+					  s->principal,
+					  &principal);
+		if (ret != 0) {
+			return ret;
+		}
+	}
+
+	ret = krb5_dbe_update_mod_princ_data(context,
+					     k, s->time,
+					     principal);
+
+	krb5_free_principal(context, principal);
+
+	return ret;
+}
+
+/* sets up salt on the 2nd array position */
+
+static int sdb_salt_to_krb5_key_data(const struct sdb_salt *s,
+				     krb5_key_data *k)
+{
+	switch (s->type) {
+#if 0
+	/* for now use the special mechanism where the MIT KDC creates the salt
+	 * on its own */
+	case 3: /* FIXME KRB5_PW_SALT */
+		k->key_data_type[1] = KRB5_KDB_SALTTYPE_NORMAL;
+		break;
+	/*
+	case hdb_afs3_salt:
+		k->key_data_type[1] = KRB5_KDB_SALTTYPE_AFS3;
+		break;
+	*/
+#endif
+	default:
+		k->key_data_type[1] = KRB5_KDB_SALTTYPE_SPECIAL;
+		break;
+	}
+
+	k->key_data_contents[1] = malloc(s->salt.length);
+	if (k->key_data_contents[1] == NULL) {
+		return ENOMEM;
+	}
+	memcpy(k->key_data_contents[1],
+	       s->salt.data,
+	       s->salt.length);
+	k->key_data_length[1] = s->salt.length;
+
+	return 0;
+}
+
+static int sdb_key_to_krb5_key_data(const struct sdb_key *s,
+				    int kvno,
+				    krb5_key_data *k)
+{
+	int ret = 0;
+
+	ZERO_STRUCTP(k);
+
+	k->key_data_ver = KRB5_KDB_V1_KEY_DATA_ARRAY;
+	k->key_data_kvno = kvno;
+
+	k->key_data_type[0] = KRB5_KEY_TYPE(&s->key);
+	k->key_data_length[0] = KRB5_KEY_LENGTH(&s->key);
+	k->key_data_contents[0] = malloc(k->key_data_length[0]);
+	if (k->key_data_contents[0] == NULL) {
+		return ENOMEM;
+	}
+
+	memcpy(k->key_data_contents[0],
+	       KRB5_KEY_DATA(&s->key),
+	       k->key_data_length[0]);
+
+	if (s->salt != NULL) {
+		ret = sdb_salt_to_krb5_key_data(s->salt, k);
+		if (ret) {
+			memset(k->key_data_contents[0], 0, k->key_data_length[0]);
+			free(k->key_data_contents[0]);
+		}
+	}
+
+	return ret;
+}
+
+static void free_krb5_db_entry(krb5_context context,
+			       krb5_db_entry *k)
+{
+	krb5_tl_data *tl_data_next = NULL;
+	krb5_tl_data *tl_data = NULL;
+	int i, j;
+
+	if (k == NULL) {
+		return;
+	}
+
+	krb5_free_principal(context, k->princ);
+
+	for (tl_data = k->tl_data; tl_data; tl_data = tl_data_next) {
+		tl_data_next = tl_data->tl_data_next;
+		if (tl_data->tl_data_contents != NULL) {
+			free(tl_data->tl_data_contents);
+		}
+		free(tl_data);
+	}
+
+	if (k->key_data != NULL) {
+		for (i = 0; i < k->n_key_data; i++) {
+			for (j = 0; j < k->key_data[i].key_data_ver; j++) {
+				if (k->key_data[i].key_data_length[j] != 0) {
+					if (k->key_data[i].key_data_contents[j] != NULL) {
+						BURN_PTR_SIZE(k->key_data[i].key_data_contents[j], k->key_data[i].key_data_length[j]);
+						free(k->key_data[i].key_data_contents[j]);
+					}
+				}
+				k->key_data[i].key_data_contents[j] = NULL;
+				k->key_data[i].key_data_length[j] = 0;
+				k->key_data[i].key_data_type[j] = 0;
+			}
+		}
+		free(k->key_data);
+	}
+
+	ZERO_STRUCTP(k);
+}
+
+int sdb_entry_to_krb5_db_entry(krb5_context context,
+			       const struct sdb_entry *s,
+			       krb5_db_entry *k)
+{
+	struct samba_kdc_entry *ske = s->skdc_entry;
+	krb5_error_code ret;
+	int i;
+
+	ZERO_STRUCTP(k);
+
+	k->magic = KRB5_KDB_MAGIC_NUMBER;
+	k->len = KRB5_KDB_V1_BASE_LENGTH;
+
+	ret = krb5_copy_principal(context,
+				  s->principal,
+				  &k->princ);
+	if (ret) {
+		free_krb5_db_entry(context, k);
+		return ret;
+	}
+
+	ret = SDBFlags_to_kflags(&s->flags,
+				 &k->attributes);
+	if (ret) {
+		free_krb5_db_entry(context, k);
+		return ret;
+	}
+
+	if (s->max_life != NULL) {
+		k->max_life = *s->max_life;
+	}
+	if (s->max_renew != NULL) {
+		k->max_renewable_life = *s->max_renew;
+	}
+	if (s->valid_end != NULL) {
+		k->expiration = *s->valid_end;
+	}
+	if (s->pw_end != NULL) {
+		k->pw_expiration = *s->pw_end;
+	}
+
+	/* last_success */
+	/* last_failed */
+	/* fail_auth_count */
+	/* n_tl_data */
+
+	/*
+	 * If we leave early when looking up the realm, we do not have all
+	 * information about a principal. We need to construct a db entry
+	 * with minimal information, so skip this part.
+	 */
+	if (s->created_by.time != 0) {
+		ret = sdb_event_to_kmod(context,
+					s->modified_by ? s->modified_by : &s->created_by,
+					k);
+		if (ret) {
+			free_krb5_db_entry(context, k);
+			return ret;
+		}
+	}
+
+	/* FIXME: TODO HDB Extensions */
+
+	/*
+	 * Don't copy keys (allow password auth) if s->flags.require_hwauth is
+	 * set which translates to UF_SMARTCARD_REQUIRED.
+	 */
+	if (s->keys.len > 0 && s->flags.require_hwauth == 0) {
+		k->key_data = malloc(s->keys.len * sizeof(krb5_key_data));
+		if (k->key_data == NULL) {
+			free_krb5_db_entry(context, k);
+			return ret;
+		}
+
+		for (i=0; i < s->keys.len; i++) {
+			ret = sdb_key_to_krb5_key_data(&s->keys.val[i],
+						       s->kvno,
+						       &k->key_data[i]);
+			if (ret) {
+				free_krb5_db_entry(context, k);
+				return ret;
+			}
+
+			k->n_key_data++;
+		}
+	}
+
+	k->e_data = (void *)ske;
+	if (ske != NULL) {
+		ske->kdc_entry = k;
+	}
+	return 0;
+}
diff --git a/source4/kdc/wdc-samba4.c b/source4/kdc/wdc-samba4.c
new file mode 100644
index 0000000..dc2fffa
--- /dev/null
+++ b/source4/kdc/wdc-samba4.c
@@ -0,0 +1,937 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   PAC Glue between Samba and the KDC
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2009
+   Copyright (C) Simo Sorce <idra@samba.org> 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "kdc/authn_policy_util.h"
+#include "kdc/kdc-glue.h"
+#include "kdc/db-glue.h"
+#include "kdc/pac-glue.h"
+#include "sdb.h"
+#include "sdb_hdb.h"
+#include "librpc/gen_ndr/auth.h"
+#include <krb5_locl.h>
+#include "lib/replace/system/filesys.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_KERBEROS
+
+static bool samba_wdc_is_s4u2self_req(astgs_request_t r)
+{
+	const KDC_REQ *req = kdc_request_get_req(r);
+	const PA_DATA *pa_for_user = NULL;
+
+	if (req->msg_type != krb_tgs_req) {
+		return false;
+	}
+
+	if (req->padata != NULL) {
+		int idx = 0;
+
+		pa_for_user = krb5_find_padata(req->padata->val,
+					       req->padata->len,
+					       KRB5_PADATA_FOR_USER,
+					       &idx);
+	}
+
+	if (pa_for_user != NULL) {
+		return true;
+	}
+
+	return false;
+}
+
+/*
+ * Given the right private pointer from hdb_samba4,
+ * get a PAC from the attached ldb messages.
+ *
+ * For PKINIT we also get pk_reply_key and can add PAC_CREDENTIAL_INFO.
+ */
+static krb5_error_code samba_wdc_get_pac(void *priv,
+					 astgs_request_t r,
+					 hdb_entry *client,
+					 hdb_entry *server,
+					 const krb5_keyblock *pk_reply_key,
+					 uint64_t pac_attributes,
+					 krb5_pac *pac)
+{
+	krb5_context context = kdc_request_get_context((kdc_request_t)r);
+	TALLOC_CTX *mem_ctx;
+	DATA_BLOB *logon_blob = NULL;
+	DATA_BLOB *cred_ndr = NULL;
+	DATA_BLOB **cred_ndr_ptr = NULL;
+	DATA_BLOB _cred_blob = data_blob_null;
+	DATA_BLOB *cred_blob = NULL;
+	DATA_BLOB *upn_blob = NULL;
+	DATA_BLOB *pac_attrs_blob = NULL;
+	DATA_BLOB *requester_sid_blob = NULL;
+	DATA_BLOB client_claims_blob = {};
+	krb5_error_code ret;
+	NTSTATUS nt_status;
+	struct samba_kdc_entry *skdc_entry =
+		talloc_get_type_abort(client->context,
+		struct samba_kdc_entry);
+	const struct samba_kdc_entry *server_entry =
+		talloc_get_type_abort(server->context,
+		struct samba_kdc_entry);
+	bool is_krbtgt = krb5_principal_is_krbtgt(context, server->principal);
+	enum auth_group_inclusion group_inclusion;
+	bool is_s4u2self = samba_wdc_is_s4u2self_req(r);
+	enum samba_asserted_identity asserted_identity =
+		(is_s4u2self) ?
+			SAMBA_ASSERTED_IDENTITY_SERVICE :
+			SAMBA_ASSERTED_IDENTITY_AUTHENTICATION_AUTHORITY;
+	struct authn_audit_info *server_audit_info = NULL;
+	NTSTATUS reply_status = NT_STATUS_OK;
+
+	const struct auth_user_info_dc *user_info_dc_const = NULL;
+	struct auth_user_info_dc *user_info_dc_shallow_copy = NULL;
+	struct auth_claims auth_claims = {};
+
+	/* Only include resource groups in a service ticket. */
+	if (is_krbtgt) {
+		group_inclusion = AUTH_EXCLUDE_RESOURCE_GROUPS;
+	} else if (server_entry->supported_enctypes & KERB_ENCTYPE_RESOURCE_SID_COMPRESSION_DISABLED) {
+		group_inclusion = AUTH_INCLUDE_RESOURCE_GROUPS;
+	} else {
+		group_inclusion = AUTH_INCLUDE_RESOURCE_GROUPS_COMPRESSED;
+	}
+
+	mem_ctx = talloc_named(client->context, 0, "samba_wdc_get_pac context");
+	if (!mem_ctx) {
+		return ENOMEM;
+	}
+
+	if (pk_reply_key != NULL) {
+		cred_ndr_ptr = &cred_ndr;
+	}
+
+	ret = samba_kdc_get_user_info_from_db(mem_ctx,
+					      server_entry->kdc_db_ctx->samdb,
+					      skdc_entry,
+					      skdc_entry->msg,
+					      &user_info_dc_const);
+	if (ret) {
+		talloc_free(mem_ctx);
+		return ret;
+	}
+
+	/* Make a shallow copy of the user_info_dc structure. */
+	nt_status = authsam_shallow_copy_user_info_dc(mem_ctx,
+						      user_info_dc_const,
+						      &user_info_dc_shallow_copy);
+	user_info_dc_const = NULL;
+
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		DBG_ERR("Failed to allocate user_info_dc SIDs: %s\n",
+			nt_errstr(nt_status));
+		talloc_free(mem_ctx);
+		return map_errno_from_nt_status(nt_status);
+	}
+
+	nt_status = samba_kdc_add_asserted_identity(asserted_identity,
+						    user_info_dc_shallow_copy);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		DBG_ERR("Failed to add asserted identity: %s\n",
+			nt_errstr(nt_status));
+		talloc_free(mem_ctx);
+		return map_errno_from_nt_status(nt_status);
+	}
+
+	nt_status = samba_kdc_add_claims_valid(user_info_dc_shallow_copy);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		DBG_ERR("Failed to add Claims Valid: %s\n",
+			nt_errstr(nt_status));
+		talloc_free(mem_ctx);
+		return map_errno_from_nt_status(nt_status);
+	}
+
+	ret = samba_kdc_get_claims_data_from_db(server_entry->kdc_db_ctx->samdb,
+						skdc_entry,
+						&auth_claims.user_claims);
+	if (ret) {
+		talloc_free(mem_ctx);
+		return ret;
+	}
+
+	nt_status = claims_data_encoded_claims_set(mem_ctx,
+						   auth_claims.user_claims,
+						   &client_claims_blob);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(mem_ctx);
+		return map_errno_from_nt_status(nt_status);
+	}
+
+	/*
+	 * For an S4U2Self request, the authentication policy is not enforced.
+	 */
+	if (!is_s4u2self && authn_policy_restrictions_present(server_entry->server_policy)) {
+		const hdb_entry *device = kdc_request_get_armor_client(r);
+		const struct auth_user_info_dc *device_info = NULL;
+
+		if (device != NULL) {
+			const hdb_entry *device_krbtgt = NULL;
+			struct samba_kdc_entry *device_skdc_entry = NULL;
+			const struct samba_kdc_entry *device_krbtgt_skdc_entry = NULL;
+			const krb5_const_pac device_pac = kdc_request_get_armor_pac(r);
+			struct samba_kdc_entry_pac device_pac_entry = {};
+
+			device_skdc_entry = talloc_get_type_abort(device->context,
+								  struct samba_kdc_entry);
+
+			device_krbtgt = kdc_request_get_armor_server(r);
+			if (device_krbtgt != NULL) {
+				device_krbtgt_skdc_entry = talloc_get_type_abort(device_krbtgt->context,
+										 struct samba_kdc_entry);
+			}
+
+			device_pac_entry = samba_kdc_entry_pac(device_pac,
+							       device_skdc_entry,
+							       samba_kdc_entry_is_trust(device_krbtgt_skdc_entry));
+
+			ret = samba_kdc_get_user_info_dc(mem_ctx,
+							 context,
+							 server_entry->kdc_db_ctx->samdb,
+							 device_pac_entry,
+							 &device_info,
+							 NULL /* resource_groups_out */);
+			if (ret) {
+				talloc_free(mem_ctx);
+				return ret;
+			}
+
+			ret = samba_kdc_get_claims_data(mem_ctx,
+							context,
+							server_entry->kdc_db_ctx->samdb,
+							device_pac_entry,
+							&auth_claims.device_claims);
+			if (ret) {
+				talloc_free(mem_ctx);
+				return ret;
+			}
+		}
+
+		ret = samba_kdc_allowed_to_authenticate_to(mem_ctx,
+							   server_entry->kdc_db_ctx->samdb,
+							   server_entry->kdc_db_ctx->lp_ctx,
+							   skdc_entry,
+							   user_info_dc_shallow_copy,
+							   device_info,
+							   auth_claims,
+							   server_entry,
+							   &server_audit_info,
+							   &reply_status);
+		if (server_audit_info != NULL) {
+			krb5_error_code ret2;
+
+			ret2 = hdb_samba4_set_steal_server_audit_info(r, server_audit_info);
+			if (ret == 0) {
+				ret = ret2;
+			}
+		}
+		if (!NT_STATUS_IS_OK(reply_status)) {
+			krb5_error_code ret2;
+
+			ret2 = hdb_samba4_set_ntstatus(r, reply_status, ret);
+			if (ret == 0) {
+				ret = ret2;
+			}
+		}
+		if (ret) {
+			talloc_free(mem_ctx);
+			return ret;
+		}
+	}
+
+	nt_status = samba_kdc_get_logon_info_blob(mem_ctx,
+						  user_info_dc_shallow_copy,
+						  group_inclusion,
+						  &logon_blob);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(mem_ctx);
+		return map_errno_from_nt_status(nt_status);
+	}
+
+	if (cred_ndr_ptr != NULL) {
+		nt_status = samba_kdc_get_cred_ndr_blob(mem_ctx,
+							skdc_entry,
+							cred_ndr_ptr);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			talloc_free(mem_ctx);
+			return map_errno_from_nt_status(nt_status);
+		}
+	}
+
+	nt_status = samba_kdc_get_upn_info_blob(mem_ctx,
+						user_info_dc_shallow_copy,
+						&upn_blob);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(mem_ctx);
+		return map_errno_from_nt_status(nt_status);
+	}
+
+	if (is_krbtgt) {
+		nt_status = samba_kdc_get_pac_attrs_blob(mem_ctx,
+							 pac_attributes,
+							 &pac_attrs_blob);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			talloc_free(mem_ctx);
+			return map_errno_from_nt_status(nt_status);
+		}
+
+		nt_status = samba_kdc_get_requester_sid_blob(mem_ctx,
+							     user_info_dc_shallow_copy,
+							     &requester_sid_blob);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			talloc_free(mem_ctx);
+			return map_errno_from_nt_status(nt_status);
+		}
+	}
+
+	if (pk_reply_key != NULL && cred_ndr != NULL) {
+		ret = samba_kdc_encrypt_pac_credentials(context,
+							pk_reply_key,
+							cred_ndr,
+							mem_ctx,
+							&_cred_blob);
+		if (ret != 0) {
+			talloc_free(mem_ctx);
+			return ret;
+		}
+		cred_blob = &_cred_blob;
+	}
+
+	ret = krb5_pac_init(context, pac);
+	if (ret != 0) {
+		talloc_free(mem_ctx);
+		return ret;
+	}
+
+	ret = samba_make_krb5_pac(context, logon_blob, cred_blob,
+				  upn_blob, pac_attrs_blob,
+				  requester_sid_blob, NULL,
+				  &client_claims_blob, NULL, NULL,
+				  *pac);
+
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static krb5_error_code samba_wdc_verify_pac2(astgs_request_t r,
+					     const hdb_entry *delegated_proxy,
+					     const hdb_entry *client,
+					     const hdb_entry *krbtgt,
+					     const krb5_pac pac,
+					     krb5_cksumtype ctype)
+{
+	krb5_context context = kdc_request_get_context((kdc_request_t)r);
+	struct samba_kdc_entry *client_skdc_entry = NULL;
+	struct samba_kdc_entry *krbtgt_skdc_entry =
+		talloc_get_type_abort(krbtgt->context, struct samba_kdc_entry);
+	struct samba_kdc_entry_pac client_pac_entry = {};
+	TALLOC_CTX *mem_ctx = NULL;
+	krb5_error_code ret;
+	bool is_s4u2self = samba_wdc_is_s4u2self_req(r);
+	bool is_in_db = false;
+	bool is_trusted = false;
+	uint32_t flags = 0;
+
+	if (pac == NULL) {
+		return EINVAL;
+	}
+
+	mem_ctx = talloc_named(NULL, 0, "samba_wdc_verify_pac2 context");
+	if (mem_ctx == NULL) {
+		return ENOMEM;
+	}
+
+	if (client != NULL) {
+		client_skdc_entry = talloc_get_type_abort(client->context,
+							  struct samba_kdc_entry);
+	}
+
+	/*
+	 * If the krbtgt was generated by an RODC, and we are not that
+	 * RODC, then we need to regenerate the PAC - we can't trust
+	 * it, and confirm that the RODC was permitted to print this ticket
+	 *
+	 * Because of the samba_kdc_validate_pac_blob() step we can be
+	 * sure that the record in 'client' matches the SID in the
+	 * original PAC.
+	 */
+	ret = samba_krbtgt_is_in_db(krbtgt_skdc_entry, &is_in_db, &is_trusted);
+	if (ret != 0) {
+		goto out;
+	}
+
+	krb5_pac_set_trusted(pac, is_trusted);
+	client_pac_entry = samba_kdc_entry_pac(pac,
+					       client_skdc_entry,
+					       samba_kdc_entry_is_trust(krbtgt_skdc_entry));
+
+	if (is_s4u2self) {
+		flags |= SAMBA_KDC_FLAG_PROTOCOL_TRANSITION;
+	}
+
+	if (delegated_proxy != NULL) {
+		krb5_enctype etype;
+		Key *key = NULL;
+
+		if (!is_in_db) {
+			/*
+			 * The RODC-issued PAC was signed by a KDC entry that we
+			 * don't have a key for. The server signature is not
+			 * trustworthy, since it could have been created by the
+			 * server we got the ticket from. We must not proceed as
+			 * otherwise the ticket signature is unchecked.
+			 */
+			ret = HDB_ERR_NOT_FOUND_HERE;
+			goto out;
+		}
+
+		/* Fetch the correct key depending on the checksum type. */
+		if (ctype == CKSUMTYPE_HMAC_MD5) {
+			etype = ENCTYPE_ARCFOUR_HMAC;
+		} else {
+			ret = krb5_cksumtype_to_enctype(context,
+							ctype,
+							&etype);
+			if (ret != 0) {
+				goto out;
+			}
+		}
+		ret = hdb_enctype2key(context, krbtgt, NULL, etype, &key);
+		if (ret != 0) {
+			goto out;
+		}
+
+		/* Check the KDC, whole-PAC and ticket signatures. */
+		ret = krb5_pac_verify(context,
+				      pac,
+				      0,
+				      NULL,
+				      NULL,
+				      &key->key);
+		if (ret != 0) {
+			DBG_WARNING("PAC KDC signature failed to verify\n");
+			goto out;
+		}
+
+		flags |= SAMBA_KDC_FLAG_CONSTRAINED_DELEGATION;
+	}
+
+	ret = samba_kdc_verify_pac(mem_ctx,
+				   context,
+				   krbtgt_skdc_entry->kdc_db_ctx->samdb,
+				   flags,
+				   client_pac_entry,
+				   krbtgt_skdc_entry);
+	if (ret != 0) {
+		goto out;
+	}
+
+out:
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+/* Re-sign (and reform, including possibly new groups) a PAC */
+
+static krb5_error_code samba_wdc_reget_pac(void *priv, astgs_request_t r,
+					   krb5_const_principal _client_principal,
+					   hdb_entry *delegated_proxy,
+					   krb5_const_pac delegated_proxy_pac,
+					   hdb_entry *client,
+					   hdb_entry *server,
+					   hdb_entry *krbtgt,
+					   krb5_pac *pac)
+{
+	krb5_context context = kdc_request_get_context((kdc_request_t)r);
+	struct samba_kdc_entry *delegated_proxy_skdc_entry = NULL;
+	krb5_const_principal delegated_proxy_principal = NULL;
+	struct samba_kdc_entry_pac delegated_proxy_pac_entry = {};
+	struct samba_kdc_entry *client_skdc_entry = NULL;
+	struct samba_kdc_entry_pac client_pac_entry = {};
+	struct samba_kdc_entry_pac device = {};
+	const struct samba_kdc_entry *server_skdc_entry =
+		talloc_get_type_abort(server->context, struct samba_kdc_entry);
+	const struct samba_kdc_entry *krbtgt_skdc_entry =
+		talloc_get_type_abort(krbtgt->context, struct samba_kdc_entry);
+	TALLOC_CTX *mem_ctx = NULL;
+	krb5_pac new_pac = NULL;
+	struct authn_audit_info *server_audit_info = NULL;
+	krb5_error_code ret;
+	NTSTATUS reply_status = NT_STATUS_OK;
+	uint32_t flags = 0;
+
+	if (pac == NULL) {
+		return EINVAL;
+	}
+
+	mem_ctx = talloc_named(NULL, 0, "samba_wdc_reget_pac context");
+	if (mem_ctx == NULL) {
+		return ENOMEM;
+	}
+
+	if (delegated_proxy != NULL) {
+		delegated_proxy_skdc_entry = talloc_get_type_abort(delegated_proxy->context,
+								   struct samba_kdc_entry);
+		delegated_proxy_principal = delegated_proxy->principal;
+	}
+
+	delegated_proxy_pac_entry = samba_kdc_entry_pac(delegated_proxy_pac,
+							delegated_proxy_skdc_entry,
+							/* The S4U2Proxy
+							 * evidence ticket could
+							 * not have been signed
+							 * or issued by a krbtgt
+							 * trust account. */
+							false /* is_from_trust */);
+
+	if (client != NULL) {
+		client_skdc_entry = talloc_get_type_abort(client->context,
+							  struct samba_kdc_entry);
+	}
+
+	device = samba_kdc_get_device_pac(r);
+
+	ret = krb5_pac_init(context, &new_pac);
+	if (ret != 0) {
+		new_pac = NULL;
+		goto out;
+	}
+
+	client_pac_entry = samba_kdc_entry_pac(*pac,
+					       client_skdc_entry,
+					       samba_kdc_entry_is_trust(krbtgt_skdc_entry));
+
+	ret = samba_kdc_update_pac(mem_ctx,
+				   context,
+				   krbtgt_skdc_entry->kdc_db_ctx->samdb,
+				   krbtgt_skdc_entry->kdc_db_ctx->lp_ctx,
+				   flags,
+				   client_pac_entry,
+				   server->principal,
+				   server_skdc_entry,
+				   delegated_proxy_principal,
+				   delegated_proxy_pac_entry,
+				   device,
+				   new_pac,
+				   &server_audit_info,
+				   &reply_status);
+	if (server_audit_info != NULL) {
+		krb5_error_code ret2;
+
+		ret2 = hdb_samba4_set_steal_server_audit_info(r, server_audit_info);
+		if (ret == 0) {
+			ret = ret2;
+		}
+	}
+	if (!NT_STATUS_IS_OK(reply_status)) {
+		krb5_error_code ret2;
+
+		ret2 = hdb_samba4_set_ntstatus(r, reply_status, ret);
+		if (ret == 0) {
+			ret = ret2;
+		}
+	}
+	if (ret != 0) {
+		krb5_pac_free(context, new_pac);
+		if (ret == ENOATTR) {
+			krb5_pac_free(context, *pac);
+			*pac = NULL;
+			ret = 0;
+		}
+		goto out;
+	}
+
+	/* Replace the pac */
+	krb5_pac_free(context, *pac);
+	*pac = new_pac;
+
+out:
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+/* Verify a PAC's SID and signatures */
+
+static krb5_error_code samba_wdc_verify_pac(void *priv, astgs_request_t r,
+					    krb5_const_principal _client_principal,
+					    hdb_entry *delegated_proxy,
+					    hdb_entry *client,
+					    hdb_entry *_server,
+					    hdb_entry *krbtgt,
+					    EncTicketPart *ticket,
+					    krb5_pac pac)
+{
+	krb5_context context = kdc_request_get_context((kdc_request_t)r);
+	krb5_kdc_configuration *config = kdc_request_get_config((kdc_request_t)r);
+	struct samba_kdc_entry *krbtgt_skdc_entry =
+		talloc_get_type_abort(krbtgt->context,
+				      struct samba_kdc_entry);
+	krb5_error_code ret;
+	krb5_cksumtype ctype = CKSUMTYPE_NONE;
+	hdb_entry signing_krbtgt_hdb;
+
+	if (delegated_proxy) {
+		uint16_t pac_kdc_signature_rodc_id;
+		const unsigned int local_tgs_rodc_id = krbtgt_skdc_entry->kdc_db_ctx->my_krbtgt_number;
+		const uint16_t header_ticket_rodc_id = krbtgt->kvno >> 16;
+
+		/*
+		 * We're using delegated_proxy for the moment to indicate cases
+		 * where the ticket was encrypted with the server key, and not a
+		 * krbtgt key. This cannot be trusted, so we need to find a
+		 * krbtgt key that signs the PAC in order to trust the ticket.
+		 *
+		 * The krbtgt passed in to this function refers to the krbtgt
+		 * used to decrypt the ticket of the server requesting
+		 * S4U2Proxy.
+		 *
+		 * When we implement service ticket renewal, we need to check
+		 * the PAC, and this will need to be updated.
+		 */
+		ret = krb5_pac_get_kdc_checksum_info(context,
+						     pac,
+						     &ctype,
+						     &pac_kdc_signature_rodc_id);
+		if (ret != 0) {
+			DBG_WARNING("Failed to get PAC checksum info\n");
+			return ret;
+		}
+
+		/*
+		 * We need to check the KDC and ticket signatures, fetching the
+		 * correct key based on the enctype.
+		 */
+		if (local_tgs_rodc_id != 0) {
+			/*
+			 * If we are an RODC, and we are not the KDC that signed
+			 * the evidence ticket, then we need to proxy the
+			 * request.
+			 */
+			if (local_tgs_rodc_id != pac_kdc_signature_rodc_id) {
+				return HDB_ERR_NOT_FOUND_HERE;
+			}
+		} else {
+			/*
+			 * If we are a DC, the ticket may have been signed by a
+			 * different KDC than the one that issued the header
+			 * ticket.
+			 */
+			if (pac_kdc_signature_rodc_id != header_ticket_rodc_id) {
+				struct sdb_entry signing_krbtgt_sdb;
+
+				/*
+				 * Fetch our key from the database. To support
+				 * key rollover, we're going to need to try
+				 * multiple keys by trial and error. For now,
+				 * krbtgt keys aren't assumed to change.
+				 */
+				ret = samba_kdc_fetch(context,
+						      krbtgt_skdc_entry->kdc_db_ctx,
+						      krbtgt->principal,
+						      SDB_F_GET_KRBTGT | SDB_F_RODC_NUMBER_SPECIFIED | SDB_F_CANON,
+						      ((uint32_t)pac_kdc_signature_rodc_id) << 16,
+						      &signing_krbtgt_sdb);
+				if (ret != 0) {
+					return ret;
+				}
+
+				ret = sdb_entry_to_hdb_entry(context,
+							     &signing_krbtgt_sdb,
+							     &signing_krbtgt_hdb);
+				sdb_entry_free(&signing_krbtgt_sdb);
+				if (ret != 0) {
+					return ret;
+				}
+
+				/*
+				 * Replace the krbtgt entry with our own entry
+				 * for further processing.
+				 */
+				krbtgt = &signing_krbtgt_hdb;
+			}
+		}
+	} else if (!krbtgt_skdc_entry->is_trust) {
+		/*
+		 * We expect to have received a TGT, so check that we haven't
+		 * been given a kpasswd ticket instead. We don't need to do this
+		 * check for an incoming trust, as they use a different secret
+		 * and can't be confused with a normal TGT.
+		 */
+
+		struct timeval now = krb5_kdc_get_time();
+
+		/*
+		 * Check if the ticket is in the last two minutes of its
+		 * life.
+		 */
+		KerberosTime lifetime = rk_time_sub(ticket->endtime, now.tv_sec);
+		if (lifetime <= CHANGEPW_LIFETIME) {
+			/*
+			 * This ticket has at most two minutes left to live. It
+			 * may be a kpasswd ticket rather than a TGT, so don't
+			 * accept it.
+			 */
+			kdc_audit_addreason((kdc_request_t)r,
+					    "Ticket is not a ticket-granting ticket");
+			return KRB5KRB_AP_ERR_TKT_EXPIRED;
+		}
+	}
+
+	ret = samba_wdc_verify_pac2(r,
+				    delegated_proxy,
+				    client,
+				    krbtgt,
+				    pac,
+				    ctype);
+
+	if (krbtgt == &signing_krbtgt_hdb) {
+		hdb_free_entry(context, config->db[0], &signing_krbtgt_hdb);
+	}
+
+	return ret;
+}
+
+static char *get_netbios_name(TALLOC_CTX *mem_ctx, HostAddresses *addrs)
+{
+	char *nb_name = NULL;
+	size_t len;
+	unsigned int i;
+
+	for (i = 0; addrs && i < addrs->len; i++) {
+		if (addrs->val[i].addr_type != KRB5_ADDRESS_NETBIOS) {
+			continue;
+		}
+		len = MIN(addrs->val[i].address.length, 15);
+		nb_name = talloc_strndup(mem_ctx,
+					 addrs->val[i].address.data, len);
+		if (nb_name) {
+			break;
+		}
+	}
+
+	if ((nb_name == NULL) || (nb_name[0] == '\0')) {
+		return NULL;
+	}
+
+	/* Strip space padding */
+	for (len = strlen(nb_name) - 1;
+	     (len > 0) && (nb_name[len] == ' ');
+	     --len) {
+		nb_name[len] = '\0';
+	}
+
+	return nb_name;
+}
+
+static krb5_error_code samba_wdc_check_client_access(void *priv,
+						     astgs_request_t r)
+{
+	krb5_context context = kdc_request_get_context((kdc_request_t)r);
+	TALLOC_CTX *tmp_ctx = NULL;
+	const hdb_entry *client = NULL;
+	struct samba_kdc_entry *kdc_entry;
+	struct samba_kdc_entry_pac device = {};
+	struct authn_audit_info *client_audit_info = NULL;
+	bool password_change;
+	char *workstation;
+	NTSTATUS nt_status;
+	NTSTATUS check_device_status = NT_STATUS_OK;
+	krb5_error_code ret = 0;
+
+	client = kdc_request_get_client(r);
+
+	tmp_ctx = talloc_named(client->context, 0, "samba_wdc_check_client_access");
+	if (tmp_ctx == NULL) {
+		return ENOMEM;
+	}
+
+	kdc_entry = talloc_get_type_abort(client->context, struct samba_kdc_entry);
+
+	device = samba_kdc_get_device_pac(r);
+
+	ret = samba_kdc_check_device(tmp_ctx,
+				     context,
+				     kdc_entry->kdc_db_ctx->samdb,
+				     kdc_entry->kdc_db_ctx->lp_ctx,
+				     device,
+				     kdc_entry->client_policy,
+				     &client_audit_info,
+				     &check_device_status);
+	if (client_audit_info != NULL) {
+		krb5_error_code ret2;
+
+		ret2 = hdb_samba4_set_steal_client_audit_info(r, client_audit_info);
+		if (ret2) {
+			ret = ret2;
+		}
+	}
+	kdc_entry->reject_status = check_device_status;
+	if (!NT_STATUS_IS_OK(check_device_status)) {
+		krb5_error_code ret2;
+
+		/*
+		 * Add the NTSTATUS to the request so we can return it in the
+		 * ‘e-data’ field later.
+		 */
+		ret2 = hdb_samba4_set_ntstatus(r, check_device_status, ret);
+		if (ret2) {
+			ret = ret2;
+		}
+	}
+
+	if (ret) {
+		/*
+		 * As we didn’t get far enough to check the server policy, only
+		 * the client policy will be referenced in the authentication
+		 * log message.
+		 */
+
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	workstation = get_netbios_name(tmp_ctx,
+				       kdc_request_get_req(r)->req_body.addresses);
+	password_change = (kdc_request_get_server(r) && kdc_request_get_server(r)->flags.change_pw);
+
+	nt_status = samba_kdc_check_client_access(kdc_entry,
+						  kdc_request_get_cname((kdc_request_t)r),
+						  workstation,
+						  password_change);
+
+	kdc_entry->reject_status = nt_status;
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		krb5_error_code ret2;
+
+		if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_MEMORY)) {
+			talloc_free(tmp_ctx);
+			return ENOMEM;
+		}
+
+		ret = samba_kdc_map_policy_err(nt_status);
+
+		/*
+		 * Add the NTSTATUS to the request so we can return it in the
+		 * ‘e-data’ field later.
+		 */
+		ret2 = hdb_samba4_set_ntstatus(r, nt_status, ret);
+		if (ret2) {
+			ret = ret2;
+		}
+
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	/* Now do the standard Heimdal check */
+	talloc_free(tmp_ctx);
+	return KRB5_PLUGIN_NO_HANDLE;
+}
+
+/* this function allocates 'data' using malloc.
+ * The caller is responsible for freeing it */
+static krb5_error_code samba_kdc_build_supported_etypes(uint32_t supported_etypes,
+							krb5_data *e_data)
+{
+	e_data->data = malloc(4);
+	if (e_data->data == NULL) {
+		return ENOMEM;
+	}
+	e_data->length = 4;
+
+	PUSH_LE_U32(e_data->data, 0, supported_etypes);
+
+	return 0;
+}
+
+static krb5_error_code samba_wdc_finalize_reply(void *priv,
+						astgs_request_t r)
+{
+	struct samba_kdc_entry *server_kdc_entry;
+	uint32_t supported_enctypes;
+
+	server_kdc_entry = talloc_get_type(kdc_request_get_server(r)->context, struct samba_kdc_entry);
+
+	/*
+	 * If the canonicalize flag is set, add PA-SUPPORTED-ENCTYPES padata
+	 * type to indicate what encryption types the server supports.
+	 */
+	supported_enctypes = server_kdc_entry->supported_enctypes;
+	if (kdc_request_get_req(r)->req_body.kdc_options.canonicalize && supported_enctypes != 0) {
+		krb5_error_code ret;
+
+		PA_DATA md;
+
+		ret = samba_kdc_build_supported_etypes(supported_enctypes, &md.padata_value);
+		if (ret != 0) {
+			return ret;
+		}
+
+		md.padata_type = KRB5_PADATA_SUPPORTED_ETYPES;
+
+		ret = kdc_request_add_encrypted_padata(r, &md);
+		if (ret != 0) {
+			/*
+			 * So we do not leak the allocated
+			 * memory on md in the error case
+			 */
+			krb5_data_free(&md.padata_value);
+		}
+	}
+
+	return 0;
+}
+
+static krb5_error_code samba_wdc_plugin_init(krb5_context context, void **ptr)
+{
+	*ptr = NULL;
+	return 0;
+}
+
+static void samba_wdc_plugin_fini(void *ptr)
+{
+	return;
+}
+
+static krb5_error_code samba_wdc_referral_policy(void *priv,
+						 astgs_request_t r)
+{
+	return kdc_request_get_error_code((kdc_request_t)r);
+}
+
+struct krb5plugin_kdc_ftable kdc_plugin_table = {
+	.minor_version = KRB5_PLUGIN_KDC_VERSION_11,
+	.init = samba_wdc_plugin_init,
+	.fini = samba_wdc_plugin_fini,
+	.pac_verify = samba_wdc_verify_pac,
+	.pac_update = samba_wdc_reget_pac,
+	.client_access = samba_wdc_check_client_access,
+	.finalize_reply = samba_wdc_finalize_reply,
+	.pac_generate = samba_wdc_get_pac,
+	.referral_policy = samba_wdc_referral_policy,
+};
+
+
diff --git a/source4/kdc/wscript_build b/source4/kdc/wscript_build
new file mode 100644
index 0000000..b15f3e7
--- /dev/null
+++ b/source4/kdc/wscript_build
@@ -0,0 +1,194 @@
+#!/usr/bin/env python
+
+# We do this because we do not want to depend on the KDC, only find and use it's header files.  We do not want 
+if not bld.CONFIG_SET("USING_SYSTEM_KDC"):
+    kdc_include = "../../third_party/heimdal/kdc ../../third_party/heimdal/lib/gssapi"
+else:
+    kdc_include = getattr(bld.env, "CPPPATH_KDC")
+
+if bld.CONFIG_SET('SAMBA4_USES_HEIMDAL'):
+    bld.SAMBA_MODULE('service_kdc',
+                     source='kdc-heimdal.c',
+                     subsystem='service',
+                     init_function='server_service_kdc_init',
+                     deps='''
+                          kdc
+                          HDB_SAMBA4
+                          WDC_SAMBA4
+                          samba-hostconfig
+                          com_err
+                          samba_server_gensec
+                          PAC_GLUE
+                          KDC-GLUE
+                          KDC-SERVER
+                          KPASSWD-SERVICE
+                          KPASSWD_GLUE
+                     ''',
+                     internal_module=False)
+
+if bld.CONFIG_GET('SAMBA_USES_MITKDC'):
+    bld.SAMBA_MODULE('service_kdc',
+                     source='kdc-service-mit.c',
+                     cflags_end='-Wno-strict-prototypes',
+                     subsystem='service',
+                     init_function='server_service_mitkdc_init',
+                     deps='''
+                          samba-hostconfig
+                          service
+                          talloc
+                          UTIL_RUNCMD
+                          MIT_KDC_IRPC
+                          KDC-SERVER
+                          KPASSWD-SERVICE
+                          com_err
+                          kadm5srv_mit
+                          kdb5
+                     ''',
+                     internal_module=False)
+
+bld.SAMBA_LIBRARY('HDB_SAMBA4',
+                  source='hdb-samba4.c hdb-samba4-plugin.c',
+                  deps='ldb auth4_sam common_auth samba-credentials hdb kdc db-glue samba-hostconfig com_err sdb_hdb RPC_NDR_WINBIND',
+                  includes=kdc_include,
+                  private_library=True,
+                  enabled=bld.CONFIG_SET('SAMBA4_USES_HEIMDAL')
+                  )
+
+# A plugin for Heimdal's kadmin for users who need to operate that tool
+bld.SAMBA_LIBRARY('HDB_SAMBA4_PLUGIN',
+                  source='hdb-samba4-plugin.c',
+                  deps='hdb HDB_SAMBA4 samba-util samba-hostconfig ',
+                  link_name='modules/hdb/hdb_samba4.so',
+                  realname='hdb_samba4.so',
+                  install_path='${MODULESDIR}/hdb',
+                  enabled = (bld.CONFIG_SET("USING_SYSTEM_KRB5") and bld.CONFIG_SET("USING_SYSTEM_HDB"))
+                  )
+
+bld.SAMBA_SUBSYSTEM('KDC-SERVER',
+                    source='kdc-server.c kdc-proxy.c',
+                    deps='''
+                         krb5samba
+                         ldb
+                         LIBTSOCKET
+                         LIBSAMBA_TSOCKET
+                    ''')
+
+kpasswd_flavor_src = 'kpasswd-service.c kpasswd-helper.c'
+if bld.CONFIG_SET('SAMBA4_USES_HEIMDAL'):
+    kpasswd_flavor_src = kpasswd_flavor_src + ' kpasswd-service-heimdal.c'
+elif bld.CONFIG_GET('SAMBA_USES_MITKDC'):
+    kpasswd_flavor_src = kpasswd_flavor_src + ' kpasswd-service-mit.c'
+
+bld.SAMBA_SUBSYSTEM('KPASSWD-SERVICE',
+                    source=kpasswd_flavor_src,
+                    deps='''
+                         krb5samba
+                         samba_server_gensec
+                         KPASSWD_GLUE
+                         gensec_krb5_helpers
+                         ''')
+
+bld.SAMBA_SUBSYSTEM('KDC-GLUE',
+	source='kdc-glue.c',
+        includes=kdc_include,
+	deps='hdb PAC_GLUE',
+	enabled=bld.CONFIG_SET('SAMBA4_USES_HEIMDAL')
+	)
+
+bld.SAMBA_SUBSYSTEM('WDC_SAMBA4',
+	source='wdc-samba4.c',
+        includes=kdc_include,
+	deps='ldb auth4_sam common_auth samba-credentials hdb PAC_GLUE samba-hostconfig com_err KDC-GLUE authn_policy_util',
+	enabled=bld.CONFIG_SET('SAMBA4_USES_HEIMDAL')
+	)
+
+bld.SAMBA_SUBSYSTEM('sdb',
+	source='sdb.c',
+	deps='talloc krb5',
+	)
+
+bld.SAMBA_SUBSYSTEM('sdb_hdb',
+	source='sdb_to_hdb.c',
+	deps='talloc sdb hdb',
+	autoproto='sdb_hdb.h',
+	enabled=bld.CONFIG_SET('SAMBA4_USES_HEIMDAL')
+	)
+
+bld.SAMBA_SUBSYSTEM('sdb_kdb',
+	source='sdb_to_kdb.c',
+	deps='sdb kdb5',
+	autoproto='sdb_kdb.h',
+	enabled=bld.CONFIG_SET('HAVE_KDB_H')
+	)
+
+bld.SAMBA_SUBSYSTEM('PAC_GLUE',
+	source='pac-glue.c pac-blobs.c',
+	deps='ldb auth4_sam common_auth samba-credentials samba-hostconfig com_err ad_claims authn_policy authn_policy_util'
+	)
+
+bld.SAMBA_LIBRARY('pac',
+	source=[],
+	deps='PAC_GLUE',
+	private_library=True,
+	grouping_library=True)
+
+
+bld.SAMBA_LIBRARY('db-glue',
+	source='db-glue.c',
+	deps='ldb auth4_sam common_auth samba-credentials sdb samba-hostconfig com_err RPC_NDR_IRPC MESSAGING PAC_GLUE authn_policy_util',
+	private_library=True,
+	)
+
+bld.SAMBA_LIBRARY('ad_claims',
+	source='ad_claims.c',
+	deps='ldb samba-util samdb dsdb-module authn_policy_util',
+	private_library=True,
+	)
+
+bld.SAMBA_LIBRARY('authn_policy_util',
+	source='authn_policy_util.c',
+	deps='authn_policy samdb dsdb-module',
+	private_library=True,
+	)
+
+bld.SAMBA_SUBSYSTEM('KPASSWD_GLUE',
+        source='kpasswd_glue.c',
+        deps='ldb com_err')
+
+bld.SAMBA_SUBSYSTEM('MIT_KDC_IRPC',
+                    source='mit_kdc_irpc.c',
+                    deps='''
+                    ldb
+                    auth4_sam
+                    samba-credentials
+                    db-glue
+                    samba-hostconfig
+                    com_err
+                    kdb5
+                    ''',
+                    enabled=(bld.CONFIG_SET('SAMBA_USES_MITKDC') and bld.CONFIG_SET('HAVE_KDB_H'))
+                    )
+
+bld.SAMBA_SUBSYSTEM('MIT_SAMBA',
+                    source='mit_samba.c',
+                    deps='''
+                         ldb
+                         auth4_sam
+                         common_auth
+                         samba-credentials
+                         db-glue
+                         PAC_GLUE
+                         KPASSWD_GLUE
+                         samba-hostconfig
+                         com_err
+                         sdb_kdb
+                         kdb5
+                         ''',
+                    enabled=(not bld.CONFIG_SET('SAMBA4_USES_HEIMDAL') and bld.CONFIG_SET('HAVE_KDB_H')) )
+
+bld.SAMBA_BINARY('samba4ktutil',
+                 'ktutil.c',
+                 deps='krb5samba',
+                 install=False)
+
+bld.RECURSE('mit-kdb')
diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
new file mode 100644
index 0000000..1a90653
--- /dev/null
+++ b/source4/ldap_server/ldap_backend.c
@@ -0,0 +1,1637 @@
+/* 
+   Unix SMB/CIFS implementation.
+   LDAP server
+   Copyright (C) Stefan Metzmacher 2004
+   Copyright (C) Matthias Dieter Wallnöfer 2009
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "ldap_server/ldap_server.h"
+#include "../lib/util/dlinklist.h"
+#include "auth/credentials/credentials.h"
+#include "auth/gensec/gensec.h"
+#include "auth/gensec/gensec_internal.h" /* TODO: remove this */
+#include "auth/common_auth.h"
+#include "param/param.h"
+#include "samba/service_stream.h"
+#include "dsdb/samdb/samdb.h"
+#include <ldb_errors.h>
+#include <ldb_module.h>
+#include "ldb_wrap.h"
+#include "lib/tsocket/tsocket.h"
+#include "libcli/ldap/ldap_proto.h"
+#include "source4/auth/auth.h"
+
+static int map_ldb_error(TALLOC_CTX *mem_ctx, int ldb_err,
+	const char *add_err_string, const char **errstring)
+{
+	WERROR err;
+
+	/* Certain LDB modules need to return very special WERROR codes. Proof
+	 * for them here and if they exist skip the rest of the mapping. */
+	if (add_err_string != NULL) {
+		char *endptr;
+		strtol(add_err_string, &endptr, 16);
+		if (endptr != add_err_string) {
+			*errstring = add_err_string;
+			return ldb_err;
+		}
+	}
+
+	/* Otherwise we calculate here a generic, but appropriate WERROR. */
+
+	switch (ldb_err) {
+	case LDB_SUCCESS:
+		err = WERR_OK;
+	break;
+	case LDB_ERR_OPERATIONS_ERROR:
+		err = WERR_DS_OPERATIONS_ERROR;
+	break;
+	case LDB_ERR_PROTOCOL_ERROR:
+		err = WERR_DS_PROTOCOL_ERROR;
+	break;
+	case LDB_ERR_TIME_LIMIT_EXCEEDED:
+		err = WERR_DS_TIMELIMIT_EXCEEDED;
+	break;
+	case LDB_ERR_SIZE_LIMIT_EXCEEDED:
+		err = WERR_DS_SIZELIMIT_EXCEEDED;
+	break;
+	case LDB_ERR_COMPARE_FALSE:
+		err = WERR_DS_COMPARE_FALSE;
+	break;
+	case LDB_ERR_COMPARE_TRUE:
+		err = WERR_DS_COMPARE_TRUE;
+	break;
+	case LDB_ERR_AUTH_METHOD_NOT_SUPPORTED:
+		err = WERR_DS_AUTH_METHOD_NOT_SUPPORTED;
+	break;
+	case LDB_ERR_STRONG_AUTH_REQUIRED:
+		err = WERR_DS_STRONG_AUTH_REQUIRED;
+	break;
+	case LDB_ERR_REFERRAL:
+		err = WERR_DS_REFERRAL;
+	break;
+	case LDB_ERR_ADMIN_LIMIT_EXCEEDED:
+		err = WERR_DS_ADMIN_LIMIT_EXCEEDED;
+	break;
+	case LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION:
+		err = WERR_DS_UNAVAILABLE_CRIT_EXTENSION;
+	break;
+	case LDB_ERR_CONFIDENTIALITY_REQUIRED:
+		err = WERR_DS_CONFIDENTIALITY_REQUIRED;
+	break;
+	case LDB_ERR_SASL_BIND_IN_PROGRESS:
+		err = WERR_DS_BUSY;
+	break;
+	case LDB_ERR_NO_SUCH_ATTRIBUTE:
+		err = WERR_DS_NO_ATTRIBUTE_OR_VALUE;
+	break;
+	case LDB_ERR_UNDEFINED_ATTRIBUTE_TYPE:
+		err = WERR_DS_ATTRIBUTE_TYPE_UNDEFINED;
+	break;
+	case LDB_ERR_INAPPROPRIATE_MATCHING:
+		err = WERR_DS_INAPPROPRIATE_MATCHING;
+	break;
+	case LDB_ERR_CONSTRAINT_VIOLATION:
+		err = WERR_DS_CONSTRAINT_VIOLATION;
+	break;
+	case LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS:
+		err = WERR_DS_ATTRIBUTE_OR_VALUE_EXISTS;
+	break;
+	case LDB_ERR_INVALID_ATTRIBUTE_SYNTAX:
+		err = WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+	break;
+	case LDB_ERR_NO_SUCH_OBJECT:
+		err = WERR_DS_NO_SUCH_OBJECT;
+	break;
+	case LDB_ERR_ALIAS_PROBLEM:
+		err = WERR_DS_ALIAS_PROBLEM;
+	break;
+	case LDB_ERR_INVALID_DN_SYNTAX:
+		err = WERR_DS_INVALID_DN_SYNTAX;
+	break;
+	case LDB_ERR_ALIAS_DEREFERENCING_PROBLEM:
+		err = WERR_DS_ALIAS_DEREF_PROBLEM;
+	break;
+	case LDB_ERR_INAPPROPRIATE_AUTHENTICATION:
+		err = WERR_DS_INAPPROPRIATE_AUTH;
+	break;
+	case LDB_ERR_INVALID_CREDENTIALS:
+		err = WERR_ACCESS_DENIED;
+	break;
+	case LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS:
+		err = WERR_DS_INSUFF_ACCESS_RIGHTS;
+	break;
+	case LDB_ERR_BUSY:
+		err = WERR_DS_BUSY;
+	break;
+	case LDB_ERR_UNAVAILABLE:
+		err = WERR_DS_UNAVAILABLE;
+	break;
+	case LDB_ERR_UNWILLING_TO_PERFORM:
+		err = WERR_DS_UNWILLING_TO_PERFORM;
+	break;
+	case LDB_ERR_LOOP_DETECT:
+		err = WERR_DS_LOOP_DETECT;
+	break;
+	case LDB_ERR_NAMING_VIOLATION:
+		err = WERR_DS_NAMING_VIOLATION;
+	break;
+	case LDB_ERR_OBJECT_CLASS_VIOLATION:
+		err = WERR_DS_OBJ_CLASS_VIOLATION;
+	break;
+	case LDB_ERR_NOT_ALLOWED_ON_NON_LEAF:
+		err = WERR_DS_CANT_ON_NON_LEAF;
+	break;
+	case LDB_ERR_NOT_ALLOWED_ON_RDN:
+		err = WERR_DS_CANT_ON_RDN;
+	break;
+	case LDB_ERR_ENTRY_ALREADY_EXISTS:
+		err = WERR_DS_OBJ_STRING_NAME_EXISTS;
+	break;
+	case LDB_ERR_OBJECT_CLASS_MODS_PROHIBITED:
+		err = WERR_DS_CANT_MOD_OBJ_CLASS;
+	break;
+	case LDB_ERR_AFFECTS_MULTIPLE_DSAS:
+		err = WERR_DS_AFFECTS_MULTIPLE_DSAS;
+	break;
+	default:
+		err = WERR_DS_GENERIC_ERROR;
+	break;
+	}
+
+	*errstring = talloc_asprintf(mem_ctx, "%08X: %s", W_ERROR_V(err),
+		add_err_string != NULL ? add_err_string : ldb_strerror(ldb_err));
+
+	/* result is 1:1 for now */
+	return ldb_err;
+}
+
+/*
+  connect to the sam database
+*/
+int ldapsrv_backend_Init(struct ldapsrv_connection *conn,
+			      char **errstring)
+{
+	bool using_tls = conn->sockets.active == conn->sockets.tls;
+	bool using_seal = conn->gensec != NULL && gensec_have_feature(conn->gensec,
+								      GENSEC_FEATURE_SEAL);
+	struct dsdb_encrypted_connection_state *opaque_connection_state = NULL;
+
+	int ret = samdb_connect_url(conn,
+				    conn->connection->event.ctx,
+				    conn->lp_ctx,
+				    conn->session_info,
+				    conn->global_catalog ? LDB_FLG_RDONLY : 0,
+				    "sam.ldb",
+				    conn->connection->remote_address,
+				    &conn->ldb,
+				    errstring);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	/*
+	 * We can safely call ldb_set_opaque() on this ldb as we have
+	 * set remote_address above which avoids the ldb handle cache
+	 */
+	opaque_connection_state = talloc_zero(conn, struct dsdb_encrypted_connection_state);
+	if (opaque_connection_state == NULL) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	opaque_connection_state->using_encrypted_connection = using_tls || using_seal;
+	ret = ldb_set_opaque(conn->ldb,
+			     DSDB_OPAQUE_ENCRYPTED_CONNECTION_STATE_NAME,
+			     opaque_connection_state);
+	if (ret != LDB_SUCCESS) {
+		DBG_ERR("ldb_set_opaque() failed to store our "
+			"encrypted connection state!\n");
+		return ret;
+	}
+
+	if (conn->server_credentials) {
+		struct gensec_security *gensec_security = NULL;
+		const char **sasl_mechs = NULL;
+		NTSTATUS status;
+
+		status = samba_server_gensec_start(conn,
+						   conn->connection->event.ctx,
+						   conn->connection->msg_ctx,
+						   conn->lp_ctx,
+						   conn->server_credentials,
+						   "ldap",
+						   &gensec_security);
+		if (!NT_STATUS_IS_OK(status)) {
+			DBG_ERR("samba_server_gensec_start failed: %s\n",
+				nt_errstr(status));
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+
+		/* ldb can have a different lifetime to conn, so we
+		   need to ensure that sasl_mechs lives as long as the
+		   ldb does */
+		sasl_mechs = gensec_security_sasl_names(gensec_security,
+							conn->ldb);
+		TALLOC_FREE(gensec_security);
+		if (sasl_mechs == NULL) {
+			DBG_ERR("Failed to get sasl mechs!\n");
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+
+		ldb_set_opaque(conn->ldb, "supportedSASLMechanisms", sasl_mechs);
+	}
+
+	return LDB_SUCCESS;
+}
+
+struct ldapsrv_reply *ldapsrv_init_reply(struct ldapsrv_call *call, uint8_t type)
+{
+	struct ldapsrv_reply *reply;
+
+	reply = talloc_zero(call, struct ldapsrv_reply);
+	if (!reply) {
+		return NULL;
+	}
+	reply->msg = talloc_zero(reply, struct ldap_message);
+	if (reply->msg == NULL) {
+		talloc_free(reply);
+		return NULL;
+	}
+
+	reply->msg->messageid = call->request->messageid;
+	reply->msg->type = type;
+	reply->msg->controls = NULL;
+
+	return reply;
+}
+
+/*
+ * Encode a reply to an LDAP client as ASN.1, free the original memory
+ */
+static NTSTATUS ldapsrv_encode(TALLOC_CTX *mem_ctx,
+			       struct ldapsrv_reply *reply)
+{
+	bool bret = ldap_encode(reply->msg,
+				samba_ldap_control_handlers(),
+				&reply->blob,
+				mem_ctx);
+	if (!bret) {
+		DBG_ERR("Failed to encode ldap reply of type %d: "
+			 "ldap_encode() failed\n",
+			 reply->msg->type);
+		TALLOC_FREE(reply->msg);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	TALLOC_FREE(reply->msg);
+	talloc_set_name_const(reply->blob.data,
+			      "Outgoing, encoded single LDAP reply");
+
+	return NT_STATUS_OK;
+}
+
+/*
+ * Queue a reply (encoding it also), even if it would exceed the
+ * limit.  This allows the error packet with LDAP_SIZE_LIMIT_EXCEEDED
+ * to be sent
+ */
+static NTSTATUS ldapsrv_queue_reply_forced(struct ldapsrv_call *call,
+					   struct ldapsrv_reply *reply)
+{
+	NTSTATUS status = ldapsrv_encode(call, reply);
+
+	if (NT_STATUS_IS_OK(status)) {
+		DLIST_ADD_END(call->replies, reply);
+	}
+	return status;
+}
+
+/*
+ * Queue a reply (encoding it also) but check we do not send more than
+ * LDAP_SERVER_MAX_REPLY_SIZE of responses as a way to limit the
+ * amount of data a client can make us allocate.
+ */
+NTSTATUS ldapsrv_queue_reply(struct ldapsrv_call *call, struct ldapsrv_reply *reply)
+{
+	NTSTATUS status = ldapsrv_encode(call, reply);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (call->reply_size > call->reply_size + reply->blob.length
+	    || call->reply_size + reply->blob.length > LDAP_SERVER_MAX_REPLY_SIZE) {
+		DBG_WARNING("Refusing to queue LDAP search response size "
+			    "of more than %zu bytes\n",
+			    LDAP_SERVER_MAX_REPLY_SIZE);
+		TALLOC_FREE(reply->blob.data);
+		return NT_STATUS_FILE_TOO_LARGE;
+	}
+
+	call->reply_size += reply->blob.length;
+
+	DLIST_ADD_END(call->replies, reply);
+
+	return status;
+}
+
+static NTSTATUS ldapsrv_unwilling(struct ldapsrv_call *call, int error)
+{
+	struct ldapsrv_reply *reply;
+	struct ldap_ExtendedResponse *r;
+
+	DBG_DEBUG("type[%d] id[%d]\n", call->request->type, call->request->messageid);
+
+	reply = ldapsrv_init_reply(call, LDAP_TAG_ExtendedResponse);
+	if (!reply) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	r = &reply->msg->r.ExtendedResponse;
+	r->response.resultcode = error;
+	r->response.dn = NULL;
+	r->response.errormessage = NULL;
+	r->response.referral = NULL;
+	r->oid = NULL;
+	r->value = NULL;
+
+	ldapsrv_queue_reply(call, reply);
+	return NT_STATUS_OK;
+}
+
+static int ldapsrv_add_with_controls(struct ldapsrv_call *call,
+				     const struct ldb_message *message,
+				     struct ldb_control **controls,
+				     struct ldb_result *res)
+{
+	struct ldb_context *ldb = call->conn->ldb;
+	struct ldb_request *req;
+	int ret;
+
+	ret = ldb_msg_sanity_check(ldb, message);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = ldb_build_add_req(&req, ldb, ldb,
+					message,
+					controls,
+					res,
+					ldb_modify_default_callback,
+					NULL);
+
+	if (ret != LDB_SUCCESS) return ret;
+
+	if (call->conn->global_catalog) {
+		return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM, "modify forbidden on global catalog port");
+	}
+	ldb_request_add_control(req, DSDB_CONTROL_NO_GLOBAL_CATALOG, false, NULL);
+
+	ret = ldb_transaction_start(ldb);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (!call->conn->is_privileged) {
+		ldb_req_mark_untrusted(req);
+	}
+
+	LDB_REQ_SET_LOCATION(req);
+
+	ret = ldb_request(ldb, req);
+	if (ret == LDB_SUCCESS) {
+		ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+	}
+
+	if (ret == LDB_SUCCESS) {
+		ret = ldb_transaction_commit(ldb);
+	}
+	else {
+		ldb_transaction_cancel(ldb);
+	}
+
+	talloc_free(req);
+	return ret;
+}
+
+/* create and execute a modify request */
+static int ldapsrv_mod_with_controls(struct ldapsrv_call *call,
+				     const struct ldb_message *message,
+				     struct ldb_control **controls,
+				     struct ldb_result *res)
+{
+	struct ldb_context *ldb = call->conn->ldb;
+	struct ldb_request *req;
+	int ret;
+
+	ret = ldb_msg_sanity_check(ldb, message);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = ldb_build_mod_req(&req, ldb, ldb,
+					message,
+					controls,
+					res,
+					ldb_modify_default_callback,
+					NULL);
+
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (call->conn->global_catalog) {
+		return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM, "modify forbidden on global catalog port");
+	}
+	ldb_request_add_control(req, DSDB_CONTROL_NO_GLOBAL_CATALOG, false, NULL);
+
+	ret = ldb_transaction_start(ldb);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (!call->conn->is_privileged) {
+		ldb_req_mark_untrusted(req);
+	}
+
+	LDB_REQ_SET_LOCATION(req);
+
+	ret = ldb_request(ldb, req);
+	if (ret == LDB_SUCCESS) {
+		ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+	}
+
+	if (ret == LDB_SUCCESS) {
+		ret = ldb_transaction_commit(ldb);
+	}
+	else {
+		ldb_transaction_cancel(ldb);
+	}
+
+	talloc_free(req);
+	return ret;
+}
+
+/* create and execute a delete request */
+static int ldapsrv_del_with_controls(struct ldapsrv_call *call,
+				     struct ldb_dn *dn,
+				     struct ldb_control **controls,
+				     struct ldb_result *res)
+{
+	struct ldb_context *ldb = call->conn->ldb;
+	struct ldb_request *req;
+	int ret;
+
+	ret = ldb_build_del_req(&req, ldb, ldb,
+					dn,
+					controls,
+					res,
+					ldb_modify_default_callback,
+					NULL);
+
+	if (ret != LDB_SUCCESS) return ret;
+
+	if (call->conn->global_catalog) {
+		return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM, "modify forbidden on global catalog port");
+	}
+	ldb_request_add_control(req, DSDB_CONTROL_NO_GLOBAL_CATALOG, false, NULL);
+
+	ret = ldb_transaction_start(ldb);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (!call->conn->is_privileged) {
+		ldb_req_mark_untrusted(req);
+	}
+
+	LDB_REQ_SET_LOCATION(req);
+
+	ret = ldb_request(ldb, req);
+	if (ret == LDB_SUCCESS) {
+		ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+	}
+
+	if (ret == LDB_SUCCESS) {
+		ret = ldb_transaction_commit(ldb);
+	}
+	else {
+		ldb_transaction_cancel(ldb);
+	}
+
+	talloc_free(req);
+	return ret;
+}
+
+static int ldapsrv_rename_with_controls(struct ldapsrv_call *call,
+					struct ldb_dn *olddn,
+					struct ldb_dn *newdn,
+					struct ldb_control **controls,
+					struct ldb_result *res)
+{
+	struct ldb_context *ldb = call->conn->ldb;
+	struct ldb_request *req;
+	int ret;
+
+	ret = ldb_build_rename_req(&req, ldb, ldb,
+					olddn,
+					newdn,
+					controls,
+					res,
+					ldb_modify_default_callback,
+					NULL);
+
+	if (ret != LDB_SUCCESS) return ret;
+
+	if (call->conn->global_catalog) {
+		return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM, "modify forbidden on global catalog port");
+	}
+	ldb_request_add_control(req, DSDB_CONTROL_NO_GLOBAL_CATALOG, false, NULL);
+
+	ret = ldb_transaction_start(ldb);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	if (!call->conn->is_privileged) {
+		ldb_req_mark_untrusted(req);
+	}
+
+	LDB_REQ_SET_LOCATION(req);
+
+	ret = ldb_request(ldb, req);
+	if (ret == LDB_SUCCESS) {
+		ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+	}
+
+	if (ret == LDB_SUCCESS) {
+		ret = ldb_transaction_commit(ldb);
+	}
+	else {
+		ldb_transaction_cancel(ldb);
+	}
+
+	talloc_free(req);
+	return ret;
+}
+
+
+
+struct ldapsrv_context {
+	struct ldapsrv_call *call;
+	int extended_type;
+	bool attributesonly;
+	struct ldb_control **controls;
+	size_t count; /* For notification only */
+};
+
+static int ldap_server_search_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	struct ldapsrv_context *ctx = talloc_get_type(req->context, struct ldapsrv_context);
+	struct ldapsrv_call *call = ctx->call;
+	struct ldb_context *ldb = call->conn->ldb;
+	unsigned int j;
+	struct ldapsrv_reply *ent_r = NULL;
+	struct ldap_SearchResEntry *ent;
+	int ret;
+	NTSTATUS status;
+
+	if (!ares) {
+		return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_request_done(req, ares->error);
+	}
+
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+	{
+		struct ldb_message *msg = ares->message;
+		ent_r = ldapsrv_init_reply(call, LDAP_TAG_SearchResultEntry);
+		if (ent_r == NULL) {
+			return ldb_oom(ldb);
+		}
+
+		ctx->count++;
+
+		/*
+		 * Put the LDAP search response data under ent_r->msg
+		 * so we can free that later once encoded
+		 */
+		talloc_steal(ent_r->msg, msg);
+
+		ent = &ent_r->msg->r.SearchResultEntry;
+		ent->dn = ldb_dn_get_extended_linearized(ent_r, msg->dn,
+							 ctx->extended_type);
+		ent->num_attributes = 0;
+		ent->attributes = NULL;
+		if (msg->num_elements == 0) {
+			goto queue_reply;
+		}
+		ent->num_attributes = msg->num_elements;
+		ent->attributes = talloc_array(ent_r, struct ldb_message_element, ent->num_attributes);
+		if (ent->attributes == NULL) {
+			return ldb_oom(ldb);
+		}
+
+		for (j=0; j < ent->num_attributes; j++) {
+			ent->attributes[j].name = msg->elements[j].name;
+			ent->attributes[j].num_values = 0;
+			ent->attributes[j].values = NULL;
+			if (ctx->attributesonly && (msg->elements[j].num_values == 0)) {
+				continue;
+			}
+			ent->attributes[j].num_values = msg->elements[j].num_values;
+			ent->attributes[j].values = msg->elements[j].values;
+		}
+queue_reply:
+		status = ldapsrv_queue_reply(call, ent_r);
+		if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_TOO_LARGE)) {
+			ret = ldb_request_done(req,
+					       LDB_ERR_SIZE_LIMIT_EXCEEDED);
+			ldb_asprintf_errstring(ldb,
+					       "LDAP search response size "
+					       "limited to %zu bytes\n",
+					       LDAP_SERVER_MAX_REPLY_SIZE);
+		} else if (!NT_STATUS_IS_OK(status)) {
+			ret = ldb_request_done(req,
+					       ldb_operr(ldb));
+		} else {
+			ret = LDB_SUCCESS;
+		}
+		break;
+	}
+	case LDB_REPLY_REFERRAL:
+	{
+		struct ldap_SearchResRef *ent_ref;
+
+		/*
+		 * TODO: This should be handled by the notification
+		 * module not here
+		 */
+		if (call->notification.busy) {
+			ret = LDB_SUCCESS;
+			break;
+		}
+
+		ent_r = ldapsrv_init_reply(call, LDAP_TAG_SearchResultReference);
+		if (ent_r == NULL) {
+			return ldb_oom(ldb);
+		}
+
+		/*
+		 * Put the LDAP referral data under ent_r->msg
+		 * so we can free that later once encoded
+		 */
+		talloc_steal(ent_r->msg, ares->referral);
+
+		ent_ref = &ent_r->msg->r.SearchResultReference;
+		ent_ref->referral = ares->referral;
+
+		status = ldapsrv_queue_reply(call, ent_r);
+		if (!NT_STATUS_IS_OK(status)) {
+			ret = LDB_ERR_OPERATIONS_ERROR;
+		} else {
+			ret = LDB_SUCCESS;
+		}
+		break;
+	}
+	case LDB_REPLY_DONE:
+	{
+		/*
+		 * We don't queue the reply for this one, we let that
+		 * happen outside
+		 */
+		ctx->controls = talloc_move(ctx, &ares->controls);
+
+		TALLOC_FREE(ares);
+		return ldb_request_done(req, LDB_SUCCESS);
+	}
+	default:
+		/* Doesn't happen */
+		ret = LDB_ERR_OPERATIONS_ERROR;
+	}
+	TALLOC_FREE(ares);
+
+	return ret;
+}
+
+
+static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
+{
+	struct ldap_SearchRequest *req = &call->request->r.SearchRequest;
+	struct ldap_Result *done;
+	struct ldapsrv_reply *done_r;
+	TALLOC_CTX *local_ctx;
+	struct ldapsrv_context *callback_ctx = NULL;
+	struct ldb_context *samdb = talloc_get_type(call->conn->ldb, struct ldb_context);
+	struct ldb_dn *basedn;
+	struct ldb_request *lreq;
+	struct ldb_control *search_control;
+	struct ldb_search_options_control *search_options;
+	struct ldb_control *extended_dn_control;
+	struct ldb_extended_dn_control *extended_dn_decoded = NULL;
+	struct ldb_control *notification_control = NULL;
+	enum ldb_scope scope = LDB_SCOPE_DEFAULT;
+	const char **attrs = NULL;
+	const char *scope_str, *errstr = NULL;
+	int result = -1;
+	int ldb_ret = -1;
+	unsigned int i;
+	int extended_type = 1;
+
+	/*
+	 * Warn for searches that are longer than 1/4 of the
+	 * search_timeout, being 30sec by default
+	 */
+	struct timeval start_time = timeval_current();
+	struct timeval warning_time
+		= timeval_add(&start_time,
+			      call->conn->limits.search_timeout / 4,
+			      0);
+
+	local_ctx = talloc_new(call);
+	NT_STATUS_HAVE_NO_MEMORY(local_ctx);
+
+	basedn = ldb_dn_new(local_ctx, samdb, req->basedn);
+	NT_STATUS_HAVE_NO_MEMORY(basedn);
+
+	switch (req->scope) {
+	case LDAP_SEARCH_SCOPE_BASE:
+		scope = LDB_SCOPE_BASE;
+		break;
+	case LDAP_SEARCH_SCOPE_SINGLE:
+		scope = LDB_SCOPE_ONELEVEL;
+		break;
+	case LDAP_SEARCH_SCOPE_SUB:
+		scope = LDB_SCOPE_SUBTREE;
+		break;
+	default:
+		result = LDAP_PROTOCOL_ERROR;
+		map_ldb_error(local_ctx, LDB_ERR_PROTOCOL_ERROR, NULL,
+			      &errstr);
+		scope_str = "<Invalid scope>";
+		errstr = talloc_asprintf(local_ctx,
+					 "%s. Invalid scope", errstr);
+		goto reply;
+	}
+	scope_str = dsdb_search_scope_as_string(scope);
+
+	DBG_DEBUG("scope: [%s]\n", scope_str);
+
+	if (req->num_attributes >= 1) {
+		attrs = talloc_array(local_ctx, const char *, req->num_attributes+1);
+		NT_STATUS_HAVE_NO_MEMORY(attrs);
+
+		for (i=0; i < req->num_attributes; i++) {
+			DBG_DEBUG("attrs: [%s]\n",req->attributes[i]);
+			attrs[i] = req->attributes[i];
+		}
+		attrs[i] = NULL;
+	}
+
+	DBG_INFO("ldb_request %s dn=%s filter=%s\n",
+		 scope_str, req->basedn, ldb_filter_from_tree(call, req->tree));
+
+	callback_ctx = talloc_zero(local_ctx, struct ldapsrv_context);
+	NT_STATUS_HAVE_NO_MEMORY(callback_ctx);
+	callback_ctx->call = call;
+	callback_ctx->extended_type = extended_type;
+	callback_ctx->attributesonly = req->attributesonly;
+
+	ldb_ret = ldb_build_search_req_ex(&lreq, samdb, local_ctx,
+					  basedn, scope,
+					  req->tree, attrs,
+					  call->request->controls,
+					  callback_ctx,
+					  ldap_server_search_callback,
+					  NULL);
+
+	if (ldb_ret != LDB_SUCCESS) {
+		goto reply;
+	}
+
+	if (call->conn->global_catalog) {
+		search_control = ldb_request_get_control(lreq, LDB_CONTROL_SEARCH_OPTIONS_OID);
+
+		search_options = NULL;
+		if (search_control) {
+			search_options = talloc_get_type(search_control->data, struct ldb_search_options_control);
+			search_options->search_options |= LDB_SEARCH_OPTION_PHANTOM_ROOT;
+		} else {
+			search_options = talloc(lreq, struct ldb_search_options_control);
+			NT_STATUS_HAVE_NO_MEMORY(search_options);
+			search_options->search_options = LDB_SEARCH_OPTION_PHANTOM_ROOT;
+			ldb_request_add_control(lreq, LDB_CONTROL_SEARCH_OPTIONS_OID, false, search_options);
+		}
+	} else {
+		ldb_request_add_control(lreq, DSDB_CONTROL_NO_GLOBAL_CATALOG, false, NULL);
+	}
+
+	extended_dn_control = ldb_request_get_control(lreq, LDB_CONTROL_EXTENDED_DN_OID);
+
+	if (extended_dn_control) {
+		if (extended_dn_control->data) {
+			extended_dn_decoded = talloc_get_type(extended_dn_control->data, struct ldb_extended_dn_control);
+			extended_type = extended_dn_decoded->type;
+		} else {
+			extended_type = 0;
+		}
+		callback_ctx->extended_type = extended_type;
+	}
+
+	notification_control = ldb_request_get_control(lreq, LDB_CONTROL_NOTIFICATION_OID);
+	if (notification_control != NULL) {
+		const struct ldapsrv_call *pc = NULL;
+		size_t count = 0;
+
+		for (pc = call->conn->pending_calls; pc != NULL; pc = pc->next) {
+			count += 1;
+		}
+
+		if (count >= call->conn->limits.max_notifications) {
+			DBG_DEBUG("error MaxNotificationPerConn\n");
+			result = map_ldb_error(local_ctx,
+					       LDB_ERR_ADMIN_LIMIT_EXCEEDED,
+					       "MaxNotificationPerConn reached",
+					       &errstr);
+			goto reply;
+		}
+
+		/*
+		 * For now we need to do periodic retries on our own.
+		 * As the dsdb_notification module will return after each run.
+		 */
+		call->notification.busy = true;
+	}
+
+	{
+		const char *scheme = NULL;
+		switch (call->conn->referral_scheme) {
+		case LDAP_REFERRAL_SCHEME_LDAPS:
+			scheme = "ldaps";
+			break;
+		default:
+			scheme = "ldap";
+		}
+		ldb_ret = ldb_set_opaque(
+			samdb,
+			LDAP_REFERRAL_SCHEME_OPAQUE,
+			discard_const_p(char *, scheme));
+		if (ldb_ret != LDB_SUCCESS) {
+			goto reply;
+		}
+	}
+
+	{
+		time_t timeout = call->conn->limits.search_timeout;
+
+		if (timeout == 0
+		    || (req->timelimit != 0
+			&& req->timelimit < timeout))
+		{
+			timeout = req->timelimit;
+		}
+		ldb_set_timeout(samdb, lreq, timeout);
+	}
+
+	if (!call->conn->is_privileged) {
+		ldb_req_mark_untrusted(lreq);
+	}
+
+	LDB_REQ_SET_LOCATION(lreq);
+
+	ldb_ret = ldb_request(samdb, lreq);
+
+	if (ldb_ret != LDB_SUCCESS) {
+		goto reply;
+	}
+
+	ldb_ret = ldb_wait(lreq->handle, LDB_WAIT_ALL);
+
+	if (ldb_ret == LDB_SUCCESS) {
+		if (call->notification.busy) {
+			/* Move/Add it to the end */
+			DLIST_DEMOTE(call->conn->pending_calls, call);
+			call->notification.generation =
+				call->conn->service->notification.generation;
+
+			if (callback_ctx->count != 0) {
+				call->notification.generation += 1;
+				ldapsrv_notification_retry_setup(call->conn->service,
+								 true);
+			}
+
+			talloc_free(local_ctx);
+			return NT_STATUS_OK;
+		}
+	}
+
+reply:
+
+	/*
+	 * This looks like duplicated code - because it is - but
+	 * otherwise the work in the parameters will be done
+	 * regardless, this way the functions only execute when the
+	 * log level is set.
+	 *
+	 * The basedn is re-obtained as a string to escape it
+	 */
+	if ((req->timelimit == 0 || call->conn->limits.search_timeout < req->timelimit)
+	    && ldb_ret == LDB_ERR_TIME_LIMIT_EXCEEDED) {
+		struct dom_sid_buf sid_buf;
+		DBG_WARNING("MaxQueryDuration(%d) timeout exceeded "
+			    "in SearchRequest by %s from %s filter: [%s] "
+			    "basedn: [%s] "
+			    "scope: [%s]\n",
+			    call->conn->limits.search_timeout,
+			    dom_sid_str_buf(&call->conn->session_info->security_token->sids[0],
+					    &sid_buf),
+			    tsocket_address_string(call->conn->connection->remote_address,
+						   call),
+			    ldb_filter_from_tree(call, req->tree),
+			    ldb_dn_get_extended_linearized(call, basedn, 1),
+			    scope_str);
+		for (i=0; i < req->num_attributes; i++) {
+			DBG_WARNING("MaxQueryDuration timeout exceeded attrs: [%s]\n",
+				    req->attributes[i]);
+		}
+
+	} else if (timeval_expired(&warning_time)) {
+		struct dom_sid_buf sid_buf;
+		DBG_NOTICE("Long LDAP Query: Duration was %.2fs, "
+			   "MaxQueryDuration(%d)/4 == %d "
+			   "in SearchRequest by %s from %s filter: [%s] "
+			   "basedn: [%s] "
+			   "scope: [%s] "
+			   "result: %s\n",
+			   timeval_elapsed(&start_time),
+			   call->conn->limits.search_timeout,
+			   call->conn->limits.search_timeout / 4,
+			   dom_sid_str_buf(&call->conn->session_info->security_token->sids[0],
+					   &sid_buf),
+			   tsocket_address_string(call->conn->connection->remote_address,
+						  call),
+			   ldb_filter_from_tree(call, req->tree),
+			   ldb_dn_get_extended_linearized(call, basedn, 1),
+			   scope_str,
+			   ldb_strerror(ldb_ret));
+		for (i=0; i < req->num_attributes; i++) {
+			DBG_NOTICE("Long LDAP Query attrs: [%s]\n",
+				   req->attributes[i]);
+		}
+	} else {
+		struct dom_sid_buf sid_buf;
+		DBG_INFO("LDAP Query: Duration was %.2fs, "
+			 "SearchRequest by %s from %s filter: [%s] "
+			 "basedn: [%s] "
+			 "scope: [%s] "
+			 "result: %s\n",
+			 timeval_elapsed(&start_time),
+			 dom_sid_str_buf(&call->conn->session_info->security_token->sids[0],
+					 &sid_buf),
+			 tsocket_address_string(call->conn->connection->remote_address,
+						call),
+			 ldb_filter_from_tree(call, req->tree),
+			 ldb_dn_get_extended_linearized(call, basedn, 1),
+			 scope_str,
+			 ldb_strerror(ldb_ret));
+	}
+
+	DLIST_REMOVE(call->conn->pending_calls, call);
+	call->notification.busy = false;
+
+	done_r = ldapsrv_init_reply(call, LDAP_TAG_SearchResultDone);
+	NT_STATUS_HAVE_NO_MEMORY(done_r);
+
+	done = &done_r->msg->r.SearchResultDone;
+	done->dn = NULL;
+	done->referral = NULL;
+
+	if (result != -1) {
+	} else if (ldb_ret == LDB_SUCCESS) {
+		if (callback_ctx->controls) {
+			done_r->msg->controls = callback_ctx->controls;
+			talloc_steal(done_r->msg, callback_ctx->controls);
+		}
+		result = LDB_SUCCESS;
+	} else {
+		DBG_DEBUG("error\n");
+		result = map_ldb_error(local_ctx, ldb_ret, ldb_errstring(samdb),
+				       &errstr);
+	}
+
+	done->resultcode = result;
+	done->errormessage = (errstr?talloc_strdup(done_r, errstr):NULL);
+
+	talloc_free(local_ctx);
+
+	return ldapsrv_queue_reply_forced(call, done_r);
+}
+
+static NTSTATUS ldapsrv_ModifyRequest(struct ldapsrv_call *call)
+{
+	struct ldap_ModifyRequest *req = &call->request->r.ModifyRequest;
+	struct ldap_Result *modify_result;
+	struct ldapsrv_reply *modify_reply;
+	TALLOC_CTX *local_ctx;
+	struct ldb_context *samdb = call->conn->ldb;
+	struct ldb_message *msg = NULL;
+	struct ldb_dn *dn;
+	const char *errstr = NULL;
+	int result = LDAP_SUCCESS;
+	int ldb_ret;
+	unsigned int i,j;
+	struct ldb_result *res = NULL;
+
+	DBG_DEBUG("dn: %s\n", req->dn);
+
+	local_ctx = talloc_named(call, 0, "ModifyRequest local memory context");
+	NT_STATUS_HAVE_NO_MEMORY(local_ctx);
+
+	dn = ldb_dn_new(local_ctx, samdb, req->dn);
+	NT_STATUS_HAVE_NO_MEMORY(dn);
+
+	DBG_DEBUG("dn: [%s]\n", req->dn);
+
+	msg = ldb_msg_new(local_ctx);
+	NT_STATUS_HAVE_NO_MEMORY(msg);
+
+	msg->dn = dn;
+
+	if (req->num_mods > 0) {
+		msg->num_elements = req->num_mods;
+		msg->elements = talloc_array(msg, struct ldb_message_element, req->num_mods);
+		NT_STATUS_HAVE_NO_MEMORY(msg->elements);
+
+		for (i=0; i < msg->num_elements; i++) {
+			msg->elements[i].name = discard_const_p(char, req->mods[i].attrib.name);
+			msg->elements[i].num_values = 0;
+			msg->elements[i].values = NULL;
+
+			switch (req->mods[i].type) {
+			default:
+				result = LDAP_PROTOCOL_ERROR;
+				map_ldb_error(local_ctx,
+					LDB_ERR_PROTOCOL_ERROR, NULL, &errstr);
+				errstr = talloc_asprintf(local_ctx,
+					"%s. Invalid LDAP_MODIFY_* type", errstr);
+				goto reply;
+			case LDAP_MODIFY_ADD:
+				msg->elements[i].flags = LDB_FLAG_MOD_ADD;
+				break;
+			case LDAP_MODIFY_DELETE:
+				msg->elements[i].flags = LDB_FLAG_MOD_DELETE;
+				break;
+			case LDAP_MODIFY_REPLACE:
+				msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
+				break;
+			}
+
+			msg->elements[i].num_values = req->mods[i].attrib.num_values;
+			if (msg->elements[i].num_values > 0) {
+				msg->elements[i].values = talloc_array(msg->elements, struct ldb_val,
+								       msg->elements[i].num_values);
+				NT_STATUS_HAVE_NO_MEMORY(msg->elements[i].values);
+
+				for (j=0; j < msg->elements[i].num_values; j++) {
+					msg->elements[i].values[j].length = req->mods[i].attrib.values[j].length;
+					msg->elements[i].values[j].data = req->mods[i].attrib.values[j].data;			
+				}
+			}
+		}
+	}
+
+reply:
+	modify_reply = ldapsrv_init_reply(call, LDAP_TAG_ModifyResponse);
+	NT_STATUS_HAVE_NO_MEMORY(modify_reply);
+
+	if (result == LDAP_SUCCESS) {
+		res = talloc_zero(local_ctx, struct ldb_result);
+		NT_STATUS_HAVE_NO_MEMORY(res);
+		ldb_ret = ldapsrv_mod_with_controls(call, msg, call->request->controls, res);
+		result = map_ldb_error(local_ctx, ldb_ret, ldb_errstring(samdb),
+				       &errstr);
+	}
+
+	modify_result = &modify_reply->msg->r.ModifyResponse;
+	modify_result->dn = NULL;
+	if ((res != NULL) && (res->refs != NULL)) {
+		modify_result->resultcode = map_ldb_error(local_ctx,
+							  LDB_ERR_REFERRAL,
+							  NULL, &errstr);
+		modify_result->errormessage = (errstr?talloc_strdup(modify_reply, errstr):NULL);
+		modify_result->referral = talloc_strdup(call, *res->refs);
+	} else {
+		modify_result->resultcode = result;
+		modify_result->errormessage = (errstr?talloc_strdup(modify_reply, errstr):NULL);
+		modify_result->referral = NULL;
+	}
+	talloc_free(local_ctx);
+
+	return ldapsrv_queue_reply(call, modify_reply);
+
+}
+
+static NTSTATUS ldapsrv_AddRequest(struct ldapsrv_call *call)
+{
+	struct ldap_AddRequest *req = &call->request->r.AddRequest;
+	struct ldap_Result *add_result;
+	struct ldapsrv_reply *add_reply;
+	TALLOC_CTX *local_ctx;
+	struct ldb_context *samdb = call->conn->ldb;
+	struct ldb_message *msg = NULL;
+	struct ldb_dn *dn;
+	const char *errstr = NULL;
+	int result = LDAP_SUCCESS;
+	int ldb_ret;
+	unsigned int i,j;
+	struct ldb_result *res = NULL;
+
+	DBG_DEBUG("dn: %s\n", req->dn);
+
+	local_ctx = talloc_named(call, 0, "AddRequest local memory context");
+	NT_STATUS_HAVE_NO_MEMORY(local_ctx);
+
+	dn = ldb_dn_new(local_ctx, samdb, req->dn);
+	NT_STATUS_HAVE_NO_MEMORY(dn);
+
+	DBG_DEBUG("dn: [%s]\n", req->dn);
+
+	msg = talloc(local_ctx, struct ldb_message);
+	NT_STATUS_HAVE_NO_MEMORY(msg);
+
+	msg->dn = dn;
+	msg->num_elements = 0;
+	msg->elements = NULL;
+
+	if (req->num_attributes > 0) {
+		msg->num_elements = req->num_attributes;
+		msg->elements = talloc_array(msg, struct ldb_message_element, msg->num_elements);
+		NT_STATUS_HAVE_NO_MEMORY(msg->elements);
+
+		for (i=0; i < msg->num_elements; i++) {
+			msg->elements[i].name = discard_const_p(char, req->attributes[i].name);
+			msg->elements[i].flags = 0;
+			msg->elements[i].num_values = 0;
+			msg->elements[i].values = NULL;
+			
+			if (req->attributes[i].num_values > 0) {
+				msg->elements[i].num_values = req->attributes[i].num_values;
+				msg->elements[i].values = talloc_array(msg->elements, struct ldb_val,
+								       msg->elements[i].num_values);
+				NT_STATUS_HAVE_NO_MEMORY(msg->elements[i].values);
+
+				for (j=0; j < msg->elements[i].num_values; j++) {
+					msg->elements[i].values[j].length = req->attributes[i].values[j].length;
+					msg->elements[i].values[j].data = req->attributes[i].values[j].data;			
+				}
+			}
+		}
+	}
+
+	add_reply = ldapsrv_init_reply(call, LDAP_TAG_AddResponse);
+	NT_STATUS_HAVE_NO_MEMORY(add_reply);
+
+	if (result == LDAP_SUCCESS) {
+		res = talloc_zero(local_ctx, struct ldb_result);
+		NT_STATUS_HAVE_NO_MEMORY(res);
+		ldb_ret = ldapsrv_add_with_controls(call, msg, call->request->controls, res);
+		result = map_ldb_error(local_ctx, ldb_ret, ldb_errstring(samdb),
+				       &errstr);
+	}
+
+	add_result = &add_reply->msg->r.AddResponse;
+	add_result->dn = NULL;
+	if ((res != NULL) && (res->refs != NULL)) {
+		add_result->resultcode =  map_ldb_error(local_ctx,
+							LDB_ERR_REFERRAL, NULL,
+							&errstr);
+		add_result->errormessage = (errstr?talloc_strdup(add_reply,errstr):NULL);
+		add_result->referral = talloc_strdup(call, *res->refs);
+	} else {
+		add_result->resultcode = result;
+		add_result->errormessage = (errstr?talloc_strdup(add_reply,errstr):NULL);
+		add_result->referral = NULL;
+	}
+	talloc_free(local_ctx);
+
+	return ldapsrv_queue_reply(call, add_reply);
+
+}
+
+static NTSTATUS ldapsrv_DelRequest(struct ldapsrv_call *call)
+{
+	struct ldap_DelRequest *req = &call->request->r.DelRequest;
+	struct ldap_Result *del_result;
+	struct ldapsrv_reply *del_reply;
+	TALLOC_CTX *local_ctx;
+	struct ldb_context *samdb = call->conn->ldb;
+	struct ldb_dn *dn;
+	const char *errstr = NULL;
+	int result = LDAP_SUCCESS;
+	int ldb_ret;
+	struct ldb_result *res = NULL;
+
+	DBG_DEBUG("dn: %s\n", req->dn);
+
+	local_ctx = talloc_named(call, 0, "DelRequest local memory context");
+	NT_STATUS_HAVE_NO_MEMORY(local_ctx);
+
+	dn = ldb_dn_new(local_ctx, samdb, req->dn);
+	NT_STATUS_HAVE_NO_MEMORY(dn);
+
+	DBG_DEBUG("dn: [%s]\n", req->dn);
+
+	del_reply = ldapsrv_init_reply(call, LDAP_TAG_DelResponse);
+	NT_STATUS_HAVE_NO_MEMORY(del_reply);
+
+	if (result == LDAP_SUCCESS) {
+		res = talloc_zero(local_ctx, struct ldb_result);
+		NT_STATUS_HAVE_NO_MEMORY(res);
+		ldb_ret = ldapsrv_del_with_controls(call, dn, call->request->controls, res);
+		result = map_ldb_error(local_ctx, ldb_ret, ldb_errstring(samdb),
+				       &errstr);
+	}
+
+	del_result = &del_reply->msg->r.DelResponse;
+	del_result->dn = NULL;
+	if ((res != NULL) && (res->refs != NULL)) {
+		del_result->resultcode = map_ldb_error(local_ctx,
+						       LDB_ERR_REFERRAL, NULL,
+						       &errstr);
+		del_result->errormessage = (errstr?talloc_strdup(del_reply,errstr):NULL);
+		del_result->referral = talloc_strdup(call, *res->refs);
+	} else {
+		del_result->resultcode = result;
+		del_result->errormessage = (errstr?talloc_strdup(del_reply,errstr):NULL);
+		del_result->referral = NULL;
+	}
+
+	talloc_free(local_ctx);
+
+	return ldapsrv_queue_reply(call, del_reply);
+}
+
+static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call)
+{
+	struct ldap_ModifyDNRequest *req = &call->request->r.ModifyDNRequest;
+	struct ldap_Result *modifydn;
+	struct ldapsrv_reply *modifydn_r;
+	TALLOC_CTX *local_ctx;
+	struct ldb_context *samdb = call->conn->ldb;
+	struct ldb_dn *olddn, *newdn=NULL, *newrdn;
+	struct ldb_dn *parentdn = NULL;
+	const char *errstr = NULL;
+	int result = LDAP_SUCCESS;
+	int ldb_ret;
+	struct ldb_result *res = NULL;
+
+	DBG_DEBUG("dn: %s newrdn: %s\n",
+		  req->dn, req->newrdn);
+
+	local_ctx = talloc_named(call, 0, "ModifyDNRequest local memory context");
+	NT_STATUS_HAVE_NO_MEMORY(local_ctx);
+
+	olddn = ldb_dn_new(local_ctx, samdb, req->dn);
+	NT_STATUS_HAVE_NO_MEMORY(olddn);
+
+	newrdn = ldb_dn_new(local_ctx, samdb, req->newrdn);
+	NT_STATUS_HAVE_NO_MEMORY(newrdn);
+
+	DBG_DEBUG("olddn: [%s] newrdn: [%s]\n",
+		  req->dn, req->newrdn);
+
+	if (ldb_dn_get_comp_num(newrdn) == 0) {
+		result = LDAP_PROTOCOL_ERROR;
+		map_ldb_error(local_ctx, LDB_ERR_PROTOCOL_ERROR, NULL,
+			      &errstr);
+		goto reply;
+	}
+
+	if (ldb_dn_get_comp_num(newrdn) > 1) {
+		result = LDAP_NAMING_VIOLATION;
+		map_ldb_error(local_ctx, LDB_ERR_NAMING_VIOLATION, NULL,
+			      &errstr);
+		goto reply;
+	}
+
+	/* we can't handle the rename if we should not remove the old dn */
+	if (!req->deleteolddn) {
+		result = LDAP_UNWILLING_TO_PERFORM;
+		map_ldb_error(local_ctx, LDB_ERR_UNWILLING_TO_PERFORM, NULL,
+			      &errstr);
+		errstr = talloc_asprintf(local_ctx,
+			"%s. Old RDN must be deleted", errstr);
+		goto reply;
+	}
+
+	if (req->newsuperior) {
+		DBG_DEBUG("newsuperior: [%s]\n", req->newsuperior);
+		parentdn = ldb_dn_new(local_ctx, samdb, req->newsuperior);
+	}
+
+	if (!parentdn) {
+		parentdn = ldb_dn_get_parent(local_ctx, olddn);
+	}
+	if (!parentdn) {
+		result = LDAP_NO_SUCH_OBJECT;
+		map_ldb_error(local_ctx, LDB_ERR_NO_SUCH_OBJECT, NULL, &errstr);
+		goto reply;
+	}
+
+	if ( ! ldb_dn_add_child(parentdn, newrdn)) {
+		result = LDAP_OTHER;
+		map_ldb_error(local_ctx, LDB_ERR_OTHER, NULL, &errstr);
+		goto reply;
+	}
+	newdn = parentdn;
+
+reply:
+	modifydn_r = ldapsrv_init_reply(call, LDAP_TAG_ModifyDNResponse);
+	NT_STATUS_HAVE_NO_MEMORY(modifydn_r);
+
+	if (result == LDAP_SUCCESS) {
+		res = talloc_zero(local_ctx, struct ldb_result);
+		NT_STATUS_HAVE_NO_MEMORY(res);
+		ldb_ret = ldapsrv_rename_with_controls(call, olddn, newdn, call->request->controls, res);
+		result = map_ldb_error(local_ctx, ldb_ret, ldb_errstring(samdb),
+				       &errstr);
+	}
+
+	modifydn = &modifydn_r->msg->r.ModifyDNResponse;
+	modifydn->dn = NULL;
+	if ((res != NULL) && (res->refs != NULL)) {
+		modifydn->resultcode = map_ldb_error(local_ctx,
+						     LDB_ERR_REFERRAL, NULL,
+						     &errstr);;
+		modifydn->errormessage = (errstr?talloc_strdup(modifydn_r,errstr):NULL);
+		modifydn->referral = talloc_strdup(call, *res->refs);
+	} else {
+		modifydn->resultcode = result;
+		modifydn->errormessage = (errstr?talloc_strdup(modifydn_r,errstr):NULL);
+		modifydn->referral = NULL;
+	}
+
+	talloc_free(local_ctx);
+
+	return ldapsrv_queue_reply(call, modifydn_r);
+}
+
+static NTSTATUS ldapsrv_CompareRequest(struct ldapsrv_call *call)
+{
+	struct ldap_CompareRequest *req = &call->request->r.CompareRequest;
+	struct ldap_Result *compare;
+	struct ldapsrv_reply *compare_r;
+	TALLOC_CTX *local_ctx;
+	struct ldb_context *samdb = call->conn->ldb;
+	struct ldb_result *res = NULL;
+	struct ldb_dn *dn;
+	const char *attrs[1];
+	const char *errstr = NULL;
+	const char *filter = NULL;
+	int result = LDAP_SUCCESS;
+	int ldb_ret;
+
+	DBG_DEBUG("dn: %s\n", req->dn);
+
+	local_ctx = talloc_named(call, 0, "CompareRequest local_memory_context");
+	NT_STATUS_HAVE_NO_MEMORY(local_ctx);
+
+	dn = ldb_dn_new(local_ctx, samdb, req->dn);
+	NT_STATUS_HAVE_NO_MEMORY(dn);
+
+	DBG_DEBUG("dn: [%s]\n", req->dn);
+	filter = talloc_asprintf(local_ctx, "(%s=%*s)", req->attribute, 
+				 (int)req->value.length, req->value.data);
+	NT_STATUS_HAVE_NO_MEMORY(filter);
+
+	DBG_DEBUG("attribute: [%s]\n", filter);
+
+	attrs[0] = NULL;
+
+	compare_r = ldapsrv_init_reply(call, LDAP_TAG_CompareResponse);
+	NT_STATUS_HAVE_NO_MEMORY(compare_r);
+
+	if (result == LDAP_SUCCESS) {
+		ldb_ret = ldb_search(samdb, local_ctx, &res,
+				     dn, LDB_SCOPE_BASE, attrs, "%s", filter);
+		if (ldb_ret != LDB_SUCCESS) {
+			result = map_ldb_error(local_ctx, ldb_ret,
+					       ldb_errstring(samdb), &errstr);
+			DBG_DEBUG("error: %s\n", errstr);
+		} else if (res->count == 0) {
+			DBG_DEBUG("didn't match\n");
+			result = LDAP_COMPARE_FALSE;
+			errstr = NULL;
+		} else if (res->count == 1) {
+			DBG_DEBUG("matched\n");
+			result = LDAP_COMPARE_TRUE;
+			errstr = NULL;
+		} else if (res->count > 1) {
+			result = LDAP_OTHER;
+			map_ldb_error(local_ctx, LDB_ERR_OTHER, NULL, &errstr);
+			errstr = talloc_asprintf(local_ctx,
+				"%s. Too many objects match!", errstr);
+			DBG_DEBUG("%u results: %s\n", res->count, errstr);
+		}
+	}
+
+	compare = &compare_r->msg->r.CompareResponse;
+	compare->dn = NULL;
+	compare->resultcode = result;
+	compare->errormessage = (errstr?talloc_strdup(compare_r,errstr):NULL);
+	compare->referral = NULL;
+
+	talloc_free(local_ctx);
+
+	return ldapsrv_queue_reply(call, compare_r);
+}
+
+static NTSTATUS ldapsrv_AbandonRequest(struct ldapsrv_call *call)
+{
+	struct ldap_AbandonRequest *req = &call->request->r.AbandonRequest;
+	struct ldapsrv_call *c = NULL;
+	struct ldapsrv_call *n = NULL;
+
+	DBG_DEBUG("abandoned\n");
+
+	for (c = call->conn->pending_calls; c != NULL; c = n) {
+		n = c->next;
+
+		if (c->request->messageid != req->messageid) {
+			continue;
+		}
+
+		DLIST_REMOVE(call->conn->pending_calls, c);
+		TALLOC_FREE(c);
+	}
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS ldapsrv_expired(struct ldapsrv_call *call)
+{
+	struct ldapsrv_reply *reply = NULL;
+	struct ldap_ExtendedResponse *r = NULL;
+
+	DBG_DEBUG("Sending connection expired message\n");
+
+	reply = ldapsrv_init_reply(call, LDAP_TAG_ExtendedResponse);
+	if (reply == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/*
+	 * According to RFC4511 section 4.4.1 this has a msgid of 0
+	 */
+	reply->msg->messageid = 0;
+
+	r = &reply->msg->r.ExtendedResponse;
+	r->response.resultcode = LDB_ERR_UNAVAILABLE;
+	r->response.errormessage = "The server has timed out this connection";
+	r->oid = "1.3.6.1.4.1.1466.20036"; /* see rfc4511 section 4.4.1 */
+
+	ldapsrv_queue_reply(call, reply);
+	return NT_STATUS_OK;
+}
+
+NTSTATUS ldapsrv_do_call(struct ldapsrv_call *call)
+{
+	unsigned int i;
+	struct ldap_message *msg = call->request;
+	struct ldapsrv_connection *conn = call->conn;
+	NTSTATUS status;
+	bool expired;
+
+	expired = timeval_expired(&conn->limits.expire_time);
+	if (expired) {
+		status = ldapsrv_expired(call);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+		return NT_STATUS_NETWORK_SESSION_EXPIRED;
+	}
+
+	/* Check for undecoded critical extensions */
+	for (i=0; msg->controls && msg->controls[i]; i++) {
+		if (!msg->controls_decoded[i] && 
+		    msg->controls[i]->critical) {
+			DBG_NOTICE("Critical extension %s is not known to this server\n",
+				  msg->controls[i]->oid);
+			return ldapsrv_unwilling(call, LDAP_UNAVAILABLE_CRITICAL_EXTENSION);
+		}
+	}
+
+	if (call->conn->authz_logged == false) {
+		bool log = true;
+
+		/*
+		 * We do not want to log anonymous access if the query
+		 * is just for the rootDSE, or it is a startTLS or a
+		 * Bind.
+		 *
+		 * A rootDSE search could also be done over
+		 * CLDAP anonymously for example, so these don't
+		 * really count.
+		 * Essentially we want to know about
+		 * access beyond that normally done prior to a
+		 * bind.
+		 */
+
+		switch(call->request->type) {
+		case LDAP_TAG_BindRequest:
+		case LDAP_TAG_UnbindRequest:
+		case LDAP_TAG_AbandonRequest:
+			log = false;
+			break;
+		case LDAP_TAG_ExtendedResponse: {
+			struct ldap_ExtendedRequest *req = &call->request->r.ExtendedRequest;
+			if (strcmp(req->oid, LDB_EXTENDED_START_TLS_OID) == 0) {
+				log = false;
+			}
+			break;
+		}
+		case LDAP_TAG_SearchRequest: {
+			struct ldap_SearchRequest *req = &call->request->r.SearchRequest;
+			if (req->scope == LDAP_SEARCH_SCOPE_BASE) {
+				if (req->basedn[0] == '\0') {
+					log = false;
+				}
+			}
+			break;
+		}
+		default:
+			break;
+		}
+
+		if (log) {
+			const char *transport_protection = AUTHZ_TRANSPORT_PROTECTION_NONE;
+			if (call->conn->sockets.active == call->conn->sockets.tls) {
+				transport_protection = AUTHZ_TRANSPORT_PROTECTION_TLS;
+			}
+
+			log_successful_authz_event(call->conn->connection->msg_ctx,
+						   call->conn->connection->lp_ctx,
+						   call->conn->connection->remote_address,
+						   call->conn->connection->local_address,
+						   "LDAP",
+						   "no bind",
+						   transport_protection,
+						   call->conn->session_info,
+						   NULL /* client_audit_info */,
+						   NULL /* server_audit_info */);
+
+			call->conn->authz_logged = true;
+		}
+	}
+
+	switch(call->request->type) {
+	case LDAP_TAG_BindRequest:
+		return ldapsrv_BindRequest(call);
+	case LDAP_TAG_UnbindRequest:
+		return ldapsrv_UnbindRequest(call);
+	case LDAP_TAG_SearchRequest:
+		return ldapsrv_SearchRequest(call);
+	case LDAP_TAG_ModifyRequest:
+		status = ldapsrv_ModifyRequest(call);
+		break;
+	case LDAP_TAG_AddRequest:
+		status = ldapsrv_AddRequest(call);
+		break;
+	case LDAP_TAG_DelRequest:
+		status = ldapsrv_DelRequest(call);
+		break;
+	case LDAP_TAG_ModifyDNRequest:
+		status = ldapsrv_ModifyDNRequest(call);
+		break;
+	case LDAP_TAG_CompareRequest:
+		return ldapsrv_CompareRequest(call);
+	case LDAP_TAG_AbandonRequest:
+		return ldapsrv_AbandonRequest(call);
+	case LDAP_TAG_ExtendedRequest:
+		status = ldapsrv_ExtendedRequest(call);
+		break;
+	default:
+		return ldapsrv_unwilling(call, LDAP_PROTOCOL_ERROR);
+	}
+
+	if (NT_STATUS_IS_OK(status)) {
+		ldapsrv_notification_retry_setup(call->conn->service, true);
+	}
+
+	return status;
+}
diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c
new file mode 100644
index 0000000..d592d47
--- /dev/null
+++ b/source4/ldap_server/ldap_bind.c
@@ -0,0 +1,783 @@
+/* 
+   Unix SMB/CIFS implementation.
+   LDAP server
+   Copyright (C) Stefan Metzmacher 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "ldap_server/ldap_server.h"
+#include "auth/auth.h"
+#include "samba/service.h"
+#include <ldb.h>
+#include <ldb_errors.h>
+#include "../lib/util/dlinklist.h"
+#include "dsdb/samdb/samdb.h"
+#include "auth/gensec/gensec.h"
+#include "auth/gensec/gensec_tstream.h"
+#include "param/param.h"
+#include "../lib/util/tevent_ntstatus.h"
+#include "lib/util/time_basic.h"
+
+static char *ldapsrv_bind_error_msg(TALLOC_CTX *mem_ctx,
+				    HRESULT hresult,
+				    uint32_t DSID,
+				    NTSTATUS status)
+{
+	WERROR werr;
+	char *msg = NULL;
+
+	status = nt_status_squash(status);
+	werr = ntstatus_to_werror(status);
+
+	/*
+	 * There are 4 lower case hex digits following 'v' at the end,
+	 * but different Windows Versions return different values:
+	 *
+	 * Windows 2008R2 uses 'v1db1'
+	 * Windows 2012R2 uses 'v2580'
+	 *
+	 * We just match Windows 2008R2 as that's what was referenced
+	 * in https://bugzilla.samba.org/show_bug.cgi?id=9048
+	 */
+	msg = talloc_asprintf(mem_ctx, "%08X: LdapErr: DSID-%08X, comment: "
+			      "AcceptSecurityContext error, data %x, v1db1",
+			      (unsigned)HRES_ERROR_V(hresult),
+			      (unsigned)DSID,
+			      (unsigned)W_ERROR_V(werr));
+
+	return msg;
+}
+
+struct ldapsrv_bind_wait_context {
+	struct ldapsrv_reply *reply;
+	struct tevent_req *req;
+	NTSTATUS status;
+	bool done;
+};
+
+struct ldapsrv_bind_wait_state {
+	uint8_t dummy;
+};
+
+static struct tevent_req *ldapsrv_bind_wait_send(TALLOC_CTX *mem_ctx,
+						 struct tevent_context *ev,
+						 void *private_data)
+{
+	struct ldapsrv_bind_wait_context *bind_wait =
+		talloc_get_type_abort(private_data,
+		struct ldapsrv_bind_wait_context);
+	struct tevent_req *req;
+	struct ldapsrv_bind_wait_state *state;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct ldapsrv_bind_wait_state);
+	if (req == NULL) {
+		return NULL;
+	}
+	bind_wait->req = req;
+
+	tevent_req_defer_callback(req, ev);
+
+	if (!bind_wait->done) {
+		return req;
+	}
+
+	if (tevent_req_nterror(req, bind_wait->status)) {
+		return tevent_req_post(req, ev);
+	}
+
+	tevent_req_done(req);
+	return tevent_req_post(req, ev);
+}
+
+static NTSTATUS ldapsrv_bind_wait_recv(struct tevent_req *req)
+{
+	return tevent_req_simple_recv_ntstatus(req);
+}
+
+static NTSTATUS ldapsrv_bind_wait_setup(struct ldapsrv_call *call,
+					struct ldapsrv_reply *reply)
+{
+	struct ldapsrv_bind_wait_context *bind_wait = NULL;
+
+	if (call->wait_private != NULL) {
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	bind_wait = talloc_zero(call, struct ldapsrv_bind_wait_context);
+	if (bind_wait == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	bind_wait->reply = reply;
+
+	call->wait_private = bind_wait;
+	call->wait_send = ldapsrv_bind_wait_send;
+	call->wait_recv = ldapsrv_bind_wait_recv;
+	return NT_STATUS_OK;
+}
+
+static void ldapsrv_bind_wait_finished(struct ldapsrv_call *call,
+				       NTSTATUS status)
+{
+	struct ldapsrv_bind_wait_context *bind_wait =
+		talloc_get_type_abort(call->wait_private,
+		struct ldapsrv_bind_wait_context);
+
+	bind_wait->done = true;
+	bind_wait->status = status;
+
+	if (bind_wait->req == NULL) {
+		return;
+	}
+
+	if (tevent_req_nterror(bind_wait->req, status)) {
+		return;
+	}
+
+	tevent_req_done(bind_wait->req);
+}
+
+static void ldapsrv_BindSimple_done(struct tevent_req *subreq);
+
+static NTSTATUS ldapsrv_BindSimple(struct ldapsrv_call *call)
+{
+	struct ldap_BindRequest *req = &call->request->r.BindRequest;
+	struct ldapsrv_reply *reply = NULL;
+	struct ldap_BindResponse *resp = NULL;
+	int result;
+	const char *errstr = NULL;
+	NTSTATUS status;
+	bool using_tls = call->conn->sockets.active == call->conn->sockets.tls;
+	struct tevent_req *subreq = NULL;
+
+	DEBUG(10, ("BindSimple dn: %s\n",req->dn));
+
+	reply = ldapsrv_init_reply(call, LDAP_TAG_BindResponse);
+	if (!reply) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (req->dn != NULL &&
+	    strlen(req->dn) != 0 &&
+	    call->conn->require_strong_auth > LDAP_SERVER_REQUIRE_STRONG_AUTH_NO &&
+	    !using_tls)
+	{
+		status = NT_STATUS_NETWORK_ACCESS_DENIED;
+		result = LDAP_STRONG_AUTH_REQUIRED;
+		errstr = talloc_asprintf(reply,
+					 "BindSimple: Transport encryption required.");
+		goto do_reply;
+	}
+
+	subreq = authenticate_ldap_simple_bind_send(call,
+					call->conn->connection->event.ctx,
+					call->conn->connection->msg_ctx,
+					call->conn->lp_ctx,
+					call->conn->connection->remote_address,
+					call->conn->connection->local_address,
+					using_tls,
+					req->dn,
+					req->creds.password);
+	if (subreq == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	tevent_req_set_callback(subreq, ldapsrv_BindSimple_done, call);
+
+	status = ldapsrv_bind_wait_setup(call, reply);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(subreq);
+		return status;
+	}
+
+	/*
+	 * The rest will be async.
+	 */
+	return NT_STATUS_OK;
+
+do_reply:
+	resp = &reply->msg->r.BindResponse;
+	resp->response.resultcode = result;
+	resp->response.errormessage = errstr;
+	resp->response.dn = NULL;
+	resp->response.referral = NULL;
+	resp->SASL.secblob = NULL;
+
+	ldapsrv_queue_reply(call, reply);
+	return NT_STATUS_OK;
+}
+
+static void ldapsrv_BindSimple_done(struct tevent_req *subreq)
+{
+	struct ldapsrv_call *call =
+		tevent_req_callback_data(subreq,
+		struct ldapsrv_call);
+	struct ldapsrv_bind_wait_context *bind_wait =
+		talloc_get_type_abort(call->wait_private,
+		struct ldapsrv_bind_wait_context);
+	struct ldapsrv_reply *reply = bind_wait->reply;
+	struct auth_session_info *session_info = NULL;
+	NTSTATUS status;
+	struct ldap_BindResponse *resp = NULL;
+	int result;
+	const char *errstr = NULL;
+
+	status = authenticate_ldap_simple_bind_recv(subreq,
+						    call,
+						    &session_info);
+	if (NT_STATUS_IS_OK(status)) {
+		char *ldb_errstring = NULL;
+		result = LDAP_SUCCESS;
+		errstr = NULL;
+
+		talloc_unlink(call->conn, call->conn->session_info);
+		call->conn->session_info = talloc_steal(call->conn, session_info);
+
+		call->conn->authz_logged = true;
+
+		/* don't leak the old LDB */
+		talloc_unlink(call->conn, call->conn->ldb);
+
+		result = ldapsrv_backend_Init(call->conn, &ldb_errstring);
+
+		if (result != LDB_SUCCESS) {
+			/* Only put the detailed error in DEBUG() */
+			DBG_ERR("ldapsrv_backend_Init failed: %s: %s\n",
+				ldb_errstring, ldb_strerror(result));
+			errstr = talloc_strdup(reply,
+					       "Simple Bind: Failed to advise "
+					       "ldb new credentials");
+			result = LDB_ERR_OPERATIONS_ERROR;
+		}
+	} else {
+		status = nt_status_squash(status);
+
+		result = LDAP_INVALID_CREDENTIALS;
+		errstr = ldapsrv_bind_error_msg(reply, HRES_SEC_E_INVALID_TOKEN,
+						0x0C0903A9, status);
+	}
+
+	resp = &reply->msg->r.BindResponse;
+	resp->response.resultcode = result;
+	resp->response.errormessage = errstr;
+	resp->response.dn = NULL;
+	resp->response.referral = NULL;
+	resp->SASL.secblob = NULL;
+
+	ldapsrv_queue_reply(call, reply);
+	ldapsrv_bind_wait_finished(call, NT_STATUS_OK);
+}
+
+struct ldapsrv_sasl_postprocess_context {
+	struct ldapsrv_connection *conn;
+	struct tstream_context *sasl;
+};
+
+struct ldapsrv_sasl_postprocess_state {
+	uint8_t dummy;
+};
+
+static struct tevent_req *ldapsrv_sasl_postprocess_send(TALLOC_CTX *mem_ctx,
+						struct tevent_context *ev,
+						void *private_data)
+{
+	struct ldapsrv_sasl_postprocess_context *context =
+		talloc_get_type_abort(private_data,
+		struct ldapsrv_sasl_postprocess_context);
+	struct tevent_req *req;
+	struct ldapsrv_sasl_postprocess_state *state;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct ldapsrv_sasl_postprocess_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	TALLOC_FREE(context->conn->sockets.sasl);
+	context->conn->sockets.sasl = talloc_move(context->conn, &context->sasl);
+	context->conn->sockets.active = context->conn->sockets.sasl;
+
+	tevent_req_done(req);
+	return tevent_req_post(req, ev);
+}
+
+static NTSTATUS ldapsrv_sasl_postprocess_recv(struct tevent_req *req)
+{
+	return tevent_req_simple_recv_ntstatus(req);
+}
+
+static NTSTATUS ldapsrv_setup_gensec(struct ldapsrv_connection *conn,
+				     const char *sasl_mech,
+				     struct gensec_security **_gensec_security)
+{
+	NTSTATUS status;
+
+	struct gensec_security *gensec_security;
+
+	status = samba_server_gensec_start(conn,
+					   conn->connection->event.ctx,
+					   conn->connection->msg_ctx,
+					   conn->lp_ctx,
+					   conn->server_credentials,
+					   "ldap",
+					   &gensec_security);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	status = gensec_set_target_service_description(gensec_security,
+						       "LDAP");
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	status = gensec_set_remote_address(gensec_security,
+					   conn->connection->remote_address);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	status = gensec_set_local_address(gensec_security,
+					  conn->connection->local_address);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	gensec_want_feature(gensec_security, GENSEC_FEATURE_ASYNC_REPLIES);
+	gensec_want_feature(gensec_security, GENSEC_FEATURE_LDAP_STYLE);
+
+	if (conn->sockets.active == conn->sockets.tls) {
+		gensec_want_feature(gensec_security, GENSEC_FEATURE_LDAPS_TRANSPORT);
+	}
+
+	status = gensec_start_mech_by_sasl_name(gensec_security, sasl_mech);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	*_gensec_security = gensec_security;
+	return status;
+}
+
+static void ldapsrv_BindSASL_done(struct tevent_req *subreq);
+
+static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
+{
+	struct ldap_BindRequest *req = &call->request->r.BindRequest;
+	struct ldapsrv_reply *reply;
+	struct ldap_BindResponse *resp;
+	struct ldapsrv_connection *conn;
+	int result = 0;
+	const char *errstr=NULL;
+	NTSTATUS status = NT_STATUS_OK;
+	DATA_BLOB input = data_blob_null;
+	struct tevent_req *subreq = NULL;
+
+	DEBUG(10, ("BindSASL dn: %s\n",req->dn));
+
+	reply = ldapsrv_init_reply(call, LDAP_TAG_BindResponse);
+	if (!reply) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	resp = &reply->msg->r.BindResponse;
+	/* Windows 2000 mmc doesn't like secblob == NULL and reports a decoding error */
+	resp->SASL.secblob = talloc_zero(reply, DATA_BLOB);
+	if (resp->SASL.secblob == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	conn = call->conn;
+
+	/* 
+	 * TODO: a SASL bind with a different mechanism
+	 *       should cancel an inprogress SASL bind.
+	 *       (see RFC 4513)
+	 */
+
+	if (!conn->gensec) {
+		status = ldapsrv_setup_gensec(conn, req->creds.SASL.mechanism,
+					      &conn->gensec);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(1, ("Failed to start GENSEC server for [%s] code: %s\n",
+				  ldb_binary_encode_string(call, req->creds.SASL.mechanism),
+				  nt_errstr(status)));
+			result = LDAP_OPERATIONS_ERROR;
+			errstr = talloc_asprintf(reply, "SASL: Failed to start authentication system: %s", 
+						 nt_errstr(status));
+			goto do_reply;
+		}
+	}
+
+	if (req->creds.SASL.secblob) {
+		input = *req->creds.SASL.secblob;
+	}
+
+	subreq = gensec_update_send(call, conn->connection->event.ctx,
+				    conn->gensec, input);
+	if (subreq == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	tevent_req_set_callback(subreq, ldapsrv_BindSASL_done, call);
+
+	status = ldapsrv_bind_wait_setup(call, reply);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(subreq);
+		return status;
+	}
+
+	/*
+	 * The rest will be async.
+	 */
+	return NT_STATUS_OK;
+
+do_reply:
+	if (result != LDAP_SASL_BIND_IN_PROGRESS) {
+		/*
+		 * We should destroy the gensec context
+		 * when we hit a fatal error.
+		 *
+		 * Note: conn->gensec is already cleared
+		 * for the LDAP_SUCCESS case.
+		 */
+		talloc_unlink(conn, conn->gensec);
+		conn->gensec = NULL;
+	}
+
+	resp->response.resultcode = result;
+	resp->response.dn = NULL;
+	resp->response.errormessage = errstr;
+	resp->response.referral = NULL;
+
+	ldapsrv_queue_reply(call, reply);
+	return NT_STATUS_OK;
+}
+
+static void ldapsrv_BindSASL_done(struct tevent_req *subreq)
+{
+	struct ldapsrv_call *call =
+		tevent_req_callback_data(subreq,
+		struct ldapsrv_call);
+	struct ldapsrv_bind_wait_context *bind_wait =
+		talloc_get_type_abort(call->wait_private,
+		struct ldapsrv_bind_wait_context);
+	struct ldap_BindRequest *req = &call->request->r.BindRequest;
+	struct ldapsrv_reply *reply = bind_wait->reply;
+	struct ldap_BindResponse *resp = &reply->msg->r.BindResponse;
+	struct ldapsrv_connection *conn = call->conn;
+	struct auth_session_info *session_info = NULL;
+	struct ldapsrv_sasl_postprocess_context *context = NULL;
+	NTSTATUS status;
+	int result;
+	const char *errstr = NULL;
+	char *ldb_errstring = NULL;
+	DATA_BLOB output = data_blob_null;
+	NTTIME expire_time_nt;
+
+	status = gensec_update_recv(subreq, call, &output);
+	TALLOC_FREE(subreq);
+
+	if (NT_STATUS_EQUAL(NT_STATUS_MORE_PROCESSING_REQUIRED, status)) {
+		*resp->SASL.secblob = output;
+		result = LDAP_SASL_BIND_IN_PROGRESS;
+		errstr = NULL;
+		goto do_reply;
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		status = nt_status_squash(status);
+		result = LDAP_INVALID_CREDENTIALS;
+		errstr = ldapsrv_bind_error_msg(reply, HRES_SEC_E_LOGON_DENIED,
+						0x0C0904DC, status);
+		goto do_reply;
+	}
+
+	if (gensec_have_feature(conn->gensec, GENSEC_FEATURE_SIGN) ||
+	    gensec_have_feature(conn->gensec, GENSEC_FEATURE_SEAL)) {
+
+		context = talloc_zero(call, struct ldapsrv_sasl_postprocess_context);
+		if (context == NULL) {
+			ldapsrv_bind_wait_finished(call, NT_STATUS_NO_MEMORY);
+			return;
+		}
+	}
+
+	if (context && conn->sockets.tls) {
+		TALLOC_FREE(context);
+		status = NT_STATUS_NOT_SUPPORTED;
+		result = LDAP_UNWILLING_TO_PERFORM;
+		errstr = talloc_asprintf(reply,
+					 "SASL:[%s]: Sign or Seal are not allowed if TLS is used",
+					 req->creds.SASL.mechanism);
+		goto do_reply;
+	}
+
+	if (context && conn->sockets.sasl) {
+		TALLOC_FREE(context);
+		status = NT_STATUS_NOT_SUPPORTED;
+		result = LDAP_UNWILLING_TO_PERFORM;
+		errstr = talloc_asprintf(reply,
+					 "SASL:[%s]: Sign or Seal are not allowed if SASL encryption has already been set up",
+					 req->creds.SASL.mechanism);
+		goto do_reply;
+	}
+
+	if (context == NULL) {
+		switch (call->conn->require_strong_auth) {
+		case LDAP_SERVER_REQUIRE_STRONG_AUTH_NO:
+			break;
+		case LDAP_SERVER_REQUIRE_STRONG_AUTH_ALLOW_SASL_OVER_TLS:
+			if (call->conn->sockets.active == call->conn->sockets.tls) {
+				break;
+			}
+			status = NT_STATUS_NETWORK_ACCESS_DENIED;
+			result = LDAP_STRONG_AUTH_REQUIRED;
+			errstr = talloc_asprintf(reply,
+					"SASL:[%s]: not allowed if TLS is used.",
+					 req->creds.SASL.mechanism);
+			goto do_reply;
+
+		case LDAP_SERVER_REQUIRE_STRONG_AUTH_YES:
+			status = NT_STATUS_NETWORK_ACCESS_DENIED;
+			result = LDAP_STRONG_AUTH_REQUIRED;
+			errstr = talloc_asprintf(reply,
+					 "SASL:[%s]: Sign or Seal are required.",
+					 req->creds.SASL.mechanism);
+			goto do_reply;
+		}
+	}
+
+	if (context != NULL) {
+		context->conn = conn;
+		status = gensec_create_tstream(context,
+					       context->conn->gensec,
+					       context->conn->sockets.raw,
+					       &context->sasl);
+		if (!NT_STATUS_IS_OK(status)) {
+			result = LDAP_OPERATIONS_ERROR;
+			errstr = talloc_asprintf(reply,
+					 "SASL:[%s]: Failed to setup SASL socket: %s",
+					 req->creds.SASL.mechanism, nt_errstr(status));
+			goto do_reply;
+		}
+	}
+
+	status = gensec_session_info(conn->gensec, call, &session_info);
+	if (!NT_STATUS_IS_OK(status)) {
+		result = LDAP_OPERATIONS_ERROR;
+		errstr = talloc_asprintf(reply,
+					 "SASL:[%s]: Failed to get session info: %s",
+					 req->creds.SASL.mechanism, nt_errstr(status));
+		goto do_reply;
+	}
+
+	talloc_unlink(conn, conn->session_info);
+	conn->session_info = talloc_steal(conn, session_info);
+
+	/* don't leak the old LDB */
+	talloc_unlink(conn, conn->ldb);
+
+	call->conn->authz_logged = true;
+
+	result = ldapsrv_backend_Init(call->conn, &ldb_errstring);
+
+	if (result != LDB_SUCCESS) {
+		/* Only put the detailed error in DEBUG() */
+		DBG_ERR("ldapsrv_backend_Init failed: %s: %s\n",
+			ldb_errstring, ldb_strerror(result));
+		errstr = talloc_strdup(reply,
+				       "SASL Bind: Failed to advise "
+				       "ldb new credentials");
+		result = LDB_ERR_OPERATIONS_ERROR;
+		goto do_reply;
+	}
+
+	expire_time_nt = gensec_expire_time(conn->gensec);
+	if (expire_time_nt != GENSEC_EXPIRE_TIME_INFINITY) {
+		struct timeval_buf buf;
+
+		nttime_to_timeval(&conn->limits.expire_time, expire_time_nt);
+
+		DBG_DEBUG("Setting connection expire_time to %s\n",
+			  timeval_str_buf(&conn->limits.expire_time,
+					  false,
+					  true,
+					  &buf));
+	}
+
+	if (context != NULL) {
+		const void *ptr = NULL;
+
+		ptr = talloc_reparent(conn, context->sasl, conn->gensec);
+		if (ptr == NULL) {
+			ldapsrv_bind_wait_finished(call, NT_STATUS_NO_MEMORY);
+			return;
+		}
+
+		call->postprocess_send = ldapsrv_sasl_postprocess_send;
+		call->postprocess_recv = ldapsrv_sasl_postprocess_recv;
+		call->postprocess_private = context;
+	} else {
+		talloc_unlink(conn, conn->gensec);
+	}
+	conn->gensec = NULL;
+
+	*resp->SASL.secblob = output;
+	result = LDAP_SUCCESS;
+	errstr = NULL;
+
+do_reply:
+	if (result != LDAP_SASL_BIND_IN_PROGRESS) {
+		/*
+		 * We should destroy the gensec context
+		 * when we hit a fatal error.
+		 *
+		 * Note: conn->gensec is already cleared
+		 * for the LDAP_SUCCESS case.
+		 */
+		talloc_unlink(conn, conn->gensec);
+		conn->gensec = NULL;
+	}
+
+	resp->response.resultcode = result;
+	resp->response.dn = NULL;
+	resp->response.errormessage = errstr;
+	resp->response.referral = NULL;
+
+	ldapsrv_queue_reply(call, reply);
+	ldapsrv_bind_wait_finished(call, NT_STATUS_OK);
+}
+
+NTSTATUS ldapsrv_BindRequest(struct ldapsrv_call *call)
+{
+	struct ldap_BindRequest *req = &call->request->r.BindRequest;
+	struct ldapsrv_reply *reply;
+	struct ldap_BindResponse *resp;
+
+	if (call->conn->pending_calls != NULL) {
+		reply = ldapsrv_init_reply(call, LDAP_TAG_BindResponse);
+		if (!reply) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		resp = &reply->msg->r.BindResponse;
+		resp->response.resultcode = LDAP_BUSY;
+		resp->response.dn = NULL;
+		resp->response.errormessage = talloc_asprintf(reply, "Pending requests on this LDAP session");
+		resp->response.referral = NULL;
+		resp->SASL.secblob = NULL;
+
+		ldapsrv_queue_reply(call, reply);
+		return NT_STATUS_OK;
+	}
+
+	/* 
+	 * TODO: a simple bind should cancel an
+	 *       inprogress SASL bind.
+	 *       (see RFC 4513)
+	 */
+	switch (req->mechanism) {
+		case LDAP_AUTH_MECH_SIMPLE:
+			return ldapsrv_BindSimple(call);
+		case LDAP_AUTH_MECH_SASL:
+			return ldapsrv_BindSASL(call);
+	}
+
+	reply = ldapsrv_init_reply(call, LDAP_TAG_BindResponse);
+	if (!reply) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	resp = &reply->msg->r.BindResponse;
+	resp->response.resultcode = LDAP_AUTH_METHOD_NOT_SUPPORTED;
+	resp->response.dn = NULL;
+	resp->response.errormessage = talloc_asprintf(reply, "Bad AuthenticationChoice [%d]", req->mechanism);
+	resp->response.referral = NULL;
+	resp->SASL.secblob = NULL;
+
+	ldapsrv_queue_reply(call, reply);
+	return NT_STATUS_OK;
+}
+
+struct ldapsrv_unbind_wait_context {
+	uint8_t dummy;
+};
+
+struct ldapsrv_unbind_wait_state {
+	uint8_t dummy;
+};
+
+static struct tevent_req *ldapsrv_unbind_wait_send(TALLOC_CTX *mem_ctx,
+						 struct tevent_context *ev,
+						 void *private_data)
+{
+	struct ldapsrv_unbind_wait_context *unbind_wait =
+		talloc_get_type_abort(private_data,
+		struct ldapsrv_unbind_wait_context);
+	struct tevent_req *req;
+	struct ldapsrv_unbind_wait_state *state;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct ldapsrv_unbind_wait_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	(void)unbind_wait;
+
+	tevent_req_nterror(req, NT_STATUS_LOCAL_DISCONNECT);
+	return tevent_req_post(req, ev);
+}
+
+static NTSTATUS ldapsrv_unbind_wait_recv(struct tevent_req *req)
+{
+	return tevent_req_simple_recv_ntstatus(req);
+}
+
+static NTSTATUS ldapsrv_unbind_wait_setup(struct ldapsrv_call *call)
+{
+	struct ldapsrv_unbind_wait_context *unbind_wait = NULL;
+
+	if (call->wait_private != NULL) {
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	unbind_wait = talloc_zero(call, struct ldapsrv_unbind_wait_context);
+	if (unbind_wait == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	call->wait_private = unbind_wait;
+	call->wait_send = ldapsrv_unbind_wait_send;
+	call->wait_recv = ldapsrv_unbind_wait_recv;
+	return NT_STATUS_OK;
+}
+
+NTSTATUS ldapsrv_UnbindRequest(struct ldapsrv_call *call)
+{
+	struct ldapsrv_call *c = NULL;
+	struct ldapsrv_call *n = NULL;
+
+	DEBUG(10, ("UnbindRequest\n"));
+
+	for (c = call->conn->pending_calls; c != NULL; c = n) {
+		n = c->next;
+
+		DLIST_REMOVE(call->conn->pending_calls, c);
+		TALLOC_FREE(c);
+	}
+
+	return ldapsrv_unbind_wait_setup(call);
+}
diff --git a/source4/ldap_server/ldap_extended.c b/source4/ldap_server/ldap_extended.c
new file mode 100644
index 0000000..a451050
--- /dev/null
+++ b/source4/ldap_server/ldap_extended.c
@@ -0,0 +1,263 @@
+/* 
+   Unix SMB/CIFS implementation.
+   LDAP server
+   Copyright (C) Stefan Metzmacher 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "ldap_server/ldap_server.h"
+#include "../lib/util/dlinklist.h"
+#include "lib/tls/tls.h"
+#include "samba/service_stream.h"
+#include "../lib/util/tevent_ntstatus.h"
+#include "librpc/gen_ndr/auth.h"
+#include "libcli/security/security_token.h"
+
+struct ldapsrv_starttls_postprocess_context {
+	struct ldapsrv_connection *conn;
+};
+
+struct ldapsrv_starttls_postprocess_state {
+	struct ldapsrv_connection *conn;
+};
+
+static void ldapsrv_starttls_postprocess_done(struct tevent_req *subreq);
+
+static struct tevent_req *ldapsrv_starttls_postprocess_send(TALLOC_CTX *mem_ctx,
+						struct tevent_context *ev,
+						void *private_data)
+{
+	struct ldapsrv_starttls_postprocess_context *context =
+		talloc_get_type_abort(private_data,
+		struct ldapsrv_starttls_postprocess_context);
+	struct ldapsrv_connection *conn = context->conn;
+	struct tevent_req *req;
+	struct ldapsrv_starttls_postprocess_state *state;
+	struct tevent_req *subreq;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct ldapsrv_starttls_postprocess_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	state->conn = conn;
+
+	subreq = tstream_tls_accept_send(conn,
+					 conn->connection->event.ctx,
+					 conn->sockets.raw,
+					 conn->service->tls_params);
+	if (tevent_req_nomem(subreq, req)) {
+		return tevent_req_post(req, ev);
+	}
+	tevent_req_set_callback(subreq, ldapsrv_starttls_postprocess_done, req);
+
+	return req;
+}
+
+static void ldapsrv_starttls_postprocess_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req =
+		tevent_req_callback_data(subreq,
+		struct tevent_req);
+	struct ldapsrv_starttls_postprocess_state *state =
+		tevent_req_data(req,
+		struct ldapsrv_starttls_postprocess_state);
+	struct ldapsrv_connection *conn = state->conn;
+	int ret;
+	int sys_errno;
+
+	ret = tstream_tls_accept_recv(subreq, &sys_errno,
+				      conn, &conn->sockets.tls);
+	TALLOC_FREE(subreq);
+	if (ret == -1) {
+		NTSTATUS status = map_nt_error_from_unix_common(sys_errno);
+
+		DEBUG(1,("ldapsrv_starttls_postprocess_done: accept_tls_loop: "
+			 "tstream_tls_accept_recv() - %d:%s => %s\n",
+			 sys_errno, strerror(sys_errno), nt_errstr(status)));
+
+		tevent_req_nterror(req, status);
+		return;
+	}
+
+	conn->sockets.active = conn->sockets.tls;
+
+	tevent_req_done(req);
+}
+
+static NTSTATUS ldapsrv_starttls_postprocess_recv(struct tevent_req *req)
+{
+	return tevent_req_simple_recv_ntstatus(req);
+}
+
+static NTSTATUS ldapsrv_StartTLS(struct ldapsrv_call *call,
+				 struct ldapsrv_reply *reply,
+				 const char **errstr)
+{
+	struct ldapsrv_starttls_postprocess_context *context;
+
+	(*errstr) = NULL;
+
+	/*
+	 * TODO: give LDAP_OPERATIONS_ERROR also when
+	 *       there's a SASL bind in progress
+	 *       (see rfc4513 section 3.1.1)
+	 */
+	if (call->conn->sockets.tls) {
+		(*errstr) = talloc_asprintf(reply, "START-TLS: TLS is already enabled on this LDAP session");
+		return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
+	}
+
+	if (call->conn->sockets.sasl) {
+		(*errstr) = talloc_asprintf(reply, "START-TLS: SASL is already enabled on this LDAP session");
+		return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
+	}
+
+	if (call->conn->pending_calls != NULL) {
+		(*errstr) = talloc_asprintf(reply, "START-TLS: pending requests on this LDAP session");
+		return NT_STATUS_LDAP(LDAP_BUSY);
+	}
+
+	context = talloc(call, struct ldapsrv_starttls_postprocess_context);
+	NT_STATUS_HAVE_NO_MEMORY(context);
+
+	context->conn = call->conn;
+
+	call->postprocess_send = ldapsrv_starttls_postprocess_send;
+	call->postprocess_recv = ldapsrv_starttls_postprocess_recv;
+	call->postprocess_private = context;
+
+	reply->msg->r.ExtendedResponse.response.resultcode = LDAP_SUCCESS;
+	reply->msg->r.ExtendedResponse.response.errormessage = NULL;
+
+	ldapsrv_queue_reply(call, reply);
+	return NT_STATUS_OK;
+}
+
+struct ldapsrv_extended_operation {
+	const char *oid;
+	NTSTATUS (*fn)(struct ldapsrv_call *call, struct ldapsrv_reply *reply, const char **errorstr);
+};
+
+static NTSTATUS ldapsrv_whoami(struct ldapsrv_call *call,
+			       struct ldapsrv_reply *reply,
+			       const char **errstr)
+{
+	struct ldapsrv_connection *conn = call->conn;
+	struct auth_session_info *session_info = conn->session_info;
+	struct ldap_ExtendedResponse *ext_resp =
+		&reply->msg->r.ExtendedResponse;
+
+	*errstr = NULL;
+
+	if (!security_token_is_anonymous(session_info->security_token)) {
+		struct auth_user_info *uinfo = session_info->info;
+		DATA_BLOB *value = talloc_zero(call, DATA_BLOB);
+
+		if (value == NULL) {
+			goto nomem;
+		}
+
+		value->data = (uint8_t *)talloc_asprintf(value,
+							 "u:%s\\%s",
+							 uinfo->domain_name,
+							 uinfo->account_name);
+		if (value->data == NULL) {
+			goto nomem;
+		}
+		value->length = talloc_get_size(value->data) - 1;
+
+		ext_resp->value = value;
+	}
+
+	ext_resp->response.resultcode = LDAP_SUCCESS;
+	ext_resp->response.errormessage = NULL;
+
+	ldapsrv_queue_reply(call, reply);
+
+	return NT_STATUS_OK;
+nomem:
+	return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
+}
+
+
+static struct ldapsrv_extended_operation extended_ops[] = {
+	{
+		.oid	= LDB_EXTENDED_START_TLS_OID,
+		.fn	= ldapsrv_StartTLS,
+	},{
+		.oid = LDB_EXTENDED_WHOAMI_OID,
+		.fn = ldapsrv_whoami,
+	},
+	{
+		.oid	= NULL,
+		.fn	= NULL,
+	}
+};
+
+NTSTATUS ldapsrv_ExtendedRequest(struct ldapsrv_call *call)
+{
+	struct ldap_ExtendedRequest *req = &call->request->r.ExtendedRequest;
+	struct ldapsrv_reply *reply;
+	int result = LDAP_PROTOCOL_ERROR;
+	const char *error_str = NULL;
+	NTSTATUS status = NT_STATUS_OK;
+	unsigned int i;
+
+	DEBUG(10, ("Extended\n"));
+
+	reply = ldapsrv_init_reply(call, LDAP_TAG_ExtendedResponse);
+	NT_STATUS_HAVE_NO_MEMORY(reply);
+ 
+ 	ZERO_STRUCT(reply->msg->r);
+	reply->msg->r.ExtendedResponse.oid = talloc_steal(reply, req->oid);
+	reply->msg->r.ExtendedResponse.response.resultcode = LDAP_PROTOCOL_ERROR;
+	reply->msg->r.ExtendedResponse.response.errormessage = NULL;
+ 
+	for (i=0; extended_ops[i].oid; i++) {
+		if (strcmp(extended_ops[i].oid,req->oid) != 0) continue;
+ 
+		/* 
+		 * if the backend function returns an error we
+		 * need to send the reply otherwise the reply is already
+		 * sent and we need to return directly
+		 */
+		status = extended_ops[i].fn(call, reply, &error_str);
+		if (NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+ 
+		if (NT_STATUS_IS_LDAP(status)) {
+			result = NT_STATUS_LDAP_CODE(status);
+		} else {
+ 			result = LDAP_OPERATIONS_ERROR;
+			error_str = talloc_asprintf(reply, "Extended Operation(%s) failed: %s",
+						    req->oid, nt_errstr(status));
+ 		}
+ 	}
+	/* if we haven't found the oid, then status is still NT_STATUS_OK */
+	if (NT_STATUS_IS_OK(status)) {
+		error_str = talloc_asprintf(reply, "Extended Operation(%s) not supported",
+					    req->oid);
+	}
+ 
+	reply->msg->r.ExtendedResponse.response.resultcode = result;
+	reply->msg->r.ExtendedResponse.response.errormessage = error_str;
+ 
+ 	ldapsrv_queue_reply(call, reply);
+ 	return NT_STATUS_OK;
+}
diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c
new file mode 100644
index 0000000..9c34c3e
--- /dev/null
+++ b/source4/ldap_server/ldap_server.c
@@ -0,0 +1,1694 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   LDAP server
+
+   Copyright (C) Andrew Tridgell 2005
+   Copyright (C) Volker Lendecke 2004
+   Copyright (C) Stefan Metzmacher 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/network.h"
+#include "lib/events/events.h"
+#include "auth/auth.h"
+#include "auth/credentials/credentials.h"
+#include "librpc/gen_ndr/ndr_samr.h"
+#include "../lib/util/dlinklist.h"
+#include "../lib/util/asn1.h"
+#include "ldap_server/ldap_server.h"
+#include "samba/service_task.h"
+#include "samba/service_stream.h"
+#include "samba/service.h"
+#include "samba/process_model.h"
+#include "lib/tls/tls.h"
+#include "lib/messaging/irpc.h"
+#include <ldb.h>
+#include <ldb_errors.h>
+#include "libcli/ldap/ldap_proto.h"
+#include "system/network.h"
+#include "lib/socket/netif.h"
+#include "dsdb/samdb/samdb.h"
+#include "param/param.h"
+#include "../lib/tsocket/tsocket.h"
+#include "../lib/util/tevent_ntstatus.h"
+#include "../libcli/util/tstream.h"
+#include "libds/common/roles.h"
+#include "lib/util/time.h"
+#include "lib/util/server_id.h"
+#include "lib/util/server_id_db.h"
+#include "lib/messaging/messaging_internal.h"
+
+#undef strcasecmp
+
+static void ldapsrv_terminate_connection_done(struct tevent_req *subreq);
+
+/*
+  close the socket and shutdown a server_context
+*/
+static void ldapsrv_terminate_connection(struct ldapsrv_connection *conn,
+					 const char *reason)
+{
+	struct tevent_req *subreq;
+
+	if (conn->limits.reason) {
+		return;
+	}
+
+	DLIST_REMOVE(conn->service->connections, conn);
+
+	conn->limits.endtime = timeval_current_ofs(0, 500);
+
+	tevent_queue_stop(conn->sockets.send_queue);
+	TALLOC_FREE(conn->sockets.read_req);
+	TALLOC_FREE(conn->deferred_expire_disconnect);
+	if (conn->active_call) {
+		tevent_req_cancel(conn->active_call);
+		conn->active_call = NULL;
+	}
+
+	conn->limits.reason = talloc_strdup(conn, reason);
+	if (conn->limits.reason == NULL) {
+		TALLOC_FREE(conn->sockets.tls);
+		TALLOC_FREE(conn->sockets.sasl);
+		TALLOC_FREE(conn->sockets.raw);
+		stream_terminate_connection(conn->connection, reason);
+		return;
+	}
+
+	subreq = tstream_disconnect_send(conn,
+					 conn->connection->event.ctx,
+					 conn->sockets.active);
+	if (subreq == NULL) {
+		TALLOC_FREE(conn->sockets.tls);
+		TALLOC_FREE(conn->sockets.sasl);
+		TALLOC_FREE(conn->sockets.raw);
+		stream_terminate_connection(conn->connection, reason);
+		return;
+	}
+	tevent_req_set_endtime(subreq,
+			       conn->connection->event.ctx,
+			       conn->limits.endtime);
+	tevent_req_set_callback(subreq, ldapsrv_terminate_connection_done, conn);
+}
+
+static void ldapsrv_terminate_connection_done(struct tevent_req *subreq)
+{
+	struct ldapsrv_connection *conn =
+		tevent_req_callback_data(subreq,
+		struct ldapsrv_connection);
+	int sys_errno;
+	bool ok;
+
+	tstream_disconnect_recv(subreq, &sys_errno);
+	TALLOC_FREE(subreq);
+
+	if (conn->sockets.active == conn->sockets.raw) {
+		TALLOC_FREE(conn->sockets.tls);
+		TALLOC_FREE(conn->sockets.sasl);
+		TALLOC_FREE(conn->sockets.raw);
+		stream_terminate_connection(conn->connection,
+					    conn->limits.reason);
+		return;
+	}
+
+	TALLOC_FREE(conn->sockets.tls);
+	TALLOC_FREE(conn->sockets.sasl);
+	conn->sockets.active = conn->sockets.raw;
+
+	subreq = tstream_disconnect_send(conn,
+					 conn->connection->event.ctx,
+					 conn->sockets.active);
+	if (subreq == NULL) {
+		TALLOC_FREE(conn->sockets.raw);
+		stream_terminate_connection(conn->connection,
+					    conn->limits.reason);
+		return;
+	}
+	ok = tevent_req_set_endtime(subreq,
+				    conn->connection->event.ctx,
+				    conn->limits.endtime);
+	if (!ok) {
+		TALLOC_FREE(conn->sockets.raw);
+		stream_terminate_connection(conn->connection,
+					    conn->limits.reason);
+		return;
+	}
+	tevent_req_set_callback(subreq, ldapsrv_terminate_connection_done, conn);
+}
+
+/*
+  called when a LDAP socket becomes readable
+*/
+void ldapsrv_recv(struct stream_connection *c, uint16_t flags)
+{
+	smb_panic(__location__);
+}
+
+/*
+  called when a LDAP socket becomes writable
+*/
+static void ldapsrv_send(struct stream_connection *c, uint16_t flags)
+{
+	smb_panic(__location__);
+}
+
+static int ldapsrv_load_limits(struct ldapsrv_connection *conn)
+{
+	TALLOC_CTX *tmp_ctx;
+	const char *attrs[] = { "configurationNamingContext", NULL };
+	const char *attrs2[] = { "lDAPAdminLimits", NULL };
+	struct ldb_message_element *el;
+	struct ldb_result *res = NULL;
+	struct ldb_dn *basedn;
+	struct ldb_dn *conf_dn;
+	struct ldb_dn *policy_dn;
+	unsigned int i;
+	int ret;
+
+	/* set defaults limits in case of failure */
+	conn->limits.initial_timeout = 120;
+	conn->limits.conn_idle_time = 900;
+	conn->limits.max_page_size = 1000;
+	conn->limits.max_notifications = 5;
+	conn->limits.search_timeout = 120;
+	conn->limits.expire_time = (struct timeval) {
+		.tv_sec = get_time_t_max(),
+	};
+
+
+	tmp_ctx = talloc_new(conn);
+	if (tmp_ctx == NULL) {
+		return -1;
+	}
+
+	basedn = ldb_dn_new(tmp_ctx, conn->ldb, NULL);
+	if (basedn == NULL) {
+		goto failed;
+	}
+
+	ret = ldb_search(conn->ldb, tmp_ctx, &res, basedn, LDB_SCOPE_BASE, attrs, NULL);
+	if (ret != LDB_SUCCESS) {
+		goto failed;
+	}
+
+	if (res->count != 1) {
+		goto failed;
+	}
+
+	conf_dn = ldb_msg_find_attr_as_dn(conn->ldb, tmp_ctx, res->msgs[0], "configurationNamingContext");
+	if (conf_dn == NULL) {
+		goto failed;
+	}
+
+	policy_dn = ldb_dn_copy(tmp_ctx, conf_dn);
+	ldb_dn_add_child_fmt(policy_dn, "CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services");
+	if (policy_dn == NULL) {
+		goto failed;
+	}
+
+	ret = ldb_search(conn->ldb, tmp_ctx, &res, policy_dn, LDB_SCOPE_BASE, attrs2, NULL);
+	if (ret != LDB_SUCCESS) {
+		goto failed;
+	}
+
+	if (res->count != 1) {
+		goto failed;
+	}
+
+	el = ldb_msg_find_element(res->msgs[0], "lDAPAdminLimits");
+	if (el == NULL) {
+		goto failed;
+	}
+
+	for (i = 0; i < el->num_values; i++) {
+		char policy_name[256];
+		int policy_value, s;
+
+		s = sscanf((const char *)el->values[i].data, "%255[^=]=%d", policy_name, &policy_value);
+		if (s != 2 || policy_value == 0)
+			continue;
+		if (strcasecmp("InitRecvTimeout", policy_name) == 0) {
+			conn->limits.initial_timeout = policy_value;
+			continue;
+		}
+		if (strcasecmp("MaxConnIdleTime", policy_name) == 0) {
+			conn->limits.conn_idle_time = policy_value;
+			continue;
+		}
+		if (strcasecmp("MaxPageSize", policy_name) == 0) {
+			conn->limits.max_page_size = policy_value;
+			continue;
+		}
+		if (strcasecmp("MaxNotificationPerConn", policy_name) == 0) {
+			conn->limits.max_notifications = policy_value;
+			continue;
+		}
+		if (strcasecmp("MaxQueryDuration", policy_name) == 0) {
+			if (policy_value > 0) {
+				conn->limits.search_timeout = policy_value;
+			}
+			continue;
+		}
+	}
+
+	return 0;
+
+failed:
+	DBG_ERR("Failed to load ldap server query policies\n");
+	talloc_free(tmp_ctx);
+	return -1;
+}
+
+static int ldapsrv_call_destructor(struct ldapsrv_call *call)
+{
+	if (call->conn == NULL) {
+		return 0;
+	}
+
+	DLIST_REMOVE(call->conn->pending_calls, call);
+
+	call->conn = NULL;
+	return 0;
+}
+
+static struct tevent_req *ldapsrv_process_call_send(TALLOC_CTX *mem_ctx,
+						    struct tevent_context *ev,
+						    struct tevent_queue *call_queue,
+						    struct ldapsrv_call *call);
+static NTSTATUS ldapsrv_process_call_recv(struct tevent_req *req);
+
+static bool ldapsrv_call_read_next(struct ldapsrv_connection *conn);
+static void ldapsrv_accept_tls_done(struct tevent_req *subreq);
+
+/*
+  initialise a server_context from a open socket and register a event handler
+  for reading from that socket
+*/
+static void ldapsrv_accept(struct stream_connection *c,
+			   struct auth_session_info *session_info,
+			   bool is_privileged)
+{
+	struct ldapsrv_service *ldapsrv_service = 
+		talloc_get_type(c->private_data, struct ldapsrv_service);
+	struct ldapsrv_connection *conn;
+	struct cli_credentials *server_credentials;
+	struct socket_address *socket_address;
+	int port;
+	int ret;
+	struct tevent_req *subreq;
+	struct timeval endtime;
+	char *errstring = NULL;
+
+	conn = talloc_zero(c, struct ldapsrv_connection);
+	if (!conn) {
+		stream_terminate_connection(c, "ldapsrv_accept: out of memory");
+		return;
+	}
+	conn->is_privileged = is_privileged;
+
+	conn->sockets.send_queue = tevent_queue_create(conn, "ldapsev send queue");
+	if (conn->sockets.send_queue == NULL) {
+		stream_terminate_connection(c,
+					    "ldapsrv_accept: tevent_queue_create failed");
+		return;
+	}
+
+	TALLOC_FREE(c->event.fde);
+
+	ret = tstream_bsd_existing_socket(conn,
+					  socket_get_fd(c->socket),
+					  &conn->sockets.raw);
+	if (ret == -1) {
+		stream_terminate_connection(c,
+					    "ldapsrv_accept: out of memory");
+		return;
+	}
+	socket_set_flags(c->socket, SOCKET_FLAG_NOCLOSE);
+	/* as server we want to fail early */
+	tstream_bsd_fail_readv_first_error(conn->sockets.raw, true);
+
+	conn->connection  = c;
+	conn->service     = ldapsrv_service;
+	conn->lp_ctx      = ldapsrv_service->lp_ctx;
+
+	c->private_data   = conn;
+
+	socket_address = socket_get_my_addr(c->socket, conn);
+	if (!socket_address) {
+		ldapsrv_terminate_connection(conn, "ldapsrv_accept: failed to obtain local socket address!");
+		return;
+	}
+	port = socket_address->port;
+	talloc_free(socket_address);
+	if (port == 3268 || port == 3269) /* Global catalog */ {
+		conn->global_catalog = true;
+	}
+
+	server_credentials = cli_credentials_init_server(conn, conn->lp_ctx);
+	if (!server_credentials) {
+		stream_terminate_connection(c, "Failed to init server credentials\n");
+		return;
+	}
+
+	conn->server_credentials = server_credentials;
+
+	conn->session_info = session_info;
+
+	conn->sockets.active = conn->sockets.raw;
+
+	if (conn->is_privileged) {
+		conn->require_strong_auth = LDAP_SERVER_REQUIRE_STRONG_AUTH_NO;
+	} else {
+		conn->require_strong_auth = lpcfg_ldap_server_require_strong_auth(conn->lp_ctx);
+	}
+
+	ret = ldapsrv_backend_Init(conn, &errstring);
+	if (ret != LDB_SUCCESS) {
+		char *reason = talloc_asprintf(conn,
+					       "LDB backend for LDAP Init "
+					       "failed: %s: %s",
+					       errstring, ldb_strerror(ret));
+		ldapsrv_terminate_connection(conn, reason);
+		return;
+	}
+
+	/* load limits from the conf partition */
+	ldapsrv_load_limits(conn); /* should we fail on error ? */
+
+	/* register the server */	
+	irpc_add_name(c->msg_ctx, "ldap_server");
+
+	DLIST_ADD_END(ldapsrv_service->connections, conn);
+
+	if (port != 636 && port != 3269) {
+		ldapsrv_call_read_next(conn);
+		return;
+	}
+
+	endtime = timeval_current_ofs(conn->limits.conn_idle_time, 0);
+
+	subreq = tstream_tls_accept_send(conn,
+					 conn->connection->event.ctx,
+					 conn->sockets.raw,
+					 conn->service->tls_params);
+	if (subreq == NULL) {
+		ldapsrv_terminate_connection(conn, "ldapsrv_accept: "
+				"no memory for tstream_tls_accept_send");
+		return;
+	}
+	tevent_req_set_endtime(subreq,
+			       conn->connection->event.ctx,
+			       endtime);
+	tevent_req_set_callback(subreq, ldapsrv_accept_tls_done, conn);
+}
+
+static void ldapsrv_accept_tls_done(struct tevent_req *subreq)
+{
+	struct ldapsrv_connection *conn =
+		tevent_req_callback_data(subreq,
+		struct ldapsrv_connection);
+	int ret;
+	int sys_errno;
+
+	ret = tstream_tls_accept_recv(subreq, &sys_errno,
+				      conn, &conn->sockets.tls);
+	TALLOC_FREE(subreq);
+	if (ret == -1) {
+		const char *reason;
+
+		reason = talloc_asprintf(conn, "ldapsrv_accept_tls_loop: "
+					 "tstream_tls_accept_recv() - %d:%s",
+					 sys_errno, strerror(sys_errno));
+		if (!reason) {
+			reason = "ldapsrv_accept_tls_loop: "
+				 "tstream_tls_accept_recv() - failed";
+		}
+
+		ldapsrv_terminate_connection(conn, reason);
+		return;
+	}
+
+	conn->sockets.active = conn->sockets.tls;
+	conn->referral_scheme = LDAP_REFERRAL_SCHEME_LDAPS;
+	ldapsrv_call_read_next(conn);
+}
+
+static void ldapsrv_call_read_done(struct tevent_req *subreq);
+static NTSTATUS ldapsrv_packet_check(
+	struct tstream_context *stream,
+	void *private_data,
+	DATA_BLOB blob,
+	size_t *packet_size);
+
+static bool ldapsrv_call_read_next(struct ldapsrv_connection *conn)
+{
+	struct tevent_req *subreq;
+
+	if (conn->pending_calls != NULL) {
+		conn->limits.endtime = timeval_zero();
+
+		ldapsrv_notification_retry_setup(conn->service, false);
+	} else if (timeval_is_zero(&conn->limits.endtime)) {
+		conn->limits.endtime =
+			timeval_current_ofs(conn->limits.initial_timeout, 0);
+	} else {
+		conn->limits.endtime =
+			timeval_current_ofs(conn->limits.conn_idle_time, 0);
+	}
+
+	if (conn->sockets.read_req != NULL) {
+		return true;
+	}
+
+	/*
+	 * The minimum size of a LDAP pdu is 7 bytes
+	 *
+	 * dumpasn1 -hh ldap-unbind-min.dat
+	 *
+	 *     <30 05 02 01 09 42 00>
+	 *    0    5: SEQUENCE {
+	 *     <02 01 09>
+	 *    2    1:   INTEGER 9
+	 *     <42 00>
+	 *    5    0:   [APPLICATION 2]
+	 *          :     Error: Object has zero length.
+	 *          :   }
+	 *
+	 * dumpasn1 -hh ldap-unbind-windows.dat
+	 *
+	 *     <30 84 00 00 00 05 02 01 09 42 00>
+	 *    0    5: SEQUENCE {
+	 *     <02 01 09>
+	 *    6    1:   INTEGER 9
+	 *     <42 00>
+	 *    9    0:   [APPLICATION 2]
+	 *          :     Error: Object has zero length.
+	 *          :   }
+	 *
+	 * This means using an initial read size
+	 * of 7 is ok.
+	 */
+	subreq = tstream_read_pdu_blob_send(conn,
+					    conn->connection->event.ctx,
+					    conn->sockets.active,
+					    7, /* initial_read_size */
+					    ldapsrv_packet_check,
+					    conn);
+	if (subreq == NULL) {
+		ldapsrv_terminate_connection(conn, "ldapsrv_call_read_next: "
+				"no memory for tstream_read_pdu_blob_send");
+		return false;
+	}
+	if (!timeval_is_zero(&conn->limits.endtime)) {
+		bool ok;
+		ok = tevent_req_set_endtime(subreq,
+					    conn->connection->event.ctx,
+					    conn->limits.endtime);
+		if (!ok) {
+			ldapsrv_terminate_connection(
+				conn,
+				"ldapsrv_call_read_next: "
+				"no memory for tevent_req_set_endtime");
+			return false;
+		}
+	}
+	tevent_req_set_callback(subreq, ldapsrv_call_read_done, conn);
+	conn->sockets.read_req = subreq;
+	return true;
+}
+
+static void ldapsrv_call_process_done(struct tevent_req *subreq);
+static int ldapsrv_check_packet_size(
+	struct ldapsrv_connection *conn,
+	size_t size);
+
+static void ldapsrv_call_read_done(struct tevent_req *subreq)
+{
+	struct ldapsrv_connection *conn =
+		tevent_req_callback_data(subreq,
+		struct ldapsrv_connection);
+	NTSTATUS status;
+	struct ldapsrv_call *call;
+	struct asn1_data *asn1;
+	DATA_BLOB blob;
+	int ret = LDAP_SUCCESS;
+	struct ldap_request_limits limits = {0};
+
+	conn->sockets.read_req = NULL;
+
+	call = talloc_zero(conn, struct ldapsrv_call);
+	if (!call) {
+		ldapsrv_terminate_connection(conn, "no memory");
+		return;
+	}
+	talloc_set_destructor(call, ldapsrv_call_destructor);
+
+	call->conn = conn;
+
+	status = tstream_read_pdu_blob_recv(subreq,
+					    call,
+					    &blob);
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(status)) {
+		const char *reason;
+
+		reason = talloc_asprintf(call, "ldapsrv_call_loop: "
+					 "tstream_read_pdu_blob_recv() - %s",
+					 nt_errstr(status));
+		if (!reason) {
+			reason = nt_errstr(status);
+		}
+
+		ldapsrv_terminate_connection(conn, reason);
+		return;
+	}
+
+	ret = ldapsrv_check_packet_size(conn, blob.length);
+	if (ret != LDAP_SUCCESS) {
+		ldapsrv_terminate_connection(
+			conn,
+			"Request packet too large");
+		return;
+	}
+
+	asn1 = asn1_init(call, ASN1_MAX_TREE_DEPTH);
+	if (asn1 == NULL) {
+		ldapsrv_terminate_connection(conn, "no memory");
+		return;
+	}
+
+	call->request = talloc(call, struct ldap_message);
+	if (call->request == NULL) {
+		ldapsrv_terminate_connection(conn, "no memory");
+		return;
+	}
+
+	asn1_load_nocopy(asn1, blob.data, blob.length);
+
+	limits.max_search_size =
+		lpcfg_ldap_max_search_request_size(conn->lp_ctx);
+	status = ldap_decode(
+		asn1,
+		&limits,
+		samba_ldap_control_handlers(),
+		call->request);
+	if (!NT_STATUS_IS_OK(status)) {
+		ldapsrv_terminate_connection(conn, nt_errstr(status));
+		return;
+	}
+
+	data_blob_free(&blob);
+	TALLOC_FREE(asn1);
+
+
+	/* queue the call in the global queue */
+	subreq = ldapsrv_process_call_send(call,
+					   conn->connection->event.ctx,
+					   conn->service->call_queue,
+					   call);
+	if (subreq == NULL) {
+		ldapsrv_terminate_connection(conn, "ldapsrv_process_call_send failed");
+		return;
+	}
+	tevent_req_set_callback(subreq, ldapsrv_call_process_done, call);
+	conn->active_call = subreq;
+}
+
+static void ldapsrv_call_wait_done(struct tevent_req *subreq);
+static void ldapsrv_call_writev_start(struct ldapsrv_call *call);
+static void ldapsrv_call_writev_done(struct tevent_req *subreq);
+
+static void ldapsrv_call_process_done(struct tevent_req *subreq)
+{
+	struct ldapsrv_call *call =
+		tevent_req_callback_data(subreq,
+		struct ldapsrv_call);
+	struct ldapsrv_connection *conn = call->conn;
+	NTSTATUS status;
+
+	conn->active_call = NULL;
+
+	status = ldapsrv_process_call_recv(subreq);
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(status)) {
+		ldapsrv_terminate_connection(conn, nt_errstr(status));
+		return;
+	}
+
+	if (call->wait_send != NULL) {
+		subreq = call->wait_send(call,
+					 conn->connection->event.ctx,
+					 call->wait_private);
+		if (subreq == NULL) {
+			ldapsrv_terminate_connection(conn,
+					"ldapsrv_call_process_done: "
+					"call->wait_send - no memory");
+			return;
+		}
+		tevent_req_set_callback(subreq,
+					ldapsrv_call_wait_done,
+					call);
+		conn->active_call = subreq;
+		return;
+	}
+
+	ldapsrv_call_writev_start(call);
+}
+
+static void ldapsrv_call_wait_done(struct tevent_req *subreq)
+{
+	struct ldapsrv_call *call =
+		tevent_req_callback_data(subreq,
+		struct ldapsrv_call);
+	struct ldapsrv_connection *conn = call->conn;
+	NTSTATUS status;
+
+	conn->active_call = NULL;
+
+	status = call->wait_recv(subreq);
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(status)) {
+		const char *reason;
+
+		reason = talloc_asprintf(call, "ldapsrv_call_wait_done: "
+					 "call->wait_recv() - %s",
+					 nt_errstr(status));
+		if (reason == NULL) {
+			reason = nt_errstr(status);
+		}
+
+		ldapsrv_terminate_connection(conn, reason);
+		return;
+	}
+
+	ldapsrv_call_writev_start(call);
+}
+
+static void ldapsrv_call_writev_start(struct ldapsrv_call *call)
+{
+	struct ldapsrv_connection *conn = call->conn;
+	struct ldapsrv_reply *reply = NULL;
+	struct tevent_req *subreq = NULL;
+	struct timeval endtime;
+	size_t length = 0;
+	size_t i;
+
+	call->iov_count = 0;
+
+	/* build all the replies into an IOV (no copy) */
+	for (reply = call->replies;
+	     reply != NULL;
+	     reply = reply->next) {
+
+		/* Cap output at 25MB per writev() */
+		if (length > length + reply->blob.length
+		    || length + reply->blob.length > LDAP_SERVER_MAX_CHUNK_SIZE) {
+			break;
+		}
+
+		/*
+		 * Overflow is harmless here, just used below to
+		 * decide if to read or write, but checked above anyway
+		 */
+		length += reply->blob.length;
+
+		/*
+		 * At worst an overflow would mean we send less
+		 * replies
+		 */
+		call->iov_count++;
+	}
+
+	if (length == 0) {
+		if (!call->notification.busy) {
+			TALLOC_FREE(call);
+		}
+
+		ldapsrv_call_read_next(conn);
+		return;
+	}
+
+	/* Cap call->iov_count at IOV_MAX */
+	call->iov_count = MIN(call->iov_count, IOV_MAX);
+
+	call->out_iov = talloc_array(call,
+				     struct iovec,
+				     call->iov_count);
+	if (!call->out_iov) {
+		/* This is not ideal */
+		ldapsrv_terminate_connection(conn,
+					     "failed to allocate "
+					     "iovec array");
+		return;
+	}
+
+	/* We may have had to cap the number of replies at IOV_MAX */
+	for (i = 0;
+	     i < call->iov_count && call->replies != NULL;
+	     i++) {
+		reply = call->replies;
+		call->out_iov[i].iov_base = reply->blob.data;
+		call->out_iov[i].iov_len = reply->blob.length;
+
+		/* Keep only the ASN.1 encoded data */
+		talloc_steal(call->out_iov, reply->blob.data);
+
+		DLIST_REMOVE(call->replies, reply);
+		TALLOC_FREE(reply);
+	}
+
+	if (i > call->iov_count) {
+		/* This is not ideal, but also (essentially) impossible */
+		ldapsrv_terminate_connection(conn,
+					     "call list ended"
+					     "before iov_count");
+		return;
+	}
+
+	subreq = tstream_writev_queue_send(call,
+					   conn->connection->event.ctx,
+					   conn->sockets.active,
+					   conn->sockets.send_queue,
+					   call->out_iov, call->iov_count);
+	if (subreq == NULL) {
+		ldapsrv_terminate_connection(conn, "stream_writev_queue_send failed");
+		return;
+	}
+	endtime = timeval_current_ofs(conn->limits.conn_idle_time, 0);
+	tevent_req_set_endtime(subreq,
+			       conn->connection->event.ctx,
+			       endtime);
+	tevent_req_set_callback(subreq, ldapsrv_call_writev_done, call);
+}
+
+static void ldapsrv_call_postprocess_done(struct tevent_req *subreq);
+
+static void ldapsrv_call_writev_done(struct tevent_req *subreq)
+{
+	struct ldapsrv_call *call =
+		tevent_req_callback_data(subreq,
+		struct ldapsrv_call);
+	struct ldapsrv_connection *conn = call->conn;
+	int sys_errno;
+	int rc;
+
+	rc = tstream_writev_queue_recv(subreq, &sys_errno);
+	TALLOC_FREE(subreq);
+
+	/* This releases the ASN.1 encoded packets from memory */
+	TALLOC_FREE(call->out_iov);
+	if (rc == -1) {
+		const char *reason;
+
+		reason = talloc_asprintf(call, "ldapsrv_call_writev_done: "
+					 "tstream_writev_queue_recv() - %d:%s",
+					 sys_errno, strerror(sys_errno));
+		if (reason == NULL) {
+			reason = "ldapsrv_call_writev_done: "
+				 "tstream_writev_queue_recv() failed";
+		}
+
+		ldapsrv_terminate_connection(conn, reason);
+		return;
+	}
+
+	if (call->postprocess_send) {
+		subreq = call->postprocess_send(call,
+						conn->connection->event.ctx,
+						call->postprocess_private);
+		if (subreq == NULL) {
+			ldapsrv_terminate_connection(conn, "ldapsrv_call_writev_done: "
+					"call->postprocess_send - no memory");
+			return;
+		}
+		tevent_req_set_callback(subreq,
+					ldapsrv_call_postprocess_done,
+					call);
+		return;
+	}
+
+	/* Perhaps still some more to send */
+	if (call->replies != NULL) {
+		ldapsrv_call_writev_start(call);
+		return;
+	}
+
+	if (!call->notification.busy) {
+		TALLOC_FREE(call);
+	}
+
+	ldapsrv_call_read_next(conn);
+}
+
+static void ldapsrv_call_postprocess_done(struct tevent_req *subreq)
+{
+	struct ldapsrv_call *call =
+		tevent_req_callback_data(subreq,
+		struct ldapsrv_call);
+	struct ldapsrv_connection *conn = call->conn;
+	NTSTATUS status;
+
+	status = call->postprocess_recv(subreq);
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(status)) {
+		const char *reason;
+
+		reason = talloc_asprintf(call, "ldapsrv_call_postprocess_done: "
+					 "call->postprocess_recv() - %s",
+					 nt_errstr(status));
+		if (reason == NULL) {
+			reason = nt_errstr(status);
+		}
+
+		ldapsrv_terminate_connection(conn, reason);
+		return;
+	}
+
+	TALLOC_FREE(call);
+
+	ldapsrv_call_read_next(conn);
+}
+
+static void ldapsrv_notification_retry_done(struct tevent_req *subreq);
+
+void ldapsrv_notification_retry_setup(struct ldapsrv_service *service, bool force)
+{
+	struct ldapsrv_connection *conn = NULL;
+	struct timeval retry;
+	size_t num_pending = 0;
+	size_t num_active = 0;
+
+	if (force) {
+		TALLOC_FREE(service->notification.retry);
+		service->notification.generation += 1;
+	}
+
+	if (service->notification.retry != NULL) {
+		return;
+	}
+
+	for (conn = service->connections; conn != NULL; conn = conn->next) {
+		if (conn->pending_calls == NULL) {
+			continue;
+		}
+
+		num_pending += 1;
+
+		if (conn->pending_calls->notification.generation !=
+		    service->notification.generation)
+		{
+			num_active += 1;
+		}
+	}
+
+	if (num_pending == 0) {
+		return;
+	}
+
+	if (num_active != 0) {
+		retry = timeval_current_ofs(0, 100);
+	} else {
+		retry = timeval_current_ofs(5, 0);
+	}
+
+	service->notification.retry = tevent_wakeup_send(service,
+							 service->current_ev,
+							 retry);
+	if (service->notification.retry == NULL) {
+		/* retry later */
+		return;
+	}
+
+	tevent_req_set_callback(service->notification.retry,
+				ldapsrv_notification_retry_done,
+				service);
+}
+
+static void ldapsrv_notification_retry_done(struct tevent_req *subreq)
+{
+	struct ldapsrv_service *service =
+		tevent_req_callback_data(subreq,
+		struct ldapsrv_service);
+	struct ldapsrv_connection *conn = NULL;
+	struct ldapsrv_connection *conn_next = NULL;
+	bool ok;
+
+	service->notification.retry = NULL;
+
+	ok = tevent_wakeup_recv(subreq);
+	TALLOC_FREE(subreq);
+	if (!ok) {
+		/* ignore */
+	}
+
+	for (conn = service->connections; conn != NULL; conn = conn_next) {
+		struct ldapsrv_call *call = conn->pending_calls;
+
+		conn_next = conn->next;
+
+		if (conn->pending_calls == NULL) {
+			continue;
+		}
+
+		if (conn->active_call != NULL) {
+			continue;
+		}
+
+		DLIST_DEMOTE(conn->pending_calls, call);
+		call->notification.generation =
+				service->notification.generation;
+
+		/* queue the call in the global queue */
+		subreq = ldapsrv_process_call_send(call,
+						   conn->connection->event.ctx,
+						   conn->service->call_queue,
+						   call);
+		if (subreq == NULL) {
+			ldapsrv_terminate_connection(conn,
+					"ldapsrv_process_call_send failed");
+			continue;
+		}
+		tevent_req_set_callback(subreq, ldapsrv_call_process_done, call);
+		conn->active_call = subreq;
+	}
+
+	ldapsrv_notification_retry_setup(service, false);
+}
+
+struct ldapsrv_process_call_state {
+	struct ldapsrv_call *call;
+};
+
+static void ldapsrv_process_call_trigger(struct tevent_req *req,
+					 void *private_data);
+
+static struct tevent_req *ldapsrv_process_call_send(TALLOC_CTX *mem_ctx,
+						    struct tevent_context *ev,
+						    struct tevent_queue *call_queue,
+						    struct ldapsrv_call *call)
+{
+	struct tevent_req *req;
+	struct ldapsrv_process_call_state *state;
+	bool ok;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct ldapsrv_process_call_state);
+	if (req == NULL) {
+		return req;
+	}
+
+	state->call = call;
+
+	ok = tevent_queue_add(call_queue, ev, req,
+			      ldapsrv_process_call_trigger, NULL);
+	if (!ok) {
+		tevent_req_oom(req);
+		return tevent_req_post(req, ev);
+	}
+
+	return req;
+}
+
+static void ldapsrv_disconnect_ticket_expired(struct tevent_req *subreq);
+
+static void ldapsrv_process_call_trigger(struct tevent_req *req,
+					 void *private_data)
+{
+	struct ldapsrv_process_call_state *state =
+		tevent_req_data(req,
+		struct ldapsrv_process_call_state);
+	struct ldapsrv_connection *conn = state->call->conn;
+	NTSTATUS status;
+
+	if (conn->deferred_expire_disconnect != NULL) {
+		/*
+		 * Just drop this on the floor
+		 */
+		tevent_req_done(req);
+		return;
+	}
+
+	/* make the call */
+	status = ldapsrv_do_call(state->call);
+
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_SESSION_EXPIRED)) {
+		/*
+		 * For testing purposes, defer the TCP disconnect
+		 * after having sent the msgid 0
+		 * 1.3.6.1.4.1.1466.20036 exop response. LDAP clients
+		 * should not wait for the TCP connection to close but
+		 * handle this packet equivalent to a TCP
+		 * disconnect. This delay enables testing both cases
+		 * in LDAP client libraries.
+		 */
+
+		int defer_msec = lpcfg_parm_int(
+			conn->lp_ctx,
+			NULL,
+			"ldap_server",
+			"delay_expire_disconnect",
+			0);
+
+		conn->deferred_expire_disconnect = tevent_wakeup_send(
+			conn,
+			conn->connection->event.ctx,
+			timeval_current_ofs_msec(defer_msec));
+		if (tevent_req_nomem(conn->deferred_expire_disconnect, req)) {
+			return;
+		}
+		tevent_req_set_callback(
+			conn->deferred_expire_disconnect,
+			ldapsrv_disconnect_ticket_expired,
+			conn);
+
+		tevent_req_done(req);
+		return;
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		tevent_req_nterror(req, status);
+		return;
+	}
+
+	tevent_req_done(req);
+}
+
+static void ldapsrv_disconnect_ticket_expired(struct tevent_req *subreq)
+{
+	struct ldapsrv_connection *conn = tevent_req_callback_data(
+		subreq, struct ldapsrv_connection);
+	bool ok;
+
+	ok = tevent_wakeup_recv(subreq);
+	TALLOC_FREE(subreq);
+	if (!ok) {
+		DBG_WARNING("tevent_wakeup_recv failed\n");
+	}
+	conn->deferred_expire_disconnect = NULL;
+	ldapsrv_terminate_connection(conn, "network session expired");
+}
+
+static NTSTATUS ldapsrv_process_call_recv(struct tevent_req *req)
+{
+	NTSTATUS status;
+
+	if (tevent_req_is_nterror(req, &status)) {
+		tevent_req_received(req);
+		return status;
+	}
+
+	tevent_req_received(req);
+	return NT_STATUS_OK;
+}
+
+static void ldapsrv_accept_nonpriv(struct stream_connection *c)
+{
+	struct ldapsrv_service *ldapsrv_service = talloc_get_type_abort(
+		c->private_data, struct ldapsrv_service);
+	struct auth_session_info *session_info;
+	NTSTATUS status;
+
+	status = auth_anonymous_session_info(
+		c, ldapsrv_service->lp_ctx, &session_info);
+	if (!NT_STATUS_IS_OK(status)) {
+		stream_terminate_connection(c, "failed to setup anonymous "
+					    "session info");
+		return;
+	}
+	ldapsrv_accept(c, session_info, false);
+}
+
+static const struct stream_server_ops ldap_stream_nonpriv_ops = {
+	.name			= "ldap",
+	.accept_connection	= ldapsrv_accept_nonpriv,
+	.recv_handler		= ldapsrv_recv,
+	.send_handler		= ldapsrv_send,
+};
+
+/* The feature removed behind an #ifdef until we can do it properly
+ * with an EXTERNAL bind. */
+
+#define WITH_LDAPI_PRIV_SOCKET
+
+#ifdef WITH_LDAPI_PRIV_SOCKET
+static void ldapsrv_accept_priv(struct stream_connection *c)
+{
+	struct ldapsrv_service *ldapsrv_service = talloc_get_type_abort(
+		c->private_data, struct ldapsrv_service);
+	struct auth_session_info *session_info;
+
+	session_info = system_session(ldapsrv_service->lp_ctx);
+	if (!session_info) {
+		stream_terminate_connection(c, "failed to setup system "
+					    "session info");
+		return;
+	}
+	ldapsrv_accept(c, session_info, true);
+}
+
+static const struct stream_server_ops ldap_stream_priv_ops = {
+	.name			= "ldap",
+	.accept_connection	= ldapsrv_accept_priv,
+	.recv_handler		= ldapsrv_recv,
+	.send_handler		= ldapsrv_send,
+};
+
+#endif
+
+
+/*
+  add a socket address to the list of events, one event per port
+*/
+static NTSTATUS add_socket(struct task_server *task,
+			   struct loadparm_context *lp_ctx,
+			   const struct model_ops *model_ops,
+			   const char *address, struct ldapsrv_service *ldap_service)
+{
+	uint16_t port = 389;
+	NTSTATUS status;
+	struct ldb_context *ldb;
+
+	status = stream_setup_socket(task, task->event_ctx, lp_ctx,
+				     model_ops, &ldap_stream_nonpriv_ops,
+				     "ip", address, &port,
+				     lpcfg_socket_options(lp_ctx),
+				     ldap_service, task->process_context);
+	if (!NT_STATUS_IS_OK(status)) {
+		DBG_ERR("ldapsrv failed to bind to %s:%u - %s\n",
+			address, port, nt_errstr(status));
+		return status;
+	}
+
+	if (tstream_tls_params_enabled(ldap_service->tls_params)) {
+		/* add ldaps server */
+		port = 636;
+		status = stream_setup_socket(task, task->event_ctx, lp_ctx,
+					     model_ops,
+					     &ldap_stream_nonpriv_ops,
+					     "ip", address, &port,
+					     lpcfg_socket_options(lp_ctx),
+					     ldap_service,
+					     task->process_context);
+		if (!NT_STATUS_IS_OK(status)) {
+			DBG_ERR("ldapsrv failed to bind to %s:%u - %s\n",
+				address, port, nt_errstr(status));
+			return status;
+		}
+	}
+
+	/* Load LDAP database, but only to read our settings */
+	ldb = samdb_connect(ldap_service,
+			    ldap_service->current_ev,
+			    lp_ctx,
+			    system_session(lp_ctx),
+			    NULL,
+			    0);
+	if (!ldb) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	if (samdb_is_gc(ldb)) {
+		port = 3268;
+		status = stream_setup_socket(task, task->event_ctx, lp_ctx,
+					     model_ops,
+					     &ldap_stream_nonpriv_ops,
+					     "ip", address, &port,
+					     lpcfg_socket_options(lp_ctx),
+					     ldap_service,
+					     task->process_context);
+		if (!NT_STATUS_IS_OK(status)) {
+			DBG_ERR("ldapsrv failed to bind to %s:%u - %s\n",
+				address, port, nt_errstr(status));
+			return status;
+		}
+		if (tstream_tls_params_enabled(ldap_service->tls_params)) {
+			/* add ldaps server for the global catalog */
+			port = 3269;
+			status = stream_setup_socket(task, task->event_ctx, lp_ctx,
+						     model_ops,
+						     &ldap_stream_nonpriv_ops,
+						     "ip", address, &port,
+						     lpcfg_socket_options(lp_ctx),
+						     ldap_service,
+						     task->process_context);
+			if (!NT_STATUS_IS_OK(status)) {
+				DBG_ERR("ldapsrv failed to bind to %s:%u - %s\n",
+					address, port, nt_errstr(status));
+				return status;
+			}
+		}
+	}
+
+	/* And once we are bound, free the temporary ldb, it will
+	 * connect again on each incoming LDAP connection */
+	talloc_unlink(ldap_service, ldb);
+
+	return NT_STATUS_OK;
+}
+
+static void ldap_reload_certs(struct imessaging_context *msg_ctx,
+			      void *private_data,
+			      uint32_t msg_type,
+			      struct server_id server_id,
+			      size_t num_fds,
+			      int *fds,
+			      DATA_BLOB *data)
+{
+	TALLOC_CTX *frame = talloc_stackframe();
+	struct ldapsrv_service *ldap_service =
+		talloc_get_type_abort(private_data,
+		struct ldapsrv_service);
+	int default_children;
+	int num_children;
+	int i;
+	bool ok;
+	struct server_id ldap_master_id;
+	NTSTATUS status;
+	struct tstream_tls_params *new_tls_params = NULL;
+
+	SMB_ASSERT(msg_ctx == ldap_service->current_msg);
+
+	/* reload certificates */
+	status = tstream_tls_params_server(ldap_service,
+					   ldap_service->dns_host_name,
+					   lpcfg_tls_enabled(ldap_service->lp_ctx),
+					   lpcfg_tls_keyfile(frame, ldap_service->lp_ctx),
+					   lpcfg_tls_certfile(frame, ldap_service->lp_ctx),
+					   lpcfg_tls_cafile(frame, ldap_service->lp_ctx),
+					   lpcfg_tls_crlfile(frame, ldap_service->lp_ctx),
+					   lpcfg_tls_dhpfile(frame, ldap_service->lp_ctx),
+					   lpcfg_tls_priority(ldap_service->lp_ctx),
+					   &new_tls_params);
+	if (!NT_STATUS_IS_OK(status)) {
+		DBG_ERR("ldapsrv failed tstream_tls_params_server - %s\n",
+			nt_errstr(status));
+		TALLOC_FREE(frame);
+		return;
+	}
+
+	TALLOC_FREE(ldap_service->tls_params);
+	ldap_service->tls_params = new_tls_params;
+
+	if (getpid() != ldap_service->parent_pid) {
+		/*
+		 * If we are not the master process we are done
+		 */
+		TALLOC_FREE(frame);
+		return;
+	}
+
+	/*
+	 * Check we're running under the prefork model,
+	 * by checking if the prefork-master-ldap name
+	 * was registered
+	 */
+	ok = server_id_db_lookup_one(msg_ctx->names, "prefork-master-ldap", &ldap_master_id);
+	if (!ok) {
+		/*
+		 * We are done if another process model is in use.
+		 */
+		TALLOC_FREE(frame);
+		return;
+	}
+
+	/*
+	 * Now we loop over all possible prefork workers
+	 * in order to notify them about the reload
+	 */
+	default_children = lpcfg_prefork_children(ldap_service->lp_ctx);
+	num_children = lpcfg_parm_int(ldap_service->lp_ctx,
+				      NULL, "prefork children", "ldap",
+				      default_children);
+	for (i = 0; i < num_children; i++) {
+		char child_name[64] = { 0, };
+		struct server_id ldap_worker_id;
+
+		snprintf(child_name, sizeof(child_name), "prefork-worker-ldap-%d", i);
+		ok = server_id_db_lookup_one(msg_ctx->names, child_name, &ldap_worker_id);
+		if (!ok) {
+			DBG_ERR("server_id_db_lookup_one(%s) - failed\n",
+				child_name);
+			continue;
+		}
+
+		status = imessaging_send(msg_ctx, ldap_worker_id,
+				         MSG_RELOAD_TLS_CERTIFICATES, NULL);
+		if (!NT_STATUS_IS_OK(status)) {
+			struct server_id_buf id_buf;
+			DBG_ERR("ldapsrv failed imessaging_send(%s, %s) - %s\n",
+				child_name,
+				server_id_str_buf(ldap_worker_id, &id_buf),
+				nt_errstr(status));
+			continue;
+		}
+	}
+
+	TALLOC_FREE(frame);
+}
+
+/*
+  open the ldap server sockets
+*/
+static NTSTATUS ldapsrv_task_init(struct task_server *task)
+{	
+	char *ldapi_path;
+#ifdef WITH_LDAPI_PRIV_SOCKET
+	char *priv_dir;
+#endif
+	struct ldapsrv_service *ldap_service;
+	NTSTATUS status;
+
+	switch (lpcfg_server_role(task->lp_ctx)) {
+	case ROLE_STANDALONE:
+		task_server_terminate(task, "ldap_server: no LDAP server required in standalone configuration", 
+				      false);
+		return NT_STATUS_INVALID_DOMAIN_ROLE;
+	case ROLE_DOMAIN_MEMBER:
+		task_server_terminate(task, "ldap_server: no LDAP server required in member server configuration", 
+				      false);
+		return NT_STATUS_INVALID_DOMAIN_ROLE;
+	case ROLE_ACTIVE_DIRECTORY_DC:
+		/* Yes, we want an LDAP server */
+		break;
+	}
+
+	task_server_set_title(task, "task[ldapsrv]");
+
+	ldap_service = talloc_zero(task, struct ldapsrv_service);
+	if (ldap_service == NULL) {
+		status = NT_STATUS_NO_MEMORY;
+		goto failed;
+	}
+
+	ldap_service->lp_ctx = task->lp_ctx;
+	ldap_service->current_ev = task->event_ctx;
+	ldap_service->current_msg = task->msg_ctx;
+
+	ldap_service->dns_host_name = talloc_asprintf(ldap_service, "%s.%s",
+					lpcfg_netbios_name(task->lp_ctx),
+					lpcfg_dnsdomain(task->lp_ctx));
+	if (ldap_service->dns_host_name == NULL) {
+		status = NT_STATUS_NO_MEMORY;
+		goto failed;
+	}
+
+	ldap_service->parent_pid = getpid();
+
+	status = tstream_tls_params_server(ldap_service,
+					   ldap_service->dns_host_name,
+					   lpcfg_tls_enabled(task->lp_ctx),
+					   lpcfg_tls_keyfile(ldap_service, task->lp_ctx),
+					   lpcfg_tls_certfile(ldap_service, task->lp_ctx),
+					   lpcfg_tls_cafile(ldap_service, task->lp_ctx),
+					   lpcfg_tls_crlfile(ldap_service, task->lp_ctx),
+					   lpcfg_tls_dhpfile(ldap_service, task->lp_ctx),
+					   lpcfg_tls_priority(task->lp_ctx),
+					   &ldap_service->tls_params);
+	if (!NT_STATUS_IS_OK(status)) {
+		DBG_ERR("ldapsrv failed tstream_tls_params_server - %s\n",
+			nt_errstr(status));
+		goto failed;
+	}
+
+	ldap_service->call_queue = tevent_queue_create(ldap_service, "ldapsrv_call_queue");
+	if (ldap_service->call_queue == NULL) {
+		status = NT_STATUS_NO_MEMORY;
+		goto failed;
+	}
+
+	if (lpcfg_interfaces(task->lp_ctx) && lpcfg_bind_interfaces_only(task->lp_ctx)) {
+		struct interface *ifaces;
+		int num_interfaces;
+		int i;
+
+		load_interface_list(task, task->lp_ctx, &ifaces);
+		num_interfaces = iface_list_count(ifaces);
+
+		/* We have been given an interfaces line, and been 
+		   told to only bind to those interfaces. Create a
+		   socket per interface and bind to only these.
+		*/
+		for(i = 0; i < num_interfaces; i++) {
+			const char *address = iface_list_n_ip(ifaces, i);
+			status = add_socket(task, task->lp_ctx, task->model_ops,
+					    address, ldap_service);
+			if (!NT_STATUS_IS_OK(status)) goto failed;
+		}
+	} else {
+		char **wcard;
+		size_t i;
+		size_t num_binds = 0;
+		wcard = iface_list_wildcard(task);
+		if (wcard == NULL) {
+			DBG_ERR("No wildcard addresses available\n");
+			status = NT_STATUS_UNSUCCESSFUL;
+			goto failed;
+		}
+		for (i=0; wcard[i]; i++) {
+			status = add_socket(task, task->lp_ctx, task->model_ops,
+					    wcard[i], ldap_service);
+			if (NT_STATUS_IS_OK(status)) {
+				num_binds++;
+			}
+		}
+		talloc_free(wcard);
+		if (num_binds == 0) {
+			status = NT_STATUS_UNSUCCESSFUL;
+			goto failed;
+		}
+	}
+
+	ldapi_path = lpcfg_private_path(ldap_service, task->lp_ctx, "ldapi");
+	if (!ldapi_path) {
+		status = NT_STATUS_UNSUCCESSFUL;
+		goto failed;
+	}
+
+	status = stream_setup_socket(task, task->event_ctx, task->lp_ctx,
+				     task->model_ops, &ldap_stream_nonpriv_ops,
+				     "unix", ldapi_path, NULL, 
+				     lpcfg_socket_options(task->lp_ctx),
+				     ldap_service, task->process_context);
+	talloc_free(ldapi_path);
+	if (!NT_STATUS_IS_OK(status)) {
+		DBG_ERR("ldapsrv failed to bind to %s - %s\n",
+			ldapi_path, nt_errstr(status));
+	}
+
+#ifdef WITH_LDAPI_PRIV_SOCKET
+	priv_dir = lpcfg_private_path(ldap_service, task->lp_ctx, "ldap_priv");
+	if (priv_dir == NULL) {
+		status = NT_STATUS_UNSUCCESSFUL;
+		goto failed;
+	}
+	/*
+	 * Make sure the directory for the privileged ldapi socket exists, and
+	 * is of the correct permissions
+	 */
+	if (!directory_create_or_exist(priv_dir, 0750)) {
+		task_server_terminate(task, "Cannot create ldap "
+				      "privileged ldapi directory", true);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	ldapi_path = talloc_asprintf(ldap_service, "%s/ldapi", priv_dir);
+	talloc_free(priv_dir);
+	if (ldapi_path == NULL) {
+		status = NT_STATUS_NO_MEMORY;
+		goto failed;
+	}
+
+	status = stream_setup_socket(task, task->event_ctx, task->lp_ctx,
+				     task->model_ops, &ldap_stream_priv_ops,
+				     "unix", ldapi_path, NULL,
+				     lpcfg_socket_options(task->lp_ctx),
+				     ldap_service,
+				     task->process_context);
+	talloc_free(ldapi_path);
+	if (!NT_STATUS_IS_OK(status)) {
+		DBG_ERR("ldapsrv failed to bind to %s - %s\n",
+			ldapi_path, nt_errstr(status));
+	}
+
+#endif
+
+	/* register the server */
+	irpc_add_name(task->msg_ctx, "ldap_server");
+
+	task->private_data = ldap_service;
+
+	return NT_STATUS_OK;
+
+failed:
+	task_server_terminate(task, "Failed to startup ldap server task", true);
+	return status;
+}
+
+/*
+ * Open a database to be later used by LDB wrap code (although it should be
+ * plumbed through correctly eventually).
+ */
+static void ldapsrv_post_fork(struct task_server *task, struct process_details *pd)
+{
+	struct ldapsrv_service *ldap_service =
+		talloc_get_type_abort(task->private_data, struct ldapsrv_service);
+
+	/*
+	 * As ldapsrv_before_loop() may changed the values for the parent loop
+	 * we need to adjust the pointers to the correct value in the child
+	 */
+	ldap_service->lp_ctx = task->lp_ctx;
+	ldap_service->current_ev = task->event_ctx;
+	ldap_service->current_msg = task->msg_ctx;
+
+	ldap_service->sam_ctx = samdb_connect(ldap_service,
+					      ldap_service->current_ev,
+					      ldap_service->lp_ctx,
+					      system_session(ldap_service->lp_ctx),
+					      NULL,
+					      0);
+	if (ldap_service->sam_ctx == NULL) {
+		task_server_terminate(task, "Cannot open system session LDB",
+				      true);
+		return;
+	}
+}
+
+static void ldapsrv_before_loop(struct task_server *task)
+{
+	struct ldapsrv_service *ldap_service =
+		talloc_get_type_abort(task->private_data, struct ldapsrv_service);
+	NTSTATUS status;
+
+	if (ldap_service->sam_ctx != NULL) {
+		/*
+		 * Make sure the values are still the same
+		 * as set in ldapsrv_post_fork()
+		 */
+		SMB_ASSERT(task->lp_ctx == ldap_service->lp_ctx);
+		SMB_ASSERT(task->event_ctx == ldap_service->current_ev);
+		SMB_ASSERT(task->msg_ctx == ldap_service->current_msg);
+	} else {
+		/*
+		 * We need to adjust the pointers to the correct value
+		 * in the parent loop.
+		 */
+		ldap_service->lp_ctx = task->lp_ctx;
+		ldap_service->current_ev = task->event_ctx;
+		ldap_service->current_msg = task->msg_ctx;
+	}
+
+	status = imessaging_register(ldap_service->current_msg,
+				     ldap_service,
+				     MSG_RELOAD_TLS_CERTIFICATES,
+				     ldap_reload_certs);
+	if (!NT_STATUS_IS_OK(status)) {
+		task_server_terminate(task, "Cannot register ldap_reload_certs",
+				      true);
+		return;
+	}
+}
+
+/*
+ * Check the size of an ldap request packet.
+ *
+ * For authenticated connections the maximum packet size is controlled by
+ * the smb.conf parameter "ldap max authenticated request size"
+ *
+ * For anonymous connections the maximum packet size is controlled by
+ * the smb.conf parameter "ldap max anonymous request size"
+ */
+static int ldapsrv_check_packet_size(
+	struct ldapsrv_connection *conn,
+	size_t size)
+{
+	bool is_anonymous = false;
+	size_t max_size = 0;
+
+	max_size = lpcfg_ldap_max_anonymous_request_size(conn->lp_ctx);
+	if (size <= max_size) {
+		return LDAP_SUCCESS;
+	}
+
+	/*
+	 * Request is larger than the maximum unauthenticated request size.
+	 * As this code is called frequently we avoid calling
+	 * security_token_is_anonymous if possible
+	 */
+	if (conn->session_info != NULL &&
+		conn->session_info->security_token != NULL) {
+		is_anonymous = security_token_is_anonymous(
+			conn->session_info->security_token);
+	}
+
+	if (is_anonymous) {
+		DBG_WARNING(
+			"LDAP request size (%zu) exceeds (%zu)\n",
+			size,
+			max_size);
+		return LDAP_UNWILLING_TO_PERFORM;
+	}
+
+	max_size = lpcfg_ldap_max_authenticated_request_size(conn->lp_ctx);
+	if (size > max_size) {
+		DBG_WARNING(
+			"LDAP request size (%zu) exceeds (%zu)\n",
+			size,
+			max_size);
+		return LDAP_UNWILLING_TO_PERFORM;
+	}
+	return LDAP_SUCCESS;
+
+}
+
+/*
+ * Check that the blob contains enough data to be a valid packet
+ * If there is a packet header check the size to ensure that it does not
+ * exceed the maximum sizes.
+ *
+ */
+static NTSTATUS ldapsrv_packet_check(
+	struct tstream_context *stream,
+	void *private_data,
+	DATA_BLOB blob,
+	size_t *packet_size)
+{
+	NTSTATUS ret;
+	struct ldapsrv_connection *conn = private_data;
+	int result = LDB_SUCCESS;
+
+	ret = ldap_full_packet(stream, private_data, blob, packet_size);
+	if (!NT_STATUS_IS_OK(ret)) {
+		return ret;
+	}
+	result = ldapsrv_check_packet_size(conn, *packet_size);
+	if (result != LDAP_SUCCESS) {
+		return NT_STATUS_LDAP(result);
+	}
+	return NT_STATUS_OK;
+}
+
+NTSTATUS server_service_ldap_init(TALLOC_CTX *ctx)
+{
+	static const struct service_details details = {
+		.inhibit_fork_on_accept = false,
+		.inhibit_pre_fork = false,
+		.task_init = ldapsrv_task_init,
+		.post_fork = ldapsrv_post_fork,
+		.before_loop = ldapsrv_before_loop,
+	};
+	return register_server_service(ctx, "ldap", &details);
+}
diff --git a/source4/ldap_server/ldap_server.h b/source4/ldap_server/ldap_server.h
new file mode 100644
index 0000000..a56aa8f
--- /dev/null
+++ b/source4/ldap_server/ldap_server.h
@@ -0,0 +1,133 @@
+/* 
+   Unix SMB/CIFS implementation.
+   LDAP server
+   Copyright (C) Volker Lendecke 2004
+   Copyright (C) Stefan Metzmacher 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "libcli/ldap/libcli_ldap.h"
+#include "lib/socket/socket.h"
+#include "lib/stream/packet.h"
+#include "system/network.h"
+#include "lib/param/loadparm.h"
+
+enum ldap_server_referral_scheme {
+	LDAP_REFERRAL_SCHEME_LDAP,
+	LDAP_REFERRAL_SCHEME_LDAPS
+};
+
+struct ldapsrv_connection {
+	struct ldapsrv_connection *next, *prev;
+	struct loadparm_context *lp_ctx;
+	struct stream_connection *connection;
+	struct gensec_security *gensec;
+	struct auth_session_info *session_info;
+	struct ldapsrv_service *service;
+	struct cli_credentials *server_credentials;
+	struct ldb_context *ldb;
+
+	struct {
+		struct tevent_queue *send_queue;
+		struct tevent_req *read_req;
+		struct tstream_context *raw;
+		struct tstream_context *tls;
+		struct tstream_context *sasl;
+		struct tstream_context *active;
+	} sockets;
+
+	bool global_catalog;
+	bool is_privileged;
+	enum ldap_server_require_strong_auth require_strong_auth;
+	bool authz_logged;
+	enum ldap_server_referral_scheme referral_scheme;
+
+	struct {
+		int initial_timeout;
+		int conn_idle_time;
+		int max_page_size;
+		int max_notifications;
+		int search_timeout;
+		struct timeval endtime;
+		struct timeval expire_time; /* Krb5 ticket expiry */
+		const char *reason;
+	} limits;
+
+	struct tevent_req *active_call;
+	struct tevent_req *deferred_expire_disconnect;
+
+	struct ldapsrv_call *pending_calls;
+};
+
+struct ldapsrv_call {
+	struct ldapsrv_call *prev, *next;
+	struct ldapsrv_connection *conn;
+	struct ldap_message *request;
+	struct ldapsrv_reply {
+		struct ldapsrv_reply *prev, *next;
+		struct ldap_message *msg;
+		DATA_BLOB blob;
+	} *replies;
+	struct iovec *out_iov;
+	size_t iov_count;
+	size_t reply_size;
+
+	struct tevent_req *(*wait_send)(TALLOC_CTX *mem_ctx,
+					struct tevent_context *ev,
+					void *private_data);
+	NTSTATUS (*wait_recv)(struct tevent_req *req);
+	void *wait_private;
+
+	struct tevent_req *(*postprocess_send)(TALLOC_CTX *mem_ctx,
+					       struct tevent_context *ev,
+					       void *private_data);
+	NTSTATUS (*postprocess_recv)(struct tevent_req *req);
+	void *postprocess_private;
+
+	struct {
+		bool busy;
+		uint64_t generation;
+	} notification;
+};
+
+/*
+ * This matches the previous implicit size limit via talloc's maximum
+ * allocation size
+ */
+#define LDAP_SERVER_MAX_REPLY_SIZE ((size_t)(256 * 1024 * 1024))
+
+/*
+ * Start writing to the network before we hit this size
+ */
+#define LDAP_SERVER_MAX_CHUNK_SIZE ((size_t)(25 * 1024 * 1024))
+
+struct ldapsrv_service {
+	const char *dns_host_name;
+	pid_t parent_pid;
+	struct tstream_tls_params *tls_params;
+	struct tevent_queue *call_queue;
+	struct ldapsrv_connection *connections;
+	struct {
+		uint64_t generation;
+		struct tevent_req *retry;
+	} notification;
+
+	struct loadparm_context *lp_ctx;
+	struct tevent_context *current_ev;
+	struct imessaging_context *current_msg;
+	struct ldb_context *sam_ctx;
+};
+
+#include "ldap_server/proto.h"
diff --git a/source4/ldap_server/wscript_build b/source4/ldap_server/wscript_build
new file mode 100644
index 0000000..881cc89
--- /dev/null
+++ b/source4/ldap_server/wscript_build
@@ -0,0 +1,13 @@
+#!/usr/bin/env python
+
+
+bld.SAMBA_MODULE('service_ldap',
+	source='ldap_server.c ldap_backend.c ldap_bind.c ldap_extended.c',
+	autoproto='proto.h',
+	subsystem='service',
+	init_function='server_service_ldap_init',
+	deps='samba-credentials cli-ldap samdb process_model gensec samba-hostconfig samba_server_gensec common_auth',
+	internal_module=False,
+	enabled=bld.AD_DC_BUILD_IS_ENABLED()
+	)
+
diff --git a/source4/lib/events/events.h b/source4/lib/events/events.h
new file mode 100644
index 0000000..e9f5f4c
--- /dev/null
+++ b/source4/lib/events/events.h
@@ -0,0 +1,6 @@
+#ifndef __LIB_EVENTS_H__
+#define __LIB_EVENTS_H__
+#include <tevent.h>
+struct tevent_context *s4_event_context_init(TALLOC_CTX *mem_ctx);
+void s4_event_context_set_default(struct tevent_context *ev);
+#endif /* __LIB_EVENTS_H__ */
diff --git a/source4/lib/events/tevent_s4.c b/source4/lib/events/tevent_s4.c
new file mode 100644
index 0000000..36a4d32
--- /dev/null
+++ b/source4/lib/events/tevent_s4.c
@@ -0,0 +1,41 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Copyright (C) Andrew Tridgell 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#define TEVENT_DEPRECATED 1
+#include "lib/events/events.h"
+
+/*
+  create a event_context structure. This must be the first events
+  call, and all subsequent calls pass this event_context as the first
+  element. Event handlers also receive this as their first argument.
+
+  This samba4 specific call sets the samba4 debug handler.
+*/
+struct tevent_context *s4_event_context_init(TALLOC_CTX *mem_ctx)
+{
+	struct tevent_context *ev;
+
+	ev = samba_tevent_context_init(mem_ctx);
+	if (ev) {
+		samba_tevent_set_debug(ev, "s4_tevent");
+		tevent_loop_allow_nesting(ev);
+	}
+	return ev;
+}
+
diff --git a/source4/lib/events/wscript_build b/source4/lib/events/wscript_build
new file mode 100644
index 0000000..d08d5dd
--- /dev/null
+++ b/source4/lib/events/wscript_build
@@ -0,0 +1,9 @@
+#!/usr/bin/env python
+
+
+bld.SAMBA_LIBRARY('events',
+                  source='tevent_s4.c',
+                  deps='samba-util',
+                  public_deps='tevent',
+                  private_library=True
+                  )
diff --git a/source4/lib/messaging/irpc.h b/source4/lib/messaging/irpc.h
new file mode 100644
index 0000000..d6a5c46
--- /dev/null
+++ b/source4/lib/messaging/irpc.h
@@ -0,0 +1,87 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Samba internal rpc code - header
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef IRPC_H
+#define IRPC_H
+
+#include "lib/messaging/messaging.h"
+#include "libcli/util/werror.h"
+#include "librpc/gen_ndr/irpc.h"
+
+/*
+  an incoming irpc message
+*/
+struct irpc_message {
+	struct server_id from;
+	void *private_data;
+	struct irpc_header header;
+	struct ndr_pull *ndr;
+	bool defer_reply;
+	bool no_reply;
+	struct imessaging_context *msg_ctx;
+	struct irpc_list *irpc;
+	void *data;
+};
+
+/* don't allow calls to take too long */
+#define IRPC_CALL_TIMEOUT	10
+/* wait for the calls as long as it takes */
+#define IRPC_CALL_TIMEOUT_INF	0
+
+
+/* the server function type */
+typedef NTSTATUS (*irpc_function_t)(struct irpc_message *, void *r);
+
+/* register a server function with the irpc messaging system */
+#define IRPC_REGISTER(msg_ctx, pipename, funcname, function, private_data) \
+   irpc_register(msg_ctx, &ndr_table_ ## pipename, \
+                          NDR_ ## funcname, \
+			  (irpc_function_t)function, private_data)
+
+struct ndr_interface_table;
+
+NTSTATUS irpc_register(struct imessaging_context *msg_ctx,
+		       const struct ndr_interface_table *table, 
+		       int call, irpc_function_t fn, void *private_data);
+
+struct dcerpc_binding_handle *irpc_binding_handle(TALLOC_CTX *mem_ctx,
+						  struct imessaging_context *msg_ctx,
+						  struct server_id server_id,
+						  const struct ndr_interface_table *table);
+struct dcerpc_binding_handle *irpc_binding_handle_by_name(TALLOC_CTX *mem_ctx,
+							  struct imessaging_context *msg_ctx,
+							  const char *dest_task,
+							  const struct ndr_interface_table *table);
+void irpc_binding_handle_add_security_token(struct dcerpc_binding_handle *h,
+					    struct security_token *token);
+
+NTSTATUS irpc_add_name(struct imessaging_context *msg_ctx, const char *name);
+NTSTATUS irpc_servers_byname(struct imessaging_context *msg_ctx,
+			     TALLOC_CTX *mem_ctx, const char *name,
+			     unsigned *num_servers,
+			     struct server_id **servers);
+struct irpc_name_records *irpc_all_servers(struct imessaging_context *msg_ctx,
+					   TALLOC_CTX *mem_ctx);
+void irpc_remove_name(struct imessaging_context *msg_ctx, const char *name);
+NTSTATUS irpc_send_reply(struct irpc_message *m, NTSTATUS status);
+
+#endif
+
diff --git a/source4/lib/messaging/messaging.c b/source4/lib/messaging/messaging.c
new file mode 100644
index 0000000..6d859f7
--- /dev/null
+++ b/source4/lib/messaging/messaging.c
@@ -0,0 +1,1521 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Samba internal messaging functions
+
+   Copyright (C) Andrew Tridgell 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include "lib/util/server_id.h"
+#include "system/filesys.h"
+#include "messaging/messaging.h"
+#include "messaging/messaging_internal.h"
+#include "../lib/util/dlinklist.h"
+#include "lib/socket/socket.h"
+#include "librpc/gen_ndr/ndr_irpc.h"
+#include "lib/messaging/irpc.h"
+#include "../lib/util/unix_privs.h"
+#include "librpc/rpc/dcerpc.h"
+#include "cluster/cluster.h"
+#include "../lib/util/tevent_ntstatus.h"
+#include "lib/param/param.h"
+#include "lib/util/server_id_db.h"
+#include "lib/util/talloc_report_printf.h"
+#include "lib/messaging/messages_dgm.h"
+#include "lib/messaging/messages_dgm_ref.h"
+#include "../source3/lib/messages_util.h"
+#include <tdb.h>
+#include "lib/util/idtree.h"
+
+/* change the message version with any incompatible changes in the protocol */
+#define IMESSAGING_VERSION 1
+
+/*
+  a pending irpc call
+*/
+struct irpc_request {
+	struct irpc_request *prev, *next;
+	struct imessaging_context *msg_ctx;
+	int callid;
+	struct {
+		void (*handler)(struct irpc_request *irpc, struct irpc_message *m);
+		void *private_data;
+	} incoming;
+};
+
+/* we have a linked list of dispatch handlers for each msg_type that
+   this messaging server can deal with */
+struct dispatch_fn {
+	struct dispatch_fn *next, *prev;
+	uint32_t msg_type;
+	void *private_data;
+	msg_callback_t fn;
+};
+
+/* an individual message */
+
+static void irpc_handler(struct imessaging_context *,
+			 void *,
+			 uint32_t,
+			 struct server_id,
+			 size_t,
+			 int *,
+			 DATA_BLOB *);
+
+
+/*
+ A useful function for testing the message system.
+*/
+static void ping_message(struct imessaging_context *msg,
+			 void *private_data,
+			 uint32_t msg_type,
+			 struct server_id src,
+			 size_t num_fds,
+			 int *fds,
+			 DATA_BLOB *data)
+{
+	struct server_id_buf idbuf;
+
+	if (num_fds != 0) {
+		DBG_WARNING("Received %zu fds, ignoring message\n", num_fds);
+		return;
+	}
+
+	DEBUG(1,("INFO: Received PING message from server %s [%.*s]\n",
+		 server_id_str_buf(src, &idbuf), (int)data->length,
+		 data->data?(const char *)data->data:""));
+	imessaging_send(msg, src, MSG_PONG, data);
+}
+
+static void pool_message(struct imessaging_context *msg,
+			 void *private_data,
+			 uint32_t msg_type,
+			 struct server_id src,
+			 size_t num_fds,
+			 int *fds,
+			 DATA_BLOB *data)
+{
+	FILE *f = NULL;
+
+	if (num_fds != 1) {
+		DBG_WARNING("Received %zu fds, ignoring message\n", num_fds);
+		return;
+	}
+
+	f = fdopen(fds[0], "w");
+	if (f == NULL) {
+		DBG_DEBUG("fopen failed: %s\n", strerror(errno));
+		return;
+	}
+
+	talloc_full_report_printf(NULL, f);
+	fclose(f);
+}
+
+static void ringbuf_log_msg(struct imessaging_context *msg,
+			    void *private_data,
+			    uint32_t msg_type,
+			    struct server_id src,
+			    size_t num_fds,
+			    int *fds,
+			    DATA_BLOB *data)
+{
+	char *log = debug_get_ringbuf();
+	size_t logsize = debug_get_ringbuf_size();
+	DATA_BLOB blob;
+
+	if (num_fds != 0) {
+		DBG_WARNING("Received %zu fds, ignoring message\n", num_fds);
+		return;
+	}
+
+	if (log == NULL) {
+		log = discard_const_p(char, "*disabled*\n");
+		logsize = strlen(log) + 1;
+	}
+
+	blob.data = (uint8_t *)log;
+	blob.length = logsize;
+
+	imessaging_send(msg, src, MSG_RINGBUF_LOG, &blob);
+}
+
+/****************************************************************************
+ Receive a "set debug level" message.
+****************************************************************************/
+
+static void debug_imessage(struct imessaging_context *msg_ctx,
+			   void *private_data,
+			   uint32_t msg_type,
+			   struct server_id src,
+			   size_t num_fds,
+			   int *fds,
+			   DATA_BLOB *data)
+{
+	const char *params_str = (const char *)data->data;
+	struct server_id_buf src_buf;
+	struct server_id dst = imessaging_get_server_id(msg_ctx);
+	struct server_id_buf dst_buf;
+
+	if (num_fds != 0) {
+		DBG_WARNING("Received %zu fds, ignoring message\n", num_fds);
+		return;
+	}
+
+	/* Check, it's a proper string! */
+	if (params_str[(data->length)-1] != '\0') {
+		DBG_ERR("Invalid debug message from pid %s to pid %s\n",
+			server_id_str_buf(src, &src_buf),
+			server_id_str_buf(dst, &dst_buf));
+		return;
+	}
+
+	DBG_ERR("INFO: Remote set of debug to `%s' (pid %s from pid %s)\n",
+		params_str,
+		server_id_str_buf(dst, &dst_buf),
+		server_id_str_buf(src, &src_buf));
+
+	debug_parse_levels(params_str);
+}
+
+/****************************************************************************
+ Return current debug level.
+****************************************************************************/
+
+static void debuglevel_imessage(struct imessaging_context *msg_ctx,
+				void *private_data,
+				uint32_t msg_type,
+				struct server_id src,
+				size_t num_fds,
+				int *fds,
+				DATA_BLOB *data)
+{
+	char *message = debug_list_class_names_and_levels();
+	DATA_BLOB blob = data_blob_null;
+	struct server_id_buf src_buf;
+	struct server_id dst = imessaging_get_server_id(msg_ctx);
+	struct server_id_buf dst_buf;
+
+	if (num_fds != 0) {
+		DBG_WARNING("Received %zu fds, ignoring message\n", num_fds);
+		return;
+	}
+
+	DBG_DEBUG("Received REQ_DEBUGLEVEL message (pid %s from pid %s)\n",
+		  server_id_str_buf(dst, &dst_buf),
+		  server_id_str_buf(src, &src_buf));
+
+	if (message == NULL) {
+		DBG_ERR("debug_list_class_names_and_levels returned NULL\n");
+		return;
+	}
+
+	blob = data_blob_string_const_null(message);
+	imessaging_send(msg_ctx, src, MSG_DEBUGLEVEL, &blob);
+
+	TALLOC_FREE(message);
+}
+
+/*
+  return uptime of messaging server via irpc
+*/
+static NTSTATUS irpc_uptime(struct irpc_message *msg,
+			    struct irpc_uptime *r)
+{
+	struct imessaging_context *ctx = talloc_get_type(msg->private_data, struct imessaging_context);
+	*r->out.start_time = timeval_to_nttime(&ctx->start_time);
+	return NT_STATUS_OK;
+}
+
+static struct dispatch_fn *imessaging_find_dispatch(
+	struct imessaging_context *msg, uint32_t msg_type)
+{
+	/* temporary IDs use an idtree, the rest use a array of pointers */
+	if (msg_type >= MSG_TMP_BASE) {
+		return (struct dispatch_fn *)idr_find(msg->dispatch_tree,
+						      msg_type);
+	}
+	if (msg_type < msg->num_types) {
+		return msg->dispatch[msg_type];
+	}
+	return NULL;
+}
+
+/*
+  Register a dispatch function for a particular message type.
+*/
+NTSTATUS imessaging_register(struct imessaging_context *msg, void *private_data,
+			    uint32_t msg_type, msg_callback_t fn)
+{
+	struct dispatch_fn *d;
+
+	/* possibly expand dispatch array */
+	if (msg_type >= msg->num_types) {
+		struct dispatch_fn **dp;
+		uint32_t i;
+		dp = talloc_realloc(msg, msg->dispatch, struct dispatch_fn *, msg_type+1);
+		NT_STATUS_HAVE_NO_MEMORY(dp);
+		msg->dispatch = dp;
+		for (i=msg->num_types;i<=msg_type;i++) {
+			msg->dispatch[i] = NULL;
+		}
+		msg->num_types = msg_type+1;
+	}
+
+	d = talloc_zero(msg->dispatch, struct dispatch_fn);
+	NT_STATUS_HAVE_NO_MEMORY(d);
+	d->msg_type = msg_type;
+	d->private_data = private_data;
+	d->fn = fn;
+
+	DLIST_ADD(msg->dispatch[msg_type], d);
+
+	return NT_STATUS_OK;
+}
+
+/*
+  register a temporary message handler. The msg_type is allocated
+  above MSG_TMP_BASE
+*/
+NTSTATUS imessaging_register_tmp(struct imessaging_context *msg, void *private_data,
+				msg_callback_t fn, uint32_t *msg_type)
+{
+	struct dispatch_fn *d;
+	int id;
+
+	d = talloc_zero(msg->dispatch, struct dispatch_fn);
+	NT_STATUS_HAVE_NO_MEMORY(d);
+	d->private_data = private_data;
+	d->fn = fn;
+
+	id = idr_get_new_above(msg->dispatch_tree, d, MSG_TMP_BASE, UINT16_MAX);
+	if (id == -1) {
+		talloc_free(d);
+		return NT_STATUS_TOO_MANY_CONTEXT_IDS;
+	}
+
+	d->msg_type = (uint32_t)id;
+	(*msg_type) = d->msg_type;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  De-register the function for a particular message type. Return the number of
+  functions deregistered.
+*/
+size_t imessaging_deregister(struct imessaging_context *msg, uint32_t msg_type, void *private_data)
+{
+	struct dispatch_fn *d, *next;
+	size_t removed = 0;
+
+	if (msg_type >= msg->num_types) {
+		d = (struct dispatch_fn *)idr_find(msg->dispatch_tree,
+						   msg_type);
+		if (!d) return 0;
+		idr_remove(msg->dispatch_tree, msg_type);
+		talloc_free(d);
+		return 1;
+	}
+
+	for (d = msg->dispatch[msg_type]; d; d = next) {
+		next = d->next;
+		if (d->private_data == private_data) {
+			DLIST_REMOVE(msg->dispatch[msg_type], d);
+			talloc_free(d);
+			++removed;
+		}
+	}
+
+	return removed;
+}
+
+/*
+*/
+int imessaging_cleanup(struct imessaging_context *msg)
+{
+	return 0;
+}
+
+static void imessaging_dgm_recv(struct tevent_context *ev,
+				const uint8_t *buf, size_t buf_len,
+				int *fds, size_t num_fds,
+				void *private_data);
+
+/* Keep a list of imessaging contexts */
+static struct imessaging_context *msg_ctxs;
+
+/*
+ * A process has terminated, clean-up any names it has registered.
+ */
+NTSTATUS imessaging_process_cleanup(
+	struct imessaging_context *msg_ctx,
+	pid_t pid)
+{
+	struct irpc_name_records *names = NULL;
+	uint32_t i = 0;
+	uint32_t j = 0;
+	TALLOC_CTX *mem_ctx = talloc_new(NULL);
+
+	if (mem_ctx == NULL) {
+		DBG_ERR("OOM unable to clean up messaging for process (%d)\n",
+			pid);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	names = irpc_all_servers(msg_ctx, mem_ctx);
+	if (names == NULL) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_OK;
+	}
+	for (i = 0; i < names->num_records; i++) {
+		for (j = 0; j < names->names[i]->count; j++) {
+			if (names->names[i]->ids[j].pid == pid) {
+				int ret = server_id_db_prune_name(
+					msg_ctx->names,
+					names->names[i]->name,
+					names->names[i]->ids[j]);
+				if (ret != 0 && ret != ENOENT) {
+					TALLOC_FREE(mem_ctx);
+					return map_nt_error_from_unix_common(
+					    ret);
+				}
+			}
+		}
+	}
+	TALLOC_FREE(mem_ctx);
+	return NT_STATUS_OK;
+}
+
+static int imessaging_context_destructor(struct imessaging_context *msg)
+{
+	struct irpc_request *irpc = NULL;
+	struct irpc_request *next = NULL;
+
+	for (irpc = msg->requests; irpc != NULL; irpc = next) {
+		next = irpc->next;
+
+		DLIST_REMOVE(msg->requests, irpc);
+		irpc->callid = -1;
+	}
+
+	DLIST_REMOVE(msg_ctxs, msg);
+	TALLOC_FREE(msg->msg_dgm_ref);
+	return 0;
+}
+
+/*
+ * Cleanup messaging dgm contexts on a specific event context.
+ *
+ * We must make sure to unref all messaging_dgm_ref's *before* the
+ * tevent context goes away. Only when the last ref is freed, the
+ * refcounted messaging dgm context will be freed.
+ */
+void imessaging_dgm_unref_ev(struct tevent_context *ev)
+{
+	struct imessaging_context *msg = NULL;
+
+	for (msg = msg_ctxs; msg != NULL; msg = msg->next) {
+		if (msg->ev == ev) {
+			TALLOC_FREE(msg->msg_dgm_ref);
+		}
+	}
+}
+
+static NTSTATUS imessaging_reinit(struct imessaging_context *msg)
+{
+	int ret = -1;
+
+	TALLOC_FREE(msg->msg_dgm_ref);
+
+	if (msg->discard_incoming) {
+		msg->num_incoming_listeners = 0;
+	} else {
+		msg->num_incoming_listeners = 1;
+	}
+
+	msg->server_id.pid = getpid();
+
+	msg->msg_dgm_ref = messaging_dgm_ref(msg,
+				msg->ev,
+				&msg->server_id.unique_id,
+				msg->sock_dir,
+				msg->lock_dir,
+				imessaging_dgm_recv,
+				msg,
+				&ret);
+
+	if (msg->msg_dgm_ref == NULL) {
+		DEBUG(2, ("messaging_dgm_ref failed: %s\n",
+			strerror(ret)));
+		return map_nt_error_from_unix_common(ret);
+	}
+
+	server_id_db_reinit(msg->names, msg->server_id);
+	return NT_STATUS_OK;
+}
+
+/*
+ * Must be called after a fork.
+ */
+NTSTATUS imessaging_reinit_all(void)
+{
+	struct imessaging_context *msg = NULL;
+
+	for (msg = msg_ctxs; msg != NULL; msg = msg->next) {
+		NTSTATUS status = imessaging_reinit(msg);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+	}
+	return NT_STATUS_OK;
+}
+
+/*
+  create the listening socket and setup the dispatcher
+*/
+static struct imessaging_context *imessaging_init_internal(
+					   TALLOC_CTX *mem_ctx,
+					   bool discard_incoming,
+					   struct loadparm_context *lp_ctx,
+					   struct server_id server_id,
+					   struct tevent_context *ev)
+{
+	NTSTATUS status;
+	struct imessaging_context *msg;
+	bool ok;
+	int ret;
+	const char *lock_dir = NULL;
+	int tdb_flags = TDB_INCOMPATIBLE_HASH | TDB_CLEAR_IF_FIRST;
+
+	if (ev == NULL) {
+		return NULL;
+	}
+
+	msg = talloc_zero(mem_ctx, struct imessaging_context);
+	if (msg == NULL) {
+		return NULL;
+	}
+	msg->ev = ev;
+	msg->discard_incoming = discard_incoming;
+	if (msg->discard_incoming) {
+		msg->num_incoming_listeners = 0;
+	} else {
+		msg->num_incoming_listeners = 1;
+	}
+
+	talloc_set_destructor(msg, imessaging_context_destructor);
+
+	/* create the messaging directory if needed */
+
+	lock_dir = lpcfg_lock_directory(lp_ctx);
+	if (lock_dir == NULL) {
+		goto fail;
+	}
+
+	msg->sock_dir = lpcfg_private_path(msg, lp_ctx, "msg.sock");
+	if (msg->sock_dir == NULL) {
+		goto fail;
+	}
+	ok = directory_create_or_exist_strict(msg->sock_dir, geteuid(), 0700);
+	if (!ok) {
+		goto fail;
+	}
+
+	msg->lock_dir = lpcfg_lock_path(msg, lp_ctx, "msg.lock");
+	if (msg->lock_dir == NULL) {
+		goto fail;
+	}
+	ok = directory_create_or_exist_strict(msg->lock_dir, geteuid(), 0755);
+	if (!ok) {
+		goto fail;
+	}
+
+	msg->msg_dgm_ref = messaging_dgm_ref(
+		msg, ev, &server_id.unique_id, msg->sock_dir, msg->lock_dir,
+		imessaging_dgm_recv, msg, &ret);
+
+	if (msg->msg_dgm_ref == NULL) {
+		goto fail;
+	}
+
+	msg->server_id     = server_id;
+	msg->idr           = idr_init(msg);
+	if (msg->idr == NULL) {
+		goto fail;
+	}
+
+	msg->dispatch_tree = idr_init(msg);
+	if (msg->dispatch_tree == NULL) {
+		goto fail;
+	}
+
+	msg->start_time    = timeval_current();
+
+	tdb_flags |= lpcfg_tdb_flags(lp_ctx, 0);
+
+	/*
+	 * This context holds a destructor that cleans up any names
+	 * registered on this context on talloc_free()
+	 */
+	msg->names = server_id_db_init(msg, server_id, lock_dir, 0, tdb_flags);
+	if (msg->names == NULL) {
+		goto fail;
+	}
+
+	status = imessaging_register(msg, NULL, MSG_PING, ping_message);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto fail;
+	}
+	status = imessaging_register(msg, NULL, MSG_REQ_POOL_USAGE,
+				     pool_message);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto fail;
+	}
+	status = imessaging_register(msg, NULL, MSG_IRPC, irpc_handler);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto fail;
+	}
+	status = imessaging_register(msg, NULL, MSG_REQ_RINGBUF_LOG,
+				     ringbuf_log_msg);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto fail;
+	}
+	status = imessaging_register(msg, NULL, MSG_DEBUG,
+				     debug_imessage);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto fail;
+	}
+	status = imessaging_register(msg, NULL, MSG_REQ_DEBUGLEVEL,
+				     debuglevel_imessage);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto fail;
+	}
+	status = IRPC_REGISTER(msg, irpc, IRPC_UPTIME, irpc_uptime, msg);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto fail;
+	}
+#if defined(DEVELOPER) || defined(ENABLE_SELFTEST)
+	/*
+	 * Register handlers for messages specific to developer and
+	 * self test builds
+	 */
+	status = imessaging_register_extra_handlers(msg);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto fail;
+	}
+#endif /* defined(DEVELOPER) || defined(ENABLE_SELFTEST) */
+
+	DLIST_ADD(msg_ctxs, msg);
+
+	return msg;
+fail:
+	talloc_free(msg);
+	return NULL;
+}
+
+/*
+  create the listening socket and setup the dispatcher
+*/
+struct imessaging_context *imessaging_init(TALLOC_CTX *mem_ctx,
+					   struct loadparm_context *lp_ctx,
+					   struct server_id server_id,
+					   struct tevent_context *ev)
+{
+	bool discard_incoming = false;
+	return imessaging_init_internal(mem_ctx,
+					discard_incoming,
+					lp_ctx,
+					server_id,
+					ev);
+}
+
+struct imessaging_context *imessaging_init_discard_incoming(
+						TALLOC_CTX *mem_ctx,
+						struct loadparm_context *lp_ctx,
+						struct server_id server_id,
+						struct tevent_context *ev)
+{
+	bool discard_incoming = true;
+	return imessaging_init_internal(mem_ctx,
+					discard_incoming,
+					lp_ctx,
+					server_id,
+					ev);
+}
+
+struct imessaging_post_state {
+	struct imessaging_context *msg_ctx;
+	struct imessaging_post_state **busy_ref;
+	size_t buf_len;
+	uint8_t buf[];
+};
+
+static int imessaging_post_state_destructor(struct imessaging_post_state *state)
+{
+	if (state->busy_ref != NULL) {
+		*state->busy_ref = NULL;
+		state->busy_ref = NULL;
+	}
+	return 0;
+}
+
+static void imessaging_post_handler(struct tevent_context *ev,
+				    struct tevent_immediate *ti,
+				    void *private_data)
+{
+	struct imessaging_post_state *state = talloc_get_type_abort(
+		private_data, struct imessaging_post_state);
+
+	if (state == NULL) {
+		return;
+	}
+
+	/*
+	 * In usecases like using messaging_client_init() with irpc processing
+	 * we may free the imessaging_context during the messaging handler.
+	 * imessaging_post_state is a child of imessaging_context and
+	 * might be implicitly free'ed before the explicit TALLOC_FREE(state).
+	 *
+	 * The busy_ref pointer makes sure the destructor clears
+	 * the local 'state' variable.
+	 */
+
+	SMB_ASSERT(state->busy_ref == NULL);
+	state->busy_ref = &state;
+
+	imessaging_dgm_recv(ev, state->buf, state->buf_len, NULL, 0,
+			    state->msg_ctx);
+
+	state->busy_ref = NULL;
+	TALLOC_FREE(state);
+}
+
+static int imessaging_post_self(struct imessaging_context *msg,
+				const uint8_t *buf, size_t buf_len)
+{
+	struct tevent_immediate *ti;
+	struct imessaging_post_state *state;
+
+	state = talloc_size(
+		msg, offsetof(struct imessaging_post_state, buf) + buf_len);
+	if (state == NULL) {
+		return ENOMEM;
+	}
+	talloc_set_name_const(state, "struct imessaging_post_state");
+
+	talloc_set_destructor(state, imessaging_post_state_destructor);
+
+	ti = tevent_create_immediate(state);
+	if (ti == NULL) {
+		TALLOC_FREE(state);
+		return ENOMEM;
+	}
+
+	state->msg_ctx = msg;
+	state->busy_ref = NULL;
+	state->buf_len = buf_len;
+	memcpy(state->buf, buf, buf_len);
+
+	tevent_schedule_immediate(ti, msg->ev, imessaging_post_handler,
+				  state);
+
+	return 0;
+}
+
+static void imessaging_dgm_recv(struct tevent_context *ev,
+				const uint8_t *buf, size_t buf_len,
+				int *fds, size_t num_fds,
+				void *private_data)
+{
+	struct imessaging_context *msg = talloc_get_type_abort(
+		private_data, struct imessaging_context);
+	uint32_t msg_type;
+	struct server_id src, dst;
+	struct server_id_buf srcbuf, dstbuf;
+	DATA_BLOB data;
+
+	if (buf_len < MESSAGE_HDR_LENGTH) {
+		/* Invalid message, ignore */
+		return;
+	}
+
+	if (msg->num_incoming_listeners == 0) {
+		struct server_id_buf selfbuf;
+
+		message_hdr_get(&msg_type, &src, &dst, buf);
+
+		DBG_DEBUG("not listening - discarding message from "
+			  "src[%s] to dst[%s] (self[%s]) type=0x%x "
+			  "on %s event context\n",
+			   server_id_str_buf(src, &srcbuf),
+			   server_id_str_buf(dst, &dstbuf),
+			   server_id_str_buf(msg->server_id, &selfbuf),
+			   (unsigned)msg_type,
+			   (ev != msg->ev) ? "different" : "main");
+		return;
+	}
+
+	if (ev != msg->ev) {
+		int ret;
+		ret = imessaging_post_self(msg, buf, buf_len);
+		if (ret != 0) {
+			DBG_WARNING("imessaging_post_self failed: %s\n",
+				    strerror(ret));
+		}
+		return;
+	}
+
+	message_hdr_get(&msg_type, &src, &dst, buf);
+
+	data.data = discard_const_p(uint8_t, buf + MESSAGE_HDR_LENGTH);
+	data.length = buf_len - MESSAGE_HDR_LENGTH;
+
+	if ((cluster_id_equal(&dst, &msg->server_id)) ||
+	    ((dst.task_id == 0) && (msg->server_id.pid == 0))) {
+		struct dispatch_fn *d, *next;
+
+		DEBUG(10, ("%s: dst %s matches my id: %s, type=0x%x\n",
+			   __func__,
+			   server_id_str_buf(dst, &dstbuf),
+			   server_id_str_buf(msg->server_id, &srcbuf),
+			   (unsigned)msg_type));
+
+		d = imessaging_find_dispatch(msg, msg_type);
+
+		for (; d; d = next) {
+			next = d->next;
+			d->fn(msg,
+			      d->private_data,
+			      d->msg_type,
+			      src,
+			      num_fds,
+			      fds,
+			      &data);
+		}
+	} else {
+		DEBUG(10, ("%s: Ignoring type=0x%x dst %s, I am %s, \n",
+			   __func__, (unsigned)msg_type,
+			   server_id_str_buf(dst, &dstbuf),
+			   server_id_str_buf(msg->server_id, &srcbuf)));
+	}
+}
+
+/*
+   A hack, for the short term until we get 'client only' messaging in place
+*/
+struct imessaging_context *imessaging_client_init(TALLOC_CTX *mem_ctx,
+						  struct loadparm_context *lp_ctx,
+						struct tevent_context *ev)
+{
+	struct server_id id;
+	ZERO_STRUCT(id);
+	id.pid = getpid();
+	id.task_id = generate_random();
+	id.vnn = NONCLUSTER_VNN;
+
+	/* This is because we are not in the s3 serverid database */
+	id.unique_id = SERVERID_UNIQUE_ID_NOT_TO_VERIFY;
+
+	return imessaging_init_discard_incoming(mem_ctx, lp_ctx, id, ev);
+}
+
+/*
+  a list of registered irpc server functions
+*/
+struct irpc_list {
+	struct irpc_list *next, *prev;
+	struct GUID uuid;
+	const struct ndr_interface_table *table;
+	int callnum;
+	irpc_function_t fn;
+	void *private_data;
+};
+
+
+/*
+  register a irpc server function
+*/
+NTSTATUS irpc_register(struct imessaging_context *msg_ctx,
+		       const struct ndr_interface_table *table,
+		       int callnum, irpc_function_t fn, void *private_data)
+{
+	struct irpc_list *irpc;
+
+	/* override an existing handler, if any */
+	for (irpc=msg_ctx->irpc; irpc; irpc=irpc->next) {
+		if (irpc->table == table && irpc->callnum == callnum) {
+			break;
+		}
+	}
+	if (irpc == NULL) {
+		irpc = talloc(msg_ctx, struct irpc_list);
+		NT_STATUS_HAVE_NO_MEMORY(irpc);
+		DLIST_ADD(msg_ctx->irpc, irpc);
+	}
+
+	irpc->table   = table;
+	irpc->callnum = callnum;
+	irpc->fn      = fn;
+	irpc->private_data = private_data;
+	irpc->uuid = irpc->table->syntax_id.uuid;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  handle an incoming irpc reply message
+*/
+static void irpc_handler_reply(struct imessaging_context *msg_ctx, struct irpc_message *m)
+{
+	struct irpc_request *irpc;
+
+	irpc = (struct irpc_request *)idr_find(msg_ctx->idr, m->header.callid);
+	if (irpc == NULL) return;
+
+	irpc->incoming.handler(irpc, m);
+}
+
+/*
+  send a irpc reply
+*/
+NTSTATUS irpc_send_reply(struct irpc_message *m, NTSTATUS status)
+{
+	struct ndr_push *push;
+	DATA_BLOB packet;
+	enum ndr_err_code ndr_err;
+
+	m->header.status = status;
+
+	/* setup the reply */
+	push = ndr_push_init_ctx(m->ndr);
+	if (push == NULL) {
+		status = NT_STATUS_NO_MEMORY;
+		goto failed;
+	}
+
+	m->header.flags |= IRPC_FLAG_REPLY;
+	m->header.creds.token= NULL;
+
+	/* construct the packet */
+	ndr_err = ndr_push_irpc_header(push, NDR_SCALARS|NDR_BUFFERS, &m->header);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		status = ndr_map_error2ntstatus(ndr_err);
+		goto failed;
+	}
+
+	ndr_err = m->irpc->table->calls[m->irpc->callnum].ndr_push(push, NDR_OUT, m->data);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		status = ndr_map_error2ntstatus(ndr_err);
+		goto failed;
+	}
+
+	/* send the reply message */
+	packet = ndr_push_blob(push);
+	status = imessaging_send(m->msg_ctx, m->from, MSG_IRPC, &packet);
+	if (!NT_STATUS_IS_OK(status)) goto failed;
+
+failed:
+	talloc_free(m);
+	return status;
+}
+
+/*
+  handle an incoming irpc request message
+*/
+static void irpc_handler_request(struct imessaging_context *msg_ctx,
+				 struct irpc_message *m)
+{
+	struct irpc_list *i;
+	void *r;
+	enum ndr_err_code ndr_err;
+
+	for (i=msg_ctx->irpc; i; i=i->next) {
+		if (GUID_equal(&i->uuid, &m->header.uuid) &&
+		    i->table->syntax_id.if_version == m->header.if_version &&
+		    i->callnum == m->header.callnum) {
+			break;
+		}
+	}
+
+	if (i == NULL) {
+		/* no registered handler for this message */
+		talloc_free(m);
+		return;
+	}
+
+	/* allocate space for the structure */
+	r = talloc_zero_size(m->ndr, i->table->calls[m->header.callnum].struct_size);
+	if (r == NULL) goto failed;
+
+	m->ndr->flags |= LIBNDR_FLAG_REF_ALLOC;
+
+	/* parse the request data */
+	ndr_err = i->table->calls[i->callnum].ndr_pull(m->ndr, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) goto failed;
+
+	/* make the call */
+	m->private_data= i->private_data;
+	m->defer_reply = false;
+	m->no_reply    = false;
+	m->msg_ctx     = msg_ctx;
+	m->irpc        = i;
+	m->data        = r;
+
+	m->header.status = i->fn(m, r);
+
+	if (m->no_reply) {
+		/* the server function won't ever be replying to this request */
+		talloc_free(m);
+		return;
+	}
+
+	if (m->defer_reply) {
+		/* the server function has asked to defer the reply to later */
+		talloc_steal(msg_ctx, m);
+		return;
+	}
+
+	irpc_send_reply(m, m->header.status);
+	return;
+
+failed:
+	talloc_free(m);
+}
+
+/*
+  handle an incoming irpc message
+*/
+static void irpc_handler(struct imessaging_context *msg_ctx,
+			 void *private_data,
+			 uint32_t msg_type,
+			 struct server_id src,
+			 size_t num_fds,
+			 int *fds,
+			 DATA_BLOB *packet)
+{
+	struct irpc_message *m;
+	enum ndr_err_code ndr_err;
+
+	if (num_fds != 0) {
+		DBG_WARNING("Received %zu fds, ignoring message\n", num_fds);
+		return;
+	}
+
+	m = talloc(msg_ctx, struct irpc_message);
+	if (m == NULL) goto failed;
+
+	m->from = src;
+
+	m->ndr = ndr_pull_init_blob(packet, m);
+	if (m->ndr == NULL) goto failed;
+
+	m->ndr->flags |= LIBNDR_FLAG_REF_ALLOC;
+
+	ndr_err = ndr_pull_irpc_header(m->ndr, NDR_BUFFERS|NDR_SCALARS, &m->header);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) goto failed;
+
+	if (m->header.flags & IRPC_FLAG_REPLY) {
+		irpc_handler_reply(msg_ctx, m);
+	} else {
+		irpc_handler_request(msg_ctx, m);
+	}
+	return;
+
+failed:
+	talloc_free(m);
+}
+
+
+/*
+  destroy a irpc request
+*/
+static int irpc_destructor(struct irpc_request *irpc)
+{
+	if (irpc->callid != -1) {
+		DLIST_REMOVE(irpc->msg_ctx->requests, irpc);
+		idr_remove(irpc->msg_ctx->idr, irpc->callid);
+		if (irpc->msg_ctx->discard_incoming) {
+			SMB_ASSERT(irpc->msg_ctx->num_incoming_listeners > 0);
+		} else {
+			SMB_ASSERT(irpc->msg_ctx->num_incoming_listeners > 1);
+		}
+		irpc->msg_ctx->num_incoming_listeners -= 1;
+		irpc->callid = -1;
+	}
+
+	return 0;
+}
+
+/*
+  add a string name that this irpc server can be called on
+
+  It will be removed from the DB either via irpc_remove_name or on
+  talloc_free(msg_ctx->names).
+*/
+NTSTATUS irpc_add_name(struct imessaging_context *msg_ctx, const char *name)
+{
+	int ret;
+
+	ret = server_id_db_add(msg_ctx->names, name);
+	if (ret != 0) {
+		return map_nt_error_from_unix_common(ret);
+	}
+	return NT_STATUS_OK;
+}
+
+static int all_servers_func(const char *name, unsigned num_servers,
+			    const struct server_id *servers,
+			    void *private_data)
+{
+	struct irpc_name_records *name_records = talloc_get_type(
+		private_data, struct irpc_name_records);
+	struct irpc_name_record *name_record;
+	uint32_t i;
+
+	name_records->names
+		= talloc_realloc(name_records, name_records->names,
+				 struct irpc_name_record *, name_records->num_records+1);
+	if (!name_records->names) {
+		return -1;
+	}
+
+	name_records->names[name_records->num_records] = name_record
+		= talloc(name_records->names,
+			 struct irpc_name_record);
+	if (!name_record) {
+		return -1;
+	}
+
+	name_records->num_records++;
+
+	name_record->name = talloc_strdup(name_record, name);
+	if (!name_record->name) {
+		return -1;
+	}
+
+	name_record->count = num_servers;
+	name_record->ids = talloc_array(name_record, struct server_id,
+					num_servers);
+	if (name_record->ids == NULL) {
+		return -1;
+	}
+	for (i=0;i<name_record->count;i++) {
+		name_record->ids[i] = servers[i];
+	}
+	return 0;
+}
+
+/*
+  return a list of server ids for a server name
+*/
+struct irpc_name_records *irpc_all_servers(struct imessaging_context *msg_ctx,
+					   TALLOC_CTX *mem_ctx)
+{
+	int ret;
+	struct irpc_name_records *name_records = talloc_zero(mem_ctx, struct irpc_name_records);
+	if (name_records == NULL) {
+		return NULL;
+	}
+
+	ret = server_id_db_traverse_read(msg_ctx->names, all_servers_func,
+					 name_records);
+	if (ret == -1) {
+		TALLOC_FREE(name_records);
+		return NULL;
+	}
+
+	return name_records;
+}
+
+/*
+  remove a name from a messaging context
+*/
+void irpc_remove_name(struct imessaging_context *msg_ctx, const char *name)
+{
+	server_id_db_remove(msg_ctx->names, name);
+}
+
+struct server_id imessaging_get_server_id(struct imessaging_context *msg_ctx)
+{
+	return msg_ctx->server_id;
+}
+
+struct irpc_bh_state {
+	struct imessaging_context *msg_ctx;
+	struct server_id server_id;
+	const struct ndr_interface_table *table;
+	uint32_t timeout;
+	struct security_token *token;
+};
+
+static bool irpc_bh_is_connected(struct dcerpc_binding_handle *h)
+{
+	struct irpc_bh_state *hs = dcerpc_binding_handle_data(h,
+				   struct irpc_bh_state);
+
+	if (!hs->msg_ctx) {
+		return false;
+	}
+
+	return true;
+}
+
+static uint32_t irpc_bh_set_timeout(struct dcerpc_binding_handle *h,
+				    uint32_t timeout)
+{
+	struct irpc_bh_state *hs = dcerpc_binding_handle_data(h,
+				   struct irpc_bh_state);
+	uint32_t old = hs->timeout;
+
+	hs->timeout = timeout;
+
+	return old;
+}
+
+struct irpc_bh_raw_call_state {
+	struct irpc_request *irpc;
+	uint32_t opnum;
+	DATA_BLOB in_data;
+	DATA_BLOB in_packet;
+	DATA_BLOB out_data;
+};
+
+static void irpc_bh_raw_call_incoming_handler(struct irpc_request *irpc,
+					      struct irpc_message *m);
+
+static struct tevent_req *irpc_bh_raw_call_send(TALLOC_CTX *mem_ctx,
+						struct tevent_context *ev,
+						struct dcerpc_binding_handle *h,
+						const struct GUID *object,
+						uint32_t opnum,
+						uint32_t in_flags,
+						const uint8_t *in_data,
+						size_t in_length)
+{
+	struct irpc_bh_state *hs =
+		dcerpc_binding_handle_data(h,
+		struct irpc_bh_state);
+	struct tevent_req *req;
+	struct irpc_bh_raw_call_state *state;
+	bool ok;
+	struct irpc_header header;
+	struct ndr_push *ndr;
+	NTSTATUS status;
+	enum ndr_err_code ndr_err;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct irpc_bh_raw_call_state);
+	if (req == NULL) {
+		return NULL;
+	}
+	state->opnum = opnum;
+	state->in_data.data = discard_const_p(uint8_t, in_data);
+	state->in_data.length = in_length;
+
+	ok = irpc_bh_is_connected(h);
+	if (!ok) {
+		tevent_req_nterror(req, NT_STATUS_CONNECTION_DISCONNECTED);
+		return tevent_req_post(req, ev);
+	}
+
+	state->irpc = talloc_zero(state, struct irpc_request);
+	if (tevent_req_nomem(state->irpc, req)) {
+		return tevent_req_post(req, ev);
+	}
+
+	state->irpc->msg_ctx  = hs->msg_ctx;
+	state->irpc->callid   = idr_get_new(hs->msg_ctx->idr,
+					    state->irpc, UINT16_MAX);
+	if (state->irpc->callid == -1) {
+		tevent_req_nterror(req, NT_STATUS_INSUFFICIENT_RESOURCES);
+		return tevent_req_post(req, ev);
+	}
+	state->irpc->incoming.handler = irpc_bh_raw_call_incoming_handler;
+	state->irpc->incoming.private_data = req;
+
+	/* make sure we accept incoming messages */
+	SMB_ASSERT(state->irpc->msg_ctx->num_incoming_listeners < UINT64_MAX);
+	state->irpc->msg_ctx->num_incoming_listeners += 1;
+	DLIST_ADD_END(state->irpc->msg_ctx->requests, state->irpc);
+	talloc_set_destructor(state->irpc, irpc_destructor);
+
+	/* setup the header */
+	header.uuid = hs->table->syntax_id.uuid;
+
+	header.if_version = hs->table->syntax_id.if_version;
+	header.callid     = state->irpc->callid;
+	header.callnum    = state->opnum;
+	header.flags      = 0;
+	header.status     = NT_STATUS_OK;
+	header.creds.token= hs->token;
+
+	/* construct the irpc packet */
+	ndr = ndr_push_init_ctx(state->irpc);
+	if (tevent_req_nomem(ndr, req)) {
+		return tevent_req_post(req, ev);
+	}
+
+	ndr_err = ndr_push_irpc_header(ndr, NDR_SCALARS|NDR_BUFFERS, &header);
+	status = ndr_map_error2ntstatus(ndr_err);
+	if (!NT_STATUS_IS_OK(status)) {
+		tevent_req_nterror(req, status);
+		return tevent_req_post(req, ev);
+	}
+
+	ndr_err = ndr_push_bytes(ndr, in_data, in_length);
+	status = ndr_map_error2ntstatus(ndr_err);
+	if (!NT_STATUS_IS_OK(status)) {
+		tevent_req_nterror(req, status);
+		return tevent_req_post(req, ev);
+	}
+
+	/* and send it */
+	state->in_packet = ndr_push_blob(ndr);
+	status = imessaging_send(hs->msg_ctx, hs->server_id,
+				MSG_IRPC, &state->in_packet);
+	if (!NT_STATUS_IS_OK(status)) {
+		tevent_req_nterror(req, status);
+		return tevent_req_post(req, ev);
+	}
+
+	if (hs->timeout != IRPC_CALL_TIMEOUT_INF) {
+		/* set timeout-callback in case caller wants that */
+		ok = tevent_req_set_endtime(req, ev, timeval_current_ofs(hs->timeout, 0));
+		if (!ok) {
+			return tevent_req_post(req, ev);
+		}
+	}
+
+	return req;
+}
+
+static void irpc_bh_raw_call_incoming_handler(struct irpc_request *irpc,
+					      struct irpc_message *m)
+{
+	struct tevent_req *req =
+		talloc_get_type_abort(irpc->incoming.private_data,
+		struct tevent_req);
+	struct irpc_bh_raw_call_state *state =
+		tevent_req_data(req,
+		struct irpc_bh_raw_call_state);
+
+	talloc_steal(state, m);
+
+	if (!NT_STATUS_IS_OK(m->header.status)) {
+		tevent_req_nterror(req, m->header.status);
+		return;
+	}
+
+	state->out_data = data_blob_talloc(state,
+		m->ndr->data + m->ndr->offset,
+		m->ndr->data_size - m->ndr->offset);
+	if ((m->ndr->data_size - m->ndr->offset) > 0 && !state->out_data.data) {
+		tevent_req_oom(req);
+		return;
+	}
+
+	tevent_req_done(req);
+}
+
+static NTSTATUS irpc_bh_raw_call_recv(struct tevent_req *req,
+					TALLOC_CTX *mem_ctx,
+					uint8_t **out_data,
+					size_t *out_length,
+					uint32_t *out_flags)
+{
+	struct irpc_bh_raw_call_state *state =
+		tevent_req_data(req,
+		struct irpc_bh_raw_call_state);
+	NTSTATUS status;
+
+	if (tevent_req_is_nterror(req, &status)) {
+		tevent_req_received(req);
+		return status;
+	}
+
+	*out_data = talloc_move(mem_ctx, &state->out_data.data);
+	*out_length = state->out_data.length;
+	*out_flags = 0;
+	tevent_req_received(req);
+	return NT_STATUS_OK;
+}
+
+struct irpc_bh_disconnect_state {
+	uint8_t _dummy;
+};
+
+static struct tevent_req *irpc_bh_disconnect_send(TALLOC_CTX *mem_ctx,
+						struct tevent_context *ev,
+						struct dcerpc_binding_handle *h)
+{
+	struct irpc_bh_state *hs = dcerpc_binding_handle_data(h,
+				     struct irpc_bh_state);
+	struct tevent_req *req;
+	struct irpc_bh_disconnect_state *state;
+	bool ok;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct irpc_bh_disconnect_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	ok = irpc_bh_is_connected(h);
+	if (!ok) {
+		tevent_req_nterror(req, NT_STATUS_CONNECTION_DISCONNECTED);
+		return tevent_req_post(req, ev);
+	}
+
+	hs->msg_ctx = NULL;
+
+	tevent_req_done(req);
+	return tevent_req_post(req, ev);
+}
+
+static NTSTATUS irpc_bh_disconnect_recv(struct tevent_req *req)
+{
+	NTSTATUS status;
+
+	if (tevent_req_is_nterror(req, &status)) {
+		tevent_req_received(req);
+		return status;
+	}
+
+	tevent_req_received(req);
+	return NT_STATUS_OK;
+}
+
+static bool irpc_bh_ref_alloc(struct dcerpc_binding_handle *h)
+{
+	return true;
+}
+
+static void irpc_bh_do_ndr_print(struct dcerpc_binding_handle *h,
+				 ndr_flags_type ndr_flags,
+				 const void *_struct_ptr,
+				 const struct ndr_interface_call *call)
+{
+	void *struct_ptr = discard_const(_struct_ptr);
+	bool print_in = false;
+	bool print_out = false;
+
+	if (DEBUGLEVEL >= 11) {
+		print_in = true;
+		print_out = true;
+	}
+
+	if (ndr_flags & NDR_IN) {
+		if (print_in) {
+			ndr_print_function_debug(call->ndr_print,
+						 call->name,
+						 ndr_flags,
+						 struct_ptr);
+		}
+	}
+	if (ndr_flags & NDR_OUT) {
+		if (print_out) {
+			ndr_print_function_debug(call->ndr_print,
+						 call->name,
+						 ndr_flags,
+						 struct_ptr);
+		}
+	}
+}
+
+static const struct dcerpc_binding_handle_ops irpc_bh_ops = {
+	.name			= "wbint",
+	.is_connected		= irpc_bh_is_connected,
+	.set_timeout		= irpc_bh_set_timeout,
+	.raw_call_send		= irpc_bh_raw_call_send,
+	.raw_call_recv		= irpc_bh_raw_call_recv,
+	.disconnect_send	= irpc_bh_disconnect_send,
+	.disconnect_recv	= irpc_bh_disconnect_recv,
+
+	.ref_alloc		= irpc_bh_ref_alloc,
+	.do_ndr_print		= irpc_bh_do_ndr_print,
+};
+
+/* initialise a irpc binding handle */
+struct dcerpc_binding_handle *irpc_binding_handle(TALLOC_CTX *mem_ctx,
+						  struct imessaging_context *msg_ctx,
+						  struct server_id server_id,
+						  const struct ndr_interface_table *table)
+{
+	struct dcerpc_binding_handle *h;
+	struct irpc_bh_state *hs;
+
+	h = dcerpc_binding_handle_create(mem_ctx,
+					 &irpc_bh_ops,
+					 NULL,
+					 table,
+					 &hs,
+					 struct irpc_bh_state,
+					 __location__);
+	if (h == NULL) {
+		return NULL;
+	}
+	hs->msg_ctx = msg_ctx;
+	hs->server_id = server_id;
+	hs->table = table;
+	hs->timeout = IRPC_CALL_TIMEOUT;
+
+	return h;
+}
+
+struct dcerpc_binding_handle *irpc_binding_handle_by_name(TALLOC_CTX *mem_ctx,
+							  struct imessaging_context *msg_ctx,
+							  const char *dest_task,
+							  const struct ndr_interface_table *table)
+{
+	struct dcerpc_binding_handle *h;
+	unsigned num_sids;
+	struct server_id *sids;
+	struct server_id sid;
+	NTSTATUS status;
+
+	/* find the server task */
+
+	status = irpc_servers_byname(msg_ctx, mem_ctx, dest_task,
+				     &num_sids, &sids);
+	if (!NT_STATUS_IS_OK(status)) {
+		errno = EADDRNOTAVAIL;
+		return NULL;
+	}
+	sid = sids[0];
+	talloc_free(sids);
+
+	h = irpc_binding_handle(mem_ctx, msg_ctx,
+				sid, table);
+	if (h == NULL) {
+		return NULL;
+	}
+
+	return h;
+}
+
+void irpc_binding_handle_add_security_token(struct dcerpc_binding_handle *h,
+					    struct security_token *token)
+{
+	struct irpc_bh_state *hs =
+		dcerpc_binding_handle_data(h,
+		struct irpc_bh_state);
+
+	hs->token = token;
+}
diff --git a/source4/lib/messaging/messaging.h b/source4/lib/messaging/messaging.h
new file mode 100644
index 0000000..76b99ca
--- /dev/null
+++ b/source4/lib/messaging/messaging.h
@@ -0,0 +1,72 @@
+/* 
+   Unix SMB/CIFS implementation.
+   messages.c header
+   Copyright (C) Andrew Tridgell 2000
+   Copyright (C) 2001, 2002 by Martin Pool
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _SOURCE4_LIB_MESSAGING_MESSAGES_H_
+#define _SOURCE4_LIB_MESSAGING_MESSAGES_H_
+
+#include "librpc/gen_ndr/server_id.h"
+#include "lib/util/data_blob.h"
+#include "librpc/gen_ndr/messaging.h"
+
+struct loadparm_context;
+struct imessaging_context;
+
+/* taskid for messaging of parent process */
+#define SAMBA_PARENT_TASKID     0
+
+typedef void (*msg_callback_t)(
+	struct imessaging_context *msg,
+	void *private_data,
+	uint32_t msg_type,
+	struct server_id server_id,
+	size_t num_fds,
+	int *fds,
+	DATA_BLOB *data);
+
+NTSTATUS imessaging_send(struct imessaging_context *msg, struct server_id server,
+			uint32_t msg_type, const DATA_BLOB *data);
+NTSTATUS imessaging_register(struct imessaging_context *msg, void *private_data,
+			    uint32_t msg_type,
+			    msg_callback_t fn);
+NTSTATUS imessaging_register_tmp(struct imessaging_context *msg, void *private_data,
+				msg_callback_t fn, uint32_t *msg_type);
+struct imessaging_context *imessaging_init(TALLOC_CTX *mem_ctx,
+					   struct loadparm_context *lp_ctx,
+					   struct server_id server_id,
+					   struct tevent_context *ev);
+struct imessaging_context *imessaging_init_discard_incoming(
+						TALLOC_CTX *mem_ctx,
+						struct loadparm_context *lp_ctx,
+						struct server_id server_id,
+						struct tevent_context *ev);
+void imessaging_dgm_unref_ev(struct tevent_context *ev);
+NTSTATUS imessaging_reinit_all(void);
+int imessaging_cleanup(struct imessaging_context *msg);
+struct imessaging_context *imessaging_client_init(TALLOC_CTX *mem_ctx,
+					   struct loadparm_context *lp_ctx,
+					 struct tevent_context *ev);
+NTSTATUS imessaging_send_ptr(struct imessaging_context *msg, struct server_id server,
+			    uint32_t msg_type, void *ptr);
+size_t imessaging_deregister(struct imessaging_context *msg, uint32_t msg_type, void *private_data);
+struct server_id imessaging_get_server_id(struct imessaging_context *msg_ctx);
+NTSTATUS imessaging_process_cleanup(struct imessaging_context *msg_ctx,
+				    pid_t pid);
+
+#endif
diff --git a/source4/lib/messaging/messaging_handlers.c b/source4/lib/messaging/messaging_handlers.c
new file mode 100644
index 0000000..57e3e1c
--- /dev/null
+++ b/source4/lib/messaging/messaging_handlers.c
@@ -0,0 +1,135 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Handers for non core Samba internal messages
+
+   Handlers for messages that are only included in developer and self test
+   builds.
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2018
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/util/server_id.h"
+#include "messaging/messaging.h"
+#include "messaging/messaging_internal.h"
+
+#if defined(DEVELOPER) || defined(ENABLE_SELFTEST)
+
+/*
+ * Inject a fault into the currently running process
+ */
+static void do_inject_fault(struct imessaging_context *msg,
+			    void *private_data,
+			    uint32_t msg_type,
+			    struct server_id src,
+			    size_t num_fds,
+			    int *fds,
+			    DATA_BLOB *data)
+{
+	int sig;
+	struct server_id_buf tmp;
+
+	if (num_fds != 0) {
+		DBG_WARNING("Received %zu fds, ignoring message\n", num_fds);
+		return;
+	}
+
+	if (data->length != sizeof(sig)) {
+		DBG_ERR("Process %s sent bogus signal injection request\n",
+			server_id_str_buf(src, &tmp));
+		return;
+	}
+
+	sig = *(int *)data->data;
+	if (sig == -1) {
+		DBG_ERR("Process %s requested an iternal failure, "
+			"calling exit(1)\n",
+			server_id_str_buf(src, &tmp));
+		exit(1);
+	}
+
+#if HAVE_STRSIGNAL
+	DBG_ERR("Process %s requested injection of signal %d (%s)\n",
+		server_id_str_buf(src, &tmp),
+		sig,
+		strsignal(sig));
+#else
+	DBG_ERR("Process %s requested injection of signal %d\n",
+		server_id_str_buf(src, &tmp),
+		sig);
+#endif
+
+	kill(getpid(), sig);
+}
+
+/*
+ * Cause the current process to sleep for a specified number of seconds
+ */
+static void do_sleep(struct imessaging_context *msg,
+		     void *private_data,
+		     uint32_t msg_type,
+		     struct server_id src,
+		     size_t num_fds,
+		     int *fds,
+		     DATA_BLOB *data)
+{
+	unsigned int seconds;
+	struct server_id_buf tmp;
+
+	if (num_fds != 0) {
+		DBG_WARNING("Received %zu fds, ignoring message\n", num_fds);
+		return;
+	}
+
+	if (data->length != sizeof(seconds)) {
+		DBG_ERR("Process %s sent bogus sleep request\n",
+			server_id_str_buf(src, &tmp));
+		return;
+	}
+
+	seconds = *(unsigned int *)data->data;
+	DBG_ERR("Process %s requested a sleep of %u seconds\n",
+		server_id_str_buf(src, &tmp),
+		seconds);
+	sleep(seconds);
+	DBG_ERR("Restarting after %u second sleep requested by process %s\n",
+		seconds,
+		server_id_str_buf(src, &tmp));
+}
+
+/*
+ * Register the extra messaging handlers
+ */
+NTSTATUS imessaging_register_extra_handlers(struct imessaging_context *msg)
+{
+	NTSTATUS status;
+
+	status = imessaging_register(
+	    msg, NULL, MSG_SMB_INJECT_FAULT, do_inject_fault);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	status = imessaging_register(msg, NULL, MSG_SMB_SLEEP, do_sleep);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+#endif /* defined(DEVELOPER) || defined(ENABLE_SELFTEST) */
diff --git a/source4/lib/messaging/messaging_internal.h b/source4/lib/messaging/messaging_internal.h
new file mode 100644
index 0000000..6281bda
--- /dev/null
+++ b/source4/lib/messaging/messaging_internal.h
@@ -0,0 +1,50 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Samba internal messaging functions
+
+   Copyright (C) Andrew Tridgell 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+struct irpc_request;
+
+struct imessaging_context {
+	struct imessaging_context *prev, *next;
+	struct tevent_context *ev;
+	struct server_id server_id;
+	const char *sock_dir;
+	const char *lock_dir;
+	struct dispatch_fn **dispatch;
+	uint32_t num_types;
+	struct idr_context *dispatch_tree;
+	struct irpc_list *irpc;
+	struct idr_context *idr;
+	struct irpc_request *requests;
+	struct server_id_db *names;
+	struct timeval start_time;
+	void *msg_dgm_ref;
+	/*
+	 * The number of instances waiting for incoming
+	 * messages. By default it's always greater than 0.
+	 *
+	 * If it's 0 we'll discard incoming messages,
+	 * see imessaging_init_discard_imcoming().
+	 */
+	bool discard_incoming;
+	uint64_t num_incoming_listeners;
+};
+
+NTSTATUS imessaging_register_extra_handlers(struct imessaging_context *msg);
diff --git a/source4/lib/messaging/messaging_send.c b/source4/lib/messaging/messaging_send.c
new file mode 100644
index 0000000..24cdce3
--- /dev/null
+++ b/source4/lib/messaging/messaging_send.c
@@ -0,0 +1,115 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Samba internal messaging functions (send).
+
+   Copyright (C) Andrew Tridgell 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "messaging/messaging.h"
+#include "messaging/irpc.h"
+#include "lib/messaging/messages_dgm.h"
+#include "lib/messaging/messages_dgm_ref.h"
+#include "../source3/lib/messages_util.h"
+#include "messaging/messaging_internal.h"
+#include "lib/util/server_id_db.h"
+#include "cluster/cluster.h"
+#include "../lib/util/unix_privs.h"
+
+/*
+ * This file is for functions that can be called from auth_log without
+ * depending on all of dcerpc and so cause dep loops.
+ */
+
+/*
+  return a list of server ids for a server name
+*/
+NTSTATUS irpc_servers_byname(struct imessaging_context *msg_ctx,
+			     TALLOC_CTX *mem_ctx, const char *name,
+			     unsigned *num_servers,
+			     struct server_id **servers)
+{
+	int ret;
+
+	ret = server_id_db_lookup(msg_ctx->names, name, mem_ctx,
+				  num_servers, servers);
+	if (ret != 0) {
+		return map_nt_error_from_unix_common(ret);
+	}
+	return NT_STATUS_OK;
+}
+
+/*
+  Send a message to a particular server
+*/
+NTSTATUS imessaging_send(struct imessaging_context *msg, struct server_id server,
+			uint32_t msg_type, const DATA_BLOB *data)
+{
+	uint8_t hdr[MESSAGE_HDR_LENGTH];
+	struct iovec iov[2];
+	int num_iov, ret;
+	pid_t pid;
+	void *priv;
+
+	if (!cluster_node_equal(&msg->server_id, &server)) {
+		/* No cluster in source4... */
+		return NT_STATUS_OK;
+	}
+
+	message_hdr_put(hdr, msg_type, msg->server_id, server);
+
+	iov[0] = (struct iovec) { .iov_base = &hdr, .iov_len = sizeof(hdr) };
+	num_iov = 1;
+
+	if (data != NULL) {
+		iov[1] = (struct iovec) { .iov_base = data->data,
+					  .iov_len = data->length };
+		num_iov += 1;
+	}
+
+	pid = server.pid;
+	if (pid == 0) {
+		pid = getpid();
+	}
+
+	ret = messaging_dgm_send(pid, iov, num_iov, NULL, 0);
+
+	if (ret == EACCES) {
+		priv = root_privileges();
+		ret = messaging_dgm_send(pid, iov, num_iov, NULL, 0);
+		TALLOC_FREE(priv);
+	}
+
+	if (ret != 0) {
+		return map_nt_error_from_unix_common(ret);
+	}
+	return NT_STATUS_OK;
+}
+
+/*
+  Send a message to a particular server, with the message containing a single pointer
+*/
+NTSTATUS imessaging_send_ptr(struct imessaging_context *msg, struct server_id server,
+			    uint32_t msg_type, void *ptr)
+{
+	DATA_BLOB blob;
+
+	blob.data = (uint8_t *)&ptr;
+	blob.length = sizeof(void *);
+
+	return imessaging_send(msg, server, msg_type, &blob);
+}
diff --git a/source4/lib/messaging/pymessaging.c b/source4/lib/messaging/pymessaging.c
new file mode 100644
index 0000000..6b34306
--- /dev/null
+++ b/source4/lib/messaging/pymessaging.c
@@ -0,0 +1,576 @@
+/*
+   Unix SMB/CIFS implementation.
+   Copyright © Jelmer Vernooij <jelmer@samba.org> 2008
+
+   Based on the equivalent for EJS:
+   Copyright © Andrew Tridgell <tridge@samba.org> 2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "lib/replace/system/python.h"
+#include "python/py3compat.h"
+#include "includes.h"
+#include "python/modules.h"
+#include "libcli/util/pyerrors.h"
+#include "librpc/rpc/pyrpc_util.h"
+#include "librpc/ndr/libndr.h"
+#include "lib/messaging/messaging.h"
+#include "lib/messaging/irpc.h"
+#include "lib/events/events.h"
+#include "cluster/cluster.h"
+#include "param/param.h"
+#include "param/pyparam.h"
+#include "librpc/rpc/dcerpc.h"
+#include "librpc/gen_ndr/server_id.h"
+#include <pytalloc.h>
+#include "messaging_internal.h"
+
+
+extern PyTypeObject imessaging_Type;
+
+static bool server_id_from_py(PyObject *object, struct server_id *server_id)
+{
+	Py_ssize_t tuple_size;
+
+	if (!PyTuple_Check(object)) {
+		if (!py_check_dcerpc_type(object, "samba.dcerpc.server_id", "server_id")) {
+
+			PyErr_SetString(PyExc_ValueError, "Expected tuple or server_id");
+			return false;
+		}
+		*server_id = *pytalloc_get_type(object, struct server_id);
+		return true;
+	}
+
+	tuple_size = PyTuple_Size(object);
+	if (tuple_size == 3) {
+		unsigned long long pid;
+		int task_id, vnn;
+
+		if (!PyArg_ParseTuple(object, "Kii", &pid, &task_id, &vnn)) {
+			return false;
+		}
+		server_id->pid = pid;
+		server_id->task_id = task_id;
+		server_id->vnn = vnn;
+		return true;
+	} else if (tuple_size == 2) {
+		unsigned long long pid;
+		int task_id;
+		if (!PyArg_ParseTuple(object, "Ki", &pid, &task_id))
+			return false;
+		*server_id = cluster_id(pid, task_id);
+		return true;
+	} else if (tuple_size == 1) {
+		unsigned long long pid = getpid();
+		int task_id;
+		if (!PyArg_ParseTuple(object, "i", &task_id))
+			return false;
+		*server_id = cluster_id(pid, task_id);
+		return true;
+	} else {
+		PyErr_SetString(PyExc_ValueError, "Expected tuple containing one, two, or three elements");
+		return false;
+	}
+}
+
+typedef struct {
+	PyObject_HEAD
+	TALLOC_CTX *mem_ctx;
+	struct imessaging_context *msg_ctx;
+} imessaging_Object;
+
+static PyObject *py_imessaging_connect(PyTypeObject *self, PyObject *args, PyObject *kwargs)
+{
+	struct tevent_context *ev;
+	const char *kwnames[] = { "own_id", "lp_ctx", NULL };
+	PyObject *own_id = Py_None;
+	PyObject *py_lp_ctx = Py_None;
+	imessaging_Object *ret;
+	struct loadparm_context *lp_ctx;
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|OO",
+		discard_const_p(char *, kwnames), &own_id, &py_lp_ctx)) {
+		return NULL;
+	}
+
+	ret = PyObject_New(imessaging_Object, &imessaging_Type);
+	if (ret == NULL)
+		return NULL;
+
+	ret->mem_ctx = talloc_new(NULL);
+
+	lp_ctx = lpcfg_from_py_object(ret->mem_ctx, py_lp_ctx);
+	if (lp_ctx == NULL) {
+		PyErr_SetString(PyExc_RuntimeError, "unable to interpret loadparm_context");
+		talloc_free(ret->mem_ctx);
+		return NULL;
+	}
+
+	ev = s4_event_context_init(ret->mem_ctx);
+
+	if (own_id != Py_None) {
+		struct server_id server_id;
+
+		if (!server_id_from_py(own_id, &server_id)) {
+			talloc_free(ret->mem_ctx);
+			return NULL;
+		}
+
+		ret->msg_ctx = imessaging_init(ret->mem_ctx,
+					       lp_ctx,
+					       server_id,
+					       ev);
+	} else {
+		ret->msg_ctx = imessaging_client_init(ret->mem_ctx,
+						      lp_ctx,
+						      ev);
+	}
+
+	if (ret->msg_ctx == NULL) {
+		PyErr_SetString(PyExc_RuntimeError, "unable to create a messaging context");
+		talloc_free(ret->mem_ctx);
+		return NULL;
+	}
+
+	return (PyObject *)ret;
+}
+
+static void py_imessaging_dealloc(PyObject *self)
+{
+	imessaging_Object *iface = (imessaging_Object *)self;
+	talloc_free(iface->msg_ctx);
+	self->ob_type->tp_free(self);
+}
+
+static PyObject *py_imessaging_send(PyObject *self, PyObject *args, PyObject *kwargs)
+{
+	imessaging_Object *iface = (imessaging_Object *)self;
+	uint32_t msg_type;
+	DATA_BLOB data;
+	PyObject *target;
+	NTSTATUS status;
+	struct server_id server;
+	const char *kwnames[] = { "target", "msg_type", "data", NULL };
+	Py_ssize_t length;
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "OIs#:send",
+		discard_const_p(char *, kwnames), &target, &msg_type, &data.data, &length)) {
+
+		return NULL;
+	}
+
+	data.length = length;
+
+	if (!server_id_from_py(target, &server))
+		return NULL;
+
+	status = imessaging_send(iface->msg_ctx, server, msg_type, &data);
+	if (NT_STATUS_IS_ERR(status)) {
+		PyErr_SetNTSTATUS(status);
+		return NULL;
+	}
+
+	Py_RETURN_NONE;
+}
+
+static void py_msg_callback_wrapper(struct imessaging_context *msg,
+				    void *private_data,
+				    uint32_t msg_type,
+				    struct server_id server_id,
+				    size_t num_fds,
+				    int *fds,
+				    DATA_BLOB *data)
+{
+	PyObject *py_server_id, *callback_and_tuple = (PyObject *)private_data;
+	PyObject *callback, *py_private;
+	PyObject *result = NULL;
+
+	struct server_id *p_server_id = NULL;
+
+	if (num_fds != 0) {
+		DBG_WARNING("Received %zu fds, ignoring message\n", num_fds);
+		return;
+	}
+
+	p_server_id = talloc(NULL, struct server_id);
+	if (!p_server_id) {
+		PyErr_NoMemory();
+		return;
+	}
+	*p_server_id = server_id;
+
+	py_server_id = py_return_ndr_struct("samba.dcerpc.server_id", "server_id", p_server_id, p_server_id);
+	talloc_unlink(NULL, p_server_id);
+	if (py_server_id == NULL) {
+		return;
+	}
+
+	if (!PyArg_ParseTuple(callback_and_tuple, "OO",
+			      &callback,
+			      &py_private)) {
+		return;
+	}
+
+	result = PyObject_CallFunction(callback, discard_const_p(char, "OiOs#"),
+				       py_private,
+				       msg_type,
+				       py_server_id,
+				       data->data, data->length);
+	Py_XDECREF(result);
+}
+
+static PyObject *py_imessaging_register(PyObject *self, PyObject *args, PyObject *kwargs)
+{
+	imessaging_Object *iface = (imessaging_Object *)self;
+	int msg_type = -1;
+	PyObject *callback_and_context;
+	NTSTATUS status;
+	const char *kwnames[] = { "callback_and_context", "msg_type", NULL };
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "O|i:register",
+		discard_const_p(char *, kwnames),
+					 &callback_and_context, &msg_type)) {
+		return NULL;
+	}
+	if (!PyTuple_Check(callback_and_context)
+	    || PyTuple_Size(callback_and_context) != 2) {
+		PyErr_SetString(PyExc_ValueError, "Expected tuple of size 2 for callback_and_context");
+		return NULL;
+	}
+
+	Py_INCREF(callback_and_context);
+
+	if (msg_type == -1) {
+		uint32_t msg_type32 = msg_type;
+		status = imessaging_register_tmp(iface->msg_ctx, callback_and_context,
+						py_msg_callback_wrapper, &msg_type32);
+		msg_type = msg_type32;
+	} else {
+		status = imessaging_register(iface->msg_ctx, callback_and_context,
+				    msg_type, py_msg_callback_wrapper);
+	}
+	if (NT_STATUS_IS_ERR(status)) {
+		Py_DECREF(callback_and_context);
+		PyErr_SetNTSTATUS(status);
+		return NULL;
+	}
+
+	return PyLong_FromLong(msg_type);
+}
+
+static PyObject *py_imessaging_deregister(PyObject *self, PyObject *args, PyObject *kwargs)
+{
+	imessaging_Object *iface = (imessaging_Object *)self;
+	int msg_type = -1;
+	PyObject *callback;
+	const char *kwnames[] = { "callback", "msg_type", NULL };
+	size_t removed;
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "O|i:deregister",
+		discard_const_p(char *, kwnames), &callback, &msg_type)) {
+		return NULL;
+	}
+
+	removed = imessaging_deregister(iface->msg_ctx, msg_type, callback);
+	while (removed-- > 0) {
+		Py_DECREF(callback);
+	}
+
+	Py_RETURN_NONE;
+}
+
+static void simple_timer_handler(struct tevent_context *ev,
+				 struct tevent_timer *te,
+				 struct timeval current_time,
+				 void *private_data)
+{
+	return;
+}
+
+static PyObject *py_imessaging_loop_once(PyObject *self, PyObject *args, PyObject *kwargs)
+{
+	imessaging_Object *iface = (imessaging_Object *)self;
+	double offset;
+	int seconds;
+	struct timeval next_event;
+	struct tevent_timer *timer = NULL;
+	const char *kwnames[] = { "timeout", NULL };
+
+	TALLOC_CTX *frame = talloc_stackframe();
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "d",
+					 discard_const_p(char *, kwnames), &offset)) {
+		TALLOC_FREE(frame);
+		return NULL;
+	}
+
+	if (offset != 0.0) {
+		seconds = offset;
+		offset -= seconds;
+		next_event = tevent_timeval_current_ofs(seconds, (int)(offset*1000000));
+
+		timer = tevent_add_timer(iface->msg_ctx->ev, frame, next_event, simple_timer_handler,
+					 NULL);
+		if (timer == NULL) {
+			PyErr_NoMemory();
+			TALLOC_FREE(frame);
+			return NULL;
+		}
+	}
+
+	tevent_loop_once(iface->msg_ctx->ev);
+
+	TALLOC_FREE(frame);
+
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_irpc_add_name(PyObject *self, PyObject *args)
+{
+	imessaging_Object *iface = (imessaging_Object *)self;
+	char *server_name;
+	NTSTATUS status;
+
+	if (!PyArg_ParseTuple(args, "s", &server_name)) {
+		return NULL;
+	}
+
+	status = irpc_add_name(iface->msg_ctx, server_name);
+	if (!NT_STATUS_IS_OK(status)) {
+		PyErr_SetNTSTATUS(status);
+		return NULL;
+	}
+
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_irpc_remove_name(PyObject *self, PyObject *args)
+{
+	imessaging_Object *iface = (imessaging_Object *)self;
+	char *server_name;
+
+	if (!PyArg_ParseTuple(args, "s", &server_name)) {
+		return NULL;
+	}
+
+	irpc_remove_name(iface->msg_ctx, server_name);
+
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_irpc_servers_byname(PyObject *self, PyObject *args)
+{
+	imessaging_Object *iface = (imessaging_Object *)self;
+	char *server_name;
+	unsigned i, num_ids;
+	struct server_id *ids;
+	PyObject *pylist;
+	TALLOC_CTX *mem_ctx = talloc_new(NULL);
+	NTSTATUS status;
+
+	if (!mem_ctx) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	if (!PyArg_ParseTuple(args, "s", &server_name)) {
+		TALLOC_FREE(mem_ctx);
+		return NULL;
+	}
+
+	status = irpc_servers_byname(iface->msg_ctx, mem_ctx, server_name,
+				     &num_ids, &ids);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(mem_ctx);
+		PyErr_SetString(PyExc_KeyError, "No such name");
+		return NULL;
+	}
+
+	pylist = PyList_New(num_ids);
+	if (pylist == NULL) {
+		TALLOC_FREE(mem_ctx);
+		PyErr_NoMemory();
+		return NULL;
+	}
+	for (i = 0; i < num_ids; i++) {
+		PyObject *py_server_id;
+		struct server_id *p_server_id = talloc(NULL, struct server_id);
+		if (!p_server_id) {
+			TALLOC_FREE(mem_ctx);
+			PyErr_NoMemory();
+			return NULL;
+		}
+		*p_server_id = ids[i];
+
+		py_server_id = py_return_ndr_struct("samba.dcerpc.server_id", "server_id", p_server_id, p_server_id);
+		if (!py_server_id) {
+			TALLOC_FREE(mem_ctx);
+			return NULL;
+		}
+		PyList_SetItem(pylist, i, py_server_id);
+		talloc_unlink(NULL, p_server_id);
+	}
+	TALLOC_FREE(mem_ctx);
+	return pylist;
+}
+
+static PyObject *py_irpc_all_servers(PyObject *self,
+		PyObject *Py_UNUSED(ignored))
+{
+	imessaging_Object *iface = (imessaging_Object *)self;
+	PyObject *pylist;
+	int i;
+	struct irpc_name_records *records;
+	TALLOC_CTX *mem_ctx = talloc_new(NULL);
+	if (!mem_ctx) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	records = irpc_all_servers(iface->msg_ctx, mem_ctx);
+	if (records == NULL) {
+		TALLOC_FREE(mem_ctx);
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	pylist = PyList_New(records->num_records);
+	if (pylist == NULL) {
+		TALLOC_FREE(mem_ctx);
+		PyErr_NoMemory();
+		return NULL;
+	}
+	for (i = 0; i < records->num_records; i++) {
+		PyObject *py_name_record
+			= py_return_ndr_struct("samba.dcerpc.irpc",
+					       "name_record",
+					       records->names[i],
+					       records->names[i]);
+		if (!py_name_record) {
+			TALLOC_FREE(mem_ctx);
+			return NULL;
+		}
+		PyList_SetItem(pylist, i,
+			       py_name_record);
+	}
+	TALLOC_FREE(mem_ctx);
+	return pylist;
+}
+
+static PyMethodDef py_imessaging_methods[] = {
+	{ "send", PY_DISCARD_FUNC_SIG(PyCFunction, py_imessaging_send),
+		METH_VARARGS|METH_KEYWORDS,
+		"S.send(target, msg_type, data) -> None\nSend a message" },
+	{ "register", PY_DISCARD_FUNC_SIG(PyCFunction, py_imessaging_register),
+		METH_VARARGS|METH_KEYWORDS,
+		"S.register((callback, context), msg_type=None) -> msg_type\nRegister a message handler.  "
+	        "The callback and context must be supplied as a two-element tuple." },
+	{ "deregister", PY_DISCARD_FUNC_SIG(PyCFunction,
+					    py_imessaging_deregister),
+		METH_VARARGS|METH_KEYWORDS,
+		"S.deregister((callback, context), msg_type) -> None\nDeregister a message handler "
+	        "The callback and context must be supplied as the exact same two-element tuple "
+	        "as was used at registration time." },
+	{ "loop_once", PY_DISCARD_FUNC_SIG(PyCFunction,
+					   py_imessaging_loop_once),
+		METH_VARARGS|METH_KEYWORDS,
+		"S.loop_once(timeout) -> None\n"
+	        "Loop on the internal event context until we get an event "
+	        "(which might be a message calling the callback), "
+	        "timeout after timeout seconds (if not 0)" },
+	{ "irpc_add_name", (PyCFunction)py_irpc_add_name, METH_VARARGS,
+		"S.irpc_add_name(name) -> None\n"
+	        "Add this context to the list of server_id values that "
+	        "are registered for a particular name" },
+	{ "irpc_remove_name", (PyCFunction)py_irpc_remove_name, METH_VARARGS,
+		"S.irpc_remove_name(name) -> None\n"
+	        "Remove this context from the list of server_id values that "
+	        "are registered for a particular name" },
+	{ "irpc_servers_byname", (PyCFunction)py_irpc_servers_byname, METH_VARARGS,
+		"S.irpc_servers_byname(name) -> list\nGet list of server_id values that are registered for a particular name" },
+	{ "irpc_all_servers", (PyCFunction)py_irpc_all_servers, METH_NOARGS,
+		"S.irpc_all_servers() -> list\n"
+	        "Get list of all registered names and the associated server_id values" },
+	{ NULL, NULL, 0, NULL }
+};
+
+static PyObject *py_imessaging_server_id(PyObject *obj, void *closure)
+{
+	imessaging_Object *iface = (imessaging_Object *)obj;
+	PyObject *py_server_id;
+	struct server_id server_id = imessaging_get_server_id(iface->msg_ctx);
+	struct server_id *p_server_id = talloc(NULL, struct server_id);
+	if (!p_server_id) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+	*p_server_id = server_id;
+
+	py_server_id = py_return_ndr_struct("samba.dcerpc.server_id", "server_id", p_server_id, p_server_id);
+	talloc_unlink(NULL, p_server_id);
+
+	return py_server_id;
+}
+
+static PyGetSetDef py_imessaging_getset[] = {
+	{
+		.name = discard_const_p(char, "server_id"),
+		.get  = py_imessaging_server_id,
+		.doc  = discard_const_p(char, "local server id")
+	},
+	{ .name = NULL },
+};
+
+
+PyTypeObject imessaging_Type = {
+	PyVarObject_HEAD_INIT(NULL, 0)
+	.tp_name = "messaging.Messaging",
+	.tp_basicsize = sizeof(imessaging_Object),
+	.tp_flags = Py_TPFLAGS_DEFAULT|Py_TPFLAGS_BASETYPE,
+	.tp_new = py_imessaging_connect,
+	.tp_dealloc = py_imessaging_dealloc,
+	.tp_methods = py_imessaging_methods,
+	.tp_getset = py_imessaging_getset,
+	.tp_doc = "Messaging(own_id=None, lp_ctx=None)\n" \
+		  "Create a new object that can be used to communicate with the peers in the specified messaging path.\n"
+};
+
+static struct PyModuleDef moduledef = {
+    PyModuleDef_HEAD_INIT,
+    .m_name = "messaging",
+    .m_doc = "Internal RPC",
+    .m_size = -1,
+    .m_methods = NULL,
+};
+
+MODULE_INIT_FUNC(messaging)
+{
+	PyObject *mod;
+
+	if (PyType_Ready(&imessaging_Type) < 0)
+		return NULL;
+
+	mod = PyModule_Create(&moduledef);
+	if (mod == NULL)
+		return NULL;
+
+	Py_INCREF((PyObject *)&imessaging_Type);
+	PyModule_AddObject(mod, "Messaging", (PyObject *)&imessaging_Type);
+	PyModule_AddObject(mod, "IRPC_CALL_TIMEOUT", PyLong_FromLong(IRPC_CALL_TIMEOUT));
+	PyModule_AddObject(mod, "IRPC_CALL_TIMEOUT_INF", PyLong_FromLong(IRPC_CALL_TIMEOUT_INF));
+
+	return mod;
+}
diff --git a/source4/lib/messaging/tests/irpc.c b/source4/lib/messaging/tests/irpc.c
new file mode 100644
index 0000000..466b47f
--- /dev/null
+++ b/source4/lib/messaging/tests/irpc.c
@@ -0,0 +1,308 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   local test for irpc code
+
+   Copyright (C) Andrew Tridgell 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include "lib/messaging/irpc.h"
+#include "librpc/gen_ndr/ndr_echo.h"
+#include "librpc/gen_ndr/ndr_echo_c.h"
+#include "torture/torture.h"
+#include "cluster/cluster.h"
+#include "param/param.h"
+#include "torture/local/proto.h"
+
+const uint32_t MSG_ID1 = 1, MSG_ID2 = 2;
+
+static bool test_debug;
+
+struct irpc_test_data
+{
+	struct imessaging_context *msg_ctx1, *msg_ctx2;
+	struct tevent_context *ev;
+};
+
+/*
+  serve up AddOne over the irpc system
+*/
+static NTSTATUS irpc_AddOne(struct irpc_message *irpc, struct echo_AddOne *r)
+{
+	*r->out.out_data = r->in.in_data + 1;
+	if (test_debug) {
+		printf("irpc_AddOne: in=%u in+1=%u out=%u\n", 
+			r->in.in_data, r->in.in_data+1, *r->out.out_data);
+	}
+	return NT_STATUS_OK;
+}
+
+/*
+  a deferred reply to echodata
+*/
+static void deferred_echodata(struct tevent_context *ev, struct tevent_timer *te, 
+			      struct timeval t, void *private_data)
+{
+	struct irpc_message *irpc = talloc_get_type(private_data, struct irpc_message);
+	struct echo_EchoData *r = (struct echo_EchoData *)irpc->data;
+	r->out.out_data = (uint8_t *)talloc_memdup(r, r->in.in_data, r->in.len);
+	if (r->out.out_data == NULL) {
+		irpc_send_reply(irpc, NT_STATUS_NO_MEMORY);
+	}
+	printf("sending deferred reply\n");
+	irpc_send_reply(irpc, NT_STATUS_OK);
+}
+
+
+/*
+  serve up EchoData over the irpc system
+*/
+static NTSTATUS irpc_EchoData(struct irpc_message *irpc, struct echo_EchoData *r)
+{
+	struct irpc_test_data *data = talloc_get_type_abort(irpc->private_data, struct irpc_test_data);
+	irpc->defer_reply = true;
+	tevent_add_timer(data->ev, irpc, timeval_zero(), deferred_echodata, irpc);
+	return NT_STATUS_OK;
+}
+
+
+/*
+  test a addone call over the internal messaging system
+*/
+static bool test_addone(struct torture_context *test, const void *_data,
+			const void *_value)
+{
+	struct echo_AddOne r;
+	NTSTATUS status;
+	const struct irpc_test_data *data = (const struct irpc_test_data *)_data;
+	uint32_t value = *(const uint32_t *)_value;
+	struct dcerpc_binding_handle *irpc_handle;
+
+	irpc_handle = irpc_binding_handle(test, data->msg_ctx1,
+					  cluster_id(0, MSG_ID2),
+					  &ndr_table_rpcecho);
+	torture_assert(test, irpc_handle, "no memory");
+
+	/* make the call */
+	r.in.in_data = value;
+
+	test_debug = true;
+	/*
+	 * Note: this makes use of nested event loops
+	 * as client and server use the same loop.
+	 */
+	dcerpc_binding_handle_set_sync_ev(irpc_handle, data->ev);
+	status = dcerpc_echo_AddOne_r(irpc_handle, test, &r);
+	test_debug = false;
+	torture_assert_ntstatus_ok(test, status, "AddOne failed");
+
+	/* check the answer */
+	torture_assert(test, *r.out.out_data == r.in.in_data + 1, 
+				   "AddOne wrong answer");
+
+	torture_comment(test, "%u + 1 = %u\n", r.in.in_data, *r.out.out_data);
+	return true;
+}
+
+/*
+  test a echodata call over the internal messaging system
+*/
+static bool test_echodata(struct torture_context *tctx,
+						  const void *tcase_data,
+						  const void *test_data)
+{
+	struct echo_EchoData r;
+	NTSTATUS status;
+	const struct irpc_test_data *data = (const struct irpc_test_data *)tcase_data;
+	TALLOC_CTX *mem_ctx = tctx;
+	struct dcerpc_binding_handle *irpc_handle;
+
+	irpc_handle = irpc_binding_handle(mem_ctx, data->msg_ctx1,
+					  cluster_id(0, MSG_ID2),
+					  &ndr_table_rpcecho);
+	torture_assert(tctx, irpc_handle, "no memory");
+
+	/* make the call */
+	r.in.in_data = (unsigned char *)talloc_strdup(mem_ctx, "0123456789");
+	r.in.len = strlen((char *)r.in.in_data);
+
+	/*
+	 * Note: this makes use of nested event loops
+	 * as client and server use the same loop.
+	 */
+	dcerpc_binding_handle_set_sync_ev(irpc_handle, data->ev);
+	status = dcerpc_echo_EchoData_r(irpc_handle, mem_ctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "EchoData failed");
+
+	/* check the answer */
+	if (memcmp(r.out.out_data, r.in.in_data, r.in.len) != 0) {
+		NDR_PRINT_OUT_DEBUG(echo_EchoData, &r);
+		torture_fail(tctx, "EchoData wrong answer");
+	}
+
+	torture_comment(tctx, "Echo '%*.*s' -> '%*.*s'\n", 
+	       r.in.len, r.in.len,
+	       r.in.in_data,
+	       r.in.len, r.in.len,
+	       r.out.out_data);
+	return true;
+}
+
+struct irpc_callback_state {
+	struct echo_AddOne r;
+	int *pong_count;
+};
+
+static void irpc_callback(struct tevent_req *subreq)
+{
+	struct irpc_callback_state *s =
+		tevent_req_callback_data(subreq,
+		struct irpc_callback_state);
+	NTSTATUS status;
+
+	status = dcerpc_echo_AddOne_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("irpc call failed - %s\n", nt_errstr(status));
+	}
+	if (*s->r.out.out_data != s->r.in.in_data + 1) {
+		printf("AddOne wrong answer - %u + 1 = %u should be %u\n", 
+		       s->r.in.in_data, *s->r.out.out_data, s->r.in.in_data+1);
+	}
+	(*s->pong_count)++;
+}
+
+/*
+  test echo speed
+*/
+static bool test_speed(struct torture_context *tctx,
+					   const void *tcase_data,
+					   const void *test_data)
+{
+	int ping_count = 0;
+	int pong_count = 0;
+	const struct irpc_test_data *data = (const struct irpc_test_data *)tcase_data;
+	struct timeval tv;
+	TALLOC_CTX *mem_ctx = tctx;
+	int timelimit = torture_setting_int(tctx, "timelimit", 10);
+	struct dcerpc_binding_handle *irpc_handle;
+
+	irpc_handle = irpc_binding_handle(mem_ctx, data->msg_ctx1,
+					  cluster_id(0, MSG_ID2),
+					  &ndr_table_rpcecho);
+	torture_assert(tctx, irpc_handle, "no memory");
+
+	tv = timeval_current();
+
+	torture_comment(tctx, "Sending echo for %d seconds\n", timelimit);
+	while (timeval_elapsed(&tv) < timelimit) {
+		struct tevent_req *subreq;
+		struct irpc_callback_state *s;
+
+		s = talloc_zero(mem_ctx, struct irpc_callback_state);
+		torture_assert(tctx, s != NULL, "no mem");
+
+		s->pong_count = &pong_count;
+
+		subreq = dcerpc_echo_AddOne_r_send(mem_ctx,
+						   tctx->ev,
+						   irpc_handle,
+						   &s->r);
+		torture_assert(tctx, subreq != NULL, "AddOne send failed");
+
+		tevent_req_set_callback(subreq, irpc_callback, s);
+
+		ping_count++;
+
+		while (ping_count > pong_count + 20) {
+			tevent_loop_once(data->ev);
+		}
+	}
+
+	torture_comment(tctx, "waiting for %d remaining replies (done %d)\n", 
+	       ping_count - pong_count, pong_count);
+	while (timeval_elapsed(&tv) < 30 && pong_count < ping_count) {
+		tevent_loop_once(data->ev);
+	}
+
+	torture_assert_int_equal(tctx, ping_count, pong_count, "ping test failed");
+
+	torture_comment(tctx, "echo rate of %.0f messages/sec\n", 
+	       (ping_count+pong_count)/timeval_elapsed(&tv));
+	return true;
+}
+
+
+static bool irpc_setup(struct torture_context *tctx, void **_data)
+{
+	struct irpc_test_data *data;
+
+	*_data = data = talloc(tctx, struct irpc_test_data);
+
+	lpcfg_set_cmdline(tctx->lp_ctx, "pid directory", "piddir.tmp");
+
+	data->ev = tctx->ev;
+	torture_assert(tctx, data->msg_ctx1 = 
+		       imessaging_init(tctx,
+				      tctx->lp_ctx,
+				      cluster_id(0, MSG_ID1),
+				      data->ev),
+		       "Failed to init first messaging context");
+
+	torture_assert(tctx, data->msg_ctx2 = 
+		       imessaging_init(tctx,
+				      tctx->lp_ctx,
+				      cluster_id(0, MSG_ID2), 
+				      data->ev),
+		       "Failed to init second messaging context");
+
+	/* register the server side function */
+	IRPC_REGISTER(data->msg_ctx1, rpcecho, ECHO_ADDONE, irpc_AddOne, data);
+	IRPC_REGISTER(data->msg_ctx2, rpcecho, ECHO_ADDONE, irpc_AddOne, data);
+
+	IRPC_REGISTER(data->msg_ctx1, rpcecho, ECHO_ECHODATA, irpc_EchoData, data);
+	IRPC_REGISTER(data->msg_ctx2, rpcecho, ECHO_ECHODATA, irpc_EchoData, data);
+
+	return true;
+}
+
+struct torture_suite *torture_local_irpc(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "irpc");
+	struct torture_tcase *tcase = torture_suite_add_tcase(suite, "irpc");
+	int i;
+	uint32_t *values = talloc_array(tcase, uint32_t, 5);
+
+	values[0] = 0;
+	values[1] = 0x7FFFFFFE;
+	values[2] = 0xFFFFFFFE;
+	values[3] = 0xFFFFFFFF;
+	values[4] = random() & 0xFFFFFFFF;
+
+	tcase->setup = irpc_setup;
+
+	for (i = 0; i < 5; i++) {
+		torture_tcase_add_test_const(tcase, "addone", test_addone,
+				(void *)&values[i]);
+	}
+
+	torture_tcase_add_test_const(tcase, "echodata", test_echodata, NULL);
+	torture_tcase_add_test_const(tcase, "speed", test_speed, NULL);
+
+	return suite;
+}
diff --git a/source4/lib/messaging/tests/messaging.c b/source4/lib/messaging/tests/messaging.c
new file mode 100644
index 0000000..dcbbc19
--- /dev/null
+++ b/source4/lib/messaging/tests/messaging.c
@@ -0,0 +1,694 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   local test for messaging code
+
+   Copyright (C) Andrew Tridgell 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include "lib/messaging/irpc.h"
+#include "torture/torture.h"
+#include "cluster/cluster.h"
+#include "param/param.h"
+#include "torture/local/proto.h"
+#include "system/select.h"
+#include "system/filesys.h"
+
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+
+static uint32_t msg_pong;
+
+static void ping_message(struct imessaging_context *msg,
+			 void *private_data,
+			 uint32_t msg_type,
+			 struct server_id src,
+			 size_t num_fds,
+			 int *fds,
+			 DATA_BLOB *data)
+{
+	NTSTATUS status;
+
+	if (num_fds != 0) {
+		DBG_WARNING("Received %zu fds, ignoring message\n", num_fds);
+		return;
+	}
+
+	status = imessaging_send(msg, src, msg_pong, data);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("pong failed - %s\n", nt_errstr(status));
+	}
+}
+
+static void pong_message(struct imessaging_context *msg,
+			 void *private_data,
+			 uint32_t msg_type,
+			 struct server_id src,
+			 size_t num_fds,
+			 int *fds,
+			 DATA_BLOB *data)
+{
+	int *count = (int *)private_data;
+
+	if (num_fds != 0) {
+		DBG_WARNING("Received %zu fds, ignoring message\n", num_fds);
+		return;
+	}
+
+	(*count)++;
+}
+
+static void exit_message(struct imessaging_context *msg,
+			 void *private_data,
+			 uint32_t msg_type,
+			 struct server_id src,
+			 size_t num_fds,
+			 int *fds,
+			 DATA_BLOB *data)
+{
+	if (num_fds != 0) {
+		DBG_WARNING("Received %zu fds, ignoring message\n", num_fds);
+		return;
+	}
+
+	talloc_free(private_data);
+	exit(0);
+}
+
+/*
+  test ping speed
+*/
+static bool test_ping_speed(struct torture_context *tctx)
+{
+	struct tevent_context *ev;
+	struct imessaging_context *msg_client_ctx;
+	struct imessaging_context *msg_server_ctx;
+	int ping_count = 0;
+	int pong_count = 0;
+	struct timeval tv;
+	int timelimit = torture_setting_int(tctx, "timelimit", 10);
+	uint32_t msg_ping, msg_exit;
+
+	lpcfg_set_cmdline(tctx->lp_ctx, "pid directory", "piddir.tmp");
+
+	ev = tctx->ev;
+
+	msg_server_ctx = imessaging_init(tctx,
+					 tctx->lp_ctx, cluster_id(0, 1),
+					 ev);
+	
+	torture_assert(tctx, msg_server_ctx != NULL, "Failed to init ping messaging context");
+		
+	imessaging_register_tmp(msg_server_ctx, NULL, ping_message, &msg_ping);
+	imessaging_register_tmp(msg_server_ctx, tctx, exit_message, &msg_exit);
+
+	msg_client_ctx = imessaging_init(tctx,
+					 tctx->lp_ctx,
+					 cluster_id(0, 2),
+					 ev);
+
+	torture_assert(tctx, msg_client_ctx != NULL, 
+		       "msg_client_ctx imessaging_init() failed");
+
+	imessaging_register_tmp(msg_client_ctx, &pong_count, pong_message, &msg_pong);
+
+	tv = timeval_current();
+
+	torture_comment(tctx, "Sending pings for %d seconds\n", timelimit);
+	while (timeval_elapsed(&tv) < timelimit) {
+		DATA_BLOB data;
+		NTSTATUS status1, status2;
+
+		data.data = discard_const_p(uint8_t, "testing");
+		data.length = strlen((const char *)data.data);
+
+		status1 = imessaging_send(msg_client_ctx, cluster_id(0, 1), msg_ping, &data);
+		status2 = imessaging_send(msg_client_ctx, cluster_id(0, 1), msg_ping, NULL);
+
+		torture_assert_ntstatus_ok(tctx, status1, "msg1 failed");
+		ping_count++;
+
+		torture_assert_ntstatus_ok(tctx, status2, "msg2 failed");
+		ping_count++;
+
+		while (ping_count > pong_count + 20) {
+			tevent_loop_once(ev);
+		}
+	}
+
+	torture_comment(tctx, "waiting for %d remaining replies (done %d)\n", 
+	       ping_count - pong_count, pong_count);
+	while (timeval_elapsed(&tv) < 30 && pong_count < ping_count) {
+		tevent_loop_once(ev);
+	}
+
+	torture_comment(tctx, "sending exit\n");
+	imessaging_send(msg_client_ctx, cluster_id(0, 1), msg_exit, NULL);
+
+	torture_assert_int_equal(tctx, ping_count, pong_count, "ping test failed");
+
+	torture_comment(tctx, "ping rate of %.0f messages/sec\n", 
+	       (ping_count+pong_count)/timeval_elapsed(&tv));
+
+	talloc_free(msg_client_ctx);
+	talloc_free(msg_server_ctx);
+
+	return true;
+}
+
+static bool test_messaging_overflow(struct torture_context *tctx)
+{
+	struct imessaging_context *msg_ctx;
+	ssize_t nwritten, nread;
+	pid_t child;
+	char c = 0;
+	int up_pipe[2], down_pipe[2];
+	int i, ret, child_status;
+
+	ret = pipe(up_pipe);
+	torture_assert(tctx, ret == 0, "pipe failed");
+	ret = pipe(down_pipe);
+	torture_assert(tctx, ret == 0, "pipe failed");
+
+	child = fork();
+	if (child < 0) {
+		torture_fail(tctx, "fork failed");
+	}
+
+	if (child == 0) {
+		ret = tevent_re_initialise(tctx->ev);
+		torture_assert(tctx, ret == 0, "tevent_re_initialise failed");
+
+		msg_ctx = imessaging_init(tctx, tctx->lp_ctx,
+					  cluster_id(getpid(), 0),
+					  tctx->ev);
+		torture_assert(tctx, msg_ctx != NULL,
+			       "imessaging_init failed");
+
+		do {
+			nwritten = write(up_pipe[1], &c, 1);
+		} while ((nwritten == -1) && (errno == EINTR));
+
+		ret = close(down_pipe[1]);
+		torture_assert(tctx, ret == 0, "close failed");
+
+		do {
+			nread = read(down_pipe[0], &c, 1);
+		} while ((nread == -1) && (errno == EINTR));
+
+		exit(0);
+	}
+
+	do {
+		nread = read(up_pipe[0], &c, 1);
+	} while ((nread == -1) && (errno == EINTR));
+
+	msg_ctx = imessaging_init(tctx, tctx->lp_ctx, cluster_id(getpid(), 0),
+				  tctx->ev);
+	torture_assert(tctx, msg_ctx != NULL, "imessaging_init failed");
+
+	for (i=0; i<1000; i++) {
+		NTSTATUS status;
+		status = imessaging_send(msg_ctx, cluster_id(child, 0),
+					 MSG_PING, NULL);
+		torture_assert_ntstatus_ok(tctx, status,
+					   "imessaging_send failed");
+	}
+
+	tevent_loop_once(tctx->ev);
+
+	talloc_free(msg_ctx);
+
+	ret = close(down_pipe[1]);
+	torture_assert(tctx, ret == 0, "close failed");
+
+	ret = waitpid(child, &child_status, 0);
+	torture_assert(tctx, ret == child, "wrong child exited");
+	torture_assert(tctx, child_status == 0, "child failed");
+
+	poll(NULL, 0, 500);
+
+	return true;
+}
+
+struct overflow_parent_child {
+	gnutls_hash_hd_t md5_hash_hnd;
+	bool done;
+};
+
+static void overflow_md5_child_handler(struct imessaging_context *msg,
+				       void *private_data,
+				       uint32_t msg_type,
+				       struct server_id server_id,
+				       size_t num_fds,
+				       int *fds,
+				       DATA_BLOB *data)
+{
+	struct overflow_parent_child *state = private_data;
+
+	if (num_fds != 0) {
+		DBG_WARNING("Received %zu fds, ignoring message\n", num_fds);
+		return;
+	}
+
+	if (data->length == 0) {
+		state->done = true;
+		return;
+	}
+
+	gnutls_hash(state->md5_hash_hnd, data->data, data->length);
+}
+
+struct overflow_child_parent {
+	uint8_t final[16];
+	bool done;
+};
+
+static void overflow_md5_parent_handler(struct imessaging_context *msg_ctx,
+					void *private_data,
+					uint32_t msg_type,
+					struct server_id server_id,
+					size_t num_fds,
+					int *fds,
+					DATA_BLOB *data)
+{
+	struct overflow_child_parent *state = private_data;
+
+	if (num_fds != 0) {
+		DBG_WARNING("Received %zu fds, ignoring message\n", num_fds);
+		return;
+	}
+
+	if (data->length != sizeof(state->final)) {
+		memset(state->final, 0, sizeof(state->final));
+		state->done = true;
+		return;
+	}
+	memcpy(state->final, data->data, 16);
+	state->done = true;
+}
+
+static bool test_messaging_overflow_check(struct torture_context *tctx)
+{
+	struct imessaging_context *msg_ctx;
+	ssize_t nwritten, nread;
+	pid_t child;
+	char c = 0;
+	int up_pipe[2], down_pipe[2];
+	int i, ret, child_status;
+	gnutls_hash_hd_t hash_hnd;
+	uint8_t final[16];
+	struct overflow_child_parent child_msg = { .done = false };
+	NTSTATUS status;
+
+	ret = pipe(up_pipe);
+	torture_assert(tctx, ret == 0, "pipe failed");
+	ret = pipe(down_pipe);
+	torture_assert(tctx, ret == 0, "pipe failed");
+
+	child = fork();
+	if (child < 0) {
+		torture_fail(tctx, "fork failed");
+	}
+
+	if (child == 0) {
+		struct overflow_parent_child child_state = { .done = false };
+		DATA_BLOB retblob = { .data = final, .length = sizeof(final) };
+
+		ret = tevent_re_initialise(tctx->ev);
+		torture_assert(tctx, ret == 0, "tevent_re_initialise failed");
+
+		gnutls_hash_init(&child_state.md5_hash_hnd, GNUTLS_DIG_MD5);
+
+		msg_ctx = imessaging_init(tctx, tctx->lp_ctx,
+					  cluster_id(getpid(), 0),
+					  tctx->ev);
+		torture_assert(tctx, msg_ctx != NULL,
+			       "imessaging_init failed");
+
+		status = imessaging_register(msg_ctx, &child_state,
+					     MSG_TMP_BASE-1,
+					     overflow_md5_child_handler);
+		torture_assert(tctx, NT_STATUS_IS_OK(status),
+			       "imessaging_register failed");
+
+		do {
+			nwritten = write(up_pipe[1], &c, 1);
+		} while ((nwritten == -1) && (errno == EINTR));
+
+		ret = close(down_pipe[1]);
+		torture_assert(tctx, ret == 0, "close failed");
+
+		do {
+			nread = read(down_pipe[0], &c, 1);
+		} while ((nread == -1) && (errno == EINTR));
+
+		while (!child_state.done) {
+			tevent_loop_once(tctx->ev);
+		}
+
+		gnutls_hash_deinit(child_state.md5_hash_hnd, final);
+
+		status = imessaging_send(msg_ctx,
+					 cluster_id(getppid(), 0),
+					 MSG_TMP_BASE-2,
+					 &retblob);
+		torture_assert(tctx, NT_STATUS_IS_OK(status),
+			       "imessaging_send failed");
+
+		exit(0);
+	}
+
+	do {
+		nread = read(up_pipe[0], &c, 1);
+	} while ((nread == -1) && (errno == EINTR));
+
+	msg_ctx = imessaging_init(tctx, tctx->lp_ctx, cluster_id(getpid(), 0),
+				  tctx->ev);
+	torture_assert(tctx, msg_ctx != NULL, "imessaging_init failed");
+
+	status = imessaging_register(msg_ctx,
+				     &child_msg,
+				     MSG_TMP_BASE-2,
+				     overflow_md5_parent_handler);
+	torture_assert(tctx,
+		       NT_STATUS_IS_OK(status),
+		       "imessaging_register failed");
+
+	gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
+
+	for (i=0; i<1000; i++) {
+		size_t len = ((random() % 100) + 1);
+		uint8_t buf[len];
+		DATA_BLOB blob = { .data = buf, .length = len };
+
+		generate_random_buffer(buf, len);
+
+		gnutls_hash(hash_hnd, buf, len);
+
+		status = imessaging_send(msg_ctx, cluster_id(child, 0),
+					 MSG_TMP_BASE-1, &blob);
+		torture_assert_ntstatus_ok(tctx, status,
+					   "imessaging_send failed");
+	}
+
+	status = imessaging_send(msg_ctx, cluster_id(child, 0),
+				 MSG_TMP_BASE-1, NULL);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "imessaging_send failed");
+
+	gnutls_hash_deinit(hash_hnd, final);
+
+	do {
+		nwritten = write(down_pipe[1], &c, 1);
+	} while ((nwritten == -1) && (errno == EINTR));
+
+	while (!child_msg.done) {
+		tevent_loop_once(tctx->ev);
+	}
+
+	ret = close(down_pipe[1]);
+	torture_assert(tctx, ret == 0, "close failed");
+
+	talloc_free(msg_ctx);
+
+	ret = waitpid(child, &child_status, 0);
+	torture_assert(tctx, ret == child, "wrong child exited");
+	torture_assert(tctx, child_status == 0, "child failed");
+
+	if (memcmp(final, child_msg.final, 16) != 0) {
+		dump_data_file(final, 16, false, stderr);
+		dump_data_file(child_msg.final, 16, false, stderr);
+		fflush(stderr);
+		torture_fail(tctx, "checksum comparison failed");
+	}
+
+	return true;
+}
+
+struct test_multi_ctx {
+	struct torture_context *tctx;
+	struct imessaging_context *server_ctx;
+	struct imessaging_context *client_ctx[4];
+	size_t num_missing;
+	bool got_server;
+	bool got_client_0_1;
+	bool got_client_2_3;
+	bool ok;
+};
+
+static void multi_ctx_server_handler(struct imessaging_context *msg,
+				     void *private_data,
+				     uint32_t msg_type,
+				     struct server_id server_id,
+				     size_t num_fds,
+				     int *fds,
+				     DATA_BLOB *data)
+{
+	struct test_multi_ctx *state = private_data;
+	char *str = NULL;
+
+	if (num_fds != 0) {
+		DBG_WARNING("Received %zu fds, ignoring message\n", num_fds);
+		return;
+	}
+
+	torture_assert_goto(state->tctx, state->num_missing >= 1,
+			    state->ok, fail,
+			    "num_missing should be at least 1.");
+	state->num_missing -= 1;
+
+	torture_assert_goto(state->tctx, !state->got_server,
+			    state->ok, fail,
+			    "already got server.");
+	state->got_server = true;
+
+	/*
+	 * We free the context itself and most likely reuse
+	 * the memory immediately.
+	 */
+	TALLOC_FREE(state->server_ctx);
+	str = generate_random_str(state->tctx, 128);
+	torture_assert_goto(state->tctx, str != NULL,
+			    state->ok, fail,
+			    "generate_random_str()");
+
+fail:
+	return;
+}
+
+static void multi_ctx_client_0_1_handler(struct imessaging_context *msg,
+					 void *private_data,
+					 uint32_t msg_type,
+					 struct server_id server_id,
+					 size_t num_fds,
+					 int *fds,
+					 DATA_BLOB *data)
+{
+	struct test_multi_ctx *state = private_data;
+	char *str = NULL;
+
+	if (num_fds != 0) {
+		DBG_WARNING("Received %zu fds, ignoring message\n", num_fds);
+		return;
+	}
+
+	torture_assert_goto(state->tctx, state->num_missing >= 2,
+			    state->ok, fail,
+			    "num_missing should be at least 2.");
+	state->num_missing -= 2;
+
+	torture_assert_goto(state->tctx, !state->got_client_0_1,
+			    state->ok, fail,
+			    "already got client_0_1.");
+	state->got_client_0_1 = true;
+
+	/*
+	 * We free two contexts and most likely reuse
+	 * the memory immediately.
+	 */
+	TALLOC_FREE(state->client_ctx[0]);
+	str = generate_random_str(state->tctx, 128);
+	torture_assert_goto(state->tctx, str != NULL,
+			    state->ok, fail,
+			    "generate_random_str()");
+	TALLOC_FREE(state->client_ctx[1]);
+	str = generate_random_str(state->tctx, 128);
+	torture_assert_goto(state->tctx, str != NULL,
+			    state->ok, fail,
+			    "generate_random_str()");
+
+fail:
+	return;
+}
+
+static void multi_ctx_client_2_3_handler(struct imessaging_context *msg,
+					 void *private_data,
+					 uint32_t msg_type,
+					 struct server_id server_id,
+					 size_t num_fds,
+					 int *fds,
+					 DATA_BLOB *data)
+{
+	struct test_multi_ctx *state = private_data;
+	char *str = NULL;
+
+	if (num_fds != 0) {
+		DBG_WARNING("Received %zu fds, ignoring message\n", num_fds);
+		return;
+	}
+
+	torture_assert_goto(state->tctx, state->num_missing >= 2,
+			    state->ok, fail,
+			    "num_missing should be at least 2.");
+	state->num_missing -= 2;
+
+	torture_assert_goto(state->tctx, !state->got_client_2_3,
+			    state->ok, fail,
+			    "already got client_2_3.");
+	state->got_client_2_3 = true;
+
+	/*
+	 * We free two contexts and most likely reuse
+	 * the memory immediately.
+	 */
+	TALLOC_FREE(state->client_ctx[2]);
+	str = generate_random_str(state->tctx, 128);
+	torture_assert_goto(state->tctx, str != NULL,
+			    state->ok, fail,
+			    "generate_random_str()");
+	TALLOC_FREE(state->client_ctx[3]);
+	str = generate_random_str(state->tctx, 128);
+	torture_assert_goto(state->tctx, str != NULL,
+			    state->ok, fail,
+			    "generate_random_str()");
+
+fail:
+	return;
+}
+
+static bool test_multi_ctx(struct torture_context *tctx)
+{
+	struct test_multi_ctx state = {
+		.tctx = tctx,
+		.ok = true,
+	};
+	struct timeval tv;
+	NTSTATUS status;
+
+	lpcfg_set_cmdline(tctx->lp_ctx, "pid directory", "piddir.tmp");
+
+	/*
+	 * We use cluster_id(0, 0) as that gets for
+	 * all task ids.
+	 */
+	state.server_ctx = imessaging_init(tctx,
+					   tctx->lp_ctx,
+					   cluster_id(0, 0),
+					   tctx->ev);
+	torture_assert(tctx, state.server_ctx != NULL,
+		       "Failed to init messaging context");
+
+	status = imessaging_register(state.server_ctx, &state,
+				     MSG_TMP_BASE-1,
+				     multi_ctx_server_handler);
+	torture_assert(tctx, NT_STATUS_IS_OK(status), "imessaging_register failed");
+
+	state.client_ctx[0] = imessaging_init(tctx,
+					      tctx->lp_ctx,
+					      cluster_id(0, 0),
+					      tctx->ev);
+	torture_assert(tctx, state.client_ctx[0] != NULL,
+		       "msg_client_ctx imessaging_init() failed");
+	status = imessaging_register(state.client_ctx[0], &state,
+				     MSG_TMP_BASE-1,
+				     multi_ctx_client_0_1_handler);
+	torture_assert(tctx, NT_STATUS_IS_OK(status), "imessaging_register failed");
+	state.client_ctx[1] = imessaging_init(tctx,
+					      tctx->lp_ctx,
+					      cluster_id(0, 0),
+					      tctx->ev);
+	torture_assert(tctx, state.client_ctx[1] != NULL,
+		       "msg_client_ctx imessaging_init() failed");
+	status = imessaging_register(state.client_ctx[1], &state,
+				     MSG_TMP_BASE-1,
+				     multi_ctx_client_0_1_handler);
+	torture_assert(tctx, NT_STATUS_IS_OK(status), "imessaging_register failed");
+	state.client_ctx[2] = imessaging_init(tctx,
+					      tctx->lp_ctx,
+					      cluster_id(0, 0),
+					      tctx->ev);
+	torture_assert(tctx, state.client_ctx[2] != NULL,
+		       "msg_client_ctx imessaging_init() failed");
+	status = imessaging_register(state.client_ctx[2], &state,
+				     MSG_TMP_BASE-1,
+				     multi_ctx_client_2_3_handler);
+	torture_assert(tctx, NT_STATUS_IS_OK(status), "imessaging_register failed");
+	state.client_ctx[3] = imessaging_init(tctx,
+					      tctx->lp_ctx,
+					      cluster_id(0, 0),
+					      tctx->ev);
+	torture_assert(tctx, state.client_ctx[3] != NULL,
+		       "msg_client_ctx imessaging_init() failed");
+	status = imessaging_register(state.client_ctx[3], &state,
+				     MSG_TMP_BASE-1,
+				     multi_ctx_client_2_3_handler);
+	torture_assert(tctx, NT_STATUS_IS_OK(status), "imessaging_register failed");
+
+	/*
+	 * Send one message that need to arrive on 3 ( 5 - 2 ) handlers.
+	 */
+	state.num_missing = 5;
+
+	status = imessaging_send(state.server_ctx,
+				 cluster_id(0, 0),
+				 MSG_TMP_BASE-1, NULL);
+	torture_assert_ntstatus_ok(tctx, status, "msg failed");
+
+	tv = timeval_current();
+	while (timeval_elapsed(&tv) < 30 && state.num_missing > 0 && state.ok) {
+		int ret;
+
+		ret = tevent_loop_once(tctx->ev);
+		torture_assert_int_equal(tctx, ret, 0, "tevent_loop_once()");
+	}
+
+	if (!state.ok) {
+		return false;
+	}
+
+	torture_assert_int_equal(tctx, state.num_missing, 0,
+				 "wrong message count");
+
+	torture_assert(tctx, state.got_client_0_1, "got_client_0_1");
+	torture_assert(tctx, state.got_client_2_3, "got_client_2_3");
+	torture_assert(tctx, state.got_server, "got_server");
+
+	return true;
+}
+
+struct torture_suite *torture_local_messaging(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *s = torture_suite_create(mem_ctx, "messaging");
+	torture_suite_add_simple_test(s, "overflow", test_messaging_overflow);
+	torture_suite_add_simple_test(s, "overflow_check",
+				      test_messaging_overflow_check);
+	torture_suite_add_simple_test(s, "ping_speed", test_ping_speed);
+	torture_suite_add_simple_test(s, "multi_ctx", test_multi_ctx);
+	return s;
+}
diff --git a/source4/lib/messaging/wscript_build b/source4/lib/messaging/wscript_build
new file mode 100644
index 0000000..3408396
--- /dev/null
+++ b/source4/lib/messaging/wscript_build
@@ -0,0 +1,33 @@
+#!/usr/bin/env python
+
+
+bld.SAMBA_LIBRARY('MESSAGING_SEND',
+	source='messaging_send.c',
+	public_deps='messages_util messages_dgm UNIX_PRIVS cluster server_id_db',
+	private_library=True
+	)
+
+bld.SAMBA_LIBRARY('MESSAGING',
+	source='messaging.c messaging_handlers.c',
+	public_deps='''
+            samba-util
+            NDR_IRPC
+            UNIX_PRIVS
+            cluster
+            ndr
+            dcerpc
+            messages_util
+            server_id_db
+            talloc_report_printf
+            ''',
+	private_library=True
+	)
+
+pyparam_util = bld.pyembed_libname('pyparam_util')
+pytalloc_util = bld.pyembed_libname('pytalloc-util')
+
+bld.SAMBA_PYTHON('python_messaging',
+		source='pymessaging.c',
+		deps='MESSAGING events %s %s' % (pyparam_util, pytalloc_util),
+		realname='samba/messaging.so'
+		)
diff --git a/source4/lib/policy/gp_filesys.c b/source4/lib/policy/gp_filesys.c
new file mode 100644
index 0000000..bac4ae7
--- /dev/null
+++ b/source4/lib/policy/gp_filesys.c
@@ -0,0 +1,723 @@
+/*
+ *  Unix SMB/CIFS implementation.
+ *  Group Policy Object Support
+ *  Copyright (C) Wilco Baan Hofman 2008-2010
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#include "includes.h"
+#include "system/dir.h"
+#include "system/filesys.h"
+#include "lib/policy/policy.h"
+#include "libcli/raw/smb.h"
+#include "libcli/libcli.h"
+#include "param/param.h"
+#include "libcli/resolve/resolve.h"
+#include "libcli/raw/libcliraw.h"
+#include <dirent.h>
+#include <errno.h>
+
+#define GP_MAX_DEPTH 25
+
+struct gp_file_entry {
+	bool is_directory;
+	const char *rel_path;
+};
+struct gp_file_list {
+	uint32_t num_files;
+	struct gp_file_entry *files;
+};
+struct gp_list_state {
+	struct smbcli_tree *tree;
+	uint8_t depth;
+	const char *cur_rel_path;
+	const char *share_path;
+
+	struct gp_file_list list;
+};
+
+static NTSTATUS gp_do_list(const char *, struct gp_list_state *);
+
+/* Create a temporary policy directory */
+static const char *gp_tmpdir(TALLOC_CTX *mem_ctx)
+{
+	char *gp_dir = talloc_asprintf(mem_ctx, "%s/policy", tmpdir());
+	struct stat st;
+	int rv;
+
+	if (gp_dir == NULL) return NULL;
+
+	if (stat(gp_dir, &st) != 0) {
+		rv = mkdir(gp_dir, 0755);
+		if (rv < 0) {
+			DEBUG(0, ("Failed to create directory %s: %s\n",
+					gp_dir, strerror(errno)));
+			talloc_free(gp_dir);
+			return NULL;
+		}
+	}
+
+	return gp_dir;
+}
+
+/* This function is called by the smbcli_list function */
+static void gp_list_helper (struct clilist_file_info *info, const char *mask,
+                            void *list_state_ptr)
+{
+	struct gp_list_state *state = list_state_ptr;
+	const char *rel_path;
+
+	/* Ignore . and .. directory entries */
+	if (strcmp(info->name, ".") == 0 || strcmp(info->name, "..") == 0) {
+		return;
+	}
+
+	/* Safety check against ../.. in filenames which may occur on non-POSIX
+	 * platforms */
+	if (strstr(info->name, "../")) {
+		return;
+	}
+
+	rel_path = talloc_asprintf(state, "%s\\%s", state->cur_rel_path, info->name);
+	if (rel_path == NULL) return;
+
+	/* Append entry to file list */
+	state->list.files = talloc_realloc(state, state->list.files,
+			struct gp_file_entry,
+			state->list.num_files + 1);
+	if (state->list.files == NULL) return;
+
+	state->list.files[state->list.num_files].rel_path = rel_path;
+
+	/* Directory */
+	if (info->attrib & FILE_ATTRIBUTE_DIRECTORY) {
+		state->list.files[state->list.num_files].is_directory = true;
+		state->list.num_files++;
+
+		/* Recurse into this directory if the depth is below the maximum */
+		if (state->depth < GP_MAX_DEPTH) {
+			gp_do_list(rel_path, state);
+		}
+
+		return;
+	}
+
+	state->list.files[state->list.num_files].is_directory = false;
+	state->list.num_files++;
+
+	return;
+}
+
+static NTSTATUS gp_do_list (const char *rel_path, struct gp_list_state *state)
+{
+	uint16_t attributes;
+	int rv;
+	char *mask;
+	const char *old_rel_path;
+
+	attributes = FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN |
+	             FILE_ATTRIBUTE_DIRECTORY;
+
+	/* Update the relative paths, while buffering the parent */
+	old_rel_path = state->cur_rel_path;
+	state->cur_rel_path = rel_path;
+	state->depth++;
+
+	/* Get the current mask */
+	mask = talloc_asprintf(state, "%s%s\\*", state->share_path, rel_path);
+	NT_STATUS_HAVE_NO_MEMORY(mask);
+	rv = smbcli_list(state->tree, mask, attributes, gp_list_helper, state);
+	talloc_free(mask);
+
+	/* Go back to the state of the parent */
+	state->cur_rel_path = old_rel_path;
+	state->depth--;
+
+	if (rv == -1)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS gp_cli_connect(struct gp_context *gp_ctx)
+{
+	struct smbcli_options options;
+        struct smbcli_session_options session_options;
+
+	if (gp_ctx->cli != NULL)
+		return NT_STATUS_OK;
+
+	gp_ctx->cli = smbcli_state_init(gp_ctx);
+
+	lpcfg_smbcli_options(gp_ctx->lp_ctx, &options);
+	lpcfg_smbcli_session_options(gp_ctx->lp_ctx, &session_options);
+
+	return smbcli_full_connection(gp_ctx,
+			&gp_ctx->cli,
+			gp_ctx->active_dc->name,
+			lpcfg_smb_ports(gp_ctx->lp_ctx),
+			"sysvol",
+			NULL,
+			lpcfg_socket_options(gp_ctx->lp_ctx),
+			gp_ctx->credentials,
+			lpcfg_resolve_context(gp_ctx->lp_ctx),
+			gp_ctx->ev_ctx,
+			&options,
+			&session_options,
+			lpcfg_gensec_settings(gp_ctx, gp_ctx->lp_ctx));
+}
+
+static char * gp_get_share_path(TALLOC_CTX *mem_ctx, const char *file_sys_path)
+{
+	unsigned int i, bkslash_cnt;
+
+	/* Get the path from the share down (\\..\..\(this\stuff) */
+	for (i = 0, bkslash_cnt = 0; file_sys_path[i] != '\0'; i++) {
+		if (file_sys_path[i] == '\\')
+			bkslash_cnt++;
+
+		if (bkslash_cnt == 4) {
+			return talloc_strdup(mem_ctx, &file_sys_path[i]);
+		}
+	}
+
+	return NULL;
+}
+
+static NTSTATUS gp_get_file (struct smbcli_tree *tree, const char *remote_src,
+                             const char *local_dst)
+{
+	int fh_remote, fh_local;
+	uint8_t *buf;
+	size_t nread = 0;
+	size_t buf_size = 1024;
+	size_t file_size;
+	uint16_t attr;
+
+	/* Open the remote file */
+	fh_remote = smbcli_open(tree, remote_src, O_RDONLY, DENY_NONE);
+	if (fh_remote == -1) {
+		DEBUG(0, ("Failed to open remote file: %s\n", remote_src));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	/* Open the local file */
+	fh_local = open(local_dst, O_WRONLY | O_CREAT | O_TRUNC, 0644);
+	if (fh_local == -1) {
+		DEBUG(0, ("Failed to open local file: %s\n", local_dst));
+		smbcli_close(tree, fh_remote);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	/* Get the remote file size for error checking */
+	if (NT_STATUS_IS_ERR(smbcli_qfileinfo(tree, fh_remote,
+				&attr, &file_size, NULL, NULL, NULL, NULL, NULL)) &&
+			NT_STATUS_IS_ERR(smbcli_getattrE(tree, fh_remote,
+				&attr, &file_size, NULL, NULL, NULL))) {
+		DEBUG(0, ("Failed to get remote file size: %s\n", smbcli_errstr(tree)));
+		smbcli_close(tree, fh_remote);
+		close(fh_local);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	buf = talloc_zero_array(tree, uint8_t, buf_size);
+	if (buf == NULL) {
+		smbcli_close(tree, fh_remote);
+		close(fh_local);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* Copy the contents of the file */
+	while (1) {
+		int n = smbcli_read(tree, fh_remote, buf, nread, buf_size);
+
+		if (n <= 0) {
+			break;
+		}
+
+		if (write(fh_local, buf, n) != n) {
+			DEBUG(0, ("Short write while copying file.\n"));
+			smbcli_close(tree, fh_remote);
+			close(fh_local);
+			talloc_free(buf);
+			return NT_STATUS_UNSUCCESSFUL;
+		}
+		nread += n;
+	}
+
+	/* Close the files */
+	smbcli_close(tree, fh_remote);
+	close(fh_local);
+
+	talloc_free(buf);
+
+	/* Bytes read should match the file size, or the copy was incomplete */
+	if (nread != file_size) {
+		DEBUG(0, ("Remote/local file size mismatch after copying file: "
+		          "%s (remote %zu, local %zu).\n",
+		          remote_src, file_size, nread));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS gp_get_files(struct smbcli_tree *tree, const char *share_path,
+                             const char *local_path, struct gp_file_list *list)
+{
+	uint32_t i;
+	int rv;
+	char *local_rel_path, *full_local_path, *full_remote_path;
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+
+	mem_ctx = talloc_new(tree);
+	NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
+
+	for (i = 0; i < list->num_files; i++) {
+
+		/* Get local path by replacing backslashes with slashes */
+		local_rel_path = talloc_strdup(mem_ctx, list->files[i].rel_path);
+		if (local_rel_path == NULL) {
+			TALLOC_FREE(mem_ctx);
+			return NT_STATUS_NO_MEMORY;
+		}
+		string_replace(local_rel_path, '\\', '/');
+
+		full_local_path = talloc_asprintf(mem_ctx, "%s%s", local_path,
+				local_rel_path);
+		if (full_local_path == NULL) {
+			TALLOC_FREE(mem_ctx);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		/* If the entry is a directory, create it. */
+		if (list->files[i].is_directory == true) {
+			rv = mkdir(full_local_path, 0755);
+			if (rv < 0) {
+				DEBUG(0, ("Failed to create directory %s: %s\n",
+						full_local_path, strerror(errno)));
+				talloc_free(mem_ctx);
+				return NT_STATUS_UNSUCCESSFUL;
+			}
+			continue;
+		}
+
+		full_remote_path = talloc_asprintf(mem_ctx, "%s%s", share_path,
+				list->files[i].rel_path);
+		if (full_remote_path == NULL) {
+			TALLOC_FREE(mem_ctx);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		/* Get the file */
+		status = gp_get_file(tree, full_remote_path, full_local_path);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0, ("Error getting file.\n"));
+			talloc_free(mem_ctx);
+			return status;
+		}
+	}
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS gp_fetch_gpt (struct gp_context *gp_ctx, struct gp_object *gpo,
+                       const char **ret_local_path)
+{
+	TALLOC_CTX *mem_ctx;
+	struct gp_list_state *state;
+	NTSTATUS status;
+	struct stat st;
+	int rv;
+	const char *local_path, *share_path;
+
+	/* Create a forked memory context, as a base for everything here */
+	mem_ctx = talloc_new(gp_ctx);
+	NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
+
+	if (gp_ctx->cli == NULL) {
+		status = gp_cli_connect(gp_ctx);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0, ("Failed to create cli connection to DC\n"));
+			talloc_free(mem_ctx);
+			return status;
+		}
+	}
+
+	/* Get the remote path to copy from */
+	share_path = gp_get_share_path(mem_ctx, gpo->file_sys_path);
+	if (share_path == NULL) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* Get the local path to copy to */
+	local_path = talloc_asprintf(gp_ctx, "%s/%s", gp_tmpdir(mem_ctx), gpo->name);
+	if (local_path == NULL) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* Prepare the state structure */
+	state = talloc_zero(mem_ctx, struct gp_list_state);
+	if (state == NULL) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	state->tree = gp_ctx->cli->tree;
+	state->share_path = share_path;
+
+	/* Create the GPO dir if it does not exist */
+	if (stat(local_path, &st) != 0) {
+		rv = mkdir(local_path, 0755);
+		if (rv < 0) {
+			DEBUG(0, ("Could not create local path\n"));
+			talloc_free(mem_ctx);
+			return NT_STATUS_UNSUCCESSFUL;
+		}
+	}
+
+	/* Get the file list */
+	status = gp_do_list("", state);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("Could not list GPO files on remote server\n"));
+		talloc_free(mem_ctx);
+		return status;
+	}
+
+	/* If the list has no entries there is a problem. */
+	if (state->list.num_files == 0) {
+		DEBUG(0, ("File list is has no entries. Is the GPT directory empty?\n"));
+		talloc_free(mem_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	/* Fetch the files */
+	status = gp_get_files(gp_ctx->cli->tree, share_path, local_path, &state->list);
+
+	/* Return the local path to the gpo */
+	*ret_local_path = local_path;
+
+	talloc_free(mem_ctx);
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS push_recursive (struct gp_context *gp_ctx, const char *local_path,
+                                const char *remote_path, int depth)
+{
+	DIR *dir;
+	struct dirent *dirent;
+	char *entry_local_path = NULL;
+	char *entry_remote_path = NULL;
+	int local_fd = -1, remote_fd = -1;
+	char buf[4096];
+	ssize_t nread, total_read;
+	ssize_t nwrite, total_write;
+	struct stat s;
+	NTSTATUS status;
+
+	dir = opendir(local_path);
+	if (!dir) {
+		DEBUG(0, ("Failed to open directory: %s\n", local_path));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	while ((dirent = readdir(dir)) != NULL) {
+		if (ISDOT(dirent->d_name) || ISDOTDOT(dirent->d_name)) {
+			continue;
+		}
+
+		entry_local_path = talloc_asprintf(gp_ctx, "%s/%s", local_path,
+		                                   dirent->d_name);
+		if (entry_local_path == NULL) {
+			status = NT_STATUS_NO_MEMORY;
+			goto done;
+		}
+
+		entry_remote_path = talloc_asprintf(gp_ctx, "%s\\%s",
+		                                    remote_path, dirent->d_name);
+		if (entry_remote_path == NULL) {
+			status = NT_STATUS_NO_MEMORY;
+			goto done;
+		}
+
+		if (stat(entry_local_path, &s) != 0) {
+			status = NT_STATUS_UNSUCCESSFUL;
+			goto done;
+		}
+		if (s.st_mode & S_IFDIR) {
+			DEBUG(6, ("Pushing directory %s to %s on sysvol\n",
+			          entry_local_path, entry_remote_path));
+			status = smbcli_mkdir(gp_ctx->cli->tree,
+					      entry_remote_path);
+			if (!NT_STATUS_IS_OK(status)) {
+				goto done;
+			}
+			if (depth < GP_MAX_DEPTH) {
+				status = push_recursive(gp_ctx,
+							entry_local_path,
+							entry_remote_path,
+							depth + 1);
+				if (!NT_STATUS_IS_OK(status)) {
+					goto done;
+				}
+			}
+		} else {
+			DEBUG(6, ("Pushing file %s to %s on sysvol\n",
+			          entry_local_path, entry_remote_path));
+			remote_fd = smbcli_open(gp_ctx->cli->tree,
+			                        entry_remote_path,
+			                        O_WRONLY | O_CREAT,
+			                        0);
+			if (remote_fd < 0) {
+				DEBUG(0, ("Failed to create remote file: %s\n",
+				          entry_remote_path));
+				status = NT_STATUS_UNSUCCESSFUL;
+				goto done;
+			}
+			local_fd = open(entry_local_path, O_RDONLY);
+			if (local_fd < 0) {
+				DEBUG(0, ("Failed to open local file: %s\n",
+				          entry_local_path));
+				status = NT_STATUS_UNSUCCESSFUL;
+				goto done;
+			}
+			total_read = 0;
+			total_write = 0;
+			while ((nread = read(local_fd, buf, sizeof(buf)))) {
+				if (nread == -1) {
+					DBG_ERR("read failed with errno %s\n",
+						strerror(errno));
+					status = NT_STATUS_UNSUCCESSFUL;
+					goto done;
+				}
+				nwrite = smbcli_write(gp_ctx->cli->tree,
+						      remote_fd, 0, buf,
+						      total_read, nread);
+				if (nwrite < 0) {
+					status = NT_STATUS_UNSUCCESSFUL;
+					goto done;
+				}
+				total_read += nread;
+				total_write += nwrite;
+			}
+			if (total_read != total_write) {
+				/* Weird and should not happen */
+				status = NT_STATUS_UNEXPECTED_IO_ERROR;
+				goto done;
+			}
+
+			close(local_fd);
+			local_fd = -1;
+			smbcli_close(gp_ctx->cli->tree, remote_fd);
+			remote_fd = -1;
+		}
+		TALLOC_FREE(entry_local_path);
+		TALLOC_FREE(entry_remote_path);
+	}
+
+	status = NT_STATUS_OK;
+done:
+	if (local_fd != -1) {
+		close(local_fd);
+	}
+	if (remote_fd != -1) {
+		smbcli_close(gp_ctx->cli->tree, remote_fd);
+	}
+	talloc_free(entry_local_path);
+	talloc_free(entry_remote_path);
+
+	closedir(dir);
+
+	return status;
+}
+
+
+
+NTSTATUS gp_push_gpt(struct gp_context *gp_ctx, const char *local_path,
+                     const char *file_sys_path)
+{
+	NTSTATUS status;
+	char *share_path;
+
+	if (gp_ctx->cli == NULL) {
+		status = gp_cli_connect(gp_ctx);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0, ("Failed to create cli connection to DC\n"));
+			return status;
+		}
+	}
+	share_path = gp_get_share_path(gp_ctx, file_sys_path);
+
+	DEBUG(5, ("Copying %s to %s on sysvol\n", local_path, share_path));
+
+	smbcli_mkdir(gp_ctx->cli->tree, share_path);
+
+	status = push_recursive(gp_ctx, local_path, share_path, 0);
+
+	talloc_free(share_path);
+	return status;
+}
+
+NTSTATUS gp_create_gpt(struct gp_context *gp_ctx, const char *name,
+                       const char *file_sys_path)
+{
+	TALLOC_CTX *mem_ctx;
+	const char *tmp_dir, *policy_dir, *tmp_str;
+	int rv;
+	int fd;
+	NTSTATUS status;
+	const char *file_content = "[General]\r\nVersion=0\r\n";
+
+	/* Create a forked memory context, as a base for everything here */
+	mem_ctx = talloc_new(gp_ctx);
+	NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
+
+	tmp_dir = gp_tmpdir(mem_ctx);
+	NT_STATUS_HAVE_NO_MEMORY(tmp_dir);
+	policy_dir = talloc_asprintf(mem_ctx, "%s/%s", tmp_dir, name);
+	NT_STATUS_HAVE_NO_MEMORY(policy_dir);
+
+	/* Create the directories */
+
+	rv = mkdir(policy_dir, 0755);
+	if (rv < 0) {
+		DEBUG(0, ("Could not create the policy dir: %s\n", policy_dir));
+		talloc_free(mem_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	tmp_str = talloc_asprintf(mem_ctx, "%s/User", policy_dir);
+	NT_STATUS_HAVE_NO_MEMORY(tmp_str);
+	rv = mkdir(tmp_str, 0755);
+	if (rv < 0) {
+		DEBUG(0, ("Could not create the User dir: %s\n", tmp_str));
+		talloc_free(mem_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	tmp_str = talloc_asprintf(mem_ctx, "%s/Machine", policy_dir);
+	NT_STATUS_HAVE_NO_MEMORY(tmp_str);
+	rv = mkdir(tmp_str, 0755);
+	if (rv < 0) {
+		DEBUG(0, ("Could not create the Machine dir: %s\n", tmp_str));
+		talloc_free(mem_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	/* Create a GPT.INI with version 0 */
+
+	tmp_str = talloc_asprintf(mem_ctx, "%s/GPT.INI", policy_dir);
+	NT_STATUS_HAVE_NO_MEMORY(tmp_str);
+	fd = open(tmp_str, O_CREAT | O_WRONLY, 0644);
+	if (fd < 0) {
+		DEBUG(0, ("Could not create the GPT.INI: %s\n", tmp_str));
+		talloc_free(mem_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	rv = write(fd, file_content, strlen(file_content));
+	close(fd);
+	if (rv != strlen(file_content)) {
+		DEBUG(0, ("Short write in GPT.INI\n"));
+		talloc_free(mem_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	/* Upload the GPT to the sysvol share on a DC */
+	status = gp_push_gpt(gp_ctx, policy_dir, file_sys_path);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(mem_ctx);
+		return status;
+	}
+
+	talloc_free(mem_ctx);
+	return NT_STATUS_OK;
+}
+
+NTSTATUS gp_set_gpt_security_descriptor(struct gp_context *gp_ctx,
+                                        struct gp_object *gpo,
+                                        struct security_descriptor *sd)
+{
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+	union smb_setfileinfo fileinfo;
+	union smb_open io;
+	union smb_close io_close;
+
+	/* Create a connection to sysvol if it is not already there */
+	if (gp_ctx->cli == NULL) {
+		status = gp_cli_connect(gp_ctx);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0, ("Failed to create cli connection to DC\n"));
+			return status;
+		}
+	}
+
+	/* Create a forked memory context which can be freed easily */
+	mem_ctx = talloc_new(gp_ctx);
+	NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
+
+	/* Open the directory with NTCreate AndX call */
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+	                               NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = gp_get_share_path(mem_ctx, gpo->file_sys_path);
+	status = smb_raw_open(gp_ctx->cli->tree, mem_ctx, &io);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("Can't open GPT directory\n"));
+		talloc_free(mem_ctx);
+		return status;
+	}
+
+	/* Set the security descriptor on the directory */
+	fileinfo.generic.level = RAW_SFILEINFO_SEC_DESC;
+	fileinfo.set_secdesc.in.file.fnum = io.ntcreatex.out.file.fnum;
+	fileinfo.set_secdesc.in.secinfo_flags = SECINFO_PROTECTED_DACL |
+	                                        SECINFO_OWNER |
+	                                        SECINFO_GROUP |
+	                                        SECINFO_DACL;
+	fileinfo.set_secdesc.in.sd = sd;
+	status = smb_raw_setfileinfo(gp_ctx->cli->tree, &fileinfo);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("Failed to set security descriptor on the GPT\n"));
+		talloc_free(mem_ctx);
+		return status;
+	}
+
+	/* Close the directory */
+	io_close.close.level = RAW_CLOSE_CLOSE;
+	io_close.close.in.file.fnum = io.ntcreatex.out.file.fnum;
+	io_close.close.in.write_time = 0;
+	status = smb_raw_close(gp_ctx->cli->tree, &io_close);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("Failed to close directory\n"));
+		talloc_free(mem_ctx);
+		return status;
+	}
+
+	talloc_free(mem_ctx);
+	return NT_STATUS_OK;
+}
diff --git a/source4/lib/policy/gp_ini.c b/source4/lib/policy/gp_ini.c
new file mode 100644
index 0000000..da2f5f4
--- /dev/null
+++ b/source4/lib/policy/gp_ini.c
@@ -0,0 +1,133 @@
+
+/*
+ *  Unix SMB/CIFS implementation.
+ *  Group Policy Object Support
+ *  Copyright (C) Wilco Baan Hofman 2010
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#include "includes.h"
+#include "lib/util/samba_util.h"
+#include "lib/policy/policy.h"
+
+struct gp_parse_context {
+	struct gp_ini_context *ini;
+	int32_t cur_section;
+};
+
+
+static bool gp_add_ini_section(const char *name, void *callback_data)
+{
+	struct gp_parse_context *parse = callback_data;
+	struct gp_ini_context *ini = parse->ini;
+
+	ini->sections = talloc_realloc(ini, ini->sections, struct gp_ini_section, ini->num_sections+1);
+	if (ini->sections == NULL) return false;
+	ini->sections[ini->num_sections].name = talloc_strdup(ini, name);
+	if (ini->sections[ini->num_sections].name == NULL) return false;
+	parse->cur_section = ini->num_sections;
+	ini->num_sections++;
+
+	return true;
+}
+
+static bool gp_add_ini_param(const char *name, const char *value, void *callback_data)
+{
+	struct gp_parse_context *parse = callback_data;
+	struct gp_ini_context *ini = parse->ini;
+	struct gp_ini_section *section;
+
+	if (parse->cur_section == -1) {
+		return false;
+	}
+
+	section = &ini->sections[parse->cur_section];
+
+	section->params = talloc_realloc(ini, ini->sections[parse->cur_section].params, struct gp_ini_param, section->num_params+1);
+	if (section->params == NULL) return false;
+	section->params[section->num_params].name = talloc_strdup(ini, name);
+	if (section->params[section->num_params].name == NULL) return false;
+	section->params[section->num_params].value = talloc_strdup(ini, value);
+	if (section->params[section->num_params].value == NULL) return false;
+	section->num_params++;
+
+	return true;
+}
+
+NTSTATUS gp_parse_ini(TALLOC_CTX *mem_ctx, struct gp_context *gp_ctx, const char *filename, struct gp_ini_context **ret)
+{
+	struct gp_parse_context parse;
+	bool rv;
+
+	parse.ini = talloc_zero(mem_ctx, struct gp_ini_context);
+	NT_STATUS_HAVE_NO_MEMORY(parse.ini);
+	parse.cur_section = -1;
+
+	rv = pm_process(filename, gp_add_ini_section, gp_add_ini_param, &parse);
+	if (!rv) {
+		DEBUG(0, ("Error while processing ini file %s\n", filename));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	*ret = parse.ini;
+	return NT_STATUS_OK;
+}
+
+NTSTATUS gp_get_ini_string(struct gp_ini_context *ini, const char *section, const char *name, char **ret)
+{
+	uint16_t i;
+	int32_t cur_sec = -1;
+	for (i = 0; i < ini->num_sections; i++) {
+		if (strcmp(ini->sections[i].name, section) == 0) {
+			cur_sec = i;
+			break;
+		}
+	}
+
+	if (cur_sec == -1) {
+		return NT_STATUS_NOT_FOUND;
+	}
+
+	for (i = 0; i < ini->sections[cur_sec].num_params; i++) {
+		if (strcmp(ini->sections[cur_sec].params[i].name, name) == 0) {
+			*ret = ini->sections[cur_sec].params[i].value;
+			return NT_STATUS_OK;
+		}
+	}
+	return NT_STATUS_NOT_FOUND;
+}
+
+NTSTATUS gp_get_ini_uint(struct gp_ini_context *ini, const char *section, const char *name, uint32_t *ret)
+{
+	uint16_t i;
+	int32_t cur_sec = -1;
+	for (i = 0; i < ini->num_sections; i++) {
+		if (strcmp(ini->sections[i].name, section) == 0) {
+			cur_sec = i;
+			break;
+		}
+	}
+
+	if (cur_sec == -1) {
+		return NT_STATUS_NOT_FOUND;
+	}
+
+	for (i = 0; i < ini->sections[cur_sec].num_params; i++) {
+		if (strcmp(ini->sections[cur_sec].params[i].name, name) == 0) {
+			*ret = atol(ini->sections[cur_sec].params[i].value);
+			return NT_STATUS_OK;
+		}
+	}
+	return NT_STATUS_NOT_FOUND;
+}
diff --git a/source4/lib/policy/gp_ldap.c b/source4/lib/policy/gp_ldap.c
new file mode 100644
index 0000000..67b329b
--- /dev/null
+++ b/source4/lib/policy/gp_ldap.c
@@ -0,0 +1,1130 @@
+/*
+ *  Unix SMB/CIFS implementation.
+ *  Group Policy Object Support
+ *  Copyright (C) Jelmer Vernooij 2008
+ *  Copyright (C) Wilco Baan Hofman 2008-2010
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#include "includes.h"
+#include "param/param.h"
+#include <ldb.h>
+#include "lib/ldb-samba/ldb_wrap.h"
+#include "auth/credentials/credentials.h"
+#include "../librpc/gen_ndr/nbt.h"
+#include "libcli/libcli.h"
+#include "libnet/libnet.h"
+#include "../librpc/gen_ndr/ndr_security.h"
+#include "../libcli/security/security.h"
+#include "libcli/ldap/ldap_ndr.h"
+#include "../lib/talloc/talloc.h"
+#include "lib/policy/policy.h"
+
+struct gpo_stringmap {
+	const char *str;
+	uint32_t flags;
+};
+static const struct gpo_stringmap gplink_options [] = {
+	{ "GPLINK_OPT_DISABLE", GPLINK_OPT_DISABLE },
+	{ "GPLINK_OPT_ENFORCE", GPLINK_OPT_ENFORCE },
+	{ NULL, 0 }
+};
+static const struct gpo_stringmap gpo_flags [] = {
+	{ "GPO_FLAG_USER_DISABLE", GPO_FLAG_USER_DISABLE },
+	{ "GPO_FLAG_MACHINE_DISABLE", GPO_FLAG_MACHINE_DISABLE },
+	{ NULL, 0 }
+};
+
+static NTSTATUS parse_gpo(TALLOC_CTX *mem_ctx, struct ldb_message *msg, struct gp_object **ret)
+{
+	struct gp_object *gpo = talloc(mem_ctx, struct gp_object);
+	enum ndr_err_code ndr_err;
+	const DATA_BLOB *data;
+
+	NT_STATUS_HAVE_NO_MEMORY(gpo);
+
+	gpo->dn = talloc_strdup(mem_ctx, ldb_dn_get_linearized(msg->dn));
+	if (gpo->dn == NULL) {
+		TALLOC_FREE(gpo);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	DEBUG(9, ("Parsing GPO LDAP data for %s\n", gpo->dn));
+
+	gpo->display_name = talloc_strdup(gpo, ldb_msg_find_attr_as_string(msg, "displayName", ""));
+	if (gpo->display_name == NULL) {
+		TALLOC_FREE(gpo);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	gpo->name = talloc_strdup(gpo, ldb_msg_find_attr_as_string(msg, "name", ""));
+	if (gpo->name == NULL) {
+		TALLOC_FREE(gpo);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	gpo->flags = ldb_msg_find_attr_as_uint(msg, "flags", 0);
+	gpo->version = ldb_msg_find_attr_as_uint(msg, "versionNumber", 0);
+
+	gpo->file_sys_path = talloc_strdup(gpo, ldb_msg_find_attr_as_string(msg, "gPCFileSysPath", ""));
+	if (gpo->file_sys_path == NULL) {
+		TALLOC_FREE(gpo);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* Pull the security descriptor through the NDR library */
+	data = ldb_msg_find_ldb_val(msg, "nTSecurityDescriptor");
+	gpo->security_descriptor = talloc(gpo, struct security_descriptor);
+	if (gpo->security_descriptor == NULL) {
+		TALLOC_FREE(gpo);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ndr_err = ndr_pull_struct_blob(data,
+			mem_ctx,
+			gpo->security_descriptor,
+			(ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+
+	*ret = gpo;
+	return NT_STATUS_OK;
+}
+
+NTSTATUS gp_get_gpo_flags(TALLOC_CTX *mem_ctx, uint32_t flags, const char ***ret)
+{
+	unsigned int i, count=0;
+	const char **flag_strs = talloc_array(mem_ctx, const char *, 1);
+
+	NT_STATUS_HAVE_NO_MEMORY(flag_strs);
+
+	flag_strs[0] = NULL;
+
+	for (i = 0; gpo_flags[i].str != NULL; i++) {
+		if (flags & gpo_flags[i].flags) {
+			flag_strs = talloc_realloc(mem_ctx, flag_strs, const char *, count+2);
+			NT_STATUS_HAVE_NO_MEMORY(flag_strs);
+			flag_strs[count] = gpo_flags[i].str;
+			flag_strs[count+1] = NULL;
+			count++;
+		}
+	}
+	*ret = flag_strs;
+	return NT_STATUS_OK;
+}
+
+NTSTATUS gp_get_gplink_options(TALLOC_CTX *mem_ctx, uint32_t options, const char ***ret)
+{
+	unsigned int i, count=0;
+	const char **flag_strs = talloc_array(mem_ctx, const char *, 1);
+
+	NT_STATUS_HAVE_NO_MEMORY(flag_strs);
+	flag_strs[0] = NULL;
+
+	for (i = 0; gplink_options[i].str != NULL; i++) {
+		if (options & gplink_options[i].flags) {
+			flag_strs = talloc_realloc(mem_ctx, flag_strs, const char *, count+2);
+			NT_STATUS_HAVE_NO_MEMORY(flag_strs);
+			flag_strs[count] = gplink_options[i].str;
+			flag_strs[count+1] = NULL;
+			count++;
+		}
+	}
+	*ret = flag_strs;
+	return NT_STATUS_OK;
+}
+
+NTSTATUS gp_init(TALLOC_CTX *mem_ctx,
+		struct loadparm_context *lp_ctx,
+		struct cli_credentials *credentials,
+		struct tevent_context *ev_ctx,
+		struct gp_context **gp_ctx)
+{
+
+	struct libnet_LookupDCs *io;
+	char *url;
+	struct libnet_context *net_ctx;
+	struct ldb_context *ldb_ctx;
+	NTSTATUS rv;
+
+	/* Initialise the libnet context */
+	net_ctx = libnet_context_init(ev_ctx, lp_ctx);
+	net_ctx->cred = credentials;
+
+	/* Prepare libnet lookup structure for looking a DC (PDC is correct). */
+	io = talloc_zero(mem_ctx, struct libnet_LookupDCs);
+	NT_STATUS_HAVE_NO_MEMORY(io);
+	io->in.name_type = NBT_NAME_PDC;
+	io->in.domain_name = lpcfg_workgroup(lp_ctx);
+
+	/* Find Active DC's */
+	rv = libnet_LookupDCs(net_ctx, mem_ctx, io);
+	if (!NT_STATUS_IS_OK(rv)) {
+		DEBUG(0, ("Failed to lookup DCs in domain\n"));
+		return rv;
+	}
+
+	/* Connect to ldap://DC_NAME with all relevant contexts*/
+	url = talloc_asprintf(mem_ctx, "ldap://%s", io->out.dcs[0].name);
+	NT_STATUS_HAVE_NO_MEMORY(url);
+	ldb_ctx = ldb_wrap_connect(mem_ctx, net_ctx->event_ctx, lp_ctx,
+			url, NULL, net_ctx->cred, 0);
+	if (ldb_ctx == NULL) {
+		DEBUG(0, ("Can't connect to DC's LDAP with url %s\n", url));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	*gp_ctx = talloc_zero(mem_ctx, struct gp_context);
+	NT_STATUS_HAVE_NO_MEMORY(gp_ctx);
+
+	(*gp_ctx)->lp_ctx = lp_ctx;
+	(*gp_ctx)->credentials = credentials;
+	(*gp_ctx)->ev_ctx = ev_ctx;
+	(*gp_ctx)->ldb_ctx = ldb_ctx;
+	(*gp_ctx)->active_dc = talloc_reference(*gp_ctx, &io->out.dcs[0]);
+
+	/* We don't need to keep the libnet context */
+	talloc_free(net_ctx);
+	return NT_STATUS_OK;
+}
+
+NTSTATUS gp_list_all_gpos(struct gp_context *gp_ctx, struct gp_object ***ret)
+{
+	struct ldb_result *result;
+	int rv;
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx;
+	struct ldb_dn *dn;
+	struct gp_object **gpo;
+	unsigned int i; /* same as in struct ldb_result */
+	const char **attrs;
+
+	/* Create a forked memory context, as a base for everything here */
+	mem_ctx = talloc_new(gp_ctx);
+	NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
+
+	/* Create full ldb dn of the policies base object */
+	dn = ldb_get_default_basedn(gp_ctx->ldb_ctx);
+	rv = ldb_dn_add_child(dn, ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, "CN=Policies,CN=System"));
+	if (!rv) {
+		DEBUG(0, ("Can't append subtree to DN\n"));
+		talloc_free(mem_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	DEBUG(10, ("Searching for policies in DN: %s\n", ldb_dn_get_linearized(dn)));
+
+	attrs = talloc_array(mem_ctx, const char *, 7);
+	if (attrs == NULL) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	attrs[0] = "nTSecurityDescriptor";
+	attrs[1] = "versionNumber";
+	attrs[2] = "flags";
+	attrs[3] = "name";
+	attrs[4] = "displayName";
+	attrs[5] = "gPCFileSysPath";
+	attrs[6] = NULL;
+
+	rv = ldb_search(gp_ctx->ldb_ctx, mem_ctx, &result, dn, LDB_SCOPE_ONELEVEL, attrs, "(objectClass=groupPolicyContainer)");
+	if (rv != LDB_SUCCESS) {
+		DEBUG(0, ("LDB search failed: %s\n%s\n", ldb_strerror(rv), ldb_errstring(gp_ctx->ldb_ctx)));
+		talloc_free(mem_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	gpo = talloc_array(gp_ctx, struct gp_object *, result->count+1);
+	if (gpo == NULL) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	gpo[result->count] = NULL;
+
+	for (i = 0; i < result->count; i++) {
+		status = parse_gpo(gp_ctx, result->msgs[i], &gpo[i]);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0, ("Failed to parse GPO.\n"));
+			talloc_free(mem_ctx);
+			return status;
+		}
+	}
+
+	talloc_free(mem_ctx);
+
+	*ret = gpo;
+	return NT_STATUS_OK;
+}
+
+NTSTATUS gp_get_gpo_info(struct gp_context *gp_ctx, const char *dn_str, struct gp_object **ret)
+{
+	struct ldb_result *result;
+	struct ldb_dn *dn;
+	struct gp_object *gpo;
+	int rv;
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx;
+	const char **attrs;
+
+	/* Create a forked memory context, as a base for everything here */
+	mem_ctx = talloc_new(gp_ctx);
+	NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
+
+	/* Create an ldb dn struct for the dn string */
+	dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, dn_str);
+
+	attrs = talloc_array(mem_ctx, const char *, 7);
+	if (attrs == NULL) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	attrs[0] = "nTSecurityDescriptor";
+	attrs[1] = "versionNumber";
+	attrs[2] = "flags";
+	attrs[3] = "name";
+	attrs[4] = "displayName";
+	attrs[5] = "gPCFileSysPath";
+	attrs[6] = NULL;
+
+	rv = ldb_search(gp_ctx->ldb_ctx,
+			mem_ctx,
+			&result,
+			dn,
+			LDB_SCOPE_BASE,
+			attrs,
+			"objectClass=groupPolicyContainer");
+	if (rv != LDB_SUCCESS) {
+		DEBUG(0, ("LDB search failed: %s\n%s\n", ldb_strerror(rv), ldb_errstring(gp_ctx->ldb_ctx)));
+		talloc_free(mem_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	/* We expect exactly one record */
+	if (result->count != 1) {
+		DEBUG(0, ("Could not find GPC with dn %s\n", dn_str));
+		talloc_free(mem_ctx);
+		return NT_STATUS_NOT_FOUND;
+	}
+
+	status = parse_gpo(gp_ctx, result->msgs[0], &gpo);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("Failed to parse GPO.\n"));
+		talloc_free(mem_ctx);
+		return status;
+	}
+
+	talloc_free(mem_ctx);
+
+	*ret = gpo;
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS parse_gplink (TALLOC_CTX *mem_ctx, const char *gplink_str, struct gp_link ***ret)
+{
+	int start, idx=0;
+	int pos;
+	struct gp_link **gplinks;
+	char *buf, *end;
+	const char *gplink_start = "[LDAP://";
+
+	gplinks = talloc_array(mem_ctx, struct gp_link *, 1);
+	NT_STATUS_HAVE_NO_MEMORY(gplinks);
+
+	gplinks[0] = NULL;
+
+	/* Assuming every gPLink starts with "[LDAP://" */
+	start = strlen(gplink_start);
+
+	for (pos = start; pos < strlen(gplink_str); pos++) {
+		if (gplink_str[pos] == ';') {
+			gplinks = talloc_realloc(mem_ctx, gplinks, struct gp_link *, idx+2);
+			NT_STATUS_HAVE_NO_MEMORY(gplinks);
+			gplinks[idx] = talloc(mem_ctx, struct gp_link);
+			NT_STATUS_HAVE_NO_MEMORY(gplinks[idx]);
+			gplinks[idx]->dn = talloc_strndup(mem_ctx,
+			                                  gplink_str + start,
+			                                  pos - start);
+			if (gplinks[idx]->dn == NULL) {
+				TALLOC_FREE(gplinks);
+				return NT_STATUS_NO_MEMORY;
+			}
+
+			for (start = pos + 1; gplink_str[pos] != ']'; pos++);
+
+			buf = talloc_strndup(gplinks, gplink_str + start, pos - start);
+			if (buf == NULL) {
+				TALLOC_FREE(gplinks);
+				return NT_STATUS_NO_MEMORY;
+			}
+			gplinks[idx]->options = (uint32_t) strtoll(buf, &end, 0);
+			talloc_free(buf);
+
+			/* Set the last entry in the array to be NULL */
+			gplinks[idx + 1] = NULL;
+
+			/* Increment the array index, the string position past
+			   the next "[LDAP://", and set the start reference */
+			idx++;
+			pos += strlen(gplink_start)+1;
+			start = pos;
+		}
+	}
+
+	*ret = gplinks;
+	return NT_STATUS_OK;
+}
+
+
+NTSTATUS gp_get_gplinks(struct gp_context *gp_ctx, const char *dn_str, struct gp_link ***ret)
+{
+	TALLOC_CTX *mem_ctx;
+	struct ldb_dn *dn;
+	struct ldb_result *result;
+	struct gp_link **gplinks;
+	char *gplink_str;
+	int rv;
+	unsigned int i;
+	NTSTATUS status;
+
+	/* Create a forked memory context, as a base for everything here */
+	mem_ctx = talloc_new(gp_ctx);
+	NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
+
+	dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, dn_str);
+
+	rv = ldb_search(gp_ctx->ldb_ctx, mem_ctx, &result, dn, LDB_SCOPE_BASE, NULL, "(objectclass=*)");
+	if (rv != LDB_SUCCESS) {
+		DEBUG(0, ("LDB search failed: %s\n%s\n", ldb_strerror(rv), ldb_errstring(gp_ctx->ldb_ctx)));
+		talloc_free(mem_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	for (i = 0; i < result->count; i++) {
+		struct ldb_message_element *element = \
+			ldb_msg_find_element(result->msgs[i], "gPLink");
+		if (element != NULL) {
+			SMB_ASSERT(element->num_values > 0);
+			gplink_str = talloc_strdup(
+				mem_ctx,
+				(char *) element->values[0].data);
+			if (gplink_str == NULL) {
+				TALLOC_FREE(mem_ctx);
+				return NT_STATUS_NO_MEMORY;
+			}
+			goto found;
+		}
+	}
+	gplink_str = talloc_strdup(mem_ctx, "");
+	if (gplink_str == NULL) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	found:
+
+	status = parse_gplink(gp_ctx, gplink_str, &gplinks);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("Failed to parse gPLink\n"));
+		return status;
+	}
+
+	talloc_free(mem_ctx);
+
+	*ret = gplinks;
+	return NT_STATUS_OK;
+}
+
+NTSTATUS gp_list_gpos(struct gp_context *gp_ctx, struct security_token *token, const char ***ret)
+{
+	TALLOC_CTX *mem_ctx;
+	const char **gpos;
+	struct ldb_result *result;
+	char *sid;
+	struct ldb_dn *dn;
+	struct ldb_message_element *element;
+	bool inherit;
+	const char *attrs[] = { "objectClass", NULL };
+	int rv;
+	NTSTATUS status;
+	unsigned int count = 0;
+	unsigned int i;
+	enum {
+		ACCOUNT_TYPE_USER = 0,
+		ACCOUNT_TYPE_MACHINE = 1
+	} account_type;
+
+	/* Create a forked memory context, as a base for everything here */
+	mem_ctx = talloc_new(gp_ctx);
+	NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
+
+	sid = ldap_encode_ndr_dom_sid(mem_ctx,
+				      &token->sids[PRIMARY_USER_SID_INDEX]);
+	NT_STATUS_HAVE_NO_MEMORY(sid);
+
+	/* Find the user DN and objectclass via the sid from the security token */
+	rv = ldb_search(gp_ctx->ldb_ctx,
+			mem_ctx,
+			&result,
+			ldb_get_default_basedn(gp_ctx->ldb_ctx),
+			LDB_SCOPE_SUBTREE,
+			attrs,
+			"(&(objectclass=user)(objectSid=%s))", sid);
+	if (rv != LDB_SUCCESS) {
+		DEBUG(0, ("LDB search failed: %s\n%s\n", ldb_strerror(rv),
+				ldb_errstring(gp_ctx->ldb_ctx)));
+		talloc_free(mem_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	if (result->count != 1) {
+		DEBUG(0, ("Could not find user with sid %s.\n", sid));
+		talloc_free(mem_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	DEBUG(10,("Found DN for this user: %s\n", ldb_dn_get_linearized(result->msgs[0]->dn)));
+
+	element = ldb_msg_find_element(result->msgs[0], "objectClass");
+
+	/* We need to know if this account is a user or machine. */
+	account_type = ACCOUNT_TYPE_USER;
+	for (i = 0; i < element->num_values; i++) {
+		if (strcmp((char *)element->values[i].data, "computer") == 0) {
+			account_type = ACCOUNT_TYPE_MACHINE;
+			DEBUG(10, ("This user is a machine\n"));
+		}
+	}
+
+	gpos = talloc_array(gp_ctx, const char *, 1);
+	if (gpos == NULL) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+	gpos[0] = NULL;
+
+	/* Walk through the containers until we hit the root */
+	inherit = 1;
+	dn = ldb_dn_get_parent(mem_ctx, result->msgs[0]->dn);
+	while (ldb_dn_compare_base(ldb_get_default_basedn(gp_ctx->ldb_ctx), dn) == 0) {
+		const char *gpo_attrs[] = { "gPLink", "gPOptions", NULL };
+		struct gp_link **gplinks;
+		enum gpo_inheritance gpoptions;
+
+		DEBUG(10, ("Getting gPLinks for DN: %s\n", ldb_dn_get_linearized(dn)));
+
+		/* Get the gPLink and gPOptions attributes from the container */
+		rv = ldb_search(gp_ctx->ldb_ctx,
+				mem_ctx,
+				&result,
+				dn,
+				LDB_SCOPE_BASE,
+				gpo_attrs,
+				"objectclass=*");
+		if (rv != LDB_SUCCESS) {
+			DEBUG(0, ("LDB search failed: %s\n%s\n", ldb_strerror(rv),
+					ldb_errstring(gp_ctx->ldb_ctx)));
+			talloc_free(mem_ctx);
+			return NT_STATUS_UNSUCCESSFUL;
+		}
+
+		/* Parse the gPLink attribute, put it into a nice struct array */
+		status = parse_gplink(mem_ctx, ldb_msg_find_attr_as_string(result->msgs[0], "gPLink", ""), &gplinks);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0, ("Failed to parse gPLink\n"));
+			talloc_free(mem_ctx);
+			return status;
+		}
+
+		/* Check all group policy links on this container */
+		for (i = 0; gplinks[i] != NULL; i++) {
+			struct gp_object *gpo;
+			uint32_t access_granted;
+
+			/* If inheritance was blocked at a higher level and this
+			 * gplink is not enforced, it should not be applied */
+			if (!inherit && !(gplinks[i]->options & GPLINK_OPT_ENFORCE))
+				continue;
+
+			/* Don't apply disabled links */
+			if (gplinks[i]->options & GPLINK_OPT_DISABLE)
+				continue;
+
+			/* Get GPO information */
+			status = gp_get_gpo_info(gp_ctx, gplinks[i]->dn, &gpo);
+			if (!NT_STATUS_IS_OK(status)) {
+				DEBUG(0, ("Failed to get gpo information for %s\n", gplinks[i]->dn));
+				talloc_free(mem_ctx);
+				return status;
+			}
+
+			/* If the account does not have read access, this GPO does not apply
+			 * to this account */
+			status = se_access_check(gpo->security_descriptor,
+					token,
+					(SEC_STD_READ_CONTROL | SEC_ADS_LIST | SEC_ADS_READ_PROP),
+					&access_granted);
+			if (!NT_STATUS_IS_OK(status)) {
+				continue;
+			}
+
+			/* If the account is a user and the GPO has user disabled flag, or
+			 * a machine and the GPO has machine disabled flag, this GPO does
+			 * not apply to this account */
+			if ((account_type == ACCOUNT_TYPE_USER &&
+					(gpo->flags & GPO_FLAG_USER_DISABLE)) ||
+					(account_type == ACCOUNT_TYPE_MACHINE &&
+					(gpo->flags & GPO_FLAG_MACHINE_DISABLE))) {
+				continue;
+			}
+
+			/* Add the GPO to the list */
+			gpos = talloc_realloc(gp_ctx, gpos, const char *, count+2);
+			if (gpos == NULL) {
+				TALLOC_FREE(mem_ctx);
+				return NT_STATUS_NO_MEMORY;
+			}
+			gpos[count] = talloc_strdup(gp_ctx, gplinks[i]->dn);
+			if (gpos[count] == NULL) {
+				TALLOC_FREE(mem_ctx);
+				return NT_STATUS_NO_MEMORY;
+			}
+			gpos[count+1] = NULL;
+			count++;
+
+			/* Clean up */
+			talloc_free(gpo);
+		}
+
+		/* If inheritance is blocked, then we should only add enforced gPLinks
+		 * higher up */
+		gpoptions = ldb_msg_find_attr_as_uint(result->msgs[0], "gPOptions", 0);
+		if (gpoptions == GPO_BLOCK_INHERITANCE) {
+			inherit = 0;
+		}
+		dn = ldb_dn_get_parent(mem_ctx, dn);
+	}
+
+	talloc_free(mem_ctx);
+
+	*ret = gpos;
+	return NT_STATUS_OK;
+}
+
+NTSTATUS gp_set_gplink(struct gp_context *gp_ctx, const char *dn_str, struct gp_link *gplink)
+{
+	TALLOC_CTX *mem_ctx;
+	struct ldb_result *result;
+	struct ldb_dn *dn;
+	struct ldb_message *msg;
+	const char *attrs[] = { "gPLink", NULL };
+	const char *gplink_str;
+	int rv;
+	char *start;
+
+	/* Create a forked memory context, as a base for everything here */
+	mem_ctx = talloc_new(gp_ctx);
+	NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
+
+	dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, dn_str);
+
+	rv = ldb_search(gp_ctx->ldb_ctx, mem_ctx, &result, dn, LDB_SCOPE_BASE, attrs, "(objectclass=*)");
+	if (rv != LDB_SUCCESS) {
+		DEBUG(0, ("LDB search failed: %s\n%s\n", ldb_strerror(rv), ldb_errstring(gp_ctx->ldb_ctx)));
+		talloc_free(mem_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	if (result->count != 1) {
+		talloc_free(mem_ctx);
+		return NT_STATUS_NOT_FOUND;
+	}
+
+	gplink_str = ldb_msg_find_attr_as_string(result->msgs[0], "gPLink", "");
+
+	/* If this GPO link already exists, alter the options, else add it */
+	if ((start = strcasestr(gplink_str, gplink->dn)) != NULL) {
+		start += strlen(gplink->dn);
+		*start = '\0';
+		start++;
+		while (*start != ']' && *start != '\0') {
+			start++;
+		}
+		gplink_str = talloc_asprintf(mem_ctx, "%s;%d%s", gplink_str, gplink->options, start);
+		if (gplink_str == NULL) {
+			TALLOC_FREE(mem_ctx);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+	} else {
+		/* Prepend the new GPO link to the string. This list is backwards in priority. */
+		gplink_str = talloc_asprintf(mem_ctx, "[LDAP://%s;%d]%s", gplink->dn, gplink->options, gplink_str);
+		if (gplink_str == NULL) {
+			TALLOC_FREE(mem_ctx);
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
+
+
+	msg = ldb_msg_new(mem_ctx);
+	if (msg == NULL) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	msg->dn = dn;
+
+	rv = ldb_msg_add_string(msg, "gPLink", gplink_str);
+	if (rv != LDB_SUCCESS) {
+		DEBUG(0, ("LDB message add string failed: %s\n", ldb_strerror(rv)));
+		talloc_free(mem_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	msg->elements[0].flags = LDB_FLAG_MOD_REPLACE;
+
+	rv = ldb_modify(gp_ctx->ldb_ctx, msg);
+	if (rv != LDB_SUCCESS) {
+		DEBUG(0, ("LDB modify failed: %s\n", ldb_strerror(rv)));
+		talloc_free(mem_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	talloc_free(mem_ctx);
+	return NT_STATUS_OK;
+}
+
+NTSTATUS gp_del_gplink(struct gp_context *gp_ctx, const char *dn_str, const char *gplink_dn)
+{
+	TALLOC_CTX *mem_ctx;
+	struct ldb_result *result;
+	struct ldb_dn *dn;
+	struct ldb_message *msg;
+	const char *attrs[] = { "gPLink", NULL };
+	const char *gplink_str, *search_string;
+	int rv;
+	char *p;
+
+	/* Create a forked memory context, as a base for everything here */
+	mem_ctx = talloc_new(gp_ctx);
+	NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
+
+	dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, dn_str);
+
+	rv = ldb_search(gp_ctx->ldb_ctx, mem_ctx, &result, dn, LDB_SCOPE_BASE, attrs, "(objectclass=*)");
+	if (rv != LDB_SUCCESS) {
+		DEBUG(0, ("LDB search failed: %s\n%s\n", ldb_strerror(rv), ldb_errstring(gp_ctx->ldb_ctx)));
+		talloc_free(mem_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	if (result->count != 1) {
+		talloc_free(mem_ctx);
+		return NT_STATUS_NOT_FOUND;
+	}
+
+	gplink_str = ldb_msg_find_attr_as_string(result->msgs[0], "gPLink", "");
+
+	/* If this GPO link already exists, alter the options, else add it */
+	search_string = talloc_asprintf(mem_ctx, "[LDAP://%s]", gplink_dn);
+	if (search_string == NULL) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	p = strcasestr(gplink_str, search_string);
+	if (p == NULL) {
+		talloc_free(mem_ctx);
+		return NT_STATUS_NOT_FOUND;
+	}
+
+	*p = '\0';
+	p++;
+	while (*p != ']' && *p != '\0') {
+		p++;
+	}
+	p++;
+	gplink_str = talloc_asprintf(mem_ctx, "%s%s", gplink_str, p);
+	if (gplink_str == NULL) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+
+	msg = ldb_msg_new(mem_ctx);
+	if (msg == NULL) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	msg->dn = dn;
+
+	if (strcmp(gplink_str, "") == 0) {
+		rv = ldb_msg_add_empty(msg, "gPLink", LDB_FLAG_MOD_DELETE, NULL);
+		if (rv != LDB_SUCCESS) {
+			DEBUG(0, ("LDB message add empty element failed: %s\n", ldb_strerror(rv)));
+			talloc_free(mem_ctx);
+			return NT_STATUS_UNSUCCESSFUL;
+		}
+	} else {
+		rv = ldb_msg_add_string(msg, "gPLink", gplink_str);
+		if (rv != LDB_SUCCESS) {
+			DEBUG(0, ("LDB message add string failed: %s\n", ldb_strerror(rv)));
+			talloc_free(mem_ctx);
+			return NT_STATUS_UNSUCCESSFUL;
+		}
+		msg->elements[0].flags = LDB_FLAG_MOD_REPLACE;
+	}
+	rv = ldb_modify(gp_ctx->ldb_ctx, msg);
+	if (rv != LDB_SUCCESS) {
+		DEBUG(0, ("LDB modify failed: %s\n", ldb_strerror(rv)));
+		talloc_free(mem_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	talloc_free(mem_ctx);
+	return NT_STATUS_OK;
+}
+
+NTSTATUS gp_get_inheritance(struct gp_context *gp_ctx, const char *dn_str, enum gpo_inheritance *inheritance)
+{
+	TALLOC_CTX *mem_ctx;
+	struct ldb_result *result;
+	struct ldb_dn *dn;
+	const char *attrs[] = { "gPOptions", NULL };
+	int rv;
+
+	/* Create a forked memory context, as a base for everything here */
+	mem_ctx = talloc_new(gp_ctx);
+	NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
+
+	dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, dn_str);
+
+	rv = ldb_search(gp_ctx->ldb_ctx, mem_ctx, &result, dn, LDB_SCOPE_BASE, attrs, "(objectclass=*)");
+	if (rv != LDB_SUCCESS) {
+		DEBUG(0, ("LDB search failed: %s\n%s\n", ldb_strerror(rv), ldb_errstring(gp_ctx->ldb_ctx)));
+		talloc_free(mem_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	if (result->count != 1) {
+		talloc_free(mem_ctx);
+		return NT_STATUS_NOT_FOUND;
+	}
+
+	*inheritance = ldb_msg_find_attr_as_uint(result->msgs[0], "gPOptions", 0);
+
+	talloc_free(mem_ctx);
+	return NT_STATUS_OK;
+}
+
+NTSTATUS gp_set_inheritance(struct gp_context *gp_ctx, const char *dn_str, enum gpo_inheritance inheritance)
+{
+	char *inheritance_string;
+	struct ldb_message *msg;
+	int rv;
+
+	msg = ldb_msg_new(gp_ctx);
+	NT_STATUS_HAVE_NO_MEMORY(msg);
+
+	msg->dn = ldb_dn_new(msg, gp_ctx->ldb_ctx, dn_str);
+
+	inheritance_string = talloc_asprintf(msg, "%d", inheritance);
+	if (inheritance_string == NULL) {
+		TALLOC_FREE(msg);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	rv = ldb_msg_add_string(msg, "gPOptions", inheritance_string);
+	if (rv != LDB_SUCCESS) {
+		DEBUG(0, ("LDB message add string failed: %s\n", ldb_strerror(rv)));
+		talloc_free(msg);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	msg->elements[0].flags = LDB_FLAG_MOD_REPLACE;
+
+	rv = ldb_modify(gp_ctx->ldb_ctx, msg);
+	if (rv != LDB_SUCCESS) {
+		DEBUG(0, ("LDB modify failed: %s\n", ldb_strerror(rv)));
+		talloc_free(msg);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	talloc_free(msg);
+	return NT_STATUS_OK;
+}
+
+NTSTATUS gp_create_ldap_gpo(struct gp_context *gp_ctx, struct gp_object *gpo)
+{
+	struct ldb_message *msg;
+	TALLOC_CTX *mem_ctx;
+	int rv;
+	char *dn_str, *flags_str, *version_str;
+	struct ldb_dn *child_dn, *gpo_dn;
+
+	mem_ctx = talloc_new(gp_ctx);
+	NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
+
+	/* CN={GUID} */
+	msg = ldb_msg_new(mem_ctx);
+	if (msg == NULL) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	msg->dn = ldb_get_default_basedn(gp_ctx->ldb_ctx);
+	dn_str = talloc_asprintf(mem_ctx, "CN=%s,CN=Policies,CN=System", gpo->name);
+	if (dn_str == NULL) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	child_dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, dn_str);
+	rv = ldb_dn_add_child(msg->dn, child_dn);
+	if (!rv) goto ldb_msg_add_error;
+
+	flags_str = talloc_asprintf(mem_ctx, "%d", gpo->flags);
+	if (flags_str == NULL) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	version_str = talloc_asprintf(mem_ctx, "%d", gpo->version);
+	if (version_str == NULL) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	rv = ldb_msg_add_string(msg, "objectClass", "top");
+	if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
+	rv = ldb_msg_add_string(msg, "objectClass", "container");
+	if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
+	rv = ldb_msg_add_string(msg, "objectClass", "groupPolicyContainer");
+	if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
+	rv = ldb_msg_add_string(msg, "displayName", gpo->display_name);
+	if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
+	rv = ldb_msg_add_string(msg, "name", gpo->name);
+	if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
+	rv = ldb_msg_add_string(msg, "CN", gpo->name);
+	if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
+	rv = ldb_msg_add_string(msg, "gPCFileSysPath", gpo->file_sys_path);
+	if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
+	rv = ldb_msg_add_string(msg, "flags", flags_str);
+	if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
+	rv = ldb_msg_add_string(msg, "versionNumber", version_str);
+	if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
+	rv = ldb_msg_add_string(msg, "showInAdvancedViewOnly", "TRUE");
+	if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
+	rv = ldb_msg_add_string(msg, "gpCFunctionalityVersion", "2");
+	if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
+
+	rv = ldb_add(gp_ctx->ldb_ctx, msg);
+	if (rv != LDB_SUCCESS) {
+		DEBUG(0, ("LDB add error: %s\n", ldb_errstring(gp_ctx->ldb_ctx)));
+		talloc_free(mem_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	gpo_dn = msg->dn;
+
+	/* CN=User */
+	msg = ldb_msg_new(mem_ctx);
+	if (msg == NULL) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	msg->dn = ldb_dn_copy(mem_ctx, gpo_dn);
+	child_dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, "CN=User");
+	rv = ldb_dn_add_child(msg->dn, child_dn);
+	if (!rv) goto ldb_msg_add_error;
+
+	rv = ldb_msg_add_string(msg, "objectClass", "top");
+	if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
+	rv = ldb_msg_add_string(msg, "objectClass", "container");
+	if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
+	rv = ldb_msg_add_string(msg, "showInAdvancedViewOnly", "TRUE");
+	if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
+	rv = ldb_msg_add_string(msg, "CN", "User");
+	if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
+	rv = ldb_msg_add_string(msg, "name", "User");
+	if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
+
+	rv = ldb_add(gp_ctx->ldb_ctx, msg);
+	if (rv != LDB_SUCCESS) {
+		DEBUG(0, ("LDB add error: %s\n", ldb_errstring(gp_ctx->ldb_ctx)));
+		talloc_free(mem_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	/* CN=Machine */
+	msg = ldb_msg_new(mem_ctx);
+	if (msg == NULL) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	msg->dn = ldb_dn_copy(mem_ctx, gpo_dn);
+	child_dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, "CN=Machine");
+	rv = ldb_dn_add_child(msg->dn, child_dn);
+	if (!rv) goto ldb_msg_add_error;
+
+	rv = ldb_msg_add_string(msg, "objectClass", "top");
+	if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
+	rv = ldb_msg_add_string(msg, "objectClass", "container");
+	if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
+	rv = ldb_msg_add_string(msg, "showInAdvancedViewOnly", "TRUE");
+	if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
+	rv = ldb_msg_add_string(msg, "CN", "Machine");
+	if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
+	rv = ldb_msg_add_string(msg, "name", "Machine");
+	if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
+
+	rv = ldb_add(gp_ctx->ldb_ctx, msg);
+	if (rv != LDB_SUCCESS) {
+		DEBUG(0, ("LDB add error: %s\n", ldb_errstring(gp_ctx->ldb_ctx)));
+		talloc_free(mem_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	gpo->dn = talloc_strdup(gpo, ldb_dn_get_linearized(gpo_dn));
+	if (gpo->dn == NULL) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	talloc_free(mem_ctx);
+	return NT_STATUS_OK;
+
+	ldb_msg_add_error:
+	DEBUG(0, ("LDB Error adding element to ldb message\n"));
+	talloc_free(mem_ctx);
+	return NT_STATUS_UNSUCCESSFUL;
+}
+
+NTSTATUS gp_set_ads_acl (struct gp_context *gp_ctx, const char *dn_str, const struct security_descriptor *sd)
+{
+	TALLOC_CTX *mem_ctx;
+	DATA_BLOB data;
+	enum ndr_err_code ndr_err;
+	struct ldb_message *msg;
+	int rv;
+
+	/* Create a forked memory context to clean up easily */
+	mem_ctx = talloc_new(gp_ctx);
+	NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
+
+	/* Push the security descriptor through the NDR library */
+	ndr_err = ndr_push_struct_blob(&data,
+			mem_ctx,
+			sd,
+			(ndr_push_flags_fn_t)ndr_push_security_descriptor);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+
+
+	/* Create a LDB message */
+	msg = ldb_msg_new(mem_ctx);
+	if (msg == NULL) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	msg->dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, dn_str);
+
+	rv = ldb_msg_add_value(msg, "nTSecurityDescriptor", &data, NULL);
+	if (rv != LDB_SUCCESS) {
+		DEBUG(0, ("LDB message add element failed for adding nTSecurityDescriptor: %s\n", ldb_strerror(rv)));
+		talloc_free(mem_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	msg->elements[0].flags = LDB_FLAG_MOD_REPLACE;
+
+	rv = ldb_modify(gp_ctx->ldb_ctx, msg);
+	if (rv != LDB_SUCCESS) {
+		DEBUG(0, ("LDB modify failed: %s\n", ldb_strerror(rv)));
+		talloc_free(mem_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	talloc_free(mem_ctx);
+	return NT_STATUS_OK;
+}
+
+/* This function sets flags, version and displayName on a GPO */
+NTSTATUS gp_set_ldap_gpo(struct gp_context *gp_ctx, struct gp_object *gpo)
+{
+	int rv;
+	TALLOC_CTX *mem_ctx;
+	struct ldb_message *msg;
+	char *version_str, *flags_str;
+
+	mem_ctx = talloc_new(gp_ctx);
+
+	msg = ldb_msg_new(mem_ctx);
+	if (msg == NULL) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	msg->dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, gpo->dn);
+
+	version_str = talloc_asprintf(mem_ctx, "%d", gpo->version);
+	if (msg == NULL) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	flags_str = talloc_asprintf(mem_ctx, "%d", gpo->flags);
+	if (msg == NULL) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	rv = ldb_msg_add_string(msg, "flags", flags_str);
+	if (rv != LDB_SUCCESS) {
+		DEBUG(0, ("LDB message add string failed for flags: %s\n", ldb_strerror(rv)));
+		talloc_free(mem_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	msg->elements[0].flags = LDB_FLAG_MOD_REPLACE;
+
+	rv = ldb_msg_add_string(msg, "version", version_str);
+	if (rv != LDB_SUCCESS) {
+		DEBUG(0, ("LDB message add string failed for version: %s\n", ldb_strerror(rv)));
+		talloc_free(mem_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	msg->elements[1].flags = LDB_FLAG_MOD_REPLACE;
+
+	rv = ldb_msg_add_string(msg, "displayName", gpo->display_name);
+	if (rv != LDB_SUCCESS) {
+		DEBUG(0, ("LDB message add string failed for displayName: %s\n", ldb_strerror(rv)));
+		talloc_free(mem_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	msg->elements[2].flags = LDB_FLAG_MOD_REPLACE;
+
+	rv = ldb_modify(gp_ctx->ldb_ctx, msg);
+	if (rv != LDB_SUCCESS) {
+		DEBUG(0, ("LDB modify failed: %s\n", ldb_strerror(rv)));
+		talloc_free(mem_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	talloc_free(mem_ctx);
+	return NT_STATUS_OK;
+}
diff --git a/source4/lib/policy/gp_manage.c b/source4/lib/policy/gp_manage.c
new file mode 100644
index 0000000..d8feadb
--- /dev/null
+++ b/source4/lib/policy/gp_manage.c
@@ -0,0 +1,330 @@
+/*
+ *  Unix SMB/CIFS implementation.
+ *  Group Policy Object Support
+ *  Copyright (C) Wilco Baan Hofman 2010
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#include "includes.h"
+#include "../libcli/security/dom_sid.h"
+#include "../libcli/security/security_descriptor.h"
+#include "../librpc/ndr/libndr.h"
+#include "../lib/util/charset/charset.h"
+#include "param/param.h"
+#include "lib/policy/policy.h"
+
+uint32_t gp_ads_to_dir_access_mask(uint32_t access_mask)
+{
+	uint32_t fs_mask;
+
+	/* Copy the standard access mask */
+	fs_mask = access_mask & 0x001F0000;
+
+	/* When READ_PROP and LIST_CONTENTS are set, read access is granted on the GPT */
+	if (access_mask & SEC_ADS_READ_PROP && access_mask & SEC_ADS_LIST) {
+		fs_mask |= SEC_STD_SYNCHRONIZE | SEC_DIR_LIST | SEC_DIR_READ_ATTRIBUTE |
+				SEC_DIR_READ_EA | SEC_DIR_TRAVERSE;
+	}
+
+	/* When WRITE_PROP is set, full write access is granted on the GPT */
+	if (access_mask & SEC_ADS_WRITE_PROP) {
+		fs_mask |= SEC_STD_SYNCHRONIZE | SEC_DIR_WRITE_ATTRIBUTE |
+				SEC_DIR_WRITE_EA | SEC_DIR_ADD_FILE |
+				SEC_DIR_ADD_SUBDIR;
+	}
+
+	/* Map CREATE_CHILD to add file and add subdir */
+	if (access_mask & SEC_ADS_CREATE_CHILD)
+		fs_mask |= SEC_DIR_ADD_FILE | SEC_DIR_ADD_SUBDIR;
+
+	/* Map ADS delete child to dir delete child */
+	if (access_mask & SEC_ADS_DELETE_CHILD)
+		fs_mask |= SEC_DIR_DELETE_CHILD;
+
+	return fs_mask;
+}
+
+NTSTATUS gp_create_gpt_security_descriptor (TALLOC_CTX *mem_ctx, struct security_descriptor *ds_sd, struct security_descriptor **ret)
+{
+	struct security_descriptor *fs_sd;
+	NTSTATUS status;
+	uint32_t i;
+
+	/* Allocate the file system security descriptor */
+	fs_sd = talloc(mem_ctx, struct security_descriptor);
+	NT_STATUS_HAVE_NO_MEMORY(fs_sd);
+
+	/* Copy the basic information from the directory server security descriptor */
+	fs_sd->owner_sid = talloc_memdup(fs_sd, ds_sd->owner_sid, sizeof(struct dom_sid));
+	if (fs_sd->owner_sid == NULL) {
+		TALLOC_FREE(fs_sd);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	fs_sd->group_sid = talloc_memdup(fs_sd, ds_sd->group_sid, sizeof(struct dom_sid));
+	if (fs_sd->group_sid == NULL) {
+		TALLOC_FREE(fs_sd);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	fs_sd->type = ds_sd->type;
+	fs_sd->revision = ds_sd->revision;
+
+	/* Copy the sacl */
+	fs_sd->sacl = security_acl_dup(fs_sd, ds_sd->sacl);
+	if (fs_sd->sacl == NULL) {
+		TALLOC_FREE(fs_sd);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* Copy the dacl */
+	fs_sd->dacl = talloc_zero(fs_sd, struct security_acl);
+	if (fs_sd->dacl == NULL) {
+		TALLOC_FREE(fs_sd);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i = 0; i < ds_sd->dacl->num_aces; i++) {
+		char *trustee = dom_sid_string(fs_sd, &ds_sd->dacl->aces[i].trustee);
+		struct security_ace *ace;
+
+		/* Don't add the allow for SID_BUILTIN_PREW2K */
+		if ((ds_sd->dacl->aces[i].type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
+		     ds_sd->dacl->aces[i].type == SEC_ACE_TYPE_ACCESS_ALLOWED) &&
+				strcmp(trustee, SID_BUILTIN_PREW2K) == 0) {
+			talloc_free(trustee);
+			continue;
+		}
+
+		/* Copy the ace from the directory server security descriptor */
+		ace = talloc_memdup(fs_sd, &ds_sd->dacl->aces[i], sizeof(struct security_ace));
+		if (ace == NULL) {
+			TALLOC_FREE(fs_sd);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		/* Set specific inheritance flags for within the GPO */
+		ace->flags |= SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_CONTAINER_INHERIT;
+		if (strcmp(trustee, SID_CREATOR_OWNER) == 0) {
+			ace->flags |= SEC_ACE_FLAG_INHERIT_ONLY;
+		}
+
+		/* Get a directory access mask from the assigned access mask on the LDAP object */
+		ace->access_mask = gp_ads_to_dir_access_mask(ace->access_mask);
+
+		/* Add the ace to the security descriptor DACL */
+		status = security_descriptor_dacl_add(fs_sd, ace);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0, ("Failed to add a dacl to file system security descriptor\n"));
+			TALLOC_FREE(fs_sd);
+			return status;
+		}
+
+		/* Clean up the allocated data in this iteration */
+		talloc_free(trustee);
+	}
+
+	*ret = fs_sd;
+	return NT_STATUS_OK;
+}
+
+
+NTSTATUS gp_create_gpo (struct gp_context *gp_ctx, const char *display_name, struct gp_object **ret)
+{
+	struct GUID guid_struct;
+	char *guid_str;
+	char *name;
+	struct security_descriptor *sd;
+	TALLOC_CTX *mem_ctx;
+	struct gp_object *gpo;
+	NTSTATUS status;
+
+	/* Create a forked memory context, as a base for everything here */
+	mem_ctx = talloc_new(gp_ctx);
+	NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
+
+	/* Create the gpo struct to return later */
+	gpo = talloc(gp_ctx, struct gp_object);
+	if (gpo == NULL) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* Generate a GUID */
+	guid_struct = GUID_random();
+	guid_str = GUID_string2(mem_ctx, &guid_struct);
+	if (guid_str == NULL) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+	name = strupper_talloc(mem_ctx, guid_str);
+	if (name == NULL) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* Prepare the GPO struct */
+	gpo->dn = NULL;
+	gpo->name = name;
+	gpo->flags = 0;
+	gpo->version = 0;
+	gpo->display_name = talloc_strdup(gpo, display_name);
+	if (gpo->display_name == NULL) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	gpo->file_sys_path = talloc_asprintf(gpo, "\\\\%s\\sysvol\\%s\\Policies\\%s", lpcfg_dnsdomain(gp_ctx->lp_ctx), lpcfg_dnsdomain(gp_ctx->lp_ctx), name);
+	if (gpo->file_sys_path == NULL) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* Create the GPT */
+	status = gp_create_gpt(gp_ctx, name, gpo->file_sys_path);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("Failed to create GPT\n"));
+		talloc_free(mem_ctx);
+		return status;
+	}
+
+
+	/* Create the LDAP GPO, including CN=User and CN=Machine */
+	status = gp_create_ldap_gpo(gp_ctx, gpo);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("Failed to create LDAP group policy object\n"));
+		talloc_free(mem_ctx);
+		return status;
+	}
+
+	/* Get the new security descriptor */
+	status = gp_get_gpo_info(gp_ctx, gpo->dn, &gpo);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("Failed to fetch LDAP group policy object\n"));
+		talloc_free(mem_ctx);
+		return status;
+	}
+
+	/* Create matching file and DS security descriptors */
+	status = gp_create_gpt_security_descriptor(mem_ctx, gpo->security_descriptor, &sd);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("Failed to convert ADS security descriptor to filesystem security descriptor\n"));
+		talloc_free(mem_ctx);
+		return status;
+	}
+
+	/* Set the security descriptor on the filesystem for this GPO */
+	status = gp_set_gpt_security_descriptor(gp_ctx, gpo, sd);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("Failed to set security descriptor (ACL) on the file system\n"));
+		talloc_free(mem_ctx);
+		return status;
+	}
+
+	talloc_free(mem_ctx);
+
+	*ret = gpo;
+	return NT_STATUS_OK;
+}
+
+NTSTATUS gp_set_acl (struct gp_context *gp_ctx, const char *dn_str, const struct security_descriptor *sd)
+{
+	TALLOC_CTX *mem_ctx;
+	struct security_descriptor *fs_sd;
+	struct gp_object *gpo;
+	NTSTATUS status;
+
+	/* Create a forked memory context, as a base for everything here */
+	mem_ctx = talloc_new(gp_ctx);
+	NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
+
+	/* Set the ACL on LDAP database */
+	status = gp_set_ads_acl(gp_ctx, dn_str, sd);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("Failed to set ACL on ADS\n"));
+		talloc_free(mem_ctx);
+		return status;
+	}
+
+	/* Get the group policy object information, for filesystem location and merged sd */
+	status = gp_get_gpo_info(gp_ctx, dn_str, &gpo);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("Failed to set ACL on ADS\n"));
+		talloc_free(mem_ctx);
+		return status;
+	}
+
+	/* Create matching file and DS security descriptors */
+	status = gp_create_gpt_security_descriptor(mem_ctx, gpo->security_descriptor, &fs_sd);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("Failed to convert ADS security descriptor to filesystem security descriptor\n"));
+		talloc_free(mem_ctx);
+		return status;
+	}
+
+	/* Set the security descriptor on the filesystem for this GPO */
+	status = gp_set_gpt_security_descriptor(gp_ctx, gpo, fs_sd);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("Failed to set security descriptor (ACL) on the file system\n"));
+		talloc_free(mem_ctx);
+		return status;
+	}
+
+	talloc_free(mem_ctx);
+	return NT_STATUS_OK;
+}
+
+NTSTATUS gp_push_gpo (struct gp_context *gp_ctx, const char *local_path, struct gp_object *gpo)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx;
+	struct gp_ini_context *ini;
+	char *filename;
+
+	mem_ctx = talloc_new(gp_ctx);
+	NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
+
+	/* Get version from ini file */
+	/* FIXME: The local file system may be case sensitive */
+	filename = talloc_asprintf(mem_ctx, "%s/%s", local_path, "GPT.INI");
+	if (filename == NULL) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+	status = gp_parse_ini(mem_ctx, gp_ctx, local_path, &ini);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("Failed to parse GPT.INI.\n"));
+		talloc_free(mem_ctx);
+		return status;
+	}
+
+	/* Push the GPT to the remote sysvol */
+	status = gp_push_gpt(gp_ctx, local_path, gpo->file_sys_path);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("Failed to push GPT to DC's sysvol share.\n"));
+		talloc_free(mem_ctx);
+		return status;
+	}
+
+	/* Write version to LDAP */
+	status = gp_set_ldap_gpo(gp_ctx, gpo);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("Failed to set GPO options in DC's LDAP.\n"));
+		talloc_free(mem_ctx);
+		return status;
+	}
+
+	talloc_free(mem_ctx);
+	return NT_STATUS_OK;
+}
diff --git a/source4/lib/policy/policy.h b/source4/lib/policy/policy.h
new file mode 100644
index 0000000..3d8a0dc
--- /dev/null
+++ b/source4/lib/policy/policy.h
@@ -0,0 +1,125 @@
+/*
+ *  Unix SMB/CIFS implementation.
+ *  Group Policy Object Support
+ *  Copyright (C) Guenther Deschner 2005-2008 (from samba 3 gpo.h)
+ *  Copyright (C) Wilco Baan Hofman 2010
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __POLICY_H__
+#define __POLICY_H__
+
+#define GPLINK_OPT_DISABLE		(1 << 0)
+#define GPLINK_OPT_ENFORCE		(1 << 1)
+
+#define GPO_FLAG_USER_DISABLE		(1 << 0)
+#define GPO_FLAG_MACHINE_DISABLE	(1 << 1)
+
+struct security_token;
+struct nbt_dc_name;
+
+enum gpo_inheritance {
+	GPO_INHERIT = 0,
+	GPO_BLOCK_INHERITANCE = 1,
+};
+
+struct gp_context {
+	struct ldb_context *ldb_ctx;
+	struct loadparm_context *lp_ctx;
+	struct cli_credentials *credentials;
+	struct tevent_context *ev_ctx;
+	struct smbcli_state *cli;
+	struct nbt_dc_name *active_dc;
+};
+
+struct gp_object {
+	uint32_t version;
+	uint32_t flags;
+	const char *display_name;
+	const char *name;
+	const char *dn;
+	const char *file_sys_path;
+	struct security_descriptor *security_descriptor;
+};
+
+
+struct gp_link {
+	uint32_t options;
+	const char *dn;
+};
+
+struct gp_ini_param {
+	char *name;
+	char *value;
+};
+
+struct gp_ini_section {
+	char *name;
+	uint16_t num_params;
+	struct gp_ini_param *params;
+};
+
+struct gp_ini_context {
+	uint16_t num_sections;
+	struct gp_ini_section *sections;
+};
+
+NTSTATUS gp_init(TALLOC_CTX *mem_ctx,
+				struct loadparm_context *lp_ctx,
+				struct cli_credentials *creds,
+				struct tevent_context *ev_ctx,
+				struct gp_context **gp_ctx);
+
+
+/* LDAP functions */
+NTSTATUS gp_list_all_gpos(struct gp_context *gp_ctx, struct gp_object ***ret);
+NTSTATUS gp_get_gplinks(struct gp_context *gp_ctx, const char *req_dn, struct gp_link ***ret);
+NTSTATUS gp_list_gpos(struct gp_context *gp_ctx, struct security_token *token, const char ***ret);
+
+NTSTATUS gp_get_gpo_info(struct gp_context *gp_ctx, const char *dn_str, struct gp_object **ret);
+
+
+NTSTATUS gp_get_gplink_options(TALLOC_CTX *mem_ctx, uint32_t flags, const char ***ret);
+NTSTATUS gp_get_gpo_flags(TALLOC_CTX *mem_ctx, uint32_t flags, const char ***ret);
+
+NTSTATUS gp_set_gplink(struct gp_context *gp_ctx, const char *dn_str, struct gp_link *gplink);
+NTSTATUS gp_del_gplink(struct gp_context *gp_ctx, const char *dn_str, const char *gp_dn);
+NTSTATUS gp_get_inheritance(struct gp_context *gp_ctx, const char *dn_str, enum gpo_inheritance *inheritance);
+NTSTATUS gp_set_inheritance(struct gp_context *gp_ctx, const char *dn_str, enum gpo_inheritance inheritance);
+
+NTSTATUS gp_create_ldap_gpo(struct gp_context *gp_ctx, struct gp_object *gpo);
+NTSTATUS gp_set_ads_acl (struct gp_context *gp_ctx, const char *dn_str, const struct security_descriptor *sd);
+NTSTATUS gp_push_gpo (struct gp_context *gp_ctx, const char *local_path, struct gp_object *gpo);
+NTSTATUS gp_set_ldap_gpo(struct gp_context *gp_ctx, struct gp_object *gpo);
+
+/* File system functions */
+NTSTATUS gp_fetch_gpt (struct gp_context *gp_ctx, struct gp_object *gpo, const char **path);
+NTSTATUS gp_create_gpt(struct gp_context *gp_ctx, const char *name, const char *file_sys_path);
+NTSTATUS gp_set_gpt_security_descriptor(struct gp_context *gp_ctx, struct gp_object *gpo, struct security_descriptor *sd);
+NTSTATUS gp_push_gpt(struct gp_context *gp_ctx, const char *local_path,
+                     const char *file_sys_path);
+
+/* Ini functions */
+NTSTATUS gp_parse_ini(TALLOC_CTX *mem_ctx, struct gp_context *gp_ctx, const char *filename, struct gp_ini_context **ret);
+NTSTATUS gp_get_ini_string(struct gp_ini_context *ini, const char *section, const char *name, char **ret);
+NTSTATUS gp_get_ini_uint(struct gp_ini_context *ini, const char *section, const char *name, uint32_t *ret);
+
+/* Managing functions */
+NTSTATUS gp_create_gpo (struct gp_context *gp_ctx, const char *display_name, struct gp_object **ret);
+NTSTATUS gp_create_gpt_security_descriptor (TALLOC_CTX *mem_ctx, struct security_descriptor *ds_sd, struct security_descriptor **ret);
+NTSTATUS gp_set_acl (struct gp_context *gp_ctx, const char *dn_str, const struct security_descriptor *sd);
+uint32_t gp_ads_to_dir_access_mask(uint32_t access_mask);
+
+#endif
diff --git a/source4/lib/policy/pypolicy.c b/source4/lib/policy/pypolicy.c
new file mode 100644
index 0000000..f85ea85
--- /dev/null
+++ b/source4/lib/policy/pypolicy.c
@@ -0,0 +1,174 @@
+/*
+ *  Unix SMB/CIFS implementation.
+ *  Python bindings for libpolicy
+ *  Copyright (C) Jelmer Vernooij 2010
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "lib/replace/system/python.h"
+#include "includes.h"
+#include "python/py3compat.h"
+#include "policy.h"
+#include "libcli/util/pyerrors.h"
+
+void initpolicy(void);
+
+static PyObject *py_get_gpo_flags(PyObject *self, PyObject *args)
+{
+	int flags;
+	PyObject *py_ret;
+	const char **ret;
+	TALLOC_CTX *mem_ctx;
+	int i;
+	NTSTATUS status;
+
+	if (!PyArg_ParseTuple(args, "i", &flags))
+		return NULL;
+
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	status = gp_get_gpo_flags(mem_ctx, flags, &ret);
+	if (!NT_STATUS_IS_OK(status)) {
+		PyErr_SetNTSTATUS(status);
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	py_ret = PyList_New(0);
+	for (i = 0; ret[i]; i++) {
+		int res = 0;
+		PyObject *item = PyUnicode_FromString(ret[i]);
+		if (item == NULL) {
+			talloc_free(mem_ctx);
+			Py_DECREF(py_ret);
+			PyErr_NoMemory();
+			return NULL;
+		}
+		res = PyList_Append(py_ret, item);
+		Py_CLEAR(item);
+		if (res == -1) {
+			Py_DECREF(py_ret);
+			talloc_free(mem_ctx);
+			return NULL;
+		}
+	}
+
+	talloc_free(mem_ctx);
+
+	return py_ret;
+}
+
+static PyObject *py_get_gplink_options(PyObject *self, PyObject *args)
+{
+	int flags;
+	PyObject *py_ret;
+	const char **ret;
+	TALLOC_CTX *mem_ctx;
+	int i;
+	NTSTATUS status;
+
+	if (!PyArg_ParseTuple(args, "i", &flags))
+		return NULL;
+
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	status = gp_get_gplink_options(mem_ctx, flags, &ret);
+	if (!NT_STATUS_IS_OK(status)) {
+		PyErr_SetNTSTATUS(status);
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	py_ret = PyList_New(0);
+	for (i = 0; ret[i]; i++) {
+		int res = 0;
+		PyObject *item = PyUnicode_FromString(ret[i]);
+		if (item == NULL) {
+			talloc_free(mem_ctx);
+			Py_DECREF(py_ret);
+			PyErr_NoMemory();
+			return NULL;
+		}
+		res = PyList_Append(py_ret, item);
+		Py_CLEAR(item);
+		if (res == -1) {
+			Py_DECREF(py_ret);
+			talloc_free(mem_ctx);
+			return NULL;
+		}
+	}
+
+	talloc_free(mem_ctx);
+
+	return py_ret;
+}
+
+static PyObject *py_ads_to_dir_access_mask(PyObject *self, PyObject *args)
+{
+	uint32_t access_mask, dir_mask;
+
+	if (! PyArg_ParseTuple(args, "I", &access_mask))
+		return NULL;
+
+	dir_mask = gp_ads_to_dir_access_mask(access_mask);
+
+	return Py_BuildValue("I", dir_mask);
+}
+
+
+static PyMethodDef py_policy_methods[] = {
+	{ "get_gpo_flags", (PyCFunction)py_get_gpo_flags, METH_VARARGS,
+		"get_gpo_flags(flags) -> list" },
+	{ "get_gplink_options", (PyCFunction)py_get_gplink_options, METH_VARARGS,
+		"get_gplink_options(options) -> list" },
+	{ "ads_to_dir_access_mask", (PyCFunction)py_ads_to_dir_access_mask, METH_VARARGS,
+		"ads_to_dir_access_mask(access_mask) -> dir_mask" },
+	{0}
+};
+
+static struct PyModuleDef moduledef = {
+    PyModuleDef_HEAD_INIT,
+    .m_name = "policy",
+    .m_doc = "(Group) Policy manipulation",
+    .m_size = -1,
+    .m_methods = py_policy_methods,
+};
+
+MODULE_INIT_FUNC(policy)
+{
+	PyObject *m = NULL;
+
+	m = PyModule_Create(&moduledef);
+	if (!m)
+		return m;
+
+	PyModule_AddObject(m, "GPO_FLAG_USER_DISABLE",
+					   PyLong_FromLong(GPO_FLAG_USER_DISABLE));
+	PyModule_AddObject(m, "GPO_MACHINE_USER_DISABLE",
+					   PyLong_FromLong(GPO_FLAG_MACHINE_DISABLE));
+	PyModule_AddObject(m, "GPLINK_OPT_DISABLE",
+					   PyLong_FromLong(GPLINK_OPT_DISABLE ));
+	PyModule_AddObject(m, "GPLINK_OPT_ENFORCE ",
+					   PyLong_FromLong(GPLINK_OPT_ENFORCE ));
+	return m;
+}
diff --git a/source4/lib/policy/samba-policy.pc.in b/source4/lib/policy/samba-policy.pc.in
new file mode 100644
index 0000000..3247ae3
--- /dev/null
+++ b/source4/lib/policy/samba-policy.pc.in
@@ -0,0 +1,12 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: samba-policy
+Description: Active Directory Group Policy library
+Requires: talloc
+Requires.private: ldb
+Version: @PACKAGE_VERSION@
+Libs: @LIB_RPATH@ -L${libdir} -lsamba-policy
+Cflags: -I${includedir}  -DHAVE_IMMEDIATE_STRUCTURES=1
diff --git a/source4/lib/policy/wscript_build b/source4/lib/policy/wscript_build
new file mode 100644
index 0000000..027d4be
--- /dev/null
+++ b/source4/lib/policy/wscript_build
@@ -0,0 +1,22 @@
+#!/usr/bin/env python
+
+
+
+pytalloc_util = bld.pyembed_libname('pytalloc-util')
+samba_policy = bld.pyembed_libname('samba-policy')
+samba_net = bld.pyembed_libname('samba-net')
+bld.SAMBA_LIBRARY(samba_policy,
+	source='gp_ldap.c gp_filesys.c gp_manage.c gp_ini.c',
+	pc_files='samba-policy.pc',
+	public_deps='ldb %s' % samba_net,
+	vnum='0.0.1',
+	pyembed=True,
+	public_headers='policy.h',
+	enabled=bld.PYTHON_BUILD_IS_ENABLED()
+	)
+bld.SAMBA_PYTHON(
+        'py_policy',
+        source='pypolicy.c',
+        public_deps='%s %s' % (samba_policy, pytalloc_util),
+        realname='samba/policy.so'
+        )
diff --git a/source4/lib/registry/Doxyfile b/source4/lib/registry/Doxyfile
new file mode 100644
index 0000000..efc01cd
--- /dev/null
+++ b/source4/lib/registry/Doxyfile
@@ -0,0 +1,24 @@
+PROJECT_NAME           = REGISTRY
+OUTPUT_DIRECTORY       = apidocs
+BRIEF_MEMBER_DESC	   = YES
+REPEAT_BRIEF           = YES
+OPTIMIZE_OUTPUT_FOR_C  = YES
+SORT_MEMBER_DOCS       = YES
+SORT_BRIEF_DOCS        = NO
+GENERATE_TODOLIST      = YES
+GENERATE_BUGLIST       = YES
+GENERATE_DEPRECATEDLIST= YES
+SHOW_USED_FILES        = NO
+SHOW_DIRECTORIES       = NO
+WARNINGS               = YES
+WARN_IF_UNDOCUMENTED   = YES
+WARN_IF_DOC_ERROR      = YES
+WARN_NO_PARAMDOC       = NO
+WARN_FORMAT            = "$file:$line: $text"
+INPUT                  = .
+FILE_PATTERNS          = *.c *.h *.dox
+GENERATE_HTML          = YES
+HTML_OUTPUT            = html
+GENERATE_MAN           = YES
+ALWAYS_DETAILED_SEC	   = YES
+JAVADOC_AUTOBRIEF	   = YES
diff --git a/source4/lib/registry/README b/source4/lib/registry/README
new file mode 100644
index 0000000..07b2c01
--- /dev/null
+++ b/source4/lib/registry/README
@@ -0,0 +1,42 @@
+This is the registry library. The registry is basically a bunch of
+hives, each of which is loaded from a file. When using a local registry, 
+it is possible to specify where hives should be loaded from, etc. 
+
+There are separate APIs for accessing the data in a hive and the 
+data in the registry itself. Each supports different backends. 
+
+The following "full registry" backends are currently provided:
+
+ * Remote (over DCE/RPC)
+ * Local (allows "mounting" hives)
+ * Wine (uses the wine plain-text file)
+
+The following hive backends are supported:
+
+ - ldb 
+ - regf (NTUSER.DAT-style files)
+ - rpc (Remote individual hives)
+ - directory
+
+reg_open_samba() loads a set of hives based on smb.conf settings.
+Lines in smb.conf should have the following syntax:
+
+registry:<hivename> = <backend>:<location>
+
+So an example usage could be:
+
+registry:HKEY_CURRENT_USER = regf:NTUSER.DAT
+registry:HKEY_LOCAL_MACHINE = ldb:tdb://registry.tdb
+
+WERR_NOT_SUPPORTED will be returned for all hives that haven't been set.
+
+On Windows the various registry hives are loaded from:
+
+HKEY_CURRENT_CONFIG: %SystemRoot%\System32\Config\System
+HKEY_CURRENT_USER: %Profile%\NTUser.dat
+HKEY_LOCAL_MACHINE\SAM: %SystemRoot%\System32\Config\Sam
+HKEY_LOCAL_MACHINE\Security: %SystemRoot%\System32\Config\Security
+HKEY_LOCAL_MACHINE\Software: %SystemRoot%\System32\Config\Software
+HKEY_LOCAL_MACHINE\System: %SystemRoot%\System32\Config\System
+HKEY_USERS\.DEFAULT: %SystemRoot%\System32\Config\Default
+HKEY_LOCAL_MACHINE\HARDWARE: is autogenerated
diff --git a/source4/lib/registry/TODO b/source4/lib/registry/TODO
new file mode 100644
index 0000000..b5809b8
--- /dev/null
+++ b/source4/lib/registry/TODO
@@ -0,0 +1,5 @@
+- ..\..\, \bla\blie support in regshell
+- finish rpc_server
+
+regshell:
+ - support for security descriptors
diff --git a/source4/lib/registry/hive.c b/source4/lib/registry/hive.c
new file mode 100644
index 0000000..1f0672d
--- /dev/null
+++ b/source4/lib/registry/hive.c
@@ -0,0 +1,176 @@
+
+/*
+   Unix SMB/CIFS implementation.
+   Registry hive interface
+   Copyright (C) Jelmer Vernooij				  2003-2007.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "registry.h"
+#include "system/filesys.h"
+#include "param/param.h"
+
+/** Open a registry file/host/etc */
+_PUBLIC_ WERROR reg_open_hive(TALLOC_CTX *parent_ctx, const char *location,
+			      struct auth_session_info *session_info,
+			      struct cli_credentials *credentials,
+			      struct tevent_context *ev_ctx,
+			      struct loadparm_context *lp_ctx,
+			      struct hive_key **root)
+{
+	int fd, num;
+	char peek[20];
+
+	fd = open(location, O_RDWR);
+	if (fd == -1) {
+		if (errno == ENOENT)
+			return WERR_FILE_NOT_FOUND;
+		return WERR_FILE_NOT_FOUND;
+	}
+
+	num = read(fd, peek, 20);
+	close(fd);
+	if (num == -1) {
+		return WERR_FILE_NOT_FOUND;
+	}
+
+	if (!strncmp(peek, "regf", 4)) {
+		return reg_open_regf_file(parent_ctx, location, root);
+	} else if (!strncmp(peek, "TDB file", 8)) {
+		return reg_open_ldb_file(parent_ctx, location, session_info,
+					 credentials, ev_ctx, lp_ctx, root);
+	}
+
+	return WERR_FILE_NOT_FOUND;
+}
+
+_PUBLIC_ WERROR hive_key_get_info(TALLOC_CTX *mem_ctx,
+				  const struct hive_key *key,
+				  const char **classname, uint32_t *num_subkeys,
+				  uint32_t *num_values,
+				  NTTIME *last_change_time,
+				  uint32_t *max_subkeynamelen,
+				  uint32_t *max_valnamelen,
+				  uint32_t *max_valbufsize)
+{
+	return key->ops->get_key_info(mem_ctx, key, classname, num_subkeys,
+				      num_values, last_change_time,
+				      max_subkeynamelen,
+				      max_valnamelen, max_valbufsize);
+}
+
+_PUBLIC_ WERROR hive_key_add_name(TALLOC_CTX *ctx,
+				  const struct hive_key *parent_key,
+				  const char *name, const char *classname,
+				  struct security_descriptor *desc,
+				  struct hive_key **key)
+{
+	SMB_ASSERT(strchr(name, '\\') == NULL);
+
+	return parent_key->ops->add_key(ctx, parent_key, name, classname,
+					desc, key);
+}
+
+_PUBLIC_ WERROR hive_key_del(TALLOC_CTX *mem_ctx, const struct hive_key *key,
+			     const char *name)
+{
+	return key->ops->del_key(mem_ctx, key, name);
+}
+
+_PUBLIC_ WERROR hive_get_key_by_name(TALLOC_CTX *mem_ctx,
+				     const struct hive_key *key,
+				     const char *name,
+				     struct hive_key **subkey)
+{
+	return key->ops->get_key_by_name(mem_ctx, key, name, subkey);
+}
+
+WERROR hive_enum_key(TALLOC_CTX *mem_ctx,
+		     const struct hive_key *key, uint32_t idx,
+		     const char **name,
+		     const char **classname,
+		     NTTIME *last_mod_time)
+{
+	return key->ops->enum_key(mem_ctx, key, idx, name, classname,
+				  last_mod_time);
+}
+
+WERROR hive_key_set_value(struct hive_key *key, const char *name, uint32_t type,
+					  const DATA_BLOB data)
+{
+	if (key->ops->set_value == NULL)
+		return WERR_NOT_SUPPORTED;
+
+	return key->ops->set_value(key, name, type, data);
+}
+
+WERROR hive_get_value(TALLOC_CTX *mem_ctx,
+		      struct hive_key *key, const char *name,
+		      uint32_t *type, DATA_BLOB *data)
+{
+	if (key->ops->get_value_by_name == NULL)
+		return WERR_NOT_SUPPORTED;
+
+	return key->ops->get_value_by_name(mem_ctx, key, name, type, data);
+}
+
+WERROR hive_get_value_by_index(TALLOC_CTX *mem_ctx,
+			       struct hive_key *key, uint32_t idx,
+			       const char **name,
+			       uint32_t *type, DATA_BLOB *data)
+{
+	if (key->ops->enum_value == NULL)
+		return WERR_NOT_SUPPORTED;
+
+	return key->ops->enum_value(mem_ctx, key, idx, name, type, data);
+}
+
+WERROR hive_get_sec_desc(TALLOC_CTX *mem_ctx,
+			 struct hive_key *key, 
+			 struct security_descriptor **security)
+{
+	if (key->ops->get_sec_desc == NULL)
+		return WERR_NOT_SUPPORTED;
+
+	return key->ops->get_sec_desc(mem_ctx, key, security);
+}
+
+WERROR hive_set_sec_desc(struct hive_key *key, 
+			 const struct security_descriptor *security)
+{
+	if (key->ops->set_sec_desc == NULL)
+		return WERR_NOT_SUPPORTED;
+
+	return key->ops->set_sec_desc(key, security);
+}
+
+WERROR hive_key_del_value(TALLOC_CTX *mem_ctx, struct hive_key *key,
+			  const char *name)
+{
+	if (key->ops->delete_value == NULL)
+		return WERR_NOT_SUPPORTED;
+
+	return key->ops->delete_value(mem_ctx, key, name);
+}
+
+WERROR hive_key_flush(struct hive_key *key)
+{
+	if (key->ops->flush_key == NULL)
+		return WERR_OK;
+
+	return key->ops->flush_key(key);
+}
diff --git a/source4/lib/registry/interface.c b/source4/lib/registry/interface.c
new file mode 100644
index 0000000..2900c10
--- /dev/null
+++ b/source4/lib/registry/interface.c
@@ -0,0 +1,298 @@
+/*
+   Unix SMB/CIFS implementation.
+   Transparent registry backend handling
+   Copyright (C) Jelmer Vernooij			2003-2007.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "../lib/util/dlinklist.h"
+#include "lib/registry/registry.h"
+#include "system/filesys.h"
+
+#undef strcasecmp
+
+/**
+ * @file
+ * @brief Main registry functions
+ */
+
+const struct reg_predefined_key reg_predefined_keys[] = {
+	{HKEY_CLASSES_ROOT,"HKEY_CLASSES_ROOT" },
+	{HKEY_CURRENT_USER,"HKEY_CURRENT_USER" },
+	{HKEY_LOCAL_MACHINE, "HKEY_LOCAL_MACHINE" },
+	{HKEY_PERFORMANCE_DATA, "HKEY_PERFORMANCE_DATA" },
+	{HKEY_USERS, "HKEY_USERS" },
+	{HKEY_CURRENT_CONFIG, "HKEY_CURRENT_CONFIG" },
+	{HKEY_DYN_DATA, "HKEY_DYN_DATA" },
+	{HKEY_PERFORMANCE_TEXT, "HKEY_PERFORMANCE_TEXT" },
+	{HKEY_PERFORMANCE_NLSTEXT, "HKEY_PERFORMANCE_NLSTEXT" },
+	{ 0, NULL }
+};
+
+/** Obtain name of specific hkey. */
+_PUBLIC_ const char *reg_get_predef_name(uint32_t hkey)
+{
+	unsigned int i;
+	for (i = 0; reg_predefined_keys[i].name; i++) {
+		if (reg_predefined_keys[i].handle == hkey)
+			return reg_predefined_keys[i].name;
+	}
+
+	return NULL;
+}
+
+/** Get predefined key by name. */
+_PUBLIC_ WERROR reg_get_predefined_key_by_name(struct registry_context *ctx,
+					       const char *name,
+					       struct registry_key **key)
+{
+	unsigned int i;
+
+	for (i = 0; reg_predefined_keys[i].name; i++) {
+		if (!strcasecmp(reg_predefined_keys[i].name, name))
+			return reg_get_predefined_key(ctx,
+						      reg_predefined_keys[i].handle,
+						      key);
+	}
+
+	DEBUG(1, ("No predefined key with name '%s'\n", name));
+
+	return WERR_FILE_NOT_FOUND;
+}
+
+/** Get predefined key by id. */
+_PUBLIC_ WERROR reg_get_predefined_key(struct registry_context *ctx,
+				       uint32_t hkey, struct registry_key **key)
+{
+	return ctx->ops->get_predefined_key(ctx, hkey, key);
+}
+
+/**
+ * Open a key
+ * First tries to use the open_key function from the backend
+ * then falls back to get_subkey_by_name and later get_subkey_by_index
+ */
+_PUBLIC_ WERROR reg_open_key(TALLOC_CTX *mem_ctx, struct registry_key *parent,
+			     const char *name, struct registry_key **result)
+{
+	if (parent == NULL) {
+		DEBUG(0, ("Invalid parent key specified for open of '%s'\n",
+			name));
+		return WERR_INVALID_PARAMETER;
+	}
+
+	if (parent->context->ops->open_key == NULL) {
+		DEBUG(0, ("Registry backend doesn't have open_key!\n"));
+		return WERR_NOT_SUPPORTED;
+	}
+
+	return parent->context->ops->open_key(mem_ctx, parent, name, result);
+}
+
+/**
+ * Get value by index
+ */
+_PUBLIC_ WERROR reg_key_get_value_by_index(TALLOC_CTX *mem_ctx,
+					   const struct registry_key *key,
+					   uint32_t idx, const char **name,
+					   uint32_t *type, DATA_BLOB *data)
+{
+	if (key == NULL)
+		return WERR_INVALID_PARAMETER;
+
+	if (key->context->ops->enum_value == NULL)
+		return WERR_NOT_SUPPORTED;
+
+	return key->context->ops->enum_value(mem_ctx, key, idx, name,
+					     type, data);
+}
+
+/**
+ * Get the number of subkeys.
+ */
+_PUBLIC_ WERROR reg_key_get_info(TALLOC_CTX *mem_ctx,
+				 const struct registry_key *key,
+				 const char **classname,
+				 uint32_t *num_subkeys,
+				 uint32_t *num_values,
+				 NTTIME *last_change_time,
+				 uint32_t *max_subkeynamelen,
+				 uint32_t *max_valnamelen,
+				 uint32_t *max_valbufsize)
+{
+	if (key == NULL)
+		return WERR_INVALID_PARAMETER;
+
+	if (key->context->ops->get_key_info == NULL)
+		return WERR_NOT_SUPPORTED;
+
+	return key->context->ops->get_key_info(mem_ctx,
+					       key, classname, num_subkeys,
+					       num_values, last_change_time,
+					       max_subkeynamelen,
+					       max_valnamelen, max_valbufsize);
+}
+
+/**
+ * Get subkey by index.
+ */
+_PUBLIC_ WERROR reg_key_get_subkey_by_index(TALLOC_CTX *mem_ctx,
+					    const struct registry_key *key,
+					    uint32_t idx, const char **name,
+					    const char **keyclass,
+					    NTTIME *last_changed_time)
+{
+	if (key == NULL)
+		return WERR_INVALID_PARAMETER;
+
+	if (key->context->ops->enum_key == NULL)
+		return WERR_NOT_SUPPORTED;
+
+	return key->context->ops->enum_key(mem_ctx, key, idx, name,
+					   keyclass, last_changed_time);
+}
+
+/**
+ * Get value by name.
+ */
+_PUBLIC_ WERROR reg_key_get_value_by_name(TALLOC_CTX *mem_ctx,
+					  const struct registry_key *key,
+					  const char *name,
+					  uint32_t *type,
+					  DATA_BLOB *data)
+{
+	if (key == NULL)
+		return WERR_INVALID_PARAMETER;
+
+	if (key->context->ops->get_value == NULL)
+		return WERR_NOT_SUPPORTED;
+
+	return key->context->ops->get_value(mem_ctx, key, name, type, data);
+}
+
+/**
+ * Delete a key.
+ */
+_PUBLIC_ WERROR reg_key_del(TALLOC_CTX *mem_ctx, struct registry_key *parent,
+			    const char *name)
+{
+	if (parent == NULL)
+		return WERR_INVALID_PARAMETER;
+
+	if (parent->context->ops->delete_key == NULL)
+		return WERR_NOT_SUPPORTED;
+
+	return parent->context->ops->delete_key(mem_ctx, parent, name);
+}
+
+/**
+ * Add a key.
+ */
+_PUBLIC_ WERROR reg_key_add_name(TALLOC_CTX *mem_ctx,
+				 struct registry_key *parent,
+				 const char *path, const char *key_class,
+				 struct security_descriptor *desc,
+				 struct registry_key **newkey)
+{
+	if (parent == NULL)
+		return WERR_INVALID_PARAMETER;
+
+	if (parent->context->ops->create_key == NULL) {
+		DEBUG(1, ("Backend '%s' doesn't support method add_key\n",
+				  parent->context->ops->name));
+		return WERR_NOT_SUPPORTED;
+	}
+
+	return parent->context->ops->create_key(mem_ctx, parent, path,
+						key_class, desc, newkey);
+}
+
+/**
+ * Set a value.
+ */
+_PUBLIC_ WERROR reg_val_set(struct registry_key *key, const char *value,
+			    uint32_t type, const DATA_BLOB data)
+{
+	if (key == NULL)
+		return WERR_INVALID_PARAMETER;
+
+	/* A 'real' set function has preference */
+	if (key->context->ops->set_value == NULL) {
+		DEBUG(1, ("Backend '%s' doesn't support method set_value\n",
+				  key->context->ops->name));
+		return WERR_NOT_SUPPORTED;
+	}
+
+	return key->context->ops->set_value(key, value, type, data);
+}
+
+/**
+ * Get the security descriptor on a key.
+ */
+_PUBLIC_ WERROR reg_get_sec_desc(TALLOC_CTX *ctx,
+				 const struct registry_key *key,
+				 struct security_descriptor **secdesc)
+{
+	if (key == NULL)
+		return WERR_INVALID_PARAMETER;
+
+	/* A 'real' set function has preference */
+	if (key->context->ops->get_sec_desc == NULL)
+		return WERR_NOT_SUPPORTED;
+
+	return key->context->ops->get_sec_desc(ctx, key, secdesc);
+}
+
+/**
+ * Delete a value.
+ */
+_PUBLIC_ WERROR reg_del_value(TALLOC_CTX *mem_ctx, struct registry_key *key,
+			      const char *valname)
+{
+	if (key == NULL)
+		return WERR_INVALID_PARAMETER;
+
+	if (key->context->ops->delete_value == NULL)
+		return WERR_NOT_SUPPORTED;
+
+	return key->context->ops->delete_value(mem_ctx, key, valname);
+}
+
+/**
+ * Flush a key to disk.
+ */
+_PUBLIC_ WERROR reg_key_flush(struct registry_key *key)
+{
+	if (key == NULL)
+		return WERR_INVALID_PARAMETER;
+
+	if (key->context->ops->flush_key == NULL)
+		return WERR_NOT_SUPPORTED;
+
+	return key->context->ops->flush_key(key);
+}
+
+_PUBLIC_ WERROR reg_set_sec_desc(struct registry_key *key,
+				 const struct security_descriptor *security)
+{
+	if (key == NULL)
+		return WERR_INVALID_PARAMETER;
+
+	if (key->context->ops->set_sec_desc == NULL)
+		return WERR_NOT_SUPPORTED;
+
+	return key->context->ops->set_sec_desc(key, security);
+}
diff --git a/source4/lib/registry/ldb.c b/source4/lib/registry/ldb.c
new file mode 100644
index 0000000..db383a5
--- /dev/null
+++ b/source4/lib/registry/ldb.c
@@ -0,0 +1,1018 @@
+/*
+   Unix SMB/CIFS implementation.
+   Registry interface
+   Copyright (C) 2004-2007, Jelmer Vernooij, jelmer@samba.org
+   Copyright (C) 2008-2010, Matthias Dieter Wallnöfer, mdw@samba.org
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "registry.h"
+#include <ldb.h>
+#include <ldb_errors.h>
+#include "ldb_wrap.h"
+#include "librpc/gen_ndr/winreg.h"
+#include "param/param.h"
+#include "lib/util/smb_strtox.h"
+
+#undef strcasecmp
+
+static struct hive_operations reg_backend_ldb;
+
+struct ldb_key_data
+{
+	struct hive_key key;
+	struct ldb_context *ldb;
+	struct ldb_dn *dn;
+	struct ldb_message **subkeys, **values;
+	unsigned int subkey_count, value_count;
+	const char *classname;
+};
+
+static void reg_ldb_unpack_value(TALLOC_CTX *mem_ctx,
+				 struct ldb_message *msg,
+				 const char **name, uint32_t *type,
+				 DATA_BLOB *data)
+{
+	const struct ldb_val *val;
+	uint32_t value_type;
+
+	if (name != NULL) {
+		*name = talloc_strdup(mem_ctx,
+				      ldb_msg_find_attr_as_string(msg, "value",
+				      ""));
+	}
+
+	value_type = ldb_msg_find_attr_as_uint(msg, "type", 0);
+	*type = value_type;
+
+	val = ldb_msg_find_ldb_val(msg, "data");
+
+	switch (value_type)
+	{
+	case REG_SZ:
+	case REG_EXPAND_SZ:
+		if (val != NULL) {
+			/* The data should be provided as UTF16 string */
+			convert_string_talloc(mem_ctx, CH_UTF8, CH_UTF16,
+					      val->data, val->length,
+					      (void **)&data->data, &data->length);
+		} else {
+			data->data = NULL;
+			data->length = 0;
+		}
+		break;
+
+	case REG_DWORD:
+	case REG_DWORD_BIG_ENDIAN:
+		if (val != NULL) {
+			int error = 0;
+			/* The data is a plain DWORD */
+			uint32_t tmp;
+
+			tmp = smb_strtoul((char *)val->data,
+					  NULL,
+					  0,
+					  &error,
+					  SMB_STR_STANDARD);
+			if (error != 0) {
+				data->data = NULL;
+				data->length = 0;
+				break;
+			}
+			data->data = talloc_size(mem_ctx, sizeof(uint32_t));
+			if (data->data != NULL) {
+				SIVAL(data->data, 0, tmp);
+			}
+			data->length = sizeof(uint32_t);
+		} else {
+			data->data = NULL;
+			data->length = 0;
+		}
+		break;
+
+	case REG_QWORD:
+		if (val != NULL) {
+			int error = 0;
+			/* The data is a plain QWORD */
+			uint64_t tmp;
+
+			tmp = smb_strtoull((char *)val->data,
+					   NULL,
+					   0,
+					   &error,
+					   SMB_STR_STANDARD);
+			if (error != 0) {
+				data->data = NULL;
+				data->length = 0;
+				break;
+			}
+			data->data = talloc_size(mem_ctx, sizeof(uint64_t));
+			if (data->data != NULL) {
+				SBVAL(data->data, 0, tmp);
+			}
+			data->length = sizeof(uint64_t);
+		} else {
+			data->data = NULL;
+			data->length = 0;
+		}
+		break;
+
+	case REG_BINARY:
+	default:
+		if (val != NULL) {
+			data->data = talloc_memdup(mem_ctx, val->data,
+						   val->length);
+			data->length = val->length;
+		} else {
+			data->data = NULL;
+			data->length = 0;
+		}
+		break;
+	}
+}
+
+static struct ldb_message *reg_ldb_pack_value(struct ldb_context *ctx,
+					      TALLOC_CTX *mem_ctx,
+					      const char *name,
+					      uint32_t type, DATA_BLOB data)
+{
+	struct ldb_message *msg;
+	char *name_dup, *type_str;
+	int ret;
+
+	msg = ldb_msg_new(mem_ctx);
+	if (msg == NULL) {
+		return NULL;
+	}
+
+	name_dup = talloc_strdup(msg, name);
+	if (name_dup == NULL) {
+		talloc_free(msg);
+		return NULL;
+	}
+
+	ret = ldb_msg_add_string(msg, "value", name_dup);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(msg);
+		return NULL;
+	}
+
+	switch (type) {
+	case REG_SZ:
+	case REG_EXPAND_SZ:
+		if ((data.length > 0) && (data.data != NULL)) {
+			struct ldb_val *val;
+			bool ret2 = false;
+
+			val = talloc_zero(msg, struct ldb_val);
+			if (val == NULL) {
+				talloc_free(msg);
+				return NULL;
+			}
+
+			/* The data is provided as UTF16 string */
+			ret2 = convert_string_talloc(mem_ctx, CH_UTF16, CH_UTF8,
+						     (void *)data.data, data.length,
+						     (void **)&val->data, &val->length);
+			if (ret2) {
+				ret = ldb_msg_add_value(msg, "data", val, NULL);
+			} else {
+				/* workaround for non-standard data */
+				ret = ldb_msg_add_empty(msg, "data", LDB_FLAG_MOD_DELETE, NULL);
+			}
+		} else {
+			ret = ldb_msg_add_empty(msg, "data", LDB_FLAG_MOD_DELETE, NULL);
+		}
+		break;
+
+	case REG_DWORD:
+	case REG_DWORD_BIG_ENDIAN:
+		if ((data.length > 0) && (data.data != NULL)) {
+			if (data.length == sizeof(uint32_t)) {
+				char *conv_str;
+
+				conv_str = talloc_asprintf(msg, "0x%8.8x",
+							   IVAL(data.data, 0));
+				if (conv_str == NULL) {
+					talloc_free(msg);
+					return NULL;
+				}
+				ret = ldb_msg_add_string(msg, "data", conv_str);
+			} else {
+				/* workaround for non-standard data */
+				talloc_free(msg);
+				return NULL;
+			}
+		} else {
+			ret = ldb_msg_add_empty(msg, "data", LDB_FLAG_MOD_DELETE, NULL);
+		}
+		break;
+
+	case REG_QWORD:
+		if ((data.length > 0) && (data.data != NULL)) {
+			if (data.length == sizeof(uint64_t)) {
+				char *conv_str;
+
+				conv_str = talloc_asprintf(msg, "0x%16.16llx",
+							   (unsigned long long)BVAL(data.data, 0));
+				if (conv_str == NULL) {
+					talloc_free(msg);
+					return NULL;
+				}
+				ret = ldb_msg_add_string(msg, "data", conv_str);
+			} else {
+				/* workaround for non-standard data */
+				talloc_free(msg);
+				return NULL;
+
+			}
+		} else {
+			ret = ldb_msg_add_empty(msg, "data", LDB_FLAG_MOD_DELETE, NULL);
+		}
+		break;
+
+	case REG_BINARY:
+	default:
+		if ((data.length > 0) && (data.data != NULL)) {
+			ret = ldb_msg_add_value(msg, "data", &data, NULL);
+		} else {
+			ret = ldb_msg_add_empty(msg, "data", LDB_FLAG_MOD_DELETE, NULL);
+		}
+		break;
+	}
+
+	if (ret != LDB_SUCCESS) {
+		talloc_free(msg);
+		return NULL;
+	}
+
+	type_str = talloc_asprintf(mem_ctx, "%u", type);
+	if (type_str == NULL) {
+		talloc_free(msg);
+		return NULL;
+	}
+
+	ret = ldb_msg_add_string(msg, "type", type_str);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(msg);
+		return NULL;
+	}
+
+	return msg;
+}
+
+static char *reg_ldb_escape(TALLOC_CTX *mem_ctx, const char *value)
+{
+	struct ldb_val val;
+
+	val.data = discard_const_p(uint8_t, value);
+	val.length = strlen(value);
+
+	return ldb_dn_escape_value(mem_ctx, val);
+}
+
+static int reg_close_ldb_key(struct ldb_key_data *key)
+{
+	if (key->subkeys != NULL) {
+		talloc_free(key->subkeys);
+		key->subkeys = NULL;
+	}
+
+	if (key->values != NULL) {
+		talloc_free(key->values);
+		key->values = NULL;
+	}
+	return 0;
+}
+
+static struct ldb_dn *reg_path_to_ldb(TALLOC_CTX *mem_ctx,
+				      const struct hive_key *from,
+				      const char *path, const char *add)
+{
+	struct ldb_dn *ret;
+	char *mypath;
+	char *begin;
+	struct ldb_key_data *kd = talloc_get_type(from, struct ldb_key_data);
+	struct ldb_context *ldb = kd->ldb;
+
+	mypath = talloc_strdup(mem_ctx, path);
+	if (mypath == NULL) {
+		return NULL;
+	}
+
+	ret = ldb_dn_new(mem_ctx, ldb, add);
+	if (!ldb_dn_validate(ret)) {
+		talloc_free(ret);
+		return NULL;
+	}
+
+	if (!ldb_dn_add_base(ret, kd->dn)) {
+		talloc_free(ret);
+		return NULL;
+	}
+
+	while (mypath[0] != '\0') {
+		begin = strchr(mypath, '\\');
+		if (begin != NULL) {
+			*begin = '\0';
+		}
+
+		if (!ldb_dn_add_child_fmt(ret, "key=%s",
+					  reg_ldb_escape(mem_ctx, mypath))) {
+			talloc_free(ret);
+			return NULL;
+		}
+
+		if (begin != NULL) {
+			mypath = begin + 1;
+		} else {
+			break;
+		}
+	}
+
+	return ret;
+}
+
+static WERROR cache_subkeys(struct ldb_key_data *kd)
+{
+	struct ldb_context *c = kd->ldb;
+	struct ldb_result *res;
+	int ret;
+
+	ret = ldb_search(c, c, &res, kd->dn, LDB_SCOPE_ONELEVEL,
+			 NULL, "(key=*)");
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0, ("Error getting subkeys for '%s': %s\n",
+			ldb_dn_get_linearized(kd->dn), ldb_errstring(c)));
+		return WERR_FOOBAR;
+	}
+
+	kd->subkey_count = res->count;
+	kd->subkeys = talloc_steal(kd, res->msgs);
+	talloc_free(res);
+
+	return WERR_OK;
+}
+
+static WERROR cache_values(struct ldb_key_data *kd)
+{
+	struct ldb_context *c = kd->ldb;
+	struct ldb_result *res;
+	int ret;
+
+	ret = ldb_search(c, c, &res, kd->dn, LDB_SCOPE_ONELEVEL,
+			 NULL, "(value=*)");
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0, ("Error getting values for '%s': %s\n",
+			ldb_dn_get_linearized(kd->dn), ldb_errstring(c)));
+		return WERR_FOOBAR;
+	}
+
+	kd->value_count = res->count;
+	kd->values = talloc_steal(kd, res->msgs);
+	talloc_free(res);
+
+	return WERR_OK;
+}
+
+
+static WERROR ldb_get_subkey_by_id(TALLOC_CTX *mem_ctx,
+				   const struct hive_key *k, uint32_t idx,
+				   const char **name,
+				   const char **classname,
+				   NTTIME *last_mod_time)
+{
+	struct ldb_key_data *kd = talloc_get_type(k, struct ldb_key_data);
+
+	/* Initialization */
+	if (name != NULL)
+		*name = NULL;
+	if (classname != NULL)
+		*classname = NULL;
+	if (last_mod_time != NULL)
+		*last_mod_time = 0; /* TODO: we need to add this to the
+						ldb backend properly */
+
+	/* Do a search if necessary */
+	if (kd->subkeys == NULL) {
+		W_ERROR_NOT_OK_RETURN(cache_subkeys(kd));
+	}
+
+	if (idx >= kd->subkey_count)
+		return WERR_NO_MORE_ITEMS;
+
+	if (name != NULL)
+		*name = talloc_strdup(mem_ctx,
+				      ldb_msg_find_attr_as_string(kd->subkeys[idx], "key", NULL));
+	if (classname != NULL)
+		*classname = talloc_strdup(mem_ctx,
+					   ldb_msg_find_attr_as_string(kd->subkeys[idx], "classname", NULL));
+
+	return WERR_OK;
+}
+
+static WERROR ldb_get_default_value(TALLOC_CTX *mem_ctx,
+				    const struct hive_key *k,
+				    const char **name, uint32_t *data_type,
+				    DATA_BLOB *data)
+{
+	struct ldb_key_data *kd = talloc_get_type(k, struct ldb_key_data);
+	struct ldb_context *c = kd->ldb;
+	const char* attrs[] = { "data", "type", NULL };
+	struct ldb_result *res;
+	int ret;
+
+	ret = ldb_search(c, mem_ctx, &res, kd->dn, LDB_SCOPE_BASE, attrs,
+			 NULL);
+
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0, ("Error getting default value for '%s': %s\n",
+			ldb_dn_get_linearized(kd->dn), ldb_errstring(c)));
+		return WERR_FOOBAR;
+	}
+
+	if (res->count == 0 || res->msgs[0]->num_elements == 0) {
+		talloc_free(res);
+		return WERR_FILE_NOT_FOUND;
+	}
+
+	if ((data_type != NULL) && (data != NULL)) {
+		reg_ldb_unpack_value(mem_ctx, res->msgs[0], name, data_type,
+				     data);
+	}
+
+	talloc_free(res);
+
+	return WERR_OK;
+}
+
+static WERROR ldb_get_value_by_id(TALLOC_CTX *mem_ctx, struct hive_key *k,
+				  uint32_t idx, const char **name,
+				  uint32_t *data_type, DATA_BLOB *data)
+{
+	struct ldb_key_data *kd = talloc_get_type(k, struct ldb_key_data);
+
+	/* if the default value exists, give it back */
+	if (W_ERROR_IS_OK(ldb_get_default_value(mem_ctx, k, name, data_type,
+		data))) {
+		if (idx == 0)
+			return WERR_OK;
+		else
+			--idx;
+	}
+
+	/* Do the search if necessary */
+	if (kd->values == NULL) {
+		W_ERROR_NOT_OK_RETURN(cache_values(kd));
+	}
+
+	if (idx >= kd->value_count)
+		return WERR_NO_MORE_ITEMS;
+
+	reg_ldb_unpack_value(mem_ctx, kd->values[idx], name, data_type, data);
+
+	return WERR_OK;
+}
+
+static WERROR ldb_get_value(TALLOC_CTX *mem_ctx, struct hive_key *k,
+			    const char *name, uint32_t *data_type,
+			    DATA_BLOB *data)
+{
+	struct ldb_key_data *kd = talloc_get_type(k, struct ldb_key_data);
+	const char *res_name;
+	uint32_t idx;
+
+	/* the default value was requested, give it back */
+	if (name[0] == '\0') {
+		return ldb_get_default_value(mem_ctx, k, NULL, data_type, data);
+	}
+
+	/* Do the search if necessary */
+	if (kd->values == NULL) {
+		W_ERROR_NOT_OK_RETURN(cache_values(kd));
+	}
+
+	for (idx = 0; idx < kd->value_count; idx++) {
+		res_name = ldb_msg_find_attr_as_string(kd->values[idx], "value",
+						       "");
+		if (ldb_attr_cmp(name, res_name) == 0) {
+			reg_ldb_unpack_value(mem_ctx, kd->values[idx], NULL,
+					     data_type, data);
+			return WERR_OK;
+		}
+	}
+
+	return WERR_FILE_NOT_FOUND;
+}
+
+static WERROR ldb_open_key(TALLOC_CTX *mem_ctx, const struct hive_key *h,
+			   const char *name, struct hive_key **key)
+{
+	struct ldb_result *res;
+	struct ldb_dn *ldb_path;
+	int ret;
+	struct ldb_key_data *newkd;
+	struct ldb_key_data *kd = talloc_get_type(h, struct ldb_key_data);
+	struct ldb_context *c = kd->ldb;
+
+	ldb_path = reg_path_to_ldb(mem_ctx, h, name, NULL);
+	W_ERROR_HAVE_NO_MEMORY(ldb_path);
+
+	ret = ldb_search(c, mem_ctx, &res, ldb_path, LDB_SCOPE_BASE, NULL,
+			 NULL);
+
+	if (ret != LDB_SUCCESS) {
+		DEBUG(3, ("Error opening key '%s': %s\n",
+			ldb_dn_get_linearized(ldb_path), ldb_errstring(c)));
+		return WERR_FOOBAR;
+	} else if (res->count == 0) {
+		DEBUG(3, ("Key '%s' not found\n",
+			ldb_dn_get_linearized(ldb_path)));
+		talloc_free(res);
+		return WERR_FILE_NOT_FOUND;
+	}
+
+	newkd = talloc_zero(mem_ctx, struct ldb_key_data);
+	W_ERROR_HAVE_NO_MEMORY(newkd);
+	newkd->key.ops = &reg_backend_ldb;
+	newkd->ldb = talloc_reference(newkd, kd->ldb);
+	newkd->dn = ldb_dn_copy(newkd, res->msgs[0]->dn);
+	newkd->classname = talloc_steal(newkd,
+					ldb_msg_find_attr_as_string(res->msgs[0], "classname", NULL));
+
+	talloc_free(res);
+
+	*key = (struct hive_key *)newkd;
+
+	return WERR_OK;
+}
+
+WERROR reg_open_ldb_file(TALLOC_CTX *parent_ctx, const char *location,
+			 struct auth_session_info *session_info,
+			 struct cli_credentials *credentials,
+			 struct tevent_context *ev_ctx,
+			 struct loadparm_context *lp_ctx,
+			 struct hive_key **k)
+{
+	struct ldb_key_data *kd;
+	struct ldb_context *wrap;
+	struct ldb_message *attrs_msg;
+
+	if (location == NULL)
+		return WERR_INVALID_PARAMETER;
+
+	wrap = ldb_wrap_connect(parent_ctx, ev_ctx, lp_ctx,
+				location, session_info, credentials, 0);
+
+	if (wrap == NULL) {
+		DEBUG(1, (__FILE__": unable to connect\n"));
+		return WERR_FOOBAR;
+	}
+
+	attrs_msg = ldb_msg_new(wrap);
+	W_ERROR_HAVE_NO_MEMORY(attrs_msg);
+	attrs_msg->dn = ldb_dn_new(attrs_msg, wrap, "@ATTRIBUTES");
+	W_ERROR_HAVE_NO_MEMORY(attrs_msg->dn);
+	ldb_msg_add_string(attrs_msg, "key", "CASE_INSENSITIVE");
+	ldb_msg_add_string(attrs_msg, "value", "CASE_INSENSITIVE");
+
+	ldb_add(wrap, attrs_msg);
+
+	ldb_set_debug_stderr(wrap);
+
+	kd = talloc_zero(parent_ctx, struct ldb_key_data);
+	kd->key.ops = &reg_backend_ldb;
+	kd->ldb = talloc_reference(kd, wrap);
+	talloc_set_destructor (kd, reg_close_ldb_key);
+	kd->dn = ldb_dn_new(kd, wrap, "hive=NONE");
+
+	*k = (struct hive_key *)kd;
+
+	return WERR_OK;
+}
+
+static WERROR ldb_add_key(TALLOC_CTX *mem_ctx, const struct hive_key *parent,
+			  const char *name, const char *classname,
+			  struct security_descriptor *sd,
+			  struct hive_key **newkey)
+{
+	struct ldb_key_data *parentkd = discard_const_p(struct ldb_key_data, parent);
+	struct ldb_dn *ldb_path;
+	struct ldb_message *msg;
+	struct ldb_key_data *newkd;
+	int ret;
+
+	ldb_path = reg_path_to_ldb(mem_ctx, parent, name, NULL);
+	W_ERROR_HAVE_NO_MEMORY(ldb_path);
+
+	msg = ldb_msg_new(mem_ctx);
+	W_ERROR_HAVE_NO_MEMORY(msg);
+
+	msg->dn = ldb_path;
+
+	ldb_msg_add_string(msg, "key", name);
+	if (classname != NULL) {
+		ldb_msg_add_string(msg, "classname", classname);
+	}
+
+	ret = ldb_add(parentkd->ldb, msg);
+
+	talloc_free(msg);
+
+	if (ret == LDB_ERR_ENTRY_ALREADY_EXISTS) {
+		return WERR_ALREADY_EXISTS;
+	}
+
+	if (ret != LDB_SUCCESS) {
+		DEBUG(1, ("ldb_add: %s\n", ldb_errstring(parentkd->ldb)));
+		return WERR_FOOBAR;
+	}
+
+	DEBUG(2, ("key added: %s\n", ldb_dn_get_linearized(ldb_path)));
+
+	newkd = talloc_zero(mem_ctx, struct ldb_key_data);
+	W_ERROR_HAVE_NO_MEMORY(newkd);
+	newkd->ldb = talloc_reference(newkd, parentkd->ldb);
+	newkd->key.ops = &reg_backend_ldb;
+	newkd->dn = talloc_steal(newkd, ldb_path);
+	newkd->classname = talloc_steal(newkd, classname);
+
+	*newkey = (struct hive_key *)newkd;
+
+	/* reset cache */
+	talloc_free(parentkd->subkeys);
+	parentkd->subkeys = NULL;
+
+	return WERR_OK;
+}
+
+static WERROR ldb_del_value(TALLOC_CTX *mem_ctx, struct hive_key *key,
+			    const char *child)
+{
+	int ret;
+	struct ldb_key_data *kd = talloc_get_type(key, struct ldb_key_data);
+	struct ldb_message *msg;
+	struct ldb_dn *childdn;
+
+	if (child[0] == '\0') {
+		/* default value */
+		msg = ldb_msg_new(mem_ctx);
+		W_ERROR_HAVE_NO_MEMORY(msg);
+		msg->dn = ldb_dn_copy(msg, kd->dn);
+		W_ERROR_HAVE_NO_MEMORY(msg->dn);
+		ret = ldb_msg_add_empty(msg, "data", LDB_FLAG_MOD_DELETE, NULL);
+		if (ret != LDB_SUCCESS) {
+			return WERR_FOOBAR;
+		}
+		ret = ldb_msg_add_empty(msg, "type", LDB_FLAG_MOD_DELETE,
+					NULL);
+		if (ret != LDB_SUCCESS) {
+			return WERR_FOOBAR;
+		}
+
+		ret = ldb_modify(kd->ldb, msg);
+
+		talloc_free(msg);
+
+		if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE) {
+			return WERR_FILE_NOT_FOUND;
+		} else if (ret != LDB_SUCCESS) {
+			DEBUG(1, ("ldb_del_value: %s\n", ldb_errstring(kd->ldb)));
+			return WERR_FOOBAR;
+		}
+	} else {
+		/* normal value */
+		childdn = ldb_dn_copy(kd->ldb, kd->dn);
+		if (!ldb_dn_add_child_fmt(childdn, "value=%s",
+				  reg_ldb_escape(childdn, child)))
+		{
+			talloc_free(childdn);
+			return WERR_FOOBAR;
+		}
+
+		ret = ldb_delete(kd->ldb, childdn);
+
+		talloc_free(childdn);
+
+		if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+			return WERR_FILE_NOT_FOUND;
+		} else if (ret != LDB_SUCCESS) {
+			DEBUG(1, ("ldb_del_value: %s\n", ldb_errstring(kd->ldb)));
+			return WERR_FOOBAR;
+		}
+	}
+
+	/* reset cache */
+	talloc_free(kd->values);
+	kd->values = NULL;
+
+	return WERR_OK;
+}
+
+static WERROR ldb_del_key(TALLOC_CTX *mem_ctx, const struct hive_key *key,
+			  const char *name)
+{
+	unsigned int i;
+	int ret;
+	struct ldb_key_data *parentkd = talloc_get_type(key, struct ldb_key_data);
+	struct ldb_dn *ldb_path;
+	struct ldb_context *c = parentkd->ldb;
+	struct ldb_result *res_keys;
+	struct ldb_result *res_vals;
+	WERROR werr;
+	struct hive_key *hk;
+
+	/* Verify key exists by opening it */
+	werr = ldb_open_key(mem_ctx, key, name, &hk);
+	if (!W_ERROR_IS_OK(werr)) {
+		return werr;
+	}
+
+	ldb_path = reg_path_to_ldb(mem_ctx, key, name, NULL);
+	W_ERROR_HAVE_NO_MEMORY(ldb_path);
+
+	/* Search for subkeys */
+	ret = ldb_search(c, mem_ctx, &res_keys, ldb_path, LDB_SCOPE_ONELEVEL,
+			 NULL, "(key=*)");
+
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0, ("Error getting subkeys for '%s': %s\n",
+		      ldb_dn_get_linearized(ldb_path), ldb_errstring(c)));
+		return WERR_FOOBAR;
+	}
+
+	/* Search for values */
+	ret = ldb_search(c, mem_ctx, &res_vals, ldb_path, LDB_SCOPE_ONELEVEL,
+			 NULL, "(value=*)");
+
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0, ("Error getting values for '%s': %s\n",
+		      ldb_dn_get_linearized(ldb_path), ldb_errstring(c)));
+		return WERR_FOOBAR;
+	}
+
+	/* Start an explicit transaction */
+	ret = ldb_transaction_start(c);
+
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0, ("ldb_transaction_start: %s\n", ldb_errstring(c)));
+		return WERR_FOOBAR;
+	}
+
+	if (res_keys->count || res_vals->count)
+	{
+		/* Delete any subkeys */
+		for (i = 0; i < res_keys->count; i++)
+		{
+			werr = ldb_del_key(mem_ctx, hk,
+					   ldb_msg_find_attr_as_string(
+							res_keys->msgs[i],
+							"key", NULL));
+			if (!W_ERROR_IS_OK(werr)) {
+				ret = ldb_transaction_cancel(c);
+				return werr;
+			}
+		}
+
+		/* Delete any values */
+		for (i = 0; i < res_vals->count; i++)
+		{
+			werr = ldb_del_value(mem_ctx, hk,
+					     ldb_msg_find_attr_as_string(
+							res_vals->msgs[i],
+							"value", NULL));
+			if (!W_ERROR_IS_OK(werr)) {
+				ret = ldb_transaction_cancel(c);
+				return werr;
+			}
+		}
+	}
+	talloc_free(res_keys);
+	talloc_free(res_vals);
+
+	/* Delete the key itself */
+	ret = ldb_delete(c, ldb_path);
+
+	if (ret != LDB_SUCCESS)
+	{
+		DEBUG(1, ("ldb_del_key: %s\n", ldb_errstring(c)));
+		ret = ldb_transaction_cancel(c);
+		return WERR_FOOBAR;
+	}
+
+	/* Commit the transaction */
+	ret = ldb_transaction_commit(c);
+
+	if (ret != LDB_SUCCESS)
+	{
+		DEBUG(0, ("ldb_transaction_commit: %s\n", ldb_errstring(c)));
+		ret = ldb_transaction_cancel(c);
+		return WERR_FOOBAR;
+	}
+
+	/* reset cache */
+	talloc_free(parentkd->subkeys);
+	parentkd->subkeys = NULL;
+
+	return WERR_OK;
+}
+
+static WERROR ldb_set_value(struct hive_key *parent,
+			    const char *name, uint32_t type,
+			    const DATA_BLOB data)
+{
+	struct ldb_message *msg;
+	struct ldb_key_data *kd = talloc_get_type(parent, struct ldb_key_data);
+	unsigned int i;
+	int ret;
+	TALLOC_CTX *mem_ctx = talloc_init("ldb_set_value");
+
+	msg = reg_ldb_pack_value(kd->ldb, mem_ctx, name, type, data);
+	W_ERROR_HAVE_NO_MEMORY(msg);
+
+	msg->dn = ldb_dn_copy(msg, kd->dn);
+	W_ERROR_HAVE_NO_MEMORY(msg->dn);
+
+	if (name[0] != '\0') {
+		/* For a default value, we add/overwrite the attributes to/of the hive.
+		   For a normal value, we create a new child. */
+		if (!ldb_dn_add_child_fmt(msg->dn, "value=%s",
+				  reg_ldb_escape(mem_ctx, name)))
+		{
+			talloc_free(mem_ctx);
+			return WERR_FOOBAR;
+		}
+	}
+
+	/* Try first a "modify" and if this doesn't work do try an "add" */
+	for (i = 0; i < msg->num_elements; i++) {
+		if (LDB_FLAG_MOD_TYPE(msg->elements[i].flags) != LDB_FLAG_MOD_DELETE) {
+			msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
+		}
+	}
+	ret = ldb_modify(kd->ldb, msg);
+	if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+		i = 0;
+		while (i < msg->num_elements) {
+			if (LDB_FLAG_MOD_TYPE(msg->elements[i].flags) == LDB_FLAG_MOD_DELETE) {
+				ldb_msg_remove_element(msg, &msg->elements[i]);
+			} else {
+				++i;
+			}
+		}
+		ret = ldb_add(kd->ldb, msg);
+	}
+	if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE) {
+		/* ignore this -> the value didn't exist and also now doesn't */
+		ret = LDB_SUCCESS;
+	}
+
+	talloc_free(msg);
+
+	if (ret != LDB_SUCCESS) {
+		DEBUG(1, ("ldb_set_value: %s\n", ldb_errstring(kd->ldb)));
+		talloc_free(mem_ctx);
+		return WERR_FOOBAR;
+	}
+
+	/* reset cache */
+	talloc_free(kd->values);
+	kd->values = NULL;
+
+	talloc_free(mem_ctx);
+	return WERR_OK;
+}
+
+static WERROR ldb_get_key_info(TALLOC_CTX *mem_ctx,
+			       const struct hive_key *key,
+			       const char **classname,
+			       uint32_t *num_subkeys,
+			       uint32_t *num_values,
+			       NTTIME *last_change_time,
+			       uint32_t *max_subkeynamelen,
+			       uint32_t *max_valnamelen,
+			       uint32_t *max_valbufsize)
+{
+	struct ldb_key_data *kd = talloc_get_type(key, struct ldb_key_data);
+	uint32_t default_value_type = REG_NONE;
+	DATA_BLOB default_value = { NULL, 0 };
+	WERROR werr;
+
+	/* Initialization */
+	if (classname != NULL)
+		*classname = NULL;
+	if (num_subkeys != NULL)
+		*num_subkeys = 0;
+	if (num_values != NULL)
+		*num_values = 0;
+	if (last_change_time != NULL)
+		*last_change_time = 0;
+	if (max_subkeynamelen != NULL)
+		*max_subkeynamelen = 0;
+	if (max_valnamelen != NULL)
+		*max_valnamelen = 0;
+	if (max_valbufsize != NULL)
+		*max_valbufsize = 0;
+
+	/* We need this to get the default value (if it exists) for counting
+	 * the values under the key and for finding out the longest value buffer
+	 * size. If no default value exists the DATA_BLOB "default_value" will
+	 * remain { NULL, 0 }. */
+	werr = ldb_get_default_value(mem_ctx, key, NULL, &default_value_type,
+				     &default_value);
+	if ((!W_ERROR_IS_OK(werr)) && (!W_ERROR_EQUAL(werr, WERR_FILE_NOT_FOUND))) {
+		return werr;
+	}
+
+	if (kd->subkeys == NULL) {
+		W_ERROR_NOT_OK_RETURN(cache_subkeys(kd));
+	}
+	if (kd->values == NULL) {
+		W_ERROR_NOT_OK_RETURN(cache_values(kd));
+	}
+
+	if (classname != NULL) {
+		*classname = kd->classname;
+	}
+
+	if (num_subkeys != NULL) {
+		*num_subkeys = kd->subkey_count;
+	}
+	if (num_values != NULL) {
+		*num_values = kd->value_count;
+		/* also consider the default value if it exists */
+		if (default_value.data != NULL) {
+			++(*num_values);
+		}
+	}
+
+
+	if (max_subkeynamelen != NULL) {
+		unsigned int i;
+		struct ldb_message_element *el;
+
+		for (i = 0; i < kd->subkey_count; i++) {
+			el = ldb_msg_find_element(kd->subkeys[i], "key");
+			*max_subkeynamelen = MAX(*max_subkeynamelen, el->values[0].length);
+		}
+	}
+
+	if (max_valnamelen != NULL || max_valbufsize != NULL) {
+		unsigned int i;
+		struct ldb_message_element *el;
+		W_ERROR_NOT_OK_RETURN(cache_values(kd));
+
+		/* also consider the default value if it exists */
+		if ((max_valbufsize != NULL) && (default_value.data != NULL)) {
+				*max_valbufsize = MAX(*max_valbufsize,
+						      default_value.length);
+		}
+
+		for (i = 0; i < kd->value_count; i++) {
+			if (max_valnamelen != NULL) {
+				el = ldb_msg_find_element(kd->values[i], "value");
+				*max_valnamelen = MAX(*max_valnamelen, el->values[0].length);
+			}
+
+			if (max_valbufsize != NULL) {
+				uint32_t data_type;
+				DATA_BLOB data;
+				reg_ldb_unpack_value(mem_ctx,
+						     kd->values[i], NULL,
+						     &data_type, &data);
+				*max_valbufsize = MAX(*max_valbufsize, data.length);
+				talloc_free(data.data);
+			}
+		}
+	}
+
+	talloc_free(default_value.data);
+
+	return WERR_OK;
+}
+
+static struct hive_operations reg_backend_ldb = {
+	.name = "ldb",
+	.add_key = ldb_add_key,
+	.del_key = ldb_del_key,
+	.get_key_by_name = ldb_open_key,
+	.enum_value = ldb_get_value_by_id,
+	.enum_key = ldb_get_subkey_by_id,
+	.set_value = ldb_set_value,
+	.get_value_by_name = ldb_get_value,
+	.delete_value = ldb_del_value,
+	.get_key_info = ldb_get_key_info,
+};
diff --git a/source4/lib/registry/local.c b/source4/lib/registry/local.c
new file mode 100644
index 0000000..4b00953
--- /dev/null
+++ b/source4/lib/registry/local.c
@@ -0,0 +1,408 @@
+/*
+   Unix SMB/CIFS implementation.
+   Transparent registry backend handling
+   Copyright (C) Jelmer Vernooij			2003-2007.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "../lib/util/dlinklist.h"
+#include "lib/registry/registry.h"
+#include "system/filesys.h"
+
+struct reg_key_path {
+	uint32_t predefined_key;
+	const char **elements;
+};
+
+struct registry_local {
+	const struct registry_operations *ops;
+
+	struct mountpoint {
+		struct reg_key_path path;
+		struct hive_key *key;
+		struct mountpoint *prev, *next;
+	} *mountpoints;
+};
+
+struct local_key {
+	struct registry_key global;
+	struct reg_key_path path;
+	struct hive_key *hive_key;
+};
+
+
+struct registry_key *reg_import_hive_key(struct registry_context *ctx,
+					 struct hive_key *hive,
+					 uint32_t predefined_key,
+					 const char **elements)
+{
+	struct local_key *local_key;
+	struct reg_key_path parent_path;
+
+	parent_path.predefined_key = predefined_key;
+	parent_path.elements = elements;
+
+	local_key = talloc(ctx, struct local_key);
+	if (local_key != NULL) {
+		local_key->hive_key = talloc_reference(local_key, hive);
+		local_key->global.context = talloc_reference(local_key, ctx);
+		local_key->path = parent_path;
+	}
+
+	return (struct registry_key *)local_key;
+}
+
+
+static WERROR local_open_key(TALLOC_CTX *mem_ctx,
+			     struct registry_key *parent,
+			     const char *path,
+			     struct registry_key **result)
+{
+	char *orig, *curbegin, *curend;
+	struct local_key *local_parent = talloc_get_type(parent,
+							 struct local_key);
+	struct hive_key *curkey = local_parent->hive_key;
+	WERROR error;
+	const char **elements = NULL;
+	int el;
+
+	if (path == NULL || path[0] == '\0') {
+		return WERR_INVALID_PARAMETER;
+	}
+
+	orig = talloc_strdup(mem_ctx, path);
+	W_ERROR_HAVE_NO_MEMORY(orig);
+	curbegin = orig;
+	curend = strchr(orig, '\\');
+
+	if (local_parent->path.elements != NULL) {
+		elements = talloc_array(mem_ctx, const char *,
+					str_list_length(local_parent->path.elements) + 1);
+		W_ERROR_HAVE_NO_MEMORY(elements);
+		for (el = 0; local_parent->path.elements[el] != NULL; el++) {
+			elements[el] = talloc_reference(elements,
+							local_parent->path.elements[el]);
+		}
+		elements[el] = NULL;
+	} else {
+		elements = NULL;
+		el = 0;
+	}
+
+	do {
+		if (curend != NULL)
+			*curend = '\0';
+		elements = talloc_realloc(mem_ctx, elements, const char *, el+2);
+		W_ERROR_HAVE_NO_MEMORY(elements);
+		elements[el] = talloc_strdup(elements, curbegin);
+		W_ERROR_HAVE_NO_MEMORY(elements[el]);
+		el++;
+		elements[el] = NULL;
+		error = hive_get_key_by_name(mem_ctx, curkey,
+					     curbegin, &curkey);
+		if (!W_ERROR_IS_OK(error)) {
+			DEBUG(2, ("Opening key %s failed: %s\n", curbegin,
+				win_errstr(error)));
+			talloc_free(orig);
+			return error;
+		}
+		if (curend == NULL)
+			break;
+		curbegin = curend + 1;
+		curend = strchr(curbegin, '\\');
+	} while (curbegin[0] != '\0');
+	talloc_free(orig);
+
+	*result = reg_import_hive_key(local_parent->global.context, curkey,
+				      local_parent->path.predefined_key,
+				      talloc_steal(curkey, elements));
+
+	return WERR_OK;
+}
+
+WERROR local_get_predefined_key(struct registry_context *ctx,
+				uint32_t key_id, struct registry_key **key)
+{
+	struct registry_local *rctx = talloc_get_type(ctx,
+						      struct registry_local);
+	struct mountpoint *mp;
+
+	for (mp = rctx->mountpoints; mp != NULL; mp = mp->next) {
+		if (mp->path.predefined_key == key_id &&
+			mp->path.elements == NULL)
+			break;
+	}
+
+	if (mp == NULL)
+		return WERR_FILE_NOT_FOUND;
+
+	*key = reg_import_hive_key(ctx, mp->key,
+				   mp->path.predefined_key,
+				   mp->path.elements);
+
+	return WERR_OK;
+}
+
+static WERROR local_enum_key(TALLOC_CTX *mem_ctx,
+			     const struct registry_key *key, uint32_t idx,
+			     const char **name,
+			     const char **keyclass,
+			     NTTIME *last_changed_time)
+{
+	const struct local_key *local = (const struct local_key *)key;
+
+	return hive_enum_key(mem_ctx, local->hive_key, idx, name, keyclass,
+			     last_changed_time);
+}
+
+static WERROR local_create_key(TALLOC_CTX *mem_ctx,
+			       struct registry_key *parent,
+			       const char *path,
+			       const char *key_class,
+			       struct security_descriptor *security,
+			       struct registry_key **result)
+{
+	char *orig, *curbegin, *curend;
+	struct local_key *local_parent = talloc_get_type(parent,
+							 struct local_key);
+	struct hive_key *curkey = local_parent->hive_key;
+	WERROR error;
+	const char **elements = NULL;
+	int el;
+
+	if (path == NULL || path[0] == '\0') {
+		return WERR_INVALID_PARAMETER;
+	}
+
+	orig = talloc_strdup(mem_ctx, path);
+	W_ERROR_HAVE_NO_MEMORY(orig);
+	curbegin = orig;
+	curend = strchr(orig, '\\');
+
+	if (local_parent->path.elements != NULL) {
+		elements = talloc_array(mem_ctx, const char *,
+					str_list_length(local_parent->path.elements) + 1);
+		W_ERROR_HAVE_NO_MEMORY(elements);
+		for (el = 0; local_parent->path.elements[el] != NULL; el++) {
+			elements[el] = talloc_reference(elements,
+							local_parent->path.elements[el]);
+		}
+		elements[el] = NULL;
+	} else {
+		elements = NULL;
+		el = 0;
+	}
+
+	do {
+		if (curend != NULL)
+			*curend = '\0';
+		elements = talloc_realloc(mem_ctx, elements, const char *, el+2);
+		W_ERROR_HAVE_NO_MEMORY(elements);
+		elements[el] = talloc_strdup(elements, curbegin);
+		W_ERROR_HAVE_NO_MEMORY(elements[el]);
+		el++;
+		elements[el] = NULL;
+		error = hive_get_key_by_name(mem_ctx, curkey,
+					     curbegin, &curkey);
+		if (W_ERROR_EQUAL(error, WERR_FILE_NOT_FOUND)) {
+			error = hive_key_add_name(mem_ctx, curkey, curbegin,
+						  key_class, security,
+						  &curkey);
+		}
+		if (!W_ERROR_IS_OK(error)) {
+			DEBUG(2, ("Open/Creation of key %s failed: %s\n",
+				curbegin, win_errstr(error)));
+			talloc_free(orig);
+			return error;
+		}
+		if (curend == NULL)
+			break;
+		curbegin = curend + 1;
+		curend = strchr(curbegin, '\\');
+	} while (curbegin[0] != '\0');
+	talloc_free(orig);
+
+	*result = reg_import_hive_key(local_parent->global.context, curkey,
+				      local_parent->path.predefined_key,
+				      talloc_steal(curkey, elements));
+
+	return WERR_OK;
+}
+
+static WERROR local_set_value(struct registry_key *key, const char *name,
+			      uint32_t type, const DATA_BLOB data)
+{
+	struct local_key *local = (struct local_key *)key;
+
+	if (name == NULL) {
+		return WERR_INVALID_PARAMETER;
+	}
+
+	return hive_key_set_value(local->hive_key, name, type, data);
+}
+
+static WERROR local_get_value(TALLOC_CTX *mem_ctx,
+			      const struct registry_key *key,
+			      const char *name, uint32_t *type, DATA_BLOB *data)
+{
+	const struct local_key *local = (const struct local_key *)key;
+
+	if (name == NULL) {
+		return WERR_INVALID_PARAMETER;
+	}
+
+	return hive_get_value(mem_ctx, local->hive_key, name, type, data);
+}
+
+static WERROR local_enum_value(TALLOC_CTX *mem_ctx,
+			       const struct registry_key *key, uint32_t idx,
+			       const char **name,
+			       uint32_t *type,
+			       DATA_BLOB *data)
+{
+	const struct local_key *local = (const struct local_key *)key;
+
+	return hive_get_value_by_index(mem_ctx, local->hive_key, idx,
+				       name, type, data);
+}
+
+static WERROR local_delete_key(TALLOC_CTX *mem_ctx, struct registry_key *key,
+			       const char *name)
+{
+	const struct local_key *local = (const struct local_key *)key;
+
+	if (name == NULL) {
+		return WERR_INVALID_PARAMETER;
+	}
+
+	return hive_key_del(mem_ctx, local->hive_key, name);
+}
+
+static WERROR local_delete_value(TALLOC_CTX *mem_ctx, struct registry_key *key,
+				 const char *name)
+{
+	const struct local_key *local = (const struct local_key *)key;
+
+	if (name == NULL) {
+		return WERR_INVALID_PARAMETER;
+	}
+
+	return hive_key_del_value(mem_ctx, local->hive_key, name);
+}
+
+static WERROR local_flush_key(struct registry_key *key)
+{
+	const struct local_key *local = (const struct local_key *)key;
+
+	return hive_key_flush(local->hive_key);
+}
+
+static WERROR local_get_key_info(TALLOC_CTX *mem_ctx,
+				 const struct registry_key *key,
+				 const char **classname,
+				 uint32_t *num_subkeys,
+				 uint32_t *num_values,
+				 NTTIME *last_change_time,
+				 uint32_t *max_subkeynamelen,
+				 uint32_t *max_valnamelen,
+				 uint32_t *max_valbufsize)
+{
+	const struct local_key *local = (const struct local_key *)key;
+
+	return hive_key_get_info(mem_ctx, local->hive_key,
+				 classname, num_subkeys, num_values,
+				 last_change_time, max_subkeynamelen, 
+				 max_valnamelen, max_valbufsize);
+}
+static WERROR local_get_sec_desc(TALLOC_CTX *mem_ctx, 
+				 const struct registry_key *key, 
+				 struct security_descriptor **security)
+{
+	const struct local_key *local = (const struct local_key *)key;
+
+	return hive_get_sec_desc(mem_ctx, local->hive_key, security);
+}
+static WERROR local_set_sec_desc(struct registry_key *key, 
+				 const struct security_descriptor *security)
+{
+	const struct local_key *local = (const struct local_key *)key;
+
+	return hive_set_sec_desc(local->hive_key, security);
+}
+const static struct registry_operations local_ops = {
+	.name = "local",
+	.open_key = local_open_key,
+	.get_predefined_key = local_get_predefined_key,
+	.enum_key = local_enum_key,
+	.create_key = local_create_key,
+	.set_value = local_set_value,
+	.get_value = local_get_value,
+	.enum_value = local_enum_value,
+	.delete_key = local_delete_key,
+	.delete_value = local_delete_value,
+	.flush_key = local_flush_key,
+	.get_key_info = local_get_key_info,
+	.get_sec_desc = local_get_sec_desc,
+	.set_sec_desc = local_set_sec_desc,
+};
+
+WERROR reg_open_local(TALLOC_CTX *mem_ctx, struct registry_context **ctx)
+{
+	struct registry_local *ret = talloc_zero(mem_ctx,
+						 struct registry_local);
+
+	W_ERROR_HAVE_NO_MEMORY(ret);
+
+	ret->ops = &local_ops;
+
+	*ctx = (struct registry_context *)ret;
+
+	return WERR_OK;
+}
+
+WERROR reg_mount_hive(struct registry_context *rctx,
+		      struct hive_key *hive_key,
+		      uint32_t key_id,
+		      const char **elements)
+{
+	struct registry_local *reg_local = talloc_get_type(rctx,
+							   struct registry_local);
+	struct mountpoint *mp;
+	unsigned int i = 0;
+
+	mp = talloc(rctx, struct mountpoint);
+	W_ERROR_HAVE_NO_MEMORY(mp);
+	mp->path.predefined_key = key_id;
+	mp->prev = mp->next = NULL;
+	mp->key = hive_key;
+	if (elements != NULL && elements[0] != NULL) {
+		mp->path.elements = talloc_array(mp, const char *,
+						 str_list_length(elements));
+		W_ERROR_HAVE_NO_MEMORY(mp->path.elements);
+		for (i = 0; elements[i] != NULL; i++) {
+			mp->path.elements[i] = talloc_reference(mp->path.elements,
+								elements[i]);
+		}
+		mp->path.elements[i] = NULL;
+	} else {
+		mp->path.elements = NULL;
+	}
+
+	DLIST_ADD(reg_local->mountpoints, mp);
+
+	return WERR_OK;
+}
diff --git a/source4/lib/registry/man/regdiff.1.xml b/source4/lib/registry/man/regdiff.1.xml
new file mode 100644
index 0000000..23aae34
--- /dev/null
+++ b/source4/lib/registry/man/regdiff.1.xml
@@ -0,0 +1,100 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<refentry id="regdiff.1">
+
+<refmeta>
+	<refentrytitle>regdiff</refentrytitle>
+	<manvolnum>1</manvolnum>
+	<refmiscinfo class="source">Samba</refmiscinfo>
+	<refmiscinfo class="manual">System Administration tools</refmiscinfo>
+	<refmiscinfo class="version">4.0</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+	<refname>regdiff</refname>
+	<refpurpose>Diff program for Windows registry files</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<cmdsynopsis>
+		<command>regdiff</command>
+		<arg choice="opt">--help</arg>
+		<arg choice="opt">--backend=BACKEND</arg>
+		<arg choice="opt">--credentials=CREDENTIALS</arg>
+		<arg choice="opt">location</arg>
+	</cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+
+	<para>regdiff compares two Windows registry files key by key 
+		and value by value and generates a text file that contains the 
+		differences between the two files.</para>
+
+	<para>A file generated by regdiff can later be applied to a
+		registry file by the regpatch utility. </para>
+
+	<para>regdiff and regpatch use the same file format as 
+		the regedit32.exe utility from Windows.</para>
+
+</refsect1>
+
+<refsect1>
+	<title>OPTIONS</title>
+
+	<variablelist>
+		<varlistentry>
+		<term>--help</term>
+		<listitem><para>
+		Show list of available options.</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+			<term>--backend BACKEND</term>
+			<listitem><para>Name of backend to load. Possible values are: 
+					creg, regf, dir and rpc. The default is <emphasis>dir</emphasis>.
+				</para>
+				<para>
+					This argument can be specified twice: once for the first 
+					registry file and once for the second.
+		</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>--credentials=CREDENTIALS</term>
+		<listitem><para>
+				Credentials to use, if any. Password should be separated from user name by a percent sign.
+				</para>
+				<para>
+					This argument can be specified twice: once for the first 
+					registry file and once for the second.
+		</para></listitem>
+		</varlistentry>
+	</variablelist>
+</refsect1>
+
+<refsect1>
+	<title>VERSION</title>
+
+	<para>This man page is correct for version 4.0 of the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+	<title>SEE ALSO</title>
+	
+	<para>gregedit, regshell, regpatch, regtree, samba, patch, diff</para>
+	
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+
+	<para>This utility is part of the <ulink url="http://www.samba.org/">Samba</ulink> suite, which is developed by the global <ulink url="http://www.samba.org/samba/team/">Samba Team</ulink>.</para>
+	
+	<para>This manpage and regdiff were written by Jelmer Vernooij. </para>
+	
+</refsect1>
+
+</refentry>
diff --git a/source4/lib/registry/man/regpatch.1.xml b/source4/lib/registry/man/regpatch.1.xml
new file mode 100644
index 0000000..3a15082
--- /dev/null
+++ b/source4/lib/registry/man/regpatch.1.xml
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<refentry id="regpatch.1">
+
+<refmeta>
+	<refentrytitle>regpatch</refentrytitle>
+	<manvolnum>1</manvolnum>
+	<refmiscinfo class="source">Samba</refmiscinfo>
+	<refmiscinfo class="manual">System Administration tools</refmiscinfo>
+	<refmiscinfo class="version">4.0</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+	<refname>regpatch</refname>
+	<refpurpose>Applies registry patches to registry files</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<cmdsynopsis>
+		<command>regpatch</command>
+		<arg choice="opt">--help</arg>
+		<arg choice="opt">--backend=BACKEND</arg>
+		<arg choice="opt">--credentials=CREDENTIALS</arg>
+		<arg choice="opt">location</arg>
+		<arg choice="opt">patch-file</arg>
+	</cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+
+	<para>The regpatch utility applies registry patches to Windows registry 
+		files. The patch files should have the same format as is being used  
+		by the regdiff utility and regedit32.exe from Windows.</para>
+
+	<para>If no patch file is specified on the command line, 
+		regpatch attempts to read it from standard input.</para>
+</refsect1>
+
+
+<refsect1>
+	<title>OPTIONS</title>
+
+	<variablelist>
+		<varlistentry>
+		<term>--help</term>
+		<listitem><para>
+		Show list of available options.</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+			<term>--backend BACKEND</term>
+			<listitem><para>Name of backend to load. Possible values are: 
+					creg, regf, dir and rpc. The default is <emphasis>dir</emphasis>.
+		</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>--credentials=CREDENTIALS</term>
+		<listitem><para>
+				Credentials to use, if any. Password should be separated from user name by a percent sign.</para></listitem>
+		</varlistentry>
+	</variablelist>
+</refsect1>
+
+<refsect1>
+	<title>VERSION</title>
+
+	<para>This man page is correct for version 4.0 of the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+	<title>SEE ALSO</title>
+
+	<para>regdiff, regtree, regshell, gregedit, samba, diff, patch</para>
+	
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+
+	<para>This utility is part of the <ulink url="http://www.samba.org/">Samba</ulink> suite, which is developed by the global <ulink url="http://www.samba.org/samba/team/">Samba Team</ulink>.</para>
+	
+	<para>This manpage and regpatch were written by Jelmer Vernooij. </para>
+	
+</refsect1>
+
+</refentry>
diff --git a/source4/lib/registry/man/regshell.1.xml b/source4/lib/registry/man/regshell.1.xml
new file mode 100644
index 0000000..4653fbb
--- /dev/null
+++ b/source4/lib/registry/man/regshell.1.xml
@@ -0,0 +1,189 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<refentry id="regshell.1">
+
+<refmeta>
+	<refentrytitle>regshell</refentrytitle>
+	<manvolnum>1</manvolnum>
+	<refmiscinfo class="source">Samba</refmiscinfo>
+	<refmiscinfo class="manual">System Administration tools</refmiscinfo>
+	<refmiscinfo class="version">4.0</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+	<refname>regshell</refname>
+	<refpurpose>Windows registry file browser using readline</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<cmdsynopsis>
+		<command>regshell</command>
+		<arg choice="opt">--help</arg>
+		<arg choice="opt">--backend=BACKEND</arg>
+		<arg choice="opt">--credentials=CREDENTIALS</arg>
+		<arg choice="opt">location</arg>
+	</cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+
+	<para>
+		regshell is a utility that lets you browse thru a Windows registry 
+		file as if you were using a regular unix shell to browse thru a 
+		file system.
+	</para>
+
+</refsect1>
+
+
+<refsect1>
+	<title>OPTIONS</title>
+
+	<variablelist>
+		<varlistentry>
+		<term>--help</term>
+		<listitem><para>
+		Show list of available options.</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+			<term>--backend BACKEND</term>
+			<listitem><para>Name of backend to load. Possible values are: 
+					creg, regf, dir and rpc. The default is <emphasis>dir</emphasis>.
+		</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>--credentials=CREDENTIALS</term>
+		<listitem><para>
+				Credentials to use, if any. Password should be separated from user name by a percent sign.</para></listitem>
+		</varlistentry>
+	</variablelist>
+</refsect1>
+
+<refsect1>
+	<title>COMMANDS</title>
+
+	<variablelist>
+		<varlistentry>
+			<term>ck|cd &lt;keyname&gt;</term>
+			<listitem><para>
+			Go to the specified subkey.
+			</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+			<term>ch|predef [predefined-key-name]</term>
+			<listitem><para>
+					Go to the specified predefined key. 
+			</para></listitem>
+		</varlistentry>		
+
+		<varlistentry>
+			<term>list|ls</term>
+			<listitem><para>
+					List subkeys and values of the current key.
+			</para></listitem>
+		</varlistentry>		
+
+		<varlistentry>
+			<term>mkkey|mkdir &lt;keyname&gt;</term>
+			<listitem><para>
+					Create a key with the specified <replaceable>keyname</replaceable> as a subkey of the current key.
+			</para></listitem>
+		</varlistentry>		
+
+		<varlistentry>
+			<term>rmval|rm &lt;valname&gt;</term>
+			<listitem><para>
+					Delete the specified value.
+			</para></listitem>
+		</varlistentry>		
+
+		<varlistentry>
+			<term>rmkey|rmdir &lt;keyname&gt;</term>
+			<listitem><para>
+			Delete the specified subkey recursively.
+			</para></listitem>
+		</varlistentry>		
+
+		<varlistentry>
+			<term>pwd|pwk</term>
+			<listitem><para>Print the full name of the current key.</para></listitem>
+		</varlistentry>		
+
+		<varlistentry>
+			<term>set|update</term>
+			<listitem><para>Update the value of a key value. Not implemented at the moment.</para></listitem>
+		</varlistentry>		
+
+		<varlistentry>
+			<term>help|?</term>
+			<listitem><para>Print a list of available commands.</para></listitem>
+		</varlistentry>		
+		<varlistentry>
+			<term>exit|quit</term>
+			<listitem><para>Leave regshell.</para></listitem>
+		</varlistentry>		
+	</variablelist>
+</refsect1>
+
+<refsect1>
+	<title>EXAMPLES</title>
+
+	<para>Browsing thru a nt4 registry file</para>
+	<screen>
+<userinput>regshell -b nt4 NTUSER.DAT</userinput>
+$$$PROTO.HIV> <userinput>ls</userinput>
+K AppEvents
+K Console
+K Control Panel
+K Environment
+K Identities
+K Keyboard Layout
+K Network
+K Printers
+K Software
+K UNICODE Program Groups
+K Windows 3.1 Migration Status
+$$$PROTO.HIV> <userinput>exit</userinput>
+</screen>
+
+<para>Listing the subkeys of HKEY_CURRENT_USER\AppEvents on a remote computer:</para>
+<screen>
+<userinput>regshell --remote=ncacn_np:aurelia -c "jelmer%secret"</userinput>
+HKEY_CURRENT_MACHINE> <userinput>predef HKEY_CURRENT_USER</userinput>
+HKEY_CURRENT_USER> <userinput>cd AppEvents</userinput>
+Current path is: HKEY_CURRENT_USER\AppEvents
+HKEY_CURRENT_USER\AppEvents> <userinput>ls</userinput>
+K EventLabels
+K Schemes
+HKEY_CURRENT_USER\AppEvents> <userinput>exit</userinput>
+</screen>
+</refsect1>
+
+<refsect1>
+	<title>VERSION</title>
+
+	<para>This man page is correct for version 4.0 of the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+	<title>SEE ALSO</title>
+
+	<para>regtree, regdiff, regpatch, gregedit, samba</para>
+
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+
+	<para>This utility is part of the <ulink url="http://www.samba.org/">Samba</ulink> suite, which is developed by the global <ulink url="http://www.samba.org/samba/team/">Samba Team</ulink>.</para>
+	
+	<para>This manpage and regshell were written by Jelmer Vernooij. </para>
+	
+</refsect1>
+
+</refentry>
diff --git a/source4/lib/registry/man/regtree.1.xml b/source4/lib/registry/man/regtree.1.xml
new file mode 100644
index 0000000..0d798e4
--- /dev/null
+++ b/source4/lib/registry/man/regtree.1.xml
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<refentry id="regtree.1">
+
+<refmeta>
+	<refentrytitle>regtree</refentrytitle>
+	<manvolnum>1</manvolnum>
+	<refmiscinfo class="source">Samba</refmiscinfo>
+	<refmiscinfo class="manual">System Administration tools</refmiscinfo>
+	<refmiscinfo class="version">4.0</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+	<refname>regtree</refname>
+	<refpurpose>Text-mode registry viewer</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<cmdsynopsis>
+		<command>regtree</command>
+		<arg choice="opt">--help</arg>
+		<arg choice="opt">--backend=BACKEND</arg>
+		<arg choice="opt">--fullpath</arg>
+		<arg choice="opt">--no-values</arg>
+		<arg choice="opt">--credentials=CREDENTIALS</arg>
+		<arg choice="opt">location</arg>
+	</cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+
+	<para>The regtree utility prints out all the contents of a 
+		Windows registry file. Subkeys are printed with one level 
+		more indentation than their parents. </para>
+
+</refsect1>
+
+
+<refsect1>
+	<title>OPTIONS</title>
+
+	<variablelist>
+		<varlistentry>
+		<term>--help</term>
+		<listitem><para>
+		Show list of available options.</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+			<term>--backend BACKEND</term>
+			<listitem><para>Name of backend to load. Possible values are: 
+					creg, regf, dir and rpc. The default is <emphasis>dir</emphasis>.
+		</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>--credentials=CREDENTIALS</term>
+		<listitem><para>
+				Credentials to use, if any. Password should be separated from user name by a percent sign.</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+			<term>--fullpath</term>
+			<listitem><para>
+					Print the full path to each key instead of only its name.
+				</para>
+			</listitem>
+		</varlistentry>
+
+		<varlistentry><term>--no-values</term>
+			<listitem><para>Don't print values, just keys.</para></listitem>
+		</varlistentry>
+	</variablelist>
+	
+</refsect1>
+
+<refsect1>
+	<title>VERSION</title>
+
+	<para>This man page is correct for version 4.0 of the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+	<title>SEE ALSO</title>
+
+	<para>gregedit, regshell, regdiff, regpatch, samba</para>
+
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+
+	<para>This utility is part of the <ulink url="http://www.samba.org/">Samba</ulink> suite, which is developed by the global <ulink url="http://www.samba.org/samba/team/">Samba Team</ulink>.</para>
+	
+	<para>This manpage and regtree were written by Jelmer Vernooij. </para>
+	
+</refsect1>
+
+</refentry>
diff --git a/source4/lib/registry/patchfile.c b/source4/lib/registry/patchfile.c
new file mode 100644
index 0000000..8069ed7
--- /dev/null
+++ b/source4/lib/registry/patchfile.c
@@ -0,0 +1,543 @@
+/*
+   Unix SMB/CIFS implementation.
+   Reading registry patch files
+
+   Copyright (C) Jelmer Vernooij 2004-2007
+   Copyright (C) Wilco Baan Hofman 2006
+   Copyright (C) Matthias Dieter Wallnöfer 2008-2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/registry/registry.h"
+#include "system/filesys.h"
+
+
+_PUBLIC_ WERROR reg_preg_diff_load(int fd,
+				   const struct reg_diff_callbacks *callbacks,
+				   void *callback_data);
+
+_PUBLIC_ WERROR reg_dotreg_diff_load(int fd,
+				     const struct reg_diff_callbacks *callbacks,
+				     void *callback_data);
+
+/*
+ * Generate difference between two keys
+ */
+WERROR reg_generate_diff_key(struct registry_key *oldkey,
+			     struct registry_key *newkey,
+			     const char *path,
+			     const struct reg_diff_callbacks *callbacks,
+			     void *callback_data)
+{
+	unsigned int i;
+	struct registry_key *t1 = NULL, *t2 = NULL;
+	char *tmppath;
+	const char *keyname1;
+	WERROR error, error1, error2;
+	TALLOC_CTX *mem_ctx = talloc_init("writediff");
+	uint32_t old_num_subkeys, old_num_values,
+			 new_num_subkeys, new_num_values;
+
+	if (oldkey != NULL) {
+		error = reg_key_get_info(mem_ctx, oldkey, NULL,
+					 &old_num_subkeys, &old_num_values,
+					 NULL, NULL, NULL, NULL);
+		if (!W_ERROR_IS_OK(error)) {
+			DEBUG(0, ("Error occurred while getting key info: %s\n",
+				win_errstr(error)));
+			talloc_free(mem_ctx);
+			return error;
+		}
+	} else {
+		old_num_subkeys = 0;
+		old_num_values = 0;
+	}
+
+	/* Subkeys that were changed or deleted */
+	for (i = 0; i < old_num_subkeys; i++) {
+		error1 = reg_key_get_subkey_by_index(mem_ctx, oldkey, i,
+						     &keyname1, NULL, NULL);
+		if (!W_ERROR_IS_OK(error1)) {
+			DEBUG(0, ("Error occurred while getting subkey by index: %s\n",
+				win_errstr(error1)));
+			continue;
+		}
+
+		if (newkey != NULL) {
+			error2 = reg_open_key(mem_ctx, newkey, keyname1, &t2);
+		} else {
+			error2 = WERR_FILE_NOT_FOUND;
+			t2 = NULL;
+		}
+
+		if (!W_ERROR_IS_OK(error2) && !W_ERROR_EQUAL(error2, WERR_FILE_NOT_FOUND)) {
+			DEBUG(0, ("Error occurred while getting subkey by name: %s\n",
+				win_errstr(error2)));
+			talloc_free(mem_ctx);
+			return error2;
+		}
+
+		/* if "error2" is going to be "WERR_FILE_NOT_FOUND", then newkey */
+		/* didn't have such a subkey and therefore add a del diff */
+		tmppath = talloc_asprintf(mem_ctx, "%s\\%s", path, keyname1);
+		if (tmppath == NULL) {
+			DEBUG(0, ("Out of memory\n"));
+			talloc_free(mem_ctx);
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+		if (!W_ERROR_IS_OK(error2))
+			callbacks->del_key(callback_data, tmppath);
+
+		/* perform here also the recursive invocation */
+		error1 = reg_open_key(mem_ctx, oldkey, keyname1, &t1);
+		if (!W_ERROR_IS_OK(error1)) {
+			DEBUG(0, ("Error occurred while getting subkey by name: %s\n",
+			win_errstr(error1)));
+			talloc_free(mem_ctx);
+			return error1;
+		}
+		reg_generate_diff_key(t1, t2, tmppath, callbacks, callback_data);
+
+		talloc_free(tmppath);
+	}
+
+	if (newkey != NULL) {
+		error = reg_key_get_info(mem_ctx, newkey, NULL,
+					 &new_num_subkeys, &new_num_values,
+					 NULL, NULL, NULL, NULL);
+		if (!W_ERROR_IS_OK(error)) {
+			DEBUG(0, ("Error occurred while getting key info: %s\n",
+				win_errstr(error)));
+			talloc_free(mem_ctx);
+			return error;
+		}
+	} else {
+		new_num_subkeys = 0;
+		new_num_values = 0;
+	}
+
+	/* Subkeys that were added */
+	for(i = 0; i < new_num_subkeys; i++) {
+		error1 = reg_key_get_subkey_by_index(mem_ctx, newkey, i,
+						     &keyname1, NULL, NULL);
+		if (!W_ERROR_IS_OK(error1)) {
+			DEBUG(0, ("Error occurred while getting subkey by index: %s\n",
+				win_errstr(error1)));
+			talloc_free(mem_ctx);
+			return error1;
+		}
+
+		if (oldkey != NULL) {
+			error2 = reg_open_key(mem_ctx, oldkey, keyname1, &t1);
+
+			if (W_ERROR_IS_OK(error2))
+				continue;
+		} else {
+			error2 = WERR_FILE_NOT_FOUND;
+			t1 = NULL;
+		}
+
+		if (!W_ERROR_EQUAL(error2, WERR_FILE_NOT_FOUND)) {
+			DEBUG(0, ("Error occurred while getting subkey by name: %s\n",
+				win_errstr(error2)));
+			talloc_free(mem_ctx);
+			return error2;
+		}
+
+		/* oldkey didn't have such a subkey, add a add diff */
+		tmppath = talloc_asprintf(mem_ctx, "%s\\%s", path, keyname1);
+		if (tmppath == NULL) {
+			DEBUG(0, ("Out of memory\n"));
+			talloc_free(mem_ctx);
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+		callbacks->add_key(callback_data, tmppath);
+
+		/* perform here also the recursive invocation */
+		error1 = reg_open_key(mem_ctx, newkey, keyname1, &t2);
+		if (!W_ERROR_IS_OK(error1)) {
+			DEBUG(0, ("Error occurred while getting subkey by name: %s\n",
+			win_errstr(error1)));
+			talloc_free(mem_ctx);
+			return error1;
+		}
+		reg_generate_diff_key(t1, t2, tmppath, callbacks, callback_data);
+
+		talloc_free(tmppath);
+	}
+
+	/* Values that were added or changed */
+	for(i = 0; i < new_num_values; i++) {
+		const char *name;
+		uint32_t type1, type2;
+		DATA_BLOB contents1 = { NULL, 0 }, contents2 = { NULL, 0 };
+
+		error1 = reg_key_get_value_by_index(mem_ctx, newkey, i,
+						    &name, &type1, &contents1);
+		if (!W_ERROR_IS_OK(error1)) {
+			DEBUG(0, ("Unable to get value by index: %s\n",
+				win_errstr(error1)));
+			talloc_free(mem_ctx);
+			return error1;
+		}
+
+		if (oldkey != NULL) {
+			error2 = reg_key_get_value_by_name(mem_ctx, oldkey,
+							   name, &type2,
+							   &contents2);
+		} else
+			error2 = WERR_FILE_NOT_FOUND;
+
+		if (!W_ERROR_IS_OK(error2)
+			&& !W_ERROR_EQUAL(error2, WERR_FILE_NOT_FOUND)) {
+			DEBUG(0, ("Error occurred while getting value by name: %s\n",
+				win_errstr(error2)));
+			talloc_free(mem_ctx);
+			return error2;
+		}
+
+		if (W_ERROR_IS_OK(error2)
+		    && (data_blob_cmp(&contents1, &contents2) == 0)
+		    && (type1 == type2)) {
+			talloc_free(discard_const_p(char, name));
+			talloc_free(contents1.data);
+			talloc_free(contents2.data);
+			continue;
+		}
+
+		callbacks->set_value(callback_data, path, name,
+				     type1, contents1);
+
+		talloc_free(discard_const_p(char, name));
+		talloc_free(contents1.data);
+		talloc_free(contents2.data);
+	}
+
+	/* Values that were deleted */
+	for (i = 0; i < old_num_values; i++) {
+		const char *name;
+		uint32_t type;
+		DATA_BLOB contents = { NULL, 0 };
+
+		error1 = reg_key_get_value_by_index(mem_ctx, oldkey, i, &name,
+						    &type, &contents);
+		if (!W_ERROR_IS_OK(error1)) {
+			DEBUG(0, ("Unable to get value by index: %s\n",
+				win_errstr(error1)));
+			talloc_free(mem_ctx);
+			return error1;
+		}
+
+		if (newkey != NULL)
+			error2 = reg_key_get_value_by_name(mem_ctx, newkey,
+				 name, &type, &contents);
+		else
+			error2 = WERR_FILE_NOT_FOUND;
+
+		if (W_ERROR_IS_OK(error2)) {
+			talloc_free(discard_const_p(char, name));
+			talloc_free(contents.data);
+			continue;
+		}
+
+		if (!W_ERROR_EQUAL(error2, WERR_FILE_NOT_FOUND)) {
+			DEBUG(0, ("Error occurred while getting value by name: %s\n",
+				win_errstr(error2)));
+			talloc_free(mem_ctx);
+			return error2;
+		}
+
+		callbacks->del_value(callback_data, path, name);
+
+		talloc_free(discard_const_p(char, name));
+		talloc_free(contents.data);
+	}
+
+	talloc_free(mem_ctx);
+	return WERR_OK;
+}
+
+/**
+ * Generate diff between two registry contexts
+ */
+_PUBLIC_ WERROR reg_generate_diff(struct registry_context *ctx1,
+				  struct registry_context *ctx2,
+				  const struct reg_diff_callbacks *callbacks,
+				  void *callback_data)
+{
+	unsigned int i;
+	WERROR error;
+
+	for (i = 0; reg_predefined_keys[i].name; i++) {
+		struct registry_key *r1 = NULL, *r2 = NULL;
+
+		error = reg_get_predefined_key(ctx1,
+			reg_predefined_keys[i].handle, &r1);
+		if (!W_ERROR_IS_OK(error) &&
+		    !W_ERROR_EQUAL(error, WERR_FILE_NOT_FOUND)) {
+			DEBUG(0, ("Unable to open hive %s for backend 1\n",
+				reg_predefined_keys[i].name));
+			continue;
+		}
+
+		error = reg_get_predefined_key(ctx2,
+			reg_predefined_keys[i].handle, &r2);
+		if (!W_ERROR_IS_OK(error) &&
+		    !W_ERROR_EQUAL(error, WERR_FILE_NOT_FOUND)) {
+			DEBUG(0, ("Unable to open hive %s for backend 2\n",
+				reg_predefined_keys[i].name));
+			continue;
+		}
+
+		/* if "r1" is NULL (old hive) and "r2" isn't (new hive) then
+		 * the hive doesn't exist yet and we have to generate an add
+		 * diff */
+		if ((r1 == NULL) && (r2 != NULL)) {
+			callbacks->add_key(callback_data,
+					   reg_predefined_keys[i].name);
+		}
+		/* if "r1" isn't NULL (old hive) and "r2" is (new hive) then
+		 * the hive shouldn't exist anymore and we have to generate a
+		 * del diff */
+		if ((r1 != NULL) && (r2 == NULL)) {
+			callbacks->del_key(callback_data,
+					   reg_predefined_keys[i].name);
+		}
+
+		error = reg_generate_diff_key(r1, r2,
+			reg_predefined_keys[i].name, callbacks,
+			callback_data);
+		if (!W_ERROR_IS_OK(error)) {
+			DEBUG(0, ("Unable to determine diff: %s\n",
+				win_errstr(error)));
+			return error;
+		}
+	}
+	if (callbacks->done != NULL) {
+		callbacks->done(callback_data);
+	}
+	return WERR_OK;
+}
+
+/**
+ * Load diff file
+ */
+_PUBLIC_ WERROR reg_diff_load(const char *filename,
+			      const struct reg_diff_callbacks *callbacks,
+			      void *callback_data)
+{
+	int fd;
+	char hdr[4];
+
+	fd = open(filename, O_RDONLY, 0);
+	if (fd == -1) {
+		DEBUG(0, ("Error opening registry patch file `%s'\n",
+			filename));
+		return WERR_GEN_FAILURE;
+	}
+
+	if (read(fd, &hdr, 4) != 4) {
+		DEBUG(0, ("Error reading registry patch file `%s'\n",
+			filename));
+		close(fd);
+		return WERR_GEN_FAILURE;
+	}
+
+	/* Reset position in file */
+	lseek(fd, 0, SEEK_SET);
+#if 0 /* These backends are not supported yet. */
+	if (strncmp(hdr, "CREG", 4) == 0) {
+		/* Must be a W9x CREG Config.pol file */
+		return reg_creg_diff_load(diff, fd);
+	} else if (strncmp(hdr, "regf", 4) == 0) {
+		/* Must be a REGF NTConfig.pol file */
+		return reg_regf_diff_load(diff, fd);
+	} else
+#endif
+	if (strncmp(hdr, "PReg", 4) == 0) {
+		/* Must be a GPO Registry.pol file */
+		return reg_preg_diff_load(fd, callbacks, callback_data);
+	} else {
+		/* Must be a normal .REG file */
+		return reg_dotreg_diff_load(fd, callbacks, callback_data);
+	}
+}
+
+/**
+ * The reg_diff_apply functions
+ */
+static WERROR reg_diff_apply_add_key(void *_ctx, const char *key_name)
+{
+	struct registry_context *ctx = (struct registry_context *)_ctx;
+	struct registry_key *tmp;
+	char *buf, *buf_ptr;
+	WERROR error;
+
+	/* Recursively create the path */
+	buf = talloc_strdup(ctx, key_name);
+	W_ERROR_HAVE_NO_MEMORY(buf);
+	buf_ptr = buf;
+
+	while (*buf_ptr++ != '\0' ) {
+		if (*buf_ptr == '\\') {
+			*buf_ptr = '\0';
+			error = reg_key_add_abs(ctx, ctx, buf, 0, NULL, &tmp);
+
+			if (!W_ERROR_EQUAL(error, WERR_ALREADY_EXISTS) &&
+				    !W_ERROR_IS_OK(error)) {
+				DEBUG(0, ("Error adding new key '%s': %s\n",
+					key_name, win_errstr(error)));
+				return error;
+			}
+			*buf_ptr++ = '\\';
+			talloc_free(tmp);
+		}
+	}
+
+	talloc_free(buf);
+
+	/* Add the key */
+	error = reg_key_add_abs(ctx, ctx, key_name, 0, NULL, &tmp);
+
+	if (!W_ERROR_EQUAL(error, WERR_ALREADY_EXISTS) &&
+		    !W_ERROR_IS_OK(error)) {
+		DEBUG(0, ("Error adding new key '%s': %s\n",
+			key_name, win_errstr(error)));
+		return error;
+	}
+	talloc_free(tmp);
+
+	return WERR_OK;
+}
+
+static WERROR reg_diff_apply_del_key(void *_ctx, const char *key_name)
+{
+	struct registry_context *ctx = (struct registry_context *)_ctx;
+
+	/* We can't proof here for success, because a common superkey could */
+	/* have been deleted before the subkey's (diff order). This removed */
+	/* therefore all children recursively and the "WERR_FILE_NOT_FOUND" result is */
+	/* expected. */
+
+	reg_key_del_abs(ctx, key_name);
+
+	return WERR_OK;
+}
+
+static WERROR reg_diff_apply_set_value(void *_ctx, const char *path,
+				       const char *value_name,
+				       uint32_t value_type, DATA_BLOB value)
+{
+	struct registry_context *ctx = (struct registry_context *)_ctx;
+	struct registry_key *tmp;
+	WERROR error;
+
+	/* Open key */
+	error = reg_open_key_abs(ctx, ctx, path, &tmp);
+
+	if (W_ERROR_EQUAL(error, WERR_FILE_NOT_FOUND)) {
+		DEBUG(0, ("Error opening key '%s'\n", path));
+		return error;
+	}
+
+	/* Set value */
+	error = reg_val_set(tmp, value_name,
+				 value_type, value);
+	if (!W_ERROR_IS_OK(error)) {
+		DEBUG(0, ("Error setting value '%s'\n", value_name));
+		return error;
+	}
+
+	talloc_free(tmp);
+
+	return WERR_OK;
+}
+
+static WERROR reg_diff_apply_del_value(void *_ctx, const char *key_name,
+				       const char *value_name)
+{
+	struct registry_context *ctx = (struct registry_context *)_ctx;
+	struct registry_key *tmp;
+	WERROR error;
+
+	/* Open key */
+	error = reg_open_key_abs(ctx, ctx, key_name, &tmp);
+
+	if (!W_ERROR_IS_OK(error)) {
+		DEBUG(0, ("Error opening key '%s'\n", key_name));
+		return error;
+	}
+
+	error = reg_del_value(ctx, tmp, value_name);
+	if (!W_ERROR_IS_OK(error)) {
+		DEBUG(0, ("Error deleting value '%s'\n", value_name));
+		return error;
+	}
+
+	talloc_free(tmp);
+
+	return WERR_OK;
+}
+
+static WERROR reg_diff_apply_del_all_values(void *_ctx, const char *key_name)
+{
+	struct registry_context *ctx = (struct registry_context *)_ctx;
+	struct registry_key *key;
+	WERROR error;
+	const char *value_name;
+
+	error = reg_open_key_abs(ctx, ctx, key_name, &key);
+
+	if (!W_ERROR_IS_OK(error)) {
+		DEBUG(0, ("Error opening key '%s'\n", key_name));
+		return error;
+	}
+
+	W_ERROR_NOT_OK_RETURN(reg_key_get_info(ctx, key, NULL,
+			       NULL, NULL, NULL, NULL, NULL, NULL));
+
+	while (W_ERROR_IS_OK(reg_key_get_value_by_index(
+			ctx, key, 0, &value_name, NULL, NULL))) {
+		error = reg_del_value(ctx, key, value_name);
+		if (!W_ERROR_IS_OK(error)) {
+			DEBUG(0, ("Error deleting value '%s'\n", value_name));
+			return error;
+		}
+		talloc_free(discard_const_p(char, value_name));
+	}
+
+	talloc_free(key);
+
+	return WERR_OK;
+}
+
+/**
+ * Apply diff to a registry context
+ */
+_PUBLIC_ WERROR reg_diff_apply(struct registry_context *ctx, 
+							   const char *filename)
+{
+	struct reg_diff_callbacks callbacks;
+
+	callbacks.add_key = reg_diff_apply_add_key;
+	callbacks.del_key = reg_diff_apply_del_key;
+	callbacks.set_value = reg_diff_apply_set_value;
+	callbacks.del_value = reg_diff_apply_del_value;
+	callbacks.del_all_values = reg_diff_apply_del_all_values;
+	callbacks.done = NULL;
+
+	return reg_diff_load(filename, &callbacks, ctx);
+}
diff --git a/source4/lib/registry/patchfile_dotreg.c b/source4/lib/registry/patchfile_dotreg.c
new file mode 100644
index 0000000..5fb342b
--- /dev/null
+++ b/source4/lib/registry/patchfile_dotreg.c
@@ -0,0 +1,435 @@
+/*
+   Unix SMB/CIFS implementation.
+   Reading .REG files
+
+   Copyright (C) Jelmer Vernooij 2004-2007
+   Copyright (C) Wilco Baan Hofman 2006-2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+/* FIXME:
+ * - Newer .REG files, created by Windows XP and above use unicode UCS-2
+ * - @="" constructions should write value with empty name.
+*/
+
+#include "includes.h"
+#include "lib/registry/registry.h"
+#include "system/filesys.h"
+
+/**
+ * @file
+ * @brief Registry patch files
+ */
+
+#define HEADER_STRING "REGEDIT4"
+
+struct dotreg_data {
+	int fd;
+};
+
+/* 
+ * This is basically a copy of data_blob_hex_string_upper, but with comma's 
+ * between the bytes in hex.
+ */
+static char *dotreg_data_blob_hex_string(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob)
+{
+	size_t i;
+	char *hex_string;
+
+	hex_string = talloc_array(mem_ctx, char, (blob->length*3)+1);
+	if (!hex_string) {
+		return NULL;
+	}
+
+	for (i = 0; i < blob->length; i++)
+		slprintf(&hex_string[i*3], 4, "%02X,", blob->data[i]);
+
+	/* Remove last comma and NULL-terminate the string */
+	hex_string[(blob->length*3)-1] = '\0';
+	return hex_string;
+}
+
+/* 
+ * This is basically a copy of reg_val_data_string, except that this function
+ * has no 0x for dwords, everything else is regarded as binary, and binary 
+ * strings are represented with bytes comma-separated.
+ */
+static char *reg_val_dotreg_string(TALLOC_CTX *mem_ctx, uint32_t type,
+				   const DATA_BLOB data)
+{
+	size_t converted_size = 0;
+	char *ret = NULL;
+
+	if (data.length == 0)
+		return talloc_strdup(mem_ctx, "");
+
+	switch (type) {
+		case REG_EXPAND_SZ:
+		case REG_SZ:
+			convert_string_talloc(mem_ctx,
+					      CH_UTF16, CH_UNIX, data.data, data.length,
+					      (void **)&ret, &converted_size);
+			break;
+		case REG_DWORD:
+		case REG_DWORD_BIG_ENDIAN:
+			SMB_ASSERT(data.length == sizeof(uint32_t));
+			ret = talloc_asprintf(mem_ctx, "%08x",
+					      IVAL(data.data, 0));
+			break;
+		default: /* default means treat as binary */
+		case REG_BINARY:
+			ret = dotreg_data_blob_hex_string(mem_ctx, &data);
+			break;
+	}
+
+	return ret;
+}
+
+static WERROR reg_dotreg_diff_add_key(void *_data, const char *key_name)
+{
+	struct dotreg_data *data = (struct dotreg_data *)_data;
+
+	fdprintf(data->fd, "\n[%s]\n", key_name);
+
+	return WERR_OK;
+}
+
+static WERROR reg_dotreg_diff_del_key(void *_data, const char *key_name)
+{
+	struct dotreg_data *data = (struct dotreg_data *)_data;
+
+	fdprintf(data->fd, "\n[-%s]\n", key_name);
+
+	return WERR_OK;
+}
+
+static WERROR reg_dotreg_diff_set_value(void *_data, const char *path,
+					const char *value_name,
+					uint32_t value_type, DATA_BLOB value)
+{
+	struct dotreg_data *data = (struct dotreg_data *)_data;
+	char *data_string = reg_val_dotreg_string(NULL, 
+						value_type, value);
+	char *data_incl_type;
+
+	W_ERROR_HAVE_NO_MEMORY(data_string);
+
+	switch (value_type) {
+		case REG_SZ:
+			data_incl_type = talloc_asprintf(data_string, "\"%s\"", 
+					data_string);
+			break;
+		case REG_DWORD:
+			data_incl_type = talloc_asprintf(data_string, 
+					"dword:%s", data_string);
+			break;
+		case REG_BINARY:
+			data_incl_type = talloc_asprintf(data_string, "hex:%s",
+					data_string);
+			break;
+		default:
+			data_incl_type = talloc_asprintf(data_string, "hex(%x):%s", 
+					value_type, data_string);
+			break;
+	}
+
+	if (value_name[0] == '\0') {
+		fdprintf(data->fd, "@=%s\n", data_incl_type);
+	} else {
+		fdprintf(data->fd, "\"%s\"=%s\n",
+			 value_name, data_incl_type);
+	}
+
+	talloc_free(data_string);
+
+	return WERR_OK;
+}
+
+static WERROR reg_dotreg_diff_del_value(void *_data, const char *path,
+					const char *value_name)
+{
+	struct dotreg_data *data = (struct dotreg_data *)_data;
+
+	fdprintf(data->fd, "\"%s\"=-\n", value_name);
+
+	return WERR_OK;
+}
+
+static WERROR reg_dotreg_diff_done(void *_data)
+{
+	struct dotreg_data *data = (struct dotreg_data *)_data;
+
+	close(data->fd);
+	talloc_free(data);
+
+	return WERR_OK;
+}
+
+static WERROR reg_dotreg_diff_del_all_values(void *callback_data,
+					     const char *key_name)
+{
+	return WERR_NOT_SUPPORTED;
+}
+
+/**
+ * Save registry diff
+ */
+_PUBLIC_ WERROR reg_dotreg_diff_save(TALLOC_CTX *ctx, const char *filename,
+				     struct reg_diff_callbacks **callbacks,
+				     void **callback_data)
+{
+	struct dotreg_data *data;
+
+	data = talloc_zero(ctx, struct dotreg_data);
+	*callback_data = data;
+
+	if (filename) {
+		data->fd = open(filename, O_CREAT|O_WRONLY, 0755);
+		if (data->fd < 0) {
+			DEBUG(0, ("Unable to open %s\n", filename));
+			return WERR_FILE_NOT_FOUND;
+		}
+	} else {
+		data->fd = STDOUT_FILENO;
+	}
+
+	fdprintf(data->fd, "%s\n\n", HEADER_STRING);
+
+	*callbacks = talloc(ctx, struct reg_diff_callbacks);
+
+	(*callbacks)->add_key = reg_dotreg_diff_add_key;
+	(*callbacks)->del_key = reg_dotreg_diff_del_key;
+	(*callbacks)->set_value = reg_dotreg_diff_set_value;
+	(*callbacks)->del_value = reg_dotreg_diff_del_value;
+	(*callbacks)->del_all_values = reg_dotreg_diff_del_all_values;
+	(*callbacks)->done = reg_dotreg_diff_done;
+
+	return WERR_OK;
+}
+
+/**
+ * Load diff file
+ */
+_PUBLIC_ WERROR reg_dotreg_diff_load(int fd,
+				     const struct reg_diff_callbacks *callbacks,
+				     void *callback_data)
+{
+	char *line, *p, *q;
+	char *curkey = NULL;
+	TALLOC_CTX *mem_ctx = talloc_init("reg_dotreg_diff_load");
+	WERROR error;
+	uint32_t value_type;
+	DATA_BLOB data;
+	bool result;
+	char *type_str = NULL;
+	char *data_str = NULL;
+	char *value = NULL;
+	bool continue_next_line = 0;
+
+	line = afdgets(fd, mem_ctx, 0);
+	if (!line) {
+		DEBUG(0, ("Can't read from file.\n"));
+		talloc_free(mem_ctx);
+		close(fd);
+		return WERR_GEN_FAILURE;
+	}
+
+	while ((line = afdgets(fd, mem_ctx, 0))) {
+		/* Remove '\r' if it's a Windows text file */
+		if (strlen(line) && line[strlen(line)-1] == '\r') {
+			line[strlen(line)-1] = '\0';
+		}
+
+		/* Ignore comments and empty lines */
+		if (strlen(line) == 0 || line[0] == ';') {
+			talloc_free(line);
+
+			if (curkey) {
+				talloc_free(curkey);
+			}
+			curkey = NULL;
+			continue;
+		}
+
+		/* Start of key */
+		if (line[0] == '[') {
+			if (line[strlen(line)-1] != ']') {
+				DEBUG(0, ("Missing ']' on line: %s\n", line));
+				talloc_free(line);
+				continue;
+			}
+
+			/* Deleting key */
+			if (line[1] == '-') {
+				curkey = talloc_strndup(line, line+2, strlen(line)-3);
+				W_ERROR_HAVE_NO_MEMORY(curkey);
+
+				error = callbacks->del_key(callback_data,
+							   curkey);
+
+				if (!W_ERROR_IS_OK(error)) {
+					DEBUG(0,("Error deleting key %s\n",
+						curkey));
+					talloc_free(mem_ctx);
+					return error;
+				}
+
+				talloc_free(line);
+				curkey = NULL;
+				continue;
+			}
+			curkey = talloc_strndup(mem_ctx, line+1, strlen(line)-2);
+			W_ERROR_HAVE_NO_MEMORY(curkey);
+
+			error = callbacks->add_key(callback_data, curkey);
+			if (!W_ERROR_IS_OK(error)) {
+				DEBUG(0,("Error adding key %s\n", curkey));
+				talloc_free(mem_ctx);
+				return error;
+			}
+
+			talloc_free(line);
+			continue;
+		}
+
+		/* Deleting/Changing value */
+		if (continue_next_line) {
+			continue_next_line = 0;
+
+			/* Continued data start with two whitespaces */
+			if (line[0] != ' ' || line[1] != ' ') {
+				DEBUG(0, ("Malformed line: %s\n", line));
+				talloc_free(line);
+				continue;
+			}
+			p = line + 2;
+
+			/* Continue again if line ends with a backslash */
+			if (line[strlen(line)-1] == '\\') {
+				line[strlen(line)-1] = '\0';
+				continue_next_line = 1;
+				data_str = talloc_strdup_append(data_str, p);
+				talloc_free(line);
+				continue;
+			}
+			data_str = talloc_strdup_append(data_str, p);
+		} else {
+			p = strchr_m(line, '=');
+			if (p == NULL) {
+				DEBUG(0, ("Malformed line: %s\n", line));
+				talloc_free(line);
+				continue;
+			}
+
+			*p = '\0'; p++;
+
+
+			if (curkey == NULL) {
+				DEBUG(0, ("Value change without key\n"));
+				talloc_free(line);
+				continue;
+			}
+
+			/* Values should be double-quoted */
+			if (line[0] != '"') {
+				DEBUG(0, ("Malformed line\n"));
+				talloc_free(line);
+				continue;
+			}
+
+			/* Chop of the quotes and store as value */
+			value = talloc_strndup(mem_ctx, line+1,strlen(line)-2);
+
+			/* Delete value */
+			if (p[0] == '-') {
+				error = callbacks->del_value(callback_data,
+						     curkey, value);
+
+				/* Ignore if key does not exist (WERR_FILE_NOT_FOUND)
+				 * Consistent with Windows behaviour */
+				if (!W_ERROR_IS_OK(error) &&
+				    !W_ERROR_EQUAL(error, WERR_FILE_NOT_FOUND)) {
+					DEBUG(0, ("Error deleting value %s in key %s\n",
+						value, curkey));
+					talloc_free(mem_ctx);
+					return error;
+				}
+
+				talloc_free(line);
+				talloc_free(value);
+				continue;
+			}
+
+			/* Do not look for colons in strings */
+			if (p[0] == '"') {
+				q = NULL;
+				data_str = talloc_strndup(mem_ctx, p+1,strlen(p)-2);
+			} else {
+				/* Split the value type from the data */
+				q = strchr_m(p, ':');
+				if (q) {
+					*q = '\0';
+					q++;
+					type_str = talloc_strdup(mem_ctx, p);
+					data_str = talloc_strdup(mem_ctx, q);
+				} else {
+					data_str = talloc_strdup(mem_ctx, p);
+				}
+			}
+
+			/* Backslash before the CRLF means continue on next line */
+			if (data_str[strlen(data_str)-1] == '\\') {
+				data_str[strlen(data_str)-1] = '\0';
+				talloc_free(line);
+				continue_next_line = 1;
+				continue;
+			}
+		}
+		DEBUG(9, ("About to write %s with type %s, length %ld: %s\n", value, type_str, (long) strlen(data_str), data_str));
+		result = reg_string_to_val(value,
+				  type_str?type_str:"REG_SZ", data_str,
+				  &value_type, &data);
+		if (!result) {
+			DEBUG(0, ("Error converting string to value for line:\n%s\n",
+					line));
+			return WERR_GEN_FAILURE;
+		}
+
+		error = callbacks->set_value(callback_data, curkey, value,
+					     value_type, data);
+		if (!W_ERROR_IS_OK(error)) {
+			DEBUG(0, ("Error setting value for %s in %s\n",
+				value, curkey));
+			talloc_free(mem_ctx);
+			return error;
+		}
+
+		/* Clean up buffers */
+		if (type_str != NULL) {
+			talloc_free(type_str);
+			type_str = NULL;
+		}
+		talloc_free(data_str);
+		talloc_free(value);
+		talloc_free(line);
+	}
+
+	close(fd);
+
+	talloc_free(mem_ctx);
+
+	return WERR_OK;
+}
diff --git a/source4/lib/registry/patchfile_preg.c b/source4/lib/registry/patchfile_preg.c
new file mode 100644
index 0000000..50bd141
--- /dev/null
+++ b/source4/lib/registry/patchfile_preg.c
@@ -0,0 +1,387 @@
+/*
+   Unix SMB/CIFS implementation.
+   Reading Registry.pol PReg registry files
+
+   Copyright (C) Wilco Baan Hofman 2006-2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "lib/registry/registry.h"
+#include "system/filesys.h"
+#include "librpc/gen_ndr/winreg.h"
+#include "lib/util/sys_rw.h"
+
+#undef strcasecmp
+#undef strncasecmp
+
+struct preg_data {
+	int fd;
+	TALLOC_CTX *ctx;
+};
+
+static WERROR preg_read_utf16(int fd, char *c)
+{
+	uint16_t v;
+
+	if (read(fd, &v, sizeof(uint16_t)) < sizeof(uint16_t)) {
+		return WERR_GEN_FAILURE;
+	}
+	push_codepoint(c, v);
+	return WERR_OK;
+}
+static WERROR preg_write_utf16(int fd, const char *string)
+{
+	uint16_t v;
+	size_t i, size;
+
+	for (i = 0; i < strlen(string); i+=size) {
+		v = next_codepoint(&string[i], &size);
+		if (write(fd, &v, sizeof(uint16_t)) < sizeof(uint16_t)) {
+			return WERR_GEN_FAILURE;
+		}
+	}
+	return WERR_OK;
+}
+/* PReg does not support adding keys. */
+static WERROR reg_preg_diff_add_key(void *_data, const char *key_name)
+{
+	return WERR_OK;
+}
+
+static WERROR reg_preg_diff_set_value(void *_data, const char *key_name,
+				      const char *value_name,
+				      uint32_t value_type, DATA_BLOB value_data)
+{
+	struct preg_data *data = (struct preg_data *)_data;
+	uint32_t buf;
+	
+	preg_write_utf16(data->fd, "[");
+	preg_write_utf16(data->fd, key_name);
+	preg_write_utf16(data->fd, ";");
+	preg_write_utf16(data->fd, value_name);
+	preg_write_utf16(data->fd, ";");
+	SIVAL(&buf, 0, value_type);
+	sys_write_v(data->fd, &buf, sizeof(uint32_t));
+	preg_write_utf16(data->fd, ";");
+	SIVAL(&buf, 0, value_data.length);
+	sys_write_v(data->fd, &buf, sizeof(uint32_t));
+	preg_write_utf16(data->fd, ";");
+	sys_write_v(data->fd, value_data.data, value_data.length);
+	preg_write_utf16(data->fd, "]");
+	
+	return WERR_OK;
+}
+
+static WERROR reg_preg_diff_del_key(void *_data, const char *key_name)
+{
+	struct preg_data *data = (struct preg_data *)_data;
+	char *parent_name;
+	DATA_BLOB blob;
+	WERROR werr;
+
+	parent_name = talloc_strndup(data->ctx, key_name,
+				     strrchr(key_name, '\\')-key_name);
+	W_ERROR_HAVE_NO_MEMORY(parent_name);
+	blob.data = (uint8_t*)talloc_strndup(data->ctx,
+					     key_name+(strrchr(key_name, '\\')-key_name)+1,
+					     strlen(key_name)-(strrchr(key_name, '\\')-key_name));
+	W_ERROR_HAVE_NO_MEMORY(blob.data);
+	blob.length = strlen((char *)blob.data)+1;
+	
+
+	/* FIXME: These values should be accumulated to be written at done(). */
+	werr = reg_preg_diff_set_value(data, parent_name, "**DeleteKeys",
+				       REG_SZ, blob);
+
+	talloc_free(parent_name);
+	talloc_free(blob.data);
+
+	return werr;
+}
+
+static WERROR reg_preg_diff_del_value(void *_data, const char *key_name,
+				      const char *value_name)
+{
+	struct preg_data *data = (struct preg_data *)_data;
+	char *val;
+	DATA_BLOB blob;
+	WERROR werr;
+
+	val = talloc_asprintf(data->ctx, "**Del.%s", value_name);
+	W_ERROR_HAVE_NO_MEMORY(val);
+	blob.data = (uint8_t *)talloc(data->ctx, uint32_t);
+	W_ERROR_HAVE_NO_MEMORY(blob.data);
+	SIVAL(blob.data, 0, 0);
+	blob.length = sizeof(uint32_t);
+
+	werr = reg_preg_diff_set_value(data, key_name, val, REG_DWORD, blob);
+
+	talloc_free(val);
+	talloc_free(blob.data);
+
+	return werr;
+}
+
+static WERROR reg_preg_diff_del_all_values(void *_data, const char *key_name)
+{
+	struct preg_data *data = (struct preg_data *)_data;
+	DATA_BLOB blob;
+	WERROR werr;
+
+	blob.data = (uint8_t *)talloc(data->ctx, uint32_t);
+	W_ERROR_HAVE_NO_MEMORY(blob.data);
+	SIVAL(blob.data, 0, 0);
+	blob.length = sizeof(uint32_t);
+
+	werr = reg_preg_diff_set_value(data, key_name, "**DelVals.", REG_DWORD,
+				       blob);
+
+	talloc_free(blob.data);
+
+	return werr;
+}
+
+static WERROR reg_preg_diff_done(void *_data)
+{
+	struct preg_data *data = (struct preg_data *)_data;
+	
+	close(data->fd);
+	talloc_free(data);
+	return WERR_OK;
+}
+
+/**
+ * Save registry diff
+ */
+_PUBLIC_ WERROR reg_preg_diff_save(TALLOC_CTX *ctx, const char *filename,
+				   struct reg_diff_callbacks **callbacks,
+				   void **callback_data)
+{
+	struct preg_data *data;
+	struct {
+		char hdr[4];
+		uint32_t version;
+	} preg_header;
+
+
+	data = talloc_zero(ctx, struct preg_data);
+	*callback_data = data;
+
+	if (filename) {
+		data->fd = open(filename, O_CREAT|O_WRONLY, 0755);
+		if (data->fd < 0) {
+			DEBUG(0, ("Unable to open %s\n", filename));
+			return WERR_FILE_NOT_FOUND;
+		}
+	} else {
+		data->fd = STDOUT_FILENO;
+	}
+
+	memcpy(preg_header.hdr, "PReg", sizeof(preg_header.hdr));
+	SIVAL(&preg_header.version, 0, 1);
+	sys_write_v(data->fd, (uint8_t *)&preg_header, sizeof(preg_header));
+
+	data->ctx = ctx;
+
+	*callbacks = talloc(ctx, struct reg_diff_callbacks);
+
+	(*callbacks)->add_key = reg_preg_diff_add_key;
+	(*callbacks)->del_key = reg_preg_diff_del_key;
+	(*callbacks)->set_value = reg_preg_diff_set_value;
+	(*callbacks)->del_value = reg_preg_diff_del_value;
+	(*callbacks)->del_all_values = reg_preg_diff_del_all_values;
+	(*callbacks)->done = reg_preg_diff_done;
+
+	return WERR_OK;
+}
+/**
+ * Load diff file
+ */
+_PUBLIC_ WERROR reg_preg_diff_load(int fd,
+				   const struct reg_diff_callbacks *callbacks,
+				   void *callback_data)
+{
+	struct {
+		char hdr[4];
+		uint32_t version;
+	} preg_header;
+	char *buf;
+	size_t buf_size = 1024;
+	char *buf_ptr;
+	TALLOC_CTX *mem_ctx = talloc_init("reg_preg_diff_load");
+	WERROR ret = WERR_OK;
+
+	buf = talloc_array(mem_ctx, char, buf_size);
+	buf_ptr = buf;
+
+	/* Read first 8 bytes (the header) */
+	if (read(fd, &preg_header, sizeof(preg_header)) != sizeof(preg_header)) {
+		DEBUG(0, ("Could not read PReg file: %s\n",
+				strerror(errno)));
+		ret = WERR_GEN_FAILURE;
+		goto cleanup;
+	}
+	preg_header.version = IVAL(&preg_header.version, 0);
+
+	if (strncmp(preg_header.hdr, "PReg", 4) != 0) {
+		DEBUG(0, ("This file is not a valid preg registry file\n"));
+		ret = WERR_GEN_FAILURE;
+		goto cleanup;
+	}
+	if (preg_header.version > 1) {
+		DEBUG(0, ("Warning: file format version is higher than expected.\n"));
+	}
+
+	/* Read the entries */
+	while(1) {
+		uint32_t value_type, length;
+		char *key = NULL;
+		char *value_name = NULL;
+		DATA_BLOB data = {NULL, 0};
+
+		if (!W_ERROR_IS_OK(preg_read_utf16(fd, buf_ptr))) {
+			break;
+		}
+		if (*buf_ptr != '[') {
+			DEBUG(0, ("Error in PReg file.\n"));
+			ret = WERR_GEN_FAILURE;
+			goto cleanup;
+		}
+
+		/* Get the path */
+		buf_ptr = buf;
+		while (W_ERROR_IS_OK(preg_read_utf16(fd, buf_ptr)) &&
+		       *buf_ptr != ';' && buf_ptr-buf < buf_size) {
+			buf_ptr++;
+		}
+		buf[buf_ptr-buf] = '\0';
+		key = talloc_strdup(mem_ctx, buf);
+
+		/* Get the name */
+		buf_ptr = buf;
+		while (W_ERROR_IS_OK(preg_read_utf16(fd, buf_ptr)) &&
+		       *buf_ptr != ';' && buf_ptr-buf < buf_size) {
+			buf_ptr++;
+		}
+		buf[buf_ptr-buf] = '\0';
+		value_name = talloc_strdup(mem_ctx, buf);
+
+		/* Get the type */
+		if (read(fd, &value_type, sizeof(uint32_t)) < sizeof(uint32_t)) {
+			DEBUG(0, ("Error while reading PReg\n"));
+			ret = WERR_GEN_FAILURE;
+			goto cleanup;
+		}
+		value_type = IVAL(&value_type, 0);
+
+		/* Read past delimiter */
+		buf_ptr = buf;
+		if (!(W_ERROR_IS_OK(preg_read_utf16(fd, buf_ptr)) &&
+		    *buf_ptr == ';') && buf_ptr-buf < buf_size) {
+			DEBUG(0, ("Error in PReg file.\n"));
+			ret = WERR_GEN_FAILURE;
+			goto cleanup;
+		}
+
+		/* Get data length */
+		if (read(fd, &length, sizeof(uint32_t)) < sizeof(uint32_t)) {
+			DEBUG(0, ("Error while reading PReg\n"));
+			ret = WERR_GEN_FAILURE;
+			goto cleanup;
+		}
+		length = IVAL(&length, 0);
+
+		/* Read past delimiter */
+		buf_ptr = buf;
+		if (!(W_ERROR_IS_OK(preg_read_utf16(fd, buf_ptr)) &&
+		    *buf_ptr == ';') && buf_ptr-buf < buf_size) {
+			DEBUG(0, ("Error in PReg file.\n"));
+			ret = WERR_GEN_FAILURE;
+			goto cleanup;
+		}
+
+		/* Get the data */
+		buf_ptr = buf;
+		if (length < buf_size &&
+		    read(fd, buf_ptr, length) != length) {
+			DEBUG(0, ("Error while reading PReg\n"));
+			ret = WERR_GEN_FAILURE;
+			goto cleanup;
+		}
+		data = data_blob_talloc(mem_ctx, buf, length);
+
+		/* Check if delimiter is in place (whine if it isn't) */
+		buf_ptr = buf;
+		if (!(W_ERROR_IS_OK(preg_read_utf16(fd, buf_ptr)) &&
+		    *buf_ptr == ']') && buf_ptr-buf < buf_size) {
+			DEBUG(0, ("Warning: Missing ']' in PReg file, expected ']', got '%c' 0x%x.\n",
+				*buf_ptr, *buf_ptr));
+		}
+
+		if (strcasecmp(value_name, "**DelVals") == 0) {
+			callbacks->del_all_values(callback_data, key);
+		} else if (strncasecmp(value_name, "**Del.",6) == 0) {
+			char *p = value_name+6;
+
+			callbacks->del_value(callback_data, key, p);
+		} else 	if (strcasecmp(value_name, "**DeleteValues") == 0) {
+			char *p, *q;
+
+			p = (char *) data.data;
+
+			while ((q = strchr_m(p, ';'))) {
+				*q = '\0';
+				q++;
+
+				callbacks->del_value(callback_data, key, p);
+
+				p = q;
+			}
+			callbacks->del_value(callback_data, key, p);
+		} else if (strcasecmp(value_name, "**DeleteKeys") == 0) {
+			char *p, *q, *full_key;
+
+			p = (char *) data.data;
+
+			while ((q = strchr_m(p, ';'))) {
+				*q = '\0';
+				q++;
+
+				full_key = talloc_asprintf(mem_ctx, "%s\\%s",
+							   key, p);
+				callbacks->del_key(callback_data, full_key);
+				talloc_free(full_key);
+
+				p = q;
+			}
+			full_key = talloc_asprintf(mem_ctx, "%s\\%s", key, p);
+			callbacks->del_key(callback_data, full_key);
+			talloc_free(full_key);
+		} else {
+			callbacks->add_key(callback_data, key);
+			callbacks->set_value(callback_data, key, value_name,
+					     value_type, data);
+		}
+		TALLOC_FREE(key);
+		TALLOC_FREE(value_name);
+		data_blob_free(&data);
+	}
+cleanup:
+	close(fd);
+	TALLOC_FREE(mem_ctx);
+	return ret;
+}
diff --git a/source4/lib/registry/pyregistry.c b/source4/lib/registry/pyregistry.c
new file mode 100644
index 0000000..de40d2a
--- /dev/null
+++ b/source4/lib/registry/pyregistry.c
@@ -0,0 +1,494 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2008
+   Copyright (C) Wilco Baan Hofman <wilco@baanhofman.nl> 2010
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "lib/replace/system/python.h"
+#include "python/py3compat.h"
+#include "includes.h"
+#include "python/modules.h"
+#include "libcli/util/pyerrors.h"
+#include "lib/registry/registry.h"
+#include <pytalloc.h>
+#include "lib/events/events.h"
+#include "auth/credentials/pycredentials.h"
+#include "param/pyparam.h"
+
+extern PyTypeObject PyRegistryKey;
+extern PyTypeObject PyRegistry;
+extern PyTypeObject PyHiveKey;
+
+/*#define PyRegistryKey_AsRegistryKey(obj) pytalloc_get_type(obj, struct registry_key)*/
+#define PyRegistry_AsRegistryContext(obj) ((struct registry_context *)pytalloc_get_ptr(obj))
+#define PyHiveKey_AsHiveKey(obj) ((struct hive_key*)pytalloc_get_ptr(obj))
+
+
+static PyObject *py_get_predefined_key_by_name(PyObject *self, PyObject *args)
+{
+	char *name;
+	WERROR result;
+	struct registry_context *ctx = PyRegistry_AsRegistryContext(self);
+	struct registry_key *key;
+
+	if (!PyArg_ParseTuple(args, "s", &name))
+		return NULL;
+
+	result = reg_get_predefined_key_by_name(ctx, name, &key);
+	PyErr_WERROR_NOT_OK_RAISE(result);
+
+	return pytalloc_steal(&PyRegistryKey, key);
+}
+
+static PyObject *py_key_del_abs(PyObject *self, PyObject *args)
+{
+	char *path;
+	WERROR result;
+	struct registry_context *ctx = PyRegistry_AsRegistryContext(self);
+
+	if (!PyArg_ParseTuple(args, "s", &path))
+		return NULL;
+
+	result = reg_key_del_abs(ctx, path);
+	PyErr_WERROR_NOT_OK_RAISE(result);
+
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_get_predefined_key(PyObject *self, PyObject *args)
+{
+	uint32_t hkey;
+	struct registry_context *ctx = PyRegistry_AsRegistryContext(self);
+	WERROR result;
+	struct registry_key *key;
+
+	if (!PyArg_ParseTuple(args, "I", &hkey))
+		return NULL;
+
+	result = reg_get_predefined_key(ctx, hkey, &key);
+	PyErr_WERROR_NOT_OK_RAISE(result);
+
+	return pytalloc_steal(&PyRegistryKey, key);
+}
+
+static PyObject *py_diff_apply(PyObject *self, PyObject *args)
+{
+	char *filename;
+	WERROR result;
+	struct registry_context *ctx = PyRegistry_AsRegistryContext(self);
+	if (!PyArg_ParseTuple(args, "s", &filename))
+		return NULL;
+
+	result = reg_diff_apply(ctx, filename);
+	PyErr_WERROR_NOT_OK_RAISE(result);
+
+	Py_RETURN_NONE; 
+}
+
+static PyObject *py_mount_hive(PyObject *self, PyObject *args)
+{
+	struct registry_context *ctx = PyRegistry_AsRegistryContext(self);
+	uint32_t hkey;
+	PyObject *py_hivekey, *py_elements = Py_None;
+	const char **elements;
+	WERROR result;
+
+	if (!PyArg_ParseTuple(args, "OI|O", &py_hivekey, &hkey, &py_elements))
+		return NULL;
+
+	if (!PyList_Check(py_elements) && py_elements != Py_None) {
+		PyErr_SetString(PyExc_TypeError, "Expected list of elements");
+		return NULL;
+	}
+
+	if (py_elements == Py_None) {
+		elements = NULL;
+	} else {
+		int i;
+		elements = talloc_array(NULL, const char *, PyList_Size(py_elements));
+		for (i = 0; i < PyList_Size(py_elements); i++)
+			elements[i] = PyUnicode_AsUTF8(PyList_GetItem(py_elements, i));
+	}
+
+	SMB_ASSERT(ctx != NULL);
+
+	result = reg_mount_hive(ctx, PyHiveKey_AsHiveKey(py_hivekey), hkey, elements);
+	PyErr_WERROR_NOT_OK_RAISE(result);
+
+	Py_RETURN_NONE;
+}
+
+static PyObject *registry_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
+{
+	WERROR result;
+	struct registry_context *ctx;
+	result = reg_open_local(NULL, &ctx);
+	PyErr_WERROR_NOT_OK_RAISE(result);
+	return pytalloc_steal(&PyRegistry, ctx);
+}
+
+static PyMethodDef registry_methods[] = {
+	{ "get_predefined_key_by_name", py_get_predefined_key_by_name, METH_VARARGS, 
+		"S.get_predefined_key_by_name(name) -> key\n"
+		"Find a predefined key by name" },
+	{ "key_del_abs", py_key_del_abs, METH_VARARGS, "S.key_del_abs(name) -> None\n"
+                "Delete a key by absolute path." },
+	{ "get_predefined_key", py_get_predefined_key, METH_VARARGS, "S.get_predefined_key(hkey_id) -> key\n"
+		"Find a predefined key by id" },
+	{ "diff_apply", py_diff_apply, METH_VARARGS, "S.diff_apply(filename) -> None\n"
+        	"Apply the diff from the specified file" },
+	{ "mount_hive", py_mount_hive, METH_VARARGS, "S.mount_hive(key, key_id, elements=None) -> None\n"
+		"Mount the specified key at the specified path." },
+	{0}
+};
+
+PyTypeObject PyRegistry = {
+	.tp_name = "Registry",
+	.tp_methods = registry_methods,
+	.tp_new = registry_new,
+	.tp_flags = Py_TPFLAGS_DEFAULT,
+};
+
+static PyObject *py_hive_key_del(PyObject *self, PyObject *args)
+{
+	char *name;
+	struct hive_key *key = PyHiveKey_AsHiveKey(self);
+	WERROR result;
+
+	if (!PyArg_ParseTuple(args, "s", &name))
+		return NULL;
+
+	result = hive_key_del(NULL, key, name);
+
+	PyErr_WERROR_NOT_OK_RAISE(result);
+
+	Py_RETURN_NONE; 
+}
+
+static PyObject *py_hive_key_flush(PyObject *self,
+		PyObject *Py_UNUSED(ignored))
+{
+	WERROR result;
+	struct hive_key *key = PyHiveKey_AsHiveKey(self);
+
+	result = hive_key_flush(key);
+	PyErr_WERROR_NOT_OK_RAISE(result);
+
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_hive_key_del_value(PyObject *self, PyObject *args)
+{
+	char *name;
+	WERROR result;
+	struct hive_key *key = PyHiveKey_AsHiveKey(self);
+
+	if (!PyArg_ParseTuple(args, "s", &name))
+		return NULL;
+
+	result = hive_key_del_value(NULL, key, name);
+
+	PyErr_WERROR_NOT_OK_RAISE(result);
+
+	Py_RETURN_NONE; 
+}
+
+static PyObject *py_hive_key_set_value(PyObject *self, PyObject *args)
+{
+	char *name;
+	uint32_t type;
+	DATA_BLOB value;
+	Py_ssize_t value_length = 0;
+	WERROR result;
+	struct hive_key *key = PyHiveKey_AsHiveKey(self);
+
+	if (!PyArg_ParseTuple(args, "sIz#", &name, &type, &value.data, &value_length)) {
+		return NULL;
+	}
+	value.length = value_length;
+
+	if (value.data != NULL)
+		result = hive_key_set_value(key, name, type, value);
+	else
+		result = hive_key_del_value(NULL, key, name);
+
+	PyErr_WERROR_NOT_OK_RAISE(result);
+
+	Py_RETURN_NONE; 
+}
+
+static PyMethodDef hive_key_methods[] = {
+	{ "del", py_hive_key_del, METH_VARARGS, "S.del(name) -> None\n"
+		"Delete a subkey" },
+	{ "flush", (PyCFunction)py_hive_key_flush, METH_NOARGS, "S.flush() -> None\n"
+                "Flush this key to disk" },
+	{ "del_value", py_hive_key_del_value, METH_VARARGS, "S.del_value(name) -> None\n"
+                 "Delete a value" },
+	{ "set_value", py_hive_key_set_value, METH_VARARGS, "S.set_value(name, type, data) -> None\n"
+                 "Set a value" },
+	{0}
+};
+
+static PyObject *hive_new(PyTypeObject *type, PyObject *args, PyObject *kwargs) {
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_open_hive(PyTypeObject *type, PyObject *args, PyObject *kwargs)
+{
+	const char *kwnames[] = { "location", "lp_ctx", "session_info", "credentials", NULL };
+	WERROR result;
+	struct loadparm_context *lp_ctx;
+	PyObject *py_lp_ctx = Py_None;
+	PyObject *py_session_info = Py_None;
+	PyObject *py_credentials = Py_None;
+	struct auth_session_info *session_info;
+	struct cli_credentials *credentials;
+	char *location;
+	struct hive_key *hive_key;
+	TALLOC_CTX *mem_ctx;
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|OOO",
+					 discard_const_p(char *, kwnames),
+	                                 &location,
+					 &py_lp_ctx, &py_session_info,
+					 &py_credentials))
+		return NULL;
+
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
+	if (lp_ctx == NULL) {
+		PyErr_SetString(PyExc_TypeError, "Expected loadparm context");
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	credentials = cli_credentials_from_py_object(py_credentials);
+	if (credentials == NULL) {
+		PyErr_SetString(PyExc_TypeError, "Expected credentials");
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+	session_info = NULL;
+
+	result = reg_open_hive(NULL, location, session_info, credentials,
+	                       samba_tevent_context_init(NULL),
+	                       lp_ctx, &hive_key);
+	talloc_free(mem_ctx);
+	PyErr_WERROR_NOT_OK_RAISE(result);
+
+	return pytalloc_steal(&PyHiveKey, hive_key);
+}
+
+PyTypeObject PyHiveKey = {
+	.tp_name = "HiveKey",
+	.tp_methods = hive_key_methods,
+	.tp_new = hive_new,
+	.tp_flags = Py_TPFLAGS_DEFAULT,
+};
+
+PyTypeObject PyRegistryKey = {
+	.tp_name = "RegistryKey",
+	.tp_flags = Py_TPFLAGS_DEFAULT,
+};
+
+static PyObject *py_open_samba(PyObject *self, PyObject *args, PyObject *kwargs)
+{
+	const char *kwnames[] = { "lp_ctx", "session_info", NULL };
+	struct registry_context *reg_ctx;
+	WERROR result;
+	struct loadparm_context *lp_ctx;
+	PyObject *py_lp_ctx = Py_None;
+	PyObject *py_session_info = Py_None;
+	PyObject *py_credentials = Py_None;
+	struct auth_session_info *session_info;
+	struct cli_credentials *credentials;
+	TALLOC_CTX *mem_ctx;
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|OOO",
+					 discard_const_p(char *, kwnames),
+					 &py_lp_ctx, &py_session_info,
+					 &py_credentials))
+		return NULL;
+
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
+	if (lp_ctx == NULL) {
+		PyErr_SetString(PyExc_TypeError, "Expected loadparm context");
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	credentials = cli_credentials_from_py_object(py_credentials);
+	if (credentials == NULL) {
+		PyErr_SetString(PyExc_TypeError, "Expected credentials");
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	session_info = NULL; /* FIXME */
+
+	result = reg_open_samba(NULL, &reg_ctx, NULL, 
+				lp_ctx, session_info, credentials);
+	talloc_free(mem_ctx);
+	if (!W_ERROR_IS_OK(result)) {
+		PyErr_SetWERROR(result);
+		return NULL;
+	}
+
+	return pytalloc_steal(&PyRegistry, reg_ctx);
+}
+
+static PyObject *py_open_ldb_file(PyObject *self, PyObject *args, PyObject *kwargs)
+{
+	const char *kwnames[] = { "location", "session_info", "credentials", "lp_ctx", NULL };
+	PyObject *py_session_info = Py_None, *py_credentials = Py_None, *py_lp_ctx = Py_None;
+	WERROR result;
+	char *location;
+	struct loadparm_context *lp_ctx;
+	struct cli_credentials *credentials;
+	struct hive_key *key;
+	struct auth_session_info *session_info;
+	TALLOC_CTX *mem_ctx;
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|OOO", 
+					 discard_const_p(char *, kwnames),
+					 &location, &py_session_info,
+					 &py_credentials, &py_lp_ctx))
+		return NULL;
+
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
+	if (lp_ctx == NULL) {
+		PyErr_SetString(PyExc_TypeError, "Expected loadparm context");
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	credentials = cli_credentials_from_py_object(py_credentials);
+	if (credentials == NULL) {
+		PyErr_SetString(PyExc_TypeError, "Expected credentials");
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	session_info = NULL; /* FIXME */
+
+	result = reg_open_ldb_file(NULL, location, session_info, credentials,
+				   s4_event_context_init(NULL), lp_ctx, &key);
+	talloc_free(mem_ctx);
+	PyErr_WERROR_NOT_OK_RAISE(result);
+
+	return pytalloc_steal(&PyHiveKey, key);
+}
+
+static PyObject *py_str_regtype(PyObject *self, PyObject *args)
+{
+	int regtype;
+
+	if (!PyArg_ParseTuple(args, "i", &regtype))
+		return NULL;
+	
+	return PyUnicode_FromString(str_regtype(regtype));
+}
+
+static PyObject *py_get_predef_name(PyObject *self, PyObject *args)
+{
+	uint32_t hkey;
+	const char *str;
+
+	if (!PyArg_ParseTuple(args, "I", &hkey))
+		return NULL;
+
+	str = reg_get_predef_name(hkey);
+	if (str == NULL)
+		Py_RETURN_NONE;
+	return PyUnicode_FromString(str);
+}
+
+static PyMethodDef py_registry_methods[] = {
+	{ "open_samba", PY_DISCARD_FUNC_SIG(PyCFunction, py_open_samba),
+		METH_VARARGS|METH_KEYWORDS, "open_samba() -> reg" },
+	{ "open_ldb", PY_DISCARD_FUNC_SIG(PyCFunction, py_open_ldb_file),
+		METH_VARARGS|METH_KEYWORDS, "open_ldb(location, session_info=None, credentials=None, loadparm_context=None) -> key" },
+	{ "open_hive", PY_DISCARD_FUNC_SIG(PyCFunction, py_open_hive),
+		METH_VARARGS|METH_KEYWORDS, "open_hive(location, session_info=None, credentials=None, loadparm_context=None) -> key" },
+	{ "str_regtype", py_str_regtype, METH_VARARGS, "str_regtype(int) -> str" },
+	{ "get_predef_name", py_get_predef_name, METH_VARARGS, "get_predef_name(hkey) -> str" },
+	{0}
+};
+
+static struct PyModuleDef moduledef = {
+    PyModuleDef_HEAD_INIT,
+    .m_name = "registry",
+    .m_doc = "Registry",
+    .m_size = -1,
+    .m_methods = py_registry_methods,
+};
+
+MODULE_INIT_FUNC(registry)
+{
+	PyObject *m;
+
+	if (pytalloc_BaseObject_PyType_Ready(&PyHiveKey) < 0)
+		return NULL;
+
+	if (pytalloc_BaseObject_PyType_Ready(&PyRegistry) < 0)
+		return NULL;
+
+	if (pytalloc_BaseObject_PyType_Ready(&PyRegistryKey) < 0)
+		return NULL;
+
+	m = PyModule_Create(&moduledef);
+	if (m == NULL)
+		return NULL;
+
+	PyModule_AddObject(m, "HKEY_CLASSES_ROOT", PyLong_FromLong(HKEY_CLASSES_ROOT));
+	PyModule_AddObject(m, "HKEY_CURRENT_USER", PyLong_FromLong(HKEY_CURRENT_USER));
+	PyModule_AddObject(m, "HKEY_LOCAL_MACHINE", PyLong_FromLong(HKEY_LOCAL_MACHINE));
+	PyModule_AddObject(m, "HKEY_USERS", PyLong_FromLong(HKEY_USERS));
+	PyModule_AddObject(m, "HKEY_PERFORMANCE_DATA", PyLong_FromLong(HKEY_PERFORMANCE_DATA));
+	PyModule_AddObject(m, "HKEY_CURRENT_CONFIG", PyLong_FromLong(HKEY_CURRENT_CONFIG));
+	PyModule_AddObject(m, "HKEY_DYN_DATA", PyLong_FromLong(HKEY_DYN_DATA));
+	PyModule_AddObject(m, "HKEY_PERFORMANCE_TEXT", PyLong_FromLong(HKEY_PERFORMANCE_TEXT));
+	PyModule_AddObject(m, "HKEY_PERFORMANCE_NLSTEXT", PyLong_FromLong(HKEY_PERFORMANCE_NLSTEXT));
+
+	Py_INCREF(&PyRegistry);
+	PyModule_AddObject(m, "Registry", (PyObject *)&PyRegistry);
+
+	Py_INCREF(&PyHiveKey);
+	PyModule_AddObject(m, "HiveKey", (PyObject *)&PyHiveKey);
+
+	Py_INCREF(&PyRegistryKey);
+	PyModule_AddObject(m, "RegistryKey", (PyObject *)&PyRegistryKey);
+
+	return m;
+}
diff --git a/source4/lib/registry/regf.c b/source4/lib/registry/regf.c
new file mode 100644
index 0000000..d0fc2a9
--- /dev/null
+++ b/source4/lib/registry/regf.c
@@ -0,0 +1,2319 @@
+/*
+   Samba CIFS implementation
+   Registry backend for REGF files
+   Copyright (C) 2005-2007 Jelmer Vernooij, jelmer@samba.org
+   Copyright (C) 2006-2010 Wilco Baan Hofman, wilco@baanhofman.nl
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "system/time.h"
+#include "lib/registry/tdr_regf.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "librpc/gen_ndr/winreg.h"
+#include "lib/registry/registry.h"
+#include "libcli/security/security.h"
+
+#undef strcasecmp
+
+static struct hive_operations reg_backend_regf;
+
+/**
+ * There are several places on the web where the REGF format is explained;
+ *
+ * TODO: Links
+ */
+
+/* TODO:
+ *  - Return error codes that make more sense
+ *  - Locking
+ *  - do more things in-memory
+ */
+
+/*
+ * Read HBIN blocks into memory
+ */
+
+struct regf_data {
+	int fd;
+	struct hbin_block **hbins;
+	struct regf_hdr *header;
+	time_t last_write;
+};
+
+static WERROR regf_save_hbin(struct regf_data *data, bool flush);
+
+struct regf_key_data {
+	struct hive_key key;
+	struct regf_data *hive;
+	uint32_t offset;
+	struct nk_block *nk;
+};
+
+static struct hbin_block *hbin_by_offset(const struct regf_data *data,
+					 uint32_t offset, uint32_t *rel_offset)
+{
+	unsigned int i;
+
+	for (i = 0; data->hbins[i]; i++) {
+		if (offset >= data->hbins[i]->offset_from_first &&
+			offset < data->hbins[i]->offset_from_first+
+					 data->hbins[i]->offset_to_next) {
+			if (rel_offset != NULL)
+				*rel_offset = offset - data->hbins[i]->offset_from_first - 0x20;
+			return data->hbins[i];
+		}
+	}
+
+	return NULL;
+}
+
+/**
+ * Validate a regf header
+ * For now, do nothing, but we should check the checksum
+ */
+static uint32_t regf_hdr_checksum(const uint8_t *buffer)
+{
+	uint32_t checksum = 0, x;
+	unsigned int i;
+
+	for (i = 0; i < 0x01FB; i+= 4) {
+		x = IVAL(buffer, i);
+		checksum ^= x;
+	}
+
+	return checksum;
+}
+
+/**
+ * Obtain the contents of a HBIN block
+ */
+static DATA_BLOB hbin_get(const struct regf_data *data, uint32_t offset)
+{
+	DATA_BLOB ret;
+	struct hbin_block *hbin;
+	uint32_t rel_offset;
+
+	ret.data = NULL;
+	ret.length = 0;
+
+	hbin = hbin_by_offset(data, offset, &rel_offset);
+
+	if (hbin == NULL) {
+		DEBUG(1, ("Can't find HBIN at 0x%04x\n", offset));
+		return ret;
+	}
+
+	ret.length = IVAL(hbin->data, rel_offset);
+	if (!(ret.length & 0x80000000)) {
+		DEBUG(0, ("Trying to use dirty block at 0x%04x\n", offset));
+		return ret;
+	}
+
+	/* remove high bit */
+	ret.length = (ret.length ^ 0xffffffff) + 1;
+
+	ret.length -= 4; /* 4 bytes for the length... */
+	ret.data = hbin->data +
+		(offset - hbin->offset_from_first - 0x20) + 4;
+
+	return ret;
+}
+
+static bool hbin_get_tdr(struct regf_data *regf, uint32_t offset,
+			 TALLOC_CTX *ctx, tdr_pull_fn_t pull_fn, void *p)
+{
+	struct tdr_pull *pull = tdr_pull_init(regf);
+
+	pull->data = hbin_get(regf, offset);
+	if (!pull->data.data) {
+		DEBUG(1, ("Unable to get data at 0x%04x\n", offset));
+		talloc_free(pull);
+		return false;
+	}
+
+	if (NT_STATUS_IS_ERR(pull_fn(pull, ctx, p))) {
+		DEBUG(1, ("Error parsing record at 0x%04x using tdr\n",
+			offset));
+		talloc_free(pull);
+		return false;
+	}
+	talloc_free(pull);
+
+	return true;
+}
+
+/* Allocate some new data */
+static DATA_BLOB hbin_alloc(struct regf_data *data, uint32_t size,
+			    uint32_t *offset)
+{
+	DATA_BLOB ret;
+	uint32_t rel_offset = (uint32_t) -1; /* Relative offset ! */
+	struct hbin_block *hbin = NULL;
+	unsigned int i;
+
+	if (offset != NULL) {
+		*offset = 0;
+	}
+
+	if (size == 0)
+		return data_blob(NULL, 0);
+
+	size += 4; /* Need to include int32 for the length */
+
+	/* Allocate as a multiple of 8 */
+	size = (size + 7) & ~7;
+
+	ret.data = NULL;
+	ret.length = 0;
+
+	for (i = 0; (hbin = data->hbins[i]); i++) {
+		int j;
+		int32_t my_size;
+		for (j = 0; j < hbin->offset_to_next-0x20; j+= my_size) {
+			my_size = IVALS(hbin->data, j);
+
+			if (my_size == 0x0) {
+				DEBUG(0, ("Invalid zero-length block! File is corrupt.\n"));
+				return ret;
+			}
+
+			if (my_size % 8 != 0) {
+				DEBUG(0, ("Encountered non-aligned block!\n"));
+			}
+
+			if (my_size < 0) { /* Used... */
+				my_size = -my_size;
+			} else if (my_size == size) { /* exact match */
+				rel_offset = j;
+				DEBUG(4, ("Found free block of exact size %d in middle of HBIN\n",
+					size));
+				break;
+			} else if (my_size > size) { /* data will remain */
+				rel_offset = j;
+				/* Split this block and mark the next block as free */
+				SIVAL(hbin->data, rel_offset+size, my_size-size);
+				DEBUG(4, ("Found free block of size %d (needing %d) in middle of HBIN\n",
+					my_size, size));
+				break;
+			}
+		}
+
+		if (rel_offset != -1)
+			break;
+	}
+
+	/* No space available in previous hbins,
+	 * allocate new one */
+	if (data->hbins[i] == NULL) {
+		DEBUG(4, ("No space available in other HBINs for block of size %d, allocating new HBIN\n",
+			size));
+
+		/* Add extra hbin block */
+		data->hbins = talloc_realloc(data, data->hbins,
+					     struct hbin_block *, i+2);
+		hbin = talloc(data->hbins, struct hbin_block);
+		SMB_ASSERT(hbin != NULL);
+
+		data->hbins[i] = hbin;
+		data->hbins[i+1] = NULL;
+
+		/* Set hbin data */
+		hbin->HBIN_ID = talloc_strdup(hbin, "hbin");
+		hbin->offset_from_first = (i == 0?0:data->hbins[i-1]->offset_from_first+data->hbins[i-1]->offset_to_next);
+		hbin->offset_to_next = 0x1000;
+		hbin->unknown[0] = 0;
+		hbin->unknown[1] = 0;
+		unix_to_nt_time(&hbin->last_change, time(NULL));
+		hbin->block_size = hbin->offset_to_next;
+		hbin->data = talloc_zero_array(hbin, uint8_t, hbin->block_size - 0x20);
+		/* Update the regf header */
+		data->header->last_block += hbin->offset_to_next;
+
+		/* Set the next block to it's proper size and set the
+		 * rel_offset for this block */
+		SIVAL(hbin->data, size, hbin->block_size - size - 0x20);
+		rel_offset = 0x0;
+	}
+
+	/* Set size and mark as used */
+	SIVAL(hbin->data, rel_offset, -size);
+
+	ret.data = hbin->data + rel_offset + 0x4; /* Skip past length */
+	ret.length = size - 0x4;
+	if (offset) {
+		uint32_t new_rel_offset = 0;
+		*offset = hbin->offset_from_first + rel_offset + 0x20;
+		SMB_ASSERT(hbin_by_offset(data, *offset, &new_rel_offset) == hbin);
+		SMB_ASSERT(new_rel_offset == rel_offset);
+	}
+
+	return ret;
+}
+
+/* Store a data blob. Return the offset at which it was stored */
+static uint32_t hbin_store (struct regf_data *data, DATA_BLOB blob)
+{
+	uint32_t ret;
+	DATA_BLOB dest = hbin_alloc(data, blob.length, &ret);
+
+	memcpy(dest.data, blob.data, blob.length);
+
+	/* Make sure that we have no tailing garbage in the block */
+	if (dest.length > blob.length) {
+		memset(dest.data + blob.length, 0, dest.length - blob.length);
+	}
+
+	return ret;
+}
+
+static uint32_t hbin_store_tdr(struct regf_data *data,
+			       tdr_push_fn_t push_fn, void *p)
+{
+	struct tdr_push *push = tdr_push_init(data);
+	uint32_t ret;
+
+	if (NT_STATUS_IS_ERR(push_fn(push, p))) {
+		DEBUG(0, ("Error during push\n"));
+		return -1;
+	}
+
+	ret = hbin_store(data, push->data);
+
+	talloc_free(push);
+
+	return ret;
+}
+
+
+/* Free existing data */
+static void hbin_free (struct regf_data *data, uint32_t offset)
+{
+	int32_t size;
+	uint32_t rel_offset;
+	int32_t next_size;
+	struct hbin_block *hbin;
+
+	SMB_ASSERT (offset > 0);
+
+	hbin = hbin_by_offset(data, offset, &rel_offset);
+
+	if (hbin == NULL)
+		return;
+
+	/* Get original size */
+	size = IVALS(hbin->data, rel_offset);
+
+	if (size > 0) {
+		DEBUG(1, ("Trying to free already freed block at 0x%04x\n",
+			offset));
+		return;
+	}
+	/* Mark as unused */
+	size = -size;
+
+	/* If the next block is free, merge into big free block */
+	if (rel_offset + size < hbin->offset_to_next - 0x20) {
+		next_size = IVALS(hbin->data, rel_offset+size);
+		if (next_size > 0) {
+			size += next_size;
+		}
+	}
+
+	/* Write block size */
+	SIVALS(hbin->data, rel_offset, size);
+}
+
+/**
+ * Store a data blob data was already stored, but has changed in size
+ * Will try to save it at the current location if possible, otherwise
+ * does a free + store */
+static uint32_t hbin_store_resize(struct regf_data *data,
+				  uint32_t orig_offset, DATA_BLOB blob)
+{
+	uint32_t rel_offset;
+	struct hbin_block *hbin = hbin_by_offset(data, orig_offset,
+						 &rel_offset);
+	int32_t my_size;
+	int32_t orig_size;
+	int32_t needed_size;
+	int32_t possible_size;
+	unsigned int i;
+
+	SMB_ASSERT(orig_offset > 0);
+
+	if (!hbin)
+		return hbin_store(data, blob);
+
+	/* Get original size */
+	orig_size = -IVALS(hbin->data, rel_offset);
+
+	needed_size = blob.length + 4; /* Add int32 containing length */
+	needed_size = (needed_size + 7) & ~7; /* Align */
+
+	/* Fits into current allocated block */
+	if (orig_size >= needed_size) {
+		memcpy(hbin->data + rel_offset + 0x4, blob.data, blob.length);
+		/* If the difference in size is greater than 0x4, split the block
+		 * and free/merge it */
+		if (orig_size - needed_size > 0x4) {
+			SIVALS(hbin->data, rel_offset, -needed_size);
+			SIVALS(hbin->data, rel_offset + needed_size,
+			       needed_size-orig_size);
+			hbin_free(data, orig_offset + needed_size);
+		}
+		return orig_offset;
+	}
+
+	possible_size = orig_size;
+
+	/* Check if it can be combined with the next few free records */
+	for (i = rel_offset; i < hbin->offset_to_next - 0x20; i += my_size) {
+		if (IVALS(hbin->data, i) < 0) /* Used */
+			break;
+
+		my_size = IVALS(hbin->data, i);
+
+		if (my_size == 0x0) {
+			DEBUG(0, ("Invalid zero-length block! File is corrupt.\n"));
+			break;
+		} else {
+			possible_size += my_size;
+		}
+
+		if (possible_size >= blob.length) {
+			SIVAL(hbin->data, rel_offset, -possible_size);
+			memcpy(hbin->data + rel_offset + 0x4,
+			       blob.data, blob.length);
+			return orig_offset;
+		}
+	}
+
+	hbin_free(data, orig_offset);
+	return hbin_store(data, blob);
+}
+
+static uint32_t hbin_store_tdr_resize(struct regf_data *regf,
+				      tdr_push_fn_t push_fn,
+				      uint32_t orig_offset, void *p)
+{
+	struct tdr_push *push = tdr_push_init(regf);
+	uint32_t ret;
+
+	if (NT_STATUS_IS_ERR(push_fn(push, p))) {
+		DEBUG(0, ("Error during push\n"));
+		return -1;
+	}
+
+	ret = hbin_store_resize(regf, orig_offset, push->data);
+
+	talloc_free(push);
+
+	return ret;
+}
+
+static uint32_t regf_create_lh_hash(const char *name)
+{
+	char *hash_name;
+	uint32_t ret = 0;
+	uint16_t i;
+
+	hash_name = strupper_talloc(NULL, name);
+	for (i = 0; *(hash_name + i) != 0; i++) {
+		ret *= 37;
+		ret += *(hash_name + i);
+	}
+	talloc_free(hash_name);
+	return ret;
+}
+
+static WERROR regf_get_info(TALLOC_CTX *mem_ctx,
+			    const struct hive_key *key,
+			    const char **classname,
+			    uint32_t *num_subkeys,
+			    uint32_t *num_values,
+			    NTTIME *last_mod_time,
+			    uint32_t *max_subkeynamelen,
+			    uint32_t *max_valnamelen,
+			    uint32_t *max_valbufsize)
+{
+	const struct regf_key_data *private_data =
+		(const struct regf_key_data *)key;
+
+	if (num_subkeys != NULL)
+		*num_subkeys = private_data->nk->num_subkeys;
+
+	if (num_values != NULL)
+		*num_values = private_data->nk->num_values;
+
+	if (classname != NULL) {
+		if (private_data->nk->clsname_offset != -1) {
+			DATA_BLOB data = hbin_get(private_data->hive,
+						  private_data->nk->clsname_offset);
+			*classname = talloc_strndup(mem_ctx,
+						    (char*)data.data,
+						    private_data->nk->clsname_length);
+			W_ERROR_HAVE_NO_MEMORY(*classname);
+		} else
+			*classname = NULL;
+	}
+
+	/* TODO: Last mod time */
+
+	/* TODO: max valnamelen */
+	
+	/* TODO: max valbufsize */
+
+	/* TODO: max subkeynamelen */
+
+	return WERR_OK;
+}
+
+static struct regf_key_data *regf_get_key(TALLOC_CTX *ctx,
+					  struct regf_data *regf,
+					  uint32_t offset)
+{
+	struct nk_block *nk;
+	struct regf_key_data *ret;
+
+	ret = talloc_zero(ctx, struct regf_key_data);
+	ret->key.ops = &reg_backend_regf;
+	ret->hive = talloc_reference(ret, regf);
+	ret->offset = offset;
+	nk = talloc(ret, struct nk_block);
+	if (nk == NULL)
+		return NULL;
+
+	ret->nk = nk;
+
+	if (!hbin_get_tdr(regf, offset, nk,
+			  (tdr_pull_fn_t)tdr_pull_nk_block, nk)) {
+		DEBUG(0, ("Unable to find HBIN data for offset 0x%x\n", offset));
+		return NULL;
+	}
+
+	if (strcmp(nk->header, "nk") != 0) {
+		DEBUG(0, ("Expected nk record, got %s\n", nk->header));
+		talloc_free(ret);
+		return NULL;
+	}
+
+	return ret;
+}
+
+
+static WERROR regf_get_value(TALLOC_CTX *ctx, struct hive_key *key,
+			     uint32_t idx, const char **name,
+			     uint32_t *data_type, DATA_BLOB *data)
+{
+	const struct regf_key_data *private_data =
+			(const struct regf_key_data *)key;
+	struct vk_block *vk;
+	struct regf_data *regf = private_data->hive;
+	uint32_t vk_offset;
+	DATA_BLOB tmp;
+
+	if (idx >= private_data->nk->num_values)
+		return WERR_NO_MORE_ITEMS;
+
+	tmp = hbin_get(regf, private_data->nk->values_offset);
+	if (!tmp.data) {
+		DEBUG(0, ("Unable to find value list at 0x%x\n",
+				private_data->nk->values_offset));
+		return WERR_GEN_FAILURE;
+	}
+
+	if (tmp.length < private_data->nk->num_values * 4) {
+		DEBUG(1, ("Value counts mismatch\n"));
+	}
+
+	vk_offset = IVAL(tmp.data, idx * 4);
+
+	vk = talloc(NULL, struct vk_block);
+	W_ERROR_HAVE_NO_MEMORY(vk);
+
+	if (!hbin_get_tdr(regf, vk_offset, vk,
+			  (tdr_pull_fn_t)tdr_pull_vk_block, vk)) {
+		DEBUG(0, ("Unable to get VK block at 0x%x\n", vk_offset));
+		talloc_free(vk);
+		return WERR_GEN_FAILURE;
+	}
+
+	/* FIXME: name character set ?*/
+	if (name != NULL) {
+		*name = talloc_strndup(ctx, vk->data_name, vk->name_length);
+		W_ERROR_HAVE_NO_MEMORY(*name);
+	}
+
+	if (data_type != NULL)
+		*data_type = vk->data_type;
+
+	if (vk->data_length & 0x80000000) {
+		/* this is data of type "REG_DWORD" or "REG_DWORD_BIG_ENDIAN" */
+		data->data = talloc_size(ctx, sizeof(uint32_t));
+		W_ERROR_HAVE_NO_MEMORY(data->data);
+		SIVAL(data->data, 0, vk->data_offset);
+		data->length = sizeof(uint32_t);
+	} else {
+		*data = hbin_get(regf, vk->data_offset);
+	}
+
+	if (data->length < vk->data_length) {
+		DEBUG(1, ("Read data less than indicated data length!\n"));
+	}
+
+	talloc_free(vk);
+
+	return WERR_OK;
+}
+
+static WERROR regf_get_value_by_name(TALLOC_CTX *mem_ctx,
+				     struct hive_key *key, const char *name,
+				     uint32_t *type, DATA_BLOB *data)
+{
+	unsigned int i;
+	const char *vname;
+	WERROR error;
+
+	/* FIXME: Do binary search? Is this list sorted at all? */
+
+	for (i = 0; W_ERROR_IS_OK(error = regf_get_value(mem_ctx, key, i,
+							 &vname, type, data));
+							 i++) {
+		if (!strcmp(vname, name))
+			return WERR_OK;
+	}
+
+	if (W_ERROR_EQUAL(error, WERR_NO_MORE_ITEMS))
+		return WERR_FILE_NOT_FOUND;
+
+	return error;
+}
+
+
+static WERROR regf_get_subkey_by_index(TALLOC_CTX *ctx,
+				       const struct hive_key *key,
+				       uint32_t idx, const char **name,
+				       const char **classname,
+				       NTTIME *last_mod_time)
+{
+	DATA_BLOB data;
+	struct regf_key_data *ret;
+	const struct regf_key_data *private_data = (const struct regf_key_data *)key;
+	struct nk_block *nk = private_data->nk;
+	uint32_t key_off=0;
+
+	if (idx >= nk->num_subkeys)
+		return WERR_NO_MORE_ITEMS;
+
+	/* Make sure that we don't crash if the key is empty */
+	if (nk->subkeys_offset == -1) {
+		return WERR_NO_MORE_ITEMS;
+	}
+
+	data = hbin_get(private_data->hive, nk->subkeys_offset);
+	if (!data.data) {
+		DEBUG(0, ("Unable to find subkey list at 0x%x\n",
+			nk->subkeys_offset));
+		return WERR_GEN_FAILURE;
+	}
+
+	if (!strncmp((char *)data.data, "li", 2)) {
+		struct li_block li;
+		struct tdr_pull *pull = tdr_pull_init(private_data->hive);
+
+		DEBUG(10, ("Subkeys in LI list\n"));
+		pull->data = data;
+
+		if (NT_STATUS_IS_ERR(tdr_pull_li_block(pull, nk, &li))) {
+			DEBUG(0, ("Error parsing LI list\n"));
+			talloc_free(pull);
+			return WERR_GEN_FAILURE;
+		}
+		talloc_free(pull);
+		SMB_ASSERT(!strncmp(li.header, "li", 2));
+
+		if (li.key_count != nk->num_subkeys) {
+			DEBUG(0, ("Subkey counts don't match\n"));
+			return WERR_GEN_FAILURE;
+		}
+		key_off = li.nk_offset[idx];
+
+	} else if (!strncmp((char *)data.data, "lf", 2)) {
+		struct lf_block lf;
+		struct tdr_pull *pull = tdr_pull_init(private_data->hive);
+
+		DEBUG(10, ("Subkeys in LF list\n"));
+		pull->data = data;
+
+		if (NT_STATUS_IS_ERR(tdr_pull_lf_block(pull, nk, &lf))) {
+			DEBUG(0, ("Error parsing LF list\n"));
+			talloc_free(pull);
+			return WERR_GEN_FAILURE;
+		}
+		talloc_free(pull);
+		SMB_ASSERT(!strncmp(lf.header, "lf", 2));
+
+		if (lf.key_count != nk->num_subkeys) {
+			DEBUG(0, ("Subkey counts don't match\n"));
+			return WERR_GEN_FAILURE;
+		}
+
+		key_off = lf.hr[idx].nk_offset;
+	} else if (!strncmp((char *)data.data, "lh", 2)) {
+		struct lh_block lh;
+		struct tdr_pull *pull = tdr_pull_init(private_data->hive);
+
+		DEBUG(10, ("Subkeys in LH list\n"));
+		pull->data = data;
+
+		if (NT_STATUS_IS_ERR(tdr_pull_lh_block(pull, nk, &lh))) {
+			DEBUG(0, ("Error parsing LH list\n"));
+			talloc_free(pull);
+			return WERR_GEN_FAILURE;
+		}
+		talloc_free(pull);
+		SMB_ASSERT(!strncmp(lh.header, "lh", 2));
+
+		if (lh.key_count != nk->num_subkeys) {
+			DEBUG(0, ("Subkey counts don't match\n"));
+			return WERR_GEN_FAILURE;
+		}
+		key_off = lh.hr[idx].nk_offset;
+	} else if (!strncmp((char *)data.data, "ri", 2)) {
+		struct ri_block ri;
+		struct tdr_pull *pull = tdr_pull_init(ctx);
+		uint16_t i;
+		uint16_t sublist_count = 0;
+
+		DEBUG(10, ("Subkeys in RI list\n"));
+		pull->data = data;
+
+		if (NT_STATUS_IS_ERR(tdr_pull_ri_block(pull, nk, &ri))) {
+			DEBUG(0, ("Error parsing RI list\n"));
+			talloc_free(pull);
+			return WERR_GEN_FAILURE;
+		}
+		SMB_ASSERT(!strncmp(ri.header, "ri", 2));
+
+		for (i = 0; i < ri.key_count; i++) {
+			DATA_BLOB list_data;
+
+			/* Get sublist data blob */
+			list_data = hbin_get(private_data->hive, ri.offset[i]);
+			if (!list_data.data) {
+				DEBUG(0, ("Error getting RI list.\n"));
+				talloc_free(pull);
+				return WERR_GEN_FAILURE;
+			}
+
+			pull->data = list_data;
+
+			if (!strncmp((char *)list_data.data, "li", 2)) {
+				struct li_block li;
+
+				DEBUG(10, ("Subkeys in RI->LI list\n"));
+
+				if (NT_STATUS_IS_ERR(tdr_pull_li_block(pull,
+								       nk,
+								       &li))) {
+					DEBUG(0, ("Error parsing LI list from RI\n"));
+					talloc_free(pull);
+					return WERR_GEN_FAILURE;
+				}
+				SMB_ASSERT(!strncmp(li.header, "li", 2));
+
+				/* Advance to next sublist if necessary */
+				if (idx >= sublist_count + li.key_count) {
+					sublist_count += li.key_count;
+					continue;
+				}
+				key_off = li.nk_offset[idx - sublist_count];
+				sublist_count += li.key_count;
+				break;
+			} else if (!strncmp((char *)list_data.data, "lh", 2)) {
+				struct lh_block lh;
+
+				DEBUG(10, ("Subkeys in RI->LH list\n"));
+
+				if (NT_STATUS_IS_ERR(tdr_pull_lh_block(pull,
+								       nk,
+								       &lh))) {
+					DEBUG(0, ("Error parsing LH list from RI\n"));
+					talloc_free(pull);
+					return WERR_GEN_FAILURE;
+				}
+				SMB_ASSERT(!strncmp(lh.header, "lh", 2));
+
+				/* Advance to next sublist if necessary */
+				if (idx >= sublist_count + lh.key_count) {
+					sublist_count += lh.key_count;
+					continue;
+				}
+				key_off = lh.hr[idx - sublist_count].nk_offset;
+				sublist_count += lh.key_count;
+				break;
+			} else {
+				DEBUG(0,("Unknown sublist in ri block\n"));
+				talloc_free(pull);
+
+				return WERR_GEN_FAILURE;
+			}
+
+		}
+		talloc_free(pull);
+
+
+		if (idx > sublist_count) {
+			return WERR_NO_MORE_ITEMS;
+		}
+
+	} else {
+		DEBUG(0, ("Unknown type for subkey list (0x%04x): %c%c\n",
+				  nk->subkeys_offset, data.data[0], data.data[1]));
+		return WERR_GEN_FAILURE;
+	}
+
+	ret = regf_get_key (ctx, private_data->hive, key_off);
+
+	if (classname != NULL) {
+		if (ret->nk->clsname_offset != -1) {
+			DATA_BLOB db = hbin_get(ret->hive,
+						ret->nk->clsname_offset);
+			*classname = talloc_strndup(ctx,
+						    (char*)db.data,
+						    ret->nk->clsname_length);
+			W_ERROR_HAVE_NO_MEMORY(*classname);
+		} else
+			*classname = NULL;
+	}
+
+	if (last_mod_time != NULL)
+		*last_mod_time = ret->nk->last_change;
+
+	if (name != NULL)
+		*name = talloc_steal(ctx, ret->nk->key_name);
+
+	talloc_free(ret);
+
+	return WERR_OK;
+}
+
+static WERROR regf_match_subkey_by_name(TALLOC_CTX *ctx,
+					const struct hive_key *key,
+					uint32_t offset,
+					const char *name, uint32_t *ret)
+{
+	DATA_BLOB subkey_data;
+	struct nk_block subkey;
+	struct tdr_pull *pull;
+	const struct regf_key_data *private_data =
+		(const struct regf_key_data *)key;
+
+	subkey_data = hbin_get(private_data->hive, offset);
+	if (!subkey_data.data) {
+		DEBUG(0, ("Unable to retrieve subkey HBIN\n"));
+		return WERR_GEN_FAILURE;
+	}
+
+	pull = tdr_pull_init(ctx);
+
+	pull->data = subkey_data;
+
+	if (NT_STATUS_IS_ERR(tdr_pull_nk_block(pull, ctx, &subkey))) {
+		DEBUG(0, ("Error parsing NK structure.\n"));
+		talloc_free(pull);
+		return WERR_GEN_FAILURE;
+	}
+	talloc_free(pull);
+
+	if (strncmp(subkey.header, "nk", 2)) {
+		DEBUG(0, ("Not an NK structure.\n"));
+		return WERR_GEN_FAILURE;
+	}
+
+	if (!strcasecmp(subkey.key_name, name)) {
+		*ret = offset;
+	} else {
+		*ret = 0;
+	}
+	return WERR_OK;
+}
+
+static WERROR regf_get_subkey_by_name(TALLOC_CTX *ctx,
+				      const struct hive_key *key,
+				      const char *name,
+				      struct hive_key **ret)
+{
+	DATA_BLOB data;
+	const struct regf_key_data *private_data =
+		(const struct regf_key_data *)key;
+	struct nk_block *nk = private_data->nk;
+	uint32_t key_off = 0;
+
+	/* Make sure that we don't crash if the key is empty */
+	if (nk->subkeys_offset == -1) {
+		return WERR_FILE_NOT_FOUND;
+	}
+
+	data = hbin_get(private_data->hive, nk->subkeys_offset);
+	if (!data.data) {
+		DEBUG(0, ("Unable to find subkey list\n"));
+		return WERR_GEN_FAILURE;
+	}
+
+	if (!strncmp((char *)data.data, "li", 2)) {
+		struct li_block li;
+		struct tdr_pull *pull = tdr_pull_init(ctx);
+		uint16_t i;
+
+		DEBUG(10, ("Subkeys in LI list\n"));
+		pull->data = data;
+
+		if (NT_STATUS_IS_ERR(tdr_pull_li_block(pull, nk, &li))) {
+			DEBUG(0, ("Error parsing LI list\n"));
+			talloc_free(pull);
+			return WERR_GEN_FAILURE;
+		}
+		talloc_free(pull);
+		SMB_ASSERT(!strncmp(li.header, "li", 2));
+
+		if (li.key_count != nk->num_subkeys) {
+			DEBUG(0, ("Subkey counts don't match\n"));
+			return WERR_GEN_FAILURE;
+		}
+
+		for (i = 0; i < li.key_count; i++) {
+			W_ERROR_NOT_OK_RETURN(regf_match_subkey_by_name(nk, key,
+									li.nk_offset[i],
+									name,
+									&key_off));
+			if (key_off != 0)
+				break;
+		}
+		if (key_off == 0)
+			return WERR_FILE_NOT_FOUND;
+	} else if (!strncmp((char *)data.data, "lf", 2)) {
+		struct lf_block lf;
+		struct tdr_pull *pull = tdr_pull_init(ctx);
+		uint16_t i;
+
+		DEBUG(10, ("Subkeys in LF list\n"));
+		pull->data = data;
+
+		if (NT_STATUS_IS_ERR(tdr_pull_lf_block(pull, nk, &lf))) {
+			DEBUG(0, ("Error parsing LF list\n"));
+			talloc_free(pull);
+			return WERR_GEN_FAILURE;
+		}
+		talloc_free(pull);
+		SMB_ASSERT(!strncmp(lf.header, "lf", 2));
+
+		if (lf.key_count != nk->num_subkeys) {
+			DEBUG(0, ("Subkey counts don't match\n"));
+			return WERR_GEN_FAILURE;
+		}
+
+		for (i = 0; i < lf.key_count; i++) {
+			if (strncmp(lf.hr[i].hash, name, 4)) {
+				continue;
+			}
+			W_ERROR_NOT_OK_RETURN(regf_match_subkey_by_name(nk,
+									key,
+									lf.hr[i].nk_offset,
+									name,
+									&key_off));
+			if (key_off != 0)
+				break;
+		}
+		if (key_off == 0)
+			return WERR_FILE_NOT_FOUND;
+	} else if (!strncmp((char *)data.data, "lh", 2)) {
+		struct lh_block lh;
+		struct tdr_pull *pull = tdr_pull_init(ctx);
+		uint16_t i;
+		uint32_t hash;
+
+		DEBUG(10, ("Subkeys in LH list\n"));
+		pull->data = data;
+
+		if (NT_STATUS_IS_ERR(tdr_pull_lh_block(pull, nk, &lh))) {
+			DEBUG(0, ("Error parsing LH list\n"));
+			talloc_free(pull);
+			return WERR_GEN_FAILURE;
+		}
+		talloc_free(pull);
+		SMB_ASSERT(!strncmp(lh.header, "lh", 2));
+
+		if (lh.key_count != nk->num_subkeys) {
+			DEBUG(0, ("Subkey counts don't match\n"));
+			return WERR_GEN_FAILURE;
+		}
+
+		hash = regf_create_lh_hash(name);
+		for (i = 0; i < lh.key_count; i++) {
+			if (lh.hr[i].base37 != hash) {
+				continue;
+			}
+			W_ERROR_NOT_OK_RETURN(regf_match_subkey_by_name(nk,
+									key,
+									lh.hr[i].nk_offset,
+									name,
+									&key_off));
+			if (key_off != 0)
+				break;
+		}
+		if (key_off == 0)
+			return WERR_FILE_NOT_FOUND;
+	} else if (!strncmp((char *)data.data, "ri", 2)) {
+		struct ri_block ri;
+		struct tdr_pull *pull = tdr_pull_init(ctx);
+		uint16_t i, j;
+
+		DEBUG(10, ("Subkeys in RI list\n"));
+		pull->data = data;
+
+		if (NT_STATUS_IS_ERR(tdr_pull_ri_block(pull, nk, &ri))) {
+			DEBUG(0, ("Error parsing RI list\n"));
+			talloc_free(pull);
+			return WERR_GEN_FAILURE;
+		}
+		SMB_ASSERT(!strncmp(ri.header, "ri", 2));
+
+		for (i = 0; i < ri.key_count; i++) {
+			DATA_BLOB list_data;
+
+			/* Get sublist data blob */
+			list_data = hbin_get(private_data->hive, ri.offset[i]);
+			if (list_data.data == NULL) {
+				DEBUG(0, ("Error getting RI list.\n"));
+				talloc_free(pull);
+				return WERR_GEN_FAILURE;
+			}
+
+			pull->data = list_data;
+
+			if (!strncmp((char *)list_data.data, "li", 2)) {
+				struct li_block li;
+
+				if (NT_STATUS_IS_ERR(tdr_pull_li_block(pull,
+								       nk,
+								       &li))) {
+					DEBUG(0, ("Error parsing LI list from RI\n"));
+					talloc_free(pull);
+					return WERR_GEN_FAILURE;
+				}
+				SMB_ASSERT(!strncmp(li.header, "li", 2));
+
+				for (j = 0; j < li.key_count; j++) {
+					W_ERROR_NOT_OK_RETURN(regf_match_subkey_by_name(nk, key,
+											li.nk_offset[j],
+											name,
+											&key_off));
+					if (key_off)
+						break;
+				}
+			} else if (!strncmp((char *)list_data.data, "lh", 2)) {
+				struct lh_block lh;
+				uint32_t hash;
+
+				if (NT_STATUS_IS_ERR(tdr_pull_lh_block(pull,
+								       nk,
+								       &lh))) {
+					DEBUG(0, ("Error parsing LH list from RI\n"));
+					talloc_free(pull);
+					return WERR_GEN_FAILURE;
+				}
+				SMB_ASSERT(!strncmp(lh.header, "lh", 2));
+
+				hash = regf_create_lh_hash(name);
+				for (j = 0; j < lh.key_count; j++) {
+					if (lh.hr[j].base37 != hash) {
+						continue;
+					}
+					W_ERROR_NOT_OK_RETURN(regf_match_subkey_by_name(nk, key,
+											lh.hr[j].nk_offset,
+											name,
+											&key_off));
+					if (key_off)
+						break;
+				}
+			}
+			if (key_off)
+				break;
+		}
+		talloc_free(pull);
+		if (!key_off)
+			return WERR_FILE_NOT_FOUND;
+	} else {
+		DEBUG(0, ("Unknown subkey list type.\n"));
+		return WERR_GEN_FAILURE;
+	}
+
+	*ret = (struct hive_key *)regf_get_key(ctx, private_data->hive,
+					       key_off);
+	return WERR_OK;
+}
+
+static WERROR regf_set_sec_desc(struct hive_key *key,
+				const struct security_descriptor *sec_desc)
+{
+	const struct regf_key_data *private_data =
+		(const struct regf_key_data *)key;
+	struct sk_block cur_sk, sk, new_sk;
+	struct regf_data *regf = private_data->hive;
+	struct nk_block root;
+	DATA_BLOB data;
+	uint32_t sk_offset, cur_sk_offset;
+	bool update_cur_sk = false;
+
+	/* Get the root nk */
+ 	hbin_get_tdr(regf, regf->header->data_offset, regf,
+		     (tdr_pull_fn_t) tdr_pull_nk_block, &root);
+
+	/* Push the security descriptor to a blob */
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_push_struct_blob(&data, regf, 
+							  sec_desc, (ndr_push_flags_fn_t)ndr_push_security_descriptor))) {
+		DEBUG(0, ("Unable to push security descriptor\n"));
+		return WERR_GEN_FAILURE;
+	}
+
+	/* Get the current security descriptor for the key */
+	if (!hbin_get_tdr(regf, private_data->nk->sk_offset, regf,
+			  (tdr_pull_fn_t) tdr_pull_sk_block, &cur_sk)) {
+		DEBUG(0, ("Unable to find security descriptor for current key\n"));
+		return WERR_FILE_NOT_FOUND;
+	}
+	/* If there's no change, change nothing. */
+	if (memcmp(data.data, cur_sk.sec_desc,
+		   MIN(data.length, cur_sk.rec_size)) == 0) {
+		return WERR_OK;
+	}
+
+	/* Delete the current sk if only this key is using it */
+	if (cur_sk.ref_cnt == 1) {
+		/* Get the previous security descriptor for the key */
+		if (!hbin_get_tdr(regf, cur_sk.prev_offset, regf,
+				  (tdr_pull_fn_t) tdr_pull_sk_block, &sk)) {
+			DEBUG(0, ("Unable to find prev security descriptor for current key\n"));
+			return WERR_FILE_NOT_FOUND;
+		}
+		/* Change and store the previous security descriptor */
+		sk.next_offset = cur_sk.next_offset;
+		hbin_store_tdr_resize(regf, (tdr_push_fn_t) tdr_push_sk_block,
+				      cur_sk.prev_offset, &sk);
+
+		/* Get the next security descriptor for the key */
+		if (!hbin_get_tdr(regf, cur_sk.next_offset, regf,
+				  (tdr_pull_fn_t) tdr_pull_sk_block, &sk)) {
+			DEBUG(0, ("Unable to find next security descriptor for current key\n"));
+			return WERR_FILE_NOT_FOUND;
+		}
+		/* Change and store the next security descriptor */
+		sk.prev_offset = cur_sk.prev_offset;
+		hbin_store_tdr_resize(regf, (tdr_push_fn_t) tdr_push_sk_block,
+				      cur_sk.next_offset, &sk);
+
+		hbin_free(regf, private_data->nk->sk_offset);
+	} else {
+		/* This key will no longer be referring to this sk */
+		cur_sk.ref_cnt--;
+		update_cur_sk = true;
+	}
+
+	sk_offset = root.sk_offset;
+
+	do {
+		cur_sk_offset = sk_offset;
+		if (!hbin_get_tdr(regf, sk_offset, regf,
+				  (tdr_pull_fn_t) tdr_pull_sk_block, &sk)) {
+			DEBUG(0, ("Unable to find security descriptor\n"));
+			return WERR_FILE_NOT_FOUND;
+		}
+		if (memcmp(data.data, sk.sec_desc, MIN(data.length, sk.rec_size)) == 0) {
+			private_data->nk->sk_offset = sk_offset;
+			sk.ref_cnt++;
+			hbin_store_tdr_resize(regf,
+					      (tdr_push_fn_t) tdr_push_sk_block,
+					      sk_offset, &sk);
+			hbin_store_tdr_resize(regf,
+					      (tdr_push_fn_t) tdr_push_nk_block,
+					      private_data->offset,
+					      private_data->nk);
+			return WERR_OK;
+		}
+		sk_offset = sk.next_offset;
+	} while (sk_offset != root.sk_offset);
+
+	ZERO_STRUCT(new_sk);
+	new_sk.header = "sk";
+	new_sk.prev_offset = cur_sk_offset;
+	new_sk.next_offset = root.sk_offset;
+	new_sk.ref_cnt = 1;
+	new_sk.rec_size = data.length;
+	new_sk.sec_desc = data.data;
+
+	sk_offset = hbin_store_tdr(regf,
+				   (tdr_push_fn_t) tdr_push_sk_block,
+				   &new_sk);
+	if (sk_offset == -1) {
+		DEBUG(0, ("Error storing sk block\n"));
+		return WERR_GEN_FAILURE;
+	}
+	private_data->nk->sk_offset = sk_offset;
+
+	if (update_cur_sk) {
+		hbin_store_tdr_resize(regf,
+				      (tdr_push_fn_t) tdr_push_sk_block,
+				      private_data->nk->sk_offset, &cur_sk);
+	}
+
+	/* Get the previous security descriptor for the key */
+	if (!hbin_get_tdr(regf, new_sk.prev_offset, regf,
+			  (tdr_pull_fn_t) tdr_pull_sk_block, &sk)) {
+		DEBUG(0, ("Unable to find security descriptor for previous key\n"));
+		return WERR_FILE_NOT_FOUND;
+	}
+	/* Change and store the previous security descriptor */
+	sk.next_offset = sk_offset;
+	hbin_store_tdr_resize(regf,
+			      (tdr_push_fn_t) tdr_push_sk_block,
+			      cur_sk.prev_offset, &sk);
+
+	/* Get the next security descriptor for the key (always root, as we append) */
+	if (!hbin_get_tdr(regf, new_sk.next_offset, regf,
+			  (tdr_pull_fn_t) tdr_pull_sk_block, &sk)) {
+		DEBUG(0, ("Unable to find security descriptor for current key\n"));
+		return WERR_FILE_NOT_FOUND;
+	}
+	/* Change and store the next security descriptor (always root, as we append) */
+	sk.prev_offset = sk_offset;
+	hbin_store_tdr_resize(regf,
+			      (tdr_push_fn_t) tdr_push_sk_block,
+			      root.sk_offset, &sk);
+
+
+	/* Store the nk. */
+	hbin_store_tdr_resize(regf,
+			      (tdr_push_fn_t) tdr_push_sk_block,
+			      private_data->offset, private_data->nk);
+	return WERR_OK;
+}
+
+static WERROR regf_get_sec_desc(TALLOC_CTX *ctx, const struct hive_key *key,
+				struct security_descriptor **sd)
+{
+	const struct regf_key_data *private_data =
+		(const struct regf_key_data *)key;
+	struct sk_block sk;
+	struct regf_data *regf = private_data->hive;
+	DATA_BLOB data;
+
+	if (!hbin_get_tdr(regf, private_data->nk->sk_offset, ctx,
+			  (tdr_pull_fn_t) tdr_pull_sk_block, &sk)) {
+		DEBUG(0, ("Unable to find security descriptor\n"));
+		return WERR_GEN_FAILURE;
+	}
+
+	if (strcmp(sk.header, "sk") != 0) {
+		DEBUG(0, ("Expected 'sk', got '%s'\n", sk.header));
+		return WERR_GEN_FAILURE;
+	}
+
+	*sd = talloc(ctx, struct security_descriptor);
+	W_ERROR_HAVE_NO_MEMORY(*sd);
+
+	data.data = sk.sec_desc;
+	data.length = sk.rec_size;
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_pull_struct_blob(&data, ctx, *sd,
+						  (ndr_pull_flags_fn_t)ndr_pull_security_descriptor))) {
+		DEBUG(0, ("Error parsing security descriptor\n"));
+		return WERR_GEN_FAILURE;
+	}
+
+	return WERR_OK;
+}
+
+static WERROR regf_sl_add_entry(struct regf_data *regf, uint32_t list_offset,
+				const char *name,
+				uint32_t key_offset, uint32_t *ret)
+{
+	DATA_BLOB data;
+
+	/* Create a new key if necessary */
+	if (list_offset == -1) {
+		if (regf->header->version.major != 1) {
+			DEBUG(0, ("Can't store keys in unknown registry format\n"));
+			return WERR_NOT_SUPPORTED;
+		}
+		if (regf->header->version.minor < 3) {
+			/* Store LI */
+			struct li_block li;
+			ZERO_STRUCT(li);
+			li.header = "li";
+			li.key_count = 1;
+
+			li.nk_offset = talloc_array(regf, uint32_t, 1);
+			W_ERROR_HAVE_NO_MEMORY(li.nk_offset);
+			li.nk_offset[0] = key_offset;
+
+			*ret = hbin_store_tdr(regf,
+					      (tdr_push_fn_t) tdr_push_li_block,
+					      &li);
+
+			talloc_free(li.nk_offset);
+		} else if (regf->header->version.minor == 3 ||
+			   regf->header->version.minor == 4) {
+			/* Store LF */
+			struct lf_block lf;
+			ZERO_STRUCT(lf);
+			lf.header = "lf";
+			lf.key_count = 1;
+
+			lf.hr = talloc_array(regf, struct hash_record, 1);
+			W_ERROR_HAVE_NO_MEMORY(lf.hr);
+			lf.hr[0].nk_offset = key_offset;
+			lf.hr[0].hash = talloc_strndup(lf.hr, name, 4);
+			W_ERROR_HAVE_NO_MEMORY(lf.hr[0].hash);
+
+			*ret = hbin_store_tdr(regf,
+					      (tdr_push_fn_t) tdr_push_lf_block,
+					      &lf);
+
+			talloc_free(lf.hr);
+		} else if (regf->header->version.minor == 5) {
+			/* Store LH */
+			struct lh_block lh;
+			ZERO_STRUCT(lh);
+			lh.header = "lh";
+			lh.key_count = 1;
+
+			lh.hr = talloc_array(regf, struct lh_hash, 1);
+			W_ERROR_HAVE_NO_MEMORY(lh.hr);
+			lh.hr[0].nk_offset = key_offset;
+			lh.hr[0].base37 = regf_create_lh_hash(name);
+
+			*ret = hbin_store_tdr(regf,
+					      (tdr_push_fn_t) tdr_push_lh_block,
+					      &lh);
+
+			talloc_free(lh.hr);
+		}
+		return WERR_OK;
+	}
+
+	data = hbin_get(regf, list_offset);
+	if (!data.data) {
+		DEBUG(0, ("Unable to find subkey list\n"));
+		return WERR_FILE_NOT_FOUND;
+	}
+
+	if (!strncmp((char *)data.data, "li", 2)) {
+		struct tdr_pull *pull = tdr_pull_init(regf);
+		struct li_block li;
+		struct nk_block sub_nk;
+		int32_t i, j;
+
+		pull->data = data;
+
+		if (NT_STATUS_IS_ERR(tdr_pull_li_block(pull, regf, &li))) {
+			DEBUG(0, ("Error parsing LI list\n"));
+			talloc_free(pull);
+			return WERR_FILE_NOT_FOUND;
+		}
+		talloc_free(pull);
+
+		if (strncmp(li.header, "li", 2) != 0) {
+			abort();
+			DEBUG(0, ("LI header corrupt\n"));
+			return WERR_FILE_NOT_FOUND;
+		}
+
+		/* 
+		 * Find the position to store the pointer
+		 * Extensive testing reveils that at least on windows 7 subkeys 
+		 * *MUST* be stored in alphabetical order
+		 */
+		for (i = 0; i < li.key_count; i++) {
+			/* Get the nk */
+ 			hbin_get_tdr(regf, li.nk_offset[i], regf,
+					(tdr_pull_fn_t) tdr_pull_nk_block, &sub_nk);
+			if (strcasecmp(name, sub_nk.key_name) < 0) {
+				break;
+			}
+		}
+
+		li.nk_offset = talloc_realloc(regf, li.nk_offset,
+					      uint32_t, li.key_count+1);
+		W_ERROR_HAVE_NO_MEMORY(li.nk_offset);
+
+		/* Move everything behind this offset */
+		for (j = li.key_count - 1; j >= i; j--) {
+			li.nk_offset[j+1] = li.nk_offset[j];
+		}
+			
+		li.nk_offset[i] = key_offset;
+		li.key_count++;
+		*ret = hbin_store_tdr_resize(regf,
+					     (tdr_push_fn_t)tdr_push_li_block,
+					     list_offset, &li);
+
+		talloc_free(li.nk_offset);
+	} else if (!strncmp((char *)data.data, "lf", 2)) {
+		struct tdr_pull *pull = tdr_pull_init(regf);
+		struct lf_block lf;
+		struct nk_block sub_nk;
+		int32_t i, j;
+
+		pull->data = data;
+
+		if (NT_STATUS_IS_ERR(tdr_pull_lf_block(pull, regf, &lf))) {
+			DEBUG(0, ("Error parsing LF list\n"));
+			talloc_free(pull);
+			return WERR_FILE_NOT_FOUND;
+		}
+		talloc_free(pull);
+		SMB_ASSERT(!strncmp(lf.header, "lf", 2));
+
+		/* 
+		 * Find the position to store the hash record
+		 * Extensive testing reveils that at least on windows 7 subkeys 
+		 * *MUST* be stored in alphabetical order
+		 */
+		for (i = 0; i < lf.key_count; i++) {
+			/* Get the nk */
+ 			hbin_get_tdr(regf, lf.hr[i].nk_offset, regf,
+					(tdr_pull_fn_t) tdr_pull_nk_block, &sub_nk);
+			if (strcasecmp(name, sub_nk.key_name) < 0) {
+				break;
+			}
+		}
+
+		lf.hr = talloc_realloc(regf, lf.hr, struct hash_record,
+				       lf.key_count+1);
+		W_ERROR_HAVE_NO_MEMORY(lf.hr);
+
+		/* Move everything behind this hash record */
+		for (j = lf.key_count - 1; j >= i; j--) {
+			lf.hr[j+1] = lf.hr[j];
+		}
+
+		lf.hr[i].nk_offset = key_offset;
+		lf.hr[i].hash = talloc_strndup(lf.hr, name, 4);
+		W_ERROR_HAVE_NO_MEMORY(lf.hr[lf.key_count].hash);
+		lf.key_count++;
+		*ret = hbin_store_tdr_resize(regf,
+					     (tdr_push_fn_t)tdr_push_lf_block,
+					     list_offset, &lf);
+
+		talloc_free(lf.hr);
+	} else if (!strncmp((char *)data.data, "lh", 2)) {
+		struct tdr_pull *pull = tdr_pull_init(regf);
+		struct lh_block lh;
+		struct nk_block sub_nk;
+		int32_t i, j;
+
+		pull->data = data;
+
+		if (NT_STATUS_IS_ERR(tdr_pull_lh_block(pull, regf, &lh))) {
+			DEBUG(0, ("Error parsing LH list\n"));
+			talloc_free(pull);
+			return WERR_FILE_NOT_FOUND;
+		}
+		talloc_free(pull);
+		SMB_ASSERT(!strncmp(lh.header, "lh", 2));
+
+		/* 
+		 * Find the position to store the hash record
+		 * Extensive testing reveils that at least on windows 7 subkeys 
+		 * *MUST* be stored in alphabetical order
+		 */
+		for (i = 0; i < lh.key_count; i++) {
+			/* Get the nk */
+ 			hbin_get_tdr(regf, lh.hr[i].nk_offset, regf,
+					(tdr_pull_fn_t) tdr_pull_nk_block, &sub_nk);
+			if (strcasecmp(name, sub_nk.key_name) < 0) {
+				break;
+			}
+		}
+
+		lh.hr = talloc_realloc(regf, lh.hr, struct lh_hash,
+				       lh.key_count+1);
+		W_ERROR_HAVE_NO_MEMORY(lh.hr);
+
+		/* Move everything behind this hash record */
+		for (j = lh.key_count - 1; j >= i; j--) {
+			lh.hr[j+1] = lh.hr[j];
+		}
+
+		lh.hr[i].nk_offset = key_offset;
+		lh.hr[i].base37 = regf_create_lh_hash(name);
+		lh.key_count++;
+		*ret = hbin_store_tdr_resize(regf,
+					     (tdr_push_fn_t)tdr_push_lh_block,
+					     list_offset, &lh);
+
+		talloc_free(lh.hr);
+	} else if (!strncmp((char *)data.data, "ri", 2)) {
+		/* FIXME */
+		DEBUG(0, ("Adding to 'ri' subkey list is not supported yet.\n"));
+		return WERR_NOT_SUPPORTED;
+	} else {
+		DEBUG(0, ("Cannot add to unknown subkey list\n"));
+		return WERR_FILE_NOT_FOUND;
+	}
+
+	return WERR_OK;
+}
+
+static WERROR regf_sl_del_entry(struct regf_data *regf, uint32_t list_offset,
+				uint32_t key_offset, uint32_t *ret)
+{
+	DATA_BLOB data;
+
+	data = hbin_get(regf, list_offset);
+	if (!data.data) {
+		DEBUG(0, ("Unable to find subkey list\n"));
+		return WERR_FILE_NOT_FOUND;
+	}
+
+	if (strncmp((char *)data.data, "li", 2) == 0) {
+		struct li_block li;
+		struct tdr_pull *pull = tdr_pull_init(regf);
+		uint16_t i;
+		bool found_offset = false;
+
+		DEBUG(10, ("Subkeys in LI list\n"));
+
+		pull->data = data;
+
+		if (NT_STATUS_IS_ERR(tdr_pull_li_block(pull, regf, &li))) {
+			DEBUG(0, ("Error parsing LI list\n"));
+			talloc_free(pull);
+			return WERR_FILE_NOT_FOUND;
+		}
+		talloc_free(pull);
+
+		SMB_ASSERT(!strncmp(li.header, "li", 2));
+
+		for (i = 0; i < li.key_count; i++) {
+			if (found_offset) {
+				li.nk_offset[i-1] = li.nk_offset[i];
+			}
+			if (li.nk_offset[i] == key_offset) {
+				found_offset = true;
+				continue;
+			}
+		}
+		if (!found_offset) {
+			DEBUG(2, ("Subkey not found\n"));
+			return WERR_FILE_NOT_FOUND;
+		}
+		li.key_count--;
+
+		/* If the there are no entries left, free the subkey list */
+		if (li.key_count == 0) {
+			hbin_free(regf, list_offset);
+			*ret = -1;
+		}
+
+		/* Store li block */
+		*ret = hbin_store_tdr_resize(regf,
+					     (tdr_push_fn_t) tdr_push_li_block,
+					     list_offset, &li);
+	} else if (strncmp((char *)data.data, "lf", 2) == 0) {
+		struct lf_block lf;
+		struct tdr_pull *pull = tdr_pull_init(regf);
+		uint16_t i;
+		bool found_offset = false;
+
+		DEBUG(10, ("Subkeys in LF list\n"));
+
+		pull->data = data;
+
+		if (NT_STATUS_IS_ERR(tdr_pull_lf_block(pull, regf, &lf))) {
+			DEBUG(0, ("Error parsing LF list\n"));
+			talloc_free(pull);
+			return WERR_FILE_NOT_FOUND;
+		}
+		talloc_free(pull);
+
+		SMB_ASSERT(!strncmp(lf.header, "lf", 2));
+
+		for (i = 0; i < lf.key_count; i++) {
+			if (found_offset) {
+				lf.hr[i-1] = lf.hr[i];
+				continue;
+			}
+			if (lf.hr[i].nk_offset == key_offset) {
+				found_offset = 1;
+				continue;
+			}
+		}
+		if (!found_offset) {
+			DEBUG(2, ("Subkey not found\n"));
+			return WERR_FILE_NOT_FOUND;
+		}
+		lf.key_count--;
+
+		/* If the there are no entries left, free the subkey list */
+		if (lf.key_count == 0) {
+			hbin_free(regf, list_offset);
+			*ret = -1;
+			return WERR_OK;
+		}
+
+		/* Store lf block */
+		*ret = hbin_store_tdr_resize(regf,
+					     (tdr_push_fn_t) tdr_push_lf_block,
+					     list_offset, &lf);
+	} else if (strncmp((char *)data.data, "lh", 2) == 0) {
+		struct lh_block lh;
+		struct tdr_pull *pull = tdr_pull_init(regf);
+		uint16_t i;
+		bool found_offset = false;
+
+		DEBUG(10, ("Subkeys in LH list\n"));
+
+		pull->data = data;
+
+		if (NT_STATUS_IS_ERR(tdr_pull_lh_block(pull, regf, &lh))) {
+			DEBUG(0, ("Error parsing LF list\n"));
+			talloc_free(pull);
+			return WERR_FILE_NOT_FOUND;
+		}
+		talloc_free(pull);
+
+		SMB_ASSERT(!strncmp(lh.header, "lh", 2));
+
+		for (i = 0; i < lh.key_count; i++) {
+			if (found_offset) {
+				lh.hr[i-1] = lh.hr[i];
+				continue;
+			}
+			if (lh.hr[i].nk_offset == key_offset) {
+				found_offset = 1;
+				continue;
+			}
+		}
+		if (!found_offset) {
+			DEBUG(0, ("Subkey not found\n"));
+			return WERR_FILE_NOT_FOUND;
+		}
+		lh.key_count--;
+
+		/* If the there are no entries left, free the subkey list */
+		if (lh.key_count == 0) {
+			hbin_free(regf, list_offset);
+			*ret = -1;
+			return WERR_OK;
+		}
+
+		/* Store lh block */
+		*ret = hbin_store_tdr_resize(regf,
+					     (tdr_push_fn_t) tdr_push_lh_block,
+					     list_offset, &lh);
+	} else if (strncmp((char *)data.data, "ri", 2) == 0) {
+		/* FIXME */
+		DEBUG(0, ("Sorry, deletion from ri block is not supported yet.\n"));
+		return WERR_NOT_SUPPORTED;
+	} else {
+		DEBUG (0, ("Unknown header found in subkey list.\n"));
+		return WERR_FILE_NOT_FOUND;
+	}
+	return WERR_OK;
+}
+
+static WERROR regf_del_value(TALLOC_CTX *mem_ctx, struct hive_key *key,
+			     const char *name)
+{
+	struct regf_key_data *private_data = (struct regf_key_data *)key;
+	struct regf_data *regf = private_data->hive;
+	struct nk_block *nk = private_data->nk;
+	struct vk_block vk;
+	uint32_t vk_offset;
+	bool found_offset = false;
+	DATA_BLOB values;
+	unsigned int i;
+
+	if (nk->values_offset == -1) {
+		return WERR_FILE_NOT_FOUND;
+	}
+
+	values = hbin_get(regf, nk->values_offset);
+
+	for (i = 0; i < nk->num_values; i++) {
+		if (found_offset) {
+			((uint32_t *)values.data)[i-1] = ((uint32_t *) values.data)[i];
+		} else {
+			vk_offset = IVAL(values.data, i * 4);
+			if (!hbin_get_tdr(regf, vk_offset, private_data,
+					  (tdr_pull_fn_t)tdr_pull_vk_block,
+					  &vk)) {
+				DEBUG(0, ("Unable to get VK block at %d\n",
+					vk_offset));
+				return WERR_FILE_NOT_FOUND;
+			}
+			if (strcmp(vk.data_name, name) == 0) {
+				hbin_free(regf, vk_offset);
+				found_offset = true;
+			}
+		}
+	}
+	if (!found_offset) {
+		return WERR_FILE_NOT_FOUND;
+	} else {
+		nk->num_values--;
+		values.length = (nk->num_values)*4;
+	}
+
+	/* Store values list and nk */
+	if (nk->num_values == 0) {
+		hbin_free(regf, nk->values_offset);
+		nk->values_offset = -1;
+	} else {
+		nk->values_offset = hbin_store_resize(regf,
+						      nk->values_offset,
+						      values);
+	}
+	hbin_store_tdr_resize(regf, (tdr_push_fn_t) tdr_push_nk_block,
+			      private_data->offset, nk);
+
+	return regf_save_hbin(private_data->hive, 0);
+}
+
+
+static WERROR regf_del_key(TALLOC_CTX *mem_ctx, const struct hive_key *parent,
+			   const char *name)
+{
+	const struct regf_key_data *private_data =
+		(const struct regf_key_data *)parent;
+	struct regf_key_data *key;
+	struct nk_block *parent_nk;
+	WERROR error;
+
+	SMB_ASSERT(private_data);
+
+	parent_nk = private_data->nk;
+
+	if (parent_nk->subkeys_offset == -1) {
+		DEBUG(4, ("Subkey list is empty, this key cannot contain subkeys.\n"));
+		return WERR_FILE_NOT_FOUND;
+	}
+
+	/* Find the key */
+	if (!W_ERROR_IS_OK(regf_get_subkey_by_name(parent_nk, parent, name,
+						   (struct hive_key **)&key))) {
+		DEBUG(2, ("Key '%s' not found\n", name));
+		return WERR_FILE_NOT_FOUND;
+	}
+
+	if (key->nk->subkeys_offset != -1) {
+		struct hive_key *sk = (struct hive_key *)key;
+		unsigned int i = key->nk->num_subkeys;
+		while (i--) {
+			char *sk_name;
+			const char *p = NULL;
+
+			/* Get subkey information. */
+			error = regf_get_subkey_by_index(parent_nk, sk, 0,
+							 &p,
+							 NULL, NULL);
+			if (!W_ERROR_IS_OK(error)) {
+				DEBUG(0, ("Can't retrieve subkey by index.\n"));
+				return error;
+			}
+			sk_name = discard_const_p(char, p);
+
+			/* Delete subkey. */
+			error = regf_del_key(NULL, sk, sk_name);
+			if (!W_ERROR_IS_OK(error)) {
+				DEBUG(0, ("Can't delete key '%s'.\n", sk_name));
+				return error;
+			}
+
+			talloc_free(sk_name);
+		}
+	}
+
+	if (key->nk->values_offset != -1) {
+		struct hive_key *sk = (struct hive_key *)key;
+		DATA_BLOB data;
+		unsigned int i = key->nk->num_values;
+		while (i--) {
+			char *val_name;
+			const char *p = NULL;
+
+			/* Get value information. */
+			error = regf_get_value(parent_nk, sk, 0,
+					       &p,
+					       NULL, &data);
+			if (!W_ERROR_IS_OK(error)) {
+				DEBUG(0, ("Can't retrieve value by index.\n"));
+				return error;
+			}
+			val_name = discard_const_p(char, p);
+
+			/* Delete value. */
+			error = regf_del_value(NULL, sk, val_name);
+			if (!W_ERROR_IS_OK(error)) {
+				DEBUG(0, ("Can't delete value '%s'.\n", val_name));
+				return error;
+			}
+
+			talloc_free(val_name);
+		}
+	}
+
+	/* Delete it from the subkey list. */
+	error = regf_sl_del_entry(private_data->hive, parent_nk->subkeys_offset,
+				  key->offset, &parent_nk->subkeys_offset);
+	if (!W_ERROR_IS_OK(error)) {
+		DEBUG(0, ("Can't store new subkey list for parent key. Won't delete.\n"));
+		return error;
+	}
+
+	/* Re-store parent key */
+	parent_nk->num_subkeys--;
+	hbin_store_tdr_resize(private_data->hive,
+			      (tdr_push_fn_t) tdr_push_nk_block,
+			      private_data->offset, parent_nk);
+
+	if (key->nk->clsname_offset != -1) {
+		hbin_free(private_data->hive, key->nk->clsname_offset);
+	}
+	hbin_free(private_data->hive, key->offset);
+
+	return regf_save_hbin(private_data->hive, 0);
+}
+
+static WERROR regf_add_key(TALLOC_CTX *ctx, const struct hive_key *parent,
+			   const char *name, const char *classname,
+			   struct security_descriptor *sec_desc,
+			   struct hive_key **ret)
+{
+	const struct regf_key_data *private_data =
+		(const struct regf_key_data *)parent;
+	struct nk_block *parent_nk = private_data->nk, nk;
+	struct nk_block *root;
+	struct regf_data *regf = private_data->hive;
+	uint32_t offset;
+	WERROR error;
+
+	nk.header = "nk";
+	nk.type = REG_SUB_KEY;
+	unix_to_nt_time(&nk.last_change, time(NULL));
+	nk.uk1 = 0;
+	nk.parent_offset = private_data->offset;
+	nk.num_subkeys = 0;
+	nk.uk2 = 0;
+	nk.subkeys_offset = -1;
+	nk.unknown_offset = -1;
+	nk.num_values = 0;
+	nk.values_offset = -1;
+	memset(nk.unk3, 0, sizeof(nk.unk3));
+	nk.clsname_offset = -1; /* FIXME: fill in */
+	nk.clsname_length = 0;
+	nk.key_name = name;
+
+	/* Get the security descriptor of the root key */
+ 	root = talloc_zero(ctx, struct nk_block);
+	W_ERROR_HAVE_NO_MEMORY(root);
+
+	if (!hbin_get_tdr(regf, regf->header->data_offset, root,
+			  (tdr_pull_fn_t)tdr_pull_nk_block, root)) {
+		DEBUG(0, ("Unable to find HBIN data for offset 0x%x\n",
+			regf->header->data_offset));
+		return WERR_GEN_FAILURE;
+	}
+	nk.sk_offset = root->sk_offset;
+	talloc_free(root);
+
+	/* Store the new nk key */
+	offset = hbin_store_tdr(regf, (tdr_push_fn_t) tdr_push_nk_block, &nk);
+
+	error = regf_sl_add_entry(regf, parent_nk->subkeys_offset, name, offset,
+				  &parent_nk->subkeys_offset);
+	if (!W_ERROR_IS_OK(error)) {
+		hbin_free(regf, offset);
+		return error;
+	}
+
+	parent_nk->num_subkeys++;
+
+	/* Since the subkey offset of the parent can change, store it again */
+	hbin_store_tdr_resize(regf, (tdr_push_fn_t) tdr_push_nk_block,
+						  nk.parent_offset, parent_nk);
+
+	*ret = (struct hive_key *)regf_get_key(ctx, regf, offset);
+
+	DEBUG(9, ("Storing key %s\n", name));
+	return regf_save_hbin(private_data->hive, 0);
+}
+
+static WERROR regf_set_value(struct hive_key *key, const char *name,
+			     uint32_t type, const DATA_BLOB data)
+{
+	struct regf_key_data *private_data = (struct regf_key_data *)key;
+	struct regf_data *regf = private_data->hive;
+	struct nk_block *nk = private_data->nk;
+	struct vk_block vk;
+	uint32_t i;
+	uint32_t tmp_vk_offset, vk_offset, old_vk_offset = (uint32_t) -1;
+	DATA_BLOB values = {0};
+
+	ZERO_STRUCT(vk);
+
+	/* find the value offset, if it exists */
+	if (nk->values_offset != -1) {
+		values = hbin_get(regf, nk->values_offset);
+
+		for (i = 0; i < nk->num_values; i++) {
+			tmp_vk_offset = IVAL(values.data, i * 4);
+			if (!hbin_get_tdr(regf, tmp_vk_offset, private_data,
+					  (tdr_pull_fn_t)tdr_pull_vk_block,
+					  &vk)) {
+				DEBUG(0, ("Unable to get VK block at 0x%x\n",
+					tmp_vk_offset));
+				return WERR_GEN_FAILURE;
+			}
+			if (strcmp(vk.data_name, name) == 0) {
+				old_vk_offset = tmp_vk_offset;
+				break;
+			}
+		}
+	}
+
+	/* If it's new, create the vk struct, if it's old, free the old data. */
+	if (old_vk_offset == -1) {
+		vk.header = "vk";
+		if (name != NULL && name[0] != '\0') {
+			vk.flag = 1;
+			vk.data_name = name;
+			vk.name_length = strlen(name);
+		} else {
+			vk.flag = 0;
+			vk.data_name = NULL;
+			vk.name_length = 0;
+		}
+	} else {
+		/* Free data, if any */
+		if (!(vk.data_length & 0x80000000)) {
+			hbin_free(regf, vk.data_offset);
+		}
+	}
+
+	/* Set the type and data */
+	vk.data_length = data.length;
+	vk.data_type = type;
+	if ((type == REG_DWORD) || (type == REG_DWORD_BIG_ENDIAN)) {
+		if (vk.data_length != sizeof(uint32_t)) {
+			DEBUG(0, ("DWORD or DWORD_BIG_ENDIAN value with size other than 4 byte!\n"));
+			return WERR_NOT_SUPPORTED;
+		}
+		vk.data_length |= 0x80000000;
+		vk.data_offset = IVAL(data.data, 0);
+	} else {
+		/* Store data somewhere */
+		vk.data_offset = hbin_store(regf, data);
+	}
+	if (old_vk_offset == -1) {
+		/* Store new vk */
+		vk_offset = hbin_store_tdr(regf,
+					   (tdr_push_fn_t) tdr_push_vk_block,
+					   &vk);
+	} else {
+		/* Store vk at offset */
+		vk_offset = hbin_store_tdr_resize(regf,
+						  (tdr_push_fn_t) tdr_push_vk_block,
+						  old_vk_offset ,&vk);
+	}
+
+	/* Re-allocate the value list */
+	if (nk->values_offset == -1) {
+		nk->values_offset = hbin_store_tdr(regf,
+						   (tdr_push_fn_t) tdr_push_uint32,
+						   &vk_offset);
+		nk->num_values = 1;
+	} else {
+
+		/* Change if we're changing, otherwise we're adding the value */
+		if (old_vk_offset != -1) {
+			/* Find and overwrite the offset. */
+			for (i = 0; i < nk->num_values; i++) {
+				if (IVAL(values.data, i * 4) == old_vk_offset) {
+					SIVAL(values.data, i * 4, vk_offset);
+					break;
+				}
+			}
+		} else {
+			/* Create a new value list */
+			DATA_BLOB value_list;
+
+			value_list.length = (nk->num_values+1)*4;
+			value_list.data = (uint8_t *)talloc_array(private_data,
+								  uint32_t,
+								  nk->num_values+1);
+			W_ERROR_HAVE_NO_MEMORY(value_list.data);
+			memcpy(value_list.data, values.data, nk->num_values * 4);
+
+			SIVAL(value_list.data, nk->num_values * 4, vk_offset);
+			nk->num_values++;
+			nk->values_offset = hbin_store_resize(regf,
+							      nk->values_offset,
+							      value_list);
+		}
+
+	}
+	hbin_store_tdr_resize(regf,
+			      (tdr_push_fn_t) tdr_push_nk_block,
+			      private_data->offset, nk);
+	return regf_save_hbin(private_data->hive, 0);
+}
+
+static WERROR regf_save_hbin(struct regf_data *regf, bool flush)
+{
+	struct tdr_push *push = tdr_push_init(regf);
+	unsigned int i;
+
+	W_ERROR_HAVE_NO_MEMORY(push);
+
+	/* Only write once every 5 seconds, or when flush is set */
+	if (!flush && regf->last_write + 5 >= time(NULL)) {
+		return WERR_OK;
+	}
+
+	regf->last_write = time(NULL);
+
+	if (lseek(regf->fd, 0, SEEK_SET) == -1) {
+		DEBUG(0, ("Error lseeking in regf file\n"));
+		return WERR_GEN_FAILURE;
+	}
+
+	/* Recompute checksum */
+	if (NT_STATUS_IS_ERR(tdr_push_regf_hdr(push, regf->header))) {
+		DEBUG(0, ("Failed to push regf header\n"));
+		return WERR_GEN_FAILURE;
+	}
+	regf->header->chksum = regf_hdr_checksum(push->data.data);
+	talloc_free(push);
+
+	if (NT_STATUS_IS_ERR(tdr_push_to_fd(regf->fd,
+					    (tdr_push_fn_t)tdr_push_regf_hdr,
+					    regf->header))) {
+		DEBUG(0, ("Error writing registry file header\n"));
+		return WERR_GEN_FAILURE;
+	}
+
+	if (lseek(regf->fd, 0x1000, SEEK_SET) == -1) {
+		DEBUG(0, ("Error lseeking to 0x1000 in regf file\n"));
+		return WERR_GEN_FAILURE;
+	}
+
+	for (i = 0; regf->hbins[i]; i++) {
+		if (NT_STATUS_IS_ERR(tdr_push_to_fd(regf->fd, 
+						    (tdr_push_fn_t)tdr_push_hbin_block,
+						    regf->hbins[i]))) {
+			DEBUG(0, ("Error writing HBIN block\n"));
+			return WERR_GEN_FAILURE;
+		}
+	}
+
+	return WERR_OK;
+}
+
+WERROR reg_create_regf_file(TALLOC_CTX *parent_ctx, 
+			    const char *location,
+			    int minor_version, struct hive_key **key)
+{
+	struct regf_data *regf;
+	struct regf_hdr *regf_hdr;
+	struct nk_block nk;
+	struct sk_block sk;
+	WERROR error;
+	DATA_BLOB data;
+	struct security_descriptor *sd;
+	uint32_t sk_offset;
+
+	regf = (struct regf_data *)talloc_zero(NULL, struct regf_data);
+
+	W_ERROR_HAVE_NO_MEMORY(regf);
+
+	DEBUG(5, ("Attempting to create registry file\n"));
+
+	/* Get the header */
+	regf->fd = creat(location, 0644);
+
+	if (regf->fd == -1) {
+		DEBUG(0,("Could not create file: %s, %s\n", location,
+				 strerror(errno)));
+		talloc_free(regf);
+		return WERR_GEN_FAILURE;
+	}
+
+	regf_hdr = talloc_zero(regf, struct regf_hdr);
+	W_ERROR_HAVE_NO_MEMORY(regf_hdr);
+	regf_hdr->REGF_ID = "regf";
+	unix_to_nt_time(&regf_hdr->modtime, time(NULL));
+	regf_hdr->version.major = 1;
+	regf_hdr->version.minor = minor_version;
+	regf_hdr->last_block = 0x1000; /* Block size */
+	regf_hdr->description = talloc_strdup(regf_hdr,
+					      "Registry created by Samba 4");
+	W_ERROR_HAVE_NO_MEMORY(regf_hdr->description);
+	regf_hdr->chksum = 0;
+
+	regf->header = regf_hdr;
+
+	/* Create all hbin blocks */
+	regf->hbins = talloc_array(regf, struct hbin_block *, 1);
+	W_ERROR_HAVE_NO_MEMORY(regf->hbins);
+	regf->hbins[0] = NULL;
+
+	nk.header = "nk";
+	nk.type = REG_ROOT_KEY;
+	unix_to_nt_time(&nk.last_change, time(NULL));
+	nk.uk1 = 0;
+	nk.parent_offset = -1;
+	nk.num_subkeys = 0;
+	nk.uk2 = 0;
+	nk.subkeys_offset = -1;
+	nk.unknown_offset = -1;
+	nk.num_values = 0;
+	nk.values_offset = -1;
+	memset(nk.unk3, 0, 5 * sizeof(uint32_t));
+	nk.clsname_offset = -1;
+	nk.clsname_length = 0;
+	nk.sk_offset = 0x80;
+	nk.key_name = "SambaRootKey";
+
+	/*
+	 * It should be noted that changing the key_name to something shorter
+	 * creates a shorter nk block, which makes the position of the sk block
+	 * change. All Windows registries I've seen have the sk at 0x80. 
+	 * I therefore recommend that our regf files share that offset -- Wilco
+	 */
+
+	/* Create a security descriptor. */
+	sd = security_descriptor_dacl_create(regf,
+					 0,
+					 NULL, NULL,
+					 SID_NT_AUTHENTICATED_USERS,
+					 SEC_ACE_TYPE_ACCESS_ALLOWED,
+					 SEC_GENERIC_ALL,
+					 SEC_ACE_FLAG_OBJECT_INHERIT,
+					 NULL);
+	
+	/* Push the security descriptor to a blob */
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_push_struct_blob(&data, regf, 
+				     sd, (ndr_push_flags_fn_t)ndr_push_security_descriptor))) {
+		DEBUG(0, ("Unable to push security descriptor\n"));
+		return WERR_GEN_FAILURE;
+	}
+
+	ZERO_STRUCT(sk);
+	sk.header = "sk";
+	sk.prev_offset = 0x80;
+	sk.next_offset = 0x80;
+	sk.ref_cnt = 1;
+	sk.rec_size = data.length;
+	sk.sec_desc = data.data;
+
+	/* Store the new nk key */
+	regf->header->data_offset = hbin_store_tdr(regf,
+						   (tdr_push_fn_t)tdr_push_nk_block,
+						   &nk);
+	/* Store the sk block */
+	sk_offset = hbin_store_tdr(regf,
+				   (tdr_push_fn_t) tdr_push_sk_block,
+				   &sk);
+	if (sk_offset != 0x80) {
+		DEBUG(0, ("Error storing sk block, should be at 0x80, stored at 0x%x\n", nk.sk_offset));
+		return WERR_GEN_FAILURE;
+	}
+
+
+	*key = (struct hive_key *)regf_get_key(parent_ctx, regf,
+					       regf->header->data_offset);
+
+	error = regf_save_hbin(regf, 1);
+	if (!W_ERROR_IS_OK(error)) {
+		return error;
+	}
+	
+	/* We can drop our own reference now that *key will have created one */
+	talloc_unlink(NULL, regf);
+
+	return WERR_OK;
+}
+
+static WERROR regf_flush_key(struct hive_key *key)
+{
+	struct regf_key_data *private_data = (struct regf_key_data *)key;
+	struct regf_data *regf = private_data->hive;
+	WERROR error;
+
+	error = regf_save_hbin(regf, 1);
+	if (!W_ERROR_IS_OK(error)) {
+		DEBUG(0, ("Failed to flush regf to disk\n"));
+		return error;
+	}
+
+	return WERR_OK;
+}
+
+static int regf_destruct(struct regf_data *regf)
+{
+	WERROR error;
+
+	/* Write to disk */
+	error = regf_save_hbin(regf, 1);
+	if (!W_ERROR_IS_OK(error)) {
+		DEBUG(0, ("Failed to flush registry to disk\n"));
+		return -1;
+	}
+
+	/* Close file descriptor */
+	close(regf->fd);
+
+	return 0;
+}
+
+WERROR reg_open_regf_file(TALLOC_CTX *parent_ctx, const char *location, 
+			  struct hive_key **key)
+{
+	struct regf_data *regf;
+	struct regf_hdr *regf_hdr;
+	struct tdr_pull *pull;
+	unsigned int i;
+
+	regf = (struct regf_data *)talloc_zero(parent_ctx, struct regf_data);
+	W_ERROR_HAVE_NO_MEMORY(regf);
+
+	talloc_set_destructor(regf, regf_destruct);
+
+	DEBUG(5, ("Attempting to load registry file\n"));
+
+	/* Get the header */
+	regf->fd = open(location, O_RDWR);
+
+	if (regf->fd == -1) {
+		DEBUG(0,("Could not load file: %s, %s\n", location,
+				 strerror(errno)));
+		talloc_free(regf);
+		return WERR_GEN_FAILURE;
+	}
+
+	pull = tdr_pull_init(regf);
+
+	pull->data.data = (uint8_t*)fd_load(regf->fd, &pull->data.length, 0, regf);
+
+	if (pull->data.data == NULL) {
+		DEBUG(0, ("Error reading data from file: %s\n", location));
+		talloc_free(regf);
+		return WERR_GEN_FAILURE;
+	}
+
+	regf_hdr = talloc(regf, struct regf_hdr);
+	W_ERROR_HAVE_NO_MEMORY(regf_hdr);
+
+	if (NT_STATUS_IS_ERR(tdr_pull_regf_hdr(pull, regf_hdr, regf_hdr))) {
+		DEBUG(0, ("Failed to pull regf header from file: %s\n", location));
+		talloc_free(regf);
+		return WERR_GEN_FAILURE;
+	}
+
+	regf->header = regf_hdr;
+
+	if (strcmp(regf_hdr->REGF_ID, "regf") != 0) {
+		DEBUG(0, ("Unrecognized NT registry header id: %s, %s\n",
+			regf_hdr->REGF_ID, location));
+		talloc_free(regf);
+		return WERR_GEN_FAILURE;
+	}
+
+	/* Validate the header ... */
+	if (regf_hdr_checksum(pull->data.data) != regf_hdr->chksum) {
+		DEBUG(0, ("Registry file checksum error: %s: %d,%d\n",
+			location, regf_hdr->chksum,
+			regf_hdr_checksum(pull->data.data)));
+		talloc_free(regf);
+		return WERR_GEN_FAILURE;
+	}
+
+	pull->offset = 0x1000;
+
+	i = 0;
+	/* Read in all hbin blocks */
+	regf->hbins = talloc_array(regf, struct hbin_block *, 1);
+	W_ERROR_HAVE_NO_MEMORY(regf->hbins);
+
+	regf->hbins[0] = NULL;
+
+	while (pull->offset < pull->data.length &&
+	       pull->offset <= regf->header->last_block) {
+		struct hbin_block *hbin = talloc(regf->hbins,
+						 struct hbin_block);
+
+		W_ERROR_HAVE_NO_MEMORY(hbin);
+
+		if (NT_STATUS_IS_ERR(tdr_pull_hbin_block(pull, hbin, hbin))) {
+			DEBUG(0, ("[%d] Error parsing HBIN block\n", i));
+			talloc_free(regf);
+			return WERR_FOOBAR;
+		}
+
+		if (strcmp(hbin->HBIN_ID, "hbin") != 0) {
+			DEBUG(0, ("[%d] Expected 'hbin', got '%s'\n",
+				i, hbin->HBIN_ID));
+			talloc_free(regf);
+			return WERR_FOOBAR;
+		}
+
+		regf->hbins[i] = hbin;
+		i++;
+		regf->hbins = talloc_realloc(regf, regf->hbins,
+					     struct hbin_block *, i+2);
+		regf->hbins[i] = NULL;
+	}
+
+	talloc_free(pull);
+
+	DEBUG(1, ("%d HBIN blocks read\n", i));
+
+	*key = (struct hive_key *)regf_get_key(parent_ctx, regf,
+					       regf->header->data_offset);
+
+	/* We can drop our own reference now that *key will have created one */
+	talloc_unlink(parent_ctx, regf);
+
+	return WERR_OK;
+}
+
+static struct hive_operations reg_backend_regf = {
+	.name = "regf",
+	.get_key_info = regf_get_info,
+	.enum_key = regf_get_subkey_by_index,
+	.get_key_by_name = regf_get_subkey_by_name,
+	.get_value_by_name = regf_get_value_by_name,
+	.enum_value = regf_get_value,
+	.get_sec_desc = regf_get_sec_desc,
+	.set_sec_desc = regf_set_sec_desc,
+	.add_key = regf_add_key,
+	.set_value = regf_set_value,
+	.del_key = regf_del_key,
+	.delete_value = regf_del_value,
+	.flush_key = regf_flush_key
+};
diff --git a/source4/lib/registry/regf.idl b/source4/lib/registry/regf.idl
new file mode 100644
index 0000000..064aaf0
--- /dev/null
+++ b/source4/lib/registry/regf.idl
@@ -0,0 +1,167 @@
+/*
+ Definitions for the REGF registry file format as used by 
+ Windows NT4 and above. 
+
+   Copyright (C) 2005 Jelmer Vernooij, jelmer@samba.org
+   Copyright (C) 2006 Wilco Baan Hofman, wilco@baanhofman.nl
+   
+ Based on two files from Samba 3:
+ 	regedit.c by Richard Sharpe
+    regfio.c by Jerry Carter
+ 
+*/
+
+interface regf
+{
+	const int REGF_OFFSET_NONE = 0xffffffff;
+
+	/* 
+	 * Registry version number
+	 * 1.2.0.1 for WinNT 3.51
+	 * 1.3.0.1 for WinNT 4
+	 * 1.5.0.1 for WinXP
+	 */
+	
+	[noprint] struct regf_version {
+		[value(1)] uint32 major; 
+		uint32 minor;
+		[value(0)] uint32 release;
+		[value(1)] uint32 build;
+	};
+
+	/* 
+		"regf" is obviously the abbreviation for "Registry file". "regf" is the
+		signature of the header-block which is always 4kb in size, although only
+		the first 64 bytes seem to be used and a checksum is calculated over
+		the first 0x200 bytes only!
+	 */
+	
+	[public,noprint] struct regf_hdr {
+		[charset(DOS)] uint8 REGF_ID[4];     /* 'regf' */
+		uint32 update_counter1;
+		uint32 update_counter2;
+		NTTIME modtime;
+		regf_version version;
+		uint32 data_offset;       
+		uint32 last_block;
+		[value(1)] uint32 uk7;        		/* 1 */
+		[charset(UTF16)] uint16 description[0x20];
+		uint32 padding[99]; 					/* Padding */
+		/* Checksum of first 0x200 bytes XOR-ed */
+		uint32 chksum;  
+	};
+
+	/* 
+		hbin probably means hive-bin (i.e. hive-container)
+		This block is always a multiple
+		of 4kb in size.
+     */
+	[public,noprint] struct hbin_block {
+		[charset(DOS)] uint8 HBIN_ID[4]; /* hbin */
+		uint32 offset_from_first; /* Offset from 1st hbin-Block */
+		uint32 offset_to_next;	  /* Offset to the next hbin-Block */
+		uint32 unknown[2];
+		NTTIME last_change;
+		uint32 block_size;	   /* Block size (including the header!) */
+		uint8 data[offset_to_next-0x20]; 
+		/* data is filled with:
+		 	uint32 length; 			
+				Negative if in use, positive otherwise
+				Always a multiple of 8
+			uint8_t data[length];  
+				Free space marker if 0xffffffff
+	     */
+	};
+
+	[noprint] enum reg_key_type { 
+		REG_ROOT_KEY = 0x2C, 
+		REG_SUB_KEY  = 0x20, 
+		REG_SYM_LINK = 0x10 
+	};
+
+	/*
+      The nk-record can be treated as a combination of tree-record and
+      key-record of the win 95 registry.
+	*/
+	[public,noprint] struct nk_block {
+		[charset(DOS)] uint8 header[2];
+		reg_key_type type;
+		NTTIME last_change;
+		uint32 uk1;
+		uint32 parent_offset;
+		uint32 num_subkeys;
+		uint32 uk2;
+		uint32 subkeys_offset;
+		uint32 unknown_offset;
+		uint32 num_values;
+		uint32 values_offset; /* Points to a list of offsets of vk-records */
+		uint32 sk_offset;
+		uint32 clsname_offset;
+		uint32 unk3[5];
+		[value(strlen(key_name))] uint16 name_length;
+		uint16 clsname_length;
+		[charset(DOS)] uint8 key_name[name_length];  
+	};
+
+	/* sk (? Security Key ?) is the ACL of the registry. */
+	[noprint,public] struct sk_block {
+		[charset(DOS)] uint8 header[2];
+		uint16 tag;
+		uint32 prev_offset;
+		uint32 next_offset;
+		uint32 ref_cnt;
+		uint32 rec_size;
+		uint8 sec_desc[rec_size]; 
+	};
+
+	[noprint] struct lh_hash {
+			uint32 nk_offset;
+			uint32 base37; /* base37 of key name */
+	};
+	
+	/* Subkey listing with hash of first 4 characters */
+	[public,noprint] struct lh_block {
+		[charset(DOS)] uint8 header[2];
+		uint16 key_count;
+		lh_hash hr[key_count];
+	};
+
+	[public,noprint] struct li_block {
+		[charset(DOS)] uint8 header[2];
+		uint16 key_count;
+		uint32 nk_offset[key_count];
+	};
+
+	[public,noprint] struct ri_block {
+		[charset(DOS)] uint8 header[2];
+		uint16 key_count;
+		uint32 offset[key_count]; /* li/lh offset */
+	};
+
+	/* The vk-record consists information to a single value (value key). */
+	[public,noprint] struct vk_block {
+		[charset(DOS)] uint8 header[2];
+		[value(strlen(data_name))] uint16 name_length;
+		uint32 data_length;    /* If top-bit set, offset contains the data */
+		uint32 data_offset;
+		uint32 data_type;
+		uint16 flag;        /* =1, has name, else no name (=Default). */
+		uint16 unk1;
+		[charset(DOS)] uint8 data_name[name_length];
+	};
+
+	[noprint] struct hash_record {
+		uint32 nk_offset;
+		[charset(DOS)] uint8 hash[4];
+	};
+
+	/*
+      The lf-record is the counterpart to the RGKN-record (the
+      hash-function)
+	*/
+	[public,noprint] struct lf_block {
+		[charset(DOS)] uint8 header[2];
+		uint16 key_count;
+		hash_record hr[key_count];  /* Array of hash records, depending on key_count */
+	};
+}
diff --git a/source4/lib/registry/registry.h b/source4/lib/registry/registry.h
new file mode 100644
index 0000000..84173cb
--- /dev/null
+++ b/source4/lib/registry/registry.h
@@ -0,0 +1,531 @@
+/*
+   Unix SMB/CIFS implementation.
+   Registry interface
+   Copyright (C) Gerald Carter                        2002.
+   Copyright (C) Jelmer Vernooij			2003-2007.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _REGISTRY_H /* _REGISTRY_H */
+#define _REGISTRY_H
+
+struct registry_context;
+struct loadparm_context;
+
+#include <talloc.h>
+#include "libcli/util/werror.h"
+#include "librpc/gen_ndr/security.h"
+#include "libcli/util/ntstatus.h"
+#include "../lib/util/time.h"
+#include "../lib/util/data_blob.h"
+
+/**
+ * The hive API. This API is generally used for
+ * reading a specific file that contains just one hive.
+ *
+ * Good examples are .DAT (NTUSER.DAT) files.
+ *
+ * This API does not have any notification support (that
+ * should be provided by the registry implementation), nor
+ * does it understand what predefined keys are.
+ */
+
+struct hive_key {
+	const struct hive_operations *ops;
+};
+
+struct hive_operations {
+	const char *name;
+
+	/**
+	 * Open a specific subkey
+	 */
+	WERROR (*enum_key) (TALLOC_CTX *mem_ctx,
+			    const struct hive_key *key, uint32_t idx,
+			    const char **name,
+			    const char **classname,
+			    NTTIME *last_mod_time);
+
+	/**
+	 * Open a subkey by name
+	 */
+	WERROR (*get_key_by_name) (TALLOC_CTX *mem_ctx,
+				   const struct hive_key *key, const char *name,
+				   struct hive_key **subkey);
+
+	/**
+	 * Add a new key.
+	 */
+	WERROR (*add_key) (TALLOC_CTX *ctx,
+			   const struct hive_key *parent_key, const char *path,
+			   const char *classname,
+			   struct security_descriptor *desc,
+			   struct hive_key **key);
+	/**
+	 * Remove an existing key.
+	 */
+	WERROR (*del_key) (TALLOC_CTX *mem_ctx,
+			   const struct hive_key *key, const char *name);
+
+	/**
+	 * Force write of a key to disk.
+	 */
+	WERROR (*flush_key) (struct hive_key *key);
+
+	/**
+	 * Retrieve a registry value with a specific index.
+	 */
+	WERROR (*enum_value) (TALLOC_CTX *mem_ctx,
+			      struct hive_key *key, uint32_t idx,
+			      const char **name, uint32_t *type,
+			      DATA_BLOB *data);
+
+	/**
+	 * Retrieve a registry value with the specified name
+	 */
+	WERROR (*get_value_by_name) (TALLOC_CTX *mem_ctx,
+				     struct hive_key *key, const char *name,
+				     uint32_t *type, DATA_BLOB *data);
+
+	/**
+	 * Set a value on the specified registry key.
+	 */
+	WERROR (*set_value) (struct hive_key *key, const char *name,
+			     uint32_t type, const DATA_BLOB data);
+
+	/**
+	 * Remove a value.
+	 */
+	WERROR (*delete_value) (TALLOC_CTX *mem_ctx,
+				struct hive_key *key, const char *name);
+
+	/* Security Descriptors */
+
+	/**
+	 * Change the security descriptor on a registry key.
+	 *
+	 * This should return WERR_NOT_SUPPORTED if the underlying
+	 * format does not have a mechanism for storing
+	 * security descriptors.
+	 */
+	WERROR (*set_sec_desc) (struct hive_key *key,
+				const struct security_descriptor *desc);
+
+	/**
+	 * Retrieve the security descriptor on a registry key.
+	 *
+	 * This should return WERR_NOT_SUPPORTED if the underlying
+	 * format does not have a mechanism for storing
+	 * security descriptors.
+	 */
+	WERROR (*get_sec_desc) (TALLOC_CTX *ctx,
+				const struct hive_key *key,
+				struct security_descriptor **desc);
+
+	/**
+	 * Retrieve general information about a key.
+	 */
+	WERROR (*get_key_info) (TALLOC_CTX *mem_ctx,
+				const struct hive_key *key,
+				const char **classname,
+				uint32_t *num_subkeys,
+				uint32_t *num_values,
+				NTTIME *last_change_time,
+				uint32_t *max_subkeynamelen,
+				uint32_t *max_valnamelen,
+				uint32_t *max_valbufsize);
+};
+
+struct cli_credentials;
+struct auth_session_info;
+struct tevent_context;
+
+WERROR reg_open_hive(TALLOC_CTX *parent_ctx, const char *location,
+		     struct auth_session_info *session_info,
+		     struct cli_credentials *credentials,
+		     struct tevent_context *ev_ctx,
+		     struct loadparm_context *lp_ctx,
+		     struct hive_key **root);
+WERROR hive_key_get_info(TALLOC_CTX *mem_ctx, const struct hive_key *key,
+			 const char **classname, uint32_t *num_subkeys,
+			 uint32_t *num_values, NTTIME *last_change_time,
+			 uint32_t *max_subkeynamelen,
+			 uint32_t *max_valnamelen, uint32_t *max_valbufsize);
+WERROR hive_key_add_name(TALLOC_CTX *ctx, const struct hive_key *parent_key,
+			 const char *name, const char *classname,
+			 struct security_descriptor *desc,
+			 struct hive_key **key);
+WERROR hive_key_del(TALLOC_CTX *mem_ctx,
+		    const struct hive_key *key, const char *name);
+WERROR hive_get_key_by_name(TALLOC_CTX *mem_ctx,
+			    const struct hive_key *key, const char *name,
+			    struct hive_key **subkey);
+WERROR hive_enum_key(TALLOC_CTX *mem_ctx,
+		     const struct hive_key *key, uint32_t idx,
+		     const char **name,
+		     const char **classname,
+		     NTTIME *last_mod_time);
+
+WERROR hive_key_set_value(struct hive_key *key, const char *name,
+		      uint32_t type, const DATA_BLOB data);
+
+WERROR hive_get_value(TALLOC_CTX *mem_ctx,
+		      struct hive_key *key, const char *name,
+		      uint32_t *type, DATA_BLOB *data);
+WERROR hive_get_value_by_index(TALLOC_CTX *mem_ctx,
+			       struct hive_key *key, uint32_t idx,
+			       const char **name,
+			       uint32_t *type, DATA_BLOB *data);
+WERROR hive_get_sec_desc(TALLOC_CTX *mem_ctx,
+			 struct hive_key *key,
+			 struct security_descriptor **security);
+
+WERROR hive_set_sec_desc(struct hive_key *key, 
+			 const struct security_descriptor *security);
+
+WERROR hive_key_del_value(TALLOC_CTX *mem_ctx,
+			  struct hive_key *key, const char *name);
+
+WERROR hive_key_flush(struct hive_key *key);
+
+
+/* Individual backends */
+WERROR reg_open_directory(TALLOC_CTX *parent_ctx,
+			  const char *location, struct hive_key **key);
+WERROR reg_open_regf_file(TALLOC_CTX *parent_ctx,
+			  const char *location, struct hive_key **key);
+WERROR reg_open_ldb_file(TALLOC_CTX *parent_ctx, const char *location,
+			 struct auth_session_info *session_info,
+			 struct cli_credentials *credentials,
+			 struct tevent_context *ev_ctx,
+			 struct loadparm_context *lp_ctx,
+			 struct hive_key **k);
+
+
+WERROR reg_create_directory(TALLOC_CTX *parent_ctx,
+			    const char *location, struct hive_key **key);
+WERROR reg_create_regf_file(TALLOC_CTX *parent_ctx,
+			    const char *location,
+			    int major_version,
+			    struct hive_key **key);
+
+
+
+/* Handles for the predefined keys */
+#define HKEY_CLASSES_ROOT		0x80000000
+#define HKEY_CURRENT_USER		0x80000001
+#define HKEY_LOCAL_MACHINE		0x80000002
+#define HKEY_USERS			0x80000003
+#define HKEY_PERFORMANCE_DATA		0x80000004
+#define HKEY_CURRENT_CONFIG		0x80000005
+#define HKEY_DYN_DATA			0x80000006
+#define HKEY_PERFORMANCE_TEXT		0x80000050
+#define HKEY_PERFORMANCE_NLSTEXT	0x80000060
+
+#define HKEY_FIRST		HKEY_CLASSES_ROOT
+#define HKEY_LAST		HKEY_PERFORMANCE_NLSTEXT
+
+struct reg_predefined_key {
+	uint32_t handle;
+	const char *name;
+};
+
+extern const struct reg_predefined_key reg_predefined_keys[];
+
+#define	REG_DELETE		-1
+
+/*
+ * The general idea here is that every backend provides a 'hive'. Combining
+ * various hives gives you a complete registry like windows has
+ */
+
+#define REGISTRY_INTERFACE_VERSION 1
+
+struct reg_key_operations;
+
+/* structure to store the registry handles */
+struct registry_key
+{
+	struct registry_context *context;
+};
+
+struct registry_value
+{
+	const char *name;
+	unsigned int data_type;
+	DATA_BLOB data;
+};
+
+/* FIXME */
+typedef void (*reg_key_notification_function) (void);
+typedef void (*reg_value_notification_function) (void);
+
+struct cli_credentials;
+
+struct registry_operations {
+	const char *name;
+
+	WERROR (*get_key_info) (TALLOC_CTX *mem_ctx,
+				const struct registry_key *key,
+				const char **classname,
+				uint32_t *numsubkeys,
+				uint32_t *numvalues,
+				NTTIME *last_change_time,
+				uint32_t *max_subkeynamelen,
+				uint32_t *max_valnamelen,
+				uint32_t *max_valbufsize);
+
+	WERROR (*flush_key) (struct registry_key *key);
+
+	WERROR (*get_predefined_key) (struct registry_context *ctx,
+				      uint32_t key_id,
+				      struct registry_key **key);
+
+	WERROR (*open_key) (TALLOC_CTX *mem_ctx,
+			    struct registry_key *parent,
+			    const char *path,
+			    struct registry_key **key);
+
+	WERROR (*create_key) (TALLOC_CTX *mem_ctx,
+			      struct registry_key *parent,
+			      const char *name,
+			      const char *key_class,
+			      struct security_descriptor *security,
+			      struct registry_key **key);
+
+	WERROR (*delete_key) (TALLOC_CTX *mem_ctx,
+			      struct registry_key *key, const char *name);
+
+	WERROR (*delete_value) (TALLOC_CTX *mem_ctx,
+				struct registry_key *key, const char *name);
+
+	WERROR (*enum_key) (TALLOC_CTX *mem_ctx,
+			    const struct registry_key *key, uint32_t idx,
+			    const char **name,
+			    const char **keyclass,
+			    NTTIME *last_changed_time);
+
+	WERROR (*enum_value) (TALLOC_CTX *mem_ctx,
+			      const struct registry_key *key, uint32_t idx,
+			      const char **name,
+			      uint32_t *type,
+			      DATA_BLOB *data);
+
+	WERROR (*get_sec_desc) (TALLOC_CTX *mem_ctx,
+				const struct registry_key *key,
+				struct security_descriptor **security);
+
+	WERROR (*set_sec_desc) (struct registry_key *key,
+				const struct security_descriptor *security);
+
+	WERROR (*load_key) (struct registry_key *key,
+			    const char *key_name,
+			    const char *path);
+
+	WERROR (*unload_key) (struct registry_key *key, const char *name);
+
+	WERROR (*notify_value_change) (struct registry_key *key,
+				       reg_value_notification_function fn);
+
+	WERROR (*get_value) (TALLOC_CTX *mem_ctx,
+			     const struct registry_key *key,
+			     const char *name,
+			     uint32_t *type,
+			     DATA_BLOB *data);
+
+	WERROR (*set_value) (struct registry_key *key,
+			     const char *name,
+			     uint32_t type,
+			     const DATA_BLOB data);
+};
+
+/**
+ * Handle to a full registry
+ * contains zero or more hives
+ */
+struct registry_context {
+	const struct registry_operations *ops;
+};
+
+struct auth_session_info;
+struct tevent_context;
+struct loadparm_context;
+
+/**
+ * Open the locally defined registry.
+ */
+WERROR reg_open_local(TALLOC_CTX *mem_ctx,
+		      struct registry_context **ctx);
+
+WERROR reg_open_samba(TALLOC_CTX *mem_ctx,
+		      struct registry_context **ctx,
+		      struct tevent_context *ev_ctx,
+		      struct loadparm_context *lp_ctx,
+		      struct auth_session_info *session_info,
+		      struct cli_credentials *credentials);
+
+/**
+ * Open the registry on a remote machine.
+ */
+WERROR reg_open_remote(TALLOC_CTX *mem_ctx,
+		       struct registry_context **ctx,
+		       struct cli_credentials *credentials,
+		       struct loadparm_context *lp_ctx,
+		       const char *location, struct tevent_context *ev);
+
+WERROR reg_open_wine(struct registry_context **ctx, const char *path);
+
+const char *reg_get_predef_name(uint32_t hkey);
+WERROR reg_get_predefined_key_by_name(struct registry_context *ctx,
+				      const char *name,
+				      struct registry_key **key);
+WERROR reg_get_predefined_key(struct registry_context *ctx,
+			      uint32_t hkey,
+			      struct registry_key **key);
+
+WERROR reg_open_key(TALLOC_CTX *mem_ctx, struct registry_key *parent,
+		    const char *name, struct registry_key **result);
+
+WERROR reg_key_get_value_by_index(TALLOC_CTX *mem_ctx,
+				  const struct registry_key *key, uint32_t idx,
+				  const char **name,
+				  uint32_t *type,
+				  DATA_BLOB *data);
+WERROR reg_key_get_info(TALLOC_CTX *mem_ctx,
+			const struct registry_key *key,
+			const char **class_name,
+			uint32_t *num_subkeys,
+			uint32_t *num_values,
+			NTTIME *last_change_time,
+			uint32_t *max_subkeynamelen,
+			uint32_t *max_valnamelen,
+			uint32_t *max_valbufsize);
+WERROR reg_key_get_subkey_by_index(TALLOC_CTX *mem_ctx,
+				   const struct registry_key *key,
+				   uint32_t idx,
+				   const char **name,
+				   const char **classname,
+				   NTTIME *last_mod_time);
+WERROR reg_key_get_subkey_by_name(TALLOC_CTX *mem_ctx,
+				  const struct registry_key *key,
+				  const char *name,
+				  struct registry_key **subkey);
+WERROR reg_key_get_value_by_name(TALLOC_CTX *mem_ctx,
+				 const struct registry_key *key,
+				 const char *name,
+				 uint32_t *type,
+				 DATA_BLOB *data);
+WERROR reg_key_del(TALLOC_CTX *mem_ctx,
+		   struct registry_key *parent, const char *name);
+WERROR reg_key_add_name(TALLOC_CTX *mem_ctx,
+			struct registry_key *parent, const char *name,
+			const char *classname,
+			struct security_descriptor *desc,
+			struct registry_key **newkey);
+WERROR reg_val_set(struct registry_key *key, const char *value,
+		   uint32_t type, DATA_BLOB data);
+WERROR reg_get_sec_desc(TALLOC_CTX *ctx, const struct registry_key *key,
+			struct security_descriptor **secdesc);
+WERROR reg_del_value(TALLOC_CTX *mem_ctx,
+		     struct registry_key *key, const char *valname);
+WERROR reg_key_flush(struct registry_key *key);
+WERROR reg_create_key(TALLOC_CTX *mem_ctx,
+		      struct registry_key *parent,
+		      const char *name,
+		      const char *key_class,
+		      struct security_descriptor *security,
+		      struct registry_key **key);
+
+/* Utility functions */
+const char *str_regtype(int type);
+bool push_reg_sz(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, const char *s);
+bool push_reg_multi_sz(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, const char **a);
+bool pull_reg_sz(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, const char **s);
+bool pull_reg_multi_sz(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, const char ***a);
+int regtype_by_string(const char *str);
+char *reg_val_data_string(TALLOC_CTX *mem_ctx, uint32_t type, const DATA_BLOB data);
+char *reg_val_description(TALLOC_CTX *mem_ctx, const char *name,
+			  uint32_t type, const DATA_BLOB data);
+bool reg_string_to_val(TALLOC_CTX *mem_ctx, const char *type_str,
+		       const char *data_str, uint32_t *type, DATA_BLOB *data);
+WERROR reg_open_key_abs(TALLOC_CTX *mem_ctx, struct registry_context *handle,
+			const char *name, struct registry_key **result);
+WERROR reg_key_del_abs(struct registry_context *ctx, const char *path);
+WERROR reg_key_add_abs(TALLOC_CTX *mem_ctx, struct registry_context *ctx,
+		       const char *path, uint32_t access_mask,
+		       struct security_descriptor *sec_desc,
+		       struct registry_key **result);
+WERROR reg_load_key(struct registry_context *ctx, struct registry_key *key,
+		    const char *name, const char *filename);
+
+WERROR reg_mount_hive(struct registry_context *rctx,
+		      struct hive_key *hive_key,
+		      uint32_t key_id,
+		      const char **elements);
+
+struct registry_key *reg_import_hive_key(struct registry_context *ctx,
+					 struct hive_key *hive,
+					 uint32_t predef_key,
+					 const char **elements);
+WERROR reg_set_sec_desc(struct registry_key *key,
+			const struct security_descriptor *security);
+
+struct reg_diff_callbacks {
+	WERROR (*add_key) (void *callback_data, const char *key_name);
+	WERROR (*set_value) (void *callback_data, const char *key_name,
+			     const char *value_name, uint32_t value_type,
+			     DATA_BLOB value);
+	WERROR (*del_value) (void *callback_data, const char *key_name,
+			     const char *value_name);
+	WERROR (*del_key) (void *callback_data, const char *key_name);
+	WERROR (*del_all_values) (void *callback_data, const char *key_name);
+	WERROR (*done) (void *callback_data);
+};
+
+WERROR reg_diff_apply(struct registry_context *ctx, 
+					  const char *filename);
+
+WERROR reg_generate_diff(struct registry_context *ctx1,
+			 struct registry_context *ctx2,
+			 const struct reg_diff_callbacks *callbacks,
+			 void *callback_data);
+WERROR reg_dotreg_diff_save(TALLOC_CTX *ctx, const char *filename,
+			    struct reg_diff_callbacks **callbacks,
+			    void **callback_data);
+WERROR reg_preg_diff_save(TALLOC_CTX *ctx, const char *filename,
+			  struct reg_diff_callbacks **callbacks,
+			  void **callback_data);
+WERROR reg_generate_diff_key(struct registry_key *oldkey,
+			     struct registry_key *newkey,
+			     const char *path,
+			     const struct reg_diff_callbacks *callbacks,
+			     void *callback_data);
+WERROR reg_diff_load(const char *filename,
+		     const struct reg_diff_callbacks *callbacks,
+		     void *callback_data);
+
+WERROR reg_dotreg_diff_load(int fd,
+				     const struct reg_diff_callbacks *callbacks,
+				     void *callback_data);
+
+WERROR reg_preg_diff_load(int fd,
+				   const struct reg_diff_callbacks *callbacks,
+				   void *callback_data);
+
+WERROR local_get_predefined_key(struct registry_context *ctx,
+				uint32_t key_id, struct registry_key **key);
+
+
+#endif /* _REGISTRY_H */
diff --git a/source4/lib/registry/rpc.c b/source4/lib/registry/rpc.c
new file mode 100644
index 0000000..a0c959f
--- /dev/null
+++ b/source4/lib/registry/rpc.c
@@ -0,0 +1,578 @@
+/*
+   Samba Unix/Linux SMB implementation
+   RPC backend for the registry library
+   Copyright (C) 2003-2007 Jelmer Vernooij, jelmer@samba.org
+   Copyright (C) 2008 Matthias Dieter Wallnöfer, mwallnoefer@yahoo.de
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
+
+#include "includes.h"
+#include "registry.h"
+#include "librpc/gen_ndr/ndr_winreg_c.h"
+
+#define MAX_NAMESIZE 512
+#define MAX_VALSIZE 32768
+
+struct rpc_key {
+	struct registry_key key;
+	struct policy_handle pol;
+	struct dcerpc_binding_handle *binding_handle;
+	const char* classname;	
+	uint32_t num_subkeys;
+	uint32_t max_subkeylen;
+	uint32_t max_classlen;
+	uint32_t num_values;
+	uint32_t max_valnamelen;
+	uint32_t max_valbufsize;
+	uint32_t secdescsize;
+	NTTIME last_changed_time;
+};
+
+struct rpc_registry_context {
+	struct registry_context context;
+	struct dcerpc_pipe *pipe;
+	struct dcerpc_binding_handle *binding_handle;
+};
+
+static struct registry_operations reg_backend_rpc;
+
+/**
+ * This is the RPC backend for the registry library.
+ */
+
+#define openhive(u) static WERROR open_ ## u(struct dcerpc_binding_handle *b, TALLOC_CTX *mem_ctx, struct policy_handle *hnd) \
+{ \
+	struct winreg_Open ## u r; \
+	NTSTATUS status; \
+\
+	ZERO_STRUCT(r); \
+	r.in.system_name = NULL; \
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; \
+	r.out.handle = hnd;\
+\
+	status = dcerpc_winreg_Open ## u ## _r(b, mem_ctx, &r); \
+\
+	if (!NT_STATUS_IS_OK(status)) { \
+		DEBUG(1, ("OpenHive failed - %s\n", nt_errstr(status))); \
+		return ntstatus_to_werror(status); \
+	} \
+\
+	return r.out.result;\
+}
+
+openhive(HKLM)
+openhive(HKCU)
+openhive(HKPD)
+openhive(HKU)
+openhive(HKCR)
+openhive(HKDD)
+openhive(HKCC)
+
+static struct {
+	uint32_t hkey;
+	WERROR (*open) (struct dcerpc_binding_handle *b, TALLOC_CTX *,
+			struct policy_handle *h);
+} known_hives[] = {
+	{ HKEY_LOCAL_MACHINE, open_HKLM },
+	{ HKEY_CURRENT_USER, open_HKCU },
+	{ HKEY_CLASSES_ROOT, open_HKCR },
+	{ HKEY_PERFORMANCE_DATA, open_HKPD },
+	{ HKEY_USERS, open_HKU },
+	{ HKEY_DYN_DATA, open_HKDD },
+	{ HKEY_CURRENT_CONFIG, open_HKCC },
+	{ 0, NULL }
+};
+
+static WERROR rpc_query_key(TALLOC_CTX *mem_ctx, const struct registry_key *k);
+
+static WERROR rpc_get_predefined_key(struct registry_context *ctx,
+				     uint32_t hkey_type,
+				     struct registry_key **k)
+{
+	int n;
+	struct rpc_key *mykeydata;
+	struct rpc_registry_context *rctx = talloc_get_type(ctx, struct rpc_registry_context);
+
+	*k = NULL;
+
+	for(n = 0; known_hives[n].hkey; n++) {
+		if(known_hives[n].hkey == hkey_type)
+			break;
+	}
+
+	if (known_hives[n].open == NULL)  {
+		DEBUG(1, ("No such hive %d\n", hkey_type));
+		return WERR_NO_MORE_ITEMS;
+	}
+
+	mykeydata = talloc_zero(ctx, struct rpc_key);
+	W_ERROR_HAVE_NO_MEMORY(mykeydata);
+	mykeydata->key.context = ctx;
+	mykeydata->binding_handle = rctx->binding_handle;
+	mykeydata->num_values = -1;
+	mykeydata->num_subkeys = -1;
+	*k = (struct registry_key *)mykeydata;
+	return known_hives[n].open(mykeydata->binding_handle, mykeydata, &mykeydata->pol);
+}
+
+#if 0
+static WERROR rpc_key_put_rpc_data(TALLOC_CTX *mem_ctx, struct registry_key *k)
+{
+	struct winreg_OpenKey r;
+	struct rpc_key_data *mykeydata;
+
+	k->backend_data = mykeydata = talloc_zero(mem_ctx, struct rpc_key_data);
+	mykeydata->num_values = -1;
+	mykeydata->num_subkeys = -1;
+
+	/* Then, open the handle using the hive */
+
+	ZERO_STRUCT(r);
+	r.in.handle = &(((struct rpc_key_data *)k->hive->root->backend_data)->pol);
+	r.in.keyname.name = k->path;
+	r.in.unknown = 0x00000000;
+	r.in.access_mask = 0x02000000;
+	r.out.handle = &mykeydata->pol;
+
+	dcerpc_winreg_OpenKey((struct dcerpc_pipe *)k->hive->backend_data,
+			      mem_ctx, &r);
+
+	return r.out.result;
+}
+#endif
+
+static WERROR rpc_open_key(TALLOC_CTX *mem_ctx, struct registry_key *h,
+			   const char *name, struct registry_key **key)
+{
+	struct rpc_key *parentkeydata = talloc_get_type(h, struct rpc_key),
+						    *mykeydata;
+	struct winreg_OpenKey r;
+	NTSTATUS status;
+
+	mykeydata = talloc_zero(mem_ctx, struct rpc_key);
+	W_ERROR_HAVE_NO_MEMORY(mykeydata);
+	mykeydata->key.context = parentkeydata->key.context;
+	mykeydata->binding_handle = parentkeydata->binding_handle;
+	mykeydata->num_values = -1;
+	mykeydata->num_subkeys = -1;
+	*key = (struct registry_key *)mykeydata;
+
+	/* Then, open the handle using the hive */
+	ZERO_STRUCT(r);
+	r.in.parent_handle = &parentkeydata->pol;
+	r.in.keyname.name = name;
+	r.in.options = 0x00000000;
+	r.in.access_mask = 0x02000000;
+	r.out.handle = &mykeydata->pol;
+
+	status = dcerpc_winreg_OpenKey_r(mykeydata->binding_handle, mem_ctx, &r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(1, ("OpenKey failed - %s\n", nt_errstr(status)));
+		return ntstatus_to_werror(status);
+	}
+
+	return r.out.result;
+}
+
+static WERROR rpc_get_value_by_index(TALLOC_CTX *mem_ctx,
+				     const struct registry_key *parent,
+				     uint32_t n,
+				     const char **value_name,
+				     uint32_t *type,
+				     DATA_BLOB *data)
+{
+	struct rpc_key *mykeydata = talloc_get_type(parent, struct rpc_key);
+	struct winreg_EnumValue r;
+	struct winreg_ValNameBuf name;
+	uint8_t value;
+	uint32_t val_size = MAX_VALSIZE;
+	uint32_t zero = 0;
+	WERROR error;
+	NTSTATUS status;
+
+	if (mykeydata->num_values == -1) {
+		error = rpc_query_key(mem_ctx, parent);
+		if(!W_ERROR_IS_OK(error)) return error;
+	}
+
+	name.name = "";
+	name.size = MAX_NAMESIZE;
+
+	ZERO_STRUCT(r);
+	r.in.handle = &mykeydata->pol;
+	r.in.enum_index = n;
+	r.in.name = &name;
+	r.in.type = (enum winreg_Type *) type;
+	r.in.value = &value;
+	r.in.size = &val_size;
+	r.in.length = &zero;
+	r.out.name = &name;
+	r.out.type = (enum winreg_Type *) type;
+	r.out.value = &value;
+	r.out.size = &val_size;
+	r.out.length = &zero;
+
+	status = dcerpc_winreg_EnumValue_r(mykeydata->binding_handle, mem_ctx, &r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(1, ("EnumValue failed - %s\n", nt_errstr(status)));
+		return ntstatus_to_werror(status);
+	}
+
+	*value_name = talloc_steal(mem_ctx, r.out.name->name);
+	*type = *(r.out.type);
+	*data = data_blob_talloc(mem_ctx, r.out.value, *r.out.length);
+
+	return r.out.result;
+}
+
+static WERROR rpc_get_value_by_name(TALLOC_CTX *mem_ctx,
+				     const struct registry_key *parent,
+				     const char *value_name,
+				     uint32_t *type,
+				     DATA_BLOB *data)
+{
+	struct rpc_key *mykeydata = talloc_get_type(parent, struct rpc_key);
+	struct winreg_QueryValue r;
+	struct winreg_String name;
+	uint8_t value;
+	uint32_t val_size = MAX_VALSIZE;
+	uint32_t zero = 0;
+	WERROR error;
+	NTSTATUS status;
+
+	if (mykeydata->num_values == -1) {
+		error = rpc_query_key(mem_ctx, parent);
+		if(!W_ERROR_IS_OK(error)) return error;
+	}
+
+	name.name = value_name;
+
+	ZERO_STRUCT(r);
+	r.in.handle = &mykeydata->pol;
+	r.in.value_name = &name;
+	r.in.type = (enum winreg_Type *) type;
+	r.in.data = &value;
+	r.in.data_size = &val_size;
+	r.in.data_length = &zero;
+	r.out.type = (enum winreg_Type *) type;
+	r.out.data = &value;
+	r.out.data_size = &val_size;
+	r.out.data_length = &zero;
+
+	status = dcerpc_winreg_QueryValue_r(mykeydata->binding_handle, mem_ctx, &r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(1, ("QueryValue failed - %s\n", nt_errstr(status)));
+		return ntstatus_to_werror(status);
+	}
+
+	*type = *(r.out.type);
+	*data = data_blob_talloc(mem_ctx, r.out.data, *r.out.data_length);
+
+	return r.out.result;
+}
+
+static WERROR rpc_set_value(struct registry_key *key, const char *value_name,
+			    uint32_t type, const DATA_BLOB data)
+{
+	struct rpc_key *mykeydata = talloc_get_type(key, struct rpc_key);
+	struct winreg_SetValue r;
+	struct winreg_String name;
+	NTSTATUS status;
+
+	name = (struct winreg_String) { .name = value_name };
+
+	ZERO_STRUCT(r);
+	r.in.handle = &mykeydata->pol;
+	r.in.name = name;
+	r.in.type = (enum winreg_Type)type;
+	r.in.data = data.data;
+	r.in.size = data.length;
+
+	status = dcerpc_winreg_SetValue_r(mykeydata->binding_handle, key, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(1, ("SetValue failed - %s\n", nt_errstr(status)));
+		return ntstatus_to_werror(status);
+	}
+
+	return r.out.result;
+}
+
+static WERROR rpc_del_value(TALLOC_CTX *mem_ctx, struct registry_key *key,
+			    const char *value_name)
+{
+	struct rpc_key *mykeydata = talloc_get_type(key, struct rpc_key);
+	struct winreg_DeleteValue r;
+	struct winreg_String name;
+	NTSTATUS status;
+
+	name = (struct winreg_String) { .name = value_name };
+
+	ZERO_STRUCT(r);
+	r.in.handle = &mykeydata->pol;
+	r.in.value = name;
+
+	status = dcerpc_winreg_DeleteValue_r(mykeydata->binding_handle,
+					     mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(1, ("DeleteValue failed - %s\n", nt_errstr(status)));
+		return ntstatus_to_werror(status);
+	}
+
+	return r.out.result;
+}
+
+static WERROR rpc_get_subkey_by_index(TALLOC_CTX *mem_ctx,
+				      const struct registry_key *parent,
+				      uint32_t n,
+				      const char **name,
+				      const char **keyclass,
+				      NTTIME *last_changed_time)
+{
+	struct winreg_EnumKey r;
+	struct rpc_key *mykeydata = talloc_get_type(parent, struct rpc_key);
+	struct winreg_StringBuf namebuf, classbuf;
+	NTTIME change_time = 0;
+	NTSTATUS status;
+
+	namebuf.name = "";
+	namebuf.size = MAX_NAMESIZE;
+	classbuf.name = NULL;
+	classbuf.size = 0;
+
+	ZERO_STRUCT(r);
+	r.in.handle = &mykeydata->pol;
+	r.in.enum_index = n;
+	r.in.name = &namebuf;
+	r.in.keyclass = &classbuf;
+	r.in.last_changed_time = &change_time;
+	r.out.name = &namebuf;
+	r.out.keyclass = &classbuf;
+	r.out.last_changed_time = &change_time;
+
+	status = dcerpc_winreg_EnumKey_r(mykeydata->binding_handle, mem_ctx, &r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(1, ("EnumKey failed - %s\n", nt_errstr(status)));
+		return ntstatus_to_werror(status);
+	}
+
+	if (name != NULL)
+		*name = talloc_steal(mem_ctx, r.out.name->name);
+	if (keyclass != NULL)
+		*keyclass = talloc_steal(mem_ctx, r.out.keyclass->name);
+	if (last_changed_time != NULL)
+		*last_changed_time = *(r.out.last_changed_time);
+
+	return r.out.result;
+}
+
+static WERROR rpc_add_key(TALLOC_CTX *mem_ctx,
+			  struct registry_key *parent, const char *path,
+			  const char *key_class,
+			  struct security_descriptor *sec,
+			  struct registry_key **key)
+{
+	struct winreg_CreateKey r;
+	struct rpc_key *parentkd = talloc_get_type(parent, struct rpc_key);
+	struct rpc_key *rpck = talloc_zero(mem_ctx, struct rpc_key);
+	
+	NTSTATUS status;
+
+	if (rpck == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	rpck->key.context = parentkd->key.context;
+	rpck->binding_handle = parentkd->binding_handle;
+	rpck->num_values = -1;
+	rpck->num_subkeys = -1;
+
+	ZERO_STRUCT(r);
+	r.in.handle = &parentkd->pol;
+	r.in.name.name = path;
+	r.in.keyclass.name = NULL;
+	r.in.options = 0;
+	r.in.access_mask = 0x02000000;
+	r.in.secdesc = NULL;
+	r.in.action_taken = NULL;
+	r.out.new_handle = &rpck->pol;
+	r.out.action_taken = NULL;
+
+	status = dcerpc_winreg_CreateKey_r(parentkd->binding_handle, mem_ctx, &r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(rpck);
+		DEBUG(1, ("CreateKey failed - %s\n", nt_errstr(status)));
+		return ntstatus_to_werror(status);
+	}
+
+	rpck->binding_handle = parentkd->binding_handle;
+	*key = (struct registry_key *)rpck;
+
+	return r.out.result;
+}
+
+static WERROR rpc_query_key(TALLOC_CTX *mem_ctx, const struct registry_key *k)
+{
+	struct winreg_QueryInfoKey r;
+	struct rpc_key *mykeydata = talloc_get_type(k, struct rpc_key);
+	struct winreg_String classname;
+	NTSTATUS status;
+
+	classname.name = NULL;
+
+	ZERO_STRUCT(r);
+	r.in.handle = &mykeydata->pol;
+	r.in.classname = &classname;
+	r.out.classname = &classname;
+	r.out.num_subkeys = &mykeydata->num_subkeys;
+	r.out.max_subkeylen = &mykeydata->max_subkeylen;
+	r.out.max_classlen = &mykeydata->max_classlen;
+	r.out.num_values = &mykeydata->num_values;
+	r.out.max_valnamelen = &mykeydata->max_valnamelen;
+	r.out.max_valbufsize = &mykeydata->max_valbufsize;
+	r.out.secdescsize = &mykeydata->secdescsize;
+	r.out.last_changed_time = &mykeydata->last_changed_time;
+
+	status = dcerpc_winreg_QueryInfoKey_r(mykeydata->binding_handle, mem_ctx, &r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(1, ("QueryInfoKey failed - %s\n", nt_errstr(status)));
+		return ntstatus_to_werror(status);
+	}
+
+	mykeydata->classname = talloc_steal(mem_ctx, r.out.classname->name);
+
+	return r.out.result;
+}
+
+static WERROR rpc_del_key(TALLOC_CTX *mem_ctx, struct registry_key *parent,
+			  const char *name)
+{
+	NTSTATUS status;
+	struct rpc_key *mykeydata = talloc_get_type(parent, struct rpc_key);
+	struct winreg_DeleteKey r;
+
+	ZERO_STRUCT(r);
+	r.in.handle = &mykeydata->pol;
+	r.in.key.name = name;
+
+	status = dcerpc_winreg_DeleteKey_r(mykeydata->binding_handle, mem_ctx, &r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(1, ("DeleteKey failed - %s\n", nt_errstr(status)));
+		return ntstatus_to_werror(status);
+	}
+
+	return r.out.result;
+}
+
+static WERROR rpc_get_info(TALLOC_CTX *mem_ctx, const struct registry_key *key,
+						   const char **classname,
+						   uint32_t *num_subkeys,
+						   uint32_t *num_values,
+						   NTTIME *last_changed_time,
+						   uint32_t *max_subkeylen,
+						   uint32_t *max_valnamelen,
+						   uint32_t *max_valbufsize)
+{
+	struct rpc_key *mykeydata = talloc_get_type(key, struct rpc_key);
+	WERROR error;
+
+	if (mykeydata->num_values == -1) {
+		error = rpc_query_key(mem_ctx, key);
+		if(!W_ERROR_IS_OK(error)) return error;
+	}
+
+	if (classname != NULL)
+		*classname = mykeydata->classname;
+
+	if (num_subkeys != NULL)
+		*num_subkeys = mykeydata->num_subkeys;
+
+	if (num_values != NULL)
+		*num_values = mykeydata->num_values;
+
+	if (last_changed_time != NULL)
+		*last_changed_time = mykeydata->last_changed_time;
+
+	if (max_subkeylen != NULL)
+		*max_subkeylen = mykeydata->max_subkeylen;
+
+	if (max_valnamelen != NULL)
+		*max_valnamelen = mykeydata->max_valnamelen;
+
+	if (max_valbufsize != NULL)
+		*max_valbufsize = mykeydata->max_valbufsize;
+
+	return WERR_OK;
+}
+
+static struct registry_operations reg_backend_rpc = {
+	.name = "rpc",
+	.open_key = rpc_open_key,
+	.get_predefined_key = rpc_get_predefined_key,
+	.enum_key = rpc_get_subkey_by_index,
+	.enum_value = rpc_get_value_by_index,
+	.get_value = rpc_get_value_by_name,
+	.set_value = rpc_set_value,
+	.delete_value = rpc_del_value,
+	.create_key = rpc_add_key,
+	.delete_key = rpc_del_key,
+	.get_key_info = rpc_get_info,
+};
+
+_PUBLIC_ WERROR reg_open_remote(TALLOC_CTX *mem_ctx,
+				struct registry_context **ctx,
+				struct cli_credentials *credentials,
+				struct loadparm_context *lp_ctx,
+				const char *location, struct tevent_context *ev)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p;
+	struct rpc_registry_context *rctx;
+
+	dcerpc_init();
+
+	rctx = talloc(mem_ctx, struct rpc_registry_context);
+	W_ERROR_HAVE_NO_MEMORY(rctx);
+
+	/* Default to local smbd if no connection is specified */
+	if (!location) {
+		location = talloc_strdup(rctx, "ncalrpc:");
+	}
+
+	status = dcerpc_pipe_connect(rctx /* TALLOC_CTX */,
+				     &p, location,
+				     &ndr_table_winreg,
+				     credentials, ev, lp_ctx);
+	if(NT_STATUS_IS_ERR(status)) {
+		DEBUG(1, ("Unable to open '%s': %s\n", location,
+			nt_errstr(status)));
+		talloc_free(rctx);
+		*ctx = NULL;
+		return ntstatus_to_werror(status);
+	}
+
+	rctx->pipe = p;
+	rctx->binding_handle = p->binding_handle;
+
+	*ctx = (struct registry_context *)rctx;
+	(*ctx)->ops = &reg_backend_rpc;
+
+	return WERR_OK;
+}
diff --git a/source4/lib/registry/samba.c b/source4/lib/registry/samba.c
new file mode 100644
index 0000000..ff52297
--- /dev/null
+++ b/source4/lib/registry/samba.c
@@ -0,0 +1,100 @@
+/*
+   Unix SMB/CIFS implementation.
+   Copyright (C) Jelmer Vernooij			2004-2007.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "registry.h"
+#include "param/param.h"
+
+/**
+ * @file
+ * @brief Samba-specific registry functions
+ */
+
+static WERROR mount_samba_hive(struct registry_context *ctx,
+			       struct tevent_context *event_ctx,
+			       struct loadparm_context *lp_ctx,
+			       struct auth_session_info *auth_info,
+			       struct cli_credentials *creds,
+			       const char *name,
+			       uint32_t hive_id)
+{
+	WERROR error;
+	struct hive_key *hive;
+	const char *location;
+
+	location = talloc_asprintf(ctx, "%s/%s.ldb",
+				   lpcfg_private_dir(lp_ctx),
+				   name);
+	W_ERROR_HAVE_NO_MEMORY(location);
+
+	error = reg_open_hive(ctx, location, auth_info, creds, event_ctx, lp_ctx, &hive);
+
+	if (W_ERROR_EQUAL(error, WERR_FILE_NOT_FOUND))
+		error = reg_open_ldb_file(ctx, location, auth_info,
+					  creds, event_ctx, lp_ctx, &hive);
+
+	talloc_free(discard_const_p(char, location));
+
+	if (!W_ERROR_IS_OK(error))
+		return error;
+
+	return reg_mount_hive(ctx, hive, hive_id, NULL);
+}
+
+
+_PUBLIC_ WERROR reg_open_samba(TALLOC_CTX *mem_ctx,
+			       struct registry_context **ctx,
+			       struct tevent_context *ev_ctx,
+			       struct loadparm_context *lp_ctx,
+			       struct auth_session_info *session_info,
+			       struct cli_credentials *credentials)
+{
+	WERROR result;
+
+	result = reg_open_local(mem_ctx, ctx);
+	if (!W_ERROR_IS_OK(result)) {
+		return result;
+	}
+
+	mount_samba_hive(*ctx, ev_ctx, lp_ctx, session_info, credentials,
+			 "hklm", HKEY_LOCAL_MACHINE);
+
+	mount_samba_hive(*ctx, ev_ctx, lp_ctx, session_info, credentials,
+			 "hkcr", HKEY_CLASSES_ROOT);
+
+	/* FIXME: Should be mounted from NTUSER.DAT in the home directory of the
+	 * current user */
+	mount_samba_hive(*ctx, ev_ctx, lp_ctx, session_info, credentials,
+			 "hkcu", HKEY_CURRENT_USER);
+
+	mount_samba_hive(*ctx, ev_ctx, lp_ctx, session_info, credentials,
+			 "hku", HKEY_USERS);
+
+	/* FIXME: Different hive backend for HKEY_CLASSES_ROOT: merged view of HKEY_LOCAL_MACHINE\Software\Classes
+	 * and HKEY_CURRENT_USER\Software\Classes */
+
+	/* FIXME: HKEY_CURRENT_CONFIG is an alias for HKEY_LOCAL_MACHINE\System\CurrentControlSet\Hardware Profiles\Current */
+
+	/* FIXME: HKEY_PERFORMANCE_DATA is dynamically generated */
+
+	/* FIXME: HKEY_LOCAL_MACHINE\Hardware is autogenerated */
+
+	/* FIXME: HKEY_LOCAL_MACHINE\Security\SAM is an alias for HKEY_LOCAL_MACHINE\SAM */
+
+	return WERR_OK;
+}
diff --git a/source4/lib/registry/tests/diff.c b/source4/lib/registry/tests/diff.c
new file mode 100644
index 0000000..35f968a
--- /dev/null
+++ b/source4/lib/registry/tests/diff.c
@@ -0,0 +1,291 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   local testing of registry diff functionality
+
+   Copyright (C) Jelmer Vernooij 2007
+   Copyright (C) Wilco Baan Hofman 2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/registry/registry.h"
+#include "torture/torture.h"
+#include "librpc/gen_ndr/winreg.h"
+#include "param/param.h"
+#include "lib/registry/tests/proto.h"
+
+struct diff_tcase_data {
+	struct registry_context *r1_ctx;
+	struct registry_context *r2_ctx;
+	struct reg_diff_callbacks *callbacks;
+	void *callback_data;
+	char *tempdir;
+	char *filename;
+};
+
+static bool test_generate_diff(struct torture_context *tctx, void *tcase_data)
+{
+	WERROR error;
+	struct diff_tcase_data *td = tcase_data;
+
+	error = reg_generate_diff(td->r1_ctx, td->r2_ctx, 
+			td->callbacks,
+			td->callback_data);
+	torture_assert_werr_ok(tctx, error, "reg_generate_diff");
+
+	return true;
+}
+
+#if 0
+static bool test_diff_load(struct torture_context *tctx, void *tcase_data)
+{
+	struct diff_tcase_data *td = tcase_data;
+	struct reg_diff_callbacks *callbacks;
+	void *data;
+	WERROR error;
+
+	error = reg_diff_load(td->filename, callbacks, data);
+	torture_assert_werr_ok(tctx, error, "reg_diff_load");
+
+	return true;
+}
+#endif
+static bool test_diff_apply(struct torture_context *tctx, void *tcase_data)
+{
+	struct diff_tcase_data *td = tcase_data;
+	struct registry_key *key;
+	WERROR error;
+
+	error = reg_diff_apply(td->r1_ctx, td->filename);
+	torture_assert_werr_ok(tctx, error, "reg_diff_apply");
+
+	error = td->r1_ctx->ops->get_predefined_key(td->r1_ctx, HKEY_LOCAL_MACHINE, &key);
+	torture_assert_werr_ok(tctx, error, "Opening HKEY_LOCAL_MACHINE failed");
+
+	/* If this generates an error it could be that the apply doesn't work,
+	 * but also that the reg_generate_diff didn't work. */
+	error = td->r1_ctx->ops->open_key(td->r1_ctx, key, "Software", &key);
+	torture_assert_werr_ok(tctx, error, "Opening HKLM\\Software failed");
+	error = td->r1_ctx->ops->open_key(td->r1_ctx, key, "Microsoft", &key);
+	torture_assert_werr_ok(tctx, error, "Opening HKLM\\Software\\Microsoft failed");
+	error = td->r1_ctx->ops->open_key(td->r1_ctx, key, "Windows", &key);
+	torture_assert_werr_ok(tctx, error, "Opening HKLM\\..\\Microsoft\\Windows failed");
+	error = td->r1_ctx->ops->open_key(td->r1_ctx, key, "CurrentVersion", &key);
+	torture_assert_werr_ok(tctx, error, "Opening HKLM\\..\\Windows\\CurrentVersion failed");
+	error = td->r1_ctx->ops->open_key(td->r1_ctx, key, "Policies", &key);
+	torture_assert_werr_ok(tctx, error, "Opening HKLM\\..\\CurrentVersion\\Policies failed");
+	error = td->r1_ctx->ops->open_key(td->r1_ctx, key, "Explorer", &key);
+	torture_assert_werr_ok(tctx, error, "Opening HKLM\\..\\Policies\\Explorer failed");
+
+	return true;
+}
+
+static const char *added_key = NULL;
+
+static WERROR test_add_key(void *callback_data, const char *key_name)
+{
+	added_key = talloc_strdup(callback_data, key_name);
+
+	return WERR_OK;
+}
+
+static bool test_generate_diff_key_add(struct torture_context *tctx, void *tcase_data)
+{
+	struct reg_diff_callbacks cb;
+	struct registry_key rk;
+
+	return true;
+
+	ZERO_STRUCT(cb);
+
+	cb.add_key = test_add_key;
+
+	if (W_ERROR_IS_OK(reg_generate_diff_key(&rk, NULL, "bla", &cb, tctx)))
+		return false;
+
+	torture_assert_str_equal(tctx, added_key, "bla", "key added");
+
+	return true;
+}
+
+static bool test_generate_diff_key_null(struct torture_context *tctx, void *tcase_data)
+{
+	struct reg_diff_callbacks cb;
+
+	ZERO_STRUCT(cb);
+
+	if (!W_ERROR_IS_OK(reg_generate_diff_key(NULL, NULL, "", &cb, NULL)))
+		return false;
+
+	return true;
+}
+
+static void tcase_add_tests (struct torture_tcase *tcase) 
+{
+	torture_tcase_add_simple_test(tcase, "test_generate_diff_key_add",
+			test_generate_diff_key_add);
+	torture_tcase_add_simple_test(tcase, "test_generate_diff_key_null",
+			test_generate_diff_key_null);
+	torture_tcase_add_simple_test(tcase, "test_generate_diff",
+			test_generate_diff);
+	torture_tcase_add_simple_test(tcase, "test_diff_apply",
+			test_diff_apply);
+/*	torture_tcase_add_simple_test(tcase, "test_diff_load",
+			test_diff_load);
+*/
+}
+
+static bool diff_setup_tcase(struct torture_context *tctx, void **data)
+{
+	struct registry_context *r1_ctx, *r2_ctx;
+	WERROR error;
+	NTSTATUS status;
+	struct hive_key *r1_hklm, *r1_hkcu;
+	struct hive_key *r2_hklm, *r2_hkcu;
+	const char *filename;
+	struct diff_tcase_data *td;
+	struct registry_key *key, *newkey;
+	DATA_BLOB blob;
+
+	td = talloc(tctx, struct diff_tcase_data);
+
+	/* Create two registry contexts */
+	error = reg_open_local(tctx, &r1_ctx);
+	torture_assert_werr_ok(tctx, error, "Opening registry 1 for patch tests failed");
+	
+	error = reg_open_local(tctx, &r2_ctx);
+	torture_assert_werr_ok(tctx, error, "Opening registry 2 for patch tests failed");
+
+	/* Create temp directory */
+	status = torture_temp_dir(tctx, "patchfile", &td->tempdir);
+	torture_assert_ntstatus_ok(tctx, status, "Creating temp dir failed");
+
+	/* Create and mount HKLM and HKCU hives for registry 1 */
+	filename = talloc_asprintf(tctx, "%s/r1_local_machine.ldb", td->tempdir);
+	error = reg_open_ldb_file(tctx, filename, NULL, NULL, tctx->ev, tctx->lp_ctx, &r1_hklm);
+	torture_assert_werr_ok(tctx, error, "Opening local machine file failed");
+
+	error = reg_mount_hive(r1_ctx, r1_hklm, HKEY_LOCAL_MACHINE, NULL);
+	torture_assert_werr_ok(tctx, error, "Mounting hive failed");
+	
+	filename = talloc_asprintf(tctx, "%s/r1_current_user.ldb", td->tempdir);
+	error = reg_open_ldb_file(tctx, filename, NULL, NULL, tctx->ev, tctx->lp_ctx, &r1_hkcu);
+	torture_assert_werr_ok(tctx, error, "Opening current user file failed");
+
+	error = reg_mount_hive(r1_ctx, r1_hkcu, HKEY_CURRENT_USER, NULL);
+	torture_assert_werr_ok(tctx, error, "Mounting hive failed");
+	
+	/* Create and mount HKLM and HKCU hives for registry 2 */
+	filename = talloc_asprintf(tctx, "%s/r2_local_machine.ldb", td->tempdir);
+	error = reg_open_ldb_file(tctx, filename, NULL, NULL, tctx->ev, tctx->lp_ctx, &r2_hklm);
+	torture_assert_werr_ok(tctx, error, "Opening local machine file failed");
+
+	error = reg_mount_hive(r2_ctx, r2_hklm, HKEY_LOCAL_MACHINE, NULL);
+	torture_assert_werr_ok(tctx, error, "Mounting hive failed");
+	
+	filename = talloc_asprintf(tctx, "%s/r2_current_user.ldb", td->tempdir);
+	error = reg_open_ldb_file(tctx, filename, NULL, NULL, tctx->ev, tctx->lp_ctx, &r2_hkcu);
+	torture_assert_werr_ok(tctx, error, "Opening current user file failed");
+	
+	error = reg_mount_hive(r2_ctx, r2_hkcu, HKEY_CURRENT_USER, NULL);
+	torture_assert_werr_ok(tctx, error, "Mounting hive failed");
+
+	error = r1_ctx->ops->get_predefined_key(r1_ctx, HKEY_CURRENT_USER, &key);
+	torture_assert_werr_ok(tctx, error, "Opening HKEY_CURRENT_USER failed");
+	error = r1_ctx->ops->create_key(r1_ctx, key, "Network", NULL, NULL, &newkey);
+	torture_assert_werr_ok(tctx, error, "Opening HKCU\\Network failed");
+	error = r1_ctx->ops->create_key(r1_ctx, newkey, "L", NULL, NULL, &newkey);
+	torture_assert_werr_ok(tctx, error, "Opening HKCU\\Network\\L failed");
+
+	error = r2_ctx->ops->get_predefined_key(r2_ctx, HKEY_LOCAL_MACHINE, &key);
+	torture_assert_werr_ok(tctx, error, "Opening HKEY_LOCAL_MACHINE failed");
+	error = r2_ctx->ops->create_key(r2_ctx, key, "Software", NULL, NULL, &newkey);
+	torture_assert_werr_ok(tctx, error, "Creating HKLM\\Software failed");
+	error = r2_ctx->ops->create_key(r2_ctx, newkey, "Microsoft", NULL, NULL, &newkey);
+	torture_assert_werr_ok(tctx, error, "Creating HKLM\\Software\\Microsoft failed");
+	error = r2_ctx->ops->create_key(r2_ctx, newkey, "Windows", NULL, NULL, &newkey);
+	torture_assert_werr_ok(tctx, error, "Creating HKLM\\Software\\Microsoft\\Windows failed");
+	error = r2_ctx->ops->create_key(r2_ctx, newkey, "CurrentVersion", NULL, NULL, &newkey);
+	torture_assert_werr_ok(tctx, error, "Creating HKLM\\..\\Windows\\CurrentVersion failed");
+	error = r2_ctx->ops->create_key(r2_ctx, newkey, "Policies", NULL, NULL, &newkey);
+	torture_assert_werr_ok(tctx, error, "Creating HKLM\\..\\CurrentVersion\\Policies failed");
+	error = r2_ctx->ops->create_key(r2_ctx, newkey, "Explorer", NULL, NULL, &newkey);
+	torture_assert_werr_ok(tctx, error, "Creating HKLM\\..\\Policies\\Explorer failed");
+
+	blob.data = talloc_array(r2_ctx, uint8_t, 4);
+	/* set "0x03FFFFFF" in little endian format */
+	blob.data[0] = 0xFF; blob.data[1] = 0xFF;
+	blob.data[2] = 0xFF; blob.data[3] = 0x03;
+	blob.length = 4;
+
+	r1_ctx->ops->set_value(newkey, "NoDrives", REG_DWORD, blob);
+
+	/* Set test case data */
+	td->r1_ctx = r1_ctx;
+	td->r2_ctx = r2_ctx;
+
+	*data = td;
+
+	return true;
+}
+
+static bool diff_setup_preg_tcase (struct torture_context *tctx, void **data)
+{
+	struct diff_tcase_data *td;
+	WERROR error;
+
+	diff_setup_tcase(tctx, data);
+	td = *data;
+
+	td->filename = talloc_asprintf(tctx, "%s/test.pol", td->tempdir);
+	error = reg_preg_diff_save(tctx, td->filename,  &td->callbacks,
+							   &td->callback_data);
+	torture_assert_werr_ok(tctx, error, "reg_preg_diff_save");
+
+	return true;
+}
+
+static bool diff_setup_dotreg_tcase (struct torture_context *tctx, void **data)
+{
+	struct diff_tcase_data *td;
+	WERROR error;
+
+	diff_setup_tcase(tctx, data);
+	td = *data;
+
+	td->filename = talloc_asprintf(tctx, "%s/test.reg", td->tempdir);
+	error = reg_dotreg_diff_save(tctx, td->filename, &td->callbacks,
+								 &td->callback_data);
+	torture_assert_werr_ok(tctx, error, "reg_dotreg_diff_save");
+
+	return true;
+}
+
+struct torture_suite *torture_registry_diff(TALLOC_CTX *mem_ctx)
+{
+	struct torture_tcase *tcase;
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "diff");
+
+	tcase = torture_suite_add_tcase(suite, "PReg");
+	torture_tcase_set_fixture(tcase, diff_setup_preg_tcase, NULL);
+	tcase_add_tests(tcase);
+
+	tcase = torture_suite_add_tcase(suite, "dotreg");
+	torture_tcase_set_fixture(tcase, diff_setup_dotreg_tcase, NULL);
+	tcase_add_tests(tcase);
+
+	return suite;
+}
diff --git a/source4/lib/registry/tests/generic.c b/source4/lib/registry/tests/generic.c
new file mode 100644
index 0000000..2ef6f84
--- /dev/null
+++ b/source4/lib/registry/tests/generic.c
@@ -0,0 +1,179 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   local testing of registry library
+
+   Copyright (C) Jelmer Vernooij 2005-2007
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/registry/registry.h"
+#include "torture/torture.h"
+#include "librpc/gen_ndr/winreg.h"
+#include "param/param.h"
+#include "lib/registry/tests/proto.h"
+
+static bool test_str_regtype(struct torture_context *ctx)
+{
+	torture_assert_str_equal(ctx, str_regtype(0),
+				 "REG_NONE", "REG_NONE failed");
+	torture_assert_str_equal(ctx, str_regtype(1),
+				 "REG_SZ", "REG_SZ failed");
+	torture_assert_str_equal(ctx, str_regtype(2),
+				 "REG_EXPAND_SZ", "REG_EXPAND_SZ failed");
+	torture_assert_str_equal(ctx, str_regtype(3),
+				 "REG_BINARY", "REG_BINARY failed");
+	torture_assert_str_equal(ctx, str_regtype(4),
+				 "REG_DWORD", "REG_DWORD failed");
+	torture_assert_str_equal(ctx, str_regtype(5),
+				 "REG_DWORD_BIG_ENDIAN", "REG_DWORD_BIG_ENDIAN failed");
+	torture_assert_str_equal(ctx, str_regtype(6),
+				 "REG_LINK", "REG_LINK failed");
+	torture_assert_str_equal(ctx, str_regtype(7),
+				 "REG_MULTI_SZ", "REG_MULTI_SZ failed");
+	torture_assert_str_equal(ctx, str_regtype(8),
+				 "REG_RESOURCE_LIST", "REG_RESOURCE_LIST failed");
+	torture_assert_str_equal(ctx, str_regtype(9),
+				 "REG_FULL_RESOURCE_DESCRIPTOR", "REG_FULL_RESOURCE_DESCRIPTOR failed");
+	torture_assert_str_equal(ctx, str_regtype(10),
+				 "REG_RESOURCE_REQUIREMENTS_LIST", "REG_RESOURCE_REQUIREMENTS_LIST failed");
+	torture_assert_str_equal(ctx, str_regtype(11),
+				 "REG_QWORD", "REG_QWORD failed");
+
+	return true;
+}
+
+
+static bool test_reg_val_data_string_dword(struct torture_context *ctx)
+{
+	uint8_t d[] = { 0x20, 0x00, 0x00, 0x00 };
+	DATA_BLOB db = { d, 4 };
+	torture_assert_str_equal(ctx, "0x00000020",
+				 reg_val_data_string(ctx, REG_DWORD, db),
+				 "dword failed");
+	return true;
+}
+
+static bool test_reg_val_data_string_dword_big_endian(struct torture_context *ctx)
+{
+	uint8_t d[] = { 0x20, 0x00, 0x00, 0x00 };
+	DATA_BLOB db = { d, 4 };
+	torture_assert_str_equal(ctx, "0x00000020",
+				 reg_val_data_string(ctx, REG_DWORD_BIG_ENDIAN, db),
+				 "dword failed");
+	return true;
+}
+
+static bool test_reg_val_data_string_qword(struct torture_context *ctx)
+{
+	uint8_t d[] = { 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+	DATA_BLOB db = { d, 8 };
+	torture_assert_str_equal(ctx, "0x0000000000000020",
+				 reg_val_data_string(ctx, REG_QWORD, db),
+				 "qword failed");
+	return true;
+}
+
+static bool test_reg_val_data_string_sz(struct torture_context *ctx)
+{
+	DATA_BLOB db;
+	convert_string_talloc(ctx, CH_UTF8, CH_UTF16,
+					  "bla", 3, (void **)&db.data, &db.length);
+	torture_assert_str_equal(ctx, "bla",
+				 reg_val_data_string(ctx, REG_SZ, db),
+				 "sz failed");
+	db.length = 4;
+	torture_assert_str_equal(ctx, "bl",
+				 reg_val_data_string(ctx, REG_SZ, db),
+				 "sz failed");
+	return true;
+}
+
+static bool test_reg_val_data_string_binary(struct torture_context *ctx)
+{
+	uint8_t x[] = { 0x1, 0x2, 0x3, 0x4 };
+	DATA_BLOB db = { x, 4 };
+	torture_assert_str_equal(ctx, "01020304",
+				 reg_val_data_string(ctx, REG_BINARY, db),
+				 "binary failed");
+	return true;
+}
+
+
+static bool test_reg_val_data_string_empty(struct torture_context *ctx)
+{
+	DATA_BLOB db = { NULL, 0 };
+	torture_assert_str_equal(ctx, "",
+				 reg_val_data_string(ctx, REG_BINARY, db),
+				 "empty failed");
+	return true;
+}
+
+static bool test_reg_val_description(struct torture_context *ctx)
+{
+	DATA_BLOB data;
+	convert_string_talloc(ctx, CH_UTF8, CH_UTF16,
+					    "stationary traveller",
+					    strlen("stationary traveller"),
+					    (void **)&data.data, &data.length);
+	torture_assert_str_equal(ctx, "camel = REG_SZ : stationary traveller",
+				 reg_val_description(ctx, "camel", REG_SZ, data),
+				 "reg_val_description failed");
+	return true;
+}
+
+
+static bool test_reg_val_description_nullname(struct torture_context *ctx)
+{
+	DATA_BLOB data;
+	convert_string_talloc(ctx, CH_UTF8, CH_UTF16,
+					    "west berlin",
+					    strlen("west berlin"),
+					    (void **)&data.data, &data.length);
+	torture_assert_str_equal(ctx, "<No Name> = REG_SZ : west berlin",
+				 reg_val_description(ctx, NULL, REG_SZ, data),
+				 "description with null name failed");
+	return true;
+}
+
+struct torture_suite *torture_registry(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "registry");
+	torture_suite_add_simple_test(suite, "str_regtype",
+				      test_str_regtype);
+	torture_suite_add_simple_test(suite, "reg_val_data_string dword",
+				      test_reg_val_data_string_dword);
+	torture_suite_add_simple_test(suite, "reg_val_data_string dword_big_endian",
+				      test_reg_val_data_string_dword_big_endian);
+	torture_suite_add_simple_test(suite, "reg_val_data_string qword",
+				      test_reg_val_data_string_qword);
+	torture_suite_add_simple_test(suite, "reg_val_data_string sz",
+				      test_reg_val_data_string_sz);
+	torture_suite_add_simple_test(suite, "reg_val_data_string binary",
+				      test_reg_val_data_string_binary);
+	torture_suite_add_simple_test(suite, "reg_val_data_string empty",
+				      test_reg_val_data_string_empty);
+	torture_suite_add_simple_test(suite, "reg_val_description",
+				      test_reg_val_description);
+	torture_suite_add_simple_test(suite, "reg_val_description null",
+				      test_reg_val_description_nullname);
+
+	torture_suite_add_suite(suite, torture_registry_hive(suite));
+	torture_suite_add_suite(suite, torture_registry_registry(suite));
+	torture_suite_add_suite(suite, torture_registry_diff(suite));
+
+	return suite;
+}
diff --git a/source4/lib/registry/tests/hive.c b/source4/lib/registry/tests/hive.c
new file mode 100644
index 0000000..aca5cff
--- /dev/null
+++ b/source4/lib/registry/tests/hive.c
@@ -0,0 +1,440 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   local testing of registry library - hives
+
+   Copyright (C) Jelmer Vernooij 2005-2007
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "lib/registry/registry.h"
+#include "torture/torture.h"
+#include "librpc/gen_ndr/winreg.h"
+#include "system/filesys.h"
+#include "param/param.h"
+#include "libcli/security/security.h"
+#include "lib/registry/tests/proto.h"
+
+static bool test_del_nonexistent_key(struct torture_context *tctx,
+				     const void *test_data)
+{
+	const struct hive_key *root = (const struct hive_key *)test_data;
+	WERROR error = hive_key_del(tctx, root, "bla");
+	torture_assert_werr_equal(tctx, error, WERR_FILE_NOT_FOUND,
+				  "invalid return code");
+
+	return true;
+}
+
+static bool test_keyinfo_root(struct torture_context *tctx,
+			      const void *test_data)
+{
+	uint32_t num_subkeys, num_values;
+	const struct hive_key *root = (const struct hive_key *)test_data;
+	WERROR error;
+
+	/* This is a new backend. There should be no subkeys and no
+	 * values */
+	error = hive_key_get_info(tctx, root, NULL, &num_subkeys, &num_values,
+				  NULL, NULL, NULL, NULL);
+	torture_assert_werr_ok(tctx, error, "reg_key_num_subkeys()");
+
+	torture_assert_int_equal(tctx, num_subkeys, 0,
+				 "New key has non-zero subkey count");
+
+	torture_assert_werr_ok(tctx, error, "reg_key_num_values");
+
+	torture_assert_int_equal(tctx, num_values, 0,
+				 "New key has non-zero value count");
+
+	return true;
+}
+
+static bool test_keyinfo_nums(struct torture_context *tctx, void *test_data)
+{
+	uint32_t num_subkeys, num_values;
+	struct hive_key *root = (struct hive_key *)test_data;
+	WERROR error;
+	struct hive_key *subkey;
+	uint8_t d[] = { 0x42, 0x00, 0x00, 0x00 };
+	DATA_BLOB db = { d, 4 };
+
+	error = hive_key_add_name(tctx, root, "Nested Keyll", NULL,
+				  NULL, &subkey);
+	torture_assert_werr_ok(tctx, error, "hive_key_add_name");
+
+	error = hive_key_set_value(root, "Answer", REG_DWORD, db);
+	torture_assert_werr_ok(tctx, error, "hive_key_set_value");
+
+	/* This is a new backend. There should be no subkeys and no
+	 * values */
+	error = hive_key_get_info(tctx, root, NULL, &num_subkeys, &num_values,
+				  NULL, NULL, NULL, NULL);
+	torture_assert_werr_ok(tctx, error, "reg_key_num_subkeys()");
+
+	torture_assert_int_equal(tctx, num_subkeys, 1, "subkey count");
+
+	torture_assert_werr_ok(tctx, error, "reg_key_num_values");
+
+	torture_assert_int_equal(tctx, num_values, 1, "value count");
+
+	return true;
+}
+
+static bool test_add_subkey(struct torture_context *tctx,
+			    const void *test_data)
+{
+	WERROR error;
+	struct hive_key *subkey;
+	const struct hive_key *root = (const struct hive_key *)test_data;
+	TALLOC_CTX *mem_ctx = tctx;
+
+	error = hive_key_add_name(mem_ctx, root, "Nested Key", NULL,
+				  NULL, &subkey);
+	torture_assert_werr_ok(tctx, error, "hive_key_add_name");
+
+	error = hive_key_del(mem_ctx, root, "Nested Key");
+	torture_assert_werr_ok(tctx, error, "reg_key_del");
+
+	return true;
+}
+
+static bool test_del_recursive(struct torture_context *tctx,
+			       const void *test_data)
+{
+	WERROR error;
+	struct hive_key *subkey;
+	struct hive_key *subkey2;
+	const struct hive_key *root = (const struct hive_key *)test_data;
+	TALLOC_CTX *mem_ctx = tctx;
+	uint8_t d[] = { 0x42, 0x00, 0x00, 0x00 };
+	DATA_BLOB db = { d, 4 };
+
+	/* Create a new key under the root */
+	error = hive_key_add_name(mem_ctx, root, "Parent Key", NULL,
+				  NULL, &subkey);
+	torture_assert_werr_ok(tctx, error, "hive_key_add_name");
+
+	/* Create a new key under "Parent Key" */
+	error = hive_key_add_name(mem_ctx, subkey, "Child Key", NULL,
+				  NULL, &subkey2);
+	torture_assert_werr_ok(tctx, error, "hive_key_add_name");
+
+	/* Create a new value under "Child Key" */
+	error = hive_key_set_value(subkey2, "Answer Recursive", REG_DWORD, db);
+	torture_assert_werr_ok(tctx, error, "hive_key_set_value");
+
+	/* Deleting "Parent Key" will also delete "Child Key" and the value. */
+	error = hive_key_del(mem_ctx, root, "Parent Key");
+	torture_assert_werr_ok(tctx, error, "hive_key_del");
+
+	return true;
+}
+
+static bool test_flush_key(struct torture_context *tctx, void *test_data)
+{
+	struct hive_key *root = (struct hive_key *)test_data;
+
+	torture_assert_werr_ok(tctx, hive_key_flush(root), "flush key");
+
+	return true;
+}
+
+static bool test_del_key(struct torture_context *tctx, const void *test_data)
+{
+	WERROR error;
+	struct hive_key *subkey;
+	const struct hive_key *root = (const struct hive_key *)test_data;
+	TALLOC_CTX *mem_ctx = tctx;
+
+	error = hive_key_add_name(mem_ctx, root, "Nested Key", NULL,
+				  NULL, &subkey);
+	torture_assert_werr_ok(tctx, error, "hive_key_add_name");
+
+	error = hive_key_del(mem_ctx, root, "Nested Key");
+	torture_assert_werr_ok(tctx, error, "reg_key_del");
+
+	error = hive_key_del(mem_ctx, root, "Nested Key");
+	torture_assert_werr_equal(tctx, error, WERR_FILE_NOT_FOUND, "reg_key_del");
+
+	return true;
+}
+
+static bool test_set_value(struct torture_context *tctx,
+			   const void *test_data)
+{
+	WERROR error;
+	struct hive_key *subkey;
+	const struct hive_key *root = (const struct hive_key *)test_data;
+	TALLOC_CTX *mem_ctx = tctx;
+	uint8_t d[] = { 0x42, 0x00, 0x00, 0x00 };
+	DATA_BLOB db = { d, 4 };
+
+	error = hive_key_add_name(mem_ctx, root, "YA Nested Key", NULL,
+				  NULL, &subkey);
+	torture_assert_werr_ok(tctx, error, "hive_key_add_name");
+
+	error = hive_key_set_value(subkey, "Answer", REG_DWORD, db);
+	torture_assert_werr_ok(tctx, error, "hive_key_set_value");
+
+	return true;
+}
+
+static bool test_get_value(struct torture_context *tctx, const void *test_data)
+{
+	WERROR error;
+	struct hive_key *subkey;
+	const struct hive_key *root = (const struct hive_key *)test_data;
+	TALLOC_CTX *mem_ctx = tctx;
+	uint32_t type;
+	uint8_t d[] = { 0x42, 0x00, 0x00, 0x00 };
+	DATA_BLOB db = { d, 4 }, data;
+
+	error = hive_key_add_name(mem_ctx, root, "EYA Nested Key", NULL,
+				  NULL, &subkey);
+	torture_assert_werr_ok(tctx, error, "hive_key_add_name");
+
+	error = hive_get_value(mem_ctx, subkey, "Answer", &type, &data);
+	torture_assert_werr_equal(tctx, error, WERR_FILE_NOT_FOUND,
+				  "getting missing value");
+
+	error = hive_key_set_value(subkey, "Answer", REG_DWORD, db);
+	torture_assert_werr_ok(tctx, error, "hive_key_set_value");
+
+	error = hive_get_value(mem_ctx, subkey, "Answer", &type, &data);
+	torture_assert_werr_ok(tctx, error, "getting value");
+
+	torture_assert_int_equal(tctx, data.length, 4, "value length");
+	torture_assert_int_equal(tctx, type, REG_DWORD, "value type");
+
+	torture_assert_mem_equal(tctx, data.data, db.data, 4, "value data");
+
+	return true;
+}
+
+static bool test_del_value(struct torture_context *tctx, const void *test_data)
+{
+	WERROR error;
+	struct hive_key *subkey;
+	const struct hive_key *root = (const struct hive_key *)test_data;
+	TALLOC_CTX *mem_ctx = tctx;
+	uint32_t type;
+	uint8_t d[] = { 0x42, 0x00, 0x00, 0x00 };
+	DATA_BLOB db = { d, 4 };
+
+	error = hive_key_add_name(mem_ctx, root, "EEYA Nested Key", NULL,
+							 NULL, &subkey);
+	torture_assert_werr_ok(tctx, error, "hive_key_add_name");
+
+	error = hive_key_set_value(subkey, "Answer", REG_DWORD, db);
+	torture_assert_werr_ok(tctx, error, "hive_key_set_value");
+
+	error = hive_key_del_value(mem_ctx, subkey, "Answer");
+	torture_assert_werr_ok(tctx, error, "deleting value");
+
+	error = hive_get_value(mem_ctx, subkey, "Answer", &type, &db);
+	torture_assert_werr_equal(tctx, error, WERR_FILE_NOT_FOUND, "getting value");
+
+	error = hive_key_del_value(mem_ctx, subkey, "Answer");
+	torture_assert_werr_equal(tctx, error, WERR_FILE_NOT_FOUND,
+				  "deleting value");
+
+	return true;
+}
+
+static bool test_list_values(struct torture_context *tctx,
+			     const void *test_data)
+{
+	WERROR error;
+	struct hive_key *subkey;
+	const struct hive_key *root = (const struct hive_key *)test_data;
+	TALLOC_CTX *mem_ctx = tctx;
+	uint32_t type;
+	uint8_t d[] = { 0x42, 0x00, 0x00, 0x00 };
+	DATA_BLOB db = { d, 4 }, data;
+	const char *name;
+
+	error = hive_key_add_name(mem_ctx, root, "AYAYA Nested Key", NULL,
+				  NULL, &subkey);
+	torture_assert_werr_ok(tctx, error, "hive_key_add_name");
+
+	error = hive_key_set_value(subkey, "Answer", REG_DWORD, db);
+	torture_assert_werr_ok(tctx, error, "hive_key_set_value");
+
+	error = hive_get_value_by_index(mem_ctx, subkey, 0, &name,
+					&type, &data);
+	torture_assert_werr_ok(tctx, error, "getting value");
+
+	torture_assert_str_equal(tctx, name, "Answer", "value name");
+
+	torture_assert_int_equal(tctx, data.length, 4, "value length");
+	torture_assert_int_equal(tctx, type, REG_DWORD, "value type");
+	
+	torture_assert_mem_equal(tctx, data.data, db.data, 4, "value data");
+	
+	error = hive_get_value_by_index(mem_ctx, subkey, 1, &name,
+					&type, &data);
+	torture_assert_werr_equal(tctx, error, WERR_NO_MORE_ITEMS,
+				  "getting missing value");
+
+	return true;
+}
+
+static bool test_hive_security(struct torture_context *tctx, const void *_data)
+{
+	struct hive_key *subkey = NULL;
+        const struct hive_key *root = _data;
+	WERROR error;
+	struct security_descriptor *osd, *nsd;
+	
+	osd = security_descriptor_dacl_create(tctx,
+					 0,
+					 NULL, NULL,
+					 SID_NT_AUTHENTICATED_USERS,
+					 SEC_ACE_TYPE_ACCESS_ALLOWED,
+					 SEC_GENERIC_ALL,
+					 SEC_ACE_FLAG_OBJECT_INHERIT,
+					 NULL);
+
+
+	error = hive_key_add_name(tctx, root, "SecurityKey", NULL,
+				  osd, &subkey);
+	torture_assert_werr_ok(tctx, error, "hive_key_add_name");
+
+	error = hive_get_sec_desc(tctx, subkey, &nsd);
+	torture_assert_werr_ok (tctx, error, "getting security descriptor");
+
+	torture_assert(tctx, security_descriptor_equal(osd, nsd),
+		       "security descriptor changed!");
+
+	/* Create a fresh security descriptor */	
+	talloc_free(osd);
+	osd = security_descriptor_dacl_create(tctx,
+					 0,
+					 NULL, NULL,
+					 SID_NT_AUTHENTICATED_USERS,
+					 SEC_ACE_TYPE_ACCESS_ALLOWED,
+					 SEC_GENERIC_ALL,
+					 SEC_ACE_FLAG_OBJECT_INHERIT,
+					 NULL);
+
+	error = hive_set_sec_desc(subkey, osd);
+	torture_assert_werr_ok(tctx, error, "setting security descriptor");
+	
+	error = hive_get_sec_desc(tctx, subkey, &nsd);
+	torture_assert_werr_ok (tctx, error, "getting security descriptor");
+	
+	torture_assert(tctx, security_descriptor_equal(osd, nsd),
+		       "security descriptor changed!");
+
+	return true;
+}
+
+static void tcase_add_tests(struct torture_tcase *tcase)
+{
+	torture_tcase_add_simple_test_const(tcase, "del_nonexistent_key",
+						test_del_nonexistent_key);
+	torture_tcase_add_simple_test_const(tcase, "add_subkey",
+						test_add_subkey);
+	torture_tcase_add_simple_test(tcase, "flush_key",
+						test_flush_key);
+	/* test_del_recursive() test must run before test_keyinfo_root().
+	   test_keyinfo_root() checks the number of subkeys, which verifies
+	   the recursive delete worked properly. */
+	torture_tcase_add_simple_test_const(tcase, "del_recursive",
+						test_del_recursive);
+	torture_tcase_add_simple_test_const(tcase, "get_info",
+						test_keyinfo_root);
+	torture_tcase_add_simple_test(tcase, "get_info_nums",
+						test_keyinfo_nums);
+	torture_tcase_add_simple_test_const(tcase, "set_value",
+						test_set_value);
+	torture_tcase_add_simple_test_const(tcase, "get_value",
+						test_get_value);
+	torture_tcase_add_simple_test_const(tcase, "list_values",
+						test_list_values);
+	torture_tcase_add_simple_test_const(tcase, "del_key",
+						test_del_key);
+	torture_tcase_add_simple_test_const(tcase, "del_value",
+						test_del_value);
+	torture_tcase_add_simple_test_const(tcase, "check hive security",
+						test_hive_security);
+}
+
+static bool hive_setup_ldb(struct torture_context *tctx, void **data)
+{
+	struct hive_key *key;
+	WERROR error;
+	char *dirname;
+	NTSTATUS status;
+
+	status = torture_temp_dir(tctx, "hive-ldb", &dirname);
+	if (!NT_STATUS_IS_OK(status))
+		return false;
+
+	rmdir(dirname);
+
+	error = reg_open_ldb_file(tctx, dirname, NULL, NULL, tctx->ev, tctx->lp_ctx, &key);
+	if (!W_ERROR_IS_OK(error)) {
+		fprintf(stderr, "Unable to initialize ldb hive\n");
+		return false;
+	}
+
+	*data = key;
+
+	return true;
+}
+
+static bool hive_setup_regf(struct torture_context *tctx, void **data)
+{
+	struct hive_key *key;
+	WERROR error;
+	char *dirname;
+	NTSTATUS status;
+
+	status = torture_temp_dir(tctx, "hive-regf", &dirname);
+	if (!NT_STATUS_IS_OK(status))
+		return false;
+
+	rmdir(dirname);
+
+	error = reg_create_regf_file(tctx, dirname, 5, &key);
+	if (!W_ERROR_IS_OK(error)) {
+		fprintf(stderr, "Unable to create new regf file\n");
+		return false;
+	}
+
+	*data = key;
+
+	return true;
+}
+
+struct torture_suite *torture_registry_hive(TALLOC_CTX *mem_ctx)
+{
+	struct torture_tcase *tcase;
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "hive");
+
+	tcase = torture_suite_add_tcase(suite, "ldb");
+	torture_tcase_set_fixture(tcase, hive_setup_ldb, NULL);
+	tcase_add_tests(tcase);
+
+	tcase = torture_suite_add_tcase(suite, "regf");
+	torture_tcase_set_fixture(tcase, hive_setup_regf, NULL);
+	tcase_add_tests(tcase);
+
+	return suite;
+}
diff --git a/source4/lib/registry/tests/registry.c b/source4/lib/registry/tests/registry.c
new file mode 100644
index 0000000..4d94b5a
--- /dev/null
+++ b/source4/lib/registry/tests/registry.c
@@ -0,0 +1,645 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   local testing of registry library - registry backend
+
+   Copyright (C) Jelmer Vernooij 2005-2007
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "lib/registry/registry.h"
+#include "torture/torture.h"
+#include "librpc/gen_ndr/winreg.h"
+#include "libcli/security/security.h"
+#include "system/filesys.h"
+#include "lib/registry/tests/proto.h"
+
+/**
+ * Test obtaining a predefined key.
+ */
+static bool test_get_predefined(struct torture_context *tctx, void *_data)
+{
+	struct registry_context *rctx = (struct registry_context *)_data;
+	struct registry_key *root;
+	WERROR error;
+
+	error = reg_get_predefined_key(rctx, HKEY_CLASSES_ROOT, &root);
+	torture_assert_werr_ok(tctx, error,
+			       "getting predefined key failed");
+	return true;
+}
+
+/**
+ * Test obtaining a predefined key.
+ */
+static bool test_get_predefined_unknown(struct torture_context *tctx,
+		void *_data)
+{
+	struct registry_context *rctx = _data;
+	struct registry_key *root;
+	WERROR error;
+
+	error = reg_get_predefined_key(rctx, 1337, &root);
+	torture_assert_werr_equal(tctx, error, WERR_FILE_NOT_FOUND,
+				  "getting predefined key failed");
+	return true;
+}
+
+static bool test_predef_key_by_name(struct torture_context *tctx, void *_data)
+{
+	struct registry_context *rctx = (struct registry_context *)_data;
+	struct registry_key *root;
+	WERROR error;
+
+	error = reg_get_predefined_key_by_name(rctx, "HKEY_CLASSES_ROOT",
+					       &root);
+	torture_assert_werr_ok(tctx, error,
+			       "getting predefined key failed");
+
+	error = reg_get_predefined_key_by_name(rctx, "HKEY_classes_ROOT",
+					       &root);
+	torture_assert_werr_ok(tctx, error,
+			       "getting predefined key case insensitively failed");
+
+	return true;
+}
+
+static bool test_predef_key_by_name_invalid(struct torture_context *tctx,
+		void *_data)
+{
+	struct registry_context *rctx = (struct registry_context *)_data;
+	struct registry_key *root;
+	WERROR error;
+
+	error = reg_get_predefined_key_by_name(rctx, "BLA", &root);
+	torture_assert_werr_equal(tctx, error, WERR_FILE_NOT_FOUND,
+				  "getting predefined key failed");
+	return true;
+}
+
+/**
+ * Test creating a new subkey
+ */
+static bool test_create_subkey(struct torture_context *tctx, void *_data)
+{
+	struct registry_context *rctx = (struct registry_context *)_data;
+	struct registry_key *root, *newkey;
+	WERROR error;
+
+	error = reg_get_predefined_key(rctx, HKEY_CLASSES_ROOT, &root);
+	torture_assert_werr_ok(tctx, error,
+			       "getting predefined key failed");
+
+	error = reg_key_add_name(rctx, root, "Bad Bentheim", NULL, NULL,
+				 &newkey);
+	torture_assert_werr_ok(tctx, error, "Creating key return code");
+	torture_assert(tctx, newkey != NULL, "Creating new key");
+
+	return true;
+}
+
+/**
+ * Test creating a new nested subkey
+ */
+static bool test_create_nested_subkey(struct torture_context *tctx, void *_data)
+{
+	struct registry_context *rctx = (struct registry_context *)_data;
+	struct registry_key *root, *newkey;
+	WERROR error;
+
+	error = reg_get_predefined_key(rctx, HKEY_CLASSES_ROOT, &root);
+	torture_assert_werr_ok(tctx, error,
+			       "getting predefined key failed");
+
+	error = reg_key_add_name(rctx, root, "Hamburg\\Hamburg", NULL, NULL,
+				 &newkey);
+	torture_assert_werr_ok(tctx, error, "Creating key return code");
+	torture_assert(tctx, newkey != NULL, "Creating new key");
+
+	return true;
+}
+
+/**
+ * Test creating a new subkey
+ */
+static bool test_key_add_abs_top(struct torture_context *tctx, void *_data)
+{
+	struct registry_context *rctx = (struct registry_context *)_data;
+	struct registry_key *root;
+	WERROR error;
+
+	error = reg_key_add_abs(tctx, rctx, "HKEY_CLASSES_ROOT", 0, NULL,
+				&root);
+	torture_assert_werr_equal(tctx, error, WERR_ALREADY_EXISTS,
+				  "create top level");
+
+	return true;
+}
+
+/**
+ * Test creating a new subkey
+ */
+static bool test_key_add_abs(struct torture_context *tctx, void *_data)
+{
+	WERROR error;
+	struct registry_context *rctx = (struct registry_context *)_data;
+	struct registry_key *root, *result1, *result2;
+
+	error = reg_key_add_abs(tctx, rctx,  "HKEY_CLASSES_ROOT\\bloe", 0, NULL,
+				&result1);
+	torture_assert_werr_ok(tctx, error, "create lowest");
+
+	error = reg_key_add_abs(tctx, rctx,  "HKEY_CLASSES_ROOT\\bloe\\bla", 0,
+				NULL, &result1);
+	torture_assert_werr_ok(tctx, error, "create nested");
+
+	error = reg_get_predefined_key(rctx, HKEY_CLASSES_ROOT, &root);
+	torture_assert_werr_ok(tctx, error,
+			       "getting predefined key failed");
+
+	error = reg_open_key(tctx, root, "bloe", &result2);
+	torture_assert_werr_ok(tctx, error, "opening key");
+
+	error = reg_open_key(tctx, root, "bloe\\bla", &result2);
+	torture_assert_werr_ok(tctx, error, "opening key");
+
+	return true;
+}
+
+
+static bool test_del_key(struct torture_context *tctx, void *_data)
+{
+	struct registry_context *rctx = (struct registry_context *)_data;
+	struct registry_key *root, *newkey;
+	WERROR error;
+
+	error = reg_get_predefined_key(rctx, HKEY_CLASSES_ROOT, &root);
+	torture_assert_werr_ok(tctx, error,
+			       "getting predefined key failed");
+
+	error = reg_key_add_name(rctx, root, "Polen", NULL, NULL, &newkey);
+
+	torture_assert_werr_ok(tctx, error, "Creating key return code");
+	torture_assert(tctx, newkey != NULL, "Creating new key");
+
+	error = reg_key_del(tctx, root, "Polen");
+	torture_assert_werr_ok(tctx, error, "Delete key");
+
+	error = reg_key_del(tctx, root, "Polen");
+	torture_assert_werr_equal(tctx, error, WERR_FILE_NOT_FOUND,
+				  "Delete missing key");
+
+	return true;
+}
+
+/**
+ * Convenience function for opening the HKEY_CLASSES_ROOT hive and
+ * creating a single key for testing purposes.
+ */
+static bool create_test_key(struct torture_context *tctx,
+			    struct registry_context *rctx,
+			    const char *name,
+			    struct registry_key **root,
+			    struct registry_key **subkey)
+{
+	WERROR error;
+
+	error = reg_get_predefined_key(rctx, HKEY_CLASSES_ROOT, root);
+	torture_assert_werr_ok(tctx, error,
+			       "getting predefined key failed");
+
+	error = reg_key_add_name(rctx, *root, name, NULL, NULL, subkey);
+	torture_assert_werr_ok(tctx, error, "Creating key return code");
+
+	return true;
+}
+
+
+static bool test_flush_key(struct torture_context *tctx, void *_data)
+{
+	struct registry_context *rctx = (struct registry_context *)_data;
+	struct registry_key *root, *subkey;
+	WERROR error;
+
+	if (!create_test_key(tctx, rctx, "Bremen", &root, &subkey))
+		return false;
+
+	error = reg_key_flush(subkey);
+	torture_assert_werr_ok(tctx, error, "flush key");
+
+	torture_assert_werr_equal(tctx, reg_key_flush(NULL),
+				  WERR_INVALID_PARAMETER, "flush key");
+
+	return true;
+}
+
+static bool test_query_key(struct torture_context *tctx, void *_data)
+{
+	struct registry_context *rctx = (struct registry_context *)_data;
+	struct registry_key *root, *subkey;
+	WERROR error;
+	NTTIME last_changed_time;
+	uint32_t num_subkeys, num_values;
+	const char *classname;
+	const char *data = "temp";
+
+	if (!create_test_key(tctx, rctx, "Muenchen", &root, &subkey))
+		return false;
+
+	error = reg_key_get_info(tctx, subkey, &classname,
+				 &num_subkeys, &num_values,
+				 &last_changed_time, NULL, NULL, NULL);
+
+	torture_assert_werr_ok(tctx, error, "get info key");
+	torture_assert(tctx, classname == NULL, "classname");
+	torture_assert_int_equal(tctx, num_subkeys, 0, "num subkeys");
+	torture_assert_int_equal(tctx, num_values, 0, "num values");
+
+	error = reg_val_set(subkey, "", REG_SZ,
+			    data_blob_string_const(data));
+	torture_assert_werr_ok(tctx, error, "set default value");
+
+	error = reg_key_get_info(tctx, subkey, &classname,
+				 &num_subkeys, &num_values,
+				 &last_changed_time, NULL, NULL, NULL);
+
+	torture_assert_werr_ok(tctx, error, "get info key");
+	torture_assert(tctx, classname == NULL, "classname");
+	torture_assert_int_equal(tctx, num_subkeys, 0, "num subkeys");
+	torture_assert_int_equal(tctx, num_values, 1, "num values");
+
+	return true;
+}
+
+static bool test_query_key_nums(struct torture_context *tctx, void *_data)
+{
+	struct registry_context *rctx = (struct registry_context *)_data;
+	struct registry_key *root, *subkey1, *subkey2;
+	WERROR error;
+	uint32_t num_subkeys, num_values;
+	char data[4];
+	SIVAL(data, 0, 42);
+
+	if (!create_test_key(tctx, rctx, "Berlin", &root, &subkey1))
+		return false;
+
+	error = reg_key_add_name(rctx, subkey1, "Bentheim", NULL, NULL,
+				 &subkey2);
+	torture_assert_werr_ok(tctx, error, "Creating key return code");
+
+	error = reg_val_set(subkey1, "Answer", REG_DWORD,
+			    data_blob_talloc(tctx, &data, sizeof(data)));
+	torture_assert_werr_ok(tctx, error, "set value");
+
+	error = reg_key_get_info(tctx, subkey1, NULL, &num_subkeys,
+				 &num_values, NULL, NULL, NULL, NULL);
+
+	torture_assert_werr_ok(tctx, error, "get info key");
+	torture_assert_int_equal(tctx, num_subkeys, 1, "num subkeys");
+	torture_assert_int_equal(tctx, num_values, 1, "num values");
+
+	return true;
+}
+
+/**
+ * Test that the subkeys of a key can be enumerated, that
+ * the returned parameters for get_subkey_by_index are optional and
+ * that enumerating the parents of a non-top-level node works.
+ */
+static bool test_list_subkeys(struct torture_context *tctx, void *_data)
+{
+	struct registry_context *rctx = (struct registry_context *)_data;
+	struct registry_key *subkey = NULL, *root;
+	WERROR error;
+	NTTIME last_mod_time;
+	const char *classname, *name;
+
+	if (!create_test_key(tctx, rctx, "Goettingen", &root, &subkey))
+		return false;
+
+	error = reg_key_get_subkey_by_index(tctx, root, 0, &name, &classname,
+					    &last_mod_time);
+
+	torture_assert_werr_ok(tctx, error, "Enum keys return code");
+	torture_assert_str_equal(tctx, name, "Goettingen", "Enum keys data");
+
+
+	error = reg_key_get_subkey_by_index(tctx, root, 0, NULL, NULL, NULL);
+
+	torture_assert_werr_ok(tctx, error,
+			       "Enum keys with NULL arguments return code");
+
+	error = reg_key_get_subkey_by_index(tctx, root, 1, NULL, NULL, NULL);
+
+	torture_assert_werr_equal(tctx, error, WERR_NO_MORE_ITEMS,
+				  "Invalid error for no more items");
+
+	error = reg_key_get_subkey_by_index(tctx, subkey, 0, NULL, NULL, NULL);
+
+	torture_assert_werr_equal(tctx, error, WERR_NO_MORE_ITEMS,
+				  "Invalid error for no more items");
+
+	return true;
+}
+
+/**
+ * Test setting a value
+ */
+static bool test_set_value(struct torture_context *tctx, void *_data)
+{
+	struct registry_context *rctx = (struct registry_context *)_data;
+	struct registry_key *subkey = NULL, *root;
+	WERROR error;
+	char data[4];
+
+	SIVAL(data, 0, 42);
+
+	if (!create_test_key(tctx, rctx, "Dusseldorf", &root, &subkey))
+		return false;
+
+	error = reg_val_set(subkey, "Answer", REG_DWORD,
+			    data_blob_talloc(tctx, data, sizeof(data)));
+	torture_assert_werr_ok (tctx, error, "setting value");
+
+	return true;
+}
+
+/**
+ * Test getting/setting security descriptors
+ */
+static bool test_security(struct torture_context *tctx, void *_data)
+{
+	struct registry_context *rctx =	(struct registry_context *)_data;
+	struct registry_key *subkey = NULL, *root;
+	WERROR error;
+	struct security_descriptor *osd, *nsd;
+
+	if (!create_test_key(tctx, rctx, "Düsseldorf", &root, &subkey))
+		return false;
+
+	osd = security_descriptor_dacl_create(tctx,
+					 0,
+					 NULL, NULL,
+					 SID_NT_AUTHENTICATED_USERS,
+					 SEC_ACE_TYPE_ACCESS_ALLOWED,
+					 SEC_GENERIC_ALL,
+					 SEC_ACE_FLAG_OBJECT_INHERIT,
+					 NULL);
+
+	error = reg_set_sec_desc(subkey, osd);
+	torture_assert_werr_ok(tctx, error, "setting security descriptor");
+
+	error = reg_get_sec_desc(tctx, subkey, &nsd);
+	torture_assert_werr_ok (tctx, error, "getting security descriptor");
+
+	torture_assert(tctx, security_descriptor_equal(osd, nsd),
+		       "security descriptor changed!");
+
+	return true;
+}
+
+/**
+ * Test getting a value
+ */
+static bool test_get_value(struct torture_context *tctx, void *_data)
+{
+	struct registry_context *rctx =	(struct registry_context *)_data;
+	struct registry_key *subkey = NULL, *root;
+	WERROR error;
+	DATA_BLOB data;
+	char value[4];
+	uint32_t type;
+	const char *data_val = "temp";
+
+	SIVAL(value, 0, 42);
+
+	if (!create_test_key(tctx, rctx, "Duisburg", &root, &subkey))
+		return false;
+
+	error = reg_key_get_value_by_name(tctx, subkey, __FUNCTION__, &type,
+					  &data);
+	torture_assert_werr_equal(tctx, error, WERR_FILE_NOT_FOUND,
+				  "getting missing value");
+
+	error = reg_val_set(subkey, __FUNCTION__, REG_DWORD,
+			    data_blob_talloc(tctx, value, sizeof(value)));
+	torture_assert_werr_ok(tctx, error, "setting value");
+
+	error = reg_key_get_value_by_name(tctx, subkey, __FUNCTION__, &type,
+					  &data);
+	torture_assert_werr_ok(tctx, error, "getting value");
+
+	torture_assert_int_equal(tctx, sizeof(value), data.length, "value length ok");
+	torture_assert_mem_equal(tctx, data.data, value, sizeof(value),
+				 "value content ok");
+	torture_assert_int_equal(tctx, REG_DWORD, type, "value type");
+
+	error = reg_val_set(subkey, "", REG_SZ,
+			    data_blob_talloc(tctx, data_val,
+					     strlen(data_val)));
+	torture_assert_werr_ok(tctx, error, "set default value");
+
+	error = reg_key_get_value_by_name(tctx, subkey, "", &type,
+					  &data);
+	torture_assert_werr_ok(tctx, error, "getting default value");
+	torture_assert_int_equal(tctx, REG_SZ, type, "value type ok");
+	torture_assert_int_equal(tctx, strlen(data_val), data.length, "value length ok");
+	torture_assert_str_equal(tctx, data_val, (char *)data.data, "value ok");
+
+	return true;
+}
+
+/**
+ * Test unsetting a value
+ */
+static bool test_del_value(struct torture_context *tctx, void *_data)
+{
+	struct registry_context *rctx =(struct registry_context *)_data;
+	struct registry_key *subkey = NULL, *root;
+	WERROR error;
+	DATA_BLOB data;
+	uint32_t type;
+	char value[4];
+	const char *data_val = "temp";
+
+	SIVAL(value, 0, 42);
+
+	if (!create_test_key(tctx, rctx, "Warschau", &root, &subkey))
+		return false;
+
+	error = reg_key_get_value_by_name(tctx, subkey, __FUNCTION__, &type,
+					  &data);
+	torture_assert_werr_equal(tctx, error, WERR_FILE_NOT_FOUND,
+				  "getting missing value");
+
+	error = reg_val_set(subkey, __FUNCTION__, REG_DWORD,
+			    data_blob_talloc(tctx, value, sizeof(value)));
+	torture_assert_werr_ok (tctx, error, "setting value");
+
+	error = reg_del_value(tctx, subkey, __FUNCTION__);
+	torture_assert_werr_ok (tctx, error, "unsetting value");
+
+	error = reg_key_get_value_by_name(tctx, subkey, __FUNCTION__,
+					  &type, &data);
+	torture_assert_werr_equal(tctx, error, WERR_FILE_NOT_FOUND,
+				  "getting missing value");
+
+	error = reg_del_value(tctx, subkey, "");
+	torture_assert_werr_equal(tctx, error, WERR_FILE_NOT_FOUND,
+				  "unsetting missing default value");
+
+	error = reg_val_set(subkey, "", REG_SZ,
+			    data_blob_talloc(tctx, data_val,
+					     strlen(data_val)));
+	torture_assert_werr_ok(tctx, error, "set default value");
+
+	error = reg_del_value(tctx, subkey, "");
+	torture_assert_werr_ok (tctx, error, "unsetting default value");
+
+	return true;
+}
+
+/**
+ * Test listing values
+ */
+static bool test_list_values(struct torture_context *tctx, void *_data)
+{
+	struct registry_context *rctx = (struct registry_context *)_data;
+	struct registry_key *subkey = NULL, *root;
+	WERROR error;
+	DATA_BLOB data;
+	uint32_t type;
+	const char *name;
+	char value[4];
+	const char *data_val = "temp";
+
+	SIVAL(value, 0, 42);
+
+	if (!create_test_key(tctx, rctx, "Bonn", &root, &subkey))
+		return false;
+
+	error = reg_val_set(subkey, "bar", REG_DWORD,
+			    data_blob_talloc(tctx, value, sizeof(value)));
+	torture_assert_werr_ok (tctx, error, "setting value");
+
+	error = reg_key_get_value_by_index(tctx, subkey, 0, &name,
+					   &type, &data);
+	torture_assert_werr_ok(tctx, error, "getting value");
+
+	torture_assert_str_equal(tctx, name, "bar", "value name");
+	torture_assert_int_equal(tctx, sizeof(value), data.length, "value length");
+	torture_assert_mem_equal(tctx, data.data, value, sizeof(value),
+		       "value content");
+	torture_assert_int_equal(tctx, REG_DWORD, type, "value type");
+
+	error = reg_key_get_value_by_index(tctx, subkey, 1, &name,
+					   &type, &data);
+	torture_assert_werr_equal(tctx, error, WERR_NO_MORE_ITEMS,
+				  "getting missing value");
+
+	error = reg_val_set(subkey, "", REG_SZ,
+			    data_blob_talloc(tctx, data_val, strlen(data_val)));
+	torture_assert_werr_ok(tctx, error, "set default value");
+
+	error = reg_key_get_value_by_index(tctx, subkey, 0, &name,
+					   &type, &data);
+	torture_assert_werr_ok(tctx, error, "getting default value");
+	torture_assert_int_equal(tctx, REG_SZ, type, "value type ok");
+	torture_assert_int_equal(tctx, strlen(data_val), data.length, "value length ok");
+	torture_assert_str_equal(tctx, data_val, (char *)data.data, "value ok");
+
+	return true;
+}
+
+static bool setup_local_registry(struct torture_context *tctx, void **data)
+{
+	struct registry_context *rctx;
+	WERROR error;
+	char *tempdir;
+	NTSTATUS status;
+	struct hive_key *hive_key;
+	const char *filename;
+
+	error = reg_open_local(tctx, &rctx);
+	torture_assert_werr_ok(tctx, error, "Opening local registry failed");
+
+	status = torture_temp_dir(tctx, "registry-local", &tempdir);
+	torture_assert_ntstatus_ok(tctx, status, "Creating temp dir failed");
+
+	filename = talloc_asprintf(tctx, "%s/classes_root.ldb", tempdir);
+	error = reg_open_ldb_file(tctx, filename, NULL, NULL, tctx->ev, tctx->lp_ctx, &hive_key);
+	torture_assert_werr_ok(tctx, error, "Opening classes_root file failed");
+
+	error = reg_mount_hive(rctx, hive_key, HKEY_CLASSES_ROOT, NULL);
+	torture_assert_werr_ok(tctx, error, "Mounting hive failed");
+
+	*data = rctx;
+
+	return true;
+}
+
+static void tcase_add_tests(struct torture_tcase *tcase)
+{
+	torture_tcase_add_simple_test(tcase, "list_subkeys",
+					test_list_subkeys);
+	torture_tcase_add_simple_test(tcase, "get_predefined_key",
+					test_get_predefined);
+	torture_tcase_add_simple_test(tcase, "get_predefined_key",
+					test_get_predefined_unknown);
+	torture_tcase_add_simple_test(tcase, "create_key",
+					test_create_subkey);
+	torture_tcase_add_simple_test(tcase, "create_key",
+					test_create_nested_subkey);
+	torture_tcase_add_simple_test(tcase, "key_add_abs",
+					test_key_add_abs);
+	torture_tcase_add_simple_test(tcase, "key_add_abs_top",
+					test_key_add_abs_top);
+	torture_tcase_add_simple_test(tcase, "set_value",
+					test_set_value);
+	torture_tcase_add_simple_test(tcase, "get_value",
+					test_get_value);
+	torture_tcase_add_simple_test(tcase, "list_values",
+					test_list_values);
+	torture_tcase_add_simple_test(tcase, "del_key",
+					test_del_key);
+	torture_tcase_add_simple_test(tcase, "del_value",
+					test_del_value);
+	torture_tcase_add_simple_test(tcase, "flush_key",
+					test_flush_key);
+	torture_tcase_add_simple_test(tcase, "query_key",
+					test_query_key);
+	torture_tcase_add_simple_test(tcase, "query_key_nums",
+					test_query_key_nums);
+	torture_tcase_add_simple_test(tcase, "test_predef_key_by_name",
+					test_predef_key_by_name);
+	torture_tcase_add_simple_test(tcase, "security",
+					test_security);
+	torture_tcase_add_simple_test(tcase,"test_predef_key_by_name_invalid",
+					test_predef_key_by_name_invalid);
+}
+
+struct torture_suite *torture_registry_registry(TALLOC_CTX *mem_ctx)
+{
+	struct torture_tcase *tcase;
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "registry");
+
+	tcase = torture_suite_add_tcase(suite, "local");
+	torture_tcase_set_fixture(tcase, setup_local_registry, NULL);
+	tcase_add_tests(tcase);
+
+	return suite;
+}
diff --git a/source4/lib/registry/tools/common.c b/source4/lib/registry/tools/common.c
new file mode 100644
index 0000000..7fd5bd2
--- /dev/null
+++ b/source4/lib/registry/tools/common.c
@@ -0,0 +1,88 @@
+/*
+   Unix SMB/CIFS implementation.
+   Popt routines specifically for registry
+
+   Copyright (C) Jelmer Vernooij 2007
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "auth/credentials/credentials.h"
+#include "lib/registry/registry.h"
+#include "lib/registry/tools/common.h"
+
+struct registry_context *reg_common_open_remote(const char *remote,
+						struct tevent_context *ev_ctx,
+						struct loadparm_context *lp_ctx,
+						struct cli_credentials *creds)
+{
+	struct registry_context *h = NULL;
+	WERROR error;
+
+	error = reg_open_remote(NULL, &h, creds, lp_ctx, remote, ev_ctx);
+
+	if (!W_ERROR_IS_OK(error)) {
+		fprintf(stderr, "Unable to open remote registry at %s:%s \n",
+			remote, win_errstr(error));
+		return NULL;
+	}
+
+	return h;
+}
+
+struct registry_key *reg_common_open_file(const char *path,
+					  struct tevent_context *ev_ctx,
+					  struct loadparm_context *lp_ctx,
+					  struct cli_credentials *creds)
+{
+	struct hive_key *hive_root;
+	struct registry_context *h = NULL;
+	WERROR error;
+
+	error = reg_open_hive(ev_ctx, path, NULL, creds, ev_ctx, lp_ctx, &hive_root);
+
+	if(!W_ERROR_IS_OK(error)) {
+		fprintf(stderr, "Unable to open '%s': %s \n",
+			path, win_errstr(error));
+		return NULL;
+	}
+
+	error = reg_open_local(NULL, &h);
+	if (!W_ERROR_IS_OK(error)) {
+		fprintf(stderr, "Unable to initialize local registry: %s\n",
+			win_errstr(error));
+		return NULL;
+	}
+
+	return reg_import_hive_key(h, hive_root, -1, NULL);
+}
+
+struct registry_context *reg_common_open_local(struct cli_credentials *creds, 
+					       struct tevent_context *ev_ctx, 
+					       struct loadparm_context *lp_ctx)
+{
+	WERROR error;
+	struct registry_context *h = NULL;
+
+	error = reg_open_samba(NULL, &h, ev_ctx, lp_ctx, NULL, creds);
+
+	if(!W_ERROR_IS_OK(error)) {
+		fprintf(stderr, "Unable to open local registry:%s \n",
+			win_errstr(error));
+		return NULL;
+	}
+
+	return h;
+}
diff --git a/source4/lib/registry/tools/regdiff.c b/source4/lib/registry/tools/regdiff.c
new file mode 100644
index 0000000..977a974
--- /dev/null
+++ b/source4/lib/registry/tools/regdiff.c
@@ -0,0 +1,182 @@
+/*
+   Unix SMB/CIFS implementation.
+   simple registry frontend
+
+   Copyright (C) Jelmer Vernooij 2004-2007
+   Copyright (C) Wilco Baan Hofman 2006
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/registry/registry.h"
+#include "lib/events/events.h"
+#include "lib/cmdline/cmdline.h"
+#include "lib/registry/tools/common.h"
+#include "param/param.h"
+
+enum reg_backend { REG_UNKNOWN, REG_LOCAL, REG_REMOTE, REG_NULL };
+
+static struct registry_context *open_backend(TALLOC_CTX *mem_ctx,
+					     poptContext pc,
+					     struct tevent_context *ev_ctx,
+					     struct loadparm_context *lp_ctx,
+					     enum reg_backend backend,
+					     const char *remote_host)
+{
+	WERROR error;
+	struct registry_context *ctx;
+	struct cli_credentials *creds = samba_cmdline_get_creds();
+
+	switch (backend) {
+	case REG_UNKNOWN:
+		poptPrintUsage(pc, stderr, 0);
+		return NULL;
+	case REG_LOCAL:
+		error = reg_open_samba(mem_ctx, &ctx, ev_ctx, lp_ctx, NULL,
+				creds);
+		break;
+	case REG_REMOTE:
+		error = reg_open_remote(mem_ctx, &ctx, creds, lp_ctx,
+					remote_host, ev_ctx);
+		break;
+	case REG_NULL:
+		error = reg_open_local(mem_ctx, &ctx);
+		break;
+	}
+
+	if (!W_ERROR_IS_OK(error)) {
+		fprintf(stderr, "Error: %s\n", win_errstr(error));
+		return NULL;
+	}
+
+	return ctx;
+}
+
+int main(int argc, char **argv)
+{
+	const char **argv_const = discard_const_p(const char *, argv);
+	int opt;
+	poptContext pc;
+	char *outputfile = NULL;
+	enum reg_backend backend1 = REG_UNKNOWN, backend2 = REG_UNKNOWN;
+	const char *remote1 = NULL, *remote2 = NULL;
+	struct registry_context *h1 = NULL, *h2 = NULL;
+	WERROR error;
+	struct poptOption long_options[] = {
+		POPT_AUTOHELP
+		{"output", 'o', POPT_ARG_STRING, &outputfile, 0, "output file to use", NULL },
+		{"null", 'n', POPT_ARG_NONE, NULL, 'n', "Diff from NULL", NULL },
+		{"remote", 'R', POPT_ARG_STRING, NULL, 'R', "Connect to remote server" , NULL },
+		{"local", 'L', POPT_ARG_NONE, NULL, 'L', "Open local registry", NULL },
+		POPT_COMMON_SAMBA
+		POPT_COMMON_CREDENTIALS
+		POPT_COMMON_VERSION
+		{0}
+	};
+	TALLOC_CTX *ctx;
+	void *callback_data;
+	struct tevent_context *ev_ctx;
+	struct reg_diff_callbacks *callbacks;
+	struct loadparm_context *lp_ctx = NULL;
+	bool ok;
+
+	ctx = talloc_init("regdiff");
+	if (ctx == NULL) {
+		exit(ENOMEM);
+	}
+
+	ok = samba_cmdline_init(ctx,
+				SAMBA_CMDLINE_CONFIG_CLIENT,
+				false /* require_smbconf */);
+	if (!ok) {
+		DBG_ERR("Failed to init cmdline parser!\n");
+		TALLOC_FREE(ctx);
+		exit(1);
+	}
+
+	pc = samba_popt_get_context(getprogname(),
+				    argc,
+				    argv_const,
+				    long_options,
+				    0);
+	if (pc == NULL) {
+		DBG_ERR("Failed to setup popt context!\n");
+		TALLOC_FREE(ctx);
+		exit(1);
+	}
+
+	while((opt = poptGetNextOpt(pc)) != -1) {
+		error = WERR_OK;
+		switch(opt)	{
+		case 'L':
+			if (backend1 == REG_UNKNOWN)
+				backend1 = REG_LOCAL;
+			else if (backend2 == REG_UNKNOWN)
+				backend2 = REG_LOCAL;
+			break;
+		case 'n':
+			if (backend1 == REG_UNKNOWN)
+				backend1 = REG_NULL;
+			else if (backend2 == REG_UNKNOWN)
+				backend2 = REG_NULL;
+			break;
+		case 'R':
+			if (backend1 == REG_UNKNOWN) {
+				backend1 = REG_REMOTE;
+				remote1 = poptGetOptArg(pc);
+			} else if (backend2 == REG_UNKNOWN) {
+				backend2 = REG_REMOTE;
+				remote2 = poptGetOptArg(pc);
+			}
+			break;
+		case POPT_ERROR_BADOPT:
+			fprintf(stderr, "\nInvalid option %s: %s\n\n",
+				poptBadOption(pc, 0), poptStrerror(opt));
+			poptPrintUsage(pc, stderr, 0);
+			exit(1);
+		}
+
+	}
+
+	ev_ctx = s4_event_context_init(ctx);
+	lp_ctx = samba_cmdline_get_lp_ctx();
+
+	h1 = open_backend(ctx, pc, ev_ctx, lp_ctx, backend1, remote1);
+	if (h1 == NULL)
+		return 1;
+
+	h2 = open_backend(ctx, pc, ev_ctx, lp_ctx, backend2, remote2);
+	if (h2 == NULL)
+		return 1;
+
+	poptFreeContext(pc);
+	samba_cmdline_burn(argc, argv);
+
+	error = reg_dotreg_diff_save(ctx, outputfile, &callbacks, &callback_data);
+	if (!W_ERROR_IS_OK(error)) {
+		fprintf(stderr, "Problem saving registry diff to '%s': %s\n",
+			outputfile, win_errstr(error));
+		return -1;
+	}
+
+	error = reg_generate_diff(h1, h2, callbacks, callback_data);
+	if (!W_ERROR_IS_OK(error)) {
+		fprintf(stderr, "Unable to generate diff between keys: %s\n",
+			win_errstr(error));
+		return -1;
+	}
+
+	return 0;
+}
diff --git a/source4/lib/registry/tools/regpatch.c b/source4/lib/registry/tools/regpatch.c
new file mode 100644
index 0000000..eafaff6
--- /dev/null
+++ b/source4/lib/registry/tools/regpatch.c
@@ -0,0 +1,119 @@
+/*
+   Unix SMB/CIFS implementation.
+   simple registry frontend
+
+   Copyright (C) 2004-2007 Jelmer Vernooij, jelmer@samba.org
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include "lib/registry/registry.h"
+#include "lib/cmdline/cmdline.h"
+#include "lib/registry/tools/common.h"
+#include "param/param.h"
+#include "events/events.h"
+
+int main(int argc, char **argv)
+{
+	const char **argv_const = discard_const_p(const char *, argv);
+	bool ok;
+	TALLOC_CTX *mem_ctx = NULL;
+  	int opt;
+	poptContext pc;
+	const char *patch;
+	struct registry_context *h;
+	const char *file = NULL;
+	const char *remote = NULL;
+	struct tevent_context *ev_ctx;
+	struct loadparm_context *lp_ctx = NULL;
+	struct cli_credentials *creds = NULL;
+
+	struct poptOption long_options[] = {
+		POPT_AUTOHELP
+		{"remote", 'R', POPT_ARG_STRING, &remote, 0, "connect to specified remote server", NULL},
+		{"file", 'F', POPT_ARG_STRING, &file, 0, "file path", NULL },
+		POPT_COMMON_SAMBA
+		POPT_COMMON_CREDENTIALS
+		POPT_COMMON_VERSION
+		POPT_TABLEEND
+	};
+
+	mem_ctx = talloc_init("regtree.c/main");
+	if (mem_ctx == NULL) {
+		exit(ENOMEM);
+	}
+
+	ok = samba_cmdline_init(mem_ctx,
+				SAMBA_CMDLINE_CONFIG_CLIENT,
+				false /* require_smbconf */);
+	if (!ok) {
+		DBG_ERR("Failed to init cmdline parser!\n");
+		TALLOC_FREE(mem_ctx);
+		exit(1);
+	}
+
+	pc = samba_popt_get_context(getprogname(),
+				    argc,
+				    argv_const,
+				    long_options,
+				    0);
+	if (pc == NULL) {
+		DBG_ERR("Failed to setup popt context!\n");
+		TALLOC_FREE(mem_ctx);
+		exit(1);
+	}
+
+	while((opt = poptGetNextOpt(pc)) != -1) {
+		switch (opt) {
+		case POPT_ERROR_BADOPT:
+			fprintf(stderr, "\nInvalid option %s: %s\n\n",
+				poptBadOption(pc, 0), poptStrerror(opt));
+			poptPrintUsage(pc, stderr, 0);
+			exit(1);
+		}
+	}
+
+	ev_ctx = s4_event_context_init(NULL);
+	lp_ctx = samba_cmdline_get_lp_ctx();
+	creds = samba_cmdline_get_creds();
+
+	if (remote) {
+		h = reg_common_open_remote (remote, ev_ctx, lp_ctx, creds);
+	} else {
+		h = reg_common_open_local (creds, ev_ctx, lp_ctx);
+	}
+
+	if (h == NULL) {
+		TALLOC_FREE(mem_ctx);
+		return 1;
+	}
+
+	patch = talloc_strdup(mem_ctx, poptGetArg(pc));
+	if (patch == NULL) {
+		poptPrintUsage(pc, stderr, 0);
+		TALLOC_FREE(mem_ctx);
+		return 1;
+	}
+
+	poptFreeContext(pc);
+	samba_cmdline_burn(argc, argv);
+
+	reg_diff_apply(h, patch);
+
+	TALLOC_FREE(mem_ctx);
+
+	return 0;
+}
diff --git a/source4/lib/registry/tools/regshell.c b/source4/lib/registry/tools/regshell.c
new file mode 100644
index 0000000..dc7bf54
--- /dev/null
+++ b/source4/lib/registry/tools/regshell.c
@@ -0,0 +1,708 @@
+/*
+   Unix SMB/CIFS implementation.
+   simple registry frontend
+
+   Copyright (C) Jelmer Vernooij 2004-2007
+   Copyright (C) Wilco Baan Hofman 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/registry/registry.h"
+#include "lib/cmdline/cmdline.h"
+#include "lib/events/events.h"
+#include "system/time.h"
+#include "../libcli/smbreadline/smbreadline.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "lib/registry/tools/common.h"
+#include "param/param.h"
+
+struct regshell_context {
+	struct registry_context *registry;
+	char *path;
+	char *predef;
+	struct registry_key *current;
+	struct registry_key *root;
+};
+
+static WERROR get_full_path(struct regshell_context *ctx, const char *path, char **ret_path)
+{
+	const char *dir;
+	char *tmp;
+	char *new_path;
+
+	if (path[0] == '\\') {
+		new_path = talloc_strdup(ctx, "");
+	} else {
+ 		new_path = talloc_strdup(ctx, ctx->path);
+	}
+
+	dir = strtok(discard_const_p(char, path), "\\");
+	if (dir == NULL) {
+		*ret_path = new_path;
+		return WERR_OK;
+	}
+	do {
+		if (strcmp(dir, "..") == 0) {
+			if (strchr(new_path, '\\')) {
+				new_path[strrchr(new_path, '\\') - new_path] = '\0';
+			} else {
+				tmp = new_path;
+				new_path = talloc_strdup(ctx, "");
+				talloc_free(tmp);
+			}
+			continue;
+		}
+		if (strcmp(dir, ".") == 0) {
+			continue;
+		}
+
+		tmp = new_path;
+		/* No prepending a backslash */
+		if (strcmp(new_path, "") == 0) {
+			new_path = talloc_strdup(ctx, dir);
+		} else {
+			new_path = talloc_asprintf(ctx, "%s\\%s", new_path, dir);
+		}
+		talloc_free(tmp);
+
+	} while ((dir = strtok(NULL, "\\")));
+
+	*ret_path = new_path;
+	return WERR_OK;
+}
+
+/* *
+ * ck/cd - change key
+ * ls - list values/keys
+ * rmval/rm - remove value
+ * rmkey/rmdir - remove key
+ * mkkey/mkdir - make key
+ * ch - change hive
+ * info - show key info
+ * save - save hive
+ * print - print value
+ * help
+ * exit
+ */
+
+static WERROR cmd_info(struct regshell_context *ctx, int argc, const char **argv)
+{
+	struct security_descriptor *sec_desc = NULL;
+	time_t last_mod;
+	WERROR error;
+	const char *classname = NULL;
+	NTTIME last_change;
+	uint32_t max_subkeynamelen;
+	uint32_t max_valnamelen;
+	uint32_t max_valbufsize;
+	uint32_t num_subkeys;
+	uint32_t num_values;
+
+	error = reg_key_get_info(ctx, ctx->current, &classname, &num_subkeys, &num_values,
+				 &last_change, &max_subkeynamelen, &max_valnamelen, &max_valbufsize);
+	if (!W_ERROR_IS_OK(error)) {
+		printf("Error getting key info: %s\n", win_errstr(error));
+		return error;
+	}
+
+
+	printf("Name: %s\n", strchr(ctx->path, '\\')?strrchr(ctx->path, '\\')+1:
+		   ctx->path);
+	printf("Full path: %s\n", ctx->path);
+	if (classname != NULL)
+		printf("Key Class: %s\n", classname);
+	last_mod = nt_time_to_unix(last_change);
+	printf("Time Last Modified: %s", ctime(&last_mod));
+	printf("Number of subkeys: %d\n", num_subkeys);
+	printf("Number of values: %d\n", num_values);
+
+	if (max_valnamelen > 0)
+		printf("Maximum value name length: %d\n", max_valnamelen);
+
+	if (max_valbufsize > 0)
+		printf("Maximum value data length: %d\n", max_valbufsize);
+
+	if (max_subkeynamelen > 0)
+		printf("Maximum sub key name length: %d\n", max_subkeynamelen);
+
+	error = reg_get_sec_desc(ctx, ctx->current, &sec_desc);
+	if (!W_ERROR_IS_OK(error)) {
+		printf("Error getting security descriptor: %s\n", win_errstr(error));
+		return WERR_OK;
+	}
+	NDR_PRINT_DEBUG(security_descriptor, sec_desc);
+	talloc_free(sec_desc);
+
+	return WERR_OK;
+}
+
+static WERROR cmd_predef(struct regshell_context *ctx, int argc, const char **argv)
+{
+	struct registry_key *ret = NULL;
+	if (argc < 2) {
+		fprintf(stderr, "Usage: predef predefined-key-name\n");
+	} else if (!ctx) {
+		fprintf(stderr, "No full registry loaded, no predefined keys defined\n");
+	} else {
+		WERROR error = reg_get_predefined_key_by_name(ctx->registry,
+							      argv[1], &ret);
+
+		if (!W_ERROR_IS_OK(error)) {
+			fprintf(stderr, "Error opening predefined key %s: %s\n",
+				argv[1], win_errstr(error));
+			return error;
+		}
+
+		ctx->predef = strupper_talloc(ctx, argv[1]);
+		ctx->current = ret;
+		ctx->root = ret;
+	}
+
+	return WERR_OK;
+}
+
+static WERROR cmd_pwd(struct regshell_context *ctx,
+		      int argc, const char **argv)
+{
+	if (ctx->predef) {
+		printf("%s\\", ctx->predef);
+	}
+	printf("%s\n", ctx->path);
+	return WERR_OK;
+}
+
+static WERROR cmd_set(struct regshell_context *ctx, int argc, const char **argv)
+{
+	struct registry_value val;
+	WERROR error;
+
+	if (argc < 4) {
+		fprintf(stderr, "Usage: set value-name type value\n");
+		return WERR_INVALID_PARAMETER;
+	}
+
+	if (!reg_string_to_val(ctx, argv[2], argv[3], &val.data_type, &val.data)) {
+		fprintf(stderr, "Unable to interpret data\n");
+		return WERR_INVALID_PARAMETER;
+	}
+
+	error = reg_val_set(ctx->current, argv[1], val.data_type, val.data);
+	if (!W_ERROR_IS_OK(error)) {
+		fprintf(stderr, "Error setting value: %s\n", win_errstr(error));
+		return error;
+	}
+
+	return WERR_OK;
+}
+
+static WERROR cmd_ck(struct regshell_context *ctx, int argc, const char **argv)
+{
+	struct registry_key *nkey = NULL;
+	char *full_path;
+	WERROR error;
+
+	if(argc == 2) {
+		if (!W_ERROR_IS_OK(get_full_path(ctx, argv[1], &full_path))) {
+			fprintf(stderr, "Unable to parse the supplied path\n");
+			return WERR_INVALID_PARAMETER;
+		}
+		error = reg_open_key(ctx->registry, ctx->root, full_path,
+				     &nkey);
+		if(!W_ERROR_IS_OK(error)) {
+			DEBUG(0, ("Error opening specified key: %s\n",
+				win_errstr(error)));
+			return error;
+		}
+
+		talloc_free(ctx->path);
+		ctx->path = full_path;
+
+		ctx->current = nkey;
+	}
+	printf("New path is: %s\\%s\n", ctx->predef?ctx->predef:"", ctx->path);
+
+	return WERR_OK;
+}
+
+static WERROR cmd_print(struct regshell_context *ctx, int argc, const char **argv)
+{
+	uint32_t value_type;
+	DATA_BLOB value_data;
+	WERROR error;
+
+	if (argc != 2) {
+		fprintf(stderr, "Usage: print <valuename>\n");
+		return WERR_INVALID_PARAMETER;
+	}
+
+	error = reg_key_get_value_by_name(ctx, ctx->current, argv[1],
+					  &value_type, &value_data);
+	if (!W_ERROR_IS_OK(error)) {
+		fprintf(stderr, "No such value '%s'\n", argv[1]);
+		return error;
+	}
+
+	printf("%s\n%s\n", str_regtype(value_type),
+		   reg_val_data_string(ctx, value_type, value_data));
+
+	return WERR_OK;
+}
+
+static WERROR cmd_ls(struct regshell_context *ctx, int argc, const char **argv)
+{
+	unsigned int i;
+	WERROR error;
+	uint32_t valuetype;
+	DATA_BLOB valuedata;
+	const char *name = NULL;
+
+	for (i = 0; W_ERROR_IS_OK(error = reg_key_get_subkey_by_index(ctx,
+								      ctx->current,
+								      i,
+								      &name,
+								      NULL,
+								      NULL)); i++) {
+		printf("K %s\n", name);
+	}
+
+	if (!W_ERROR_EQUAL(error, WERR_NO_MORE_ITEMS)) {
+		fprintf(stderr, "Error occurred while browsing through keys: %s\n",
+			win_errstr(error));
+		return error;
+	}
+
+	for (i = 0; W_ERROR_IS_OK(error = reg_key_get_value_by_index(ctx,
+		ctx->current, i, &name, &valuetype, &valuedata)); i++)
+		printf("V \"%s\" %s %s\n", name, str_regtype(valuetype),
+			   reg_val_data_string(ctx, valuetype, valuedata));
+
+	return WERR_OK;
+}
+static WERROR cmd_mkkey(struct regshell_context *ctx, int argc, const char **argv)
+{
+	struct registry_key *tmp;
+	WERROR error;
+
+	if(argc < 2) {
+		fprintf(stderr, "Usage: mkkey <keyname>\n");
+		return WERR_INVALID_PARAMETER;
+	}
+
+	error = reg_key_add_name(ctx, ctx->current, argv[1], 0, NULL, &tmp);
+
+	if (!W_ERROR_IS_OK(error)) {
+		fprintf(stderr, "Error adding new subkey '%s': %s\n", argv[1],
+			win_errstr(error));
+		return error;
+	}
+
+	return WERR_OK;
+}
+
+static WERROR cmd_rmkey(struct regshell_context *ctx,
+			int argc, const char **argv)
+{
+	WERROR error;
+
+	if(argc < 2) {
+		fprintf(stderr, "Usage: rmkey <name>\n");
+		return WERR_INVALID_PARAMETER;
+	}
+
+	error = reg_key_del(ctx, ctx->current, argv[1]);
+	if(!W_ERROR_IS_OK(error)) {
+		fprintf(stderr, "Error deleting '%s'\n", argv[1]);
+		return error;
+	} else {
+		fprintf(stderr, "Successfully deleted '%s'\n", argv[1]);
+	}
+
+	return WERR_OK;
+}
+
+static WERROR cmd_rmval(struct regshell_context *ctx, int argc, const char **argv)
+{
+	WERROR error;
+
+	if(argc < 2) {
+		fprintf(stderr, "Usage: rmval <valuename>\n");
+		return WERR_INVALID_PARAMETER;
+	}
+
+	error = reg_del_value(ctx, ctx->current, argv[1]);
+	if(!W_ERROR_IS_OK(error)) {
+		fprintf(stderr, "Error deleting value '%s'\n", argv[1]);
+		return error;
+	} else {
+		fprintf(stderr, "Successfully deleted value '%s'\n", argv[1]);
+	}
+
+	return WERR_OK;
+}
+
+_NORETURN_ static WERROR cmd_exit(struct regshell_context *ctx,
+				  int argc, const char **argv)
+{
+	exit(0);
+}
+
+static WERROR cmd_help(struct regshell_context *ctx, int, const char **);
+
+static struct {
+	const char *name;
+	const char *alias;
+	const char *help;
+	WERROR (*handle)(struct regshell_context *ctx, int argc, const char **argv);
+} regshell_cmds[] = {
+	{"ck", "cd", "Change current key", cmd_ck },
+	{"info", "i", "Show detailed information of a key", cmd_info },
+	{"list", "ls", "List values/keys in current key", cmd_ls },
+	{"print", "p", "Print value", cmd_print },
+	{"mkkey", "mkdir", "Make new key", cmd_mkkey },
+	{"rmval", "rm", "Remove value", cmd_rmval },
+	{"rmkey", "rmdir", "Remove key", cmd_rmkey },
+	{"pwd", "pwk", "Printing current key", cmd_pwd },
+	{"set", "update", "Update value", cmd_set },
+	{"help", "?", "Help", cmd_help },
+	{"exit", "quit", "Exit", cmd_exit },
+	{"predef", "predefined", "Go to predefined key", cmd_predef },
+	{0}
+};
+
+static WERROR cmd_help(struct regshell_context *ctx,
+		       int argc, const char **argv)
+{
+	unsigned int i;
+	printf("Available commands:\n");
+	for(i = 0; regshell_cmds[i].name; i++) {
+		printf("%s - %s\n", regshell_cmds[i].name,
+			regshell_cmds[i].help);
+	}
+	return WERR_OK;
+}
+
+static WERROR process_cmd(struct regshell_context *ctx,
+			  char *line)
+{
+	int argc;
+	const char **argv = NULL;
+	int ret, i;
+
+	if ((ret = poptParseArgvString(line, &argc, &argv)) != 0) {
+		fprintf(stderr, "regshell: %s\n", poptStrerror(ret));
+		return WERR_INVALID_PARAMETER;
+	}
+
+	for(i = 0; regshell_cmds[i].name; i++) {
+		if(!strcmp(regshell_cmds[i].name, argv[0]) ||
+		   (regshell_cmds[i].alias && !strcmp(regshell_cmds[i].alias, argv[0]))) {
+			return regshell_cmds[i].handle(ctx, argc, argv);
+		}
+	}
+
+	fprintf(stderr, "No such command '%s'\n", argv[0]);
+
+	return WERR_INVALID_PARAMETER;
+}
+
+#define MAX_COMPLETIONS 100
+
+static struct registry_key *current_key = NULL;
+
+static char **reg_complete_command(const char *text, int start, int end)
+{
+	/* Complete command */
+	char **matches;
+	size_t len, samelen=0;
+	size_t i, count = 1;
+
+	matches = malloc_array_p(char *, MAX_COMPLETIONS);
+	if (!matches) return NULL;
+	matches[0] = NULL;
+
+	len = strlen(text);
+	for (i=0;regshell_cmds[i].handle && count < MAX_COMPLETIONS-1;i++) {
+		if (strncmp(text, regshell_cmds[i].name, len) == 0) {
+			matches[count] = strdup(regshell_cmds[i].name);
+			if (!matches[count])
+				goto cleanup;
+			if (count == 1)
+				samelen = strlen(matches[count]);
+			else
+				while (strncmp(matches[count], matches[count-1], samelen) != 0)
+					samelen--;
+			count++;
+		}
+	}
+
+	switch (count) {
+	case 0:	/* should never happen */
+	case 1:
+		goto cleanup;
+	case 2:
+		matches[0] = strdup(matches[1]);
+		break;
+	default:
+		matches[0] = strndup(matches[1], samelen);
+	}
+	matches[count] = NULL;
+	return matches;
+
+cleanup:
+	for (i = 0; i < count; i++) {
+		free(matches[i]);
+	}
+	free(matches);
+	return NULL;
+}
+
+static char **reg_complete_key(const char *text, int start, int end)
+{
+	struct registry_key *base;
+	const char *subkeyname;
+	unsigned int i, j = 1;
+	size_t len, samelen = 0;
+	char **matches;
+	const char *base_n = "";
+	TALLOC_CTX *mem_ctx;
+	WERROR status;
+	int ret;
+
+	matches = malloc_array_p(char *, MAX_COMPLETIONS);
+	if (!matches) return NULL;
+	matches[0] = NULL;
+	mem_ctx = talloc_init("completion");
+
+	base = current_key;
+
+	len = strlen(text);
+	for(i = 0; j < MAX_COMPLETIONS-1; i++) {
+		status = reg_key_get_subkey_by_index(mem_ctx, base, i,
+					     &subkeyname, NULL, NULL);
+		if(W_ERROR_IS_OK(status)) {
+			if(!strncmp(text, subkeyname, len)) {
+				matches[j] = strdup(subkeyname);
+				j++;
+
+				if (j == 1)
+					samelen = strlen(matches[j]);
+				else
+					while (strncmp(matches[j], matches[j-1], samelen) != 0)
+						samelen--;
+			}
+		} else if(W_ERROR_EQUAL(status, WERR_NO_MORE_ITEMS)) {
+			break;
+		} else {
+			int n;
+
+			printf("Error creating completion list: %s\n",
+				win_errstr(status));
+
+			for (n = j; n >= 0; n--) {
+				SAFE_FREE(matches[n]);
+			}
+			SAFE_FREE(matches);
+			talloc_free(mem_ctx);
+			return NULL;
+		}
+	}
+
+	if (j == 1) { /* No matches at all */
+		SAFE_FREE(matches);
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	if (j == 2) { /* Exact match */
+		ret = asprintf(&matches[0], "%s%s", base_n, matches[1]);
+	} else {
+		ret = asprintf(&matches[0], "%s%s", base_n,
+				talloc_strndup(mem_ctx, matches[1], samelen));
+	}
+	talloc_free(mem_ctx);
+	if (ret == -1) {
+		SAFE_FREE(matches);
+		return NULL;
+	}
+
+	matches[j] = NULL;
+	return matches;
+}
+
+static char **reg_completion(const char *text, int start, int end)
+{
+	smb_readline_ca_char(' ');
+
+	if (start == 0) {
+		return reg_complete_command(text, start, end);
+	} else {
+		return reg_complete_key(text, start, end);
+	}
+}
+
+int main(int argc, char **argv)
+{
+	const char **argv_const = discard_const_p(const char *, argv);
+	int opt;
+	const char *file = NULL;
+	poptContext pc;
+	const char *remote = NULL;
+	TALLOC_CTX *mem_ctx = NULL;
+	struct loadparm_context *lp_ctx = NULL;
+	struct cli_credentials *creds = NULL;
+	struct regshell_context *ctx;
+	struct tevent_context *ev_ctx;
+	bool ret = true;
+	bool ok;
+
+	struct poptOption long_options[] = {
+		POPT_AUTOHELP
+		{"file", 'F', POPT_ARG_STRING, &file, 0, "open hive file", NULL },
+		{"remote", 'R', POPT_ARG_STRING, &remote, 0, "connect to specified remote server", NULL},
+		POPT_COMMON_SAMBA
+		POPT_COMMON_CREDENTIALS
+		POPT_LEGACY_S4
+		POPT_COMMON_VERSION
+		POPT_TABLEEND
+	};
+
+	mem_ctx = talloc_init("regshell.c/main");
+	if (mem_ctx == NULL) {
+		exit(ENOMEM);
+	}
+
+	ok = samba_cmdline_init(mem_ctx,
+				SAMBA_CMDLINE_CONFIG_CLIENT,
+				false /* require_smbconf */);
+	if (!ok) {
+		DBG_ERR("Failed to init cmdline parser!\n");
+		TALLOC_FREE(mem_ctx);
+		exit(1);
+	}
+
+	pc = samba_popt_get_context(getprogname(),
+				    argc,
+				    argv_const,
+				    long_options,
+				    0);
+	if (pc == NULL) {
+		DBG_ERR("Failed to setup popt context!\n");
+		TALLOC_FREE(mem_ctx);
+		exit(1);
+	}
+
+	while((opt = poptGetNextOpt(pc)) != -1) {
+		switch (opt) {
+		case POPT_ERROR_BADOPT:
+			fprintf(stderr, "\nInvalid option %s: %s\n\n",
+				poptBadOption(pc, 0), poptStrerror(opt));
+			poptPrintUsage(pc, stderr, 0);
+			exit(1);
+		}
+	}
+
+	poptFreeContext(pc);
+	samba_cmdline_burn(argc, argv);
+
+	ctx = talloc_zero(mem_ctx, struct regshell_context);
+
+	ev_ctx = s4_event_context_init(ctx);
+	lp_ctx = samba_cmdline_get_lp_ctx();
+	creds = samba_cmdline_get_creds();
+
+	if (remote != NULL) {
+		ctx->registry = reg_common_open_remote(remote, ev_ctx,
+						       lp_ctx,
+						       creds);
+	} else if (file != NULL) {
+		ctx->current = reg_common_open_file(file, ev_ctx,
+						    lp_ctx,
+						    creds);
+		if (ctx->current == NULL) {
+			TALLOC_FREE(mem_ctx);
+			exit(1);
+		}
+		ctx->registry = ctx->current->context;
+		ctx->path = talloc_strdup(ctx, "");
+		ctx->predef = NULL;
+		ctx->root = ctx->current;
+	} else {
+		ctx->registry = reg_common_open_local(creds,
+						      ev_ctx,
+						      lp_ctx);
+	}
+
+	if (ctx->registry == NULL) {
+		TALLOC_FREE(mem_ctx);
+		exit(1);
+	}
+
+	if (ctx->current == NULL) {
+		unsigned int i;
+
+		for (i = 0; (reg_predefined_keys[i].handle != 0) &&
+			(ctx->current == NULL); i++) {
+			WERROR err;
+			err = reg_get_predefined_key(ctx->registry,
+						     reg_predefined_keys[i].handle,
+						     &ctx->current);
+			if (W_ERROR_IS_OK(err)) {
+				ctx->predef = talloc_strdup(ctx,
+							  reg_predefined_keys[i].name);
+				ctx->path = talloc_strdup(ctx, "");
+				ctx->root = ctx->current;
+				break;
+			} else {
+				ctx->current = NULL;
+				ctx->root = NULL;
+			}
+		}
+	}
+
+	if (ctx->current == NULL) {
+		fprintf(stderr, "Unable to access any of the predefined keys\n");
+		TALLOC_FREE(mem_ctx);
+		exit(1);
+	}
+
+	while (true) {
+		char *line, *prompt;
+
+		if (asprintf(&prompt, "%s\\%s> ", ctx->predef?ctx->predef:"",
+			     ctx->path) < 0) {
+			ret = false;
+			break;
+		}
+
+		current_key = ctx->current; 		/* No way to pass a void * pointer
+							   via readline :-( */
+		line = smb_readline(prompt, NULL, reg_completion);
+
+		if (line == NULL) {
+			free(prompt);
+			break;
+		}
+
+		if (line[0] != '\n') {
+			ret = W_ERROR_IS_OK(process_cmd(ctx, line));
+		}
+		free(line);
+		free(prompt);
+	}
+	TALLOC_FREE(mem_ctx);
+
+	return (ret?0:1);
+}
diff --git a/source4/lib/registry/tools/regtree.c b/source4/lib/registry/tools/regtree.c
new file mode 100644
index 0000000..1f0dac2
--- /dev/null
+++ b/source4/lib/registry/tools/regtree.c
@@ -0,0 +1,209 @@
+/*
+   Unix SMB/CIFS implementation.
+   simple registry frontend
+
+   Copyright (C) Jelmer Vernooij 2004-2007
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/registry/registry.h"
+#include "lib/registry/tools/common.h"
+#include "lib/events/events.h"
+#include "lib/cmdline/cmdline.h"
+#include "param/param.h"
+
+/**
+ * Print a registry key recursively
+ *
+ * @param level Level at which to print
+ * @param p Key to print
+ * @param fullpath Whether the full pat hshould be printed or just the last bit
+ * @param novals Whether values should not be printed
+ */
+static void print_tree(unsigned int level, struct registry_key *p,
+		       const char *name,
+		       bool fullpath, bool novals)
+{
+	struct registry_key *subkey;
+	const char *valuename, *keyname;
+	uint32_t valuetype;
+	DATA_BLOB valuedata;
+	struct security_descriptor *sec_desc;
+	WERROR error;
+	unsigned int i;
+	TALLOC_CTX *mem_ctx;
+
+	for(i = 0; i < level; i++) putchar(' ');
+	puts(name);
+
+	mem_ctx = talloc_init("print_tree");
+	for (i = 0; W_ERROR_IS_OK(error = reg_key_get_subkey_by_index(mem_ctx,
+								      p,
+								      i,
+								      &keyname,
+								      NULL,
+								      NULL)); i++) {
+
+	        SMB_ASSERT(strlen(keyname) > 0);
+		if (!W_ERROR_IS_OK(reg_open_key(mem_ctx, p, keyname, &subkey)))
+		        continue;
+
+		print_tree(level+1, subkey, (fullpath && strlen(name))?
+                                               talloc_asprintf(mem_ctx, "%s\\%s",
+                                                               name, keyname):
+                                               keyname, fullpath, novals);
+		talloc_free(subkey);
+	}
+	talloc_free(mem_ctx);
+
+	if(!W_ERROR_EQUAL(error, WERR_NO_MORE_ITEMS)) {
+		DEBUG(0, ("Error occurred while fetching subkeys for '%s': %s\n",
+				  name, win_errstr(error)));
+	}
+
+	if (!novals) {
+		mem_ctx = talloc_init("print_tree");
+		for(i = 0; W_ERROR_IS_OK(error = reg_key_get_value_by_index(
+			mem_ctx, p, i, &valuename, &valuetype, &valuedata));
+			i++) {
+			unsigned int j;
+			for(j = 0; j < level+1; j++) putchar(' ');
+			printf("%s\n",  reg_val_description(mem_ctx,
+				valuename, valuetype, valuedata));
+		}
+		talloc_free(mem_ctx);
+
+		if(!W_ERROR_EQUAL(error, WERR_NO_MORE_ITEMS)) {
+			DEBUG(0, ("Error occurred while fetching values for '%s': %s\n",
+				name, win_errstr(error)));
+		}
+	}
+
+	mem_ctx = talloc_init("sec_desc");
+	if (!W_ERROR_IS_OK(reg_get_sec_desc(mem_ctx, p, &sec_desc))) {
+		DEBUG(0, ("Error getting security descriptor\n"));
+	}
+	talloc_free(mem_ctx);
+}
+
+int main(int argc, char **argv)
+{
+	const char **argv_const = discard_const_p(const char *, argv);
+	bool ok;
+	TALLOC_CTX *mem_ctx = NULL;
+	int opt;
+	unsigned int i;
+	const char *file = NULL;
+	const char *remote = NULL;
+	poptContext pc;
+	struct registry_context *h = NULL;
+	struct registry_key *start_key = NULL;
+	struct tevent_context *ev_ctx;
+	struct loadparm_context *lp_ctx = NULL;
+	struct cli_credentials *creds = NULL;
+	WERROR error;
+	bool fullpath = false, no_values = false;
+	struct poptOption long_options[] = {
+		POPT_AUTOHELP
+		{"file", 'F', POPT_ARG_STRING, &file, 0, "file path", NULL },
+		{"remote", 'R', POPT_ARG_STRING, &remote, 0, "connect to specified remote server", NULL },
+		{"fullpath", 'f', POPT_ARG_NONE, &fullpath, 0, "show full paths", NULL},
+		{"no-values", 'V', POPT_ARG_NONE, &no_values, 0, "don't show values", NULL},
+		POPT_COMMON_SAMBA
+		POPT_COMMON_CREDENTIALS
+		POPT_COMMON_VERSION
+		POPT_TABLEEND
+	};
+
+	mem_ctx = talloc_init("regtree.c/main");
+	if (mem_ctx == NULL) {
+		exit(ENOMEM);
+	}
+
+	ok = samba_cmdline_init(mem_ctx,
+				SAMBA_CMDLINE_CONFIG_CLIENT,
+				false /* require_smbconf */);
+	if (!ok) {
+		DBG_ERR("Failed to init cmdline parser!\n");
+		TALLOC_FREE(mem_ctx);
+		exit(1);
+	}
+
+	pc = samba_popt_get_context(getprogname(),
+				    argc,
+				    argv_const,
+				    long_options,
+				    0);
+	if (pc == NULL) {
+		DBG_ERR("Failed to setup popt context!\n");
+		TALLOC_FREE(mem_ctx);
+		exit(1);
+	}
+
+	while((opt = poptGetNextOpt(pc)) != -1) {
+		switch (opt) {
+		case POPT_ERROR_BADOPT:
+			fprintf(stderr, "\nInvalid option %s: %s\n\n",
+				poptBadOption(pc, 0), poptStrerror(opt));
+			poptPrintUsage(pc, stderr, 0);
+			exit(1);
+		}
+	}
+
+	poptFreeContext(pc);
+	samba_cmdline_burn(argc, argv);
+
+	ev_ctx = s4_event_context_init(NULL);
+	lp_ctx = samba_cmdline_get_lp_ctx();
+	creds = samba_cmdline_get_creds();
+
+	if (remote != NULL) {
+		h = reg_common_open_remote(remote, ev_ctx, lp_ctx, creds);
+	} else if (file != NULL) {
+		start_key = reg_common_open_file(file, ev_ctx, lp_ctx, creds);
+	} else {
+		h = reg_common_open_local(creds, ev_ctx, lp_ctx);
+	}
+
+	if (h == NULL && start_key == NULL) {
+		TALLOC_FREE(mem_ctx);
+		return 1;
+	}
+
+	error = WERR_OK;
+
+	if (start_key != NULL) {
+		print_tree(0, start_key, "", fullpath, no_values);
+	} else {
+		for(i = 0; reg_predefined_keys[i].handle; i++) {
+			error = reg_get_predefined_key(h,
+						       reg_predefined_keys[i].handle,
+						       &start_key);
+			if (!W_ERROR_IS_OK(error)) {
+				fprintf(stderr, "Skipping %s: %s\n",
+					reg_predefined_keys[i].name,
+					win_errstr(error));
+				continue;
+			}
+			SMB_ASSERT(start_key != NULL);
+			print_tree(0, start_key, reg_predefined_keys[i].name,
+				   fullpath, no_values);
+		}
+	}
+
+	TALLOC_FREE(mem_ctx);
+	return 0;
+}
diff --git a/source4/lib/registry/util.c b/source4/lib/registry/util.c
new file mode 100644
index 0000000..1197adb
--- /dev/null
+++ b/source4/lib/registry/util.c
@@ -0,0 +1,302 @@
+/*
+   Unix SMB/CIFS implementation.
+   Transparent registry backend handling
+   Copyright (C) Jelmer Vernooij			2003-2007.
+   Copyright (C) Wilco Baan Hofman			2010.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/registry/registry.h"
+#include "librpc/gen_ndr/winreg.h"
+#include "lib/util/data_blob.h"
+
+_PUBLIC_ char *reg_val_data_string(TALLOC_CTX *mem_ctx, uint32_t type,
+				   const DATA_BLOB data)
+{
+	size_t converted_size = 0;
+	char *ret = NULL;
+
+	if (data.length == 0)
+		return talloc_strdup(mem_ctx, "");
+
+	switch (type) {
+		case REG_EXPAND_SZ:
+		case REG_SZ:
+			convert_string_talloc(mem_ctx,
+					      CH_UTF16, CH_UNIX,
+					      data.data, data.length,
+					      (void **)&ret, &converted_size);
+			break;
+		case REG_DWORD:
+		case REG_DWORD_BIG_ENDIAN:
+			SMB_ASSERT(data.length == sizeof(uint32_t));
+			ret = talloc_asprintf(mem_ctx, "0x%8.8x",
+					      IVAL(data.data, 0));
+			break;
+		case REG_QWORD:
+			SMB_ASSERT(data.length == sizeof(uint64_t));
+			ret = talloc_asprintf(mem_ctx, "0x%16.16llx",
+					      (long long)BVAL(data.data, 0));
+			break;
+		case REG_BINARY:
+			ret = data_blob_hex_string_upper(mem_ctx, &data);
+			break;
+		case REG_NONE:
+			/* "NULL" is the right return value */
+			break;
+		case REG_MULTI_SZ:
+			/* FIXME: We don't support this yet */
+			break;
+		default:
+			/* FIXME */
+			/* Other datatypes aren't supported -> return "NULL" */
+			break;
+	}
+
+	return ret;
+}
+
+/** Generate a string that describes a registry value */
+_PUBLIC_ char *reg_val_description(TALLOC_CTX *mem_ctx,
+				   const char *name,
+				   uint32_t data_type,
+				   const DATA_BLOB data)
+{
+	return talloc_asprintf(mem_ctx, "%s = %s : %s", name?name:"<No Name>",
+			       str_regtype(data_type),
+			       reg_val_data_string(mem_ctx, data_type, data));
+}
+
+/*
+ * This implements reading hex bytes that include comma's.
+ * It was previously handled by strhex_to_data_blob, but that did not cover
+ * the format used by windows.
+ */
+static DATA_BLOB reg_strhex_to_data_blob(TALLOC_CTX *mem_ctx, const char *str)
+{
+	DATA_BLOB ret;
+	const char *HEXCHARS = "0123456789ABCDEF";
+	size_t i, j;
+	char *hi, *lo;
+
+	ret = data_blob_talloc_zero(mem_ctx, (strlen(str)+(strlen(str) % 3))/3);
+	j = 0;
+	for (i = 0; i < strlen(str); i++) {
+		hi = strchr(HEXCHARS, toupper(str[i]));
+		if (hi == NULL)
+			continue;
+
+		i++;
+		lo = strchr(HEXCHARS, toupper(str[i]));
+		if (lo == NULL)
+			break;
+
+		ret.data[j] = PTR_DIFF(hi, HEXCHARS) << 4;
+		ret.data[j] += PTR_DIFF(lo, HEXCHARS);
+		j++;
+
+		if (j > ret.length) {
+			DEBUG(0, ("Trouble converting hex string to bin\n"));
+			break;
+		}
+	}
+	return ret;
+}
+
+
+_PUBLIC_ bool reg_string_to_val(TALLOC_CTX *mem_ctx, const char *type_str,
+				const char *data_str, uint32_t *type, DATA_BLOB *data)
+{
+	char *tmp_type_str, *p, *q;
+	int result;
+
+	*type = regtype_by_string(type_str);
+
+	if (*type == -1) {
+		/* Normal windows format is hex, hex(type int as string),
+		   dword or just a string. */
+		if (strncmp(type_str, "hex(", 4) == 0) {
+			/* there is a hex string with the value type between
+			   the braces */
+			tmp_type_str = talloc_strdup(mem_ctx, type_str);
+			q = p = tmp_type_str + strlen("hex(");
+
+			/* Go to the closing brace or end of the string */
+			while (*q != ')' && *q != '\0') q++;
+			*q = '\0';
+
+			/* Convert hex string to int, store it in type */
+			result = sscanf(p, "%x", type);
+			if (!result) {
+				DEBUG(0, ("Could not convert hex to int\n"));
+				return false;
+			}
+			talloc_free(tmp_type_str);
+		} else if (strcmp(type_str, "hex") == 0) {
+			*type = REG_BINARY;
+		} else if (strcmp(type_str, "dword") == 0) {
+			*type = REG_DWORD;
+		}
+	}
+
+	if (*type == -1)
+		return false;
+
+	/* Convert data appropriately */
+
+	switch (*type) {
+		case REG_SZ:
+			return convert_string_talloc(mem_ctx,
+						     CH_UNIX, CH_UTF16,
+						     data_str, strlen(data_str)+1,
+						     (void **)&data->data,
+						     &data->length);
+			break;
+		case REG_MULTI_SZ:
+		case REG_EXPAND_SZ:
+		case REG_BINARY:
+			*data = reg_strhex_to_data_blob(mem_ctx, data_str);
+			break;
+		case REG_DWORD:
+		case REG_DWORD_BIG_ENDIAN: {
+			uint32_t tmp = strtol(data_str, NULL, 16);
+			*data = data_blob_talloc(mem_ctx, NULL, sizeof(uint32_t));
+			if (data->data == NULL) return false;
+			SIVAL(data->data, 0, tmp);
+			}
+			break;
+		case REG_QWORD: {
+			uint64_t tmp = strtoll(data_str, NULL, 16);
+			*data = data_blob_talloc(mem_ctx, NULL, sizeof(uint64_t));
+			if (data->data == NULL) return false;
+			SBVAL(data->data, 0, tmp);
+			}
+			break;
+		case REG_NONE:
+			ZERO_STRUCTP(data);
+			break;
+		default:
+			/* FIXME */
+			/* Other datatypes aren't supported -> return no success */
+			return false;
+	}
+	return true;
+}
+
+/** Open a key by name (including the predefined key name!) */
+WERROR reg_open_key_abs(TALLOC_CTX *mem_ctx, struct registry_context *handle,
+			const char *name, struct registry_key **result)
+{
+	struct registry_key *predef;
+	WERROR error;
+	size_t predeflength;
+	char *predefname;
+
+	if (strchr(name, '\\') != NULL)
+		predeflength = strchr(name, '\\')-name;
+	else
+		predeflength = strlen(name);
+
+	predefname = talloc_strndup(mem_ctx, name, predeflength);
+	W_ERROR_HAVE_NO_MEMORY(predefname);
+	error = reg_get_predefined_key_by_name(handle, predefname, &predef);
+	talloc_free(predefname);
+
+	if (!W_ERROR_IS_OK(error)) {
+		return error;
+	}
+
+	if (strchr(name, '\\')) {
+		return reg_open_key(mem_ctx, predef, strchr(name, '\\')+1,
+				    result);
+	} else {
+		*result = predef;
+		return WERR_OK;
+	}
+}
+
+static WERROR get_abs_parent(TALLOC_CTX *mem_ctx, struct registry_context *ctx,
+			     const char *path, struct registry_key **parent,
+			     const char **name)
+{
+	char *parent_name;
+	WERROR error;
+
+	if (strchr(path, '\\') == NULL) {
+		return WERR_FOOBAR;
+	}
+
+	parent_name = talloc_strndup(mem_ctx, path, strrchr(path, '\\')-path);
+	W_ERROR_HAVE_NO_MEMORY(parent_name);
+	error = reg_open_key_abs(mem_ctx, ctx, parent_name, parent);
+	talloc_free(parent_name);
+	if (!W_ERROR_IS_OK(error)) {
+		return error;
+	}
+
+	*name = talloc_strdup(mem_ctx, strrchr(path, '\\')+1);
+	W_ERROR_HAVE_NO_MEMORY(*name);
+
+	return WERR_OK;
+}
+
+WERROR reg_key_del_abs(struct registry_context *ctx, const char *path)
+{
+	struct registry_key *parent;
+	const char *n;
+	TALLOC_CTX *mem_ctx = talloc_init("reg_key_del_abs");
+	WERROR error;
+
+	if (!strchr(path, '\\')) {
+		return WERR_FOOBAR;
+	}
+
+	error = get_abs_parent(mem_ctx, ctx, path, &parent, &n);
+	if (W_ERROR_IS_OK(error)) {
+		error = reg_key_del(mem_ctx, parent, n);
+	}
+
+	talloc_free(mem_ctx);
+
+	return error;
+}
+
+WERROR reg_key_add_abs(TALLOC_CTX *mem_ctx, struct registry_context *ctx,
+		       const char *path, uint32_t access_mask,
+		       struct security_descriptor *sec_desc,
+		       struct registry_key **result)
+{
+	struct registry_key *parent;
+	const char *n;
+	WERROR error;
+
+	*result = NULL;
+
+	if (!strchr(path, '\\')) {
+		return WERR_ALREADY_EXISTS;
+	}
+
+	error = get_abs_parent(mem_ctx, ctx, path, &parent, &n);
+	if (!W_ERROR_IS_OK(error)) {
+		DEBUG(2, ("Opening parent of %s failed with %s\n", path,
+				  win_errstr(error)));
+		return error;
+	}
+
+	error = reg_key_add_name(mem_ctx, parent, n, NULL, sec_desc, result);
+
+	return error;
+}
diff --git a/source4/lib/registry/wine.c b/source4/lib/registry/wine.c
new file mode 100644
index 0000000..77d2ce6
--- /dev/null
+++ b/source4/lib/registry/wine.c
@@ -0,0 +1,45 @@
+/*
+   Unix SMB/CIFS implementation.
+   Registry interface
+   Copyright (C) Jelmer Vernooij					  2007.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/registry/common/registry.h"
+#include "windows/registry.h"
+
+static WERROR wine_open_reg (struct registry_hive *h, struct registry_key **key)
+{
+	/* FIXME: Open h->location and mmap it */
+}
+
+static REG_OPS reg_backend_wine = {
+	.name = "wine",
+	.open_hive = wine_open_reg,
+
+};
+
+NTSTATUS registry_wine_init(void)
+{
+	register_backend("registry", &reg_backend_wine);
+	return NT_STATUS_OK;
+}
+
+WERROR reg_open_wine(struct registry_key **ctx)
+{
+	/* FIXME: Open ~/.wine/system.reg, etc */
+	return WERR_NOT_SUPPORTED;
+}
diff --git a/source4/lib/registry/wscript_build b/source4/lib/registry/wscript_build
new file mode 100644
index 0000000..2e01e43
--- /dev/null
+++ b/source4/lib/registry/wscript_build
@@ -0,0 +1,69 @@
+#!/usr/bin/env python
+
+bld.SAMBA_PIDL('PIDL_REG',
+               source='regf.idl',
+               options='--header --tdr-parser')
+
+bld.SAMBA_SUBSYSTEM('TDR_REGF',
+	source='tdr_regf.c',
+	public_deps='TDR'
+	)
+
+
+bld.SAMBA_LIBRARY('registry',
+	source='interface.c util.c samba.c patchfile_dotreg.c patchfile_preg.c patchfile.c regf.c hive.c local.c ldb.c rpc.c',
+	public_deps='dcerpc samba-util TDR_REGF ldb RPC_NDR_WINREG ldbsamba util_reg',
+	private_headers='registry.h',
+	private_library=True
+	)
+
+
+bld.SAMBA_SUBSYSTEM('registry_common',
+	source='tools/common.c',
+	autoproto='tools/common.h',
+	public_deps='registry'
+	)
+
+
+bld.SAMBA_BINARY('regdiff',
+	source='tools/regdiff.c',
+	manpages='man/regdiff.1',
+	deps='samba-hostconfig registry popt CMDLINE_S4'
+	)
+
+
+bld.SAMBA_BINARY('regpatch',
+	source='tools/regpatch.c',
+	manpages='man/regpatch.1',
+	deps='samba-hostconfig registry popt CMDLINE_S4 registry_common'
+	)
+
+
+bld.SAMBA_BINARY('regshell',
+	source='tools/regshell.c',
+	manpages='man/regshell.1',
+	deps='samba-hostconfig popt registry CMDLINE_S4 SMBREADLINE registry_common'
+	)
+
+
+bld.SAMBA_BINARY('regtree',
+	source='tools/regtree.c',
+	manpages='man/regtree.1',
+	deps='samba-hostconfig popt registry CMDLINE_S4 registry_common'
+	)
+
+
+bld.SAMBA_SUBSYSTEM('torture_registry',
+	source='tests/generic.c tests/hive.c tests/diff.c tests/registry.c',
+	autoproto='tests/proto.h',
+	deps='torture registry'
+	)
+
+pytalloc_util = bld.pyembed_libname('pytalloc-util')
+pyparam_util = bld.pyembed_libname('pyparam_util')
+
+bld.SAMBA_PYTHON('py_registry',
+		source='pyregistry.c',
+		public_deps='registry %s %s' % (pytalloc_util, pyparam_util),
+		realname='samba/registry.so'
+		)
diff --git a/source4/lib/samba3/README b/source4/lib/samba3/README
new file mode 100644
index 0000000..3f6553f
--- /dev/null
+++ b/source4/lib/samba3/README
@@ -0,0 +1,5 @@
+This directory contains various files and functions for the purpose of
+Samba3 import, migration and compatibility.
+
+For example, the first file in this directory (smbpasswd.c) handles
+portions of the smbpasswd file format.
diff --git a/source4/lib/samba3/samba3.h b/source4/lib/samba3/samba3.h
new file mode 100644
index 0000000..f1c5d44
--- /dev/null
+++ b/source4/lib/samba3/samba3.h
@@ -0,0 +1,29 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Samba3 interfaces
+   Copyright (C) Jelmer Vernooij			2005.
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _SAMBA3_H /* _SAMBA3_H */
+#define _SAMBA3_H 
+
+#include "librpc/gen_ndr/security.h"
+#include "librpc/gen_ndr/samr.h"
+
+struct samr_Password *smbpasswd_gethexpwd(TALLOC_CTX *mem_ctx, const char *p);
+char *smbpasswd_sethexpwd(TALLOC_CTX *mem_ctx, struct samr_Password *pwd, uint16_t acb_info);
+
+#endif /* _SAMBA3_H */
diff --git a/source4/lib/samba3/smbpasswd.c b/source4/lib/samba3/smbpasswd.c
new file mode 100644
index 0000000..ae361b7
--- /dev/null
+++ b/source4/lib/samba3/smbpasswd.c
@@ -0,0 +1,111 @@
+/* 
+   Unix SMB/CIFS implementation.
+   smbpasswd file format routines
+
+   Copyright (C) Andrew Tridgell 1992-1998 
+   Modified by Jeremy Allison 1995.
+   Modified by Gerald (Jerry) Carter 2000-2001
+   Copyright (C) Tim Potter 2001
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
+   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*! \file lib/smbpasswd.c
+
+   The smbpasswd file is used to store encrypted passwords in a similar
+   fashion to the /etc/passwd file.  The format is colon separated fields
+   with one user per line like so:
+
+   <username>:<uid>:<lanman hash>:<nt hash>:<acb info>:<last change time>
+
+   The username and uid must correspond to an entry in the /etc/passwd
+   file.  The lanman and nt password hashes are 32 hex digits corresponding
+   to the 16-byte lanman and nt hashes respectively.  
+
+   The password last change time is stored as a string of the format
+   LCD-<change time> where the change time is expressed as an 
+
+   'N'    No password
+   'D'    Disabled
+   'H'    Homedir required
+   'T'    Temp account.
+   'U'    User account (normal) 
+   'M'    MNS logon user account - what is this ? 
+   'W'    Workstation account
+   'S'    Server account 
+   'L'    Locked account
+   'X'    No Xpiry on password 
+   'I'    Interdomain trust account
+
+*/
+
+#include "includes.h"
+#include "system/locale.h"
+#include "lib/samba3/samba3.h"
+
+/*! Convert 32 hex characters into a 16 byte array. */
+
+struct samr_Password *smbpasswd_gethexpwd(TALLOC_CTX *mem_ctx, const char *p)
+{
+	int i;
+	unsigned char   lonybble, hinybble;
+	const char     *hexchars = "0123456789ABCDEF";
+	const char     *p1, *p2;
+        struct samr_Password *pwd = talloc(mem_ctx, struct samr_Password);
+
+	if (!p) return NULL;
+	
+	for (i = 0; i < (sizeof(pwd->hash) * 2); i += 2)
+	{
+		hinybble = toupper(p[i]);
+		lonybble = toupper(p[i + 1]);
+		
+		p1 = strchr_m(hexchars, hinybble);
+		p2 = strchr_m(hexchars, lonybble);
+		
+		if (!p1 || !p2)	{
+                        return NULL;
+		}
+		
+		hinybble = PTR_DIFF(p1, hexchars);
+		lonybble = PTR_DIFF(p2, hexchars);
+		
+		pwd->hash[i / 2] = (hinybble << 4) | lonybble;
+	}
+	return pwd;
+}
+
+/*! Convert a 16-byte array into 32 hex characters. */
+char *smbpasswd_sethexpwd(TALLOC_CTX *mem_ctx, struct samr_Password *pwd, uint16_t acb_info)
+{
+	char *p;
+	if (pwd != NULL) {
+		int i;
+		p = talloc_array(mem_ctx, char, 33);
+		if (!p) {
+			return NULL;
+		}
+
+		for (i = 0; i < sizeof(pwd->hash); i++)
+			slprintf(&p[i*2], 3, "%02X", pwd->hash[i]);
+	} else {
+		if (acb_info & ACB_PWNOTREQ)
+			p = talloc_strdup(mem_ctx, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX");
+		else
+			p = talloc_strdup(mem_ctx, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
+	}
+	return p;
+}
diff --git a/source4/lib/samba3/wscript_build b/source4/lib/samba3/wscript_build
new file mode 100644
index 0000000..98248c9
--- /dev/null
+++ b/source4/lib/samba3/wscript_build
@@ -0,0 +1,9 @@
+#!/usr/bin/env python
+
+
+bld.SAMBA_LIBRARY('smbpasswdparser',
+                  source='smbpasswd.c',
+                  deps='samba-util',
+                  private_library=True
+                  )
+
diff --git a/source4/lib/socket/access.c b/source4/lib/socket/access.c
new file mode 100644
index 0000000..c019fd6
--- /dev/null
+++ b/source4/lib/socket/access.c
@@ -0,0 +1,129 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   check access rules for socket connections
+
+   Copyright (C) Andrew Tridgell 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+/* 
+   This module is an adaption of code from the tcpd-1.4 package written
+   by Wietse Venema, Eindhoven University of Technology, The Netherlands.
+
+   The code is used here with permission.
+
+   The code has been considerably changed from the original. Bug reports
+   should be sent to samba-technical@lists.samba.org
+*/
+
+#include "includes.h"
+#include "system/network.h"
+#include "lib/socket/socket.h"
+#include "lib/util/util_net.h"
+#include "lib/util/access.h"
+
+/* return true if the char* contains ip addrs only.  Used to avoid 
+gethostbyaddr() calls */
+
+static bool only_ipaddrs_in_list(const char** list)
+{
+	bool only_ip = true;
+	
+	if (!list)
+		return true;
+			
+	for (; *list ; list++) {
+		/* factor out the special strings */
+		if (strcmp(*list, "ALL")==0 || 
+		    strcmp(*list, "FAIL")==0 || 
+		    strcmp(*list, "EXCEPT")==0) {
+			continue;
+		}
+		
+		if (!is_ipaddress(*list)) {
+			/* 
+			 * if we failed, make sure that it was not because the token
+			 * was a network/netmask pair.  Only network/netmask pairs
+			 * have a '/' in them
+			 */
+			if ((strchr(*list, '/')) == NULL) {
+				only_ip = false;
+				DEBUG(3,("only_ipaddrs_in_list: list has non-ip address (%s)\n", *list));
+				break;
+			}
+		}
+	}
+	
+	return only_ip;
+}
+
+/* return true if access should be allowed to a service for a socket */
+bool socket_check_access(struct socket_context *sock, 
+			 const char *service_name,
+			 const char **allow_list, const char **deny_list)
+{
+	bool ret;
+	const char *name="";
+	struct socket_address *addr;
+	TALLOC_CTX *mem_ctx;
+
+	if ((!deny_list  || *deny_list==0) && 
+	    (!allow_list || *allow_list==0)) {
+		return true;
+	}
+
+	mem_ctx = talloc_init("socket_check_access");
+	if (!mem_ctx) {
+		return false;
+	}
+
+	addr = socket_get_peer_addr(sock, mem_ctx);
+	if (!addr) {
+		DEBUG(0,("socket_check_access: Denied connection from unknown host: could not get peer address from kernel\n"));
+		talloc_free(mem_ctx);
+		return false;
+	}
+
+	/* bypass gethostbyaddr() calls if the lists only contain IP addrs */
+	if (!only_ipaddrs_in_list(allow_list) || 
+	    !only_ipaddrs_in_list(deny_list)) {
+		name = socket_get_peer_name(sock, mem_ctx);
+		if (!name) {
+			name = addr->addr;
+		}
+	}
+
+	if (!addr) {
+		DEBUG(0,("socket_check_access: Denied connection from unknown host\n"));
+		talloc_free(mem_ctx);
+		return false;
+	}
+
+	ret = allow_access(deny_list, allow_list, name, addr->addr);
+	
+	if (ret) {
+		DEBUG(2,("socket_check_access: Allowed connection to '%s' from %s (%s)\n", 
+			 service_name, name, addr->addr));
+	} else {
+		DEBUG(0,("socket_check_access: Denied connection to '%s' from %s (%s)\n", 
+			 service_name, name, addr->addr));
+	}
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
diff --git a/source4/lib/socket/connect.c b/source4/lib/socket/connect.c
new file mode 100644
index 0000000..1da8b41
--- /dev/null
+++ b/source4/lib/socket/connect.c
@@ -0,0 +1,158 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   implements a non-blocking connect operation that is aware of the samba4
+   events system
+
+   Copyright (C) Andrew Tridgell 2005
+   Copyright (C) Volker Lendecke 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/socket/socket.h"
+#include "lib/events/events.h"
+#include "libcli/composite/composite.h"
+
+
+struct connect_state {
+	struct socket_context *sock;
+	const struct socket_address *my_address;
+	const struct socket_address *server_address;
+	uint32_t flags;
+};
+
+static void socket_connect_handler(struct tevent_context *ev,
+				   struct tevent_fd *fde, 
+				   uint16_t flags, void *private_data);
+
+/*
+  call the real socket_connect() call, and setup event handler
+*/
+static void socket_send_connect(struct composite_context *result)
+{
+	struct tevent_fd *fde;
+	struct connect_state *state = talloc_get_type(result->private_data, 
+						      struct connect_state);
+
+	result->status = socket_connect(state->sock,
+					state->my_address,
+					state->server_address,
+					state->flags);
+	if (NT_STATUS_IS_ERR(result->status) && 
+	    !NT_STATUS_EQUAL(result->status,
+			     NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+		composite_error(result, result->status);
+		return;
+	}
+
+	fde = tevent_add_fd(result->event_ctx, result,
+			   socket_get_fd(state->sock),
+			   TEVENT_FD_READ|TEVENT_FD_WRITE,
+			   socket_connect_handler, result);
+	composite_nomem(fde, result);
+}
+
+
+/*
+  send a socket connect, potentially doing some name resolution first
+*/
+struct composite_context *socket_connect_send(struct socket_context *sock,
+					      struct socket_address *my_address,
+					      struct socket_address *server_address, 
+					      uint32_t flags,
+					      struct tevent_context *event_ctx)
+{
+	struct composite_context *result;
+	struct connect_state *state;
+
+	result = composite_create(sock, event_ctx);
+	if (result == NULL) return NULL;
+
+	state = talloc_zero(result, struct connect_state);
+	if (composite_nomem(state, result)) return result;
+	result->private_data = state;
+
+	state->sock = talloc_reference(state, sock);
+	if (composite_nomem(state->sock, result)) return result;
+
+	if (my_address) {
+		void *ref = talloc_reference(state, my_address);
+		if (composite_nomem(ref, result)) {
+			return result;
+		}
+		state->my_address = my_address;
+	}
+
+	{
+		void *ref = talloc_reference(state, server_address);
+		if (composite_nomem(ref, result)) {
+			return result;
+		}
+		state->server_address = server_address;
+	}
+
+	state->flags = flags;
+
+	set_blocking(socket_get_fd(sock), false);
+
+	socket_send_connect(result);
+
+	return result;
+}
+
+/*
+  handle write events on connect completion
+*/
+static void socket_connect_handler(struct tevent_context *ev,
+				   struct tevent_fd *fde, 
+				   uint16_t flags, void *private_data)
+{
+	struct composite_context *result =
+		talloc_get_type(private_data, struct composite_context);
+	struct connect_state *state = talloc_get_type(result->private_data,
+						      struct connect_state);
+
+	result->status = socket_connect_complete(state->sock, state->flags);
+	if (!composite_is_ok(result)) return;
+
+	composite_done(result);
+}
+
+/*
+  wait for a socket_connect_send() to finish
+*/
+NTSTATUS socket_connect_recv(struct composite_context *result)
+{
+	NTSTATUS status = composite_wait(result);
+	talloc_free(result);
+	return status;
+}
+
+
+/*
+  like socket_connect() but takes an event context, doing a semi-async connect
+*/
+NTSTATUS socket_connect_ev(struct socket_context *sock,
+			   struct socket_address *my_address,
+			   struct socket_address *server_address, 
+			   uint32_t flags,
+			   struct tevent_context *ev)
+{
+	struct composite_context *ctx;
+	ctx = socket_connect_send(sock, my_address, 
+				  server_address, flags, ev);
+	return socket_connect_recv(ctx);
+}
diff --git a/source4/lib/socket/connect_multi.c b/source4/lib/socket/connect_multi.c
new file mode 100644
index 0000000..b29fffb
--- /dev/null
+++ b/source4/lib/socket/connect_multi.c
@@ -0,0 +1,392 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Fire connect requests to a host and a number of ports, with a timeout
+   between the connect request. Return if the first connect comes back
+   successfully or return the last error.
+
+   Copyright (C) Volker Lendecke 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/socket/socket.h"
+#include "lib/events/events.h"
+#include "libcli/composite/composite.h"
+#include "libcli/resolve/resolve.h"
+
+#define MULTI_PORT_DELAY 2000 /* microseconds */
+
+/*
+  overall state
+*/
+struct connect_multi_state {
+	struct socket_address **server_address;
+	unsigned num_address, current_address, current_port;
+	int num_ports;
+	uint16_t *ports;
+
+	struct socket_context *sock;
+	uint16_t result_port;
+
+	int num_connects_sent, num_connects_recv;
+
+	struct socket_connect_multi_ex *ex;
+};
+
+/*
+  state of an individual socket_connect_send() call
+*/
+struct connect_one_state {
+	struct composite_context *result;
+	struct socket_context *sock;
+	struct socket_address *addr;
+};
+
+static void continue_resolve_name(struct composite_context *creq);
+static void connect_multi_timer(struct tevent_context *ev,
+				    struct tevent_timer *te,
+				    struct timeval tv, void *p);
+static void connect_multi_next_socket(struct composite_context *result);
+static void continue_one(struct composite_context *creq);
+static void continue_one_ex(struct tevent_req *subreq);
+
+/*
+  setup an async socket_connect, with multiple ports
+*/
+_PUBLIC_ struct composite_context *socket_connect_multi_ex_send(
+						    TALLOC_CTX *mem_ctx,
+						    const char *server_name,
+						    int num_server_ports,
+						    uint16_t *server_ports,
+						    struct resolve_context *resolve_ctx,
+						    struct tevent_context *event_ctx,
+						    struct socket_connect_multi_ex *ex)
+{
+	struct composite_context *result;
+	struct connect_multi_state *multi;
+	int i;
+
+	struct nbt_name name;
+	struct composite_context *creq;
+		
+	result = talloc_zero(mem_ctx, struct composite_context);
+	if (result == NULL) return NULL;
+	result->state = COMPOSITE_STATE_IN_PROGRESS;
+	result->event_ctx = event_ctx;
+
+	multi = talloc_zero(result, struct connect_multi_state);
+	if (composite_nomem(multi, result)) goto failed;
+	result->private_data = multi;
+
+	multi->num_ports = num_server_ports;
+	multi->ports = talloc_array(multi, uint16_t, multi->num_ports);
+	if (composite_nomem(multi->ports, result)) goto failed;
+
+	for (i=0; i<multi->num_ports; i++) {
+		multi->ports[i] = server_ports[i];
+	}
+
+	multi->ex = ex;
+
+	/*  
+	    we don't want to do the name resolution separately
+		    for each port, so start it now, then only start on
+		    the real sockets once we have an IP
+	*/
+	make_nbt_name_server(&name, server_name);
+
+	creq = resolve_name_all_send(resolve_ctx, multi, 0, multi->ports[0], &name, result->event_ctx);
+	if (composite_nomem(creq, result)) goto failed;
+
+	composite_continue(result, creq, continue_resolve_name, result);
+
+	return result;
+
+
+ failed:
+	composite_error(result, result->status);
+	return result;
+}
+
+/*
+  start connecting to the next socket/port in the list
+*/
+static void connect_multi_next_socket(struct composite_context *result)
+{
+	struct connect_multi_state *multi = talloc_get_type(result->private_data, 
+							    struct connect_multi_state);
+	struct connect_one_state *state;
+	struct composite_context *creq;
+	int next = multi->num_connects_sent;
+
+	if (next == multi->num_address * multi->num_ports) {
+		/* don't do anything, just wait for the existing ones to finish */
+		return;
+	}
+
+	if (multi->current_address == multi->num_address) {
+		multi->current_address = 0;
+		multi->current_port += 1;
+	}
+	multi->num_connects_sent += 1;
+
+	if (multi->server_address == NULL || multi->server_address[multi->current_address] == NULL) {
+		composite_error(result, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+		return;
+	}
+
+	state = talloc(multi, struct connect_one_state);
+	if (composite_nomem(state, result)) return;
+
+	state->result = result;
+	result->status = socket_create(
+		state, multi->server_address[multi->current_address]->family,
+		SOCKET_TYPE_STREAM, &state->sock, 0);
+	if (!composite_is_ok(result)) return;
+
+	state->addr = socket_address_copy(state, multi->server_address[multi->current_address]);
+	if (composite_nomem(state->addr, result)) return;
+
+	socket_address_set_port(state->addr, multi->ports[multi->current_port]);
+
+	creq = socket_connect_send(state->sock, NULL, 
+				   state->addr, 0,
+				   result->event_ctx);
+	if (composite_nomem(creq, result)) return;
+	talloc_steal(state, creq);
+
+	multi->current_address++;
+	composite_continue(result, creq, continue_one, state);
+
+	/* if there are more ports / addresses to go then setup a timer to fire when we have waited
+	   for a couple of milli-seconds, when that goes off we try the next port regardless
+	   of whether this port has completed */
+	if (multi->num_ports * multi->num_address > multi->num_connects_sent) {
+		/* note that this timer is a child of the single
+		   connect attempt state, so it will go away when this
+		   request completes */
+		tevent_add_timer(result->event_ctx, state,
+				timeval_current_ofs_usec(MULTI_PORT_DELAY),
+				connect_multi_timer, result);
+	}
+}
+
+/*
+  a timer has gone off telling us that we should try the next port
+*/
+static void connect_multi_timer(struct tevent_context *ev,
+				struct tevent_timer *te,
+				struct timeval tv, void *p)
+{
+	struct composite_context *result = talloc_get_type(p, struct composite_context);
+	connect_multi_next_socket(result);
+}
+
+
+/*
+  recv name resolution reply then send the next connect
+*/
+static void continue_resolve_name(struct composite_context *creq)
+{
+	struct composite_context *result = talloc_get_type(creq->async.private_data, 
+							   struct composite_context);
+	struct connect_multi_state *multi = talloc_get_type(result->private_data, 
+							    struct connect_multi_state);
+	struct socket_address **addr;
+	unsigned i;
+
+	result->status = resolve_name_all_recv(creq, multi, &addr, NULL);
+	if (!composite_is_ok(result)) return;
+
+	for(i=0; addr[i]; i++);
+	multi->num_address = i;
+	multi->server_address = talloc_steal(multi, addr);
+
+	connect_multi_next_socket(result);
+}
+
+/*
+  one of our socket_connect_send() calls hash finished. If it got a
+  connection or there are none left then we are done
+*/
+static void continue_one(struct composite_context *creq)
+{
+	struct connect_one_state *state = talloc_get_type(creq->async.private_data, 
+							  struct connect_one_state);
+	struct composite_context *result = state->result;
+	struct connect_multi_state *multi = talloc_get_type(result->private_data, 
+							    struct connect_multi_state);
+	NTSTATUS status;
+
+	status = socket_connect_recv(creq);
+
+	if (multi->ex) {
+		struct tevent_req *subreq;
+
+		subreq = multi->ex->establish_send(state,
+						   result->event_ctx,
+						   state->sock,
+						   state->addr,
+						   multi->ex->private_data);
+		if (composite_nomem(subreq, result)) return;
+		tevent_req_set_callback(subreq, continue_one_ex, state);
+		return;
+	}
+
+	multi->num_connects_recv++;
+
+	if (NT_STATUS_IS_OK(status)) {
+		multi->sock = talloc_steal(multi, state->sock);
+		multi->result_port = state->addr->port;
+	}
+
+	talloc_free(state);
+
+	if (NT_STATUS_IS_OK(status) ||
+	    multi->num_connects_recv == (multi->num_address * multi->num_ports)) {
+		result->status = status;
+		composite_done(result);
+		return;
+	}
+
+	/* try the next port */
+	connect_multi_next_socket(result);
+}
+
+/*
+  one of our multi->ex->establish_send() calls hash finished. If it got a
+  connection or there are none left then we are done
+*/
+static void continue_one_ex(struct tevent_req *subreq)
+{
+	struct connect_one_state *state =
+		tevent_req_callback_data(subreq,
+		struct connect_one_state);
+	struct composite_context *result = state->result;
+	struct connect_multi_state *multi =
+		talloc_get_type_abort(result->private_data,
+		struct connect_multi_state);
+	NTSTATUS status;
+	multi->num_connects_recv++;
+
+	status = multi->ex->establish_recv(subreq);
+	TALLOC_FREE(subreq);
+
+	if (NT_STATUS_IS_OK(status)) {
+		multi->sock = talloc_steal(multi, state->sock);
+		multi->result_port = state->addr->port;
+	}
+
+	talloc_free(state);
+
+	if (NT_STATUS_IS_OK(status) ||
+	    multi->num_connects_recv == (multi->num_address * multi->num_ports)) {
+		result->status = status;
+		composite_done(result);
+		return;
+	}
+
+	/* try the next port */
+	connect_multi_next_socket(result);
+}
+
+/*
+  async recv routine for socket_connect_multi()
+ */
+_PUBLIC_ NTSTATUS socket_connect_multi_ex_recv(struct composite_context *ctx,
+				   TALLOC_CTX *mem_ctx,
+				   struct socket_context **sock,
+				   uint16_t *port)
+{
+	NTSTATUS status = composite_wait(ctx);
+	if (NT_STATUS_IS_OK(status)) {
+		struct connect_multi_state *multi =
+			talloc_get_type(ctx->private_data,
+					struct connect_multi_state);
+		*sock = talloc_steal(mem_ctx, multi->sock);
+		*port = multi->result_port;
+	}
+	talloc_free(ctx);
+	return status;
+}
+
+NTSTATUS socket_connect_multi_ex(TALLOC_CTX *mem_ctx,
+				 const char *server_address,
+				 int num_server_ports, uint16_t *server_ports,
+				 struct resolve_context *resolve_ctx,
+				 struct tevent_context *event_ctx,
+				 struct socket_connect_multi_ex *ex,
+				 struct socket_context **result,
+				 uint16_t *result_port)
+{
+	struct composite_context *ctx =
+		socket_connect_multi_ex_send(mem_ctx, server_address,
+					     num_server_ports, server_ports,
+					     resolve_ctx,
+					     event_ctx,
+					     ex);
+	return socket_connect_multi_ex_recv(ctx, mem_ctx, result, result_port);
+}
+
+/*
+  setup an async socket_connect, with multiple ports
+*/
+_PUBLIC_ struct composite_context *socket_connect_multi_send(
+						    TALLOC_CTX *mem_ctx,
+						    const char *server_name,
+						    int num_server_ports,
+						    uint16_t *server_ports,
+						    struct resolve_context *resolve_ctx,
+						    struct tevent_context *event_ctx)
+{
+	return socket_connect_multi_ex_send(mem_ctx,
+					    server_name,
+					    num_server_ports,
+					    server_ports,
+					    resolve_ctx,
+					    event_ctx,
+					    NULL); /* ex */
+}
+
+/*
+  async recv routine for socket_connect_multi()
+ */
+_PUBLIC_ NTSTATUS socket_connect_multi_recv(struct composite_context *ctx,
+				   TALLOC_CTX *mem_ctx,
+				   struct socket_context **sock,
+				   uint16_t *port)
+{
+	return socket_connect_multi_ex_recv(ctx, mem_ctx, sock, port);
+}
+
+NTSTATUS socket_connect_multi(TALLOC_CTX *mem_ctx,
+			      const char *server_address,
+			      int num_server_ports, uint16_t *server_ports,
+			      struct resolve_context *resolve_ctx,
+			      struct tevent_context *event_ctx,
+			      struct socket_context **result,
+			      uint16_t *result_port)
+{
+	return socket_connect_multi_ex(mem_ctx,
+				       server_address,
+				       num_server_ports,
+				       server_ports,
+				       resolve_ctx,
+				       event_ctx,
+				       NULL, /* ex */
+				       result,
+				       result_port);
+}
diff --git a/source4/lib/socket/interface.c b/source4/lib/socket/interface.c
new file mode 100644
index 0000000..65543c6
--- /dev/null
+++ b/source4/lib/socket/interface.c
@@ -0,0 +1,525 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   multiple interface handling
+
+   Copyright (C) Andrew Tridgell 1992-2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/network.h"
+#include "param/param.h"
+#include "lib/socket/netif.h"
+#include "../lib/util/util_net.h"
+#include "../lib/util/dlinklist.h"
+#include "lib/util/smb_strtox.h"
+
+/* used for network interfaces */
+struct interface {
+	struct interface *next, *prev;
+	char *name;
+	int flags;
+	struct sockaddr_storage ip;
+	struct sockaddr_storage netmask;
+	struct sockaddr_storage bcast;
+	const char *ip_s;
+	const char *bcast_s;
+	const char *nmask_s;
+};
+
+#define ALLONES  ((uint32_t)0xFFFFFFFF)
+/*
+  address construction based on a patch from fred@datalync.com
+*/
+#define MKBCADDR(_IP, _NM) ((_IP & _NM) | (_NM ^ ALLONES))
+#define MKNETADDR(_IP, _NM) (_IP & _NM)
+
+/****************************************************************************
+Try and find an interface that matches an ip. If we cannot, return NULL
+  **************************************************************************/
+static struct interface *iface_list_find(struct interface *interfaces,
+					 const struct sockaddr *ip,
+					 bool check_mask)
+{
+	struct interface *i;
+
+	if (is_address_any(ip)) {
+		return interfaces;
+	}
+
+	for (i=interfaces;i;i=i->next) {
+		if (check_mask) {
+			if (same_net(ip, (struct sockaddr *)&i->ip, (struct sockaddr *)&i->netmask)) {
+				return i;
+			}
+		} else if (sockaddr_equal((struct sockaddr *)&i->ip, ip)) {
+			return i;
+		}
+	}
+
+	return NULL;
+}
+
+/****************************************************************************
+add an interface to the linked list of interfaces
+****************************************************************************/
+static void add_interface(TALLOC_CTX *mem_ctx, const struct iface_struct *ifs, struct interface **interfaces)
+{
+	char addr[INET6_ADDRSTRLEN];
+	struct interface *iface;
+
+	if (iface_list_find(*interfaces, (const struct sockaddr *)&ifs->ip, false)) {
+		DEBUG(3,("add_interface: not adding duplicate interface %s\n",
+			print_sockaddr(addr, sizeof(addr), &ifs->ip) ));
+		return;
+	}
+
+	if (ifs->ip.ss_family == AF_INET &&
+		!(ifs->flags & (IFF_BROADCAST|IFF_LOOPBACK))) {
+		DEBUG(3,("not adding non-broadcast interface %s\n",
+					ifs->name ));
+		return;
+	}
+
+	if (*interfaces != NULL) {
+		mem_ctx = *interfaces;
+	}
+
+	iface = talloc_zero(mem_ctx, struct interface);
+	if (iface == NULL) {
+		return;
+	}
+
+	iface->name = talloc_strdup(iface, ifs->name);
+	if (!iface->name) {
+		SAFE_FREE(iface);
+		return;
+	}
+	iface->flags = ifs->flags;
+	iface->ip = ifs->ip;
+	iface->netmask = ifs->netmask;
+	iface->bcast = ifs->bcast;
+
+	/* keep string versions too, to avoid people tripping over the implied
+	   static in inet_ntoa() */
+	print_sockaddr(addr, sizeof(addr), &iface->ip);
+	DEBUG(4,("added interface %s ip=%s ",
+		 iface->name, addr));
+	iface->ip_s = talloc_strdup(iface, addr);
+
+	print_sockaddr(addr, sizeof(addr),
+		       &iface->bcast);
+	DEBUG(4,("bcast=%s ", addr));
+	iface->bcast_s = talloc_strdup(iface, addr);
+
+	print_sockaddr(addr, sizeof(addr),
+		       &iface->netmask);
+	DEBUG(4,("netmask=%s\n", addr));
+	iface->nmask_s = talloc_strdup(iface, addr);
+
+	/*
+	   this needs to be a ADD_END, as some tests (such as the
+	   spoolss notify test) depend on the interfaces ordering
+	*/
+	DLIST_ADD_END(*interfaces, iface);
+}
+
+/**
+interpret a single element from a interfaces= config line 
+
+This handles the following different forms:
+
+1) wildcard interface name
+2) DNS name
+3) IP/masklen
+4) ip/mask
+5) bcast/mask
+**/
+static void interpret_interface(TALLOC_CTX *mem_ctx, 
+				const char *token, 
+				struct iface_struct *probed_ifaces, 
+				int total_probed,
+				struct interface **local_interfaces)
+{
+	struct sockaddr_storage ss;
+	struct sockaddr_storage ss_mask;
+	struct sockaddr_storage ss_net;
+	struct sockaddr_storage ss_bcast;
+	struct iface_struct ifs;
+	char *p;
+	int i;
+	bool added=false;
+	bool goodaddr = false;
+
+	/* first check if it is an interface name */
+	for (i=0;i<total_probed;i++) {
+		if (gen_fnmatch(token, probed_ifaces[i].name) == 0) {
+			add_interface(mem_ctx, &probed_ifaces[i],
+				      local_interfaces);
+			added = true;
+		}
+	}
+	if (added) {
+		return;
+	}
+
+	p = strchr_m(token, ';');
+	if (p != NULL) {
+		/*
+		 * skip smbd-specific extra data:
+		 * link speed, capabilities, and interface index
+		 */
+		*p = 0;
+	}
+
+	/* maybe it is a DNS name */
+	p = strchr_m(token,'/');
+	if (p == NULL) {
+		if (!interpret_string_addr(&ss, token, 0)) {
+			DEBUG(2, ("interpret_interface: Can't find address "
+				  "for %s\n", token));
+			return;
+		}
+
+		for (i=0;i<total_probed;i++) {
+			if (sockaddr_equal((struct sockaddr *)&ss, (struct sockaddr *)&probed_ifaces[i].ip)) {
+				add_interface(mem_ctx, &probed_ifaces[i],
+					      local_interfaces);
+				return;
+			}
+		}
+		DEBUG(2,("interpret_interface: "
+			"can't determine interface for %s\n",
+			token));
+		return;
+	}
+
+	/* parse it into an IP address/netmasklength pair */
+	*p = 0;
+	goodaddr = interpret_string_addr(&ss, token, 0);
+	*p++ = '/';
+
+	if (!goodaddr) {
+		DEBUG(2,("interpret_interface: "
+			"can't determine interface for %s\n",
+			token));
+		return;
+	}
+
+	if (strlen(p) > 2) {
+		goodaddr = interpret_string_addr(&ss_mask, p, 0);
+		if (!goodaddr) {
+			DEBUG(2,("interpret_interface: "
+				"can't determine netmask from %s\n",
+				p));
+			return;
+		}
+	} else {
+		int error = 0;
+
+		unsigned long val = smb_strtoul(p,
+						NULL,
+						0,
+						&error,
+						SMB_STR_FULL_STR_CONV);
+		if (error != 0) {
+			DEBUG(2,("interpret_interface: "
+				"can't determine netmask value from %s\n",
+				p));
+			return;
+		}
+		if (!make_netmask(&ss_mask, &ss, val)) {
+			DEBUG(2,("interpret_interface: "
+				"can't apply netmask value %lu from %s\n",
+				val,
+				p));
+			return;
+		}
+	}
+
+	make_bcast(&ss_bcast, &ss, &ss_mask);
+	make_net(&ss_net, &ss, &ss_mask);
+
+	/* Maybe the first component was a broadcast address. */
+	if (sockaddr_equal((struct sockaddr *)&ss_bcast, (struct sockaddr *)&ss) ||
+		sockaddr_equal((struct sockaddr *)&ss_net, (struct sockaddr *)&ss)) {
+		for (i=0;i<total_probed;i++) {
+			if (same_net((struct sockaddr *)&ss,
+						 (struct sockaddr *)&probed_ifaces[i].ip,
+						 (struct sockaddr *)&ss_mask)) {
+				/* Temporarily replace netmask on
+				 * the detected interface - user knows
+				 * best.... */
+				struct sockaddr_storage saved_mask =
+					probed_ifaces[i].netmask;
+				probed_ifaces[i].netmask = ss_mask;
+				DEBUG(2,("interpret_interface: "
+					"using netmask value %s from "
+					"config file on interface %s\n",
+					p,
+					probed_ifaces[i].name));
+				add_interface(mem_ctx, &probed_ifaces[i],
+					      local_interfaces);
+				probed_ifaces[i].netmask = saved_mask;
+				return;
+			}
+		}
+		DEBUG(2,("interpret_interface: Can't determine ip for "
+			"broadcast address %s\n",
+			token));
+		return;
+	}
+
+	/* Just fake up the interface definition. User knows best. */
+
+	DEBUG(2,("interpret_interface: Adding interface %s\n",
+		token));
+
+	ZERO_STRUCT(ifs);
+	(void)strlcpy(ifs.name, token, sizeof(ifs.name));
+	ifs.flags = IFF_BROADCAST;
+	ifs.ip = ss;
+	ifs.netmask = ss_mask;
+	ifs.bcast = ss_bcast;
+	add_interface(mem_ctx, &ifs, local_interfaces);
+}
+
+
+/**
+load the list of network interfaces
+**/
+void load_interface_list(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, struct interface **local_interfaces)
+{
+	const char **ptr = lpcfg_interfaces(lp_ctx);
+	int i;
+	struct iface_struct *ifaces = NULL;
+	int total_probed;
+
+	*local_interfaces = NULL;
+
+	/* probe the kernel for interfaces */
+	total_probed = get_interfaces(mem_ctx, &ifaces);
+
+	/* if we don't have a interfaces line then use all interfaces
+	   except loopback */
+	if (!ptr || !*ptr || !**ptr) {
+		if (total_probed <= 0) {
+			DEBUG(0,("ERROR: Could not determine network interfaces, you must use a interfaces config line\n"));
+		}
+		for (i=0;i<total_probed;i++) {
+			if (!is_loopback_addr((struct sockaddr *)&ifaces[i].ip)) {
+				add_interface(mem_ctx, &ifaces[i], local_interfaces);
+			}
+		}
+	}
+
+	while (ptr && *ptr) {
+		interpret_interface(mem_ctx, *ptr, ifaces, total_probed, local_interfaces);
+		ptr++;
+	}
+
+	if (!*local_interfaces) {
+		DEBUG(0,("WARNING: no network interfaces found\n"));
+	}
+	talloc_free(ifaces);
+}
+
+/**
+  how many interfaces do we have
+  **/
+int iface_list_count(struct interface *ifaces)
+{
+	int ret = 0;
+	struct interface *i;
+
+	for (i=ifaces;i;i=i->next)
+		ret++;
+	return ret;
+}
+
+/**
+  return IP of the Nth interface
+  **/
+const char *iface_list_n_ip(struct interface *ifaces, int n)
+{
+	struct interface *i;
+  
+	for (i=ifaces;i && n;i=i->next)
+		n--;
+
+	if (i) {
+		return i->ip_s;
+	}
+	return NULL;
+}
+
+
+/**
+  return the first IPv4 interface address we have registered
+  **/
+const char *iface_list_first_v4(struct interface *ifaces)
+{
+	struct interface *i;
+
+	for (i=ifaces; i; i=i->next) {
+		if (i->ip.ss_family == AF_INET) {
+			return i->ip_s;
+		}
+	}
+	return NULL;
+}
+
+/**
+  return the first IPv6 interface address we have registered
+  **/
+static const char *iface_list_first_v6(struct interface *ifaces)
+{
+	struct interface *i;
+
+#ifdef HAVE_IPV6
+	for (i=ifaces; i; i=i->next) {
+		if (i->ip.ss_family == AF_INET6) {
+			return i->ip_s;
+		}
+	}
+#endif
+	return NULL;
+}
+
+/**
+   check if an interface is IPv4
+  **/
+bool iface_list_n_is_v4(struct interface *ifaces, int n)
+{
+	struct interface *i;
+
+	for (i=ifaces;i && n;i=i->next)
+		n--;
+
+	if (i) {
+		return i->ip.ss_family == AF_INET;
+	}
+	return false;
+}
+
+/**
+  return bcast of the Nth interface
+  **/
+const char *iface_list_n_bcast(struct interface *ifaces, int n)
+{
+	struct interface *i;
+  
+	for (i=ifaces;i && n;i=i->next)
+		n--;
+
+	if (i) {
+		return i->bcast_s;
+	}
+	return NULL;
+}
+
+/**
+  return netmask of the Nth interface
+  **/
+const char *iface_list_n_netmask(struct interface *ifaces, int n)
+{
+	struct interface *i;
+  
+	for (i=ifaces;i && n;i=i->next)
+		n--;
+
+	if (i) {
+		return i->nmask_s;
+	}
+	return NULL;
+}
+
+/**
+  return the local IP address that best matches a destination IP, or
+  our first interface if none match
+*/
+const char *iface_list_best_ip(struct interface *ifaces, const char *dest)
+{
+	struct interface *iface;
+	struct sockaddr_storage ss;
+
+	if (!interpret_string_addr(&ss, dest, AI_NUMERICHOST)) {
+		return iface_list_n_ip(ifaces, 0);
+	}
+	iface = iface_list_find(ifaces, (const struct sockaddr *)&ss, true);
+	if (iface) {
+		return iface->ip_s;
+	}
+#ifdef HAVE_IPV6
+	if (ss.ss_family == AF_INET6) {
+		return iface_list_first_v6(ifaces);
+	}
+#endif
+	return iface_list_first_v4(ifaces);
+}
+
+/**
+  return true if an IP is one one of our local networks
+*/
+bool iface_list_is_local(struct interface *ifaces, const char *dest)
+{
+	struct sockaddr_storage ss;
+
+	if (!interpret_string_addr(&ss, dest, AI_NUMERICHOST)) {
+		return false;
+	}
+	if (iface_list_find(ifaces, (const struct sockaddr *)&ss, true)) {
+		return true;
+	}
+	return false;
+}
+
+/**
+  return true if a IP matches a IP/netmask pair
+*/
+bool iface_list_same_net(const char *ip1, const char *ip2, const char *netmask)
+{
+	struct sockaddr_storage ip1_ss, ip2_ss, nm_ss;
+
+	if (!interpret_string_addr(&ip1_ss, ip1, AI_NUMERICHOST)) {
+		return false;
+	}
+	if (!interpret_string_addr(&ip2_ss, ip2, AI_NUMERICHOST)) {
+		return false;
+	}
+	if (!interpret_string_addr(&nm_ss, netmask, AI_NUMERICHOST)) {
+		return false;
+	}
+
+	return same_net((struct sockaddr *)&ip1_ss,
+			(struct sockaddr *)&ip2_ss,
+			(struct sockaddr *)&nm_ss);
+}
+
+/**
+   return the list of wildcard interfaces
+   this will include the IPv4 0.0.0.0, and may include IPv6 ::
+*/
+char **iface_list_wildcard(TALLOC_CTX *mem_ctx)
+{
+	char **ret;
+#ifdef HAVE_IPV6
+	ret = str_list_make(mem_ctx, "::,0.0.0.0", NULL);
+#else
+	ret = str_list_make(mem_ctx, "0.0.0.0", NULL);
+#endif
+	return ret;
+}
diff --git a/source4/lib/socket/netif.h b/source4/lib/socket/netif.h
new file mode 100644
index 0000000..1d90a4f
--- /dev/null
+++ b/source4/lib/socket/netif.h
@@ -0,0 +1,24 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   structures for lib/netif/
+
+   Copyright (C) Andrew Tridgell 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "system/network.h"
+#include "lib/socket/interfaces.h"
+#include "lib/socket/netif_proto.h"
diff --git a/source4/lib/socket/socket.c b/source4/lib/socket/socket.c
new file mode 100644
index 0000000..ef54029
--- /dev/null
+++ b/source4/lib/socket/socket.c
@@ -0,0 +1,640 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Socket functions
+   Copyright (C) Andrew Tridgell 1992-1998
+   Copyright (C) Tim Potter      2000-2001
+   Copyright (C) Stefan Metzmacher 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/socket/socket.h"
+#include "system/filesys.h"
+#include "system/network.h"
+#include "param/param.h"
+#include "../lib/tsocket/tsocket.h"
+#include "lib/util/util_net.h"
+
+/*
+  auto-close sockets on free
+*/
+static int socket_destructor(struct socket_context *sock)
+{
+	if (sock->ops->fn_close && 
+	    !(sock->flags & SOCKET_FLAG_NOCLOSE)) {
+		sock->ops->fn_close(sock);
+	}
+	return 0;
+}
+
+_PUBLIC_ void socket_tevent_fd_close_fn(struct tevent_context *ev,
+					struct tevent_fd *fde,
+					int fd,
+					void *private_data)
+{
+	/* this might be the socket_wrapper swrap_close() */
+	close(fd);
+}
+
+_PUBLIC_ NTSTATUS socket_create_with_ops(TALLOC_CTX *mem_ctx, const struct socket_ops *ops,
+					 struct socket_context **new_sock, 
+					 enum socket_type type, uint32_t flags)
+{
+	NTSTATUS status;
+
+	(*new_sock) = talloc(mem_ctx, struct socket_context);
+	if (!(*new_sock)) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	(*new_sock)->type = type;
+	(*new_sock)->state = SOCKET_STATE_UNDEFINED;
+	(*new_sock)->flags = flags;
+
+	(*new_sock)->fd = -1;
+
+	(*new_sock)->private_data = NULL;
+	(*new_sock)->ops = ops;
+	(*new_sock)->backend_name = NULL;
+
+	status = (*new_sock)->ops->fn_init((*new_sock));
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(*new_sock);
+		return status;
+	}
+
+	/* by enabling "testnonblock" mode, all socket receive and
+	   send calls on non-blocking sockets will randomly recv/send
+	   less data than requested */
+
+	if (type == SOCKET_TYPE_STREAM &&
+		getenv("SOCKET_TESTNONBLOCK") != NULL) {
+		(*new_sock)->flags |= SOCKET_FLAG_TESTNONBLOCK;
+	}
+
+	/* we don't do a connect() on dgram sockets, so need to set
+	   non-blocking at socket create time */
+	if (type == SOCKET_TYPE_DGRAM) {
+		set_blocking(socket_get_fd(*new_sock), false);
+	}
+
+	talloc_set_destructor(*new_sock, socket_destructor);
+
+	return NT_STATUS_OK;
+}
+
+_PUBLIC_ NTSTATUS socket_create(TALLOC_CTX *mem_ctx,
+				const char *name, enum socket_type type,
+			        struct socket_context **new_sock, uint32_t flags)
+{
+	const struct socket_ops *ops;
+
+	ops = socket_getops_byname(name, type);
+	if (!ops) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	return socket_create_with_ops(mem_ctx, ops, new_sock, type, flags);
+}
+
+_PUBLIC_ NTSTATUS socket_connect(struct socket_context *sock,
+				 const struct socket_address *my_address, 
+				 const struct socket_address *server_address,
+				 uint32_t flags)
+{
+	if (sock == NULL) {
+		return NT_STATUS_CONNECTION_DISCONNECTED;
+	}
+	if (sock->state != SOCKET_STATE_UNDEFINED) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (!sock->ops->fn_connect) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	return sock->ops->fn_connect(sock, my_address, server_address, flags);
+}
+
+_PUBLIC_ NTSTATUS socket_connect_complete(struct socket_context *sock, uint32_t flags)
+{
+	if (!sock->ops->fn_connect_complete) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return sock->ops->fn_connect_complete(sock, flags);
+}
+
+_PUBLIC_ NTSTATUS socket_listen(struct socket_context *sock, 
+			        const struct socket_address *my_address, 
+			        int queue_size, uint32_t flags)
+{
+	if (sock == NULL) {
+		return NT_STATUS_CONNECTION_DISCONNECTED;
+	}
+	if (sock->state != SOCKET_STATE_UNDEFINED) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (!sock->ops->fn_listen) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	return sock->ops->fn_listen(sock, my_address, queue_size, flags);
+}
+
+_PUBLIC_ NTSTATUS socket_accept(struct socket_context *sock, struct socket_context **new_sock)
+{
+	NTSTATUS status;
+
+	if (sock == NULL) {
+		return NT_STATUS_CONNECTION_DISCONNECTED;
+	}
+	if (sock->type != SOCKET_TYPE_STREAM) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (sock->state != SOCKET_STATE_SERVER_LISTEN) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (!sock->ops->fn_accept) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	status = sock->ops->fn_accept(sock, new_sock);
+
+	if (NT_STATUS_IS_OK(status)) {
+		talloc_set_destructor(*new_sock, socket_destructor);
+		(*new_sock)->flags = 0;
+	}
+
+	return status;
+}
+
+_PUBLIC_ NTSTATUS socket_recv(struct socket_context *sock, void *buf, 
+			      size_t wantlen, size_t *nread)
+{
+	if (sock == NULL) {
+		return NT_STATUS_CONNECTION_DISCONNECTED;
+	}
+	if (sock->state != SOCKET_STATE_CLIENT_CONNECTED &&
+	    sock->state != SOCKET_STATE_SERVER_CONNECTED &&
+	    sock->type  != SOCKET_TYPE_DGRAM) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (!sock->ops->fn_recv) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	if ((sock->flags & SOCKET_FLAG_TESTNONBLOCK) 
+	    && wantlen > 1) {
+
+		if (random() % 10 == 0) {
+			*nread = 0;
+			return STATUS_MORE_ENTRIES;
+		}
+		return sock->ops->fn_recv(sock, buf, 1+(random() % wantlen), nread);
+	}
+	return sock->ops->fn_recv(sock, buf, wantlen, nread);
+}
+
+_PUBLIC_ NTSTATUS socket_recvfrom(struct socket_context *sock, void *buf, 
+				  size_t wantlen, size_t *nread, 
+				  TALLOC_CTX *mem_ctx, struct socket_address **src_addr)
+{
+	if (sock == NULL) {
+		return NT_STATUS_CONNECTION_DISCONNECTED;
+	}
+	if (sock->type != SOCKET_TYPE_DGRAM) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (!sock->ops->fn_recvfrom) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	return sock->ops->fn_recvfrom(sock, buf, wantlen, nread, 
+				      mem_ctx, src_addr);
+}
+
+_PUBLIC_ NTSTATUS socket_send(struct socket_context *sock, 
+			      const DATA_BLOB *blob, size_t *sendlen)
+{
+	if (sock == NULL) {
+		return NT_STATUS_CONNECTION_DISCONNECTED;
+	}
+	if (sock->state != SOCKET_STATE_CLIENT_CONNECTED &&
+	    sock->state != SOCKET_STATE_SERVER_CONNECTED) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (!sock->ops->fn_send) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	
+	if ((sock->flags & SOCKET_FLAG_TESTNONBLOCK)
+	    && blob->length > 1) {
+		DATA_BLOB blob2 = *blob;
+		if (random() % 10 == 0) {
+			*sendlen = 0;
+			return STATUS_MORE_ENTRIES;
+		}
+		/* The random size sends are incompatible with TLS and SASL
+		 * sockets, which require re-sends to be consistent */
+		if (!(sock->flags & SOCKET_FLAG_ENCRYPT)) {
+			blob2.length = 1+(random() % blob2.length);
+		} else {
+			/* This is particularly stressful on buggy
+			 * LDAP clients, that don't expect on LDAP
+			 * packet in many SASL packets */
+			blob2.length = 1 + blob2.length/2;
+		}
+		return sock->ops->fn_send(sock, &blob2, sendlen);
+	}
+	return sock->ops->fn_send(sock, blob, sendlen);
+}
+
+
+_PUBLIC_ NTSTATUS socket_sendto(struct socket_context *sock, 
+			        const DATA_BLOB *blob, size_t *sendlen, 
+			        const struct socket_address *dest_addr)
+{
+	if (sock == NULL) {
+		return NT_STATUS_CONNECTION_DISCONNECTED;
+	}
+	if (sock->type != SOCKET_TYPE_DGRAM) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (sock->state == SOCKET_STATE_CLIENT_CONNECTED ||
+	    sock->state == SOCKET_STATE_SERVER_CONNECTED) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (!sock->ops->fn_sendto) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	return sock->ops->fn_sendto(sock, blob, sendlen, dest_addr);
+}
+
+
+/*
+  ask for the number of bytes in a pending incoming packet
+*/
+_PUBLIC_ NTSTATUS socket_pending(struct socket_context *sock, size_t *npending)
+{
+	if (sock == NULL) {
+		return NT_STATUS_CONNECTION_DISCONNECTED;
+	}
+	if (!sock->ops->fn_pending) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return sock->ops->fn_pending(sock, npending);
+}
+
+
+_PUBLIC_ NTSTATUS socket_set_option(struct socket_context *sock, const char *option, const char *val)
+{
+	if (sock == NULL) {
+		return NT_STATUS_CONNECTION_DISCONNECTED;
+	}
+	if (!sock->ops->fn_set_option) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	return sock->ops->fn_set_option(sock, option, val);
+}
+
+_PUBLIC_ char *socket_get_peer_name(struct socket_context *sock, TALLOC_CTX *mem_ctx)
+{
+	if (!sock->ops->fn_get_peer_name) {
+		return NULL;
+	}
+
+	return sock->ops->fn_get_peer_name(sock, mem_ctx);
+}
+
+_PUBLIC_ struct socket_address *socket_get_peer_addr(struct socket_context *sock, TALLOC_CTX *mem_ctx)
+{
+	if (!sock->ops->fn_get_peer_addr) {
+		return NULL;
+	}
+
+	return sock->ops->fn_get_peer_addr(sock, mem_ctx);
+}
+
+_PUBLIC_ struct socket_address *socket_get_my_addr(struct socket_context *sock, TALLOC_CTX *mem_ctx)
+{
+	if (!sock->ops->fn_get_my_addr) {
+		return NULL;
+	}
+
+	return sock->ops->fn_get_my_addr(sock, mem_ctx);
+}
+
+_PUBLIC_ struct tsocket_address *socket_address_to_tsocket_address(TALLOC_CTX *mem_ctx,
+								   const struct socket_address *a)
+{
+	struct tsocket_address *r;
+	int ret;
+
+	if (!a) {
+		return NULL;
+	}
+	if (a->sockaddr) {
+		ret = tsocket_address_bsd_from_sockaddr(mem_ctx,
+							a->sockaddr,
+							a->sockaddrlen,
+							&r);
+	} else {
+		ret = tsocket_address_inet_from_strings(mem_ctx,
+							a->family,
+							a->addr,
+							a->port,
+							&r);
+	}
+
+	if (ret != 0) {
+		return NULL;
+	}
+
+	return r;
+}
+
+_PUBLIC_ void socket_address_set_port(struct socket_address *a,
+				      uint16_t port)
+{
+	if (a->sockaddr) {
+		set_sockaddr_port(a->sockaddr, port);
+	} else {
+		a->port = port;
+	}
+
+}
+
+_PUBLIC_ struct socket_address *tsocket_address_to_socket_address(TALLOC_CTX *mem_ctx,
+								  const struct tsocket_address *a)
+{
+	ssize_t ret;
+	struct sockaddr_storage ss;
+	size_t sslen = sizeof(ss);
+
+	ret = tsocket_address_bsd_sockaddr(a, (struct sockaddr *)(void *)&ss, sslen);
+	if (ret < 0) {
+		return NULL;
+	}
+
+	return socket_address_from_sockaddr(mem_ctx, (struct sockaddr *)(void *)&ss, ret);
+}
+
+_PUBLIC_ struct tsocket_address *socket_get_remote_addr(struct socket_context *sock, TALLOC_CTX *mem_ctx)
+{
+	struct socket_address *a;
+	struct tsocket_address *r;
+
+	a = socket_get_peer_addr(sock, mem_ctx);
+	if (a == NULL) {
+		return NULL;
+	}
+
+	r = socket_address_to_tsocket_address(mem_ctx, a);
+	talloc_free(a);
+	return r;
+}
+
+_PUBLIC_ struct tsocket_address *socket_get_local_addr(struct socket_context *sock, TALLOC_CTX *mem_ctx)
+{
+	struct socket_address *a;
+	struct tsocket_address *r;
+
+	a = socket_get_my_addr(sock, mem_ctx);
+	if (a == NULL) {
+		return NULL;
+	}
+
+	r = socket_address_to_tsocket_address(mem_ctx, a);
+	talloc_free(a);
+	return r;
+}
+
+_PUBLIC_ int socket_get_fd(struct socket_context *sock)
+{
+	if (!sock->ops->fn_get_fd) {
+		return -1;
+	}
+
+	return sock->ops->fn_get_fd(sock);
+}
+
+/*
+  call dup() on a socket, and close the old fd. This is used to change
+  the fd to the lowest available number, to make select() more
+  efficient (select speed depends on the maximum fd number passed to
+  it)
+*/
+_PUBLIC_ NTSTATUS socket_dup(struct socket_context *sock)
+{
+	int fd;
+	if (sock->fd == -1) {
+		return NT_STATUS_INVALID_HANDLE;
+	}
+	fd = dup(sock->fd);
+	if (fd == -1) {
+		return map_nt_error_from_unix_common(errno);
+	}
+	close(sock->fd);
+	sock->fd = fd;
+	return NT_STATUS_OK;
+	
+}
+
+/* Create a new socket_address.  The type must match the socket type.
+ * The host parameter may be an IP or a hostname 
+ */
+
+_PUBLIC_ struct socket_address *socket_address_from_strings(TALLOC_CTX *mem_ctx,
+							    const char *family,
+							    const char *host,
+							    int port)
+{
+	struct socket_address *addr = talloc(mem_ctx, struct socket_address);
+	if (!addr) {
+		return NULL;
+	}
+
+	if (strcmp(family, "ip") == 0 && is_ipaddress_v6(host)) {
+		/* leaving as "ip" would force IPv4 */
+		family = "ipv6";
+	}
+
+	addr->family = family;
+	addr->addr = talloc_strdup(addr, host);
+	if (!addr->addr) {
+		talloc_free(addr);
+		return NULL;
+	}
+	addr->port = port;
+	addr->sockaddr = NULL;
+	addr->sockaddrlen = 0;
+
+	return addr;
+}
+
+/* Create a new socket_address.  Copy the struct sockaddr into the new
+ * structure.  Used for hooks in the kerberos libraries, where they
+ * supply only a struct sockaddr */
+
+_PUBLIC_ struct socket_address *socket_address_from_sockaddr(TALLOC_CTX *mem_ctx, 
+							     struct sockaddr *sockaddr, 
+							     size_t sockaddrlen)
+{
+	struct socket_address *addr = talloc(mem_ctx, struct socket_address);
+	if (!addr) {
+		return NULL;
+	}
+	switch (sockaddr->sa_family) {
+	case AF_INET:
+		addr->family = "ipv4";
+		break;
+#ifdef HAVE_IPV6
+	case AF_INET6:
+		addr->family = "ipv6";
+		break;
+#endif
+	case AF_UNIX:
+		addr->family = "unix";
+		break;
+	}
+	addr->addr = NULL;
+	addr->port = 0;
+	addr->sockaddr = (struct sockaddr *)talloc_memdup(addr, sockaddr, sockaddrlen);
+	if (!addr->sockaddr) {
+		talloc_free(addr);
+		return NULL;
+	}
+	addr->sockaddrlen = sockaddrlen;
+	return addr;
+}
+
+
+/*
+   Create a new socket_address from sockaddr_storage
+ */
+_PUBLIC_ struct socket_address *socket_address_from_sockaddr_storage(TALLOC_CTX *mem_ctx,
+								     const struct sockaddr_storage *sockaddr,
+	uint16_t port)
+{
+	struct socket_address *addr = talloc_zero(mem_ctx, struct socket_address);
+	char addr_str[INET6_ADDRSTRLEN+1];
+	const char *str;
+
+	if (!addr) {
+		return NULL;
+	}
+	addr->port = port;
+	switch (sockaddr->ss_family) {
+	case AF_INET:
+		addr->family = "ipv4";
+		break;
+#ifdef HAVE_IPV6
+	case AF_INET6:
+		addr->family = "ipv6";
+		break;
+#endif
+	default:
+		talloc_free(addr);
+		return NULL;
+	}
+
+	str = print_sockaddr(addr_str, sizeof(addr_str), sockaddr);
+	if (str == NULL) {
+		talloc_free(addr);
+		return NULL;
+	}
+	addr->addr = talloc_strdup(addr, str);
+	if (addr->addr == NULL) {
+		talloc_free(addr);
+		return NULL;
+	}
+
+	return addr;
+}
+
+/* Copy a socket_address structure */
+struct socket_address *socket_address_copy(TALLOC_CTX *mem_ctx,
+					   const struct socket_address *oaddr)
+{
+	struct socket_address *addr = talloc_zero(mem_ctx, struct socket_address);
+	if (!addr) {
+		return NULL;
+	}
+	addr->family	= oaddr->family;
+	if (oaddr->addr) {
+		addr->addr	= talloc_strdup(addr, oaddr->addr);
+		if (!addr->addr) {
+			goto nomem;
+		}
+	}
+	addr->port	= oaddr->port;
+	if (oaddr->sockaddr) {
+		addr->sockaddr = (struct sockaddr *)talloc_memdup(addr,
+								  oaddr->sockaddr,
+								  oaddr->sockaddrlen);
+		if (!addr->sockaddr) {
+			goto nomem;
+		}
+		addr->sockaddrlen = oaddr->sockaddrlen;
+	}
+
+	return addr;
+
+nomem:
+	talloc_free(addr);
+	return NULL;
+}
+
+_PUBLIC_ const struct socket_ops *socket_getops_byname(const char *family, enum socket_type type)
+{
+	extern const struct socket_ops *socket_ipv4_ops(enum socket_type);
+	extern const struct socket_ops *socket_ipv6_ops(enum socket_type);
+	extern const struct socket_ops *socket_unixdom_ops(enum socket_type);
+
+	if (strcmp("ip", family) == 0 || 
+	    strcmp("ipv4", family) == 0) {
+		return socket_ipv4_ops(type);
+	}
+
+#ifdef HAVE_IPV6
+	if (strcmp("ipv6", family) == 0) {
+		return socket_ipv6_ops(type);
+	}
+#endif
+
+	if (strcmp("unix", family) == 0) {
+		return socket_unixdom_ops(type);
+	}
+
+	return NULL;
+}
+
+/*
+  set some flags on a socket 
+ */
+void socket_set_flags(struct socket_context *sock, unsigned flags)
+{
+	sock->flags |= flags;
+}
diff --git a/source4/lib/socket/socket.h b/source4/lib/socket/socket.h
new file mode 100644
index 0000000..ba2c17e
--- /dev/null
+++ b/source4/lib/socket/socket.h
@@ -0,0 +1,256 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Socket functions
+   Copyright (C) Stefan Metzmacher 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _SAMBA_SOCKET_H
+#define _SAMBA_SOCKET_H
+
+struct tevent_context;
+struct tevent_fd;
+struct socket_context;
+
+enum socket_type {
+	SOCKET_TYPE_STREAM,
+	SOCKET_TYPE_DGRAM
+};
+
+struct socket_address {
+	const char *family;
+	char *addr;
+	int port;
+	struct sockaddr *sockaddr;
+	size_t sockaddrlen;
+};
+
+struct socket_ops {
+	const char *name;
+
+	NTSTATUS (*fn_init)(struct socket_context *sock);
+
+	/* client ops */
+	NTSTATUS (*fn_connect)(struct socket_context *sock,
+			       const struct socket_address *my_address,
+			       const struct socket_address *server_address,
+			       uint32_t flags);
+
+	/* complete a non-blocking connect */
+	NTSTATUS (*fn_connect_complete)(struct socket_context *sock,
+					uint32_t flags);
+
+	/* server ops */
+	NTSTATUS (*fn_listen)(struct socket_context *sock,
+			      const struct socket_address *my_address, 
+			      int queue_size, uint32_t flags);
+	NTSTATUS (*fn_accept)(struct socket_context *sock,	
+			      struct socket_context **new_sock);
+
+	/* general ops */
+	NTSTATUS (*fn_recv)(struct socket_context *sock, void *buf,
+			    size_t wantlen, size_t *nread);
+	NTSTATUS (*fn_send)(struct socket_context *sock, 
+			    const DATA_BLOB *blob, size_t *sendlen);
+
+	NTSTATUS (*fn_sendto)(struct socket_context *sock, 
+			      const DATA_BLOB *blob, size_t *sendlen,
+			      const struct socket_address *dest_addr);
+	NTSTATUS (*fn_recvfrom)(struct socket_context *sock, 
+				void *buf, size_t wantlen, size_t *nread,
+				TALLOC_CTX *addr_ctx, struct socket_address **src_addr);
+	NTSTATUS (*fn_pending)(struct socket_context *sock, size_t *npending);      
+
+	void (*fn_close)(struct socket_context *sock);
+
+	NTSTATUS (*fn_set_option)(struct socket_context *sock, const char *option, const char *val);
+
+	char *(*fn_get_peer_name)(struct socket_context *sock, TALLOC_CTX *mem_ctx);
+	struct socket_address *(*fn_get_peer_addr)(struct socket_context *sock, TALLOC_CTX *mem_ctx);
+	struct socket_address *(*fn_get_my_addr)(struct socket_context *sock, TALLOC_CTX *mem_ctx);
+
+	int (*fn_get_fd)(struct socket_context *sock);
+};
+
+enum socket_state {
+	SOCKET_STATE_UNDEFINED,
+
+	SOCKET_STATE_CLIENT_START,
+	SOCKET_STATE_CLIENT_CONNECTED,
+	SOCKET_STATE_CLIENT_STARTTLS,
+	SOCKET_STATE_CLIENT_ERROR,
+	
+	SOCKET_STATE_SERVER_LISTEN,
+	SOCKET_STATE_SERVER_CONNECTED,
+	SOCKET_STATE_SERVER_STARTTLS,
+	SOCKET_STATE_SERVER_ERROR
+};
+
+#define SOCKET_FLAG_PEEK         0x00000002
+#define SOCKET_FLAG_TESTNONBLOCK 0x00000004
+#define SOCKET_FLAG_ENCRYPT      0x00000008 /* This socket
+					     * implementation requires
+					     * that re-sends be
+					     * consistent, because it
+					     * is encrypting data.
+					     * This modifies the
+					     * TESTNONBLOCK case */
+#define SOCKET_FLAG_NOCLOSE      0x00000010 /* don't auto-close on free */
+
+
+struct socket_context {
+	enum socket_type type;
+	enum socket_state state;
+	uint32_t flags;
+
+	int fd;
+
+	void *private_data;
+	const struct socket_ops *ops;
+	const char *backend_name;
+
+	/* specific to the ip backend */
+	int family;
+};
+
+struct resolve_context;
+struct tsocket_address;
+
+/* prototypes */
+NTSTATUS socket_create_with_ops(TALLOC_CTX *mem_ctx, const struct socket_ops *ops,
+				struct socket_context **new_sock, 
+				enum socket_type type, uint32_t flags);
+NTSTATUS socket_create(TALLOC_CTX *mem_ctx,
+		       const char *name, enum socket_type type,
+		       struct socket_context **new_sock, uint32_t flags);
+NTSTATUS socket_connect(struct socket_context *sock,
+			const struct socket_address *my_address, 
+			const struct socket_address *server_address,
+			uint32_t flags);
+NTSTATUS socket_connect_complete(struct socket_context *sock, uint32_t flags);
+NTSTATUS socket_listen(struct socket_context *sock, 
+		       const struct socket_address *my_address, 
+		       int queue_size, uint32_t flags);
+NTSTATUS socket_accept(struct socket_context *sock, struct socket_context **new_sock);
+NTSTATUS socket_recv(struct socket_context *sock, void *buf, 
+		     size_t wantlen, size_t *nread);
+NTSTATUS socket_recvfrom(struct socket_context *sock, void *buf, 
+			 size_t wantlen, size_t *nread, 
+			 TALLOC_CTX *addr_ctx, struct socket_address **src_addr);
+NTSTATUS socket_send(struct socket_context *sock, 
+		     const DATA_BLOB *blob, size_t *sendlen);
+NTSTATUS socket_sendto(struct socket_context *sock, 
+		       const DATA_BLOB *blob, size_t *sendlen,
+		       const struct socket_address *dest_addr);
+NTSTATUS socket_pending(struct socket_context *sock, size_t *npending);
+NTSTATUS socket_set_option(struct socket_context *sock, const char *option, const char *val);
+char *socket_get_peer_name(struct socket_context *sock, TALLOC_CTX *mem_ctx);
+struct socket_address *socket_get_peer_addr(struct socket_context *sock, TALLOC_CTX *mem_ctx);
+struct socket_address *socket_get_my_addr(struct socket_context *sock, TALLOC_CTX *mem_ctx);
+struct tsocket_address *socket_address_to_tsocket_address(TALLOC_CTX *mem_ctx,
+							  const struct socket_address *a);
+struct socket_address *tsocket_address_to_socket_address(TALLOC_CTX *mem_ctx,
+							 const struct tsocket_address *a);
+struct tsocket_address *socket_get_remote_addr(struct socket_context *sock, TALLOC_CTX *mem_ctx);
+struct tsocket_address *socket_get_local_addr(struct socket_context *sock, TALLOC_CTX *mem_ctx);
+int socket_get_fd(struct socket_context *sock);
+NTSTATUS socket_dup(struct socket_context *sock);
+struct socket_address *socket_address_from_strings(TALLOC_CTX *mem_ctx,
+						   const char *type, 
+						   const char *host,
+						   int port);
+struct socket_address *socket_address_from_sockaddr(TALLOC_CTX *mem_ctx, 
+						    struct sockaddr *sockaddr, 
+						    size_t addrlen);
+struct sockaddr_storage;
+struct socket_address *socket_address_from_sockaddr_storage(TALLOC_CTX *mem_ctx,
+							    const struct sockaddr_storage *sockaddr,
+							    uint16_t port);
+_PUBLIC_ void socket_address_set_port(struct socket_address *a,
+				      uint16_t port);
+struct socket_address *socket_address_copy(TALLOC_CTX *mem_ctx,
+					   const struct socket_address *oaddr);
+const struct socket_ops *socket_getops_byname(const char *name, enum socket_type type);
+bool socket_check_access(struct socket_context *sock, 
+			 const char *service_name,
+			 const char **allow_list, const char **deny_list);
+
+struct composite_context *socket_connect_send(struct socket_context *sock,
+					      struct socket_address *my_address,
+					      struct socket_address *server_address, 
+					      uint32_t flags,
+					      struct tevent_context *event_ctx);
+NTSTATUS socket_connect_recv(struct composite_context *ctx);
+NTSTATUS socket_connect_ev(struct socket_context *sock,
+			   struct socket_address *my_address,
+			   struct socket_address *server_address, 
+			   uint32_t flags, 
+			   struct tevent_context *ev);
+
+struct socket_connect_multi_ex {
+	void *private_data;
+	struct tevent_req *(*establish_send)(TALLOC_CTX *mem_ctx,
+					     struct tevent_context *ev,
+					     struct socket_context *sock,
+					     struct socket_address *addr,
+					     void *private_data);
+	NTSTATUS (*establish_recv)(struct tevent_req *req);
+};
+struct composite_context *socket_connect_multi_ex_send(TALLOC_CTX *mem_ctx,
+						       const char *server_address,
+						       int num_server_ports,
+						       uint16_t *server_ports,
+						       struct resolve_context *resolve_ctx,
+						       struct tevent_context *event_ctx,
+						       struct socket_connect_multi_ex *ex);
+NTSTATUS socket_connect_multi_ex_recv(struct composite_context *ctx,
+				      TALLOC_CTX *mem_ctx,
+				      struct socket_context **result,
+				      uint16_t *port);
+NTSTATUS socket_connect_multi_ex(TALLOC_CTX *mem_ctx, const char *server_address,
+				 int num_server_ports, uint16_t *server_ports,
+				 struct resolve_context *resolve_ctx,
+				 struct tevent_context *event_ctx,
+				 struct socket_connect_multi_ex *ex,
+				 struct socket_context **result,
+				 uint16_t *port);
+
+struct composite_context *socket_connect_multi_send(TALLOC_CTX *mem_ctx,
+						    const char *server_address,
+						    int num_server_ports,
+						    uint16_t *server_ports,
+						    struct resolve_context *resolve_ctx,
+						    struct tevent_context *event_ctx);
+NTSTATUS socket_connect_multi_recv(struct composite_context *ctx,
+				   TALLOC_CTX *mem_ctx,
+				   struct socket_context **result,
+				   uint16_t *port);
+NTSTATUS socket_connect_multi(TALLOC_CTX *mem_ctx, const char *server_address,
+			      int num_server_ports, uint16_t *server_ports,
+			      struct resolve_context *resolve_ctx,
+			      struct tevent_context *event_ctx,
+			      struct socket_context **result,
+			      uint16_t *port);
+void set_socket_options(int fd, const char *options);
+void socket_set_flags(struct socket_context *sock, unsigned flags);
+
+void socket_tevent_fd_close_fn(struct tevent_context *ev,
+			       struct tevent_fd *fde,
+			       int fd,
+			       void *private_data);
+
+extern bool testnonblock;
+
+#endif /* _SAMBA_SOCKET_H */
diff --git a/source4/lib/socket/socket_ip.c b/source4/lib/socket/socket_ip.c
new file mode 100644
index 0000000..62dbf1d
--- /dev/null
+++ b/source4/lib/socket/socket_ip.c
@@ -0,0 +1,1033 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Socket IPv4/IPv6 functions
+
+   Copyright (C) Stefan Metzmacher 2004
+   Copyright (C) Andrew Tridgell 2004-2005
+   Copyright (C) Jelmer Vernooij 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "lib/socket/socket.h"
+#include "system/network.h"
+#include "lib/util/util_net.h"
+
+#undef strcasecmp
+
+_PUBLIC_ const struct socket_ops *socket_ipv4_ops(enum socket_type type);
+_PUBLIC_ const struct socket_ops *socket_ipv6_ops(enum socket_type type);
+
+static NTSTATUS ipv4_init(struct socket_context *sock)
+{
+	int type;
+
+	switch (sock->type) {
+	case SOCKET_TYPE_STREAM:
+		type = SOCK_STREAM;
+		break;
+	case SOCKET_TYPE_DGRAM:
+		type = SOCK_DGRAM;
+		break;
+	default:
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	sock->fd = socket(PF_INET, type, 0);
+	if (sock->fd == -1) {
+		return map_nt_error_from_unix_common(errno);
+	}
+
+	smb_set_close_on_exec(sock->fd);
+
+	sock->backend_name = "ipv4";
+	sock->family = AF_INET;
+
+	return NT_STATUS_OK;
+}
+
+static void ip_close(struct socket_context *sock)
+{
+	if (sock->fd != -1) {
+		close(sock->fd);
+		sock->fd = -1;
+	}
+}
+
+static NTSTATUS ip_connect_complete(struct socket_context *sock, uint32_t flags)
+{
+	int error=0, ret;
+	socklen_t len = sizeof(error);
+
+	/* check for any errors that may have occurred - this is needed
+	   for non-blocking connect */
+	ret = getsockopt(sock->fd, SOL_SOCKET, SO_ERROR, &error, &len);
+	if (ret == -1) {
+		return map_nt_error_from_unix_common(errno);
+	}
+	if (error != 0) {
+		return map_nt_error_from_unix_common(error);
+	}
+
+	ret = set_blocking(sock->fd, false);
+	if (ret == -1) {
+		return map_nt_error_from_unix_common(errno);
+	}
+
+	sock->state = SOCKET_STATE_CLIENT_CONNECTED;
+
+	return NT_STATUS_OK;
+}
+
+
+static NTSTATUS ipv4_connect(struct socket_context *sock,
+			     const struct socket_address *my_address, 
+			     const struct socket_address *srv_address,
+			     uint32_t flags)
+{
+	struct sockaddr_in srv_addr;
+	struct in_addr my_ip;
+	struct in_addr srv_ip;
+	int ret;
+
+	if (my_address && my_address->sockaddr) {
+		ret = bind(sock->fd, my_address->sockaddr, my_address->sockaddrlen);
+		if (ret == -1) {
+			return map_nt_error_from_unix_common(errno);
+		}
+	} else if (my_address) {
+		my_ip = interpret_addr2(my_address->addr);
+		
+		if (my_ip.s_addr != 0 || my_address->port != 0) {
+			struct sockaddr_in my_addr;
+			ZERO_STRUCT(my_addr);
+#ifdef HAVE_SOCK_SIN_LEN
+			my_addr.sin_len		= sizeof(my_addr);
+#endif
+			my_addr.sin_addr.s_addr	= my_ip.s_addr;
+			my_addr.sin_port	= htons(my_address->port);
+			my_addr.sin_family	= PF_INET;
+			
+			ret = bind(sock->fd, (struct sockaddr *)&my_addr, sizeof(my_addr));
+			if (ret == -1) {
+				return map_nt_error_from_unix_common(errno);
+			}
+		}
+	}
+
+	if (srv_address->sockaddr) {
+		ret = connect(sock->fd, srv_address->sockaddr, srv_address->sockaddrlen);
+		if (ret == -1) {
+			return map_nt_error_from_unix_common(errno);
+		}
+	} else {
+		srv_ip = interpret_addr2(srv_address->addr);
+		if (!srv_ip.s_addr) {
+			return NT_STATUS_BAD_NETWORK_NAME;
+		}
+
+		SMB_ASSERT(srv_address->port != 0);
+		
+		ZERO_STRUCT(srv_addr);
+#ifdef HAVE_SOCK_SIN_LEN
+		srv_addr.sin_len	= sizeof(srv_addr);
+#endif
+		srv_addr.sin_addr.s_addr= srv_ip.s_addr;
+		srv_addr.sin_port	= htons(srv_address->port);
+		srv_addr.sin_family	= PF_INET;
+
+		ret = connect(sock->fd, (const struct sockaddr *)&srv_addr, sizeof(srv_addr));
+		if (ret == -1) {
+			return map_nt_error_from_unix_common(errno);
+		}
+	}
+
+	return ip_connect_complete(sock, flags);
+}
+
+
+/*
+  note that for simplicity of the API, socket_listen() is also
+  use for DGRAM sockets, but in reality only a bind() is done
+*/
+static NTSTATUS ipv4_listen(struct socket_context *sock,
+			    const struct socket_address *my_address, 
+			    int queue_size, uint32_t flags)
+{
+	struct sockaddr_in my_addr;
+	struct in_addr ip_addr;
+	int ret;
+
+	socket_set_option(sock, "SO_REUSEADDR=1", NULL);
+
+	if (my_address->sockaddr) {
+		ret = bind(sock->fd, my_address->sockaddr, my_address->sockaddrlen);
+	} else {
+		ip_addr = interpret_addr2(my_address->addr);
+		
+		ZERO_STRUCT(my_addr);
+#ifdef HAVE_SOCK_SIN_LEN
+		my_addr.sin_len		= sizeof(my_addr);
+#endif
+		my_addr.sin_addr.s_addr	= ip_addr.s_addr;
+		my_addr.sin_port	= htons(my_address->port);
+		my_addr.sin_family	= PF_INET;
+		
+		ret = bind(sock->fd, (struct sockaddr *)&my_addr, sizeof(my_addr));
+	}
+
+	if (ret == -1) {
+		return map_nt_error_from_unix_common(errno);
+	}
+
+	if (sock->type == SOCKET_TYPE_STREAM) {
+		ret = listen(sock->fd, queue_size);
+		if (ret == -1) {
+			return map_nt_error_from_unix_common(errno);
+		}
+	}
+
+	ret = set_blocking(sock->fd, false);
+	if (ret == -1) {
+		return map_nt_error_from_unix_common(errno);
+	}
+
+	sock->state= SOCKET_STATE_SERVER_LISTEN;
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS ipv4_accept(struct socket_context *sock, struct socket_context **new_sock)
+{
+	struct sockaddr_in cli_addr;
+	socklen_t cli_addr_len = sizeof(cli_addr);
+	int new_fd, ret;
+
+	if (sock->type != SOCKET_TYPE_STREAM) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	new_fd = accept(sock->fd, (struct sockaddr *)&cli_addr, &cli_addr_len);
+	if (new_fd == -1) {
+		return map_nt_error_from_unix_common(errno);
+	}
+
+	ret = set_blocking(new_fd, false);
+	if (ret == -1) {
+		close(new_fd);
+		return map_nt_error_from_unix_common(errno);
+	}
+
+	smb_set_close_on_exec(new_fd);
+
+
+	/* TODO: we could add a 'accept_check' hook here
+	 *	 which get the black/white lists via socket_set_accept_filter()
+	 *	 or something like that
+	 *	 --metze
+	 */
+
+	(*new_sock) = talloc(NULL, struct socket_context);
+	if (!(*new_sock)) {
+		close(new_fd);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* copy the socket_context */
+	(*new_sock)->type		= sock->type;
+	(*new_sock)->state		= SOCKET_STATE_SERVER_CONNECTED;
+	(*new_sock)->flags		= sock->flags;
+
+	(*new_sock)->fd			= new_fd;
+
+	(*new_sock)->private_data	= NULL;
+	(*new_sock)->ops		= sock->ops;
+	(*new_sock)->backend_name	= sock->backend_name;
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS ip_recv(struct socket_context *sock, void *buf, 
+			      size_t wantlen, size_t *nread)
+{
+	ssize_t gotlen;
+
+	*nread = 0;
+
+	gotlen = recv(sock->fd, buf, wantlen, 0);
+	if (gotlen == 0) {
+		return NT_STATUS_END_OF_FILE;
+	} else if (gotlen == -1) {
+		return map_nt_error_from_unix_common(errno);
+	}
+
+	*nread = gotlen;
+
+	return NT_STATUS_OK;
+}
+
+
+static NTSTATUS ipv4_recvfrom(struct socket_context *sock, void *buf, 
+			      size_t wantlen, size_t *nread, 
+			      TALLOC_CTX *addr_ctx, struct socket_address **_src)
+{
+	ssize_t gotlen;
+	struct sockaddr_in *from_addr;
+	socklen_t from_len = sizeof(*from_addr);
+	struct socket_address *src;
+	char addrstring[INET_ADDRSTRLEN];
+	
+	src = talloc(addr_ctx, struct socket_address);
+	if (!src) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	
+	src->family = sock->backend_name;
+
+	from_addr = talloc(src, struct sockaddr_in);
+	if (!from_addr) {
+		talloc_free(src);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	src->sockaddr = (struct sockaddr *)from_addr;
+
+	*nread = 0;
+
+	gotlen = recvfrom(sock->fd, buf, wantlen, 0, 
+			  src->sockaddr, &from_len);
+	if (gotlen == 0) {
+		talloc_free(src);
+		return NT_STATUS_END_OF_FILE;
+	}
+	if (gotlen == -1) {
+		talloc_free(src);
+		return map_nt_error_from_unix_common(errno);
+	}
+
+	src->sockaddrlen = from_len;
+
+	if (inet_ntop(AF_INET, &from_addr->sin_addr, addrstring, 
+			 sizeof(addrstring)) == NULL) {
+		talloc_free(src);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+	src->addr = talloc_strdup(src, addrstring);
+	if (src->addr == NULL) {
+		talloc_free(src);
+		return NT_STATUS_NO_MEMORY;
+	}
+	src->port = ntohs(from_addr->sin_port);
+
+	*nread	= gotlen;
+	*_src	= src;
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS ip_send(struct socket_context *sock, 
+			      const DATA_BLOB *blob, size_t *sendlen)
+{
+	ssize_t len;
+
+	*sendlen = 0;
+
+	len = send(sock->fd, blob->data, blob->length, 0);
+	if (len == -1) {
+		return map_nt_error_from_unix_common(errno);
+	}	
+
+	*sendlen = len;
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS ipv4_sendto(struct socket_context *sock, 
+			    const DATA_BLOB *blob, size_t *sendlen, 
+			    const struct socket_address *dest_addr)
+{
+	ssize_t len;
+
+	if (dest_addr->sockaddr) {
+		len = sendto(sock->fd, blob->data, blob->length, 0, 
+			     dest_addr->sockaddr, dest_addr->sockaddrlen);
+	} else {
+		struct sockaddr_in srv_addr;
+		struct in_addr addr;
+
+		SMB_ASSERT(dest_addr->port != 0);
+		
+		ZERO_STRUCT(srv_addr);
+#ifdef HAVE_SOCK_SIN_LEN
+		srv_addr.sin_len         = sizeof(srv_addr);
+#endif
+		addr                     = interpret_addr2(dest_addr->addr);
+		if (addr.s_addr == 0) {
+			return NT_STATUS_HOST_UNREACHABLE;
+		}
+		srv_addr.sin_addr.s_addr = addr.s_addr;
+		srv_addr.sin_port        = htons(dest_addr->port);
+		srv_addr.sin_family      = PF_INET;
+		
+		*sendlen = 0;
+		
+		len = sendto(sock->fd, blob->data, blob->length, 0, 
+			     (struct sockaddr *)&srv_addr, sizeof(srv_addr));
+	}
+	if (len == -1) {
+		return map_nt_error_from_unix_common(errno);
+	}	
+
+	*sendlen = len;
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS ipv4_set_option(struct socket_context *sock, const char *option, const char *val)
+{
+	set_socket_options(sock->fd, option);
+	return NT_STATUS_OK;
+}
+
+static char *ipv4_get_peer_name(struct socket_context *sock, TALLOC_CTX *mem_ctx)
+{
+	struct sockaddr_in peer_addr;
+	socklen_t len = sizeof(peer_addr);
+	struct hostent *he;
+	int ret;
+
+	ret = getpeername(sock->fd, (struct sockaddr *)&peer_addr, &len);
+	if (ret == -1) {
+		return NULL;
+	}
+
+	he = gethostbyaddr((char *)&peer_addr.sin_addr, sizeof(peer_addr.sin_addr), AF_INET);
+	if (he == NULL) {
+		return NULL;
+	}
+
+	return talloc_strdup(mem_ctx, he->h_name);
+}
+
+static struct socket_address *ipv4_get_peer_addr(struct socket_context *sock, TALLOC_CTX *mem_ctx)
+{
+	struct sockaddr_in *peer_addr;
+	socklen_t len = sizeof(*peer_addr);
+	struct socket_address *peer;
+	char addrstring[INET_ADDRSTRLEN];
+	int ret;
+	
+	peer = talloc(mem_ctx, struct socket_address);
+	if (!peer) {
+		return NULL;
+	}
+	
+	peer->family = sock->backend_name;
+	peer_addr = talloc(peer, struct sockaddr_in);
+	if (!peer_addr) {
+		talloc_free(peer);
+		return NULL;
+	}
+
+	peer->sockaddr = (struct sockaddr *)peer_addr;
+
+	ret = getpeername(sock->fd, peer->sockaddr, &len);
+	if (ret == -1) {
+		talloc_free(peer);
+		return NULL;
+	}
+
+	peer->sockaddrlen = len;
+
+	if (inet_ntop(AF_INET, &peer_addr->sin_addr, addrstring,
+			 sizeof(addrstring)) == NULL) {
+		talloc_free(peer);
+		return NULL;
+	}
+	peer->addr = talloc_strdup(peer, addrstring);
+	if (!peer->addr) {
+		talloc_free(peer);
+		return NULL;
+	}
+	peer->port = ntohs(peer_addr->sin_port);
+
+	return peer;
+}
+
+static struct socket_address *ipv4_get_my_addr(struct socket_context *sock, TALLOC_CTX *mem_ctx)
+{
+	struct sockaddr_in *local_addr;
+	socklen_t len = sizeof(*local_addr);
+	struct socket_address *local;
+	char addrstring[INET_ADDRSTRLEN];
+	int ret;
+	
+	local = talloc(mem_ctx, struct socket_address);
+	if (!local) {
+		return NULL;
+	}
+	
+	local->family = sock->backend_name;
+	local_addr = talloc(local, struct sockaddr_in);
+	if (!local_addr) {
+		talloc_free(local);
+		return NULL;
+	}
+
+	local->sockaddr = (struct sockaddr *)local_addr;
+
+	ret = getsockname(sock->fd, local->sockaddr, &len);
+	if (ret == -1) {
+		talloc_free(local);
+		return NULL;
+	}
+
+	local->sockaddrlen = len;
+
+	if (inet_ntop(AF_INET, &local_addr->sin_addr, addrstring, 
+			 sizeof(addrstring)) == NULL) {
+		talloc_free(local);
+		return NULL;
+	}
+	local->addr = talloc_strdup(local, addrstring);
+	if (!local->addr) {
+		talloc_free(local);
+		return NULL;
+	}
+	local->port = ntohs(local_addr->sin_port);
+
+	return local;
+}
+static int ip_get_fd(struct socket_context *sock)
+{
+	return sock->fd;
+}
+
+static NTSTATUS ip_pending(struct socket_context *sock, size_t *npending)
+{
+	int value = 0;
+	if (ioctl(sock->fd, FIONREAD, &value) == 0) {
+		*npending = value;
+		return NT_STATUS_OK;
+	}
+	return map_nt_error_from_unix_common(errno);
+}
+
+static const struct socket_ops ipv4_ops = {
+	.name			= "ipv4",
+	.fn_init		= ipv4_init,
+	.fn_connect		= ipv4_connect,
+	.fn_connect_complete	= ip_connect_complete,
+	.fn_listen		= ipv4_listen,
+	.fn_accept		= ipv4_accept,
+	.fn_recv		= ip_recv,
+	.fn_recvfrom		= ipv4_recvfrom,
+	.fn_send		= ip_send,
+	.fn_sendto		= ipv4_sendto,
+	.fn_pending		= ip_pending,
+	.fn_close		= ip_close,
+
+	.fn_set_option		= ipv4_set_option,
+
+	.fn_get_peer_name	= ipv4_get_peer_name,
+	.fn_get_peer_addr	= ipv4_get_peer_addr,
+	.fn_get_my_addr		= ipv4_get_my_addr,
+
+	.fn_get_fd		= ip_get_fd
+};
+
+_PUBLIC_ const struct socket_ops *socket_ipv4_ops(enum socket_type type)
+{
+	return &ipv4_ops;
+}
+
+#ifdef HAVE_IPV6
+
+static struct in6_addr interpret_addr6(const char *name)
+{
+	char addr[INET6_ADDRSTRLEN];
+	struct in6_addr dest6;
+	const char *sp = name;
+	char *p;
+	int ret;
+
+	if (sp == NULL) return in6addr_any;
+
+	p = strchr_m(sp, '%');
+
+	if (strcasecmp(sp, "localhost") == 0) {
+		sp = "::1";
+	}
+
+	/*
+	 * Cope with link-local.
+	 * This is IP:v6:addr%ifname.
+	 */
+
+	if (p && (p > sp) && (if_nametoindex(p+1) != 0)) {
+		strlcpy(addr, sp,
+			MIN(PTR_DIFF(p,sp)+1,
+				sizeof(addr)));
+		sp = addr;
+	}
+
+	ret = inet_pton(AF_INET6, sp, &dest6);
+	if (ret > 0) {
+		return dest6;
+	}
+
+	return in6addr_any;
+}
+
+static NTSTATUS ipv6_init(struct socket_context *sock)
+{
+	int type;
+
+	switch (sock->type) {
+	case SOCKET_TYPE_STREAM:
+		type = SOCK_STREAM;
+		break;
+	case SOCKET_TYPE_DGRAM:
+		type = SOCK_DGRAM;
+		break;
+	default:
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	sock->fd = socket(PF_INET6, type, 0);
+	if (sock->fd == -1) {
+		return map_nt_error_from_unix_common(errno);
+	}
+
+	smb_set_close_on_exec(sock->fd);
+
+	sock->backend_name = "ipv6";
+	sock->family = AF_INET6;
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS ipv6_tcp_connect(struct socket_context *sock,
+				 const struct socket_address *my_address,
+				 const struct socket_address *srv_address,
+				 uint32_t flags)
+{
+	int ret;
+
+	if (my_address && my_address->sockaddr) {
+		ret = bind(sock->fd, my_address->sockaddr, my_address->sockaddrlen);
+		if (ret == -1) {
+			return map_nt_error_from_unix_common(errno);
+		}
+	} else if (my_address) {
+		struct in6_addr my_ip;
+		my_ip = interpret_addr6(my_address->addr);
+
+		if (memcmp(&my_ip, &in6addr_any, sizeof(my_ip)) || my_address->port != 0) {
+			struct sockaddr_in6 my_addr;
+			ZERO_STRUCT(my_addr);
+			my_addr.sin6_addr	= my_ip;
+			my_addr.sin6_port	= htons(my_address->port);
+			my_addr.sin6_family	= PF_INET6;
+			
+			ret = bind(sock->fd, (struct sockaddr *)&my_addr, sizeof(my_addr));
+			if (ret == -1) {
+				return map_nt_error_from_unix_common(errno);
+			}
+		}
+	}
+
+	if (srv_address->sockaddr) {
+		ret = connect(sock->fd, srv_address->sockaddr, srv_address->sockaddrlen);
+	} else {
+		struct in6_addr srv_ip;
+		struct sockaddr_in6 srv_addr;
+		srv_ip = interpret_addr6(srv_address->addr);
+		if (memcmp(&srv_ip, &in6addr_any, sizeof(srv_ip)) == 0) {
+			return NT_STATUS_BAD_NETWORK_NAME;
+		}
+		
+		ZERO_STRUCT(srv_addr);
+		srv_addr.sin6_addr	= srv_ip;
+		srv_addr.sin6_port	= htons(srv_address->port);
+		srv_addr.sin6_family	= PF_INET6;
+		
+		ret = connect(sock->fd, (const struct sockaddr *)&srv_addr, sizeof(srv_addr));
+	}
+	if (ret == -1) {
+		return map_nt_error_from_unix_common(errno);
+	}
+
+	return ip_connect_complete(sock, flags);
+}
+
+/*
+  fix the sin6_scope_id based on the address interface
+ */
+static void fix_scope_id(struct sockaddr_in6 *in6,
+			 const char *address)
+{
+	const char *p = strchr(address, '%');
+	if (p != NULL) {
+		in6->sin6_scope_id = if_nametoindex(p+1);
+	}
+}
+
+
+static NTSTATUS ipv6_listen(struct socket_context *sock,
+			    const struct socket_address *my_address,
+			    int queue_size, uint32_t flags)
+{
+	struct sockaddr_in6 my_addr;
+	struct in6_addr ip_addr;
+	int ret;
+
+	socket_set_option(sock, "SO_REUSEADDR=1", NULL);
+
+	if (my_address->sockaddr) {
+		ret = bind(sock->fd, my_address->sockaddr, my_address->sockaddrlen);
+	} else {
+		int one = 1;
+		ip_addr = interpret_addr6(my_address->addr);
+		
+		ZERO_STRUCT(my_addr);
+		my_addr.sin6_addr	= ip_addr;
+		my_addr.sin6_port	= htons(my_address->port);
+		my_addr.sin6_family	= PF_INET6;
+		fix_scope_id(&my_addr, my_address->addr);
+
+		/* when binding on ipv6 we always want to only bind on v6 */
+		ret = setsockopt(sock->fd, IPPROTO_IPV6, IPV6_V6ONLY,
+				 (const void *)&one, sizeof(one));
+		if (ret != -1) {
+			ret = bind(sock->fd, (struct sockaddr *)&my_addr, sizeof(my_addr));
+		}
+	}
+
+	if (ret == -1) {
+		return map_nt_error_from_unix_common(errno);
+	}
+
+	if (sock->type == SOCKET_TYPE_STREAM) {
+		ret = listen(sock->fd, queue_size);
+		if (ret == -1) {
+			return map_nt_error_from_unix_common(errno);
+		}
+	}
+
+	ret = set_blocking(sock->fd, false);
+	if (ret == -1) {
+		return map_nt_error_from_unix_common(errno);
+	}
+
+	sock->state= SOCKET_STATE_SERVER_LISTEN;
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS ipv6_tcp_accept(struct socket_context *sock, struct socket_context **new_sock)
+{
+	struct sockaddr_in6 cli_addr;
+	socklen_t cli_addr_len = sizeof(cli_addr);
+	int new_fd, ret;
+	
+	if (sock->type != SOCKET_TYPE_STREAM) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	new_fd = accept(sock->fd, (struct sockaddr *)&cli_addr, &cli_addr_len);
+	if (new_fd == -1) {
+		return map_nt_error_from_unix_common(errno);
+	}
+
+	ret = set_blocking(new_fd, false);
+	if (ret == -1) {
+		close(new_fd);
+		return map_nt_error_from_unix_common(errno);
+	}
+	smb_set_close_on_exec(new_fd);
+
+	/* TODO: we could add a 'accept_check' hook here
+	 *	 which get the black/white lists via socket_set_accept_filter()
+	 *	 or something like that
+	 *	 --metze
+	 */
+
+	(*new_sock) = talloc(NULL, struct socket_context);
+	if (!(*new_sock)) {
+		close(new_fd);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* copy the socket_context */
+	(*new_sock)->type		= sock->type;
+	(*new_sock)->state		= SOCKET_STATE_SERVER_CONNECTED;
+	(*new_sock)->flags		= sock->flags;
+
+	(*new_sock)->fd			= new_fd;
+
+	(*new_sock)->private_data	= NULL;
+	(*new_sock)->ops		= sock->ops;
+	(*new_sock)->backend_name	= sock->backend_name;
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS ipv6_recvfrom(struct socket_context *sock, void *buf, 
+			      size_t wantlen, size_t *nread, 
+			      TALLOC_CTX *addr_ctx, struct socket_address **_src)
+{
+	ssize_t gotlen;
+	struct sockaddr_in6 *from_addr;
+	socklen_t from_len = sizeof(*from_addr);
+	struct socket_address *src;
+	char addrstring[INET6_ADDRSTRLEN];
+	
+	src = talloc(addr_ctx, struct socket_address);
+	if (!src) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	
+	src->family = sock->backend_name;
+
+	from_addr = talloc(src, struct sockaddr_in6);
+	if (!from_addr) {
+		talloc_free(src);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	src->sockaddr = (struct sockaddr *)from_addr;
+
+	*nread = 0;
+
+	gotlen = recvfrom(sock->fd, buf, wantlen, 0, 
+			  src->sockaddr, &from_len);
+	if (gotlen == 0) {
+		talloc_free(src);
+		return NT_STATUS_END_OF_FILE;
+	} else if (gotlen == -1) {
+		talloc_free(src);
+		return map_nt_error_from_unix_common(errno);
+	}
+
+	src->sockaddrlen = from_len;
+
+	if (inet_ntop(AF_INET6, &from_addr->sin6_addr, addrstring, sizeof(addrstring)) == NULL) {
+		DEBUG(0, ("Unable to convert address to string: %s\n", strerror(errno)));
+		talloc_free(src);
+	    	return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	src->addr = talloc_strdup(src, addrstring);
+	if (src->addr == NULL) {
+		talloc_free(src);
+		return NT_STATUS_NO_MEMORY;
+	}
+	src->port = ntohs(from_addr->sin6_port);
+
+	*nread	= gotlen;
+	*_src	= src;
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS ipv6_sendto(struct socket_context *sock, 
+			    const DATA_BLOB *blob, size_t *sendlen, 
+			    const struct socket_address *dest_addr)
+{
+	ssize_t len;
+
+	if (dest_addr->sockaddr) {
+		len = sendto(sock->fd, blob->data, blob->length, 0, 
+			     dest_addr->sockaddr, dest_addr->sockaddrlen);
+	} else {
+		struct sockaddr_in6 srv_addr;
+		struct in6_addr addr;
+		
+		ZERO_STRUCT(srv_addr);
+		addr                     = interpret_addr6(dest_addr->addr);
+		if (memcmp(&addr.s6_addr, &in6addr_any,
+			   sizeof(addr.s6_addr)) == 0) {
+			return NT_STATUS_HOST_UNREACHABLE;
+		}
+		srv_addr.sin6_addr = addr;
+		srv_addr.sin6_port        = htons(dest_addr->port);
+		srv_addr.sin6_family      = PF_INET6;
+		
+		*sendlen = 0;
+		
+		len = sendto(sock->fd, blob->data, blob->length, 0, 
+			     (struct sockaddr *)&srv_addr, sizeof(srv_addr));
+	}
+	if (len == -1) {
+		return map_nt_error_from_unix_common(errno);
+	}	
+
+	*sendlen = len;
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS ipv6_set_option(struct socket_context *sock, const char *option, const char *val)
+{
+	set_socket_options(sock->fd, option);
+	return NT_STATUS_OK;
+}
+
+static char *ipv6_tcp_get_peer_name(struct socket_context *sock, TALLOC_CTX *mem_ctx)
+{
+	struct sockaddr_in6 peer_addr;
+	socklen_t len = sizeof(peer_addr);
+	struct hostent *he;
+	int ret;
+
+	ret = getpeername(sock->fd, (struct sockaddr *)&peer_addr, &len);
+	if (ret == -1) {
+		return NULL;
+	}
+
+	he = gethostbyaddr((char *)&peer_addr.sin6_addr, sizeof(peer_addr.sin6_addr), AF_INET6);
+	if (he == NULL) {
+		return NULL;
+	}
+
+	return talloc_strdup(mem_ctx, he->h_name);
+}
+
+static struct socket_address *ipv6_tcp_get_peer_addr(struct socket_context *sock, TALLOC_CTX *mem_ctx)
+{
+	struct sockaddr_in6 *peer_addr;
+	socklen_t len = sizeof(*peer_addr);
+	struct socket_address *peer;
+	int ret;
+	char addr[128];
+	const char *addr_ret;
+	
+	peer = talloc(mem_ctx, struct socket_address);
+	if (!peer) {
+		return NULL;
+	}
+	
+	peer->family = sock->backend_name;
+	peer_addr = talloc(peer, struct sockaddr_in6);
+	if (!peer_addr) {
+		talloc_free(peer);
+		return NULL;
+	}
+
+	peer->sockaddr = (struct sockaddr *)peer_addr;
+
+	ret = getpeername(sock->fd, peer->sockaddr, &len);
+	if (ret == -1) {
+		talloc_free(peer);
+		return NULL;
+	}
+
+	peer->sockaddrlen = len;
+
+	addr_ret = inet_ntop(AF_INET6, &peer_addr->sin6_addr, addr, sizeof(addr));
+	if (addr_ret == NULL) {
+		talloc_free(peer);
+		return NULL;
+	}
+
+	peer->addr = talloc_strdup(peer, addr_ret);
+	if (peer->addr == NULL) {
+		talloc_free(peer);
+		return NULL;
+	}
+
+	peer->port = ntohs(peer_addr->sin6_port);
+
+	return peer;
+}
+
+static struct socket_address *ipv6_tcp_get_my_addr(struct socket_context *sock, TALLOC_CTX *mem_ctx)
+{
+	struct sockaddr_in6 *local_addr;
+	socklen_t len = sizeof(*local_addr);
+	struct socket_address *local;
+	int ret;
+	char addrstring[INET6_ADDRSTRLEN];
+	
+	local = talloc(mem_ctx, struct socket_address);
+	if (!local) {
+		return NULL;
+	}
+	
+	local->family = sock->backend_name;
+	local_addr = talloc(local, struct sockaddr_in6);
+	if (!local_addr) {
+		talloc_free(local);
+		return NULL;
+	}
+
+	local->sockaddr = (struct sockaddr *)local_addr;
+
+	ret = getsockname(sock->fd, local->sockaddr, &len);
+	if (ret == -1) {
+		talloc_free(local);
+		return NULL;
+	}
+
+	local->sockaddrlen = len;
+
+	if (inet_ntop(AF_INET6, &local_addr->sin6_addr, addrstring, 
+		       sizeof(addrstring)) == NULL) {
+		DEBUG(0, ("Unable to convert address to string: %s\n", 
+			  strerror(errno)));
+		talloc_free(local);
+		return NULL;
+	}
+	
+	local->addr = talloc_strdup(local, addrstring);
+	if (!local->addr) {
+		talloc_free(local);
+		return NULL;
+	}
+	local->port = ntohs(local_addr->sin6_port);
+
+	return local;
+}
+
+static const struct socket_ops ipv6_tcp_ops = {
+	.name			= "ipv6",
+	.fn_init		= ipv6_init,
+	.fn_connect		= ipv6_tcp_connect,
+	.fn_connect_complete	= ip_connect_complete,
+	.fn_listen		= ipv6_listen,
+	.fn_accept		= ipv6_tcp_accept,
+	.fn_recv		= ip_recv,
+	.fn_recvfrom 		= ipv6_recvfrom,
+	.fn_send		= ip_send,
+	.fn_sendto		= ipv6_sendto,
+	.fn_pending		= ip_pending,
+	.fn_close		= ip_close,
+
+	.fn_set_option		= ipv6_set_option,
+
+	.fn_get_peer_name	= ipv6_tcp_get_peer_name,
+	.fn_get_peer_addr	= ipv6_tcp_get_peer_addr,
+	.fn_get_my_addr		= ipv6_tcp_get_my_addr,
+
+	.fn_get_fd		= ip_get_fd
+};
+
+_PUBLIC_ const struct socket_ops *socket_ipv6_ops(enum socket_type type)
+{
+	return &ipv6_tcp_ops;
+}
+
+#endif
diff --git a/source4/lib/socket/socket_unix.c b/source4/lib/socket/socket_unix.c
new file mode 100644
index 0000000..d4946d8
--- /dev/null
+++ b/source4/lib/socket/socket_unix.c
@@ -0,0 +1,436 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   unix domain socket functions
+
+   Copyright (C) Stefan Metzmacher 2004
+   Copyright (C) Andrew Tridgell 2004-2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/socket/socket.h"
+#include "system/network.h"
+#include "system/filesys.h"
+
+_PUBLIC_ const struct socket_ops *socket_unixdom_ops(enum socket_type type);
+
+
+/*
+  approximate errno mapping
+*/
+static NTSTATUS unixdom_error(int ernum)
+{
+	return map_nt_error_from_unix_common(ernum);
+}
+
+static NTSTATUS unixdom_init(struct socket_context *sock)
+{
+	int type;
+
+	switch (sock->type) {
+	case SOCKET_TYPE_STREAM:
+		type = SOCK_STREAM;
+		break;
+	case SOCKET_TYPE_DGRAM:
+		type = SOCK_DGRAM;
+		break;
+	default:
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	sock->fd = socket(PF_UNIX, type, 0);
+	if (sock->fd == -1) {
+		return map_nt_error_from_unix_common(errno);
+	}
+	sock->private_data = NULL;
+
+	sock->backend_name = "unix";
+
+	smb_set_close_on_exec(sock->fd);
+
+	return NT_STATUS_OK;
+}
+
+static void unixdom_close(struct socket_context *sock)
+{
+	close(sock->fd);
+}
+
+static NTSTATUS unixdom_connect_complete(struct socket_context *sock, uint32_t flags)
+{
+	int error=0, ret;
+	socklen_t len = sizeof(error);
+
+	/* check for any errors that may have occurred - this is needed
+	   for non-blocking connect */
+	ret = getsockopt(sock->fd, SOL_SOCKET, SO_ERROR, &error, &len);
+	if (ret == -1) {
+		return map_nt_error_from_unix_common(errno);
+	}
+	if (error != 0) {
+		return map_nt_error_from_unix_common(error);
+	}
+
+	ret = set_blocking(sock->fd, false);
+	if (ret == -1) {
+		return map_nt_error_from_unix_common(errno);
+	}
+
+	sock->state = SOCKET_STATE_CLIENT_CONNECTED;
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS unixdom_connect(struct socket_context *sock,
+				const struct socket_address *my_address, 
+				const struct socket_address *srv_address, 
+				uint32_t flags)
+{
+	int ret;
+
+	if (srv_address->sockaddr) {
+		ret = connect(sock->fd, srv_address->sockaddr, srv_address->sockaddrlen);
+	} else {
+		struct sockaddr_un srv_addr;
+		if (strlen(srv_address->addr)+1 > sizeof(srv_addr.sun_path)) {
+			return NT_STATUS_OBJECT_PATH_INVALID;
+		}
+		
+		ZERO_STRUCT(srv_addr);
+		srv_addr.sun_family = AF_UNIX;
+		snprintf(srv_addr.sun_path, sizeof(srv_addr.sun_path), "%s", srv_address->addr);
+
+		ret = connect(sock->fd, (const struct sockaddr *)&srv_addr, sizeof(srv_addr));
+	}
+	if (ret == -1) {
+		return unixdom_error(errno);
+	}
+
+	return unixdom_connect_complete(sock, flags);
+}
+
+static NTSTATUS unixdom_listen(struct socket_context *sock,
+			       const struct socket_address *my_address, 
+			       int queue_size, uint32_t flags)
+{
+	struct sockaddr_un my_addr;
+	int ret;
+
+	/* delete if it already exists */
+	if (my_address->addr) {
+		unlink(my_address->addr);
+	}
+
+	if (my_address->sockaddr) {
+		ret = bind(sock->fd, (struct sockaddr *)&my_addr, sizeof(my_addr));
+	} else if (my_address->addr == NULL) {
+		return NT_STATUS_INVALID_PARAMETER;
+	} else {
+		if (strlen(my_address->addr)+1 > sizeof(my_addr.sun_path)) {
+			return NT_STATUS_OBJECT_PATH_INVALID;
+		}
+		
+		
+		ZERO_STRUCT(my_addr);
+		my_addr.sun_family = AF_UNIX;
+		snprintf(my_addr.sun_path, sizeof(my_addr.sun_path), "%s", my_address->addr);
+
+		ret = bind(sock->fd, (struct sockaddr *)&my_addr, sizeof(my_addr));
+	}
+	if (ret == -1) {
+		return unixdom_error(errno);
+	}
+
+	if (sock->type == SOCKET_TYPE_STREAM) {
+		ret = listen(sock->fd, queue_size);
+		if (ret == -1) {
+			return unixdom_error(errno);
+		}
+	}
+
+	ret = set_blocking(sock->fd, false);
+	if (ret == -1) {
+		return unixdom_error(errno);
+	}
+
+	sock->state = SOCKET_STATE_SERVER_LISTEN;
+	sock->private_data = (void *)talloc_strdup(sock, my_address->addr);
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS unixdom_accept(struct socket_context *sock, 
+			       struct socket_context **new_sock)
+{
+	struct sockaddr_un cli_addr;
+	socklen_t cli_addr_len = sizeof(cli_addr);
+	int new_fd, ret;
+
+	if (sock->type != SOCKET_TYPE_STREAM) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	new_fd = accept(sock->fd, (struct sockaddr *)&cli_addr, &cli_addr_len);
+	if (new_fd == -1) {
+		return unixdom_error(errno);
+	}
+
+	ret = set_blocking(new_fd, false);
+	if (ret == -1) {
+		close(new_fd);
+		return map_nt_error_from_unix_common(errno);
+	}
+
+	smb_set_close_on_exec(new_fd);
+
+	(*new_sock) = talloc(NULL, struct socket_context);
+	if (!(*new_sock)) {
+		close(new_fd);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* copy the socket_context */
+	(*new_sock)->type		= sock->type;
+	(*new_sock)->state		= SOCKET_STATE_SERVER_CONNECTED;
+	(*new_sock)->flags		= sock->flags;
+
+	(*new_sock)->fd			= new_fd;
+
+	(*new_sock)->private_data	= NULL;
+	(*new_sock)->ops		= sock->ops;
+	(*new_sock)->backend_name	= sock->backend_name;
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS unixdom_recv(struct socket_context *sock, void *buf, 
+			     size_t wantlen, size_t *nread)
+{
+	ssize_t gotlen;
+
+	*nread = 0;
+
+	gotlen = recv(sock->fd, buf, wantlen, 0);
+	if (gotlen == 0) {
+		return NT_STATUS_END_OF_FILE;
+	} else if (gotlen == -1) {
+		return unixdom_error(errno);
+	}
+
+	*nread = gotlen;
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS unixdom_send(struct socket_context *sock,
+			     const DATA_BLOB *blob, size_t *sendlen)
+{
+	ssize_t len;
+
+	*sendlen = 0;
+
+	len = send(sock->fd, blob->data, blob->length, 0);
+	if (len == -1) {
+		return unixdom_error(errno);
+	}	
+
+	*sendlen = len;
+
+	return NT_STATUS_OK;
+}
+
+
+static NTSTATUS unixdom_sendto(struct socket_context *sock, 
+			       const DATA_BLOB *blob, size_t *sendlen, 
+			       const struct socket_address *dest)
+{
+	struct sockaddr_un srv_addr;
+	const struct sockaddr *sa;
+	socklen_t sa_len;
+	ssize_t len;
+
+	*sendlen = 0;
+
+	if (dest->sockaddr) {
+		sa = dest->sockaddr;
+		sa_len = dest->sockaddrlen;
+	} else {
+		if (strlen(dest->addr)+1 > sizeof(srv_addr.sun_path)) {
+			return NT_STATUS_OBJECT_PATH_INVALID;
+		}
+
+		ZERO_STRUCT(srv_addr);
+		srv_addr.sun_family = AF_UNIX;
+		snprintf(srv_addr.sun_path, sizeof(srv_addr.sun_path), "%s",
+			 dest->addr);
+		sa = (struct sockaddr *) &srv_addr;
+		sa_len = sizeof(srv_addr);
+	}
+
+	len = sendto(sock->fd, blob->data, blob->length, 0, sa, sa_len);
+
+	/* retry once */
+	if (len == -1 && errno == EMSGSIZE) {
+		/* round up in 1K increments */
+		int bufsize = ((blob->length + 1023) & (~1023));
+		if (setsockopt(sock->fd, SOL_SOCKET, SO_SNDBUF, &bufsize,
+			       sizeof(bufsize)) == -1)
+		{
+			return map_nt_error_from_unix_common(EMSGSIZE);
+		}
+		len = sendto(sock->fd, blob->data, blob->length, 0, sa, sa_len);
+	}
+
+	if (len == -1) {
+		return map_nt_error_from_unix_common(errno);
+	}	
+
+	*sendlen = len;
+
+	return NT_STATUS_OK;
+}
+
+
+static NTSTATUS unixdom_set_option(struct socket_context *sock, 
+				   const char *option, const char *val)
+{
+	return NT_STATUS_OK;
+}
+
+static char *unixdom_get_peer_name(struct socket_context *sock, TALLOC_CTX *mem_ctx)
+{
+	return talloc_strdup(mem_ctx, "LOCAL/unixdom");
+}
+
+static struct socket_address *unixdom_get_peer_addr(struct socket_context *sock, TALLOC_CTX *mem_ctx)
+{
+	struct sockaddr_un *peer_addr;
+	socklen_t len = sizeof(*peer_addr);
+	struct socket_address *peer;
+	int ret;
+
+	peer = talloc(mem_ctx, struct socket_address);
+	if (!peer) {
+		return NULL;
+	}
+	
+	peer->family = sock->backend_name;
+	peer_addr = talloc(peer, struct sockaddr_un);
+	if (!peer_addr) {
+		talloc_free(peer);
+		return NULL;
+	}
+
+	peer->sockaddr = (struct sockaddr *)peer_addr;
+
+	ret = getpeername(sock->fd, peer->sockaddr, &len);
+	if (ret == -1) {
+		talloc_free(peer);
+		return NULL;
+	}
+
+	peer->sockaddrlen = len;
+
+	peer->port = 0;
+	peer->addr = talloc_strdup(peer, "LOCAL/unixdom");
+	if (!peer->addr) {
+		talloc_free(peer);
+		return NULL;
+	}
+
+	return peer;
+}
+
+static struct socket_address *unixdom_get_my_addr(struct socket_context *sock, TALLOC_CTX *mem_ctx)
+{
+	struct sockaddr_un *local_addr;
+	socklen_t len = sizeof(*local_addr);
+	struct socket_address *local;
+	int ret;
+	
+	local = talloc(mem_ctx, struct socket_address);
+	if (!local) {
+		return NULL;
+	}
+	
+	local->family = sock->backend_name;
+	local_addr = talloc(local, struct sockaddr_un);
+	if (!local_addr) {
+		talloc_free(local);
+		return NULL;
+	}
+
+	local->sockaddr = (struct sockaddr *)local_addr;
+
+	ret = getsockname(sock->fd, local->sockaddr, &len);
+	if (ret == -1) {
+		talloc_free(local);
+		return NULL;
+	}
+
+	local->sockaddrlen = len;
+
+	local->port = 0;
+	local->addr = talloc_strdup(local, "LOCAL/unixdom");
+	if (!local->addr) {
+		talloc_free(local);
+		return NULL;
+	}
+
+	return local;
+}
+
+static int unixdom_get_fd(struct socket_context *sock)
+{
+	return sock->fd;
+}
+
+static NTSTATUS unixdom_pending(struct socket_context *sock, size_t *npending)
+{
+	int value = 0;
+	if (ioctl(sock->fd, FIONREAD, &value) == 0) {
+		*npending = value;
+		return NT_STATUS_OK;
+	}
+	return map_nt_error_from_unix_common(errno);
+}
+
+static const struct socket_ops unixdom_ops = {
+	.name			= "unix",
+	.fn_init		= unixdom_init,
+	.fn_connect		= unixdom_connect,
+	.fn_connect_complete	= unixdom_connect_complete,
+	.fn_listen		= unixdom_listen,
+	.fn_accept		= unixdom_accept,
+	.fn_recv		= unixdom_recv,
+	.fn_send		= unixdom_send,
+	.fn_sendto		= unixdom_sendto,
+	.fn_close		= unixdom_close,
+	.fn_pending		= unixdom_pending,
+
+	.fn_set_option		= unixdom_set_option,
+
+	.fn_get_peer_name	= unixdom_get_peer_name,
+	.fn_get_peer_addr	= unixdom_get_peer_addr,
+	.fn_get_my_addr		= unixdom_get_my_addr,
+
+	.fn_get_fd		= unixdom_get_fd
+};
+
+_PUBLIC_ const struct socket_ops *socket_unixdom_ops(enum socket_type type)
+{
+	return &unixdom_ops;
+}
diff --git a/source4/lib/socket/testsuite.c b/source4/lib/socket/testsuite.c
new file mode 100644
index 0000000..1df96e3
--- /dev/null
+++ b/source4/lib/socket/testsuite.c
@@ -0,0 +1,194 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   local testing of socket routines.
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/socket/socket.h"
+#include "lib/events/events.h"
+#include "system/network.h"
+#include "lib/socket/netif.h"
+#include "torture/torture.h"
+#include "torture/local/proto.h"
+#include "param/param.h"
+#include "libcli/resolve/resolve.h"
+
+/**
+  basic testing of udp routines
+*/
+static bool test_udp(struct torture_context *tctx)
+{
+	struct socket_context *sock1, *sock2;
+	NTSTATUS status;
+	struct socket_address *srv_addr, *from_addr, *localhost;
+	size_t size = 100 + (random() % 100);
+	DATA_BLOB blob, blob2;
+	size_t sent, nread;
+	TALLOC_CTX *mem_ctx = tctx;
+	struct interface *ifaces;
+
+	load_interface_list(tctx, tctx->lp_ctx, &ifaces);
+
+	status = socket_create(mem_ctx, "ip", SOCKET_TYPE_DGRAM, &sock1, 0);
+	torture_assert_ntstatus_ok(tctx, status, "creating DGRAM IP socket 1");
+
+	status = socket_create(mem_ctx, "ip", SOCKET_TYPE_DGRAM, &sock2, 0);
+	torture_assert_ntstatus_ok(tctx, status, "creating DGRAM IP socket 1");
+
+	localhost = socket_address_from_strings(sock1, sock1->backend_name, 
+						iface_list_best_ip(ifaces, "127.0.0.1"), 0);
+
+	torture_assert(tctx, localhost, "Localhost not found");
+
+	status = socket_listen(sock1, localhost, 0, 0);
+	torture_assert_ntstatus_ok(tctx, status, "listen on socket 1");
+
+	srv_addr = socket_get_my_addr(sock1, mem_ctx);
+	torture_assert(tctx, srv_addr != NULL && 
+		       strcmp(srv_addr->addr, iface_list_best_ip(ifaces, "127.0.0.1")) == 0,
+				   talloc_asprintf(tctx, 
+		"Expected server address of %s but got %s",
+		      iface_list_best_ip(ifaces, "127.0.0.1"), srv_addr ? srv_addr->addr : NULL));
+
+	torture_comment(tctx, "server port is %d\n", srv_addr->port);
+
+	blob  = data_blob_talloc(mem_ctx, NULL, size);
+	blob2 = data_blob_talloc(mem_ctx, NULL, size);
+	generate_random_buffer(blob.data, blob.length);
+
+	sent = size;
+	status = socket_sendto(sock2, &blob, &sent, srv_addr);
+	torture_assert_ntstatus_ok(tctx, status, "sendto() on socket 2");
+
+	status = socket_recvfrom(sock1, blob2.data, size, &nread, 
+				 sock1, &from_addr);
+	torture_assert_ntstatus_ok(tctx, status, "recvfrom() on socket 1");
+
+	torture_assert_str_equal(tctx, from_addr->addr, srv_addr->addr, 
+							 "different address");
+
+	torture_assert_int_equal(tctx, nread, size, "Unexpected recvfrom size");
+
+	torture_assert_mem_equal(tctx, blob2.data, blob.data, size,
+		"Bad data in recvfrom");
+
+	generate_random_buffer(blob.data, blob.length);
+	status = socket_sendto(sock1, &blob, &sent, from_addr);
+	torture_assert_ntstatus_ok(tctx, status, "sendto() on socket 1");
+
+	status = socket_recvfrom(sock2, blob2.data, size, &nread, 
+				 sock2, &from_addr);
+	torture_assert_ntstatus_ok(tctx, status, "recvfrom() on socket 2");
+	torture_assert_str_equal(tctx, from_addr->addr, srv_addr->addr, 
+							 "Unexpected recvfrom addr");
+	
+	torture_assert_int_equal(tctx, nread, size, "Unexpected recvfrom size");
+
+	torture_assert_int_equal(tctx, from_addr->port, srv_addr->port, 
+				   "Unexpected recvfrom port");
+
+	torture_assert_mem_equal(tctx, blob2.data, blob.data, size,
+		"Bad data in recvfrom");
+
+	talloc_free(sock1);
+	talloc_free(sock2);
+	return true;
+}
+
+/*
+  basic testing of tcp routines
+*/
+static bool test_tcp(struct torture_context *tctx)
+{
+	struct socket_context *sock1, *sock2, *sock3;
+	NTSTATUS status;
+	struct socket_address *srv_addr, *from_addr, *localhost;
+	size_t size = 100 + (random() % 100);
+	DATA_BLOB blob, blob2;
+	size_t sent, nread;
+	TALLOC_CTX *mem_ctx = tctx;
+	struct tevent_context *ev = tctx->ev;
+	struct interface *ifaces;
+
+	status = socket_create(mem_ctx, "ip", SOCKET_TYPE_STREAM, &sock1, 0);
+	torture_assert_ntstatus_ok(tctx, status, "creating IP stream socket 1");
+
+	status = socket_create(mem_ctx, "ip", SOCKET_TYPE_STREAM, &sock2, 0);
+	torture_assert_ntstatus_ok(tctx, status, "creating IP stream socket 1");
+
+	load_interface_list(tctx, tctx->lp_ctx, &ifaces);
+	localhost = socket_address_from_strings(sock1, sock1->backend_name, 
+						iface_list_best_ip(ifaces, "127.0.0.1"), 0);
+	torture_assert(tctx, localhost, "Localhost not found");
+
+	status = socket_listen(sock1, localhost, 0, 0);
+	torture_assert_ntstatus_ok(tctx, status, "listen on socket 1");
+
+	srv_addr = socket_get_my_addr(sock1, mem_ctx);
+	torture_assert(tctx, srv_addr && srv_addr->addr, 
+				   "Unexpected socket_get_my_addr NULL\n");
+
+	torture_assert_str_equal(tctx, srv_addr->addr, iface_list_best_ip(ifaces, "127.0.0.1"),
+			"Unexpected server address");
+
+	torture_comment(tctx, "server port is %d\n", srv_addr->port);
+
+	status = socket_connect_ev(sock2, NULL, srv_addr, 0, ev);
+	torture_assert_ntstatus_ok(tctx, status, "connect() on socket 2");
+
+	status = socket_accept(sock1, &sock3);
+	torture_assert_ntstatus_ok(tctx, status, "accept() on socket 1");
+	talloc_steal(mem_ctx, sock3);
+	talloc_free(sock1);
+
+	blob  = data_blob_talloc(mem_ctx, NULL, size);
+	blob2 = data_blob_talloc(mem_ctx, NULL, size);
+	generate_random_buffer(blob.data, blob.length);
+
+	sent = size;
+	status = socket_send(sock2, &blob, &sent);
+	torture_assert_ntstatus_ok(tctx, status, "send() on socket 2");
+
+	status = socket_recv(sock3, blob2.data, size, &nread);
+	torture_assert_ntstatus_ok(tctx, status, "recv() on socket 3");
+
+	from_addr = socket_get_peer_addr(sock3, mem_ctx);
+
+	torture_assert(tctx, from_addr && from_addr->addr, 
+		"Unexpected recvfrom addr NULL");
+
+	torture_assert_str_equal(tctx, from_addr->addr, srv_addr->addr, 
+							 "Unexpected recvfrom addr");
+
+	torture_assert_int_equal(tctx, nread, size, "Unexpected recvfrom size");
+
+	torture_assert_mem_equal(tctx, blob2.data, blob.data, size, 
+				   "Bad data in recv");
+	return true;
+}
+
+struct torture_suite *torture_local_socket(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "socket");
+
+	torture_suite_add_simple_test(suite, "udp", test_udp);
+	torture_suite_add_simple_test(suite, "tcp", test_tcp);
+
+	return suite;
+}
diff --git a/source4/lib/socket/wscript_build b/source4/lib/socket/wscript_build
new file mode 100644
index 0000000..e243824
--- /dev/null
+++ b/source4/lib/socket/wscript_build
@@ -0,0 +1,29 @@
+#!/usr/bin/env python
+
+bld.SAMBA_LIBRARY('netif',
+                  source='interface.c',
+                  deps='samba-util interfaces samba-hostconfig',
+                  private_library=True,
+                  autoproto='netif_proto.h'
+                  )
+
+bld.SAMBA_MODULE('socket_ip',
+    source='socket_ip.c',
+    subsystem='samba_socket',
+    deps='samba-errors',
+    internal_module=True
+    )
+
+bld.SAMBA_MODULE('socket_unix',
+    source='socket_unix.c',
+    subsystem='samba_socket',
+    deps='talloc',
+    internal_module=True
+    )
+
+bld.SAMBA_SUBSYSTEM('samba_socket',
+    source='socket.c access.c connect_multi.c connect.c',
+    public_deps='talloc LIBTSOCKET',
+    deps='cli_composite LIBCLI_RESOLVE socket_ip socket_unix access'
+    )
+
diff --git a/source4/lib/stream/packet.c b/source4/lib/stream/packet.c
new file mode 100644
index 0000000..6f4bfaa
--- /dev/null
+++ b/source4/lib/stream/packet.c
@@ -0,0 +1,614 @@
+/* 
+   Unix SMB/CIFS Implementation.
+
+   helper layer for breaking up streams into discrete requests
+   
+   Copyright (C) Andrew Tridgell  2005
+    
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+   
+*/
+
+#include "includes.h"
+#include "../lib/util/dlinklist.h"
+#include "lib/events/events.h"
+#include "lib/socket/socket.h"
+#include "lib/stream/packet.h"
+#include "libcli/raw/smb.h"
+
+struct packet_context {
+	packet_callback_fn_t callback;
+	packet_full_request_fn_t full_request;
+	packet_error_handler_fn_t error_handler;
+	DATA_BLOB partial;
+	uint32_t num_read;
+	uint32_t initial_read;
+	struct socket_context *sock;
+	struct tevent_context *ev;
+	size_t packet_size;
+	void *private_data;
+	struct tevent_fd *fde;
+	bool serialise;
+	int processing;
+	bool recv_disable;
+	bool recv_need_enable;
+	bool nofree;
+
+	bool busy;
+	bool destructor_called;
+
+	bool unreliable_select;
+
+	struct send_element {
+		struct send_element *next, *prev;
+		DATA_BLOB blob;
+		size_t nsent;
+		packet_send_callback_fn_t send_callback;
+		void *send_callback_private;
+	} *send_queue;
+};
+
+/*
+  a destructor used when we are processing packets to prevent freeing of this
+  context while it is being used
+*/
+static int packet_destructor(struct packet_context *pc)
+{
+	if (pc->busy) {
+		pc->destructor_called = true;
+		/* now we refuse the talloc_free() request. The free will
+		   happen again in the packet_recv() code */
+		return -1;
+	}
+
+	return 0;
+}
+
+
+/*
+  initialise a packet receiver
+*/
+_PUBLIC_ struct packet_context *packet_init(TALLOC_CTX *mem_ctx)
+{
+	struct packet_context *pc = talloc_zero(mem_ctx, struct packet_context);
+	if (pc != NULL) {
+		talloc_set_destructor(pc, packet_destructor);
+	}
+	return pc;
+}
+
+
+/*
+  set the request callback, called when a full request is ready
+*/
+_PUBLIC_ void packet_set_callback(struct packet_context *pc, packet_callback_fn_t callback)
+{
+	pc->callback = callback;
+}
+
+/*
+  set the error handler
+*/
+_PUBLIC_ void packet_set_error_handler(struct packet_context *pc, packet_error_handler_fn_t handler)
+{
+	pc->error_handler = handler;
+}
+
+/*
+  set the private pointer passed to the callback functions
+*/
+_PUBLIC_ void packet_set_private(struct packet_context *pc, void *private_data)
+{
+	pc->private_data = private_data;
+}
+
+/*
+  set the full request callback. Should return as follows:
+     NT_STATUS_OK == blob is a full request.
+     STATUS_MORE_ENTRIES == blob is not complete yet
+     any error == blob is not a valid 
+*/
+_PUBLIC_ void packet_set_full_request(struct packet_context *pc, packet_full_request_fn_t callback)
+{
+	pc->full_request = callback;
+}
+
+/*
+  set a socket context to use. You must set a socket_context
+*/
+_PUBLIC_ void packet_set_socket(struct packet_context *pc, struct socket_context *sock)
+{
+	pc->sock = sock;
+}
+
+/*
+  set an event context. If this is set then the code will ensure that
+  packets arrive with separate events, by creating a immediate event
+  for any secondary packets when more than one packet is read at one
+  time on a socket. This can matter for code that relies on not
+  getting more than one packet per event
+*/
+_PUBLIC_ void packet_set_event_context(struct packet_context *pc, struct tevent_context *ev)
+{
+	pc->ev = ev;
+}
+
+/*
+  tell the packet layer the fde for the socket
+*/
+_PUBLIC_ void packet_set_fde(struct packet_context *pc, struct tevent_fd *fde)
+{
+	pc->fde = fde;
+}
+
+/*
+  tell the packet layer to serialise requests, so we don't process two
+  requests at once on one connection. You must have set the
+  event_context and fde
+*/
+_PUBLIC_ void packet_set_serialise(struct packet_context *pc)
+{
+	pc->serialise = true;
+}
+
+/*
+  tell the packet layer how much to read when starting a new packet
+  this ensures it doesn't overread
+*/
+_PUBLIC_ void packet_set_initial_read(struct packet_context *pc, uint32_t initial_read)
+{
+	pc->initial_read = initial_read;
+}
+
+/*
+  tell the packet system not to steal/free blobs given to packet_send()
+*/
+_PUBLIC_ void packet_set_nofree(struct packet_context *pc)
+{
+	pc->nofree = true;
+}
+
+/*
+  tell the packet system that select/poll/epoll on the underlying
+  socket may not be a reliable way to determine if data is available
+  for receive. This happens with underlying socket systems such as the
+  one implemented on top of GNUTLS, where there may be data in
+  encryption/compression buffers that could be received by
+  socket_recv(), while there is no data waiting at the real socket
+  level as seen by select/poll/epoll. The GNUTLS library is supposed
+  to cope with this by always leaving some data sitting in the socket
+  buffer, but it does not seem to be reliable.
+ */
+_PUBLIC_ void packet_set_unreliable_select(struct packet_context *pc)
+{
+	pc->unreliable_select = true;
+}
+
+/*
+  tell the caller we have an error
+*/
+static void packet_error(struct packet_context *pc, NTSTATUS status)
+{
+	pc->sock = NULL;
+	if (pc->error_handler) {
+		pc->error_handler(pc->private_data, status);
+		return;
+	}
+	/* default error handler is to free the callers private pointer */
+	if (!NT_STATUS_EQUAL(status, NT_STATUS_END_OF_FILE)) {
+		DEBUG(0,("packet_error on %s - %s\n", 
+			 talloc_get_name(pc->private_data), nt_errstr(status)));
+	}
+	talloc_free(pc->private_data);
+	return;
+}
+
+
+/*
+  tell the caller we have EOF
+*/
+static void packet_eof(struct packet_context *pc)
+{
+	packet_error(pc, NT_STATUS_END_OF_FILE);
+}
+
+
+/*
+  used to put packets on event boundaries
+*/
+static void packet_next_event(struct tevent_context *ev, struct tevent_timer *te, 
+			      struct timeval t, void *private_data)
+{
+	struct packet_context *pc = talloc_get_type(private_data, struct packet_context);
+	if (pc->num_read != 0 && pc->packet_size != 0 &&
+	    pc->packet_size <= pc->num_read) {
+		packet_recv(pc);
+	}
+}
+
+
+/*
+  call this when the socket becomes readable to kick off the whole
+  stream parsing process
+*/
+_PUBLIC_ void packet_recv(struct packet_context *pc)
+{
+	size_t npending;
+	NTSTATUS status;
+	size_t nread = 0;
+	DATA_BLOB blob;
+	bool recv_retry = false;
+
+	if (pc->processing) {
+		TEVENT_FD_NOT_READABLE(pc->fde);
+		pc->processing++;
+		return;
+	}
+
+	if (pc->recv_disable) {
+		pc->recv_need_enable = true;
+		TEVENT_FD_NOT_READABLE(pc->fde);
+		return;
+	}
+
+	if (pc->packet_size != 0 && pc->num_read >= pc->packet_size) {
+		goto next_partial;
+	}
+
+	if (pc->packet_size != 0) {
+		/* we've already worked out how long this next packet is, so skip the
+		   socket_pending() call */
+		npending = pc->packet_size - pc->num_read;
+	} else if (pc->initial_read != 0) {
+		npending = pc->initial_read - pc->num_read;
+	} else {
+		if (pc->sock) {
+			status = socket_pending(pc->sock, &npending);
+		} else {
+			status = NT_STATUS_CONNECTION_DISCONNECTED;
+		}
+		if (!NT_STATUS_IS_OK(status)) {
+			packet_error(pc, status);
+			return;
+		}
+	}
+
+	if (npending == 0) {
+		packet_eof(pc);
+		return;
+	}
+
+again:
+
+	if (npending + pc->num_read < npending) {
+		packet_error(pc, NT_STATUS_INVALID_PARAMETER);
+		return;
+	}
+
+	if (npending + pc->num_read < pc->num_read) {
+		packet_error(pc, NT_STATUS_INVALID_PARAMETER);
+		return;
+	}
+
+	/* possibly expand the partial packet buffer */
+	if (npending + pc->num_read > pc->partial.length) {
+		if (!data_blob_realloc(pc, &pc->partial, npending+pc->num_read)) {
+			packet_error(pc, NT_STATUS_NO_MEMORY);
+			return;
+		}
+	}
+
+	if (pc->partial.length < pc->num_read + npending) {
+		packet_error(pc, NT_STATUS_INVALID_PARAMETER);
+		return;
+	}
+
+	if ((uint8_t *)pc->partial.data + pc->num_read < (uint8_t *)pc->partial.data) {
+		packet_error(pc, NT_STATUS_INVALID_PARAMETER);
+		return;
+	}
+	if ((uint8_t *)pc->partial.data + pc->num_read + npending < (uint8_t *)pc->partial.data) {
+		packet_error(pc, NT_STATUS_INVALID_PARAMETER);
+		return;
+	}
+
+	status = socket_recv(pc->sock, pc->partial.data + pc->num_read, 
+			     npending, &nread);
+
+	if (NT_STATUS_IS_ERR(status)) {
+		packet_error(pc, status);
+		return;
+	}
+	if (recv_retry && NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
+		nread = 0;
+		status = NT_STATUS_OK;
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		return;
+	}
+
+	if (nread == 0 && !recv_retry) {
+		packet_eof(pc);
+		return;
+	}
+
+	pc->num_read += nread;
+
+	if (pc->unreliable_select && nread != 0) {
+		recv_retry = true;
+		status = socket_pending(pc->sock, &npending);
+		if (!NT_STATUS_IS_OK(status)) {
+			packet_error(pc, status);
+			return;
+		}
+		if (npending != 0) {
+			goto again;
+		}
+	}
+
+next_partial:
+	if (pc->partial.length != pc->num_read) {
+		if (!data_blob_realloc(pc, &pc->partial, pc->num_read)) {
+			packet_error(pc, NT_STATUS_NO_MEMORY);
+			return;
+		}
+	}
+
+	/* see if its a full request */
+	blob = pc->partial;
+	blob.length = pc->num_read;
+	status = pc->full_request(pc->private_data, blob, &pc->packet_size);
+	if (NT_STATUS_IS_ERR(status)) {
+		packet_error(pc, status);
+		return;
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		return;
+	}
+
+	if (pc->packet_size > pc->num_read) {
+		/* the caller made an error */
+		DEBUG(0,("Invalid packet_size %lu greater than num_read %lu\n",
+			 (long)pc->packet_size, (long)pc->num_read));
+		packet_error(pc, NT_STATUS_INVALID_PARAMETER);
+		return;
+	}
+
+	/* it is a full request - give it to the caller */
+	blob = pc->partial;
+	blob.length = pc->num_read;
+
+	if (pc->packet_size < pc->num_read) {
+		pc->partial = data_blob_talloc(pc, blob.data + pc->packet_size, 
+					       pc->num_read - pc->packet_size);
+		if (pc->partial.data == NULL) {
+			packet_error(pc, NT_STATUS_NO_MEMORY);
+			return;
+		}
+		/* Trunate the blob sent to the caller to only the packet length */
+		if (!data_blob_realloc(pc, &blob, pc->packet_size)) {
+			packet_error(pc, NT_STATUS_NO_MEMORY);
+			return;
+		}
+	} else {
+		pc->partial = data_blob(NULL, 0);
+	}
+	pc->num_read -= pc->packet_size;
+	pc->packet_size = 0;
+	
+	if (pc->serialise) {
+		pc->processing = 1;
+	}
+
+	pc->busy = true;
+
+	status = pc->callback(pc->private_data, blob);
+
+	pc->busy = false;
+
+	if (pc->destructor_called) {
+		talloc_free(pc);
+		return;
+	}
+
+	if (pc->processing) {
+		if (pc->processing > 1) {
+			TEVENT_FD_READABLE(pc->fde);
+		}
+		pc->processing = 0;
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		packet_error(pc, status);
+		return;
+	}
+
+	/* Have we consumed the whole buffer yet? */
+	if (pc->partial.length == 0) {
+		return;
+	}
+
+	/* we got multiple packets in one tcp read */
+	if (pc->ev == NULL) {
+		goto next_partial;
+	}
+
+	blob = pc->partial;
+	blob.length = pc->num_read;
+
+	status = pc->full_request(pc->private_data, blob, &pc->packet_size);
+	if (NT_STATUS_IS_ERR(status)) {
+		packet_error(pc, status);
+		return;
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return;
+	}
+
+	tevent_add_timer(pc->ev, pc, timeval_zero(), packet_next_event, pc);
+}
+
+
+/*
+  temporarily disable receiving 
+*/
+_PUBLIC_ void packet_recv_disable(struct packet_context *pc)
+{
+	pc->recv_disable = true;
+}
+
+/*
+  re-enable receiving 
+*/
+_PUBLIC_ void packet_recv_enable(struct packet_context *pc)
+{
+	if (pc->recv_need_enable) {
+		pc->recv_need_enable = false;
+		TEVENT_FD_READABLE(pc->fde);
+	}
+	pc->recv_disable = false;
+	if (pc->num_read != 0 && pc->packet_size >= pc->num_read) {
+		tevent_add_timer(pc->ev, pc, timeval_zero(), packet_next_event, pc);
+	}
+}
+
+/*
+  trigger a run of the send queue
+*/
+_PUBLIC_ void packet_queue_run(struct packet_context *pc)
+{
+	while (pc->send_queue) {
+		struct send_element *el = pc->send_queue;
+		NTSTATUS status;
+		size_t nwritten;
+		DATA_BLOB blob = data_blob_const(el->blob.data + el->nsent,
+						 el->blob.length - el->nsent);
+
+		status = socket_send(pc->sock, &blob, &nwritten);
+
+		if (NT_STATUS_IS_ERR(status)) {
+			packet_error(pc, status);
+			return;
+		}
+		if (!NT_STATUS_IS_OK(status)) {
+			return;
+		}
+		el->nsent += nwritten;
+		if (el->nsent == el->blob.length) {
+			DLIST_REMOVE(pc->send_queue, el);
+			if (el->send_callback) {
+				pc->busy = true;
+				el->send_callback(el->send_callback_private);
+				pc->busy = false;
+				if (pc->destructor_called) {
+					talloc_free(pc);
+					return;
+				}
+			}
+			talloc_free(el);
+		}
+	}
+
+	/* we're out of requests to send, so don't wait for write
+	   events any more */
+	TEVENT_FD_NOT_WRITEABLE(pc->fde);
+}
+
+/*
+  put a packet in the send queue.  When the packet is actually sent,
+  call send_callback.  
+
+  Useful for operations that must occur after sending a message, such
+  as the switch to SASL encryption after as successful LDAP bind reply.
+*/
+_PUBLIC_ NTSTATUS packet_send_callback(struct packet_context *pc, DATA_BLOB blob,
+				       packet_send_callback_fn_t send_callback, 
+				       void *private_data)
+{
+	struct send_element *el;
+	el = talloc(pc, struct send_element);
+	NT_STATUS_HAVE_NO_MEMORY(el);
+
+	DLIST_ADD_END(pc->send_queue, el);
+	el->blob = blob;
+	el->nsent = 0;
+	el->send_callback = send_callback;
+	el->send_callback_private = private_data;
+
+	/* if we aren't going to free the packet then we must reference it
+	   to ensure it doesn't disappear before going out */
+	if (pc->nofree) {
+		if (!talloc_reference(el, blob.data)) {
+			return NT_STATUS_NO_MEMORY;
+		}
+	} else {
+		talloc_steal(el, blob.data);
+	}
+
+	if (private_data && !talloc_reference(el, private_data)) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	TEVENT_FD_WRITEABLE(pc->fde);
+
+	return NT_STATUS_OK;
+}
+
+/*
+  put a packet in the send queue
+*/
+_PUBLIC_ NTSTATUS packet_send(struct packet_context *pc, DATA_BLOB blob)
+{
+	return packet_send_callback(pc, blob, NULL, NULL);
+}
+
+
+/*
+  a full request checker for NBT formatted packets (first 3 bytes are length)
+*/
+_PUBLIC_ NTSTATUS packet_full_request_nbt(void *private_data, DATA_BLOB blob, size_t *size)
+{
+	if (blob.length < 4) {
+		return STATUS_MORE_ENTRIES;
+	}
+	/*
+	 * Note: that we use smb_len_tcp() instead
+	 *       of smb_len_nbt() as this function is not
+	 *       used for nbt and the source4 copy
+	 *       of smb_len() was smb_len_tcp()
+	 */
+	*size = 4 + smb_len_tcp(blob.data);
+	if (*size > blob.length) {
+		return STATUS_MORE_ENTRIES;
+	}
+	return NT_STATUS_OK;
+}
+
+
+/*
+  work out if a packet is complete for protocols that use a 32 bit network byte
+  order length
+*/
+_PUBLIC_ NTSTATUS packet_full_request_u32(void *private_data, DATA_BLOB blob, size_t *size)
+{
+	if (blob.length < 4) {
+		return STATUS_MORE_ENTRIES;
+	}
+	*size = 4 + RIVAL(blob.data, 0);
+	if (*size > blob.length) {
+		return STATUS_MORE_ENTRIES;
+	}
+	return NT_STATUS_OK;
+}
diff --git a/source4/lib/stream/packet.h b/source4/lib/stream/packet.h
new file mode 100644
index 0000000..afd0591
--- /dev/null
+++ b/source4/lib/stream/packet.h
@@ -0,0 +1,65 @@
+/* 
+   Unix SMB/CIFS Implementation.
+
+   helper layer for breaking up streams into discrete requests
+   
+   Copyright (C) Andrew Tridgell  2005
+    
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+   
+*/
+
+struct packet_context;
+struct tevent_context;
+struct tevent_fd;
+struct socket_context;
+
+typedef NTSTATUS (*packet_full_request_fn_t)(void *private_data,
+					     DATA_BLOB blob, size_t *packet_size);
+typedef NTSTATUS (*packet_callback_fn_t)(void *private_data, DATA_BLOB blob);
+
+/* Used to notify that a packet has been sent, and is on the wire */
+typedef void (*packet_send_callback_fn_t)(void *private_data);
+typedef void (*packet_error_handler_fn_t)(void *private_data, NTSTATUS status);
+
+
+
+struct packet_context *packet_init(TALLOC_CTX *mem_ctx);
+void packet_set_callback(struct packet_context *pc, packet_callback_fn_t callback);
+void packet_set_error_handler(struct packet_context *pc, packet_error_handler_fn_t handler);
+void packet_set_private(struct packet_context *pc, void *private_data);
+void packet_set_full_request(struct packet_context *pc, packet_full_request_fn_t callback);
+void packet_set_socket(struct packet_context *pc, struct socket_context *sock);
+void packet_set_event_context(struct packet_context *pc, struct tevent_context *ev);
+void packet_set_fde(struct packet_context *pc, struct tevent_fd *fde);
+void packet_set_serialise(struct packet_context *pc);
+void packet_set_initial_read(struct packet_context *pc, uint32_t initial_read);
+void packet_set_nofree(struct packet_context *pc);
+void packet_recv(struct packet_context *pc);
+void packet_recv_disable(struct packet_context *pc);
+void packet_recv_enable(struct packet_context *pc);
+void packet_set_unreliable_select(struct packet_context *pc);
+NTSTATUS packet_send(struct packet_context *pc, DATA_BLOB blob);
+NTSTATUS packet_send_callback(struct packet_context *pc, DATA_BLOB blob,
+			      packet_send_callback_fn_t send_callback, 
+			      void *private_data);
+void packet_queue_run(struct packet_context *pc);
+
+/*
+  pre-canned handlers
+*/
+NTSTATUS packet_full_request_nbt(void *private_data, DATA_BLOB blob, size_t *size);
+NTSTATUS packet_full_request_u32(void *private_data, DATA_BLOB blob, size_t *size);
+
+
diff --git a/source4/lib/stream/wscript_build b/source4/lib/stream/wscript_build
new file mode 100644
index 0000000..8427c17
--- /dev/null
+++ b/source4/lib/stream/wscript_build
@@ -0,0 +1,8 @@
+#!/usr/bin/env python
+
+
+bld.SAMBA_SUBSYSTEM('LIBPACKET',
+	source='packet.c',
+	deps='LIBTLS'
+	)
+
diff --git a/source4/lib/tls/tls.h b/source4/lib/tls/tls.h
new file mode 100644
index 0000000..d9b18ff
--- /dev/null
+++ b/source4/lib/tls/tls.h
@@ -0,0 +1,105 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   transport layer security handling code
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _TLS_H_
+#define _TLS_H_
+
+#include "lib/socket/socket.h"
+
+struct loadparm_context;
+
+void tls_cert_generate(TALLOC_CTX *mem_ctx,
+		       const char *hostname,
+		       const char *keyfile, const char *certfile,
+		       const char *cafile);
+
+struct tstream_context;
+struct tstream_tls_params;
+
+enum tls_verify_peer_state {
+	TLS_VERIFY_PEER_NO_CHECK = 0,
+#define TLS_VERIFY_PEER_NO_CHECK_STRING "no_check"
+
+	TLS_VERIFY_PEER_CA_ONLY = 10,
+#define TLS_VERIFY_PEER_CA_ONLY_STRING "ca_only"
+
+	TLS_VERIFY_PEER_CA_AND_NAME_IF_AVAILABLE = 20,
+#define TLS_VERIFY_PEER_CA_AND_NAME_IF_AVAILABLE_STRING \
+		"ca_and_name_if_available"
+
+	TLS_VERIFY_PEER_CA_AND_NAME = 30,
+#define TLS_VERIFY_PEER_CA_AND_NAME_STRING "ca_and_name"
+
+	TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE = 9999,
+#define TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE_STRING \
+		"as_strict_as_possible"
+};
+
+const char *tls_verify_peer_string(enum tls_verify_peer_state verify_peer);
+
+NTSTATUS tstream_tls_params_client(TALLOC_CTX *mem_ctx,
+				   const char *ca_file,
+				   const char *crl_file,
+				   const char *tls_priority,
+				   enum tls_verify_peer_state verify_peer,
+				   const char *peer_name,
+				   struct tstream_tls_params **_tlsp);
+
+NTSTATUS tstream_tls_params_server(TALLOC_CTX *mem_ctx,
+				   const char *dns_host_name,
+				   bool enabled,
+				   const char *key_file,
+				   const char *cert_file,
+				   const char *ca_file,
+				   const char *crl_file,
+				   const char *dhp_file,
+				   const char *tls_priority,
+				   struct tstream_tls_params **_params);
+
+bool tstream_tls_params_enabled(struct tstream_tls_params *params);
+
+struct tevent_req *_tstream_tls_connect_send(TALLOC_CTX *mem_ctx,
+					     struct tevent_context *ev,
+					     struct tstream_context *plain_stream,
+					     struct tstream_tls_params *tls_params,
+					     const char *location);
+#define tstream_tls_connect_send(mem_ctx, ev, plain_stream, tls_params) \
+	_tstream_tls_connect_send(mem_ctx, ev, plain_stream, tls_params, __location__)
+
+int tstream_tls_connect_recv(struct tevent_req *req,
+			     int *perrno,
+			     TALLOC_CTX *mem_ctx,
+			     struct tstream_context **tls_stream);
+
+struct tevent_req *_tstream_tls_accept_send(TALLOC_CTX *mem_ctx,
+					    struct tevent_context *ev,
+					    struct tstream_context *plain_stream,
+					    struct tstream_tls_params *tls_params,
+					    const char *location);
+#define tstream_tls_accept_send(mem_ctx, ev, plain_stream, tls_params) \
+	_tstream_tls_accept_send(mem_ctx, ev, plain_stream, tls_params, __location__)
+
+int tstream_tls_accept_recv(struct tevent_req *req,
+			    int *perrno,
+			    TALLOC_CTX *mem_ctx,
+			    struct tstream_context **tls_stream);
+
+#endif /* _TLS_H_ */
diff --git a/source4/lib/tls/tls_tstream.c b/source4/lib/tls/tls_tstream.c
new file mode 100644
index 0000000..5e0c56b
--- /dev/null
+++ b/source4/lib/tls/tls_tstream.c
@@ -0,0 +1,1550 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Stefan Metzmacher 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/network.h"
+#include "system/filesys.h"
+#include "system/time.h"
+#include "../util/tevent_unix.h"
+#include "../lib/tsocket/tsocket.h"
+#include "../lib/tsocket/tsocket_internal.h"
+#include "../lib/util/util_net.h"
+#include "lib/tls/tls.h"
+
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+
+#define DH_BITS 2048
+
+const char *tls_verify_peer_string(enum tls_verify_peer_state verify_peer)
+{
+	switch (verify_peer) {
+	case TLS_VERIFY_PEER_NO_CHECK:
+		return TLS_VERIFY_PEER_NO_CHECK_STRING;
+
+	case TLS_VERIFY_PEER_CA_ONLY:
+		return TLS_VERIFY_PEER_CA_ONLY_STRING;
+
+	case TLS_VERIFY_PEER_CA_AND_NAME_IF_AVAILABLE:
+		return TLS_VERIFY_PEER_CA_AND_NAME_IF_AVAILABLE_STRING;
+
+	case TLS_VERIFY_PEER_CA_AND_NAME:
+		return TLS_VERIFY_PEER_CA_AND_NAME_STRING;
+
+	case TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE:
+		return TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE_STRING;
+	}
+
+	return "unknown tls_verify_peer_state";
+}
+
+static const struct tstream_context_ops tstream_tls_ops;
+
+struct tstream_tls {
+	struct tstream_context *plain_stream;
+	int error;
+
+	gnutls_session_t tls_session;
+
+	enum tls_verify_peer_state verify_peer;
+	const char *peer_name;
+
+	struct tevent_context *current_ev;
+
+	struct tevent_immediate *retry_im;
+
+	struct {
+		uint8_t *buf;
+		off_t ofs;
+		struct iovec iov;
+		struct tevent_req *subreq;
+		struct tevent_immediate *im;
+	} push;
+
+	struct {
+		uint8_t *buf;
+		struct iovec iov;
+		struct tevent_req *subreq;
+	} pull;
+
+	struct {
+		struct tevent_req *req;
+	} handshake;
+
+	struct {
+		off_t ofs;
+		size_t left;
+		uint8_t buffer[1024];
+		struct tevent_req *req;
+	} write;
+
+	struct {
+		off_t ofs;
+		size_t left;
+		uint8_t buffer[1024];
+		struct tevent_req *req;
+	} read;
+
+	struct {
+		struct tevent_req *req;
+	} disconnect;
+};
+
+static void tstream_tls_retry_handshake(struct tstream_context *stream);
+static void tstream_tls_retry_read(struct tstream_context *stream);
+static void tstream_tls_retry_write(struct tstream_context *stream);
+static void tstream_tls_retry_disconnect(struct tstream_context *stream);
+static void tstream_tls_retry_trigger(struct tevent_context *ctx,
+				      struct tevent_immediate *im,
+				      void *private_data);
+
+static void tstream_tls_retry(struct tstream_context *stream, bool deferred)
+{
+
+	struct tstream_tls *tlss =
+		tstream_context_data(stream,
+		struct tstream_tls);
+
+	if (tlss->disconnect.req) {
+		tstream_tls_retry_disconnect(stream);
+		return;
+	}
+
+	if (tlss->handshake.req) {
+		tstream_tls_retry_handshake(stream);
+		return;
+	}
+
+	if (tlss->write.req && tlss->read.req && !deferred) {
+		tevent_schedule_immediate(tlss->retry_im, tlss->current_ev,
+					  tstream_tls_retry_trigger,
+					  stream);
+	}
+
+	if (tlss->write.req) {
+		tstream_tls_retry_write(stream);
+		return;
+	}
+
+	if (tlss->read.req) {
+		tstream_tls_retry_read(stream);
+		return;
+	}
+}
+
+static void tstream_tls_retry_trigger(struct tevent_context *ctx,
+				      struct tevent_immediate *im,
+				      void *private_data)
+{
+	struct tstream_context *stream =
+		talloc_get_type_abort(private_data,
+		struct tstream_context);
+
+	tstream_tls_retry(stream, true);
+}
+
+static void tstream_tls_push_trigger_write(struct tevent_context *ev,
+					   struct tevent_immediate *im,
+					   void *private_data);
+
+static ssize_t tstream_tls_push_function(gnutls_transport_ptr_t ptr,
+					 const void *buf, size_t size)
+{
+	struct tstream_context *stream =
+		talloc_get_type_abort(ptr,
+		struct tstream_context);
+	struct tstream_tls *tlss =
+		tstream_context_data(stream,
+		struct tstream_tls);
+	uint8_t *nbuf;
+	size_t len;
+
+	if (tlss->error != 0) {
+		errno = tlss->error;
+		return -1;
+	}
+
+	if (tlss->push.subreq) {
+		errno = EAGAIN;
+		return -1;
+	}
+
+	len = MIN(size, UINT16_MAX - tlss->push.ofs);
+
+	if (len == 0) {
+		errno = EAGAIN;
+		return -1;
+	}
+
+	nbuf = talloc_realloc(tlss, tlss->push.buf,
+			      uint8_t, tlss->push.ofs + len);
+	if (nbuf == NULL) {
+		if (tlss->push.buf) {
+			errno = EAGAIN;
+			return -1;
+		}
+
+		return -1;
+	}
+	tlss->push.buf = nbuf;
+
+	memcpy(tlss->push.buf + tlss->push.ofs, buf, len);
+
+	if (tlss->push.im == NULL) {
+		tlss->push.im = tevent_create_immediate(tlss);
+		if (tlss->push.im == NULL) {
+			errno = ENOMEM;
+			return -1;
+		}
+	}
+
+	if (tlss->push.ofs == 0) {
+		/*
+		 * We'll do start the tstream_writev
+		 * in the next event cycle.
+		 *
+		 * This way we can batch all push requests,
+		 * if they fit into a UINT16_MAX buffer.
+		 *
+		 * This is important as gnutls_handshake()
+		 * had a bug in some versions e.g. 2.4.1
+		 * and others (See bug #7218) and it doesn't
+		 * handle EAGAIN.
+		 */
+		tevent_schedule_immediate(tlss->push.im,
+					  tlss->current_ev,
+					  tstream_tls_push_trigger_write,
+					  stream);
+	}
+
+	tlss->push.ofs += len;
+	return len;
+}
+
+static void tstream_tls_push_done(struct tevent_req *subreq);
+
+static void tstream_tls_push_trigger_write(struct tevent_context *ev,
+					   struct tevent_immediate *im,
+					   void *private_data)
+{
+	struct tstream_context *stream =
+		talloc_get_type_abort(private_data,
+		struct tstream_context);
+	struct tstream_tls *tlss =
+		tstream_context_data(stream,
+		struct tstream_tls);
+	struct tevent_req *subreq;
+
+	if (tlss->push.subreq) {
+		/* nothing todo */
+		return;
+	}
+
+	tlss->push.iov.iov_base = (char *)tlss->push.buf;
+	tlss->push.iov.iov_len = tlss->push.ofs;
+
+	subreq = tstream_writev_send(tlss,
+				     tlss->current_ev,
+				     tlss->plain_stream,
+				     &tlss->push.iov, 1);
+	if (subreq == NULL) {
+		tlss->error = ENOMEM;
+		tstream_tls_retry(stream, false);
+		return;
+	}
+	tevent_req_set_callback(subreq, tstream_tls_push_done, stream);
+
+	tlss->push.subreq = subreq;
+}
+
+static void tstream_tls_push_done(struct tevent_req *subreq)
+{
+	struct tstream_context *stream =
+		tevent_req_callback_data(subreq,
+		struct tstream_context);
+	struct tstream_tls *tlss =
+		tstream_context_data(stream,
+		struct tstream_tls);
+	int ret;
+	int sys_errno;
+
+	tlss->push.subreq = NULL;
+	ZERO_STRUCT(tlss->push.iov);
+	TALLOC_FREE(tlss->push.buf);
+	tlss->push.ofs = 0;
+
+	ret = tstream_writev_recv(subreq, &sys_errno);
+	TALLOC_FREE(subreq);
+	if (ret == -1) {
+		tlss->error = sys_errno;
+		tstream_tls_retry(stream, false);
+		return;
+	}
+
+	tstream_tls_retry(stream, false);
+}
+
+static void tstream_tls_pull_done(struct tevent_req *subreq);
+
+static ssize_t tstream_tls_pull_function(gnutls_transport_ptr_t ptr,
+					 void *buf, size_t size)
+{
+	struct tstream_context *stream =
+		talloc_get_type_abort(ptr,
+		struct tstream_context);
+	struct tstream_tls *tlss =
+		tstream_context_data(stream,
+		struct tstream_tls);
+	struct tevent_req *subreq;
+	size_t len;
+
+	if (tlss->error != 0) {
+		errno = tlss->error;
+		return -1;
+	}
+
+	if (tlss->pull.subreq) {
+		errno = EAGAIN;
+		return -1;
+	}
+
+	if (tlss->pull.iov.iov_base) {
+		uint8_t *b;
+		size_t n;
+
+		b = (uint8_t *)tlss->pull.iov.iov_base;
+
+		n = MIN(tlss->pull.iov.iov_len, size);
+		memcpy(buf, b, n);
+
+		tlss->pull.iov.iov_len -= n;
+		b += n;
+		tlss->pull.iov.iov_base = (char *)b;
+		if (tlss->pull.iov.iov_len == 0) {
+			tlss->pull.iov.iov_base = NULL;
+			TALLOC_FREE(tlss->pull.buf);
+		}
+
+		return n;
+	}
+
+	if (size == 0) {
+		return 0;
+	}
+
+	len = MIN(size, UINT16_MAX);
+
+	tlss->pull.buf = talloc_array(tlss, uint8_t, len);
+	if (tlss->pull.buf == NULL) {
+		return -1;
+	}
+
+	tlss->pull.iov.iov_base = (char *)tlss->pull.buf;
+	tlss->pull.iov.iov_len = len;
+
+	subreq = tstream_readv_send(tlss,
+				    tlss->current_ev,
+				    tlss->plain_stream,
+				    &tlss->pull.iov, 1);
+	if (subreq == NULL) {
+		errno = ENOMEM;
+		return -1;
+	}
+	tevent_req_set_callback(subreq, tstream_tls_pull_done, stream);
+
+	tlss->pull.subreq = subreq;
+	errno = EAGAIN;
+	return -1;
+}
+
+static void tstream_tls_pull_done(struct tevent_req *subreq)
+{
+	struct tstream_context *stream =
+		tevent_req_callback_data(subreq,
+		struct tstream_context);
+	struct tstream_tls *tlss =
+		tstream_context_data(stream,
+		struct tstream_tls);
+	int ret;
+	int sys_errno;
+
+	tlss->pull.subreq = NULL;
+
+	ret = tstream_readv_recv(subreq, &sys_errno);
+	TALLOC_FREE(subreq);
+	if (ret == -1) {
+		tlss->error = sys_errno;
+		tstream_tls_retry(stream, false);
+		return;
+	}
+
+	tstream_tls_retry(stream, false);
+}
+
+static int tstream_tls_destructor(struct tstream_tls *tlss)
+{
+	if (tlss->tls_session) {
+		gnutls_deinit(tlss->tls_session);
+		tlss->tls_session = NULL;
+	}
+
+	return 0;
+}
+
+static ssize_t tstream_tls_pending_bytes(struct tstream_context *stream)
+{
+	struct tstream_tls *tlss =
+		tstream_context_data(stream,
+		struct tstream_tls);
+	size_t ret;
+
+	if (tlss->error != 0) {
+		errno = tlss->error;
+		return -1;
+	}
+
+	ret = gnutls_record_check_pending(tlss->tls_session);
+	ret += tlss->read.left;
+
+	return ret;
+}
+
+struct tstream_tls_readv_state {
+	struct tstream_context *stream;
+
+	struct iovec *vector;
+	int count;
+
+	int ret;
+};
+
+static void tstream_tls_readv_crypt_next(struct tevent_req *req);
+
+static struct tevent_req *tstream_tls_readv_send(TALLOC_CTX *mem_ctx,
+					struct tevent_context *ev,
+					struct tstream_context *stream,
+					struct iovec *vector,
+					size_t count)
+{
+	struct tstream_tls *tlss =
+		tstream_context_data(stream,
+		struct tstream_tls);
+	struct tevent_req *req;
+	struct tstream_tls_readv_state *state;
+
+	tlss->read.req = NULL;
+	tlss->current_ev = ev;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct tstream_tls_readv_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	state->stream = stream;
+	state->ret = 0;
+
+	if (tlss->error != 0) {
+		tevent_req_error(req, tlss->error);
+		return tevent_req_post(req, ev);
+	}
+
+	/*
+	 * we make a copy of the vector so we can change the structure
+	 */
+	state->vector = talloc_array(state, struct iovec, count);
+	if (tevent_req_nomem(state->vector, req)) {
+		return tevent_req_post(req, ev);
+	}
+	memcpy(state->vector, vector, sizeof(struct iovec) * count);
+	state->count = count;
+
+	tstream_tls_readv_crypt_next(req);
+	if (!tevent_req_is_in_progress(req)) {
+		return tevent_req_post(req, ev);
+	}
+
+	return req;
+}
+
+static void tstream_tls_readv_crypt_next(struct tevent_req *req)
+{
+	struct tstream_tls_readv_state *state =
+		tevent_req_data(req,
+		struct tstream_tls_readv_state);
+	struct tstream_tls *tlss =
+		tstream_context_data(state->stream,
+		struct tstream_tls);
+
+	/*
+	 * copy the pending buffer first
+	 */
+	while (tlss->read.left > 0 && state->count > 0) {
+		uint8_t *base = (uint8_t *)state->vector[0].iov_base;
+		size_t len = MIN(tlss->read.left, state->vector[0].iov_len);
+
+		memcpy(base, tlss->read.buffer + tlss->read.ofs, len);
+
+		base += len;
+		state->vector[0].iov_base = (char *) base;
+		state->vector[0].iov_len -= len;
+
+		tlss->read.ofs += len;
+		tlss->read.left -= len;
+
+		if (state->vector[0].iov_len == 0) {
+			state->vector += 1;
+			state->count -= 1;
+		}
+
+		state->ret += len;
+	}
+
+	if (state->count == 0) {
+		tevent_req_done(req);
+		return;
+	}
+
+	tlss->read.req = req;
+	tstream_tls_retry_read(state->stream);
+}
+
+static void tstream_tls_retry_read(struct tstream_context *stream)
+{
+	struct tstream_tls *tlss =
+		tstream_context_data(stream,
+		struct tstream_tls);
+	struct tevent_req *req = tlss->read.req;
+	int ret;
+
+	if (tlss->error != 0) {
+		tevent_req_error(req, tlss->error);
+		return;
+	}
+
+	tlss->read.left = 0;
+	tlss->read.ofs = 0;
+
+	ret = gnutls_record_recv(tlss->tls_session,
+				 tlss->read.buffer,
+				 sizeof(tlss->read.buffer));
+	if (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN) {
+		return;
+	}
+
+	tlss->read.req = NULL;
+
+	if (gnutls_error_is_fatal(ret) != 0) {
+		DEBUG(1,("TLS %s - %s\n", __location__, gnutls_strerror(ret)));
+		tlss->error = EIO;
+		tevent_req_error(req, tlss->error);
+		return;
+	}
+
+	if (ret == 0) {
+		tlss->error = EPIPE;
+		tevent_req_error(req, tlss->error);
+		return;
+	}
+
+	tlss->read.left = ret;
+	tstream_tls_readv_crypt_next(req);
+}
+
+static int tstream_tls_readv_recv(struct tevent_req *req,
+				  int *perrno)
+{
+	struct tstream_tls_readv_state *state =
+		tevent_req_data(req,
+		struct tstream_tls_readv_state);
+	struct tstream_tls *tlss =
+		tstream_context_data(state->stream,
+		struct tstream_tls);
+	int ret;
+
+	tlss->read.req = NULL;
+
+	ret = tsocket_simple_int_recv(req, perrno);
+	if (ret == 0) {
+		ret = state->ret;
+	}
+
+	tevent_req_received(req);
+	return ret;
+}
+
+struct tstream_tls_writev_state {
+	struct tstream_context *stream;
+
+	struct iovec *vector;
+	int count;
+
+	int ret;
+};
+
+static void tstream_tls_writev_crypt_next(struct tevent_req *req);
+
+static struct tevent_req *tstream_tls_writev_send(TALLOC_CTX *mem_ctx,
+					struct tevent_context *ev,
+					struct tstream_context *stream,
+					const struct iovec *vector,
+					size_t count)
+{
+	struct tstream_tls *tlss =
+		tstream_context_data(stream,
+		struct tstream_tls);
+	struct tevent_req *req;
+	struct tstream_tls_writev_state *state;
+
+	tlss->write.req = NULL;
+	tlss->current_ev = ev;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct tstream_tls_writev_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	state->stream = stream;
+	state->ret = 0;
+
+	if (tlss->error != 0) {
+		tevent_req_error(req, tlss->error);
+		return tevent_req_post(req, ev);
+	}
+
+	/*
+	 * we make a copy of the vector so we can change the structure
+	 */
+	state->vector = talloc_array(state, struct iovec, count);
+	if (tevent_req_nomem(state->vector, req)) {
+		return tevent_req_post(req, ev);
+	}
+	memcpy(state->vector, vector, sizeof(struct iovec) * count);
+	state->count = count;
+
+	tstream_tls_writev_crypt_next(req);
+	if (!tevent_req_is_in_progress(req)) {
+		return tevent_req_post(req, ev);
+	}
+
+	return req;
+}
+
+static void tstream_tls_writev_crypt_next(struct tevent_req *req)
+{
+	struct tstream_tls_writev_state *state =
+		tevent_req_data(req,
+		struct tstream_tls_writev_state);
+	struct tstream_tls *tlss =
+		tstream_context_data(state->stream,
+		struct tstream_tls);
+
+	tlss->write.left = sizeof(tlss->write.buffer);
+	tlss->write.ofs = 0;
+
+	/*
+	 * first fill our buffer
+	 */
+	while (tlss->write.left > 0 && state->count > 0) {
+		uint8_t *base = (uint8_t *)state->vector[0].iov_base;
+		size_t len = MIN(tlss->write.left, state->vector[0].iov_len);
+
+		memcpy(tlss->write.buffer + tlss->write.ofs, base, len);
+
+		base += len;
+		state->vector[0].iov_base = (char *) base;
+		state->vector[0].iov_len -= len;
+
+		tlss->write.ofs += len;
+		tlss->write.left -= len;
+
+		if (state->vector[0].iov_len == 0) {
+			state->vector += 1;
+			state->count -= 1;
+		}
+
+		state->ret += len;
+	}
+
+	if (tlss->write.ofs == 0) {
+		tevent_req_done(req);
+		return;
+	}
+
+	tlss->write.left = tlss->write.ofs;
+	tlss->write.ofs = 0;
+
+	tlss->write.req = req;
+	tstream_tls_retry_write(state->stream);
+}
+
+static void tstream_tls_retry_write(struct tstream_context *stream)
+{
+	struct tstream_tls *tlss =
+		tstream_context_data(stream,
+		struct tstream_tls);
+	struct tevent_req *req = tlss->write.req;
+	int ret;
+
+	if (tlss->error != 0) {
+		tevent_req_error(req, tlss->error);
+		return;
+	}
+
+	ret = gnutls_record_send(tlss->tls_session,
+				 tlss->write.buffer + tlss->write.ofs,
+				 tlss->write.left);
+	if (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN) {
+		return;
+	}
+
+	tlss->write.req = NULL;
+
+	if (gnutls_error_is_fatal(ret) != 0) {
+		DEBUG(1,("TLS %s - %s\n", __location__, gnutls_strerror(ret)));
+		tlss->error = EIO;
+		tevent_req_error(req, tlss->error);
+		return;
+	}
+
+	if (ret == 0) {
+		tlss->error = EPIPE;
+		tevent_req_error(req, tlss->error);
+		return;
+	}
+
+	tlss->write.ofs += ret;
+	tlss->write.left -= ret;
+
+	if (tlss->write.left > 0) {
+		tlss->write.req = req;
+		tstream_tls_retry_write(stream);
+		return;
+	}
+
+	tstream_tls_writev_crypt_next(req);
+}
+
+static int tstream_tls_writev_recv(struct tevent_req *req,
+				   int *perrno)
+{
+	struct tstream_tls_writev_state *state =
+		tevent_req_data(req,
+		struct tstream_tls_writev_state);
+	struct tstream_tls *tlss =
+		tstream_context_data(state->stream,
+		struct tstream_tls);
+	int ret;
+
+	tlss->write.req = NULL;
+
+	ret = tsocket_simple_int_recv(req, perrno);
+	if (ret == 0) {
+		ret = state->ret;
+	}
+
+	tevent_req_received(req);
+	return ret;
+}
+
+struct tstream_tls_disconnect_state {
+	uint8_t _dummy;
+};
+
+static struct tevent_req *tstream_tls_disconnect_send(TALLOC_CTX *mem_ctx,
+						struct tevent_context *ev,
+						struct tstream_context *stream)
+{
+	struct tstream_tls *tlss =
+		tstream_context_data(stream,
+		struct tstream_tls);
+	struct tevent_req *req;
+	struct tstream_tls_disconnect_state *state;
+
+	tlss->disconnect.req = NULL;
+	tlss->current_ev = ev;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct tstream_tls_disconnect_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	if (tlss->error != 0) {
+		tevent_req_error(req, tlss->error);
+		return tevent_req_post(req, ev);
+	}
+
+	tlss->disconnect.req = req;
+	tstream_tls_retry_disconnect(stream);
+	if (!tevent_req_is_in_progress(req)) {
+		return tevent_req_post(req, ev);
+	}
+
+	return req;
+}
+
+static void tstream_tls_retry_disconnect(struct tstream_context *stream)
+{
+	struct tstream_tls *tlss =
+		tstream_context_data(stream,
+		struct tstream_tls);
+	struct tevent_req *req = tlss->disconnect.req;
+	int ret;
+
+	if (tlss->error != 0) {
+		tevent_req_error(req, tlss->error);
+		return;
+	}
+
+	ret = gnutls_bye(tlss->tls_session, GNUTLS_SHUT_WR);
+	if (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN) {
+		return;
+	}
+
+	tlss->disconnect.req = NULL;
+
+	if (gnutls_error_is_fatal(ret) != 0) {
+		DEBUG(1,("TLS %s - %s\n", __location__, gnutls_strerror(ret)));
+		tlss->error = EIO;
+		tevent_req_error(req, tlss->error);
+		return;
+	}
+
+	if (ret != GNUTLS_E_SUCCESS) {
+		DEBUG(1,("TLS %s - %s\n", __location__, gnutls_strerror(ret)));
+		tlss->error = EIO;
+		tevent_req_error(req, tlss->error);
+		return;
+	}
+
+	tevent_req_done(req);
+}
+
+static int tstream_tls_disconnect_recv(struct tevent_req *req,
+				       int *perrno)
+{
+	int ret;
+
+	ret = tsocket_simple_int_recv(req, perrno);
+
+	tevent_req_received(req);
+	return ret;
+}
+
+static const struct tstream_context_ops tstream_tls_ops = {
+	.name			= "tls",
+
+	.pending_bytes		= tstream_tls_pending_bytes,
+
+	.readv_send		= tstream_tls_readv_send,
+	.readv_recv		= tstream_tls_readv_recv,
+
+	.writev_send		= tstream_tls_writev_send,
+	.writev_recv		= tstream_tls_writev_recv,
+
+	.disconnect_send	= tstream_tls_disconnect_send,
+	.disconnect_recv	= tstream_tls_disconnect_recv,
+};
+
+struct tstream_tls_params_internal {
+	gnutls_certificate_credentials_t x509_cred;
+	gnutls_dh_params_t dh_params;
+	const char *tls_priority;
+	bool tls_enabled;
+	enum tls_verify_peer_state verify_peer;
+	const char *peer_name;
+};
+
+struct tstream_tls_params {
+	struct tstream_tls_params_internal *internal;
+};
+
+static int tstream_tls_params_internal_destructor(struct tstream_tls_params_internal *tlsp)
+{
+	if (tlsp->x509_cred) {
+		gnutls_certificate_free_credentials(tlsp->x509_cred);
+		tlsp->x509_cred = NULL;
+	}
+	if (tlsp->dh_params) {
+		gnutls_dh_params_deinit(tlsp->dh_params);
+		tlsp->dh_params = NULL;
+	}
+
+	return 0;
+}
+
+bool tstream_tls_params_enabled(struct tstream_tls_params *tls_params)
+{
+	struct tstream_tls_params_internal *tlsp = tls_params->internal;
+
+	return tlsp->tls_enabled;
+}
+
+NTSTATUS tstream_tls_params_client(TALLOC_CTX *mem_ctx,
+				   const char *ca_file,
+				   const char *crl_file,
+				   const char *tls_priority,
+				   enum tls_verify_peer_state verify_peer,
+				   const char *peer_name,
+				   struct tstream_tls_params **_tlsp)
+{
+	struct tstream_tls_params *__tlsp = NULL;
+	struct tstream_tls_params_internal *tlsp = NULL;
+	int ret;
+
+	__tlsp = talloc_zero(mem_ctx, struct tstream_tls_params);
+	if (__tlsp == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	tlsp = talloc_zero(__tlsp, struct tstream_tls_params_internal);
+	if (tlsp == NULL) {
+		TALLOC_FREE(__tlsp);
+		return NT_STATUS_NO_MEMORY;
+	}
+	talloc_set_destructor(tlsp, tstream_tls_params_internal_destructor);
+	__tlsp->internal = tlsp;
+
+	tlsp->verify_peer = verify_peer;
+	if (peer_name != NULL) {
+		tlsp->peer_name = talloc_strdup(tlsp, peer_name);
+		if (tlsp->peer_name == NULL) {
+			TALLOC_FREE(__tlsp);
+			return NT_STATUS_NO_MEMORY;
+		}
+	} else if (tlsp->verify_peer >= TLS_VERIFY_PEER_CA_AND_NAME) {
+		DEBUG(0,("TLS failed to missing peer_name - "
+			 "with 'tls verify peer = %s'\n",
+			 tls_verify_peer_string(tlsp->verify_peer)));
+		TALLOC_FREE(__tlsp);
+		return NT_STATUS_INVALID_PARAMETER_MIX;
+	}
+
+	ret = gnutls_certificate_allocate_credentials(&tlsp->x509_cred);
+	if (ret != GNUTLS_E_SUCCESS) {
+		DEBUG(0,("TLS %s - %s\n", __location__, gnutls_strerror(ret)));
+		TALLOC_FREE(__tlsp);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (ca_file && *ca_file && file_exist(ca_file)) {
+		ret = gnutls_certificate_set_x509_trust_file(tlsp->x509_cred,
+							     ca_file,
+							     GNUTLS_X509_FMT_PEM);
+		if (ret < 0) {
+			DEBUG(0,("TLS failed to initialise cafile %s - %s\n",
+				 ca_file, gnutls_strerror(ret)));
+			TALLOC_FREE(__tlsp);
+			return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+		}
+	} else if (tlsp->verify_peer >= TLS_VERIFY_PEER_CA_ONLY) {
+		DEBUG(0,("TLS failed to missing cafile %s - "
+			 "with 'tls verify peer = %s'\n",
+			 ca_file,
+			 tls_verify_peer_string(tlsp->verify_peer)));
+		TALLOC_FREE(__tlsp);
+		return NT_STATUS_INVALID_PARAMETER_MIX;
+	}
+
+	if (crl_file && *crl_file && file_exist(crl_file)) {
+		ret = gnutls_certificate_set_x509_crl_file(tlsp->x509_cred,
+							   crl_file, 
+							   GNUTLS_X509_FMT_PEM);
+		if (ret < 0) {
+			DEBUG(0,("TLS failed to initialise crlfile %s - %s\n",
+				 crl_file, gnutls_strerror(ret)));
+			TALLOC_FREE(__tlsp);
+			return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+		}
+	} else if (tlsp->verify_peer >= TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE) {
+		DEBUG(0,("TLS failed to missing crlfile %s - "
+			 "with 'tls verify peer = %s'\n",
+			 crl_file,
+			 tls_verify_peer_string(tlsp->verify_peer)));
+		TALLOC_FREE(__tlsp);
+		return NT_STATUS_INVALID_PARAMETER_MIX;
+	}
+
+	tlsp->tls_priority = talloc_strdup(tlsp, tls_priority);
+	if (tlsp->tls_priority == NULL) {
+		TALLOC_FREE(__tlsp);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	tlsp->tls_enabled = true;
+
+	*_tlsp = __tlsp;
+	return NT_STATUS_OK;
+}
+
+struct tstream_tls_connect_state {
+	struct tstream_context *tls_stream;
+};
+
+struct tevent_req *_tstream_tls_connect_send(TALLOC_CTX *mem_ctx,
+					     struct tevent_context *ev,
+					     struct tstream_context *plain_stream,
+					     struct tstream_tls_params *_tls_params,
+					     const char *location)
+{
+	struct tevent_req *req;
+	struct tstream_tls_connect_state *state;
+	const char *error_pos;
+	struct tstream_tls *tlss;
+	struct tstream_tls_params_internal *tls_params = NULL;
+	int ret;
+	unsigned int flags = GNUTLS_CLIENT;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct tstream_tls_connect_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	state->tls_stream = tstream_context_create(state,
+						   &tstream_tls_ops,
+						   &tlss,
+						   struct tstream_tls,
+						   location);
+	if (tevent_req_nomem(state->tls_stream, req)) {
+		return tevent_req_post(req, ev);
+	}
+	ZERO_STRUCTP(tlss);
+	talloc_set_destructor(tlss, tstream_tls_destructor);
+
+	/*
+	 * Note we need to make sure x509_cred and dh_params
+	 * from tstream_tls_params_internal stay alive for
+	 * the whole lifetime of this session!
+	 *
+	 * See 'man gnutls_credentials_set' and
+	 * 'man gnutls_certificate_set_dh_params'.
+	 *
+	 * Note: here we use talloc_reference() in a way
+	 *       that does not expose it to the caller.
+	 *
+	 */
+	tls_params = talloc_reference(tlss, _tls_params->internal);
+	if (tevent_req_nomem(tls_params, req)) {
+		return tevent_req_post(req, ev);
+	}
+
+	tlss->plain_stream = plain_stream;
+	tlss->verify_peer = tls_params->verify_peer;
+	if (tls_params->peer_name != NULL) {
+		tlss->peer_name = talloc_strdup(tlss, tls_params->peer_name);
+		if (tevent_req_nomem(tlss->peer_name, req)) {
+			return tevent_req_post(req, ev);
+		}
+	}
+
+	tlss->current_ev = ev;
+	tlss->retry_im = tevent_create_immediate(tlss);
+	if (tevent_req_nomem(tlss->retry_im, req)) {
+		return tevent_req_post(req, ev);
+	}
+
+#ifdef GNUTLS_NO_TICKETS
+	/*
+	 * tls_tstream can't properly handle 'New Session Ticket' messages
+	 * sent 'after' the client sends the 'Finished' message.
+	 * GNUTLS_NO_TICKETS was introduced in GnuTLS 3.5.6.  This flag is to
+	 * indicate the session Flag session should not use resumption with
+	 * session tickets.
+	 */
+	flags |= GNUTLS_NO_TICKETS;
+#endif
+
+	ret = gnutls_init(&tlss->tls_session, flags);
+	if (ret != GNUTLS_E_SUCCESS) {
+		DEBUG(0,("TLS %s - %s\n", __location__, gnutls_strerror(ret)));
+		tevent_req_error(req, EINVAL);
+		return tevent_req_post(req, ev);
+	}
+
+	ret = gnutls_set_default_priority(tlss->tls_session);
+	if (ret != GNUTLS_E_SUCCESS) {
+		DBG_ERR("TLS %s - %s. Failed to set default priorities\n",
+			__location__, gnutls_strerror(ret));
+		tevent_req_error(req, EINVAL);
+		return tevent_req_post(req, ev);
+	}
+
+	if (strlen(tls_params->tls_priority) > 0) {
+		ret = gnutls_priority_set_direct(tlss->tls_session,
+						 tls_params->tls_priority,
+						 &error_pos);
+		if (ret != GNUTLS_E_SUCCESS) {
+			DEBUG(0,("TLS %s - %s.  Check 'tls priority' option at '%s'\n",
+				 __location__, gnutls_strerror(ret), error_pos));
+			tevent_req_error(req, EINVAL);
+			return tevent_req_post(req, ev);
+		}
+	}
+
+	ret = gnutls_credentials_set(tlss->tls_session,
+				     GNUTLS_CRD_CERTIFICATE,
+				     tls_params->x509_cred);
+	if (ret != GNUTLS_E_SUCCESS) {
+		DEBUG(0,("TLS %s - %s\n", __location__, gnutls_strerror(ret)));
+		tevent_req_error(req, EINVAL);
+		return tevent_req_post(req, ev);
+	}
+
+	gnutls_transport_set_ptr(tlss->tls_session,
+				 (gnutls_transport_ptr_t)state->tls_stream);
+	gnutls_transport_set_pull_function(tlss->tls_session,
+					   (gnutls_pull_func)tstream_tls_pull_function);
+	gnutls_transport_set_push_function(tlss->tls_session,
+					   (gnutls_push_func)tstream_tls_push_function);
+
+	tlss->handshake.req = req;
+	tstream_tls_retry_handshake(state->tls_stream);
+	if (!tevent_req_is_in_progress(req)) {
+		return tevent_req_post(req, ev);
+	}
+
+	return req;
+}
+
+int tstream_tls_connect_recv(struct tevent_req *req,
+			     int *perrno,
+			     TALLOC_CTX *mem_ctx,
+			     struct tstream_context **tls_stream)
+{
+	struct tstream_tls_connect_state *state =
+		tevent_req_data(req,
+		struct tstream_tls_connect_state);
+
+	if (tevent_req_is_unix_error(req, perrno)) {
+		tevent_req_received(req);
+		return -1;
+	}
+
+	*tls_stream = talloc_move(mem_ctx, &state->tls_stream);
+	tevent_req_received(req);
+	return 0;
+}
+
+/*
+  initialise global tls state
+*/
+NTSTATUS tstream_tls_params_server(TALLOC_CTX *mem_ctx,
+				   const char *dns_host_name,
+				   bool enabled,
+				   const char *key_file,
+				   const char *cert_file,
+				   const char *ca_file,
+				   const char *crl_file,
+				   const char *dhp_file,
+				   const char *tls_priority,
+				   struct tstream_tls_params **_tlsp)
+{
+	struct tstream_tls_params *__tlsp = NULL;
+	struct tstream_tls_params_internal *tlsp = NULL;
+	int ret;
+	struct stat st;
+
+	if (!enabled || key_file == NULL || *key_file == 0) {
+		__tlsp = talloc_zero(mem_ctx, struct tstream_tls_params);
+		if (__tlsp == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		tlsp = talloc_zero(__tlsp, struct tstream_tls_params_internal);
+		if (tlsp == NULL) {
+			TALLOC_FREE(__tlsp);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		talloc_set_destructor(tlsp, tstream_tls_params_internal_destructor);
+		__tlsp->internal = tlsp;
+		tlsp->tls_enabled = false;
+
+		*_tlsp = __tlsp;
+		return NT_STATUS_OK;
+	}
+
+	__tlsp = talloc_zero(mem_ctx, struct tstream_tls_params);
+	if (__tlsp == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	tlsp = talloc_zero(__tlsp, struct tstream_tls_params_internal);
+	if (tlsp == NULL) {
+		TALLOC_FREE(__tlsp);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	talloc_set_destructor(tlsp, tstream_tls_params_internal_destructor);
+	__tlsp->internal = tlsp;
+
+	if (!file_exist(ca_file)) {
+		tls_cert_generate(tlsp, dns_host_name,
+				  key_file, cert_file, ca_file);
+	}
+
+	if (file_exist(key_file) &&
+	    !file_check_permissions(key_file, geteuid(), 0600, &st))
+	{
+		DEBUG(0, ("Invalid permissions on TLS private key file '%s':\n"
+			  "owner uid %u should be %u, mode 0%o should be 0%o\n"
+			  "This is known as CVE-2013-4476.\n"
+			  "Removing all tls .pem files will cause an "
+			  "auto-regeneration with the correct permissions.\n",
+			  key_file,
+			  (unsigned int)st.st_uid, geteuid(),
+			  (unsigned int)(st.st_mode & 0777), 0600));
+		TALLOC_FREE(__tlsp);
+		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+	}
+
+	ret = gnutls_certificate_allocate_credentials(&tlsp->x509_cred);
+	if (ret != GNUTLS_E_SUCCESS) {
+		DEBUG(0,("TLS %s - %s\n", __location__, gnutls_strerror(ret)));
+		TALLOC_FREE(__tlsp);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (ca_file && *ca_file) {
+		ret = gnutls_certificate_set_x509_trust_file(tlsp->x509_cred,
+							     ca_file,
+							     GNUTLS_X509_FMT_PEM);
+		if (ret < 0) {
+			DEBUG(0,("TLS failed to initialise cafile %s - %s\n",
+				 ca_file, gnutls_strerror(ret)));
+			TALLOC_FREE(__tlsp);
+			return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+		}
+	}
+
+	if (crl_file && *crl_file) {
+		ret = gnutls_certificate_set_x509_crl_file(tlsp->x509_cred,
+							   crl_file, 
+							   GNUTLS_X509_FMT_PEM);
+		if (ret < 0) {
+			DEBUG(0,("TLS failed to initialise crlfile %s - %s\n",
+				 crl_file, gnutls_strerror(ret)));
+			TALLOC_FREE(__tlsp);
+			return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+		}
+	}
+
+	ret = gnutls_certificate_set_x509_key_file(tlsp->x509_cred,
+						   cert_file, key_file,
+						   GNUTLS_X509_FMT_PEM);
+	if (ret != GNUTLS_E_SUCCESS) {
+		DEBUG(0,("TLS failed to initialise certfile %s and keyfile %s - %s\n",
+			 cert_file, key_file, gnutls_strerror(ret)));
+		TALLOC_FREE(__tlsp);
+		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+	}
+
+	ret = gnutls_dh_params_init(&tlsp->dh_params);
+	if (ret != GNUTLS_E_SUCCESS) {
+		DEBUG(0,("TLS %s - %s\n", __location__, gnutls_strerror(ret)));
+		TALLOC_FREE(__tlsp);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (dhp_file && *dhp_file) {
+		gnutls_datum_t dhparms;
+		size_t size;
+
+		dhparms.data = (uint8_t *)file_load(dhp_file, &size, 0, tlsp);
+
+		if (!dhparms.data) {
+			DEBUG(0,("TLS failed to read DH Parms from %s - %d:%s\n",
+				 dhp_file, errno, strerror(errno)));
+			TALLOC_FREE(__tlsp);
+			return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+		}
+		dhparms.size = size;
+
+		ret = gnutls_dh_params_import_pkcs3(tlsp->dh_params,
+						    &dhparms,
+						    GNUTLS_X509_FMT_PEM);
+		if (ret != GNUTLS_E_SUCCESS) {
+			DEBUG(0,("TLS failed to import pkcs3 %s - %s\n",
+				 dhp_file, gnutls_strerror(ret)));
+			TALLOC_FREE(__tlsp);
+			return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+		}
+	} else {
+		ret = gnutls_dh_params_generate2(tlsp->dh_params, DH_BITS);
+		if (ret != GNUTLS_E_SUCCESS) {
+			DEBUG(0,("TLS failed to generate dh_params - %s\n",
+				 gnutls_strerror(ret)));
+			TALLOC_FREE(__tlsp);
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+	}
+
+	gnutls_certificate_set_dh_params(tlsp->x509_cred, tlsp->dh_params);
+
+	tlsp->tls_priority = talloc_strdup(tlsp, tls_priority);
+	if (tlsp->tls_priority == NULL) {
+		TALLOC_FREE(__tlsp);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	tlsp->tls_enabled = true;
+
+	*_tlsp = __tlsp;
+	return NT_STATUS_OK;
+}
+
+struct tstream_tls_accept_state {
+	struct tstream_context *tls_stream;
+};
+
+struct tevent_req *_tstream_tls_accept_send(TALLOC_CTX *mem_ctx,
+					    struct tevent_context *ev,
+					    struct tstream_context *plain_stream,
+					    struct tstream_tls_params *_tlsp,
+					    const char *location)
+{
+	struct tevent_req *req;
+	struct tstream_tls_accept_state *state;
+	struct tstream_tls *tlss;
+	const char *error_pos;
+	struct tstream_tls_params_internal *tlsp = NULL;
+	int ret;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct tstream_tls_accept_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	state->tls_stream = tstream_context_create(state,
+						   &tstream_tls_ops,
+						   &tlss,
+						   struct tstream_tls,
+						   location);
+	if (tevent_req_nomem(state->tls_stream, req)) {
+		return tevent_req_post(req, ev);
+	}
+	ZERO_STRUCTP(tlss);
+	talloc_set_destructor(tlss, tstream_tls_destructor);
+
+	/*
+	 * Note we need to make sure x509_cred and dh_params
+	 * from tstream_tls_params_internal stay alive for
+	 * the whole lifetime of this session!
+	 *
+	 * See 'man gnutls_credentials_set' and
+	 * 'man gnutls_certificate_set_dh_params'.
+	 *
+	 * Note: here we use talloc_reference() in a way
+	 *       that does not expose it to the caller.
+	 */
+	tlsp = talloc_reference(tlss, _tlsp->internal);
+	if (tevent_req_nomem(tlsp, req)) {
+		return tevent_req_post(req, ev);
+	}
+
+	tlss->plain_stream = plain_stream;
+
+	tlss->current_ev = ev;
+	tlss->retry_im = tevent_create_immediate(tlss);
+	if (tevent_req_nomem(tlss->retry_im, req)) {
+		return tevent_req_post(req, ev);
+	}
+
+	ret = gnutls_init(&tlss->tls_session, GNUTLS_SERVER);
+	if (ret != GNUTLS_E_SUCCESS) {
+		DEBUG(0,("TLS %s - %s\n", __location__, gnutls_strerror(ret)));
+		tevent_req_error(req, EINVAL);
+		return tevent_req_post(req, ev);
+	}
+
+	ret = gnutls_set_default_priority(tlss->tls_session);
+	if (ret != GNUTLS_E_SUCCESS) {
+		DBG_ERR("TLS %s - %s. Failed to set default priorities\n",
+			__location__, gnutls_strerror(ret));
+		tevent_req_error(req, EINVAL);
+		return tevent_req_post(req, ev);
+	}
+
+	if (strlen(tlsp->tls_priority) > 0) {
+		ret = gnutls_priority_set_direct(tlss->tls_session,
+						 tlsp->tls_priority,
+						 &error_pos);
+		if (ret != GNUTLS_E_SUCCESS) {
+			DEBUG(0,("TLS %s - %s.  Check 'tls priority' option at '%s'\n",
+				 __location__, gnutls_strerror(ret), error_pos));
+			tevent_req_error(req, EINVAL);
+			return tevent_req_post(req, ev);
+		}
+	}
+
+	ret = gnutls_credentials_set(tlss->tls_session, GNUTLS_CRD_CERTIFICATE,
+				     tlsp->x509_cred);
+	if (ret != GNUTLS_E_SUCCESS) {
+		DEBUG(0,("TLS %s - %s\n", __location__, gnutls_strerror(ret)));
+		tevent_req_error(req, EINVAL);
+		return tevent_req_post(req, ev);
+	}
+
+	gnutls_certificate_server_set_request(tlss->tls_session,
+					      GNUTLS_CERT_REQUEST);
+	gnutls_dh_set_prime_bits(tlss->tls_session, DH_BITS);
+
+	gnutls_transport_set_ptr(tlss->tls_session,
+				 (gnutls_transport_ptr_t)state->tls_stream);
+	gnutls_transport_set_pull_function(tlss->tls_session,
+					   (gnutls_pull_func)tstream_tls_pull_function);
+	gnutls_transport_set_push_function(tlss->tls_session,
+					   (gnutls_push_func)tstream_tls_push_function);
+
+	tlss->handshake.req = req;
+	tstream_tls_retry_handshake(state->tls_stream);
+	if (!tevent_req_is_in_progress(req)) {
+		return tevent_req_post(req, ev);
+	}
+
+	return req;
+}
+
+static void tstream_tls_retry_handshake(struct tstream_context *stream)
+{
+	struct tstream_tls *tlss =
+		tstream_context_data(stream,
+		struct tstream_tls);
+	struct tevent_req *req = tlss->handshake.req;
+	int ret;
+
+	if (tlss->error != 0) {
+		tevent_req_error(req, tlss->error);
+		return;
+	}
+
+	ret = gnutls_handshake(tlss->tls_session);
+	if (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN) {
+		return;
+	}
+
+	tlss->handshake.req = NULL;
+
+	if (gnutls_error_is_fatal(ret) != 0) {
+		DEBUG(1,("TLS %s - %s\n", __location__, gnutls_strerror(ret)));
+		tlss->error = EIO;
+		tevent_req_error(req, tlss->error);
+		return;
+	}
+
+	if (ret != GNUTLS_E_SUCCESS) {
+		DEBUG(1,("TLS %s - %s\n", __location__, gnutls_strerror(ret)));
+		tlss->error = EIO;
+		tevent_req_error(req, tlss->error);
+		return;
+	}
+
+	if (tlss->verify_peer >= TLS_VERIFY_PEER_CA_ONLY) {
+		unsigned int status = UINT32_MAX;
+		bool ip = true;
+		const char *hostname = NULL;
+
+		if (tlss->peer_name != NULL) {
+			ip = is_ipaddress(tlss->peer_name);
+		}
+
+		if (!ip) {
+			hostname = tlss->peer_name;
+		}
+
+		if (tlss->verify_peer == TLS_VERIFY_PEER_CA_ONLY) {
+			hostname = NULL;
+		}
+
+		if (tlss->verify_peer >= TLS_VERIFY_PEER_CA_AND_NAME) {
+			if (hostname == NULL) {
+				DEBUG(1,("TLS %s - no hostname available for "
+					 "verify_peer[%s] and peer_name[%s]\n",
+					 __location__,
+					 tls_verify_peer_string(tlss->verify_peer),
+					 tlss->peer_name));
+				tlss->error = EINVAL;
+				tevent_req_error(req, tlss->error);
+				return;
+			}
+		}
+
+		ret = gnutls_certificate_verify_peers3(tlss->tls_session,
+						       hostname,
+						       &status);
+		if (ret != GNUTLS_E_SUCCESS) {
+			DEBUG(1,("TLS %s - %s\n", __location__, gnutls_strerror(ret)));
+			tlss->error = EIO;
+			tevent_req_error(req, tlss->error);
+			return;
+		}
+
+		if (status != 0) {
+			DEBUG(1,("TLS %s - check failed for "
+				 "verify_peer[%s] and peer_name[%s] "
+				 "status 0x%x (%s%s%s%s%s%s%s%s)\n",
+				 __location__,
+				 tls_verify_peer_string(tlss->verify_peer),
+				 tlss->peer_name,
+				 status,
+				 status & GNUTLS_CERT_INVALID ? "invalid " : "",
+				 status & GNUTLS_CERT_REVOKED ? "revoked " : "",
+				 status & GNUTLS_CERT_SIGNER_NOT_FOUND ?
+					"signer_not_found " : "",
+				 status & GNUTLS_CERT_SIGNER_NOT_CA ?
+					"signer_not_ca " : "",
+				 status & GNUTLS_CERT_INSECURE_ALGORITHM ?
+					"insecure_algorithm " : "",
+				 status & GNUTLS_CERT_NOT_ACTIVATED ?
+					"not_activated " : "",
+				 status & GNUTLS_CERT_EXPIRED ?
+					"expired " : "",
+				 status & GNUTLS_CERT_UNEXPECTED_OWNER ?
+					"unexpected_owner " : ""));
+			tlss->error = EINVAL;
+			tevent_req_error(req, tlss->error);
+			return;
+		}
+	}
+
+	tevent_req_done(req);
+}
+
+int tstream_tls_accept_recv(struct tevent_req *req,
+			    int *perrno,
+			    TALLOC_CTX *mem_ctx,
+			    struct tstream_context **tls_stream)
+{
+	struct tstream_tls_accept_state *state =
+		tevent_req_data(req,
+		struct tstream_tls_accept_state);
+
+	if (tevent_req_is_unix_error(req, perrno)) {
+		tevent_req_received(req);
+		return -1;
+	}
+
+	*tls_stream = talloc_move(mem_ctx, &state->tls_stream);
+	tevent_req_received(req);
+	return 0;
+}
diff --git a/source4/lib/tls/tlscert.c b/source4/lib/tls/tlscert.c
new file mode 100644
index 0000000..36482e3
--- /dev/null
+++ b/source4/lib/tls/tlscert.c
@@ -0,0 +1,159 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   auto-generate self signed TLS certificates
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/tls/tls.h"
+
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+
+#define ORGANISATION_NAME "Samba Administration"
+#define CA_NAME           "Samba - temporary autogenerated CA certificate"
+#define UNIT_NAME         "Samba - temporary autogenerated HOST certificate"
+#define LIFETIME          700*24*60*60
+
+/* FIPS140-2 only allows 2048 or 3072 prime sizes. */
+#define RSA_BITS gnutls_fips140_mode_enabled() ? 3072 : 4096
+
+/* 
+   auto-generate a set of self signed certificates
+*/
+void tls_cert_generate(TALLOC_CTX *mem_ctx, 
+		       const char *hostname, 
+		       const char *keyfile, const char *certfile,
+		       const char *cafile)
+{
+	gnutls_x509_crt_t cacrt, crt;
+	gnutls_x509_privkey_t key, cakey;
+	uint32_t serial = (uint32_t)time(NULL);
+	unsigned char keyid[100];
+	char buf[4096];
+	size_t bufsize;
+	size_t keyidsize = sizeof(keyid);
+	time_t activation = time(NULL), expiry = activation + LIFETIME;
+	int ret;
+
+	if (file_exist(keyfile) || file_exist(certfile) || file_exist(cafile)) {
+		DEBUG(0,("TLS autogeneration skipped - some TLS files already exist\n"));
+		return;
+	}
+
+#define TLSCHECK(call) do { \
+	ret = call; \
+	if (ret < 0) { \
+		DEBUG(0,("TLS %s - %s\n", #call, gnutls_strerror(ret))); \
+		goto failed; \
+	} \
+} while (0)
+
+	DEBUG(0,("Attempting to autogenerate TLS self-signed keys for https for hostname '%s'\n", 
+		 hostname));
+
+	DEBUG(3,("Generating private key\n"));
+	TLSCHECK(gnutls_x509_privkey_init(&key));
+	TLSCHECK(gnutls_x509_privkey_generate(key,   GNUTLS_PK_RSA, RSA_BITS, 0));
+
+	DEBUG(3,("Generating CA private key\n"));
+	TLSCHECK(gnutls_x509_privkey_init(&cakey));
+	TLSCHECK(gnutls_x509_privkey_generate(cakey, GNUTLS_PK_RSA, RSA_BITS, 0));
+
+	DEBUG(3,("Generating CA certificate\n"));
+	TLSCHECK(gnutls_x509_crt_init(&cacrt));
+	TLSCHECK(gnutls_x509_crt_set_dn_by_oid(cacrt, 
+				      GNUTLS_OID_X520_ORGANIZATION_NAME, 0,
+				      ORGANISATION_NAME, strlen(ORGANISATION_NAME)));
+	TLSCHECK(gnutls_x509_crt_set_dn_by_oid(cacrt, 
+				      GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME, 0,
+				      CA_NAME, strlen(CA_NAME)));
+	TLSCHECK(gnutls_x509_crt_set_dn_by_oid(cacrt,
+				      GNUTLS_OID_X520_COMMON_NAME, 0,
+				      hostname, strlen(hostname)));
+	TLSCHECK(gnutls_x509_crt_set_key(cacrt, cakey));
+	TLSCHECK(gnutls_x509_crt_set_serial(cacrt, &serial, sizeof(serial)));
+	TLSCHECK(gnutls_x509_crt_set_activation_time(cacrt, activation));
+	TLSCHECK(gnutls_x509_crt_set_expiration_time(cacrt, expiry));
+	TLSCHECK(gnutls_x509_crt_set_ca_status(cacrt, 1));
+	TLSCHECK(gnutls_x509_crt_set_key_usage(cacrt, GNUTLS_KEY_KEY_CERT_SIGN | GNUTLS_KEY_CRL_SIGN));
+	TLSCHECK(gnutls_x509_crt_set_version(cacrt, 3));
+	TLSCHECK(gnutls_x509_crt_get_key_id(cacrt, 0, keyid, &keyidsize));
+	TLSCHECK(gnutls_x509_crt_set_subject_key_id(cacrt, keyid, keyidsize));
+	TLSCHECK(gnutls_x509_crt_sign2(cacrt, cacrt, cakey,
+				       GNUTLS_DIG_SHA256, 0));
+
+	DEBUG(3,("Generating TLS certificate\n"));
+	TLSCHECK(gnutls_x509_crt_init(&crt));
+	TLSCHECK(gnutls_x509_crt_set_dn_by_oid(crt, 
+				      GNUTLS_OID_X520_ORGANIZATION_NAME, 0,
+				      ORGANISATION_NAME, strlen(ORGANISATION_NAME)));
+	TLSCHECK(gnutls_x509_crt_set_dn_by_oid(crt, 
+				      GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME, 0,
+				      UNIT_NAME, strlen(UNIT_NAME)));
+	TLSCHECK(gnutls_x509_crt_set_dn_by_oid(crt,
+				      GNUTLS_OID_X520_COMMON_NAME, 0,
+				      hostname, strlen(hostname)));
+	TLSCHECK(gnutls_x509_crt_set_key(crt, key));
+	TLSCHECK(gnutls_x509_crt_set_serial(crt, &serial, sizeof(serial)));
+	TLSCHECK(gnutls_x509_crt_set_activation_time(crt, activation));
+	TLSCHECK(gnutls_x509_crt_set_expiration_time(crt, expiry));
+	TLSCHECK(gnutls_x509_crt_set_ca_status(crt, 0));
+	TLSCHECK(gnutls_x509_crt_set_key_purpose_oid(crt, GNUTLS_KP_TLS_WWW_SERVER, 0));
+	TLSCHECK(gnutls_x509_crt_set_version(crt, 3));
+	TLSCHECK(gnutls_x509_crt_get_key_id(crt, 0, keyid, &keyidsize));
+	TLSCHECK(gnutls_x509_crt_set_subject_key_id(crt, keyid, keyidsize));
+	TLSCHECK(gnutls_x509_crt_sign2(crt, crt, key,
+				       GNUTLS_DIG_SHA256, 0));
+	TLSCHECK(gnutls_x509_crt_sign2(crt, cacrt, cakey,
+				       GNUTLS_DIG_SHA256, 0));
+
+	DEBUG(3,("Exporting TLS keys\n"));
+
+	bufsize = sizeof(buf);
+	TLSCHECK(gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_PEM, buf, &bufsize));
+	if (!file_save(certfile, buf, bufsize)) {
+		DEBUG(0,("Unable to save certificate in %s parent dir exists ?\n", certfile));
+		goto failed;
+	}
+
+	bufsize = sizeof(buf);
+	TLSCHECK(gnutls_x509_crt_export(cacrt, GNUTLS_X509_FMT_PEM, buf, &bufsize));
+	if (!file_save(cafile, buf, bufsize)) {
+		DEBUG(0,("Unable to save ca cert in %s parent dir exists ?\n", cafile));
+		goto failed;
+	}
+
+	bufsize = sizeof(buf);
+	TLSCHECK(gnutls_x509_privkey_export(key, GNUTLS_X509_FMT_PEM, buf, &bufsize));
+	if (!file_save_mode(keyfile, buf, bufsize, 0600)) {
+		DEBUG(0,("Unable to save privatekey in %s parent dir exists ?\n", keyfile));
+		goto failed;
+	}
+
+	gnutls_x509_privkey_deinit(key);
+	gnutls_x509_privkey_deinit(cakey);
+	gnutls_x509_crt_deinit(cacrt);
+	gnutls_x509_crt_deinit(crt);
+
+	DEBUG(0,("TLS self-signed keys generated OK\n"));
+	return;
+
+failed:
+	DEBUG(0,("TLS certificate generation failed\n"));
+}
diff --git a/source4/lib/tls/wscript_build b/source4/lib/tls/wscript_build
new file mode 100644
index 0000000..7980a63
--- /dev/null
+++ b/source4/lib/tls/wscript_build
@@ -0,0 +1,15 @@
+#!/usr/bin/env python
+
+bld.SAMBA_SUBSYSTEM('LIBTLS',
+                    source='''
+                           tlscert.c
+                           tls_tstream.c
+                           ''',
+                    public_deps='''
+                                talloc
+                                gnutls
+                                samba-hostconfig
+                                LIBTSOCKET
+                                tevent
+                                tevent-util
+                                ''')
diff --git a/source4/libcli/cliconnect.c b/source4/libcli/cliconnect.c
new file mode 100644
index 0000000..58118b0
--- /dev/null
+++ b/source4/libcli/cliconnect.c
@@ -0,0 +1,284 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   client connect/disconnect routines
+
+   Copyright (C) Andrew Tridgell 2003-2005
+   Copyright (C) James Peach 2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/libcli.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/auth/libcli_auth.h"
+#include "libcli/smb_composite/smb_composite.h"
+#include "libcli/smb/smbXcli_base.h"
+
+/*
+  wrapper around smbcli_sock_connect()
+*/
+bool smbcli_socket_connect(struct smbcli_state *cli, const char *server, 
+			   const char **ports, 
+			   struct tevent_context *ev_ctx,
+			   struct resolve_context *resolve_ctx,
+			   struct smbcli_options *options,
+			   const char *socket_options,
+			   struct nbt_name *calling,
+			   struct nbt_name *called)
+{
+	NTSTATUS status;
+
+	cli->options = *options;
+
+	status = smbcli_sock_connect(cli,
+				     NULL, /* host_addr */
+				     ports,
+				     server,
+				     resolve_ctx,
+				     ev_ctx,
+				     socket_options,
+				     calling,
+				     called,
+				     &cli->sock);
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+
+	return true;
+}
+
+/* wrapper around smb_raw_negotiate() */
+NTSTATUS smbcli_negprot(struct smbcli_state *cli, bool unicode, int maxprotocol)
+{
+	if (unicode) {
+		cli->options.unicode = 1;
+	} else {
+		cli->options.unicode = 0;
+	}
+
+	cli->transport = smbcli_transport_init(cli->sock, cli,
+					       true, &cli->options);
+	cli->sock = NULL;
+	if (!cli->transport) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	return smb_raw_negotiate(cli->transport, unicode, PROTOCOL_CORE, maxprotocol);
+}
+
+/* wrapper around smb_raw_sesssetup() */
+NTSTATUS smbcli_session_setup(struct smbcli_state *cli, 
+			      struct cli_credentials *credentials,
+			      const char *workgroup,
+			      struct smbcli_session_options options,
+			      struct gensec_settings *gensec_settings)
+{
+	struct smb_composite_sesssetup setup;
+	NTSTATUS status;
+
+	cli->session = smbcli_session_init(cli->transport, cli, true,
+					   options);
+	if (!cli->session) return NT_STATUS_UNSUCCESSFUL;
+
+	setup.in.sesskey = cli->transport->negotiate.sesskey;
+	setup.in.capabilities = cli->transport->negotiate.capabilities;
+	setup.in.credentials = credentials;
+	setup.in.workgroup = workgroup;
+	setup.in.gensec_settings = gensec_settings;
+
+	status = smb_composite_sesssetup(cli->session, &setup);
+
+	cli->session->vuid = setup.out.vuid;
+
+	return status;
+}
+
+/* wrapper around smb_raw_tcon() */
+NTSTATUS smbcli_tconX(struct smbcli_state *cli, const char *sharename, 
+		      const char *devtype, const char *password)
+{
+	union smb_tcon tcon;
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+
+	cli->tree = smbcli_tree_init(cli->session, cli, true);
+	if (!cli->tree) return NT_STATUS_UNSUCCESSFUL;
+
+	mem_ctx = talloc_init("tcon");
+	if (!mem_ctx) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* setup a tree connect */
+	tcon.generic.level = RAW_TCON_TCONX;
+	tcon.tconx.in.flags = TCONX_FLAG_EXTENDED_RESPONSE;
+	tcon.tconx.in.flags |= TCONX_FLAG_EXTENDED_SIGNATURES;
+	if (cli->transport->negotiate.sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) {
+		tcon.tconx.in.password = data_blob(NULL, 0);
+	} else if (cli->transport->negotiate.sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) {
+		tcon.tconx.in.password = data_blob_talloc(mem_ctx, NULL, 24);
+		if (cli->transport->negotiate.secblob.length < 8) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+		SMBencrypt(password, cli->transport->negotiate.secblob.data, tcon.tconx.in.password.data);
+	} else {
+		tcon.tconx.in.password = data_blob_talloc(mem_ctx, password, strlen(password)+1);
+	}
+	tcon.tconx.in.path = sharename;
+	tcon.tconx.in.device = devtype;
+	
+	status = smb_raw_tcon(cli->tree, mem_ctx, &tcon);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto out;
+	}
+	cli->tree->tid = tcon.tconx.out.tid;
+
+	if (tcon.tconx.out.options & SMB_EXTENDED_SIGNATURES) {
+		smb1cli_session_protect_session_key(cli->tree->session->smbXcli);
+	}
+
+out:
+	talloc_free(mem_ctx);
+
+	return status;
+}
+
+
+/*
+  easy way to get to a fully connected smbcli_state in one call
+*/
+NTSTATUS smbcli_full_connection(TALLOC_CTX *parent_ctx,
+				struct smbcli_state **ret_cli, 
+				const char *host,
+				const char **ports,
+				const char *sharename,
+				const char *devtype,
+				const char *socket_options,
+				struct cli_credentials *credentials,
+				struct resolve_context *resolve_ctx,
+				struct tevent_context *ev,
+				struct smbcli_options *options,
+				struct smbcli_session_options *session_options,
+				struct gensec_settings *gensec_settings)
+{
+	struct smbcli_tree *tree;
+	NTSTATUS status;
+
+	*ret_cli = NULL;
+
+	status = smbcli_tree_full_connection(parent_ctx,
+					     &tree, host, ports, 
+					     sharename, devtype,
+						 socket_options,
+					     credentials, resolve_ctx, ev,
+					     options,
+					     session_options,
+						 gensec_settings);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
+
+	(*ret_cli) = smbcli_state_init(parent_ctx);
+
+	(*ret_cli)->tree = tree;
+	(*ret_cli)->session = tree->session;
+	(*ret_cli)->transport = tree->session->transport;
+
+	talloc_steal(*ret_cli, tree);
+	
+done:
+	return status;
+}
+
+
+/*
+  disconnect the tree
+*/
+NTSTATUS smbcli_tdis(struct smbcli_state *cli)
+{
+	return smb_tree_disconnect(cli->tree);
+}
+
+/****************************************************************************
+ Initialise a client state structure.
+****************************************************************************/
+struct smbcli_state *smbcli_state_init(TALLOC_CTX *mem_ctx)
+{
+	return talloc_zero(mem_ctx, struct smbcli_state);
+}
+
+/* Insert a NULL at the first separator of the given path and return a pointer
+ * to the remainder of the string.
+ */
+static char *
+terminate_path_at_separator(char * path)
+{
+	char * p;
+
+	if (!path) {
+		return NULL;
+	}
+
+	if ((p = strchr_m(path, '/'))) {
+		*p = '\0';
+		return p + 1;
+	}
+
+	if ((p = strchr_m(path, '\\'))) {
+		*p = '\0';
+		return p + 1;
+	}
+	
+	/* No separator. */
+	return NULL;
+}
+
+/*
+  parse a //server/share type UNC name
+*/
+bool smbcli_parse_unc(const char *unc_name, TALLOC_CTX *mem_ctx,
+		      char **hostname, char **sharename)
+{
+	char *p;
+
+	if (strncmp(unc_name, "\\\\", 2) &&
+	    strncmp(unc_name, "//", 2)) {
+		return false;
+	}
+
+	*hostname = *sharename = NULL;
+
+	*hostname = talloc_strdup(mem_ctx, &unc_name[2]);
+	p = terminate_path_at_separator(*hostname);
+
+	if (p != NULL && *p) {
+		*sharename = talloc_strdup(mem_ctx, p);
+		terminate_path_at_separator(*sharename);
+	}
+
+	if (*hostname && *sharename) {
+		return true;
+	}
+
+	talloc_free(*hostname);
+	talloc_free(*sharename);
+	*hostname = *sharename = NULL;
+	return false;
+}
+
+
+
diff --git a/source4/libcli/clideltree.c b/source4/libcli/clideltree.c
new file mode 100644
index 0000000..3e4f9fb
--- /dev/null
+++ b/source4/libcli/clideltree.c
@@ -0,0 +1,146 @@
+/* 
+   Unix SMB/CIFS implementation.
+   useful function for deleting a whole directory tree
+   Copyright (C) Andrew Tridgell 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/libcli.h"
+#include "system/dir.h"
+
+struct delete_state {
+	struct smbcli_tree *tree;
+	int total_deleted;
+	bool failed;
+};
+
+/* 
+   callback function for torture_deltree() 
+*/
+static void delete_fn(struct clilist_file_info *finfo, const char *name, void *state)
+{
+	struct delete_state *dstate = (struct delete_state *)state;
+	char *s, *n;
+	if (ISDOT(finfo->name) || ISDOTDOT(finfo->name)) {
+		return;
+	}
+
+	n = strdup(name);
+	n[strlen(n)-1] = 0;
+	if (asprintf(&s, "%s%s", n, finfo->name) < 0) {
+		free(n);
+		return;
+	}
+
+	if (finfo->attrib & FILE_ATTRIBUTE_READONLY) {
+		if (NT_STATUS_IS_ERR(smbcli_setatr(dstate->tree, s, 0, 0))) {
+			DEBUG(2,("Failed to remove READONLY on %s - %s\n",
+				 s, smbcli_errstr(dstate->tree)));			
+		}
+	}
+
+	if (finfo->attrib & FILE_ATTRIBUTE_DIRECTORY) {
+		char *s2;
+		if (asprintf(&s2, "%s\\*", s) < 0) {
+			free(s);
+			free(n);
+			return;
+		}
+		smbcli_unlink(dstate->tree, s2);
+		smbcli_list(dstate->tree, s2, 
+			 FILE_ATTRIBUTE_DIRECTORY|FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM, 
+			 delete_fn, state);
+		free(s2);
+		if (NT_STATUS_IS_ERR(smbcli_rmdir(dstate->tree, s))) {
+			DEBUG(2,("Failed to delete %s - %s\n", 
+				 s, smbcli_errstr(dstate->tree)));
+			dstate->failed = true;
+		}
+		dstate->total_deleted++;
+	} else {
+		if (NT_STATUS_IS_ERR(smbcli_unlink(dstate->tree, s))) {
+			DEBUG(2,("Failed to delete %s - %s\n", 
+				 s, smbcli_errstr(dstate->tree)));
+			dstate->failed = true;
+		}
+		dstate->total_deleted++;
+	}
+	free(s);
+	free(n);
+}
+
+/* 
+   recursively descend a tree deleting all files
+   returns the number of files deleted, or -1 on error
+*/
+int smbcli_deltree(struct smbcli_tree *tree, const char *dname)
+{
+	char *mask;
+	struct delete_state dstate;
+	NTSTATUS status;
+
+	dstate.tree = tree;
+	dstate.total_deleted = 0;
+	dstate.failed = false;
+
+	/* it might be a file */
+	status = smbcli_unlink(tree, dname);
+	if (NT_STATUS_IS_OK(status)) {
+		return 1;
+	}
+	if (NT_STATUS_EQUAL(smbcli_nt_error(tree), NT_STATUS_OBJECT_NAME_NOT_FOUND) ||
+	    NT_STATUS_EQUAL(smbcli_nt_error(tree), NT_STATUS_OBJECT_PATH_NOT_FOUND) ||
+	    NT_STATUS_EQUAL(smbcli_nt_error(tree), NT_STATUS_NO_SUCH_FILE) ||
+	    NT_STATUS_EQUAL(smbcli_nt_error(tree), NT_STATUS_DOS(ERRDOS, ERRbadfile))) {
+		return 0;
+	}
+	if (NT_STATUS_EQUAL(status, NT_STATUS_CANNOT_DELETE)) {
+		/* it could be read-only */
+		smbcli_setatr(tree, dname, FILE_ATTRIBUTE_NORMAL, 0);
+		if (NT_STATUS_IS_OK(smbcli_unlink(tree, dname))) {
+			return 1;
+		}
+	}
+
+	if (asprintf(&mask, "%s\\*", dname) < 0) {
+		return -1;
+	}
+	smbcli_unlink_wcard(dstate.tree, mask);
+	smbcli_list(dstate.tree, mask, 
+		 FILE_ATTRIBUTE_DIRECTORY|FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM, 
+		 delete_fn, &dstate);
+	free(mask);
+
+	status = smbcli_rmdir(dstate.tree, dname);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_CANNOT_DELETE)) {
+		/* it could be read-only */
+		smbcli_setatr(dstate.tree, dname, FILE_ATTRIBUTE_NORMAL, 0);
+		status = smbcli_rmdir(dstate.tree, dname);
+	}
+	if (NT_STATUS_IS_ERR(status)) {
+		DEBUG(2,("Failed to delete %s - %s\n", 
+			 dname, smbcli_errstr(dstate.tree)));
+		return -1;
+	}
+	dstate.total_deleted++;
+
+	if (dstate.failed) {
+		return -1;
+	}
+
+	return dstate.total_deleted;
+}
diff --git a/source4/libcli/clifile.c b/source4/libcli/clifile.c
new file mode 100644
index 0000000..c6a5cd5
--- /dev/null
+++ b/source4/libcli/clifile.c
@@ -0,0 +1,767 @@
+/* 
+   Unix SMB/CIFS implementation.
+   client file operations
+   Copyright (C) Andrew Tridgell 1994-1998
+   Copyright (C) Jeremy Allison 2001-2002
+   Copyright (C) James Myers 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/libcli.h"
+#include "system/dir.h"
+
+/****************************************************************************
+ Hard/Symlink a file (UNIX extensions).
+****************************************************************************/
+
+static NTSTATUS smbcli_link_internal(struct smbcli_tree *tree, 
+				  const char *fname_src, 
+				  const char *fname_dst, bool hard_link)
+{
+	union smb_setfileinfo parms;
+	NTSTATUS status;
+
+	if (hard_link) {
+		parms.generic.level = RAW_SFILEINFO_UNIX_HLINK;
+		parms.unix_hlink.in.file.path = fname_src;
+		parms.unix_hlink.in.link_dest = fname_dst;
+	} else {
+		parms.generic.level = RAW_SFILEINFO_UNIX_LINK;
+		parms.unix_link.in.file.path = fname_src;
+		parms.unix_link.in.link_dest = fname_dst;
+	}
+	
+	status = smb_raw_setpathinfo(tree, &parms);
+
+	return status;
+}
+
+/****************************************************************************
+ Symlink a file (UNIX extensions).
+****************************************************************************/
+NTSTATUS smbcli_unix_symlink(struct smbcli_tree *tree, const char *fname_src, 
+			  const char *fname_dst)
+{
+	return smbcli_link_internal(tree, fname_src, fname_dst, false);
+}
+
+/****************************************************************************
+ Hard a file (UNIX extensions).
+****************************************************************************/
+NTSTATUS smbcli_unix_hardlink(struct smbcli_tree *tree, const char *fname_src, 
+			   const char *fname_dst)
+{
+	return smbcli_link_internal(tree, fname_src, fname_dst, true);
+}
+
+
+/****************************************************************************
+ Chmod or chown a file internal (UNIX extensions).
+****************************************************************************/
+static NTSTATUS smbcli_unix_chmod_chown_internal(struct smbcli_tree *tree, 
+					      const char *fname, 
+					      uint32_t mode, uint32_t uid, 
+					      uint32_t gid)
+{
+	union smb_setfileinfo parms;
+	NTSTATUS status;
+
+	parms.generic.level = SMB_SFILEINFO_UNIX_BASIC;
+	parms.unix_basic.in.file.path = fname;
+	parms.unix_basic.in.uid = uid;
+	parms.unix_basic.in.gid = gid;
+	parms.unix_basic.in.mode = mode;
+	
+	status = smb_raw_setpathinfo(tree, &parms);
+
+	return status;
+}
+
+/****************************************************************************
+ chmod a file (UNIX extensions).
+****************************************************************************/
+
+NTSTATUS smbcli_unix_chmod(struct smbcli_tree *tree, const char *fname, mode_t mode)
+{
+	return smbcli_unix_chmod_chown_internal(tree, fname, 
+					     unix_perms_to_wire(mode), 
+					     SMB_UID_NO_CHANGE, 
+					     SMB_GID_NO_CHANGE);
+}
+
+/****************************************************************************
+ chown a file (UNIX extensions).
+****************************************************************************/
+NTSTATUS smbcli_unix_chown(struct smbcli_tree *tree, const char *fname, uid_t uid, 
+			gid_t gid)
+{
+	return smbcli_unix_chmod_chown_internal(tree, fname, SMB_MODE_NO_CHANGE, 
+					     (uint32_t)uid, (uint32_t)gid);
+}
+
+
+/****************************************************************************
+ Rename a file.
+****************************************************************************/
+NTSTATUS smbcli_rename(struct smbcli_tree *tree, const char *fname_src, 
+		    const char *fname_dst)
+{
+	union smb_rename parms;
+
+	parms.generic.level = RAW_RENAME_RENAME;
+	parms.rename.in.attrib = FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_DIRECTORY;
+	parms.rename.in.pattern1 = fname_src;
+	parms.rename.in.pattern2 = fname_dst;
+
+	return smb_raw_rename(tree, &parms);
+}
+
+
+/****************************************************************************
+ Delete a file.
+****************************************************************************/
+NTSTATUS smbcli_unlink(struct smbcli_tree *tree, const char *fname)
+{
+	union smb_unlink parms;
+
+	parms.unlink.in.pattern = fname;
+	parms.unlink.in.attrib = FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_DIRECTORY;
+
+	return smb_raw_unlink(tree, &parms);
+}
+
+struct wcard_delete_state {
+	struct smbcli_tree *tree;
+	NTSTATUS status;
+	char *error_name; /* To help debugging. */
+};
+
+static void del_fn(struct clilist_file_info *finfo,
+			const char *pattern,
+			void *priv)
+{
+	NTSTATUS status;
+	union smb_unlink parms;
+	char *filename = NULL;
+	char *dirname = NULL;
+	char *p = NULL;
+	struct wcard_delete_state *state = (struct wcard_delete_state *)priv;
+
+	if (ISDOT(finfo->name) || ISDOTDOT(finfo->name)) {
+		return;
+	}
+	dirname = talloc_strdup(state, pattern);
+	if (dirname == NULL) {
+		TALLOC_FREE(state->error_name);
+		state->status = NT_STATUS_NO_MEMORY;
+		return;
+	}
+	p = strrchr_m(dirname, '\\');
+	if (p != NULL) {
+		/* Remove the terminating '\' */
+		*p = '\0';
+	}
+	if (dirname[0] != '\0') {
+		filename = talloc_asprintf(dirname,
+					   "%s\\%s",
+					   dirname,
+					   finfo->name);
+	} else {
+		filename = talloc_asprintf(dirname,
+					   "%s",
+					   finfo->name);
+	}
+	if (filename == NULL) {
+		TALLOC_FREE(dirname);
+		TALLOC_FREE(state->error_name);
+		state->status = NT_STATUS_NO_MEMORY;
+		return;
+	}
+	parms.unlink.in.pattern = filename;
+	parms.unlink.in.attrib = FILE_ATTRIBUTE_SYSTEM |
+				 FILE_ATTRIBUTE_HIDDEN;
+	status = smb_raw_unlink(state->tree, &parms);
+	if (NT_STATUS_IS_OK(state->status)) {
+		state->status = status;
+		if (!NT_STATUS_IS_OK(status)) {
+			/*
+			 * Save off the name we failed to
+			 * delete to help debugging.
+			 */
+			state->error_name = talloc_move(state, &filename);
+		}
+	}
+	TALLOC_FREE(dirname);
+}
+
+/****************************************************************************
+ Delete a file, possibly with a wildcard pattern.
+****************************************************************************/
+NTSTATUS smbcli_unlink_wcard(struct smbcli_tree *tree, const char *pattern)
+{
+	NTSTATUS status;
+	int ret;
+	struct wcard_delete_state *state = NULL;
+
+	if (strchr(pattern, '*') == NULL) {
+		/* No wildcard, just call smbcli_unlink(). */
+		return smbcli_unlink(tree, pattern);
+	}
+	state = talloc_zero(tree, struct wcard_delete_state);
+	if (state == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	state->tree = tree;
+	ret = smbcli_list(tree,
+			  pattern,
+			  FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN,
+			  del_fn,
+			  state);
+	status = state->status;
+	TALLOC_FREE(state);
+	if (ret < 0) {
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	return status;
+}
+
+/****************************************************************************
+ Create a directory.
+****************************************************************************/
+NTSTATUS smbcli_mkdir(struct smbcli_tree *tree, const char *dname)
+{
+	union smb_mkdir parms;
+
+	parms.mkdir.level = RAW_MKDIR_MKDIR;
+	parms.mkdir.in.path = dname;
+
+	return smb_raw_mkdir(tree, &parms);
+}
+
+
+/****************************************************************************
+ Remove a directory.
+****************************************************************************/
+NTSTATUS smbcli_rmdir(struct smbcli_tree *tree, const char *dname)
+{
+	struct smb_rmdir parms;
+
+	parms.in.path = dname;
+
+	return smb_raw_rmdir(tree, &parms);
+}
+
+
+/****************************************************************************
+ Set or clear the delete on close flag.
+****************************************************************************/
+NTSTATUS smbcli_nt_delete_on_close(struct smbcli_tree *tree, int fnum, 
+				   bool flag)
+{
+	union smb_setfileinfo parms;
+	NTSTATUS status;
+
+	parms.disposition_info.level = RAW_SFILEINFO_DISPOSITION_INFO;
+	parms.disposition_info.in.file.fnum = fnum;
+	parms.disposition_info.in.delete_on_close = flag;
+	
+	status = smb_raw_setfileinfo(tree, &parms);
+
+	return status;
+}
+
+
+/****************************************************************************
+ Create/open a file - exposing the full horror of the NT API :-).
+ Used in CIFS-on-CIFS NTVFS.
+****************************************************************************/
+int smbcli_nt_create_full(struct smbcli_tree *tree, const char *fname,
+		       uint32_t CreatFlags, uint32_t DesiredAccess,
+		       uint32_t FileAttributes, uint32_t ShareAccess,
+		       uint32_t CreateDisposition, uint32_t CreateOptions,
+		       uint8_t SecurityFlags)
+{
+	union smb_open open_parms;
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+
+	mem_ctx = talloc_init("raw_open");
+	if (!mem_ctx) return -1;
+
+	open_parms.ntcreatex.level = RAW_OPEN_NTCREATEX;
+	open_parms.ntcreatex.in.flags = CreatFlags;
+	open_parms.ntcreatex.in.root_fid.fnum = 0;
+	open_parms.ntcreatex.in.access_mask = DesiredAccess;
+	open_parms.ntcreatex.in.file_attr = FileAttributes;
+	open_parms.ntcreatex.in.alloc_size = 0;
+	open_parms.ntcreatex.in.share_access = ShareAccess;
+	open_parms.ntcreatex.in.open_disposition = CreateDisposition;
+	open_parms.ntcreatex.in.create_options = CreateOptions;
+	open_parms.ntcreatex.in.impersonation = 0;
+	open_parms.ntcreatex.in.security_flags = SecurityFlags;
+	open_parms.ntcreatex.in.fname = fname;
+
+	status = smb_raw_open(tree, mem_ctx, &open_parms);
+	talloc_free(mem_ctx);
+
+	if (NT_STATUS_IS_OK(status)) {
+		return open_parms.ntcreatex.out.file.fnum;
+	}
+	
+	return -1;
+}
+
+
+/****************************************************************************
+ Open a file (using SMBopenx)
+ WARNING: if you open with O_WRONLY then getattrE won't work!
+****************************************************************************/
+int smbcli_open(struct smbcli_tree *tree, const char *fname, int flags, 
+	     int share_mode)
+{
+	union smb_open open_parms;
+	unsigned int openfn=0;
+	unsigned int accessmode=0;
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+
+	mem_ctx = talloc_init("raw_open");
+	if (!mem_ctx) return -1;
+
+	if (flags & O_CREAT) {
+		openfn |= OPENX_OPEN_FUNC_CREATE;
+	}
+	if (!(flags & O_EXCL)) {
+		if (flags & O_TRUNC) {
+			openfn |= OPENX_OPEN_FUNC_TRUNC;
+		} else {
+			openfn |= OPENX_OPEN_FUNC_OPEN;
+		}
+	}
+
+	accessmode = (share_mode<<OPENX_MODE_DENY_SHIFT);
+
+	if ((flags & O_ACCMODE) == O_RDWR) {
+		accessmode |= OPENX_MODE_ACCESS_RDWR;
+	} else if ((flags & O_ACCMODE) == O_WRONLY) {
+		accessmode |= OPENX_MODE_ACCESS_WRITE;
+	} 
+
+#if defined(O_SYNC)
+	if ((flags & O_SYNC) == O_SYNC) {
+		accessmode |= OPENX_MODE_WRITE_THRU;
+	}
+#endif
+
+	if (share_mode == DENY_FCB) {
+		accessmode = OPENX_MODE_ACCESS_FCB | OPENX_MODE_DENY_FCB;
+	}
+
+	open_parms.openx.level = RAW_OPEN_OPENX;
+	open_parms.openx.in.flags = 0;
+	open_parms.openx.in.open_mode = accessmode;
+	open_parms.openx.in.search_attrs = FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN;
+	open_parms.openx.in.file_attrs = 0;
+	open_parms.openx.in.write_time = 0;
+	open_parms.openx.in.open_func = openfn;
+	open_parms.openx.in.size = 0;
+	open_parms.openx.in.timeout = 0;
+	open_parms.openx.in.fname = fname;
+
+	status = smb_raw_open(tree, mem_ctx, &open_parms);
+	talloc_free(mem_ctx);
+
+	if (NT_STATUS_IS_OK(status)) {
+		return open_parms.openx.out.file.fnum;
+	}
+
+	return -1;
+}
+
+
+/****************************************************************************
+ Close a file.
+****************************************************************************/
+NTSTATUS smbcli_close(struct smbcli_tree *tree, int fnum)
+{
+	union smb_close close_parms;
+	NTSTATUS status;
+
+	close_parms.close.level = RAW_CLOSE_CLOSE;
+	close_parms.close.in.file.fnum = fnum;
+	close_parms.close.in.write_time = 0;
+	status = smb_raw_close(tree, &close_parms);
+	return status;
+}
+
+/****************************************************************************
+ send a lock with a specified locktype 
+ this is used for testing LOCKING_ANDX_CANCEL_LOCK
+****************************************************************************/
+NTSTATUS smbcli_locktype(struct smbcli_tree *tree, int fnum, 
+		      uint32_t offset, uint32_t len, int timeout, 
+		      uint8_t locktype)
+{
+	union smb_lock parms;
+	struct smb_lock_entry lock[1];
+	NTSTATUS status;
+
+	parms.lockx.level = RAW_LOCK_LOCKX;
+	parms.lockx.in.file.fnum = fnum;
+	parms.lockx.in.mode = locktype;
+	parms.lockx.in.timeout = timeout;
+	parms.lockx.in.ulock_cnt = 0;
+	parms.lockx.in.lock_cnt = 1;
+	lock[0].pid = tree->session->pid;
+	lock[0].offset = offset;
+	lock[0].count = len;
+	parms.lockx.in.locks = &lock[0];
+
+	status = smb_raw_lock(tree, &parms);
+	
+	return status;
+}
+
+
+/****************************************************************************
+ Lock a file.
+****************************************************************************/
+NTSTATUS smbcli_lock(struct smbcli_tree *tree, int fnum, 
+		  uint32_t offset, uint32_t len, int timeout, 
+		  enum brl_type lock_type)
+{
+	union smb_lock parms;
+	struct smb_lock_entry lock[1];
+	NTSTATUS status;
+
+	parms.lockx.level = RAW_LOCK_LOCKX;
+	parms.lockx.in.file.fnum = fnum;
+	parms.lockx.in.mode = (lock_type == READ_LOCK? 1 : 0);
+	parms.lockx.in.timeout = timeout;
+	parms.lockx.in.ulock_cnt = 0;
+	parms.lockx.in.lock_cnt = 1;
+	lock[0].pid = tree->session->pid;
+	lock[0].offset = offset;
+	lock[0].count = len;
+	parms.lockx.in.locks = &lock[0];
+
+	status = smb_raw_lock(tree, &parms);
+
+	return status;
+}
+
+
+/****************************************************************************
+ Unlock a file.
+****************************************************************************/
+NTSTATUS smbcli_unlock(struct smbcli_tree *tree, int fnum, uint32_t offset, uint32_t len)
+{
+	union smb_lock parms;
+	struct smb_lock_entry lock[1];
+	NTSTATUS status;
+
+	parms.lockx.level = RAW_LOCK_LOCKX;
+	parms.lockx.in.file.fnum = fnum;
+	parms.lockx.in.mode = 0;
+	parms.lockx.in.timeout = 0;
+	parms.lockx.in.ulock_cnt = 1;
+	parms.lockx.in.lock_cnt = 0;
+	lock[0].pid = tree->session->pid;
+	lock[0].offset = offset;
+	lock[0].count = len;
+	parms.lockx.in.locks = &lock[0];
+	
+	status = smb_raw_lock(tree, &parms);
+	return status;
+}
+	
+
+/****************************************************************************
+ Lock a file with 64 bit offsets.
+****************************************************************************/
+NTSTATUS smbcli_lock64(struct smbcli_tree *tree, int fnum, 
+		    off_t offset, off_t len, int timeout, 
+		    enum brl_type lock_type)
+{
+	union smb_lock parms;
+	int ltype;
+	struct smb_lock_entry lock[1];
+	NTSTATUS status;
+
+	if (!(tree->session->transport->negotiate.capabilities & CAP_LARGE_FILES)) {
+		return smbcli_lock(tree, fnum, offset, len, timeout, lock_type);
+	}
+
+	parms.lockx.level = RAW_LOCK_LOCKX;
+	parms.lockx.in.file.fnum = fnum;
+	
+	ltype = (lock_type == READ_LOCK? 1 : 0);
+	ltype |= LOCKING_ANDX_LARGE_FILES;
+	parms.lockx.in.mode = ltype;
+	parms.lockx.in.timeout = timeout;
+	parms.lockx.in.ulock_cnt = 0;
+	parms.lockx.in.lock_cnt = 1;
+	lock[0].pid = tree->session->pid;
+	lock[0].offset = offset;
+	lock[0].count = len;
+	parms.lockx.in.locks = &lock[0];
+
+	status = smb_raw_lock(tree, &parms);
+	
+	return status;
+}
+
+
+/****************************************************************************
+ Unlock a file with 64 bit offsets.
+****************************************************************************/
+NTSTATUS smbcli_unlock64(struct smbcli_tree *tree, int fnum, off_t offset, 
+			 off_t len)
+{
+	union smb_lock parms;
+	struct smb_lock_entry lock[1];
+	NTSTATUS status;
+
+	if (!(tree->session->transport->negotiate.capabilities & CAP_LARGE_FILES)) {
+		return smbcli_unlock(tree, fnum, offset, len);
+	}
+
+	parms.lockx.level = RAW_LOCK_LOCKX;
+	parms.lockx.in.file.fnum = fnum;
+	parms.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+	parms.lockx.in.timeout = 0;
+	parms.lockx.in.ulock_cnt = 1;
+	parms.lockx.in.lock_cnt = 0;
+	lock[0].pid = tree->session->pid;
+	lock[0].offset = offset;
+	lock[0].count = len;
+	parms.lockx.in.locks = &lock[0];
+
+	status = smb_raw_lock(tree, &parms);
+
+	return status;
+}
+
+
+/****************************************************************************
+ Do a SMBgetattrE call.
+****************************************************************************/
+NTSTATUS smbcli_getattrE(struct smbcli_tree *tree, int fnum,
+		      uint16_t *attr, size_t *size,
+		      time_t *c_time, time_t *a_time, time_t *m_time)
+{		
+	union smb_fileinfo parms;
+	NTSTATUS status;
+
+	parms.getattre.level = RAW_FILEINFO_GETATTRE;
+	parms.getattre.in.file.fnum = fnum;
+
+	status = smb_raw_fileinfo(tree, NULL, &parms);
+
+	if (!NT_STATUS_IS_OK(status))
+		return status;
+
+	if (size) {
+		*size = parms.getattre.out.size;
+	}
+
+	if (attr) {
+		*attr = parms.getattre.out.attrib;
+	}
+
+	if (c_time) {
+		*c_time = parms.getattre.out.create_time;
+	}
+
+	if (a_time) {
+		*a_time = parms.getattre.out.access_time;
+	}
+
+	if (m_time) {
+		*m_time = parms.getattre.out.write_time;
+	}
+
+	return status;
+}
+
+/****************************************************************************
+ Do a SMBgetatr call
+****************************************************************************/
+NTSTATUS smbcli_getatr(struct smbcli_tree *tree, const char *fname, 
+		    uint16_t *attr, size_t *size, time_t *t)
+{
+	union smb_fileinfo parms;
+	NTSTATUS status;
+
+	parms.getattr.level = RAW_FILEINFO_GETATTR;
+	parms.getattr.in.file.path = fname;
+
+	status = smb_raw_pathinfo(tree, NULL, &parms);
+	
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (size) {
+		*size = parms.getattr.out.size;
+	}
+
+	if (t) {
+		*t = parms.getattr.out.write_time;
+	}
+
+	if (attr) {
+		*attr = parms.getattr.out.attrib;
+	}
+
+	return status;
+}
+
+
+/****************************************************************************
+ Do a SMBsetatr call.
+****************************************************************************/
+NTSTATUS smbcli_setatr(struct smbcli_tree *tree, const char *fname, uint16_t mode, 
+		    time_t t)
+{
+	union smb_setfileinfo parms;
+
+	parms.setattr.level = RAW_SFILEINFO_SETATTR;
+	parms.setattr.in.file.path = fname;
+	parms.setattr.in.attrib = mode;
+	parms.setattr.in.write_time = t;
+	
+	return smb_raw_setpathinfo(tree, &parms);
+}
+
+/****************************************************************************
+ Do a setfileinfo basic_info call.
+****************************************************************************/
+NTSTATUS smbcli_fsetatr(struct smbcli_tree *tree, int fnum, uint16_t mode, 
+			NTTIME create_time, NTTIME access_time, 
+			NTTIME write_time, NTTIME change_time)
+{
+	union smb_setfileinfo parms;
+
+	parms.basic_info.level = RAW_SFILEINFO_BASIC_INFO;
+	parms.basic_info.in.file.fnum = fnum;
+	parms.basic_info.in.attrib = mode;
+	parms.basic_info.in.create_time = create_time;
+	parms.basic_info.in.access_time = access_time;
+	parms.basic_info.in.write_time = write_time;
+	parms.basic_info.in.change_time = change_time;
+	
+	return smb_raw_setfileinfo(tree, &parms);
+}
+
+
+/****************************************************************************
+ truncate a file to a given size
+****************************************************************************/
+NTSTATUS smbcli_ftruncate(struct smbcli_tree *tree, int fnum, uint64_t size)
+{
+	union smb_setfileinfo parms;
+
+	parms.end_of_file_info.level = RAW_SFILEINFO_END_OF_FILE_INFO;
+	parms.end_of_file_info.in.file.fnum = fnum;
+	parms.end_of_file_info.in.size = size;
+	
+	return smb_raw_setfileinfo(tree, &parms);
+}
+
+
+/****************************************************************************
+ Check for existence of a dir.
+****************************************************************************/
+NTSTATUS smbcli_chkpath(struct smbcli_tree *tree, const char *path)
+{
+	union smb_chkpath parms;
+	char *path2;
+	NTSTATUS status;
+
+	path2 = strdup(path);
+	trim_string(path2,NULL,"\\");
+	if (!*path2) {
+		free(path2);
+		path2 = strdup("\\");
+	}
+
+	parms.chkpath.in.path = path2;
+
+	status = smb_raw_chkpath(tree, &parms);
+
+	free(path2);
+
+	return status;
+}
+
+
+/****************************************************************************
+ Query disk space.
+****************************************************************************/
+NTSTATUS smbcli_dskattr(struct smbcli_tree *tree, uint32_t *bsize, 
+			uint64_t *total, uint64_t *avail)
+{
+	union smb_fsinfo fsinfo_parms;
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+
+	mem_ctx = talloc_init("smbcli_dskattr");
+
+	fsinfo_parms.dskattr.level = RAW_QFS_SIZE_INFO;
+	status = smb_raw_fsinfo(tree, mem_ctx, &fsinfo_parms);
+	if (NT_STATUS_IS_OK(status)) {
+		*bsize = fsinfo_parms.size_info.out.bytes_per_sector * fsinfo_parms.size_info.out.sectors_per_unit;
+		*total = fsinfo_parms.size_info.out.total_alloc_units;
+		*avail = fsinfo_parms.size_info.out.avail_alloc_units;
+	}
+
+	talloc_free(mem_ctx);
+	
+	return status;
+}
+
+
+/****************************************************************************
+ Create and open a temporary file.
+****************************************************************************/
+int smbcli_ctemp(struct smbcli_tree *tree, const char *path, char **tmp_path)
+{
+	union smb_open open_parms;
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+	int ret = -1;
+
+	mem_ctx = talloc_init("raw_open");
+	if (!mem_ctx) return ret;
+
+	open_parms.openx.level = RAW_OPEN_CTEMP;
+	open_parms.ctemp.in.attrib = 0;
+	open_parms.ctemp.in.directory = path;
+	open_parms.ctemp.in.write_time = 0;
+
+	status = smb_raw_open(tree, mem_ctx, &open_parms);
+	if (NT_STATUS_IS_OK(status)) {
+		if (tmp_path) {
+			*tmp_path = strdup(open_parms.ctemp.out.name);
+		}
+		ret = open_parms.ctemp.out.file.fnum;
+	}
+	talloc_free(mem_ctx);
+	return ret;
+}
diff --git a/source4/libcli/clilist.c b/source4/libcli/clilist.c
new file mode 100644
index 0000000..eb9199d
--- /dev/null
+++ b/source4/libcli/clilist.c
@@ -0,0 +1,348 @@
+/* 
+   Unix SMB/CIFS implementation.
+   client directory list routines
+   Copyright (C) Andrew Tridgell 1994-2003
+   Copyright (C) James Myers 2003 <myersjj@samba.org>
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/libcli.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+
+struct search_private {
+	struct clilist_file_info *dirlist;
+	TALLOC_CTX *mem_ctx;
+	int dirlist_len;
+	int ff_searchcount;  /* total received in 1 server trip */
+	int total_received;  /* total received all together */
+	enum smb_search_data_level data_level;
+	const char *last_name;     /* used to continue trans2 search */
+	struct smb_search_id id;   /* used for old-style search */
+};
+
+
+/****************************************************************************
+ Interpret a long filename structure.
+****************************************************************************/
+static bool interpret_long_filename(enum smb_search_data_level level,
+				    const union smb_search_data *info,
+				    struct clilist_file_info *finfo)
+{
+	struct clilist_file_info finfo2;
+
+	if (!finfo) finfo = &finfo2;
+	ZERO_STRUCTP(finfo);
+
+	switch (level) {
+	case RAW_SEARCH_DATA_STANDARD:
+		finfo->size = info->standard.size;
+		finfo->mtime = info->standard.write_time;
+		finfo->attrib = info->standard.attrib;
+		finfo->name = info->standard.name.s;
+		finfo->short_name = info->standard.name.s;
+		break;
+
+	case RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO:
+		finfo->size = info->both_directory_info.size;
+		finfo->mtime = nt_time_to_unix(info->both_directory_info.write_time);
+		finfo->attrib = info->both_directory_info.attrib;
+		finfo->short_name = info->both_directory_info.short_name.s;
+		finfo->name = info->both_directory_info.name.s;
+		break;
+
+	default:
+		DEBUG(0,("Unhandled level %d in interpret_long_filename\n", (int)level));
+		return false;
+	}
+
+	return true;
+}
+
+/* callback function used for trans2 search */
+static bool smbcli_list_new_callback(void *private_data, const union smb_search_data *file)
+{
+	struct search_private *state = (struct search_private*) private_data;
+	struct clilist_file_info *tdl;
+ 
+	/* add file info to the dirlist pool */
+	tdl = talloc_realloc(state, 
+			     state->dirlist,
+			     struct clilist_file_info,
+			     state->dirlist_len + 1);
+	if (!tdl) {
+		return false;
+	}
+	state->dirlist = tdl;
+	state->dirlist_len++;
+
+	interpret_long_filename(state->data_level, file, &state->dirlist[state->total_received]);
+
+	state->last_name = state->dirlist[state->total_received].name;
+	state->total_received++;
+	state->ff_searchcount++;
+	
+	return true;
+}
+
+int smbcli_list_new(struct smbcli_tree *tree, const char *Mask, uint16_t attribute, 
+		    enum smb_search_data_level level,
+		    void (*fn)(struct clilist_file_info *, const char *, void *), 
+		    void *caller_state)
+{
+	union smb_search_first first_parms;
+	union smb_search_next next_parms;
+	struct search_private state;  /* for callbacks */
+	int received = 0;
+	bool first = true;
+	int max_matches = 512;
+	char *mask;
+	int ff_eos = 0, i;
+	int ff_dir_handle=0;
+
+	/* initialize state for search */
+	state.mem_ctx = talloc_init("smbcli_list_new");
+	state.dirlist_len = 0;
+	state.total_received = 0;
+	
+	state.dirlist = talloc_array(state.mem_ctx, 
+				     struct clilist_file_info, 0);
+	mask = talloc_strdup(state.mem_ctx, Mask);
+
+	if (level == RAW_SEARCH_DATA_GENERIC) {
+		if (tree->session->transport->negotiate.capabilities & CAP_NT_SMBS) {
+			level = RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO;
+		} else {
+			level = RAW_SEARCH_DATA_STANDARD;
+		}
+	}
+	state.data_level = level;
+
+	while (1) {
+		state.ff_searchcount = 0;
+		if (first) {
+			NTSTATUS status;
+
+			first_parms.t2ffirst.level = RAW_SEARCH_TRANS2;
+			first_parms.t2ffirst.data_level = state.data_level;
+			first_parms.t2ffirst.in.max_count = max_matches;
+			first_parms.t2ffirst.in.search_attrib = attribute;
+			first_parms.t2ffirst.in.pattern = mask;
+			first_parms.t2ffirst.in.flags = FLAG_TRANS2_FIND_CLOSE_IF_END;
+			first_parms.t2ffirst.in.storage_type = 0;
+			
+			status = smb_raw_search_first(tree, 
+						      state.mem_ctx, &first_parms,
+						      (void*)&state, smbcli_list_new_callback);
+			if (!NT_STATUS_IS_OK(status)) {
+				talloc_free(state.mem_ctx);
+				return -1;
+			}
+		
+			ff_dir_handle = first_parms.t2ffirst.out.handle;
+			ff_eos = first_parms.t2ffirst.out.end_of_search;
+			
+			received = first_parms.t2ffirst.out.count;
+			if (received <= 0) break;
+			if (ff_eos) break;
+			first = false;
+		} else {
+			NTSTATUS status;
+
+			next_parms.t2fnext.level = RAW_SEARCH_TRANS2;
+			next_parms.t2fnext.data_level = state.data_level;
+			next_parms.t2fnext.in.max_count = max_matches;
+			next_parms.t2fnext.in.last_name = state.last_name;
+			next_parms.t2fnext.in.handle = ff_dir_handle;
+			next_parms.t2fnext.in.resume_key = 0;
+			next_parms.t2fnext.in.flags = FLAG_TRANS2_FIND_CLOSE_IF_END;
+			
+			status = smb_raw_search_next(tree, 
+						     state.mem_ctx,
+						     &next_parms,
+						     (void*)&state, 
+						     smbcli_list_new_callback);
+			
+			if (!NT_STATUS_IS_OK(status)) {
+				return -1;
+			}
+			ff_eos = next_parms.t2fnext.out.end_of_search;
+			received = next_parms.t2fnext.out.count;
+			if (received <= 0) break;
+			if (ff_eos) break;
+		}
+	}
+
+	for (i=0;i<state.total_received;i++) {
+		fn(&state.dirlist[i], Mask, caller_state);
+	}
+
+	talloc_free(state.mem_ctx);
+
+	return state.total_received;
+}
+
+/****************************************************************************
+ Interpret a short filename structure.
+ The length of the structure is returned.
+****************************************************************************/
+static bool interpret_short_filename(enum smb_search_data_level level,
+				     const union smb_search_data *info,
+				     struct clilist_file_info *finfo)
+{
+	struct clilist_file_info finfo2;
+
+	if (!finfo) finfo = &finfo2;
+	ZERO_STRUCTP(finfo);
+
+	switch (level) {
+	case RAW_SEARCH_DATA_SEARCH:
+		finfo->mtime = info->search.write_time;
+		finfo->size = info->search.size;
+		finfo->attrib = info->search.attrib;
+		finfo->name = info->search.name;
+		finfo->short_name = info->search.name;
+		break;
+
+	default:
+		DEBUG(0,("Unhandled level %d in interpret_short_filename\n", (int)level));
+		return false;
+	}
+	
+	return true;
+}
+
+/* callback function used for smb_search */
+static bool smbcli_list_old_callback(void *private_data, const union smb_search_data *file)
+{
+	struct search_private *state = (struct search_private*) private_data;
+	struct clilist_file_info *tdl;
+	
+	/* add file info to the dirlist pool */
+	tdl = talloc_realloc(state,
+			     state->dirlist,
+			     struct clilist_file_info,
+			     state->dirlist_len + 1);
+
+	if (!tdl) {
+		return false;
+	}
+	state->dirlist = tdl;
+	state->dirlist_len++;
+
+	interpret_short_filename(state->data_level, file, &state->dirlist[state->total_received]);
+
+	state->total_received++;
+	state->ff_searchcount++;
+	state->id = file->search.id; /* return resume info */
+	
+	return true;
+}
+
+int smbcli_list_old(struct smbcli_tree *tree, const char *Mask, uint16_t attribute, 
+		 void (*fn)(struct clilist_file_info *, const char *, void *), 
+		 void *caller_state)
+{
+	union smb_search_first first_parms;
+	union smb_search_next next_parms;
+	struct search_private state;  /* for callbacks */
+	const int num_asked = 500;
+	int received = 0;
+	bool first = true;
+	char *mask;
+	int i;
+
+	/* initialize state for search */
+	state.mem_ctx = talloc_init("smbcli_list_old");
+	state.dirlist_len = 0;
+	state.total_received = 0;
+	state.data_level = RAW_SEARCH_DATA_SEARCH;
+
+	state.dirlist = talloc_array(state.mem_ctx, struct clilist_file_info,
+				     0);
+	mask = talloc_strdup(state.mem_ctx, Mask);
+  
+	while (1) {
+		state.ff_searchcount = 0;
+		if (first) {
+			NTSTATUS status;
+
+			first_parms.search_first.level = RAW_SEARCH_SEARCH;
+			first_parms.search_first.data_level = RAW_SEARCH_DATA_SEARCH;
+			first_parms.search_first.in.max_count = num_asked;
+			first_parms.search_first.in.search_attrib = attribute;
+			first_parms.search_first.in.pattern = mask;
+			
+			status = smb_raw_search_first(tree, state.mem_ctx, 
+						      &first_parms,
+						      (void*)&state, 
+						      smbcli_list_old_callback);
+
+			if (!NT_STATUS_IS_OK(status)) {
+				talloc_free(state.mem_ctx);
+				return -1;
+			}
+		
+			received = first_parms.search_first.out.count;
+			if (received <= 0) break;
+			first = false;
+		} else {
+			NTSTATUS status;
+
+			next_parms.search_next.level = RAW_SEARCH_SEARCH;
+			next_parms.search_next.data_level = RAW_SEARCH_DATA_SEARCH;
+			next_parms.search_next.in.max_count = num_asked;
+			next_parms.search_next.in.search_attrib = attribute;
+			next_parms.search_next.in.id = state.id;
+			
+			status = smb_raw_search_next(tree, state.mem_ctx,
+						     &next_parms,
+						     (void*)&state, 
+						     smbcli_list_old_callback);
+
+			if (NT_STATUS_EQUAL(status, STATUS_NO_MORE_FILES)) {
+				break;
+			}
+			if (!NT_STATUS_IS_OK(status)) {
+				talloc_free(state.mem_ctx);
+				return -1;
+			}
+			received = next_parms.search_next.out.count;
+			if (received <= 0) break;
+		}
+	}
+
+	for (i=0;i<state.total_received;i++) {
+		fn(&state.dirlist[i], Mask, caller_state);
+	}
+
+	talloc_free(state.mem_ctx);
+
+	return state.total_received;
+}
+
+/****************************************************************************
+ Do a directory listing, calling fn on each file found.
+ This auto-switches between old and new style.
+****************************************************************************/
+
+int smbcli_list(struct smbcli_tree *tree, const char *Mask,uint16_t attribute, 
+		void (*fn)(struct clilist_file_info *, const char *, void *), void *state)
+{
+	if (tree->session->transport->negotiate.protocol <= PROTOCOL_LANMAN1)
+		return smbcli_list_old(tree, Mask, attribute, fn, state);
+	return smbcli_list_new(tree, Mask, attribute, RAW_SEARCH_DATA_GENERIC, fn, state);
+}
diff --git a/source4/libcli/climessage.c b/source4/libcli/climessage.c
new file mode 100644
index 0000000..3e9808c
--- /dev/null
+++ b/source4/libcli/climessage.c
@@ -0,0 +1,104 @@
+/* 
+   Unix SMB/CIFS implementation.
+   client message handling routines
+   Copyright (C) Andrew Tridgell 1994-1998
+   Copyright (C) James J Myers 2003  <myersjj@samba.org>
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/libcli.h"
+
+
+/****************************************************************************
+start a message sequence
+****************************************************************************/
+bool smbcli_message_start(struct smbcli_tree *tree, const char *host, const char *username, 
+		       int *grp)
+{
+	struct smbcli_request *req; 
+	
+	req = smbcli_request_setup(tree, SMBsendstrt, 0, 0);
+	if (req == NULL) {
+		return false;
+	}
+	smbcli_req_append_string(req, username, STR_TERMINATE);
+	smbcli_req_append_string(req, host, STR_TERMINATE);
+	if (!smbcli_request_send(req) || 
+	    !smbcli_request_receive(req) ||
+	    smbcli_is_error(tree)) {
+		smbcli_request_destroy(req);
+		return false;
+	}
+
+	*grp = SVAL(req->in.vwv, VWV(0));
+	smbcli_request_destroy(req);
+
+	return true;
+}
+
+
+/****************************************************************************
+send a message 
+****************************************************************************/
+bool smbcli_message_text(struct smbcli_tree *tree, char *msg, int len, int grp)
+{
+	struct smbcli_request *req; 
+	
+	req = smbcli_request_setup(tree, SMBsendtxt, 1, 0);
+	if (req == NULL) {
+		return false;
+	}
+	SSVAL(req->out.vwv, VWV(0), grp);
+
+	smbcli_req_append_bytes(req, (const uint8_t *)msg, len);
+
+	if (!smbcli_request_send(req) || 
+	    !smbcli_request_receive(req) ||
+	    smbcli_is_error(tree)) {
+		smbcli_request_destroy(req);
+		return false;
+	}
+
+	smbcli_request_destroy(req);
+	return true;
+}      
+
+/****************************************************************************
+end a message 
+****************************************************************************/
+bool smbcli_message_end(struct smbcli_tree *tree, int grp)
+{
+	struct smbcli_request *req; 
+	
+	req = smbcli_request_setup(tree, SMBsendend, 1, 0);
+	if (req == NULL) {
+		return false;
+	}
+	SSVAL(req->out.vwv, VWV(0), grp);
+
+	if (!smbcli_request_send(req) || 
+	    !smbcli_request_receive(req) ||
+	    smbcli_is_error(tree)) {
+		smbcli_request_destroy(req);
+		return false;
+	}
+
+	smbcli_request_destroy(req);
+	return true;
+}      
+
diff --git a/source4/libcli/clireadwrite.c b/source4/libcli/clireadwrite.c
new file mode 100644
index 0000000..6ccada9
--- /dev/null
+++ b/source4/libcli/clireadwrite.c
@@ -0,0 +1,167 @@
+/* 
+   Unix SMB/CIFS implementation.
+   client file read/write routines
+   Copyright (C) Andrew Tridgell 1994-1998
+   Copyright (C) James Myers 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/libcli.h"
+
+/****************************************************************************
+  Read size bytes at offset offset using SMBreadX.
+****************************************************************************/
+ssize_t smbcli_read(struct smbcli_tree *tree, int fnum, void *_buf, off_t offset, 
+		 size_t size)
+{
+	uint8_t *buf = (uint8_t *)_buf;
+	union smb_read parms;
+	int readsize;
+	ssize_t total = 0;
+	
+	if (size == 0) {
+		return 0;
+	}
+
+	parms.readx.level = RAW_READ_READX;
+	parms.readx.in.file.fnum = fnum;
+
+	/*
+	 * Set readsize to the maximum size we can handle in one readX,
+	 * rounded down to a multiple of 1024.
+	 */
+	readsize = (tree->session->transport->negotiate.max_xmit - (MIN_SMB_SIZE+32));
+	if (readsize > 0xFFFF) readsize = 0xFFFF;
+
+	while (total < size) {
+		NTSTATUS status;
+
+		readsize = MIN(readsize, size-total);
+
+		parms.readx.in.offset    = offset;
+		parms.readx.in.mincnt    = readsize;
+		parms.readx.in.maxcnt    = readsize;
+		parms.readx.in.remaining = size - total;
+		parms.readx.in.read_for_execute = false;
+		parms.readx.out.data     = buf + total;
+		
+		status = smb_raw_read(tree, &parms);
+		
+		if (!NT_STATUS_IS_OK(status)) {
+			return -1;
+		}
+
+		total += parms.readx.out.nread;
+		offset += parms.readx.out.nread;
+
+		/* If the server returned less than we asked for we're at EOF */
+		if (parms.readx.out.nread < readsize)
+			break;
+	}
+
+	return total;
+}
+
+
+/****************************************************************************
+  write to a file
+  write_mode: 0x0001 disallow write caching
+              0x0002 return bytes remaining
+              0x0004 use raw named pipe protocol
+              0x0008 start of message mode named pipe protocol
+****************************************************************************/
+ssize_t smbcli_write(struct smbcli_tree *tree,
+		     int fnum, uint16_t write_mode,
+		     const void *_buf, off_t offset, size_t size)
+{
+	const uint8_t *buf = (const uint8_t *)_buf;
+	union smb_write parms;
+	int block = (tree->session->transport->negotiate.max_xmit - (MIN_SMB_SIZE+32));
+	ssize_t total = 0;
+
+	if (size == 0) {
+		return 0;
+	}
+
+	if (block > 0xFFFF) block = 0xFFFF;
+
+
+	parms.writex.level = RAW_WRITE_WRITEX;
+	parms.writex.in.file.fnum = fnum;
+	parms.writex.in.wmode = write_mode;
+	parms.writex.in.remaining = 0;
+
+	do {
+		NTSTATUS status;
+
+		block = MIN(block, size - total);
+
+		parms.writex.in.offset = offset;
+		parms.writex.in.count = block;
+		parms.writex.in.data = buf;
+
+		status = smb_raw_write(tree, &parms);
+
+		if (!NT_STATUS_IS_OK(status)) {
+			return -1;
+		}
+
+		offset += parms.writex.out.nwritten;
+		total += parms.writex.out.nwritten;
+		buf += parms.writex.out.nwritten;
+	} while (total < size);
+
+	return total;
+}
+
+/****************************************************************************
+  write to a file using a SMBwrite and not bypassing 0 byte writes
+****************************************************************************/
+ssize_t smbcli_smbwrite(struct smbcli_tree *tree,
+		     int fnum, const void *_buf, off_t offset, size_t size1)
+{
+	const uint8_t *buf = (const uint8_t *)_buf;
+	union smb_write parms;
+	ssize_t total = 0;
+
+	parms.write.level = RAW_WRITE_WRITE;
+	parms.write.in.remaining = 0;
+	
+	do {
+		size_t size = MIN(size1, tree->session->transport->negotiate.max_xmit - 48);
+		if (size > 0xFFFF) size = 0xFFFF;
+		
+		parms.write.in.file.fnum = fnum;
+		parms.write.in.offset = offset;
+		parms.write.in.count = size;
+		parms.write.in.data = buf + total;
+
+		if (NT_STATUS_IS_ERR(smb_raw_write(tree, &parms)))
+			return -1;
+
+		size = parms.write.out.nwritten;
+		if (size == 0)
+			break;
+
+		size1 -= size;
+		total += size;
+		offset += size;
+	} while (size1);
+
+	return total;
+}
diff --git a/source4/libcli/clitrans2.c b/source4/libcli/clitrans2.c
new file mode 100644
index 0000000..5c5ba65
--- /dev/null
+++ b/source4/libcli/clitrans2.c
@@ -0,0 +1,224 @@
+/* 
+   Unix SMB/CIFS implementation.
+   client trans2 calls
+   Copyright (C) James J Myers 2003	<myersjj@samba.org>
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/libcli.h"
+
+/****************************************************************************
+send a qpathinfo call
+****************************************************************************/
+NTSTATUS smbcli_qpathinfo(struct smbcli_tree *tree, const char *fname, 
+		       time_t *c_time, time_t *a_time, time_t *m_time, 
+		       size_t *size, uint16_t *mode)
+{
+	union smb_fileinfo parms;
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+
+	mem_ctx = talloc_init("smbcli_qpathinfo");
+	if (!mem_ctx) return NT_STATUS_NO_MEMORY;
+
+	parms.standard.level = RAW_FILEINFO_STANDARD;
+	parms.standard.in.file.path = fname;
+
+	status = smb_raw_pathinfo(tree, mem_ctx, &parms);
+	talloc_free(mem_ctx);
+	if (!NT_STATUS_IS_OK(status))
+		return status;
+
+	if (c_time) {
+		*c_time = parms.standard.out.create_time;
+	}
+	if (a_time) {
+		*a_time = parms.standard.out.access_time;
+	}
+	if (m_time) {
+		*m_time = parms.standard.out.write_time;
+	}
+	if (size) {
+		*size = parms.standard.out.size;
+	}
+	if (mode) {
+		*mode = parms.standard.out.attrib;
+	}
+
+	return status;
+}
+
+/****************************************************************************
+send a qpathinfo call with the SMB_QUERY_FILE_ALL_INFO info level
+****************************************************************************/
+NTSTATUS smbcli_qpathinfo2(struct smbcli_tree *tree, const char *fname, 
+			time_t *c_time, time_t *a_time, time_t *m_time, 
+			time_t *w_time, size_t *size, uint16_t *mode,
+			ino_t *ino)
+{
+	union smb_fileinfo parms;
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+
+	mem_ctx = talloc_init("smbcli_qfilename");
+	if (!mem_ctx) return NT_STATUS_NO_MEMORY;
+
+	parms.all_info.level = RAW_FILEINFO_ALL_INFO;
+	parms.all_info.in.file.path = fname;
+
+	status = smb_raw_pathinfo(tree, mem_ctx, &parms);
+	talloc_free(mem_ctx);
+	if (!NT_STATUS_IS_OK(status))
+		return status;
+
+	if (c_time) {
+		*c_time = nt_time_to_unix(parms.all_info.out.create_time);
+	}
+	if (a_time) {
+		*a_time = nt_time_to_unix(parms.all_info.out.access_time);
+	}
+	if (m_time) {
+		*m_time = nt_time_to_unix(parms.all_info.out.change_time);
+	}
+	if (w_time) {
+		*w_time = nt_time_to_unix(parms.all_info.out.write_time);
+	}
+	if (size) {
+		*size = parms.all_info.out.size;
+	}
+	if (mode) {
+		*mode = parms.all_info.out.attrib;
+	}
+
+	return status;
+}
+
+
+/****************************************************************************
+send a qfileinfo QUERY_FILE_NAME_INFO call
+****************************************************************************/
+NTSTATUS smbcli_qfilename(struct smbcli_tree *tree, int fnum, const char **name)
+{
+	union smb_fileinfo parms;
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+
+	mem_ctx = talloc_init("smbcli_qfilename");
+	if (!mem_ctx) return NT_STATUS_NO_MEMORY;
+
+	parms.name_info.level = RAW_FILEINFO_NAME_INFO;
+	parms.name_info.in.file.fnum = fnum;
+
+	status = smb_raw_fileinfo(tree, mem_ctx, &parms);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(mem_ctx);
+		*name = NULL;
+		return status;
+	}
+
+	*name = strdup(parms.name_info.out.fname.s);
+
+	talloc_free(mem_ctx);
+
+	return status;
+}
+
+
+/****************************************************************************
+send a qfileinfo call
+****************************************************************************/
+NTSTATUS smbcli_qfileinfo(struct smbcli_tree *tree, int fnum, 
+		       uint16_t *mode, size_t *size,
+		       time_t *c_time, time_t *a_time, time_t *m_time, 
+		       time_t *w_time, ino_t *ino)
+{
+	union smb_fileinfo parms;
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+
+	mem_ctx = talloc_init("smbcli_qfileinfo");
+	if (!mem_ctx) 
+		return NT_STATUS_NO_MEMORY;
+
+	parms.all_info.level = RAW_FILEINFO_ALL_INFO;
+	parms.all_info.in.file.fnum = fnum;
+
+	status = smb_raw_fileinfo(tree, mem_ctx, &parms);
+	talloc_free(mem_ctx);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (c_time) {
+		*c_time = nt_time_to_unix(parms.all_info.out.create_time);
+	}
+	if (a_time) {
+		*a_time = nt_time_to_unix(parms.all_info.out.access_time);
+	}
+	if (m_time) {
+		*m_time = nt_time_to_unix(parms.all_info.out.change_time);
+	}
+	if (w_time) {
+		*w_time = nt_time_to_unix(parms.all_info.out.write_time);
+	}
+	if (mode) {
+		*mode = parms.all_info.out.attrib;
+	}
+	if (size) {
+		*size = (size_t)parms.all_info.out.size;
+	}
+	if (ino) {
+		*ino = 0;
+	}
+
+	return status;
+}
+
+
+/****************************************************************************
+send a qpathinfo SMB_QUERY_FILE_ALT_NAME_INFO call
+****************************************************************************/
+NTSTATUS smbcli_qpathinfo_alt_name(struct smbcli_tree *tree, const char *fname, 
+				const char **alt_name)
+{
+	union smb_fileinfo parms;
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+
+	parms.alt_name_info.level = RAW_FILEINFO_ALT_NAME_INFO;
+	parms.alt_name_info.in.file.path = fname;
+
+	mem_ctx = talloc_init("smbcli_qpathinfo_alt_name");
+	if (!mem_ctx) return NT_STATUS_NO_MEMORY;
+
+	status = smb_raw_pathinfo(tree, mem_ctx, &parms);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(mem_ctx);
+		*alt_name = NULL;
+		return smbcli_nt_error(tree);
+	}
+
+	if (!parms.alt_name_info.out.fname.s) {
+		*alt_name = strdup("");
+	} else {
+		*alt_name = strdup(parms.alt_name_info.out.fname.s);
+	}
+
+	talloc_free(mem_ctx);
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/libcli/composite/composite.c b/source4/libcli/composite/composite.c
new file mode 100644
index 0000000..3598637
--- /dev/null
+++ b/source4/libcli/composite/composite.c
@@ -0,0 +1,199 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Volker Lendecke 2005
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+  composite API helper functions
+*/
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/composite/composite.h"
+#include "../libcli/nbt/libnbt.h"
+
+/*
+ create a new composite_context structure
+ and initialize it
+*/
+_PUBLIC_ struct composite_context *composite_create(TALLOC_CTX *mem_ctx,
+						    struct tevent_context *ev)
+{
+	struct composite_context *c;
+
+	c = talloc_zero(mem_ctx, struct composite_context);
+	if (!c) return NULL;
+	c->state = COMPOSITE_STATE_IN_PROGRESS;
+	c->event_ctx = ev;
+
+	return c;
+}
+
+/*
+  block until a composite function has completed, then return the status
+*/
+_PUBLIC_ NTSTATUS composite_wait(struct composite_context *c)
+{
+	if (c == NULL) return NT_STATUS_NO_MEMORY;
+
+	c->used_wait = true;
+
+	while (c->state < COMPOSITE_STATE_DONE) {
+		if (tevent_loop_once(c->event_ctx) != 0) {
+			return NT_STATUS_UNSUCCESSFUL;
+		}
+	}
+
+	return c->status;
+}
+
+/*
+  block until a composite function has completed, then return the status. 
+  Free the composite context before returning
+*/
+_PUBLIC_ NTSTATUS composite_wait_free(struct composite_context *c)
+{
+	NTSTATUS status = composite_wait(c);
+	talloc_free(c);
+	return status;
+}
+
+/* 
+   callback from composite_done() and composite_error()
+
+   this is used to allow for a composite function to complete without
+   going through any state transitions. When that happens the caller
+   has had no opportunity to fill in the async callback fields
+   (ctx->async.fn and ctx->async.private_data) which means the usual way of
+   dealing with composite functions doesn't work. To cope with this,
+   we trigger a timer event that will happen then the event loop is
+   re-entered. This gives the caller a chance to setup the callback,
+   and allows the caller to ignore the fact that the composite
+   function completed early
+*/
+static void composite_trigger(struct tevent_context *ev, struct tevent_timer *te,
+			      struct timeval t, void *ptr)
+{
+	struct composite_context *c = talloc_get_type(ptr, struct composite_context);
+	if (c->async.fn) {
+		c->async.fn(c);
+	}
+}
+
+
+_PUBLIC_ void composite_error(struct composite_context *ctx, NTSTATUS status)
+{
+	/* you are allowed to pass NT_STATUS_OK to composite_error(), in which
+	   case it is equivalent to composite_done() */
+	if (NT_STATUS_IS_OK(status)) {
+		composite_done(ctx);
+		return;
+	}
+	if (!ctx->used_wait && !ctx->async.fn) {
+		tevent_add_timer(ctx->event_ctx, ctx, timeval_zero(), composite_trigger, ctx);
+	}
+	ctx->status = status;
+	ctx->state = COMPOSITE_STATE_ERROR;
+	if (ctx->async.fn != NULL) {
+		ctx->async.fn(ctx);
+	}
+}
+
+_PUBLIC_ bool composite_nomem(const void *p, struct composite_context *ctx)
+{
+	if (p != NULL) {
+		return false;
+	}
+	composite_error(ctx, NT_STATUS_NO_MEMORY);
+	return true;
+}
+
+_PUBLIC_ bool composite_is_ok(struct composite_context *ctx)
+{
+	if (NT_STATUS_IS_OK(ctx->status)) {
+		return true;
+	}
+	composite_error(ctx, ctx->status);
+	return false;
+}
+
+_PUBLIC_ void composite_done(struct composite_context *ctx)
+{
+	if (!ctx->used_wait && !ctx->async.fn) {
+		tevent_add_timer(ctx->event_ctx, ctx, timeval_zero(), composite_trigger, ctx);
+	}
+	ctx->state = COMPOSITE_STATE_DONE;
+	if (ctx->async.fn != NULL) {
+		ctx->async.fn(ctx);
+	}
+}
+
+_PUBLIC_ void composite_continue(struct composite_context *ctx,
+				 struct composite_context *new_ctx,
+				 void (*continuation)(struct composite_context *),
+				 void *private_data)
+{
+	if (composite_nomem(new_ctx, ctx)) return;
+	new_ctx->async.fn = continuation;
+	new_ctx->async.private_data = private_data;
+
+	/* if we are setting up a continuation, and the context has
+	   already finished, then we should run the callback with an
+	   immediate event, otherwise we can be stuck forever */
+	if (new_ctx->state >= COMPOSITE_STATE_DONE && continuation) {
+		tevent_add_timer(new_ctx->event_ctx, new_ctx, timeval_zero(), composite_trigger, new_ctx);
+	}
+}
+
+_PUBLIC_ void composite_continue_smb(struct composite_context *ctx,
+				     struct smbcli_request *new_req,
+				     void (*continuation)(struct smbcli_request *),
+				     void *private_data)
+{
+	if (composite_nomem(new_req, ctx)) return;
+	if (new_req->state > SMBCLI_REQUEST_RECV) {
+		composite_error(ctx, new_req->status);
+		return;
+	}
+	new_req->async.fn = continuation;
+	new_req->async.private_data = private_data;
+}
+
+_PUBLIC_ void composite_continue_smb2(struct composite_context *ctx,
+				      struct smb2_request *new_req,
+				      void (*continuation)(struct smb2_request *),
+				      void *private_data)
+{
+	if (composite_nomem(new_req, ctx)) return;
+	if (new_req->state > SMB2_REQUEST_RECV) {
+		composite_error(ctx, new_req->status);
+		return;
+	}
+	new_req->async.fn = continuation;
+	new_req->async.private_data = private_data;
+}
+
+_PUBLIC_ void composite_continue_nbt(struct composite_context *ctx,
+				     struct nbt_name_request *new_req,
+				     void (*continuation)(struct nbt_name_request *),
+				     void *private_data)
+{
+	if (composite_nomem(new_req, ctx)) return;
+	new_req->async.fn = continuation;
+	new_req->async.private_data = private_data;
+}
diff --git a/source4/libcli/composite/composite.h b/source4/libcli/composite/composite.h
new file mode 100644
index 0000000..9349cd7
--- /dev/null
+++ b/source4/libcli/composite/composite.h
@@ -0,0 +1,99 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   composite request interfaces
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __COMPOSITE_H__
+#define __COMPOSITE_H__
+
+#include "libcli/raw/interfaces.h"
+
+struct tevent_context;
+
+/*
+  this defines the structures associated with "composite"
+  requests. Composite requests are libcli requests that are internally
+  implemented as multiple async calls, but can be treated as a
+  single call via these composite calls. The composite calls are
+  particularly designed to be used in async applications.
+  you can also stack multiple level of composite call
+*/
+
+/*
+  a composite call moves between the following 3 states.
+*/
+enum composite_state { COMPOSITE_STATE_INIT,         /* we are creating the request */
+		       COMPOSITE_STATE_IN_PROGRESS,  /* the request is in the outgoing socket Q */
+		       COMPOSITE_STATE_DONE,         /* the request is received by the caller finished */
+		       COMPOSITE_STATE_ERROR };      /* a packet or transport level error has occurred */
+
+/* the context of one "composite" call */
+struct composite_context {
+	/* the external state - will be queried by the caller */
+	enum composite_state state;
+
+	/* a private pointer for use by the composite function
+	   implementation */
+	void *private_data;
+
+	/* status code when finished */
+	NTSTATUS status;
+
+	/* the event context we are using */
+	struct tevent_context *event_ctx;
+
+	/* information on what to do on completion */
+	struct {
+		void (*fn)(struct composite_context *);
+		void *private_data;
+	} async;
+
+	bool used_wait;
+};
+
+struct smbcli_request;
+struct smb2_request;
+struct nbt_name_request;
+
+struct composite_context *composite_create(TALLOC_CTX *mem_ctx, struct tevent_context *ev);
+bool composite_nomem(const void *p, struct composite_context *ctx);
+void composite_continue(struct composite_context *ctx,
+				 struct composite_context *new_ctx,
+				 void (*continuation)(struct composite_context *),
+				 void *private_data);
+void composite_continue_smb(struct composite_context *ctx,
+				     struct smbcli_request *new_req,
+				     void (*continuation)(struct smbcli_request *),
+				     void *private_data);
+void composite_continue_smb2(struct composite_context *ctx,
+				      struct smb2_request *new_req,
+				      void (*continuation)(struct smb2_request *),
+				      void *private_data);
+void composite_continue_nbt(struct composite_context *ctx,
+				     struct nbt_name_request *new_req,
+				     void (*continuation)(struct nbt_name_request *),
+				     void *private_data);
+bool composite_is_ok(struct composite_context *ctx);
+void composite_done(struct composite_context *ctx);
+void composite_error(struct composite_context *ctx, NTSTATUS status);
+NTSTATUS composite_wait(struct composite_context *c);
+NTSTATUS composite_wait_free(struct composite_context *c);
+
+
+#endif /* __COMPOSITE_H__ */
diff --git a/source4/libcli/dgram/browse.c b/source4/libcli/dgram/browse.c
new file mode 100644
index 0000000..437b6e1
--- /dev/null
+++ b/source4/libcli/dgram/browse.c
@@ -0,0 +1,114 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   handling for browsing dgram requests
+
+   Copyright (C) Jelmer Vernooij 2005
+        Heavily based on ntlogon.c
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/dgram/libdgram.h"
+#include "lib/socket/socket.h"
+#include "libcli/resolve/resolve.h"
+#include "librpc/gen_ndr/ndr_nbt.h"
+#include "param/param.h"
+
+NTSTATUS dgram_mailslot_browse_send(struct nbt_dgram_socket *dgmsock,
+				    struct nbt_name *dest_name,
+				    struct socket_address *dest,
+				    struct nbt_name *src_name,
+				    struct nbt_browse_packet *request)
+{
+	NTSTATUS status;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	TALLOC_CTX *tmp_ctx = talloc_new(dgmsock);
+
+	ndr_err = ndr_push_struct_blob(&blob, tmp_ctx, request,
+				      (ndr_push_flags_fn_t)ndr_push_nbt_browse_packet);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(tmp_ctx);
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+
+	status = dgram_mailslot_send(dgmsock, DGRAM_DIRECT_UNIQUE,
+				     NBT_MAILSLOT_BROWSE,
+				     dest_name, dest,
+				     src_name, &blob);
+	talloc_free(tmp_ctx);
+	return status;
+}
+
+NTSTATUS dgram_mailslot_browse_reply(struct nbt_dgram_socket *dgmsock,
+				     struct nbt_dgram_packet *request,
+				     const char *mailslot_name,
+				     const char *my_netbios_name,
+				     struct nbt_browse_packet *reply)
+{
+	NTSTATUS status;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	TALLOC_CTX *tmp_ctx = talloc_new(dgmsock);
+	struct nbt_name myname;
+	struct socket_address *dest;
+
+	ndr_err = ndr_push_struct_blob(&blob, tmp_ctx, reply,
+				      (ndr_push_flags_fn_t)ndr_push_nbt_browse_packet);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(tmp_ctx);
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+
+	make_nbt_name_client(&myname, my_netbios_name);
+
+	dest = socket_address_from_strings(tmp_ctx, dgmsock->sock->backend_name,
+					   request->src_addr, request->src_port);
+	if (!dest) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	status = dgram_mailslot_send(dgmsock, DGRAM_DIRECT_UNIQUE,
+				     mailslot_name,
+				     &request->data.msg.source_name,
+				     dest,
+				     &myname, &blob);
+	talloc_free(tmp_ctx);
+	return status;
+}
+
+NTSTATUS dgram_mailslot_browse_parse(struct dgram_mailslot_handler *dgmslot,
+				     TALLOC_CTX *mem_ctx,
+				     struct nbt_dgram_packet *dgram,
+				     struct nbt_browse_packet *pkt)
+{
+	DATA_BLOB data = dgram_mailslot_data(dgram);
+	enum ndr_err_code ndr_err;
+
+	ndr_err = ndr_pull_struct_blob(&data, mem_ctx, pkt,
+				      (ndr_pull_flags_fn_t)ndr_pull_nbt_browse_packet);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
+		DEBUG(0,("Failed to parse browse packet of length %d: %s\n",
+			 (int)data.length, nt_errstr(status)));
+		if (DEBUGLVL(10)) {
+			(void)file_save("browse.dat", data.data, data.length);
+		}
+		return status;
+	}
+	return NT_STATUS_OK;
+}
diff --git a/source4/libcli/dgram/dgramsocket.c b/source4/libcli/dgram/dgramsocket.c
new file mode 100644
index 0000000..154a667
--- /dev/null
+++ b/source4/libcli/dgram/dgramsocket.c
@@ -0,0 +1,242 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   low level socket handling for nbt dgram requests (UDP138)
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include "../lib/util/dlinklist.h"
+#include "libcli/dgram/libdgram.h"
+#include "lib/socket/socket.h"
+#include "librpc/gen_ndr/ndr_nbt.h"
+
+
+/*
+  handle recv events on a nbt dgram socket
+*/
+static void dgm_socket_recv(struct nbt_dgram_socket *dgmsock)
+{
+	TALLOC_CTX *tmp_ctx = talloc_new(dgmsock);
+	NTSTATUS status;
+	struct socket_address *src;
+	DATA_BLOB blob;
+	size_t nread, dsize;
+	struct nbt_dgram_packet *packet;
+	const char *mailslot_name;
+	enum ndr_err_code ndr_err;
+
+	status = socket_pending(dgmsock->sock, &dsize);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(tmp_ctx);
+		return;
+	}
+
+	blob = data_blob_talloc(tmp_ctx, NULL, dsize);
+	if ((dsize != 0) && (blob.data == NULL)) {
+		talloc_free(tmp_ctx);
+		return;
+	}
+
+	status = socket_recvfrom(dgmsock->sock, blob.data, blob.length, &nread,
+				 tmp_ctx, &src);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(tmp_ctx);
+		return;
+	}
+	blob.length = nread;
+
+	DEBUG(5,("Received dgram packet of length %d from %s:%d\n", 
+		 (int)blob.length, src->addr, src->port));
+
+	packet = talloc(tmp_ctx, struct nbt_dgram_packet);
+	if (packet == NULL) {
+		talloc_free(tmp_ctx);
+		return;
+	}
+
+	/* parse the request */
+	ndr_err = ndr_pull_struct_blob(&blob, packet, packet,
+				      (ndr_pull_flags_fn_t)ndr_pull_nbt_dgram_packet);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		status = ndr_map_error2ntstatus(ndr_err);
+		DEBUG(2,("Failed to parse incoming NBT DGRAM packet - %s\n",
+			 nt_errstr(status)));
+		talloc_free(tmp_ctx);
+		return;
+	}
+
+	/* if this is a mailslot message, then see if we can dispatch it to a handler */
+	mailslot_name = dgram_mailslot_name(packet);
+	if (mailslot_name) {
+		struct dgram_mailslot_handler *dgmslot;
+		dgmslot = dgram_mailslot_find(dgmsock, mailslot_name);
+		if (dgmslot) {
+			dgmslot->handler(dgmslot, packet, src);
+		} else {
+			DEBUG(2,("No mailslot handler for '%s'\n", mailslot_name));
+		}
+	} else {
+		/* dispatch if there is a general handler */
+		if (dgmsock->incoming.handler) {
+			dgmsock->incoming.handler(dgmsock, packet, src);
+		}
+	}
+
+	talloc_free(tmp_ctx);
+}
+
+
+/*
+  handle send events on a nbt dgram socket
+*/
+static void dgm_socket_send(struct nbt_dgram_socket *dgmsock)
+{
+	struct nbt_dgram_request *req;
+	NTSTATUS status;
+
+	while ((req = dgmsock->send_queue)) {
+		size_t len;
+		
+		len = req->encoded.length;
+		status = socket_sendto(dgmsock->sock, &req->encoded, &len,
+				       req->dest);
+		if (NT_STATUS_IS_ERR(status)) {
+			DEBUG(3,("Failed to send datagram of length %u to %s:%d: %s\n",
+				 (unsigned)req->encoded.length, req->dest->addr, req->dest->port, 
+				 nt_errstr(status)));
+			DLIST_REMOVE(dgmsock->send_queue, req);
+			talloc_free(req);
+			continue;
+		}
+
+		if (!NT_STATUS_IS_OK(status)) return;
+
+		DLIST_REMOVE(dgmsock->send_queue, req);
+		talloc_free(req);
+	}
+
+	TEVENT_FD_NOT_WRITEABLE(dgmsock->fde);
+	return;
+}
+
+
+/*
+  handle fd events on a nbt_dgram_socket
+*/
+static void dgm_socket_handler(struct tevent_context *ev, struct tevent_fd *fde,
+			       uint16_t flags, void *private_data)
+{
+	struct nbt_dgram_socket *dgmsock = talloc_get_type(private_data,
+							   struct nbt_dgram_socket);
+	if (flags & TEVENT_FD_WRITE) {
+		dgm_socket_send(dgmsock);
+	} 
+	if (flags & TEVENT_FD_READ) {
+		dgm_socket_recv(dgmsock);
+	}
+}
+
+/*
+  initialise a nbt_dgram_socket. The event_ctx is optional, if provided
+  then operations will use that event context
+*/
+struct nbt_dgram_socket *nbt_dgram_socket_init(TALLOC_CTX *mem_ctx, 
+					      struct tevent_context *event_ctx)
+{
+	struct nbt_dgram_socket *dgmsock;
+	NTSTATUS status;
+
+	dgmsock = talloc(mem_ctx, struct nbt_dgram_socket);
+	if (dgmsock == NULL) goto failed;
+
+	dgmsock->event_ctx = event_ctx;
+	if (dgmsock->event_ctx == NULL) goto failed;
+
+	status = socket_create(dgmsock, "ip", SOCKET_TYPE_DGRAM,
+			       &dgmsock->sock, 0);
+	if (!NT_STATUS_IS_OK(status)) goto failed;
+
+	socket_set_option(dgmsock->sock, "SO_BROADCAST", "1");
+
+	dgmsock->fde = tevent_add_fd(dgmsock->event_ctx, dgmsock,
+				    socket_get_fd(dgmsock->sock), 0,
+				    dgm_socket_handler, dgmsock);
+
+	dgmsock->send_queue = NULL;
+	dgmsock->incoming.handler = NULL;
+	dgmsock->mailslot_handlers = NULL;
+	
+	return dgmsock;
+
+failed:
+	talloc_free(dgmsock);
+	return NULL;
+}
+
+
+/*
+  setup a handler for generic incoming requests
+*/
+NTSTATUS dgram_set_incoming_handler(struct nbt_dgram_socket *dgmsock,
+				    void (*handler)(struct nbt_dgram_socket *, 
+						    struct nbt_dgram_packet *, 
+						    struct socket_address *),
+				    void *private_data)
+{
+	dgmsock->incoming.handler = handler;
+	dgmsock->incoming.private_data = private_data;
+	TEVENT_FD_READABLE(dgmsock->fde);
+	return NT_STATUS_OK;
+}
+
+
+/*
+  queue a datagram for send
+*/
+NTSTATUS nbt_dgram_send(struct nbt_dgram_socket *dgmsock,
+			struct nbt_dgram_packet *packet,
+			struct socket_address *dest)
+{
+	struct nbt_dgram_request *req;
+	NTSTATUS status = NT_STATUS_NO_MEMORY;
+	enum ndr_err_code ndr_err;
+
+	req = talloc(dgmsock, struct nbt_dgram_request);
+	if (req == NULL) goto failed;
+
+	req->dest = dest;
+	if (talloc_reference(req, dest) == NULL) goto failed;
+
+	ndr_err = ndr_push_struct_blob(&req->encoded, req, packet,
+				      (ndr_push_flags_fn_t)ndr_push_nbt_dgram_packet);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		status = ndr_map_error2ntstatus(ndr_err);
+		goto failed;
+	}
+
+	DLIST_ADD_END(dgmsock->send_queue, req);
+
+	TEVENT_FD_WRITEABLE(dgmsock->fde);
+
+	return NT_STATUS_OK;
+
+failed:
+	talloc_free(req);
+	return status;
+}
diff --git a/source4/libcli/dgram/libdgram.h b/source4/libcli/dgram/libdgram.h
new file mode 100644
index 0000000..0f313a6
--- /dev/null
+++ b/source4/libcli/dgram/libdgram.h
@@ -0,0 +1,153 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   a raw async NBT DGRAM library
+
+   Copyright (C) Andrew Tridgell 2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "../libcli/netlogon/netlogon.h"
+
+/*
+  a datagram name request
+*/
+struct nbt_dgram_request {
+	struct nbt_dgram_request *next, *prev;
+
+	/* where to send the request */
+	struct socket_address *dest;
+
+	/* the encoded request */
+	DATA_BLOB encoded;
+};
+
+/*
+  context structure for operations on dgram packets
+*/
+struct nbt_dgram_socket {
+	struct socket_context *sock;
+	struct tevent_context *event_ctx;
+
+	/* the fd event */
+	struct tevent_fd *fde;
+
+	/* a queue of outgoing requests */
+	struct nbt_dgram_request *send_queue;
+
+	/* a list of mailslot handlers */
+	struct dgram_mailslot_handler *mailslot_handlers;
+
+	/* what to do with incoming request packets */
+	struct {
+		void (*handler)(struct nbt_dgram_socket *, struct nbt_dgram_packet *, 
+				struct socket_address *src);
+		void *private_data;
+	} incoming;
+};
+
+
+/*
+  the mailslot code keeps a list of mailslot handlers. A mailslot
+  handler is a function that receives incoming packets for a specific
+  mailslot name. When a caller needs to send a mailslot and wants to
+  get a reply then it needs to register itself as listening for
+  incoming packets on the reply mailslot
+*/
+
+typedef void (*dgram_mailslot_handler_t)(struct dgram_mailslot_handler *, 
+					 struct nbt_dgram_packet *, 
+					 struct socket_address *src);
+
+struct dgram_mailslot_handler {
+	struct dgram_mailslot_handler *next, *prev;
+
+	struct nbt_dgram_socket *dgmsock;
+	const char *mailslot_name;
+
+	dgram_mailslot_handler_t handler;
+	void *private_data;
+};
+
+
+/* prototypes */
+NTSTATUS nbt_dgram_send(struct nbt_dgram_socket *dgmsock,
+			struct nbt_dgram_packet *packet,
+			struct socket_address *dest);
+NTSTATUS dgram_set_incoming_handler(struct nbt_dgram_socket *dgmsock,
+				    void (*handler)(struct nbt_dgram_socket *, 
+						    struct nbt_dgram_packet *, 
+						    struct socket_address *),
+				    void *private_data);
+struct nbt_dgram_socket *nbt_dgram_socket_init(TALLOC_CTX *mem_ctx, 
+					       struct tevent_context *event_ctx);
+
+const char *dgram_mailslot_name(struct nbt_dgram_packet *packet);
+struct dgram_mailslot_handler *dgram_mailslot_find(struct nbt_dgram_socket *dgmsock,
+						   const char *mailslot_name);
+struct dgram_mailslot_handler *dgram_mailslot_listen(struct nbt_dgram_socket *dgmsock,
+						     const char *mailslot_name,
+						     dgram_mailslot_handler_t handler,
+						     void *private_data);
+struct dgram_mailslot_handler *dgram_mailslot_temp(struct nbt_dgram_socket *dgmsock,
+						   const char *mailslot_name,
+						   dgram_mailslot_handler_t handler,
+						   void *private_data);
+DATA_BLOB dgram_mailslot_data(struct nbt_dgram_packet *dgram);
+
+
+NTSTATUS dgram_mailslot_send(struct nbt_dgram_socket *dgmsock,
+			     enum dgram_msg_type msg_type,
+			     const char *mailslot_name,
+			     struct nbt_name *dest_name,
+			     struct socket_address *dest,
+			     struct nbt_name *src_name,
+			     DATA_BLOB *request);
+
+NTSTATUS dgram_mailslot_netlogon_send(struct nbt_dgram_socket *dgmsock,
+				      struct nbt_name *dest_name,
+				      struct socket_address *dest,
+				      const char *mailslot_name,
+				      struct nbt_name *src_name,
+				      struct nbt_netlogon_packet *request);
+NTSTATUS dgram_mailslot_netlogon_reply(struct nbt_dgram_socket *dgmsock,
+				       struct nbt_dgram_packet *request,
+				       const char *my_netbios_name,
+				       const char *mailslot_name,
+				       struct nbt_netlogon_response *reply);
+NTSTATUS dgram_mailslot_netlogon_parse_request(TALLOC_CTX *mem_ctx,
+					       struct nbt_dgram_packet *dgram,
+					       struct nbt_netlogon_packet *netlogon);
+
+NTSTATUS dgram_mailslot_netlogon_parse_response(TALLOC_CTX *mem_ctx,
+						struct nbt_dgram_packet *dgram,
+						struct nbt_netlogon_response *netlogon);
+
+NTSTATUS dgram_mailslot_browse_send(struct nbt_dgram_socket *dgmsock,
+				    struct nbt_name *dest_name,
+				    struct socket_address *dest,
+				    struct nbt_name *src_name,
+				    struct nbt_browse_packet *request);
+
+NTSTATUS dgram_mailslot_browse_reply(struct nbt_dgram_socket *dgmsock,
+				     struct nbt_dgram_packet *request,
+				     const char *mailslot_name,
+				     const char *my_netbios_name,
+				     struct nbt_browse_packet *reply);
+
+NTSTATUS dgram_mailslot_browse_parse(struct dgram_mailslot_handler *dgmslot,
+				     TALLOC_CTX *mem_ctx,
+				     struct nbt_dgram_packet *dgram,
+				     struct nbt_browse_packet *pkt);
diff --git a/source4/libcli/dgram/mailslot.c b/source4/libcli/dgram/mailslot.c
new file mode 100644
index 0000000..a24800c
--- /dev/null
+++ b/source4/libcli/dgram/mailslot.c
@@ -0,0 +1,229 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   packet handling for mailslot requests. 
+   
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+   This implements "Class 2 mailslots", i.e. the communication mechanism 
+   used for all mailslot packets smaller than 425 bytes. 
+
+   "Class 1 mailslots" (which use SMB) are used for messages larger 
+   than 426 bytes and are supported on some systems. These are not implemented
+   in Samba4 yet, as there don't appear to be any core services that use
+   them.
+
+   425 and 426-byte sized messages are not supported at all.
+*/
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include "../lib/util/dlinklist.h"
+#include "libcli/dgram/libdgram.h"
+#include "lib/socket/socket.h"
+
+#undef strcasecmp
+
+/*
+  destroy a mailslot handler
+*/
+static int dgram_mailslot_destructor(struct dgram_mailslot_handler *dgmslot)
+{
+	DLIST_REMOVE(dgmslot->dgmsock->mailslot_handlers, dgmslot);
+	return 0;
+}
+
+/*
+  start listening on a mailslot. talloc_free() the handle to stop listening
+*/
+struct dgram_mailslot_handler *dgram_mailslot_listen(struct nbt_dgram_socket *dgmsock,
+						     const char *mailslot_name,
+						     dgram_mailslot_handler_t handler,
+						     void *private_data)
+{
+	struct dgram_mailslot_handler *dgmslot;
+
+	dgmslot = talloc(dgmsock, struct dgram_mailslot_handler);
+	if (dgmslot == NULL) return NULL;
+
+	dgmslot->dgmsock = dgmsock;
+	dgmslot->mailslot_name = talloc_strdup(dgmslot, mailslot_name);
+	if (dgmslot->mailslot_name == NULL) {
+		talloc_free(dgmslot);
+		return NULL;
+	}
+	dgmslot->handler = handler;
+	dgmslot->private_data = private_data;
+
+	DLIST_ADD(dgmsock->mailslot_handlers, dgmslot);
+	talloc_set_destructor(dgmslot, dgram_mailslot_destructor);
+
+	TEVENT_FD_READABLE(dgmsock->fde);
+
+	return dgmslot;
+}
+
+/*
+  find the handler for a specific mailslot name
+*/
+struct dgram_mailslot_handler *dgram_mailslot_find(struct nbt_dgram_socket *dgmsock,
+						   const char *mailslot_name)
+{
+	struct dgram_mailslot_handler *h;
+	for (h=dgmsock->mailslot_handlers;h;h=h->next) {
+		if (strcasecmp(h->mailslot_name, mailslot_name) == 0) {
+			return h;
+		}
+	}
+	return NULL;
+}
+
+/*
+  check that a datagram packet is a valid mailslot request, and return the 
+  mailslot name if it is, otherwise return NULL
+*/
+const char *dgram_mailslot_name(struct nbt_dgram_packet *packet)
+{
+	if (packet->msg_type != DGRAM_DIRECT_UNIQUE &&
+	    packet->msg_type != DGRAM_DIRECT_GROUP &&
+	    packet->msg_type != DGRAM_BCAST) {
+		return NULL;
+	}
+	if (packet->data.msg.dgram_body_type != DGRAM_SMB) return NULL;
+	if (packet->data.msg.body.smb.smb_command != SMB_TRANSACTION) return NULL;
+	return packet->data.msg.body.smb.body.trans.mailslot_name;
+}
+
+
+/*
+  create a temporary mailslot handler for a reply mailslot, allocating
+  a new mailslot name using the given base name and a random integer extension
+*/
+struct dgram_mailslot_handler *dgram_mailslot_temp(struct nbt_dgram_socket *dgmsock,
+						   const char *mailslot_name,
+						   dgram_mailslot_handler_t handler,
+						   void *private_data)
+{
+	char *name;
+	int i;
+	struct dgram_mailslot_handler *dgmslot;
+
+	/* try a 100 times at most */
+	for (i=0;i<100;i++) {
+		name = talloc_asprintf(dgmsock, "%s%03u", 
+				       mailslot_name,
+				       generate_random() % 1000);
+		if (name == NULL) return NULL;
+		if (dgram_mailslot_find(dgmsock, name)) {
+			talloc_free(name);
+			continue;
+		}
+		dgmslot = dgram_mailslot_listen(dgmsock, name, handler, private_data);
+		talloc_free(name);
+		if (dgmslot != NULL) {
+			return dgmslot;
+		}
+	}
+	DEBUG(2,("Unable to create temporary mailslot from %s\n", mailslot_name));
+	return NULL;
+}
+
+
+/*
+  send a mailslot request
+*/
+NTSTATUS dgram_mailslot_send(struct nbt_dgram_socket *dgmsock,
+			     enum dgram_msg_type msg_type,
+			     const char *mailslot_name,
+			     struct nbt_name *dest_name,
+			     struct socket_address *dest,
+			     struct nbt_name *src_name,
+			     DATA_BLOB *request)
+{
+	TALLOC_CTX *tmp_ctx = talloc_new(dgmsock);
+	struct nbt_dgram_packet packet;
+	struct dgram_message *msg;
+	struct dgram_smb_packet *smb;
+	struct smb_trans_body *trans;
+	struct socket_address *src;
+	NTSTATUS status;
+
+	if (dest->port == 0) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	ZERO_STRUCT(packet);
+	packet.msg_type = msg_type;
+	packet.flags = DGRAM_FLAG_FIRST | DGRAM_NODE_NBDD;
+	packet.dgram_id = generate_random() % UINT16_MAX;
+	src = socket_get_my_addr(dgmsock->sock, tmp_ctx);
+	if (!src) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+	packet.src_addr = src->addr;
+	packet.src_port = src->port;
+
+	msg = &packet.data.msg;
+	/* this length calculation is very crude - it should be based on gensize
+	   calls */
+	msg->length = 138 + strlen(mailslot_name) + request->length;
+	msg->offset = 0;
+
+	msg->source_name = *src_name;
+	msg->dest_name = *dest_name;
+	msg->dgram_body_type = DGRAM_SMB;
+
+	smb = &msg->body.smb;
+	smb->smb_command = SMB_TRANSACTION;
+
+	trans = &smb->body.trans;
+	trans->total_data_count = request->length;
+	trans->timeout     = 1000;
+	trans->data_count  = request->length;
+	trans->data_offset = 70 + strlen(mailslot_name);
+	trans->opcode      = 1; /* write mail slot */
+	trans->priority    = 1;
+	trans->_class      = 2;
+	trans->mailslot_name = mailslot_name;
+	trans->data = *request;
+
+	status = nbt_dgram_send(dgmsock, &packet, dest);
+
+	talloc_free(tmp_ctx);
+
+	return status;
+}
+
+/*
+  return the mailslot data portion from a mailslot packet
+*/
+DATA_BLOB dgram_mailslot_data(struct nbt_dgram_packet *dgram)
+{
+	struct smb_trans_body *trans = &dgram->data.msg.body.smb.body.trans;
+	DATA_BLOB ret = trans->data;
+	int pad = trans->data_offset - (70 + strlen(trans->mailslot_name));
+
+	if (pad < 0 || pad > ret.length) {
+		DEBUG(2,("Badly formatted data in mailslot - pad = %d\n", pad));
+		return data_blob(NULL, 0);
+	}
+	ret.data += pad;
+	ret.length -= pad;
+	return ret;	
+}
diff --git a/source4/libcli/dgram/netlogon.c b/source4/libcli/dgram/netlogon.c
new file mode 100644
index 0000000..1124a33
--- /dev/null
+++ b/source4/libcli/dgram/netlogon.c
@@ -0,0 +1,140 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   handling for netlogon dgram requests
+
+   Copyright (C) Andrew Tridgell 2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/dgram/libdgram.h"
+#include "lib/socket/socket.h"
+#include "libcli/resolve/resolve.h"
+#include "librpc/gen_ndr/ndr_nbt.h"
+
+/*
+   send a netlogon mailslot request
+*/
+NTSTATUS dgram_mailslot_netlogon_send(struct nbt_dgram_socket *dgmsock,
+				      struct nbt_name *dest_name,
+				      struct socket_address *dest,
+				      const char *mailslot,
+				      struct nbt_name *src_name,
+				      struct nbt_netlogon_packet *request)
+{
+	NTSTATUS status;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	TALLOC_CTX *tmp_ctx = talloc_new(dgmsock);
+
+	ndr_err = ndr_push_struct_blob(&blob, tmp_ctx, request,
+				      (ndr_push_flags_fn_t)ndr_push_nbt_netlogon_packet);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(tmp_ctx);
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+
+
+	status = dgram_mailslot_send(dgmsock, DGRAM_DIRECT_UNIQUE,
+				     mailslot,
+				     dest_name, dest,
+				     src_name, &blob);
+	talloc_free(tmp_ctx);
+	return status;
+}
+
+
+/*
+   send a netlogon mailslot reply
+*/
+NTSTATUS dgram_mailslot_netlogon_reply(struct nbt_dgram_socket *dgmsock,
+				       struct nbt_dgram_packet *request,
+				       const char *my_netbios_name,
+				       const char *mailslot_name,
+				       struct nbt_netlogon_response *reply)
+{
+	NTSTATUS status;
+	DATA_BLOB blob;
+	TALLOC_CTX *tmp_ctx = talloc_new(dgmsock);
+	struct nbt_name myname;
+	struct socket_address *dest;
+
+	status = push_nbt_netlogon_response(&blob, tmp_ctx, reply);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	make_nbt_name_client(&myname, my_netbios_name);
+
+	dest = socket_address_from_strings(tmp_ctx, dgmsock->sock->backend_name,
+					   request->src_addr, request->src_port);
+	if (!dest) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	status = dgram_mailslot_send(dgmsock, DGRAM_DIRECT_UNIQUE,
+				     mailslot_name,
+				     &request->data.msg.source_name,
+				     dest,
+				     &myname, &blob);
+	talloc_free(tmp_ctx);
+	return status;
+}
+
+
+/*
+  parse a netlogon request. The packet must be a valid mailslot packet
+*/
+NTSTATUS dgram_mailslot_netlogon_parse_request(TALLOC_CTX *mem_ctx,
+					       struct nbt_dgram_packet *dgram,
+					       struct nbt_netlogon_packet *netlogon)
+{
+	DATA_BLOB data = dgram_mailslot_data(dgram);
+	enum ndr_err_code ndr_err;
+
+	ndr_err = ndr_pull_struct_blob(&data, mem_ctx, netlogon,
+	   (ndr_pull_flags_fn_t)ndr_pull_nbt_netlogon_packet);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
+		DEBUG(0,("Failed to parse netlogon packet of length %d: %s\n",
+			 (int)data.length, nt_errstr(status)));
+		if (DEBUGLVL(10)) {
+			(void)file_save("netlogon.dat", data.data, data.length);
+		}
+		return status;
+	}
+	return NT_STATUS_OK;
+}
+
+/*
+  parse a netlogon response. The packet must be a valid mailslot packet
+*/
+NTSTATUS dgram_mailslot_netlogon_parse_response(TALLOC_CTX *mem_ctx,
+						struct nbt_dgram_packet *dgram,
+						struct nbt_netlogon_response *netlogon)
+{
+	NTSTATUS status;
+	DATA_BLOB data = dgram_mailslot_data(dgram);
+
+	status = pull_nbt_netlogon_response(&data, mem_ctx, netlogon);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	return NT_STATUS_OK;
+}
+
diff --git a/source4/libcli/finddc.h b/source4/libcli/finddc.h
new file mode 100644
index 0000000..3836d12
--- /dev/null
+++ b/source4/libcli/finddc.h
@@ -0,0 +1,41 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   a composite API for finding a DC and its name
+
+   Copyright (C) Andrew Tridgell 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "lib/messaging/messaging.h"
+#include "libcli/libcli.h"
+#include "libcli/netlogon/netlogon.h"
+
+struct finddcs {
+	struct {
+		const char *domain_name;
+		const char *site_name; /* optional */
+		struct dom_sid *domain_sid; /* optional */
+		uint32_t minimum_dc_flags; /* DS_SERVER_* */
+		const char *server_address; /* optional, bypass name
+					       resolution */
+	} in;
+	struct {
+		const char *address; /* IP address of server */
+		struct netlogon_samlogon_response netlogon;
+	} out;
+};
+
+#include "finddcs_proto.h"
diff --git a/source4/libcli/finddcs_cldap.c b/source4/libcli/finddcs_cldap.c
new file mode 100644
index 0000000..b385b1c
--- /dev/null
+++ b/source4/libcli/finddcs_cldap.c
@@ -0,0 +1,483 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   a composite API for finding a DC and its name via CLDAP
+
+   Copyright (C) Andrew Tridgell 2010
+   Copyright (C) Andrew Bartlett 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "include/includes.h"
+#include <tevent.h>
+#include "libcli/resolve/resolve.h"
+#include "libcli/cldap/cldap.h"
+#include "libcli/finddc.h"
+#include "libcli/security/security.h"
+#include "lib/util/tevent_ntstatus.h"
+#include "lib/tsocket/tsocket.h"
+#include "libcli/composite/composite.h"
+#include "lib/util/util_net.h"
+
+struct finddcs_cldap_state {
+	struct tevent_context *ev;
+	struct tevent_req *req;
+	const char *domain_name;
+	struct dom_sid *domain_sid;
+	const char *srv_name;
+	const char **srv_addresses;
+	uint32_t minimum_dc_flags;
+	uint32_t srv_address_index;
+	struct cldap_socket *cldap;
+	struct cldap_netlogon *netlogon;
+	NTSTATUS status;
+};
+
+static void finddcs_cldap_srv_resolved(struct composite_context *ctx);
+static void finddcs_cldap_netlogon_replied(struct tevent_req *req);
+static bool finddcs_cldap_srv_lookup(struct finddcs_cldap_state *state,
+				     struct finddcs *io,
+				     struct resolve_context *resolve_ctx,
+				     struct tevent_context *event_ctx);
+static bool finddcs_cldap_nbt_lookup(struct finddcs_cldap_state *state,
+				     struct finddcs *io,
+				     struct resolve_context *resolve_ctx,
+				     struct tevent_context *event_ctx);
+static void finddcs_cldap_nbt_resolved(struct composite_context *ctx);
+static bool finddcs_cldap_name_lookup(struct finddcs_cldap_state *state,
+				      struct finddcs *io,
+				      struct resolve_context *resolve_ctx,
+				      struct tevent_context *event_ctx);
+static void finddcs_cldap_name_resolved(struct composite_context *ctx);
+static void finddcs_cldap_next_server(struct finddcs_cldap_state *state);
+static bool finddcs_cldap_ipaddress(struct finddcs_cldap_state *state, struct finddcs *io);
+
+
+/*
+ * find a list of DCs via DNS/CLDAP
+ */
+struct tevent_req *finddcs_cldap_send(TALLOC_CTX *mem_ctx,
+				      struct finddcs *io,
+				      struct resolve_context *resolve_ctx,
+				      struct tevent_context *event_ctx)
+{
+	struct finddcs_cldap_state *state;
+	struct tevent_req *req;
+
+	req = tevent_req_create(mem_ctx, &state, struct finddcs_cldap_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	state->req = req;
+	state->ev = event_ctx;
+	state->minimum_dc_flags = io->in.minimum_dc_flags;
+
+	if (io->in.domain_name) {
+		state->domain_name = talloc_strdup(state, io->in.domain_name);
+		if (tevent_req_nomem(state->domain_name, req)) {
+			return tevent_req_post(req, event_ctx);
+		}
+	} else {
+		state->domain_name = NULL;
+	}
+
+	if (io->in.domain_sid) {
+		state->domain_sid = dom_sid_dup(state, io->in.domain_sid);
+		if (tevent_req_nomem(state->domain_sid, req)) {
+			return tevent_req_post(req, event_ctx);
+		}
+	} else {
+		state->domain_sid = NULL;
+	}
+
+	if (io->in.server_address) {
+		if (is_ipaddress(io->in.server_address)) {
+			DEBUG(4,("finddcs: searching for a DC by IP %s\n",
+				 io->in.server_address));
+			if (!finddcs_cldap_ipaddress(state, io)) {
+				return tevent_req_post(req, event_ctx);
+			}
+		} else {
+			if (!finddcs_cldap_name_lookup(state, io, resolve_ctx,
+						       event_ctx)) {
+				return tevent_req_post(req, event_ctx);
+			}
+		}
+	} else if (io->in.domain_name) {
+		if (strchr(state->domain_name, '.')) {
+			/* looks like a DNS name */
+			DEBUG(4,("finddcs: searching for a DC by DNS domain %s\n", state->domain_name));
+			if (!finddcs_cldap_srv_lookup(state, io, resolve_ctx,
+						      event_ctx)) {
+				return tevent_req_post(req, event_ctx);
+			}
+		} else {
+			DEBUG(4,("finddcs: searching for a DC by NBT lookup %s\n", state->domain_name));
+			if (!finddcs_cldap_nbt_lookup(state, io, resolve_ctx,
+						      event_ctx)) {
+				return tevent_req_post(req, event_ctx);
+			}
+		}
+	} else {
+		/* either we have the domain name or the IP address */
+		tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
+		DEBUG(2,("finddcs: Please specify at least the domain name or the IP address! \n"));
+		return tevent_req_post(req, event_ctx);
+	}
+
+	return req;
+}
+
+
+/*
+  we've been told the IP of the server, bypass name
+  resolution and go straight to CLDAP
+*/
+static bool finddcs_cldap_ipaddress(struct finddcs_cldap_state *state, struct finddcs *io)
+{
+	NTSTATUS status;
+
+	state->srv_addresses = talloc_array(state, const char *, 2);
+	if (tevent_req_nomem(state->srv_addresses, state->req)) {
+		return false;
+	}
+	state->srv_addresses[0] = talloc_strdup(state->srv_addresses, io->in.server_address);
+	if (tevent_req_nomem(state->srv_addresses[0], state->req)) {
+		return false;
+	}
+	state->srv_addresses[1] = NULL;
+	state->srv_address_index = 0;
+
+	finddcs_cldap_next_server(state);
+	return tevent_req_is_nterror(state->req, &status);
+}
+
+/*
+  start a SRV DNS lookup
+ */
+static bool finddcs_cldap_srv_lookup(struct finddcs_cldap_state *state,
+				     struct finddcs *io,
+				     struct resolve_context *resolve_ctx,
+				     struct tevent_context *event_ctx)
+{
+	struct composite_context *creq;
+	struct nbt_name name;
+
+	if (io->in.site_name) {
+		state->srv_name = talloc_asprintf(state, "_ldap._tcp.%s._sites.%s",
+					   io->in.site_name, io->in.domain_name);
+	} else {
+		state->srv_name = talloc_asprintf(state, "_ldap._tcp.%s", io->in.domain_name);
+	}
+
+	DEBUG(4,("finddcs: looking for SRV records for %s\n", state->srv_name));
+
+	make_nbt_name(&name, state->srv_name, 0);
+
+	creq = resolve_name_ex_send(resolve_ctx, state,
+				    RESOLVE_NAME_FLAG_FORCE_DNS | RESOLVE_NAME_FLAG_DNS_SRV,
+				    0, &name, event_ctx);
+	if (tevent_req_nomem(creq, state->req)) {
+		return false;
+	}
+	creq->async.fn = finddcs_cldap_srv_resolved;
+	creq->async.private_data = state;
+
+	return true;
+}
+
+/*
+  start a NBT name lookup for domain<1C>
+ */
+static bool finddcs_cldap_nbt_lookup(struct finddcs_cldap_state *state,
+				     struct finddcs *io,
+				     struct resolve_context *resolve_ctx,
+				     struct tevent_context *event_ctx)
+{
+	struct composite_context *creq;
+	struct nbt_name name;
+
+	make_nbt_name(&name, state->domain_name, NBT_NAME_LOGON);
+	creq = resolve_name_send(resolve_ctx, state, &name, event_ctx);
+	if (tevent_req_nomem(creq, state->req)) {
+		return false;
+	}
+	creq->async.fn = finddcs_cldap_nbt_resolved;
+	creq->async.private_data = state;
+	return true;
+}
+
+static bool finddcs_cldap_name_lookup(struct finddcs_cldap_state *state,
+				      struct finddcs *io,
+				      struct resolve_context *resolve_ctx,
+				      struct tevent_context *event_ctx)
+{
+	struct composite_context *creq;
+	struct nbt_name name;
+
+	make_nbt_name(&name, io->in.server_address, NBT_NAME_SERVER);
+	creq = resolve_name_send(resolve_ctx, state, &name, event_ctx);
+	if (tevent_req_nomem(creq, state->req)) {
+		return false;
+	}
+	creq->async.fn = finddcs_cldap_name_resolved;
+	creq->async.private_data = state;
+	return true;
+}
+
+/*
+  fire off a CLDAP query to the next server
+ */
+static void finddcs_cldap_next_server(struct finddcs_cldap_state *state)
+{
+	struct tevent_req *subreq;
+	struct tsocket_address *dest;
+	int ret;
+
+	TALLOC_FREE(state->cldap);
+
+	if (state->srv_addresses[state->srv_address_index] == NULL) {
+		if (NT_STATUS_IS_OK(state->status)) {
+			tevent_req_nterror(state->req, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+		} else {
+			tevent_req_nterror(state->req, state->status);
+		}
+		DEBUG(2,("finddcs: No matching CLDAP server found\n"));
+		return;
+	}
+
+	/* we should get the port from the SRV response */
+	ret = tsocket_address_inet_from_strings(state, "ip",
+						state->srv_addresses[state->srv_address_index],
+						389,
+						&dest);
+	if (ret == 0) {
+		state->status = NT_STATUS_OK;
+	} else {
+		state->status = map_nt_error_from_unix_common(errno);
+	}
+	if (!NT_STATUS_IS_OK(state->status)) {
+		state->srv_address_index++;
+		finddcs_cldap_next_server(state);
+		return;
+	}
+
+	state->status = cldap_socket_init(state, NULL, dest, &state->cldap);
+	if (!NT_STATUS_IS_OK(state->status)) {
+		state->srv_address_index++;
+		finddcs_cldap_next_server(state);
+		return;
+	}
+
+	TALLOC_FREE(state->netlogon);
+	state->netlogon = talloc_zero(state, struct cldap_netlogon);
+	if (state->netlogon == NULL) {
+		state->status = NT_STATUS_NO_MEMORY;
+		state->srv_address_index++;
+		finddcs_cldap_next_server(state);
+		return;
+	}
+
+	if ((state->domain_name != NULL) && (strchr(state->domain_name, '.'))) {
+		state->netlogon->in.realm = state->domain_name;
+	}
+	if (state->domain_sid) {
+		state->netlogon->in.domain_sid = dom_sid_string(state, state->domain_sid);
+		if (state->netlogon->in.domain_sid == NULL) {
+			state->status = NT_STATUS_NO_MEMORY;
+			state->srv_address_index++;
+			finddcs_cldap_next_server(state);
+			return;
+		}
+	}
+	state->netlogon->in.acct_control = -1;
+	state->netlogon->in.version =
+		NETLOGON_NT_VERSION_5 |
+		NETLOGON_NT_VERSION_5EX |
+		NETLOGON_NT_VERSION_IP;
+	state->netlogon->in.map_response = true;
+
+	DEBUG(4,("finddcs: performing CLDAP query on %s\n",
+		 state->srv_addresses[state->srv_address_index]));
+
+	subreq = cldap_netlogon_send(state, state->ev,
+				     state->cldap, state->netlogon);
+	if (subreq == NULL) {
+		state->status = NT_STATUS_NO_MEMORY;
+		state->srv_address_index++;
+		finddcs_cldap_next_server(state);
+		return;
+	}
+
+	tevent_req_set_callback(subreq, finddcs_cldap_netlogon_replied, state);
+}
+
+
+/*
+  we have a response from a CLDAP server for a netlogon request
+ */
+static void finddcs_cldap_netlogon_replied(struct tevent_req *subreq)
+{
+	struct finddcs_cldap_state *state;
+	NTSTATUS status;
+
+	state = tevent_req_callback_data(subreq, struct finddcs_cldap_state);
+
+	status = cldap_netlogon_recv(subreq, state->netlogon, state->netlogon);
+	TALLOC_FREE(subreq);
+	TALLOC_FREE(state->cldap);
+	if (!NT_STATUS_IS_OK(status)) {
+		state->status = status;
+		state->srv_address_index++;
+		finddcs_cldap_next_server(state);
+		return;
+	}
+	if (state->minimum_dc_flags !=
+	    (state->minimum_dc_flags & state->netlogon->out.netlogon.data.nt5_ex.server_type)) {
+		/* the server didn't match the minimum requirements */
+		DEBUG(4,("finddcs: Skipping DC %s with server_type=0x%08x - required 0x%08x\n",
+			 state->srv_addresses[state->srv_address_index],
+			 state->netlogon->out.netlogon.data.nt5_ex.server_type,
+			 state->minimum_dc_flags));
+		state->srv_address_index++;
+		finddcs_cldap_next_server(state);
+		return;
+	}
+
+	DEBUG(4,("finddcs: Found matching DC %s with server_type=0x%08x\n",
+		 state->srv_addresses[state->srv_address_index],
+		 state->netlogon->out.netlogon.data.nt5_ex.server_type));
+
+	tevent_req_done(state->req);
+}
+
+static void finddcs_cldap_name_resolved(struct composite_context *ctx)
+{
+	struct finddcs_cldap_state *state =
+		talloc_get_type(ctx->async.private_data, struct finddcs_cldap_state);
+	NTSTATUS status;
+	unsigned i;
+
+	status = resolve_name_multiple_recv(ctx, state, &state->srv_addresses);
+	if (tevent_req_nterror(state->req, status)) {
+		DEBUG(2,("finddcs: No matching server found\n"));
+		return;
+	}
+
+	for (i=0; state->srv_addresses[i]; i++) {
+		DEBUG(4,("finddcs: response %u at '%s'\n",
+		         i, state->srv_addresses[i]));
+	}
+
+	state->srv_address_index = 0;
+
+	state->status = NT_STATUS_OK;
+	finddcs_cldap_next_server(state);
+}
+
+/*
+   handle NBT name lookup reply
+ */
+static void finddcs_cldap_nbt_resolved(struct composite_context *ctx)
+{
+	struct finddcs_cldap_state *state =
+		talloc_get_type(ctx->async.private_data, struct finddcs_cldap_state);
+	NTSTATUS status;
+	unsigned i;
+
+	status = resolve_name_multiple_recv(ctx, state, &state->srv_addresses);
+	if (tevent_req_nterror(state->req, status)) {
+		DEBUG(2,("finddcs: No matching NBT <1c> server found\n"));
+		return;
+	}
+
+	for (i=0; state->srv_addresses[i]; i++) {
+		DEBUG(4,("finddcs: NBT <1c> response %u at '%s'\n",
+		         i, state->srv_addresses[i]));
+	}
+
+	state->srv_address_index = 0;
+
+	finddcs_cldap_next_server(state);
+}
+
+
+/*
+ * Having got a DNS SRV answer, fire off the first CLDAP request
+ */
+static void finddcs_cldap_srv_resolved(struct composite_context *ctx)
+{
+	struct finddcs_cldap_state *state =
+		talloc_get_type(ctx->async.private_data, struct finddcs_cldap_state);
+	NTSTATUS status;
+	unsigned i;
+
+	status = resolve_name_multiple_recv(ctx, state, &state->srv_addresses);
+	if (tevent_req_nterror(state->req, status)) {
+		DEBUG(2,("finddcs: Failed to find SRV record for %s\n", state->srv_name));
+		return;
+	}
+
+	for (i=0; state->srv_addresses[i]; i++) {
+		DEBUG(4,("finddcs: DNS SRV response %u at '%s'\n", i, state->srv_addresses[i]));
+	}
+
+	state->srv_address_index = 0;
+
+	state->status = NT_STATUS_OK;
+	finddcs_cldap_next_server(state);
+}
+
+
+NTSTATUS finddcs_cldap_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, struct finddcs *io)
+{
+	struct finddcs_cldap_state *state = tevent_req_data(req, struct finddcs_cldap_state);
+	bool ok;
+	NTSTATUS status;
+
+	ok = tevent_req_poll(req, state->ev);
+	if (!ok) {
+		talloc_free(req);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+	if (tevent_req_is_nterror(req, &status)) {
+		tevent_req_received(req);
+		return status;
+	}
+
+	talloc_steal(mem_ctx, state->netlogon);
+	io->out.netlogon = state->netlogon->out.netlogon;
+	io->out.address = talloc_steal(
+		mem_ctx, state->srv_addresses[state->srv_address_index]);
+
+	tevent_req_received(req);
+	return NT_STATUS_OK;
+}
+
+NTSTATUS finddcs_cldap(TALLOC_CTX *mem_ctx,
+		       struct finddcs *io,
+		       struct resolve_context *resolve_ctx,
+		       struct tevent_context *event_ctx)
+{
+	NTSTATUS status;
+	struct tevent_req *req = finddcs_cldap_send(mem_ctx,
+						    io,
+						    resolve_ctx,
+						    event_ctx);
+	status = finddcs_cldap_recv(req, mem_ctx, io);
+	talloc_free(req);
+	return status;
+}
diff --git a/source4/libcli/ldap/ldap_bind.c b/source4/libcli/ldap/ldap_bind.c
new file mode 100644
index 0000000..1f73082
--- /dev/null
+++ b/source4/libcli/ldap/ldap_bind.c
@@ -0,0 +1,545 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   LDAP bind calls
+   
+   Copyright (C) Andrew Tridgell  2005
+   Copyright (C) Volker Lendecke  2004
+    
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+   
+*/
+
+#include "includes.h"
+#include "libcli/ldap/libcli_ldap.h"
+#include "libcli/ldap/ldap_proto.h"
+#include "libcli/ldap/ldap_client.h"
+#include "lib/tls/tls.h"
+#include "auth/gensec/gensec.h"
+#include "auth/gensec/gensec_internal.h" /* TODO: remove this */
+#include "source4/auth/gensec/gensec_tstream.h"
+#include "auth/credentials/credentials.h"
+#include "lib/stream/packet.h"
+#include "param/param.h"
+#include "param/loadparm.h"
+#include "librpc/gen_ndr/ads.h"
+
+struct ldap_simple_creds {
+	const char *dn;
+	const char *pw;
+};
+
+_PUBLIC_ NTSTATUS ldap_rebind(struct ldap_connection *conn)
+{
+	NTSTATUS status;
+	struct ldap_simple_creds *creds;
+
+	switch (conn->bind.type) {
+	case LDAP_BIND_SASL:
+		status = ldap_bind_sasl(conn, (struct cli_credentials *)conn->bind.creds,
+					conn->lp_ctx);
+		break;
+		
+	case LDAP_BIND_SIMPLE:
+		creds = (struct ldap_simple_creds *)conn->bind.creds;
+
+		if (creds == NULL) {
+			return NT_STATUS_UNSUCCESSFUL;
+		}
+
+		status = ldap_bind_simple(conn, creds->dn, creds->pw);
+		break;
+
+	default:
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	return status;
+}
+
+
+static struct ldap_message *new_ldap_simple_bind_msg(struct ldap_connection *conn, 
+						     const char *dn, const char *pw)
+{
+	struct ldap_message *res;
+
+	res = new_ldap_message(conn);
+	if (!res) {
+		return NULL;
+	}
+
+	res->type = LDAP_TAG_BindRequest;
+	res->r.BindRequest.version = 3;
+	res->r.BindRequest.dn = talloc_strdup(res, dn);
+	res->r.BindRequest.mechanism = LDAP_AUTH_MECH_SIMPLE;
+	res->r.BindRequest.creds.password = talloc_strdup(res, pw);
+	res->controls = NULL;
+
+	return res;
+}
+
+
+/*
+  perform a simple username/password bind
+*/
+_PUBLIC_ NTSTATUS ldap_bind_simple(struct ldap_connection *conn, 
+			  const char *userdn, const char *password)
+{
+	struct ldap_request *req;
+	struct ldap_message *msg;
+	const char *dn, *pw;
+	NTSTATUS status;
+
+	if (conn == NULL) {
+		return NT_STATUS_INVALID_CONNECTION;
+	}
+
+	if (userdn) {
+		dn = userdn;
+	} else {
+		if (conn->auth_dn) {
+			dn = conn->auth_dn;
+		} else {
+			dn = "";
+		}
+	}
+
+	if (password) {
+		pw = password;
+	} else {
+		if (conn->simple_pw) {
+			pw = conn->simple_pw;
+		} else {
+			pw = "";
+		}
+	}
+
+	msg = new_ldap_simple_bind_msg(conn, dn, pw);
+	NT_STATUS_HAVE_NO_MEMORY(msg);
+
+	/* send the request */
+	req = ldap_request_send(conn, msg);
+	talloc_free(msg);
+	NT_STATUS_HAVE_NO_MEMORY(req);
+
+	/* wait for replies */
+	status = ldap_request_wait(req);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(req);
+		return status;
+	}
+
+	/* check its a valid reply */
+	msg = req->replies[0];
+	if (msg->type != LDAP_TAG_BindResponse) {
+		talloc_free(req);
+		return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
+	}
+
+	status = ldap_check_response(conn, &msg->r.BindResponse.response);
+
+	talloc_free(req);
+
+	if (NT_STATUS_IS_OK(status)) {
+		struct ldap_simple_creds *creds = talloc(conn, struct ldap_simple_creds);
+		if (creds == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		creds->dn = talloc_strdup(creds, dn);
+		creds->pw = talloc_strdup(creds, pw);
+		if (creds->dn == NULL || creds->pw == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		conn->bind.type = LDAP_BIND_SIMPLE;
+		conn->bind.creds = creds;
+	}
+
+	return status;
+}
+
+
+static struct ldap_message *new_ldap_sasl_bind_msg(struct ldap_connection *conn, 
+						   const char *sasl_mechanism, 
+						   DATA_BLOB *secblob)
+{
+	struct ldap_message *res;
+
+	res = new_ldap_message(conn);
+	if (!res) {
+		return NULL;
+	}
+
+	res->type = LDAP_TAG_BindRequest;
+	res->r.BindRequest.version = 3;
+	res->r.BindRequest.dn = "";
+	res->r.BindRequest.mechanism = LDAP_AUTH_MECH_SASL;
+	res->r.BindRequest.creds.SASL.mechanism = talloc_strdup(res, sasl_mechanism);
+	if (secblob) {
+		res->r.BindRequest.creds.SASL.secblob = talloc(res, DATA_BLOB);
+		if (!res->r.BindRequest.creds.SASL.secblob) {
+			talloc_free(res);
+			return NULL;
+		}
+		*res->r.BindRequest.creds.SASL.secblob = *secblob;
+	} else {
+		res->r.BindRequest.creds.SASL.secblob = NULL;
+	}
+	res->controls = NULL;
+
+	return res;
+}
+
+
+/*
+  perform a sasl bind using the given credentials
+*/
+_PUBLIC_ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn,
+			struct cli_credentials *creds,
+			struct loadparm_context *lp_ctx)
+{
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = NULL;
+
+	DATA_BLOB input = data_blob(NULL, 0);
+	DATA_BLOB output = data_blob(NULL, 0);
+
+	struct ldap_message **sasl_mechs_msgs;
+	struct ldap_SearchResEntry *search;
+	int count, i;
+	bool first = true;
+	int wrap_flags = 0;
+	const char **sasl_names;
+	uint32_t old_gensec_features;
+	static const char *supported_sasl_mech_attrs[] = {
+		"supportedSASLMechanisms", 
+		NULL 
+	};
+	unsigned int logon_retries = 0;
+	size_t queue_length;
+
+	if (conn->sockets.active == NULL) {
+		status = NT_STATUS_CONNECTION_DISCONNECTED;
+		goto failed;
+	}
+
+	queue_length = tevent_queue_length(conn->sockets.send_queue);
+	if (queue_length != 0) {
+		status = NT_STATUS_INVALID_PARAMETER_MIX;
+		DEBUG(1, ("SASL bind triggered with non empty send_queue[%zu]: %s\n",
+			  queue_length, nt_errstr(status)));
+		goto failed;
+	}
+
+	if (conn->pending != NULL) {
+		status = NT_STATUS_INVALID_PARAMETER_MIX;
+		DEBUG(1, ("SASL bind triggered with pending requests: %s\n",
+			  nt_errstr(status)));
+		goto failed;
+	}
+
+	status = ildap_search(conn, "", LDAP_SEARCH_SCOPE_BASE, "", supported_sasl_mech_attrs,
+			      false, NULL, NULL, &sasl_mechs_msgs);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(1, ("Failed to inquire of target's available sasl mechs in rootdse search: %s\n",
+			  nt_errstr(status)));
+		goto failed;
+	}
+
+	count = ildap_count_entries(conn, sasl_mechs_msgs);
+	if (count != 1) {
+		DEBUG(1, ("Failed to inquire of target's available sasl mechs in rootdse search: wrong number of replies: %d\n",
+			  count));
+		goto failed;
+	}
+
+	tmp_ctx = talloc_new(conn);
+	if (tmp_ctx == NULL) goto failed;
+
+	search = &sasl_mechs_msgs[0]->r.SearchResultEntry;
+	if (search->num_attributes != 1) {
+		DEBUG(1, ("Failed to inquire of target's available sasl mechs in rootdse search: wrong number of attributes: %d != 1\n",
+			  search->num_attributes));
+		goto failed;
+	}
+
+	sasl_names = talloc_array(tmp_ctx, const char *, search->attributes[0].num_values + 1);
+	if (!sasl_names) {
+		DEBUG(1, ("talloc_arry(char *, %d) failed\n",
+			  count));
+		goto failed;
+	}
+
+	for (i=0; i<search->attributes[0].num_values; i++) {
+		sasl_names[i] = (const char *)search->attributes[0].values[i].data;
+	}
+	sasl_names[i] = NULL;
+
+	gensec_init();
+
+	if (conn->sockets.active == conn->sockets.tls) {
+		/*
+		 * require Kerberos SIGN/SEAL only if we don't use SSL
+		 * Windows seem not to like double encryption
+		 */
+		wrap_flags = 0;
+	} else if (cli_credentials_is_anonymous(creds)) {
+		/*
+		 * anonymous isn't protected
+		 */
+		wrap_flags = 0;
+	} else {
+		wrap_flags = lpcfg_client_ldap_sasl_wrapping(lp_ctx);
+	}
+
+try_logon_again:
+	/*
+	  we loop back here on a logon failure, and re-create the
+	  gensec session. The logon_retries counter ensures we don't
+	  loop forever.
+	 */
+	data_blob_free(&input);
+	TALLOC_FREE(conn->gensec);
+
+	status = gensec_client_start(conn, &conn->gensec,
+				     lpcfg_gensec_settings(conn, lp_ctx));
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("Failed to start GENSEC engine (%s)\n", nt_errstr(status)));
+		goto failed;
+	}
+
+	old_gensec_features = cli_credentials_get_gensec_features(creds);
+	if (wrap_flags == 0) {
+		cli_credentials_set_gensec_features(creds,
+				old_gensec_features & ~(GENSEC_FEATURE_SIGN|GENSEC_FEATURE_SEAL),
+				CRED_SPECIFIED);
+	}
+
+	/* this call also sets the gensec_want_features */
+	status = gensec_set_credentials(conn->gensec, creds);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(1, ("Failed to set GENSEC creds: %s\n", 
+			  nt_errstr(status)));
+		goto failed;
+	}
+
+	/* reset the original gensec_features (on the credentials
+	 * context, so we don't tattoo it ) */
+	cli_credentials_set_gensec_features(creds,
+					    old_gensec_features,
+					    CRED_SPECIFIED);
+
+	if (wrap_flags & ADS_AUTH_SASL_SEAL) {
+		gensec_want_feature(conn->gensec, GENSEC_FEATURE_SIGN);
+		gensec_want_feature(conn->gensec, GENSEC_FEATURE_SEAL);
+	}
+	if (wrap_flags & ADS_AUTH_SASL_SIGN) {
+		gensec_want_feature(conn->gensec, GENSEC_FEATURE_SIGN);
+	}
+
+	/*
+	 * This is an indication for the NTLMSSP backend to
+	 * also encrypt when only GENSEC_FEATURE_SIGN is requested
+	 * in gensec_[un]wrap().
+	 */
+	gensec_want_feature(conn->gensec, GENSEC_FEATURE_LDAP_STYLE);
+
+	if (conn->host) {
+		status = gensec_set_target_hostname(conn->gensec, conn->host);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(1, ("Failed to set GENSEC target hostname: %s\n", 
+				  nt_errstr(status)));
+			goto failed;
+		}
+	}
+
+	status = gensec_set_target_service(conn->gensec, "ldap");
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(1, ("Failed to set GENSEC target service: %s\n", 
+			  nt_errstr(status)));
+		goto failed;
+	}
+
+	status = gensec_start_mech_by_sasl_list(conn->gensec, sasl_names);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(1, ("None of the %d proposed SASL mechs were acceptable: %s\n",
+			  count, nt_errstr(status)));
+		goto failed;
+	}
+
+	while (1) {
+		NTSTATUS gensec_status;
+		struct ldap_message *response;
+		struct ldap_message *msg;
+		struct ldap_request *req;
+		int result = LDAP_OTHER;
+	
+		status = gensec_update(conn->gensec, tmp_ctx,
+				       input,
+				       &output);
+		/* The status value here, from GENSEC is vital to the security
+		 * of the system.  Even if the other end accepts, if GENSEC
+		 * claims 'MORE_PROCESSING_REQUIRED' then you must keep
+		 * feeding it blobs, or else the remote host/attacker might
+		 * avoid mutual authentication requirements.
+		 *
+		 * Likewise, you must not feed GENSEC too much (after the OK),
+		 * it doesn't like that either.
+		 *
+		 * For SASL/EXTERNAL, there is no data to send, but we still
+		 * must send the actual Bind request the first time around.
+		 * Otherwise, a result of NT_STATUS_OK with 0 output means the
+		 * end of a multi-step authentication, and no message must be
+		 * sent.
+		 */
+
+		gensec_status = status;
+
+		if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) && 
+		    !NT_STATUS_IS_OK(status)) {
+			break;
+		}
+		if (NT_STATUS_IS_OK(status) && output.length == 0) {
+			if (!first)
+				break;
+		}
+		first = false;
+
+		/* Perhaps we should make gensec_start_mech_by_sasl_list() return the name we got? */
+		msg = new_ldap_sasl_bind_msg(tmp_ctx, conn->gensec->ops->sasl_name, (output.data?&output:NULL));
+		if (msg == NULL) {
+			status = NT_STATUS_NO_MEMORY;
+			goto failed;
+		}
+
+		req = ldap_request_send(conn, msg);
+		if (req == NULL) {
+			status = NT_STATUS_NO_MEMORY;
+			goto failed;
+		}
+		talloc_reparent(conn, tmp_ctx, req);
+
+		status = ldap_result_n(req, 0, &response);
+		if (!NT_STATUS_IS_OK(status)) {
+			goto failed;
+		}
+		
+		if (response->type != LDAP_TAG_BindResponse) {
+			status = NT_STATUS_UNEXPECTED_NETWORK_ERROR;
+			goto failed;
+		}
+
+		result = response->r.BindResponse.response.resultcode;
+
+		if (result == LDAP_STRONG_AUTH_REQUIRED) {
+			if (wrap_flags == 0) {
+				wrap_flags = ADS_AUTH_SASL_SIGN;
+				goto try_logon_again;
+			}
+		}
+
+		if (result == LDAP_INVALID_CREDENTIALS) {
+			/*
+			  try a second time on invalid credentials, to
+			  give the user a chance to re-enter the
+			  password and to handle the case where our
+			  kerberos ticket is invalid as the server
+			  password has changed
+			*/
+			const char *principal;
+
+			principal = gensec_get_target_principal(conn->gensec);
+			if (principal == NULL) {
+				const char *hostname = gensec_get_target_hostname(conn->gensec);
+				const char *service  = gensec_get_target_service(conn->gensec);
+				if (hostname != NULL && service != NULL) {
+					principal = talloc_asprintf(tmp_ctx, "%s/%s", service, hostname);
+				}
+			}
+
+			if (cli_credentials_failed_kerberos_login(creds, principal, &logon_retries) ||
+			    cli_credentials_wrong_password(creds)) {
+				/*
+				  destroy our gensec session and loop
+				  back up to the top to retry,
+				  offering the user a chance to enter
+				  new credentials, or get a new ticket
+				  if using kerberos
+				 */
+				goto try_logon_again;
+			}
+		}
+
+		if (result != LDAP_SUCCESS && result != LDAP_SASL_BIND_IN_PROGRESS) {
+			status = ldap_check_response(conn, 
+						     &response->r.BindResponse.response);
+			break;
+		}
+
+		/* This is where we check if GENSEC wanted to be fed more data */
+		if (!NT_STATUS_EQUAL(gensec_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+			break;
+		}
+		if (response->r.BindResponse.SASL.secblob) {
+			input = *response->r.BindResponse.SASL.secblob;
+		} else {
+			input = data_blob(NULL, 0);
+		}
+	}
+
+	TALLOC_FREE(tmp_ctx);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		goto failed;
+	}
+
+	conn->bind.type = LDAP_BIND_SASL;
+	conn->bind.creds = creds;
+
+	if (wrap_flags & ADS_AUTH_SASL_SEAL) {
+		if (!gensec_have_feature(conn->gensec, GENSEC_FEATURE_SIGN)) {
+			return NT_STATUS_INVALID_NETWORK_RESPONSE;
+		}
+
+		if (!gensec_have_feature(conn->gensec, GENSEC_FEATURE_SEAL)) {
+			return NT_STATUS_INVALID_NETWORK_RESPONSE;
+		}
+	} else if (wrap_flags & ADS_AUTH_SASL_SIGN) {
+		if (!gensec_have_feature(conn->gensec, GENSEC_FEATURE_SIGN)) {
+			return NT_STATUS_INVALID_NETWORK_RESPONSE;
+		}
+	}
+
+	if (!gensec_have_feature(conn->gensec, GENSEC_FEATURE_SIGN) &&
+	    !gensec_have_feature(conn->gensec, GENSEC_FEATURE_SEAL)) {
+		return NT_STATUS_OK;
+	}
+
+	status = gensec_create_tstream(conn->sockets.raw,
+				       conn->gensec,
+				       conn->sockets.raw,
+				       &conn->sockets.sasl);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto failed;
+	}
+
+	conn->sockets.active = conn->sockets.sasl;
+
+	return NT_STATUS_OK;
+
+failed:
+	talloc_free(tmp_ctx);
+	talloc_free(conn->gensec);
+	conn->gensec = NULL;
+	return status;
+}
diff --git a/source4/libcli/ldap/ldap_client.c b/source4/libcli/ldap/ldap_client.c
new file mode 100644
index 0000000..db13ad3
--- /dev/null
+++ b/source4/libcli/ldap/ldap_client.c
@@ -0,0 +1,1069 @@
+/* 
+   Unix SMB/CIFS implementation.
+   LDAP protocol helper functions for SAMBA
+   
+   Copyright (C) Andrew Tridgell  2004
+   Copyright (C) Volker Lendecke 2004
+   Copyright (C) Stefan Metzmacher 2004
+   Copyright (C) Simo Sorce 2004
+    
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+   
+*/
+
+#include "includes.h"
+#include <tevent.h>
+#include "lib/socket/socket.h"
+#include "lib/tsocket/tsocket.h"
+#include "libcli/util/tstream.h"
+#include "../lib/util/asn1.h"
+#include "../lib/util/dlinklist.h"
+#include "libcli/ldap/libcli_ldap.h"
+#include "libcli/ldap/ldap_proto.h"
+#include "libcli/ldap/ldap_client.h"
+#include "libcli/composite/composite.h"
+#include "lib/tls/tls.h"
+#include "auth/gensec/gensec.h"
+#include "system/time.h"
+#include "param/param.h"
+#include "libcli/resolve/resolve.h"
+
+static void ldap_connection_dead(struct ldap_connection *conn, NTSTATUS status);
+
+static int ldap_connection_destructor(struct ldap_connection *conn)
+{
+	/*
+	 * NT_STATUS_OK means that callbacks of pending requests are not
+	 * triggered
+	 */
+	ldap_connection_dead(conn, NT_STATUS_OK);
+	return 0;
+}
+
+/**
+  create a new ldap_connection structure. The event context is optional
+*/
+
+_PUBLIC_ struct ldap_connection *ldap4_new_connection(TALLOC_CTX *mem_ctx, 
+					     struct loadparm_context *lp_ctx,
+					     struct tevent_context *ev)
+{
+	struct ldap_connection *conn;
+
+	if (ev == NULL) {
+		return NULL;
+	}
+
+	conn = talloc_zero(mem_ctx, struct ldap_connection);
+	if (conn == NULL) {
+		return NULL;
+	}
+
+	conn->next_messageid  = 1;
+	conn->event.event_ctx = ev;
+
+	conn->sockets.send_queue = tevent_queue_create(conn,
+					"ldap_connection send_queue");
+	if (conn->sockets.send_queue == NULL) {
+		TALLOC_FREE(conn);
+		return NULL;
+	}
+
+	conn->lp_ctx = lp_ctx;
+
+	/* set a reasonable request timeout */
+	conn->timeout = 60;
+
+	/* explicitly avoid reconnections by default */
+	conn->reconnect.max_retries = 0;
+
+	talloc_set_destructor(conn, ldap_connection_destructor);
+	return conn;
+}
+
+/*
+  the connection is dead
+*/
+static void ldap_connection_dead(struct ldap_connection *conn, NTSTATUS status)
+{
+	struct ldap_request *req;
+
+	tevent_queue_stop(conn->sockets.send_queue);
+	TALLOC_FREE(conn->sockets.recv_subreq);
+	conn->sockets.active = NULL;
+	TALLOC_FREE(conn->sockets.sasl);
+	TALLOC_FREE(conn->sockets.tls);
+	TALLOC_FREE(conn->sockets.raw);
+
+	/* return an error for any pending request ... */
+	while (conn->pending) {
+		req = conn->pending;
+		DLIST_REMOVE(req->conn->pending, req);
+		req->conn = NULL;
+		req->state = LDAP_REQUEST_DONE;
+		if (NT_STATUS_IS_OK(status)) {
+			continue;
+		}
+		req->status = status;
+		if (req->async.fn) {
+			req->async.fn(req);
+		}
+	}
+}
+
+static void ldap_reconnect(struct ldap_connection *conn);
+
+/*
+  handle packet errors
+*/
+static void ldap_error_handler(struct ldap_connection *conn, NTSTATUS status)
+{
+	ldap_connection_dead(conn, status);
+
+	/* but try to reconnect so that the ldb client can go on */
+	ldap_reconnect(conn);
+}
+
+
+/*
+  match up with a pending message, adding to the replies list
+*/
+static void ldap_match_message(struct ldap_connection *conn, struct ldap_message *msg)
+{
+	struct ldap_request *req;
+	int i;
+
+	for (req=conn->pending; req; req=req->next) {
+		if (req->messageid == msg->messageid) break;
+	}
+	/* match a zero message id to the last request sent.
+	   It seems that servers send 0 if unable to parse */
+	if (req == NULL && msg->messageid == 0) {
+		req = conn->pending;
+	}
+	if (req == NULL) {
+		DEBUG(0,("ldap: no matching message id for %u\n",
+			 msg->messageid));
+		TALLOC_FREE(msg);
+		return;
+	}
+
+	/* Check for undecoded critical extensions */
+	for (i=0; msg->controls && msg->controls[i]; i++) {
+		if (!msg->controls_decoded[i] && 
+		    msg->controls[i]->critical) {
+			TALLOC_FREE(msg);
+			req->status = NT_STATUS_LDAP(LDAP_UNAVAILABLE_CRITICAL_EXTENSION);
+			req->state = LDAP_REQUEST_DONE;
+			DLIST_REMOVE(conn->pending, req);
+			if (req->async.fn) {
+				req->async.fn(req);
+			}
+			return;
+		}
+	}
+
+	/* add to the list of replies received */
+	req->replies = talloc_realloc(req, req->replies, 
+				      struct ldap_message *, req->num_replies+1);
+	if (req->replies == NULL) {
+		TALLOC_FREE(msg);
+		req->status = NT_STATUS_NO_MEMORY;
+		req->state = LDAP_REQUEST_DONE;
+		DLIST_REMOVE(conn->pending, req);
+		if (req->async.fn) {
+			req->async.fn(req);
+		}
+		return;
+	}
+
+	req->replies[req->num_replies] = talloc_steal(req->replies, msg);
+	req->num_replies++;
+
+	if (msg->type != LDAP_TAG_SearchResultEntry &&
+	    msg->type != LDAP_TAG_SearchResultReference) {
+		/* currently only search results expect multiple
+		   replies */
+		req->state = LDAP_REQUEST_DONE;
+		DLIST_REMOVE(conn->pending, req);
+	}
+
+	if (req->async.fn) {
+		req->async.fn(req);
+	}
+}
+
+static void ldap_connection_recv_done(struct tevent_req *subreq);
+
+static void ldap_connection_recv_next(struct ldap_connection *conn)
+{
+	struct tevent_req *subreq = NULL;
+
+	if (conn->sockets.recv_subreq != NULL) {
+		return;
+	}
+
+	if (conn->sockets.active == NULL) {
+		return;
+	}
+
+	if (conn->pending == NULL) {
+		return;
+	}
+
+	/*
+	 * The minimum size of a LDAP pdu is 7 bytes
+	 *
+	 * dumpasn1 -hh ldap-unbind-min.dat
+	 *
+	 *     <30 05 02 01 09 42 00>
+	 *    0    5: SEQUENCE {
+	 *     <02 01 09>
+	 *    2    1:   INTEGER 9
+	 *     <42 00>
+	 *    5    0:   [APPLICATION 2]
+	 *          :     Error: Object has zero length.
+	 *          :   }
+	 *
+	 * dumpasn1 -hh ldap-unbind-windows.dat
+	 *
+	 *     <30 84 00 00 00 05 02 01 09 42 00>
+	 *    0    5: SEQUENCE {
+	 *     <02 01 09>
+	 *    6    1:   INTEGER 9
+	 *     <42 00>
+	 *    9    0:   [APPLICATION 2]
+	 *          :     Error: Object has zero length.
+	 *          :   }
+	 *
+	 * This means using an initial read size
+	 * of 7 is ok.
+	 */
+	subreq = tstream_read_pdu_blob_send(conn,
+					    conn->event.event_ctx,
+					    conn->sockets.active,
+					    7, /* initial_read_size */
+					    ldap_full_packet,
+					    conn);
+	if (subreq == NULL) {
+		ldap_error_handler(conn, NT_STATUS_NO_MEMORY);
+		return;
+	}
+	tevent_req_set_callback(subreq, ldap_connection_recv_done, conn);
+	conn->sockets.recv_subreq = subreq;
+	return;
+}
+
+/*
+  decode/process LDAP data
+*/
+static void ldap_connection_recv_done(struct tevent_req *subreq)
+{
+	NTSTATUS status;
+	struct ldap_connection *conn =
+		tevent_req_callback_data(subreq,
+		struct ldap_connection);
+	struct ldap_message *msg;
+	struct asn1_data *asn1;
+	DATA_BLOB blob;
+	struct ldap_request_limits limits = {0};
+
+	msg = talloc_zero(conn, struct ldap_message);
+	if (msg == NULL) {
+		ldap_error_handler(conn, NT_STATUS_NO_MEMORY);
+		return;
+	}
+
+	asn1 = asn1_init(conn, ASN1_MAX_TREE_DEPTH);
+	if (asn1 == NULL) {
+		TALLOC_FREE(msg);
+		ldap_error_handler(conn, NT_STATUS_NO_MEMORY);
+		return;
+	}
+
+	conn->sockets.recv_subreq = NULL;
+
+	status = tstream_read_pdu_blob_recv(subreq,
+					    asn1,
+					    &blob);
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(msg);
+		asn1_free(asn1);
+		ldap_error_handler(conn, status);
+		return;
+	}
+
+	asn1_load_nocopy(asn1, blob.data, blob.length);
+
+	status = ldap_decode(asn1, &limits, samba_ldap_control_handlers(), msg);
+	asn1_free(asn1);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(msg);
+		ldap_error_handler(conn, status);
+		return;
+	}
+
+	ldap_match_message(conn, msg);
+	ldap_connection_recv_next(conn);
+
+	return;
+}
+
+enum ldap_proto {
+	LDAP_PROTO_NONE,
+	LDAP_PROTO_LDAP,
+	LDAP_PROTO_LDAPS,
+	LDAP_PROTO_LDAPI
+};
+
+static int ldap_parse_basic_url(
+	const char *url,
+	enum ldap_proto *pproto,
+	TALLOC_CTX *mem_ctx,
+	char **pdest,		/* path for ldapi, host for ldap[s] */
+	uint16_t *pport)	/* Not set for ldapi */
+{
+	enum ldap_proto proto = LDAP_PROTO_NONE;
+	char *host = NULL;
+	int ret, port;
+
+	if (url == NULL) {
+		return EINVAL;
+	}
+
+	if (strncasecmp_m(url, "ldapi://", strlen("ldapi://")) == 0) {
+		char *path = NULL, *end = NULL;
+
+		path = talloc_strdup(mem_ctx, url+8);
+		if (path == NULL) {
+			return ENOMEM;
+		}
+		end = rfc1738_unescape(path);
+		if (end == NULL) {
+			TALLOC_FREE(path);
+			return EINVAL;
+		}
+
+		*pproto = LDAP_PROTO_LDAPI;
+		*pdest = path;
+		return 0;
+	}
+
+	if (strncasecmp_m(url, "ldap://", strlen("ldap://")) == 0) {
+		url += 7;
+		proto = LDAP_PROTO_LDAP;
+		port = 389;
+	}
+	if (strncasecmp_m(url, "ldaps://", strlen("ldaps://")) == 0) {
+		url += 8;
+		port = 636;
+		proto = LDAP_PROTO_LDAPS;
+	}
+
+	if (proto == LDAP_PROTO_NONE) {
+		return EPROTONOSUPPORT;
+	}
+
+	if (url[0] == '[') {
+		/*
+		 * IPv6 with [aa:bb:cc..]:port
+		 */
+		const char *end = NULL;
+
+		url +=1;
+
+		end = strchr(url, ']');
+		if (end == NULL) {
+			return EINVAL;
+		}
+
+		ret = sscanf(end+1, ":%d", &port);
+		if (ret < 0) {
+			return EINVAL;
+		}
+
+		*pdest = talloc_strndup(mem_ctx, url, end-url);
+		if (*pdest == NULL) {
+			return ENOMEM;
+		}
+		*pproto = proto;
+		*pport = port;
+		return 0;
+	}
+
+	ret = sscanf(url, "%m[^:/]:%d", &host, &port);
+	if (ret < 1) {
+		return EINVAL;
+	}
+
+	*pdest = talloc_strdup(mem_ctx, host);
+	SAFE_FREE(host);
+	if (*pdest == NULL) {
+		return ENOMEM;
+	}
+	*pproto = proto;
+	*pport = port;
+
+	return 0;
+}
+
+/*
+  connect to a ldap server
+*/
+
+struct ldap_connect_state {
+	struct composite_context *ctx;
+	struct ldap_connection *conn;
+	struct socket_context *sock;
+	struct tstream_context *raw;
+	struct tstream_tls_params *tls_params;
+	struct tstream_context *tls;
+};
+
+static void ldap_connect_recv_unix_conn(struct composite_context *ctx);
+static void ldap_connect_recv_tcp_conn(struct composite_context *ctx);
+
+_PUBLIC_ struct composite_context *ldap_connect_send(struct ldap_connection *conn,
+					    const char *url)
+{
+	struct composite_context *result, *ctx;
+	struct ldap_connect_state *state;
+	enum ldap_proto proto;
+	char *dest = NULL;
+	uint16_t port;
+	int ret;
+
+	result = talloc_zero(conn, struct composite_context);
+	if (result == NULL) goto failed;
+	result->state = COMPOSITE_STATE_IN_PROGRESS;
+	result->async.fn = NULL;
+	result->event_ctx = conn->event.event_ctx;
+
+	state = talloc(result, struct ldap_connect_state);
+	if (state == NULL) goto failed;
+	state->ctx = result;
+	result->private_data = state;
+
+	state->conn = conn;
+
+	if (conn->reconnect.url == NULL) {
+		conn->reconnect.url = talloc_strdup(conn, url);
+		if (conn->reconnect.url == NULL) goto failed;
+	}
+
+	ret = ldap_parse_basic_url(url, &proto, conn, &dest, &port);
+	if (ret != 0) {
+		composite_error(result, map_nt_error_from_unix_common(ret));
+		return result;
+	}
+
+	if (proto == LDAP_PROTO_LDAPI) {
+		struct socket_address *unix_addr;
+		NTSTATUS status = socket_create(state, "unix",
+						SOCKET_TYPE_STREAM,
+						&state->sock, 0);
+		if (!NT_STATUS_IS_OK(status)) {
+			return NULL;
+		}
+
+		conn->host = talloc_asprintf(conn, "%s.%s",
+					     lpcfg_netbios_name(conn->lp_ctx),
+					     lpcfg_dnsdomain(conn->lp_ctx));
+		if (composite_nomem(conn->host, state->ctx)) {
+			return result;
+		}
+
+		unix_addr = socket_address_from_strings(state, state->sock->backend_name,
+							dest, 0);
+		if (composite_nomem(unix_addr, result)) {
+			return result;
+		}
+
+		ctx = socket_connect_send(state->sock, NULL, unix_addr,
+					  0, result->event_ctx);
+		ctx->async.fn = ldap_connect_recv_unix_conn;
+		ctx->async.private_data = state;
+		return result;
+	}
+
+	if ((proto == LDAP_PROTO_LDAP) || (proto == LDAP_PROTO_LDAPS)) {
+
+		conn->ldaps = (proto == LDAP_PROTO_LDAPS);
+
+		conn->host = talloc_move(conn, &dest);
+		conn->port = port;
+
+		if (conn->ldaps) {
+			char *ca_file = lpcfg_tls_cafile(state, conn->lp_ctx);
+			char *crl_file = lpcfg_tls_crlfile(state, conn->lp_ctx);
+			const char *tls_priority = lpcfg_tls_priority(conn->lp_ctx);
+			enum tls_verify_peer_state verify_peer =
+				lpcfg_tls_verify_peer(conn->lp_ctx);
+			NTSTATUS status;
+
+			status = tstream_tls_params_client(state,
+							   ca_file,
+							   crl_file,
+							   tls_priority,
+							   verify_peer,
+							   conn->host,
+							   &state->tls_params);
+			if (!NT_STATUS_IS_OK(status)) {
+				composite_error(result, status);
+				return result;
+			}
+		}
+
+		ctx = socket_connect_multi_send(state, conn->host, 1, &conn->port,
+						lpcfg_resolve_context(conn->lp_ctx),
+						result->event_ctx);
+		if (composite_nomem(ctx, result)) {
+			return result;
+		}
+
+		ctx->async.fn = ldap_connect_recv_tcp_conn;
+		ctx->async.private_data = state;
+		return result;
+	}
+ failed:
+	talloc_free(result);
+	return NULL;
+}
+
+static void ldap_connect_got_tls(struct tevent_req *subreq);
+
+static void ldap_connect_got_sock(struct composite_context *ctx, 
+				  struct ldap_connection *conn)
+{
+	struct ldap_connect_state *state =
+		talloc_get_type_abort(ctx->private_data,
+		struct ldap_connect_state);
+	struct tevent_req *subreq = NULL;
+	int fd;
+	int ret;
+
+	socket_set_flags(state->sock, SOCKET_FLAG_NOCLOSE);
+	fd = socket_get_fd(state->sock);
+	TALLOC_FREE(state->sock);
+
+	smb_set_close_on_exec(fd);
+
+	ret = set_blocking(fd, false);
+	if (ret == -1) {
+		NTSTATUS status = map_nt_error_from_unix_common(errno);
+		composite_error(state->ctx, status);
+		return;
+	}
+
+	ret = tstream_bsd_existing_socket(state, fd, &state->raw);
+	if (ret == -1) {
+		NTSTATUS status = map_nt_error_from_unix_common(errno);
+		composite_error(state->ctx, status);
+		return;
+	}
+
+	if (!conn->ldaps) {
+		conn->sockets.raw = talloc_move(conn, &state->raw);
+		conn->sockets.active = conn->sockets.raw;
+		composite_done(state->ctx);
+		return;
+	}
+
+	subreq = tstream_tls_connect_send(state, state->ctx->event_ctx,
+					  state->raw, state->tls_params);
+	if (composite_nomem(subreq, state->ctx)) {
+		return;
+	}
+	tevent_req_set_callback(subreq, ldap_connect_got_tls, state);
+}
+
+static void ldap_connect_got_tls(struct tevent_req *subreq)
+{
+	struct ldap_connect_state *state =
+		tevent_req_callback_data(subreq,
+		struct ldap_connect_state);
+	int err;
+	int ret;
+
+	ret = tstream_tls_connect_recv(subreq, &err, state, &state->tls);
+	TALLOC_FREE(subreq);
+	if (ret == -1) {
+		NTSTATUS status = map_nt_error_from_unix_common(err);
+		composite_error(state->ctx, status);
+		return;
+	}
+
+	talloc_steal(state->tls, state->tls_params);
+
+	state->conn->sockets.raw = talloc_move(state->conn, &state->raw);
+	state->conn->sockets.tls = talloc_move(state->conn->sockets.raw,
+					       &state->tls);
+	state->conn->sockets.active = state->conn->sockets.tls;
+	composite_done(state->ctx);
+}
+
+static void ldap_connect_recv_tcp_conn(struct composite_context *ctx)
+{
+	struct ldap_connect_state *state =
+		talloc_get_type_abort(ctx->async.private_data,
+		struct ldap_connect_state);
+	struct ldap_connection *conn = state->conn;
+	uint16_t port;
+	NTSTATUS status = socket_connect_multi_recv(ctx, state, &state->sock,
+						       &port);
+	if (!NT_STATUS_IS_OK(status)) {
+		composite_error(state->ctx, status);
+		return;
+	}
+
+	ldap_connect_got_sock(state->ctx, conn);
+}
+
+static void ldap_connect_recv_unix_conn(struct composite_context *ctx)
+{
+	struct ldap_connect_state *state =
+		talloc_get_type_abort(ctx->async.private_data,
+		struct ldap_connect_state);
+	struct ldap_connection *conn = state->conn;
+
+	NTSTATUS status = socket_connect_recv(ctx);
+
+	if (!NT_STATUS_IS_OK(state->ctx->status)) {
+		composite_error(state->ctx, status);
+		return;
+	}
+
+	ldap_connect_got_sock(state->ctx, conn);
+}
+
+_PUBLIC_ NTSTATUS ldap_connect_recv(struct composite_context *ctx)
+{
+	NTSTATUS status = composite_wait(ctx);
+	talloc_free(ctx);
+	return status;
+}
+
+_PUBLIC_ NTSTATUS ldap_connect(struct ldap_connection *conn, const char *url)
+{
+	struct composite_context *ctx = ldap_connect_send(conn, url);
+	return ldap_connect_recv(ctx);
+}
+
+/* set reconnect parameters */
+
+_PUBLIC_ void ldap_set_reconn_params(struct ldap_connection *conn, int max_retries)
+{
+	if (conn) {
+		conn->reconnect.max_retries = max_retries;
+		conn->reconnect.retries = 0;
+		conn->reconnect.previous = time_mono(NULL);
+	}
+}
+
+/* Actually this function is NOT ASYNC safe, FIXME? */
+static void ldap_reconnect(struct ldap_connection *conn)
+{
+	NTSTATUS status;
+	time_t now = time_mono(NULL);
+
+	/* do we have set up reconnect ? */
+	if (conn->reconnect.max_retries == 0) return;
+
+	/* is the retry time expired ? */
+	if (now > conn->reconnect.previous + 30) {
+		conn->reconnect.retries = 0;
+		conn->reconnect.previous = now;
+	}
+
+	/* are we reconnectind too often and too fast? */
+	if (conn->reconnect.retries > conn->reconnect.max_retries) return;
+
+	/* keep track of the number of reconnections */
+	conn->reconnect.retries++;
+
+	/* reconnect */
+	status = ldap_connect(conn, conn->reconnect.url);
+	if ( ! NT_STATUS_IS_OK(status)) {
+		return;
+	}
+
+	/* rebind */
+	status = ldap_rebind(conn);
+	if ( ! NT_STATUS_IS_OK(status)) {
+		ldap_connection_dead(conn, status);
+	}
+}
+
+static void ldap_request_destructor_abandon(struct ldap_request *abandon)
+{
+	TALLOC_FREE(abandon);
+}
+
+/* destroy an open ldap request */
+static int ldap_request_destructor(struct ldap_request *req)
+{
+	if (req->state == LDAP_REQUEST_PENDING) {
+		struct ldap_message msg = {
+			.type = LDAP_TAG_AbandonRequest,
+			.r.AbandonRequest.messageid = req->messageid,
+		};
+		struct ldap_request *abandon = NULL;
+
+		DLIST_REMOVE(req->conn->pending, req);
+
+		abandon = ldap_request_send(req->conn, &msg);
+		if (abandon == NULL) {
+			ldap_error_handler(req->conn, NT_STATUS_NO_MEMORY);
+			return 0;
+		}
+		abandon->async.fn = ldap_request_destructor_abandon;
+		abandon->async.private_data = NULL;
+	}
+
+	return 0;
+}
+
+static void ldap_request_timeout_abandon(struct ldap_request *abandon)
+{
+	struct ldap_request *req =
+		talloc_get_type_abort(abandon->async.private_data,
+		struct ldap_request);
+
+	if (req->state == LDAP_REQUEST_PENDING) {
+		DLIST_REMOVE(req->conn->pending, req);
+	}
+	req->state = LDAP_REQUEST_DONE;
+	if (req->async.fn) {
+		req->async.fn(req);
+	}
+}
+
+/*
+  called on timeout of a ldap request
+*/
+static void ldap_request_timeout(struct tevent_context *ev, struct tevent_timer *te, 
+				      struct timeval t, void *private_data)
+{
+	struct ldap_request *req =
+		talloc_get_type_abort(private_data,
+		struct ldap_request);
+
+	req->status = NT_STATUS_IO_TIMEOUT;
+	if (req->state == LDAP_REQUEST_PENDING) {
+		struct ldap_message msg = {
+			.type = LDAP_TAG_AbandonRequest,
+			.r.AbandonRequest.messageid = req->messageid,
+		};
+		struct ldap_request *abandon = NULL;
+
+		abandon = ldap_request_send(req->conn, &msg);
+		if (abandon == NULL) {
+			ldap_error_handler(req->conn, NT_STATUS_NO_MEMORY);
+			return;
+		}
+		talloc_reparent(req->conn, req, abandon);
+		abandon->async.fn = ldap_request_timeout_abandon;
+		abandon->async.private_data = req;
+		DLIST_REMOVE(req->conn->pending, req);
+		return;
+	}
+	req->state = LDAP_REQUEST_DONE;
+	if (req->async.fn) {
+		req->async.fn(req);
+	}
+}
+
+
+/*
+  called on completion of a failed ldap request
+*/
+static void ldap_request_failed_complete(struct tevent_context *ev, struct tevent_timer *te,
+				      struct timeval t, void *private_data)
+{
+	struct ldap_request *req =
+		talloc_get_type_abort(private_data,
+		struct ldap_request);
+
+	if (req->async.fn) {
+		req->async.fn(req);
+	}
+}
+
+static void ldap_request_written(struct tevent_req *subreq);
+
+/*
+  send a ldap message - async interface
+*/
+_PUBLIC_ struct ldap_request *ldap_request_send(struct ldap_connection *conn,
+				       struct ldap_message *msg)
+{
+	struct ldap_request *req;
+	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+	struct tevent_req *subreq = NULL;
+
+	req = talloc_zero(conn, struct ldap_request);
+	if (req == NULL) return NULL;
+
+	if (conn->sockets.active == NULL) {
+		status = NT_STATUS_INVALID_CONNECTION;
+		goto failed;
+	}
+
+	req->state       = LDAP_REQUEST_SEND;
+	req->conn        = conn;
+	req->messageid   = conn->next_messageid++;
+	if (conn->next_messageid == 0) {
+		conn->next_messageid = 1;
+	}
+	req->type        = msg->type;
+	if (req->messageid == -1) {
+		goto failed;
+	}
+
+	talloc_set_destructor(req, ldap_request_destructor);
+
+	msg->messageid = req->messageid;
+
+	if (!ldap_encode(msg, samba_ldap_control_handlers(), &req->data, req)) {
+		status = NT_STATUS_INTERNAL_ERROR;
+		goto failed;		
+	}
+
+	/* put a timeout on the request */
+	req->time_event = tevent_add_timer(conn->event.event_ctx, req,
+					   timeval_current_ofs(conn->timeout, 0),
+					   ldap_request_timeout, req);
+	if (req->time_event == NULL) {
+		status = NT_STATUS_NO_MEMORY;
+		goto failed;
+	}
+
+	req->write_iov.iov_base = req->data.data;
+	req->write_iov.iov_len = req->data.length;
+
+	subreq = tstream_writev_queue_send(req, conn->event.event_ctx,
+					   conn->sockets.active,
+					   conn->sockets.send_queue,
+					   &req->write_iov, 1);
+	if (subreq == NULL) {
+		status = NT_STATUS_NO_MEMORY;
+		goto failed;
+	}
+	tevent_req_set_callback(subreq, ldap_request_written, req);
+
+	req->state = LDAP_REQUEST_PENDING;
+	DLIST_ADD(conn->pending, req);
+
+	return req;
+
+failed:
+	req->status = status;
+	req->state = LDAP_REQUEST_ERROR;
+	tevent_add_timer(conn->event.event_ctx, req, timeval_zero(),
+			 ldap_request_failed_complete, req);
+
+	return req;
+}
+
+static void ldap_request_written(struct tevent_req *subreq)
+{
+	struct ldap_request *req =
+		tevent_req_callback_data(subreq,
+		struct ldap_request);
+	int err;
+	ssize_t ret;
+
+	ret = tstream_writev_queue_recv(subreq, &err);
+	TALLOC_FREE(subreq);
+	if (ret == -1) {
+		NTSTATUS error = map_nt_error_from_unix_common(err);
+		ldap_error_handler(req->conn, error);
+		return;
+	}
+
+	if (req->type == LDAP_TAG_AbandonRequest ||
+	    req->type == LDAP_TAG_UnbindRequest)
+	{
+		if (req->state == LDAP_REQUEST_PENDING) {
+			DLIST_REMOVE(req->conn->pending, req);
+		}
+		req->state = LDAP_REQUEST_DONE;
+		if (req->async.fn) {
+			req->async.fn(req);
+		}
+		return;
+	}
+
+	ldap_connection_recv_next(req->conn);
+}
+
+
+/*
+  wait for a request to complete
+  note that this does not destroy the request
+*/
+_PUBLIC_ NTSTATUS ldap_request_wait(struct ldap_request *req)
+{
+	while (req->state < LDAP_REQUEST_DONE) {
+		if (tevent_loop_once(req->conn->event.event_ctx) != 0) {
+			req->state = LDAP_REQUEST_ERROR;
+			req->status = NT_STATUS_UNEXPECTED_NETWORK_ERROR;
+			break;
+		}
+	}
+	return req->status;
+}
+
+
+/*
+  a mapping of ldap response code to strings
+*/
+static const struct {
+	enum ldap_result_code code;
+	const char *str;
+} ldap_code_map[] = {
+#define _LDAP_MAP_CODE(c) { c, #c }
+	_LDAP_MAP_CODE(LDAP_SUCCESS),
+	_LDAP_MAP_CODE(LDAP_OPERATIONS_ERROR),
+	_LDAP_MAP_CODE(LDAP_PROTOCOL_ERROR),
+	_LDAP_MAP_CODE(LDAP_TIME_LIMIT_EXCEEDED),
+	_LDAP_MAP_CODE(LDAP_SIZE_LIMIT_EXCEEDED),
+	_LDAP_MAP_CODE(LDAP_COMPARE_FALSE),
+	_LDAP_MAP_CODE(LDAP_COMPARE_TRUE),
+	_LDAP_MAP_CODE(LDAP_AUTH_METHOD_NOT_SUPPORTED),
+	_LDAP_MAP_CODE(LDAP_STRONG_AUTH_REQUIRED),
+	_LDAP_MAP_CODE(LDAP_REFERRAL),
+	_LDAP_MAP_CODE(LDAP_ADMIN_LIMIT_EXCEEDED),
+	_LDAP_MAP_CODE(LDAP_UNAVAILABLE_CRITICAL_EXTENSION),
+	_LDAP_MAP_CODE(LDAP_CONFIDENTIALITY_REQUIRED),
+	_LDAP_MAP_CODE(LDAP_SASL_BIND_IN_PROGRESS),
+	_LDAP_MAP_CODE(LDAP_NO_SUCH_ATTRIBUTE),
+	_LDAP_MAP_CODE(LDAP_UNDEFINED_ATTRIBUTE_TYPE),
+	_LDAP_MAP_CODE(LDAP_INAPPROPRIATE_MATCHING),
+	_LDAP_MAP_CODE(LDAP_CONSTRAINT_VIOLATION),
+	_LDAP_MAP_CODE(LDAP_ATTRIBUTE_OR_VALUE_EXISTS),
+	_LDAP_MAP_CODE(LDAP_INVALID_ATTRIBUTE_SYNTAX),
+	_LDAP_MAP_CODE(LDAP_NO_SUCH_OBJECT),
+	_LDAP_MAP_CODE(LDAP_ALIAS_PROBLEM),
+	_LDAP_MAP_CODE(LDAP_INVALID_DN_SYNTAX),
+	_LDAP_MAP_CODE(LDAP_ALIAS_DEREFERENCING_PROBLEM),
+	_LDAP_MAP_CODE(LDAP_INAPPROPRIATE_AUTHENTICATION),
+	_LDAP_MAP_CODE(LDAP_INVALID_CREDENTIALS),
+	_LDAP_MAP_CODE(LDAP_INSUFFICIENT_ACCESS_RIGHTS),
+	_LDAP_MAP_CODE(LDAP_BUSY),
+	_LDAP_MAP_CODE(LDAP_UNAVAILABLE),
+	_LDAP_MAP_CODE(LDAP_UNWILLING_TO_PERFORM),
+	_LDAP_MAP_CODE(LDAP_LOOP_DETECT),
+	_LDAP_MAP_CODE(LDAP_NAMING_VIOLATION),
+	_LDAP_MAP_CODE(LDAP_OBJECT_CLASS_VIOLATION),
+	_LDAP_MAP_CODE(LDAP_NOT_ALLOWED_ON_NON_LEAF),
+	_LDAP_MAP_CODE(LDAP_NOT_ALLOWED_ON_RDN),
+	_LDAP_MAP_CODE(LDAP_ENTRY_ALREADY_EXISTS),
+	_LDAP_MAP_CODE(LDAP_OBJECT_CLASS_MODS_PROHIBITED),
+	_LDAP_MAP_CODE(LDAP_AFFECTS_MULTIPLE_DSAS),
+	_LDAP_MAP_CODE(LDAP_OTHER)
+};
+
+/*
+  used to setup the status code from a ldap response
+*/
+_PUBLIC_ NTSTATUS ldap_check_response(struct ldap_connection *conn, struct ldap_Result *r)
+{
+	size_t i;
+	const char *codename = "unknown";
+
+	if (r->resultcode == LDAP_SUCCESS) {
+		return NT_STATUS_OK;
+	}
+
+	if (conn->last_error) {
+		talloc_free(conn->last_error);
+	}
+
+	for (i=0;i<ARRAY_SIZE(ldap_code_map);i++) {
+		if ((enum ldap_result_code)r->resultcode == ldap_code_map[i].code) {
+			codename = ldap_code_map[i].str;
+			break;
+		}
+	}
+
+	conn->last_error = talloc_asprintf(conn, "LDAP error %u %s - %s <%s> <%s>", 
+					   r->resultcode,
+					   codename,
+					   r->dn?r->dn:"(NULL)", 
+					   r->errormessage?r->errormessage:"", 
+					   r->referral?r->referral:"");
+	
+	return NT_STATUS_LDAP(r->resultcode);
+}
+
+/*
+  return error string representing the last error
+*/
+_PUBLIC_ const char *ldap_errstr(struct ldap_connection *conn, 
+			TALLOC_CTX *mem_ctx, 
+			NTSTATUS status)
+{
+	if (NT_STATUS_IS_LDAP(status) && conn->last_error != NULL) {
+		return talloc_strdup(mem_ctx, conn->last_error);
+	}
+	return talloc_asprintf(mem_ctx, "LDAP client internal error: %s", nt_errstr(status));
+}
+
+
+/*
+  return the Nth result message, waiting if necessary
+*/
+_PUBLIC_ NTSTATUS ldap_result_n(struct ldap_request *req, int n, struct ldap_message **msg)
+{
+	*msg = NULL;
+
+	NT_STATUS_HAVE_NO_MEMORY(req);
+
+	while (req->state < LDAP_REQUEST_DONE && n >= req->num_replies) {
+		if (tevent_loop_once(req->conn->event.event_ctx) != 0) {
+			return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
+		}
+	}
+
+	if (n < req->num_replies) {
+		*msg = req->replies[n];
+		return NT_STATUS_OK;
+	}
+
+	if (!NT_STATUS_IS_OK(req->status)) {
+		return req->status;
+	}
+
+	return NT_STATUS_NO_MORE_ENTRIES;
+}
+
+
+/*
+  return a single result message, checking if it is of the expected LDAP type
+*/
+_PUBLIC_ NTSTATUS ldap_result_one(struct ldap_request *req, struct ldap_message **msg, int type)
+{
+	NTSTATUS status;
+	status = ldap_result_n(req, 0, msg);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+	if ((*msg) != NULL && (*msg)->type != (enum ldap_request_tag)type) {
+		*msg = NULL;
+		return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
+	}
+	return status;
+}
diff --git a/source4/libcli/ldap/ldap_client.h b/source4/libcli/ldap/ldap_client.h
new file mode 100644
index 0000000..e2b1b30
--- /dev/null
+++ b/source4/libcli/ldap/ldap_client.h
@@ -0,0 +1,149 @@
+/* 
+   Unix SMB/CIFS Implementation.
+
+   ldap client side header
+
+   Copyright (C) Andrew Tridgell 2005
+    
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include "system/network.h" /* for struct iovec */
+#include "libcli/ldap/libcli_ldap.h"
+
+enum ldap_request_state { LDAP_REQUEST_SEND=1, LDAP_REQUEST_PENDING=2, LDAP_REQUEST_DONE=3, LDAP_REQUEST_ERROR=4 };
+
+/* this is the handle that the caller gets when an async ldap message
+   is sent */
+struct ldap_request {
+	struct ldap_request *next, *prev;
+	struct ldap_connection *conn;
+
+	enum ldap_request_tag type;
+	int messageid;
+	enum ldap_request_state state;
+
+	int num_replies;
+	struct ldap_message **replies;
+
+	NTSTATUS status;
+	DATA_BLOB data;
+	struct iovec write_iov;
+
+	struct {
+		void (*fn)(struct ldap_request *);
+		void *private_data;
+	} async;
+
+	struct tevent_timer *time_event;
+};
+
+
+/* main context for a ldap client connection */
+struct ldap_connection {
+	struct {
+		struct tstream_context *raw;
+		struct tstream_context *tls;
+		struct tstream_context *sasl;
+		struct tstream_context *active;
+
+		struct tevent_queue *send_queue;
+		struct tevent_req *recv_subreq;
+	} sockets;
+
+	struct loadparm_context *lp_ctx;
+
+	char *host;
+	uint16_t port;
+	bool ldaps;
+
+	const char *auth_dn;
+	const char *simple_pw;
+
+	struct {
+		char *url;
+		int max_retries;
+		int retries;
+		time_t previous;
+	} reconnect;
+
+	struct {
+		enum { LDAP_BIND_SIMPLE, LDAP_BIND_SASL } type;
+		void *creds;
+	} bind;
+
+	/* next message id to assign */
+	unsigned next_messageid;
+
+	/* Outstanding LDAP requests that have not yet been replied to */
+	struct ldap_request *pending;
+
+	/* Let's support SASL */
+	struct gensec_security *gensec;
+
+	/* the default timeout for messages */
+	int timeout;
+
+	/* last error message */
+	char *last_error;
+
+	struct {
+		struct tevent_context *event_ctx;
+	} event;
+};
+
+struct ldap_connection *ldap4_new_connection(TALLOC_CTX *mem_ctx, 
+					     struct loadparm_context *lp_ctx,
+					     struct tevent_context *ev);
+
+NTSTATUS ldap_connect(struct ldap_connection *conn, const char *url);
+struct composite_context *ldap_connect_send(struct ldap_connection *conn,
+					    const char *url);
+
+NTSTATUS ldap_rebind(struct ldap_connection *conn);
+NTSTATUS ldap_bind_simple(struct ldap_connection *conn, 
+			  const char *userdn, const char *password);
+NTSTATUS ldap_bind_sasl(struct ldap_connection *conn, 
+			struct cli_credentials *creds,
+			struct loadparm_context *lp_ctx);
+struct ldap_request *ldap_request_send(struct ldap_connection *conn,
+				       struct ldap_message *msg);
+NTSTATUS ldap_request_wait(struct ldap_request *req);
+struct composite_context;
+NTSTATUS ldap_connect_recv(struct composite_context *ctx);
+NTSTATUS ldap_result_n(struct ldap_request *req, int n, struct ldap_message **msg);
+NTSTATUS ldap_result_one(struct ldap_request *req, struct ldap_message **msg, int type);
+NTSTATUS ldap_transaction(struct ldap_connection *conn, struct ldap_message *msg);
+const char *ldap_errstr(struct ldap_connection *conn, 
+			TALLOC_CTX *mem_ctx, 
+			NTSTATUS status);
+NTSTATUS ldap_check_response(struct ldap_connection *conn, struct ldap_Result *r);
+void ldap_set_reconn_params(struct ldap_connection *conn, int max_retries);
+int ildap_count_entries(struct ldap_connection *conn, struct ldap_message **res);
+NTSTATUS ildap_search_bytree(struct ldap_connection *conn, const char *basedn, 
+			     int scope, struct ldb_parse_tree *tree,
+			     const char * const *attrs, bool attributesonly, 
+			     struct ldb_control **control_req,
+			     struct ldb_control ***control_res,
+			     struct ldap_message ***results);
+NTSTATUS ildap_search(struct ldap_connection *conn, const char *basedn, 
+		      int scope, const char *expression, 
+		      const char * const *attrs, bool attributesonly, 
+		      struct ldb_control **control_req,
+		      struct ldb_control ***control_res,
+		      struct ldap_message ***results);
+
+
+
diff --git a/source4/libcli/ldap/ldap_controls.c b/source4/libcli/ldap/ldap_controls.c
new file mode 100644
index 0000000..a1d421b
--- /dev/null
+++ b/source4/libcli/ldap/ldap_controls.c
@@ -0,0 +1,1288 @@
+/*
+   Unix SMB/CIFS implementation.
+   LDAP protocol helper functions for SAMBA
+
+   Copyright (C) Simo Sorce 2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+#include "includes.h"
+
+#include <ldb.h>
+
+#include "../lib/util/asn1.h"
+#include "libcli/ldap/libcli_ldap.h"
+#include "libcli/ldap/ldap_proto.h"
+#include "dsdb/samdb/samdb.h"
+
+static bool decode_server_sort_response(void *mem_ctx, DATA_BLOB in, void *_out)
+{
+	void **out = _out;
+	DATA_BLOB attr;
+	struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
+	struct ldb_sort_resp_control *lsrc;
+
+	if (!data) return false;
+
+	if (!asn1_load(data, in)) {
+		return false;
+	}
+
+	lsrc = talloc(mem_ctx, struct ldb_sort_resp_control);
+	if (!lsrc) {
+		return false;
+	}
+
+	if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) {
+		return false;
+	}
+
+	if (!asn1_read_enumerated(data, &(lsrc->result))) {
+		return false;
+	}
+
+	lsrc->attr_desc = NULL;
+	if (asn1_peek_tag(data, ASN1_OCTET_STRING)) {
+		if (!asn1_read_OctetString(data, mem_ctx, &attr)) {
+			return false;
+		}
+		lsrc->attr_desc = talloc_strndup(lsrc, (const char *)attr.data, attr.length);
+		if (!lsrc->attr_desc) {
+			return false;
+		}
+	}
+
+	if (!asn1_end_tag(data)) {
+		return false;
+	}
+
+	*out = lsrc;
+
+	return true;
+}
+
+static bool decode_server_sort_request(void *mem_ctx, DATA_BLOB in, void *_out)
+{
+	void **out = _out;
+	DATA_BLOB attr;
+	DATA_BLOB rule;
+	struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
+	struct ldb_server_sort_control **lssc;
+	int num;
+
+	if (!data) return false;
+
+	if (!asn1_load(data, in)) {
+		return false;
+	}
+
+	if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) {
+		return false;
+	}
+
+	lssc = NULL;
+
+	for (num = 0; asn1_peek_tag(data, ASN1_SEQUENCE(0)); num++) {
+		lssc = talloc_realloc(mem_ctx, lssc, struct ldb_server_sort_control *, num + 2);
+		if (!lssc) {
+			return false;
+		}
+		lssc[num] = talloc_zero(lssc, struct ldb_server_sort_control);
+		if (!lssc[num]) {
+			return false;
+		}
+
+		if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) {
+			return false;
+		}
+
+		if (!asn1_read_OctetString(data, mem_ctx, &attr)) {
+			return false;
+		}
+
+		lssc[num]->attributeName = talloc_strndup(lssc[num], (const char *)attr.data, attr.length);
+		if (!lssc [num]->attributeName) {
+			return false;
+		}
+
+		if (asn1_peek_tag(data, ASN1_CONTEXT_SIMPLE(0))) {
+			if (!asn1_read_ContextSimple(data, mem_ctx, 0, &rule)) {
+				return false;
+			}
+			lssc[num]->orderingRule = talloc_strndup(lssc[num], (const char *)rule.data, rule.length);
+			if (!lssc[num]->orderingRule) {
+				return false;
+			}
+		}
+
+		if (asn1_peek_tag(data, ASN1_CONTEXT_SIMPLE(1))) {
+			bool reverse;
+			if (!asn1_read_BOOLEAN_context(data, &reverse, 1)) {
+			return false;
+			}
+			lssc[num]->reverse = reverse;
+		}
+
+		if (!asn1_end_tag(data)) {
+			return false;
+		}
+	}
+
+	if (lssc != NULL) {
+		lssc[num] = NULL;
+	}
+
+	if (!asn1_end_tag(data)) {
+		return false;
+	}
+
+	*out = lssc;
+
+	return true;
+}
+
+static bool decode_extended_dn_request(void *mem_ctx, DATA_BLOB in, void *_out)
+{
+	void **out = _out;
+	struct asn1_data *data;
+	struct ldb_extended_dn_control *ledc;
+
+	/* The content of this control is optional */
+	if (in.length == 0) {
+		*out = NULL;
+		return true;
+	}
+
+	data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
+	if (!data) return false;
+
+	if (!asn1_load(data, in)) {
+		return false;
+	}
+
+	ledc = talloc(mem_ctx, struct ldb_extended_dn_control);
+	if (!ledc) {
+		return false;
+	}
+
+	if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) {
+		return false;
+	}
+
+	if (!asn1_read_Integer(data, &(ledc->type))) {
+		return false;
+	}
+
+	if (!asn1_end_tag(data)) {
+		return false;
+	}
+
+	*out = ledc;
+
+	return true;
+}
+
+static bool decode_sd_flags_request(void *mem_ctx, DATA_BLOB in, void *_out)
+{
+	void **out = _out;
+	struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
+	struct ldb_sd_flags_control *lsdfc;
+
+	if (!data) return false;
+
+	if (!asn1_load(data, in)) {
+		return false;
+	}
+
+	lsdfc = talloc(mem_ctx, struct ldb_sd_flags_control);
+	if (!lsdfc) {
+		return false;
+	}
+
+	if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) {
+		return false;
+	}
+
+	if (!asn1_read_Integer(data, (int *) &(lsdfc->secinfo_flags))) {
+		return false;
+	}
+
+	if (!asn1_end_tag(data)) {
+		return false;
+	}
+
+	*out = lsdfc;
+
+	return true;
+}
+
+static bool decode_search_options_request(void *mem_ctx, DATA_BLOB in, void *_out)
+{
+	void **out = _out;
+	struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
+	struct ldb_search_options_control *lsoc;
+
+	if (!data) return false;
+
+	if (!asn1_load(data, in)) {
+		return false;
+	}
+
+	lsoc = talloc(mem_ctx, struct ldb_search_options_control);
+	if (!lsoc) {
+		return false;
+	}
+
+	if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) {
+		return false;
+	}
+
+	if (!asn1_read_Integer(data, (int *) &(lsoc->search_options))) {
+		return false;
+	}
+
+	if (!asn1_end_tag(data)) {
+		return false;
+	}
+
+	*out = lsoc;
+
+	return true;
+}
+
+static bool decode_paged_results_request(void *mem_ctx, DATA_BLOB in, void *_out)
+{
+	void **out = _out;
+	DATA_BLOB cookie;
+	struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
+	struct ldb_paged_control *lprc;
+
+	if (!data) return false;
+
+	if (!asn1_load(data, in)) {
+		return false;
+	}
+
+	lprc = talloc(mem_ctx, struct ldb_paged_control);
+	if (!lprc) {
+		return false;
+	}
+
+	if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) {
+		return false;
+	}
+
+	if (!asn1_read_Integer(data, &(lprc->size))) {
+		return false;
+	}
+
+	if (!asn1_read_OctetString(data, mem_ctx, &cookie)) {
+		return false;
+	}
+	lprc->cookie_len = cookie.length;
+	if (lprc->cookie_len) {
+		lprc->cookie = talloc_memdup(lprc, cookie.data, cookie.length);
+
+		if (!(lprc->cookie)) {
+			return false;
+		}
+	} else {
+		lprc->cookie = NULL;
+	}
+
+	if (!asn1_end_tag(data)) {
+		return false;
+	}
+
+	*out = lprc;
+
+	return true;
+}
+
+static bool decode_dirsync_request(void *mem_ctx, DATA_BLOB in, void *_out)
+{
+	void **out = _out;
+	DATA_BLOB cookie;
+	struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
+	struct ldb_dirsync_control *ldc;
+
+	if (!data) return false;
+
+	if (!asn1_load(data, in)) {
+		return false;
+	}
+
+	ldc = talloc(mem_ctx, struct ldb_dirsync_control);
+	if (!ldc) {
+		return false;
+	}
+
+	if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) {
+		return false;
+	}
+
+	if (!asn1_read_Integer(data, &(ldc->flags))) {
+		return false;
+	}
+
+	if (!asn1_read_Integer(data, &(ldc->max_attributes))) {
+		return false;
+	}
+
+	if (!asn1_read_OctetString(data, mem_ctx, &cookie)) {
+		return false;
+	}
+	ldc->cookie_len = cookie.length;
+	if (ldc->cookie_len) {
+		ldc->cookie = talloc_memdup(ldc, cookie.data, cookie.length);
+
+		if (!(ldc->cookie)) {
+			return false;
+		}
+	} else {
+		ldc->cookie = NULL;
+	}
+
+	if (!asn1_end_tag(data)) {
+		return false;
+	}
+
+	*out = ldc;
+
+	return true;
+}
+
+/* seem that this controls has 2 forms one in case it is used with
+ * a Search Request and another when used ina Search Response
+ */
+static bool decode_asq_control(void *mem_ctx, DATA_BLOB in, void *_out)
+{
+	void **out = _out;
+	DATA_BLOB source_attribute;
+	struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
+	struct ldb_asq_control *lac;
+
+	if (!data) return false;
+
+	if (!asn1_load(data, in)) {
+		return false;
+	}
+
+	lac = talloc(mem_ctx, struct ldb_asq_control);
+	if (!lac) {
+		return false;
+	}
+
+	if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) {
+		return false;
+	}
+
+	if (asn1_peek_tag(data, ASN1_OCTET_STRING)) {
+
+		if (!asn1_read_OctetString(data, mem_ctx, &source_attribute)) {
+			return false;
+		}
+		lac->src_attr_len = source_attribute.length;
+		if (lac->src_attr_len) {
+			lac->source_attribute = talloc_strndup(lac, (const char *)source_attribute.data, source_attribute.length);
+
+			if (!(lac->source_attribute)) {
+				return false;
+			}
+		} else {
+			lac->source_attribute = NULL;
+		}
+
+		lac->request = 1;
+
+	} else if (asn1_peek_tag(data, ASN1_ENUMERATED)) {
+
+		if (!asn1_read_enumerated(data, &(lac->result))) {
+			return false;
+		}
+
+		lac->request = 0;
+
+	} else {
+		return false;
+	}
+
+	if (!asn1_end_tag(data)) {
+		return false;
+	}
+
+	*out = lac;
+
+	return true;
+}
+
+static bool decode_verify_name_request(void *mem_ctx, DATA_BLOB in, void *_out)
+{
+	void **out = _out;
+	DATA_BLOB name;
+	struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
+	struct ldb_verify_name_control *lvnc;
+	int len;
+
+	if (!data) return false;
+
+	if (!asn1_load(data, in)) {
+		return false;
+	}
+
+	lvnc = talloc(mem_ctx, struct ldb_verify_name_control);
+	if (!lvnc) {
+		return false;
+	}
+
+	if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) {
+		return false;
+	}
+
+	if (!asn1_read_Integer(data, &(lvnc->flags))) {
+		return false;
+	}
+
+	if (!asn1_read_OctetString(data, mem_ctx, &name)) {
+		return false;
+	}
+
+	if (name.length) {
+		len = utf16_null_terminated_len_n(name.data, name.length);
+		convert_string_talloc(mem_ctx, CH_UTF16, CH_UNIX,
+					name.data, len,
+					&lvnc->gc, &lvnc->gc_len);
+
+		if (!(lvnc->gc)) {
+			return false;
+		}
+	} else {
+		lvnc->gc_len = 0;
+		lvnc->gc = NULL;
+	}
+
+	if (!asn1_end_tag(data)) {
+		return false;
+	}
+
+	*out = lvnc;
+	return true;
+}
+
+static bool encode_verify_name_request(void *mem_ctx, void *in, DATA_BLOB *out)
+{
+	struct ldb_verify_name_control *lvnc = talloc_get_type(in, struct ldb_verify_name_control);
+	struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
+	DATA_BLOB gc_utf16;
+
+	if (!data) return false;
+
+	if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) {
+		return false;
+	}
+
+	if (!asn1_write_Integer(data, lvnc->flags)) {
+		return false;
+	}
+
+	if (lvnc->gc_len) {
+		bool ok;
+
+		ok = convert_string_talloc(mem_ctx, CH_UNIX, CH_UTF16,
+					   lvnc->gc, lvnc->gc_len,
+					   &gc_utf16.data, &gc_utf16.length);
+		if (!ok) {
+			return false;
+		}
+		if (!asn1_write_OctetString(data, gc_utf16.data, gc_utf16.length)) {
+			return false;
+		}
+	} else {
+		if (!asn1_write_OctetString(data, NULL, 0)) {
+			return false;
+		}
+	}
+
+	if (!asn1_pop_tag(data)) {
+		return false;
+	}
+
+	if (!asn1_extract_blob(data, mem_ctx, out)) {
+		return false;
+	}
+
+	talloc_free(data);
+
+	return true;
+}
+
+static bool decode_vlv_request(void *mem_ctx, DATA_BLOB in, void *_out)
+{
+	void **out = _out;
+	DATA_BLOB assertion_value, context_id;
+	struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
+	struct ldb_vlv_req_control *lvrc;
+
+	if (!data) return false;
+
+	if (!asn1_load(data, in)) {
+		return false;
+	}
+
+	lvrc = talloc(mem_ctx, struct ldb_vlv_req_control);
+	if (!lvrc) {
+		return false;
+	}
+
+	if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) {
+		return false;
+	}
+
+	if (!asn1_read_Integer(data, &(lvrc->beforeCount))) {
+		return false;
+	}
+
+	if (!asn1_read_Integer(data, &(lvrc->afterCount))) {
+		return false;
+	}
+
+	if (asn1_peek_tag(data, ASN1_CONTEXT(0))) {
+
+		lvrc->type = 0;
+
+		if (!asn1_start_tag(data, ASN1_CONTEXT(0))) {
+			return false;
+		}
+
+		if (!asn1_read_Integer(data, &(lvrc->match.byOffset.offset))) {
+			return false;
+		}
+
+		if (!asn1_read_Integer(data, &(lvrc->match.byOffset.contentCount))) {
+			return false;
+		}
+
+		if (!asn1_end_tag(data)) { /*CONTEXT*/
+			return false;
+		}
+
+	} else {
+
+		lvrc->type = 1;
+
+		if (!asn1_read_ContextSimple(data, mem_ctx, 1, &assertion_value)){
+			return false;
+		}
+
+		lvrc->match.gtOrEq.value_len = assertion_value.length;
+		if (lvrc->match.gtOrEq.value_len) {
+			lvrc->match.gtOrEq.value = talloc_memdup(lvrc, assertion_value.data, assertion_value.length);
+
+			if (!(lvrc->match.gtOrEq.value)) {
+				return false;
+			}
+		} else {
+			lvrc->match.gtOrEq.value = NULL;
+		}
+	}
+
+	if (asn1_peek_tag(data, ASN1_OCTET_STRING)) {
+		if (!asn1_read_OctetString(data, mem_ctx, &context_id)) {
+			return false;
+		}
+		lvrc->ctxid_len = context_id.length;
+		if (lvrc->ctxid_len) {
+			lvrc->contextId = talloc_memdup(lvrc, context_id.data, context_id.length);
+
+			if (!(lvrc->contextId)) {
+				return false;
+			}
+		} else {
+			lvrc->contextId = NULL;
+		}
+	} else {
+		lvrc->contextId = NULL;
+		lvrc->ctxid_len = 0;
+	}
+
+	if (!asn1_end_tag(data)) {
+		return false;
+	}
+
+	*out = lvrc;
+
+	return true;
+}
+
+static bool decode_vlv_response(void *mem_ctx, DATA_BLOB in, void *_out)
+{
+	void **out = _out;
+	DATA_BLOB context_id;
+	struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
+	struct ldb_vlv_resp_control *lvrc;
+
+	if (!data) return false;
+
+	if (!asn1_load(data, in)) {
+		return false;
+	}
+
+	lvrc = talloc(mem_ctx, struct ldb_vlv_resp_control);
+	if (!lvrc) {
+		return false;
+	}
+
+	if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) {
+		return false;
+	}
+
+	if (!asn1_read_Integer(data, &(lvrc->targetPosition))) {
+		return false;
+	}
+
+	if (!asn1_read_Integer(data, &(lvrc->contentCount))) {
+		return false;
+	}
+
+	if (!asn1_read_enumerated(data, &(lvrc->vlv_result))) {
+		return false;
+	}
+
+	if (asn1_peek_tag(data, ASN1_OCTET_STRING)) {
+		if (!asn1_read_OctetString(data, mem_ctx, &context_id)) {
+			return false;
+		}
+		lvrc->contextId = talloc_memdup(lvrc, (const char *)context_id.data, context_id.length);
+		if (!lvrc->contextId) {
+			return false;
+		}
+		lvrc->ctxid_len = context_id.length;
+	} else {
+		lvrc->contextId = NULL;
+		lvrc->ctxid_len = 0;
+	}
+
+	if (!asn1_end_tag(data)) {
+		return false;
+	}
+
+	*out = lvrc;
+
+	return true;
+}
+
+static bool encode_server_sort_response(void *mem_ctx, void *in, DATA_BLOB *out)
+{
+	struct ldb_sort_resp_control *lsrc = talloc_get_type(in, struct ldb_sort_resp_control);
+	struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
+
+	if (!data) return false;
+
+	if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) {
+		return false;
+	}
+
+	if (!asn1_write_enumerated(data, lsrc->result)) {
+		return false;
+	}
+
+	if (lsrc->attr_desc) {
+		if (!asn1_write_OctetString(data, lsrc->attr_desc, strlen(lsrc->attr_desc))) {
+			return false;
+		}
+	}
+
+	if (!asn1_pop_tag(data)) {
+		return false;
+	}
+
+	if (!asn1_extract_blob(data, mem_ctx, out)) {
+		return false;
+	}
+
+	talloc_free(data);
+
+	return true;
+}
+
+static bool encode_server_sort_request(void *mem_ctx, void *in, DATA_BLOB *out)
+{
+	struct ldb_server_sort_control **lssc = talloc_get_type(in, struct ldb_server_sort_control *);
+	struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
+	int num;
+
+	if (!data) return false;
+
+	if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) {
+		return false;
+	}
+
+	/*
+	  RFC2891 section 1.1:
+	    SortKeyList ::= SEQUENCE OF SEQUENCE {
+	      attributeType   AttributeDescription,
+	      orderingRule    [0] MatchingRuleId OPTIONAL,
+	      reverseOrder    [1] BOOLEAN DEFAULT FALSE }
+	*/
+	for (num = 0; lssc[num]; num++) {
+		if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) {
+			return false;
+		}
+
+		if (!asn1_write_OctetString(data, lssc[num]->attributeName, strlen(lssc[num]->attributeName))) {
+			return false;
+		}
+
+		if (lssc[num]->orderingRule) {
+			DATA_BLOB order = data_blob_string_const(lssc[num]->orderingRule);
+			if (!asn1_write_ContextSimple(data, 0, &order)) {
+				return false;
+			}
+		}
+
+		if (lssc[num]->reverse) {
+			if (!asn1_write_BOOLEAN_context(data, lssc[num]->reverse, 1)) {
+				return false;
+			}
+		}
+
+		if (!asn1_pop_tag(data)) {
+			return false;
+		}
+	}
+
+	if (!asn1_pop_tag(data)) {
+		return false;
+	}
+
+	if (!asn1_extract_blob(data, mem_ctx, out)) {
+		return false;
+	}
+
+	talloc_free(data);
+
+	return true;
+}
+
+static bool encode_extended_dn_request(void *mem_ctx, void *in, DATA_BLOB *out)
+{
+	struct ldb_extended_dn_control *ledc = talloc_get_type(in, struct ldb_extended_dn_control);
+	struct asn1_data *data;
+
+	if (!in) {
+		*out = data_blob(NULL, 0);
+		return true;
+	}
+
+	data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
+
+	if (!data) return false;
+
+	if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) {
+		return false;
+	}
+
+	if (!asn1_write_Integer(data, ledc->type)) {
+		return false;
+	}
+
+	if (!asn1_pop_tag(data)) {
+		return false;
+	}
+
+	if (!asn1_extract_blob(data, mem_ctx, out)) {
+		return false;
+	}
+
+	talloc_free(data);
+
+	return true;
+}
+
+static bool encode_sd_flags_request(void *mem_ctx, void *in, DATA_BLOB *out)
+{
+	struct ldb_sd_flags_control *lsdfc = talloc_get_type(in, struct ldb_sd_flags_control);
+	struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
+
+	if (!data) return false;
+
+	if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) {
+		return false;
+	}
+
+	if (!asn1_write_Integer(data, lsdfc->secinfo_flags)) {
+		return false;
+	}
+
+	if (!asn1_pop_tag(data)) {
+		return false;
+	}
+
+	if (!asn1_extract_blob(data, mem_ctx, out)) {
+		return false;
+	}
+
+	talloc_free(data);
+
+	return true;
+}
+
+static bool encode_search_options_request(void *mem_ctx, void *in, DATA_BLOB *out)
+{
+	struct ldb_search_options_control *lsoc = talloc_get_type(in, struct ldb_search_options_control);
+	struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
+
+	if (!data) return false;
+
+	if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) {
+		return false;
+	}
+
+	if (!asn1_write_Integer(data, lsoc->search_options)) {
+		return false;
+	}
+
+	if (!asn1_pop_tag(data)) {
+		return false;
+	}
+
+	if (!asn1_extract_blob(data, mem_ctx, out)) {
+		return false;
+	}
+
+	talloc_free(data);
+
+	return true;
+}
+
+static bool encode_paged_results_request(void *mem_ctx, void *in, DATA_BLOB *out)
+{
+	struct ldb_paged_control *lprc = talloc_get_type(in, struct ldb_paged_control);
+	struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
+
+	if (!data) return false;
+
+	if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) {
+		return false;
+	}
+
+	if (!asn1_write_Integer(data, lprc->size)) {
+		return false;
+	}
+
+	if (!asn1_write_OctetString(data, lprc->cookie, lprc->cookie_len)) {
+		return false;
+	}
+
+	if (!asn1_pop_tag(data)) {
+		return false;
+	}
+
+	if (!asn1_extract_blob(data, mem_ctx, out)) {
+		return false;
+	}
+
+	talloc_free(data);
+
+	return true;
+}
+
+/* seem that this controls has 2 forms one in case it is used with
+ * a Search Request and another when used ina Search Response
+ */
+static bool encode_asq_control(void *mem_ctx, void *in, DATA_BLOB *out)
+{
+	struct ldb_asq_control *lac = talloc_get_type(in, struct ldb_asq_control);
+	struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
+
+	if (!data) return false;
+
+	if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) {
+		return false;
+	}
+
+	if (lac->request) {
+
+		if (!asn1_write_OctetString(data, lac->source_attribute, lac->src_attr_len)) {
+			return false;
+		}
+	} else {
+		if (!asn1_write_enumerated(data, lac->result)) {
+			return false;
+		}
+	}
+
+	if (!asn1_pop_tag(data)) {
+		return false;
+	}
+
+	if (!asn1_extract_blob(data, mem_ctx, out)) {
+		return false;
+	}
+
+	talloc_free(data);
+
+	return true;
+}
+
+static bool encode_dirsync_request(void *mem_ctx, void *in, DATA_BLOB *out)
+{
+	struct ldb_dirsync_control *ldc = talloc_get_type(in, struct ldb_dirsync_control);
+	struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
+
+	if (!data) return false;
+
+	if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) {
+		return false;
+	}
+
+	if (!asn1_write_Integer(data, ldc->flags)) {
+		return false;
+	}
+
+	if (!asn1_write_Integer(data, ldc->max_attributes)) {
+		return false;
+	}
+
+	if (!asn1_write_OctetString(data, ldc->cookie, ldc->cookie_len)) {
+		return false;
+	}
+
+	if (!asn1_pop_tag(data)) {
+		return false;
+	}
+
+	if (!asn1_extract_blob(data, mem_ctx, out)) {
+		return false;
+	}
+
+	talloc_free(data);
+
+	return true;
+}
+
+static bool encode_vlv_request(void *mem_ctx, void *in, DATA_BLOB *out)
+{
+	struct ldb_vlv_req_control *lvrc = talloc_get_type(in, struct ldb_vlv_req_control);
+	struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
+
+	if (!data) return false;
+
+	if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) {
+		return false;
+	}
+
+	if (!asn1_write_Integer(data, lvrc->beforeCount)) {
+		return false;
+	}
+
+	if (!asn1_write_Integer(data, lvrc->afterCount)) {
+		return false;
+	}
+
+	if (lvrc->type == 0) {
+		if (!asn1_push_tag(data, ASN1_CONTEXT(0))) {
+			return false;
+		}
+
+		if (!asn1_write_Integer(data, lvrc->match.byOffset.offset)) {
+			return false;
+		}
+
+		if (!asn1_write_Integer(data, lvrc->match.byOffset.contentCount)) {
+			return false;
+		}
+
+		if (!asn1_pop_tag(data)) { /*CONTEXT*/
+			return false;
+		}
+	} else {
+		if (!asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(1))) {
+			return false;
+		}
+
+		if (!asn1_write(data, lvrc->match.gtOrEq.value, lvrc->match.gtOrEq.value_len)) {
+			return false;
+		}
+
+		if (!asn1_pop_tag(data)) { /*CONTEXT*/
+			return false;
+		}
+	}
+
+	if (lvrc->ctxid_len) {
+		if (!asn1_write_OctetString(data, lvrc->contextId, lvrc->ctxid_len)) {
+			return false;
+		}
+	}
+
+	if (!asn1_pop_tag(data)) {
+		return false;
+	}
+
+	if (!asn1_extract_blob(data, mem_ctx, out)) {
+		return false;
+	}
+
+	talloc_free(data);
+
+	return true;
+}
+
+static bool encode_vlv_response(void *mem_ctx, void *in, DATA_BLOB *out)
+{
+	struct ldb_vlv_resp_control *lvrc = talloc_get_type(in, struct ldb_vlv_resp_control);
+	struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
+
+	if (!data) return false;
+
+	if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) {
+		return false;
+	}
+
+	if (!asn1_write_Integer(data, lvrc->targetPosition)) {
+		return false;
+	}
+
+	if (!asn1_write_Integer(data, lvrc->contentCount)) {
+		return false;
+	}
+
+	if (!asn1_write_enumerated(data, lvrc->vlv_result)) {
+		return false;
+	}
+
+	if (lvrc->ctxid_len) {
+		if (!asn1_write_OctetString(data, lvrc->contextId, lvrc->ctxid_len)) {
+			return false;
+		}
+	}
+
+	if (!asn1_pop_tag(data)) {
+		return false;
+	}
+
+	if (!asn1_extract_blob(data, mem_ctx, out)) {
+		return false;
+	}
+
+	talloc_free(data);
+
+	return true;
+}
+
+static bool encode_openldap_dereference(void *mem_ctx, void *in, DATA_BLOB *out)
+{
+	struct dsdb_openldap_dereference_control *control = talloc_get_type(in, struct dsdb_openldap_dereference_control);
+	int i,j;
+	struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
+
+	if (!data) return false;
+
+	if (!control) return false;
+
+	if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) {
+		return false;
+	}
+
+	for (i=0; control->dereference && control->dereference[i]; i++) {
+		if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) {
+			return false;
+		}
+		if (!asn1_write_OctetString(data, control->dereference[i]->source_attribute, strlen(control->dereference[i]->source_attribute))) {
+			return false;
+		}
+		if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) {
+			return false;
+		}
+		for (j=0; control->dereference && control->dereference[i]->dereference_attribute[j]; j++) {
+			if (!asn1_write_OctetString(data, control->dereference[i]->dereference_attribute[j],
+						    strlen(control->dereference[i]->dereference_attribute[j]))) {
+				return false;
+			}
+		}
+
+		if (!asn1_pop_tag(data)) {
+			return false;
+		}
+		if (!asn1_pop_tag(data)) {
+			return false;
+		}
+	}
+	if (!asn1_pop_tag(data)) {
+		return false;
+	}
+
+	if (!asn1_extract_blob(data, mem_ctx, out)) {
+		return false;
+	}
+
+	talloc_free(data);
+	return true;
+}
+
+static bool decode_openldap_dereference(void *mem_ctx, DATA_BLOB in, void *_out)
+{
+	void **out = _out;
+	struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
+	struct dsdb_openldap_dereference_result_control *control;
+	struct dsdb_openldap_dereference_result **r = NULL;
+	int i = 0;
+	if (!data) return false;
+
+	control = talloc(mem_ctx, struct dsdb_openldap_dereference_result_control);
+	if (!control) return false;
+
+	if (!asn1_load(data, in)) {
+		return false;
+	}
+
+	control = talloc(mem_ctx, struct dsdb_openldap_dereference_result_control);
+	if (!control) {
+		return false;
+	}
+
+	if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) {
+		return false;
+	}
+
+	while (asn1_tag_remaining(data) > 0) {
+		r = talloc_realloc(control, r, struct dsdb_openldap_dereference_result *, i + 2);
+		if (!r) {
+			return false;
+		}
+		r[i] = talloc_zero(r, struct dsdb_openldap_dereference_result);
+		if (!r[i]) {
+			return false;
+		}
+
+		if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) {
+			return false;
+		}
+
+		if (!asn1_read_OctetString_talloc(r[i], data, &r[i]->source_attribute)) {
+			return false;
+		}
+		if (!asn1_read_OctetString_talloc(r[i], data, &r[i]->dereferenced_dn)) {
+			return false;
+		}
+		if (asn1_peek_tag(data, ASN1_CONTEXT(0))) {
+			if (!asn1_start_tag(data, ASN1_CONTEXT(0))) {
+				return false;
+			}
+			if (!ldap_decode_attribs_bare(r, data, &r[i]->attributes,
+						 &r[i]->num_attributes)) {
+				return false;
+			}
+			if (!asn1_end_tag(data)) {
+				return false;
+			}
+		}
+		if (!asn1_end_tag(data)) {
+			return false;
+		}
+		i++;
+		r[i] = NULL;
+	}
+
+	if (!asn1_end_tag(data)) {
+		return false;
+	}
+
+	control->attributes = r;
+	*out = control;
+
+	return true;
+}
+
+static bool encode_flag_request(void *mem_ctx, void *in, DATA_BLOB *out)
+{
+	if (in) {
+		return false;
+	}
+
+	*out = data_blob(NULL, 0);
+	return true;
+}
+
+static bool decode_flag_request(void *mem_ctx, DATA_BLOB in, void *_out)
+{
+	if (in.length != 0) {
+		return false;
+	}
+
+	return true;
+}
+
+static const struct ldap_control_handler ldap_known_controls[] = {
+	{ LDB_CONTROL_PAGED_RESULTS_OID, decode_paged_results_request, encode_paged_results_request },
+	{ LDB_CONTROL_SD_FLAGS_OID, decode_sd_flags_request, encode_sd_flags_request },
+	{ LDB_CONTROL_DOMAIN_SCOPE_OID, decode_flag_request, encode_flag_request },
+	{ LDB_CONTROL_SEARCH_OPTIONS_OID, decode_search_options_request, encode_search_options_request },
+	{ LDB_CONTROL_NOTIFICATION_OID, decode_flag_request, encode_flag_request },
+	{ LDB_CONTROL_TREE_DELETE_OID, decode_flag_request, encode_flag_request },
+	{ LDB_CONTROL_SHOW_DELETED_OID, decode_flag_request, encode_flag_request },
+	{ LDB_CONTROL_SHOW_RECYCLED_OID, decode_flag_request, encode_flag_request },
+	{ LDB_CONTROL_SHOW_DEACTIVATED_LINK_OID, decode_flag_request, encode_flag_request },
+	{ LDB_CONTROL_EXTENDED_DN_OID, decode_extended_dn_request, encode_extended_dn_request },
+	{ LDB_CONTROL_SERVER_SORT_OID, decode_server_sort_request, encode_server_sort_request },
+	{ LDB_CONTROL_SORT_RESP_OID, decode_server_sort_response, encode_server_sort_response },
+	{ LDB_CONTROL_ASQ_OID, decode_asq_control, encode_asq_control },
+	{ LDB_CONTROL_DIRSYNC_OID, decode_dirsync_request, encode_dirsync_request },
+	{ LDB_CONTROL_DIRSYNC_EX_OID, decode_dirsync_request, encode_dirsync_request },
+	{ LDB_CONTROL_VLV_REQ_OID, decode_vlv_request, encode_vlv_request },
+	{ LDB_CONTROL_VLV_RESP_OID, decode_vlv_response, encode_vlv_response },
+	{ LDB_CONTROL_PERMISSIVE_MODIFY_OID, decode_flag_request, encode_flag_request },
+	{ LDB_CONTROL_SERVER_LAZY_COMMIT, decode_flag_request, encode_flag_request },
+	{ LDB_CONTROL_RODC_DCPROMO_OID, decode_flag_request, encode_flag_request },
+	{ LDB_CONTROL_RELAX_OID, decode_flag_request, encode_flag_request },
+	{ DSDB_OPENLDAP_DEREFERENCE_CONTROL, decode_openldap_dereference, encode_openldap_dereference },
+	{ LDB_CONTROL_VERIFY_NAME_OID, decode_verify_name_request, encode_verify_name_request },
+
+	/* the following are internal only, with a network
+	   representation */
+	{ DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID, decode_flag_request, encode_flag_request },
+
+	/* all the ones below are internal only, and have no network
+	 * representation */
+	{ DSDB_CONTROL_CURRENT_PARTITION_OID, NULL, NULL },
+	{ DSDB_CONTROL_REPLICATED_UPDATE_OID, NULL, NULL },
+	{ DSDB_CONTROL_DN_STORAGE_FORMAT_OID, NULL, NULL },
+	{ LDB_CONTROL_RECALCULATE_SD_OID, NULL, NULL },
+	{ LDB_CONTROL_REVEAL_INTERNALS, NULL, NULL },
+	{ LDB_CONTROL_AS_SYSTEM_OID, NULL, NULL },
+	{ DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID, NULL, NULL },
+	{ DSDB_CONTROL_PASSWORD_HASH_VALUES_OID, NULL, NULL },
+	{ DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID, NULL, NULL },
+	{ DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID, NULL, NULL },
+	{ DSDB_CONTROL_APPLY_LINKS, NULL, NULL },
+	{ LDB_CONTROL_BYPASS_OPERATIONAL_OID, NULL, NULL },
+	{ DSDB_CONTROL_CHANGEREPLMETADATA_OID, NULL, NULL },
+	{ LDB_CONTROL_PROVISION_OID, NULL, NULL },
+	{ DSDB_EXTENDED_REPLICATED_OBJECTS_OID, NULL, NULL },
+	{ DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID, NULL, NULL },
+	{ DSDB_EXTENDED_ALLOCATE_RID_POOL, NULL, NULL },
+	{ DSDB_CONTROL_NO_GLOBAL_CATALOG, NULL, NULL },
+	{ DSDB_EXTENDED_SCHEMA_UPGRADE_IN_PROGRESS_OID, NULL, NULL },
+	{ DSDB_CONTROL_TRANSACTION_IDENTIFIER_OID, NULL, NULL},
+	{ DSDB_CONTROL_CALCULATED_DEFAULT_SD_OID, NULL, NULL },
+	{ NULL, NULL, NULL }
+};
+
+const struct ldap_control_handler *samba_ldap_control_handlers(void)
+{
+	return ldap_known_controls;
+}
diff --git a/source4/libcli/ldap/ldap_ildap.c b/source4/libcli/ldap/ldap_ildap.c
new file mode 100644
index 0000000..a06e3b6
--- /dev/null
+++ b/source4/libcli/ldap/ldap_ildap.c
@@ -0,0 +1,133 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   ildap api - an api similar to the traditional ldap api
+   
+   Copyright (C) Andrew Tridgell  2005
+    
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+   
+*/
+
+#include "includes.h"
+#include "libcli/ldap/libcli_ldap.h"
+#include "libcli/ldap/ldap_client.h"
+
+
+/*
+  count the returned search entries
+*/
+_PUBLIC_ int ildap_count_entries(struct ldap_connection *conn, struct ldap_message **res)
+{
+	int i;
+	for (i=0;res && res[i];i++) /* noop */ ;
+	return i;
+}
+
+
+/*
+  perform a synchronous ldap search
+*/
+_PUBLIC_ NTSTATUS ildap_search_bytree(struct ldap_connection *conn, const char *basedn, 
+			     int scope, struct ldb_parse_tree *tree,
+			     const char * const *attrs, bool attributesonly, 
+			     struct ldb_control **control_req,
+			     struct ldb_control ***control_res,
+			     struct ldap_message ***results)
+{
+	struct ldap_message *msg;
+	int n, i;
+	NTSTATUS status;
+	struct ldap_request *req;
+
+	if (control_res)
+		*control_res = NULL;
+	*results = NULL;
+
+	msg = new_ldap_message(conn);
+	NT_STATUS_HAVE_NO_MEMORY(msg);
+
+	for (n=0;attrs && attrs[n];n++) /* noop */ ;
+	
+	msg->type = LDAP_TAG_SearchRequest;
+	msg->r.SearchRequest.basedn = basedn;
+	msg->r.SearchRequest.scope  = scope;
+	msg->r.SearchRequest.deref  = LDAP_DEREFERENCE_NEVER;
+	msg->r.SearchRequest.timelimit = 0;
+	msg->r.SearchRequest.sizelimit = 0;
+	msg->r.SearchRequest.attributesonly = attributesonly;
+	msg->r.SearchRequest.tree = tree;
+	msg->r.SearchRequest.num_attributes = n;
+	msg->r.SearchRequest.attributes = attrs;
+	msg->controls = control_req;
+
+	req = ldap_request_send(conn, msg);
+	talloc_reparent(conn, msg, req);
+	
+	for (i=n=0;true;i++) {
+		struct ldap_message *res;
+		status = ldap_result_n(req, i, &res);
+		if (!NT_STATUS_IS_OK(status)) break;
+
+		if (res->type == LDAP_TAG_SearchResultDone) {
+			status = ldap_check_response(conn, &res->r.GeneralResult);
+			if (control_res) {
+				*control_res = talloc_steal(conn, res->controls);
+			}
+			break;
+		}
+
+		if (res->type != LDAP_TAG_SearchResultEntry &&
+		    res->type != LDAP_TAG_SearchResultReference)
+			continue;
+		
+		(*results) = talloc_realloc(conn, *results, struct ldap_message *, n+2);
+		if (*results == NULL) {
+			talloc_free(msg);
+			return NT_STATUS_NO_MEMORY;
+		}
+		(*results)[n] = talloc_steal(*results, res);
+		(*results)[n+1] = NULL;
+		n++;
+	}
+
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES)) {
+		status = NT_STATUS_OK;
+	}
+
+	return status;
+}
+
+/*
+  perform a ldap search
+*/
+_PUBLIC_ NTSTATUS ildap_search(struct ldap_connection *conn, const char *basedn, 
+		      int scope, const char *expression, 
+		      const char * const *attrs, bool attributesonly, 
+		      struct ldb_control **control_req,
+		      struct ldb_control ***control_res,
+		      struct ldap_message ***results)
+{
+	NTSTATUS status;
+	struct ldb_parse_tree *tree = ldb_parse_tree(conn, expression);
+
+	if (tree == NULL) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+	status = ildap_search_bytree(conn, basedn, scope, tree, attrs,
+				     attributesonly, control_req,
+				     control_res, results);
+	talloc_free(tree);
+	return status;
+}
diff --git a/source4/libcli/ldap/libcli_ldap.h b/source4/libcli/ldap/libcli_ldap.h
new file mode 100644
index 0000000..79cfef2
--- /dev/null
+++ b/source4/libcli/ldap/libcli_ldap.h
@@ -0,0 +1,31 @@
+/* 
+   Unix SMB/CIFS Implementation.
+   LDAP protocol helper functions for SAMBA
+   Copyright (C) Volker Lendecke 2004
+    
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+   
+*/
+
+#ifndef _SMB_LDAP_H_
+#define _SMB_LDAP_H_
+
+#include "../libcli/ldap/ldap_message.h"
+#include "librpc/gen_ndr/misc.h"
+
+struct tevent_context;
+struct cli_credentials;
+struct dom_sid;
+
+#endif 
diff --git a/source4/libcli/ldap/wscript_build b/source4/libcli/ldap/wscript_build
new file mode 100644
index 0000000..4588233
--- /dev/null
+++ b/source4/libcli/ldap/wscript_build
@@ -0,0 +1,11 @@
+#!/usr/bin/env python
+
+bld.SAMBA_LIBRARY('cli-ldap',
+                  source='ldap_client.c ldap_bind.c ldap_ildap.c ldap_controls.c',
+                  autoproto='ldap_proto.h',
+                  public_deps='samba-errors tevent',
+                  private_headers='libcli_ldap.h:ldap-util.h',
+                  deps='cli_composite ldb LIBSAMBA_TSOCKET samba_socket NDR_SAMR LIBTLS ndr LP_RESOLVE gensec cli-ldap-common',
+                  private_library=True
+                  )
+
diff --git a/source4/libcli/libcli.h b/source4/libcli/libcli.h
new file mode 100644
index 0000000..9d2a324
--- /dev/null
+++ b/source4/libcli/libcli.h
@@ -0,0 +1,362 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB parameters and setup
+   Copyright (C) Andrew Tridgell 2004
+   Copyright (C) James Myers 2003 <myersjj@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __LIBCLI_H__
+#define __LIBCLI_H__
+
+#include "librpc/gen_ndr/nbt.h"
+#include "libcli/raw/libcliraw.h"
+
+struct substitute_context;
+
+/* 
+   smbcli_state: internal state used in libcli library for single-threaded callers, 
+   i.e. a single session on a single socket. 
+ */
+struct smbcli_state {
+	struct smbcli_options options;
+	struct smbcli_socket *sock; /* NULL if connected */
+	struct smbcli_transport *transport;
+	struct smbcli_session *session;
+	struct smbcli_tree *tree;
+	struct substitute_context *substitute;
+	struct smblsa_state *lsa;
+};
+
+struct clilist_file_info {
+	uint64_t size;
+	uint16_t attrib;
+	time_t mtime;
+	const char *name;
+	const char *short_name;
+};
+
+struct nbt_dc_name {
+	const char *address;
+	const char *name;
+};
+
+struct cli_credentials;
+struct tevent_context;
+
+/* passed to br lock code. */
+enum brl_type {
+	READ_LOCK,
+	WRITE_LOCK,
+	PENDING_READ_LOCK,
+	PENDING_WRITE_LOCK
+};
+
+#include "libcli/raw/libcliraw.h"
+struct gensec_settings;
+
+ssize_t smbcli_read(struct smbcli_tree *tree, int fnum, void *_buf, off_t offset, size_t size);
+
+/****************************************************************************
+  write to a file
+  write_mode: 0x0001 disallow write caching
+              0x0002 return bytes remaining
+              0x0004 use raw named pipe protocol
+              0x0008 start of message mode named pipe protocol
+****************************************************************************/
+ssize_t smbcli_write(struct smbcli_tree *tree,
+		     int fnum, uint16_t write_mode,
+		     const void *_buf, off_t offset, size_t size);
+
+/****************************************************************************
+  write to a file using a SMBwrite and not bypassing 0 byte writes
+****************************************************************************/
+ssize_t smbcli_smbwrite(struct smbcli_tree *tree,
+		     int fnum, const void *_buf, off_t offset, size_t size1);
+
+bool smbcli_socket_connect(struct smbcli_state *cli, const char *server, 
+			   const char **ports, 
+			   struct tevent_context *ev_ctx,
+			   struct resolve_context *resolve_ctx,
+			   struct smbcli_options *options,
+			   const char *socket_options,
+			   struct nbt_name *calling,
+			   struct nbt_name *called);
+NTSTATUS smbcli_negprot(struct smbcli_state *cli, bool unicode, int maxprotocol);
+NTSTATUS smbcli_session_setup(struct smbcli_state *cli, 
+			      struct cli_credentials *credentials,
+			      const char *workgroup,
+			      struct smbcli_session_options options,
+			      struct gensec_settings *gensec_settings);
+NTSTATUS smbcli_tconX(struct smbcli_state *cli, const char *sharename, 
+		      const char *devtype, const char *password);
+NTSTATUS smbcli_full_connection(TALLOC_CTX *parent_ctx,
+				struct smbcli_state **ret_cli, 
+				const char *host,
+				const char **ports,
+				const char *sharename,
+				const char *devtype,
+				const char *socket_options,
+				struct cli_credentials *credentials,
+				struct resolve_context *resolve_ctx,
+				struct tevent_context *ev,
+				struct smbcli_options *options,
+				struct smbcli_session_options *session_options,
+				struct gensec_settings *gensec_settings);
+NTSTATUS smbcli_tdis(struct smbcli_state *cli);
+
+/****************************************************************************
+ Initialise a client state structure.
+****************************************************************************/
+struct smbcli_state *smbcli_state_init(TALLOC_CTX *mem_ctx);
+bool smbcli_parse_unc(const char *unc_name, TALLOC_CTX *mem_ctx,
+		      char **hostname, char **sharename);
+
+/****************************************************************************
+ Symlink a file (UNIX extensions).
+****************************************************************************/
+NTSTATUS smbcli_unix_symlink(struct smbcli_tree *tree, const char *fname_src, 
+			  const char *fname_dst);
+
+/****************************************************************************
+ Hard a file (UNIX extensions).
+****************************************************************************/
+NTSTATUS smbcli_unix_hardlink(struct smbcli_tree *tree, const char *fname_src, 
+			   const char *fname_dst);
+
+/****************************************************************************
+ chmod a file (UNIX extensions).
+****************************************************************************/
+NTSTATUS smbcli_unix_chmod(struct smbcli_tree *tree, const char *fname, mode_t mode);
+
+/****************************************************************************
+ chown a file (UNIX extensions).
+****************************************************************************/
+NTSTATUS smbcli_unix_chown(struct smbcli_tree *tree, const char *fname, uid_t uid, 
+			gid_t gid);
+
+/****************************************************************************
+ Rename a file.
+****************************************************************************/
+NTSTATUS smbcli_rename(struct smbcli_tree *tree, const char *fname_src, 
+		    const char *fname_dst);
+
+/****************************************************************************
+ Delete a file.
+****************************************************************************/
+NTSTATUS smbcli_unlink(struct smbcli_tree *tree, const char *fname);
+
+/****************************************************************************
+ Delete a wildcard pattern of files.
+****************************************************************************/
+NTSTATUS smbcli_unlink_wcard(struct smbcli_tree *tree, const char *fname);
+
+/****************************************************************************
+ Create a directory.
+****************************************************************************/
+NTSTATUS smbcli_mkdir(struct smbcli_tree *tree, const char *dname);
+
+/****************************************************************************
+ Remove a directory.
+****************************************************************************/
+NTSTATUS smbcli_rmdir(struct smbcli_tree *tree, const char *dname);
+
+/****************************************************************************
+ Set or clear the delete on close flag.
+****************************************************************************/
+NTSTATUS smbcli_nt_delete_on_close(struct smbcli_tree *tree, int fnum, 
+				   bool flag);
+
+/****************************************************************************
+ Create/open a file - exposing the full horror of the NT API :-).
+ Used in CIFS-on-CIFS NTVFS.
+****************************************************************************/
+int smbcli_nt_create_full(struct smbcli_tree *tree, const char *fname,
+		       uint32_t CreatFlags, uint32_t DesiredAccess,
+		       uint32_t FileAttributes, uint32_t ShareAccess,
+		       uint32_t CreateDisposition, uint32_t CreateOptions,
+		       uint8_t SecurityFlags);
+
+/****************************************************************************
+ Open a file (using SMBopenx)
+ WARNING: if you open with O_WRONLY then getattrE won't work!
+****************************************************************************/
+int smbcli_open(struct smbcli_tree *tree, const char *fname, int flags, 
+	     int share_mode);
+
+/****************************************************************************
+ Close a file.
+****************************************************************************/
+NTSTATUS smbcli_close(struct smbcli_tree *tree, int fnum);
+
+/****************************************************************************
+ send a lock with a specified locktype 
+ this is used for testing LOCKING_ANDX_CANCEL_LOCK
+****************************************************************************/
+NTSTATUS smbcli_locktype(struct smbcli_tree *tree, int fnum, 
+		      uint32_t offset, uint32_t len, int timeout, 
+		      uint8_t locktype);
+
+/****************************************************************************
+ Lock a file.
+****************************************************************************/
+NTSTATUS smbcli_lock(struct smbcli_tree *tree, int fnum, 
+		  uint32_t offset, uint32_t len, int timeout, 
+		  enum brl_type lock_type);
+
+/****************************************************************************
+ Unlock a file.
+****************************************************************************/
+NTSTATUS smbcli_unlock(struct smbcli_tree *tree, int fnum, uint32_t offset, uint32_t len);
+
+/****************************************************************************
+ Lock a file with 64 bit offsets.
+****************************************************************************/
+NTSTATUS smbcli_lock64(struct smbcli_tree *tree, int fnum, 
+		    off_t offset, off_t len, int timeout, 
+		    enum brl_type lock_type);
+
+/****************************************************************************
+ Unlock a file with 64 bit offsets.
+****************************************************************************/
+NTSTATUS smbcli_unlock64(struct smbcli_tree *tree, int fnum, off_t offset, 
+			 off_t len);
+
+/****************************************************************************
+ Do a SMBgetattrE call.
+****************************************************************************/
+NTSTATUS smbcli_getattrE(struct smbcli_tree *tree, int fnum,
+		      uint16_t *attr, size_t *size,
+		      time_t *c_time, time_t *a_time, time_t *m_time);
+
+/****************************************************************************
+ Do a SMBgetatr call
+****************************************************************************/
+NTSTATUS smbcli_getatr(struct smbcli_tree *tree, const char *fname, 
+		    uint16_t *attr, size_t *size, time_t *t);
+
+/****************************************************************************
+ Do a SMBsetatr call.
+****************************************************************************/
+NTSTATUS smbcli_setatr(struct smbcli_tree *tree, const char *fname, uint16_t mode, 
+		    time_t t);
+
+/****************************************************************************
+ Do a setfileinfo basic_info call.
+****************************************************************************/
+NTSTATUS smbcli_fsetatr(struct smbcli_tree *tree, int fnum, uint16_t mode, 
+			NTTIME create_time, NTTIME access_time, 
+			NTTIME write_time, NTTIME change_time);
+
+/****************************************************************************
+ truncate a file to a given size
+****************************************************************************/
+NTSTATUS smbcli_ftruncate(struct smbcli_tree *tree, int fnum, uint64_t size);
+
+/****************************************************************************
+ Check for existence of a dir.
+****************************************************************************/
+NTSTATUS smbcli_chkpath(struct smbcli_tree *tree, const char *path);
+
+/****************************************************************************
+ Query disk space.
+****************************************************************************/
+NTSTATUS smbcli_dskattr(struct smbcli_tree *tree, uint32_t *bsize, 
+			uint64_t *total, uint64_t *avail);
+
+/****************************************************************************
+ Create and open a temporary file.
+****************************************************************************/
+int smbcli_ctemp(struct smbcli_tree *tree, const char *path, char **tmp_path);
+
+/****************************************************************************
+ Interpret a long filename structure.
+****************************************************************************/
+int smbcli_list_new(struct smbcli_tree *tree, const char *Mask, uint16_t attribute, 
+		    enum smb_search_data_level level,
+		    void (*fn)(struct clilist_file_info *, const char *, void *), 
+		    void *caller_state);
+
+/****************************************************************************
+ Interpret a short filename structure.
+ The length of the structure is returned.
+****************************************************************************/
+int smbcli_list_old(struct smbcli_tree *tree, const char *Mask, uint16_t attribute, 
+		 void (*fn)(struct clilist_file_info *, const char *, void *), 
+		 void *caller_state);
+
+/****************************************************************************
+ Do a directory listing, calling fn on each file found.
+ This auto-switches between old and new style.
+****************************************************************************/
+int smbcli_list(struct smbcli_tree *tree, const char *Mask,uint16_t attribute, 
+		void (*fn)(struct clilist_file_info *, const char *, void *), void *state);
+
+/****************************************************************************
+send a qpathinfo call
+****************************************************************************/
+NTSTATUS smbcli_qpathinfo(struct smbcli_tree *tree, const char *fname, 
+		       time_t *c_time, time_t *a_time, time_t *m_time, 
+		       size_t *size, uint16_t *mode);
+
+/****************************************************************************
+send a qpathinfo call with the SMB_QUERY_FILE_ALL_INFO info level
+****************************************************************************/
+NTSTATUS smbcli_qpathinfo2(struct smbcli_tree *tree, const char *fname, 
+			time_t *c_time, time_t *a_time, time_t *m_time, 
+			time_t *w_time, size_t *size, uint16_t *mode,
+			ino_t *ino);
+
+/****************************************************************************
+send a qfileinfo QUERY_FILE_NAME_INFO call
+****************************************************************************/
+NTSTATUS smbcli_qfilename(struct smbcli_tree *tree, int fnum, const char **name);
+
+/****************************************************************************
+send a qfileinfo call
+****************************************************************************/
+NTSTATUS smbcli_qfileinfo(struct smbcli_tree *tree, int fnum, 
+		       uint16_t *mode, size_t *size,
+		       time_t *c_time, time_t *a_time, time_t *m_time, 
+		       time_t *w_time, ino_t *ino);
+
+/****************************************************************************
+send a qpathinfo SMB_QUERY_FILE_ALT_NAME_INFO call
+****************************************************************************/
+NTSTATUS smbcli_qpathinfo_alt_name(struct smbcli_tree *tree, const char *fname, 
+				const char **alt_name);
+
+/* The following definitions come from ../source4/libcli/climessage.c  */
+
+
+/****************************************************************************
+start a message sequence
+****************************************************************************/
+bool smbcli_message_start(struct smbcli_tree *tree, const char *host, const char *username, 
+		       int *grp);
+
+/****************************************************************************
+send a message 
+****************************************************************************/
+bool smbcli_message_text(struct smbcli_tree *tree, char *msg, int len, int grp);
+
+/****************************************************************************
+end a message 
+****************************************************************************/
+bool smbcli_message_end(struct smbcli_tree *tree, int grp);
+
+int smbcli_deltree(struct smbcli_tree *tree, const char *dname);
+
+#endif /* __LIBCLI_H__ */
diff --git a/source4/libcli/rap/rap.c b/source4/libcli/rap/rap.c
new file mode 100644
index 0000000..1b2cadb
--- /dev/null
+++ b/source4/libcli/rap/rap.c
@@ -0,0 +1,1692 @@
+/*
+   Unix SMB/CIFS implementation.
+   RAP client
+   Copyright (C) Volker Lendecke 2004
+   Copyright (C) Tim Potter 2005
+   Copyright (C) Jelmer Vernooij 2007
+   Copyright (C) Guenther Deschner 2010-2011
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/libcli.h"
+#include "../librpc/gen_ndr/ndr_rap.h"
+#include "libcli/rap/rap.h"
+#include "librpc/ndr/libndr.h"
+
+struct rap_call *new_rap_cli_call(TALLOC_CTX *mem_ctx, uint16_t callno)
+{
+	struct rap_call *call;
+
+	call = talloc_zero(mem_ctx, struct rap_call);
+	if (call == NULL) {
+		return NULL;
+	}
+
+	call->callno = callno;
+	call->rcv_paramlen = 4;
+
+	call->ndr_push_param = ndr_push_init_ctx(call);
+	if (call->ndr_push_param == NULL) {
+		talloc_free(call);
+		return NULL;
+	}
+	call->ndr_push_param->flags = RAPNDR_FLAGS;
+
+	call->ndr_push_data = ndr_push_init_ctx(call);
+	if (call->ndr_push_data == NULL) {
+		talloc_free(call);
+		return NULL;
+	}
+	call->ndr_push_data->flags = RAPNDR_FLAGS;
+
+	call->pull_mem_ctx = mem_ctx;
+
+	return call;
+}
+
+static void rap_cli_push_paramdesc(struct rap_call *call, char desc)
+{
+	int len = 0;
+
+	if (call->paramdesc != NULL)
+		len = strlen(call->paramdesc);
+
+	call->paramdesc = talloc_realloc(call,
+					 call->paramdesc,
+					 char,
+					 len+2);
+
+	call->paramdesc[len] = desc;
+	call->paramdesc[len+1] = '\0';
+}
+
+static void rap_cli_push_word(struct rap_call *call, uint16_t val)
+{
+	rap_cli_push_paramdesc(call, 'W');
+	ndr_push_uint16(call->ndr_push_param, NDR_SCALARS, val);
+}
+
+static void rap_cli_push_dword(struct rap_call *call, uint32_t val)
+{
+	rap_cli_push_paramdesc(call, 'D');
+	ndr_push_uint32(call->ndr_push_param, NDR_SCALARS, val);
+}
+
+static void rap_cli_push_rcvbuf(struct rap_call *call, int len)
+{
+	rap_cli_push_paramdesc(call, 'r');
+	rap_cli_push_paramdesc(call, 'L');
+	ndr_push_uint16(call->ndr_push_param, NDR_SCALARS, len);
+	call->rcv_datalen = len;
+}
+
+static void rap_cli_push_sendbuf(struct rap_call *call, int len)
+{
+	rap_cli_push_paramdesc(call, 's');
+	rap_cli_push_paramdesc(call, 'T');
+	ndr_push_uint16(call->ndr_push_param, NDR_SCALARS, len);
+}
+
+static void rap_cli_push_param(struct rap_call *call, uint16_t val)
+{
+	rap_cli_push_paramdesc(call, 'P');
+	ndr_push_uint16(call->ndr_push_param, NDR_SCALARS, val);
+}
+
+static void rap_cli_expect_multiple_entries(struct rap_call *call)
+{
+	rap_cli_push_paramdesc(call, 'e');
+	rap_cli_push_paramdesc(call, 'h');
+	call->rcv_paramlen += 4; /* uint16_t entry count, uint16_t total */
+}
+
+static void rap_cli_expect_word(struct rap_call *call)
+{
+	rap_cli_push_paramdesc(call, 'h');
+	call->rcv_paramlen += 2;
+}
+
+static void rap_cli_push_string(struct rap_call *call, const char *str)
+{
+	if (str == NULL) {
+		rap_cli_push_paramdesc(call, 'O');
+		return;
+	}
+	rap_cli_push_paramdesc(call, 'z');
+	ndr_push_string(call->ndr_push_param, NDR_SCALARS, str);
+}
+
+static void rap_cli_expect_format(struct rap_call *call, const char *format)
+{
+	call->datadesc = format;
+}
+
+static void rap_cli_expect_extra_format(struct rap_call *call, const char *format)
+{
+	call->auxdatadesc = format;
+}
+
+static NTSTATUS rap_pull_string(TALLOC_CTX *mem_ctx, struct ndr_pull *ndr,
+				uint16_t convert, const char **dest)
+{
+	uint16_t string_offset;
+	uint16_t ignore;
+	const char *p;
+	size_t len;
+
+	NDR_RETURN(ndr_pull_uint16(ndr, NDR_SCALARS, &string_offset));
+	NDR_RETURN(ndr_pull_uint16(ndr, NDR_SCALARS, &ignore));
+
+	string_offset -= convert;
+
+	if (string_offset+1 > ndr->data_size)
+		return NT_STATUS_INVALID_PARAMETER;
+
+	p = (const char *)(ndr->data + string_offset);
+	len = strnlen(p, ndr->data_size-string_offset);
+
+	if ( string_offset + len + 1 >  ndr->data_size )
+		return NT_STATUS_INVALID_PARAMETER;
+
+	*dest = talloc_zero_array(mem_ctx, char, len+1);
+	pull_string(discard_const_p(char, *dest), p, len+1, len, STR_ASCII);
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS rap_cli_do_call(struct smbcli_tree *tree,
+			 struct rap_call *call)
+{
+	NTSTATUS result;
+	DATA_BLOB param_blob;
+	DATA_BLOB data_blob;
+	struct ndr_push *params;
+	struct ndr_push *data;
+	struct smb_trans2 trans;
+
+	params = ndr_push_init_ctx(call);
+
+	if (params == NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	params->flags = RAPNDR_FLAGS;
+
+	data = ndr_push_init_ctx(call);
+
+	if (data == NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	data->flags = RAPNDR_FLAGS;
+
+	trans.in.max_param = call->rcv_paramlen;
+	trans.in.max_data = call->rcv_datalen;
+	trans.in.max_setup = 0;
+	trans.in.flags = 0;
+	trans.in.timeout = 0;
+	trans.in.setup_count = 0;
+	trans.in.setup = NULL;
+	trans.in.trans_name = "\\PIPE\\LANMAN";
+
+	NDR_RETURN(ndr_push_uint16(params, NDR_SCALARS, call->callno));
+	if (call->paramdesc)
+		NDR_RETURN(ndr_push_string(params, NDR_SCALARS, call->paramdesc));
+	if (call->datadesc)
+		NDR_RETURN(ndr_push_string(params, NDR_SCALARS, call->datadesc));
+
+	param_blob = ndr_push_blob(call->ndr_push_param);
+	NDR_RETURN(ndr_push_bytes(params, param_blob.data,
+				 param_blob.length));
+
+	data_blob = ndr_push_blob(call->ndr_push_data);
+	NDR_RETURN(ndr_push_bytes(data, data_blob.data,
+				 data_blob.length));
+
+	if (call->auxdatadesc)
+		NDR_RETURN(ndr_push_string(params, NDR_SCALARS, call->auxdatadesc));
+
+	trans.in.params = ndr_push_blob(params);
+	trans.in.data = ndr_push_blob(data);
+
+	result = smb_raw_trans(tree, call, &trans);
+
+	if (!NT_STATUS_IS_OK(result))
+		return result;
+
+	call->ndr_pull_param = ndr_pull_init_blob(&trans.out.params, call);
+	call->ndr_pull_param->flags = RAPNDR_FLAGS;
+	call->ndr_pull_param->current_mem_ctx = call->pull_mem_ctx;
+	call->ndr_pull_data = ndr_pull_init_blob(&trans.out.data, call);
+	call->ndr_pull_data->flags = RAPNDR_FLAGS;
+	call->ndr_pull_data->current_mem_ctx = call->pull_mem_ctx;
+
+	return result;
+}
+
+
+NTSTATUS smbcli_rap_netshareenum(struct smbcli_tree *tree,
+				 TALLOC_CTX *mem_ctx,
+				 struct rap_NetShareEnum *r)
+{
+	struct rap_call *call;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	int i;
+
+	call = new_rap_cli_call(tree, RAP_WshareEnum);
+
+	if (call == NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	rap_cli_push_word(call, r->in.level); /* Level */
+	rap_cli_push_rcvbuf(call, r->in.bufsize);
+	rap_cli_expect_multiple_entries(call);
+
+	switch(r->in.level) {
+	case 0:
+		rap_cli_expect_format(call, "B13");
+		break;
+	case 1:
+		rap_cli_expect_format(call, "B13BWz");
+		break;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(rap_NetShareEnum, r);
+	}
+
+	result = rap_cli_do_call(tree, call);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	NDR_GOTO(ndr_pull_rap_status(call->ndr_pull_param, NDR_SCALARS, &r->out.status));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.count));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.available));
+
+	r->out.info = talloc_array(mem_ctx, union rap_share_info, r->out.count);
+
+	if (r->out.info == NULL) {
+		result = NT_STATUS_NO_MEMORY;
+		goto done;
+	}
+
+	for (i=0; i<r->out.count; i++) {
+		switch(r->in.level) {
+		case 0:
+			NDR_GOTO(ndr_pull_bytes(call->ndr_pull_data,
+						r->out.info[i].info0.share_name, 13));
+			break;
+		case 1:
+			NDR_GOTO(ndr_pull_bytes(call->ndr_pull_data,
+						r->out.info[i].info1.share_name, 13));
+			NDR_GOTO(ndr_pull_bytes(call->ndr_pull_data,
+					        &r->out.info[i].info1.reserved1, 1));
+			NDR_GOTO(ndr_pull_uint16(call->ndr_pull_data,
+					       NDR_SCALARS, &r->out.info[i].info1.share_type));
+			RAP_GOTO(rap_pull_string(mem_ctx, call->ndr_pull_data,
+					       r->out.convert,
+					       &r->out.info[i].info1.comment));
+			break;
+		}
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(rap_NetShareEnum, r);
+	}
+	result = NT_STATUS_OK;
+
+ done:
+	talloc_free(call);
+	return result;
+}
+
+NTSTATUS smbcli_rap_netserverenum2(struct smbcli_tree *tree,
+				   TALLOC_CTX *mem_ctx,
+				   struct rap_NetServerEnum2 *r)
+{
+	struct rap_call *call;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	int i;
+
+	call = new_rap_cli_call(mem_ctx, RAP_NetServerEnum2);
+
+	if (call == NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	rap_cli_push_word(call, r->in.level);
+	rap_cli_push_rcvbuf(call, r->in.bufsize);
+	rap_cli_expect_multiple_entries(call);
+	rap_cli_push_dword(call, r->in.servertype);
+	rap_cli_push_string(call, r->in.domain);
+
+	switch(r->in.level) {
+	case 0:
+		rap_cli_expect_format(call, "B16");
+		break;
+	case 1:
+		rap_cli_expect_format(call, "B16BBDz");
+		break;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(rap_NetServerEnum2, r);
+	}
+
+	result = rap_cli_do_call(tree, call);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	result = NT_STATUS_INVALID_PARAMETER;
+
+	NDR_GOTO(ndr_pull_rap_status(call->ndr_pull_param, NDR_SCALARS, &r->out.status));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.count));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.available));
+
+	r->out.info = talloc_array(mem_ctx, union rap_server_info, r->out.count);
+
+	if (r->out.info == NULL) {
+		result = NT_STATUS_NO_MEMORY;
+		goto done;
+	}
+
+	for (i=0; i<r->out.count; i++) {
+		switch(r->in.level) {
+		case 0:
+			NDR_GOTO(ndr_pull_bytes(call->ndr_pull_data,
+						r->out.info[i].info0.name, 16));
+			break;
+		case 1:
+			NDR_GOTO(ndr_pull_bytes(call->ndr_pull_data,
+						r->out.info[i].info1.name, 16));
+			NDR_GOTO(ndr_pull_bytes(call->ndr_pull_data,
+					      &r->out.info[i].info1.version_major, 1));
+			NDR_GOTO(ndr_pull_bytes(call->ndr_pull_data,
+					      &r->out.info[i].info1.version_minor, 1));
+			NDR_GOTO(ndr_pull_uint32(call->ndr_pull_data,
+					       NDR_SCALARS, &r->out.info[i].info1.servertype));
+			RAP_GOTO(rap_pull_string(mem_ctx, call->ndr_pull_data,
+					       r->out.convert,
+					       &r->out.info[i].info1.comment));
+		}
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(rap_NetServerEnum2, r);
+	}
+
+	result = NT_STATUS_OK;
+
+ done:
+	talloc_free(call);
+	return result;
+}
+
+NTSTATUS smbcli_rap_netservergetinfo(struct smbcli_tree *tree,
+				     TALLOC_CTX *mem_ctx,
+				     struct rap_WserverGetInfo *r)
+{
+	struct rap_call *call;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	if (!(call = new_rap_cli_call(mem_ctx, RAP_WserverGetInfo))) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	rap_cli_push_word(call, r->in.level);
+	rap_cli_push_rcvbuf(call, r->in.bufsize);
+	rap_cli_expect_word(call);
+
+	switch(r->in.level) {
+	case 0:
+		rap_cli_expect_format(call, "B16");
+		break;
+	case 1:
+		rap_cli_expect_format(call, "B16BBDz");
+		break;
+	default:
+		result = NT_STATUS_INVALID_PARAMETER;
+		goto done;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(rap_WserverGetInfo, r);
+	}
+
+	result = rap_cli_do_call(tree, call);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	NDR_GOTO(ndr_pull_rap_status(call->ndr_pull_param, NDR_SCALARS, &r->out.status));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.available));
+
+	switch(r->in.level) {
+	case 0:
+		NDR_GOTO(ndr_pull_bytes(call->ndr_pull_data,
+					r->out.info.info0.name, 16));
+		break;
+	case 1:
+		NDR_GOTO(ndr_pull_bytes(call->ndr_pull_data,
+					r->out.info.info1.name, 16));
+		NDR_GOTO(ndr_pull_bytes(call->ndr_pull_data,
+				      &r->out.info.info1.version_major, 1));
+		NDR_GOTO(ndr_pull_bytes(call->ndr_pull_data,
+				      &r->out.info.info1.version_minor, 1));
+		NDR_GOTO(ndr_pull_uint32(call->ndr_pull_data,
+				       NDR_SCALARS, &r->out.info.info1.servertype));
+		RAP_GOTO(rap_pull_string(mem_ctx, call->ndr_pull_data,
+				       r->out.convert,
+				       &r->out.info.info1.comment));
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(rap_WserverGetInfo, r);
+	}
+ done:
+	talloc_free(call);
+	return result;
+}
+
+static enum ndr_err_code ndr_pull_rap_NetPrintQEnum_data(struct ndr_pull *ndr, struct rap_NetPrintQEnum *r)
+{
+	uint32_t cntr_info_0;
+	TALLOC_CTX *_mem_save_info_0;
+
+	NDR_PULL_ALLOC_N(ndr, r->out.info, r->out.count);
+	_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
+	NDR_PULL_SET_MEM_CTX(ndr, r->out.info, 0);
+	for (cntr_info_0 = 0; cntr_info_0 < r->out.count; cntr_info_0++) {
+		NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->out.info[cntr_info_0], r->in.level));
+		NDR_CHECK(ndr_pull_rap_printq_info(ndr, NDR_SCALARS, &r->out.info[cntr_info_0]));
+	}
+	for (cntr_info_0 = 0; cntr_info_0 < r->out.count; cntr_info_0++) {
+		NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->out.info[cntr_info_0], r->in.level));
+		NDR_CHECK(ndr_pull_rap_printq_info(ndr, NDR_BUFFERS, &r->out.info[cntr_info_0]));
+	}
+	NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, 0);
+
+	return NDR_ERR_SUCCESS;
+}
+
+NTSTATUS smbcli_rap_netprintqenum(struct smbcli_tree *tree,
+				  TALLOC_CTX *mem_ctx,
+				  struct rap_NetPrintQEnum *r)
+{
+	struct rap_call *call;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	if (!(call = new_rap_cli_call(mem_ctx, RAP_WPrintQEnum))) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	rap_cli_push_word(call, r->in.level);
+	rap_cli_push_rcvbuf(call, r->in.bufsize);
+	rap_cli_expect_multiple_entries(call);
+
+	switch(r->in.level) {
+	case 0:
+		rap_cli_expect_format(call, "B13");
+		break;
+	case 1:
+		rap_cli_expect_format(call, "B13BWWWzzzzzWW");
+		break;
+	case 2:
+		rap_cli_expect_format(call, "B13BWWWzzzzzWN");
+		rap_cli_expect_extra_format(call, "WB21BB16B10zWWzDDz");
+		break;
+	case 3:
+		rap_cli_expect_format(call, "zWWWWzzzzWWzzl");
+		break;
+	case 4:
+		rap_cli_expect_format(call, "zWWWWzzzzWNzzl");
+		rap_cli_expect_extra_format(call, "WWzWWDDzz");
+		/* no mention of extra format in MS-RAP */
+		break;
+	case 5:
+		rap_cli_expect_format(call, "z");
+		break;
+	default:
+		result = NT_STATUS_INVALID_PARAMETER;
+		goto done;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(rap_NetPrintQEnum, r);
+	}
+
+	result = rap_cli_do_call(tree, call);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	result = NT_STATUS_INVALID_PARAMETER;
+
+	NDR_GOTO(ndr_pull_rap_status(call->ndr_pull_param, NDR_SCALARS, &r->out.status));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.count));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.available));
+
+	call->ndr_pull_data->relative_rap_convert = r->out.convert;
+
+	NDR_GOTO(ndr_pull_rap_NetPrintQEnum_data(call->ndr_pull_data, r));
+
+	r->out.info = talloc_steal(mem_ctx, r->out.info);
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(rap_NetPrintQEnum, r);
+	}
+
+	result = NT_STATUS_OK;
+
+ done:
+	talloc_free(call);
+	return result;
+}
+
+NTSTATUS smbcli_rap_netprintqgetinfo(struct smbcli_tree *tree,
+				     TALLOC_CTX *mem_ctx,
+				     struct rap_NetPrintQGetInfo *r)
+{
+	struct rap_call *call;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	if (!(call = new_rap_cli_call(mem_ctx, RAP_WPrintQGetInfo))) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	rap_cli_push_string(call, r->in.PrintQueueName);
+	rap_cli_push_word(call, r->in.level);
+	rap_cli_push_rcvbuf(call, r->in.bufsize);
+	rap_cli_expect_word(call);
+
+	switch(r->in.level) {
+	case 0:
+		rap_cli_expect_format(call, "B13");
+		break;
+	case 1:
+		rap_cli_expect_format(call, "B13BWWWzzzzzWW");
+		break;
+	case 2:
+		rap_cli_expect_format(call, "B13BWWWzzzzzWN");
+		rap_cli_expect_extra_format(call, "WB21BB16B10zWWzDDz");
+		break;
+	case 3:
+		rap_cli_expect_format(call, "zWWWWzzzzWWzzl");
+		break;
+	case 4:
+		rap_cli_expect_format(call, "zWWWWzzzzWNzzl");
+		rap_cli_expect_extra_format(call, "WWzWWDDzz");
+		/* no mention of extra format in MS-RAP */
+		break;
+	case 5:
+		rap_cli_expect_format(call, "z");
+		break;
+	default:
+		result = NT_STATUS_INVALID_PARAMETER;
+		goto done;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(rap_NetPrintQGetInfo, r);
+	}
+
+	result = rap_cli_do_call(tree, call);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	result = NT_STATUS_INVALID_PARAMETER;
+
+	ZERO_STRUCT(r->out);
+
+	NDR_GOTO(ndr_pull_rap_status(call->ndr_pull_param, NDR_SCALARS, &r->out.status));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.available));
+
+	if (r->out.status == 0) {
+		call->ndr_pull_data->relative_rap_convert = r->out.convert;
+
+		NDR_GOTO(ndr_pull_set_switch_value(call->ndr_pull_data, &r->out.info, r->in.level));
+		NDR_GOTO(ndr_pull_rap_printq_info(call->ndr_pull_data, NDR_SCALARS|NDR_BUFFERS, &r->out.info));
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(rap_NetPrintQGetInfo, r);
+	}
+
+	result = NT_STATUS_OK;
+ done:
+	talloc_free(call);
+	return result;
+}
+
+NTSTATUS smbcli_rap_netprintjobpause(struct smbcli_tree *tree,
+				     TALLOC_CTX *mem_ctx,
+				     struct rap_NetPrintJobPause *r)
+{
+	struct rap_call *call;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	if (!(call = new_rap_cli_call(mem_ctx, RAP_WPrintJobPause))) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	rap_cli_push_word(call, r->in.JobID);
+
+	rap_cli_expect_format(call, "W");
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(rap_NetPrintJobPause, r);
+	}
+
+	result = rap_cli_do_call(tree, call);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	NDR_GOTO(ndr_pull_rap_status(call->ndr_pull_param, NDR_SCALARS, &r->out.status));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert));
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(rap_NetPrintJobPause, r);
+	}
+
+ done:
+	talloc_free(call);
+	return result;
+}
+
+NTSTATUS smbcli_rap_netprintjobcontinue(struct smbcli_tree *tree,
+					TALLOC_CTX *mem_ctx,
+					struct rap_NetPrintJobContinue *r)
+{
+	struct rap_call *call;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	if (!(call = new_rap_cli_call(mem_ctx, RAP_WPrintJobContinue))) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	rap_cli_push_word(call, r->in.JobID);
+
+	rap_cli_expect_format(call, "W");
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(rap_NetPrintJobContinue, r);
+	}
+
+	result = rap_cli_do_call(tree, call);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	NDR_GOTO(ndr_pull_rap_status(call->ndr_pull_param, NDR_SCALARS, &r->out.status));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert));
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(rap_NetPrintJobContinue, r);
+	}
+
+ done:
+	talloc_free(call);
+	return result;
+}
+
+NTSTATUS smbcli_rap_netprintjobdelete(struct smbcli_tree *tree,
+				      TALLOC_CTX *mem_ctx,
+				      struct rap_NetPrintJobDelete *r)
+{
+	struct rap_call *call;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	if (!(call = new_rap_cli_call(mem_ctx, RAP_WPrintJobDel))) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	rap_cli_push_word(call, r->in.JobID);
+
+	rap_cli_expect_format(call, "W");
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(rap_NetPrintJobDelete, r);
+	}
+
+	result = rap_cli_do_call(tree, call);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	NDR_GOTO(ndr_pull_rap_status(call->ndr_pull_param, NDR_SCALARS, &r->out.status));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert));
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(rap_NetPrintJobDelete, r);
+	}
+
+ done:
+	talloc_free(call);
+	return result;
+}
+
+NTSTATUS smbcli_rap_netprintqueuepause(struct smbcli_tree *tree,
+				       TALLOC_CTX *mem_ctx,
+				       struct rap_NetPrintQueuePause *r)
+{
+	struct rap_call *call;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	if (!(call = new_rap_cli_call(mem_ctx, RAP_WPrintQPause))) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	rap_cli_push_string(call, r->in.PrintQueueName);
+
+	rap_cli_expect_format(call, "");
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(rap_NetPrintQueuePause, r);
+	}
+
+	result = rap_cli_do_call(tree, call);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	NDR_GOTO(ndr_pull_rap_status(call->ndr_pull_param, NDR_SCALARS, &r->out.status));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert));
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(rap_NetPrintQueuePause, r);
+	}
+
+ done:
+	talloc_free(call);
+	return result;
+}
+
+NTSTATUS smbcli_rap_netprintqueueresume(struct smbcli_tree *tree,
+					TALLOC_CTX *mem_ctx,
+					struct rap_NetPrintQueueResume *r)
+{
+	struct rap_call *call;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	if (!(call = new_rap_cli_call(mem_ctx, RAP_WPrintQContinue))) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	rap_cli_push_string(call, r->in.PrintQueueName);
+
+	rap_cli_expect_format(call, "");
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(rap_NetPrintQueueResume, r);
+	}
+
+	result = rap_cli_do_call(tree, call);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	NDR_GOTO(ndr_pull_rap_status(call->ndr_pull_param, NDR_SCALARS, &r->out.status));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert));
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(rap_NetPrintQueueResume, r);
+	}
+
+ done:
+	talloc_free(call);
+	return result;
+}
+
+NTSTATUS smbcli_rap_netprintqueuepurge(struct smbcli_tree *tree,
+				       TALLOC_CTX *mem_ctx,
+				       struct rap_NetPrintQueuePurge *r)
+{
+	struct rap_call *call;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	if (!(call = new_rap_cli_call(mem_ctx, RAP_WPrintQPurge))) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	rap_cli_push_string(call, r->in.PrintQueueName);
+
+	rap_cli_expect_format(call, "");
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(rap_NetPrintQueuePurge, r);
+	}
+
+	result = rap_cli_do_call(tree, call);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	NDR_GOTO(ndr_pull_rap_status(call->ndr_pull_param, NDR_SCALARS, &r->out.status));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert));
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(rap_NetPrintQueuePurge, r);
+	}
+
+ done:
+	talloc_free(call);
+	return result;
+}
+
+static enum ndr_err_code ndr_pull_rap_NetPrintJobEnum_data(struct ndr_pull *ndr, struct rap_NetPrintJobEnum *r)
+{
+	uint32_t cntr_info_0;
+	TALLOC_CTX *_mem_save_info_0;
+
+	NDR_PULL_ALLOC_N(ndr, r->out.info, r->out.count);
+	_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
+	NDR_PULL_SET_MEM_CTX(ndr, r->out.info, 0);
+	for (cntr_info_0 = 0; cntr_info_0 < r->out.count; cntr_info_0++) {
+		NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->out.info[cntr_info_0], r->in.level));
+		NDR_CHECK(ndr_pull_rap_printj_info(ndr, NDR_SCALARS, &r->out.info[cntr_info_0]));
+	}
+	for (cntr_info_0 = 0; cntr_info_0 < r->out.count; cntr_info_0++) {
+		NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->out.info[cntr_info_0], r->in.level));
+		NDR_CHECK(ndr_pull_rap_printj_info(ndr, NDR_BUFFERS, &r->out.info[cntr_info_0]));
+	}
+	NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, 0);
+
+	return NDR_ERR_SUCCESS;
+}
+
+NTSTATUS smbcli_rap_netprintjobenum(struct smbcli_tree *tree,
+				    TALLOC_CTX *mem_ctx,
+				    struct rap_NetPrintJobEnum *r)
+{
+	struct rap_call *call;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	if (!(call = new_rap_cli_call(mem_ctx, RAP_WPrintJobEnum))) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	rap_cli_push_string(call, r->in.PrintQueueName);
+	rap_cli_push_word(call, r->in.level);
+	rap_cli_push_rcvbuf(call, r->in.bufsize);
+	rap_cli_expect_multiple_entries(call);
+
+	switch(r->in.level) {
+	case 0:
+		rap_cli_expect_format(call, "W");
+		break;
+	case 1:
+		rap_cli_expect_format(call, "WB21BB16B10zWWzDDz");
+		break;
+	case 2:
+		rap_cli_expect_format(call, "WWzWWDDzz");
+		break;
+	case 3:
+		rap_cli_expect_format(call, "WWzWWDDzzzzzzzzzzlz");
+		break;
+	case 4:
+		rap_cli_expect_format(call, "WWzWWDDzzzzzDDDDDDD");
+		break;
+	default:
+		result = NT_STATUS_INVALID_PARAMETER;
+		goto done;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(rap_NetPrintJobEnum, r);
+	}
+
+	result = rap_cli_do_call(tree, call);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	result = NT_STATUS_INVALID_PARAMETER;
+
+	NDR_GOTO(ndr_pull_rap_status(call->ndr_pull_param, NDR_SCALARS, &r->out.status));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.count));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.available));
+
+	call->ndr_pull_data->relative_rap_convert = r->out.convert;
+
+	NDR_GOTO(ndr_pull_rap_NetPrintJobEnum_data(call->ndr_pull_data, r));
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(rap_NetPrintJobEnum, r);
+	}
+
+	r->out.info = talloc_steal(mem_ctx, r->out.info);
+
+	result = NT_STATUS_OK;
+
+ done:
+	talloc_free(call);
+	return result;
+}
+
+NTSTATUS smbcli_rap_netprintjobgetinfo(struct smbcli_tree *tree,
+				       TALLOC_CTX *mem_ctx,
+				       struct rap_NetPrintJobGetInfo *r)
+{
+	struct rap_call *call;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	if (!(call = new_rap_cli_call(mem_ctx, RAP_WPrintJobGetInfo))) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	rap_cli_push_word(call, r->in.JobID);
+	rap_cli_push_word(call, r->in.level);
+	rap_cli_push_rcvbuf(call, r->in.bufsize);
+	rap_cli_expect_word(call);
+
+	switch(r->in.level) {
+	case 0:
+		rap_cli_expect_format(call, "W");
+		break;
+	case 1:
+		rap_cli_expect_format(call, "WB21BB16B10zWWzDDz");
+		break;
+	case 2:
+		rap_cli_expect_format(call, "WWzWWDDzz");
+		break;
+	case 3:
+		rap_cli_expect_format(call, "WWzWWDDzzzzzzzzzzlz");
+		break;
+	case 4:
+		rap_cli_expect_format(call, "WWzWWDDzzzzzDDDDDDD");
+		break;
+	default:
+		result = NT_STATUS_INVALID_PARAMETER;
+		goto done;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(rap_NetPrintJobGetInfo, r);
+	}
+
+	result = rap_cli_do_call(tree, call);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	result = NT_STATUS_INVALID_PARAMETER;
+
+	NDR_GOTO(ndr_pull_rap_status(call->ndr_pull_param, NDR_SCALARS, &r->out.status));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.available));
+
+	call->ndr_pull_data->relative_rap_convert = r->out.convert;
+
+	NDR_GOTO(ndr_pull_set_switch_value(call->ndr_pull_data, &r->out.info, r->in.level));
+	NDR_GOTO(ndr_pull_rap_printj_info(call->ndr_pull_data, NDR_SCALARS|NDR_BUFFERS, &r->out.info));
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(rap_NetPrintJobGetInfo, r);
+	}
+
+	result = NT_STATUS_OK;
+
+ done:
+	talloc_free(call);
+	return result;
+}
+
+NTSTATUS smbcli_rap_netprintjobsetinfo(struct smbcli_tree *tree,
+				       TALLOC_CTX *mem_ctx,
+				       struct rap_NetPrintJobSetInfo *r)
+{
+	struct rap_call *call;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	if (!(call = new_rap_cli_call(mem_ctx, RAP_WPrintJobSetInfo))) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	rap_cli_push_word(call, r->in.JobID);
+	rap_cli_push_word(call, r->in.level);
+	rap_cli_push_sendbuf(call, r->in.bufsize);
+	rap_cli_push_param(call, r->in.ParamNum);
+
+	switch (r->in.ParamNum) {
+	case RAP_PARAM_JOBNUM:
+	case RAP_PARAM_JOBPOSITION:
+	case RAP_PARAM_JOBSTATUS:
+		NDR_GOTO(ndr_push_uint16(call->ndr_push_param, NDR_SCALARS, r->in.Param.value));
+		break;
+	case RAP_PARAM_USERNAME:
+	case RAP_PARAM_NOTIFYNAME:
+	case RAP_PARAM_DATATYPE:
+	case RAP_PARAM_PARAMETERS_STRING:
+	case RAP_PARAM_JOBSTATUSSTR:
+	case RAP_PARAM_JOBCOMMENT:
+		NDR_GOTO(ndr_push_string(call->ndr_push_param, NDR_SCALARS, r->in.Param.string));
+		break;
+	case RAP_PARAM_TIMESUBMITTED:
+	case RAP_PARAM_JOBSIZE:
+		NDR_GOTO(ndr_push_uint32(call->ndr_push_param, NDR_SCALARS, r->in.Param.value4));
+		break;
+	default:
+		result = NT_STATUS_INVALID_PARAMETER;
+		break;
+	}
+
+	/* not really sure if this is correct */
+	rap_cli_expect_format(call, "WB21BB16B10zWWzDDz");
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(rap_NetPrintJobSetInfo, r);
+	}
+
+	result = rap_cli_do_call(tree, call);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	result = NT_STATUS_INVALID_PARAMETER;
+
+	NDR_GOTO(ndr_pull_rap_status(call->ndr_pull_param, NDR_SCALARS, &r->out.status));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert));
+
+	result = NT_STATUS_OK;
+
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(rap_NetPrintJobSetInfo, r);
+	}
+
+ done:
+	talloc_free(call);
+	return result;
+}
+
+static enum ndr_err_code ndr_pull_rap_NetPrintDestEnum_data(struct ndr_pull *ndr, struct rap_NetPrintDestEnum *r)
+{
+	uint32_t cntr_info_0;
+	TALLOC_CTX *_mem_save_info_0;
+
+	NDR_PULL_ALLOC_N(ndr, r->out.info, r->out.count);
+	_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
+	NDR_PULL_SET_MEM_CTX(ndr, r->out.info, 0);
+	for (cntr_info_0 = 0; cntr_info_0 < r->out.count; cntr_info_0++) {
+		NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->out.info[cntr_info_0], r->in.level));
+		NDR_CHECK(ndr_pull_rap_printdest_info(ndr, NDR_SCALARS, &r->out.info[cntr_info_0]));
+	}
+	for (cntr_info_0 = 0; cntr_info_0 < r->out.count; cntr_info_0++) {
+		NDR_CHECK(ndr_pull_rap_printdest_info(ndr, NDR_BUFFERS, &r->out.info[cntr_info_0]));
+	}
+	NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, 0);
+
+	return NDR_ERR_SUCCESS;
+}
+
+
+NTSTATUS smbcli_rap_netprintdestenum(struct smbcli_tree *tree,
+				     TALLOC_CTX *mem_ctx,
+				     struct rap_NetPrintDestEnum *r)
+{
+	struct rap_call *call;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	if (!(call = new_rap_cli_call(mem_ctx, RAP_WPrintDestEnum))) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	rap_cli_push_word(call, r->in.level);
+	rap_cli_push_rcvbuf(call, r->in.bufsize);
+	rap_cli_expect_multiple_entries(call);
+
+	switch(r->in.level) {
+	case 0:
+		rap_cli_expect_format(call, "B9");
+		break;
+	case 1:
+		rap_cli_expect_format(call, "B9B21WWzW");
+		break;
+	case 2:
+		rap_cli_expect_format(call, "z");
+		break;
+	case 3:
+		rap_cli_expect_format(call, "zzzWWzzzWW");
+		break;
+	default:
+		result = NT_STATUS_INVALID_PARAMETER;
+		goto done;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(rap_NetPrintDestEnum, r);
+	}
+
+	result = rap_cli_do_call(tree, call);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	result = NT_STATUS_INVALID_PARAMETER;
+
+	NDR_GOTO(ndr_pull_rap_status(call->ndr_pull_param, NDR_SCALARS, &r->out.status));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.count));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.available));
+
+	call->ndr_pull_data->relative_rap_convert = r->out.convert;
+
+	NDR_GOTO(ndr_pull_rap_NetPrintDestEnum_data(call->ndr_pull_data, r));
+
+	r->out.info = talloc_steal(mem_ctx, r->out.info);
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(rap_NetPrintDestEnum, r);
+	}
+
+	result = NT_STATUS_OK;
+
+ done:
+	talloc_free(call);
+	return result;
+}
+
+NTSTATUS smbcli_rap_netprintdestgetinfo(struct smbcli_tree *tree,
+					TALLOC_CTX *mem_ctx,
+					struct rap_NetPrintDestGetInfo *r)
+{
+	struct rap_call *call;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	if (!(call = new_rap_cli_call(mem_ctx, RAP_WPrintDestGetInfo))) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	rap_cli_push_string(call, r->in.PrintDestName);
+	rap_cli_push_word(call, r->in.level);
+	rap_cli_push_rcvbuf(call, r->in.bufsize);
+	rap_cli_expect_word(call);
+
+	switch(r->in.level) {
+	case 0:
+		rap_cli_expect_format(call, "B9");
+		break;
+	case 1:
+		rap_cli_expect_format(call, "B9B21WWzW");
+		break;
+	case 2:
+		rap_cli_expect_format(call, "z");
+		break;
+	case 3:
+		rap_cli_expect_format(call, "zzzWWzzzWW");
+		break;
+	default:
+		result = NT_STATUS_INVALID_PARAMETER;
+		goto done;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(rap_NetPrintDestGetInfo, r);
+	}
+
+	result = rap_cli_do_call(tree, call);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	result = NT_STATUS_INVALID_PARAMETER;
+
+	NDR_GOTO(ndr_pull_rap_status(call->ndr_pull_param, NDR_SCALARS, &r->out.status));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.available));
+
+	call->ndr_pull_data->relative_rap_convert = r->out.convert;
+
+	NDR_GOTO(ndr_pull_set_switch_value(call->ndr_pull_data, &r->out.info, r->in.level));
+	NDR_GOTO(ndr_pull_rap_printdest_info(call->ndr_pull_data, NDR_SCALARS|NDR_BUFFERS, &r->out.info));
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(rap_NetPrintDestGetInfo, r);
+	}
+
+	result = NT_STATUS_OK;
+
+ done:
+	talloc_free(call);
+	return result;
+}
+
+NTSTATUS smbcli_rap_netuserpasswordset2(struct smbcli_tree *tree,
+					TALLOC_CTX *mem_ctx,
+					struct rap_NetUserPasswordSet2 *r)
+{
+	struct rap_call *call;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	if (!(call = new_rap_cli_call(mem_ctx, RAP_WUserPasswordSet2))) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	rap_cli_push_string(call, r->in.UserName);
+	rap_cli_push_paramdesc(call, 'b');
+	rap_cli_push_paramdesc(call, '1');
+	rap_cli_push_paramdesc(call, '6');
+	ndr_push_array_uint8(call->ndr_push_param, NDR_SCALARS, r->in.OldPassword, 16);
+	rap_cli_push_paramdesc(call, 'b');
+	rap_cli_push_paramdesc(call, '1');
+	rap_cli_push_paramdesc(call, '6');
+	ndr_push_array_uint8(call->ndr_push_param, NDR_SCALARS, r->in.NewPassword, 16);
+	rap_cli_push_word(call, r->in.EncryptedPassword);
+	rap_cli_push_word(call, r->in.RealPasswordLength);
+
+	rap_cli_expect_format(call, "");
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(rap_NetUserPasswordSet2, r);
+	}
+
+	result = rap_cli_do_call(tree, call);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	result = NT_STATUS_INVALID_PARAMETER;
+
+	NDR_GOTO(ndr_pull_rap_status(call->ndr_pull_param, NDR_SCALARS, &r->out.status));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert));
+
+	result = NT_STATUS_OK;
+
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(rap_NetUserPasswordSet2, r);
+	}
+
+ done:
+	talloc_free(call);
+	return result;
+}
+
+NTSTATUS smbcli_rap_netoemchangepassword(struct smbcli_tree *tree,
+					 TALLOC_CTX *mem_ctx,
+					 struct rap_NetOEMChangePassword *r)
+{
+	struct rap_call *call;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	if (!(call = new_rap_cli_call(mem_ctx, RAP_SamOEMChgPasswordUser2_P))) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	rap_cli_push_string(call, r->in.UserName);
+	rap_cli_push_sendbuf(call, 532);
+	ndr_push_array_uint8(call->ndr_push_data, NDR_SCALARS, r->in.crypt_password, 516);
+	ndr_push_array_uint8(call->ndr_push_data, NDR_SCALARS, r->in.password_hash, 16);
+
+	rap_cli_expect_format(call, "B516B16");
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(rap_NetOEMChangePassword, r);
+	}
+
+	result = rap_cli_do_call(tree, call);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	result = NT_STATUS_INVALID_PARAMETER;
+
+	NDR_GOTO(ndr_pull_rap_status(call->ndr_pull_param, NDR_SCALARS, &r->out.status));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert));
+
+	result = NT_STATUS_OK;
+
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(rap_NetOEMChangePassword, r);
+	}
+
+ done:
+	talloc_free(call);
+	return result;
+}
+
+NTSTATUS smbcli_rap_netusergetinfo(struct smbcli_tree *tree,
+				   TALLOC_CTX *mem_ctx,
+				   struct rap_NetUserGetInfo *r)
+{
+	struct rap_call *call;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	if (!(call = new_rap_cli_call(mem_ctx, RAP_WUserGetInfo))) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	rap_cli_push_string(call, r->in.UserName);
+	rap_cli_push_word(call, r->in.level);
+	rap_cli_push_rcvbuf(call, r->in.bufsize);
+	rap_cli_expect_word(call);
+
+	switch(r->in.level) {
+	case 0:
+		rap_cli_expect_format(call, "B21");
+		break;
+	case 1:
+		rap_cli_expect_format(call, "B21BB16DWzzWz");
+		break;
+	case 2:
+		rap_cli_expect_format(call, "B21BB16DWzzWzDzzzzDDDDWb21WWzWW");
+		break;
+	case 10:
+		rap_cli_expect_format(call, "B21Bzzz");
+		break;
+	case 11:
+		rap_cli_expect_format(call, "B21BzzzWDDzzDDWWzWzDWb21W");
+		break;
+	default:
+		result = NT_STATUS_INVALID_PARAMETER;
+		goto done;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(rap_NetUserGetInfo, r);
+	}
+
+	result = rap_cli_do_call(tree, call);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	NDR_GOTO(ndr_pull_rap_status(call->ndr_pull_param, NDR_SCALARS, &r->out.status));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.available));
+
+	call->ndr_pull_data->relative_rap_convert = r->out.convert;
+
+	NDR_GOTO(ndr_pull_set_switch_value(call->ndr_pull_data, &r->out.info, r->in.level));
+	NDR_GOTO(ndr_pull_rap_netuser_info(call->ndr_pull_data, NDR_SCALARS|NDR_BUFFERS, &r->out.info));
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(rap_NetUserGetInfo, r);
+	}
+
+	result = NT_STATUS_OK;
+
+ done:
+	talloc_free(call);
+	return result;
+}
+
+
+static enum ndr_err_code ndr_pull_rap_NetSessionEnum_data(struct ndr_pull *ndr, struct rap_NetSessionEnum *r)
+{
+	uint32_t cntr_info_0;
+	TALLOC_CTX *_mem_save_info_0;
+
+	NDR_PULL_ALLOC_N(ndr, r->out.info, r->out.count);
+	_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
+	NDR_PULL_SET_MEM_CTX(ndr, r->out.info, 0);
+	for (cntr_info_0 = 0; cntr_info_0 < r->out.count; cntr_info_0++) {
+		NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->out.info[cntr_info_0], r->in.level));
+		NDR_CHECK(ndr_pull_rap_session_info(ndr, NDR_SCALARS, &r->out.info[cntr_info_0]));
+	}
+	for (cntr_info_0 = 0; cntr_info_0 < r->out.count; cntr_info_0++) {
+		NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->out.info[cntr_info_0], r->in.level));
+		NDR_CHECK(ndr_pull_rap_session_info(ndr, NDR_BUFFERS, &r->out.info[cntr_info_0]));
+	}
+	NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, 0);
+
+	return NDR_ERR_SUCCESS;
+}
+
+
+NTSTATUS smbcli_rap_netsessionenum(struct smbcli_tree *tree,
+				   TALLOC_CTX *mem_ctx,
+				   struct rap_NetSessionEnum *r)
+{
+	struct rap_call *call;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	call = new_rap_cli_call(tree, RAP_WsessionEnum);
+
+	if (call == NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	rap_cli_push_word(call, r->in.level);
+	rap_cli_push_rcvbuf(call, r->in.bufsize);
+	rap_cli_expect_multiple_entries(call);
+
+	switch(r->in.level) {
+	case 2:
+		rap_cli_expect_format(call, "zzWWWDDDz");
+		break;
+	default:
+		result = NT_STATUS_INVALID_PARAMETER;
+		goto done;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(rap_NetSessionEnum, r);
+	}
+
+	result = rap_cli_do_call(tree, call);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	result = NT_STATUS_INVALID_PARAMETER;
+
+	NDR_GOTO(ndr_pull_rap_status(call->ndr_pull_param, NDR_SCALARS, &r->out.status));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.count));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.available));
+
+	call->ndr_pull_data->relative_rap_convert = r->out.convert;
+
+	NDR_GOTO(ndr_pull_rap_NetSessionEnum_data(call->ndr_pull_data, r));
+
+	r->out.info = talloc_steal(mem_ctx, r->out.info);
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(rap_NetSessionEnum, r);
+	}
+
+	result = NT_STATUS_OK;
+
+ done:
+	talloc_free(call);
+	return result;
+}
+
+NTSTATUS smbcli_rap_netsessiongetinfo(struct smbcli_tree *tree,
+				      TALLOC_CTX *mem_ctx,
+				      struct rap_NetSessionGetInfo *r)
+{
+	struct rap_call *call;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	if (!(call = new_rap_cli_call(mem_ctx, RAP_WsessionGetInfo))) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	rap_cli_push_string(call, r->in.SessionName);
+	rap_cli_push_word(call, r->in.level);
+	rap_cli_push_rcvbuf(call, r->in.bufsize);
+	rap_cli_expect_word(call);
+
+	switch(r->in.level) {
+	case 2:
+		rap_cli_expect_format(call, "zzWWWDDDz");
+		break;
+	default:
+		result = NT_STATUS_INVALID_PARAMETER;
+		break;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(rap_NetSessionGetInfo, r);
+	}
+
+	result = rap_cli_do_call(tree, call);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	result = NT_STATUS_INVALID_PARAMETER;
+
+	ZERO_STRUCT(r->out);
+
+	NDR_GOTO(ndr_pull_rap_status(call->ndr_pull_param, NDR_SCALARS, &r->out.status));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.available));
+
+	if (r->out.status == 0 && r->out.available) {
+		call->ndr_pull_data->relative_rap_convert = r->out.convert;
+
+		NDR_GOTO(ndr_pull_set_switch_value(call->ndr_pull_data, &r->out.info, r->in.level));
+		NDR_GOTO(ndr_pull_rap_session_info(call->ndr_pull_data, NDR_SCALARS|NDR_BUFFERS, &r->out.info));
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(rap_NetSessionGetInfo, r);
+	}
+
+	result = NT_STATUS_OK;
+ done:
+	talloc_free(call);
+	return result;
+}
+
+
+NTSTATUS smbcli_rap_netuseradd(struct smbcli_tree *tree,
+			       TALLOC_CTX *mem_ctx,
+			       struct rap_NetUserAdd *r)
+{
+	struct rap_call *call;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	if (!(call = new_rap_cli_call(mem_ctx, RAP_WUserAdd2))) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	rap_cli_push_word(call, r->in.level);
+	rap_cli_push_sendbuf(call, r->in.bufsize);
+	rap_cli_push_word(call, r->in.pwdlength);
+	rap_cli_push_word(call, r->in.unknown);
+
+	switch (r->in.level) {
+	case 1:
+		rap_cli_expect_format(call, "B21BB16DWzzWz");
+		break;
+	default:
+		result = NT_STATUS_INVALID_PARAMETER;
+		break;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(rap_NetUserAdd, r);
+	}
+
+	NDR_GOTO(ndr_push_set_switch_value(call->ndr_push_data, &r->in.info, r->in.level));
+	NDR_GOTO(ndr_push_rap_netuser_info(call->ndr_push_data, NDR_SCALARS|NDR_BUFFERS, &r->in.info));
+
+	result = rap_cli_do_call(tree, call);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	result = NT_STATUS_INVALID_PARAMETER;
+
+	NDR_GOTO(ndr_pull_rap_status(call->ndr_pull_param, NDR_SCALARS, &r->out.status));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert));
+
+	result = NT_STATUS_OK;
+
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(rap_NetUserAdd, r);
+	}
+
+ done:
+	talloc_free(call);
+	return result;
+}
+
+NTSTATUS smbcli_rap_netuserdelete(struct smbcli_tree *tree,
+				  TALLOC_CTX *mem_ctx,
+				  struct rap_NetUserDelete *r)
+{
+	struct rap_call *call;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	if (!(call = new_rap_cli_call(mem_ctx, RAP_WUserDel))) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	rap_cli_push_string(call, r->in.UserName);
+
+	rap_cli_expect_format(call, "");
+	rap_cli_expect_extra_format(call, "");
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(rap_NetUserDelete, r);
+	}
+
+	result = rap_cli_do_call(tree, call);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	result = NT_STATUS_INVALID_PARAMETER;
+
+	NDR_GOTO(ndr_pull_rap_status(call->ndr_pull_param, NDR_SCALARS, &r->out.status));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert));
+
+	result = NT_STATUS_OK;
+
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(rap_NetUserDelete, r);
+	}
+
+ done:
+	talloc_free(call);
+	return result;
+}
+
+NTSTATUS smbcli_rap_netremotetod(struct smbcli_tree *tree,
+				  TALLOC_CTX *mem_ctx,
+				  struct rap_NetRemoteTOD *r)
+{
+	struct rap_call *call;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	if (!(call = new_rap_cli_call(mem_ctx, RAP_NetRemoteTOD))) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	rap_cli_push_rcvbuf(call, r->in.bufsize);
+
+	rap_cli_expect_format(call, "DDBBBBWWBBWB");
+	rap_cli_expect_extra_format(call, "");
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(rap_NetRemoteTOD, r);
+	}
+
+	result = rap_cli_do_call(tree, call);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	result = NT_STATUS_INVALID_PARAMETER;
+
+	NDR_GOTO(ndr_pull_rap_status(call->ndr_pull_param, NDR_SCALARS, &r->out.status));
+	NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert));
+
+	NDR_GOTO(ndr_pull_rap_TimeOfDayInfo(call->ndr_pull_data, NDR_SCALARS|NDR_BUFFERS, &r->out.tod));
+
+	result = NT_STATUS_OK;
+
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(rap_NetRemoteTOD, r);
+	}
+
+ done:
+	talloc_free(call);
+	return result;
+}
diff --git a/source4/libcli/rap/rap.h b/source4/libcli/rap/rap.h
new file mode 100644
index 0000000..1d44682
--- /dev/null
+++ b/source4/libcli/rap/rap.h
@@ -0,0 +1,76 @@
+/*
+   Unix SMB/CIFS implementation.
+   RAP client
+   Copyright (C) Volker Lendecke 2004
+   Copyright (C) Tim Potter 2005
+   Copyright (C) Jelmer Vernooij 2007
+   Copyright (C) Guenther Deschner 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#define RAP_GOTO(call) do { \
+	NTSTATUS _status; \
+	_status = call; \
+	if (!NT_STATUS_IS_OK(_status)) { \
+		result = _status; \
+		goto done; \
+	} \
+} while (0)
+
+#define RAP_RETURN(call) do { \
+	NTSTATUS _status; \
+	_status = call; \
+	if (!NT_STATUS_IS_OK(_status)) { \
+		return _status; \
+	} \
+} while (0)
+
+#define NDR_GOTO(call) do { \
+	enum ndr_err_code _ndr_err; \
+	_ndr_err = call; \
+	if (!NDR_ERR_CODE_IS_SUCCESS(_ndr_err)) { \
+		result = ndr_map_error2ntstatus(_ndr_err); \
+		goto done; \
+	} \
+} while (0)
+
+#define NDR_RETURN(call) do { \
+	enum ndr_err_code _ndr_err; \
+	_ndr_err = call; \
+	if (!NDR_ERR_CODE_IS_SUCCESS(_ndr_err)) { \
+		return ndr_map_error2ntstatus(_ndr_err); \
+	} \
+} while (0)
+
+struct rap_call {
+	uint16_t callno;
+	char *paramdesc;
+	const char *datadesc;
+	const char *auxdatadesc;
+
+	uint16_t rcv_paramlen, rcv_datalen;
+
+	struct ndr_push *ndr_push_param;
+	struct ndr_push *ndr_push_data;
+
+	TALLOC_CTX *pull_mem_ctx;
+	struct ndr_pull *ndr_pull_param;
+	struct ndr_pull *ndr_pull_data;
+};
+
+#define RAPNDR_FLAGS (LIBNDR_FLAG_NOALIGN|LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_NULLTERM);
+
+#include "../librpc/gen_ndr/rap.h"
+#include "libcli/rap/proto.h"
diff --git a/source4/libcli/rap/wscript_build b/source4/libcli/rap/wscript_build
new file mode 100644
index 0000000..b58e3ac
--- /dev/null
+++ b/source4/libcli/rap/wscript_build
@@ -0,0 +1,7 @@
+#!/usr/bin/env python
+
+bld.SAMBA_SUBSYSTEM('LIBCLI_RAP',
+	source='rap.c',
+	public_deps='smbclient-raw NDR_RAP',
+	autoproto='proto.h'
+	)
diff --git a/source4/libcli/raw/README b/source4/libcli/raw/README
new file mode 100644
index 0000000..cb3e507
--- /dev/null
+++ b/source4/libcli/raw/README
@@ -0,0 +1,5 @@
+Design notes for client library restructure:
+
+1 - no references to cli_state should exist in libcli/raw.
+2 - all interfaces to functions in this directory should use cli_session or cli_tree as
+	the primary context structure
\ No newline at end of file
diff --git a/source4/libcli/raw/clierror.c b/source4/libcli/raw/clierror.c
new file mode 100644
index 0000000..66376f0
--- /dev/null
+++ b/source4/libcli/raw/clierror.c
@@ -0,0 +1,73 @@
+/*
+   Unix SMB/CIFS implementation.
+   client error handling routines
+   Copyright (C) Andrew Tridgell 1994-1998
+   Copyright (C) James Myers 2003
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+
+
+/***************************************************************************
+ Return an error message from the last response
+****************************************************************************/
+_PUBLIC_ const char *smbcli_errstr(struct smbcli_tree *tree)
+{
+	switch (tree->session->transport->error.etype) {
+	case ETYPE_SMB:
+		return nt_errstr(tree->session->transport->error.e.nt_status);
+
+	case ETYPE_SOCKET:
+		return "socket_error";
+
+	case ETYPE_NBT:
+		return "nbt_error";
+
+	case ETYPE_NONE:
+		return "no_error";
+	}
+	return NULL;
+}
+
+
+/* Return the 32-bit NT status code from the last packet */
+_PUBLIC_ NTSTATUS smbcli_nt_error(struct smbcli_tree *tree)
+{
+	switch (tree->session->transport->error.etype) {
+	case ETYPE_SMB:
+		return tree->session->transport->error.e.nt_status;
+
+	case ETYPE_SOCKET:
+		return NT_STATUS_UNSUCCESSFUL;
+
+	case ETYPE_NBT:
+		return NT_STATUS_UNSUCCESSFUL;
+
+	case ETYPE_NONE:
+		return NT_STATUS_OK;
+	}
+
+	return NT_STATUS_UNSUCCESSFUL;
+}
+
+
+/* Return true if the last packet was an error */
+bool smbcli_is_error(struct smbcli_tree *tree)
+{
+	return NT_STATUS_IS_ERR(smbcli_nt_error(tree));
+}
diff --git a/source4/libcli/raw/clioplock.c b/source4/libcli/raw/clioplock.c
new file mode 100644
index 0000000..d1ac910
--- /dev/null
+++ b/source4/libcli/raw/clioplock.c
@@ -0,0 +1,66 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB client oplock functions
+   Copyright (C) Andrew Tridgell 2001
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+
+/****************************************************************************
+send an ack for an oplock break request
+****************************************************************************/
+_PUBLIC_ bool smbcli_oplock_ack(struct smbcli_tree *tree, uint16_t fnum, uint16_t ack_level)
+{
+	bool ret;
+	struct smbcli_request *req;
+
+	req = smbcli_request_setup(tree, SMBlockingX, 8, 0);
+	if (req == NULL) {
+		return false;
+	}
+
+	SSVAL(req->out.vwv,VWV(0),0xFF);
+	SSVAL(req->out.vwv,VWV(1),0);
+	SSVAL(req->out.vwv,VWV(2),fnum);
+	SCVAL(req->out.vwv,VWV(3),LOCKING_ANDX_OPLOCK_RELEASE);
+	SCVAL(req->out.vwv,VWV(3)+1,ack_level);
+	SIVAL(req->out.vwv,VWV(4),0);
+	SSVAL(req->out.vwv,VWV(6),0);
+	SSVAL(req->out.vwv,VWV(7),0);
+
+	/*
+	 * The low level code knows it is a
+	 * one way request by looking at SMBlockingX,
+	 * wct == 8 and LOCKING_ANDX_OPLOCK_RELEASE
+	 */
+	ret = smbcli_request_send(req);
+
+	return ret;
+}
+
+
+/****************************************************************************
+set the oplock handler for a connection
+****************************************************************************/
+_PUBLIC_ void smbcli_oplock_handler(struct smbcli_transport *transport,
+			bool (*handler)(struct smbcli_transport *, uint16_t, uint16_t, uint8_t, void *),
+			void *private_data)
+{
+	transport->oplock.handler = handler;
+	transport->oplock.private_data = private_data;
+}
diff --git a/source4/libcli/raw/clisession.c b/source4/libcli/raw/clisession.c
new file mode 100644
index 0000000..69b7e8b
--- /dev/null
+++ b/source4/libcli/raw/clisession.c
@@ -0,0 +1,310 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB client session context management functions
+
+   Copyright (C) Andrew Tridgell 1994-2005
+   Copyright (C) James Myers 2003 <myersjj@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "system/filesys.h"
+#include "../libcli/smb/smbXcli_base.h"
+
+#define SETUP_REQUEST_SESSION(cmd, wct, buflen) do { \
+	req = smbcli_request_setup_session(session, cmd, wct, buflen); \
+	if (!req) return NULL; \
+} while (0)
+
+
+/****************************************************************************
+ Initialize the session context
+****************************************************************************/
+struct smbcli_session *smbcli_session_init(struct smbcli_transport *transport,
+					   TALLOC_CTX *parent_ctx, bool primary,
+					   struct smbcli_session_options options)
+{
+	struct smbcli_session *session;
+	uint16_t flags2;
+	uint32_t capabilities;
+
+	session = talloc_zero(parent_ctx, struct smbcli_session);
+	if (!session) {
+		return NULL;
+	}
+
+	if (primary) {
+		session->transport = talloc_steal(session, transport);
+	} else {
+		session->transport = talloc_reference(session, transport);
+	}
+	session->pid = (uint32_t)getpid();
+	session->vuid = UID_FIELD_INVALID;
+	session->options = options;
+
+	/*
+	 * for now session->vuid is still used by the callers, but we call:
+	 * smb1cli_session_set_id(session->smbXcli, session->vuid);
+	 * before using session->smbXcli, in future we should remove
+	 * session->vuid.
+	 */
+	session->smbXcli = smbXcli_session_create(session, transport->conn);
+	if (session->smbXcli == NULL) {
+		talloc_free(session);
+		return NULL;
+	}
+
+	capabilities = transport->negotiate.capabilities;
+
+	flags2 = FLAGS2_LONG_PATH_COMPONENTS | FLAGS2_EXTENDED_ATTRIBUTES;
+
+	if (capabilities & CAP_UNICODE) {
+		flags2 |= FLAGS2_UNICODE_STRINGS;
+	}
+	if (capabilities & CAP_STATUS32) {
+		flags2 |= FLAGS2_32_BIT_ERROR_CODES;
+	}
+	if (capabilities & CAP_EXTENDED_SECURITY) {
+		flags2 |= FLAGS2_EXTENDED_SECURITY;
+	}
+	if (smb1cli_conn_signing_is_active(session->transport->conn)) {
+		flags2 |= FLAGS2_SMB_SECURITY_SIGNATURES;
+	}
+
+	session->flags2 = flags2;
+
+	return session;
+}
+
+/****************************************************************************
+ Perform a session setup (async send)
+****************************************************************************/
+struct smbcli_request *smb_raw_sesssetup_send(struct smbcli_session *session,
+					      union smb_sesssetup *parms)
+{
+	struct smbcli_request *req = NULL;
+
+	switch (parms->old.level) {
+	case RAW_SESSSETUP_OLD:
+		SETUP_REQUEST_SESSION(SMBsesssetupX, 10, 0);
+		SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
+		SSVAL(req->out.vwv, VWV(1), 0);
+		SSVAL(req->out.vwv,VWV(2),parms->old.in.bufsize);
+		SSVAL(req->out.vwv,VWV(3),parms->old.in.mpx_max);
+		SSVAL(req->out.vwv,VWV(4),parms->old.in.vc_num);
+		SIVAL(req->out.vwv,VWV(5),parms->old.in.sesskey);
+		SSVAL(req->out.vwv,VWV(7),parms->old.in.password.length);
+		SIVAL(req->out.vwv,VWV(8), 0); /* reserved */
+		smbcli_req_append_blob(req, &parms->old.in.password);
+		smbcli_req_append_string(req, parms->old.in.user, STR_TERMINATE);
+		smbcli_req_append_string(req, parms->old.in.domain, STR_TERMINATE|STR_UPPER);
+		smbcli_req_append_string(req, parms->old.in.os, STR_TERMINATE);
+		smbcli_req_append_string(req, parms->old.in.lanman, STR_TERMINATE);
+		break;
+
+	case RAW_SESSSETUP_NT1:
+		SETUP_REQUEST_SESSION(SMBsesssetupX, 13, 0);
+		SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
+		SSVAL(req->out.vwv, VWV(1), 0);
+		SSVAL(req->out.vwv, VWV(2), parms->nt1.in.bufsize);
+		SSVAL(req->out.vwv, VWV(3), parms->nt1.in.mpx_max);
+		SSVAL(req->out.vwv, VWV(4), parms->nt1.in.vc_num);
+		SIVAL(req->out.vwv, VWV(5), parms->nt1.in.sesskey);
+		SSVAL(req->out.vwv, VWV(7), parms->nt1.in.password1.length);
+		SSVAL(req->out.vwv, VWV(8), parms->nt1.in.password2.length);
+		SIVAL(req->out.vwv, VWV(9), 0); /* reserved */
+		SIVAL(req->out.vwv, VWV(11), parms->nt1.in.capabilities);
+		smbcli_req_append_blob(req, &parms->nt1.in.password1);
+		smbcli_req_append_blob(req, &parms->nt1.in.password2);
+		smbcli_req_append_string(req, parms->nt1.in.user, STR_TERMINATE);
+		smbcli_req_append_string(req, parms->nt1.in.domain, STR_TERMINATE|STR_UPPER);
+		smbcli_req_append_string(req, parms->nt1.in.os, STR_TERMINATE);
+		smbcli_req_append_string(req, parms->nt1.in.lanman, STR_TERMINATE);
+		break;
+
+	case RAW_SESSSETUP_SPNEGO:
+		SETUP_REQUEST_SESSION(SMBsesssetupX, 12, 0);
+		SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
+		SSVAL(req->out.vwv, VWV(1), 0);
+		SSVAL(req->out.vwv, VWV(2), parms->spnego.in.bufsize);
+		SSVAL(req->out.vwv, VWV(3), parms->spnego.in.mpx_max);
+		SSVAL(req->out.vwv, VWV(4), parms->spnego.in.vc_num);
+		SIVAL(req->out.vwv, VWV(5), parms->spnego.in.sesskey);
+		SSVAL(req->out.vwv, VWV(7), parms->spnego.in.secblob.length);
+		SIVAL(req->out.vwv, VWV(8), 0); /* reserved */
+		SIVAL(req->out.vwv, VWV(10), parms->spnego.in.capabilities);
+		smbcli_req_append_blob(req, &parms->spnego.in.secblob);
+		smbcli_req_append_string(req, parms->spnego.in.os, STR_TERMINATE);
+		smbcli_req_append_string(req, parms->spnego.in.lanman, STR_TERMINATE);
+		smbcli_req_append_string(req, parms->spnego.in.workgroup, STR_TERMINATE);
+		break;
+
+	case RAW_SESSSETUP_SMB2:
+		return NULL;
+	}
+
+	if (!smbcli_request_send(req)) {
+		smbcli_request_destroy(req);
+		return NULL;
+	}
+
+	return req;
+}
+
+
+/****************************************************************************
+ Perform a session setup (async recv)
+****************************************************************************/
+NTSTATUS smb_raw_sesssetup_recv(struct smbcli_request *req,
+				TALLOC_CTX *mem_ctx,
+				union smb_sesssetup *parms)
+{
+	uint16_t len;
+	uint8_t *p;
+
+	if (!smbcli_request_receive(req)) {
+		return smbcli_request_destroy(req);
+	}
+
+	if (!NT_STATUS_IS_OK(req->status) &&
+	    !NT_STATUS_EQUAL(req->status,NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+		return smbcli_request_destroy(req);
+	}
+
+	switch (parms->old.level) {
+	case RAW_SESSSETUP_OLD:
+		SMBCLI_CHECK_WCT(req, 3);
+		ZERO_STRUCT(parms->old.out);
+		parms->old.out.vuid = SVAL(req->in.hdr, HDR_UID);
+		parms->old.out.action = SVAL(req->in.vwv, VWV(2));
+		p = req->in.data;
+		if (p) {
+			p += smbcli_req_pull_string(&req->in.bufinfo, mem_ctx, &parms->old.out.os, p, -1, STR_TERMINATE);
+			p += smbcli_req_pull_string(&req->in.bufinfo, mem_ctx, &parms->old.out.lanman, p, -1, STR_TERMINATE);
+			smbcli_req_pull_string(&req->in.bufinfo, mem_ctx, &parms->old.out.domain, p, -1, STR_TERMINATE);
+		}
+		break;
+
+	case RAW_SESSSETUP_NT1:
+		SMBCLI_CHECK_WCT(req, 3);
+		ZERO_STRUCT(parms->nt1.out);
+		parms->nt1.out.vuid   = SVAL(req->in.hdr, HDR_UID);
+		parms->nt1.out.action = SVAL(req->in.vwv, VWV(2));
+		p = req->in.data;
+		if (p) {
+			p += smbcli_req_pull_string(&req->in.bufinfo, mem_ctx, &parms->nt1.out.os, p, -1, STR_TERMINATE);
+			p += smbcli_req_pull_string(&req->in.bufinfo, mem_ctx, &parms->nt1.out.lanman, p, -1, STR_TERMINATE);
+			if (p < (req->in.data + req->in.data_size)) {
+				smbcli_req_pull_string(&req->in.bufinfo, mem_ctx, &parms->nt1.out.domain, p, -1, STR_TERMINATE);
+			}
+		}
+		break;
+
+	case RAW_SESSSETUP_SPNEGO:
+		SMBCLI_CHECK_WCT(req, 4);
+		ZERO_STRUCT(parms->spnego.out);
+		parms->spnego.out.vuid   = SVAL(req->in.hdr, HDR_UID);
+		parms->spnego.out.action = SVAL(req->in.vwv, VWV(2));
+		len                      = SVAL(req->in.vwv, VWV(3));
+		p = req->in.data;
+		if (!p) {
+			break;
+		}
+
+		parms->spnego.out.secblob = smbcli_req_pull_blob(&req->in.bufinfo, mem_ctx, p, len);
+		p += parms->spnego.out.secblob.length;
+		p += smbcli_req_pull_string(&req->in.bufinfo, mem_ctx, &parms->spnego.out.os, p, -1, STR_TERMINATE);
+		p += smbcli_req_pull_string(&req->in.bufinfo, mem_ctx, &parms->spnego.out.lanman, p, -1, STR_TERMINATE);
+		smbcli_req_pull_string(&req->in.bufinfo, mem_ctx, &parms->spnego.out.workgroup, p, -1, STR_TERMINATE);
+		break;
+
+	case RAW_SESSSETUP_SMB2:
+		req->status = NT_STATUS_INTERNAL_ERROR;
+		break;
+	}
+
+failed:
+	return smbcli_request_destroy(req);
+}
+
+
+/*
+ Perform a session setup (sync interface)
+*/
+NTSTATUS smb_raw_sesssetup(struct smbcli_session *session,
+			   TALLOC_CTX *mem_ctx, union smb_sesssetup *parms)
+{
+	struct smbcli_request *req = smb_raw_sesssetup_send(session, parms);
+	return smb_raw_sesssetup_recv(req, mem_ctx, parms);
+}
+
+
+/****************************************************************************
+ Send a ulogoff (async send)
+*****************************************************************************/
+struct smbcli_request *smb_raw_ulogoff_send(struct smbcli_session *session)
+{
+	struct smbcli_request *req;
+
+	SETUP_REQUEST_SESSION(SMBulogoffX, 2, 0);
+
+	SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
+	SSVAL(req->out.vwv, VWV(1), 0);
+
+	if (!smbcli_request_send(req)) {
+		smbcli_request_destroy(req);
+		return NULL;
+	}
+
+	return req;
+}
+
+/****************************************************************************
+ Send a ulogoff (sync interface)
+*****************************************************************************/
+NTSTATUS smb_raw_ulogoff(struct smbcli_session *session)
+{
+	struct smbcli_request *req = smb_raw_ulogoff_send(session);
+	return smbcli_request_simple_recv(req);
+}
+
+
+/****************************************************************************
+ Send a exit (async send)
+*****************************************************************************/
+struct smbcli_request *smb_raw_exit_send(struct smbcli_session *session)
+{
+	struct smbcli_request *req;
+
+	SETUP_REQUEST_SESSION(SMBexit, 0, 0);
+
+	if (!smbcli_request_send(req)) {
+		smbcli_request_destroy(req);
+		return NULL;
+	}
+
+	return req;
+}
+
+/****************************************************************************
+ Send a exit (sync interface)
+*****************************************************************************/
+_PUBLIC_ NTSTATUS smb_raw_exit(struct smbcli_session *session)
+{
+	struct smbcli_request *req = smb_raw_exit_send(session);
+	return smbcli_request_simple_recv(req);
+}
diff --git a/source4/libcli/raw/clisocket.c b/source4/libcli/raw/clisocket.c
new file mode 100644
index 0000000..0c53014
--- /dev/null
+++ b/source4/libcli/raw/clisocket.c
@@ -0,0 +1,459 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   SMB client socket context management functions
+
+   Copyright (C) Andrew Tridgell 1994-2005
+   Copyright (C) James Myers 2003 <myersjj@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/network.h"
+#include "../lib/async_req/async_sock.h"
+#include "../lib/util/tevent_ntstatus.h"
+#include "lib/events/events.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/composite/composite.h"
+#include "lib/socket/socket.h"
+#include "libcli/resolve/resolve.h"
+#include "param/param.h"
+#include "libcli/raw/raw_proto.h"
+#include "../libcli/smb/read_smb.h"
+
+struct smbcli_transport_connect_state {
+	struct tevent_context *ev;
+	struct socket_context *sock;
+	struct tevent_req *io_req;
+	uint8_t *request;
+	struct iovec iov;
+	uint8_t *response;
+};
+
+static void smbcli_transport_connect_cleanup(struct tevent_req *req,
+					     enum tevent_req_state req_state);
+static void smbcli_transport_connect_writev_done(struct tevent_req *subreq);
+static void smbcli_transport_connect_read_smb_done(struct tevent_req *subreq);
+
+static struct tevent_req *smbcli_transport_connect_send(TALLOC_CTX *mem_ctx,
+						 struct tevent_context *ev,
+						 struct socket_context *sock,
+						 uint16_t port,
+						 uint32_t timeout_msec,
+						 struct nbt_name *calling,
+						 struct nbt_name *called)
+{
+	struct tevent_req *req;
+	struct smbcli_transport_connect_state *state;
+	struct tevent_req *subreq;
+	DATA_BLOB calling_blob, called_blob;
+	uint8_t *p;
+	NTSTATUS status;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct smbcli_transport_connect_state);
+	if (req == NULL) {
+		return NULL;
+	}
+	state->ev = ev;
+	state->sock = sock;
+
+	if (port != 139) {
+		tevent_req_done(req);
+		return tevent_req_post(req, ev);
+	}
+
+	tevent_req_set_cleanup_fn(req, smbcli_transport_connect_cleanup);
+
+	status = nbt_name_to_blob(state, &calling_blob, calling);
+	if (tevent_req_nterror(req, status)) {
+		return tevent_req_post(req, ev);
+	}
+
+	status = nbt_name_to_blob(state, &called_blob, called);
+	if (tevent_req_nterror(req, status)) {
+		return tevent_req_post(req, ev);
+	}
+
+	state->request = talloc_array(state, uint8_t,
+				      NBT_HDR_SIZE +
+				      called_blob.length +
+				      calling_blob.length);
+	if (tevent_req_nomem(state->request, req)) {
+		return tevent_req_post(req, ev);
+	}
+
+	/* put in the destination name */
+	p = state->request + NBT_HDR_SIZE;
+	memcpy(p, called_blob.data, called_blob.length);
+	p += called_blob.length;
+
+	memcpy(p, calling_blob.data, calling_blob.length);
+	p += calling_blob.length;
+
+	_smb_setlen_nbt(state->request,
+			PTR_DIFF(p, state->request) - NBT_HDR_SIZE);
+	SCVAL(state->request, 0, NBSSrequest);
+
+	state->iov.iov_len = talloc_array_length(state->request);
+	state->iov.iov_base = (void *)state->request;
+
+	subreq = writev_send(state, ev, NULL,
+			     sock->fd,
+			     true, /* err_on_readability */
+			     &state->iov, 1);
+	if (tevent_req_nomem(subreq, req)) {
+		return tevent_req_post(req, ev);
+	}
+	tevent_req_set_callback(subreq,
+				smbcli_transport_connect_writev_done,
+				req);
+	state->io_req = subreq;
+
+	if (timeout_msec > 0) {
+		struct timeval endtime;
+
+		endtime = timeval_current_ofs_msec(timeout_msec);
+		if (!tevent_req_set_endtime(req, ev, endtime)) {
+			return tevent_req_post(req, ev);
+		}
+	}
+
+	return req;
+}
+
+static void smbcli_transport_connect_cleanup(struct tevent_req *req,
+					     enum tevent_req_state req_state)
+{
+	struct smbcli_transport_connect_state *state =
+		tevent_req_data(req,
+		struct smbcli_transport_connect_state);
+
+	TALLOC_FREE(state->io_req);
+
+	if (state->sock == NULL) {
+		return;
+	}
+
+	if (state->sock->fd == -1) {
+		return;
+	}
+
+	if (req_state == TEVENT_REQ_DONE) {
+		/*
+		 * we keep the socket open for the caller to use
+		 */
+		state->sock = NULL;
+		return;
+	}
+
+	close(state->sock->fd);
+	state->sock->fd = -1;
+	state->sock = NULL;
+}
+
+static void smbcli_transport_connect_writev_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req =
+		tevent_req_callback_data(subreq,
+		struct tevent_req);
+	struct smbcli_transport_connect_state *state =
+		tevent_req_data(req,
+		struct smbcli_transport_connect_state);
+	ssize_t ret;
+	int err;
+
+	state->io_req = NULL;
+
+	ret = writev_recv(subreq, &err);
+	TALLOC_FREE(subreq);
+	if (ret == -1) {
+		NTSTATUS status = map_nt_error_from_unix_common(err);
+		tevent_req_nterror(req, status);
+		return;
+	}
+
+	subreq = read_smb_send(state, state->ev,
+			       state->sock->fd);
+	if (tevent_req_nomem(subreq, req)) {
+		return;
+	}
+	tevent_req_set_callback(subreq,
+				smbcli_transport_connect_read_smb_done,
+				req);
+	state->io_req = subreq;
+}
+
+static void smbcli_transport_connect_read_smb_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req =
+		tevent_req_callback_data(subreq,
+		struct tevent_req);
+	struct smbcli_transport_connect_state *state =
+		tevent_req_data(req,
+		struct smbcli_transport_connect_state);
+	ssize_t ret;
+	int err;
+	NTSTATUS status;
+	uint8_t error;
+
+	state->io_req = NULL;
+
+	ret = read_smb_recv(subreq, state,
+			    &state->response, &err);
+	TALLOC_FREE(subreq);
+	if (ret == -1) {
+		status = map_nt_error_from_unix_common(err);
+		tevent_req_nterror(req, status);
+		return;
+	}
+
+	if (ret < 4) {
+		tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+		return;
+	}
+
+	switch (CVAL(state->response, 0)) {
+	case NBSSpositive:
+		tevent_req_done(req);
+		return;
+
+	case NBSSnegative:
+		if (ret < 5) {
+			tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+			return;
+		}
+
+		error = CVAL(state->response, 4);
+		switch (error) {
+		case 0x80:
+		case 0x81:
+			status = NT_STATUS_REMOTE_NOT_LISTENING;
+			break;
+		case 0x82:
+			status = NT_STATUS_RESOURCE_NAME_NOT_FOUND;
+			break;
+		case 0x83:
+			status = NT_STATUS_REMOTE_RESOURCES;
+			break;
+		default:
+			status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+			break;
+		}
+		break;
+
+	case NBSSretarget:
+		DEBUG(1,("Warning: session retarget not supported\n"));
+		status = NT_STATUS_NOT_SUPPORTED;
+		break;
+
+	default:
+		status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+		break;
+	}
+
+	tevent_req_nterror(req, status);
+}
+
+static NTSTATUS smbcli_transport_connect_recv(struct tevent_req *req)
+{
+	return tevent_req_simple_recv_ntstatus(req);
+}
+
+struct sock_connect_state {
+	struct composite_context *ctx;
+	const char *host_name;
+	int num_ports;
+	uint16_t *ports;
+	const char *socket_options;
+	struct smbcli_socket *result;
+	struct socket_connect_multi_ex multi_ex;
+	struct nbt_name calling;
+	struct nbt_name called;
+};
+
+/*
+  connect a smbcli_socket context to an IP/port pair
+  if port is 0 then choose 445 then 139
+*/
+
+static struct tevent_req *smbcli_sock_establish_send(TALLOC_CTX *mem_ctx,
+						     struct tevent_context *ev,
+						     struct socket_context *sock,
+						     struct socket_address *addr,
+						     void *private_data)
+{
+	struct sock_connect_state *state =
+		talloc_get_type_abort(private_data,
+		struct sock_connect_state);
+	uint32_t timeout_msec = 15 * 1000;
+
+	return smbcli_transport_connect_send(state,
+					     ev,
+					     sock,
+					     addr->port,
+					     timeout_msec,
+					     &state->calling,
+					     &state->called);
+}
+
+static NTSTATUS smbcli_sock_establish_recv(struct tevent_req *req)
+{
+	return smbcli_transport_connect_recv(req);
+}
+
+static void smbcli_sock_connect_recv_conn(struct composite_context *ctx);
+
+struct composite_context *smbcli_sock_connect_send(TALLOC_CTX *mem_ctx,
+						   const char *host_addr,
+						   const char **ports,
+						   const char *host_name,
+						   struct resolve_context *resolve_ctx,
+						   struct tevent_context *event_ctx,
+						   const char *socket_options,
+						   struct nbt_name *calling,
+						   struct nbt_name *called)
+{
+	struct composite_context *result, *ctx;
+	struct sock_connect_state *state;
+	NTSTATUS status;
+	int i;
+
+	result = talloc_zero(mem_ctx, struct composite_context);
+	if (result == NULL) goto failed;
+	result->state = COMPOSITE_STATE_IN_PROGRESS;
+
+	result->event_ctx = event_ctx;
+	if (result->event_ctx == NULL) goto failed;
+
+	state = talloc(result, struct sock_connect_state);
+	if (state == NULL) goto failed;
+	state->ctx = result;
+	result->private_data = state;
+
+	state->host_name = talloc_strdup(state, host_name);
+	if (state->host_name == NULL) goto failed;
+
+	state->num_ports = str_list_length(ports);
+	state->ports = talloc_array(state, uint16_t, state->num_ports);
+	if (state->ports == NULL) goto failed;
+	for (i=0;ports[i];i++) {
+		state->ports[i] = atoi(ports[i]);
+	}
+	state->socket_options = talloc_reference(state, socket_options);
+
+	if (!host_addr) {
+		host_addr = host_name;
+	}
+
+	state->multi_ex.private_data = state;
+	state->multi_ex.establish_send = smbcli_sock_establish_send;
+	state->multi_ex.establish_recv = smbcli_sock_establish_recv;
+
+	status = nbt_name_dup(state, calling, &state->calling);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto failed;
+	}
+	status = nbt_name_dup(state, called, &state->called);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto failed;
+	}
+
+	ctx = socket_connect_multi_ex_send(state, host_addr,
+					   state->num_ports, state->ports,
+					   resolve_ctx,
+					   state->ctx->event_ctx,
+					   &state->multi_ex);
+	if (ctx == NULL) goto failed;
+	ctx->async.fn = smbcli_sock_connect_recv_conn;
+	ctx->async.private_data = state;
+	return result;
+
+failed:
+	talloc_free(result);
+	return NULL;
+}
+
+static void smbcli_sock_connect_recv_conn(struct composite_context *ctx)
+{
+	struct sock_connect_state *state =
+		talloc_get_type(ctx->async.private_data,
+				struct sock_connect_state);
+	struct socket_context *sock;
+	uint16_t port;
+
+	state->ctx->status = socket_connect_multi_ex_recv(ctx, state, &sock,
+							  &port);
+	if (!composite_is_ok(state->ctx)) return;
+
+	state->ctx->status =
+		socket_set_option(sock, state->socket_options, NULL);
+	if (!composite_is_ok(state->ctx)) return;
+
+
+	state->result = talloc_zero(state, struct smbcli_socket);
+	if (composite_nomem(state->result, state->ctx)) return;
+
+	state->result->sock = talloc_steal(state->result, sock);
+	state->result->port = port;
+	state->result->hostname = talloc_steal(sock, state->host_name);
+
+	state->result->event.ctx = state->ctx->event_ctx;
+	if (composite_nomem(state->result->event.ctx, state->ctx)) return;
+
+	composite_done(state->ctx);
+}
+
+/*
+  finish a smbcli_sock_connect_send() operation
+*/
+NTSTATUS smbcli_sock_connect_recv(struct composite_context *c,
+				  TALLOC_CTX *mem_ctx,
+				  struct smbcli_socket **result)
+{
+	NTSTATUS status = composite_wait(c);
+	if (NT_STATUS_IS_OK(status)) {
+		struct sock_connect_state *state =
+			talloc_get_type(c->private_data,
+					struct sock_connect_state);
+		*result = talloc_steal(mem_ctx, state->result);
+	}
+	talloc_free(c);
+	return status;
+}
+
+/*
+  connect a smbcli_socket context to an IP/port pair
+  if port is 0 then choose the ports listed in smb.conf (normally 445 then 139)
+
+  sync version of the function
+*/
+NTSTATUS smbcli_sock_connect(TALLOC_CTX *mem_ctx,
+			     const char *host_addr, const char **ports,
+			     const char *host_name,
+			     struct resolve_context *resolve_ctx,
+			     struct tevent_context *event_ctx,
+			     const char *socket_options,
+			     struct nbt_name *calling,
+			     struct nbt_name *called,
+			     struct smbcli_socket **result)
+{
+	struct composite_context *c =
+		smbcli_sock_connect_send(mem_ctx, host_addr, ports, host_name,
+					 resolve_ctx,
+					 event_ctx, socket_options,
+					 calling, called);
+	return smbcli_sock_connect_recv(c, mem_ctx, result);
+}
diff --git a/source4/libcli/raw/clitransport.c b/source4/libcli/raw/clitransport.c
new file mode 100644
index 0000000..04761d6
--- /dev/null
+++ b/source4/libcli/raw/clitransport.c
@@ -0,0 +1,673 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB client transport context management functions
+
+   Copyright (C) Andrew Tridgell 1994-2005
+   Copyright (C) James Myers 2003 <myersjj@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/network.h"
+#include "../lib/async_req/async_sock.h"
+#include "../lib/util/tevent_ntstatus.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "lib/socket/socket.h"
+#include "lib/events/events.h"
+#include "librpc/gen_ndr/ndr_nbt.h"
+#include "../libcli/nbt/libnbt.h"
+#include "../libcli/smb/smbXcli_base.h"
+#include "../libcli/smb/read_smb.h"
+
+/*
+  destroy a transport
+ */
+static int transport_destructor(struct smbcli_transport *transport)
+{
+	smbcli_transport_dead(transport, NT_STATUS_LOCAL_DISCONNECT);
+	return 0;
+}
+
+/*
+  create a transport structure based on an established socket
+*/
+struct smbcli_transport *smbcli_transport_init(struct smbcli_socket *sock,
+					       TALLOC_CTX *parent_ctx,
+					       bool primary,
+					       struct smbcli_options *options)
+{
+	struct smbcli_transport *transport;
+	uint32_t smb1_capabilities;
+
+	transport = talloc_zero(parent_ctx, struct smbcli_transport);
+	if (!transport) return NULL;
+
+	transport->ev = sock->event.ctx;
+	transport->options = *options;
+
+	if (transport->options.max_protocol == PROTOCOL_DEFAULT) {
+		transport->options.max_protocol = PROTOCOL_NT1;
+	}
+
+	if (transport->options.max_protocol > PROTOCOL_NT1) {
+		transport->options.max_protocol = PROTOCOL_NT1;
+	}
+
+	TALLOC_FREE(sock->event.fde);
+	TALLOC_FREE(sock->event.te);
+
+	smb1_capabilities = 0;
+	smb1_capabilities |= CAP_LARGE_FILES;
+	smb1_capabilities |= CAP_NT_SMBS | CAP_RPC_REMOTE_APIS;
+	smb1_capabilities |= CAP_LOCK_AND_READ | CAP_NT_FIND;
+	smb1_capabilities |= CAP_DFS | CAP_W2K_SMBS;
+	smb1_capabilities |= CAP_LARGE_READX|CAP_LARGE_WRITEX;
+	smb1_capabilities |= CAP_LWIO;
+
+	if (options->ntstatus_support) {
+		smb1_capabilities |= CAP_STATUS32;
+	}
+
+	if (options->unicode) {
+		smb1_capabilities |= CAP_UNICODE;
+	}
+
+	if (options->use_spnego) {
+		smb1_capabilities |= CAP_EXTENDED_SECURITY;
+	}
+
+	if (options->use_level2_oplocks) {
+		smb1_capabilities |= CAP_LEVEL_II_OPLOCKS;
+	}
+
+	transport->conn = smbXcli_conn_create(transport,
+					      sock->sock->fd,
+					      sock->hostname,
+					      options->signing,
+					      smb1_capabilities,
+					      NULL, /* client_guid */
+					      0, /* smb2_capabilities */
+					      NULL); /* smb3_ciphers */
+	if (transport->conn == NULL) {
+		TALLOC_FREE(sock);
+		TALLOC_FREE(transport);
+		return NULL;
+	}
+	sock->sock->fd = -1;
+	TALLOC_FREE(sock);
+
+	talloc_set_destructor(transport, transport_destructor);
+
+	return transport;
+}
+
+/*
+  create a transport structure based on an established socket
+*/
+NTSTATUS smbcli_transport_raw_init(TALLOC_CTX *mem_ctx,
+				   struct tevent_context *ev,
+				   struct smbXcli_conn **_conn,
+				   const struct smbcli_options *options,
+				   struct smbcli_transport **_transport)
+{
+	struct smbcli_transport *transport = NULL;
+	NTSTATUS status;
+
+	if (*_conn == NULL) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	transport = talloc_zero(mem_ctx, struct smbcli_transport);
+	if (transport == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	transport->ev = ev;
+	transport->options = *options;
+
+	/*
+	 * First only set the pointer without move.
+	 */
+	transport->conn = *_conn;
+	status = smb_raw_negotiate_fill_transport(transport);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(transport);
+		return status;
+	}
+
+	talloc_set_destructor(transport, transport_destructor);
+
+	/*
+	 * Now move it away from the caller...
+	 */
+	transport->conn = talloc_move(transport, _conn);
+	*_transport = transport;
+	return NT_STATUS_OK;
+}
+
+/*
+  mark the transport as dead
+*/
+void smbcli_transport_dead(struct smbcli_transport *transport, NTSTATUS status)
+{
+	if (NT_STATUS_EQUAL(NT_STATUS_UNSUCCESSFUL, status)) {
+		status = NT_STATUS_UNEXPECTED_NETWORK_ERROR;
+	}
+	if (NT_STATUS_IS_OK(status)) {
+		status = NT_STATUS_LOCAL_DISCONNECT;
+	}
+
+	smbXcli_conn_disconnect(transport->conn, status);
+}
+
+static void idle_handler(struct tevent_context *ev,
+			 struct tevent_timer *te, struct timeval t, void *private_data)
+{
+	struct smbcli_transport *transport = talloc_get_type(private_data,
+							     struct smbcli_transport);
+	struct timeval next;
+
+	transport->idle.func(transport, transport->idle.private_data);
+
+	if (transport->idle.func == NULL) {
+		return;
+	}
+
+	if (!smbXcli_conn_is_connected(transport->conn)) {
+		return;
+	}
+
+	next = timeval_current_ofs_usec(transport->idle.period);
+
+	transport->idle.te = tevent_add_timer(transport->ev,
+					      transport,
+					      next,
+					      idle_handler,
+					      transport);
+}
+
+/*
+  setup the idle handler for a transport
+  the period is in microseconds
+*/
+_PUBLIC_ void smbcli_transport_idle_handler(struct smbcli_transport *transport,
+				   void (*idle_func)(struct smbcli_transport *, void *),
+				   uint64_t period,
+				   void *private_data)
+{
+	TALLOC_FREE(transport->idle.te);
+	ZERO_STRUCT(transport->idle);
+
+	if (idle_func == NULL) {
+		return;
+	}
+
+	if (!smbXcli_conn_is_connected(transport->conn)) {
+		return;
+	}
+
+	transport->idle.func = idle_func;
+	transport->idle.private_data = private_data;
+	transport->idle.period = period;
+
+	transport->idle.te = tevent_add_timer(transport->ev,
+					      transport,
+					      timeval_current_ofs_usec(period),
+					      idle_handler,
+					      transport);
+}
+
+/*
+  process some read/write requests that are pending
+  return false if the socket is dead
+*/
+_PUBLIC_ bool smbcli_transport_process(struct smbcli_transport *transport)
+{
+	struct tevent_req *subreq = NULL;
+	int ret;
+
+	if (!smbXcli_conn_is_connected(transport->conn)) {
+		return false;
+	}
+
+	if (!smbXcli_conn_has_async_calls(transport->conn)) {
+		return true;
+	}
+
+	/*
+	 * do not block for more than 500 micro seconds
+	 */
+	subreq = tevent_wakeup_send(transport,
+				    transport->ev,
+				    timeval_current_ofs_usec(500));
+	if (subreq == NULL) {
+		return false;
+	}
+
+	ret = tevent_loop_once(transport->ev);
+	if (ret != 0) {
+		return false;
+	}
+
+	TALLOC_FREE(subreq);
+
+	if (!smbXcli_conn_is_connected(transport->conn)) {
+		return false;
+	}
+
+	return true;
+}
+
+static void smbcli_transport_break_handler(struct tevent_req *subreq);
+static void smbcli_request_done(struct tevent_req *subreq);
+
+struct tevent_req *smbcli_transport_setup_subreq(struct smbcli_request *req)
+{
+	struct smbcli_transport *transport = req->transport;
+	uint8_t smb_command;
+	uint8_t additional_flags;
+	uint8_t clear_flags;
+	uint16_t additional_flags2;
+	uint16_t clear_flags2;
+	uint32_t pid;
+	struct smbXcli_tcon *tcon = NULL;
+	struct smbXcli_session *session = NULL;
+	uint32_t timeout_msec = transport->options.request_timeout * 1000;
+	struct iovec *bytes_iov = NULL;
+	struct tevent_req *subreq = NULL;
+
+	smb_command = SVAL(req->out.hdr, HDR_COM);
+	additional_flags = CVAL(req->out.hdr, HDR_FLG);
+	additional_flags2 = SVAL(req->out.hdr, HDR_FLG2);
+	pid  = SVAL(req->out.hdr, HDR_PID);
+	pid |= SVAL(req->out.hdr, HDR_PIDHIGH)<<16;
+
+	clear_flags = ~additional_flags;
+	clear_flags2 = ~additional_flags2;
+
+	if (req->session) {
+		session = req->session->smbXcli;
+	}
+
+	if (req->tree) {
+		tcon = req->tree->smbXcli;
+	}
+
+	bytes_iov = talloc(req, struct iovec);
+	if (bytes_iov == NULL) {
+		return NULL;
+	}
+	bytes_iov->iov_base = (void *)req->out.data;
+	bytes_iov->iov_len = req->out.data_size;
+
+	subreq = smb1cli_req_create(req,
+				    transport->ev,
+				    transport->conn,
+				    smb_command,
+				    additional_flags,
+				    clear_flags,
+				    additional_flags2,
+				    clear_flags2,
+				    timeout_msec,
+				    pid,
+				    tcon,
+				    session,
+				    req->out.wct,
+				    (uint16_t *)req->out.vwv,
+				    1, bytes_iov);
+	if (subreq == NULL) {
+		return NULL;
+	}
+
+	ZERO_STRUCT(req->out);
+
+	return subreq;
+}
+
+/*
+  put a request into the send queue
+*/
+void smbcli_transport_send(struct smbcli_request *req)
+{
+	struct smbcli_transport *transport = req->transport;
+	NTSTATUS status;
+	bool need_pending_break = false;
+	struct tevent_req *subreq = NULL;
+	size_t i;
+	size_t num_subreqs = 0;
+
+	if (transport->oplock.handler) {
+		need_pending_break = true;
+	}
+
+	if (transport->break_subreq) {
+		need_pending_break = false;
+	}
+
+	if (need_pending_break) {
+		subreq = smb1cli_req_create(transport,
+					    transport->ev,
+					    transport->conn,
+					    0, /* smb_command */
+					    0, /* additional_flags */
+					    0, /* clear_flags */
+					    0, /* additional_flags2 */
+					    0, /* clear_flags2 */
+					    0, /* timeout_msec */
+					    0, /* pid */
+					    NULL, /* tcon */
+					    NULL, /* session */
+					    0, /* wct */
+					    NULL, /* vwv */
+					    0, /* iov_count */
+					    NULL); /* bytes_iov */
+		if (subreq != NULL) {
+			smb1cli_req_set_mid(subreq, 0xFFFF);
+			smbXcli_req_set_pending(subreq);
+			tevent_req_set_callback(subreq,
+						smbcli_transport_break_handler,
+						transport);
+			transport->break_subreq = subreq;
+			subreq = NULL;
+		}
+	}
+
+	subreq = smbcli_transport_setup_subreq(req);
+	if (subreq == NULL) {
+		req->state = SMBCLI_REQUEST_ERROR;
+		req->status = NT_STATUS_NO_MEMORY;
+		return;
+	}
+
+	for (i = 0; i < ARRAY_SIZE(req->subreqs); i++) {
+		if (req->subreqs[i] == NULL) {
+			req->subreqs[i] = subreq;
+			subreq = NULL;
+		}
+		if (req->subreqs[i] == NULL) {
+			break;
+		}
+
+		if (!tevent_req_is_in_progress(req->subreqs[i])) {
+			req->state = SMBCLI_REQUEST_ERROR;
+			req->status = NT_STATUS_INTERNAL_ERROR;
+			return;
+		}
+	}
+	num_subreqs = i;
+
+	req->state = SMBCLI_REQUEST_RECV;
+	tevent_req_set_callback(req->subreqs[0], smbcli_request_done, req);
+
+	status = smb1cli_req_chain_submit(req->subreqs, num_subreqs);
+	if (!NT_STATUS_IS_OK(status)) {
+		req->status = status;
+		req->state = SMBCLI_REQUEST_ERROR;
+		smbXcli_conn_disconnect(transport->conn, status);
+	}
+}
+
+static void smbcli_request_done(struct tevent_req *subreq)
+{
+	struct smbcli_request *req =
+		tevent_req_callback_data(subreq,
+		struct smbcli_request);
+	struct smbcli_transport *transport = req->transport;
+	ssize_t len;
+	size_t i;
+	uint8_t *hdr = NULL;
+	uint8_t wct = 0;
+	uint16_t *vwv = NULL;
+	uint32_t num_bytes = 0;
+	uint8_t *bytes = NULL;
+	struct iovec *recv_iov = NULL;
+	uint8_t *inbuf = NULL;
+
+	req->status = smb1cli_req_recv(req->subreqs[0], req,
+				       &recv_iov,
+				       &hdr,
+				       &wct,
+				       &vwv,
+				       NULL, /* pvwv_offset */
+				       &num_bytes,
+				       &bytes,
+				       NULL, /* pbytes_offset */
+				       &inbuf,
+				       NULL, 0); /* expected */
+	TALLOC_FREE(req->subreqs[0]);
+	if (!NT_STATUS_IS_OK(req->status)) {
+		if (recv_iov == NULL) {
+			req->state = SMBCLI_REQUEST_ERROR;
+			transport->error.e.nt_status = req->status;
+			transport->error.etype = ETYPE_SOCKET;
+			if (req->async.fn) {
+				req->async.fn(req);
+			}
+			return;
+		}
+	}
+
+	/*
+	 * For SMBreadBraw hdr is NULL
+	 */
+	len = recv_iov[0].iov_len;
+	for (i=1; hdr != NULL && i < 3; i++) {
+		uint8_t *p = recv_iov[i-1].iov_base;
+		uint8_t *c1 = recv_iov[i].iov_base;
+		uint8_t *c2 = p + recv_iov[i-1].iov_len;
+
+		len += recv_iov[i].iov_len;
+
+		c2 += i;
+		len += i;
+
+		if (recv_iov[i].iov_len == 0) {
+			continue;
+		}
+
+		if (c1 != c2) {
+			req->state = SMBCLI_REQUEST_ERROR;
+			req->status = NT_STATUS_INTERNAL_ERROR;
+			transport->error.e.nt_status = req->status;
+			transport->error.etype = ETYPE_SMB;
+			if (req->async.fn) {
+				req->async.fn(req);
+			}
+			return;
+		}
+	}
+
+	/* fill in the 'in' portion of the matching request */
+	req->in.buffer = inbuf;
+	req->in.size = NBT_HDR_SIZE + len;
+	req->in.allocated = req->in.size;
+
+	req->in.hdr = hdr;
+	req->in.vwv = (uint8_t *)vwv;
+	req->in.wct = wct;
+	req->in.data = bytes;
+	req->in.data_size = num_bytes;
+	req->in.ptr = req->in.data;
+	if (hdr != NULL) {
+		req->flags2 = SVAL(req->in.hdr, HDR_FLG2);
+	}
+
+	smb_setup_bufinfo(req);
+
+	transport->error.e.nt_status = req->status;
+	if (NT_STATUS_IS_OK(req->status)) {
+		transport->error.etype = ETYPE_NONE;
+	} else {
+		transport->error.etype = ETYPE_SMB;
+	}
+
+	req->state = SMBCLI_REQUEST_DONE;
+	if (req->async.fn) {
+		req->async.fn(req);
+	}
+}
+
+static void smbcli_transport_break_handler(struct tevent_req *subreq)
+{
+	struct smbcli_transport *transport =
+		tevent_req_callback_data(subreq,
+		struct smbcli_transport);
+	NTSTATUS status;
+	struct iovec *recv_iov = NULL;
+	uint8_t *hdr = NULL;
+	uint16_t *vwv = NULL;
+	const struct smb1cli_req_expected_response expected[] = {
+	{
+		.status = NT_STATUS_OK,
+		.wct = 8,
+	}
+	};
+	uint16_t tid;
+	uint16_t fnum;
+	uint8_t level;
+
+	transport->break_subreq = NULL;
+
+	status = smb1cli_req_recv(subreq, transport,
+				  &recv_iov,
+				  &hdr,
+				  NULL, /* pwct */
+				  &vwv,
+				  NULL, /* pvwv_offset */
+				  NULL, /* pnum_bytes */
+				  NULL, /* pbytes */
+				  NULL, /* pbytes_offset */
+				  NULL, /* pinbuf */
+				  expected,
+				  ARRAY_SIZE(expected));
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(recv_iov);
+		smbcli_transport_dead(transport, status);
+		return;
+	}
+
+	/*
+	 * Setup the subreq to handle the
+	 * next incoming SMB2 Break.
+	 */
+	subreq = smb1cli_req_create(transport,
+				    transport->ev,
+				    transport->conn,
+				    0, /* smb_command */
+				    0, /* additional_flags */
+				    0, /* clear_flags */
+				    0, /* additional_flags2 */
+				    0, /* clear_flags2 */
+				    0, /* timeout_msec */
+				    0, /* pid */
+				    NULL, /* tcon */
+				    NULL, /* session */
+				    0, /* wct */
+				    NULL, /* vwv */
+				    0, /* iov_count */
+				    NULL); /* bytes_iov */
+	if (subreq != NULL) {
+		smb1cli_req_set_mid(subreq, 0xFFFF);
+		smbXcli_req_set_pending(subreq);
+		tevent_req_set_callback(subreq,
+					smbcli_transport_break_handler,
+					transport);
+		transport->break_subreq = subreq;
+	}
+
+	tid = SVAL(hdr, HDR_TID);
+	fnum = SVAL(vwv+2, 0);
+	level = CVAL(vwv+3, 1);
+
+	TALLOC_FREE(recv_iov);
+
+	if (transport->oplock.handler) {
+		transport->oplock.handler(transport, tid, fnum, level,
+					  transport->oplock.private_data);
+	} else {
+		DEBUG(5,("Got SMB oplock break with no handler\n"));
+	}
+
+}
+
+
+/****************************************************************************
+ Send an SMBecho (async send)
+*****************************************************************************/
+_PUBLIC_ struct smbcli_request *smb_raw_echo_send(struct smbcli_transport *transport,
+					 struct smb_echo *p)
+{
+	struct smbcli_request *req;
+
+	req = smbcli_request_setup_transport(transport, SMBecho, 1, p->in.size);
+	if (!req) return NULL;
+
+	SSVAL(req->out.vwv, VWV(0), p->in.repeat_count);
+
+	memcpy(req->out.data, p->in.data, p->in.size);
+
+	ZERO_STRUCT(p->out);
+
+	if (!smbcli_request_send(req)) {
+		smbcli_request_destroy(req);
+		return NULL;
+	}
+
+	return req;
+}
+
+/****************************************************************************
+ raw echo interface (async recv)
+****************************************************************************/
+NTSTATUS smb_raw_echo_recv(struct smbcli_request *req, TALLOC_CTX *mem_ctx,
+			   struct smb_echo *p)
+{
+	if (!smbcli_request_receive(req) ||
+	    smbcli_request_is_error(req)) {
+		goto failed;
+	}
+
+	SMBCLI_CHECK_WCT(req, 1);
+	p->out.count++;
+	p->out.sequence_number = SVAL(req->in.vwv, VWV(0));
+	p->out.size = req->in.data_size;
+	talloc_free(p->out.data);
+	p->out.data = talloc_array(mem_ctx, uint8_t, p->out.size);
+	NT_STATUS_HAVE_NO_MEMORY(p->out.data);
+
+	if (!smbcli_raw_pull_data(&req->in.bufinfo, req->in.data, p->out.size, p->out.data)) {
+		req->status = NT_STATUS_BUFFER_TOO_SMALL;
+	}
+
+	if (p->out.count == p->in.repeat_count) {
+		return smbcli_request_destroy(req);
+	}
+
+	return NT_STATUS_OK;
+
+failed:
+	return smbcli_request_destroy(req);
+}
+
+/****************************************************************************
+ Send a echo (sync interface)
+*****************************************************************************/
+NTSTATUS smb_raw_echo(struct smbcli_transport *transport, struct smb_echo *p)
+{
+	struct smbcli_request *req = smb_raw_echo_send(transport, p);
+	return smbcli_request_simple_recv(req);
+}
diff --git a/source4/libcli/raw/clitree.c b/source4/libcli/raw/clitree.c
new file mode 100644
index 0000000..cf32ad2
--- /dev/null
+++ b/source4/libcli/raw/clitree.c
@@ -0,0 +1,228 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   SMB client tree context management functions
+
+   Copyright (C) Andrew Tridgell 1994-2005
+   Copyright (C) James Myers 2003 <myersjj@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/smb_composite/smb_composite.h"
+#include "../libcli/smb/smbXcli_base.h"
+
+#define SETUP_REQUEST_TREE(cmd, wct, buflen) do { \
+	req = smbcli_request_setup(tree, cmd, wct, buflen); \
+	if (!req) return NULL; \
+} while (0)
+
+/****************************************************************************
+ Initialize the tree context
+****************************************************************************/
+_PUBLIC_ struct smbcli_tree *smbcli_tree_init(struct smbcli_session *session,
+				     TALLOC_CTX *parent_ctx, bool primary)
+{
+	struct smbcli_tree *tree;
+
+	tree = talloc_zero(parent_ctx, struct smbcli_tree);
+	if (!tree) {
+		return NULL;
+	}
+
+	if (primary) {
+		tree->session = talloc_steal(tree, session);
+	} else {
+		tree->session = talloc_reference(tree, session);
+	}
+
+	tree->smbXcli = smbXcli_tcon_create(tree);
+	if (tree->smbXcli == NULL) {
+		talloc_free(tree);
+		return NULL;
+	}
+
+	return tree;
+}
+
+/****************************************************************************
+ Send a tconX (async send)
+****************************************************************************/
+struct smbcli_request *smb_raw_tcon_send(struct smbcli_tree *tree,
+					 union smb_tcon *parms)
+{
+	struct smbcli_request *req = NULL;
+
+	switch (parms->tcon.level) {
+	case RAW_TCON_TCON:
+		SETUP_REQUEST_TREE(SMBtcon, 0, 0);
+		smbcli_req_append_ascii4(req, parms->tcon.in.service, STR_ASCII);
+		smbcli_req_append_ascii4(req, parms->tcon.in.password,STR_ASCII);
+		smbcli_req_append_ascii4(req, parms->tcon.in.dev,     STR_ASCII);
+		break;
+
+	case RAW_TCON_TCONX:
+		SETUP_REQUEST_TREE(SMBtconX, 4, 0);
+		SSVAL(req->out.vwv, VWV(0), 0xFF);
+		SSVAL(req->out.vwv, VWV(1), 0);
+		SSVAL(req->out.vwv, VWV(2), parms->tconx.in.flags);
+		SSVAL(req->out.vwv, VWV(3), parms->tconx.in.password.length);
+		smbcli_req_append_blob(req, &parms->tconx.in.password);
+		smbcli_req_append_string(req, parms->tconx.in.path,   STR_TERMINATE | STR_UPPER);
+		smbcli_req_append_string(req, parms->tconx.in.device, STR_TERMINATE | STR_ASCII);
+		break;
+
+	case RAW_TCON_SMB2:
+		return NULL;
+	}
+
+	if (!smbcli_request_send(req)) {
+		smbcli_request_destroy(req);
+		return NULL;
+	}
+
+	return req;
+}
+
+/****************************************************************************
+ Send a tconX (async recv)
+****************************************************************************/
+NTSTATUS smb_raw_tcon_recv(struct smbcli_request *req, TALLOC_CTX *mem_ctx,
+			   union smb_tcon *parms)
+{
+	uint8_t *p;
+
+	if (!smbcli_request_receive(req) ||
+	    smbcli_request_is_error(req)) {
+		goto failed;
+	}
+
+	switch (parms->tcon.level) {
+	case RAW_TCON_TCON:
+		SMBCLI_CHECK_WCT(req, 2);
+		parms->tcon.out.max_xmit = SVAL(req->in.vwv, VWV(0));
+		parms->tcon.out.tid = SVAL(req->in.vwv, VWV(1));
+		break;
+
+	case RAW_TCON_TCONX:
+		ZERO_STRUCT(parms->tconx.out);
+		parms->tconx.out.tid = SVAL(req->in.hdr, HDR_TID);
+		if (req->in.wct >= 3) {
+			parms->tconx.out.options = SVAL(req->in.vwv, VWV(2));
+		}
+		if (req->in.wct >= 7) {
+			parms->tconx.out.max_access = IVAL(req->in.vwv, VWV(3));
+			parms->tconx.out.guest_max_access = IVAL(req->in.vwv, VWV(5));
+		}
+
+		/* output is actual service name */
+		p = req->in.data;
+		if (!p) break;
+
+		p += smbcli_req_pull_string(&req->in.bufinfo, mem_ctx, &parms->tconx.out.dev_type,
+					    p, -1, STR_ASCII | STR_TERMINATE);
+		smbcli_req_pull_string(&req->in.bufinfo, mem_ctx, &parms->tconx.out.fs_type,
+					 p, -1, STR_TERMINATE);
+		break;
+
+	case RAW_TCON_SMB2:
+		req->status = NT_STATUS_INTERNAL_ERROR;
+		break;
+	}
+
+failed:
+	return smbcli_request_destroy(req);
+}
+
+/****************************************************************************
+ Send a tconX (sync interface)
+****************************************************************************/
+_PUBLIC_ NTSTATUS smb_raw_tcon(struct smbcli_tree *tree, TALLOC_CTX *mem_ctx,
+		      union smb_tcon *parms)
+{
+	struct smbcli_request *req = smb_raw_tcon_send(tree, parms);
+	return smb_raw_tcon_recv(req, mem_ctx, parms);
+}
+
+
+/****************************************************************************
+ Send a tree disconnect.
+****************************************************************************/
+_PUBLIC_ NTSTATUS smb_tree_disconnect(struct smbcli_tree *tree)
+{
+	struct smbcli_request *req;
+
+	if (!tree) return NT_STATUS_OK;
+	req = smbcli_request_setup(tree, SMBtdis, 0, 0);
+	if (req == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (smbcli_request_send(req)) {
+		(void) smbcli_request_receive(req);
+	}
+	return smbcli_request_destroy(req);
+}
+
+
+/*
+  a convenient function to establish a smbcli_tree from scratch
+*/
+NTSTATUS smbcli_tree_full_connection(TALLOC_CTX *parent_ctx,
+				     struct smbcli_tree **ret_tree,
+				     const char *dest_host, const char **dest_ports,
+				     const char *service, const char *service_type,
+					 const char *socket_options,
+				     struct cli_credentials *credentials,
+				     struct resolve_context *resolve_ctx,
+				     struct tevent_context *ev,
+				     struct smbcli_options *options,
+				     struct smbcli_session_options *session_options,
+					 struct gensec_settings *gensec_settings)
+{
+	struct smb_composite_connect io;
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(parent_ctx);
+	if (!tmp_ctx) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	io.in.dest_host = dest_host;
+	io.in.dest_ports = dest_ports;
+	io.in.socket_options = socket_options;
+	io.in.called_name = strupper_talloc(tmp_ctx, dest_host);
+	io.in.service = service;
+	io.in.service_type = service_type;
+	io.in.existing_conn = NULL;
+	io.in.credentials = credentials;
+	io.in.gensec_settings = gensec_settings;
+	io.in.fallback_to_anonymous = false;
+
+	/* This workgroup gets sent out by the SPNEGO session setup.
+	 * I don't know of any servers that look at it, so we
+	 * hardcode it to "". */
+	io.in.workgroup = "";
+	io.in.options = *options;
+	io.in.session_options = *session_options;
+
+	status = smb_composite_connect(&io, parent_ctx, resolve_ctx, ev);
+	if (NT_STATUS_IS_OK(status)) {
+		*ret_tree = io.out.tree;
+	}
+	talloc_free(tmp_ctx);
+	return status;
+}
diff --git a/source4/libcli/raw/interfaces.h b/source4/libcli/raw/interfaces.h
new file mode 100644
index 0000000..6abc06d
--- /dev/null
+++ b/source4/libcli/raw/interfaces.h
@@ -0,0 +1,2867 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB request interface structures
+   Copyright (C) Andrew Tridgell			2003
+   Copyright (C) James J Myers 2003 <myersjj@samba.org>
+   Copyright (C) James Peach 2007
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __LIBCLI_RAW_INTERFACES_H__
+#define __LIBCLI_RAW_INTERFACES_H__
+
+#include "source4/libcli/raw/smb.h"
+#include "../libcli/smb/smb_common.h"
+#include "librpc/gen_ndr/misc.h" /* for struct GUID */
+#include "librpc/gen_ndr/smb2_lease_struct.h"
+
+/* this structure is just a wrapper for a string, the only reason we
+   bother with this is that it allows us to check the length provided
+   on the wire in testsuite test code to ensure that we are
+   terminating names in the same way that win2003 is. The *ONLY* time
+   you should ever look at the 'private_length' field in this
+   structure is inside compliance test code, in all other cases just
+   use the null terminated char* as the definitive definition of the
+   string
+
+   also note that this structure is only used in packets where there
+   is an explicit length provided on the wire (hence the name). That
+   length is placed in 'private_length'. For packets where the length
+   is always determined by NULL or packet termination a normal char*
+   is used in the structure definition.
+ */
+struct smb_wire_string {
+	uint32_t private_length;
+	const char *s;
+};
+
+/*
+ * SMB2 uses a 16Byte handle,
+ * (we can maybe use struct GUID later)
+ */
+struct smb2_handle {
+	uint64_t data[2];
+};
+
+struct smb2_lease_break {
+	struct smb2_lease current_lease;
+	uint16_t new_epoch; /* only for v2 leases */
+	uint32_t break_flags;
+	uint32_t new_lease_state;
+	uint32_t break_reason; /* should be 0 */
+	uint32_t access_mask_hint; /* should be 0 */
+	uint32_t share_mask_hint; /* should be 0 */
+};
+
+struct ntvfs_handle;
+
+/*
+ * a generic container for file handles or file paths
+ * for qfileinfo/setfileinfo and qpathinfo/setpathinfo
+*/
+union smb_handle_or_path {
+	/*
+	 * this is used for
+	 * the qpathinfo and setpathinfo
+	 * calls
+	 */
+	const char *path;
+	/*
+	 * this is used as file handle in SMB
+	 */
+	uint16_t fnum;
+
+	/*
+	 * this is used as file handle in SMB2
+	 */
+	struct smb2_handle handle;
+
+	/*
+	 * this is used as generic file handle for the NTVFS layer
+	 */
+	struct ntvfs_handle *ntvfs;
+};
+
+/*
+ a generic container for file handles
+*/
+union smb_handle {
+	/*
+	 * this is used as file handle in SMB
+	 */
+	uint16_t fnum;
+
+	/*
+	 * this is used as file handle in SMB2
+	 */
+	struct smb2_handle handle;
+
+	/*
+	 * this is used as generic file handle for the NTVFS layer
+	 */
+	struct ntvfs_handle *ntvfs;
+};
+
+/*
+  this header defines the structures and unions used between the SMB
+  parser and the backends.
+*/
+
+/* struct used for SMBlseek call */
+union smb_seek {
+	struct {
+		struct {
+			union smb_handle file;
+			uint16_t mode;
+			int32_t  offset; /* signed */
+		} in;
+		struct {
+			int32_t offset;
+		} out;
+	} lseek, generic;
+};
+
+/* struct used in unlink() call */
+union smb_unlink {
+	struct {
+		struct {
+			const char *pattern;
+			uint16_t attrib;
+		} in;
+	} unlink;
+};
+
+
+/* struct used in chkpath() call */
+union smb_chkpath {
+	struct {
+		struct {
+			const char *path;
+		} in;
+	} chkpath;
+};
+
+enum smb_mkdir_level {RAW_MKDIR_GENERIC, RAW_MKDIR_MKDIR, RAW_MKDIR_T2MKDIR};
+
+/* union used in mkdir() call */
+union smb_mkdir {
+	/* generic level */
+	struct {
+		enum smb_mkdir_level level;
+	} generic;
+
+	struct {
+		enum smb_mkdir_level level;
+		struct {
+			const char *path;
+		} in;
+	} mkdir;
+
+	struct {
+		enum smb_mkdir_level level;
+		struct {
+			const char *path;
+			unsigned int num_eas;
+			struct ea_struct *eas;
+		} in;
+	} t2mkdir;
+};
+
+/* struct used in rmdir() call */
+struct smb_rmdir {
+	struct {
+		const char *path;
+	} in;
+};
+
+/* struct used in rename() call */
+enum smb_rename_level {RAW_RENAME_RENAME, RAW_RENAME_NTRENAME, RAW_RENAME_NTTRANS};
+
+union smb_rename {
+	struct {
+		enum smb_rename_level level;
+	} generic;
+
+	/* SMBrename interface */
+	struct {
+		enum smb_rename_level level;
+
+		struct {
+			const char *pattern1;
+			const char *pattern2;
+			uint16_t attrib;
+		} in;
+	} rename;
+
+
+	/* SMBntrename interface */
+	struct {
+		enum smb_rename_level level;
+
+		struct {
+			uint16_t attrib;
+			uint16_t flags; /* see RENAME_FLAG_* */
+			uint32_t cluster_size;
+			const char *old_name;
+			const char *new_name;
+		} in;
+	} ntrename;
+
+	/* NT TRANS rename interface */
+	struct {
+		enum smb_rename_level level;
+
+		struct {
+			union smb_handle file;
+			uint16_t flags;/* see RENAME_REPLACE_IF_EXISTS */
+			const char *new_name;
+		} in;
+	} nttrans;
+};
+
+enum smb_tcon_level {
+	RAW_TCON_TCON,
+	RAW_TCON_TCONX,
+	RAW_TCON_SMB2
+};
+
+/* union used in tree connect call */
+union smb_tcon {
+	/* generic interface */
+	struct {
+		enum smb_tcon_level level;
+	} generic;
+
+	/* SMBtcon interface */
+	struct {
+		enum smb_tcon_level level;
+
+		struct {
+			const char *service;
+			const char *password;
+			const char *dev;
+		} in;
+		struct {
+			uint16_t max_xmit;
+			uint16_t tid;
+		} out;
+	} tcon;
+
+	/* SMBtconX interface */
+	struct {
+		enum smb_tcon_level level;
+
+		struct {
+			uint16_t flags;
+			DATA_BLOB password;
+			const char *path;
+			const char *device;
+		} in;
+		struct {
+			uint16_t options;
+			uint32_t max_access;
+			uint32_t guest_max_access;
+			char *dev_type;
+			char *fs_type;
+			uint16_t tid;
+		} out;
+	} tconx;
+
+	/* SMB2 TreeConnect */
+	struct smb2_tree_connect {
+		enum smb_tcon_level level;
+
+		struct {
+			/* static body buffer 8 (0x08) bytes */
+			uint16_t reserved;
+			/* uint16_t path_ofs */
+			/* uint16_t path_size */
+				/* dynamic body */
+			const char *path; /* as non-terminated UTF-16 on the wire */
+		} in;
+		struct {
+			/* static body buffer 16 (0x10) bytes */
+			/* uint16_t buffer_code;  0x10 */
+			uint8_t share_type;
+			uint8_t reserved;
+			uint32_t flags;
+			uint32_t capabilities;
+			uint32_t access_mask;
+
+			/* extracted from the SMB2 header */
+			uint32_t tid;
+		} out;
+	} smb2;
+};
+
+
+enum smb_sesssetup_level {
+	RAW_SESSSETUP_OLD,
+	RAW_SESSSETUP_NT1,
+	RAW_SESSSETUP_SPNEGO,
+	RAW_SESSSETUP_SMB2
+};
+
+/* union used in session_setup call */
+union smb_sesssetup {
+	/* the pre-NT1 interface */
+	struct {
+		enum smb_sesssetup_level level;
+
+		struct {
+			uint16_t bufsize;
+			uint16_t mpx_max;
+			uint16_t vc_num;
+			uint32_t sesskey;
+			DATA_BLOB password;
+			const char *user;
+			const char *domain;
+			const char *os;
+			const char *lanman;
+		} in;
+		struct {
+			uint16_t action;
+			uint16_t vuid;
+			char *os;
+			char *lanman;
+			char *domain;
+		} out;
+	} old;
+
+	/* the NT1 interface */
+	struct {
+		enum smb_sesssetup_level level;
+
+		struct {
+			uint16_t bufsize;
+			uint16_t mpx_max;
+			uint16_t vc_num;
+			uint32_t sesskey;
+			uint32_t capabilities;
+			DATA_BLOB password1;
+			DATA_BLOB password2;
+			const char *user;
+			const char *domain;
+			const char *os;
+			const char *lanman;
+		} in;
+		struct {
+			uint16_t action;
+			uint16_t vuid;
+			char *os;
+			char *lanman;
+			char *domain;
+		} out;
+	} nt1;
+
+
+	/* the SPNEGO interface */
+	struct {
+		enum smb_sesssetup_level level;
+
+		struct {
+			uint16_t bufsize;
+			uint16_t mpx_max;
+			uint16_t vc_num;
+			uint32_t sesskey;
+			uint32_t capabilities;
+			DATA_BLOB secblob;
+			const char *os;
+			const char *lanman;
+			const char *workgroup;
+		} in;
+		struct {
+			uint16_t action;
+			DATA_BLOB secblob;
+			char *os;
+			char *lanman;
+			char *workgroup;
+			uint16_t vuid;
+		} out;
+	} spnego;
+
+	/* SMB2 SessionSetup */
+	struct smb2_session_setup {
+		enum smb_sesssetup_level level;
+
+		struct {
+			/* static body 24 (0x18) bytes */
+			uint8_t vc_number;
+			uint8_t security_mode;
+			uint32_t capabilities;
+			uint32_t channel;
+			/* uint16_t secblob_ofs */
+			/* uint16_t secblob_size */
+			uint64_t previous_sessionid;
+			/* dynamic body */
+			DATA_BLOB secblob;
+		} in;
+		struct {
+			/* body buffer 8 (0x08) bytes */
+			uint16_t session_flags;
+			/* uint16_t secblob_ofs */
+			/* uint16_t secblob_size */
+			/* dynamic body */
+			DATA_BLOB secblob;
+
+			/* extracted from the SMB2 header */
+			uint64_t uid;
+		} out;
+	} smb2;
+};
+
+/* Note that the specified enum values are identical to the actual info-levels used
+ * on the wire.
+ */
+enum smb_fileinfo_level {
+		     RAW_FILEINFO_GENERIC                    = 0xF000,
+		     RAW_FILEINFO_GETATTR,                   /* SMBgetatr */
+		     RAW_FILEINFO_GETATTRE,                  /* SMBgetattrE */
+		     RAW_FILEINFO_SEC_DESC,                  /* NT_TRANSACT_QUERY_SECURITY_DESC */
+		     RAW_FILEINFO_STANDARD                   = SMB_QFILEINFO_STANDARD,
+		     RAW_FILEINFO_EA_SIZE                    = SMB_QFILEINFO_EA_SIZE,
+		     RAW_FILEINFO_EA_LIST                    = SMB_QFILEINFO_EA_LIST,
+		     RAW_FILEINFO_ALL_EAS                    = SMB_QFILEINFO_ALL_EAS,
+		     RAW_FILEINFO_IS_NAME_VALID              = SMB_QFILEINFO_IS_NAME_VALID,
+		     RAW_FILEINFO_BASIC_INFO                 = SMB_QFILEINFO_BASIC_INFO,
+		     RAW_FILEINFO_STANDARD_INFO              = SMB_QFILEINFO_STANDARD_INFO,
+		     RAW_FILEINFO_EA_INFO                    = SMB_QFILEINFO_EA_INFO,
+		     RAW_FILEINFO_NAME_INFO                  = SMB_QFILEINFO_NAME_INFO,
+		     RAW_FILEINFO_ALL_INFO                   = SMB_QFILEINFO_ALL_INFO,
+		     RAW_FILEINFO_ALT_NAME_INFO              = SMB_QFILEINFO_ALT_NAME_INFO,
+		     RAW_FILEINFO_STREAM_INFO                = SMB_QFILEINFO_STREAM_INFO,
+		     RAW_FILEINFO_COMPRESSION_INFO           = SMB_QFILEINFO_COMPRESSION_INFO,
+		     RAW_FILEINFO_UNIX_BASIC                 = SMB_QFILEINFO_UNIX_BASIC,
+		     RAW_FILEINFO_UNIX_INFO2                 = SMB_QFILEINFO_UNIX_INFO2,
+		     RAW_FILEINFO_UNIX_LINK                  = SMB_QFILEINFO_UNIX_LINK,
+		     RAW_FILEINFO_BASIC_INFORMATION          = SMB_QFILEINFO_BASIC_INFORMATION,
+		     RAW_FILEINFO_STANDARD_INFORMATION       = SMB_QFILEINFO_STANDARD_INFORMATION,
+		     RAW_FILEINFO_INTERNAL_INFORMATION       = SMB_QFILEINFO_INTERNAL_INFORMATION,
+		     RAW_FILEINFO_EA_INFORMATION             = SMB_QFILEINFO_EA_INFORMATION,
+		     RAW_FILEINFO_ACCESS_INFORMATION         = SMB_QFILEINFO_ACCESS_INFORMATION,
+		     RAW_FILEINFO_NAME_INFORMATION           = SMB_QFILEINFO_NAME_INFORMATION,
+		     RAW_FILEINFO_POSITION_INFORMATION       = SMB_QFILEINFO_POSITION_INFORMATION,
+		     RAW_FILEINFO_MODE_INFORMATION           = SMB_QFILEINFO_MODE_INFORMATION,
+		     RAW_FILEINFO_ALIGNMENT_INFORMATION      = SMB_QFILEINFO_ALIGNMENT_INFORMATION,
+		     RAW_FILEINFO_ALL_INFORMATION            = SMB_QFILEINFO_ALL_INFORMATION,
+		     RAW_FILEINFO_ALT_NAME_INFORMATION       = SMB_QFILEINFO_ALT_NAME_INFORMATION,
+		     RAW_FILEINFO_STREAM_INFORMATION         = SMB_QFILEINFO_STREAM_INFORMATION,
+		     RAW_FILEINFO_COMPRESSION_INFORMATION    = SMB_QFILEINFO_COMPRESSION_INFORMATION,
+		     RAW_FILEINFO_NETWORK_OPEN_INFORMATION   = SMB_QFILEINFO_NETWORK_OPEN_INFORMATION,
+		     RAW_FILEINFO_ATTRIBUTE_TAG_INFORMATION  = SMB_QFILEINFO_ATTRIBUTE_TAG_INFORMATION,
+		     RAW_FILEINFO_NORMALIZED_NAME_INFORMATION= SMB_QFILEINFO_NORMALIZED_NAME_INFORMATION,
+		     /* SMB2 specific levels */
+		     RAW_FILEINFO_SMB2_ALL_EAS               = 0x0f01,
+		     RAW_FILEINFO_SMB2_ALL_INFORMATION       = 0x1201,
+		     RAW_FILEINFO_SMB2_ALT_NAME_INFORMATION  = 0x1501
+};
+
+/* union used in qfileinfo() and qpathinfo() backend calls */
+union smb_fileinfo {
+	/* generic interface:
+	 * matches RAW_FILEINFO_GENERIC */
+	struct {
+		enum smb_fileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+		} in;
+		struct {
+			uint32_t attrib;
+			uint32_t ea_size;
+			unsigned int num_eas;
+			struct ea_struct {
+				uint8_t flags;
+				struct smb_wire_string name;
+				DATA_BLOB value;
+			} *eas;
+			NTTIME create_time;
+			NTTIME access_time;
+			NTTIME write_time;
+			NTTIME change_time;
+			uint64_t alloc_size;
+			uint64_t size;
+			uint32_t nlink;
+			struct smb_wire_string fname;
+			struct smb_wire_string alt_fname;
+			uint8_t delete_pending;
+			uint8_t directory;
+			uint64_t compressed_size;
+			uint16_t format;
+			uint8_t unit_shift;
+			uint8_t chunk_shift;
+			uint8_t cluster_shift;
+			uint64_t file_id;
+			uint32_t access_flags; /* seen 0x001f01ff from w2k3 */
+			uint64_t position;
+			uint32_t mode;
+			uint32_t alignment_requirement;
+			uint32_t reparse_tag;
+			unsigned int num_streams;
+			struct stream_struct {
+				uint64_t size;
+				uint64_t alloc_size;
+				struct smb_wire_string stream_name;
+			} *streams;
+		} out;
+	} generic;
+
+
+	/* SMBgetatr interface:
+	 * matches RAW_FILEINFO_GETATTR */
+	struct {
+		enum smb_fileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+		} in;
+		struct {
+			uint16_t attrib;
+			uint32_t size;
+			time_t write_time;
+		} out;
+	} getattr;
+
+	/* SMBgetattrE and  RAW_FILEINFO_STANDARD interface */
+	struct {
+		enum smb_fileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+		} in;
+		struct {
+			time_t create_time;
+			time_t access_time;
+			time_t write_time;
+			uint32_t size;
+			uint32_t alloc_size;
+			uint16_t attrib;
+		} out;
+	} getattre, standard;
+
+	/* trans2 RAW_FILEINFO_EA_SIZE interface */
+	struct {
+		enum smb_fileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+		} in;
+		struct {
+			time_t create_time;
+			time_t access_time;
+			time_t write_time;
+			uint32_t size;
+			uint32_t alloc_size;
+			uint16_t attrib;
+			uint32_t ea_size;
+		} out;
+	} ea_size;
+
+	/* trans2 RAW_FILEINFO_EA_LIST interface */
+	struct {
+		enum smb_fileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+			unsigned int num_names;
+			struct ea_name {
+				struct smb_wire_string name;
+			} *ea_names;
+		} in;
+
+		struct smb_ea_list {
+			unsigned int num_eas;
+			struct ea_struct *eas;
+		} out;
+	} ea_list;
+
+	/* trans2 RAW_FILEINFO_ALL_EAS and RAW_FILEINFO_FULL_EA_INFORMATION interfaces */
+	struct {
+		enum smb_fileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+			/* SMB2 only - SMB2_CONTINUE_FLAG_* */
+			uint8_t continue_flags;
+		} in;
+		struct smb_ea_list out;
+	} all_eas;
+
+	/* trans2 qpathinfo RAW_FILEINFO_IS_NAME_VALID interface
+	   only valid for a QPATHNAME call - no returned data */
+	struct {
+		enum smb_fileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+		} in;
+	} is_name_valid;
+
+	/* RAW_FILEINFO_BASIC_INFO and RAW_FILEINFO_BASIC_INFORMATION interfaces */
+	struct {
+		enum smb_fileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+		} in;
+		struct {
+			NTTIME create_time;
+			NTTIME access_time;
+			NTTIME write_time;
+			NTTIME change_time;
+			uint32_t attrib;
+		} out;
+	} basic_info;
+
+
+	/* RAW_FILEINFO_STANDARD_INFO and RAW_FILEINFO_STANDARD_INFORMATION interfaces */
+	struct {
+		enum smb_fileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+		} in;
+		struct {
+			uint64_t alloc_size;
+			uint64_t size;
+			uint32_t nlink;
+			bool delete_pending;
+			bool directory;
+		} out;
+	} standard_info;
+
+	/* RAW_FILEINFO_EA_INFO and RAW_FILEINFO_EA_INFORMATION interfaces */
+	struct {
+		enum smb_fileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+		} in;
+		struct {
+			uint32_t ea_size;
+		} out;
+	} ea_info;
+
+	/* RAW_FILEINFO_NAME_INFO and RAW_FILEINFO_NAME_INFORMATION interfaces */
+	/* RAW_FILEINFO_ALT_NAME_INFO and RAW_FILEINFO_ALT_NAME_INFORMATION interfaces */
+	/* RAW_FILEINFO_NORMALIZED_NAME_INFORMATION interface */
+	/* RAW_FILEINFO_SMB2_ALT_NAME_INFORMATION interface */
+	struct {
+		enum smb_fileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+		} in;
+		struct {
+			struct smb_wire_string fname;
+		} out;
+	} name_info, alt_name_info, normalized_name_info;
+
+	/* RAW_FILEINFO_ALL_INFO and RAW_FILEINFO_ALL_INFORMATION interfaces */
+	struct {
+		enum smb_fileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+		} in;
+		struct {
+			NTTIME create_time;
+			NTTIME access_time;
+			NTTIME write_time;
+			NTTIME change_time;
+			uint32_t attrib;
+			uint64_t alloc_size;
+			uint64_t size;
+			uint32_t nlink;
+			uint8_t delete_pending;
+			uint8_t directory;
+			uint32_t ea_size;
+			struct smb_wire_string fname;
+		} out;
+	} all_info;
+
+	/* RAW_FILEINFO_SMB2_ALL_INFORMATION interface */
+	struct {
+		enum smb_fileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+		} in;
+		struct {
+			NTTIME   create_time;
+			NTTIME   access_time;
+			NTTIME   write_time;
+			NTTIME   change_time;
+			uint32_t attrib;
+			uint32_t unknown1;
+			uint64_t alloc_size;
+			uint64_t size;
+			uint32_t nlink;
+			uint8_t  delete_pending;
+			uint8_t  directory;
+			/* uint16_t _pad; */
+			uint64_t file_id;
+			uint32_t ea_size;
+			uint32_t access_mask;
+			uint64_t position;
+			uint32_t mode;
+			uint32_t alignment_requirement;
+			struct smb_wire_string fname;
+		} out;
+	} all_info2;
+
+	/* RAW_FILEINFO_STREAM_INFO and RAW_FILEINFO_STREAM_INFORMATION interfaces */
+	struct {
+		enum smb_fileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+		} in;
+		struct stream_information {
+			unsigned int num_streams;
+			struct stream_struct *streams;
+		} out;
+	} stream_info;
+
+	/* RAW_FILEINFO_COMPRESSION_INFO and RAW_FILEINFO_COMPRESSION_INFORMATION interfaces */
+	struct {
+		enum smb_fileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+		} in;
+		struct {
+			uint64_t compressed_size;
+			uint16_t format;
+			uint8_t unit_shift;
+			uint8_t chunk_shift;
+			uint8_t cluster_shift;
+		} out;
+	} compression_info;
+
+	/* RAW_FILEINFO_UNIX_BASIC interface */
+	struct {
+		enum smb_fileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+		} in;
+		struct {
+			uint64_t end_of_file;
+			uint64_t num_bytes;
+			NTTIME status_change_time;
+			NTTIME access_time;
+			NTTIME change_time;
+			uint64_t uid;
+			uint64_t gid;
+			uint32_t file_type;
+			uint64_t dev_major;
+			uint64_t dev_minor;
+			uint64_t unique_id;
+			uint64_t permissions;
+			uint64_t nlink;
+		} out;
+	} unix_basic_info;
+
+	/* RAW_FILEINFO_UNIX_INFO2 interface */
+	struct {
+		enum smb_fileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+		} in;
+		struct {
+			uint64_t end_of_file;
+			uint64_t num_bytes;
+			NTTIME status_change_time;
+			NTTIME access_time;
+			NTTIME change_time;
+			uint64_t uid;
+			uint64_t gid;
+			uint32_t file_type;
+			uint64_t dev_major;
+			uint64_t dev_minor;
+			uint64_t unique_id;
+			uint64_t permissions;
+			uint64_t nlink;
+			NTTIME create_time;
+			uint32_t file_flags;
+			uint32_t flags_mask;
+		} out;
+	} unix_info2;
+
+	/* RAW_FILEINFO_UNIX_LINK interface */
+	struct {
+		enum smb_fileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+		} in;
+		struct {
+			struct smb_wire_string link_dest;
+		} out;
+	} unix_link_info;
+
+	/* RAW_FILEINFO_INTERNAL_INFORMATION interface */
+	struct {
+		enum smb_fileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+		} in;
+		struct {
+			uint64_t file_id;
+		} out;
+	} internal_information;
+
+	/* RAW_FILEINFO_ACCESS_INFORMATION interface */
+	struct {
+		enum smb_fileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+		} in;
+		struct {
+			uint32_t access_flags;
+		} out;
+	} access_information;
+
+	/* RAW_FILEINFO_POSITION_INFORMATION interface */
+	struct {
+		enum smb_fileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+		} in;
+		struct {
+			uint64_t position;
+		} out;
+	} position_information;
+
+	/* RAW_FILEINFO_MODE_INFORMATION interface */
+	struct {
+		enum smb_fileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+		} in;
+		struct {
+			uint32_t mode;
+		} out;
+	} mode_information;
+
+	/* RAW_FILEINFO_ALIGNMENT_INFORMATION interface */
+	struct {
+		enum smb_fileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+		} in;
+		struct {
+			uint32_t alignment_requirement;
+		} out;
+	} alignment_information;
+
+	/* RAW_FILEINFO_NETWORK_OPEN_INFORMATION interface */
+	struct {
+		enum smb_fileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+		} in;
+		struct {
+			NTTIME create_time;
+			NTTIME access_time;
+			NTTIME write_time;
+			NTTIME change_time;
+			uint64_t alloc_size;
+			uint64_t size;
+			uint32_t attrib;
+		} out;
+	} network_open_information;
+
+
+	/* RAW_FILEINFO_ATTRIBUTE_TAG_INFORMATION interface */
+	struct {
+		enum smb_fileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+		} in;
+		struct {
+			uint32_t attrib;
+			uint32_t reparse_tag;
+		} out;
+	} attribute_tag_information;
+
+	/* RAW_FILEINFO_SEC_DESC */
+	struct {
+		enum smb_fileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+			uint32_t secinfo_flags;
+		} in;
+		struct {
+			struct security_descriptor *sd;
+		} out;
+	} query_secdesc;
+};
+
+
+enum smb_setfileinfo_level {
+	RAW_SFILEINFO_GENERIC		      = 0xF000,
+	RAW_SFILEINFO_SETATTR,		      /* SMBsetatr */
+	RAW_SFILEINFO_SETATTRE,		      /* SMBsetattrE */
+	RAW_SFILEINFO_SEC_DESC,               /* NT_TRANSACT_SET_SECURITY_DESC */
+	RAW_SFILEINFO_STANDARD                = SMB_SFILEINFO_STANDARD,
+	RAW_SFILEINFO_EA_SET                  = SMB_SFILEINFO_EA_SET,
+	RAW_SFILEINFO_BASIC_INFO              = SMB_SFILEINFO_BASIC_INFO,
+	RAW_SFILEINFO_DISPOSITION_INFO        = SMB_SFILEINFO_DISPOSITION_INFO,
+	RAW_SFILEINFO_ALLOCATION_INFO         = SMB_SFILEINFO_ALLOCATION_INFO,
+	RAW_SFILEINFO_END_OF_FILE_INFO        = SMB_SFILEINFO_END_OF_FILE_INFO,
+	RAW_SFILEINFO_UNIX_BASIC              = SMB_SFILEINFO_UNIX_BASIC,
+	RAW_SFILEINFO_UNIX_INFO2              = SMB_SFILEINFO_UNIX_INFO2,
+	RAW_SFILEINFO_UNIX_LINK               = SMB_SET_FILE_UNIX_LINK,
+	RAW_SFILEINFO_UNIX_HLINK	      = SMB_SET_FILE_UNIX_HLINK,
+	RAW_SFILEINFO_BASIC_INFORMATION       = SMB_SFILEINFO_BASIC_INFORMATION,
+	RAW_SFILEINFO_RENAME_INFORMATION      = SMB_SFILEINFO_RENAME_INFORMATION,
+	RAW_SFILEINFO_LINK_INFORMATION        = SMB_SFILEINFO_LINK_INFORMATION,
+	RAW_SFILEINFO_DISPOSITION_INFORMATION = SMB_SFILEINFO_DISPOSITION_INFORMATION,
+	RAW_SFILEINFO_POSITION_INFORMATION    = SMB_SFILEINFO_POSITION_INFORMATION,
+	RAW_SFILEINFO_FULL_EA_INFORMATION     = SMB_SFILEINFO_FULL_EA_INFORMATION,
+	RAW_SFILEINFO_MODE_INFORMATION        = SMB_SFILEINFO_MODE_INFORMATION,
+	RAW_SFILEINFO_ALLOCATION_INFORMATION  = SMB_SFILEINFO_ALLOCATION_INFORMATION,
+	RAW_SFILEINFO_END_OF_FILE_INFORMATION = SMB_SFILEINFO_END_OF_FILE_INFORMATION,
+	RAW_SFILEINFO_PIPE_INFORMATION 	      = SMB_SFILEINFO_PIPE_INFORMATION,
+	RAW_SFILEINFO_VALID_DATA_INFORMATION  = SMB_SFILEINFO_VALID_DATA_INFORMATION,
+	RAW_SFILEINFO_SHORT_NAME_INFORMATION  = SMB_SFILEINFO_SHORT_NAME_INFORMATION,
+	RAW_SFILEINFO_1025                    = SMB_SFILEINFO_1025,
+	RAW_SFILEINFO_1027                    = SMB_SFILEINFO_1027,
+	RAW_SFILEINFO_1029                    = SMB_SFILEINFO_1029,
+	RAW_SFILEINFO_1030                    = SMB_SFILEINFO_1030,
+	RAW_SFILEINFO_1031                    = SMB_SFILEINFO_1031,
+	RAW_SFILEINFO_1032                    = SMB_SFILEINFO_1032,
+	RAW_SFILEINFO_1036                    = SMB_SFILEINFO_1036,
+	RAW_SFILEINFO_1041                    = SMB_SFILEINFO_1041,
+	RAW_SFILEINFO_1042                    = SMB_SFILEINFO_1042,
+	RAW_SFILEINFO_1043                    = SMB_SFILEINFO_1043,
+	RAW_SFILEINFO_1044                    = SMB_SFILEINFO_1044,
+
+	/* cope with breakage in SMB2 */
+	RAW_SFILEINFO_RENAME_INFORMATION_SMB2 = SMB_SFILEINFO_RENAME_INFORMATION|0x80000000,
+};
+
+/* union used in setfileinfo() and setpathinfo() calls */
+union smb_setfileinfo {
+	/* generic interface */
+	struct {
+		enum smb_setfileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+		} in;
+	} generic;
+
+	/* RAW_SFILEINFO_SETATTR (SMBsetatr) interface - only via setpathinfo() */
+	struct {
+		enum smb_setfileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+			uint16_t attrib;
+			time_t write_time;
+		} in;
+	} setattr;
+
+	/* RAW_SFILEINFO_SETATTRE (SMBsetattrE) interface - only via setfileinfo()
+	   also RAW_SFILEINFO_STANDARD */
+	struct {
+		enum smb_setfileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+			time_t create_time;
+			time_t access_time;
+			time_t write_time;
+			/* notice that size, alloc_size and attrib are not settable,
+			   unlike the corresponding qfileinfo level */
+		} in;
+	} setattre, standard;
+
+	/* RAW_SFILEINFO_EA_SET interface */
+	struct {
+		enum smb_setfileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+			unsigned int num_eas;
+			struct ea_struct *eas;
+		} in;
+	} ea_set;
+
+	/* RAW_SFILEINFO_BASIC_INFO and
+	   RAW_SFILEINFO_BASIC_INFORMATION interfaces */
+	struct {
+		enum smb_setfileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+			NTTIME create_time;
+			NTTIME access_time;
+			NTTIME write_time;
+			NTTIME change_time;
+			uint32_t attrib;
+			uint32_t reserved;
+		} in;
+	} basic_info;
+
+	/* RAW_SFILEINFO_DISPOSITION_INFO and
+	   RAW_SFILEINFO_DISPOSITION_INFORMATION interfaces */
+	struct {
+		enum smb_setfileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+			bool delete_on_close;
+		} in;
+	} disposition_info;
+
+	/* RAW_SFILEINFO_ALLOCATION_INFO and
+	   RAW_SFILEINFO_ALLOCATION_INFORMATION interfaces */
+	struct {
+		enum smb_setfileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+			/* w2k3 rounds this up to nearest 4096 */
+			uint64_t alloc_size;
+		} in;
+	} allocation_info;
+
+	/* RAW_SFILEINFO_END_OF_FILE_INFO and
+	   RAW_SFILEINFO_END_OF_FILE_INFORMATION interfaces */
+	struct {
+		enum smb_setfileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+			uint64_t size;
+		} in;
+	} end_of_file_info;
+
+	/* RAW_SFILEINFO_RENAME_INFORMATION interface */
+	struct {
+		enum smb_setfileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+			uint8_t overwrite;
+			uint64_t root_fid;
+			const char *new_name;
+		} in;
+	} rename_information;
+
+	/* RAW_SFILEINFO_LINK_INFORMATION interface */
+	struct {
+		enum smb_setfileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+			uint8_t overwrite;
+			uint64_t root_fid;
+			const char *new_name;
+		} in;
+	} link_information;
+
+	/* RAW_SFILEINFO_POSITION_INFORMATION interface */
+	struct {
+		enum smb_setfileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+			uint64_t position;
+		} in;
+	} position_information;
+
+	/* RAW_SFILEINFO_MODE_INFORMATION interface */
+	struct {
+		enum smb_setfileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+			/* valid values seem to be 0, 2, 4 and 6 */
+			uint32_t mode;
+		} in;
+	} mode_information;
+
+	/* RAW_SFILEINFO_UNIX_BASIC interface */
+	struct {
+		enum smb_setfileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+			uint32_t mode; /* yuck - this field remains to fix compile of libcli/clifile.c */
+			uint64_t end_of_file;
+			uint64_t num_bytes;
+			NTTIME status_change_time;
+			NTTIME access_time;
+			NTTIME change_time;
+			uint64_t uid;
+			uint64_t gid;
+			uint32_t file_type;
+			uint64_t dev_major;
+			uint64_t dev_minor;
+			uint64_t unique_id;
+			uint64_t permissions;
+			uint64_t nlink;
+		} in;
+	} unix_basic;
+
+	/* RAW_SFILEINFO_UNIX_INFO2 interface */
+	struct {
+		enum smb_setfileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+			uint64_t end_of_file;
+			uint64_t num_bytes;
+			NTTIME status_change_time;
+			NTTIME access_time;
+			NTTIME change_time;
+			uint64_t uid;
+			uint64_t gid;
+			uint32_t file_type;
+			uint64_t dev_major;
+			uint64_t dev_minor;
+			uint64_t unique_id;
+			uint64_t permissions;
+			uint64_t nlink;
+			NTTIME create_time;
+			uint32_t file_flags;
+			uint32_t flags_mask;
+		} in;
+	} unix_info2;
+
+	/* RAW_SFILEINFO_UNIX_LINK, RAW_SFILEINFO_UNIX_HLINK interface */
+	struct {
+		enum smb_setfileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+			const char *link_dest;
+		} in;
+	} unix_link, unix_hlink;
+
+	/* RAW_SFILEINFO_SEC_DESC */
+	struct {
+		enum smb_setfileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+			uint32_t secinfo_flags;
+			struct security_descriptor *sd;
+		} in;
+	} set_secdesc;
+
+	/* RAW_SFILEINFO_FULL_EA_INFORMATION */
+	struct {
+		enum smb_setfileinfo_level level;
+		struct {
+			union smb_handle_or_path file;
+			struct smb_ea_list eas;
+		} in;
+	} full_ea_information;
+};
+
+
+enum smb_fsinfo_level {
+		   RAW_QFS_GENERIC                        = 0xF000,
+		   RAW_QFS_DSKATTR,                         /* SMBdskattr */
+		   RAW_QFS_ALLOCATION                     = SMB_QFS_ALLOCATION,
+		   RAW_QFS_VOLUME                         = SMB_QFS_VOLUME,
+		   RAW_QFS_VOLUME_INFO                    = SMB_QFS_VOLUME_INFO,
+		   RAW_QFS_SIZE_INFO                      = SMB_QFS_SIZE_INFO,
+		   RAW_QFS_DEVICE_INFO                    = SMB_QFS_DEVICE_INFO,
+		   RAW_QFS_ATTRIBUTE_INFO                 = SMB_QFS_ATTRIBUTE_INFO,
+		   RAW_QFS_UNIX_INFO                      = SMB_QFS_UNIX_INFO,
+		   RAW_QFS_VOLUME_INFORMATION		  = SMB_QFS_VOLUME_INFORMATION,
+		   RAW_QFS_SIZE_INFORMATION               = SMB_QFS_SIZE_INFORMATION,
+		   RAW_QFS_DEVICE_INFORMATION             = SMB_QFS_DEVICE_INFORMATION,
+		   RAW_QFS_ATTRIBUTE_INFORMATION          = SMB_QFS_ATTRIBUTE_INFORMATION,
+		   RAW_QFS_QUOTA_INFORMATION              = SMB_QFS_QUOTA_INFORMATION,
+		   RAW_QFS_FULL_SIZE_INFORMATION          = SMB_QFS_FULL_SIZE_INFORMATION,
+		   RAW_QFS_OBJECTID_INFORMATION           = SMB_QFS_OBJECTID_INFORMATION,
+		   RAW_QFS_SECTOR_SIZE_INFORMATION        = SMB_QFS_SECTOR_SIZE_INFORMATION,
+};
+
+
+/* union for fsinfo() backend call. Note that there are no in
+   structures, as this call only contains out parameters */
+union smb_fsinfo {
+	/* generic interface */
+	struct {
+		enum smb_fsinfo_level level;
+		struct smb2_handle handle; /* only for smb2 */
+
+		struct {
+			uint32_t block_size;
+			uint64_t blocks_total;
+			uint64_t blocks_free;
+			uint32_t fs_id;
+			NTTIME create_time;
+			uint32_t serial_number;
+			uint32_t fs_attr;
+			uint32_t max_file_component_length;
+			uint32_t device_type;
+			uint32_t device_characteristics;
+			uint64_t quota_soft;
+			uint64_t quota_hard;
+			uint64_t quota_flags;
+			struct GUID guid;
+			char *volume_name;
+			char *fs_type;
+		} out;
+	} generic;
+
+	/* SMBdskattr interface */
+	struct {
+		enum smb_fsinfo_level level;
+
+		struct {
+			uint16_t units_total;
+			uint16_t blocks_per_unit;
+			uint16_t block_size;
+			uint16_t units_free;
+		} out;
+	} dskattr;
+
+	/* trans2 RAW_QFS_ALLOCATION interface */
+	struct {
+		enum smb_fsinfo_level level;
+
+		struct {
+			uint32_t fs_id;
+			uint32_t sectors_per_unit;
+			uint32_t total_alloc_units;
+			uint32_t avail_alloc_units;
+			uint16_t bytes_per_sector;
+		} out;
+	} allocation;
+
+	/* TRANS2 RAW_QFS_VOLUME interface */
+	struct {
+		enum smb_fsinfo_level level;
+
+		struct {
+			uint32_t serial_number;
+			struct smb_wire_string volume_name;
+		} out;
+	} volume;
+
+	/* TRANS2 RAW_QFS_VOLUME_INFO and RAW_QFS_VOLUME_INFORMATION interfaces */
+	struct {
+		enum smb_fsinfo_level level;
+		struct smb2_handle handle; /* only for smb2 */
+
+		struct {
+			NTTIME create_time;
+			uint32_t serial_number;
+			struct smb_wire_string volume_name;
+		} out;
+	} volume_info;
+
+	/* trans2 RAW_QFS_SIZE_INFO and RAW_QFS_SIZE_INFORMATION interfaces */
+	struct {
+		enum smb_fsinfo_level level;
+		struct smb2_handle handle; /* only for smb2 */
+
+		struct {
+			uint64_t total_alloc_units;
+			uint64_t avail_alloc_units; /* maps to call_avail_alloc_units */
+			uint32_t sectors_per_unit;
+			uint32_t bytes_per_sector;
+		} out;
+	} size_info;
+
+	/* TRANS2 RAW_QFS_DEVICE_INFO and RAW_QFS_DEVICE_INFORMATION interfaces */
+	struct {
+		enum smb_fsinfo_level level;
+		struct smb2_handle handle; /* only for smb2 */
+
+		struct {
+			uint32_t device_type;
+			uint32_t characteristics;
+		} out;
+	} device_info;
+
+
+	/* TRANS2 RAW_QFS_ATTRIBUTE_INFO and RAW_QFS_ATTRIBUTE_INFORMATION interfaces */
+	struct {
+		enum smb_fsinfo_level level;
+		struct smb2_handle handle; /* only for smb2 */
+
+		struct {
+			uint32_t fs_attr;
+			uint32_t max_file_component_length;
+			struct smb_wire_string fs_type;
+		} out;
+	} attribute_info;
+
+
+	/* TRANS2 RAW_QFS_UNIX_INFO interface */
+	struct {
+		enum smb_fsinfo_level level;
+
+		struct {
+			uint16_t major_version;
+			uint16_t minor_version;
+			uint64_t capability;
+		} out;
+	} unix_info;
+
+	/* trans2 RAW_QFS_QUOTA_INFORMATION interface */
+	struct {
+		enum smb_fsinfo_level level;
+		struct smb2_handle handle; /* only for smb2 */
+
+		struct {
+			uint64_t unknown[3];
+			uint64_t quota_soft;
+			uint64_t quota_hard;
+			uint64_t quota_flags;
+		} out;
+	} quota_information;
+
+	/* trans2 RAW_QFS_FULL_SIZE_INFORMATION interface */
+	struct {
+		enum smb_fsinfo_level level;
+		struct smb2_handle handle; /* only for smb2 */
+
+		struct {
+			uint64_t total_alloc_units;
+			uint64_t call_avail_alloc_units;
+			uint64_t actual_avail_alloc_units;
+			uint32_t sectors_per_unit;
+			uint32_t bytes_per_sector;
+		} out;
+	} full_size_information;
+
+	/* trans2 RAW_QFS_OBJECTID_INFORMATION interface */
+	struct {
+		enum smb_fsinfo_level level;
+		struct smb2_handle handle; /* only for smb2 */
+
+		struct {
+			struct GUID  guid;
+			uint64_t unknown[6];
+		} out;
+	} objectid_information;
+
+	/* trans2 RAW_QFS_SECTOR_SIZE_INFORMATION interface */
+	struct {
+		enum smb_fsinfo_level level;
+		struct smb2_handle handle; /* only for smb2 */
+
+		struct {
+			uint32_t logical_bytes_per_sector;
+			uint32_t phys_bytes_per_sector_atomic;
+			uint32_t phys_bytes_per_sector_perf;
+			uint32_t fs_effective_phys_bytes_per_sector_atomic;
+			uint32_t flags;
+			uint32_t byte_off_sector_align;
+			uint32_t byte_off_partition_align;
+		} out;
+	} sector_size_info;
+};
+
+
+enum smb_setfsinfo_level {
+		RAW_SETFS_UNIX_INFO                      = SMB_SET_CIFS_UNIX_INFO};
+
+union smb_setfsinfo {
+	/* generic interface */
+	struct {
+		enum smb_setfsinfo_level level;
+	} generic;
+
+	/* TRANS2 RAW_QFS_UNIX_INFO interface */
+	struct {
+		enum smb_setfsinfo_level level;
+
+		struct {
+			uint16_t major_version;
+			uint16_t minor_version;
+			uint64_t capability;
+		} in;
+	} unix_info;
+};
+
+enum smb_open_level {
+	RAW_OPEN_OPEN,
+	RAW_OPEN_OPENX,
+	RAW_OPEN_MKNEW,
+	RAW_OPEN_CREATE,
+	RAW_OPEN_CTEMP,
+	RAW_OPEN_SPLOPEN,
+	RAW_OPEN_NTCREATEX,
+	RAW_OPEN_T2OPEN,
+	RAW_OPEN_NTTRANS_CREATE,
+	RAW_OPEN_OPENX_READX,
+	RAW_OPEN_NTCREATEX_READX,
+	RAW_OPEN_SMB2
+};
+
+/* the generic interface is defined to be equal to the NTCREATEX interface */
+#define RAW_OPEN_GENERIC RAW_OPEN_NTCREATEX
+
+/* union for open() backend call */
+union smb_open {
+/*
+ * because the *.out.file structs are not aligned to the same offset for each level
+ * we provide a helper macro that should be used to find the current smb_handle structure
+ */
+#define SMB_OPEN_OUT_FILE(op, file) do { \
+	switch (op->generic.level) { \
+	case RAW_OPEN_OPEN: \
+		file = &op->openold.out.file; \
+		break; \
+	case RAW_OPEN_OPENX: \
+		file = &op->openx.out.file; \
+		break; \
+	case RAW_OPEN_MKNEW: \
+		file = &op->mknew.out.file; \
+		break; \
+	case RAW_OPEN_CREATE: \
+		file = &op->create.out.file; \
+		break; \
+	case RAW_OPEN_CTEMP: \
+		file = &op->ctemp.out.file; \
+		break; \
+	case RAW_OPEN_SPLOPEN: \
+		file = &op->splopen.out.file; \
+		break; \
+	case RAW_OPEN_NTCREATEX: \
+		file = &op->ntcreatex.out.file; \
+		break; \
+	case RAW_OPEN_T2OPEN: \
+		file = &op->t2open.out.file; \
+		break; \
+	case RAW_OPEN_NTTRANS_CREATE: \
+		file = &op->nttrans.out.file; \
+		break; \
+	case RAW_OPEN_OPENX_READX: \
+		file = &op->openxreadx.out.file; \
+		break; \
+	case RAW_OPEN_NTCREATEX_READX: \
+		file = &op->ntcreatexreadx.out.file; \
+		break; \
+	case RAW_OPEN_SMB2: \
+		file = &op->smb2.out.file; \
+		break; \
+	default: \
+		/* this must be a programmer error */ \
+		file = NULL; \
+		break; \
+	} \
+} while (0)
+	/* SMBNTCreateX, nttrans and generic interface */
+	struct {
+		enum smb_open_level level;
+		struct {
+			uint32_t flags;
+			union smb_handle root_fid;
+			uint32_t access_mask;
+			uint64_t alloc_size;
+			uint32_t file_attr;
+			uint32_t share_access;
+			uint32_t open_disposition;
+			uint32_t create_options;
+			uint32_t impersonation;
+			uint8_t  security_flags;
+			/* NOTE: fname can also be a pointer to a
+			 uint64_t file_id if create_options has the
+			 NTCREATEX_OPTIONS_OPEN_BY_FILE_ID flag set */
+			const char *fname;
+
+			/* these last 2 elements are only used in the
+			   NTTRANS variant of the call */
+			struct security_descriptor *sec_desc;
+			struct smb_ea_list *ea_list;
+
+			/* some optional parameters from the SMB2 variant */
+			bool query_maximal_access;
+			bool query_on_disk_id;
+
+			/* private flags for internal use only */
+			uint8_t private_flags;
+		} in;
+		struct {
+			union smb_handle file;
+			uint8_t oplock_level;
+			uint32_t create_action;
+			NTTIME create_time;
+			NTTIME access_time;
+			NTTIME write_time;
+			NTTIME change_time;
+			uint32_t attrib;
+			uint64_t alloc_size;
+			uint64_t size;
+			uint16_t file_type;
+			uint16_t ipc_state;
+			uint8_t  is_directory;
+
+			/* optional return values matching SMB2 tagged
+			   values in the call */
+			uint32_t maximal_access;
+			uint8_t on_disk_id[32];
+		} out;
+	} ntcreatex, nttrans, generic;
+
+	/* TRANS2_OPEN interface */
+	struct {
+		enum smb_open_level level;
+		struct {
+			uint16_t flags;
+			uint16_t open_mode;
+			uint16_t search_attrs;
+			uint16_t file_attrs;
+			time_t write_time;
+			uint16_t open_func;
+			uint32_t size;
+			uint32_t timeout;
+			const char *fname;
+			unsigned int num_eas;
+			struct ea_struct *eas;
+		} in;
+		struct {
+			union smb_handle file;
+			uint16_t attrib;
+			time_t write_time;
+			uint32_t size;
+			uint16_t access;
+			uint16_t ftype;
+			uint16_t devstate;
+			uint16_t action;
+			uint32_t file_id;
+		} out;
+	} t2open;
+
+	/* SMBopen interface */
+	struct {
+		enum smb_open_level level;
+		struct {
+			uint16_t open_mode;
+			uint16_t search_attrs;
+			const char *fname;
+		} in;
+		struct {
+			union smb_handle file;
+			uint16_t attrib;
+			time_t write_time;
+			uint32_t size;
+			uint16_t rmode;
+		} out;
+	} openold;
+
+	/* SMBopenX interface */
+	struct {
+		enum smb_open_level level;
+		struct {
+			uint16_t flags;
+			uint16_t open_mode;
+			uint16_t search_attrs; /* not honoured by win2003 */
+			uint16_t file_attrs;
+			time_t write_time; /* not honoured by win2003 */
+			uint16_t open_func;
+			uint32_t size; /* note that this sets the
+					initial file size, not
+					just allocation size */
+			uint32_t timeout; /* not honoured by win2003 */
+			const char *fname;
+		} in;
+		struct {
+			union smb_handle file;
+			uint16_t attrib;
+			time_t write_time;
+			uint32_t size;
+			uint16_t access;
+			uint16_t ftype;
+			uint16_t devstate;
+			uint16_t action;
+			uint32_t unique_fid;
+			uint32_t access_mask;
+			uint32_t unknown;
+		} out;
+	} openx;
+
+	/* SMBmknew interface */
+	struct {
+		enum smb_open_level level;
+		struct {
+			uint16_t attrib;
+			time_t write_time;
+			const char *fname;
+		} in;
+		struct {
+			union smb_handle file;
+		} out;
+	} mknew, create;
+
+	/* SMBctemp interface */
+	struct {
+		enum smb_open_level level;
+		struct {
+			uint16_t attrib;
+			time_t write_time;
+			const char *directory;
+		} in;
+		struct {
+			union smb_handle file;
+			/* temp name, relative to directory */
+			char *name;
+		} out;
+	} ctemp;
+
+	/* SMBsplopen interface */
+	struct {
+		enum smb_open_level level;
+		struct {
+			uint16_t setup_length;
+			uint16_t mode;
+			const char *ident;
+		} in;
+		struct {
+			union smb_handle file;
+		} out;
+	} splopen;
+
+
+	/* chained OpenX/ReadX interface */
+	struct {
+		enum smb_open_level level;
+		struct {
+			uint16_t flags;
+			uint16_t open_mode;
+			uint16_t search_attrs; /* not honoured by win2003 */
+			uint16_t file_attrs;
+			time_t write_time; /* not honoured by win2003 */
+			uint16_t open_func;
+			uint32_t size; /* note that this sets the
+					initial file size, not
+					just allocation size */
+			uint32_t timeout; /* not honoured by win2003 */
+			const char *fname;
+
+			/* readx part */
+			uint64_t offset;
+			uint16_t mincnt;
+			uint32_t maxcnt;
+			uint16_t remaining;
+		} in;
+		struct {
+			union smb_handle file;
+			uint16_t attrib;
+			time_t write_time;
+			uint32_t size;
+			uint16_t access;
+			uint16_t ftype;
+			uint16_t devstate;
+			uint16_t action;
+			uint32_t unique_fid;
+			uint32_t access_mask;
+			uint32_t unknown;
+
+			/* readx part */
+			uint8_t *data;
+			uint16_t remaining;
+			uint16_t compaction_mode;
+			uint16_t nread;
+		} out;
+	} openxreadx;
+
+	/* chained NTCreateX/ReadX interface */
+	struct {
+		enum smb_open_level level;
+		struct {
+			uint32_t flags;
+			union smb_handle root_fid;
+			uint32_t access_mask;
+			uint64_t alloc_size;
+			uint32_t file_attr;
+			uint32_t share_access;
+			uint32_t open_disposition;
+			uint32_t create_options;
+			uint32_t impersonation;
+			uint8_t  security_flags;
+			/* NOTE: fname can also be a pointer to a
+			 uint64_t file_id if create_options has the
+			 NTCREATEX_OPTIONS_OPEN_BY_FILE_ID flag set */
+			const char *fname;
+
+			/* readx part */
+			uint64_t offset;
+			uint16_t mincnt;
+			uint32_t maxcnt;
+			uint16_t remaining;
+		} in;
+		struct {
+			union smb_handle file;
+			uint8_t oplock_level;
+			uint32_t create_action;
+			NTTIME create_time;
+			NTTIME access_time;
+			NTTIME write_time;
+			NTTIME change_time;
+			uint32_t attrib;
+			uint64_t alloc_size;
+			uint64_t size;
+			uint16_t file_type;
+			uint16_t ipc_state;
+			uint8_t  is_directory;
+
+			/* readx part */
+			uint8_t *data;
+			uint16_t remaining;
+			uint16_t compaction_mode;
+			uint16_t nread;
+		} out;
+	} ntcreatexreadx;
+
+#define SMB2_CREATE_FLAG_REQUEST_OPLOCK           0x0100
+#define SMB2_CREATE_FLAG_REQUEST_EXCLUSIVE_OPLOCK 0x0800
+#define SMB2_CREATE_FLAG_GRANT_OPLOCK             0x0001
+#define SMB2_CREATE_FLAG_GRANT_EXCLUSIVE_OPLOCK   0x0080
+
+	/* SMB2 Create */
+	struct smb2_create {
+		enum smb_open_level level;
+		struct {
+			/* static body buffer 56 (0x38) bytes */
+			uint8_t  security_flags;      /* SMB2_SECURITY_* */
+			uint8_t  oplock_level;        /* SMB2_OPLOCK_LEVEL_* */
+			uint32_t impersonation_level; /* SMB2_IMPERSONATION_* */
+			uint64_t create_flags;
+			uint64_t reserved;
+			uint32_t desired_access;
+			uint32_t file_attributes;
+			uint32_t share_access; /* NTCREATEX_SHARE_ACCESS_* */
+			uint32_t create_disposition; /* NTCREATEX_DISP_* */
+			uint32_t create_options; /* NTCREATEX_OPTIONS_* */
+
+			/* uint16_t fname_ofs */
+			/* uint16_t fname_size */
+			/* uint32_t blob_ofs; */
+			/* uint32_t blob_size; */
+
+			/* dynamic body */
+			const char *fname;
+
+			/* now some optional parameters - encoded as tagged blobs */
+			struct smb_ea_list eas;
+			uint64_t alloc_size;
+			struct security_descriptor *sec_desc;
+			bool   durable_open;
+			struct smb2_handle *durable_handle;
+
+			/* data for durable handle v2 */
+			bool durable_open_v2;
+			struct GUID create_guid;
+			bool persistent_open;
+			uint32_t timeout;
+			struct smb2_handle *durable_handle_v2;
+
+			bool   query_maximal_access;
+			NTTIME timewarp;
+			bool   query_on_disk_id;
+			struct smb2_lease *lease_request;
+			struct smb2_lease *lease_request_v2;
+
+			struct GUID *app_instance_id;
+
+			/* and any additional blobs the caller wants */
+			struct smb2_create_blobs blobs;
+		} in;
+		struct {
+			union smb_handle file;
+
+			/* static body buffer 88 (0x58) bytes */
+			/* uint16_t buffer_code;  0x59 = 0x58 + 1 */
+			uint8_t oplock_level;
+			uint8_t reserved;
+			uint32_t create_action;
+			NTTIME   create_time;
+			NTTIME   access_time;
+			NTTIME   write_time;
+			NTTIME   change_time;
+			uint64_t alloc_size;
+			uint64_t size;
+			uint32_t file_attr;
+			uint32_t reserved2;
+			/* struct smb2_handle handle;*/
+			/* uint32_t blob_ofs; */
+			/* uint32_t blob_size; */
+
+			/* optional return values matching tagged values in the call */
+			uint32_t maximal_access_status;
+			uint32_t maximal_access;
+			uint8_t on_disk_id[32];
+			struct smb2_lease lease_response;
+			struct smb2_lease lease_response_v2;
+			bool durable_open;
+
+			/* durable handle v2 */
+			bool durable_open_v2;
+			bool persistent_open;
+			uint32_t timeout;
+
+			/* tagged blobs in the reply */
+			struct smb2_create_blobs blobs;
+		} out;
+	} smb2;
+};
+
+
+
+enum smb_read_level {
+	RAW_READ_READBRAW,
+	RAW_READ_LOCKREAD,
+	RAW_READ_READ,
+	RAW_READ_READX,
+	RAW_READ_SMB2
+};
+
+#define RAW_READ_GENERIC RAW_READ_READX
+
+/* union for read() backend call
+
+   note that .infoX.out.data will be allocated before the backend is
+   called. It will be big enough to hold the maximum size asked for
+*/
+union smb_read {
+	/* SMBreadX (and generic) interface */
+	struct {
+		enum smb_read_level level;
+		struct {
+			union smb_handle file;
+			uint64_t offset;
+			uint32_t mincnt; /* enforced on SMB2, 16 bit on SMB */
+			uint32_t maxcnt;
+			uint16_t remaining;
+			bool read_for_execute;
+		} in;
+		struct {
+			uint8_t *data;
+			uint16_t remaining;
+			uint16_t compaction_mode;
+			uint32_t nread;
+			uint16_t flags2;
+			uint16_t data_offset;
+		} out;
+	} readx, generic;
+
+	/* SMBreadbraw interface */
+	struct {
+		enum smb_read_level level;
+		struct {
+			union smb_handle file;
+			uint64_t offset;
+			uint16_t  maxcnt;
+			uint16_t  mincnt;
+			uint32_t  timeout;
+		} in;
+		struct {
+			uint8_t *data;
+			uint32_t nread;
+		} out;
+	} readbraw;
+
+
+	/* SMBlockandread interface */
+	struct {
+		enum smb_read_level level;
+		struct {
+			union smb_handle file;
+			uint16_t count;
+			uint32_t offset;
+			uint16_t remaining;
+		} in;
+		struct {
+			uint8_t *data;
+			uint16_t nread;
+		} out;
+	} lockread;
+
+	/* SMBread interface */
+	struct {
+		enum smb_read_level level;
+		struct {
+			union smb_handle file;
+			uint16_t count;
+			uint32_t offset;
+			uint16_t remaining;
+		} in;
+		struct {
+			uint8_t *data;
+			uint16_t nread;
+		} out;
+	} read;
+
+	/* SMB2 Read */
+	struct smb2_read {
+		enum smb_read_level level;
+		struct {
+			union smb_handle file;
+
+			/* static body buffer 48 (0x30) bytes */
+			/* uint16_t buffer_code;  0x31 = 0x30 + 1 */
+			uint8_t _pad;
+			uint8_t reserved;
+			uint32_t length;
+			uint64_t offset;
+			/* struct smb2_handle handle; */
+			uint32_t min_count;
+			uint32_t channel;
+			uint32_t remaining;
+			/* the docs give no indication of what
+			   these channel variables are for */
+			uint16_t channel_offset;
+			uint16_t channel_length;
+		} in;
+		struct {
+			/* static body buffer 16 (0x10) bytes */
+			/* uint16_t buffer_code;  0x11 = 0x10 + 1 */
+			/* uint8_t data_ofs; */
+			/* uint8_t reserved; */
+			/* uint32_t data_size; */
+			uint32_t remaining;
+			uint32_t reserved;
+
+			/* dynamic body */
+			DATA_BLOB data;
+		} out;
+	} smb2;
+};
+
+
+enum smb_write_level {
+	RAW_WRITE_WRITEUNLOCK,
+	RAW_WRITE_WRITE,
+	RAW_WRITE_WRITEX,
+	RAW_WRITE_WRITECLOSE,
+	RAW_WRITE_SPLWRITE,
+	RAW_WRITE_SMB2
+};
+
+#define RAW_WRITE_GENERIC RAW_WRITE_WRITEX
+
+/* union for write() backend call
+*/
+union smb_write {
+	/* SMBwriteX interface */
+	struct {
+		enum smb_write_level level;
+		struct {
+			union smb_handle file;
+			uint64_t offset;
+			uint16_t wmode;
+			uint16_t remaining;
+			uint32_t count;
+			const uint8_t *data;
+		} in;
+		struct {
+			uint32_t nwritten;
+			uint16_t remaining;
+		} out;
+	} writex, generic;
+
+	/* SMBwriteunlock interface */
+	struct {
+		enum smb_write_level level;
+		struct {
+			union smb_handle file;
+			uint16_t count;
+			uint32_t offset;
+			uint16_t remaining;
+			const uint8_t *data;
+		} in;
+		struct {
+			uint32_t nwritten;
+		} out;
+	} writeunlock;
+
+	/* SMBwrite interface */
+	struct {
+		enum smb_write_level level;
+		struct {
+			union smb_handle file;
+			uint16_t count;
+			uint32_t offset;
+			uint16_t remaining;
+			const uint8_t *data;
+		} in;
+		struct {
+			uint16_t nwritten;
+		} out;
+	} write;
+
+	/* SMBwriteclose interface */
+	struct {
+		enum smb_write_level level;
+		struct {
+			union smb_handle file;
+			uint16_t count;
+			uint32_t offset;
+			time_t mtime;
+			const uint8_t *data;
+		} in;
+		struct {
+			uint16_t nwritten;
+		} out;
+	} writeclose;
+
+	/* SMBsplwrite interface */
+	struct {
+		enum smb_write_level level;
+		struct {
+			union smb_handle file;
+			uint16_t count;
+			const uint8_t *data;
+		} in;
+	} splwrite;
+
+	/* SMB2 Write */
+	struct smb2_write {
+		enum smb_write_level level;
+		struct {
+			union smb_handle file;
+
+			/* static body buffer 48 (0x30) bytes */
+			/* uint16_t buffer_code;  0x31 = 0x30 + 1 */
+			/* uint16_t data_ofs; */
+			/* uint32_t data_size; */
+			uint64_t offset;
+			/* struct smb2_handle handle; */
+			uint64_t unknown1; /* 0xFFFFFFFFFFFFFFFF */
+			uint64_t unknown2; /* 0xFFFFFFFFFFFFFFFF */
+
+			/* dynamic body */
+			DATA_BLOB data;
+		} in;
+		struct {
+			/* static body buffer 17 (0x11) bytes */
+			/* uint16_t buffer_code;  0x11 = 0x10 + 1*/
+			uint16_t _pad;
+			uint32_t nwritten;
+			uint64_t unknown1; /* 0x0000000000000000 */
+		} out;
+	} smb2;
+};
+
+
+enum smb_lock_level {
+	RAW_LOCK_LOCK,
+	RAW_LOCK_UNLOCK,
+	RAW_LOCK_LOCKX,
+	RAW_LOCK_SMB2,
+	RAW_LOCK_SMB2_BREAK
+};
+
+#define	RAW_LOCK_GENERIC RAW_LOCK_LOCKX
+
+/* union for lock() backend call
+*/
+union smb_lock {
+	/* SMBlockingX and generic interface */
+	struct {
+		enum smb_lock_level level;
+		struct {
+			union smb_handle file;
+			uint16_t mode;
+			uint32_t timeout;
+			uint16_t ulock_cnt;
+			uint16_t lock_cnt;
+			struct smb_lock_entry {
+				uint32_t pid; /* 16 bits in SMB1 */
+				uint64_t offset;
+				uint64_t count;
+			} *locks; /* unlocks are first in the array */
+		} in;
+	} generic, lockx;
+
+	/* SMBlock and SMBunlock interface */
+	struct {
+		enum smb_lock_level level;
+		struct {
+			union smb_handle file;
+			uint32_t count;
+			uint32_t offset;
+		} in;
+	} lock, unlock;
+
+	/* SMB2 Lock */
+	struct smb2_lock {
+		enum smb_lock_level level;
+		struct {
+			union smb_handle file;
+
+			/* static body buffer 48 (0x30) bytes */
+			/* uint16_t buffer_code;  0x30 */
+			uint16_t lock_count;
+			uint32_t lock_sequence;
+			/* struct smb2_handle handle; */
+			struct smb2_lock_element *locks;
+		} in;
+		struct {
+			/* static body buffer 4 (0x04) bytes */
+			/* uint16_t buffer_code;  0x04 */
+			uint16_t reserved;
+		} out;
+	} smb2;
+
+	/* SMB2 Break */
+	struct smb2_break {
+		enum smb_lock_level level;
+		struct {
+			union smb_handle file;
+
+			/* static body buffer 24 (0x18) bytes */
+			uint8_t oplock_level;
+			uint8_t reserved;
+			uint32_t reserved2;
+			/* struct smb2_handle handle; */
+		} in, out;
+	} smb2_break;
+
+	/* SMB2 Lease Break Ack (same opcode as smb2_break) */
+	struct smb2_lease_break_ack {
+		struct {
+			uint32_t reserved;
+			struct smb2_lease lease;
+		} in, out;
+	} smb2_lease_break_ack;
+};
+
+
+enum smb_close_level {
+	RAW_CLOSE_CLOSE,
+	RAW_CLOSE_SPLCLOSE,
+	RAW_CLOSE_SMB2,
+	RAW_CLOSE_GENERIC,
+};
+
+/*
+  union for close() backend call
+*/
+union smb_close {
+	/* generic interface */
+	struct {
+		enum smb_close_level level;
+		struct {
+			union smb_handle file;
+			time_t write_time;
+			uint16_t flags; /* SMB2_CLOSE_FLAGS_* */
+		} in;
+		struct {
+			uint16_t flags;
+			NTTIME   create_time;
+			NTTIME   access_time;
+			NTTIME   write_time;
+			NTTIME   change_time;
+			uint64_t alloc_size;
+			uint64_t size;
+			uint32_t file_attr;
+		} out;
+	} generic;
+
+	/* SMBclose interface */
+	struct {
+		enum smb_close_level level;
+		struct {
+			union smb_handle file;
+			time_t write_time;
+		} in;
+	} close;
+
+	/* SMBsplclose interface - empty! */
+	struct {
+		enum smb_close_level level;
+		struct {
+			union smb_handle file;
+		} in;
+	} splclose;
+
+	/* SMB2 Close */
+	struct smb2_close {
+		enum smb_close_level level;
+		struct {
+			union smb_handle file;
+
+			/* static body buffer 24 (0x18) bytes */
+			/* uint16_t buffer_code;  0x18 */
+			uint16_t flags; /* SMB2_CLOSE_FLAGS_* */
+			uint32_t _pad;
+		} in;
+		struct {
+			/* static body buffer 60 (0x3C) bytes */
+			/* uint16_t buffer_code;  0x3C */
+			uint16_t flags;
+			uint32_t _pad;
+			NTTIME   create_time;
+			NTTIME   access_time;
+			NTTIME   write_time;
+			NTTIME   change_time;
+			uint64_t alloc_size;
+			uint64_t size;
+			uint32_t file_attr;
+		} out;
+	} smb2;
+};
+
+
+enum smb_lpq_level {RAW_LPQ_GENERIC, RAW_LPQ_RETQ};
+
+/*
+  union for lpq() backend
+*/
+union smb_lpq {
+	/* generic interface */
+	struct {
+		enum smb_lpq_level level;
+
+	} generic;
+
+
+	/* SMBsplretq interface */
+	struct {
+		enum smb_lpq_level level;
+
+		struct {
+			uint16_t maxcount;
+			uint16_t startidx;
+		} in;
+		struct {
+			uint16_t count;
+			uint16_t restart_idx;
+			struct {
+				time_t time;
+				uint8_t status;
+				uint16_t job;
+				uint32_t size;
+				char *user;
+			} *queue;
+		} out;
+	} retq;
+};
+
+enum smb_ioctl_level {
+	RAW_IOCTL_IOCTL,
+	RAW_IOCTL_NTIOCTL,
+	RAW_IOCTL_SMB2,
+	RAW_IOCTL_SMB2_NO_HANDLE
+};
+
+/*
+  union for ioctl() backend
+*/
+union smb_ioctl {
+	/* generic interface */
+	struct {
+		enum smb_ioctl_level level;
+		struct {
+			union smb_handle file;
+		} in;
+	} generic;
+
+	/* struct for SMBioctl */
+	struct {
+		enum smb_ioctl_level level;
+		struct {
+			union smb_handle file;
+			uint32_t request;
+		} in;
+		struct {
+			DATA_BLOB blob;
+		} out;
+	} ioctl;
+
+
+	/* struct for NT ioctl call */
+	struct {
+		enum smb_ioctl_level level;
+		struct {
+			union smb_handle file;
+			uint32_t function;
+			bool fsctl;
+			uint8_t filter;
+			uint32_t max_data;
+			DATA_BLOB blob;
+		} in;
+		struct {
+			DATA_BLOB blob;
+		} out;
+	} ntioctl;
+
+	/* SMB2 Ioctl */
+	struct smb2_ioctl {
+		enum smb_ioctl_level level;
+		struct {
+			union smb_handle file;
+
+			/* static body buffer 56 (0x38) bytes */
+			/* uint16_t buffer_code;  0x39 = 0x38 + 1 */
+			uint16_t reserved;
+			uint32_t function;
+			/*struct smb2_handle handle;*/
+			/* uint32_t out_ofs; */
+			/* uint32_t out_size; */
+			uint32_t max_input_response;
+			/* uint32_t in_ofs; */
+			/* uint32_t in_size; */
+			uint32_t max_output_response;
+			uint32_t flags;
+			uint32_t reserved2;
+
+			/* dynamic body */
+			DATA_BLOB out;
+			DATA_BLOB in;
+		} in;
+		struct {
+			union smb_handle file;
+
+			/* static body buffer 48 (0x30) bytes */
+			/* uint16_t buffer_code;  0x31 = 0x30 + 1 */
+			uint16_t reserved;
+			uint32_t function;
+			/* struct smb2_handle handle; */
+			/* uint32_t in_ofs; */
+			/* uint32_t in_size; */
+			/* uint32_t out_ofs; */
+			/* uint32_t out_size; */
+			uint32_t flags;
+			uint32_t reserved2;
+
+			/* dynamic body */
+			DATA_BLOB in;
+			DATA_BLOB out;
+		} out;
+	} smb2;
+};
+
+enum smb_flush_level {
+	RAW_FLUSH_FLUSH,
+	RAW_FLUSH_ALL,
+	RAW_FLUSH_SMB2
+};
+
+union smb_flush {
+	/* struct for SMBflush */
+	struct {
+		enum smb_flush_level level;
+		struct {
+			union smb_handle file;
+		} in;
+	} flush, generic;
+
+	/* SMBflush with 0xFFFF wildcard fnum */
+	struct {
+		enum smb_flush_level level;
+	} flush_all;
+
+	/* SMB2 Flush */
+	struct smb2_flush {
+		enum smb_flush_level level;
+		struct {
+			union smb_handle file;
+			uint16_t reserved1;
+			uint32_t reserved2;
+		} in;
+		struct {
+			uint16_t reserved;
+		} out;
+	} smb2;
+};
+
+/* struct for SMBcopy */
+struct smb_copy {
+	struct {
+		uint16_t tid2;
+		uint16_t ofun;
+		uint16_t flags;
+		const char *path1;
+		const char *path2;
+	} in;
+	struct {
+		uint16_t count;
+	} out;
+};
+
+
+/* struct for transact/transact2 call */
+struct smb_trans2 {
+	struct {
+		uint16_t max_param;
+		uint16_t max_data;
+		uint8_t  max_setup;
+		uint16_t flags;
+		uint32_t timeout;
+		uint8_t  setup_count;
+		uint16_t *setup;
+		const char *trans_name; /* SMBtrans only */
+		DATA_BLOB params;
+		DATA_BLOB data;
+	} in;
+
+	struct {
+		uint8_t  setup_count;
+		uint16_t *setup;
+		DATA_BLOB params;
+		DATA_BLOB data;
+	} out;
+};
+
+/* struct for nttransact2 call */
+struct smb_nttrans {
+	struct {
+		uint8_t  max_setup;
+		uint32_t max_param;
+		uint32_t max_data;
+		uint8_t setup_count;
+		uint16_t function;
+		uint8_t  *setup;
+		DATA_BLOB params;
+		DATA_BLOB data;
+	} in;
+
+	struct {
+		uint8_t  setup_count; /* in units of 16 bit words */
+		uint8_t  *setup;
+		DATA_BLOB params;
+		DATA_BLOB data;
+	} out;
+};
+
+enum smb_notify_level {
+	RAW_NOTIFY_NTTRANS,
+	RAW_NOTIFY_SMB2
+};
+
+union smb_notify {
+	/* struct for nttrans change notify call */
+	struct {
+		enum smb_notify_level level;
+
+		struct {
+			union smb_handle file;
+			uint32_t buffer_size;
+			uint32_t completion_filter;
+			bool recursive;
+		} in;
+
+		struct {
+			uint32_t num_changes;
+			struct notify_changes {
+				uint32_t action;
+				struct smb_wire_string name;
+			} *changes;
+		} out;
+	} nttrans;
+
+	struct smb2_notify {
+		enum smb_notify_level level;
+
+		struct {
+			union smb_handle file;
+			/* static body buffer 32 (0x20) bytes */
+			/* uint16_t buffer_code;  0x32 */
+			uint16_t recursive;
+			uint32_t buffer_size;
+			/*struct  smb2_handle file;*/
+			uint32_t completion_filter;
+			uint32_t unknown;
+		} in;
+
+		struct {
+			/* static body buffer 8 (0x08) bytes */
+			/* uint16_t buffer_code; 0x09 = 0x08 + 1 */
+			/* uint16_t blob_ofs; */
+			/* uint16_t blob_size; */
+
+			/* dynamic body */
+			/*DATA_BLOB blob;*/
+
+			/* DATA_BLOB content */
+			uint32_t num_changes;
+			struct notify_changes *changes;
+		} out;
+	} smb2;
+};
+
+enum smb_search_level {
+	RAW_SEARCH_SEARCH,	/* SMBsearch */
+	RAW_SEARCH_FFIRST,	/* SMBffirst */
+	RAW_SEARCH_FUNIQUE,	/* SMBfunique */
+	RAW_SEARCH_TRANS2,	/* SMBtrans2 */
+	RAW_SEARCH_SMB2		/* SMB2 Find */
+};
+
+enum smb_search_data_level {
+	RAW_SEARCH_DATA_GENERIC			= 0x10000, /* only used in the smbcli_ code */
+	RAW_SEARCH_DATA_SEARCH,
+	RAW_SEARCH_DATA_STANDARD		= SMB_FIND_STANDARD,
+	RAW_SEARCH_DATA_EA_SIZE			= SMB_FIND_EA_SIZE,
+	RAW_SEARCH_DATA_EA_LIST			= SMB_FIND_EA_LIST,
+	RAW_SEARCH_DATA_DIRECTORY_INFO		= SMB_FIND_DIRECTORY_INFO,
+	RAW_SEARCH_DATA_FULL_DIRECTORY_INFO	= SMB_FIND_FULL_DIRECTORY_INFO,
+	RAW_SEARCH_DATA_NAME_INFO		= SMB_FIND_NAME_INFO,
+	RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO	= SMB_FIND_BOTH_DIRECTORY_INFO,
+	RAW_SEARCH_DATA_ID_FULL_DIRECTORY_INFO	= SMB_FIND_ID_FULL_DIRECTORY_INFO,
+	RAW_SEARCH_DATA_ID_BOTH_DIRECTORY_INFO	= SMB_FIND_ID_BOTH_DIRECTORY_INFO,
+	RAW_SEARCH_DATA_UNIX_INFO		= SMB_FIND_UNIX_INFO,
+	RAW_SEARCH_DATA_UNIX_INFO2		= SMB_FIND_UNIX_INFO2
+};
+
+/* union for file search */
+union smb_search_first {
+	struct {
+		enum smb_search_level level;
+		enum smb_search_data_level data_level;
+	} generic;
+
+	/* search (old) findfirst interface.
+	   Also used for ffirst and funique. */
+	struct {
+		enum smb_search_level level;
+		enum smb_search_data_level data_level;
+
+		struct {
+			uint16_t max_count;
+			uint16_t search_attrib;
+			const char *pattern;
+		} in;
+		struct {
+			int16_t count;
+		} out;
+	} search_first;
+
+	/* trans2 findfirst interface */
+	struct {
+		enum smb_search_level level;
+		enum smb_search_data_level data_level;
+
+		struct {
+			uint16_t search_attrib;
+			uint16_t max_count;
+			uint16_t flags;
+			uint32_t storage_type;
+			const char *pattern;
+
+			/* the ea names are only used for RAW_SEARCH_EA_LIST */
+			unsigned int num_names;
+			struct ea_name *ea_names;
+		} in;
+		struct {
+			uint16_t handle;
+			uint16_t count;
+			uint16_t end_of_search;
+		} out;
+	} t2ffirst;
+
+	/* SMB2 Find */
+	struct smb2_find {
+		enum smb_search_level level;
+		enum smb_search_data_level data_level;
+		struct {
+			union smb_handle file;
+
+			/* static body buffer 32 (0x20) bytes */
+			/* uint16_t buffer_code;  0x21 = 0x20 + 1 */
+			uint8_t level;
+			uint8_t continue_flags; /* SMB2_CONTINUE_FLAG_* */
+			uint32_t file_index;
+			/* struct smb2_handle handle; */
+			/* uint16_t pattern_ofs; */
+			/* uint16_t pattern_size; */
+			uint32_t max_response_size;
+
+			/* dynamic body */
+			const char *pattern;
+		} in;
+		struct {
+			/* static body buffer 8 (0x08) bytes */
+			/* uint16_t buffer_code;  0x08 */
+			/* uint16_t blob_ofs; */
+			/* uint32_t blob_size; */
+
+			/* dynamic body */
+			DATA_BLOB blob;
+		} out;
+	} smb2;
+};
+
+/* union for file search continue */
+union smb_search_next {
+	struct {
+		enum smb_search_level level;
+		enum smb_search_data_level data_level;
+	} generic;
+
+	/* search (old) findnext interface. Also used
+	   for ffirst when continuing */
+	struct {
+		enum smb_search_level level;
+		enum smb_search_data_level data_level;
+
+		struct {
+			uint16_t max_count;
+			uint16_t search_attrib;
+			struct smb_search_id {
+				uint8_t reserved;
+				char name[11];
+				uint8_t handle;
+				uint32_t server_cookie;
+				uint32_t client_cookie;
+			} id;
+		} in;
+		struct {
+			uint16_t count;
+		} out;
+	} search_next;
+
+	/* trans2 findnext interface */
+	struct {
+		enum smb_search_level level;
+		enum smb_search_data_level data_level;
+
+		struct {
+			uint16_t handle;
+			uint16_t max_count;
+			uint32_t resume_key;
+			uint16_t flags;
+			const char *last_name;
+
+			/* the ea names are only used for RAW_SEARCH_EA_LIST */
+			unsigned int num_names;
+			struct ea_name *ea_names;
+		} in;
+		struct {
+			uint16_t count;
+			uint16_t end_of_search;
+		} out;
+	} t2fnext;
+
+	/* SMB2 Find */
+	struct smb2_find smb2;
+};
+
+/* union for search reply file data */
+union smb_search_data {
+	/*
+	 * search (old) findfirst
+	 * RAW_SEARCH_DATA_SEARCH
+	 */
+	struct {
+		uint16_t attrib;
+		time_t write_time;
+		uint32_t size;
+		struct smb_search_id id;
+		const char *name;
+	} search;
+
+	/* trans2 findfirst RAW_SEARCH_DATA_STANDARD level */
+	struct {
+		uint32_t resume_key;
+		time_t create_time;
+		time_t access_time;
+		time_t write_time;
+		uint32_t size;
+		uint32_t alloc_size;
+		uint16_t attrib;
+		struct smb_wire_string name;
+	} standard;
+
+	/* trans2 findfirst RAW_SEARCH_DATA_EA_SIZE level */
+	struct {
+		uint32_t resume_key;
+		time_t create_time;
+		time_t access_time;
+		time_t write_time;
+		uint32_t size;
+		uint32_t alloc_size;
+		uint16_t attrib;
+		uint32_t ea_size;
+		struct smb_wire_string name;
+	} ea_size;
+
+	/* trans2 findfirst RAW_SEARCH_DATA_EA_LIST level */
+	struct {
+		uint32_t resume_key;
+		time_t create_time;
+		time_t access_time;
+		time_t write_time;
+		uint32_t size;
+		uint32_t alloc_size;
+		uint16_t attrib;
+		struct smb_ea_list eas;
+		struct smb_wire_string name;
+	} ea_list;
+
+	/* RAW_SEARCH_DATA_DIRECTORY_INFO interface */
+	struct {
+		uint32_t file_index;
+		NTTIME create_time;
+		NTTIME access_time;
+		NTTIME write_time;
+		NTTIME change_time;
+		uint64_t  size;
+		uint64_t  alloc_size;
+		uint32_t   attrib;
+		struct smb_wire_string name;
+	} directory_info;
+
+	/* RAW_SEARCH_DATA_FULL_DIRECTORY_INFO interface */
+	struct {
+		uint32_t file_index;
+		NTTIME create_time;
+		NTTIME access_time;
+		NTTIME write_time;
+		NTTIME change_time;
+		uint64_t  size;
+		uint64_t  alloc_size;
+		uint32_t   attrib;
+		uint32_t   ea_size;
+		struct smb_wire_string name;
+	} full_directory_info;
+
+	/* RAW_SEARCH_DATA_NAME_INFO interface */
+	struct {
+		uint32_t file_index;
+		struct smb_wire_string name;
+	} name_info;
+
+	/* RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO interface */
+	struct {
+		uint32_t file_index;
+		NTTIME create_time;
+		NTTIME access_time;
+		NTTIME write_time;
+		NTTIME change_time;
+		uint64_t  size;
+		uint64_t  alloc_size;
+		uint32_t   attrib;
+		uint32_t   ea_size;
+		struct smb_wire_string short_name;
+		struct smb_wire_string name;
+	} both_directory_info;
+
+	/* RAW_SEARCH_DATA_ID_FULL_DIRECTORY_INFO interface */
+	struct {
+		uint32_t file_index;
+		NTTIME create_time;
+		NTTIME access_time;
+		NTTIME write_time;
+		NTTIME change_time;
+		uint64_t size;
+		uint64_t alloc_size;
+		uint32_t attrib;
+		uint32_t ea_size;
+		uint64_t file_id;
+		struct smb_wire_string name;
+	} id_full_directory_info;
+
+	/* RAW_SEARCH_DATA_ID_BOTH_DIRECTORY_INFO interface */
+	struct {
+		uint32_t file_index;
+		NTTIME create_time;
+		NTTIME access_time;
+		NTTIME write_time;
+		NTTIME change_time;
+		uint64_t size;
+		uint64_t alloc_size;
+		uint32_t  attrib;
+		uint32_t  ea_size;
+		uint64_t file_id;
+		uint8_t short_name_buf[24];
+		struct smb_wire_string short_name;
+		struct smb_wire_string name;
+	} id_both_directory_info;
+
+	/* RAW_SEARCH_DATA_UNIX_INFO interface */
+	struct {
+		uint32_t file_index;
+		uint64_t size;
+		uint64_t alloc_size;
+		NTTIME status_change_time;
+		NTTIME access_time;
+		NTTIME change_time;
+		uint64_t uid;
+		uint64_t gid;
+		uint32_t file_type;
+		uint64_t dev_major;
+		uint64_t dev_minor;
+		uint64_t unique_id;
+		uint64_t permissions;
+		uint64_t nlink;
+		const char *name;
+	} unix_info;
+
+	/* RAW_SEARCH_DATA_UNIX_INFO2 interface */
+	struct {
+		uint32_t file_index;
+		uint64_t end_of_file;
+		uint64_t num_bytes;
+		NTTIME status_change_time;
+		NTTIME access_time;
+		NTTIME change_time;
+		uint64_t uid;
+		uint64_t gid;
+		uint32_t file_type;
+		uint64_t dev_major;
+		uint64_t dev_minor;
+		uint64_t unique_id;
+		uint64_t permissions;
+		uint64_t nlink;
+		NTTIME create_time;
+		uint32_t file_flags;
+		uint32_t flags_mask;
+		struct smb_wire_string name;
+	} unix_info2;
+};
+
+/* Callback function passed to the raw search interface. */
+typedef bool (*smbcli_search_callback)(void *private_data, const union smb_search_data *file);
+
+enum smb_search_close_level {RAW_FINDCLOSE_GENERIC, RAW_FINDCLOSE_FCLOSE, RAW_FINDCLOSE_FINDCLOSE};
+
+/* union for file search close */
+union smb_search_close {
+	struct {
+		enum smb_search_close_level level;
+	} generic;
+
+	/* SMBfclose (old search) interface */
+	struct {
+		enum smb_search_close_level level;
+
+		struct {
+			/* max_count and search_attrib are not used, but are present */
+			uint16_t max_count;
+			uint16_t search_attrib;
+			struct smb_search_id id;
+		} in;
+	} fclose;
+
+	/* SMBfindclose interface */
+	struct {
+		enum smb_search_close_level level;
+
+		struct {
+			uint16_t handle;
+		} in;
+	} findclose;
+};
+
+
+/*
+  struct for SMBecho call
+*/
+struct smb_echo {
+	struct {
+		uint16_t repeat_count;
+		uint16_t size;
+		uint8_t *data;
+	} in;
+	struct {
+		uint16_t count;
+		uint16_t sequence_number;
+		uint16_t size;
+		uint8_t *data;
+	} out;
+};
+
+/*
+  struct for shadow copy volumes
+ */
+struct smb_shadow_copy {
+	struct {
+		union smb_handle file;
+		uint32_t max_data;
+	} in;
+	struct {
+		uint32_t num_volumes;
+		uint32_t num_names;
+		const char **names;
+	} out;
+};
+
+#endif /* __LIBCLI_RAW_INTERFACES_H__ */
diff --git a/source4/libcli/raw/libcliraw.h b/source4/libcli/raw/libcliraw.h
new file mode 100644
index 0000000..3584cdc
--- /dev/null
+++ b/source4/libcli/raw/libcliraw.h
@@ -0,0 +1,343 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB parameters and setup
+
+   Copyright (C) Andrew Tridgell 2002-2004
+   Copyright (C) James Myers 2003 <myersjj@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __LIBCLI_RAW_H__
+#define __LIBCLI_RAW_H__
+
+#include "../libcli/smb/smb_common.h"
+#include "libcli/raw/request.h"
+#include "librpc/gen_ndr/nbt.h"
+#include "libcli/raw/interfaces.h"
+#include "libcli/smb/smb2_negotiate_context.h"
+
+struct smbcli_tree;  /* forward declare */
+struct smbcli_request;  /* forward declare */
+struct smbcli_session;  /* forward declare */
+struct smbcli_transport;  /* forward declare */
+
+struct resolve_context;
+struct cli_credentials;
+struct gensec_settings;
+
+/* default timeout for all smb requests */
+#define SMB_REQUEST_TIMEOUT 60
+
+/* context that will be and has been negotiated between the client and server */
+struct smbcli_negotiate {
+	/* 
+	 * negotiated maximum transmit size - this is given to us by the server
+	 */
+	uint32_t max_xmit;
+
+	/* maximum number of requests that can be multiplexed */
+	uint16_t max_mux;
+
+	/* the negotiatiated protocol */
+	enum protocol_types protocol;
+
+	uint8_t sec_mode;		/* security mode returned by negprot */
+	DATA_BLOB secblob;      /* cryptkey or negTokenInit blob */
+	uint32_t sesskey;
+
+	/* capabilities that the server reported */
+	uint32_t capabilities;
+	
+	int server_zone;
+	time_t server_time;
+
+	unsigned int readbraw_supported:1;
+	unsigned int writebraw_supported:1;
+	unsigned int lockread_supported:1;
+};
+	
+/* this is the context for a SMB socket associated with the socket itself */
+struct smbcli_socket {
+	struct socket_context *sock;
+
+	/* what port we ended up connected to */
+	int port;
+
+	/* the hostname we connected to */
+	const char *hostname;
+
+	/* the event handle for waiting for socket IO */
+	struct {
+		struct tevent_context *ctx;
+		struct tevent_fd *fde;
+		struct tevent_timer *te;
+	} event;
+};
+
+/*
+  this structure allows applications to control the behaviour of the
+  client library
+*/
+struct smbcli_options {
+	unsigned int use_oplocks:1;
+	unsigned int use_level2_oplocks:1;
+	unsigned int use_spnego:1;
+	unsigned int unicode:1;
+	unsigned int ntstatus_support:1;
+	int min_protocol;
+	int max_protocol;
+	uint32_t max_xmit;
+	uint16_t max_mux;
+	int request_timeout;
+	enum smb_signing_setting signing;
+	uint32_t smb2_capabilities;
+	struct GUID client_guid;
+	uint64_t max_credits;
+	unsigned int only_negprot;
+	struct smb311_capabilities smb3_capabilities;
+};
+
+/* this is the context for the client transport layer */
+struct smbcli_transport {
+	struct tevent_context *ev; /* TODO: remove this !!! */
+	struct smbXcli_conn *conn;
+
+	/* negotiated protocol information */
+	struct smbcli_negotiate negotiate;
+
+	/* options to control the behaviour of the client code */
+	struct smbcli_options options;
+
+	/* an idle function - if this is defined then it will be
+	   called once every period microseconds while we are waiting
+	   for a packet */
+	struct {
+		void (*func)(struct smbcli_transport *, void *);
+		void *private_data;
+		unsigned int period;
+		struct tevent_timer *te;
+	} idle;
+
+	/* the error fields from the last message */
+	struct {
+		enum {ETYPE_NONE, ETYPE_SMB, ETYPE_SOCKET, ETYPE_NBT} etype;
+		union {
+			NTSTATUS nt_status;
+			enum {SOCKET_READ_TIMEOUT,
+			      SOCKET_READ_EOF,
+			      SOCKET_READ_ERROR,
+			      SOCKET_WRITE_ERROR,
+			      SOCKET_READ_BAD_SIG} socket_error;
+			unsigned int nbt_error;
+		} e;
+	} error;
+
+	struct {
+		/* a oplock break request handler */
+		bool (*handler)(struct smbcli_transport *transport, 
+				uint16_t tid, uint16_t fnum, uint8_t level, void *private_data);
+		/* private data passed to the oplock handler */
+		void *private_data;
+	} oplock;
+	struct tevent_req *break_subreq;
+};
+
+/* this is the context for the user */
+
+/* this is the context for the session layer */
+struct smbcli_session {	
+	/* transport layer info */
+	struct smbcli_transport *transport;
+	
+	/* after a session setup the server provides us with
+	   a vuid identifying the security context */
+	struct smbXcli_session *smbXcli;
+	uint16_t vuid;
+
+	/* default pid for this session */
+	uint32_t pid;
+
+	/* the flags2 for each packet - this allows
+	   the user to control these for torture testing */
+	uint16_t flags2;
+
+	/* the spnego context if we use extended security */
+	struct gensec_security *gensec;
+
+	struct smbcli_session_options {
+		unsigned int lanman_auth:1;
+		unsigned int ntlmv2_auth:1;
+		unsigned int plaintext_auth:1;
+	} options;
+
+	const char *os;
+	const char *lanman;
+};
+
+/* 
+   smbcli_tree context: internal state for a tree connection. 
+ */
+struct smbcli_tree {
+	/* session layer info */
+	struct smbcli_session *session;
+
+	struct smbXcli_tcon *smbXcli;
+	uint16_t tid;			/* tree id, aka cnum */
+	char *device;
+	char *fs_type;
+};
+
+
+/*
+  a client request moves between the following 4 states.
+*/
+enum smbcli_request_state {SMBCLI_REQUEST_INIT, /* we are creating the request */
+			SMBCLI_REQUEST_RECV, /* we are waiting for a matching reply */
+			SMBCLI_REQUEST_DONE, /* the request is finished */
+			SMBCLI_REQUEST_ERROR}; /* a packet or transport level error has occurred */
+
+/* the context for a single SMB request. This is passed to any request-context 
+ * functions (similar to context.h, the server version).
+ * This will allow requests to be multi-threaded. */
+struct smbcli_request {
+	/* smbXcli_req */
+	struct tevent_req *subreqs[2];
+
+	/* each request is in one of 4 possible states */
+	enum smbcli_request_state state;
+	
+	/* a request always has a transport context, nearly always has
+	   a session context and usually has a tree context */
+	struct smbcli_transport *transport;
+	struct smbcli_session *session;
+	struct smbcli_tree *tree;
+
+	/* the flags2 from the SMB request, in raw form (host byte
+	   order). Used to parse strings */
+	uint16_t flags2;
+
+	/* the NT status for this request. Set by packet receive code
+	   or code detecting error. */
+	NTSTATUS status;
+
+	/* the caller wants to do the signing check */
+	bool sign_caller_checks;
+
+	/* give the caller a chance to prevent the talloc_free() in the _recv() function */
+	bool do_not_free;
+
+	struct smb_request_buffer in;
+	struct smb_request_buffer out;
+
+	struct smb_trans2 trans2;
+	struct smb_nttrans nttrans;
+
+	/* information on what to do with a reply when it is received
+	   asynchronously. If this is not setup when a reply is received then
+	   the reply is discarded
+
+	   The private pointer is private to the caller of the client
+	   library (the application), not private to the library
+	*/
+	struct {
+		void (*fn)(struct smbcli_request *);
+		void *private_data;
+	} async;
+};
+
+/* useful way of catching wct errors with file and line number */
+#define SMBCLI_CHECK_MIN_WCT(req, wcount) if ((req)->in.wct < (wcount)) { \
+      DEBUG(1,("Unexpected WCT %d at %s(%d) - expected min %d\n", (req)->in.wct, __FILE__, __LINE__, wcount)); \
+      req->status = NT_STATUS_INVALID_PARAMETER; \
+      goto failed; \
+}
+
+#define SMBCLI_CHECK_WCT(req, wcount) if ((req)->in.wct != (wcount)) { \
+      DEBUG(1,("Unexpected WCT %d at %s(%d) - expected %d\n", (req)->in.wct, __FILE__, __LINE__, wcount)); \
+      req->status = NT_STATUS_INVALID_PARAMETER; \
+      goto failed; \
+}
+
+NTSTATUS smb_raw_read_recv(struct smbcli_request *req, union smb_read *parms);
+struct smbcli_request *smb_raw_read_send(struct smbcli_tree *tree, union smb_read *parms);
+NTSTATUS smb_raw_trans_recv(struct smbcli_request *req,
+			     TALLOC_CTX *mem_ctx,
+			     struct smb_trans2 *parms);
+struct smbcli_request *smb_raw_trans_send(struct smbcli_tree *tree, struct smb_trans2 *parms);
+NTSTATUS smbcli_request_destroy(struct smbcli_request *req);
+struct smbcli_request *smb_raw_write_send(struct smbcli_tree *tree, union smb_write *parms);
+NTSTATUS smb_raw_write_recv(struct smbcli_request *req, union smb_write *parms);
+struct smbcli_request *smb_raw_close_send(struct smbcli_tree *tree, union smb_close *parms);
+NTSTATUS smb_raw_open_recv(struct smbcli_request *req, TALLOC_CTX *mem_ctx, union smb_open *parms);
+struct smbcli_request *smb_raw_open_send(struct smbcli_tree *tree, union smb_open *parms);
+
+bool smbcli_transport_process(struct smbcli_transport *transport);
+const char *smbcli_errstr(struct smbcli_tree *tree);
+NTSTATUS smb_raw_fsinfo(struct smbcli_tree *tree, TALLOC_CTX *mem_ctx, union smb_fsinfo *fsinfo);
+NTSTATUS smb_raw_setfsinfo(struct smbcli_tree *tree, TALLOC_CTX *mem_ctx, union smb_setfsinfo *set_fsinfo);
+NTSTATUS smb_raw_pathinfo(struct smbcli_tree *tree, TALLOC_CTX *mem_ctx, union smb_fileinfo *parms);
+NTSTATUS smb_raw_shadow_data(struct smbcli_tree *tree, TALLOC_CTX *mem_ctx, struct smb_shadow_copy *info);
+NTSTATUS smb_raw_fileinfo(struct smbcli_tree *tree, TALLOC_CTX *mem_ctx, union smb_fileinfo *parms);
+struct smbcli_tree *smbcli_tree_init(struct smbcli_session *session, TALLOC_CTX *parent_ctx, bool primary);
+NTSTATUS smb_raw_tcon(struct smbcli_tree *tree, TALLOC_CTX *mem_ctx, union smb_tcon *parms);
+void smbcli_oplock_handler(struct smbcli_transport *transport, 
+			bool (*handler)(struct smbcli_transport *, uint16_t, uint16_t, uint8_t, void *),
+			void *private_data);
+void smbcli_transport_idle_handler(struct smbcli_transport *transport, 
+				   void (*idle_func)(struct smbcli_transport *, void *),
+				   uint64_t period,
+				   void *private_data);
+NTSTATUS smbcli_request_simple_recv(struct smbcli_request *req);
+bool smbcli_oplock_ack(struct smbcli_tree *tree, uint16_t fnum, uint16_t ack_level);
+NTSTATUS smb_raw_open(struct smbcli_tree *tree, TALLOC_CTX *mem_ctx, union smb_open *parms);
+NTSTATUS smb_raw_close(struct smbcli_tree *tree, union smb_close *parms);
+NTSTATUS smb_raw_unlink(struct smbcli_tree *tree, union smb_unlink *parms);
+NTSTATUS smb_raw_chkpath(struct smbcli_tree *tree, union smb_chkpath *parms);
+NTSTATUS smb_raw_mkdir(struct smbcli_tree *tree, union smb_mkdir *parms);
+NTSTATUS smb_raw_rmdir(struct smbcli_tree *tree, struct smb_rmdir *parms);
+NTSTATUS smb_raw_rename(struct smbcli_tree *tree, union smb_rename *parms);
+NTSTATUS smb_raw_seek(struct smbcli_tree *tree, union smb_seek *parms);
+NTSTATUS smb_raw_read(struct smbcli_tree *tree, union smb_read *parms);
+NTSTATUS smb_raw_write(struct smbcli_tree *tree, union smb_write *parms);
+NTSTATUS smb_raw_lock(struct smbcli_tree *tree, union smb_lock *parms);
+NTSTATUS smb_raw_setpathinfo(struct smbcli_tree *tree, union smb_setfileinfo *parms);
+NTSTATUS smb_raw_setfileinfo(struct smbcli_tree *tree, union smb_setfileinfo *parms);
+
+struct smbcli_request *smb_raw_changenotify_send(struct smbcli_tree *tree, union smb_notify *parms);
+NTSTATUS smb_raw_changenotify_recv(struct smbcli_request *req, TALLOC_CTX *mem_ctx, union smb_notify *parms);
+
+NTSTATUS smb_tree_disconnect(struct smbcli_tree *tree);
+NTSTATUS smbcli_nt_error(struct smbcli_tree *tree);
+NTSTATUS smb_raw_exit(struct smbcli_session *session);
+NTSTATUS smb_raw_pathinfo_recv(struct smbcli_request *req,
+			       TALLOC_CTX *mem_ctx,
+			       union smb_fileinfo *parms);
+struct smbcli_request *smb_raw_pathinfo_send(struct smbcli_tree *tree,
+					     union smb_fileinfo *parms);
+struct smbcli_request *smb_raw_setpathinfo_send(struct smbcli_tree *tree,
+					     union smb_setfileinfo *parms);
+struct smbcli_request *smb_raw_echo_send(struct smbcli_transport *transport,
+					 struct smb_echo *p);
+NTSTATUS smb_raw_search_first(struct smbcli_tree *tree,
+			      TALLOC_CTX *mem_ctx,
+			      union smb_search_first *io, void *private_data,
+			      smbcli_search_callback callback);
+NTSTATUS smb_raw_flush(struct smbcli_tree *tree, union smb_flush *parms);
+
+NTSTATUS smb_raw_trans(struct smbcli_tree *tree,
+		       TALLOC_CTX *mem_ctx,
+		       struct smb_trans2 *parms);
+
+#endif /* __LIBCLI_RAW__H__ */
diff --git a/source4/libcli/raw/rawacl.c b/source4/libcli/raw/rawacl.c
new file mode 100644
index 0000000..a6ff776
--- /dev/null
+++ b/source4/libcli/raw/rawacl.c
@@ -0,0 +1,163 @@
+/*
+   Unix SMB/CIFS implementation.
+   ACL get/set operations
+
+   Copyright (C) Andrew Tridgell 2003-2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "librpc/gen_ndr/ndr_security.h"
+
+/****************************************************************************
+fetch file ACL (async send)
+****************************************************************************/
+struct smbcli_request *smb_raw_query_secdesc_send(struct smbcli_tree *tree,
+						  union smb_fileinfo *io)
+{
+	struct smb_nttrans nt;
+	uint8_t params[8];
+
+	nt.in.max_setup = 0;
+	nt.in.max_param = 4;
+	nt.in.max_data = 0xFFFF;
+	nt.in.setup_count = 0;
+	nt.in.function = NT_TRANSACT_QUERY_SECURITY_DESC;
+	nt.in.setup = NULL;
+
+	SSVAL(params, 0, io->query_secdesc.in.file.fnum);
+	SSVAL(params, 2, 0); /* padding */
+	SIVAL(params, 4, io->query_secdesc.in.secinfo_flags);
+
+	nt.in.params.data = params;
+	nt.in.params.length = 8;
+
+	nt.in.data = data_blob(NULL, 0);
+
+	return smb_raw_nttrans_send(tree, &nt);
+}
+
+
+/****************************************************************************
+fetch file ACL (async recv)
+****************************************************************************/
+NTSTATUS smb_raw_query_secdesc_recv(struct smbcli_request *req,
+				    TALLOC_CTX *mem_ctx,
+				    union smb_fileinfo *io)
+{
+	NTSTATUS status;
+	struct smb_nttrans nt;
+	struct ndr_pull *ndr;
+	enum ndr_err_code ndr_err;
+
+	status = smb_raw_nttrans_recv(req, mem_ctx, &nt);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	/* check that the basics are valid */
+	if (nt.out.params.length != 4 ||
+	    IVAL(nt.out.params.data, 0) > nt.out.data.length) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	nt.out.data.length = IVAL(nt.out.params.data, 0);
+
+	ndr = ndr_pull_init_blob(&nt.out.data, mem_ctx);
+	if (!ndr) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	io->query_secdesc.out.sd = talloc(mem_ctx, struct security_descriptor);
+	if (!io->query_secdesc.out.sd) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	ndr_err = ndr_pull_security_descriptor(ndr, NDR_SCALARS|NDR_BUFFERS,
+					       io->query_secdesc.out.sd);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+/****************************************************************************
+fetch file ACL (sync interface)
+****************************************************************************/
+NTSTATUS smb_raw_query_secdesc(struct smbcli_tree *tree,
+			       TALLOC_CTX *mem_ctx,
+			       union smb_fileinfo *io)
+{
+	struct smbcli_request *req = smb_raw_query_secdesc_send(tree, io);
+	return smb_raw_query_secdesc_recv(req, mem_ctx, io);
+}
+
+
+
+/****************************************************************************
+set file ACL (async send)
+****************************************************************************/
+struct smbcli_request *smb_raw_set_secdesc_send(struct smbcli_tree *tree,
+						union smb_setfileinfo *io)
+{
+	struct smb_nttrans nt;
+	uint8_t params[8];
+	struct ndr_push *ndr;
+	struct smbcli_request *req;
+	enum ndr_err_code ndr_err;
+
+	nt.in.max_setup = 0;
+	nt.in.max_param = 0;
+	nt.in.max_data = 0;
+	nt.in.setup_count = 0;
+	nt.in.function = NT_TRANSACT_SET_SECURITY_DESC;
+	nt.in.setup = NULL;
+
+	SSVAL(params, 0, io->set_secdesc.in.file.fnum);
+	SSVAL(params, 2, 0); /* padding */
+	SIVAL(params, 4, io->set_secdesc.in.secinfo_flags);
+
+	nt.in.params.data = params;
+	nt.in.params.length = 8;
+
+	ndr = ndr_push_init_ctx(NULL);
+	if (!ndr) return NULL;
+
+	ndr_err = ndr_push_security_descriptor(ndr, NDR_SCALARS|NDR_BUFFERS, io->set_secdesc.in.sd);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(ndr);
+		return NULL;
+	}
+
+	nt.in.data = ndr_push_blob(ndr);
+
+	req = smb_raw_nttrans_send(tree, &nt);
+
+	talloc_free(ndr);
+	return req;
+}
+
+/****************************************************************************
+set file ACL (sync interface)
+****************************************************************************/
+NTSTATUS smb_raw_set_secdesc(struct smbcli_tree *tree,
+			     union smb_setfileinfo *io)
+{
+	struct smbcli_request *req = smb_raw_set_secdesc_send(tree, io);
+	return smbcli_request_simple_recv(req);
+}
diff --git a/source4/libcli/raw/rawdate.c b/source4/libcli/raw/rawdate.c
new file mode 100644
index 0000000..b9af57f
--- /dev/null
+++ b/source4/libcli/raw/rawdate.c
@@ -0,0 +1,82 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   raw date handling functions
+
+   Copyright (C) Andrew Tridgell 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+
+/*******************************************************************
+put a dos date into a buffer (time/date format)
+This takes GMT time and puts local time for zone_offset in the buffer
+********************************************************************/
+void raw_push_dos_date(struct smbcli_transport *transport,
+		      uint8_t *buf, int offset, time_t unixdate)
+{
+	push_dos_date(buf, offset, unixdate, transport->negotiate.server_zone);
+}
+
+/*******************************************************************
+put a dos date into a buffer (date/time format)
+This takes GMT time and puts local time in the buffer
+********************************************************************/
+void raw_push_dos_date2(struct smbcli_transport *transport,
+		       uint8_t *buf, int offset, time_t unixdate)
+{
+	push_dos_date2(buf, offset, unixdate, transport->negotiate.server_zone);
+}
+
+/*******************************************************************
+put a dos 32 bit "unix like" date into a buffer. This routine takes
+GMT and converts it to LOCAL time in zone_offset before putting it
+********************************************************************/
+void raw_push_dos_date3(struct smbcli_transport *transport,
+		       uint8_t *buf, int offset, time_t unixdate)
+{
+	push_dos_date3(buf, offset, unixdate, transport->negotiate.server_zone);
+}
+
+/*******************************************************************
+convert a dos date
+********************************************************************/
+time_t raw_pull_dos_date(struct smbcli_transport *transport,
+			 const uint8_t *date_ptr)
+{
+	return pull_dos_date(date_ptr, transport->negotiate.server_zone);
+}
+
+/*******************************************************************
+like raw_pull_dos_date() but the words are reversed
+********************************************************************/
+time_t raw_pull_dos_date2(struct smbcli_transport *transport,
+			  const uint8_t *date_ptr)
+{
+	return pull_dos_date2(date_ptr, transport->negotiate.server_zone);
+}
+
+/*******************************************************************
+  create a unix GMT date from a dos date in 32 bit "unix like" format
+  these arrive in server zone, with corresponding DST
+  ******************************************************************/
+time_t raw_pull_dos_date3(struct smbcli_transport *transport,
+			  const uint8_t *date_ptr)
+{
+	return pull_dos_date3(date_ptr, transport->negotiate.server_zone);
+}
diff --git a/source4/libcli/raw/raweas.c b/source4/libcli/raw/raweas.c
new file mode 100644
index 0000000..ee3a999
--- /dev/null
+++ b/source4/libcli/raw/raweas.c
@@ -0,0 +1,371 @@
+/*
+   Unix SMB/CIFS implementation.
+   parsing of EA (extended attribute) lists
+   Copyright (C) Andrew Tridgell 2003
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+
+/*
+  work out how many bytes on the wire a ea list will consume.
+  This assumes the names are strict ascii, which should be a
+  reasonable assumption
+*/
+size_t ea_list_size(unsigned int num_eas, struct ea_struct *eas)
+{
+	unsigned int total = 4;
+	int i;
+	for (i=0;i<num_eas;i++) {
+		total += 4 + strlen(eas[i].name.s)+1 + eas[i].value.length;
+	}
+	return total;
+}
+
+/*
+  work out how many bytes on the wire a ea name list will consume.
+*/
+static unsigned int ea_name_list_size(unsigned int num_names, struct ea_name *eas)
+{
+	unsigned int total = 4;
+	int i;
+	for (i=0;i<num_names;i++) {
+		total += 1 + strlen(eas[i].name.s) + 1;
+	}
+	return total;
+}
+
+/*
+  work out how many bytes on the wire a chained ea list will consume.
+  This assumes the names are strict ascii, which should be a
+  reasonable assumption
+*/
+size_t ea_list_size_chained(unsigned int num_eas, struct ea_struct *eas, unsigned alignment)
+{
+	unsigned int total = 0;
+	int i;
+	for (i=0;i<num_eas;i++) {
+		unsigned int len = 8 + strlen(eas[i].name.s)+1 + eas[i].value.length;
+		len = (len + (alignment-1)) & ~(alignment-1);
+		total += len;
+	}
+	return total;
+}
+
+/*
+  put a ea_list into a pre-allocated buffer - buffer must be at least
+  of size ea_list_size()
+*/
+void ea_put_list(uint8_t *data, unsigned int num_eas, struct ea_struct *eas)
+{
+	int i;
+	uint32_t ea_size;
+
+	ea_size = ea_list_size(num_eas, eas);
+
+	SIVAL(data, 0, ea_size);
+	data += 4;
+
+	for (i=0;i<num_eas;i++) {
+		unsigned int nlen = strlen(eas[i].name.s);
+		SCVAL(data, 0, eas[i].flags);
+		SCVAL(data, 1, nlen);
+		SSVAL(data, 2, eas[i].value.length);
+		memcpy(data+4, eas[i].name.s, nlen+1);
+		if (eas[i].value.length > 0) {
+			memcpy(data + 4 + nlen + 1,
+			       eas[i].value.data,
+			       eas[i].value.length);
+		}
+		data += 4+nlen+1+eas[i].value.length;
+	}
+}
+
+
+/*
+  put a chained ea_list into a pre-allocated buffer - buffer must be
+  at least of size ea_list_size()
+*/
+void ea_put_list_chained(uint8_t *data, unsigned int num_eas, struct ea_struct *eas,
+			 unsigned alignment)
+{
+	int i;
+
+	for (i=0;i<num_eas;i++) {
+		unsigned int nlen = strlen(eas[i].name.s);
+		uint32_t len = 8+nlen+1+eas[i].value.length;
+		unsigned int pad = ((len + (alignment-1)) & ~(alignment-1)) - len;
+		if (i == num_eas-1) {
+			SIVAL(data, 0, 0);
+		} else {
+			SIVAL(data, 0, len+pad);
+		}
+		SCVAL(data, 4, eas[i].flags);
+		SCVAL(data, 5, nlen);
+		SSVAL(data, 6, eas[i].value.length);
+		memcpy(data+8, eas[i].name.s, nlen+1);
+		memcpy(data+8+nlen+1, eas[i].value.data, eas[i].value.length);
+		memset(data+len, 0, pad);
+		data += len + pad;
+	}
+}
+
+
+/*
+  pull a ea_struct from a buffer. Return the number of bytes consumed
+*/
+unsigned int ea_pull_struct(const DATA_BLOB *blob,
+		      TALLOC_CTX *mem_ctx,
+		      struct ea_struct *ea)
+{
+	uint8_t nlen;
+	uint16_t vlen;
+
+	ZERO_STRUCTP(ea);
+
+	if (blob->length < 6) {
+		return 0;
+	}
+
+	ea->flags = CVAL(blob->data, 0);
+	nlen = CVAL(blob->data, 1);
+	vlen = SVAL(blob->data, 2);
+
+	if (nlen+1+vlen > blob->length-4) {
+		return 0;
+	}
+
+	ea->name.s = talloc_strndup(mem_ctx, (const char *)(blob->data+4), nlen);
+	ea->name.private_length = nlen;
+	ea->value = data_blob_talloc(mem_ctx, NULL, vlen+1);
+	if (!ea->value.data) return 0;
+	if (vlen) {
+		memcpy(ea->value.data, blob->data+4+nlen+1, vlen);
+	}
+	ea->value.data[vlen] = 0;
+	ea->value.length--;
+
+	return 4 + nlen+1 + vlen;
+}
+
+
+/*
+  pull a ea_list from a buffer
+*/
+NTSTATUS ea_pull_list(const DATA_BLOB *blob,
+		      TALLOC_CTX *mem_ctx,
+		      unsigned int *num_eas, struct ea_struct **eas)
+{
+	int n;
+	uint32_t ea_size, ofs;
+
+	if (blob->length < 4) {
+		return NT_STATUS_INFO_LENGTH_MISMATCH;
+	}
+
+	ea_size = IVAL(blob->data, 0);
+	if (ea_size > blob->length) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	ofs = 4;
+	n = 0;
+	*num_eas = 0;
+	*eas = NULL;
+
+	while (ofs < ea_size) {
+		unsigned int len;
+		DATA_BLOB blob2;
+
+		blob2.data = blob->data + ofs;
+		blob2.length = ea_size - ofs;
+
+		*eas = talloc_realloc(mem_ctx, *eas, struct ea_struct, n+1);
+		if (! *eas) return NT_STATUS_NO_MEMORY;
+
+		len = ea_pull_struct(&blob2, mem_ctx, &(*eas)[n]);
+		if (len == 0) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		ofs += len;
+		n++;
+	}
+
+	*num_eas = n;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  pull a chained ea_list from a buffer
+*/
+NTSTATUS ea_pull_list_chained(const DATA_BLOB *blob,
+			      TALLOC_CTX *mem_ctx,
+			      unsigned int *num_eas, struct ea_struct **eas)
+{
+	int n;
+	uint32_t ofs;
+
+	if (blob->length < 4) {
+		return NT_STATUS_INFO_LENGTH_MISMATCH;
+	}
+
+	ofs = 0;
+	n = 0;
+	*num_eas = 0;
+	*eas = NULL;
+
+	while (ofs < blob->length) {
+		unsigned int len;
+		DATA_BLOB blob2;
+		uint32_t next_ofs = IVAL(blob->data, ofs);
+
+		blob2.data = blob->data + ofs + 4;
+		blob2.length = blob->length - (ofs + 4);
+
+		*eas = talloc_realloc(mem_ctx, *eas, struct ea_struct, n+1);
+		if (! *eas) return NT_STATUS_NO_MEMORY;
+
+		len = ea_pull_struct(&blob2, mem_ctx, &(*eas)[n]);
+		if (len == 0) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		if (ofs + next_ofs < ofs) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		ofs += next_ofs;
+		if (ofs+4 > blob->length || ofs+4 < ofs) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+		n++;
+		if (next_ofs == 0) break;
+	}
+
+	*num_eas = n;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  pull a ea_name from a buffer. Return the number of bytes consumed
+*/
+static unsigned int ea_pull_name(const DATA_BLOB *blob,
+			   TALLOC_CTX *mem_ctx,
+			   struct ea_name *ea)
+{
+	uint8_t nlen;
+
+	if (blob->length < 2) {
+		return 0;
+	}
+
+	nlen = CVAL(blob->data, 0);
+
+	if (nlen+2 > blob->length) {
+		return 0;
+	}
+
+	ea->name.s = talloc_strndup(mem_ctx, (const char *)(blob->data+1), nlen);
+	ea->name.private_length = nlen;
+
+	return nlen+2;
+}
+
+
+/*
+  pull a ea_name list from a buffer
+*/
+NTSTATUS ea_pull_name_list(const DATA_BLOB *blob,
+			   TALLOC_CTX *mem_ctx,
+			   unsigned int *num_names, struct ea_name **ea_names)
+{
+	int n;
+	uint32_t ea_size, ofs;
+
+	if (blob->length < 4) {
+		return NT_STATUS_INFO_LENGTH_MISMATCH;
+	}
+
+	ea_size = IVAL(blob->data, 0);
+	if (ea_size > blob->length) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	ofs = 4;
+	n = 0;
+	*num_names = 0;
+	*ea_names = NULL;
+
+	while (ofs < ea_size) {
+		unsigned int len;
+		DATA_BLOB blob2;
+
+		blob2.data = blob->data + ofs;
+		blob2.length = ea_size - ofs;
+
+		*ea_names = talloc_realloc(mem_ctx, *ea_names, struct ea_name, n+1);
+		if (! *ea_names) return NT_STATUS_NO_MEMORY;
+
+		len = ea_pull_name(&blob2, mem_ctx, &(*ea_names)[n]);
+		if (len == 0) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		ofs += len;
+		n++;
+	}
+
+	*num_names = n;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  put a ea_name list into a data blob
+*/
+bool ea_push_name_list(TALLOC_CTX *mem_ctx,
+		       DATA_BLOB *data, unsigned int num_names, struct ea_name *eas)
+{
+	int i;
+	uint32_t ea_size;
+	uint32_t off;
+
+	ea_size = ea_name_list_size(num_names, eas);
+
+	*data = data_blob_talloc(mem_ctx, NULL, ea_size);
+	if (data->data == NULL) {
+		return false;
+	}
+
+	SIVAL(data->data, 0, ea_size);
+	off = 4;
+
+	for (i=0;i<num_names;i++) {
+		unsigned int nlen = strlen(eas[i].name.s);
+		SCVAL(data->data, off, nlen);
+		memcpy(data->data+off+1, eas[i].name.s, nlen+1);
+		off += 1+nlen+1;
+	}
+
+	return true;
+}
diff --git a/source4/libcli/raw/rawfile.c b/source4/libcli/raw/rawfile.c
new file mode 100644
index 0000000..112b3e1
--- /dev/null
+++ b/source4/libcli/raw/rawfile.c
@@ -0,0 +1,1052 @@
+/*
+   Unix SMB/CIFS implementation.
+   client file operations
+   Copyright (C) Andrew Tridgell 1994-1998
+   Copyright (C) Jeremy Allison 2001-2002
+   Copyright (C) James Myers 2003
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "librpc/gen_ndr/ndr_security.h"
+
+#define SETUP_REQUEST(cmd, wct, buflen) do { \
+	req = smbcli_request_setup(tree, cmd, wct, buflen); \
+	if (!req) return NULL; \
+} while (0)
+
+/****************************************************************************
+ Rename a file - async interface
+****************************************************************************/
+struct smbcli_request *smb_raw_rename_send(struct smbcli_tree *tree,
+					union smb_rename *parms)
+{
+	struct smbcli_request *req = NULL;
+	struct smb_nttrans nt;
+	TALLOC_CTX *mem_ctx;
+
+	switch (parms->generic.level) {
+	case RAW_RENAME_RENAME:
+		SETUP_REQUEST(SMBmv, 1, 0);
+		SSVAL(req->out.vwv, VWV(0), parms->rename.in.attrib);
+		smbcli_req_append_ascii4(req, parms->rename.in.pattern1, STR_TERMINATE);
+		smbcli_req_append_ascii4(req, parms->rename.in.pattern2, STR_TERMINATE);
+		break;
+
+	case RAW_RENAME_NTRENAME:
+		SETUP_REQUEST(SMBntrename, 4, 0);
+		SSVAL(req->out.vwv, VWV(0), parms->ntrename.in.attrib);
+		SSVAL(req->out.vwv, VWV(1), parms->ntrename.in.flags);
+		SIVAL(req->out.vwv, VWV(2), parms->ntrename.in.cluster_size);
+		smbcli_req_append_ascii4(req, parms->ntrename.in.old_name, STR_TERMINATE);
+		smbcli_req_append_ascii4(req, parms->ntrename.in.new_name, STR_TERMINATE);
+		break;
+
+	case RAW_RENAME_NTTRANS:
+
+		mem_ctx = talloc_new(tree);
+
+		nt.in.max_setup = 0;
+		nt.in.max_param = 0;
+		nt.in.max_data = 0;
+		nt.in.setup_count = 0;
+		nt.in.setup = NULL;
+		nt.in.function = NT_TRANSACT_RENAME;
+		nt.in.params = data_blob_talloc(mem_ctx, NULL, 4);
+		nt.in.data = data_blob(NULL, 0);
+
+		SSVAL(nt.in.params.data, VWV(0), parms->nttrans.in.file.fnum);
+		SSVAL(nt.in.params.data, VWV(1), parms->nttrans.in.flags);
+
+		smbcli_blob_append_string(tree->session, mem_ctx,
+					  &nt.in.params, parms->nttrans.in.new_name,
+					  STR_TERMINATE);
+
+		req = smb_raw_nttrans_send(tree, &nt);
+		talloc_free(mem_ctx);
+		return req;
+	}
+
+	if (!smbcli_request_send(req)) {
+		smbcli_request_destroy(req);
+		return NULL;
+	}
+
+	return req;
+}
+
+/****************************************************************************
+ Rename a file - sync interface
+****************************************************************************/
+_PUBLIC_ NTSTATUS smb_raw_rename(struct smbcli_tree *tree,
+			union smb_rename *parms)
+{
+	struct smbcli_request *req = smb_raw_rename_send(tree, parms);
+	return smbcli_request_simple_recv(req);
+}
+
+
+/****************************************************************************
+ Delete a file - async interface
+****************************************************************************/
+struct smbcli_request *smb_raw_unlink_send(struct smbcli_tree *tree,
+					   union smb_unlink *parms)
+{
+	struct smbcli_request *req;
+
+	SETUP_REQUEST(SMBunlink, 1, 0);
+
+	SSVAL(req->out.vwv, VWV(0), parms->unlink.in.attrib);
+	smbcli_req_append_ascii4(req, parms->unlink.in.pattern, STR_TERMINATE);
+
+	if (!smbcli_request_send(req)) {
+		smbcli_request_destroy(req);
+		return NULL;
+	}
+	return req;
+}
+
+/*
+  delete a file - sync interface
+*/
+_PUBLIC_ NTSTATUS smb_raw_unlink(struct smbcli_tree *tree,
+			union smb_unlink *parms)
+{
+	struct smbcli_request *req = smb_raw_unlink_send(tree, parms);
+	return smbcli_request_simple_recv(req);
+}
+
+
+/****************************************************************************
+ create a directory  using TRANSACT2_MKDIR - async interface
+****************************************************************************/
+static struct smbcli_request *smb_raw_t2mkdir_send(struct smbcli_tree *tree,
+						union smb_mkdir *parms)
+{
+	struct smb_trans2 t2;
+	uint16_t setup = TRANSACT2_MKDIR;
+	TALLOC_CTX *mem_ctx;
+	struct smbcli_request *req;
+	uint16_t data_total;
+
+	mem_ctx = talloc_init("t2mkdir");
+
+	data_total = ea_list_size(parms->t2mkdir.in.num_eas, parms->t2mkdir.in.eas);
+
+	t2.in.max_param = 2;
+	t2.in.max_data = 0;
+	t2.in.max_setup = 0;
+	t2.in.flags = 0;
+	t2.in.timeout = 0;
+	t2.in.setup_count = 1;
+	t2.in.setup = &setup;
+	t2.in.params = data_blob_talloc(mem_ctx, NULL, 4);
+	t2.in.data = data_blob_talloc(mem_ctx, NULL, data_total);
+
+	SIVAL(t2.in.params.data, VWV(0), 0); /* reserved */
+
+	smbcli_blob_append_string(tree->session, mem_ctx,
+				  &t2.in.params, parms->t2mkdir.in.path, STR_TERMINATE);
+
+	ea_put_list(t2.in.data.data, parms->t2mkdir.in.num_eas, parms->t2mkdir.in.eas);
+
+	req = smb_raw_trans2_send(tree, &t2);
+
+	talloc_free(mem_ctx);
+
+	return req;
+}
+
+/****************************************************************************
+ Create a directory - async interface
+****************************************************************************/
+struct smbcli_request *smb_raw_mkdir_send(struct smbcli_tree *tree,
+				       union smb_mkdir *parms)
+{
+	struct smbcli_request *req;
+
+	if (parms->generic.level == RAW_MKDIR_T2MKDIR) {
+		return smb_raw_t2mkdir_send(tree, parms);
+	}
+
+	if (parms->generic.level != RAW_MKDIR_MKDIR) {
+		return NULL;
+	}
+
+	SETUP_REQUEST(SMBmkdir, 0, 0);
+
+	smbcli_req_append_ascii4(req, parms->mkdir.in.path, STR_TERMINATE);
+
+	if (!smbcli_request_send(req)) {
+		return NULL;
+	}
+
+	return req;
+}
+
+/****************************************************************************
+ Create a directory - sync interface
+****************************************************************************/
+_PUBLIC_ NTSTATUS smb_raw_mkdir(struct smbcli_tree *tree,
+		       union smb_mkdir *parms)
+{
+	struct smbcli_request *req = smb_raw_mkdir_send(tree, parms);
+	return smbcli_request_simple_recv(req);
+}
+
+/****************************************************************************
+ Remove a directory - async interface
+****************************************************************************/
+struct smbcli_request *smb_raw_rmdir_send(struct smbcli_tree *tree,
+				       struct smb_rmdir *parms)
+{
+	struct smbcli_request *req;
+
+	SETUP_REQUEST(SMBrmdir, 0, 0);
+
+	smbcli_req_append_ascii4(req, parms->in.path, STR_TERMINATE);
+
+	if (!smbcli_request_send(req)) {
+		smbcli_request_destroy(req);
+		return NULL;
+	}
+
+	return req;
+}
+
+/****************************************************************************
+ Remove a directory - sync interface
+****************************************************************************/
+_PUBLIC_ NTSTATUS smb_raw_rmdir(struct smbcli_tree *tree,
+		       struct smb_rmdir *parms)
+{
+	struct smbcli_request *req = smb_raw_rmdir_send(tree, parms);
+	return smbcli_request_simple_recv(req);
+}
+
+
+/*
+ Open a file using TRANSACT2_OPEN - async recv
+*/
+static NTSTATUS smb_raw_nttrans_create_recv(struct smbcli_request *req,
+					    TALLOC_CTX *mem_ctx,
+					    union smb_open *parms)
+{
+	NTSTATUS status;
+	struct smb_nttrans nt;
+	uint8_t *params;
+
+	status = smb_raw_nttrans_recv(req, mem_ctx, &nt);
+	if (!NT_STATUS_IS_OK(status)) return status;
+
+	if (nt.out.params.length < 69) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	params = nt.out.params.data;
+
+	parms->ntcreatex.out.oplock_level =                 CVAL(params, 0);
+	parms->ntcreatex.out.file.fnum =                    SVAL(params, 2);
+	parms->ntcreatex.out.create_action =                IVAL(params, 4);
+	parms->ntcreatex.out.create_time =   smbcli_pull_nttime(params, 12);
+	parms->ntcreatex.out.access_time =   smbcli_pull_nttime(params, 20);
+	parms->ntcreatex.out.write_time =    smbcli_pull_nttime(params, 28);
+	parms->ntcreatex.out.change_time =   smbcli_pull_nttime(params, 36);
+	parms->ntcreatex.out.attrib =                      IVAL(params, 44);
+	parms->ntcreatex.out.alloc_size =                  BVAL(params, 48);
+	parms->ntcreatex.out.size =                        BVAL(params, 56);
+	parms->ntcreatex.out.file_type =                   SVAL(params, 64);
+	parms->ntcreatex.out.ipc_state =                   SVAL(params, 66);
+	parms->ntcreatex.out.is_directory =                CVAL(params, 68);
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+ Open a file using NTTRANS CREATE - async send
+*/
+static struct smbcli_request *smb_raw_nttrans_create_send(struct smbcli_tree *tree,
+							  union smb_open *parms)
+{
+	struct smb_nttrans nt;
+	uint8_t *params;
+	TALLOC_CTX *mem_ctx = talloc_new(tree);
+	uint16_t fname_len;
+	DATA_BLOB sd_blob, ea_blob;
+	struct smbcli_request *req;
+
+	nt.in.max_setup = 0;
+	nt.in.max_param = 101;
+	nt.in.max_data  = 0;
+	nt.in.setup_count = 0;
+	nt.in.function = NT_TRANSACT_CREATE;
+	nt.in.setup = NULL;
+
+	sd_blob = data_blob(NULL, 0);
+	ea_blob = data_blob(NULL, 0);
+
+	if (parms->ntcreatex.in.sec_desc) {
+		enum ndr_err_code ndr_err;
+		ndr_err = ndr_push_struct_blob(&sd_blob, mem_ctx,
+					       parms->ntcreatex.in.sec_desc,
+					       (ndr_push_flags_fn_t)ndr_push_security_descriptor);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			talloc_free(mem_ctx);
+			return NULL;
+		}
+	}
+
+	if (parms->ntcreatex.in.ea_list) {
+		uint32_t ea_size = ea_list_size_chained(parms->ntcreatex.in.ea_list->num_eas,
+							parms->ntcreatex.in.ea_list->eas, 4);
+		ea_blob = data_blob_talloc(mem_ctx, NULL, ea_size);
+		if (ea_blob.data == NULL) {
+			return NULL;
+		}
+		ea_put_list_chained(ea_blob.data,
+				    parms->ntcreatex.in.ea_list->num_eas,
+				    parms->ntcreatex.in.ea_list->eas, 4);
+	}
+
+	nt.in.params = data_blob_talloc(mem_ctx, NULL, 53);
+	if (nt.in.params.data == NULL) {
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	/* build the parameter section */
+	params = nt.in.params.data;
+
+	SIVAL(params,  0, parms->ntcreatex.in.flags);
+	SIVAL(params,  4, parms->ntcreatex.in.root_fid.fnum);
+	SIVAL(params,  8, parms->ntcreatex.in.access_mask);
+	SBVAL(params, 12, parms->ntcreatex.in.alloc_size);
+	SIVAL(params, 20, parms->ntcreatex.in.file_attr);
+	SIVAL(params, 24, parms->ntcreatex.in.share_access);
+	SIVAL(params, 28, parms->ntcreatex.in.open_disposition);
+	SIVAL(params, 32, parms->ntcreatex.in.create_options);
+	SIVAL(params, 36, sd_blob.length);
+	SIVAL(params, 40, ea_blob.length);
+	SIVAL(params, 48, parms->ntcreatex.in.impersonation);
+	SCVAL(params, 52, parms->ntcreatex.in.security_flags);
+
+	/* the empty string first forces the correct alignment */
+	smbcli_blob_append_string(tree->session, mem_ctx, &nt.in.params,"", 0);
+	fname_len = smbcli_blob_append_string(tree->session, mem_ctx, &nt.in.params,
+					      parms->ntcreatex.in.fname, STR_TERMINATE);
+
+	SIVAL(nt.in.params.data, 44, fname_len);
+
+	/* build the data section */
+	nt.in.data = data_blob_talloc(mem_ctx, NULL, sd_blob.length + ea_blob.length);
+	if (sd_blob.length > 0) {
+		memcpy(nt.in.data.data, sd_blob.data, sd_blob.length);
+	}
+	if (ea_blob.length > 0) {
+		memcpy(nt.in.data.data + sd_blob.length,
+		       ea_blob.data,
+		       ea_blob.length);
+	}
+
+	/* send the request on its way */
+	req = smb_raw_nttrans_send(tree, &nt);
+
+	talloc_free(mem_ctx);
+
+	return req;
+}
+
+
+/****************************************************************************
+ Open a file using TRANSACT2_OPEN - async send
+****************************************************************************/
+static struct smbcli_request *smb_raw_t2open_send(struct smbcli_tree *tree,
+					       union smb_open *parms)
+{
+	struct smb_trans2 t2;
+	uint16_t setup = TRANSACT2_OPEN;
+	TALLOC_CTX *mem_ctx = talloc_init("smb_raw_t2open");
+	struct smbcli_request *req;
+	uint16_t list_size;
+
+	list_size = ea_list_size(parms->t2open.in.num_eas, parms->t2open.in.eas);
+
+	t2.in.max_param = 30;
+	t2.in.max_data = 0;
+	t2.in.max_setup = 0;
+	t2.in.flags = 0;
+	t2.in.timeout = 0;
+	t2.in.setup_count = 1;
+	t2.in.setup = &setup;
+	t2.in.params = data_blob_talloc(mem_ctx, NULL, 28);
+	t2.in.data = data_blob_talloc(mem_ctx, NULL, list_size);
+
+	SSVAL(t2.in.params.data, VWV(0), parms->t2open.in.flags);
+	SSVAL(t2.in.params.data, VWV(1), parms->t2open.in.open_mode);
+	SSVAL(t2.in.params.data, VWV(2), parms->t2open.in.search_attrs);
+	SSVAL(t2.in.params.data, VWV(3), parms->t2open.in.file_attrs);
+	raw_push_dos_date(tree->session->transport,
+			  t2.in.params.data, VWV(4), parms->t2open.in.write_time);
+	SSVAL(t2.in.params.data, VWV(6), parms->t2open.in.open_func);
+	SIVAL(t2.in.params.data, VWV(7), parms->t2open.in.size);
+	SIVAL(t2.in.params.data, VWV(9), parms->t2open.in.timeout);
+	SIVAL(t2.in.params.data, VWV(11), 0);
+	SSVAL(t2.in.params.data, VWV(13), 0);
+
+	smbcli_blob_append_string(tree->session, mem_ctx,
+				  &t2.in.params, parms->t2open.in.fname,
+				  STR_TERMINATE);
+
+	ea_put_list(t2.in.data.data, parms->t2open.in.num_eas, parms->t2open.in.eas);
+
+	req = smb_raw_trans2_send(tree, &t2);
+
+	talloc_free(mem_ctx);
+
+	return req;
+}
+
+
+/****************************************************************************
+ Open a file using TRANSACT2_OPEN - async recv
+****************************************************************************/
+static NTSTATUS smb_raw_t2open_recv(struct smbcli_request *req, TALLOC_CTX *mem_ctx, union smb_open *parms)
+{
+	struct smbcli_transport *transport = req->transport;
+	struct smb_trans2 t2;
+	NTSTATUS status;
+
+	status = smb_raw_trans2_recv(req, mem_ctx, &t2);
+	if (!NT_STATUS_IS_OK(status)) return status;
+
+	if (t2.out.params.length < 30) {
+		return NT_STATUS_INFO_LENGTH_MISMATCH;
+	}
+
+	parms->t2open.out.file.fnum =   SVAL(t2.out.params.data, VWV(0));
+	parms->t2open.out.attrib =      SVAL(t2.out.params.data, VWV(1));
+	parms->t2open.out.write_time =  raw_pull_dos_date3(transport, t2.out.params.data + VWV(2));
+	parms->t2open.out.size =        IVAL(t2.out.params.data, VWV(4));
+	parms->t2open.out.access =      SVAL(t2.out.params.data, VWV(6));
+	parms->t2open.out.ftype =       SVAL(t2.out.params.data, VWV(7));
+	parms->t2open.out.devstate =    SVAL(t2.out.params.data, VWV(8));
+	parms->t2open.out.action =      SVAL(t2.out.params.data, VWV(9));
+	parms->t2open.out.file_id =     SVAL(t2.out.params.data, VWV(10));
+
+	return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ Open a file - async send
+****************************************************************************/
+_PUBLIC_ struct smbcli_request *smb_raw_open_send(struct smbcli_tree *tree, union smb_open *parms)
+{
+	int len;
+	struct smbcli_request *req = NULL;
+	bool bigoffset = false;
+
+	switch (parms->generic.level) {
+	case RAW_OPEN_T2OPEN:
+		return smb_raw_t2open_send(tree, parms);
+
+	case RAW_OPEN_OPEN:
+		SETUP_REQUEST(SMBopen, 2, 0);
+		SSVAL(req->out.vwv, VWV(0), parms->openold.in.open_mode);
+		SSVAL(req->out.vwv, VWV(1), parms->openold.in.search_attrs);
+		smbcli_req_append_ascii4(req, parms->openold.in.fname, STR_TERMINATE);
+		break;
+
+	case RAW_OPEN_OPENX:
+		SETUP_REQUEST(SMBopenX, 15, 0);
+		SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
+		SSVAL(req->out.vwv, VWV(1), 0);
+		SSVAL(req->out.vwv, VWV(2), parms->openx.in.flags);
+		SSVAL(req->out.vwv, VWV(3), parms->openx.in.open_mode);
+		SSVAL(req->out.vwv, VWV(4), parms->openx.in.search_attrs);
+		SSVAL(req->out.vwv, VWV(5), parms->openx.in.file_attrs);
+		raw_push_dos_date3(tree->session->transport,
+				  req->out.vwv, VWV(6), parms->openx.in.write_time);
+		SSVAL(req->out.vwv, VWV(8), parms->openx.in.open_func);
+		SIVAL(req->out.vwv, VWV(9), parms->openx.in.size);
+		SIVAL(req->out.vwv, VWV(11),parms->openx.in.timeout);
+		SIVAL(req->out.vwv, VWV(13),0); /* reserved */
+		smbcli_req_append_string(req, parms->openx.in.fname, STR_TERMINATE);
+		break;
+
+	case RAW_OPEN_MKNEW:
+		SETUP_REQUEST(SMBmknew, 3, 0);
+		SSVAL(req->out.vwv, VWV(0), parms->mknew.in.attrib);
+		raw_push_dos_date3(tree->session->transport,
+				  req->out.vwv, VWV(1), parms->mknew.in.write_time);
+		smbcli_req_append_ascii4(req, parms->mknew.in.fname, STR_TERMINATE);
+		break;
+
+	case RAW_OPEN_CREATE:
+		SETUP_REQUEST(SMBcreate, 3, 0);
+		SSVAL(req->out.vwv, VWV(0), parms->create.in.attrib);
+		raw_push_dos_date3(tree->session->transport,
+				  req->out.vwv, VWV(1), parms->create.in.write_time);
+		smbcli_req_append_ascii4(req, parms->create.in.fname, STR_TERMINATE);
+		break;
+
+	case RAW_OPEN_CTEMP:
+		SETUP_REQUEST(SMBctemp, 3, 0);
+		SSVAL(req->out.vwv, VWV(0), parms->ctemp.in.attrib);
+		raw_push_dos_date3(tree->session->transport,
+				  req->out.vwv, VWV(1), parms->ctemp.in.write_time);
+		smbcli_req_append_ascii4(req, parms->ctemp.in.directory, STR_TERMINATE);
+		break;
+
+	case RAW_OPEN_SPLOPEN:
+		SETUP_REQUEST(SMBsplopen, 2, 0);
+		SSVAL(req->out.vwv, VWV(0), parms->splopen.in.setup_length);
+		SSVAL(req->out.vwv, VWV(1), parms->splopen.in.mode);
+		break;
+
+	case RAW_OPEN_NTCREATEX:
+		SETUP_REQUEST(SMBntcreateX, 24, 0);
+		SSVAL(req->out.vwv, VWV(0),SMB_CHAIN_NONE);
+		SSVAL(req->out.vwv, VWV(1),0);
+		SCVAL(req->out.vwv, VWV(2),0); /* padding */
+		SIVAL(req->out.vwv,  7, parms->ntcreatex.in.flags);
+		SIVAL(req->out.vwv, 11, parms->ntcreatex.in.root_fid.fnum);
+		SIVAL(req->out.vwv, 15, parms->ntcreatex.in.access_mask);
+		SBVAL(req->out.vwv, 19, parms->ntcreatex.in.alloc_size);
+		SIVAL(req->out.vwv, 27, parms->ntcreatex.in.file_attr);
+		SIVAL(req->out.vwv, 31, parms->ntcreatex.in.share_access);
+		SIVAL(req->out.vwv, 35, parms->ntcreatex.in.open_disposition);
+		SIVAL(req->out.vwv, 39, parms->ntcreatex.in.create_options);
+		SIVAL(req->out.vwv, 43, parms->ntcreatex.in.impersonation);
+		SCVAL(req->out.vwv, 47, parms->ntcreatex.in.security_flags);
+
+		smbcli_req_append_string_len(req, parms->ntcreatex.in.fname, STR_TERMINATE, &len);
+		SSVAL(req->out.vwv, 5, len);
+		break;
+
+	case RAW_OPEN_NTTRANS_CREATE:
+		return smb_raw_nttrans_create_send(tree, parms);
+
+
+	case RAW_OPEN_OPENX_READX:
+		SETUP_REQUEST(SMBopenX, 15, 0);
+		SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
+		SSVAL(req->out.vwv, VWV(1), 0);
+		SSVAL(req->out.vwv, VWV(2), parms->openxreadx.in.flags);
+		SSVAL(req->out.vwv, VWV(3), parms->openxreadx.in.open_mode);
+		SSVAL(req->out.vwv, VWV(4), parms->openxreadx.in.search_attrs);
+		SSVAL(req->out.vwv, VWV(5), parms->openxreadx.in.file_attrs);
+		raw_push_dos_date3(tree->session->transport,
+				  req->out.vwv, VWV(6), parms->openxreadx.in.write_time);
+		SSVAL(req->out.vwv, VWV(8), parms->openxreadx.in.open_func);
+		SIVAL(req->out.vwv, VWV(9), parms->openxreadx.in.size);
+		SIVAL(req->out.vwv, VWV(11),parms->openxreadx.in.timeout);
+		SIVAL(req->out.vwv, VWV(13),0);
+		smbcli_req_append_string(req, parms->openxreadx.in.fname, STR_TERMINATE);
+
+		if (tree->session->transport->negotiate.capabilities & CAP_LARGE_FILES) {
+			bigoffset = true;
+		}
+
+		smbcli_chained_request_setup(req, SMBreadX, bigoffset ? 12 : 10, 0);
+
+		SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
+		SSVAL(req->out.vwv, VWV(1), 0);
+		SSVAL(req->out.vwv, VWV(2), 0);
+		SIVAL(req->out.vwv, VWV(3), parms->openxreadx.in.offset);
+		SSVAL(req->out.vwv, VWV(5), parms->openxreadx.in.maxcnt & 0xFFFF);
+		SSVAL(req->out.vwv, VWV(6), parms->openxreadx.in.mincnt);
+		SIVAL(req->out.vwv, VWV(7), parms->openxreadx.in.maxcnt >> 16);
+		SSVAL(req->out.vwv, VWV(9), parms->openxreadx.in.remaining);
+		if (bigoffset) {
+			SIVAL(req->out.vwv, VWV(10),parms->openxreadx.in.offset>>32);
+		}
+		break;
+
+	case RAW_OPEN_NTCREATEX_READX:
+		SETUP_REQUEST(SMBntcreateX, 24, 0);
+		SSVAL(req->out.vwv, VWV(0),SMB_CHAIN_NONE);
+		SSVAL(req->out.vwv, VWV(1),0);
+		SCVAL(req->out.vwv, VWV(2),0); /* padding */
+		SIVAL(req->out.vwv,  7, parms->ntcreatexreadx.in.flags);
+		SIVAL(req->out.vwv, 11, parms->ntcreatexreadx.in.root_fid.fnum);
+		SIVAL(req->out.vwv, 15, parms->ntcreatexreadx.in.access_mask);
+		SBVAL(req->out.vwv, 19, parms->ntcreatexreadx.in.alloc_size);
+		SIVAL(req->out.vwv, 27, parms->ntcreatexreadx.in.file_attr);
+		SIVAL(req->out.vwv, 31, parms->ntcreatexreadx.in.share_access);
+		SIVAL(req->out.vwv, 35, parms->ntcreatexreadx.in.open_disposition);
+		SIVAL(req->out.vwv, 39, parms->ntcreatexreadx.in.create_options);
+		SIVAL(req->out.vwv, 43, parms->ntcreatexreadx.in.impersonation);
+		SCVAL(req->out.vwv, 47, parms->ntcreatexreadx.in.security_flags);
+
+		smbcli_req_append_string_len(req, parms->ntcreatexreadx.in.fname, STR_TERMINATE, &len);
+		SSVAL(req->out.vwv, 5, len);
+
+		if (tree->session->transport->negotiate.capabilities & CAP_LARGE_FILES) {
+			bigoffset = true;
+		}
+
+		smbcli_chained_request_setup(req, SMBreadX, bigoffset ? 12 : 10, 0);
+
+		SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
+		SSVAL(req->out.vwv, VWV(1), 0);
+		SSVAL(req->out.vwv, VWV(2), 0);
+		SIVAL(req->out.vwv, VWV(3), parms->ntcreatexreadx.in.offset);
+		SSVAL(req->out.vwv, VWV(5), parms->ntcreatexreadx.in.maxcnt & 0xFFFF);
+		SSVAL(req->out.vwv, VWV(6), parms->ntcreatexreadx.in.mincnt);
+		SIVAL(req->out.vwv, VWV(7), parms->ntcreatexreadx.in.maxcnt >> 16);
+		SSVAL(req->out.vwv, VWV(9), parms->ntcreatexreadx.in.remaining);
+		if (bigoffset) {
+			SIVAL(req->out.vwv, VWV(10),parms->ntcreatexreadx.in.offset>>32);
+		}
+		break;
+
+	case RAW_OPEN_SMB2:
+		return NULL;
+	}
+
+	if (!smbcli_request_send(req)) {
+		smbcli_request_destroy(req);
+		return NULL;
+	}
+
+	return req;
+}
+
+/****************************************************************************
+ Open a file - async recv
+****************************************************************************/
+_PUBLIC_ NTSTATUS smb_raw_open_recv(struct smbcli_request *req, TALLOC_CTX *mem_ctx, union smb_open *parms)
+{
+	NTSTATUS status;
+
+	if (!smbcli_request_receive(req) ||
+	    smbcli_request_is_error(req)) {
+		goto failed;
+	}
+
+	switch (parms->openold.level) {
+	case RAW_OPEN_T2OPEN:
+		return smb_raw_t2open_recv(req, mem_ctx, parms);
+
+	case RAW_OPEN_OPEN:
+		SMBCLI_CHECK_WCT(req, 7);
+		parms->openold.out.file.fnum = SVAL(req->in.vwv, VWV(0));
+		parms->openold.out.attrib = SVAL(req->in.vwv, VWV(1));
+		parms->openold.out.write_time = raw_pull_dos_date3(req->transport,
+								req->in.vwv + VWV(2));
+		parms->openold.out.size = IVAL(req->in.vwv, VWV(4));
+		parms->openold.out.rmode = SVAL(req->in.vwv, VWV(6));
+		break;
+
+	case RAW_OPEN_OPENX:
+		SMBCLI_CHECK_MIN_WCT(req, 15);
+		parms->openx.out.file.fnum = SVAL(req->in.vwv, VWV(2));
+		parms->openx.out.attrib = SVAL(req->in.vwv, VWV(3));
+		parms->openx.out.write_time = raw_pull_dos_date3(req->transport,
+								 req->in.vwv + VWV(4));
+		parms->openx.out.size = IVAL(req->in.vwv, VWV(6));
+		parms->openx.out.access = SVAL(req->in.vwv, VWV(8));
+		parms->openx.out.ftype = SVAL(req->in.vwv, VWV(9));
+		parms->openx.out.devstate = SVAL(req->in.vwv, VWV(10));
+		parms->openx.out.action = SVAL(req->in.vwv, VWV(11));
+		parms->openx.out.unique_fid = IVAL(req->in.vwv, VWV(12));
+		if (req->in.wct >= 19) {
+			parms->openx.out.access_mask = IVAL(req->in.vwv, VWV(15));
+			parms->openx.out.unknown =     IVAL(req->in.vwv, VWV(17));
+		} else {
+			parms->openx.out.access_mask = 0;
+			parms->openx.out.unknown = 0;
+		}
+		break;
+
+	case RAW_OPEN_MKNEW:
+		SMBCLI_CHECK_WCT(req, 1);
+		parms->mknew.out.file.fnum = SVAL(req->in.vwv, VWV(0));
+		break;
+
+	case RAW_OPEN_CREATE:
+		SMBCLI_CHECK_WCT(req, 1);
+		parms->create.out.file.fnum = SVAL(req->in.vwv, VWV(0));
+		break;
+
+	case RAW_OPEN_CTEMP:
+		SMBCLI_CHECK_WCT(req, 1);
+		parms->ctemp.out.file.fnum = SVAL(req->in.vwv, VWV(0));
+		smbcli_req_pull_string(&req->in.bufinfo, mem_ctx, &parms->ctemp.out.name, req->in.data, -1, STR_TERMINATE | STR_ASCII);
+		break;
+
+	case RAW_OPEN_SPLOPEN:
+		SMBCLI_CHECK_WCT(req, 1);
+		parms->splopen.out.file.fnum = SVAL(req->in.vwv, VWV(0));
+		break;
+
+	case RAW_OPEN_NTCREATEX:
+		SMBCLI_CHECK_MIN_WCT(req, 34);
+		parms->ntcreatex.out.oplock_level =              CVAL(req->in.vwv, 4);
+		parms->ntcreatex.out.file.fnum =                 SVAL(req->in.vwv, 5);
+		parms->ntcreatex.out.create_action =             IVAL(req->in.vwv, 7);
+		parms->ntcreatex.out.create_time =   smbcli_pull_nttime(req->in.vwv, 11);
+		parms->ntcreatex.out.access_time =   smbcli_pull_nttime(req->in.vwv, 19);
+		parms->ntcreatex.out.write_time =    smbcli_pull_nttime(req->in.vwv, 27);
+		parms->ntcreatex.out.change_time =   smbcli_pull_nttime(req->in.vwv, 35);
+		parms->ntcreatex.out.attrib =                   IVAL(req->in.vwv, 43);
+		parms->ntcreatex.out.alloc_size =               BVAL(req->in.vwv, 47);
+		parms->ntcreatex.out.size =                     BVAL(req->in.vwv, 55);
+		parms->ntcreatex.out.file_type =                SVAL(req->in.vwv, 63);
+		parms->ntcreatex.out.ipc_state =                SVAL(req->in.vwv, 65);
+		parms->ntcreatex.out.is_directory =             CVAL(req->in.vwv, 67);
+		break;
+
+	case RAW_OPEN_NTTRANS_CREATE:
+		return smb_raw_nttrans_create_recv(req, mem_ctx, parms);
+
+	case RAW_OPEN_OPENX_READX:
+		SMBCLI_CHECK_MIN_WCT(req, 15);
+		parms->openxreadx.out.file.fnum = SVAL(req->in.vwv, VWV(2));
+		parms->openxreadx.out.attrib = SVAL(req->in.vwv, VWV(3));
+		parms->openxreadx.out.write_time = raw_pull_dos_date3(req->transport,
+								 req->in.vwv + VWV(4));
+		parms->openxreadx.out.size = IVAL(req->in.vwv, VWV(6));
+		parms->openxreadx.out.access = SVAL(req->in.vwv, VWV(8));
+		parms->openxreadx.out.ftype = SVAL(req->in.vwv, VWV(9));
+		parms->openxreadx.out.devstate = SVAL(req->in.vwv, VWV(10));
+		parms->openxreadx.out.action = SVAL(req->in.vwv, VWV(11));
+		parms->openxreadx.out.unique_fid = IVAL(req->in.vwv, VWV(12));
+		if (req->in.wct >= 19) {
+			parms->openxreadx.out.access_mask = IVAL(req->in.vwv, VWV(15));
+			parms->openxreadx.out.unknown =     IVAL(req->in.vwv, VWV(17));
+		} else {
+			parms->openxreadx.out.access_mask = 0;
+			parms->openxreadx.out.unknown = 0;
+		}
+
+		status = smbcli_chained_advance(req);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+
+		SMBCLI_CHECK_WCT(req, 12);
+		parms->openxreadx.out.remaining       = SVAL(req->in.vwv, VWV(2));
+		parms->openxreadx.out.compaction_mode = SVAL(req->in.vwv, VWV(3));
+		parms->openxreadx.out.nread = SVAL(req->in.vwv, VWV(5));
+		if (parms->openxreadx.out.nread >
+		    MAX(parms->openxreadx.in.mincnt, parms->openxreadx.in.maxcnt) ||
+		    !smbcli_raw_pull_data(&req->in.bufinfo, req->in.hdr + SVAL(req->in.vwv, VWV(6)),
+					  parms->openxreadx.out.nread,
+					  parms->openxreadx.out.data)) {
+			req->status = NT_STATUS_BUFFER_TOO_SMALL;
+		}
+		break;
+
+	case RAW_OPEN_NTCREATEX_READX:
+		SMBCLI_CHECK_MIN_WCT(req, 34);
+		parms->ntcreatexreadx.out.oplock_level =              CVAL(req->in.vwv, 4);
+		parms->ntcreatexreadx.out.file.fnum =                 SVAL(req->in.vwv, 5);
+		parms->ntcreatexreadx.out.create_action =             IVAL(req->in.vwv, 7);
+		parms->ntcreatexreadx.out.create_time =   smbcli_pull_nttime(req->in.vwv, 11);
+		parms->ntcreatexreadx.out.access_time =   smbcli_pull_nttime(req->in.vwv, 19);
+		parms->ntcreatexreadx.out.write_time =    smbcli_pull_nttime(req->in.vwv, 27);
+		parms->ntcreatexreadx.out.change_time =   smbcli_pull_nttime(req->in.vwv, 35);
+		parms->ntcreatexreadx.out.attrib =                   IVAL(req->in.vwv, 43);
+		parms->ntcreatexreadx.out.alloc_size =               BVAL(req->in.vwv, 47);
+		parms->ntcreatexreadx.out.size =                     BVAL(req->in.vwv, 55);
+		parms->ntcreatexreadx.out.file_type =                SVAL(req->in.vwv, 63);
+		parms->ntcreatexreadx.out.ipc_state =                SVAL(req->in.vwv, 65);
+		parms->ntcreatexreadx.out.is_directory =             CVAL(req->in.vwv, 67);
+
+		status = smbcli_chained_advance(req);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+
+		SMBCLI_CHECK_WCT(req, 12);
+		parms->ntcreatexreadx.out.remaining       = SVAL(req->in.vwv, VWV(2));
+		parms->ntcreatexreadx.out.compaction_mode = SVAL(req->in.vwv, VWV(3));
+		parms->ntcreatexreadx.out.nread = SVAL(req->in.vwv, VWV(5));
+		if (parms->ntcreatexreadx.out.nread >
+		    MAX(parms->ntcreatexreadx.in.mincnt, parms->ntcreatexreadx.in.maxcnt) ||
+		    !smbcli_raw_pull_data(&req->in.bufinfo, req->in.hdr + SVAL(req->in.vwv, VWV(6)),
+			                  parms->ntcreatexreadx.out.nread,
+			                  parms->ntcreatexreadx.out.data)) {
+			req->status = NT_STATUS_BUFFER_TOO_SMALL;
+		}
+		break;
+
+	case RAW_OPEN_SMB2:
+		req->status = NT_STATUS_INTERNAL_ERROR;
+		break;
+	}
+
+failed:
+	return smbcli_request_destroy(req);
+}
+
+
+/****************************************************************************
+ Open a file - sync interface
+****************************************************************************/
+_PUBLIC_ NTSTATUS smb_raw_open(struct smbcli_tree *tree, TALLOC_CTX *mem_ctx, union smb_open *parms)
+{
+	struct smbcli_request *req = smb_raw_open_send(tree, parms);
+	return smb_raw_open_recv(req, mem_ctx, parms);
+}
+
+
+/****************************************************************************
+ Close a file - async send
+****************************************************************************/
+_PUBLIC_ struct smbcli_request *smb_raw_close_send(struct smbcli_tree *tree, union smb_close *parms)
+{
+	struct smbcli_request *req = NULL;
+
+	switch (parms->generic.level) {
+	case RAW_CLOSE_CLOSE:
+		SETUP_REQUEST(SMBclose, 3, 0);
+		SSVAL(req->out.vwv, VWV(0), parms->close.in.file.fnum);
+		raw_push_dos_date3(tree->session->transport,
+				  req->out.vwv, VWV(1), parms->close.in.write_time);
+		break;
+
+	case RAW_CLOSE_SPLCLOSE:
+		SETUP_REQUEST(SMBsplclose, 3, 0);
+		SSVAL(req->out.vwv, VWV(0), parms->splclose.in.file.fnum);
+		SIVAL(req->out.vwv, VWV(1), 0); /* reserved */
+		break;
+
+	case RAW_CLOSE_SMB2:
+	case RAW_CLOSE_GENERIC:
+		return NULL;
+	}
+
+	if (!req) return NULL;
+
+	if (!smbcli_request_send(req)) {
+		smbcli_request_destroy(req);
+		return NULL;
+	}
+
+	return req;
+}
+
+
+/****************************************************************************
+ Close a file - sync interface
+****************************************************************************/
+_PUBLIC_ NTSTATUS smb_raw_close(struct smbcli_tree *tree, union smb_close *parms)
+{
+	struct smbcli_request *req = smb_raw_close_send(tree, parms);
+	return smbcli_request_simple_recv(req);
+}
+
+
+/****************************************************************************
+ Locking calls - async interface
+****************************************************************************/
+struct smbcli_request *smb_raw_lock_send(struct smbcli_tree *tree, union smb_lock *parms)
+{
+	struct smbcli_request *req = NULL;
+
+	switch (parms->generic.level) {
+	case RAW_LOCK_LOCK:
+		SETUP_REQUEST(SMBlock, 5, 0);
+		SSVAL(req->out.vwv, VWV(0), parms->lock.in.file.fnum);
+		SIVAL(req->out.vwv, VWV(1), parms->lock.in.count);
+		SIVAL(req->out.vwv, VWV(3), parms->lock.in.offset);
+		break;
+
+	case RAW_LOCK_UNLOCK:
+		SETUP_REQUEST(SMBunlock, 5, 0);
+		SSVAL(req->out.vwv, VWV(0), parms->unlock.in.file.fnum);
+		SIVAL(req->out.vwv, VWV(1), parms->unlock.in.count);
+		SIVAL(req->out.vwv, VWV(3), parms->unlock.in.offset);
+		break;
+
+	case RAW_LOCK_LOCKX: {
+		struct smb_lock_entry *lockp;
+		unsigned int lck_size = (parms->lockx.in.mode & LOCKING_ANDX_LARGE_FILES)? 20 : 10;
+		unsigned int lock_count = parms->lockx.in.ulock_cnt + parms->lockx.in.lock_cnt;
+		int i;
+
+		SETUP_REQUEST(SMBlockingX, 8, lck_size * lock_count);
+		SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
+		SSVAL(req->out.vwv, VWV(1), 0);
+		SSVAL(req->out.vwv, VWV(2), parms->lockx.in.file.fnum);
+		SSVAL(req->out.vwv, VWV(3), parms->lockx.in.mode);
+		SIVAL(req->out.vwv, VWV(4), parms->lockx.in.timeout);
+		SSVAL(req->out.vwv, VWV(6), parms->lockx.in.ulock_cnt);
+		SSVAL(req->out.vwv, VWV(7), parms->lockx.in.lock_cnt);
+
+		/* copy in all the locks */
+		lockp = &parms->lockx.in.locks[0];
+		for (i = 0; i < lock_count; i++) {
+			uint8_t *p = req->out.data + lck_size * i;
+			SSVAL(p, 0, lockp[i].pid);
+			if (parms->lockx.in.mode & LOCKING_ANDX_LARGE_FILES) {
+				SSVAL(p,  2, 0); /* reserved */
+				SIVAL(p,  4, lockp[i].offset>>32);
+				SIVAL(p,  8, lockp[i].offset);
+				SIVAL(p, 12, lockp[i].count>>32);
+				SIVAL(p, 16, lockp[i].count);
+			} else {
+				SIVAL(p, 2, lockp[i].offset);
+				SIVAL(p, 6, lockp[i].count);
+			}
+		}
+		break;
+	}
+	case RAW_LOCK_SMB2:
+	case RAW_LOCK_SMB2_BREAK:
+		return NULL;
+	}
+
+	if (!smbcli_request_send(req)) {
+		smbcli_request_destroy(req);
+		return NULL;
+	}
+
+	return req;
+}
+
+/****************************************************************************
+ Locking calls - sync interface
+****************************************************************************/
+_PUBLIC_ NTSTATUS smb_raw_lock(struct smbcli_tree *tree, union smb_lock *parms)
+{
+	struct smbcli_request *req = smb_raw_lock_send(tree, parms);
+	return smbcli_request_simple_recv(req);
+}
+
+
+/****************************************************************************
+ Check for existence of a dir - async send
+****************************************************************************/
+struct smbcli_request *smb_raw_chkpath_send(struct smbcli_tree *tree, union smb_chkpath *parms)
+{
+	struct smbcli_request *req;
+
+	SETUP_REQUEST(SMBcheckpath, 0, 0);
+
+	smbcli_req_append_ascii4(req, parms->chkpath.in.path, STR_TERMINATE);
+
+	if (!smbcli_request_send(req)) {
+		smbcli_request_destroy(req);
+		return NULL;
+	}
+
+	return req;
+}
+
+/****************************************************************************
+ Check for existence of a dir - sync interface
+****************************************************************************/
+NTSTATUS smb_raw_chkpath(struct smbcli_tree *tree, union smb_chkpath *parms)
+{
+	struct smbcli_request *req = smb_raw_chkpath_send(tree, parms);
+	return smbcli_request_simple_recv(req);
+}
+
+/****************************************************************************
+ flush a file - async send
+ a flush with RAW_FLUSH_ALL will flush all files
+****************************************************************************/
+struct smbcli_request *smb_raw_flush_send(struct smbcli_tree *tree, union smb_flush *parms)
+{
+	struct smbcli_request *req;
+	uint16_t fnum=0;
+
+	switch (parms->generic.level) {
+	case RAW_FLUSH_FLUSH:
+		fnum = parms->flush.in.file.fnum;
+		break;
+	case RAW_FLUSH_ALL:
+		fnum = 0xFFFF;
+		break;
+	case RAW_FLUSH_SMB2:
+		return NULL;
+	}
+
+	SETUP_REQUEST(SMBflush, 1, 0);
+	SSVAL(req->out.vwv, VWV(0), fnum);
+
+	if (!smbcli_request_send(req)) {
+		smbcli_request_destroy(req);
+		return NULL;
+	}
+
+	return req;
+}
+
+
+/****************************************************************************
+ flush a file - sync interface
+****************************************************************************/
+_PUBLIC_ NTSTATUS smb_raw_flush(struct smbcli_tree *tree, union smb_flush *parms)
+{
+	struct smbcli_request *req = smb_raw_flush_send(tree, parms);
+	return smbcli_request_simple_recv(req);
+}
+
+
+/****************************************************************************
+ seek a file - async send
+****************************************************************************/
+struct smbcli_request *smb_raw_seek_send(struct smbcli_tree *tree,
+					 union smb_seek *parms)
+{
+	struct smbcli_request *req;
+
+	SETUP_REQUEST(SMBlseek, 4, 0);
+
+	SSVAL(req->out.vwv, VWV(0), parms->lseek.in.file.fnum);
+	SSVAL(req->out.vwv, VWV(1), parms->lseek.in.mode);
+	SIVALS(req->out.vwv, VWV(2), parms->lseek.in.offset);
+
+	if (!smbcli_request_send(req)) {
+		smbcli_request_destroy(req);
+		return NULL;
+	}
+	return req;
+}
+
+/****************************************************************************
+ seek a file - async receive
+****************************************************************************/
+NTSTATUS smb_raw_seek_recv(struct smbcli_request *req,
+			   union smb_seek *parms)
+{
+	if (!smbcli_request_receive(req) ||
+	    smbcli_request_is_error(req)) {
+		return smbcli_request_destroy(req);
+	}
+
+	SMBCLI_CHECK_WCT(req, 2);
+	parms->lseek.out.offset = IVAL(req->in.vwv, VWV(0));
+
+failed:
+	return smbcli_request_destroy(req);
+}
+
+/*
+  seek a file - sync interface
+*/
+_PUBLIC_ NTSTATUS smb_raw_seek(struct smbcli_tree *tree,
+		      union smb_seek *parms)
+{
+	struct smbcli_request *req = smb_raw_seek_send(tree, parms);
+	return smb_raw_seek_recv(req, parms);
+}
diff --git a/source4/libcli/raw/rawfileinfo.c b/source4/libcli/raw/rawfileinfo.c
new file mode 100644
index 0000000..c8b0ec7
--- /dev/null
+++ b/source4/libcli/raw/rawfileinfo.c
@@ -0,0 +1,810 @@
+/*
+   Unix SMB/CIFS implementation.
+   client trans2 operations
+   Copyright (C) James Myers 2003
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) James Peach 2007
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "librpc/gen_ndr/ndr_security.h"
+
+/* local macros to make the code more readable */
+#define FINFO_CHECK_MIN_SIZE(size) if (blob->length < (size)) { \
+      DEBUG(1,("Unexpected FILEINFO reply size %d for level %u - expected min of %d\n", \
+	       (int)blob->length, parms->generic.level, (size))); \
+      return NT_STATUS_INFO_LENGTH_MISMATCH; \
+}
+#define FINFO_CHECK_SIZE(size) if (blob->length != (size)) { \
+      DEBUG(1,("Unexpected FILEINFO reply size %d for level %u - expected %d\n", \
+	       (int)blob->length, parms->generic.level, (size))); \
+      return NT_STATUS_INFO_LENGTH_MISMATCH; \
+}
+
+/*
+  parse a stream information structure
+*/
+NTSTATUS smbcli_parse_stream_info(DATA_BLOB blob, TALLOC_CTX *mem_ctx,
+				  struct stream_information *io)
+{
+	uint32_t ofs = 0;
+	io->num_streams = 0;
+	io->streams = NULL;
+
+	while (blob.length - ofs >= 24) {
+		unsigned int n = io->num_streams;
+		uint32_t nlen, len;
+		bool ret;
+		void *vstr;
+		size_t converted_size = 0;
+
+		io->streams =
+			talloc_realloc(mem_ctx, io->streams, struct stream_struct, n+1);
+		if (!io->streams) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		nlen                      = IVAL(blob.data, ofs + 0x04);
+		io->streams[n].size       = BVAL(blob.data, ofs + 0x08);
+		io->streams[n].alloc_size = BVAL(blob.data, ofs + 0x10);
+		if (nlen > blob.length - (ofs + 24)) {
+			return NT_STATUS_INFO_LENGTH_MISMATCH;
+		}
+		ret = convert_string_talloc(io->streams,
+					     CH_UTF16, CH_UNIX,
+					     blob.data+ofs+24, nlen, &vstr, &converted_size);
+		if (!ret) {
+			return NT_STATUS_ILLEGAL_CHARACTER;
+		}
+		io->streams[n].stream_name.s = (const char *)vstr;
+		io->streams[n].stream_name.private_length = nlen;
+		io->num_streams++;
+		len = IVAL(blob.data, ofs);
+		if (len > blob.length - ofs) {
+			return NT_STATUS_INFO_LENGTH_MISMATCH;
+		}
+		if (len == 0) break;
+		ofs += len;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  parse the fsinfo 'passthru' level replies
+*/
+NTSTATUS smb_raw_fileinfo_passthru_parse(const DATA_BLOB *blob, TALLOC_CTX *mem_ctx,
+					 enum smb_fileinfo_level level,
+					 union smb_fileinfo *parms)
+{
+	switch (level) {
+	case RAW_FILEINFO_BASIC_INFORMATION:
+		/* some servers return 40 bytes and some 36. w2k3 return 40, so that's
+		   what we should do, but we need to accept 36 */
+		if (blob->length != 36) {
+			FINFO_CHECK_SIZE(40);
+		}
+		parms->basic_info.out.create_time = smbcli_pull_nttime(blob->data, 0);
+		parms->basic_info.out.access_time = smbcli_pull_nttime(blob->data, 8);
+		parms->basic_info.out.write_time  = smbcli_pull_nttime(blob->data, 16);
+		parms->basic_info.out.change_time = smbcli_pull_nttime(blob->data, 24);
+		parms->basic_info.out.attrib      = IVAL(blob->data, 32);
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_STANDARD_INFORMATION:
+		FINFO_CHECK_SIZE(24);
+		parms->standard_info.out.alloc_size =     BVAL(blob->data, 0);
+		parms->standard_info.out.size =           BVAL(blob->data, 8);
+		parms->standard_info.out.nlink =          IVAL(blob->data, 16);
+		parms->standard_info.out.delete_pending = CVAL(blob->data, 20);
+		parms->standard_info.out.directory =      CVAL(blob->data, 21);
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_EA_INFORMATION:
+		FINFO_CHECK_SIZE(4);
+		parms->ea_info.out.ea_size = IVAL(blob->data, 0);
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_NAME_INFORMATION:
+		FINFO_CHECK_MIN_SIZE(4);
+		smbcli_blob_pull_string(NULL, mem_ctx, blob,
+					&parms->name_info.out.fname, 0, 4, STR_UNICODE);
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_ALL_INFORMATION:
+		FINFO_CHECK_MIN_SIZE(72);
+		parms->all_info.out.create_time =           smbcli_pull_nttime(blob->data, 0);
+		parms->all_info.out.access_time =           smbcli_pull_nttime(blob->data, 8);
+		parms->all_info.out.write_time =            smbcli_pull_nttime(blob->data, 16);
+		parms->all_info.out.change_time =           smbcli_pull_nttime(blob->data, 24);
+		parms->all_info.out.attrib =                IVAL(blob->data, 32);
+		parms->all_info.out.alloc_size =            BVAL(blob->data, 40);
+		parms->all_info.out.size =                  BVAL(blob->data, 48);
+		parms->all_info.out.nlink =                 IVAL(blob->data, 56);
+		parms->all_info.out.delete_pending =        CVAL(blob->data, 60);
+		parms->all_info.out.directory =             CVAL(blob->data, 61);
+#if 1
+		parms->all_info.out.ea_size =               IVAL(blob->data, 64);
+		smbcli_blob_pull_string(NULL, mem_ctx, blob,
+					&parms->all_info.out.fname, 68, 72, STR_UNICODE);
+#else
+		/* this is what the CIFS spec says - and its totally
+		   wrong, but its useful having it here so we can
+		   quickly adapt to broken servers when running
+		   tests */
+		parms->all_info.out.ea_size =               IVAL(blob->data, 72);
+		/* access flags 4 bytes at 76
+		   current_position 8 bytes at 80
+		   mode 4 bytes at 88
+		   alignment 4 bytes at 92
+		*/
+		smbcli_blob_pull_string(NULL, mem_ctx, blob,
+					&parms->all_info.out.fname, 96, 100, STR_UNICODE);
+#endif
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_ALT_NAME_INFORMATION:
+	case RAW_FILEINFO_SMB2_ALT_NAME_INFORMATION:
+		FINFO_CHECK_MIN_SIZE(4);
+		smbcli_blob_pull_string(NULL, mem_ctx, blob,
+					&parms->alt_name_info.out.fname, 0, 4, STR_UNICODE);
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_STREAM_INFORMATION:
+		return smbcli_parse_stream_info(*blob, mem_ctx, &parms->stream_info.out);
+
+	case RAW_FILEINFO_INTERNAL_INFORMATION:
+		FINFO_CHECK_SIZE(8);
+		parms->internal_information.out.file_id = BVAL(blob->data, 0);
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_ACCESS_INFORMATION:
+		FINFO_CHECK_SIZE(4);
+		parms->access_information.out.access_flags = IVAL(blob->data, 0);
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_POSITION_INFORMATION:
+		FINFO_CHECK_SIZE(8);
+		parms->position_information.out.position = BVAL(blob->data, 0);
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_MODE_INFORMATION:
+		FINFO_CHECK_SIZE(4);
+		parms->mode_information.out.mode = IVAL(blob->data, 0);
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_ALIGNMENT_INFORMATION:
+		FINFO_CHECK_SIZE(4);
+		parms->alignment_information.out.alignment_requirement
+			= IVAL(blob->data, 0);
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_COMPRESSION_INFORMATION:
+		FINFO_CHECK_SIZE(16);
+		parms->compression_info.out.compressed_size = BVAL(blob->data,  0);
+		parms->compression_info.out.format          = SVAL(blob->data,  8);
+		parms->compression_info.out.unit_shift      = CVAL(blob->data, 10);
+		parms->compression_info.out.chunk_shift     = CVAL(blob->data, 11);
+		parms->compression_info.out.cluster_shift   = CVAL(blob->data, 12);
+		/* 3 bytes of padding */
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_NETWORK_OPEN_INFORMATION:
+		FINFO_CHECK_SIZE(56);
+		parms->network_open_information.out.create_time = smbcli_pull_nttime(blob->data,  0);
+		parms->network_open_information.out.access_time = smbcli_pull_nttime(blob->data,  8);
+		parms->network_open_information.out.write_time =  smbcli_pull_nttime(blob->data, 16);
+		parms->network_open_information.out.change_time = smbcli_pull_nttime(blob->data, 24);
+		parms->network_open_information.out.alloc_size =             BVAL(blob->data, 32);
+		parms->network_open_information.out.size = 	             BVAL(blob->data, 40);
+		parms->network_open_information.out.attrib = 	             IVAL(blob->data, 48);
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_ATTRIBUTE_TAG_INFORMATION:
+		FINFO_CHECK_SIZE(8);
+		parms->attribute_tag_information.out.attrib =      IVAL(blob->data, 0);
+		parms->attribute_tag_information.out.reparse_tag = IVAL(blob->data, 4);
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_NORMALIZED_NAME_INFORMATION:
+		FINFO_CHECK_MIN_SIZE(4);
+		smbcli_blob_pull_string(NULL, mem_ctx, blob,
+					&parms->normalized_name_info.out.fname,
+					0, 4, STR_UNICODE);
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_SMB2_ALL_EAS:
+		FINFO_CHECK_MIN_SIZE(4);
+		return ea_pull_list_chained(blob, mem_ctx,
+					    &parms->all_eas.out.num_eas,
+					    &parms->all_eas.out.eas);
+
+	case RAW_FILEINFO_SMB2_ALL_INFORMATION:
+		FINFO_CHECK_MIN_SIZE(0x64);
+		parms->all_info2.out.create_time    = smbcli_pull_nttime(blob->data, 0x00);
+		parms->all_info2.out.access_time    = smbcli_pull_nttime(blob->data, 0x08);
+		parms->all_info2.out.write_time     = smbcli_pull_nttime(blob->data, 0x10);
+		parms->all_info2.out.change_time    = smbcli_pull_nttime(blob->data, 0x18);
+		parms->all_info2.out.attrib         = IVAL(blob->data, 0x20);
+		parms->all_info2.out.unknown1       = IVAL(blob->data, 0x24);
+		parms->all_info2.out.alloc_size     = BVAL(blob->data, 0x28);
+		parms->all_info2.out.size           = BVAL(blob->data, 0x30);
+		parms->all_info2.out.nlink          = IVAL(blob->data, 0x38);
+		parms->all_info2.out.delete_pending = CVAL(blob->data, 0x3C);
+		parms->all_info2.out.directory      = CVAL(blob->data, 0x3D);
+		/* 0x3E-0x3F padding */
+		parms->all_info2.out.file_id        = BVAL(blob->data, 0x40);
+		parms->all_info2.out.ea_size        = IVAL(blob->data, 0x48);
+		parms->all_info2.out.access_mask    = IVAL(blob->data, 0x4C);
+		parms->all_info2.out.position       = BVAL(blob->data, 0x50);
+		parms->all_info2.out.mode           = IVAL(blob->data, 0x58);
+		parms->all_info2.out.alignment_requirement = IVAL(blob->data, 0x5C);
+		smbcli_blob_pull_string(NULL, mem_ctx, blob,
+					&parms->all_info2.out.fname, 0x60, 0x64, STR_UNICODE);
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_SEC_DESC: {
+		enum ndr_err_code ndr_err;
+
+		parms->query_secdesc.out.sd = talloc(mem_ctx, struct security_descriptor);
+		NT_STATUS_HAVE_NO_MEMORY(parms->query_secdesc.out.sd);
+
+		ndr_err = ndr_pull_struct_blob(blob, mem_ctx,
+			parms->query_secdesc.out.sd,
+			(ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			return ndr_map_error2ntstatus(ndr_err);
+		}
+
+		return NT_STATUS_OK;
+	}
+
+	default:
+		break;
+	}
+
+	return NT_STATUS_INVALID_LEVEL;
+}
+
+
+/****************************************************************************
+ Handle qfileinfo/qpathinfo trans2 backend.
+****************************************************************************/
+static NTSTATUS smb_raw_info_backend(struct smbcli_session *session,
+				     TALLOC_CTX *mem_ctx,
+				     union smb_fileinfo *parms,
+				     DATA_BLOB *blob)
+{
+	switch (parms->generic.level) {
+	case RAW_FILEINFO_GENERIC:
+	case RAW_FILEINFO_GETATTR:
+	case RAW_FILEINFO_GETATTRE:
+	case RAW_FILEINFO_SEC_DESC:
+		/* not handled here */
+		return NT_STATUS_INVALID_LEVEL;
+
+	case RAW_FILEINFO_STANDARD:
+		if (session == NULL) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		FINFO_CHECK_SIZE(22);
+		parms->standard.out.create_time = raw_pull_dos_date2(session->transport,
+								     blob->data +  0);
+		parms->standard.out.access_time = raw_pull_dos_date2(session->transport,
+								     blob->data +  4);
+		parms->standard.out.write_time =  raw_pull_dos_date2(session->transport,
+								     blob->data +  8);
+		parms->standard.out.size =        IVAL(blob->data,             12);
+		parms->standard.out.alloc_size =  IVAL(blob->data,             16);
+		parms->standard.out.attrib =      SVAL(blob->data,             20);
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_EA_SIZE:
+		if (session == NULL) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		FINFO_CHECK_SIZE(26);
+		parms->ea_size.out.create_time = raw_pull_dos_date2(session->transport,
+								    blob->data +  0);
+		parms->ea_size.out.access_time = raw_pull_dos_date2(session->transport,
+								    blob->data +  4);
+		parms->ea_size.out.write_time =  raw_pull_dos_date2(session->transport,
+								    blob->data +  8);
+		parms->ea_size.out.size =        IVAL(blob->data,             12);
+		parms->ea_size.out.alloc_size =  IVAL(blob->data,             16);
+		parms->ea_size.out.attrib =      SVAL(blob->data,             20);
+		parms->ea_size.out.ea_size =     IVAL(blob->data,             22);
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_EA_LIST:
+		FINFO_CHECK_MIN_SIZE(4);
+		return ea_pull_list(blob, mem_ctx,
+				    &parms->ea_list.out.num_eas,
+				    &parms->ea_list.out.eas);
+
+	case RAW_FILEINFO_ALL_EAS:
+		FINFO_CHECK_MIN_SIZE(4);
+		return ea_pull_list(blob, mem_ctx,
+				    &parms->all_eas.out.num_eas,
+				    &parms->all_eas.out.eas);
+
+	case RAW_FILEINFO_IS_NAME_VALID:
+		/* no data! */
+		FINFO_CHECK_SIZE(0);
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_BASIC_INFO:
+	case RAW_FILEINFO_BASIC_INFORMATION:
+		return smb_raw_fileinfo_passthru_parse(blob, mem_ctx,
+						       RAW_FILEINFO_BASIC_INFORMATION, parms);
+
+	case RAW_FILEINFO_STANDARD_INFO:
+	case RAW_FILEINFO_STANDARD_INFORMATION:
+		return smb_raw_fileinfo_passthru_parse(blob, mem_ctx,
+						       RAW_FILEINFO_STANDARD_INFORMATION, parms);
+
+	case RAW_FILEINFO_EA_INFO:
+	case RAW_FILEINFO_EA_INFORMATION:
+		return smb_raw_fileinfo_passthru_parse(blob, mem_ctx,
+						       RAW_FILEINFO_EA_INFORMATION, parms);
+
+	case RAW_FILEINFO_NAME_INFO:
+	case RAW_FILEINFO_NAME_INFORMATION:
+		return smb_raw_fileinfo_passthru_parse(blob, mem_ctx,
+						       RAW_FILEINFO_NAME_INFORMATION, parms);
+
+	case RAW_FILEINFO_ALL_INFO:
+	case RAW_FILEINFO_ALL_INFORMATION:
+		return smb_raw_fileinfo_passthru_parse(blob, mem_ctx,
+						       RAW_FILEINFO_ALL_INFORMATION, parms);
+
+	case RAW_FILEINFO_ALT_NAME_INFO:
+	case RAW_FILEINFO_ALT_NAME_INFORMATION:
+		return smb_raw_fileinfo_passthru_parse(blob, mem_ctx,
+						       RAW_FILEINFO_ALT_NAME_INFORMATION, parms);
+
+	case RAW_FILEINFO_STREAM_INFO:
+	case RAW_FILEINFO_STREAM_INFORMATION:
+		return smb_raw_fileinfo_passthru_parse(blob, mem_ctx,
+						       RAW_FILEINFO_STREAM_INFORMATION, parms);
+
+	case RAW_FILEINFO_INTERNAL_INFORMATION:
+		return smb_raw_fileinfo_passthru_parse(blob, mem_ctx,
+						       RAW_FILEINFO_INTERNAL_INFORMATION, parms);
+
+	case RAW_FILEINFO_ACCESS_INFORMATION:
+		return smb_raw_fileinfo_passthru_parse(blob, mem_ctx,
+						       RAW_FILEINFO_ACCESS_INFORMATION, parms);
+
+	case RAW_FILEINFO_POSITION_INFORMATION:
+		return smb_raw_fileinfo_passthru_parse(blob, mem_ctx,
+						       RAW_FILEINFO_POSITION_INFORMATION, parms);
+
+	case RAW_FILEINFO_MODE_INFORMATION:
+		return smb_raw_fileinfo_passthru_parse(blob, mem_ctx,
+						       RAW_FILEINFO_MODE_INFORMATION, parms);
+
+	case RAW_FILEINFO_ALIGNMENT_INFORMATION:
+		return smb_raw_fileinfo_passthru_parse(blob, mem_ctx,
+						       RAW_FILEINFO_ALIGNMENT_INFORMATION, parms);
+
+	case RAW_FILEINFO_COMPRESSION_INFO:
+	case RAW_FILEINFO_COMPRESSION_INFORMATION:
+		return smb_raw_fileinfo_passthru_parse(blob, mem_ctx,
+						       RAW_FILEINFO_COMPRESSION_INFORMATION, parms);
+
+	case RAW_FILEINFO_UNIX_BASIC:
+		FINFO_CHECK_SIZE(100);
+		parms->unix_basic_info.out.end_of_file        =            BVAL(blob->data,  0);
+		parms->unix_basic_info.out.num_bytes          =            BVAL(blob->data,  8);
+		parms->unix_basic_info.out.status_change_time = smbcli_pull_nttime(blob->data, 16);
+		parms->unix_basic_info.out.access_time        = smbcli_pull_nttime(blob->data, 24);
+		parms->unix_basic_info.out.change_time        = smbcli_pull_nttime(blob->data, 32);
+		parms->unix_basic_info.out.uid                =            BVAL(blob->data, 40);
+		parms->unix_basic_info.out.gid                =            BVAL(blob->data, 48);
+		parms->unix_basic_info.out.file_type          =            IVAL(blob->data, 52);
+		parms->unix_basic_info.out.dev_major          =            BVAL(blob->data, 60);
+		parms->unix_basic_info.out.dev_minor          =            BVAL(blob->data, 68);
+		parms->unix_basic_info.out.unique_id          =            BVAL(blob->data, 76);
+		parms->unix_basic_info.out.permissions        =            BVAL(blob->data, 84);
+		parms->unix_basic_info.out.nlink              =            BVAL(blob->data, 92);
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_UNIX_INFO2:
+		FINFO_CHECK_SIZE(116);
+		parms->unix_info2.out.end_of_file	= BVAL(blob->data,  0);
+		parms->unix_info2.out.num_bytes		= BVAL(blob->data,  8);
+		parms->unix_info2.out.status_change_time = smbcli_pull_nttime(blob->data, 16);
+		parms->unix_info2.out.access_time	= smbcli_pull_nttime(blob->data, 24);
+		parms->unix_info2.out.change_time	= smbcli_pull_nttime(blob->data, 32);
+		parms->unix_info2.out.uid		= BVAL(blob->data, 40);
+		parms->unix_info2.out.gid		= BVAL(blob->data, 48);
+		parms->unix_info2.out.file_type		= IVAL(blob->data, 52);
+		parms->unix_info2.out.dev_major		= BVAL(blob->data, 60);
+		parms->unix_info2.out.dev_minor		= BVAL(blob->data, 68);
+		parms->unix_info2.out.unique_id		= BVAL(blob->data, 76);
+		parms->unix_info2.out.permissions	= BVAL(blob->data, 84);
+		parms->unix_info2.out.nlink		= BVAL(blob->data, 92);
+		parms->unix_info2.out.create_time	= smbcli_pull_nttime(blob->data, 100);
+		parms->unix_info2.out.file_flags	= IVAL(blob->data, 108);
+		parms->unix_info2.out.flags_mask	= IVAL(blob->data, 112);
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_UNIX_LINK:
+		smbcli_blob_pull_string(session, mem_ctx, blob,
+				     &parms->unix_link_info.out.link_dest, 0, 4, STR_UNICODE);
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_NETWORK_OPEN_INFORMATION:
+		return smb_raw_fileinfo_passthru_parse(blob, mem_ctx,
+						       RAW_FILEINFO_NETWORK_OPEN_INFORMATION, parms);
+
+	case RAW_FILEINFO_ATTRIBUTE_TAG_INFORMATION:
+		return smb_raw_fileinfo_passthru_parse(blob, mem_ctx,
+						       RAW_FILEINFO_ATTRIBUTE_TAG_INFORMATION, parms);
+
+	case RAW_FILEINFO_NORMALIZED_NAME_INFORMATION:
+		return smb_raw_fileinfo_passthru_parse(blob, mem_ctx,
+						       RAW_FILEINFO_NORMALIZED_NAME_INFORMATION, parms);
+
+	case RAW_FILEINFO_SMB2_ALL_INFORMATION:
+		return smb_raw_fileinfo_passthru_parse(blob, mem_ctx,
+						       RAW_FILEINFO_SMB2_ALL_INFORMATION, parms);
+
+	case RAW_FILEINFO_SMB2_ALL_EAS:
+		return smb_raw_fileinfo_passthru_parse(blob, mem_ctx,
+						       RAW_FILEINFO_SMB2_ALL_EAS, parms);
+
+	case RAW_FILEINFO_SMB2_ALT_NAME_INFORMATION:
+		return smb_raw_fileinfo_passthru_parse(blob, mem_ctx,
+						       RAW_FILEINFO_SMB2_ALT_NAME_INFORMATION, parms);
+
+	}
+
+	return NT_STATUS_INVALID_LEVEL;
+}
+
+
+/****************************************************************************
+ Very raw query file info - returns param/data blobs - (async send)
+****************************************************************************/
+static struct smbcli_request *smb_raw_fileinfo_blob_send(struct smbcli_tree *tree,
+							 uint16_t fnum,
+							 uint16_t info_level,
+							 DATA_BLOB data)
+{
+	struct smb_trans2 tp;
+	uint16_t setup = TRANSACT2_QFILEINFO;
+	struct smbcli_request *req;
+	TALLOC_CTX *mem_ctx = talloc_init("raw_fileinfo");
+
+	tp.in.max_setup = 0;
+	tp.in.flags = 0;
+	tp.in.timeout = 0;
+	tp.in.setup_count = 1;
+	tp.in.data = data;
+	tp.in.max_param = 2;
+	tp.in.max_data = 0xFFFF;
+	tp.in.setup = &setup;
+
+	tp.in.params = data_blob_talloc(mem_ctx, NULL, 4);
+	if (!tp.in.params.data) {
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	SSVAL(tp.in.params.data, 0, fnum);
+	SSVAL(tp.in.params.data, 2, info_level);
+
+	req = smb_raw_trans2_send(tree, &tp);
+
+	talloc_free(mem_ctx);
+
+	return req;
+}
+
+
+/****************************************************************************
+ Very raw query file info - returns param/data blobs - (async recv)
+****************************************************************************/
+static NTSTATUS smb_raw_fileinfo_blob_recv(struct smbcli_request *req,
+					   TALLOC_CTX *mem_ctx,
+					   DATA_BLOB *blob)
+{
+	struct smb_trans2 tp;
+	NTSTATUS status = smb_raw_trans2_recv(req, mem_ctx, &tp);
+	if (NT_STATUS_IS_OK(status)) {
+		*blob = tp.out.data;
+	}
+	return status;
+}
+
+/****************************************************************************
+ Very raw query path info - returns param/data blobs (async send)
+****************************************************************************/
+static struct smbcli_request *smb_raw_pathinfo_blob_send(struct smbcli_tree *tree,
+							 const char *fname,
+							 uint16_t info_level,
+							 DATA_BLOB data)
+{
+	struct smb_trans2 tp;
+	uint16_t setup = TRANSACT2_QPATHINFO;
+	struct smbcli_request *req;
+	TALLOC_CTX *mem_ctx = talloc_init("raw_pathinfo");
+
+	tp.in.max_setup = 0;
+	tp.in.flags = 0;
+	tp.in.timeout = 0;
+	tp.in.setup_count = 1;
+	tp.in.data = data;
+	tp.in.max_param = 2;
+	tp.in.max_data = 0xFFFF;
+	tp.in.setup = &setup;
+
+	tp.in.params = data_blob_talloc(mem_ctx, NULL, 6);
+	if (!tp.in.params.data) {
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	SSVAL(tp.in.params.data, 0, info_level);
+	SIVAL(tp.in.params.data, 2, 0);
+	smbcli_blob_append_string(tree->session, mem_ctx, &tp.in.params,
+			       fname, STR_TERMINATE);
+
+	req = smb_raw_trans2_send(tree, &tp);
+
+	talloc_free(mem_ctx);
+
+	return req;
+}
+
+/****************************************************************************
+ send a SMBgetatr (async send)
+****************************************************************************/
+static struct smbcli_request *smb_raw_getattr_send(struct smbcli_tree *tree,
+						union smb_fileinfo *parms)
+{
+	struct smbcli_request *req;
+
+	req = smbcli_request_setup(tree, SMBgetatr, 0, 0);
+	if (!req) return NULL;
+
+	smbcli_req_append_ascii4(req, parms->getattr.in.file.path, STR_TERMINATE);
+
+	if (!smbcli_request_send(req)) {
+		smbcli_request_destroy(req);
+		return NULL;
+	}
+
+	return req;
+}
+
+/****************************************************************************
+ send a SMBgetatr (async recv)
+****************************************************************************/
+static NTSTATUS smb_raw_getattr_recv(struct smbcli_request *req,
+				     union smb_fileinfo *parms)
+{
+	if (req == NULL) {
+		goto failed;
+	}
+
+	if (!smbcli_request_receive(req) ||
+	    smbcli_request_is_error(req)) {
+		return smbcli_request_destroy(req);
+	}
+
+	SMBCLI_CHECK_WCT(req, 10);
+	parms->getattr.out.attrib =     SVAL(req->in.vwv, VWV(0));
+	parms->getattr.out.write_time = raw_pull_dos_date3(req->transport,
+							   req->in.vwv + VWV(1));
+	parms->getattr.out.size =       IVAL(req->in.vwv, VWV(3));
+
+failed:
+	return smbcli_request_destroy(req);
+}
+
+
+/****************************************************************************
+ Handle SMBgetattrE (async send)
+****************************************************************************/
+static struct smbcli_request *smb_raw_getattrE_send(struct smbcli_tree *tree,
+						 union smb_fileinfo *parms)
+{
+	struct smbcli_request *req;
+
+	req = smbcli_request_setup(tree, SMBgetattrE, 1, 0);
+	if (!req) return NULL;
+
+	SSVAL(req->out.vwv, VWV(0), parms->getattre.in.file.fnum);
+	if (!smbcli_request_send(req)) {
+		smbcli_request_destroy(req);
+		return NULL;
+	}
+
+	return req;
+}
+
+/****************************************************************************
+ Handle SMBgetattrE (async send)
+****************************************************************************/
+static NTSTATUS smb_raw_getattrE_recv(struct smbcli_request *req,
+				      union smb_fileinfo *parms)
+{
+	if (req == NULL) {
+		goto failed;
+	}
+
+	if (!smbcli_request_receive(req) ||
+	    smbcli_request_is_error(req)) {
+		return smbcli_request_destroy(req);
+	}
+
+	SMBCLI_CHECK_WCT(req, 11);
+	parms->getattre.out.create_time =   raw_pull_dos_date2(req->transport,
+							       req->in.vwv + VWV(0));
+	parms->getattre.out.access_time =   raw_pull_dos_date2(req->transport,
+							       req->in.vwv + VWV(2));
+	parms->getattre.out.write_time  =   raw_pull_dos_date2(req->transport,
+							       req->in.vwv + VWV(4));
+	parms->getattre.out.size =          IVAL(req->in.vwv,             VWV(6));
+	parms->getattre.out.alloc_size =    IVAL(req->in.vwv,             VWV(8));
+	parms->getattre.out.attrib =        SVAL(req->in.vwv,             VWV(10));
+
+failed:
+	return smbcli_request_destroy(req);
+}
+
+
+/****************************************************************************
+ Query file info (async send)
+****************************************************************************/
+struct smbcli_request *smb_raw_fileinfo_send(struct smbcli_tree *tree,
+					     union smb_fileinfo *parms)
+{
+	DATA_BLOB data;
+	struct smbcli_request *req;
+
+	/* pass off the non-trans2 level to specialised functions */
+	if (parms->generic.level == RAW_FILEINFO_GETATTRE) {
+		return smb_raw_getattrE_send(tree, parms);
+	}
+	if (parms->generic.level == RAW_FILEINFO_SEC_DESC) {
+		return smb_raw_query_secdesc_send(tree, parms);
+	}
+	if (parms->generic.level >= RAW_FILEINFO_GENERIC) {
+		return NULL;
+	}
+
+	data = data_blob(NULL, 0);
+
+	if (parms->generic.level == RAW_FILEINFO_EA_LIST) {
+		if (!ea_push_name_list(tree,
+				       &data,
+				       parms->ea_list.in.num_names,
+				       parms->ea_list.in.ea_names)) {
+			return NULL;
+		}
+	}
+
+	req = smb_raw_fileinfo_blob_send(tree,
+					 parms->generic.in.file.fnum,
+					 parms->generic.level, data);
+
+	data_blob_free(&data);
+
+	return req;
+}
+
+/****************************************************************************
+ Query file info (async recv)
+****************************************************************************/
+NTSTATUS smb_raw_fileinfo_recv(struct smbcli_request *req,
+			       TALLOC_CTX *mem_ctx,
+			       union smb_fileinfo *parms)
+{
+	DATA_BLOB blob;
+	NTSTATUS status;
+	struct smbcli_session *session = req?req->session:NULL;
+
+	if (parms->generic.level == RAW_FILEINFO_GETATTRE) {
+		return smb_raw_getattrE_recv(req, parms);
+	}
+	if (parms->generic.level == RAW_FILEINFO_SEC_DESC) {
+		return smb_raw_query_secdesc_recv(req, mem_ctx, parms);
+	}
+	if (parms->generic.level == RAW_FILEINFO_GETATTR) {
+		return smb_raw_getattr_recv(req, parms);
+	}
+
+	status = smb_raw_fileinfo_blob_recv(req, mem_ctx, &blob);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	return smb_raw_info_backend(session, mem_ctx, parms, &blob);
+}
+
+/****************************************************************************
+ Query file info (sync interface)
+****************************************************************************/
+_PUBLIC_ NTSTATUS smb_raw_fileinfo(struct smbcli_tree *tree,
+			  TALLOC_CTX *mem_ctx,
+			  union smb_fileinfo *parms)
+{
+	struct smbcli_request *req = smb_raw_fileinfo_send(tree, parms);
+	return smb_raw_fileinfo_recv(req, mem_ctx, parms);
+}
+
+/****************************************************************************
+ Query path info (async send)
+****************************************************************************/
+_PUBLIC_ struct smbcli_request *smb_raw_pathinfo_send(struct smbcli_tree *tree,
+					     union smb_fileinfo *parms)
+{
+	DATA_BLOB data;
+	struct smbcli_request *req;
+
+	if (parms->generic.level == RAW_FILEINFO_GETATTR) {
+		return smb_raw_getattr_send(tree, parms);
+	}
+	if (parms->generic.level >= RAW_FILEINFO_GENERIC) {
+		return NULL;
+	}
+
+	data = data_blob(NULL, 0);
+
+	if (parms->generic.level == RAW_FILEINFO_EA_LIST) {
+		if (!ea_push_name_list(tree,
+				       &data,
+				       parms->ea_list.in.num_names,
+				       parms->ea_list.in.ea_names)) {
+			return NULL;
+		}
+	}
+
+	req = smb_raw_pathinfo_blob_send(tree, parms->generic.in.file.path,
+					 parms->generic.level, data);
+	data_blob_free(&data);
+
+	return req;
+}
+
+/****************************************************************************
+ Query path info (async recv)
+****************************************************************************/
+_PUBLIC_ NTSTATUS smb_raw_pathinfo_recv(struct smbcli_request *req,
+			       TALLOC_CTX *mem_ctx,
+			       union smb_fileinfo *parms)
+{
+	/* recv is identical to fileinfo */
+	return smb_raw_fileinfo_recv(req, mem_ctx, parms);
+}
+
+/****************************************************************************
+ Query path info (sync interface)
+****************************************************************************/
+_PUBLIC_ NTSTATUS smb_raw_pathinfo(struct smbcli_tree *tree,
+			  TALLOC_CTX *mem_ctx,
+			  union smb_fileinfo *parms)
+{
+	struct smbcli_request *req = smb_raw_pathinfo_send(tree, parms);
+	return smb_raw_pathinfo_recv(req, mem_ctx, parms);
+}
diff --git a/source4/libcli/raw/rawfsinfo.c b/source4/libcli/raw/rawfsinfo.c
new file mode 100644
index 0000000..9e5ad82
--- /dev/null
+++ b/source4/libcli/raw/rawfsinfo.c
@@ -0,0 +1,431 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   RAW_QFS_* operations
+
+   Copyright (C) Andrew Tridgell 2003
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+
+/****************************************************************************
+ Query FS Info - SMBdskattr call (async send)
+****************************************************************************/
+static struct smbcli_request *smb_raw_dskattr_send(struct smbcli_tree *tree,
+						union smb_fsinfo *fsinfo)
+{
+	struct smbcli_request *req;
+
+	req = smbcli_request_setup(tree, SMBdskattr, 0, 0);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	if (!smbcli_request_send(req)) {
+		smbcli_request_destroy(req);
+		return NULL;
+	}
+
+	return req;
+}
+
+/****************************************************************************
+ Query FS Info - SMBdskattr call (async recv)
+****************************************************************************/
+static NTSTATUS smb_raw_dskattr_recv(struct smbcli_request *req,
+				     union smb_fsinfo *fsinfo)
+{
+	if (!smbcli_request_receive(req) ||
+	    smbcli_request_is_error(req)) {
+		goto failed;
+	}
+
+	SMBCLI_CHECK_WCT(req, 5);
+	fsinfo->dskattr.out.units_total =     SVAL(req->in.vwv, VWV(0));
+	fsinfo->dskattr.out.blocks_per_unit = SVAL(req->in.vwv, VWV(1));
+	fsinfo->dskattr.out.block_size =      SVAL(req->in.vwv, VWV(2));
+	fsinfo->dskattr.out.units_free =      SVAL(req->in.vwv, VWV(3));
+
+failed:
+	return smbcli_request_destroy(req);
+}
+
+
+/****************************************************************************
+ RAW_QFS_ trans2 interface via blobs (async send)
+****************************************************************************/
+static struct smbcli_request *smb_raw_qfsinfo_send(struct smbcli_tree *tree,
+						TALLOC_CTX *mem_ctx,
+						uint16_t info_level)
+{
+	struct smb_trans2 tp;
+	uint16_t setup = TRANSACT2_QFSINFO;
+
+	tp.in.max_setup = 0;
+	tp.in.flags = 0;
+	tp.in.timeout = 0;
+	tp.in.setup_count = 1;
+	tp.in.max_param = 0;
+	tp.in.max_data = 0xFFFF;
+	tp.in.setup = &setup;
+	tp.in.data = data_blob(NULL, 0);
+	tp.in.timeout = 0;
+
+	tp.in.params = data_blob_talloc(mem_ctx, NULL, 2);
+	if (!tp.in.params.data) {
+		return NULL;
+	}
+	SSVAL(tp.in.params.data, 0, info_level);
+
+	return smb_raw_trans2_send(tree, &tp);
+}
+
+/****************************************************************************
+ RAW_QFS_ trans2 interface via blobs (async recv)
+****************************************************************************/
+static NTSTATUS smb_raw_qfsinfo_blob_recv(struct smbcli_request *req,
+					  TALLOC_CTX *mem_ctx,
+					  DATA_BLOB *blob)
+{
+	struct smb_trans2 tp;
+	NTSTATUS status;
+
+	status = smb_raw_trans2_recv(req, mem_ctx, &tp);
+
+	if (NT_STATUS_IS_OK(status)) {
+		(*blob) = tp.out.data;
+	}
+
+	return status;
+}
+
+
+/* local macros to make the code more readable */
+#define QFS_CHECK_MIN_SIZE(size) if (blob.length < (size)) { \
+      DEBUG(1,("Unexpected QFS reply size %d for level %u - expected min of %d\n", \
+	       (int)blob.length, fsinfo->generic.level, (size))); \
+      status = NT_STATUS_INFO_LENGTH_MISMATCH; \
+      goto failed; \
+}
+#define QFS_CHECK_SIZE(size) if (blob.length != (size)) { \
+      DEBUG(1,("Unexpected QFS reply size %d for level %u - expected %d\n", \
+	       (int)blob.length, fsinfo->generic.level, (size))); \
+      status = NT_STATUS_INFO_LENGTH_MISMATCH; \
+      goto failed; \
+}
+
+
+/****************************************************************************
+ Query FSInfo raw interface (async send)
+****************************************************************************/
+struct smbcli_request *smb_raw_fsinfo_send(struct smbcli_tree *tree,
+					TALLOC_CTX *mem_ctx,
+					union smb_fsinfo *fsinfo)
+{
+	uint16_t info_level;
+
+	/* handle the only non-trans2 call separately */
+	if (fsinfo->generic.level == RAW_QFS_DSKATTR) {
+		return smb_raw_dskattr_send(tree, fsinfo);
+	}
+	if (fsinfo->generic.level >= RAW_QFS_GENERIC) {
+		return NULL;
+	}
+
+	/* the headers map the trans2 levels direct to info levels */
+	info_level = (uint16_t)fsinfo->generic.level;
+
+	return smb_raw_qfsinfo_send(tree, mem_ctx, info_level);
+}
+
+/*
+  parse the fsinfo 'passthru' level replies
+*/
+NTSTATUS smb_raw_fsinfo_passthru_parse(DATA_BLOB blob, TALLOC_CTX *mem_ctx,
+				       enum smb_fsinfo_level level,
+				       union smb_fsinfo *fsinfo)
+{
+	NTSTATUS status = NT_STATUS_OK;
+	int i;
+
+	/* parse the results */
+	switch (level) {
+	case RAW_QFS_VOLUME_INFORMATION:
+		QFS_CHECK_MIN_SIZE(18);
+		fsinfo->volume_info.out.create_time   = smbcli_pull_nttime(blob.data, 0);
+		fsinfo->volume_info.out.serial_number = IVAL(blob.data, 8);
+		smbcli_blob_pull_string(NULL, mem_ctx, &blob,
+					&fsinfo->volume_info.out.volume_name,
+					12, 18, STR_UNICODE);
+		break;
+
+	case RAW_QFS_SIZE_INFORMATION:
+		QFS_CHECK_SIZE(24);
+		fsinfo->size_info.out.total_alloc_units = BVAL(blob.data,  0);
+		fsinfo->size_info.out.avail_alloc_units = BVAL(blob.data,  8);
+		fsinfo->size_info.out.sectors_per_unit =  IVAL(blob.data, 16);
+		fsinfo->size_info.out.bytes_per_sector =  IVAL(blob.data, 20);
+		break;
+
+	case RAW_QFS_DEVICE_INFORMATION:
+		QFS_CHECK_SIZE(8);
+		fsinfo->device_info.out.device_type     = IVAL(blob.data,  0);
+		fsinfo->device_info.out.characteristics = IVAL(blob.data,  4);
+		break;
+
+	case RAW_QFS_ATTRIBUTE_INFORMATION:
+		QFS_CHECK_MIN_SIZE(12);
+		fsinfo->attribute_info.out.fs_attr   =                 IVAL(blob.data, 0);
+		fsinfo->attribute_info.out.max_file_component_length = IVAL(blob.data, 4);
+		smbcli_blob_pull_string(NULL, mem_ctx, &blob,
+					&fsinfo->attribute_info.out.fs_type,
+					8, 12, STR_UNICODE);
+		break;
+
+	case RAW_QFS_QUOTA_INFORMATION:
+		QFS_CHECK_SIZE(48);
+		fsinfo->quota_information.out.unknown[0] =  BVAL(blob.data,  0);
+		fsinfo->quota_information.out.unknown[1] =  BVAL(blob.data,  8);
+		fsinfo->quota_information.out.unknown[2] =  BVAL(blob.data, 16);
+		fsinfo->quota_information.out.quota_soft =  BVAL(blob.data, 24);
+		fsinfo->quota_information.out.quota_hard =  BVAL(blob.data, 32);
+		fsinfo->quota_information.out.quota_flags = BVAL(blob.data, 40);
+		break;
+
+	case RAW_QFS_FULL_SIZE_INFORMATION:
+		QFS_CHECK_SIZE(32);
+		fsinfo->full_size_information.out.total_alloc_units =        BVAL(blob.data,  0);
+		fsinfo->full_size_information.out.call_avail_alloc_units =   BVAL(blob.data,  8);
+		fsinfo->full_size_information.out.actual_avail_alloc_units = BVAL(blob.data, 16);
+		fsinfo->full_size_information.out.sectors_per_unit =         IVAL(blob.data, 24);
+		fsinfo->full_size_information.out.bytes_per_sector =         IVAL(blob.data, 28);
+		break;
+
+	case RAW_QFS_OBJECTID_INFORMATION: {
+		DATA_BLOB b2 = data_blob_const(blob.data, MIN(16, blob.length));
+		QFS_CHECK_SIZE(64);
+		status = GUID_from_ndr_blob(&b2, &fsinfo->objectid_information.out.guid);
+		NT_STATUS_NOT_OK_RETURN(status);
+		for (i=0;i<6;i++) {
+			fsinfo->objectid_information.out.unknown[i] = BVAL(blob.data, 16 + i*8);
+		}
+		break;
+
+	case RAW_QFS_SECTOR_SIZE_INFORMATION:
+		QFS_CHECK_SIZE(28);
+		fsinfo->sector_size_info.out.logical_bytes_per_sector
+							= IVAL(blob.data,  0);
+		fsinfo->sector_size_info.out.phys_bytes_per_sector_atomic
+							= IVAL(blob.data,  4);
+		fsinfo->sector_size_info.out.phys_bytes_per_sector_perf
+							= IVAL(blob.data,  8);
+		fsinfo->sector_size_info.out.fs_effective_phys_bytes_per_sector_atomic
+							= IVAL(blob.data, 12);
+		fsinfo->sector_size_info.out.flags	= IVAL(blob.data, 16);
+		fsinfo->sector_size_info.out.byte_off_sector_align
+							= IVAL(blob.data, 20);
+		fsinfo->sector_size_info.out.byte_off_partition_align
+							= IVAL(blob.data, 24);
+		break;
+	}
+
+	default:
+		status = NT_STATUS_INVALID_INFO_CLASS;
+	}
+
+failed:
+	return status;
+}
+
+
+/****************************************************************************
+ Query FSInfo raw interface (async recv)
+****************************************************************************/
+NTSTATUS smb_raw_fsinfo_recv(struct smbcli_request *req,
+			     TALLOC_CTX *mem_ctx,
+			     union smb_fsinfo *fsinfo)
+{
+	DATA_BLOB blob;
+	NTSTATUS status;
+	struct smbcli_session *session = req?req->session:NULL;
+
+	if (fsinfo->generic.level == RAW_QFS_DSKATTR) {
+		return smb_raw_dskattr_recv(req, fsinfo);
+	}
+
+	status = smb_raw_qfsinfo_blob_recv(req, mem_ctx, &blob);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	/* parse the results */
+	switch (fsinfo->generic.level) {
+	case RAW_QFS_GENERIC:
+	case RAW_QFS_DSKATTR:
+		/* handled above */
+		break;
+
+	case RAW_QFS_ALLOCATION:
+		QFS_CHECK_SIZE(18);
+		fsinfo->allocation.out.fs_id =             IVAL(blob.data,  0);
+		fsinfo->allocation.out.sectors_per_unit =  IVAL(blob.data,  4);
+		fsinfo->allocation.out.total_alloc_units = IVAL(blob.data,  8);
+		fsinfo->allocation.out.avail_alloc_units = IVAL(blob.data, 12);
+		fsinfo->allocation.out.bytes_per_sector =  SVAL(blob.data, 16);
+		break;
+
+	case RAW_QFS_VOLUME:
+		QFS_CHECK_MIN_SIZE(5);
+		fsinfo->volume.out.serial_number = IVAL(blob.data, 0);
+		smbcli_blob_pull_string(session, mem_ctx, &blob,
+				     &fsinfo->volume.out.volume_name,
+				     4, 5, STR_LEN8BIT | STR_NOALIGN);
+		break;
+
+	case RAW_QFS_VOLUME_INFO:
+	case RAW_QFS_VOLUME_INFORMATION:
+		return smb_raw_fsinfo_passthru_parse(blob, mem_ctx,
+						     RAW_QFS_VOLUME_INFORMATION, fsinfo);
+
+	case RAW_QFS_SIZE_INFO:
+	case RAW_QFS_SIZE_INFORMATION:
+		return smb_raw_fsinfo_passthru_parse(blob, mem_ctx,
+						     RAW_QFS_SIZE_INFORMATION, fsinfo);
+
+	case RAW_QFS_DEVICE_INFO:
+	case RAW_QFS_DEVICE_INFORMATION:
+		return smb_raw_fsinfo_passthru_parse(blob, mem_ctx,
+						     RAW_QFS_DEVICE_INFORMATION, fsinfo);
+
+	case RAW_QFS_ATTRIBUTE_INFO:
+	case RAW_QFS_ATTRIBUTE_INFORMATION:
+		return smb_raw_fsinfo_passthru_parse(blob, mem_ctx,
+						     RAW_QFS_ATTRIBUTE_INFORMATION, fsinfo);
+
+	case RAW_QFS_UNIX_INFO:
+		QFS_CHECK_SIZE(12);
+		fsinfo->unix_info.out.major_version = SVAL(blob.data, 0);
+		fsinfo->unix_info.out.minor_version = SVAL(blob.data, 2);
+		fsinfo->unix_info.out.capability    = SVAL(blob.data, 4);
+		break;
+
+	case RAW_QFS_QUOTA_INFORMATION:
+		return smb_raw_fsinfo_passthru_parse(blob, mem_ctx,
+						     RAW_QFS_QUOTA_INFORMATION, fsinfo);
+
+	case RAW_QFS_FULL_SIZE_INFORMATION:
+		return smb_raw_fsinfo_passthru_parse(blob, mem_ctx,
+						     RAW_QFS_FULL_SIZE_INFORMATION, fsinfo);
+
+	case RAW_QFS_OBJECTID_INFORMATION:
+		return smb_raw_fsinfo_passthru_parse(blob, mem_ctx,
+						     RAW_QFS_OBJECTID_INFORMATION, fsinfo);
+
+	case RAW_QFS_SECTOR_SIZE_INFORMATION:
+		return smb_raw_fsinfo_passthru_parse(blob, mem_ctx,
+				RAW_QFS_SECTOR_SIZE_INFORMATION, fsinfo);
+	}
+
+failed:
+	return status;
+}
+
+/****************************************************************************
+ Query FSInfo raw interface (sync interface)
+****************************************************************************/
+_PUBLIC_ NTSTATUS smb_raw_fsinfo(struct smbcli_tree *tree,
+			TALLOC_CTX *mem_ctx,
+			union smb_fsinfo *fsinfo)
+{
+	struct smbcli_request *req = smb_raw_fsinfo_send(tree, mem_ctx, fsinfo);
+	return smb_raw_fsinfo_recv(req, mem_ctx, fsinfo);
+}
+
+/****************************************************************************
+ Set FSInfo raw interface (async recv)
+****************************************************************************/
+static NTSTATUS smb_raw_setfsinfo_recv(struct smbcli_request *req,
+			     TALLOC_CTX *mem_ctx,
+			     union smb_setfsinfo *set_fsinfo)
+{
+	DATA_BLOB blob = data_blob_null;
+	NTSTATUS status;
+
+	if (set_fsinfo->generic.level != RAW_SETFS_UNIX_INFO) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	status = smb_raw_qfsinfo_blob_recv(req, mem_ctx, &blob);
+	data_blob_free(&blob);
+	return status;
+}
+
+/****************************************************************************
+ Set FSInfo raw interface (async send)
+****************************************************************************/
+static struct smbcli_request *smb_raw_setfsinfo_send(struct smbcli_tree *tree,
+						TALLOC_CTX *mem_ctx,
+						union smb_setfsinfo *set_fsinfo)
+{
+	struct smb_trans2 tp;
+	uint16_t info_level;
+	uint16_t setup = TRANSACT2_SETFSINFO;
+
+	if (set_fsinfo->generic.level != RAW_SETFS_UNIX_INFO) {
+		return NULL;
+	}
+	tp.in.max_setup = 0;
+	tp.in.flags = 0;
+	tp.in.timeout = 0;
+	tp.in.setup_count = 1;
+	tp.in.max_param = 0;
+	tp.in.max_data = 0xFFFF;
+	tp.in.setup = &setup;
+	tp.in.timeout = 0;
+
+	tp.in.params = data_blob_talloc(mem_ctx, NULL, 4);
+	if (!tp.in.params.data) {
+		return NULL;
+	}
+	info_level = (uint16_t)set_fsinfo->generic.level;
+	SSVAL(tp.in.params.data, 0, 0);
+	SSVAL(tp.in.params.data, 2, info_level);
+
+	tp.in.data = data_blob_talloc(mem_ctx, NULL, 12);
+	if (!tp.in.data.data) {
+		return NULL;
+	}
+
+	SSVAL(tp.in.data.data, 0, set_fsinfo->unix_info.in.major_version);
+	SSVAL(tp.in.data.data, 2, set_fsinfo->unix_info.in.minor_version);
+	SBVAL(tp.in.data.data, 4, set_fsinfo->unix_info.in.capability);
+
+	return smb_raw_trans2_send(tree, &tp);
+}
+
+/****************************************************************************
+ Set FSInfo raw interface (sync interface)
+****************************************************************************/
+_PUBLIC_ NTSTATUS smb_raw_setfsinfo(struct smbcli_tree *tree,
+			TALLOC_CTX *mem_ctx,
+			union smb_setfsinfo *set_fsinfo)
+{
+	struct smbcli_request *req = smb_raw_setfsinfo_send(tree, mem_ctx, set_fsinfo);
+	return smb_raw_setfsinfo_recv(req, mem_ctx, set_fsinfo);
+}
diff --git a/source4/libcli/raw/rawioctl.c b/source4/libcli/raw/rawioctl.c
new file mode 100644
index 0000000..7971478
--- /dev/null
+++ b/source4/libcli/raw/rawioctl.c
@@ -0,0 +1,173 @@
+/*
+   Unix SMB/CIFS implementation.
+   client file operations
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) James J Myers 2003 <myersjj@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+
+#define SETUP_REQUEST(cmd, wct, buflen) do { \
+	req = smbcli_request_setup(tree, cmd, wct, buflen); \
+	if (!req) return NULL; \
+} while (0)
+
+/*
+   send a raw smb ioctl - async send
+*/
+static struct smbcli_request *smb_raw_smbioctl_send(struct smbcli_tree *tree,
+						 union smb_ioctl *parms)
+{
+	struct smbcli_request *req;
+
+	SETUP_REQUEST(SMBioctl, 3, 0);
+
+	SSVAL(req->out.vwv, VWV(0), parms->ioctl.in.file.fnum);
+	SIVAL(req->out.vwv, VWV(1), parms->ioctl.in.request);
+
+	if (!smbcli_request_send(req)) {
+		smbcli_request_destroy(req);
+		return NULL;
+	}
+
+	return req;
+}
+
+/*
+   send a raw smb ioctl - async recv
+*/
+static NTSTATUS smb_raw_smbioctl_recv(struct smbcli_request *req,
+				      TALLOC_CTX *mem_ctx,
+				      union smb_ioctl *parms)
+{
+	if (!smbcli_request_receive(req) ||
+	    smbcli_request_is_error(req)) {
+		return smbcli_request_destroy(req);
+	}
+
+	parms->ioctl.out.blob = smbcli_req_pull_blob(&req->in.bufinfo, mem_ctx, req->in.data, -1);
+	return smbcli_request_destroy(req);
+}
+
+
+
+/****************************************************************************
+NT ioctl (async send)
+****************************************************************************/
+static struct smbcli_request *smb_raw_ntioctl_send(struct smbcli_tree *tree,
+						union smb_ioctl *parms)
+{
+	struct smb_nttrans nt;
+	uint8_t setup[8];
+
+	nt.in.max_setup = 4;
+	nt.in.max_param = 0;
+	nt.in.max_data = parms->ntioctl.in.max_data;
+	nt.in.setup_count = 4;
+	nt.in.setup = setup;
+	SIVAL(setup, 0, parms->ntioctl.in.function);
+	SSVAL(setup, 4, parms->ntioctl.in.file.fnum);
+	SCVAL(setup, 6, parms->ntioctl.in.fsctl);
+	SCVAL(setup, 7, parms->ntioctl.in.filter);
+	nt.in.function = NT_TRANSACT_IOCTL;
+	nt.in.params = data_blob(NULL, 0);
+	nt.in.data = parms->ntioctl.in.blob;
+
+	return smb_raw_nttrans_send(tree, &nt);
+}
+
+/****************************************************************************
+NT ioctl (async recv)
+****************************************************************************/
+static NTSTATUS smb_raw_ntioctl_recv(struct smbcli_request *req,
+				     TALLOC_CTX *mem_ctx,
+				     union smb_ioctl *parms)
+{
+	NTSTATUS status;
+	struct smb_nttrans nt;
+	TALLOC_CTX *tmp_mem;
+
+	tmp_mem = talloc_new(mem_ctx);
+	NT_STATUS_HAVE_NO_MEMORY(tmp_mem);
+
+	status = smb_raw_nttrans_recv(req, tmp_mem, &nt);
+	if (!NT_STATUS_IS_OK(status)) goto fail;
+
+	parms->ntioctl.out.blob = nt.out.data;
+	talloc_steal(mem_ctx, parms->ntioctl.out.blob.data);
+
+fail:
+	talloc_free(tmp_mem);
+	return status;
+}
+
+
+/*
+   send a raw ioctl - async send
+*/
+struct smbcli_request *smb_raw_ioctl_send(struct smbcli_tree *tree, union smb_ioctl *parms)
+{
+	struct smbcli_request *req = NULL;
+
+	switch (parms->generic.level) {
+	case RAW_IOCTL_IOCTL:
+		req = smb_raw_smbioctl_send(tree, parms);
+		break;
+
+	case RAW_IOCTL_NTIOCTL:
+		req = smb_raw_ntioctl_send(tree, parms);
+		break;
+
+	case RAW_IOCTL_SMB2:
+	case RAW_IOCTL_SMB2_NO_HANDLE:
+		return NULL;
+	}
+
+	return req;
+}
+
+/*
+   recv a raw ioctl - async recv
+*/
+NTSTATUS smb_raw_ioctl_recv(struct smbcli_request *req,
+			    TALLOC_CTX *mem_ctx, union smb_ioctl *parms)
+{
+	switch (parms->generic.level) {
+	case RAW_IOCTL_IOCTL:
+		return smb_raw_smbioctl_recv(req, mem_ctx, parms);
+
+	case RAW_IOCTL_NTIOCTL:
+		return smb_raw_ntioctl_recv(req, mem_ctx, parms);
+
+	case RAW_IOCTL_SMB2:
+	case RAW_IOCTL_SMB2_NO_HANDLE:
+		break;
+	}
+	return NT_STATUS_INVALID_LEVEL;
+}
+
+/*
+   send a raw ioctl - sync interface
+*/
+NTSTATUS smb_raw_ioctl(struct smbcli_tree *tree,
+		TALLOC_CTX *mem_ctx, union smb_ioctl *parms)
+{
+	struct smbcli_request *req;
+	req = smb_raw_ioctl_send(tree, parms);
+	return smb_raw_ioctl_recv(req, mem_ctx, parms);
+}
diff --git a/source4/libcli/raw/rawlpq.c b/source4/libcli/raw/rawlpq.c
new file mode 100644
index 0000000..2da647a
--- /dev/null
+++ b/source4/libcli/raw/rawlpq.c
@@ -0,0 +1,48 @@
+/*
+   Unix SMB/CIFS implementation.
+   client lpq operations
+   Copyright (C) Tim Potter 2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+
+/****************************************************************************
+ lpq - async send
+****************************************************************************/
+struct smbcli_request *smb_raw_lpq_send(struct smbcli_tree *tree,
+					union smb_lpq *parms)
+{
+	return NULL;
+}
+
+/****************************************************************************
+ lpq - async receive
+****************************************************************************/
+NTSTATUS smb_raw_lpq_recv(struct smbcli_request *req, union smb_lpq *parms)
+{
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/*
+  lpq - sync interface
+*/
+NTSTATUS smb_raw_lpq(struct smbcli_tree *tree, union smb_lpq *parms)
+{
+	struct smbcli_request *req = smb_raw_lpq_send(tree, parms);
+	return smb_raw_lpq_recv(req, parms);
+}
diff --git a/source4/libcli/raw/rawnegotiate.c b/source4/libcli/raw/rawnegotiate.c
new file mode 100644
index 0000000..22f681e
--- /dev/null
+++ b/source4/libcli/raw/rawnegotiate.c
@@ -0,0 +1,183 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   SMB client negotiate context management functions
+
+   Copyright (C) Andrew Tridgell 1994-2005
+   Copyright (C) James Myers 2003 <myersjj@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <tevent.h>
+#include "system/time.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "../libcli/smb/smbXcli_base.h"
+#include "../lib/util/tevent_ntstatus.h"
+
+NTSTATUS smb_raw_negotiate_fill_transport(struct smbcli_transport *transport)
+{
+	struct smbcli_negotiate *n = &transport->negotiate;
+	struct smbXcli_conn *c = transport->conn;
+	NTTIME ntt;
+
+	n->protocol = smbXcli_conn_protocol(c);
+	if (n->protocol > PROTOCOL_NT1) {
+		return NT_STATUS_REVISION_MISMATCH;
+	}
+
+	n->sec_mode = smb1cli_conn_server_security_mode(c);
+	n->max_mux  = smbXcli_conn_max_requests(c);
+	n->max_xmit = smb1cli_conn_max_xmit(c);
+	n->sesskey  = smb1cli_conn_server_session_key(c);
+	n->capabilities = smb1cli_conn_capabilities(c);;
+
+	/* this time arrives in real GMT */
+	ntt = smbXcli_conn_server_system_time(c);
+	n->server_time = nt_time_to_unix(ntt);
+	n->server_zone = smb1cli_conn_server_time_zone(c);
+
+	if (n->capabilities & CAP_EXTENDED_SECURITY) {
+		const DATA_BLOB *b = smbXcli_conn_server_gss_blob(c);
+		if (b) {
+			n->secblob = *b;
+		}
+	} else {
+		const uint8_t *p = smb1cli_conn_server_challenge(c);
+		if (p) {
+			n->secblob = data_blob_const(p, 8);
+		}
+	}
+
+	n->readbraw_supported = smb1cli_conn_server_readbraw(c);
+	n->readbraw_supported = smb1cli_conn_server_writebraw(c);
+	n->lockread_supported = smb1cli_conn_server_lockread(c);
+
+	return NT_STATUS_OK;
+}
+
+struct smb_raw_negotiate_state {
+	struct smbcli_transport *transport;
+};
+
+static void smb_raw_negotiate_done(struct tevent_req *subreq);
+
+struct tevent_req *smb_raw_negotiate_send(TALLOC_CTX *mem_ctx,
+					  struct tevent_context *ev,
+					  struct smbcli_transport *transport,
+					  int minprotocol,
+					  int maxprotocol)
+{
+	struct tevent_req *req;
+	struct smb_raw_negotiate_state *state;
+	struct tevent_req *subreq;
+	uint32_t timeout_msec = transport->options.request_timeout * 1000;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct smb_raw_negotiate_state);;
+	if (req == NULL) {
+		return NULL;
+	}
+	state->transport = transport;
+
+	if (maxprotocol > PROTOCOL_NT1) {
+		maxprotocol = PROTOCOL_NT1;
+	}
+
+	if (minprotocol > maxprotocol) {
+		minprotocol = maxprotocol;
+	}
+
+	subreq = smbXcli_negprot_send(state, ev,
+				      transport->conn,
+				      timeout_msec,
+				      minprotocol,
+				      maxprotocol,
+				      transport->options.max_credits,
+				      NULL);
+	if (tevent_req_nomem(subreq, req)) {
+		return tevent_req_post(req, ev);
+	}
+	tevent_req_set_callback(subreq, smb_raw_negotiate_done, req);
+
+	return req;
+}
+
+static void smb_raw_negotiate_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req =
+		tevent_req_callback_data(subreq,
+		struct tevent_req);
+	struct smb_raw_negotiate_state *state =
+		tevent_req_data(req,
+		struct smb_raw_negotiate_state);
+	NTSTATUS status;
+
+	status = smbXcli_negprot_recv(subreq, NULL, NULL);
+	TALLOC_FREE(subreq);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	status = smb_raw_negotiate_fill_transport(state->transport);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	tevent_req_done(req);
+}
+
+/*
+ Send a negprot command.
+*/
+NTSTATUS smb_raw_negotiate_recv(struct tevent_req *req)
+{
+	return tevent_req_simple_recv_ntstatus(req);
+}
+
+
+/*
+ Send a negprot command (sync interface)
+*/
+NTSTATUS smb_raw_negotiate(struct smbcli_transport *transport, bool unicode,
+			   int minprotocol, int maxprotocol)
+{
+	NTSTATUS status;
+	struct tevent_req *subreq = NULL;
+	bool ok;
+
+	subreq = smb_raw_negotiate_send(transport,
+					transport->ev,
+					transport,
+					minprotocol,
+					maxprotocol);
+	if (subreq == NULL) {
+		status = NT_STATUS_NO_MEMORY;
+		goto failed;
+	}
+
+	ok = tevent_req_poll(subreq, transport->ev);
+	if (!ok) {
+		status = map_nt_error_from_unix_common(errno);
+		goto failed;
+	}
+
+	status = smb_raw_negotiate_recv(subreq);
+
+failed:
+	TALLOC_FREE(subreq);
+	return status;
+}
diff --git a/source4/libcli/raw/rawnotify.c b/source4/libcli/raw/rawnotify.c
new file mode 100644
index 0000000..a78a023
--- /dev/null
+++ b/source4/libcli/raw/rawnotify.c
@@ -0,0 +1,122 @@
+/*
+   Unix SMB/CIFS implementation.
+   client change notify operations
+   Copyright (C) Andrew Tridgell 2003
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <tevent.h>
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+
+/****************************************************************************
+change notify (async send)
+****************************************************************************/
+_PUBLIC_ struct smbcli_request *smb_raw_changenotify_send(struct smbcli_tree *tree, union smb_notify *parms)
+{
+	struct smb_nttrans nt;
+	uint8_t setup[8];
+
+	if (parms->nttrans.level != RAW_NOTIFY_NTTRANS) {
+		return NULL;
+	}
+
+	nt.in.max_setup = 0;
+	nt.in.max_param = parms->nttrans.in.buffer_size;
+	nt.in.max_data = 0;
+	nt.in.setup_count = 4;
+	nt.in.setup = setup;
+	SIVAL(setup, 0, parms->nttrans.in.completion_filter);
+	SSVAL(setup, 4, parms->nttrans.in.file.fnum);
+	SSVAL(setup, 6, parms->nttrans.in.recursive);
+	nt.in.function = NT_TRANSACT_NOTIFY_CHANGE;
+	nt.in.params = data_blob(NULL, 0);
+	nt.in.data = data_blob(NULL, 0);
+
+	return smb_raw_nttrans_send(tree, &nt);
+}
+
+/****************************************************************************
+change notify (async recv)
+****************************************************************************/
+_PUBLIC_ NTSTATUS smb_raw_changenotify_recv(struct smbcli_request *req,
+				   TALLOC_CTX *mem_ctx, union smb_notify *parms)
+{
+	struct smb_nttrans nt;
+	NTSTATUS status;
+	uint32_t ofs, i;
+	struct smbcli_session *session = req?req->session:NULL;
+
+	if (parms->nttrans.level != RAW_NOTIFY_NTTRANS) {
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	status = smb_raw_nttrans_recv(req, mem_ctx, &nt);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	parms->nttrans.out.changes = NULL;
+	parms->nttrans.out.num_changes = 0;
+
+	/* count them */
+	for (ofs=0; nt.out.params.length - ofs > 12; ) {
+		uint32_t next = IVAL(nt.out.params.data, ofs);
+		if (next % 4 != 0)
+			return NT_STATUS_INVALID_NETWORK_RESPONSE;
+		parms->nttrans.out.num_changes++;
+		if (next == 0 ||
+		    ofs + next >= nt.out.params.length) break;
+		ofs += next;
+	}
+
+	/* allocate array */
+	parms->nttrans.out.changes = talloc_array(mem_ctx, struct notify_changes, parms->nttrans.out.num_changes);
+	if (!parms->nttrans.out.changes) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i=ofs=0; i<parms->nttrans.out.num_changes; i++) {
+		parms->nttrans.out.changes[i].action = IVAL(nt.out.params.data, ofs+4);
+		smbcli_blob_pull_string(session, mem_ctx, &nt.out.params,
+					&parms->nttrans.out.changes[i].name,
+					ofs+8, ofs+12, STR_UNICODE);
+		ofs += IVAL(nt.out.params.data, ofs);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ Send a NT Cancel request - used to hurry along a pending request. Usually
+ used to cancel a pending change notify request
+ note that this request does not expect a response!
+****************************************************************************/
+NTSTATUS smb_raw_ntcancel(struct smbcli_request *oldreq)
+{
+	bool ok;
+
+	if (oldreq->subreqs[0] == NULL) {
+		return NT_STATUS_OK;
+	}
+
+	ok = tevent_req_cancel(oldreq->subreqs[0]);
+	if (!ok) {
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/libcli/raw/rawreadwrite.c b/source4/libcli/raw/rawreadwrite.c
new file mode 100644
index 0000000..384db55
--- /dev/null
+++ b/source4/libcli/raw/rawreadwrite.c
@@ -0,0 +1,345 @@
+/*
+   Unix SMB/CIFS implementation.
+   client file read/write routines
+   Copyright (C) Andrew Tridgell 1994-1998
+   Copyright (C) James Myers 2003
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+
+#define SETUP_REQUEST(cmd, wct, buflen) do { \
+	req = smbcli_request_setup(tree, cmd, wct, buflen); \
+	if (!req) return NULL; \
+} while (0)
+
+/****************************************************************************
+ low level read operation (async send)
+****************************************************************************/
+_PUBLIC_ struct smbcli_request *smb_raw_read_send(struct smbcli_tree *tree, union smb_read *parms)
+{
+	bool bigoffset = false;
+	struct smbcli_request *req = NULL;
+
+	switch (parms->generic.level) {
+	case RAW_READ_READBRAW:
+		if (tree->session->transport->negotiate.capabilities & CAP_LARGE_FILES) {
+			bigoffset = true;
+		}
+		SETUP_REQUEST(SMBreadbraw, bigoffset? 10:8, 0);
+		SSVAL(req->out.vwv, VWV(0), parms->readbraw.in.file.fnum);
+		SIVAL(req->out.vwv, VWV(1), parms->readbraw.in.offset);
+		SSVAL(req->out.vwv, VWV(3), parms->readbraw.in.maxcnt);
+		SSVAL(req->out.vwv, VWV(4), parms->readbraw.in.mincnt);
+		SIVAL(req->out.vwv, VWV(5), parms->readbraw.in.timeout);
+		SSVAL(req->out.vwv, VWV(7), 0); /* reserved */
+		if (bigoffset) {
+			SIVAL(req->out.vwv, VWV(8),parms->readbraw.in.offset>>32);
+		}
+		break;
+
+	case RAW_READ_LOCKREAD:
+		SETUP_REQUEST(SMBlockread, 5, 0);
+		SSVAL(req->out.vwv, VWV(0), parms->lockread.in.file.fnum);
+		SSVAL(req->out.vwv, VWV(1), parms->lockread.in.count);
+		SIVAL(req->out.vwv, VWV(2), parms->lockread.in.offset);
+		SSVAL(req->out.vwv, VWV(4), parms->lockread.in.remaining);
+		break;
+
+	case RAW_READ_READ:
+		SETUP_REQUEST(SMBread, 5, 0);
+		SSVAL(req->out.vwv, VWV(0), parms->read.in.file.fnum);
+		SSVAL(req->out.vwv, VWV(1), parms->read.in.count);
+		SIVAL(req->out.vwv, VWV(2), parms->read.in.offset);
+		SSVAL(req->out.vwv, VWV(4), parms->read.in.remaining);
+		break;
+
+	case RAW_READ_READX:
+		if (tree->session->transport->negotiate.capabilities & CAP_LARGE_FILES) {
+			bigoffset = true;
+		}
+		SETUP_REQUEST(SMBreadX, bigoffset ? 12 : 10, 0);
+		SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
+		SSVAL(req->out.vwv, VWV(1), 0);
+		SSVAL(req->out.vwv, VWV(2), parms->readx.in.file.fnum);
+		SIVAL(req->out.vwv, VWV(3), parms->readx.in.offset);
+		SSVAL(req->out.vwv, VWV(5), parms->readx.in.maxcnt & 0xFFFF);
+		SSVAL(req->out.vwv, VWV(6), parms->readx.in.mincnt);
+		SIVAL(req->out.vwv, VWV(7), parms->readx.in.maxcnt >> 16);
+		SSVAL(req->out.vwv, VWV(9), parms->readx.in.remaining);
+		/*
+		 * TODO: give an error when the offset is 64 bit
+		 *       and the server doesn't support it
+		 */
+		if (bigoffset) {
+			SIVAL(req->out.vwv, VWV(10),parms->readx.in.offset>>32);
+		}
+		if (parms->readx.in.read_for_execute) {
+			uint16_t flags2 = SVAL(req->out.hdr, HDR_FLG2);
+			flags2 |= FLAGS2_READ_PERMIT_EXECUTE;
+			SSVAL(req->out.hdr, HDR_FLG2, flags2);
+		}
+		break;
+
+	case RAW_READ_SMB2:
+		return NULL;
+	}
+
+	if (!smbcli_request_send(req)) {
+		smbcli_request_destroy(req);
+		return NULL;
+	}
+
+	return req;
+}
+
+/****************************************************************************
+ low level read operation (async recv)
+****************************************************************************/
+_PUBLIC_ NTSTATUS smb_raw_read_recv(struct smbcli_request *req, union smb_read *parms)
+{
+	if (!smbcli_request_receive(req) ||
+	    smbcli_request_is_error(req)) {
+		goto failed;
+	}
+
+	switch (parms->generic.level) {
+	case RAW_READ_READBRAW:
+		parms->readbraw.out.nread = req->in.size - NBT_HDR_SIZE;
+		if (parms->readbraw.out.nread >
+		    MAX(parms->readx.in.mincnt, parms->readx.in.maxcnt)) {
+			req->status = NT_STATUS_BUFFER_TOO_SMALL;
+			goto failed;
+		}
+		memcpy(parms->readbraw.out.data, req->in.buffer + NBT_HDR_SIZE, parms->readbraw.out.nread);
+		break;
+
+	case RAW_READ_LOCKREAD:
+		SMBCLI_CHECK_WCT(req, 5);
+		parms->lockread.out.nread = SVAL(req->in.vwv, VWV(0));
+		if (parms->lockread.out.nread > parms->lockread.in.count ||
+		    !smbcli_raw_pull_data(&req->in.bufinfo, req->in.data+3,
+				       parms->lockread.out.nread, parms->lockread.out.data)) {
+			req->status = NT_STATUS_BUFFER_TOO_SMALL;
+		}
+		break;
+
+	case RAW_READ_READ:
+		/* there are 4 reserved words in the reply */
+		SMBCLI_CHECK_WCT(req, 5);
+		parms->read.out.nread = SVAL(req->in.vwv, VWV(0));
+		if (parms->read.out.nread > parms->read.in.count ||
+		    !smbcli_raw_pull_data(&req->in.bufinfo, req->in.data+3,
+				       parms->read.out.nread, parms->read.out.data)) {
+			req->status = NT_STATUS_BUFFER_TOO_SMALL;
+		}
+		break;
+
+	case RAW_READ_READX:
+		/* there are 5 reserved words in the reply */
+		SMBCLI_CHECK_WCT(req, 12);
+		parms->readx.out.remaining       = SVAL(req->in.vwv, VWV(2));
+		parms->readx.out.compaction_mode = SVAL(req->in.vwv, VWV(3));
+		parms->readx.out.nread = SVAL(req->in.vwv, VWV(5));
+		parms->readx.out.flags2 = req->flags2;
+		parms->readx.out.data_offset = SVAL(req->in.vwv, VWV(6));
+
+		/* handle oversize replies for non-chained readx replies with
+		   CAP_LARGE_READX. The snia spec has must to answer for. */
+		if ((req->tree->session->transport->negotiate.capabilities & CAP_LARGE_READX)
+		    && CVAL(req->in.vwv, VWV(0)) == SMB_CHAIN_NONE &&
+		    req->in.size >= 0x10000) {
+			parms->readx.out.nread += (SVAL(req->in.vwv, VWV(7)) << 16);
+			if (req->in.hdr + SVAL(req->in.vwv, VWV(6)) +
+			    parms->readx.out.nread <=
+			    req->in.buffer + req->in.size) {
+				req->in.data_size += (SVAL(req->in.vwv, VWV(7)) << 16);
+
+				/* update the bufinfo with the new size */
+				smb_setup_bufinfo(req);
+			}
+		}
+
+		if (parms->readx.out.nread > MAX(parms->readx.in.mincnt, parms->readx.in.maxcnt) ||
+		    !smbcli_raw_pull_data(&req->in.bufinfo, req->in.hdr + SVAL(req->in.vwv, VWV(6)),
+				       parms->readx.out.nread,
+				       parms->readx.out.data)) {
+			req->status = NT_STATUS_BUFFER_TOO_SMALL;
+		}
+		break;
+
+	case RAW_READ_SMB2:
+		req->status = NT_STATUS_INTERNAL_ERROR;
+		break;
+	}
+
+failed:
+	return smbcli_request_destroy(req);
+}
+
+/****************************************************************************
+ low level read operation (sync interface)
+****************************************************************************/
+_PUBLIC_ NTSTATUS smb_raw_read(struct smbcli_tree *tree, union smb_read *parms)
+{
+	struct smbcli_request *req = smb_raw_read_send(tree, parms);
+	return smb_raw_read_recv(req, parms);
+}
+
+
+/****************************************************************************
+ raw write interface (async send)
+****************************************************************************/
+_PUBLIC_ struct smbcli_request *smb_raw_write_send(struct smbcli_tree *tree, union smb_write *parms)
+{
+	bool bigoffset = false;
+	struct smbcli_request *req = NULL;
+
+	switch (parms->generic.level) {
+	case RAW_WRITE_WRITEUNLOCK:
+		SETUP_REQUEST(SMBwriteunlock, 5, 3 + parms->writeunlock.in.count);
+		SSVAL(req->out.vwv, VWV(0), parms->writeunlock.in.file.fnum);
+		SSVAL(req->out.vwv, VWV(1), parms->writeunlock.in.count);
+		SIVAL(req->out.vwv, VWV(2), parms->writeunlock.in.offset);
+		SSVAL(req->out.vwv, VWV(4), parms->writeunlock.in.remaining);
+		SCVAL(req->out.data, 0, SMB_DATA_BLOCK);
+		SSVAL(req->out.data, 1, parms->writeunlock.in.count);
+		if (parms->writeunlock.in.count > 0) {
+			memcpy(req->out.data+3, parms->writeunlock.in.data,
+			       parms->writeunlock.in.count);
+		}
+		break;
+
+	case RAW_WRITE_WRITE:
+		SETUP_REQUEST(SMBwrite, 5,  3 + parms->write.in.count);
+		SSVAL(req->out.vwv, VWV(0), parms->write.in.file.fnum);
+		SSVAL(req->out.vwv, VWV(1), parms->write.in.count);
+		SIVAL(req->out.vwv, VWV(2), parms->write.in.offset);
+		SSVAL(req->out.vwv, VWV(4), parms->write.in.remaining);
+		SCVAL(req->out.data, 0, SMB_DATA_BLOCK);
+		SSVAL(req->out.data, 1, parms->write.in.count);
+		if (parms->write.in.count > 0) {
+			memcpy(req->out.data+3, parms->write.in.data, parms->write.in.count);
+		}
+		break;
+
+	case RAW_WRITE_WRITECLOSE:
+		SETUP_REQUEST(SMBwriteclose, 6, 1 + parms->writeclose.in.count);
+		SSVAL(req->out.vwv, VWV(0), parms->writeclose.in.file.fnum);
+		SSVAL(req->out.vwv, VWV(1), parms->writeclose.in.count);
+		SIVAL(req->out.vwv, VWV(2), parms->writeclose.in.offset);
+		raw_push_dos_date3(tree->session->transport,
+				  req->out.vwv, VWV(4), parms->writeclose.in.mtime);
+		SCVAL(req->out.data, 0, 0);
+		if (parms->writeclose.in.count > 0) {
+			memcpy(req->out.data+1, parms->writeclose.in.data,
+			       parms->writeclose.in.count);
+		}
+		break;
+
+	case RAW_WRITE_WRITEX:
+		if (tree->session->transport->negotiate.capabilities & CAP_LARGE_FILES) {
+			bigoffset = true;
+		}
+		SETUP_REQUEST(SMBwriteX, bigoffset ? 14 : 12, parms->writex.in.count);
+		SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
+		SSVAL(req->out.vwv, VWV(1), 0);
+		SSVAL(req->out.vwv, VWV(2), parms->writex.in.file.fnum);
+		SIVAL(req->out.vwv, VWV(3), parms->writex.in.offset);
+		SIVAL(req->out.vwv, VWV(5), 0); /* reserved */
+		SSVAL(req->out.vwv, VWV(7), parms->writex.in.wmode);
+		SSVAL(req->out.vwv, VWV(8), parms->writex.in.remaining);
+		SSVAL(req->out.vwv, VWV(9), parms->writex.in.count>>16);
+		SSVAL(req->out.vwv, VWV(10), parms->writex.in.count);
+		SSVAL(req->out.vwv, VWV(11), PTR_DIFF(req->out.data, req->out.hdr));
+		if (bigoffset) {
+	      		SIVAL(req->out.vwv,VWV(12),parms->writex.in.offset>>32);
+		}
+	      	if (parms->writex.in.count > 0) {
+			memcpy(req->out.data, parms->writex.in.data, parms->writex.in.count);
+		}
+		break;
+
+	case RAW_WRITE_SPLWRITE:
+		SETUP_REQUEST(SMBsplwr, 1, parms->splwrite.in.count);
+		SSVAL(req->out.vwv, VWV(0), parms->splwrite.in.file.fnum);
+		if (parms->splwrite.in.count > 0) {
+			memcpy(req->out.data, parms->splwrite.in.data, parms->splwrite.in.count);
+		}
+		break;
+
+	case RAW_WRITE_SMB2:
+		return NULL;
+	}
+
+	if (!smbcli_request_send(req)) {
+		smbcli_request_destroy(req);
+		return NULL;
+	}
+
+	return req;
+}
+
+
+/****************************************************************************
+ raw write interface (async recv)
+****************************************************************************/
+_PUBLIC_ NTSTATUS smb_raw_write_recv(struct smbcli_request *req, union smb_write *parms)
+{
+	if (!smbcli_request_receive(req) ||
+	    !NT_STATUS_IS_OK(req->status)) {
+		goto failed;
+	}
+
+	switch (parms->generic.level) {
+	case RAW_WRITE_WRITEUNLOCK:
+		SMBCLI_CHECK_WCT(req, 1);
+		parms->writeunlock.out.nwritten = SVAL(req->in.vwv, VWV(0));
+		break;
+	case RAW_WRITE_WRITE:
+		SMBCLI_CHECK_WCT(req, 1);
+		parms->write.out.nwritten = SVAL(req->in.vwv, VWV(0));
+		break;
+	case RAW_WRITE_WRITECLOSE:
+		SMBCLI_CHECK_WCT(req, 1);
+		parms->writeclose.out.nwritten = SVAL(req->in.vwv, VWV(0));
+		break;
+	case RAW_WRITE_WRITEX:
+		SMBCLI_CHECK_WCT(req, 6);
+		parms->writex.out.nwritten  = SVAL(req->in.vwv, VWV(2));
+		parms->writex.out.nwritten += (CVAL(req->in.vwv, VWV(4)) << 16);
+		parms->writex.out.remaining = SVAL(req->in.vwv, VWV(3));
+		break;
+	case RAW_WRITE_SPLWRITE:
+		break;
+	case RAW_WRITE_SMB2:
+		req->status = NT_STATUS_INTERNAL_ERROR;
+		break;
+	}
+
+failed:
+	return smbcli_request_destroy(req);
+}
+
+/****************************************************************************
+ raw write interface (sync interface)
+****************************************************************************/
+_PUBLIC_ NTSTATUS smb_raw_write(struct smbcli_tree *tree, union smb_write *parms)
+{
+	struct smbcli_request *req = smb_raw_write_send(tree, parms);
+	return smb_raw_write_recv(req, parms);
+}
diff --git a/source4/libcli/raw/rawrequest.c b/source4/libcli/raw/rawrequest.c
new file mode 100644
index 0000000..1c72bc2
--- /dev/null
+++ b/source4/libcli/raw/rawrequest.c
@@ -0,0 +1,1055 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Andrew Tridgell  2003
+   Copyright (C) James Myers 2003 <myersjj@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+  this file implements functions for manipulating the 'struct smbcli_request' structure in libsmb
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "lib/events/events.h"
+#include "librpc/ndr/libndr.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "../libcli/smb/smbXcli_base.h"
+
+/* we over allocate the data buffer to prevent too many realloc calls */
+#define REQ_OVER_ALLOCATION 0
+
+/* assume that a character will not consume more than 3 bytes per char */
+#define MAX_BYTES_PER_CHAR 3
+
+/* setup the bufinfo used for strings and range checking */
+void smb_setup_bufinfo(struct smbcli_request *req)
+{
+	req->in.bufinfo.mem_ctx    = req;
+	req->in.bufinfo.flags      = 0;
+	if (req->flags2 & FLAGS2_UNICODE_STRINGS) {
+		req->in.bufinfo.flags = BUFINFO_FLAG_UNICODE;
+	}
+	req->in.bufinfo.align_base = req->in.buffer;
+	req->in.bufinfo.data       = req->in.data;
+	req->in.bufinfo.data_size  = req->in.data_size;
+}
+
+
+/* destroy a request structure and return final status */
+_PUBLIC_ NTSTATUS smbcli_request_destroy(struct smbcli_request *req)
+{
+	NTSTATUS status;
+
+	/* this is the error code we give the application for when a
+	   _send() call fails completely */
+	if (!req) return NT_STATUS_UNSUCCESSFUL;
+
+	if (req->state == SMBCLI_REQUEST_ERROR &&
+	    NT_STATUS_IS_OK(req->status)) {
+		req->status = NT_STATUS_INTERNAL_ERROR;
+	}
+
+	status = req->status;
+
+	if (!req->do_not_free) {
+		talloc_free(req);
+	}
+
+	return status;
+}
+
+
+/*
+  setup a SMB packet at transport level
+*/
+struct smbcli_request *smbcli_request_setup_transport(struct smbcli_transport *transport,
+						      uint8_t command, unsigned int wct, unsigned int buflen)
+{
+	struct smbcli_request *req;
+	size_t size;
+
+	size = NBT_HDR_SIZE + MIN_SMB_SIZE + wct*2 + buflen;
+
+	req = talloc_zero(transport, struct smbcli_request);
+	if (!req) {
+		return NULL;
+	}
+
+	/* setup the request context */
+	req->state = SMBCLI_REQUEST_INIT;
+	req->transport = transport;
+	req->out.size = size;
+
+	/* over allocate by a small amount */
+	req->out.allocated = req->out.size + REQ_OVER_ALLOCATION;
+
+	req->out.buffer = talloc_zero_array(req, uint8_t, req->out.allocated);
+	if (!req->out.buffer) {
+		return NULL;
+	}
+
+	req->out.hdr = req->out.buffer + NBT_HDR_SIZE;
+	req->out.vwv = req->out.hdr + HDR_VWV;
+	req->out.wct = wct;
+	req->out.data = req->out.vwv + VWV(wct) + 2;
+	req->out.data_size = buflen;
+	req->out.ptr = req->out.data;
+
+	SCVAL(req->out.hdr, HDR_WCT, wct);
+	SSVAL(req->out.vwv, VWV(wct), buflen);
+
+	memcpy(req->out.hdr, "\377SMB", 4);
+	SCVAL(req->out.hdr,HDR_COM,command);
+
+	SCVAL(req->out.hdr,HDR_FLG, FLAG_CASELESS_PATHNAMES);
+	SSVAL(req->out.hdr,HDR_FLG2, 0);
+
+	/* copy the pid, uid and mid to the request */
+	SSVAL(req->out.hdr, HDR_PID, 0);
+	SSVAL(req->out.hdr, HDR_UID, 0);
+	SSVAL(req->out.hdr, HDR_MID, 0);
+	SSVAL(req->out.hdr, HDR_TID,0);
+	SSVAL(req->out.hdr, HDR_PIDHIGH,0);
+	SIVAL(req->out.hdr, HDR_RCLS, 0);
+	memset(req->out.hdr+HDR_SS_FIELD, 0, 10);
+
+	return req;
+}
+
+/*
+  setup a reply in req->out with the given word count and initial data
+  buffer size.  the caller will then fill in the command words and
+  data before calling smbcli_request_send() to send the reply on its
+  way. This interface is used before a session is setup.
+*/
+struct smbcli_request *smbcli_request_setup_session(struct smbcli_session *session,
+						    uint8_t command, unsigned int wct, size_t buflen)
+{
+	struct smbcli_request *req;
+
+	req = smbcli_request_setup_transport(session->transport, command, wct, buflen);
+
+	if (!req) return NULL;
+
+	smb1cli_session_set_id(session->smbXcli, session->vuid);
+
+	req->session = session;
+
+	SSVAL(req->out.hdr, HDR_FLG2, session->flags2);
+	SSVAL(req->out.hdr, HDR_PID, session->pid & 0xFFFF);
+	SSVAL(req->out.hdr, HDR_PIDHIGH, session->pid >> 16);
+	SSVAL(req->out.hdr, HDR_UID, session->vuid);
+
+	return req;
+}
+
+/*
+  setup a request for tree based commands
+*/
+struct smbcli_request *smbcli_request_setup(struct smbcli_tree *tree,
+					    uint8_t command,
+					    unsigned int wct, unsigned int buflen)
+{
+	struct smbcli_request *req;
+
+	req = smbcli_request_setup_session(tree->session, command, wct, buflen);
+	if (req) {
+		smb1cli_tcon_set_id(tree->smbXcli, tree->tid);
+
+		req->tree = tree;
+		SSVAL(req->out.hdr,HDR_TID,tree->tid);
+	}
+	return req;
+}
+
+
+/*
+  grow the allocation of the data buffer portion of a reply
+  packet. Note that as this can reallocate the packet buffer this
+  invalidates any local pointers into the packet.
+
+  To cope with this req->out.ptr is supplied. This will be updated to
+  point at the same offset into the packet as before this call
+*/
+static void smbcli_req_grow_allocation(struct smbcli_request *req, unsigned int new_size)
+{
+	int delta;
+	uint8_t *buf2;
+
+	delta = new_size - req->out.data_size;
+	if (delta + req->out.size <= req->out.allocated) {
+		/* it fits in the preallocation */
+		return;
+	}
+
+	/* we need to realloc */
+	req->out.allocated = req->out.size + delta + REQ_OVER_ALLOCATION;
+	buf2 = talloc_realloc(req, req->out.buffer, uint8_t, req->out.allocated);
+	if (buf2 == NULL) {
+		smb_panic("out of memory in req_grow_allocation");
+	}
+
+	if (buf2 == req->out.buffer) {
+		/* the malloc library gave us the same pointer */
+		return;
+	}
+
+	/* update the pointers into the packet */
+	req->out.data = buf2 + PTR_DIFF(req->out.data, req->out.buffer);
+	req->out.ptr  = buf2 + PTR_DIFF(req->out.ptr,  req->out.buffer);
+	req->out.vwv  = buf2 + PTR_DIFF(req->out.vwv,  req->out.buffer);
+	req->out.hdr  = buf2 + PTR_DIFF(req->out.hdr,  req->out.buffer);
+
+	req->out.buffer = buf2;
+}
+
+
+/*
+  grow the data buffer portion of a reply packet. Note that as this
+  can reallocate the packet buffer this invalidates any local pointers
+  into the packet.
+
+  To cope with this req->out.ptr is supplied. This will be updated to
+  point at the same offset into the packet as before this call
+*/
+static void smbcli_req_grow_data(struct smbcli_request *req, unsigned int new_size)
+{
+	int delta;
+
+	smbcli_req_grow_allocation(req, new_size);
+
+	delta = new_size - req->out.data_size;
+
+	req->out.size += delta;
+	req->out.data_size += delta;
+
+	/* set the BCC to the new data size */
+	SSVAL(req->out.vwv, VWV(req->out.wct), new_size);
+}
+
+
+/*
+  setup a chained reply in req->out with the given word count and
+  initial data buffer size.
+*/
+NTSTATUS smbcli_chained_request_setup(struct smbcli_request *req,
+				      uint8_t command,
+				      unsigned int wct, size_t buflen)
+{
+	size_t wct_ofs;
+	size_t size;
+
+	/*
+	 * here we only support one chained command
+	 * If someone needs longer chains, the low
+	 * level code should be used directly.
+	 */
+	if (req->subreqs[0] != NULL) {
+		return NT_STATUS_INVALID_PARAMETER_MIX;
+	}
+	if (req->subreqs[1] != NULL) {
+		return NT_STATUS_INVALID_PARAMETER_MIX;
+	}
+
+	req->subreqs[0] = smbcli_transport_setup_subreq(req);
+	if (req->subreqs[0] == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	wct_ofs = smb1cli_req_wct_ofs(req->subreqs, 1);
+
+	size = NBT_HDR_SIZE + wct_ofs + 1 + VWV(wct) + 2 + buflen;
+
+	req->out.size = size;
+
+	/* over allocate by a small amount */
+	req->out.allocated = req->out.size + REQ_OVER_ALLOCATION;
+
+	req->out.buffer = talloc_zero_array(req, uint8_t, req->out.allocated);
+	if (!req->out.buffer) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	req->out.hdr = req->out.buffer + NBT_HDR_SIZE;
+	req->out.vwv = req->out.hdr + wct_ofs;
+	req->out.wct = wct;
+	req->out.data = req->out.vwv + VWV(wct) + 2;
+	req->out.data_size = buflen;
+	req->out.ptr = req->out.data;
+
+	SCVAL(req->out.hdr, HDR_WCT, wct);
+	SSVAL(req->out.vwv, VWV(wct), buflen);
+
+	memcpy(req->out.hdr, "\377SMB", 4);
+	SCVAL(req->out.hdr,HDR_COM,command);
+
+	SCVAL(req->out.hdr,HDR_FLG, FLAG_CASELESS_PATHNAMES);
+	SSVAL(req->out.hdr,HDR_FLG2, 0);
+
+	/* copy the pid, uid and mid to the request */
+	SSVAL(req->out.hdr, HDR_PID, 0);
+	SSVAL(req->out.hdr, HDR_UID, 0);
+	SSVAL(req->out.hdr, HDR_MID, 0);
+	SSVAL(req->out.hdr, HDR_TID,0);
+	SSVAL(req->out.hdr, HDR_PIDHIGH,0);
+	SIVAL(req->out.hdr, HDR_RCLS, 0);
+	memset(req->out.hdr+HDR_SS_FIELD, 0, 10);
+
+	if (req->session != NULL) {
+		SSVAL(req->out.hdr, HDR_FLG2, req->session->flags2);
+		SSVAL(req->out.hdr, HDR_PID, req->session->pid & 0xFFFF);
+		SSVAL(req->out.hdr, HDR_PIDHIGH, req->session->pid >> 16);
+		SSVAL(req->out.hdr, HDR_UID, req->session->vuid);
+	}
+
+	if (req->tree != NULL) {
+		SSVAL(req->out.hdr, HDR_TID, req->tree->tid);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  advance to the next chained reply in a request
+*/
+NTSTATUS smbcli_chained_advance(struct smbcli_request *req)
+{
+	struct smbcli_transport *transport = req->transport;
+	uint8_t *hdr = NULL;
+	uint8_t wct = 0;
+	uint16_t *vwv = NULL;
+	uint32_t num_bytes = 0;
+	uint8_t *bytes = NULL;
+	struct iovec *recv_iov = NULL;
+	uint8_t *inbuf = NULL;
+
+	if (req->subreqs[0] != NULL) {
+		return NT_STATUS_INVALID_PARAMETER_MIX;
+	}
+	if (req->subreqs[1] == NULL) {
+		return NT_STATUS_INVALID_PARAMETER_MIX;
+	}
+
+	req->status = smb1cli_req_recv(req->subreqs[1], req,
+				       &recv_iov,
+				       &hdr,
+				       &wct,
+				       &vwv,
+				       NULL, /* pvwv_offset */
+				       &num_bytes,
+				       &bytes,
+				       NULL, /* pbytes_offset */
+				       &inbuf,
+				       NULL, 0); /* expected */
+	TALLOC_FREE(req->subreqs[1]);
+	if (!NT_STATUS_IS_OK(req->status)) {
+		if (recv_iov == NULL) {
+			req->state = SMBCLI_REQUEST_ERROR;
+			return req->status;
+		}
+	}
+
+	/* fill in the 'in' portion of the matching request */
+	req->in.buffer = inbuf;
+	req->in.size = NBT_HDR_SIZE + PTR_DIFF(bytes, hdr) + num_bytes;
+	req->in.allocated = req->in.size;
+
+	req->in.hdr = hdr;
+	req->in.vwv = (uint8_t *)vwv;
+	req->in.wct = wct;
+	req->in.data = bytes;
+	req->in.data_size = num_bytes;
+	req->in.ptr = req->in.data;
+	req->flags2 = SVAL(req->in.hdr, HDR_FLG2);
+
+	smb_setup_bufinfo(req);
+
+	transport->error.e.nt_status = req->status;
+	if (NT_STATUS_IS_OK(req->status)) {
+		transport->error.etype = ETYPE_NONE;
+	} else {
+		transport->error.etype = ETYPE_SMB;
+	}
+
+	req->state = SMBCLI_REQUEST_DONE;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  send a message
+*/
+bool smbcli_request_send(struct smbcli_request *req)
+{
+	smbcli_transport_send(req);
+	return true;
+}
+
+
+/*
+  receive a response to a packet
+*/
+bool smbcli_request_receive(struct smbcli_request *req)
+{
+	/* req can be NULL when a send has failed. This eliminates lots of NULL
+	   checks in each module */
+	if (!req) return false;
+
+	/* keep receiving packets until this one is replied to */
+	while (req->state <= SMBCLI_REQUEST_RECV) {
+		if (tevent_loop_once(req->transport->ev) != 0) {
+			return false;
+		}
+	}
+
+	return req->state == SMBCLI_REQUEST_DONE;
+}
+
+/*
+  wait for a reply to be received for a packet that just returns an error
+  code and nothing more
+*/
+_PUBLIC_ NTSTATUS smbcli_request_simple_recv(struct smbcli_request *req)
+{
+	(void) smbcli_request_receive(req);
+	return smbcli_request_destroy(req);
+}
+
+
+/* Return true if the last packet was in error */
+bool smbcli_request_is_error(struct smbcli_request *req)
+{
+	return NT_STATUS_IS_ERR(req->status);
+}
+
+/*
+  append a string into the data portion of the request packet
+
+  return the number of bytes added to the packet
+*/
+size_t smbcli_req_append_string(struct smbcli_request *req, const char *str, unsigned int flags)
+{
+	size_t len;
+
+	/* determine string type to use */
+	if (!(flags & (STR_ASCII|STR_UNICODE))) {
+		flags |= (req->transport->negotiate.capabilities & CAP_UNICODE) ? STR_UNICODE : STR_ASCII;
+	}
+
+	len = (strlen(str)+2) * MAX_BYTES_PER_CHAR;
+
+	smbcli_req_grow_allocation(req, len + req->out.data_size);
+
+	len = push_string(req->out.data + req->out.data_size, str, len, flags);
+
+	smbcli_req_grow_data(req, len + req->out.data_size);
+
+	return len;
+}
+
+
+/*
+  this is like smbcli_req_append_string but it also return the
+  non-terminated string byte length, which can be less than the number
+  of bytes consumed in the packet for 2 reasons:
+
+   1) the string in the packet may be null terminated
+   2) the string in the packet may need a 1 byte UCS2 alignment
+
+ this is used in places where the non-terminated string byte length is
+ placed in the packet as a separate field
+*/
+size_t smbcli_req_append_string_len(struct smbcli_request *req, const char *str, unsigned int flags, int *len)
+{
+	int diff = 0;
+	size_t ret;
+
+	/* determine string type to use */
+	if (!(flags & (STR_ASCII|STR_UNICODE))) {
+		flags |= (req->transport->negotiate.capabilities & CAP_UNICODE) ? STR_UNICODE : STR_ASCII;
+	}
+
+	/* see if an alignment byte will be used */
+	if ((flags & STR_UNICODE) && !(flags & STR_NOALIGN)) {
+		diff = ucs2_align(NULL, req->out.data + req->out.data_size, flags);
+	}
+
+	/* do the hard work */
+	ret = smbcli_req_append_string(req, str, flags);
+
+	/* see if we need to subtract the termination */
+	if (flags & STR_TERMINATE) {
+		diff += (flags & STR_UNICODE) ? 2 : 1;
+	}
+
+	if (ret >= diff) {
+		(*len) = ret - diff;
+	} else {
+		(*len) = ret;
+	}
+
+	return ret;
+}
+
+
+/*
+  push a string into the data portion of the request packet, growing it if necessary
+  this gets quite tricky - please be very careful to cover all cases when modifying this
+
+  if dest is NULL, then put the string at the end of the data portion of the packet
+
+  if dest_len is -1 then no limit applies
+*/
+size_t smbcli_req_append_ascii4(struct smbcli_request *req, const char *str, unsigned int flags)
+{
+	size_t size;
+	smbcli_req_append_bytes(req, (const uint8_t *)"\4", 1);
+	size = smbcli_req_append_string(req, str, flags);
+	return size + 1;
+}
+
+
+/*
+  push a blob into the data portion of the request packet, growing it if necessary
+  this gets quite tricky - please be very careful to cover all cases when modifying this
+
+  if dest is NULL, then put the blob at the end of the data portion of the packet
+*/
+size_t smbcli_req_append_blob(struct smbcli_request *req, const DATA_BLOB *blob)
+{
+	if (blob->length > 0) {
+		smbcli_req_grow_allocation(req,
+					   req->out.data_size + blob->length);
+		memcpy(req->out.data + req->out.data_size,
+		       blob->data,
+		       blob->length);
+		smbcli_req_grow_data(req, req->out.data_size + blob->length);
+	}
+	return blob->length;
+}
+
+/*
+  append raw bytes into the data portion of the request packet
+  return the number of bytes added
+*/
+size_t smbcli_req_append_bytes(struct smbcli_request *req, const uint8_t *bytes, size_t byte_len)
+{
+	if (byte_len > 0) {
+		smbcli_req_grow_allocation(req, byte_len + req->out.data_size);
+		memcpy(req->out.data + req->out.data_size, bytes, byte_len);
+		smbcli_req_grow_data(req, byte_len + req->out.data_size);
+	}
+	return byte_len;
+}
+
+/*
+  append variable block (type 5 buffer) into the data portion of the request packet
+  return the number of bytes added
+*/
+size_t smbcli_req_append_var_block(struct smbcli_request *req, const uint8_t *bytes, uint16_t byte_len)
+{
+	smbcli_req_grow_allocation(req, byte_len + 3 + req->out.data_size);
+	SCVAL(req->out.data + req->out.data_size, 0, 5);
+	SSVAL(req->out.data + req->out.data_size, 1, byte_len);		/* add field length */
+	if (byte_len > 0) {
+		memcpy(req->out.data + req->out.data_size + 3, bytes, byte_len);
+	}
+	smbcli_req_grow_data(req, byte_len + 3 + req->out.data_size);
+	return byte_len + 3;
+}
+
+
+/*
+  pull a UCS2 string from a request packet, returning a talloced unix string
+
+  the string length is limited by the 3 things:
+   - the data size in the request (end of packet)
+   - the passed 'byte_len' if it is not -1
+   - the end of string (null termination)
+
+  Note that 'byte_len' is the number of bytes in the packet
+
+  on failure zero is returned and *dest is set to NULL, otherwise the number
+  of bytes consumed in the packet is returned
+*/
+static size_t smbcli_req_pull_ucs2(struct request_bufinfo *bufinfo, TALLOC_CTX *mem_ctx,
+				char **dest, const uint8_t *src, int byte_len, unsigned int flags)
+{
+	int src_len, src_len2, alignment=0;
+	bool ret;
+	size_t ret_size;
+
+	if (!(flags & STR_NOALIGN) && ucs2_align(bufinfo->align_base, src, flags)) {
+		src++;
+		alignment=1;
+		if (byte_len != -1) {
+			byte_len--;
+		}
+	}
+
+	src_len = bufinfo->data_size - PTR_DIFF(src, bufinfo->data);
+	if (src_len < 0) {
+		*dest = NULL;
+		return 0;
+	}
+	if (byte_len != -1 && src_len > byte_len) {
+		src_len = byte_len;
+	}
+
+	src_len2 = utf16_null_terminated_len_n(src, src_len);
+
+	/* ucs2 strings must be at least 2 bytes long */
+	if (src_len2 < 2) {
+		*dest = NULL;
+		return 0;
+	}
+
+	ret = convert_string_talloc(mem_ctx, CH_UTF16, CH_UNIX, src, src_len2, (void **)dest, &ret_size);
+	if (!ret) {
+		*dest = NULL;
+		return 0;
+	}
+
+	return src_len2 + alignment;
+}
+
+/*
+  pull a ascii string from a request packet, returning a talloced string
+
+  the string length is limited by the 3 things:
+   - the data size in the request (end of packet)
+   - the passed 'byte_len' if it is not -1
+   - the end of string (null termination)
+
+  Note that 'byte_len' is the number of bytes in the packet
+
+  on failure zero is returned and *dest is set to NULL, otherwise the number
+  of bytes consumed in the packet is returned
+*/
+size_t smbcli_req_pull_ascii(struct request_bufinfo *bufinfo, TALLOC_CTX *mem_ctx,
+			     char **dest, const uint8_t *src, int byte_len, unsigned int flags)
+{
+	int src_len, src_len2;
+	bool ret;
+	size_t ret_size;
+
+	src_len = bufinfo->data_size - PTR_DIFF(src, bufinfo->data);
+	if (src_len < 0) {
+		*dest = NULL;
+		return 0;
+	}
+	if (byte_len != -1 && src_len > byte_len) {
+		src_len = byte_len;
+	}
+	src_len2 = strnlen((const char *)src, src_len);
+	if (src_len2 < src_len - 1) {
+		/* include the termination if we didn't reach the end of the packet */
+		src_len2++;
+	}
+
+	ret = convert_string_talloc(mem_ctx, CH_DOS, CH_UNIX, src, src_len2, (void **)dest, &ret_size);
+
+	if (!ret) {
+		*dest = NULL;
+		return 0;
+	}
+
+	return ret_size;
+}
+
+/**
+  pull a string from a request packet, returning a talloced string
+
+  the string length is limited by the 3 things:
+   - the data size in the request (end of packet)
+   - the passed 'byte_len' if it is not -1
+   - the end of string (null termination)
+
+  Note that 'byte_len' is the number of bytes in the packet
+
+  on failure zero is returned and *dest is set to NULL, otherwise the number
+  of bytes consumed in the packet is returned
+*/
+size_t smbcli_req_pull_string(struct request_bufinfo *bufinfo, TALLOC_CTX *mem_ctx,
+			   char **dest, const uint8_t *src, int byte_len, unsigned int flags)
+{
+	if (!(flags & STR_ASCII) &&
+	    (((flags & STR_UNICODE) || (bufinfo->flags & BUFINFO_FLAG_UNICODE)))) {
+		return smbcli_req_pull_ucs2(bufinfo, mem_ctx, dest, src, byte_len, flags);
+	}
+
+	return smbcli_req_pull_ascii(bufinfo, mem_ctx, dest, src, byte_len, flags);
+}
+
+
+/**
+  pull a DATA_BLOB from a reply packet, returning a talloced blob
+  make sure we don't go past end of packet
+
+  if byte_len is -1 then limit the blob only by packet size
+*/
+DATA_BLOB smbcli_req_pull_blob(struct request_bufinfo *bufinfo, TALLOC_CTX *mem_ctx, const uint8_t *src, int byte_len)
+{
+	int src_len;
+
+	src_len = bufinfo->data_size - PTR_DIFF(src, bufinfo->data);
+
+	if (src_len < 0) {
+		return data_blob(NULL, 0);
+	}
+
+	if (byte_len != -1 && src_len > byte_len) {
+		src_len = byte_len;
+	}
+
+	return data_blob_talloc(mem_ctx, src, src_len);
+}
+
+/* check that a lump of data in a request is within the bounds of the data section of
+   the packet */
+static bool smbcli_req_data_oob(struct request_bufinfo *bufinfo, const uint8_t *ptr, uint32_t count)
+{
+	/* be careful with wraparound! */
+	if ((uintptr_t)ptr < (uintptr_t)bufinfo->data ||
+	    (uintptr_t)ptr >= (uintptr_t)bufinfo->data + bufinfo->data_size ||
+	    count > bufinfo->data_size ||
+	    (uintptr_t)ptr + count > (uintptr_t)bufinfo->data + bufinfo->data_size) {
+		return true;
+	}
+	return false;
+}
+
+/*
+  pull a lump of data from a request packet
+
+  return false if any part is outside the data portion of the packet
+*/
+bool smbcli_raw_pull_data(struct request_bufinfo *bufinfo, const uint8_t *src, int len, uint8_t *dest)
+{
+	if (len == 0) return true;
+
+	if (smbcli_req_data_oob(bufinfo, src, len)) {
+		return false;
+	}
+
+	memcpy(dest, src, len);
+	return true;
+}
+
+
+/*
+  put a NTTIME into a packet
+*/
+void smbcli_push_nttime(void *base, uint16_t offset, NTTIME t)
+{
+	SBVAL(base, offset, t);
+}
+
+/*
+  pull a NTTIME from a packet
+*/
+NTTIME smbcli_pull_nttime(void *base, uint16_t offset)
+{
+	NTTIME ret = BVAL(base, offset);
+	return ret;
+}
+
+/**
+  pull a UCS2 string from a blob, returning a talloced unix string
+
+  the string length is limited by the 3 things:
+   - the data size in the blob
+   - the passed 'byte_len' if it is not -1
+   - the end of string (null termination)
+
+  Note that 'byte_len' is the number of bytes in the packet
+
+  on failure zero is returned and *dest is set to NULL, otherwise the number
+  of bytes consumed in the blob is returned
+*/
+size_t smbcli_blob_pull_ucs2(TALLOC_CTX* mem_ctx,
+			     const DATA_BLOB *blob, const char **dest,
+			     const uint8_t *src, int byte_len, unsigned int flags)
+{
+	int src_len, src_len2, alignment=0;
+	size_t ret_size;
+	bool ret;
+	char *dest2;
+
+	if (src < blob->data ||
+	    src >= (blob->data + blob->length)) {
+		*dest = NULL;
+		return 0;
+	}
+
+	src_len = blob->length - PTR_DIFF(src, blob->data);
+
+	if (byte_len != -1 && src_len > byte_len) {
+		src_len = byte_len;
+	}
+
+	if (!(flags & STR_NOALIGN) && ucs2_align(blob->data, src, flags)) {
+		src++;
+		alignment=1;
+		src_len--;
+	}
+
+	if (src_len < 2) {
+		*dest = NULL;
+		return 0;
+	}
+
+	src_len2 = utf16_null_terminated_len_n(src, src_len);
+
+	ret = convert_string_talloc(mem_ctx, CH_UTF16, CH_UNIX, src, src_len2, (void **)&dest2, &ret_size);
+	if (!ret) {
+		*dest = NULL;
+		return 0;
+	}
+	*dest = dest2;
+
+	return src_len2 + alignment;
+}
+
+/**
+  pull a ascii string from a blob, returning a talloced string
+
+  the string length is limited by the 3 things:
+   - the data size in the blob
+   - the passed 'byte_len' if it is not -1
+   - the end of string (null termination)
+
+  Note that 'byte_len' is the number of bytes in the blob
+
+  on failure zero is returned and *dest is set to NULL, otherwise the number
+  of bytes consumed in the blob is returned
+*/
+static size_t smbcli_blob_pull_ascii(TALLOC_CTX *mem_ctx,
+				     const DATA_BLOB *blob, const char **dest,
+				     const uint8_t *src, int byte_len, unsigned int flags)
+{
+	int src_len, src_len2;
+	size_t ret_size;
+	bool ret;
+	char *dest2;
+
+	src_len = blob->length - PTR_DIFF(src, blob->data);
+	if (src_len < 0) {
+		*dest = NULL;
+		return 0;
+	}
+	if (byte_len != -1 && src_len > byte_len) {
+		src_len = byte_len;
+	}
+	src_len2 = strnlen((const char *)src, src_len);
+
+	if (src_len2 < src_len - 1) {
+		/* include the termination if we didn't reach the end of the packet */
+		src_len2++;
+	}
+
+	ret = convert_string_talloc(mem_ctx, CH_DOS, CH_UNIX, src, src_len2, (void **)&dest2, &ret_size);
+
+	if (!ret) {
+		*dest = NULL;
+		return 0;
+	}
+	*dest = dest2;
+
+	return ret_size;
+}
+
+/**
+  pull a string from a blob, returning a talloced struct smb_wire_string
+
+  the string length is limited by the 3 things:
+   - the data size in the blob
+   - length field on the wire
+   - the end of string (null termination)
+
+   if STR_LEN8BIT is set in the flags then assume the length field is
+   8 bits, instead of 32
+
+  on failure zero is returned and dest->s is set to NULL, otherwise the number
+  of bytes consumed in the blob is returned
+*/
+size_t smbcli_blob_pull_string(struct smbcli_session *session,
+			       TALLOC_CTX *mem_ctx,
+			       const DATA_BLOB *blob,
+			       struct smb_wire_string *dest,
+			       uint16_t len_offset, uint16_t str_offset,
+			       unsigned int flags)
+{
+	int extra;
+	dest->s = NULL;
+
+	if (!(flags & STR_ASCII)) {
+		/* this is here to cope with SMB2 calls using the SMB
+		   parsers. SMB2 will pass smbcli_session==NULL, which forces
+		   unicode on (as used by SMB2) */
+		if (session == NULL) {
+			flags |= STR_UNICODE;
+		} else if (session->transport->negotiate.capabilities & CAP_UNICODE) {
+			flags |= STR_UNICODE;
+		}
+	}
+
+	if (flags & STR_LEN8BIT) {
+		if (len_offset > blob->length-1) {
+			return 0;
+		}
+		dest->private_length = CVAL(blob->data, len_offset);
+	} else {
+		if (len_offset > blob->length-4) {
+			return 0;
+		}
+		dest->private_length = IVAL(blob->data, len_offset);
+	}
+	extra = 0;
+	dest->s = NULL;
+	if (!(flags & STR_ASCII) && (flags & STR_UNICODE)) {
+		int align = 0;
+		if ((str_offset&1) && !(flags & STR_NOALIGN)) {
+			align = 1;
+		}
+		if (flags & STR_LEN_NOTERM) {
+			extra = 2;
+		}
+		return align + extra + smbcli_blob_pull_ucs2(mem_ctx, blob, &dest->s,
+							  blob->data+str_offset+align,
+							  dest->private_length, flags);
+	}
+
+	if (flags & STR_LEN_NOTERM) {
+		extra = 1;
+	}
+
+	return extra + smbcli_blob_pull_ascii(mem_ctx, blob, &dest->s,
+					   blob->data+str_offset, dest->private_length, flags);
+}
+
+/**
+  pull a string from a blob, returning a talloced char *
+
+  Currently only used by the UNIX search info level.
+
+  the string length is limited by 2 things:
+   - the data size in the blob
+   - the end of string (null termination)
+
+  on failure zero is returned and dest->s is set to NULL, otherwise the number
+  of bytes consumed in the blob is returned
+*/
+size_t smbcli_blob_pull_unix_string(struct smbcli_session *session,
+			    TALLOC_CTX *mem_ctx,
+			    DATA_BLOB *blob,
+			    const char **dest,
+			    uint16_t str_offset,
+			    unsigned int flags)
+{
+	int extra = 0;
+	*dest = NULL;
+
+	if (!(flags & STR_ASCII) &&
+	    ((flags & STR_UNICODE) ||
+	     (session->transport->negotiate.capabilities & CAP_UNICODE))) {
+		int align = 0;
+		if ((str_offset&1) && !(flags & STR_NOALIGN)) {
+			align = 1;
+		}
+		if (flags & STR_LEN_NOTERM) {
+			extra = 2;
+		}
+		return align + extra + smbcli_blob_pull_ucs2(mem_ctx, blob, dest,
+							  blob->data+str_offset+align,
+							  -1, flags);
+	}
+
+	if (flags & STR_LEN_NOTERM) {
+		extra = 1;
+	}
+
+	return extra + smbcli_blob_pull_ascii(mem_ctx, blob, dest,
+					   blob->data+str_offset, -1, flags);
+}
+
+
+/*
+  append a string into a blob
+*/
+size_t smbcli_blob_append_string(struct smbcli_session *session,
+			      TALLOC_CTX *mem_ctx, DATA_BLOB *blob,
+			      const char *str, unsigned int flags)
+{
+	size_t max_len;
+	int len;
+
+	if (!str) return 0;
+
+	/* determine string type to use */
+	if (!(flags & (STR_ASCII|STR_UNICODE))) {
+		flags |= (session->transport->negotiate.capabilities & CAP_UNICODE) ? STR_UNICODE : STR_ASCII;
+	}
+
+	max_len = (strlen(str)+2) * MAX_BYTES_PER_CHAR;
+
+	blob->data = talloc_realloc(mem_ctx, blob->data, uint8_t, blob->length + max_len);
+	if (!blob->data) {
+		return 0;
+	}
+
+	len = push_string(blob->data + blob->length, str, max_len, flags);
+
+	blob->length += len;
+
+	return len;
+}
+
+/*
+  pull a GUID structure from the wire. The buffer must be at least 16
+  bytes long
+ */
+NTSTATUS smbcli_pull_guid(void *base, uint16_t offset,
+			  struct GUID *guid)
+{
+	DATA_BLOB blob;
+
+	ZERO_STRUCTP(guid);
+
+	blob.data       = offset + (uint8_t *)base;
+	blob.length     = 16;
+
+	return GUID_from_ndr_blob(&blob, guid);
+}
+
+/*
+  push a guid onto the wire. The buffer must hold 16 bytes
+ */
+NTSTATUS smbcli_push_guid(void *base, uint16_t offset, const struct GUID *guid)
+{
+	NTSTATUS status;
+	struct GUID_ndr_buf buf = { .buf = {0}, };
+
+	status = GUID_to_ndr_buf(guid, &buf);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+	memcpy(offset + (uint8_t *)base, buf.buf, sizeof(buf.buf));
+	return NT_STATUS_OK;
+}
diff --git a/source4/libcli/raw/rawsearch.c b/source4/libcli/raw/rawsearch.c
new file mode 100644
index 0000000..21e8868
--- /dev/null
+++ b/source4/libcli/raw/rawsearch.c
@@ -0,0 +1,842 @@
+/*
+   Unix SMB/CIFS implementation.
+   client directory search routines
+   Copyright (C) James Myers 2003 <myersjj@samba.org>
+   Copyright (C) James Peach 2007
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+
+/****************************************************************************
+ Old style search backend - process output.
+****************************************************************************/
+static void smb_raw_search_backend(struct smbcli_request *req,
+				   TALLOC_CTX *mem_ctx,
+				   uint16_t count,
+				   void *private_data,
+				   smbcli_search_callback callback)
+
+{
+	union smb_search_data search_data;
+	int i;
+	uint8_t *p;
+
+	if (req->in.data_size < 3 + count*43) {
+		req->status = NT_STATUS_INVALID_PARAMETER;
+		return;
+	}
+
+	p = req->in.data + 3;
+
+	for (i=0; i < count; i++) {
+		char *name;
+
+		search_data.search.id.reserved      = CVAL(p, 0);
+		memcpy(search_data.search.id.name,    p+1, 11);
+		search_data.search.id.handle        = CVAL(p, 12);
+		search_data.search.id.server_cookie = IVAL(p, 13);
+		search_data.search.id.client_cookie = IVAL(p, 17);
+		search_data.search.attrib           = CVAL(p, 21);
+		search_data.search.write_time       = raw_pull_dos_date(req->transport,
+									p + 22);
+		search_data.search.size             = IVAL(p, 26);
+		smbcli_req_pull_ascii(&req->in.bufinfo, mem_ctx, &name, p+30, 13, STR_ASCII);
+		search_data.search.name = name;
+		if (!callback(private_data, &search_data)) {
+			break;
+		}
+		p += 43;
+	}
+}
+
+/****************************************************************************
+ Old style search first.
+****************************************************************************/
+static NTSTATUS smb_raw_search_first_old(struct smbcli_tree *tree,
+					 TALLOC_CTX *mem_ctx,
+					 union smb_search_first *io, void *private_data,
+					 smbcli_search_callback callback)
+
+{
+	struct smbcli_request *req;
+	uint8_t op = SMBsearch;
+
+	if (io->generic.level == RAW_SEARCH_FFIRST) {
+		op = SMBffirst;
+	} else if (io->generic.level == RAW_SEARCH_FUNIQUE) {
+		op = SMBfunique;
+	}
+
+	req = smbcli_request_setup(tree, op, 2, 0);
+	if (!req) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	SSVAL(req->out.vwv, VWV(0), io->search_first.in.max_count);
+	SSVAL(req->out.vwv, VWV(1), io->search_first.in.search_attrib);
+	smbcli_req_append_ascii4(req, io->search_first.in.pattern, STR_TERMINATE);
+	smbcli_req_append_var_block(req, NULL, 0);
+
+	if (!smbcli_request_send(req) ||
+	    !smbcli_request_receive(req)) {
+		return smbcli_request_destroy(req);
+	}
+
+	if (NT_STATUS_IS_OK(req->status)) {
+		io->search_first.out.count = SVAL(req->in.vwv, VWV(0));
+		smb_raw_search_backend(req, mem_ctx, io->search_first.out.count, private_data, callback);
+	}
+
+	return smbcli_request_destroy(req);
+}
+
+/****************************************************************************
+ Old style search next.
+****************************************************************************/
+static NTSTATUS smb_raw_search_next_old(struct smbcli_tree *tree,
+					TALLOC_CTX *mem_ctx,
+					union smb_search_next *io, void *private_data,
+					smbcli_search_callback callback)
+
+{
+	struct smbcli_request *req;
+	uint8_t var_block[21];
+	uint8_t op = SMBsearch;
+
+	if (io->generic.level == RAW_SEARCH_FFIRST) {
+		op = SMBffirst;
+	}
+
+	req = smbcli_request_setup(tree, op, 2, 0);
+	if (!req) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	SSVAL(req->out.vwv, VWV(0), io->search_next.in.max_count);
+	SSVAL(req->out.vwv, VWV(1), io->search_next.in.search_attrib);
+	smbcli_req_append_ascii4(req, "", STR_TERMINATE);
+
+	SCVAL(var_block,  0, io->search_next.in.id.reserved);
+	memcpy(&var_block[1], io->search_next.in.id.name, 11);
+	SCVAL(var_block, 12, io->search_next.in.id.handle);
+	SIVAL(var_block, 13, io->search_next.in.id.server_cookie);
+	SIVAL(var_block, 17, io->search_next.in.id.client_cookie);
+
+	smbcli_req_append_var_block(req, var_block, 21);
+
+	if (!smbcli_request_send(req) ||
+	    !smbcli_request_receive(req)) {
+		return smbcli_request_destroy(req);
+	}
+
+	if (NT_STATUS_IS_OK(req->status)) {
+		io->search_next.out.count = SVAL(req->in.vwv, VWV(0));
+		smb_raw_search_backend(req, mem_ctx, io->search_next.out.count, private_data, callback);
+	}
+
+	return smbcli_request_destroy(req);
+}
+
+
+/****************************************************************************
+ Old style search next.
+****************************************************************************/
+static NTSTATUS smb_raw_search_close_old(struct smbcli_tree *tree,
+					 union smb_search_close *io)
+{
+	struct smbcli_request *req;
+	uint8_t var_block[21];
+
+	req = smbcli_request_setup(tree, SMBfclose, 2, 0);
+	if (!req) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	SSVAL(req->out.vwv, VWV(0), io->fclose.in.max_count);
+	SSVAL(req->out.vwv, VWV(1), io->fclose.in.search_attrib);
+	smbcli_req_append_ascii4(req, "", STR_TERMINATE);
+
+	SCVAL(var_block,  0, io->fclose.in.id.reserved);
+	memcpy(&var_block[1], io->fclose.in.id.name, 11);
+	SCVAL(var_block, 12, io->fclose.in.id.handle);
+	SIVAL(var_block, 13, io->fclose.in.id.server_cookie);
+	SIVAL(var_block, 17, io->fclose.in.id.client_cookie);
+
+	smbcli_req_append_var_block(req, var_block, 21);
+
+	if (!smbcli_request_send(req) ||
+	    !smbcli_request_receive(req)) {
+		return smbcli_request_destroy(req);
+	}
+
+	return smbcli_request_destroy(req);
+}
+
+
+
+/****************************************************************************
+ Very raw search first - returns param/data blobs.
+****************************************************************************/
+static NTSTATUS smb_raw_search_first_blob(struct smbcli_tree *tree,
+					  TALLOC_CTX *mem_ctx,	/* used to allocate output blobs */
+					  union smb_search_first *io,
+					  DATA_BLOB *out_param_blob,
+					  DATA_BLOB *out_data_blob)
+{
+	struct smb_trans2 tp;
+	uint16_t setup = TRANSACT2_FINDFIRST;
+	NTSTATUS status;
+
+	tp.in.max_setup = 0;
+	tp.in.flags = 0;
+	tp.in.timeout = 0;
+	tp.in.setup_count = 1;
+	tp.in.data = data_blob(NULL, 0);
+	tp.in.max_param = 10;
+	tp.in.max_data = 0xFFFF;
+	tp.in.setup = &setup;
+
+	if (io->t2ffirst.level != RAW_SEARCH_TRANS2) {
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	if (io->t2ffirst.data_level >= RAW_SEARCH_DATA_GENERIC) {
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	if (io->t2ffirst.data_level == RAW_SEARCH_DATA_EA_LIST) {
+		if (!ea_push_name_list(mem_ctx,
+				       &tp.in.data,
+				       io->t2ffirst.in.num_names,
+				       io->t2ffirst.in.ea_names)) {
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
+	tp.in.params = data_blob_talloc(mem_ctx, NULL, 12);
+	if (!tp.in.params.data) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	SSVAL(tp.in.params.data, 0, io->t2ffirst.in.search_attrib);
+	SSVAL(tp.in.params.data, 2, io->t2ffirst.in.max_count);
+	SSVAL(tp.in.params.data, 4, io->t2ffirst.in.flags);
+	SSVAL(tp.in.params.data, 6, io->t2ffirst.data_level);
+	SIVAL(tp.in.params.data, 8, io->t2ffirst.in.storage_type);
+
+	smbcli_blob_append_string(tree->session, mem_ctx, &tp.in.params,
+				  io->t2ffirst.in.pattern, STR_TERMINATE);
+
+	status = smb_raw_trans2(tree, mem_ctx, &tp);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	out_param_blob->length = tp.out.params.length;
+	out_param_blob->data = tp.out.params.data;
+	out_data_blob->length = tp.out.data.length;
+	out_data_blob->data = tp.out.data.data;
+
+	return NT_STATUS_OK;
+}
+
+
+/****************************************************************************
+ Very raw search first - returns param/data blobs.
+ Used in CIFS-on-CIFS NTVFS.
+****************************************************************************/
+static NTSTATUS smb_raw_search_next_blob(struct smbcli_tree *tree,
+					 TALLOC_CTX *mem_ctx,
+					 union smb_search_next *io,
+					 DATA_BLOB *out_param_blob,
+					 DATA_BLOB *out_data_blob)
+{
+	struct smb_trans2 tp;
+	uint16_t setup = TRANSACT2_FINDNEXT;
+	NTSTATUS status;
+
+	tp.in.max_setup = 0;
+	tp.in.flags = 0;
+	tp.in.timeout = 0;
+	tp.in.setup_count = 1;
+	tp.in.data = data_blob(NULL, 0);
+	tp.in.max_param = 10;
+	tp.in.max_data = 0xFFFF;
+	tp.in.setup = &setup;
+
+	if (io->t2fnext.level != RAW_SEARCH_TRANS2) {
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	if (io->t2fnext.data_level >= RAW_SEARCH_DATA_GENERIC) {
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	if (io->t2fnext.data_level == RAW_SEARCH_DATA_EA_LIST) {
+		if (!ea_push_name_list(mem_ctx,
+				       &tp.in.data,
+				       io->t2fnext.in.num_names,
+				       io->t2fnext.in.ea_names)) {
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
+	tp.in.params = data_blob_talloc(mem_ctx, NULL, 12);
+	if (!tp.in.params.data) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	SSVAL(tp.in.params.data, 0, io->t2fnext.in.handle);
+	SSVAL(tp.in.params.data, 2, io->t2fnext.in.max_count);
+	SSVAL(tp.in.params.data, 4, io->t2fnext.data_level);
+	SIVAL(tp.in.params.data, 6, io->t2fnext.in.resume_key);
+	SSVAL(tp.in.params.data, 10, io->t2fnext.in.flags);
+
+	smbcli_blob_append_string(tree->session, mem_ctx, &tp.in.params,
+			       io->t2fnext.in.last_name,
+			       STR_TERMINATE);
+
+	status = smb_raw_trans2(tree, mem_ctx, &tp);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	out_param_blob->length = tp.out.params.length;
+	out_param_blob->data = tp.out.params.data;
+	out_data_blob->length = tp.out.data.length;
+	out_data_blob->data = tp.out.data.data;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  parse the wire search formats that are in common between SMB and
+  SMB2
+*/
+NTSTATUS smb_raw_search_common(TALLOC_CTX *mem_ctx,
+			       enum smb_search_data_level level,
+			       const DATA_BLOB *blob,
+			       union smb_search_data *data,
+			       unsigned int *next_ofs,
+			       unsigned int str_flags)
+{
+	unsigned int len, blen;
+
+	if (blob->length < 4) {
+		return NT_STATUS_INFO_LENGTH_MISMATCH;
+	}
+
+	*next_ofs = IVAL(blob->data, 0);
+	if (*next_ofs != 0) {
+		blen = *next_ofs;
+	} else {
+		blen = blob->length;
+	}
+
+	switch (level) {
+	case RAW_SEARCH_DATA_DIRECTORY_INFO:
+		if (blen < 65) return NT_STATUS_INFO_LENGTH_MISMATCH;
+		data->directory_info.file_index  = IVAL(blob->data,             4);
+		data->directory_info.create_time = smbcli_pull_nttime(blob->data,  8);
+		data->directory_info.access_time = smbcli_pull_nttime(blob->data, 16);
+		data->directory_info.write_time  = smbcli_pull_nttime(blob->data, 24);
+		data->directory_info.change_time = smbcli_pull_nttime(blob->data, 32);
+		data->directory_info.size        = BVAL(blob->data,            40);
+		data->directory_info.alloc_size  = BVAL(blob->data,            48);
+		data->directory_info.attrib      = IVAL(blob->data,            56);
+		len = smbcli_blob_pull_string(NULL, mem_ctx, blob,
+					      &data->directory_info.name,
+					      60, 64, str_flags);
+		if (*next_ofs != 0 && *next_ofs < 64+len) {
+			return NT_STATUS_INFO_LENGTH_MISMATCH;
+		}
+		return NT_STATUS_OK;
+
+	case RAW_SEARCH_DATA_FULL_DIRECTORY_INFO:
+		if (blen < 69) return NT_STATUS_INFO_LENGTH_MISMATCH;
+		data->full_directory_info.file_index  = IVAL(blob->data,                4);
+		data->full_directory_info.create_time = smbcli_pull_nttime(blob->data,  8);
+		data->full_directory_info.access_time = smbcli_pull_nttime(blob->data, 16);
+		data->full_directory_info.write_time  = smbcli_pull_nttime(blob->data, 24);
+		data->full_directory_info.change_time = smbcli_pull_nttime(blob->data, 32);
+		data->full_directory_info.size        = BVAL(blob->data,               40);
+		data->full_directory_info.alloc_size  = BVAL(blob->data,               48);
+		data->full_directory_info.attrib      = IVAL(blob->data,               56);
+		data->full_directory_info.ea_size     = IVAL(blob->data,               64);
+		len = smbcli_blob_pull_string(NULL, mem_ctx, blob,
+					      &data->full_directory_info.name,
+					      60, 68, str_flags);
+		if (*next_ofs != 0 && *next_ofs < 68+len) {
+			return NT_STATUS_INFO_LENGTH_MISMATCH;
+		}
+		return NT_STATUS_OK;
+
+	case RAW_SEARCH_DATA_NAME_INFO:
+		if (blen < 13) return NT_STATUS_INFO_LENGTH_MISMATCH;
+		data->name_info.file_index  = IVAL(blob->data, 4);
+		len = smbcli_blob_pull_string(NULL, mem_ctx, blob,
+					      &data->name_info.name,
+					      8, 12, str_flags);
+		if (*next_ofs != 0 && *next_ofs < 12+len) {
+			return NT_STATUS_INFO_LENGTH_MISMATCH;
+		}
+		return NT_STATUS_OK;
+
+
+	case RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO:
+		if (blen < 95) return NT_STATUS_INFO_LENGTH_MISMATCH;
+		data->both_directory_info.file_index  = IVAL(blob->data,                4);
+		data->both_directory_info.create_time = smbcli_pull_nttime(blob->data,  8);
+		data->both_directory_info.access_time = smbcli_pull_nttime(blob->data, 16);
+		data->both_directory_info.write_time  = smbcli_pull_nttime(blob->data, 24);
+		data->both_directory_info.change_time = smbcli_pull_nttime(blob->data, 32);
+		data->both_directory_info.size        = BVAL(blob->data,               40);
+		data->both_directory_info.alloc_size  = BVAL(blob->data,               48);
+		data->both_directory_info.attrib      = IVAL(blob->data,               56);
+		data->both_directory_info.ea_size     = IVAL(blob->data,               64);
+		smbcli_blob_pull_string(NULL, mem_ctx, blob,
+					&data->both_directory_info.short_name,
+					68, 70, STR_LEN8BIT | STR_UNICODE);
+		len = smbcli_blob_pull_string(NULL, mem_ctx, blob,
+					      &data->both_directory_info.name,
+					      60, 94, str_flags);
+		if (*next_ofs != 0 && *next_ofs < 94+len) {
+			return NT_STATUS_INFO_LENGTH_MISMATCH;
+		}
+		return NT_STATUS_OK;
+
+
+	case RAW_SEARCH_DATA_ID_FULL_DIRECTORY_INFO:
+		if (blen < 81) return NT_STATUS_INFO_LENGTH_MISMATCH;
+		data->id_full_directory_info.file_index  = IVAL(blob->data,             4);
+		data->id_full_directory_info.create_time = smbcli_pull_nttime(blob->data,  8);
+		data->id_full_directory_info.access_time = smbcli_pull_nttime(blob->data, 16);
+		data->id_full_directory_info.write_time  = smbcli_pull_nttime(blob->data, 24);
+		data->id_full_directory_info.change_time = smbcli_pull_nttime(blob->data, 32);
+		data->id_full_directory_info.size        = BVAL(blob->data,            40);
+		data->id_full_directory_info.alloc_size  = BVAL(blob->data,            48);
+		data->id_full_directory_info.attrib      = IVAL(blob->data,            56);
+		data->id_full_directory_info.ea_size     = IVAL(blob->data,            64);
+		data->id_full_directory_info.file_id     = BVAL(blob->data,            72);
+		len = smbcli_blob_pull_string(NULL, mem_ctx, blob,
+					      &data->id_full_directory_info.name,
+					      60, 80, str_flags);
+		if (*next_ofs != 0 && *next_ofs < 80+len) {
+			return NT_STATUS_INFO_LENGTH_MISMATCH;
+		}
+		return NT_STATUS_OK;
+
+	case RAW_SEARCH_DATA_ID_BOTH_DIRECTORY_INFO:
+		if (blen < 105) return NT_STATUS_INFO_LENGTH_MISMATCH;
+		data->id_both_directory_info.file_index  = IVAL(blob->data,             4);
+		data->id_both_directory_info.create_time = smbcli_pull_nttime(blob->data,  8);
+		data->id_both_directory_info.access_time = smbcli_pull_nttime(blob->data, 16);
+		data->id_both_directory_info.write_time  = smbcli_pull_nttime(blob->data, 24);
+		data->id_both_directory_info.change_time = smbcli_pull_nttime(blob->data, 32);
+		data->id_both_directory_info.size        = BVAL(blob->data,            40);
+		data->id_both_directory_info.alloc_size  = BVAL(blob->data,            48);
+		data->id_both_directory_info.attrib      = SVAL(blob->data,            56);
+		data->id_both_directory_info.ea_size     = IVAL(blob->data,            64);
+		smbcli_blob_pull_string(NULL, mem_ctx, blob,
+				     &data->id_both_directory_info.short_name,
+				     68, 70, STR_LEN8BIT | STR_UNICODE);
+		memcpy(data->id_both_directory_info.short_name_buf, blob->data + 70, 24);
+		data->id_both_directory_info.file_id     = BVAL(blob->data,            96);
+		len = smbcli_blob_pull_string(NULL, mem_ctx, blob,
+					      &data->id_both_directory_info.name,
+					      60, 104, str_flags);
+		if (*next_ofs != 0 && *next_ofs < 104+len) {
+			return NT_STATUS_INFO_LENGTH_MISMATCH;
+		}
+		return NT_STATUS_OK;
+
+	default:
+		break;
+	}
+
+	/* invalid level */
+	return NT_STATUS_INVALID_INFO_CLASS;
+}
+
+
+/*
+  parse a trans2 search response.
+  Return the number of bytes consumed
+  return 0 for success with end of list
+  return -1 for a parse error
+*/
+static int parse_trans2_search(struct smbcli_tree *tree,
+			       TALLOC_CTX *mem_ctx,
+			       enum smb_search_data_level level,
+			       uint16_t flags,
+			       DATA_BLOB *blob,
+			       union smb_search_data *data)
+{
+	unsigned int len, ofs;
+	uint32_t ea_size;
+	DATA_BLOB eablob;
+	NTSTATUS status;
+
+	switch (level) {
+	case RAW_SEARCH_DATA_GENERIC:
+	case RAW_SEARCH_DATA_SEARCH:
+		/* handled elsewhere */
+		return -1;
+
+	case RAW_SEARCH_DATA_STANDARD:
+		if (flags & FLAG_TRANS2_FIND_REQUIRE_RESUME) {
+			if (blob->length < 4) return -1;
+			data->standard.resume_key = IVAL(blob->data, 0);
+			blob->data += 4;
+			blob->length -= 4;
+		}
+		if (blob->length < 24) return -1;
+		data->standard.create_time = raw_pull_dos_date2(tree->session->transport,
+								blob->data + 0);
+		data->standard.access_time = raw_pull_dos_date2(tree->session->transport,
+								blob->data + 4);
+		data->standard.write_time  = raw_pull_dos_date2(tree->session->transport,
+								blob->data + 8);
+		data->standard.size        = IVAL(blob->data, 12);
+		data->standard.alloc_size  = IVAL(blob->data, 16);
+		data->standard.attrib      = SVAL(blob->data, 20);
+		len = smbcli_blob_pull_string(tree->session, mem_ctx, blob,
+					   &data->standard.name,
+					   22, 23, STR_LEN8BIT | STR_TERMINATE | STR_LEN_NOTERM);
+		return len + 23;
+
+	case RAW_SEARCH_DATA_EA_SIZE:
+		if (flags & FLAG_TRANS2_FIND_REQUIRE_RESUME) {
+			if (blob->length < 4) return -1;
+			data->ea_size.resume_key = IVAL(blob->data, 0);
+			blob->data += 4;
+			blob->length -= 4;
+		}
+		if (blob->length < 28) return -1;
+		data->ea_size.create_time = raw_pull_dos_date2(tree->session->transport,
+							       blob->data + 0);
+		data->ea_size.access_time = raw_pull_dos_date2(tree->session->transport,
+							       blob->data + 4);
+		data->ea_size.write_time  = raw_pull_dos_date2(tree->session->transport,
+							       blob->data + 8);
+		data->ea_size.size        = IVAL(blob->data, 12);
+		data->ea_size.alloc_size  = IVAL(blob->data, 16);
+		data->ea_size.attrib      = SVAL(blob->data, 20);
+		data->ea_size.ea_size     = IVAL(blob->data, 22);
+		len = smbcli_blob_pull_string(tree->session, mem_ctx, blob,
+					   &data->ea_size.name,
+					   26, 27, STR_LEN8BIT | STR_TERMINATE | STR_NOALIGN);
+		return len + 27 + 1;
+
+	case RAW_SEARCH_DATA_EA_LIST:
+		if (flags & FLAG_TRANS2_FIND_REQUIRE_RESUME) {
+			if (blob->length < 4) return -1;
+			data->ea_list.resume_key = IVAL(blob->data, 0);
+			blob->data += 4;
+			blob->length -= 4;
+		}
+		if (blob->length < 28) return -1;
+		data->ea_list.create_time = raw_pull_dos_date2(tree->session->transport,
+							       blob->data + 0);
+		data->ea_list.access_time = raw_pull_dos_date2(tree->session->transport,
+							       blob->data + 4);
+		data->ea_list.write_time  = raw_pull_dos_date2(tree->session->transport,
+							       blob->data + 8);
+		data->ea_list.size        = IVAL(blob->data, 12);
+		data->ea_list.alloc_size  = IVAL(blob->data, 16);
+		data->ea_list.attrib      = SVAL(blob->data, 20);
+		ea_size                   = IVAL(blob->data, 22);
+		if (ea_size > 0xFFFF) {
+			return -1;
+		}
+		eablob.data = blob->data + 22;
+		eablob.length = ea_size;
+		if (eablob.length > blob->length - 24) {
+			return -1;
+		}
+		status = ea_pull_list(&eablob, mem_ctx,
+				      &data->ea_list.eas.num_eas,
+				      &data->ea_list.eas.eas);
+		if (!NT_STATUS_IS_OK(status)) {
+			return -1;
+		}
+		len = smbcli_blob_pull_string(tree->session, mem_ctx, blob,
+					      &data->ea_list.name,
+					      22+ea_size, 23+ea_size,
+					      STR_LEN8BIT | STR_NOALIGN);
+		return len + ea_size + 23 + 1;
+
+	case RAW_SEARCH_DATA_UNIX_INFO:
+		if (blob->length < 109) return -1;
+		ofs                                  = IVAL(blob->data,             0);
+		data->unix_info.file_index           = IVAL(blob->data,             4);
+		data->unix_info.size                 = BVAL(blob->data,             8);
+		data->unix_info.alloc_size           = BVAL(blob->data,            16);
+		data->unix_info.status_change_time   = smbcli_pull_nttime(blob->data, 24);
+		data->unix_info.access_time          = smbcli_pull_nttime(blob->data, 32);
+		data->unix_info.change_time          = smbcli_pull_nttime(blob->data, 40);
+		data->unix_info.uid                  = IVAL(blob->data,            48);
+		data->unix_info.gid                  = IVAL(blob->data,            56);
+		data->unix_info.file_type            = IVAL(blob->data,            64);
+		data->unix_info.dev_major            = BVAL(blob->data,            68);
+		data->unix_info.dev_minor            = BVAL(blob->data,            76);
+		data->unix_info.unique_id            = BVAL(blob->data,            84);
+		data->unix_info.permissions          = IVAL(blob->data,            92);
+		data->unix_info.nlink                = IVAL(blob->data,           100);
+		/* There is no length field for this name but we know it's null terminated. */
+		len = smbcli_blob_pull_unix_string(tree->session, mem_ctx, blob,
+					   &data->unix_info.name, 108, 0);
+		if (ofs != 0 && ofs < 108+len) {
+			return -1;
+		}
+		return ofs;
+
+	case RAW_SEARCH_DATA_UNIX_INFO2:
+		/*   8 - size of ofs + file_index
+		 * 116 - size of unix_info2
+		 *   4 - size of name length
+		 *   2 - "." is the shortest name
+		 */
+		if (blob->length < (116 + 8 + 4 + 2)) {
+			return -1;
+		}
+
+		ofs                                 = IVAL(blob->data,   0);
+		data->unix_info2.file_index         = IVAL(blob->data,   4);
+		data->unix_info2.end_of_file        = BVAL(blob->data,   8);
+		data->unix_info2.num_bytes          = BVAL(blob->data,  16);
+		data->unix_info2.status_change_time = smbcli_pull_nttime(blob->data, 24);
+		data->unix_info2.access_time        = smbcli_pull_nttime(blob->data, 32);
+		data->unix_info2.change_time        = smbcli_pull_nttime(blob->data, 40);
+		data->unix_info2.uid                = IVAL(blob->data,  48);
+		data->unix_info2.gid                = IVAL(blob->data,  56);
+		data->unix_info2.file_type          = IVAL(blob->data,  64);
+		data->unix_info2.dev_major          = BVAL(blob->data,  68);
+		data->unix_info2.dev_minor          = BVAL(blob->data,  76);
+		data->unix_info2.unique_id          = BVAL(blob->data,  84);
+		data->unix_info2.permissions        = IVAL(blob->data,  92);
+		data->unix_info2.nlink              = IVAL(blob->data, 100);
+		data->unix_info2.create_time	    = smbcli_pull_nttime(blob->data, 108);
+		data->unix_info2.file_flags	    = IVAL(blob->data, 116);
+		data->unix_info2.flags_mask	    = IVAL(blob->data, 120);
+
+		/* There is a 4 byte length field for this name. The length
+		 * does not include the NULL terminator.
+		 */
+		len = smbcli_blob_pull_string(tree->session, mem_ctx, blob,
+				       &data->unix_info2.name,
+				       8 + 116, /* offset to length */
+				       8 + 116 + 4, /* offset to string */
+				       0);
+
+		if (ofs != 0 && ofs < (8 + 116 + 4 + len)) {
+			return -1;
+		}
+
+		return ofs;
+
+		case RAW_SEARCH_DATA_DIRECTORY_INFO:
+		case RAW_SEARCH_DATA_FULL_DIRECTORY_INFO:
+		case RAW_SEARCH_DATA_NAME_INFO:
+		case RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO:
+		case RAW_SEARCH_DATA_ID_FULL_DIRECTORY_INFO:
+		case RAW_SEARCH_DATA_ID_BOTH_DIRECTORY_INFO: {
+			unsigned int str_flags = STR_UNICODE;
+			if (!(tree->session->transport->negotiate.capabilities & CAP_UNICODE)) {
+				str_flags = STR_ASCII;
+			}
+
+		status = smb_raw_search_common(mem_ctx, level, blob, data, &ofs, str_flags);
+		if (!NT_STATUS_IS_OK(status)) {
+			return -1;
+		}
+		return ofs;
+	}
+	}
+
+	/* invalid level */
+	return -1;
+}
+
+/****************************************************************************
+ Trans2 search backend - process output.
+****************************************************************************/
+static NTSTATUS smb_raw_t2search_backend(struct smbcli_tree *tree,
+					 TALLOC_CTX *mem_ctx,
+					 enum smb_search_data_level level,
+					 uint16_t flags,
+					 int16_t count,
+					 DATA_BLOB *blob,
+					 void *private_data,
+					 smbcli_search_callback callback)
+
+{
+	int i;
+	DATA_BLOB blob2;
+
+	blob2.data = blob->data;
+	blob2.length = blob->length;
+
+	for (i=0; i < count; i++) {
+		union smb_search_data search_data;
+		unsigned int len;
+
+		len = parse_trans2_search(tree, mem_ctx, level, flags, &blob2, &search_data);
+		if (len == -1) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		/* the callback function can tell us that no more will
+		   fit - in that case we stop, but it isn't an error */
+		if (!callback(private_data, &search_data)) {
+			break;
+		}
+
+		if (len == 0) break;
+
+		blob2.data += len;
+		blob2.length -= len;
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+/* Implements trans2findfirst2 and old search
+ */
+_PUBLIC_ NTSTATUS smb_raw_search_first(struct smbcli_tree *tree,
+			      TALLOC_CTX *mem_ctx,
+			      union smb_search_first *io, void *private_data,
+			      smbcli_search_callback callback)
+{
+	DATA_BLOB p_blob = data_blob_null, d_blob = data_blob_null;
+	NTSTATUS status;
+
+	switch (io->generic.level) {
+	case RAW_SEARCH_SEARCH:
+	case RAW_SEARCH_FFIRST:
+	case RAW_SEARCH_FUNIQUE:
+		return smb_raw_search_first_old(tree, mem_ctx, io, private_data, callback);
+
+	case RAW_SEARCH_TRANS2:
+		break;
+
+	case RAW_SEARCH_SMB2:
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	status = smb_raw_search_first_blob(tree, mem_ctx,
+					   io, &p_blob, &d_blob);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (p_blob.length < 10) {
+		DEBUG(1,("smb_raw_search_first: parms wrong size %d != expected_param_size\n",
+			(int)p_blob.length));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/* process output data */
+	io->t2ffirst.out.handle = SVAL(p_blob.data, 0);
+	io->t2ffirst.out.count = SVAL(p_blob.data, 2);
+	io->t2ffirst.out.end_of_search = SVAL(p_blob.data, 4);
+
+	status = smb_raw_t2search_backend(tree, mem_ctx,
+					  io->generic.data_level,
+					  io->t2ffirst.in.flags, io->t2ffirst.out.count,
+					  &d_blob, private_data, callback);
+
+	return status;
+}
+
+/* Implements trans2findnext2 and old smbsearch
+ */
+NTSTATUS smb_raw_search_next(struct smbcli_tree *tree,
+			     TALLOC_CTX *mem_ctx,
+			     union smb_search_next *io, void *private_data,
+			     smbcli_search_callback callback)
+{
+	DATA_BLOB p_blob = data_blob_null, d_blob = data_blob_null;
+	NTSTATUS status;
+
+	switch (io->generic.level) {
+	case RAW_SEARCH_SEARCH:
+	case RAW_SEARCH_FFIRST:
+		return smb_raw_search_next_old(tree, mem_ctx, io, private_data, callback);
+
+	case RAW_SEARCH_FUNIQUE:
+		return NT_STATUS_INVALID_LEVEL;
+
+	case RAW_SEARCH_TRANS2:
+		break;
+
+	case RAW_SEARCH_SMB2:
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	status = smb_raw_search_next_blob(tree, mem_ctx,
+					  io, &p_blob, &d_blob);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (p_blob.length != 8) {
+		DEBUG(1,("smb_raw_search_next: parms wrong size %d != expected_param_size\n",
+			(int)p_blob.length));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/* process output data */
+	io->t2fnext.out.count = SVAL(p_blob.data, 0);
+	io->t2fnext.out.end_of_search = SVAL(p_blob.data, 2);
+
+	status = smb_raw_t2search_backend(tree, mem_ctx,
+					  io->generic.data_level,
+					  io->t2fnext.in.flags, io->t2fnext.out.count,
+					  &d_blob, private_data, callback);
+
+	return status;
+}
+
+/*
+   Implements trans2findclose2
+ */
+NTSTATUS smb_raw_search_close(struct smbcli_tree *tree,
+			      union smb_search_close *io)
+{
+	struct smbcli_request *req;
+
+	if (io->generic.level == RAW_FINDCLOSE_FCLOSE) {
+		return smb_raw_search_close_old(tree, io);
+	}
+
+	req = smbcli_request_setup(tree, SMBfindclose, 1, 0);
+	if (!req) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	SSVAL(req->out.vwv, VWV(0), io->findclose.in.handle);
+
+	if (smbcli_request_send(req)) {
+		(void) smbcli_request_receive(req);
+	}
+
+	return smbcli_request_destroy(req);
+}
diff --git a/source4/libcli/raw/rawsetfileinfo.c b/source4/libcli/raw/rawsetfileinfo.c
new file mode 100644
index 0000000..7044905
--- /dev/null
+++ b/source4/libcli/raw/rawsetfileinfo.c
@@ -0,0 +1,506 @@
+/*
+   Unix SMB/CIFS implementation.
+   RAW_SFILEINFO_* calls
+   Copyright (C) James Myers 2003
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) James Peach 2007
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "librpc/gen_ndr/ndr_security.h"
+
+
+/*
+  Handle setfileinfo/setpathinfo passthu constructions
+*/
+bool smb_raw_setfileinfo_passthru(TALLOC_CTX *mem_ctx,
+				  enum smb_setfileinfo_level level,
+				  union smb_setfileinfo *parms,
+				  DATA_BLOB *blob)
+{
+	unsigned int len;
+
+#define NEED_BLOB(n) do { \
+	  *blob = data_blob_talloc(mem_ctx, NULL, n); \
+	  if (blob->data == NULL && n != 0) return false; \
+        } while (0)
+
+	switch (level) {
+	case RAW_SFILEINFO_BASIC_INFORMATION:
+		NEED_BLOB(40);
+		smbcli_push_nttime(blob->data,  0, parms->basic_info.in.create_time);
+		smbcli_push_nttime(blob->data,  8, parms->basic_info.in.access_time);
+		smbcli_push_nttime(blob->data, 16, parms->basic_info.in.write_time);
+		smbcli_push_nttime(blob->data, 24, parms->basic_info.in.change_time);
+		SIVAL(blob->data,           32, parms->basic_info.in.attrib);
+		SIVAL(blob->data,           36, 0); /* padding */
+		return true;
+
+	case RAW_SFILEINFO_DISPOSITION_INFORMATION:
+		NEED_BLOB(4);
+		SIVAL(blob->data, 0, parms->disposition_info.in.delete_on_close);
+		return true;
+
+	case RAW_SFILEINFO_ALLOCATION_INFORMATION:
+		NEED_BLOB(8);
+		SBVAL(blob->data, 0, parms->allocation_info.in.alloc_size);
+		return true;
+
+	case RAW_SFILEINFO_END_OF_FILE_INFORMATION:
+		NEED_BLOB(8);
+		SBVAL(blob->data, 0, parms->end_of_file_info.in.size);
+		return true;
+
+	case RAW_SFILEINFO_RENAME_INFORMATION:
+		NEED_BLOB(12);
+		SIVAL(blob->data, 0, parms->rename_information.in.overwrite);
+		SIVAL(blob->data, 4, parms->rename_information.in.root_fid);
+		len = smbcli_blob_append_string(NULL, mem_ctx, blob,
+						parms->rename_information.in.new_name,
+						STR_UNICODE|STR_TERMINATE);
+		SIVAL(blob->data, 8, len - 2);
+		return true;
+
+	case RAW_SFILEINFO_RENAME_INFORMATION_SMB2:
+		NEED_BLOB(20);
+		SIVAL(blob->data, 0, parms->rename_information.in.overwrite);
+		SIVAL(blob->data, 4, 0);
+		SBVAL(blob->data, 8, parms->rename_information.in.root_fid);
+		len = smbcli_blob_append_string(NULL, mem_ctx, blob,
+						parms->rename_information.in.new_name,
+						STR_UNICODE|STR_TERMINATE);
+		SIVAL(blob->data, 16, len - 2);
+		return true;
+
+	case RAW_SFILEINFO_POSITION_INFORMATION:
+		NEED_BLOB(8);
+		SBVAL(blob->data, 0, parms->position_information.in.position);
+		return true;
+
+	case RAW_SFILEINFO_MODE_INFORMATION:
+		NEED_BLOB(4);
+		SIVAL(blob->data, 0, parms->mode_information.in.mode);
+		return true;
+
+	case RAW_FILEINFO_SEC_DESC: {
+		enum ndr_err_code ndr_err;
+
+		ndr_err = ndr_push_struct_blob(blob, mem_ctx, parms->set_secdesc.in.sd,
+					       (ndr_push_flags_fn_t)ndr_push_security_descriptor);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			return false;
+		}
+
+		return true;
+	}
+
+	case RAW_SFILEINFO_FULL_EA_INFORMATION:
+		printf("num_eas=%d\n", parms->full_ea_information.in.eas.num_eas);
+		NEED_BLOB(ea_list_size_chained(
+				  parms->full_ea_information.in.eas.num_eas,
+				  parms->full_ea_information.in.eas.eas, 4));
+		ea_put_list_chained(blob->data,
+				    parms->full_ea_information.in.eas.num_eas,
+				    parms->full_ea_information.in.eas.eas, 4);
+		return true;
+
+	case RAW_SFILEINFO_LINK_INFORMATION:
+		NEED_BLOB(20);
+		memset(blob->data, 0, blob->length);
+
+		PUSH_LE_U8(blob->data, 0, parms->link_information.in.overwrite);
+		PUSH_LE_U64(blob->data, 8, parms->link_information.in.root_fid);
+
+		len = smbcli_blob_append_string(
+			NULL, mem_ctx, blob,
+			parms->link_information.in.new_name,
+			STR_UNICODE | STR_TERMINATE);
+		PUSH_LE_U32(blob->data, 16, len - 2);
+		return true;
+
+		/* Unhandled levels */
+	case RAW_SFILEINFO_PIPE_INFORMATION:
+	case RAW_SFILEINFO_VALID_DATA_INFORMATION:
+	case RAW_SFILEINFO_SHORT_NAME_INFORMATION:
+	case RAW_SFILEINFO_1025:
+	case RAW_SFILEINFO_1027:
+	case RAW_SFILEINFO_1029:
+	case RAW_SFILEINFO_1030:
+	case RAW_SFILEINFO_1031:
+	case RAW_SFILEINFO_1032:
+	case RAW_SFILEINFO_1036:
+	case RAW_SFILEINFO_1041:
+	case RAW_SFILEINFO_1042:
+	case RAW_SFILEINFO_1043:
+	case RAW_SFILEINFO_1044:
+		break;
+
+	default:
+		DEBUG(0,("Unhandled setfileinfo passthru level %d\n", level));
+		return false;
+	}
+
+	return false;
+}
+
+/*
+  Handle setfileinfo/setpathinfo trans2 backend.
+*/
+static bool smb_raw_setinfo_backend(struct smbcli_tree *tree,
+				    TALLOC_CTX *mem_ctx,
+				    union smb_setfileinfo *parms,
+				    DATA_BLOB *blob)
+{
+	switch (parms->generic.level) {
+	case RAW_SFILEINFO_GENERIC:
+	case RAW_SFILEINFO_SETATTR:
+	case RAW_SFILEINFO_SETATTRE:
+	case RAW_SFILEINFO_SEC_DESC:
+		/* not handled here */
+		return false;
+
+	case RAW_SFILEINFO_STANDARD:
+		NEED_BLOB(12);
+		raw_push_dos_date2(tree->session->transport,
+				  blob->data, 0, parms->standard.in.create_time);
+		raw_push_dos_date2(tree->session->transport,
+				  blob->data, 4, parms->standard.in.access_time);
+		raw_push_dos_date2(tree->session->transport,
+				  blob->data, 8, parms->standard.in.write_time);
+		return true;
+
+	case RAW_SFILEINFO_EA_SET:
+		NEED_BLOB(ea_list_size(parms->ea_set.in.num_eas, parms->ea_set.in.eas));
+		ea_put_list(blob->data, parms->ea_set.in.num_eas, parms->ea_set.in.eas);
+		return true;
+
+	case RAW_SFILEINFO_BASIC_INFO:
+	case RAW_SFILEINFO_BASIC_INFORMATION:
+		return smb_raw_setfileinfo_passthru(mem_ctx, RAW_SFILEINFO_BASIC_INFORMATION,
+						    parms, blob);
+
+	case RAW_SFILEINFO_UNIX_BASIC:
+		NEED_BLOB(100);
+		SBVAL(blob->data, 0, parms->unix_basic.in.end_of_file);
+		SBVAL(blob->data, 8, parms->unix_basic.in.num_bytes);
+		smbcli_push_nttime(blob->data, 16, parms->unix_basic.in.status_change_time);
+		smbcli_push_nttime(blob->data, 24, parms->unix_basic.in.access_time);
+		smbcli_push_nttime(blob->data, 32, parms->unix_basic.in.change_time);
+		SBVAL(blob->data, 40, parms->unix_basic.in.uid);
+		SBVAL(blob->data, 48, parms->unix_basic.in.gid);
+		SIVAL(blob->data, 56, parms->unix_basic.in.file_type);
+		SBVAL(blob->data, 60, parms->unix_basic.in.dev_major);
+		SBVAL(blob->data, 68, parms->unix_basic.in.dev_minor);
+		SBVAL(blob->data, 76, parms->unix_basic.in.unique_id);
+		SBVAL(blob->data, 84, parms->unix_basic.in.permissions);
+		SBVAL(blob->data, 92, parms->unix_basic.in.nlink);
+		return true;
+
+	case RAW_SFILEINFO_UNIX_INFO2:
+		NEED_BLOB(116);
+		SBVAL(blob->data,   0, parms->unix_info2.in.end_of_file);
+		SBVAL(blob->data,   8, parms->unix_info2.in.num_bytes);
+		smbcli_push_nttime(blob->data, 16, parms->unix_info2.in.status_change_time);
+		smbcli_push_nttime(blob->data, 24, parms->unix_info2.in.access_time);
+		smbcli_push_nttime(blob->data, 32, parms->unix_info2.in.change_time);
+		SBVAL(blob->data,  40,parms->unix_info2.in.uid);
+		SBVAL(blob->data,  48,parms->unix_info2.in.gid);
+		SIVAL(blob->data,  56,parms->unix_info2.in.file_type);
+		SBVAL(blob->data,  60,parms->unix_info2.in.dev_major);
+		SBVAL(blob->data,  68,parms->unix_info2.in.dev_minor);
+		SBVAL(blob->data,  76,parms->unix_info2.in.unique_id);
+		SBVAL(blob->data,  84,parms->unix_info2.in.permissions);
+		SBVAL(blob->data,  92,parms->unix_info2.in.nlink);
+		smbcli_push_nttime(blob->data, 100, parms->unix_info2.in.create_time);
+		SIVAL(blob->data, 108, parms->unix_info2.in.file_flags);
+		SIVAL(blob->data, 112, parms->unix_info2.in.flags_mask);
+		return true;
+
+	case RAW_SFILEINFO_DISPOSITION_INFO:
+	case RAW_SFILEINFO_DISPOSITION_INFORMATION:
+		return smb_raw_setfileinfo_passthru(mem_ctx, RAW_SFILEINFO_DISPOSITION_INFORMATION,
+						    parms, blob);
+
+	case RAW_SFILEINFO_ALLOCATION_INFO:
+	case RAW_SFILEINFO_ALLOCATION_INFORMATION:
+		return smb_raw_setfileinfo_passthru(mem_ctx, RAW_SFILEINFO_ALLOCATION_INFORMATION,
+						    parms, blob);
+
+	case RAW_SFILEINFO_END_OF_FILE_INFO:
+	case RAW_SFILEINFO_END_OF_FILE_INFORMATION:
+		return smb_raw_setfileinfo_passthru(mem_ctx, RAW_SFILEINFO_END_OF_FILE_INFORMATION,
+						    parms, blob);
+
+	case RAW_SFILEINFO_RENAME_INFORMATION:
+		return smb_raw_setfileinfo_passthru(mem_ctx, RAW_SFILEINFO_RENAME_INFORMATION,
+						    parms, blob);
+
+	case RAW_SFILEINFO_POSITION_INFORMATION:
+		return smb_raw_setfileinfo_passthru(mem_ctx, RAW_SFILEINFO_POSITION_INFORMATION,
+						    parms, blob);
+
+	case RAW_SFILEINFO_MODE_INFORMATION:
+		return smb_raw_setfileinfo_passthru(mem_ctx, RAW_SFILEINFO_MODE_INFORMATION,
+						    parms, blob);
+
+		/* Unhandled passthru levels */
+	case RAW_SFILEINFO_PIPE_INFORMATION:
+	case RAW_SFILEINFO_VALID_DATA_INFORMATION:
+	case RAW_SFILEINFO_SHORT_NAME_INFORMATION:
+	case RAW_SFILEINFO_FULL_EA_INFORMATION:
+	case RAW_SFILEINFO_1025:
+	case RAW_SFILEINFO_1027:
+	case RAW_SFILEINFO_1029:
+	case RAW_SFILEINFO_1030:
+	case RAW_SFILEINFO_1031:
+	case RAW_SFILEINFO_1032:
+	case RAW_SFILEINFO_1036:
+	case RAW_SFILEINFO_1041:
+	case RAW_SFILEINFO_1042:
+	case RAW_SFILEINFO_1043:
+	case RAW_SFILEINFO_1044:
+		return smb_raw_setfileinfo_passthru(mem_ctx, parms->generic.level,
+						    parms, blob);
+
+	/* Unhandled levels */
+	case RAW_SFILEINFO_UNIX_LINK:
+	case RAW_SFILEINFO_UNIX_HLINK:
+	case RAW_SFILEINFO_RENAME_INFORMATION_SMB2:
+	case RAW_SFILEINFO_LINK_INFORMATION:
+		break;
+	}
+
+	return false;
+}
+
+/****************************************************************************
+ Very raw set file info - takes data blob (async send)
+****************************************************************************/
+static struct smbcli_request *smb_raw_setfileinfo_blob_send(struct smbcli_tree *tree,
+							 TALLOC_CTX *mem_ctx,
+							 uint16_t fnum,
+							 uint16_t info_level,
+							 DATA_BLOB *blob)
+{
+	struct smb_trans2 tp;
+	uint16_t setup = TRANSACT2_SETFILEINFO;
+
+	tp.in.max_setup = 0;
+	tp.in.flags = 0;
+	tp.in.timeout = 0;
+	tp.in.setup_count = 1;
+	tp.in.max_param = 2;
+	tp.in.max_data = 0;
+	tp.in.setup = &setup;
+
+	tp.in.params = data_blob_talloc(mem_ctx, NULL, 6);
+	if (!tp.in.params.data) {
+		return NULL;
+	}
+	SSVAL(tp.in.params.data, 0, fnum);
+	SSVAL(tp.in.params.data, 2, info_level);
+	SSVAL(tp.in.params.data, 4, 0); /* reserved */
+
+	tp.in.data = *blob;
+
+	return smb_raw_trans2_send(tree, &tp);
+}
+
+/****************************************************************************
+ Very raw set path info - takes data blob
+****************************************************************************/
+static struct smbcli_request *smb_raw_setpathinfo_blob_send(struct smbcli_tree *tree,
+							    TALLOC_CTX *mem_ctx,
+							    const char *fname,
+							    uint16_t info_level,
+							    DATA_BLOB *blob)
+{
+	struct smb_trans2 tp;
+	uint16_t setup = TRANSACT2_SETPATHINFO;
+
+	tp.in.max_setup = 0;
+	tp.in.flags = 0;
+	tp.in.timeout = 0;
+	tp.in.setup_count = 1;
+	tp.in.max_param = 2;
+	tp.in.max_data = 0;
+	tp.in.setup = &setup;
+
+	tp.in.params = data_blob_talloc(mem_ctx, NULL, 6);
+	if (!tp.in.params.data) {
+		return NULL;
+	}
+	SSVAL(tp.in.params.data, 0, info_level);
+	SIVAL(tp.in.params.data, 2, 0);
+	smbcli_blob_append_string(tree->session, mem_ctx,
+				  &tp.in.params,
+				  fname, STR_TERMINATE);
+
+	tp.in.data = *blob;
+
+	return smb_raw_trans2_send(tree, &tp);
+}
+
+/****************************************************************************
+ Handle setattr (async send)
+****************************************************************************/
+static struct smbcli_request *smb_raw_setattr_send(struct smbcli_tree *tree,
+						union smb_setfileinfo *parms)
+{
+	struct smbcli_request *req;
+
+	req = smbcli_request_setup(tree, SMBsetatr, 8, 0);
+	if (!req) return NULL;
+
+	SSVAL(req->out.vwv,         VWV(0), parms->setattr.in.attrib);
+	raw_push_dos_date3(tree->session->transport,
+			  req->out.vwv, VWV(1), parms->setattr.in.write_time);
+	memset(req->out.vwv + VWV(3), 0, 10); /* reserved */
+	smbcli_req_append_ascii4(req, parms->setattr.in.file.path, STR_TERMINATE);
+	smbcli_req_append_ascii4(req, "", STR_TERMINATE);
+
+	if (!smbcli_request_send(req)) {
+		smbcli_request_destroy(req);
+		return NULL;
+	}
+
+	return req;
+}
+
+/****************************************************************************
+ Handle setattrE. (async send)
+****************************************************************************/
+static struct smbcli_request *smb_raw_setattrE_send(struct smbcli_tree *tree,
+						 union smb_setfileinfo *parms)
+{
+	struct smbcli_request *req;
+
+	req = smbcli_request_setup(tree, SMBsetattrE, 7, 0);
+	if (!req) return NULL;
+
+	SSVAL(req->out.vwv,         VWV(0), parms->setattre.in.file.fnum);
+	raw_push_dos_date2(tree->session->transport,
+			  req->out.vwv, VWV(1), parms->setattre.in.create_time);
+	raw_push_dos_date2(tree->session->transport,
+			  req->out.vwv, VWV(3), parms->setattre.in.access_time);
+	raw_push_dos_date2(tree->session->transport,
+			  req->out.vwv, VWV(5), parms->setattre.in.write_time);
+
+	if (!smbcli_request_send(req)) {
+		smbcli_request_destroy(req);
+		return NULL;
+	}
+
+	return req;
+}
+
+/****************************************************************************
+ Set file info (async send)
+****************************************************************************/
+struct smbcli_request *smb_raw_setfileinfo_send(struct smbcli_tree *tree,
+					     union smb_setfileinfo *parms)
+{
+	DATA_BLOB blob;
+	TALLOC_CTX *mem_ctx;
+	struct smbcli_request *req;
+
+	if (parms->generic.level == RAW_SFILEINFO_SETATTRE) {
+		return smb_raw_setattrE_send(tree, parms);
+	}
+	if (parms->generic.level == RAW_SFILEINFO_SEC_DESC) {
+		return smb_raw_set_secdesc_send(tree, parms);
+	}
+	if (parms->generic.level >= RAW_SFILEINFO_GENERIC) {
+		return NULL;
+	}
+
+	mem_ctx = talloc_init("setpathinfo");
+	if (!mem_ctx) return NULL;
+
+	if (!smb_raw_setinfo_backend(tree, mem_ctx, parms, &blob)) {
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	/* send request and process the output */
+	req = smb_raw_setfileinfo_blob_send(tree,
+					    mem_ctx,
+					    parms->generic.in.file.fnum,
+					    parms->generic.level,
+					    &blob);
+
+	talloc_free(mem_ctx);
+	return req;
+}
+
+/****************************************************************************
+ Set file info (async send)
+****************************************************************************/
+_PUBLIC_ NTSTATUS smb_raw_setfileinfo(struct smbcli_tree *tree,
+			     union smb_setfileinfo *parms)
+{
+	struct smbcli_request *req = smb_raw_setfileinfo_send(tree, parms);
+	return smbcli_request_simple_recv(req);
+}
+
+
+/****************************************************************************
+ Set path info (async send)
+****************************************************************************/
+_PUBLIC_ struct smbcli_request *smb_raw_setpathinfo_send(struct smbcli_tree *tree,
+					     union smb_setfileinfo *parms)
+{
+	DATA_BLOB blob;
+	TALLOC_CTX *mem_ctx;
+	struct smbcli_request *req;
+
+	if (parms->generic.level == RAW_SFILEINFO_SETATTR) {
+		return smb_raw_setattr_send(tree, parms);
+	}
+	if (parms->generic.level >= RAW_SFILEINFO_GENERIC) {
+		return NULL;
+	}
+
+	mem_ctx = talloc_init("setpathinfo");
+	if (!mem_ctx) return NULL;
+
+	if (!smb_raw_setinfo_backend(tree, mem_ctx, parms, &blob)) {
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	/* send request and process the output */
+	req = smb_raw_setpathinfo_blob_send(tree,
+					    mem_ctx,
+					    parms->generic.in.file.path,
+					    parms->generic.level,
+					    &blob);
+
+	talloc_free(mem_ctx);
+	return req;
+}
+
+/****************************************************************************
+ Set path info (sync interface)
+****************************************************************************/
+_PUBLIC_ NTSTATUS smb_raw_setpathinfo(struct smbcli_tree *tree,
+			     union smb_setfileinfo *parms)
+{
+	struct smbcli_request *req = smb_raw_setpathinfo_send(tree, parms);
+	return smbcli_request_simple_recv(req);
+}
diff --git a/source4/libcli/raw/rawshadow.c b/source4/libcli/raw/rawshadow.c
new file mode 100644
index 0000000..0ce92c5
--- /dev/null
+++ b/source4/libcli/raw/rawshadow.c
@@ -0,0 +1,82 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   shadow copy file operations
+
+   Copyright (C) Andrew Tridgell 2007
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "../libcli/smb/smb_constants.h"
+
+/*
+   get shadow volume data
+*/
+_PUBLIC_ NTSTATUS smb_raw_shadow_data(struct smbcli_tree *tree,
+				      TALLOC_CTX *mem_ctx, struct smb_shadow_copy *info)
+{
+	union smb_ioctl nt;
+	NTSTATUS status;
+	DATA_BLOB blob;
+	uint32_t dlength;
+	int i;
+	uint32_t ofs;
+
+	nt.ntioctl.level        = RAW_IOCTL_NTIOCTL;
+	nt.ntioctl.in.function  = FSCTL_GET_SHADOW_COPY_DATA;
+	nt.ntioctl.in.file.fnum = info->in.file.fnum;
+	nt.ntioctl.in.fsctl     = true;
+	nt.ntioctl.in.filter    = 0;
+	nt.ntioctl.in.max_data  = info->in.max_data;
+	nt.ntioctl.in.blob      = data_blob(NULL, 0);
+
+	status = smb_raw_ioctl(tree, mem_ctx, &nt);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	blob = nt.ntioctl.out.blob;
+
+	if (blob.length < 12) {
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	}
+
+	info->out.num_volumes = IVAL(blob.data, 0);
+	info->out.num_names   = IVAL(blob.data, 4);
+	dlength               = IVAL(blob.data, 8);
+	if (dlength > blob.length - 12) {
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	}
+
+	info->out.names = talloc_array(mem_ctx, const char *, info->out.num_names);
+	NT_STATUS_HAVE_NO_MEMORY(info->out.names);
+
+	ofs = 12;
+	for (i=0;i<info->out.num_names;i++) {
+		size_t len;
+		len = smbcli_blob_pull_ucs2(info->out.names,
+				      &blob, &info->out.names[i],
+				      blob.data+ofs, -1, STR_TERMINATE);
+		if (len == 0) {
+			return NT_STATUS_INVALID_NETWORK_RESPONSE;
+		}
+		ofs += len;
+	}
+
+	return status;
+}
diff --git a/source4/libcli/raw/rawtrans.c b/source4/libcli/raw/rawtrans.c
new file mode 100644
index 0000000..de3e054
--- /dev/null
+++ b/source4/libcli/raw/rawtrans.c
@@ -0,0 +1,446 @@
+/*
+   Unix SMB/CIFS implementation.
+   raw trans/trans2/nttrans operations
+
+   Copyright (C) James Myers 2003 <myersjj@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <tevent.h>
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "../libcli/smb/smbXcli_base.h"
+
+static void smb_raw_trans_backend_done(struct tevent_req *subreq);
+
+static struct smbcli_request *smb_raw_trans_backend_send(struct smbcli_tree *tree,
+						         struct smb_trans2 *parms,
+						         uint8_t command)
+{
+	struct smbcli_request *req;
+	uint8_t additional_flags;
+	uint8_t clear_flags;
+	uint16_t additional_flags2;
+	uint16_t clear_flags2;
+	uint32_t pid;
+	struct smbXcli_tcon *tcon = NULL;
+	struct smbXcli_session *session = NULL;
+	const char *pipe_name = NULL;
+	uint8_t s;
+	uint32_t timeout_msec;
+	uint32_t tmp;
+
+	tmp = parms->in.params.length + parms->in.data.length;
+
+	req = smbcli_request_setup(tree, command, parms->in.setup_count, tmp);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	additional_flags = CVAL(req->out.hdr, HDR_FLG);
+	additional_flags2 = SVAL(req->out.hdr, HDR_FLG2);
+	pid  = SVAL(req->out.hdr, HDR_PID);
+	pid |= SVAL(req->out.hdr, HDR_PIDHIGH)<<16;
+
+	if (req->session) {
+		session = req->session->smbXcli;
+	}
+
+	if (req->tree) {
+		tcon = req->tree->smbXcli;
+	}
+
+	clear_flags = ~additional_flags;
+	clear_flags2 = ~additional_flags2;
+
+	timeout_msec = req->transport->options.request_timeout * 1000;
+
+	for (s=0; s < parms->in.setup_count; s++) {
+		SSVAL(req->out.vwv, VWV(s), parms->in.setup[s]);
+	}
+
+	if (parms->in.params.length > 0) {
+		memcpy(req->out.data,
+		       parms->in.params.data,
+		       parms->in.params.length);
+	}
+	if (parms->in.data.length > 0) {
+		memcpy(req->out.data + parms->in.params.length,
+		       parms->in.data.data,
+		       parms->in.data.length);
+	}
+
+	if (command == SMBtrans && parms->in.trans_name) {
+		pipe_name = parms->in.trans_name;
+	}
+
+	req->subreqs[0] = smb1cli_trans_send(req,
+					     req->transport->ev,
+					     req->transport->conn,
+					     command,
+					     additional_flags,
+					     clear_flags,
+					     additional_flags2,
+					     clear_flags2,
+					     timeout_msec,
+					     pid,
+					     tcon,
+					     session,
+					     pipe_name,
+					     0xFFFF, /* fid */
+					     0, /* function */
+					     parms->in.flags,
+					     (uint16_t *)req->out.vwv,
+					     parms->in.setup_count,
+					     parms->in.max_setup,
+					     req->out.data,
+					     parms->in.params.length,
+					     parms->in.max_param,
+					     req->out.data+
+					     parms->in.params.length,
+					     parms->in.data.length,
+					     parms->in.max_data);
+	if (req->subreqs[0] == NULL) {
+		talloc_free(req);
+		return NULL;
+	}
+	tevent_req_set_callback(req->subreqs[0],
+				smb_raw_trans_backend_done,
+				req);
+
+	return req;
+}
+
+static void smb_raw_trans_backend_done(struct tevent_req *subreq)
+{
+	struct smbcli_request *req =
+		tevent_req_callback_data(subreq,
+		struct smbcli_request);
+	struct smbcli_transport *transport = req->transport;
+	uint16_t *setup = NULL;
+	uint8_t num_setup = 0;
+	uint8_t s;
+	uint8_t *param = NULL;
+	uint32_t num_param = 0;
+	uint8_t *data = NULL;
+	uint32_t num_data = 0;
+
+	req->status = smb1cli_trans_recv(req->subreqs[0], req,
+					 &req->flags2,
+					 &setup,
+					 0, /* min_setup */
+					 &num_setup,
+					 &param,
+					 0, /* min_param */
+					 &num_param,
+					 &data,
+					 0, /* min_data */
+					 &num_data);
+	TALLOC_FREE(req->subreqs[0]);
+	if (NT_STATUS_IS_ERR(req->status)) {
+		req->state = SMBCLI_REQUEST_ERROR;
+		transport->error.e.nt_status = req->status;
+		transport->error.etype = ETYPE_SMB;
+		if (req->async.fn) {
+			req->async.fn(req);
+		}
+		return;
+	}
+
+	req->trans2.out.setup_count = num_setup;
+	req->trans2.out.setup = talloc_array(req, uint16_t, num_setup);
+	if (req->trans2.out.setup == NULL) {
+		req->state = SMBCLI_REQUEST_ERROR;
+		req->status = NT_STATUS_NO_MEMORY;
+		transport->error.e.nt_status = req->status;
+		transport->error.etype = ETYPE_SMB;
+		if (req->async.fn) {
+			req->async.fn(req);
+		}
+		return;
+	}
+	for (s = 0; s < num_setup; s++) {
+		req->trans2.out.setup[s] = SVAL(setup, VWV(s));
+	}
+
+	req->trans2.out.params.data = param;
+	req->trans2.out.params.length = num_param;
+
+	req->trans2.out.data.data = data;
+	req->trans2.out.data.length = num_data;
+
+	transport->error.e.nt_status = req->status;
+	if (NT_STATUS_IS_OK(req->status)) {
+		transport->error.etype = ETYPE_NONE;
+	} else {
+		transport->error.etype = ETYPE_SMB;
+	}
+
+	req->state = SMBCLI_REQUEST_DONE;
+	if (req->async.fn) {
+		req->async.fn(req);
+	}
+}
+
+static NTSTATUS smb_raw_trans_backend_recv(struct smbcli_request *req,
+					   TALLOC_CTX *mem_ctx,
+					   struct smb_trans2 *parms)
+{
+	if (!smbcli_request_receive(req) ||
+	    smbcli_request_is_error(req)) {
+		goto failed;
+	}
+
+	parms->out = req->trans2.out;
+	talloc_steal(mem_ctx, parms->out.setup);
+	talloc_steal(mem_ctx, parms->out.params.data);
+	talloc_steal(mem_ctx, parms->out.data.data);
+
+failed:
+	return smbcli_request_destroy(req);
+}
+
+_PUBLIC_ struct smbcli_request *smb_raw_trans_send(struct smbcli_tree *tree,
+				       struct smb_trans2 *parms)
+{
+	return smb_raw_trans_backend_send(tree, parms, SMBtrans);
+}
+
+_PUBLIC_ NTSTATUS smb_raw_trans_recv(struct smbcli_request *req,
+			     TALLOC_CTX *mem_ctx,
+			     struct smb_trans2 *parms)
+{
+	return smb_raw_trans_backend_recv(req, mem_ctx, parms);
+}
+
+_PUBLIC_ NTSTATUS smb_raw_trans(struct smbcli_tree *tree,
+		       TALLOC_CTX *mem_ctx,
+		       struct smb_trans2 *parms)
+{
+	struct smbcli_request *req;
+	req = smb_raw_trans_send(tree, parms);
+	if (!req) return NT_STATUS_UNSUCCESSFUL;
+	return smb_raw_trans_recv(req, mem_ctx, parms);
+}
+
+struct smbcli_request *smb_raw_trans2_send(struct smbcli_tree *tree,
+				       struct smb_trans2 *parms)
+{
+	return smb_raw_trans_backend_send(tree, parms, SMBtrans2);
+}
+
+NTSTATUS smb_raw_trans2_recv(struct smbcli_request *req,
+			     TALLOC_CTX *mem_ctx,
+			     struct smb_trans2 *parms)
+{
+	return smb_raw_trans_backend_recv(req, mem_ctx, parms);
+}
+
+NTSTATUS smb_raw_trans2(struct smbcli_tree *tree,
+			TALLOC_CTX *mem_ctx,
+			struct smb_trans2 *parms)
+{
+	struct smbcli_request *req;
+	req = smb_raw_trans2_send(tree, parms);
+	if (!req) return NT_STATUS_UNSUCCESSFUL;
+	return smb_raw_trans2_recv(req, mem_ctx, parms);
+}
+
+static void smb_raw_nttrans_done(struct tevent_req *subreq);
+
+struct smbcli_request *smb_raw_nttrans_send(struct smbcli_tree *tree,
+					    struct smb_nttrans *parms)
+{
+	struct smbcli_request *req;
+	uint8_t additional_flags;
+	uint8_t clear_flags;
+	uint16_t additional_flags2;
+	uint16_t clear_flags2;
+	uint32_t pid;
+	struct smbXcli_tcon *tcon = NULL;
+	struct smbXcli_session *session = NULL;
+	uint32_t timeout_msec;
+	uint32_t tmp;
+
+	tmp = parms->in.params.length + parms->in.data.length;
+
+	req = smbcli_request_setup(tree, SMBnttrans, parms->in.setup_count, tmp);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	additional_flags = CVAL(req->out.hdr, HDR_FLG);
+	additional_flags2 = SVAL(req->out.hdr, HDR_FLG2);
+	pid  = SVAL(req->out.hdr, HDR_PID);
+	pid |= SVAL(req->out.hdr, HDR_PIDHIGH)<<16;
+
+	if (req->session) {
+		session = req->session->smbXcli;
+	}
+
+	if (req->tree) {
+		tcon = req->tree->smbXcli;
+	}
+
+	clear_flags = ~additional_flags;
+	clear_flags2 = ~additional_flags2;
+
+	timeout_msec = req->transport->options.request_timeout * 1000;
+
+	if (parms->in.setup_count > 0) {
+		memcpy(
+		    req->out.vwv, parms->in.setup, parms->in.setup_count * 2);
+	}
+
+	if (parms->in.params.length > 0) {
+		memcpy(req->out.data,
+		       parms->in.params.data,
+		       parms->in.params.length);
+	}
+	if (parms->in.data.length > 0) {
+		memcpy(req->out.data + parms->in.params.length,
+		       parms->in.data.data,
+		       parms->in.data.length);
+	}
+
+	req->subreqs[0] = smb1cli_trans_send(req,
+					     req->transport->ev,
+					     req->transport->conn,
+					     SMBnttrans,
+					     additional_flags,
+					     clear_flags,
+					     additional_flags2,
+					     clear_flags2,
+					     timeout_msec,
+					     pid,
+					     tcon,
+					     session,
+					     NULL, /* pipe_name */
+					     0xFFFF, /* fid */
+					     parms->in.function,
+					     0, /* flags */
+					     (uint16_t *)req->out.vwv,
+					     parms->in.setup_count,
+					     parms->in.max_setup,
+					     req->out.data,
+					     parms->in.params.length,
+					     parms->in.max_param,
+					     req->out.data+
+					     parms->in.params.length,
+					     parms->in.data.length,
+					     parms->in.max_data);
+	if (req->subreqs[0] == NULL) {
+		talloc_free(req);
+		return NULL;
+	}
+	tevent_req_set_callback(req->subreqs[0],
+				smb_raw_nttrans_done,
+				req);
+
+	return req;
+}
+
+static void smb_raw_nttrans_done(struct tevent_req *subreq)
+{
+	struct smbcli_request *req =
+		tevent_req_callback_data(subreq,
+		struct smbcli_request);
+	struct smbcli_transport *transport = req->transport;
+	uint16_t *setup = NULL;
+	uint8_t num_setup = 0;
+	uint8_t *param = NULL;
+	uint32_t num_param = 0;
+	uint8_t *data = NULL;
+	uint32_t num_data = 0;
+
+	req->status = smb1cli_trans_recv(req->subreqs[0], req,
+					 &req->flags2,
+					 &setup,
+					 0, /* min_setup */
+					 &num_setup,
+					 &param,
+					 0, /* min_param */
+					 &num_param,
+					 &data,
+					 0, /* min_data */
+					 &num_data);
+	TALLOC_FREE(req->subreqs[0]);
+	if (NT_STATUS_IS_ERR(req->status)) {
+		req->state = SMBCLI_REQUEST_ERROR;
+		transport->error.e.nt_status = req->status;
+		transport->error.etype = ETYPE_SMB;
+		if (req->async.fn) {
+			req->async.fn(req);
+		}
+		return;
+	}
+
+	req->nttrans.out.setup_count = num_setup;
+	req->nttrans.out.setup = (uint8_t *)setup;
+
+	req->nttrans.out.params.data = param;
+	req->nttrans.out.params.length = num_param;
+
+	req->nttrans.out.data.data = data;
+	req->nttrans.out.data.length = num_data;
+
+	transport->error.e.nt_status = req->status;
+	if (NT_STATUS_IS_OK(req->status)) {
+		transport->error.etype = ETYPE_NONE;
+	} else {
+		transport->error.etype = ETYPE_SMB;
+	}
+
+	req->state = SMBCLI_REQUEST_DONE;
+	if (req->async.fn) {
+		req->async.fn(req);
+	}
+}
+
+NTSTATUS smb_raw_nttrans_recv(struct smbcli_request *req,
+			      TALLOC_CTX *mem_ctx,
+			      struct smb_nttrans *parms)
+{
+	if (!smbcli_request_receive(req) ||
+	    smbcli_request_is_error(req)) {
+		goto failed;
+	}
+
+	parms->out = req->nttrans.out;
+	talloc_steal(mem_ctx, parms->out.setup);
+	talloc_steal(mem_ctx, parms->out.params.data);
+	talloc_steal(mem_ctx, parms->out.data.data);
+
+failed:
+	return smbcli_request_destroy(req);
+}
+
+/****************************************************************************
+  receive a SMB nttrans response allocating the necessary memory
+  ****************************************************************************/
+NTSTATUS smb_raw_nttrans(struct smbcli_tree *tree,
+			 TALLOC_CTX *mem_ctx,
+			 struct smb_nttrans *parms)
+{
+	struct smbcli_request *req;
+
+	req = smb_raw_nttrans_send(tree, parms);
+	if (!req) {
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	return smb_raw_nttrans_recv(req, mem_ctx, parms);
+}
diff --git a/source4/libcli/raw/request.h b/source4/libcli/raw/request.h
new file mode 100644
index 0000000..dd38b31
--- /dev/null
+++ b/source4/libcli/raw/request.h
@@ -0,0 +1,78 @@
+#ifndef _REQUEST_H
+#define _REQUEST_H
+/*
+   Unix SMB/CIFS implementation.
+   SMB parameters and setup
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) James Myers 2003 <myersjj@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "libcli/raw/signing.h"
+
+#define BUFINFO_FLAG_UNICODE 0x0001
+#define BUFINFO_FLAG_SMB2    0x0002
+
+/*
+  buffer limit structure used by both SMB and SMB2
+ */
+struct request_bufinfo {
+	TALLOC_CTX *mem_ctx;
+	uint32_t flags;
+	const uint8_t *align_base;
+	const uint8_t *data;
+	size_t data_size;	
+};
+
+/*
+  Shared state structure between client and server, representing the basic packet.
+*/
+
+struct smb_request_buffer {
+	/* the raw SMB buffer, including the 4 byte length header */
+	uint8_t *buffer;
+	
+	/* the size of the raw buffer, including 4 byte header */
+	size_t size;
+	
+	/* how much has been allocated - on reply the buffer is over-allocated to 
+	   prevent too many realloc() calls 
+	*/
+	size_t allocated;
+	
+	/* the start of the SMB header - this is always buffer+4 */
+	uint8_t *hdr;
+	
+	/* the command words and command word count. vwv points
+	   into the raw buffer */
+	uint8_t *vwv;
+	unsigned int wct;
+	
+	/* the data buffer and size. data points into the raw buffer */
+	uint8_t *data;
+	size_t data_size;
+	
+	/* ptr is used as a moving pointer into the data area
+	 * of the packet. The reason its here and not a local
+	 * variable in each function is that when a realloc of
+	 * a send packet is done we need to move this
+	 * pointer */
+	uint8_t *ptr;
+
+	/* this is used to range check and align strings and buffers */
+	struct request_bufinfo bufinfo;
+};
+
+#endif
diff --git a/source4/libcli/raw/signing.h b/source4/libcli/raw/signing.h
new file mode 100644
index 0000000..933db4d
--- /dev/null
+++ b/source4/libcli/raw/signing.h
@@ -0,0 +1,39 @@
+#ifndef _SIGNING_H
+#define _SIGNING_H
+/*
+   Unix SMB/CIFS implementation.
+   SMB Signing
+
+   Andrew Bartlett <abartlet@samba.org> 2003-2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+enum smb_signing_engine_state {
+	SMB_SIGNING_ENGINE_OFF,
+	SMB_SIGNING_ENGINE_BSRSPYL,
+	SMB_SIGNING_ENGINE_ON
+};
+
+struct smb_signing_context {
+	enum smb_signing_engine_state signing_state;
+	DATA_BLOB mac_key;
+	uint32_t next_seq_num;
+	bool allow_smb_signing;
+	bool doing_signing;
+	bool mandatory_signing;
+	bool seen_valid; /* Have I ever seen a validly signed packet? */
+};
+
+#endif
diff --git a/source4/libcli/raw/smb.h b/source4/libcli/raw/smb.h
new file mode 100644
index 0000000..88cd066
--- /dev/null
+++ b/source4/libcli/raw/smb.h
@@ -0,0 +1,322 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB parameters and setup, plus a whole lot more.
+
+   Copyright (C) Andrew Tridgell              1992-2000
+   Copyright (C) John H Terpstra              1996-2002
+   Copyright (C) Luke Kenneth Casson Leighton 1996-2000
+   Copyright (C) Paul Ashton                  1998-2000
+   Copyright (C) Simo Sorce                   2001-2002
+   Copyright (C) Martin Pool		      2002
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _RAW_SMB_H
+#define _RAW_SMB_H
+
+/* deny modes */
+#define DENY_DOS 0
+#define DENY_ALL 1
+#define DENY_WRITE 2
+#define DENY_READ 3
+#define DENY_NONE 4
+#define DENY_FCB 7
+
+/* open modes */
+#define DOS_OPEN_RDONLY 0
+#define DOS_OPEN_WRONLY 1
+#define DOS_OPEN_RDWR 2
+#define DOS_OPEN_FCB 0xF
+
+
+/**********************************/
+/* SMBopen field definitions      */
+#define OPEN_FLAGS_DENY_MASK  0x70
+#define OPEN_FLAGS_DENY_DOS   0x00
+#define OPEN_FLAGS_DENY_ALL   0x10
+#define OPEN_FLAGS_DENY_WRITE 0x20
+#define OPEN_FLAGS_DENY_READ  0x30
+#define OPEN_FLAGS_DENY_NONE  0x40
+
+#define OPEN_FLAGS_MODE_MASK  0x0F
+#define OPEN_FLAGS_OPEN_READ     0
+#define OPEN_FLAGS_OPEN_WRITE    1
+#define OPEN_FLAGS_OPEN_RDWR     2
+#define OPEN_FLAGS_FCB        0xFF
+
+
+/**********************************/
+/* SMBopenX field definitions     */
+
+/* OpenX Flags field. */
+#define OPENX_FLAGS_ADDITIONAL_INFO      0x01
+#define OPENX_FLAGS_REQUEST_OPLOCK       0x02
+#define OPENX_FLAGS_REQUEST_BATCH_OPLOCK 0x04
+#define OPENX_FLAGS_EA_LEN               0x08
+#define OPENX_FLAGS_EXTENDED_RETURN      0x10
+
+/* desired access (open_mode), split info 4 4-bit nibbles */
+#define OPENX_MODE_ACCESS_MASK   0x000F
+#define OPENX_MODE_ACCESS_READ   0x0000
+#define OPENX_MODE_ACCESS_WRITE  0x0001
+#define OPENX_MODE_ACCESS_RDWR   0x0002
+#define OPENX_MODE_ACCESS_EXEC   0x0003
+#define OPENX_MODE_ACCESS_FCB    0x000F
+
+#define OPENX_MODE_DENY_SHIFT    4
+#define OPENX_MODE_DENY_MASK     (0xF        << OPENX_MODE_DENY_SHIFT)
+#define OPENX_MODE_DENY_DOS      (DENY_DOS   << OPENX_MODE_DENY_SHIFT)
+#define OPENX_MODE_DENY_ALL      (DENY_ALL   << OPENX_MODE_DENY_SHIFT)
+#define OPENX_MODE_DENY_WRITE    (DENY_WRITE << OPENX_MODE_DENY_SHIFT)
+#define OPENX_MODE_DENY_READ     (DENY_READ  << OPENX_MODE_DENY_SHIFT)
+#define OPENX_MODE_DENY_NONE     (DENY_NONE  << OPENX_MODE_DENY_SHIFT)
+#define OPENX_MODE_DENY_FCB      (0xF        << OPENX_MODE_DENY_SHIFT)
+
+#define OPENX_MODE_LOCALITY_MASK 0x0F00 /* what does this do? */
+
+#define OPENX_MODE_NO_CACHE      0x1000
+#define OPENX_MODE_WRITE_THRU    0x4000
+
+/* open function values */
+#define OPENX_OPEN_FUNC_MASK  0x3
+#define OPENX_OPEN_FUNC_FAIL  0x0
+#define OPENX_OPEN_FUNC_OPEN  0x1
+#define OPENX_OPEN_FUNC_TRUNC 0x2
+
+/* The above can be OR'ed with... */
+#define OPENX_OPEN_FUNC_CREATE 0x10
+
+/* openx action in reply */
+#define OPENX_ACTION_EXISTED    1
+#define OPENX_ACTION_CREATED    2
+#define OPENX_ACTION_TRUNCATED  3
+
+
+/**********************************/
+/* SMBntcreateX field definitions */
+
+/* ntcreatex flags field. */
+#define NTCREATEX_FLAGS_REQUEST_OPLOCK       0x02
+#define NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK 0x04
+#define NTCREATEX_FLAGS_OPEN_DIRECTORY       0x08 /* TODO: opens parent? we need
+						     a test suite for this */
+#define NTCREATEX_FLAGS_EXTENDED             0x10
+
+/* the ntcreatex access_mask field
+   this is split into 4 pieces
+   AAAABBBBCCCCCCCCDDDDDDDDDDDDDDDD
+   A -> GENERIC_RIGHT_*
+   B -> SEC_RIGHT_*
+   C -> STD_RIGHT_*
+   D -> SA_RIGHT_*
+
+   which set of SA_RIGHT_* bits is applicable depends on the type
+   of object.
+*/
+
+
+
+/* ntcreatex share_access field */
+#define NTCREATEX_SHARE_ACCESS_NONE   0
+#define NTCREATEX_SHARE_ACCESS_READ   1
+#define NTCREATEX_SHARE_ACCESS_WRITE  2
+#define NTCREATEX_SHARE_ACCESS_DELETE 4
+#define NTCREATEX_SHARE_ACCESS_MASK   7
+
+/* ntcreatex open_disposition field */
+#define NTCREATEX_DISP_SUPERSEDE 0     /* supersede existing file (if it exists) */
+#define NTCREATEX_DISP_OPEN 1          /* if file exists open it, else fail */
+#define NTCREATEX_DISP_CREATE 2        /* if file exists fail, else create it */
+#define NTCREATEX_DISP_OPEN_IF 3       /* if file exists open it, else create it */
+#define NTCREATEX_DISP_OVERWRITE 4     /* if exists overwrite, else fail */
+#define NTCREATEX_DISP_OVERWRITE_IF 5  /* if exists overwrite, else create */
+
+/* ntcreatex create_options field */
+#define NTCREATEX_OPTIONS_DIRECTORY                 0x0001
+#define NTCREATEX_OPTIONS_WRITE_THROUGH             0x0002
+#define NTCREATEX_OPTIONS_SEQUENTIAL_ONLY           0x0004
+#define NTCREATEX_OPTIONS_NO_INTERMEDIATE_BUFFERING 0x0008
+#define NTCREATEX_OPTIONS_SYNC_ALERT	            0x0010
+#define NTCREATEX_OPTIONS_ASYNC_ALERT	            0x0020
+#define NTCREATEX_OPTIONS_NON_DIRECTORY_FILE        0x0040
+#define NTCREATEX_OPTIONS_TREE_CONNECTION           0x0080
+#define NTCREATEX_OPTIONS_COMPLETE_IF_OPLOCKED      0x0100
+#define NTCREATEX_OPTIONS_NO_EA_KNOWLEDGE           0x0200
+#define NTCREATEX_OPTIONS_OPEN_FOR_RECOVERY         0x0400
+#define NTCREATEX_OPTIONS_RANDOM_ACCESS             0x0800
+#define NTCREATEX_OPTIONS_DELETE_ON_CLOSE           0x1000
+#define NTCREATEX_OPTIONS_OPEN_BY_FILE_ID           0x2000
+#define NTCREATEX_OPTIONS_BACKUP_INTENT             0x4000
+#define NTCREATEX_OPTIONS_NO_COMPRESSION            0x8000
+/* Must be ignored by the server, per MS-SMB 2.2.8 */
+#define NTCREATEX_OPTIONS_OPFILTER              0x00100000
+#define NTCREATEX_OPTIONS_REPARSE_POINT         0x00200000
+/* Don't pull this file off tape in a HSM system */
+#define NTCREATEX_OPTIONS_NO_RECALL             0x00400000
+/* Must be ignored by the server, per MS-SMB 2.2.8 */
+#define NTCREATEX_OPTIONS_FREE_SPACE_QUERY      0x00800000
+
+#define NTCREATEX_OPTIONS_MUST_IGNORE_MASK      (NTCREATEX_OPTIONS_TREE_CONNECTION | \
+						 NTCREATEX_OPTIONS_OPEN_FOR_RECOVERY | \
+						 NTCREATEX_OPTIONS_FREE_SPACE_QUERY | \
+						 0x000F0000)
+
+#define NTCREATEX_OPTIONS_NOT_SUPPORTED_MASK    (NTCREATEX_OPTIONS_OPEN_BY_FILE_ID)
+
+#define NTCREATEX_OPTIONS_INVALID_PARAM_MASK    (NTCREATEX_OPTIONS_OPFILTER | \
+						 NTCREATEX_OPTIONS_SYNC_ALERT | \
+						 NTCREATEX_OPTIONS_ASYNC_ALERT | \
+						 0xFF000000)
+
+/*
+ * private_flags field in ntcreatex
+ * This values have different meaning for some ntvfs backends.
+ */
+#define NTCREATEX_FLAG_DENY_DOS      0x0001
+#define NTCREATEX_FLAG_DENY_FCB      0x0002
+
+
+/* ntcreatex impersonation field */
+#define NTCREATEX_IMPERSONATION_ANONYMOUS      0
+#define NTCREATEX_IMPERSONATION_IDENTIFICATION 1
+#define NTCREATEX_IMPERSONATION_IMPERSONATION  2
+#define NTCREATEX_IMPERSONATION_DELEGATION     3
+
+/* ntcreatex security flags bit field */
+#define NTCREATEX_SECURITY_DYNAMIC             1
+#define NTCREATEX_SECURITY_ALL                 2
+
+/* ntcreatex create_action in reply */
+#define NTCREATEX_ACTION_EXISTED     1
+#define NTCREATEX_ACTION_CREATED     2
+#define NTCREATEX_ACTION_TRUNCATED   3
+/* the value 5 can also be returned when you try to create a directory with
+   incorrect parameters - what does it mean? maybe created temporary file? */
+#define NTCREATEX_ACTION_UNKNOWN 5
+
+/* Named pipe write mode flags. Used in writeX calls. */
+#define PIPE_RAW_MODE 0x4
+#define PIPE_START_MESSAGE 0x8
+
+/* the desired access to use when opening a pipe */
+#define DESIRED_ACCESS_PIPE 0x2019f
+
+/* Flag for NT transact rename call. */
+#define RENAME_REPLACE_IF_EXISTS 1
+
+/* flags for SMBntrename call */
+#define RENAME_FLAG_MOVE_CLUSTER_INFORMATION 0x102 /* ???? */
+#define RENAME_FLAG_HARD_LINK                0x103
+#define RENAME_FLAG_RENAME                   0x104
+#define RENAME_FLAG_COPY                     0x105
+
+/* ChangeNotify flags. */
+#define FILE_NOTIFY_CHANGE_FILE_NAME	0x00000001
+#define FILE_NOTIFY_CHANGE_DIR_NAME	0x00000002
+#define FILE_NOTIFY_CHANGE_ATTRIBUTES	0x00000004
+#define FILE_NOTIFY_CHANGE_SIZE		0x00000008
+#define FILE_NOTIFY_CHANGE_LAST_WRITE	0x00000010
+#define FILE_NOTIFY_CHANGE_LAST_ACCESS	0x00000020
+#define FILE_NOTIFY_CHANGE_CREATION	0x00000040
+#define FILE_NOTIFY_CHANGE_EA		0x00000080
+#define FILE_NOTIFY_CHANGE_SECURITY	0x00000100
+#define FILE_NOTIFY_CHANGE_STREAM_NAME	0x00000200
+#define FILE_NOTIFY_CHANGE_STREAM_SIZE	0x00000400
+#define FILE_NOTIFY_CHANGE_STREAM_WRITE	0x00000800
+
+#define FILE_NOTIFY_CHANGE_NAME \
+	(FILE_NOTIFY_CHANGE_FILE_NAME|FILE_NOTIFY_CHANGE_DIR_NAME)
+
+#define FILE_NOTIFY_CHANGE_ALL \
+	(FILE_NOTIFY_CHANGE_FILE_NAME   | FILE_NOTIFY_CHANGE_DIR_NAME | \
+	 FILE_NOTIFY_CHANGE_ATTRIBUTES  | FILE_NOTIFY_CHANGE_SIZE | \
+	 FILE_NOTIFY_CHANGE_LAST_WRITE  | FILE_NOTIFY_CHANGE_LAST_ACCESS | \
+	 FILE_NOTIFY_CHANGE_CREATION    | FILE_NOTIFY_CHANGE_EA | \
+	 FILE_NOTIFY_CHANGE_SECURITY	| FILE_NOTIFY_CHANGE_STREAM_NAME | \
+	 FILE_NOTIFY_CHANGE_STREAM_SIZE | FILE_NOTIFY_CHANGE_STREAM_WRITE)
+
+/* change notify action results */
+#define NOTIFY_ACTION_ADDED 1
+#define NOTIFY_ACTION_REMOVED 2
+#define NOTIFY_ACTION_MODIFIED 3
+#define NOTIFY_ACTION_OLD_NAME 4
+#define NOTIFY_ACTION_NEW_NAME 5
+#define NOTIFY_ACTION_ADDED_STREAM 6
+#define NOTIFY_ACTION_REMOVED_STREAM 7
+#define NOTIFY_ACTION_MODIFIED_STREAM 8
+
+/* seek modes for smb_seek */
+#define SEEK_MODE_START   0
+#define SEEK_MODE_CURRENT 1
+#define SEEK_MODE_END     2
+
+/* where to find the base of the SMB packet proper */
+/* REWRITE TODO: smb_base needs to be removed */
+#define smb_base(buf) (((const char *)(buf))+4)
+
+/* we don't allow server strings to be longer than 48 characters as
+   otherwise NT will not honour the announce packets */
+#define MAX_SERVER_STRING_LENGTH 48
+
+/* This was set by JHT in liaison with Jeremy Allison early 1997
+ * History:
+ * Version 4.0 - never made public
+ * Version 4.10 - New to 1.9.16p2, lost in space 1.9.16p3 to 1.9.16p9
+ *              - Reappeared in 1.9.16p11 with fixed smbd services
+ * Version 4.20 - To indicate that nmbd and browsing now works better
+ * Version 4.50 - Set at release of samba-2.2.0 by JHT
+ *
+ *  Note: In the presence of NT4.X do not set above 4.9
+ *        Setting this above 4.9 can have undesired side-effects.
+ *        This may change again in Samba-3.0 after further testing. JHT
+ */
+
+#define DEFAULT_MAJOR_VERSION 0x04
+#define DEFAULT_MINOR_VERSION 0x09
+
+/* Browser Election Values */
+#define BROWSER_ELECTION_VERSION	0x010f
+#define BROWSER_CONSTANT	0xaa55
+
+/*
+ * Global value meaning that the smb_uid field should be
+ * ignored (in share level security and protocol level == CORE)
+ */
+
+#define UID_FIELD_INVALID 0
+
+/*
+  filesystem attribute bits
+*/
+#define FS_ATTR_CASE_SENSITIVE_SEARCH             0x00000001
+#define FS_ATTR_CASE_PRESERVED_NAMES              0x00000002
+#define FS_ATTR_UNICODE_ON_DISK                   0x00000004
+#define FS_ATTR_PERSISTANT_ACLS                   0x00000008
+#define FS_ATTR_COMPRESSION                       0x00000010
+#define FS_ATTR_QUOTAS                            0x00000020
+#define FS_ATTR_SPARSE_FILES                      0x00000040
+#define FS_ATTR_REPARSE_POINTS                    0x00000080
+#define FS_ATTR_REMOTE_STORAGE                    0x00000100
+#define FS_ATTR_LFN_SUPPORT                       0x00004000
+#define FS_ATTR_IS_COMPRESSED                     0x00008000
+#define FS_ATTR_OBJECT_IDS                        0x00010000
+#define FS_ATTR_ENCRYPTION                        0x00020000
+#define FS_ATTR_NAMED_STREAMS                     0x00040000
+
+#include "source4/libcli/raw/trans2.h"
+#include "libcli/raw/interfaces.h"
+#include "libcli/smb/smb_common.h"
+
+#endif /* _RAW_SMB_H */
diff --git a/source4/libcli/raw/smb_signing.c b/source4/libcli/raw/smb_signing.c
new file mode 100644
index 0000000..c921db2
--- /dev/null
+++ b/source4/libcli/raw/smb_signing.c
@@ -0,0 +1,275 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB Signing Code
+   Copyright (C) Jeremy Allison 2002.
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2002-2003
+   Copyright (C) James J Myers <myersjj@samba.org> 2003
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "../lib/crypto/crypto.h"
+
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+
+/***********************************************************
+ SMB signing - Common code before we set a new signing implementation
+************************************************************/
+bool set_smb_signing_common(struct smb_signing_context *sign_info)
+{
+	if (sign_info->doing_signing) {
+		DEBUG(5, ("SMB Signing already in progress, so we don't start it again\n"));
+		return false;
+	}
+
+	if (!sign_info->allow_smb_signing) {
+		DEBUG(5, ("SMB Signing has been locally disabled\n"));
+		return false;
+	}
+
+	return true;
+}
+
+void mark_packet_signed(struct smb_request_buffer *out)
+{
+	uint16_t flags2;
+	flags2 = SVAL(out->hdr, HDR_FLG2);
+	flags2 |= FLAGS2_SMB_SECURITY_SIGNATURES;
+	SSVAL(out->hdr, HDR_FLG2, flags2);
+}
+
+bool signing_good(struct smb_signing_context *sign_info,
+			 unsigned int seq, bool good)
+{
+	if (good) {
+		if (!sign_info->doing_signing) {
+			DEBUG(5, ("Seen valid packet, so turning signing on\n"));
+			sign_info->doing_signing = true;
+		}
+		if (!sign_info->seen_valid) {
+			DEBUG(5, ("Seen valid packet, so marking signing as 'seen valid'\n"));
+			sign_info->seen_valid = true;
+		}
+	} else {
+		if (!sign_info->seen_valid) {
+			/* If we have never seen a good packet, just turn it off */
+			DEBUG(5, ("signing_good: signing negotiated but not required and peer\n"
+				  "isn't sending correct signatures. Turning off.\n"));
+			smbcli_set_signing_off(sign_info);
+			return true;
+		} else {
+			/* bad packet after signing started - fail and disconnect. */
+			DEBUG(0, ("signing_good: BAD SIG: seq %u\n", seq));
+			return false;
+		}
+	}
+	return true;
+}
+
+void sign_outgoing_message(struct smb_request_buffer *out, DATA_BLOB *mac_key, unsigned int seq_num)
+{
+	uint8_t calc_md5_mac[16];
+	gnutls_hash_hd_t hash_hnd = NULL;
+	int rc;
+
+	/*
+	 * Firstly put the sequence number into the first 4 bytes.
+	 * and zero out the next 4 bytes.
+	 */
+	SIVAL(out->hdr, HDR_SS_FIELD, seq_num);
+	SIVAL(out->hdr, HDR_SS_FIELD + 4, 0);
+
+	/* mark the packet as signed - BEFORE we sign it...*/
+	mark_packet_signed(out);
+
+	/* Calculate the 16 byte MAC and place first 8 bytes into the field. */
+	rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
+	if (rc < 0) {
+		return;
+	}
+
+	rc = gnutls_hash(hash_hnd, mac_key->data, mac_key->length);
+	if (rc < 0) {
+		gnutls_hash_deinit(hash_hnd, NULL);
+		return;
+	}
+	rc = gnutls_hash(hash_hnd,
+			 out->buffer + NBT_HDR_SIZE,
+			 out->size - NBT_HDR_SIZE);
+	if (rc < 0) {
+		gnutls_hash_deinit(hash_hnd, NULL);
+		return;
+	}
+	gnutls_hash_deinit(hash_hnd, calc_md5_mac);
+
+	memcpy(&out->hdr[HDR_SS_FIELD], calc_md5_mac, 8);
+
+	DEBUG(5, ("sign_outgoing_message: SENT SIG (seq: %d): sent SMB signature of\n",
+		  seq_num));
+	dump_data(5, calc_md5_mac, 8);
+	ZERO_ARRAY(calc_md5_mac);
+/*	req->out.hdr[HDR_SS_FIELD+2]=0;
+	Uncomment this to test if the remote server actually verifies signitures...*/
+}
+
+bool check_signed_incoming_message(struct smb_request_buffer *in, DATA_BLOB *mac_key, unsigned int seq_num)
+{
+	bool ok = false;
+	uint8_t calc_md5_mac[16];
+	uint8_t *server_sent_mac;
+	uint8_t sequence_buf[8];
+	gnutls_hash_hd_t hash_hnd;
+	const size_t offset_end_of_sig = (HDR_SS_FIELD + 8);
+	int rc;
+	int i;
+	const int sign_range = 0;
+
+	/* room enough for the signature? */
+	if (in->size < NBT_HDR_SIZE + HDR_SS_FIELD + 8) {
+		return false;
+	}
+
+	if (!mac_key->length) {
+		/* NO key yet */
+		return false;
+	}
+
+	/* its quite bogus to be guessing sequence numbers, but very useful
+	   when debugging signing implementations */
+	for (i = 0-sign_range; i <= 0+sign_range; i++) {
+		/*
+		 * Firstly put the sequence number into the first 4 bytes.
+		 * and zero out the next 4 bytes.
+		 */
+		SIVAL(sequence_buf, 0, seq_num + i);
+		SIVAL(sequence_buf, 4, 0);
+
+		/* get a copy of the server-sent mac */
+	        server_sent_mac = &in->hdr[HDR_SS_FIELD];
+
+		/* Calculate the 16 byte MAC and place first 8 bytes into the field. */
+		rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
+		if (rc < 0) {
+			ok = false;
+			goto out;
+		}
+
+		rc = gnutls_hash(hash_hnd, mac_key->data, mac_key->length);
+		if (rc < 0) {
+			gnutls_hash_deinit(hash_hnd, NULL);
+			ok = false;
+			goto out;
+		}
+		rc = gnutls_hash(hash_hnd, in->hdr, HDR_SS_FIELD);
+		if (rc < 0) {
+			gnutls_hash_deinit(hash_hnd, NULL);
+			ok = false;
+			goto out;
+		}
+		rc = gnutls_hash(hash_hnd, sequence_buf, sizeof(sequence_buf));
+		if (rc < 0) {
+			gnutls_hash_deinit(hash_hnd, NULL);
+			ok = false;
+			goto out;
+		}
+		rc = gnutls_hash(hash_hnd,
+				 in->hdr + offset_end_of_sig,
+				 in->size - NBT_HDR_SIZE - (offset_end_of_sig));
+		if (rc < 0) {
+			gnutls_hash_deinit(hash_hnd, NULL);
+			ok = false;
+			goto out;
+		}
+
+		gnutls_hash_deinit(hash_hnd, calc_md5_mac);
+
+		ok = mem_equal_const_time(server_sent_mac, calc_md5_mac, 8);
+
+		if (i == 0) {
+			if (!ok) {
+				DEBUG(5, ("check_signed_incoming_message: BAD SIG (seq: %d): wanted SMB signature of\n", seq_num + i));
+				dump_data(5, calc_md5_mac, 8);
+
+				DEBUG(5, ("check_signed_incoming_message: BAD SIG (seq: %d): got SMB signature of\n", seq_num + i));
+				dump_data(5, server_sent_mac, 8);
+			} else {
+				DEBUG(15, ("check_signed_incoming_message: GOOD SIG (seq: %d): got SMB signature of\n", seq_num + i));
+				dump_data(5, server_sent_mac, 8);
+			}
+		}
+		ZERO_ARRAY(calc_md5_mac);
+
+		if (ok) break;
+	}
+
+	if (ok && i != 0) {
+		DEBUG(0,("SIGNING OFFSET %d (should be %d)\n", i, seq_num));
+	}
+
+out:
+	return ok;
+}
+
+/**
+ SMB signing - NULL implementation
+
+ @note Used as an initialisation only - it will not correctly
+       shut down a real signing mechanism
+*/
+bool smbcli_set_signing_off(struct smb_signing_context *sign_info)
+{
+	DEBUG(5, ("Shutdown SMB signing\n"));
+	sign_info->doing_signing = false;
+	data_blob_free(&sign_info->mac_key);
+	sign_info->signing_state = SMB_SIGNING_ENGINE_OFF;
+	return true;
+}
+
+/***********************************************************
+ SMB signing - Simple implementation - setup the MAC key.
+************************************************************/
+bool smbcli_simple_set_signing(TALLOC_CTX *mem_ctx,
+			       struct smb_signing_context *sign_info,
+			       const DATA_BLOB *user_session_key,
+			       const DATA_BLOB *response)
+{
+	if (sign_info->mandatory_signing) {
+		DEBUG(5, ("Mandatory SMB signing enabled!\n"));
+	}
+
+	DEBUG(5, ("SMB signing enabled!\n"));
+
+	if (response && response->length) {
+		sign_info->mac_key = data_blob_talloc(mem_ctx, NULL, response->length + user_session_key->length);
+	} else {
+		sign_info->mac_key = data_blob_talloc(mem_ctx, NULL, user_session_key->length);
+	}
+
+	memcpy(&sign_info->mac_key.data[0], user_session_key->data, user_session_key->length);
+
+	if (response && response->length) {
+		memcpy(&sign_info->mac_key.data[user_session_key->length],response->data, response->length);
+	}
+
+	dump_data_pw("Started Signing with key:\n", sign_info->mac_key.data, sign_info->mac_key.length);
+
+	sign_info->signing_state = SMB_SIGNING_ENGINE_ON;
+	sign_info->next_seq_num = 2;
+
+	return true;
+}
diff --git a/source4/libcli/raw/trans2.h b/source4/libcli/raw/trans2.h
new file mode 100644
index 0000000..34f4617
--- /dev/null
+++ b/source4/libcli/raw/trans2.h
@@ -0,0 +1,309 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB transaction2 handling
+   Copyright (C) Jeremy Allison 1994-2002.
+   Copyright (C) Andrew Tridgell 1995-2003.
+   Copyright (C) James Peach 2007
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _TRANS2_H_
+#define _TRANS2_H_
+
+
+/* trans2 Query FS info levels */
+/*
+w2k3 TRANS2ALIASES:
+Checking for QFSINFO aliases
+        Found level    1 (0x001) of size 18 (0x12)
+        Found level    2 (0x002) of size 12 (0x0c)
+        Found level  258 (0x102) of size 26 (0x1a)
+        Found level  259 (0x103) of size 24 (0x18)
+        Found level  260 (0x104) of size  8 (0x08)
+        Found level  261 (0x105) of size 20 (0x14)
+        Found level 1001 (0x3e9) of size 26 (0x1a)
+        Found level 1003 (0x3eb) of size 24 (0x18)
+        Found level 1004 (0x3ec) of size  8 (0x08)
+        Found level 1005 (0x3ed) of size 20 (0x14)
+        Found level 1006 (0x3ee) of size 48 (0x30)
+        Found level 1007 (0x3ef) of size 32 (0x20)
+        Found level 1008 (0x3f0) of size 64 (0x40)
+Found 13 levels with success status
+        Level 261 (0x105) and level 1005 (0x3ed) are possible aliases
+        Level 260 (0x104) and level 1004 (0x3ec) are possible aliases
+        Level 259 (0x103) and level 1003 (0x3eb) are possible aliases
+        Level 258 (0x102) and level 1001 (0x3e9) are possible aliases
+Found 4 aliased levels
+*/
+#define SMB_QFS_ALLOCATION		                   1
+#define SMB_QFS_VOLUME			                   2
+#define SMB_QFS_VOLUME_INFO                            0x102
+#define SMB_QFS_SIZE_INFO                              0x103
+#define SMB_QFS_DEVICE_INFO                            0x104
+#define SMB_QFS_ATTRIBUTE_INFO                         0x105
+#define SMB_QFS_UNIX_INFO                              0x200
+#define SMB_QFS_POSIX_INFO                             0x201
+#define SMB_QFS_POSIX_WHOAMI                           0x202
+#define SMB_QFS_VOLUME_INFORMATION			1001
+#define SMB_QFS_SIZE_INFORMATION			1003
+#define SMB_QFS_DEVICE_INFORMATION			1004
+#define SMB_QFS_ATTRIBUTE_INFORMATION			1005
+#define SMB_QFS_QUOTA_INFORMATION			1006
+#define SMB_QFS_FULL_SIZE_INFORMATION			1007
+#define SMB_QFS_OBJECTID_INFORMATION			1008
+#define SMB_QFS_SECTOR_SIZE_INFORMATION			1011
+
+
+/* trans2 qfileinfo/qpathinfo */
+/* w2k3 TRANS2ALIASES:
+Checking for QPATHINFO aliases
+setting up complex file \qpathinfo_aliases.txt
+        Found level    1 (0x001) of size  22 (0x16)
+        Found level    2 (0x002) of size  26 (0x1a)
+        Found level    4 (0x004) of size  41 (0x29)
+        Found level    6 (0x006) of size   0 (0x00)
+        Found level  257 (0x101) of size  40 (0x28)
+        Found level  258 (0x102) of size  24 (0x18)
+        Found level  259 (0x103) of size   4 (0x04)
+        Found level  260 (0x104) of size  48 (0x30)
+        Found level  263 (0x107) of size 126 (0x7e)
+        Found level  264 (0x108) of size  28 (0x1c)
+        Found level  265 (0x109) of size  38 (0x26)
+        Found level  267 (0x10b) of size  16 (0x10)
+        Found level 1004 (0x3ec) of size  40 (0x28)
+        Found level 1005 (0x3ed) of size  24 (0x18)
+        Found level 1006 (0x3ee) of size   8 (0x08)
+        Found level 1007 (0x3ef) of size   4 (0x04)
+        Found level 1008 (0x3f0) of size   4 (0x04)
+        Found level 1009 (0x3f1) of size  48 (0x30)
+        Found level 1014 (0x3f6) of size   8 (0x08)
+        Found level 1016 (0x3f8) of size   4 (0x04)
+        Found level 1017 (0x3f9) of size   4 (0x04)
+        Found level 1018 (0x3fa) of size 126 (0x7e)
+        Found level 1021 (0x3fd) of size  28 (0x1c)
+        Found level 1022 (0x3fe) of size  38 (0x26)
+        Found level 1028 (0x404) of size  16 (0x10)
+        Found level 1034 (0x40a) of size  56 (0x38)
+        Found level 1035 (0x40b) of size   8 (0x08)
+Found 27 levels with success status
+        Level 267 (0x10b) and level 1028 (0x404) are possible aliases
+        Level 265 (0x109) and level 1022 (0x3fe) are possible aliases
+        Level 264 (0x108) and level 1021 (0x3fd) are possible aliases
+        Level 263 (0x107) and level 1018 (0x3fa) are possible aliases
+        Level 260 (0x104) and level 1009 (0x3f1) are possible aliases
+        Level 259 (0x103) and level 1007 (0x3ef) are possible aliases
+        Level 258 (0x102) and level 1005 (0x3ed) are possible aliases
+        Level 257 (0x101) and level 1004 (0x3ec) are possible aliases
+Found 8 aliased levels
+*/
+#define SMB_QFILEINFO_STANDARD                             1
+#define SMB_QFILEINFO_EA_SIZE                              2
+#define SMB_QFILEINFO_EA_LIST                              3
+#define SMB_QFILEINFO_ALL_EAS                              4
+#define SMB_QFILEINFO_IS_NAME_VALID                        6  /* only for QPATHINFO */
+#define SMB_QFILEINFO_BASIC_INFO	               0x101
+#define SMB_QFILEINFO_STANDARD_INFO	               0x102
+#define SMB_QFILEINFO_EA_INFO		               0x103
+#define SMB_QFILEINFO_NAME_INFO	                       0x104
+#define SMB_QFILEINFO_ALL_INFO		               0x107
+#define SMB_QFILEINFO_ALT_NAME_INFO	               0x108
+#define SMB_QFILEINFO_STREAM_INFO	               0x109
+#define SMB_QFILEINFO_COMPRESSION_INFO                 0x10b
+#define SMB_QFILEINFO_UNIX_BASIC                       0x200
+#define SMB_QFILEINFO_UNIX_LINK                        0x201
+#define SMB_QFILEINFO_UNIX_INFO2                       0x20b
+#define SMB_QFILEINFO_BASIC_INFORMATION			1004
+#define SMB_QFILEINFO_STANDARD_INFORMATION		1005
+#define SMB_QFILEINFO_INTERNAL_INFORMATION		1006
+#define SMB_QFILEINFO_EA_INFORMATION			1007
+#define SMB_QFILEINFO_ACCESS_INFORMATION		1008
+#define SMB_QFILEINFO_NAME_INFORMATION			1009
+#define SMB_QFILEINFO_POSITION_INFORMATION		1014
+#define SMB_QFILEINFO_MODE_INFORMATION			1016
+#define SMB_QFILEINFO_ALIGNMENT_INFORMATION		1017
+#define SMB_QFILEINFO_ALL_INFORMATION			1018
+#define SMB_QFILEINFO_ALT_NAME_INFORMATION	        1021
+#define SMB_QFILEINFO_STREAM_INFORMATION		1022
+#define SMB_QFILEINFO_COMPRESSION_INFORMATION		1028
+#define SMB_QFILEINFO_NETWORK_OPEN_INFORMATION		1034
+#define SMB_QFILEINFO_ATTRIBUTE_TAG_INFORMATION		1035
+#define SMB_QFILEINFO_NORMALIZED_NAME_INFORMATION	1048
+
+
+
+/* trans2 setfileinfo/setpathinfo levels */
+/*
+w2k3 TRANS2ALIASES
+Checking for SETFILEINFO aliases
+setting up complex file \setfileinfo_aliases.txt
+        Found level    1 (0x001) of size   2 (0x02)
+        Found level    2 (0x002) of size   2 (0x02)
+        Found level  257 (0x101) of size  40 (0x28)
+        Found level  258 (0x102) of size   2 (0x02)
+        Found level  259 (0x103) of size   8 (0x08)
+        Found level  260 (0x104) of size   8 (0x08)
+        Found level 1004 (0x3ec) of size  40 (0x28)
+        Found level 1010 (0x3f2) of size   2 (0x02)
+        Found level 1013 (0x3f5) of size   2 (0x02)
+        Found level 1014 (0x3f6) of size   8 (0x08)
+        Found level 1016 (0x3f8) of size   4 (0x04)
+        Found level 1019 (0x3fb) of size   8 (0x08)
+        Found level 1020 (0x3fc) of size   8 (0x08)
+        Found level 1023 (0x3ff) of size   8 (0x08)
+        Found level 1025 (0x401) of size  16 (0x10)
+        Found level 1029 (0x405) of size  72 (0x48)
+        Found level 1032 (0x408) of size  56 (0x38)
+        Found level 1039 (0x40f) of size   8 (0x08)
+        Found level 1040 (0x410) of size   8 (0x08)
+Found 19 valid levels
+
+Checking for SETPATHINFO aliases
+        Found level 1004 (0x3ec) of size  40 (0x28)
+        Found level 1010 (0x3f2) of size   2 (0x02)
+        Found level 1013 (0x3f5) of size   2 (0x02)
+        Found level 1014 (0x3f6) of size   8 (0x08)
+        Found level 1016 (0x3f8) of size   4 (0x04)
+        Found level 1019 (0x3fb) of size   8 (0x08)
+        Found level 1020 (0x3fc) of size   8 (0x08)
+        Found level 1023 (0x3ff) of size   8 (0x08)
+        Found level 1025 (0x401) of size  16 (0x10)
+        Found level 1029 (0x405) of size  72 (0x48)
+        Found level 1032 (0x408) of size  56 (0x38)
+        Found level 1039 (0x40f) of size   8 (0x08)
+        Found level 1040 (0x410) of size   8 (0x08)
+Found 13 valid levels
+*/
+#define SMB_SFILEINFO_STANDARD                             1
+#define SMB_SFILEINFO_EA_SET                               2
+#define SMB_SFILEINFO_BASIC_INFO	               0x101
+#define SMB_SFILEINFO_DISPOSITION_INFO		       0x102
+#define SMB_SFILEINFO_ALLOCATION_INFO                  0x103
+#define SMB_SFILEINFO_END_OF_FILE_INFO                 0x104
+#define SMB_SFILEINFO_UNIX_BASIC                       0x200
+#define SMB_SFILEINFO_UNIX_LINK                        0x201
+#define SMB_SPATHINFO_UNIX_HLINK                       0x203
+#define SMB_SPATHINFO_POSIX_ACL                        0x204
+#define SMB_SPATHINFO_XATTR                            0x205
+#define SMB_SFILEINFO_ATTR_FLAGS                       0x206
+#define SMB_SFILEINFO_UNIX_INFO2                       0x20b
+#define SMB_SFILEINFO_BASIC_INFORMATION			1004
+#define SMB_SFILEINFO_RENAME_INFORMATION		1010
+#define SMB_SFILEINFO_LINK_INFORMATION			1011
+#define SMB_SFILEINFO_DISPOSITION_INFORMATION		1013
+#define SMB_SFILEINFO_POSITION_INFORMATION		1014
+#define SMB_SFILEINFO_FULL_EA_INFORMATION		1015
+#define SMB_SFILEINFO_MODE_INFORMATION			1016
+#define SMB_SFILEINFO_ALLOCATION_INFORMATION		1019
+#define SMB_SFILEINFO_END_OF_FILE_INFORMATION		1020
+#define SMB_SFILEINFO_PIPE_INFORMATION			1023
+#define SMB_SFILEINFO_VALID_DATA_INFORMATION		1039
+#define SMB_SFILEINFO_SHORT_NAME_INFORMATION		1040
+
+/* filemon shows FilePipeRemoteInformation */
+#define SMB_SFILEINFO_1025				1025
+
+/* vista scan responds */
+#define SMB_SFILEINFO_1027				1027
+
+/* filemon shows CopyOnWriteInformation */
+#define SMB_SFILEINFO_1029				1029
+
+/* filemon shows OleClassIdInformation */
+#define SMB_SFILEINFO_1032				1032
+
+/* vista scan responds to these */
+#define SMB_SFILEINFO_1030				1030
+#define SMB_SFILEINFO_1031				1031
+#define SMB_SFILEINFO_1036				1036
+#define SMB_SFILEINFO_1041				1041
+#define SMB_SFILEINFO_1042				1042
+#define SMB_SFILEINFO_1043				1043
+#define SMB_SFILEINFO_1044				1044
+
+/* trans2 findfirst levels */
+/*
+w2k3 TRANS2ALIASES:
+Checking for FINDFIRST aliases
+        Found level    1 (0x001) of size  68 (0x44)
+        Found level    2 (0x002) of size  70 (0x46)
+        Found level  257 (0x101) of size 108 (0x6c)
+        Found level  258 (0x102) of size 116 (0x74)
+        Found level  259 (0x103) of size  60 (0x3c)
+        Found level  260 (0x104) of size 140 (0x8c)
+        Found level  261 (0x105) of size 124 (0x7c)
+        Found level  262 (0x106) of size 148 (0x94)
+Found 8 levels with success status
+Found 0 aliased levels
+*/
+#define SMB_FIND_STANDARD		    1
+#define SMB_FIND_EA_SIZE		    2
+#define SMB_FIND_EA_LIST		    3
+#define SMB_FIND_DIRECTORY_INFO		0x101
+#define SMB_FIND_FULL_DIRECTORY_INFO	0x102
+#define SMB_FIND_NAME_INFO		0x103
+#define SMB_FIND_BOTH_DIRECTORY_INFO	0x104
+#define SMB_FIND_ID_FULL_DIRECTORY_INFO	0x105
+#define SMB_FIND_ID_BOTH_DIRECTORY_INFO 0x106
+#define SMB_FIND_UNIX_INFO              0x202
+#define SMB_FIND_UNIX_INFO2             0x20b
+
+/* flags on trans2 findfirst/findnext that control search */
+#define FLAG_TRANS2_FIND_CLOSE          0x1
+#define FLAG_TRANS2_FIND_CLOSE_IF_END   0x2
+#define FLAG_TRANS2_FIND_REQUIRE_RESUME 0x4
+#define FLAG_TRANS2_FIND_CONTINUE       0x8
+#define FLAG_TRANS2_FIND_BACKUP_INTENT  0x10
+
+/*
+ * DeviceType and Characteristics returned in a
+ * SMB_QFS_DEVICE_INFO call.
+ */
+#define QFS_DEVICETYPE_CD_ROM		        0x2
+#define QFS_DEVICETYPE_CD_ROM_FILE_SYSTEM	0x3
+#define QFS_DEVICETYPE_DISK			0x7
+#define QFS_DEVICETYPE_DISK_FILE_SYSTEM	        0x8
+#define QFS_DEVICETYPE_FILE_SYSTEM		0x9
+
+/* Characteristics. */
+#define QFS_TYPE_REMOVABLE_MEDIA		0x1
+#define QFS_TYPE_READ_ONLY_DEVICE		0x2
+#define QFS_TYPE_FLOPPY			        0x4
+#define QFS_TYPE_WORM			        0x8
+#define QFS_TYPE_REMOTE			        0x10
+#define QFS_TYPE_MOUNTED			0x20
+#define QFS_TYPE_VIRTUAL			0x40
+
+/* SMB_QFS_SECTOR_SIZE_INFORMATION values */
+#define QFS_SSINFO_FLAGS_ALIGNED_DEVICE			0x00000001
+#define QFS_SSINFO_FLAGS_PARTITION_ALIGNED_ON_DEVICE	0x00000002
+#define QFS_SSINFO_FLAGS_NO_SEEK_PENALTY		0x00000004
+#define QFS_SSINFO_FLAGS_TRIM_ENABLED			0x00000008
+
+#define QFS_SSINFO_OFFSET_UNKNOWN			0xffffffff
+
+/*
+ * Thursby MAC extensions....
+ */
+
+/*
+ * MAC CIFS Extensions have the range 0x300 - 0x2FF reserved.
+ * Supposedly Microsoft have agreed to this.
+ */
+
+#define MIN_MAC_INFO_LEVEL                      0x300
+#define MAX_MAC_INFO_LEVEL                      0x3FF
+#define SMB_QFS_MAC_FS_INFO                     0x301
+
+#endif
diff --git a/source4/libcli/resolve/bcast.c b/source4/libcli/resolve/bcast.c
new file mode 100644
index 0000000..277a82d
--- /dev/null
+++ b/source4/libcli/resolve/bcast.c
@@ -0,0 +1,117 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   broadcast name resolution module
+
+   Copyright (C) Andrew Tridgell 2005
+   Copyright (C) Jelmer Vernooij 2007
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/resolve/resolve.h"
+#include "system/network.h"
+#include "lib/socket/netif.h"
+#include "param/param.h"
+
+struct resolve_bcast_data {
+	struct interface *ifaces;
+	uint16_t nbt_port;
+	int nbt_timeout;
+};
+
+/**
+  broadcast name resolution method - async send
+ */
+static struct composite_context *resolve_name_bcast_send(
+	TALLOC_CTX *mem_ctx,
+	struct tevent_context *event_ctx,
+	void *userdata, uint32_t flags,
+	uint16_t port,
+	struct nbt_name *name)
+{
+	int num_interfaces;
+	const char **address_list;
+	struct composite_context *c;
+	int i, count=0;
+	struct resolve_bcast_data *data = talloc_get_type(userdata, struct resolve_bcast_data);
+
+	num_interfaces = iface_list_count(data->ifaces);
+
+	address_list = talloc_array(mem_ctx, const char *, num_interfaces+1);
+	if (address_list == NULL) return NULL;
+
+	for (i=0;i<num_interfaces;i++) {
+		bool ipv4 = iface_list_n_is_v4(data->ifaces, i);
+		const char *bcast;
+
+		if (!ipv4) {
+			continue;
+		}
+
+		bcast = iface_list_n_bcast(data->ifaces, i);
+		if (bcast == NULL) {
+			continue;
+		}
+
+		address_list[count] = talloc_strdup(address_list, bcast);
+		if (address_list[count] == NULL) {
+			talloc_free(address_list);
+			return NULL;
+		}
+		count++;
+	}
+	address_list[count] = NULL;
+
+	c = resolve_name_nbtlist_send(mem_ctx, event_ctx, flags, port, name,
+				      address_list, data->ifaces, data->nbt_port,
+				      data->nbt_timeout, true, false);
+	talloc_free(address_list);
+
+	return c;	
+}
+
+/*
+  broadcast name resolution method - recv side
+ */
+static NTSTATUS resolve_name_bcast_recv(struct composite_context *c,
+					TALLOC_CTX *mem_ctx,
+					struct socket_address ***addrs,
+					char ***names)
+{
+	NTSTATUS status = resolve_name_nbtlist_recv(c, mem_ctx, addrs, names);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
+		/* this makes much more sense for a bcast name resolution
+		   timeout */
+		status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+	return status;
+}
+
+bool resolve_context_add_bcast_method(struct resolve_context *ctx, struct interface *ifaces, uint16_t nbt_port, int nbt_timeout)
+{
+	struct resolve_bcast_data *data = talloc(ctx, struct resolve_bcast_data);
+	data->ifaces = ifaces;
+	data->nbt_port = nbt_port;
+	data->nbt_timeout = nbt_timeout;
+	return resolve_context_add_method(ctx, resolve_name_bcast_send, resolve_name_bcast_recv, data);
+}
+
+bool resolve_context_add_bcast_method_lp(struct resolve_context *ctx, struct loadparm_context *lp_ctx)
+{
+	struct interface *ifaces;
+	load_interface_list(ctx, lp_ctx, &ifaces);
+	return resolve_context_add_bcast_method(ctx, ifaces, lpcfg_nbt_port(lp_ctx), lpcfg_parm_int(lp_ctx, NULL, "nbt", "timeout", 1));
+}
diff --git a/source4/libcli/resolve/dns_ex.c b/source4/libcli/resolve/dns_ex.c
new file mode 100644
index 0000000..09cc100
--- /dev/null
+++ b/source4/libcli/resolve/dns_ex.c
@@ -0,0 +1,671 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   async getaddrinfo()/dns_lookup() name resolution module
+
+   Copyright (C) Andrew Tridgell 2005
+   Copyright (C) Stefan Metzmacher 2008
+   Copyright (C) Matthieu Patou 2011
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+  this module uses a fork() per getaddrinfo() or dns_looup() call.
+  At first that might seem crazy, but it is actually very fast,
+  and solves many of the tricky problems of keeping a child
+  hanging around in a librar (like what happens when the parent forks).
+  We use a talloc destructor to ensure that the child is cleaned up
+  when we have finished with this name resolution.
+*/
+
+#include "includes.h"
+#include "system/network.h"
+#include "system/filesys.h"
+#include "lib/socket/socket.h"
+#include "libcli/composite/composite.h"
+#include "librpc/gen_ndr/ndr_nbt.h"
+#include "libcli/resolve/resolve.h"
+#include "lib/util/util_net.h"
+#include "lib/addns/dnsquery.h"
+#include "lib/addns/dns.h"
+#include "lib/util/sys_rw.h"
+#include "lib/util/smb_strtox.h"
+#include <arpa/nameser.h>
+#include <resolv.h>
+
+struct dns_ex_state {
+	bool do_fallback;
+	uint32_t flags;
+	uint16_t port;
+	struct nbt_name name;
+	struct socket_address **addrs;
+	char **names;
+	pid_t child;
+	int child_fd;
+	struct tevent_fd *fde;
+	struct tevent_context *event_ctx;
+};
+
+/*
+  kill off a wayward child if needed. This allows us to stop an async
+  name resolution without leaving a potentially blocking call running
+  in a child
+*/
+static int dns_ex_destructor(struct dns_ex_state *state)
+{
+	int status;
+
+	kill(state->child, SIGTERM);
+	if (waitpid(state->child, &status, WNOHANG) == 0) {
+		kill(state->child, SIGKILL);
+		waitpid(state->child, &status, 0);
+	}
+
+	return 0;
+}
+
+struct dns_records_container {
+	char **list;
+	uint32_t count;
+};
+
+static int reply_to_addrs(TALLOC_CTX *mem_ctx, uint32_t *a_num,
+			  char ***cur_addrs, uint32_t total,
+			  struct dns_request *reply, int port)
+{
+	char addrstr[INET6_ADDRSTRLEN];
+	struct dns_rrec *rr;
+	char **addrs;
+	uint32_t i;
+	const char *addr;
+
+	/* at most we over-allocate here, but not by much */
+	addrs = talloc_realloc(mem_ctx, *cur_addrs, char *,
+				total + reply->num_answers);
+	if (!addrs) {
+		return 0;
+	}
+	*cur_addrs = addrs;
+
+	for (i = 0; i < reply->num_answers; i++) {
+		rr = reply->answers[i];
+
+		/* we are only interested in the IN class */
+		if (rr->r_class != DNS_CLASS_IN) {
+			continue;
+		}
+
+		if (rr->type == QTYPE_NS) {
+			/*
+			 * After the record for NS will come the A or AAAA
+			 * record of the NS.
+			 */
+			break;
+		}
+
+		/* verify we actually have a record here */
+		if (!rr->data) {
+			continue;
+		}
+
+		/* we are only interested in A and AAAA records */
+		switch (rr->type) {
+		case QTYPE_A:
+			addr = inet_ntop(AF_INET,
+					 (struct in_addr *)rr->data,
+					 addrstr, sizeof(addrstr));
+			if (addr == NULL) {
+				continue;
+			}
+			break;
+		case QTYPE_AAAA:
+#ifdef HAVE_IPV6
+			addr = inet_ntop(AF_INET6,
+					 (struct in6_addr *)rr->data,
+					 addrstr, sizeof(addrstr));
+#else
+			addr = NULL;
+#endif
+			if (addr == NULL) {
+				continue;
+			}
+			break;
+		default:
+			continue;
+		}
+
+		addrs[total] = talloc_asprintf(addrs, "%s@%u/%s",
+						addrstr, port,
+						rr->name->pLabelList->label);
+		if (addrs[total]) {
+			total++;
+			if (rr->type == QTYPE_A) {
+				(*a_num)++;
+			}
+		}
+	}
+
+	return total;
+}
+
+static DNS_ERROR dns_lookup(TALLOC_CTX *mem_ctx, const char* name,
+			    uint16_t q_type, struct dns_request **reply)
+{
+	int len, rlen;
+	uint8_t *answer;
+	bool loop;
+	struct dns_buffer buf;
+	DNS_ERROR err;
+
+	/* give space for a good sized answer by default */
+	answer = NULL;
+	len = 1500;
+	do {
+		answer = talloc_realloc(mem_ctx, answer, uint8_t, len);
+		if (!answer) {
+			return ERROR_DNS_NO_MEMORY;
+		}
+		rlen = res_search(name, DNS_CLASS_IN, q_type, answer, len);
+		if (rlen == -1) {
+			if (len >= 65535) {
+				return ERROR_DNS_SOCKET_ERROR;
+			}
+			/* retry once with max packet size */
+			len = 65535;
+			loop = true;
+		} else if (rlen > len) {
+			len = rlen;
+			loop = true;
+		} else {
+			loop = false;
+		}
+	} while(loop);
+
+	buf.data = answer;
+	buf.size = rlen;
+	buf.offset = 0;
+	buf.error = ERROR_DNS_SUCCESS;
+
+	err = dns_unmarshall_request(mem_ctx, &buf, reply);
+
+	TALLOC_FREE(answer);
+	return err;
+}
+
+static struct dns_records_container get_a_aaaa_records(TALLOC_CTX *mem_ctx,
+							const char* name,
+							int port)
+{
+	struct dns_request *reply;
+	struct dns_records_container ret;
+	char **addrs = NULL;
+	uint32_t a_num, total;
+	uint16_t qtype;
+	TALLOC_CTX *tmp_ctx;
+	DNS_ERROR err;
+
+	memset(&ret, 0, sizeof(struct dns_records_container));
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (!tmp_ctx) {
+		return ret;
+	}
+
+	qtype = QTYPE_AAAA;
+
+	/* this is the blocking call we are going to lots of trouble
+	   to avoid them in the parent */
+	err = dns_lookup(tmp_ctx, name, qtype, &reply);
+	if (!ERR_DNS_IS_OK(err)) {
+		qtype = QTYPE_A;
+		err = dns_lookup(tmp_ctx, name, qtype, &reply);
+		if (!ERR_DNS_IS_OK(err)) {
+			goto done;
+		}
+	}
+
+	a_num = total = 0;
+	total = reply_to_addrs(tmp_ctx, &a_num, &addrs, total, reply, port);
+
+	if (qtype == QTYPE_AAAA && a_num == 0) {
+		/*
+		* DNS server didn't returned A when asked for AAAA records.
+		* Most of the server do it, let's ask for A specifically.
+		*/
+		err = dns_lookup(tmp_ctx, name, QTYPE_A, &reply);
+		if (ERR_DNS_IS_OK(err)) {
+			/*
+			 * Ignore an error here and just return any AAAA
+			 * records we already got. This may be an IPv6-only
+			 * config.
+			 */
+			total = reply_to_addrs(tmp_ctx, &a_num, &addrs, total,
+					reply, port);
+		}
+	}
+
+	if (total) {
+		talloc_steal(mem_ctx, addrs);
+		ret.count = total;
+		ret.list = addrs;
+	}
+
+done:
+	TALLOC_FREE(tmp_ctx);
+	return ret;
+}
+
+static struct dns_records_container get_srv_records(TALLOC_CTX *mem_ctx,
+							const char* name)
+{
+	struct dns_records_container ret = {0};
+	char **addrs = NULL;
+	struct dns_rr_srv *dclist;
+	NTSTATUS status;
+	size_t total;
+	size_t i;
+	size_t count = 0;
+
+	memset(&ret, 0, sizeof(struct dns_records_container));
+	/* this is the blocking call we are going to lots of trouble
+	   to avoid them in the parent */
+	status = ads_dns_lookup_srv(mem_ctx, name, &dclist, &count);
+	if (!NT_STATUS_IS_OK(status)) {
+		return ret;
+	}
+	total = 0;
+	if (count == 0) {
+		return ret;
+	}
+
+	/* Loop over all returned records and pick the records */
+	for (i = 0; i < count; i++) {
+		struct dns_records_container c;
+		const char* tmp_str;
+
+		tmp_str = dclist[i].hostname;
+		if (strchr(tmp_str, '.') && tmp_str[strlen(tmp_str)-1] != '.') {
+			/* we are asking for a fully qualified name, but the
+			name doesn't end in a '.'. We need to prevent the
+			DNS library trying the search domains configured in
+			resolv.conf */
+			tmp_str = talloc_asprintf(mem_ctx, "%s.", tmp_str);
+		}
+
+		c = get_a_aaaa_records(mem_ctx, tmp_str, dclist[i].port);
+
+		/* wrap check */
+		if (total + c.count < total) {
+			/* possibly could just break here instead? */
+			TALLOC_FREE(addrs);
+			return ret;
+		}
+		total += c.count;
+		if (addrs == NULL) {
+			addrs = c.list;
+		} else {
+			unsigned j;
+
+			addrs = talloc_realloc(mem_ctx, addrs, char*, total);
+			for (j=0; j < c.count; j++) {
+				addrs[total - j - 1] = talloc_steal(addrs, c.list[j]);
+			}
+		}
+	}
+
+	if (total) {
+		ret.count = total;
+		ret.list = addrs;
+	}
+
+	return ret;
+}
+/*
+  the blocking child
+*/
+static void run_child_dns_lookup(struct dns_ex_state *state, int fd)
+{
+	bool first;
+	bool do_srv = (state->flags & RESOLVE_NAME_FLAG_DNS_SRV);
+	struct dns_records_container c;
+	char* addrs = NULL;
+	unsigned int i;
+
+	if (strchr(state->name.name, '.') && state->name.name[strlen(state->name.name)-1] != '.') {
+		/* we are asking for a fully qualified name, but the
+		   name doesn't end in a '.'. We need to prevent the
+		   DNS library trying the search domains configured in
+		   resolv.conf */
+		state->name.name = talloc_strdup_append(discard_const_p(char, state->name.name),
+							".");
+	}
+
+
+	if (do_srv) {
+		c = get_srv_records(state, state->name.name);
+	} else {
+		c = get_a_aaaa_records(state, state->name.name, state->port);
+	}
+
+	/* This line in critical - if we return without writing to the
+	 * pipe, this is the signal that the name did not exist */
+	if (c.count == 0) {
+		goto done;
+	}
+
+	addrs = talloc_strdup(state, "");
+	if (!addrs) {
+		goto done;
+	}
+	first = true;
+
+	for (i=0; i < c.count; i++) {
+		addrs = talloc_asprintf_append_buffer(addrs, "%s%s",
+							first?"":",",
+							c.list[i]);
+		first = false;
+	}
+
+	if (addrs) {
+		DEBUG(11, ("Addrs = %s\n", addrs));
+		sys_write_v(fd, addrs, talloc_get_size(addrs));
+	}
+
+done:
+	close(fd);
+}
+
+/*
+  the blocking child
+*/
+static void run_child_getaddrinfo(struct dns_ex_state *state, int fd)
+{
+	int ret;
+	struct addrinfo hints;
+	struct addrinfo *res;
+	struct addrinfo *res_list = NULL;
+	char *addrs;
+	bool first;
+
+	ZERO_STRUCT(hints);
+	hints.ai_socktype = SOCK_STREAM;
+	hints.ai_flags = AI_ADDRCONFIG | AI_NUMERICSERV;
+
+	ret = getaddrinfo(state->name.name, "0", &hints, &res_list);
+	/* try to fallback in case of error */
+	if (state->do_fallback) {
+		switch (ret) {
+#ifdef EAI_NODATA
+		case EAI_NODATA:
+#endif
+		case EAI_FAIL:
+			/* Linux returns EAI_NODATA on non-RFC1034-compliant names. FreeBSD returns EAI_FAIL */
+		case EAI_NONAME:
+			/* getaddrinfo() doesn't handle CNAME or non-RFC1034 compatible records */
+			run_child_dns_lookup(state, fd);
+			return;
+		default:
+			break;
+		}
+	}
+	if (ret != 0) {
+		goto done;
+	}
+
+	addrs = talloc_strdup(state, "");
+	if (!addrs) {
+		goto done;
+	}
+	first = true;
+	for (res = res_list; res; res = res->ai_next) {
+		char addrstr[INET6_ADDRSTRLEN];
+		if (!print_sockaddr_len(addrstr, sizeof(addrstr), (struct sockaddr *)res->ai_addr, res->ai_addrlen)) {
+			continue;
+		}
+		addrs = talloc_asprintf_append_buffer(addrs, "%s%s@%u/%s",
+						      first?"":",",
+						      addrstr,
+						      state->port,
+						      state->name.name);
+		if (!addrs) {
+			goto done;
+		}
+		first = false;
+	}
+
+	if (addrs) {
+		sys_write_v(fd, addrs, talloc_get_size(addrs));
+	}
+done:
+	if (res_list) {
+		freeaddrinfo(res_list);
+	}
+	close(fd);
+}
+
+/*
+  handle a read event on the pipe
+*/
+static void pipe_handler(struct tevent_context *ev, struct tevent_fd *fde, 
+			 uint16_t flags, void *private_data)
+{
+	struct composite_context *c = talloc_get_type(private_data, struct composite_context);
+	struct dns_ex_state *state = talloc_get_type(c->private_data,
+				     struct dns_ex_state);
+	char *address;
+	uint32_t num_addrs, i;
+	char **addrs;
+	int ret;
+	int status;
+	int value = 0;
+
+	/* if we get any event from the child then we know that we
+	   won't need to kill it off */
+	talloc_set_destructor(state, NULL);
+
+	if (ioctl(state->child_fd, FIONREAD, &value) != 0) {
+		value = 8192;
+	}
+
+	address = talloc_array(state, char, value+1);
+	if (address) {
+		/* yes, we don't care about EAGAIN or other niceities
+		   here. They just can't happen with this parent/child
+		   relationship, and even if they did then giving an error is
+		   the right thing to do */
+		ret = read(state->child_fd, address, value);
+	} else {
+		ret = -1;
+	}
+	if (waitpid(state->child, &status, WNOHANG) == 0) {
+		kill(state->child, SIGKILL);
+		waitpid(state->child, &status, 0);
+	}
+
+	if (ret <= 0) {
+		/* The check for ret == 0 here is important, if the
+		 * name does not exist, then no bytes are written to
+		 * the pipe */
+		DEBUG(3,("dns child failed to find name '%s' of type %s\n",
+			 state->name.name, (state->flags & RESOLVE_NAME_FLAG_DNS_SRV)?"SRV":"A"));
+		composite_error(c, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+		return;
+	}
+
+	/* ensure the address looks good */
+	address[ret] = 0;
+
+	addrs = str_list_make(state, address, ",");
+	if (composite_nomem(addrs, c)) return;
+
+	num_addrs = str_list_length((const char * const *)addrs);
+
+	state->addrs = talloc_array(state, struct socket_address *,
+				    num_addrs+1);
+	if (composite_nomem(state->addrs, c)) return;
+
+	state->names = talloc_array(state, char *, num_addrs+1);
+	if (composite_nomem(state->names, c)) return;
+
+	for (i=0; i < num_addrs; i++) {
+		uint32_t port = 0;
+		char *p = strrchr(addrs[i], '@');
+		char *n;
+		int error = 0;
+
+		if (!p) {
+			composite_error(c, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+			return;
+		}
+
+		*p = '\0';
+		p++;
+
+		n = strrchr(p, '/');
+		if (!n) {
+			composite_error(c, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+			return;
+		}
+
+		*n = '\0';
+		n++;
+
+		if (strcmp(addrs[i], "0.0.0.0") == 0) {
+			composite_error(c, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+			return;
+		}
+		port = smb_strtoul(p, NULL, 10, &error, SMB_STR_STANDARD);
+		if (port > UINT16_MAX || error != 0) {
+			composite_error(c, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+			return;
+		}
+		state->addrs[i] = socket_address_from_strings(state->addrs,
+							      "ip",
+							      addrs[i],
+							      port);
+		if (composite_nomem(state->addrs[i], c)) return;
+
+		state->names[i] = talloc_strdup(state->names, n);
+		if (composite_nomem(state->names[i], c)) return;
+	}
+	state->addrs[i] = NULL;
+	state->names[i] = NULL;
+
+	composite_done(c);
+}
+
+/*
+  getaddrinfo() or dns_lookup() name resolution method - async send
+ */
+struct composite_context *resolve_name_dns_ex_send(TALLOC_CTX *mem_ctx,
+						   struct tevent_context *event_ctx,
+						   void *privdata,
+						   uint32_t flags,
+						   uint16_t port,
+						   struct nbt_name *name,
+						   bool do_fallback)
+{
+	struct composite_context *c;
+	struct dns_ex_state *state;
+	int fd[2] = { -1, -1 };
+	int ret;
+
+	c = composite_create(mem_ctx, event_ctx);
+	if (c == NULL) return NULL;
+
+	if (flags & RESOLVE_NAME_FLAG_FORCE_NBT) {
+		composite_error(c, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+		return c;
+	}
+
+	state = talloc_zero(c, struct dns_ex_state);
+	if (composite_nomem(state, c)) return c;
+	c->private_data = state;
+
+	c->status = nbt_name_dup(state, name, &state->name);
+	if (!composite_is_ok(c)) return c;
+
+	/* setup a pipe to chat to our child */
+	ret = pipe(fd);
+	if (ret == -1) {
+		composite_error(c, map_nt_error_from_unix_common(errno));
+		return c;
+	}
+
+	state->do_fallback = do_fallback;
+	state->flags = flags;
+	state->port = port;
+
+	state->child_fd = fd[0];
+	state->event_ctx = c->event_ctx;
+
+	/* we need to put the child in our event context so
+	   we know when the dns_lookup() has finished */
+	state->fde = tevent_add_fd(c->event_ctx, c, state->child_fd, TEVENT_FD_READ,
+				  pipe_handler, c);
+	if (composite_nomem(state->fde, c)) {
+		close(fd[0]);
+		close(fd[1]);
+		return c;
+	}
+	tevent_fd_set_auto_close(state->fde);
+
+	state->child = fork();
+	if (state->child == (pid_t)-1) {
+		composite_error(c, map_nt_error_from_unix_common(errno));
+		return c;
+	}
+
+	if (state->child == 0) {
+		close(fd[0]);
+		if (state->flags & RESOLVE_NAME_FLAG_FORCE_DNS) {
+			run_child_dns_lookup(state, fd[1]);
+		} else {
+			run_child_getaddrinfo(state, fd[1]);
+		}
+		_exit(0);
+	}
+	close(fd[1]);
+
+	/* cleanup wayward children */
+	talloc_set_destructor(state, dns_ex_destructor);
+
+	return c;
+}
+
+/*
+  getaddrinfo() or dns_lookup() name resolution method - recv side
+*/
+NTSTATUS resolve_name_dns_ex_recv(struct composite_context *c, 
+				  TALLOC_CTX *mem_ctx,
+				  struct socket_address ***addrs,
+				  char ***names)
+{
+	NTSTATUS status;
+
+	status = composite_wait(c);
+
+	if (NT_STATUS_IS_OK(status)) {
+		struct dns_ex_state *state = talloc_get_type(c->private_data,
+					     struct dns_ex_state);
+		*addrs = talloc_steal(mem_ctx, state->addrs);
+		if (names) {
+			*names = talloc_steal(mem_ctx, state->names);
+		}
+	}
+
+	talloc_free(c);
+	return status;
+}
diff --git a/source4/libcli/resolve/host.c b/source4/libcli/resolve/host.c
new file mode 100644
index 0000000..755a4e8
--- /dev/null
+++ b/source4/libcli/resolve/host.c
@@ -0,0 +1,60 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   async "host" name resolution module
+
+   Copyright (C) Andrew Tridgell 2005
+   Copyright (C) Stefan Metzmacher 2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include "system/network.h"
+#include "system/filesys.h"
+#include "lib/socket/socket.h"
+#include "libcli/composite/composite.h"
+#include "librpc/gen_ndr/ndr_nbt.h"
+#include "libcli/resolve/resolve.h"
+
+/*
+  getaddrinfo() (with fallback to dns_lookup()) name resolution method - async send
+ */
+struct composite_context *resolve_name_host_send(TALLOC_CTX *mem_ctx,
+						 struct tevent_context *event_ctx,
+						 void *privdata, uint32_t flags,
+						 uint16_t port,
+						 struct nbt_name *name)
+{
+	return resolve_name_dns_ex_send(mem_ctx, event_ctx, NULL, flags,
+					port, name, true);
+}
+
+/*
+  getaddrinfo() (with fallback to dns_lookup()) name resolution method - recv side
+*/
+NTSTATUS resolve_name_host_recv(struct composite_context *c, 
+				TALLOC_CTX *mem_ctx,
+				struct socket_address ***addrs,
+				char ***names)
+{
+	return resolve_name_dns_ex_recv(c, mem_ctx, addrs, names);
+}
+
+bool resolve_context_add_host_method(struct resolve_context *ctx)
+{
+	return resolve_context_add_method(ctx, resolve_name_host_send, resolve_name_host_recv,
+					  NULL);
+}
diff --git a/source4/libcli/resolve/lmhosts.c b/source4/libcli/resolve/lmhosts.c
new file mode 100644
index 0000000..244a9a3
--- /dev/null
+++ b/source4/libcli/resolve/lmhosts.c
@@ -0,0 +1,133 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   lmhosts name resolution module
+
+   Copyright (C) Andrew Tridgell 1994-1998,2005
+   Copyright (C) Jeremy Allison 2007
+   Copyright (C) Jelmer Vernooij 2007
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2009-2014
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/composite/composite.h"
+#include "libcli/resolve/resolve.h"
+#include "lib/socket/socket.h"
+#include "system/network.h"
+#include "lib/socket/netif.h"
+#include "param/param.h"
+#include "lib/util/util_net.h"
+#include "libcli/nbt/libnbt.h"
+#include "dynconfig.h"
+
+struct resolve_lmhosts_state {
+	struct socket_address **addrs;
+	char **names;
+};
+
+/**
+  lmhosts name resolution method - async send
+ */
+/*
+  general name resolution - async send
+ */
+static struct composite_context *resolve_name_lmhosts_send(
+	TALLOC_CTX *mem_ctx,
+	struct tevent_context *event_ctx,
+	void *userdata, uint32_t flags,
+	uint16_t port,
+	struct nbt_name *name)
+{
+	struct composite_context *c;
+	struct resolve_lmhosts_state *state;
+	struct sockaddr_storage *resolved_iplist;
+	size_t resolved_count = 0, i;
+
+	if (event_ctx == NULL) {
+		return NULL;
+	}
+
+	c = composite_create(mem_ctx, event_ctx);
+	if (c == NULL) return NULL;
+
+	if (composite_nomem(c->event_ctx, c)) return c;
+
+	state = talloc_zero(c, struct resolve_lmhosts_state);
+	if (composite_nomem(state, c)) return c;
+	c->private_data = state;
+
+	c->status = resolve_lmhosts_file_as_sockaddr(state,
+						     dyn_LMHOSTSFILE,
+						     name->name,
+						     name->type,
+						     &resolved_iplist,
+						     &resolved_count);
+	if (!composite_is_ok(c)) return c;
+
+	for (i=0; i < resolved_count; i += 2) {
+		state->addrs = talloc_realloc(state, state->addrs, struct socket_address *, i+2);
+		if (composite_nomem(state->addrs, c)) return c;
+
+		set_sockaddr_port((struct sockaddr *)&resolved_iplist[i], port);
+
+		state->addrs[i] = socket_address_from_sockaddr(state->addrs, (struct sockaddr *)&resolved_iplist[i], sizeof(resolved_iplist[i]));
+		if (composite_nomem(state->addrs[i], c)) return c;
+
+		state->addrs[i+1] = NULL;
+
+
+		state->names = talloc_realloc(state, state->names, char *, i+2);
+		if (composite_nomem(state->addrs, c)) return c;
+
+		state->names[i] = talloc_strdup(state->names, name->name);
+		if (composite_nomem(state->names[i], c)) return c;
+
+		state->names[i+1] = NULL;
+
+	}
+
+	composite_done(c);
+	return c;
+}
+
+/*
+  general name resolution method - recv side
+ */
+static NTSTATUS resolve_name_lmhosts_recv(struct composite_context *c,
+					  TALLOC_CTX *mem_ctx,
+					  struct socket_address ***addrs,
+					  char ***names)
+{
+	NTSTATUS status;
+
+	status = composite_wait(c);
+
+	if (NT_STATUS_IS_OK(status)) {
+		struct resolve_lmhosts_state *state = talloc_get_type(c->private_data, struct resolve_lmhosts_state);
+		*addrs = talloc_steal(mem_ctx, state->addrs);
+		if (names) {
+			*names = talloc_steal(mem_ctx, state->names);
+		}
+	}
+
+	talloc_free(c);
+	return status;
+}
+
+
+bool resolve_context_add_lmhosts_method(struct resolve_context *ctx)
+{
+	return resolve_context_add_method(ctx, resolve_name_lmhosts_send, resolve_name_lmhosts_recv, NULL);
+}
diff --git a/source4/libcli/resolve/nbtlist.c b/source4/libcli/resolve/nbtlist.c
new file mode 100644
index 0000000..13f38ff
--- /dev/null
+++ b/source4/libcli/resolve/nbtlist.c
@@ -0,0 +1,223 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   nbt list of addresses name resolution module
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+  TODO: we should lower the timeout, and add retries for each name
+*/
+
+#include "includes.h"
+#include "libcli/composite/composite.h"
+#include "system/network.h"
+#include "lib/socket/socket.h"
+#include "lib/socket/netif.h"
+#include "librpc/gen_ndr/ndr_nbt.h"
+#include "../libcli/nbt/libnbt.h"
+#include "param/param.h"
+#include "libcli/resolve/resolve.h"
+
+struct nbtlist_state {
+	uint16_t flags;
+	uint16_t port;
+	struct nbt_name name;
+	struct nbt_name_socket *nbtsock;
+	int num_queries;
+	struct nbt_name_request **queries;
+	struct nbt_name_query *io_queries;
+	struct socket_address **addrs;
+	char **names;
+	struct interface *ifaces;
+};
+
+/*
+  handle events during nbtlist name resolution
+*/
+static void nbtlist_handler(struct nbt_name_request *req)
+{
+	struct composite_context *c = talloc_get_type(req->async.private_data,
+						      struct composite_context);
+	struct nbtlist_state *state = talloc_get_type(c->private_data, struct nbtlist_state);
+	struct nbt_name_query *q;
+	int i;
+
+	for (i=0;i<state->num_queries;i++) {
+		if (req == state->queries[i]) break;
+	}
+
+	if (i == state->num_queries) {
+		/* not for us?! */
+		composite_error(c, NT_STATUS_INTERNAL_ERROR);
+		return;
+	}
+
+	q = &state->io_queries[i];
+
+	c->status = nbt_name_query_recv(req, state, q);
+
+	/* free the network resource directly */
+	talloc_free(state->nbtsock);
+	if (!composite_is_ok(c)) return;
+
+	if (q->out.num_addrs < 1) {
+		composite_error(c, NT_STATUS_UNEXPECTED_NETWORK_ERROR);
+		return;
+	}
+
+	state->addrs = talloc_array(state, struct socket_address *,
+				    q->out.num_addrs + 1);
+	if (composite_nomem(state->addrs, c)) return;
+
+	state->names = talloc_array(state, char *, q->out.num_addrs + 1);
+	if (composite_nomem(state->names, c)) return;
+
+	for (i=0;i<q->out.num_addrs;i++) {
+		state->addrs[i] = socket_address_from_strings(state->addrs,
+							      "ipv4",
+							      q->out.reply_addrs[i],
+							      state->port);
+		if (composite_nomem(state->addrs[i], c)) return;
+
+		state->names[i] = talloc_strdup(state->names, state->name.name);
+		if (composite_nomem(state->names[i], c)) return;
+	}
+	state->addrs[i] = NULL;
+	state->names[i] = NULL;
+
+	composite_done(c);
+}
+
+/*
+  nbtlist name resolution method - async send
+ */
+struct composite_context *resolve_name_nbtlist_send(TALLOC_CTX *mem_ctx,
+						    struct tevent_context *event_ctx,
+						    uint32_t flags,
+						    uint16_t port,
+						    struct nbt_name *name, 
+						    const char * const *address_list,
+						    struct interface *ifaces,
+						    uint16_t nbt_port,
+						    int nbt_timeout,
+						    bool broadcast,
+						    bool wins_lookup)
+{
+	struct composite_context *c;
+	struct nbtlist_state *state;
+	int i;
+
+	c = composite_create(mem_ctx, event_ctx);
+	if (c == NULL) return NULL;
+
+	if (flags & RESOLVE_NAME_FLAG_FORCE_DNS) {
+		composite_error(c, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+		return c;
+	}
+
+	if (strlen(name->name) > 15) {
+		composite_error(c, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+		return c;
+	}
+
+	state = talloc(c, struct nbtlist_state);
+	if (composite_nomem(state, c)) return c;
+	c->private_data = state;
+
+	state->flags = flags;
+	state->port = port;
+
+	c->status = nbt_name_dup(state, name, &state->name);
+	if (!composite_is_ok(c)) return c;
+
+	state->name.name = strupper_talloc(state, state->name.name);
+	if (composite_nomem(state->name.name, c)) return c;
+	if (state->name.scope) {
+		state->name.scope = strupper_talloc(state, state->name.scope);
+		if (composite_nomem(state->name.scope, c)) return c;
+	}
+
+	state->ifaces = talloc_reference(state, ifaces);
+
+	/*
+	 * we can't push long names on the wire,
+	 * so bail out here to give a useful error message
+	 */
+	if (strlen(state->name.name) > 15) {
+		composite_error(c, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+		return c;
+	}
+
+	state->nbtsock = nbt_name_socket_init(state, event_ctx);
+	if (composite_nomem(state->nbtsock, c)) return c;
+
+	/* count the address_list size */
+	for (i=0;address_list[i];i++) /* noop */ ;
+
+	state->num_queries = i;
+	state->io_queries = talloc_array(state, struct nbt_name_query, state->num_queries);
+	if (composite_nomem(state->io_queries, c)) return c;
+
+	state->queries = talloc_array(state, struct nbt_name_request *, state->num_queries);
+	if (composite_nomem(state->queries, c)) return c;
+
+	for (i=0;i<state->num_queries;i++) {
+		state->io_queries[i].in.name        = state->name;
+		state->io_queries[i].in.dest_addr   = talloc_strdup(state->io_queries, address_list[i]);
+		state->io_queries[i].in.dest_port   = nbt_port;
+		if (composite_nomem(state->io_queries[i].in.dest_addr, c)) return c;
+
+		state->io_queries[i].in.broadcast   = broadcast;
+		state->io_queries[i].in.wins_lookup = wins_lookup;
+		state->io_queries[i].in.timeout     = nbt_timeout;
+		state->io_queries[i].in.retries     = 2;
+
+		state->queries[i] = nbt_name_query_send(state->nbtsock, &state->io_queries[i]);
+		if (composite_nomem(state->queries[i], c)) return c;
+
+		state->queries[i]->async.fn      = nbtlist_handler;
+		state->queries[i]->async.private_data = c;
+	}
+
+	return c;
+}
+
+/*
+  nbt list of addresses name resolution method - recv side
+ */
+NTSTATUS resolve_name_nbtlist_recv(struct composite_context *c, 
+				   TALLOC_CTX *mem_ctx,
+				   struct socket_address ***addrs,
+				   char ***names)
+{
+	NTSTATUS status;
+
+	status = composite_wait(c);
+
+	if (NT_STATUS_IS_OK(status)) {
+		struct nbtlist_state *state = talloc_get_type(c->private_data, struct nbtlist_state);
+		*addrs = talloc_steal(mem_ctx, state->addrs);
+		if (names) {
+			*names = talloc_steal(mem_ctx, state->names);
+		}
+	}
+
+	talloc_free(c);
+	return status;
+}
+
diff --git a/source4/libcli/resolve/resolve.c b/source4/libcli/resolve/resolve.c
new file mode 100644
index 0000000..db2606b
--- /dev/null
+++ b/source4/libcli/resolve/resolve.c
@@ -0,0 +1,342 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   general name resolution interface
+
+   Copyright (C) Andrew Tridgell 2005
+   Copyright (C) Jelmer Vernooij 2007
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/composite/composite.h"
+#include "libcli/resolve/resolve.h"
+#include "librpc/gen_ndr/ndr_nbt.h"
+#include "system/network.h"
+#include "lib/socket/socket.h"
+#include "../lib/util/dlinklist.h"
+#include "lib/tsocket/tsocket.h"
+#include "lib/util/util_net.h"
+
+#undef strcasecmp
+
+struct resolve_state {
+	struct resolve_context *ctx;
+	struct resolve_method *method;
+	uint32_t flags;
+	uint16_t port;
+	struct nbt_name name;
+	struct composite_context *creq;
+	struct socket_address **addrs;
+	char **names;
+};
+
+static struct composite_context *setup_next_method(struct composite_context *c);
+
+
+struct resolve_context {
+	struct resolve_method {
+		resolve_name_send_fn send_fn;
+		resolve_name_recv_fn recv_fn;
+		void *privdata;
+		struct resolve_method *prev, *next;
+	} *methods;
+};
+
+/**
+ * Initialize a resolve context
+ */
+struct resolve_context *resolve_context_init(TALLOC_CTX *mem_ctx)
+{
+	return talloc_zero(mem_ctx, struct resolve_context);
+}
+
+/**
+ * Add a resolve method
+ */
+bool resolve_context_add_method(struct resolve_context *ctx, resolve_name_send_fn send_fn, 
+				resolve_name_recv_fn recv_fn, void *userdata)
+{
+	struct resolve_method *method = talloc_zero(ctx, struct resolve_method);
+
+	if (method == NULL)
+		return false;
+
+	method->send_fn = send_fn;
+	method->recv_fn = recv_fn;
+	method->privdata = userdata;
+	DLIST_ADD_END(ctx->methods, method);
+	return true;
+}
+
+/**
+  handle completion of one name resolve method
+*/
+static void resolve_handler(struct composite_context *creq)
+{
+	struct composite_context *c = (struct composite_context *)creq->async.private_data;
+	struct resolve_state *state = talloc_get_type(c->private_data, struct resolve_state);
+	const struct resolve_method *method = state->method;
+
+	c->status = method->recv_fn(creq, state, &state->addrs, &state->names);
+	
+	if (!NT_STATUS_IS_OK(c->status)) {
+		state->method = state->method->next;
+		state->creq = setup_next_method(c);
+		if (state->creq != NULL) {
+			return;
+		}
+	}
+
+	if (!NT_STATUS_IS_OK(c->status)) {
+		c->state = COMPOSITE_STATE_ERROR;
+	} else {
+		c->state = COMPOSITE_STATE_DONE;
+	}
+	if (c->async.fn) {
+		c->async.fn(c);
+	}
+}
+
+
+static struct composite_context *setup_next_method(struct composite_context *c)
+{
+	struct resolve_state *state = talloc_get_type(c->private_data, struct resolve_state);
+	struct composite_context *creq = NULL;
+
+	do {
+		if (state->method) {
+			creq = state->method->send_fn(c, c->event_ctx,
+						      state->method->privdata,
+						      state->flags,
+						      state->port,
+						      &state->name);
+		}
+		if (creq == NULL && state->method) state->method = state->method->next;
+
+	} while (!creq && state->method);
+
+	if (creq) {
+		creq->async.fn = resolve_handler;
+		creq->async.private_data = c;
+	}
+
+	return creq;
+}
+
+/*
+  general name resolution - async send
+ */
+struct composite_context *resolve_name_all_send(struct resolve_context *ctx,
+						TALLOC_CTX *mem_ctx,
+						uint32_t flags, /* RESOLVE_NAME_FLAG_* */
+						uint16_t port,
+						struct nbt_name *name,
+						struct tevent_context *event_ctx)
+{
+	struct composite_context *c;
+	struct resolve_state *state;
+
+	if (event_ctx == NULL) {
+		return NULL;
+	}
+
+	c = composite_create(mem_ctx, event_ctx);
+	if (c == NULL) return NULL;
+
+	if (composite_nomem(c->event_ctx, c)) return c;
+
+	state = talloc(c, struct resolve_state);
+	if (composite_nomem(state, c)) return c;
+	c->private_data = state;
+
+	state->flags = flags;
+	state->port = port;
+
+	c->status = nbt_name_dup(state, name, &state->name);
+	if (!composite_is_ok(c)) return c;
+	
+	state->ctx = talloc_reference(state, ctx);
+	if (composite_nomem(state->ctx, c)) return c;
+
+	if (is_ipaddress(state->name.name) || 
+	    strcasecmp(state->name.name, "localhost") == 0) {
+		state->addrs = talloc_array(state, struct socket_address *, 2);
+		if (composite_nomem(state->addrs, c)) return c;
+		state->addrs[0] = socket_address_from_strings(state->addrs, "ip",
+							      state->name.name, 0);
+		if (composite_nomem(state->addrs[0], c)) return c;
+		state->addrs[1] = NULL;
+		state->names = talloc_array(state, char *, 2);
+		if (composite_nomem(state->names, c)) return c;
+		state->names[0] = talloc_strdup(state->names, state->name.name);
+		if (composite_nomem(state->names[0], c)) return c;
+		state->names[1] = NULL;
+		composite_done(c);
+		return c;
+	}
+
+	state->method = ctx->methods;
+	if (state->method == NULL) {
+		composite_error(c, NT_STATUS_BAD_NETWORK_NAME);
+		return c;
+	}
+	state->creq = setup_next_method(c);
+	if (composite_nomem(state->creq, c)) return c;
+	
+	return c;
+}
+
+/*
+  general name resolution method - recv side
+ */
+NTSTATUS resolve_name_all_recv(struct composite_context *c,
+			       TALLOC_CTX *mem_ctx,
+			       struct socket_address ***addrs,
+			       char ***names)
+{
+	NTSTATUS status;
+
+	status = composite_wait(c);
+
+	if (NT_STATUS_IS_OK(status)) {
+		struct resolve_state *state = talloc_get_type(c->private_data, struct resolve_state);
+		*addrs = talloc_steal(mem_ctx, state->addrs);
+		if (names) {
+			*names = talloc_steal(mem_ctx, state->names);
+		}
+	}
+
+	talloc_free(c);
+	return status;
+}
+
+struct composite_context *resolve_name_ex_send(struct resolve_context *ctx,
+					       TALLOC_CTX *mem_ctx,
+					       uint32_t flags, /* RESOLVE_NAME_FLAG_* */
+					       uint16_t port,
+					       struct nbt_name *name,
+					       struct tevent_context *event_ctx)
+{
+	return resolve_name_all_send(ctx, mem_ctx, flags, port, name, event_ctx);
+}
+
+struct composite_context *resolve_name_send(struct resolve_context *ctx,
+					    TALLOC_CTX *mem_ctx,
+					    struct nbt_name *name,
+					    struct tevent_context *event_ctx)
+{
+	return resolve_name_ex_send(ctx, mem_ctx, 0, 0, name, event_ctx);
+}
+
+NTSTATUS resolve_name_recv(struct composite_context *c,
+			   TALLOC_CTX *mem_ctx,
+			   const char **reply_addr)
+{
+	NTSTATUS status;
+	struct socket_address **addrs = NULL;
+
+	status = resolve_name_all_recv(c, mem_ctx, &addrs, NULL);
+
+	if (NT_STATUS_IS_OK(status)) {
+		struct tsocket_address *t_addr = socket_address_to_tsocket_address(addrs, addrs[0]);
+		if (!t_addr) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		*reply_addr = tsocket_address_inet_addr_string(t_addr, mem_ctx);
+		talloc_free(addrs);
+		if (!*reply_addr) {
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
+	return status;
+}
+
+/*
+  receive multiple responses from resolve_name_send()
+ */
+NTSTATUS resolve_name_multiple_recv(struct composite_context *c,
+				    TALLOC_CTX *mem_ctx,
+				    const char ***reply_addrs)
+{
+	NTSTATUS status;
+	struct socket_address **addrs = NULL;
+	int i;
+
+	status = resolve_name_all_recv(c, mem_ctx, &addrs, NULL);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	/* count the addresses */
+	for (i=0; addrs[i]; i++) ;
+
+	*reply_addrs = talloc_array(mem_ctx, const char *, i+1);
+	NT_STATUS_HAVE_NO_MEMORY(*reply_addrs);
+
+	for (i=0; addrs[i]; i++) {
+		struct tsocket_address *t_addr = socket_address_to_tsocket_address(addrs, addrs[i]);
+		NT_STATUS_HAVE_NO_MEMORY(t_addr);
+
+		(*reply_addrs)[i] = tsocket_address_inet_addr_string(t_addr, *reply_addrs);
+		NT_STATUS_HAVE_NO_MEMORY((*reply_addrs)[i]);
+	}
+	(*reply_addrs)[i] = NULL;
+
+	talloc_free(addrs);
+
+	return status;
+}
+
+/*
+  general name resolution - sync call
+ */
+NTSTATUS resolve_name_ex(struct resolve_context *ctx,
+			 uint32_t flags, /* RESOLVE_NAME_FLAG_* */
+			 uint16_t port,
+			 struct nbt_name *name,
+			 TALLOC_CTX *mem_ctx,
+			 const char **reply_addr,
+			 struct tevent_context *ev)
+{
+	struct composite_context *c = resolve_name_ex_send(ctx, mem_ctx, flags, port, name, ev);
+	return resolve_name_recv(c, mem_ctx, reply_addr);
+}
+
+
+/* Initialise a struct nbt_name with a NULL scope */
+
+void make_nbt_name(struct nbt_name *nbt, const char *name, int type)
+{
+	nbt->name = name;
+	nbt->scope = NULL;
+	nbt->type = type;
+}
+
+/* Initialise a struct nbt_name with a NBT_NAME_CLIENT (0x00) name */
+
+void make_nbt_name_client(struct nbt_name *nbt, const char *name)
+{
+	make_nbt_name(nbt, name, NBT_NAME_CLIENT);
+}
+
+/* Initialise a struct nbt_name with a NBT_NAME_SERVER (0x20) name */
+
+void make_nbt_name_server(struct nbt_name *nbt, const char *name)
+{
+	make_nbt_name(nbt, name, NBT_NAME_SERVER);
+}
+
+
diff --git a/source4/libcli/resolve/resolve.h b/source4/libcli/resolve/resolve.h
new file mode 100644
index 0000000..8ace574
--- /dev/null
+++ b/source4/libcli/resolve/resolve.h
@@ -0,0 +1,53 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   general name resolution interface
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __LIBCLI_RESOLVE_H__
+#define __LIBCLI_RESOLVE_H__
+
+struct socket_address;
+struct tevent_context;
+
+#include "../libcli/nbt/libnbt.h"
+
+/* force that only NBT name resolution is used */
+#define RESOLVE_NAME_FLAG_FORCE_NBT		0x00000001
+/* force that only DNS name resolution is used */
+#define RESOLVE_NAME_FLAG_FORCE_DNS		0x00000002
+/* tell the dns resolver to do a DNS SRV lookup */
+#define RESOLVE_NAME_FLAG_DNS_SRV		0x00000004
+/* allow the resolver to overwrite the given port, e.g. for DNS SRV */
+#define RESOLVE_NAME_FLAG_OVERWRITE_PORT	0x00000008
+
+typedef struct composite_context *(*resolve_name_send_fn)(TALLOC_CTX *mem_ctx,
+							  struct tevent_context *,
+							  void *privdata,
+							  uint32_t flags,
+							  uint16_t port,
+							  struct nbt_name *);
+typedef NTSTATUS (*resolve_name_recv_fn)(struct composite_context *creq,
+					 TALLOC_CTX *mem_ctx,
+					 struct socket_address ***addrs,
+					 char ***names);
+#include "libcli/resolve/proto.h"
+struct interface;
+#include "libcli/resolve/lp_proto.h"
+
+#endif /* __LIBCLI_RESOLVE_H__ */
diff --git a/source4/libcli/resolve/resolve_lp.c b/source4/libcli/resolve/resolve_lp.c
new file mode 100644
index 0000000..56c7b01
--- /dev/null
+++ b/source4/libcli/resolve/resolve_lp.c
@@ -0,0 +1,52 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/resolve/resolve.h"
+#include "param/param.h"
+
+struct resolve_context *lpcfg_resolve_context(struct loadparm_context *lp_ctx)
+{
+	const char **methods = lpcfg_name_resolve_order(lp_ctx);
+	int i;
+	struct resolve_context *ret = resolve_context_init(lp_ctx);
+
+	if (ret == NULL)
+		return NULL;
+
+	for (i = 0; methods != NULL && methods[i] != NULL; i++) {
+		if (!strcmp(methods[i], "wins")) {
+			if (lpcfg_disable_netbios(lp_ctx) == false) {
+				resolve_context_add_wins_method_lp(ret, lp_ctx);
+			}
+		} else if (!strcmp(methods[i], "bcast")) {
+			if (lpcfg_disable_netbios(lp_ctx) == false) {
+				resolve_context_add_bcast_method_lp(ret, lp_ctx);
+			}
+		} else if (!strcmp(methods[i], "lmhosts")) {
+			resolve_context_add_lmhosts_method(ret);
+		} else if (!strcmp(methods[i], "host")) {
+			resolve_context_add_host_method(ret);
+		} else {
+			DEBUG(0, ("Unknown resolve method '%s'\n", methods[i]));
+		}
+	}
+
+	return ret;
+}
diff --git a/source4/libcli/resolve/testsuite.c b/source4/libcli/resolve/testsuite.c
new file mode 100644
index 0000000..2bf6e46
--- /dev/null
+++ b/source4/libcli/resolve/testsuite.c
@@ -0,0 +1,92 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   local test for async resolve code
+
+   Copyright (C) Andrew Tridgell 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include "libcli/resolve/resolve.h"
+#include "torture/torture.h"
+#include "torture/local/proto.h"
+#include "system/network.h"
+#include "lib/util/util_net.h"
+
+static bool test_async_resolve(struct torture_context *tctx)
+{
+	struct nbt_name n;
+	struct tevent_context *ev;
+	int timelimit = torture_setting_int(tctx, "timelimit", 2);
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	int count = 0;
+	struct timeval tv = timeval_current();
+	TALLOC_CTX *mem_ctx = tctx;
+
+	ev = tctx->ev;
+
+	ZERO_STRUCT(n);
+	n.name = host;
+
+	torture_comment(tctx, "Testing async resolve of '%s' for %d seconds\n",
+			host, timelimit);
+	while (timeval_elapsed(&tv) < timelimit) {
+		struct socket_address **s;
+		struct composite_context *c = resolve_name_host_send(mem_ctx, ev, NULL, 0, 0, &n);
+		torture_assert(tctx, c != NULL, "resolve_name_host_send");
+		torture_assert_ntstatus_ok(tctx, resolve_name_host_recv(c, mem_ctx, &s, NULL),
+								   "async resolve failed");
+		count++;
+	}
+
+	torture_comment(tctx, "async rate of %.1f resolves/sec\n", 
+			count/timeval_elapsed(&tv));
+	return true;
+}
+
+/*
+  test resolution using sync method
+*/
+static bool test_sync_resolve(struct torture_context *tctx)
+{
+	int timelimit = torture_setting_int(tctx, "timelimit", 2);
+	struct timeval tv = timeval_current();
+	int count = 0;
+	const char *host = torture_setting_string(tctx, "host", NULL);
+
+	torture_comment(tctx, "Testing sync resolve of '%s' for %d seconds\n", 
+			host, timelimit);
+	while (timeval_elapsed(&tv) < timelimit) {
+		inet_ntoa(interpret_addr2(host));
+		count++;
+	}
+	
+	torture_comment(tctx, "sync rate of %.1f resolves/sec\n", 
+			count/timeval_elapsed(&tv));
+	return true;
+}
+
+
+struct torture_suite *torture_local_resolve(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "resolve");
+
+	torture_suite_add_simple_test(suite, "async", test_async_resolve);
+	torture_suite_add_simple_test(suite, "sync", test_sync_resolve);
+
+	return suite;
+}
diff --git a/source4/libcli/resolve/wins.c b/source4/libcli/resolve/wins.c
new file mode 100644
index 0000000..541d3fe
--- /dev/null
+++ b/source4/libcli/resolve/wins.c
@@ -0,0 +1,83 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   wins name resolution module
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "../libcli/nbt/libnbt.h"
+#include "libcli/resolve/resolve.h"
+#include "param/param.h"
+#include "lib/socket/socket.h"
+#include "lib/socket/netif.h"
+
+struct resolve_wins_data {
+	char **address_list;
+	struct interface *ifaces;
+	uint16_t nbt_port;
+	int nbt_timeout;
+};
+
+/**
+  wins name resolution method - async send
+ */
+struct composite_context *resolve_name_wins_send(
+				TALLOC_CTX *mem_ctx, 
+				struct tevent_context *event_ctx,
+				void *userdata,
+				uint32_t flags,
+				uint16_t port,
+				struct nbt_name *name)
+{
+	struct resolve_wins_data *wins_data = talloc_get_type(userdata, struct resolve_wins_data);
+	if (wins_data->address_list == NULL) return NULL;
+	return resolve_name_nbtlist_send(mem_ctx, event_ctx, flags, port, name,
+					 (const char * const *)wins_data->address_list,
+					 wins_data->ifaces,
+					 wins_data->nbt_port, wins_data->nbt_timeout,
+					 false, true);
+}
+
+/*
+  wins name resolution method - recv side
+ */
+NTSTATUS resolve_name_wins_recv(struct composite_context *c, 
+				TALLOC_CTX *mem_ctx,
+				struct socket_address ***addrs,
+				char ***names)
+{
+	return resolve_name_nbtlist_recv(c, mem_ctx, addrs, names);
+}
+
+bool resolve_context_add_wins_method(struct resolve_context *ctx, const char **address_list, struct interface *ifaces, uint16_t nbt_port, int nbt_timeout)
+{
+	struct resolve_wins_data *wins_data = talloc(ctx, struct resolve_wins_data);
+	wins_data->address_list = str_list_copy(wins_data, address_list);
+	wins_data->ifaces = talloc_reference(wins_data, ifaces);
+	wins_data->nbt_port = nbt_port;
+	wins_data->nbt_timeout = nbt_timeout;
+	return resolve_context_add_method(ctx, resolve_name_wins_send, resolve_name_wins_recv,
+					  wins_data);
+}
+
+bool resolve_context_add_wins_method_lp(struct resolve_context *ctx, struct loadparm_context *lp_ctx)
+{
+	struct interface *ifaces;
+	load_interface_list(ctx, lp_ctx, &ifaces);
+	return resolve_context_add_wins_method(ctx, lpcfg_wins_server_list(lp_ctx), ifaces, lpcfg_nbt_port(lp_ctx), lpcfg_parm_int(lp_ctx, NULL, "nbt", "timeout", 1));
+}
diff --git a/source4/libcli/smb2/break.c b/source4/libcli/smb2/break.c
new file mode 100644
index 0000000..fe0cceb
--- /dev/null
+++ b/source4/libcli/smb2/break.c
@@ -0,0 +1,74 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   SMB2 client oplock break handling
+
+   Copyright (C) Stefan Metzmacher 2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+
+/*
+  send a break request
+*/
+struct smb2_request *smb2_break_send(struct smb2_tree *tree, struct smb2_break *io)
+{
+	struct smb2_request *req;
+
+	req = smb2_request_init_tree(tree, SMB2_OP_BREAK, 0x18, false, 0);
+	if (req == NULL) return NULL;
+
+	SCVAL(req->out.body, 0x02, io->in.oplock_level);
+	SCVAL(req->out.body, 0x03, io->in.reserved);
+	SIVAL(req->out.body, 0x04, io->in.reserved2);
+	smb2_push_handle(req->out.body+0x08, &io->in.file.handle);
+
+	smb2_transport_send(req);
+
+	return req;
+}
+
+
+/*
+  recv a break reply
+*/
+NTSTATUS smb2_break_recv(struct smb2_request *req, struct smb2_break *io)
+{
+	if (!smb2_request_receive(req) ||
+	    !smb2_request_is_ok(req)) {
+		return smb2_request_destroy(req);
+	}
+
+	SMB2_CHECK_PACKET_RECV(req, 0x18, false);
+
+	io->out.oplock_level	= CVAL(req->in.body, 0x02);
+	io->out.reserved	= CVAL(req->in.body, 0x03);
+	io->out.reserved2	= IVAL(req->in.body, 0x04);
+	smb2_pull_handle(req->in.body+0x08, &io->out.file.handle);
+
+	return smb2_request_destroy(req);
+}
+
+/*
+  sync flush request
+*/
+NTSTATUS smb2_break(struct smb2_tree *tree, struct smb2_break *io)
+{
+	struct smb2_request *req = smb2_break_send(tree, io);
+	return smb2_break_recv(req, io);
+}
diff --git a/source4/libcli/smb2/cancel.c b/source4/libcli/smb2/cancel.c
new file mode 100644
index 0000000..cc40b34
--- /dev/null
+++ b/source4/libcli/smb2/cancel.c
@@ -0,0 +1,45 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   SMB2 client notify calls
+
+   Copyright (C) Stefan Metzmacher 2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <tevent.h>
+#include "libcli/raw/libcliraw.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+
+/*
+  send a cancel request
+*/
+NTSTATUS smb2_cancel(struct smb2_request *r)
+{
+	bool ok;
+
+	if (r->subreq == NULL) {
+		return NT_STATUS_OK;
+	}
+
+	ok = tevent_req_cancel(r->subreq);
+	if (!ok) {
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/libcli/smb2/close.c b/source4/libcli/smb2/close.c
new file mode 100644
index 0000000..4e6f330
--- /dev/null
+++ b/source4/libcli/smb2/close.c
@@ -0,0 +1,80 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   SMB2 client close handling
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+
+/*
+  send a close request
+*/
+struct smb2_request *smb2_close_send(struct smb2_tree *tree, struct smb2_close *io)
+{
+	struct smb2_request *req;
+
+	req = smb2_request_init_tree(tree, SMB2_OP_CLOSE, 0x18, false, 0);
+	if (req == NULL) return NULL;
+
+	SSVAL(req->out.body, 0x02, io->in.flags);
+	SIVAL(req->out.body, 0x04, 0); /* pad */
+	smb2_push_handle(req->out.body+0x08, &io->in.file.handle);
+
+	smb2_transport_send(req);
+
+	return req;
+}
+
+
+/*
+  recv a close reply
+*/
+NTSTATUS smb2_close_recv(struct smb2_request *req, struct smb2_close *io)
+{
+	if (!smb2_request_receive(req) || 
+	    !smb2_request_is_ok(req)) {
+		return smb2_request_destroy(req);
+	}
+
+	SMB2_CHECK_PACKET_RECV(req, 0x3C, false);
+
+	io->out.flags       = SVAL(req->in.body, 0x02);
+	io->out._pad        = IVAL(req->in.body, 0x04);
+	io->out.create_time = smbcli_pull_nttime(req->in.body, 0x08);
+	io->out.access_time = smbcli_pull_nttime(req->in.body, 0x10);
+	io->out.write_time  = smbcli_pull_nttime(req->in.body, 0x18);
+	io->out.change_time = smbcli_pull_nttime(req->in.body, 0x20);
+	io->out.alloc_size  = BVAL(req->in.body, 0x28);
+	io->out.size        = BVAL(req->in.body, 0x30);
+	io->out.file_attr   = IVAL(req->in.body, 0x38);
+
+	return smb2_request_destroy(req);
+}
+
+/*
+  sync close request
+*/
+NTSTATUS smb2_close(struct smb2_tree *tree, struct smb2_close *io)
+{
+	struct smb2_request *req = smb2_close_send(tree, io);
+	return smb2_close_recv(req, io);
+}
diff --git a/source4/libcli/smb2/connect.c b/source4/libcli/smb2/connect.c
new file mode 100644
index 0000000..64b6786
--- /dev/null
+++ b/source4/libcli/smb2/connect.c
@@ -0,0 +1,483 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   SMB2 composite connection setup
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <tevent.h>
+#include "lib/util/tevent_ntstatus.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "libcli/composite/composite.h"
+#include "libcli/resolve/resolve.h"
+#include "param/param.h"
+#include "auth/credentials/credentials.h"
+#include "../libcli/smb/smbXcli_base.h"
+#include "smb2_constants.h"
+
+struct smb2_connect_state {
+	struct tevent_context *ev;
+	struct cli_credentials *credentials;
+	bool fallback_to_anonymous;
+	uint64_t previous_session_id;
+	struct resolve_context *resolve_ctx;
+	const char *host;
+	const char *share;
+	const char *unc;
+	const char **ports;
+	const char *socket_options;
+	struct nbt_name calling, called;
+	struct gensec_settings *gensec_settings;
+	struct smbcli_options options;
+	struct smb2_transport *transport;
+	struct smb2_session *session;
+	struct smb2_tree *tree;
+};
+
+static void smb2_connect_session_start(struct tevent_req *req);
+static void smb2_connect_socket_done(struct composite_context *creq);
+
+/*
+  a composite function that does a full negprot/sesssetup/tcon, returning
+  a connected smb2_tree
+ */
+struct tevent_req *smb2_connect_send(TALLOC_CTX *mem_ctx,
+				     struct tevent_context *ev,
+				     const char *host,
+				     const char **ports,
+				     const char *share,
+				     struct resolve_context *resolve_ctx,
+				     struct cli_credentials *credentials,
+				     bool fallback_to_anonymous,
+				     struct smbXcli_conn **existing_conn,
+				     uint64_t previous_session_id,
+				     const struct smbcli_options *options,
+				     const char *socket_options,
+				     struct gensec_settings *gensec_settings)
+{
+	struct tevent_req *req;
+	struct smb2_connect_state *state;
+	struct composite_context *creq;
+	static const char *default_ports[] = { "445", "139", NULL };
+	enum smb_encryption_setting encryption_state =
+		cli_credentials_get_smb_encryption(credentials);
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct smb2_connect_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	state->ev = ev;
+	state->credentials = credentials;
+	state->fallback_to_anonymous = fallback_to_anonymous;
+	state->previous_session_id = previous_session_id;
+	state->options = *options;
+	state->host = host;
+	state->ports = ports;
+	state->share = share;
+	state->resolve_ctx = resolve_ctx;
+	state->socket_options = socket_options;
+	state->gensec_settings = gensec_settings;
+
+	if (state->ports == NULL) {
+		state->ports = default_ports;
+	}
+
+	if (encryption_state >= SMB_ENCRYPTION_DESIRED) {
+		state->options.signing = SMB_SIGNING_REQUIRED;
+	}
+
+	make_nbt_name_client(&state->calling,
+			     cli_credentials_get_workstation(credentials));
+
+	nbt_choose_called_name(state, &state->called,
+			       host, NBT_NAME_SERVER);
+
+	state->unc = talloc_asprintf(state, "\\\\%s\\%s",
+				    state->host, state->share);
+	if (tevent_req_nomem(state->unc, req)) {
+		return tevent_req_post(req, ev);
+	}
+
+	if (existing_conn != NULL) {
+		NTSTATUS status;
+
+		status = smb2_transport_raw_init(state, ev,
+						 existing_conn,
+						 &state->options,
+						 &state->transport);
+		if (tevent_req_nterror(req, status)) {
+			return tevent_req_post(req, ev);
+		}
+
+		smb2_connect_session_start(req);
+		if (!tevent_req_is_in_progress(req)) {
+			return tevent_req_post(req, ev);
+		}
+
+		return req;
+	}
+
+	creq = smbcli_sock_connect_send(state, NULL, state->ports,
+					state->host, state->resolve_ctx,
+					state->ev, state->socket_options,
+					&state->calling,
+					&state->called);
+	if (tevent_req_nomem(creq, req)) {
+		return tevent_req_post(req, ev);
+	}
+	creq->async.fn = smb2_connect_socket_done;
+	creq->async.private_data = req;
+
+	return req;
+}
+
+static void smb2_connect_negprot_done(struct tevent_req *subreq);
+
+static void smb2_connect_socket_done(struct composite_context *creq)
+{
+	struct tevent_req *req =
+		talloc_get_type_abort(creq->async.private_data,
+		struct tevent_req);
+	struct smb2_connect_state *state =
+		tevent_req_data(req,
+		struct smb2_connect_state);
+	struct smbcli_socket *sock;
+	struct tevent_req *subreq;
+	NTSTATUS status;
+	uint32_t timeout_msec;
+	enum protocol_types min_protocol;
+
+	status = smbcli_sock_connect_recv(creq, state, &sock);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	state->transport = smb2_transport_init(sock, state, &state->options);
+	if (tevent_req_nomem(state->transport, req)) {
+		return;
+	}
+
+	timeout_msec = state->transport->options.request_timeout * 1000;
+	min_protocol = state->transport->options.min_protocol;
+	if (min_protocol < PROTOCOL_SMB2_02) {
+		min_protocol = PROTOCOL_SMB2_02;
+	}
+
+	subreq = smbXcli_negprot_send(state, state->ev,
+				      state->transport->conn, timeout_msec,
+				      min_protocol,
+				      state->transport->options.max_protocol,
+				      state->transport->options.max_credits,
+				      NULL);
+	if (tevent_req_nomem(subreq, req)) {
+		return;
+	}
+	tevent_req_set_callback(subreq, smb2_connect_negprot_done, req);
+}
+
+static void smb2_connect_session_done(struct tevent_req *subreq);
+
+static void smb2_connect_negprot_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req =
+		tevent_req_callback_data(subreq,
+		struct tevent_req);
+	NTSTATUS status;
+
+	status = smbXcli_negprot_recv(subreq, NULL, NULL);
+	TALLOC_FREE(subreq);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	smb2_connect_session_start(req);
+}
+
+static void smb2_connect_session_start(struct tevent_req *req)
+{
+	struct smb2_connect_state *state =
+		tevent_req_data(req,
+		struct smb2_connect_state);
+	struct smb2_transport *transport = state->transport;
+	struct tevent_req *subreq = NULL;
+
+	state->session = smb2_session_init(transport, state->gensec_settings, state);
+	if (tevent_req_nomem(state->session, req)) {
+		return;
+	}
+
+	if (state->options.only_negprot) {
+		state->tree = smb2_tree_init(state->session, state, true);
+		if (tevent_req_nomem(state->tree, req)) {
+			return;
+		}
+		tevent_req_done(req);
+		return;
+	}
+
+	subreq = smb2_session_setup_spnego_send(state, state->ev,
+						state->session,
+						state->credentials,
+						state->previous_session_id);
+	if (tevent_req_nomem(subreq, req)) {
+		return;
+	}
+	tevent_req_set_callback(subreq, smb2_connect_session_done, req);
+}
+
+static void smb2_connect_enc_start(struct tevent_req *req);
+static void smb2_connect_tcon_start(struct tevent_req *req);
+static void smb2_connect_tcon_done(struct tevent_req *subreq);
+
+static void smb2_connect_session_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req =
+		tevent_req_callback_data(subreq,
+		struct tevent_req);
+	struct smb2_connect_state *state =
+		tevent_req_data(req,
+		struct smb2_connect_state);
+	NTSTATUS status;
+
+	status = smb2_session_setup_spnego_recv(subreq);
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(status) &&
+	    !cli_credentials_is_anonymous(state->credentials) &&
+	    state->fallback_to_anonymous) {
+		struct cli_credentials *anon_creds = NULL;
+
+		/*
+		 * The transport was moved to session,
+		 * we need to revert that before removing
+		 * the old broken session.
+		 */
+		state->transport = talloc_move(state, &state->session->transport);
+		TALLOC_FREE(state->session);
+
+		anon_creds = cli_credentials_init_anon(state);
+		if (tevent_req_nomem(anon_creds, req)) {
+			return;
+		}
+		cli_credentials_set_workstation(anon_creds,
+		   cli_credentials_get_workstation(state->credentials),
+		   CRED_SPECIFIED);
+
+		/*
+		 * retry with anonymous credentials
+		 */
+		state->credentials = anon_creds;
+		smb2_connect_session_start(req);
+		return;
+	}
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	state->tree = smb2_tree_init(state->session, state, true);
+	if (tevent_req_nomem(state->tree, req)) {
+		return;
+	}
+
+	smb2_connect_enc_start(req);
+}
+
+static void smb2_connect_enc_start(struct tevent_req *req)
+{
+	struct smb2_connect_state *state =
+		tevent_req_data(req,
+				struct smb2_connect_state);
+	enum smb_encryption_setting encryption_state =
+		cli_credentials_get_smb_encryption(state->credentials);
+	NTSTATUS status;
+
+	if (encryption_state < SMB_ENCRYPTION_DESIRED) {
+		smb2_connect_tcon_start(req);
+		return;
+	}
+
+	status = smb2cli_session_encryption_on(state->session->smbXcli);
+	if (!NT_STATUS_IS_OK(status)) {
+		if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
+			if (encryption_state < SMB_ENCRYPTION_REQUIRED) {
+				smb2_connect_tcon_start(req);
+				return;
+			}
+
+			DBG_ERR("Encryption required and server doesn't support "
+				"SMB3 encryption - failing connect\n");
+			tevent_req_nterror(req, status);
+			return;
+		}
+
+		DBG_ERR("Encryption required and setup failed with error %s.\n",
+			nt_errstr(status));
+		tevent_req_nterror(req, NT_STATUS_PROTOCOL_NOT_SUPPORTED);
+		return;
+	}
+
+	smb2_connect_tcon_start(req);
+}
+
+static void smb2_connect_tcon_start(struct tevent_req *req)
+{
+	struct smb2_connect_state *state =
+		tevent_req_data(req,
+				struct smb2_connect_state);
+	struct tevent_req *subreq = NULL;
+	uint32_t timeout_msec;
+
+	timeout_msec = state->transport->options.request_timeout * 1000;
+
+	subreq = smb2cli_tcon_send(state, state->ev,
+				   state->transport->conn,
+				   timeout_msec,
+				   state->session->smbXcli,
+				   state->tree->smbXcli,
+				   0, /* flags */
+				   state->unc);
+	if (tevent_req_nomem(subreq, req)) {
+		return;
+	}
+	tevent_req_set_callback(subreq, smb2_connect_tcon_done, req);
+}
+
+static void smb2_connect_tcon_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req =
+		tevent_req_callback_data(subreq,
+		struct tevent_req);
+	NTSTATUS status;
+
+	status = smb2cli_tcon_recv(subreq);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	tevent_req_done(req);
+}
+
+NTSTATUS smb2_connect_recv(struct tevent_req *req,
+			   TALLOC_CTX *mem_ctx,
+			   struct smb2_tree **tree)
+{
+	struct smb2_connect_state *state =
+		tevent_req_data(req,
+		struct smb2_connect_state);
+	NTSTATUS status;
+
+	if (tevent_req_is_nterror(req, &status)) {
+		tevent_req_received(req);
+		return status;
+	}
+
+	*tree = talloc_move(mem_ctx, &state->tree);
+
+	tevent_req_received(req);
+	return NT_STATUS_OK;
+}
+
+/*
+  sync version of smb2_connect
+*/
+NTSTATUS smb2_connect_ext(TALLOC_CTX *mem_ctx,
+			  const char *host,
+			  const char **ports,
+			  const char *share,
+			  struct resolve_context *resolve_ctx,
+			  struct cli_credentials *credentials,
+			  struct smbXcli_conn **existing_conn,
+			  uint64_t previous_session_id,
+			  struct smb2_tree **tree,
+			  struct tevent_context *ev,
+			  const struct smbcli_options *options,
+			  const char *socket_options,
+			  struct gensec_settings *gensec_settings)
+{
+	struct tevent_req *subreq;
+	NTSTATUS status;
+	bool ok;
+	TALLOC_CTX *frame = talloc_stackframe();
+
+	if (frame == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	subreq = smb2_connect_send(frame,
+				   ev,
+				   host,
+				   ports,
+				   share,
+				   resolve_ctx,
+				   credentials,
+				   false, /* fallback_to_anonymous */
+				   existing_conn,
+				   previous_session_id,
+				   options,
+				   socket_options,
+				   gensec_settings);
+	if (subreq == NULL) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ok = tevent_req_poll(subreq, ev);
+	if (!ok) {
+		status = map_nt_error_from_unix_common(errno);
+		TALLOC_FREE(frame);
+		return status;
+	}
+
+	status = smb2_connect_recv(subreq, mem_ctx, tree);
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(frame);
+		return status;
+	}
+
+	TALLOC_FREE(frame);
+	return NT_STATUS_OK;
+}
+
+NTSTATUS smb2_connect(TALLOC_CTX *mem_ctx,
+		      const char *host,
+		      const char **ports,
+		      const char *share,
+		      struct resolve_context *resolve_ctx,
+		      struct cli_credentials *credentials,
+		      struct smb2_tree **tree,
+		      struct tevent_context *ev,
+		      const struct smbcli_options *options,
+		      const char *socket_options,
+		      struct gensec_settings *gensec_settings)
+{
+	NTSTATUS status;
+
+	status = smb2_connect_ext(mem_ctx, host, ports, share, resolve_ctx,
+				  credentials,
+				  NULL, /* existing_conn */
+				  0, /* previous_session_id */
+				  tree, ev, options, socket_options,
+				  gensec_settings);
+
+	return status;
+}
diff --git a/source4/libcli/smb2/create.c b/source4/libcli/smb2/create.c
new file mode 100644
index 0000000..c91b150
--- /dev/null
+++ b/source4/libcli/smb2/create.c
@@ -0,0 +1,446 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   SMB2 client tree handling
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "librpc/gen_ndr/ndr_security.h"
+
+/*
+  send a create request
+*/
+struct smb2_request *smb2_create_send(struct smb2_tree *tree, struct smb2_create *io)
+{
+	struct smb2_request *req;
+	NTSTATUS status;
+	DATA_BLOB blob;
+	struct smb2_create_blobs blobs;
+	int i;
+
+	ZERO_STRUCT(blobs);
+
+	req = smb2_request_init_tree(tree, SMB2_OP_CREATE, 0x38, true, 0);
+	if (req == NULL) return NULL;
+
+	SCVAL(req->out.body, 0x02, io->in.security_flags);
+	SCVAL(req->out.body, 0x03, io->in.oplock_level);
+	SIVAL(req->out.body, 0x04, io->in.impersonation_level);
+	SBVAL(req->out.body, 0x08, io->in.create_flags);
+	SBVAL(req->out.body, 0x10, io->in.reserved);
+	SIVAL(req->out.body, 0x18, io->in.desired_access);
+	SIVAL(req->out.body, 0x1C, io->in.file_attributes);
+	SIVAL(req->out.body, 0x20, io->in.share_access);
+	SIVAL(req->out.body, 0x24, io->in.create_disposition);
+	SIVAL(req->out.body, 0x28, io->in.create_options);
+
+	status = smb2_push_o16s16_string(&req->out, 0x2C, io->in.fname);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(req);
+		return NULL;
+	}
+
+	/* now add all the optional blobs */
+	if (io->in.eas.num_eas != 0) {
+		DATA_BLOB b = data_blob_talloc(req, NULL, 
+					       ea_list_size_chained(io->in.eas.num_eas, io->in.eas.eas, 4));
+		ea_put_list_chained(b.data, io->in.eas.num_eas, io->in.eas.eas, 4);
+		status = smb2_create_blob_add(req, &blobs,
+					      SMB2_CREATE_TAG_EXTA, b);
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(req);
+			return NULL;
+		}
+		data_blob_free(&b);
+	}
+
+	/* an empty MxAc tag seems to be used to ask the server to
+	   return the maximum access mask allowed on the file */
+	if (io->in.query_maximal_access) {
+		/* TODO: MS-SMB2 2.2.13.2.5 says this can contain a timestamp? What to do
+		   with that if it doesn't match? */
+		status = smb2_create_blob_add(req, &blobs,
+					      SMB2_CREATE_TAG_MXAC, data_blob(NULL, 0));
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(req);
+			return NULL;
+		}
+	}
+
+	if (io->in.alloc_size != 0) {
+		uint8_t data[8];
+		SBVAL(data, 0, io->in.alloc_size);
+		status = smb2_create_blob_add(req, &blobs,
+					      SMB2_CREATE_TAG_ALSI, data_blob_const(data, 8));
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(req);
+			return NULL;
+		}
+	}
+
+	if (io->in.durable_open) {
+		status = smb2_create_blob_add(req, &blobs,
+					      SMB2_CREATE_TAG_DHNQ, data_blob_talloc_zero(req, 16));
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(req);
+			return NULL;
+		}
+	}
+
+	if (io->in.durable_open_v2) {
+		uint8_t data[32];
+		uint32_t flags = 0;
+		struct GUID_ndr_buf guid_buf = { .buf = {0}, };
+
+		SIVAL(data, 0, io->in.timeout);
+		if (io->in.persistent_open) {
+			flags = SMB2_DHANDLE_FLAG_PERSISTENT;
+		}
+		SIVAL(data, 4, flags);
+		SBVAL(data, 8, 0x0); /* reserved */
+		status = GUID_to_ndr_buf(&io->in.create_guid, &guid_buf);
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(req);
+			return NULL;
+		}
+		memcpy(data+16, guid_buf.buf, sizeof(guid_buf.buf));
+
+		status = smb2_create_blob_add(req, &blobs,
+					      SMB2_CREATE_TAG_DH2Q,
+					      data_blob_const(data, 32));
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(req);
+			return NULL;
+		}
+	}
+
+	if (io->in.durable_handle) {
+		uint8_t data[16];
+		smb2_push_handle(data, io->in.durable_handle);
+		status = smb2_create_blob_add(req, &blobs,
+					      SMB2_CREATE_TAG_DHNC, data_blob_const(data, 16));
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(req);
+			return NULL;
+		}
+	}
+
+	if (io->in.durable_handle_v2) {
+		uint8_t data[36];
+		struct GUID_ndr_buf guid_buf = { .buf = {0}, };
+		uint32_t flags = 0;
+
+		smb2_push_handle(data, io->in.durable_handle_v2);
+		status = GUID_to_ndr_buf(&io->in.create_guid, &guid_buf);
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(req);
+			return NULL;
+		}
+		memcpy(data+16, guid_buf.buf, sizeof(guid_buf.buf));
+		if (io->in.persistent_open) {
+			flags = SMB2_DHANDLE_FLAG_PERSISTENT;
+		}
+		SIVAL(data, 32, flags);
+
+		status = smb2_create_blob_add(req, &blobs,
+					      SMB2_CREATE_TAG_DH2C,
+					      data_blob_const(data, 36));
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(req);
+			return NULL;
+		}
+	}
+
+	if (io->in.timewarp) {
+		uint8_t data[8];
+		SBVAL(data, 0, io->in.timewarp);		
+		status = smb2_create_blob_add(req, &blobs,
+					      SMB2_CREATE_TAG_TWRP, data_blob_const(data, 8));
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(req);
+			return NULL;
+		}
+	}
+
+	if (io->in.sec_desc) {
+		enum ndr_err_code ndr_err;
+		DATA_BLOB sd_blob;
+		ndr_err = ndr_push_struct_blob(&sd_blob, req, io->in.sec_desc,
+					       (ndr_push_flags_fn_t)ndr_push_security_descriptor);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			talloc_free(req);
+			return NULL;
+		}
+		status = smb2_create_blob_add(req, &blobs,
+					      SMB2_CREATE_TAG_SECD, sd_blob);
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(req);
+			return NULL;
+		}
+	}
+
+	if (io->in.query_on_disk_id) {
+		status = smb2_create_blob_add(req, &blobs,
+					      SMB2_CREATE_TAG_QFID, data_blob(NULL, 0));
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(req);
+			return NULL;
+		}
+	}
+
+	if (io->in.lease_request) {
+		uint8_t data[32];
+
+		if (!smb2_lease_push(io->in.lease_request, data,
+				     sizeof(data))) {
+			TALLOC_FREE(req);
+			return NULL;
+		}
+
+		status = smb2_create_blob_add(
+			req, &blobs, SMB2_CREATE_TAG_RQLS,
+			data_blob_const(data, sizeof(data)));
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(req);
+			return NULL;
+		}
+	}
+
+	if (io->in.lease_request_v2) {
+		uint8_t data[52];
+
+		if (!smb2_lease_push(io->in.lease_request_v2, data,
+				     sizeof(data))) {
+			TALLOC_FREE(req);
+			return NULL;
+		}
+
+		status = smb2_create_blob_add(
+			req, &blobs, SMB2_CREATE_TAG_RQLS,
+			data_blob_const(data, sizeof(data)));
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(req);
+			return NULL;
+		}
+	}
+
+	if (io->in.app_instance_id) {
+		uint8_t data[20];
+		struct GUID_ndr_buf guid_buf = { .buf = {0}, };
+
+		SSVAL(data, 0, 20); /* structure size */
+		SSVAL(data, 2, 0);  /* reserved */
+
+		status = GUID_to_ndr_buf(io->in.app_instance_id, &guid_buf);
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(req);
+			return NULL;
+		}
+		memcpy(data+4, guid_buf.buf, sizeof(guid_buf.buf));
+
+		status = smb2_create_blob_add(req, &blobs,
+					      SMB2_CREATE_TAG_APP_INSTANCE_ID,
+					      data_blob_const(data, 20));
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(req);
+			return NULL;
+		}
+	}
+
+	/* and any custom blobs */
+	for (i=0;i<io->in.blobs.num_blobs;i++) {
+		status = smb2_create_blob_add(req, &blobs,
+					      io->in.blobs.blobs[i].tag, 
+					      io->in.blobs.blobs[i].data);
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(req);
+			return NULL;
+		}
+	}
+
+
+	status = smb2_create_blob_push(req, &blob, blobs);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(req);
+		return NULL;
+	}
+
+	status = smb2_push_o32s32_blob(&req->out, 0x30, blob);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(req);
+		return NULL;
+	}
+
+	if (((io->in.fname == NULL) || (strlen(io->in.fname) == 0)) &&
+	    (blob.length == 0)) {
+		struct smb2_request_buffer *buf = &req->out;
+
+		status = smb2_grow_buffer(buf, 1);
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(req);
+			return NULL;
+		}
+		buf->dynamic[0] = 0;
+		buf->dynamic += 1;
+		buf->body_size += 1;
+		buf->size += 1;
+	}
+
+	data_blob_free(&blob);
+
+	smb2_transport_send(req);
+
+	return req;
+}
+
+
+/*
+  recv a create reply
+*/
+NTSTATUS smb2_create_recv(struct smb2_request *req, TALLOC_CTX *mem_ctx, struct smb2_create *io)
+{
+	NTSTATUS status;
+	DATA_BLOB blob;
+	int i;
+
+	if (!smb2_request_receive(req) || 
+	    !smb2_request_is_ok(req)) {
+		return smb2_request_destroy(req);
+	}
+
+	SMB2_CHECK_PACKET_RECV(req, 0x58, true);
+	ZERO_STRUCT(io->out);
+	io->out.oplock_level   = CVAL(req->in.body, 0x02);
+	io->out.reserved       = CVAL(req->in.body, 0x03);
+	io->out.create_action  = IVAL(req->in.body, 0x04);
+	io->out.create_time    = smbcli_pull_nttime(req->in.body, 0x08);
+	io->out.access_time    = smbcli_pull_nttime(req->in.body, 0x10);
+	io->out.write_time     = smbcli_pull_nttime(req->in.body, 0x18);
+	io->out.change_time    = smbcli_pull_nttime(req->in.body, 0x20);
+	io->out.alloc_size     = BVAL(req->in.body, 0x28);
+	io->out.size           = BVAL(req->in.body, 0x30);
+	io->out.file_attr      = IVAL(req->in.body, 0x38);
+	io->out.reserved2      = IVAL(req->in.body, 0x3C);
+	smb2_pull_handle(req->in.body+0x40, &io->out.file.handle);
+	status = smb2_pull_o32s32_blob(&req->in, mem_ctx, req->in.body+0x50, &blob);
+	if (!NT_STATUS_IS_OK(status)) {
+		smb2_request_destroy(req);
+		return status;
+	}
+
+	status = smb2_create_blob_parse(mem_ctx, blob, &io->out.blobs);
+	if (!NT_STATUS_IS_OK(status)) {
+		smb2_request_destroy(req);
+		return status;
+	}
+
+	/* pull out the parsed blobs */
+	for (i=0;i<io->out.blobs.num_blobs;i++) {
+		if (strcmp(io->out.blobs.blobs[i].tag, SMB2_CREATE_TAG_MXAC) == 0) {
+			if (io->out.blobs.blobs[i].data.length != 8) {
+				smb2_request_destroy(req);
+				return NT_STATUS_INVALID_NETWORK_RESPONSE;
+			}
+			io->out.maximal_access_status =
+				IVAL(io->out.blobs.blobs[i].data.data, 0);
+			io->out.maximal_access = IVAL(io->out.blobs.blobs[i].data.data, 4);
+		}
+		if (strcmp(io->out.blobs.blobs[i].tag, SMB2_CREATE_TAG_QFID) == 0) {
+			if (io->out.blobs.blobs[i].data.length != 32) {
+				smb2_request_destroy(req);
+				return NT_STATUS_INVALID_NETWORK_RESPONSE;
+			}
+			memcpy(io->out.on_disk_id, io->out.blobs.blobs[i].data.data, 32);
+		}
+		if (strcmp(io->out.blobs.blobs[i].tag, SMB2_CREATE_TAG_RQLS) == 0) {
+			struct smb2_lease *ls = NULL;
+			uint8_t *data;
+
+			ZERO_STRUCT(io->out.lease_response);
+			ZERO_STRUCT(io->out.lease_response_v2);
+
+			switch (io->out.blobs.blobs[i].data.length) {
+			case 32:
+				ls = &io->out.lease_response;
+				ls->lease_version = 1;
+				break;
+			case 52:
+				ls = &io->out.lease_response_v2;
+				ls->lease_version = 2;
+				break;
+			default:
+				smb2_request_destroy(req);
+				return NT_STATUS_INVALID_NETWORK_RESPONSE;
+			}
+
+			data = io->out.blobs.blobs[i].data.data;
+			memcpy(&ls->lease_key, data, 16);
+			ls->lease_state = IVAL(data, 16);
+			ls->lease_flags = IVAL(data, 20);
+			ls->lease_duration = BVAL(data, 24);
+
+			if (io->out.blobs.blobs[i].data.length == 52) {
+				memcpy(&ls->parent_lease_key, data+32, 16);
+				ls->lease_epoch = SVAL(data, 48);
+			}
+		}
+		if (strcmp(io->out.blobs.blobs[i].tag, SMB2_CREATE_TAG_DHNQ) == 0) {
+			if (io->out.blobs.blobs[i].data.length != 8) {
+				smb2_request_destroy(req);
+				return NT_STATUS_INVALID_NETWORK_RESPONSE;
+			}
+			io->out.durable_open = true;
+		}
+		if (strcmp(io->out.blobs.blobs[i].tag, SMB2_CREATE_TAG_DH2Q) == 0) {
+			uint32_t flags;
+			uint8_t *data;
+
+			if (io->out.blobs.blobs[i].data.length != 8) {
+				smb2_request_destroy(req);
+				return NT_STATUS_INVALID_NETWORK_RESPONSE;
+			}
+
+			io->out.durable_open = false;
+			io->out.durable_open_v2 = true;
+
+			data = io->out.blobs.blobs[i].data.data;
+			io->out.timeout = IVAL(data, 0);
+			flags = IVAL(data, 4);
+			if ((flags & SMB2_DHANDLE_FLAG_PERSISTENT) != 0) {
+				io->out.persistent_open = true;
+			}
+		}
+	}
+
+	data_blob_free(&blob);
+
+	return smb2_request_destroy(req);
+}
+
+/*
+  sync create request
+*/
+NTSTATUS smb2_create(struct smb2_tree *tree, TALLOC_CTX *mem_ctx, struct smb2_create *io)
+{
+	struct smb2_request *req = smb2_create_send(tree, io);
+	return smb2_create_recv(req, mem_ctx, io);
+}
diff --git a/source4/libcli/smb2/find.c b/source4/libcli/smb2/find.c
new file mode 100644
index 0000000..559c77d
--- /dev/null
+++ b/source4/libcli/smb2/find.c
@@ -0,0 +1,181 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   SMB2 client find calls
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+
+/*
+  send a find request
+*/
+struct smb2_request *smb2_find_send(struct smb2_tree *tree, struct smb2_find *io)
+{
+	struct smb2_request *req;
+	NTSTATUS status;
+
+	req = smb2_request_init_tree(tree, SMB2_OP_QUERY_DIRECTORY, 0x20, true, 0);
+	if (req == NULL) return NULL;
+	req->credit_charge = (MAX(io->in.max_response_size, 1) - 1)/ 65536 + 1;
+
+	SCVAL(req->out.body, 0x02, io->in.level);
+	SCVAL(req->out.body, 0x03, io->in.continue_flags);
+	SIVAL(req->out.body, 0x04, io->in.file_index);
+	smb2_push_handle(req->out.body+0x08, &io->in.file.handle);
+
+	status = smb2_push_o16s16_string(&req->out, 0x18, io->in.pattern);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(req);
+		return NULL;
+	}
+
+	SIVAL(req->out.body, 0x1C, io->in.max_response_size);
+
+	smb2_transport_send(req);
+
+	return req;
+}
+
+
+/*
+  recv a find reply
+*/
+NTSTATUS smb2_find_recv(struct smb2_request *req, TALLOC_CTX *mem_ctx,
+			   struct smb2_find *io)
+{
+	NTSTATUS status;
+
+	if (!smb2_request_receive(req) || 
+	    smb2_request_is_error(req)) {
+		return smb2_request_destroy(req);
+	}
+
+	SMB2_CHECK_PACKET_RECV(req, 0x08, true);
+
+	status = smb2_pull_o16s32_blob(&req->in, mem_ctx, 
+				       req->in.body+0x02, &io->out.blob);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	return smb2_request_destroy(req);
+}
+
+/*
+  sync find request
+*/
+NTSTATUS smb2_find(struct smb2_tree *tree, TALLOC_CTX *mem_ctx,
+		   struct smb2_find *io)
+{
+	struct smb2_request *req = smb2_find_send(tree, io);
+	return smb2_find_recv(req, mem_ctx, io);
+}
+
+
+/*
+  a variant of smb2_find_recv that parses the resulting blob into
+  smb_search_data structures
+*/
+NTSTATUS smb2_find_level_recv(struct smb2_request *req, TALLOC_CTX *mem_ctx,
+			      uint8_t level, unsigned int *count,
+			      union smb_search_data **io)
+{
+	struct smb2_find f;
+	NTSTATUS status;
+	DATA_BLOB b;
+	enum smb_search_data_level smb_level;
+	unsigned int next_ofs=0;
+
+	switch (level) {
+	case SMB2_FIND_DIRECTORY_INFO:
+		smb_level = RAW_SEARCH_DATA_DIRECTORY_INFO;
+		break;
+	case SMB2_FIND_FULL_DIRECTORY_INFO:
+		smb_level = RAW_SEARCH_DATA_FULL_DIRECTORY_INFO;
+		break;
+	case SMB2_FIND_BOTH_DIRECTORY_INFO:
+		smb_level = RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO;
+		break;
+	case SMB2_FIND_NAME_INFO:
+		smb_level = RAW_SEARCH_DATA_NAME_INFO;
+		break;
+	case SMB2_FIND_ID_FULL_DIRECTORY_INFO:
+		smb_level = RAW_SEARCH_DATA_ID_FULL_DIRECTORY_INFO;
+		break;
+	case SMB2_FIND_ID_BOTH_DIRECTORY_INFO:
+		smb_level = RAW_SEARCH_DATA_ID_BOTH_DIRECTORY_INFO;
+		break;
+	default:
+		return NT_STATUS_INVALID_INFO_CLASS;
+	}
+
+	status = smb2_find_recv(req, mem_ctx, &f);
+	NT_STATUS_NOT_OK_RETURN(status);
+	
+	b = f.out.blob;
+	*io = NULL;
+	*count = 0;
+
+	do {
+		union smb_search_data *io2;
+
+		io2 = talloc_realloc(mem_ctx, *io, union smb_search_data, (*count)+1);
+		if (io2 == NULL) {
+			data_blob_free(&f.out.blob);
+			talloc_free(*io);
+			return NT_STATUS_NO_MEMORY;
+		}
+		*io = io2;
+
+		status = smb_raw_search_common(*io, smb_level, &b, (*io) + (*count), 
+					       &next_ofs, STR_UNICODE);
+
+		if (NT_STATUS_IS_OK(status) &&
+		    next_ofs >= b.length) {
+			data_blob_free(&f.out.blob);
+			talloc_free(*io);
+			return NT_STATUS_INFO_LENGTH_MISMATCH;			
+		}
+
+		(*count)++;
+
+		b = data_blob_const(b.data+next_ofs, b.length - next_ofs);
+	} while (NT_STATUS_IS_OK(status) && next_ofs != 0);
+
+	data_blob_free(&f.out.blob);
+	
+	return NT_STATUS_OK;
+}
+
+/*
+  a variant of smb2_find that parses the resulting blob into
+  smb_search_data structures
+*/
+NTSTATUS smb2_find_level(struct smb2_tree *tree, TALLOC_CTX *mem_ctx,
+			 struct smb2_find *f, 
+			 unsigned int *count, union smb_search_data **io)
+{
+	struct smb2_request *req;
+
+	req = smb2_find_send(tree, f);
+	return smb2_find_level_recv(req, mem_ctx, f->in.level, count, io);
+}
diff --git a/source4/libcli/smb2/flush.c b/source4/libcli/smb2/flush.c
new file mode 100644
index 0000000..577d1ba
--- /dev/null
+++ b/source4/libcli/smb2/flush.c
@@ -0,0 +1,70 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   SMB2 client flush handling
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+
+/*
+  send a flush request
+*/
+struct smb2_request *smb2_flush_send(struct smb2_tree *tree, struct smb2_flush *io)
+{
+	struct smb2_request *req;
+
+	req = smb2_request_init_tree(tree, SMB2_OP_FLUSH, 0x18, false, 0);
+	if (req == NULL) return NULL;
+
+	SSVAL(req->out.body, 0x02, io->in.reserved1);
+	SIVAL(req->out.body, 0x04, io->in.reserved2);
+	smb2_push_handle(req->out.body+0x08, &io->in.file.handle);
+
+	smb2_transport_send(req);
+
+	return req;
+}
+
+
+/*
+  recv a flush reply
+*/
+NTSTATUS smb2_flush_recv(struct smb2_request *req, struct smb2_flush *io)
+{
+	if (!smb2_request_receive(req) || 
+	    !smb2_request_is_ok(req)) {
+		return smb2_request_destroy(req);
+	}
+
+	SMB2_CHECK_PACKET_RECV(req, 0x04, false);
+
+	io->out.reserved = SVAL(req->in.body, 0x02);
+
+	return smb2_request_destroy(req);
+}
+
+/*
+  sync flush request
+*/
+NTSTATUS smb2_flush(struct smb2_tree *tree, struct smb2_flush *io)
+{
+	struct smb2_request *req = smb2_flush_send(tree, io);
+	return smb2_flush_recv(req, io);
+}
diff --git a/source4/libcli/smb2/getinfo.c b/source4/libcli/smb2/getinfo.c
new file mode 100644
index 0000000..5ffb988
--- /dev/null
+++ b/source4/libcli/smb2/getinfo.c
@@ -0,0 +1,239 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   SMB2 client getinfo calls
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+
+/*
+  send a getinfo request
+*/
+struct smb2_request *smb2_getinfo_send(struct smb2_tree *tree, struct smb2_getinfo *io)
+{
+	struct smb2_request *req;
+	NTSTATUS status;
+	size_t max_payload;
+
+	req = smb2_request_init_tree(tree, SMB2_OP_GETINFO, 0x28, true, 
+				     io->in.input_buffer.length);
+	if (req == NULL) return NULL;
+
+	SCVAL(req->out.body, 0x02, io->in.info_type);
+	SCVAL(req->out.body, 0x03, io->in.info_class);
+	SIVAL(req->out.body, 0x04, io->in.output_buffer_length);
+	/*
+	 * uint16_t input_buffer_offset
+	 * uint16_t reserved
+	 * uint32_t input_buffer_length
+	 *
+	 * We use smb2_push_o32s32_blob() which would
+	 * expect uint32_t offset, uint32_t length.
+	 *
+	 * Everything is little endian, we can just
+	 * overwrite the reserved field later.
+	 */
+	SIVAL(req->out.body, 0x10, io->in.additional_information);
+	SIVAL(req->out.body, 0x14, io->in.getinfo_flags);
+	smb2_push_handle(req->out.body+0x18, &io->in.file.handle);
+
+	/* this blob is used for quota queries */
+	status = smb2_push_o32s32_blob(&req->out, 0x08, io->in.input_buffer);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(req);
+		return NULL;
+	}
+	SSVAL(req->out.body, 0x0C, io->in.reserved);
+
+	max_payload = MAX(io->in.output_buffer_length, io->in.input_buffer.length);
+	req->credit_charge = (MAX(max_payload, 1) - 1)/ 65536 + 1;
+
+	smb2_transport_send(req);
+
+	return req;
+}
+
+
+/*
+  recv a getinfo reply
+*/
+NTSTATUS smb2_getinfo_recv(struct smb2_request *req, TALLOC_CTX *mem_ctx,
+			   struct smb2_getinfo *io)
+{
+	NTSTATUS status;
+
+	if (!smb2_request_receive(req) || 
+	    smb2_request_is_error(req)) {
+		return smb2_request_destroy(req);
+	}
+
+	SMB2_CHECK_PACKET_RECV(req, 0x08, true);
+
+	status = smb2_pull_o16s16_blob(&req->in, mem_ctx, req->in.body+0x02, &io->out.blob);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	return smb2_request_destroy(req);
+}
+
+/*
+  sync getinfo request
+*/
+NTSTATUS smb2_getinfo(struct smb2_tree *tree, TALLOC_CTX *mem_ctx,
+		      struct smb2_getinfo *io)
+{
+	struct smb2_request *req = smb2_getinfo_send(tree, io);
+	return smb2_getinfo_recv(req, mem_ctx, io);
+}
+
+
+/*
+  map a generic info level to a SMB2 info level
+*/
+uint16_t smb2_getinfo_map_level(uint16_t level, uint8_t info_class)
+{
+	if (info_class == SMB2_0_INFO_FILE &&
+	    level == RAW_FILEINFO_SEC_DESC) {
+		return SMB2_0_INFO_SECURITY;
+	}
+	if ((level & 0xFF) == info_class) {
+		return level;
+	} else if (level > 1000) {
+		return ((level-1000)<<8) | info_class;
+	}
+	DEBUG(0,("Unable to map SMB2 info level 0x%04x of class %d\n",
+		 level, info_class));
+	return 0;	
+}
+
+/*
+  level specific getinfo call - async send
+*/
+struct smb2_request *smb2_getinfo_file_send(struct smb2_tree *tree, union smb_fileinfo *io)
+{
+	struct smb2_getinfo b;
+	uint16_t smb2_level = smb2_getinfo_map_level(
+		io->generic.level, SMB2_0_INFO_FILE);
+	
+	if (smb2_level == 0) {
+		return NULL;
+	}
+
+	ZERO_STRUCT(b);
+	b.in.info_type            = smb2_level & 0xFF;
+	b.in.info_class           = smb2_level >> 8;
+	b.in.output_buffer_length = 0x10000;
+	b.in.input_buffer         = data_blob_null;
+	b.in.file.handle          = io->generic.in.file.handle;
+
+	if (io->generic.level == RAW_FILEINFO_SEC_DESC) {
+		b.in.additional_information = io->query_secdesc.in.secinfo_flags;
+	}
+	if (io->generic.level == RAW_FILEINFO_SMB2_ALL_EAS) {
+		b.in.getinfo_flags = io->all_eas.in.continue_flags;
+	}
+
+	return smb2_getinfo_send(tree, &b);
+}
+
+/*
+  recv a getinfo reply and parse the level info
+*/
+NTSTATUS smb2_getinfo_file_recv(struct smb2_request *req, TALLOC_CTX *mem_ctx,
+				union smb_fileinfo *io)
+{
+	struct smb2_getinfo b;
+	NTSTATUS status;
+
+	status = smb2_getinfo_recv(req, mem_ctx, &b);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	status = smb_raw_fileinfo_passthru_parse(&b.out.blob, mem_ctx, io->generic.level, io);
+	data_blob_free(&b.out.blob);
+
+	return status;
+}
+
+/*
+  level specific getinfo call
+*/
+NTSTATUS smb2_getinfo_file(struct smb2_tree *tree, TALLOC_CTX *mem_ctx, 
+			   union smb_fileinfo *io)
+{
+	struct smb2_request *req = smb2_getinfo_file_send(tree, io);
+	return smb2_getinfo_file_recv(req, mem_ctx, io);
+}
+
+
+/*
+  level specific getinfo call - async send
+*/
+struct smb2_request *smb2_getinfo_fs_send(struct smb2_tree *tree, union smb_fsinfo *io)
+{
+	struct smb2_getinfo b;
+	uint16_t smb2_level = smb2_getinfo_map_level(
+		io->generic.level, SMB2_0_INFO_FILESYSTEM);
+	
+	if (smb2_level == 0) {
+		return NULL;
+	}
+	
+	ZERO_STRUCT(b);
+	b.in.output_buffer_length = 0x10000;
+	b.in.file.handle          = io->generic.handle;
+	b.in.info_type            = smb2_level & 0xFF;
+	b.in.info_class           = smb2_level >> 8;
+
+	return smb2_getinfo_send(tree, &b);
+}
+
+/*
+  recv a getinfo reply and parse the level info
+*/
+NTSTATUS smb2_getinfo_fs_recv(struct smb2_request *req, TALLOC_CTX *mem_ctx,
+				union smb_fsinfo *io)
+{
+	struct smb2_getinfo b = {
+		.in = {0},
+	};
+	NTSTATUS status;
+
+	status = smb2_getinfo_recv(req, mem_ctx, &b);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	status = smb_raw_fsinfo_passthru_parse(b.out.blob, mem_ctx, io->generic.level, io);
+	data_blob_free(&b.out.blob);
+
+	return status;
+}
+
+/*
+  level specific getinfo call
+*/
+NTSTATUS smb2_getinfo_fs(struct smb2_tree *tree, TALLOC_CTX *mem_ctx, 
+			   union smb_fsinfo *io)
+{
+	struct smb2_request *req = smb2_getinfo_fs_send(tree, io);
+	return smb2_getinfo_fs_recv(req, mem_ctx, io);
+}
+
diff --git a/source4/libcli/smb2/ioctl.c b/source4/libcli/smb2/ioctl.c
new file mode 100644
index 0000000..fe74dfe
--- /dev/null
+++ b/source4/libcli/smb2/ioctl.c
@@ -0,0 +1,151 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   SMB2 client ioctl call
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "librpc/gen_ndr/ioctl.h"
+
+/*
+  send a ioctl request
+*/
+struct smb2_request *smb2_ioctl_send(struct smb2_tree *tree, struct smb2_ioctl *io)
+{
+	NTSTATUS status;
+	struct smb2_request *req;
+	uint64_t max_payload_in;
+	uint64_t max_payload_out;
+	size_t max_payload;
+
+	req = smb2_request_init_tree(tree, SMB2_OP_IOCTL, 0x38, true,
+				     io->in.in.length+io->in.out.length);
+	if (req == NULL) return NULL;
+
+	SSVAL(req->out.body, 0x02, 0); /* pad */
+	SIVAL(req->out.body, 0x04, io->in.function);
+	smb2_push_handle(req->out.body+0x08, &io->in.file.handle);
+
+	status = smb2_push_o32s32_blob(&req->out, 0x18, io->in.out);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(req);
+		return NULL;
+	}
+
+	SIVAL(req->out.body, 0x20, io->in.max_input_response);
+
+	status = smb2_push_o32s32_blob(&req->out, 0x24, io->in.in);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(req);
+		return NULL;
+	}
+
+	SIVAL(req->out.body, 0x2C, io->in.max_output_response);
+	SBVAL(req->out.body, 0x30, io->in.flags);
+
+	max_payload_in = io->in.out.length + io->in.in.length;
+	max_payload_in = MIN(max_payload_in, UINT32_MAX);
+	max_payload_out = io->in.max_input_response + io->in.max_output_response;
+	max_payload_out = MIN(max_payload_out, UINT32_MAX);
+
+	max_payload = MAX(max_payload_in, max_payload_out);
+	req->credit_charge = (MAX(max_payload, 1) - 1)/ 65536 + 1;
+
+	smb2_transport_send(req);
+
+	return req;
+}
+
+/*
+ * 3.3.4.4 Sending an Error Response
+ */
+static bool smb2_ioctl_is_failure(uint32_t ctl_code, NTSTATUS status,
+				  size_t data_size)
+{
+	if (NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+
+	if (NT_STATUS_EQUAL(status, STATUS_BUFFER_OVERFLOW)
+	 && ((ctl_code == FSCTL_PIPE_TRANSCEIVE)
+	  || (ctl_code == FSCTL_PIPE_PEEK)
+	  || (ctl_code == FSCTL_DFS_GET_REFERRALS))) {
+		return false;
+	}
+
+	if (((ctl_code == FSCTL_SRV_COPYCHUNK)
+				|| (ctl_code == FSCTL_SRV_COPYCHUNK_WRITE))
+	 && (data_size == sizeof(struct srv_copychunk_rsp))) {
+		/*
+		 * copychunk responses may come with copychunk data or error
+		 * response data, independent of status.
+		 */
+		return false;
+	}
+
+	return true;
+}
+
+/*
+  recv a ioctl reply
+*/
+NTSTATUS smb2_ioctl_recv(struct smb2_request *req,
+			 TALLOC_CTX *mem_ctx, struct smb2_ioctl *io)
+{
+	NTSTATUS status;
+
+	if (!smb2_request_receive(req) ||
+	    smb2_ioctl_is_failure(io->in.function, req->status,
+				  req->in.bufinfo.data_size)) {
+		return smb2_request_destroy(req);
+	}
+
+	SMB2_CHECK_PACKET_RECV(req, 0x30, true);
+
+	io->out.reserved   = SVAL(req->in.body, 0x02);
+	io->out.function   = IVAL(req->in.body, 0x04);
+	smb2_pull_handle(req->in.body+0x08, &io->out.file.handle);
+
+	status = smb2_pull_o32s32_blob(&req->in, mem_ctx, req->in.body+0x18, &io->out.in);
+	if (!NT_STATUS_IS_OK(status)) {
+		smb2_request_destroy(req);
+		return status;
+	}
+
+	status = smb2_pull_o32s32_blob(&req->in, mem_ctx, req->in.body+0x20, &io->out.out);
+	if (!NT_STATUS_IS_OK(status)) {
+		smb2_request_destroy(req);
+		return status;
+	}
+
+	io->out.flags     = IVAL(req->in.body, 0x28);
+	io->out.reserved2 = IVAL(req->in.body, 0x2C);
+
+	return smb2_request_destroy(req);
+}
+
+/*
+  sync ioctl request
+*/
+NTSTATUS smb2_ioctl(struct smb2_tree *tree, TALLOC_CTX *mem_ctx, struct smb2_ioctl *io)
+{
+	struct smb2_request *req = smb2_ioctl_send(tree, io);
+	return smb2_ioctl_recv(req, mem_ctx, io);
+}
diff --git a/source4/libcli/smb2/keepalive.c b/source4/libcli/smb2/keepalive.c
new file mode 100644
index 0000000..71004aa
--- /dev/null
+++ b/source4/libcli/smb2/keepalive.c
@@ -0,0 +1,68 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   SMB2 client keepalive handling
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+
+/*
+  send a keepalive request
+*/
+struct smb2_request *smb2_keepalive_send(struct smb2_transport *transport,
+					 struct smb2_session *session)
+{
+	struct smb2_request *req;
+
+	req = smb2_request_init(transport, SMB2_OP_KEEPALIVE, 0x04, false, 0);
+	if (req == NULL) return NULL;
+
+	SSVAL(req->out.body, 0x02, 0);
+
+	req->session = session;
+
+	smb2_transport_send(req);
+
+	return req;
+}
+
+
+/*
+  recv a keepalive reply
+*/
+NTSTATUS smb2_keepalive_recv(struct smb2_request *req)
+{
+	if (!smb2_request_receive(req) || 
+	    !smb2_request_is_ok(req)) {
+		return smb2_request_destroy(req);
+	}
+
+	SMB2_CHECK_PACKET_RECV(req, 0x04, false);
+	return smb2_request_destroy(req);
+}
+
+/*
+  sync keepalive request
+*/
+NTSTATUS smb2_keepalive(struct smb2_transport *transport)
+{
+	struct smb2_request *req = smb2_keepalive_send(transport, NULL);
+	return smb2_keepalive_recv(req);
+}
diff --git a/source4/libcli/smb2/lease_break.c b/source4/libcli/smb2/lease_break.c
new file mode 100644
index 0000000..c238f1d
--- /dev/null
+++ b/source4/libcli/smb2/lease_break.c
@@ -0,0 +1,81 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   SMB2 client oplock break handling
+
+   Copyright (C) Zachary Loafman 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+
+/*
+  Send a Lease Break Acknowledgement
+*/
+struct smb2_request *smb2_lease_break_ack_send(struct smb2_tree *tree,
+                                               struct smb2_lease_break_ack *io)
+{
+	struct smb2_request *req;
+
+	req = smb2_request_init_tree(tree, SMB2_OP_BREAK, 0x24, false, 0);
+	if (req == NULL) return NULL;
+
+	SIVAL(req->out.body, 0x02, io->in.reserved);
+	SIVAL(req->out.body, 0x04, io->in.lease.lease_flags);
+	memcpy(req->out.body+0x8, &io->in.lease.lease_key,
+	    sizeof(struct smb2_lease_key));
+	SIVAL(req->out.body, 0x18, io->in.lease.lease_state);
+	SBVAL(req->out.body, 0x1C, io->in.lease.lease_duration);
+
+	smb2_transport_send(req);
+
+	return req;
+}
+
+
+/*
+  Receive a Lease Break Response
+*/
+NTSTATUS smb2_lease_break_ack_recv(struct smb2_request *req,
+                                   struct smb2_lease_break_ack *io)
+{
+	if (!smb2_request_receive(req) ||
+	    !smb2_request_is_ok(req)) {
+		return smb2_request_destroy(req);
+	}
+
+	SMB2_CHECK_PACKET_RECV(req, 0x24, false);
+
+	io->out.reserved		= IVAL(req->in.body, 0x02);
+	io->out.lease.lease_flags	= IVAL(req->in.body, 0x04);
+	memcpy(&io->out.lease.lease_key, req->in.body+0x8,
+	    sizeof(struct smb2_lease_key));
+	io->out.lease.lease_state	= IVAL(req->in.body, 0x18);
+	io->out.lease.lease_duration	= IVAL(req->in.body, 0x1C);
+
+	return smb2_request_destroy(req);
+}
+
+/*
+  sync flush request
+*/
+NTSTATUS smb2_lease_break_ack(struct smb2_tree *tree,
+                              struct smb2_lease_break_ack *io)
+{
+	struct smb2_request *req = smb2_lease_break_ack_send(tree, io);
+	return smb2_lease_break_ack_recv(req, io);
+}
diff --git a/source4/libcli/smb2/lock.c b/source4/libcli/smb2/lock.c
new file mode 100644
index 0000000..f2a76d8
--- /dev/null
+++ b/source4/libcli/smb2/lock.c
@@ -0,0 +1,82 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   SMB2 client lock handling
+
+   Copyright (C) Stefan Metzmacher 2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+
+/*
+  send a lock request
+*/
+struct smb2_request *smb2_lock_send(struct smb2_tree *tree, struct smb2_lock *io)
+{
+	struct smb2_request *req;
+	int i;
+
+	req = smb2_request_init_tree(tree, SMB2_OP_LOCK, 
+				     24 + io->in.lock_count*24, false, 0);
+	if (req == NULL) return NULL;
+
+	/* this is quite bizarre - the spec says we must lie about the length! */
+	SSVAL(req->out.body, 0, 0x30);
+
+	SSVAL(req->out.body, 0x02, io->in.lock_count);
+	SIVAL(req->out.body, 0x04, io->in.lock_sequence);
+	smb2_push_handle(req->out.body+0x08, &io->in.file.handle);
+
+	for (i=0;i<io->in.lock_count;i++) {
+		SBVAL(req->out.body, 0x18 + i*24, io->in.locks[i].offset);
+		SBVAL(req->out.body, 0x20 + i*24, io->in.locks[i].length);
+		SIVAL(req->out.body, 0x28 + i*24, io->in.locks[i].flags);
+		SIVAL(req->out.body, 0x2C + i*24, io->in.locks[i].reserved);
+	}
+
+	smb2_transport_send(req);
+
+	return req;
+}
+
+
+/*
+  recv a lock reply
+*/
+NTSTATUS smb2_lock_recv(struct smb2_request *req, struct smb2_lock *io)
+{
+	if (!smb2_request_receive(req) || 
+	    smb2_request_is_error(req)) {
+		return smb2_request_destroy(req);
+	}
+
+	SMB2_CHECK_PACKET_RECV(req, 0x04, false);
+
+	io->out.reserved = SVAL(req->in.body, 0x02);
+
+	return smb2_request_destroy(req);
+}
+
+/*
+  sync lock request
+*/
+NTSTATUS smb2_lock(struct smb2_tree *tree, struct smb2_lock *io)
+{
+	struct smb2_request *req = smb2_lock_send(tree, io);
+	return smb2_lock_recv(req, io);
+}
diff --git a/source4/libcli/smb2/logoff.c b/source4/libcli/smb2/logoff.c
new file mode 100644
index 0000000..12cd553
--- /dev/null
+++ b/source4/libcli/smb2/logoff.c
@@ -0,0 +1,67 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   SMB2 client logoff handling
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+
+/*
+  send a logoff request
+*/
+struct smb2_request *smb2_logoff_send(struct smb2_session *session)
+{
+	struct smb2_request *req;
+
+	req = smb2_request_init(session->transport, SMB2_OP_LOGOFF, 0x04, false, 0);
+	if (req == NULL) return NULL;
+
+	req->session = session;
+
+	SSVAL(req->out.body, 0x02, 0);
+
+	smb2_transport_send(req);
+
+	return req;
+}
+
+
+/*
+  recv a logoff reply
+*/
+NTSTATUS smb2_logoff_recv(struct smb2_request *req)
+{
+	if (!smb2_request_receive(req) || 
+	    !smb2_request_is_ok(req)) {
+		return smb2_request_destroy(req);
+	}
+
+	SMB2_CHECK_PACKET_RECV(req, 0x04, false);
+	return smb2_request_destroy(req);
+}
+
+/*
+  sync logoff request
+*/
+NTSTATUS smb2_logoff(struct smb2_session *session)
+{
+	struct smb2_request *req = smb2_logoff_send(session);
+	return smb2_logoff_recv(req);
+}
diff --git a/source4/libcli/smb2/notify.c b/source4/libcli/smb2/notify.c
new file mode 100644
index 0000000..6786a70
--- /dev/null
+++ b/source4/libcli/smb2/notify.c
@@ -0,0 +1,116 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   SMB2 client notify calls
+
+   Copyright (C) Stefan Metzmacher 2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+
+/*
+  send a notify request
+*/
+struct smb2_request *smb2_notify_send(struct smb2_tree *tree, struct smb2_notify *io)
+{
+	struct smb2_request *req;
+	uint32_t old_timeout;
+
+	req = smb2_request_init_tree(tree, SMB2_OP_NOTIFY, 0x20, false, 0);
+	if (req == NULL) return NULL;
+
+	SSVAL(req->out.hdr,  SMB2_HDR_CREDIT,	0x0030);
+
+	SSVAL(req->out.body, 0x02, io->in.recursive);
+	SIVAL(req->out.body, 0x04, io->in.buffer_size);
+	smb2_push_handle(req->out.body+0x08, &io->in.file.handle);
+	SIVAL(req->out.body, 0x18, io->in.completion_filter);
+	SIVAL(req->out.body, 0x1C, io->in.unknown);
+
+	req->credit_charge = (MAX(io->in.buffer_size, 1) - 1)/ 65536 + 1;
+
+	old_timeout = req->transport->options.request_timeout;
+	req->transport->options.request_timeout = 0;
+	smb2_transport_send(req);
+	req->transport->options.request_timeout = old_timeout;
+
+	return req;
+}
+
+
+/*
+  recv a notify reply
+*/
+NTSTATUS smb2_notify_recv(struct smb2_request *req, TALLOC_CTX *mem_ctx,
+			  struct smb2_notify *io)
+{
+	NTSTATUS status;
+	DATA_BLOB blob;
+	uint32_t ofs, i;
+
+	if (!smb2_request_receive(req) || 
+	    !smb2_request_is_ok(req)) {
+		return smb2_request_destroy(req);
+	}
+
+	SMB2_CHECK_PACKET_RECV(req, 0x08, true);
+
+	status = smb2_pull_o16s32_blob(&req->in, mem_ctx, req->in.body+0x02, &blob);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	io->out.changes = NULL;
+	io->out.num_changes = 0;
+
+	/* count them */
+	for (ofs=0; blob.length - ofs > 12; ) {
+		uint32_t next = IVAL(blob.data, ofs);
+		io->out.num_changes++;
+		if (next == 0 || (ofs + next) >= blob.length) break;
+		ofs += next;
+	}
+
+	/* allocate array */
+	io->out.changes = talloc_array(mem_ctx, struct notify_changes, io->out.num_changes);
+	if (!io->out.changes) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i=ofs=0; i<io->out.num_changes; i++) {
+		io->out.changes[i].action = IVAL(blob.data, ofs+4);
+		smbcli_blob_pull_string(NULL, mem_ctx, &blob,
+					&io->out.changes[i].name,
+					ofs+8, ofs+12, STR_UNICODE);
+		ofs += IVAL(blob.data, ofs);
+	}
+
+	return smb2_request_destroy(req);
+}
+
+/*
+  sync notify request
+*/
+NTSTATUS smb2_notify(struct smb2_tree *tree, TALLOC_CTX *mem_ctx,
+		     struct smb2_notify *io)
+{
+	struct smb2_request *req = smb2_notify_send(tree, io);
+	return smb2_notify_recv(req, mem_ctx, io);
+}
diff --git a/source4/libcli/smb2/read.c b/source4/libcli/smb2/read.c
new file mode 100644
index 0000000..ca487a7
--- /dev/null
+++ b/source4/libcli/smb2/read.c
@@ -0,0 +1,89 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   SMB2 client read call
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+
+/*
+  send a read request
+*/
+struct smb2_request *smb2_read_send(struct smb2_tree *tree, struct smb2_read *io)
+{
+	struct smb2_request *req;
+
+	req = smb2_request_init_tree(tree, SMB2_OP_READ, 0x30, true, 0);
+	if (req == NULL) return NULL;
+
+	SCVAL(req->out.body, 0x02, 0); /* pad */
+	SCVAL(req->out.body, 0x03, 0); /* reserved */
+	SIVAL(req->out.body, 0x04, io->in.length);
+	SBVAL(req->out.body, 0x08, io->in.offset);
+	smb2_push_handle(req->out.body+0x10, &io->in.file.handle);
+	SIVAL(req->out.body, 0x20, io->in.min_count);
+	SIVAL(req->out.body, 0x24, io->in.channel);
+	SIVAL(req->out.body, 0x28, io->in.remaining);
+	SSVAL(req->out.body, 0x2C, io->in.channel_offset);
+	SSVAL(req->out.body, 0x2E, io->in.channel_length);
+
+	req->credit_charge = (MAX(io->in.length, 1) - 1)/ 65536 + 1;
+
+	smb2_transport_send(req);
+
+	return req;
+}
+
+
+/*
+  recv a read reply
+*/
+NTSTATUS smb2_read_recv(struct smb2_request *req, 
+			TALLOC_CTX *mem_ctx, struct smb2_read *io)
+{
+	NTSTATUS status;
+
+	if (!smb2_request_receive(req) || 
+	    !smb2_request_is_ok(req)) {
+		return smb2_request_destroy(req);
+	}
+
+	SMB2_CHECK_PACKET_RECV(req, 0x10, true);
+
+	status = smb2_pull_o16s32_blob(&req->in, mem_ctx, req->in.body+0x02, &io->out.data);
+	if (!NT_STATUS_IS_OK(status)) {
+		smb2_request_destroy(req);
+		return status;
+	}
+
+	io->out.remaining = IVAL(req->in.body, 0x08);
+	io->out.reserved  = IVAL(req->in.body, 0x0C);
+
+	return smb2_request_destroy(req);
+}
+
+/*
+  sync read request
+*/
+NTSTATUS smb2_read(struct smb2_tree *tree, TALLOC_CTX *mem_ctx, struct smb2_read *io)
+{
+	struct smb2_request *req = smb2_read_send(tree, io);
+	return smb2_read_recv(req, mem_ctx, io);
+}
diff --git a/source4/libcli/smb2/request.c b/source4/libcli/smb2/request.c
new file mode 100644
index 0000000..e10c528
--- /dev/null
+++ b/source4/libcli/smb2/request.c
@@ -0,0 +1,717 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   SMB2 client request handling
+
+   Copyright (C) Andrew Tridgell	2005
+   Copyright (C) Stefan Metzmacher	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/smb2/smb2.h"
+#include "../lib/util/dlinklist.h"
+#include "lib/events/events.h"
+#include "libcli/smb2/smb2_calls.h"
+
+/* fill in the bufinfo */
+void smb2_setup_bufinfo(struct smb2_request *req)
+{
+	req->in.bufinfo.mem_ctx    = req;
+	req->in.bufinfo.flags      = BUFINFO_FLAG_UNICODE | BUFINFO_FLAG_SMB2;
+	req->in.bufinfo.align_base = req->in.buffer;
+	if (req->in.dynamic) {
+		req->in.bufinfo.data       = req->in.dynamic;
+		req->in.bufinfo.data_size  = req->in.body_size - req->in.body_fixed;
+	} else {
+		req->in.bufinfo.data       = NULL;
+		req->in.bufinfo.data_size  = 0;
+	}
+}
+
+/*
+  initialise a smb2 request
+*/
+struct smb2_request *smb2_request_init(struct smb2_transport *transport, uint16_t opcode,
+				       uint16_t body_fixed_size, bool body_dynamic_present,
+				       uint32_t body_dynamic_size)
+{
+	struct smb2_request *req;
+	uint32_t hdr_offset;
+	bool compound = false;
+
+	if (body_dynamic_present) {
+		if (body_dynamic_size == 0) {
+			body_dynamic_size = 1;
+		}
+	} else {
+		body_dynamic_size = 0;
+	}
+
+	req = talloc_zero(transport, struct smb2_request);
+	if (req == NULL) return NULL;
+
+	req->state     = SMB2_REQUEST_INIT;
+	req->transport = transport;
+
+	hdr_offset = NBT_HDR_SIZE;
+
+	req->out.size      = hdr_offset + SMB2_HDR_BODY + body_fixed_size;
+	req->out.allocated = req->out.size + body_dynamic_size;
+
+	req->out.buffer = talloc_realloc(req, req->out.buffer,
+					 uint8_t, req->out.allocated);
+	if (req->out.buffer == NULL) {
+		talloc_free(req);
+		return NULL;
+	}
+
+	req->out.hdr       = req->out.buffer + hdr_offset;
+	req->out.body      = req->out.hdr + SMB2_HDR_BODY;
+	req->out.body_fixed= body_fixed_size;
+	req->out.body_size = body_fixed_size;
+	req->out.dynamic   = (body_dynamic_size ? req->out.body + body_fixed_size : NULL);
+
+	SIVAL(req->out.hdr, 0,				SMB2_MAGIC);
+	SSVAL(req->out.hdr, SMB2_HDR_LENGTH,		SMB2_HDR_BODY);
+	SSVAL(req->out.hdr, SMB2_HDR_CREDIT_CHARGE,	0);
+	SIVAL(req->out.hdr, SMB2_HDR_STATUS,		0);
+	SSVAL(req->out.hdr, SMB2_HDR_OPCODE,		opcode);
+	SSVAL(req->out.hdr, SMB2_HDR_CREDIT,		0);
+	SIVAL(req->out.hdr, SMB2_HDR_FLAGS,		0);
+	SIVAL(req->out.hdr, SMB2_HDR_NEXT_COMMAND,	0);
+	SBVAL(req->out.hdr, SMB2_HDR_MESSAGE_ID,	0);
+	SIVAL(req->out.hdr, SMB2_HDR_PID,		0);
+	SIVAL(req->out.hdr, SMB2_HDR_TID,		0);
+	SBVAL(req->out.hdr, SMB2_HDR_SESSION_ID,		0);
+	memset(req->out.hdr+SMB2_HDR_SIGNATURE, 0, 16);
+
+	/* set the length of the fixed body part and +1 if there's a dynamic part also */
+	SSVAL(req->out.body, 0, body_fixed_size + (body_dynamic_size?1:0));
+
+	/* 
+	 * if we have a dynamic part, make sure the first byte
+	 * which is always be part of the packet is initialized
+	 */
+	if (body_dynamic_size && !compound) {
+		req->out.size += 1;
+		SCVAL(req->out.dynamic, 0, 0);
+	}
+
+	return req;
+}
+
+/*
+    initialise a smb2 request for tree operations
+*/
+struct smb2_request *smb2_request_init_tree(struct smb2_tree *tree, uint16_t opcode,
+					    uint16_t body_fixed_size, bool body_dynamic_present,
+					    uint32_t body_dynamic_size)
+{
+	struct smb2_request *req = smb2_request_init(tree->session->transport, opcode, 
+						     body_fixed_size, body_dynamic_present,
+						     body_dynamic_size);
+	if (req == NULL) return NULL;
+
+	req->session = tree->session;
+	req->tree = tree;
+
+	return req;	
+}
+
+/* destroy a request structure and return final status */
+NTSTATUS smb2_request_destroy(struct smb2_request *req)
+{
+	NTSTATUS status;
+
+	/* this is the error code we give the application for when a
+	   _send() call fails completely */
+	if (!req) return NT_STATUS_UNSUCCESSFUL;
+
+	if (req->state == SMB2_REQUEST_ERROR &&
+	    NT_STATUS_IS_OK(req->status)) {
+		status = NT_STATUS_INTERNAL_ERROR;
+	} else {
+		status = req->status;
+	}
+
+	talloc_free(req);
+	return status;
+}
+
+/*
+  receive a response to a packet
+*/
+bool smb2_request_receive(struct smb2_request *req)
+{
+	/* req can be NULL when a send has failed. This eliminates lots of NULL
+	   checks in each module */
+	if (!req) return false;
+
+	/* keep receiving packets until this one is replied to */
+	while (req->state <= SMB2_REQUEST_RECV) {
+		if (tevent_loop_once(req->transport->ev) != 0) {
+			return false;
+		}
+	}
+
+	return req->state == SMB2_REQUEST_DONE;
+}
+
+/* Return true if the last packet was in error */
+bool smb2_request_is_error(struct smb2_request *req)
+{
+	return NT_STATUS_IS_ERR(req->status);
+}
+
+/* Return true if the last packet was OK */
+bool smb2_request_is_ok(struct smb2_request *req)
+{
+	return NT_STATUS_IS_OK(req->status);
+}
+
+/*
+  check if a range in the reply body is out of bounds
+*/
+bool smb2_oob(struct smb2_request_buffer *buf, const uint8_t *ptr, size_t size)
+{
+	if (size == 0) {
+		/* zero bytes is never out of range */
+		return false;
+	}
+	/* be careful with wraparound! */
+	if ((uintptr_t)ptr < (uintptr_t)buf->body ||
+	    (uintptr_t)ptr >= (uintptr_t)buf->body + buf->body_size ||
+	    size > buf->body_size ||
+	    (uintptr_t)ptr + size > (uintptr_t)buf->body + buf->body_size) {
+		return true;
+	}
+	return false;
+}
+
+size_t smb2_padding_size(uint32_t offset, size_t n)
+{
+	if ((offset & (n-1)) == 0) return 0;
+	return n - (offset & (n-1));
+}
+
+static size_t smb2_padding_fix(struct smb2_request_buffer *buf)
+{
+	if (buf->dynamic == (buf->body + buf->body_fixed)) {
+		if (buf->dynamic != (buf->buffer + buf->size)) {
+			return 1;
+		}
+	}
+	return 0;
+}
+
+/*
+  grow a SMB2 buffer by the specified amount
+*/
+NTSTATUS smb2_grow_buffer(struct smb2_request_buffer *buf, size_t increase)
+{
+	size_t hdr_ofs;
+	size_t dynamic_ofs;
+	uint8_t *buffer_ptr;
+	uint32_t newsize = buf->size + increase;
+
+	/* a packet size should be limited a bit */
+	if (newsize >= 0x00FFFFFF) return NT_STATUS_MARSHALL_OVERFLOW;
+
+	if (newsize <= buf->allocated) return NT_STATUS_OK;
+
+	hdr_ofs = buf->hdr - buf->buffer;
+	dynamic_ofs = buf->dynamic - buf->buffer;
+
+	buffer_ptr = talloc_realloc(buf, buf->buffer, uint8_t, newsize);
+	NT_STATUS_HAVE_NO_MEMORY(buffer_ptr);
+
+	buf->buffer	= buffer_ptr;
+	buf->hdr	= buf->buffer + hdr_ofs;
+	buf->body	= buf->hdr    + SMB2_HDR_BODY;
+	buf->dynamic	= buf->buffer + dynamic_ofs;
+	buf->allocated	= newsize;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  pull a uint16_t ofs/ uint16_t length/blob triple from a data blob
+  the ptr points to the start of the offset/length pair
+*/
+NTSTATUS smb2_pull_o16s16_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ctx, uint8_t *ptr, DATA_BLOB *blob)
+{
+	uint16_t ofs, size;
+	if (smb2_oob(buf, ptr, 4)) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+	ofs  = SVAL(ptr, 0);
+	size = SVAL(ptr, 2);
+	if (ofs == 0) {
+		*blob = data_blob(NULL, 0);
+		return NT_STATUS_OK;
+	}
+	if (smb2_oob(buf, buf->hdr + ofs, size)) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+	*blob = data_blob_talloc(mem_ctx, buf->hdr + ofs, size);
+	NT_STATUS_HAVE_NO_MEMORY(blob->data);
+	return NT_STATUS_OK;
+}
+
+/*
+  push a uint16_t ofs/ uint16_t length/blob triple into a data blob
+  the ofs points to the start of the offset/length pair, and is relative
+  to the body start
+*/
+NTSTATUS smb2_push_o16s16_blob(struct smb2_request_buffer *buf, 
+			       uint16_t ofs, DATA_BLOB blob)
+{
+	NTSTATUS status;
+	size_t offset;
+	size_t padding_length;
+	size_t padding_fix;
+	uint8_t *ptr = buf->body+ofs;
+
+	if (buf->dynamic == NULL) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/* we have only 16 bit for the size */
+	if (blob.length > 0xFFFF) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/* check if there're enough room for ofs and size */
+	if (smb2_oob(buf, ptr, 4)) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (blob.data == NULL) {
+		if (blob.length != 0) {
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+		SSVAL(ptr, 0, 0);
+		SSVAL(ptr, 2, 0);
+		return NT_STATUS_OK;
+	}
+
+	offset = buf->dynamic - buf->hdr;
+	padding_length = smb2_padding_size(offset, 2);
+	offset += padding_length;
+	padding_fix = smb2_padding_fix(buf);
+
+	SSVAL(ptr, 0, offset);
+	SSVAL(ptr, 2, blob.length);
+
+	status = smb2_grow_buffer(buf, blob.length + padding_length - padding_fix);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	memset(buf->dynamic, 0, padding_length);
+	buf->dynamic += padding_length;
+
+	memcpy(buf->dynamic, blob.data, blob.length);
+	buf->dynamic += blob.length;
+
+	buf->size += blob.length + padding_length - padding_fix;
+	buf->body_size += blob.length + padding_length;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  push a uint16_t ofs/ uint32_t length/blob triple into a data blob
+  the ofs points to the start of the offset/length pair, and is relative
+  to the body start
+*/
+NTSTATUS smb2_push_o16s32_blob(struct smb2_request_buffer *buf, 
+			       uint16_t ofs, DATA_BLOB blob)
+{
+	NTSTATUS status;
+	size_t offset;
+	size_t padding_length;
+	size_t padding_fix;
+	uint8_t *ptr = buf->body+ofs;
+
+	if (buf->dynamic == NULL) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/* check if there're enough room for ofs and size */
+	if (smb2_oob(buf, ptr, 6)) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (blob.data == NULL) {
+		if (blob.length != 0) {
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+		SSVAL(ptr, 0, 0);
+		SIVAL(ptr, 2, 0);
+		return NT_STATUS_OK;
+	}
+
+	offset = buf->dynamic - buf->hdr;
+	padding_length = smb2_padding_size(offset, 2);
+	offset += padding_length;
+	padding_fix = smb2_padding_fix(buf);
+
+	SSVAL(ptr, 0, offset);
+	SIVAL(ptr, 2, blob.length);
+
+	status = smb2_grow_buffer(buf, blob.length + padding_length - padding_fix);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	memset(buf->dynamic, 0, padding_length);
+	buf->dynamic += padding_length;
+
+	memcpy(buf->dynamic, blob.data, blob.length);
+	buf->dynamic += blob.length;
+
+	buf->size += blob.length + padding_length - padding_fix;
+	buf->body_size += blob.length + padding_length;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  push a uint32_t ofs/ uint32_t length/blob triple into a data blob
+  the ofs points to the start of the offset/length pair, and is relative
+  to the body start
+*/
+NTSTATUS smb2_push_o32s32_blob(struct smb2_request_buffer *buf, 
+			       uint32_t ofs, DATA_BLOB blob)
+{
+	NTSTATUS status;
+	size_t offset;
+	size_t padding_length;
+	size_t padding_fix;
+	uint8_t *ptr = buf->body+ofs;
+
+	if (buf->dynamic == NULL) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/* check if there're enough room for ofs and size */
+	if (smb2_oob(buf, ptr, 8)) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (blob.data == NULL) {
+		if (blob.length != 0) {
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+		SIVAL(ptr, 0, 0);
+		SIVAL(ptr, 4, 0);
+		return NT_STATUS_OK;
+	}
+
+	offset = buf->dynamic - buf->hdr;
+	padding_length = smb2_padding_size(offset, 8);
+	offset += padding_length;
+	padding_fix = smb2_padding_fix(buf);
+
+	SIVAL(ptr, 0, offset);
+	SIVAL(ptr, 4, blob.length);
+
+	status = smb2_grow_buffer(buf, blob.length + padding_length - padding_fix);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	memset(buf->dynamic, 0, padding_length);
+	buf->dynamic += padding_length;
+
+	memcpy(buf->dynamic, blob.data, blob.length);
+	buf->dynamic += blob.length;
+
+	buf->size += blob.length + padding_length - padding_fix;
+	buf->body_size += blob.length + padding_length;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  push a uint32_t length/ uint32_t ofs/blob triple into a data blob
+  the ofs points to the start of the length/offset pair, and is relative
+  to the body start
+*/
+NTSTATUS smb2_push_s32o32_blob(struct smb2_request_buffer *buf, 
+			       uint32_t ofs, DATA_BLOB blob)
+{
+	NTSTATUS status;
+	size_t offset;
+	size_t padding_length;
+	size_t padding_fix;
+	uint8_t *ptr = buf->body+ofs;
+
+	if (buf->dynamic == NULL) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/* check if there're enough room for ofs and size */
+	if (smb2_oob(buf, ptr, 8)) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (blob.data == NULL) {
+		if (blob.length != 0) {
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+		SIVAL(ptr, 0, 0);
+		SIVAL(ptr, 4, 0);
+		return NT_STATUS_OK;
+	}
+
+	offset = buf->dynamic - buf->hdr;
+	padding_length = smb2_padding_size(offset, 8);
+	offset += padding_length;
+	padding_fix = smb2_padding_fix(buf);
+
+	SIVAL(ptr, 0, blob.length);
+	SIVAL(ptr, 4, offset);
+
+	status = smb2_grow_buffer(buf, blob.length + padding_length - padding_fix);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	memset(buf->dynamic, 0, padding_length);
+	buf->dynamic += padding_length;
+
+	memcpy(buf->dynamic, blob.data, blob.length);
+	buf->dynamic += blob.length;
+
+	buf->size += blob.length + padding_length - padding_fix;
+	buf->body_size += blob.length + padding_length;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  pull a uint16_t ofs/ uint32_t length/blob triple from a data blob
+  the ptr points to the start of the offset/length pair
+*/
+NTSTATUS smb2_pull_o16s32_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ctx, uint8_t *ptr, DATA_BLOB *blob)
+{
+	uint16_t ofs;
+	uint32_t size;
+
+	if (smb2_oob(buf, ptr, 6)) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+	ofs  = SVAL(ptr, 0);
+	size = IVAL(ptr, 2);
+	if (ofs == 0) {
+		*blob = data_blob(NULL, 0);
+		return NT_STATUS_OK;
+	}
+	if (smb2_oob(buf, buf->hdr + ofs, size)) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+	*blob = data_blob_talloc(mem_ctx, buf->hdr + ofs, size);
+	NT_STATUS_HAVE_NO_MEMORY(blob->data);
+	return NT_STATUS_OK;
+}
+
+/*
+  pull a uint32_t ofs/ uint32_t length/blob triple from a data blob
+  the ptr points to the start of the offset/length pair
+*/
+NTSTATUS smb2_pull_o32s32_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ctx, uint8_t *ptr, DATA_BLOB *blob)
+{
+	uint32_t ofs, size;
+	if (smb2_oob(buf, ptr, 8)) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+	ofs  = IVAL(ptr, 0);
+	size = IVAL(ptr, 4);
+	if (ofs == 0) {
+		*blob = data_blob(NULL, 0);
+		return NT_STATUS_OK;
+	}
+	if (smb2_oob(buf, buf->hdr + ofs, size)) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+	*blob = data_blob_talloc(mem_ctx, buf->hdr + ofs, size);
+	NT_STATUS_HAVE_NO_MEMORY(blob->data);
+	return NT_STATUS_OK;
+}
+
+/*
+  pull a uint16_t ofs/ uint32_t length/blob triple from a data blob
+  the ptr points to the start of the offset/length pair
+  
+  In this variant the uint16_t is padded by an extra 2 bytes, making
+  the size aligned on 4 byte boundary
+*/
+NTSTATUS smb2_pull_o16As32_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ctx, uint8_t *ptr, DATA_BLOB *blob)
+{
+	uint32_t ofs, size;
+	if (smb2_oob(buf, ptr, 8)) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+	ofs  = SVAL(ptr, 0);
+	size = IVAL(ptr, 4);
+	if (ofs == 0) {
+		*blob = data_blob(NULL, 0);
+		return NT_STATUS_OK;
+	}
+	if (smb2_oob(buf, buf->hdr + ofs, size)) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+	*blob = data_blob_talloc(mem_ctx, buf->hdr + ofs, size);
+	NT_STATUS_HAVE_NO_MEMORY(blob->data);
+	return NT_STATUS_OK;
+}
+
+/*
+  pull a uint32_t length/ uint32_t ofs/blob triple from a data blob
+  the ptr points to the start of the offset/length pair
+*/
+NTSTATUS smb2_pull_s32o32_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ctx, uint8_t *ptr, DATA_BLOB *blob)
+{
+	uint32_t ofs, size;
+	if (smb2_oob(buf, ptr, 8)) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+	size = IVAL(ptr, 0);
+	ofs  = IVAL(ptr, 4);
+	if (ofs == 0) {
+		*blob = data_blob(NULL, 0);
+		return NT_STATUS_OK;
+	}
+	if (smb2_oob(buf, buf->hdr + ofs, size)) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+	*blob = data_blob_talloc(mem_ctx, buf->hdr + ofs, size);
+	NT_STATUS_HAVE_NO_MEMORY(blob->data);
+	return NT_STATUS_OK;
+}
+
+/*
+  pull a uint32_t length/ uint16_t ofs/blob triple from a data blob
+  the ptr points to the start of the offset/length pair
+*/
+NTSTATUS smb2_pull_s32o16_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ctx, uint8_t *ptr, DATA_BLOB *blob)
+{
+	uint32_t ofs, size;
+	if (smb2_oob(buf, ptr, 8)) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+	size = IVAL(ptr, 0);
+	ofs  = SVAL(ptr, 4);
+	if (ofs == 0) {
+		*blob = data_blob(NULL, 0);
+		return NT_STATUS_OK;
+	}
+	if (smb2_oob(buf, buf->hdr + ofs, size)) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+	*blob = data_blob_talloc(mem_ctx, buf->hdr + ofs, size);
+	NT_STATUS_HAVE_NO_MEMORY(blob->data);
+	return NT_STATUS_OK;
+}
+
+/*
+  pull a string in a uint16_t ofs/ uint16_t length/blob format
+  UTF-16 without termination
+*/
+NTSTATUS smb2_pull_o16s16_string(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ctx,
+				 uint8_t *ptr, const char **str)
+{
+	DATA_BLOB blob;
+	NTSTATUS status;
+	void *vstr;
+	size_t converted_size = 0;
+	bool ret;
+
+	status = smb2_pull_o16s16_blob(buf, mem_ctx, ptr, &blob);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	if (blob.data == NULL) {
+		*str = NULL;
+		return NT_STATUS_OK;
+	}
+
+	if (blob.length == 0) {
+		char *s;
+		s = talloc_strdup(mem_ctx, "");
+		NT_STATUS_HAVE_NO_MEMORY(s);
+		*str = s;
+		return NT_STATUS_OK;
+	}
+
+	ret = convert_string_talloc(mem_ctx, CH_UTF16, CH_UNIX, 
+				     blob.data, blob.length, &vstr, &converted_size);
+	data_blob_free(&blob);
+	(*str) = (char *)vstr;
+	if (!ret) {
+		return NT_STATUS_ILLEGAL_CHARACTER;
+	}
+	return NT_STATUS_OK;
+}
+
+/*
+  push a string in a uint16_t ofs/ uint16_t length/blob format
+  UTF-16 without termination
+*/
+NTSTATUS smb2_push_o16s16_string(struct smb2_request_buffer *buf,
+				 uint16_t ofs, const char *str)
+{
+	DATA_BLOB blob;
+	NTSTATUS status;
+	bool ret;
+	void *ptr = NULL;
+
+	if (str == NULL) {
+		return smb2_push_o16s16_blob(buf, ofs, data_blob(NULL, 0));
+	}
+
+	if (*str == 0) {
+		blob.data = discard_const_p(uint8_t, str);
+		blob.length = 0;
+		return smb2_push_o16s16_blob(buf, ofs, blob);
+	}
+
+	ret = convert_string_talloc(buf->buffer, CH_UNIX, CH_UTF16, 
+				    str, strlen(str), &ptr, &blob.length);
+	if (!ret) {
+		return NT_STATUS_ILLEGAL_CHARACTER;
+	}
+	blob.data = (uint8_t *)ptr;
+
+	status = smb2_push_o16s16_blob(buf, ofs, blob);
+	data_blob_free(&blob);
+	return status;
+}
+
+/*
+  push a file handle into a buffer
+*/
+void smb2_push_handle(uint8_t *data, struct smb2_handle *h)
+{
+	SBVAL(data, 0, h->data[0]);
+	SBVAL(data, 8, h->data[1]);
+}
+
+/*
+  pull a file handle from a buffer
+*/
+void smb2_pull_handle(uint8_t *ptr, struct smb2_handle *h)
+{
+	h->data[0] = BVAL(ptr, 0);
+	h->data[1] = BVAL(ptr, 8);
+}
diff --git a/source4/libcli/smb2/session.c b/source4/libcli/smb2/session.c
new file mode 100644
index 0000000..e94512d
--- /dev/null
+++ b/source4/libcli/smb2/session.c
@@ -0,0 +1,477 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   SMB2 client session handling
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/network.h"
+#include <tevent.h>
+#include "lib/util/tevent_ntstatus.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "auth/gensec/gensec.h"
+#include "auth/credentials/credentials.h"
+#include "../libcli/smb/smbXcli_base.h"
+
+/**
+  initialise a smb2_session structure
+ */
+struct smb2_session *smb2_session_init(struct smb2_transport *transport,
+				       struct gensec_settings *settings,
+				       TALLOC_CTX *parent_ctx)
+{
+	struct smb2_session *session;
+	NTSTATUS status;
+
+	session = talloc_zero(parent_ctx, struct smb2_session);
+	if (!session) {
+		return NULL;
+	}
+	session->transport = talloc_steal(session, transport);
+
+	session->smbXcli = smbXcli_session_create(session, transport->conn);
+	if (session->smbXcli == NULL) {
+		talloc_free(session);
+		return NULL;
+	}
+
+	/* prepare a gensec context for later use */
+	status = gensec_client_start(session, &session->gensec,
+				     settings);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(session);
+		return NULL;
+	}
+
+	gensec_want_feature(session->gensec, GENSEC_FEATURE_SESSION_KEY);
+
+	return session;
+}
+
+/*
+ * Note: that the caller needs to keep 'transport' around as
+ *       long as the returned session is active!
+ */
+struct smb2_session *smb2_session_channel(struct smb2_transport *transport,
+					  struct gensec_settings *settings,
+					  TALLOC_CTX *parent_ctx,
+					  struct smb2_session *base_session)
+{
+	struct smb2_session *session;
+	NTSTATUS status;
+
+	session = talloc_zero(parent_ctx, struct smb2_session);
+	if (!session) {
+		return NULL;
+	}
+	session->transport = transport;
+
+	status = smb2cli_session_create_channel(session,
+						base_session->smbXcli,
+						transport->conn,
+						&session->smbXcli);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(session);
+		return NULL;
+	}
+
+	session->needs_bind = true;
+
+	/* prepare a gensec context for later use */
+	status = gensec_client_start(session, &session->gensec,
+				     settings);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(session);
+		return NULL;
+	}
+
+	gensec_want_feature(session->gensec, GENSEC_FEATURE_SESSION_KEY);
+
+	return session;
+}
+
+struct smb2_session_setup_spnego_state {
+	struct tevent_context *ev;
+	struct smb2_session *session;
+	struct cli_credentials *credentials;
+	uint64_t previous_session_id;
+	bool session_bind;
+	bool reauth;
+	NTSTATUS gensec_status;
+	NTSTATUS remote_status;
+	DATA_BLOB in_secblob;
+	DATA_BLOB out_secblob;
+	struct iovec *recv_iov;
+};
+
+static void smb2_session_setup_spnego_gensec_next(struct tevent_req *req);
+static void smb2_session_setup_spnego_gensec_done(struct tevent_req *subreq);
+static void smb2_session_setup_spnego_smb2_next(struct tevent_req *req);
+static void smb2_session_setup_spnego_smb2_done(struct tevent_req *subreq);
+static void smb2_session_setup_spnego_both_ready(struct tevent_req *req);
+
+/*
+  a composite function that does a full SPNEGO session setup
+ */
+struct tevent_req *smb2_session_setup_spnego_send(
+				TALLOC_CTX *mem_ctx,
+				struct tevent_context *ev,
+				struct smb2_session *session,
+				struct cli_credentials *credentials,
+				uint64_t previous_session_id)
+{
+	struct smb2_transport *transport = session->transport;
+	struct tevent_req *req;
+	struct smb2_session_setup_spnego_state *state;
+	uint64_t current_session_id;
+	const char *chosen_oid;
+	NTSTATUS status;
+	const DATA_BLOB *server_gss_blob;
+	struct timeval endtime;
+	bool ok;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct smb2_session_setup_spnego_state);
+	if (req == NULL) {
+		return NULL;
+	}
+	state->ev = ev;
+	state->session = session;
+	state->credentials = credentials;
+	state->previous_session_id = previous_session_id;
+	state->gensec_status = NT_STATUS_MORE_PROCESSING_REQUIRED;
+	state->remote_status = NT_STATUS_MORE_PROCESSING_REQUIRED;
+
+	endtime = timeval_current_ofs(transport->options.request_timeout, 0);
+
+	ok = tevent_req_set_endtime(req, ev, endtime);
+	if (!ok) {
+		return tevent_req_post(req, ev);
+	}
+
+	current_session_id = smb2cli_session_current_id(state->session->smbXcli);
+	if (state->session->needs_bind) {
+		state->session_bind = true;
+	} else if (current_session_id != 0) {
+		state->reauth = true;
+	}
+	server_gss_blob = smbXcli_conn_server_gss_blob(session->transport->conn);
+	if (server_gss_blob) {
+		state->out_secblob = *server_gss_blob;
+	}
+
+	status = gensec_set_credentials(session->gensec, credentials);
+	if (tevent_req_nterror(req, status)) {
+		return tevent_req_post(req, ev);
+	}
+
+	status = gensec_set_target_hostname(session->gensec,
+					    smbXcli_conn_remote_name(session->transport->conn));
+	if (tevent_req_nterror(req, status)) {
+		return tevent_req_post(req, ev);
+	}
+
+	status = gensec_set_target_service(session->gensec, "cifs");
+	if (tevent_req_nterror(req, status)) {
+		return tevent_req_post(req, ev);
+	}
+
+	if (state->out_secblob.length > 0) {
+		chosen_oid = GENSEC_OID_SPNEGO;
+		status = gensec_start_mech_by_oid(session->gensec, chosen_oid);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(1, ("Failed to start set GENSEC client mechanism %s: %s\n",
+				  gensec_get_name_by_oid(session->gensec,
+							 chosen_oid),
+				  nt_errstr(status)));
+			state->out_secblob = data_blob_null;
+			chosen_oid = GENSEC_OID_NTLMSSP;
+			status = gensec_start_mech_by_oid(session->gensec,
+							  chosen_oid);
+			if (!NT_STATUS_IS_OK(status)) {
+				DEBUG(1, ("Failed to start set (fallback) GENSEC client mechanism %s: %s\n",
+					  gensec_get_name_by_oid(session->gensec,
+								 chosen_oid),
+					  nt_errstr(status)));
+			}
+		}
+		if (tevent_req_nterror(req, status)) {
+			return tevent_req_post(req, ev);
+		}
+	} else {
+		chosen_oid = GENSEC_OID_NTLMSSP;
+		status = gensec_start_mech_by_oid(session->gensec, chosen_oid);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(1, ("Failed to start set GENSEC client mechanism %s: %s\n",
+				  gensec_get_name_by_oid(session->gensec,
+							 chosen_oid),
+				  nt_errstr(status)));
+		}
+		if (tevent_req_nterror(req, status)) {
+			return tevent_req_post(req, ev);
+		}
+	}
+
+	smb2_session_setup_spnego_gensec_next(req);
+	if (!tevent_req_is_in_progress(req)) {
+		return tevent_req_post(req, ev);
+	}
+
+	return req;
+}
+
+static void smb2_session_setup_spnego_gensec_next(struct tevent_req *req)
+{
+	struct smb2_session_setup_spnego_state *state =
+		tevent_req_data(req,
+		struct smb2_session_setup_spnego_state);
+	struct smb2_session *session = state->session;
+	struct tevent_req *subreq = NULL;
+
+	if (NT_STATUS_IS_OK(state->gensec_status)) {
+		tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+		return;
+	}
+
+	subreq = gensec_update_send(state, state->ev,
+				    session->gensec,
+				    state->out_secblob);
+	if (tevent_req_nomem(subreq, req)) {
+		return;
+	}
+	tevent_req_set_callback(subreq,
+				smb2_session_setup_spnego_gensec_done,
+				req);
+}
+
+static void smb2_session_setup_spnego_gensec_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req =
+		tevent_req_callback_data(subreq,
+		struct tevent_req);
+	struct smb2_session_setup_spnego_state *state =
+		tevent_req_data(req,
+		struct smb2_session_setup_spnego_state);
+	NTSTATUS status;
+
+	status = gensec_update_recv(subreq, state,
+				    &state->in_secblob);
+	state->gensec_status = status;
+	state->out_secblob = data_blob_null;
+	if (!NT_STATUS_IS_OK(status) &&
+	    !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+		tevent_req_nterror(req, status);
+		return;
+	}
+
+	if (NT_STATUS_IS_OK(state->remote_status) &&
+	    NT_STATUS_IS_OK(state->gensec_status)) {
+		smb2_session_setup_spnego_both_ready(req);
+		return;
+	}
+
+	smb2_session_setup_spnego_smb2_next(req);
+}
+
+static void smb2_session_setup_spnego_smb2_next(struct tevent_req *req)
+{
+	struct smb2_session_setup_spnego_state *state =
+		tevent_req_data(req,
+		struct smb2_session_setup_spnego_state);
+	struct smb2_session *session = state->session;
+	uint32_t timeout_msec;
+	uint8_t in_flags = 0;
+	struct tevent_req *subreq = NULL;
+
+	if (NT_STATUS_IS_OK(state->remote_status)) {
+		tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+		return;
+	}
+
+	timeout_msec = session->transport->options.request_timeout * 1000;
+
+	if (state->session_bind) {
+		in_flags |= SMB2_SESSION_FLAG_BINDING;
+	}
+
+	subreq = smb2cli_session_setup_send(state, state->ev,
+					    session->transport->conn,
+					    timeout_msec,
+					    session->smbXcli,
+					    in_flags,
+					    0, /* in_capabilities */
+					    0, /* in_channel */
+					    state->previous_session_id,
+					    &state->in_secblob);
+	if (tevent_req_nomem(subreq, req)) {
+		return;
+	}
+	tevent_req_set_callback(subreq,
+				smb2_session_setup_spnego_smb2_done,
+				req);
+}
+
+/*
+  handle continuations of the spnego session setup
+*/
+static void smb2_session_setup_spnego_smb2_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req =
+		tevent_req_callback_data(subreq,
+		struct tevent_req);
+	struct smb2_session_setup_spnego_state *state =
+		tevent_req_data(req,
+		struct smb2_session_setup_spnego_state);
+	NTSTATUS status;
+
+	status = smb2cli_session_setup_recv(subreq, state,
+					    &state->recv_iov,
+					    &state->out_secblob);
+	state->remote_status = status;
+	state->in_secblob = data_blob_null;
+	if (!NT_STATUS_IS_OK(status) &&
+	    !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+		tevent_req_nterror(req, status);
+		return;
+	}
+
+	if (NT_STATUS_IS_OK(state->remote_status) &&
+	    NT_STATUS_IS_OK(state->gensec_status)) {
+		smb2_session_setup_spnego_both_ready(req);
+		return;
+	}
+
+	smb2_session_setup_spnego_gensec_next(req);
+}
+
+static void smb2_session_setup_spnego_both_ready(struct tevent_req *req)
+{
+	struct smb2_session_setup_spnego_state *state =
+		tevent_req_data(req,
+		struct smb2_session_setup_spnego_state);
+	struct smb2_session *session = state->session;
+	NTSTATUS status;
+	DATA_BLOB session_key;
+
+	if (state->out_secblob.length != 0) {
+		tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+		return;
+	}
+
+	if (state->in_secblob.length != 0) {
+		tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+		return;
+	}
+
+	if (state->reauth) {
+		tevent_req_done(req);
+		return;
+	}
+
+	if (cli_credentials_is_anonymous(state->credentials)) {
+		/*
+		 * Windows server does not set the
+		 * SMB2_SESSION_FLAG_IS_GUEST nor
+		 * SMB2_SESSION_FLAG_IS_NULL flag.
+		 *
+		 * This fix makes sure we do not try
+		 * to verify a signature on the final
+		 * session setup response.
+		 */
+		tevent_req_done(req);
+		return;
+	}
+
+	status = gensec_session_key(session->gensec, state,
+				    &session_key);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	if (state->session_bind) {
+		status = smb2cli_session_set_channel_key(session->smbXcli,
+							 session_key,
+							 state->recv_iov);
+		if (tevent_req_nterror(req, status)) {
+			return;
+		}
+		session->needs_bind = false;
+	} else {
+		status = smb2cli_session_set_session_key(session->smbXcli,
+							 session_key,
+							 state->recv_iov);
+		if (tevent_req_nterror(req, status)) {
+			return;
+		}
+	}
+	tevent_req_done(req);
+	return;
+}
+
+/*
+  receive a composite session setup reply
+*/
+NTSTATUS smb2_session_setup_spnego_recv(struct tevent_req *req)
+{
+	return tevent_req_simple_recv_ntstatus(req);
+}
+
+/*
+  sync version of smb2_session_setup_spnego
+*/
+NTSTATUS smb2_session_setup_spnego(struct smb2_session *session, 
+				   struct cli_credentials *credentials,
+				   uint64_t previous_session_id)
+{
+	struct tevent_req *subreq;
+	NTSTATUS status;
+	bool ok;
+	TALLOC_CTX *frame = talloc_stackframe();
+	struct tevent_context *ev = session->transport->ev;
+
+	if (frame == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	subreq = smb2_session_setup_spnego_send(frame, ev,
+						session, credentials,
+						previous_session_id);
+	if (subreq == NULL) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ok = tevent_req_poll(subreq, ev);
+	if (!ok) {
+		status = map_nt_error_from_unix_common(errno);
+		TALLOC_FREE(frame);
+		return status;
+	}
+
+	status = smb2_session_setup_spnego_recv(subreq);
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(frame);
+		return status;
+	}
+
+	TALLOC_FREE(frame);
+	return NT_STATUS_OK;
+}
diff --git a/source4/libcli/smb2/setinfo.c b/source4/libcli/smb2/setinfo.c
new file mode 100644
index 0000000..f8b50f6
--- /dev/null
+++ b/source4/libcli/smb2/setinfo.c
@@ -0,0 +1,123 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   SMB2 client setinfo calls
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+
+/*
+  send a setinfo request
+*/
+struct smb2_request *smb2_setinfo_send(struct smb2_tree *tree, struct smb2_setinfo *io)
+{
+	NTSTATUS status;
+	struct smb2_request *req;
+
+	req = smb2_request_init_tree(tree, SMB2_OP_SETINFO, 0x20, true, io->in.blob.length);
+	if (req == NULL) return NULL;
+
+	SSVAL(req->out.body, 0x02, io->in.level);
+
+	status = smb2_push_s32o32_blob(&req->out, 0x04, io->in.blob);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(req);
+		return NULL;
+	}
+
+	SIVAL(req->out.body, 0x0C, io->in.flags);
+	smb2_push_handle(req->out.body+0x10, &io->in.file.handle);
+
+	smb2_transport_send(req);
+
+	return req;
+}
+
+
+/*
+  recv a setinfo reply
+*/
+NTSTATUS smb2_setinfo_recv(struct smb2_request *req)
+{
+	if (!smb2_request_receive(req) || 
+	    !smb2_request_is_ok(req)) {
+		return smb2_request_destroy(req);
+	}
+
+	SMB2_CHECK_PACKET_RECV(req, 0x02, false);
+
+	return smb2_request_destroy(req);
+}
+
+/*
+  sync setinfo request
+*/
+NTSTATUS smb2_setinfo(struct smb2_tree *tree, struct smb2_setinfo *io)
+{
+	struct smb2_request *req = smb2_setinfo_send(tree, io);
+	return smb2_setinfo_recv(req);
+}
+
+/*
+  level specific file setinfo call - async send
+*/
+struct smb2_request *smb2_setinfo_file_send(struct smb2_tree *tree, union smb_setfileinfo *io)
+{
+	struct smb2_setinfo b;
+	uint16_t smb2_level = smb2_getinfo_map_level(
+		io->generic.level, SMB2_0_INFO_FILE);
+	struct smb2_request *req;
+	
+	if (smb2_level == 0) {
+		return NULL;
+	}
+
+	ZERO_STRUCT(b);
+	b.in.level             = smb2_level;
+	b.in.file.handle       = io->generic.in.file.handle;
+
+	/* change levels so the parsers know it is SMB2 */
+	if (io->generic.level == RAW_SFILEINFO_RENAME_INFORMATION) {
+		io->generic.level = RAW_SFILEINFO_RENAME_INFORMATION_SMB2;
+	}
+
+	if (!smb_raw_setfileinfo_passthru(tree, io->generic.level, io, &b.in.blob)) {
+		return NULL;
+	}
+
+	if (io->generic.level == RAW_SFILEINFO_SEC_DESC) {
+		b.in.flags = io->set_secdesc.in.secinfo_flags;
+	}
+
+	req = smb2_setinfo_send(tree, &b);
+	data_blob_free(&b.in.blob);
+	return req;
+}
+
+/*
+  level specific file setinfo call - sync
+*/
+NTSTATUS smb2_setinfo_file(struct smb2_tree *tree, union smb_setfileinfo *io)
+{
+	struct smb2_request *req = smb2_setinfo_file_send(tree, io);
+	return smb2_setinfo_recv(req);
+}
diff --git a/source4/libcli/smb2/signing.c b/source4/libcli/smb2/signing.c
new file mode 100644
index 0000000..b06f953
--- /dev/null
+++ b/source4/libcli/smb2/signing.c
@@ -0,0 +1,139 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   SMB2 Signing Code
+
+   Copyright (C) Andrew Tridgell <tridge@samba.org> 2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+#include "lib/crypto/gnutls_helpers.h"
+
+/*
+  sign an outgoing message
+ */
+NTSTATUS smb2_sign_message(struct smb2_request_buffer *buf, DATA_BLOB session_key)
+{
+	uint8_t digest[gnutls_hmac_get_len(GNUTLS_MAC_SHA256)];
+	uint64_t session_id;
+	size_t hdr_offset;
+	int rc;
+
+	if (buf->size < NBT_HDR_SIZE + SMB2_HDR_SIGNATURE + 16) {
+		/* can't sign non-SMB2 messages */
+		return NT_STATUS_OK;
+	}
+
+	hdr_offset = buf->hdr - buf->buffer;
+
+	session_id = BVAL(buf->hdr, SMB2_HDR_SESSION_ID);
+	if (session_id == 0) {
+		/* we don't sign messages with a zero session_id. See
+		   MS-SMB2 3.2.4.1.1 */
+		return NT_STATUS_OK;
+	}
+
+	if (session_key.length == 0) {
+		DEBUG(2,("Wrong session key length %u for SMB2 signing\n",
+			 (unsigned)session_key.length));
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	memset(buf->hdr + SMB2_HDR_SIGNATURE, 0, 16);
+
+	SIVAL(buf->hdr, SMB2_HDR_FLAGS, IVAL(buf->hdr, SMB2_HDR_FLAGS) | SMB2_HDR_FLAG_SIGNED);
+
+	rc = gnutls_hmac_fast(GNUTLS_MAC_SHA256,
+			      session_key.data,
+			      MIN(session_key.length, 16),
+			      buf->hdr,
+			      buf->size - hdr_offset,
+			      digest);
+	if (rc < 0) {
+		return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
+	}
+
+	DEBUG(5,("signed SMB2 message of size %u\n", (unsigned)buf->size - NBT_HDR_SIZE));
+
+	memcpy(buf->hdr + SMB2_HDR_SIGNATURE, digest, 16);
+
+	return NT_STATUS_OK;
+}
+
+/*
+  check an incoming signature
+ */
+NTSTATUS smb2_check_signature(struct smb2_request_buffer *buf, DATA_BLOB session_key)
+{
+	uint64_t session_id;
+	uint8_t digest[gnutls_hmac_get_len(GNUTLS_MAC_SHA256)];
+	uint8_t sig[16];
+	size_t hdr_offset;
+	int rc;
+
+	if (buf->size < NBT_HDR_SIZE + SMB2_HDR_SIGNATURE + 16) {
+		/* can't check non-SMB2 messages */
+		return NT_STATUS_OK;
+	}
+
+	hdr_offset = buf->hdr - buf->buffer;
+
+	session_id = BVAL(buf->hdr, SMB2_HDR_SESSION_ID);
+	if (session_id == 0) {
+		/* don't sign messages with a zero session_id. See
+		   MS-SMB2 3.2.4.1.1 */
+		return NT_STATUS_OK;
+	}
+
+	if (session_key.length == 0) {
+		/* we don't have the session key yet */
+		return NT_STATUS_OK;
+	}
+
+	memcpy(sig, buf->hdr+SMB2_HDR_SIGNATURE, 16);
+
+	memset(buf->hdr + SMB2_HDR_SIGNATURE, 0, 16);
+
+	rc = gnutls_hmac_fast(GNUTLS_MAC_SHA256,
+			      session_key.data,
+			      MIN(session_key.length, 16),
+			      buf->hdr,
+			      buf->size - hdr_offset,
+			      digest);
+	if (rc < 0) {
+		return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
+	}
+
+	memcpy(buf->hdr + SMB2_HDR_SIGNATURE, digest, 16);
+
+	if (!mem_equal_const_time(digest, sig, 16)) {
+		DEBUG(0,("Bad SMB2 signature for message of size %u\n",
+			 (unsigned)buf->size-NBT_HDR_SIZE));
+		dump_data(0, sig, 16);
+		dump_data(0, digest, 16);
+		ZERO_ARRAY(digest);
+		return NT_STATUS_ACCESS_DENIED;
+	}
+	ZERO_ARRAY(digest);
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/libcli/smb2/smb2.h b/source4/libcli/smb2/smb2.h
new file mode 100644
index 0000000..88e651a
--- /dev/null
+++ b/source4/libcli/smb2/smb2.h
@@ -0,0 +1,204 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   SMB2 client library header
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __LIBCLI_SMB2_SMB2_H__
+#define __LIBCLI_SMB2_SMB2_H__
+
+#include "libcli/raw/request.h"
+#include "libcli/raw/libcliraw.h"
+
+struct smb2_handle;
+struct smb2_lease_break;
+
+struct smb2_request_buffer {
+	/* the raw SMB2 buffer, including the 4 byte length header */
+	uint8_t *buffer;
+
+	/* the size of the raw buffer, including 4 byte header */
+	size_t size;
+
+	/* how much has been allocated - on reply the buffer is over-allocated to
+	   prevent too many realloc() calls
+	*/
+	size_t allocated;
+
+	/* the start of the SMB2 header - this is always buffer+4 */
+	uint8_t *hdr;
+
+	/* the packet body */
+	uint8_t *body;
+	size_t body_fixed;
+	size_t body_size;
+
+	/* this point to the next dynamic byte that can be used
+	 * this will be moved when some dynamic data is pushed
+	 */
+	uint8_t *dynamic;
+
+	/* this is used to range check and align strings and buffers */
+	struct request_bufinfo bufinfo;
+};
+
+/* this is the context for the smb2 transport layer */
+struct smb2_transport {
+	struct tevent_context *ev; /* TODO: remove this !!! */
+	struct smbXcli_conn *conn;
+
+	/* the details for coumpounded requests */
+	struct {
+		bool related;
+		struct tevent_req **reqs;
+	} compound;
+
+	/* an idle function - if this is defined then it will be
+	   called once every period microseconds while we are waiting
+	   for a packet */
+	struct {
+		void (*func)(struct smb2_transport *, void *);
+		void *private_data;
+		unsigned int period;
+		struct tevent_timer *te;
+	} idle;
+
+	struct {
+		/* a oplock break request handler */
+		bool (*handler)(struct smb2_transport *transport,
+				const struct smb2_handle *handle,
+				uint8_t level, void *private_data);
+		/* private data passed to the oplock handler */
+		void *private_data;
+	} oplock;
+
+	struct {
+		/* a lease break request handler */
+		bool (*handler)(struct smb2_transport *transport,
+				const struct smb2_lease_break *lease_break,
+				void *private_data);
+		/* private data passed to the oplock handler */
+		void *private_data;
+	} lease;
+	struct tevent_req *break_subreq;
+
+	struct smbcli_options options;
+};
+
+
+/*
+  SMB2 LSA state
+*/
+struct smb2lsa_state {
+	struct dcerpc_binding_handle *binding_handle;
+	struct smb2_tree *ipc_tree;
+	struct policy_handle handle;
+};
+
+
+/*
+  SMB2 tree context
+*/
+struct smb2_tree {
+	struct smb2_session *session;
+	struct smbXcli_tcon *smbXcli;
+	struct smb2lsa_state *lsa;
+};
+
+/*
+  SMB2 session context
+*/
+struct smb2_session {
+	struct smb2_transport *transport;
+	struct gensec_security *gensec;
+	struct smbXcli_session *smbXcli;
+	bool needs_bind;
+};
+
+
+
+/*
+  a client request moves between the following 4 states.
+*/
+enum smb2_request_state {SMB2_REQUEST_INIT, /* we are creating the request */
+			SMB2_REQUEST_RECV, /* we are waiting for a matching reply */
+			SMB2_REQUEST_DONE, /* the request is finished */
+			SMB2_REQUEST_ERROR}; /* a packet or transport level error has occurred */
+
+/* the context for a single SMB2 request */
+struct smb2_request {
+	/* each request is in one of 3 possible states */
+	enum smb2_request_state state;
+
+	struct tevent_req *subreq;
+
+	struct smb2_transport *transport;
+	struct smb2_session   *session;
+	struct smb2_tree      *tree;
+
+	struct {
+		bool can_cancel;
+	} cancel;
+
+	/* the NT status for this request. Set by packet receive code
+	   or code detecting error. */
+	NTSTATUS status;
+
+	struct smb2_request_buffer in;
+	struct smb2_request_buffer out;
+	struct iovec *recv_iov;
+
+	uint16_t credit_charge;
+
+	/* information on what to do with a reply when it is received
+	   asynchronously. If this is not setup when a reply is received then
+	   the reply is discarded
+
+	   The private pointer is private to the caller of the client
+	   library (the application), not private to the library
+	*/
+	struct {
+		void (*fn)(struct smb2_request *);
+		void *private_data;
+	} async;
+};
+
+
+#define SMB2_MIN_SIZE 0x42
+#define SMB2_MIN_SIZE_NO_BODY 0x40
+
+/*
+  check that a body has the expected size
+*/
+#define SMB2_CHECK_PACKET_RECV(req, size, dynamic) do { \
+	size_t is_size = req->in.body_size; \
+	uint16_t field_size = SVAL(req->in.body, 0); \
+	uint16_t want_size = ((dynamic)?(size)+1:(size)); \
+	if (is_size < (size)) { \
+		DEBUG(0,("%s: buffer too small 0x%x. Expected 0x%x\n", \
+			 __location__, (unsigned)is_size, (unsigned)want_size)); \
+		return NT_STATUS_BUFFER_TOO_SMALL; \
+	}\
+	if (field_size != want_size) { \
+		DEBUG(0,("%s: unexpected fixed body size 0x%x. Expected 0x%x\n", \
+			 __location__, (unsigned)field_size, (unsigned)want_size)); \
+		return NT_STATUS_INVALID_PARAMETER; \
+	} \
+} while (0)
+
+#endif
diff --git a/source4/libcli/smb2/smb2_calls.h b/source4/libcli/smb2/smb2_calls.h
new file mode 100644
index 0000000..b6c08c2
--- /dev/null
+++ b/source4/libcli/smb2/smb2_calls.h
@@ -0,0 +1,99 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   SMB2 client calls 
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "libcli/raw/interfaces.h"
+
+struct smb2_negprot {
+	struct {
+		uint16_t dialect_count;    /* size of dialects array */
+		uint16_t security_mode;    /* 0==signing disabled   
+					      1==signing enabled */
+		uint16_t reserved;
+		uint32_t capabilities;
+		struct GUID client_guid;
+		NTTIME   start_time;
+		uint16_t *dialects;
+	} in;
+	struct {
+		/* static body buffer 64 (0x40) bytes */
+		/* uint16_t buffer_code;  0x41 = 0x40 + 1 */
+		uint16_t security_mode; /* SMB2_NEGOTIATE_SIGNING_* */
+		uint16_t dialect_revision;
+		uint16_t reserved;
+		struct GUID server_guid;
+		uint32_t capabilities;
+		uint32_t max_transact_size;
+		uint32_t max_read_size;
+		uint32_t max_write_size;
+		NTTIME   system_time;
+		NTTIME   server_start_time;
+		/* uint16_t secblob_ofs */
+		/* uint16_t secblob_size */
+		uint32_t reserved2;
+		DATA_BLOB secblob;
+	} out;
+};
+
+/* NOTE! the getinfo fs and file levels exactly match up with the
+   'passthru' SMB levels, which are levels >= 1000. The SMB2 client
+   lib uses the names from the libcli/raw/ library */
+
+struct smb2_getinfo {
+	struct {
+		/* static body buffer 40 (0x28) bytes */
+		/* uint16_t buffer_code;  0x29 = 0x28 + 1 */
+		uint8_t info_type;
+		uint8_t info_class;
+		uint32_t output_buffer_length;
+		/* uint16_t input_buffer_offset; */
+		uint16_t reserved;
+		/* uint32_t input_buffer_length; */
+		uint32_t additional_information; /* SMB2_GETINFO_ADD_* */
+		uint32_t getinfo_flags; /* level specific */
+		union smb_handle file;
+		DATA_BLOB input_buffer;
+	} in;
+
+	struct {
+		/* static body buffer 8 (0x08) bytes */
+		/* uint16_t buffer_code; 0x09 = 0x08 + 1 */
+		/* uint16_t blob_ofs; */
+		/* uint16_t blob_size; */
+
+		/* dynamic body */
+		DATA_BLOB blob;
+	} out;
+};
+
+struct smb2_setinfo {
+	struct {
+		uint16_t level;
+		uint32_t flags;
+		union smb_handle file;
+		DATA_BLOB blob;
+	} in;
+};
+
+struct cli_credentials;
+struct tevent_context;
+struct resolve_context;
+struct gensec_settings;
+#include "libcli/smb2/smb2_proto.h"
diff --git a/source4/libcli/smb2/tcon.c b/source4/libcli/smb2/tcon.c
new file mode 100644
index 0000000..702e308
--- /dev/null
+++ b/source4/libcli/smb2/tcon.c
@@ -0,0 +1,52 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   SMB2 client tree handling
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "../libcli/smb/smbXcli_base.h"
+
+/*
+  initialise a smb2_session structure
+ */
+struct smb2_tree *smb2_tree_init(struct smb2_session *session,
+				 TALLOC_CTX *parent_ctx, bool primary)
+{
+	struct smb2_tree *tree;
+
+	tree = talloc_zero(parent_ctx, struct smb2_tree);
+	if (!session) {
+		return NULL;
+	}
+	if (primary) {
+		tree->session = talloc_steal(tree, session);
+	} else {
+		tree->session = talloc_reference(tree, session);
+	}
+
+	tree->smbXcli = smbXcli_tcon_create(tree);
+	if (tree->smbXcli == NULL) {
+		talloc_free(tree);
+		return NULL;
+	}
+
+	return tree;
+}
diff --git a/source4/libcli/smb2/tdis.c b/source4/libcli/smb2/tdis.c
new file mode 100644
index 0000000..5adad9d
--- /dev/null
+++ b/source4/libcli/smb2/tdis.c
@@ -0,0 +1,65 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   SMB2 client tdis handling
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+
+/*
+  send a tdis request
+*/
+struct smb2_request *smb2_tdis_send(struct smb2_tree *tree)
+{
+	struct smb2_request *req;
+
+	req = smb2_request_init_tree(tree, SMB2_OP_TDIS, 0x04, false, 0);
+	if (req == NULL) return NULL;
+
+	SSVAL(req->out.body, 0x02, 0);
+
+	smb2_transport_send(req);
+
+	return req;
+}
+
+
+/*
+  recv a tdis reply
+*/
+NTSTATUS smb2_tdis_recv(struct smb2_request *req)
+{
+	if (!smb2_request_receive(req) || 
+	    !smb2_request_is_ok(req)) {
+		return smb2_request_destroy(req);
+	}
+
+	SMB2_CHECK_PACKET_RECV(req, 0x04, false);
+	return smb2_request_destroy(req);
+}
+
+/*
+  sync tdis request
+*/
+NTSTATUS smb2_tdis(struct smb2_tree *tree)
+{
+	struct smb2_request *req = smb2_tdis_send(tree);
+	return smb2_tdis_recv(req);
+}
diff --git a/source4/libcli/smb2/transport.c b/source4/libcli/smb2/transport.c
new file mode 100644
index 0000000..292ca0f
--- /dev/null
+++ b/source4/libcli/smb2/transport.c
@@ -0,0 +1,557 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   SMB2 client transport context management functions
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/network.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "lib/socket/socket.h"
+#include "lib/events/events.h"
+#include "../lib/util/dlinklist.h"
+#include "../libcli/smb/smbXcli_base.h"
+#include "librpc/ndr/libndr.h"
+
+/*
+  destroy a transport
+ */
+static int transport_destructor(struct smb2_transport *transport)
+{
+	smb2_transport_dead(transport, NT_STATUS_LOCAL_DISCONNECT);
+	return 0;
+}
+
+/*
+  create a transport structure based on an established socket
+*/
+struct smb2_transport *smb2_transport_init(struct smbcli_socket *sock,
+					   TALLOC_CTX *parent_ctx,
+					   struct smbcli_options *options)
+{
+	struct smb2_transport *transport;
+
+	transport = talloc_zero(parent_ctx, struct smb2_transport);
+	if (!transport) return NULL;
+
+	transport->ev = sock->event.ctx;
+	transport->options = *options;
+
+	if (transport->options.max_protocol == PROTOCOL_DEFAULT) {
+		transport->options.max_protocol = PROTOCOL_LATEST;
+	}
+
+	if (transport->options.max_protocol < PROTOCOL_SMB2_02) {
+		transport->options.max_protocol = PROTOCOL_LATEST;
+	}
+
+	TALLOC_FREE(sock->event.fde);
+	TALLOC_FREE(sock->event.te);
+
+	transport->conn = smbXcli_conn_create(transport,
+					      sock->sock->fd,
+					      sock->hostname,
+					      options->signing,
+					      0, /* smb1_capabilities */
+					      &options->client_guid,
+					      options->smb2_capabilities,
+					      &options->smb3_capabilities);
+	if (transport->conn == NULL) {
+		talloc_free(transport);
+		return NULL;
+	}
+	sock->sock->fd = -1;
+	TALLOC_FREE(sock);
+
+	talloc_set_destructor(transport, transport_destructor);
+
+	return transport;
+}
+
+/*
+  create a transport structure based on an established socket
+*/
+NTSTATUS smb2_transport_raw_init(TALLOC_CTX *mem_ctx,
+				 struct tevent_context *ev,
+				 struct smbXcli_conn **_conn,
+				 const struct smbcli_options *options,
+				 struct smb2_transport **_transport)
+{
+	struct smb2_transport *transport = NULL;
+	enum protocol_types protocol;
+
+	if (*_conn == NULL) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	protocol = smbXcli_conn_protocol(*_conn);
+	if (protocol < PROTOCOL_SMB2_02) {
+		return NT_STATUS_REVISION_MISMATCH;
+	}
+
+	transport = talloc_zero(mem_ctx, struct smb2_transport);
+	if (transport == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	transport->ev = ev;
+	transport->options = *options;
+	transport->conn = talloc_move(transport, _conn);
+
+	talloc_set_destructor(transport, transport_destructor);
+	*_transport = transport;
+	return NT_STATUS_OK;
+}
+
+/*
+  mark the transport as dead
+*/
+void smb2_transport_dead(struct smb2_transport *transport, NTSTATUS status)
+{
+	if (NT_STATUS_EQUAL(NT_STATUS_UNSUCCESSFUL, status)) {
+		status = NT_STATUS_UNEXPECTED_NETWORK_ERROR;
+	}
+	if (NT_STATUS_IS_OK(status)) {
+		status = NT_STATUS_LOCAL_DISCONNECT;
+	}
+
+	smbXcli_conn_disconnect(transport->conn, status);
+}
+
+static void smb2_request_done(struct tevent_req *subreq);
+static void smb2_transport_break_handler(struct tevent_req *subreq);
+
+/*
+  put a request into the send queue
+*/
+void smb2_transport_send(struct smb2_request *req)
+{
+	NTSTATUS status;
+	struct smb2_transport *transport = req->transport;
+	struct tevent_req **reqs = transport->compound.reqs;
+	size_t num_reqs = talloc_array_length(reqs);
+	size_t i;
+	uint16_t cmd = SVAL(req->out.hdr, SMB2_HDR_OPCODE);
+	uint32_t additional_flags = IVAL(req->out.hdr, SMB2_HDR_FLAGS);
+	uint32_t clear_flags = 0;
+	struct smbXcli_tcon *tcon = NULL;
+	struct smbXcli_session *session = NULL;
+	bool need_pending_break = false;
+	size_t hdr_ofs;
+	size_t pdu_len;
+	DATA_BLOB body = data_blob_null;
+	DATA_BLOB dyn = data_blob_null;
+	uint32_t timeout_msec = transport->options.request_timeout * 1000;
+
+	if (transport->oplock.handler) {
+		need_pending_break = true;
+	}
+
+	if (transport->lease.handler) {
+		need_pending_break = true;
+	}
+
+	if (transport->break_subreq) {
+		need_pending_break = false;
+	}
+
+	if (need_pending_break) {
+		struct tevent_req *subreq;
+
+		subreq = smb2cli_req_create(transport,
+					    transport->ev,
+					    transport->conn,
+					    SMB2_OP_BREAK,
+					    0, /* additional_flags */
+					    0, /*clear_flags */
+					    0, /* timeout_msec */
+					    NULL, /* tcon */
+					    NULL, /* session */
+					    NULL, /* body */
+					    0, /* body_fixed */
+					    NULL, /* dyn */
+					    0, /* dyn_len */
+					    0); /* max_dyn_len */
+		if (subreq != NULL) {
+			smbXcli_req_set_pending(subreq);
+			tevent_req_set_callback(subreq,
+						smb2_transport_break_handler,
+						transport);
+			transport->break_subreq = subreq;
+		}
+	}
+
+	if (req->session) {
+		session = req->session->smbXcli;
+	}
+
+	if (req->tree) {
+		tcon = req->tree->smbXcli;
+	}
+
+	if (transport->compound.related) {
+		additional_flags |= SMB2_HDR_FLAG_CHAINED;
+	}
+
+	hdr_ofs = PTR_DIFF(req->out.hdr, req->out.buffer);
+	pdu_len = req->out.size - hdr_ofs;
+	body.data = req->out.body;
+	body.length = req->out.body_fixed;
+	dyn.data = req->out.body + req->out.body_fixed;
+	dyn.length = pdu_len - (SMB2_HDR_BODY + req->out.body_fixed);
+
+	req->subreq = smb2cli_req_create(req,
+					 transport->ev,
+					 transport->conn,
+					 cmd,
+					 additional_flags,
+					 clear_flags,
+					 timeout_msec,
+					 tcon,
+					 session,
+					 body.data, body.length,
+					 dyn.data, dyn.length,
+					 0); /* max_dyn_len */
+	if (req->subreq == NULL) {
+		req->state = SMB2_REQUEST_ERROR;
+		req->status = NT_STATUS_NO_MEMORY;
+		return;
+	}
+
+	if (!tevent_req_is_in_progress(req->subreq)) {
+		req->state = SMB2_REQUEST_ERROR;
+		req->status = NT_STATUS_INTERNAL_ERROR;/* TODO */
+		return;
+	}
+
+	tevent_req_set_callback(req->subreq, smb2_request_done, req);
+
+	smb2cli_req_set_notify_async(req->subreq);
+	if (req->credit_charge) {
+		smb2cli_req_set_credit_charge(req->subreq, req->credit_charge);
+	}
+
+	ZERO_STRUCT(req->out);
+	req->state = SMB2_REQUEST_RECV;
+
+	if (num_reqs > 0) {
+		for (i=0; i < num_reqs; i++) {
+			if (reqs[i] != NULL) {
+				continue;
+			}
+
+			reqs[i] = req->subreq;
+			i++;
+			break;
+		}
+
+		if (i < num_reqs) {
+			return;
+		}
+	} else {
+		reqs = &req->subreq;
+		num_reqs = 1;
+	}
+	status = smb2cli_req_compound_submit(reqs, num_reqs);
+
+	TALLOC_FREE(transport->compound.reqs);
+	transport->compound.related = false;
+
+	if (!NT_STATUS_IS_OK(status)) {
+		req->status = status;
+		req->state = SMB2_REQUEST_ERROR;
+		smbXcli_conn_disconnect(transport->conn, status);
+	}
+}
+
+static void smb2_request_done(struct tevent_req *subreq)
+{
+	struct smb2_request *req =
+		tevent_req_callback_data(subreq,
+		struct smb2_request);
+	ssize_t len;
+	size_t i;
+
+	req->recv_iov = NULL;
+
+	req->status = smb2cli_req_recv(req->subreq, req, &req->recv_iov, NULL, 0);
+	if (NT_STATUS_EQUAL(req->status, NT_STATUS_PENDING)) {
+		struct timeval endtime = smbXcli_req_endtime(subreq);
+		bool ok;
+
+		req->cancel.can_cancel = true;
+		if (timeval_is_zero(&endtime)) {
+			return;
+		}
+
+		ok = tevent_req_set_endtime(
+			subreq, req->transport->ev, endtime);
+		if (!ok) {
+			req->status = NT_STATUS_INTERNAL_ERROR;
+			req->state = SMB2_REQUEST_ERROR;
+			if (req->async.fn) {
+				req->async.fn(req);
+			}
+			return;
+		}
+		return;
+	}
+	TALLOC_FREE(req->subreq);
+	if (!NT_STATUS_IS_OK(req->status)) {
+		if (req->recv_iov == NULL) {
+			req->state = SMB2_REQUEST_ERROR;
+			if (req->async.fn) {
+				req->async.fn(req);
+			}
+			return;
+		}
+	}
+
+	len = req->recv_iov[0].iov_len;
+	for (i=1; i < 3; i++) {
+		uint8_t *p = req->recv_iov[i-1].iov_base;
+		uint8_t *c1 = req->recv_iov[i].iov_base;
+		uint8_t *c2 = p + req->recv_iov[i-1].iov_len;
+
+		len += req->recv_iov[i].iov_len;
+
+		if (req->recv_iov[i].iov_len == 0) {
+			continue;
+		}
+
+		if (c1 != c2) {
+			req->status = NT_STATUS_INTERNAL_ERROR;
+			req->state = SMB2_REQUEST_ERROR;
+			if (req->async.fn) {
+				req->async.fn(req);
+			}
+			return;
+		}
+	}
+
+	req->in.buffer = req->recv_iov[0].iov_base;
+	req->in.size = len;
+	req->in.allocated = req->in.size;
+
+	req->in.hdr        =  req->recv_iov[0].iov_base;
+	req->in.body       =  req->recv_iov[1].iov_base;
+	req->in.dynamic    =  req->recv_iov[2].iov_base;
+	req->in.body_fixed =  req->recv_iov[1].iov_len;
+	req->in.body_size  =  req->in.body_fixed;
+	req->in.body_size  += req->recv_iov[2].iov_len;
+
+	smb2_setup_bufinfo(req);
+
+	req->state = SMB2_REQUEST_DONE;
+	if (req->async.fn) {
+		req->async.fn(req);
+	}
+}
+
+static void smb2_transport_break_handler(struct tevent_req *subreq)
+{
+	struct smb2_transport *transport =
+		tevent_req_callback_data(subreq,
+		struct smb2_transport);
+	NTSTATUS status;
+	uint8_t *body;
+	uint16_t len = 0;
+	bool lease;
+	struct iovec *recv_iov = NULL;
+
+	transport->break_subreq = NULL;
+
+	status = smb2cli_req_recv(subreq, transport, &recv_iov, NULL, 0);
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(recv_iov);
+		smb2_transport_dead(transport, status);
+		return;
+	}
+
+	/*
+	 * Setup the subreq to handle the
+	 * next incoming SMB2 Break.
+	 */
+	subreq = smb2cli_req_create(transport,
+				    transport->ev,
+				    transport->conn,
+				    SMB2_OP_BREAK,
+				    0, /* additional_flags */
+				    0, /*clear_flags */
+				    0, /* timeout_msec */
+				    NULL, /* tcon */
+				    NULL, /* session */
+				    NULL, /* body */
+				    0, /* body_fixed */
+				    NULL, /* dyn */
+				    0, /* dyn_len */
+				    0); /* max_dyn_len */
+	if (subreq != NULL) {
+		smbXcli_req_set_pending(subreq);
+		tevent_req_set_callback(subreq,
+					smb2_transport_break_handler,
+					transport);
+		transport->break_subreq = subreq;
+	}
+
+	body = recv_iov[1].iov_base;
+
+	len = recv_iov[1].iov_len;
+	if (recv_iov[1].iov_len >= 2) {
+		len = CVAL(body, 0x00);
+		if (len != recv_iov[1].iov_len) {
+			len = recv_iov[1].iov_len;
+		}
+	}
+
+	if (len == 24) {
+		lease = false;
+	} else if (len == 44) {
+		lease = true;
+	} else {
+		DEBUG(1,("Discarding smb2 oplock reply of invalid size %u\n",
+			(unsigned)len));
+		TALLOC_FREE(recv_iov);
+		status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+		smb2_transport_dead(transport, status);
+		return;
+	}
+
+	if (!lease && transport->oplock.handler) {
+		struct smb2_handle h;
+		uint8_t level;
+
+		level = CVAL(body, 0x02);
+		smb2_pull_handle(body+0x08, &h);
+
+		TALLOC_FREE(recv_iov);
+
+		transport->oplock.handler(transport, &h, level,
+					  transport->oplock.private_data);
+	} else if (lease && transport->lease.handler) {
+		struct smb2_lease_break lb;
+
+		ZERO_STRUCT(lb);
+		lb.new_epoch =			SVAL(body, 0x2);
+		lb.break_flags =		SVAL(body, 0x4);
+		memcpy(&lb.current_lease.lease_key, body+0x8,
+		    sizeof(struct smb2_lease_key));
+		lb.current_lease.lease_state = 	SVAL(body, 0x18);
+		lb.new_lease_state =		SVAL(body, 0x1C);
+		lb.break_reason =		SVAL(body, 0x20);
+		lb.access_mask_hint = 		SVAL(body, 0x24);
+		lb.share_mask_hint = 		SVAL(body, 0x28);
+
+		TALLOC_FREE(recv_iov);
+
+		transport->lease.handler(transport, &lb,
+		    transport->lease.private_data);
+	} else {
+		DEBUG(5,("Got SMB2 %s break with no handler\n",
+			lease ? "lease" : "oplock"));
+	}
+	TALLOC_FREE(recv_iov);
+}
+
+NTSTATUS smb2_transport_compound_start(struct smb2_transport *transport,
+				       uint32_t num)
+{
+	TALLOC_FREE(transport->compound.reqs);
+	ZERO_STRUCT(transport->compound);
+
+	transport->compound.reqs = talloc_zero_array(transport,
+						     struct tevent_req *,
+						     num);
+	if (transport->compound.reqs == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	return NT_STATUS_OK;
+}
+
+void smb2_transport_compound_set_related(struct smb2_transport *transport,
+					 bool related)
+{
+	transport->compound.related = related;
+}
+
+void smb2_transport_credits_ask_num(struct smb2_transport *transport,
+				    uint16_t ask_num)
+{
+	smb2cli_conn_set_max_credits(transport->conn, ask_num);
+}
+
+static void idle_handler(struct tevent_context *ev, 
+			 struct tevent_timer *te, struct timeval t, void *private_data)
+{
+	struct smb2_transport *transport = talloc_get_type(private_data,
+							   struct smb2_transport);
+	struct timeval next;
+
+	transport->idle.func(transport, transport->idle.private_data);
+
+	if (transport->idle.func == NULL) {
+		return;
+	}
+
+	if (!smbXcli_conn_is_connected(transport->conn)) {
+		return;
+	}
+
+	next = timeval_current_ofs_usec(transport->idle.period);
+	transport->idle.te = tevent_add_timer(transport->ev,
+					      transport,
+					      next,
+					      idle_handler,
+					      transport);
+}
+
+/*
+  setup the idle handler for a transport
+  the period is in microseconds
+*/
+void smb2_transport_idle_handler(struct smb2_transport *transport, 
+				 void (*idle_func)(struct smb2_transport *, void *),
+				 uint64_t period,
+				 void *private_data)
+{
+	TALLOC_FREE(transport->idle.te);
+	ZERO_STRUCT(transport->idle);
+
+	if (idle_func == NULL) {
+		return;
+	}
+
+	if (!smbXcli_conn_is_connected(transport->conn)) {
+		return;
+	}
+
+	transport->idle.func = idle_func;
+	transport->idle.private_data = private_data;
+	transport->idle.period = period;
+
+	transport->idle.te = tevent_add_timer(transport->ev,
+					      transport,
+					      timeval_current_ofs_usec(period),
+					      idle_handler,
+					      transport);
+}
diff --git a/source4/libcli/smb2/util.c b/source4/libcli/smb2/util.c
new file mode 100644
index 0000000..f86a149
--- /dev/null
+++ b/source4/libcli/smb2/util.c
@@ -0,0 +1,363 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   SMB2 client utility functions
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "libcli/smb_composite/smb_composite.h"
+#include "librpc/gen_ndr/ndr_security.h"
+
+/*
+  simple close wrapper with SMB2
+*/
+NTSTATUS smb2_util_close(struct smb2_tree *tree, struct smb2_handle h)
+{
+	struct smb2_close c;
+
+	ZERO_STRUCT(c);
+	c.in.file.handle = h;
+
+	return smb2_close(tree, &c);
+}
+
+/*
+  unlink a file with SMB2
+*/
+NTSTATUS smb2_util_unlink(struct smb2_tree *tree, const char *fname)
+{
+	union smb_unlink io;
+	
+	ZERO_STRUCT(io);
+	io.unlink.in.pattern = fname;
+
+	return smb2_composite_unlink(tree, &io);
+}
+
+
+/*
+  rmdir with SMB2
+*/
+NTSTATUS smb2_util_rmdir(struct smb2_tree *tree, const char *dname)
+{
+	struct smb_rmdir io;
+	
+	ZERO_STRUCT(io);
+	io.in.path = dname;
+
+	return smb2_composite_rmdir(tree, &io);
+}
+
+
+/*
+  mkdir with SMB2
+*/
+NTSTATUS smb2_util_mkdir(struct smb2_tree *tree, const char *dname)
+{
+	union smb_mkdir io;
+	
+	ZERO_STRUCT(io);
+	io.mkdir.level = RAW_MKDIR_MKDIR;
+	io.mkdir.in.path = dname;
+
+	return smb2_composite_mkdir(tree, &io);
+}
+
+
+/*
+  set file attribute with SMB2
+*/
+NTSTATUS smb2_util_setatr(struct smb2_tree *tree, const char *name, uint32_t attrib)
+{
+	struct smb2_create cr = {0};
+	struct smb2_handle h1 = {{0}};
+	union smb_setfileinfo setinfo;
+	NTSTATUS status;
+
+	cr = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_WRITE_ATTRIBUTE,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.create_disposition = FILE_OPEN,
+		.in.fname = name,
+	};
+	status = smb2_create(tree, tree, &cr);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+	h1 = cr.out.file.handle;
+
+	setinfo = (union smb_setfileinfo) {
+		.basic_info.level = RAW_SFILEINFO_BASIC_INFORMATION,
+		.basic_info.in.file.handle = h1,
+		.basic_info.in.attrib = attrib,
+	};
+
+	status = smb2_setinfo_file(tree, &setinfo);
+	if (!NT_STATUS_IS_OK(status)) {
+		smb2_util_close(tree, h1);
+		return status;
+	}
+
+	smb2_util_close(tree, h1);
+	return NT_STATUS_OK;
+}
+
+
+/*
+  get file attribute with SMB2
+*/
+NTSTATUS smb2_util_getatr(struct smb2_tree *tree, const char *fname,
+			  uint16_t *attr, size_t *size, time_t *t)
+{
+	union smb_fileinfo parms;
+	NTSTATUS status;
+	struct smb2_create create_io = {0};
+
+	create_io.in.desired_access = SEC_FILE_READ_ATTRIBUTE;
+	create_io.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	create_io.in.create_disposition = FILE_OPEN;
+	create_io.in.fname = fname;
+	status = smb2_create(tree, tree, &create_io);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	ZERO_STRUCT(parms);
+	parms.all_info2.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+	parms.all_info2.in.file.handle = create_io.out.file.handle;
+	status = smb2_getinfo_file(tree, tree, &parms);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	status = smb2_util_close(tree, create_io.out.file.handle);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (size) {
+		*size = parms.all_info2.out.size;
+	}
+
+	if (t) {
+		*t = parms.all_info2.out.write_time;
+	}
+
+	if (attr) {
+		*attr = parms.all_info2.out.attrib;
+	}
+
+	return status;
+}
+
+
+/* 
+   recursively descend a tree deleting all files
+   returns the number of files deleted, or -1 on error
+*/
+int smb2_deltree(struct smb2_tree *tree, const char *dname)
+{
+	NTSTATUS status;
+	uint32_t total_deleted = 0;
+	unsigned int count, i;
+	union smb_search_data *list;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct smb2_find f;
+	struct smb2_create create_parm;
+	bool did_delete;
+
+	/* it might be a file */
+	status = smb2_util_unlink(tree, dname);
+	if (NT_STATUS_IS_OK(status)) {
+		talloc_free(tmp_ctx);
+		return 1;
+	}
+	if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) ||
+	    NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_PATH_NOT_FOUND) ||
+	    NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_FILE)) {
+		talloc_free(tmp_ctx);
+		return 0;
+	}
+
+	if (NT_STATUS_EQUAL(status, NT_STATUS_CANNOT_DELETE)) {
+		/* it could be read-only */
+		smb2_util_setatr(tree, dname, FILE_ATTRIBUTE_NORMAL);
+		status = smb2_util_unlink(tree, dname);
+	}
+	if (NT_STATUS_IS_OK(status)) {
+		talloc_free(tmp_ctx);
+		return 1;
+	}
+
+	ZERO_STRUCT(create_parm);
+	create_parm.in.desired_access = SEC_FILE_READ_DATA;
+	create_parm.in.share_access = 
+		NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	create_parm.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	create_parm.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create_parm.in.fname = dname;
+
+	status = smb2_create(tree, tmp_ctx, &create_parm);
+	if (NT_STATUS_IS_ERR(status)) {
+		DEBUG(2,("Failed to open %s - %s\n", dname, nt_errstr(status)));
+		talloc_free(tmp_ctx);
+		return -1;
+	}
+	
+
+	do {
+		did_delete = false;
+
+		ZERO_STRUCT(f);
+		f.in.file.handle       = create_parm.out.file.handle;
+		f.in.max_response_size = 0x10000;
+		f.in.level             = SMB2_FIND_NAME_INFO;
+		f.in.pattern           = "*";
+		
+		status = smb2_find_level(tree, tmp_ctx, &f, &count, &list);
+		if (NT_STATUS_IS_ERR(status)) {
+			DEBUG(2,("Failed to list %s - %s\n", 
+				 dname, nt_errstr(status)));
+			smb2_util_close(tree, create_parm.out.file.handle);
+			talloc_free(tmp_ctx);
+			return -1;
+		}
+		
+		for (i=0;i<count;i++) {
+			char *name;
+			if (strcmp(".", list[i].name_info.name.s) == 0 ||
+			    strcmp("..", list[i].name_info.name.s) == 0) {
+				continue;
+			}
+			name = talloc_asprintf(tmp_ctx, "%s\\%s", dname, list[i].name_info.name.s);
+			status = smb2_util_unlink(tree, name);
+			if (NT_STATUS_EQUAL(status, NT_STATUS_CANNOT_DELETE)) {
+				/* it could be read-only */
+				smb2_util_setatr(tree, name, FILE_ATTRIBUTE_NORMAL);
+				status = smb2_util_unlink(tree, name);
+			}
+			
+			if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
+				int ret;
+				ret = smb2_deltree(tree, name);
+				if (ret > 0) total_deleted += ret;
+			}
+			talloc_free(name);
+			if (NT_STATUS_IS_OK(status)) {
+				total_deleted++;
+				did_delete = true;
+			}
+		}
+	} while (did_delete);
+
+	smb2_util_close(tree, create_parm.out.file.handle);
+
+	status = smb2_util_rmdir(tree, dname);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_CANNOT_DELETE)) {
+		/* it could be read-only */
+		smb2_util_setatr(tree, dname, FILE_ATTRIBUTE_NORMAL);
+		status = smb2_util_rmdir(tree, dname);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		DEBUG(2,("Failed to delete %s - %s\n", 
+			 dname, nt_errstr(status)));
+		talloc_free(tmp_ctx);
+		return -1;
+	}
+
+	talloc_free(tmp_ctx);
+
+	return total_deleted;
+}
+
+/*
+  check if two SMB2 file handles are the same
+*/
+bool smb2_util_handle_equal(const struct smb2_handle h1,
+			    const struct smb2_handle h2)
+{
+	return (h1.data[0] == h2.data[0]) && (h1.data[1] == h2.data[1]);
+}
+
+bool smb2_util_handle_empty(const struct smb2_handle h)
+{
+	struct smb2_handle empty;
+
+	ZERO_STRUCT(empty);
+
+	return smb2_util_handle_equal(h, empty);
+}
+
+/****************************************************************************
+send a qpathinfo SMB_QUERY_FILE_ALT_NAME_INFO call
+****************************************************************************/
+NTSTATUS smb2_qpathinfo_alt_name(TALLOC_CTX *ctx, struct smb2_tree *tree,
+				 const char *fname, const char **alt_name)
+{
+	union smb_fileinfo parms;
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+	struct smb2_create create_io = {0};
+
+	mem_ctx = talloc_new(ctx);
+	if (!mem_ctx) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	create_io.in.desired_access = SEC_FILE_READ_ATTRIBUTE;
+	create_io.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	create_io.in.create_disposition = FILE_OPEN;
+	create_io.in.fname = fname;
+	status = smb2_create(tree, mem_ctx, &create_io);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(mem_ctx);
+		return status;
+	}
+
+	parms.alt_name_info.level = RAW_FILEINFO_SMB2_ALT_NAME_INFORMATION;
+	parms.alt_name_info.in.file.handle = create_io.out.file.handle;
+
+	status = smb2_getinfo_file(tree, mem_ctx, &parms);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(mem_ctx);
+		return status;
+	}
+
+	status = smb2_util_close(tree, create_io.out.file.handle);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(mem_ctx);
+		return status;
+	}
+
+	if (!parms.alt_name_info.out.fname.s) {
+		*alt_name = talloc_strdup(ctx, "");
+	} else {
+		*alt_name = talloc_strdup(ctx,
+					  parms.alt_name_info.out.fname.s);
+	}
+
+	talloc_free(mem_ctx);
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/libcli/smb2/write.c b/source4/libcli/smb2/write.c
new file mode 100644
index 0000000..62ffe2e
--- /dev/null
+++ b/source4/libcli/smb2/write.c
@@ -0,0 +1,81 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   SMB2 client write call
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+
+/*
+  send a write request
+*/
+struct smb2_request *smb2_write_send(struct smb2_tree *tree, struct smb2_write *io)
+{
+	NTSTATUS status;
+	struct smb2_request *req;
+
+	req = smb2_request_init_tree(tree, SMB2_OP_WRITE, 0x30, true, io->in.data.length);
+	if (req == NULL) return NULL;
+
+	status = smb2_push_o16s32_blob(&req->out, 0x02, io->in.data);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(req);
+		return NULL;
+	}
+
+	SBVAL(req->out.body, 0x08, io->in.offset);
+	smb2_push_handle(req->out.body+0x10, &io->in.file.handle);
+
+	SBVAL(req->out.body, 0x20, io->in.unknown1);
+	SBVAL(req->out.body, 0x28, io->in.unknown2);
+
+	smb2_transport_send(req);
+
+	return req;
+}
+
+
+/*
+  recv a write reply
+*/
+NTSTATUS smb2_write_recv(struct smb2_request *req, struct smb2_write *io)
+{
+	if (!smb2_request_receive(req) || 
+	    !smb2_request_is_ok(req)) {
+		return smb2_request_destroy(req);
+	}
+
+	SMB2_CHECK_PACKET_RECV(req, 0x10, true);
+
+	io->out._pad     = SVAL(req->in.body, 0x02);
+	io->out.nwritten = IVAL(req->in.body, 0x04);
+	io->out.unknown1 = BVAL(req->in.body, 0x08);
+
+	return smb2_request_destroy(req);
+}
+
+/*
+  sync write request
+*/
+NTSTATUS smb2_write(struct smb2_tree *tree, struct smb2_write *io)
+{
+	struct smb2_request *req = smb2_write_send(tree, io);
+	return smb2_write_recv(req, io);
+}
diff --git a/source4/libcli/smb2/wscript_build b/source4/libcli/smb2/wscript_build
new file mode 100644
index 0000000..51ac0f2
--- /dev/null
+++ b/source4/libcli/smb2/wscript_build
@@ -0,0 +1,10 @@
+#!/usr/bin/env python
+
+bld.SAMBA_SUBSYSTEM('LIBCLI_SMB2',
+	source='transport.c request.c session.c tcon.c create.c close.c connect.c getinfo.c write.c read.c setinfo.c find.c ioctl.c logoff.c tdis.c flush.c lock.c notify.c cancel.c keepalive.c break.c util.c signing.c lease_break.c',
+	autoproto='smb2_proto.h',
+	deps='tevent-util cli_smb_common GNUTLS_HELPERS',
+	public_deps='smbclient-raw gensec samba-credentials tevent',
+	private_headers='smb2.h',
+	)
+
diff --git a/source4/libcli/smb_composite/appendacl.c b/source4/libcli/smb_composite/appendacl.c
new file mode 100644
index 0000000..faaabe0
--- /dev/null
+++ b/source4/libcli/smb_composite/appendacl.c
@@ -0,0 +1,313 @@
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/composite/composite.h"
+#include "libcli/security/security.h"
+#include "libcli/smb_composite/smb_composite.h"
+
+/* the stages of this call */
+enum appendacl_stage {APPENDACL_OPENPATH, APPENDACL_GET, 
+		       APPENDACL_SET, APPENDACL_GETAGAIN, APPENDACL_CLOSEPATH};
+
+static void appendacl_handler(struct smbcli_request *req);
+
+struct appendacl_state {
+	enum appendacl_stage stage;
+	struct smb_composite_appendacl *io;
+
+	union smb_open *io_open;
+	union smb_setfileinfo *io_setfileinfo;
+	union smb_fileinfo *io_fileinfo;
+
+	struct smbcli_request *req;
+};
+
+
+static NTSTATUS appendacl_open(struct composite_context *c, 
+			      struct smb_composite_appendacl *io)
+{
+	struct appendacl_state *state = talloc_get_type(c->private_data, struct appendacl_state);
+	struct smbcli_tree *tree = state->req->tree;
+	NTSTATUS status;
+
+	status = smb_raw_open_recv(state->req, c, state->io_open);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	/* setup structures for getting fileinfo */
+	state->io_fileinfo = talloc(c, union smb_fileinfo);
+	NT_STATUS_HAVE_NO_MEMORY(state->io_fileinfo);
+	
+	state->io_fileinfo->query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	state->io_fileinfo->query_secdesc.in.file.fnum = state->io_open->ntcreatex.out.file.fnum;
+	state->io_fileinfo->query_secdesc.in.secinfo_flags = SECINFO_DACL;
+
+	state->req = smb_raw_fileinfo_send(tree, state->io_fileinfo);
+	NT_STATUS_HAVE_NO_MEMORY(state->req);
+
+	/* set the handler */
+	state->req->async.fn = appendacl_handler;
+	state->req->async.private_data = c;
+	state->stage = APPENDACL_GET;
+	
+	talloc_free (state->io_open);
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS appendacl_get(struct composite_context *c, 
+			       struct smb_composite_appendacl *io)
+{
+	struct appendacl_state *state = talloc_get_type(c->private_data, struct appendacl_state);
+	struct smbcli_tree *tree = state->req->tree;
+	NTSTATUS status;
+	
+	status = smb_raw_fileinfo_recv(state->req, state->io_fileinfo, state->io_fileinfo);
+	NT_STATUS_NOT_OK_RETURN(status);
+	
+	/* setup structures for setting fileinfo */
+	state->io_setfileinfo = talloc(c, union smb_setfileinfo);
+	NT_STATUS_HAVE_NO_MEMORY(state->io_setfileinfo);
+	
+	state->io_setfileinfo->set_secdesc.level            = RAW_SFILEINFO_SEC_DESC;
+	state->io_setfileinfo->set_secdesc.in.file.fnum     = state->io_fileinfo->query_secdesc.in.file.fnum;
+	
+	state->io_setfileinfo->set_secdesc.in.secinfo_flags = SECINFO_DACL;
+	state->io_setfileinfo->set_secdesc.in.sd            = state->io_fileinfo->query_secdesc.out.sd;
+	talloc_steal(state->io_setfileinfo, state->io_setfileinfo->set_secdesc.in.sd);
+
+	/* append all aces from io->in.sd->dacl to new security descriptor */
+	if (io->in.sd->dacl != NULL) {
+		uint32_t i;
+		for (i = 0; i < io->in.sd->dacl->num_aces; i++) {
+			security_descriptor_dacl_add(state->io_setfileinfo->set_secdesc.in.sd,
+						     &(io->in.sd->dacl->aces[i]));
+		}
+	}
+
+	status = smb_raw_setfileinfo(tree, state->io_setfileinfo);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	state->req = smb_raw_setfileinfo_send(tree, state->io_setfileinfo);
+	NT_STATUS_HAVE_NO_MEMORY(state->req);
+
+	/* call handler when done setting new security descriptor on file */
+	state->req->async.fn = appendacl_handler;
+	state->req->async.private_data = c;
+	state->stage = APPENDACL_SET;
+
+	talloc_free (state->io_fileinfo);
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS appendacl_set(struct composite_context *c, 
+			      struct smb_composite_appendacl *io)
+{
+	struct appendacl_state *state = talloc_get_type(c->private_data, struct appendacl_state);
+	struct smbcli_tree *tree = state->req->tree;
+	NTSTATUS status;
+
+	status = smbcli_request_simple_recv(state->req);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	/* setup structures for getting fileinfo */
+	state->io_fileinfo = talloc(c, union smb_fileinfo);
+	NT_STATUS_HAVE_NO_MEMORY(state->io_fileinfo);
+	
+
+	state->io_fileinfo->query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	state->io_fileinfo->query_secdesc.in.file.fnum = state->io_setfileinfo->set_secdesc.in.file.fnum;
+	state->io_fileinfo->query_secdesc.in.secinfo_flags = SECINFO_DACL;
+
+	state->req = smb_raw_fileinfo_send(tree, state->io_fileinfo);
+	NT_STATUS_HAVE_NO_MEMORY(state->req);
+
+	/* set the handler */
+	state->req->async.fn = appendacl_handler;
+	state->req->async.private_data = c;
+	state->stage = APPENDACL_GETAGAIN;
+	
+	talloc_free (state->io_setfileinfo);
+
+	return NT_STATUS_OK;
+}
+
+
+static NTSTATUS appendacl_getagain(struct composite_context *c, 
+				   struct smb_composite_appendacl *io)
+{
+	struct appendacl_state *state = talloc_get_type(c->private_data, struct appendacl_state);
+	struct smbcli_tree *tree = state->req->tree;
+	union smb_close *io_close;
+	NTSTATUS status;
+	
+	status = smb_raw_fileinfo_recv(state->req, c, state->io_fileinfo);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	io->out.sd = state->io_fileinfo->query_secdesc.out.sd;
+
+	/* setup structures for close */
+	io_close = talloc(c, union smb_close);
+	NT_STATUS_HAVE_NO_MEMORY(io_close);
+	
+	io_close->close.level = RAW_CLOSE_CLOSE;
+	io_close->close.in.file.fnum = state->io_fileinfo->query_secdesc.in.file.fnum;
+	io_close->close.in.write_time = 0;
+
+	state->req = smb_raw_close_send(tree, io_close);
+	NT_STATUS_HAVE_NO_MEMORY(state->req);
+
+	/* call the handler */
+	state->req->async.fn = appendacl_handler;
+	state->req->async.private_data = c;
+	state->stage = APPENDACL_CLOSEPATH;
+
+	talloc_free (state->io_fileinfo);
+
+	return NT_STATUS_OK;
+}
+
+
+
+static NTSTATUS appendacl_close(struct composite_context *c, 
+				struct smb_composite_appendacl *io)
+{
+	struct appendacl_state *state = talloc_get_type(c->private_data, struct appendacl_state);
+	NTSTATUS status;
+
+	status = smbcli_request_simple_recv(state->req);
+	NT_STATUS_NOT_OK_RETURN(status);
+	
+	c->state = COMPOSITE_STATE_DONE;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  handler for completion of a sub-request in appendacl
+*/
+static void appendacl_handler(struct smbcli_request *req)
+{
+	struct composite_context *c = (struct composite_context *)req->async.private_data;
+	struct appendacl_state *state = talloc_get_type(c->private_data, struct appendacl_state);
+
+	/* when this handler is called, the stage indicates what
+	   call has just finished */
+	switch (state->stage) {
+	case APPENDACL_OPENPATH:
+		c->status = appendacl_open(c, state->io);
+		break;
+
+	case APPENDACL_GET:
+		c->status = appendacl_get(c, state->io);
+		break;
+
+	case APPENDACL_SET:
+		c->status = appendacl_set(c, state->io);
+		break;
+
+	case APPENDACL_GETAGAIN:
+		c->status = appendacl_getagain(c, state->io);
+		break;
+
+	case APPENDACL_CLOSEPATH:
+		c->status = appendacl_close(c, state->io);
+		break;
+	}
+
+	/* We should get here if c->state >= SMBCLI_REQUEST_DONE */
+	if (!NT_STATUS_IS_OK(c->status)) {
+		c->state = COMPOSITE_STATE_ERROR;
+	}
+
+	if (c->state >= COMPOSITE_STATE_DONE &&
+	    c->async.fn) {
+		c->async.fn(c);
+	}
+}
+
+
+/*
+  composite appendacl call - does an open followed by a number setfileinfo,
+  after that new acls are read with fileinfo, followed by a close
+*/
+struct composite_context *smb_composite_appendacl_send(struct smbcli_tree *tree, 
+							struct smb_composite_appendacl *io)
+{
+	struct composite_context *c;
+	struct appendacl_state *state;
+
+	c = talloc_zero(tree, struct composite_context);
+	if (c == NULL) goto failed;
+
+	state = talloc(c, struct appendacl_state);
+	if (state == NULL) goto failed;
+
+	state->io = io;
+
+	c->private_data = state;
+	c->state = COMPOSITE_STATE_IN_PROGRESS;
+	c->event_ctx = tree->session->transport->ev;
+
+	/* setup structures for opening file */
+	state->io_open = talloc_zero(c, union smb_open);
+	if (state->io_open == NULL) goto failed;
+	
+	state->io_open->ntcreatex.level               = RAW_OPEN_NTCREATEX;
+	state->io_open->ntcreatex.in.root_fid.fnum    = 0;
+	state->io_open->ntcreatex.in.flags            = 0;
+	state->io_open->ntcreatex.in.access_mask      = SEC_FLAG_MAXIMUM_ALLOWED;
+	state->io_open->ntcreatex.in.file_attr        = FILE_ATTRIBUTE_NORMAL;
+	state->io_open->ntcreatex.in.share_access     = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	state->io_open->ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	state->io_open->ntcreatex.in.impersonation    = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	state->io_open->ntcreatex.in.security_flags   = 0;
+	state->io_open->ntcreatex.in.fname            = io->in.fname;
+
+	/* send the open on its way */
+	state->req = smb_raw_open_send(tree, state->io_open);
+	if (state->req == NULL) goto failed;
+
+	/* setup the callback handler */
+	state->req->async.fn = appendacl_handler;
+	state->req->async.private_data = c;
+	state->stage = APPENDACL_OPENPATH;
+
+	return c;
+
+failed:
+	talloc_free(c);
+	return NULL;
+}
+
+
+/*
+  composite appendacl call - recv side
+*/
+NTSTATUS smb_composite_appendacl_recv(struct composite_context *c, TALLOC_CTX *mem_ctx)
+{
+	NTSTATUS status;
+
+	status = composite_wait(c);
+
+	if (NT_STATUS_IS_OK(status)) {
+		struct appendacl_state *state = talloc_get_type(c->private_data, struct appendacl_state);
+		state->io->out.sd = security_descriptor_copy (mem_ctx, state->io->out.sd);
+	}
+
+	talloc_free(c);
+	return status;
+}
+
+
+/*
+  composite appendacl call - sync interface
+*/
+NTSTATUS smb_composite_appendacl(struct smbcli_tree *tree, 
+				TALLOC_CTX *mem_ctx,
+				struct smb_composite_appendacl *io)
+{
+	struct composite_context *c = smb_composite_appendacl_send(tree, io);
+	return smb_composite_appendacl_recv(c, mem_ctx);
+}
+
diff --git a/source4/libcli/smb_composite/connect.c b/source4/libcli/smb_composite/connect.c
new file mode 100644
index 0000000..ad50ae0
--- /dev/null
+++ b/source4/libcli/smb_composite/connect.c
@@ -0,0 +1,528 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+  a composite API for making a full SMB connection
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/composite/composite.h"
+#include "libcli/smb_composite/smb_composite.h"
+#include "lib/events/events.h"
+#include "libcli/resolve/resolve.h"
+#include "auth/credentials/credentials.h"
+#include "librpc/gen_ndr/ndr_nbt.h"
+#include "param/param.h"
+#include "lib/util/util_net.h"
+#include "libcli/smb/smbXcli_base.h"
+
+/* the stages of this call */
+enum connect_stage {CONNECT_SOCKET, 
+		    CONNECT_NEGPROT,
+		    CONNECT_SESSION_SETUP,
+		    CONNECT_SESSION_SETUP_ANON,
+		    CONNECT_TCON,
+		    CONNECT_DONE
+};
+
+struct connect_state {
+	enum connect_stage stage;
+	struct smbcli_socket *sock;
+	struct smbcli_transport *transport;
+	struct smbcli_session *session;
+	struct smb_composite_connect *io;
+	union smb_tcon *io_tcon;
+	struct smb_composite_sesssetup *io_setup;
+	struct smbcli_request *req;
+	struct composite_context *creq;
+	struct tevent_req *subreq;
+	struct nbt_name calling, called;
+};
+
+
+static void request_handler(struct smbcli_request *);
+static void composite_handler(struct composite_context *);
+static void subreq_handler(struct tevent_req *subreq);
+
+/*
+  a tree connect request has completed
+*/
+static NTSTATUS connect_tcon(struct composite_context *c, 
+			     struct smb_composite_connect *io)
+{
+	struct connect_state *state = talloc_get_type(c->private_data, struct connect_state);
+	NTSTATUS status;
+
+	status = smb_raw_tcon_recv(state->req, c, state->io_tcon);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	if (state->io_tcon->tconx.out.options & SMB_EXTENDED_SIGNATURES) {
+		smb1cli_session_protect_session_key(io->out.tree->session->smbXcli);
+	}
+
+	io->out.tree->tid = state->io_tcon->tconx.out.tid;
+	if (state->io_tcon->tconx.out.dev_type) {
+		io->out.tree->device = talloc_strdup(io->out.tree, 
+						     state->io_tcon->tconx.out.dev_type);
+	}
+	if (state->io_tcon->tconx.out.fs_type) {
+		io->out.tree->fs_type = talloc_strdup(io->out.tree, 
+						      state->io_tcon->tconx.out.fs_type);
+	}
+
+	state->stage = CONNECT_DONE;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  a session setup request with anonymous fallback has completed
+*/
+static NTSTATUS connect_session_setup_anon(struct composite_context *c, 
+					   struct smb_composite_connect *io)
+{
+	struct connect_state *state = talloc_get_type(c->private_data, struct connect_state);
+	NTSTATUS status;
+
+	status = smb_composite_sesssetup_recv(state->creq);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	io->out.anonymous_fallback_done = true;
+	
+	state->session->vuid = state->io_setup->out.vuid;
+	
+	/* setup for a tconx */
+	state->io_tcon = talloc(c, union smb_tcon);
+	NT_STATUS_HAVE_NO_MEMORY(state->io_tcon);
+
+	/* connect to a share using a tree connect */
+	state->io_tcon->generic.level = RAW_TCON_TCONX;
+	state->io_tcon->tconx.in.flags = TCONX_FLAG_EXTENDED_RESPONSE;
+	state->io_tcon->tconx.in.password = data_blob(NULL, 0);	
+	
+	state->io_tcon->tconx.in.path = talloc_asprintf(state->io_tcon, 
+						 "\\\\%s\\%s", 
+						 io->in.called_name, 
+						 io->in.service);
+	NT_STATUS_HAVE_NO_MEMORY(state->io_tcon->tconx.in.path);
+	if (!io->in.service_type) {
+		state->io_tcon->tconx.in.device = "?????";
+	} else {
+		state->io_tcon->tconx.in.device = io->in.service_type;
+	}
+
+	state->req = smb_raw_tcon_send(io->out.tree, state->io_tcon);
+	NT_STATUS_HAVE_NO_MEMORY(state->req);
+	if (state->req->state == SMBCLI_REQUEST_ERROR) {
+		return state->req->status;
+	}
+
+	state->req->async.fn = request_handler;
+	state->req->async.private_data = c;
+	state->stage = CONNECT_TCON;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  a session setup request has completed
+*/
+static NTSTATUS connect_session_setup(struct composite_context *c, 
+				      struct smb_composite_connect *io)
+{
+	struct connect_state *state = talloc_get_type(c->private_data, struct connect_state);
+	NTSTATUS status;
+
+	status = smb_composite_sesssetup_recv(state->creq);
+
+	if (!NT_STATUS_IS_OK(status) &&
+	    !cli_credentials_is_anonymous(state->io->in.credentials) &&
+	    io->in.fallback_to_anonymous) {
+
+		state->io_setup->in.credentials = cli_credentials_init(state);
+		NT_STATUS_HAVE_NO_MEMORY(state->io_setup->in.credentials);
+		cli_credentials_set_workstation(state->io_setup->in.credentials,
+		   cli_credentials_get_workstation(state->io->in.credentials), 
+		   CRED_SPECIFIED);
+		cli_credentials_set_anonymous(state->io_setup->in.credentials);
+
+		/* If the preceding attempt was with extended security, we
+		 * have been given a uid in the NTLMSSP_CHALLENGE reply. This
+		 * would lead to an invalid uid in the anonymous fallback */
+		state->session->vuid = 0;
+		talloc_free(state->session->gensec);
+		state->session->gensec = NULL;
+
+		state->creq = smb_composite_sesssetup_send(state->session,
+							   state->io_setup);
+		NT_STATUS_HAVE_NO_MEMORY(state->creq);
+		if (state->creq->state == COMPOSITE_STATE_ERROR) {
+			return state->creq->status;
+		}
+		state->creq->async.fn = composite_handler;
+		state->creq->async.private_data = c;
+		state->stage = CONNECT_SESSION_SETUP_ANON;
+
+		return NT_STATUS_OK;
+	}
+
+	NT_STATUS_NOT_OK_RETURN(status);
+	
+	state->session->vuid = state->io_setup->out.vuid;
+	
+	/* If we don't have a remote share name then this indicates that
+	 * we don't want to do a tree connect */
+	if (!io->in.service) {
+		state->stage = CONNECT_DONE;
+		return NT_STATUS_OK;
+	}
+
+	state->io_tcon = talloc(c, union smb_tcon);
+	NT_STATUS_HAVE_NO_MEMORY(state->io_tcon);
+
+	/* connect to a share using a tree connect */
+	state->io_tcon->generic.level = RAW_TCON_TCONX;
+	state->io_tcon->tconx.in.flags = TCONX_FLAG_EXTENDED_RESPONSE;
+	state->io_tcon->tconx.in.flags |= TCONX_FLAG_EXTENDED_SIGNATURES;
+	state->io_tcon->tconx.in.password = data_blob(NULL, 0);	
+	
+	state->io_tcon->tconx.in.path = talloc_asprintf(state->io_tcon, 
+						 "\\\\%s\\%s", 
+						 io->in.called_name, 
+						 io->in.service);
+	NT_STATUS_HAVE_NO_MEMORY(state->io_tcon->tconx.in.path);
+	if (!io->in.service_type) {
+		state->io_tcon->tconx.in.device = "?????";
+	} else {
+		state->io_tcon->tconx.in.device = io->in.service_type;
+	}
+
+	state->req = smb_raw_tcon_send(io->out.tree, state->io_tcon);
+	NT_STATUS_HAVE_NO_MEMORY(state->req);
+	if (state->req->state == SMBCLI_REQUEST_ERROR) {
+		return state->req->status;
+	}
+
+	state->req->async.fn = request_handler;
+	state->req->async.private_data = c;
+	state->stage = CONNECT_TCON;
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS connect_send_session(struct composite_context *c,
+				     struct smb_composite_connect *io)
+{
+	struct connect_state *state = talloc_get_type(c->private_data, struct connect_state);
+
+	/* next step is a session setup */
+	state->session = smbcli_session_init(state->transport, state, true, io->in.session_options);
+	NT_STATUS_HAVE_NO_MEMORY(state->session);
+	
+	/* setup for a tconx (or at least have the structure ready to
+	 * return, if we won't go that far) */
+	io->out.tree = smbcli_tree_init(state->session, state, true);
+	NT_STATUS_HAVE_NO_MEMORY(io->out.tree);
+
+	/* If we don't have any credentials then this indicates that
+	 * we don't want to do a session setup */
+	if (!io->in.credentials) {
+		state->stage = CONNECT_DONE;
+		return NT_STATUS_OK;
+	}
+
+	state->io_setup = talloc(c, struct smb_composite_sesssetup);
+	NT_STATUS_HAVE_NO_MEMORY(state->io_setup);
+
+	/* prepare a session setup to establish a security context */
+	state->io_setup->in.sesskey      = state->transport->negotiate.sesskey;
+	state->io_setup->in.capabilities = state->transport->negotiate.capabilities;
+	state->io_setup->in.credentials  = io->in.credentials;
+	state->io_setup->in.workgroup    = io->in.workgroup;
+	state->io_setup->in.gensec_settings = io->in.gensec_settings;
+
+	state->creq = smb_composite_sesssetup_send(state->session, state->io_setup);
+	NT_STATUS_HAVE_NO_MEMORY(state->creq);
+	if (state->creq->state == COMPOSITE_STATE_ERROR) {
+		return state->creq->status;
+	}
+
+	state->creq->async.fn = composite_handler;
+	state->creq->async.private_data = c;
+
+	state->stage = CONNECT_SESSION_SETUP;
+	
+	return NT_STATUS_OK;
+}
+
+/*
+  a negprot request has completed
+*/
+static NTSTATUS connect_negprot(struct composite_context *c,
+				struct smb_composite_connect *io)
+{
+	struct connect_state *state = talloc_get_type(c->private_data, struct connect_state);
+	NTSTATUS status;
+
+	status = smb_raw_negotiate_recv(state->subreq);
+	TALLOC_FREE(state->subreq);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	return connect_send_session(c, io);
+}
+
+/*
+  setup a negprot send 
+*/
+static NTSTATUS connect_send_negprot(struct composite_context *c, 
+				     struct smb_composite_connect *io)
+{
+	struct connect_state *state = talloc_get_type(c->private_data, struct connect_state);
+
+	/* the socket is up - we can initialise the smbcli transport layer */
+	state->transport = smbcli_transport_init(state->sock, state, true,
+						 &io->in.options);
+	NT_STATUS_HAVE_NO_MEMORY(state->transport);
+
+	state->subreq = smb_raw_negotiate_send(state,
+					       state->transport->ev,
+					       state->transport,
+					       state->transport->options.min_protocol,
+					       state->transport->options.max_protocol);
+	NT_STATUS_HAVE_NO_MEMORY(state->subreq);
+	tevent_req_set_callback(state->subreq, subreq_handler, c);
+	state->stage = CONNECT_NEGPROT;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  a socket connection operation has completed
+*/
+static NTSTATUS connect_socket(struct composite_context *c, 
+			       struct smb_composite_connect *io)
+{
+	struct connect_state *state = talloc_get_type(c->private_data, struct connect_state);
+	NTSTATUS status;
+
+	status = smbcli_sock_connect_recv(state->creq, state, &state->sock);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	if (is_ipaddress(state->sock->hostname) &&
+	    (state->io->in.called_name != NULL)) {
+		/* If connecting to an IP address, we might want the real name
+		 * of the host for later kerberos. The called name is a better
+		 * approximation */
+		state->sock->hostname =
+			talloc_strdup(state->sock, io->in.called_name);
+		NT_STATUS_HAVE_NO_MEMORY(state->sock->hostname);
+	}
+
+	/* next step is a negprot */
+	return connect_send_negprot(c, io);
+}
+
+
+/*
+  handle and dispatch state transitions
+*/
+static void state_handler(struct composite_context *c)
+{
+	struct connect_state *state = talloc_get_type(c->private_data, struct connect_state);
+
+	switch (state->stage) {
+	case CONNECT_SOCKET:
+		c->status = connect_socket(c, state->io);
+		break;
+	case CONNECT_NEGPROT:
+		c->status = connect_negprot(c, state->io);
+		break;
+	case CONNECT_SESSION_SETUP:
+		c->status = connect_session_setup(c, state->io);
+		break;
+	case CONNECT_SESSION_SETUP_ANON:
+		c->status = connect_session_setup_anon(c, state->io);
+		break;
+	case CONNECT_TCON:
+		c->status = connect_tcon(c, state->io);
+		break;
+	case CONNECT_DONE:
+		break;
+	}
+
+	if (state->stage == CONNECT_DONE) {
+		/* all done! */
+		composite_done(c);
+	} else {
+		composite_is_ok(c);
+	}
+}
+
+
+/*
+  handler for completion of a smbcli_request sub-request
+*/
+static void request_handler(struct smbcli_request *req)
+{
+	struct composite_context *c = talloc_get_type(req->async.private_data,
+						     struct composite_context);
+	state_handler(c);
+}
+
+/*
+  handler for completion of a smbcli_composite sub-request
+*/
+static void composite_handler(struct composite_context *creq)
+{
+	struct composite_context *c = talloc_get_type(creq->async.private_data, 
+						     struct composite_context);
+	state_handler(c);
+}
+
+/*
+  handler for completion of a tevent_req sub-request
+*/
+static void subreq_handler(struct tevent_req *subreq)
+{
+	struct composite_context *c =
+		tevent_req_callback_data(subreq,
+		struct composite_context);
+	state_handler(c);
+}
+
+/*
+  a function to establish a smbcli_tree from scratch
+*/
+struct composite_context *smb_composite_connect_send(struct smb_composite_connect *io,
+						     TALLOC_CTX *mem_ctx,
+						     struct resolve_context *resolve_ctx,
+						     struct tevent_context *event_ctx)
+{
+	struct composite_context *c;
+	struct connect_state *state;
+
+	c = talloc_zero(mem_ctx, struct composite_context);
+	if (c == NULL) {
+		goto nomem;
+	}
+
+	state = talloc_zero(c, struct connect_state);
+	if (state == NULL) {
+		goto nomem;
+	}
+
+	c->event_ctx = event_ctx;
+	if (c->event_ctx == NULL) {
+		composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
+		return c;
+	}
+
+	if (io->in.gensec_settings == NULL) {
+		composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
+		return c;
+	}
+	state->io = io;
+
+	c->state = COMPOSITE_STATE_IN_PROGRESS;
+	c->private_data = state;
+
+	make_nbt_name_client(&state->calling,
+			     cli_credentials_get_workstation(io->in.credentials));
+
+	nbt_choose_called_name(state, &state->called,
+			       io->in.called_name, NBT_NAME_SERVER);
+
+	if (io->in.existing_conn != NULL) {
+		NTSTATUS status;
+
+		status = smbcli_transport_raw_init(state,
+						   c->event_ctx,
+						   &io->in.existing_conn,
+						   &io->in.options,
+						   &state->transport);
+		if (!NT_STATUS_IS_OK(status)) {
+			composite_error(c, status);
+			return c;
+		}
+
+		status = connect_send_session(c, io);
+		if (!NT_STATUS_IS_OK(status)) {
+			composite_error(c, status);
+			return c;
+		}
+
+		return c;
+	}
+
+	state->creq = smbcli_sock_connect_send(state, 
+					       NULL,
+					       io->in.dest_ports,
+					       io->in.dest_host, 
+					       resolve_ctx, c->event_ctx, 
+					       io->in.socket_options,
+					       &state->calling,
+					       &state->called);
+	if (state->creq == NULL) {
+		composite_error(c, NT_STATUS_NO_MEMORY);
+		return c;
+	}
+
+	state->stage = CONNECT_SOCKET;
+	state->creq->async.private_data = c;
+	state->creq->async.fn = composite_handler;
+
+	return c;
+nomem:
+	TALLOC_FREE(c);
+	return NULL;
+}
+
+/*
+  recv half of async composite connect code
+*/
+NTSTATUS smb_composite_connect_recv(struct composite_context *c, TALLOC_CTX *mem_ctx)
+{
+	NTSTATUS status;
+
+	status = composite_wait(c);
+
+	if (NT_STATUS_IS_OK(status)) {
+		struct connect_state *state = talloc_get_type(c->private_data, struct connect_state);
+		talloc_steal(mem_ctx, state->io->out.tree);
+	}
+
+	talloc_free(c);
+	return status;
+}
+
+/*
+  sync version of smb_composite_connect 
+*/
+NTSTATUS smb_composite_connect(struct smb_composite_connect *io, TALLOC_CTX *mem_ctx,
+			       struct resolve_context *resolve_ctx,
+			       struct tevent_context *ev)
+{
+	struct composite_context *c = smb_composite_connect_send(io, mem_ctx, resolve_ctx, ev);
+	if (c == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	return smb_composite_connect_recv(c, mem_ctx);
+}
diff --git a/source4/libcli/smb_composite/connect_nego.c b/source4/libcli/smb_composite/connect_nego.c
new file mode 100644
index 0000000..7224dfa
--- /dev/null
+++ b/source4/libcli/smb_composite/connect_nego.c
@@ -0,0 +1,211 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Stefan Metzmacher 2018
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/util/tevent_ntstatus.h"
+#include "libcli/composite/composite.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/smb_composite/smb_composite.h"
+#include "lib/socket/socket.h"
+#include "libcli/resolve/resolve.h"
+#include "librpc/gen_ndr/ndr_nbt.h"
+#include "libcli/smb/smbXcli_base.h"
+
+struct smb_connect_nego_state {
+	struct tevent_context *ev;
+	struct resolve_context *resolve_ctx;
+	const char *socket_options;
+	struct smbcli_options options;
+	const char *dest_hostname;
+	const char *dest_address;
+	const char **dest_ports;
+	const char *target_hostname;
+	struct nbt_name calling, called;
+	struct smbXcli_conn *conn;
+};
+
+static void smb_connect_nego_connect_done(struct composite_context *creq);
+static void smb_connect_nego_nego_done(struct tevent_req *subreq);
+
+struct tevent_req *smb_connect_nego_send(TALLOC_CTX *mem_ctx,
+					 struct tevent_context *ev,
+					 struct resolve_context *resolve_ctx,
+					 const struct smbcli_options *options,
+					 const char *socket_options,
+					 const char *dest_hostname,
+					 const char *dest_address, /* optional */
+					 const char **dest_ports,
+					 const char *target_hostname,
+					 const char *called_name,
+					 const char *calling_name)
+{
+	struct tevent_req *req = NULL;
+	struct smb_connect_nego_state *state = NULL;
+	struct composite_context *creq = NULL;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct smb_connect_nego_state);
+	if (req == NULL) {
+		return NULL;
+	}
+	state->ev = ev;
+	state->resolve_ctx= resolve_ctx;
+	state->options = *options;
+	state->socket_options = socket_options;
+	state->dest_hostname = dest_hostname;
+	state->dest_address = dest_address;
+	state->dest_ports = dest_ports;
+	state->target_hostname = target_hostname;
+
+	make_nbt_name_client(&state->calling, calling_name);
+
+	nbt_choose_called_name(state, &state->called,
+			       called_name, NBT_NAME_SERVER);
+	if (tevent_req_nomem(state->called.name, req)) {
+		return tevent_req_post(req, ev);
+	}
+
+	creq = smbcli_sock_connect_send(state,
+					state->dest_address,
+					state->dest_ports,
+					state->dest_hostname,
+					state->resolve_ctx,
+					state->ev,
+					state->socket_options,
+					&state->calling,
+					&state->called);
+	if (tevent_req_nomem(creq, req)) {
+		return tevent_req_post(req, ev);
+	}
+	creq->async.private_data = req;
+	creq->async.fn = smb_connect_nego_connect_done;
+
+	return req;
+}
+
+static void smb_connect_nego_connect_done(struct composite_context *creq)
+{
+	struct tevent_req *req =
+		talloc_get_type_abort(creq->async.private_data,
+		struct tevent_req);
+	struct smb_connect_nego_state *state =
+		tevent_req_data(req,
+		struct smb_connect_nego_state);
+	struct tevent_req *subreq = NULL;
+	struct smbcli_socket *sock = NULL;
+	uint32_t smb1_capabilities;
+	uint32_t timeout_msec = state->options.request_timeout * 1000;
+	NTSTATUS status;
+
+	status = smbcli_sock_connect_recv(creq, state, &sock);
+	creq = NULL;
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	TALLOC_FREE(sock->event.fde);
+	TALLOC_FREE(sock->event.te);
+
+	smb1_capabilities = 0;
+	smb1_capabilities |= CAP_LARGE_FILES;
+	smb1_capabilities |= CAP_NT_SMBS | CAP_RPC_REMOTE_APIS;
+	smb1_capabilities |= CAP_LOCK_AND_READ | CAP_NT_FIND;
+	smb1_capabilities |= CAP_DFS | CAP_W2K_SMBS;
+	smb1_capabilities |= CAP_LARGE_READX|CAP_LARGE_WRITEX;
+	smb1_capabilities |= CAP_LWIO;
+
+	if (state->options.ntstatus_support) {
+		smb1_capabilities |= CAP_STATUS32;
+	}
+
+	if (state->options.unicode) {
+		smb1_capabilities |= CAP_UNICODE;
+	}
+
+	if (state->options.use_spnego) {
+		smb1_capabilities |= CAP_EXTENDED_SECURITY;
+	}
+
+	if (state->options.use_level2_oplocks) {
+		smb1_capabilities |= CAP_LEVEL_II_OPLOCKS;
+	}
+
+	state->conn = smbXcli_conn_create(state,
+					  sock->sock->fd,
+					  state->target_hostname,
+					  state->options.signing,
+					  smb1_capabilities,
+					  &state->options.client_guid,
+					  state->options.smb2_capabilities,
+					  &state->options.smb3_capabilities);
+	if (tevent_req_nomem(state->conn, req)) {
+		return;
+	}
+	sock->sock->fd = -1;
+	TALLOC_FREE(sock);
+
+	subreq = smbXcli_negprot_send(state,
+				      state->ev,
+				      state->conn,
+				      timeout_msec,
+				      state->options.min_protocol,
+				      state->options.max_protocol,
+				      state->options.max_credits,
+				      NULL);
+	if (tevent_req_nomem(subreq, req)) {
+		return;
+	}
+	tevent_req_set_callback(subreq, smb_connect_nego_nego_done, req);
+}
+
+static void smb_connect_nego_nego_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req =
+		tevent_req_callback_data(subreq,
+		struct tevent_req);
+	NTSTATUS status;
+
+	status = smbXcli_negprot_recv(subreq, NULL, NULL);
+	TALLOC_FREE(subreq);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	tevent_req_done(req);
+}
+
+NTSTATUS smb_connect_nego_recv(struct tevent_req *req,
+			       TALLOC_CTX *mem_ctx,
+			       struct smbXcli_conn **_conn)
+{
+	struct smb_connect_nego_state *state =
+		tevent_req_data(req,
+		struct smb_connect_nego_state);
+	NTSTATUS status;
+
+	if (tevent_req_is_nterror(req, &status)) {
+		tevent_req_received(req);
+		return status;
+	}
+
+	*_conn = talloc_move(mem_ctx, &state->conn);
+	tevent_req_received(req);
+	return NT_STATUS_OK;
+}
diff --git a/source4/libcli/smb_composite/fetchfile.c b/source4/libcli/smb_composite/fetchfile.c
new file mode 100644
index 0000000..30e3a62
--- /dev/null
+++ b/source4/libcli/smb_composite/fetchfile.c
@@ -0,0 +1,194 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Volker Lendecke 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+  a composite API for loading a whole file into memory
+*/
+
+#include "includes.h"
+#include "libcli/composite/composite.h"
+#include "libcli/smb_composite/smb_composite.h"
+#include "libcli/resolve/resolve.h"
+
+enum fetchfile_stage {FETCHFILE_CONNECT,
+		      FETCHFILE_READ};
+
+struct fetchfile_state {
+	enum fetchfile_stage stage;
+	struct smb_composite_fetchfile *io;
+	struct composite_context *creq;
+	struct smb_composite_connect *connect;
+	struct smb_composite_loadfile *loadfile;
+};
+
+static void fetchfile_composite_handler(struct composite_context *req);
+
+static NTSTATUS fetchfile_connect(struct composite_context *c,
+				  struct smb_composite_fetchfile *io)
+{
+	NTSTATUS status;
+	struct fetchfile_state *state;
+	state = talloc_get_type(c->private_data, struct fetchfile_state);
+
+	status = smb_composite_connect_recv(state->creq, c);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	state->loadfile = talloc(state, struct smb_composite_loadfile);
+	NT_STATUS_HAVE_NO_MEMORY(state->loadfile);
+
+	state->loadfile->in.fname = io->in.filename;
+
+	state->creq = smb_composite_loadfile_send(state->connect->out.tree,
+						 state->loadfile);
+	NT_STATUS_HAVE_NO_MEMORY(state->creq);
+
+	state->creq->async.private_data = c;
+	state->creq->async.fn = fetchfile_composite_handler;
+
+	state->stage = FETCHFILE_READ;
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS fetchfile_read(struct composite_context *c,
+			       struct smb_composite_fetchfile *io)
+{
+	NTSTATUS status;
+	struct fetchfile_state *state;
+	state = talloc_get_type(c->private_data, struct fetchfile_state);
+
+	status = smb_composite_loadfile_recv(state->creq, NULL);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	io->out.data = state->loadfile->out.data;
+	io->out.size = state->loadfile->out.size;
+
+	c->state = COMPOSITE_STATE_DONE;
+	if (c->async.fn)
+		c->async.fn(c);
+
+	return NT_STATUS_OK;
+}
+
+static void fetchfile_state_handler(struct composite_context *c)
+{
+	struct fetchfile_state *state;
+	NTSTATUS status;
+	
+	state = talloc_get_type(c->private_data, struct fetchfile_state);
+
+	/* when this handler is called, the stage indicates what
+	   call has just finished */
+	switch (state->stage) {
+	case FETCHFILE_CONNECT:
+		status = fetchfile_connect(c, state->io);
+		break;
+	case FETCHFILE_READ:
+		status = fetchfile_read(c, state->io);
+		break;
+	default:
+		status = NT_STATUS_UNSUCCESSFUL;
+		break;
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		c->status = status;
+		c->state = COMPOSITE_STATE_ERROR;
+		if (c->async.fn) {
+			c->async.fn(c);
+		}
+	}
+}
+
+static void fetchfile_composite_handler(struct composite_context *creq)
+{
+	struct composite_context *c = talloc_get_type(creq->async.private_data, 
+						      struct composite_context);
+	fetchfile_state_handler(c);
+}
+
+struct composite_context *smb_composite_fetchfile_send(struct smb_composite_fetchfile *io,
+						       struct tevent_context *event_ctx)
+{
+	struct composite_context *c;
+	struct fetchfile_state *state;
+
+	c = talloc_zero(NULL, struct composite_context);
+	if (c == NULL) goto failed;
+
+	state = talloc(c, struct fetchfile_state);
+	if (state == NULL) goto failed;
+
+	state->connect = talloc_zero(state, struct smb_composite_connect);
+	if (state->connect == NULL) goto failed;
+
+	state->io = io;
+
+	state->connect->in.dest_host    = io->in.dest_host;
+	state->connect->in.dest_ports   = io->in.ports;
+	state->connect->in.socket_options = io->in.socket_options;
+	state->connect->in.called_name  = io->in.called_name;
+	state->connect->in.service      = io->in.service;
+	state->connect->in.service_type = io->in.service_type;
+	state->connect->in.credentials  = io->in.credentials;
+	state->connect->in.fallback_to_anonymous = false;
+	state->connect->in.workgroup    = io->in.workgroup;
+	state->connect->in.gensec_settings = io->in.gensec_settings;
+
+	state->connect->in.options	= io->in.options;
+	state->connect->in.session_options = io->in.session_options;
+
+	state->creq = smb_composite_connect_send(state->connect, state, 
+						 io->in.resolve_ctx, event_ctx);
+	if (state->creq == NULL) goto failed;
+
+	state->creq->async.private_data = c;
+	state->creq->async.fn = fetchfile_composite_handler;
+
+	c->state = COMPOSITE_STATE_IN_PROGRESS;
+	state->stage = FETCHFILE_CONNECT;
+	c->private_data = state;
+
+	return c;
+ failed:
+	talloc_free(c);
+	return NULL;
+}
+
+NTSTATUS smb_composite_fetchfile_recv(struct composite_context *c,
+				      TALLOC_CTX *mem_ctx)
+{
+	NTSTATUS status;
+
+	status = composite_wait(c);
+
+	if (NT_STATUS_IS_OK(status)) {
+		struct fetchfile_state *state = talloc_get_type(c->private_data, struct fetchfile_state);
+		talloc_steal(mem_ctx, state->io->out.data);
+	}
+
+	talloc_free(c);
+	return status;
+}
+
+NTSTATUS smb_composite_fetchfile(struct smb_composite_fetchfile *io,
+				 TALLOC_CTX *mem_ctx)
+{
+	struct composite_context *c = smb_composite_fetchfile_send(io, NULL);
+	return smb_composite_fetchfile_recv(c, mem_ctx);
+}
diff --git a/source4/libcli/smb_composite/fsinfo.c b/source4/libcli/smb_composite/fsinfo.c
new file mode 100644
index 0000000..64bf4c8
--- /dev/null
+++ b/source4/libcli/smb_composite/fsinfo.c
@@ -0,0 +1,214 @@
+/*
+  a composite API for querying file system information
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/composite/composite.h"
+#include "libcli/smb_composite/smb_composite.h"
+#include "libcli/resolve/resolve.h"
+
+/* the stages of this call */
+enum fsinfo_stage {FSINFO_CONNECT, FSINFO_QUERY};
+
+
+static void fsinfo_raw_handler(struct smbcli_request *req);
+static void fsinfo_composite_handler(struct composite_context *c);
+static void fsinfo_state_handler(struct composite_context *c);
+
+struct fsinfo_state {
+	enum fsinfo_stage stage;
+	struct composite_context *creq;
+	struct smb_composite_fsinfo *io;
+	struct smb_composite_connect *connect;
+	union smb_fsinfo *fsinfo;
+	struct smbcli_tree *tree;
+	struct smbcli_request *req;
+};
+
+static NTSTATUS fsinfo_connect(struct composite_context *c,
+			       struct smb_composite_fsinfo *io)
+{
+	NTSTATUS status;
+	struct fsinfo_state *state;
+	state = talloc_get_type(c->private_data, struct fsinfo_state);
+
+	status = smb_composite_connect_recv(state->creq, c);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	state->fsinfo = talloc(state, union smb_fsinfo);
+	NT_STATUS_HAVE_NO_MEMORY(state->fsinfo);
+
+	state->fsinfo->generic.level = io->in.level;
+
+	state->req = smb_raw_fsinfo_send(state->connect->out.tree,
+					 state,
+					 state->fsinfo);
+	NT_STATUS_HAVE_NO_MEMORY(state->req);
+
+	state->req->async.private_data = c;
+	state->req->async.fn = fsinfo_raw_handler;
+
+	state->stage = FSINFO_QUERY;
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS fsinfo_query(struct composite_context *c,
+			       struct smb_composite_fsinfo *io)
+{
+	NTSTATUS status;
+	struct fsinfo_state *state;
+	state = talloc_get_type(c->private_data, struct fsinfo_state);
+
+	status = smb_raw_fsinfo_recv(state->req, state, state->fsinfo);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	state->io->out.fsinfo = state->fsinfo;
+
+	c->state = COMPOSITE_STATE_DONE;
+
+	if (c->async.fn)
+		c->async.fn(c);
+
+	return NT_STATUS_OK;
+
+}
+
+/*
+  handler for completion of a sub-request in fsinfo
+*/
+static void fsinfo_state_handler(struct composite_context *creq)
+{
+	struct fsinfo_state *state = talloc_get_type(creq->private_data, struct fsinfo_state);
+
+	/* when this handler is called, the stage indicates what
+	   call has just finished */
+	switch (state->stage) {
+	case FSINFO_CONNECT:
+		creq->status = fsinfo_connect(creq, state->io);
+		break;
+
+	case FSINFO_QUERY:
+		creq->status = fsinfo_query(creq, state->io);
+		break;
+	}
+
+	if (!NT_STATUS_IS_OK(creq->status)) {
+		creq->state = COMPOSITE_STATE_ERROR;
+	}
+
+	if (creq->state >= COMPOSITE_STATE_DONE && creq->async.fn) {
+		creq->async.fn(creq);
+	}
+}
+
+/* 
+   As raw and composite handlers take different requests, we need to handlers
+   to adapt both for the same state machine in fsinfo_state_handler()
+*/
+static void fsinfo_raw_handler(struct smbcli_request *req)
+{
+	struct composite_context *c = talloc_get_type(req->async.private_data,
+						      struct composite_context);
+	fsinfo_state_handler(c);
+}
+
+static void fsinfo_composite_handler(struct composite_context *creq)
+{
+	struct composite_context *c = talloc_get_type(creq->async.private_data, 
+						      struct composite_context);
+	fsinfo_state_handler(c);
+}
+
+/*
+  composite fsinfo call - connects to a tree and queries a file system information
+*/
+struct composite_context *smb_composite_fsinfo_send(struct smbcli_tree *tree, 
+						    struct smb_composite_fsinfo *io,
+						    struct resolve_context *resolve_ctx,
+						    struct tevent_context *event_ctx)
+{
+	struct composite_context *c;
+	struct fsinfo_state *state;
+
+	c = talloc_zero(tree, struct composite_context);
+	if (c == NULL) goto failed;
+
+	c->event_ctx = event_ctx;
+	if (c->event_ctx == NULL) goto failed;
+
+	state = talloc(c, struct fsinfo_state);
+	if (state == NULL) goto failed;
+
+	state->io = io;
+
+	state->connect = talloc_zero(state, struct smb_composite_connect);
+
+	if (state->connect == NULL) goto failed;
+
+	state->connect->in.dest_host    = io->in.dest_host;
+	state->connect->in.dest_ports   = io->in.dest_ports;
+	state->connect->in.socket_options = io->in.socket_options;
+	state->connect->in.called_name  = io->in.called_name;
+	state->connect->in.service      = io->in.service;
+	state->connect->in.service_type = io->in.service_type;
+	state->connect->in.credentials  = io->in.credentials;
+	state->connect->in.fallback_to_anonymous = false;
+	state->connect->in.workgroup    = io->in.workgroup;
+	state->connect->in.gensec_settings = io->in.gensec_settings;
+
+	state->connect->in.options = tree->session->transport->options;
+	state->connect->in.session_options = tree->session->options;
+
+	c->state = COMPOSITE_STATE_IN_PROGRESS;
+	state->stage = FSINFO_CONNECT;
+	c->private_data = state;
+
+	state->creq = smb_composite_connect_send(state->connect, state,
+			 resolve_ctx, c->event_ctx);
+
+	if (state->creq == NULL) goto failed;
+  
+	state->creq->async.private_data = c;
+	state->creq->async.fn = fsinfo_composite_handler;
+  
+	return c;
+failed:
+	talloc_free(c);
+	return NULL;
+}
+
+/*
+  composite fsinfo call - recv side
+*/
+NTSTATUS smb_composite_fsinfo_recv(struct composite_context *c, TALLOC_CTX *mem_ctx)
+{
+	NTSTATUS status;
+
+	status = composite_wait(c);
+
+	if (NT_STATUS_IS_OK(status)) {
+		struct fsinfo_state *state = talloc_get_type(c->private_data, struct fsinfo_state);
+		talloc_steal(mem_ctx, state->io->out.fsinfo);
+	}
+
+	talloc_free(c);
+	return status;
+}
+
+
+/*
+  composite fsinfo call - sync interface
+*/
+NTSTATUS smb_composite_fsinfo(struct smbcli_tree *tree, 
+			      TALLOC_CTX *mem_ctx,
+			      struct smb_composite_fsinfo *io,
+			      struct resolve_context *resolve_ctx,
+			      struct tevent_context *ev)
+{
+	struct composite_context *c = smb_composite_fsinfo_send(tree, io, resolve_ctx, ev);
+	return smb_composite_fsinfo_recv(c, mem_ctx);
+}
+
diff --git a/source4/libcli/smb_composite/loadfile.c b/source4/libcli/smb_composite/loadfile.c
new file mode 100644
index 0000000..00456f1
--- /dev/null
+++ b/source4/libcli/smb_composite/loadfile.c
@@ -0,0 +1,293 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+  a composite API for loading a whole file into memory
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/composite/composite.h"
+#include "libcli/smb_composite/smb_composite.h"
+
+/* the stages of this call */
+enum loadfile_stage {LOADFILE_OPEN, LOADFILE_READ, LOADFILE_CLOSE};
+
+
+static void loadfile_handler(struct smbcli_request *req);
+
+struct loadfile_state {
+	enum loadfile_stage stage;
+	struct smb_composite_loadfile *io;
+	struct smbcli_request *req;
+	union smb_open *io_open;
+	union smb_read *io_read;
+};
+
+/*
+  setup for the close
+*/
+static NTSTATUS setup_close(struct composite_context *c, 
+			    struct smbcli_tree *tree, uint16_t fnum)
+{
+	struct loadfile_state *state = talloc_get_type(c->private_data, struct loadfile_state);
+	union smb_close *io_close;
+
+	/* nothing to read, setup the close */
+	io_close = talloc(c, union smb_close);
+	NT_STATUS_HAVE_NO_MEMORY(io_close);
+	
+	io_close->close.level = RAW_CLOSE_CLOSE;
+	io_close->close.in.file.fnum = fnum;
+	io_close->close.in.write_time = 0;
+
+	state->req = smb_raw_close_send(tree, io_close);
+	NT_STATUS_HAVE_NO_MEMORY(state->req);
+
+	/* call the handler again when the close is done */
+	state->req->async.fn = loadfile_handler;
+	state->req->async.private_data = c;
+	state->stage = LOADFILE_CLOSE;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  called when the open is done - pull the results and setup for the
+  first readx, or close if the file is zero size
+*/
+static NTSTATUS loadfile_open(struct composite_context *c, 
+			      struct smb_composite_loadfile *io)
+{
+	struct loadfile_state *state = talloc_get_type(c->private_data, struct loadfile_state);
+	struct smbcli_tree *tree = state->req->tree;
+	NTSTATUS status;
+
+	status = smb_raw_open_recv(state->req, c, state->io_open);
+	NT_STATUS_NOT_OK_RETURN(status);
+	
+	/* don't allow stupidly large loads */
+	if (state->io_open->ntcreatex.out.size > 100*1000*1000) {
+		return NT_STATUS_INSUFFICIENT_RESOURCES;
+	}
+
+	/* allocate space for the file data */
+	io->out.size = state->io_open->ntcreatex.out.size;
+	io->out.data = talloc_array(c, uint8_t, io->out.size);
+	NT_STATUS_HAVE_NO_MEMORY(io->out.data);
+
+	if (io->out.size == 0) {
+		return setup_close(c, tree, state->io_open->ntcreatex.out.file.fnum);
+	}
+
+	/* setup for the read */
+	state->io_read = talloc(c, union smb_read);
+	NT_STATUS_HAVE_NO_MEMORY(state->io_read);
+	
+	state->io_read->readx.level        = RAW_READ_READX;
+	state->io_read->readx.in.file.fnum = state->io_open->ntcreatex.out.file.fnum;
+	state->io_read->readx.in.offset    = 0;
+	state->io_read->readx.in.mincnt    = MIN(32768, io->out.size);
+	state->io_read->readx.in.maxcnt    = state->io_read->readx.in.mincnt;
+	state->io_read->readx.in.remaining = 0;
+	state->io_read->readx.in.read_for_execute = false;
+	state->io_read->readx.out.data     = io->out.data;
+
+	state->req = smb_raw_read_send(tree, state->io_read);
+	NT_STATUS_HAVE_NO_MEMORY(state->req);
+
+	/* call the handler again when the first read is done */
+	state->req->async.fn = loadfile_handler;
+	state->req->async.private_data = c;
+	state->stage = LOADFILE_READ;
+
+	talloc_free(state->io_open);
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  called when a read is done - pull the results and setup for the
+  next read, or close if the file is all done
+*/
+static NTSTATUS loadfile_read(struct composite_context *c, 
+			      struct smb_composite_loadfile *io)
+{
+	struct loadfile_state *state = talloc_get_type(c->private_data, struct loadfile_state);
+	struct smbcli_tree *tree = state->req->tree;
+	NTSTATUS status;
+
+	status = smb_raw_read_recv(state->req, state->io_read);
+	NT_STATUS_NOT_OK_RETURN(status);
+	
+	/* we might be done */
+	if (state->io_read->readx.in.offset +
+	    state->io_read->readx.out.nread == io->out.size) {
+		return setup_close(c, tree, state->io_read->readx.in.file.fnum);
+	}
+
+	/* setup for the next read */
+	state->io_read->readx.in.offset += state->io_read->readx.out.nread;
+	state->io_read->readx.in.mincnt = MIN(32768, io->out.size - state->io_read->readx.in.offset);
+	state->io_read->readx.out.data = io->out.data + state->io_read->readx.in.offset;
+
+	state->req = smb_raw_read_send(tree, state->io_read);
+	NT_STATUS_HAVE_NO_MEMORY(state->req);
+
+	/* call the handler again when the read is done */
+	state->req->async.fn = loadfile_handler;
+	state->req->async.private_data = c;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  called when the close is done, check the status and cleanup
+*/
+static NTSTATUS loadfile_close(struct composite_context *c, 
+			       struct smb_composite_loadfile *io)
+{
+	struct loadfile_state *state = talloc_get_type(c->private_data, struct loadfile_state);
+	NTSTATUS status;
+
+	status = smbcli_request_simple_recv(state->req);
+	NT_STATUS_NOT_OK_RETURN(status);
+	
+	c->state = COMPOSITE_STATE_DONE;
+
+	return NT_STATUS_OK;
+}
+						     
+
+/*
+  handler for completion of a sub-request in loadfile
+*/
+static void loadfile_handler(struct smbcli_request *req)
+{
+	struct composite_context *c = (struct composite_context *)req->async.private_data;
+	struct loadfile_state *state = talloc_get_type(c->private_data, struct loadfile_state);
+
+	/* when this handler is called, the stage indicates what
+	   call has just finished */
+	switch (state->stage) {
+	case LOADFILE_OPEN:
+		c->status = loadfile_open(c, state->io);
+		break;
+
+	case LOADFILE_READ:
+		c->status = loadfile_read(c, state->io);
+		break;
+
+	case LOADFILE_CLOSE:
+		c->status = loadfile_close(c, state->io);
+		break;
+	}
+
+	if (!NT_STATUS_IS_OK(c->status)) {
+		c->state = COMPOSITE_STATE_ERROR;
+	}
+
+	if (c->state >= COMPOSITE_STATE_DONE &&
+	    c->async.fn) {
+		c->async.fn(c);
+	}
+}
+
+/*
+  composite loadfile call - does an openx followed by a number of readx calls,
+  followed by a close
+*/
+struct composite_context *smb_composite_loadfile_send(struct smbcli_tree *tree, 
+						     struct smb_composite_loadfile *io)
+{
+	struct composite_context *c;
+	struct loadfile_state *state;
+
+	c = talloc_zero(tree, struct composite_context);
+	if (c == NULL) goto failed;
+
+	state = talloc(c, struct loadfile_state);
+	if (state == NULL) goto failed;
+
+	state->io = io;
+
+	c->private_data = state;
+	c->state = COMPOSITE_STATE_IN_PROGRESS;
+	c->event_ctx = tree->session->transport->ev;
+
+	/* setup for the open */
+	state->io_open = talloc_zero(c, union smb_open);
+	if (state->io_open == NULL) goto failed;
+	
+	state->io_open->ntcreatex.level               = RAW_OPEN_NTCREATEX;
+	state->io_open->ntcreatex.in.flags            = NTCREATEX_FLAGS_EXTENDED;
+	state->io_open->ntcreatex.in.access_mask      = SEC_FILE_READ_DATA;
+	state->io_open->ntcreatex.in.file_attr        = FILE_ATTRIBUTE_NORMAL;
+	state->io_open->ntcreatex.in.share_access     = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	state->io_open->ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	state->io_open->ntcreatex.in.impersonation    = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	state->io_open->ntcreatex.in.fname            = io->in.fname;
+
+	/* send the open on its way */
+	state->req = smb_raw_open_send(tree, state->io_open);
+	if (state->req == NULL) goto failed;
+
+	/* setup the callback handler */
+	state->req->async.fn = loadfile_handler;
+	state->req->async.private_data = c;
+	state->stage = LOADFILE_OPEN;
+
+	return c;
+
+failed:
+	talloc_free(c);
+	return NULL;
+}
+
+
+/*
+  composite loadfile call - recv side
+*/
+NTSTATUS smb_composite_loadfile_recv(struct composite_context *c, TALLOC_CTX *mem_ctx)
+{
+	NTSTATUS status;
+
+	status = composite_wait(c);
+
+	if (NT_STATUS_IS_OK(status)) {
+		struct loadfile_state *state = talloc_get_type(c->private_data, struct loadfile_state);
+		talloc_steal(mem_ctx, state->io->out.data);
+	}
+
+	talloc_free(c);
+	return status;
+}
+
+
+/*
+  composite loadfile call - sync interface
+*/
+NTSTATUS smb_composite_loadfile(struct smbcli_tree *tree, 
+				TALLOC_CTX *mem_ctx,
+				struct smb_composite_loadfile *io)
+{
+	struct composite_context *c = smb_composite_loadfile_send(tree, io);
+	return smb_composite_loadfile_recv(c, mem_ctx);
+}
+
diff --git a/source4/libcli/smb_composite/savefile.c b/source4/libcli/smb_composite/savefile.c
new file mode 100644
index 0000000..2f00443
--- /dev/null
+++ b/source4/libcli/smb_composite/savefile.c
@@ -0,0 +1,288 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+  a composite API for saving a whole file from memory
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/composite/composite.h"
+#include "libcli/smb_composite/smb_composite.h"
+
+/* the stages of this call */
+enum savefile_stage {SAVEFILE_OPEN, SAVEFILE_WRITE, SAVEFILE_CLOSE};
+
+static void savefile_handler(struct smbcli_request *req);
+
+struct savefile_state {
+	enum savefile_stage stage;
+	off_t total_written;
+	struct smb_composite_savefile *io;
+	union smb_open *io_open;
+	union smb_write *io_write;
+	struct smbcli_request *req;
+};
+
+
+/*
+  setup for the close
+*/
+static NTSTATUS setup_close(struct composite_context *c, 
+			    struct smbcli_tree *tree, uint16_t fnum)
+{
+	struct savefile_state *state = talloc_get_type(c->private_data, struct savefile_state);
+	union smb_close *io_close;
+
+	/* nothing to write, setup the close */
+	io_close = talloc(c, union smb_close);
+	NT_STATUS_HAVE_NO_MEMORY(io_close);
+	
+	io_close->close.level = RAW_CLOSE_CLOSE;
+	io_close->close.in.file.fnum = fnum;
+	io_close->close.in.write_time = 0;
+
+	state->req = smb_raw_close_send(tree, io_close);
+	NT_STATUS_HAVE_NO_MEMORY(state->req);
+
+	/* call the handler again when the close is done */
+	state->stage = SAVEFILE_CLOSE;
+	state->req->async.fn = savefile_handler;
+	state->req->async.private_data = c;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  called when the open is done - pull the results and setup for the
+  first writex, or close if the file is zero size
+*/
+static NTSTATUS savefile_open(struct composite_context *c, 
+			      struct smb_composite_savefile *io)
+{
+	struct savefile_state *state = talloc_get_type(c->private_data, struct savefile_state);
+	union smb_write *io_write;
+	struct smbcli_tree *tree = state->req->tree;
+	NTSTATUS status;
+	uint32_t max_xmit = tree->session->transport->negotiate.max_xmit;
+
+	status = smb_raw_open_recv(state->req, c, state->io_open);
+	NT_STATUS_NOT_OK_RETURN(status);
+	
+	if (io->in.size == 0) {
+		return setup_close(c, tree, state->io_open->ntcreatex.out.file.fnum);
+	}
+
+	/* setup for the first write */
+	io_write = talloc(c, union smb_write);
+	NT_STATUS_HAVE_NO_MEMORY(io_write);
+	
+	io_write->writex.level        = RAW_WRITE_WRITEX;
+	io_write->writex.in.file.fnum = state->io_open->ntcreatex.out.file.fnum;
+	io_write->writex.in.offset    = 0;
+	io_write->writex.in.wmode     = 0;
+	io_write->writex.in.remaining = 0;
+	io_write->writex.in.count     = MIN(max_xmit - 100, io->in.size);
+	io_write->writex.in.data      = io->in.data;
+	state->io_write = io_write;
+
+	state->req = smb_raw_write_send(tree, io_write);
+	NT_STATUS_HAVE_NO_MEMORY(state->req);
+
+	/* call the handler again when the first write is done */
+	state->stage = SAVEFILE_WRITE;
+	state->req->async.fn = savefile_handler;
+	state->req->async.private_data = c;
+	talloc_free(state->io_open);
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  called when a write is done - pull the results and setup for the
+  next write, or close if the file is all done
+*/
+static NTSTATUS savefile_write(struct composite_context *c, 
+			      struct smb_composite_savefile *io)
+{
+	struct savefile_state *state = talloc_get_type(c->private_data, struct savefile_state);
+	struct smbcli_tree *tree = state->req->tree;
+	NTSTATUS status;
+	uint32_t max_xmit = tree->session->transport->negotiate.max_xmit;
+
+	status = smb_raw_write_recv(state->req, state->io_write);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	state->total_written += state->io_write->writex.out.nwritten;
+	
+	/* we might be done */
+	if (state->io_write->writex.out.nwritten != state->io_write->writex.in.count ||
+	    state->total_written == io->in.size) {
+		return setup_close(c, tree, state->io_write->writex.in.file.fnum);
+	}
+
+	/* setup for the next write */
+	state->io_write->writex.in.offset = state->total_written;
+	state->io_write->writex.in.count = MIN(max_xmit - 100, 
+					       io->in.size - state->total_written);
+	state->io_write->writex.in.data = io->in.data + state->total_written;
+
+	state->req = smb_raw_write_send(tree, state->io_write);
+	NT_STATUS_HAVE_NO_MEMORY(state->req);
+
+	/* call the handler again when the write is done */
+	state->req->async.fn = savefile_handler;
+	state->req->async.private_data = c;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  called when the close is done, check the status and cleanup
+*/
+static NTSTATUS savefile_close(struct composite_context *c, 
+			       struct smb_composite_savefile *io)
+{
+	struct savefile_state *state = talloc_get_type(c->private_data, struct savefile_state);
+	NTSTATUS status;
+
+	status = smbcli_request_simple_recv(state->req);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	if (state->total_written != io->in.size) {
+		return NT_STATUS_DISK_FULL;
+	}
+	
+	c->state = COMPOSITE_STATE_DONE;
+
+	return NT_STATUS_OK;
+}
+						     
+
+/*
+  handler for completion of a sub-request in savefile
+*/
+static void savefile_handler(struct smbcli_request *req)
+{
+	struct composite_context *c = (struct composite_context *)req->async.private_data;
+	struct savefile_state *state = talloc_get_type(c->private_data, struct savefile_state);
+
+	/* when this handler is called, the stage indicates what
+	   call has just finished */
+	switch (state->stage) {
+	case SAVEFILE_OPEN:
+		c->status = savefile_open(c, state->io);
+		break;
+
+	case SAVEFILE_WRITE:
+		c->status = savefile_write(c, state->io);
+		break;
+
+	case SAVEFILE_CLOSE:
+		c->status = savefile_close(c, state->io);
+		break;
+	}
+
+	if (!NT_STATUS_IS_OK(c->status)) {
+		c->state = COMPOSITE_STATE_ERROR;
+	}
+
+	if (c->state >= COMPOSITE_STATE_DONE &&
+	    c->async.fn) {
+		c->async.fn(c);
+	}
+}
+
+/*
+  composite savefile call - does an openx followed by a number of writex calls,
+  followed by a close
+*/
+struct composite_context *smb_composite_savefile_send(struct smbcli_tree *tree, 
+						      struct smb_composite_savefile *io)
+{
+	struct composite_context *c;
+	struct savefile_state *state;
+	union smb_open *io_open;
+
+	c = talloc_zero(tree, struct composite_context);
+	if (c == NULL) goto failed;
+
+	c->state = COMPOSITE_STATE_IN_PROGRESS;
+	c->event_ctx = tree->session->transport->ev;
+
+	state = talloc(c, struct savefile_state);
+	if (state == NULL) goto failed;
+
+	state->stage = SAVEFILE_OPEN;
+	state->total_written = 0;
+	state->io = io;
+
+	/* setup for the open */
+	io_open = talloc_zero(c, union smb_open);
+	if (io_open == NULL) goto failed;
+	
+	io_open->ntcreatex.level               = RAW_OPEN_NTCREATEX;
+	io_open->ntcreatex.in.flags            = NTCREATEX_FLAGS_EXTENDED;
+	io_open->ntcreatex.in.access_mask      = SEC_FILE_WRITE_DATA;
+	io_open->ntcreatex.in.file_attr        = FILE_ATTRIBUTE_NORMAL;
+	io_open->ntcreatex.in.share_access     = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	io_open->ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io_open->ntcreatex.in.impersonation    = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io_open->ntcreatex.in.fname            = io->in.fname;
+	state->io_open = io_open;
+
+	/* send the open on its way */
+	state->req = smb_raw_open_send(tree, io_open);
+	if (state->req == NULL) goto failed;
+
+	/* setup the callback handler */
+	state->req->async.fn = savefile_handler;
+	state->req->async.private_data = c;
+	c->private_data = state;
+
+	return c;
+
+failed:
+	talloc_free(c);
+	return NULL;
+}
+
+
+/*
+  composite savefile call - recv side
+*/
+NTSTATUS smb_composite_savefile_recv(struct composite_context *c)
+{
+	NTSTATUS status;
+	status = composite_wait(c);
+	talloc_free(c);
+	return status;
+}
+
+
+/*
+  composite savefile call - sync interface
+*/
+NTSTATUS smb_composite_savefile(struct smbcli_tree *tree, 
+				struct smb_composite_savefile *io)
+{
+	struct composite_context *c = smb_composite_savefile_send(tree, io);
+	return smb_composite_savefile_recv(c);
+}
diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c
new file mode 100644
index 0000000..553132c
--- /dev/null
+++ b/source4/libcli/smb_composite/sesssetup.c
@@ -0,0 +1,867 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Andrew Tridgell 2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+  a composite API for making handling a generic async session setup
+*/
+
+#include "includes.h"
+#include <tevent.h>
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/composite/composite.h"
+#include "libcli/smb_composite/smb_composite.h"
+#include "libcli/auth/libcli_auth.h"
+#include "auth/auth.h"
+#include "auth/gensec/gensec.h"
+#include "auth/credentials/credentials.h"
+#include "version.h"
+#include "param/param.h"
+#include "libcli/smb/smbXcli_base.h"
+
+struct sesssetup_state {
+	struct smbcli_session *session;
+	union smb_sesssetup setup;
+	const char *chosen_oid;
+	NTSTATUS remote_status;
+	NTSTATUS gensec_status;
+	struct smb_composite_sesssetup *io;
+	struct smbcli_request *req;
+	struct smbcli_request *check_req;
+	unsigned int logon_retries;
+};
+
+static int sesssetup_state_destructor(struct sesssetup_state *state)
+{
+	if (state->req) {
+		talloc_free(state->req);
+		state->req = NULL;
+	}
+
+	return 0;
+}
+
+static NTSTATUS session_setup_old(struct composite_context *c,
+				  struct smbcli_session *session,
+				  struct smb_composite_sesssetup *io,
+				  struct smbcli_request **req);
+static NTSTATUS session_setup_nt1(struct composite_context *c,
+				  struct smbcli_session *session,
+				  struct smb_composite_sesssetup *io,
+				  struct smbcli_request **req);
+static NTSTATUS session_setup_spnego_restart(struct composite_context *c,
+					     struct smbcli_session *session,
+					     struct smb_composite_sesssetup *io);
+static NTSTATUS session_setup_spnego(struct composite_context *c,
+				     struct smbcli_session *session,
+				     struct smb_composite_sesssetup *io,
+				     struct smbcli_request **req);
+static void smb_composite_sesssetup_spnego_done1(struct tevent_req *subreq);
+static void smb_composite_sesssetup_spnego_done2(struct tevent_req *subreq);
+
+
+/*
+  handler for completion of a smbcli_request sub-request
+*/
+static void request_handler(struct smbcli_request *req)
+{
+	struct composite_context *c = (struct composite_context *)req->async.private_data;
+	struct sesssetup_state *state = talloc_get_type(c->private_data, struct sesssetup_state);
+	struct smbcli_session *session = req->session;
+	DATA_BLOB null_data_blob = data_blob(NULL, 0);
+	NTSTATUS session_key_err, nt_status;
+	struct smbcli_request *check_req = NULL;
+	const char *os = NULL;
+	const char *lanman = NULL;
+
+	if (req->sign_caller_checks) {
+		req->do_not_free = true;
+		check_req = req;
+	}
+
+	state->remote_status = smb_raw_sesssetup_recv(req, state, &state->setup);
+	c->status = state->remote_status;
+	state->req = NULL;
+
+	/*
+	 * we only need to check the signature if the
+	 * NT_STATUS_OK is returned
+	 */
+	if (!NT_STATUS_IS_OK(state->remote_status)) {
+		talloc_free(check_req);
+		check_req = NULL;
+	}
+
+	switch (state->setup.old.level) {
+	case RAW_SESSSETUP_OLD:
+		state->io->out.vuid = state->setup.old.out.vuid;
+		/* This doesn't work, as this only happens on old
+		 * protocols, where this comparison won't match. */
+		if (NT_STATUS_EQUAL(c->status, NT_STATUS_LOGON_FAILURE)) {
+			/* we need to reset the vuid for a new try */
+			session->vuid = 0;
+			if (cli_credentials_wrong_password(state->io->in.credentials)) {
+				nt_status = session_setup_old(c, session,
+							      state->io,
+							      &state->req);
+				if (NT_STATUS_IS_OK(nt_status)) {
+					talloc_free(check_req);
+					c->status = nt_status;
+					composite_continue_smb(c, state->req, request_handler, c);
+					return;
+				}
+			}
+		}
+		if (!NT_STATUS_IS_OK(c->status)) {
+			composite_error(c, c->status);
+			return;
+		}
+		os = state->setup.old.out.os;
+		lanman = state->setup.old.out.lanman;
+		break;
+
+	case RAW_SESSSETUP_NT1:
+		state->io->out.vuid = state->setup.nt1.out.vuid;
+		if (NT_STATUS_EQUAL(c->status, NT_STATUS_LOGON_FAILURE)) {
+			/* we need to reset the vuid for a new try */
+			session->vuid = 0;
+			if (cli_credentials_wrong_password(state->io->in.credentials)) {
+				nt_status = session_setup_nt1(c, session,
+							      state->io,
+							      &state->req);
+				if (NT_STATUS_IS_OK(nt_status)) {
+					talloc_free(check_req);
+					c->status = nt_status;
+					composite_continue_smb(c, state->req, request_handler, c);
+					return;
+				}
+			}
+		}
+		if (!NT_STATUS_IS_OK(c->status)) {
+			composite_error(c, c->status);
+			return;
+		}
+		os = state->setup.nt1.out.os;
+		lanman = state->setup.nt1.out.lanman;
+		break;
+
+	case RAW_SESSSETUP_SPNEGO:
+		state->io->out.vuid = state->setup.spnego.out.vuid;
+		if (NT_STATUS_EQUAL(c->status, NT_STATUS_LOGON_FAILURE)) {
+			const char *principal;
+
+			/* we need to reset the vuid for a new try */
+			session->vuid = 0;
+
+			principal = gensec_get_target_principal(session->gensec);
+			if (principal == NULL) {
+				const char *hostname = gensec_get_target_hostname(session->gensec);
+				const char *service  = gensec_get_target_service(session->gensec);
+				if (hostname != NULL && service != NULL) {
+					principal = talloc_asprintf(state, "%s/%s", service, hostname);
+				}
+			}
+			if (cli_credentials_failed_kerberos_login(state->io->in.credentials, principal, &state->logon_retries) ||
+			    cli_credentials_wrong_password(state->io->in.credentials)) {
+				struct tevent_req *subreq = NULL;
+
+				nt_status = session_setup_spnego_restart(c, session, state->io);
+				if (!NT_STATUS_IS_OK(nt_status)) {
+					DEBUG(1, ("session_setup_spnego_restart() failed: %s\n",
+						  nt_errstr(nt_status)));
+					c->status = nt_status;
+					composite_error(c, c->status);
+					return;
+				}
+
+				subreq = gensec_update_send(state, c->event_ctx,
+							    session->gensec,
+							    state->setup.spnego.out.secblob);
+				if (composite_nomem(subreq, c)) {
+					return;
+				}
+				tevent_req_set_callback(subreq,
+							smb_composite_sesssetup_spnego_done1,
+							c);
+				return;
+			}
+		}
+		if (GENSEC_UPDATE_IS_NTERROR(c->status)) {
+			composite_error(c, c->status);
+			return;
+		}
+		if (NT_STATUS_EQUAL(state->gensec_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+			struct tevent_req *subreq = NULL;
+
+			/* The status value here, from the earlier pass at GENSEC is
+			 * vital to the security of the system.  Even if the other end
+			 * accepts, if GENSEC claims 'MORE_PROCESSING_REQUIRED' then
+			 * you must keep feeding it blobs, or else the remote
+			 * host/attacker might avoid mutual authentication
+			 * requirements */
+
+			subreq = gensec_update_send(state, c->event_ctx,
+						    session->gensec,
+						    state->setup.spnego.out.secblob);
+			if (composite_nomem(subreq, c)) {
+				return;
+			}
+			tevent_req_set_callback(subreq,
+						smb_composite_sesssetup_spnego_done2,
+						c);
+			if (NT_STATUS_IS_OK(state->remote_status)) {
+				state->check_req = check_req;
+			} else {
+				TALLOC_FREE(check_req);
+			}
+			return;
+		} else {
+			state->setup.spnego.in.secblob = data_blob(NULL, 0);
+		}
+
+		if (cli_credentials_is_anonymous(state->io->in.credentials)) {
+			/*
+			 * anonymous => no signing
+			 */
+		} else if (NT_STATUS_IS_OK(state->remote_status)) {
+			DATA_BLOB session_key;
+
+			if (state->setup.spnego.in.secblob.length) {
+				c->status = NT_STATUS_INTERNAL_ERROR;
+				composite_error(c, c->status);
+				return;
+			}
+			session_key_err = gensec_session_key(session->gensec, session, &session_key);
+			if (NT_STATUS_IS_OK(session_key_err)) {
+				smb1cli_conn_activate_signing(session->transport->conn,
+							      session_key,
+							      null_data_blob);
+			}
+
+			c->status = smb1cli_session_set_session_key(session->smbXcli,
+								    session_key);
+			data_blob_free(&session_key);
+			if (!NT_STATUS_IS_OK(c->status)) {
+				composite_error(c, c->status);
+				return;
+			}
+		}
+
+		os = state->setup.spnego.out.os;
+		lanman = state->setup.spnego.out.lanman;
+		break;
+
+	case RAW_SESSSETUP_SMB2:
+		c->status = NT_STATUS_INTERNAL_ERROR;
+		composite_error(c, c->status);
+		return;
+	}
+
+	if (check_req) {
+		bool ok;
+
+		check_req->sign_caller_checks = false;
+
+		ok = smb1cli_conn_check_signing(check_req->transport->conn,
+						check_req->in.buffer, 1);
+		TALLOC_FREE(check_req);
+		if (!ok) {
+			c->status = NT_STATUS_ACCESS_DENIED;
+			composite_error(c, c->status);
+			return;
+		}
+	}
+
+	if (!NT_STATUS_IS_OK(c->status)) {
+		composite_error(c, c->status);
+		return;
+	}
+
+	if (os) {
+		session->os = talloc_strdup(session, os);
+		if (composite_nomem(session->os, c)) return;
+	} else {
+		session->os = NULL;
+	}
+	if (lanman) {
+		session->lanman = talloc_strdup(session, lanman);
+		if (composite_nomem(session->lanman, c)) return;
+	} else {
+		session->lanman = NULL;
+	}
+
+	composite_done(c);
+}
+
+
+/*
+  send a nt1 style session setup
+*/
+static NTSTATUS session_setup_nt1(struct composite_context *c,
+				  struct smbcli_session *session,
+				  struct smb_composite_sesssetup *io,
+				  struct smbcli_request **req)
+{
+	NTSTATUS nt_status = NT_STATUS_INTERNAL_ERROR;
+	struct sesssetup_state *state = talloc_get_type(c->private_data,
+							struct sesssetup_state);
+	const char *domain = cli_credentials_get_domain(io->in.credentials);
+
+	/*
+	 * domain controllers tend to reject the NTLM v2 blob
+	 * if the netbiosname is not valid (e.g. IP address or FQDN)
+	 * so just leave it away (as Windows client do)
+	 */
+	DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, NULL, domain);
+
+	DATA_BLOB session_key = data_blob(NULL, 0);
+	int flags = CLI_CRED_NTLM_AUTH;
+
+	if (session->options.lanman_auth) {
+		flags |= CLI_CRED_LANMAN_AUTH;
+	}
+
+	if (session->options.ntlmv2_auth) {
+		flags |= CLI_CRED_NTLMv2_AUTH;
+	}
+
+	state->setup.nt1.level           = RAW_SESSSETUP_NT1;
+	state->setup.nt1.in.bufsize      = session->transport->options.max_xmit;
+	state->setup.nt1.in.mpx_max      = session->transport->options.max_mux;
+	state->setup.nt1.in.vc_num       = 1;
+	state->setup.nt1.in.sesskey      = io->in.sesskey;
+	state->setup.nt1.in.capabilities = io->in.capabilities;
+	state->setup.nt1.in.os           = "Unix";
+	state->setup.nt1.in.lanman       = talloc_asprintf(state, "Samba %s", SAMBA_VERSION_STRING);
+
+	cli_credentials_get_ntlm_username_domain(io->in.credentials, state,
+						 &state->setup.nt1.in.user,
+						 &state->setup.nt1.in.domain);
+
+
+	if (session->transport->negotiate.sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) {
+		if (!cli_credentials_is_anonymous(io->in.credentials) &&
+		    session->options.ntlmv2_auth &&
+		    session->transport->options.use_spnego)
+		{
+			/*
+			 * Don't send an NTLMv2_RESPONSE without NTLMSSP
+			 * if we want to use spnego
+			 */
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		nt_status = cli_credentials_get_ntlm_response(io->in.credentials, state,
+							      &flags,
+							      session->transport->negotiate.secblob,
+							      NULL, /* server_timestamp */
+							      names_blob,
+							      &state->setup.nt1.in.password1,
+							      &state->setup.nt1.in.password2,
+							      NULL, &session_key);
+		NT_STATUS_NOT_OK_RETURN(nt_status);
+	} else if (session->options.plaintext_auth) {
+		const char *password = cli_credentials_get_password(io->in.credentials);
+		state->setup.nt1.in.password1 = data_blob_talloc(state, password, strlen(password));
+		state->setup.nt1.in.password2 = data_blob(NULL, 0);
+	} else {
+		/* could match windows client and return 'cannot logon from this workstation', but it just confuses everybody */
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	*req = smb_raw_sesssetup_send(session, &state->setup);
+	if (!*req) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		/*
+		 * plain text => no signing
+		 */
+		return (*req)->status;
+	}
+
+	if (cli_credentials_is_anonymous(io->in.credentials)) {
+		/*
+		 * anonymous => no signing
+		 */
+		return (*req)->status;
+	}
+
+	smb1cli_conn_activate_signing(session->transport->conn,
+				      session_key,
+				      state->setup.nt1.in.password2);
+
+	nt_status = smb1cli_session_set_session_key(session->smbXcli,
+						    session_key);
+	data_blob_free(&session_key);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		return nt_status;
+	}
+
+	return (*req)->status;
+}
+
+
+/*
+  old style session setup (pre NT1 protocol level)
+*/
+static NTSTATUS session_setup_old(struct composite_context *c,
+				  struct smbcli_session *session,
+				  struct smb_composite_sesssetup *io,
+				  struct smbcli_request **req)
+{
+	NTSTATUS nt_status;
+	struct sesssetup_state *state = talloc_get_type(c->private_data,
+							struct sesssetup_state);
+	const char *password = cli_credentials_get_password(io->in.credentials);
+
+	/*
+	 * domain controllers tend to reject the NTLM v2 blob
+	 * if the netbiosname is not valid (e.g. IP address or FQDN)
+	 * so just leave it away (as Windows client do)
+	 */
+	DATA_BLOB session_key;
+
+	state->setup.old.level      = RAW_SESSSETUP_OLD;
+	state->setup.old.in.bufsize = session->transport->options.max_xmit;
+	state->setup.old.in.mpx_max = session->transport->options.max_mux;
+	state->setup.old.in.vc_num  = 1;
+	state->setup.old.in.sesskey = io->in.sesskey;
+	state->setup.old.in.os      = "Unix";
+	state->setup.old.in.lanman  = talloc_asprintf(state, "Samba %s", SAMBA_VERSION_STRING);
+	cli_credentials_get_ntlm_username_domain(io->in.credentials, state,
+						 &state->setup.old.in.user,
+						 &state->setup.old.in.domain);
+
+	if (session->transport->negotiate.sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) {
+		DATA_BLOB names_blob = data_blob_null;
+		int flags = 0;
+
+		if (!cli_credentials_is_anonymous(io->in.credentials) &&
+		    !session->options.lanman_auth)
+		{
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		flags |= CLI_CRED_LANMAN_AUTH;
+
+		nt_status = cli_credentials_get_ntlm_response(io->in.credentials, state,
+							      &flags,
+							      session->transport->negotiate.secblob,
+							      NULL, /* server_timestamp */
+							      names_blob,
+							      &state->setup.old.in.password,
+							      NULL,
+							      NULL, &session_key);
+		NT_STATUS_NOT_OK_RETURN(nt_status);
+
+		nt_status = smb1cli_session_set_session_key(session->smbXcli,
+							    session_key);
+		data_blob_free(&session_key);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			return nt_status;
+		}
+	} else if (session->options.plaintext_auth) {
+		state->setup.old.in.password = data_blob_talloc(state, password, strlen(password));
+	} else {
+		/* could match windows client and return 'cannot logon from this workstation', but it just confuses everybody */
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	*req = smb_raw_sesssetup_send(session, &state->setup);
+	if (!*req) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	return (*req)->status;
+}
+
+static NTSTATUS session_setup_spnego_restart(struct composite_context *c,
+					     struct smbcli_session *session,
+					     struct smb_composite_sesssetup *io)
+{
+	struct sesssetup_state *state = talloc_get_type(c->private_data, struct sesssetup_state);
+	NTSTATUS status;
+
+	status = gensec_client_start(session, &session->gensec,
+				     io->in.gensec_settings);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(1, ("Failed to start GENSEC client mode: %s\n", nt_errstr(status)));
+		return status;
+	}
+
+	gensec_want_feature(session->gensec, GENSEC_FEATURE_SESSION_KEY);
+
+	status = gensec_set_credentials(session->gensec, io->in.credentials);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(1, ("Failed to start set GENSEC client credentials: %s\n",
+			  nt_errstr(status)));
+		return status;
+	}
+
+	status = gensec_set_target_hostname(session->gensec,
+			smbXcli_conn_remote_name(session->transport->conn));
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(1, ("Failed to start set GENSEC target hostname: %s\n",
+			  nt_errstr(status)));
+		return status;
+	}
+
+	status = gensec_set_target_service(session->gensec, "cifs");
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(1, ("Failed to start set GENSEC target service: %s\n",
+			  nt_errstr(status)));
+		return status;
+	}
+
+	state->setup.spnego.out.secblob =
+			session->transport->negotiate.secblob;
+	if (session->transport->negotiate.secblob.length) {
+		state->chosen_oid = GENSEC_OID_SPNEGO;
+		status = gensec_start_mech_by_oid(session->gensec,
+						  state->chosen_oid);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(1, ("Failed to start set GENSEC client mechanism %s: %s\n",
+				  gensec_get_name_by_oid(session->gensec,
+							 state->chosen_oid),
+				  nt_errstr(status)));
+			state->setup.spnego.out.secblob = data_blob_null;
+			state->chosen_oid = GENSEC_OID_NTLMSSP;
+			status = gensec_start_mech_by_oid(session->gensec,
+							  state->chosen_oid);
+			if (!NT_STATUS_IS_OK(status)) {
+				DEBUG(1, ("Failed to start set (fallback) GENSEC client mechanism %s: %s\n",
+					  gensec_get_name_by_oid(session->gensec,
+								 state->chosen_oid),
+					  nt_errstr(status)));
+				return status;
+			}
+		}
+	} else {
+		/* without a sec blob, means raw NTLMSSP */
+		state->chosen_oid = GENSEC_OID_NTLMSSP;
+		status = gensec_start_mech_by_oid(session->gensec,
+						  state->chosen_oid);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(1, ("Failed to start set GENSEC client mechanism %s: %s\n",
+				  gensec_get_name_by_oid(session->gensec,
+							 state->chosen_oid),
+				  nt_errstr(status)));
+			return status;
+		}
+	}
+
+	state->gensec_status = NT_STATUS_MORE_PROCESSING_REQUIRED;
+	state->remote_status = NT_STATUS_MORE_PROCESSING_REQUIRED;
+	return NT_STATUS_OK;
+}
+
+/*
+  Modern, all singing, all dancing extended security (and possibly SPNEGO) request
+*/
+static NTSTATUS session_setup_spnego(struct composite_context *c,
+				     struct smbcli_session *session,
+				     struct smb_composite_sesssetup *io,
+				     struct smbcli_request **req)
+{
+	struct sesssetup_state *state = talloc_get_type(c->private_data, struct sesssetup_state);
+
+	state->setup.spnego.level           = RAW_SESSSETUP_SPNEGO;
+	state->setup.spnego.in.bufsize      = session->transport->options.max_xmit;
+	state->setup.spnego.in.mpx_max      = session->transport->options.max_mux;
+	state->setup.spnego.in.vc_num       = 1;
+	state->setup.spnego.in.sesskey      = io->in.sesskey;
+	state->setup.spnego.in.capabilities = io->in.capabilities;
+	state->setup.spnego.in.os           = "Unix";
+	state->setup.spnego.in.lanman       = talloc_asprintf(state, "Samba %s", SAMBA_VERSION_STRING);
+	state->setup.spnego.in.workgroup    = io->in.workgroup;
+
+	*req = smb_raw_sesssetup_send(session, &state->setup);
+	if (!*req) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/*
+	 * we need to check the signature ourself
+	 * as the session key might be the acceptor subkey
+	 * which comes within the response itself
+	 */
+	if (!smb1cli_conn_signing_is_active((*req)->transport->conn)) {
+		(*req)->sign_caller_checks = true;
+	}
+
+	return (*req)->status;
+}
+
+
+/*
+  composite session setup function that hides the details of all the
+  different session setup variants, including the multi-pass nature of
+  the spnego variant
+*/
+struct composite_context *smb_composite_sesssetup_send(struct smbcli_session *session,
+						       struct smb_composite_sesssetup *io)
+{
+	struct composite_context *c;
+	struct sesssetup_state *state;
+	NTSTATUS status;
+	enum smb_encryption_setting encryption_state =
+		cli_credentials_get_smb_encryption(io->in.credentials);
+	enum credentials_use_kerberos krb5_state =
+		cli_credentials_get_kerberos_state(io->in.credentials);
+
+	c = composite_create(session, session->transport->ev);
+	if (c == NULL) return NULL;
+
+	if (encryption_state > SMB_ENCRYPTION_DESIRED) {
+		composite_error(c, NT_STATUS_PROTOCOL_NOT_SUPPORTED);
+		return c;
+	}
+
+	state = talloc_zero(c, struct sesssetup_state);
+	if (composite_nomem(state, c)) return c;
+	c->private_data = state;
+
+	state->session = session;
+	state->io = io;
+
+	talloc_set_destructor(state, sesssetup_state_destructor);
+
+	/* no session setup at all in earliest protocol variants */
+	if (session->transport->negotiate.protocol < PROTOCOL_LANMAN1) {
+		if (krb5_state == CRED_USE_KERBEROS_REQUIRED) {
+			composite_error(c, NT_STATUS_NETWORK_CREDENTIAL_CONFLICT);
+			return c;
+		}
+		ZERO_STRUCT(io->out);
+		composite_done(c);
+		return c;
+	}
+
+	/* see what session setup interface we will use */
+	if (session->transport->negotiate.protocol < PROTOCOL_NT1) {
+		if (krb5_state == CRED_USE_KERBEROS_REQUIRED) {
+			composite_error(c, NT_STATUS_NETWORK_CREDENTIAL_CONFLICT);
+			return c;
+		}
+		status = session_setup_old(c, session, io, &state->req);
+	} else if (!session->transport->options.use_spnego ||
+		   !(io->in.capabilities & CAP_EXTENDED_SECURITY)) {
+		if (krb5_state == CRED_USE_KERBEROS_REQUIRED) {
+			composite_error(c, NT_STATUS_NETWORK_CREDENTIAL_CONFLICT);
+			return c;
+		}
+		status = session_setup_nt1(c, session, io, &state->req);
+	} else {
+		struct tevent_req *subreq = NULL;
+
+		status = session_setup_spnego_restart(c, session, io);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(1, ("session_setup_spnego_restart() failed: %s\n",
+				  nt_errstr(status)));
+			c->status = status;
+			composite_error(c, c->status);
+			return c;
+		}
+
+		subreq = gensec_update_send(state, c->event_ctx,
+					    session->gensec,
+					    state->setup.spnego.out.secblob);
+		if (composite_nomem(subreq, c)) {
+			return c;
+		}
+		tevent_req_set_callback(subreq,
+					smb_composite_sesssetup_spnego_done1,
+					c);
+		return c;
+	}
+
+	if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) ||
+	    NT_STATUS_IS_OK(status)) {
+		composite_continue_smb(c, state->req, request_handler, c);
+		return c;
+	}
+
+	composite_error(c, status);
+	return c;
+}
+
+static void smb_composite_sesssetup_spnego_done1(struct tevent_req *subreq)
+{
+	struct composite_context *c =
+		tevent_req_callback_data(subreq,
+		struct composite_context);
+	struct sesssetup_state *state =
+		talloc_get_type_abort(c->private_data,
+		struct sesssetup_state);
+	NTSTATUS status;
+
+	status = gensec_update_recv(subreq, state,
+				    &state->setup.spnego.in.secblob);
+	TALLOC_FREE(subreq);
+	if (GENSEC_UPDATE_IS_NTERROR(status)) {
+		DEBUG(1, ("Failed initial gensec_update with mechanism %s: %s\n",
+			  gensec_get_name_by_oid(state->session->gensec,
+						 state->chosen_oid),
+			  nt_errstr(status)));
+		c->status = status;
+		composite_error(c, c->status);
+		return;
+	}
+	state->gensec_status = status;
+
+	status = session_setup_spnego(c, state->session, state->io, &state->req);
+	if (!NT_STATUS_IS_OK(status)) {
+		c->status = status;
+		composite_error(c, c->status);
+		return;
+	}
+
+	composite_continue_smb(c, state->req, request_handler, c);
+}
+
+static void smb_composite_sesssetup_spnego_done2(struct tevent_req *subreq)
+{
+	struct composite_context *c =
+		tevent_req_callback_data(subreq,
+		struct composite_context);
+	struct sesssetup_state *state =
+		talloc_get_type_abort(c->private_data,
+		struct sesssetup_state);
+	struct smbcli_session *session = state->session;
+	NTSTATUS status;
+	const char *os = NULL;
+	const char *lanman = NULL;
+
+	status = gensec_update_recv(subreq, state,
+				    &state->setup.spnego.in.secblob);
+	TALLOC_FREE(subreq);
+	if (GENSEC_UPDATE_IS_NTERROR(status)) {
+		DEBUG(1, ("Failed initial gensec_update with mechanism %s: %s\n",
+			  gensec_get_name_by_oid(state->session->gensec,
+						 state->chosen_oid),
+			  nt_errstr(status)));
+		c->status = status;
+		composite_error(c, c->status);
+		return;
+	}
+	state->gensec_status = status;
+
+	if (NT_STATUS_IS_OK(state->remote_status)) {
+		if (state->setup.spnego.in.secblob.length) {
+			c->status = NT_STATUS_INTERNAL_ERROR;
+			composite_error(c, c->status);
+			return;
+		}
+	}
+
+	if (state->setup.spnego.in.secblob.length) {
+		/*
+		 * set the session->vuid value only for calling
+		 * smb_raw_sesssetup_send()
+		 */
+		uint16_t vuid = session->vuid;
+		session->vuid = state->io->out.vuid;
+		state->req = smb_raw_sesssetup_send(session, &state->setup);
+		session->vuid = vuid;
+		if (state->req &&
+		    !smb1cli_conn_signing_is_active(state->req->transport->conn)) {
+			state->req->sign_caller_checks = true;
+		}
+		composite_continue_smb(c, state->req, request_handler, c);
+		return;
+	}
+
+	if (cli_credentials_is_anonymous(state->io->in.credentials)) {
+		/*
+		 * anonymous => no signing
+		 */
+	} else if (NT_STATUS_IS_OK(state->remote_status)) {
+		NTSTATUS session_key_err;
+		DATA_BLOB session_key;
+
+		session_key_err = gensec_session_key(session->gensec, session, &session_key);
+		if (NT_STATUS_IS_OK(session_key_err)) {
+			smb1cli_conn_activate_signing(session->transport->conn,
+						      session_key,
+						      data_blob_null);
+		}
+
+		c->status = smb1cli_session_set_session_key(session->smbXcli,
+							    session_key);
+		data_blob_free(&session_key);
+		if (!NT_STATUS_IS_OK(c->status)) {
+			composite_error(c, c->status);
+			return;
+		}
+	}
+
+	os = state->setup.spnego.out.os;
+	lanman = state->setup.spnego.out.lanman;
+
+	if (state->check_req) {
+		struct smbcli_request *check_req = state->check_req;
+		bool ok;
+
+		check_req->sign_caller_checks = false;
+
+		ok = smb1cli_conn_check_signing(check_req->transport->conn,
+						check_req->in.buffer, 1);
+		TALLOC_FREE(check_req);
+		if (!ok) {
+			c->status = NT_STATUS_ACCESS_DENIED;
+			composite_error(c, c->status);
+			return;
+		}
+	}
+
+	if (os) {
+		session->os = talloc_strdup(session, os);
+		if (composite_nomem(session->os, c)) return;
+	} else {
+		session->os = NULL;
+	}
+	if (lanman) {
+		session->lanman = talloc_strdup(session, lanman);
+		if (composite_nomem(session->lanman, c)) return;
+	} else {
+		session->lanman = NULL;
+	}
+
+	composite_done(c);
+}
+
+/*
+  receive a composite session setup reply
+*/
+NTSTATUS smb_composite_sesssetup_recv(struct composite_context *c)
+{
+	NTSTATUS status;
+	status = composite_wait(c);
+	talloc_free(c);
+	return status;
+}
+
+/*
+  sync version of smb_composite_sesssetup
+*/
+NTSTATUS smb_composite_sesssetup(struct smbcli_session *session, struct smb_composite_sesssetup *io)
+{
+	struct composite_context *c = smb_composite_sesssetup_send(session, io);
+	return smb_composite_sesssetup_recv(c);
+}
diff --git a/source4/libcli/smb_composite/smb2.c b/source4/libcli/smb_composite/smb2.c
new file mode 100644
index 0000000..0fa51b2
--- /dev/null
+++ b/source4/libcli/smb_composite/smb2.c
@@ -0,0 +1,447 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Andrew Tridgell 2008
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+  a composite API for making SMB-like calls using SMB2. This is useful
+  as SMB2 often requires more than one requests where a single SMB
+  request would do. In converting code that uses SMB to use SMB2,
+  these routines make life a lot easier
+*/
+
+
+#include "includes.h"
+#include <tevent.h>
+#include "lib/util/tevent_ntstatus.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/composite/composite.h"
+#include "libcli/smb_composite/smb_composite.h"
+#include "libcli/smb2/smb2_calls.h"
+
+/*
+  continue after a SMB2 close
+ */
+static void continue_close(struct smb2_request *req)
+{
+	struct composite_context *ctx = talloc_get_type(req->async.private_data, 
+							struct composite_context);
+	NTSTATUS status;
+	struct smb2_close close_parm;
+
+	status = smb2_close_recv(req, &close_parm);
+	composite_error(ctx, status);	
+}
+
+/*
+  continue after the create in a composite unlink
+ */
+static void continue_unlink(struct smb2_request *req)
+{
+	struct composite_context *ctx = talloc_get_type(req->async.private_data, 
+							struct composite_context);
+	struct smb2_tree *tree = req->tree;
+	struct smb2_create create_parm;
+	struct smb2_close close_parm;
+	NTSTATUS status;
+
+	status = smb2_create_recv(req, ctx, &create_parm);
+	if (!NT_STATUS_IS_OK(status)) {
+		composite_error(ctx, status);
+		return;
+	}
+
+	ZERO_STRUCT(close_parm);
+	close_parm.in.file.handle = create_parm.out.file.handle;
+	
+	req = smb2_close_send(tree, &close_parm);
+	composite_continue_smb2(ctx, req, continue_close, ctx);
+}
+
+/*
+  composite SMB2 unlink call
+*/
+struct composite_context *smb2_composite_unlink_send(struct smb2_tree *tree, 
+						     union smb_unlink *io)
+{
+	struct composite_context *ctx;
+	struct smb2_create create_parm;
+	struct smb2_request *req;
+
+	ctx = composite_create(tree, tree->session->transport->ev);
+	if (ctx == NULL) return NULL;
+
+	/* check for wildcards - we could support these with a
+	   search, but for now they aren't necessary */
+	if (strpbrk(io->unlink.in.pattern, "*?<>") != NULL) {
+		composite_error(ctx, NT_STATUS_NOT_SUPPORTED);
+		return ctx;
+	}
+
+	ZERO_STRUCT(create_parm);
+	create_parm.in.desired_access     = SEC_STD_DELETE;
+	create_parm.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create_parm.in.share_access = 
+		NTCREATEX_SHARE_ACCESS_DELETE|
+		NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	create_parm.in.create_options = 
+		NTCREATEX_OPTIONS_DELETE_ON_CLOSE |
+		NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+	create_parm.in.fname = io->unlink.in.pattern;
+	if (create_parm.in.fname[0] == '\\') {
+		create_parm.in.fname++;
+	}
+
+	req = smb2_create_send(tree, &create_parm);
+
+	composite_continue_smb2(ctx, req, continue_unlink, ctx);
+	return ctx;
+}
+
+
+/*
+  composite unlink call - sync interface
+*/
+NTSTATUS smb2_composite_unlink(struct smb2_tree *tree, union smb_unlink *io)
+{
+	struct composite_context *c = smb2_composite_unlink_send(tree, io);
+	return composite_wait_free(c);
+}
+
+
+
+
+/*
+  continue after the create in a composite mkdir
+ */
+static void continue_mkdir(struct smb2_request *req)
+{
+	struct composite_context *ctx = talloc_get_type(req->async.private_data, 
+							struct composite_context);
+	struct smb2_tree *tree = req->tree;
+	struct smb2_create create_parm;
+	struct smb2_close close_parm;
+	NTSTATUS status;
+
+	status = smb2_create_recv(req, ctx, &create_parm);
+	if (!NT_STATUS_IS_OK(status)) {
+		composite_error(ctx, status);
+		return;
+	}
+
+	ZERO_STRUCT(close_parm);
+	close_parm.in.file.handle = create_parm.out.file.handle;
+	
+	req = smb2_close_send(tree, &close_parm);
+	composite_continue_smb2(ctx, req, continue_close, ctx);
+}
+
+/*
+  composite SMB2 mkdir call
+*/
+struct composite_context *smb2_composite_mkdir_send(struct smb2_tree *tree, 
+						     union smb_mkdir *io)
+{
+	struct composite_context *ctx;
+	struct smb2_create create_parm;
+	struct smb2_request *req;
+
+	ctx = composite_create(tree, tree->session->transport->ev);
+	if (ctx == NULL) return NULL;
+
+	ZERO_STRUCT(create_parm);
+
+	create_parm.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED;
+	create_parm.in.share_access = 
+		NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	create_parm.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	create_parm.in.file_attributes   = FILE_ATTRIBUTE_DIRECTORY;
+	create_parm.in.create_disposition = NTCREATEX_DISP_CREATE;
+	create_parm.in.fname = io->mkdir.in.path;
+	if (create_parm.in.fname[0] == '\\') {
+		create_parm.in.fname++;
+	}
+
+	req = smb2_create_send(tree, &create_parm);
+
+	composite_continue_smb2(ctx, req, continue_mkdir, ctx);
+
+	return ctx;
+}
+
+
+/*
+  composite mkdir call - sync interface
+*/
+NTSTATUS smb2_composite_mkdir(struct smb2_tree *tree, union smb_mkdir *io)
+{
+	struct composite_context *c = smb2_composite_mkdir_send(tree, io);
+	return composite_wait_free(c);
+}
+
+
+
+/*
+  continue after the create in a composite rmdir
+ */
+static void continue_rmdir(struct smb2_request *req)
+{
+	struct composite_context *ctx = talloc_get_type(req->async.private_data, 
+							struct composite_context);
+	struct smb2_tree *tree = req->tree;
+	struct smb2_create create_parm;
+	struct smb2_close close_parm;
+	NTSTATUS status;
+
+	status = smb2_create_recv(req, ctx, &create_parm);
+	if (!NT_STATUS_IS_OK(status)) {
+		composite_error(ctx, status);
+		return;
+	}
+
+	ZERO_STRUCT(close_parm);
+	close_parm.in.file.handle = create_parm.out.file.handle;
+	
+	req = smb2_close_send(tree, &close_parm);
+	composite_continue_smb2(ctx, req, continue_close, ctx);
+}
+
+/*
+  composite SMB2 rmdir call
+*/
+struct composite_context *smb2_composite_rmdir_send(struct smb2_tree *tree, 
+						    struct smb_rmdir *io)
+{
+	struct composite_context *ctx;
+	struct smb2_create create_parm;
+	struct smb2_request *req;
+
+	ctx = composite_create(tree, tree->session->transport->ev);
+	if (ctx == NULL) return NULL;
+
+	ZERO_STRUCT(create_parm);
+	create_parm.in.desired_access     = SEC_STD_DELETE;
+	create_parm.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create_parm.in.share_access = 
+		NTCREATEX_SHARE_ACCESS_DELETE|
+		NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	create_parm.in.create_options = 
+		NTCREATEX_OPTIONS_DIRECTORY |
+		NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
+	create_parm.in.fname = io->in.path;
+	if (create_parm.in.fname[0] == '\\') {
+		create_parm.in.fname++;
+	}
+
+	req = smb2_create_send(tree, &create_parm);
+
+	composite_continue_smb2(ctx, req, continue_rmdir, ctx);
+	return ctx;
+}
+
+
+/*
+  composite rmdir call - sync interface
+*/
+NTSTATUS smb2_composite_rmdir(struct smb2_tree *tree, struct smb_rmdir *io)
+{
+	struct composite_context *c = smb2_composite_rmdir_send(tree, io);
+	return composite_wait_free(c);
+}
+
+struct smb2_composite_setpathinfo_state {
+	struct smb2_tree *tree;
+	union smb_setfileinfo io;
+	NTSTATUS set_status;
+	struct smb2_create cr;
+	struct smb2_close cl;
+};
+
+static void smb2_composite_setpathinfo_create_done(struct smb2_request *smb2req);
+
+/*
+  composite SMB2 setpathinfo call
+*/
+struct tevent_req *smb2_composite_setpathinfo_send(TALLOC_CTX *mem_ctx,
+						   struct tevent_context *ev,
+						   struct smb2_tree *tree,
+						   const union smb_setfileinfo *io)
+{
+	struct tevent_req *req;
+	struct smb2_composite_setpathinfo_state *state;
+	struct smb2_request *smb2req;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct smb2_composite_setpathinfo_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	state->tree = tree;
+	state->io = *io;
+
+	state->cr.in.desired_access     = SEC_FLAG_MAXIMUM_ALLOWED;
+	state->cr.in.create_disposition = NTCREATEX_DISP_OPEN;
+	state->cr.in.share_access =
+		NTCREATEX_SHARE_ACCESS_DELETE|
+		NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	state->cr.in.create_options = 0;
+	state->cr.in.fname = state->io.generic.in.file.path;
+	if (state->cr.in.fname[0] == '\\') {
+		state->cr.in.fname++;
+	}
+
+	smb2req = smb2_create_send(tree, &state->cr);
+	if (tevent_req_nomem(smb2req, req)) {
+		return tevent_req_post(req, ev);
+	}
+	smb2req->async.fn = smb2_composite_setpathinfo_create_done;
+	smb2req->async.private_data = req;
+
+	return req;
+}
+
+static void smb2_composite_setpathinfo_setinfo_done(struct smb2_request *smb2req);
+
+static void smb2_composite_setpathinfo_create_done(struct smb2_request *smb2req)
+{
+	struct tevent_req *req =
+		talloc_get_type_abort(smb2req->async.private_data,
+		struct tevent_req);
+	struct smb2_composite_setpathinfo_state *state =
+		tevent_req_data(req,
+		struct smb2_composite_setpathinfo_state);
+	NTSTATUS status;
+
+	status = smb2_create_recv(smb2req, state, &state->cr);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	state->io.generic.in.file.handle = state->cr.out.file.handle;
+
+	smb2req = smb2_setinfo_file_send(state->tree, &state->io);
+	if (tevent_req_nomem(smb2req, req)) {
+		return;
+	}
+	smb2req->async.fn = smb2_composite_setpathinfo_setinfo_done;
+	smb2req->async.private_data = req;
+}
+
+static void smb2_composite_setpathinfo_close_done(struct smb2_request *smb2req);
+
+static void smb2_composite_setpathinfo_setinfo_done(struct smb2_request *smb2req)
+{
+	struct tevent_req *req =
+		talloc_get_type_abort(smb2req->async.private_data,
+		struct tevent_req);
+	struct smb2_composite_setpathinfo_state *state =
+		tevent_req_data(req,
+		struct smb2_composite_setpathinfo_state);
+	NTSTATUS status;
+
+	status = smb2_setinfo_recv(smb2req);
+	state->set_status = status;
+
+	state->cl.in.file.handle = state->io.generic.in.file.handle;
+
+	smb2req = smb2_close_send(state->tree, &state->cl);
+	if (tevent_req_nomem(smb2req, req)) {
+		return;
+	}
+	smb2req->async.fn = smb2_composite_setpathinfo_close_done;
+	smb2req->async.private_data = req;
+}
+
+static void smb2_composite_setpathinfo_close_done(struct smb2_request *smb2req)
+{
+	struct tevent_req *req =
+		talloc_get_type_abort(smb2req->async.private_data,
+		struct tevent_req);
+	struct smb2_composite_setpathinfo_state *state =
+		tevent_req_data(req,
+		struct smb2_composite_setpathinfo_state);
+	NTSTATUS status;
+
+	status = smb2_close_recv(smb2req, &state->cl);
+
+	if (tevent_req_nterror(req, state->set_status)) {
+		return;
+	}
+
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	tevent_req_done(req);
+}
+
+NTSTATUS smb2_composite_setpathinfo_recv(struct tevent_req *req)
+{
+	NTSTATUS status;
+
+	if (tevent_req_is_nterror(req, &status)) {
+		tevent_req_received(req);
+		return status;
+	}
+
+	tevent_req_received(req);
+	return NT_STATUS_OK;
+}
+
+/*
+  composite setpathinfo call
+ */
+NTSTATUS smb2_composite_setpathinfo(struct smb2_tree *tree, union smb_setfileinfo *io)
+{
+	struct tevent_req *subreq;
+	NTSTATUS status;
+	bool ok;
+	TALLOC_CTX *frame = talloc_stackframe();
+	struct tevent_context *ev = tree->session->transport->ev;
+
+	if (frame == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	subreq = smb2_composite_setpathinfo_send(frame, ev, tree, io);
+	if (subreq == NULL) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ok = tevent_req_poll(subreq, ev);
+	if (!ok) {
+		status = map_nt_error_from_unix_common(errno);
+		TALLOC_FREE(frame);
+		return status;
+	}
+
+	status = smb2_composite_setpathinfo_recv(subreq);
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(frame);
+		return status;
+	}
+
+	TALLOC_FREE(frame);
+	return NT_STATUS_OK;
+}
diff --git a/source4/libcli/smb_composite/smb_composite.h b/source4/libcli/smb_composite/smb_composite.h
new file mode 100644
index 0000000..b41cf98
--- /dev/null
+++ b/source4/libcli/smb_composite/smb_composite.h
@@ -0,0 +1,283 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   SMB composite request interfaces
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+  this defines the structures associated with "composite"
+  requests. Composite requests are libcli requests that are internally
+  implemented as multiple libcli/raw/ calls, but can be treated as a
+  single call via these composite calls. The composite calls are
+  particularly designed to be used in async applications
+*/
+
+#ifndef __SMB_COMPOSITE_H__
+#define __SMB_COMPOSITE_H__
+
+#include "libcli/raw/libcliraw.h"
+#include "libcli/smb2/smb2.h"
+
+/*
+  a composite open/read(s)/close request that loads a whole file
+  into memory. Used as a demo of the composite system.
+*/
+struct smb_composite_loadfile {
+	struct {
+		const char *fname;
+	} in;
+	struct {
+		uint8_t *data;
+		uint32_t size;
+	} out;
+};
+
+struct composite_context *smb_composite_loadfile_send(struct smbcli_tree *tree, 
+						     struct smb_composite_loadfile *io);
+NTSTATUS smb_composite_loadfile_recv(struct composite_context *c, TALLOC_CTX *mem_ctx);
+NTSTATUS smb_composite_loadfile(struct smbcli_tree *tree, 
+				TALLOC_CTX *mem_ctx,
+				struct smb_composite_loadfile *io);
+
+struct smb_composite_fetchfile {
+	struct {
+		const char *dest_host;
+		const char **ports;
+		const char *called_name;
+		const char *service;
+		const char *service_type;
+		const char *socket_options;
+		struct cli_credentials *credentials;
+		const char *workgroup;
+		const char *filename;
+		struct smbcli_options options;
+		struct smbcli_session_options session_options;
+		struct resolve_context *resolve_ctx;
+		struct gensec_settings *gensec_settings;
+	} in;
+	struct {
+		uint8_t *data;
+		uint32_t size;
+	} out;
+};
+
+struct composite_context *smb_composite_fetchfile_send(struct smb_composite_fetchfile *io,
+						       struct tevent_context *event_ctx);
+NTSTATUS smb_composite_fetchfile_recv(struct composite_context *c,
+				      TALLOC_CTX *mem_ctx);
+NTSTATUS smb_composite_fetchfile(struct smb_composite_fetchfile *io,
+				 TALLOC_CTX *mem_ctx);
+
+/*
+  a composite open/write(s)/close request that saves a whole file from
+  memory. Used as a demo of the composite system.
+*/
+struct smb_composite_savefile {
+	struct {
+		const char *fname;
+		uint8_t *data;
+		uint32_t size;
+	} in;
+};
+
+struct composite_context *smb_composite_savefile_send(struct smbcli_tree *tree, 
+						      struct smb_composite_savefile *io);
+NTSTATUS smb_composite_savefile_recv(struct composite_context *c);
+NTSTATUS smb_composite_savefile(struct smbcli_tree *tree, 
+				struct smb_composite_savefile *io);
+
+/*
+  a composite request for a low level connection to a remote server. Includes
+
+    - socket establishment
+    - session request
+    - negprot
+*/
+struct tevent_req *smb_connect_nego_send(TALLOC_CTX *mem_ctx,
+					 struct tevent_context *ev,
+					 struct resolve_context *resolve_ctx,
+					 const struct smbcli_options *options,
+					 const char *socket_options,
+					 const char *dest_hostname,
+					 const char *dest_address, /* optional */
+					 const char **dest_ports,
+					 const char *target_hostname,
+					 const char *called_name,
+					 const char *calling_name);
+NTSTATUS smb_connect_nego_recv(struct tevent_req *req,
+			       TALLOC_CTX *mem_ctx,
+			       struct smbXcli_conn **_conn);
+
+/*
+  a composite request for a full connection to a remote server. Includes
+
+    - socket establishment
+    - session request
+    - negprot
+    - session setup (if credentials are not NULL)
+    - tree connect (if service is not NULL)
+*/
+struct smb_composite_connect {
+	struct {
+		const char *dest_host;
+		const char **dest_ports;
+		const char *socket_options;
+		const char *called_name;
+		const char *service;
+		const char *service_type;
+		struct smbXcli_conn *existing_conn; /* optional */
+		struct cli_credentials *credentials;
+		bool fallback_to_anonymous;
+		const char *workgroup;
+		struct smbcli_options options;
+		struct smbcli_session_options session_options;
+		struct gensec_settings *gensec_settings;
+	} in;
+	struct {
+		struct smbcli_tree *tree;
+		bool anonymous_fallback_done;
+	} out;
+};
+
+struct composite_context *smb_composite_connect_send(struct smb_composite_connect *io,
+						     TALLOC_CTX *mem_ctx,
+						     struct resolve_context *resolve_ctx,
+						     struct tevent_context *event_ctx);
+NTSTATUS smb_composite_connect_recv(struct composite_context *c, TALLOC_CTX *mem_ctx);
+NTSTATUS smb_composite_connect(struct smb_composite_connect *io, TALLOC_CTX *mem_ctx,
+			       struct resolve_context *resolve_ctx,
+			       struct tevent_context *ev);
+
+
+/*
+  generic session setup interface that takes care of which
+  session setup variant to use
+*/
+struct smb_composite_sesssetup {
+	struct {
+		uint32_t sesskey;
+		uint32_t capabilities;
+		struct cli_credentials *credentials;
+		const char *workgroup;
+		struct gensec_settings *gensec_settings;
+	} in;
+	struct {
+		uint16_t vuid;
+	} out;		
+};
+
+struct composite_context *smb_composite_sesssetup_send(struct smbcli_session *session, 
+						       struct smb_composite_sesssetup *io);
+NTSTATUS smb_composite_sesssetup_recv(struct composite_context *c);
+NTSTATUS smb_composite_sesssetup(struct smbcli_session *session, struct smb_composite_sesssetup *io);
+
+/*
+  query file system info
+*/
+struct smb_composite_fsinfo {
+	struct {
+		const char *dest_host;
+		const char **dest_ports;
+		const char *socket_options;
+		const char *called_name;
+		const char *service;
+		const char *service_type;
+		struct cli_credentials *credentials;
+		const char *workgroup;
+		enum smb_fsinfo_level level;
+		struct gensec_settings *gensec_settings;
+	} in;
+	
+	struct {
+		union smb_fsinfo *fsinfo;
+	} out;
+};
+
+struct composite_context *smb_composite_fsinfo_send(struct smbcli_tree *tree, 
+						    struct smb_composite_fsinfo *io,
+						    struct resolve_context *resolve_ctx,
+						    struct tevent_context *event_ctx);
+NTSTATUS smb_composite_fsinfo_recv(struct composite_context *c, TALLOC_CTX *mem_ctx);
+NTSTATUS smb_composite_fsinfo(struct smbcli_tree *tree, 
+			      TALLOC_CTX *mem_ctx,
+			      struct smb_composite_fsinfo *io,
+			      struct resolve_context *resolve_ctx,
+			      struct tevent_context *ev);
+
+/*
+  composite call for appending new acl to the file's security descriptor and get 
+  new full acl
+*/
+
+struct smb_composite_appendacl {
+	struct {
+		const char *fname;
+
+		const struct security_descriptor *sd;
+	} in;
+	
+	struct {
+		struct security_descriptor *sd;
+	} out;
+};
+
+struct composite_context *smb_composite_appendacl_send(struct smbcli_tree *tree, 
+							struct smb_composite_appendacl *io);
+NTSTATUS smb_composite_appendacl_recv(struct composite_context *c, TALLOC_CTX *mem_ctx);
+NTSTATUS smb_composite_appendacl(struct smbcli_tree *tree, 
+				TALLOC_CTX *mem_ctx,
+				struct smb_composite_appendacl *io);
+
+/*
+  a composite API to fire connect() calls to multiple targets, picking the
+  first one.
+*/
+
+struct smb_composite_connectmulti {
+	struct {
+		int num_dests;
+		const char **hostnames;
+		const char **addresses;
+		int *ports; 	/* Either NULL for lpcfg_smb_ports() per
+				 * destination or a list of explicit ports */
+	} in;
+	struct {
+		struct smbcli_socket *socket;
+	} out;
+};
+
+struct smbcli_session;
+struct resolve_context;
+
+struct composite_context *smb2_composite_unlink_send(struct smb2_tree *tree, 
+						     union smb_unlink *io);
+NTSTATUS smb2_composite_unlink(struct smb2_tree *tree, union smb_unlink *io);
+struct composite_context *smb2_composite_mkdir_send(struct smb2_tree *tree, 
+						     union smb_mkdir *io);
+NTSTATUS smb2_composite_mkdir(struct smb2_tree *tree, union smb_mkdir *io);
+struct composite_context *smb2_composite_rmdir_send(struct smb2_tree *tree, 
+						    struct smb_rmdir *io);
+NTSTATUS smb2_composite_rmdir(struct smb2_tree *tree, struct smb_rmdir *io);
+struct tevent_req *smb2_composite_setpathinfo_send(TALLOC_CTX *mem_ctx,
+						   struct tevent_context *ev,
+						   struct smb2_tree *tree,
+						   const union smb_setfileinfo *io);
+NTSTATUS smb2_composite_setpathinfo_recv(struct tevent_req *req);
+NTSTATUS smb2_composite_setpathinfo(struct smb2_tree *tree, union smb_setfileinfo *io);
+
+#endif /* __SMB_COMPOSITE_H__ */
diff --git a/source4/libcli/util/clilsa.c b/source4/libcli/util/clilsa.c
new file mode 100644
index 0000000..8476fd8
--- /dev/null
+++ b/source4/libcli/util/clilsa.c
@@ -0,0 +1,548 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   lsa calls for file sharing connections
+
+   Copyright (C) Andrew Tridgell 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+  when dealing with ACLs the file sharing client code needs to
+  sometimes make LSA RPC calls. This code provides an easy interface
+  for doing those calls.  
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/libcli.h"
+#include "libcli/security/security.h"
+#include "librpc/gen_ndr/ndr_lsa.h"
+#include "librpc/gen_ndr/ndr_lsa_c.h"
+#include "libcli/util/clilsa.h"
+#include "libcli/smb/smbXcli_base.h"
+
+struct smblsa_state {
+	struct dcerpc_binding_handle *binding_handle;
+	struct smbcli_tree *ipc_tree;
+	struct policy_handle handle;
+};
+
+/*
+  establish the lsa pipe connection
+*/
+static NTSTATUS smblsa_connect(struct smbcli_state *cli)
+{
+	struct smblsa_state *lsa;
+	struct dcerpc_pipe *lsa_pipe;
+	NTSTATUS status;
+	struct lsa_OpenPolicy r;
+	uint16_t system_name = '\\';
+	union smb_tcon tcon;
+	struct lsa_ObjectAttribute attr;
+	struct lsa_QosInfo qos;
+
+	if (cli->lsa != NULL) {
+		return NT_STATUS_OK;
+	}
+
+	lsa = talloc(cli, struct smblsa_state);
+	if (lsa == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	lsa->ipc_tree = smbcli_tree_init(cli->session, lsa, false);
+	if (lsa->ipc_tree == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* connect to IPC$ */
+	tcon.generic.level = RAW_TCON_TCONX;
+	tcon.tconx.in.flags = TCONX_FLAG_EXTENDED_RESPONSE;
+	tcon.tconx.in.flags |= TCONX_FLAG_EXTENDED_SIGNATURES;
+	tcon.tconx.in.password = data_blob(NULL, 0);
+	tcon.tconx.in.path = "ipc$";
+	tcon.tconx.in.device = "IPC";	
+	status = smb_raw_tcon(lsa->ipc_tree, lsa, &tcon);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(lsa);
+		return status;
+	}
+	lsa->ipc_tree->tid = tcon.tconx.out.tid;
+
+	if (tcon.tconx.out.options & SMB_EXTENDED_SIGNATURES) {
+		smb1cli_session_protect_session_key(cli->session->smbXcli);
+	}
+
+	lsa_pipe = dcerpc_pipe_init(lsa, cli->transport->ev);
+	if (lsa_pipe == NULL) {
+		talloc_free(lsa);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* open the LSA pipe */
+	status = dcerpc_pipe_open_smb(lsa_pipe, lsa->ipc_tree, NDR_LSARPC_NAME);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(lsa);
+		return status;
+	}
+
+	/* bind to the LSA pipe */
+	status = dcerpc_bind_auth_none(lsa_pipe, &ndr_table_lsarpc);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(lsa);
+                return status;
+        }
+	lsa->binding_handle = lsa_pipe->binding_handle;
+
+	/* open a lsa policy handle */
+	qos.len = 0;
+	qos.impersonation_level = 2;
+	qos.context_mode = 1;
+	qos.effective_only = 0;
+
+	attr.len = 0;
+	attr.root_dir = NULL;
+	attr.object_name = NULL;
+	attr.attributes = 0;
+	attr.sec_desc = NULL;
+	attr.sec_qos = &qos;
+
+	r.in.system_name = &system_name;
+	r.in.attr = &attr;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.handle = &lsa->handle;
+
+	status = dcerpc_lsa_OpenPolicy_r(lsa->binding_handle, lsa, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(lsa);
+		return status;
+	}
+
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		talloc_free(lsa);
+		return r.out.result;
+	}
+
+	cli->lsa = lsa;
+	
+	return NT_STATUS_OK;
+}
+
+
+static NTSTATUS smb2lsa_connect(struct smb2_tree *tree)
+{
+	struct smb2lsa_state *lsa = NULL;
+	struct dcerpc_pipe *lsa_pipe = NULL;
+	NTSTATUS status;
+	struct lsa_OpenPolicy2 r = {{0}, {0}};
+	const char *system_name = "\\";
+	struct lsa_ObjectAttribute attr = {0};
+	struct lsa_QosInfo qos = {0};
+
+	if (tree->lsa != NULL) {
+		return NT_STATUS_OK;
+	}
+
+	lsa = talloc(tree, struct smb2lsa_state);
+	if (lsa == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	lsa_pipe = dcerpc_pipe_init(lsa, tree->session->transport->ev);
+	if (lsa_pipe == NULL) {
+		talloc_free(lsa);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* open the LSA pipe */
+	status = dcerpc_pipe_open_smb2(lsa_pipe, tree, NDR_LSARPC_NAME);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(lsa);
+		return status;
+	}
+
+	/* bind to the LSA pipe */
+	status = dcerpc_bind_auth_none(lsa_pipe, &ndr_table_lsarpc);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(lsa);
+		return status;
+	}
+	lsa->binding_handle = lsa_pipe->binding_handle;
+
+	/* open a lsa policy handle */
+	qos.len = 0;
+	qos.impersonation_level = 2;
+	qos.context_mode = 1;
+	qos.effective_only = 0;
+
+	attr.len = 0;
+	attr.root_dir = NULL;
+	attr.object_name = NULL;
+	attr.attributes = 0;
+	attr.sec_desc = NULL;
+	attr.sec_qos = &qos;
+
+	r.in.system_name = system_name;
+	r.in.attr = &attr;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.handle = &lsa->handle;
+
+	status = dcerpc_lsa_OpenPolicy2_r(lsa->binding_handle, lsa, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(lsa);
+		return status;
+	}
+
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		talloc_free(lsa);
+		return r.out.result;
+	}
+
+	tree->lsa = lsa;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  return the set of privileges for the given sid
+*/
+NTSTATUS smblsa_sid_privileges(struct smbcli_state *cli, struct dom_sid *sid, 
+			       TALLOC_CTX *mem_ctx,
+			       struct lsa_RightSet *rights)
+{
+	NTSTATUS status;
+	struct lsa_EnumAccountRights r;
+
+	status = smblsa_connect(cli);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	r.in.handle = &cli->lsa->handle;
+	r.in.sid = sid;
+	r.out.rights = rights;
+
+	status = dcerpc_lsa_EnumAccountRights_r(cli->lsa->binding_handle, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	return r.out.result;
+}
+
+
+NTSTATUS smb2lsa_sid_privileges(struct smb2_tree *tree, struct dom_sid *sid,
+				TALLOC_CTX *mem_ctx,
+				struct lsa_RightSet *rights)
+{
+	NTSTATUS status;
+	struct lsa_EnumAccountRights r = {{0}, {0}};
+
+	status = smb2lsa_connect(tree);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	r.in.handle = &tree->lsa->handle;
+	r.in.sid = sid;
+	r.out.rights = rights;
+
+	status = dcerpc_lsa_EnumAccountRights_r(tree->lsa->binding_handle, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	return r.out.result;
+}
+
+
+/*
+  check if a named sid has a particular named privilege
+*/
+NTSTATUS smblsa_sid_check_privilege(struct smbcli_state *cli, 
+				    const char *sid_str,
+				    const char *privilege)
+{
+	struct lsa_RightSet rights;
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(cli);
+	struct dom_sid *sid;
+	unsigned i;
+
+	sid = dom_sid_parse_talloc(mem_ctx, sid_str);
+	if (sid == NULL) {
+		talloc_free(mem_ctx);
+		return NT_STATUS_INVALID_SID;
+	}
+
+	status = smblsa_sid_privileges(cli, sid, mem_ctx, &rights);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(mem_ctx);
+		return status;
+	}
+
+	for (i=0;i<rights.count;i++) {
+		if (strcmp(rights.names[i].string, privilege) == 0) {
+			talloc_free(mem_ctx);
+			return NT_STATUS_OK;
+		}
+	}
+
+	talloc_free(mem_ctx);
+	return NT_STATUS_NOT_FOUND;
+}
+
+
+NTSTATUS smb2lsa_sid_check_privilege(struct smb2_tree *tree,
+				     const char *sid_str,
+				     const char *privilege)
+{
+	struct lsa_RightSet rights = {0};
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = NULL;
+	struct dom_sid *sid = NULL;
+	unsigned i;
+
+	mem_ctx = talloc_new(tree);
+	if (!mem_ctx) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	sid = dom_sid_parse_talloc(mem_ctx, sid_str);
+	if (sid == NULL) {
+		talloc_free(mem_ctx);
+		return NT_STATUS_INVALID_SID;
+	}
+
+	status = smb2lsa_sid_privileges(tree, sid, mem_ctx, &rights);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(mem_ctx);
+		return status;
+	}
+
+	for (i=0;i<rights.count;i++) {
+		if (strcmp(rights.names[i].string, privilege) == 0) {
+			talloc_free(mem_ctx);
+			return NT_STATUS_OK;
+		}
+	}
+
+	talloc_free(mem_ctx);
+	return NT_STATUS_NOT_FOUND;
+}
+
+
+/*
+  lookup a SID, returning its name
+*/
+NTSTATUS smblsa_lookup_sid(struct smbcli_state *cli, 
+			   const char *sid_str,
+			   TALLOC_CTX *mem_ctx,
+			   const char **name)
+{
+	struct lsa_LookupSids r;
+	struct lsa_TransNameArray names;
+	struct lsa_SidArray sids;
+	struct lsa_RefDomainList *domains = NULL;
+	uint32_t count = 1;
+	NTSTATUS status;
+	struct dom_sid *sid;
+	TALLOC_CTX *mem_ctx2 = talloc_new(mem_ctx);
+
+	status = smblsa_connect(cli);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	sid = dom_sid_parse_talloc(mem_ctx2, sid_str);
+	if (sid == NULL) {
+		return NT_STATUS_INVALID_SID;
+	}
+
+	names.count = 0;
+	names.names = NULL;
+
+	sids.num_sids = 1;
+	sids.sids = talloc(mem_ctx2, struct lsa_SidPtr);
+	sids.sids[0].sid = sid;
+
+	r.in.handle = &cli->lsa->handle;
+	r.in.sids = &sids;
+	r.in.names = &names;
+	r.in.level = 1;
+	r.in.count = &count;
+	r.out.count = &count;
+	r.out.names = &names;
+	r.out.domains = &domains;
+
+	status = dcerpc_lsa_LookupSids_r(cli->lsa->binding_handle, mem_ctx2, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(mem_ctx2);
+		return status;
+	}
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		talloc_free(mem_ctx2);
+		return r.out.result;
+	}
+	if (names.count != 1) {
+		talloc_free(mem_ctx2);
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	}
+	if (domains == NULL) {
+		talloc_free(mem_ctx2);
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	}
+	if (domains->count != 1) {
+		talloc_free(mem_ctx2);
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	}
+	if (names.names[0].sid_index != UINT32_MAX &&
+	    names.names[0].sid_index >= domains->count)
+	{
+		talloc_free(mem_ctx2);
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	}
+
+	(*name) = talloc_asprintf(mem_ctx, "%s\\%s", 
+				  domains->domains[0].name.string,
+				  names.names[0].name.string);
+
+	talloc_free(mem_ctx2);
+
+	return NT_STATUS_OK;	
+}
+
+/*
+  lookup a name, returning its sid
+*/
+NTSTATUS smblsa_lookup_name(struct smbcli_state *cli, 
+			    const char *name,
+			    TALLOC_CTX *mem_ctx,
+			    const char **sid_str)
+{
+	struct lsa_LookupNames r;
+	struct lsa_TransSidArray sids;
+	struct lsa_String names;
+	struct lsa_RefDomainList *domains = NULL;
+	uint32_t count = 1;
+	NTSTATUS status;
+	struct dom_sid sid;
+	TALLOC_CTX *mem_ctx2 = talloc_new(mem_ctx);
+
+	status = smblsa_connect(cli);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	sids.count = 0;
+	sids.sids = NULL;
+
+	names.string = name;
+
+	r.in.handle = &cli->lsa->handle;
+	r.in.num_names = 1;
+	r.in.names = &names;
+	r.in.sids = &sids;
+	r.in.level = 1;
+	r.in.count = &count;
+	r.out.count = &count;
+	r.out.sids = &sids;
+	r.out.domains = &domains;
+
+	status = dcerpc_lsa_LookupNames_r(cli->lsa->binding_handle, mem_ctx2, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(mem_ctx2);
+		return status;
+	}
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		talloc_free(mem_ctx2);
+		return r.out.result;
+	}
+	if (sids.count != 1) {
+		talloc_free(mem_ctx2);
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	}
+	if (domains->count != 1) {
+		talloc_free(mem_ctx2);
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	}
+
+	sid_compose(&sid, domains->domains[0].sid, sids.sids[0].rid);
+
+	(*sid_str) = dom_sid_string(mem_ctx, &sid);
+
+	talloc_free(mem_ctx2);
+
+	return NT_STATUS_OK;	
+}
+
+
+/*
+  add a set of privileges to the given sid
+*/
+NTSTATUS smblsa_sid_add_privileges(struct smbcli_state *cli, struct dom_sid *sid, 
+				   TALLOC_CTX *mem_ctx,
+				   struct lsa_RightSet *rights)
+{
+	NTSTATUS status;
+	struct lsa_AddAccountRights r;
+
+	status = smblsa_connect(cli);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	r.in.handle = &cli->lsa->handle;
+	r.in.sid = sid;
+	r.in.rights = rights;
+
+	status = dcerpc_lsa_AddAccountRights_r(cli->lsa->binding_handle, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	return r.out.result;
+}
+
+/*
+  remove a set of privileges from the given sid
+*/
+NTSTATUS smblsa_sid_del_privileges(struct smbcli_state *cli, struct dom_sid *sid, 
+				   TALLOC_CTX *mem_ctx,
+				   struct lsa_RightSet *rights)
+{
+	NTSTATUS status;
+	struct lsa_RemoveAccountRights r;
+
+	status = smblsa_connect(cli);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	r.in.handle = &cli->lsa->handle;
+	r.in.sid = sid;
+	r.in.remove_all = 0;
+	r.in.rights = rights;
+
+	status = dcerpc_lsa_RemoveAccountRights_r(cli->lsa->binding_handle, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	return r.out.result;
+}
diff --git a/source4/libcli/util/pyerrors.h b/source4/libcli/util/pyerrors.h
new file mode 100644
index 0000000..69110ca
--- /dev/null
+++ b/source4/libcli/util/pyerrors.h
@@ -0,0 +1,79 @@
+/*
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __PYERRORS_H__
+#define __PYERRORS_H__
+
+#define PyErr_FromWERROR(err) Py_BuildValue("(k,s)", (unsigned long)(W_ERROR_V(err)), discard_const_p(char, win_errstr(err)))
+
+#define PyErr_FromHRESULT(err) Py_BuildValue("(k,s)", (unsigned long)(HRES_ERROR_V(err)), discard_const_p(char, hresult_errstr_const(err)))
+
+#define PyErr_FromNTSTATUS(status) Py_BuildValue("(k,s)", (unsigned long)(NT_STATUS_V(status)), discard_const_p(char, get_friendly_nt_error_msg(status)))
+
+#define PyErr_FromString(str) Py_BuildValue("(s)", discard_const_p(char, str))
+
+#define PyErr_SetWERROR(werr) \
+        PyErr_SetObject(PyObject_GetAttrString(PyImport_ImportModule("samba"),\
+					       "WERRORError"),	\
+			PyErr_FromWERROR(werr))
+
+#define PyErr_SetHRESULT(hresult) \
+        PyErr_SetObject(PyObject_GetAttrString(PyImport_ImportModule("samba"),\
+					       "HRESULTError"),	\
+			PyErr_FromHRESULT(hresult))
+
+#define PyErr_SetNTSTATUS(status) \
+        PyErr_SetObject(PyObject_GetAttrString(PyImport_ImportModule("samba"),\
+					       "NTSTATUSError"),	\
+			PyErr_FromNTSTATUS(status))
+
+#define PyErr_SetWERROR_and_string(werr, string) \
+        PyErr_SetObject(PyObject_GetAttrString(PyImport_ImportModule("samba"),\
+					       "WERRORError"),	\
+			Py_BuildValue("(k,s)", (unsigned long)(W_ERROR_V(werr)), string))
+
+#define PyErr_SetHRESULT_and_string(hresult, string) \
+        PyErr_SetObject(PyObject_GetAttrString(PyImport_ImportModule("samba"),\
+					       "HRESULTError"),	\
+			Py_BuildValue("(k,s)", (unsigned long)(HRES_ERROR_V(hresult)), string))
+
+#define PyErr_SetNTSTATUS_and_string(status, string)				\
+        PyErr_SetObject(PyObject_GetAttrString(PyImport_ImportModule("samba"),\
+					       "NTSTATUSError"),	\
+			Py_BuildValue("(k,s)", (unsigned long)(NT_STATUS_V(status)), string))
+
+#define PyErr_NTSTATUS_IS_ERR_RAISE(status) \
+	if (NT_STATUS_IS_ERR(status)) { \
+		PyErr_SetNTSTATUS(status); \
+		return NULL; \
+	}
+
+#define PyErr_NTSTATUS_NOT_OK_RAISE(status) \
+	if (!NT_STATUS_IS_OK(status)) { \
+		PyErr_SetNTSTATUS(status); \
+		return NULL; \
+	}
+
+#define PyErr_WERROR_NOT_OK_RAISE(status) \
+	if (!W_ERROR_IS_OK(status)) { \
+		PyErr_SetWERROR(status); \
+		return NULL; \
+	}
+
+#endif /* __PYERRORS_H__ */
diff --git a/source4/libcli/wbclient/wbclient.c b/source4/libcli/wbclient/wbclient.c
new file mode 100644
index 0000000..69d8b43
--- /dev/null
+++ b/source4/libcli/wbclient/wbclient.c
@@ -0,0 +1,193 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Winbind client library.
+
+   Copyright (C) 2008 Kai Blin  <kai@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <tevent.h>
+#include "nsswitch/winbind_client.h"
+#include "libcli/wbclient/wbclient.h"
+#include "libcli/security/dom_sid.h"
+#include "nsswitch/libwbclient/wbclient.h"
+
+NTSTATUS wbc_sids_to_xids(struct id_map *ids, uint32_t count)
+{
+	TALLOC_CTX *mem_ctx;
+	uint32_t i;
+	struct wbcDomainSid *sids;
+	struct wbcUnixId *xids;
+	wbcErr result;
+	bool wb_off;
+
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	sids = talloc_array(mem_ctx, struct wbcDomainSid, count);
+	if (sids == NULL) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	xids = talloc_array(mem_ctx, struct wbcUnixId, count);
+	if (xids == NULL) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i=0; i<count; i++) {
+		memcpy(&sids[i], ids[i].sid, sizeof(struct dom_sid));
+	}
+
+	wb_off = winbind_env_set();
+	if (wb_off) {
+		(void)winbind_on();
+	}
+
+	result = wbcSidsToUnixIds(sids, count, xids);
+
+	if (wb_off) {
+		(void)winbind_off();
+	}
+
+	if (!WBC_ERROR_IS_OK(result)) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	for (i=0; i<count; i++) {
+		struct wbcUnixId *xid = &xids[i];
+		struct unixid *id = &ids[i].xid;
+
+		switch (xid->type) {
+		    case WBC_ID_TYPE_UID:
+			id->type = ID_TYPE_UID;
+			id->id = xid->id.uid;
+			break;
+		    case WBC_ID_TYPE_GID:
+			id->type = ID_TYPE_GID;
+			id->id = xid->id.gid;
+			break;
+		    case WBC_ID_TYPE_BOTH:
+			id->type = ID_TYPE_BOTH;
+			id->id = xid->id.uid;
+			break;
+		    case WBC_ID_TYPE_NOT_SPECIFIED:
+			id->type = ID_TYPE_NOT_SPECIFIED;
+			id->id = UINT32_MAX;
+			break;
+		}
+		ids[i].status = ID_MAPPED;
+	}
+
+	TALLOC_FREE(mem_ctx);
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS wbc_xids_to_sids(struct id_map *ids, uint32_t count)
+{
+	TALLOC_CTX *mem_ctx;
+	uint32_t i;
+	struct wbcDomainSid *sids;
+	struct wbcUnixId *xids;
+	wbcErr result;
+	bool wb_off;
+
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	sids = talloc_array(mem_ctx, struct wbcDomainSid, count);
+	if (sids == NULL) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	xids = talloc_array(mem_ctx, struct wbcUnixId, count);
+	if (xids == NULL) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i=0; i<count; i++) {
+		struct id_map *id = &ids[i];
+		struct wbcUnixId *xid = &xids[i];
+
+		switch (id->xid.type) {
+		    case ID_TYPE_UID:
+			    *xid = (struct wbcUnixId) {
+				    .type = WBC_ID_TYPE_UID,
+				    .id.uid = id->xid.id
+			    };
+			    break;
+		    case ID_TYPE_GID:
+			    *xid = (struct wbcUnixId) {
+				    .type = WBC_ID_TYPE_GID,
+				    .id.uid = id->xid.id
+			    };
+			    break;
+		    default:
+			    TALLOC_FREE(mem_ctx);
+			    return NT_STATUS_NOT_FOUND;
+		}
+	}
+
+	wb_off = winbind_env_set();
+	if (wb_off) {
+		(void)winbind_on();
+	}
+
+	result = wbcUnixIdsToSids(xids, count, sids);
+
+	if (wb_off) {
+		(void)winbind_off();
+	}
+
+	if (!WBC_ERROR_IS_OK(result)) {
+		TALLOC_FREE(mem_ctx);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	for (i=0; i<count; i++) {
+		struct wbcDomainSid *sid = &sids[i];
+		struct wbcDomainSid null_sid = { 0 };
+		struct id_map *id = &ids[i];
+
+		if (memcmp(sid, &null_sid, sizeof(*sid)) != 0) {
+			struct dom_sid domsid;
+			id->status = ID_MAPPED;
+
+			memcpy(&domsid, sid, sizeof(struct dom_sid));
+			id->sid = dom_sid_dup(ids, &domsid);
+			if (id->sid == NULL) {
+				TALLOC_FREE(mem_ctx);
+				return NT_STATUS_NO_MEMORY;
+			}
+		} else {
+			id->status = ID_UNMAPPED;
+			id->sid = NULL;
+		}
+	}
+
+	TALLOC_FREE(mem_ctx);
+	return NT_STATUS_OK;
+}
diff --git a/source4/libcli/wbclient/wbclient.h b/source4/libcli/wbclient/wbclient.h
new file mode 100644
index 0000000..6334428
--- /dev/null
+++ b/source4/libcli/wbclient/wbclient.h
@@ -0,0 +1,25 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Winbind client library.
+
+   Copyright (C) 2008 Kai Blin  <kai@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+#include "librpc/gen_ndr/idmap.h"
+
+NTSTATUS wbc_sids_to_xids(struct id_map *ids, uint32_t count);
+
+NTSTATUS wbc_xids_to_sids(struct id_map *ids, uint32_t count);
diff --git a/source4/libcli/wbclient/wscript_build b/source4/libcli/wbclient/wscript_build
new file mode 100644
index 0000000..679a281
--- /dev/null
+++ b/source4/libcli/wbclient/wscript_build
@@ -0,0 +1,10 @@
+#!/usr/bin/env python
+
+bld.SAMBA_LIBRARY('LIBWBCLIENT_OLD',
+                  source='wbclient.c',
+                  public_deps='samba-errors events wbclient',
+                  cflags='-DWINBINDD_SOCKET_DIR=\"%s\"' % bld.env.WINBINDD_SOCKET_DIR,
+                  deps='WB_REQTRANS NDR_WINBIND MESSAGING RPC_NDR_WINBIND',
+                  private_library=True
+	)
+
diff --git a/source4/libcli/wrepl/winsrepl.c b/source4/libcli/wrepl/winsrepl.c
new file mode 100644
index 0000000..cf6c1f1
--- /dev/null
+++ b/source4/libcli/wrepl/winsrepl.c
@@ -0,0 +1,1174 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   low level WINS replication client code
+
+   Copyright (C) Andrew Tridgell 2005
+   Copyright (C) Stefan Metzmacher 2005-2010
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include "../lib/util/dlinklist.h"
+#include "libcli/wrepl/winsrepl.h"
+#include "librpc/gen_ndr/ndr_winsrepl.h"
+#include "lib/stream/packet.h"
+#include "system/network.h"
+#include "lib/socket/netif.h"
+#include "param/param.h"
+#include "lib/util/tevent_ntstatus.h"
+#include "lib/tsocket/tsocket.h"
+#include "libcli/util/tstream.h"
+
+/*
+  main context structure for the wins replication client library
+*/
+struct wrepl_socket {
+	struct {
+		struct tevent_context *ctx;
+	} event;
+
+	/* the default timeout for requests, 0 means no timeout */
+#define WREPL_SOCKET_REQUEST_TIMEOUT	(60)
+	uint32_t request_timeout;
+
+	struct tevent_queue *request_queue;
+
+	struct tstream_context *stream;
+};
+
+bool wrepl_socket_is_connected(struct wrepl_socket *wrepl_sock)
+{
+	if (!wrepl_sock) {
+		return false;
+	}
+
+	if (!wrepl_sock->stream) {
+		return false;
+	}
+
+	return true;
+}
+
+/*
+  initialise a wrepl_socket. The event_ctx is optional, if provided then
+  operations will use that event context
+*/
+struct wrepl_socket *wrepl_socket_init(TALLOC_CTX *mem_ctx,
+				       struct tevent_context *event_ctx)
+{
+	struct wrepl_socket *wrepl_socket;
+
+	wrepl_socket = talloc_zero(mem_ctx, struct wrepl_socket);
+	if (!wrepl_socket) {
+		return NULL;
+	}
+
+	wrepl_socket->event.ctx = event_ctx;
+	if (!wrepl_socket->event.ctx) {
+		goto failed;
+	}
+
+	wrepl_socket->request_queue = tevent_queue_create(wrepl_socket,
+							  "wrepl request queue");
+	if (wrepl_socket->request_queue == NULL) {
+		goto failed;
+	}
+
+	wrepl_socket->request_timeout	= WREPL_SOCKET_REQUEST_TIMEOUT;
+
+	return wrepl_socket;
+
+failed:
+	talloc_free(wrepl_socket);
+	return NULL;
+}
+
+/*
+  initialise a wrepl_socket from an already existing connection
+*/
+NTSTATUS wrepl_socket_donate_stream(struct wrepl_socket *wrepl_socket,
+				    struct tstream_context **stream)
+{
+	if (wrepl_socket->stream) {
+		return NT_STATUS_CONNECTION_ACTIVE;
+	}
+
+	wrepl_socket->stream = talloc_move(wrepl_socket, stream);
+	/* as client we want to drain the recv queue on error */
+	tstream_bsd_fail_readv_first_error(wrepl_socket->stream, false);
+	return NT_STATUS_OK;
+}
+
+/*
+  initialise a wrepl_socket from an already existing connection
+*/
+NTSTATUS wrepl_socket_split_stream(struct wrepl_socket *wrepl_socket,
+				   TALLOC_CTX *mem_ctx,
+				   struct tstream_context **stream)
+{
+	size_t num_requests;
+
+	if (!wrepl_socket->stream) {
+		return NT_STATUS_CONNECTION_INVALID;
+	}
+
+	num_requests = tevent_queue_length(wrepl_socket->request_queue);
+	if (num_requests > 0) {
+		return NT_STATUS_CONNECTION_IN_USE;
+	}
+
+	*stream = talloc_move(wrepl_socket, &wrepl_socket->stream);
+	return NT_STATUS_OK;
+}
+
+const char *wrepl_best_ip(struct loadparm_context *lp_ctx, const char *peer_ip)
+{
+	struct interface *ifaces;
+	load_interface_list(lp_ctx, lp_ctx, &ifaces);
+	return iface_list_best_ip(ifaces, peer_ip);
+}
+
+struct wrepl_connect_state {
+	struct {
+		struct wrepl_socket *wrepl_socket;
+		struct tevent_context *ev;
+	} caller;
+	struct tsocket_address *local_address;
+	struct tsocket_address *remote_address;
+	struct tstream_context *stream;
+};
+
+static void wrepl_connect_trigger(struct tevent_req *req,
+				  void *private_date);
+
+struct tevent_req *wrepl_connect_send(TALLOC_CTX *mem_ctx,
+				      struct tevent_context *ev,
+				      struct wrepl_socket *wrepl_socket,
+				      const char *our_ip, const char *peer_ip)
+{
+	struct tevent_req *req;
+	struct wrepl_connect_state *state;
+	int ret;
+	bool ok;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct wrepl_connect_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	state->caller.wrepl_socket = wrepl_socket;
+	state->caller.ev = ev;
+
+	if (wrepl_socket->stream) {
+		tevent_req_nterror(req, NT_STATUS_CONNECTION_ACTIVE);
+		return tevent_req_post(req, ev);
+	}
+
+	ret = tsocket_address_inet_from_strings(state, "ipv4",
+						our_ip, 0,
+						&state->local_address);
+	if (ret != 0) {
+		NTSTATUS status = map_nt_error_from_unix_common(errno);
+		tevent_req_nterror(req, status);
+		return tevent_req_post(req, ev);
+	}
+
+	ret = tsocket_address_inet_from_strings(state, "ipv4",
+						peer_ip, WINS_REPLICATION_PORT,
+						&state->remote_address);
+	if (ret != 0) {
+		NTSTATUS status = map_nt_error_from_unix_common(errno);
+		tevent_req_nterror(req, status);
+		return tevent_req_post(req, ev);
+	}
+
+	ok = tevent_queue_add(wrepl_socket->request_queue,
+			      ev,
+			      req,
+			      wrepl_connect_trigger,
+			      NULL);
+	if (!ok) {
+		tevent_req_oom(req);
+		return tevent_req_post(req, ev);
+	}
+
+	if (wrepl_socket->request_timeout > 0) {
+		struct timeval endtime;
+		endtime = tevent_timeval_current_ofs(wrepl_socket->request_timeout, 0);
+		ok = tevent_req_set_endtime(req, ev, endtime);
+		if (!ok) {
+			return tevent_req_post(req, ev);
+		}
+	}
+
+	return req;
+}
+
+static void wrepl_connect_done(struct tevent_req *subreq);
+
+static void wrepl_connect_trigger(struct tevent_req *req,
+				  void *private_date)
+{
+	struct wrepl_connect_state *state = tevent_req_data(req,
+					    struct wrepl_connect_state);
+	struct tevent_req *subreq;
+
+	subreq = tstream_inet_tcp_connect_send(state,
+					       state->caller.ev,
+					       state->local_address,
+					       state->remote_address);
+	if (tevent_req_nomem(subreq, req)) {
+		return;
+	}
+	tevent_req_set_callback(subreq, wrepl_connect_done, req);
+
+	return;
+}
+
+static void wrepl_connect_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req = tevent_req_callback_data(subreq,
+				 struct tevent_req);
+	struct wrepl_connect_state *state = tevent_req_data(req,
+					    struct wrepl_connect_state);
+	int ret;
+	int sys_errno;
+
+	ret = tstream_inet_tcp_connect_recv(subreq, &sys_errno,
+					    state, &state->stream, NULL);
+	if (ret != 0) {
+		NTSTATUS status = map_nt_error_from_unix_common(sys_errno);
+		tevent_req_nterror(req, status);
+		return;
+	}
+
+	tevent_req_done(req);
+}
+
+/*
+  connect a wrepl_socket to a WINS server - recv side
+*/
+NTSTATUS wrepl_connect_recv(struct tevent_req *req)
+{
+	struct wrepl_connect_state *state = tevent_req_data(req,
+					    struct wrepl_connect_state);
+	struct wrepl_socket *wrepl_socket = state->caller.wrepl_socket;
+	NTSTATUS status;
+
+	if (tevent_req_is_nterror(req, &status)) {
+		tevent_req_received(req);
+		return status;
+	}
+
+	wrepl_socket->stream = talloc_move(wrepl_socket, &state->stream);
+
+	tevent_req_received(req);
+	return NT_STATUS_OK;
+}
+
+/*
+  connect a wrepl_socket to a WINS server - sync API
+*/
+NTSTATUS wrepl_connect(struct wrepl_socket *wrepl_socket,
+		       const char *our_ip, const char *peer_ip)
+{
+	struct tevent_req *subreq;
+	bool ok;
+	NTSTATUS status;
+
+	subreq = wrepl_connect_send(wrepl_socket, wrepl_socket->event.ctx,
+				    wrepl_socket, our_ip, peer_ip);
+	NT_STATUS_HAVE_NO_MEMORY(subreq);
+
+	ok = tevent_req_poll(subreq, wrepl_socket->event.ctx);
+	if (!ok) {
+		TALLOC_FREE(subreq);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	status = wrepl_connect_recv(subreq);
+	TALLOC_FREE(subreq);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	return NT_STATUS_OK;
+}
+
+struct wrepl_request_state {
+	struct {
+		struct wrepl_socket *wrepl_socket;
+		struct tevent_context *ev;
+	} caller;
+	struct wrepl_send_ctrl ctrl;
+	struct {
+		struct wrepl_wrap wrap;
+		DATA_BLOB blob;
+		struct iovec iov;
+	} req;
+	bool one_way;
+	struct {
+		DATA_BLOB blob;
+		struct wrepl_packet *packet;
+	} rep;
+};
+
+static void wrepl_request_trigger(struct tevent_req *req,
+				  void *private_data);
+
+struct tevent_req *wrepl_request_send(TALLOC_CTX *mem_ctx,
+				      struct tevent_context *ev,
+				      struct wrepl_socket *wrepl_socket,
+				      const struct wrepl_packet *packet,
+				      const struct wrepl_send_ctrl *ctrl)
+{
+	struct tevent_req *req;
+	struct wrepl_request_state *state;
+	NTSTATUS status;
+	enum ndr_err_code ndr_err;
+	bool ok;
+
+	if (wrepl_socket->event.ctx != ev) {
+		/* TODO: remove wrepl_socket->event.ctx !!! */
+		smb_panic("wrepl_associate_stop_send event context mismatch!");
+		return NULL;
+	}
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct wrepl_request_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	state->caller.wrepl_socket = wrepl_socket;
+	state->caller.ev = ev;
+
+	if (ctrl) {
+		state->ctrl = *ctrl;
+	}
+
+	if (wrepl_socket->stream == NULL) {
+		tevent_req_nterror(req, NT_STATUS_CONNECTION_DISCONNECTED);
+		return tevent_req_post(req, ev);
+	}
+
+	state->req.wrap.packet = *packet;
+	ndr_err = ndr_push_struct_blob(&state->req.blob, state,
+				       &state->req.wrap,
+				       (ndr_push_flags_fn_t)ndr_push_wrepl_wrap);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		status = ndr_map_error2ntstatus(ndr_err);
+		tevent_req_nterror(req, status);
+		return tevent_req_post(req, ev);
+	}
+
+	state->req.iov.iov_base = (char *) state->req.blob.data;
+	state->req.iov.iov_len = state->req.blob.length;
+
+	ok = tevent_queue_add(wrepl_socket->request_queue,
+			      ev,
+			      req,
+			      wrepl_request_trigger,
+			      NULL);
+	if (!ok) {
+		tevent_req_oom(req);
+		return tevent_req_post(req, ev);
+	}
+
+	if (wrepl_socket->request_timeout > 0) {
+		struct timeval endtime;
+		endtime = tevent_timeval_current_ofs(wrepl_socket->request_timeout, 0);
+		ok = tevent_req_set_endtime(req, ev, endtime);
+		if (!ok) {
+			return tevent_req_post(req, ev);
+		}
+	}
+
+	return req;
+}
+
+static void wrepl_request_writev_done(struct tevent_req *subreq);
+
+static void wrepl_request_trigger(struct tevent_req *req,
+				  void *private_data)
+{
+	struct wrepl_request_state *state = tevent_req_data(req,
+					    struct wrepl_request_state);
+	struct tevent_req *subreq;
+
+	if (state->caller.wrepl_socket->stream == NULL) {
+		tevent_req_nterror(req, NT_STATUS_CONNECTION_DISCONNECTED);
+		return;
+	}
+
+	if (DEBUGLVL(10)) {
+		DEBUG(10,("Sending WINS packet of length %u\n",
+			  (unsigned)state->req.blob.length));
+		NDR_PRINT_DEBUG(wrepl_packet, &state->req.wrap.packet);
+	}
+
+	subreq = tstream_writev_send(state,
+				     state->caller.ev,
+				     state->caller.wrepl_socket->stream,
+				     &state->req.iov, 1);
+	if (tevent_req_nomem(subreq, req)) {
+		return;
+	}
+	tevent_req_set_callback(subreq, wrepl_request_writev_done, req);
+}
+
+static void wrepl_request_disconnect_done(struct tevent_req *subreq);
+static void wrepl_request_read_pdu_done(struct tevent_req *subreq);
+
+static void wrepl_request_writev_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req = tevent_req_callback_data(subreq,
+				 struct tevent_req);
+	struct wrepl_request_state *state = tevent_req_data(req,
+					    struct wrepl_request_state);
+	int ret;
+	int sys_errno;
+
+	ret = tstream_writev_recv(subreq, &sys_errno);
+	TALLOC_FREE(subreq);
+	if (ret == -1) {
+		NTSTATUS status = map_nt_error_from_unix_common(sys_errno);
+		TALLOC_FREE(state->caller.wrepl_socket->stream);
+		tevent_req_nterror(req, status);
+		return;
+	}
+
+	if (state->caller.wrepl_socket->stream == NULL) {
+		tevent_req_nterror(req, NT_STATUS_CONNECTION_DISCONNECTED);
+		return;
+	}
+
+	if (state->ctrl.disconnect_after_send) {
+		subreq = tstream_disconnect_send(state,
+						 state->caller.ev,
+						 state->caller.wrepl_socket->stream);
+		if (tevent_req_nomem(subreq, req)) {
+			return;
+		}
+		tevent_req_set_callback(subreq, wrepl_request_disconnect_done, req);
+		return;
+	}
+
+	if (state->ctrl.send_only) {
+		tevent_req_done(req);
+		return;
+	}
+
+	subreq = tstream_read_pdu_blob_send(state,
+					    state->caller.ev,
+					    state->caller.wrepl_socket->stream,
+					    4, /* initial_read_size */
+					    tstream_full_request_u32,
+					    NULL);
+	if (tevent_req_nomem(subreq, req)) {
+		return;
+	}
+	tevent_req_set_callback(subreq, wrepl_request_read_pdu_done, req);
+}
+
+static void wrepl_request_disconnect_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req = tevent_req_callback_data(subreq,
+				 struct tevent_req);
+	struct wrepl_request_state *state = tevent_req_data(req,
+					    struct wrepl_request_state);
+	int ret;
+	int sys_errno;
+
+	ret = tstream_disconnect_recv(subreq, &sys_errno);
+	TALLOC_FREE(subreq);
+	if (ret == -1) {
+		NTSTATUS status = map_nt_error_from_unix_common(sys_errno);
+		TALLOC_FREE(state->caller.wrepl_socket->stream);
+		tevent_req_nterror(req, status);
+		return;
+	}
+
+	DEBUG(10,("WINS connection disconnected\n"));
+	TALLOC_FREE(state->caller.wrepl_socket->stream);
+
+	tevent_req_done(req);
+}
+
+static void wrepl_request_read_pdu_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req = tevent_req_callback_data(subreq,
+				 struct tevent_req);
+	struct wrepl_request_state *state = tevent_req_data(req,
+					    struct wrepl_request_state);
+	NTSTATUS status;
+	DATA_BLOB blob;
+	enum ndr_err_code ndr_err;
+
+	status = tstream_read_pdu_blob_recv(subreq, state, &state->rep.blob);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(state->caller.wrepl_socket->stream);
+		tevent_req_nterror(req, status);
+		return;
+	}
+
+	state->rep.packet = talloc(state, struct wrepl_packet);
+	if (tevent_req_nomem(state->rep.packet, req)) {
+		return;
+	}
+
+	blob.data = state->rep.blob.data + 4;
+	blob.length = state->rep.blob.length - 4;
+
+	/* we have a full request - parse it */
+	ndr_err = ndr_pull_struct_blob(&blob,
+				       state->rep.packet,
+				       state->rep.packet,
+				       (ndr_pull_flags_fn_t)ndr_pull_wrepl_packet);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		status = ndr_map_error2ntstatus(ndr_err);
+		tevent_req_nterror(req, status);
+		return;
+	}
+
+	if (DEBUGLVL(10)) {
+		DEBUG(10,("Received WINS packet of length %u\n",
+			  (unsigned)state->rep.blob.length));
+		NDR_PRINT_DEBUG(wrepl_packet, state->rep.packet);
+	}
+
+	tevent_req_done(req);
+}
+
+NTSTATUS wrepl_request_recv(struct tevent_req *req,
+			    TALLOC_CTX *mem_ctx,
+			    struct wrepl_packet **packet)
+{
+	struct wrepl_request_state *state = tevent_req_data(req,
+					    struct wrepl_request_state);
+	NTSTATUS status;
+
+	if (tevent_req_is_nterror(req, &status)) {
+		TALLOC_FREE(state->caller.wrepl_socket->stream);
+		tevent_req_received(req);
+		return status;
+	}
+
+	if (packet) {
+		*packet = talloc_move(mem_ctx, &state->rep.packet);
+	}
+
+	tevent_req_received(req);
+	return NT_STATUS_OK;
+}
+
+/*
+  a full WINS replication request/response
+*/
+NTSTATUS wrepl_request(struct wrepl_socket *wrepl_socket,
+		       TALLOC_CTX *mem_ctx,
+		       const struct wrepl_packet *req_packet,
+		       struct wrepl_packet **reply_packet)
+{
+	struct tevent_req *subreq;
+	bool ok;
+	NTSTATUS status;
+
+	subreq = wrepl_request_send(mem_ctx, wrepl_socket->event.ctx,
+				    wrepl_socket, req_packet, NULL);
+	NT_STATUS_HAVE_NO_MEMORY(subreq);
+
+	ok = tevent_req_poll(subreq, wrepl_socket->event.ctx);
+	if (!ok) {
+		TALLOC_FREE(subreq);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	status = wrepl_request_recv(subreq, mem_ctx, reply_packet);
+	TALLOC_FREE(subreq);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	return NT_STATUS_OK;
+}
+
+
+struct wrepl_associate_state {
+	struct wrepl_packet packet;
+	uint32_t assoc_ctx;
+	uint16_t major_version;
+};
+
+static void wrepl_associate_done(struct tevent_req *subreq);
+
+struct tevent_req *wrepl_associate_send(TALLOC_CTX *mem_ctx,
+					struct tevent_context *ev,
+					struct wrepl_socket *wrepl_socket,
+					const struct wrepl_associate *io)
+{
+	struct tevent_req *req;
+	struct wrepl_associate_state *state;
+	struct tevent_req *subreq;
+
+	if (wrepl_socket->event.ctx != ev) {
+		/* TODO: remove wrepl_socket->event.ctx !!! */
+		smb_panic("wrepl_associate_send event context mismatch!");
+		return NULL;
+	}
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct wrepl_associate_state);
+	if (req == NULL) {
+		return NULL;
+	};
+
+	state->packet.opcode				= WREPL_OPCODE_BITS;
+	state->packet.mess_type				= WREPL_START_ASSOCIATION;
+	state->packet.message.start.minor_version	= 2;
+	state->packet.message.start.major_version	= 5;
+
+	/*
+	 * nt4 uses 41 bytes for the start_association call
+	 * so do it the same and as we don't know the meanings of these bytes
+	 * we just send zeros and nt4, w2k and w2k3 seems to be happy with this
+	 *
+	 * if we don't do this nt4 uses an old version of the wins replication protocol
+	 * and that would break nt4 <-> samba replication
+	 */
+	state->packet.padding	= data_blob_talloc(state, NULL, 21);
+	if (tevent_req_nomem(state->packet.padding.data, req)) {
+		return tevent_req_post(req, ev);
+	}
+	memset(state->packet.padding.data, 0, state->packet.padding.length);
+
+	subreq = wrepl_request_send(state, ev, wrepl_socket, &state->packet, NULL);
+	if (tevent_req_nomem(subreq, req)) {
+		return tevent_req_post(req, ev);
+	}
+	tevent_req_set_callback(subreq, wrepl_associate_done, req);
+
+	return req;
+}
+
+static void wrepl_associate_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req = tevent_req_callback_data(subreq,
+				 struct tevent_req);
+	struct wrepl_associate_state *state = tevent_req_data(req,
+					      struct wrepl_associate_state);
+	NTSTATUS status;
+	struct wrepl_packet *packet;
+
+	status = wrepl_request_recv(subreq, state, &packet);
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(status)) {
+		tevent_req_nterror(req, status);
+		return;
+	}
+
+	if (packet->mess_type != WREPL_START_ASSOCIATION_REPLY) {
+		tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+		return;
+	}
+
+	state->assoc_ctx = packet->message.start_reply.assoc_ctx;
+	state->major_version = packet->message.start_reply.major_version;
+
+	tevent_req_done(req);
+}
+
+/*
+  setup an association - recv
+*/
+NTSTATUS wrepl_associate_recv(struct tevent_req *req,
+			      struct wrepl_associate *io)
+{
+	struct wrepl_associate_state *state = tevent_req_data(req,
+					      struct wrepl_associate_state);
+	NTSTATUS status;
+
+	if (tevent_req_is_nterror(req, &status)) {
+		tevent_req_received(req);
+		return status;
+	}
+
+	io->out.assoc_ctx = state->assoc_ctx;
+	io->out.major_version = state->major_version;
+
+	tevent_req_received(req);
+	return NT_STATUS_OK;
+}
+
+/*
+  setup an association - sync api
+*/
+NTSTATUS wrepl_associate(struct wrepl_socket *wrepl_socket,
+			 struct wrepl_associate *io)
+{
+	struct tevent_req *subreq;
+	bool ok;
+	NTSTATUS status;
+
+	subreq = wrepl_associate_send(wrepl_socket, wrepl_socket->event.ctx,
+				      wrepl_socket, io);
+	NT_STATUS_HAVE_NO_MEMORY(subreq);
+
+	ok = tevent_req_poll(subreq, wrepl_socket->event.ctx);
+	if (!ok) {
+		TALLOC_FREE(subreq);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	status = wrepl_associate_recv(subreq, io);
+	TALLOC_FREE(subreq);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	return NT_STATUS_OK;
+}
+
+struct wrepl_associate_stop_state {
+	struct wrepl_packet packet;
+	struct wrepl_send_ctrl ctrl;
+};
+
+static void wrepl_associate_stop_done(struct tevent_req *subreq);
+
+struct tevent_req *wrepl_associate_stop_send(TALLOC_CTX *mem_ctx,
+					     struct tevent_context *ev,
+					     struct wrepl_socket *wrepl_socket,
+					     const struct wrepl_associate_stop *io)
+{
+	struct tevent_req *req;
+	struct wrepl_associate_stop_state *state;
+	struct tevent_req *subreq;
+
+	if (wrepl_socket->event.ctx != ev) {
+		/* TODO: remove wrepl_socket->event.ctx !!! */
+		smb_panic("wrepl_associate_stop_send event context mismatch!");
+		return NULL;
+	}
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct wrepl_associate_stop_state);
+	if (req == NULL) {
+		return NULL;
+	};
+
+	state->packet.opcode			= WREPL_OPCODE_BITS;
+	state->packet.assoc_ctx			= io->in.assoc_ctx;
+	state->packet.mess_type			= WREPL_STOP_ASSOCIATION;
+	state->packet.message.stop.reason	= io->in.reason;
+
+	if (io->in.reason == 0) {
+		state->ctrl.send_only			= true;
+		state->ctrl.disconnect_after_send	= true;
+	}
+
+	subreq = wrepl_request_send(state, ev, wrepl_socket, &state->packet, &state->ctrl);
+	if (tevent_req_nomem(subreq, req)) {
+		return tevent_req_post(req, ev);
+	}
+	tevent_req_set_callback(subreq, wrepl_associate_stop_done, req);
+
+	return req;
+}
+
+static void wrepl_associate_stop_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req = tevent_req_callback_data(subreq,
+				 struct tevent_req);
+	struct wrepl_associate_stop_state *state = tevent_req_data(req,
+						   struct wrepl_associate_stop_state);
+	NTSTATUS status;
+
+	/* currently we don't care about a possible response */
+	status = wrepl_request_recv(subreq, state, NULL);
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(status)) {
+		tevent_req_nterror(req, status);
+		return;
+	}
+
+	tevent_req_done(req);
+}
+
+/*
+  stop an association - recv
+*/
+NTSTATUS wrepl_associate_stop_recv(struct tevent_req *req,
+				   struct wrepl_associate_stop *io)
+{
+	NTSTATUS status;
+
+	if (tevent_req_is_nterror(req, &status)) {
+		tevent_req_received(req);
+		return status;
+	}
+
+	tevent_req_received(req);
+	return NT_STATUS_OK;
+}
+
+/*
+  setup an association - sync api
+*/
+NTSTATUS wrepl_associate_stop(struct wrepl_socket *wrepl_socket,
+			      struct wrepl_associate_stop *io)
+{
+	struct tevent_req *subreq;
+	bool ok;
+	NTSTATUS status;
+
+	subreq = wrepl_associate_stop_send(wrepl_socket, wrepl_socket->event.ctx,
+					   wrepl_socket, io);
+	NT_STATUS_HAVE_NO_MEMORY(subreq);
+
+	ok = tevent_req_poll(subreq, wrepl_socket->event.ctx);
+	if (!ok) {
+		TALLOC_FREE(subreq);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	status = wrepl_associate_stop_recv(subreq, io);
+	TALLOC_FREE(subreq);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	return NT_STATUS_OK;
+}
+
+struct wrepl_pull_table_state {
+	struct wrepl_packet packet;
+	uint32_t num_partners;
+	struct wrepl_wins_owner *partners;
+};
+
+static void wrepl_pull_table_done(struct tevent_req *subreq);
+
+struct tevent_req *wrepl_pull_table_send(TALLOC_CTX *mem_ctx,
+					 struct tevent_context *ev,
+					 struct wrepl_socket *wrepl_socket,
+					 const struct wrepl_pull_table *io)
+{
+	struct tevent_req *req;
+	struct wrepl_pull_table_state *state;
+	struct tevent_req *subreq;
+
+	if (wrepl_socket->event.ctx != ev) {
+		/* TODO: remove wrepl_socket->event.ctx !!! */
+		smb_panic("wrepl_pull_table_send event context mismatch!");
+		return NULL;
+	}
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct wrepl_pull_table_state);
+	if (req == NULL) {
+		return NULL;
+	};
+
+	state->packet.opcode				= WREPL_OPCODE_BITS;
+	state->packet.assoc_ctx				= io->in.assoc_ctx;
+	state->packet.mess_type				= WREPL_REPLICATION;
+	state->packet.message.replication.command	= WREPL_REPL_TABLE_QUERY;
+
+	subreq = wrepl_request_send(state, ev, wrepl_socket, &state->packet, NULL);
+	if (tevent_req_nomem(subreq, req)) {
+		return tevent_req_post(req, ev);
+	}
+	tevent_req_set_callback(subreq, wrepl_pull_table_done, req);
+
+	return req;
+}
+
+static void wrepl_pull_table_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req = tevent_req_callback_data(subreq,
+				 struct tevent_req);
+	struct wrepl_pull_table_state *state = tevent_req_data(req,
+					       struct wrepl_pull_table_state);
+	NTSTATUS status;
+	struct wrepl_packet *packet;
+	struct wrepl_table *table;
+
+	status = wrepl_request_recv(subreq, state, &packet);
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(status)) {
+		tevent_req_nterror(req, status);
+		return;
+	}
+
+	if (packet->mess_type != WREPL_REPLICATION) {
+		tevent_req_nterror(req, NT_STATUS_NETWORK_ACCESS_DENIED);
+		return;
+	}
+
+	if (packet->message.replication.command != WREPL_REPL_TABLE_REPLY) {
+		tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+		return;
+	}
+
+	table = &packet->message.replication.info.table;
+
+	state->num_partners = table->partner_count;
+	state->partners = talloc_move(state, &table->partners);
+
+	tevent_req_done(req);
+}
+
+/*
+  fetch the partner tables - recv
+*/
+NTSTATUS wrepl_pull_table_recv(struct tevent_req *req,
+			       TALLOC_CTX *mem_ctx,
+			       struct wrepl_pull_table *io)
+{
+	struct wrepl_pull_table_state *state = tevent_req_data(req,
+					       struct wrepl_pull_table_state);
+	NTSTATUS status;
+
+	if (tevent_req_is_nterror(req, &status)) {
+		tevent_req_received(req);
+		return status;
+	}
+
+	io->out.num_partners = state->num_partners;
+	io->out.partners = talloc_move(mem_ctx, &state->partners);
+
+	tevent_req_received(req);
+	return NT_STATUS_OK;
+}
+
+/*
+  fetch the partner table - sync api
+*/
+NTSTATUS wrepl_pull_table(struct wrepl_socket *wrepl_socket,
+			  TALLOC_CTX *mem_ctx,
+			  struct wrepl_pull_table *io)
+{
+	struct tevent_req *subreq;
+	bool ok;
+	NTSTATUS status;
+
+	subreq = wrepl_pull_table_send(mem_ctx, wrepl_socket->event.ctx,
+				       wrepl_socket, io);
+	NT_STATUS_HAVE_NO_MEMORY(subreq);
+
+	ok = tevent_req_poll(subreq, wrepl_socket->event.ctx);
+	if (!ok) {
+		TALLOC_FREE(subreq);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	status = wrepl_pull_table_recv(subreq, mem_ctx, io);
+	TALLOC_FREE(subreq);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	return NT_STATUS_OK;
+}
+
+
+struct wrepl_pull_names_state {
+	struct {
+		const struct wrepl_pull_names *io;
+	} caller;
+	struct wrepl_packet packet;
+	uint32_t num_names;
+	struct wrepl_name *names;
+};
+
+static void wrepl_pull_names_done(struct tevent_req *subreq);
+
+struct tevent_req *wrepl_pull_names_send(TALLOC_CTX *mem_ctx,
+					 struct tevent_context *ev,
+					 struct wrepl_socket *wrepl_socket,
+					 const struct wrepl_pull_names *io)
+{
+	struct tevent_req *req;
+	struct wrepl_pull_names_state *state;
+	struct tevent_req *subreq;
+
+	if (wrepl_socket->event.ctx != ev) {
+		/* TODO: remove wrepl_socket->event.ctx !!! */
+		smb_panic("wrepl_pull_names_send event context mismatch!");
+		return NULL;
+	}
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct wrepl_pull_names_state);
+	if (req == NULL) {
+		return NULL;
+	};
+	state->caller.io = io;
+
+	state->packet.opcode				= WREPL_OPCODE_BITS;
+	state->packet.assoc_ctx				= io->in.assoc_ctx;
+	state->packet.mess_type				= WREPL_REPLICATION;
+	state->packet.message.replication.command	= WREPL_REPL_SEND_REQUEST;
+	state->packet.message.replication.info.owner	= io->in.partner;
+
+	subreq = wrepl_request_send(state, ev, wrepl_socket, &state->packet, NULL);
+	if (tevent_req_nomem(subreq, req)) {
+		return tevent_req_post(req, ev);
+	}
+	tevent_req_set_callback(subreq, wrepl_pull_names_done, req);
+
+	return req;
+}
+
+static void wrepl_pull_names_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req = tevent_req_callback_data(subreq,
+				 struct tevent_req);
+	struct wrepl_pull_names_state *state = tevent_req_data(req,
+					       struct wrepl_pull_names_state);
+	NTSTATUS status;
+	struct wrepl_packet *packet;
+	uint32_t i;
+
+	status = wrepl_request_recv(subreq, state, &packet);
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(status)) {
+		tevent_req_nterror(req, status);
+		return;
+	}
+
+	if (packet->mess_type != WREPL_REPLICATION) {
+		tevent_req_nterror(req, NT_STATUS_NETWORK_ACCESS_DENIED);
+		return;
+	}
+
+	if (packet->message.replication.command != WREPL_REPL_SEND_REPLY) {
+		tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+		return;
+	}
+
+	state->num_names = packet->message.replication.info.reply.num_names;
+
+	state->names = talloc_array(state, struct wrepl_name, state->num_names);
+	if (tevent_req_nomem(state->names, req)) {
+		return;
+	}
+
+	/* convert the list of names and addresses to a sane format */
+	for (i=0; i < state->num_names; i++) {
+		struct wrepl_wins_name *wname = &packet->message.replication.info.reply.names[i];
+		struct wrepl_name *name = &state->names[i];
+
+		name->name	= *wname->name;
+		talloc_steal(state->names, wname->name);
+		name->type	= WREPL_NAME_TYPE(wname->flags);
+		name->state	= WREPL_NAME_STATE(wname->flags);
+		name->node	= WREPL_NAME_NODE(wname->flags);
+		name->is_static	= WREPL_NAME_IS_STATIC(wname->flags);
+		name->raw_flags	= wname->flags;
+		name->version_id= wname->id;
+		name->owner	= talloc_strdup(state->names,
+						state->caller.io->in.partner.address);
+		if (tevent_req_nomem(name->owner, req)) {
+			return;
+		}
+
+		/* trying to save 1 or 2 bytes on the wire isn't a good idea */
+		if (wname->flags & 2) {
+			uint32_t j;
+
+			name->num_addresses = wname->addresses.addresses.num_ips;
+			name->addresses = talloc_array(state->names,
+						       struct wrepl_address,
+						       name->num_addresses);
+			if (tevent_req_nomem(name->addresses, req)) {
+				return;
+			}
+
+			for (j=0;j<name->num_addresses;j++) {
+				name->addresses[j].owner =
+					talloc_move(name->addresses,
+						    &wname->addresses.addresses.ips[j].owner);
+				name->addresses[j].address = 
+					talloc_move(name->addresses,
+						    &wname->addresses.addresses.ips[j].ip);
+			}
+		} else {
+			name->num_addresses = 1;
+			name->addresses = talloc_array(state->names,
+						       struct wrepl_address,
+						       name->num_addresses);
+			if (tevent_req_nomem(name->addresses, req)) {
+				return;
+			}
+
+			name->addresses[0].owner = talloc_strdup(name->addresses, name->owner);
+			if (tevent_req_nomem(name->addresses[0].owner, req)) {
+				return;
+			}
+			name->addresses[0].address = talloc_move(name->addresses,
+								 &wname->addresses.ip);
+		}
+	}
+
+	tevent_req_done(req);
+}
+
+/*
+  fetch the names for a WINS partner - recv
+*/
+NTSTATUS wrepl_pull_names_recv(struct tevent_req *req,
+			       TALLOC_CTX *mem_ctx,
+			       struct wrepl_pull_names *io)
+{
+	struct wrepl_pull_names_state *state = tevent_req_data(req,
+					       struct wrepl_pull_names_state);
+	NTSTATUS status;
+
+	if (tevent_req_is_nterror(req, &status)) {
+		tevent_req_received(req);
+		return status;
+	}
+
+	io->out.num_names = state->num_names;
+	io->out.names = talloc_move(mem_ctx, &state->names);
+
+	tevent_req_received(req);
+	return NT_STATUS_OK;
+}
+
+
+
+/*
+  fetch the names for a WINS partner - sync api
+*/
+NTSTATUS wrepl_pull_names(struct wrepl_socket *wrepl_socket,
+			  TALLOC_CTX *mem_ctx,
+			  struct wrepl_pull_names *io)
+{
+	struct tevent_req *subreq;
+	bool ok;
+	NTSTATUS status;
+
+	subreq = wrepl_pull_names_send(mem_ctx, wrepl_socket->event.ctx,
+				       wrepl_socket, io);
+	NT_STATUS_HAVE_NO_MEMORY(subreq);
+
+	ok = tevent_req_poll(subreq, wrepl_socket->event.ctx);
+	if (!ok) {
+		TALLOC_FREE(subreq);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	status = wrepl_pull_names_recv(subreq, mem_ctx, io);
+	TALLOC_FREE(subreq);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/libcli/wrepl/winsrepl.h b/source4/libcli/wrepl/winsrepl.h
new file mode 100644
index 0000000..bc35544
--- /dev/null
+++ b/source4/libcli/wrepl/winsrepl.h
@@ -0,0 +1,110 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   structures for WINS replication client library
+
+   Copyright (C) Andrew Tridgell 2005
+   Copyright (C) Stefan Metzmacher 2005-2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "librpc/gen_ndr/nbt.h"
+#include "librpc/gen_ndr/winsrepl.h"
+
+struct wrepl_request;
+struct wrepl_socket;
+
+struct wrepl_send_ctrl {
+	bool send_only;
+	bool disconnect_after_send;
+};
+
+/*
+  setup an association
+*/
+struct wrepl_associate {
+	struct {
+		uint32_t assoc_ctx;
+		uint16_t major_version;
+	} out;
+};
+
+/*
+  setup an association
+*/
+struct wrepl_associate_stop {
+	struct {
+		uint32_t assoc_ctx;
+		uint32_t reason;
+	} in;
+};
+
+/*
+  pull the partner table
+*/
+struct wrepl_pull_table {
+	struct {
+		uint32_t assoc_ctx;
+	} in;
+	struct {
+		uint32_t num_partners;
+		struct wrepl_wins_owner *partners;
+	} out;
+};
+
+#define WREPL_NAME_TYPE(flags) (flags & WREPL_FLAGS_RECORD_TYPE)
+#define WREPL_NAME_STATE(flags) ((flags & WREPL_FLAGS_RECORD_STATE)>>2)
+#define WREPL_NAME_NODE(flags) ((flags & WREPL_FLAGS_NODE_TYPE)>>5)
+#define WREPL_NAME_IS_STATIC(flags) ((flags & WREPL_FLAGS_IS_STATIC)?true:false)
+
+#define WREPL_NAME_FLAGS(type, state, node, is_static) \
+	(type | (state << 2) | (node << 5) | \
+	 (is_static ? WREPL_FLAGS_IS_STATIC : 0))
+
+struct wrepl_address {
+	const char *owner;
+	const char *address;
+};
+
+struct wrepl_name {
+	struct nbt_name name;
+	enum wrepl_name_type type;
+	enum wrepl_name_state state;
+	enum wrepl_name_node node;
+	bool is_static;
+	uint32_t raw_flags;
+	uint64_t version_id;
+	const char *owner;
+	uint32_t num_addresses;
+	struct wrepl_address *addresses;
+};
+
+/*
+  a full pull replication
+*/
+struct wrepl_pull_names {
+	struct {
+		uint32_t assoc_ctx;
+		struct wrepl_wins_owner partner;
+	} in;
+	struct {
+		uint32_t num_names;
+		struct wrepl_name *names;
+	} out;
+};
+
+struct tstream_context;
+
+#include "libcli/wrepl/winsrepl_proto.h"
diff --git a/source4/libcli/wscript_build b/source4/libcli/wscript_build
new file mode 100644
index 0000000..b3a4410
--- /dev/null
+++ b/source4/libcli/wscript_build
@@ -0,0 +1,96 @@
+#!/usr/bin/env python
+
+bld.RECURSE('ldap')
+bld.RECURSE('wbclient')
+
+bld.SAMBA_SUBSYSTEM('LIBSAMBA_TSOCKET',
+	source='../../libcli/util/tstream.c',
+	public_deps='LIBTSOCKET tevent-util'
+	)
+
+
+bld.SAMBA_SUBSYSTEM('LIBCLI_LSA',
+	source='util/clilsa.c',
+	autoproto='util/clilsa.h',
+	public_deps='RPC_NDR_LSA dcerpc',
+	deps='samba-security'
+	)
+
+
+bld.SAMBA_SUBSYSTEM('cli_composite',
+	source='composite/composite.c',
+	autoproto='composite/proto.h',
+	public_deps='events'
+	)
+
+
+bld.SAMBA_SUBSYSTEM('LIBCLI_SMB_COMPOSITE',
+    source='''
+       smb_composite/loadfile.c
+       smb_composite/savefile.c
+       smb_composite/connect_nego.c
+       smb_composite/connect.c
+       smb_composite/sesssetup.c
+       smb_composite/fetchfile.c
+       smb_composite/appendacl.c
+       smb_composite/fsinfo.c
+       smb_composite/smb2.c
+    ''',
+    deps='LIBCLI_SMB2 tevent-util',
+    public_deps='cli_composite samba-credentials gensec LIBCLI_RESOLVE tevent',
+    private_headers='smb_composite/smb_composite.h',
+    )
+
+
+bld.SAMBA_SUBSYSTEM('LIBCLI_DGRAM',
+	source='dgram/dgramsocket.c dgram/mailslot.c dgram/netlogon.c dgram/browse.c',
+	public_deps='cli-nbt ndr LIBCLI_RESOLVE LIBCLI_NETLOGON LIBCLI_RESOLVE'
+	)
+
+
+bld.SAMBA_SUBSYSTEM('LIBCLI_WREPL',
+	source='wrepl/winsrepl.c',
+	autoproto='wrepl/winsrepl_proto.h',
+	public_deps='NDR_WINSREPL samba_socket events LIBPACKET LIBSAMBA_TSOCKET'
+	)
+
+
+bld.SAMBA_SUBSYSTEM('LIBCLI_RESOLVE',
+	source='resolve/resolve.c',
+	autoproto='resolve/proto.h',
+	public_deps='ndr_nbt LIBTSOCKET'
+	)
+
+
+bld.SAMBA_SUBSYSTEM('LP_RESOLVE',
+	source='resolve/bcast.c resolve/nbtlist.c resolve/wins.c resolve/dns_ex.c resolve/host.c resolve/lmhosts.c resolve/resolve_lp.c',
+	autoproto='resolve/lp_proto.h',
+	deps='cli-nbt samba-hostconfig netif addns'
+	)
+
+
+bld.SAMBA_SUBSYSTEM('LIBCLI_FINDDCS',
+	source='finddcs_cldap.c',
+	autoproto='finddcs_proto.h',
+	public_deps='cli_cldap'
+	)
+
+
+bld.SAMBA_SUBSYSTEM('LIBCLI_SMB',
+	source='clireadwrite.c cliconnect.c clifile.c clilist.c clitrans2.c climessage.c clideltree.c',
+	private_headers='libcli.h:smb_cli.h',
+	public_deps='smbclient-raw samba-errors LIBCLI_AUTH LIBCLI_SMB_COMPOSITE cli-nbt samba-security LIBCLI_RESOLVE LIBCLI_DGRAM LIBCLI_SMB2 LIBCLI_FINDDCS samba_socket'
+	)
+
+
+bld.SAMBA_LIBRARY('smbclient-raw',
+	source='raw/rawfile.c raw/smb_signing.c raw/clisocket.c raw/clitransport.c raw/clisession.c raw/clitree.c raw/clierror.c raw/rawrequest.c raw/rawreadwrite.c raw/rawsearch.c raw/rawsetfileinfo.c raw/raweas.c raw/rawtrans.c raw/clioplock.c raw/rawnegotiate.c raw/rawfsinfo.c raw/rawfileinfo.c raw/rawnotify.c raw/rawioctl.c raw/rawacl.c raw/rawdate.c raw/rawlpq.c raw/rawshadow.c',
+	autoproto='raw/raw_proto.h',
+	public_deps='samba_socket LIBPACKET LIBCRYPTO',
+	deps='cli_composite LIBCLI_RESOLVE samba-security ndr samba-util samba-errors charset talloc LIBCLI_SMB_COMPOSITE tevent cli_smb_common',
+	private_headers='raw/request.h:smb_request.h raw/signing.h:smb_raw_signing.h raw/libcliraw.h:smb_cliraw.h raw/interfaces.h:smb_raw_interfaces.h raw/smb.h:smb_raw.h raw/trans2.h:smb_raw_trans2.h',
+	private_library=True,
+	)
+
+bld.RECURSE('smb2')
+bld.RECURSE('rap')
diff --git a/source4/libnet/composite.h b/source4/libnet/composite.h
new file mode 100644
index 0000000..50bf1a7
--- /dev/null
+++ b/source4/libnet/composite.h
@@ -0,0 +1,56 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Rafal Szczesniak 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ * Monitor structure and message types definitions. Composite function monitoring
+ * allows client application to be notified on function progress. This enables
+ * eg. gui client to display progress bars, status messages, etc.
+ */
+
+
+#define  mon_SamrCreateUser        (0x00000001)
+#define  mon_SamrOpenUser          (0x00000002)
+#define  mon_SamrQueryUser         (0x00000003)
+#define  mon_SamrCloseUser         (0x00000004)
+#define  mon_SamrLookupName        (0x00000005)
+#define  mon_SamrDeleteUser        (0x00000006)
+#define  mon_SamrSetUser           (0x00000007)
+#define  mon_SamrClose             (0x00000008)
+#define  mon_SamrConnect           (0x00000009)
+#define  mon_SamrLookupDomain      (0x0000000A)
+#define  mon_SamrOpenDomain        (0x0000000B)
+#define  mon_SamrEnumDomains       (0x0000000C)
+#define  mon_LsaOpenPolicy         (0x0000000D)
+#define  mon_LsaQueryPolicy        (0x0000000E)
+#define  mon_LsaClose              (0x0000000F)
+#define  mon_SamrOpenGroup         (0x00000010)
+#define  mon_SamrQueryGroup        (0x00000011)
+
+#define  mon_NetLookupDc           (0x00000100)
+#define  mon_NetRpcConnect         (0x00000200)
+
+#define  mon_Mask_Rpc              (0x000000FF)
+#define  mon_Mask_Net              (0x0000FF00)
+
+
+struct monitor_msg {
+	uint32_t   type;
+	void       *data;
+	size_t     data_size;
+};
diff --git a/source4/libnet/groupinfo.c b/source4/libnet/groupinfo.c
new file mode 100644
index 0000000..3d2968b
--- /dev/null
+++ b/source4/libnet/groupinfo.c
@@ -0,0 +1,384 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Rafal Szczesniak 2007
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+  a composite function for getting group information via samr pipe
+*/
+
+
+#include "includes.h"
+#include "libcli/composite/composite.h"
+#include "librpc/gen_ndr/security.h"
+#include "libcli/security/security.h"
+#include "libnet/libnet.h"
+#include "librpc/gen_ndr/ndr_samr_c.h"
+
+
+struct groupinfo_state {
+	struct dcerpc_binding_handle *binding_handle;
+	struct policy_handle       domain_handle;
+	struct policy_handle       group_handle;
+	uint16_t                   level;
+	struct samr_LookupNames    lookup;
+	struct samr_OpenGroup      opengroup;
+	struct samr_QueryGroupInfo querygroupinfo;
+	struct samr_Close          samrclose;
+	union  samr_GroupInfo      *info;
+
+	/* information about the progress */
+	void (*monitor_fn)(struct monitor_msg *);
+};
+
+
+static void continue_groupinfo_lookup(struct tevent_req *subreq);
+static void continue_groupinfo_opengroup(struct tevent_req *subreq);
+static void continue_groupinfo_getgroup(struct tevent_req *subreq);
+static void continue_groupinfo_closegroup(struct tevent_req *subreq);
+
+
+/**
+ * Stage 1 (optional): Look for a group name in SAM server.
+ */
+static void continue_groupinfo_lookup(struct tevent_req *subreq)
+{
+	struct composite_context *c;
+	struct groupinfo_state *s;
+	struct monitor_msg msg;
+	struct msg_rpc_lookup_name *msg_lookup;
+
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type(c->private_data, struct groupinfo_state);
+
+	/* receive samr_Lookup reply */
+	c->status = dcerpc_samr_LookupNames_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+	
+	/* there could be a problem with name resolving itself */
+	if (!NT_STATUS_IS_OK(s->lookup.out.result)) {
+		composite_error(c, s->lookup.out.result);
+		return;
+	}
+
+	/* issue a monitor message */
+	if (s->monitor_fn) {
+		msg.type = mon_SamrLookupName;
+		msg_lookup = talloc(s, struct msg_rpc_lookup_name);
+		msg_lookup->rid = s->lookup.out.rids->ids;
+		msg_lookup->count = s->lookup.out.rids->count;
+		msg.data = (void*)msg_lookup;
+		msg.data_size = sizeof(*msg_lookup);
+		
+		s->monitor_fn(&msg);
+	}
+	
+	/* have we actually got name resolved
+	   - we're looking for only one at the moment */
+	if (s->lookup.out.rids->count != s->lookup.in.num_names) {
+		composite_error(c, NT_STATUS_INVALID_NETWORK_RESPONSE);
+		return;
+	}
+	if (s->lookup.out.types->count != s->lookup.in.num_names) {
+		composite_error(c, NT_STATUS_INVALID_NETWORK_RESPONSE);
+		return;
+	}
+
+	/* TODO: find proper status code for more than one rid found */
+
+	/* prepare parameters for LookupNames */
+	s->opengroup.in.domain_handle   = &s->domain_handle;
+	s->opengroup.in.access_mask     = SEC_FLAG_MAXIMUM_ALLOWED;
+	s->opengroup.in.rid             = s->lookup.out.rids->ids[0];
+	s->opengroup.out.group_handle   = &s->group_handle;
+
+	/* send request */
+	subreq = dcerpc_samr_OpenGroup_r_send(s, c->event_ctx,
+					      s->binding_handle,
+					      &s->opengroup);
+	if (composite_nomem(subreq, c)) return;
+
+	tevent_req_set_callback(subreq, continue_groupinfo_opengroup, c);
+}
+
+
+/**
+ * Stage 2: Open group policy handle.
+ */
+static void continue_groupinfo_opengroup(struct tevent_req *subreq)
+{
+	struct composite_context *c;
+	struct groupinfo_state *s;
+	struct monitor_msg msg;
+	struct msg_rpc_open_group *msg_open;
+
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type(c->private_data, struct groupinfo_state);
+
+	/* receive samr_OpenGroup reply */
+	c->status = dcerpc_samr_OpenGroup_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	if (!NT_STATUS_IS_OK(s->opengroup.out.result)) {
+		composite_error(c, s->opengroup.out.result);
+		return;
+	}
+
+	/* issue a monitor message */
+	if (s->monitor_fn) {
+		msg.type = mon_SamrOpenGroup;
+		msg_open = talloc(s, struct msg_rpc_open_group);
+		msg_open->rid = s->opengroup.in.rid;
+		msg_open->access_mask = s->opengroup.in.access_mask;
+		msg.data = (void*)msg_open;
+		msg.data_size = sizeof(*msg_open);
+		
+		s->monitor_fn(&msg);
+	}
+	
+	/* prepare parameters for QueryGroupInfo call */
+	s->querygroupinfo.in.group_handle = &s->group_handle;
+	s->querygroupinfo.in.level        = s->level;
+	s->querygroupinfo.out.info        = talloc(s, union samr_GroupInfo *);
+	if (composite_nomem(s->querygroupinfo.out.info, c)) return;
+	
+	/* queue rpc call, set event handling and new state */
+	subreq = dcerpc_samr_QueryGroupInfo_r_send(s,
+						   c->event_ctx,
+						   s->binding_handle,
+						   &s->querygroupinfo);
+	if (composite_nomem(subreq, c)) return;
+	
+	tevent_req_set_callback(subreq, continue_groupinfo_getgroup, c);
+}
+
+
+/**
+ * Stage 3: Get requested group information.
+ */
+static void continue_groupinfo_getgroup(struct tevent_req *subreq)
+{
+	struct composite_context *c;
+	struct groupinfo_state *s;
+	struct monitor_msg msg;
+	struct msg_rpc_query_group *msg_query;
+
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type(c->private_data, struct groupinfo_state);
+
+	/* receive samr_QueryGroupInfo reply */
+	c->status = dcerpc_samr_QueryGroupInfo_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	/* check if querygroup itself went ok */
+	if (!NT_STATUS_IS_OK(s->querygroupinfo.out.result)) {
+		composite_error(c, s->querygroupinfo.out.result);
+		return;
+	}
+
+	s->info = talloc_steal(s, *s->querygroupinfo.out.info);
+
+	/* issue a monitor message */
+	if (s->monitor_fn) {
+		msg.type = mon_SamrQueryGroup;
+		msg_query = talloc(s, struct msg_rpc_query_group);
+		msg_query->level = s->querygroupinfo.in.level;
+		msg.data = (void*)msg_query;
+		msg.data_size = sizeof(*msg_query);
+		
+		s->monitor_fn(&msg);
+	}
+	
+	/* prepare arguments for Close call */
+	s->samrclose.in.handle  = &s->group_handle;
+	s->samrclose.out.handle = &s->group_handle;
+	
+	/* queue rpc call, set event handling and new state */
+	subreq = dcerpc_samr_Close_r_send(s, c->event_ctx,
+					  s->binding_handle,
+					  &s->samrclose);
+	if (composite_nomem(subreq, c)) return;
+	
+	tevent_req_set_callback(subreq, continue_groupinfo_closegroup, c);
+}
+
+
+/**
+ * Stage 4: Close policy handle associated with opened group.
+ */
+static void continue_groupinfo_closegroup(struct tevent_req *subreq)
+{
+	struct composite_context *c;
+	struct groupinfo_state *s;
+	struct monitor_msg msg;
+	struct msg_rpc_close_group *msg_close;
+
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type(c->private_data, struct groupinfo_state);
+
+	/* receive samr_Close reply */
+	c->status = dcerpc_samr_Close_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	if (!NT_STATUS_IS_OK(s->samrclose.out.result)) {
+		composite_error(c, s->samrclose.out.result);
+		return;
+	}
+
+	/* issue a monitor message */
+	if (s->monitor_fn) {
+		msg.type = mon_SamrClose;
+		msg_close = talloc(s, struct msg_rpc_close_group);
+		msg_close->rid = s->opengroup.in.rid;
+		msg.data = (void*)msg_close;
+		msg.data_size = sizeof(*msg_close);
+
+		s->monitor_fn(&msg);
+	}
+
+	composite_done(c);
+}
+
+
+/**
+ * Sends asynchronous groupinfo request
+ *
+ * @param p dce/rpc call pipe 
+ * @param io arguments and results of the call
+ */
+struct composite_context *libnet_rpc_groupinfo_send(TALLOC_CTX *mem_ctx,
+						    struct tevent_context *ev,
+						    struct dcerpc_binding_handle *b,
+						    struct libnet_rpc_groupinfo *io,
+						    void (*monitor)(struct monitor_msg*))
+{
+	struct composite_context *c;
+	struct groupinfo_state *s;
+	struct dom_sid *sid;
+	struct tevent_req *subreq;
+
+	if (!b || !io) return NULL;
+	
+	c = composite_create(mem_ctx, ev);
+	if (c == NULL) return c;
+	
+	s = talloc_zero(c, struct groupinfo_state);
+	if (composite_nomem(s, c)) return c;
+
+	c->private_data = s;
+
+	s->level         = io->in.level;
+	s->binding_handle= b;
+	s->domain_handle = io->in.domain_handle;
+	s->monitor_fn    = monitor;
+
+	if (io->in.sid) {
+		sid = dom_sid_parse_talloc(s, io->in.sid);
+		if (composite_nomem(sid, c)) return c;
+
+		s->opengroup.in.domain_handle  = &s->domain_handle;
+		s->opengroup.in.access_mask    = SEC_FLAG_MAXIMUM_ALLOWED;
+		s->opengroup.in.rid            = sid->sub_auths[sid->num_auths - 1];
+		s->opengroup.out.group_handle  = &s->group_handle;
+		
+		/* send request */
+		subreq = dcerpc_samr_OpenGroup_r_send(s, c->event_ctx,
+						      s->binding_handle,
+						      &s->opengroup);
+		if (composite_nomem(subreq, c)) return c;
+
+		tevent_req_set_callback(subreq, continue_groupinfo_opengroup, c);
+
+	} else {
+		/* preparing parameters to send rpc request */
+		s->lookup.in.domain_handle    = &s->domain_handle;
+		s->lookup.in.num_names        = 1;
+		s->lookup.in.names            = talloc_array(s, struct lsa_String, 1);
+		if (composite_nomem(s->lookup.in.names, c)) return c;
+
+		s->lookup.in.names[0].string  = talloc_strdup(s, io->in.groupname);
+		if (composite_nomem(s->lookup.in.names[0].string, c)) return c;
+		s->lookup.out.rids         = talloc_zero(s, struct samr_Ids);
+		s->lookup.out.types        = talloc_zero(s, struct samr_Ids);
+		if (composite_nomem(s->lookup.out.rids, c)) return c;
+		if (composite_nomem(s->lookup.out.types, c)) return c;
+
+		/* send request */
+		subreq = dcerpc_samr_LookupNames_r_send(s, c->event_ctx,
+							s->binding_handle,
+							&s->lookup);
+		if (composite_nomem(subreq, c)) return c;
+		
+		tevent_req_set_callback(subreq, continue_groupinfo_lookup, c);
+	}
+
+	return c;
+}
+
+
+/**
+ * Waits for and receives result of asynchronous groupinfo call
+ * 
+ * @param c composite context returned by asynchronous groupinfo call
+ * @param mem_ctx memory context of the call
+ * @param io pointer to results (and arguments) of the call
+ * @return nt status code of execution
+ */
+
+NTSTATUS libnet_rpc_groupinfo_recv(struct composite_context *c, TALLOC_CTX *mem_ctx,
+				   struct libnet_rpc_groupinfo *io)
+{
+	NTSTATUS status;
+	struct groupinfo_state *s;
+	
+	/* wait for results of sending request */
+	status = composite_wait(c);
+	
+	if (NT_STATUS_IS_OK(status) && io) {
+		s = talloc_get_type(c->private_data, struct groupinfo_state);
+		talloc_steal(mem_ctx, s->info);
+		io->out.info = *s->info;
+	}
+	
+	/* memory context associated to composite context is no longer needed */
+	talloc_free(c);
+	return status;
+}
+
+
+/**
+ * Synchronous version of groupinfo call
+ *
+ * @param pipe dce/rpc call pipe
+ * @param mem_ctx memory context for the call
+ * @param io arguments and results of the call
+ * @return nt status code of execution
+ */
+
+NTSTATUS libnet_rpc_groupinfo(struct tevent_context *ev,
+			      struct dcerpc_binding_handle *b,
+			      TALLOC_CTX *mem_ctx,
+			      struct libnet_rpc_groupinfo *io)
+{
+	struct composite_context *c = libnet_rpc_groupinfo_send(mem_ctx, ev, b,
+								io, NULL);
+	return libnet_rpc_groupinfo_recv(c, mem_ctx, io);
+}
diff --git a/source4/libnet/groupinfo.h b/source4/libnet/groupinfo.h
new file mode 100644
index 0000000..ad13840
--- /dev/null
+++ b/source4/libnet/groupinfo.h
@@ -0,0 +1,54 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Rafal Szczesniak 2007
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include "librpc/gen_ndr/samr.h"
+
+/*
+ * IO structures for groupinfo.c functions
+ */
+
+struct libnet_rpc_groupinfo {
+	struct {
+		struct policy_handle domain_handle;
+		const char *groupname;
+		const char *sid;
+		uint16_t level;
+	} in;
+	struct {
+		union samr_GroupInfo info;
+	} out;
+};
+
+
+/*
+ * Monitor messages sent from groupinfo.c functions
+ */
+
+struct msg_rpc_open_group {
+	uint32_t rid, access_mask;
+};
+
+struct msg_rpc_query_group {
+	uint16_t level;
+};
+
+struct msg_rpc_close_group {
+	uint32_t rid;
+};
diff --git a/source4/libnet/groupman.c b/source4/libnet/groupman.c
new file mode 100644
index 0000000..c91eff3
--- /dev/null
+++ b/source4/libnet/groupman.c
@@ -0,0 +1,139 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Rafal Szczesniak 2007
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+  a composite function for manipulating (add/edit/del) groups via samr pipe
+*/
+
+#include "includes.h"
+#include "libcli/composite/composite.h"
+#include "libnet/libnet.h"
+#include "librpc/gen_ndr/ndr_samr_c.h"
+
+
+struct groupadd_state {
+	struct dcerpc_binding_handle *binding_handle;
+	struct policy_handle domain_handle;
+	struct samr_CreateDomainGroup creategroup;
+	struct policy_handle group_handle;
+	uint32_t group_rid;
+	
+	void (*monitor_fn)(struct monitor_msg*);
+};
+
+
+static void continue_groupadd_created(struct tevent_req *subreq);
+
+
+struct composite_context* libnet_rpc_groupadd_send(TALLOC_CTX *mem_ctx,
+						   struct tevent_context *ev,
+						   struct dcerpc_binding_handle *b,
+						   struct libnet_rpc_groupadd *io,
+						   void (*monitor)(struct monitor_msg*))
+{
+	struct composite_context *c;
+	struct groupadd_state *s;
+	struct tevent_req *subreq;
+
+	if (!b || !io) return NULL;
+
+	c = composite_create(mem_ctx, ev);
+	if (c == NULL) return NULL;
+
+	s = talloc_zero(c, struct groupadd_state);
+	if (composite_nomem(s, c)) return c;
+
+	c->private_data = s;
+
+	s->domain_handle = io->in.domain_handle;
+	s->binding_handle= b;
+	s->monitor_fn    = monitor;
+
+	s->creategroup.in.domain_handle  = &s->domain_handle;
+
+	s->creategroup.in.name           = talloc_zero(c, struct lsa_String);
+	if (composite_nomem(s->creategroup.in.name, c)) return c;
+
+	s->creategroup.in.name->string   = talloc_strdup(c, io->in.groupname);
+	if (composite_nomem(s->creategroup.in.name->string, c)) return c;
+	
+	s->creategroup.in.access_mask    = 0;
+	
+	s->creategroup.out.group_handle  = &s->group_handle;
+	s->creategroup.out.rid           = &s->group_rid;
+ 	
+	subreq = dcerpc_samr_CreateDomainGroup_r_send(s, c->event_ctx,
+						      s->binding_handle,
+						      &s->creategroup);
+	if (composite_nomem(subreq, c)) return c;
+
+	tevent_req_set_callback(subreq, continue_groupadd_created, c);
+	return c;
+}
+
+
+NTSTATUS libnet_rpc_groupadd_recv(struct composite_context *c, TALLOC_CTX *mem_ctx,
+				  struct libnet_rpc_groupadd *io)
+{
+	NTSTATUS status;
+	struct groupadd_state *s;
+	
+	status = composite_wait(c);
+	if (NT_STATUS_IS_OK(status) && io) {
+		s = talloc_get_type(c->private_data, struct groupadd_state);
+		io->out.group_handle = s->group_handle;
+	}
+
+	talloc_free(c);
+	return status;
+}
+
+
+static void continue_groupadd_created(struct tevent_req *subreq)
+{
+	struct composite_context *c;
+	struct groupadd_state *s;
+
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type(c->private_data, struct groupadd_state);
+
+	c->status = dcerpc_samr_CreateDomainGroup_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	c->status = s->creategroup.out.result;
+	if (!NT_STATUS_IS_OK(c->status)) {
+		composite_error(c, c->status);
+		return;
+	}
+
+	composite_done(c);
+}
+
+
+NTSTATUS libnet_rpc_groupadd(struct tevent_context *ev,
+			     struct dcerpc_binding_handle *b,
+			     TALLOC_CTX *mem_ctx,
+			     struct libnet_rpc_groupadd *io)
+{
+	struct composite_context *c;
+
+	c = libnet_rpc_groupadd_send(mem_ctx, ev, b, io, NULL);
+	return libnet_rpc_groupadd_recv(c, mem_ctx, io);
+}
diff --git a/source4/libnet/groupman.h b/source4/libnet/groupman.h
new file mode 100644
index 0000000..0acb02d
--- /dev/null
+++ b/source4/libnet/groupman.h
@@ -0,0 +1,35 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Rafal Szczesniak 2007
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "librpc/gen_ndr/misc.h"
+
+
+/*
+ * IO structures for groupman.c functions
+ */
+
+struct libnet_rpc_groupadd {
+	struct {
+		struct policy_handle domain_handle;
+		const char *groupname;
+	} in;
+	struct {
+		struct policy_handle group_handle;
+	} out;
+};
diff --git a/source4/libnet/libnet.c b/source4/libnet/libnet.c
new file mode 100644
index 0000000..a590893
--- /dev/null
+++ b/source4/libnet/libnet.c
@@ -0,0 +1,55 @@
+/* 
+   Unix SMB/CIFS implementation.
+   
+   Copyright (C) Stefan Metzmacher	2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libnet/libnet.h"
+#include "lib/events/events.h"
+#include "param/param.h"
+#include "libcli/resolve/resolve.h"
+
+struct libnet_context *libnet_context_init(struct tevent_context *ev,
+					   struct loadparm_context *lp_ctx)
+{
+	struct libnet_context *ctx;
+
+	/* We require an event context here */
+	if (!ev) {
+		return NULL;
+	}
+
+	/* create brand new libnet context */
+	ctx = talloc_zero(ev, struct libnet_context);
+	if (!ctx) {
+		return NULL;
+	}
+
+	ctx->event_ctx = ev;
+	ctx->lp_ctx = lp_ctx;
+
+	/* make sure dcerpc is initialized */
+	dcerpc_init();
+
+	/* name resolution methods */
+	ctx->resolve_ctx = lpcfg_resolve_context(lp_ctx);
+
+	/* default buffer size for various operations requiring specifying a buffer */
+	ctx->samr.buf_size = 128;
+
+	return ctx;
+}
diff --git a/source4/libnet/libnet.h b/source4/libnet/libnet.h
new file mode 100644
index 0000000..41ddbea
--- /dev/null
+++ b/source4/libnet/libnet.h
@@ -0,0 +1,86 @@
+/* 
+   Unix SMB/CIFS implementation.
+   
+   Copyright (C) Stefan Metzmacher      2004
+   Copyright (C) Rafal Szczesniak       2005-2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+#ifndef LIBNET_H
+#define LIBNET_H
+
+#include "librpc/gen_ndr/misc.h"
+
+struct libnet_context {
+	/* here we need:
+	 * a client env context
+	 * a user env context
+	 */
+	struct cli_credentials *cred;
+
+	/* samr connection parameters - opened handles and related properties */
+	struct {
+		struct dcerpc_pipe *pipe;
+		struct dcerpc_binding_handle *samr_handle;
+		const char *name;
+		struct dom_sid *sid;
+		uint32_t access_mask;
+		struct policy_handle handle;
+		struct policy_handle connect_handle;
+		int buf_size;
+	} samr;
+
+	/* lsa connection parameters - opened handles and related properties */
+	struct {
+		struct dcerpc_pipe *pipe;
+		struct dcerpc_binding_handle *lsa_handle;
+		const char *name;
+		uint32_t access_mask;
+		struct policy_handle handle;
+	} lsa;
+
+	/* name resolution methods */
+	struct resolve_context *resolve_ctx;
+
+	struct tevent_context *event_ctx;
+
+	struct loadparm_context *lp_ctx;
+
+	/* if non-null then override the server address */
+	const char *server_address;
+};
+
+
+#include <ldb.h>
+#include "libnet/composite.h"
+#include "libnet/userman.h"
+#include "libnet/userinfo.h"
+#include "libnet/groupinfo.h"
+#include "libnet/groupman.h"
+#include "libnet/libnet_passwd.h"
+#include "libnet/libnet_time.h"
+#include "libnet/libnet_rpc.h"
+#include "libnet/libnet_join.h"
+#include "libnet/libnet_site.h"
+#include "libnet/libnet_become_dc.h"
+#include "libnet/libnet_unbecome_dc.h"
+#include "libnet/libnet_samsync.h"
+#include "libnet/libnet_vampire.h"
+#include "libnet/libnet_user.h"
+#include "libnet/libnet_group.h"
+#include "libnet/libnet_share.h"
+#include "libnet/libnet_lookup.h"
+#include "libnet/libnet_domain.h"
+#include "libnet/libnet_proto.h"
+#endif
diff --git a/source4/libnet/libnet_become_dc.c b/source4/libnet/libnet_become_dc.c
new file mode 100644
index 0000000..f40e4f9
--- /dev/null
+++ b/source4/libnet/libnet_become_dc.c
@@ -0,0 +1,3281 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Stefan Metzmacher <metze@samba.org> 2006
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libnet/libnet.h"
+#include "libcli/composite/composite.h"
+#include "libcli/cldap/cldap.h"
+#include <ldb.h>
+#include <ldb_errors.h>
+#include "ldb_wrap.h"
+#include "dsdb/samdb/samdb.h"
+#include "../libds/common/flags.h"
+#include "librpc/gen_ndr/ndr_drsuapi_c.h"
+#include "libcli/security/security.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "librpc/gen_ndr/ndr_nbt.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+#include "auth/gensec/gensec.h"
+#include "param/param.h"
+#include "lib/tsocket/tsocket.h"
+
+/*****************************************************************************
+ * Windows 2003 (w2k3) does the following steps when changing the server role
+ * from domain member to domain controller
+ *
+ * We mostly do the same.
+ *****************************************************************************/
+
+/*
+ * lookup DC:
+ * - using nbt name<1C> request and a samlogon mailslot request
+ * or
+ * - using a DNS SRV _ldap._tcp.dc._msdcs. request and a CLDAP netlogon request
+ *
+ * see: becomeDC_recv_cldap() and becomeDC_send_cldap()
+ */
+
+/*
+ * Open 1st LDAP connection to the DC using admin credentials
+ *
+ * see: becomeDC_connect_ldap1() and becomeDC_ldap_connect()
+ */
+
+/*
+ * LDAP search 1st LDAP connection:
+ *
+ * see: becomeDC_ldap1_rootdse()
+ *
+ * Request:
+ *	basedn:	""
+ *	scope:	base
+ *	filter:	(objectClass=*)
+ *	attrs:	*
+ * Result:
+ *      ""
+ *		currentTime:		20061202155100.0Z
+ *		subschemaSubentry:	CN=Aggregate,CN=Schema,CN=Configuration,<domain_partition>
+ *		dsServiceName:		CN=<netbios_name>,CN=Servers,CN=<site_name>,CN=Sites,CN=Configuration,<domain_partition>
+ *		namingContexts:		<domain_partition>
+ *					CN=Configuration,<domain_partition>
+ *					CN=Schema,CN=Configuration,<domain_partition>
+ *		defaultNamingContext:	<domain_partition>
+ *		schemaNamingContext:	CN=Schema,CN=Configuration,<domain_partition>
+ *		configurationNamingContext:CN=Configuration,<domain_partition>
+ *		rootDomainNamingContext:<domain_partition>
+ *		supportedControl:	...
+ *		supportedLDAPVersion:	3
+ *					2
+ *		supportedLDAPPolicies:	...
+ *		highestCommittedUSN:	...
+ *		supportedSASLMechanisms:GSSAPI
+ *					GSS-SPNEGO
+ *					EXTERNAL
+ *					DIGEST-MD5
+ *		dnsHostName:		<dns_host_name>
+ *		ldapServiceName:	<domain_dns_name>:<netbios_name>$@<REALM>
+ *		serverName:		CN=Servers,CN=<site_name>,CN=Sites,CN=Configuration,<domain_partition>
+ *		supportedCapabilities:	...
+ *		isSyncronized:		TRUE
+ *		isGlobalCatalogReady:	TRUE
+ *		domainFunctionality:	0
+ *		forestFunctionality:	0
+ *		domainControllerFunctionality: 2
+ */
+
+/*
+ * LDAP search 1st LDAP connection:
+ *
+ * see: becomeDC_ldap1_crossref_behavior_version()
+ *
+ * Request:
+ *	basedn:	CN=Configuration,<domain_partition>
+ *	scope:	one
+ *	filter:	(cn=Partitions)
+ *	attrs:	msDS-Behavior-Version
+ * Result:
+ *      CN=Partitions,CN=Configuration,<domain_partition>
+ *		msDS-Behavior-Version:	0
+ */
+
+/*
+ * LDAP search 1st LDAP connection:
+ *
+ * NOTE: this seems to be a bug! as the messageID of the LDAP message is corrupted!
+ *
+ * not implemented here
+ * 
+ * Request:
+ *	basedn:	CN=Schema,CN=Configuration,<domain_partition>
+ *	scope:	one
+ *	filter:	(cn=Partitions)
+ *	attrs:	msDS-Behavior-Version
+ * Result:
+ *	<none>
+ *
+ */
+
+/*
+ * LDAP search 1st LDAP connection:
+ *
+ * see: becomeDC_ldap1_domain_behavior_version()
+ * 
+ * Request:
+ *	basedn:	<domain_partition>
+ *	scope:	base
+ *	filter:	(objectClass=*)
+ *	attrs:	msDS-Behavior-Version
+ * Result:
+ *	<domain_partition>
+ *		msDS-Behavior-Version:	0
+ */
+
+/*
+ * LDAP search 1st LDAP connection:
+ * 
+ * see: becomeDC_ldap1_schema_object_version()
+ *
+ * Request:
+ *	basedn:	CN=Schema,CN=Configuration,<domain_partition>
+ *	scope:	base
+ *	filter:	(objectClass=*)
+ *	attrs:	objectVersion
+ * Result:
+ *	CN=Schema,CN=Configuration,<domain_partition>
+ *		objectVersion:	30
+ */
+
+/*
+ * LDAP search 1st LDAP connection:
+ * 
+ * not implemented, because the information is already there
+ *
+ * Request:
+ *	basedn:	""
+ *	scope:	base
+ *	filter:	(objectClass=*)
+ *	attrs:	defaultNamingContext
+ *		dnsHostName
+ * Result:
+ *	""
+ *		defaultNamingContext:	<domain_partition>
+ *		dnsHostName:		<dns_host_name>
+ */
+
+/*
+ * LDAP search 1st LDAP connection:
+ *
+ * see: becomeDC_ldap1_infrastructure_fsmo()
+ * 
+ * Request:
+ *	basedn:	<WKGUID=2fbac1870ade11d297c400c04fd8d5cd,domain_partition>
+ *	scope:	base
+ *	filter:	(objectClass=*)
+ *	attrs:	1.1
+ * Result:
+ *	CN=Infrastructure,<domain_partition>
+ */
+
+/*
+ * LDAP search 1st LDAP connection:
+ *
+ * see: becomeDC_ldap1_w2k3_update_revision()
+ *
+ * Request:
+ *	basedn:	CN=Windows2003Update,CN=DomainUpdates,CN=System,<domain_partition>
+ *	scope:	base
+ *	filter:	(objectClass=*)
+ *	attrs:	revision
+ * Result:
+ *      CN=Windows2003Update,CN=DomainUpdates,CN=System,<domain_partition>
+ *		revision:	8
+ */
+
+/*
+ * LDAP search 1st LDAP connection:
+ *
+ * see: becomeDC_ldap1_infrastructure_fsmo()
+ *
+ * Request:
+ *	basedn:	CN=Infrastructure,<domain_partition>
+ *	scope:	base
+ *	filter:	(objectClass=*)
+ *	attrs:	fSMORoleOwner
+ * Result:
+ *      CN=Infrastructure,<domain_partition>
+ *		fSMORoleOwner:	CN=NTDS Settings,<infrastructure_fsmo_server_object>
+ */
+
+/*
+ * LDAP search 1st LDAP connection:
+ *
+ * see: becomeDC_ldap1_infrastructure_fsmo()
+ *
+ * Request:
+ *	basedn:	<infrastructure_fsmo_server_object>
+ *	scope:	base
+ *	filter:	(objectClass=*)
+ *	attrs:	dnsHostName
+ * Result:
+ *      <infrastructure_fsmo_server_object>
+ *		dnsHostName:	<dns_host_name>
+ */
+
+/*
+ * LDAP search 1st LDAP connection:
+ *
+ * see: becomeDC_ldap1_infrastructure_fsmo()
+ *
+ * Request:
+ *	basedn:	CN=NTDS Settings,<infrastructure_fsmo_server_object>
+ *	scope:	base
+ *	filter:	(objectClass=*)
+ *	attrs:	objectGUID
+ * Result:
+ *      CN=NTDS Settings,<infrastructure_fsmo_server_object>
+ *		objectGUID:	<object_guid>
+ */
+
+/*
+ * LDAP search 1st LDAP connection:
+ * 
+ * see: becomeDC_ldap1_rid_manager_fsmo()
+ *
+ * Request:
+ *	basedn:	<domain_partition>
+ *	scope:	base
+ *	filter:	(objectClass=*)
+ *	attrs:	rIDManagerReference
+ * Result:
+ *	<domain_partition>
+ *		rIDManagerReference:	CN=RID Manager$,CN=System,<domain_partition>
+ */
+
+/*
+ * LDAP search 1st LDAP connection:
+ * 
+ * see: becomeDC_ldap1_rid_manager_fsmo()
+ *
+ * Request:
+ *	basedn:	CN=RID Manager$,CN=System,<domain_partition>
+ *	scope:	base
+ *	filter:	(objectClass=*)
+ *	attrs:	fSMORoleOwner
+ * Result:
+ *      CN=Infrastructure,<domain_partition>
+ *		fSMORoleOwner:	CN=NTDS Settings,<rid_manager_fsmo_server_object>
+ */
+
+/*
+ * LDAP search 1st LDAP connection:
+ *
+ * see: becomeDC_ldap1_rid_manager_fsmo()
+ *
+ * Request:
+ *	basedn:	<rid_manager_fsmo_server_object>
+ *	scope:	base
+ *	filter:	(objectClass=*)
+ *	attrs:	dnsHostName
+ * Result:
+ *      <rid_manager_fsmo_server_object>
+ *		dnsHostName:	<dns_host_name>
+ */
+
+/*
+ * LDAP search 1st LDAP connection:
+ *
+ * see: becomeDC_ldap1_rid_manager_fsmo()
+ *
+ * Request:
+ *	basedn:	CN=NTDS Settings,<rid_manager_fsmo_server_object>
+ *	scope:	base
+ *	filter:	(objectClass=*)
+ *	attrs:	msDs-ReplicationEpoch
+ * Result:
+ *      CN=NTDS Settings,<rid_manager_fsmo_server_object>
+ */
+
+/*
+ * LDAP search 1st LDAP connection:
+ *
+ * see: becomeDC_ldap1_site_object()
+ *
+ * Request:
+ *	basedn:	CN=<new_dc_site_name>,CN=Sites,CN=Configuration,<domain_partition>
+ *	scope:	base
+ *	filter:	(objectClass=*)
+ *	attrs:
+ * Result:
+ *      CN=<new_dc_site_name>,CN=Sites,CN=Configuration,<domain_partition>
+ *		objectClass:	top
+ *				site
+ *		cn:		<new_dc_site_name>
+ *		distinguishedName:CN=<new_dc_site_name>,CN=Sites,CN=Configuration,<domain_partition>
+ *		instanceType:	4
+ *		whenCreated:	...
+ *		whenChanged:	...
+ *		uSNCreated:	...
+ *		uSNChanged:	...
+ *		showInAdvancedViewOnly:	TRUE
+ *		name:		<new_dc_site_name>
+ *		objectGUID:	<object_guid>
+ *		systemFlags:	1107296256 <0x42000000>
+ *		objectCategory:	CN=Site,CN=Schema,CN=Configuration,<domain_partition>
+ */
+
+/***************************************************************
+ * Add this stage we call the check_options() callback function
+ * of the caller, to see if he wants us to continue
+ *
+ * see: becomeDC_check_options()
+ ***************************************************************/
+
+/*
+ * LDAP search 1st LDAP connection:
+ *
+ * see: becomeDC_ldap1_computer_object()
+ *
+ * Request:
+ *	basedn:	<domain_partition>
+ *	scope:	sub
+ *	filter:	(&(|(objectClass=user)(objectClass=computer))(sAMAccountName=<new_dc_account_name>))
+ *	attrs:	distinguishedName
+ *		userAccountControl
+ * Result:
+ *      CN=<new_dc_netbios_name>,CN=Computers,<domain_partition>
+ *		distinguishedName:	CN=<new_dc_netbios_name>,CN=Computers,<domain_partition>
+ *		userAccoountControl:	4096 <0x1000>
+ */
+
+/*
+ * LDAP search 1st LDAP connection:
+ *
+ * see: becomeDC_ldap1_server_object_1()
+ *
+ * Request:
+ *	basedn:	CN=<new_dc_netbios_name>,CN=Servers,CN=<new_dc_site_name>,CN=Sites,CN=Configuration,<domain_partition>
+ *	scope:	base
+ *	filter:	(objectClass=*)
+ *	attrs:
+ * Result:
+ *      <noSuchObject>
+ *	<matchedDN:CN=Servers,CN=<new_dc_site_name>,CN=Sites,CN=Configuration,<domain_partition>>
+ */
+
+/*
+ * LDAP search 1st LDAP connection:
+ *
+ * see: becomeDC_ldap1_server_object_2()
+ * 
+ * Request:
+ *	basedn:	CN=<new_dc_netbios_name>,CN=Computers,<domain_partition>
+ *	scope:	base
+ *	filter:	(objectClass=*)
+ *	attrs:	serverReferenceBL
+ *	typesOnly: TRUE!!!
+ * Result:
+ *      CN=<new_dc_netbios_name>,CN=Computers,<domain_partition>
+ */
+
+/*
+ * LDAP add 1st LDAP connection:
+ * 
+ * see: becomeDC_ldap1_server_object_add()
+ *
+ * Request:
+ *	CN=<new_dc_netbios_name>,CN=Computers,<domain_partition>
+ *	objectClass:	server
+ *	systemFlags:	50000000 <0x2FAF080>
+ *	serverReference:CN=<new_dc_netbios_name>,CN=Computers,<domain_partition>
+ * Result:
+ *      <success>
+ */
+
+/*
+ * LDAP search 1st LDAP connection:
+ *
+ * not implemented, maybe we can add that later
+ *
+ * Request:
+ *	basedn:	CN=NTDS Settings,CN=<new_dc_netbios_name>,CN=Servers,CN=<new_dc_site_name>,CN=Sites,CN=Configuration,<domain_partition>
+ *	scope:	base
+ *	filter:	(objectClass=*)
+ *	attrs:
+ * Result:
+ *      <noSuchObject>
+ *	<matchedDN:CN=<new_dc_netbios_name>,CN=Servers,CN=<new_dc_site_name>,CN=Sites,CN=Configuration,<domain_partition>>
+ */
+
+/*
+ * LDAP search 1st LDAP connection:
+ *
+ * not implemented because it gives no new information
+ * 
+ * Request:
+ *	basedn:	CN=Partitions,CN=Configuration,<domain_partition>
+ *	scope:	sub
+ *	filter:	(nCName=<domain_partition>)
+ *	attrs:	nCName
+ *		dnsRoot
+ *	controls: LDAP_SERVER_EXTENDED_DN_OID:critical=false
+ * Result:
+ *      <GUID=<hex_guid>>;CN=<domain_netbios_name>,CN=Partitions,<domain_partition>>
+ *		nCName:		<GUID=<hex_guid>>;<SID=<hex_sid>>;<domain_partition>>
+ *		dnsRoot:	<domain_dns_name>
+ */
+
+/*
+ * LDAP modify 1st LDAP connection:
+ *
+ * see: becomeDC_ldap1_server_object_modify()
+ * 
+ * Request (add):
+ *	CN=<new_dc_netbios_name>,CN=Servers,CN=<new_dc_site_name>,CN=Sites,CN=Configuration,<domain_partition>>
+ *	serverReference:CN=<new_dc_netbios_name>,CN=Computers,<domain_partition>
+ * Result:
+ *	<attributeOrValueExist>
+ */
+
+/*
+ * LDAP modify 1st LDAP connection:
+ *
+ * see: becomeDC_ldap1_server_object_modify()
+ *
+ * Request (replace):
+ *	CN=<new_dc_netbios_name>,CN=Servers,CN=<new_dc_site_name>,CN=Sites,CN=Configuration,<domain_partition>>
+ *	serverReference:CN=<new_dc_netbios_name>,CN=Computers,<domain_partition>
+ * Result:
+ *	<success>
+ */
+
+/*
+ * Open 1st DRSUAPI connection to the DC using admin credentials
+ * DsBind with DRSUAPI_DS_BIND_GUID_W2K3 ("6afab99c-6e26-464a-975f-f58f105218bc")
+ * (w2k3 does 2 DsBind() calls here..., where is first is unused and contains garbage at the end)
+ *
+ * see: becomeDC_drsuapi_connect_send(), becomeDC_drsuapi1_connect_recv(),
+ *      becomeDC_drsuapi_bind_send(), becomeDC_drsuapi_bind_recv() and becomeDC_drsuapi1_bind_recv()
+ */
+
+/*
+ * DsAddEntry to create the CN=NTDS Settings,CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name, ...
+ * on the 1st DRSUAPI connection
+ *
+ * see: becomeDC_drsuapi1_add_entry_send() and becomeDC_drsuapi1_add_entry_recv()
+ */
+
+/***************************************************************
+ * Add this stage we call the prepare_db() callback function
+ * of the caller, to see if he wants us to continue
+ *
+ * see: becomeDC_prepare_db()
+ ***************************************************************/
+
+/*
+ * Open 2nd and 3rd DRSUAPI connection to the DC using admin credentials
+ * - a DsBind with DRSUAPI_DS_BIND_GUID_W2K3 ("6afab99c-6e26-464a-975f-f58f105218bc")
+ *   on the 2nd connection
+ *
+ * see: becomeDC_drsuapi_connect_send(), becomeDC_drsuapi2_connect_recv(),
+ *      becomeDC_drsuapi_bind_send(), becomeDC_drsuapi_bind_recv(), becomeDC_drsuapi2_bind_recv()
+ *	and becomeDC_drsuapi3_connect_recv()
+ */
+
+/*
+ * replicate CN=Schema,CN=Configuration,...
+ * on the 3rd DRSUAPI connection and the bind_handle from the 2nd connection
+ *
+ * see: becomeDC_drsuapi_pull_partition_send(), becomeDC_drsuapi_pull_partition_recv(),
+ *	becomeDC_drsuapi3_pull_schema_send() and becomeDC_drsuapi3_pull_schema_recv()
+ *
+ ***************************************************************
+ * Add this stage we call the schema_chunk() callback function
+ * for each replication message
+ ***************************************************************/
+
+/*
+ * replicate CN=Configuration,...
+ * on the 3rd DRSUAPI connection and the bind_handle from the 2nd connection
+ *
+ * see: becomeDC_drsuapi_pull_partition_send(), becomeDC_drsuapi_pull_partition_recv(),
+ *	becomeDC_drsuapi3_pull_config_send() and becomeDC_drsuapi3_pull_config_recv()
+ *
+ ***************************************************************
+ * Add this stage we call the config_chunk() callback function
+ * for each replication message
+ ***************************************************************/
+
+/*
+ * LDAP unbind on the 1st LDAP connection
+ *
+ * not implemented, because it's not needed...
+ */
+
+/*
+ * Open 2nd LDAP connection to the DC using admin credentials
+ *
+ * see: becomeDC_connect_ldap2() and becomeDC_ldap_connect()
+ */
+
+/*
+ * LDAP search 2nd LDAP connection:
+ * 
+ * not implemented because it gives no new information
+ * same as becomeDC_ldap1_computer_object()
+ *
+ * Request:
+ *	basedn:	<domain_partition>
+ *	scope:	sub
+ *	filter:	(&(|(objectClass=user)(objectClass=computer))(sAMAccountName=<new_dc_account_name>))
+ *	attrs:	distinguishedName
+ *		userAccountControl
+ * Result:
+ *      CN=<new_dc_netbios_name>,CN=Computers,<domain_partition>
+ *		distinguishedName:	CN=<new_dc_netbios_name>,CN=Computers,<domain_partition>
+ *		userAccoountControl:	4096 <0x00001000>
+ */
+
+/*
+ * LDAP search 2nd LDAP connection:
+ * 
+ * not implemented because it gives no new information
+ * same as becomeDC_ldap1_computer_object()
+ *
+ * Request:
+ *	basedn:	CN=<new_dc_netbios_name>,CN=Computers,<domain_partition>
+ *	scope:	base
+ *	filter:	(objectClass=*)
+ *	attrs:	userAccountControl
+ * Result:
+ *      CN=<new_dc_netbios_name>,CN=Computers,<domain_partition>
+ *		userAccoountControl:	4096 <0x00001000>
+ */
+
+/*
+ * LDAP modify 2nd LDAP connection:
+ *
+ * see: becomeDC_ldap2_modify_computer()
+ *
+ * Request (replace):
+ *	CN=<new_dc_netbios_name>,CN=Computers,<domain_partition>
+ *	userAccoountControl:	532480 <0x82000>
+ * Result:
+ *	<success>
+ */
+
+/*
+ * LDAP search 2nd LDAP connection:
+ *
+ * see: becomeDC_ldap2_move_computer()
+ * 
+ * Request:
+ *	basedn:	<WKGUID=2fbac1870ade11d297c400c04fd8d5cd,<domain_partition>>
+ *	scope:	base
+ *	filter:	(objectClass=*)
+ *	attrs:	1.1
+ * Result:
+ *	CN=Domain Controllers,<domain_partition>
+ */
+
+/*
+ * LDAP search 2nd LDAP connection:
+ *
+ * not implemented because it gives no new information
+ * 
+ * Request:
+ *	basedn:	CN=Domain Controllers,<domain_partition>
+ *	scope:	base
+ *	filter:	(objectClass=*)
+ *	attrs:	distinguishedName
+ * Result:
+ *	CN=Domain Controller,<domain_partition>
+ *		distinguishedName:	CN=Domain Controllers,<domain_partition>
+ */
+
+/*
+ * LDAP modifyRDN 2nd LDAP connection:
+ *
+ * see: becomeDC_ldap2_move_computer()
+ * 
+ * Request:
+ *      entry:		CN=<new_dc_netbios_name>,CN=Computers,<domain_partition>
+ *	newrdn:		CN=<new_dc_netbios_name>
+ *	deleteoldrdn:	TRUE
+ *	newparent:	CN=Domain Controllers,<domain_partition>
+ * Result:
+ *	<success>
+ */
+
+/*
+ * LDAP unbind on the 2nd LDAP connection
+ *
+ * not implemented, because it's not needed...
+ */
+
+/*
+ * replicate Domain Partition
+ * on the 3rd DRSUAPI connection and the bind_handle from the 2nd connection
+ *
+ * see: becomeDC_drsuapi_pull_partition_send(), becomeDC_drsuapi_pull_partition_recv(),
+ *	becomeDC_drsuapi3_pull_domain_send() and becomeDC_drsuapi3_pull_domain_recv()
+ *
+ ***************************************************************
+ * Add this stage we call the domain_chunk() callback function
+ * for each replication message
+ ***************************************************************/
+
+/* call DsReplicaUpdateRefs() for all partitions like this:
+ *     req1: struct drsuapi_DsReplicaUpdateRefsRequest1
+ *
+ *                 naming_context: struct drsuapi_DsReplicaObjectIdentifier
+ *                     __ndr_size               : 0x000000ae (174)
+ *                     __ndr_size_sid           : 0x00000000 (0)
+ *                     guid                     : 00000000-0000-0000-0000-000000000000
+ *                     sid                      : S-0-0
+ *                     dn                       : 'CN=Schema,CN=Configuration,DC=w2k3,DC=vmnet1,DC=vm,DC=base'
+ *
+ *                 dest_dsa_dns_name        : '4a0df188-a0b8-47ea-bbe5-e614723f16dd._msdcs.w2k3.vmnet1.vm.base'
+ *           dest_dsa_guid            : 4a0df188-a0b8-47ea-bbe5-e614723f16dd
+ *           options                  : 0x0000001c (28)
+ *                 0: DRSUAPI_DS_REPLICA_UPDATE_ASYNCHRONOUS_OPERATION
+ *                 0: DRSUAPI_DS_REPLICA_UPDATE_WRITEABLE
+ *                 1: DRSUAPI_DS_REPLICA_UPDATE_ADD_REFERENCE
+ *                 1: DRSUAPI_DS_REPLICA_UPDATE_DELETE_REFERENCE
+ *                 1: DRSUAPI_DS_REPLICA_UPDATE_0x00000010
+ *
+ * 4a0df188-a0b8-47ea-bbe5-e614723f16dd is the objectGUID the DsAddEntry() returned for the
+ * CN=NTDS Settings,CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name, ...
+ * on the 2nd!!! DRSUAPI connection
+ *
+ * see:	becomeDC_drsuapi_update_refs_send(), becomeDC_drsuapi2_update_refs_schema_recv(),
+ *	becomeDC_drsuapi2_update_refs_config_recv() and becomeDC_drsuapi2_update_refs_domain_recv()
+ */
+
+/*
+ * Windows does opens the 4th and 5th DRSUAPI connection...
+ * and does a DsBind() with the objectGUID from DsAddEntry() as bind_guid
+ * on the 4th connection
+ *
+ * and then 2 full replications of the domain partition on the 5th connection
+ * with the bind_handle from the 4th connection
+ *
+ * not implemented because it gives no new information
+ */
+
+struct libnet_BecomeDC_state {
+	struct composite_context *creq;
+
+	struct libnet_context *libnet;
+
+	struct dom_sid zero_sid;
+
+	struct {
+		struct cldap_socket *sock;
+		struct cldap_netlogon io;
+		struct NETLOGON_SAM_LOGON_RESPONSE_EX netlogon;
+	} cldap;
+
+	struct becomeDC_ldap {
+		struct ldb_context *ldb;
+		const struct ldb_message *rootdse;
+	} ldap1, ldap2;
+
+	struct becomeDC_drsuapi {
+		struct libnet_BecomeDC_state *s;
+		struct dcerpc_binding *binding;
+		struct dcerpc_pipe *pipe;
+		struct dcerpc_binding_handle *drsuapi_handle;
+		DATA_BLOB gensec_skey;
+		struct drsuapi_DsBind bind_r;
+		struct GUID bind_guid;
+		struct drsuapi_DsBindInfoCtr bind_info_ctr;
+		struct drsuapi_DsBindInfo28 local_info28;
+		struct drsuapi_DsBindInfo28 remote_info28;
+		struct policy_handle bind_handle;
+	} drsuapi1, drsuapi2, drsuapi3;
+
+	void *ndr_struct_ptr;
+
+	struct libnet_BecomeDC_Domain domain;
+	struct libnet_BecomeDC_Forest forest;
+	struct libnet_BecomeDC_SourceDSA source_dsa;
+	struct libnet_BecomeDC_DestDSA dest_dsa;
+
+	struct libnet_BecomeDC_Partition schema_part, config_part, domain_part;
+
+	struct becomeDC_fsmo {
+		const char *dns_name;
+		const char *server_dn_str;
+		const char *ntds_dn_str;
+		struct GUID ntds_guid;
+	} infrastructure_fsmo;
+
+	struct becomeDC_fsmo rid_manager_fsmo;
+
+	struct libnet_BecomeDC_CheckOptions _co;
+	struct libnet_BecomeDC_PrepareDB _pp;
+	struct libnet_BecomeDC_StoreChunk _sc;
+	struct libnet_BecomeDC_Callbacks callbacks;
+
+	bool rodc_join;
+	bool critical_only;
+};
+
+static int32_t get_dc_function_level(struct loadparm_context *lp_ctx)
+{
+	/* per default we are (Windows) 2008 R2 compatible */
+	return lpcfg_parm_int(lp_ctx, NULL, "ads", "dc function level",
+			   DS_DOMAIN_FUNCTION_2008_R2);
+}
+
+static void becomeDC_recv_cldap(struct tevent_req *req);
+
+static void becomeDC_send_cldap(struct libnet_BecomeDC_state *s)
+{
+	struct composite_context *c = s->creq;
+	struct tevent_req *req;
+	struct tsocket_address *dest_address;
+	int ret;
+
+	s->cldap.io.in.dest_address	= NULL;
+	s->cldap.io.in.dest_port	= 0;
+	s->cldap.io.in.realm		= s->domain.dns_name;
+	s->cldap.io.in.host		= s->dest_dsa.netbios_name;
+	s->cldap.io.in.user		= NULL;
+	s->cldap.io.in.domain_guid	= NULL;
+	s->cldap.io.in.domain_sid	= NULL;
+	s->cldap.io.in.acct_control	= -1;
+	s->cldap.io.in.version		= NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
+	s->cldap.io.in.map_response	= true;
+
+	ret = tsocket_address_inet_from_strings(s, "ip",
+						s->source_dsa.address,
+						lpcfg_cldap_port(s->libnet->lp_ctx),
+						&dest_address);
+	if (ret != 0) {
+		c->status = map_nt_error_from_unix_common(errno);
+		if (!composite_is_ok(c)) return;
+	}
+
+	c->status = cldap_socket_init(s, NULL, dest_address, &s->cldap.sock);
+	if (!composite_is_ok(c)) return;
+
+	req = cldap_netlogon_send(s, s->libnet->event_ctx,
+				  s->cldap.sock, &s->cldap.io);
+	if (composite_nomem(req, c)) return;
+	tevent_req_set_callback(req, becomeDC_recv_cldap, s);
+}
+
+static void becomeDC_connect_ldap1(struct libnet_BecomeDC_state *s);
+
+static void becomeDC_recv_cldap(struct tevent_req *req)
+{
+	struct libnet_BecomeDC_state *s = tevent_req_callback_data(req,
+					  struct libnet_BecomeDC_state);
+	struct composite_context *c = s->creq;
+
+	c->status = cldap_netlogon_recv(req, s, &s->cldap.io);
+	talloc_free(req);
+	if (!composite_is_ok(c)) {
+		DEBUG(0,("Failed to send, receive or parse CLDAP reply from server %s for our host %s: %s\n", 
+			 s->cldap.io.in.dest_address, 
+			 s->cldap.io.in.host, 
+			 nt_errstr(c->status)));
+		return;
+	}
+	s->cldap.netlogon = s->cldap.io.out.netlogon.data.nt5_ex;
+
+	s->domain.dns_name		= s->cldap.netlogon.dns_domain;
+	s->domain.netbios_name		= s->cldap.netlogon.domain_name;
+	s->domain.guid			= s->cldap.netlogon.domain_uuid;
+
+	s->forest.dns_name		= s->cldap.netlogon.forest;
+
+	s->source_dsa.dns_name		= s->cldap.netlogon.pdc_dns_name;
+	s->source_dsa.netbios_name	= s->cldap.netlogon.pdc_name;
+	s->source_dsa.site_name		= s->cldap.netlogon.server_site;
+
+	s->dest_dsa.site_name		= s->cldap.netlogon.client_site;
+
+	DEBUG(0,("CLDAP response: forest=%s dns=%s netbios=%s server_site=%s  client_site=%s\n",
+		 s->forest.dns_name, s->domain.dns_name, s->domain.netbios_name,
+		 s->source_dsa.site_name, s->dest_dsa.site_name));
+	if (!s->dest_dsa.site_name || strcmp(s->dest_dsa.site_name, "") == 0) {
+		DEBUG(0,("Got empty client site - using server site name %s\n",
+			 s->source_dsa.site_name));
+		s->dest_dsa.site_name = s->source_dsa.site_name;
+	}
+
+	becomeDC_connect_ldap1(s);
+}
+
+static NTSTATUS becomeDC_ldap_connect(struct libnet_BecomeDC_state *s, 
+				      struct becomeDC_ldap *ldap)
+{
+	char *url;
+
+	url = talloc_asprintf(s, "ldap://%s/", s->source_dsa.dns_name);
+	NT_STATUS_HAVE_NO_MEMORY(url);
+
+	ldap->ldb = ldb_wrap_connect(s, s->libnet->event_ctx, s->libnet->lp_ctx, url,
+				     NULL,
+				     s->libnet->cred,
+				     0);
+	talloc_free(url);
+	if (ldap->ldb == NULL) {
+		return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
+	}
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS becomeDC_ldap1_rootdse(struct libnet_BecomeDC_state *s)
+{
+	int ret;
+	struct ldb_result *r;
+	struct ldb_dn *basedn;
+	static const char *attrs[] = {
+		"*",
+		NULL
+	};
+
+	basedn = ldb_dn_new(s, s->ldap1.ldb, NULL);
+	NT_STATUS_HAVE_NO_MEMORY(basedn);
+
+	ret = ldb_search(s->ldap1.ldb, s, &r, basedn, LDB_SCOPE_BASE, attrs,
+			 "(objectClass=*)");
+	talloc_free(basedn);
+	if (ret != LDB_SUCCESS) {
+		return NT_STATUS_LDAP(ret);
+	} else if (r->count != 1) {
+		talloc_free(r);
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	}
+
+	s->ldap1.rootdse = r->msgs[0];
+
+	s->domain.dn_str	= ldb_msg_find_attr_as_string(s->ldap1.rootdse, "defaultNamingContext", NULL);
+	if (!s->domain.dn_str) return NT_STATUS_INVALID_NETWORK_RESPONSE;
+
+	s->forest.root_dn_str	= ldb_msg_find_attr_as_string(s->ldap1.rootdse, "rootDomainNamingContext", NULL);
+	if (!s->forest.root_dn_str) return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	s->forest.config_dn_str	= ldb_msg_find_attr_as_string(s->ldap1.rootdse, "configurationNamingContext", NULL);
+	if (!s->forest.config_dn_str) return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	s->forest.schema_dn_str	= ldb_msg_find_attr_as_string(s->ldap1.rootdse, "schemaNamingContext", NULL);
+	if (!s->forest.schema_dn_str) return NT_STATUS_INVALID_NETWORK_RESPONSE;
+
+	s->source_dsa.server_dn_str	= ldb_msg_find_attr_as_string(s->ldap1.rootdse, "serverName", NULL);
+	if (!s->source_dsa.server_dn_str) return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	s->source_dsa.ntds_dn_str	= ldb_msg_find_attr_as_string(s->ldap1.rootdse, "dsServiceName", NULL);
+	if (!s->source_dsa.ntds_dn_str) return NT_STATUS_INVALID_NETWORK_RESPONSE;
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS becomeDC_ldap1_crossref_behavior_version(struct libnet_BecomeDC_state *s)
+{
+	int ret;
+	struct ldb_result *r;
+	struct ldb_dn *basedn;
+	static const char *attrs[] = {
+		"msDs-Behavior-Version",
+		NULL
+	};
+
+	basedn = ldb_dn_new(s, s->ldap1.ldb, s->forest.config_dn_str);
+	NT_STATUS_HAVE_NO_MEMORY(basedn);
+
+	ret = ldb_search(s->ldap1.ldb, s, &r, basedn, LDB_SCOPE_ONELEVEL, attrs,
+			 "(cn=Partitions)");
+	talloc_free(basedn);
+	if (ret != LDB_SUCCESS) {
+		return NT_STATUS_LDAP(ret);
+	} else if (r->count != 1) {
+		talloc_free(r);
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	}
+
+	s->forest.crossref_behavior_version = ldb_msg_find_attr_as_uint(r->msgs[0], "msDs-Behavior-Version", 0);
+	if (s->forest.crossref_behavior_version >
+			get_dc_function_level(s->libnet->lp_ctx)) {
+		talloc_free(r);
+		DEBUG(0,("The servers function level %u is above 'ads:dc function level' of %u\n", 
+			 s->forest.crossref_behavior_version, 
+			 get_dc_function_level(s->libnet->lp_ctx)));
+		return NT_STATUS_NOT_SUPPORTED;
+	}
+
+	talloc_free(r);
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS becomeDC_ldap1_domain_behavior_version(struct libnet_BecomeDC_state *s)
+{
+	int ret;
+	struct ldb_result *r;
+	struct ldb_dn *basedn;
+	static const char *attrs[] = {
+		"msDs-Behavior-Version",
+		NULL
+	};
+
+	basedn = ldb_dn_new(s, s->ldap1.ldb, s->domain.dn_str);
+	NT_STATUS_HAVE_NO_MEMORY(basedn);
+
+	ret = ldb_search(s->ldap1.ldb, s, &r, basedn, LDB_SCOPE_BASE, attrs,
+			 "(objectClass=*)");
+	talloc_free(basedn);
+	if (ret != LDB_SUCCESS) {
+		return NT_STATUS_LDAP(ret);
+	} else if (r->count != 1) {
+		talloc_free(r);
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	}
+
+	s->domain.behavior_version = ldb_msg_find_attr_as_uint(r->msgs[0], "msDs-Behavior-Version", 0);
+	if (s->domain.behavior_version >
+			get_dc_function_level(s->libnet->lp_ctx)) {
+		talloc_free(r);
+		DEBUG(0,("The servers function level %u is above 'ads:dc function level' of %u\n", 
+			 s->forest.crossref_behavior_version, 
+			 get_dc_function_level(s->libnet->lp_ctx)));
+		return NT_STATUS_NOT_SUPPORTED;
+	}
+
+	talloc_free(r);
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS becomeDC_ldap1_schema_object_version(struct libnet_BecomeDC_state *s)
+{
+	int ret;
+	struct ldb_result *r;
+	struct ldb_dn *basedn;
+	static const char *attrs[] = {
+		"objectVersion",
+		NULL
+	};
+
+	basedn = ldb_dn_new(s, s->ldap1.ldb, s->forest.schema_dn_str);
+	NT_STATUS_HAVE_NO_MEMORY(basedn);
+
+	ret = ldb_search(s->ldap1.ldb, s, &r, basedn, LDB_SCOPE_BASE, attrs,
+			 "(objectClass=*)");
+	talloc_free(basedn);
+	if (ret != LDB_SUCCESS) {
+		return NT_STATUS_LDAP(ret);
+	} else if (r->count != 1) {
+		talloc_free(r);
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	}
+
+	s->forest.schema_object_version = ldb_msg_find_attr_as_uint(r->msgs[0], "objectVersion", 0);
+
+	talloc_free(r);
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS becomeDC_ldap1_w2k3_update_revision(struct libnet_BecomeDC_state *s)
+{
+	int ret;
+	struct ldb_result *r;
+	struct ldb_dn *basedn;
+	static const char *attrs[] = {
+		"revision",
+		NULL
+	};
+
+	basedn = ldb_dn_new_fmt(s, s->ldap1.ldb, "CN=Windows2003Update,CN=DomainUpdates,CN=System,%s",
+				s->domain.dn_str);
+	NT_STATUS_HAVE_NO_MEMORY(basedn);
+
+	ret = ldb_search(s->ldap1.ldb, s, &r, basedn, LDB_SCOPE_BASE, attrs,
+			 "(objectClass=*)");
+	talloc_free(basedn);
+	if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+		/* w2k doesn't have this object */
+		s->domain.w2k3_update_revision = 0;
+		return NT_STATUS_OK;
+	} else if (ret != LDB_SUCCESS) {
+		return NT_STATUS_LDAP(ret);
+	} else if (r->count != 1) {
+		talloc_free(r);
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	}
+
+	s->domain.w2k3_update_revision = ldb_msg_find_attr_as_uint(r->msgs[0], "revision", 0);
+
+	talloc_free(r);
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS becomeDC_ldap1_infrastructure_fsmo(struct libnet_BecomeDC_state *s)
+{
+	int ret;
+	struct ldb_result *r;
+	struct ldb_dn *basedn;
+	struct ldb_dn *ntds_dn;
+	struct ldb_dn *server_dn;
+	static const char *dns_attrs[] = {
+		"dnsHostName",
+		NULL
+	};
+	static const char *guid_attrs[] = {
+		"objectGUID",
+		NULL
+	};
+
+	ret = dsdb_wellknown_dn(s->ldap1.ldb, s,
+				ldb_get_default_basedn(s->ldap1.ldb),
+				DS_GUID_INFRASTRUCTURE_CONTAINER,
+				&basedn);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,("Failed to get well known DN for DS_GUID_INFRASTRUCTURE_CONTAINER on %s: %s\n", 
+			 ldb_dn_get_linearized(ldb_get_default_basedn(s->ldap1.ldb)), 
+			 ldb_errstring(s->ldap1.ldb)));
+		return NT_STATUS_LDAP(ret);
+	}
+
+	ret = samdb_reference_dn(s->ldap1.ldb, s, basedn, "fSMORoleOwner", &ntds_dn);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,("Failed to get reference DN from fsmoRoleOwner on %s: %s\n", 
+			 ldb_dn_get_linearized(basedn), 
+			 ldb_errstring(s->ldap1.ldb)));
+		talloc_free(basedn);
+		return NT_STATUS_LDAP(ret);
+	}
+
+	s->infrastructure_fsmo.ntds_dn_str = ldb_dn_get_linearized(ntds_dn);
+	NT_STATUS_HAVE_NO_MEMORY(s->infrastructure_fsmo.ntds_dn_str);
+
+	server_dn = ldb_dn_get_parent(s, ntds_dn);
+	NT_STATUS_HAVE_NO_MEMORY(server_dn);
+
+	s->infrastructure_fsmo.server_dn_str = ldb_dn_alloc_linearized(s, server_dn);
+	NT_STATUS_HAVE_NO_MEMORY(s->infrastructure_fsmo.server_dn_str);
+
+	ret = ldb_search(s->ldap1.ldb, s, &r, server_dn, LDB_SCOPE_BASE,
+			 dns_attrs, "(objectClass=*)");
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,("Failed to get server DN %s: %s\n", 
+			 ldb_dn_get_linearized(server_dn), 
+			 ldb_errstring(s->ldap1.ldb)));
+		return NT_STATUS_LDAP(ret);
+	} else if (r->count != 1) {
+		talloc_free(r);
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	}
+
+	s->infrastructure_fsmo.dns_name	= ldb_msg_find_attr_as_string(r->msgs[0], "dnsHostName", NULL);
+	if (!s->infrastructure_fsmo.dns_name) return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	talloc_steal(s, s->infrastructure_fsmo.dns_name);
+
+	talloc_free(r);
+
+	ldb_dn_remove_extended_components(ntds_dn);
+	ret = ldb_search(s->ldap1.ldb, s, &r, ntds_dn, LDB_SCOPE_BASE,
+			 guid_attrs, "(objectClass=*)");
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,("Failed to get NTDS Settings DN %s: %s\n", 
+			 ldb_dn_get_linearized(ntds_dn), 
+			 ldb_errstring(s->ldap1.ldb)));
+		return NT_STATUS_LDAP(ret);
+	} else if (r->count != 1) {
+		talloc_free(r);
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	}
+
+	s->infrastructure_fsmo.ntds_guid = samdb_result_guid(r->msgs[0], "objectGUID");
+
+	talloc_free(r);
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS becomeDC_ldap1_rid_manager_fsmo(struct libnet_BecomeDC_state *s)
+{
+	int ret;
+	struct ldb_result *r;
+	struct ldb_dn *basedn;
+	const char *reference_dn_str;
+	struct ldb_dn *ntds_dn;
+	struct ldb_dn *server_dn;
+	static const char *rid_attrs[] = {
+		"rIDManagerReference",
+		NULL
+	};
+	static const char *fsmo_attrs[] = {
+		"fSMORoleOwner",
+		NULL
+	};
+	static const char *dns_attrs[] = {
+		"dnsHostName",
+		NULL
+	};
+	static const char *guid_attrs[] = {
+		"objectGUID",
+		NULL
+	};
+
+	basedn = ldb_dn_new(s, s->ldap1.ldb, s->domain.dn_str);
+	NT_STATUS_HAVE_NO_MEMORY(basedn);
+
+	ret = ldb_search(s->ldap1.ldb, s, &r, basedn, LDB_SCOPE_BASE,
+			 rid_attrs, "(objectClass=*)");
+	talloc_free(basedn);
+	if (ret != LDB_SUCCESS) {
+		return NT_STATUS_LDAP(ret);
+	} else if (r->count != 1) {
+		talloc_free(r);
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	}
+
+	reference_dn_str	= ldb_msg_find_attr_as_string(r->msgs[0], "rIDManagerReference", NULL);
+	if (!reference_dn_str) return NT_STATUS_INVALID_NETWORK_RESPONSE;
+
+	basedn = ldb_dn_new(s, s->ldap1.ldb, reference_dn_str);
+	NT_STATUS_HAVE_NO_MEMORY(basedn);
+
+	talloc_free(r);
+
+	ret = ldb_search(s->ldap1.ldb, s, &r, basedn, LDB_SCOPE_BASE,
+			 fsmo_attrs, "(objectClass=*)");
+	talloc_free(basedn);
+	if (ret != LDB_SUCCESS) {
+		return NT_STATUS_LDAP(ret);
+	} else if (r->count != 1) {
+		talloc_free(r);
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	}
+
+	s->rid_manager_fsmo.ntds_dn_str	= ldb_msg_find_attr_as_string(r->msgs[0], "fSMORoleOwner", NULL);
+	if (!s->rid_manager_fsmo.ntds_dn_str) return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	talloc_steal(s, s->rid_manager_fsmo.ntds_dn_str);
+
+	talloc_free(r);
+
+	ntds_dn = ldb_dn_new(s, s->ldap1.ldb, s->rid_manager_fsmo.ntds_dn_str);
+	NT_STATUS_HAVE_NO_MEMORY(ntds_dn);
+
+	server_dn = ldb_dn_get_parent(s, ntds_dn);
+	NT_STATUS_HAVE_NO_MEMORY(server_dn);
+
+	s->rid_manager_fsmo.server_dn_str = ldb_dn_alloc_linearized(s, server_dn);
+	NT_STATUS_HAVE_NO_MEMORY(s->rid_manager_fsmo.server_dn_str);
+
+	ret = ldb_search(s->ldap1.ldb, s, &r, server_dn, LDB_SCOPE_BASE,
+			 dns_attrs, "(objectClass=*)");
+	if (ret != LDB_SUCCESS) {
+		return NT_STATUS_LDAP(ret);
+	} else if (r->count != 1) {
+		talloc_free(r);
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	}
+
+	s->rid_manager_fsmo.dns_name	= ldb_msg_find_attr_as_string(r->msgs[0], "dnsHostName", NULL);
+	if (!s->rid_manager_fsmo.dns_name) return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	talloc_steal(s, s->rid_manager_fsmo.dns_name);
+
+	talloc_free(r);
+
+	ret = ldb_search(s->ldap1.ldb, s, &r, ntds_dn, LDB_SCOPE_BASE,
+			 guid_attrs, "(objectClass=*)");
+	if (ret != LDB_SUCCESS) {
+		return NT_STATUS_LDAP(ret);
+	} else if (r->count != 1) {
+		talloc_free(r);
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	}
+
+	s->rid_manager_fsmo.ntds_guid = samdb_result_guid(r->msgs[0], "objectGUID");
+
+	talloc_free(r);
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS becomeDC_ldap1_site_object(struct libnet_BecomeDC_state *s)
+{
+	int ret;
+	struct ldb_result *r;
+	struct ldb_dn *basedn;
+
+	basedn = ldb_dn_new_fmt(s, s->ldap1.ldb, "CN=%s,CN=Sites,%s",
+				s->dest_dsa.site_name,
+				s->forest.config_dn_str);
+	NT_STATUS_HAVE_NO_MEMORY(basedn);
+
+	ret = ldb_search(s->ldap1.ldb, s, &r, basedn, LDB_SCOPE_BASE,
+			 NULL, "(objectClass=*)");
+	talloc_free(basedn);
+	if (ret != LDB_SUCCESS) {
+		return NT_STATUS_LDAP(ret);
+	} else if (r->count != 1) {
+		talloc_free(r);
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	}
+
+	s->dest_dsa.site_guid = samdb_result_guid(r->msgs[0], "objectGUID");
+
+	talloc_free(r);
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS becomeDC_check_options(struct libnet_BecomeDC_state *s)
+{
+	if (!s->callbacks.check_options) return NT_STATUS_OK;
+
+	s->_co.domain		= &s->domain;
+	s->_co.forest		= &s->forest;
+	s->_co.source_dsa	= &s->source_dsa;
+
+	return s->callbacks.check_options(s->callbacks.private_data, &s->_co);
+}
+
+static NTSTATUS becomeDC_ldap1_computer_object(struct libnet_BecomeDC_state *s)
+{
+	int ret;
+	struct ldb_result *r;
+	struct ldb_dn *basedn;
+	static const char *attrs[] = {
+		"distinguishedName",
+		"userAccountControl",
+		NULL
+	};
+
+	basedn = ldb_dn_new(s, s->ldap1.ldb, s->domain.dn_str);
+	NT_STATUS_HAVE_NO_MEMORY(basedn);
+
+	ret = ldb_search(s->ldap1.ldb, s, &r, basedn, LDB_SCOPE_SUBTREE, attrs,
+			 "(&(|(objectClass=user)(objectClass=computer))(sAMAccountName=%s$))",
+			 s->dest_dsa.netbios_name);
+	talloc_free(basedn);
+	if (ret != LDB_SUCCESS) {
+		return NT_STATUS_LDAP(ret);
+	} else if (r->count != 1) {
+		talloc_free(r);
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	}
+
+	s->dest_dsa.computer_dn_str	= ldb_msg_find_attr_as_string(r->msgs[0], "distinguishedName", NULL);
+	if (!s->dest_dsa.computer_dn_str) return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	talloc_steal(s, s->dest_dsa.computer_dn_str);
+
+	s->dest_dsa.user_account_control = ldb_msg_find_attr_as_uint(r->msgs[0], "userAccountControl", 0);
+
+	talloc_free(r);
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS becomeDC_ldap1_server_object_1(struct libnet_BecomeDC_state *s)
+{
+	int ret;
+	struct ldb_result *r;
+	struct ldb_dn *basedn;
+	const char *server_reference_dn_str;
+	struct ldb_dn *server_reference_dn;
+	struct ldb_dn *computer_dn;
+
+	basedn = ldb_dn_new_fmt(s, s->ldap1.ldb, "CN=%s,CN=Servers,CN=%s,CN=Sites,%s",
+				s->dest_dsa.netbios_name,
+				s->dest_dsa.site_name,
+				s->forest.config_dn_str);
+	NT_STATUS_HAVE_NO_MEMORY(basedn);
+
+	ret = ldb_search(s->ldap1.ldb, s, &r, basedn, LDB_SCOPE_BASE,
+			 NULL, "(objectClass=*)");
+	talloc_free(basedn);
+	if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+		/* if the object doesn't exist, we'll create it later */
+		return NT_STATUS_OK;
+	} else if (ret != LDB_SUCCESS) {
+		return NT_STATUS_LDAP(ret);
+	} else if (r->count != 1) {
+		talloc_free(r);
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	}
+
+	server_reference_dn_str = ldb_msg_find_attr_as_string(r->msgs[0], "serverReference", NULL);
+	if (server_reference_dn_str) {
+		server_reference_dn	= ldb_dn_new(r, s->ldap1.ldb, server_reference_dn_str);
+		NT_STATUS_HAVE_NO_MEMORY(server_reference_dn);
+
+		computer_dn		= ldb_dn_new(r, s->ldap1.ldb, s->dest_dsa.computer_dn_str);
+		NT_STATUS_HAVE_NO_MEMORY(computer_dn);
+
+		/*
+		 * if the server object belongs to another DC in another domain
+		 * in the forest, we should not touch this object!
+		 */
+		if (ldb_dn_compare(computer_dn, server_reference_dn) != 0) {
+			talloc_free(r);
+			return NT_STATUS_OBJECT_NAME_COLLISION;
+		}
+	}
+
+	/* if the server object is already for the dest_dsa, then we don't need to create it */
+	s->dest_dsa.server_dn_str	= ldb_msg_find_attr_as_string(r->msgs[0], "distinguishedName", NULL);
+	if (!s->dest_dsa.server_dn_str) return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	talloc_steal(s, s->dest_dsa.server_dn_str);
+
+	talloc_free(r);
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS becomeDC_ldap1_server_object_2(struct libnet_BecomeDC_state *s)
+{
+	int ret;
+	struct ldb_result *r;
+	struct ldb_dn *basedn;
+	const char *server_reference_bl_dn_str;
+	static const char *attrs[] = {
+		"serverReferenceBL",
+		NULL
+	};
+
+	/* if the server_dn_str has a valid value, we skip this lookup */
+	if (s->dest_dsa.server_dn_str) return NT_STATUS_OK;
+
+	basedn = ldb_dn_new(s, s->ldap1.ldb, s->dest_dsa.computer_dn_str);
+	NT_STATUS_HAVE_NO_MEMORY(basedn);
+
+	ret = ldb_search(s->ldap1.ldb, s, &r, basedn, LDB_SCOPE_BASE,
+			 attrs, "(objectClass=*)");
+	talloc_free(basedn);
+	if (ret != LDB_SUCCESS) {
+		return NT_STATUS_LDAP(ret);
+	} else if (r->count != 1) {
+		talloc_free(r);
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	}
+
+	server_reference_bl_dn_str = ldb_msg_find_attr_as_string(r->msgs[0], "serverReferenceBL", NULL);
+	if (!server_reference_bl_dn_str) {
+		/* if no back link is present, we're done for this function */
+		talloc_free(r);
+		return NT_STATUS_OK;
+	}
+
+	/* if the server object is already for the dest_dsa, then we don't need to create it */
+	s->dest_dsa.server_dn_str	= ldb_msg_find_attr_as_string(r->msgs[0], "serverReferenceBL", NULL);
+	if (s->dest_dsa.server_dn_str) {
+		/* if a back link is present, we know that the server object is present */
+		talloc_steal(s, s->dest_dsa.server_dn_str);
+	}
+
+	talloc_free(r);
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS becomeDC_ldap1_server_object_add(struct libnet_BecomeDC_state *s)
+{
+	int ret;
+	struct ldb_message *msg;
+	char *server_dn_str;
+
+	/* if the server_dn_str has a valid value, we skip this lookup */
+	if (s->dest_dsa.server_dn_str) return NT_STATUS_OK;
+
+	msg = ldb_msg_new(s);
+	NT_STATUS_HAVE_NO_MEMORY(msg);
+
+	msg->dn = ldb_dn_new_fmt(msg, s->ldap1.ldb, "CN=%s,CN=Servers,CN=%s,CN=Sites,%s",
+				 s->dest_dsa.netbios_name,
+				 s->dest_dsa.site_name,
+				 s->forest.config_dn_str);
+	NT_STATUS_HAVE_NO_MEMORY(msg->dn);
+
+	ret = ldb_msg_add_string(msg, "objectClass", "server");
+	if (ret != 0) {
+		talloc_free(msg);
+		return NT_STATUS_NO_MEMORY;
+	}
+	ret = ldb_msg_add_string(msg, "systemFlags", "50000000");
+	if (ret != 0) {
+		talloc_free(msg);
+		return NT_STATUS_NO_MEMORY;
+	}
+	ret = ldb_msg_add_string(msg, "serverReference", s->dest_dsa.computer_dn_str);
+	if (ret != 0) {
+		talloc_free(msg);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	server_dn_str = ldb_dn_alloc_linearized(s, msg->dn);
+	NT_STATUS_HAVE_NO_MEMORY(server_dn_str);
+
+	ret = ldb_add(s->ldap1.ldb, msg);
+	talloc_free(msg);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(server_dn_str);
+		return NT_STATUS_LDAP(ret);
+	}
+
+	s->dest_dsa.server_dn_str = server_dn_str;
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS becomeDC_ldap1_server_object_modify(struct libnet_BecomeDC_state *s)
+{
+	int ret;
+	struct ldb_message *msg;
+	unsigned int i;
+
+	/* make a 'modify' msg, and only for serverReference */
+	msg = ldb_msg_new(s);
+	NT_STATUS_HAVE_NO_MEMORY(msg);
+	msg->dn = ldb_dn_new(msg, s->ldap1.ldb, s->dest_dsa.server_dn_str);
+	NT_STATUS_HAVE_NO_MEMORY(msg->dn);
+
+	ret = ldb_msg_add_string(msg, "serverReference", s->dest_dsa.computer_dn_str);
+	if (ret != 0) {
+		talloc_free(msg);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* mark all the message elements (should be just one)
+	   as LDB_FLAG_MOD_ADD */
+	for (i=0;i<msg->num_elements;i++) {
+		msg->elements[i].flags = LDB_FLAG_MOD_ADD;
+	}
+
+	ret = ldb_modify(s->ldap1.ldb, msg);
+	if (ret == LDB_SUCCESS) {
+		talloc_free(msg);
+		return NT_STATUS_OK;
+	} else if (ret == LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS) {
+		/* retry with LDB_FLAG_MOD_REPLACE */
+	} else {
+		talloc_free(msg);
+		return NT_STATUS_LDAP(ret);
+	}
+
+	/* mark all the message elements (should be just one)
+	   as LDB_FLAG_MOD_REPLACE */
+	for (i=0;i<msg->num_elements;i++) {
+		msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
+	}
+
+	ret = ldb_modify(s->ldap1.ldb, msg);
+	talloc_free(msg);
+	if (ret != LDB_SUCCESS) {
+		return NT_STATUS_LDAP(ret);
+	}
+
+	return NT_STATUS_OK;
+}
+
+static void becomeDC_drsuapi_connect_send(struct libnet_BecomeDC_state *s,
+					  struct becomeDC_drsuapi *drsuapi,
+					  void (*recv_fn)(struct composite_context *req));
+static void becomeDC_drsuapi1_connect_recv(struct composite_context *req);
+static void becomeDC_connect_ldap2(struct libnet_BecomeDC_state *s);
+
+static void becomeDC_connect_ldap1(struct libnet_BecomeDC_state *s)
+{
+	struct composite_context *c = s->creq;
+
+	c->status = becomeDC_ldap_connect(s, &s->ldap1);
+	if (!composite_is_ok(c)) return;
+
+	c->status = becomeDC_ldap1_rootdse(s);
+	if (!composite_is_ok(c)) return;
+
+	c->status = becomeDC_ldap1_crossref_behavior_version(s);
+	if (!composite_is_ok(c)) return;
+
+	c->status = becomeDC_ldap1_domain_behavior_version(s);
+	if (!composite_is_ok(c)) return;
+
+	c->status = becomeDC_ldap1_schema_object_version(s);
+	if (!composite_is_ok(c)) return;
+
+	c->status = becomeDC_ldap1_w2k3_update_revision(s);
+	if (!composite_is_ok(c)) return;
+
+	c->status = becomeDC_ldap1_infrastructure_fsmo(s);
+	if (!composite_is_ok(c)) return;
+
+	c->status = becomeDC_ldap1_rid_manager_fsmo(s);
+	if (!composite_is_ok(c)) return;
+
+	c->status = becomeDC_ldap1_site_object(s);
+	if (!composite_is_ok(c)) return;
+
+	c->status = becomeDC_check_options(s);
+	if (!composite_is_ok(c)) return;
+
+	c->status = becomeDC_ldap1_computer_object(s);
+	if (!composite_is_ok(c)) return;
+
+	c->status = becomeDC_ldap1_server_object_1(s);
+	if (!composite_is_ok(c)) return;
+
+	c->status = becomeDC_ldap1_server_object_2(s);
+	if (!composite_is_ok(c)) return;
+
+	c->status = becomeDC_ldap1_server_object_add(s);
+	if (!composite_is_ok(c)) return;
+
+	c->status = becomeDC_ldap1_server_object_modify(s);
+	if (!composite_is_ok(c)) return;
+
+	becomeDC_drsuapi_connect_send(s, &s->drsuapi1, becomeDC_drsuapi1_connect_recv);
+}
+
+static void becomeDC_drsuapi_connect_send(struct libnet_BecomeDC_state *s,
+					  struct becomeDC_drsuapi *drsuapi,
+					  void (*recv_fn)(struct composite_context *req))
+{
+	struct composite_context *c = s->creq;
+	struct composite_context *creq;
+	char *binding_str;
+
+	drsuapi->s = s;
+
+	if (!drsuapi->binding) {
+		const char *krb5_str = "";
+		const char *print_str = "";
+		/*
+		 * Note: Replication only works with Windows 2000 when 'krb5' is
+		 *       passed as auth_type here. If NTLMSSP is used, Windows
+		 *       2000 returns garbage in the DsGetNCChanges() response
+		 *       if encrypted password attributes would be in the
+		 *       response. That means the replication of the schema and
+		 *       configuration partition works fine, but it fails for
+		 *       the domain partition.
+		 */
+		if (lpcfg_parm_bool(s->libnet->lp_ctx, NULL, "become_dc",
+				 "force krb5", true))
+		{
+			krb5_str = "krb5,";
+		}
+		if (lpcfg_parm_bool(s->libnet->lp_ctx, NULL, "become_dc",
+				 "print", false))
+		{
+			print_str = "print,";
+		}
+		binding_str = talloc_asprintf(s, "ncacn_ip_tcp:%s[%s%sseal,target_hostname=%s]",
+					      s->source_dsa.address,
+					      krb5_str, print_str,
+					      s->source_dsa.dns_name);
+		if (composite_nomem(binding_str, c)) return;
+		c->status = dcerpc_parse_binding(s, binding_str, &drsuapi->binding);
+		talloc_free(binding_str);
+		if (!composite_is_ok(c)) return;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		c->status = dcerpc_binding_set_flags(drsuapi->binding,
+						     DCERPC_DEBUG_PRINT_BOTH,
+						     0);
+		if (!composite_is_ok(c)) return;
+	}
+
+	creq = dcerpc_pipe_connect_b_send(s, drsuapi->binding, &ndr_table_drsuapi,
+					  s->libnet->cred, s->libnet->event_ctx,
+					  s->libnet->lp_ctx);
+	composite_continue(c, creq, recv_fn, s);
+}
+
+static void becomeDC_drsuapi_bind_send(struct libnet_BecomeDC_state *s,
+				       struct becomeDC_drsuapi *drsuapi,
+				       void (*recv_fn)(struct tevent_req *subreq));
+static void becomeDC_drsuapi1_bind_recv(struct tevent_req *subreq);
+
+static void becomeDC_drsuapi1_connect_recv(struct composite_context *req)
+{
+	struct libnet_BecomeDC_state *s = talloc_get_type(req->async.private_data,
+					  struct libnet_BecomeDC_state);
+	struct composite_context *c = s->creq;
+
+	c->status = dcerpc_pipe_connect_b_recv(req, s, &s->drsuapi1.pipe);
+	if (!composite_is_ok(c)) return;
+
+	s->drsuapi1.drsuapi_handle = s->drsuapi1.pipe->binding_handle;
+
+	c->status = gensec_session_key(s->drsuapi1.pipe->conn->security_state.generic_state,
+				       s,
+				       &s->drsuapi1.gensec_skey);
+	if (!composite_is_ok(c)) return;
+
+	becomeDC_drsuapi_bind_send(s, &s->drsuapi1, becomeDC_drsuapi1_bind_recv);
+}
+
+static void becomeDC_drsuapi_bind_send(struct libnet_BecomeDC_state *s,
+				       struct becomeDC_drsuapi *drsuapi,
+				       void (*recv_fn)(struct tevent_req *subreq))
+{
+	struct composite_context *c = s->creq;
+	struct drsuapi_DsBindInfo28 *bind_info28;
+	struct tevent_req *subreq;
+
+	GUID_from_string(DRSUAPI_DS_BIND_GUID_W2K3, &drsuapi->bind_guid);
+
+	bind_info28				= &drsuapi->local_info28;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_BASE;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2;
+	if (s->domain.behavior_version >= DS_DOMAIN_FUNCTION_2003) {
+		/* TODO: find out how this is really triggered! */
+		bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION;
+	}
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT;
+#if 0 /* we don't support XPRESS compression yet */
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS;
+#endif
+	bind_info28->site_guid			= s->dest_dsa.site_guid;
+	bind_info28->pid			= 0;
+	bind_info28->repl_epoch			= 0;
+
+	drsuapi->bind_info_ctr.length		= 28;
+	drsuapi->bind_info_ctr.info.info28	= *bind_info28;
+
+	drsuapi->bind_r.in.bind_guid = &drsuapi->bind_guid;
+	drsuapi->bind_r.in.bind_info = &drsuapi->bind_info_ctr;
+	drsuapi->bind_r.out.bind_handle = &drsuapi->bind_handle;
+
+	subreq = dcerpc_drsuapi_DsBind_r_send(s, c->event_ctx,
+					      drsuapi->drsuapi_handle,
+					      &drsuapi->bind_r);
+	if (composite_nomem(subreq, c)) return;
+	tevent_req_set_callback(subreq, recv_fn, s);
+}
+
+static WERROR becomeDC_drsuapi_bind_recv(struct libnet_BecomeDC_state *s,
+					 struct becomeDC_drsuapi *drsuapi)
+{
+	if (!W_ERROR_IS_OK(drsuapi->bind_r.out.result)) {
+		return drsuapi->bind_r.out.result;
+	}
+
+	ZERO_STRUCT(drsuapi->remote_info28);
+	if (drsuapi->bind_r.out.bind_info) {
+		switch (drsuapi->bind_r.out.bind_info->length) {
+		case 24: {
+			struct drsuapi_DsBindInfo24 *info24;
+			info24 = &drsuapi->bind_r.out.bind_info->info.info24;
+			drsuapi->remote_info28.supported_extensions	= info24->supported_extensions;
+			drsuapi->remote_info28.site_guid		= info24->site_guid;
+			drsuapi->remote_info28.pid			= info24->pid;
+			drsuapi->remote_info28.repl_epoch		= 0;
+			break;
+		}
+		case 28: {
+			drsuapi->remote_info28 = drsuapi->bind_r.out.bind_info->info.info28;
+			break;
+		}
+		case 32: {
+			struct drsuapi_DsBindInfo32 *info32;
+			info32 = &drsuapi->bind_r.out.bind_info->info.info32;
+			drsuapi->remote_info28.supported_extensions	= info32->supported_extensions;
+			drsuapi->remote_info28.site_guid		= info32->site_guid;
+			drsuapi->remote_info28.pid			= info32->pid;
+			drsuapi->remote_info28.repl_epoch		= info32->repl_epoch;
+			break;
+		}
+		case 48: {
+			struct drsuapi_DsBindInfo48 *info48;
+			info48 = &drsuapi->bind_r.out.bind_info->info.info48;
+			drsuapi->remote_info28.supported_extensions	= info48->supported_extensions;
+			drsuapi->remote_info28.site_guid		= info48->site_guid;
+			drsuapi->remote_info28.pid			= info48->pid;
+			drsuapi->remote_info28.repl_epoch		= info48->repl_epoch;
+			break;
+		}
+		case 52: {
+			struct drsuapi_DsBindInfo52 *info52;
+			info52 = &drsuapi->bind_r.out.bind_info->info.info52;
+			drsuapi->remote_info28.supported_extensions	= info52->supported_extensions;
+			drsuapi->remote_info28.site_guid		= info52->site_guid;
+			drsuapi->remote_info28.pid			= info52->pid;
+			drsuapi->remote_info28.repl_epoch		= info52->repl_epoch;
+			break;
+		}
+		default:
+			DEBUG(1, ("Warning: invalid info length in bind info: %d\n",
+					drsuapi->bind_r.out.bind_info->length));
+			break;
+		}
+	}
+
+	return WERR_OK;
+}
+
+static void becomeDC_drsuapi1_add_entry_send(struct libnet_BecomeDC_state *s);
+
+static void becomeDC_drsuapi1_bind_recv(struct tevent_req *subreq)
+{
+	struct libnet_BecomeDC_state *s = tevent_req_callback_data(subreq,
+					  struct libnet_BecomeDC_state);
+	struct composite_context *c = s->creq;
+	WERROR status;
+
+	c->status = dcerpc_drsuapi_DsBind_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	status = becomeDC_drsuapi_bind_recv(s, &s->drsuapi1);
+	if (!W_ERROR_IS_OK(status)) {
+		composite_error(c, werror_to_ntstatus(status));
+		return;
+	}
+
+	becomeDC_drsuapi1_add_entry_send(s);
+}
+
+static void becomeDC_drsuapi1_add_entry_recv(struct tevent_req *subreq);
+
+static void becomeDC_drsuapi1_add_entry_send(struct libnet_BecomeDC_state *s)
+{
+	struct composite_context *c = s->creq;
+	struct drsuapi_DsAddEntry *r;
+	struct drsuapi_DsReplicaObjectIdentifier *identifier;
+	uint32_t num_attrs, i = 0;
+	struct drsuapi_DsReplicaAttribute *attrs;
+	enum ndr_err_code ndr_err;
+	bool w2k3;
+	struct tevent_req *subreq;
+
+	/* choose a random invocationId */
+	s->dest_dsa.invocation_id = GUID_random();
+
+	/*
+	 * if the schema version indicates w2k3, then also send some w2k3
+	 * specific attributes.
+	 */
+	if (s->forest.schema_object_version >= 30) {
+		w2k3 = true;
+	} else {
+		w2k3 = false;
+	}
+
+	r = talloc_zero(s, struct drsuapi_DsAddEntry);
+	if (composite_nomem(r, c)) return;
+
+	/* setup identifier */
+	identifier		= talloc(r, struct drsuapi_DsReplicaObjectIdentifier);
+	if (composite_nomem(identifier, c)) return;
+	identifier->guid	= GUID_zero();
+	identifier->sid		= s->zero_sid;
+	identifier->dn		= talloc_asprintf(identifier, "CN=NTDS Settings,%s",
+						  s->dest_dsa.server_dn_str);
+	if (composite_nomem(identifier->dn, c)) return;
+
+	/* allocate attribute array */
+	num_attrs	= 12;
+	attrs		= talloc_array(r, struct drsuapi_DsReplicaAttribute, num_attrs);
+	if (composite_nomem(attrs, c)) return;
+
+	/* ntSecurityDescriptor */
+	{
+		struct drsuapi_DsAttributeValue *vs;
+		DATA_BLOB *vd;
+		struct security_descriptor *v;
+		struct dom_sid *domain_admins_sid;
+		const char *domain_admins_sid_str;
+
+		vs = talloc_array(attrs, struct drsuapi_DsAttributeValue, 1);
+		if (composite_nomem(vs, c)) return;
+
+		vd = talloc_array(vs, DATA_BLOB, 1);
+		if (composite_nomem(vd, c)) return;
+
+		domain_admins_sid = dom_sid_add_rid(vs, s->domain.sid, DOMAIN_RID_ADMINS);
+		if (composite_nomem(domain_admins_sid, c)) return;
+
+		domain_admins_sid_str = dom_sid_string(domain_admins_sid, domain_admins_sid);
+		if (composite_nomem(domain_admins_sid_str, c)) return;
+
+		v = security_descriptor_dacl_create(vd,
+					       0,
+					       /* owner: domain admins */
+					       domain_admins_sid_str,
+					       /* owner group: domain admins */
+					       domain_admins_sid_str,
+					       /* authenticated users */
+					       SID_NT_AUTHENTICATED_USERS,
+					       SEC_ACE_TYPE_ACCESS_ALLOWED,
+					       SEC_STD_READ_CONTROL |
+					       SEC_ADS_LIST |
+					       SEC_ADS_READ_PROP |
+					       SEC_ADS_LIST_OBJECT,
+					       0,
+					       /* domain admins */
+					       domain_admins_sid_str,
+					       SEC_ACE_TYPE_ACCESS_ALLOWED,
+					       SEC_STD_REQUIRED |
+					       SEC_ADS_CREATE_CHILD |
+					       SEC_ADS_LIST |
+					       SEC_ADS_SELF_WRITE |
+					       SEC_ADS_READ_PROP |
+					       SEC_ADS_WRITE_PROP |
+					       SEC_ADS_DELETE_TREE |
+					       SEC_ADS_LIST_OBJECT |
+					       SEC_ADS_CONTROL_ACCESS,
+					       0,
+					       /* system */
+					       SID_NT_SYSTEM,
+					       SEC_ACE_TYPE_ACCESS_ALLOWED,
+					       SEC_STD_REQUIRED |
+					       SEC_ADS_CREATE_CHILD |
+					       SEC_ADS_DELETE_CHILD |
+					       SEC_ADS_LIST |
+					       SEC_ADS_SELF_WRITE |
+					       SEC_ADS_READ_PROP |
+					       SEC_ADS_WRITE_PROP |
+					       SEC_ADS_DELETE_TREE |
+					       SEC_ADS_LIST_OBJECT |
+					       SEC_ADS_CONTROL_ACCESS,
+					       0,
+					       /* end */
+					       NULL);
+		if (composite_nomem(v, c)) return;
+
+		ndr_err = ndr_push_struct_blob(&vd[0], vd, v,
+	    	(ndr_push_flags_fn_t)ndr_push_security_descriptor);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			c->status = ndr_map_error2ntstatus(ndr_err);
+			if (!composite_is_ok(c)) return;
+		}
+
+		vs[0].blob		= &vd[0];
+
+		attrs[i].attid			= DRSUAPI_ATTID_ntSecurityDescriptor;
+		attrs[i].value_ctr.num_values	= 1;
+		attrs[i].value_ctr.values	= vs;
+
+		i++;
+	}
+
+	/* objectClass: nTDSDSA */
+	{
+		struct drsuapi_DsAttributeValue *vs;
+		DATA_BLOB *vd;
+
+		vs = talloc_array(attrs, struct drsuapi_DsAttributeValue, 1);
+		if (composite_nomem(vs, c)) return;
+
+		vd = talloc_array(vs, DATA_BLOB, 1);
+		if (composite_nomem(vd, c)) return;
+
+		vd[0] = data_blob_talloc(vd, NULL, 4);
+		if (composite_nomem(vd[0].data, c)) return;
+
+		/* value for nTDSDSA */
+		SIVAL(vd[0].data, 0, 0x0017002F);
+
+		vs[0].blob		= &vd[0];
+
+		attrs[i].attid			= DRSUAPI_ATTID_objectClass;
+		attrs[i].value_ctr.num_values	= 1;
+		attrs[i].value_ctr.values	= vs;
+
+		i++;
+	}
+
+	/* objectCategory: CN=NTDS-DSA,CN=Schema,... or CN=NTDS-DSA-RO,CN=Schema,... */
+	{
+		struct drsuapi_DsAttributeValue *vs;
+		DATA_BLOB *vd;
+		struct drsuapi_DsReplicaObjectIdentifier3 v[1];
+
+		vs = talloc_array(attrs, struct drsuapi_DsAttributeValue, 1);
+		if (composite_nomem(vs, c)) return;
+
+		vd = talloc_array(vs, DATA_BLOB, 1);
+		if (composite_nomem(vd, c)) return;
+
+		v[0].guid		= GUID_zero();
+		v[0].sid		= s->zero_sid;
+
+		if (s->rodc_join) {
+		    v[0].dn		= talloc_asprintf(vd, "CN=NTDS-DSA-RO,%s",
+							  s->forest.schema_dn_str);
+		} else {
+		    v[0].dn		= talloc_asprintf(vd, "CN=NTDS-DSA,%s",
+							  s->forest.schema_dn_str);
+		}
+		if (composite_nomem(v[0].dn, c)) return;
+
+		ndr_err = ndr_push_struct_blob(&vd[0], vd, &v[0], 
+			(ndr_push_flags_fn_t)ndr_push_drsuapi_DsReplicaObjectIdentifier3);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			c->status = ndr_map_error2ntstatus(ndr_err);
+			if (!composite_is_ok(c)) return;
+		}
+
+		vs[0].blob		= &vd[0];
+
+		attrs[i].attid			= DRSUAPI_ATTID_objectCategory;
+		attrs[i].value_ctr.num_values	= 1;
+		attrs[i].value_ctr.values	= vs;
+
+		i++;
+	}
+
+	/* invocationId: random guid */
+	{
+		struct drsuapi_DsAttributeValue *vs;
+		DATA_BLOB *vd;
+		const struct GUID *v;
+
+		vs = talloc_array(attrs, struct drsuapi_DsAttributeValue, 1);
+		if (composite_nomem(vs, c)) return;
+
+		vd = talloc_array(vs, DATA_BLOB, 1);
+		if (composite_nomem(vd, c)) return;
+
+		v = &s->dest_dsa.invocation_id;
+
+		c->status = GUID_to_ndr_blob(v, vd, &vd[0]);
+		if (!composite_is_ok(c)) return;
+
+		vs[0].blob		= &vd[0];
+
+		attrs[i].attid			= DRSUAPI_ATTID_invocationId;
+		attrs[i].value_ctr.num_values	= 1;
+		attrs[i].value_ctr.values	= vs;
+
+		i++;
+	}
+
+	/* hasMasterNCs: ... */
+	{
+		struct drsuapi_DsAttributeValue *vs;
+		DATA_BLOB *vd;
+		struct drsuapi_DsReplicaObjectIdentifier3 v[3];
+
+		vs = talloc_array(attrs, struct drsuapi_DsAttributeValue, 3);
+		if (composite_nomem(vs, c)) return;
+
+		vd = talloc_array(vs, DATA_BLOB, 3);
+		if (composite_nomem(vd, c)) return;
+
+		v[0].guid		= GUID_zero();
+		v[0].sid		= s->zero_sid;
+		v[0].dn			= s->forest.config_dn_str;
+
+		v[1].guid		= GUID_zero();
+		v[1].sid		= s->zero_sid;
+		v[1].dn			= s->domain.dn_str;
+
+		v[2].guid		= GUID_zero();
+		v[2].sid		= s->zero_sid;
+		v[2].dn			= s->forest.schema_dn_str;
+
+		ndr_err = ndr_push_struct_blob(&vd[0], vd, &v[0],
+			(ndr_push_flags_fn_t)ndr_push_drsuapi_DsReplicaObjectIdentifier3);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			c->status = ndr_map_error2ntstatus(ndr_err);
+			if (!composite_is_ok(c)) return;
+		}
+
+		ndr_err = ndr_push_struct_blob(&vd[1], vd, &v[1],
+	    	(ndr_push_flags_fn_t)ndr_push_drsuapi_DsReplicaObjectIdentifier3);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			c->status = ndr_map_error2ntstatus(ndr_err);
+			if (!composite_is_ok(c)) return;
+		}
+
+		ndr_err = ndr_push_struct_blob(&vd[2], vd, &v[2],
+		   (ndr_push_flags_fn_t)ndr_push_drsuapi_DsReplicaObjectIdentifier3);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			c->status = ndr_map_error2ntstatus(ndr_err);
+			if (!composite_is_ok(c)) return;
+		}
+
+		vs[0].blob		= &vd[0];
+		vs[1].blob		= &vd[1];
+		vs[2].blob		= &vd[2];
+
+		attrs[i].attid			= DRSUAPI_ATTID_hasMasterNCs;
+		attrs[i].value_ctr.num_values	= 3;
+		attrs[i].value_ctr.values	= vs;
+
+		i++;
+	}
+
+	/* msDS-hasMasterNCs: ... */
+	if (w2k3) {
+		struct drsuapi_DsAttributeValue *vs;
+		DATA_BLOB *vd;
+		struct drsuapi_DsReplicaObjectIdentifier3 v[3];
+
+		vs = talloc_array(attrs, struct drsuapi_DsAttributeValue, 3);
+		if (composite_nomem(vs, c)) return;
+
+		vd = talloc_array(vs, DATA_BLOB, 3);
+		if (composite_nomem(vd, c)) return;
+
+		v[0].guid		= GUID_zero();
+		v[0].sid		= s->zero_sid;
+		v[0].dn			= s->forest.config_dn_str;
+
+		v[1].guid		= GUID_zero();
+		v[1].sid		= s->zero_sid;
+		v[1].dn			= s->domain.dn_str;
+
+		v[2].guid		= GUID_zero();
+		v[2].sid		= s->zero_sid;
+		v[2].dn			= s->forest.schema_dn_str;
+
+		ndr_err = ndr_push_struct_blob(&vd[0], vd, &v[0],
+			(ndr_push_flags_fn_t)ndr_push_drsuapi_DsReplicaObjectIdentifier3);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			c->status = ndr_map_error2ntstatus(ndr_err);
+			if (!composite_is_ok(c)) return;
+		}
+
+		ndr_err = ndr_push_struct_blob(&vd[1], vd, &v[1],
+			(ndr_push_flags_fn_t)ndr_push_drsuapi_DsReplicaObjectIdentifier3);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			c->status = ndr_map_error2ntstatus(ndr_err);
+			if (!composite_is_ok(c)) return;
+		}
+
+		ndr_err = ndr_push_struct_blob(&vd[2], vd, &v[2],
+			(ndr_push_flags_fn_t)ndr_push_drsuapi_DsReplicaObjectIdentifier3);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			c->status = ndr_map_error2ntstatus(ndr_err);
+			if (!composite_is_ok(c)) return;
+		}
+
+		vs[0].blob		= &vd[0];
+		vs[1].blob		= &vd[1];
+		vs[2].blob		= &vd[2];
+
+		attrs[i].attid			= DRSUAPI_ATTID_msDS_hasMasterNCs;
+		attrs[i].value_ctr.num_values	= 3;
+		attrs[i].value_ctr.values	= vs;
+
+		i++;
+	}
+
+	/* dMDLocation: CN=Schema,... */
+	{
+		struct drsuapi_DsAttributeValue *vs;
+		DATA_BLOB *vd;
+		struct drsuapi_DsReplicaObjectIdentifier3 v[1];
+
+		vs = talloc_array(attrs, struct drsuapi_DsAttributeValue, 1);
+		if (composite_nomem(vs, c)) return;
+
+		vd = talloc_array(vs, DATA_BLOB, 1);
+		if (composite_nomem(vd, c)) return;
+
+		v[0].guid		= GUID_zero();
+		v[0].sid		= s->zero_sid;
+		v[0].dn			= s->forest.schema_dn_str;
+
+		ndr_err = ndr_push_struct_blob(&vd[0], vd, &v[0],
+			(ndr_push_flags_fn_t)ndr_push_drsuapi_DsReplicaObjectIdentifier3);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			c->status = ndr_map_error2ntstatus(ndr_err);
+			if (!composite_is_ok(c)) return;
+		}
+
+		vs[0].blob		= &vd[0];
+
+		attrs[i].attid			= DRSUAPI_ATTID_dMDLocation;
+		attrs[i].value_ctr.num_values	= 1;
+		attrs[i].value_ctr.values	= vs;
+
+		i++;
+	}
+
+	/* msDS-HasDomainNCs: <domain_partition> */
+	if (w2k3) {
+		struct drsuapi_DsAttributeValue *vs;
+		DATA_BLOB *vd;
+		struct drsuapi_DsReplicaObjectIdentifier3 v[1];
+
+		vs = talloc_array(attrs, struct drsuapi_DsAttributeValue, 1);
+		if (composite_nomem(vs, c)) return;
+
+		vd = talloc_array(vs, DATA_BLOB, 1);
+		if (composite_nomem(vd, c)) return;
+
+		v[0].guid		= GUID_zero();
+		v[0].sid		= s->zero_sid;
+		v[0].dn			= s->domain.dn_str;
+
+		ndr_err = ndr_push_struct_blob(&vd[0], vd, &v[0],
+			(ndr_push_flags_fn_t)ndr_push_drsuapi_DsReplicaObjectIdentifier3);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			c->status = ndr_map_error2ntstatus(ndr_err);
+			if (!composite_is_ok(c)) return;
+		}
+
+		vs[0].blob		= &vd[0];
+
+		attrs[i].attid			= DRSUAPI_ATTID_msDS_HasDomainNCs;
+		attrs[i].value_ctr.num_values	= 1;
+		attrs[i].value_ctr.values	= vs;
+
+		i++;
+	}
+
+	/* msDS-Behavior-Version */
+	if (w2k3) {
+		struct drsuapi_DsAttributeValue *vs;
+		DATA_BLOB *vd;
+
+		vs = talloc_array(attrs, struct drsuapi_DsAttributeValue, 1);
+		if (composite_nomem(vs, c)) return;
+
+		vd = talloc_array(vs, DATA_BLOB, 1);
+		if (composite_nomem(vd, c)) return;
+
+		vd[0] = data_blob_talloc(vd, NULL, 4);
+		if (composite_nomem(vd[0].data, c)) return;
+
+		SIVAL(vd[0].data, 0, get_dc_function_level(s->libnet->lp_ctx));
+
+		vs[0].blob		= &vd[0];
+
+		attrs[i].attid			= DRSUAPI_ATTID_msDS_Behavior_Version;
+		attrs[i].value_ctr.num_values	= 1;
+		attrs[i].value_ctr.values	= vs;
+
+		i++;
+	}
+
+	/* systemFlags */
+	{
+		struct drsuapi_DsAttributeValue *vs;
+		DATA_BLOB *vd;
+
+		vs = talloc_array(attrs, struct drsuapi_DsAttributeValue, 1);
+		if (composite_nomem(vs, c)) return;
+
+		vd = talloc_array(vs, DATA_BLOB, 1);
+		if (composite_nomem(vd, c)) return;
+
+		vd[0] = data_blob_talloc(vd, NULL, 4);
+		if (composite_nomem(vd[0].data, c)) return;
+
+		if (s->rodc_join) {
+		    SIVAL(vd[0].data, 0, SYSTEM_FLAG_CONFIG_ALLOW_RENAME);
+		} else {
+		    SIVAL(vd[0].data, 0, SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE);
+		}
+
+		vs[0].blob		= &vd[0];
+
+		attrs[i].attid			= DRSUAPI_ATTID_systemFlags;
+		attrs[i].value_ctr.num_values	= 1;
+		attrs[i].value_ctr.values	= vs;
+
+		i++;
+	}
+
+	/* serverReference: ... */
+	{
+		struct drsuapi_DsAttributeValue *vs;
+		DATA_BLOB *vd;
+		struct drsuapi_DsReplicaObjectIdentifier3 v[1];
+
+		vs = talloc_array(attrs, struct drsuapi_DsAttributeValue, 1);
+		if (composite_nomem(vs, c)) return;
+
+		vd = talloc_array(vs, DATA_BLOB, 1);
+		if (composite_nomem(vd, c)) return;
+
+		v[0].guid		= GUID_zero();
+		v[0].sid		= s->zero_sid;
+		v[0].dn			= s->dest_dsa.computer_dn_str;
+
+		ndr_err = ndr_push_struct_blob(&vd[0], vd, &v[0],
+			(ndr_push_flags_fn_t)ndr_push_drsuapi_DsReplicaObjectIdentifier3);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			c->status = ndr_map_error2ntstatus(ndr_err);
+			if (!composite_is_ok(c)) return;
+		}
+
+		vs[0].blob		= &vd[0];
+
+		attrs[i].attid			= DRSUAPI_ATTID_serverReference;
+		attrs[i].value_ctr.num_values	= 1;
+		attrs[i].value_ctr.values	= vs;
+
+		i++;
+	}
+
+	/* options:... */
+	if (s->rodc_join) {
+		struct drsuapi_DsAttributeValue *vs;
+		DATA_BLOB *vd;
+
+		vs = talloc_array(attrs, struct drsuapi_DsAttributeValue, 1);
+		if (composite_nomem(vs, c)) return;
+
+		vd = talloc_array(vs, DATA_BLOB, 1);
+		if (composite_nomem(vd, c)) return;
+
+		vd[0] = data_blob_talloc(vd, NULL, 4);
+		if (composite_nomem(vd[0].data, c)) return;
+
+		SIVAL(vd[0].data, 0, DS_NTDSDSA_OPT_DISABLE_OUTBOUND_REPL);
+
+		vs[0].blob		= &vd[0];
+
+		attrs[i].attid			= DRSUAPI_ATTID_options;
+		attrs[i].value_ctr.num_values	= 1;
+		attrs[i].value_ctr.values	= vs;
+
+		i++;
+	}
+
+	/* truncate the attribute list to the attribute count we have filled in */
+	num_attrs = i;
+
+	/* setup request structure */
+	r->in.bind_handle						= &s->drsuapi1.bind_handle;
+	r->in.level							= 2;
+	r->in.req							= talloc(s, union drsuapi_DsAddEntryRequest);
+	r->in.req->req2.first_object.next_object			= NULL;
+	r->in.req->req2.first_object.object.identifier			= identifier;
+	r->in.req->req2.first_object.object.flags			= 0x00000000;
+	r->in.req->req2.first_object.object.attribute_ctr.num_attributes= num_attrs;
+	r->in.req->req2.first_object.object.attribute_ctr.attributes	= attrs;
+
+	r->out.level_out	= talloc(s, uint32_t);
+	r->out.ctr		= talloc(s, union drsuapi_DsAddEntryCtr);
+
+	s->ndr_struct_ptr = r;
+	subreq = dcerpc_drsuapi_DsAddEntry_r_send(s, c->event_ctx,
+						  s->drsuapi1.drsuapi_handle, r);
+	if (composite_nomem(subreq, c)) return;
+	tevent_req_set_callback(subreq, becomeDC_drsuapi1_add_entry_recv, s);
+}
+
+static void becomeDC_drsuapi2_connect_recv(struct composite_context *req);
+static NTSTATUS becomeDC_prepare_db(struct libnet_BecomeDC_state *s);
+
+static void becomeDC_drsuapi1_add_entry_recv(struct tevent_req *subreq)
+{
+	struct libnet_BecomeDC_state *s = tevent_req_callback_data(subreq,
+					  struct libnet_BecomeDC_state);
+	struct composite_context *c = s->creq;
+	struct drsuapi_DsAddEntry *r = talloc_get_type_abort(s->ndr_struct_ptr,
+				       struct drsuapi_DsAddEntry);
+	char *binding_str;
+	uint32_t assoc_group_id;
+
+	s->ndr_struct_ptr = NULL;
+
+	c->status = dcerpc_drsuapi_DsAddEntry_r_recv(subreq, r);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	if (!W_ERROR_IS_OK(r->out.result)) {
+		composite_error(c, werror_to_ntstatus(r->out.result));
+		return;
+	}
+
+	if (*r->out.level_out == 3) {
+		WERROR status;
+		union drsuapi_DsAddEntry_ErrData *err_data = r->out.ctr->ctr3.err_data;
+
+		/* check for errors */
+		status = err_data ? err_data->v1.status : WERR_OK;
+		if (!W_ERROR_IS_OK(status)) {
+			struct drsuapi_DsAddEntryErrorInfo_Attr_V1 *attr_err;
+			struct drsuapi_DsAddEntry_AttrErrListItem_V1 *attr_err_li;
+			struct drsuapi_DsAddEntryErrorInfo_Name_V1 *name_err;
+			struct drsuapi_DsAddEntryErrorInfo_Referr_V1 *ref_err;
+			struct drsuapi_DsAddEntry_RefErrListItem_V1 *ref_li;
+
+			if (r->out.ctr->ctr3.err_ver != 1) {
+				composite_error(c, NT_STATUS_INVALID_NETWORK_RESPONSE);
+				return;
+			}
+
+			DEBUG(0,("DsAddEntry (R3) of '%s' failed: "
+				 "Errors: dir_err = %d, status = %s;\n",
+				 r->in.req->req3.first_object.object.identifier->dn,
+				 err_data->v1.dir_err,
+				 win_errstr(err_data->v1.status)));
+
+			if (!err_data->v1.info) {
+				DEBUG(0, ("DsAddEntry (R3): no error info returned!\n"));
+				composite_error(c, werror_to_ntstatus(status));
+				return;
+			}
+
+			/* dump more detailed error */
+			switch (err_data->v1.dir_err) {
+			case DRSUAPI_DIRERR_ATTRIBUTE:
+				/* Dump attribute errors */
+				attr_err = &err_data->v1.info->attr_err;
+				DEBUGADD(0,(" Attribute Error: object = %s, count = %d;\n",
+					    attr_err->id->dn,
+					    attr_err->count));
+				attr_err_li = &attr_err->first;
+				for (; attr_err_li; attr_err_li = attr_err_li->next) {
+					struct drsuapi_DsAddEntry_AttrErr_V1 *err = &attr_err_li->err_data;
+					DEBUGADD(0,(" Error: err = %s, problem = 0x%08X, attid = 0x%08X;\n",
+						    win_errstr(err->extended_err),
+						    err->problem,
+						    err->attid));
+					/* TODO: should we print attribute value here? */
+				}
+				break;
+			case DRSUAPI_DIRERR_NAME:
+				/* Dump Name resolution error */
+				name_err = &err_data->v1.info->name_err;
+				DEBUGADD(0,(" Name Error: err = %s, problem = 0x%08X, id_matched = %s;\n",
+					    win_errstr(name_err->extended_err),
+					    name_err->problem,
+					    name_err->id_matched->dn));
+				break;
+			case DRSUAPI_DIRERR_REFERRAL:
+				/* Dump Referral errors */
+				ref_err = &err_data->v1.info->referral_err;
+				DEBUGADD(0,(" Referral Error: extended_err = %s\n",
+					    win_errstr(ref_err->extended_err)));
+				ref_li = &ref_err->refer;
+				for (; ref_li; ref_li = ref_li->next) {
+					struct drsuapi_DsaAddressListItem_V1 *addr;
+					DEBUGADD(0,(" Referral: id_target = %s, ref_type = 0x%04X,",
+						    ref_li->id_target->dn,
+						    ref_li->ref_type));
+					if (ref_li->is_choice_set) {
+						DEBUGADD(0,(" choice = 0x%02X, ",
+							    ref_li->choice));
+					}
+					DEBUGADD(0,(" add_list ("));
+					for (addr = ref_li->addr_list; addr; addr = addr->next) {
+						DEBUGADD(0,("%s", addr->address->string));
+						if (addr->next) {
+							DEBUGADD(0,(", "));
+						}
+					}
+					DEBUGADD(0,(");\n"));
+				}
+				break;
+			case DRSUAPI_DIRERR_SECURITY:
+				/* Dump Security error. */
+				DEBUGADD(0,(" Security Error: extended_err = %s, problem = 0x%08X\n",
+					    win_errstr(err_data->v1.info->security_err.extended_err),
+					    err_data->v1.info->security_err.problem));
+				break;
+			case DRSUAPI_DIRERR_SERVICE:
+				/* Dump Service error. */
+				DEBUGADD(0,(" Service Error: extended_err = %s, problem = 0x%08X\n",
+					    win_errstr(err_data->v1.info->service_err.extended_err),
+					    err_data->v1.info->service_err.problem));
+				break;
+			case DRSUAPI_DIRERR_UPDATE:
+				/* Dump Update error. */
+				DEBUGADD(0,(" Update Error: extended_err = %s, problem = 0x%08X\n",
+					    win_errstr(err_data->v1.info->update_err.extended_err),
+					    err_data->v1.info->update_err.problem));
+				break;
+			case DRSUAPI_DIRERR_SYSTEM:
+				/* System error. */
+				DEBUGADD(0,(" System Error: extended_err = %s, problem = 0x%08X\n",
+					    win_errstr(err_data->v1.info->system_err.extended_err),
+					    err_data->v1.info->system_err.problem));
+				break;
+			case DRSUAPI_DIRERR_OK: /* mute compiler warnings */
+			default:
+				DEBUGADD(0,(" Unknown DIRERR error class returned!\n"));
+				break;
+			}
+
+			composite_error(c, werror_to_ntstatus(status));
+			return;
+		}
+
+		if (1 != r->out.ctr->ctr3.count) {
+			DEBUG(0,("DsAddEntry - Ctr3: something very wrong had happened - "
+				 "method succeeded but objects returned are %d (expected 1).\n",
+				 r->out.ctr->ctr3.count));
+			composite_error(c, NT_STATUS_INVALID_NETWORK_RESPONSE);
+			return;
+		}
+
+		s->dest_dsa.ntds_guid	= r->out.ctr->ctr3.objects[0].guid;
+
+	} else if (*r->out.level_out == 2) {
+		if (DRSUAPI_DIRERR_OK != r->out.ctr->ctr2.dir_err) {
+			DEBUG(0,("DsAddEntry failed with: dir_err = %d, extended_err = %s\n",
+				 r->out.ctr->ctr2.dir_err,
+				 win_errstr(r->out.ctr->ctr2.extended_err)));
+			composite_error(c, werror_to_ntstatus(r->out.ctr->ctr2.extended_err));
+			return;
+		}
+
+		if (1 != r->out.ctr->ctr2.count) {
+			DEBUG(0,("DsAddEntry: something very wrong had happened - "
+				 "method succeeded but objects returned are %d (expected 1). "
+				 "Errors: dir_err = %d, extended_err = %s\n",
+				 r->out.ctr->ctr2.count,
+				 r->out.ctr->ctr2.dir_err,
+				 win_errstr(r->out.ctr->ctr2.extended_err)));
+			composite_error(c, NT_STATUS_INVALID_NETWORK_RESPONSE);
+			return;
+		}
+
+		s->dest_dsa.ntds_guid	= r->out.ctr->ctr2.objects[0].guid;
+	} else {
+		composite_error(c, NT_STATUS_INVALID_NETWORK_RESPONSE);
+		return;
+	}
+
+	talloc_free(r);
+
+	s->dest_dsa.ntds_dn_str = talloc_asprintf(s, "CN=NTDS Settings,%s",
+						  s->dest_dsa.server_dn_str);
+	if (composite_nomem(s->dest_dsa.ntds_dn_str, c)) return;
+
+	c->status = becomeDC_prepare_db(s);
+	if (!composite_is_ok(c)) return;
+
+	/* this avoids the epmapper lookup on the 2nd connection */
+	binding_str = dcerpc_binding_string(s, s->drsuapi1.binding);
+	if (composite_nomem(binding_str, c)) return;
+
+	c->status = dcerpc_parse_binding(s, binding_str, &s->drsuapi2.binding);
+	talloc_free(binding_str);
+	if (!composite_is_ok(c)) return;
+
+	if (DEBUGLEVEL >= 10) {
+		c->status = dcerpc_binding_set_flags(s->drsuapi2.binding,
+						     DCERPC_DEBUG_PRINT_BOTH,
+						     0);
+		if (!composite_is_ok(c)) return;
+	}
+
+	/* w2k3 uses the same assoc_group_id as on the first connection, so we do */
+	assoc_group_id = dcerpc_binding_get_assoc_group_id(s->drsuapi1.pipe->binding);
+	c->status = dcerpc_binding_set_assoc_group_id(s->drsuapi2.binding, assoc_group_id);
+	if (!composite_is_ok(c)) return;
+
+	becomeDC_drsuapi_connect_send(s, &s->drsuapi2, becomeDC_drsuapi2_connect_recv);
+}
+
+static NTSTATUS becomeDC_prepare_db(struct libnet_BecomeDC_state *s)
+{
+	if (!s->callbacks.prepare_db) return NT_STATUS_OK;
+
+	s->_pp.domain		= &s->domain;
+	s->_pp.forest		= &s->forest;
+	s->_pp.source_dsa	= &s->source_dsa;
+	s->_pp.dest_dsa		= &s->dest_dsa;
+
+	return s->callbacks.prepare_db(s->callbacks.private_data, &s->_pp);
+}
+
+static void becomeDC_drsuapi2_bind_recv(struct tevent_req *subreq);
+
+static void becomeDC_drsuapi2_connect_recv(struct composite_context *req)
+{
+	struct libnet_BecomeDC_state *s = talloc_get_type(req->async.private_data,
+					  struct libnet_BecomeDC_state);
+	struct composite_context *c = s->creq;
+
+	c->status = dcerpc_pipe_connect_b_recv(req, s, &s->drsuapi2.pipe);
+	if (!composite_is_ok(c)) return;
+
+	s->drsuapi2.drsuapi_handle = s->drsuapi2.pipe->binding_handle;
+
+	c->status = gensec_session_key(s->drsuapi2.pipe->conn->security_state.generic_state,
+				       s,
+				       &s->drsuapi2.gensec_skey);
+	if (!composite_is_ok(c)) return;
+
+	becomeDC_drsuapi_bind_send(s, &s->drsuapi2, becomeDC_drsuapi2_bind_recv);
+}
+
+static void becomeDC_drsuapi3_connect_recv(struct composite_context *req);
+
+static void becomeDC_drsuapi2_bind_recv(struct tevent_req *subreq)
+{
+	struct libnet_BecomeDC_state *s = tevent_req_callback_data(subreq,
+					  struct libnet_BecomeDC_state);
+	struct composite_context *c = s->creq;
+	char *binding_str;
+	uint32_t assoc_group_id;
+	WERROR status;
+
+	c->status = dcerpc_drsuapi_DsBind_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	status = becomeDC_drsuapi_bind_recv(s, &s->drsuapi2);
+	if (!W_ERROR_IS_OK(status)) {
+		composite_error(c, werror_to_ntstatus(status));
+		return;
+	}
+
+	/* this avoids the epmapper lookup on the 3rd connection */
+	binding_str = dcerpc_binding_string(s, s->drsuapi1.binding);
+	if (composite_nomem(binding_str, c)) return;
+
+	c->status = dcerpc_parse_binding(s, binding_str, &s->drsuapi3.binding);
+	talloc_free(binding_str);
+	if (!composite_is_ok(c)) return;
+
+	if (DEBUGLEVEL >= 10) {
+		c->status = dcerpc_binding_set_flags(s->drsuapi3.binding,
+						     DCERPC_DEBUG_PRINT_BOTH,
+						     0);
+		if (!composite_is_ok(c)) return;
+	}
+
+	/* w2k3 uses the same assoc_group_id as on the first connection, so we do */
+	assoc_group_id = dcerpc_binding_get_assoc_group_id(s->drsuapi1.pipe->binding);
+	c->status = dcerpc_binding_set_assoc_group_id(s->drsuapi3.binding, assoc_group_id);
+	if (!composite_is_ok(c)) return;
+	/* w2k3 uses the concurrent multiplex feature on the 3rd connection, so we do */
+	c->status = dcerpc_binding_set_flags(s->drsuapi3.binding,
+					     DCERPC_CONCURRENT_MULTIPLEX,
+					     0);
+	if (!composite_is_ok(c)) return;
+
+	becomeDC_drsuapi_connect_send(s, &s->drsuapi3, becomeDC_drsuapi3_connect_recv);
+}
+
+static void becomeDC_drsuapi3_pull_schema_send(struct libnet_BecomeDC_state *s);
+
+static void becomeDC_drsuapi3_connect_recv(struct composite_context *req)
+{
+	struct libnet_BecomeDC_state *s = talloc_get_type(req->async.private_data,
+					  struct libnet_BecomeDC_state);
+	struct composite_context *c = s->creq;
+
+	c->status = dcerpc_pipe_connect_b_recv(req, s, &s->drsuapi3.pipe);
+	if (!composite_is_ok(c)) return;
+
+	s->drsuapi3.drsuapi_handle = s->drsuapi3.pipe->binding_handle;
+
+	c->status = gensec_session_key(s->drsuapi3.pipe->conn->security_state.generic_state,
+				       s,
+				       &s->drsuapi3.gensec_skey);
+	if (!composite_is_ok(c)) return;
+
+	becomeDC_drsuapi3_pull_schema_send(s);
+}
+
+static void becomeDC_drsuapi_pull_partition_send(struct libnet_BecomeDC_state *s,
+						 struct becomeDC_drsuapi *drsuapi_h,
+						 struct becomeDC_drsuapi *drsuapi_p,
+						 struct libnet_BecomeDC_Partition *partition,
+						 void (*recv_fn)(struct tevent_req *subreq))
+{
+	struct composite_context *c = s->creq;
+	struct drsuapi_DsGetNCChanges *r;
+	struct tevent_req *subreq;
+
+	r = talloc(s, struct drsuapi_DsGetNCChanges);
+	if (composite_nomem(r, c)) return;
+
+	r->out.level_out = talloc(r, uint32_t);
+	if (composite_nomem(r->out.level_out, c)) return;
+	r->in.req = talloc(r, union drsuapi_DsGetNCChangesRequest);
+	if (composite_nomem(r->in.req, c)) return;
+	r->out.ctr = talloc(r, union drsuapi_DsGetNCChangesCtr);
+	if (composite_nomem(r->out.ctr, c)) return;
+
+	r->in.bind_handle	= &drsuapi_h->bind_handle;
+	if (drsuapi_h->remote_info28.supported_extensions & DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8) {
+		r->in.level				= 8;
+		r->in.req->req8.destination_dsa_guid	= partition->destination_dsa_guid;
+		r->in.req->req8.source_dsa_invocation_id= partition->source_dsa_invocation_id;
+		r->in.req->req8.naming_context		= &partition->nc;
+		r->in.req->req8.highwatermark		= partition->highwatermark;
+		r->in.req->req8.uptodateness_vector	= NULL;
+		r->in.req->req8.replica_flags		= partition->replica_flags;
+		r->in.req->req8.max_object_count	= 133;
+		r->in.req->req8.max_ndr_size		= 1336811;
+		r->in.req->req8.extended_op		= DRSUAPI_EXOP_NONE;
+		r->in.req->req8.fsmo_info		= 0;
+		r->in.req->req8.partial_attribute_set	= NULL;
+		r->in.req->req8.partial_attribute_set_ex= NULL;
+		r->in.req->req8.mapping_ctr.num_mappings= 0;
+		r->in.req->req8.mapping_ctr.mappings	= NULL;
+	} else {
+		r->in.level				= 5;
+		r->in.req->req5.destination_dsa_guid	= partition->destination_dsa_guid;
+		r->in.req->req5.source_dsa_invocation_id= partition->source_dsa_invocation_id;
+		r->in.req->req5.naming_context		= &partition->nc;
+		r->in.req->req5.highwatermark		= partition->highwatermark;
+		r->in.req->req5.uptodateness_vector	= NULL;
+		r->in.req->req5.replica_flags		= partition->replica_flags;
+		r->in.req->req5.max_object_count	= 133;
+		r->in.req->req5.max_ndr_size		= 1336770;
+		r->in.req->req5.extended_op		= DRSUAPI_EXOP_NONE;
+		r->in.req->req5.fsmo_info		= 0;
+	}
+
+	/* 
+	 * we should try to use the drsuapi_p->pipe here, as w2k3 does
+	 * but it seems that some extra flags in the DCERPC Bind call
+	 * are needed for it. Or the same KRB5 TGS is needed on both
+	 * connections.
+	 */
+	s->ndr_struct_ptr = r;
+	subreq = dcerpc_drsuapi_DsGetNCChanges_r_send(s, c->event_ctx,
+						      drsuapi_p->drsuapi_handle,
+						      r);
+	if (composite_nomem(subreq, c)) return;
+	tevent_req_set_callback(subreq, recv_fn, s);
+}
+
+static WERROR becomeDC_drsuapi_pull_partition_recv(struct libnet_BecomeDC_state *s,
+						   struct becomeDC_drsuapi *drsuapi_h,
+						   struct becomeDC_drsuapi *drsuapi_p,
+						   struct libnet_BecomeDC_Partition *partition,
+						   struct drsuapi_DsGetNCChanges *r)
+{
+	uint32_t req_level = r->in.level;
+	struct drsuapi_DsGetNCChangesRequest5 *req5 = NULL;
+	struct drsuapi_DsGetNCChangesRequest8 *req8 = NULL;
+	struct drsuapi_DsGetNCChangesRequest10 *req10 = NULL;
+	uint32_t ctr_level = 0;
+	struct drsuapi_DsGetNCChangesCtr1 *ctr1 = NULL;
+	struct drsuapi_DsGetNCChangesCtr6 *ctr6 = NULL;
+	struct GUID *source_dsa_guid = NULL;
+	struct GUID *source_dsa_invocation_id = NULL;
+	struct drsuapi_DsReplicaHighWaterMark *new_highwatermark = NULL;
+	bool more_data = false;
+	WERROR werr;
+
+	if (!W_ERROR_IS_OK(r->out.result)) {
+		return r->out.result;
+	}
+
+	switch (r->in.level) {
+	case 0:
+		/* none */
+		break;
+	case 5:
+		req5 = &r->in.req->req5;
+		break;
+	case 8:
+		req8 = &r->in.req->req8;
+		break;
+	case 10:
+		req10 = &r->in.req->req10;
+		break;
+	default:
+		return WERR_INVALID_PARAMETER;
+	}
+
+	if (*r->out.level_out == 1) {
+		ctr_level = 1;
+		ctr1 = &r->out.ctr->ctr1;
+	} else if (*r->out.level_out == 2 &&
+		   r->out.ctr->ctr2.mszip1.ts) {
+		ctr_level = 1;
+		ctr1 = &r->out.ctr->ctr2.mszip1.ts->ctr1;
+	} else if (*r->out.level_out == 6) {
+		ctr_level = 6;
+		ctr6 = &r->out.ctr->ctr6;
+	} else if (*r->out.level_out == 7 &&
+		   r->out.ctr->ctr7.level == 6 &&
+		   r->out.ctr->ctr7.type == DRSUAPI_COMPRESSION_TYPE_MSZIP &&
+		   r->out.ctr->ctr7.ctr.mszip6.ts) {
+		ctr_level = 6;
+		ctr6 = &r->out.ctr->ctr7.ctr.mszip6.ts->ctr6;
+	} else if (*r->out.level_out == 7 &&
+		   r->out.ctr->ctr7.level == 6 &&
+		   r->out.ctr->ctr7.type == DRSUAPI_COMPRESSION_TYPE_WIN2K3_LZ77_DIRECT2 &&
+		   r->out.ctr->ctr7.ctr.xpress6.ts) {
+		ctr_level = 6;
+		ctr6 = &r->out.ctr->ctr7.ctr.xpress6.ts->ctr6;
+	} else {
+		return WERR_BAD_NET_RESP;
+	}
+
+	if (!ctr1 && ! ctr6) {
+		return WERR_BAD_NET_RESP;
+	}
+
+	if (ctr_level == 6) {
+		if (!W_ERROR_IS_OK(ctr6->drs_error)) {
+			return ctr6->drs_error;
+		}
+	}
+
+	switch (ctr_level) {
+	case 1:
+		source_dsa_guid			= &ctr1->source_dsa_guid;
+		source_dsa_invocation_id	= &ctr1->source_dsa_invocation_id;
+		new_highwatermark		= &ctr1->new_highwatermark;
+		more_data			= ctr1->more_data;
+		break;
+	case 6:
+		source_dsa_guid			= &ctr6->source_dsa_guid;
+		source_dsa_invocation_id	= &ctr6->source_dsa_invocation_id;
+		new_highwatermark		= &ctr6->new_highwatermark;
+		more_data			= ctr6->more_data;
+		break;
+	}
+
+	partition->highwatermark		= *new_highwatermark;
+	partition->source_dsa_guid		= *source_dsa_guid;
+	partition->source_dsa_invocation_id	= *source_dsa_invocation_id;
+	partition->more_data			= more_data;
+
+	if (!partition->store_chunk) return WERR_OK;
+
+	s->_sc.domain		= &s->domain;
+	s->_sc.forest		= &s->forest;
+	s->_sc.source_dsa	= &s->source_dsa;
+	s->_sc.dest_dsa		= &s->dest_dsa;
+	s->_sc.partition	= partition;
+	s->_sc.req_level	= req_level;
+	s->_sc.req5		= req5;
+	s->_sc.req8		= req8;
+	s->_sc.req10		= req10;
+	s->_sc.ctr_level	= ctr_level;
+	s->_sc.ctr1		= ctr1;
+	s->_sc.ctr6		= ctr6;
+	/* 
+	 * we need to use the drsuapi_p->gensec_skey here,
+	 * when we use drsuapi_p->pipe in the for this request
+	 */
+	s->_sc.gensec_skey	= &drsuapi_p->gensec_skey;
+
+	werr = partition->store_chunk(s->callbacks.private_data, &s->_sc);
+	if (!W_ERROR_IS_OK(werr)) {
+		return werr;
+	}
+
+	return WERR_OK;
+}
+
+static void becomeDC_drsuapi3_pull_schema_recv(struct tevent_req *subreq);
+
+static void becomeDC_drsuapi3_pull_schema_send(struct libnet_BecomeDC_state *s)
+{
+	s->schema_part.nc.guid	= GUID_zero();
+	s->schema_part.nc.sid	= s->zero_sid;
+	s->schema_part.nc.dn	= s->forest.schema_dn_str;
+
+	s->schema_part.destination_dsa_guid	= s->drsuapi2.bind_guid;
+
+	s->schema_part.replica_flags	= DRSUAPI_DRS_WRIT_REP
+					| DRSUAPI_DRS_INIT_SYNC
+					| DRSUAPI_DRS_PER_SYNC
+					| DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS
+					| DRSUAPI_DRS_NEVER_SYNCED
+					| DRSUAPI_DRS_USE_COMPRESSION
+					| DRSUAPI_DRS_GET_ANC;
+	if (s->rodc_join) {
+	    s->schema_part.replica_flags &= ~DRSUAPI_DRS_WRIT_REP;
+	}
+
+	s->schema_part.store_chunk	= s->callbacks.schema_chunk;
+
+	becomeDC_drsuapi_pull_partition_send(s, &s->drsuapi2, &s->drsuapi3, &s->schema_part,
+					     becomeDC_drsuapi3_pull_schema_recv);
+}
+
+static void becomeDC_drsuapi3_pull_config_send(struct libnet_BecomeDC_state *s);
+
+static void becomeDC_drsuapi3_pull_schema_recv(struct tevent_req *subreq)
+{
+	struct libnet_BecomeDC_state *s = tevent_req_callback_data(subreq,
+					  struct libnet_BecomeDC_state);
+	struct composite_context *c = s->creq;
+	struct drsuapi_DsGetNCChanges *r = talloc_get_type_abort(s->ndr_struct_ptr,
+					   struct drsuapi_DsGetNCChanges);
+	WERROR status;
+
+	s->ndr_struct_ptr = NULL;
+
+	c->status = dcerpc_drsuapi_DsGetNCChanges_r_recv(subreq, r);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	status = becomeDC_drsuapi_pull_partition_recv(s, &s->drsuapi2, &s->drsuapi3, &s->schema_part, r);
+	if (!W_ERROR_IS_OK(status)) {
+		composite_error(c, werror_to_ntstatus(status));
+		return;
+	}
+
+	talloc_free(r);
+
+	if (s->schema_part.more_data) {
+		becomeDC_drsuapi_pull_partition_send(s, &s->drsuapi2, &s->drsuapi3, &s->schema_part,
+						     becomeDC_drsuapi3_pull_schema_recv);
+		return;
+	}
+
+	becomeDC_drsuapi3_pull_config_send(s);
+}
+
+static void becomeDC_drsuapi3_pull_config_recv(struct tevent_req *subreq);
+
+static void becomeDC_drsuapi3_pull_config_send(struct libnet_BecomeDC_state *s)
+{
+	s->config_part.nc.guid	= GUID_zero();
+	s->config_part.nc.sid	= s->zero_sid;
+	s->config_part.nc.dn	= s->forest.config_dn_str;
+
+	s->config_part.destination_dsa_guid	= s->drsuapi2.bind_guid;
+
+	s->config_part.replica_flags	= DRSUAPI_DRS_WRIT_REP
+					| DRSUAPI_DRS_INIT_SYNC
+					| DRSUAPI_DRS_PER_SYNC
+					| DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS
+					| DRSUAPI_DRS_NEVER_SYNCED
+					| DRSUAPI_DRS_USE_COMPRESSION
+					| DRSUAPI_DRS_GET_ANC;
+	if (s->rodc_join) {
+	    s->schema_part.replica_flags &= ~DRSUAPI_DRS_WRIT_REP;
+	}
+
+	s->config_part.store_chunk	= s->callbacks.config_chunk;
+
+	becomeDC_drsuapi_pull_partition_send(s, &s->drsuapi2, &s->drsuapi3, &s->config_part,
+					     becomeDC_drsuapi3_pull_config_recv);
+}
+
+static void becomeDC_drsuapi3_pull_config_recv(struct tevent_req *subreq)
+{
+	struct libnet_BecomeDC_state *s = tevent_req_callback_data(subreq,
+					  struct libnet_BecomeDC_state);
+	struct composite_context *c = s->creq;
+	struct drsuapi_DsGetNCChanges *r = talloc_get_type_abort(s->ndr_struct_ptr,
+					   struct drsuapi_DsGetNCChanges);
+	WERROR status;
+
+	s->ndr_struct_ptr = NULL;
+
+	c->status = dcerpc_drsuapi_DsGetNCChanges_r_recv(subreq, r);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	status = becomeDC_drsuapi_pull_partition_recv(s, &s->drsuapi2, &s->drsuapi3, &s->config_part, r);
+	if (!W_ERROR_IS_OK(status)) {
+		composite_error(c, werror_to_ntstatus(status));
+		return;
+	}
+
+	talloc_free(r);
+
+	if (s->config_part.more_data) {
+		becomeDC_drsuapi_pull_partition_send(s, &s->drsuapi2, &s->drsuapi3, &s->config_part,
+						     becomeDC_drsuapi3_pull_config_recv);
+		return;
+	}
+
+	becomeDC_connect_ldap2(s);
+}
+
+static void becomeDC_drsuapi3_pull_domain_recv(struct tevent_req *subreq);
+
+static void becomeDC_drsuapi3_pull_domain_send(struct libnet_BecomeDC_state *s)
+{
+	s->domain_part.nc.guid	= GUID_zero();
+	s->domain_part.nc.sid	= s->zero_sid;
+	s->domain_part.nc.dn	= s->domain.dn_str;
+
+	s->domain_part.destination_dsa_guid	= s->drsuapi2.bind_guid;
+
+	s->domain_part.replica_flags	= DRSUAPI_DRS_WRIT_REP
+					| DRSUAPI_DRS_INIT_SYNC
+					| DRSUAPI_DRS_PER_SYNC
+					| DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS
+					| DRSUAPI_DRS_NEVER_SYNCED
+					| DRSUAPI_DRS_USE_COMPRESSION
+					| DRSUAPI_DRS_GET_ANC;
+	if (s->critical_only) {
+		s->domain_part.replica_flags |= DRSUAPI_DRS_CRITICAL_ONLY;
+	}
+	if (s->rodc_join) {
+	    s->schema_part.replica_flags &= ~DRSUAPI_DRS_WRIT_REP;
+	}
+
+	s->domain_part.store_chunk	= s->callbacks.domain_chunk;
+
+	becomeDC_drsuapi_pull_partition_send(s, &s->drsuapi2, &s->drsuapi3, &s->domain_part,
+					     becomeDC_drsuapi3_pull_domain_recv);
+}
+
+static void becomeDC_drsuapi_update_refs_send(struct libnet_BecomeDC_state *s,
+					      struct becomeDC_drsuapi *drsuapi,
+					      struct libnet_BecomeDC_Partition *partition,
+					      void (*recv_fn)(struct tevent_req *subreq));
+static void becomeDC_drsuapi2_update_refs_schema_recv(struct tevent_req *subreq);
+
+static void becomeDC_drsuapi3_pull_domain_recv(struct tevent_req *subreq)
+{
+	struct libnet_BecomeDC_state *s = tevent_req_callback_data(subreq,
+					  struct libnet_BecomeDC_state);
+	struct composite_context *c = s->creq;
+	struct drsuapi_DsGetNCChanges *r = talloc_get_type_abort(s->ndr_struct_ptr,
+					   struct drsuapi_DsGetNCChanges);
+	WERROR status;
+
+	s->ndr_struct_ptr = NULL;
+
+	c->status = dcerpc_drsuapi_DsGetNCChanges_r_recv(subreq, r);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	status = becomeDC_drsuapi_pull_partition_recv(s, &s->drsuapi2, &s->drsuapi3, &s->domain_part, r);
+	if (!W_ERROR_IS_OK(status)) {
+		composite_error(c, werror_to_ntstatus(status));
+		return;
+	}
+
+	talloc_free(r);
+
+	if (s->domain_part.more_data) {
+		becomeDC_drsuapi_pull_partition_send(s, &s->drsuapi2, &s->drsuapi3, &s->domain_part,
+						     becomeDC_drsuapi3_pull_domain_recv);
+		return;
+	}
+
+	if (s->critical_only) {
+		/* Remove the critical and ANC */
+		s->domain_part.replica_flags ^= DRSUAPI_DRS_CRITICAL_ONLY | DRSUAPI_DRS_GET_ANC;
+		s->critical_only = false;
+		becomeDC_drsuapi_pull_partition_send(s, &s->drsuapi2, &s->drsuapi3, &s->domain_part,
+						     becomeDC_drsuapi3_pull_domain_recv);
+		return;
+	}
+	becomeDC_drsuapi_update_refs_send(s, &s->drsuapi2, &s->schema_part,
+					  becomeDC_drsuapi2_update_refs_schema_recv);
+}
+
+static void becomeDC_drsuapi_update_refs_send(struct libnet_BecomeDC_state *s,
+					      struct becomeDC_drsuapi *drsuapi,
+					      struct libnet_BecomeDC_Partition *partition,
+					      void (*recv_fn)(struct tevent_req *subreq))
+{
+	struct composite_context *c = s->creq;
+	struct drsuapi_DsReplicaUpdateRefs *r;
+	const char *ntds_guid_str;
+	const char *ntds_dns_name;
+	struct tevent_req *subreq;
+
+	r = talloc(s, struct drsuapi_DsReplicaUpdateRefs);
+	if (composite_nomem(r, c)) return;
+
+	ntds_guid_str = GUID_string(r, &s->dest_dsa.ntds_guid);
+	if (composite_nomem(ntds_guid_str, c)) return;
+
+	ntds_dns_name = talloc_asprintf(r, "%s._msdcs.%s",
+					ntds_guid_str,
+					s->forest.dns_name);
+	if (composite_nomem(ntds_dns_name, c)) return;
+
+	r->in.bind_handle		= &drsuapi->bind_handle;
+	r->in.level			= 1;
+	r->in.req.req1.naming_context	= &partition->nc;
+	r->in.req.req1.dest_dsa_dns_name= ntds_dns_name;
+	r->in.req.req1.dest_dsa_guid	= s->dest_dsa.ntds_guid;
+	r->in.req.req1.options		= DRSUAPI_DRS_ADD_REF | DRSUAPI_DRS_DEL_REF;
+
+	/* I think this is how we mark ourselves as a RODC */
+	if (!lpcfg_parm_bool(s->libnet->lp_ctx, NULL, "repl", "RODC", false)) {
+		r->in.req.req1.options |= DRSUAPI_DRS_WRIT_REP;
+	}
+
+	s->ndr_struct_ptr = r;
+	subreq = dcerpc_drsuapi_DsReplicaUpdateRefs_r_send(s, c->event_ctx,
+							   drsuapi->drsuapi_handle,
+							   r);
+	if (composite_nomem(subreq, c)) return;
+	tevent_req_set_callback(subreq, recv_fn, s);
+}
+
+static void becomeDC_drsuapi2_update_refs_config_recv(struct tevent_req *subreq);
+
+static void becomeDC_drsuapi2_update_refs_schema_recv(struct tevent_req *subreq)
+{
+	struct libnet_BecomeDC_state *s = tevent_req_callback_data(subreq,
+					  struct libnet_BecomeDC_state);
+	struct composite_context *c = s->creq;
+	struct drsuapi_DsReplicaUpdateRefs *r = talloc_get_type_abort(s->ndr_struct_ptr,
+					   struct drsuapi_DsReplicaUpdateRefs);
+
+	s->ndr_struct_ptr = NULL;
+
+	c->status = dcerpc_drsuapi_DsReplicaUpdateRefs_r_recv(subreq, r);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	if (!W_ERROR_IS_OK(r->out.result)) {
+		composite_error(c, werror_to_ntstatus(r->out.result));
+		return;
+	}
+
+	talloc_free(r);
+
+	becomeDC_drsuapi_update_refs_send(s, &s->drsuapi2, &s->config_part,
+					  becomeDC_drsuapi2_update_refs_config_recv);
+}
+
+static void becomeDC_drsuapi2_update_refs_domain_recv(struct tevent_req *subreq);
+
+static void becomeDC_drsuapi2_update_refs_config_recv(struct tevent_req *subreq)
+{
+	struct libnet_BecomeDC_state *s = tevent_req_callback_data(subreq,
+					  struct libnet_BecomeDC_state);
+	struct composite_context *c = s->creq;
+	struct drsuapi_DsReplicaUpdateRefs *r = talloc_get_type(s->ndr_struct_ptr,
+					   struct drsuapi_DsReplicaUpdateRefs);
+
+	s->ndr_struct_ptr = NULL;
+
+	c->status = dcerpc_drsuapi_DsReplicaUpdateRefs_r_recv(subreq, r);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	if (!W_ERROR_IS_OK(r->out.result)) {
+		composite_error(c, werror_to_ntstatus(r->out.result));
+		return;
+	}
+
+	talloc_free(r);
+
+	becomeDC_drsuapi_update_refs_send(s, &s->drsuapi2, &s->domain_part,
+					  becomeDC_drsuapi2_update_refs_domain_recv);
+}
+
+static void becomeDC_drsuapi2_update_refs_domain_recv(struct tevent_req *subreq)
+{
+	struct libnet_BecomeDC_state *s = tevent_req_callback_data(subreq,
+					  struct libnet_BecomeDC_state);
+	struct composite_context *c = s->creq;
+	struct drsuapi_DsReplicaUpdateRefs *r = talloc_get_type(s->ndr_struct_ptr,
+					   struct drsuapi_DsReplicaUpdateRefs);
+
+	s->ndr_struct_ptr = NULL;
+
+	c->status = dcerpc_drsuapi_DsReplicaUpdateRefs_r_recv(subreq, r);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	if (!W_ERROR_IS_OK(r->out.result)) {
+		composite_error(c, werror_to_ntstatus(r->out.result));
+		return;
+	}
+
+	talloc_free(r);
+
+	/* TODO: use DDNS updates and register dns names */
+	composite_done(c);
+}
+
+static NTSTATUS becomeDC_ldap2_modify_computer(struct libnet_BecomeDC_state *s)
+{
+	int ret;
+	struct ldb_message *msg;
+	unsigned int i;
+	uint32_t user_account_control = UF_SERVER_TRUST_ACCOUNT |
+					UF_TRUSTED_FOR_DELEGATION;
+
+	/* as the value is already as we want it to be, we're done */
+	if (s->dest_dsa.user_account_control == user_account_control) {
+		return NT_STATUS_OK;
+	}
+
+	/* make a 'modify' msg, and only for serverReference */
+	msg = ldb_msg_new(s);
+	NT_STATUS_HAVE_NO_MEMORY(msg);
+	msg->dn = ldb_dn_new(msg, s->ldap2.ldb, s->dest_dsa.computer_dn_str);
+	NT_STATUS_HAVE_NO_MEMORY(msg->dn);
+
+	ret = samdb_msg_add_uint(s->ldap2.ldb, msg, msg, "userAccountControl",
+				 user_account_control);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(msg);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* mark all the message elements (should be just one)
+	   as LDB_FLAG_MOD_REPLACE */
+	for (i=0;i<msg->num_elements;i++) {
+		msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
+	}
+
+	ret = ldb_modify(s->ldap2.ldb, msg);
+	talloc_free(msg);
+	if (ret != LDB_SUCCESS) {
+		return NT_STATUS_LDAP(ret);
+	}
+
+	s->dest_dsa.user_account_control = user_account_control;
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS becomeDC_ldap2_move_computer(struct libnet_BecomeDC_state *s)
+{
+	int ret;
+	struct ldb_dn *old_dn;
+	struct ldb_dn *new_dn;
+
+	ret = dsdb_wellknown_dn(s->ldap2.ldb, s,
+				ldb_get_default_basedn(s->ldap2.ldb),
+				DS_GUID_DOMAIN_CONTROLLERS_CONTAINER,
+				&new_dn);
+	if (ret != LDB_SUCCESS) {
+		return NT_STATUS_LDAP(ret);
+	}
+
+	if (!ldb_dn_add_child_fmt(new_dn, "CN=%s", s->dest_dsa.netbios_name)) {
+		talloc_free(new_dn);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	old_dn = ldb_dn_new(new_dn, s->ldap2.ldb, s->dest_dsa.computer_dn_str);
+	NT_STATUS_HAVE_NO_MEMORY(old_dn);
+
+	if (ldb_dn_compare(old_dn, new_dn) == 0) {
+		/* we don't need to rename if the old and new dn match */
+		talloc_free(new_dn);
+		return NT_STATUS_OK;
+	}
+
+	ret = ldb_rename(s->ldap2.ldb, old_dn, new_dn);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(new_dn);
+		return NT_STATUS_LDAP(ret);
+	}
+
+	s->dest_dsa.computer_dn_str = ldb_dn_alloc_linearized(s, new_dn);
+	NT_STATUS_HAVE_NO_MEMORY(s->dest_dsa.computer_dn_str);
+
+	talloc_free(new_dn);
+
+	return NT_STATUS_OK;
+}
+
+static void becomeDC_connect_ldap2(struct libnet_BecomeDC_state *s)
+{
+	struct composite_context *c = s->creq;
+
+	c->status = becomeDC_ldap_connect(s, &s->ldap2);
+	if (!composite_is_ok(c)) return;
+
+	c->status = becomeDC_ldap2_modify_computer(s);
+	if (!composite_is_ok(c)) return;
+
+	c->status = becomeDC_ldap2_move_computer(s);
+	if (!composite_is_ok(c)) return;
+
+	s->critical_only = true;
+	becomeDC_drsuapi3_pull_domain_send(s);
+}
+
+struct composite_context *libnet_BecomeDC_send(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_BecomeDC *r)
+{
+	struct composite_context *c;
+	struct libnet_BecomeDC_state *s;
+	char *tmp_name;
+
+	c = composite_create(mem_ctx, ctx->event_ctx);
+	if (c == NULL) return NULL;
+
+	s = talloc_zero(c, struct libnet_BecomeDC_state);
+	if (composite_nomem(s, c)) return c;
+	c->private_data = s;
+	s->creq		= c;
+	s->libnet	= ctx;
+
+	/* Domain input */
+	s->domain.dns_name	= talloc_strdup(s, r->in.domain_dns_name);
+	if (composite_nomem(s->domain.dns_name, c)) return c;
+	s->domain.netbios_name	= talloc_strdup(s, r->in.domain_netbios_name);
+	if (composite_nomem(s->domain.netbios_name, c)) return c;
+	s->domain.sid		= dom_sid_dup(s, r->in.domain_sid);
+	if (composite_nomem(s->domain.sid, c)) return c;
+
+	/* Source DSA input */
+	s->source_dsa.address	= talloc_strdup(s, r->in.source_dsa_address);
+	if (composite_nomem(s->source_dsa.address, c)) return c;
+
+	/* Destination DSA input */
+	s->dest_dsa.netbios_name= talloc_strdup(s, r->in.dest_dsa_netbios_name);
+	if (composite_nomem(s->dest_dsa.netbios_name, c)) return c;
+
+	/* Destination DSA dns_name construction */
+	tmp_name	= strlower_talloc(s, s->dest_dsa.netbios_name);
+	if (composite_nomem(tmp_name, c)) return c;
+	tmp_name	= talloc_asprintf_append_buffer(tmp_name, ".%s",s->domain.dns_name);
+	if (composite_nomem(tmp_name, c)) return c;
+	s->dest_dsa.dns_name	= tmp_name;
+
+	/* Callback function pointers */
+	s->callbacks = r->in.callbacks;
+
+        /* RODC join*/
+        s->rodc_join = r->in.rodc_join;
+
+	becomeDC_send_cldap(s);
+	return c;
+}
+
+NTSTATUS libnet_BecomeDC_recv(struct composite_context *c, TALLOC_CTX *mem_ctx, struct libnet_BecomeDC *r)
+{
+	NTSTATUS status;
+
+	status = composite_wait(c);
+
+	ZERO_STRUCT(r->out);
+
+	talloc_free(c);
+	return status;
+}
+
+NTSTATUS libnet_BecomeDC(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_BecomeDC *r)
+{
+	NTSTATUS status;
+	struct composite_context *c;
+	c = libnet_BecomeDC_send(ctx, mem_ctx, r);
+	status = libnet_BecomeDC_recv(c, mem_ctx, r);
+	return status;
+}
diff --git a/source4/libnet/libnet_become_dc.h b/source4/libnet/libnet_become_dc.h
new file mode 100644
index 0000000..f050c22
--- /dev/null
+++ b/source4/libnet/libnet_become_dc.h
@@ -0,0 +1,152 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Stefan Metzmacher <metze@samba.org> 2006
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _LIBNET_BECOME_DC_H
+#define _LIBNET_BECOME_DC_H
+
+#include "librpc/gen_ndr/drsuapi.h"
+
+struct libnet_BecomeDC_Domain {
+	/* input */
+	const char *dns_name;
+	const char *netbios_name;
+	const struct dom_sid *sid;
+
+	/* constructed */
+	struct GUID guid;
+	const char *dn_str;
+	uint32_t behavior_version;
+	uint32_t w2k3_update_revision;
+};
+
+struct libnet_BecomeDC_Forest {
+	/* constructed */
+	const char *dns_name;
+	const char *root_dn_str;
+	const char *config_dn_str;
+	uint32_t crossref_behavior_version;
+	const char *schema_dn_str;
+	uint32_t schema_object_version;
+};
+
+struct libnet_BecomeDC_SourceDSA {
+	/* input */
+	const char *address;
+
+	/* constructed */
+	const char *dns_name;
+	const char *netbios_name;
+	const char *site_name;
+	const char *server_dn_str;
+	const char *ntds_dn_str;
+};
+
+struct libnet_BecomeDC_CheckOptions {
+	const struct libnet_BecomeDC_Domain *domain;
+	const struct libnet_BecomeDC_Forest *forest;
+	const struct libnet_BecomeDC_SourceDSA *source_dsa;
+};
+
+struct libnet_BecomeDC_DestDSA {
+	/* input */
+	const char *netbios_name;
+
+	/* constructed */
+	const char *dns_name;
+	const char *site_name;
+	struct GUID site_guid;
+	const char *computer_dn_str;
+	const char *server_dn_str;
+	const char *ntds_dn_str;
+	struct GUID ntds_guid;
+	struct GUID invocation_id;
+	uint32_t user_account_control;
+};
+
+struct libnet_BecomeDC_PrepareDB {
+	const struct libnet_BecomeDC_Domain *domain;
+	const struct libnet_BecomeDC_Forest *forest;
+	const struct libnet_BecomeDC_SourceDSA *source_dsa;
+	const struct libnet_BecomeDC_DestDSA *dest_dsa;
+};
+
+struct libnet_BecomeDC_StoreChunk;
+
+struct libnet_BecomeDC_Partition {
+	struct drsuapi_DsReplicaObjectIdentifier nc;
+	struct GUID destination_dsa_guid;
+	struct GUID source_dsa_guid;
+	struct GUID source_dsa_invocation_id;
+	struct drsuapi_DsReplicaHighWaterMark highwatermark;
+	bool more_data;
+	uint32_t replica_flags;
+
+	WERROR (*store_chunk)(void *private_data,
+			      const struct libnet_BecomeDC_StoreChunk *info);
+};
+
+struct libnet_BecomeDC_StoreChunk {
+	const struct libnet_BecomeDC_Domain *domain;
+	const struct libnet_BecomeDC_Forest *forest;
+	const struct libnet_BecomeDC_SourceDSA *source_dsa;
+	const struct libnet_BecomeDC_DestDSA *dest_dsa;
+	const struct libnet_BecomeDC_Partition *partition;
+	uint32_t req_level;
+	const struct drsuapi_DsGetNCChangesRequest5 *req5;
+	const struct drsuapi_DsGetNCChangesRequest8 *req8;
+	const struct drsuapi_DsGetNCChangesRequest10 *req10;
+	uint32_t ctr_level;
+	const struct drsuapi_DsGetNCChangesCtr1 *ctr1;
+	const struct drsuapi_DsGetNCChangesCtr6 *ctr6;
+	const DATA_BLOB *gensec_skey;
+};
+
+struct libnet_BecomeDC_Callbacks {
+	void *private_data;
+	NTSTATUS (*check_options)(void *private_data,
+				  const struct libnet_BecomeDC_CheckOptions *info);
+	NTSTATUS (*prepare_db)(void *private_data,
+			       const struct libnet_BecomeDC_PrepareDB *info);
+	WERROR (*schema_chunk)(void *private_data,
+			       const struct libnet_BecomeDC_StoreChunk *info);
+	WERROR (*config_chunk)(void *private_data,
+			       const struct libnet_BecomeDC_StoreChunk *info);
+	WERROR (*domain_chunk)(void *private_data,
+			       const struct libnet_BecomeDC_StoreChunk *info);
+};
+
+struct libnet_BecomeDC {
+	struct {
+		const char *domain_dns_name;
+		const char *domain_netbios_name;
+		const struct dom_sid *domain_sid;
+		const char *source_dsa_address;
+		const char *dest_dsa_netbios_name;
+
+		struct libnet_BecomeDC_Callbacks callbacks;
+
+                bool rodc_join;
+        } in;
+
+	struct {
+		const char *error_string;
+	} out;
+};
+
+#endif /* _LIBNET_BECOME_DC_H */
diff --git a/source4/libnet/libnet_domain.c b/source4/libnet/libnet_domain.c
new file mode 100644
index 0000000..81cd0dc
--- /dev/null
+++ b/source4/libnet/libnet_domain.c
@@ -0,0 +1,1304 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Rafal Szczesniak 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+  a composite function for domain handling on samr and lsa pipes
+*/
+
+#include "includes.h"
+#include "libcli/composite/composite.h"
+#include "libnet/libnet.h"
+#include "librpc/gen_ndr/ndr_samr_c.h"
+#include "librpc/gen_ndr/ndr_lsa_c.h"
+
+
+struct domain_open_samr_state {
+	struct libnet_context     *ctx;
+	struct dcerpc_pipe        *pipe;
+	struct libnet_RpcConnect  rpcconn;
+	struct samr_Connect       connect;
+	struct samr_LookupDomain  lookup;
+	struct samr_OpenDomain    open;
+	struct samr_Close         close;
+	struct lsa_String         domain_name;
+	uint32_t                  access_mask;
+	struct policy_handle      connect_handle;
+	struct policy_handle      domain_handle;
+	struct dom_sid2           *domain_sid;
+
+	/* information about the progress */
+	void (*monitor_fn)(struct monitor_msg*);
+};
+
+
+static void continue_domain_open_close(struct tevent_req *subreq);
+static void continue_domain_open_connect(struct tevent_req *subreq);
+static void continue_domain_open_lookup(struct tevent_req *subreq);
+static void continue_domain_open_open(struct tevent_req *subreq);
+
+
+/**
+ * Stage 0.5 (optional): Connect to samr rpc pipe
+ */
+static void continue_domain_open_rpc_connect(struct composite_context *ctx)
+{
+	struct composite_context *c;
+	struct domain_open_samr_state *s;
+	struct tevent_req *subreq;
+
+	c = talloc_get_type_abort(ctx->async.private_data, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct domain_open_samr_state);
+
+	c->status = libnet_RpcConnect_recv(ctx, s->ctx, c, &s->rpcconn);
+	if (!composite_is_ok(c)) return;
+
+	s->pipe = s->rpcconn.out.dcerpc_pipe;
+
+	/* preparing parameters for samr_Connect rpc call */
+	s->connect.in.system_name      = 0;
+	s->connect.in.access_mask      = s->access_mask;
+	s->connect.out.connect_handle  = &s->connect_handle;
+
+	/* send request */
+	subreq = dcerpc_samr_Connect_r_send(s, c->event_ctx,
+					    s->pipe->binding_handle,
+					    &s->connect);
+	if (composite_nomem(subreq, c)) return;
+
+	/* callback handler */
+	tevent_req_set_callback(subreq, continue_domain_open_connect, c);
+}
+
+
+/**
+ * Stage 0.5 (optional): Close existing (in libnet context) domain
+ * handle
+ */
+static void continue_domain_open_close(struct tevent_req *subreq)
+{
+	struct composite_context *c;
+	struct domain_open_samr_state *s;
+
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct domain_open_samr_state);
+
+	/* receive samr_Close reply */
+	c->status = dcerpc_samr_Close_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	if (s->monitor_fn) {
+		struct monitor_msg msg;
+		
+		msg.type = mon_SamrClose;
+		msg.data = NULL;
+		msg.data_size = 0;
+		s->monitor_fn(&msg);
+	}
+
+	/* reset domain handle and associated data in libnet_context */
+	s->ctx->samr.name        = NULL;
+	s->ctx->samr.access_mask = 0;
+	ZERO_STRUCT(s->ctx->samr.handle);
+
+	/* preparing parameters for samr_Connect rpc call */
+	s->connect.in.system_name      = 0;
+	s->connect.in.access_mask      = s->access_mask;
+	s->connect.out.connect_handle  = &s->connect_handle;
+	
+	/* send request */
+	subreq = dcerpc_samr_Connect_r_send(s, c->event_ctx,
+					    s->pipe->binding_handle,
+					    &s->connect);
+	if (composite_nomem(subreq, c)) return;
+
+	/* callback handler */
+	tevent_req_set_callback(subreq, continue_domain_open_connect, c);
+}
+
+
+/**
+ * Stage 1: Connect to SAM server.
+ */
+static void continue_domain_open_connect(struct tevent_req *subreq)
+{
+	struct composite_context *c;
+	struct domain_open_samr_state *s;
+	struct samr_LookupDomain *r;
+	
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct domain_open_samr_state);
+
+	/* receive samr_Connect reply */
+	c->status = dcerpc_samr_Connect_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	if (s->monitor_fn) {
+		struct monitor_msg msg;
+
+		msg.type = mon_SamrConnect;
+		msg.data = NULL;
+		msg.data_size = 0;
+		s->monitor_fn(&msg);
+	}
+
+	r = &s->lookup;
+
+	/* prepare for samr_LookupDomain call */
+	r->in.connect_handle = &s->connect_handle;
+	r->in.domain_name    = &s->domain_name;
+	r->out.sid           = talloc(s, struct dom_sid2 *);
+	if (composite_nomem(r->out.sid, c)) return;
+
+	subreq = dcerpc_samr_LookupDomain_r_send(s, c->event_ctx,
+						 s->pipe->binding_handle,
+						 r);
+	if (composite_nomem(subreq, c)) return;
+
+	tevent_req_set_callback(subreq, continue_domain_open_lookup, c);
+}
+
+
+/**
+ * Stage 2: Lookup domain by name.
+ */
+static void continue_domain_open_lookup(struct tevent_req *subreq)
+{
+	struct composite_context *c;
+	struct domain_open_samr_state *s;
+	struct samr_OpenDomain *r;
+
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct domain_open_samr_state);
+	
+	/* receive samr_LookupDomain reply */
+	c->status = dcerpc_samr_LookupDomain_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+
+	if (s->monitor_fn) {
+		struct monitor_msg msg;
+		struct msg_rpc_lookup_domain data;
+
+		data.domain_name = s->domain_name.string;
+
+		msg.type = mon_SamrLookupDomain;
+		msg.data = (void*)&data;
+		msg.data_size = sizeof(data);
+		s->monitor_fn(&msg);
+	}
+
+	r = &s->open;
+
+	/* check the rpc layer status */
+	if (!composite_is_ok(c)) return;
+
+	/* check the rpc call itself status */
+	if (!NT_STATUS_IS_OK(s->lookup.out.result)) {
+		composite_error(c, s->lookup.out.result);
+		return;
+	}
+
+	/* prepare for samr_OpenDomain call */
+	r->in.connect_handle = &s->connect_handle;
+	r->in.access_mask    = SEC_FLAG_MAXIMUM_ALLOWED;
+	r->in.sid            = *s->lookup.out.sid;
+	r->out.domain_handle = &s->domain_handle;
+
+	subreq = dcerpc_samr_OpenDomain_r_send(s, c->event_ctx,
+					       s->pipe->binding_handle,
+					       r);
+	if (composite_nomem(subreq, c)) return;
+
+	tevent_req_set_callback(subreq, continue_domain_open_open, c);
+}
+
+
+/*
+ * Stage 3: Open domain.
+ */
+static void continue_domain_open_open(struct tevent_req *subreq)
+{
+	struct composite_context *c;
+	struct domain_open_samr_state *s;
+
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct domain_open_samr_state);
+
+	/* receive samr_OpenDomain reply */
+	c->status = dcerpc_samr_OpenDomain_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	if (s->monitor_fn) {
+		struct monitor_msg msg;
+		
+		msg.type = mon_SamrOpenDomain;
+		msg.data = NULL;
+		msg.data_size = 0;
+		s->monitor_fn(&msg);
+	}
+
+	composite_done(c);
+}
+
+
+/**
+ * Sends asynchronous DomainOpenSamr request
+ *
+ * @param ctx initialised libnet context
+ * @param io arguments and results of the call
+ * @param monitor pointer to monitor function that is passed monitor message
+ */
+
+struct composite_context *libnet_DomainOpenSamr_send(struct libnet_context *ctx,
+						     TALLOC_CTX *mem_ctx,
+						     struct libnet_DomainOpen *io,
+						     void (*monitor)(struct monitor_msg*))
+{
+	struct composite_context *c;
+	struct domain_open_samr_state *s;
+	struct composite_context *rpcconn_req;
+	struct tevent_req *subreq;
+
+	c = composite_create(mem_ctx, ctx->event_ctx);
+	if (c == NULL) return NULL;
+
+	s = talloc_zero(c, struct domain_open_samr_state);
+	if (composite_nomem(s, c)) return c;
+
+	c->private_data = s;
+	s->monitor_fn   = monitor;
+
+	s->ctx                 = ctx;
+	s->pipe                = ctx->samr.pipe;
+	s->access_mask         = io->in.access_mask;
+	s->domain_name.string  = talloc_strdup(c, io->in.domain_name);
+
+	/* check, if there's samr pipe opened already, before opening a domain */
+	if (ctx->samr.pipe == NULL) {
+
+		/* attempting to connect a domain controller */
+		s->rpcconn.level           = LIBNET_RPC_CONNECT_DC;
+		s->rpcconn.in.name         = io->in.domain_name;
+		s->rpcconn.in.dcerpc_iface = &ndr_table_samr;
+		
+		/* send rpc pipe connect request */
+		rpcconn_req = libnet_RpcConnect_send(ctx, c, &s->rpcconn, s->monitor_fn);
+		if (composite_nomem(rpcconn_req, c)) return c;
+
+		composite_continue(c, rpcconn_req, continue_domain_open_rpc_connect, c);
+		return c;
+	}
+
+	/* libnet context's domain handle is not empty, so check out what
+	   was opened first, before doing anything */
+	if (!ndr_policy_handle_empty(&ctx->samr.handle)) {
+		if (strequal(ctx->samr.name, io->in.domain_name) &&
+		    ctx->samr.access_mask == io->in.access_mask) {
+
+			/* this domain is already opened */
+			composite_done(c);
+			return c;
+
+		} else {
+			/* another domain or access rights have been
+			   requested - close the existing handle first */
+			s->close.in.handle = &ctx->samr.handle;
+
+			/* send request to close domain handle */
+			subreq = dcerpc_samr_Close_r_send(s, c->event_ctx,
+							  s->pipe->binding_handle,
+							  &s->close);
+			if (composite_nomem(subreq, c)) return c;
+
+			/* callback handler */
+			tevent_req_set_callback(subreq, continue_domain_open_close, c);
+			return c;
+		}
+	}
+
+	/* preparing parameters for samr_Connect rpc call */
+	s->connect.in.system_name      = 0;
+	s->connect.in.access_mask      = s->access_mask;
+	s->connect.out.connect_handle  = &s->connect_handle;
+	
+	/* send request */
+	subreq = dcerpc_samr_Connect_r_send(s, c->event_ctx,
+					    s->pipe->binding_handle,
+					    &s->connect);
+	if (composite_nomem(subreq, c)) return c;
+
+	/* callback handler */
+	tevent_req_set_callback(subreq, continue_domain_open_connect, c);
+	return c;
+}
+
+
+/**
+ * Waits for and receives result of asynchronous DomainOpenSamr call
+ * 
+ * @param c composite context returned by asynchronous DomainOpen call
+ * @param ctx initialised libnet context
+ * @param mem_ctx memory context of the call
+ * @param io pointer to results (and arguments) of the call
+ * @return nt status code of execution
+ */
+
+NTSTATUS libnet_DomainOpenSamr_recv(struct composite_context *c, struct libnet_context *ctx,
+				    TALLOC_CTX *mem_ctx, struct libnet_DomainOpen *io)
+{
+	NTSTATUS status;
+	struct domain_open_samr_state *s;
+
+	/* wait for results of sending request */
+	status = composite_wait(c);
+	
+	if (NT_STATUS_IS_OK(status) && io) {
+		s = talloc_get_type_abort(c->private_data, struct domain_open_samr_state);
+		io->out.domain_handle = s->domain_handle;
+
+		/* store the resulting handle and related data for use by other
+		   libnet functions */
+		ctx->samr.connect_handle = s->connect_handle;
+		ctx->samr.handle      = s->domain_handle;
+		ctx->samr.sid         = talloc_steal(ctx, *s->lookup.out.sid);
+		ctx->samr.name        = talloc_steal(ctx, s->domain_name.string);
+		ctx->samr.access_mask = s->access_mask;
+	}
+
+	talloc_free(c);
+	return status;
+}
+
+
+struct domain_open_lsa_state {
+	const char *name;
+	uint32_t access_mask;
+	struct libnet_context *ctx;
+	struct libnet_RpcConnect rpcconn;
+	struct lsa_OpenPolicy2   openpol;
+	struct policy_handle handle;
+	struct dcerpc_pipe *pipe;
+
+	/* information about the progress */
+	void (*monitor_fn)(struct monitor_msg*);
+};
+
+
+static void continue_rpc_connect_lsa(struct composite_context *ctx);
+static void continue_lsa_policy_open(struct tevent_req *subreq);
+
+
+/**
+ * Sends asynchronous DomainOpenLsa request
+ *
+ * @param ctx initialised libnet context
+ * @param io arguments and results of the call
+ * @param monitor pointer to monitor function that is passed monitor message
+ */
+
+struct composite_context* libnet_DomainOpenLsa_send(struct libnet_context *ctx,
+						    TALLOC_CTX *mem_ctx,
+						    struct libnet_DomainOpen *io,
+						    void (*monitor)(struct monitor_msg*))
+{
+	struct composite_context *c;
+	struct domain_open_lsa_state *s;
+	struct composite_context *rpcconn_req;
+	struct tevent_req *subreq;
+	struct lsa_QosInfo *qos;
+
+	/* create composite context and state */
+	c = composite_create(mem_ctx, ctx->event_ctx);
+	if (c == NULL) return c;
+
+	s = talloc_zero(c, struct domain_open_lsa_state);
+	if (composite_nomem(s, c)) return c;
+
+	c->private_data = s;
+
+	/* store arguments in the state structure */
+	s->name         = talloc_strdup(c, io->in.domain_name);
+	s->access_mask  = io->in.access_mask;
+	s->ctx          = ctx;
+
+	/* check, if there's lsa pipe opened already, before opening a handle */
+	if (ctx->lsa.pipe == NULL) {
+
+		ZERO_STRUCT(s->rpcconn);
+
+		/* attempting to connect a domain controller */
+		s->rpcconn.level           = LIBNET_RPC_CONNECT_DC;
+		s->rpcconn.in.name         = talloc_strdup(c, io->in.domain_name);
+		s->rpcconn.in.dcerpc_iface = &ndr_table_lsarpc;
+		
+		/* send rpc pipe connect request */
+		rpcconn_req = libnet_RpcConnect_send(ctx, c, &s->rpcconn, s->monitor_fn);
+		if (composite_nomem(rpcconn_req, c)) return c;
+
+		composite_continue(c, rpcconn_req, continue_rpc_connect_lsa, c);
+		return c;
+	}
+
+	s->pipe = ctx->lsa.pipe;
+
+	/* preparing parameters for lsa_OpenPolicy2 rpc call */
+	s->openpol.in.system_name = s->name;
+	s->openpol.in.access_mask = s->access_mask;
+	s->openpol.in.attr        = talloc_zero(c, struct lsa_ObjectAttribute);
+
+	qos = talloc_zero(c, struct lsa_QosInfo);
+	qos->len                 = 0;
+	qos->impersonation_level = 2;
+	qos->context_mode        = 1;
+	qos->effective_only      = 0;
+
+	s->openpol.in.attr->sec_qos = qos;
+	s->openpol.out.handle       = &s->handle;
+	
+	/* send rpc request */
+	subreq = dcerpc_lsa_OpenPolicy2_r_send(s, c->event_ctx,
+					       s->pipe->binding_handle,
+					       &s->openpol);
+	if (composite_nomem(subreq, c)) return c;
+
+	tevent_req_set_callback(subreq, continue_lsa_policy_open, c);
+	return c;
+}
+
+
+/*
+  Stage 0.5 (optional): Rpc pipe connected, send lsa open policy request
+ */
+static void continue_rpc_connect_lsa(struct composite_context *ctx)
+{
+	struct composite_context *c;
+	struct domain_open_lsa_state *s;
+	struct lsa_QosInfo *qos;
+	struct tevent_req *subreq;
+
+	c = talloc_get_type_abort(ctx->async.private_data, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct domain_open_lsa_state);
+
+	/* receive rpc connection */
+	c->status = libnet_RpcConnect_recv(ctx, s->ctx, c, &s->rpcconn);
+	if (!composite_is_ok(c)) return;
+
+	/* RpcConnect function leaves the pipe in libnet context,
+	   so get it from there */
+	s->pipe = s->ctx->lsa.pipe;
+
+	/* prepare lsa_OpenPolicy2 call */
+	s->openpol.in.system_name = s->name;
+	s->openpol.in.access_mask = s->access_mask;
+	s->openpol.in.attr        = talloc_zero(c, struct lsa_ObjectAttribute);
+
+	qos = talloc_zero(c, struct lsa_QosInfo);
+	qos->len                 = 0;
+	qos->impersonation_level = 2;
+	qos->context_mode        = 1;
+	qos->effective_only      = 0;
+
+	s->openpol.in.attr->sec_qos = qos;
+	s->openpol.out.handle       = &s->handle;
+
+	/* send rpc request */
+	subreq = dcerpc_lsa_OpenPolicy2_r_send(s, c->event_ctx,
+					       s->pipe->binding_handle,
+					       &s->openpol);
+	if (composite_nomem(subreq, c)) return;
+
+	tevent_req_set_callback(subreq, continue_lsa_policy_open, c);
+}
+
+
+/*
+  Stage 1: Lsa policy opened - we're done, if successfully
+ */
+static void continue_lsa_policy_open(struct tevent_req *subreq)
+{
+	struct composite_context *c;
+	struct domain_open_lsa_state *s;
+
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct domain_open_lsa_state);
+
+	c->status = dcerpc_lsa_OpenPolicy2_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	if (s->monitor_fn) {
+		struct monitor_msg msg;
+		
+		msg.type      = mon_LsaOpenPolicy;
+		msg.data      = NULL;
+		msg.data_size = 0;
+		s->monitor_fn(&msg);
+	}
+
+	composite_done(c);
+}
+
+
+/**
+ * Receives result of asynchronous DomainOpenLsa call
+ *
+ * @param c composite context returned by asynchronous DomainOpenLsa call
+ * @param ctx initialised libnet context
+ * @param mem_ctx memory context of the call
+ * @param io pointer to results (and arguments) of the call
+ * @return nt status code of execution
+ */
+
+NTSTATUS libnet_DomainOpenLsa_recv(struct composite_context *c, struct libnet_context *ctx,
+				   TALLOC_CTX *mem_ctx, struct libnet_DomainOpen *io)
+{
+	NTSTATUS status;
+	struct domain_open_lsa_state *s;
+
+	status = composite_wait(c);
+
+	if (NT_STATUS_IS_OK(status) && io) {
+		/* everything went fine - get the results and
+		   return the error string */
+		s = talloc_get_type_abort(c->private_data, struct domain_open_lsa_state);
+		io->out.domain_handle = s->handle;
+
+		ctx->lsa.handle      = s->handle;
+		ctx->lsa.name        = talloc_steal(ctx, s->name);
+		ctx->lsa.access_mask = s->access_mask;
+		
+		io->out.error_string = talloc_strdup(mem_ctx, "Success");
+
+	} else if (!NT_STATUS_IS_OK(status)) {
+		/* there was an error, so provide nt status code description */
+		io->out.error_string = talloc_asprintf(mem_ctx,
+						       "Failed to open domain: %s",
+						       nt_errstr(status));
+	}
+
+	talloc_free(c);
+	return status;
+}
+
+
+/**
+ * Sends a request to open a domain in desired service
+ *
+ * @param ctx initialised libnet context
+ * @param io arguments and results of the call
+ * @param monitor pointer to monitor function that is passed monitor message
+ */
+
+struct composite_context* libnet_DomainOpen_send(struct libnet_context *ctx,
+						 TALLOC_CTX *mem_ctx,
+						 struct libnet_DomainOpen *io,
+						 void (*monitor)(struct monitor_msg*))
+{
+	struct composite_context *c;
+
+	switch (io->in.type) {
+	case DOMAIN_LSA:
+		/* request to open a policy handle on \pipe\lsarpc */
+		c = libnet_DomainOpenLsa_send(ctx, mem_ctx, io, monitor);
+		break;
+
+	case DOMAIN_SAMR:
+	default:
+		/* request to open a domain policy handle on \pipe\samr */
+		c = libnet_DomainOpenSamr_send(ctx, mem_ctx, io, monitor);
+		break;
+	}
+
+	return c;
+}
+
+
+/**
+ * Receive result of domain open request
+ *
+ * @param c composite context returned by DomainOpen_send function
+ * @param ctx initialised libnet context
+ * @param mem_ctx memory context of the call
+ * @param io results and arguments of the call
+ */
+
+NTSTATUS libnet_DomainOpen_recv(struct composite_context *c, struct libnet_context *ctx,
+				TALLOC_CTX *mem_ctx, struct libnet_DomainOpen *io)
+{
+	NTSTATUS status;
+
+	switch (io->in.type) {
+	case DOMAIN_LSA:
+		status = libnet_DomainOpenLsa_recv(c, ctx, mem_ctx, io);
+		break;
+
+	case DOMAIN_SAMR:
+	default:
+		status = libnet_DomainOpenSamr_recv(c, ctx, mem_ctx, io);
+		break;
+	}
+	
+	return status;
+}
+
+
+/**
+ * Synchronous version of DomainOpen call
+ *
+ * @param ctx initialised libnet context
+ * @param mem_ctx memory context for the call
+ * @param io arguments and results of the call
+ * @return nt status code of execution
+ */
+
+NTSTATUS libnet_DomainOpen(struct libnet_context *ctx,
+			   TALLOC_CTX *mem_ctx,
+			   struct libnet_DomainOpen *io)
+{
+	struct composite_context *c = libnet_DomainOpen_send(ctx, mem_ctx, io, NULL);
+	return libnet_DomainOpen_recv(c, ctx, mem_ctx, io);
+}
+
+
+struct domain_close_lsa_state {
+	struct dcerpc_pipe *pipe;
+	struct lsa_Close close;
+	struct policy_handle handle;
+
+	void (*monitor_fn)(struct monitor_msg*);
+};
+
+
+static void continue_lsa_close(struct tevent_req *subreq);
+
+
+struct composite_context* libnet_DomainCloseLsa_send(struct libnet_context *ctx,
+						     TALLOC_CTX *mem_ctx,
+						     struct libnet_DomainClose *io,
+						     void (*monitor)(struct monitor_msg*))
+{
+	struct composite_context *c;
+	struct domain_close_lsa_state *s;
+	struct tevent_req *subreq;
+
+	/* composite context and state structure allocation */
+	c = composite_create(mem_ctx, ctx->event_ctx);
+	if (c == NULL) return c;
+
+	s = talloc_zero(c, struct domain_close_lsa_state);
+	if (composite_nomem(s, c)) return c;
+
+	c->private_data = s;
+	s->monitor_fn   = monitor;
+
+	/* TODO: check if lsa pipe pointer is non-null */
+
+	if (!strequal(ctx->lsa.name, io->in.domain_name)) {
+		composite_error(c, NT_STATUS_INVALID_PARAMETER);
+		return c;
+	}
+
+	/* get opened lsarpc pipe pointer */
+	s->pipe = ctx->lsa.pipe;
+	
+	/* prepare close handle call arguments */
+	s->close.in.handle  = &ctx->lsa.handle;
+	s->close.out.handle = &s->handle;
+
+	/* send the request */
+	subreq = dcerpc_lsa_Close_r_send(s, c->event_ctx,
+					 s->pipe->binding_handle,
+					 &s->close);
+	if (composite_nomem(subreq, c)) return c;
+
+	tevent_req_set_callback(subreq, continue_lsa_close, c);
+	return c;
+}
+
+
+/*
+  Stage 1: Receive result of lsa close call
+*/
+static void continue_lsa_close(struct tevent_req *subreq)
+{
+	struct composite_context *c;
+	struct domain_close_lsa_state *s;
+	
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct domain_close_lsa_state);
+
+	c->status = dcerpc_lsa_Close_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	if (s->monitor_fn) {
+		struct monitor_msg msg;
+
+		msg.type      = mon_LsaClose;
+		msg.data      = NULL;
+		msg.data_size = 0;
+		s->monitor_fn(&msg);
+	}
+
+	composite_done(c);
+}
+
+
+NTSTATUS libnet_DomainCloseLsa_recv(struct composite_context *c, struct libnet_context *ctx,
+				    TALLOC_CTX *mem_ctx, struct libnet_DomainClose *io)
+{
+	NTSTATUS status;
+
+	status = composite_wait(c);
+
+	if (NT_STATUS_IS_OK(status) && io) {
+		/* policy handle closed successfully */
+
+		ctx->lsa.name = NULL;
+		ZERO_STRUCT(ctx->lsa.handle);
+
+		io->out.error_string = talloc_asprintf(mem_ctx, "Success");
+
+	} else if (!NT_STATUS_IS_OK(status)) {
+		/* there was an error, so return description of the status code */
+		io->out.error_string = talloc_asprintf(mem_ctx, "Error: %s", nt_errstr(status));
+	}
+
+	talloc_free(c);
+	return status;
+}
+
+
+struct domain_close_samr_state {
+	struct samr_Close close;
+	struct policy_handle handle;
+	
+	void (*monitor_fn)(struct monitor_msg*);
+};
+
+
+static void continue_samr_close(struct tevent_req *subreq);
+
+
+struct composite_context* libnet_DomainCloseSamr_send(struct libnet_context *ctx,
+						      TALLOC_CTX *mem_ctx,
+						      struct libnet_DomainClose *io,
+						      void (*monitor)(struct monitor_msg*))
+{
+	struct composite_context *c;
+	struct domain_close_samr_state *s;
+	struct tevent_req *subreq;
+
+	/* composite context and state structure allocation */
+	c = composite_create(mem_ctx, ctx->event_ctx);
+	if (c == NULL) return c;
+
+	s = talloc_zero(c, struct domain_close_samr_state);
+	if (composite_nomem(s, c)) return c;
+
+	c->private_data = s;
+	s->monitor_fn   = monitor;
+
+	/* TODO: check if samr pipe pointer is non-null */
+
+	if (!strequal(ctx->samr.name, io->in.domain_name)) {
+		composite_error(c, NT_STATUS_INVALID_PARAMETER);
+		return c;
+	}
+
+	/* prepare close domain handle call arguments */
+	ZERO_STRUCT(s->close);
+	s->close.in.handle  = &ctx->samr.handle;
+	s->close.out.handle = &s->handle;
+
+	/* send the request */
+	subreq = dcerpc_samr_Close_r_send(s, c->event_ctx,
+					  ctx->samr.pipe->binding_handle,
+					  &s->close);
+	if (composite_nomem(subreq, c)) return c;
+
+	tevent_req_set_callback(subreq, continue_samr_close, c);
+	return c;
+}
+
+
+/*
+  Stage 1: Receive result of samr close call
+*/
+static void continue_samr_close(struct tevent_req *subreq)
+{
+	struct composite_context *c;
+	struct domain_close_samr_state *s;
+
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct domain_close_samr_state);
+	
+	c->status = dcerpc_samr_Close_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	if (s->monitor_fn) {
+		struct monitor_msg msg;
+		
+		msg.type      = mon_SamrClose;
+		msg.data      = NULL;
+		msg.data_size = 0;
+		s->monitor_fn(&msg);
+	}
+	
+	composite_done(c);
+}
+
+
+NTSTATUS libnet_DomainCloseSamr_recv(struct composite_context *c, struct libnet_context *ctx,
+				     TALLOC_CTX *mem_ctx, struct libnet_DomainClose *io)
+{
+	NTSTATUS status;
+
+	status = composite_wait(c);
+
+	if (NT_STATUS_IS_OK(status) && io) {
+		/* domain policy handle closed successfully */
+
+		ZERO_STRUCT(ctx->samr.handle);
+		talloc_free(discard_const_p(char, ctx->samr.name));
+		talloc_free(ctx->samr.sid);
+		ctx->samr.name = NULL;
+		ctx->samr.sid = NULL;
+
+		io->out.error_string = talloc_asprintf(mem_ctx, "Success");
+
+	} else if (!NT_STATUS_IS_OK(status)) {
+		/* there was an error, so return description of the status code */
+		io->out.error_string = talloc_asprintf(mem_ctx, "Error: %s", nt_errstr(status));
+	}
+
+	talloc_free(c);
+	return status;
+}
+
+
+struct composite_context* libnet_DomainClose_send(struct libnet_context *ctx,
+						  TALLOC_CTX *mem_ctx,
+						  struct libnet_DomainClose *io,
+						  void (*monitor)(struct monitor_msg*))
+{
+	struct composite_context *c;
+
+	switch (io->in.type) {
+	case DOMAIN_LSA:
+		/* request to close policy handle on \pipe\lsarpc */
+		c = libnet_DomainCloseLsa_send(ctx, mem_ctx, io, monitor);
+		break;
+
+	case DOMAIN_SAMR:
+	default:
+		/* request to close domain policy handle on \pipe\samr */
+		c = libnet_DomainCloseSamr_send(ctx, mem_ctx, io, monitor);
+		break;
+	}
+	
+	return c;
+}
+
+
+NTSTATUS libnet_DomainClose_recv(struct composite_context *c, struct libnet_context *ctx,
+				 TALLOC_CTX *mem_ctx, struct libnet_DomainClose *io)
+{
+	NTSTATUS status;
+
+	switch (io->in.type) {
+	case DOMAIN_LSA:
+		/* receive result of closing lsa policy handle */
+		status = libnet_DomainCloseLsa_recv(c, ctx, mem_ctx, io);
+		break;
+
+	case DOMAIN_SAMR:
+	default:
+		/* receive result of closing samr domain policy handle */
+		status = libnet_DomainCloseSamr_recv(c, ctx, mem_ctx, io);
+		break;
+	}
+	
+	return status;
+}
+
+
+NTSTATUS libnet_DomainClose(struct libnet_context *ctx, TALLOC_CTX *mem_ctx,
+			    struct libnet_DomainClose *io)
+{
+	struct composite_context *c;
+	
+	c = libnet_DomainClose_send(ctx, mem_ctx, io, NULL);
+	return libnet_DomainClose_recv(c, ctx, mem_ctx, io);
+}
+
+
+struct domain_list_state {	
+	struct libnet_context *ctx;
+	struct libnet_RpcConnect rpcconn;
+	struct samr_Connect samrconn;
+	struct samr_EnumDomains enumdom;
+	struct samr_Close samrclose;
+	const char *hostname;
+	struct policy_handle connect_handle;
+	int buf_size;
+	struct domainlist *domains;
+	uint32_t resume_handle;
+	uint32_t count;
+
+	void (*monitor_fn)(struct monitor_msg*);
+};
+
+
+static void continue_rpc_connect(struct composite_context *c);
+static void continue_samr_connect(struct tevent_req *subreq);
+static void continue_samr_enum_domains(struct tevent_req *subreq);
+static void continue_samr_close_handle(struct tevent_req *subreq);
+
+static struct domainlist* get_domain_list(TALLOC_CTX *mem_ctx, struct domain_list_state *s);
+
+
+/*
+  Stage 1: Receive connected rpc pipe and send connection
+  request to SAMR service
+*/
+static void continue_rpc_connect(struct composite_context *ctx)
+{
+	struct composite_context *c;
+	struct domain_list_state *s;
+	struct tevent_req *subreq;
+
+	c = talloc_get_type_abort(ctx->async.private_data, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct domain_list_state);
+	
+	c->status = libnet_RpcConnect_recv(ctx, s->ctx, c, &s->rpcconn);
+	if (!composite_is_ok(c)) return;
+
+	s->samrconn.in.system_name     = 0;
+	s->samrconn.in.access_mask     = SEC_GENERIC_READ;     /* should be enough */
+	s->samrconn.out.connect_handle = &s->connect_handle;
+
+	subreq = dcerpc_samr_Connect_r_send(s, c->event_ctx,
+					    s->ctx->samr.pipe->binding_handle,
+					    &s->samrconn);
+	if (composite_nomem(subreq, c)) return;
+
+	tevent_req_set_callback(subreq, continue_samr_connect, c);
+}
+
+
+/*
+  Stage 2: Receive policy handle to the connected SAMR service and issue
+  a request to enumerate domain databases available
+*/
+static void continue_samr_connect(struct tevent_req *subreq)
+{
+	struct composite_context *c;
+	struct domain_list_state *s;
+
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct domain_list_state);
+	
+	c->status = dcerpc_samr_Connect_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	if (s->monitor_fn) {
+		struct monitor_msg msg;
+		
+		msg.type      = mon_SamrConnect;
+		msg.data      = NULL;
+		msg.data_size = 0;
+		s->monitor_fn(&msg);
+	}
+
+	s->enumdom.in.connect_handle = &s->connect_handle;
+	s->enumdom.in.resume_handle  = &s->resume_handle;
+	s->enumdom.in.buf_size       = s->buf_size;
+	s->enumdom.out.resume_handle = &s->resume_handle;
+	s->enumdom.out.num_entries   = talloc(s, uint32_t);
+	if (composite_nomem(s->enumdom.out.num_entries, c)) return;
+	s->enumdom.out.sam           = talloc(s, struct samr_SamArray *);
+	if (composite_nomem(s->enumdom.out.sam, c)) return;
+
+	subreq = dcerpc_samr_EnumDomains_r_send(s, c->event_ctx,
+						s->ctx->samr.pipe->binding_handle,
+						&s->enumdom);
+	if (composite_nomem(subreq, c)) return;
+
+	tevent_req_set_callback(subreq, continue_samr_enum_domains, c);
+}
+
+
+/*
+  Stage 3: Receive domain names available and repeat the request
+  enumeration is not complete yet. Close samr connection handle
+  upon completion.
+*/
+static void continue_samr_enum_domains(struct tevent_req *subreq)
+{
+	struct composite_context *c;
+	struct domain_list_state *s;
+
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct domain_list_state);
+	
+	c->status = dcerpc_samr_EnumDomains_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	if (s->monitor_fn) {
+		struct monitor_msg msg;
+		
+		msg.type      = mon_SamrEnumDomains;
+		msg.data      = NULL;
+		msg.data_size = 0;
+		s->monitor_fn(&msg);
+	}
+
+	if (NT_STATUS_IS_OK(s->enumdom.out.result)) {
+
+		s->domains = get_domain_list(c, s);
+
+	} else if (NT_STATUS_EQUAL(s->enumdom.out.result, STATUS_MORE_ENTRIES)) {
+		
+		s->domains = get_domain_list(c, s);
+		
+		/* prepare next round of enumeration */
+		s->enumdom.in.connect_handle = &s->connect_handle;
+		s->enumdom.in.resume_handle  = &s->resume_handle;
+		s->enumdom.in.buf_size       = s->ctx->samr.buf_size;
+		s->enumdom.out.resume_handle = &s->resume_handle;
+
+		/* send the request */
+		subreq = dcerpc_samr_EnumDomains_r_send(s, c->event_ctx,
+							s->ctx->samr.pipe->binding_handle,
+							&s->enumdom);
+		if (composite_nomem(subreq, c)) return;
+
+		tevent_req_set_callback(subreq, continue_samr_enum_domains, c);
+
+	} else {
+		composite_error(c, s->enumdom.out.result);
+		return;
+	}
+
+	/* close samr connection handle */
+	s->samrclose.in.handle  = &s->connect_handle;
+	s->samrclose.out.handle = &s->connect_handle;
+	
+	/* send the request */
+	subreq = dcerpc_samr_Close_r_send(s, c->event_ctx,
+					  s->ctx->samr.pipe->binding_handle,
+					  &s->samrclose);
+	if (composite_nomem(subreq, c)) return;
+
+	tevent_req_set_callback(subreq, continue_samr_close_handle, c);
+}
+
+
+/*
+  Stage 4: Receive result of closing samr connection handle.
+*/
+static void continue_samr_close_handle(struct tevent_req *subreq)
+{
+	struct composite_context *c;
+	struct domain_list_state *s;
+
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct domain_list_state);
+
+	c->status = dcerpc_samr_Close_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	if (s->monitor_fn) {
+		struct monitor_msg msg;
+		
+		msg.type      = mon_SamrClose;
+		msg.data      = NULL;
+		msg.data_size = 0;
+		s->monitor_fn(&msg);
+	}
+
+	/* did everything go fine ? */
+	if (!NT_STATUS_IS_OK(s->samrclose.out.result)) {
+		composite_error(c, s->samrclose.out.result);
+		return;
+	}
+
+	composite_done(c);
+}
+
+
+/*
+  Utility function to copy domain names from result of samr_EnumDomains call
+*/
+static struct domainlist* get_domain_list(TALLOC_CTX *mem_ctx, struct domain_list_state *s)
+{
+	uint32_t i;
+	if (mem_ctx == NULL || s == NULL) return NULL;
+
+	/* prepare domains array */
+	if (s->domains == NULL) {
+		s->domains = talloc_array(mem_ctx, struct domainlist,
+					  *s->enumdom.out.num_entries);
+	} else {
+		s->domains = talloc_realloc(mem_ctx, s->domains, struct domainlist,
+					    s->count + *s->enumdom.out.num_entries);
+	}
+
+	/* copy domain names returned from samr_EnumDomains call */
+	for (i = s->count; i < s->count + *s->enumdom.out.num_entries; i++)
+	{
+		struct lsa_String *domain_name = &(*s->enumdom.out.sam)->entries[i - s->count].name;
+
+		/* strdup name as a child of allocated array to make it follow the array
+		   in case of talloc_steal or talloc_free */
+		s->domains[i].name = talloc_strdup(s->domains, domain_name->string);
+		s->domains[i].sid  = NULL;  /* this is to be filled out later */
+	}
+
+	/* number of entries returned (domains enumerated) */
+	s->count += *s->enumdom.out.num_entries;
+	
+	return s->domains;
+}
+
+
+/**
+ * Sends a request to list domains on given host
+ *
+ * @param ctx initialised libnet context
+ * @param mem_ctx memory context
+ * @param io arguments and results of the call
+ * @param monitor pointer to monitor function that is passed monitor messages
+ */
+
+struct composite_context* libnet_DomainList_send(struct libnet_context *ctx,
+						 TALLOC_CTX *mem_ctx,
+						 struct libnet_DomainList *io,
+						 void (*monitor)(struct monitor_msg*))
+{
+	struct composite_context *c;
+	struct domain_list_state *s;
+	struct composite_context *rpcconn_req;
+	struct tevent_req *subreq;
+
+	/* composite context and state structure allocation */
+	c = composite_create(ctx, ctx->event_ctx);
+	if (c == NULL) return c;
+
+	s = talloc_zero(c, struct domain_list_state);
+	if (composite_nomem(s, c)) return c;
+
+	c->private_data = s;
+	s->monitor_fn   = monitor;
+
+	s->ctx      = ctx;
+	s->hostname = talloc_strdup(c, io->in.hostname);
+	if (composite_nomem(s->hostname, c)) return c;
+
+	/* check whether samr pipe has already been opened */
+	if (ctx->samr.pipe == NULL) {
+		ZERO_STRUCT(s->rpcconn);
+
+		/* prepare rpc connect call */
+		s->rpcconn.level           = LIBNET_RPC_CONNECT_SERVER;
+		s->rpcconn.in.name         = s->hostname;
+		s->rpcconn.in.dcerpc_iface = &ndr_table_samr;
+
+		rpcconn_req = libnet_RpcConnect_send(ctx, c, &s->rpcconn, s->monitor_fn);
+		if (composite_nomem(rpcconn_req, c)) return c;
+		
+		composite_continue(c, rpcconn_req, continue_rpc_connect, c);
+
+	} else {
+		/* prepare samr_Connect call */
+		s->samrconn.in.system_name     = 0;
+		s->samrconn.in.access_mask     = SEC_GENERIC_READ;
+		s->samrconn.out.connect_handle = &s->connect_handle;
+		
+		subreq = dcerpc_samr_Connect_r_send(s, c->event_ctx,
+						    s->ctx->samr.pipe->binding_handle,
+						    &s->samrconn);
+		if (composite_nomem(subreq, c)) return c;
+
+		tevent_req_set_callback(subreq, continue_samr_connect, c);
+	}
+
+	return c;
+}
+
+
+/**
+ * Receive result of domain list request
+ *
+ * @param c composite context returned by DomainList_send function
+ * @param ctx initialised libnet context
+ * @param mem_ctx memory context of the call
+ * @param io results and arguments of the call
+ */
+
+NTSTATUS libnet_DomainList_recv(struct composite_context *c, struct libnet_context *ctx,
+				TALLOC_CTX *mem_ctx, struct libnet_DomainList *io)
+{
+	NTSTATUS status;
+	struct domain_list_state *s;
+
+	status = composite_wait(c);
+
+	s = talloc_get_type_abort(c->private_data, struct domain_list_state);
+
+	if (NT_STATUS_IS_OK(status) && ctx && mem_ctx && io) {
+		/* fetch the results to be returned by io structure */
+		io->out.count        = s->count;
+		io->out.domains      = talloc_steal(mem_ctx, s->domains);
+		io->out.error_string = talloc_asprintf(mem_ctx, "Success");
+
+	} else if (!NT_STATUS_IS_OK(status)) {
+		/* there was an error, so return description of the status code */
+		io->out.error_string = talloc_asprintf(mem_ctx, "Error: %s", nt_errstr(status));
+	}
+
+	talloc_free(c);
+	return status;
+}
+
+
+/**
+ * Synchronous version of DomainList call
+ *
+ * @param ctx initialised libnet context
+ * @param mem_ctx memory context for the call
+ * @param io arguments and results of the call
+ * @return nt status code of execution
+ */
+
+NTSTATUS libnet_DomainList(struct libnet_context *ctx, TALLOC_CTX *mem_ctx,
+			   struct libnet_DomainList *io)
+{
+	struct composite_context *c;
+
+	c = libnet_DomainList_send(ctx, mem_ctx, io, NULL);
+	return libnet_DomainList_recv(c, ctx, mem_ctx, io);
+}
diff --git a/source4/libnet/libnet_domain.h b/source4/libnet/libnet_domain.h
new file mode 100644
index 0000000..ae698e3
--- /dev/null
+++ b/source4/libnet/libnet_domain.h
@@ -0,0 +1,70 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Rafal Szczesniak 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+enum service_type { DOMAIN_SAMR, DOMAIN_LSA };
+
+/*
+ * struct definition for opening a domain
+ */
+
+struct libnet_DomainOpen {
+	struct {
+		enum service_type type;
+		const char *domain_name;
+		uint32_t access_mask;
+	} in;
+	struct {
+		struct policy_handle domain_handle;
+		const char *error_string;
+	} out;
+};
+
+
+struct libnet_DomainClose {
+	struct {
+		enum service_type type;
+		const char *domain_name;
+	} in;
+	struct {
+		const char *error_string;
+	} out;
+};
+
+
+struct libnet_DomainList {
+	struct {
+		const char *hostname;
+	} in;
+	struct {
+		int count;
+		
+		struct domainlist {
+			const char *sid;
+			const char *name;
+		} *domains;
+
+		const char *error_string;
+	} out;
+};
+
+
+struct msg_rpc_lookup_domain {
+	const char *domain_name;
+};
diff --git a/source4/libnet/libnet_export_keytab.c b/source4/libnet/libnet_export_keytab.c
new file mode 100644
index 0000000..8f548e1
--- /dev/null
+++ b/source4/libnet/libnet_export_keytab.c
@@ -0,0 +1,206 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2009
+   Copyright (C) Andreas Schneider <asn@samba.org> 2016
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/kerberos.h"
+#include "auth/kerberos/kerberos.h"
+#include "kdc/samba_kdc.h"
+#include "libnet/libnet_export_keytab.h"
+
+#include "kdc/db-glue.h"
+#include "kdc/sdb.h"
+
+static NTSTATUS sdb_kt_copy(TALLOC_CTX *mem_ctx,
+			    krb5_context context,
+			    struct samba_kdc_db_context *db_ctx,
+			    const char *keytab_name,
+			    const char *principal,
+			    const char **error_string)
+{
+	struct sdb_entry sentry = {};
+	krb5_keytab keytab;
+	krb5_error_code code = 0;
+	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+	char *entry_principal = NULL;
+	bool copy_one_principal = (principal != NULL);
+	krb5_data password;
+
+	code = smb_krb5_kt_open_relative(context,
+					 keytab_name,
+					 true, /* write_access */
+					 &keytab);
+	if (code != 0) {
+		*error_string = talloc_asprintf(mem_ctx,
+						"Failed to open keytab: %s",
+						keytab_name);
+		status = NT_STATUS_NO_SUCH_FILE;
+		goto done;
+	}
+
+	if (copy_one_principal) {
+		krb5_principal k5_princ;
+
+		code = smb_krb5_parse_name(context, principal, &k5_princ);
+		if (code != 0) {
+			*error_string = smb_get_krb5_error_message(context,
+								   code,
+								   mem_ctx);
+			status = NT_STATUS_UNSUCCESSFUL;
+			goto done;
+		}
+
+		code = samba_kdc_fetch(context, db_ctx, k5_princ,
+				       SDB_F_GET_ANY | SDB_F_ADMIN_DATA,
+				       0, &sentry);
+
+		krb5_free_principal(context, k5_princ);
+	} else {
+		code = samba_kdc_firstkey(context, db_ctx, &sentry);
+	}
+
+	for (; code == 0; code = samba_kdc_nextkey(context, db_ctx, &sentry)) {
+		int i;
+
+		code = krb5_unparse_name(context,
+					 sentry.principal,
+					 &entry_principal);
+		if (code != 0) {
+			*error_string = smb_get_krb5_error_message(context,
+								   code,
+								   mem_ctx);
+			status = NT_STATUS_UNSUCCESSFUL;
+			goto done;
+		}
+
+		if (sentry.keys.len == 0) {
+			SAFE_FREE(entry_principal);
+			sdb_entry_free(&sentry);
+
+			continue;
+		}
+
+		for (i = 0; i < sentry.keys.len; i++) {
+			struct sdb_key *s = &(sentry.keys.val[i]);
+			krb5_enctype enctype;
+
+			enctype = KRB5_KEY_TYPE(&(s->key));
+			password.length = KRB5_KEY_LENGTH(&s->key);
+			password.data = (char *)KRB5_KEY_DATA(&s->key);
+
+			DBG_INFO("smb_krb5_kt_add_entry for enctype=0x%04x\n",
+				  (int)enctype);
+			code = smb_krb5_kt_add_entry(context,
+						     keytab,
+						     sentry.kvno,
+						     entry_principal,
+						     NULL,
+						     enctype,
+						     &password,
+						     true);    /* no_salt */
+			if (code != 0) {
+				status = NT_STATUS_UNSUCCESSFUL;
+				*error_string = smb_get_krb5_error_message(context,
+									   code,
+									   mem_ctx);
+				DEBUG(0, ("smb_krb5_kt_add_entry failed code=%d, error = %s\n",
+					  code, *error_string));
+				goto done;
+			}
+		}
+
+		if (copy_one_principal) {
+			break;
+		}
+
+		SAFE_FREE(entry_principal);
+		sdb_entry_free(&sentry);
+	}
+
+	if (code != 0 && code != SDB_ERR_NOENTRY) {
+		*error_string = smb_get_krb5_error_message(context,
+							   code,
+							   mem_ctx);
+		status = NT_STATUS_NO_SUCH_USER;
+		goto done;
+	}
+
+	status = NT_STATUS_OK;
+done:
+	SAFE_FREE(entry_principal);
+	sdb_entry_free(&sentry);
+
+	return status;
+}
+
+NTSTATUS libnet_export_keytab(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_export_keytab *r)
+{
+	krb5_error_code ret;
+	struct smb_krb5_context *smb_krb5_context;
+	struct samba_kdc_base_context *base_ctx;
+	struct samba_kdc_db_context *db_ctx = NULL;
+	const char *error_string = NULL;
+	NTSTATUS status;
+
+	ret = smb_krb5_init_context(ctx, ctx->lp_ctx, &smb_krb5_context);
+	if (ret) {
+		return NT_STATUS_NO_MEMORY; 
+	}
+
+	base_ctx = talloc_zero(mem_ctx, struct samba_kdc_base_context);
+	if (base_ctx == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	base_ctx->ev_ctx = ctx->event_ctx;
+	base_ctx->lp_ctx = ctx->lp_ctx;
+
+	status = samba_kdc_setup_db_ctx(mem_ctx, base_ctx, &db_ctx);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (r->in.principal != NULL) {
+		DEBUG(0, ("Export one principal to %s\n", r->in.keytab_name));
+		status = sdb_kt_copy(mem_ctx,
+				     smb_krb5_context->krb5_context,
+				     db_ctx,
+				     r->in.keytab_name,
+				     r->in.principal,
+				     &error_string);
+	} else {
+		unlink(r->in.keytab_name);
+		DEBUG(0, ("Export complete keytab to %s\n", r->in.keytab_name));
+		status = sdb_kt_copy(mem_ctx,
+				     smb_krb5_context->krb5_context,
+				     db_ctx,
+				     r->in.keytab_name,
+				     NULL,
+				     &error_string);
+	}
+
+	talloc_free(db_ctx);
+	talloc_free(base_ctx);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		r->out.error_string = error_string;
+	}
+
+	return status;
+}
diff --git a/source4/libnet/libnet_export_keytab.h b/source4/libnet/libnet_export_keytab.h
new file mode 100644
index 0000000..2b4bdcd
--- /dev/null
+++ b/source4/libnet/libnet_export_keytab.h
@@ -0,0 +1,32 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2009
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+#include "includes.h"
+#include "libnet/libnet.h"
+
+struct libnet_export_keytab {
+	struct {
+		const char *keytab_name;
+		const char *principal;
+	} in;
+	struct {
+		const char *error_string;
+	} out;
+};
+
+NTSTATUS libnet_export_keytab(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_export_keytab *r);
diff --git a/source4/libnet/libnet_group.c b/source4/libnet/libnet_group.c
new file mode 100644
index 0000000..73dcacf
--- /dev/null
+++ b/source4/libnet/libnet_group.c
@@ -0,0 +1,764 @@
+/* 
+   Unix SMB/CIFS implementation.
+   
+   Copyright (C) Rafal Szczesniak  2007
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include "includes.h"
+#include "libnet/libnet.h"
+#include "libcli/composite/composite.h"
+#include "librpc/gen_ndr/lsa.h"
+#include "librpc/gen_ndr/ndr_lsa_c.h"
+#include "librpc/gen_ndr/samr.h"
+#include "librpc/gen_ndr/ndr_samr_c.h"
+#include "libcli/security/security.h"
+
+
+struct create_group_state {
+	struct libnet_context *ctx;
+	struct libnet_CreateGroup r;
+	struct libnet_DomainOpen domain_open;
+	struct libnet_rpc_groupadd group_add;
+
+	/* information about the progress */
+	void (*monitor_fn)(struct monitor_msg *);
+};
+
+
+static void continue_domain_opened(struct composite_context *ctx);
+static void continue_rpc_group_added(struct composite_context *ctx);
+
+
+struct composite_context* libnet_CreateGroup_send(struct libnet_context *ctx,
+						  TALLOC_CTX *mem_ctx,
+						  struct libnet_CreateGroup *r,
+						  void (*monitor)(struct monitor_msg*))
+{
+	struct composite_context *c;
+	struct create_group_state *s;
+	struct composite_context *create_req;
+	bool prereq_met = false;
+
+	/* composite context allocation and setup */
+	c = composite_create(mem_ctx, ctx->event_ctx);
+	if (c == NULL) return NULL;
+
+	s = talloc_zero(c, struct create_group_state);
+	if (composite_nomem(s, c)) return c;
+
+	c->private_data = s;
+
+	s->ctx = ctx;
+	s->r   = *r;
+	ZERO_STRUCT(s->r.out);
+
+	/* prerequisite: make sure we have a valid samr domain handle */
+	prereq_met = samr_domain_opened(ctx, c, s->r.in.domain_name, &c, &s->domain_open,
+					continue_domain_opened, monitor);
+	if (!prereq_met) return c;
+
+	/* prepare arguments of rpc group add call */
+	s->group_add.in.groupname     = r->in.group_name;
+	s->group_add.in.domain_handle = ctx->samr.handle;
+
+	/* send the request */
+	create_req = libnet_rpc_groupadd_send(s, s->ctx->event_ctx,
+					      ctx->samr.samr_handle,
+					      &s->group_add, monitor);
+	if (composite_nomem(create_req, c)) return c;
+
+	composite_continue(c, create_req, continue_rpc_group_added, c);
+	return c;
+}
+
+
+static void continue_domain_opened(struct composite_context *ctx)
+{
+	struct composite_context *c;
+	struct create_group_state *s;
+	struct composite_context *create_req;
+	
+	c = talloc_get_type_abort(ctx->async.private_data, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct create_group_state);
+
+	c->status = libnet_DomainOpen_recv(ctx, s->ctx, c, &s->domain_open);
+	if (!composite_is_ok(c)) return;
+
+	/* prepare arguments of groupadd call */
+	s->group_add.in.groupname     = s->r.in.group_name;
+	s->group_add.in.domain_handle = s->ctx->samr.handle;
+
+	/* send the request */
+	create_req = libnet_rpc_groupadd_send(s, s->ctx->event_ctx,
+					      s->ctx->samr.samr_handle,
+					      &s->group_add, s->monitor_fn);
+	if (composite_nomem(create_req, c)) return;
+
+	composite_continue(c, create_req, continue_rpc_group_added, c);
+}
+
+
+static void continue_rpc_group_added(struct composite_context *ctx)
+{
+	struct composite_context *c;
+	struct create_group_state *s;
+
+	c = talloc_get_type_abort(ctx->async.private_data, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct create_group_state);
+
+	/* receive result of group add call */
+	c->status = libnet_rpc_groupadd_recv(ctx, c, &s->group_add);
+	if (!composite_is_ok(c)) return;
+
+	/* we're done */
+	composite_done(c);
+}
+
+
+/**
+ * Receive result of CreateGroup call
+ *
+ * @param c composite context returned by send request routine
+ * @param mem_ctx memory context of this call
+ * @param r pointer to a structure containing arguments and result of this call
+ * @return nt status
+ */
+NTSTATUS libnet_CreateGroup_recv(struct composite_context *c,
+				 TALLOC_CTX *mem_ctx,
+				 struct libnet_CreateGroup *r)
+{
+	NTSTATUS status;
+
+	status = composite_wait(c);
+	if (!NT_STATUS_IS_OK(status)) {
+		r->out.error_string = talloc_strdup(mem_ctx, nt_errstr(status));
+	}
+
+	talloc_free(c);
+	return status;
+}
+
+
+/**
+ * Create domain group
+ *
+ * @param ctx initialised libnet context
+ * @param mem_ctx memory context of this call
+ * @param io pointer to structure containing arguments and result of this call
+ * @return nt status
+ */
+NTSTATUS libnet_CreateGroup(struct libnet_context *ctx, TALLOC_CTX *mem_ctx,
+			    struct libnet_CreateGroup *io)
+{
+	struct composite_context *c;
+
+	c = libnet_CreateGroup_send(ctx, mem_ctx, io, NULL);
+	return libnet_CreateGroup_recv(c, mem_ctx, io);
+}
+
+
+struct group_info_state {
+	struct libnet_context *ctx;
+	const char *domain_name;
+	enum libnet_GroupInfo_level level;
+	const char *group_name;
+	const char *sid_string;
+	struct libnet_LookupName lookup;
+	struct libnet_DomainOpen domopen;
+	struct libnet_rpc_groupinfo info;
+	
+	/* information about the progress */
+	void (*monitor_fn)(struct monitor_msg *);
+};
+
+
+static void continue_domain_open_info(struct composite_context *ctx);
+static void continue_name_found(struct composite_context *ctx);
+static void continue_group_info(struct composite_context *ctx);
+
+/**
+ * Sends request to get group information
+ *
+ * @param ctx initialised libnet context
+ * @param mem_ctx memory context of this call
+ * @param io pointer to structure containing arguments the call
+ * @param monitor function pointer for receiving monitor messages
+ * @return composite context of this request
+ */
+struct composite_context* libnet_GroupInfo_send(struct libnet_context *ctx,
+						TALLOC_CTX *mem_ctx,
+						struct libnet_GroupInfo *io,
+						void (*monitor)(struct monitor_msg*))
+{
+	struct composite_context *c;
+	struct group_info_state *s;
+	bool prereq_met = false;
+	struct composite_context *lookup_req, *info_req;
+
+	/* composite context allocation and setup */
+	c = composite_create(mem_ctx, ctx->event_ctx);
+	if (c == NULL) return NULL;
+
+	s = talloc_zero(c, struct group_info_state);
+	if (composite_nomem(s, c)) return c;
+
+	c->private_data = s;
+
+	/* store arguments in the state structure */
+	s->monitor_fn = monitor;
+	s->ctx = ctx;
+	s->domain_name = talloc_strdup(c, io->in.domain_name);
+	s->level = io->in.level;
+	switch(s->level) {
+	case GROUP_INFO_BY_NAME:
+		s->group_name = talloc_strdup(c, io->in.data.group_name);
+		s->sid_string = NULL;
+		break;
+	case GROUP_INFO_BY_SID:
+		s->group_name = NULL;
+		s->sid_string = dom_sid_string(c, io->in.data.group_sid);
+		break;
+	}
+
+	/* prerequisite: make sure the domain is opened */
+	prereq_met = samr_domain_opened(ctx, c, s->domain_name, &c, &s->domopen,
+					continue_domain_open_info, monitor);
+	if (!prereq_met) return c;
+
+	switch(s->level) {
+	case GROUP_INFO_BY_NAME:
+		/* prepare arguments for LookupName call */
+		s->lookup.in.name        = s->group_name;
+		s->lookup.in.domain_name = s->domain_name;
+
+		/* send the request */
+		lookup_req = libnet_LookupName_send(s->ctx, c, &s->lookup, s->monitor_fn);
+		if (composite_nomem(lookup_req, c)) return c;
+
+		/* set the next stage */
+		composite_continue(c, lookup_req, continue_name_found, c);
+		break;
+	case GROUP_INFO_BY_SID:
+		/* prepare arguments for groupinfo call */
+		s->info.in.domain_handle = s->ctx->samr.handle;
+		s->info.in.sid           = s->sid_string;
+		/* we're looking for all information available */
+		s->info.in.level         = GROUPINFOALL;
+
+		/* send the request */
+		info_req = libnet_rpc_groupinfo_send(s, s->ctx->event_ctx,
+						     s->ctx->samr.samr_handle,
+						     &s->info, s->monitor_fn);
+		if (composite_nomem(info_req, c)) return c;
+
+		/* set the next stage */
+		composite_continue(c, info_req, continue_group_info, c);
+		break;
+	}
+
+	return c;
+}
+
+
+/*
+ * Stage 0.5 (optional): receive opened domain and send lookup name request
+ */
+static void continue_domain_open_info(struct composite_context *ctx)
+{
+	struct composite_context *c;
+	struct group_info_state *s;
+	struct composite_context *lookup_req, *info_req;
+	
+	c = talloc_get_type_abort(ctx->async.private_data, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct group_info_state);
+	
+	/* receive domain handle */
+	c->status = libnet_DomainOpen_recv(ctx, s->ctx, c, &s->domopen);
+	if (!composite_is_ok(c)) return;
+
+	switch(s->level) {
+	case GROUP_INFO_BY_NAME:
+		/* prepare arguments for LookupName call */
+		s->lookup.in.name        = s->group_name;
+		s->lookup.in.domain_name = s->domain_name;
+
+		/* send the request */
+		lookup_req = libnet_LookupName_send(s->ctx, c, &s->lookup, s->monitor_fn);
+		if (composite_nomem(lookup_req, c)) return;
+
+		/* set the next stage */
+		composite_continue(c, lookup_req, continue_name_found, c);
+		break;
+	case GROUP_INFO_BY_SID:
+		/* prepare arguments for groupinfo call */
+		s->info.in.domain_handle = s->ctx->samr.handle;
+		s->info.in.sid           = s->sid_string;
+		/* we're looking for all information available */
+		s->info.in.level         = GROUPINFOALL;
+
+		/* send the request */
+		info_req = libnet_rpc_groupinfo_send(s, s->ctx->event_ctx,
+						     s->ctx->samr.samr_handle,
+						     &s->info, s->monitor_fn);
+		if (composite_nomem(info_req, c)) return;
+
+		/* set the next stage */
+		composite_continue(c, info_req, continue_group_info, c);
+		break;
+
+	}
+}
+
+
+/*
+ * Stage 1: Receive SID found and send request for group info
+ */
+static void continue_name_found(struct composite_context *ctx)
+{
+	struct composite_context *c;
+	struct group_info_state *s;
+	struct composite_context *info_req;
+
+	c = talloc_get_type_abort(ctx->async.private_data, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct group_info_state);
+
+	/* receive SID associated with name found */
+	c->status = libnet_LookupName_recv(ctx, c, &s->lookup);
+	if (!composite_is_ok(c)) return;
+
+	/* Is it a group SID actually ? */
+	if (s->lookup.out.sid_type != SID_NAME_DOM_GRP &&
+	    s->lookup.out.sid_type != SID_NAME_ALIAS) {
+		composite_error(c, NT_STATUS_NO_SUCH_GROUP);
+		return;
+	}
+
+	/* prepare arguments for groupinfo call */
+	s->info.in.domain_handle = s->ctx->samr.handle;
+	s->info.in.groupname     = s->group_name;
+	s->info.in.sid           = s->lookup.out.sidstr;
+	/* we're looking for all information available */
+	s->info.in.level         = GROUPINFOALL;
+
+	/* send the request */
+	info_req = libnet_rpc_groupinfo_send(s, s->ctx->event_ctx,
+					     s->ctx->samr.samr_handle,
+					     &s->info, s->monitor_fn);
+	if (composite_nomem(info_req, c)) return;
+
+	/* set the next stage */
+	composite_continue(c, info_req, continue_group_info, c);
+}
+
+
+/*
+ * Stage 2: Receive group information
+ */
+static void continue_group_info(struct composite_context *ctx)
+{
+	struct composite_context *c;
+	struct group_info_state *s;
+
+	c = talloc_get_type_abort(ctx->async.private_data, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct group_info_state);
+
+	/* receive group information */
+	c->status = libnet_rpc_groupinfo_recv(ctx, c, &s->info);
+	if (!composite_is_ok(c)) return;
+
+	/* we're done */
+	composite_done(c);
+}
+
+
+/*
+ * Receive group information
+ *
+ * @param c composite context returned by libnet_GroupInfo_send
+ * @param mem_ctx memory context of this call
+ * @param io pointer to structure receiving results of the call
+ * @result nt status
+ */
+NTSTATUS libnet_GroupInfo_recv(struct composite_context* c, TALLOC_CTX *mem_ctx,
+			       struct libnet_GroupInfo *io)
+{
+	NTSTATUS status;
+	struct group_info_state *s;
+	
+	status = composite_wait(c);
+	if (NT_STATUS_IS_OK(status)) {
+		/* put the results into io structure if everything went fine */
+		s = talloc_get_type_abort(c->private_data, struct group_info_state);
+
+		io->out.group_name = talloc_steal(mem_ctx,
+					s->info.out.info.all.name.string);
+		io->out.group_sid = talloc_steal(mem_ctx, s->lookup.out.sid);
+		io->out.num_members = s->info.out.info.all.num_members;
+		io->out.description = talloc_steal(mem_ctx, s->info.out.info.all.description.string);
+
+		io->out.error_string = talloc_strdup(mem_ctx, "Success");
+
+	} else {
+		io->out.error_string = talloc_asprintf(mem_ctx, "Error: %s", nt_errstr(status));
+	}
+
+	talloc_free(c);
+	return status;
+}
+
+
+/**
+ * Obtains specified group information
+ * 
+ * @param ctx initialised libnet context
+ * @param mem_ctx memory context of the call
+ * @param io pointer to a structure containing arguments and results of the call
+ */
+NTSTATUS libnet_GroupInfo(struct libnet_context *ctx, TALLOC_CTX *mem_ctx,
+			  struct libnet_GroupInfo *io)
+{
+	struct composite_context *c = libnet_GroupInfo_send(ctx, mem_ctx,
+							    io, NULL);
+	return libnet_GroupInfo_recv(c, mem_ctx, io);
+}
+
+
+struct grouplist_state {
+	struct libnet_context *ctx;
+	const char *domain_name;
+	struct lsa_DomainInfo dominfo;
+	int page_size;
+	uint32_t resume_index;
+	struct grouplist *groups;
+	uint32_t count;
+
+	struct libnet_DomainOpen domain_open;
+	struct lsa_QueryInfoPolicy query_domain;
+	struct samr_EnumDomainGroups group_list;
+
+	void (*monitor_fn)(struct monitor_msg*);
+};
+
+
+static void continue_lsa_domain_opened(struct composite_context *ctx);
+static void continue_domain_queried(struct tevent_req *subreq);
+static void continue_samr_domain_opened(struct composite_context *ctx);
+static void continue_groups_enumerated(struct tevent_req *subreq);
+
+
+/**
+ * Sends request to list (enumerate) group accounts
+ *
+ * @param ctx initialised libnet context
+ * @param mem_ctx memory context of this call
+ * @param io pointer to structure containing arguments and results of this call
+ * @param monitor function pointer for receiving monitor messages
+ * @return compostite context of this request
+ */
+struct composite_context *libnet_GroupList_send(struct libnet_context *ctx,
+						TALLOC_CTX *mem_ctx,
+						struct libnet_GroupList *io,
+						void (*monitor)(struct monitor_msg*))
+{
+	struct composite_context *c;
+	struct grouplist_state *s;
+	struct tevent_req *subreq;
+	bool prereq_met = false;
+
+	/* composite context allocation and setup */
+	c = composite_create(mem_ctx, ctx->event_ctx);
+	if (c == NULL) return NULL;
+
+	s = talloc_zero(c, struct grouplist_state);
+	if (composite_nomem(s, c)) return c;
+	
+	c->private_data = s;
+
+	/* store the arguments in the state structure */
+	s->ctx          = ctx;
+	s->page_size    = io->in.page_size;
+	s->resume_index = io->in.resume_index;
+	s->domain_name  = talloc_strdup(c, io->in.domain_name);
+	s->monitor_fn   = monitor;
+
+	/* make sure we have lsa domain handle before doing anything */
+	prereq_met = lsa_domain_opened(ctx, c, s->domain_name, &c, &s->domain_open,
+				       continue_lsa_domain_opened, monitor);
+	if (!prereq_met) return c;
+
+	/* prepare arguments of QueryDomainInfo call */
+	s->query_domain.in.handle = &ctx->lsa.handle;
+	s->query_domain.in.level  = LSA_POLICY_INFO_DOMAIN;
+	s->query_domain.out.info  = talloc_zero(c, union lsa_PolicyInformation *);
+	if (composite_nomem(s->query_domain.out.info, c)) return c;
+
+	/* send the request */
+	subreq = dcerpc_lsa_QueryInfoPolicy_r_send(s, c->event_ctx,
+						   ctx->lsa.pipe->binding_handle,
+						   &s->query_domain);
+	if (composite_nomem(subreq, c)) return c;
+	
+	tevent_req_set_callback(subreq, continue_domain_queried, c);
+	return c;
+}
+
+
+/*
+ * Stage 0.5 (optional): receive lsa domain handle and send
+ * request to query domain info
+ */
+static void continue_lsa_domain_opened(struct composite_context *ctx)
+{
+	struct composite_context *c;
+	struct grouplist_state *s;
+	struct tevent_req *subreq;
+	
+	c = talloc_get_type_abort(ctx->async.private_data, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct grouplist_state);
+
+	/* receive lsa domain handle */
+	c->status = libnet_DomainOpen_recv(ctx, s->ctx, c, &s->domain_open);
+	if (!composite_is_ok(c)) return;
+
+	/* prepare arguments of QueryDomainInfo call */
+	s->query_domain.in.handle = &s->ctx->lsa.handle;
+	s->query_domain.in.level  = LSA_POLICY_INFO_DOMAIN;
+	s->query_domain.out.info  = talloc_zero(c, union lsa_PolicyInformation *);
+	if (composite_nomem(s->query_domain.out.info, c)) return;
+
+	/* send the request */
+	subreq = dcerpc_lsa_QueryInfoPolicy_r_send(s, c->event_ctx,
+						   s->ctx->lsa.pipe->binding_handle,
+						   &s->query_domain);
+	if (composite_nomem(subreq, c)) return;
+
+	tevent_req_set_callback(subreq, continue_domain_queried, c);
+}
+
+
+/*
+ * Stage 1: receive domain info and request to enum groups
+ * provided a valid samr handle is opened
+ */
+static void continue_domain_queried(struct tevent_req *subreq)
+{
+	struct composite_context *c;
+	struct grouplist_state *s;
+	bool prereq_met = false;
+	
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct grouplist_state);
+
+	/* receive result of rpc request */
+	c->status = dcerpc_lsa_QueryInfoPolicy_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	/* get the returned domain info */
+	s->dominfo = (*s->query_domain.out.info)->domain;
+
+	/* make sure we have samr domain handle before continuing */
+	prereq_met = samr_domain_opened(s->ctx, c, s->domain_name, &c, &s->domain_open,
+					continue_samr_domain_opened, s->monitor_fn);
+	if (!prereq_met) return;
+
+	/* prepare arguments od EnumDomainGroups call */
+	s->group_list.in.domain_handle  = &s->ctx->samr.handle;
+	s->group_list.in.max_size       = s->page_size;
+	s->group_list.in.resume_handle  = &s->resume_index;
+	s->group_list.out.resume_handle = &s->resume_index;
+	s->group_list.out.num_entries   = talloc(s, uint32_t);
+	if (composite_nomem(s->group_list.out.num_entries, c)) return;
+	s->group_list.out.sam           = talloc(s, struct samr_SamArray *);
+	if (composite_nomem(s->group_list.out.sam, c)) return;
+
+	/* send the request */
+	subreq = dcerpc_samr_EnumDomainGroups_r_send(s, c->event_ctx,
+						     s->ctx->samr.pipe->binding_handle,
+						     &s->group_list);
+	if (composite_nomem(subreq, c)) return;
+
+	tevent_req_set_callback(subreq, continue_groups_enumerated, c);
+}
+
+
+/*
+ * Stage 1.5 (optional): receive samr domain handle
+ * and request to enumerate accounts
+ */
+static void continue_samr_domain_opened(struct composite_context *ctx)
+{
+	struct composite_context *c;
+	struct grouplist_state *s;
+	struct tevent_req *subreq;
+
+	c = talloc_get_type_abort(ctx->async.private_data, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct grouplist_state);
+
+	/* receive samr domain handle */
+	c->status = libnet_DomainOpen_recv(ctx, s->ctx, c, &s->domain_open);
+	if (!composite_is_ok(c)) return;
+
+	/* prepare arguments of EnumDomainGroups call */
+	s->group_list.in.domain_handle  = &s->ctx->samr.handle;
+	s->group_list.in.max_size       = s->page_size;
+	s->group_list.in.resume_handle  = &s->resume_index;
+	s->group_list.out.resume_handle = &s->resume_index;
+	s->group_list.out.num_entries   = talloc(s, uint32_t);
+	if (composite_nomem(s->group_list.out.num_entries, c)) return;
+	s->group_list.out.sam           = talloc(s, struct samr_SamArray *);
+	if (composite_nomem(s->group_list.out.sam, c)) return;
+
+	/* send the request */
+	subreq = dcerpc_samr_EnumDomainGroups_r_send(s, c->event_ctx,
+						     s->ctx->samr.pipe->binding_handle,
+						     &s->group_list);
+	if (composite_nomem(subreq, c)) return;
+
+	tevent_req_set_callback(subreq, continue_groups_enumerated, c);
+}
+
+
+/*
+ * Stage 2: receive enumerated groups and their rids
+ */
+static void continue_groups_enumerated(struct tevent_req *subreq)
+{
+	struct composite_context *c;
+	struct grouplist_state *s;
+	uint32_t i;
+
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct grouplist_state);
+
+	/* receive result of rpc request */
+	c->status = dcerpc_samr_EnumDomainGroups_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	/* get the actual status of the rpc call result
+	   (instead of rpc layer) */
+	c->status = s->group_list.out.result;
+
+	/* we're interested in status "ok" as well as two
+	   enum-specific status codes */
+	if (NT_STATUS_IS_OK(c->status) ||
+	    NT_STATUS_EQUAL(c->status, STATUS_MORE_ENTRIES) ||
+	    NT_STATUS_EQUAL(c->status, NT_STATUS_NO_MORE_ENTRIES)) {
+		
+		/* get enumerated accounts counter and resume handle (the latter allows
+		   making subsequent call to continue enumeration) */
+		s->resume_index = *s->group_list.out.resume_handle;
+		s->count        = *s->group_list.out.num_entries;
+
+		/* prepare returned group accounts array */
+		s->groups       = talloc_array(c, struct grouplist, (*s->group_list.out.sam)->count);
+		if (composite_nomem(s->groups, c)) return;
+
+		for (i = 0; i < (*s->group_list.out.sam)->count; i++) {
+			struct dom_sid *group_sid;
+			struct samr_SamEntry *entry = &(*s->group_list.out.sam)->entries[i];
+			struct dom_sid *domain_sid = (*s->query_domain.out.info)->domain.sid;
+			
+			/* construct group sid from returned rid and queried domain sid */
+			group_sid = dom_sid_add_rid(c, domain_sid, entry->idx);
+			if (composite_nomem(group_sid, c)) return;
+
+			/* groupname */
+			s->groups[i].groupname = talloc_strdup(s->groups, entry->name.string);
+			if (composite_nomem(s->groups[i].groupname, c)) return;
+
+			/* sid string */
+			s->groups[i].sid = dom_sid_string(s->groups, group_sid);
+			if (composite_nomem(s->groups[i].sid, c)) return;
+		}
+
+		/* that's it */
+		composite_done(c);
+		return;
+	} else {
+		/* something went wrong */
+		composite_error(c, c->status);
+		return;
+	}
+}
+
+
+/**
+ * Receive result of GroupList call
+ *
+ * @param c composite context returned by send request routine
+ * @param mem_ctx memory context of this call
+ * @param io pointer to structure containing arguments and result of this call
+ * @param nt status
+ */
+NTSTATUS libnet_GroupList_recv(struct composite_context *c, TALLOC_CTX *mem_ctx,
+			       struct libnet_GroupList *io)
+{
+	NTSTATUS status;
+	struct grouplist_state *s;
+
+	if (c == NULL || mem_ctx == NULL || io == NULL) {
+		talloc_free(c);
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	status = composite_wait(c);
+	if (NT_STATUS_IS_OK(status) ||
+	    NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES) ||
+	    NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES)) {
+		
+		s = talloc_get_type_abort(c->private_data, struct grouplist_state);
+		
+		/* get results from composite context */
+		io->out.count        = s->count;
+		io->out.resume_index = s->resume_index;
+		io->out.groups       = talloc_steal(mem_ctx, s->groups);
+
+		if (NT_STATUS_IS_OK(status)) {
+			io->out.error_string = talloc_asprintf(mem_ctx, "Success");
+		} else {
+			/* success, but we're not done yet */
+			io->out.error_string = talloc_asprintf(mem_ctx, "Success (status: %s)",
+							       nt_errstr(status));
+		}
+
+	} else {
+		io->out.error_string = talloc_asprintf(mem_ctx, "Error: %s", nt_errstr(status));
+	}
+
+	talloc_free(c);
+	return status;
+}
+
+
+/**
+ * Enumerate domain groups
+ *
+ * @param ctx initialised libnet context
+ * @param mem_ctx memory context of this call
+ * @param io pointer to structure containing arguments and result of this call
+ * @return nt status
+ */
+NTSTATUS libnet_GroupList(struct libnet_context *ctx, TALLOC_CTX *mem_ctx,
+			  struct libnet_GroupList *io)
+{
+	struct composite_context *c;
+
+	c = libnet_GroupList_send(ctx, mem_ctx, io, NULL);
+	return libnet_GroupList_recv(c, mem_ctx, io);
+}
diff --git a/source4/libnet/libnet_group.h b/source4/libnet/libnet_group.h
new file mode 100644
index 0000000..8ac4743
--- /dev/null
+++ b/source4/libnet/libnet_group.h
@@ -0,0 +1,74 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Rafal Szczesniak  2007
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+
+struct libnet_CreateGroup {
+	struct {
+		const char *group_name;
+		const char *domain_name;
+	} in;
+	struct {
+		const char *error_string;
+	} out;
+};
+
+enum libnet_GroupInfo_level {
+	GROUP_INFO_BY_NAME=0,
+	GROUP_INFO_BY_SID
+};
+
+struct libnet_GroupInfo {
+	struct {
+		const char *domain_name;
+		enum libnet_GroupInfo_level level;
+		union {
+			const char *group_name;
+			const struct dom_sid *group_sid;
+		} data;
+	} in;
+	struct {
+		const char *group_name;
+		struct dom_sid *group_sid;
+		uint32_t num_members;
+		const char *description;
+
+		const char *error_string;
+	} out;
+};
+
+
+struct libnet_GroupList {
+	struct {
+		const char *domain_name;
+		int page_size;
+		uint32_t resume_index;
+	} in;
+	struct {
+		int count;
+		uint32_t resume_index;
+		
+		struct grouplist {
+			const char *sid;
+			const char *groupname;
+		} *groups;
+
+		const char *error_string;
+	} out;
+};
diff --git a/source4/libnet/libnet_join.c b/source4/libnet/libnet_join.c
new file mode 100644
index 0000000..d1afb4f
--- /dev/null
+++ b/source4/libnet/libnet_join.c
@@ -0,0 +1,1021 @@
+/* 
+   Unix SMB/CIFS implementation.
+   
+   Copyright (C) Stefan Metzmacher	2004
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
+   Copyright (C) Brad Henry 2005
+ 
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libnet/libnet.h"
+#include "librpc/gen_ndr/ndr_drsuapi_c.h"
+#include <ldb.h>
+#include <ldb_errors.h>
+#include "dsdb/samdb/samdb.h"
+#include "ldb_wrap.h"
+#include "libcli/security/security.h"
+#include "auth/credentials/credentials.h"
+#include "auth/credentials/credentials_krb5.h"
+#include "librpc/gen_ndr/ndr_samr_c.h"
+#include "param/param.h"
+#include "param/provision.h"
+#include "system/kerberos.h"
+#include "auth/kerberos/kerberos.h"
+
+/*
+ * complete a domain join, when joining to a AD domain:
+ * 1.) connect and bind to the DRSUAPI pipe
+ * 2.) do a DsCrackNames() to find the machine account dn
+ * 3.) connect to LDAP
+ * 4.) do an ldap search to find the "msDS-KeyVersionNumber" of the machine account
+ * 5.) set the servicePrincipalName's of the machine account via LDAP, (maybe we should use DsWriteAccountSpn()...)
+ * 6.) do a DsCrackNames() to find the domain dn
+ * 7.) find out Site specific stuff, look at libnet_JoinSite() for details
+ */
+static NTSTATUS libnet_JoinADSDomain(struct libnet_context *ctx, struct libnet_JoinDomain *r)
+{
+	NTSTATUS status;
+
+	TALLOC_CTX *tmp_ctx;
+
+	const char *realm = r->out.realm;
+
+	const struct dcerpc_binding *samr_binding = r->out.samr_binding;
+
+	struct dcerpc_pipe *drsuapi_pipe;
+	struct dcerpc_binding *drsuapi_binding;
+	enum dcerpc_transport_t transport;
+	struct drsuapi_DsBind r_drsuapi_bind;
+	struct drsuapi_DsCrackNames r_crack_names;
+	struct drsuapi_DsNameString names[1];
+	struct policy_handle drsuapi_bind_handle;
+	struct GUID drsuapi_bind_guid;
+
+	struct ldb_context *remote_ldb;
+	struct ldb_dn *account_dn;
+	const char *account_dn_str;
+	const char *remote_ldb_url;
+	struct ldb_result *res;
+	struct ldb_message *msg;
+
+	int ret, rtn;
+
+	const char * const attrs[] = {
+		"msDS-KeyVersionNumber",
+		"servicePrincipalName",
+		"dNSHostName",
+		"objectGUID",
+		NULL,
+	};
+
+	r->out.error_string = NULL;
+	
+	/* We need to convert between a samAccountName and domain to a
+	 * DN in the directory.  The correct way to do this is with
+	 * DRSUAPI CrackNames */
+
+	/* Fiddle with the bindings, so get to DRSUAPI on
+	 * NCACN_IP_TCP, sealed */
+	tmp_ctx = talloc_named(r, 0, "libnet_JoinADSDomain temp context");  
+	if (!tmp_ctx) {
+		r->out.error_string = NULL;
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	drsuapi_binding = dcerpc_binding_dup(tmp_ctx, samr_binding);
+	if (!drsuapi_binding) {
+		r->out.error_string = NULL;
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	transport = dcerpc_binding_get_transport(drsuapi_binding);
+
+	/* DRSUAPI is only available on IP_TCP, and locally on NCALRPC */
+	if (transport != NCALRPC) {
+		status = dcerpc_binding_set_transport(drsuapi_binding, NCACN_IP_TCP);
+		if (!NT_STATUS_IS_OK(status)) {
+			r->out.error_string = talloc_asprintf(r,
+						"dcerpc_binding_set_transport failed: %s",
+						nt_errstr(status));
+			talloc_free(tmp_ctx);
+			return status;
+		}
+	}
+
+	status = dcerpc_binding_set_string_option(drsuapi_binding, "endpoint", NULL);
+	if (!NT_STATUS_IS_OK(status)) {
+		r->out.error_string = talloc_asprintf(r,
+					"dcerpc_binding_set_string_option failed: %s",
+					nt_errstr(status));
+		talloc_free(tmp_ctx);
+		return status;
+	}
+
+	status = dcerpc_binding_set_flags(drsuapi_binding, DCERPC_SEAL, 0);
+	if (!NT_STATUS_IS_OK(status)) {
+		r->out.error_string = talloc_asprintf(r,
+					"dcerpc_binding_set_flags failed: %s",
+					nt_errstr(status));
+		talloc_free(tmp_ctx);
+		return status;
+	}
+
+	status = dcerpc_pipe_connect_b(tmp_ctx, 
+				       &drsuapi_pipe,
+				       drsuapi_binding,
+				       &ndr_table_drsuapi,
+				       ctx->cred, 
+				       ctx->event_ctx,
+				       ctx->lp_ctx);
+	if (!NT_STATUS_IS_OK(status)) {
+		r->out.error_string = talloc_asprintf(r,
+					"Connection to DRSUAPI pipe of PDC of domain '%s' failed: %s",
+					r->out.domain_name,
+					nt_errstr(status));
+		talloc_free(tmp_ctx);
+		return status;
+	}
+
+	/* get a DRSUAPI pipe handle */
+	GUID_from_string(DRSUAPI_DS_BIND_GUID, &drsuapi_bind_guid);
+
+	r_drsuapi_bind.in.bind_guid = &drsuapi_bind_guid;
+	r_drsuapi_bind.in.bind_info = NULL;
+	r_drsuapi_bind.out.bind_handle = &drsuapi_bind_handle;
+
+	status = dcerpc_drsuapi_DsBind_r(drsuapi_pipe->binding_handle, tmp_ctx, &r_drsuapi_bind);
+	if (!NT_STATUS_IS_OK(status)) {
+		r->out.error_string
+			= talloc_asprintf(r,
+					  "dcerpc_drsuapi_DsBind failed - %s",
+					  nt_errstr(status));
+		talloc_free(tmp_ctx);
+		return status;
+	} else if (!W_ERROR_IS_OK(r_drsuapi_bind.out.result)) {
+		r->out.error_string
+				= talloc_asprintf(r,
+						  "DsBind failed - %s", 
+						  win_errstr(r_drsuapi_bind.out.result));
+			talloc_free(tmp_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	/* Actually 'crack' the names */
+	ZERO_STRUCT(r_crack_names);
+	r_crack_names.in.bind_handle		= &drsuapi_bind_handle;
+	r_crack_names.in.level			= 1;
+	r_crack_names.in.req			= talloc(r, union drsuapi_DsNameRequest);
+	if (!r_crack_names.in.req) {
+		r->out.error_string = NULL;
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+	r_crack_names.in.req->req1.codepage	= 1252; /* western european */
+	r_crack_names.in.req->req1.language	= 0x00000407; /* german */
+	r_crack_names.in.req->req1.count	= 1;
+	r_crack_names.in.req->req1.names	= names;
+	r_crack_names.in.req->req1.format_flags	= DRSUAPI_DS_NAME_FLAG_NO_FLAGS;
+	r_crack_names.in.req->req1.format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY;
+	r_crack_names.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
+	names[0].str = dom_sid_string(tmp_ctx, r->out.account_sid);
+	if (!names[0].str) {
+		r->out.error_string = NULL;
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	r_crack_names.out.ctr			= talloc(r, union drsuapi_DsNameCtr);
+	r_crack_names.out.level_out		= talloc(r, uint32_t);
+	if (!r_crack_names.out.ctr || !r_crack_names.out.level_out) {
+		r->out.error_string = NULL;
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	status = dcerpc_drsuapi_DsCrackNames_r(drsuapi_pipe->binding_handle, tmp_ctx, &r_crack_names);
+	if (!NT_STATUS_IS_OK(status)) {
+		r->out.error_string
+			= talloc_asprintf(r,
+					  "dcerpc_drsuapi_DsCrackNames for [%s] failed - %s",
+					  names[0].str,
+					  nt_errstr(status));
+		talloc_free(tmp_ctx);
+		return status;
+	} else if (!W_ERROR_IS_OK(r_crack_names.out.result)) {
+		r->out.error_string
+				= talloc_asprintf(r,
+						  "DsCrackNames failed - %s", win_errstr(r_crack_names.out.result));
+		talloc_free(tmp_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	} else if (*r_crack_names.out.level_out != 1
+		   || !r_crack_names.out.ctr->ctr1
+		   || r_crack_names.out.ctr->ctr1->count != 1) {
+		r->out.error_string = talloc_asprintf(r, "DsCrackNames failed");
+		talloc_free(tmp_ctx);
+		return NT_STATUS_INVALID_PARAMETER;
+	} else if (r_crack_names.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
+		r->out.error_string = talloc_asprintf(r, "DsCrackNames failed: %d", r_crack_names.out.ctr->ctr1->array[0].status);
+		talloc_free(tmp_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	} else if (r_crack_names.out.ctr->ctr1->array[0].result_name == NULL) {
+		r->out.error_string = talloc_asprintf(r, "DsCrackNames failed: no result name");
+		talloc_free(tmp_ctx);
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/* Store the DN of our machine account. */
+	account_dn_str = r_crack_names.out.ctr->ctr1->array[0].result_name;
+
+	/* Now we know the user's DN, open with LDAP, read and modify a few things */
+
+	remote_ldb_url = talloc_asprintf(tmp_ctx, "ldap://%s", 
+		dcerpc_binding_get_string_option(drsuapi_binding, "target_hostname"));
+	if (!remote_ldb_url) {
+		r->out.error_string = NULL;
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	remote_ldb = ldb_wrap_connect(tmp_ctx, ctx->event_ctx, ctx->lp_ctx,
+				      remote_ldb_url, 
+				      NULL, ctx->cred, 0);
+	if (!remote_ldb) {
+		r->out.error_string = NULL;
+		talloc_free(tmp_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	account_dn = ldb_dn_new(tmp_ctx, remote_ldb, account_dn_str);
+	if (account_dn == NULL) {
+		r->out.error_string = talloc_asprintf(r, "Invalid account dn: %s",
+						      account_dn_str);
+		talloc_free(tmp_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	/* search for the user's record */
+	ret = ldb_search(remote_ldb, tmp_ctx, &res,
+			 account_dn, LDB_SCOPE_BASE, attrs, NULL);
+	if (ret != LDB_SUCCESS) {
+		r->out.error_string = talloc_asprintf(r, "ldb_search for %s failed - %s",
+						      account_dn_str, ldb_errstring(remote_ldb));
+		talloc_free(tmp_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	if (res->count != 1) {
+		r->out.error_string = talloc_asprintf(r, "ldb_search for %s failed - found %d entries",
+						      account_dn_str, res->count);
+		talloc_free(tmp_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	/* Prepare a new message, for the modify */
+	msg = ldb_msg_new(tmp_ctx);
+	if (!msg) {
+		r->out.error_string = NULL;
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+	msg->dn = res->msgs[0]->dn;
+
+	{
+		unsigned int i;
+		const char *service_principal_name[2];
+		const char *dns_host_name = strlower_talloc(msg,
+							    talloc_asprintf(msg, 
+									    "%s.%s", 
+									    r->in.netbios_name, 
+									    realm));
+
+		if (!dns_host_name) {
+			r->out.error_string = NULL;
+			talloc_free(tmp_ctx);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		service_principal_name[0] = talloc_asprintf(msg, "HOST/%s",
+							    dns_host_name);
+		service_principal_name[1] = talloc_asprintf(msg, "HOST/%s",
+							    r->in.netbios_name);
+		
+		for (i=0; i < ARRAY_SIZE(service_principal_name); i++) {
+			if (!service_principal_name[i]) {
+				r->out.error_string = NULL;
+				talloc_free(tmp_ctx);
+				return NT_STATUS_NO_MEMORY;
+			}
+			rtn = ldb_msg_add_string(msg, "servicePrincipalName",
+						 service_principal_name[i]);
+			if (rtn != LDB_SUCCESS) {
+				r->out.error_string = NULL;
+				talloc_free(tmp_ctx);
+				return NT_STATUS_NO_MEMORY;
+			}
+		}
+
+		rtn = ldb_msg_add_string(msg, "dNSHostName", dns_host_name);
+		if (rtn != LDB_SUCCESS) {
+			r->out.error_string = NULL;
+			talloc_free(tmp_ctx);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		rtn = dsdb_replace(remote_ldb, msg, 0);
+		if (rtn != LDB_SUCCESS) {
+			r->out.error_string
+				= talloc_asprintf(r, 
+						  "Failed to replace entries on %s", 
+						  ldb_dn_get_linearized(msg->dn));
+			talloc_free(tmp_ctx);
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+	}
+				
+	msg = ldb_msg_new(tmp_ctx);
+	if (!msg) {
+		r->out.error_string = NULL;
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+	msg->dn = res->msgs[0]->dn;
+
+	rtn = samdb_msg_add_uint(remote_ldb, msg, msg,
+				 "msDS-SupportedEncryptionTypes", ENC_ALL_TYPES);
+	if (rtn != LDB_SUCCESS) {
+		r->out.error_string = NULL;
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	rtn = dsdb_replace(remote_ldb, msg, 0);
+	/* The remote server may not support this attribute, if it
+	 * isn't a modern schema */
+	if (rtn != LDB_SUCCESS && rtn != LDB_ERR_NO_SUCH_ATTRIBUTE) {
+		r->out.error_string
+			= talloc_asprintf(r,
+					  "Failed to replace msDS-SupportedEncryptionTypes on %s",
+					  ldb_dn_get_linearized(msg->dn));
+		talloc_free(tmp_ctx);
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	/* DsCrackNames to find out the DN of the domain. */
+	r_crack_names.in.req->req1.format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
+	r_crack_names.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
+	names[0].str = talloc_asprintf(tmp_ctx, "%s\\", r->out.domain_name);
+	if (!names[0].str) {
+		r->out.error_string = NULL;
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	status = dcerpc_drsuapi_DsCrackNames_r(drsuapi_pipe->binding_handle, tmp_ctx, &r_crack_names);
+	if (!NT_STATUS_IS_OK(status)) {
+		r->out.error_string
+			= talloc_asprintf(r,
+					  "dcerpc_drsuapi_DsCrackNames for [%s] failed - %s",
+					  r->in.domain_name,
+					  nt_errstr(status));
+		talloc_free(tmp_ctx);
+		return status;
+	} else if (!W_ERROR_IS_OK(r_crack_names.out.result)) {
+		r->out.error_string
+			= talloc_asprintf(r,
+					  "DsCrackNames failed - %s", win_errstr(r_crack_names.out.result));
+		talloc_free(tmp_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	} else if (*r_crack_names.out.level_out != 1
+		   || !r_crack_names.out.ctr->ctr1
+		   || r_crack_names.out.ctr->ctr1->count != 1
+		   || !r_crack_names.out.ctr->ctr1->array[0].result_name
+		   || r_crack_names.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
+		r->out.error_string = talloc_asprintf(r, "DsCrackNames failed");
+		talloc_free(tmp_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	/* Store the account DN. */
+	r->out.account_dn_str = account_dn_str;
+	talloc_steal(r, account_dn_str);
+
+	/* Store the domain DN. */
+	r->out.domain_dn_str = r_crack_names.out.ctr->ctr1->array[0].result_name;
+	talloc_steal(r, r_crack_names.out.ctr->ctr1->array[0].result_name);
+
+	/* Store the KVNO of the account, critical for some kerberos
+	 * operations */
+	r->out.kvno = ldb_msg_find_attr_as_uint(res->msgs[0], "msDS-KeyVersionNumber", 0);
+
+	/* Store the account GUID. */
+	r->out.account_guid = samdb_result_guid(res->msgs[0], "objectGUID");
+
+	if (r->in.acct_type == ACB_SVRTRUST) {
+		status = libnet_JoinSite(ctx, remote_ldb, r);
+	}
+	talloc_free(tmp_ctx);
+
+	return status;
+}
+
+/*
+ * do a domain join using DCERPC/SAMR calls
+ * - connect to the LSA pipe, to try and find out information about the domain
+ * - create a secondary connection to SAMR pipe
+ * - do a samr_Connect to get a policy handle
+ * - do a samr_LookupDomain to get the domain sid
+ * - do a samr_OpenDomain to get a domain handle
+ * - do a samr_CreateAccount to try and get a new account 
+ * 
+ * If that fails, do:
+ * - do a samr_LookupNames to get the users rid
+ * - do a samr_OpenUser to get a user handle
+ * - potentially delete and recreate the user
+ * - assert the account is of the right type with samrQueryUserInfo
+ * 
+ * - call libnet_SetPassword_samr_handle to set the password,
+ *   and pass a samr_UserInfo21 struct to set full_name and the account flags
+ *
+ * - do some ADS specific things when we join as Domain Controller,
+ *    look at libnet_joinADSDomain() for the details
+ */
+NTSTATUS libnet_JoinDomain(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_JoinDomain *r)
+{
+	TALLOC_CTX *tmp_ctx;
+
+	NTSTATUS status, cu_status;
+
+	struct libnet_RpcConnect *connect_with_info;
+	struct dcerpc_pipe *samr_pipe;
+
+	struct samr_Connect sc;
+	struct policy_handle p_handle;
+	struct samr_OpenDomain od;
+	struct policy_handle d_handle;
+	struct samr_LookupNames ln;
+	struct samr_Ids rids, types;
+	struct samr_OpenUser ou;
+	struct samr_CreateUser2 cu;
+	struct policy_handle *u_handle = NULL;
+	struct samr_QueryUserInfo qui;
+	union samr_UserInfo *uinfo;
+	struct samr_UserInfo21 u_info21;
+	union libnet_SetPassword r2;
+	struct samr_GetUserPwInfo pwp;
+	struct samr_PwInfo info;
+	struct lsa_String samr_account_name;
+	
+	uint32_t acct_flags, old_acct_flags;
+	uint32_t rid, access_granted;
+	int policy_min_pw_len = 0;
+
+	struct dom_sid *account_sid = NULL;
+	const char *password_str = NULL;
+	
+	r->out.error_string = NULL;
+	ZERO_STRUCT(r2);
+
+	tmp_ctx = talloc_named(mem_ctx, 0, "libnet_Join temp context");
+	if (!tmp_ctx) {
+		r->out.error_string = NULL;
+		return NT_STATUS_NO_MEMORY;
+	}
+	
+	u_handle = talloc(tmp_ctx, struct policy_handle);
+	if (!u_handle) {
+		r->out.error_string = NULL;
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+	
+	connect_with_info = talloc_zero(tmp_ctx, struct libnet_RpcConnect);
+	if (!connect_with_info) {
+		r->out.error_string = NULL;
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* prepare connect to the SAMR pipe of PDC */
+	if (r->in.level == LIBNET_JOINDOMAIN_AUTOMATIC) {
+		connect_with_info->in.binding = NULL;
+		connect_with_info->in.name    = r->in.domain_name;
+	} else {
+		connect_with_info->in.binding = r->in.binding;
+		connect_with_info->in.name    = NULL;
+	}
+
+	/* This level makes a connection to the LSA pipe on the way,
+	 * to get some useful bits of information about the domain */
+	connect_with_info->level              = LIBNET_RPC_CONNECT_DC_INFO;
+	connect_with_info->in.dcerpc_iface    = &ndr_table_samr;
+
+	/*
+	  establish the SAMR connection
+	*/
+	status = libnet_RpcConnect(ctx, tmp_ctx, connect_with_info);
+	if (!NT_STATUS_IS_OK(status)) {
+		if (r->in.binding) {
+			r->out.error_string = talloc_asprintf(mem_ctx,
+							      "Connection to SAMR pipe of DC %s failed: %s",
+							      r->in.binding, connect_with_info->out.error_string);
+		} else {
+			r->out.error_string = talloc_asprintf(mem_ctx,
+							      "Connection to SAMR pipe of PDC for %s failed: %s",
+							      r->in.domain_name, connect_with_info->out.error_string);
+		}
+		talloc_free(tmp_ctx);
+		return status;
+	}
+
+	samr_pipe = connect_with_info->out.dcerpc_pipe;
+
+	/* prepare samr_Connect */
+	ZERO_STRUCT(p_handle);
+	sc.in.system_name = NULL;
+	sc.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	sc.out.connect_handle = &p_handle;
+
+	/* 2. do a samr_Connect to get a policy handle */
+	status = dcerpc_samr_Connect_r(samr_pipe->binding_handle, tmp_ctx, &sc);
+	if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(sc.out.result)) {
+		status = sc.out.result;
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		r->out.error_string = talloc_asprintf(mem_ctx,
+						"samr_Connect failed: %s",
+						nt_errstr(status));
+		talloc_free(tmp_ctx);
+		return status;
+	}
+
+	/* If this is a connection on ncacn_ip_tcp to Win2k3 SP1, we don't get back this useful info */
+	if (!connect_with_info->out.domain_name) {
+		if (r->in.level == LIBNET_JOINDOMAIN_AUTOMATIC) {
+			connect_with_info->out.domain_name = talloc_strdup(tmp_ctx, r->in.domain_name);
+		} else {
+			/* Bugger, we just lost our way to automatically find the domain name */
+			connect_with_info->out.domain_name = talloc_strdup(tmp_ctx, lpcfg_workgroup(ctx->lp_ctx));
+			connect_with_info->out.realm = talloc_strdup(tmp_ctx, lpcfg_realm(ctx->lp_ctx));
+		}
+	}
+
+	/* Perhaps we didn't get a SID above, because we are against ncacn_ip_tcp */
+	if (!connect_with_info->out.domain_sid) {
+		struct lsa_String name;
+		struct samr_LookupDomain l;
+		struct dom_sid2 *sid = NULL;
+		name.string = connect_with_info->out.domain_name;
+		l.in.connect_handle = &p_handle;
+		l.in.domain_name = &name;
+		l.out.sid = &sid;
+		
+		status = dcerpc_samr_LookupDomain_r(samr_pipe->binding_handle, tmp_ctx, &l);
+		if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(l.out.result)) {
+			status = l.out.result;
+		}
+		if (!NT_STATUS_IS_OK(status)) {
+			r->out.error_string = talloc_asprintf(mem_ctx,
+							      "SAMR LookupDomain failed: %s",
+							      nt_errstr(status));
+			talloc_free(tmp_ctx);
+			return status;
+		}
+		connect_with_info->out.domain_sid = *l.out.sid;
+	}
+
+	/* prepare samr_OpenDomain */
+	ZERO_STRUCT(d_handle);
+	od.in.connect_handle = &p_handle;
+	od.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	od.in.sid = connect_with_info->out.domain_sid;
+	od.out.domain_handle = &d_handle;
+
+	/* do a samr_OpenDomain to get a domain handle */
+	status = dcerpc_samr_OpenDomain_r(samr_pipe->binding_handle, tmp_ctx, &od);
+	if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(od.out.result)) {
+		status = od.out.result;
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		struct dom_sid_buf buf;
+		r->out.error_string = talloc_asprintf(
+			mem_ctx,
+			"samr_OpenDomain for [%s] failed: %s",
+			dom_sid_str_buf(connect_with_info->out.domain_sid,
+					&buf),
+			nt_errstr(status));
+		talloc_free(tmp_ctx);
+		return status;
+	}
+	
+	/* prepare samr_CreateUser2 */
+	ZERO_STRUCTP(u_handle);
+	cu.in.domain_handle  = &d_handle;
+	cu.in.access_mask     = SEC_FLAG_MAXIMUM_ALLOWED;
+	samr_account_name.string = r->in.account_name;
+	cu.in.account_name    = &samr_account_name;
+	cu.in.acct_flags      = r->in.acct_type;
+	cu.out.user_handle    = u_handle;
+	cu.out.rid            = &rid;
+	cu.out.access_granted = &access_granted;
+
+	/* do a samr_CreateUser2 to get an account handle, or an error */
+	cu_status = dcerpc_samr_CreateUser2_r(samr_pipe->binding_handle, tmp_ctx, &cu);
+	if (NT_STATUS_IS_OK(cu_status) && !NT_STATUS_IS_OK(cu.out.result)) {
+		cu_status = cu.out.result;
+	}
+	status = cu_status;
+	if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
+		/* prepare samr_LookupNames */
+		ln.in.domain_handle = &d_handle;
+		ln.in.num_names = 1;
+		ln.in.names = talloc_array(tmp_ctx, struct lsa_String, 1);
+		ln.out.rids = &rids;
+		ln.out.types = &types;
+		if (!ln.in.names) {
+			r->out.error_string = NULL;
+			talloc_free(tmp_ctx);
+			return NT_STATUS_NO_MEMORY;
+		}
+		ln.in.names[0].string = r->in.account_name;
+		
+		/* 5. do a samr_LookupNames to get the users rid */
+		status = dcerpc_samr_LookupNames_r(samr_pipe->binding_handle, tmp_ctx, &ln);
+		if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(ln.out.result)) {
+			status = ln.out.result;
+		}
+		if (!NT_STATUS_IS_OK(status)) {
+			r->out.error_string = talloc_asprintf(mem_ctx,
+						"samr_LookupNames for [%s] failed: %s",
+						r->in.account_name,
+						nt_errstr(status));
+			talloc_free(tmp_ctx);
+			return status;
+		}
+		
+		/* check if we got one RID for the user */
+		if (ln.out.rids->count != 1) {
+			r->out.error_string = talloc_asprintf(mem_ctx,
+							      "samr_LookupNames for [%s] returns %d RIDs",
+							      r->in.account_name, ln.out.rids->count);
+			talloc_free(tmp_ctx);
+			return NT_STATUS_INVALID_NETWORK_RESPONSE;
+		}
+
+		if (ln.out.types->count != 1) {
+			r->out.error_string = talloc_asprintf(mem_ctx,
+								"samr_LookupNames for [%s] returns %d RID TYPEs",
+								r->in.account_name, ln.out.types->count);
+			talloc_free(tmp_ctx);
+			return NT_STATUS_INVALID_NETWORK_RESPONSE;
+		}
+
+		/* prepare samr_OpenUser */
+		ZERO_STRUCTP(u_handle);
+		ou.in.domain_handle = &d_handle;
+		ou.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+		ou.in.rid = ln.out.rids->ids[0];
+		rid = ou.in.rid;
+		ou.out.user_handle = u_handle;
+		
+		/* 6. do a samr_OpenUser to get a user handle */
+		status = dcerpc_samr_OpenUser_r(samr_pipe->binding_handle, tmp_ctx, &ou);
+		if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(ou.out.result)) {
+			status = ou.out.result;
+		}
+		if (!NT_STATUS_IS_OK(status)) {
+			r->out.error_string = talloc_asprintf(mem_ctx,
+							"samr_OpenUser for [%s] failed: %s",
+							r->in.account_name,
+							nt_errstr(status));
+			talloc_free(tmp_ctx);
+			return status;
+		}
+
+		if (r->in.recreate_account) {
+			struct samr_DeleteUser d;
+			d.in.user_handle = u_handle;
+			d.out.user_handle = u_handle;
+			status = dcerpc_samr_DeleteUser_r(samr_pipe->binding_handle, mem_ctx, &d);
+			if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(d.out.result)) {
+				status = d.out.result;
+			}
+			if (!NT_STATUS_IS_OK(status)) {
+				r->out.error_string = talloc_asprintf(mem_ctx,
+								      "samr_DeleteUser (for recreate) of [%s] failed: %s",
+								      r->in.account_name,
+								      nt_errstr(status));
+				talloc_free(tmp_ctx);
+				return status;
+			}
+
+			/* We want to recreate, so delete and another samr_CreateUser2 */
+			
+			/* &cu filled in above */
+			status = dcerpc_samr_CreateUser2_r(samr_pipe->binding_handle, tmp_ctx, &cu);
+			if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(cu.out.result)) {
+				status = cu.out.result;
+			}
+			if (!NT_STATUS_IS_OK(status)) {
+				r->out.error_string = talloc_asprintf(mem_ctx,
+								      "samr_CreateUser2 (recreate) for [%s] failed: %s",
+								      r->in.account_name, nt_errstr(status));
+				talloc_free(tmp_ctx);
+				return status;
+			}
+		}
+	} else if (!NT_STATUS_IS_OK(status)) {
+		r->out.error_string = talloc_asprintf(mem_ctx,
+						      "samr_CreateUser2 for [%s] failed: %s",
+						      r->in.account_name, nt_errstr(status));
+		talloc_free(tmp_ctx);
+		return status;
+	}
+
+	/* prepare samr_QueryUserInfo (get flags) */
+	qui.in.user_handle = u_handle;
+	qui.in.level = 16;
+	qui.out.info = &uinfo;
+	
+	status = dcerpc_samr_QueryUserInfo_r(samr_pipe->binding_handle, tmp_ctx, &qui);
+	if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(qui.out.result)) {
+		status = qui.out.result;
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		r->out.error_string = talloc_asprintf(mem_ctx,
+						"samr_QueryUserInfo for [%s] failed: %s",
+						r->in.account_name,
+						nt_errstr(status));
+		talloc_free(tmp_ctx);
+		return status;
+	}
+	
+	if (!uinfo) {
+		status = NT_STATUS_INVALID_PARAMETER;
+		r->out.error_string
+			= talloc_asprintf(mem_ctx,
+					  "samr_QueryUserInfo failed to return qui.out.info for [%s]: %s",
+					  r->in.account_name, nt_errstr(status));
+		talloc_free(tmp_ctx);
+		return status;
+	}
+
+	old_acct_flags = (uinfo->info16.acct_flags & (ACB_WSTRUST | ACB_SVRTRUST | ACB_DOMTRUST));
+	/* Possibly bail if the account is of the wrong type */
+	if (old_acct_flags
+	    != r->in.acct_type) {
+		const char *old_account_type, *new_account_type;
+		switch (old_acct_flags) {
+		case ACB_WSTRUST:
+			old_account_type = "domain member (member)";
+			break;
+		case ACB_SVRTRUST:
+			old_account_type = "domain controller (bdc)";
+			break;
+		case ACB_DOMTRUST:
+			old_account_type = "trusted domain";
+			break;
+		default:
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+		switch (r->in.acct_type) {
+		case ACB_WSTRUST:
+			new_account_type = "domain member (member)";
+			break;
+		case ACB_SVRTRUST:
+			new_account_type = "domain controller (bdc)";
+			break;
+		case ACB_DOMTRUST:
+			new_account_type = "trusted domain";
+			break;
+		default:
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		if (!NT_STATUS_EQUAL(cu_status, NT_STATUS_USER_EXISTS)) {
+			/* We created a new user, but they didn't come out the right type?!? */
+			r->out.error_string
+				= talloc_asprintf(mem_ctx,
+						  "We asked to create a new machine account (%s) of type %s, "
+						  "but we got an account of type %s.  This is unexpected.  "
+						  "Perhaps delete the account and try again.",
+						  r->in.account_name, new_account_type, old_account_type);
+			talloc_free(tmp_ctx);
+			return NT_STATUS_INVALID_PARAMETER;
+		} else {
+			/* The account is of the wrong type, so bail */
+
+			/* TODO: We should allow a --force option to override, and redo this from the top setting r.in.recreate_account */
+			r->out.error_string
+				= talloc_asprintf(mem_ctx,
+						  "The machine account (%s) already exists in the domain %s, "
+						  "but is a %s.  You asked to join as a %s.  Please delete "
+						  "the account and try again.",
+						  r->in.account_name, connect_with_info->out.domain_name, old_account_type, new_account_type);
+			talloc_free(tmp_ctx);
+			return NT_STATUS_USER_EXISTS;
+		}
+	} else {
+		acct_flags = uinfo->info16.acct_flags;
+	}
+	
+	acct_flags = (acct_flags & ~(ACB_DISABLED|ACB_PWNOTREQ));
+
+	/* Find out what password policy this user has */
+	pwp.in.user_handle = u_handle;
+	pwp.out.info = &info;
+
+	status = dcerpc_samr_GetUserPwInfo_r(samr_pipe->binding_handle, tmp_ctx, &pwp);
+	if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(pwp.out.result)) {
+		status = pwp.out.result;
+	}
+	if (NT_STATUS_IS_OK(status)) {
+		policy_min_pw_len = pwp.out.info->min_password_length;
+	}
+
+	if (r->in.account_pass != NULL) {
+		password_str = talloc_strdup(tmp_ctx, r->in.account_pass);
+	} else {
+		/* Grab a password of that minimum length */
+		password_str = generate_random_password(tmp_ctx,
+					MAX(8, policy_min_pw_len), 255);
+	}
+	if (!password_str) {
+		r->out.error_string = NULL;
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* set full_name and reset flags */
+	ZERO_STRUCT(u_info21);
+	u_info21.full_name.string	= r->in.account_name;
+	u_info21.acct_flags		= acct_flags;
+	u_info21.fields_present		= SAMR_FIELD_FULL_NAME | SAMR_FIELD_ACCT_FLAGS;
+
+	r2.samr_handle.level		= LIBNET_SET_PASSWORD_SAMR_HANDLE;
+	r2.samr_handle.in.account_name	= r->in.account_name;
+	r2.samr_handle.in.newpassword	= password_str;
+	r2.samr_handle.in.user_handle   = u_handle;
+	r2.samr_handle.in.dcerpc_pipe   = samr_pipe;
+	r2.samr_handle.in.info21	= &u_info21;
+
+	status = libnet_SetPassword(ctx, tmp_ctx, &r2);	
+	if (!NT_STATUS_IS_OK(status)) {
+		r->out.error_string = talloc_steal(mem_ctx, r2.samr_handle.out.error_string);
+		talloc_free(tmp_ctx);
+		return status;
+	}
+
+	account_sid = dom_sid_add_rid(mem_ctx, connect_with_info->out.domain_sid, rid);
+	if (!account_sid) {
+		r->out.error_string = NULL;
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* Finish out by pushing various bits of status data out for the caller to use */
+	r->out.join_password = password_str;
+	talloc_steal(mem_ctx, r->out.join_password);
+
+	r->out.domain_sid = connect_with_info->out.domain_sid;
+	talloc_steal(mem_ctx, r->out.domain_sid);
+
+	r->out.account_sid = account_sid;
+	talloc_steal(mem_ctx, r->out.account_sid);
+
+	r->out.domain_name = connect_with_info->out.domain_name;
+	talloc_steal(mem_ctx, r->out.domain_name);
+	r->out.realm = connect_with_info->out.realm;
+	talloc_steal(mem_ctx, r->out.realm);
+	r->out.samr_pipe = samr_pipe;
+	talloc_reparent(tmp_ctx, mem_ctx, samr_pipe);
+	r->out.samr_binding = samr_pipe->binding;
+	r->out.user_handle = u_handle;
+	talloc_steal(mem_ctx, u_handle);
+	r->out.error_string = r2.samr_handle.out.error_string;
+	talloc_steal(mem_ctx, r2.samr_handle.out.error_string);
+	r->out.kvno = 0;
+	r->out.server_dn_str = NULL;
+	talloc_free(tmp_ctx); 
+
+	/* Now, if it was AD, then we want to start looking changing a
+	 * few more things.  Otherwise, we are done. */
+	if (r->out.realm) {
+		status = libnet_JoinADSDomain(ctx, r);
+		return status;
+	}
+
+	return status;
+}
+
+NTSTATUS libnet_Join_member(struct libnet_context *ctx,
+			    TALLOC_CTX *mem_ctx,
+			    struct libnet_Join_member *r)
+{
+	NTSTATUS status;
+	TALLOC_CTX *tmp_mem;
+	struct libnet_JoinDomain *r2;
+	struct provision_store_self_join_settings *set_secrets;
+	uint32_t acct_type = 0;
+	const char *account_name;
+	const char *netbios_name;
+	const char *error_string = NULL;
+
+	r->out.error_string = NULL;
+
+	tmp_mem = talloc_new(mem_ctx);
+	if (!tmp_mem) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	r2 = talloc_zero(tmp_mem, struct libnet_JoinDomain);
+	if (!r2) {
+		status = NT_STATUS_NO_MEMORY;
+		goto out;
+	}
+
+	acct_type = ACB_WSTRUST;
+
+	if (r->in.netbios_name != NULL) {
+		netbios_name = r->in.netbios_name;
+	} else {
+		netbios_name = talloc_strdup(tmp_mem, lpcfg_netbios_name(ctx->lp_ctx));
+		if (!netbios_name) {
+			status = NT_STATUS_NO_MEMORY;
+			goto out;
+		}
+	}
+
+	account_name = talloc_asprintf(tmp_mem, "%s$", netbios_name);
+	if (!account_name) {
+		status = NT_STATUS_NO_MEMORY;
+		goto out;
+	}
+
+	/*
+	 * join the domain
+	 */
+	r2->in.domain_name	= r->in.domain_name;
+	r2->in.account_name	= account_name;
+	r2->in.netbios_name	= netbios_name;
+	r2->in.level		= LIBNET_JOINDOMAIN_AUTOMATIC;
+	r2->in.acct_type	= acct_type;
+	r2->in.recreate_account = false;
+	r2->in.account_pass	= r->in.account_pass;
+	status = libnet_JoinDomain(ctx, r2, r2);
+	if (!NT_STATUS_IS_OK(status)) {
+		r->out.error_string = talloc_steal(mem_ctx, r2->out.error_string);
+		goto out;
+	}
+
+	set_secrets = talloc_zero(tmp_mem,
+				  struct provision_store_self_join_settings);
+	if (!set_secrets) {
+		status = NT_STATUS_NO_MEMORY;
+		goto out;
+	}
+
+	set_secrets->domain_name = r2->out.domain_name;
+	set_secrets->realm = r2->out.realm;
+	set_secrets->netbios_name = netbios_name;
+	set_secrets->secure_channel_type = SEC_CHAN_WKSTA;
+	set_secrets->machine_password = r2->out.join_password;
+	set_secrets->key_version_number = r2->out.kvno;
+	set_secrets->domain_sid = r2->out.domain_sid;
+
+	status = provision_store_self_join(ctx, ctx->lp_ctx, ctx->event_ctx, set_secrets, &error_string);
+	if (!NT_STATUS_IS_OK(status)) {
+		if (error_string) {
+			r->out.error_string = talloc_steal(mem_ctx, error_string);
+		} else {
+			r->out.error_string
+				= talloc_asprintf(mem_ctx,
+						  "provision_store_self_join failed with %s",
+						  nt_errstr(status));
+		}
+		goto out;
+	}
+
+	/* move all out parameter to the callers TALLOC_CTX */
+	r->out.join_password	= talloc_move(mem_ctx, &r2->out.join_password);
+	r->out.domain_sid	= talloc_move(mem_ctx, &r2->out.domain_sid);
+	r->out.domain_name      = talloc_move(mem_ctx, &r2->out.domain_name);
+	status = NT_STATUS_OK;
+out:
+	talloc_free(tmp_mem);
+	return status;
+}
+
diff --git a/source4/libnet/libnet_join.h b/source4/libnet/libnet_join.h
new file mode 100644
index 0000000..c8a4a40
--- /dev/null
+++ b/source4/libnet/libnet_join.h
@@ -0,0 +1,101 @@
+/* 
+   Unix SMB/CIFS implementation.
+   
+   Copyright (C) Stefan Metzmacher	2004
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
+   Copyright (C) Brad Henry 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __LIBNET_JOIN_H__
+#define __LIBNET_JOIN_H__
+
+#include "librpc/gen_ndr/netlogon.h"
+
+enum libnet_Join_level {
+	LIBNET_JOIN_AUTOMATIC,
+	LIBNET_JOIN_SPECIFIED,
+};
+
+enum libnet_JoinDomain_level {
+	LIBNET_JOINDOMAIN_AUTOMATIC,
+	LIBNET_JOINDOMAIN_SPECIFIED,
+};
+
+struct libnet_JoinDomain {
+	struct {
+		const char *domain_name;
+		const char *account_name;
+		const char *netbios_name;
+		const char *binding;
+		enum libnet_JoinDomain_level level;
+		uint32_t  acct_type;
+		bool recreate_account;
+		const char *account_pass;
+	} in;
+
+	struct {
+		const char *error_string;
+		const char *join_password;
+		struct dom_sid *domain_sid;
+		const char *domain_name;
+		const char *realm;
+		const char *domain_dn_str;
+		const char *account_dn_str;
+		const char *server_dn_str;
+		uint32_t kvno; /* msDS-KeyVersionNumber */
+		struct dcerpc_pipe *samr_pipe;
+		const struct dcerpc_binding *samr_binding;
+		struct policy_handle *user_handle;
+		struct dom_sid *account_sid;
+		struct GUID account_guid;
+	} out;
+};
+
+struct libnet_Join_member {
+	struct {
+		const char *domain_name;
+		const char *netbios_name;
+		enum libnet_Join_level level;
+		const char *account_pass;
+	} in;
+	
+	struct {
+		const char *error_string;
+		const char *join_password;
+		struct dom_sid *domain_sid;
+		const char *domain_name;
+	} out;
+};
+
+struct libnet_set_join_secrets {
+	struct {
+		const char *domain_name;
+		const char *realm;
+		const char *netbios_name;
+		const char *account_name;
+		enum netr_SchannelType join_type;
+		const char *join_password;
+		int kvno;
+		struct dom_sid *domain_sid;
+	} in;
+	
+	struct {
+		const char *error_string;
+	} out;
+};
+
+
+#endif /* __LIBNET_JOIN_H__ */
diff --git a/source4/libnet/libnet_lookup.c b/source4/libnet/libnet_lookup.c
new file mode 100644
index 0000000..63ce601
--- /dev/null
+++ b/source4/libnet/libnet_lookup.c
@@ -0,0 +1,448 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Rafal Szczesniak 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+  a composite function for name resolving
+*/
+
+#include "includes.h"
+#include "libnet/libnet.h"
+#include "libcli/composite/composite.h"
+#include "auth/credentials/credentials.h"
+#include "libcli/resolve/resolve.h"
+#include "libcli/finddc.h"
+#include "libcli/security/security.h"
+#include "librpc/gen_ndr/ndr_lsa_c.h"
+#include "param/param.h"
+
+struct lookup_state {
+	struct nbt_name hostname;
+	const char *address;
+};
+
+
+static void continue_name_resolved(struct composite_context *ctx);
+
+
+/**
+ * Sends asynchronous Lookup request
+ *
+ * @param io arguments and result of the call
+ */
+
+struct composite_context *libnet_Lookup_send(struct libnet_context *ctx,
+					     TALLOC_CTX *mem_ctx,
+					     struct libnet_Lookup *io)
+{
+	struct composite_context *c;
+	struct lookup_state *s;
+	struct composite_context *cresolve_req;
+	struct resolve_context *resolve_ctx;
+
+	/* allocate context and state structures */
+	c = composite_create(mem_ctx, ctx->event_ctx);
+	if (c == NULL) return NULL;
+
+	s = talloc_zero(c, struct lookup_state);
+	if (composite_nomem(s, c)) return c;
+
+	c->private_data	= s;
+
+	if (io == NULL || io->in.hostname == NULL) {
+		composite_error(c, NT_STATUS_INVALID_PARAMETER);
+		return c;
+	}
+
+	/* parameters */
+	s->hostname.name   = talloc_strdup(s, io->in.hostname);
+	if (composite_nomem(s->hostname.name, c)) return c;
+
+	s->hostname.type   = io->in.type;
+	s->hostname.scope  = NULL;
+
+	/* name resolution methods */
+	if (io->in.resolve_ctx) {
+		resolve_ctx = io->in.resolve_ctx;
+	} else {
+		resolve_ctx = ctx->resolve_ctx;
+	}
+
+	/* send resolve request */
+	cresolve_req = resolve_name_send(resolve_ctx, s, &s->hostname, c->event_ctx);
+	if (composite_nomem(cresolve_req, c)) return c;
+
+	composite_continue(c, cresolve_req, continue_name_resolved, c);
+	return c;
+}
+
+
+static void continue_name_resolved(struct composite_context *ctx)
+{
+	struct composite_context *c;
+	struct lookup_state *s;
+
+	c = talloc_get_type(ctx->async.private_data, struct composite_context);
+	s = talloc_get_type(c->private_data, struct lookup_state);
+
+	c->status = resolve_name_recv(ctx, s, &s->address);
+	
+	composite_done(c);
+}
+
+
+/**
+ * Waits for and receives results of asynchronous Lookup call
+ *
+ * @param c composite context returned by asynchronous Lookup call
+ * @param mem_ctx memory context of the call
+ * @param io pointer to results (and arguments) of the call
+ * @return nt status code of execution
+ */
+
+NTSTATUS libnet_Lookup_recv(struct composite_context *c, TALLOC_CTX *mem_ctx,
+			    struct libnet_Lookup *io)
+{
+	NTSTATUS status;
+	struct lookup_state *s;
+
+	status = composite_wait(c);
+	if (NT_STATUS_IS_OK(status)) {
+		char **address;
+
+		s = talloc_get_type(c->private_data, struct lookup_state);
+
+		address = str_list_make_single(mem_ctx, s->address);
+		NT_STATUS_HAVE_NO_MEMORY(address);
+		io->out.address = discard_const_p(const char *, address);
+	}
+
+	talloc_free(c);
+	return status;
+}
+
+
+/**
+ * Synchronous version of Lookup call
+ *
+ * @param mem_ctx memory context for the call
+ * @param io arguments and results of the call
+ * @return nt status code of execution
+ */
+
+NTSTATUS libnet_Lookup(struct libnet_context *ctx, TALLOC_CTX *mem_ctx,
+		       struct libnet_Lookup *io)
+{
+	struct composite_context *c = libnet_Lookup_send(ctx, mem_ctx, io);
+	return libnet_Lookup_recv(c, mem_ctx, io);
+}
+
+
+/*
+ * Shortcut functions to find common types of name
+ * (and skip nbt name type argument)
+ */
+
+
+/**
+ * Sends asynchronous LookupHost request
+ */
+struct composite_context* libnet_LookupHost_send(struct libnet_context *ctx,
+						 TALLOC_CTX *mem_ctx,
+						 struct libnet_Lookup *io)
+{
+	io->in.type = NBT_NAME_SERVER;
+	return libnet_Lookup_send(ctx, mem_ctx, io);
+}
+
+
+
+/**
+ * Synchronous version of LookupHost call
+ */
+NTSTATUS libnet_LookupHost(struct libnet_context *ctx, TALLOC_CTX *mem_ctx,
+			   struct libnet_Lookup *io)
+{
+	struct composite_context *c = libnet_LookupHost_send(ctx, mem_ctx, io);
+	return libnet_Lookup_recv(c, mem_ctx, io);
+}
+
+
+/**
+ * Sends asynchronous LookupDCs request
+ */
+struct tevent_req *libnet_LookupDCs_send(struct libnet_context *ctx,
+					 TALLOC_CTX *mem_ctx,
+					 struct libnet_LookupDCs *io)
+{
+	struct tevent_req *req;
+	struct finddcs finddcs_io;
+
+	ZERO_STRUCT(finddcs_io);
+
+	if (strcasecmp_m(io->in.domain_name, lpcfg_workgroup(ctx->lp_ctx)) == 0) {
+		finddcs_io.in.domain_name = lpcfg_dnsdomain(ctx->lp_ctx);
+	} else {
+		finddcs_io.in.domain_name = io->in.domain_name;
+	}
+	finddcs_io.in.minimum_dc_flags = NBT_SERVER_LDAP | NBT_SERVER_DS | NBT_SERVER_WRITABLE;
+	finddcs_io.in.server_address = ctx->server_address;
+
+	req = finddcs_cldap_send(mem_ctx, &finddcs_io, ctx->resolve_ctx, ctx->event_ctx);
+	return req;
+}
+
+/**
+ * Waits for and receives results of asynchronous Lookup call
+ *
+ * @param c composite context returned by asynchronous Lookup call
+ * @param mem_ctx memory context of the call
+ * @param io pointer to results (and arguments) of the call
+ * @return nt status code of execution
+ */
+
+NTSTATUS libnet_LookupDCs_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+			       struct libnet_LookupDCs *io)
+{
+	NTSTATUS status;
+	struct finddcs finddcs_io;
+	status = finddcs_cldap_recv(req, mem_ctx, &finddcs_io);
+	talloc_free(req);
+	io->out.num_dcs = 1;
+	io->out.dcs = talloc(mem_ctx, struct nbt_dc_name);
+	NT_STATUS_HAVE_NO_MEMORY(io->out.dcs);
+	io->out.dcs[0].address = finddcs_io.out.address;
+	io->out.dcs[0].name = finddcs_io.out.netlogon.data.nt5_ex.pdc_dns_name;
+	return status;
+}
+
+
+/**
+ * Synchronous version of LookupDCs
+ */
+NTSTATUS libnet_LookupDCs(struct libnet_context *ctx, TALLOC_CTX *mem_ctx,
+			  struct libnet_LookupDCs *io)
+{
+	struct tevent_req *req = libnet_LookupDCs_send(ctx, mem_ctx, io);
+	return libnet_LookupDCs_recv(req, mem_ctx, io);
+}
+
+
+struct lookup_name_state {
+	struct libnet_context *ctx;
+	const char *name;
+	uint32_t count;
+	struct libnet_DomainOpen domopen;
+	struct lsa_LookupNames lookup;
+	struct lsa_TransSidArray sids;
+	struct lsa_String *names;
+
+	/* information about the progress */
+	void (*monitor_fn)(struct monitor_msg *);
+};
+
+
+static bool prepare_lookup_params(struct libnet_context *ctx,
+				  struct composite_context *c,
+				  struct lookup_name_state *s);
+static void continue_lookup_name(struct composite_context *ctx);
+static void continue_name_found(struct tevent_req *subreq);
+
+
+struct composite_context* libnet_LookupName_send(struct libnet_context *ctx,
+						 TALLOC_CTX *mem_ctx,
+						 struct libnet_LookupName *io,
+						 void (*monitor)(struct monitor_msg*))
+{
+	struct composite_context *c;
+	struct lookup_name_state *s;
+	struct tevent_req *subreq;
+	bool prereq_met = false;
+
+	c = composite_create(mem_ctx, ctx->event_ctx);
+	if (c == NULL) return NULL;
+
+	s = talloc_zero(c, struct lookup_name_state);
+	if (composite_nomem(s, c)) return c;
+
+	c->private_data = s;
+	
+	s->name = talloc_strdup(c, io->in.name);
+	s->monitor_fn = monitor;
+	s->ctx = ctx;
+
+	prereq_met = lsa_domain_opened(ctx, c, io->in.domain_name, &c, &s->domopen,
+				       continue_lookup_name, monitor);
+	if (!prereq_met) return c;
+
+	if (!prepare_lookup_params(ctx, c, s)) return c;
+
+	subreq = dcerpc_lsa_LookupNames_r_send(s, c->event_ctx,
+					       ctx->lsa.pipe->binding_handle,
+					       &s->lookup);
+	if (composite_nomem(subreq, c)) return c;
+
+	tevent_req_set_callback(subreq, continue_name_found, c);
+	return c;
+}
+
+
+static bool prepare_lookup_params(struct libnet_context *ctx,
+				  struct composite_context *c,
+				  struct lookup_name_state *s)
+{
+	const int single_name = 1;
+
+	s->sids.count = 0;
+	s->sids.sids  = NULL;
+	
+	s->names = talloc_array(s, struct lsa_String, single_name);
+	if (composite_nomem(s->names, c)) return false;
+	s->names[0].string = s->name;
+	
+	s->lookup.in.handle    = &ctx->lsa.handle;
+	s->lookup.in.num_names = single_name;
+	s->lookup.in.names     = s->names;
+	s->lookup.in.sids      = &s->sids;
+	s->lookup.in.level     = 1;
+	s->lookup.in.count     = &s->count;
+	s->lookup.out.count    = &s->count;
+	s->lookup.out.sids     = &s->sids;
+	s->lookup.out.domains  = talloc_zero(s, struct lsa_RefDomainList *);
+	if (composite_nomem(s->lookup.out.domains, c)) return false;
+	
+	return true;
+}
+
+
+static void continue_lookup_name(struct composite_context *ctx)
+{
+	struct composite_context *c;
+	struct lookup_name_state *s;
+	struct tevent_req *subreq;
+
+	c = talloc_get_type(ctx->async.private_data, struct composite_context);
+	s = talloc_get_type(c->private_data, struct lookup_name_state);
+
+	c->status = libnet_DomainOpen_recv(ctx, s->ctx, c, &s->domopen);
+	if (!composite_is_ok(c)) return;
+	
+	if (!prepare_lookup_params(s->ctx, c, s)) return;
+
+	subreq = dcerpc_lsa_LookupNames_r_send(s, c->event_ctx,
+					       s->ctx->lsa.pipe->binding_handle,
+					       &s->lookup);
+	if (composite_nomem(subreq, c)) return;
+	
+	tevent_req_set_callback(subreq, continue_name_found, c);
+}
+
+
+static void continue_name_found(struct tevent_req *subreq)
+{
+	struct composite_context *c;
+	struct lookup_name_state *s;
+
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type(c->private_data, struct lookup_name_state);
+
+	c->status = dcerpc_lsa_LookupNames_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	c->status = s->lookup.out.result;
+	if (!composite_is_ok(c)) return;
+
+	if (s->lookup.out.sids->count != s->lookup.in.num_names) {
+		composite_error(c, NT_STATUS_INVALID_NETWORK_RESPONSE);
+		return;
+	}
+
+	composite_done(c);
+}
+
+
+NTSTATUS libnet_LookupName_recv(struct composite_context *c, TALLOC_CTX *mem_ctx,
+				struct libnet_LookupName *io)
+{
+	NTSTATUS status;
+	struct lookup_name_state *s = NULL;
+	struct lsa_RefDomainList *domains = NULL;
+	struct lsa_TransSidArray *sids = NULL;
+
+	status = composite_wait(c);
+	ZERO_STRUCT(io->out);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		io->out.error_string = talloc_asprintf(mem_ctx, "Error: %s",
+						       nt_errstr(status));
+		goto done;
+	}
+
+	s = talloc_get_type(c->private_data, struct lookup_name_state);
+
+	if (*s->lookup.out.count == 0) {
+		goto success;
+	}
+
+	domains = *s->lookup.out.domains;
+	sids = s->lookup.out.sids;
+
+	if (domains == NULL || sids == NULL) {
+		status = NT_STATUS_UNSUCCESSFUL;
+		io->out.error_string = talloc_asprintf(mem_ctx, "Error: %s",
+						       nt_errstr(status));
+		goto done;
+	}
+
+	if (sids->count == 0) {
+		goto success;
+	}
+
+	io->out.rid        = sids->sids[0].rid;
+	io->out.sid_type   = sids->sids[0].sid_type;
+	if (domains->count > 0) {
+		io->out.sid = dom_sid_add_rid(mem_ctx, domains->domains[0].sid,
+					      io->out.rid);
+		if (io->out.sid == NULL) {
+			status = NT_STATUS_NO_MEMORY;
+			goto done;
+		}
+		io->out.sidstr = dom_sid_string(mem_ctx, io->out.sid);
+		if (io->out.sidstr == NULL) {
+			status = NT_STATUS_NO_MEMORY;
+			goto done;
+		}
+	}
+
+success:
+	io->out.error_string = talloc_strdup(mem_ctx, "Success");
+done:
+	talloc_free(c);
+	return status;
+}
+
+
+NTSTATUS libnet_LookupName(struct libnet_context *ctx, TALLOC_CTX *mem_ctx,
+			   struct libnet_LookupName *io)
+{
+	struct composite_context *c;
+	
+	c = libnet_LookupName_send(ctx, mem_ctx, io, NULL);
+	return libnet_LookupName_recv(c, mem_ctx, io);
+}
diff --git a/source4/libnet/libnet_lookup.h b/source4/libnet/libnet_lookup.h
new file mode 100644
index 0000000..189ae58
--- /dev/null
+++ b/source4/libnet/libnet_lookup.h
@@ -0,0 +1,69 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Rafal Szczesniak 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+struct libnet_Lookup {
+	struct {
+		const char *hostname;
+		int type;
+		struct resolve_context *resolve_ctx;
+	} in;
+	struct {
+		const char **address;
+	} out;
+};
+
+
+struct libnet_LookupDCs {
+	struct {
+		const char *domain_name;
+		int name_type;
+	} in;
+	struct {
+		int num_dcs;
+		struct nbt_dc_name *dcs;
+	} out;
+};
+
+
+struct libnet_LookupName {
+	struct {
+		const char *name;
+		const char *domain_name;
+	} in;
+	struct {
+		struct dom_sid *sid;
+		int rid;
+		enum lsa_SidType sid_type;
+		const char *sidstr;
+		const char *error_string;
+	} out;
+};
+
+
+/*
+ * Monitor messages sent from libnet_lookup.c functions
+ */
+
+struct msg_net_lookup_dc {
+	const char *domain_name;
+	const char *hostname;
+	const char *address;
+};
+
diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c
new file mode 100644
index 0000000..e24ebe2
--- /dev/null
+++ b/source4/libnet/libnet_passwd.c
@@ -0,0 +1,1108 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Stefan Metzmacher	2004
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libnet/libnet.h"
+#include "libcli/auth/libcli_auth.h"
+#include "librpc/gen_ndr/ndr_samr_c.h"
+#include "source4/librpc/rpc/dcerpc.h"
+#include "auth/credentials/credentials.h"
+#include "libcli/smb/smb_constants.h"
+#include "librpc/rpc/dcerpc_samr.h"
+#include "source3/rpc_client/init_samr.h"
+#include "lib/param/loadparm.h"
+#include "lib/param/param.h"
+
+#include "lib/crypto/gnutls_helpers.h"
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+
+static NTSTATUS libnet_ChangePassword_samr_aes(TALLOC_CTX *mem_ctx,
+					       struct dcerpc_binding_handle *h,
+					       struct lsa_String *server,
+					       struct lsa_String *account,
+					       const char *old_password,
+					       const char *new_password,
+					       const char **error_string)
+{
+	struct samr_ChangePasswordUser4 r;
+	uint8_t old_nt_key_data[16] = {0};
+	gnutls_datum_t old_nt_key = {
+		.data = old_nt_key_data,
+		.size = sizeof(old_nt_key_data),
+	};
+	uint8_t cek_data[16] = {0};
+	DATA_BLOB cek = {
+		.data = cek_data,
+		.length = sizeof(cek_data),
+	};
+	struct samr_EncryptedPasswordAES pwd_buf = {
+		.cipher_len = 0
+	};
+	DATA_BLOB salt = {
+		.data = pwd_buf.salt,
+		.length = sizeof(pwd_buf.salt),
+	};
+	gnutls_datum_t salt_datum = {
+		.data = pwd_buf.salt,
+		.size = sizeof(pwd_buf.salt),
+	};
+	uint64_t pbkdf2_iterations = generate_random_u64_range(5000, 1000000);
+	NTSTATUS status;
+	int rc;
+
+	E_md4hash(old_password, old_nt_key_data);
+
+	generate_nonce_buffer(salt.data, salt.length);
+
+	rc = gnutls_pbkdf2(GNUTLS_MAC_SHA512,
+			   &old_nt_key,
+			   &salt_datum,
+			   pbkdf2_iterations,
+			   cek.data,
+			   cek.length);
+	BURN_DATA(old_nt_key_data);
+	if (rc < 0) {
+		status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
+		if (!NT_STATUS_IS_OK(status)) {
+			goto done;
+		}
+	}
+
+	status = init_samr_CryptPasswordAES(mem_ctx,
+					    new_password,
+					    &salt,
+					    &cek,
+					    &pwd_buf);
+	data_blob_clear(&cek);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
+
+	pwd_buf.PBKDF2Iterations = pbkdf2_iterations;
+
+	r.in.server = server;
+	r.in.account = account;
+	r.in.password = &pwd_buf;
+
+	status = dcerpc_samr_ChangePasswordUser4_r(h, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		status = r.out.result;
+		*error_string = talloc_asprintf(mem_ctx,
+						"samr_ChangePasswordUser4 for "
+						"'%s\\%s' failed: %s",
+						server->string,
+						account->string,
+						nt_errstr(status));
+		goto done;
+	}
+
+done:
+	BURN_DATA(pwd_buf);
+
+	return status;
+}
+
+static NTSTATUS libnet_ChangePassword_samr_rc4(TALLOC_CTX *mem_ctx,
+					       struct dcerpc_binding_handle *h,
+					       struct lsa_String *server,
+					       struct lsa_String *account,
+					       const char *old_password,
+					       const char *new_password,
+					       const char **error_string)
+{
+	struct samr_OemChangePasswordUser2 oe2;
+	struct samr_ChangePasswordUser2 pw2;
+	struct samr_ChangePasswordUser3 pw3;
+	struct samr_CryptPassword nt_pass, lm_pass;
+	uint8_t old_nt_hash[16], new_nt_hash[16];
+	uint8_t old_lm_hash[16], new_lm_hash[16];
+	struct samr_Password nt_verifier, lm_verifier;
+	struct lsa_AsciiString a_server, a_account;
+	gnutls_cipher_hd_t cipher_hnd = NULL;
+	gnutls_datum_t nt_session_key = {
+		.data = old_nt_hash,
+		.size = sizeof(old_nt_hash),
+	};
+	gnutls_datum_t lm_session_key = {
+		.data = old_lm_hash,
+		.size = sizeof(old_lm_hash),
+	};
+	struct samr_DomInfo1 *dominfo = NULL;
+	struct userPwdChangeFailureInformation *reject = NULL;
+	NTSTATUS status;
+	int rc;
+
+	E_md4hash(old_password, old_nt_hash);
+	E_md4hash(new_password, new_nt_hash);
+
+	E_deshash(old_password, old_lm_hash);
+	E_deshash(new_password, new_lm_hash);
+
+	/* prepare samr_ChangePasswordUser3 */
+	encode_pw_buffer(lm_pass.data, new_password, STR_UNICODE);
+
+	rc = gnutls_cipher_init(&cipher_hnd,
+				GNUTLS_CIPHER_ARCFOUR_128,
+				&nt_session_key,
+				NULL);
+	if (rc < 0) {
+		status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
+		goto done;
+	}
+
+	rc = gnutls_cipher_encrypt(cipher_hnd,
+				   lm_pass.data,
+				   516);
+	gnutls_cipher_deinit(cipher_hnd);
+	if (rc < 0) {
+		status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
+		goto done;
+	}
+
+	rc = E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
+	if (rc != 0) {
+		status = gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
+		goto done;
+	}
+
+	encode_pw_buffer(nt_pass.data, new_password, STR_UNICODE);
+
+	rc = gnutls_cipher_init(&cipher_hnd,
+				GNUTLS_CIPHER_ARCFOUR_128,
+				&nt_session_key,
+				NULL);
+	if (rc < 0) {
+		status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
+		goto done;
+	}
+
+	rc = gnutls_cipher_encrypt(cipher_hnd,
+				   nt_pass.data,
+				   516);
+	gnutls_cipher_deinit(cipher_hnd);
+	if (rc < 0) {
+		status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
+		goto done;
+	}
+
+	rc = E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
+	if (rc != 0) {
+		status = gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
+		goto done;
+	}
+
+	pw3.in.server = server;
+	pw3.in.account = account;
+	pw3.in.nt_password = &nt_pass;
+	pw3.in.nt_verifier = &nt_verifier;
+	pw3.in.lm_change = 1;
+	pw3.in.lm_password = &lm_pass;
+	pw3.in.lm_verifier = &lm_verifier;
+	pw3.in.password3 = NULL;
+	pw3.out.dominfo = &dominfo;
+	pw3.out.reject = &reject;
+
+	/* 2. try samr_ChangePasswordUser3 */
+	status = dcerpc_samr_ChangePasswordUser3_r(h, mem_ctx, &pw3);
+	if (!NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) {
+		if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(pw3.out.result)) {
+			status = pw3.out.result;
+		}
+		if (!NT_STATUS_IS_OK(status)) {
+			*error_string = talloc_asprintf(
+				mem_ctx,
+				"samr_ChangePasswordUser3 failed: %s",
+				nt_errstr(status));
+			*error_string =
+				talloc_asprintf(mem_ctx,
+						"samr_ChangePasswordUser3 for "
+						"'%s\\%s' failed: %s",
+						server->string,
+						account->string,
+						nt_errstr(status));
+		}
+		goto done;
+	}
+
+	/* prepare samr_ChangePasswordUser2 */
+	encode_pw_buffer(lm_pass.data, new_password, STR_ASCII | STR_TERMINATE);
+
+	rc = gnutls_cipher_init(&cipher_hnd,
+				GNUTLS_CIPHER_ARCFOUR_128,
+				&lm_session_key,
+				NULL);
+	if (rc < 0) {
+		status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
+		goto done;
+	}
+
+	rc = gnutls_cipher_encrypt(cipher_hnd,
+				   lm_pass.data,
+				   516);
+	gnutls_cipher_deinit(cipher_hnd);
+	if (rc < 0) {
+		status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
+		goto done;
+	}
+
+	rc = E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
+	if (rc != 0) {
+		status = gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
+		goto done;
+	}
+
+	encode_pw_buffer(nt_pass.data, new_password, STR_UNICODE);
+
+	rc = gnutls_cipher_init(&cipher_hnd,
+				GNUTLS_CIPHER_ARCFOUR_128,
+				&nt_session_key,
+				NULL);
+	if (rc < 0) {
+		status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
+		goto done;
+	}
+	rc = gnutls_cipher_encrypt(cipher_hnd,
+				   nt_pass.data,
+				   516);
+	gnutls_cipher_deinit(cipher_hnd);
+	if (rc < 0) {
+		status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
+		goto done;
+	}
+
+	rc = E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
+	if (rc != 0) {
+		status = gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
+		goto done;
+	}
+
+	pw2.in.server = server;
+	pw2.in.account = account;
+	pw2.in.nt_password = &nt_pass;
+	pw2.in.nt_verifier = &nt_verifier;
+	pw2.in.lm_change = 1;
+	pw2.in.lm_password = &lm_pass;
+	pw2.in.lm_verifier = &lm_verifier;
+
+	/* 3. try samr_ChangePasswordUser2 */
+	status = dcerpc_samr_ChangePasswordUser2_r(h, mem_ctx, &pw2);
+	if (!NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) {
+		if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(pw2.out.result)) {
+			status = pw2.out.result;
+		}
+		if (!NT_STATUS_IS_OK(status)) {
+			*error_string =
+				talloc_asprintf(mem_ctx,
+						"samr_ChangePasswordUser2 for "
+						"'%s\\%s' failed: %s",
+						server->string,
+						account->string,
+						nt_errstr(status));
+		}
+		goto done;
+	}
+
+
+	/* prepare samr_OemChangePasswordUser2 */
+	a_server.string = server->string;
+	a_account.string = account->string;
+
+	encode_pw_buffer(lm_pass.data, new_password, STR_ASCII);
+
+	rc = gnutls_cipher_init(&cipher_hnd,
+				GNUTLS_CIPHER_ARCFOUR_128,
+				&lm_session_key,
+				NULL);
+	if (rc < 0) {
+		status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
+		goto done;
+	}
+
+	rc = gnutls_cipher_encrypt(cipher_hnd,
+				   lm_pass.data,
+				   516);
+	gnutls_cipher_deinit(cipher_hnd);
+	if (rc < 0) {
+		status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
+		goto done;
+	}
+
+	rc = E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
+	if (rc != 0) {
+		status = gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
+		goto done;
+	}
+
+	oe2.in.server = &a_server;
+	oe2.in.account = &a_account;
+	oe2.in.password = &lm_pass;
+	oe2.in.hash = &lm_verifier;
+
+	/* 4. try samr_OemChangePasswordUser2 */
+	status = dcerpc_samr_OemChangePasswordUser2_r(h, mem_ctx, &oe2);
+	if (!NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) {
+		if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(oe2.out.result)) {
+			status = oe2.out.result;
+		}
+		if (!NT_STATUS_IS_OK(oe2.out.result)) {
+			*error_string =
+				talloc_asprintf(mem_ctx,
+						"samr_OemChangePasswordUser2 "
+						"for '%s\\%s' failed: %s",
+						server->string,
+						account->string,
+						nt_errstr(status));
+		}
+		goto done;
+	}
+
+	status = NT_STATUS_OK;
+done:
+	return status;
+}
+
+/*
+ * do a password change using DCERPC/SAMR calls
+ * 1. connect to the SAMR pipe of users domain PDC (maybe a standalone server or workstation)
+ * 2. try samr_ChangePasswordUser3
+ * 3. try samr_ChangePasswordUser2
+ * 4. try samr_OemChangePasswordUser2
+ */
+static NTSTATUS libnet_ChangePassword_samr(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_ChangePassword *r)
+{
+        NTSTATUS status;
+	struct libnet_RpcConnect c;
+	struct lsa_String server, account;
+
+	ZERO_STRUCT(c);
+
+	/* prepare connect to the SAMR pipe of the users domain PDC */
+	c.level                    = LIBNET_RPC_CONNECT_PDC;
+	c.in.name                  = r->samr.in.domain_name;
+	c.in.dcerpc_iface     	   = &ndr_table_samr;
+	c.in.dcerpc_flags          = DCERPC_ANON_FALLBACK;
+
+	/* 1. connect to the SAMR pipe of users domain PDC (maybe a standalone server or workstation) */
+	status = libnet_RpcConnect(ctx, mem_ctx, &c);
+	if (!NT_STATUS_IS_OK(status)) {
+		r->samr.out.error_string = talloc_asprintf(mem_ctx,
+						"Connection to SAMR pipe of PDC of domain '%s' failed: %s",
+						r->samr.in.domain_name, nt_errstr(status));
+		return status;
+	}
+
+	/* prepare password change for account */
+	server.string = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(c.out.dcerpc_pipe));
+	account.string = r->samr.in.account_name;
+
+	status = libnet_ChangePassword_samr_aes(
+		mem_ctx,
+		c.out.dcerpc_pipe->binding_handle,
+		&server,
+		&account,
+		r->samr.in.oldpassword,
+		r->samr.in.newpassword,
+		&(r->samr.out.error_string));
+	if (NT_STATUS_IS_OK(status)) {
+		goto disconnect;
+	} else if (NT_STATUS_EQUAL(status,
+				   NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE) ||
+		   NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED) ||
+		   NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) {
+		/*
+		 * Don't fallback to RC4 based SAMR if weak crypto is not
+		 * allowed.
+		 */
+		if (lpcfg_weak_crypto(ctx->lp_ctx) ==
+		    SAMBA_WEAK_CRYPTO_DISALLOWED) {
+			goto disconnect;
+		}
+	} else {
+		/* libnet_ChangePassword_samr_aes is implemented and failed */
+		goto disconnect;
+	}
+
+	status = libnet_ChangePassword_samr_rc4(
+		mem_ctx,
+		c.out.dcerpc_pipe->binding_handle,
+		&server,
+		&account,
+		r->samr.in.oldpassword,
+		r->samr.in.newpassword,
+		&(r->samr.out.error_string));
+	if (!NT_STATUS_IS_OK(status)) {
+		goto disconnect;
+	}
+
+disconnect:
+	/* close connection */
+	talloc_unlink(ctx, c.out.dcerpc_pipe);
+
+	return status;
+}
+
+static NTSTATUS libnet_ChangePassword_generic(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_ChangePassword *r)
+{
+	NTSTATUS status;
+	union libnet_ChangePassword r2;
+
+	r2.samr.level		= LIBNET_CHANGE_PASSWORD_SAMR;
+	r2.samr.in.account_name	= r->generic.in.account_name;
+	r2.samr.in.domain_name	= r->generic.in.domain_name;
+	r2.samr.in.oldpassword	= r->generic.in.oldpassword;
+	r2.samr.in.newpassword	= r->generic.in.newpassword;
+
+	status = libnet_ChangePassword(ctx, mem_ctx, &r2);
+
+	r->generic.out.error_string = r2.samr.out.error_string;
+
+	return status;
+}
+
+NTSTATUS libnet_ChangePassword(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_ChangePassword *r)
+{
+	switch (r->generic.level) {
+		case LIBNET_CHANGE_PASSWORD_GENERIC:
+			return libnet_ChangePassword_generic(ctx, mem_ctx, r);
+		case LIBNET_CHANGE_PASSWORD_SAMR:
+			return libnet_ChangePassword_samr(ctx, mem_ctx, r);
+		case LIBNET_CHANGE_PASSWORD_KRB5:
+			return NT_STATUS_NOT_IMPLEMENTED;
+		case LIBNET_CHANGE_PASSWORD_LDAP:
+			return NT_STATUS_NOT_IMPLEMENTED;
+		case LIBNET_CHANGE_PASSWORD_RAP:
+			return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	return NT_STATUS_INVALID_LEVEL;
+}
+
+static NTSTATUS libnet_SetPassword_samr_handle_26(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_SetPassword *r)
+{
+	NTSTATUS status;
+	struct samr_SetUserInfo2 sui;
+	union samr_UserInfo u_info;
+	DATA_BLOB session_key;
+
+	if (r->samr_handle.in.info21) {
+		return NT_STATUS_INVALID_PARAMETER_MIX;
+	}
+
+	/* prepare samr_SetUserInfo2 level 26 */
+	ZERO_STRUCT(u_info);
+	u_info.info26.password_expired = 0;
+
+	status = dcerpc_fetch_session_key(r->samr_handle.in.dcerpc_pipe, &session_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		r->samr_handle.out.error_string = talloc_asprintf(mem_ctx,
+								  "dcerpc_fetch_session_key failed: %s",
+								  nt_errstr(status));
+		return status;
+	}
+
+	status = encode_rc4_passwd_buffer(r->samr_handle.in.newpassword,
+					  &session_key,
+					  &u_info.info26.password);
+	if (!NT_STATUS_IS_OK(status)) {
+		r->samr_handle.out.error_string =
+			talloc_asprintf(mem_ctx,
+					"encode_rc4_passwd_buffer failed: %s",
+					nt_errstr(status));
+		return status;
+	}
+
+	sui.in.user_handle = r->samr_handle.in.user_handle;
+	sui.in.info = &u_info;
+	sui.in.level = 26;
+
+	/* 7. try samr_SetUserInfo2 level 26 to set the password */
+	status = dcerpc_samr_SetUserInfo2_r(r->samr_handle.in.dcerpc_pipe->binding_handle, mem_ctx, &sui);
+	/* check result of samr_SetUserInfo2 level 26 */
+	if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(sui.out.result)) {
+		status = sui.out.result;
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		r->samr_handle.out.error_string
+			= talloc_asprintf(mem_ctx,
+					  "SetUserInfo2 level 26 for [%s] failed: %s",
+					  r->samr_handle.in.account_name, nt_errstr(status));
+	}
+
+	return status;
+}
+
+static NTSTATUS libnet_SetPassword_samr_handle_25(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_SetPassword *r)
+{
+	NTSTATUS status;
+	struct samr_SetUserInfo2 sui;
+	union samr_UserInfo u_info;
+	DATA_BLOB session_key;
+
+	if (!r->samr_handle.in.info21) {
+		return NT_STATUS_INVALID_PARAMETER_MIX;
+	}
+
+	/* prepare samr_SetUserInfo2 level 25 */
+	ZERO_STRUCT(u_info);
+	u_info.info25.info = *r->samr_handle.in.info21;
+	u_info.info25.info.fields_present |= SAMR_FIELD_NT_PASSWORD_PRESENT;
+
+	status = dcerpc_fetch_session_key(r->samr_handle.in.dcerpc_pipe, &session_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		r->samr_handle.out.error_string = talloc_asprintf(mem_ctx,
+						"dcerpc_fetch_session_key failed: %s",
+						nt_errstr(status));
+		return status;
+	}
+
+	status = encode_rc4_passwd_buffer(r->samr_handle.in.newpassword,
+					  &session_key,
+					  &u_info.info25.password);
+	if (!NT_STATUS_IS_OK(status)) {
+		r->samr_handle.out.error_string =
+			talloc_asprintf(mem_ctx,
+					"encode_rc4_passwd_buffer failed: %s",
+					nt_errstr(status));
+		return status;
+	}
+
+
+	sui.in.user_handle = r->samr_handle.in.user_handle;
+	sui.in.info = &u_info;
+	sui.in.level = 25;
+
+	/* 8. try samr_SetUserInfo2 level 25 to set the password */
+	status = dcerpc_samr_SetUserInfo2_r(r->samr_handle.in.dcerpc_pipe->binding_handle, mem_ctx, &sui);
+	if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(sui.out.result)) {
+		status = sui.out.result;
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		r->samr_handle.out.error_string
+			= talloc_asprintf(mem_ctx,
+					  "SetUserInfo2 level 25 for [%s] failed: %s",
+					  r->samr_handle.in.account_name, nt_errstr(status));
+	}
+
+	return status;
+}
+
+static NTSTATUS libnet_SetPassword_samr_handle_24(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_SetPassword *r)
+{
+	NTSTATUS status;
+	struct samr_SetUserInfo2 sui;
+	union samr_UserInfo u_info;
+	DATA_BLOB session_key;
+	gnutls_cipher_hd_t cipher_hnd = NULL;
+	gnutls_datum_t enc_session_key;
+	int rc;
+
+	if (r->samr_handle.in.info21) {
+		return NT_STATUS_INVALID_PARAMETER_MIX;
+	}
+
+	/* prepare samr_SetUserInfo2 level 24 */
+	ZERO_STRUCT(u_info);
+	encode_pw_buffer(u_info.info24.password.data, r->samr_handle.in.newpassword, STR_UNICODE);
+	u_info.info24.password_expired = 0;
+
+	status = dcerpc_fetch_session_key(r->samr_handle.in.dcerpc_pipe, &session_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		r->samr_handle.out.error_string = talloc_asprintf(mem_ctx,
+						"dcerpc_fetch_session_key failed: %s",
+						nt_errstr(status));
+		return status;
+	}
+
+	enc_session_key = (gnutls_datum_t) {
+		.data = session_key.data,
+		.size = session_key.length,
+	};
+
+	rc = gnutls_cipher_init(&cipher_hnd,
+				GNUTLS_CIPHER_ARCFOUR_128,
+				&enc_session_key,
+				NULL);
+	if (rc < 0) {
+		status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
+		goto out;
+	}
+
+	rc = gnutls_cipher_encrypt(cipher_hnd,
+				   u_info.info24.password.data,
+				   516);
+	gnutls_cipher_deinit(cipher_hnd);
+	if (rc < 0) {
+		status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
+		goto out;
+	}
+
+	sui.in.user_handle = r->samr_handle.in.user_handle;
+	sui.in.info = &u_info;
+	sui.in.level = 24;
+
+	/* 9. try samr_SetUserInfo2 level 24 to set the password */
+	status = dcerpc_samr_SetUserInfo2_r(r->samr_handle.in.dcerpc_pipe->binding_handle, mem_ctx, &sui);
+	if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(sui.out.result)) {
+		status = sui.out.result;
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		r->samr_handle.out.error_string
+			= talloc_asprintf(mem_ctx,
+					  "SetUserInfo2 level 24 for [%s] failed: %s",
+					  r->samr_handle.in.account_name, nt_errstr(status));
+	}
+
+out:
+	data_blob_clear(&session_key);
+	return status;
+}
+
+static NTSTATUS libnet_SetPassword_samr_handle_23(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_SetPassword *r)
+{
+	NTSTATUS status;
+	struct samr_SetUserInfo2 sui;
+	union samr_UserInfo u_info;
+	DATA_BLOB session_key;
+	gnutls_cipher_hd_t cipher_hnd = NULL;
+	gnutls_datum_t _session_key;
+	int rc;
+
+	if (!r->samr_handle.in.info21) {
+		return NT_STATUS_INVALID_PARAMETER_MIX;
+	}
+
+	/* prepare samr_SetUserInfo2 level 23 */
+	ZERO_STRUCT(u_info);
+	u_info.info23.info = *r->samr_handle.in.info21;
+	u_info.info23.info.fields_present |= SAMR_FIELD_NT_PASSWORD_PRESENT;
+	encode_pw_buffer(u_info.info23.password.data, r->samr_handle.in.newpassword, STR_UNICODE);
+
+	status = dcerpc_fetch_session_key(r->samr_handle.in.dcerpc_pipe, &session_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		r->samr_handle.out.error_string
+			= talloc_asprintf(mem_ctx,
+					  "dcerpc_fetch_session_key failed: %s",
+					  nt_errstr(status));
+		return status;
+	}
+
+	_session_key = (gnutls_datum_t) {
+		.data = session_key.data,
+		.size = session_key.length,
+	};
+
+	rc = gnutls_cipher_init(&cipher_hnd,
+				GNUTLS_CIPHER_ARCFOUR_128,
+				&_session_key,
+				NULL);
+	if (rc < 0) {
+		status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
+		goto out;
+	}
+
+	rc = gnutls_cipher_encrypt(cipher_hnd,
+				   u_info.info23.password.data,
+				   516);
+	data_blob_clear_free(&session_key);
+	gnutls_cipher_deinit(cipher_hnd);
+	if (rc < 0) {
+		status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
+		goto out;
+	}
+
+	sui.in.user_handle = r->samr_handle.in.user_handle;
+	sui.in.info = &u_info;
+	sui.in.level = 23;
+
+	/* 10. try samr_SetUserInfo2 level 23 to set the password */
+	status = dcerpc_samr_SetUserInfo2_r(r->samr_handle.in.dcerpc_pipe->binding_handle, mem_ctx, &sui);
+	if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(sui.out.result)) {
+		status = sui.out.result;
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		r->samr_handle.out.error_string
+			= talloc_asprintf(mem_ctx,
+					  "SetUserInfo2 level 23 for [%s] failed: %s",
+					  r->samr_handle.in.account_name, nt_errstr(status));
+	}
+
+out:
+	return status;
+}
+
+static NTSTATUS libnet_SetPassword_samr_handle_18(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_SetPassword *r)
+{
+	NTSTATUS status;
+	struct samr_SetUserInfo2 sui;
+	union samr_UserInfo u_info;
+	struct samr_Password ntpwd;
+	DATA_BLOB ntpwd_in;
+	DATA_BLOB ntpwd_out;
+	DATA_BLOB session_key;
+	int rc;
+
+	if (r->samr_handle.in.info21) {
+		return NT_STATUS_INVALID_PARAMETER_MIX;
+	}
+
+	/* prepare samr_SetUserInfo2 level 18 (nt_hash) */
+	ZERO_STRUCT(u_info);
+	E_md4hash(r->samr_handle.in.newpassword, ntpwd.hash);
+	ntpwd_in = data_blob_const(ntpwd.hash, sizeof(ntpwd.hash));
+	ntpwd_out = data_blob_const(u_info.info18.nt_pwd.hash,
+				    sizeof(u_info.info18.nt_pwd.hash));
+	u_info.info18.nt_pwd_active = 1;
+	u_info.info18.password_expired = 0;
+
+	status = dcerpc_fetch_session_key(r->samr_handle.in.dcerpc_pipe, &session_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		r->samr_handle.out.error_string = talloc_asprintf(mem_ctx,
+						"dcerpc_fetch_session_key failed: %s",
+						nt_errstr(status));
+		return status;
+	}
+
+	rc = sess_crypt_blob(&ntpwd_out, &ntpwd_in,
+			     &session_key, SAMBA_GNUTLS_ENCRYPT);
+	if (rc < 0) {
+		status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
+		goto out;
+	}
+
+	sui.in.user_handle = r->samr_handle.in.user_handle;
+	sui.in.info = &u_info;
+	sui.in.level = 18;
+
+	/* 9. try samr_SetUserInfo2 level 18 to set the password */
+	status = dcerpc_samr_SetUserInfo2_r(r->samr_handle.in.dcerpc_pipe->binding_handle, mem_ctx, &sui);
+	if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(sui.out.result)) {
+		status = sui.out.result;
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		r->samr_handle.out.error_string
+			= talloc_asprintf(mem_ctx,
+					  "SetUserInfo2 level 18 for [%s] failed: %s",
+					  r->samr_handle.in.account_name, nt_errstr(status));
+	}
+
+out:
+	data_blob_clear(&session_key);
+	return status;
+}
+
+/*
+ * 1. try samr_SetUserInfo2 level 26 to set the password
+ * 2. try samr_SetUserInfo2 level 25 to set the password
+ * 3. try samr_SetUserInfo2 level 24 to set the password
+ * 4. try samr_SetUserInfo2 level 23 to set the password
+*/
+static NTSTATUS libnet_SetPassword_samr_handle(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_SetPassword *r)
+{
+
+	NTSTATUS status;
+	enum libnet_SetPassword_level levels[] = {
+		LIBNET_SET_PASSWORD_SAMR_HANDLE_26,
+		LIBNET_SET_PASSWORD_SAMR_HANDLE_25,
+		LIBNET_SET_PASSWORD_SAMR_HANDLE_24,
+		LIBNET_SET_PASSWORD_SAMR_HANDLE_23,
+	};
+	unsigned int i;
+
+	if (r->samr_handle.samr_level != 0) {
+		r->generic.level = r->samr_handle.samr_level;
+		return libnet_SetPassword(ctx, mem_ctx, r);
+	}
+
+	for (i=0; i < ARRAY_SIZE(levels); i++) {
+		r->generic.level = levels[i];
+		status = libnet_SetPassword(ctx, mem_ctx, r);
+		if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_INFO_CLASS)
+		    || NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER_MIX)
+		    || NT_STATUS_EQUAL(status, NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE)) {
+			/* Try another password set mechanism */
+			continue;
+		}
+		break;
+	}
+
+	return status;
+}
+/*
+ * set a password with DCERPC/SAMR calls
+ * 1. connect to the SAMR pipe of users domain PDC (maybe a standalone server or workstation)
+ *    is it correct to contact the the pdc of the domain of the user who's password should be set?
+ * 2. do a samr_Connect to get a policy handle
+ * 3. do a samr_LookupDomain to get the domain sid
+ * 4. do a samr_OpenDomain to get a domain handle
+ * 5. do a samr_LookupNames to get the users rid
+ * 6. do a samr_OpenUser to get a user handle
+ * 7  call libnet_SetPassword_samr_handle to set the password
+ */
+static NTSTATUS libnet_SetPassword_samr(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_SetPassword *r)
+{
+	NTSTATUS status;
+	struct libnet_RpcConnect c;
+	struct samr_Connect sc;
+	struct policy_handle p_handle;
+	struct samr_LookupDomain ld;
+	struct dom_sid2 *sid = NULL;
+	struct lsa_String d_name;
+	struct samr_OpenDomain od;
+	struct policy_handle d_handle;
+	struct samr_LookupNames ln;
+	struct samr_Ids rids, types;
+	struct samr_OpenUser ou;
+	struct policy_handle u_handle;
+	union libnet_SetPassword r2;
+
+	ZERO_STRUCT(c);
+	/* prepare connect to the SAMR pipe of users domain PDC */
+	c.level               = LIBNET_RPC_CONNECT_PDC;
+	c.in.name             = r->samr.in.domain_name;
+	c.in.dcerpc_iface     = &ndr_table_samr;
+
+	/* 1. connect to the SAMR pipe of users domain PDC (maybe a standalone server or workstation) */
+	status = libnet_RpcConnect(ctx, mem_ctx, &c);
+	if (!NT_STATUS_IS_OK(status)) {
+		r->samr.out.error_string = talloc_asprintf(mem_ctx,
+							   "Connection to SAMR pipe of PDC of domain '%s' failed: %s",
+							   r->samr.in.domain_name, nt_errstr(status));
+		return status;
+	}
+
+	/* prepare samr_Connect */
+	ZERO_STRUCT(p_handle);
+	sc.in.system_name = NULL;
+	sc.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	sc.out.connect_handle = &p_handle;
+
+	/* 2. do a samr_Connect to get a policy handle */
+	status = dcerpc_samr_Connect_r(c.out.dcerpc_pipe->binding_handle, mem_ctx, &sc);
+	if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(sc.out.result)) {
+		status = sc.out.result;
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		r->samr.out.error_string = talloc_asprintf(mem_ctx,
+						"samr_Connect failed: %s",
+						nt_errstr(status));
+		goto disconnect;
+	}
+
+	/* prepare samr_LookupDomain */
+	d_name.string = r->samr.in.domain_name;
+	ld.in.connect_handle = &p_handle;
+	ld.in.domain_name = &d_name;
+	ld.out.sid = &sid;
+
+	/* 3. do a samr_LookupDomain to get the domain sid */
+	status = dcerpc_samr_LookupDomain_r(c.out.dcerpc_pipe->binding_handle, mem_ctx, &ld);
+	if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(ld.out.result)) {
+		status = ld.out.result;
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		r->samr.out.error_string = talloc_asprintf(mem_ctx,
+						"samr_LookupDomain for [%s] failed: %s",
+						r->samr.in.domain_name, nt_errstr(status));
+		goto disconnect;
+	}
+
+	/* prepare samr_OpenDomain */
+	ZERO_STRUCT(d_handle);
+	od.in.connect_handle = &p_handle;
+	od.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	od.in.sid = *ld.out.sid;
+	od.out.domain_handle = &d_handle;
+
+	/* 4. do a samr_OpenDomain to get a domain handle */
+	status = dcerpc_samr_OpenDomain_r(c.out.dcerpc_pipe->binding_handle, mem_ctx, &od);
+	if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(od.out.result)) {
+		status = od.out.result;
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		r->samr.out.error_string = talloc_asprintf(mem_ctx,
+						"samr_OpenDomain for [%s] failed: %s",
+						r->samr.in.domain_name, nt_errstr(status));
+		goto disconnect;
+	}
+
+	/* prepare samr_LookupNames */
+	ln.in.domain_handle = &d_handle;
+	ln.in.num_names = 1;
+	ln.in.names = talloc_array(mem_ctx, struct lsa_String, 1);
+	ln.out.rids = &rids;
+	ln.out.types = &types;
+	if (!ln.in.names) {
+		r->samr.out.error_string = "Out of Memory";
+		return NT_STATUS_NO_MEMORY;
+	}
+	ln.in.names[0].string = r->samr.in.account_name;
+
+	/* 5. do a samr_LookupNames to get the users rid */
+	status = dcerpc_samr_LookupNames_r(c.out.dcerpc_pipe->binding_handle, mem_ctx, &ln);
+	if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(ln.out.result)) {
+		status = ln.out.result;
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		r->samr.out.error_string = talloc_asprintf(mem_ctx,
+						"samr_LookupNames for [%s] failed: %s",
+						r->samr.in.account_name, nt_errstr(status));
+		goto disconnect;
+	}
+
+	/* check if we got one RID for the user */
+	if (ln.out.rids->count != 1) {
+		r->samr.out.error_string = talloc_asprintf(mem_ctx,
+						"samr_LookupNames for [%s] returns %d RIDs",
+						r->samr.in.account_name, ln.out.rids->count);
+		status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+		goto disconnect;
+	}
+
+	if (ln.out.types->count != 1) {
+		r->samr.out.error_string = talloc_asprintf(mem_ctx,
+						"samr_LookupNames for [%s] returns %d RID TYPEs",
+						r->samr.in.account_name, ln.out.types->count);
+		status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+		goto disconnect;
+	}
+
+	/* prepare samr_OpenUser */
+	ZERO_STRUCT(u_handle);
+	ou.in.domain_handle = &d_handle;
+	ou.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	ou.in.rid = ln.out.rids->ids[0];
+	ou.out.user_handle = &u_handle;
+
+	/* 6. do a samr_OpenUser to get a user handle */
+	status = dcerpc_samr_OpenUser_r(c.out.dcerpc_pipe->binding_handle, mem_ctx, &ou);
+	if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(ou.out.result)) {
+		status = ou.out.result;
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		r->samr.out.error_string = talloc_asprintf(mem_ctx,
+						"samr_OpenUser for [%s] failed: %s",
+						r->samr.in.account_name, nt_errstr(status));
+		goto disconnect;
+	}
+
+	ZERO_STRUCT(r2);
+	r2.samr_handle.level		= LIBNET_SET_PASSWORD_SAMR_HANDLE;
+	r2.samr_handle.samr_level	= r->samr.samr_level;
+	r2.samr_handle.in.account_name	= r->samr.in.account_name;
+	r2.samr_handle.in.newpassword	= r->samr.in.newpassword;
+	r2.samr_handle.in.user_handle   = &u_handle;
+	r2.samr_handle.in.dcerpc_pipe   = c.out.dcerpc_pipe;
+	r2.samr_handle.in.info21	= NULL;
+
+	status = libnet_SetPassword(ctx, mem_ctx, &r2);
+
+	r->generic.out.error_string = r2.samr_handle.out.error_string;
+
+disconnect:
+	/* close connection */
+	talloc_unlink(ctx, c.out.dcerpc_pipe);
+
+	return status;
+}
+
+static NTSTATUS libnet_SetPassword_generic(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_SetPassword *r)
+{
+	NTSTATUS status;
+	union libnet_SetPassword r2;
+
+	ZERO_STRUCT(r2);
+	r2.samr.level		= LIBNET_SET_PASSWORD_SAMR;
+	r2.samr.samr_level	= r->generic.samr_level;
+	r2.samr.in.account_name	= r->generic.in.account_name;
+	r2.samr.in.domain_name	= r->generic.in.domain_name;
+	r2.samr.in.newpassword	= r->generic.in.newpassword;
+
+	r->generic.out.error_string = "Unknown Error";
+	status = libnet_SetPassword(ctx, mem_ctx, &r2);
+
+	r->generic.out.error_string = r2.samr.out.error_string;
+
+	return status;
+}
+
+NTSTATUS libnet_SetPassword(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_SetPassword *r)
+{
+	enum smb_encryption_setting encryption_state =
+		cli_credentials_get_smb_encryption(ctx->cred);
+	NTSTATUS status =  NT_STATUS_INVALID_LEVEL;
+
+	switch (r->generic.level) {
+		case LIBNET_SET_PASSWORD_GENERIC:
+			status = libnet_SetPassword_generic(ctx, mem_ctx, r);
+			break;
+		case LIBNET_SET_PASSWORD_SAMR:
+			status = libnet_SetPassword_samr(ctx, mem_ctx, r);
+			break;
+		case LIBNET_SET_PASSWORD_SAMR_HANDLE:
+			status = libnet_SetPassword_samr_handle(ctx, mem_ctx, r);
+			break;
+		case LIBNET_SET_PASSWORD_SAMR_HANDLE_26:
+			if (encryption_state == SMB_ENCRYPTION_REQUIRED) {
+				GNUTLS_FIPS140_SET_LAX_MODE();
+			}
+			status = libnet_SetPassword_samr_handle_26(ctx, mem_ctx, r);
+			break;
+		case LIBNET_SET_PASSWORD_SAMR_HANDLE_25:
+			if (encryption_state == SMB_ENCRYPTION_REQUIRED) {
+				GNUTLS_FIPS140_SET_LAX_MODE();
+			}
+			status = libnet_SetPassword_samr_handle_25(ctx, mem_ctx, r);
+			break;
+		case LIBNET_SET_PASSWORD_SAMR_HANDLE_24:
+			if (encryption_state == SMB_ENCRYPTION_REQUIRED) {
+				GNUTLS_FIPS140_SET_LAX_MODE();
+			}
+			status = libnet_SetPassword_samr_handle_24(ctx, mem_ctx, r);
+			break;
+		case LIBNET_SET_PASSWORD_SAMR_HANDLE_23:
+			if (encryption_state == SMB_ENCRYPTION_REQUIRED) {
+				GNUTLS_FIPS140_SET_LAX_MODE();
+			}
+			status = libnet_SetPassword_samr_handle_23(ctx, mem_ctx, r);
+			break;
+		case LIBNET_SET_PASSWORD_SAMR_HANDLE_18:
+			if (encryption_state == SMB_ENCRYPTION_REQUIRED) {
+				GNUTLS_FIPS140_SET_LAX_MODE();
+			}
+			status = libnet_SetPassword_samr_handle_18(ctx, mem_ctx, r);
+			break;
+		case LIBNET_SET_PASSWORD_KRB5:
+			status = NT_STATUS_NOT_IMPLEMENTED;
+			break;
+		case LIBNET_SET_PASSWORD_LDAP:
+			status = NT_STATUS_NOT_IMPLEMENTED;
+			break;
+		case LIBNET_SET_PASSWORD_RAP:
+			status = NT_STATUS_NOT_IMPLEMENTED;
+			break;
+	}
+
+	GNUTLS_FIPS140_SET_STRICT_MODE();
+	return status;
+}
diff --git a/source4/libnet/libnet_passwd.h b/source4/libnet/libnet_passwd.h
new file mode 100644
index 0000000..17e6aab
--- /dev/null
+++ b/source4/libnet/libnet_passwd.h
@@ -0,0 +1,144 @@
+/* 
+   Unix SMB/CIFS implementation.
+   
+   Copyright (C) Stefan Metzmacher	2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/* struct and enum for doing a remote password change */
+enum libnet_ChangePassword_level {
+	LIBNET_CHANGE_PASSWORD_GENERIC,
+	LIBNET_CHANGE_PASSWORD_SAMR,
+	LIBNET_CHANGE_PASSWORD_KRB5,
+	LIBNET_CHANGE_PASSWORD_LDAP,
+	LIBNET_CHANGE_PASSWORD_RAP
+};
+
+union libnet_ChangePassword {
+	struct {
+		enum libnet_ChangePassword_level level;
+
+		struct _libnet_ChangePassword_in {
+			const char *account_name;
+			const char *domain_name;
+			const char *oldpassword;
+			const char *newpassword;
+		} in;
+
+		struct _libnet_ChangePassword_out {
+			const char *error_string;
+		} out;
+	} generic;
+
+	struct {
+		enum libnet_ChangePassword_level level;
+		struct _libnet_ChangePassword_in in;
+		struct _libnet_ChangePassword_out out;
+	} samr;
+
+	struct {
+		enum libnet_ChangePassword_level level;
+		struct _libnet_ChangePassword_in in;
+		struct _libnet_ChangePassword_out out;
+	} krb5;
+
+	struct {
+		enum libnet_ChangePassword_level level;
+		struct _libnet_ChangePassword_in in;
+		struct _libnet_ChangePassword_out out;
+	} ldap;
+
+	struct {
+		enum libnet_ChangePassword_level level;
+		struct _libnet_ChangePassword_in in;
+		struct _libnet_ChangePassword_out out;
+	} rap;
+};
+
+/* struct and enum for doing a remote password set */
+enum libnet_SetPassword_level {
+	LIBNET_SET_PASSWORD_GENERIC,
+	LIBNET_SET_PASSWORD_SAMR,
+	LIBNET_SET_PASSWORD_SAMR_HANDLE,
+	LIBNET_SET_PASSWORD_SAMR_HANDLE_26,
+	LIBNET_SET_PASSWORD_SAMR_HANDLE_25,
+	LIBNET_SET_PASSWORD_SAMR_HANDLE_24,
+	LIBNET_SET_PASSWORD_SAMR_HANDLE_23,
+	LIBNET_SET_PASSWORD_SAMR_HANDLE_18,
+	LIBNET_SET_PASSWORD_KRB5,
+	LIBNET_SET_PASSWORD_LDAP,
+	LIBNET_SET_PASSWORD_RAP
+};
+
+union libnet_SetPassword {
+	struct {
+		enum libnet_SetPassword_level level;
+		enum libnet_SetPassword_level samr_level;
+
+		struct _libnet_SetPassword_in {
+			const char *account_name;
+			const char *domain_name;
+			const char *newpassword;
+		} in;
+
+		struct _libnet_SetPassword_out {
+			const char *error_string;
+		} out;
+	} generic;
+
+	struct {
+		enum libnet_SetPassword_level level;
+		enum libnet_SetPassword_level samr_level;
+		struct _libnet_SetPassword_samr_handle_in {
+			const char           *account_name; /* for debug only */
+			struct policy_handle *user_handle;
+			struct dcerpc_pipe   *dcerpc_pipe;
+			const char           *newpassword;
+			struct samr_UserInfo21 *info21; /* can be NULL,
+			                                 * for level 26,24 it must be NULL
+			                                 * for level 25,23 it must be non-NULL
+							 */
+		} in;
+		struct _libnet_SetPassword_out out;
+	} samr_handle;
+
+	struct {
+		enum libnet_SetPassword_level level;
+		enum libnet_SetPassword_level samr_level;
+		struct _libnet_SetPassword_in in;
+		struct _libnet_SetPassword_out out;
+	} samr;
+
+	struct {
+		enum libnet_SetPassword_level level;
+		enum libnet_SetPassword_level samr_level;
+		struct _libnet_SetPassword_in in;
+		struct _libnet_SetPassword_out out;
+	} krb5;
+
+	struct {
+		enum libnet_SetPassword_level level;
+		enum libnet_SetPassword_level samr_level;
+		struct _libnet_SetPassword_in in;
+		struct _libnet_SetPassword_out out;
+	} ldap;
+
+	struct {
+		enum libnet_ChangePassword_level level;
+		enum libnet_SetPassword_level samr_level;
+		struct _libnet_SetPassword_in in;
+		struct _libnet_SetPassword_out out;
+	} rap;
+};
diff --git a/source4/libnet/libnet_rpc.c b/source4/libnet/libnet_rpc.c
new file mode 100644
index 0000000..91c538f
--- /dev/null
+++ b/source4/libnet/libnet_rpc.c
@@ -0,0 +1,1037 @@
+/* 
+   Unix SMB/CIFS implementation.
+   
+   Copyright (C) Stefan Metzmacher  2004
+   Copyright (C) Rafal Szczesniak   2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libnet/libnet.h"
+#include "libcli/libcli.h"
+#include "libcli/composite/composite.h"
+#include "librpc/rpc/dcerpc_proto.h"
+#include "librpc/gen_ndr/ndr_lsa_c.h"
+#include "librpc/gen_ndr/ndr_samr.h"
+#include "auth/credentials/credentials.h"
+
+struct rpc_connect_srv_state {
+	struct libnet_context *ctx;
+	struct libnet_RpcConnect r;
+	const char *binding;
+
+	/* information about the progress */
+	void (*monitor_fn)(struct monitor_msg*);
+};
+
+
+static void continue_pipe_connect(struct composite_context *ctx);
+
+
+/**
+ * Initiates connection to rpc pipe on remote server
+ * 
+ * @param ctx initialised libnet context
+ * @param mem_ctx memory context of this call
+ * @param r data structure containing necessary parameters and return values
+ * @return composite context of this call
+ **/
+
+static struct composite_context* libnet_RpcConnectSrv_send(struct libnet_context *ctx,
+							   TALLOC_CTX *mem_ctx,
+							   struct libnet_RpcConnect *r,
+							   void (*monitor)(struct monitor_msg*))
+{
+	struct composite_context *c;	
+	struct rpc_connect_srv_state *s;
+	struct dcerpc_binding *b;
+	struct composite_context *pipe_connect_req;
+
+	/* composite context allocation and setup */
+	c = composite_create(ctx, ctx->event_ctx);
+	if (c == NULL) return c;
+
+	s = talloc_zero(c, struct rpc_connect_srv_state);
+	if (composite_nomem(s, c)) return c;
+
+	c->private_data = s;
+	s->monitor_fn   = monitor;
+
+	s->ctx = ctx;
+	s->r = *r;
+	ZERO_STRUCT(s->r.out);
+
+	/* prepare binding string */
+	switch (r->level) {
+	case LIBNET_RPC_CONNECT_SERVER:
+		s->binding = talloc_asprintf(s, "ncacn_np:%s", r->in.name);
+		break;
+	case LIBNET_RPC_CONNECT_SERVER_ADDRESS:
+		s->binding = talloc_asprintf(s, "ncacn_np:%s[target_hostname=%s]",
+					     r->in.address, r->in.name);
+		break;
+
+	case LIBNET_RPC_CONNECT_BINDING:
+		s->binding = talloc_strdup(s, r->in.binding);
+		break;
+
+	case LIBNET_RPC_CONNECT_DC:
+	case LIBNET_RPC_CONNECT_PDC:
+		/* this should never happen - DC and PDC level has a separate
+		   composite function */
+	case LIBNET_RPC_CONNECT_DC_INFO:
+		/* this should never happen - DC_INFO level has a separate
+		   composite function */
+		composite_error(c, NT_STATUS_INVALID_LEVEL);
+		return c;
+	}
+
+	/* parse binding string to the structure */
+	c->status = dcerpc_parse_binding(c, s->binding, &b);
+	if (!NT_STATUS_IS_OK(c->status)) {
+		DEBUG(0, ("Failed to parse dcerpc binding '%s'\n", s->binding));
+		composite_error(c, c->status);
+		return c;
+	}
+
+	switch (r->level) {
+	case LIBNET_RPC_CONNECT_SERVER:
+	case LIBNET_RPC_CONNECT_SERVER_ADDRESS:
+		c->status = dcerpc_binding_set_flags(b, r->in.dcerpc_flags, 0);
+		if (!composite_is_ok(c)) return c;
+		break;
+	default:
+		/* other types have already been checked before */
+		break;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		c->status = dcerpc_binding_set_flags(b, DCERPC_DEBUG_PRINT_BOTH, 0);
+		if (!composite_is_ok(c)) return c;
+	}
+
+	/* connect to remote dcerpc pipe */
+	pipe_connect_req = dcerpc_pipe_connect_b_send(c, b, r->in.dcerpc_iface,
+						      ctx->cred, c->event_ctx,
+						      ctx->lp_ctx);
+	if (composite_nomem(pipe_connect_req, c)) return c;
+
+	composite_continue(c, pipe_connect_req, continue_pipe_connect, c);
+	return c;
+}
+
+
+/*
+  Step 2 of RpcConnectSrv - get rpc connection
+*/
+static void continue_pipe_connect(struct composite_context *ctx)
+{
+	struct composite_context *c;
+	struct rpc_connect_srv_state *s;
+
+	c = talloc_get_type(ctx->async.private_data, struct composite_context);
+	s = talloc_get_type(c->private_data, struct rpc_connect_srv_state);
+
+	/* receive result of rpc pipe connection */
+	c->status = dcerpc_pipe_connect_b_recv(ctx, c, &s->r.out.dcerpc_pipe);
+	
+	/* post monitor message */
+	if (s->monitor_fn) {
+		struct monitor_msg msg;
+		struct msg_net_rpc_connect data;
+		const struct dcerpc_binding *b = s->r.out.dcerpc_pipe->binding;
+
+		/* prepare monitor message and post it */
+		data.host        = dcerpc_binding_get_string_option(b, "host");
+		data.endpoint    = dcerpc_binding_get_string_option(b, "endpoint");
+		data.transport   = dcerpc_binding_get_transport(b);
+		data.domain_name = dcerpc_binding_get_string_option(b, "target_hostname");
+
+		msg.type      = mon_NetRpcConnect;
+		msg.data      = (void*)&data;
+		msg.data_size = sizeof(data);
+		s->monitor_fn(&msg);
+	}
+
+	composite_done(c);	
+}
+
+
+/**
+ * Receives result of connection to rpc pipe on remote server
+ *
+ * @param c composite context
+ * @param ctx initialised libnet context
+ * @param mem_ctx memory context of this call
+ * @param r data structure containing necessary parameters and return values
+ * @return nt status of rpc connection
+ **/
+
+static NTSTATUS libnet_RpcConnectSrv_recv(struct composite_context *c,
+					  struct libnet_context *ctx,
+					  TALLOC_CTX *mem_ctx,
+					  struct libnet_RpcConnect *r)
+{
+	NTSTATUS status;
+
+	status = composite_wait(c);
+	if (NT_STATUS_IS_OK(status)) {
+		struct rpc_connect_srv_state *s;
+
+		/* move the returned rpc pipe between memory contexts */
+		s = talloc_get_type(c->private_data, struct rpc_connect_srv_state);
+		r->out.dcerpc_pipe = talloc_steal(mem_ctx, s->r.out.dcerpc_pipe);
+
+		/* reference created pipe structure to long-term libnet_context
+		   so that it can be used by other api functions even after short-term
+		   mem_ctx is freed */
+		if (r->in.dcerpc_iface == &ndr_table_samr) {
+			ctx->samr.pipe = talloc_reference(ctx, r->out.dcerpc_pipe);
+			ctx->samr.samr_handle = ctx->samr.pipe->binding_handle;
+
+		} else if (r->in.dcerpc_iface == &ndr_table_lsarpc) {
+			ctx->lsa.pipe = talloc_reference(ctx, r->out.dcerpc_pipe);
+			ctx->lsa.lsa_handle = ctx->lsa.pipe->binding_handle;
+		}
+
+		r->out.error_string = talloc_strdup(mem_ctx, "Success");
+
+	} else {
+		r->out.error_string = talloc_asprintf(mem_ctx, "Error: %s", nt_errstr(status));
+	}
+
+	talloc_free(c);
+	return status;
+}
+
+
+struct rpc_connect_dc_state {
+	struct libnet_context *ctx;
+	struct libnet_RpcConnect r;
+	struct libnet_RpcConnect r2;
+	struct libnet_LookupDCs f;
+	const char *connect_name;
+
+	/* information about the progress */
+	void (*monitor_fn)(struct monitor_msg *);
+};
+
+
+static void continue_lookup_dc(struct tevent_req *req);
+static void continue_rpc_connect(struct composite_context *ctx);
+
+
+/**
+ * Initiates connection to rpc pipe on domain pdc
+ * 
+ * @param ctx initialised libnet context
+ * @param mem_ctx memory context of this call
+ * @param r data structure containing necessary parameters and return values
+ * @return composite context of this call
+ **/
+
+static struct composite_context* libnet_RpcConnectDC_send(struct libnet_context *ctx,
+							  TALLOC_CTX *mem_ctx,
+							  struct libnet_RpcConnect *r,
+							  void (*monitor)(struct monitor_msg *msg))
+{
+	struct composite_context *c;
+	struct rpc_connect_dc_state *s;
+	struct tevent_req *lookup_dc_req;
+
+	/* composite context allocation and setup */
+	c = composite_create(ctx, ctx->event_ctx);
+	if (c == NULL) return c;
+
+	s = talloc_zero(c, struct rpc_connect_dc_state);
+	if (composite_nomem(s, c)) return c;
+
+	c->private_data = s;
+	s->monitor_fn   = monitor;
+
+	s->ctx = ctx;
+	s->r   = *r;
+	ZERO_STRUCT(s->r.out);
+
+	switch (r->level) {
+	case LIBNET_RPC_CONNECT_PDC:
+		s->f.in.name_type = NBT_NAME_PDC;
+		break;
+
+	case LIBNET_RPC_CONNECT_DC:
+		s->f.in.name_type = NBT_NAME_LOGON;
+		break;
+
+	default:
+		break;
+	}
+
+	s->f.in.domain_name = r->in.name;
+	s->f.out.num_dcs    = 0;
+	s->f.out.dcs        = NULL;
+
+	/* find the domain pdc first */
+	lookup_dc_req = libnet_LookupDCs_send(ctx, c, &s->f);
+	if (composite_nomem(lookup_dc_req, c)) return c;
+
+	tevent_req_set_callback(lookup_dc_req, continue_lookup_dc, c);
+	return c;
+}
+
+
+/*
+  Step 2 of RpcConnectDC: get domain controller name and
+  initiate RpcConnect to it
+*/
+static void continue_lookup_dc(struct tevent_req *req)
+{
+	struct composite_context *c;
+	struct rpc_connect_dc_state *s;
+	struct composite_context *rpc_connect_req;
+	struct monitor_msg msg;
+	struct msg_net_lookup_dc data;
+
+	c = tevent_req_callback_data(req, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct rpc_connect_dc_state);
+	
+	/* receive result of domain controller lookup */
+	c->status = libnet_LookupDCs_recv(req, c, &s->f);
+	if (!composite_is_ok(c)) return;
+
+	/* decide on preferred address type depending on DC type */
+	s->connect_name = s->f.out.dcs[0].name;
+
+	/* post monitor message */
+	if (s->monitor_fn) {
+		/* prepare a monitor message and post it */
+		data.domain_name = s->f.in.domain_name;
+		data.hostname    = s->f.out.dcs[0].name;
+		data.address     = s->f.out.dcs[0].address;
+		
+		msg.type         = mon_NetLookupDc;
+		msg.data         = &data;
+		msg.data_size    = sizeof(data);
+		s->monitor_fn(&msg);
+	}
+
+	/* ok, pdc has been found so do attempt to rpc connect */
+	s->r2.level	       = LIBNET_RPC_CONNECT_SERVER_ADDRESS;
+
+	/* this will cause yet another name resolution, but at least
+	 * we pass the right name down the stack now */
+	s->r2.in.name          = talloc_strdup(s, s->connect_name);
+	s->r2.in.address       = talloc_steal(s, s->f.out.dcs[0].address);
+	s->r2.in.dcerpc_iface  = s->r.in.dcerpc_iface;	
+	s->r2.in.dcerpc_flags  = s->r.in.dcerpc_flags;
+
+	/* send rpc connect request to the server */
+	rpc_connect_req = libnet_RpcConnectSrv_send(s->ctx, c, &s->r2, s->monitor_fn);
+	if (composite_nomem(rpc_connect_req, c)) return;
+
+	composite_continue(c, rpc_connect_req, continue_rpc_connect, c);
+}
+
+
+/*
+  Step 3 of RpcConnectDC: get rpc connection to the server
+*/
+static void continue_rpc_connect(struct composite_context *ctx)
+{
+	struct composite_context *c;
+	struct rpc_connect_dc_state *s;
+
+	c = talloc_get_type(ctx->async.private_data, struct composite_context);
+	s = talloc_get_type(c->private_data, struct rpc_connect_dc_state);
+
+	c->status = libnet_RpcConnectSrv_recv(ctx, s->ctx, c, &s->r2);
+
+	/* error string is to be passed anyway */
+	s->r.out.error_string  = s->r2.out.error_string;
+	if (!composite_is_ok(c)) return;
+
+	s->r.out.dcerpc_pipe = s->r2.out.dcerpc_pipe;
+	
+	/* post monitor message */
+	if (s->monitor_fn) {
+		struct monitor_msg msg;
+		struct msg_net_rpc_connect data;
+		const struct dcerpc_binding *b = s->r.out.dcerpc_pipe->binding;
+
+		data.host        = dcerpc_binding_get_string_option(b, "host");
+		data.endpoint    = dcerpc_binding_get_string_option(b, "endpoint");
+		data.transport   = dcerpc_binding_get_transport(b);
+		data.domain_name = dcerpc_binding_get_string_option(b, "target_hostname");
+
+		msg.type      = mon_NetRpcConnect;
+		msg.data      = (void*)&data;
+		msg.data_size = sizeof(data);
+		s->monitor_fn(&msg);
+	}
+
+	composite_done(c);
+}
+
+
+/**
+ * Receives result of connection to rpc pipe on domain pdc
+ *
+ * @param c composite context
+ * @param ctx initialised libnet context
+ * @param mem_ctx memory context of this call
+ * @param r data structure containing necessary parameters and return values
+ * @return nt status of rpc connection
+ **/
+
+static NTSTATUS libnet_RpcConnectDC_recv(struct composite_context *c,
+					 struct libnet_context *ctx,
+					 TALLOC_CTX *mem_ctx,
+					 struct libnet_RpcConnect *r)
+{
+	NTSTATUS status;
+	struct rpc_connect_dc_state *s = talloc_get_type(c->private_data,
+					 struct rpc_connect_dc_state);
+
+	status = composite_wait(c);
+	if (NT_STATUS_IS_OK(status)) {
+		/* move connected rpc pipe between memory contexts 
+		   
+		   The use of talloc_reparent(talloc_parent(), ...) is
+		   bizarre, but it is needed because of the absolutely
+		   atrocious use of talloc in this code. We need to
+		   force the original parent to change, but finding
+		   the original parent is well nigh impossible at this
+		   point in the code (yes, I tried).
+		 */
+		r->out.dcerpc_pipe = talloc_reparent(talloc_parent(s->r.out.dcerpc_pipe), 
+						     mem_ctx, s->r.out.dcerpc_pipe);
+
+		/* reference created pipe structure to long-term libnet_context
+		   so that it can be used by other api functions even after short-term
+		   mem_ctx is freed */
+		if (r->in.dcerpc_iface == &ndr_table_samr) {
+			ctx->samr.pipe = talloc_reference(ctx, r->out.dcerpc_pipe);
+			ctx->samr.samr_handle = ctx->samr.pipe->binding_handle;
+		} else if (r->in.dcerpc_iface == &ndr_table_lsarpc) {
+			ctx->lsa.pipe = talloc_reference(ctx, r->out.dcerpc_pipe);
+			ctx->lsa.lsa_handle = ctx->lsa.pipe->binding_handle;
+		}
+
+	} else {
+		r->out.error_string = talloc_asprintf(mem_ctx,
+						      "Failed to rpc connect: %s",
+						      nt_errstr(status));
+	}
+
+	talloc_free(c);
+	return status;
+}
+
+
+
+struct rpc_connect_dci_state {
+	struct libnet_context *ctx;
+	struct libnet_RpcConnect r;
+	struct libnet_RpcConnect rpc_conn;
+	struct policy_handle lsa_handle;
+	struct lsa_QosInfo qos;
+	struct lsa_ObjectAttribute attr;
+	struct lsa_OpenPolicy2 lsa_open_policy;
+	struct dcerpc_pipe *lsa_pipe;
+	struct lsa_QueryInfoPolicy2 lsa_query_info2;
+	struct lsa_QueryInfoPolicy lsa_query_info;
+	struct dcerpc_binding *final_binding;
+	struct dcerpc_pipe *final_pipe;
+
+	/* information about the progress */
+	void (*monitor_fn)(struct monitor_msg*);
+};
+
+
+static void continue_dci_rpc_connect(struct composite_context *ctx);
+static void continue_lsa_policy(struct tevent_req *subreq);
+static void continue_lsa_query_info(struct tevent_req *subreq);
+static void continue_lsa_query_info2(struct tevent_req *subreq);
+static void continue_epm_map_binding(struct composite_context *ctx);
+static void continue_secondary_conn(struct composite_context *ctx);
+static void continue_epm_map_binding_send(struct composite_context *c);
+
+
+/**
+ * Initiates connection to rpc pipe on remote server or pdc. Received result
+ * contains info on the domain name, domain sid and realm.
+ * 
+ * @param ctx initialised libnet context
+ * @param mem_ctx memory context of this call
+ * @param r data structure containing necessary parameters and return values. Must be a talloc context
+ * @return composite context of this call
+ **/
+
+static struct composite_context* libnet_RpcConnectDCInfo_send(struct libnet_context *ctx,
+							      TALLOC_CTX *mem_ctx,
+							      struct libnet_RpcConnect *r,
+							      void (*monitor)(struct monitor_msg*))
+{
+	struct composite_context *c, *conn_req;
+	struct rpc_connect_dci_state *s;
+
+	/* composite context allocation and setup */
+	c = composite_create(ctx, ctx->event_ctx);
+	if (c == NULL) return c;
+
+	s = talloc_zero(c, struct rpc_connect_dci_state);
+	if (composite_nomem(s, c)) return c;
+
+	c->private_data = s;
+	s->monitor_fn   = monitor;
+
+	s->ctx = ctx;
+	s->r   = *r;
+	ZERO_STRUCT(s->r.out);
+
+
+	/* proceed to pure rpc connection if the binding string is provided,
+	   otherwise try to connect domain controller */
+	if (r->in.binding == NULL) {
+		/* Pass on any binding flags (such as anonymous fallback) that have been set */
+		s->rpc_conn.in.dcerpc_flags = r->in.dcerpc_flags;
+
+		s->rpc_conn.in.name         = r->in.name;
+		s->rpc_conn.level           = LIBNET_RPC_CONNECT_DC;
+	} else {
+		s->rpc_conn.in.binding      = r->in.binding;
+		s->rpc_conn.level           = LIBNET_RPC_CONNECT_BINDING;
+	}
+
+	/* we need to query information on lsarpc interface first */
+	s->rpc_conn.in.dcerpc_iface    = &ndr_table_lsarpc;
+	
+	/* request connection to the lsa pipe on the pdc */
+	conn_req = libnet_RpcConnect_send(ctx, c, &s->rpc_conn, s->monitor_fn);
+	if (composite_nomem(c, conn_req)) return c;
+
+	composite_continue(c, conn_req, continue_dci_rpc_connect, c);
+	return c;
+}
+
+
+/*
+  Step 2 of RpcConnectDCInfo: receive opened rpc pipe and open
+  lsa policy handle
+*/
+static void continue_dci_rpc_connect(struct composite_context *ctx)
+{
+	struct composite_context *c;
+	struct rpc_connect_dci_state *s;
+	struct tevent_req *subreq;
+	enum dcerpc_transport_t transport;
+
+	c = talloc_get_type(ctx->async.private_data, struct composite_context);
+	s = talloc_get_type(c->private_data, struct rpc_connect_dci_state);
+
+	c->status = libnet_RpcConnect_recv(ctx, s->ctx, c, &s->rpc_conn);
+	if (!NT_STATUS_IS_OK(c->status)) {
+		composite_error(c, c->status);
+		return;
+	}
+
+	/* post monitor message */
+	if (s->monitor_fn) {
+		struct monitor_msg msg;
+		struct msg_net_rpc_connect data;
+		const struct dcerpc_binding *b = s->r.out.dcerpc_pipe->binding;
+
+		data.host        = dcerpc_binding_get_string_option(b, "host");
+		data.endpoint    = dcerpc_binding_get_string_option(b, "endpoint");
+		data.transport   = dcerpc_binding_get_transport(b);
+		data.domain_name = dcerpc_binding_get_string_option(b, "target_hostname");
+
+		msg.type      = mon_NetRpcConnect;
+		msg.data      = (void*)&data;
+		msg.data_size = sizeof(data);
+		s->monitor_fn(&msg);
+	}
+
+	/* prepare to open a policy handle on lsa pipe */
+	s->lsa_pipe = s->ctx->lsa.pipe;
+	
+	s->qos.len                 = 0;
+	s->qos.impersonation_level = 2;
+	s->qos.context_mode        = 1;
+	s->qos.effective_only      = 0;
+
+	s->attr.sec_qos = &s->qos;
+
+	transport = dcerpc_binding_get_transport(s->lsa_pipe->binding);
+	if (transport == NCACN_IP_TCP) {
+		/*
+		 * Skip to creating the actual connection. We can't open a
+		 * policy handle over tcpip.
+		 */
+		continue_epm_map_binding_send(c);
+		return;
+	}
+
+	s->lsa_open_policy.in.attr        = &s->attr;
+	s->lsa_open_policy.in.system_name = talloc_asprintf(c, "\\");
+	if (composite_nomem(s->lsa_open_policy.in.system_name, c)) return;
+
+	s->lsa_open_policy.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	s->lsa_open_policy.out.handle     = &s->lsa_handle;
+
+	subreq = dcerpc_lsa_OpenPolicy2_r_send(s, c->event_ctx,
+					       s->lsa_pipe->binding_handle,
+					       &s->lsa_open_policy);
+	if (composite_nomem(subreq, c)) return;
+
+	tevent_req_set_callback(subreq, continue_lsa_policy, c);
+}
+
+
+/*
+  Step 3 of RpcConnectDCInfo: Get policy handle and query lsa info
+  for kerberos realm (dns name) and guid. The query may fail.
+*/
+static void continue_lsa_policy(struct tevent_req *subreq)
+{
+	struct composite_context *c;
+	struct rpc_connect_dci_state *s;
+
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type(c->private_data, struct rpc_connect_dci_state);
+
+	c->status = dcerpc_lsa_OpenPolicy2_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(c->status)) {
+		composite_error(c, c->status);
+		return;
+	}
+
+	if (NT_STATUS_EQUAL(s->lsa_open_policy.out.result, NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED)) {
+		s->r.out.realm = NULL;
+		s->r.out.guid  = NULL;
+		s->r.out.domain_name = NULL;
+		s->r.out.domain_sid  = NULL;
+
+		/* Skip to the creating the actual connection, no info available on this transport */
+		continue_epm_map_binding_send(c);
+		return;
+
+	} else if (!NT_STATUS_IS_OK(s->lsa_open_policy.out.result)) {
+		composite_error(c, s->lsa_open_policy.out.result);
+		return;
+	}
+
+	/* post monitor message */
+	if (s->monitor_fn) {
+		struct monitor_msg msg;
+
+		msg.type      = mon_LsaOpenPolicy;
+		msg.data      = NULL;
+		msg.data_size = 0;
+		s->monitor_fn(&msg);
+	}
+
+	/* query lsa info for dns domain name and guid */
+	s->lsa_query_info2.in.handle = &s->lsa_handle;
+	s->lsa_query_info2.in.level  = LSA_POLICY_INFO_DNS;
+	s->lsa_query_info2.out.info  = talloc_zero(c, union lsa_PolicyInformation *);
+	if (composite_nomem(s->lsa_query_info2.out.info, c)) return;
+
+	subreq = dcerpc_lsa_QueryInfoPolicy2_r_send(s, c->event_ctx,
+						    s->lsa_pipe->binding_handle,
+						    &s->lsa_query_info2);
+	if (composite_nomem(subreq, c)) return;
+
+	tevent_req_set_callback(subreq, continue_lsa_query_info2, c);
+}
+
+
+/*
+  Step 4 of RpcConnectDCInfo: Get realm and guid if provided (rpc call
+  may result in failure) and query lsa info for domain name and sid.
+*/
+static void continue_lsa_query_info2(struct tevent_req *subreq)
+{	
+	struct composite_context *c;
+	struct rpc_connect_dci_state *s;
+
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type(c->private_data, struct rpc_connect_dci_state);
+
+	c->status = dcerpc_lsa_QueryInfoPolicy2_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	
+	/* In case of error just null the realm and guid and proceed
+	   to the next step. After all, it doesn't have to be AD domain
+	   controller we talking to - NT-style PDC also counts */
+
+	if (NT_STATUS_EQUAL(c->status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) {
+		s->r.out.realm = NULL;
+		s->r.out.guid  = NULL;
+
+	} else {
+		if (!NT_STATUS_IS_OK(c->status)) {
+			s->r.out.error_string = talloc_asprintf(c,
+								"lsa_QueryInfoPolicy2 failed: %s",
+								nt_errstr(c->status));
+			composite_error(c, c->status);
+			return;
+		}
+
+		if (!NT_STATUS_IS_OK(s->lsa_query_info2.out.result)) {
+			s->r.out.error_string = talloc_asprintf(c,
+								"lsa_QueryInfoPolicy2 failed: %s",
+								nt_errstr(s->lsa_query_info2.out.result));
+			composite_error(c, s->lsa_query_info2.out.result);
+			return;
+		}
+
+		/* Copy the dns domain name and guid from the query result */
+
+		/* this should actually be a conversion from lsa_StringLarge */
+		s->r.out.realm = (*s->lsa_query_info2.out.info)->dns.dns_domain.string;
+		s->r.out.guid  = talloc(c, struct GUID);
+		if (composite_nomem(s->r.out.guid, c)) {
+			s->r.out.error_string = NULL;
+			return;
+		}
+		*s->r.out.guid = (*s->lsa_query_info2.out.info)->dns.domain_guid;
+	}
+
+	/* post monitor message */
+	if (s->monitor_fn) {
+		struct monitor_msg msg;
+		
+		msg.type      = mon_LsaQueryPolicy;
+		msg.data      = NULL;
+		msg.data_size = 0;
+		s->monitor_fn(&msg);
+	}
+
+	/* query lsa info for domain name and sid */
+	s->lsa_query_info.in.handle = &s->lsa_handle;
+	s->lsa_query_info.in.level  = LSA_POLICY_INFO_DOMAIN;
+	s->lsa_query_info.out.info  = talloc_zero(c, union lsa_PolicyInformation *);
+	if (composite_nomem(s->lsa_query_info.out.info, c)) return;
+
+	subreq = dcerpc_lsa_QueryInfoPolicy_r_send(s, c->event_ctx,
+						   s->lsa_pipe->binding_handle,
+						   &s->lsa_query_info);
+	if (composite_nomem(subreq, c)) return;
+
+	tevent_req_set_callback(subreq, continue_lsa_query_info, c);
+}
+
+
+/*
+  Step 5 of RpcConnectDCInfo: Get domain name and sid
+*/
+static void continue_lsa_query_info(struct tevent_req *subreq)
+{
+	struct composite_context *c;
+	struct rpc_connect_dci_state *s;
+
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type(c->private_data, struct rpc_connect_dci_state);
+
+	c->status = dcerpc_lsa_QueryInfoPolicy_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(c->status)) {
+		s->r.out.error_string = talloc_asprintf(c,
+							"lsa_QueryInfoPolicy failed: %s",
+							nt_errstr(c->status));
+		composite_error(c, c->status);
+		return;
+	}
+
+	/* post monitor message */
+	if (s->monitor_fn) {
+		struct monitor_msg msg;
+		
+		msg.type      = mon_LsaQueryPolicy;
+		msg.data      = NULL;
+		msg.data_size = 0;
+		s->monitor_fn(&msg);
+	}
+
+	/* Copy the domain name and sid from the query result */
+	s->r.out.domain_sid  = (*s->lsa_query_info.out.info)->domain.sid;
+	s->r.out.domain_name = (*s->lsa_query_info.out.info)->domain.name.string;
+
+	continue_epm_map_binding_send(c);
+}
+
+/* 
+   Step 5 (continued) of RpcConnectDCInfo: request endpoint
+   map binding.
+
+   We may short-cut to this step if we don't support LSA OpenPolicy on this transport
+*/
+static void continue_epm_map_binding_send(struct composite_context *c)
+{
+	struct rpc_connect_dci_state *s;
+	struct composite_context *epm_map_req;
+	struct cli_credentials *epm_creds = NULL;
+
+	s = talloc_get_type(c->private_data, struct rpc_connect_dci_state);
+
+	/* prepare to get endpoint mapping for the requested interface */
+	s->final_binding = dcerpc_binding_dup(s, s->lsa_pipe->binding);
+	if (composite_nomem(s->final_binding, c)) return;
+
+	/*
+	 * We don't want to inherit the assoc_group_id from the
+	 * lsa_pipe here!
+	 */
+	dcerpc_binding_set_assoc_group_id(s->final_binding, 0);
+
+	epm_creds = cli_credentials_init_anon(s);
+	if (composite_nomem(epm_creds, c)) return;
+
+	epm_map_req = dcerpc_epm_map_binding_send(c, s->final_binding, s->r.in.dcerpc_iface,
+						  epm_creds,
+						  s->ctx->event_ctx, s->ctx->lp_ctx);
+	if (composite_nomem(epm_map_req, c)) return;
+
+	composite_continue(c, epm_map_req, continue_epm_map_binding, c);
+}
+
+/*
+  Step 6 of RpcConnectDCInfo: Receive endpoint mapping and create secondary
+  rpc connection derived from already used pipe but connected to the requested
+  one (as specified in libnet_RpcConnect structure)
+*/
+static void continue_epm_map_binding(struct composite_context *ctx)
+{
+	struct composite_context *c, *sec_conn_req;
+	struct rpc_connect_dci_state *s;
+
+	c = talloc_get_type(ctx->async.private_data, struct composite_context);
+	s = talloc_get_type(c->private_data, struct rpc_connect_dci_state);
+
+	c->status = dcerpc_epm_map_binding_recv(ctx);
+	if (!NT_STATUS_IS_OK(c->status)) {
+		s->r.out.error_string = talloc_asprintf(c,
+							"failed to map pipe with endpoint mapper - %s",
+							nt_errstr(c->status));
+		composite_error(c, c->status);
+		return;
+	}
+
+	/* create secondary connection derived from lsa pipe */
+	sec_conn_req = dcerpc_secondary_auth_connection_send(s->lsa_pipe,
+							     s->final_binding,
+							     s->r.in.dcerpc_iface,
+							     s->ctx->cred,
+							     s->ctx->lp_ctx);
+	if (composite_nomem(sec_conn_req, c)) return;
+
+	composite_continue(c, sec_conn_req, continue_secondary_conn, c);
+}
+
+
+/*
+  Step 7 of RpcConnectDCInfo: Get actual pipe to be returned
+  and complete this composite call
+*/
+static void continue_secondary_conn(struct composite_context *ctx)
+{
+	struct composite_context *c;
+	struct rpc_connect_dci_state *s;
+
+	c = talloc_get_type(ctx->async.private_data, struct composite_context);
+	s = talloc_get_type(c->private_data, struct rpc_connect_dci_state);
+
+	c->status = dcerpc_secondary_auth_connection_recv(ctx, s->lsa_pipe,
+							  &s->final_pipe);
+	if (!NT_STATUS_IS_OK(c->status)) {
+		s->r.out.error_string = talloc_asprintf(c,
+							"secondary connection failed: %s",
+							nt_errstr(c->status));
+		
+		composite_error(c, c->status);
+		return;
+	}
+
+	s->r.out.dcerpc_pipe = s->final_pipe;
+
+	/* post monitor message */
+	if (s->monitor_fn) {
+		struct monitor_msg msg;
+		struct msg_net_rpc_connect data;
+		const struct dcerpc_binding *b = s->r.out.dcerpc_pipe->binding;
+
+		/* prepare monitor message and post it */
+		data.host        = dcerpc_binding_get_string_option(b, "host");
+		data.endpoint    = dcerpc_binding_get_string_option(b, "endpoint");
+		data.transport   = dcerpc_binding_get_transport(b);
+		data.domain_name = dcerpc_binding_get_string_option(b, "target_hostname");
+
+		msg.type      = mon_NetRpcConnect;
+		msg.data      = (void*)&data;
+		msg.data_size = sizeof(data);
+		s->monitor_fn(&msg);
+	}
+
+	composite_done(c);
+}
+
+
+/**
+ * Receives result of connection to rpc pipe and gets basic
+ * domain info (name, sid, realm, guid)
+ *
+ * @param c composite context
+ * @param ctx initialised libnet context
+ * @param mem_ctx memory context of this call
+ * @param r data structure containing return values
+ * @return nt status of rpc connection
+ **/
+
+static NTSTATUS libnet_RpcConnectDCInfo_recv(struct composite_context *c, struct libnet_context *ctx,
+					     TALLOC_CTX *mem_ctx, struct libnet_RpcConnect *r)
+{
+	NTSTATUS status;
+	struct rpc_connect_dci_state *s = talloc_get_type(c->private_data,
+					  struct rpc_connect_dci_state);
+
+	status = composite_wait(c);
+	if (NT_STATUS_IS_OK(status)) {
+		r->out.realm        = talloc_steal(mem_ctx, s->r.out.realm);
+		r->out.guid         = talloc_steal(mem_ctx, s->r.out.guid);
+		r->out.domain_name  = talloc_steal(mem_ctx, s->r.out.domain_name);
+		r->out.domain_sid   = talloc_steal(mem_ctx, s->r.out.domain_sid);
+
+		r->out.dcerpc_pipe  = talloc_steal(mem_ctx, s->r.out.dcerpc_pipe);
+
+		/* reference created pipe structure to long-term libnet_context
+		   so that it can be used by other api functions even after short-term
+		   mem_ctx is freed */
+		if (r->in.dcerpc_iface == &ndr_table_samr) {
+			ctx->samr.pipe = talloc_reference(ctx, r->out.dcerpc_pipe);
+			ctx->samr.samr_handle = ctx->samr.pipe->binding_handle;
+
+		} else if (r->in.dcerpc_iface == &ndr_table_lsarpc) {
+			ctx->lsa.pipe = talloc_reference(ctx, r->out.dcerpc_pipe);
+			ctx->lsa.lsa_handle = ctx->lsa.pipe->binding_handle;
+		}
+
+	} else {
+		if (s->r.out.error_string) {
+			r->out.error_string = talloc_steal(mem_ctx, s->r.out.error_string);
+		} else if (r->in.binding == NULL) {
+			r->out.error_string = talloc_asprintf(mem_ctx, "Connection to DC failed: %s", nt_errstr(status));
+		} else {
+			r->out.error_string = talloc_asprintf(mem_ctx, "Connection to DC %s failed: %s", 
+							      r->in.binding, nt_errstr(status));
+		}
+	}
+
+	talloc_free(c);
+	return status;
+}
+
+
+/**
+ * Initiates connection to rpc pipe on remote server or pdc, optionally
+ * providing domain info
+ * 
+ * @param ctx initialised libnet context
+ * @param mem_ctx memory context of this call
+ * @param r data structure containing necessary parameters and return values
+ * @return composite context of this call
+ **/
+
+struct composite_context* libnet_RpcConnect_send(struct libnet_context *ctx,
+						 TALLOC_CTX *mem_ctx,
+						 struct libnet_RpcConnect *r,
+						 void (*monitor)(struct monitor_msg*))
+{
+	struct composite_context *c;
+
+	switch (r->level) {
+	case LIBNET_RPC_CONNECT_SERVER:
+	case LIBNET_RPC_CONNECT_SERVER_ADDRESS:
+	case LIBNET_RPC_CONNECT_BINDING:
+		c = libnet_RpcConnectSrv_send(ctx, mem_ctx, r, monitor);
+		break;
+
+	case LIBNET_RPC_CONNECT_PDC:
+	case LIBNET_RPC_CONNECT_DC:
+		c = libnet_RpcConnectDC_send(ctx, mem_ctx, r, monitor);
+		break;
+
+	case LIBNET_RPC_CONNECT_DC_INFO:
+		c = libnet_RpcConnectDCInfo_send(ctx, mem_ctx, r, monitor);
+		break;
+
+	default:
+		c = talloc_zero(mem_ctx, struct composite_context);
+		composite_error(c, NT_STATUS_INVALID_LEVEL);
+	}
+
+	return c;
+}
+
+
+/**
+ * Receives result of connection to rpc pipe on remote server or pdc
+ *
+ * @param c composite context
+ * @param ctx initialised libnet context
+ * @param mem_ctx memory context of this call
+ * @param r data structure containing necessary parameters and return values
+ * @return nt status of rpc connection
+ **/
+
+NTSTATUS libnet_RpcConnect_recv(struct composite_context *c, struct libnet_context *ctx,
+				TALLOC_CTX *mem_ctx, struct libnet_RpcConnect *r)
+{
+	switch (r->level) {
+	case LIBNET_RPC_CONNECT_SERVER:
+	case LIBNET_RPC_CONNECT_BINDING:
+		return libnet_RpcConnectSrv_recv(c, ctx, mem_ctx, r);
+
+	case LIBNET_RPC_CONNECT_PDC:
+	case LIBNET_RPC_CONNECT_DC:
+		return libnet_RpcConnectDC_recv(c, ctx, mem_ctx, r);
+
+	case LIBNET_RPC_CONNECT_DC_INFO:
+		return libnet_RpcConnectDCInfo_recv(c, ctx, mem_ctx, r);
+
+	default:
+		ZERO_STRUCT(r->out);
+		return NT_STATUS_INVALID_LEVEL;
+	}
+}
+
+
+/**
+ * Connect to a rpc pipe on a remote server - sync version
+ *
+ * @param ctx initialised libnet context
+ * @param mem_ctx memory context of this call
+ * @param r data structure containing necessary parameters and return values
+ * @return nt status of rpc connection
+ **/
+
+NTSTATUS libnet_RpcConnect(struct libnet_context *ctx, TALLOC_CTX *mem_ctx,
+			   struct libnet_RpcConnect *r)
+{
+	struct composite_context *c;
+	
+	c = libnet_RpcConnect_send(ctx, mem_ctx, r, NULL);
+	return libnet_RpcConnect_recv(c, ctx, mem_ctx, r);
+}
diff --git a/source4/libnet/libnet_rpc.h b/source4/libnet/libnet_rpc.h
new file mode 100644
index 0000000..e057c6d
--- /dev/null
+++ b/source4/libnet/libnet_rpc.h
@@ -0,0 +1,73 @@
+/* 
+   Unix SMB/CIFS implementation.
+   
+   Copyright (C) Stefan Metzmacher	2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include "librpc/rpc/dcerpc.h"
+
+/*
+ * struct definition for connecting to a dcerpc interface
+ */
+
+enum libnet_RpcConnect_level {
+	LIBNET_RPC_CONNECT_SERVER,          /* connect to a standalone rpc server */
+	LIBNET_RPC_CONNECT_SERVER_ADDRESS,  /* connect to a standalone rpc server, 
+					       knowing both name and address */
+	LIBNET_RPC_CONNECT_PDC,             /* connect to a domain pdc (resolves domain
+					       name to a pdc address before connecting) */
+	LIBNET_RPC_CONNECT_DC,              /* connect to any DC (resolves domain
+					       name to a DC address before connecting) */
+	LIBNET_RPC_CONNECT_BINDING,         /* specified binding string */
+	LIBNET_RPC_CONNECT_DC_INFO          /* connect to a DC and provide basic domain
+					       information (name, realm, sid, guid) */
+};
+
+struct libnet_RpcConnect {
+	enum libnet_RpcConnect_level level;
+
+	struct {
+		const char *name;
+		const char *address;
+		const char *binding;
+		const struct ndr_interface_table *dcerpc_iface;
+		int dcerpc_flags;
+	} in;
+	struct {
+		struct dcerpc_pipe *dcerpc_pipe;
+		
+		/* parameters provided in LIBNET_RPC_CONNECT_DC_INFO level, null otherwise */
+		const char *domain_name;
+		struct dom_sid *domain_sid;
+		const char *realm;           /* these parameters are only present if */
+		struct GUID *guid;           /* the remote server is known to be AD */
+
+		const char *error_string;
+	} out;
+};
+
+
+/*
+ * Monitor messages sent from libnet_rpc.c functions
+ */
+
+struct msg_net_rpc_connect {
+	const char *host;
+	const char *domain_name;
+	const char *endpoint;
+	enum dcerpc_transport_t transport;
+};
diff --git a/source4/libnet/libnet_samsync.h b/source4/libnet/libnet_samsync.h
new file mode 100644
index 0000000..fb938d0
--- /dev/null
+++ b/source4/libnet/libnet_samsync.h
@@ -0,0 +1,32 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "librpc/gen_ndr/netlogon.h"
+
+struct libnet_SamDump_keytab {
+	struct {
+		const char *binding_string;
+		const char *keytab_name;
+		struct cli_credentials *machine_account;
+	} in;
+	struct {
+		const char *error_string;
+	} out;
+};
+
diff --git a/source4/libnet/libnet_share.c b/source4/libnet/libnet_share.c
new file mode 100644
index 0000000..d8e8240
--- /dev/null
+++ b/source4/libnet/libnet_share.c
@@ -0,0 +1,215 @@
+/* 
+   Unix SMB/CIFS implementation.
+   
+   Copyright (C) Grégory LEOCADIE <gleocadie@idealx.com>
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libnet/libnet.h"
+#include "librpc/gen_ndr/ndr_srvsvc_c.h"
+
+
+NTSTATUS libnet_ListShares(struct libnet_context *ctx, 
+			   TALLOC_CTX *mem_ctx, struct libnet_ListShares *r)
+{
+	NTSTATUS status;
+	struct libnet_RpcConnect c;
+	struct srvsvc_NetShareEnumAll s;
+	struct srvsvc_NetShareInfoCtr info_ctr;
+	uint32_t resume_handle = 0;
+	uint32_t totalentries = 0;
+	struct srvsvc_NetShareCtr0 ctr0;
+	struct srvsvc_NetShareCtr1 ctr1;
+	struct srvsvc_NetShareCtr2 ctr2;
+	struct srvsvc_NetShareCtr501 ctr501;
+	struct srvsvc_NetShareCtr502 ctr502;
+
+	ZERO_STRUCT(c);
+
+	c.level               = LIBNET_RPC_CONNECT_SERVER;
+	c.in.name             = r->in.server_name;
+	c.in.dcerpc_iface     = &ndr_table_srvsvc;
+
+	s.in.server_unc = talloc_asprintf(mem_ctx, "\\\\%s", c.in.name);
+
+	status = libnet_RpcConnect(ctx, mem_ctx, &c);
+	if (!NT_STATUS_IS_OK(status)) {
+		r->out.error_string = talloc_asprintf(mem_ctx,
+						      "Connection to SRVSVC pipe of server %s "
+						      "failed: %s",
+						      r->in.server_name,
+						      nt_errstr(status));
+		return status;
+	}
+
+	info_ctr.level = r->in.level;
+	switch (info_ctr.level) {
+	case 0:
+		info_ctr.ctr.ctr0 = &ctr0;
+		ZERO_STRUCT(ctr0);
+		break;
+	case 1:
+		info_ctr.ctr.ctr1 = &ctr1;
+		ZERO_STRUCT(ctr1);
+		break;
+	case 2:
+		info_ctr.ctr.ctr2 = &ctr2;
+		ZERO_STRUCT(ctr2);
+		break;
+	case 501:
+		info_ctr.ctr.ctr501 = &ctr501;
+		ZERO_STRUCT(ctr501);
+		break;
+	case 502:
+		info_ctr.ctr.ctr502 = &ctr502;
+		ZERO_STRUCT(ctr502);
+		break;
+	default:
+		r->out.error_string = talloc_asprintf(mem_ctx,
+						      "libnet_ListShares: Invalid info level requested: %d",
+						      info_ctr.level);
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+	s.in.max_buffer = ~0;
+	s.in.resume_handle = &resume_handle;
+	s.in.info_ctr = &info_ctr;
+	s.out.info_ctr = &info_ctr;
+	s.out.totalentries = &totalentries;
+
+	status = dcerpc_srvsvc_NetShareEnumAll_r(c.out.dcerpc_pipe->binding_handle, mem_ctx, &s);
+	
+	if (!NT_STATUS_IS_OK(status)) {
+		r->out.error_string = talloc_asprintf(mem_ctx,
+						      "srvsvc_NetShareEnumAll on server '%s' failed"
+						      ": %s",
+						      r->in.server_name, nt_errstr(status));
+		goto disconnect;
+	}
+
+	if (!W_ERROR_IS_OK(s.out.result) && !W_ERROR_EQUAL(s.out.result, WERR_MORE_DATA)) {
+		r->out.error_string = talloc_asprintf(mem_ctx,
+						      "srvsvc_NetShareEnumAll on server '%s' failed: %s",
+						      r->in.server_name, win_errstr(s.out.result));
+		goto disconnect;
+	}
+
+	r->out.ctr = s.out.info_ctr->ctr;
+
+disconnect:
+	talloc_free(c.out.dcerpc_pipe);
+
+	return status;	
+}
+
+
+NTSTATUS libnet_AddShare(struct libnet_context *ctx,
+			 TALLOC_CTX *mem_ctx, struct libnet_AddShare *r)
+{
+	NTSTATUS status;
+	struct libnet_RpcConnect c;
+	struct srvsvc_NetShareAdd s;
+	union srvsvc_NetShareInfo info;
+
+	ZERO_STRUCT(c);
+
+	c.level              = LIBNET_RPC_CONNECT_SERVER;
+	c.in.name            = r->in.server_name;
+	c.in.dcerpc_iface    = &ndr_table_srvsvc;
+
+	status = libnet_RpcConnect(ctx, mem_ctx, &c);
+	if (!NT_STATUS_IS_OK(status)) {
+		r->out.error_string = talloc_asprintf(mem_ctx,
+						      "Connection to SRVSVC pipe of server %s "
+						      "failed: %s",
+						      r->in.server_name, nt_errstr(status));
+		return status;
+	}
+
+	info.info2		= &r->in.share;
+
+	s.in.level 		= 2;
+	s.in.info		= &info;
+	s.in.server_unc		= talloc_asprintf(mem_ctx, "\\\\%s", r->in.server_name);
+ 
+	status = dcerpc_srvsvc_NetShareAdd_r(c.out.dcerpc_pipe->binding_handle, mem_ctx, &s);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		r->out.error_string = talloc_asprintf(mem_ctx,
+						      "srvsvc_NetShareAdd '%s' on server '%s' failed"
+						      ": %s",
+						      r->in.share.name, r->in.server_name, 
+						      nt_errstr(status));
+	} else if (!W_ERROR_IS_OK(s.out.result)) {
+		r->out.error_string = talloc_asprintf(mem_ctx,
+						      "srvsvc_NetShareAdd '%s' on server '%s' failed"
+						      ": %s",
+						      r->in.share.name, r->in.server_name, 
+						      win_errstr(s.out.result));
+		status = werror_to_ntstatus(s.out.result);
+	}
+
+	talloc_free(c.out.dcerpc_pipe);
+	
+	return status;
+}
+
+
+NTSTATUS libnet_DelShare(struct libnet_context *ctx,
+			 TALLOC_CTX *mem_ctx, struct libnet_DelShare *r)
+{
+	NTSTATUS status;
+	struct libnet_RpcConnect c;
+	struct srvsvc_NetShareDel s;
+
+	ZERO_STRUCT(c);
+	ZERO_STRUCT(s);
+
+	c.level               = LIBNET_RPC_CONNECT_SERVER;
+	c.in.name             = r->in.server_name;
+	c.in.dcerpc_iface     = &ndr_table_srvsvc;
+
+	status = libnet_RpcConnect(ctx, mem_ctx, &c);
+	if (!NT_STATUS_IS_OK(status)) {
+		r->out.error_string = talloc_asprintf(mem_ctx,
+						      "Connection to SRVSVC pipe of server %s "
+						      "failed: %s",
+						      r->in.server_name, nt_errstr(status));
+		return status;
+	} 
+		
+	s.in.server_unc = talloc_asprintf(mem_ctx, "\\\\%s", r->in.server_name);
+	s.in.share_name = r->in.share_name;
+
+	status = dcerpc_srvsvc_NetShareDel_r(c.out.dcerpc_pipe->binding_handle, mem_ctx, &s);
+	if (!NT_STATUS_IS_OK(status)) {
+		r->out.error_string = talloc_asprintf(mem_ctx,
+						      "srvsvc_NetShareDel '%s' on server '%s' failed"
+						      ": %s",
+						      r->in.share_name, r->in.server_name, 
+						      nt_errstr(status));
+	} else if (!W_ERROR_IS_OK(s.out.result)) {
+		r->out.error_string = talloc_asprintf(mem_ctx,
+						      "srvsvc_NetShareDel '%s' on server '%s' failed"
+						      ": %s",
+						      r->in.share_name, r->in.server_name, 
+						      win_errstr(s.out.result));
+		status = werror_to_ntstatus(s.out.result);
+	}
+
+	talloc_free(c.out.dcerpc_pipe);
+
+	return status;
+}
diff --git a/source4/libnet/libnet_share.h b/source4/libnet/libnet_share.h
new file mode 100644
index 0000000..3a9bd72
--- /dev/null
+++ b/source4/libnet/libnet_share.h
@@ -0,0 +1,70 @@
+/* 
+   Unix SMB/CIFS implementation.
+   
+   Copyright (C) Grégory LEOCADIE <gleocadie@idealx.com> 
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "librpc/gen_ndr/srvsvc.h"
+
+enum libnet_ListShares_level {
+	LIBNET_LIST_SHARES_GENERIC,
+	LIBNET_LIST_SHARES_SRVSVC
+};
+
+struct libnet_ListShares {
+	struct {
+		const char *server_name;
+		uint32_t *resume_handle;
+		uint32_t level;	
+	} in;
+	struct {
+		const char *error_string;
+		union srvsvc_NetShareCtr ctr;
+		uint32_t *resume_handle;
+	} out;
+};
+
+enum libnet_AddShare_level {
+	LIBNET_ADD_SHARE_GENERIC,
+	LIBNET_ADD_SHARE_SRVSVC
+};
+
+struct libnet_AddShare {
+	enum libnet_AddShare_level level;
+	struct {
+		const char * server_name;
+		struct srvsvc_NetShareInfo2 share;	
+	} in;
+	struct {
+		const char* error_string;
+	} out;
+};
+
+enum libnet_DelShare_level {
+	LIBNET_DEL_SHARE_GENERIC,
+	LIBNET_DEL_SHARE_SRVSVC
+};
+
+struct libnet_DelShare {
+	enum libnet_DelShare_level level;
+	struct {
+		const char *server_name;
+		const char *share_name;
+	} in;
+	struct {
+		const char *error_string;
+	} out;
+};
diff --git a/source4/libnet/libnet_site.c b/source4/libnet/libnet_site.c
new file mode 100644
index 0000000..691e4b2
--- /dev/null
+++ b/source4/libnet/libnet_site.c
@@ -0,0 +1,292 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Brad Henry	2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libnet/libnet.h"
+#include "libcli/cldap/cldap.h"
+#include <ldb.h>
+#include <ldb_errors.h>
+#include "libcli/resolve/resolve.h"
+#include "param/param.h"
+#include "lib/tsocket/tsocket.h"
+
+/**
+ * 1. Setup a CLDAP socket.
+ * 2. Lookup the default Site-Name.
+ */
+NTSTATUS libnet_FindSite(TALLOC_CTX *ctx, struct libnet_context *lctx, struct libnet_JoinSite *r)
+{
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx;
+
+	char *site_name_str;
+	char *config_dn_str;
+	char *server_dn_str;
+
+	struct cldap_socket *cldap = NULL;
+	struct cldap_netlogon search;
+	int ret;
+	struct tsocket_address *dest_address;
+
+	tmp_ctx = talloc_named(ctx, 0, "libnet_FindSite temp context");
+	if (!tmp_ctx) {
+		r->out.error_string = NULL;
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* Resolve the site name. */
+	ZERO_STRUCT(search);
+	search.in.dest_address = NULL;
+	search.in.dest_port = 0;
+	search.in.acct_control = -1;
+	search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
+	search.in.map_response = true;
+
+	ret = tsocket_address_inet_from_strings(tmp_ctx, "ip",
+						r->in.dest_address,
+						r->in.cldap_port,
+						&dest_address);
+	if (ret != 0) {
+		r->out.error_string = NULL;
+		status = map_nt_error_from_unix_common(errno);
+		talloc_free(tmp_ctx);
+		return status;
+	}
+
+	/* we want to use non async calls, so we're not passing an event context */
+	status = cldap_socket_init(tmp_ctx, NULL, dest_address, &cldap);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(tmp_ctx);
+		r->out.error_string = NULL;
+		return status;
+	}
+	status = cldap_netlogon(cldap, tmp_ctx, &search);
+	if (!NT_STATUS_IS_OK(status)
+	    || search.out.netlogon.data.nt5_ex.client_site == NULL
+	    || search.out.netlogon.data.nt5_ex.client_site[0] == '\0') {
+		/*
+		  If cldap_netlogon() returns in error,
+		  default to using Default-First-Site-Name.
+		*/
+		site_name_str = talloc_asprintf(tmp_ctx, "%s",
+						"Default-First-Site-Name");
+		if (!site_name_str) {
+			r->out.error_string = NULL;
+			talloc_free(tmp_ctx);
+			return NT_STATUS_NO_MEMORY;
+		}
+	} else {
+		site_name_str = talloc_asprintf(tmp_ctx, "%s",
+					search.out.netlogon.data.nt5_ex.client_site);
+		if (!site_name_str) {
+			r->out.error_string = NULL;
+			talloc_free(tmp_ctx);
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
+	/* Generate the CN=Configuration,... DN. */
+/* TODO: look it up! */
+	config_dn_str = talloc_asprintf(tmp_ctx, "CN=Configuration,%s", r->in.domain_dn_str);
+	if (!config_dn_str) {
+		r->out.error_string = NULL;
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* Generate the CN=Servers,... DN. */
+	server_dn_str = talloc_asprintf(tmp_ctx, "CN=%s,CN=Servers,CN=%s,CN=Sites,%s",
+						 r->in.netbios_name, site_name_str, config_dn_str);
+	if (!server_dn_str) {
+		r->out.error_string = NULL;
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	r->out.site_name_str = site_name_str;
+	talloc_steal(r, site_name_str);
+
+	r->out.config_dn_str = config_dn_str;
+	talloc_steal(r, config_dn_str);
+
+	r->out.server_dn_str = server_dn_str;
+	talloc_steal(r, server_dn_str);
+
+	talloc_free(tmp_ctx);
+	return NT_STATUS_OK;
+}
+
+/*
+ * find out Site specific stuff:
+ * 1. Lookup the Site name.
+ * 2. Add entry CN=<netbios name>,CN=Servers,CN=<site name>,CN=Sites,CN=Configuration,<domain dn>.
+ * TODO: 3.) use DsAddEntry() to create CN=NTDS Settings,CN=<netbios name>,CN=Servers,CN=<site name>,...
+ */
+NTSTATUS libnet_JoinSite(struct libnet_context *ctx, 
+			 struct ldb_context *remote_ldb,
+			 struct libnet_JoinDomain *libnet_r)
+{
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx;
+
+	struct libnet_JoinSite *r;
+
+	struct ldb_dn *server_dn;
+	struct ldb_message *msg;
+	int rtn;
+
+	const char *server_dn_str;
+	const char *host;
+	struct nbt_name name;
+	const char *dest_addr = NULL;
+
+	tmp_ctx = talloc_named(libnet_r, 0, "libnet_JoinSite temp context");
+	if (!tmp_ctx) {
+		libnet_r->out.error_string = NULL;
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	r = talloc(tmp_ctx, struct libnet_JoinSite);
+	if (!r) {
+		libnet_r->out.error_string = NULL;
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	host = dcerpc_binding_get_string_option(libnet_r->out.samr_binding, "host");
+	make_nbt_name_client(&name, host);
+	status = resolve_name_ex(lpcfg_resolve_context(ctx->lp_ctx),
+				 0, 0,
+				 &name, r, &dest_addr, ctx->event_ctx);
+	if (!NT_STATUS_IS_OK(status)) {
+		libnet_r->out.error_string = NULL;
+		talloc_free(tmp_ctx);
+		return status;
+	}
+
+	/* Resolve the site name and AD DN's. */
+	r->in.dest_address = dest_addr;
+	r->in.netbios_name = libnet_r->in.netbios_name;
+	r->in.domain_dn_str = libnet_r->out.domain_dn_str;
+	r->in.cldap_port = lpcfg_cldap_port(ctx->lp_ctx);
+
+	status = libnet_FindSite(tmp_ctx, ctx, r);
+	if (!NT_STATUS_IS_OK(status)) {
+		libnet_r->out.error_string =
+			talloc_steal(libnet_r, r->out.error_string);
+		talloc_free(tmp_ctx);
+		return status;
+	}
+
+	server_dn_str = r->out.server_dn_str;
+
+	/*
+	 Add entry CN=<netbios name>,CN=Servers,CN=<site name>,CN=Sites,CN=Configuration,<domain dn>.
+	*/
+	msg = ldb_msg_new(tmp_ctx);
+	if (!msg) {
+		libnet_r->out.error_string = NULL;
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	rtn = ldb_msg_add_string(msg, "objectClass", "server");
+	if (rtn != LDB_SUCCESS) {
+		libnet_r->out.error_string = NULL;
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+	rtn = ldb_msg_add_string(msg, "systemFlags", "50000000");
+	if (rtn != LDB_SUCCESS) {
+		libnet_r->out.error_string = NULL;
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+	rtn = ldb_msg_add_string(msg, "serverReference", libnet_r->out.account_dn_str);
+	if (rtn != LDB_SUCCESS) {
+		libnet_r->out.error_string = NULL;
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	server_dn = ldb_dn_new(tmp_ctx, remote_ldb, server_dn_str);
+	if ( ! ldb_dn_validate(server_dn)) {
+		libnet_r->out.error_string = talloc_asprintf(libnet_r,
+					"Invalid server dn: %s",
+					server_dn_str);
+		talloc_free(tmp_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	msg->dn = server_dn;
+
+	rtn = ldb_add(remote_ldb, msg);
+	if (rtn == LDB_ERR_ENTRY_ALREADY_EXISTS) {
+		unsigned int i;
+
+		/* make a 'modify' msg, and only for serverReference */
+		msg = ldb_msg_new(tmp_ctx);
+		if (!msg) {
+			libnet_r->out.error_string = NULL;
+			talloc_free(tmp_ctx);
+			return NT_STATUS_NO_MEMORY;
+		}
+		msg->dn = server_dn;
+
+		rtn = ldb_msg_add_string(msg, "serverReference",libnet_r->out.account_dn_str);
+		if (rtn != LDB_SUCCESS) {
+			libnet_r->out.error_string = NULL;
+			talloc_free(tmp_ctx);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		/* mark all the message elements (should be just one)
+		   as LDB_FLAG_MOD_REPLACE */
+		for (i=0;i<msg->num_elements;i++) {
+			msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
+		}
+
+		rtn = ldb_modify(remote_ldb, msg);
+		if (rtn != LDB_SUCCESS) {
+			libnet_r->out.error_string
+				= talloc_asprintf(libnet_r,
+						  "Failed to modify server entry %s: %s: %d",
+						  server_dn_str,
+						  ldb_errstring(remote_ldb), rtn);
+			talloc_free(tmp_ctx);
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+	} else if (rtn != LDB_SUCCESS) {
+		libnet_r->out.error_string
+			= talloc_asprintf(libnet_r,
+				"Failed to add server entry %s: %s: %d",
+				server_dn_str, ldb_errstring(remote_ldb),
+				rtn);
+		talloc_free(tmp_ctx);
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+	DEBUG(0, ("We still need to perform a DsAddEntry() so that we can create the CN=NTDS Settings container.\n"));
+
+	/* Store the server DN in libnet_r */
+	libnet_r->out.server_dn_str = server_dn_str;
+	talloc_steal(libnet_r, server_dn_str);
+
+	talloc_free(tmp_ctx);
+	return NT_STATUS_OK;
+}
diff --git a/source4/libnet/libnet_site.h b/source4/libnet/libnet_site.h
new file mode 100644
index 0000000..8e607c5
--- /dev/null
+++ b/source4/libnet/libnet_site.h
@@ -0,0 +1,35 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Brad Henry	2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+struct libnet_JoinSite {
+	struct {
+		const char *dest_address;
+		const char *netbios_name;
+		const char *domain_dn_str;
+		uint16_t cldap_port;
+	} in;
+
+	struct {
+		const char *error_string;
+		const char *site_name_str;
+		const char *config_dn_str;
+		const char *server_dn_str;
+	} out;
+};
+
diff --git a/source4/libnet/libnet_time.c b/source4/libnet/libnet_time.c
new file mode 100644
index 0000000..e3b6275
--- /dev/null
+++ b/source4/libnet/libnet_time.c
@@ -0,0 +1,125 @@
+/* 
+   Unix SMB/CIFS implementation.
+   
+   Copyright (C) Stefan Metzmacher	2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libnet/libnet.h"
+#include "system/time.h"
+#include "librpc/gen_ndr/ndr_srvsvc_c.h"
+
+/*
+ * get the remote time of a server via srvsvc_NetRemoteTOD
+ */
+static NTSTATUS libnet_RemoteTOD_srvsvc(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_RemoteTOD *r)
+{
+        NTSTATUS status;
+	struct libnet_RpcConnect c;
+	struct srvsvc_NetRemoteTOD tod;
+	struct srvsvc_NetRemoteTODInfo *info = NULL;
+	struct tm tm;
+
+	ZERO_STRUCT(c);
+
+	/* prepare connect to the SRVSVC pipe of a timeserver */
+	c.level             = LIBNET_RPC_CONNECT_SERVER;
+	c.in.name           = r->srvsvc.in.server_name;
+	c.in.dcerpc_iface   = &ndr_table_srvsvc;
+
+	/* 1. connect to the SRVSVC pipe of a timeserver */
+	status = libnet_RpcConnect(ctx, mem_ctx, &c);
+	if (!NT_STATUS_IS_OK(status)) {
+		r->srvsvc.out.error_string = talloc_asprintf(mem_ctx,
+						"Connection to SRVSVC pipe of server '%s' failed: %s",
+						r->srvsvc.in.server_name, nt_errstr(status));
+		return status;
+	}
+
+	/* prepare srvsvc_NetrRemoteTOD */
+	tod.in.server_unc = talloc_asprintf(mem_ctx, "\\%s", c.in.name);
+	tod.out.info = &info;
+
+	/* 2. try srvsvc_NetRemoteTOD */
+	status = dcerpc_srvsvc_NetRemoteTOD_r(c.out.dcerpc_pipe->binding_handle, mem_ctx, &tod);
+	if (!NT_STATUS_IS_OK(status)) {
+		r->srvsvc.out.error_string = talloc_asprintf(mem_ctx,
+						"srvsvc_NetrRemoteTOD on server '%s' failed: %s",
+						r->srvsvc.in.server_name, nt_errstr(status));
+		goto disconnect;
+	}
+
+	/* check result of srvsvc_NetrRemoteTOD */
+	if (!W_ERROR_IS_OK(tod.out.result)) {
+		r->srvsvc.out.error_string = talloc_asprintf(mem_ctx,
+						"srvsvc_NetrRemoteTOD on server '%s' failed: %s",
+						r->srvsvc.in.server_name, win_errstr(tod.out.result));
+		status = werror_to_ntstatus(tod.out.result);
+		goto disconnect;
+	}
+
+	/* need to set the out parameters */
+	tm.tm_sec = (int)info->secs;
+	tm.tm_min = (int)info->mins;
+	tm.tm_hour = (int)info->hours;
+	tm.tm_mday = (int)info->day;
+	tm.tm_mon = (int)info->month -1;
+	tm.tm_year = (int)info->year - 1900;
+	tm.tm_wday = -1;
+	tm.tm_yday = -1;
+	tm.tm_isdst = -1;
+
+	r->srvsvc.out.time = timegm(&tm);
+	r->srvsvc.out.time_zone = info->timezone * 60;
+
+	goto disconnect;
+
+disconnect:
+	/* close connection */
+	talloc_free(c.out.dcerpc_pipe);
+
+	return status;
+}
+
+static NTSTATUS libnet_RemoteTOD_generic(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_RemoteTOD *r)
+{
+	NTSTATUS status;
+	union libnet_RemoteTOD r2;
+
+	r2.srvsvc.level			= LIBNET_REMOTE_TOD_SRVSVC;
+	r2.srvsvc.in.server_name	= r->generic.in.server_name;
+
+	status = libnet_RemoteTOD(ctx, mem_ctx, &r2);
+
+	r->generic.out.time		= r2.srvsvc.out.time;
+	r->generic.out.time_zone	= r2.srvsvc.out.time_zone;
+
+	r->generic.out.error_string	= r2.srvsvc.out.error_string;
+
+	return status;
+}
+
+NTSTATUS libnet_RemoteTOD(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_RemoteTOD *r)
+{
+	switch (r->generic.level) {
+		case LIBNET_REMOTE_TOD_GENERIC:
+			return libnet_RemoteTOD_generic(ctx, mem_ctx, r);
+		case LIBNET_REMOTE_TOD_SRVSVC:
+			return libnet_RemoteTOD_srvsvc(ctx, mem_ctx, r);
+	}
+
+	return NT_STATUS_INVALID_LEVEL;
+}
diff --git a/source4/libnet/libnet_time.h b/source4/libnet/libnet_time.h
new file mode 100644
index 0000000..4382d72
--- /dev/null
+++ b/source4/libnet/libnet_time.h
@@ -0,0 +1,46 @@
+/* 
+   Unix SMB/CIFS implementation.
+   
+   Copyright (C) Stefan Metzmacher	2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/* struct and enum for getting the time of a remote system */
+enum libnet_RemoteTOD_level {
+	LIBNET_REMOTE_TOD_GENERIC,
+	LIBNET_REMOTE_TOD_SRVSVC
+};
+
+union libnet_RemoteTOD {
+	struct {
+		enum libnet_RemoteTOD_level level;
+
+		struct _libnet_RemoteTOD_in {
+			const char *server_name;
+		} in;
+
+		struct _libnet_RemoteTOD_out {
+			time_t time;
+			int time_zone;
+			const char *error_string;
+		} out;
+	} generic;
+
+	struct {
+		enum libnet_RemoteTOD_level level;
+		struct _libnet_RemoteTOD_in in;
+		struct _libnet_RemoteTOD_out out;
+	} srvsvc;
+};
diff --git a/source4/libnet/libnet_unbecome_dc.c b/source4/libnet/libnet_unbecome_dc.c
new file mode 100644
index 0000000..38d6a94
--- /dev/null
+++ b/source4/libnet/libnet_unbecome_dc.c
@@ -0,0 +1,792 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Stefan Metzmacher <metze@samba.org> 2006
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libnet/libnet.h"
+#include "libcli/composite/composite.h"
+#include "libcli/cldap/cldap.h"
+#include <ldb.h>
+#include <ldb_errors.h>
+#include "ldb_wrap.h"
+#include "dsdb/samdb/samdb.h"
+#include "../libds/common/flags.h"
+#include "librpc/gen_ndr/ndr_drsuapi_c.h"
+#include "param/param.h"
+#include "lib/tsocket/tsocket.h"
+
+/*****************************************************************************
+ * Windows 2003 (w2k3) does the following steps when changing the server role
+ * from domain controller back to domain member
+ *
+ * We mostly do the same.
+ *****************************************************************************/
+
+/*
+ * lookup DC:
+ * - using nbt name<1C> request and a samlogon mailslot request
+ * or
+ * - using a DNS SRV _ldap._tcp.dc._msdcs. request and a CLDAP netlogon request
+ *
+ * see: unbecomeDC_send_cldap() and unbecomeDC_recv_cldap()
+ */
+
+/*
+ * Open 1st LDAP connection to the DC using admin credentials
+ *
+ * see: unbecomeDC_ldap_connect()
+ */
+
+/*
+ * LDAP search 1st LDAP connection:
+ *
+ * see: unbecomeDC_ldap_rootdse()
+ *
+ * Request:
+ *	basedn:	""
+ *	scope:	base
+ *	filter:	(objectClass=*)
+ *	attrs:	defaultNamingContext
+ *		configurationNamingContext
+ * Result:
+ *      ""
+ *		defaultNamingContext:	<domain_partition>
+ *		configurationNamingContext:CN=Configuration,<domain_partition>
+ */
+
+/*
+ * LDAP search 1st LDAP connection:
+ * 
+ * see: unbecomeDC_ldap_computer_object()
+ *
+ * Request:
+ *	basedn:	<domain_partition>
+ *	scope:	sub
+ *	filter:	(&(|(objectClass=user)(objectClass=computer))(sAMAccountName=<new_dc_account_name>))
+ *	attrs:	distinguishedName
+ *		userAccountControl
+ * Result:
+ *      CN=<new_dc_netbios_name>,CN=Domain Controllers,<domain_partition>
+ *		distinguishedName:	CN=<new_dc_netbios_name>,CN=Domain Controllers,<domain_partition>
+ *		userAccoountControl:	532480 <0x82000>
+ */
+
+/*
+ * LDAP search 1st LDAP connection:
+ * 
+ * see: unbecomeDC_ldap_modify_computer()
+ *
+ * Request:
+ *	basedn:	CN=<new_dc_netbios_name>,CN=Computers,<domain_partition>
+ *	scope:	base
+ *	filter:	(objectClass=*)
+ *	attrs:	userAccountControl
+ * Result:
+ *      CN=<new_dc_netbios_name>,CN=Computers,<domain_partition>
+ *		userAccoountControl:	532480 <0x82000>
+ */
+
+/*
+ * LDAP modify 1st LDAP connection:
+ *
+ * see: unbecomeDC_ldap_modify_computer()
+ * 
+ * Request (replace):
+ *	CN=<new_dc_netbios_name>,CN=Computers,<domain_partition>
+ *	userAccoountControl:	4096 <0x1000>
+ * Result:
+ *	<success>
+ */
+
+/*
+ * LDAP search 1st LDAP connection:
+ * 
+ * see: unbecomeDC_ldap_move_computer()
+ *
+ * Request:
+ *	basedn:	<WKGUID=aa312825768811d1aded00c04fd8d5cd,<domain_partition>>
+ *	scope:	base
+ *	filter:	(objectClass=*)
+ *	attrs:	1.1
+ * Result:
+ *	CN=Computers,<domain_partition>
+ */
+
+/*
+ * LDAP search 1st LDAP connection:
+ *
+ * not implemented because it doesn't give any new information
+ *
+ * Request:
+ *	basedn:	CN=Computers,<domain_partition>
+ *	scope:	base
+ *	filter:	(objectClass=*)
+ *	attrs:	distinguishedName
+ * Result:
+ *	CN=Computers,<domain_partition>
+ *		distinguishedName:	CN=Computers,<domain_partition>
+ */
+
+/*
+ * LDAP modifyRDN 1st LDAP connection:
+ * 
+ * see: unbecomeDC_ldap_move_computer()
+ *
+ * Request:
+ *      entry:		CN=<new_dc_netbios_name>,CN=Domain Controllers,<domain_partition>
+ *	newrdn:		CN=<new_dc_netbios_name>
+ *	deleteoldrdn:	TRUE
+ *	newparent:	CN=Computers,<domain_partition>
+ * Result:
+ *	<success>
+ */
+
+/*
+ * LDAP unbind on the 1st LDAP connection
+ *
+ * not implemented, because it's not needed...
+ */
+
+/*
+ * Open 1st DRSUAPI connection to the DC using admin credentials
+ * DsBind with DRSUAPI_DS_BIND_GUID ("e24d201a-4fd6-11d1-a3da-0000f875ae0d")
+ *
+ * see:	unbecomeDC_drsuapi_connect_send(), unbecomeDC_drsuapi_connect_recv(),
+ *	unbecomeDC_drsuapi_bind_send() and unbecomeDC_drsuapi_bind_recv()
+ */
+
+/*
+ * DsRemoveDsServer to remove the 
+ * CN=<machine_name>,CN=Servers,CN=<site_name>,CN=Configuration,<domain_partition>
+ * and CN=NTDS Settings,CN=<machine_name>,CN=Servers,CN=<site_name>,CN=Configuration,<domain_partition>
+ * on the 1st DRSUAPI connection
+ *
+ * see: unbecomeDC_drsuapi_remove_ds_server_send() and unbecomeDC_drsuapi_remove_ds_server_recv()
+ */
+
+/*
+ * DsUnbind on the 1st DRSUAPI connection
+ *
+ * not implemented, because it's not needed...
+ */
+
+
+struct libnet_UnbecomeDC_state {
+	struct composite_context *creq;
+
+	struct libnet_context *libnet;
+
+	struct {
+		struct cldap_socket *sock;
+		struct cldap_netlogon io;
+		struct NETLOGON_SAM_LOGON_RESPONSE_EX netlogon;
+	} cldap;
+
+	struct {
+		struct ldb_context *ldb;
+	} ldap;
+
+	struct {
+		struct dcerpc_binding *binding;
+		struct dcerpc_pipe *pipe;
+		struct dcerpc_binding_handle *drsuapi_handle;
+		struct drsuapi_DsBind bind_r;
+		struct GUID bind_guid;
+		struct drsuapi_DsBindInfoCtr bind_info_ctr;
+		struct drsuapi_DsBindInfo28 local_info28;
+		struct drsuapi_DsBindInfo28 remote_info28;
+		struct policy_handle bind_handle;
+		struct drsuapi_DsRemoveDSServer rm_ds_srv_r;
+	} drsuapi;
+
+	struct {
+		/* input */
+		const char *dns_name;
+		const char *netbios_name;
+
+		/* constructed */
+		struct GUID guid;
+		const char *dn_str;
+	} domain;
+
+	struct {
+		/* constructed */
+		const char *config_dn_str;
+	} forest;
+
+	struct {
+		/* input */
+		const char *address;
+
+		/* constructed */
+		const char *dns_name;
+		const char *netbios_name;
+		const char *site_name;
+	} source_dsa;
+
+	struct {
+		/* input */
+		const char *netbios_name;
+
+		/* constructed */
+		const char *dns_name;
+		const char *site_name;
+		const char *computer_dn_str;
+		const char *server_dn_str;
+		uint32_t user_account_control;
+	} dest_dsa;
+};
+
+static void unbecomeDC_recv_cldap(struct tevent_req *req);
+
+static void unbecomeDC_send_cldap(struct libnet_UnbecomeDC_state *s)
+{
+	struct composite_context *c = s->creq;
+	struct tevent_req *req;
+	struct tsocket_address *dest_address;
+	int ret;
+
+	s->cldap.io.in.dest_address	= NULL;
+	s->cldap.io.in.dest_port	= 0;
+	s->cldap.io.in.realm		= s->domain.dns_name;
+	s->cldap.io.in.host		= s->dest_dsa.netbios_name;
+	s->cldap.io.in.user		= NULL;
+	s->cldap.io.in.domain_guid	= NULL;
+	s->cldap.io.in.domain_sid	= NULL;
+	s->cldap.io.in.acct_control	= -1;
+	s->cldap.io.in.version		= NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
+	s->cldap.io.in.map_response	= true;
+
+	ret = tsocket_address_inet_from_strings(s, "ip",
+						s->source_dsa.address,
+						lpcfg_cldap_port(s->libnet->lp_ctx),
+						&dest_address);
+	if (ret != 0) {
+		c->status = map_nt_error_from_unix_common(errno);
+		if (!composite_is_ok(c)) return;
+	}
+
+	c->status = cldap_socket_init(s, NULL, dest_address, &s->cldap.sock);
+	if (!composite_is_ok(c)) return;
+
+	req = cldap_netlogon_send(s, s->libnet->event_ctx,
+				  s->cldap.sock, &s->cldap.io);
+	if (composite_nomem(req, c)) return;
+	tevent_req_set_callback(req, unbecomeDC_recv_cldap, s);
+}
+
+static void unbecomeDC_connect_ldap(struct libnet_UnbecomeDC_state *s);
+
+static void unbecomeDC_recv_cldap(struct tevent_req *req)
+{
+	struct libnet_UnbecomeDC_state *s = tevent_req_callback_data(req,
+					    struct libnet_UnbecomeDC_state);
+	struct composite_context *c = s->creq;
+
+	c->status = cldap_netlogon_recv(req, s, &s->cldap.io);
+	talloc_free(req);
+	if (!composite_is_ok(c)) return;
+
+	s->cldap.netlogon = s->cldap.io.out.netlogon.data.nt5_ex;
+
+	s->domain.dns_name		= s->cldap.netlogon.dns_domain;
+	s->domain.netbios_name		= s->cldap.netlogon.domain_name;
+	s->domain.guid			= s->cldap.netlogon.domain_uuid;
+
+	s->source_dsa.dns_name		= s->cldap.netlogon.pdc_dns_name;
+	s->source_dsa.netbios_name	= s->cldap.netlogon.pdc_name;
+	s->source_dsa.site_name		= s->cldap.netlogon.server_site;
+
+	s->dest_dsa.site_name		= s->cldap.netlogon.client_site;
+
+	unbecomeDC_connect_ldap(s);
+}
+
+static NTSTATUS unbecomeDC_ldap_connect(struct libnet_UnbecomeDC_state *s)
+{
+	char *url;
+
+	url = talloc_asprintf(s, "ldap://%s/", s->source_dsa.dns_name);
+	NT_STATUS_HAVE_NO_MEMORY(url);
+
+	s->ldap.ldb = ldb_wrap_connect(s, s->libnet->event_ctx, s->libnet->lp_ctx, url,
+				       NULL,
+				       s->libnet->cred,
+				       0);
+	talloc_free(url);
+	if (s->ldap.ldb == NULL) {
+		return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
+	}
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS unbecomeDC_ldap_rootdse(struct libnet_UnbecomeDC_state *s)
+{
+	int ret;
+	struct ldb_result *r;
+	struct ldb_dn *basedn;
+	static const char *attrs[] = {
+		"defaultNamingContext",
+		"configurationNamingContext",
+		NULL
+	};
+
+	basedn = ldb_dn_new(s, s->ldap.ldb, NULL);
+	NT_STATUS_HAVE_NO_MEMORY(basedn);
+
+	ret = ldb_search(s->ldap.ldb, s, &r, basedn, LDB_SCOPE_BASE, attrs,
+			 "(objectClass=*)");
+	talloc_free(basedn);
+	if (ret != LDB_SUCCESS) {
+		return NT_STATUS_LDAP(ret);
+	} else if (r->count != 1) {
+		talloc_free(r);
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	}
+
+	s->domain.dn_str	= ldb_msg_find_attr_as_string(r->msgs[0], "defaultNamingContext", NULL);
+	if (!s->domain.dn_str) return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	talloc_steal(s, s->domain.dn_str);
+
+	s->forest.config_dn_str	= ldb_msg_find_attr_as_string(r->msgs[0], "configurationNamingContext", NULL);
+	if (!s->forest.config_dn_str) return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	talloc_steal(s, s->forest.config_dn_str);
+
+	s->dest_dsa.server_dn_str = talloc_asprintf(s, "CN=%s,CN=Servers,CN=%s,CN=Sites,%s",
+						    s->dest_dsa.netbios_name,
+						    s->dest_dsa.site_name,
+				                    s->forest.config_dn_str);
+	NT_STATUS_HAVE_NO_MEMORY(s->dest_dsa.server_dn_str);
+
+	talloc_free(r);
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS unbecomeDC_ldap_computer_object(struct libnet_UnbecomeDC_state *s)
+{
+	int ret;
+	struct ldb_result *r;
+	struct ldb_dn *basedn;
+	static const char *attrs[] = {
+		"distinguishedName",
+		"userAccountControl",
+		NULL
+	};
+
+	basedn = ldb_dn_new(s, s->ldap.ldb, s->domain.dn_str);
+	NT_STATUS_HAVE_NO_MEMORY(basedn);
+
+	ret = ldb_search(s->ldap.ldb, s, &r, basedn, LDB_SCOPE_SUBTREE, attrs,
+			 "(&(|(objectClass=user)(objectClass=computer))(sAMAccountName=%s$))",
+			 s->dest_dsa.netbios_name);
+	talloc_free(basedn);
+	if (ret != LDB_SUCCESS) {
+		return NT_STATUS_LDAP(ret);
+	} else if (r->count != 1) {
+		talloc_free(r);
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	}
+
+	s->dest_dsa.computer_dn_str	= ldb_msg_find_attr_as_string(r->msgs[0], "distinguishedName", NULL);
+	if (!s->dest_dsa.computer_dn_str) return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	talloc_steal(s, s->dest_dsa.computer_dn_str);
+
+	s->dest_dsa.user_account_control = ldb_msg_find_attr_as_uint(r->msgs[0], "userAccountControl", 0);
+
+	talloc_free(r);
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS unbecomeDC_ldap_modify_computer(struct libnet_UnbecomeDC_state *s)
+{
+	int ret;
+	struct ldb_message *msg;
+	uint32_t user_account_control = UF_WORKSTATION_TRUST_ACCOUNT;
+	unsigned int i;
+
+	/* as the value is already as we want it to be, we're done */
+	if (s->dest_dsa.user_account_control == user_account_control) {
+		return NT_STATUS_OK;
+	}
+
+	/* make a 'modify' msg, and only for serverReference */
+	msg = ldb_msg_new(s);
+	NT_STATUS_HAVE_NO_MEMORY(msg);
+	msg->dn = ldb_dn_new(msg, s->ldap.ldb, s->dest_dsa.computer_dn_str);
+	NT_STATUS_HAVE_NO_MEMORY(msg->dn);
+
+	ret = samdb_msg_add_uint(s->ldap.ldb, msg, msg, "userAccountControl",
+				 user_account_control);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(msg);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* mark all the message elements (should be just one)
+	   as LDB_FLAG_MOD_REPLACE */
+	for (i=0;i<msg->num_elements;i++) {
+		msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
+	}
+
+	ret = ldb_modify(s->ldap.ldb, msg);
+	talloc_free(msg);
+	if (ret != LDB_SUCCESS) {
+		return NT_STATUS_LDAP(ret);
+	}
+
+	s->dest_dsa.user_account_control = user_account_control;
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS unbecomeDC_ldap_move_computer(struct libnet_UnbecomeDC_state *s)
+{
+	int ret;
+	struct ldb_result *r;
+	struct ldb_dn *basedn;
+	struct ldb_dn *old_dn;
+	struct ldb_dn *new_dn;
+	static const char *_1_1_attrs[] = {
+		"1.1",
+		NULL
+	};
+
+	basedn = ldb_dn_new_fmt(s, s->ldap.ldb, "<WKGUID=aa312825768811d1aded00c04fd8d5cd,%s>",
+				s->domain.dn_str);
+	NT_STATUS_HAVE_NO_MEMORY(basedn);
+
+	ret = ldb_search(s->ldap.ldb, s, &r, basedn, LDB_SCOPE_BASE,
+			 _1_1_attrs, "(objectClass=*)");
+	talloc_free(basedn);
+	if (ret != LDB_SUCCESS) {
+		return NT_STATUS_LDAP(ret);
+	} else if (r->count != 1) {
+		talloc_free(r);
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	}
+
+	old_dn = ldb_dn_new(r, s->ldap.ldb, s->dest_dsa.computer_dn_str);
+	NT_STATUS_HAVE_NO_MEMORY(old_dn);
+
+	new_dn = r->msgs[0]->dn;
+
+	if (!ldb_dn_add_child_fmt(new_dn, "CN=%s", s->dest_dsa.netbios_name)) {
+		talloc_free(r);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (ldb_dn_compare(old_dn, new_dn) == 0) {
+		/* we don't need to rename if the old and new dn match */
+		talloc_free(r);
+		return NT_STATUS_OK;
+	}
+
+	ret = ldb_rename(s->ldap.ldb, old_dn, new_dn);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(r);
+		return NT_STATUS_LDAP(ret);
+	}
+
+	s->dest_dsa.computer_dn_str = ldb_dn_alloc_linearized(s, new_dn);
+	NT_STATUS_HAVE_NO_MEMORY(s->dest_dsa.computer_dn_str);
+
+	talloc_free(r);
+
+	return NT_STATUS_OK;
+}
+
+static void unbecomeDC_drsuapi_connect_send(struct libnet_UnbecomeDC_state *s);
+
+static void unbecomeDC_connect_ldap(struct libnet_UnbecomeDC_state *s)
+{
+	struct composite_context *c = s->creq;
+
+	c->status = unbecomeDC_ldap_connect(s);
+	if (!composite_is_ok(c)) return;
+
+	c->status = unbecomeDC_ldap_rootdse(s);
+	if (!composite_is_ok(c)) return;
+
+	c->status = unbecomeDC_ldap_computer_object(s);
+	if (!composite_is_ok(c)) return;
+
+	c->status = unbecomeDC_ldap_modify_computer(s);
+	if (!composite_is_ok(c)) return;
+
+	c->status = unbecomeDC_ldap_move_computer(s);
+	if (!composite_is_ok(c)) return;
+
+	unbecomeDC_drsuapi_connect_send(s);
+}
+
+static void unbecomeDC_drsuapi_connect_recv(struct composite_context *creq);
+
+static void unbecomeDC_drsuapi_connect_send(struct libnet_UnbecomeDC_state *s)
+{
+	struct composite_context *c = s->creq;
+	struct composite_context *creq;
+	char *binding_str;
+
+	binding_str = talloc_asprintf(s, "ncacn_ip_tcp:%s[seal,target_hostname=%s]",
+				      s->source_dsa.address,
+				      s->source_dsa.dns_name);
+	if (composite_nomem(binding_str, c)) return;
+
+	c->status = dcerpc_parse_binding(s, binding_str, &s->drsuapi.binding);
+	talloc_free(binding_str);
+	if (!composite_is_ok(c)) return;
+
+	if (DEBUGLEVEL >= 10) {
+		c->status = dcerpc_binding_set_flags(s->drsuapi.binding,
+						     DCERPC_DEBUG_PRINT_BOTH,
+						     0);
+		if (!composite_is_ok(c)) return;
+	}
+
+	creq = dcerpc_pipe_connect_b_send(s, s->drsuapi.binding, &ndr_table_drsuapi,
+					  s->libnet->cred, s->libnet->event_ctx,
+					  s->libnet->lp_ctx);
+	composite_continue(c, creq, unbecomeDC_drsuapi_connect_recv, s);
+}
+
+static void unbecomeDC_drsuapi_bind_send(struct libnet_UnbecomeDC_state *s);
+
+static void unbecomeDC_drsuapi_connect_recv(struct composite_context *req)
+{
+	struct libnet_UnbecomeDC_state *s = talloc_get_type(req->async.private_data,
+					    struct libnet_UnbecomeDC_state);
+	struct composite_context *c = s->creq;
+
+	c->status = dcerpc_pipe_connect_b_recv(req, s, &s->drsuapi.pipe);
+	if (!composite_is_ok(c)) return;
+
+	s->drsuapi.drsuapi_handle = s->drsuapi.pipe->binding_handle;
+
+	unbecomeDC_drsuapi_bind_send(s);
+}
+
+static void unbecomeDC_drsuapi_bind_recv(struct tevent_req *subreq);
+
+static void unbecomeDC_drsuapi_bind_send(struct libnet_UnbecomeDC_state *s)
+{
+	struct composite_context *c = s->creq;
+	struct drsuapi_DsBindInfo28 *bind_info28;
+	struct tevent_req *subreq;
+
+	GUID_from_string(DRSUAPI_DS_BIND_GUID, &s->drsuapi.bind_guid);
+
+	bind_info28				= &s->drsuapi.local_info28;
+	bind_info28->supported_extensions	= 0;
+	bind_info28->site_guid			= GUID_zero();
+	bind_info28->pid			= 0;
+	bind_info28->repl_epoch			= 0;
+
+	s->drsuapi.bind_info_ctr.length		= 28;
+	s->drsuapi.bind_info_ctr.info.info28	= *bind_info28;
+
+	s->drsuapi.bind_r.in.bind_guid = &s->drsuapi.bind_guid;
+	s->drsuapi.bind_r.in.bind_info = &s->drsuapi.bind_info_ctr;
+	s->drsuapi.bind_r.out.bind_handle = &s->drsuapi.bind_handle;
+
+	subreq = dcerpc_drsuapi_DsBind_r_send(s, c->event_ctx,
+					      s->drsuapi.drsuapi_handle,
+					      &s->drsuapi.bind_r);
+	if (composite_nomem(subreq, c)) return;
+	tevent_req_set_callback(subreq, unbecomeDC_drsuapi_bind_recv, s);
+}
+
+static void unbecomeDC_drsuapi_remove_ds_server_send(struct libnet_UnbecomeDC_state *s);
+
+static void unbecomeDC_drsuapi_bind_recv(struct tevent_req *subreq)
+{
+	struct libnet_UnbecomeDC_state *s = tevent_req_callback_data(subreq,
+					    struct libnet_UnbecomeDC_state);
+	struct composite_context *c = s->creq;
+
+	c->status = dcerpc_drsuapi_DsBind_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	if (!W_ERROR_IS_OK(s->drsuapi.bind_r.out.result)) {
+		composite_error(c, werror_to_ntstatus(s->drsuapi.bind_r.out.result));
+		return;
+	}
+
+	ZERO_STRUCT(s->drsuapi.remote_info28);
+	if (s->drsuapi.bind_r.out.bind_info) {
+		switch (s->drsuapi.bind_r.out.bind_info->length) {
+		case 24: {
+			struct drsuapi_DsBindInfo24 *info24;
+			info24 = &s->drsuapi.bind_r.out.bind_info->info.info24;
+			s->drsuapi.remote_info28.supported_extensions	= info24->supported_extensions;
+			s->drsuapi.remote_info28.site_guid		= info24->site_guid;
+			s->drsuapi.remote_info28.pid			= info24->pid;
+			s->drsuapi.remote_info28.repl_epoch		= 0;
+			break;
+		}
+		case 28: {
+			s->drsuapi.remote_info28 = s->drsuapi.bind_r.out.bind_info->info.info28;
+			break;
+		}
+		case 32: {
+			struct drsuapi_DsBindInfo32 *info32;
+			info32 = &s->drsuapi.bind_r.out.bind_info->info.info32;
+			s->drsuapi.remote_info28.supported_extensions	= info32->supported_extensions;
+			s->drsuapi.remote_info28.site_guid		= info32->site_guid;
+			s->drsuapi.remote_info28.pid			= info32->pid;
+			s->drsuapi.remote_info28.repl_epoch		= info32->repl_epoch;
+			break;
+		}
+		case 48: {
+			struct drsuapi_DsBindInfo48 *info48;
+			info48 = &s->drsuapi.bind_r.out.bind_info->info.info48;
+			s->drsuapi.remote_info28.supported_extensions	= info48->supported_extensions;
+			s->drsuapi.remote_info28.site_guid		= info48->site_guid;
+			s->drsuapi.remote_info28.pid			= info48->pid;
+			s->drsuapi.remote_info28.repl_epoch		= info48->repl_epoch;
+			break;
+		}
+		case 52: {
+			struct drsuapi_DsBindInfo52 *info52;
+			info52 = &s->drsuapi.bind_r.out.bind_info->info.info52;
+			s->drsuapi.remote_info28.supported_extensions	= info52->supported_extensions;
+			s->drsuapi.remote_info28.site_guid		= info52->site_guid;
+			s->drsuapi.remote_info28.pid			= info52->pid;
+			s->drsuapi.remote_info28.repl_epoch		= info52->repl_epoch;
+			break;
+		}
+		default:
+			DEBUG(1, ("Warning: invalid info length in bind info: %d\n",
+				s->drsuapi.bind_r.out.bind_info->length));
+			break;
+		}
+	}
+
+	unbecomeDC_drsuapi_remove_ds_server_send(s);
+}
+
+static void unbecomeDC_drsuapi_remove_ds_server_recv(struct tevent_req *subreq);
+
+static void unbecomeDC_drsuapi_remove_ds_server_send(struct libnet_UnbecomeDC_state *s)
+{
+	struct composite_context *c = s->creq;
+	struct drsuapi_DsRemoveDSServer *r = &s->drsuapi.rm_ds_srv_r;
+	struct tevent_req *subreq;
+
+	r->in.bind_handle	= &s->drsuapi.bind_handle;
+	r->in.level		= 1;
+	r->in.req		= talloc(s, union drsuapi_DsRemoveDSServerRequest);
+	r->in.req->req1.server_dn = s->dest_dsa.server_dn_str;
+	r->in.req->req1.domain_dn = s->domain.dn_str;
+	r->in.req->req1.commit	= true;
+
+	r->out.level_out	= talloc(s, uint32_t);
+	r->out.res		= talloc(s, union drsuapi_DsRemoveDSServerResult);
+
+	subreq = dcerpc_drsuapi_DsRemoveDSServer_r_send(s, c->event_ctx,
+							s->drsuapi.drsuapi_handle,
+							r);
+	if (composite_nomem(subreq, c)) return;
+	tevent_req_set_callback(subreq, unbecomeDC_drsuapi_remove_ds_server_recv, s);
+}
+
+static void unbecomeDC_drsuapi_remove_ds_server_recv(struct tevent_req *subreq)
+{
+	struct libnet_UnbecomeDC_state *s = tevent_req_callback_data(subreq,
+					    struct libnet_UnbecomeDC_state);
+	struct composite_context *c = s->creq;
+	struct drsuapi_DsRemoveDSServer *r = &s->drsuapi.rm_ds_srv_r;
+
+	c->status = dcerpc_drsuapi_DsRemoveDSServer_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	if (!W_ERROR_IS_OK(r->out.result)) {
+		composite_error(c, werror_to_ntstatus(r->out.result));
+		return;
+	}
+
+	if (*r->out.level_out != 1) {
+		composite_error(c, NT_STATUS_INVALID_NETWORK_RESPONSE);
+		return;
+	}
+
+	composite_done(c);
+}
+
+struct composite_context *libnet_UnbecomeDC_send(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_UnbecomeDC *r)
+{
+	struct composite_context *c;
+	struct libnet_UnbecomeDC_state *s;
+	char *tmp_name;
+
+	c = composite_create(mem_ctx, ctx->event_ctx);
+	if (c == NULL) return NULL;
+
+	s = talloc_zero(c, struct libnet_UnbecomeDC_state);
+	if (composite_nomem(s, c)) return c;
+	c->private_data = s;
+	s->creq		= c;
+	s->libnet	= ctx;
+
+	/* Domain input */
+	s->domain.dns_name	= talloc_strdup(s, r->in.domain_dns_name);
+	if (composite_nomem(s->domain.dns_name, c)) return c;
+	s->domain.netbios_name	= talloc_strdup(s, r->in.domain_netbios_name);
+	if (composite_nomem(s->domain.netbios_name, c)) return c;
+
+	/* Source DSA input */
+	s->source_dsa.address	= talloc_strdup(s, r->in.source_dsa_address);
+	if (composite_nomem(s->source_dsa.address, c)) return c;
+
+	/* Destination DSA input */
+	s->dest_dsa.netbios_name= talloc_strdup(s, r->in.dest_dsa_netbios_name);
+	if (composite_nomem(s->dest_dsa.netbios_name, c)) return c;
+
+	/* Destination DSA dns_name construction */
+	tmp_name		= strlower_talloc(s, s->dest_dsa.netbios_name);
+	if (composite_nomem(tmp_name, c)) return c;
+	s->dest_dsa.dns_name	= talloc_asprintf_append_buffer(tmp_name, ".%s",
+				  			 s->domain.dns_name);
+	if (composite_nomem(s->dest_dsa.dns_name, c)) return c;
+
+	unbecomeDC_send_cldap(s);
+	return c;
+}
+
+NTSTATUS libnet_UnbecomeDC_recv(struct composite_context *c, TALLOC_CTX *mem_ctx, struct libnet_UnbecomeDC *r)
+{
+	NTSTATUS status;
+
+	status = composite_wait(c);
+
+	ZERO_STRUCT(r->out);
+
+	talloc_free(c);
+	return status;
+}
+
+NTSTATUS libnet_UnbecomeDC(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_UnbecomeDC *r)
+{
+	NTSTATUS status;
+	struct composite_context *c;
+	c = libnet_UnbecomeDC_send(ctx, mem_ctx, r);
+	status = libnet_UnbecomeDC_recv(c, mem_ctx, r);
+	return status;
+}
diff --git a/source4/libnet/libnet_unbecome_dc.h b/source4/libnet/libnet_unbecome_dc.h
new file mode 100644
index 0000000..30a412f
--- /dev/null
+++ b/source4/libnet/libnet_unbecome_dc.h
@@ -0,0 +1,31 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Stefan Metzmacher <metze@samba.org> 2006
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+struct libnet_UnbecomeDC {
+	struct {
+		const char *domain_dns_name;
+		const char *domain_netbios_name;
+		const char *source_dsa_address;
+		const char *dest_dsa_netbios_name;
+	} in;
+
+	struct {
+		const char *error_string;
+	} out;
+};
diff --git a/source4/libnet/libnet_user.c b/source4/libnet/libnet_user.c
new file mode 100644
index 0000000..f4b90d9
--- /dev/null
+++ b/source4/libnet/libnet_user.c
@@ -0,0 +1,1241 @@
+/* 
+   Unix SMB/CIFS implementation.
+   
+   Copyright (C) Rafal Szczesniak  2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include "includes.h"
+#include "libnet/libnet.h"
+#include "libcli/composite/composite.h"
+#include "auth/credentials/credentials.h"
+#include "librpc/ndr/libndr.h"
+#include "librpc/gen_ndr/samr.h"
+#include "librpc/gen_ndr/ndr_samr_c.h"
+#include "librpc/gen_ndr/lsa.h"
+#include "librpc/gen_ndr/ndr_lsa_c.h"
+#include "libcli/security/security.h"
+
+
+struct create_user_state {
+	struct libnet_CreateUser r;
+	struct libnet_DomainOpen domain_open;
+	struct libnet_rpc_useradd user_add;
+	struct libnet_context *ctx;
+
+	/* information about the progress */
+	void (*monitor_fn)(struct monitor_msg *);
+};
+
+
+static void continue_rpc_useradd(struct composite_context *ctx);
+static void continue_domain_open_create(struct composite_context *ctx);
+
+
+/**
+ * Sends request to create user account
+ *
+ * @param ctx initialised libnet context
+ * @param mem_ctx memory context of this call
+ * @param r pointer to a structure containing arguments and results of this call
+ * @param monitor function pointer for receiving monitor messages
+ * @return compostite context of this request
+ */
+struct composite_context* libnet_CreateUser_send(struct libnet_context *ctx,
+						 TALLOC_CTX *mem_ctx,
+						 struct libnet_CreateUser *r,
+						 void (*monitor)(struct monitor_msg*))
+{
+	struct composite_context *c;
+	struct create_user_state *s;
+	struct composite_context *create_req;
+	bool prereq_met = false;
+
+	/* composite context allocation and setup */
+	c = composite_create(mem_ctx, ctx->event_ctx);
+	if (c == NULL) return NULL;
+
+	s = talloc_zero(c, struct create_user_state);
+	if (composite_nomem(s, c)) return c;
+
+	c->private_data = s;
+
+	/* store arguments in the state structure */
+	s->ctx = ctx;
+	s->r   = *r;
+	ZERO_STRUCT(s->r.out);
+
+	/* prerequisite: make sure the domain is opened */
+	prereq_met = samr_domain_opened(ctx, c, s->r.in.domain_name, &c, &s->domain_open,
+					continue_domain_open_create, monitor);
+	if (!prereq_met) return c;
+
+	/* prepare arguments for useradd call */
+	s->user_add.in.username       = r->in.user_name;
+	s->user_add.in.domain_handle  = ctx->samr.handle;
+
+	/* send the request */
+	create_req = libnet_rpc_useradd_send(s, s->ctx->event_ctx,
+					     ctx->samr.samr_handle,
+					     &s->user_add, monitor);
+	if (composite_nomem(create_req, c)) return c;
+
+	/* set the next stage */
+	composite_continue(c, create_req, continue_rpc_useradd, c);
+	return c;
+}
+
+
+/*
+ * Stage 0.5 (optional): receive result of domain open request
+ * and send useradd request
+ */
+static void continue_domain_open_create(struct composite_context *ctx)
+{
+	struct composite_context *c;
+	struct create_user_state *s;
+	struct composite_context *create_req;
+	struct monitor_msg msg;
+
+	c = talloc_get_type_abort(ctx->async.private_data, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct create_user_state);
+
+	/* receive result of DomainOpen call */
+	c->status = libnet_DomainOpen_recv(ctx, s->ctx, c, &s->domain_open);
+	if (!composite_is_ok(c)) return;
+
+	/* send monitor message */
+	if (s->monitor_fn) s->monitor_fn(&msg);
+	
+	/* prepare arguments for useradd call */
+	s->user_add.in.username       = s->r.in.user_name;
+	s->user_add.in.domain_handle  = s->ctx->samr.handle;
+
+	/* send the request */
+	create_req = libnet_rpc_useradd_send(s, s->ctx->event_ctx,
+					     s->ctx->samr.samr_handle,
+					     &s->user_add, s->monitor_fn);
+	if (composite_nomem(create_req, c)) return;
+
+	/* set the next stage */
+	composite_continue(c, create_req, continue_rpc_useradd, c);
+}
+
+
+/*
+ * Stage 1: receive result of useradd call
+ */
+static void continue_rpc_useradd(struct composite_context *ctx)
+{
+	struct composite_context *c;
+	struct create_user_state *s;
+	struct monitor_msg msg;
+
+	c = talloc_get_type_abort(ctx->async.private_data, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct create_user_state);
+	
+	/* receive result of the call */
+	c->status = libnet_rpc_useradd_recv(ctx, c, &s->user_add);
+	if (!composite_is_ok(c)) return;
+
+	/* send monitor message */
+	if (s->monitor_fn) s->monitor_fn(&msg);
+
+	/* we're done */
+	composite_done(c);
+}
+
+
+/**
+ * Receive result of CreateUser call
+ *
+ * @param c composite context returned by send request routine
+ * @param mem_ctx memory context of this call
+ * @param r pointer to a structure containing arguments and result of this call
+ * @return nt status
+ */
+NTSTATUS libnet_CreateUser_recv(struct composite_context *c, TALLOC_CTX *mem_ctx,
+				struct libnet_CreateUser *r)
+{
+	NTSTATUS status;
+
+	r->out.error_string = NULL;
+
+	/* wait for result of async request and check status code */
+	status = composite_wait(c);
+	if (!NT_STATUS_IS_OK(status)) {
+		r->out.error_string = talloc_strdup(mem_ctx, nt_errstr(status));
+	}
+
+	talloc_free(c);
+	return status;
+}
+
+
+/**
+ * Synchronous version of CreateUser call
+ *
+ * @param ctx initialised libnet context
+ * @param mem_ctx memory context of this call
+ * @param r pointer to a structure containing arguments and result of this call
+ * @return nt status
+ */
+NTSTATUS libnet_CreateUser(struct libnet_context *ctx, TALLOC_CTX *mem_ctx,
+			   struct libnet_CreateUser *r)
+{
+	struct composite_context *c;
+
+	c = libnet_CreateUser_send(ctx, mem_ctx, r, NULL);
+	return libnet_CreateUser_recv(c, mem_ctx, r);
+}
+
+
+struct delete_user_state {
+	struct libnet_DeleteUser r;
+	struct libnet_context *ctx;
+	struct libnet_DomainOpen domain_open;
+	struct libnet_rpc_userdel user_del;
+
+	/* information about the progress */
+	void (*monitor_fn)(struct monitor_msg *);
+};
+
+
+static void continue_rpc_userdel(struct composite_context *ctx);
+static void continue_domain_open_delete(struct composite_context *ctx);
+
+
+/**
+ * Sends request to delete user account
+ *
+ * @param ctx initialised libnet context
+ * @param mem_ctx memory context of this call
+ * @param r pointer to structure containing arguments and result of this call
+ * @param monitor function pointer for receiving monitor messages
+ */
+struct composite_context *libnet_DeleteUser_send(struct libnet_context *ctx,
+						 TALLOC_CTX *mem_ctx,
+						 struct libnet_DeleteUser *r,
+						 void (*monitor)(struct monitor_msg*))
+{
+	struct composite_context *c;
+	struct delete_user_state *s;
+	struct composite_context *delete_req;
+	bool prereq_met = false;
+
+	/* composite context allocation and setup */
+	c = composite_create(mem_ctx, ctx->event_ctx);
+	if (c == NULL) return NULL;
+
+	s = talloc_zero(c, struct delete_user_state);
+	if (composite_nomem(s, c)) return c;
+
+	c->private_data = s;
+
+	/* store arguments in state structure */
+	s->ctx = ctx;
+	s->r   = *r;
+	ZERO_STRUCT(s->r.out);
+	
+	/* prerequisite: make sure the domain is opened before proceeding */
+	prereq_met = samr_domain_opened(ctx, c, s->r.in.domain_name, &c, &s->domain_open,
+					continue_domain_open_delete, monitor);
+	if (!prereq_met) return c;
+
+	/* prepare arguments for userdel call */
+	s->user_del.in.username       = r->in.user_name;
+	s->user_del.in.domain_handle  = ctx->samr.handle;
+
+	/* send request */
+	delete_req = libnet_rpc_userdel_send(s, s->ctx->event_ctx,
+					     ctx->samr.samr_handle,
+					     &s->user_del, monitor);
+	if (composite_nomem(delete_req, c)) return c;
+	
+	/* set the next stage */
+	composite_continue(c, delete_req, continue_rpc_userdel, c);
+	return c;
+}
+
+
+/*
+ * Stage 0.5 (optional): receive result of domain open request
+ * and send useradd request
+ */
+static void continue_domain_open_delete(struct composite_context *ctx)
+{
+	struct composite_context *c;
+	struct delete_user_state *s;
+	struct composite_context *delete_req;
+	struct monitor_msg msg;
+
+	c = talloc_get_type_abort(ctx->async.private_data, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct delete_user_state);
+
+	/* receive result of DomainOpen call */
+	c->status = libnet_DomainOpen_recv(ctx, s->ctx, c, &s->domain_open);
+	if (!composite_is_ok(c)) return;
+	
+	/* send monitor message */
+	if (s->monitor_fn) s->monitor_fn(&msg);
+
+	/* prepare arguments for userdel call */
+	s->user_del.in.username       = s->r.in.user_name;
+	s->user_del.in.domain_handle  = s->ctx->samr.handle;
+
+	/* send request */
+	delete_req = libnet_rpc_userdel_send(s, s->ctx->event_ctx,
+					     s->ctx->samr.samr_handle,
+					     &s->user_del, s->monitor_fn);
+	if (composite_nomem(delete_req, c)) return;
+
+	/* set the next stage */
+	composite_continue(c, delete_req, continue_rpc_userdel, c);
+}
+
+
+/*
+ * Stage 1: receive result of userdel call and finish the composite function
+ */
+static void continue_rpc_userdel(struct composite_context *ctx)
+{
+	struct composite_context *c;
+	struct delete_user_state *s;
+	struct monitor_msg msg;
+
+	c = talloc_get_type_abort(ctx->async.private_data, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct delete_user_state);
+
+	/* receive result of userdel call */
+	c->status = libnet_rpc_userdel_recv(ctx, c, &s->user_del);
+	if (!composite_is_ok(c)) return;
+
+	/* send monitor message */
+	if (s->monitor_fn) s->monitor_fn(&msg);
+
+	/* we're done */
+	composite_done(c);
+}
+
+
+/**
+ * Receives result of asynchronous DeleteUser call
+ *
+ * @param c composite context returned by async DeleteUser call
+ * @param mem_ctx memory context of this call
+ * @param r pointer to structure containing arguments and result
+ */
+NTSTATUS libnet_DeleteUser_recv(struct composite_context *c, TALLOC_CTX *mem_ctx,
+				struct libnet_DeleteUser *r)
+{
+	NTSTATUS status;
+	struct delete_user_state *s;
+
+	r->out.error_string = NULL;
+
+	/* wait for result of async request and check status code */
+	status = composite_wait(c);
+	if (!NT_STATUS_IS_OK(status)) {
+		s = talloc_get_type_abort(c->private_data, struct delete_user_state);
+		r->out.error_string = talloc_steal(mem_ctx, s->r.out.error_string);
+	}
+	
+	talloc_free(c);
+	return status;
+}
+
+
+/**
+ * Synchronous version of DeleteUser call
+ *
+ * @param ctx initialised libnet context
+ * @param mem_ctx memory context of this call
+ * @param r pointer to structure containing arguments and result
+ */
+NTSTATUS libnet_DeleteUser(struct libnet_context *ctx, TALLOC_CTX *mem_ctx,
+			   struct libnet_DeleteUser *r)
+{
+	struct composite_context *c;
+	
+	c = libnet_DeleteUser_send(ctx, mem_ctx, r, NULL);
+	return libnet_DeleteUser_recv(c, mem_ctx, r);
+}
+
+
+struct modify_user_state {
+	struct libnet_ModifyUser r;
+	struct libnet_context *ctx;
+	struct libnet_DomainOpen domain_open;
+	struct libnet_rpc_userinfo user_info;
+	struct libnet_rpc_usermod user_mod;
+
+	void (*monitor_fn)(struct monitor_msg *);
+};
+
+
+static void continue_rpc_usermod(struct composite_context *ctx);
+static void continue_domain_open_modify(struct composite_context *ctx);
+static NTSTATUS set_user_changes(TALLOC_CTX *mem_ctx, struct usermod_change *mod,
+				 struct libnet_rpc_userinfo *info, struct libnet_ModifyUser *r);
+static void continue_rpc_userinfo(struct composite_context *ctx);
+
+
+/**
+ * Sends request to modify user account
+ *
+ * @param ctx initialised libnet context
+ * @param mem_ctx memory context of this call
+ * @param r pointer to structure containing arguments and result of this call
+ * @param monitor function pointer for receiving monitor messages
+ */
+struct composite_context *libnet_ModifyUser_send(struct libnet_context *ctx,
+						 TALLOC_CTX *mem_ctx,
+						 struct libnet_ModifyUser *r,
+						 void (*monitor)(struct monitor_msg*))
+{
+	const uint16_t level = 21;
+	struct composite_context *c;
+	struct modify_user_state *s;
+	struct composite_context *userinfo_req;
+	bool prereq_met = false;
+
+	c = composite_create(mem_ctx, ctx->event_ctx);
+	if (c == NULL) return NULL;
+
+	s = talloc_zero(c, struct modify_user_state);
+	if (composite_nomem(s, c)) return c;
+
+	c->private_data = s;
+
+	s->ctx = ctx;
+	s->r = *r;
+
+	prereq_met = samr_domain_opened(ctx, c, s->r.in.domain_name, &c, &s->domain_open,
+					continue_domain_open_modify, monitor);
+	if (!prereq_met) return c;
+
+	s->user_info.in.username      = r->in.user_name;
+	s->user_info.in.domain_handle = ctx->samr.handle;
+	s->user_info.in.level         = level;
+
+	userinfo_req = libnet_rpc_userinfo_send(s, s->ctx->event_ctx,
+						ctx->samr.samr_handle,
+						&s->user_info, monitor);
+	if (composite_nomem(userinfo_req, c)) return c;
+
+	composite_continue(c, userinfo_req, continue_rpc_userinfo, c);
+	return c;
+}
+
+
+/*
+ * Stage 0.5 (optional): receive result of domain open request
+ * and send userinfo request
+ */
+static void continue_domain_open_modify(struct composite_context *ctx)
+{
+	const uint16_t level = 21;
+	struct composite_context *c;
+	struct modify_user_state *s;
+	struct composite_context *userinfo_req;
+	struct monitor_msg msg;
+
+	c = talloc_get_type_abort(ctx->async.private_data, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct modify_user_state);
+
+	c->status = libnet_DomainOpen_recv(ctx, s->ctx, c, &s->domain_open);
+	if (!composite_is_ok(c)) return;
+
+	if (s->monitor_fn) s->monitor_fn(&msg);
+	
+	s->user_info.in.domain_handle  = s->ctx->samr.handle;
+	s->user_info.in.username       = s->r.in.user_name;
+	s->user_info.in.level          = level;
+
+	userinfo_req = libnet_rpc_userinfo_send(s, s->ctx->event_ctx,
+						s->ctx->samr.samr_handle,
+						&s->user_info, s->monitor_fn);
+	if (composite_nomem(userinfo_req, c)) return;
+	
+	composite_continue(c, userinfo_req, continue_rpc_userinfo, c);
+}
+
+
+/*
+ * Stage 1: receive result of userinfo call, prepare user changes
+ * (set the fields a caller required to change) and send usermod request
+ */
+static void continue_rpc_userinfo(struct composite_context *ctx)
+{
+	struct composite_context *c;
+	struct modify_user_state *s;
+	struct composite_context *usermod_req;
+
+	c = talloc_get_type_abort(ctx->async.private_data, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct modify_user_state);
+
+	c->status = libnet_rpc_userinfo_recv(ctx, c, &s->user_info);
+	if (!composite_is_ok(c)) return;
+
+	s->user_mod.in.domain_handle = s->ctx->samr.handle;
+	s->user_mod.in.username      = s->r.in.user_name;
+
+	c->status = set_user_changes(c, &s->user_mod.in.change, &s->user_info, &s->r);
+
+	usermod_req = libnet_rpc_usermod_send(s, s->ctx->event_ctx,
+					      s->ctx->samr.samr_handle,
+					      &s->user_mod, s->monitor_fn);
+	if (composite_nomem(usermod_req, c)) return;
+
+	composite_continue(c, usermod_req, continue_rpc_usermod, c);
+}
+
+
+/*
+ * Prepare user changes: compare userinfo result to requested changes and
+ * set the field values and flags accordingly for user modify call
+ */
+static NTSTATUS set_user_changes(TALLOC_CTX *mem_ctx, struct usermod_change *mod,
+				 struct libnet_rpc_userinfo *info, struct libnet_ModifyUser *r)
+{
+	struct samr_UserInfo21 *user;
+
+	if (mod == NULL || info == NULL || r == NULL || info->in.level != 21) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	user = &info->out.info.info21;
+	mod->fields = 0;        /* reset flag field before setting individual flags */
+
+	/* account name change */
+	SET_FIELD_LSA_STRING(r->in, user, mod, account_name, USERMOD_FIELD_ACCOUNT_NAME);
+
+	/* full name change */
+	SET_FIELD_LSA_STRING(r->in, user, mod, full_name, USERMOD_FIELD_FULL_NAME);
+
+	/* description change */
+	SET_FIELD_LSA_STRING(r->in, user, mod, description, USERMOD_FIELD_DESCRIPTION);
+
+	/* comment change */
+	SET_FIELD_LSA_STRING(r->in, user, mod, comment, USERMOD_FIELD_COMMENT);
+
+	/* home directory change */
+	SET_FIELD_LSA_STRING(r->in, user, mod, home_directory, USERMOD_FIELD_HOME_DIRECTORY);
+
+	/* home drive change */
+	SET_FIELD_LSA_STRING(r->in, user, mod, home_drive, USERMOD_FIELD_HOME_DRIVE);
+
+	/* logon script change */
+	SET_FIELD_LSA_STRING(r->in, user, mod, logon_script, USERMOD_FIELD_LOGON_SCRIPT);
+
+	/* profile path change */
+	SET_FIELD_LSA_STRING(r->in, user, mod, profile_path, USERMOD_FIELD_PROFILE_PATH);
+
+	/* account expiry change */
+	SET_FIELD_NTTIME(r->in, user, mod, acct_expiry, USERMOD_FIELD_ACCT_EXPIRY);
+
+	/* account flags change */
+	SET_FIELD_ACCT_FLAGS(r->in, user, mod, acct_flags, USERMOD_FIELD_ACCT_FLAGS);
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+ * Stage 2: receive result of usermod request and finish the composite function
+ */
+static void continue_rpc_usermod(struct composite_context *ctx)
+{
+	struct composite_context *c;
+	struct modify_user_state *s;
+	struct monitor_msg msg;
+
+	c = talloc_get_type_abort(ctx->async.private_data, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct modify_user_state);
+	
+	c->status = libnet_rpc_usermod_recv(ctx, c, &s->user_mod);
+	if (!composite_is_ok(c)) return;
+	
+	if (s->monitor_fn) s->monitor_fn(&msg);
+	composite_done(c);
+}
+
+
+/**
+ * Receive result of ModifyUser call
+ *
+ * @param c composite context returned by send request routine
+ * @param mem_ctx memory context of this call
+ * @param r pointer to a structure containing arguments and result of this call
+ * @return nt status
+ */
+NTSTATUS libnet_ModifyUser_recv(struct composite_context *c, TALLOC_CTX *mem_ctx,
+				struct libnet_ModifyUser *r)
+{
+	NTSTATUS status = composite_wait(c);
+
+	talloc_free(c);
+	return status;
+}
+
+
+/**
+ * Synchronous version of ModifyUser call
+ *
+ * @param ctx initialised libnet context
+ * @param mem_ctx memory context of this call
+ * @param r pointer to a structure containing arguments and result of this call
+ * @return nt status
+ */
+NTSTATUS libnet_ModifyUser(struct libnet_context *ctx, TALLOC_CTX *mem_ctx,
+			   struct libnet_ModifyUser *r)
+{
+	struct composite_context *c;
+
+	c = libnet_ModifyUser_send(ctx, mem_ctx, r, NULL);
+	return libnet_ModifyUser_recv(c, mem_ctx, r);
+}
+
+
+struct user_info_state {
+	struct libnet_context *ctx;
+	const char *domain_name;
+	enum libnet_UserInfo_level level;
+	const char *user_name;
+	const char *sid_string;
+	struct libnet_LookupName lookup;
+	struct libnet_DomainOpen domopen;
+	struct libnet_rpc_userinfo userinfo;
+
+	/* information about the progress */
+	void (*monitor_fn)(struct monitor_msg *);
+};
+
+
+static void continue_name_found(struct composite_context *ctx);
+static void continue_domain_open_info(struct composite_context *ctx);
+static void continue_info_received(struct composite_context *ctx);
+
+
+/**
+ * Sends request to get user account information
+ *
+ * @param ctx initialised libnet context
+ * @param mem_ctx memory context of this call
+ * @param r pointer to a structure containing arguments and results of this call
+ * @param monitor function pointer for receiving monitor messages
+ * @return compostite context of this request
+ */
+struct composite_context* libnet_UserInfo_send(struct libnet_context *ctx,
+					       TALLOC_CTX *mem_ctx,
+					       struct libnet_UserInfo *r,
+					       void (*monitor)(struct monitor_msg*))
+{
+	struct composite_context *c;
+	struct user_info_state *s;
+	struct composite_context *lookup_req, *info_req;
+	bool prereq_met = false;
+
+	/* composite context allocation and setup */
+	c = composite_create(mem_ctx, ctx->event_ctx);
+	if (c == NULL) return NULL;
+
+	s = talloc_zero(c, struct user_info_state);
+	if (composite_nomem(s, c)) return c;
+
+	c->private_data = s;
+
+	/* store arguments in the state structure */
+	s->monitor_fn = monitor;
+	s->ctx = ctx;
+	s->domain_name = talloc_strdup(c, r->in.domain_name);
+	s->level = r->in.level;
+	switch (s->level) {
+	case USER_INFO_BY_NAME:
+		s->user_name = talloc_strdup(c, r->in.data.user_name);
+		s->sid_string = NULL;
+		break;
+	case USER_INFO_BY_SID:
+		s->user_name = NULL;
+		s->sid_string = dom_sid_string(c, r->in.data.user_sid);
+		break;
+	}
+
+	/* prerequisite: make sure the domain is opened */
+	prereq_met = samr_domain_opened(ctx, c, s->domain_name, &c, &s->domopen,
+					continue_domain_open_info, monitor);
+	if (!prereq_met) return c;
+
+	switch (s->level) {
+	case USER_INFO_BY_NAME:
+		/* prepare arguments for LookupName call */
+		s->lookup.in.domain_name = s->domain_name;
+		s->lookup.in.name        = s->user_name;
+
+		/* send the request */
+		lookup_req = libnet_LookupName_send(ctx, c, &s->lookup,
+						    s->monitor_fn);
+		if (composite_nomem(lookup_req, c)) return c;
+
+		/* set the next stage */
+		composite_continue(c, lookup_req, continue_name_found, c);
+		break;
+	case USER_INFO_BY_SID:
+		/* prepare arguments for UserInfo call */
+		s->userinfo.in.domain_handle = s->ctx->samr.handle;
+		s->userinfo.in.sid = s->sid_string;
+		s->userinfo.in.level = 21;
+
+		/* send the request */
+		info_req = libnet_rpc_userinfo_send(s, s->ctx->event_ctx,
+						    s->ctx->samr.samr_handle,
+						    &s->userinfo,
+						    s->monitor_fn);
+		if (composite_nomem(info_req, c)) return c;
+
+		/* set the next stage */
+		composite_continue(c, info_req, continue_info_received, c);
+		break;
+	}
+
+	return c;
+}
+
+
+/*
+ * Stage 0.5 (optional): receive result of domain open request
+ * and send LookupName request
+ */
+static void continue_domain_open_info(struct composite_context *ctx)
+{
+	struct composite_context *c;
+	struct user_info_state *s;
+	struct composite_context *lookup_req, *info_req;
+	struct monitor_msg msg;
+
+	c = talloc_get_type_abort(ctx->async.private_data, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct user_info_state);
+
+	/* receive result of DomainOpen call */
+	c->status = libnet_DomainOpen_recv(ctx, s->ctx, c, &s->domopen);
+	if (!composite_is_ok(c)) return;
+
+	/* send monitor message */
+	if (s->monitor_fn) s->monitor_fn(&msg);
+
+	switch (s->level) {
+	case USER_INFO_BY_NAME:
+		/* prepare arguments for LookupName call */
+		s->lookup.in.domain_name = s->domain_name;
+		s->lookup.in.name        = s->user_name;
+
+		/* send the request */
+		lookup_req = libnet_LookupName_send(s->ctx, c, &s->lookup, s->monitor_fn);
+		if (composite_nomem(lookup_req, c)) return;
+
+		/* set the next stage */
+		composite_continue(c, lookup_req, continue_name_found, c);
+		break;
+
+	case USER_INFO_BY_SID:
+		/* prepare arguments for UserInfo call */
+		s->userinfo.in.domain_handle = s->ctx->samr.handle;
+		s->userinfo.in.sid = s->sid_string;
+		s->userinfo.in.level = 21;
+
+		/* send the request */
+		info_req = libnet_rpc_userinfo_send(s, s->ctx->event_ctx,
+						    s->ctx->samr.samr_handle,
+						    &s->userinfo,
+						    s->monitor_fn);
+		if (composite_nomem(info_req, c)) return;
+
+		/* set the next stage */
+		composite_continue(c, info_req, continue_info_received, c);
+		break;
+	}
+}
+
+
+/*
+ * Stage 1: receive the name (if found) and send userinfo request
+ */
+static void continue_name_found(struct composite_context *ctx)
+{
+	struct composite_context *c;
+	struct user_info_state *s;
+	struct composite_context *info_req;
+
+	c = talloc_get_type_abort(ctx->async.private_data, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct user_info_state);
+
+	/* receive result of LookupName call */
+	c->status = libnet_LookupName_recv(ctx, c, &s->lookup);
+	if (!composite_is_ok(c)) return;
+
+	/* we're only interested in user accounts this time */
+	if (s->lookup.out.sid_type != SID_NAME_USER) {
+		composite_error(c, NT_STATUS_NO_SUCH_USER);
+		return;
+	}
+
+	/* prepare arguments for UserInfo call */
+	s->userinfo.in.domain_handle = s->ctx->samr.handle;
+	s->userinfo.in.sid = s->lookup.out.sidstr;
+	s->userinfo.in.level = 21;
+
+	/* send the request */
+	info_req = libnet_rpc_userinfo_send(s, s->ctx->event_ctx,
+					    s->ctx->samr.samr_handle,
+					    &s->userinfo, s->monitor_fn);
+	if (composite_nomem(info_req, c)) return;
+
+	/* set the next stage */
+	composite_continue(c, info_req, continue_info_received, c);
+}
+
+
+/*
+ * Stage 2: receive user account information and finish the composite function
+ */
+static void continue_info_received(struct composite_context *ctx)
+{
+	struct composite_context *c;
+	struct user_info_state *s;
+
+	c = talloc_get_type_abort(ctx->async.private_data, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct user_info_state);
+	
+	/* receive result of userinfo call */
+	c->status = libnet_rpc_userinfo_recv(ctx, c, &s->userinfo);
+	if (!composite_is_ok(c)) return;
+
+	composite_done(c);
+}
+
+
+/**
+ * Receive result of UserInfo call
+ *
+ * @param c composite context returned by send request routine
+ * @param mem_ctx memory context of this call
+ * @param r pointer to a structure containing arguments and result of this call
+ * @return nt status
+ */
+NTSTATUS libnet_UserInfo_recv(struct composite_context *c, TALLOC_CTX *mem_ctx,
+			      struct libnet_UserInfo *r)
+{
+	NTSTATUS status;
+	struct user_info_state *s;
+
+	status = composite_wait(c);
+
+	if (NT_STATUS_IS_OK(status) && r != NULL) {
+		struct samr_UserInfo21 *info;
+
+		s = talloc_get_type_abort(c->private_data, struct user_info_state);
+		info = &s->userinfo.out.info.info21;
+
+		r->out.user_sid = dom_sid_add_rid(mem_ctx, s->ctx->samr.sid, info->rid);
+		r->out.primary_group_sid = dom_sid_add_rid(mem_ctx, s->ctx->samr.sid, info->primary_gid);
+
+		/* string fields */
+		r->out.account_name   = talloc_steal(mem_ctx, info->account_name.string);
+		r->out.full_name      = talloc_steal(mem_ctx, info->full_name.string);
+		r->out.description    = talloc_steal(mem_ctx, info->description.string);
+		r->out.home_directory = talloc_steal(mem_ctx, info->home_directory.string);
+		r->out.home_drive     = talloc_steal(mem_ctx, info->home_drive.string);
+		r->out.comment        = talloc_steal(mem_ctx, info->comment.string);
+		r->out.logon_script   = talloc_steal(mem_ctx, info->logon_script.string);
+		r->out.profile_path   = talloc_steal(mem_ctx, info->profile_path.string);
+
+		/* time fields (allocation) */
+		r->out.acct_expiry           = talloc(mem_ctx, struct timeval);
+		r->out.allow_password_change = talloc(mem_ctx, struct timeval);
+		r->out.force_password_change = talloc(mem_ctx, struct timeval);
+		r->out.last_logon            = talloc(mem_ctx, struct timeval);
+		r->out.last_logoff           = talloc(mem_ctx, struct timeval);
+		r->out.last_password_change  = talloc(mem_ctx, struct timeval);
+		
+		/* time fields (converting) */
+		nttime_to_timeval(r->out.acct_expiry, info->acct_expiry);
+		nttime_to_timeval(r->out.allow_password_change, info->allow_password_change);
+		nttime_to_timeval(r->out.force_password_change, info->force_password_change);
+		nttime_to_timeval(r->out.last_logon, info->last_logon);
+		nttime_to_timeval(r->out.last_logoff, info->last_logoff);
+		nttime_to_timeval(r->out.last_password_change, info->last_password_change);
+
+		/* flag and number fields */
+		r->out.acct_flags = info->acct_flags;
+
+		r->out.error_string = talloc_strdup(mem_ctx, "Success");
+
+	} else {
+		r->out.error_string = talloc_asprintf(mem_ctx, "Error: %s", nt_errstr(status));
+	}
+
+	talloc_free(c);
+	return status;
+}
+
+
+/**
+ * Synchronous version of UserInfo call
+ *
+ * @param ctx initialised libnet context
+ * @param mem_ctx memory context of this call
+ * @param r pointer to a structure containing arguments and result of this call
+ * @return nt status
+ */
+NTSTATUS libnet_UserInfo(struct libnet_context *ctx, TALLOC_CTX *mem_ctx,
+			 struct libnet_UserInfo *r)
+{
+	struct composite_context *c;
+	
+	c = libnet_UserInfo_send(ctx, mem_ctx, r, NULL);
+	return libnet_UserInfo_recv(c, mem_ctx, r);
+}
+
+
+struct userlist_state {
+	struct libnet_context *ctx;
+	const char *domain_name;
+	struct lsa_DomainInfo dominfo;
+	int page_size;
+	uint32_t resume_index;
+	struct userlist *users;
+	uint32_t count;
+
+	struct libnet_DomainOpen domain_open;
+	struct lsa_QueryInfoPolicy query_domain;
+	struct samr_EnumDomainUsers user_list;
+
+	void (*monitor_fn)(struct monitor_msg*);
+};
+
+
+static void continue_lsa_domain_opened(struct composite_context *ctx);
+static void continue_domain_queried(struct tevent_req *subreq);
+static void continue_samr_domain_opened(struct composite_context *ctx);
+static void continue_users_enumerated(struct tevent_req *subreq);
+
+
+/**
+ * Sends request to list (enumerate) user accounts
+ *
+ * @param ctx initialised libnet context
+ * @param mem_ctx memory context of this call
+ * @param r pointer to structure containing arguments and results of this call
+ * @param monitor function pointer for receiving monitor messages
+ * @return compostite context of this request
+ */
+struct composite_context* libnet_UserList_send(struct libnet_context *ctx,
+					       TALLOC_CTX *mem_ctx,
+					       struct libnet_UserList *r,
+					       void (*monitor)(struct monitor_msg*))
+{
+	struct composite_context *c;
+	struct userlist_state *s;
+	struct tevent_req *subreq;
+	bool prereq_met = false;
+
+	/* composite context allocation and setup */
+	c = composite_create(mem_ctx, ctx->event_ctx);
+	if (c == NULL) return NULL;
+
+	s = talloc_zero(c, struct userlist_state);
+	if (composite_nomem(s, c)) return c;
+
+	c->private_data = s;
+
+	/* store the arguments in the state structure */
+	s->ctx          = ctx;
+	s->page_size    = r->in.page_size;
+	s->resume_index = r->in.resume_index;
+	s->domain_name  = talloc_strdup(c, r->in.domain_name);
+	s->monitor_fn   = monitor;
+
+	/* make sure we have lsa domain handle before doing anything */
+	prereq_met = lsa_domain_opened(ctx, c, s->domain_name, &c, &s->domain_open,
+				       continue_lsa_domain_opened, monitor);
+	if (!prereq_met) return c;
+
+	/* prepare arguments of QueryDomainInfo call */
+	s->query_domain.in.handle = &ctx->lsa.handle;
+	s->query_domain.in.level  = LSA_POLICY_INFO_DOMAIN;
+	s->query_domain.out.info  = talloc_zero(c, union lsa_PolicyInformation *);
+	if (composite_nomem(s->query_domain.out.info, c)) return c;
+
+	/* send the request */
+	subreq = dcerpc_lsa_QueryInfoPolicy_r_send(s, c->event_ctx,
+						   ctx->lsa.pipe->binding_handle,
+						   &s->query_domain);
+	if (composite_nomem(subreq, c)) return c;
+
+	tevent_req_set_callback(subreq, continue_domain_queried, c);
+	return c;
+}
+
+
+/*
+ * Stage 0.5 (optional): receive lsa domain handle and send
+ * request to query domain info
+ */
+static void continue_lsa_domain_opened(struct composite_context *ctx)
+{
+	struct composite_context *c;
+	struct userlist_state *s;
+	struct tevent_req *subreq;
+	
+	c = talloc_get_type_abort(ctx->async.private_data, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct userlist_state);
+	
+	/* receive lsa domain handle */
+	c->status = libnet_DomainOpen_recv(ctx, s->ctx, c, &s->domain_open);
+	if (!composite_is_ok(c)) return;
+
+	/* prepare arguments of QueryDomainInfo call */
+	s->query_domain.in.handle = &s->ctx->lsa.handle;
+	s->query_domain.in.level  = LSA_POLICY_INFO_DOMAIN;
+	s->query_domain.out.info  = talloc_zero(c, union lsa_PolicyInformation *);
+	if (composite_nomem(s->query_domain.out.info, c)) return;
+
+	/* send the request */
+	subreq = dcerpc_lsa_QueryInfoPolicy_r_send(s, c->event_ctx,
+						   s->ctx->lsa.pipe->binding_handle,
+						   &s->query_domain);
+	if (composite_nomem(subreq, c)) return;
+
+	tevent_req_set_callback(subreq, continue_domain_queried, c);
+}
+
+
+/*
+ * Stage 1: receive domain info and request to enum users,
+ * provided a valid samr handle is opened
+ */
+static void continue_domain_queried(struct tevent_req *subreq)
+{
+	struct composite_context *c;
+	struct userlist_state *s;
+	bool prereq_met = false;
+	
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct userlist_state);
+
+	/* receive result of rpc request */
+	c->status = dcerpc_lsa_QueryInfoPolicy_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	/* get the returned domain info */
+	s->dominfo = (*s->query_domain.out.info)->domain;
+
+	/* make sure we have samr domain handle before continuing */
+	prereq_met = samr_domain_opened(s->ctx, c, s->domain_name, &c, &s->domain_open,
+					continue_samr_domain_opened, s->monitor_fn);
+	if (!prereq_met) return;
+
+	/* prepare arguments of EnumDomainUsers call */
+	s->user_list.in.domain_handle = &s->ctx->samr.handle;
+	s->user_list.in.max_size = s->page_size;
+	s->user_list.in.resume_handle = &s->resume_index;
+	s->user_list.in.acct_flags = ACB_NORMAL;
+	s->user_list.out.resume_handle = &s->resume_index;
+	s->user_list.out.num_entries = talloc(s, uint32_t);
+	if (composite_nomem(s->user_list.out.num_entries, c)) return;
+	s->user_list.out.sam = talloc(s, struct samr_SamArray *);
+	if (composite_nomem(s->user_list.out.sam, c)) return;
+
+	/* send the request */
+	subreq = dcerpc_samr_EnumDomainUsers_r_send(s, c->event_ctx,
+						    s->ctx->samr.pipe->binding_handle,
+						    &s->user_list);
+	if (composite_nomem(subreq, c)) return;
+
+	tevent_req_set_callback(subreq, continue_users_enumerated, c);
+}
+
+
+/*
+ * Stage 1.5 (optional): receive samr domain handle
+ * and request to enumerate accounts
+ */
+static void continue_samr_domain_opened(struct composite_context *ctx)
+{
+	struct composite_context *c;
+	struct userlist_state *s;
+	struct tevent_req *subreq;
+
+	c = talloc_get_type_abort(ctx->async.private_data, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct userlist_state);
+
+	/* receive samr domain handle */
+	c->status = libnet_DomainOpen_recv(ctx, s->ctx, c, &s->domain_open);
+	if (!composite_is_ok(c)) return;
+
+	/* prepare arguments of EnumDomainUsers call */
+	s->user_list.in.domain_handle = &s->ctx->samr.handle;
+	s->user_list.in.max_size = s->page_size;
+	s->user_list.in.resume_handle = &s->resume_index;
+	s->user_list.in.acct_flags = ACB_NORMAL;
+	s->user_list.out.resume_handle = &s->resume_index;
+	s->user_list.out.sam = talloc(s, struct samr_SamArray *);
+	if (composite_nomem(s->user_list.out.sam, c)) return;
+	s->user_list.out.num_entries = talloc(s, uint32_t);
+	if (composite_nomem(s->user_list.out.num_entries, c)) return;
+	
+	/* send the request */
+	subreq = dcerpc_samr_EnumDomainUsers_r_send(s, c->event_ctx,
+						    s->ctx->samr.pipe->binding_handle,
+						    &s->user_list);
+	if (composite_nomem(subreq, c)) return;
+
+	tevent_req_set_callback(subreq, continue_users_enumerated, c);
+}
+
+
+/*
+ * Stage 2: receive enumerated users and their rids
+ */
+static void continue_users_enumerated(struct tevent_req *subreq)
+{
+	struct composite_context *c;
+	struct userlist_state *s;
+	uint32_t i;
+
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct userlist_state);
+
+	/* receive result of rpc request */
+	c->status = dcerpc_samr_EnumDomainUsers_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	/* get the actual status of the rpc call result
+	   (instead of rpc layer status) */
+	c->status = s->user_list.out.result;
+
+	/* we're interested in status "ok" as well as two
+	   enum-specific status codes */
+	if (NT_STATUS_IS_OK(c->status) ||
+	    NT_STATUS_EQUAL(c->status, STATUS_MORE_ENTRIES) ||
+	    NT_STATUS_EQUAL(c->status, NT_STATUS_NO_MORE_ENTRIES)) {
+
+		/* get enumerated accounts counter and resume handle (the latter allows
+		   making subsequent call to continue enumeration) */
+		s->resume_index = *s->user_list.out.resume_handle;
+		s->count        = *s->user_list.out.num_entries;
+		
+		/* prepare returned user accounts array */
+		s->users        = talloc_array(c, struct userlist, (*s->user_list.out.sam)->count);
+		if (composite_nomem(s->users, c)) return;
+
+		for (i = 0; i < (*s->user_list.out.sam)->count; i++) {
+			struct dom_sid *user_sid;
+			struct samr_SamEntry *entry = &(*s->user_list.out.sam)->entries[i];
+			struct dom_sid *domain_sid = (*s->query_domain.out.info)->domain.sid;
+			
+			/* construct user sid from returned rid and queried domain sid */
+			user_sid = dom_sid_add_rid(c, domain_sid, entry->idx);
+			if (composite_nomem(user_sid, c)) return;
+			
+			/* username */
+			s->users[i].username = talloc_strdup(s->users, entry->name.string);
+			if (composite_nomem(s->users[i].username, c)) return;
+
+			/* sid string */
+			s->users[i].sid = dom_sid_string(s->users, user_sid);
+			if (composite_nomem(s->users[i].sid, c)) return;
+		}
+		
+		/* that's it */
+		composite_done(c);
+		return;
+
+	} else {
+		/* something went wrong */
+		composite_error(c, c->status);
+		return;
+	}
+}
+
+
+/**
+ * Receive result of UserList call
+ *
+ * @param c composite context returned by send request routine
+ * @param mem_ctx memory context of this call
+ * @param r pointer to structure containing arguments and result of this call
+ * @return nt status
+ */
+NTSTATUS libnet_UserList_recv(struct composite_context* c, TALLOC_CTX *mem_ctx,
+			      struct libnet_UserList *r)
+{
+	NTSTATUS status;
+	struct userlist_state *s;
+
+	if (c == NULL || mem_ctx == NULL || r == NULL) {
+		talloc_free(c);
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	status = composite_wait(c);
+	if (NT_STATUS_IS_OK(status) ||
+	    NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES) ||
+	    NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES)) {
+		
+		s = talloc_get_type_abort(c->private_data, struct userlist_state);
+		
+		/* get results from composite context */
+		r->out.count = s->count;
+		r->out.resume_index = s->resume_index;
+		r->out.users = talloc_steal(mem_ctx, s->users);
+		
+		if (NT_STATUS_IS_OK(status)) {
+			r->out.error_string = talloc_strdup(mem_ctx, "Success");
+		} else {
+			/* success, but we're not done yet */
+			r->out.error_string = talloc_asprintf(mem_ctx, "Success (status: %s)",
+							      nt_errstr(status));
+		}
+
+	} else {
+		r->out.error_string = talloc_asprintf(mem_ctx, "Error: %s", nt_errstr(status));
+	}
+
+	talloc_free(c);
+	return status;
+}
+
+
+/**
+ * Synchronous version of UserList call
+ *
+ * @param ctx initialised libnet context
+ * @param mem_ctx memory context of this call
+ * @param r pointer to structure containing arguments and result of this call
+ * @return nt status
+ */
+NTSTATUS libnet_UserList(struct libnet_context *ctx,
+			 TALLOC_CTX *mem_ctx,
+			 struct libnet_UserList *r)
+{
+	struct composite_context *c;
+
+	c = libnet_UserList_send(ctx, mem_ctx, r, NULL);
+	return libnet_UserList_recv(c, mem_ctx, r);
+}
diff --git a/source4/libnet/libnet_user.h b/source4/libnet/libnet_user.h
new file mode 100644
index 0000000..8203d14
--- /dev/null
+++ b/source4/libnet/libnet_user.h
@@ -0,0 +1,156 @@
+/* 
+   Unix SMB/CIFS implementation.
+   
+   Copyright (C) Rafal Szczesniak <mimir@samba.org> 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+struct libnet_CreateUser {
+	struct {
+		const char *user_name;
+		const char *domain_name;
+	} in;
+	struct {
+		const char *error_string;
+	} out;
+};
+
+
+struct libnet_DeleteUser {
+	struct {
+		const char *user_name;
+		const char *domain_name;
+	} in;
+	struct {
+		const char *error_string;
+	} out;
+};
+
+
+struct libnet_ModifyUser {
+	struct {
+		const char *user_name;
+		const char *domain_name;
+
+		const char *account_name;
+		const char *full_name;
+		const char *description;
+		const char *home_directory;
+		const char *home_drive;
+		const char *comment;
+		const char *logon_script;
+		const char *profile_path;
+		struct timeval *acct_expiry;
+		struct timeval *allow_password_change;
+		struct timeval *force_password_change;
+		struct timeval *last_password_change;
+		uint32_t acct_flags;
+	} in;
+	struct {
+		const char *error_string;
+	} out;
+};
+
+
+#define SET_FIELD_LSA_STRING(new, current, mod, field, flag) \
+	if (new.field != NULL && \
+	    !strequal_m(current->field.string, new.field)) { \
+		\
+		mod->field = talloc_strdup(mem_ctx, new.field);	\
+		if (mod->field == NULL) return NT_STATUS_NO_MEMORY; \
+		\
+		mod->fields |= flag; \
+	}
+
+#define SET_FIELD_NTTIME(new, current, mod, field, flag) \
+	if (new.field != 0) { \
+		NTTIME newval = timeval_to_nttime(new.field); \
+		if (newval != current->field) {	\
+			mod->field = talloc_memdup(mem_ctx, new.field, sizeof(*new.field)); \
+			if (mod->field == NULL) return NT_STATUS_NO_MEMORY; \
+			mod->fields |= flag; \
+		} \
+	}
+
+#define SET_FIELD_UINT32(new, current, mod, field, flag) \
+	if (current->field != new.field) { \
+		mod->field = new.field; \
+		mod->fields |= flag; \
+	}
+
+#define SET_FIELD_ACCT_FLAGS(new, current, mod, field, flag) \
+	if (new.field) { \
+		if (current->field != new.field) {	\
+			mod->field = new.field;		\
+			mod->fields |= flag;		\
+		}					\
+	}
+
+enum libnet_UserInfo_level {
+	USER_INFO_BY_NAME=0,
+	USER_INFO_BY_SID
+};
+
+struct libnet_UserInfo {
+	struct {
+		const char *domain_name;
+		enum libnet_UserInfo_level level;
+		union {
+			const char *user_name;
+			const struct dom_sid *user_sid;
+		} data;
+	} in;
+	struct {
+		struct dom_sid *user_sid;
+		struct dom_sid *primary_group_sid;
+		const char *account_name;
+		const char *full_name;
+		const char *description;
+		const char *home_directory;
+		const char *home_drive;
+		const char *comment;
+		const char *logon_script;
+		const char *profile_path;
+		struct timeval *acct_expiry;
+		struct timeval *allow_password_change;
+		struct timeval *force_password_change;
+		struct timeval *last_logon;
+		struct timeval *last_logoff;
+		struct timeval *last_password_change;
+		uint32_t acct_flags;
+		const char *error_string;
+	} out;
+};
+
+
+struct libnet_UserList {
+	struct {
+		const char *domain_name;
+		int page_size;
+		uint32_t resume_index;
+	} in;
+	struct {
+		int count;
+		uint32_t resume_index;
+
+		struct userlist {
+			const char *sid;
+			const char *username;
+		} *users;
+
+		const char *error_string;
+	} out;
+};
diff --git a/source4/libnet/libnet_vampire.c b/source4/libnet/libnet_vampire.c
new file mode 100644
index 0000000..54bbbe3
--- /dev/null
+++ b/source4/libnet/libnet_vampire.c
@@ -0,0 +1,838 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Extract the user/system database from a remote server
+
+   Copyright (C) Stefan Metzmacher	2004-2006
+   Copyright (C) Brad Henry 2005
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include "includes.h"
+#include "libnet/libnet.h"
+#include "lib/events/events.h"
+#include "dsdb/samdb/samdb.h"
+#include "../lib/util/dlinklist.h"
+#include <ldb.h>
+#include <ldb_errors.h>
+#include "librpc/ndr/libndr.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "system/time.h"
+#include "ldb_wrap.h"
+#include "auth/auth.h"
+#include "auth/credentials/credentials.h"
+#include "param/param.h"
+#include "param/provision.h"
+#include "libcli/security/security.h"
+#include "dsdb/common/util.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS            DBGC_DRS_REPL
+
+/*
+List of tasks vampire.py must perform:
+- Domain Join
+ - but don't write the secrets.ldb
+ - results for this should be enough to handle the provision
+- if vampire method is samsync
+ - Provision using these results
+  - do we still want to support this NT4 technology?
+- Start samsync with libnet code
+ - provision in the callback
+- Write out the secrets database, using the code from libnet_Join
+
+*/
+struct libnet_vampire_cb_state {
+	const char *netbios_name;
+	const char *domain_name;
+	const char *realm;
+	struct cli_credentials *machine_account;
+
+	/* Schema loaded from local LDIF files */
+	struct dsdb_schema *provision_schema;
+
+        /* 1st pass, with some OIDs/attribute names/class names not
+	 * converted, because we may not know them yet */
+	struct dsdb_schema *self_made_schema;
+
+	/* prefixMap in LDB format, from the remote DRS server */
+	DATA_BLOB prefixmap_blob;
+	const struct dsdb_schema *schema;
+
+	struct ldb_context *ldb;
+
+	struct {
+		uint32_t object_count;
+		struct drsuapi_DsReplicaObjectListItemEx *first_object;
+		struct drsuapi_DsReplicaObjectListItemEx *last_object;
+	} schema_part;
+
+	const char *targetdir;
+
+	struct loadparm_context *lp_ctx;
+	struct tevent_context *event_ctx;
+	unsigned total_objects;
+	unsigned total_links;
+	char *last_partition;
+	const char *server_dn_str;
+};
+
+/* initialise a state structure ready for replication of chunks */
+void *libnet_vampire_replicate_init(TALLOC_CTX *mem_ctx,
+				    struct ldb_context *samdb,
+				    struct loadparm_context *lp_ctx)
+{
+	struct libnet_vampire_cb_state *s = talloc_zero(mem_ctx, struct libnet_vampire_cb_state);
+	if (!s) {
+		return NULL;
+	}
+
+	s->ldb              = samdb;
+	s->lp_ctx           = lp_ctx;
+	s->provision_schema = dsdb_get_schema(s->ldb, s);
+	s->schema           = s->provision_schema;
+	s->netbios_name     = lpcfg_netbios_name(lp_ctx);
+	s->domain_name      = lpcfg_workgroup(lp_ctx);
+	s->realm            = lpcfg_realm(lp_ctx);
+
+	return s;
+}
+
+/* Caller is expected to keep supplied pointers around for the lifetime of the structure */
+void *libnet_vampire_cb_state_init(TALLOC_CTX *mem_ctx,
+				   struct loadparm_context *lp_ctx, struct tevent_context *event_ctx,
+				   const char *netbios_name, const char *domain_name, const char *realm,
+				   const char *targetdir)
+{
+	struct libnet_vampire_cb_state *s = talloc_zero(mem_ctx, struct libnet_vampire_cb_state);
+	if (!s) {
+		return NULL;
+	}
+
+	s->lp_ctx = lp_ctx;
+	s->event_ctx = event_ctx;
+	s->netbios_name = netbios_name;
+	s->domain_name = domain_name;
+	s->realm = realm;
+	s->targetdir = targetdir;
+	return s;
+}
+
+struct ldb_context *libnet_vampire_cb_ldb(struct libnet_vampire_cb_state *state)
+{
+	state = talloc_get_type_abort(state, struct libnet_vampire_cb_state);
+	return state->ldb;
+}
+
+struct loadparm_context *libnet_vampire_cb_lp_ctx(struct libnet_vampire_cb_state *state)
+{
+	state = talloc_get_type_abort(state, struct libnet_vampire_cb_state);
+	return state->lp_ctx;
+}
+
+NTSTATUS libnet_vampire_cb_prepare_db(void *private_data,
+				      const struct libnet_BecomeDC_PrepareDB *p)
+{
+	struct libnet_vampire_cb_state *s = talloc_get_type(private_data, struct libnet_vampire_cb_state);
+	struct provision_settings settings;
+	struct provision_result result;
+	NTSTATUS status;
+
+	ZERO_STRUCT(settings);
+	settings.site_name = p->dest_dsa->site_name;
+	settings.root_dn_str = p->forest->root_dn_str;
+	settings.domain_dn_str = p->domain->dn_str;
+	settings.config_dn_str = p->forest->config_dn_str;
+	settings.schema_dn_str = p->forest->schema_dn_str;
+	settings.netbios_name = p->dest_dsa->netbios_name;
+	settings.realm = s->realm;
+	settings.domain = s->domain_name;
+	settings.server_dn_str = p->dest_dsa->server_dn_str;
+	settings.machine_password = generate_random_machine_password(s, 120, 120);
+	settings.targetdir = s->targetdir;
+	settings.use_ntvfs = true;
+	status = provision_bare(s, s->lp_ctx, &settings, &result);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	s->ldb = talloc_steal(s, result.samdb);
+	s->lp_ctx = talloc_reparent(talloc_parent(result.lp_ctx), s, result.lp_ctx);
+	s->provision_schema = dsdb_get_schema(s->ldb, s);
+	s->server_dn_str = talloc_steal(s, p->dest_dsa->server_dn_str);
+
+	/* wrap the entire vapire operation in a transaction.  This
+	   isn't just cosmetic - we use this to ensure that linked
+	   attribute back links are added at the end by relying on a
+	   transaction commit hook in the linked attributes module. We
+	   need to do this as the order of objects coming from the
+	   server is not sufficiently deterministic to know that the
+	   record that a backlink needs to be created in has itself
+	   been created before the object containing the forward link
+	   has come over the wire */
+	if (ldb_transaction_start(s->ldb) != LDB_SUCCESS) {
+		return NT_STATUS_FOOBAR;
+	}
+
+        return NT_STATUS_OK;
+
+
+}
+
+NTSTATUS libnet_vampire_cb_check_options(void *private_data,
+					 const struct libnet_BecomeDC_CheckOptions *o)
+{
+	struct libnet_vampire_cb_state *s = talloc_get_type(private_data, struct libnet_vampire_cb_state);
+
+	DEBUG(0,("Become DC [%s] of Domain[%s]/[%s]\n",
+		s->netbios_name,
+		o->domain->netbios_name, o->domain->dns_name));
+
+	DEBUG(0,("Promotion Partner is Server[%s] from Site[%s]\n",
+		o->source_dsa->dns_name, o->source_dsa->site_name));
+
+	DEBUG(0,("Options:crossRef behavior_version[%u]\n"
+		       "\tschema object_version[%u]\n"
+		       "\tdomain behavior_version[%u]\n"
+		       "\tdomain w2k3_update_revision[%u]\n",
+		o->forest->crossref_behavior_version,
+		o->forest->schema_object_version,
+		o->domain->behavior_version,
+		o->domain->w2k3_update_revision));
+
+	return NT_STATUS_OK;
+}
+
+static WERROR libnet_vampire_cb_apply_schema(struct libnet_vampire_cb_state *s,
+					     const struct libnet_BecomeDC_StoreChunk *c)
+{
+	WERROR status;
+	struct dsdb_schema_prefixmap *pfm_remote;
+	const struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr;
+	struct dsdb_schema *provision_schema;
+	uint32_t object_count = 0;
+	struct drsuapi_DsReplicaObjectListItemEx *first_object;
+	uint32_t linked_attributes_count;
+	struct drsuapi_DsReplicaLinkedAttribute *linked_attributes;
+	const struct drsuapi_DsReplicaCursor2CtrEx *uptodateness_vector;
+	struct dsdb_extended_replicated_objects *schema_objs;
+	struct repsFromTo1 *s_dsa;
+	char *tmp_dns_name;
+	struct ldb_context *schema_ldb;
+	struct ldb_dn *partition_dn;
+	struct ldb_message *msg;
+	struct ldb_message_element *prefixMap_el;
+	uint32_t i;
+	int ret;
+	bool ok;
+	uint64_t seq_num = 0;
+	uint32_t cycle_before_switching;
+
+	DEBUG(0,("Analyze and apply schema objects\n"));
+
+	s_dsa			= talloc_zero(s, struct repsFromTo1);
+	if (s_dsa == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+	s_dsa->other_info	= talloc(s_dsa, struct repsFromTo1OtherInfo);
+	if (s_dsa->other_info == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	switch (c->ctr_level) {
+	case 1:
+		mapping_ctr			= &c->ctr1->mapping_ctr;
+		object_count			= s->schema_part.object_count;
+		first_object			= s->schema_part.first_object;
+		linked_attributes_count		= 0;
+		linked_attributes		= NULL;
+		s_dsa->highwatermark		= c->ctr1->new_highwatermark;
+		s_dsa->source_dsa_obj_guid	= c->ctr1->source_dsa_guid;
+		s_dsa->source_dsa_invocation_id = c->ctr1->source_dsa_invocation_id;
+		uptodateness_vector		= NULL; /* TODO: map it */
+		break;
+	case 6:
+		mapping_ctr			= &c->ctr6->mapping_ctr;
+		object_count			= s->schema_part.object_count;
+		first_object			= s->schema_part.first_object;
+		linked_attributes_count		= c->ctr6->linked_attributes_count;
+		linked_attributes		= c->ctr6->linked_attributes;
+		s_dsa->highwatermark		= c->ctr6->new_highwatermark;
+		s_dsa->source_dsa_obj_guid	= c->ctr6->source_dsa_guid;
+		s_dsa->source_dsa_invocation_id = c->ctr6->source_dsa_invocation_id;
+		uptodateness_vector		= c->ctr6->uptodateness_vector;
+		break;
+	default:
+		return WERR_INVALID_PARAMETER;
+	}
+	/* We must set these up to ensure the replMetaData is written
+	 * correctly, before our NTDS Settings entry is replicated */
+	ok = samdb_set_ntds_invocation_id(s->ldb, &c->dest_dsa->invocation_id);
+	if (!ok) {
+		DEBUG(0,("Failed to set cached ntds invocationId\n"));
+		return WERR_INTERNAL_ERROR;
+	}
+	ok = samdb_set_ntds_objectGUID(s->ldb, &c->dest_dsa->ntds_guid);
+	if (!ok) {
+		DEBUG(0,("Failed to set cached ntds objectGUID\n"));
+		return WERR_INTERNAL_ERROR;
+	}
+
+	status = dsdb_schema_pfm_from_drsuapi_pfm(mapping_ctr, true,
+						  s, &pfm_remote, NULL);
+	if (!W_ERROR_IS_OK(status)) {
+		DEBUG(0,(__location__ ": Failed to decode remote prefixMap: %s\n",
+			 win_errstr(status)));
+		return status;
+	}
+
+	s_dsa->replica_flags		= DRSUAPI_DRS_WRIT_REP
+					| DRSUAPI_DRS_INIT_SYNC
+					| DRSUAPI_DRS_PER_SYNC;
+	memset(s_dsa->schedule, 0x11, sizeof(s_dsa->schedule));
+
+	tmp_dns_name	= GUID_string(s_dsa->other_info, &s_dsa->source_dsa_obj_guid);
+	if (tmp_dns_name == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+	tmp_dns_name	= talloc_asprintf_append_buffer(tmp_dns_name, "._msdcs.%s", c->forest->dns_name);
+	if (tmp_dns_name == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+	s_dsa->other_info->dns_name = tmp_dns_name;
+
+	if (s->self_made_schema == NULL) {
+		DEBUG(0,("libnet_vampire_cb_apply_schema: called with out self_made_schema\n"));
+		return WERR_INTERNAL_ERROR;
+	}
+
+	schema_ldb = provision_get_schema(s, s->lp_ctx,
+					  c->forest->schema_dn_str,
+					  &s->prefixmap_blob);
+	if (!schema_ldb) {
+		DEBUG(0,("Failed to re-load from local provision using remote prefixMap. "
+			 "Will continue with local prefixMap\n"));
+		provision_schema = dsdb_get_schema(s->ldb, s);
+	} else {
+		provision_schema = dsdb_get_schema(schema_ldb, s);
+		ret = dsdb_reference_schema(s->ldb, provision_schema, SCHEMA_MEMORY_ONLY);
+		if (ret != LDB_SUCCESS) {
+			DEBUG(0,("Failed to attach schema from local provision using remote prefixMap.\n"));
+			return WERR_INTERNAL_ERROR;
+		}
+		talloc_unlink(s, schema_ldb);
+	}
+
+	cycle_before_switching = lpcfg_parm_long(s->lp_ctx, NULL,
+						 "become dc",
+						 "schema convert retrial", 1);
+
+	provision_schema->resolving_in_progress = true;
+	s->self_made_schema->resolving_in_progress = true;
+
+	status = dsdb_repl_resolve_working_schema(s->ldb,
+						  pfm_remote,
+						  cycle_before_switching,
+						  provision_schema,
+						  s->self_made_schema,
+						  object_count,
+						  first_object);
+	if (!W_ERROR_IS_OK(status)) {
+		DEBUG(0, ("%s: dsdb_repl_resolve_working_schema() failed: %s\n",
+			  __location__, win_errstr(status)));
+		return status;
+	}
+
+	/* free temp objects for 1st conversion phase */
+	talloc_unlink(s, provision_schema);
+
+	s->self_made_schema->resolving_in_progress = false;
+
+	/*
+	 * attach the schema we just brought over DRS to the ldb,
+	 * so we can use it in dsdb_convert_object_ex below
+	 */
+	ret = dsdb_set_schema(s->ldb, s->self_made_schema, SCHEMA_WRITE);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,("Failed to attach working schema from DRS.\n"));
+		return WERR_INTERNAL_ERROR;
+	}
+
+	/* we don't want to access the self made schema anymore */
+	s->schema = s->self_made_schema;
+	s->self_made_schema = NULL;
+
+	partition_dn = ldb_dn_new(s, s->ldb, c->partition->nc.dn);
+	if (partition_dn == NULL) {
+		DEBUG(0,("Failed to parse partition DN from DRS.\n"));
+		return WERR_INVALID_PARAMETER;
+	}
+
+	/* Now convert the schema elements again, using the schema we finalised, ready to actually import */
+	status = dsdb_replicated_objects_convert(s->ldb,
+						 s->schema,
+						 partition_dn,
+						 mapping_ctr,
+						 object_count,
+						 first_object,
+						 linked_attributes_count,
+						 linked_attributes,
+						 s_dsa,
+						 uptodateness_vector,
+						 c->gensec_skey,
+						 0,
+						 s, &schema_objs);
+	if (!W_ERROR_IS_OK(status)) {
+		DEBUG(0,("Failed to convert objects when trying to import over DRS (2nd pass, to store remote schema): %s\n", win_errstr(status)));
+		return status;
+	}
+
+	if (lpcfg_parm_bool(s->lp_ctx, NULL, "become dc", "dump objects", false)) {
+		for (i=0; i < schema_objs->num_objects; i++) {
+			struct ldb_ldif ldif;
+			fprintf(stdout, "#\n");
+			ldif.changetype = LDB_CHANGETYPE_NONE;
+			ldif.msg = schema_objs->objects[i].msg;
+			ldb_ldif_write_file(s->ldb, stdout, &ldif);
+			NDR_PRINT_DEBUG(replPropertyMetaDataBlob, schema_objs->objects[i].meta_data);
+		}
+	}
+
+	status = dsdb_replicated_objects_commit(s->ldb, NULL, schema_objs, &seq_num);
+	if (!W_ERROR_IS_OK(status)) {
+		DEBUG(0,("Failed to commit objects: %s\n", win_errstr(status)));
+		return status;
+	}
+
+	msg = ldb_msg_new(schema_objs);
+	if (msg == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+	msg->dn = schema_objs->partition_dn;
+
+	/* We must ensure a prefixMap has been written.  Unlike other
+	 * attributes (including schemaInfo), it is not replicated in
+	 * the normal replication stream.  We can use the one from
+	 * s->prefixmap_blob because we operate with one, unchanging
+	 * prefixMap for this entire operation.  */
+	ret = ldb_msg_add_value(msg, "prefixMap", &s->prefixmap_blob, &prefixMap_el);
+	if (ret != LDB_SUCCESS) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+	/* We want to know if a prefixMap was written already, as it
+	 * would mean that the above comment was not true, and we have
+	 * somehow updated the prefixMap during this transaction */
+	prefixMap_el->flags = LDB_FLAG_MOD_ADD;
+
+	ret = dsdb_modify(s->ldb, msg, DSDB_FLAG_AS_SYSTEM);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,("Failed to add prefixMap: %s\n", ldb_errstring(s->ldb)));
+		return WERR_INTERNAL_ERROR;
+	}
+
+	talloc_free(s_dsa);
+	talloc_free(schema_objs);
+
+	s->schema = dsdb_get_schema(s->ldb, s);
+	if (!s->schema) {
+		DEBUG(0,("Failed to get loaded dsdb_schema\n"));
+		return WERR_INTERNAL_ERROR;
+	}
+
+	return WERR_OK;
+}
+
+WERROR libnet_vampire_cb_schema_chunk(void *private_data,
+				      const struct libnet_BecomeDC_StoreChunk *c)
+{
+	struct libnet_vampire_cb_state *s = talloc_get_type(private_data, struct libnet_vampire_cb_state);
+	WERROR werr;
+	const struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr;
+	uint32_t nc_object_count;
+	uint32_t nc_total_received = 0;
+	uint32_t object_count;
+	struct drsuapi_DsReplicaObjectListItemEx *first_object;
+	struct drsuapi_DsReplicaObjectListItemEx *cur;
+	uint32_t nc_linked_attributes_count;
+	uint32_t linked_attributes_count;
+
+	switch (c->ctr_level) {
+	case 1:
+		mapping_ctr			= &c->ctr1->mapping_ctr;
+		nc_object_count			= c->ctr1->extended_ret; /* maybe w2k send this unexpected? */
+		object_count			= c->ctr1->object_count;
+		first_object			= c->ctr1->first_object;
+		nc_linked_attributes_count	= 0;
+		linked_attributes_count		= 0;
+		break;
+	case 6:
+		mapping_ctr			= &c->ctr6->mapping_ctr;
+		nc_object_count			= c->ctr6->nc_object_count;
+		object_count			= c->ctr6->object_count;
+		first_object			= c->ctr6->first_object;
+		nc_linked_attributes_count	= c->ctr6->nc_linked_attributes_count;
+		linked_attributes_count		= c->ctr6->linked_attributes_count;
+		break;
+	default:
+		return WERR_INVALID_PARAMETER;
+	}
+
+	if (!s->schema_part.first_object) {
+		nc_total_received = object_count;
+	} else {
+		nc_total_received = s->schema_part.object_count + object_count;
+	}
+	if (nc_object_count) {
+		DEBUG(0,("Schema-DN[%s] objects[%u/%u] linked_values[%u/%u]\n",
+			c->partition->nc.dn, nc_total_received, nc_object_count,
+			linked_attributes_count, nc_linked_attributes_count));
+	} else {
+		DEBUG(0,("Schema-DN[%s] objects[%u] linked_values[%u]\n",
+		c->partition->nc.dn, nc_total_received, linked_attributes_count));
+	}
+
+	if (!s->self_made_schema) {
+		struct drsuapi_DsReplicaOIDMapping_Ctr mapping_ctr_without_schema_info;
+		/* Put the DRS prefixmap aside for the schema we are
+		 * about to load in the provision, and into the one we
+		 * are making with the help of DRS */
+
+		mapping_ctr_without_schema_info = *mapping_ctr;
+
+		/* This strips off the 0xFF schema info from the end,
+		 * because we don't want it in the blob */
+		if (mapping_ctr_without_schema_info.num_mappings > 0) {
+			mapping_ctr_without_schema_info.num_mappings--;
+		}
+		werr = dsdb_get_drsuapi_prefixmap_as_blob(&mapping_ctr_without_schema_info, s, &s->prefixmap_blob);
+		if (!W_ERROR_IS_OK(werr)) {
+			return werr;
+		}
+
+		/* Set up two manually-constructed schema - the local
+		 * schema from the provision will be used to build
+		 * one, which will then in turn be used to build the
+		 * other. */
+		s->self_made_schema = dsdb_new_schema(s);
+		if (s->self_made_schema == NULL) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+
+		werr = dsdb_load_prefixmap_from_drsuapi(s->self_made_schema, mapping_ctr);
+		if (!W_ERROR_IS_OK(werr)) {
+			return werr;
+		}
+	} else {
+		werr = dsdb_schema_pfm_contains_drsuapi_pfm(s->self_made_schema->prefixmap, mapping_ctr);
+		if (!W_ERROR_IS_OK(werr)) {
+			return werr;
+		}
+	}
+
+	if (!s->schema_part.first_object) {
+		s->schema_part.object_count = object_count;
+		s->schema_part.first_object = talloc_steal(s, first_object);
+	} else {
+		s->schema_part.object_count		+= object_count;
+		s->schema_part.last_object->next_object = talloc_steal(s->schema_part.last_object,
+								       first_object);
+	}
+	if (first_object != NULL) {
+		for (cur = first_object; cur->next_object; cur = cur->next_object) {}
+	} else {
+		cur = first_object;
+	}
+
+	s->schema_part.last_object = cur;
+
+	if (!c->partition->more_data) {
+		return libnet_vampire_cb_apply_schema(s, c);
+	}
+
+	return WERR_OK;
+}
+
+WERROR libnet_vampire_cb_store_chunk(void *private_data,
+				     const struct libnet_BecomeDC_StoreChunk *c)
+{
+	struct libnet_vampire_cb_state *s = talloc_get_type(private_data, struct libnet_vampire_cb_state);
+	WERROR status;
+	struct dsdb_schema *schema;
+	const struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr;
+	uint32_t nc_object_count;
+	uint32_t object_count;
+	struct drsuapi_DsReplicaObjectListItemEx *first_object;
+	uint32_t nc_linked_attributes_count;
+	uint32_t linked_attributes_count;
+	struct drsuapi_DsReplicaLinkedAttribute *linked_attributes;
+	const struct drsuapi_DsReplicaCursor2CtrEx *uptodateness_vector;
+	struct dsdb_extended_replicated_objects *objs;
+	uint32_t req_replica_flags;
+	uint32_t dsdb_repl_flags = 0;
+	struct repsFromTo1 *s_dsa;
+	char *tmp_dns_name;
+	uint32_t i;
+	uint64_t seq_num = 0;
+	bool is_exop = false;
+	struct ldb_dn *partition_dn = NULL;
+	struct ldb_dn *nc_root = NULL;
+
+	s_dsa			= talloc_zero(s, struct repsFromTo1);
+	if (s_dsa == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+	s_dsa->other_info	= talloc(s_dsa, struct repsFromTo1OtherInfo);
+	if (s_dsa->other_info == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	switch (c->ctr_level) {
+	case 1:
+		mapping_ctr			= &c->ctr1->mapping_ctr;
+		nc_object_count			= c->ctr1->extended_ret; /* maybe w2k send this unexpected? */
+		object_count			= c->ctr1->object_count;
+		first_object			= c->ctr1->first_object;
+		nc_linked_attributes_count	= 0;
+		linked_attributes_count		= 0;
+		linked_attributes		= NULL;
+		s_dsa->highwatermark		= c->ctr1->new_highwatermark;
+		s_dsa->source_dsa_obj_guid	= c->ctr1->source_dsa_guid;
+		s_dsa->source_dsa_invocation_id = c->ctr1->source_dsa_invocation_id;
+		uptodateness_vector		= NULL; /* TODO: map it */
+		break;
+	case 6:
+		mapping_ctr			= &c->ctr6->mapping_ctr;
+		nc_object_count			= c->ctr6->nc_object_count;
+		object_count			= c->ctr6->object_count;
+		first_object			= c->ctr6->first_object;
+		nc_linked_attributes_count	= c->ctr6->nc_linked_attributes_count;
+		linked_attributes_count		= c->ctr6->linked_attributes_count;
+		linked_attributes		= c->ctr6->linked_attributes;
+		s_dsa->highwatermark		= c->ctr6->new_highwatermark;
+		s_dsa->source_dsa_obj_guid	= c->ctr6->source_dsa_guid;
+		s_dsa->source_dsa_invocation_id = c->ctr6->source_dsa_invocation_id;
+		uptodateness_vector		= c->ctr6->uptodateness_vector;
+		break;
+	default:
+		return WERR_INVALID_PARAMETER;
+	}
+
+	switch (c->req_level) {
+	case 0:
+		/* none */
+		req_replica_flags = 0;
+		break;
+	case 5:
+		if (c->req5->extended_op != DRSUAPI_EXOP_NONE) {
+			is_exop = true;
+		}
+		req_replica_flags = c->req5->replica_flags;
+		break;
+	case 8:
+		if (c->req8->extended_op != DRSUAPI_EXOP_NONE) {
+			is_exop = true;
+		}
+		req_replica_flags = c->req8->replica_flags;
+		break;
+	case 10:
+		if (c->req10->extended_op != DRSUAPI_EXOP_NONE) {
+			is_exop = true;
+		}
+		req_replica_flags = c->req10->replica_flags;
+
+		if (c->req10->more_flags & DRSUAPI_DRS_GET_TGT) {
+			dsdb_repl_flags |= DSDB_REPL_FLAG_TARGETS_UPTODATE;
+		}
+		break;
+	default:
+		return WERR_INVALID_PARAMETER;
+	}
+
+	/*
+	 * If the peer DC doesn't support GET_TGT (req v10), then the link
+	 * targets are as up-to-date as they're ever gonna be. (Without this,
+	 * cases where we'd normally retry with GET_TGT cause the join to fail)
+	 */
+	if (c->req_level < 10) {
+		dsdb_repl_flags |= DSDB_REPL_FLAG_TARGETS_UPTODATE;
+	}
+
+	if (req_replica_flags & DRSUAPI_DRS_CRITICAL_ONLY || is_exop) {
+		/*
+		 * If we only replicate the critical objects, or this
+		 * is an exop we should not remember what we already
+		 * got, as it is incomplete.
+		 */
+		ZERO_STRUCT(s_dsa->highwatermark);
+		uptodateness_vector = NULL;
+		dsdb_repl_flags |= DSDB_REPL_FLAG_OBJECT_SUBSET;
+	}
+
+	/* TODO: avoid hardcoded flags */
+	s_dsa->replica_flags		= DRSUAPI_DRS_WRIT_REP
+					| DRSUAPI_DRS_INIT_SYNC
+					| DRSUAPI_DRS_PER_SYNC;
+	memset(s_dsa->schedule, 0x11, sizeof(s_dsa->schedule));
+
+	tmp_dns_name	= GUID_string(s_dsa->other_info, &s_dsa->source_dsa_obj_guid);
+	if (tmp_dns_name == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+	tmp_dns_name	= talloc_asprintf_append_buffer(tmp_dns_name, "._msdcs.%s", c->forest->dns_name);
+	if (tmp_dns_name == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+	s_dsa->other_info->dns_name = tmp_dns_name;
+
+	/* we want to show a count per partition */
+	if (!s->last_partition || strcmp(s->last_partition, c->partition->nc.dn) != 0) {
+		s->total_objects = 0;
+		s->total_links = 0;
+		talloc_free(s->last_partition);
+		s->last_partition = talloc_strdup(s, c->partition->nc.dn);
+	}
+	s->total_objects += object_count;
+	s->total_links += linked_attributes_count;
+
+	partition_dn = ldb_dn_new(s_dsa, s->ldb, c->partition->nc.dn);
+	if (partition_dn == NULL) {
+		DEBUG(0,("Failed to parse partition DN from DRS.\n"));
+		return WERR_INVALID_PARAMETER;
+	}
+
+	if (is_exop) {
+		int ret;
+		if (nc_object_count) {
+			DEBUG(0,("Exop on[%s] objects[%u/%u] linked_values[%u/%u]\n",
+				c->partition->nc.dn, s->total_objects, nc_object_count,
+				s->total_links, nc_linked_attributes_count));
+		} else {
+			DEBUG(0,("Exop on[%s] objects[%u] linked_values[%u]\n",
+			c->partition->nc.dn, s->total_objects, linked_attributes_count));
+		}
+		ret = dsdb_find_nc_root(s->ldb, s_dsa,
+					partition_dn, &nc_root);
+		if (ret != LDB_SUCCESS) {
+			DEBUG(0,(__location__ ": Failed to find nc_root for %s\n",
+				 ldb_dn_get_linearized(partition_dn)));
+			return WERR_INTERNAL_ERROR;
+		}
+	} else {
+		if (nc_object_count) {
+			DEBUG(0,("Partition[%s] objects[%u/%u] linked_values[%u/%u]\n",
+				c->partition->nc.dn, s->total_objects, nc_object_count,
+				s->total_links, nc_linked_attributes_count));
+		} else {
+			DEBUG(0,("Partition[%s] objects[%u] linked_values[%u]\n",
+			c->partition->nc.dn, s->total_objects, s->total_links));
+		}
+		nc_root = partition_dn;
+	}
+
+
+	schema = dsdb_get_schema(s->ldb, NULL);
+	if (!schema) {
+		DEBUG(0,(__location__ ": Schema is not loaded yet!\n"));
+		return WERR_INTERNAL_ERROR;
+	}
+
+	if (req_replica_flags & DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS) {
+		dsdb_repl_flags |= DSDB_REPL_FLAG_PRIORITISE_INCOMING;
+	}
+
+	if (req_replica_flags & DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING) {
+		dsdb_repl_flags |= DSDB_REPL_FLAG_EXPECT_NO_SECRETS;
+	}
+
+	status = dsdb_replicated_objects_convert(s->ldb,
+						 schema,
+						 nc_root,
+						 mapping_ctr,
+						 object_count,
+						 first_object,
+						 linked_attributes_count,
+						 linked_attributes,
+						 s_dsa,
+						 uptodateness_vector,
+						 c->gensec_skey,
+						 dsdb_repl_flags,
+						 s, &objs);
+	if (!W_ERROR_IS_OK(status)) {
+		DEBUG(0,("Failed to convert objects: %s\n", win_errstr(status)));
+		return status;
+	}
+
+	if (lpcfg_parm_bool(s->lp_ctx, NULL, "become dc", "dump objects", false)) {
+		for (i=0; i < objs->num_objects; i++) {
+			struct ldb_ldif ldif;
+			fprintf(stdout, "#\n");
+			ldif.changetype = LDB_CHANGETYPE_NONE;
+			ldif.msg = objs->objects[i].msg;
+			ldb_ldif_write_file(s->ldb, stdout, &ldif);
+			NDR_PRINT_DEBUG(replPropertyMetaDataBlob, objs->objects[i].meta_data);
+		}
+	}
+	status = dsdb_replicated_objects_commit(s->ldb, NULL, objs, &seq_num);
+	if (!W_ERROR_IS_OK(status)) {
+		DEBUG(0,("Failed to commit objects: %s\n", win_errstr(status)));
+		return status;
+	}
+
+	/* reset debug counters once we've finished replicating the partition */
+	if (!c->partition->more_data) {
+		s->total_objects = 0;
+		s->total_links = 0;
+	}
+
+	talloc_free(s_dsa);
+	talloc_free(objs);
+
+	for (i=0; i < linked_attributes_count; i++) {
+		const struct dsdb_attribute *sa;
+
+		if (!linked_attributes[i].identifier) {
+			DEBUG(0, ("No linked attribute identifier\n"));
+			return WERR_INTERNAL_ERROR;
+		}
+
+		if (!linked_attributes[i].value.blob) {
+			DEBUG(0, ("No linked attribute value\n"));
+			return WERR_INTERNAL_ERROR;
+		}
+
+		sa = dsdb_attribute_by_attributeID_id(s->schema,
+						      linked_attributes[i].attid);
+		if (!sa) {
+			DEBUG(0, ("Unable to find attribute via attribute id %d\n", linked_attributes[i].attid));
+			return WERR_INTERNAL_ERROR;
+		}
+
+		if (lpcfg_parm_bool(s->lp_ctx, NULL, "become dc", "dump objects", false)) {
+			DEBUG(0,("# %s\n", sa->lDAPDisplayName));
+			NDR_PRINT_DEBUG(drsuapi_DsReplicaLinkedAttribute, &linked_attributes[i]);
+			dump_data(0,
+				linked_attributes[i].value.blob->data,
+				linked_attributes[i].value.blob->length);
+		}
+	}
+
+	return WERR_OK;
+}
+
diff --git a/source4/libnet/libnet_vampire.h b/source4/libnet/libnet_vampire.h
new file mode 100644
index 0000000..ea616ab
--- /dev/null
+++ b/source4/libnet/libnet_vampire.h
@@ -0,0 +1,58 @@
+/* 
+   Unix SMB/CIFS implementation.
+   
+   Copyright (C) Stefan Metzmacher	2004
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
+   Copyright (C) Brad Henry 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __LIBNET_VAMPIRE_H__
+#define __LIBNET_VAMPIRE_H__
+
+struct libnet_Vampire {
+	struct {
+		const char *domain_name;
+		const char *netbios_name;
+		const char *targetdir;
+	} in;
+	
+	struct {
+		struct dom_sid *domain_sid;
+		const char *domain_name;
+		const char *error_string;
+	} out;
+};
+
+struct libnet_Replicate {
+	struct {
+		const char *domain_name;
+		const char *netbios_name;
+		const char *targetdir; /* optional, may be NULL */
+		struct dom_sid *domain_sid;
+		const char *realm;
+		const char *server;
+		const char *join_password;
+		uint32_t kvno;
+	} in;
+	struct {
+		const char *error_string;
+	} out;
+};
+
+/* Private context for the default callbacks */
+struct libnet_vampire_cb_state;
+
+#endif /* __LIBNET_VAMPIRE_H__ */
diff --git a/source4/libnet/prereq_domain.c b/source4/libnet/prereq_domain.c
new file mode 100644
index 0000000..679669e
--- /dev/null
+++ b/source4/libnet/prereq_domain.c
@@ -0,0 +1,144 @@
+/* 
+   Unix SMB/CIFS implementation.
+   
+   Copyright (C) Rafal Szczesniak  2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include "includes.h"
+#include "libnet/libnet.h"
+#include "libcli/composite/composite.h"
+#include "auth/credentials/credentials.h"
+#include "librpc/ndr/libndr.h"
+#include "librpc/gen_ndr/samr.h"
+#include "librpc/gen_ndr/ndr_samr.h"
+#include "librpc/gen_ndr/lsa.h"
+#include "librpc/gen_ndr/ndr_lsa.h"
+
+
+bool samr_domain_opened(struct libnet_context *ctx, TALLOC_CTX *mem_ctx,
+			const char *domain_name,
+			struct composite_context **parent_ctx,
+			struct libnet_DomainOpen *domain_open,
+			void (*continue_fn)(struct composite_context*),
+			void (*monitor)(struct monitor_msg*))
+{
+	struct composite_context *domopen_req;
+
+	if (parent_ctx == NULL || *parent_ctx == NULL) return false;
+
+	if (domain_name == NULL) {
+		/*
+		 * Try to guess the domain name from credentials,
+		 * if it's not been explicitly specified.
+		 */
+
+		if (ndr_policy_handle_empty(&ctx->samr.handle)) {
+			domain_open->in.type        = DOMAIN_SAMR;
+			domain_open->in.domain_name = cli_credentials_get_domain(ctx->cred);
+			domain_open->in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+
+		} else {
+			composite_error(*parent_ctx, NT_STATUS_INVALID_PARAMETER);
+			return true;
+		}
+
+	} else {
+		/*
+		 * The domain name has been specified, so check whether the same
+		 * domain is already opened. If it is - just return NULL. Start
+		 * opening a new domain otherwise.
+		 */
+
+		if (ndr_policy_handle_empty(&ctx->samr.handle) ||
+		    !strequal(domain_name, ctx->samr.name)) {
+			domain_open->in.type        = DOMAIN_SAMR;
+			domain_open->in.domain_name = domain_name;
+			domain_open->in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+
+		} else {
+			/* domain has already been opened and it's the same domain
+			   as requested */
+			return true;
+		}
+	}
+
+	/* send request to open the domain */
+	domopen_req = libnet_DomainOpen_send(ctx, mem_ctx, domain_open, monitor);
+	if (composite_nomem(domopen_req, *parent_ctx)) return false;
+	
+	composite_continue(*parent_ctx, domopen_req, continue_fn, *parent_ctx);
+	return false;
+}
+
+
+bool lsa_domain_opened(struct libnet_context *ctx, TALLOC_CTX *mem_ctx,
+		       const char *domain_name,
+		       struct composite_context **parent_ctx,
+		       struct libnet_DomainOpen *domain_open,
+		       void (*continue_fn)(struct composite_context*),
+		       void (*monitor)(struct monitor_msg*))
+{
+	struct composite_context *domopen_req;
+	
+	if (parent_ctx == NULL || *parent_ctx == NULL) return false;
+
+	if (domain_name == NULL) {
+		/*
+		 * Try to guess the domain name from credentials,
+		 * if it's not been explicitly specified.
+		 */
+
+		if (ndr_policy_handle_empty(&ctx->lsa.handle)) {
+			domain_open->in.type        = DOMAIN_LSA;
+			domain_open->in.domain_name = cli_credentials_get_domain(ctx->cred);
+			domain_open->in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+
+		} else {
+			composite_error(*parent_ctx, NT_STATUS_INVALID_PARAMETER);
+			/* this ensures the calling function exits and composite function error
+			   gets noticed quickly */
+			return true;
+		}
+
+	} else {
+		/*
+		 * The domain name has been specified, so check whether the same
+		 * domain is already opened. If it is - just return NULL. Start
+		 * opening a new domain otherwise.
+		 */
+
+		if (ndr_policy_handle_empty(&ctx->lsa.handle) ||
+		    !strequal(domain_name, ctx->lsa.name)) {
+			domain_open->in.type        = DOMAIN_LSA;
+			domain_open->in.domain_name = domain_name;
+			domain_open->in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+
+		} else {
+			/* domain has already been opened and it's the same domain
+			   as requested */
+			return true;
+		}
+	}
+
+	/* send request to open the domain */
+	domopen_req = libnet_DomainOpen_send(ctx, mem_ctx, domain_open, monitor);
+	/* see the comment above to find out why true is returned here */
+	if (composite_nomem(domopen_req, *parent_ctx)) return true;
+	
+	composite_continue(*parent_ctx, domopen_req, continue_fn, *parent_ctx);
+	return false;
+}
diff --git a/source4/libnet/py_net.c b/source4/libnet/py_net.c
new file mode 100644
index 0000000..071ad04
--- /dev/null
+++ b/source4/libnet/py_net.c
@@ -0,0 +1,950 @@
+/*
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+
+   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2008-2010
+   Copyright (C) Kamen Mazdrashki <kamen.mazdrashki@postpath.com> 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "lib/replace/system/python.h"
+#include "python/py3compat.h"
+#include "includes.h"
+#include "python/modules.h"
+#include <pyldb.h>
+#include <pytalloc.h>
+#include "libnet.h"
+#include "auth/credentials/pycredentials.h"
+#include "libcli/security/security.h"
+#include "lib/events/events.h"
+#include "param/pyparam.h"
+#include "auth/gensec/gensec.h"
+#include "librpc/rpc/pyrpc_util.h"
+#include "libcli/resolve/resolve.h"
+#include "libcli/finddc.h"
+#include "dsdb/samdb/samdb.h"
+#include "py_net.h"
+#include "librpc/rpc/pyrpc_util.h"
+#include "libcli/drsuapi/drsuapi.h"
+
+static void PyErr_SetDsExtendedError(enum drsuapi_DsExtendedError ext_err, const char *error_description)
+{
+	PyObject *mod = NULL;
+	PyObject *error = NULL;
+	mod = PyImport_ImportModule("samba");
+	if (mod) {
+		error = PyObject_GetAttrString(mod, "DsExtendedError");
+	}
+	if (error_description == NULL) {
+		switch (ext_err) {
+			/* Copied out of ndr_drsuapi.c:ndr_print_drsuapi_DsExtendedError() */
+			case DRSUAPI_EXOP_ERR_NONE:
+				error_description = "DRSUAPI_EXOP_ERR_NONE";
+				break;
+			case DRSUAPI_EXOP_ERR_SUCCESS:
+				error_description = "DRSUAPI_EXOP_ERR_SUCCESS";
+				break;
+			case DRSUAPI_EXOP_ERR_UNKNOWN_OP:
+				error_description = "DRSUAPI_EXOP_ERR_UNKNOWN_OP";
+				break;
+			case DRSUAPI_EXOP_ERR_FSMO_NOT_OWNER:
+				error_description = "DRSUAPI_EXOP_ERR_FSMO_NOT_OWNER";
+				break;
+			case DRSUAPI_EXOP_ERR_UPDATE_ERR:
+				error_description = "DRSUAPI_EXOP_ERR_UPDATE_ERR";
+				break;
+			case DRSUAPI_EXOP_ERR_EXCEPTION:
+				error_description = "DRSUAPI_EXOP_ERR_EXCEPTION";
+				break;
+			case DRSUAPI_EXOP_ERR_UNKNOWN_CALLER:
+				error_description = "DRSUAPI_EXOP_ERR_UNKNOWN_CALLER";
+				break;
+			case DRSUAPI_EXOP_ERR_RID_ALLOC:
+				error_description = "DRSUAPI_EXOP_ERR_RID_ALLOC";
+				break;
+			case DRSUAPI_EXOP_ERR_FSMO_OWNER_DELETED:
+				error_description = "DRSUAPI_EXOP_ERR_FSMO_OWNER_DELETED";
+				break;
+			case DRSUAPI_EXOP_ERR_FMSO_PENDING_OP:
+				error_description = "DRSUAPI_EXOP_ERR_FMSO_PENDING_OP";
+				break;
+			case DRSUAPI_EXOP_ERR_MISMATCH:
+				error_description = "DRSUAPI_EXOP_ERR_MISMATCH";
+				break;
+			case DRSUAPI_EXOP_ERR_COULDNT_CONTACT:
+				error_description = "DRSUAPI_EXOP_ERR_COULDNT_CONTACT";
+				break;
+			case DRSUAPI_EXOP_ERR_FSMO_REFUSING_ROLES:
+				error_description = "DRSUAPI_EXOP_ERR_FSMO_REFUSING_ROLES";
+				break;
+			case DRSUAPI_EXOP_ERR_DIR_ERROR:
+				error_description = "DRSUAPI_EXOP_ERR_DIR_ERROR";
+				break;
+			case DRSUAPI_EXOP_ERR_FSMO_MISSING_SETTINGS:
+				error_description = "DRSUAPI_EXOP_ERR_FSMO_MISSING_SETTINGS";
+				break;
+			case DRSUAPI_EXOP_ERR_ACCESS_DENIED:
+				error_description = "DRSUAPI_EXOP_ERR_ACCESS_DENIED";
+				break;
+			case DRSUAPI_EXOP_ERR_PARAM_ERROR:
+				error_description = "DRSUAPI_EXOP_ERR_PARAM_ERROR";
+				break;
+		}
+	}
+	if (error) {
+		PyObject *value =
+			Py_BuildValue(discard_const_p(char, "(i,s)"),
+				      ext_err,
+				      error_description);
+		PyErr_SetObject(error, value);
+		if (value) {
+			Py_DECREF(value);
+		}
+		Py_DECREF(error);
+	}
+}
+
+static PyObject *py_net_join_member(py_net_Object *self, PyObject *args, PyObject *kwargs)
+{
+	struct libnet_Join_member r;
+	int _level = 0;
+	NTSTATUS status;
+	PyObject *result;
+	TALLOC_CTX *mem_ctx;
+	const char *kwnames[] = { "domain_name", "netbios_name", "level", "machinepass", NULL };
+
+	ZERO_STRUCT(r);
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "ssi|z:Join", discard_const_p(char *, kwnames),
+					 &r.in.domain_name, &r.in.netbios_name, 
+					 &_level,
+					 &r.in.account_pass)) {
+		return NULL;
+	}
+	r.in.level = _level;
+
+	mem_ctx = talloc_new(self->mem_ctx);
+	if (mem_ctx == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	status = libnet_Join_member(self->libnet_ctx, mem_ctx, &r);
+	if (NT_STATUS_IS_ERR(status)) {
+		PyErr_SetNTSTATUS_and_string(status,
+					     r.out.error_string
+					     ? r.out.error_string
+					     : nt_errstr(status));
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	result = Py_BuildValue("sss", r.out.join_password,
+			       dom_sid_string(mem_ctx, r.out.domain_sid),
+			       r.out.domain_name);
+
+	talloc_free(mem_ctx);
+
+	return result;
+}
+
+static const char py_net_join_member_doc[] = "join_member(domain_name, netbios_name, level) -> (join_password, domain_sid, domain_name)\n\n" \
+"Join the domain with the specified name.";
+
+static PyObject *py_net_change_password(py_net_Object *self, PyObject *args, PyObject *kwargs)
+{
+	union libnet_ChangePassword r;
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = NULL;
+	struct tevent_context *ev = NULL;
+	const char *kwnames[] = { "newpassword", "oldpassword", "domain", "username", NULL };
+	const char *newpass = NULL;
+	const char *oldpass = NULL;
+	ZERO_STRUCT(r);
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, PYARG_STR_UNI
+					 "|"PYARG_STR_UNI"ss:change_password",
+					 discard_const_p(char *, kwnames),
+					 "utf8",
+					 &newpass,
+					 "utf8",
+					 &oldpass,
+					 &r.generic.in.domain_name,
+					 &r.generic.in.account_name)) {
+		return NULL;
+	}
+
+	r.generic.in.newpassword = newpass;
+	r.generic.in.oldpassword = oldpass;
+
+	r.generic.level = LIBNET_CHANGE_PASSWORD_GENERIC;
+	if (r.generic.in.account_name == NULL) {
+		r.generic.in.account_name
+			= cli_credentials_get_username(self->libnet_ctx->cred);
+	}
+	if (r.generic.in.domain_name == NULL) {
+		r.generic.in.domain_name
+			= cli_credentials_get_domain(self->libnet_ctx->cred);
+	}
+	if (r.generic.in.oldpassword == NULL) {
+		r.generic.in.oldpassword
+			= cli_credentials_get_password(self->libnet_ctx->cred);
+	}
+
+	/* FIXME: we really need to get a context from the caller or we may end
+	 * up with 2 event contexts */
+	ev = s4_event_context_init(NULL);
+
+	mem_ctx = talloc_new(ev);
+	if (mem_ctx == NULL) {
+		PyMem_Free(discard_const_p(char, newpass));
+		PyMem_Free(discard_const_p(char, oldpass));
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	status = libnet_ChangePassword(self->libnet_ctx, mem_ctx, &r);
+
+	PyMem_Free(discard_const_p(char, newpass));
+	PyMem_Free(discard_const_p(char, oldpass));
+
+	if (NT_STATUS_IS_ERR(status)) {
+		PyErr_SetNTSTATUS_and_string(status,
+					     r.generic.out.error_string
+					     ? r.generic.out.error_string
+					     : nt_errstr(status));
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	talloc_free(mem_ctx);
+	Py_RETURN_NONE;
+}
+
+static const char py_net_change_password_doc[] = "change_password(newpassword) -> True\n\n" \
+"Change password for a user. You must supply credential with enough rights to do this.\n\n" \
+"Sample usage is:\n" \
+"net.change_password(newpassword=<new_password>)\n";
+
+
+static PyObject *py_net_set_password(py_net_Object *self, PyObject *args, PyObject *kwargs)
+{
+	union libnet_SetPassword r;
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx;
+	struct tevent_context *ev;
+	const char *kwnames[] = { "account_name", "domain_name", "newpassword", "force_samr_18", NULL };
+	PyObject *py_force_samr_18 = Py_False;
+
+	ZERO_STRUCT(r);
+
+	r.generic.level = LIBNET_SET_PASSWORD_GENERIC;
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "sss|O:set_password",
+					discard_const_p(char *, kwnames),
+					 &r.generic.in.account_name,
+					 &r.generic.in.domain_name,
+					 &r.generic.in.newpassword,
+					 &py_force_samr_18)) {
+		return NULL;
+	}
+
+	if (py_force_samr_18) {
+		if (!PyBool_Check(py_force_samr_18)) {
+			PyErr_SetString(PyExc_TypeError, "Expected boolean force_samr_18");
+			return NULL;
+		}
+		if (py_force_samr_18 == Py_True) {
+			r.generic.samr_level = LIBNET_SET_PASSWORD_SAMR_HANDLE_18;
+		}
+	}
+
+	/* FIXME: we really need to get a context from the caller or we may end
+	 * up with 2 event contexts */
+	ev = s4_event_context_init(NULL);
+
+	mem_ctx = talloc_new(ev);
+	if (mem_ctx == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	status = libnet_SetPassword(self->libnet_ctx, mem_ctx, &r);
+	if (NT_STATUS_IS_ERR(status)) {
+		PyErr_SetNTSTATUS_and_string(status,
+					     r.generic.out.error_string
+					     ? r.generic.out.error_string
+					     : nt_errstr(status));
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	talloc_free(mem_ctx);
+
+	Py_RETURN_NONE;
+}
+
+static const char py_net_set_password_doc[] = "set_password(account_name, domain_name, newpassword) -> True\n\n" \
+"Set password for a user. You must supply credential with enough rights to do this.\n\n" \
+"Sample usage is:\n" \
+"net.set_password(account_name=account_name, domain_name=domain_name, newpassword=new_pass)\n";
+
+
+static PyObject *py_net_time(py_net_Object *self, PyObject *args, PyObject *kwargs)
+{
+	const char *kwnames[] = { "server_name", NULL };
+	union libnet_RemoteTOD r;
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx;
+	char timestr[64];
+	PyObject *ret;
+	struct tm *tm;
+	size_t len;
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s",
+		discard_const_p(char *, kwnames), &r.generic.in.server_name))
+		return NULL;
+
+	r.generic.level			= LIBNET_REMOTE_TOD_GENERIC;
+
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	status = libnet_RemoteTOD(self->libnet_ctx, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		PyErr_SetNTSTATUS_and_string(status,
+					     r.generic.out.error_string
+					     ? r.generic.out.error_string
+					     : nt_errstr(status));
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	ZERO_STRUCT(timestr);
+	tm = localtime(&r.generic.out.time);
+
+	len = strftime(timestr, sizeof(timestr), "%c %Z", tm);
+	if (len == 0) {
+		PyErr_NoMemory();
+		ret = NULL;
+	} else {
+		ret = PyUnicode_FromStringAndSize(timestr, (Py_ssize_t)len);
+	}
+
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static const char py_net_time_doc[] = "time(server_name) -> timestr\n"
+"Retrieve the remote time on a server";
+
+static PyObject *py_net_user_create(py_net_Object *self, PyObject *args, PyObject *kwargs)
+{
+	const char *kwnames[] = { "username", NULL };
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx;
+	struct libnet_CreateUser r;
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s", discard_const_p(char *, kwnames), 
+									 &r.in.user_name))
+		return NULL;
+
+	r.in.domain_name = cli_credentials_get_domain(self->libnet_ctx->cred);
+
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	status = libnet_CreateUser(self->libnet_ctx, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		PyErr_SetNTSTATUS_and_string(status,
+					     r.out.error_string
+					     ? r.out.error_string
+					     : nt_errstr(status));
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	talloc_free(mem_ctx);
+	
+	Py_RETURN_NONE;
+}
+
+static const char py_net_create_user_doc[] = "create_user(username)\n"
+"Create a new user.";
+
+static PyObject *py_net_user_delete(py_net_Object *self, PyObject *args, PyObject *kwargs)
+{
+	const char *kwnames[] = { "username", NULL };
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx;
+	struct libnet_DeleteUser r;
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s", discard_const_p(char *, kwnames), 
+									 &r.in.user_name))
+		return NULL;
+
+	r.in.domain_name = cli_credentials_get_domain(self->libnet_ctx->cred);
+
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	status = libnet_DeleteUser(self->libnet_ctx, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		PyErr_SetNTSTATUS_and_string(status,
+					   r.out.error_string
+					  ? r.out.error_string
+					  : nt_errstr(status));
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	talloc_free(mem_ctx);
+	
+	Py_RETURN_NONE;
+}
+
+static const char py_net_delete_user_doc[] = "delete_user(username)\n"
+"Delete a user.";
+
+struct replicate_state {
+	void *vampire_state;
+	dcerpc_InterfaceObject *drs_pipe;
+	struct libnet_BecomeDC_StoreChunk chunk;
+	DATA_BLOB gensec_skey;
+	struct libnet_BecomeDC_Partition partition;
+	struct libnet_BecomeDC_Forest forest;
+	struct libnet_BecomeDC_DestDSA dest_dsa;
+};
+
+/*
+  setup for replicate_chunk() calls
+ */
+static PyObject *py_net_replicate_init(py_net_Object *self, PyObject *args, PyObject *kwargs)
+{
+	const char *kwnames[] = { "samdb", "lp", "drspipe", "invocation_id", NULL };
+	PyObject *py_ldb, *py_lp, *py_drspipe, *py_invocation_id;
+	struct ldb_context *samdb;
+	struct loadparm_context *lp;
+	struct replicate_state *s;
+	NTSTATUS status;
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "OOOO",
+					 discard_const_p(char *, kwnames),
+	                                 &py_ldb, &py_lp, &py_drspipe,
+					 &py_invocation_id)) {
+		return NULL;
+	}
+
+	s = talloc_zero(NULL, struct replicate_state);
+	if (!s) return NULL;
+
+	lp = lpcfg_from_py_object(s, py_lp);
+	if (lp == NULL) {
+		PyErr_SetString(PyExc_TypeError, "Expected lp object");
+		talloc_free(s);
+		return NULL;
+	}
+
+	samdb = pyldb_Ldb_AsLdbContext(py_ldb);
+	if (samdb == NULL) {
+		PyErr_SetString(PyExc_TypeError, "Expected ldb object");
+		talloc_free(s);
+		return NULL;
+	}
+	if (!py_check_dcerpc_type(py_invocation_id, "samba.dcerpc.misc", "GUID")) {
+		
+		talloc_free(s);
+		return NULL;
+	}
+	s->dest_dsa.invocation_id = *pytalloc_get_type(py_invocation_id, struct GUID);
+
+	s->drs_pipe = (dcerpc_InterfaceObject *)(py_drspipe);
+
+	s->vampire_state = libnet_vampire_replicate_init(s, samdb, lp);
+	if (s->vampire_state == NULL) {
+		PyErr_SetString(PyExc_TypeError, "Failed to initialise vampire_state");
+		talloc_free(s);
+		return NULL;
+	}
+
+	status = gensec_session_key(s->drs_pipe->pipe->conn->security_state.generic_state,
+				    s,
+				    &s->gensec_skey);
+	if (!NT_STATUS_IS_OK(status)) {
+		char *error_string = talloc_asprintf(s,
+						     "Unable to get session key from drspipe: %s",
+						     nt_errstr(status));
+		PyErr_SetNTSTATUS_and_string(status, error_string);
+		talloc_free(s);
+		return NULL;
+	}
+
+	s->forest.dns_name = samdb_dn_to_dns_domain(s, ldb_get_root_basedn(samdb));
+	s->forest.root_dn_str = ldb_dn_get_linearized(ldb_get_root_basedn(samdb));
+	s->forest.config_dn_str = ldb_dn_get_linearized(ldb_get_config_basedn(samdb));
+	s->forest.schema_dn_str = ldb_dn_get_linearized(ldb_get_schema_basedn(samdb));
+
+	s->chunk.gensec_skey = &s->gensec_skey;
+	s->chunk.partition = &s->partition;
+	s->chunk.forest = &s->forest;
+	s->chunk.dest_dsa = &s->dest_dsa;
+
+	return pytalloc_GenericObject_steal(s);
+}
+
+
+/*
+  process one replication chunk
+ */
+static PyObject *py_net_replicate_chunk(py_net_Object *self, PyObject *args, PyObject *kwargs)
+{
+	const char *kwnames[] = { "state", "level", "ctr",
+				  "schema", "req_level", "req",
+				  NULL };
+	PyObject *py_state, *py_ctr, *py_schema = Py_None, *py_req = Py_None;
+	struct replicate_state *s;
+	unsigned level;
+	unsigned req_level = 0;
+	WERROR (*chunk_handler)(void *private_data, const struct libnet_BecomeDC_StoreChunk *c);
+	WERROR werr;
+	enum drsuapi_DsExtendedError extended_ret = DRSUAPI_EXOP_ERR_NONE;
+	enum drsuapi_DsExtendedOperation exop = DRSUAPI_EXOP_NONE;
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "OIO|OIO",
+					 discard_const_p(char *, kwnames),
+	                                 &py_state, &level, &py_ctr,
+					 &py_schema, &req_level, &py_req)) {
+		return NULL;
+	}
+
+	s = pytalloc_get_type(py_state, struct replicate_state);
+	if (!s) {
+		return NULL;
+	}
+
+	switch (level) {
+	case 1:
+		if (!py_check_dcerpc_type(py_ctr, "samba.dcerpc.drsuapi", "DsGetNCChangesCtr1")) {
+			return NULL;
+		}
+		s->chunk.ctr1                         = pytalloc_get_ptr(py_ctr);
+		if (s->chunk.ctr1->naming_context != NULL) {
+			s->partition.nc = *s->chunk.ctr1->naming_context;
+		}
+		extended_ret = s->chunk.ctr1->extended_ret;
+		s->partition.more_data                = s->chunk.ctr1->more_data;
+		s->partition.source_dsa_guid          = s->chunk.ctr1->source_dsa_guid;
+		s->partition.source_dsa_invocation_id = s->chunk.ctr1->source_dsa_invocation_id;
+		s->partition.highwatermark            = s->chunk.ctr1->new_highwatermark;
+		break;
+	case 6:
+		if (!py_check_dcerpc_type(py_ctr, "samba.dcerpc.drsuapi", "DsGetNCChangesCtr6")) {
+			return NULL;
+		}
+		s->chunk.ctr6                         = pytalloc_get_ptr(py_ctr);
+		if (s->chunk.ctr6->naming_context != NULL) {
+			s->partition.nc = *s->chunk.ctr6->naming_context;
+		}
+		extended_ret = s->chunk.ctr6->extended_ret;
+		s->partition.more_data                = s->chunk.ctr6->more_data;
+		s->partition.source_dsa_guid          = s->chunk.ctr6->source_dsa_guid;
+		s->partition.source_dsa_invocation_id = s->chunk.ctr6->source_dsa_invocation_id;
+		s->partition.highwatermark            = s->chunk.ctr6->new_highwatermark;
+		break;
+	default:
+		PyErr_Format(PyExc_TypeError, "Bad level %u in replicate_chunk", level);
+		return NULL;
+	}
+
+	s->chunk.req5 = NULL;
+	s->chunk.req8 = NULL;
+	s->chunk.req10 = NULL;
+	if (py_req != Py_None) {
+		switch (req_level) {
+		case 0:
+			break;
+		case 5:
+			if (!py_check_dcerpc_type(py_req, "samba.dcerpc.drsuapi", "DsGetNCChangesRequest5")) {
+				return NULL;
+			}
+
+			s->chunk.req5 = pytalloc_get_ptr(py_req);
+			exop = s->chunk.req5->extended_op;
+			break;
+		case 8:
+			if (!py_check_dcerpc_type(py_req, "samba.dcerpc.drsuapi", "DsGetNCChangesRequest8")) {
+				return NULL;
+			}
+
+			s->chunk.req8 = pytalloc_get_ptr(py_req);
+			exop = s->chunk.req8->extended_op;
+			break;
+		case 10:
+			if (!py_check_dcerpc_type(py_req, "samba.dcerpc.drsuapi", "DsGetNCChangesRequest10")) {
+				return NULL;
+			}
+
+			s->chunk.req10 = pytalloc_get_ptr(py_req);
+			exop = s->chunk.req10->extended_op;
+			break;
+		default:
+			PyErr_Format(PyExc_TypeError, "Bad req_level %u in replicate_chunk", req_level);
+			return NULL;
+		}
+	}
+
+	if (exop != DRSUAPI_EXOP_NONE && extended_ret != DRSUAPI_EXOP_ERR_SUCCESS) {
+		PyErr_SetDsExtendedError(extended_ret, NULL);
+		return NULL;
+	}
+
+	s->chunk.req_level = req_level;
+
+	chunk_handler = libnet_vampire_cb_store_chunk;
+	if (py_schema) {
+		if (!PyBool_Check(py_schema)) {
+			PyErr_SetString(PyExc_TypeError, "Expected boolean schema");
+			return NULL;
+		}
+		if (py_schema == Py_True) {
+			chunk_handler = libnet_vampire_cb_schema_chunk;
+		}
+	}
+
+	s->chunk.ctr_level = level;
+
+	werr = chunk_handler(s->vampire_state, &s->chunk);
+	if (!W_ERROR_IS_OK(werr)) {
+		char *error_string
+			= talloc_asprintf(NULL,
+					  "Failed to process 'chunk' of DRS replicated objects: %s",
+					  win_errstr(werr));
+		PyErr_SetWERROR_and_string(werr, error_string);
+		TALLOC_FREE(error_string);
+		return NULL;
+	}
+
+	Py_RETURN_NONE;
+}
+
+
+/*
+  just do the decryption of a DRS replicated attribute
+ */
+static PyObject *py_net_replicate_decrypt(py_net_Object *self, PyObject *args, PyObject *kwargs)
+{
+	const char *kwnames[] = { "drspipe", "attribute", "rid", NULL };
+	PyObject *py_drspipe, *py_attribute;
+	NTSTATUS status;
+        dcerpc_InterfaceObject *drs_pipe;
+	TALLOC_CTX *frame;
+	TALLOC_CTX *context;
+	DATA_BLOB gensec_skey;
+	unsigned int rid;
+	struct drsuapi_DsReplicaAttribute *attribute;
+	WERROR werr;
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "OOI",
+					 discard_const_p(char *, kwnames),
+	                                 &py_drspipe,
+					 &py_attribute, &rid)) {
+		return NULL;
+	}
+
+	frame = talloc_stackframe();
+
+	if (!py_check_dcerpc_type(py_drspipe,
+				  "samba.dcerpc.base",
+				  "ClientConnection")) {
+		return NULL;
+	}
+	drs_pipe = (dcerpc_InterfaceObject *)(py_drspipe);
+
+	status = gensec_session_key(drs_pipe->pipe->conn->security_state.generic_state,
+				    frame,
+				    &gensec_skey);
+	if (!NT_STATUS_IS_OK(status)) {
+		char *error_string
+			= talloc_asprintf(frame,
+					  "Unable to get session key from drspipe: %s",
+					  nt_errstr(status));
+		PyErr_SetNTSTATUS_and_string(status, error_string);
+		talloc_free(frame);
+		return NULL;
+	}
+
+	if (!py_check_dcerpc_type(py_attribute, "samba.dcerpc.drsuapi",
+				  "DsReplicaAttribute")) {
+		return NULL;
+	}
+
+	attribute = pytalloc_get_ptr(py_attribute);
+	context   = pytalloc_get_mem_ctx(py_attribute);
+	werr = drsuapi_decrypt_attribute(context, &gensec_skey,
+					 rid, 0, attribute);
+	if (!W_ERROR_IS_OK(werr)) {
+		char *error_string = talloc_asprintf(frame,
+						     "Unable to get decrypt attribute: %s",
+						     win_errstr(werr));
+		PyErr_SetWERROR_and_string(werr, error_string);
+		talloc_free(frame);
+		return NULL;
+	}
+
+	talloc_free(frame);
+
+	Py_RETURN_NONE;
+
+}
+
+/*
+  find a DC given a domain name and server type
+ */
+static PyObject *py_net_finddc(py_net_Object *self, PyObject *args, PyObject *kwargs)
+{
+	const char *domain = NULL, *address = NULL;
+	unsigned server_type;
+	NTSTATUS status;
+	struct finddcs *io;
+	TALLOC_CTX *mem_ctx;
+	PyObject *ret;
+	const char * const kwnames[] = { "flags", "domain", "address", NULL };
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "I|zz",
+					 discard_const_p(char *, kwnames),
+					 &server_type, &domain, &address)) {
+		return NULL;
+	}
+
+	mem_ctx = talloc_new(self->mem_ctx);
+	if (mem_ctx == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	io = talloc_zero(mem_ctx, struct finddcs);
+	if (io == NULL) {
+		TALLOC_FREE(mem_ctx);
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	if (domain != NULL) {
+		io->in.domain_name = domain;
+	}
+	if (address != NULL) {
+		io->in.server_address = address;
+	}
+	io->in.minimum_dc_flags = server_type;
+
+	status = finddcs_cldap(io, io,
+			       lpcfg_resolve_context(self->libnet_ctx->lp_ctx), self->ev);
+	if (NT_STATUS_IS_ERR(status)) {
+		PyErr_SetNTSTATUS(status);
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	ret = py_return_ndr_struct("samba.dcerpc.nbt", "NETLOGON_SAM_LOGON_RESPONSE_EX",
+				   io, &io->out.netlogon.data.nt5_ex);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+
+static const char py_net_replicate_init_doc[] = "replicate_init(samdb, lp, drspipe)\n"
+					 "Setup for replicate_chunk calls.";
+
+static const char py_net_replicate_chunk_doc[] = "replicate_chunk(state, level, ctr, schema)\n"
+					 "Process replication for one chunk";
+
+static const char py_net_replicate_decrypt_doc[] = "replicate_decrypt(drs, attribute, rid)\n"
+					 "Decrypt (in place) a DsReplicaAttribute replicated with drs.GetNCChanges()";
+
+static const char py_net_finddc_doc[] = "finddc(flags=server_type, domain=None, address=None)\n"
+					 "Find a DC with the specified 'server_type' bits. The 'domain' and/or 'address' have to be used as additional search criteria. Returns the whole netlogon struct";
+
+static PyMethodDef net_obj_methods[] = {
+	{
+		.ml_name  = "join_member",
+		.ml_meth  = PY_DISCARD_FUNC_SIG(PyCFunction,
+				py_net_join_member),
+		.ml_flags = METH_VARARGS|METH_KEYWORDS,
+		.ml_doc   = py_net_join_member_doc
+	},
+	{
+		.ml_name  = "change_password",
+		.ml_meth  = PY_DISCARD_FUNC_SIG(PyCFunction,
+				py_net_change_password),
+		.ml_flags = METH_VARARGS|METH_KEYWORDS,
+		.ml_doc   = py_net_change_password_doc
+	},
+	{
+		.ml_name  = "set_password",
+		.ml_meth  = PY_DISCARD_FUNC_SIG(PyCFunction,
+				py_net_set_password),
+		.ml_flags = METH_VARARGS|METH_KEYWORDS,
+		.ml_doc   = py_net_set_password_doc
+	},
+	{
+		.ml_name  = "time",
+		.ml_meth  = PY_DISCARD_FUNC_SIG(PyCFunction, py_net_time),
+		.ml_flags = METH_VARARGS|METH_KEYWORDS,
+		.ml_doc   = py_net_time_doc
+	},
+	{
+		.ml_name  = "create_user",
+		.ml_meth  = PY_DISCARD_FUNC_SIG(PyCFunction,
+				py_net_user_create),
+		.ml_flags = METH_VARARGS|METH_KEYWORDS,
+		.ml_doc   = py_net_create_user_doc
+	},
+	{
+		.ml_name  = "delete_user",
+		.ml_meth  = PY_DISCARD_FUNC_SIG(PyCFunction,
+				py_net_user_delete),
+		.ml_flags = METH_VARARGS|METH_KEYWORDS,
+		.ml_doc   = py_net_delete_user_doc
+	},
+	{
+		.ml_name  = "replicate_init",
+		.ml_meth  = PY_DISCARD_FUNC_SIG(PyCFunction,
+				py_net_replicate_init),
+		.ml_flags = METH_VARARGS|METH_KEYWORDS,
+		.ml_doc   = py_net_replicate_init_doc
+	},
+	{
+		.ml_name  = "replicate_chunk",
+		.ml_meth  = PY_DISCARD_FUNC_SIG(PyCFunction,
+				py_net_replicate_chunk),
+		.ml_flags = METH_VARARGS|METH_KEYWORDS,
+		.ml_doc   = py_net_replicate_chunk_doc
+	},
+	{
+		.ml_name  = "replicate_decrypt",
+		.ml_meth  = PY_DISCARD_FUNC_SIG(PyCFunction,
+				py_net_replicate_decrypt),
+		.ml_flags = METH_VARARGS|METH_KEYWORDS,
+		.ml_doc   = py_net_replicate_decrypt_doc
+	},
+	{
+		.ml_name  = "finddc",
+		.ml_meth  = PY_DISCARD_FUNC_SIG(PyCFunction,
+				py_net_finddc),
+		.ml_flags = METH_VARARGS|METH_KEYWORDS,
+		.ml_doc   = py_net_finddc_doc
+	},
+	{ .ml_name = NULL }
+};
+
+static void py_net_dealloc(py_net_Object *self)
+{
+	talloc_free(self->ev);
+	PyObject_Del(self);
+}
+
+static PyObject *net_obj_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
+{
+	PyObject *py_creds, *py_lp = Py_None;
+	const char *kwnames[] = { "creds", "lp", "server", NULL };
+	py_net_Object *ret;
+	struct loadparm_context *lp;
+	const char *server_address = NULL;
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "O|Oz",
+					 discard_const_p(char *, kwnames), &py_creds, &py_lp,
+					 &server_address))
+		return NULL;
+
+	ret = PyObject_New(py_net_Object, type);
+	if (ret == NULL) {
+		return NULL;
+	}
+
+	/* FIXME: we really need to get a context from the caller or we may end
+	 * up with 2 event contexts */
+	ret->ev = s4_event_context_init(NULL);
+	ret->mem_ctx = talloc_new(ret->ev);
+
+	lp = lpcfg_from_py_object(ret->mem_ctx, py_lp);
+	if (lp == NULL) {
+		Py_DECREF(ret);
+		return NULL;
+	}
+
+	ret->libnet_ctx = libnet_context_init(ret->ev, lp);
+	if (ret->libnet_ctx == NULL) {
+		PyErr_SetString(PyExc_RuntimeError, "Unable to initialize net");
+		Py_DECREF(ret);
+		return NULL;
+	}
+
+	ret->libnet_ctx->server_address = server_address;
+
+	ret->libnet_ctx->cred = cli_credentials_from_py_object(py_creds);
+	if (ret->libnet_ctx->cred == NULL) {
+		PyErr_SetString(PyExc_TypeError, "Expected credentials object");
+		Py_DECREF(ret);
+		return NULL;
+	}
+
+	return (PyObject *)ret;
+}
+
+
+PyTypeObject py_net_Type = {
+	PyVarObject_HEAD_INIT(NULL, 0)
+	.tp_name = "net.Net",
+	.tp_basicsize = sizeof(py_net_Object),
+	.tp_dealloc = (destructor)py_net_dealloc,
+	.tp_methods = net_obj_methods,
+	.tp_new = net_obj_new,
+};
+
+static struct PyModuleDef moduledef = {
+	PyModuleDef_HEAD_INIT,
+	.m_name = "net",
+	.m_size = -1,
+};
+
+MODULE_INIT_FUNC(net)
+{
+	PyObject *m;
+
+	if (PyType_Ready(&py_net_Type) < 0)
+		return NULL;
+
+	m = PyModule_Create(&moduledef);
+	if (m == NULL)
+		return NULL;
+
+	Py_INCREF(&py_net_Type);
+	PyModule_AddObject(m, "Net", (PyObject *)&py_net_Type);
+	PyModule_AddIntConstant(m, "LIBNET_JOINDOMAIN_AUTOMATIC", LIBNET_JOINDOMAIN_AUTOMATIC);
+	PyModule_AddIntConstant(m, "LIBNET_JOINDOMAIN_SPECIFIED", LIBNET_JOINDOMAIN_SPECIFIED);
+	PyModule_AddIntConstant(m, "LIBNET_JOIN_AUTOMATIC", LIBNET_JOIN_AUTOMATIC);
+	PyModule_AddIntConstant(m, "LIBNET_JOIN_SPECIFIED", LIBNET_JOIN_SPECIFIED);
+
+	return m;
+}
diff --git a/source4/libnet/py_net.h b/source4/libnet/py_net.h
new file mode 100644
index 0000000..2894d47
--- /dev/null
+++ b/source4/libnet/py_net.h
@@ -0,0 +1,24 @@
+/*
+   Unix SMB/CIFS implementation.
+   Samba python bindings to libnet library
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+typedef struct {
+	PyObject_HEAD
+	TALLOC_CTX *mem_ctx;
+	struct libnet_context *libnet_ctx;
+	struct tevent_context *ev;
+} py_net_Object;
diff --git a/source4/libnet/py_net_dckeytab.c b/source4/libnet/py_net_dckeytab.c
new file mode 100644
index 0000000..0c3df89
--- /dev/null
+++ b/source4/libnet/py_net_dckeytab.c
@@ -0,0 +1,121 @@
+/*
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+
+   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2008-2010
+   Copyright (C) Kamen Mazdrashki <kamen.mazdrashki@postpath.com> 2009
+   Copyright (C) Alexander Bokovoy <ab@samba.org> 2012
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "lib/replace/system/python.h"
+#include "includes.h"
+#include "python/py3compat.h"
+#include "python/modules.h"
+#include "py_net.h"
+#include "libnet_export_keytab.h"
+
+void initdckeytab(void);
+
+static PyObject *py_net_export_keytab(py_net_Object *self, PyObject *args, PyObject *kwargs)
+{
+	struct libnet_export_keytab r;
+	TALLOC_CTX *mem_ctx;
+	const char *kwnames[] = { "keytab", "principal", NULL };
+	NTSTATUS status;
+	r.in.principal = NULL;
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|z:export_keytab", discard_const_p(char *, kwnames),
+					 &r.in.keytab_name,
+					 &r.in.principal)) {
+		return NULL;
+	}
+
+	mem_ctx = talloc_new(self->mem_ctx);
+	if (mem_ctx == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	status = libnet_export_keytab(self->libnet_ctx, mem_ctx, &r);
+	if (NT_STATUS_IS_ERR(status)) {
+		PyErr_SetString(PyExc_RuntimeError,
+				r.out.error_string?r.out.error_string:nt_errstr(status));
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	talloc_free(mem_ctx);
+
+	Py_RETURN_NONE;
+}
+
+static const char py_net_export_keytab_doc[] = "export_keytab(keytab, name)\n\n"
+"Export the DC keytab to a keytab file.";
+
+static PyMethodDef export_keytab_method_table[] = {
+	{"export_keytab", PY_DISCARD_FUNC_SIG(PyCFunction,
+					      py_net_export_keytab),
+		METH_VARARGS|METH_KEYWORDS, py_net_export_keytab_doc},
+	{ NULL, NULL, 0, NULL }
+};
+
+/*
+ * A fake Python module to inject export_keytab() method into existing samba.net.Net class.
+ * Python enforces that every loaded module actually creates Python module record in
+ * the global module table even if we don't really need that record. Thus, we initialize
+ * dckeytab module but never use it.
+ * */
+void initdckeytab(void);
+static struct PyModuleDef moduledef = {
+    PyModuleDef_HEAD_INIT,
+    .m_name = "dckeytab",
+    .m_doc = "dckeytab",
+    .m_size = -1,
+    .m_methods = NULL
+};
+
+MODULE_INIT_FUNC(dckeytab)
+{
+	PyObject *m = NULL;
+	PyObject *Net;
+	PyObject *descr;
+	int ret;
+
+	m = PyModule_Create(&moduledef);
+	if (m == NULL)
+		return m;
+
+	m = PyImport_ImportModule("samba.net");
+        if (m == NULL)
+		return m;
+
+	Net = (PyObject *)PyObject_GetAttrString(m, "Net");
+	if (Net == NULL)
+		return m;
+
+	descr = PyDescr_NewMethod((PyTypeObject*)Net, &export_keytab_method_table[0]);
+	if (descr == NULL)
+		return m;
+
+	ret = PyDict_SetItemString(((PyTypeObject*)Net)->tp_dict,
+				     export_keytab_method_table[0].ml_name,
+				     descr);
+	if (ret != -1) {
+		Py_DECREF(descr);
+	}
+
+	return m;
+}
diff --git a/source4/libnet/userinfo.c b/source4/libnet/userinfo.c
new file mode 100644
index 0000000..ec40b81
--- /dev/null
+++ b/source4/libnet/userinfo.c
@@ -0,0 +1,382 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Rafal Szczesniak 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+  a composite function for getting user information via samr pipe
+*/
+
+#include "includes.h"
+#include "libcli/composite/composite.h"
+#include "librpc/gen_ndr/security.h"
+#include "libcli/security/security.h"
+#include "libnet/libnet.h"
+#include "librpc/gen_ndr/ndr_samr_c.h"
+
+
+struct userinfo_state {
+	struct dcerpc_binding_handle *binding_handle;
+	struct policy_handle      domain_handle;
+	struct policy_handle      user_handle;
+	uint16_t                  level;
+	struct samr_LookupNames   lookup;
+	struct samr_OpenUser      openuser;
+	struct samr_QueryUserInfo queryuserinfo;
+	struct samr_Close         samrclose;	
+	union  samr_UserInfo      *info;
+
+	/* information about the progress */
+	void (*monitor_fn)(struct monitor_msg *);
+};
+
+
+static void continue_userinfo_lookup(struct tevent_req *subreq);
+static void continue_userinfo_openuser(struct tevent_req *subreq);
+static void continue_userinfo_getuser(struct tevent_req *subreq);
+static void continue_userinfo_closeuser(struct tevent_req *subreq);
+
+
+/**
+ * Stage 1 (optional): Look for a username in SAM server.
+ */
+static void continue_userinfo_lookup(struct tevent_req *subreq)
+{
+	struct composite_context *c;
+	struct userinfo_state *s;
+	struct monitor_msg msg;
+	struct msg_rpc_lookup_name *msg_lookup;
+
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct userinfo_state);
+
+	/* receive samr_Lookup reply */
+	c->status = dcerpc_samr_LookupNames_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+	
+	/* there could be a problem with name resolving itself */
+	if (!NT_STATUS_IS_OK(s->lookup.out.result)) {
+		composite_error(c, s->lookup.out.result);
+		return;
+	}
+
+	/* issue a monitor message */
+	if (s->monitor_fn) {
+		msg.type = mon_SamrLookupName;
+		msg_lookup = talloc(s, struct msg_rpc_lookup_name);
+		msg_lookup->rid = s->lookup.out.rids->ids;
+		msg_lookup->count = s->lookup.out.rids->count;
+		msg.data = (void*)msg_lookup;
+		msg.data_size = sizeof(*msg_lookup);
+		
+		s->monitor_fn(&msg);
+	}
+	
+
+	/* have we actually got name resolved
+	   - we're looking for only one at the moment */
+	if (s->lookup.out.rids->count != s->lookup.in.num_names) {
+		composite_error(c, NT_STATUS_INVALID_NETWORK_RESPONSE);
+		return;
+	}
+	if (s->lookup.out.types->count != s->lookup.in.num_names) {
+		composite_error(c, NT_STATUS_INVALID_NETWORK_RESPONSE);
+		return;
+	}
+
+	/* TODO: find proper status code for more than one rid found */
+
+	/* prepare parameters for LookupNames */
+	s->openuser.in.domain_handle  = &s->domain_handle;
+	s->openuser.in.access_mask    = SEC_FLAG_MAXIMUM_ALLOWED;
+	s->openuser.in.rid            = s->lookup.out.rids->ids[0];
+	s->openuser.out.user_handle   = &s->user_handle;
+
+	/* send request */
+	subreq = dcerpc_samr_OpenUser_r_send(s, c->event_ctx,
+					     s->binding_handle,
+					     &s->openuser);
+	if (composite_nomem(subreq, c)) return;
+
+	tevent_req_set_callback(subreq, continue_userinfo_openuser, c);
+}
+
+
+/**
+ * Stage 2: Open user policy handle.
+ */
+static void continue_userinfo_openuser(struct tevent_req *subreq)
+{
+	struct composite_context *c;
+	struct userinfo_state *s;
+	struct monitor_msg msg;
+	struct msg_rpc_open_user *msg_open;
+
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct userinfo_state);
+
+	/* receive samr_OpenUser reply */
+	c->status = dcerpc_samr_OpenUser_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	if (!NT_STATUS_IS_OK(s->openuser.out.result)) {
+		composite_error(c, s->openuser.out.result);
+		return;
+	}
+
+	/* issue a monitor message */
+	if (s->monitor_fn) {
+		msg.type = mon_SamrOpenUser;
+		msg_open = talloc(s, struct msg_rpc_open_user);
+		msg_open->rid = s->openuser.in.rid;
+		msg_open->access_mask = s->openuser.in.access_mask;
+		msg.data = (void*)msg_open;
+		msg.data_size = sizeof(*msg_open);
+		
+		s->monitor_fn(&msg);
+	}
+	
+	/* prepare parameters for QueryUserInfo call */
+	s->queryuserinfo.in.user_handle = &s->user_handle;
+	s->queryuserinfo.in.level       = s->level;
+	s->queryuserinfo.out.info       = talloc(s, union samr_UserInfo *);
+	if (composite_nomem(s->queryuserinfo.out.info, c)) return;
+	
+	/* queue rpc call, set event handling and new state */
+	subreq = dcerpc_samr_QueryUserInfo_r_send(s, c->event_ctx,
+						  s->binding_handle,
+						  &s->queryuserinfo);
+	if (composite_nomem(subreq, c)) return;
+	
+	tevent_req_set_callback(subreq, continue_userinfo_getuser, c);
+}
+
+
+/**
+ * Stage 3: Get requested user information.
+ */
+static void continue_userinfo_getuser(struct tevent_req *subreq)
+{
+	struct composite_context *c;
+	struct userinfo_state *s;
+	struct monitor_msg msg;
+	struct msg_rpc_query_user *msg_query;
+
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct userinfo_state);
+
+	/* receive samr_QueryUserInfo reply */
+	c->status = dcerpc_samr_QueryUserInfo_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	/* check if queryuser itself went ok */
+	if (!NT_STATUS_IS_OK(s->queryuserinfo.out.result)) {
+		composite_error(c, s->queryuserinfo.out.result);
+		return;
+	}
+
+	s->info = talloc_steal(s, *(s->queryuserinfo.out.info));
+
+	/* issue a monitor message */
+	if (s->monitor_fn) {
+		msg.type = mon_SamrQueryUser;
+		msg_query = talloc(s, struct msg_rpc_query_user);
+		msg_query->level = s->queryuserinfo.in.level;
+		msg.data = (void*)msg_query;
+		msg.data_size = sizeof(*msg_query);
+		
+		s->monitor_fn(&msg);
+	}
+	
+	/* prepare arguments for Close call */
+	s->samrclose.in.handle  = &s->user_handle;
+	s->samrclose.out.handle = &s->user_handle;
+	
+	/* queue rpc call, set event handling and new state */
+	subreq = dcerpc_samr_Close_r_send(s, c->event_ctx,
+					  s->binding_handle,
+					  &s->samrclose);
+	if (composite_nomem(subreq, c)) return;
+	
+	tevent_req_set_callback(subreq, continue_userinfo_closeuser, c);
+}
+
+
+/**
+ * Stage 4: Close policy handle associated with opened user.
+ */
+static void continue_userinfo_closeuser(struct tevent_req *subreq)
+{
+	struct composite_context *c;
+	struct userinfo_state *s;
+	struct monitor_msg msg;
+	struct msg_rpc_close_user *msg_close;
+
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type_abort(c->private_data, struct userinfo_state);
+
+	/* receive samr_Close reply */
+	c->status = dcerpc_samr_Close_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	if (!NT_STATUS_IS_OK(s->samrclose.out.result)) {
+		composite_error(c, s->samrclose.out.result);
+		return;
+	}
+
+	/* issue a monitor message */
+	if (s->monitor_fn) {
+		msg.type = mon_SamrClose;
+		msg_close = talloc(s, struct msg_rpc_close_user);
+		msg_close->rid = s->openuser.in.rid;
+		msg.data = (void*)msg_close;
+		msg.data_size = sizeof(*msg_close);
+
+		s->monitor_fn(&msg);
+	}
+
+	composite_done(c);
+}
+
+
+/**
+ * Sends asynchronous userinfo request
+ *
+ * @param p dce/rpc call pipe 
+ * @param io arguments and results of the call
+ */
+struct composite_context *libnet_rpc_userinfo_send(TALLOC_CTX *mem_ctx,
+						   struct tevent_context *ev,
+						   struct dcerpc_binding_handle *b,
+						   struct libnet_rpc_userinfo *io,
+						   void (*monitor)(struct monitor_msg*))
+{
+	struct composite_context *c;
+	struct userinfo_state *s;
+	struct dom_sid *sid;
+	struct tevent_req *subreq;
+
+	if (!b || !io) return NULL;
+	
+	c = composite_create(mem_ctx, ev);
+	if (c == NULL) return c;
+	
+	s = talloc_zero(c, struct userinfo_state);
+	if (composite_nomem(s, c)) return c;
+
+	c->private_data = s;
+
+	s->level         = io->in.level;
+	s->binding_handle= b;
+	s->domain_handle = io->in.domain_handle;
+	s->monitor_fn    = monitor;
+
+	if (io->in.sid) {
+		sid = dom_sid_parse_talloc(s, io->in.sid);
+		if (composite_nomem(sid, c)) return c;
+
+		s->openuser.in.domain_handle  = &s->domain_handle;
+		s->openuser.in.access_mask    = SEC_FLAG_MAXIMUM_ALLOWED;
+		s->openuser.in.rid            = sid->sub_auths[sid->num_auths - 1];
+		s->openuser.out.user_handle   = &s->user_handle;
+		
+		/* send request */
+		subreq = dcerpc_samr_OpenUser_r_send(s, c->event_ctx,
+						     s->binding_handle,
+						     &s->openuser);
+		if (composite_nomem(subreq, c)) return c;
+
+		tevent_req_set_callback(subreq, continue_userinfo_openuser, c);
+
+	} else {
+		/* preparing parameters to send rpc request */
+		s->lookup.in.domain_handle    = &s->domain_handle;
+		s->lookup.in.num_names        = 1;
+		s->lookup.in.names            = talloc_array(s, struct lsa_String, 1);
+		if (composite_nomem(s->lookup.in.names, c)) return c;
+		s->lookup.out.rids         = talloc_zero(s, struct samr_Ids);
+		s->lookup.out.types        = talloc_zero(s, struct samr_Ids);
+		if (composite_nomem(s->lookup.out.rids, c)) return c;
+		if (composite_nomem(s->lookup.out.types, c)) return c;
+
+		s->lookup.in.names[0].string  = talloc_strdup(s, io->in.username);
+		if (composite_nomem(s->lookup.in.names[0].string, c)) return c;
+		
+		/* send request */
+		subreq = dcerpc_samr_LookupNames_r_send(s, c->event_ctx,
+							s->binding_handle,
+							&s->lookup);
+		if (composite_nomem(subreq, c)) return c;
+		
+		tevent_req_set_callback(subreq, continue_userinfo_lookup, c);
+	}
+
+	return c;
+}
+
+
+/**
+ * Waits for and receives result of asynchronous userinfo call
+ * 
+ * @param c composite context returned by asynchronous userinfo call
+ * @param mem_ctx memory context of the call
+ * @param io pointer to results (and arguments) of the call
+ * @return nt status code of execution
+ */
+
+NTSTATUS libnet_rpc_userinfo_recv(struct composite_context *c, TALLOC_CTX *mem_ctx,
+				  struct libnet_rpc_userinfo *io)
+{
+	NTSTATUS status;
+	struct userinfo_state *s;
+	
+	/* wait for results of sending request */
+	status = composite_wait(c);
+	
+	if (NT_STATUS_IS_OK(status) && io) {
+		s = talloc_get_type_abort(c->private_data, struct userinfo_state);
+		talloc_steal(mem_ctx, s->info);
+		io->out.info = *s->info;
+	}
+	
+	/* memory context associated to composite context is no longer needed */
+	talloc_free(c);
+	return status;
+}
+
+
+/**
+ * Synchronous version of userinfo call
+ *
+ * @param pipe dce/rpc call pipe
+ * @param mem_ctx memory context for the call
+ * @param io arguments and results of the call
+ * @return nt status code of execution
+ */
+
+NTSTATUS libnet_rpc_userinfo(struct tevent_context *ev,
+			     struct dcerpc_binding_handle *b,
+			     TALLOC_CTX *mem_ctx,
+			     struct libnet_rpc_userinfo *io)
+{
+	struct composite_context *c = libnet_rpc_userinfo_send(mem_ctx, ev, b, io, NULL);
+	return libnet_rpc_userinfo_recv(c, mem_ctx, io);
+}
diff --git a/source4/libnet/userinfo.h b/source4/libnet/userinfo.h
new file mode 100644
index 0000000..273ad87
--- /dev/null
+++ b/source4/libnet/userinfo.h
@@ -0,0 +1,54 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Rafal Szczesniak 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include "librpc/gen_ndr/samr.h"
+
+/*
+ * IO structures for userinfo.c functions
+ */
+
+struct libnet_rpc_userinfo {
+	struct {
+		struct policy_handle domain_handle;
+		const char *username;
+		const char *sid;
+		uint16_t level;
+	} in;
+	struct {
+		union samr_UserInfo info;
+	} out;
+};
+
+
+/*
+ * Monitor messages sent from userinfo.c functions
+ */
+
+struct msg_rpc_open_user {
+	uint32_t rid, access_mask;
+};
+
+struct msg_rpc_query_user {
+	uint16_t level;
+};
+
+struct msg_rpc_close_user {
+	uint32_t rid;
+};
diff --git a/source4/libnet/userman.c b/source4/libnet/userman.c
new file mode 100644
index 0000000..9e76364
--- /dev/null
+++ b/source4/libnet/userman.c
@@ -0,0 +1,922 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Rafal Szczesniak 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+  a composite functions for user management operations (add/del/chg)
+*/
+
+#include "includes.h"
+#include "libcli/composite/composite.h"
+#include "libnet/libnet.h"
+#include "librpc/gen_ndr/ndr_samr_c.h"
+
+/*
+ * Composite USER ADD functionality
+ */
+
+struct useradd_state {
+	struct dcerpc_binding_handle *binding_handle;
+	struct policy_handle     domain_handle;
+	struct samr_CreateUser   createuser;
+	struct policy_handle     user_handle;
+	uint32_t                 user_rid;
+
+	/* information about the progress */
+	void (*monitor_fn)(struct monitor_msg *);
+};
+
+
+static void continue_useradd_create(struct tevent_req *subreq);
+
+
+/**
+ * Stage 1 (and the only one for now): Create user account.
+ */
+static void continue_useradd_create(struct tevent_req *subreq)
+{
+	struct composite_context *c;
+	struct useradd_state *s;
+
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type(c->private_data, struct useradd_state);
+
+	/* check rpc layer status code */
+	c->status = dcerpc_samr_CreateUser_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	/* check create user call status code */
+	c->status = s->createuser.out.result;
+
+	/* get created user account data */
+	s->user_handle = *s->createuser.out.user_handle;
+	s->user_rid    = *s->createuser.out.rid;
+
+	/* issue a monitor message */
+	if (s->monitor_fn) {
+		struct monitor_msg msg;
+		struct msg_rpc_create_user rpc_create;
+
+		rpc_create.rid = *s->createuser.out.rid;
+
+		msg.type      = mon_SamrCreateUser;
+		msg.data      = (void*)&rpc_create;
+		msg.data_size = sizeof(rpc_create);
+		
+		s->monitor_fn(&msg);
+	}
+	
+	composite_done(c);
+}
+
+
+/**
+ * Sends asynchronous useradd request
+ *
+ * @param p dce/rpc call pipe 
+ * @param io arguments and results of the call
+ * @param monitor monitor function for providing information about the progress
+ */
+
+struct composite_context *libnet_rpc_useradd_send(TALLOC_CTX *mem_ctx,
+						  struct tevent_context *ev,
+						  struct dcerpc_binding_handle *b,
+						  struct libnet_rpc_useradd *io,
+						  void (*monitor)(struct monitor_msg*))
+{
+	struct composite_context *c;
+	struct useradd_state *s;
+	struct tevent_req *subreq;
+
+	if (!b || !io) return NULL;
+
+	/* composite allocation and setup */
+	c = composite_create(mem_ctx, ev);
+	if (c == NULL) return NULL;
+	
+	s = talloc_zero(c, struct useradd_state);
+	if (composite_nomem(s, c)) return c;
+	
+	c->private_data = s;
+
+	/* put passed arguments to the state structure */
+	s->domain_handle = io->in.domain_handle;
+	s->binding_handle= b;
+	s->monitor_fn    = monitor;
+	
+	/* preparing parameters to send rpc request */
+	s->createuser.in.domain_handle         = &io->in.domain_handle;
+
+	s->createuser.in.account_name          = talloc_zero(c, struct lsa_String);
+	if (composite_nomem(s->createuser.in.account_name, c)) return c;
+
+	s->createuser.in.account_name->string  = talloc_strdup(c, io->in.username);
+	if (composite_nomem(s->createuser.in.account_name->string, c)) return c;
+
+	s->createuser.out.user_handle          = &s->user_handle;
+	s->createuser.out.rid                  = &s->user_rid;
+
+	/* send the request */
+	subreq = dcerpc_samr_CreateUser_r_send(s, c->event_ctx,
+					       s->binding_handle,
+					       &s->createuser);
+	if (composite_nomem(subreq, c)) return c;
+
+	tevent_req_set_callback(subreq, continue_useradd_create, c);
+	return c;
+}
+
+
+/**
+ * Waits for and receives result of asynchronous useradd call
+ * 
+ * @param c composite context returned by asynchronous useradd call
+ * @param mem_ctx memory context of the call
+ * @param io pointer to results (and arguments) of the call
+ * @return nt status code of execution
+ */
+
+NTSTATUS libnet_rpc_useradd_recv(struct composite_context *c, TALLOC_CTX *mem_ctx,
+				 struct libnet_rpc_useradd *io)
+{
+	NTSTATUS status;
+	struct useradd_state *s;
+	
+	status = composite_wait(c);
+	
+	if (NT_STATUS_IS_OK(status) && io) {
+		/* get and return result of the call */
+		s = talloc_get_type(c->private_data, struct useradd_state);
+		io->out.user_handle = s->user_handle;
+	}
+
+	talloc_free(c);
+	return status;
+}
+
+
+/**
+ * Synchronous version of useradd call
+ *
+ * @param pipe dce/rpc call pipe
+ * @param mem_ctx memory context for the call
+ * @param io arguments and results of the call
+ * @return nt status code of execution
+ */
+
+NTSTATUS libnet_rpc_useradd(struct tevent_context *ev,
+			    struct dcerpc_binding_handle *b,
+			    TALLOC_CTX *mem_ctx,
+			    struct libnet_rpc_useradd *io)
+{
+	struct composite_context *c = libnet_rpc_useradd_send(mem_ctx, ev, b, io, NULL);
+	return libnet_rpc_useradd_recv(c, mem_ctx, io);
+}
+
+
+
+/*
+ * Composite USER DELETE functionality
+ */
+
+
+struct userdel_state {
+	struct dcerpc_binding_handle *binding_handle;
+	struct policy_handle      domain_handle;
+	struct policy_handle      user_handle;
+	struct samr_LookupNames   lookupname;
+	struct samr_OpenUser      openuser;
+	struct samr_DeleteUser    deleteuser;
+
+	/* information about the progress */
+	void (*monitor_fn)(struct monitor_msg *);
+};
+
+
+static void continue_userdel_name_found(struct tevent_req *subreq);
+static void continue_userdel_user_opened(struct tevent_req *subreq);
+static void continue_userdel_deleted(struct tevent_req *subreq);
+
+
+/**
+ * Stage 1: Lookup the user name and resolve it to rid
+ */
+static void continue_userdel_name_found(struct tevent_req *subreq)
+{
+	struct composite_context *c;
+	struct userdel_state *s;
+	struct monitor_msg msg;
+
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type(c->private_data, struct userdel_state);
+
+	/* receive samr_LookupNames result */
+	c->status = dcerpc_samr_LookupNames_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	c->status = s->lookupname.out.result;
+	if (!NT_STATUS_IS_OK(c->status)) {
+		composite_error(c, c->status);
+		return;
+	}
+
+	/* what to do when there's no user account to delete
+	   and what if there's more than one rid resolved */
+	if (s->lookupname.out.rids->count != s->lookupname.in.num_names) {
+		composite_error(c, NT_STATUS_INVALID_NETWORK_RESPONSE);
+		return;
+	}
+	if (s->lookupname.out.types->count != s->lookupname.in.num_names) {
+		composite_error(c, NT_STATUS_INVALID_NETWORK_RESPONSE);
+		return;
+	}
+
+	/* issue a monitor message */
+	if (s->monitor_fn) {
+		struct msg_rpc_lookup_name msg_lookup;
+
+		msg_lookup.rid   = s->lookupname.out.rids->ids;
+		msg_lookup.count = s->lookupname.out.rids->count;
+
+		msg.type      = mon_SamrLookupName;
+		msg.data      = (void*)&msg_lookup;
+		msg.data_size = sizeof(msg_lookup);
+		s->monitor_fn(&msg);
+	}
+
+	/* prepare the arguments for rpc call */
+	s->openuser.in.domain_handle = &s->domain_handle;
+	s->openuser.in.rid           = s->lookupname.out.rids->ids[0];
+	s->openuser.in.access_mask   = SEC_FLAG_MAXIMUM_ALLOWED;
+	s->openuser.out.user_handle  = &s->user_handle;
+
+	/* send rpc request */
+	subreq = dcerpc_samr_OpenUser_r_send(s, c->event_ctx,
+					     s->binding_handle,
+					     &s->openuser);
+	if (composite_nomem(subreq, c)) return;
+
+	tevent_req_set_callback(subreq, continue_userdel_user_opened, c);
+}
+
+
+/**
+ * Stage 2: Open user account.
+ */
+static void continue_userdel_user_opened(struct tevent_req *subreq)
+{
+	struct composite_context *c;
+	struct userdel_state *s;
+	struct monitor_msg msg;
+
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type(c->private_data, struct userdel_state);
+
+	/* receive samr_OpenUser result */
+	c->status = dcerpc_samr_OpenUser_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	c->status = s->openuser.out.result;
+	if (!NT_STATUS_IS_OK(c->status)) {
+		composite_error(c, c->status);
+		return;
+	}
+	
+	/* issue a monitor message */
+	if (s->monitor_fn) {
+		struct msg_rpc_open_user msg_open;
+
+		msg_open.rid         = s->openuser.in.rid;
+		msg_open.access_mask = s->openuser.in.access_mask;
+
+		msg.type      = mon_SamrOpenUser;
+		msg.data      = (void*)&msg_open;
+		msg.data_size = sizeof(msg_open);
+		s->monitor_fn(&msg);
+	}
+
+	/* prepare the final rpc call arguments */
+	s->deleteuser.in.user_handle   = &s->user_handle;
+	s->deleteuser.out.user_handle  = &s->user_handle;
+	
+	/* send rpc request */
+	subreq = dcerpc_samr_DeleteUser_r_send(s, c->event_ctx,
+					       s->binding_handle,
+					       &s->deleteuser);
+	if (composite_nomem(subreq, c)) return;
+
+	/* callback handler setup */
+	tevent_req_set_callback(subreq, continue_userdel_deleted, c);
+}
+
+
+/**
+ * Stage 3: Delete user account
+ */
+static void continue_userdel_deleted(struct tevent_req *subreq)
+{
+	struct composite_context *c;
+	struct userdel_state *s;
+	struct monitor_msg msg;
+
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type(c->private_data, struct userdel_state);
+
+	/* receive samr_DeleteUser result */
+	c->status = dcerpc_samr_DeleteUser_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	/* return the actual function call status */
+	c->status = s->deleteuser.out.result;
+	if (!NT_STATUS_IS_OK(c->status)) {
+		composite_error(c, c->status);
+		return;
+	}
+	
+	/* issue a monitor message */
+	if (s->monitor_fn) {
+		msg.type      = mon_SamrDeleteUser;
+		msg.data      = NULL;
+		msg.data_size = 0;
+		s->monitor_fn(&msg);
+	}
+
+	composite_done(c);
+}
+
+
+/**
+ * Sends asynchronous userdel request
+ *
+ * @param p dce/rpc call pipe
+ * @param io arguments and results of the call
+ * @param monitor monitor function for providing information about the progress
+ */
+
+struct composite_context *libnet_rpc_userdel_send(TALLOC_CTX *mem_ctx,
+						  struct tevent_context *ev,
+						  struct dcerpc_binding_handle *b,
+						  struct libnet_rpc_userdel *io,
+						  void (*monitor)(struct monitor_msg*))
+{
+	struct composite_context *c;
+	struct userdel_state *s;
+	struct tevent_req *subreq;
+
+	/* composite context allocation and setup */
+	c = composite_create(mem_ctx, ev);
+	if (c == NULL) return NULL;
+
+	s = talloc_zero(c, struct userdel_state);
+	if (composite_nomem(s, c)) return c;
+
+	c->private_data  = s;
+
+	/* store function parameters in the state structure */
+	s->binding_handle= b;
+	s->domain_handle = io->in.domain_handle;
+	s->monitor_fn    = monitor;
+	
+	/* preparing parameters to send rpc request */
+	s->lookupname.in.domain_handle = &io->in.domain_handle;
+	s->lookupname.in.num_names     = 1;
+	s->lookupname.in.names         = talloc_zero(s, struct lsa_String);
+	s->lookupname.in.names->string = io->in.username;
+	s->lookupname.out.rids         = talloc_zero(s, struct samr_Ids);
+	s->lookupname.out.types        = talloc_zero(s, struct samr_Ids);
+	if (composite_nomem(s->lookupname.out.rids, c)) return c;
+	if (composite_nomem(s->lookupname.out.types, c)) return c;
+
+	/* send the request */
+	subreq = dcerpc_samr_LookupNames_r_send(s, c->event_ctx,
+						s->binding_handle,
+						&s->lookupname);
+	if (composite_nomem(subreq, c)) return c;
+
+	/* set the next stage */
+	tevent_req_set_callback(subreq, continue_userdel_name_found, c);
+	return c;
+}
+
+
+/**
+ * Waits for and receives results of asynchronous userdel call
+ *
+ * @param c composite context returned by asynchronous userdel call
+ * @param mem_ctx memory context of the call
+ * @param io pointer to results (and arguments) of the call
+ * @return nt status code of execution
+ */
+
+NTSTATUS libnet_rpc_userdel_recv(struct composite_context *c, TALLOC_CTX *mem_ctx,
+				 struct libnet_rpc_userdel *io)
+{
+	NTSTATUS status;
+	struct userdel_state *s;
+	
+	status = composite_wait(c);
+
+	if (NT_STATUS_IS_OK(status) && io) {
+		s  = talloc_get_type(c->private_data, struct userdel_state);
+		io->out.user_handle = s->user_handle;
+	}
+
+	talloc_free(c);
+	return status;
+}
+
+
+/**
+ * Synchronous version of userdel call
+ *
+ * @param pipe dce/rpc call pipe
+ * @param mem_ctx memory context for the call
+ * @param io arguments and results of the call
+ * @return nt status code of execution
+ */
+
+NTSTATUS libnet_rpc_userdel(struct tevent_context *ev,
+			    struct dcerpc_binding_handle *b,
+			    TALLOC_CTX *mem_ctx,
+			    struct libnet_rpc_userdel *io)
+{
+	struct composite_context *c = libnet_rpc_userdel_send(mem_ctx, ev, b, io, NULL);
+	return libnet_rpc_userdel_recv(c, mem_ctx, io);
+}
+
+
+/*
+ * USER MODIFY functionality
+ */
+
+static void continue_usermod_name_found(struct tevent_req *subreq);
+static void continue_usermod_user_opened(struct tevent_req *subreq);
+static void continue_usermod_user_queried(struct tevent_req *subreq);
+static void continue_usermod_user_changed(struct tevent_req *subreq);
+
+
+struct usermod_state {
+	struct dcerpc_binding_handle *binding_handle;
+	struct policy_handle       domain_handle;
+	struct policy_handle       user_handle;
+	struct usermod_change      change;
+	union  samr_UserInfo       info;
+	struct samr_LookupNames    lookupname;
+	struct samr_OpenUser       openuser;
+	struct samr_SetUserInfo    setuser;
+	struct samr_QueryUserInfo  queryuser;
+
+	/* information about the progress */
+	void (*monitor_fn)(struct monitor_msg *);
+};
+
+
+/**
+ * Step 1: Lookup user name
+ */
+static void continue_usermod_name_found(struct tevent_req *subreq)
+{
+	struct composite_context *c;
+	struct usermod_state *s;
+	struct monitor_msg msg;
+
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type(c->private_data, struct usermod_state);
+
+	/* receive samr_LookupNames result */
+	c->status = dcerpc_samr_LookupNames_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	c->status = s->lookupname.out.result;
+	if (!NT_STATUS_IS_OK(c->status)) {
+		composite_error(c, c->status);
+		return;
+	}
+
+	/* what to do when there's no user account to delete
+	   and what if there's more than one rid resolved */
+	if (s->lookupname.out.rids->count != s->lookupname.in.num_names) {
+		composite_error(c, NT_STATUS_INVALID_NETWORK_RESPONSE);
+		return;
+	}
+	if (s->lookupname.out.types->count != s->lookupname.in.num_names) {
+		composite_error(c, NT_STATUS_INVALID_NETWORK_RESPONSE);
+		return;
+	}
+
+	/* issue a monitor message */
+	if (s->monitor_fn) {
+		struct msg_rpc_lookup_name msg_lookup;
+
+		msg_lookup.rid   = s->lookupname.out.rids->ids;
+		msg_lookup.count = s->lookupname.out.rids->count;
+
+		msg.type      = mon_SamrLookupName;
+		msg.data      = (void*)&msg_lookup;
+		msg.data_size = sizeof(msg_lookup);
+		s->monitor_fn(&msg);
+	}
+
+	/* prepare the next rpc call */
+	s->openuser.in.domain_handle = &s->domain_handle;
+	s->openuser.in.rid           = s->lookupname.out.rids->ids[0];
+	s->openuser.in.access_mask   = SEC_FLAG_MAXIMUM_ALLOWED;
+	s->openuser.out.user_handle  = &s->user_handle;
+
+	/* send the rpc request */
+	subreq = dcerpc_samr_OpenUser_r_send(s, c->event_ctx,
+					     s->binding_handle,
+					     &s->openuser);
+	if (composite_nomem(subreq, c)) return;
+
+	tevent_req_set_callback(subreq, continue_usermod_user_opened, c);
+}
+
+
+/**
+ * Choose a proper level of samr_UserInfo structure depending on required
+ * change specified by means of flags field. Subsequent calls of this
+ * function are made until there's no flags set meaning that all of the
+ * changes have been made.
+ */
+static bool usermod_setfields(struct usermod_state *s, uint16_t *level,
+			      union samr_UserInfo *i, bool queried)
+{
+	if (s->change.fields == 0) return s->change.fields;
+
+	*level = 0;
+
+	if ((s->change.fields & USERMOD_FIELD_ACCOUNT_NAME) &&
+	    (*level == 0 || *level == 7)) {
+		*level = 7;
+		i->info7.account_name.string = s->change.account_name;
+		
+		s->change.fields ^= USERMOD_FIELD_ACCOUNT_NAME;
+	}
+
+	if ((s->change.fields & USERMOD_FIELD_FULL_NAME) &&
+	    (*level == 0 || *level == 8)) {
+		*level = 8;
+		i->info8.full_name.string = s->change.full_name;
+		
+		s->change.fields ^= USERMOD_FIELD_FULL_NAME;
+	}
+	
+	if ((s->change.fields & USERMOD_FIELD_DESCRIPTION) &&
+	    (*level == 0 || *level == 13)) {
+		*level = 13;
+		i->info13.description.string = s->change.description;
+		
+		s->change.fields ^= USERMOD_FIELD_DESCRIPTION;		
+	}
+
+	if ((s->change.fields & USERMOD_FIELD_COMMENT) &&
+	    (*level == 0 || *level == 2)) {
+		*level = 2;
+		
+		if (queried) {
+			/* the user info is obtained, so now set the required field */
+			i->info2.comment.string = s->change.comment;
+			s->change.fields ^= USERMOD_FIELD_COMMENT;
+			
+		} else {
+			/* we need to query the user info before setting one field in it */
+			return false;
+		}
+	}
+
+	if ((s->change.fields & USERMOD_FIELD_LOGON_SCRIPT) &&
+	    (*level == 0 || *level == 11)) {
+		*level = 11;
+		i->info11.logon_script.string = s->change.logon_script;
+		
+		s->change.fields ^= USERMOD_FIELD_LOGON_SCRIPT;
+	}
+
+	if ((s->change.fields & USERMOD_FIELD_PROFILE_PATH) &&
+	    (*level == 0 || *level == 12)) {
+		*level = 12;
+		i->info12.profile_path.string = s->change.profile_path;
+		
+		s->change.fields ^= USERMOD_FIELD_PROFILE_PATH;
+	}
+
+	if ((s->change.fields & USERMOD_FIELD_HOME_DIRECTORY) &&
+	    (*level == 0 || *level == 10)) {
+		*level = 10;
+		
+		if (queried) {
+			i->info10.home_directory.string = s->change.home_directory;
+			s->change.fields ^= USERMOD_FIELD_HOME_DIRECTORY;
+		} else {
+			return false;
+		}
+	}
+
+	if ((s->change.fields & USERMOD_FIELD_HOME_DRIVE) &&
+	    (*level == 0 || *level == 10)) {
+		*level = 10;
+		
+		if (queried) {
+			i->info10.home_drive.string = s->change.home_drive;
+			s->change.fields ^= USERMOD_FIELD_HOME_DRIVE;
+		} else {
+			return false;
+		}
+	}
+	
+	if ((s->change.fields & USERMOD_FIELD_ACCT_EXPIRY) &&
+	    (*level == 0 || *level == 17)) {
+		*level = 17;
+		i->info17.acct_expiry = timeval_to_nttime(s->change.acct_expiry);
+		
+		s->change.fields ^= USERMOD_FIELD_ACCT_EXPIRY;
+	}
+
+	if ((s->change.fields & USERMOD_FIELD_ACCT_FLAGS) &&
+	    (*level == 0 || *level == 16)) {
+		*level = 16;
+		i->info16.acct_flags = s->change.acct_flags;
+		
+		s->change.fields ^= USERMOD_FIELD_ACCT_FLAGS;
+	}
+
+	/* We're going to be here back again soon unless all fields have been set */
+	return true;
+}
+
+
+static NTSTATUS usermod_change(struct composite_context *c,
+			       struct usermod_state *s)
+{
+	bool do_set;
+	union samr_UserInfo *i = &s->info;
+	struct tevent_req *subreq;
+
+	/* set the level to invalid value, so that unless setfields routine 
+	   gives it a valid value we report the error correctly */
+	uint16_t level = 27;
+
+	/* prepare UserInfo level and data based on bitmask field */
+	do_set = usermod_setfields(s, &level, i, false);
+
+	if (level < 1 || level > 26) {
+		/* apparently there's a field that the setfields routine
+		   does not know how to set */
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/* If some specific level is used to set user account data and the change
+	   itself does not cover all fields then we need to query the user info
+	   first, right before changing the data. Otherwise we could set required
+	   fields and accidentally reset the others.
+	*/
+	if (!do_set) {
+		s->queryuser.in.user_handle = &s->user_handle;
+		s->queryuser.in.level       = level;
+		s->queryuser.out.info       = talloc(s, union samr_UserInfo *);
+		if (composite_nomem(s->queryuser.out.info, c)) return NT_STATUS_NO_MEMORY;
+
+
+		/* send query user info request to retrieve complete data of
+		   a particular info level */
+		subreq = dcerpc_samr_QueryUserInfo_r_send(s, c->event_ctx,
+							  s->binding_handle,
+							  &s->queryuser);
+		if (composite_nomem(subreq, c)) return NT_STATUS_NO_MEMORY;
+		tevent_req_set_callback(subreq, continue_usermod_user_queried, c);
+
+	} else {
+		s->setuser.in.user_handle  = &s->user_handle;
+		s->setuser.in.level        = level;
+		s->setuser.in.info         = i;
+
+		/* send set user info request after making required change */
+		subreq = dcerpc_samr_SetUserInfo_r_send(s, c->event_ctx,
+							s->binding_handle,
+							&s->setuser);
+		if (composite_nomem(subreq, c)) return NT_STATUS_NO_MEMORY;
+		tevent_req_set_callback(subreq, continue_usermod_user_changed, c);
+	}
+	
+	return NT_STATUS_OK;
+}
+
+
+/**
+ * Stage 2: Open user account
+ */
+static void continue_usermod_user_opened(struct tevent_req *subreq)
+{
+	struct composite_context *c;
+	struct usermod_state *s;
+
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type(c->private_data, struct usermod_state);
+
+	c->status = dcerpc_samr_OpenUser_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	c->status = s->openuser.out.result;
+	if (!NT_STATUS_IS_OK(c->status)) {
+		composite_error(c, c->status);
+		return;
+	}
+
+	c->status = usermod_change(c, s);
+}
+
+
+/**
+ * Stage 2a (optional): Query the user information
+ */
+static void continue_usermod_user_queried(struct tevent_req *subreq)
+{
+	struct composite_context *c;
+	struct usermod_state *s;
+	union samr_UserInfo *i;
+	uint16_t level = 0;
+	
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type(c->private_data, struct usermod_state);
+
+	i = &s->info;
+
+	/* receive samr_QueryUserInfo result */
+	c->status = dcerpc_samr_QueryUserInfo_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	c->status = s->queryuser.out.result;
+	if (!NT_STATUS_IS_OK(c->status)) {
+		composite_error(c, c->status);
+		return;
+	}
+
+	/* get returned user data and make a change (potentially one
+	   of many) */
+	s->info = *(*s->queryuser.out.info);
+
+	usermod_setfields(s, &level, i, true);
+
+	/* prepare rpc call arguments */
+	s->setuser.in.user_handle  = &s->user_handle;
+	s->setuser.in.level        = level;
+	s->setuser.in.info         = i;
+
+	/* send the rpc request */
+	subreq = dcerpc_samr_SetUserInfo_r_send(s, c->event_ctx,
+						s->binding_handle,
+						&s->setuser);
+	if (composite_nomem(subreq, c)) return;
+	tevent_req_set_callback(subreq, continue_usermod_user_changed, c);
+}
+
+
+/**
+ * Stage 3: Set new user account data
+ */
+static void continue_usermod_user_changed(struct tevent_req *subreq)
+{
+	struct composite_context *c;
+	struct usermod_state *s;
+	
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type(c->private_data, struct usermod_state);
+
+	/* receive samr_SetUserInfo result */
+	c->status = dcerpc_samr_SetUserInfo_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	/* return the actual function call status */
+	c->status = s->setuser.out.result;
+	if (!NT_STATUS_IS_OK(c->status)) {
+		composite_error(c, c->status);
+		return;
+	}
+
+	if (s->change.fields == 0) {
+		/* all fields have been set - we're done */
+		composite_done(c);
+
+	} else {
+		/* something's still not changed - repeat the procedure */
+		c->status = usermod_change(c, s);
+	}
+}
+
+
+/**
+ * Sends asynchronous usermod request
+ *
+ * @param p dce/rpc call pipe
+ * @param io arguments and results of the call
+ * @param monitor monitor function for providing information about the progress
+ */
+
+struct composite_context *libnet_rpc_usermod_send(TALLOC_CTX *mem_ctx,
+						  struct tevent_context *ev,
+						  struct dcerpc_binding_handle *b,
+						  struct libnet_rpc_usermod *io,
+						  void (*monitor)(struct monitor_msg*))
+{
+	struct composite_context *c;
+	struct usermod_state *s;
+	struct tevent_req *subreq;
+
+	/* composite context allocation and setup */
+	c = composite_create(mem_ctx, ev);
+	if (c == NULL) return NULL;
+	s = talloc_zero(c, struct usermod_state);
+	if (composite_nomem(s, c)) return c;
+
+	c->private_data = s;
+
+	/* store parameters in the call structure */
+	s->binding_handle= b;
+	s->domain_handle = io->in.domain_handle;
+	s->change        = io->in.change;
+	s->monitor_fn    = monitor;
+	
+	/* prepare rpc call arguments */
+	s->lookupname.in.domain_handle = &io->in.domain_handle;
+	s->lookupname.in.num_names     = 1;
+	s->lookupname.in.names         = talloc_zero(s, struct lsa_String);
+	s->lookupname.in.names->string = io->in.username;
+	s->lookupname.out.rids         = talloc_zero(s, struct samr_Ids);
+	s->lookupname.out.types        = talloc_zero(s, struct samr_Ids);
+	if (composite_nomem(s->lookupname.out.rids, c)) return c;
+	if (composite_nomem(s->lookupname.out.types, c)) return c;
+
+	/* send the rpc request */
+	subreq = dcerpc_samr_LookupNames_r_send(s, c->event_ctx,
+						s->binding_handle,
+						&s->lookupname);
+	if (composite_nomem(subreq, c)) return c;
+	
+	/* callback handler setup */
+	tevent_req_set_callback(subreq, continue_usermod_name_found, c);
+	return c;
+}
+
+
+/**
+ * Waits for and receives results of asynchronous usermod call
+ *
+ * @param c composite context returned by asynchronous usermod call
+ * @param mem_ctx memory context of the call
+ * @param io pointer to results (and arguments) of the call
+ * @return nt status code of execution
+ */
+
+NTSTATUS libnet_rpc_usermod_recv(struct composite_context *c, TALLOC_CTX *mem_ctx,
+				 struct libnet_rpc_usermod *io)
+{
+	NTSTATUS status;
+	
+	status = composite_wait(c);
+
+	talloc_free(c);
+	return status;
+}
+
+
+/**
+ * Synchronous version of usermod call
+ *
+ * @param pipe dce/rpc call pipe
+ * @param mem_ctx memory context for the call
+ * @param io arguments and results of the call
+ * @return nt status code of execution
+ */
+
+NTSTATUS libnet_rpc_usermod(struct tevent_context *ev,
+			    struct dcerpc_binding_handle *b,
+			    TALLOC_CTX *mem_ctx,
+			    struct libnet_rpc_usermod *io)
+{
+	struct composite_context *c = libnet_rpc_usermod_send(mem_ctx, ev, b, io, NULL);
+	return libnet_rpc_usermod_recv(c, mem_ctx, io);
+}
diff --git a/source4/libnet/userman.h b/source4/libnet/userman.h
new file mode 100644
index 0000000..b681c25
--- /dev/null
+++ b/source4/libnet/userman.h
@@ -0,0 +1,106 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Rafal Szczesniak 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "librpc/gen_ndr/misc.h"
+
+
+/*
+ * IO structures for userman.c functions
+ */
+
+struct libnet_rpc_useradd {
+	struct {
+		struct policy_handle domain_handle;
+		const char *username;
+	} in;
+	struct {
+		struct policy_handle user_handle;
+	} out;
+};
+
+
+struct libnet_rpc_userdel {
+	struct {
+		struct policy_handle domain_handle;
+		const char *username;
+	} in;
+	struct {
+		struct policy_handle user_handle;
+	} out;
+};
+
+
+#define USERMOD_FIELD_ACCOUNT_NAME    ( 0x00000001 )
+#define USERMOD_FIELD_FULL_NAME       ( 0x00000002 )
+#define USERMOD_FIELD_DESCRIPTION     ( 0x00000010 )
+#define USERMOD_FIELD_COMMENT         ( 0x00000020 )
+#define USERMOD_FIELD_HOME_DIRECTORY  ( 0x00000040 )
+#define USERMOD_FIELD_HOME_DRIVE      ( 0x00000080 )
+#define USERMOD_FIELD_LOGON_SCRIPT    ( 0x00000100 )
+#define USERMOD_FIELD_PROFILE_PATH    ( 0x00000200 )
+#define USERMOD_FIELD_WORKSTATIONS    ( 0x00000400 )
+#define USERMOD_FIELD_LOGON_HOURS     ( 0x00002000 )
+#define USERMOD_FIELD_ACCT_EXPIRY     ( 0x00004000 )
+#define USERMOD_FIELD_ACCT_FLAGS      ( 0x00100000 )
+#define USERMOD_FIELD_PARAMETERS      ( 0x00200000 )
+#define USERMOD_FIELD_COUNTRY_CODE    ( 0x00400000 )
+#define USERMOD_FIELD_CODE_PAGE       ( 0x00800000 )
+
+struct libnet_rpc_usermod {
+	struct {
+		struct policy_handle domain_handle;
+		const char *username;
+
+		struct usermod_change {
+			uint32_t fields;    /* bitmask field */
+
+			const char *account_name;
+			const char *full_name;
+			const char *description;
+			const char *comment;
+			const char *logon_script;
+			const char *profile_path;
+			const char *home_directory;
+			const char *home_drive;
+			const char *workstations;
+			struct timeval *acct_expiry;
+			struct timeval *allow_password_change;
+			struct timeval *force_password_change;
+			struct timeval *last_logon;
+			struct timeval *last_logoff;
+			struct timeval *last_password_change;
+			uint32_t acct_flags;
+		} change;
+	} in;
+};
+
+
+/*
+ * Monitor messages sent from userman.c functions
+ */
+
+struct msg_rpc_create_user {
+	uint32_t rid;
+};
+
+
+struct msg_rpc_lookup_name {
+	uint32_t *rid;
+	uint32_t count;
+};
diff --git a/source4/libnet/wscript_build b/source4/libnet/wscript_build
new file mode 100644
index 0000000..0ec06f2
--- /dev/null
+++ b/source4/libnet/wscript_build
@@ -0,0 +1,29 @@
+#!/usr/bin/env python
+
+pytalloc_util = bld.pyembed_libname('pytalloc-util')
+pyrpc_util = bld.pyembed_libname('pyrpc_util')
+provision = bld.pyembed_libname('PROVISION')
+name = bld.pyembed_libname('samba-net')
+auto_proto='libnet_proto.h'
+bld.SAMBA_LIBRARY(name,
+        source='libnet.c libnet_passwd.c libnet_time.c libnet_rpc.c libnet_join.c libnet_site.c libnet_become_dc.c libnet_unbecome_dc.c libnet_vampire.c libnet_user.c libnet_group.c libnet_share.c libnet_lookup.c libnet_domain.c userinfo.c groupinfo.c userman.c groupman.c prereq_domain.c',
+        autoproto=auto_proto,
+        deps='INIT_SAMR',
+        public_deps='samba-credentials dcerpc dcerpc-samr RPC_NDR_LSA RPC_NDR_SRVSVC RPC_NDR_DRSUAPI cli_composite LIBCLI_RESOLVE LIBCLI_FINDDCS cli_cldap LIBCLI_FINDDCS gensec_schannel LIBCLI_AUTH ndr smbpasswdparser %s LIBCLI_SAMSYNC LIBTSOCKET GNUTLS_HELPERS' % (provision),
+        private_library=True,
+        pyembed=True,
+        enabled=bld.PYTHON_BUILD_IS_ENABLED()
+        )
+
+bld.SAMBA_PYTHON('python_net',
+        source='py_net.c',
+        deps='%s %s %s' % (name, pyrpc_util, pytalloc_util),
+        realname='samba/net.so'
+        )
+
+bld.SAMBA_PYTHON('python_dckeytab',
+        source='py_net_dckeytab.c libnet_export_keytab.c',
+        deps='%s db-glue krb5 com_err' % (pyrpc_util),
+        realname='samba/dckeytab.so',
+        enabled=bld.CONFIG_SET('AD_DC_BUILD_IS_ENABLED')
+        )
diff --git a/source4/librpc/dcerpc.pc.in b/source4/librpc/dcerpc.pc.in
new file mode 100644
index 0000000..53e83d9
--- /dev/null
+++ b/source4/librpc/dcerpc.pc.in
@@ -0,0 +1,11 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: dcerpc
+Description: DCE/RPC client library
+Requires: ndr samba-util
+Version: @PACKAGE_VERSION@
+Libs: @LIB_RPATH@ -L${libdir} -ldcerpc -ldcerpc-binding
+Cflags: -I${includedir} -DHAVE_IMMEDIATE_STRUCTURES=1
diff --git a/source4/librpc/dcerpc_samr.pc.in b/source4/librpc/dcerpc_samr.pc.in
new file mode 100644
index 0000000..cd2d74a
--- /dev/null
+++ b/source4/librpc/dcerpc_samr.pc.in
@@ -0,0 +1,11 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: dcerpc_samr
+Description: DCE/RPC client library - SAMR
+Requires: dcerpc ndr ndr_standard
+Version: @PACKAGE_VERSION@
+Libs: @LIB_RPATH@ -L${libdir} -ldcerpc-samr
+Cflags: -I${includedir}  -DHAVE_IMMEDIATE_STRUCTURES=1
diff --git a/source4/librpc/gen_ndr/README b/source4/librpc/gen_ndr/README
new file mode 100644
index 0000000..5ccb89d
--- /dev/null
+++ b/source4/librpc/gen_ndr/README
@@ -0,0 +1,4 @@
+This contains the generated files from PIDL for the IDL files in ../idl/*.idl
+
+DO NOT REMOVE THIS FILE. The waf 1.5 build relies on this directory
+existing in the source tree.
diff --git a/source4/librpc/idl/IDL_LICENSE.txt b/source4/librpc/idl/IDL_LICENSE.txt
new file mode 100644
index 0000000..01ae670
--- /dev/null
+++ b/source4/librpc/idl/IDL_LICENSE.txt
@@ -0,0 +1,9 @@
+The IDL files in this directory are made available by the Samba Team
+under the following license:
+
+  Permission to use, copy, modify, and distribute these interface
+  definitions for any purpose is hereby granted without fee.
+
+  This work is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/source4/librpc/idl/irpc.idl b/source4/librpc/idl/irpc.idl
new file mode 100644
index 0000000..b4517da
--- /dev/null
+++ b/source4/librpc/idl/irpc.idl
@@ -0,0 +1,221 @@
+#include "idl_types.h"
+
+import "misc.idl", "security.idl", "nbt.idl", "netlogon.idl", "server_id.idl";
+
+/*
+  definitions for irpc primitives
+*/
+[ uuid("e770c620-0b06-4b5e-8d87-a26e20f28340"),
+  version(1.0),
+  pointer_default(unique)
+] interface irpc
+{
+	typedef bitmap {
+		IRPC_FLAG_REPLY    = 0x0001
+	} irpc_flags;
+
+	typedef struct {
+		security_token *token;
+	} irpc_creds;
+
+	typedef [public] struct {
+		GUID uuid;
+		uint32 if_version;
+		uint32 callnum;
+		uint32 callid;
+		irpc_flags flags;
+		NTSTATUS status;
+		[subcontext(4)] irpc_creds creds;
+		[flag(NDR_ALIGN8)] DATA_BLOB _pad;
+	} irpc_header;
+
+	typedef [public] struct {
+		utf8string name;
+		uint32 count;
+		[size_is(count)] server_id ids[*];
+	} irpc_name_record;
+
+	typedef [public] struct {
+		[size_is(num_records)] irpc_name_record *names[*];
+		uint32 num_records;
+	} irpc_name_records;
+
+	/******************************************************
+         uptime call - supported by all messaging servers
+	*******************************************************/
+	void irpc_uptime([out,ref] NTTIME *start_time);
+
+	/******************************************************
+         management calls for the nbt server
+	******************************************************/
+	typedef [v1_enum] enum {
+		NBTD_INFO_STATISTICS
+	} nbtd_info_level;
+
+	typedef struct {
+		hyper total_received;
+		hyper total_sent;
+		hyper query_count;
+		hyper register_count;
+		hyper release_count;
+	} nbtd_statistics;
+
+	typedef [switch_type(nbtd_info_level)] union {
+		[case(NBTD_INFO_STATISTICS)] nbtd_statistics *stats;
+	} nbtd_info;
+
+	void nbtd_information(
+		[in]  nbtd_info_level level,
+		[out,switch_is(level)] nbtd_info info
+		);
+
+	/* Send a GetDCName from the privileged port (owned by nbtd),
+	 * and await a reply */
+
+	void nbtd_getdcname(
+		[in] astring domainname,
+		[in] astring ip_address,
+		[in] astring my_computername,
+		[in] astring my_accountname,
+		[in] uint32 account_control,
+		[in] dom_sid *domain_sid,
+		[out,unique] astring *dcname
+		);
+
+	typedef struct {
+		ipv4address addr;
+	} nbtd_proxy_wins_addr;
+
+	void nbtd_proxy_wins_challenge(
+		[in] nbt_name name,
+		[in,out] uint32 num_addrs,
+		[in,out] nbtd_proxy_wins_addr addrs[num_addrs]
+		);
+
+	void nbtd_proxy_wins_release_demand(
+		[in] nbt_name name,
+		[in] uint32 num_addrs,
+		[in] nbtd_proxy_wins_addr addrs[num_addrs]
+		);
+
+	/*
+	  Generic Kerberos package call (on the NETLOGON pipe, as a SamLogon)
+
+	  The normal use for this call is to check the PAC signature in the KDC
+	  
+	  The KDC has the routines to check this, so it is easier to
+	  proxy the request over by IRPC than set up the environment
+	 */
+
+	void kdc_check_generic_kerberos(
+		[in] DATA_BLOB generic_request,
+		[out] DATA_BLOB generic_reply
+		);
+
+	/******************************************************
+         management calls for the smb server
+	******************************************************/
+	typedef [v1_enum] enum {
+		SMBSRV_INFO_SESSIONS,
+		SMBSRV_INFO_TCONS
+	} smbsrv_info_level;
+
+	typedef struct {
+		hyper vuid;
+		astring account_name;
+		astring domain_name;
+		astring client_ip;
+		NTTIME  connect_time;
+		NTTIME  auth_time;
+		NTTIME  last_use_time;
+	} smbsrv_session_info;
+
+	typedef struct {
+		uint32 num_sessions;
+		[size_is(num_sessions)] smbsrv_session_info *sessions;
+	} smbsrv_sessions;
+
+	typedef struct {
+		uint32 tid;
+		astring share_name;
+		astring client_ip;
+		NTTIME  connect_time;
+		NTTIME  last_use_time;
+	} smbsrv_tcon_info;
+
+	typedef struct {
+		uint32 num_tcons;
+		[size_is(num_tcons)] smbsrv_tcon_info *tcons;
+	} smbsrv_tcons;
+
+	typedef [switch_type(smbsrv_info_level)] union {
+		[case(SMBSRV_INFO_SESSIONS)] smbsrv_sessions sessions;
+		[case(SMBSRV_INFO_TCONS)]    smbsrv_tcons    tcons;
+	} smbsrv_info;
+
+	void smbsrv_information(
+		[in]  smbsrv_info_level level,
+		[out,switch_is(level)] smbsrv_info info
+		);
+
+	/*
+	  called when samba should shutdown
+	 */
+	void samba_terminate(
+		[in] astring reason
+		);
+
+	/******************************************************
+         management calls for the drepl server
+	******************************************************/
+	/**
+	 * Force dreplsrv to fefresh internal cache.
+	 * @param partition_dn Partition to refresh cache for.
+	 *                     If empty/NULL, refresh all partitions.
+	 */
+	WERROR dreplsrv_refresh();
+
+	/*
+	  called when role transfer is requested via LDAP
+	*/
+	typedef [v1_enum] enum {
+               DREPL_SCHEMA_MASTER,
+               DREPL_RID_MASTER,
+               DREPL_INFRASTRUCTURE_MASTER,
+               DREPL_NAMING_MASTER,
+               DREPL_PDC_MASTER
+	} drepl_role_master;
+
+	WERROR drepl_takeFSMORole(
+		[in] drepl_role_master role
+		);
+
+	/*
+	 * message to tell the drepl server to initiate a REPL_SECRET
+	 * replication of a users secrets
+	 */
+	void drepl_trigger_repl_secret(
+		[in] astring user_dn
+		);
+
+	/*
+	  message to do RODC DNS updates via the dnsupdate task
+	*/
+	NTSTATUS dnsupdate_RODC(
+		[in,unique] dom_sid *dom_sid,
+		[in,unique] [string,charset(UTF16)] uint16 *site_name,
+		[in] uint32 dns_ttl,
+		[in,out,ref] NL_DNS_NAME_INFO_ARRAY *dns_names
+		);
+
+	/******************************************************
+	 * Management calls for the dns server
+	 ******************************************************/
+	/**
+	 * Force internal DNS server to reload the DNS zones.
+	 *
+	 * Called when zones are added or deleted through RPC
+	 * or replicated by DRS.
+	 */
+	NTSTATUS dnssrv_reload_dns_zones();
+}
diff --git a/source4/librpc/idl/ntp_signd.idl b/source4/librpc/idl/ntp_signd.idl
new file mode 100644
index 0000000..c081ca0
--- /dev/null
+++ b/source4/librpc/idl/ntp_signd.idl
@@ -0,0 +1,40 @@
+/*
+  NTP signing IRPC interface
+*/
+
+#include "idl_types.h"
+
+[
+  uuid("0da00951-5b6c-4488-9a89-750cac70920c"),
+  version(1.0),
+  pointer_default(unique)
+]
+interface ntp_signd
+{
+
+	const int NTP_SIGND_PROTOCOL_VERSION_0 = 0;
+
+	typedef [v1_enum] enum {
+		SIGN_TO_CLIENT = 0,
+		ASK_SERVER_TO_SIGN = 1,
+		CHECK_SERVER_SIGNATURE = 2,
+		SIGNING_SUCCESS = 3,
+		SIGNING_FAILURE = 4
+	} ntp_signd_op;
+
+	typedef [flag(NDR_BIG_ENDIAN),public] struct {
+		[value(NTP_SIGND_PROTOCOL_VERSION_0)] uint32 version;
+		ntp_signd_op op;
+		uint16 packet_id;
+		[flag(NDR_LITTLE_ENDIAN)] uint32 key_id;
+		[flag(NDR_REMAINING)]	DATA_BLOB packet_to_sign;
+		
+	} sign_request;
+
+	typedef [flag(NDR_BIG_ENDIAN),public] struct samba_key_out {
+		[value(NTP_SIGND_PROTOCOL_VERSION_0)] uint32 version;
+		ntp_signd_op op;
+		uint32 packet_id;
+		[flag(NDR_REMAINING)]	DATA_BLOB signed_packet;
+	} signed_reply;
+}
diff --git a/source4/librpc/idl/opendb.idl b/source4/librpc/idl/opendb.idl
new file mode 100644
index 0000000..b769929
--- /dev/null
+++ b/source4/librpc/idl/opendb.idl
@@ -0,0 +1,46 @@
+#include "idl_types.h"
+
+/*
+   IDL structures for opendb code
+
+   this defines the structures used in the opendb database code, in 
+   ntvfs/common/opendb.c
+*/
+
+import "server_id.idl";
+
+[
+  pointer_default(unique)
+]
+interface opendb
+{
+	typedef struct {
+		server_id server;
+		uint32 stream_id;
+		uint32 share_access;
+		uint32 access_mask;
+		pointer file_handle;
+		pointer fd;
+		/* we need a per-entry delete on close, as well as a per-file
+		   one, to cope with strange semantics on open */
+		boolean8 delete_on_close;
+		boolean8 allow_level_II_oplock;
+		uint32 oplock_level;
+	} opendb_entry;
+
+	typedef struct {
+		server_id server;
+		pointer notify_ptr;
+	} opendb_pending;
+
+	typedef [public] struct {
+		boolean8 delete_on_close;
+		NTTIME open_write_time;
+		NTTIME changed_write_time;
+		utf8string path;
+		uint32 num_entries;
+		opendb_entry entries[num_entries];
+		uint32 num_pending;
+		opendb_pending pending[num_pending];
+	} opendb_file;
+}
diff --git a/source4/librpc/idl/sasl_helpers.idl b/source4/librpc/idl/sasl_helpers.idl
new file mode 100644
index 0000000..5f5d521
--- /dev/null
+++ b/source4/librpc/idl/sasl_helpers.idl
@@ -0,0 +1,20 @@
+#include "idl_types.h"
+
+[
+  uuid("7512b2f4-5f4f-11e4-bbe6-3c970e8d8226"),
+  version(1.0),
+  pointer_default(unique),
+  helpstring("SASL helpers")
+]
+interface sasl_helpers {
+	typedef [public,flag(NDR_NOALIGN|NDR_BIG_ENDIAN|NDR_PAHEX)] struct {
+		[value(strlen_m(authid))] uint16 authid_length;
+		[charset(UTF8)] uint8 authid[authid_length];
+		uint16 passwd_length;
+		uint8 passwd[passwd_length];
+		[value(strlen_m(service))] uint16 service_length;
+		[charset(UTF8)] uint8 service[service_length];
+		[value(strlen_m(realm))] uint16 realm_length;
+		[charset(UTF8)] uint8 realm[realm_length];
+	} saslauthdRequest;
+}
diff --git a/source4/librpc/idl/winbind.idl b/source4/librpc/idl/winbind.idl
new file mode 100644
index 0000000..f79eba7
--- /dev/null
+++ b/source4/librpc/idl/winbind.idl
@@ -0,0 +1,35 @@
+/*
+  winbind IRPC interface
+*/
+
+#include "idl_types.h"
+
+import "netlogon.idl";
+
+[
+  uuid("b875118e-47a3-4210-b5f7-c240cce656b2"),
+  version(1.0),
+  pointer_default(unique)
+]
+interface winbind
+{
+	typedef [switch_type(uint16)] union netr_LogonLevel netr_LogonLevel;
+	typedef [switch_type(uint16)] union netr_Validation netr_Validation;
+
+	/*
+	 * do a netr_LogonSamLogon() against the right DC
+	 */
+	NTSTATUS winbind_SamLogon(
+		[in]  uint16 logon_level,
+		[in]  [switch_is(logon_level)] netr_LogonLevel logon,
+		[in]  uint16 validation_level,
+		[out] [switch_is(validation_level)] netr_Validation validation,
+		[out] uint8 authoritative
+	);
+
+	NTSTATUS winbind_DsrUpdateReadOnlyServerDnsRecords(
+		[in,unique] [string,charset(UTF16)] uint16 *site_name,
+		[in] uint32 dns_ttl,
+		[in,out,ref] NL_DNS_NAME_INFO_ARRAY *dns_names
+		);
+}
diff --git a/source4/librpc/idl/winsif.idl b/source4/librpc/idl/winsif.idl
new file mode 100644
index 0000000..433e6bc
--- /dev/null
+++ b/source4/librpc/idl/winsif.idl
@@ -0,0 +1,342 @@
+#include "idl_types.h"
+
+import "nbt.idl";
+
+[
+	uuid("45f52c28-7f9f-101a-b52b-08002b2efabe"),
+	version(1.0),
+	helpstring("WINS Administration Interface1"),
+	helper("../libcli/nbt/libnbt.h"),
+	pointer_default(unique)
+] interface winsif
+{
+	/*****************/
+	/* Function 0x00 */
+	typedef struct {
+		uint8 type;
+		uint32 length;
+		ipv4address addr;
+	} winsif_Address;
+
+	typedef enum {
+		WINSIF_ACTION_INSERT	= 0x0000,
+		WINSIF_ACTION_DELETE	= 0x0001,
+		WINSIF_ACTION_RELEASE	= 0x0002,
+		WINSIF_ACTION_MODIFY	= 0x0003,
+		WINSIF_ACTION_QUERY	= 0x0004
+	} winsif_Action;
+
+	typedef enum {
+		WINSIF_RECORD_UNIQUE_NAME	= 0x0000,
+		WINSIF_RECORD_GROUP_NAME	= 0x0001,
+		WINSIF_RECORD_SGROUP_NAME	= 0x0002,
+		WINSIF_RECORD_MHOMED_NAME	= 0x0003
+	} winsif_RecordType;
+
+	typedef [enum8bit] enum {
+		WINSIF_NODE_B	= 0x00,
+		WINSIF_NODE_P	= 0x01,
+		WINSIF_NODE_H	= 0x03
+	} winsif_NodeType;
+
+	typedef [v1_enum] enum {
+		WINSIF_RECORD_ACTIVE	= 0x00000000,
+		WINSIF_RECORD_RELEASED	= 0x00000001,
+		WINSIF_RECORD_TOMBSTONE	= 0x00000002,
+		WINSIF_RECORD_DELETED	= 0x00000003
+	} winsif_RecordState;
+
+	typedef struct {
+		winsif_Action cmd;
+		wrepl_nbt_name *name;
+		[value(name?16:0)] uint32 name_len;
+		winsif_RecordType record_type;
+		uint32 num_of_addresses;
+		[size_is(num_of_addresses)] winsif_Address *addresses;
+		winsif_Address address;
+		hyper version_number;
+		winsif_NodeType node_type;
+		ipv4address owner_address;
+		winsif_RecordState record_state;
+		boolean32 is_static;
+		time_t expire_time;
+	} winsif_RecordAction;
+
+	WERROR winsif_WinsRecordAction(
+		[in,out,ref] winsif_RecordAction **record_action
+	);
+
+	/*****************/
+	/* Function 0x01 */
+	typedef struct {
+		winsif_Address address;
+		hyper version_number;
+	} winsif_AddressVersionMap;
+
+	typedef enum {
+		WINSIF_PRIORITY_NORMAL	= 0x0000,
+		WINSIF_PRIORITY_HIGH	= 0x0001
+	} winsif_PriorityClass;
+
+	typedef struct {
+		winsif_Address address;
+		uint32 num_replications;
+		uint32 num_communication_failures;
+	} winsif_ReplCounter;
+
+	typedef struct {
+		uint32 num_unique_registrations;
+		uint32 num_group_registrations;
+		uint32 num_queries;
+		uint32 num_successful_queries;
+		uint32 num_failed_queries;
+		uint32 num_unique_refreshes;
+		uint32 num_group_refreshes;
+		uint32 num_releases;
+		uint32 num_successful_releases;
+		uint32 num_failed_releases;
+		uint32 num_unique_conflicts;
+		uint32 num_group_conflicts;
+	} winsif_StatCounters;
+
+	typedef struct {
+		time_t wins_start_time;
+		time_t last_periodic_scavenging;
+		time_t last_triggered_scavenging;
+		time_t last_tombstone_scavenging;
+		time_t last_verification_scavenging;
+		time_t last_periodic_pull_replication;
+		time_t last_triggered_pull_replication;
+		time_t ignore_last_ntrepl;
+		time_t ignore_last_actrepl;
+		time_t last_init_db;
+		time_t counter_reset;
+	} winsif_StatTimeStamps;
+
+	typedef struct {
+		winsif_StatCounters counters;
+		winsif_StatTimeStamps time_stamps;
+		uint32 num_partners;
+		[size_is(num_partners)] winsif_ReplCounter *partners;
+	} winsif_Stat;
+
+	typedef struct {
+		uint32 num_owners;
+		winsif_AddressVersionMap address_version_maps[25];
+		hyper my_max_version_number;
+		uint32 refresh_interval;
+		uint32 tombstone_interval;
+		uint32 tombstone_timeout;
+		uint32 verify_interval;
+		winsif_PriorityClass prioritiy_class;
+		uint32 num_worker_threads;
+		winsif_Stat wstat;
+	} winsif_Results;
+
+	typedef enum {
+		WINSIF_STATUS_CMD_ADDRESS_VERSION_MAP	= 0x0000,
+		WINSIF_STATUS_CMD_CONFIG		= 0x0001,
+		WINSIF_STATUS_CMD_STAT			= 0x0002,
+		WINSIF_STATUS_CMD_ALL_MAPS		= 0x0003
+	} winsif_StatusCmd;
+
+	WERROR winsif_WinsStatus(
+		[in] winsif_StatusCmd cmd,
+		[in,out,ref] winsif_Results *results
+	);
+
+	/*****************/
+	/* Function 0x02 */
+	typedef enum {
+		WINSIF_TRIGGER_PULL	= 0x0000,
+		WINSIF_TRIGGER_PUSH	= 0x0001,
+		WINSIF_TRIGGER_PUSH_PROP= 0x0002
+	} winsif_TriggerType;
+
+	WERROR winsif_WinsTrigger(
+		[in,ref] winsif_Address *owner_address,
+		[in] winsif_TriggerType trigger_type
+	);
+
+	/*****************/
+	/* Function 0x03 */
+	WERROR winsif_WinsDoStaticInit(
+		[in,unique,string,charset(UTF16)] uint16 *data_file_path,
+		[in] boolean32 delete_file
+	);
+
+	/*****************/
+	/* Function 0x04 */
+	WERROR winsif_WinsDoScavenging();
+
+	/*****************/
+	/* Function 0x05 */
+	typedef struct {
+		uint32 buffer_size;
+		[size_is(num_records)] winsif_RecordAction *row;
+		uint32 num_records;
+		uint32 total_num_records;
+	} winsif_Records;
+
+	WERROR winsif_WinsGetDbRecs(
+		[in,unique] winsif_Address *owner_address,
+		[in] hyper min_version_number,
+		[in] hyper max_version_number,
+		[out,ref] winsif_Records *records
+	);
+
+	/*****************/
+	/* Function 0x06 */
+	WERROR winsif_WinsTerm(
+		[in] uint16 abrupt_termination
+	);
+
+	/*****************/
+	/* Function 0x07 */
+	WERROR winsif_WinsBackup(
+		[in,ref,string,charset(DOS)] uint8 *backup_path,
+		[in] uint16 incremental
+	);
+
+	/*****************/
+	/* Function 0x08 */
+	WERROR winsif_WinsDelDbRecs(
+		[in,ref] winsif_Address *owner_address,
+		[in] hyper min_version_number,
+		[in] hyper max_version_number
+	);
+
+	/*****************/
+	/* Function 0x09 */
+	WERROR winsif_WinsPullRange(
+		[in,ref] winsif_Address *server_address,
+		[in,ref] winsif_Address *owner_address,
+		[in] hyper min_version_number,
+		[in] hyper max_version_number
+	);
+
+	/*****************/
+	/* Function 0x0A */
+	WERROR winsif_WinsSetPriorityClass(
+		[in] winsif_PriorityClass prioritiy_class
+	);
+
+	/*****************/
+	/* Function 0x0B */
+	WERROR winsif_WinsResetCounters();
+
+	/*****************/
+	/* Function 0x0C */
+	WERROR winsif_WinsWorkerThreadUpdate(
+		[in] uint32 num_of_threads
+	);
+
+	/*****************/
+	/* Function 0x0D */
+	WERROR winsif_WinsGetNameAndAdd(
+		[out,ref] winsif_Address *server_address,
+		/*
+		 * TODO: fix pidl to handles this completely correct...
+		 *       currently it gives a warning about a missing pointer.
+		 */
+		[out,ref,string,charset(DOS),size_is(80)] uint8 *unc_name
+	);
+
+	/*****************/
+	/* Function 0x0E */
+	typedef struct {
+		uint32 name_len;
+		[string,charset(DOS)] uint8 *name;
+	} winsif_BrowserInfo;
+
+	typedef struct {
+		uint32 num_entries;
+		[size_is(num_entries)] winsif_BrowserInfo *info;
+	} winsif_BrowserNames;
+
+	WERROR winsif_WinsGetBrowserNames_Old(
+		[out,ref] winsif_BrowserNames *names
+	);
+
+	/*****************/
+	/* Function 0x0F */
+	WERROR winsif_WinsDeleteWins(
+		[in,ref] winsif_Address *owner_address
+	);
+
+	/*****************/
+	/* Function 0x10 */
+	WERROR winsif_WinsSetFlags(
+		[in] uint32 flags
+	);
+
+	/*****************/
+	/* Function 0x11 */
+	typedef struct {
+		boolean32 tcp_ip;
+		[string,charset(DOS)] uint8 *server_address;
+		[string,charset(DOS)] uint8 *pipe_name;
+	} winsif_BindData;
+
+	WERROR winsif_WinsGetBrowserNames(
+		[in,ref] winsif_BindData *server_handle,
+		[out,ref] winsif_BrowserNames *names
+	);
+
+	/*****************/
+	/* Function 0x12 */
+	WERROR winsif_WinsGetDbRecsByName(
+		[in,unique] winsif_Address *owner_address,
+		[in] boolean32 search_backward,
+		[in,unique] wrepl_nbt_name *name,
+		[in,value(name?16:0),range(0,16)] uint32 name_len,
+		[in] uint32 num_records_desired,
+		[in] boolean32 only_statics,
+		[out,ref] winsif_Records *records
+	);
+
+	/*****************/
+	/* Function 0x13 */
+	typedef struct {
+		uint32 num_owners;
+		[size_is(num_owners)] winsif_AddressVersionMap *address_version_maps;
+		hyper my_max_version_number;
+		uint32 refresh_interval;
+		uint32 tombstone_interval;
+		uint32 tombstone_timeout;
+		uint32 verify_interval;
+		winsif_PriorityClass prioritiy_class;
+		uint32 num_worker_threads;
+		winsif_Stat wstat;
+	} winsif_ResultsNew;
+
+	WERROR winsif_WinsStatusNew(
+		[in] winsif_StatusCmd cmd,
+		[out,ref] winsif_ResultsNew *results
+	);
+
+	/*****************/
+	/* Function 0x14 */
+	WERROR winsif_WinsStatusWHdl(
+		[in,ref] winsif_BindData *server_handle,
+		[in] winsif_StatusCmd cmd,
+		[in,out,ref] winsif_ResultsNew *results
+	);
+
+	/*****************/
+	/* Function 0x15 */
+	typedef enum {
+		WINSIF_SCAVENGING_GENERAL	= 0x0000,
+		WINSIF_SCAVENGING_VERIFY	= 0x0001
+	} winsif_ScavengingOpcode;
+
+	typedef struct {
+		winsif_ScavengingOpcode opcode;
+		uint32 age;
+		boolean32 force;
+	} winsif_ScavengingRequest;
+
+	WERROR winsif_WinsDoScanvengingNew(
+		[in,ref] winsif_ScavengingRequest *request
+	);
+}
diff --git a/source4/librpc/idl/winsrepl.idl b/source4/librpc/idl/winsrepl.idl
new file mode 100644
index 0000000..4ef2e8e
--- /dev/null
+++ b/source4/librpc/idl/winsrepl.idl
@@ -0,0 +1,174 @@
+#include "idl_types.h"
+
+/*
+   IDL structures for WINS replication protocol (port 42)
+
+   Note that WINS replication is not traditionally encoded using
+   IDL/NDR
+
+   Written by Andrew Tridgell <tridge@osdl.org>
+*/
+
+import "nbt.idl";
+
+[
+	uuid("915f5653-bac1-431c-97ee-9ffb34526921"),
+	helpstring("WINS Replication PDUs"),
+	helper("../libcli/nbt/libnbt.h")
+] interface winsrepl
+{
+	const int WINS_REPLICATION_PORT = 42;
+
+	typedef [flag(NDR_BIG_ENDIAN)] struct {
+		ipv4address owner;
+		ipv4address ip;
+	} wrepl_ip;
+
+	typedef [flag(NDR_LITTLE_ENDIAN)] struct {
+		uint32      num_ips;
+		wrepl_ip    ips[num_ips];
+	} wrepl_address_list;
+
+	typedef [nodiscriminant] union {
+		[case(0)] ipv4address ip;
+		[case(2)] wrepl_address_list addresses;
+	} wrepl_addresses;
+
+	typedef [enum8bit] enum {
+		WREPL_TYPE_UNIQUE	= 0x0,
+		WREPL_TYPE_GROUP	= 0x1,
+		WREPL_TYPE_SGROUP	= 0x2,
+		WREPL_TYPE_MHOMED	= 0x3
+	} wrepl_name_type;
+
+	typedef [enum8bit] enum {
+		WREPL_STATE_ACTIVE	= 0x0,
+		WREPL_STATE_RELEASED	= 0x1,
+		WREPL_STATE_TOMBSTONE	= 0x2,
+		WREPL_STATE_RESERVED	= 0x3
+	} wrepl_name_state;
+
+	typedef [enum8bit] enum {
+		WREPL_NODE_B	= 0x0,
+		WREPL_NODE_P	= 0x1,
+		WREPL_NODE_M	= 0x2,
+		WREPL_NODE_H	= 0x3
+	} wrepl_name_node;
+
+	typedef [bitmap32bit] bitmap {
+		WREPL_FLAGS_RECORD_TYPE		= 0x00000003,
+		WREPL_FLAGS_RECORD_STATE	= 0x0000000C,
+		WREPL_FLAGS_REGISTERED_LOCAL	= 0x00000010,
+		WREPL_FLAGS_NODE_TYPE		= 0x00000060,
+		WREPL_FLAGS_IS_STATIC		= 0x00000080
+	} wrepl_flags;
+
+	typedef [v1_enum] enum {
+		WREPL_GROUP_FLAG_NO_GROUP	= 0x00000000,
+		WREPL_GROUP_FLAG_IS_GROUP	= 0x00000001
+	} wrepl_group_flag;
+
+#define WREPL_IS_GROUP(flags) (\
+	((((flags) & WREPL_FLAGS_RECORD_TYPE) == WREPL_TYPE_GROUP)|| \
+	(((flags) & WREPL_FLAGS_RECORD_TYPE) == WREPL_TYPE_SGROUP))\
+	? WREPL_GROUP_FLAG_IS_GROUP : WREPL_GROUP_FLAG_NO_GROUP)
+
+	typedef struct {
+		wrepl_nbt_name name;
+		wrepl_flags flags;
+		[flag(NDR_LITTLE_ENDIAN),value(WREPL_IS_GROUP(flags))] wrepl_group_flag is_group;
+		udlongr   id;
+		[switch_is(flags & 2)] wrepl_addresses addresses;
+		ipv4address unknown;
+	} wrepl_wins_name;
+
+	typedef struct {
+		uint32          num_names;
+		wrepl_wins_name names[num_names];
+	} wrepl_send_reply;
+
+	typedef struct {
+		ipv4address address;
+		udlongr     max_version;
+		udlongr     min_version;
+		uint32      type;
+	} wrepl_wins_owner;
+
+	typedef struct {
+		uint32           partner_count;
+		wrepl_wins_owner partners[partner_count];
+		ipv4address      initiator;
+	} wrepl_table;
+
+	typedef [v1_enum] enum {
+		WREPL_REPL_TABLE_QUERY  = 0,
+		WREPL_REPL_TABLE_REPLY  = 1,
+		WREPL_REPL_SEND_REQUEST = 2,
+		WREPL_REPL_SEND_REPLY   = 3,
+		WREPL_REPL_UPDATE       = 4,
+		WREPL_REPL_UPDATE2      = 5,
+		WREPL_REPL_INFORM       = 8,
+		WREPL_REPL_INFORM2      = 9
+	} wrepl_replication_cmd;
+
+	typedef [nodiscriminant] union {
+		[case(WREPL_REPL_TABLE_QUERY)] ;
+		[case(WREPL_REPL_TABLE_REPLY)]  wrepl_table      table;
+		[case(WREPL_REPL_SEND_REQUEST)] wrepl_wins_owner owner;
+		[case(WREPL_REPL_SEND_REPLY)]   wrepl_send_reply reply;
+		[case(WREPL_REPL_UPDATE)]       wrepl_table      table;
+		[case(WREPL_REPL_UPDATE2)]      wrepl_table      table;
+		[case(WREPL_REPL_INFORM)]       wrepl_table      table;
+		[case(WREPL_REPL_INFORM2)]      wrepl_table      table;
+	} wrepl_replication_info;
+
+	typedef struct {
+		wrepl_replication_cmd command;
+		[switch_is(command)] wrepl_replication_info info;
+	} wrepl_replication;
+
+	typedef struct {
+		uint32 assoc_ctx;
+		uint16 minor_version;
+		uint16 major_version;
+	} wrepl_start;
+
+	typedef struct {
+		uint32 reason;
+	} wrepl_stop;
+
+	typedef [v1_enum] enum {
+		WREPL_START_ASSOCIATION       = 0,
+		WREPL_START_ASSOCIATION_REPLY = 1,
+		WREPL_STOP_ASSOCIATION        = 2,
+		WREPL_REPLICATION             = 3
+	} wrepl_mess_type;
+
+	typedef [nodiscriminant] union {
+		[case(WREPL_START_ASSOCIATION)]       wrepl_start start;
+		[case(WREPL_START_ASSOCIATION_REPLY)] wrepl_start start_reply;
+		[case(WREPL_STOP_ASSOCIATION)]        wrepl_stop stop;
+		[case(WREPL_REPLICATION)]             wrepl_replication replication;
+	} wrepl_message;
+
+	/*
+	  the opcode appears to be a bitfield, but as far as I can tell
+	  you must always set the following bits. Additional bits don't
+	  seem to matter. Very strange.
+	*/
+	const int WREPL_OPCODE_BITS = 0x7800;
+
+
+	typedef [gensize,flag(NDR_BIG_ENDIAN|NDR_PAHEX),public] struct {
+		uint32                 opcode;
+		uint32                 assoc_ctx;
+		wrepl_mess_type        mess_type;
+		[switch_is(mess_type)] wrepl_message message;
+		[flag(NDR_REMAINING)] DATA_BLOB padding;
+	} wrepl_packet;
+
+	typedef [flag(NDR_BIG_ENDIAN|NDR_PAHEX),public] struct {
+		[value(ndr_size_wrepl_packet(&packet, ndr->flags))] uint32 size;
+		wrepl_packet    packet;
+	} wrepl_wrap;
+}
diff --git a/source4/librpc/idl/wscript_build b/source4/librpc/idl/wscript_build
new file mode 100644
index 0000000..58555e6
--- /dev/null
+++ b/source4/librpc/idl/wscript_build
@@ -0,0 +1,17 @@
+#!/usr/bin/env python
+
+import os
+
+topinclude=os.path.join(bld.srcnode.abspath(), 'librpc/idl')
+
+bld.SAMBA_PIDL_LIST('PIDL',
+		    source='''ntp_signd.idl
+                              opendb.idl sasl_helpers.idl
+                              winsif.idl winsrepl.idl''',
+                    options="--includedir=%s --header --ndr-parser" % topinclude,
+                    output_dir='../gen_ndr')
+
+bld.SAMBA_PIDL_LIST('PIDL',
+		    source='''irpc.idl''',
+                    options="--includedir=%s --header --ndr-parser --client --python" % topinclude,
+                    output_dir='../gen_ndr')
diff --git a/source4/librpc/ndr/py_auth.c b/source4/librpc/ndr/py_auth.c
new file mode 100644
index 0000000..8d233b3
--- /dev/null
+++ b/source4/librpc/ndr/py_auth.c
@@ -0,0 +1,76 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2011
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2011
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "lib/replace/system/python.h"
+#include "includes.h"
+#include "libcli/util/pyerrors.h"
+#include "pyauth.h"
+#include "auth/auth.h"
+#include "auth/credentials/pycredentials.h"
+#include "librpc/rpc/pyrpc_util.h"
+
+static void PyType_AddGetSet(PyTypeObject *type, PyGetSetDef *getset)
+{
+	PyObject *dict;
+	int i;
+	if (type->tp_dict == NULL)
+		type->tp_dict = PyDict_New();
+	dict = type->tp_dict;
+	for (i = 0; getset[i].name; i++) {
+		PyObject *descr;
+		descr = PyDescr_NewGetSet(type, &getset[i]);
+		PyDict_SetItemString(dict, getset[i].name, 
+				     descr);
+		Py_CLEAR(descr);
+	}
+}
+
+static PyObject *py_auth_session_get_credentials(PyObject *self, void *closure)
+{
+	struct auth_session_info *session = pytalloc_get_type(self, struct auth_session_info);
+	PyObject *py_credentials;
+	/* This is evil, as the credentials are not IDL structures */
+	py_credentials = py_return_ndr_struct("samba.credentials", "Credentials", session->credentials, session->credentials);
+	return py_credentials;
+}
+
+static int py_auth_session_set_credentials(PyObject *self, PyObject *value, void *closure)
+{
+	struct auth_session_info *session = pytalloc_get_type(self, struct auth_session_info);
+	session->credentials = talloc_reference(session, PyCredentials_AsCliCredentials(value));
+	return 0;
+}
+
+static PyGetSetDef py_auth_session_extra_getset[] = {
+	{
+		.name = discard_const_p(char, "credentials"),
+		.get  = (getter)py_auth_session_get_credentials,
+		.set  = (setter)py_auth_session_set_credentials,
+	},
+	{ .name = NULL },
+};
+
+static void py_auth_session_info_patch(PyTypeObject *type)
+{
+	PyType_AddGetSet(type, py_auth_session_extra_getset);
+}
+
+#define PY_SESSION_INFO_PATCH py_auth_session_info_patch
+
diff --git a/source4/librpc/ndr/py_lsa.c b/source4/librpc/ndr/py_lsa.c
new file mode 100644
index 0000000..c5e221f
--- /dev/null
+++ b/source4/librpc/ndr/py_lsa.c
@@ -0,0 +1,77 @@
+/*
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+
+   Copyright (C) Catalyst IT 2017
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+#include "lib/replace/system/python.h"
+#include "librpc/gen_ndr/lsa.h"
+
+static PyObject *py_lsa_String_str(PyObject *py_self)
+{
+	struct lsa_String *self = pytalloc_get_ptr(py_self);
+	PyObject *ret = NULL;
+	if (self->string == NULL) {
+		const char *empty = "";
+		ret = PyUnicode_FromString(empty);
+	} else {
+		ret = PyUnicode_FromString(self->string);
+	}
+	return ret;
+}
+
+static PyObject *py_lsa_String_repr(PyObject *py_self)
+{
+	struct lsa_String *self = pytalloc_get_ptr(py_self);
+	PyObject *ret = NULL;
+	if (self->string == NULL) {
+		const char *empty = "lsaString(None)";
+		ret = PyUnicode_FromString(empty);
+	} else {
+		ret = PyUnicode_FromFormat("lsaString('%s')", self->string);
+	}
+	return ret;
+}
+
+static int py_lsa_String_init(PyObject *self, PyObject *args, PyObject *kwargs)
+{
+	struct lsa_String *string = pytalloc_get_ptr(self);
+	const char *str = NULL;
+	const char *kwnames[] = { "str", NULL };
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|s", discard_const_p(char *, kwnames), &str))
+		return -1;
+
+	string->string = talloc_strdup(string, str);
+
+	if (str != NULL && string->string == NULL) {
+		PyErr_NoMemory();
+		return -1;
+	}
+
+	return 0;
+}
+
+
+static void py_lsa_String_patch(PyTypeObject *type)
+{
+	type->tp_init = py_lsa_String_init;
+	type->tp_str = py_lsa_String_str;
+	type->tp_repr = py_lsa_String_repr;
+}
+
+#define PY_STRING_PATCH py_lsa_String_patch
+
diff --git a/source4/librpc/ndr/py_misc.c b/source4/librpc/ndr/py_misc.c
new file mode 100644
index 0000000..16e2960
--- /dev/null
+++ b/source4/librpc/ndr/py_misc.c
@@ -0,0 +1,165 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+
+   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2008
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+#include "lib/replace/system/python.h"
+#include "python/py3compat.h"
+#include "librpc/gen_ndr/misc.h"
+
+static PyObject *py_GUID_richcmp(PyObject *py_self, PyObject *py_other, int op)
+{
+	int ret;
+	struct GUID *self = pytalloc_get_ptr(py_self), *other;
+	other = pytalloc_get_ptr(py_other);
+	if (other == NULL) {
+		Py_INCREF(Py_NotImplemented);
+		return Py_NotImplemented;
+	}
+
+	ret = GUID_compare(self, other);
+
+	switch (op) {
+		case Py_EQ: if (ret == 0) Py_RETURN_TRUE; else Py_RETURN_FALSE;
+		case Py_NE: if (ret != 0) Py_RETURN_TRUE; else Py_RETURN_FALSE;
+		case Py_LT: if (ret <  0) Py_RETURN_TRUE; else Py_RETURN_FALSE;
+		case Py_GT: if (ret >  0) Py_RETURN_TRUE; else Py_RETURN_FALSE;
+		case Py_LE: if (ret <= 0) Py_RETURN_TRUE; else Py_RETURN_FALSE;
+		case Py_GE: if (ret >= 0) Py_RETURN_TRUE; else Py_RETURN_FALSE;
+	}
+	Py_INCREF(Py_NotImplemented);
+	return Py_NotImplemented;
+}
+
+static PyObject *py_GUID_str(PyObject *py_self)
+{
+	struct GUID *self = pytalloc_get_ptr(py_self);
+	struct GUID_txt_buf buf;
+	PyObject *ret = PyUnicode_FromString(GUID_buf_string(self, &buf));
+	return ret;
+}
+
+static PyObject *py_GUID_repr(PyObject *py_self)
+{
+	struct GUID *self = pytalloc_get_ptr(py_self);
+	struct GUID_txt_buf buf;
+	PyObject *ret = PyUnicode_FromFormat(
+		"GUID('%s')", GUID_buf_string(self, &buf));
+	return ret;
+}
+
+static int py_GUID_init(PyObject *self, PyObject *args, PyObject *kwargs)
+{
+	PyObject *str = NULL;
+	NTSTATUS status;
+	struct GUID *guid = pytalloc_get_ptr(self);
+	const char *kwnames[] = { "str", NULL };
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|O", discard_const_p(char *, kwnames), &str))
+		return -1;
+
+	if (str != NULL) {
+		DATA_BLOB guid_val;
+		Py_ssize_t _size;
+
+		if (PyUnicode_Check(str)) {
+			guid_val.data =
+				discard_const_p(uint8_t,
+						PyUnicode_AsUTF8AndSize(str, &_size));
+		} else if (PyBytes_Check(str)) {
+			guid_val.data =
+				discard_const_p(uint8_t,
+						PyBytes_AsString(str));
+			_size = PyBytes_Size(str);
+		} else {
+			PyErr_SetString(PyExc_TypeError,
+					"Expected a string or bytes argument to GUID()");
+			return -1;
+		}
+		guid_val.length = _size;
+		status = GUID_from_data_blob(&guid_val, guid);
+		if (!NT_STATUS_IS_OK(status)) {
+			PyErr_SetNTSTATUS(status);
+			return -1;
+		}
+	}
+
+	return 0;
+}
+
+static void py_GUID_patch(PyTypeObject *type)
+{
+	type->tp_init = py_GUID_init;
+	type->tp_str = py_GUID_str;
+	type->tp_repr = py_GUID_repr;
+	type->tp_richcompare = py_GUID_richcmp;
+}
+
+#define PY_GUID_PATCH py_GUID_patch
+
+static int py_policy_handle_init(PyObject *self, PyObject *args, PyObject *kwargs)
+{
+	char *str = NULL;
+	NTSTATUS status;
+	struct policy_handle *handle = pytalloc_get_ptr(self);
+	const char *kwnames[] = { "uuid", "type", NULL };
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|sI", discard_const_p(char *, kwnames), &str, &handle->handle_type))
+		return -1;
+
+	if (str != NULL) {
+		status = GUID_from_string(str, &handle->uuid);
+		if (!NT_STATUS_IS_OK(status)) {
+			PyErr_SetNTSTATUS(status);
+			return -1;
+		}
+	}
+
+	return 0;
+}
+
+static PyObject *py_policy_handle_repr(PyObject *py_self)
+{
+	struct policy_handle *self = pytalloc_get_ptr(py_self);
+	struct GUID_txt_buf buf;
+	PyObject *ret = PyUnicode_FromFormat(
+		"policy_handle(%d, '%s')",
+		self->handle_type,
+		GUID_buf_string(&self->uuid, &buf));
+	return ret;
+}
+
+static PyObject *py_policy_handle_str(PyObject *py_self)
+{
+	struct policy_handle *self = pytalloc_get_ptr(py_self);
+	struct GUID_txt_buf buf;
+	PyObject *ret = PyUnicode_FromFormat(
+		"%d, %s",
+		self->handle_type,
+		GUID_buf_string(&self->uuid, &buf));
+	return ret;
+}
+
+static void py_policy_handle_patch(PyTypeObject *type)
+{
+	type->tp_init = py_policy_handle_init;
+	type->tp_repr = py_policy_handle_repr;
+	type->tp_str = py_policy_handle_str;
+}
+
+#define PY_POLICY_HANDLE_PATCH py_policy_handle_patch
+
diff --git a/source4/librpc/ndr/py_security.c b/source4/librpc/ndr/py_security.c
new file mode 100644
index 0000000..581f06e
--- /dev/null
+++ b/source4/librpc/ndr/py_security.c
@@ -0,0 +1,743 @@
+/*
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+
+   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2008-2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+#include "lib/replace/system/python.h"
+#include "gen_ndr/conditional_ace.h"
+#include "py3compat.h"
+#include "libcli/security/sddl.h"
+#include "libcli/security/security.h"
+
+
+/* Set up in py_mod_security_patch() */
+static PyObject *PyExc_SDDLValueError = NULL;
+
+
+static void PyType_AddMethods(PyTypeObject *type, PyMethodDef *methods)
+{
+	PyObject *dict;
+	int i;
+	if (type->tp_dict == NULL)
+		type->tp_dict = PyDict_New();
+	dict = type->tp_dict;
+	for (i = 0; methods[i].ml_name; i++) {
+		PyObject *descr;
+		if (methods[i].ml_flags & METH_CLASS)
+			descr = PyCFunction_New(&methods[i], (PyObject *)type);
+		else
+			descr = PyDescr_NewMethod(type, &methods[i]);
+		PyDict_SetItemString(dict, methods[i].ml_name,
+				     descr);
+		Py_CLEAR(descr);
+	}
+}
+
+static PyObject *py_dom_sid_split(PyObject *py_self, PyObject *args)
+{
+	struct dom_sid *self = pytalloc_get_ptr(py_self);
+	struct dom_sid *domain_sid;
+	TALLOC_CTX *mem_ctx;
+	uint32_t rid;
+	NTSTATUS status;
+	PyObject *py_domain_sid;
+
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	status = dom_sid_split_rid(mem_ctx, self, &domain_sid, &rid);
+	if (!NT_STATUS_IS_OK(status)) {
+		PyErr_SetString(PyExc_RuntimeError, "dom_sid_split_rid failed");
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	py_domain_sid = pytalloc_steal(&dom_sid_Type, domain_sid);
+	talloc_free(mem_ctx);
+	return Py_BuildValue("(OI)", py_domain_sid, rid);
+}
+
+static PyObject *py_dom_sid_richcmp(PyObject *py_self, PyObject *py_other, int op)
+{
+	struct dom_sid *self = pytalloc_get_ptr(py_self), *other;
+	int val;
+
+	other = pytalloc_get_ptr(py_other);
+	if (other == NULL) {
+		Py_INCREF(Py_NotImplemented);
+		return Py_NotImplemented;
+	}
+
+	val =  dom_sid_compare(self, other);
+
+	switch (op) {
+			case Py_EQ: if (val == 0) Py_RETURN_TRUE; else Py_RETURN_FALSE;
+			case Py_NE: if (val != 0) Py_RETURN_TRUE; else Py_RETURN_FALSE;
+			case Py_LT: if (val <  0) Py_RETURN_TRUE; else Py_RETURN_FALSE;
+			case Py_GT: if (val >  0) Py_RETURN_TRUE; else Py_RETURN_FALSE;
+			case Py_LE: if (val <= 0) Py_RETURN_TRUE; else Py_RETURN_FALSE;
+			case Py_GE: if (val >= 0) Py_RETURN_TRUE; else Py_RETURN_FALSE;
+	}
+	Py_INCREF(Py_NotImplemented);
+	return Py_NotImplemented;
+}
+
+static PyObject *py_dom_sid_str(PyObject *py_self)
+{
+	struct dom_sid *self = pytalloc_get_ptr(py_self);
+	struct dom_sid_buf buf;
+	PyObject *ret = PyUnicode_FromString(dom_sid_str_buf(self, &buf));
+	return ret;
+}
+
+static PyObject *py_dom_sid_repr(PyObject *py_self)
+{
+	struct dom_sid *self = pytalloc_get_ptr(py_self);
+	struct dom_sid_buf buf;
+	PyObject *ret = PyUnicode_FromFormat(
+		"dom_sid('%s')", dom_sid_str_buf(self, &buf));
+	return ret;
+}
+
+static int py_dom_sid_init(PyObject *self, PyObject *args, PyObject *kwargs)
+{
+	char *str = NULL;
+	struct dom_sid *sid = pytalloc_get_ptr(self);
+	const char *kwnames[] = { "str", NULL };
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|s", discard_const_p(char *, kwnames), &str))
+		return -1;
+
+	if (str != NULL && !dom_sid_parse(str, sid)) {
+		PyErr_Format(PyExc_ValueError,
+			     "Unable to parse string: '%s'", str);
+		return -1;
+	}
+
+	return 0;
+}
+
+static PyMethodDef py_dom_sid_extra_methods[] = {
+	{ "split", (PyCFunction)py_dom_sid_split, METH_NOARGS,
+		"S.split() -> (domain_sid, rid)\n"
+		"Split a domain sid" },
+	{0}
+};
+
+
+static void py_dom_sid_patch(PyTypeObject *type)
+{
+	type->tp_init = py_dom_sid_init;
+	type->tp_str = py_dom_sid_str;
+	type->tp_repr = py_dom_sid_repr;
+	type->tp_richcompare = py_dom_sid_richcmp;
+	PyType_AddMethods(type, py_dom_sid_extra_methods);
+}
+
+#define PY_DOM_SID_PATCH py_dom_sid_patch
+
+static PyObject *py_descriptor_sacl_add(PyObject *self, PyObject *args)
+{
+	struct security_descriptor *desc = pytalloc_get_ptr(self);
+	NTSTATUS status;
+	struct security_ace *ace;
+	PyObject *py_ace;
+	Py_ssize_t idx = -1;
+
+	if (!PyArg_ParseTuple(args, "O|n", &py_ace, &idx))
+		return NULL;
+
+	ace = pytalloc_get_ptr(py_ace);
+	status = security_descriptor_sacl_insert(desc, ace, idx);
+	PyErr_NTSTATUS_IS_ERR_RAISE(status);
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_descriptor_dacl_add(PyObject *self, PyObject *args)
+{
+	struct security_descriptor *desc = pytalloc_get_ptr(self);
+	NTSTATUS status;
+	struct security_ace *ace;
+	PyObject *py_ace;
+	Py_ssize_t idx = -1;
+
+	if (!PyArg_ParseTuple(args, "O|n", &py_ace, &idx))
+		return NULL;
+
+	ace = pytalloc_get_ptr(py_ace);
+
+	status = security_descriptor_dacl_insert(desc, ace, idx);
+	PyErr_NTSTATUS_IS_ERR_RAISE(status);
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_descriptor_dacl_del(PyObject *self, PyObject *args)
+{
+	struct security_descriptor *desc = pytalloc_get_ptr(self);
+	NTSTATUS status;
+	struct dom_sid *sid;
+	PyObject *py_sid;
+
+	if (!PyArg_ParseTuple(args, "O", &py_sid))
+		return NULL;
+
+	sid = pytalloc_get_ptr(py_sid);
+	status = security_descriptor_dacl_del(desc, sid);
+	PyErr_NTSTATUS_IS_ERR_RAISE(status);
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_descriptor_sacl_del(PyObject *self, PyObject *args)
+{
+	struct security_descriptor *desc = pytalloc_get_ptr(self);
+	NTSTATUS status;
+	struct dom_sid *sid;
+	PyObject *py_sid;
+
+	if (!PyArg_ParseTuple(args, "O", &py_sid))
+		return NULL;
+
+	sid = pytalloc_get_ptr(py_sid);
+	status = security_descriptor_sacl_del(desc, sid);
+	PyErr_NTSTATUS_IS_ERR_RAISE(status);
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_descriptor_dacl_del_ace(PyObject *self, PyObject *args)
+{
+	struct security_descriptor *desc = pytalloc_get_ptr(self);
+	NTSTATUS status;
+	struct security_ace *ace = NULL;
+	PyObject *py_ace = Py_None;
+
+	if (!PyArg_ParseTuple(args, "O!", &security_ace_Type, &py_ace))
+		return NULL;
+
+	if (!PyObject_TypeCheck(py_ace, &security_ace_Type)) {
+		PyErr_SetString(PyExc_TypeError,
+				"expected security.security_ace "
+				"for first argument to .dacl_del_ace");
+		return NULL;
+	}
+
+	ace = pytalloc_get_ptr(py_ace);
+	status = security_descriptor_dacl_del_ace(desc, ace);
+	PyErr_NTSTATUS_IS_ERR_RAISE(status);
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_descriptor_sacl_del_ace(PyObject *self, PyObject *args)
+{
+	struct security_descriptor *desc = pytalloc_get_ptr(self);
+	NTSTATUS status;
+	struct security_ace *ace = NULL;
+	PyObject *py_ace = Py_None;
+
+	if (!PyArg_ParseTuple(args, "O!", &security_ace_Type, &py_ace))
+		return NULL;
+
+	if (!PyObject_TypeCheck(py_ace, &security_ace_Type)) {
+		PyErr_SetString(PyExc_TypeError,
+				"expected security.security_ace "
+				"for first argument to .sacl_del_ace");
+		return NULL;
+	}
+
+	ace = pytalloc_get_ptr(py_ace);
+	status = security_descriptor_sacl_del_ace(desc, ace);
+	PyErr_NTSTATUS_IS_ERR_RAISE(status);
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_descriptor_new(PyTypeObject *self, PyObject *args, PyObject *kwargs)
+{
+	return pytalloc_steal(self, security_descriptor_initialise(NULL));
+}
+
+static PyObject *py_descriptor_from_sddl(PyObject *self, PyObject *args, PyObject *kwargs)
+{
+	TALLOC_CTX *tmp_ctx = NULL;
+	static const char *kwnames[] = { "", "", "allow_device_in_sddl", NULL };
+	struct security_descriptor *secdesc;
+	char *sddl;
+	PyObject *py_sid;
+	int allow_device_in_sddl = 1;
+	struct dom_sid *sid;
+	const char *err_msg = NULL;
+	size_t err_msg_offset = 0;
+	enum ace_condition_flags ace_condition_flags = 0;
+
+	if (!PyArg_ParseTupleAndKeywords(args,
+					 kwargs,
+					 "sO!|$p",
+					 discard_const_p(char *, kwnames),
+					 &sddl,
+					 &dom_sid_Type,
+					 &py_sid,
+					 &allow_device_in_sddl))
+		return NULL;
+
+	if (!PyObject_TypeCheck(py_sid, &dom_sid_Type)) {
+		PyErr_SetString(PyExc_TypeError,
+				"expected security.dom_sid "
+				"for second argument to .from_sddl");
+		return NULL;
+	}
+
+	sid = pytalloc_get_ptr(py_sid);
+
+	if (allow_device_in_sddl) {
+		ace_condition_flags |= ACE_CONDITION_FLAG_ALLOW_DEVICE;
+	}
+
+	tmp_ctx = talloc_new(NULL);
+	if (tmp_ctx == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	secdesc = sddl_decode_err_msg(tmp_ctx, sddl, sid,
+				      ace_condition_flags,
+				      &err_msg, &err_msg_offset);
+	if (secdesc == NULL) {
+		PyObject *exc = NULL;
+		if (err_msg == NULL) {
+			err_msg = "unknown error";
+		}
+		/*
+		 * Some notes about this exception value:
+		 *
+		 * We don't want to add the offset first, so as not to
+		 * confuse those who are used to the integer error
+		 * code coming first.
+		 *
+		 * The errant sddl is added so that the exception can
+		 * be caught some distance away from the call and we
+		 * still know what the messages refer to.
+		 */
+		exc = Py_BuildValue("(s, s, i, s)",
+				    "Unable to parse SDDL",
+				    err_msg,
+				    err_msg_offset,
+				    sddl);
+		if (exc == NULL) {
+			talloc_free(tmp_ctx);
+			/* an exception was set by Py_BuildValue() */
+			return NULL;
+		}
+		PyErr_SetObject(PyExc_SDDLValueError, exc);
+		Py_DECREF(exc);
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+
+	secdesc = talloc_steal(NULL, secdesc);
+	talloc_free(tmp_ctx);
+
+	return pytalloc_steal((PyTypeObject *)self, secdesc);
+}
+
+static PyObject *py_descriptor_as_sddl(PyObject *self, PyObject *args)
+{
+	struct dom_sid *sid;
+	PyObject *py_sid = Py_None;
+	struct security_descriptor *desc = pytalloc_get_ptr(self);
+	char *text;
+	PyObject *ret;
+
+	if (!PyArg_ParseTuple(args, "|O!", &dom_sid_Type, &py_sid))
+		return NULL;
+
+	if (py_sid != Py_None)
+		sid = pytalloc_get_ptr(py_sid);
+	else
+		sid = NULL;
+
+	text = sddl_encode(NULL, desc, sid);
+	if (text == NULL) {
+		PyErr_SetString(PyExc_ValueError, "Unable to encode SDDL");
+		return NULL;
+	}
+
+	ret = PyUnicode_FromString(text);
+
+	talloc_free(text);
+
+	return ret;
+}
+
+static PyMethodDef py_descriptor_extra_methods[] = {
+	{ "sacl_add", (PyCFunction)py_descriptor_sacl_add, METH_VARARGS,
+		"S.sacl_add(ace) -> None\n"
+		"Add a security ace to this security descriptor" },
+	{ "dacl_add", (PyCFunction)py_descriptor_dacl_add, METH_VARARGS,
+		NULL },
+	{ "dacl_del", (PyCFunction)py_descriptor_dacl_del, METH_VARARGS,
+		NULL },
+	{ "sacl_del", (PyCFunction)py_descriptor_sacl_del, METH_VARARGS,
+		NULL },
+	{ "dacl_del_ace", (PyCFunction)py_descriptor_dacl_del_ace, METH_VARARGS,
+		NULL },
+	{ "sacl_del_ace", (PyCFunction)py_descriptor_sacl_del_ace, METH_VARARGS,
+		NULL },
+	{ "from_sddl", (PyCFunction)py_descriptor_from_sddl, METH_VARARGS|METH_KEYWORDS|METH_CLASS,
+		NULL },
+	{ "as_sddl", (PyCFunction)py_descriptor_as_sddl, METH_VARARGS,
+		NULL },
+	{0}
+};
+
+static PyObject *py_descriptor_richcmp(
+	PyObject *py_self, PyObject *py_other, int op)
+{
+	struct security_descriptor *self = pytalloc_get_ptr(py_self);
+	struct security_descriptor *other = pytalloc_get_ptr(py_other);
+	bool eq;
+
+	if (other == NULL) {
+		Py_INCREF(Py_NotImplemented);
+		return Py_NotImplemented;
+	}
+
+	eq = security_descriptor_equal(self, other);
+
+	switch(op) {
+	case Py_EQ:
+		if (eq) {
+			Py_RETURN_TRUE;
+		} else {
+			Py_RETURN_FALSE;
+		}
+		break;
+	case Py_NE:
+		if (eq) {
+			Py_RETURN_FALSE;
+		} else {
+			Py_RETURN_TRUE;
+		}
+		break;
+	default:
+		break;
+	}
+
+	Py_RETURN_NOTIMPLEMENTED;
+}
+
+static void py_descriptor_patch(PyTypeObject *type)
+{
+	type->tp_new = py_descriptor_new;
+	type->tp_richcompare = py_descriptor_richcmp;
+	PyType_AddMethods(type, py_descriptor_extra_methods);
+}
+
+#define PY_DESCRIPTOR_PATCH py_descriptor_patch
+
+static PyObject *py_token_is_sid(PyObject *self, PyObject *args)
+{
+	PyObject *py_sid;
+	struct dom_sid *sid;
+	struct security_token *token = pytalloc_get_ptr(self);
+	if (!PyArg_ParseTuple(args, "O", &py_sid))
+		return NULL;
+
+	sid = pytalloc_get_ptr(py_sid);
+
+	return PyBool_FromLong(security_token_is_sid(token, sid));
+}
+
+static PyObject *py_token_has_sid(PyObject *self, PyObject *args)
+{
+	PyObject *py_sid;
+	struct dom_sid *sid;
+	struct security_token *token = pytalloc_get_ptr(self);
+	if (!PyArg_ParseTuple(args, "O", &py_sid))
+		return NULL;
+
+	sid = pytalloc_get_ptr(py_sid);
+
+	return PyBool_FromLong(security_token_has_sid(token, sid));
+}
+
+static PyObject *py_token_is_anonymous(PyObject *self,
+	PyObject *Py_UNUSED(ignored))
+{
+	struct security_token *token = pytalloc_get_ptr(self);
+
+	return PyBool_FromLong(security_token_is_anonymous(token));
+}
+
+static PyObject *py_token_is_system(PyObject *self,
+	PyObject *Py_UNUSED(ignored))
+{
+	struct security_token *token = pytalloc_get_ptr(self);
+
+	return PyBool_FromLong(security_token_is_system(token));
+}
+
+static PyObject *py_token_has_builtin_administrators(PyObject *self,
+	PyObject *Py_UNUSED(ignored))
+{
+	struct security_token *token = pytalloc_get_ptr(self);
+
+	return PyBool_FromLong(security_token_has_builtin_administrators(token));
+}
+
+static PyObject *py_token_has_nt_authenticated_users(PyObject *self,
+	PyObject *Py_UNUSED(ignored))
+{
+	struct security_token *token = pytalloc_get_ptr(self);
+
+	return PyBool_FromLong(security_token_has_nt_authenticated_users(token));
+}
+
+static PyObject *py_token_has_privilege(PyObject *self, PyObject *args)
+{
+	int priv;
+	struct security_token *token = pytalloc_get_ptr(self);
+
+	if (!PyArg_ParseTuple(args, "i", &priv))
+		return NULL;
+
+	return PyBool_FromLong(security_token_has_privilege(token, priv));
+}
+
+static PyObject *py_token_set_privilege(PyObject *self, PyObject *args)
+{
+	int priv;
+	struct security_token *token = pytalloc_get_ptr(self);
+
+	if (!PyArg_ParseTuple(args, "i", &priv))
+		return NULL;
+
+	security_token_set_privilege(token, priv);
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_token_new(PyTypeObject *self, PyObject *args, PyObject *kwargs)
+{
+	int evaluate_claims = CLAIMS_EVALUATION_INVALID_STATE;
+	const char *kwnames[] = { "evaluate_claims", NULL };
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|i",
+					 discard_const_p(char *, kwnames),
+					 &evaluate_claims)) {
+		return NULL;
+	}
+
+	return pytalloc_steal(self, security_token_initialise(NULL, evaluate_claims));
+}
+
+static PyMethodDef py_token_extra_methods[] = {
+	{ "is_sid", (PyCFunction)py_token_is_sid, METH_VARARGS,
+		"S.is_sid(sid) -> bool\n"
+		"Check whether this token is of the specified SID." },
+	{ "has_sid", (PyCFunction)py_token_has_sid, METH_VARARGS,
+		NULL },
+	{ "is_anonymous", (PyCFunction)py_token_is_anonymous, METH_NOARGS,
+		"S.is_anonymous() -> bool\n"
+		"Check whether this is an anonymous token." },
+	{ "is_system", (PyCFunction)py_token_is_system, METH_NOARGS,
+		NULL },
+	{ "has_builtin_administrators", (PyCFunction)py_token_has_builtin_administrators, METH_NOARGS,
+		NULL },
+	{ "has_nt_authenticated_users", (PyCFunction)py_token_has_nt_authenticated_users, METH_NOARGS,
+		NULL },
+	{ "has_privilege", (PyCFunction)py_token_has_privilege, METH_VARARGS,
+		NULL },
+	{ "set_privilege", (PyCFunction)py_token_set_privilege, METH_VARARGS,
+		NULL },
+	{0}
+};
+
+#define PY_TOKEN_PATCH py_token_patch
+static void py_token_patch(PyTypeObject *type)
+{
+	type->tp_new = py_token_new;
+	PyType_AddMethods(type, py_token_extra_methods);
+}
+
+static PyObject *py_privilege_name(PyObject *self, PyObject *args)
+{
+	int priv;
+	const char *name = NULL;
+	if (!PyArg_ParseTuple(args, "i", &priv)) {
+		return NULL;
+	}
+	name = sec_privilege_name(priv);
+	if (name == NULL) {
+		PyErr_Format(PyExc_ValueError,
+			     "Invalid privilege LUID: %d", priv);
+		return NULL;
+	}
+
+	return PyUnicode_FromString(name);
+}
+
+static PyObject *py_privilege_id(PyObject *self, PyObject *args)
+{
+	char *name;
+
+	if (!PyArg_ParseTuple(args, "s", &name))
+		return NULL;
+
+	return PyLong_FromLong(sec_privilege_id(name));
+}
+
+static PyObject *py_random_sid(PyObject *self,
+	PyObject *Py_UNUSED(ignored))
+{
+	struct dom_sid *sid;
+	PyObject *ret;
+	char *str = talloc_asprintf(
+		NULL,
+		"S-1-5-21-%"PRIu32"-%"PRIu32"-%"PRIu32,
+		generate_random(),
+		generate_random(),
+		generate_random());
+
+        sid = dom_sid_parse_talloc(NULL, str);
+	talloc_free(str);
+	ret = pytalloc_steal(&dom_sid_Type, sid);
+	return ret;
+}
+
+static PyMethodDef py_mod_security_extra_methods[] = {
+	{ "random_sid", (PyCFunction)py_random_sid, METH_NOARGS, NULL },
+	{ "privilege_id", (PyCFunction)py_privilege_id, METH_VARARGS, NULL },
+	{ "privilege_name", (PyCFunction)py_privilege_name, METH_VARARGS, NULL },
+	{0}
+};
+
+static bool py_mod_security_patch(PyObject *m)
+{
+	int ret;
+	int i;
+	for (i = 0; py_mod_security_extra_methods[i].ml_name; i++) {
+		PyObject *descr = PyCFunction_New(&py_mod_security_extra_methods[i], NULL);
+		ret = PyModule_AddObject(m, py_mod_security_extra_methods[i].ml_name,
+					 descr);
+		if (ret != 0) {
+			return false;
+		}
+	}
+	/*
+	 * I wanted to make this a subclass of ValueError, but it
+	 * seems there isn't an easy way to do that using the API.
+	 * (c.f. SimpleExtendsException in cpython:Objects/exceptions.c)
+	 */
+	PyExc_SDDLValueError = PyErr_NewException("security.SDDLValueError",
+						  NULL, NULL);
+
+	if (PyExc_SDDLValueError == NULL) {
+		return false;
+	}
+	ret = PyModule_AddObject(m, "SDDLValueError", PyExc_SDDLValueError);
+	if (ret != 0) {
+		return false;
+	}
+	return true;
+}
+
+#define PY_MOD_SECURITY_PATCH(m)			\
+	do {						\
+		bool _ok = py_mod_security_patch(m);	\
+		if (! _ok) {				\
+			Py_XDECREF(m);			\
+			return NULL;			\
+		}					\
+	} while(0)
+
+static PyObject *py_security_ace_equal(PyObject *py_self, PyObject *py_other, int op)
+{
+	struct security_ace *self = pytalloc_get_ptr(py_self);
+	struct security_ace *other = NULL;
+	bool eq;
+
+	if (!PyObject_TypeCheck(py_other, &security_ace_Type)) {
+		eq = false;
+	} else {
+		other = pytalloc_get_ptr(py_other);
+		eq = security_ace_equal(self, other);
+	}
+
+	switch(op) {
+	case Py_EQ:
+		if (eq) {
+			Py_RETURN_TRUE;
+		} else {
+			Py_RETURN_FALSE;
+		}
+		break;
+	case Py_NE:
+		if (eq) {
+			Py_RETURN_FALSE;
+		} else {
+			Py_RETURN_TRUE;
+		}
+		break;
+	default:
+		break;
+	}
+
+	Py_RETURN_NOTIMPLEMENTED;
+}
+
+static PyObject *py_security_ace_as_sddl(PyObject *self, PyObject *args)
+{
+	struct security_ace *ace = pytalloc_get_ptr(self);
+	PyObject *py_sid = Py_None;
+	struct dom_sid *sid = NULL;
+	char *text = NULL;
+	PyObject *ret = Py_None;
+
+	if (!PyArg_ParseTuple(args, "O!", &dom_sid_Type, &py_sid))
+		return NULL;
+
+	if (!PyObject_TypeCheck(py_sid, &dom_sid_Type)) {
+		PyErr_SetString(PyExc_TypeError,
+				"expected security.dom_sid "
+				"for second argument to .sddl_encode_ace");
+		return NULL;
+	}
+
+	sid = pytalloc_get_ptr(py_sid);
+
+	text = sddl_encode_ace(NULL, ace, sid);
+	if (text == NULL) {
+		return NULL;
+	}
+	ret = PyUnicode_FromString(text);
+	talloc_free(text);
+
+	return ret;
+}
+
+static PyMethodDef py_security_ace_extra_methods[] = {
+	{ "as_sddl", (PyCFunction)py_security_ace_as_sddl, METH_VARARGS, NULL },
+	{0}
+};
+
+#define PY_ACE_PATCH py_security_ace_patch
+
+static void py_security_ace_patch(PyTypeObject *type)
+{
+	type->tp_richcompare = py_security_ace_equal;
+	PyType_AddMethods(type, py_security_ace_extra_methods);
+}
diff --git a/source4/librpc/ndr/py_xattr.c b/source4/librpc/ndr/py_xattr.c
new file mode 100644
index 0000000..523c1ab
--- /dev/null
+++ b/source4/librpc/ndr/py_xattr.c
@@ -0,0 +1,100 @@
+/*
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+   Copyright (C) Matthieu Patou <mat@matws.net> 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "lib/replace/system/python.h"
+
+static void PyType_AddMethods(PyTypeObject *type, PyMethodDef *methods)
+{
+        PyObject *dict;
+        int i;
+        if (type->tp_dict == NULL)
+                type->tp_dict = PyDict_New();
+        dict = type->tp_dict;
+        for (i = 0; methods[i].ml_name; i++) {
+                PyObject *descr;
+                if (methods[i].ml_flags & METH_CLASS)
+                        descr = PyCFunction_New(&methods[i], (PyObject *)type);
+                else
+                        descr = PyDescr_NewMethod(type, &methods[i]);
+                PyDict_SetItemString(dict, methods[i].ml_name,
+                                     descr);
+		Py_CLEAR(descr);
+        }
+}
+
+static void ntacl_print_debug_helper(struct ndr_print *ndr, const char *format, ...) PRINTF_ATTRIBUTE(2,3);
+
+static void ntacl_print_debug_helper(struct ndr_print *ndr, const char *format, ...)
+{
+        va_list ap;
+        char *s = NULL;
+        int i, ret;
+
+        va_start(ap, format);
+        ret = vasprintf(&s, format, ap);
+        va_end(ap);
+
+	if (ret == -1) {
+		return;
+	}
+
+        for (i=0;i<ndr->depth;i++) {
+                printf("    ");
+        }
+
+        printf("%s\n", s);
+        free(s);
+}
+
+static PyObject *py_ntacl_print(PyObject *self, PyObject *args)
+{
+	struct xattr_NTACL *ntacl = pytalloc_get_ptr(self);
+	struct ndr_print *pr;
+	TALLOC_CTX *mem_ctx;
+
+	mem_ctx = talloc_new(NULL);
+
+	pr = talloc_zero(mem_ctx, struct ndr_print);
+	if (!pr) {
+		PyErr_NoMemory();
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+	pr->print = ntacl_print_debug_helper;
+	ndr_print_xattr_NTACL(pr, "file", ntacl);
+
+	talloc_free(mem_ctx);
+
+	Py_RETURN_NONE;
+}
+
+static PyMethodDef py_ntacl_extra_methods[] = {
+	{ "dump", (PyCFunction)py_ntacl_print, METH_NOARGS,
+		NULL },
+	{0}
+};
+
+static void py_xattr_NTACL_patch(PyTypeObject *type)
+{
+	PyType_AddMethods(type, py_ntacl_extra_methods);
+}
+
+#define PY_NTACL_PATCH py_xattr_NTACL_patch
+
+
diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c
new file mode 100644
index 0000000..802759c
--- /dev/null
+++ b/source4/librpc/rpc/dcerpc.c
@@ -0,0 +1,2630 @@
+/* 
+   Unix SMB/CIFS implementation.
+   raw dcerpc operations
+
+   Copyright (C) Tim Potter 2003
+   Copyright (C) Andrew Tridgell 2003-2005
+   Copyright (C) Jelmer Vernooij 2004-2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "../lib/util/dlinklist.h"
+#include "lib/events/events.h"
+#include "librpc/rpc/dcerpc.h"
+#include "librpc/rpc/dcerpc_proto.h"
+#include "librpc/rpc/dcerpc_util.h"
+#include "librpc/rpc/dcerpc_pkt_auth.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "librpc/gen_ndr/ndr_dcerpc.h"
+#include "auth/gensec/gensec.h"
+#include "param/param.h"
+#include "lib/util/tevent_ntstatus.h"
+#include "librpc/rpc/rpc_common.h"
+#include "lib/tsocket/tsocket.h"
+#include "libcli/smb/tstream_smbXcli_np.h"
+
+
+enum rpc_request_state {
+	RPC_REQUEST_QUEUED,
+	RPC_REQUEST_PENDING,
+	RPC_REQUEST_DONE
+};
+
+/*
+  handle for an async dcerpc request
+*/
+struct rpc_request {
+	struct rpc_request *next, *prev;
+	struct dcerpc_pipe *p;
+	NTSTATUS status;
+	uint32_t call_id;
+	enum rpc_request_state state;
+	DATA_BLOB payload;
+	uint32_t flags;
+	uint32_t fault_code;
+
+	/* this is used to distinguish bind and alter_context requests
+	   from normal requests */
+	void (*recv_handler)(struct rpc_request *conn, 
+			     DATA_BLOB *blob, struct ncacn_packet *pkt);
+
+	const struct GUID *object;
+	uint16_t opnum;
+	DATA_BLOB request_data;
+	bool ignore_timeout;
+	bool wait_for_sync;
+	bool verify_bitmask1;
+	bool verify_pcontext;
+
+	struct {
+		void (*callback)(struct rpc_request *);
+		void *private_data;
+	} async;
+};
+
+_PUBLIC_ NTSTATUS dcerpc_init(void)
+{
+	return gensec_init();
+}
+
+static void dcerpc_connection_dead(struct dcecli_connection *conn, NTSTATUS status);
+static void dcerpc_schedule_io_trigger(struct dcecli_connection *c);
+
+static struct rpc_request *dcerpc_request_send(TALLOC_CTX *mem_ctx,
+					       struct dcerpc_pipe *p,
+					       const struct GUID *object,
+					       uint16_t opnum,
+					       DATA_BLOB *stub_data);
+static NTSTATUS dcerpc_request_recv(struct rpc_request *req,
+				    TALLOC_CTX *mem_ctx,
+				    DATA_BLOB *stub_data);
+static NTSTATUS dcerpc_ndr_validate_in(struct dcecli_connection *c,
+				       TALLOC_CTX *mem_ctx,
+				       DATA_BLOB blob,
+				       size_t struct_size,
+				       ndr_push_flags_fn_t ndr_push,
+				       ndr_pull_flags_fn_t ndr_pull);
+static NTSTATUS dcerpc_ndr_validate_out(struct dcecli_connection *c,
+					struct ndr_pull *pull_in,
+					void *struct_ptr,
+					size_t struct_size,
+					ndr_push_flags_fn_t ndr_push,
+					ndr_pull_flags_fn_t ndr_pull,
+					ndr_print_function_t ndr_print);
+static NTSTATUS dcerpc_shutdown_pipe(struct dcecli_connection *p, NTSTATUS status);
+static NTSTATUS dcerpc_send_request(struct dcecli_connection *p, DATA_BLOB *data,
+			     bool trigger_read);
+static NTSTATUS dcerpc_send_read(struct dcecli_connection *p);
+
+/* destroy a dcerpc connection */
+static int dcerpc_connection_destructor(struct dcecli_connection *conn)
+{
+	if (conn->dead) {
+		conn->free_skipped = true;
+		return -1;
+	}
+	dcerpc_connection_dead(conn, NT_STATUS_LOCAL_DISCONNECT);
+	return 0;
+}
+
+
+/* initialise a dcerpc connection. 
+   the event context is optional
+*/
+static struct dcecli_connection *dcerpc_connection_init(TALLOC_CTX *mem_ctx, 
+						 struct tevent_context *ev)
+{
+	struct dcecli_connection *c;
+
+	c = talloc_zero(mem_ctx, struct dcecli_connection);
+	if (!c) {
+		return NULL;
+	}
+
+	c->event_ctx = ev;
+
+	if (c->event_ctx == NULL) {
+		talloc_free(c);
+		return NULL;
+	}
+
+	c->call_id = 1;
+	c->security_state.auth_type = DCERPC_AUTH_TYPE_NONE;
+	c->security_state.auth_level = DCERPC_AUTH_LEVEL_NONE;
+	c->security_state.auth_context_id = 0;
+	c->security_state.session_key = dcecli_generic_session_key;
+	c->security_state.generic_state = NULL;
+	c->flags = 0;
+	/*
+	 * Windows uses 5840 for ncacn_ip_tcp,
+	 * so we also use it (for every transport)
+	 * by default. But we give the transport
+	 * the chance to overwrite it.
+	 */
+	c->srv_max_xmit_frag = 5840;
+	c->srv_max_recv_frag = 5840;
+	c->max_total_response_size = DCERPC_NCACN_RESPONSE_DEFAULT_MAX_SIZE;
+	c->pending = NULL;
+
+	c->io_trigger = tevent_create_immediate(c);
+	if (c->io_trigger == NULL) {
+		talloc_free(c);
+		return NULL;
+	}
+
+	talloc_set_destructor(c, dcerpc_connection_destructor);
+
+	return c;
+}
+
+struct dcerpc_bh_state {
+	struct dcerpc_pipe *p;
+};
+
+static bool dcerpc_bh_is_connected(struct dcerpc_binding_handle *h)
+{
+	struct dcerpc_bh_state *hs = dcerpc_binding_handle_data(h,
+				     struct dcerpc_bh_state);
+
+	if (!hs->p) {
+		return false;
+	}
+
+	if (!hs->p->conn) {
+		return false;
+	}
+
+	if (hs->p->conn->dead) {
+		return false;
+	}
+
+	return true;
+}
+
+static uint32_t dcerpc_bh_set_timeout(struct dcerpc_binding_handle *h,
+				      uint32_t timeout)
+{
+	struct dcerpc_bh_state *hs = dcerpc_binding_handle_data(h,
+				     struct dcerpc_bh_state);
+	uint32_t old;
+
+	if (!hs->p) {
+		return DCERPC_REQUEST_TIMEOUT;
+	}
+
+	old = hs->p->request_timeout;
+	hs->p->request_timeout = timeout;
+
+	return old;
+}
+
+static void dcerpc_bh_auth_info(struct dcerpc_binding_handle *h,
+				enum dcerpc_AuthType *auth_type,
+				enum dcerpc_AuthLevel *auth_level)
+{
+	struct dcerpc_bh_state *hs = dcerpc_binding_handle_data(h,
+				     struct dcerpc_bh_state);
+
+	if (hs->p == NULL) {
+		return;
+	}
+
+	if (hs->p->conn == NULL) {
+		return;
+	}
+
+	*auth_type = hs->p->conn->security_state.auth_type;
+	*auth_level = hs->p->conn->security_state.auth_level;
+}
+
+struct dcerpc_bh_raw_call_state {
+	struct tevent_context *ev;
+	struct dcerpc_binding_handle *h;
+	DATA_BLOB in_data;
+	DATA_BLOB out_data;
+	uint32_t out_flags;
+};
+
+static void dcerpc_bh_raw_call_done(struct rpc_request *subreq);
+
+static struct tevent_req *dcerpc_bh_raw_call_send(TALLOC_CTX *mem_ctx,
+						  struct tevent_context *ev,
+						  struct dcerpc_binding_handle *h,
+						  const struct GUID *object,
+						  uint32_t opnum,
+						  uint32_t in_flags,
+						  const uint8_t *in_data,
+						  size_t in_length)
+{
+	struct dcerpc_bh_state *hs = dcerpc_binding_handle_data(h,
+				     struct dcerpc_bh_state);
+	struct tevent_req *req;
+	struct dcerpc_bh_raw_call_state *state;
+	bool ok;
+	struct rpc_request *subreq;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct dcerpc_bh_raw_call_state);
+	if (req == NULL) {
+		return NULL;
+	}
+	state->ev = ev;
+	state->h = h;
+	state->in_data.data = discard_const_p(uint8_t, in_data);
+	state->in_data.length = in_length;
+
+	ok = dcerpc_bh_is_connected(h);
+	if (!ok) {
+		tevent_req_nterror(req, NT_STATUS_CONNECTION_DISCONNECTED);
+		return tevent_req_post(req, ev);
+	}
+
+	subreq = dcerpc_request_send(state,
+				     hs->p,
+				     object,
+				     opnum,
+				     &state->in_data);
+	if (tevent_req_nomem(subreq, req)) {
+		return tevent_req_post(req, ev);
+	}
+	subreq->async.callback = dcerpc_bh_raw_call_done;
+	subreq->async.private_data = req;
+
+	return req;
+}
+
+static void dcerpc_bh_raw_call_done(struct rpc_request *subreq)
+{
+	struct tevent_req *req =
+		talloc_get_type_abort(subreq->async.private_data,
+		struct tevent_req);
+	struct dcerpc_bh_raw_call_state *state =
+		tevent_req_data(req,
+		struct dcerpc_bh_raw_call_state);
+	NTSTATUS status;
+	uint32_t fault_code;
+
+	state->out_flags = 0;
+	if (subreq->flags & DCERPC_PULL_BIGENDIAN) {
+		state->out_flags |= LIBNDR_FLAG_BIGENDIAN;
+	}
+
+	fault_code = subreq->fault_code;
+
+	status = dcerpc_request_recv(subreq, state, &state->out_data);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
+		status = dcerpc_fault_to_nt_status(fault_code);
+	}
+
+	/*
+	 * We trigger the callback in the next event run
+	 * because the code in this file might trigger
+	 * multiple request callbacks from within a single
+	 * while loop.
+	 *
+	 * In order to avoid segfaults from within
+	 * dcerpc_connection_dead() we call
+	 * tevent_req_defer_callback().
+	 */
+	tevent_req_defer_callback(req, state->ev);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		tevent_req_nterror(req, status);
+		return;
+	}
+
+	tevent_req_done(req);
+}
+
+static NTSTATUS dcerpc_bh_raw_call_recv(struct tevent_req *req,
+					TALLOC_CTX *mem_ctx,
+					uint8_t **out_data,
+					size_t *out_length,
+					uint32_t *out_flags)
+{
+	struct dcerpc_bh_raw_call_state *state =
+		tevent_req_data(req,
+		struct dcerpc_bh_raw_call_state);
+	NTSTATUS status;
+
+	if (tevent_req_is_nterror(req, &status)) {
+		tevent_req_received(req);
+		return status;
+	}
+
+	*out_data = talloc_move(mem_ctx, &state->out_data.data);
+	*out_length = state->out_data.length;
+	*out_flags = state->out_flags;
+	tevent_req_received(req);
+	return NT_STATUS_OK;
+}
+
+struct dcerpc_bh_disconnect_state {
+	uint8_t _dummy;
+};
+
+static struct tevent_req *dcerpc_bh_disconnect_send(TALLOC_CTX *mem_ctx,
+						struct tevent_context *ev,
+						struct dcerpc_binding_handle *h)
+{
+	struct dcerpc_bh_state *hs = dcerpc_binding_handle_data(h,
+				     struct dcerpc_bh_state);
+	struct tevent_req *req;
+	struct dcerpc_bh_disconnect_state *state;
+	bool ok;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct dcerpc_bh_disconnect_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	ok = dcerpc_bh_is_connected(h);
+	if (!ok) {
+		tevent_req_nterror(req, NT_STATUS_CONNECTION_DISCONNECTED);
+		return tevent_req_post(req, ev);
+	}
+
+	/* TODO: do a real disconnect ... */
+	hs->p = NULL;
+
+	tevent_req_done(req);
+	return tevent_req_post(req, ev);
+}
+
+static NTSTATUS dcerpc_bh_disconnect_recv(struct tevent_req *req)
+{
+	NTSTATUS status;
+
+	if (tevent_req_is_nterror(req, &status)) {
+		tevent_req_received(req);
+		return status;
+	}
+
+	tevent_req_received(req);
+	return NT_STATUS_OK;
+}
+
+static bool dcerpc_bh_push_bigendian(struct dcerpc_binding_handle *h)
+{
+	struct dcerpc_bh_state *hs = dcerpc_binding_handle_data(h,
+				     struct dcerpc_bh_state);
+
+	if (hs->p->conn->flags & DCERPC_PUSH_BIGENDIAN) {
+		return true;
+	}
+
+	return false;
+}
+
+static bool dcerpc_bh_ref_alloc(struct dcerpc_binding_handle *h)
+{
+	struct dcerpc_bh_state *hs = dcerpc_binding_handle_data(h,
+				     struct dcerpc_bh_state);
+
+	if (hs->p->conn->flags & DCERPC_NDR_REF_ALLOC) {
+		return true;
+	}
+
+	return false;
+}
+
+static bool dcerpc_bh_use_ndr64(struct dcerpc_binding_handle *h)
+{
+	struct dcerpc_bh_state *hs = dcerpc_binding_handle_data(h,
+				     struct dcerpc_bh_state);
+
+	if (hs->p->conn->flags & DCERPC_NDR64) {
+		return true;
+	}
+
+	return false;
+}
+
+static void dcerpc_bh_do_ndr_print(struct dcerpc_binding_handle *h,
+				   ndr_flags_type ndr_flags,
+				   const void *_struct_ptr,
+				   const struct ndr_interface_call *call)
+{
+	struct dcerpc_bh_state *hs = dcerpc_binding_handle_data(h,
+				     struct dcerpc_bh_state);
+	void *struct_ptr = discard_const(_struct_ptr);
+	bool print_in = false;
+	bool print_out = false;
+
+	if (hs->p->conn->flags & DCERPC_DEBUG_PRINT_IN) {
+		print_in = true;
+	}
+
+	if (hs->p->conn->flags & DCERPC_DEBUG_PRINT_OUT) {
+		print_out = true;
+	}
+
+	if (DEBUGLEVEL >= 11) {
+		print_in = true;
+		print_out = true;
+	}
+
+	if (ndr_flags & NDR_IN) {
+		if (print_in) {
+			ndr_print_function_debug(call->ndr_print,
+						 call->name,
+						 ndr_flags,
+						 struct_ptr);
+		}
+	}
+	if (ndr_flags & NDR_OUT) {
+		if (print_out) {
+			ndr_print_function_debug(call->ndr_print,
+						 call->name,
+						 ndr_flags,
+						 struct_ptr);
+		}
+	}
+}
+
+static void dcerpc_bh_ndr_push_failed(struct dcerpc_binding_handle *h,
+				      NTSTATUS error,
+				      const void *struct_ptr,
+				      const struct ndr_interface_call *call)
+{
+	DEBUG(2,("Unable to ndr_push structure for %s - %s\n",
+		 call->name, nt_errstr(error)));
+}
+
+static void dcerpc_bh_ndr_pull_failed(struct dcerpc_binding_handle *h,
+				      NTSTATUS error,
+				      const DATA_BLOB *blob,
+				      const struct ndr_interface_call *call)
+{
+	struct dcerpc_bh_state *hs = dcerpc_binding_handle_data(h,
+				     struct dcerpc_bh_state);
+	const uint32_t num_examples = 20;
+	uint32_t i;
+
+	DEBUG(2,("Unable to ndr_pull structure for %s - %s\n",
+		 call->name, nt_errstr(error)));
+
+	if (hs->p->conn->packet_log_dir == NULL) return;
+
+	for (i=0;i<num_examples;i++) {
+		char *name=NULL;
+		int ret;
+
+		ret = asprintf(&name, "%s/rpclog/%s-out.%d",
+			       hs->p->conn->packet_log_dir,
+			       call->name, i);
+		if (ret == -1) {
+			return;
+		}
+		if (!file_exist(name)) {
+			if (file_save(name, blob->data, blob->length)) {
+				DEBUG(10,("Logged rpc packet to %s\n", name));
+			}
+			free(name);
+			break;
+		}
+		free(name);
+	}
+}
+
+static NTSTATUS dcerpc_bh_ndr_validate_in(struct dcerpc_binding_handle *h,
+					  TALLOC_CTX *mem_ctx,
+					  const DATA_BLOB *blob,
+					  const struct ndr_interface_call *call)
+{
+	struct dcerpc_bh_state *hs = dcerpc_binding_handle_data(h,
+				     struct dcerpc_bh_state);
+
+	if (hs->p->conn->flags & DCERPC_DEBUG_VALIDATE_IN) {
+		NTSTATUS status;
+
+		status = dcerpc_ndr_validate_in(hs->p->conn,
+						mem_ctx,
+						*blob,
+						call->struct_size,
+						call->ndr_push,
+						call->ndr_pull);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0,("Validation [in] failed for %s - %s\n",
+				 call->name, nt_errstr(status)));
+			return status;
+		}
+	}
+
+	DEBUG(10,("rpc request data:\n"));
+	dump_data(10, blob->data, blob->length);
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS dcerpc_bh_ndr_validate_out(struct dcerpc_binding_handle *h,
+					   struct ndr_pull *pull_in,
+					   const void *_struct_ptr,
+					   const struct ndr_interface_call *call)
+{
+	struct dcerpc_bh_state *hs = dcerpc_binding_handle_data(h,
+				     struct dcerpc_bh_state);
+	void *struct_ptr = discard_const(_struct_ptr);
+
+	DEBUG(10,("rpc reply data:\n"));
+	dump_data(10, pull_in->data, pull_in->data_size);
+
+	if (pull_in->offset != pull_in->data_size) {
+		DEBUG(0,("Warning! ignoring %u unread bytes at ofs:%u (0x%08X) for %s!\n",
+			 pull_in->data_size - pull_in->offset,
+			 pull_in->offset, pull_in->offset,
+			 call->name));
+		/* we used to return NT_STATUS_INFO_LENGTH_MISMATCH here,
+		   but it turns out that early versions of NT
+		   (specifically NT3.1) add junk onto the end of rpc
+		   packets, so if we want to interoperate at all with
+		   those versions then we need to ignore this error */
+	}
+
+	if (hs->p->conn->flags & DCERPC_DEBUG_VALIDATE_OUT) {
+		NTSTATUS status;
+
+		status = dcerpc_ndr_validate_out(hs->p->conn,
+						 pull_in,
+						 struct_ptr,
+						 call->struct_size,
+						 call->ndr_push,
+						 call->ndr_pull,
+						 call->ndr_print);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(2,("Validation [out] failed for %s - %s\n",
+				 call->name, nt_errstr(status)));
+			return status;
+		}
+	}
+
+	return NT_STATUS_OK;
+}
+
+static const struct dcerpc_binding_handle_ops dcerpc_bh_ops = {
+	.name			= "dcerpc",
+	.is_connected		= dcerpc_bh_is_connected,
+	.set_timeout		= dcerpc_bh_set_timeout,
+	.auth_info		= dcerpc_bh_auth_info,
+	.raw_call_send		= dcerpc_bh_raw_call_send,
+	.raw_call_recv		= dcerpc_bh_raw_call_recv,
+	.disconnect_send	= dcerpc_bh_disconnect_send,
+	.disconnect_recv	= dcerpc_bh_disconnect_recv,
+
+	.push_bigendian		= dcerpc_bh_push_bigendian,
+	.ref_alloc		= dcerpc_bh_ref_alloc,
+	.use_ndr64		= dcerpc_bh_use_ndr64,
+	.do_ndr_print		= dcerpc_bh_do_ndr_print,
+	.ndr_push_failed	= dcerpc_bh_ndr_push_failed,
+	.ndr_pull_failed	= dcerpc_bh_ndr_pull_failed,
+	.ndr_validate_in	= dcerpc_bh_ndr_validate_in,
+	.ndr_validate_out	= dcerpc_bh_ndr_validate_out,
+};
+
+/* initialise a dcerpc pipe. */
+struct dcerpc_binding_handle *dcerpc_pipe_binding_handle(struct dcerpc_pipe *p,
+							 const struct GUID *object,
+							 const struct ndr_interface_table *table)
+{
+	struct dcerpc_binding_handle *h;
+	struct dcerpc_bh_state *hs;
+
+	h = dcerpc_binding_handle_create(p,
+					 &dcerpc_bh_ops,
+					 object,
+					 table,
+					 &hs,
+					 struct dcerpc_bh_state,
+					 __location__);
+	if (h == NULL) {
+		return NULL;
+	}
+	hs->p = p;
+
+	dcerpc_binding_handle_set_sync_ev(h, p->conn->event_ctx);
+
+	return h;
+}
+
+/* initialise a dcerpc pipe. */
+_PUBLIC_ struct dcerpc_pipe *dcerpc_pipe_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev)
+{
+	struct dcerpc_pipe *p;
+
+	p = talloc_zero(mem_ctx, struct dcerpc_pipe);
+	if (!p) {
+		return NULL;
+	}
+
+	p->conn = dcerpc_connection_init(p, ev);
+	if (p->conn == NULL) {
+		talloc_free(p);
+		return NULL;
+	}
+
+	p->request_timeout = DCERPC_REQUEST_TIMEOUT;
+
+	if (DEBUGLVL(100)) {
+		p->conn->flags |= DCERPC_DEBUG_PRINT_BOTH;
+	}
+
+	return p;
+}
+
+
+/* 
+   choose the next call id to use
+*/
+static uint32_t next_call_id(struct dcecli_connection *c)
+{
+	c->call_id++;
+	if (c->call_id == 0) {
+		c->call_id++;
+	}
+	return c->call_id;
+}
+
+/**
+  setup for a ndr pull, also setting up any flags from the binding string
+*/
+static struct ndr_pull *ndr_pull_init_flags(struct dcecli_connection *c, 
+					    DATA_BLOB *blob, TALLOC_CTX *mem_ctx)
+{
+	struct ndr_pull *ndr = ndr_pull_init_blob(blob, mem_ctx);
+
+	if (ndr == NULL) return ndr;
+
+	if (c->flags & DCERPC_DEBUG_PAD_CHECK) {
+		ndr->flags |= LIBNDR_FLAG_PAD_CHECK;
+	}
+
+	if (c->flags & DCERPC_NDR_REF_ALLOC) {
+		ndr->flags |= LIBNDR_FLAG_REF_ALLOC;
+	}
+
+	if (c->flags & DCERPC_NDR64) {
+		ndr->flags |= LIBNDR_FLAG_NDR64;
+	}
+
+	return ndr;
+}
+
+/* 
+   parse the authentication information on a dcerpc response packet
+*/
+static NTSTATUS ncacn_pull_pkt_auth(struct dcecli_connection *c,
+				    TALLOC_CTX *mem_ctx,
+				    enum dcerpc_pkt_type ptype,
+				    uint8_t required_flags,
+				    uint8_t optional_flags,
+				    uint8_t payload_offset,
+				    DATA_BLOB *payload_and_verifier,
+				    DATA_BLOB *raw_packet,
+				    const struct ncacn_packet *pkt)
+{
+	const struct dcerpc_auth tmp_auth = {
+		.auth_type = c->security_state.auth_type,
+		.auth_level = c->security_state.auth_level,
+		.auth_context_id = c->security_state.auth_context_id,
+	};
+	NTSTATUS status;
+
+	status = dcerpc_ncacn_pull_pkt_auth(&tmp_auth,
+					    c->security_state.generic_state,
+					    true, /* check_pkt_auth_fields */
+					    mem_ctx,
+					    ptype,
+					    required_flags,
+					    optional_flags,
+					    payload_offset,
+					    payload_and_verifier,
+					    raw_packet,
+					    pkt);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTOCOL_ERROR)) {
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+/* 
+   push a dcerpc request packet into a blob, possibly signing it.
+*/
+static NTSTATUS ncacn_push_request_sign(struct dcecli_connection *c, 
+					 DATA_BLOB *blob, TALLOC_CTX *mem_ctx, 
+					 size_t sig_size,
+					 struct ncacn_packet *pkt)
+{
+	const struct dcerpc_auth tmp_auth = {
+		.auth_type = c->security_state.auth_type,
+		.auth_level = c->security_state.auth_level,
+		.auth_context_id = c->security_state.auth_context_id,
+	};
+	NTSTATUS status;
+	uint8_t payload_offset = DCERPC_REQUEST_LENGTH;
+
+	if (pkt->pfc_flags & DCERPC_PFC_FLAG_OBJECT_UUID) {
+		payload_offset += 16;
+	}
+
+	status = dcerpc_ncacn_push_pkt_auth(&tmp_auth,
+					    c->security_state.generic_state,
+					    mem_ctx, blob,
+					    sig_size,
+					    payload_offset,
+					    &pkt->u.request.stub_and_verifier,
+					    pkt);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+/* 
+   fill in the fixed values in a dcerpc header 
+*/
+static void init_ncacn_hdr(struct dcecli_connection *c, struct ncacn_packet *pkt)
+{
+	pkt->rpc_vers = 5;
+	pkt->rpc_vers_minor = 0;
+	if (c->flags & DCERPC_PUSH_BIGENDIAN) {
+		pkt->drep[0] = 0;
+	} else {
+		pkt->drep[0] = DCERPC_DREP_LE;
+	}
+	pkt->drep[1] = 0;
+	pkt->drep[2] = 0;
+	pkt->drep[3] = 0;
+}
+
+/*
+  map a bind nak reason to a NTSTATUS
+*/
+static NTSTATUS dcerpc_map_nak_reason(enum dcerpc_bind_nak_reason reason)
+{
+	switch (reason) {
+	case DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED:
+		return NT_STATUS_REVISION_MISMATCH;
+	case DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE:
+		return NT_STATUS_INVALID_PARAMETER;
+	default:
+		break;
+	}
+	return NT_STATUS_UNSUCCESSFUL;
+}
+
+static NTSTATUS dcerpc_map_ack_reason(const struct dcerpc_ack_ctx *ack)
+{
+	if (ack == NULL) {
+		return NT_STATUS_RPC_PROTOCOL_ERROR;
+	}
+
+	switch (ack->result) {
+	case DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK:
+		/*
+		 * We have not asked for this...
+		 */
+		return NT_STATUS_RPC_PROTOCOL_ERROR;
+	default:
+		break;
+	}
+
+	switch (ack->reason.value) {
+	case DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED:
+		return NT_STATUS_RPC_UNSUPPORTED_NAME_SYNTAX;
+	case DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED:
+		return NT_STATUS_RPC_UNSUPPORTED_NAME_SYNTAX;
+	default:
+		break;
+	}
+	return NT_STATUS_UNSUCCESSFUL;
+}
+
+/*
+  remove requests from the pending or queued queues
+ */
+static int dcerpc_req_dequeue(struct rpc_request *req)
+{
+	switch (req->state) {
+	case RPC_REQUEST_QUEUED:
+		DLIST_REMOVE(req->p->conn->request_queue, req);
+		break;
+	case RPC_REQUEST_PENDING:
+		DLIST_REMOVE(req->p->conn->pending, req);
+		break;
+	case RPC_REQUEST_DONE:
+		break;
+	}
+	return 0;
+}
+
+
+/*
+  mark the dcerpc connection dead. All outstanding requests get an error
+*/
+static void dcerpc_connection_dead(struct dcecli_connection *conn, NTSTATUS status)
+{
+	if (conn->dead) return;
+
+	conn->dead = true;
+
+	TALLOC_FREE(conn->io_trigger);
+	conn->io_trigger_pending = false;
+
+	dcerpc_shutdown_pipe(conn, status);
+
+	/* all pending requests get the error */
+	while (conn->pending) {
+		struct rpc_request *req = conn->pending;
+		dcerpc_req_dequeue(req);
+		req->state = RPC_REQUEST_DONE;
+		req->status = status;
+		if (req->async.callback) {
+			req->async.callback(req);
+		}
+	}	
+
+	/* all requests, which are not shipped */
+	while (conn->request_queue) {
+		struct rpc_request *req = conn->request_queue;
+		dcerpc_req_dequeue(req);
+		req->state = RPC_REQUEST_DONE;
+		req->status = status;
+		if (req->async.callback) {
+			req->async.callback(req);
+		}
+	}
+
+	talloc_set_destructor(conn, NULL);
+	if (conn->free_skipped) {
+		talloc_free(conn);
+	}
+}
+
+/*
+  forward declarations of the recv_data handlers for the types of
+  packets we need to handle
+*/
+static void dcerpc_request_recv_data(struct dcecli_connection *c, 
+				     DATA_BLOB *raw_packet, struct ncacn_packet *pkt);
+
+/*
+  receive a dcerpc reply from the transport. Here we work out what
+  type of reply it is (normal request, bind or alter context) and
+  dispatch to the appropriate handler
+*/
+static void dcerpc_recv_data(struct dcecli_connection *conn, DATA_BLOB *blob, NTSTATUS status)
+{
+	struct ncacn_packet pkt;
+
+	if (conn->dead) {
+		return;
+	}
+
+	if (NT_STATUS_IS_OK(status) && blob->length == 0) {
+		status = NT_STATUS_UNEXPECTED_NETWORK_ERROR;
+	}
+
+	/* the transport may be telling us of a severe error, such as
+	   a dropped socket */
+	if (!NT_STATUS_IS_OK(status)) {
+		data_blob_free(blob);
+		dcerpc_connection_dead(conn, status);
+		return;
+	}
+
+	/* parse the basic packet to work out what type of response this is */
+	status = dcerpc_pull_ncacn_packet(blob->data, blob, &pkt);
+	if (!NT_STATUS_IS_OK(status)) {
+		data_blob_free(blob);
+		dcerpc_connection_dead(conn, status);
+		return;
+	}
+
+	dcerpc_request_recv_data(conn, blob, &pkt);
+}
+
+/*
+  handle timeouts of individual dcerpc requests
+*/
+static void dcerpc_timeout_handler(struct tevent_context *ev, struct tevent_timer *te, 
+				   struct timeval t, void *private_data)
+{
+	struct rpc_request *req = talloc_get_type(private_data, struct rpc_request);
+
+	if (req->ignore_timeout) {
+		dcerpc_req_dequeue(req);
+		req->state = RPC_REQUEST_DONE;
+		req->status = NT_STATUS_IO_TIMEOUT;
+		if (req->async.callback) {
+			req->async.callback(req);
+		}
+		return;
+	}
+
+	dcerpc_connection_dead(req->p->conn, NT_STATUS_IO_TIMEOUT);
+}
+
+struct dcerpc_bind_state {
+	struct tevent_context *ev;
+	struct dcerpc_pipe *p;
+};
+
+static void dcerpc_bind_fail_handler(struct rpc_request *subreq);
+static void dcerpc_bind_recv_handler(struct rpc_request *subreq,
+				     DATA_BLOB *raw_packet,
+				     struct ncacn_packet *pkt);
+
+struct tevent_req *dcerpc_bind_send(TALLOC_CTX *mem_ctx,
+				    struct tevent_context *ev,
+				    struct dcerpc_pipe *p,
+				    const struct ndr_syntax_id *syntax,
+				    const struct ndr_syntax_id *transfer_syntax)
+{
+	struct tevent_req *req;
+	struct dcerpc_bind_state *state;
+	struct ncacn_packet pkt;
+	DATA_BLOB blob;
+	NTSTATUS status;
+	struct rpc_request *subreq;
+	uint32_t flags;
+	struct ndr_syntax_id bind_time_features;
+
+	bind_time_features = dcerpc_construct_bind_time_features(
+			DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING |
+			DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN);
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct dcerpc_bind_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	state->ev = ev;
+	state->p = p;
+
+	p->syntax = *syntax;
+	p->transfer_syntax = *transfer_syntax;
+
+	flags = dcerpc_binding_get_flags(p->binding);
+
+	init_ncacn_hdr(p->conn, &pkt);
+
+	pkt.ptype = DCERPC_PKT_BIND;
+	pkt.pfc_flags = DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST;
+	pkt.call_id = p->conn->call_id;
+	pkt.auth_length = 0;
+
+	if (flags & DCERPC_CONCURRENT_MULTIPLEX) {
+		pkt.pfc_flags |= DCERPC_PFC_FLAG_CONC_MPX;
+	}
+
+	if (p->conn->flags & DCERPC_PROPOSE_HEADER_SIGNING) {
+		pkt.pfc_flags |= DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN;
+	}
+
+	pkt.u.bind.max_xmit_frag = p->conn->srv_max_xmit_frag;
+	pkt.u.bind.max_recv_frag = p->conn->srv_max_recv_frag;
+	pkt.u.bind.assoc_group_id = dcerpc_binding_get_assoc_group_id(p->binding);
+	pkt.u.bind.num_contexts = 2;
+	pkt.u.bind.ctx_list = talloc_zero_array(state, struct dcerpc_ctx_list,
+						pkt.u.bind.num_contexts);
+	if (tevent_req_nomem(pkt.u.bind.ctx_list, req)) {
+		return tevent_req_post(req, ev);
+	}
+	pkt.u.bind.ctx_list[0].context_id = p->context_id;
+	pkt.u.bind.ctx_list[0].num_transfer_syntaxes = 1;
+	pkt.u.bind.ctx_list[0].abstract_syntax = p->syntax;
+	pkt.u.bind.ctx_list[0].transfer_syntaxes = &p->transfer_syntax;
+	pkt.u.bind.ctx_list[1].context_id = p->context_id + 1;
+	pkt.u.bind.ctx_list[1].num_transfer_syntaxes = 1;
+	pkt.u.bind.ctx_list[1].abstract_syntax = p->syntax;
+	pkt.u.bind.ctx_list[1].transfer_syntaxes = &bind_time_features;
+	pkt.u.bind.auth_info = data_blob(NULL, 0);
+
+	/* construct the NDR form of the packet */
+	status = dcerpc_ncacn_push_auth(&blob,
+				state,
+				&pkt,
+				p->conn->security_state.tmp_auth_info.out);
+	if (tevent_req_nterror(req, status)) {
+		return tevent_req_post(req, ev);
+	}
+
+	/*
+	 * we allocate a dcerpc_request so we can be in the same
+	 * request queue as normal requests
+	 */
+	subreq = talloc_zero(state, struct rpc_request);
+	if (tevent_req_nomem(subreq, req)) {
+		return tevent_req_post(req, ev);
+	}
+
+	subreq->state = RPC_REQUEST_PENDING;
+	subreq->call_id = pkt.call_id;
+	subreq->async.private_data = req;
+	subreq->async.callback = dcerpc_bind_fail_handler;
+	subreq->p = p;
+	subreq->recv_handler = dcerpc_bind_recv_handler;
+	DLIST_ADD_END(p->conn->pending, subreq);
+	talloc_set_destructor(subreq, dcerpc_req_dequeue);
+
+	status = dcerpc_send_request(p->conn, &blob, true);
+	if (tevent_req_nterror(req, status)) {
+		return tevent_req_post(req, ev);
+	}
+
+	tevent_add_timer(ev, subreq,
+			 timeval_current_ofs(DCERPC_REQUEST_TIMEOUT, 0),
+			 dcerpc_timeout_handler, subreq);
+
+	return req;
+}
+
+static void dcerpc_bind_fail_handler(struct rpc_request *subreq)
+{
+	struct tevent_req *req =
+		talloc_get_type_abort(subreq->async.private_data,
+		struct tevent_req);
+	struct dcerpc_bind_state *state =
+		tevent_req_data(req,
+		struct dcerpc_bind_state);
+	NTSTATUS status = subreq->status;
+
+	TALLOC_FREE(subreq);
+
+	/*
+	 * We trigger the callback in the next event run
+	 * because the code in this file might trigger
+	 * multiple request callbacks from within a single
+	 * while loop.
+	 *
+	 * In order to avoid segfaults from within
+	 * dcerpc_connection_dead() we call
+	 * tevent_req_defer_callback().
+	 */
+	tevent_req_defer_callback(req, state->ev);
+
+	tevent_req_nterror(req, status);
+}
+
+static void dcerpc_bind_recv_handler(struct rpc_request *subreq,
+				     DATA_BLOB *raw_packet,
+				     struct ncacn_packet *pkt)
+{
+	struct tevent_req *req =
+		talloc_get_type_abort(subreq->async.private_data,
+		struct tevent_req);
+	struct dcerpc_bind_state *state =
+		tevent_req_data(req,
+		struct dcerpc_bind_state);
+	struct dcecli_connection *conn = state->p->conn;
+	struct dcecli_security *sec = &conn->security_state;
+	struct dcerpc_binding *b = NULL;
+	NTSTATUS status;
+	uint32_t flags;
+
+	/*
+	 * Note that pkt is allocated under raw_packet->data,
+	 * while raw_packet->data is a child of subreq.
+	 */
+	talloc_steal(state, raw_packet->data);
+	TALLOC_FREE(subreq);
+
+	/*
+	 * We trigger the callback in the next event run
+	 * because the code in this file might trigger
+	 * multiple request callbacks from within a single
+	 * while loop.
+	 *
+	 * In order to avoid segfaults from within
+	 * dcerpc_connection_dead() we call
+	 * tevent_req_defer_callback().
+	 */
+	tevent_req_defer_callback(req, state->ev);
+
+	if (pkt->ptype == DCERPC_PKT_BIND_NAK) {
+		status = dcerpc_map_nak_reason(pkt->u.bind_nak.reject_reason);
+
+		DEBUG(2,("dcerpc: bind_nak reason %d - %s\n",
+			 pkt->u.bind_nak.reject_reason, nt_errstr(status)));
+
+		tevent_req_nterror(req, status);
+		return;
+	}
+
+	status = dcerpc_verify_ncacn_packet_header(pkt,
+					DCERPC_PKT_BIND_ACK,
+					pkt->u.bind_ack.auth_info.length,
+					DCERPC_PFC_FLAG_FIRST |
+					DCERPC_PFC_FLAG_LAST,
+					DCERPC_PFC_FLAG_CONC_MPX |
+					DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN);
+	if (!NT_STATUS_IS_OK(status)) {
+		state->p->last_fault_code = DCERPC_NCA_S_PROTO_ERROR;
+		tevent_req_nterror(req, NT_STATUS_NET_WRITE_FAULT);
+		return;
+	}
+
+	if (pkt->u.bind_ack.num_results < 1) {
+		state->p->last_fault_code = DCERPC_NCA_S_PROTO_ERROR;
+		tevent_req_nterror(req, NT_STATUS_NET_WRITE_FAULT);
+		return;
+	}
+
+	if (pkt->u.bind_ack.ctx_list[0].result != 0) {
+		status = dcerpc_map_ack_reason(&pkt->u.bind_ack.ctx_list[0]);
+		DEBUG(2,("dcerpc: bind_ack failed - reason %d - %s\n",
+			 pkt->u.bind_ack.ctx_list[0].reason.value,
+			 nt_errstr(status)));
+		tevent_req_nterror(req, status);
+		return;
+	}
+
+	if (pkt->u.bind_ack.num_results >= 2) {
+		if (pkt->u.bind_ack.ctx_list[1].result == DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK) {
+			conn->bind_time_features = pkt->u.bind_ack.ctx_list[1].reason.negotiate;
+		} else {
+			status = dcerpc_map_ack_reason(&pkt->u.bind_ack.ctx_list[1]);
+			DEBUG(10,("dcerpc: bind_time_feature failed - reason %d - %s\n",
+				 pkt->u.bind_ack.ctx_list[1].reason.value,
+				 nt_errstr(status)));
+			status = NT_STATUS_OK;
+		}
+	}
+
+	/*
+	 * DCE-RPC 1.1 (c706) specifies
+	 * CONST_MUST_RCV_FRAG_SIZE as 1432
+	 */
+	if (pkt->u.bind_ack.max_xmit_frag < 1432) {
+		state->p->last_fault_code = DCERPC_NCA_S_PROTO_ERROR;
+		tevent_req_nterror(req, NT_STATUS_NET_WRITE_FAULT);
+		return;
+	}
+	if (pkt->u.bind_ack.max_recv_frag < 1432) {
+		state->p->last_fault_code = DCERPC_NCA_S_PROTO_ERROR;
+		tevent_req_nterror(req, NT_STATUS_NET_WRITE_FAULT);
+		return;
+	}
+	conn->srv_max_xmit_frag = MIN(conn->srv_max_xmit_frag,
+				      pkt->u.bind_ack.max_xmit_frag);
+	conn->srv_max_recv_frag = MIN(conn->srv_max_recv_frag,
+				      pkt->u.bind_ack.max_recv_frag);
+
+	flags = dcerpc_binding_get_flags(state->p->binding);
+
+	if (flags & DCERPC_CONCURRENT_MULTIPLEX) {
+		if (pkt->pfc_flags & DCERPC_PFC_FLAG_CONC_MPX) {
+			conn->flags |= DCERPC_CONCURRENT_MULTIPLEX;
+		} else {
+			conn->flags &= ~DCERPC_CONCURRENT_MULTIPLEX;
+		}
+	}
+
+	if (!(conn->flags & DCERPC_CONCURRENT_MULTIPLEX)) {
+		struct dcerpc_binding *pb =
+			discard_const_p(struct dcerpc_binding, state->p->binding);
+		/*
+		 * clear DCERPC_CONCURRENT_MULTIPLEX
+		 */
+		status = dcerpc_binding_set_flags(pb, 0,
+						  DCERPC_CONCURRENT_MULTIPLEX);
+		if (tevent_req_nterror(req, status)) {
+			return;
+		}
+	}
+	if ((conn->flags & DCERPC_PROPOSE_HEADER_SIGNING) &&
+	    (pkt->pfc_flags & DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)) {
+		conn->flags |= DCERPC_HEADER_SIGNING;
+	}
+
+	/* the bind_ack might contain a reply set of credentials */
+	if (pkt->auth_length != 0 && sec->tmp_auth_info.in != NULL) {
+		status = dcerpc_pull_auth_trailer(pkt, sec->tmp_auth_info.mem,
+						  &pkt->u.bind_ack.auth_info,
+						  sec->tmp_auth_info.in,
+						  NULL, true);
+		if (tevent_req_nterror(req, status)) {
+			return;
+		}
+	}
+
+	/*
+	 * We're the owner of the binding, so we're allowed to modify it.
+	 */
+	b = discard_const_p(struct dcerpc_binding, state->p->binding);
+	status = dcerpc_binding_set_assoc_group_id(b,
+						   pkt->u.bind_ack.assoc_group_id);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	tevent_req_done(req);
+}
+
+NTSTATUS dcerpc_bind_recv(struct tevent_req *req)
+{
+	return tevent_req_simple_recv_ntstatus(req);
+}
+
+/* 
+   perform a continued bind (and auth3)
+*/
+NTSTATUS dcerpc_auth3(struct dcerpc_pipe *p,
+		      TALLOC_CTX *mem_ctx)
+{
+	struct ncacn_packet pkt;
+	NTSTATUS status;
+	DATA_BLOB blob;
+	uint32_t flags;
+
+	flags = dcerpc_binding_get_flags(p->binding);
+
+	init_ncacn_hdr(p->conn, &pkt);
+
+	pkt.ptype = DCERPC_PKT_AUTH3;
+	pkt.pfc_flags = DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST;
+	pkt.call_id = next_call_id(p->conn);
+	pkt.auth_length = 0;
+	pkt.u.auth3.auth_info = data_blob(NULL, 0);
+
+	if (flags & DCERPC_CONCURRENT_MULTIPLEX) {
+		pkt.pfc_flags |= DCERPC_PFC_FLAG_CONC_MPX;
+	}
+
+	/* construct the NDR form of the packet */
+	status = dcerpc_ncacn_push_auth(&blob,
+				mem_ctx,
+				&pkt,
+				p->conn->security_state.tmp_auth_info.out);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	/* send it on its way */
+	status = dcerpc_send_request(p->conn, &blob, false);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	return NT_STATUS_OK;	
+}
+
+
+/*
+  process a fragment received from the transport layer during a
+  request
+
+  This function frees the data 
+*/
+static void dcerpc_request_recv_data(struct dcecli_connection *c, 
+				     DATA_BLOB *raw_packet, struct ncacn_packet *pkt)
+{
+	struct rpc_request *req;
+	unsigned int length;
+	NTSTATUS status = NT_STATUS_OK;
+
+	/*
+	  if this is an authenticated connection then parse and check
+	  the auth info. We have to do this before finding the
+	  matching packet, as the request structure might have been
+	  removed due to a timeout, but if it has been we still need
+	  to run the auth routines so that we don't get the sign/seal
+	  info out of step with the server
+	*/
+	switch (pkt->ptype) {
+	case DCERPC_PKT_RESPONSE:
+		status = ncacn_pull_pkt_auth(c, raw_packet->data,
+				   DCERPC_PKT_RESPONSE,
+				   0, /* required_flags */
+				   DCERPC_PFC_FLAG_FIRST |
+				   DCERPC_PFC_FLAG_LAST,
+				   DCERPC_REQUEST_LENGTH,
+				   &pkt->u.response.stub_and_verifier,
+				   raw_packet, pkt);
+		break;
+	default:
+		break;
+	}
+
+	/* find the matching request */
+	for (req=c->pending;req;req=req->next) {
+		if (pkt->call_id == req->call_id) break;
+	}
+
+#if 0
+	/* useful for testing certain vendors RPC servers */
+	if (req == NULL && c->pending && pkt->call_id == 0) {
+		DEBUG(0,("HACK FOR INCORRECT CALL ID\n"));
+		req = c->pending;
+	}
+#endif
+
+	if (req == NULL) {
+		DEBUG(2,("dcerpc_request: unmatched call_id %u in response packet\n", pkt->call_id));
+		data_blob_free(raw_packet);
+		return;
+	}
+
+	talloc_steal(req, raw_packet->data);
+
+	if (req->recv_handler != NULL) {
+		dcerpc_req_dequeue(req);
+		req->state = RPC_REQUEST_DONE;
+
+		/*
+		 * We have to look at shipping further requests before calling
+		 * the async function, that one might close the pipe
+		 */
+		dcerpc_schedule_io_trigger(c);
+
+		req->recv_handler(req, raw_packet, pkt);
+		return;
+	}
+
+	if (pkt->ptype == DCERPC_PKT_FAULT) {
+		status = dcerpc_fault_to_nt_status(pkt->u.fault.status);
+		DEBUG(5,("rpc fault: %s\n", dcerpc_errstr(c, pkt->u.fault.status)));
+		if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTOCOL_ERROR)) {
+			dcerpc_connection_dead(c, status);
+			return;
+		}
+		if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR)) {
+			dcerpc_connection_dead(c, status);
+			return;
+		}
+		req->fault_code = pkt->u.fault.status;
+		req->status = NT_STATUS_NET_WRITE_FAULT;
+		goto req_done;
+	}
+
+	if (pkt->ptype != DCERPC_PKT_RESPONSE) {
+		DEBUG(2,("Unexpected packet type %d in dcerpc response\n",
+			 (int)pkt->ptype)); 
+		dcerpc_connection_dead(c, NT_STATUS_RPC_PROTOCOL_ERROR);
+		return;
+	}
+
+	/* now check the status from the auth routines, and if it failed then fail
+	   this request accordingly */
+	if (!NT_STATUS_IS_OK(status)) {
+		dcerpc_connection_dead(c, status);
+		return;
+	}
+
+	length = pkt->u.response.stub_and_verifier.length;
+
+	if (req->payload.length + length > c->max_total_response_size) {
+		DEBUG(2,("Unexpected total payload 0x%X > 0x%X dcerpc response\n",
+			 (unsigned)req->payload.length + length,
+			 (unsigned)c->max_total_response_size));
+		dcerpc_connection_dead(c, NT_STATUS_RPC_PROTOCOL_ERROR);
+		return;
+	}
+
+	if (length > 0) {
+		req->payload.data = talloc_realloc(req, 
+						   req->payload.data, 
+						   uint8_t,
+						   req->payload.length + length);
+		if (!req->payload.data) {
+			req->status = NT_STATUS_NO_MEMORY;
+			goto req_done;
+		}
+		memcpy(req->payload.data+req->payload.length, 
+		       pkt->u.response.stub_and_verifier.data, length);
+		req->payload.length += length;
+	}
+
+	if (!(pkt->pfc_flags & DCERPC_PFC_FLAG_LAST)) {
+		data_blob_free(raw_packet);
+		dcerpc_send_read(c);
+		return;
+	}
+
+	if (req->verify_bitmask1) {
+		req->p->conn->security_state.verified_bitmask1 = true;
+	}
+	if (req->verify_pcontext) {
+		req->p->verified_pcontext = true;
+	}
+
+	if (!(pkt->drep[0] & DCERPC_DREP_LE)) {
+		req->flags |= DCERPC_PULL_BIGENDIAN;
+	} else {
+		req->flags &= ~DCERPC_PULL_BIGENDIAN;
+	}
+
+req_done:
+	data_blob_free(raw_packet);
+
+	/* we've got the full payload */
+	dcerpc_req_dequeue(req);
+	req->state = RPC_REQUEST_DONE;
+
+	/*
+	 * We have to look at shipping further requests before calling
+	 * the async function, that one might close the pipe
+	 */
+	dcerpc_schedule_io_trigger(c);
+
+	if (req->async.callback) {
+		req->async.callback(req);
+	}
+}
+
+static NTSTATUS dcerpc_request_prepare_vt(struct rpc_request *req);
+
+/*
+  perform the send side of a async dcerpc request
+*/
+static struct rpc_request *dcerpc_request_send(TALLOC_CTX *mem_ctx,
+					       struct dcerpc_pipe *p,
+					       const struct GUID *object,
+					       uint16_t opnum,
+					       DATA_BLOB *stub_data)
+{
+	struct rpc_request *req;
+	NTSTATUS status;
+
+	req = talloc_zero(mem_ctx, struct rpc_request);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	req->p = p;
+	req->call_id = next_call_id(p->conn);
+	req->state = RPC_REQUEST_QUEUED;
+
+	if (object != NULL) {
+		req->object = (struct GUID *)talloc_memdup(req, (const void *)object, sizeof(*object));
+		if (req->object == NULL) {
+			talloc_free(req);
+			return NULL;
+		}
+	}
+
+	req->opnum = opnum;
+	req->request_data.length = stub_data->length;
+	req->request_data.data = stub_data->data;
+
+	status = dcerpc_request_prepare_vt(req);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(req);
+		return NULL;
+	}
+
+	DLIST_ADD_END(p->conn->request_queue, req);
+	talloc_set_destructor(req, dcerpc_req_dequeue);
+
+	dcerpc_schedule_io_trigger(p->conn);
+
+	if (p->request_timeout) {
+		tevent_add_timer(p->conn->event_ctx, req,
+				timeval_current_ofs(p->request_timeout, 0), 
+				dcerpc_timeout_handler, req);
+	}
+
+	return req;
+}
+
+static NTSTATUS dcerpc_request_prepare_vt(struct rpc_request *req)
+{
+	struct dcecli_security *sec = &req->p->conn->security_state;
+	struct dcerpc_sec_verification_trailer *t;
+	struct dcerpc_sec_vt *c = NULL;
+	struct ndr_push *ndr = NULL;
+	enum ndr_err_code ndr_err;
+
+	if (sec->auth_level < DCERPC_AUTH_LEVEL_PACKET) {
+		return NT_STATUS_OK;
+	}
+
+	t = talloc_zero(req, struct dcerpc_sec_verification_trailer);
+	if (t == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (!sec->verified_bitmask1) {
+		t->commands = talloc_realloc(t, t->commands,
+					     struct dcerpc_sec_vt,
+					     t->count.count + 1);
+		if (t->commands == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		c = &t->commands[t->count.count++];
+		ZERO_STRUCTP(c);
+
+		c->command = DCERPC_SEC_VT_COMMAND_BITMASK1;
+		if (req->p->conn->flags & DCERPC_PROPOSE_HEADER_SIGNING) {
+			c->u.bitmask1 = DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING;
+		}
+		req->verify_bitmask1 = true;
+	}
+
+	if (!req->p->verified_pcontext) {
+		t->commands = talloc_realloc(t, t->commands,
+					     struct dcerpc_sec_vt,
+					     t->count.count + 1);
+		if (t->commands == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		c = &t->commands[t->count.count++];
+		ZERO_STRUCTP(c);
+
+		c->command = DCERPC_SEC_VT_COMMAND_PCONTEXT;
+		c->u.pcontext.abstract_syntax = req->p->syntax;
+		c->u.pcontext.transfer_syntax = req->p->transfer_syntax;
+
+		req->verify_pcontext = true;
+	}
+
+	if (!(req->p->conn->flags & DCERPC_HEADER_SIGNING)) {
+		t->commands = talloc_realloc(t, t->commands,
+					     struct dcerpc_sec_vt,
+					     t->count.count + 1);
+		if (t->commands == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		c = &t->commands[t->count.count++];
+		ZERO_STRUCTP(c);
+
+		c->command = DCERPC_SEC_VT_COMMAND_HEADER2;
+		c->u.header2.ptype = DCERPC_PKT_REQUEST;
+		if (req->p->conn->flags & DCERPC_PUSH_BIGENDIAN) {
+			c->u.header2.drep[0] = 0;
+		} else {
+			c->u.header2.drep[0] = DCERPC_DREP_LE;
+		}
+		c->u.header2.drep[1] = 0;
+		c->u.header2.drep[2] = 0;
+		c->u.header2.drep[3] = 0;
+		c->u.header2.call_id = req->call_id;
+		c->u.header2.context_id = req->p->context_id;
+		c->u.header2.opnum = req->opnum;
+	}
+
+	if (t->count.count == 0) {
+		TALLOC_FREE(t);
+		return NT_STATUS_OK;
+	}
+
+	c = &t->commands[t->count.count - 1];
+	c->command |= DCERPC_SEC_VT_COMMAND_END;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_DEBUG(dcerpc_sec_verification_trailer, t);
+	}
+
+	ndr = ndr_push_init_ctx(req);
+	if (ndr == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/*
+	 * for now we just copy and append
+	 */
+
+	ndr_err = ndr_push_bytes(ndr, req->request_data.data,
+				 req->request_data.length);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+
+	ndr_err = ndr_push_dcerpc_sec_verification_trailer(ndr,
+						NDR_SCALARS | NDR_BUFFERS,
+						t);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+	req->request_data = ndr_push_blob(ndr);
+
+	return NT_STATUS_OK;
+}
+
+/*
+  Send a request using the transport
+*/
+
+static void dcerpc_ship_next_request(struct dcecli_connection *c)
+{
+	struct rpc_request *req;
+	struct dcerpc_pipe *p;
+	DATA_BLOB *stub_data;
+	struct ncacn_packet pkt;
+	DATA_BLOB blob;
+	uint32_t remaining, chunk_size;
+	bool first_packet = true;
+	size_t sig_size = 0;
+	bool need_async = false;
+	bool can_async = true;
+
+	req = c->request_queue;
+	if (req == NULL) {
+		return;
+	}
+
+	p = req->p;
+	stub_data = &req->request_data;
+
+	if (c->pending) {
+		need_async = true;
+	}
+
+	if (c->security_state.auth_level >= DCERPC_AUTH_LEVEL_PACKET) {
+		can_async = gensec_have_feature(c->security_state.generic_state,
+						GENSEC_FEATURE_ASYNC_REPLIES);
+	}
+
+	if (need_async && !can_async) {
+		req->wait_for_sync = true;
+		return;
+	}
+
+	DLIST_REMOVE(c->request_queue, req);
+	DLIST_ADD(c->pending, req);
+	req->state = RPC_REQUEST_PENDING;
+
+	init_ncacn_hdr(p->conn, &pkt);
+
+	remaining = stub_data->length;
+
+	/* we can write a full max_recv_frag size, minus the dcerpc
+	   request header size */
+	chunk_size = p->conn->srv_max_recv_frag;
+	chunk_size -= DCERPC_REQUEST_LENGTH;
+	if (c->security_state.auth_level >= DCERPC_AUTH_LEVEL_PACKET) {
+		size_t max_payload = chunk_size;
+
+		max_payload -= DCERPC_AUTH_TRAILER_LENGTH;
+		max_payload -= (max_payload % DCERPC_AUTH_PAD_ALIGNMENT);
+
+		sig_size = gensec_sig_size(c->security_state.generic_state,
+					   max_payload);
+		if (sig_size) {
+			chunk_size -= DCERPC_AUTH_TRAILER_LENGTH;
+			chunk_size -= sig_size;
+		}
+	}
+	chunk_size -= (chunk_size % DCERPC_AUTH_PAD_ALIGNMENT);
+
+	pkt.ptype = DCERPC_PKT_REQUEST;
+	pkt.call_id = req->call_id;
+	pkt.auth_length = 0;
+	pkt.pfc_flags = 0;
+	pkt.u.request.context_id = p->context_id;
+	pkt.u.request.opnum = req->opnum;
+
+	if (req->object) {
+		pkt.u.request.object.object = *req->object;
+		pkt.pfc_flags |= DCERPC_PFC_FLAG_OBJECT_UUID;
+		chunk_size -= ndr_size_GUID(req->object,0);
+	}
+
+	/* we send a series of pdus without waiting for a reply */
+	while (remaining > 0 || first_packet) {
+		uint32_t chunk = MIN(chunk_size, remaining);
+		bool last_frag = false;
+		bool do_trans = false;
+
+		first_packet = false;
+		pkt.pfc_flags &= ~(DCERPC_PFC_FLAG_FIRST |DCERPC_PFC_FLAG_LAST);
+
+		if (remaining == stub_data->length) {
+			pkt.pfc_flags |= DCERPC_PFC_FLAG_FIRST;
+		}
+		if (chunk == remaining) {
+			pkt.pfc_flags |= DCERPC_PFC_FLAG_LAST;
+			last_frag = true;
+		}
+
+		pkt.u.request.alloc_hint = remaining;
+		pkt.u.request.stub_and_verifier.data = stub_data->data + 
+			(stub_data->length - remaining);
+		pkt.u.request.stub_and_verifier.length = chunk;
+
+		req->status = ncacn_push_request_sign(p->conn, &blob, req, sig_size, &pkt);
+		if (!NT_STATUS_IS_OK(req->status)) {
+			req->state = RPC_REQUEST_DONE;
+			DLIST_REMOVE(p->conn->pending, req);
+			return;
+		}
+
+		if (last_frag && !need_async) {
+			do_trans = true;
+		}
+
+		req->status = dcerpc_send_request(p->conn, &blob, do_trans);
+		if (!NT_STATUS_IS_OK(req->status)) {
+			req->state = RPC_REQUEST_DONE;
+			DLIST_REMOVE(p->conn->pending, req);
+			return;
+		}		
+
+		if (last_frag && !do_trans) {
+			req->status = dcerpc_send_read(p->conn);
+			if (!NT_STATUS_IS_OK(req->status)) {
+				req->state = RPC_REQUEST_DONE;
+				DLIST_REMOVE(p->conn->pending, req);
+				return;
+			}
+		}
+
+		remaining -= chunk;
+	}
+}
+
+static void dcerpc_io_trigger(struct tevent_context *ctx,
+			      struct tevent_immediate *im,
+			      void *private_data)
+{
+	struct dcecli_connection *c =
+		talloc_get_type_abort(private_data,
+		struct dcecli_connection);
+
+	c->io_trigger_pending = false;
+
+	dcerpc_schedule_io_trigger(c);
+
+	dcerpc_ship_next_request(c);
+}
+
+static void dcerpc_schedule_io_trigger(struct dcecli_connection *c)
+{
+	if (c->dead) {
+		return;
+	}
+
+	if (c->request_queue == NULL) {
+		return;
+	}
+
+	if (c->request_queue->wait_for_sync && c->pending) {
+		return;
+	}
+
+	if (c->io_trigger_pending) {
+		return;
+	}
+
+	c->io_trigger_pending = true;
+
+	tevent_schedule_immediate(c->io_trigger,
+				  c->event_ctx,
+				  dcerpc_io_trigger,
+				  c);
+}
+
+/*
+  perform the receive side of a async dcerpc request
+*/
+static NTSTATUS dcerpc_request_recv(struct rpc_request *req,
+				    TALLOC_CTX *mem_ctx,
+				    DATA_BLOB *stub_data)
+{
+	NTSTATUS status;
+
+	while (req->state != RPC_REQUEST_DONE) {
+		struct tevent_context *ctx = req->p->conn->event_ctx;
+		if (tevent_loop_once(ctx) != 0) {
+			return NT_STATUS_CONNECTION_DISCONNECTED;
+		}
+	}
+	*stub_data = req->payload;
+	status = req->status;
+	if (stub_data->data) {
+		stub_data->data = talloc_steal(mem_ctx, stub_data->data);
+	}
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
+		req->p->last_fault_code = req->fault_code;
+	}
+	talloc_unlink(talloc_parent(req), req);
+	return status;
+}
+
+/*
+  this is a paranoid NDR validator. For every packet we push onto the wire
+  we pull it back again, then push it again. Then we compare the raw NDR data
+  for that to the NDR we initially generated. If they don't match then we know
+  we must have a bug in either the pull or push side of our code
+*/
+static NTSTATUS dcerpc_ndr_validate_in(struct dcecli_connection *c, 
+				       TALLOC_CTX *mem_ctx,
+				       DATA_BLOB blob,
+				       size_t struct_size,
+				       ndr_push_flags_fn_t ndr_push,
+				       ndr_pull_flags_fn_t ndr_pull)
+{
+	void *st;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	DATA_BLOB blob2;
+	enum ndr_err_code ndr_err;
+
+	st = talloc_size(mem_ctx, struct_size);
+	if (!st) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	pull = ndr_pull_init_flags(c, &blob, mem_ctx);
+	if (!pull) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+
+	if (c->flags & DCERPC_PUSH_BIGENDIAN) {
+		pull->flags |= LIBNDR_FLAG_BIGENDIAN;
+	}
+
+	if (c->flags & DCERPC_NDR64) {
+		pull->flags |= LIBNDR_FLAG_NDR64;
+	}
+
+	ndr_err = ndr_pull(pull, NDR_IN, st);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
+		ndr_err = ndr_pull_error(pull, NDR_ERR_VALIDATE,
+					 "failed input validation pull - %s",
+					 nt_errstr(status));
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+
+	push = ndr_push_init_ctx(mem_ctx);
+	if (!push) {
+		return NT_STATUS_NO_MEMORY;
+	}	
+
+	if (c->flags & DCERPC_PUSH_BIGENDIAN) {
+		push->flags |= LIBNDR_FLAG_BIGENDIAN;
+	}
+
+	if (c->flags & DCERPC_NDR64) {
+		push->flags |= LIBNDR_FLAG_NDR64;
+	}
+
+	ndr_err = ndr_push(push, NDR_IN, st);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
+		ndr_err = ndr_pull_error(pull, NDR_ERR_VALIDATE,
+					 "failed input validation push - %s",
+					 nt_errstr(status));
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+
+	blob2 = ndr_push_blob(push);
+
+	if (data_blob_cmp(&blob, &blob2) != 0) {
+		DEBUG(3,("original:\n"));
+		dump_data(3, blob.data, blob.length);
+		DEBUG(3,("secondary:\n"));
+		dump_data(3, blob2.data, blob2.length);
+		ndr_err = ndr_pull_error(pull, NDR_ERR_VALIDATE,
+					 "failed input validation blobs doesn't match");
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  this is a paranoid NDR input validator. For every packet we pull
+  from the wire we push it back again then pull and push it
+  again. Then we compare the raw NDR data for that to the NDR we
+  initially generated. If they don't match then we know we must have a
+  bug in either the pull or push side of our code
+*/
+static NTSTATUS dcerpc_ndr_validate_out(struct dcecli_connection *c,
+					struct ndr_pull *pull_in,
+					void *struct_ptr,
+					size_t struct_size,
+					ndr_push_flags_fn_t ndr_push,
+					ndr_pull_flags_fn_t ndr_pull,
+					ndr_print_function_t ndr_print)
+{
+	void *st;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	DATA_BLOB blob, blob2;
+	TALLOC_CTX *mem_ctx = pull_in;
+	char *s1, *s2;
+	enum ndr_err_code ndr_err;
+
+	st = talloc_size(mem_ctx, struct_size);
+	if (!st) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	memcpy(st, struct_ptr, struct_size);
+
+	push = ndr_push_init_ctx(mem_ctx);
+	if (!push) {
+		return NT_STATUS_NO_MEMORY;
+	}	
+
+	ndr_err = ndr_push(push, NDR_OUT, struct_ptr);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
+		ndr_err = ndr_push_error(push, NDR_ERR_VALIDATE,
+					 "failed output validation push - %s",
+					 nt_errstr(status));
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+
+	blob = ndr_push_blob(push);
+
+	pull = ndr_pull_init_flags(c, &blob, mem_ctx);
+	if (!pull) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = ndr_pull(pull, NDR_OUT, st);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
+		ndr_err = ndr_pull_error(pull, NDR_ERR_VALIDATE,
+					 "failed output validation pull - %s",
+					 nt_errstr(status));
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+
+	push = ndr_push_init_ctx(mem_ctx);
+	if (!push) {
+		return NT_STATUS_NO_MEMORY;
+	}	
+
+	ndr_err = ndr_push(push, NDR_OUT, st);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
+		ndr_err = ndr_push_error(push, NDR_ERR_VALIDATE,
+					 "failed output validation push2 - %s",
+					 nt_errstr(status));
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+
+	blob2 = ndr_push_blob(push);
+
+	if (data_blob_cmp(&blob, &blob2) != 0) {
+		DEBUG(3,("original:\n"));
+		dump_data(3, blob.data, blob.length);
+		DEBUG(3,("secondary:\n"));
+		dump_data(3, blob2.data, blob2.length);
+		ndr_err = ndr_push_error(push, NDR_ERR_VALIDATE,
+					 "failed output validation blobs doesn't match");
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+
+	/* this checks the printed forms of the two structures, which effectively
+	   tests all of the value() attributes */
+	s1 = ndr_print_function_string(mem_ctx, ndr_print, "VALIDATE", 
+				       NDR_OUT, struct_ptr);
+	s2 = ndr_print_function_string(mem_ctx, ndr_print, "VALIDATE", 
+				       NDR_OUT, st);
+	if (strcmp(s1, s2) != 0) {
+#if 1
+		DEBUG(3,("VALIDATE ERROR:\nWIRE:\n%s\n GEN:\n%s\n", s1, s2));
+#else
+		/* this is sometimes useful */
+		printf("VALIDATE ERROR\n");
+		file_save("wire.dat", s1, strlen(s1));
+		file_save("gen.dat", s2, strlen(s2));
+		system("diff -u wire.dat gen.dat");
+#endif
+		ndr_err = ndr_push_error(push, NDR_ERR_VALIDATE,
+					 "failed output validation strings doesn't match");
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  a useful function for retrieving the server name we connected to
+*/
+_PUBLIC_ const char *dcerpc_server_name(struct dcerpc_pipe *p)
+{
+	return p->conn ? p->conn->server_name : NULL;
+}
+
+
+/*
+  get the dcerpc auth_level for a open connection
+*/
+uint32_t dcerpc_auth_level(struct dcecli_connection *c) 
+{
+	uint8_t auth_level;
+
+	if (c->flags & DCERPC_SEAL) {
+		auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
+	} else if (c->flags & DCERPC_SIGN) {
+		auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
+	} else if (c->flags & DCERPC_PACKET) {
+		auth_level = DCERPC_AUTH_LEVEL_PACKET;
+	} else if (c->flags & DCERPC_CONNECT) {
+		auth_level = DCERPC_AUTH_LEVEL_CONNECT;
+	} else {
+		auth_level = DCERPC_AUTH_LEVEL_NONE;
+	}
+	return auth_level;
+}
+
+struct dcerpc_alter_context_state {
+	struct tevent_context *ev;
+	struct dcerpc_pipe *p;
+};
+
+static void dcerpc_alter_context_fail_handler(struct rpc_request *subreq);
+static void dcerpc_alter_context_recv_handler(struct rpc_request *req,
+					      DATA_BLOB *raw_packet,
+					      struct ncacn_packet *pkt);
+
+struct tevent_req *dcerpc_alter_context_send(TALLOC_CTX *mem_ctx,
+					     struct tevent_context *ev,
+					     struct dcerpc_pipe *p,
+					     const struct ndr_syntax_id *syntax,
+					     const struct ndr_syntax_id *transfer_syntax)
+{
+	struct tevent_req *req;
+	struct dcerpc_alter_context_state *state;
+	struct ncacn_packet pkt;
+	DATA_BLOB blob;
+	NTSTATUS status;
+	struct rpc_request *subreq;
+	uint32_t flags;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct dcerpc_alter_context_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	state->ev = ev;
+	state->p = p;
+
+	p->syntax = *syntax;
+	p->transfer_syntax = *transfer_syntax;
+
+	flags = dcerpc_binding_get_flags(p->binding);
+
+	init_ncacn_hdr(p->conn, &pkt);
+
+	pkt.ptype = DCERPC_PKT_ALTER;
+	pkt.pfc_flags = DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST;
+	pkt.call_id = p->conn->call_id;
+	pkt.auth_length = 0;
+
+	if (flags & DCERPC_CONCURRENT_MULTIPLEX) {
+		pkt.pfc_flags |= DCERPC_PFC_FLAG_CONC_MPX;
+	}
+
+	pkt.u.alter.max_xmit_frag = p->conn->srv_max_xmit_frag;
+	pkt.u.alter.max_recv_frag = p->conn->srv_max_recv_frag;
+	pkt.u.alter.assoc_group_id = dcerpc_binding_get_assoc_group_id(p->binding);
+	pkt.u.alter.num_contexts = 1;
+	pkt.u.alter.ctx_list = talloc_zero_array(state, struct dcerpc_ctx_list,
+						 pkt.u.alter.num_contexts);
+	if (tevent_req_nomem(pkt.u.alter.ctx_list, req)) {
+		return tevent_req_post(req, ev);
+	}
+	pkt.u.alter.ctx_list[0].context_id = p->context_id;
+	pkt.u.alter.ctx_list[0].num_transfer_syntaxes = 1;
+	pkt.u.alter.ctx_list[0].abstract_syntax = p->syntax;
+	pkt.u.alter.ctx_list[0].transfer_syntaxes = &p->transfer_syntax;
+	pkt.u.alter.auth_info = data_blob(NULL, 0);
+
+	/* construct the NDR form of the packet */
+	status = dcerpc_ncacn_push_auth(&blob,
+				state,
+				&pkt,
+				p->conn->security_state.tmp_auth_info.out);
+	if (tevent_req_nterror(req, status)) {
+		return tevent_req_post(req, ev);
+	}
+
+	/*
+	 * we allocate a dcerpc_request so we can be in the same
+	 * request queue as normal requests
+	 */
+	subreq = talloc_zero(state, struct rpc_request);
+	if (tevent_req_nomem(subreq, req)) {
+		return tevent_req_post(req, ev);
+	}
+
+	subreq->state = RPC_REQUEST_PENDING;
+	subreq->call_id = pkt.call_id;
+	subreq->async.private_data = req;
+	subreq->async.callback = dcerpc_alter_context_fail_handler;
+	subreq->p = p;
+	subreq->recv_handler = dcerpc_alter_context_recv_handler;
+	DLIST_ADD_END(p->conn->pending, subreq);
+	talloc_set_destructor(subreq, dcerpc_req_dequeue);
+
+	status = dcerpc_send_request(p->conn, &blob, true);
+	if (tevent_req_nterror(req, status)) {
+		return tevent_req_post(req, ev);
+	}
+
+	tevent_add_timer(ev, subreq,
+			 timeval_current_ofs(DCERPC_REQUEST_TIMEOUT, 0),
+			 dcerpc_timeout_handler, subreq);
+
+	return req;
+}
+
+static void dcerpc_alter_context_fail_handler(struct rpc_request *subreq)
+{
+	struct tevent_req *req =
+		talloc_get_type_abort(subreq->async.private_data,
+		struct tevent_req);
+	struct dcerpc_alter_context_state *state =
+		tevent_req_data(req,
+		struct dcerpc_alter_context_state);
+	NTSTATUS status = subreq->status;
+
+	TALLOC_FREE(subreq);
+
+	/*
+	 * We trigger the callback in the next event run
+	 * because the code in this file might trigger
+	 * multiple request callbacks from within a single
+	 * while loop.
+	 *
+	 * In order to avoid segfaults from within
+	 * dcerpc_connection_dead() we call
+	 * tevent_req_defer_callback().
+	 */
+	tevent_req_defer_callback(req, state->ev);
+
+	tevent_req_nterror(req, status);
+}
+
+static void dcerpc_alter_context_recv_handler(struct rpc_request *subreq,
+					      DATA_BLOB *raw_packet,
+					      struct ncacn_packet *pkt)
+{
+	struct tevent_req *req =
+		talloc_get_type_abort(subreq->async.private_data,
+		struct tevent_req);
+	struct dcerpc_alter_context_state *state =
+		tevent_req_data(req,
+		struct dcerpc_alter_context_state);
+	struct dcecli_connection *conn = state->p->conn;
+	struct dcecli_security *sec = &conn->security_state;
+	NTSTATUS status;
+
+	/*
+	 * Note that pkt is allocated under raw_packet->data,
+	 * while raw_packet->data is a child of subreq.
+	 */
+	talloc_steal(state, raw_packet->data);
+	TALLOC_FREE(subreq);
+
+	/*
+	 * We trigger the callback in the next event run
+	 * because the code in this file might trigger
+	 * multiple request callbacks from within a single
+	 * while loop.
+	 *
+	 * In order to avoid segfaults from within
+	 * dcerpc_connection_dead() we call
+	 * tevent_req_defer_callback().
+	 */
+	tevent_req_defer_callback(req, state->ev);
+
+	if (pkt->ptype == DCERPC_PKT_FAULT) {
+		DEBUG(5,("dcerpc: alter_resp - rpc fault: %s\n",
+			 dcerpc_errstr(state, pkt->u.fault.status)));
+		if (pkt->u.fault.status == DCERPC_FAULT_ACCESS_DENIED) {
+			state->p->last_fault_code = pkt->u.fault.status;
+			tevent_req_nterror(req, NT_STATUS_LOGON_FAILURE);
+		} else if (pkt->u.fault.status == DCERPC_FAULT_SEC_PKG_ERROR) {
+			state->p->last_fault_code = pkt->u.fault.status;
+			tevent_req_nterror(req, NT_STATUS_LOGON_FAILURE);
+		} else {
+			state->p->last_fault_code = pkt->u.fault.status;
+			status = dcerpc_fault_to_nt_status(pkt->u.fault.status);
+			tevent_req_nterror(req, status);
+		}
+		return;
+	}
+
+	status = dcerpc_verify_ncacn_packet_header(pkt,
+					DCERPC_PKT_ALTER_RESP,
+					pkt->u.alter_resp.auth_info.length,
+					DCERPC_PFC_FLAG_FIRST |
+					DCERPC_PFC_FLAG_LAST,
+					DCERPC_PFC_FLAG_CONC_MPX |
+					DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN);
+	if (!NT_STATUS_IS_OK(status)) {
+		state->p->last_fault_code = DCERPC_NCA_S_PROTO_ERROR;
+		tevent_req_nterror(req, NT_STATUS_NET_WRITE_FAULT);
+		return;
+	}
+
+	if (pkt->u.alter_resp.num_results != 1) {
+		state->p->last_fault_code = DCERPC_NCA_S_PROTO_ERROR;
+		tevent_req_nterror(req, NT_STATUS_NET_WRITE_FAULT);
+		return;
+	}
+
+	if (pkt->u.alter_resp.ctx_list[0].result != 0) {
+		status = dcerpc_map_ack_reason(&pkt->u.alter_resp.ctx_list[0]);
+		DEBUG(2,("dcerpc: alter_resp failed - reason %d - %s\n",
+			 pkt->u.alter_resp.ctx_list[0].reason.value,
+			 nt_errstr(status)));
+		tevent_req_nterror(req, status);
+		return;
+	}
+
+	/* the alter_resp might contain a reply set of credentials */
+	if (pkt->auth_length != 0 && sec->tmp_auth_info.in != NULL) {
+		status = dcerpc_pull_auth_trailer(pkt, sec->tmp_auth_info.mem,
+						  &pkt->u.alter_resp.auth_info,
+						  sec->tmp_auth_info.in,
+						  NULL, true);
+		if (tevent_req_nterror(req, status)) {
+			return;
+		}
+	}
+
+	tevent_req_done(req);
+}
+
+NTSTATUS dcerpc_alter_context_recv(struct tevent_req *req)
+{
+	return tevent_req_simple_recv_ntstatus(req);
+}
+
+/* 
+   send a dcerpc alter_context request
+*/
+_PUBLIC_ NTSTATUS dcerpc_alter_context(struct dcerpc_pipe *p, 
+			      TALLOC_CTX *mem_ctx,
+			      const struct ndr_syntax_id *syntax,
+			      const struct ndr_syntax_id *transfer_syntax)
+{
+	struct tevent_req *subreq;
+	struct tevent_context *ev = p->conn->event_ctx;
+	bool ok;
+
+	/* TODO: create a new event context here */
+
+	subreq = dcerpc_alter_context_send(mem_ctx, ev,
+					   p, syntax, transfer_syntax);
+	if (subreq == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ok = tevent_req_poll(subreq, ev);
+	if (!ok) {
+		NTSTATUS status;
+		status = map_nt_error_from_unix_common(errno);
+		return status;
+	}
+
+	return dcerpc_alter_context_recv(subreq);
+}
+
+static void dcerpc_transport_dead(struct dcecli_connection *c, NTSTATUS status)
+{
+	if (c->transport.stream == NULL) {
+		return;
+	}
+
+	tevent_queue_stop(c->transport.write_queue);
+	TALLOC_FREE(c->transport.read_subreq);
+	TALLOC_FREE(c->transport.stream);
+
+	if (NT_STATUS_EQUAL(NT_STATUS_UNSUCCESSFUL, status)) {
+		status = NT_STATUS_UNEXPECTED_NETWORK_ERROR;
+	}
+
+	if (NT_STATUS_EQUAL(NT_STATUS_OK, status)) {
+		status = NT_STATUS_END_OF_FILE;
+	}
+
+	dcerpc_recv_data(c, NULL, status);
+}
+
+
+/*
+   shutdown SMB pipe connection
+*/
+struct dcerpc_shutdown_pipe_state {
+	struct dcecli_connection *c;
+	NTSTATUS status;
+};
+
+static void dcerpc_shutdown_pipe_done(struct tevent_req *subreq);
+
+static NTSTATUS dcerpc_shutdown_pipe(struct dcecli_connection *c, NTSTATUS status)
+{
+	struct dcerpc_shutdown_pipe_state *state;
+	struct tevent_req *subreq;
+
+	if (c->transport.stream == NULL) {
+		return NT_STATUS_OK;
+	}
+
+	state = talloc_zero(c, struct dcerpc_shutdown_pipe_state);
+	if (state == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	state->c = c;
+	state->status = status;
+
+	subreq = tstream_disconnect_send(state, c->event_ctx, c->transport.stream);
+	if (subreq == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	tevent_req_set_callback(subreq, dcerpc_shutdown_pipe_done, state);
+
+	return status;
+}
+
+static void dcerpc_shutdown_pipe_done(struct tevent_req *subreq)
+{
+	struct dcerpc_shutdown_pipe_state *state =
+		tevent_req_callback_data(subreq, struct dcerpc_shutdown_pipe_state);
+	struct dcecli_connection *c = state->c;
+	NTSTATUS status = state->status;
+	int error;
+
+	/*
+	 * here we ignore the return values...
+	 */
+	tstream_disconnect_recv(subreq, &error);
+	TALLOC_FREE(subreq);
+
+	TALLOC_FREE(state);
+
+	dcerpc_transport_dead(c, status);
+}
+
+
+
+struct dcerpc_send_read_state {
+	struct dcecli_connection *p;
+};
+
+static int dcerpc_send_read_state_destructor(struct dcerpc_send_read_state *state)
+{
+	struct dcecli_connection *p = state->p;
+
+	p->transport.read_subreq = NULL;
+
+	return 0;
+}
+
+static void dcerpc_send_read_done(struct tevent_req *subreq);
+
+static NTSTATUS dcerpc_send_read(struct dcecli_connection *p)
+{
+	struct dcerpc_send_read_state *state;
+
+	if (p->transport.read_subreq != NULL) {
+		p->transport.pending_reads++;
+		return NT_STATUS_OK;
+	}
+
+	state = talloc_zero(p, struct dcerpc_send_read_state);
+	if (state == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	state->p = p;
+
+	talloc_set_destructor(state, dcerpc_send_read_state_destructor);
+
+	p->transport.read_subreq = dcerpc_read_ncacn_packet_send(state,
+							  p->event_ctx,
+							  p->transport.stream);
+	if (p->transport.read_subreq == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	tevent_req_set_callback(p->transport.read_subreq, dcerpc_send_read_done, state);
+
+	return NT_STATUS_OK;
+}
+
+static void dcerpc_send_read_done(struct tevent_req *subreq)
+{
+	struct dcerpc_send_read_state *state =
+		tevent_req_callback_data(subreq,
+					 struct dcerpc_send_read_state);
+	struct dcecli_connection *p = state->p;
+	NTSTATUS status;
+	struct ncacn_packet *pkt;
+	DATA_BLOB blob;
+
+	status = dcerpc_read_ncacn_packet_recv(subreq, state,
+					       &pkt, &blob);
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(state);
+		dcerpc_transport_dead(p, status);
+		return;
+	}
+
+	/*
+	 * here we steal into thet connection context,
+	 * but p->transport.recv_data() will steal or free it again
+	 */
+	talloc_steal(p, blob.data);
+	TALLOC_FREE(state);
+
+	if (p->transport.pending_reads > 0) {
+		p->transport.pending_reads--;
+
+		status = dcerpc_send_read(p);
+		if (!NT_STATUS_IS_OK(status)) {
+			dcerpc_transport_dead(p, status);
+			return;
+		}
+	}
+
+	dcerpc_recv_data(p, &blob, NT_STATUS_OK);
+}
+
+struct dcerpc_send_request_state {
+	struct dcecli_connection *p;
+	DATA_BLOB blob;
+	struct iovec iov;
+};
+
+static int dcerpc_send_request_state_destructor(struct dcerpc_send_request_state *state)
+{
+	struct dcecli_connection *p = state->p;
+
+	p->transport.read_subreq = NULL;
+
+	return 0;
+}
+
+static void dcerpc_send_request_wait_done(struct tevent_req *subreq);
+static void dcerpc_send_request_done(struct tevent_req *subreq);
+
+static NTSTATUS dcerpc_send_request(struct dcecli_connection *p, DATA_BLOB *data,
+				    bool trigger_read)
+{
+	struct dcerpc_send_request_state *state;
+	struct tevent_req *subreq;
+	bool use_trans = trigger_read;
+
+	if (p->transport.stream == NULL) {
+		return NT_STATUS_CONNECTION_DISCONNECTED;
+	}
+
+	state = talloc_zero(p, struct dcerpc_send_request_state);
+	if (state == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	state->p = p;
+
+	state->blob = data_blob_talloc(state, data->data, data->length);
+	if (state->blob.data == NULL) {
+		TALLOC_FREE(state);
+		return NT_STATUS_NO_MEMORY;
+	}
+	state->iov.iov_base = (void *)state->blob.data;
+	state->iov.iov_len = state->blob.length;
+
+	if (p->transport.read_subreq != NULL) {
+		use_trans = false;
+	}
+
+	if (!tstream_is_smbXcli_np(p->transport.stream)) {
+		use_trans = false;
+	}
+
+	if (use_trans) {
+		/*
+		 * we need to block reads until our write is
+		 * the next in the write queue.
+		 */
+		p->transport.read_subreq = tevent_queue_wait_send(state, p->event_ctx,
+							     p->transport.write_queue);
+		if (p->transport.read_subreq == NULL) {
+			TALLOC_FREE(state);
+			return NT_STATUS_NO_MEMORY;
+		}
+		tevent_req_set_callback(p->transport.read_subreq,
+					dcerpc_send_request_wait_done,
+					state);
+
+		talloc_set_destructor(state, dcerpc_send_request_state_destructor);
+
+		trigger_read = false;
+	}
+
+	subreq = tstream_writev_queue_send(state, p->event_ctx,
+					   p->transport.stream,
+					   p->transport.write_queue,
+					   &state->iov, 1);
+	if (subreq == NULL) {
+		TALLOC_FREE(state);
+		return NT_STATUS_NO_MEMORY;
+	}
+	tevent_req_set_callback(subreq, dcerpc_send_request_done, state);
+
+	if (trigger_read) {
+		dcerpc_send_read(p);
+	}
+
+	return NT_STATUS_OK;
+}
+
+static void dcerpc_send_request_wait_done(struct tevent_req *subreq)
+{
+	struct dcerpc_send_request_state *state =
+		tevent_req_callback_data(subreq,
+		struct dcerpc_send_request_state);
+	struct dcecli_connection *p = state->p;
+	NTSTATUS status;
+	bool ok;
+
+	p->transport.read_subreq = NULL;
+	talloc_set_destructor(state, NULL);
+
+	ok = tevent_queue_wait_recv(subreq);
+	if (!ok) {
+		TALLOC_FREE(state);
+		dcerpc_transport_dead(p, NT_STATUS_NO_MEMORY);
+		return;
+	}
+
+	if (tevent_queue_length(p->transport.write_queue) <= 2) {
+		status = tstream_smbXcli_np_use_trans(p->transport.stream);
+		if (!NT_STATUS_IS_OK(status)) {
+			TALLOC_FREE(state);
+			dcerpc_transport_dead(p, status);
+			return;
+		}
+	}
+
+	/* we free subreq after tstream_cli_np_use_trans */
+	TALLOC_FREE(subreq);
+
+	dcerpc_send_read(p);
+}
+
+static void dcerpc_send_request_done(struct tevent_req *subreq)
+{
+	struct dcerpc_send_request_state *state =
+		tevent_req_callback_data(subreq,
+		struct dcerpc_send_request_state);
+	int ret;
+	int error;
+
+	ret = tstream_writev_queue_recv(subreq, &error);
+	TALLOC_FREE(subreq);
+	if (ret == -1) {
+		struct dcecli_connection *p = state->p;
+		NTSTATUS status = map_nt_error_from_unix_common(error);
+
+		TALLOC_FREE(state);
+		dcerpc_transport_dead(p, status);
+		return;
+	}
+
+	TALLOC_FREE(state);
+}
diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h
new file mode 100644
index 0000000..a9cfc32
--- /dev/null
+++ b/source4/librpc/rpc/dcerpc.h
@@ -0,0 +1,264 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   DCERPC client side interface structures
+
+   Copyright (C) Tim Potter 2003
+   Copyright (C) Andrew Tridgell 2003-2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/* This is a public header file that is installed as part of Samba. 
+ * If you remove any functions or change their signature, update 
+ * the so version number. */
+
+#ifndef __S4_DCERPC_H__
+#define __S4_DCERPC_H__
+
+#include "../lib/util/data_blob.h"
+#include "librpc/gen_ndr/dcerpc.h"
+#include "../librpc/ndr/libndr.h"
+#include "../librpc/rpc/rpc_common.h"
+
+struct tevent_context;
+struct tevent_req;
+struct dcerpc_binding_handle;
+struct tstream_context;
+struct ndr_interface_table;
+struct resolve_context;
+
+/*
+  this defines a generic security context for signed/sealed dcerpc pipes.
+*/
+struct dcecli_connection;
+struct gensec_settings;
+struct cli_credentials;
+struct dcecli_security {
+	enum dcerpc_AuthType auth_type;
+	enum dcerpc_AuthLevel auth_level;
+	uint32_t auth_context_id;
+	struct {
+		struct dcerpc_auth *out;
+		struct dcerpc_auth *in;
+		TALLOC_CTX *mem;
+	} tmp_auth_info;
+	struct gensec_security *generic_state;
+
+	/* get the session key */
+	NTSTATUS (*session_key)(struct dcecli_connection *, DATA_BLOB *);
+
+	bool verified_bitmask1;
+
+};
+
+/*
+  this holds the information that is not specific to a particular rpc context_id
+*/
+struct rpc_request;
+struct dcecli_connection {
+	uint32_t call_id;
+	uint32_t srv_max_xmit_frag;
+	uint32_t srv_max_recv_frag;
+	uint32_t flags;
+	struct dcecli_security security_state;
+	struct tevent_context *event_ctx;
+
+	struct tevent_immediate *io_trigger;
+	bool io_trigger_pending;
+
+	/** Directory in which to save ndrdump-parseable files */
+	const char *packet_log_dir;
+
+	bool dead;
+	bool free_skipped;
+
+	struct dcerpc_transport {
+		enum dcerpc_transport_t transport;
+		void *private_data;
+		bool encrypted;
+
+		struct tstream_context *stream;
+		/** to serialize write events */
+		struct tevent_queue *write_queue;
+		/** the current active read request if any */
+		struct tevent_req *read_subreq;
+		/** number of read requests other than the current active */
+		uint32_t pending_reads;
+	} transport;
+
+	const char *server_name;
+
+	/* Requests that have been sent, waiting for a reply */
+	struct rpc_request *pending;
+
+	/* Sync requests waiting to be shipped */
+	struct rpc_request *request_queue;
+
+	/* the next context_id to be assigned */
+	uint32_t next_context_id;
+
+	/* The maximum total payload of reassembled response pdus */
+	size_t max_total_response_size;
+
+	/* the negotiated bind time features */
+	uint16_t bind_time_features;
+};
+
+/*
+  this encapsulates a full dcerpc client side pipe 
+*/
+struct dcerpc_pipe {
+	struct dcerpc_binding_handle *binding_handle;
+
+	uint32_t context_id;
+
+	struct GUID object;
+	struct ndr_syntax_id syntax;
+	struct ndr_syntax_id transfer_syntax;
+
+	struct dcecli_connection *conn;
+	const struct dcerpc_binding *binding;
+
+	/** the last fault code from a DCERPC fault */
+	uint32_t last_fault_code;
+
+	/** timeout for individual rpc requests, in seconds */
+	uint32_t request_timeout;
+
+	/*
+	 * Set for the timeout in dcerpc_pipe_connect_b_send(), to
+	 * allow the timeout not to destroy the stack during a nested
+	 * event loop caused by gensec_update()
+	 */
+	bool inhibit_timeout_processing;
+	bool timed_out;
+
+	bool verified_pcontext;
+};
+
+/* default timeout for all rpc requests, in seconds */
+#define DCERPC_REQUEST_TIMEOUT 60
+
+struct epm_tower;
+struct epm_floor;
+
+struct smbcli_tree;
+struct smb2_tree;
+struct smbXcli_conn;
+struct smbXcli_session;
+struct smbXcli_tcon;
+struct roh_connection;
+struct tstream_tls_params;
+struct socket_address;
+
+NTSTATUS dcerpc_pipe_connect(TALLOC_CTX *parent_ctx, 
+			     struct dcerpc_pipe **pp, 
+			     const char *binding,
+			     const struct ndr_interface_table *table,
+			     struct cli_credentials *credentials,
+			     struct tevent_context *ev,
+			     struct loadparm_context *lp_ctx);
+const char *dcerpc_server_name(struct dcerpc_pipe *p);
+struct dcerpc_pipe *dcerpc_pipe_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev);
+NTSTATUS dcerpc_pipe_open_smb(struct dcerpc_pipe *p,
+			      struct smbcli_tree *tree,
+			      const char *pipe_name);
+NTSTATUS dcerpc_pipe_open_smb2(struct dcerpc_pipe *p,
+			       struct smb2_tree *tree,
+			       const char *pipe_name);
+NTSTATUS dcerpc_bind_auth_none(struct dcerpc_pipe *p,
+			       const struct ndr_interface_table *table);
+NTSTATUS dcerpc_fetch_session_key(struct dcerpc_pipe *p,
+				  DATA_BLOB *session_key);
+bool dcerpc_transport_encrypted(struct dcerpc_pipe *p);
+struct composite_context;
+NTSTATUS dcerpc_secondary_connection_recv(struct composite_context *c,
+					  struct dcerpc_pipe **p2);
+
+struct composite_context* dcerpc_pipe_connect_b_send(TALLOC_CTX *parent_ctx,
+						     const struct dcerpc_binding *binding,
+						     const struct ndr_interface_table *table,
+						     struct cli_credentials *credentials,
+						     struct tevent_context *ev,
+						     struct loadparm_context *lp_ctx);
+
+NTSTATUS dcerpc_pipe_connect_b_recv(struct composite_context *c, TALLOC_CTX *mem_ctx,
+				    struct dcerpc_pipe **p);
+
+NTSTATUS dcerpc_pipe_connect_b(TALLOC_CTX *parent_ctx,
+			       struct dcerpc_pipe **pp,
+			       const struct dcerpc_binding *binding,
+			       const struct ndr_interface_table *table,
+			       struct cli_credentials *credentials,
+			       struct tevent_context *ev,
+			       struct loadparm_context *lp_ctx);
+
+NTSTATUS dcerpc_pipe_auth(TALLOC_CTX *mem_ctx,
+			  struct dcerpc_pipe **p, 
+			  const struct dcerpc_binding *binding,
+			  const struct ndr_interface_table *table,
+			  struct cli_credentials *credentials,
+			  struct loadparm_context *lp_ctx);
+NTSTATUS dcerpc_init(void);
+struct composite_context *dcerpc_secondary_smb_send(struct dcecli_connection *c1,
+						    struct dcecli_connection *c2,
+						    const char *pipe_name);
+NTSTATUS dcerpc_secondary_smb_recv(struct composite_context *c);
+NTSTATUS dcerpc_secondary_context(struct dcerpc_pipe *p, 
+				  struct dcerpc_pipe **pp2,
+				  const struct ndr_interface_table *table);
+NTSTATUS dcerpc_alter_context(struct dcerpc_pipe *p, 
+			      TALLOC_CTX *mem_ctx,
+			      const struct ndr_syntax_id *syntax,
+			      const struct ndr_syntax_id *transfer_syntax);
+
+NTSTATUS dcerpc_bind_auth(struct dcerpc_pipe *p,
+			  const struct ndr_interface_table *table,
+			  struct cli_credentials *credentials,
+			  struct gensec_settings *gensec_settings,
+			  uint8_t auth_type, uint8_t auth_level,
+			  const char *service);
+struct composite_context* dcerpc_pipe_connect_send(TALLOC_CTX *parent_ctx,
+						   const char *binding,
+						   const struct ndr_interface_table *table,
+						   struct cli_credentials *credentials,
+						   struct tevent_context *ev, struct loadparm_context *lp_ctx);
+NTSTATUS dcerpc_pipe_connect_recv(struct composite_context *c,
+				  TALLOC_CTX *mem_ctx,
+				  struct dcerpc_pipe **pp);
+
+NTSTATUS dcerpc_epm_map_binding(TALLOC_CTX *mem_ctx, struct dcerpc_binding *binding,
+				const struct ndr_interface_table *table, struct tevent_context *ev,
+				struct loadparm_context *lp_ctx);
+struct composite_context* dcerpc_secondary_auth_connection_send(struct dcerpc_pipe *p,
+								const struct dcerpc_binding *binding,
+								const struct ndr_interface_table *table,
+								struct cli_credentials *credentials,
+								struct loadparm_context *lp_ctx);
+NTSTATUS dcerpc_secondary_auth_connection_recv(struct composite_context *c, 
+					       TALLOC_CTX *mem_ctx,
+					       struct dcerpc_pipe **p);
+NTSTATUS dcerpc_secondary_auth_connection(struct dcerpc_pipe *p,
+					const struct dcerpc_binding *binding,
+					const struct ndr_interface_table *table,
+					struct cli_credentials *credentials,
+					struct loadparm_context *lp_ctx,
+					TALLOC_CTX *mem_ctx,
+					struct dcerpc_pipe **p2);
+
+struct composite_context* dcerpc_secondary_connection_send(struct dcerpc_pipe *p,
+							   const struct dcerpc_binding *b);
+
+#endif /* __S4_DCERPC_H__ */
diff --git a/source4/librpc/rpc/dcerpc.py b/source4/librpc/rpc/dcerpc.py
new file mode 100644
index 0000000..64dd6e3
--- /dev/null
+++ b/source4/librpc/rpc/dcerpc.py
@@ -0,0 +1,18 @@
+# Unix SMB/CIFS implementation.
+# Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2008
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+from samba.dcerpc.base import *
diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c
new file mode 100644
index 0000000..7f84bdf
--- /dev/null
+++ b/source4/librpc/rpc/dcerpc_auth.c
@@ -0,0 +1,556 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Generic Authentication Interface
+
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
+   Copyright (C) Stefan Metzmacher 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <tevent.h>
+#include "libcli/composite/composite.h"
+#include "auth/gensec/gensec.h"
+#include "librpc/rpc/dcerpc.h"
+#include "librpc/rpc/dcerpc_proto.h"
+#include "param/param.h"
+
+/*
+  return the rpc syntax and transfer syntax given the pipe uuid and version
+*/
+static NTSTATUS dcerpc_init_syntaxes(struct dcerpc_pipe *p,
+				     const struct ndr_interface_table *table,
+				     struct ndr_syntax_id *syntax,
+				     struct ndr_syntax_id *transfer_syntax)
+{
+	struct GUID *object = NULL;
+
+	p->object = dcerpc_binding_get_object(p->binding);
+	if (!GUID_all_zero(&p->object)) {
+		object = &p->object;
+	}
+
+	p->binding_handle = dcerpc_pipe_binding_handle(p, object, table);
+	if (p->binding_handle == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	syntax->uuid = table->syntax_id.uuid;
+	syntax->if_version = table->syntax_id.if_version;
+
+	if (p->conn->flags & DCERPC_NDR64) {
+		*transfer_syntax = ndr_transfer_syntax_ndr64;
+	} else {
+		*transfer_syntax = ndr_transfer_syntax_ndr;
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  Send request to do a non-authenticated dcerpc bind
+*/
+static void dcerpc_bind_auth_none_done(struct tevent_req *subreq);
+
+struct composite_context *dcerpc_bind_auth_none_send(TALLOC_CTX *mem_ctx,
+						     struct dcerpc_pipe *p,
+						     const struct ndr_interface_table *table)
+{
+	struct ndr_syntax_id syntax;
+	struct ndr_syntax_id transfer_syntax;
+
+	struct composite_context *c;
+	struct tevent_req *subreq;
+
+	c = composite_create(mem_ctx, p->conn->event_ctx);
+	if (c == NULL) return NULL;
+
+	c->status = dcerpc_init_syntaxes(p, table,
+					 &syntax, &transfer_syntax);
+	if (!NT_STATUS_IS_OK(c->status)) {
+		DEBUG(2,("Invalid uuid string in "
+			 "dcerpc_bind_auth_none_send\n"));
+		composite_error(c, c->status);
+		return c;
+	}
+
+	subreq = dcerpc_bind_send(mem_ctx, p->conn->event_ctx, p,
+				  &syntax, &transfer_syntax);
+	if (composite_nomem(subreq, c)) return c;
+	tevent_req_set_callback(subreq, dcerpc_bind_auth_none_done, c);
+
+	return c;
+}
+
+static void dcerpc_bind_auth_none_done(struct tevent_req *subreq)
+{
+	struct composite_context *ctx =
+		tevent_req_callback_data(subreq,
+		struct composite_context);
+
+	ctx->status = dcerpc_bind_recv(subreq);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(ctx)) return;
+
+	composite_done(ctx);
+}
+
+/*
+  Receive result of a non-authenticated dcerpc bind
+*/
+NTSTATUS dcerpc_bind_auth_none_recv(struct composite_context *ctx)
+{
+	NTSTATUS result = composite_wait(ctx);
+	TALLOC_FREE(ctx);
+	return result;
+}
+
+
+/*
+  Perform sync non-authenticated dcerpc bind
+*/
+_PUBLIC_ NTSTATUS dcerpc_bind_auth_none(struct dcerpc_pipe *p,
+			       const struct ndr_interface_table *table)
+{
+	struct composite_context *ctx;
+
+	ctx = dcerpc_bind_auth_none_send(p, p, table);
+	return dcerpc_bind_auth_none_recv(ctx);
+}
+
+
+struct bind_auth_state {
+	struct dcerpc_pipe *pipe;
+	struct ndr_syntax_id syntax;
+	struct ndr_syntax_id transfer_syntax;
+	struct dcerpc_auth out_auth_info;
+	struct dcerpc_auth in_auth_info;
+	bool more_processing;	/* Is there anything more to do after the
+				 * first bind itself received? */
+};
+
+static void bind_auth_next_gensec_done(struct tevent_req *subreq);
+static void bind_auth_recv_alter(struct tevent_req *subreq);
+
+static void bind_auth_next_step(struct composite_context *c)
+{
+	struct bind_auth_state *state;
+	struct dcecli_security *sec;
+	struct tevent_req *subreq;
+
+	state = talloc_get_type(c->private_data, struct bind_auth_state);
+	sec = &state->pipe->conn->security_state;
+
+	if (state->in_auth_info.auth_type != sec->auth_type) {
+		composite_error(c, NT_STATUS_RPC_PROTOCOL_ERROR);
+		return;
+	}
+
+	if (state->in_auth_info.auth_level != sec->auth_level) {
+		composite_error(c, NT_STATUS_RPC_PROTOCOL_ERROR);
+		return;
+	}
+
+	if (state->in_auth_info.auth_context_id != sec->auth_context_id) {
+		composite_error(c, NT_STATUS_RPC_PROTOCOL_ERROR);
+		return;
+	}
+
+	state->out_auth_info = (struct dcerpc_auth) {
+		.auth_type = sec->auth_type,
+		.auth_level = sec->auth_level,
+		.auth_context_id = sec->auth_context_id,
+	};
+
+	/* The status value here, from GENSEC is vital to the security
+	 * of the system.  Even if the other end accepts, if GENSEC
+	 * claims 'MORE_PROCESSING_REQUIRED' then you must keep
+	 * feeding it blobs, or else the remote host/attacker might
+	 * avoid mutual authentication requirements.
+	 *
+	 * Likewise, you must not feed GENSEC too much (after the OK),
+	 * it doesn't like that either
+	 */
+
+	state->pipe->inhibit_timeout_processing = true;
+	state->pipe->timed_out = false;
+
+	subreq = gensec_update_send(state,
+				    state->pipe->conn->event_ctx,
+				    sec->generic_state,
+				    state->in_auth_info.credentials);
+	if (composite_nomem(subreq, c)) return;
+	tevent_req_set_callback(subreq, bind_auth_next_gensec_done, c);
+}
+
+static void bind_auth_next_gensec_done(struct tevent_req *subreq)
+{
+	struct composite_context *c =
+		tevent_req_callback_data(subreq,
+		struct composite_context);
+	struct bind_auth_state *state =
+		talloc_get_type_abort(c->private_data,
+		struct bind_auth_state);
+	struct dcerpc_pipe *p = state->pipe;
+	struct dcecli_security *sec = &p->conn->security_state;
+	bool more_processing = false;
+
+	state->pipe->inhibit_timeout_processing = false;
+
+	c->status = gensec_update_recv(subreq, state,
+				       &state->out_auth_info.credentials);
+	TALLOC_FREE(subreq);
+
+	if (NT_STATUS_EQUAL(c->status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+		more_processing = true;
+		c->status = NT_STATUS_OK;
+	}
+
+	if (!composite_is_ok(c)) return;
+
+	if (!more_processing) {
+		if (state->pipe->conn->flags & DCERPC_HEADER_SIGNING) {
+			gensec_want_feature(sec->generic_state,
+					GENSEC_FEATURE_SIGN_PKT_HEADER);
+		}
+	}
+
+	if (state->out_auth_info.credentials.length == 0) {
+		composite_done(c);
+		return;
+	}
+
+	state->in_auth_info = (struct dcerpc_auth) {
+		.auth_type = DCERPC_AUTH_TYPE_NONE,
+	};
+	sec->tmp_auth_info.in = &state->in_auth_info;
+	sec->tmp_auth_info.mem = state;
+	sec->tmp_auth_info.out = &state->out_auth_info;
+
+	if (!more_processing) {
+		/* NO reply expected, so just send it */
+		c->status = dcerpc_auth3(state->pipe, state);
+		if (!composite_is_ok(c)) return;
+
+		composite_done(c);
+		return;
+	}
+
+	/* We are demanding a reply, so use a request that will get us one */
+
+	subreq = dcerpc_alter_context_send(state, state->pipe->conn->event_ctx,
+					   state->pipe,
+					   &state->pipe->syntax,
+					   &state->pipe->transfer_syntax);
+	if (composite_nomem(subreq, c)) return;
+	tevent_req_set_callback(subreq, bind_auth_recv_alter, c);
+}
+
+
+static void bind_auth_recv_alter(struct tevent_req *subreq)
+{
+	struct composite_context *c =
+		tevent_req_callback_data(subreq,
+		struct composite_context);
+	struct bind_auth_state *state =	talloc_get_type(c->private_data,
+							struct bind_auth_state);
+	struct dcecli_security *sec = &state->pipe->conn->security_state;
+
+	ZERO_STRUCT(sec->tmp_auth_info);
+
+	c->status = dcerpc_alter_context_recv(subreq);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	bind_auth_next_step(c);
+}
+
+
+static void bind_auth_recv_bindreply(struct tevent_req *subreq)
+{
+	struct composite_context *c =
+		tevent_req_callback_data(subreq,
+		struct composite_context);
+	struct bind_auth_state *state =	talloc_get_type(c->private_data,
+							struct bind_auth_state);
+	struct dcecli_security *sec = &state->pipe->conn->security_state;
+
+	ZERO_STRUCT(sec->tmp_auth_info);
+
+	c->status = dcerpc_bind_recv(subreq);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	if (!state->more_processing) {
+		/* The first gensec_update has not requested a second run, so
+		 * we're done here. */
+		composite_done(c);
+		return;
+	}
+
+	bind_auth_next_step(c);
+}
+
+
+static void dcerpc_bind_auth_gensec_done(struct tevent_req *subreq);
+
+/**
+   Bind to a DCE/RPC pipe, send async request
+   @param mem_ctx TALLOC_CTX for the allocation of the composite_context
+   @param p The dcerpc_pipe to bind (must already be connected)
+   @param table The interface table to use (the DCE/RPC bind both selects and interface and authenticates)
+   @param credentials The credentials of the account to connect with 
+   @param auth_type Select the authentication scheme to use
+   @param auth_level Chooses between unprotected (connect), signed or sealed
+   @param service The service (used by Kerberos to select the service principal to contact)
+   @retval A composite context describing the partial state of the bind
+*/
+
+struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx,
+						struct dcerpc_pipe *p,
+						const struct ndr_interface_table *table,
+						struct cli_credentials *credentials,
+						struct gensec_settings *gensec_settings,
+						uint8_t auth_type, uint8_t auth_level,
+						const char *service)
+{
+	struct composite_context *c;
+	struct bind_auth_state *state;
+	struct dcecli_security *sec;
+	struct tevent_req *subreq;
+	const char *target_principal = NULL;
+
+	/* composite context allocation and setup */
+	c = composite_create(mem_ctx, p->conn->event_ctx);
+	if (c == NULL) return NULL;
+
+	state = talloc(c, struct bind_auth_state);
+	if (composite_nomem(state, c)) return c;
+	c->private_data = state;
+
+	state->pipe = p;
+
+	c->status = dcerpc_init_syntaxes(p, table,
+					 &state->syntax,
+					 &state->transfer_syntax);
+	if (!composite_is_ok(c)) return c;
+
+	sec = &p->conn->security_state;
+
+	c->status = gensec_client_start(p, &sec->generic_state,
+					gensec_settings);
+	if (!NT_STATUS_IS_OK(c->status)) {
+		DEBUG(1, ("Failed to start GENSEC client mode: %s\n",
+			  nt_errstr(c->status)));
+		composite_error(c, c->status);
+		return c;
+	}
+
+	c->status = gensec_set_credentials(sec->generic_state, credentials);
+	if (!NT_STATUS_IS_OK(c->status)) {
+		DEBUG(1, ("Failed to set GENSEC client credentials: %s\n",
+			  nt_errstr(c->status)));
+		composite_error(c, c->status);
+		return c;
+	}
+
+	c->status = gensec_set_target_hostname(sec->generic_state,
+					       dcerpc_server_name(p));
+	if (!NT_STATUS_IS_OK(c->status)) {
+		DEBUG(1, ("Failed to set GENSEC target hostname: %s\n", 
+			  nt_errstr(c->status)));
+		composite_error(c, c->status);
+		return c;
+	}
+
+	if (service != NULL) {
+		c->status = gensec_set_target_service(sec->generic_state,
+						      service);
+		if (!NT_STATUS_IS_OK(c->status)) {
+			DEBUG(1, ("Failed to set GENSEC target service: %s\n",
+				  nt_errstr(c->status)));
+			composite_error(c, c->status);
+			return c;
+		}
+	}
+
+	if (p->binding != NULL) {
+		target_principal = dcerpc_binding_get_string_option(p->binding,
+							"target_principal");
+	}
+	if (target_principal != NULL) {
+		c->status = gensec_set_target_principal(sec->generic_state,
+							target_principal);
+		if (!NT_STATUS_IS_OK(c->status)) {
+			DEBUG(1, ("Failed to set GENSEC target principal to %s: %s\n",
+				  target_principal, nt_errstr(c->status)));
+			composite_error(c, c->status);
+			return c;
+		}
+	}
+
+	c->status = gensec_start_mech_by_authtype(sec->generic_state,
+						  auth_type, auth_level);
+	if (!NT_STATUS_IS_OK(c->status)) {
+		DEBUG(1, ("Failed to start GENSEC client mechanism %s: %s\n",
+			  gensec_get_name_by_authtype(sec->generic_state, auth_type),
+			  nt_errstr(c->status)));
+		composite_error(c, c->status);
+		return c;
+	}
+
+	sec->auth_type = auth_type;
+	sec->auth_level = auth_level,
+	/*
+	 * We use auth_context_id = 1 as some older
+	 * Samba versions (<= 4.2.3) use that value hardcoded
+	 * in a response.
+	 */
+	sec->auth_context_id = 1;
+
+	state->out_auth_info = (struct dcerpc_auth) {
+		.auth_type = sec->auth_type,
+		.auth_level = sec->auth_level,
+		.auth_context_id = sec->auth_context_id,
+	};
+
+	/* The status value here, from GENSEC is vital to the security
+	 * of the system.  Even if the other end accepts, if GENSEC
+	 * claims 'MORE_PROCESSING_REQUIRED' then you must keep
+	 * feeding it blobs, or else the remote host/attacker might
+	 * avoid mutual authentication requirements.
+	 *
+	 * Likewise, you must not feed GENSEC too much (after the OK),
+	 * it doesn't like that either
+	 */
+
+	state->pipe->inhibit_timeout_processing = true;
+	state->pipe->timed_out = false;
+
+	subreq = gensec_update_send(state,
+				    p->conn->event_ctx,
+				    sec->generic_state,
+				    data_blob_null);
+	if (composite_nomem(subreq, c)) return c;
+	tevent_req_set_callback(subreq, dcerpc_bind_auth_gensec_done, c);
+
+	return c;
+}
+
+static void dcerpc_bind_auth_gensec_done(struct tevent_req *subreq)
+{
+	struct composite_context *c =
+		tevent_req_callback_data(subreq,
+		struct composite_context);
+	struct bind_auth_state *state =
+		talloc_get_type_abort(c->private_data,
+		struct bind_auth_state);
+	struct dcerpc_pipe *p = state->pipe;
+	struct dcecli_security *sec = &p->conn->security_state;
+
+	state->pipe->inhibit_timeout_processing = false;
+
+	c->status = gensec_update_recv(subreq, state,
+				       &state->out_auth_info.credentials);
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(c->status) &&
+	    !NT_STATUS_EQUAL(c->status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+		composite_error(c, c->status);
+		return;
+	}
+
+	state->more_processing = NT_STATUS_EQUAL(c->status,
+						 NT_STATUS_MORE_PROCESSING_REQUIRED);
+
+	if (state->out_auth_info.credentials.length == 0) {
+		composite_done(c);
+		return;
+	}
+
+	if (gensec_have_feature(sec->generic_state, GENSEC_FEATURE_SIGN_PKT_HEADER)) {
+		if (sec->auth_level >= DCERPC_AUTH_LEVEL_PACKET) {
+			state->pipe->conn->flags |= DCERPC_PROPOSE_HEADER_SIGNING;
+		}
+	}
+
+	state->in_auth_info = (struct dcerpc_auth) {
+		.auth_type = DCERPC_AUTH_TYPE_NONE,
+	};
+	sec->tmp_auth_info.in = &state->in_auth_info;
+	sec->tmp_auth_info.mem = state;
+	sec->tmp_auth_info.out = &state->out_auth_info;
+
+	/* The first request always is a dcerpc_bind. The subsequent ones
+	 * depend on gensec results */
+	subreq = dcerpc_bind_send(state, p->conn->event_ctx, p,
+				  &state->syntax, &state->transfer_syntax);
+	if (composite_nomem(subreq, c)) return;
+	tevent_req_set_callback(subreq, bind_auth_recv_bindreply, c);
+
+	return;
+}
+
+
+/**
+   Bind to a DCE/RPC pipe, receive result
+   @param creq A composite context describing state of async call
+   @retval NTSTATUS code
+*/
+
+NTSTATUS dcerpc_bind_auth_recv(struct composite_context *creq)
+{
+	NTSTATUS result = composite_wait(creq);
+	struct bind_auth_state *state = talloc_get_type(creq->private_data,
+							struct bind_auth_state);
+
+	if (NT_STATUS_IS_OK(result)) {
+		/*
+		  after a successful authenticated bind the session
+		  key reverts to the generic session key
+		*/
+		state->pipe->conn->security_state.session_key = dcecli_generic_session_key;
+	}
+	
+	talloc_free(creq);
+	return result;
+}
+
+
+/**
+   Perform a GENSEC authenticated bind to a DCE/RPC pipe, sync
+   @param p The dcerpc_pipe to bind (must already be connected)
+   @param table The interface table to use (the DCE/RPC bind both selects and interface and authenticates)
+   @param credentials The credentials of the account to connect with 
+   @param auth_type Select the authentication scheme to use
+   @param auth_level Chooses between unprotected (connect), signed or sealed
+   @param service The service (used by Kerberos to select the service principal to contact)
+   @retval NTSTATUS status code
+*/
+
+_PUBLIC_ NTSTATUS dcerpc_bind_auth(struct dcerpc_pipe *p,
+			  const struct ndr_interface_table *table,
+			  struct cli_credentials *credentials,
+			  struct gensec_settings *gensec_settings,
+			  uint8_t auth_type, uint8_t auth_level,
+			  const char *service)
+{
+	struct composite_context *creq;
+	creq = dcerpc_bind_auth_send(p, p, table, credentials, gensec_settings,
+				     auth_type, auth_level, service);
+	return dcerpc_bind_auth_recv(creq);
+}
diff --git a/source4/librpc/rpc/dcerpc_connect.c b/source4/librpc/rpc/dcerpc_connect.c
new file mode 100644
index 0000000..69183a2
--- /dev/null
+++ b/source4/librpc/rpc/dcerpc_connect.c
@@ -0,0 +1,1252 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   dcerpc connect functions
+
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) Jelmer Vernooij 2004
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2007
+   Copyright (C) Rafal Szczesniak  2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include "includes.h"
+#include "libcli/composite/composite.h"
+#include "libcli/smb_composite/smb_composite.h"
+#include "lib/events/events.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "libcli/smb/smbXcli_base.h"
+#include "librpc/rpc/dcerpc.h"
+#include "librpc/rpc/dcerpc_proto.h"
+#include "auth/credentials/credentials.h"
+#include "param/param.h"
+#include "libcli/resolve/resolve.h"
+#include "libcli/http/http.h"
+#include "lib/util/util_net.h"
+
+#undef strcasecmp
+
+struct dcerpc_pipe_connect {
+	struct dcecli_connection *conn;
+	struct dcerpc_binding *binding;
+	const struct ndr_interface_table *interface;
+	struct cli_credentials *creds;
+	struct resolve_context *resolve_ctx;
+	struct {
+		const char *dir;
+	} ncalrpc;
+	struct {
+		struct smbXcli_conn *conn;
+		struct smbXcli_session *session;
+		struct smbXcli_tcon *tcon;
+		const char *pipe_name;
+	} smb;
+};
+
+struct pipe_np_smb_state {
+	struct smb_composite_connect conn;
+	struct dcerpc_pipe_connect io;
+};
+
+
+/*
+  Stage 3 of ncacn_np_smb: Named pipe opened (or not)
+*/
+static void continue_pipe_open_smb(struct composite_context *ctx)
+{
+	struct composite_context *c = talloc_get_type(ctx->async.private_data,
+						      struct composite_context);
+
+	/* receive result of named pipe open request on smb */
+	c->status = dcerpc_pipe_open_smb_recv(ctx);
+	if (!composite_is_ok(c)) return;
+
+	composite_done(c);
+}
+
+static void continue_smb_open(struct composite_context *c);
+static void continue_smb2_connect(struct tevent_req *subreq);
+static void continue_smbXcli_connect(struct tevent_req *subreq);
+
+/*
+  Stage 2 of ncacn_np_smb: Open a named pipe after successful smb connection
+*/
+static void continue_smb_connect(struct composite_context *ctx)
+{
+	struct composite_context *c = talloc_get_type(ctx->async.private_data,
+						      struct composite_context);
+	struct pipe_np_smb_state *s = talloc_get_type(c->private_data,
+						      struct pipe_np_smb_state);
+	struct smbcli_tree *t;
+
+	/* receive result of smb connect request */
+	c->status = smb_composite_connect_recv(ctx, s->io.conn);
+	if (!composite_is_ok(c)) return;
+
+	t = s->conn.out.tree;
+
+	/* prepare named pipe open parameters */
+	s->io.smb.conn = t->session->transport->conn;
+	s->io.smb.session = t->session->smbXcli;
+	s->io.smb.tcon = t->smbXcli;
+	smb1cli_tcon_set_id(s->io.smb.tcon, t->tid);
+	s->io.smb.pipe_name = dcerpc_binding_get_string_option(s->io.binding,
+							       "endpoint");
+
+	continue_smb_open(c);
+}
+
+static void continue_smb_open(struct composite_context *c)
+{
+	struct pipe_np_smb_state *s = talloc_get_type(c->private_data,
+						      struct pipe_np_smb_state);
+	struct composite_context *open_ctx;
+
+	/* send named pipe open request */
+	open_ctx = dcerpc_pipe_open_smb_send(s->io.conn,
+					     s->io.smb.conn,
+					     s->io.smb.session,
+					     s->io.smb.tcon,
+					     DCERPC_REQUEST_TIMEOUT * 1000,
+					     s->io.smb.pipe_name);
+	if (composite_nomem(open_ctx, c)) return;
+
+	composite_continue(c, open_ctx, continue_pipe_open_smb, c);
+}
+
+
+/*
+  Initiate async open of a rpc connection to a rpc pipe on SMB using
+  the binding structure to determine the endpoint and options
+*/
+static struct composite_context *dcerpc_pipe_connect_ncacn_np_smb_send(TALLOC_CTX *mem_ctx, struct dcerpc_pipe_connect *io, struct loadparm_context *lp_ctx)
+{
+	struct composite_context *c;
+	struct pipe_np_smb_state *s;
+	struct tevent_req *subreq = NULL;
+	struct smb_composite_connect *conn;
+	uint32_t flags;
+	const char *target_hostname = NULL;
+	const char *dest_address = NULL;
+	const char *calling_name = NULL;
+
+	/* composite context allocation and setup */
+	c = composite_create(mem_ctx, io->conn->event_ctx);
+	if (c == NULL) return NULL;
+
+	s = talloc_zero(c, struct pipe_np_smb_state);
+	if (composite_nomem(s, c)) return c;
+	c->private_data = s;
+
+	s->io  = *io;
+	conn   = &s->conn;
+
+	if (smbXcli_conn_is_connected(s->io.smb.conn)) {
+		continue_smb_open(c);
+		return c;
+	}
+
+	if (s->io.creds == NULL) {
+		composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
+		return c;
+	}
+
+	/* prepare smb connection parameters: we're connecting to IPC$ share on
+	   remote rpc server */
+	target_hostname = dcerpc_binding_get_string_option(s->io.binding, "target_hostname");
+	conn->in.dest_host = dcerpc_binding_get_string_option(s->io.binding, "host");
+	conn->in.dest_ports = lpcfg_smb_ports(lp_ctx);
+	conn->in.called_name = target_hostname;
+	if (conn->in.called_name == NULL) {
+		conn->in.called_name = "*SMBSERVER";
+	}
+	conn->in.socket_options         = lpcfg_socket_options(lp_ctx);
+	conn->in.service                = "IPC$";
+	conn->in.service_type           = NULL;
+	conn->in.workgroup		= lpcfg_workgroup(lp_ctx);
+	conn->in.gensec_settings = lpcfg_gensec_settings(conn, lp_ctx);
+
+	lpcfg_smbcli_options(lp_ctx, &conn->in.options);
+	lpcfg_smbcli_session_options(lp_ctx, &conn->in.session_options);
+
+	/*
+	 * provide proper credentials - user supplied, but allow a
+	 * fallback to anonymous if this is an schannel connection
+	 * (might be NT4 not allowing machine logins at session
+	 * setup) or if asked to do so by the caller (perhaps a SAMR password change?)
+	 */
+	s->conn.in.credentials = s->io.creds;
+	flags = dcerpc_binding_get_flags(s->io.binding);
+	if (flags & (DCERPC_SCHANNEL|DCERPC_ANON_FALLBACK)) {
+		conn->in.fallback_to_anonymous  = true;
+	} else {
+		conn->in.fallback_to_anonymous  = false;
+	}
+
+	conn->in.options.min_protocol = lpcfg_client_ipc_min_protocol(lp_ctx);
+	conn->in.options.max_protocol = lpcfg_client_ipc_max_protocol(lp_ctx);
+	if ((flags & DCERPC_SMB1) && (flags & DCERPC_SMB2)) {
+		/* auto */
+	} else if (flags & DCERPC_SMB2) {
+		if (conn->in.options.min_protocol < PROTOCOL_SMB2_02) {
+			conn->in.options.min_protocol = PROTOCOL_SMB2_02;
+		}
+		if (conn->in.options.max_protocol < PROTOCOL_SMB2_02) {
+			conn->in.options.max_protocol = PROTOCOL_LATEST;
+		}
+	} else if (flags & DCERPC_SMB1) {
+		conn->in.options.min_protocol = PROTOCOL_NT1;
+		conn->in.options.max_protocol = PROTOCOL_NT1;
+	} else {
+		/* auto */
+	}
+
+	conn->in.options.signing = lpcfg_client_ipc_signing(lp_ctx);
+
+	if (s->conn.in.credentials != NULL) {
+		calling_name = cli_credentials_get_workstation(s->conn.in.credentials);
+	}
+	if (calling_name == NULL) {
+		calling_name = "SMBCLIENT";
+	}
+
+	if (target_hostname == NULL) {
+		target_hostname = conn->in.dest_host;
+	}
+
+	if (conn->in.dest_host != NULL && is_ipaddress(conn->in.dest_host)) {
+		dest_address = conn->in.dest_host;
+	}
+
+	subreq = smb_connect_nego_send(s,
+				       c->event_ctx,
+				       s->io.resolve_ctx,
+				       &conn->in.options,
+				       conn->in.socket_options,
+				       conn->in.dest_host,
+				       dest_address,
+				       conn->in.dest_ports,
+				       target_hostname,
+				       conn->in.called_name,
+				       calling_name);
+	if (composite_nomem(subreq, c)) return c;
+	tevent_req_set_callback(subreq,
+				continue_smbXcli_connect,
+				c);
+
+	return c;
+}
+
+static void continue_smbXcli_connect(struct tevent_req *subreq)
+{
+	struct composite_context *c =
+		tevent_req_callback_data(subreq,
+		struct composite_context);
+	struct pipe_np_smb_state *s =
+		talloc_get_type_abort(c->private_data,
+		struct pipe_np_smb_state);
+	struct smb_composite_connect *conn = &s->conn;
+	struct composite_context *creq = NULL;
+	enum protocol_types protocol;
+
+	c->status = smb_connect_nego_recv(subreq, s,
+					  &conn->in.existing_conn);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	protocol = smbXcli_conn_protocol(conn->in.existing_conn);
+	if (protocol >= PROTOCOL_SMB2_02) {
+		/*
+		 * continue with smb2 session setup/tree connect
+		 * on the established connection.
+		 */
+		subreq = smb2_connect_send(s, c->event_ctx,
+				conn->in.dest_host,
+				conn->in.dest_ports,
+				conn->in.service,
+				s->io.resolve_ctx,
+				conn->in.credentials,
+				conn->in.fallback_to_anonymous,
+				&conn->in.existing_conn,
+				0, /* previous_session_id */
+				&conn->in.options,
+				conn->in.socket_options,
+				conn->in.gensec_settings);
+		if (composite_nomem(subreq, c)) return;
+		tevent_req_set_callback(subreq, continue_smb2_connect, c);
+		return;
+	}
+
+	/*
+	 * continue with smb1 session setup/tree connect
+	 * on the established connection.
+	 */
+	creq = smb_composite_connect_send(conn, s->io.conn,
+					  s->io.resolve_ctx,
+					  c->event_ctx);
+	if (composite_nomem(creq, c)) return;
+
+	composite_continue(c, creq, continue_smb_connect, c);
+	return;
+}
+
+
+/*
+  Receive result of a rpc connection to a rpc pipe on SMB
+*/
+static NTSTATUS dcerpc_pipe_connect_ncacn_np_smb_recv(struct composite_context *c)
+{
+	NTSTATUS status = composite_wait(c);
+
+	talloc_free(c);
+	return status;
+}
+
+/*
+  Stage 2 of ncacn_np_smb2: Open a named pipe after successful smb2 connection
+*/
+static void continue_smb2_connect(struct tevent_req *subreq)
+{
+	struct composite_context *c =
+		tevent_req_callback_data(subreq,
+		struct composite_context);
+	struct pipe_np_smb_state *s = talloc_get_type(c->private_data,
+						      struct pipe_np_smb_state);
+	struct smb2_tree *t;
+
+	/* receive result of smb2 connect request */
+	c->status = smb2_connect_recv(subreq, s->io.conn, &t);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	s->io.smb.conn = t->session->transport->conn;
+	s->io.smb.session = t->session->smbXcli;
+	s->io.smb.tcon = t->smbXcli;
+	s->io.smb.pipe_name = dcerpc_binding_get_string_option(s->io.binding,
+							       "endpoint");
+
+	continue_smb_open(c);
+}
+
+
+struct pipe_ip_tcp_state {
+	struct dcerpc_pipe_connect io;
+	const char *localaddr;
+	const char *host;
+	const char *target_hostname;
+	uint32_t port;
+};
+
+
+/*
+  Stage 2 of ncacn_ip_tcp: rpc pipe opened (or not)
+*/
+static void continue_pipe_open_ncacn_ip_tcp(struct composite_context *ctx)
+{
+	struct composite_context *c = talloc_get_type(ctx->async.private_data,
+						      struct composite_context);
+	struct pipe_ip_tcp_state *s = talloc_get_type(c->private_data,
+						      struct pipe_ip_tcp_state);
+	char *localaddr = NULL;
+	char *remoteaddr = NULL;
+
+	/* receive result of named pipe open request on tcp/ip */
+	c->status = dcerpc_pipe_open_tcp_recv(ctx, s, &localaddr, &remoteaddr);
+	if (!composite_is_ok(c)) return;
+
+	c->status = dcerpc_binding_set_string_option(s->io.binding,
+						     "localaddress",
+						     localaddr);
+	if (!composite_is_ok(c)) return;
+
+	c->status = dcerpc_binding_set_string_option(s->io.binding,
+						     "host",
+						     remoteaddr);
+	if (!composite_is_ok(c)) return;
+
+	composite_done(c);
+}
+
+
+/*
+  Initiate async open of a rpc connection to a rpc pipe on TCP/IP using
+  the binding structure to determine the endpoint and options
+*/
+static struct composite_context* dcerpc_pipe_connect_ncacn_ip_tcp_send(TALLOC_CTX *mem_ctx,
+								       struct dcerpc_pipe_connect *io)
+{
+	struct composite_context *c;
+	struct pipe_ip_tcp_state *s;
+	struct composite_context *pipe_req;
+	const char *endpoint;
+
+	/* composite context allocation and setup */
+	c = composite_create(mem_ctx, io->conn->event_ctx);
+	if (c == NULL) return NULL;
+
+	s = talloc_zero(c, struct pipe_ip_tcp_state);
+	if (composite_nomem(s, c)) return c;
+	c->private_data = s;
+
+	/* store input parameters in state structure */
+	s->io = *io;
+	s->localaddr = dcerpc_binding_get_string_option(io->binding,
+							"localaddress");
+	s->host = dcerpc_binding_get_string_option(io->binding, "host");
+	s->target_hostname = dcerpc_binding_get_string_option(io->binding,
+							      "target_hostname");
+	endpoint = dcerpc_binding_get_string_option(io->binding, "endpoint");
+	/* port number is a binding endpoint here */
+	if (endpoint != NULL) {
+		s->port = atoi(endpoint);
+	}
+
+	if (s->port == 0) {
+		composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
+		return c;
+	}
+
+	/* send pipe open request on tcp/ip */
+	pipe_req = dcerpc_pipe_open_tcp_send(s->io.conn, s->localaddr, s->host, s->target_hostname,
+					     s->port, io->resolve_ctx);
+	composite_continue(c, pipe_req, continue_pipe_open_ncacn_ip_tcp, c);
+	return c;
+}
+
+
+/*
+  Receive result of a rpc connection to a rpc pipe on TCP/IP
+*/
+static NTSTATUS dcerpc_pipe_connect_ncacn_ip_tcp_recv(struct composite_context *c)
+{
+	NTSTATUS status = composite_wait(c);
+	
+	talloc_free(c);
+	return status;
+}
+
+
+struct pipe_http_state {
+	struct dcerpc_pipe_connect io;
+	const char *localaddr;
+	const char *target_hostname;
+	const char *rpc_server;
+	uint32_t rpc_server_port;
+	char *rpc_proxy;
+	uint32_t rpc_proxy_port;
+	char *http_proxy;
+	uint32_t http_proxy_port;
+	bool use_tls;
+	bool use_proxy;
+	enum http_auth_method http_auth;
+	struct loadparm_context *lp_ctx;
+};
+
+/*
+  Stage 2 of ncacn_http: rpc pipe opened (or not)
+ */
+static void continue_pipe_open_ncacn_http(struct tevent_req *subreq)
+{
+	struct composite_context *c = NULL;
+	struct pipe_http_state *s = NULL;
+	struct tstream_context *stream = NULL;
+	struct tevent_queue *queue = NULL;
+
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type(c->private_data, struct pipe_http_state);
+
+	/* receive result of RoH connect request */
+	c->status = dcerpc_pipe_open_roh_recv(subreq, s->io.conn,
+	                                      &stream, &queue);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	s->io.conn->transport.transport = NCACN_HTTP;
+	s->io.conn->transport.stream = stream;
+	s->io.conn->transport.write_queue = queue;
+	s->io.conn->transport.pending_reads = 0;
+	s->io.conn->server_name = strupper_talloc(s->io.conn,
+						  s->target_hostname);
+
+	composite_done(c);
+}
+
+/*
+  Initiate async open of a rpc connection to a rpc pipe using HTTP transport,
+  and using the binding structure to determine the endpoint and options
+*/
+static struct composite_context* dcerpc_pipe_connect_ncacn_http_send(
+		TALLOC_CTX *mem_ctx, struct dcerpc_pipe_connect *io,
+		struct loadparm_context *lp_ctx)
+{
+	struct composite_context *c;
+	struct pipe_http_state *s;
+	struct tevent_req *subreq;
+	const char *endpoint;
+	const char *use_proxy;
+	char *proxy;
+	char *port;
+	const char *opt;
+
+	/* composite context allocation and setup */
+	c = composite_create(mem_ctx, io->conn->event_ctx);
+	if (c == NULL) return NULL;
+
+	s = talloc_zero(c, struct pipe_http_state);
+	if (composite_nomem(s, c)) return c;
+	c->private_data = s;
+
+	/* store input parameters in state structure */
+	s->lp_ctx	= lp_ctx;
+	s->io		= *io;
+	s->localaddr 	= dcerpc_binding_get_string_option(io->binding,
+							"localaddress");
+	/* RPC server and port (the endpoint) */
+	s->rpc_server = dcerpc_binding_get_string_option(io->binding, "host");
+	s->target_hostname = dcerpc_binding_get_string_option(io->binding,
+							      "target_hostname");
+	endpoint = dcerpc_binding_get_string_option(io->binding, "endpoint");
+	if (endpoint == NULL) {
+		composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
+		return c;
+	}
+	s->rpc_server_port = atoi(endpoint);
+	if (s->rpc_server_port == 0) {
+		composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
+		return c;
+	}
+
+	/* Use TLS */
+	opt = dcerpc_binding_get_string_option(io->binding, "HttpUseTls");
+	if (opt) {
+		if (strcasecmp(opt, "true") == 0) {
+			s->use_tls = true;
+		} else if (strcasecmp(opt, "false") == 0) {
+			s->use_tls = false;
+		} else {
+			composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
+			return c;
+		}
+	} else {
+		s->use_tls = true;
+	}
+
+	/* RPC Proxy */
+	proxy = port = talloc_strdup(s, dcerpc_binding_get_string_option(
+			io->binding, "RpcProxy"));
+	s->rpc_proxy  = strsep(&port, ":");
+	if (proxy && port) {
+		s->rpc_proxy_port = atoi(port);
+	} else {
+		s->rpc_proxy_port = s->use_tls ? 443 : 80;
+	}
+	if (s->rpc_proxy == NULL) {
+		s->rpc_proxy = talloc_strdup(s, s->rpc_server);
+		if (composite_nomem(s->rpc_proxy, c)) return c;
+	}
+
+	/* HTTP Proxy */
+	proxy = port = talloc_strdup(s, dcerpc_binding_get_string_option(
+			io->binding, "HttpProxy"));
+	s->http_proxy = strsep(&port, ":");
+	if (proxy && port) {
+		s->http_proxy_port = atoi(port);
+	} else {
+		s->http_proxy_port = s->use_tls ? 443 : 80;
+	}
+
+	/* Use local proxy */
+	use_proxy = dcerpc_binding_get_string_option(io->binding,
+	                                         "HttpConnectOption");
+	if (use_proxy && strcasecmp(use_proxy, "UseHttpProxy")) {
+		s->use_proxy = true;
+	}
+
+	/* If use local proxy set, the http proxy should be provided */
+	if (s->use_proxy && !s->http_proxy) {
+		composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
+		return c;
+	}
+
+	/* Check which HTTP authentication method to use */
+	opt = dcerpc_binding_get_string_option(io->binding, "HttpAuthOption");
+	if (opt) {
+		if (strcasecmp(opt, "basic") == 0) {
+			s->http_auth = HTTP_AUTH_BASIC;
+		} else if (strcasecmp(opt, "ntlm") == 0) {
+			s->http_auth = HTTP_AUTH_NTLM;
+		} else if (strcasecmp(opt, "negotiate") == 0) {
+			s->http_auth = HTTP_AUTH_NEGOTIATE;
+		} else {
+			composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
+			return c;
+		}
+	} else {
+		s->http_auth = HTTP_AUTH_NTLM;
+	}
+
+	subreq = dcerpc_pipe_open_roh_send(s->io.conn, s->localaddr,
+	                                   s->rpc_server, s->rpc_server_port,
+	                                   s->rpc_proxy, s->rpc_proxy_port,
+	                                   s->http_proxy, s->http_proxy_port,
+	                                   s->use_tls, s->use_proxy,
+	                                   s->io.creds, io->resolve_ctx,
+	                                   s->lp_ctx, s->http_auth);
+	if (composite_nomem(subreq, c)) return c;
+
+	tevent_req_set_callback(subreq, continue_pipe_open_ncacn_http, c);
+	return c;
+}
+
+static NTSTATUS dcerpc_pipe_connect_ncacn_http_recv(struct composite_context *c)
+{
+	return composite_wait_free(c);
+}
+
+
+struct pipe_unix_state {
+	struct dcerpc_pipe_connect io;
+	const char *path;
+};
+
+
+/*
+  Stage 2 of ncacn_unix: rpc pipe opened (or not)
+*/
+static void continue_pipe_open_ncacn_unix_stream(struct composite_context *ctx)
+{
+	struct composite_context *c = talloc_get_type(ctx->async.private_data,
+						      struct composite_context);
+
+	/* receive result of pipe open request on unix socket */
+	c->status = dcerpc_pipe_open_unix_stream_recv(ctx);
+	if (!composite_is_ok(c)) return;
+
+	composite_done(c);
+}
+
+
+/*
+  Initiate async open of a rpc connection to a rpc pipe on unix socket using
+  the binding structure to determine the endpoint and options
+*/
+static struct composite_context* dcerpc_pipe_connect_ncacn_unix_stream_send(TALLOC_CTX *mem_ctx,
+									    struct dcerpc_pipe_connect *io)
+{
+	struct composite_context *c;
+	struct pipe_unix_state *s;
+	struct composite_context *pipe_req;
+
+	/* composite context allocation and setup */
+	c = composite_create(mem_ctx, io->conn->event_ctx);
+	if (c == NULL) return NULL;
+
+	s = talloc_zero(c, struct pipe_unix_state);
+	if (composite_nomem(s, c)) return c;
+	c->private_data = s;
+
+	/* prepare pipe open parameters and store them in state structure
+	   also, verify whether biding endpoint is not null */
+	s->io = *io;
+
+	s->path = dcerpc_binding_get_string_option(io->binding, "endpoint");
+	if (s->path == NULL) {
+		composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
+		return c;
+	}
+
+	/* send pipe open request on unix socket */
+	pipe_req = dcerpc_pipe_open_unix_stream_send(s->io.conn, s->path);
+	composite_continue(c, pipe_req, continue_pipe_open_ncacn_unix_stream, c);
+	return c;
+}
+
+
+/*
+  Receive result of a rpc connection to a pipe on unix socket
+*/
+static NTSTATUS dcerpc_pipe_connect_ncacn_unix_stream_recv(struct composite_context *c)
+{
+	NTSTATUS status = composite_wait(c);
+
+	talloc_free(c);
+	return status;
+}
+
+
+struct pipe_ncalrpc_state {
+	struct dcerpc_pipe_connect io;
+};
+
+static NTSTATUS dcerpc_pipe_connect_ncalrpc_recv(struct composite_context *c);
+
+/*
+  Stage 2 of ncalrpc: rpc pipe opened (or not)
+*/
+static void continue_pipe_open_ncalrpc(struct composite_context *ctx)
+{
+	struct composite_context *c = talloc_get_type(ctx->async.private_data,
+						      struct composite_context);
+
+	/* receive result of pipe open request on ncalrpc */
+	c->status = dcerpc_pipe_connect_ncalrpc_recv(ctx);
+	if (!composite_is_ok(c)) return;
+
+	composite_done(c);
+}
+
+
+/* 
+   Initiate async open of a rpc connection request on NCALRPC using
+   the binding structure to determine the endpoint and options
+*/
+static struct composite_context* dcerpc_pipe_connect_ncalrpc_send(TALLOC_CTX *mem_ctx,
+								  struct dcerpc_pipe_connect *io)
+{
+	struct composite_context *c;
+	struct pipe_ncalrpc_state *s;
+	struct composite_context *pipe_req;
+	const char *endpoint;
+
+	/* composite context allocation and setup */
+	c = composite_create(mem_ctx, io->conn->event_ctx);
+	if (c == NULL) return NULL;
+
+	s = talloc_zero(c, struct pipe_ncalrpc_state);
+	if (composite_nomem(s, c)) return c;
+	c->private_data = s;
+	
+	/* store input parameters in state structure */
+	s->io  = *io;
+
+	endpoint = dcerpc_binding_get_string_option(io->binding, "endpoint");
+	if (endpoint == NULL) {
+		composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
+		return c;
+	}
+
+	/* send pipe open request */
+	pipe_req = dcerpc_pipe_open_pipe_send(s->io.conn,
+					      s->io.ncalrpc.dir,
+					      endpoint);
+	composite_continue(c, pipe_req, continue_pipe_open_ncalrpc, c);
+	return c;
+}
+
+
+/*
+  Receive result of a rpc connection to a rpc pipe on NCALRPC
+*/
+static NTSTATUS dcerpc_pipe_connect_ncalrpc_recv(struct composite_context *c)
+{
+	NTSTATUS status = composite_wait(c);
+	
+	talloc_free(c);
+	return status;
+}
+
+
+struct pipe_connect_state {
+	struct dcerpc_pipe *pipe;
+	struct dcerpc_binding *binding;
+	const struct ndr_interface_table *table;
+	struct cli_credentials *credentials;
+	struct loadparm_context *lp_ctx;
+};
+
+
+static void continue_map_binding(struct composite_context *ctx);
+static void continue_connect(struct composite_context *c, struct pipe_connect_state *s);
+static void continue_pipe_connect_ncacn_np_smb(struct composite_context *ctx);
+static void continue_pipe_connect_ncacn_ip_tcp(struct composite_context *ctx);
+static void continue_pipe_connect_ncacn_http(struct composite_context *ctx);
+static void continue_pipe_connect_ncacn_unix(struct composite_context *ctx);
+static void continue_pipe_connect_ncalrpc(struct composite_context *ctx);
+static void continue_pipe_connect(struct composite_context *c, struct pipe_connect_state *s);
+static void continue_pipe_auth(struct composite_context *ctx);
+
+
+/*
+  Stage 2 of pipe_connect_b: Receive result of endpoint mapping
+*/
+static void continue_map_binding(struct composite_context *ctx)
+{
+	struct composite_context *c = talloc_get_type(ctx->async.private_data,
+						      struct composite_context);
+	struct pipe_connect_state *s = talloc_get_type(c->private_data,
+						       struct pipe_connect_state);
+	const char *endpoint;
+
+	c->status = dcerpc_epm_map_binding_recv(ctx);
+	if (!composite_is_ok(c)) return;
+
+	endpoint = dcerpc_binding_get_string_option(s->binding, "endpoint");
+	DEBUG(4,("Mapped to DCERPC endpoint %s\n", endpoint));
+
+	continue_connect(c, s);
+}
+
+
+/*
+  Stage 2 of pipe_connect_b: Continue connection after endpoint is known
+*/
+static void continue_connect(struct composite_context *c, struct pipe_connect_state *s)
+{
+	struct dcerpc_pipe_connect pc;
+
+	/* potential exits to another stage by sending an async request */
+	struct composite_context *ncacn_np_smb_req;
+	struct composite_context *ncacn_ip_tcp_req;
+	struct composite_context *ncacn_http_req;
+	struct composite_context *ncacn_unix_req;
+	struct composite_context *ncalrpc_req;
+	enum dcerpc_transport_t transport;
+
+	/* dcerpc pipe connect input parameters */
+	ZERO_STRUCT(pc);
+	pc.conn         = s->pipe->conn;
+	pc.binding      = s->binding;
+	pc.interface    = s->table;
+	pc.creds        = s->credentials;
+	pc.resolve_ctx  = lpcfg_resolve_context(s->lp_ctx);
+
+	transport = dcerpc_binding_get_transport(s->binding);
+
+	/* connect dcerpc pipe depending on required transport */
+	switch (transport) {
+	case NCACN_NP:
+		/*
+		 * SMB1/2/3...
+		 */
+		ncacn_np_smb_req = dcerpc_pipe_connect_ncacn_np_smb_send(c, &pc, s->lp_ctx);
+		composite_continue(c, ncacn_np_smb_req, continue_pipe_connect_ncacn_np_smb, c);
+		return;
+
+	case NCACN_IP_TCP:
+		ncacn_ip_tcp_req = dcerpc_pipe_connect_ncacn_ip_tcp_send(c, &pc);
+		composite_continue(c, ncacn_ip_tcp_req, continue_pipe_connect_ncacn_ip_tcp, c);
+		return;
+
+	case NCACN_HTTP:
+		ncacn_http_req = dcerpc_pipe_connect_ncacn_http_send(c, &pc, s->lp_ctx);
+		composite_continue(c, ncacn_http_req, continue_pipe_connect_ncacn_http, c);
+		return;
+
+	case NCACN_UNIX_STREAM:
+		ncacn_unix_req = dcerpc_pipe_connect_ncacn_unix_stream_send(c, &pc);
+		composite_continue(c, ncacn_unix_req, continue_pipe_connect_ncacn_unix, c);
+		return;
+
+	case NCALRPC:
+		pc.ncalrpc.dir = lpcfg_ncalrpc_dir(s->lp_ctx);
+		c->status = dcerpc_binding_set_string_option(s->binding, "ncalrpc_dir",
+							     pc.ncalrpc.dir);
+		if (!composite_is_ok(c)) return;
+		ncalrpc_req = dcerpc_pipe_connect_ncalrpc_send(c, &pc);
+		composite_continue(c, ncalrpc_req, continue_pipe_connect_ncalrpc, c);
+		return;
+
+	default:
+		/* looks like a transport we don't support now */
+		composite_error(c, NT_STATUS_NOT_SUPPORTED);
+	}
+}
+
+
+/*
+  Stage 3 of pipe_connect_b: Receive result of pipe connect request on
+  named pipe on smb
+*/
+static void continue_pipe_connect_ncacn_np_smb(struct composite_context *ctx)
+{
+	struct composite_context *c = talloc_get_type(ctx->async.private_data,
+						      struct composite_context);
+	struct pipe_connect_state *s = talloc_get_type(c->private_data,
+						       struct pipe_connect_state);
+
+	c->status = dcerpc_pipe_connect_ncacn_np_smb_recv(ctx);
+	if (!composite_is_ok(c)) return;
+	
+	continue_pipe_connect(c, s);
+}
+
+
+/*
+  Stage 3 of pipe_connect_b: Receive result of pipe connect request on tcp/ip
+*/
+static void continue_pipe_connect_ncacn_ip_tcp(struct composite_context *ctx)
+{
+	struct composite_context *c = talloc_get_type(ctx->async.private_data,
+						      struct composite_context);
+	struct pipe_connect_state *s = talloc_get_type(c->private_data,
+						       struct pipe_connect_state);
+
+	c->status = dcerpc_pipe_connect_ncacn_ip_tcp_recv(ctx);
+	if (!composite_is_ok(c)) return;
+
+	continue_pipe_connect(c, s);
+}
+
+
+/*
+  Stage 3 of pipe_connect_b: Receive result of pipe connect request on http
+*/
+static void continue_pipe_connect_ncacn_http(struct composite_context *ctx)
+{
+	struct composite_context *c = talloc_get_type(ctx->async.private_data,
+						      struct composite_context);
+	struct pipe_connect_state *s = talloc_get_type(c->private_data,
+						       struct pipe_connect_state);
+
+	c->status = dcerpc_pipe_connect_ncacn_http_recv(ctx);
+	if (!composite_is_ok(c)) return;
+
+	continue_pipe_connect(c, s);
+}
+
+
+/*
+  Stage 3 of pipe_connect_b: Receive result of pipe connect request on unix socket
+*/
+static void continue_pipe_connect_ncacn_unix(struct composite_context *ctx)
+{
+	struct composite_context *c = talloc_get_type(ctx->async.private_data,
+						      struct composite_context);
+	struct pipe_connect_state *s = talloc_get_type(c->private_data,
+						       struct pipe_connect_state);
+	
+	c->status = dcerpc_pipe_connect_ncacn_unix_stream_recv(ctx);
+	if (!composite_is_ok(c)) return;
+	
+	continue_pipe_connect(c, s);
+}
+
+
+/*
+  Stage 3 of pipe_connect_b: Receive result of pipe connect request on local rpc
+*/
+static void continue_pipe_connect_ncalrpc(struct composite_context *ctx)
+{
+	struct composite_context *c = talloc_get_type(ctx->async.private_data,
+						      struct composite_context);
+	struct pipe_connect_state *s = talloc_get_type(c->private_data,
+						       struct pipe_connect_state);
+	
+	c->status = dcerpc_pipe_connect_ncalrpc_recv(ctx);
+	if (!composite_is_ok(c)) return;
+
+	continue_pipe_connect(c, s);
+}
+
+
+/*
+  Stage 4 of pipe_connect_b: Start an authentication on connected dcerpc pipe
+  depending on credentials and binding flags passed.
+*/
+static void continue_pipe_connect(struct composite_context *c, struct pipe_connect_state *s)
+{
+	struct composite_context *auth_bind_req;
+
+	s->pipe->binding = dcerpc_binding_dup(s->pipe, s->binding);
+	if (composite_nomem(s->pipe->binding, c)) {
+		return;
+	}
+
+	auth_bind_req = dcerpc_pipe_auth_send(s->pipe, s->binding, s->table,
+					      s->credentials, s->lp_ctx);
+	composite_continue(c, auth_bind_req, continue_pipe_auth, c);
+}
+
+
+/*
+  Stage 5 of pipe_connect_b: Receive result of pipe authentication request
+  and say if all went ok
+*/
+static void continue_pipe_auth(struct composite_context *ctx)
+{
+	struct composite_context *c = talloc_get_type(ctx->async.private_data,
+						      struct composite_context);
+	struct pipe_connect_state *s = talloc_get_type(c->private_data, struct pipe_connect_state);
+
+	c->status = dcerpc_pipe_auth_recv(ctx, s, &s->pipe);
+	if (!composite_is_ok(c)) return;
+
+	composite_done(c);
+}
+
+
+/*
+  handle timeouts of a dcerpc connect
+*/
+static void dcerpc_connect_timeout_handler(struct tevent_context *ev, struct tevent_timer *te, 
+					   struct timeval t, void *private_data)
+{
+	struct composite_context *c = talloc_get_type_abort(private_data,
+						      struct composite_context);
+	struct pipe_connect_state *s = talloc_get_type_abort(c->private_data, struct pipe_connect_state);
+	if (!s->pipe->inhibit_timeout_processing) {
+		composite_error(c, NT_STATUS_IO_TIMEOUT);
+	} else {
+		s->pipe->timed_out = true;
+	}
+}
+
+/*
+  start a request to open a rpc connection to a rpc pipe, using
+  specified binding structure to determine the endpoint and options
+*/
+_PUBLIC_ struct composite_context* dcerpc_pipe_connect_b_send(TALLOC_CTX *parent_ctx,
+						     const struct dcerpc_binding *binding,
+						     const struct ndr_interface_table *table,
+						     struct cli_credentials *credentials,
+						     struct tevent_context *ev,
+						     struct loadparm_context *lp_ctx)
+{
+	struct composite_context *c;
+	struct pipe_connect_state *s;
+	enum dcerpc_transport_t transport;
+	const char *endpoint = NULL;
+	struct cli_credentials *epm_creds = NULL;
+
+	/* composite context allocation and setup */
+	c = composite_create(parent_ctx, ev);
+	if (c == NULL) {
+		return NULL;
+	}
+
+	s = talloc_zero(c, struct pipe_connect_state);
+	if (composite_nomem(s, c)) return c;
+	c->private_data = s;
+
+	/* initialise dcerpc pipe structure */
+	s->pipe = dcerpc_pipe_init(c, ev);
+	if (composite_nomem(s->pipe, c)) return c;
+
+	if (DEBUGLEVEL >= 10) {
+		s->pipe->conn->packet_log_dir = lpcfg_lock_directory(lp_ctx);
+	}
+
+	/* store parameters in state structure */
+	s->binding      = dcerpc_binding_dup(s, binding);
+	if (composite_nomem(s->binding, c)) return c;
+	s->table        = table;
+	s->credentials  = credentials;
+	s->lp_ctx 	= lp_ctx;
+
+	s->pipe->timed_out = false;
+	s->pipe->inhibit_timeout_processing = false;
+
+	tevent_add_timer(c->event_ctx, c,
+			 timeval_current_ofs(DCERPC_REQUEST_TIMEOUT, 0),
+			 dcerpc_connect_timeout_handler, c);
+
+	transport = dcerpc_binding_get_transport(s->binding);
+
+	switch (transport) {
+	case NCACN_NP:
+	case NCACN_IP_TCP:
+	case NCALRPC:
+		endpoint = dcerpc_binding_get_string_option(s->binding, "endpoint");
+
+		/* anonymous credentials for rpc connection used to get endpoint mapping */
+		epm_creds = cli_credentials_init_anon(s);
+		if (composite_nomem(epm_creds, c)) return c;
+
+		break;
+	case NCACN_HTTP:
+		endpoint = dcerpc_binding_get_string_option(s->binding, "endpoint");
+		epm_creds = credentials;
+		break;
+	default:
+		DBG_INFO("Unknown transport; continuing with anon, no endpoint.\n");
+		epm_creds = cli_credentials_init_anon(s);
+		if (composite_nomem(epm_creds, c)){
+			return c;
+		}
+		break;
+	}
+
+	if (endpoint == NULL) {
+		struct composite_context *binding_req;
+
+		binding_req = dcerpc_epm_map_binding_send(c, s->binding, s->table,
+							  epm_creds,
+							  s->pipe->conn->event_ctx,
+							  s->lp_ctx);
+		composite_continue(c, binding_req, continue_map_binding, c);
+		return c;
+	}
+
+	continue_connect(c, s);
+	return c;
+}
+
+
+/*
+  receive result of a request to open a rpc connection to a rpc pipe
+*/
+_PUBLIC_ NTSTATUS dcerpc_pipe_connect_b_recv(struct composite_context *c, TALLOC_CTX *mem_ctx,
+				    struct dcerpc_pipe **p)
+{
+	NTSTATUS status;
+	struct pipe_connect_state *s;
+	
+	status = composite_wait(c);
+	
+	if (NT_STATUS_IS_OK(status)) {
+		s = talloc_get_type(c->private_data, struct pipe_connect_state);
+		talloc_steal(mem_ctx, s->pipe);
+		*p = s->pipe;
+	}
+	talloc_free(c);
+	return status;
+}
+
+
+/*
+  open a rpc connection to a rpc pipe, using the specified 
+  binding structure to determine the endpoint and options - sync version
+*/
+_PUBLIC_ NTSTATUS dcerpc_pipe_connect_b(TALLOC_CTX *parent_ctx,
+			       struct dcerpc_pipe **pp,
+			       const struct dcerpc_binding *binding,
+			       const struct ndr_interface_table *table,
+			       struct cli_credentials *credentials,
+			       struct tevent_context *ev,
+			       struct loadparm_context *lp_ctx)
+{
+	struct composite_context *c;
+	
+	c = dcerpc_pipe_connect_b_send(parent_ctx, binding, table,
+				       credentials, ev, lp_ctx);
+	return dcerpc_pipe_connect_b_recv(c, parent_ctx, pp);
+}
+
+
+struct pipe_conn_state {
+	struct dcerpc_pipe *pipe;
+};
+
+
+static void continue_pipe_connect_b(struct composite_context *ctx);
+
+
+/*
+  Initiate rpc connection to a rpc pipe, using the specified string
+  binding to determine the endpoint and options.
+  The string is to be parsed to a binding structure first.
+*/
+_PUBLIC_ struct composite_context* dcerpc_pipe_connect_send(TALLOC_CTX *parent_ctx,
+						   const char *binding,
+						   const struct ndr_interface_table *table,
+						   struct cli_credentials *credentials,
+						   struct tevent_context *ev, struct loadparm_context *lp_ctx)
+{
+	struct composite_context *c;
+	struct pipe_conn_state *s;
+	struct dcerpc_binding *b;
+	struct composite_context *pipe_conn_req;
+
+	/* composite context allocation and setup */
+	c = composite_create(parent_ctx, ev);
+	if (c == NULL) {
+		return NULL;
+	}
+
+	s = talloc_zero(c, struct pipe_conn_state);
+	if (composite_nomem(s, c)) return c;
+	c->private_data = s;
+
+	/* parse binding string to the structure */
+	c->status = dcerpc_parse_binding(c, binding, &b);
+	if (!NT_STATUS_IS_OK(c->status)) {
+		DEBUG(0, ("Failed to parse dcerpc binding '%s'\n", binding));
+		composite_error(c, c->status);
+		return c;
+	}
+
+	DEBUG(3, ("Using binding %s\n", dcerpc_binding_string(c, b)));
+
+	/* 
+	   start connecting to a rpc pipe after binding structure
+	   is established
+	 */
+	pipe_conn_req = dcerpc_pipe_connect_b_send(c, b, table,
+						   credentials, ev, lp_ctx);
+	composite_continue(c, pipe_conn_req, continue_pipe_connect_b, c);
+	return c;
+}
+
+
+/*
+  Stage 2 of pipe_connect: Receive result of actual pipe connect request
+  and say if we're done ok
+*/
+static void continue_pipe_connect_b(struct composite_context *ctx)
+{
+	struct composite_context *c = talloc_get_type(ctx->async.private_data,
+						      struct composite_context);
+	struct pipe_conn_state *s = talloc_get_type(c->private_data,
+						    struct pipe_conn_state);
+
+	c->status = dcerpc_pipe_connect_b_recv(ctx, c, &s->pipe);
+	talloc_steal(s, s->pipe);
+	if (!composite_is_ok(c)) return;
+
+	composite_done(c);
+}
+
+
+/*
+  Receive result of pipe connect (using binding string) request
+  and return connected pipe structure.
+*/
+NTSTATUS dcerpc_pipe_connect_recv(struct composite_context *c,
+				  TALLOC_CTX *mem_ctx,
+				  struct dcerpc_pipe **pp)
+{
+	NTSTATUS status;
+	struct pipe_conn_state *s;
+
+	status = composite_wait(c);
+	if (NT_STATUS_IS_OK(status)) {
+		s = talloc_get_type(c->private_data, struct pipe_conn_state);
+		*pp = talloc_steal(mem_ctx, s->pipe);
+	}
+	talloc_free(c);
+	return status;
+}
+
+
+/*
+  Open a rpc connection to a rpc pipe, using the specified string
+  binding to determine the endpoint and options - sync version
+*/
+_PUBLIC_ NTSTATUS dcerpc_pipe_connect(TALLOC_CTX *parent_ctx, 
+			     struct dcerpc_pipe **pp, 
+			     const char *binding,
+			     const struct ndr_interface_table *table,
+			     struct cli_credentials *credentials,
+			     struct tevent_context *ev,
+			     struct loadparm_context *lp_ctx)
+{
+	struct composite_context *c;
+	c = dcerpc_pipe_connect_send(parent_ctx, binding, 
+				     table, credentials, ev, lp_ctx);
+	return dcerpc_pipe_connect_recv(c, parent_ctx, pp);
+}
+
diff --git a/source4/librpc/rpc/dcerpc_roh.c b/source4/librpc/rpc/dcerpc_roh.c
new file mode 100644
index 0000000..3aa7551
--- /dev/null
+++ b/source4/librpc/rpc/dcerpc_roh.c
@@ -0,0 +1,914 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   [MS-RPCH] - RPC over HTTP client
+
+   Copyright (C) 2013 Samuel Cabrero <samuelcabrero@kernevil.me>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include "lib/util/tevent_ntstatus.h"
+#include "lib/tls/tls.h"
+#include "libcli/resolve/resolve.h"
+#include "libcli/composite/composite.h"
+#include "auth/credentials/credentials.h"
+#include "tsocket/tsocket.h"
+#include "tsocket/tsocket_internal.h"
+#include "librpc/rpc/dcerpc.h"
+#include "librpc/rpc/dcerpc_roh.h"
+#include "librpc/rpc/dcerpc_proto.h"
+#include "lib/param/param.h"
+#include "libcli/http/http.h"
+#include "lib/util/util_net.h"
+
+static ssize_t tstream_roh_pending_bytes(struct tstream_context *stream);
+static struct tevent_req * tstream_roh_readv_send(
+		TALLOC_CTX *mem_ctx,
+		struct tevent_context *ev,
+		struct tstream_context *stream,
+		struct iovec *vector,
+		size_t count);
+static int tstream_roh_readv_recv(struct tevent_req *req, int *perrno);
+static struct tevent_req * tstream_roh_writev_send(
+		TALLOC_CTX *mem_ctx,
+		struct tevent_context *ev,
+		struct tstream_context *stream,
+		const struct iovec *vector,
+		size_t count);
+static int tstream_roh_writev_recv(struct tevent_req *req, int *perrno);
+static struct tevent_req * tstream_roh_disconnect_send(
+		TALLOC_CTX *mem_ctx,
+		struct tevent_context *ev,
+		struct tstream_context *stream);
+static int tstream_roh_disconnect_recv(struct tevent_req *req, int *perrno);
+
+static const struct tstream_context_ops tstream_roh_ops = {
+	.name			= "roh",
+	.pending_bytes		= tstream_roh_pending_bytes,
+	.readv_send		= tstream_roh_readv_send,
+	.readv_recv		= tstream_roh_readv_recv,
+	.writev_send		= tstream_roh_writev_send,
+	.writev_recv		= tstream_roh_writev_recv,
+	.disconnect_send	= tstream_roh_disconnect_send,
+	.disconnect_recv	= tstream_roh_disconnect_recv,
+};
+
+struct tstream_roh_context {
+	struct roh_connection *roh_conn;
+};
+
+struct roh_open_connection_state {
+	struct tevent_req		*req;
+	struct tevent_context		*event_ctx;
+	struct cli_credentials		*credentials;
+	struct resolve_context		*resolve_ctx;
+	const char			**rpcproxy_addresses;
+	unsigned int			rpcproxy_address_index;
+
+	struct dcecli_connection	*conn;
+	bool				tls;
+
+	const char			*rpc_proxy;
+	unsigned int			rpc_proxy_port;
+	const char			*rpc_server;
+	unsigned int			rpc_server_port;
+	const char			*target_hostname;
+
+	struct roh_connection		*roh;
+	struct tstream_tls_params	*tls_params;
+	struct loadparm_context		*lp_ctx;
+	uint8_t				http_auth;
+};
+
+NTSTATUS dcerpc_pipe_open_roh_recv(struct tevent_req *req,
+				   TALLOC_CTX *mem_ctx,
+				   struct tstream_context **stream,
+				   struct tevent_queue **queue)
+{
+	struct roh_open_connection_state *state;
+	struct tstream_roh_context *roh_stream_ctx;
+	NTSTATUS status;
+
+	state = tevent_req_data(req, struct roh_open_connection_state);
+	if (tevent_req_is_nterror(req, &status)) {
+		tevent_req_received(req);
+		return status;
+	}
+
+	*stream = tstream_context_create(mem_ctx, &tstream_roh_ops,
+					 &roh_stream_ctx,
+					 struct tstream_roh_context,
+					 __location__);
+	if (!stream) {
+		tevent_req_received(req);
+		return NT_STATUS_NO_MEMORY;
+	}
+	ZERO_STRUCTP(roh_stream_ctx);
+
+	roh_stream_ctx->roh_conn = talloc_move(mem_ctx, &state->roh);
+	*queue = http_conn_send_queue(
+			roh_stream_ctx->roh_conn->default_channel_in->http_conn);
+
+	tevent_req_received(req);
+
+	return NT_STATUS_OK;
+}
+
+struct roh_connect_channel_state {
+	struct roh_channel *channel;
+};
+
+static void roh_connect_channel_done(struct tevent_req *subreq);
+static struct tevent_req *roh_connect_channel_send(TALLOC_CTX *mem_ctx,
+					struct tevent_context *ev,
+					const char *rpcproxy_ip_address,
+					unsigned int rpcproxy_port,
+					struct cli_credentials *credentials,
+					bool tls,
+					struct tstream_tls_params *tls_params)
+{
+	struct tevent_req *req = NULL;
+	struct tevent_req *subreq = NULL;
+	struct roh_connect_channel_state *state = NULL;
+
+	DBG_DEBUG("Connecting ROH channel socket, RPC proxy is "
+		  "%s:%d (TLS: %s)\n", rpcproxy_ip_address, rpcproxy_port,
+		  (tls ? "true" : "false"));
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct roh_connect_channel_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	if (!is_ipaddress(rpcproxy_ip_address)) {
+		DBG_ERR("Invalid host (%s), needs to be an IP address\n",
+			rpcproxy_ip_address);
+		tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+		return tevent_req_post(req, ev);
+	}
+
+	/* Initialize channel structure */
+	state->channel = talloc_zero(state, struct roh_channel);
+	if (tevent_req_nomem(state->channel, req)) {
+		return tevent_req_post(req, ev);
+	}
+
+	state->channel->channel_cookie = GUID_random();
+
+	subreq = http_connect_send(state,
+				   ev,
+				   rpcproxy_ip_address,
+				   rpcproxy_port,
+				   credentials,
+				   tls ? tls_params : NULL);
+	if (tevent_req_nomem(subreq, req)) {
+		return tevent_req_post(req, ev);
+	}
+	tevent_req_set_callback(subreq, roh_connect_channel_done, req);
+
+	return req;
+}
+
+static void roh_connect_channel_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req = NULL;
+	struct roh_connect_channel_state *state = NULL;
+	NTSTATUS status;
+	int ret;
+
+	req = tevent_req_callback_data(subreq, struct tevent_req);
+	state = tevent_req_data(req, struct roh_connect_channel_state);
+
+	ret = http_connect_recv(subreq,
+				state->channel,
+				&state->channel->http_conn);
+	TALLOC_FREE(subreq);
+	if (ret != 0) {
+		status = map_nt_error_from_unix_common(ret);
+		tevent_req_nterror(req, status);
+		return;
+	}
+
+	DBG_DEBUG("HTTP connected\n");
+	tevent_req_done(req);
+}
+
+static NTSTATUS roh_connect_channel_recv(struct tevent_req *req,
+					 TALLOC_CTX *mem_ctx,
+					 struct roh_channel **channel)
+{
+	struct roh_connect_channel_state *state = tevent_req_data(
+		req, struct roh_connect_channel_state);
+	NTSTATUS status;
+
+	if (tevent_req_is_nterror(req, &status)) {
+		tevent_req_received(req);
+		return status;
+	}
+
+	*channel = talloc_move(mem_ctx, &state->channel);
+	tevent_req_received(req);
+
+	return NT_STATUS_OK;
+}
+
+static void roh_continue_resolve_name(struct composite_context *ctx);
+
+/**
+ * Send rpc pipe open request to given host:port using http transport
+ */
+struct tevent_req *dcerpc_pipe_open_roh_send(struct dcecli_connection *conn,
+					     const char *localaddr,
+					     const char *rpc_server,
+					     uint32_t rpc_server_port,
+					     const char *rpc_proxy,
+					     uint32_t rpc_proxy_port,
+					     const char *http_proxy,
+					     uint32_t http_proxy_port,
+					     bool use_tls,
+					     bool use_proxy,
+					     struct cli_credentials *credentials,
+					     struct resolve_context *resolve_ctx,
+					     struct loadparm_context *lp_ctx,
+					     uint8_t http_auth)
+{
+	NTSTATUS				status;
+	struct tevent_req			*req;
+	struct composite_context		*ctx;
+	struct roh_open_connection_state	*state;
+	struct nbt_name				name;
+
+	req = tevent_req_create(conn, &state, struct roh_open_connection_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	/* Set state fields */
+	state->req = req;
+	state->event_ctx = conn->event_ctx;
+	state->lp_ctx = lp_ctx,
+	state->credentials = credentials;
+	state->conn = conn;
+	state->tls = use_tls;
+
+	/* Initialize connection structure (3.2.1.3) */
+	/* TODO Initialize virtual connection cookie table */
+	state->rpc_server = talloc_strdup(state, rpc_server);
+	state->rpc_server_port = rpc_server_port;
+	state->rpc_proxy = talloc_strdup(state, rpc_proxy);
+	state->rpc_proxy_port = rpc_proxy_port;
+	state->http_auth = http_auth;
+
+	state->roh = talloc_zero(state, struct roh_connection);
+	state->roh->protocol_version = ROH_V2;
+	state->roh->connection_state = ROH_STATE_OPEN_START;
+	state->roh->connection_cookie = GUID_random();
+	state->roh->association_group_id_cookie = GUID_random();
+
+	/* Additional initialization steps (3.2.2.3) */
+	state->roh->proxy_use = use_proxy;
+	state->roh->current_keep_alive_time = 0;
+	state->roh->current_keep_alive_interval = 0;
+
+	/* Initialize TLS */
+	if (use_tls) {
+		char *ca_file = lpcfg_tls_cafile(state, lp_ctx);
+		char *crl_file = lpcfg_tls_crlfile(state, lp_ctx);
+		const char *tls_priority = lpcfg_tls_priority(lp_ctx);
+		enum tls_verify_peer_state verify_peer =
+			lpcfg_tls_verify_peer(lp_ctx);
+
+		status = tstream_tls_params_client(state->roh,
+						   ca_file, crl_file,
+						   tls_priority,
+						   verify_peer,
+						   state->rpc_proxy,
+						   &state->tls_params);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0,("%s: Failed tstream_tls_params_client - %s\n",
+				 __func__, nt_errstr(status)));
+			tevent_req_nterror(req, status);
+			return tevent_req_post(req, conn->event_ctx);
+		}
+	}
+
+	/* Resolve RPC proxy server name */
+	make_nbt_name_server(&name, state->rpc_proxy);
+	ctx = resolve_name_send(resolve_ctx, state, &name, state->event_ctx);
+	if (tevent_req_nomem(ctx, req)) {
+		return tevent_req_post(req, state->event_ctx);
+	}
+	ctx->async.fn = roh_continue_resolve_name;
+	ctx->async.private_data = state;
+
+	return req;
+}
+
+static void roh_connect_channel_in_done(struct tevent_req *subreq);
+static void roh_continue_resolve_name(struct composite_context *ctx)
+{
+	NTSTATUS				status;
+	struct roh_open_connection_state	*state;
+	struct tevent_req			*subreq;
+
+	state = talloc_get_type_abort(ctx->async.private_data,
+				      struct roh_open_connection_state);
+	status = resolve_name_multiple_recv(ctx, state,
+					    &state->rpcproxy_addresses);
+	if (tevent_req_nterror(state->req, status)) {
+		DEBUG(2, ("%s: No server found: %s\n", __func__,
+			  nt_errstr(status)));
+		return;
+	}
+
+	state->rpcproxy_address_index = 0;
+	if (state->rpcproxy_addresses[state->rpcproxy_address_index] == NULL) {
+		DEBUG(2, ("%s: No server found\n", __func__));
+		tevent_req_nterror(state->req, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+		return;
+	}
+
+	/*
+	 * TODO Determine proxy use
+	 * If state->roh->proxy_use == true, the client has requested to
+	 * always use local proxy. Otherwise, run the proxy use discovery
+	 */
+	state->roh->connection_state = ROH_STATE_OPEN_START;
+	subreq = roh_connect_channel_send(state,
+					  state->event_ctx,
+					  state->rpcproxy_addresses[state->rpcproxy_address_index],
+					  state->rpc_proxy_port,
+					  state->credentials,
+					  state->tls,
+					  state->tls_params);
+	if (tevent_req_nomem(subreq, state->req)) {
+		return;
+	}
+	tevent_req_set_callback(subreq, roh_connect_channel_in_done, state->req);
+}
+
+static void roh_connect_channel_out_done(struct tevent_req *);
+static void roh_connect_channel_in_done(struct tevent_req *subreq)
+{
+	NTSTATUS				status;
+	struct tevent_req			*req;
+	struct roh_open_connection_state	*state;
+
+	req = tevent_req_callback_data(subreq, struct tevent_req);
+	state = tevent_req_data(req, struct roh_open_connection_state);
+
+	status = roh_connect_channel_recv(subreq, state->roh,
+					  &state->roh->default_channel_in);
+	TALLOC_FREE(subreq);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	subreq = roh_connect_channel_send(state,
+					  state->event_ctx,
+					  state->rpcproxy_addresses[state->rpcproxy_address_index],
+					  state->rpc_proxy_port,
+					  state->credentials,
+					  state->tls,
+					  state->tls_params);
+	if (tevent_req_nomem(subreq, req)) {
+		return;
+	}
+	tevent_req_set_callback(subreq, roh_connect_channel_out_done, req);
+}
+
+static void roh_send_RPC_DATA_IN_done(struct tevent_req *);
+static void roh_connect_channel_out_done(struct tevent_req *subreq)
+{
+	NTSTATUS				status;
+	struct tevent_req			*req;
+	struct roh_open_connection_state	*state;
+
+	req = tevent_req_callback_data(subreq, struct tevent_req);
+	state = tevent_req_data(req, struct roh_open_connection_state);
+
+	status = roh_connect_channel_recv(subreq, state->roh,
+					  &state->roh->default_channel_out);
+	TALLOC_FREE(subreq);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	subreq = roh_send_RPC_DATA_IN_send(state, state->lp_ctx,
+					   state->event_ctx,
+					   state->credentials,
+					   state->roh,
+					   state->rpc_server,
+					   state->rpc_server_port,
+					   state->rpc_proxy,
+					   state->http_auth);
+	if (tevent_req_nomem(subreq, req)) {
+		return;
+	}
+	tevent_req_set_callback(subreq, roh_send_RPC_DATA_IN_done, req);
+}
+
+static void roh_send_RPC_DATA_OUT_done(struct tevent_req *);
+static void roh_send_RPC_DATA_IN_done(struct tevent_req *subreq)
+{
+	NTSTATUS				status;
+	struct tevent_req			*req;
+	struct roh_open_connection_state	*state;
+
+	req = tevent_req_callback_data(subreq, struct tevent_req);
+	state = tevent_req_data(req, struct roh_open_connection_state);
+
+	status = roh_send_RPC_DATA_IN_recv(subreq);
+	TALLOC_FREE(subreq);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	subreq = roh_send_RPC_DATA_OUT_send(state,
+					    state->lp_ctx,
+					    state->event_ctx,
+					    state->credentials,
+					    state->roh,
+					    state->rpc_server,
+					    state->rpc_server_port,
+					    state->rpc_proxy,
+					    state->http_auth);
+	if (tevent_req_nomem(subreq, req)) {
+		return;
+	}
+	tevent_req_set_callback(subreq, roh_send_RPC_DATA_OUT_done, req);
+}
+
+static void roh_send_CONN_A1_done(struct tevent_req *);
+static void roh_send_RPC_DATA_OUT_done(struct tevent_req *subreq)
+{
+	NTSTATUS				status;
+	struct tevent_req			*req;
+	struct roh_open_connection_state	*state;
+
+	req = tevent_req_callback_data(subreq, struct tevent_req);
+	state = tevent_req_data(req, struct roh_open_connection_state);
+
+	status = roh_send_RPC_DATA_OUT_recv(subreq);
+	TALLOC_FREE(subreq);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	subreq = roh_send_CONN_A1_send(state, state->event_ctx, state->roh);
+	if (tevent_req_nomem(subreq, req)) {
+		return;
+	}
+	tevent_req_set_callback(subreq, roh_send_CONN_A1_done, req);
+}
+
+static void roh_send_CONN_B1_done(struct tevent_req *);
+static void roh_send_CONN_A1_done(struct tevent_req *subreq)
+{
+	NTSTATUS				status;
+	struct tevent_req			*req;
+	struct roh_open_connection_state	*state;
+
+	req = tevent_req_callback_data(subreq, struct tevent_req);
+	state = tevent_req_data(req, struct roh_open_connection_state);
+
+	status = roh_send_CONN_A1_recv(subreq);
+	TALLOC_FREE(subreq);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	subreq = roh_send_CONN_B1_send(state, state->event_ctx, state->roh);
+	if (tevent_req_nomem(subreq, req)) {
+		return;
+	}
+	tevent_req_set_callback(subreq, roh_send_CONN_B1_done, req);
+}
+
+static void roh_recv_out_channel_response_done(struct tevent_req *);
+static void roh_send_CONN_B1_done(struct tevent_req *subreq)
+{
+	NTSTATUS				status;
+	struct tevent_req			*req;
+	struct roh_open_connection_state	*state;
+
+	req = tevent_req_callback_data(subreq, struct tevent_req);
+	state = tevent_req_data(req, struct roh_open_connection_state);
+
+	status = roh_send_CONN_B1_recv(subreq);
+	TALLOC_FREE(subreq);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	state->roh->connection_state = ROH_STATE_OUT_CHANNEL_WAIT;
+	subreq = roh_recv_out_channel_response_send(state, state->event_ctx,
+						    state->roh);
+	if (tevent_req_nomem(subreq, req)) {
+		return;
+	}
+	tevent_req_set_callback(subreq, roh_recv_out_channel_response_done, req);
+}
+
+static void roh_recv_CONN_A3_done(struct tevent_req *);
+static void roh_recv_out_channel_response_done(struct tevent_req *subreq)
+{
+	NTSTATUS				status;
+	char					*response;
+	struct tevent_req			*req;
+	struct roh_open_connection_state	*state;
+
+	req = tevent_req_callback_data(subreq, struct tevent_req);
+	state = tevent_req_data(req, struct roh_open_connection_state);
+
+	status = roh_recv_out_channel_response_recv(subreq, state, &response);
+	TALLOC_FREE(subreq);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	state->roh->connection_state = ROH_STATE_WAIT_A3W;
+	subreq = roh_recv_CONN_A3_send(state, state->event_ctx, state->roh);
+	if (tevent_req_nomem(subreq, req)) {
+		return;
+	}
+	tevent_req_set_callback(subreq, roh_recv_CONN_A3_done, req);
+}
+
+static void roh_recv_CONN_C2_done(struct tevent_req *);
+static void roh_recv_CONN_A3_done(struct tevent_req *subreq)
+{
+	NTSTATUS				status;
+	struct tevent_req			*req;
+	struct roh_open_connection_state	*state;
+
+	req = tevent_req_callback_data(subreq, struct tevent_req);
+	state = tevent_req_data(req, struct roh_open_connection_state);
+
+	status = roh_recv_CONN_A3_recv(subreq, &state->roh->default_channel_out->connection_timeout);
+	TALLOC_FREE(subreq);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	state->roh->connection_state = ROH_STATE_WAIT_C2;
+	subreq = roh_recv_CONN_C2_send(state, state->event_ctx, state->roh);
+	if (tevent_req_nomem(subreq, req)) {
+		return;
+	}
+	tevent_req_set_callback(subreq, roh_recv_CONN_C2_done, req);
+}
+
+static void roh_recv_CONN_C2_done(struct tevent_req *subreq)
+{
+	NTSTATUS				status;
+	struct tevent_req			*req;
+	struct roh_open_connection_state	*state;
+	unsigned int				version;
+	unsigned int				recv;
+	unsigned int				timeout;
+
+	req = tevent_req_callback_data(subreq, struct tevent_req);
+	state = tevent_req_data(req, struct roh_open_connection_state);
+
+	status = roh_recv_CONN_C2_recv(subreq, &version, &recv, &timeout);
+	TALLOC_FREE(subreq);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+	state->roh->connection_state = ROH_STATE_OPENED;
+
+	tevent_req_done(req);
+}
+
+static ssize_t tstream_roh_pending_bytes(struct tstream_context *stream)
+{
+	struct tstream_roh_context *ctx = NULL;
+	struct tstream_context *tstream = NULL;
+
+	ctx = tstream_context_data(stream, struct tstream_roh_context);
+	if (!ctx->roh_conn) {
+		errno = ENOTCONN;
+		return -1;
+	}
+
+	tstream = http_conn_tstream(
+		ctx->roh_conn->default_channel_out->http_conn);
+	if (tstream == NULL) {
+		errno = ENOTCONN;
+		return -1;
+	}
+	return tstream_pending_bytes(tstream);
+}
+
+struct tstream_roh_readv_state {
+	struct roh_connection *roh_conn;
+	int ret;
+};
+
+static void tstream_roh_readv_handler(struct tevent_req *subreq);
+static struct tevent_req * tstream_roh_readv_send(TALLOC_CTX *mem_ctx,
+						  struct tevent_context *ev,
+						  struct tstream_context *stream,
+						  struct iovec *vector,
+						  size_t count)
+{
+	struct tstream_roh_context *ctx = NULL;
+	struct tstream_roh_readv_state *state;
+	struct tevent_req *req, *subreq;
+	struct tstream_context *channel_stream = NULL;
+
+	req = tevent_req_create(mem_ctx, &state, struct tstream_roh_readv_state);
+	if (!req) {
+		return NULL;
+	}
+
+	ctx = tstream_context_data(stream, struct tstream_roh_context);
+	if (!ctx->roh_conn) {
+		tevent_req_error(req, ENOTCONN);
+		goto post;
+	}
+	if (!ctx->roh_conn->default_channel_out) {
+		tevent_req_error(req, ENOTCONN);
+		goto post;
+	}
+	channel_stream = http_conn_tstream(
+		ctx->roh_conn->default_channel_out->http_conn);
+	if (channel_stream == NULL) {
+		tevent_req_error(req, ENOTCONN);
+		goto post;
+	}
+
+	state->roh_conn = ctx->roh_conn;
+
+	subreq = tstream_readv_send(state, ev,
+				    channel_stream,
+				    vector, count);
+	if (tevent_req_nomem(subreq, req)) {
+		goto post;
+	}
+	tevent_req_set_callback(subreq, tstream_roh_readv_handler, req);
+
+	return req;
+post:
+	tevent_req_post(req, ev);
+	return req;
+}
+
+static void tstream_roh_readv_handler(struct tevent_req *subreq)
+{
+	struct tevent_req *req;
+	struct tstream_roh_readv_state *state;
+	int ret;
+	int sys_errno;
+
+	req = tevent_req_callback_data(subreq, struct tevent_req);
+	state = tevent_req_data(req, struct tstream_roh_readv_state);
+	ret = tstream_readv_recv(subreq, &sys_errno);
+	TALLOC_FREE(subreq);
+	if (ret == -1) {
+		tevent_req_error(req, sys_errno);
+		return;
+	}
+
+	state->ret = ret;
+
+	tevent_req_done(req);
+}
+
+static int tstream_roh_readv_recv(struct tevent_req *req, int *perrno)
+{
+	struct tstream_roh_readv_state *state;
+	int ret;
+
+	state = tevent_req_data(req, struct tstream_roh_readv_state);
+	ret = tsocket_simple_int_recv(req, perrno);
+	if (ret == 0) {
+		ret = state->ret;
+	}
+
+	tevent_req_received(req);
+	return ret;
+}
+
+struct tstream_roh_writev_state {
+	struct roh_connection *roh_conn;
+	int nwritten;
+};
+
+static void tstream_roh_writev_handler(struct tevent_req *subreq);
+static struct tevent_req * tstream_roh_writev_send(TALLOC_CTX *mem_ctx,
+						   struct tevent_context *ev,
+						   struct tstream_context *stream,
+						   const struct iovec *vector,
+						   size_t count)
+{
+	struct tstream_roh_context *ctx = NULL;
+	struct tstream_roh_writev_state *state = NULL;
+	struct tevent_req *req = NULL;
+	struct tevent_req *subreq = NULL;
+	struct tstream_context *channel_stream = NULL;
+
+	req = tevent_req_create(mem_ctx, &state,
+			struct tstream_roh_writev_state);
+	if (!req) {
+		return NULL;
+	}
+
+	ctx = tstream_context_data(stream, struct tstream_roh_context);
+	if (!ctx->roh_conn) {
+		tevent_req_error(req, ENOTCONN);
+		goto post;
+	}
+	if (!ctx->roh_conn->default_channel_in) {
+		tevent_req_error(req, ENOTCONN);
+		goto post;
+	}
+	channel_stream = http_conn_tstream(
+		ctx->roh_conn->default_channel_in->http_conn);
+	if (channel_stream == NULL) {
+		tevent_req_error(req, ENOTCONN);
+		goto post;
+	}
+
+	state->roh_conn = ctx->roh_conn;
+
+	subreq = tstream_writev_send(state, ev,
+				     channel_stream,
+				     vector, count);
+	if (tevent_req_nomem(subreq, req)) {
+		goto post;
+	}
+	tevent_req_set_callback(subreq, tstream_roh_writev_handler, req);
+
+	return req;
+post:
+	tevent_req_post(req, ev);
+	return req;
+}
+
+static void tstream_roh_writev_handler(struct tevent_req *subreq)
+{
+	struct tevent_req *req;
+	struct tstream_roh_writev_state *state;
+	int nwritten;
+	int sys_errno;
+
+	req = tevent_req_callback_data(subreq, struct tevent_req);
+	state = tevent_req_data(req, struct tstream_roh_writev_state);
+	nwritten = tstream_writev_recv(subreq, &sys_errno);
+	TALLOC_FREE(subreq);
+	if (nwritten == -1) {
+		tevent_req_error(req, sys_errno);
+		return;
+	}
+	state->nwritten = nwritten;
+	state->roh_conn->default_channel_in->sent_bytes += nwritten;
+
+	tevent_req_done(req);
+}
+
+static int tstream_roh_writev_recv(struct tevent_req *req, int *perrno)
+{
+	struct tstream_roh_writev_state *state;
+	int ret;
+
+	state = tevent_req_data(req, struct tstream_roh_writev_state);
+	ret = tsocket_simple_int_recv(req, perrno);
+	if (ret == 0) {
+		ret = state->nwritten;
+	}
+
+	return ret;
+}
+
+struct tstream_roh_disconnect_state {
+	struct tstream_context *stream;
+	struct tevent_context *ev;
+};
+
+static void tstream_roh_disconnect_channel_in_handler(struct tevent_req *subreq);
+static struct tevent_req * tstream_roh_disconnect_send(TALLOC_CTX *mem_ctx,
+						       struct tevent_context *ev,
+						       struct tstream_context *stream)
+{
+	struct tstream_roh_context *ctx = NULL;
+	struct tevent_req *req, *subreq;
+	struct tstream_roh_disconnect_state *state;
+
+	req = tevent_req_create(mem_ctx, &state, struct tstream_roh_disconnect_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	state->stream = stream;
+	state->ev = ev;
+
+	ctx = tstream_context_data(stream, struct tstream_roh_context);
+	if (!ctx->roh_conn) {
+		tevent_req_error(req, ENOTCONN);
+		goto post;
+	}
+	if (!ctx->roh_conn->default_channel_in) {
+		tevent_req_error(req, ENOTCONN);
+		goto post;
+	}
+
+	subreq = http_disconnect_send(
+			state,
+			ev,
+			ctx->roh_conn->default_channel_in->http_conn);
+	if (tevent_req_nomem(subreq, req)) {
+		goto post;
+	}
+	tevent_req_set_callback(subreq, tstream_roh_disconnect_channel_in_handler, req);
+
+	return req;
+post:
+	tevent_req_post(req, ev);
+	return req;
+}
+
+static void tstream_roh_disconnect_channel_out_handler(struct tevent_req *subreq);
+
+static void tstream_roh_disconnect_channel_in_handler(struct tevent_req *subreq)
+{
+	struct tevent_req *req;
+	struct tstream_roh_disconnect_state *state;
+	struct tstream_context *stream;
+	struct tstream_roh_context *roh_stream;
+	int ret;
+
+	req = tevent_req_callback_data(subreq, struct tevent_req);
+	state = tevent_req_data(req, struct tstream_roh_disconnect_state);
+	stream = state->stream;
+	roh_stream = tstream_context_data(stream, struct tstream_roh_context);
+
+	ret = http_disconnect_recv(subreq);
+	TALLOC_FREE(subreq);
+	if (ret != 0) {
+		tevent_req_error(req, ret);
+		return;
+	}
+	TALLOC_FREE(roh_stream->roh_conn->default_channel_in);
+
+	subreq = http_disconnect_send(
+			state,
+			state->ev,
+			roh_stream->roh_conn->default_channel_out->http_conn);
+	if (tevent_req_nomem(subreq, req)) {
+		return;
+	}
+	tevent_req_set_callback(subreq, tstream_roh_disconnect_channel_out_handler, req);
+
+	return;
+}
+
+static void tstream_roh_disconnect_channel_out_handler(struct tevent_req *subreq)
+{
+	struct tevent_req *req;
+	struct tstream_roh_disconnect_state *state;
+	struct tstream_context *stream;
+	struct tstream_roh_context *roh_stream;
+	int ret;
+
+	req = tevent_req_callback_data(subreq, struct tevent_req);
+	state = tevent_req_data(req, struct tstream_roh_disconnect_state);
+	stream =  state->stream;
+	roh_stream = tstream_context_data(stream, struct tstream_roh_context);
+
+	ret = http_disconnect_recv(subreq);
+	TALLOC_FREE(subreq);
+	if (ret != 0) {
+		tevent_req_error(req, ret);
+		return;
+	}
+	TALLOC_FREE(roh_stream->roh_conn->default_channel_out);
+
+	tevent_req_done(req);
+}
+
+static int tstream_roh_disconnect_recv(struct tevent_req *req, int *perrno)
+{
+	int ret;
+
+	ret = tsocket_simple_int_recv(req, perrno);
+	tevent_req_received(req);
+
+	return ret;
+}
diff --git a/source4/librpc/rpc/dcerpc_roh.h b/source4/librpc/rpc/dcerpc_roh.h
new file mode 100644
index 0000000..f7a9c75
--- /dev/null
+++ b/source4/librpc/rpc/dcerpc_roh.h
@@ -0,0 +1,111 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   [MS-RPCH] - RPC over HTTP
+
+   Copyright (C) 2013 Samuel Cabrero <samuelcabrero@kernevil.me>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef DCERPC_ROH_H_
+#define DCERPC_ROH_H_
+
+#include "librpc/gen_ndr/misc.h"
+
+struct tevent_queue;
+struct tstream_context;
+struct tstream_tls_params;
+
+struct roh_channel {
+	/*
+	 * The ConnectionTimeout command specifies the desired frequency for
+	 * sending keep-alive PDUs (2.2.3.5.3)
+	 */
+	unsigned int connection_timeout;
+
+	unsigned int sent_bytes;
+
+	struct GUID channel_cookie;
+
+	struct http_conn *http_conn;
+};
+
+enum roh_protocol_version {
+	ROH_V1,
+	ROH_V2,
+};
+
+enum roh_connection_state {
+	ROH_STATE_OPEN_START,
+	ROH_STATE_OUT_CHANNEL_WAIT,
+	ROH_STATE_WAIT_A3W,
+	ROH_STATE_WAIT_C2,
+	ROH_STATE_OPENED,
+};
+
+/*
+ * protocol_version:	A client node should be capable of using v1 and v2,
+ * 			try to use v2 in first place. If it fails, fallback
+ *			to v1
+ * connection_state:	Tracks the protocol current state
+ * connection_cookie:	Identifies the virtual connection among a client, one
+ * 			or more inbound proxies, one or more outbound proxies,
+ *			and a server
+ * association_group_id_cookie:	Used by higher layer protocols to link
+ *			multiple virtual connections (2.2.3.1)
+ * default_channel_in:
+ * default_channel_out:
+ * non_default_channel_in:
+ * non_default_channel_out:
+ */
+struct roh_connection {
+	enum roh_protocol_version protocol_version;
+	enum roh_connection_state connection_state;
+
+	struct GUID connection_cookie;
+	struct GUID association_group_id_cookie;
+
+	struct roh_channel *default_channel_in;
+	struct roh_channel *non_default_channel_in;
+
+	struct roh_channel *default_channel_out;
+	struct roh_channel *non_default_channel_out;
+
+	/* Client role specific fields (3.2.2.1) */
+	bool proxy_use;
+	uint32_t current_keep_alive_time;
+	uint32_t current_keep_alive_interval;
+
+	/* TODO Add timers 3.2.2.2 */
+};
+
+/* Command type constants */
+#define ROH_CMD_TYPE_RECV_WINDOWS_SIZE	0x00000000	/* Section 2.2.3.5.1 */
+#define ROH_CMD_TYPE_FLOW_CONTROL_ACK	0x00000001	/* Section 2.2.3.5.2 */
+#define ROH_CMD_TYPE_CONNECTION_TIMEOUT	0x00000002	/* Section 2.2.3.5.3 */
+#define ROH_CMD_TYPE_COOKIE		0x00000003	/* Section 2.2.3.5.4 */
+#define ROH_CMD_TYPE_CHANNEL_LIFETIME	0x00000004	/* Section 2.2.3.5.5 */
+#define ROH_CMD_TYPE_CLIENT_KEEPALIVE	0x00000005	/* Section 2.2.3.5.6 */
+#define ROH_CMD_TYPE_VERSION		0x00000006	/* Section 2.2.3.5.7 */
+#define ROH_CMD_TYPE_EMPTY		0x00000007	/* Section 2.2.3.5.8 */
+#define ROH_CMD_TYPE_PADDING		0x00000008	/* Section 2.2.3.5.9 */
+#define ROH_CMD_TYPE_NEGATIVE_ANCE	0x00000009	/* Section 2.2.3.5.10 */
+#define ROH_CMD_TYPE_ANCE		0x0000000A	/* Section 2.2.3.5.11 */
+#define ROH_CMD_TYPE_CLIENT_ADDRESS	0x0000000B	/* Section 2.2.3.5.12 */
+#define ROH_CMD_TYPE_ASSOCIATION_GRP_ID	0x0000000C	/* Section 2.2.3.5.13 */
+#define ROH_CMD_TYPE_DESTINATION	0x0000000D	/* Section 2.2.3.5.14 */
+#define ROH_CMD_TYPE_PING		0x0000000E	/* Section 2.2.3.5.15 */
+
+#endif /* DCERPC_ROH_H_ */
diff --git a/source4/librpc/rpc/dcerpc_roh_channel_in.c b/source4/librpc/rpc/dcerpc_roh_channel_in.c
new file mode 100644
index 0000000..5010452
--- /dev/null
+++ b/source4/librpc/rpc/dcerpc_roh_channel_in.c
@@ -0,0 +1,303 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   [MS-RPCH] - RPC over HTTP client
+
+   Copyright (C) 2013 Samuel Cabrero <samuelcabrero@kernevil.me>
+   Copyright (C) Julien Kerihuel <j.kerihuel@openchange.org> 2013
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <tevent.h>
+#include <talloc.h>
+#include "lib/tsocket/tsocket.h"
+#include "lib/tls/tls.h"
+#include "lib/util/tevent_ntstatus.h"
+#include "lib/util/util_net.h"
+#include "libcli/resolve/resolve.h"
+#include "libcli/composite/composite.h"
+#include "auth/credentials/credentials.h"
+#include "auth/credentials/credentials_internal.h"
+#include <gen_ndr/dcerpc.h>
+#include <gen_ndr/ndr_dcerpc.h>
+
+#include "librpc/rpc/dcerpc.h"
+#include "librpc/rpc/dcerpc_roh.h"
+#include "librpc/rpc/dcerpc_proto.h"
+#include "libcli/http/http.h"
+
+struct roh_request_state {
+	struct http_request	*request;
+	struct http_request	*response;
+};
+
+static void roh_send_RPC_DATA_IN_done(struct tevent_req *subreq);
+struct tevent_req *roh_send_RPC_DATA_IN_send(TALLOC_CTX *mem_ctx,
+					     struct loadparm_context *lp_ctx,
+					     struct tevent_context *ev,
+					     struct cli_credentials *credentials,
+					     struct roh_connection *roh,
+					     const char *rpc_server,
+					     uint32_t rpc_server_port,
+					     const char *rpc_proxy,
+					     uint8_t http_auth)
+{
+	struct tevent_req		*req;
+	struct tevent_req		*subreq;
+	struct roh_request_state	*state;
+	const char			*path;
+	char				*query;
+	char				*uri;
+
+	DEBUG(8, ("%s: Sending RPC_IN_DATA request\n", __func__));
+
+	req = tevent_req_create(mem_ctx, &state, struct roh_request_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	state->request = talloc_zero(state, struct http_request);
+	if (tevent_req_nomem(state->request, req)) {
+		return tevent_req_post(req, ev);
+	}
+
+	/* Build URI, as specified in section 2.2.2 */
+	query = talloc_asprintf(state, "%s:%d", rpc_server, rpc_server_port);
+	if (tevent_req_nomem(query, req)) {
+		return tevent_req_post(req, ev);
+	}
+
+	/*
+	 * TODO This path changes to "/rpcwithcert/rpcproxy.dll" when using
+	 * certificates
+	 */
+	path = "/rpc/rpcproxy.dll";
+	uri = talloc_asprintf(state, "%s?%s", path, query);
+	if (tevent_req_nomem(uri, req)) {
+		tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
+		return tevent_req_post(req, ev);
+	}
+	TALLOC_FREE(query);
+
+	/*
+	 * Create the HTTP channel IN request as specified in the
+	 * section 2.1.2.1.1
+	 */
+	state->request->type = HTTP_REQ_RPC_IN_DATA;
+	state->request->uri = uri;
+	state->request->body.length = 0;
+	state->request->body.data = NULL;
+	state->request->major = '1';
+	state->request->minor = '0';
+
+	http_add_header(state, &state->request->headers,
+			"Accept", "application/rpc");
+	http_add_header(state, &state->request->headers,
+			"User-Agent", "MSRPC");
+	http_add_header(state, &state->request->headers,
+			"Host", rpc_proxy);
+	http_add_header(state, &state->request->headers,
+			"Connection", "keep-alive");
+	http_add_header(state, &state->request->headers,
+			"Content-Length", "1073741824");
+	http_add_header(state, &state->request->headers,
+			"Cache-Control", "no-cache");
+	http_add_header(state, &state->request->headers,
+			"Pragma", "no-cache");
+
+	subreq = http_send_auth_request_send(state,
+					ev,
+					roh->default_channel_in->http_conn,
+					state->request,
+					credentials,
+					lp_ctx,
+					http_auth);
+	if (tevent_req_nomem(subreq, req)) {
+		return tevent_req_post(req, ev);
+	}
+	tevent_req_set_callback(subreq, roh_send_RPC_DATA_IN_done, req);
+
+	return req;
+}
+
+static void roh_send_RPC_DATA_IN_done(struct tevent_req *subreq)
+{
+	NTSTATUS		status;
+	struct tevent_req	*req;
+
+	req = tevent_req_callback_data(subreq, struct tevent_req);
+
+	/* Receive the sent bytes to check if request has been properly sent */
+	status = http_send_auth_request_recv(subreq);
+	TALLOC_FREE(subreq);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	DEBUG(8, ("%s: RPC_IN_DATA sent\n", __func__));
+
+	tevent_req_done(req);
+}
+
+NTSTATUS roh_send_RPC_DATA_IN_recv(struct tevent_req *req)
+{
+	NTSTATUS status;
+
+	if (tevent_req_is_nterror(req, &status)) {
+		tevent_req_received(req);
+		return status;
+	}
+
+	tevent_req_received(req);
+	return NT_STATUS_OK;
+}
+
+struct roh_send_pdu_state {
+	DATA_BLOB	buffer;
+	struct iovec	iov;
+	int		bytes_written;
+	int		sys_errno;
+};
+
+static void roh_send_CONN_B1_done(struct tevent_req *subreq);
+struct tevent_req *roh_send_CONN_B1_send(TALLOC_CTX *mem_ctx,
+					 struct tevent_context *ev,
+					 struct roh_connection *roh)
+{
+	struct tevent_req		*req;
+	struct tevent_req		*subreq;
+	struct roh_send_pdu_state	*state;
+	struct dcerpc_rts		rts;
+	struct ncacn_packet		pkt;
+	struct ndr_push			*ndr;
+	struct tstream_context		*stream = NULL;
+	struct tevent_queue		*send_queue = NULL;
+
+	DEBUG(8, ("%s: Sending CONN/B1 request\n", __func__));
+
+	req = tevent_req_create(mem_ctx, &state, struct roh_send_pdu_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	rts.Flags = RTS_FLAG_NONE;
+	rts.NumberOfCommands = 6;
+	rts.Commands = talloc_array(state, struct dcerpc_rts_cmd, 6);
+
+	/* CONN/B1: Version RTS command */
+	rts.Commands[0].CommandType = 0x00000006;
+	rts.Commands[0].Command.Version.Version = 0x00000001;
+
+	/* CONN/B1: VirtualConnectionCookie RTS command */
+	rts.Commands[1].CommandType = 0x00000003;
+	rts.Commands[1].Command.Cookie.Cookie.Cookie = roh->connection_cookie;
+
+	/* CONN/B1: InChannelCookie RTS command */
+	rts.Commands[2].CommandType = 0x00000003;
+	rts.Commands[2].Command.Cookie.Cookie.Cookie =
+			roh->default_channel_in->channel_cookie;
+
+	/* CONN/B1: ChannelLifetime */
+	rts.Commands[3].CommandType = 0x00000004;
+	rts.Commands[3].Command.ReceiveWindowSize.ReceiveWindowSize =
+			0x40000000;
+
+	/* CONN/B1: ClientKeepAlive */
+	rts.Commands[4].CommandType = 0x00000005;
+	rts.Commands[4].Command.ClientKeepalive.ClientKeepalive = 0x000493e0;
+
+	/* CONN/B1: AssociationGroupId */
+	rts.Commands[5].CommandType = 0x0000000C;
+	rts.Commands[5].Command.AssociationGroupId.AssociationGroupId.Cookie =
+			roh->association_group_id_cookie;
+
+	pkt.rpc_vers = 5;
+	pkt.rpc_vers_minor = 0;
+	pkt.ptype = DCERPC_PKT_RTS;
+	pkt.pfc_flags = DCERPC_PFC_FLAG_LAST | DCERPC_PFC_FLAG_FIRST;
+	pkt.drep[0] = DCERPC_DREP_LE;
+	pkt.drep[1] = 0;
+	pkt.drep[2] = 0;
+	pkt.drep[3] = 0;
+	pkt.frag_length = 104;
+	pkt.auth_length = 0;
+	pkt.call_id = 0;
+	pkt.u.rts = rts;
+
+	ndr = ndr_push_init_ctx(state);
+	if (ndr == NULL) {
+		return NULL;
+	}
+	ndr->offset = 0;
+	ndr_push_ncacn_packet(ndr, NDR_SCALARS, &pkt);
+
+	state->buffer = ndr_push_blob(ndr);
+	state->iov.iov_base = (char *) state->buffer.data;
+	state->iov.iov_len = state->buffer.length;
+
+	stream = http_conn_tstream(roh->default_channel_in->http_conn);
+	send_queue = http_conn_send_queue(roh->default_channel_in->http_conn);
+
+	subreq = tstream_writev_queue_send(mem_ctx,
+					   ev,
+					   stream,
+					   send_queue,
+					   &state->iov,
+					   1);
+	if (tevent_req_nomem(subreq, req)) {
+		return tevent_req_post(req, ev);
+	}
+	tevent_req_set_callback(subreq, roh_send_CONN_B1_done, req);
+
+	return req;
+}
+
+static void roh_send_CONN_B1_done(struct tevent_req *subreq)
+{
+	NTSTATUS			status;
+	struct tevent_req		*req;
+	struct roh_send_pdu_state	*state;
+	int				sys_errno;
+
+	req = tevent_req_callback_data(subreq, struct tevent_req);
+	state = tevent_req_data(req, struct roh_send_pdu_state);
+
+	state->bytes_written = tstream_writev_queue_recv(subreq, &sys_errno);
+	state->sys_errno = sys_errno;
+	TALLOC_FREE(subreq);
+	if (state->bytes_written <= 0 && state->sys_errno != 0) {
+		status = map_nt_error_from_unix_common(sys_errno);
+		tevent_req_nterror(req, status);
+		return;
+	}
+	DEBUG(8, ("%s: CONN/B1 sent (%d bytes written)\n",
+		  __func__, state->bytes_written));
+
+	tevent_req_done(req);
+}
+
+NTSTATUS roh_send_CONN_B1_recv(struct tevent_req *req)
+{
+	NTSTATUS status;
+
+	if (tevent_req_is_nterror(req, &status)) {
+		tevent_req_received(req);
+		return status;
+	}
+
+	tevent_req_received(req);
+	return NT_STATUS_OK;
+}
diff --git a/source4/librpc/rpc/dcerpc_roh_channel_out.c b/source4/librpc/rpc/dcerpc_roh_channel_out.c
new file mode 100644
index 0000000..476033e
--- /dev/null
+++ b/source4/librpc/rpc/dcerpc_roh_channel_out.c
@@ -0,0 +1,582 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   [MS-RPCH] - RPC over HTTP client
+
+   Copyright (C) 2013 Samuel Cabrero <samuelcabrero@kernevil.me>
+   Copyright (C) Julien Kerihuel <j.kerihuel@openchange.org> 2013
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <tevent.h>
+#include <talloc.h>
+#include "lib/tsocket/tsocket.h"
+#include "lib/tls/tls.h"
+#include "lib/util/tevent_ntstatus.h"
+#include "lib/util/util_net.h"
+#include "libcli/resolve/resolve.h"
+#include "libcli/composite/composite.h"
+#include "auth/credentials/credentials.h"
+#include "auth/credentials/credentials_internal.h"
+#include <gen_ndr/dcerpc.h>
+#include <gen_ndr/ndr_dcerpc.h>
+
+#include "librpc/rpc/dcerpc.h"
+#include "librpc/rpc/dcerpc_roh.h"
+#include "librpc/rpc/dcerpc_proto.h"
+#include "librpc/rpc/dcerpc_util.h"
+#include "libcli/http/http.h"
+
+struct roh_request_state {
+	struct http_request	*request;
+	struct http_request	*response;
+};
+
+static void roh_send_RPC_DATA_OUT_done(struct tevent_req *subreq);
+struct tevent_req *roh_send_RPC_DATA_OUT_send(TALLOC_CTX *mem_ctx,
+					      struct loadparm_context *lp_ctx,
+					      struct tevent_context *ev,
+					      struct cli_credentials *credentials,
+					      struct roh_connection *roh,
+					      const char *rpc_server,
+					      uint32_t rpc_server_port,
+					      const char *rpc_proxy,
+					      uint8_t http_auth)
+{
+	struct tevent_req		*req;
+	struct tevent_req		*subreq;
+	struct roh_request_state	*state;
+	const char			*path;
+	char				*query;
+	char				*uri;
+
+	DEBUG(8, ("%s: Sending RPC_OUT_DATA request\n", __func__));
+
+	req = tevent_req_create(mem_ctx, &state, struct roh_request_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	state->request = talloc_zero(state, struct http_request);
+	if (tevent_req_nomem(state->request, req)) {
+		return tevent_req_post(req, ev);
+	}
+
+	/* Build URI, as specified in section 2.2.2 */
+	query = talloc_asprintf(state, "%s:%d", rpc_server, rpc_server_port);
+	if (tevent_req_nomem(query, req)) {
+		return tevent_req_post(req, ev);
+	}
+
+	/*
+	 * TODO This path changes to "/rpcwithcert/rpcproxy.dll" when using
+	 * certificates
+	 */
+	path = "/rpc/rpcproxy.dll";
+	uri = talloc_asprintf(state, "%s?%s", path, query);
+	if (tevent_req_nomem(uri, req)) {
+		tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
+		return tevent_req_post(req, ev);
+	}
+	TALLOC_FREE(query);
+
+	/*
+	 * Create the HTTP channel OUT request as specified in the
+	 * section 2.1.2.1.2
+	 */
+	state->request->type = HTTP_REQ_RPC_OUT_DATA;
+	state->request->uri = uri;
+	state->request->body.length = 0;
+	state->request->body.data = NULL;
+	state->request->major = '1';
+	state->request->minor = '0';
+
+	http_add_header(state, &state->request->headers,
+			"Accept", "application/rpc");
+	http_add_header(state, &state->request->headers,
+			"User-Agent", "MSRPC");
+	http_add_header(state, &state->request->headers,
+			"Host", rpc_proxy);
+	http_add_header(state, &state->request->headers,
+			"Connection", "keep-alive");
+	http_add_header(state, &state->request->headers,
+			"Content-Length", "76");
+	http_add_header(state, &state->request->headers,
+			"Cache-Control", "no-cache");
+	http_add_header(state, &state->request->headers,
+			"Pragma", "no-cache");
+
+	subreq = http_send_auth_request_send(state,
+					ev,
+					roh->default_channel_out->http_conn,
+					state->request,
+					credentials,
+					lp_ctx,
+					http_auth);
+	if (tevent_req_nomem(subreq, req)) {
+		return tevent_req_post(req, ev);
+	}
+	tevent_req_set_callback(subreq, roh_send_RPC_DATA_OUT_done, req);
+
+	return req;
+}
+
+static void roh_send_RPC_DATA_OUT_done(struct tevent_req *subreq)
+{
+	NTSTATUS		status;
+	struct tevent_req	*req;
+
+	req = tevent_req_callback_data(subreq, struct tevent_req);
+
+	/* Receive the sent bytes to check if request has been properly sent */
+	status = http_send_auth_request_recv(subreq);
+	TALLOC_FREE(subreq);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	DEBUG(8, ("%s: RPC_OUT_DATA sent\n", __func__));
+
+	tevent_req_done(req);
+}
+
+NTSTATUS roh_send_RPC_DATA_OUT_recv(struct tevent_req *req)
+{
+	NTSTATUS status;
+
+	if (tevent_req_is_nterror(req, &status)) {
+		tevent_req_received(req);
+		return status;
+	}
+
+	tevent_req_received(req);
+	return NT_STATUS_OK;
+}
+
+struct roh_send_pdu_state {
+	DATA_BLOB	buffer;
+	struct iovec	iov;
+	int		bytes_written;
+	int		sys_errno;
+};
+
+static void roh_send_CONN_A1_done(struct tevent_req *subreq);
+struct tevent_req *roh_send_CONN_A1_send(TALLOC_CTX *mem_ctx,
+					 struct tevent_context *ev,
+					 struct roh_connection *roh)
+{
+	struct tevent_req		*req;
+	struct tevent_req		*subreq;
+	struct roh_send_pdu_state	*state;
+	struct dcerpc_rts		rts;
+	struct ncacn_packet		pkt;
+	struct ndr_push			*ndr;
+	struct tstream_context          *stream = NULL;
+	struct tevent_queue             *send_queue = NULL;
+
+	DEBUG(8, ("%s: Sending CONN/A1 request\n", __func__));
+
+	req = tevent_req_create(mem_ctx, &state, struct roh_send_pdu_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	rts.Flags = RTS_FLAG_NONE;
+	rts.NumberOfCommands = 4;
+	rts.Commands = talloc_array(state, struct dcerpc_rts_cmd, 4);
+
+	/* CONN/A1: Version RTS command */
+	rts.Commands[0].CommandType = 0x00000006;
+	rts.Commands[0].Command.Version.Version = 0x00000001;
+
+	/* CONN/A1: VirtualConnectionCookie RTS command */
+	rts.Commands[1].CommandType = 0x00000003;
+	rts.Commands[1].Command.Cookie.Cookie.Cookie = roh->connection_cookie;
+
+	/* CONN/A1: OutChannelCookie RTS command */
+	rts.Commands[2].CommandType = 0x00000003;
+	rts.Commands[2].Command.Cookie.Cookie.Cookie =
+			roh->default_channel_out->channel_cookie;
+
+	/* CONN/A1: ReceiveWindowSize */
+	rts.Commands[3].CommandType = 0x00000000;
+	rts.Commands[3].Command.ReceiveWindowSize.ReceiveWindowSize = 0x40000;
+
+	pkt.rpc_vers = 5;
+	pkt.rpc_vers_minor = 0;
+	pkt.ptype = DCERPC_PKT_RTS;
+	pkt.pfc_flags = DCERPC_PFC_FLAG_LAST | DCERPC_PFC_FLAG_FIRST;
+	pkt.drep[0] = DCERPC_DREP_LE;
+	pkt.drep[1] = 0;
+	pkt.drep[2] = 0;
+	pkt.drep[3] = 0;
+	pkt.frag_length = 76;
+	pkt.auth_length = 0;
+	pkt.call_id = 0;
+	pkt.u.rts = rts;
+
+	ndr = ndr_push_init_ctx(state);
+	if (ndr == NULL) {
+		return NULL;
+	}
+	ndr->offset = 0;
+	ndr_push_ncacn_packet(ndr, NDR_SCALARS, &pkt);
+
+	state->buffer = ndr_push_blob(ndr);
+	state->iov.iov_base = (char *) state->buffer.data;
+	state->iov.iov_len = state->buffer.length;
+
+	stream = http_conn_tstream(roh->default_channel_out->http_conn);
+	send_queue = http_conn_send_queue(roh->default_channel_out->http_conn);
+
+	subreq = tstream_writev_queue_send(mem_ctx,
+					   ev,
+					   stream,
+					   send_queue,
+					   &state->iov,
+					   1);
+	if (tevent_req_nomem(subreq, req)) {
+		return tevent_req_post(req, ev);
+	}
+	tevent_req_set_callback(subreq, roh_send_CONN_A1_done, req);
+
+	return req;
+}
+
+static void roh_send_CONN_A1_done(struct tevent_req *subreq)
+{
+	NTSTATUS			status;
+	struct tevent_req		*req;
+	struct roh_send_pdu_state	*state;
+	int				sys_errno;
+
+	req = tevent_req_callback_data(subreq, struct tevent_req);
+	state = tevent_req_data(req, struct roh_send_pdu_state);
+
+	state->bytes_written = tstream_writev_queue_recv(subreq, &sys_errno);
+	state->sys_errno = sys_errno;
+	TALLOC_FREE(subreq);
+	if (state->bytes_written <= 0 && sys_errno != 0) {
+		status = map_nt_error_from_unix_common(sys_errno);
+		tevent_req_nterror(req, status);
+		return;
+	}
+	DEBUG(8, ("%s: CONN/A1 sent (%d bytes written)\n",
+		  __func__, state->bytes_written));
+
+	tevent_req_done(req);
+}
+
+NTSTATUS roh_send_CONN_A1_recv(struct tevent_req *req)
+{
+	NTSTATUS status;
+
+	if (tevent_req_is_nterror(req, &status)) {
+		tevent_req_received(req);
+		return status;
+	}
+
+	tevent_req_received(req);
+	return NT_STATUS_OK;
+}
+
+struct roh_recv_response_state
+{
+	struct http_request	*response;
+};
+
+static void roh_recv_out_channel_response_done(struct tevent_req *);
+struct tevent_req *roh_recv_out_channel_response_send(TALLOC_CTX *mem_ctx,
+						      struct tevent_context *ev,
+						      struct roh_connection *roh)
+{
+	struct tevent_req		*req;
+	struct tevent_req		*subreq;
+	struct roh_recv_response_state	*state;
+
+	DEBUG(8, ("%s: Waiting for RPC_OUT_DATA response\n", __func__));
+
+	req = tevent_req_create(mem_ctx, &state, struct roh_recv_response_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	subreq = http_read_response_send(state, ev,
+					 roh->default_channel_out->http_conn,
+					 0); /* we'll get the content later */
+	if (tevent_req_nomem(subreq, req)) {
+		return tevent_req_post(req, ev);
+	}
+	tevent_req_set_callback(subreq, roh_recv_out_channel_response_done, req);
+
+	return req;
+}
+
+static void roh_recv_out_channel_response_done(struct tevent_req *subreq)
+{
+	NTSTATUS			status;
+	struct tevent_req		*req;
+	struct roh_recv_response_state	*state;
+
+	req = tevent_req_callback_data(subreq, struct tevent_req);
+	state = tevent_req_data(req, struct roh_recv_response_state);
+	status = http_read_response_recv(subreq, state, &state->response);
+	TALLOC_FREE(subreq);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	DEBUG(8, ("%s: RCP_OUT_DATA response received\n", __func__));
+
+	/* TODO Map response code to nt error */
+	switch (state->response->response_code) {
+	case 200:
+		break;
+	case 401:
+		DEBUG(0, ("%s: Server response: Access denied\n", __func__));
+		tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
+		return;
+	case 503:
+		/* TODO Decode error info as specified in section 2.1.2.1.3 */
+		DEBUG(0, ("%s: Server response: RPC error\n", __func__));
+		tevent_req_nterror(req, NT_STATUS_GENERIC_NOT_MAPPED);
+		return;
+	default:
+		DEBUG(0, ("%s: Server response: Unknown error\n", __func__));
+		tevent_req_nterror(req, NT_STATUS_GENERIC_NOT_MAPPED);
+		return;
+	}
+
+	tevent_req_done(req);
+}
+
+NTSTATUS roh_recv_out_channel_response_recv(struct tevent_req *req,
+		TALLOC_CTX *mem_ctx,
+		char **response_msg)
+{
+	NTSTATUS status;
+
+	if (tevent_req_is_nterror(req, &status)) {
+		tevent_req_received(req);
+		return status;
+	}
+
+	tevent_req_received(req);
+	return NT_STATUS_OK;
+}
+
+struct roh_recv_pdu_state {
+	struct roh_connection	*roh;
+	uint32_t		connection_timeout;
+	uint32_t		version;
+	uint32_t		recv_window_size;
+};
+
+static void roh_recv_CONN_A3_done(struct tevent_req *subreq);
+struct tevent_req *roh_recv_CONN_A3_send(TALLOC_CTX *mem_ctx,
+					 struct tevent_context *ev,
+					 struct roh_connection *roh)
+{
+	struct tevent_req		*req;
+	struct tevent_req		*subreq;
+	struct roh_recv_pdu_state	*state;
+	struct tstream_context          *stream = NULL;
+
+	req = tevent_req_create(mem_ctx, &state, struct roh_recv_pdu_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	DEBUG(8, ("%s: Waiting for CONN/A3\n", __func__));
+
+	stream = http_conn_tstream(roh->default_channel_out->http_conn);
+
+	subreq = dcerpc_read_ncacn_packet_send(state, ev, stream);
+	if (tevent_req_nomem(subreq, req)) {
+		return tevent_req_post(req, ev);
+	}
+	tevent_req_set_callback(subreq, roh_recv_CONN_A3_done, req);
+
+	return req;
+}
+
+static void roh_recv_CONN_A3_done(struct tevent_req *subreq)
+{
+	NTSTATUS			status;
+	struct tevent_req		*req;
+	struct roh_recv_pdu_state	*state;
+	struct ncacn_packet		*pkt;
+	DATA_BLOB			buffer;
+	struct dcerpc_rts		rts;
+
+	req = tevent_req_callback_data(subreq, struct tevent_req);
+	state = tevent_req_data(req, struct roh_recv_pdu_state);
+	status = dcerpc_read_ncacn_packet_recv(subreq, state, &pkt, &buffer);
+	TALLOC_FREE(subreq);
+
+	if (tevent_req_nterror(req, status)) {
+		DEBUG(0, ("%s: Error receiving PDU\n", __func__));
+		return;
+	}
+
+	/*
+	 * Check if it is a CONN/A3 (2.2.4.4) packet and get the connection
+	 * timeout
+	 */
+	rts = pkt->u.rts;
+	if (rts.NumberOfCommands != 1) {
+		DEBUG(0, ("%s: Invalid number of commands received\n", __func__));
+		tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+		return;
+	}
+
+	if (rts.Commands[0].CommandType != ROH_CMD_TYPE_CONNECTION_TIMEOUT) {
+		DEBUG(0, ("%s: Invalid command type received\n", __func__));
+		tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+		return;
+	}
+
+	/* Extract connection timeout */
+	state->connection_timeout = rts.Commands[0].Command.ConnectionTimeout.ConnectionTimeout;
+
+	DEBUG(8, ("%s: CONN/A3 received, connection timeout is %u\n",
+		  __func__, state->connection_timeout));
+	tevent_req_done(req);
+}
+
+NTSTATUS roh_recv_CONN_A3_recv(struct tevent_req *req,
+			       unsigned int *connection_timeout)
+{
+	NTSTATUS			status;
+	struct roh_recv_pdu_state	*state;
+
+	state = tevent_req_data(req, struct roh_recv_pdu_state);
+	if (tevent_req_is_nterror(req, &status)) {
+		tevent_req_received(req);
+		return status;
+	}
+
+	*connection_timeout = state->connection_timeout;
+
+	tevent_req_received(req);
+	return NT_STATUS_OK;
+}
+
+static void roh_recv_CONN_C2_done(struct tevent_req *subreq);
+struct tevent_req *roh_recv_CONN_C2_send(TALLOC_CTX *mem_ctx,
+					 struct tevent_context *ev,
+					 struct roh_connection *roh)
+{
+	struct tevent_req		*req;
+	struct tevent_req		*subreq;
+	struct roh_recv_pdu_state	*state;
+	struct tstream_context		*stream = NULL;
+
+	req = tevent_req_create(mem_ctx, &state, struct roh_recv_pdu_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	DEBUG(8, ("%s: Waiting for CONN/C2\n", __func__));
+	stream = http_conn_tstream(roh->default_channel_out->http_conn);
+
+	subreq = dcerpc_read_ncacn_packet_send(state, ev, stream);
+	if (tevent_req_nomem(subreq, req)) {
+		return tevent_req_post(req, ev);
+	}
+	tevent_req_set_callback(subreq, roh_recv_CONN_C2_done, req);
+
+	return req;
+}
+
+static void roh_recv_CONN_C2_done(struct tevent_req *subreq)
+{
+	NTSTATUS			status;
+	struct tevent_req		*req;
+	struct roh_recv_pdu_state	*state;
+	struct ncacn_packet		*pkt;
+	DATA_BLOB			buffer;
+	struct dcerpc_rts		rts;
+
+	req = tevent_req_callback_data(subreq, struct tevent_req);
+	state = tevent_req_data(req, struct roh_recv_pdu_state);
+
+	status = dcerpc_read_ncacn_packet_recv(subreq, state, &pkt, &buffer);
+	TALLOC_FREE(subreq);
+	if (tevent_req_nterror(req, status)) {
+		DEBUG(0, ("%s: Error receiving PDU\n", __func__));
+		return;
+	}
+
+	/*
+	 * Check if it is a CONN/C2 packet (2.2.4.9), and get the version, the
+	 * receive windows size and the connection timeout for the IN channel
+	 */
+	rts = pkt->u.rts;
+	if (rts.NumberOfCommands != 3) {
+		DEBUG(0, ("%s: Invalid number of commands received\n",
+			  __func__));
+		tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+		return;
+	}
+	if (rts.Commands[0].CommandType != ROH_CMD_TYPE_VERSION) {
+		DEBUG(0, ("%s: Invalid command type received\n", __func__));
+		tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+		return;
+	}
+	if (rts.Commands[1].CommandType != ROH_CMD_TYPE_RECV_WINDOWS_SIZE) {
+		DEBUG(0, ("%s: Invalid command type received\n", __func__));
+		tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+		return;
+	}
+	if (rts.Commands[2].CommandType != ROH_CMD_TYPE_CONNECTION_TIMEOUT) {
+		DEBUG(0, ("%s: Invalid command type received\n", __func__));
+		tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+		return;
+	}
+
+	/* Extract data */
+	state->version = rts.Commands[0].Command.Version.Version;
+	state->recv_window_size = rts.Commands[1].Command.ReceiveWindowSize.ReceiveWindowSize;
+	state->connection_timeout = rts.Commands[2].Command.ConnectionTimeout.ConnectionTimeout;
+
+	DEBUG(8, ("%s: CONN/C2 received, version is %u, receive windows size is %u, connection timeout is %u\n",
+		  __func__, state->version, state->recv_window_size,
+		  state->connection_timeout));
+	tevent_req_done(req);
+}
+
+NTSTATUS roh_recv_CONN_C2_recv(struct tevent_req *req,
+			       unsigned int *version,
+			       unsigned int *recv_window_size,
+			       unsigned int *connection_timeout)
+{
+	NTSTATUS			status;
+	struct roh_recv_pdu_state	*state;
+
+	if (tevent_req_is_nterror(req, &status)) {
+		tevent_req_received(req);
+		return status;
+	}
+
+	state =  tevent_req_data(req, struct roh_recv_pdu_state);
+	*version = state->version;
+	*recv_window_size = state->recv_window_size;
+	*connection_timeout = state->connection_timeout;
+
+	tevent_req_received(req);
+	return NT_STATUS_OK;
+}
diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c
new file mode 100644
index 0000000..ebc7a5e
--- /dev/null
+++ b/source4/librpc/rpc/dcerpc_schannel.c
@@ -0,0 +1,623 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   dcerpc schannel operations
+
+   Copyright (C) Andrew Tridgell 2004
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
+   Copyright (C) Rafal Szczesniak 2006
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <tevent.h>
+#include "auth/auth.h"
+#include "libcli/composite/composite.h"
+#include "libcli/auth/libcli_auth.h"
+#include "librpc/gen_ndr/ndr_netlogon.h"
+#include "librpc/gen_ndr/ndr_netlogon_c.h"
+#include "auth/credentials/credentials.h"
+#include "librpc/rpc/dcerpc_proto.h"
+#include "param/param.h"
+#include "lib/param/loadparm.h"
+
+struct schannel_key_state {
+	struct dcerpc_pipe *pipe;
+	struct dcerpc_pipe *pipe2;
+	struct dcerpc_binding *binding;
+	bool dcerpc_schannel_auto;
+	struct cli_credentials *credentials;
+	struct netlogon_creds_CredentialState *creds;
+	uint32_t local_negotiate_flags;
+	uint32_t remote_negotiate_flags;
+	struct netr_Credential credentials1;
+	struct netr_Credential credentials2;
+	struct netr_Credential credentials3;
+	struct netr_ServerReqChallenge r;
+	struct netr_ServerAuthenticate2 a;
+	const struct samr_Password *mach_pwd;
+};
+
+
+static void continue_secondary_connection(struct composite_context *ctx);
+static void continue_bind_auth_none(struct composite_context *ctx);
+static void continue_srv_challenge(struct tevent_req *subreq);
+static void continue_srv_auth2(struct tevent_req *subreq);
+static void continue_get_capabilities(struct tevent_req *subreq);
+
+
+/*
+  Stage 2 of schannel_key: Receive endpoint mapping and request secondary
+  rpc connection
+*/
+static void continue_epm_map_binding(struct composite_context *ctx)
+{
+	struct composite_context *c;
+	struct schannel_key_state *s;
+	struct composite_context *sec_conn_req;
+
+	c = talloc_get_type(ctx->async.private_data, struct composite_context);
+	s = talloc_get_type(c->private_data, struct schannel_key_state);
+
+	/* receive endpoint mapping */
+	c->status = dcerpc_epm_map_binding_recv(ctx);
+	if (!NT_STATUS_IS_OK(c->status)) {
+		DEBUG(0,("Failed to map DCERPC/TCP NCACN_NP pipe for '%s' - %s\n",
+			 NDR_NETLOGON_UUID, nt_errstr(c->status)));
+		composite_error(c, c->status);
+		return;
+	}
+
+	/* send a request for secondary rpc connection */
+	sec_conn_req = dcerpc_secondary_connection_send(s->pipe,
+							s->binding);
+	if (composite_nomem(sec_conn_req, c)) return;
+
+	composite_continue(c, sec_conn_req, continue_secondary_connection, c);
+}
+
+
+/*
+  Stage 3 of schannel_key: Receive secondary rpc connection and perform
+  non-authenticated bind request
+*/
+static void continue_secondary_connection(struct composite_context *ctx)
+{
+	struct composite_context *c;
+	struct schannel_key_state *s;
+	struct composite_context *auth_none_req;
+
+	c = talloc_get_type(ctx->async.private_data, struct composite_context);
+	s = talloc_get_type(c->private_data, struct schannel_key_state);
+
+	/* receive secondary rpc connection */
+	c->status = dcerpc_secondary_connection_recv(ctx, &s->pipe2);
+	if (!composite_is_ok(c)) return;
+
+	talloc_steal(s, s->pipe2);
+
+	/* initiate a non-authenticated bind */
+	auth_none_req = dcerpc_bind_auth_none_send(c, s->pipe2, &ndr_table_netlogon);
+	if (composite_nomem(auth_none_req, c)) return;
+
+	composite_continue(c, auth_none_req, continue_bind_auth_none, c);
+}
+
+
+/*
+  Stage 4 of schannel_key: Receive non-authenticated bind and get
+  a netlogon challenge
+*/
+static void continue_bind_auth_none(struct composite_context *ctx)
+{
+	struct composite_context *c;
+	struct schannel_key_state *s;
+	struct tevent_req *subreq;
+
+	c = talloc_get_type(ctx->async.private_data, struct composite_context);
+	s = talloc_get_type(c->private_data, struct schannel_key_state);
+
+	/* receive result of non-authenticated bind request */
+	c->status = dcerpc_bind_auth_none_recv(ctx);
+	if (!composite_is_ok(c)) return;
+	
+	/* prepare a challenge request */
+	s->r.in.server_name   = talloc_asprintf(c, "\\\\%s", dcerpc_server_name(s->pipe));
+	if (composite_nomem(s->r.in.server_name, c)) return;
+	s->r.in.computer_name = cli_credentials_get_workstation(s->credentials);
+	s->r.in.credentials   = &s->credentials1;
+	s->r.out.return_credentials  = &s->credentials2;
+	
+	generate_random_buffer(s->credentials1.data, sizeof(s->credentials1.data));
+
+	/*
+	  request a netlogon challenge - a rpc request over opened secondary pipe
+	*/
+	subreq = dcerpc_netr_ServerReqChallenge_r_send(s, c->event_ctx,
+						       s->pipe2->binding_handle,
+						       &s->r);
+	if (composite_nomem(subreq, c)) return;
+
+	tevent_req_set_callback(subreq, continue_srv_challenge, c);
+}
+
+
+/*
+  Stage 5 of schannel_key: Receive a challenge and perform authentication
+  on the netlogon pipe
+*/
+static void continue_srv_challenge(struct tevent_req *subreq)
+{
+	struct composite_context *c;
+	struct schannel_key_state *s;
+
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type(c->private_data, struct schannel_key_state);
+
+	/* receive rpc request result - netlogon challenge */
+	c->status = dcerpc_netr_ServerReqChallenge_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	/* prepare credentials for auth2 request */
+	s->mach_pwd = cli_credentials_get_nt_hash(s->credentials, c);
+	if (s->mach_pwd == NULL) {
+		return composite_error(c, NT_STATUS_INTERNAL_ERROR);
+	}
+
+	/* auth2 request arguments */
+	s->a.in.server_name      = s->r.in.server_name;
+	s->a.in.account_name     = cli_credentials_get_username(s->credentials);
+	s->a.in.secure_channel_type =
+		cli_credentials_get_secure_channel_type(s->credentials);
+	s->a.in.computer_name    = cli_credentials_get_workstation(s->credentials);
+	s->a.in.negotiate_flags  = &s->local_negotiate_flags;
+	s->a.in.credentials      = &s->credentials3;
+	s->a.out.negotiate_flags = &s->remote_negotiate_flags;
+	s->a.out.return_credentials     = &s->credentials3;
+
+	s->creds = netlogon_creds_client_init(s, 
+					      s->a.in.account_name, 
+					      s->a.in.computer_name,
+					      s->a.in.secure_channel_type,
+					      &s->credentials1, &s->credentials2,
+					      s->mach_pwd, &s->credentials3,
+					      s->local_negotiate_flags);
+	if (composite_nomem(s->creds, c)) {
+		return;
+	}
+	/*
+	  authenticate on the netlogon pipe - a rpc request over secondary pipe
+	*/
+	subreq = dcerpc_netr_ServerAuthenticate2_r_send(s, c->event_ctx,
+							s->pipe2->binding_handle,
+							&s->a);
+	if (composite_nomem(subreq, c)) return;
+
+	tevent_req_set_callback(subreq, continue_srv_auth2, c);
+}
+
+
+/*
+  Stage 6 of schannel_key: Receive authentication request result and verify
+  received credentials
+*/
+static void continue_srv_auth2(struct tevent_req *subreq)
+{
+	struct composite_context *c;
+	struct schannel_key_state *s;
+
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type(c->private_data, struct schannel_key_state);
+
+	/* receive rpc request result - auth2 credentials */ 
+	c->status = dcerpc_netr_ServerAuthenticate2_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	if (!NT_STATUS_EQUAL(s->a.out.result, NT_STATUS_ACCESS_DENIED) &&
+	    !NT_STATUS_IS_OK(s->a.out.result)) {
+		composite_error(c, s->a.out.result);
+		return;
+	}
+
+	/*
+	 * Strong keys could be unsupported (NT4) or disabled. So retry with the
+	 * flags returned by the server. - asn
+	 */
+	if (NT_STATUS_EQUAL(s->a.out.result, NT_STATUS_ACCESS_DENIED)) {
+		uint32_t lf = s->local_negotiate_flags;
+		const char *ln = NULL;
+		uint32_t rf = s->remote_negotiate_flags;
+		const char *rn = NULL;
+
+		if (!s->dcerpc_schannel_auto) {
+			composite_error(c, s->a.out.result);
+			return;
+		}
+		s->dcerpc_schannel_auto = false;
+
+		if (lf & NETLOGON_NEG_SUPPORTS_AES)  {
+			ln = "aes";
+			if (rf & NETLOGON_NEG_SUPPORTS_AES) {
+				composite_error(c, s->a.out.result);
+				return;
+			}
+		} else if (lf & NETLOGON_NEG_STRONG_KEYS) {
+			ln = "strong";
+			if (rf & NETLOGON_NEG_STRONG_KEYS) {
+				composite_error(c, s->a.out.result);
+				return;
+			}
+		} else {
+			ln = "des";
+		}
+
+		if (rf & NETLOGON_NEG_SUPPORTS_AES)  {
+			rn = "aes";
+		} else if (rf & NETLOGON_NEG_STRONG_KEYS) {
+			rn = "strong";
+		} else {
+			rn = "des";
+		}
+
+		DEBUG(3, ("Server doesn't support %s keys, downgrade to %s"
+			  "and retry! local[0x%08X] remote[0x%08X]\n",
+			  ln, rn, lf, rf));
+
+		s->local_negotiate_flags = s->remote_negotiate_flags;
+
+		generate_random_buffer(s->credentials1.data,
+				       sizeof(s->credentials1.data));
+
+		subreq = dcerpc_netr_ServerReqChallenge_r_send(s,
+							       c->event_ctx,
+							       s->pipe2->binding_handle,
+							       &s->r);
+		if (composite_nomem(subreq, c)) return;
+
+		tevent_req_set_callback(subreq, continue_srv_challenge, c);
+		return;
+	}
+
+	s->creds->negotiate_flags = s->remote_negotiate_flags;
+
+	/* verify credentials */
+	if (!netlogon_creds_client_check(s->creds, s->a.out.return_credentials)) {
+		composite_error(c, NT_STATUS_UNSUCCESSFUL);
+		return;
+	}
+
+	composite_done(c);
+}
+
+/*
+  Initiate establishing a schannel key using netlogon challenge
+  on a secondary pipe
+*/
+static struct composite_context *dcerpc_schannel_key_send(TALLOC_CTX *mem_ctx,
+						   struct dcerpc_pipe *p,
+						   struct cli_credentials *credentials,
+						   struct loadparm_context *lp_ctx)
+{
+	struct composite_context *c;
+	struct schannel_key_state *s;
+	struct composite_context *epm_map_req;
+	enum netr_SchannelType schannel_type = cli_credentials_get_secure_channel_type(credentials);
+	struct cli_credentials *epm_creds = NULL;
+
+	/* composite context allocation and setup */
+	c = composite_create(mem_ctx, p->conn->event_ctx);
+	if (c == NULL) return NULL;
+
+	s = talloc_zero(c, struct schannel_key_state);
+	if (composite_nomem(s, c)) return c;
+	c->private_data = s;
+
+	/* store parameters in the state structure */
+	s->pipe        = p;
+	s->credentials = credentials;
+	s->local_negotiate_flags = NETLOGON_NEG_AUTH2_FLAGS;
+
+	/* allocate credentials */
+	if (s->pipe->conn->flags & DCERPC_SCHANNEL_128) {
+		s->local_negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
+	}
+	if (s->pipe->conn->flags & DCERPC_SCHANNEL_AES) {
+		s->local_negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
+		s->local_negotiate_flags |= NETLOGON_NEG_SUPPORTS_AES;
+	}
+	if (s->pipe->conn->flags & DCERPC_SCHANNEL_AUTO) {
+		s->local_negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
+		s->local_negotiate_flags |= NETLOGON_NEG_SUPPORTS_AES;
+		s->dcerpc_schannel_auto = true;
+	}
+
+	/* type of authentication depends on schannel type */
+	if (schannel_type == SEC_CHAN_RODC) {
+		s->local_negotiate_flags |= NETLOGON_NEG_RODC_PASSTHROUGH;
+	}
+
+	if (lpcfg_weak_crypto(lp_ctx) == SAMBA_WEAK_CRYPTO_DISALLOWED) {
+		s->local_negotiate_flags &= ~NETLOGON_NEG_ARCFOUR;
+	}
+
+	epm_creds = cli_credentials_init_anon(s);
+	if (composite_nomem(epm_creds, c)) return c;
+
+	/* allocate binding structure */
+	s->binding = dcerpc_binding_dup(s, s->pipe->binding);
+	if (composite_nomem(s->binding, c)) return c;
+
+	/* request the netlogon endpoint mapping */
+	epm_map_req = dcerpc_epm_map_binding_send(c, s->binding,
+						  &ndr_table_netlogon,
+						  epm_creds,
+						  s->pipe->conn->event_ctx,
+						  lp_ctx);
+	if (composite_nomem(epm_map_req, c)) return c;
+
+	composite_continue(c, epm_map_req, continue_epm_map_binding, c);
+	return c;
+}
+
+
+/*
+  Receive result of schannel key request
+ */
+static NTSTATUS dcerpc_schannel_key_recv(struct composite_context *c,
+				TALLOC_CTX *mem_ctx,
+				struct netlogon_creds_CredentialState **creds)
+{
+	NTSTATUS status = composite_wait(c);
+
+	if (NT_STATUS_IS_OK(status)) {
+		struct schannel_key_state *s =
+			talloc_get_type_abort(c->private_data,
+			struct schannel_key_state);
+		*creds = talloc_move(mem_ctx, &s->creds);
+	}
+
+	talloc_free(c);
+	return status;
+}
+
+
+struct auth_schannel_state {
+	struct dcerpc_pipe *pipe;
+	struct cli_credentials *credentials;
+	const struct ndr_interface_table *table;
+	struct loadparm_context *lp_ctx;
+	uint8_t auth_level;
+	struct netlogon_creds_CredentialState *creds_state;
+	struct netlogon_creds_CredentialState save_creds_state;
+	struct netr_Authenticator auth;
+	struct netr_Authenticator return_auth;
+	union netr_Capabilities capabilities;
+	struct netr_LogonGetCapabilities c;
+};
+
+
+static void continue_bind_auth(struct composite_context *ctx);
+
+
+/*
+  Stage 2 of auth_schannel: Receive schannel key and initiate an
+  authenticated bind using received credentials
+ */
+static void continue_schannel_key(struct composite_context *ctx)
+{
+	struct composite_context *auth_req;
+	struct composite_context *c = talloc_get_type(ctx->async.private_data,
+						      struct composite_context);
+	struct auth_schannel_state *s = talloc_get_type(c->private_data,
+							struct auth_schannel_state);
+	NTSTATUS status;
+
+	/* receive schannel key */
+	status = c->status = dcerpc_schannel_key_recv(ctx, s, &s->creds_state);
+	if (!composite_is_ok(c)) {
+		DEBUG(1, ("Failed to setup credentials: %s\n", nt_errstr(status)));
+		return;
+	}
+
+	/* send bind auth request with received creds */
+	cli_credentials_set_netlogon_creds(s->credentials, s->creds_state);
+
+	auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table, s->credentials, 
+					 lpcfg_gensec_settings(c, s->lp_ctx),
+					 DCERPC_AUTH_TYPE_SCHANNEL, s->auth_level,
+					 NULL);
+	if (composite_nomem(auth_req, c)) return;
+	
+	composite_continue(c, auth_req, continue_bind_auth, c);
+}
+
+
+/*
+  Stage 3 of auth_schannel: Receive result of authenticated bind
+  and say if we're done ok.
+*/
+static void continue_bind_auth(struct composite_context *ctx)
+{
+	struct composite_context *c = talloc_get_type(ctx->async.private_data,
+						      struct composite_context);
+	struct auth_schannel_state *s = talloc_get_type(c->private_data,
+							struct auth_schannel_state);
+	struct tevent_req *subreq;
+
+	c->status = dcerpc_bind_auth_recv(ctx);
+	if (!composite_is_ok(c)) return;
+
+	/* if we have a AES encrypted connection, verify the capabilities */
+	if (ndr_syntax_id_equal(&s->table->syntax_id,
+				&ndr_table_netlogon.syntax_id)) {
+		NTSTATUS status;
+		ZERO_STRUCT(s->return_auth);
+
+		s->save_creds_state = *s->creds_state;
+		status = netlogon_creds_client_authenticator(&s->save_creds_state,
+							     &s->auth);
+		if (!NT_STATUS_IS_OK(status)) {
+			composite_error(c, status);
+			return;
+		}
+
+		s->c.in.server_name = talloc_asprintf(c,
+						      "\\\\%s",
+						      dcerpc_server_name(s->pipe));
+		if (composite_nomem(s->c.in.server_name, c)) return;
+		s->c.in.computer_name         = cli_credentials_get_workstation(s->credentials);
+		s->c.in.credential            = &s->auth;
+		s->c.in.return_authenticator  = &s->return_auth;
+		s->c.in.query_level           = 1;
+
+		s->c.out.capabilities         = &s->capabilities;
+		s->c.out.return_authenticator = &s->return_auth;
+
+		DEBUG(5, ("We established a AES connection, verifying logon "
+			  "capabilities\n"));
+
+		subreq = dcerpc_netr_LogonGetCapabilities_r_send(s,
+								 c->event_ctx,
+								 s->pipe->binding_handle,
+								 &s->c);
+		if (composite_nomem(subreq, c)) return;
+
+		tevent_req_set_callback(subreq, continue_get_capabilities, c);
+		return;
+	}
+
+	composite_done(c);
+}
+
+/*
+  Stage 4 of auth_schannel: Get the Logon Capabilities and verify them.
+*/
+static void continue_get_capabilities(struct tevent_req *subreq)
+{
+	struct composite_context *c;
+	struct auth_schannel_state *s;
+
+	c = tevent_req_callback_data(subreq, struct composite_context);
+	s = talloc_get_type(c->private_data, struct auth_schannel_state);
+
+	/* receive rpc request result */
+	c->status = dcerpc_netr_LogonGetCapabilities_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (NT_STATUS_EQUAL(c->status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) {
+		if (s->creds_state->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+			composite_error(c, NT_STATUS_INVALID_NETWORK_RESPONSE);
+			return;
+		} else {
+			/* This is probably NT */
+			composite_done(c);
+			return;
+		}
+	} else if (!composite_is_ok(c)) {
+		return;
+	}
+
+	if (NT_STATUS_EQUAL(s->c.out.result, NT_STATUS_NOT_IMPLEMENTED)) {
+		if (s->creds_state->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+			/* This means AES isn't supported. */
+			composite_error(c, NT_STATUS_INVALID_NETWORK_RESPONSE);
+			return;
+		}
+
+		/* This is probably an old Samba version */
+		composite_done(c);
+		return;
+	}
+
+	/* verify credentials */
+	if (!netlogon_creds_client_check(&s->save_creds_state,
+					 &s->c.out.return_authenticator->cred)) {
+		composite_error(c, NT_STATUS_UNSUCCESSFUL);
+		return;
+	}
+
+	*s->creds_state = s->save_creds_state;
+	cli_credentials_set_netlogon_creds(s->credentials, s->creds_state);
+
+	if (!NT_STATUS_IS_OK(s->c.out.result)) {
+		composite_error(c, s->c.out.result);
+		return;
+	}
+
+	/* compare capabilities */
+	if (s->creds_state->negotiate_flags != s->capabilities.server_capabilities) {
+		DEBUG(2, ("The client capabilities don't match the server "
+			  "capabilities: local[0x%08X] remote[0x%08X]\n",
+			  s->creds_state->negotiate_flags,
+			  s->capabilities.server_capabilities));
+		composite_error(c, NT_STATUS_INVALID_NETWORK_RESPONSE);
+		return;
+	}
+
+	/* TODO: Add downgrade detection. */
+
+	composite_done(c);
+}
+
+
+/*
+  Initiate schannel authentication request
+*/
+struct composite_context *dcerpc_bind_auth_schannel_send(TALLOC_CTX *tmp_ctx, 
+							 struct dcerpc_pipe *p,
+							 const struct ndr_interface_table *table,
+							 struct cli_credentials *credentials,
+							 struct loadparm_context *lp_ctx,
+							 uint8_t auth_level)
+{
+	struct composite_context *c;
+	struct auth_schannel_state *s;
+	struct composite_context *schan_key_req;
+
+	/* composite context allocation and setup */
+	c = composite_create(tmp_ctx, p->conn->event_ctx);
+	if (c == NULL) return NULL;
+	
+	s = talloc_zero(c, struct auth_schannel_state);
+	if (composite_nomem(s, c)) return c;
+	c->private_data = s;
+
+	/* store parameters in the state structure */
+	s->pipe        = p;
+	s->credentials = credentials;
+	s->table       = table;
+	s->auth_level  = auth_level;
+	s->lp_ctx      = lp_ctx;
+
+	/* start getting schannel key first */
+	schan_key_req = dcerpc_schannel_key_send(c, p, credentials, lp_ctx);
+	if (composite_nomem(schan_key_req, c)) return c;
+
+	composite_continue(c, schan_key_req, continue_schannel_key, c);
+	return c;
+}
+
+
+/*
+  Receive result of schannel authentication request
+*/
+NTSTATUS dcerpc_bind_auth_schannel_recv(struct composite_context *c)
+{
+	NTSTATUS status = composite_wait(c);
+	
+	talloc_free(c);
+	return status;
+}
diff --git a/source4/librpc/rpc/dcerpc_secondary.c b/source4/librpc/rpc/dcerpc_secondary.c
new file mode 100644
index 0000000..55068dc
--- /dev/null
+++ b/source4/librpc/rpc/dcerpc_secondary.c
@@ -0,0 +1,431 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   dcerpc connect functions
+
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) Jelmer Vernooij 2004
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2007
+   Copyright (C) Rafal Szczesniak  2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include "includes.h"
+#include "libcli/composite/composite.h"
+#include "lib/events/events.h"
+#include "librpc/rpc/dcerpc.h"
+#include "librpc/rpc/dcerpc_proto.h"
+#include "auth/credentials/credentials.h"
+#include "param/param.h"
+#include "libcli/resolve/resolve.h"
+#include "lib/util/util_net.h"
+
+struct sec_conn_state {
+	struct dcerpc_pipe *pipe;
+	struct dcerpc_pipe *pipe2;
+	struct dcerpc_binding *binding;
+};
+
+
+static void continue_open_smb(struct composite_context *ctx);
+static void continue_open_tcp(struct composite_context *ctx);
+static void continue_open_ncalrpc(struct composite_context *ctx);
+static void continue_open_ncacn_unix(struct composite_context *ctx);
+static void continue_pipe_open(struct composite_context *c);
+
+
+/*
+  Send request to create a secondary dcerpc connection from a primary
+  connection
+*/
+_PUBLIC_ struct composite_context* dcerpc_secondary_connection_send(struct dcerpc_pipe *p,
+							const struct dcerpc_binding *b)
+{
+	struct composite_context *c;
+	struct sec_conn_state *s;
+	struct composite_context *pipe_smb_req;
+	struct composite_context *pipe_tcp_req;
+	const char *localaddress = NULL;
+	struct composite_context *pipe_ncalrpc_req;
+	const char *ncalrpc_dir = NULL;
+	struct composite_context *pipe_unix_req;
+	const char *host;
+	const char *target_hostname;
+	const char *endpoint;
+
+	/* composite context allocation and setup */
+	c = composite_create(p, p->conn->event_ctx);
+	if (c == NULL) return NULL;
+
+	s = talloc_zero(c, struct sec_conn_state);
+	if (composite_nomem(s, c)) return c;
+	c->private_data = s;
+
+	s->pipe     = p;
+	s->binding  = dcerpc_binding_dup(s, b);
+	if (composite_nomem(s->binding, c)) return c;
+
+	/* initialise second dcerpc pipe based on primary pipe's event context */
+	s->pipe2 = dcerpc_pipe_init(c, s->pipe->conn->event_ctx);
+	if (composite_nomem(s->pipe2, c)) return c;
+
+	if (DEBUGLEVEL >= 10)
+		s->pipe2->conn->packet_log_dir = s->pipe->conn->packet_log_dir;
+
+	host = dcerpc_binding_get_string_option(s->binding, "host");
+	if (host == NULL) {
+		/*
+		 * We may fallback to the host of the given connection
+		 */
+		host = dcerpc_binding_get_string_option(s->pipe->binding,
+							"host");
+	}
+	target_hostname = dcerpc_binding_get_string_option(s->binding, "target_hostname");
+	if (target_hostname == NULL) {
+		/*
+		 * We may fallback to the target_hostname of the given connection
+		 */
+		target_hostname = dcerpc_binding_get_string_option(s->pipe->binding,
+								   "target_hostname");
+	}
+	endpoint = dcerpc_binding_get_string_option(s->binding, "endpoint");
+	if (endpoint == NULL) {
+		/*
+		 * We may fallback to the endpoint of the given connection
+		 */
+		endpoint = dcerpc_binding_get_string_option(s->pipe->binding, "endpoint");
+	}
+	if (endpoint == NULL) {
+		composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
+		return c;
+	}
+
+	/* open second dcerpc pipe using the same transport as for primary pipe */
+	switch (s->pipe->conn->transport.transport) {
+	case NCACN_NP:
+		pipe_smb_req = dcerpc_secondary_smb_send(s->pipe->conn,
+							 s->pipe2->conn,
+							 endpoint);
+		composite_continue(c, pipe_smb_req, continue_open_smb, c);
+		return c;
+
+	case NCACN_IP_TCP:
+		if (host == NULL) {
+			composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
+			return c;
+		}
+
+		if (!is_ipaddress(host)) {
+			/*
+			 * We may fallback to the host of the given connection
+			 */
+			host = dcerpc_binding_get_string_option(s->pipe->binding,
+								"host");
+			if (host == NULL) {
+				composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
+				return c;
+			}
+			if (!is_ipaddress(host)) {
+				composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
+				return c;
+			}
+		}
+
+		localaddress = dcerpc_binding_get_string_option(s->binding,
+								"localaddress");
+		if (localaddress == NULL) {
+			/*
+			 * We may fallback to the localaddress of the given connection
+			 */
+			localaddress = dcerpc_binding_get_string_option(s->pipe->binding,
+									"localaddress");
+		}
+
+		pipe_tcp_req = dcerpc_pipe_open_tcp_send(s->pipe2->conn,
+							 localaddress,
+							 host,
+							 target_hostname,
+							 atoi(endpoint),
+							 resolve_context_init(s));
+		composite_continue(c, pipe_tcp_req, continue_open_tcp, c);
+		return c;
+
+	case NCALRPC:
+		ncalrpc_dir = dcerpc_binding_get_string_option(s->binding,
+							       "ncalrpc_dir");
+		if (ncalrpc_dir == NULL) {
+			ncalrpc_dir = dcerpc_binding_get_string_option(s->pipe->binding,
+								"ncalrpc_dir");
+		}
+		if (ncalrpc_dir == NULL) {
+			composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
+			return c;
+		}
+
+		pipe_ncalrpc_req = dcerpc_pipe_open_pipe_send(s->pipe2->conn,
+							      ncalrpc_dir,
+							      endpoint);
+		composite_continue(c, pipe_ncalrpc_req, continue_open_ncalrpc, c);
+		return c;
+
+	case NCACN_UNIX_STREAM:
+		pipe_unix_req = dcerpc_pipe_open_unix_stream_send(s->pipe2->conn,
+								  endpoint);
+		composite_continue(c, pipe_unix_req, continue_open_ncacn_unix, c);
+		return c;
+
+	default:
+		/* looks like a transport we don't support */
+		composite_error(c, NT_STATUS_NOT_SUPPORTED);
+	}
+
+	return c;
+}
+
+
+/*
+  Stage 2 of secondary_connection: Receive result of pipe open request on smb
+*/
+static void continue_open_smb(struct composite_context *ctx)
+{
+	struct composite_context *c = talloc_get_type(ctx->async.private_data,
+						      struct composite_context);
+	
+	c->status = dcerpc_secondary_smb_recv(ctx);
+	if (!composite_is_ok(c)) return;
+
+	continue_pipe_open(c);
+}
+
+
+/*
+  Stage 2 of secondary_connection: Receive result of pipe open request on tcp/ip
+*/
+static void continue_open_tcp(struct composite_context *ctx)
+{
+	struct composite_context *c = talloc_get_type(ctx->async.private_data,
+						      struct composite_context);
+	struct sec_conn_state *s = talloc_get_type_abort(c->private_data,
+							 struct sec_conn_state);
+	char *localaddr = NULL;
+	char *remoteaddr = NULL;
+
+	c->status = dcerpc_pipe_open_tcp_recv(ctx, s, &localaddr, &remoteaddr);
+	if (!composite_is_ok(c)) return;
+
+	c->status = dcerpc_binding_set_string_option(s->binding,
+						     "localaddress",
+						     localaddr);
+	if (!composite_is_ok(c)) return;
+
+	c->status = dcerpc_binding_set_string_option(s->binding,
+						     "host",
+						     remoteaddr);
+	if (!composite_is_ok(c)) return;
+
+	continue_pipe_open(c);
+}
+
+/*
+  Stage 2 of secondary_connection: Receive result of pipe open request on ncalrpc
+*/
+static void continue_open_ncalrpc(struct composite_context *ctx)
+{
+	struct composite_context *c = talloc_get_type(ctx->async.private_data,
+						      struct composite_context);
+
+	c->status = dcerpc_pipe_open_pipe_recv(ctx);
+	if (!composite_is_ok(c)) return;
+
+	continue_pipe_open(c);
+}
+
+/*
+  Stage 2 of secondary_connection: Receive result of pipe open request on ncacn_unix
+*/
+static void continue_open_ncacn_unix(struct composite_context *ctx)
+{
+	struct composite_context *c = talloc_get_type(ctx->async.private_data,
+						      struct composite_context);
+
+	c->status = dcerpc_pipe_open_unix_stream_recv(ctx);
+	if (!composite_is_ok(c)) return;
+
+	continue_pipe_open(c);
+}
+
+
+/*
+  Stage 3 of secondary_connection: Get binding data and flags from primary pipe
+  and say if we're done ok.
+*/
+static void continue_pipe_open(struct composite_context *c)
+{
+	struct sec_conn_state *s;
+
+	s = talloc_get_type(c->private_data, struct sec_conn_state);
+
+	s->pipe2->conn->flags = s->pipe->conn->flags;
+	s->pipe2->binding     = dcerpc_binding_dup(s->pipe2, s->binding);
+	if (composite_nomem(s->pipe2->binding, c)) {
+		return;
+	}
+
+	composite_done(c);
+}
+
+
+/*
+  Receive result of secondary rpc connection request and return
+  second dcerpc pipe.
+*/
+_PUBLIC_ NTSTATUS dcerpc_secondary_connection_recv(struct composite_context *c,
+					  struct dcerpc_pipe **p2)
+{
+	NTSTATUS status = composite_wait(c);
+	struct sec_conn_state *s;
+
+	s = talloc_get_type(c->private_data, struct sec_conn_state);
+
+	if (NT_STATUS_IS_OK(status)) {
+		*p2 = talloc_steal(s->pipe, s->pipe2);
+	}
+
+	talloc_free(c);
+	return status;
+}
+
+/*
+  Create a secondary DCERPC connection, then bind (and possibly
+  authenticate) using the supplied credentials.
+
+  This creates a second connection, to the same host (and on ncacn_np on the same connection) as the first
+*/
+struct sec_auth_conn_state {
+	struct dcerpc_pipe *pipe2;
+	const struct dcerpc_binding *binding;
+	const struct ndr_interface_table *table;
+	struct cli_credentials *credentials;
+	struct composite_context *ctx;
+	struct loadparm_context *lp_ctx;
+};
+
+static void dcerpc_secondary_auth_connection_bind(struct composite_context *ctx);
+static void dcerpc_secondary_auth_connection_continue(struct composite_context *ctx);
+
+_PUBLIC_ struct composite_context* dcerpc_secondary_auth_connection_send(struct dcerpc_pipe *p,
+								const struct dcerpc_binding *binding,
+								const struct ndr_interface_table *table,
+								struct cli_credentials *credentials,
+								struct loadparm_context *lp_ctx)
+{
+
+	struct composite_context *c, *secondary_conn_ctx;
+	struct sec_auth_conn_state *s;
+	
+	/* composite context allocation and setup */
+	c = composite_create(p, p->conn->event_ctx);
+	if (c == NULL) return NULL;
+
+	s = talloc_zero(c, struct sec_auth_conn_state);
+	if (composite_nomem(s, c)) return c;
+	c->private_data = s;
+	s->ctx = c;
+
+	s->binding  = binding;
+	s->table    = table;
+	s->credentials = credentials;
+	s->lp_ctx = lp_ctx;
+	
+	secondary_conn_ctx = dcerpc_secondary_connection_send(p, binding);
+	
+	if (composite_nomem(secondary_conn_ctx, s->ctx)) {
+		talloc_free(c);
+		return NULL;
+	}
+
+	composite_continue(s->ctx, secondary_conn_ctx, dcerpc_secondary_auth_connection_bind,
+			   s);
+	return c;
+}
+
+/*
+  Stage 2 of secondary_auth_connection: 
+  Having made the secondary connection, we will need to do an (authenticated) bind
+*/
+static void dcerpc_secondary_auth_connection_bind(struct composite_context *ctx)
+{
+	struct composite_context *secondary_auth_ctx;
+	struct sec_auth_conn_state *s = talloc_get_type(ctx->async.private_data,
+							struct sec_auth_conn_state);
+	
+	s->ctx->status = dcerpc_secondary_connection_recv(ctx, &s->pipe2);
+	if (!composite_is_ok(s->ctx)) return;
+	
+	secondary_auth_ctx = dcerpc_pipe_auth_send(s->pipe2, s->binding, s->table, s->credentials,
+						   s->lp_ctx);
+	composite_continue(s->ctx, secondary_auth_ctx, dcerpc_secondary_auth_connection_continue, s);
+	
+}
+
+/*
+  Stage 3 of secondary_auth_connection: Receive result of authenticated bind request
+*/
+static void dcerpc_secondary_auth_connection_continue(struct composite_context *ctx)
+{
+	struct sec_auth_conn_state *s = talloc_get_type(ctx->async.private_data,
+							struct sec_auth_conn_state);
+
+	s->ctx->status = dcerpc_pipe_auth_recv(ctx, s, &s->pipe2);
+	if (!composite_is_ok(s->ctx)) return;
+	
+	composite_done(s->ctx);
+}
+
+/*
+  Receive an authenticated pipe, created as a secondary connection
+*/
+_PUBLIC_ NTSTATUS dcerpc_secondary_auth_connection_recv(struct composite_context *c, 
+					       TALLOC_CTX *mem_ctx,
+					       struct dcerpc_pipe **p)
+{
+	NTSTATUS status = composite_wait(c);
+	struct sec_auth_conn_state *s;
+
+	s = talloc_get_type(c->private_data, struct sec_auth_conn_state);
+
+	if (NT_STATUS_IS_OK(status)) {
+		*p = talloc_steal(mem_ctx, s->pipe2);
+	}
+
+	talloc_free(c);
+	return status;
+}
+
+_PUBLIC_ NTSTATUS dcerpc_secondary_auth_connection(struct dcerpc_pipe *p,
+					const struct dcerpc_binding *binding,
+					const struct ndr_interface_table *table,
+					struct cli_credentials *credentials,
+					struct loadparm_context *lp_ctx,
+					TALLOC_CTX *mem_ctx,
+					struct dcerpc_pipe **p2)
+{
+	struct composite_context *c;
+
+	c = dcerpc_secondary_auth_connection_send(p, binding, table,
+						  credentials, lp_ctx);
+	return dcerpc_secondary_auth_connection_recv(c, mem_ctx, p2);
+}
diff --git a/source4/librpc/rpc/dcerpc_smb.c b/source4/librpc/rpc/dcerpc_smb.c
new file mode 100644
index 0000000..259de71
--- /dev/null
+++ b/source4/librpc/rpc/dcerpc_smb.c
@@ -0,0 +1,310 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   dcerpc over SMB transport
+
+   Copyright (C) Tim Potter 2003
+   Copyright (C) Andrew Tridgell 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include <tevent.h>
+#include "lib/tsocket/tsocket.h"
+#include "libcli/smb/smb_constants.h"
+#include "libcli/smb/smbXcli_base.h"
+#include "libcli/smb/tstream_smbXcli_np.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/smb2/smb2.h"
+#include "librpc/rpc/dcerpc.h"
+#include "librpc/rpc/dcerpc_proto.h"
+#include "libcli/composite/composite.h"
+
+#undef strncasecmp
+
+/* transport private information used by SMB pipe transport */
+struct smb_private {
+	DATA_BLOB session_key;
+
+	/*
+	 * these are needed to open a secondary connection
+	 */
+	struct smbXcli_conn *conn;
+	struct smbXcli_session *session;
+	struct smbXcli_tcon *tcon;
+	uint32_t timeout_msec;
+};
+
+/*
+  fetch the user session key 
+*/
+static NTSTATUS smb_session_key(struct dcecli_connection *c, DATA_BLOB *session_key)
+{
+	struct smb_private *smb = talloc_get_type_abort(
+		c->transport.private_data, struct smb_private);
+
+	if (smb == NULL) return NT_STATUS_CONNECTION_DISCONNECTED;
+
+	if (smb->session_key.length == 0) {
+		return NT_STATUS_NO_USER_SESSION_KEY;
+	}
+
+	*session_key = smb->session_key;
+	return NT_STATUS_OK;
+}
+
+struct dcerpc_pipe_open_smb_state {
+	struct dcecli_connection *c;
+	struct composite_context *ctx;
+
+	const char *fname;
+
+	struct smb_private *smb;
+};
+
+static void dcerpc_pipe_open_smb_done(struct tevent_req *subreq);
+
+struct composite_context *dcerpc_pipe_open_smb_send(struct dcecli_connection *c,
+						struct smbXcli_conn *conn,
+						struct smbXcli_session *session,
+						struct smbXcli_tcon *tcon,
+						uint32_t timeout_msec,
+						const char *pipe_name)
+{
+	struct composite_context *ctx;
+	struct dcerpc_pipe_open_smb_state *state;
+	uint16_t pid = 0;
+	struct tevent_req *subreq;
+
+	ctx = composite_create(c, c->event_ctx);
+	if (ctx == NULL) return NULL;
+
+	state = talloc(ctx, struct dcerpc_pipe_open_smb_state);
+	if (composite_nomem(state, ctx)) return ctx;
+	ctx->private_data = state;
+
+	state->c = c;
+	state->ctx = ctx;
+
+	if ((strncasecmp(pipe_name, "/pipe/", 6) == 0) || 
+	    (strncasecmp(pipe_name, "\\pipe\\", 6) == 0)) {
+		pipe_name += 6;
+	}
+	if ((strncasecmp(pipe_name, "/", 1) == 0) ||
+	    (strncasecmp(pipe_name, "\\", 1) == 0)) {
+		pipe_name += 1;
+	}
+	state->fname = talloc_strdup(state, pipe_name);
+	if (composite_nomem(state->fname, ctx)) return ctx;
+
+	state->smb = talloc_zero(state, struct smb_private);
+	if (composite_nomem(state->smb, ctx)) return ctx;
+
+	state->smb->conn = conn;
+	state->smb->session = session;
+	state->smb->tcon = tcon;
+	state->smb->timeout_msec = timeout_msec;
+
+	state->c->server_name = strupper_talloc(state->c,
+		smbXcli_conn_remote_name(conn));
+	if (composite_nomem(state->c->server_name, ctx)) return ctx;
+
+	ctx->status = smbXcli_session_application_key(session,
+						      state->smb,
+						      &state->smb->session_key);
+	if (NT_STATUS_EQUAL(ctx->status, NT_STATUS_NO_USER_SESSION_KEY)) {
+		state->smb->session_key = data_blob_null;
+		ctx->status = NT_STATUS_OK;
+	}
+	if (!composite_is_ok(ctx)) return ctx;
+
+	subreq = tstream_smbXcli_np_open_send(state, c->event_ctx,
+					      conn, session, tcon, pid,
+					      timeout_msec, state->fname);
+	if (composite_nomem(subreq, ctx)) return ctx;
+	tevent_req_set_callback(subreq, dcerpc_pipe_open_smb_done, state);
+
+	return ctx;
+}
+
+static void dcerpc_pipe_open_smb_done(struct tevent_req *subreq)
+{
+	struct dcerpc_pipe_open_smb_state *state =
+		tevent_req_callback_data(subreq,
+		struct dcerpc_pipe_open_smb_state);
+	struct composite_context *ctx = state->ctx;
+	struct dcecli_connection *c = state->c;
+	uint16_t enc_cipher;
+
+	ctx->status = tstream_smbXcli_np_open_recv(subreq,
+						   state->smb,
+						   &state->c->transport.stream);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(ctx)) return;
+
+	state->c->transport.write_queue =
+		tevent_queue_create(state->c, "dcerpc_smb write queue");
+	if (composite_nomem(state->c->transport.write_queue, ctx)) return;
+
+	/*
+	  fill in the transport methods
+	*/
+	c->transport.transport       = NCACN_NP;
+	c->transport.private_data    = NULL;
+
+	/*
+	 * Windows uses 4280 for ncacn_np,
+	 * so we also use it, this is what our
+	 * tstream_smbXcli_np code relies on.
+	 */
+	c->srv_max_xmit_frag = 4280;
+	c->srv_max_recv_frag = 4280;
+
+	/* Over-ride the default session key with the SMB session key */
+	c->security_state.session_key = smb_session_key;
+
+	enc_cipher = smb2cli_session_get_encryption_cipher(state->smb->session);
+	switch (enc_cipher) {
+	case SMB2_ENCRYPTION_AES128_CCM:
+	case SMB2_ENCRYPTION_AES128_GCM:
+		c->transport.encrypted = true;
+		break;
+	default:
+		c->transport.encrypted = false;
+	}
+
+	c->transport.private_data = talloc_move(c, &state->smb);
+
+	composite_done(ctx);
+}
+
+NTSTATUS dcerpc_pipe_open_smb_recv(struct composite_context *c)
+{
+	NTSTATUS status = composite_wait(c);
+	talloc_free(c);
+	return status;
+}
+
+_PUBLIC_ NTSTATUS dcerpc_pipe_open_smb(struct dcerpc_pipe *p,
+			      struct smbcli_tree *t,
+			      const char *pipe_name)
+{
+	struct smbXcli_conn *conn;
+	struct smbXcli_session *session;
+	struct smbXcli_tcon *tcon;
+	struct composite_context *ctx;
+
+	conn = t->session->transport->conn;
+	session = t->session->smbXcli;
+	tcon = t->smbXcli;
+	smb1cli_tcon_set_id(tcon, t->tid);
+
+	/* if we don't have a binding on this pipe yet, then create one */
+	if (p->binding == NULL) {
+		struct dcerpc_binding *b;
+		NTSTATUS status;
+		const char *r = smbXcli_conn_remote_name(conn);
+		char *str;
+		SMB_ASSERT(r != NULL);
+		str = talloc_asprintf(p, "ncacn_np:%s", r);
+		if (str == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		status = dcerpc_parse_binding(p, str, &b);
+		talloc_free(str);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+		p->binding = b;
+	}
+
+	ctx = dcerpc_pipe_open_smb_send(p->conn,
+					conn, session, tcon,
+					DCERPC_REQUEST_TIMEOUT * 1000,
+					pipe_name);
+	if (ctx == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	return dcerpc_pipe_open_smb_recv(ctx);
+}
+
+_PUBLIC_ NTSTATUS dcerpc_pipe_open_smb2(struct dcerpc_pipe *p,
+			      struct smb2_tree *t,
+			      const char *pipe_name)
+{
+	struct smbXcli_conn *conn;
+	struct smbXcli_session *session;
+	struct smbXcli_tcon *tcon;
+	struct composite_context *ctx;
+
+	conn = t->session->transport->conn;
+	session = t->session->smbXcli;
+	tcon = t->smbXcli;
+
+	/* if we don't have a binding on this pipe yet, then create one */
+	if (p->binding == NULL) {
+		struct dcerpc_binding *b;
+		NTSTATUS status;
+		const char *r = smbXcli_conn_remote_name(conn);
+		char *str;
+		SMB_ASSERT(r != NULL);
+		str = talloc_asprintf(p, "ncacn_np:%s", r);
+		if (str == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		status = dcerpc_parse_binding(p, str, &b);
+		talloc_free(str);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+		p->binding = b;
+	}
+
+	ctx = dcerpc_pipe_open_smb_send(p->conn,
+					conn, session, tcon,
+					DCERPC_REQUEST_TIMEOUT * 1000,
+					pipe_name);
+	if (ctx == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	return dcerpc_pipe_open_smb_recv(ctx);
+}
+
+struct composite_context *dcerpc_secondary_smb_send(struct dcecli_connection *c1,
+						    struct dcecli_connection *c2,
+						    const char *pipe_name)
+{
+	struct smb_private *smb;
+
+	if (c1->transport.transport != NCACN_NP) return NULL;
+
+	smb = talloc_get_type(c1->transport.private_data, struct smb_private);
+	if (!smb) return NULL;
+
+	return dcerpc_pipe_open_smb_send(c2,
+					 smb->conn,
+					 smb->session,
+					 smb->tcon,
+					 smb->timeout_msec,
+					 pipe_name);
+}
+
+NTSTATUS dcerpc_secondary_smb_recv(struct composite_context *c)
+{
+	return dcerpc_pipe_open_smb_recv(c);
+}
diff --git a/source4/librpc/rpc/dcerpc_sock.c b/source4/librpc/rpc/dcerpc_sock.c
new file mode 100644
index 0000000..ec5a5ca
--- /dev/null
+++ b/source4/librpc/rpc/dcerpc_sock.c
@@ -0,0 +1,499 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   dcerpc over standard sockets transport
+
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) Jelmer Vernooij 2004
+   Copyright (C) Rafal Szczesniak 2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "lib/events/events.h"
+#include "lib/socket/socket.h"
+#include "lib/tsocket/tsocket.h"
+#include "libcli/composite/composite.h"
+#include "librpc/rpc/dcerpc.h"
+#include "librpc/rpc/dcerpc_proto.h"
+#include "libcli/resolve/resolve.h"
+#include "librpc/rpc/rpc_common.h"
+
+struct pipe_open_socket_state {
+	struct dcecli_connection *conn;
+	struct socket_context *socket_ctx;
+	struct socket_address *localaddr;
+	struct socket_address *server;
+	const char *target_hostname;
+	enum dcerpc_transport_t transport;
+	struct socket_address *client;
+};
+
+
+static void continue_socket_connect(struct composite_context *ctx)
+{
+	struct dcecli_connection *conn;
+	struct composite_context *c = talloc_get_type_abort(
+		ctx->async.private_data, struct composite_context);
+	struct pipe_open_socket_state *s = talloc_get_type_abort(
+		c->private_data, struct pipe_open_socket_state);
+	int rc;
+	int sock_fd;
+
+	/* make it easier to write a function calls */
+	conn = s->conn;
+
+	c->status = socket_connect_recv(ctx);
+	if (!NT_STATUS_IS_OK(c->status)) {
+		DBG_NOTICE("Failed to connect host %s on port %d - %s\n",
+			  s->server->addr, s->server->port,
+			  nt_errstr(c->status));
+		composite_error(c, c->status);
+		return;
+	}
+
+	s->client = socket_get_my_addr(s->socket_ctx, s);
+	if (s->client == NULL) {
+		TALLOC_FREE(s->socket_ctx);
+		composite_error(c, NT_STATUS_NO_MEMORY);
+		return;
+	}
+	sock_fd = socket_get_fd(s->socket_ctx);
+	if (sock_fd == -1) {
+		TALLOC_FREE(s->socket_ctx);
+		composite_error(c, NT_STATUS_INVALID_HANDLE);
+		return;
+	}
+	socket_set_flags(s->socket_ctx, SOCKET_FLAG_NOCLOSE);
+	TALLOC_FREE(s->socket_ctx);
+
+	/*
+	  fill in the transport methods
+	*/
+	conn->transport.transport       = s->transport;
+	conn->transport.private_data    = NULL;
+
+	/*
+	 * Windows uses 5840 for ncacn_ip_tcp,
+	 * so we also use it (for every transport which uses bsd sockets)
+	 */
+	conn->srv_max_xmit_frag = 5840;
+	conn->srv_max_recv_frag = 5840;
+
+	conn->transport.pending_reads = 0;
+	conn->server_name   = strupper_talloc(conn, s->target_hostname);
+
+	rc = tstream_bsd_existing_socket(conn, sock_fd,
+					 &conn->transport.stream);
+	if (rc < 0) {
+		close(sock_fd);
+		composite_error(c, NT_STATUS_NO_MEMORY);
+		return;
+	}
+
+	conn->transport.write_queue =
+		tevent_queue_create(conn, "dcerpc sock write queue");
+	if (conn->transport.write_queue == NULL) {
+		TALLOC_FREE(conn->transport.stream);
+		composite_error(c, NT_STATUS_NO_MEMORY);
+		return;
+	}
+
+	/* ensure we don't get SIGPIPE */
+	BlockSignals(true, SIGPIPE);
+
+	composite_done(c);
+}
+
+
+static struct composite_context *dcerpc_pipe_open_socket_send(TALLOC_CTX *mem_ctx,
+						       struct dcecli_connection *cn,
+						       struct socket_address *localaddr,
+						       struct socket_address *server,
+						       const char *target_hostname,
+						       const char *full_path,
+						       enum dcerpc_transport_t transport)
+{
+	struct composite_context *c;
+	struct pipe_open_socket_state *s;
+	struct composite_context *conn_req;
+
+	c = composite_create(mem_ctx, cn->event_ctx);
+	if (c == NULL) return NULL;
+
+	s = talloc_zero(c, struct pipe_open_socket_state);
+	if (composite_nomem(s, c)) return c;
+	c->private_data = s;
+
+	s->conn      = cn;
+	s->transport = transport;
+	if (localaddr) {
+		s->localaddr = socket_address_copy(s, localaddr);
+		if (composite_nomem(s->localaddr, c)) return c;
+	}
+	s->server = socket_address_copy(s, server);
+	if (composite_nomem(s->server, c)) return c;
+	if (target_hostname) {
+		s->target_hostname = talloc_strdup(s, target_hostname);
+		if (composite_nomem(s->target_hostname, c)) return c;
+	}
+
+	c->status = socket_create(s, server->family, SOCKET_TYPE_STREAM,
+				  &s->socket_ctx, 0);
+	if (!composite_is_ok(c)) return c;
+
+	conn_req = socket_connect_send(s->socket_ctx, s->localaddr, s->server, 0,
+				       c->event_ctx);
+	composite_continue(c, conn_req, continue_socket_connect, c);
+	return c;
+}
+
+static NTSTATUS dcerpc_pipe_open_socket_recv(struct composite_context *c,
+					     TALLOC_CTX *mem_ctx,
+					     struct socket_address **localaddr)
+{
+	NTSTATUS status = composite_wait(c);
+
+	if (NT_STATUS_IS_OK(status)) {
+		struct pipe_open_socket_state *s =
+			talloc_get_type_abort(c->private_data,
+			struct pipe_open_socket_state);
+
+		if (localaddr != NULL) {
+			*localaddr = talloc_move(mem_ctx, &s->client);
+		}
+	}
+
+	talloc_free(c);
+	return status;
+}
+
+struct pipe_tcp_state {
+	const char *server;
+	const char *target_hostname;
+	const char **addresses;
+	uint32_t index;
+	uint32_t port;
+	struct socket_address *localaddr;
+	struct socket_address *srvaddr;
+	struct resolve_context *resolve_ctx;
+	struct dcecli_connection *conn;
+	struct nbt_name name;
+	char *local_address;
+	char *remote_address;
+};
+
+
+static void continue_ip_open_socket(struct composite_context *ctx);
+static void continue_ip_resolve_name(struct composite_context *ctx);
+
+static void continue_ip_resolve_name(struct composite_context *ctx)
+{
+	struct composite_context *c = talloc_get_type_abort(
+		ctx->async.private_data, struct composite_context);
+	struct pipe_tcp_state *s = talloc_get_type_abort(
+		c->private_data, struct pipe_tcp_state);
+	struct composite_context *sock_ip_req;
+
+	c->status = resolve_name_multiple_recv(ctx, s, &s->addresses);
+	if (!composite_is_ok(c)) return;
+
+	/* prepare server address using host ip:port and transport name */
+	s->srvaddr = socket_address_from_strings(s->conn, "ip", s->addresses[s->index], s->port);
+	s->index++;
+	if (composite_nomem(s->srvaddr, c)) return;
+
+	sock_ip_req = dcerpc_pipe_open_socket_send(c, s->conn, s->localaddr,
+						     s->srvaddr, s->target_hostname,
+						     NULL,
+						     NCACN_IP_TCP);
+	composite_continue(c, sock_ip_req, continue_ip_open_socket, c);
+}
+
+
+/*
+  Stage 2 of dcerpc_pipe_open_tcp_send: receive result of pipe open request
+  on IP transport.
+*/
+static void continue_ip_open_socket(struct composite_context *ctx)
+{
+	struct composite_context *c = talloc_get_type_abort(
+		ctx->async.private_data, struct composite_context);
+	struct pipe_tcp_state *s = talloc_get_type_abort(
+		c->private_data, struct pipe_tcp_state);
+	struct socket_address *localaddr = NULL;
+
+	/* receive result socket open request */
+	c->status = dcerpc_pipe_open_socket_recv(ctx, s, &localaddr);
+	if (!NT_STATUS_IS_OK(c->status)) {
+		/* something went wrong... */
+		DBG_NOTICE("Failed to connect host %s (%s) on port %d - %s.\n",
+			  s->addresses[s->index - 1], s->target_hostname,
+			  s->port, nt_errstr(c->status));
+		if (s->addresses[s->index]) {
+			struct composite_context *sock_ip_req;
+			talloc_free(s->srvaddr);
+			/* prepare server address using host ip:port and transport name */
+			s->srvaddr = socket_address_from_strings(s->conn, "ip", s->addresses[s->index], s->port);
+			s->index++;
+			if (composite_nomem(s->srvaddr, c)) return;
+
+			sock_ip_req = dcerpc_pipe_open_socket_send(c, s->conn, s->localaddr,
+								s->srvaddr, s->target_hostname,
+								NULL,
+								NCACN_IP_TCP);
+			composite_continue(c, sock_ip_req, continue_ip_open_socket, c);
+
+			return;
+		} else {
+			composite_error(c, c->status);
+			return;
+		}
+	}
+
+	s->local_address = talloc_strdup(s, localaddr->addr);
+	if (composite_nomem(s->local_address, c)) return;
+	s->remote_address = talloc_strdup(s, s->addresses[s->index - 1]);
+	if (composite_nomem(s->remote_address, c)) return;
+
+	composite_done(c);
+}
+
+/*
+  Send rpc pipe open request to given host:port using
+  tcp/ip transport
+*/
+struct composite_context* dcerpc_pipe_open_tcp_send(struct dcecli_connection *conn,
+						    const char *localaddr,
+						    const char *server,
+						    const char *target_hostname,
+						    uint32_t port,
+						    struct resolve_context *resolve_ctx)
+{
+	struct composite_context *c;
+	struct pipe_tcp_state *s;
+	struct composite_context *resolve_req;
+
+	/* composite context allocation and setup */
+	c = composite_create(conn, conn->event_ctx);
+	if (c == NULL) return NULL;
+
+	s = talloc_zero(c, struct pipe_tcp_state);
+	if (composite_nomem(s, c)) return c;
+	c->private_data = s;
+
+	/* store input parameters in state structure */
+	s->server          = talloc_strdup(c, server);
+	if (composite_nomem(s->server, c)) return c;
+	if (target_hostname) {
+		s->target_hostname = talloc_strdup(c, target_hostname);
+		if (composite_nomem(s->target_hostname, c)) return c;
+	}
+	s->port            = port;
+	s->conn            = conn;
+	s->resolve_ctx     = resolve_ctx;
+	if (localaddr) {
+		s->localaddr = socket_address_from_strings(s, "ip", localaddr, 0);
+		/* if there is no localaddr, we pass NULL for
+		   s->localaddr, which is handled by the socket libraries as
+		   meaning no local binding address specified */
+	}
+
+	make_nbt_name_server(&s->name, s->server);
+	resolve_req = resolve_name_send(resolve_ctx, s, &s->name, c->event_ctx);
+	composite_continue(c, resolve_req, continue_ip_resolve_name, c);
+	return c;
+}
+
+/*
+  Receive result of pipe open request on tcp/ip
+*/
+NTSTATUS dcerpc_pipe_open_tcp_recv(struct composite_context *c,
+				   TALLOC_CTX *mem_ctx,
+				   char **localaddr,
+				   char **remoteaddr)
+{
+	NTSTATUS status;
+	status = composite_wait(c);
+
+	if (NT_STATUS_IS_OK(status)) {
+		struct pipe_tcp_state *s = talloc_get_type_abort(
+			c->private_data, struct pipe_tcp_state);
+
+		if (localaddr != NULL) {
+			*localaddr = talloc_move(mem_ctx, &s->local_address);
+		}
+		if (remoteaddr != NULL) {
+			*remoteaddr = talloc_move(mem_ctx, &s->remote_address);
+		}
+	}
+
+	talloc_free(c);
+	return status;
+}
+
+
+struct pipe_unix_state {
+	const char *path;
+	struct socket_address *srvaddr;
+	struct dcecli_connection *conn;
+};
+
+
+/*
+  Stage 2 of dcerpc_pipe_open_unix_stream_send: receive result of pipe open
+  request on unix socket.
+*/
+static void continue_unix_open_socket(struct composite_context *ctx)
+{
+	struct composite_context *c = talloc_get_type_abort(
+		ctx->async.private_data, struct composite_context);
+
+	c->status = dcerpc_pipe_open_socket_recv(ctx, NULL, NULL);
+	if (NT_STATUS_IS_OK(c->status)) {
+		composite_done(c);
+		return;
+	}
+
+	composite_error(c, c->status);
+}
+
+
+/*
+  Send pipe open request on unix socket
+*/
+struct composite_context *dcerpc_pipe_open_unix_stream_send(struct dcecli_connection *conn,
+							    const char *path)
+{
+	struct composite_context *c;
+	struct composite_context *sock_unix_req;
+	struct pipe_unix_state *s;
+
+	/* composite context allocation and setup */
+	c = composite_create(conn, conn->event_ctx);
+	if (c == NULL) return NULL;
+
+	s = talloc_zero(c, struct pipe_unix_state);
+	if (composite_nomem(s, c)) return c;
+	c->private_data = s;
+
+	/* store parameters in state structure */
+	s->path = talloc_strdup(c, path);
+	if (composite_nomem(s->path, c)) return c;
+	s->conn = conn;
+
+	/* prepare server address using socket path and transport name */
+	s->srvaddr = socket_address_from_strings(conn, "unix", s->path, 0);
+	if (composite_nomem(s->srvaddr, c)) return c;
+
+	/* send socket open request */
+	sock_unix_req = dcerpc_pipe_open_socket_send(c, s->conn, NULL,
+						     s->srvaddr, NULL,
+						     s->path,
+						     NCALRPC);
+	composite_continue(c, sock_unix_req, continue_unix_open_socket, c);
+	return c;
+}
+
+
+/*
+  Receive result of pipe open request on unix socket
+*/
+NTSTATUS dcerpc_pipe_open_unix_stream_recv(struct composite_context *c)
+{
+	NTSTATUS status = composite_wait(c);
+
+	talloc_free(c);
+	return status;
+}
+
+
+/*
+  Stage 2 of dcerpc_pipe_open_pipe_send: receive socket open request
+*/
+static void continue_np_open_socket(struct composite_context *ctx)
+{
+	struct composite_context *c = talloc_get_type_abort(
+		ctx->async.private_data, struct composite_context);
+
+	c->status = dcerpc_pipe_open_socket_recv(ctx, NULL, NULL);
+	if (!composite_is_ok(c)) return;
+
+	composite_done(c);
+}
+
+
+/*
+  Send pipe open request on ncalrpc
+*/
+struct composite_context* dcerpc_pipe_open_pipe_send(struct dcecli_connection *conn,
+						     const char *ncalrpc_dir,
+						     const char *identifier)
+{
+	char *canon = NULL;
+
+	struct composite_context *c;
+	struct composite_context *sock_np_req;
+	struct pipe_unix_state *s;
+
+	/* composite context allocation and setup */
+	c = composite_create(conn, conn->event_ctx);
+	if (c == NULL) return NULL;
+
+	s = talloc_zero(c, struct pipe_unix_state);
+	if (composite_nomem(s, c)) return c;
+	c->private_data = s;
+
+	/* store parameters in state structure */
+	canon = talloc_strdup(s, identifier);
+	if (composite_nomem(canon, c)) return c;
+	s->conn = conn;
+
+	string_replace(canon, '/', '\\');
+	s->path = talloc_asprintf(canon, "%s/%s", ncalrpc_dir, canon);
+	if (composite_nomem(s->path, c)) return c;
+
+	/* prepare server address using path and transport name */
+	s->srvaddr = socket_address_from_strings(conn, "unix", s->path, 0);
+	if (composite_nomem(s->srvaddr, c)) return c;
+
+	/* send socket open request */
+	sock_np_req = dcerpc_pipe_open_socket_send(c, s->conn, NULL, s->srvaddr, NULL, s->path, NCALRPC);
+	composite_continue(c, sock_np_req, continue_np_open_socket, c);
+	return c;
+}
+
+
+/*
+  Receive result of pipe open request on ncalrpc
+*/
+NTSTATUS dcerpc_pipe_open_pipe_recv(struct composite_context *c)
+{
+	NTSTATUS status = composite_wait(c);
+	
+	talloc_free(c);
+	return status;
+}
+
+
+/*
+  Open a rpc pipe on a named pipe - sync version
+*/
+NTSTATUS dcerpc_pipe_open_pipe(struct dcecli_connection *conn, const char *ncalrpc_dir, const char *identifier)
+{
+	struct composite_context *c = dcerpc_pipe_open_pipe_send(conn, ncalrpc_dir, identifier);
+	return dcerpc_pipe_open_pipe_recv(c);
+}
diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c
new file mode 100644
index 0000000..0ebc52a
--- /dev/null
+++ b/source4/librpc/rpc/dcerpc_util.c
@@ -0,0 +1,811 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   dcerpc utility functions
+
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) Jelmer Vernooij 2004
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
+   Copyright (C) Rafal Szczesniak 2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include "libcli/composite/composite.h"
+#include "librpc/gen_ndr/ndr_epmapper_c.h"
+#include "librpc/gen_ndr/ndr_dcerpc.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "librpc/rpc/dcerpc_proto.h"
+#include "auth/credentials/credentials.h"
+#include "auth/gensec/gensec.h"
+#include "param/param.h"
+#include "librpc/rpc/rpc_common.h"
+
+/*
+  find a dcerpc call on an interface by name
+*/
+const struct ndr_interface_call *dcerpc_iface_find_call(const struct ndr_interface_table *iface,
+							const char *name)
+{
+	uint32_t i;
+	for (i=0;i<iface->num_calls;i++) {
+		if (strcmp(iface->calls[i].name, name) == 0) {
+			return &iface->calls[i];
+		}
+	}
+	return NULL;
+}
+
+struct epm_map_binding_state {
+	struct dcerpc_binding *binding;
+	const struct ndr_interface_table *table;
+	struct dcerpc_pipe *pipe;
+	struct policy_handle handle;
+	struct GUID object;
+	struct epm_twr_t twr;
+	struct epm_twr_t *twr_r;
+	uint32_t num_towers;
+	struct epm_Map r;
+};
+
+
+static void continue_epm_recv_binding(struct composite_context *ctx);
+static void continue_epm_map(struct tevent_req *subreq);
+
+
+/*
+  Stage 2 of epm_map_binding: Receive connected rpc pipe and send endpoint
+  mapping rpc request
+*/
+static void continue_epm_recv_binding(struct composite_context *ctx)
+{
+	struct composite_context *c = talloc_get_type(ctx->async.private_data,
+						      struct composite_context);
+	struct epm_map_binding_state *s = talloc_get_type(c->private_data,
+							  struct epm_map_binding_state);
+	struct tevent_req *subreq;
+
+	/* receive result of rpc pipe connect request */
+	c->status = dcerpc_pipe_connect_b_recv(ctx, c, &s->pipe);
+	if (!composite_is_ok(c)) return;
+
+	c->status = dcerpc_binding_build_tower(s->pipe, s->binding, &s->twr.tower);
+	if (!composite_is_ok(c)) return;
+	
+	/* with some nice pretty paper around it of course */
+	s->r.in.object        = &s->object;
+	s->r.in.map_tower     = &s->twr;
+	s->r.in.entry_handle  = &s->handle;
+	s->r.in.max_towers    = 1;
+	s->r.out.entry_handle = &s->handle;
+	s->r.out.num_towers   = &s->num_towers;
+
+	/* send request for an endpoint mapping - a rpc request on connected pipe */
+	subreq = dcerpc_epm_Map_r_send(s, c->event_ctx,
+				       s->pipe->binding_handle,
+				       &s->r);
+	if (composite_nomem(subreq, c)) return;
+	
+	tevent_req_set_callback(subreq, continue_epm_map, c);
+}
+
+
+/*
+  Stage 3 of epm_map_binding: Receive endpoint mapping and provide binding details
+*/
+static void continue_epm_map(struct tevent_req *subreq)
+{
+	struct composite_context *c = tevent_req_callback_data(subreq,
+				      struct composite_context);
+	struct epm_map_binding_state *s = talloc_get_type(c->private_data,
+							  struct epm_map_binding_state);
+	const char *endpoint;
+
+	/* receive result of a rpc request */
+	c->status = dcerpc_epm_Map_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (!composite_is_ok(c)) return;
+
+	/* check the details */
+	if (s->r.out.result != 0 || *s->r.out.num_towers != 1) {
+		composite_error(c, NT_STATUS_PORT_UNREACHABLE);
+		return;
+	}
+	
+	s->twr_r = s->r.out.towers[0].twr;
+	if (s->twr_r == NULL) {
+		composite_error(c, NT_STATUS_PORT_UNREACHABLE);
+		return;
+	}
+
+	if (s->twr_r->tower.num_floors != s->twr.tower.num_floors ||
+	    s->twr_r->tower.floors[3].lhs.protocol != s->twr.tower.floors[3].lhs.protocol) {
+		composite_error(c, NT_STATUS_PORT_UNREACHABLE);
+		return;
+	}
+
+	/* get received endpoint */
+	endpoint = dcerpc_floor_get_rhs_data(s, &s->twr_r->tower.floors[3]);
+	if (composite_nomem(endpoint, c)) return;
+
+	c->status = dcerpc_binding_set_string_option(s->binding,
+						     "endpoint",
+						     endpoint);
+	if (!composite_is_ok(c)) {
+		return;
+	}
+
+	composite_done(c);
+}
+
+
+/*
+  Request for endpoint mapping of dcerpc binding - try to request for endpoint
+  unless there is default one.
+*/
+struct composite_context *dcerpc_epm_map_binding_send(TALLOC_CTX *mem_ctx,
+						      struct dcerpc_binding *binding,
+						      const struct ndr_interface_table *table,
+						      struct cli_credentials *creds,
+						      struct tevent_context *ev,
+						      struct loadparm_context *lp_ctx)
+{
+	struct composite_context *c;
+	struct epm_map_binding_state *s;
+	struct composite_context *pipe_connect_req;
+	NTSTATUS status;
+	struct dcerpc_binding *epmapper_binding;
+	uint32_t i;
+
+	if (ev == NULL) {
+		return NULL;
+	}
+
+	/* composite context allocation and setup */
+	c = composite_create(mem_ctx, ev);
+	if (c == NULL) {
+		return NULL;
+	}
+
+	s = talloc_zero(c, struct epm_map_binding_state);
+	if (composite_nomem(s, c)) return c;
+	c->private_data = s;
+
+	s->binding = binding;
+	s->object  = dcerpc_binding_get_object(binding);
+	s->table   = table;
+
+	c->status = dcerpc_binding_set_abstract_syntax(binding,
+						       &table->syntax_id);
+	if (!composite_is_ok(c)) {
+		return c;
+	}
+
+	/*
+	  First, check if there is a default endpoint specified in the IDL
+	*/
+	for (i = 0; i < table->endpoints->count; i++) {
+		struct dcerpc_binding *default_binding;
+		enum dcerpc_transport_t transport;
+		enum dcerpc_transport_t dtransport;
+		const char *dendpoint = NULL;
+
+		status = dcerpc_parse_binding(s,
+					      table->endpoints->names[i],
+					      &default_binding);
+		if (!NT_STATUS_IS_OK(status)) {
+			continue;
+		}
+
+		transport = dcerpc_binding_get_transport(binding);
+		dtransport = dcerpc_binding_get_transport(default_binding);
+		if (transport == NCA_UNKNOWN) {
+			c->status = dcerpc_binding_set_transport(binding,
+								 dtransport);
+			if (!composite_is_ok(c)) {
+				return c;
+			}
+			transport = dtransport;
+		}
+
+		if (transport != dtransport) {
+			TALLOC_FREE(default_binding);
+			continue;
+		}
+
+		dendpoint = dcerpc_binding_get_string_option(default_binding,
+							     "endpoint");
+		if (dendpoint == NULL) {
+			TALLOC_FREE(default_binding);
+			continue;
+		}
+
+		c->status = dcerpc_binding_set_string_option(binding,
+							     "endpoint",
+							     dendpoint);
+		if (!composite_is_ok(c)) {
+			return c;
+		}
+
+		TALLOC_FREE(default_binding);
+		composite_done(c);
+		return c;
+	}
+
+	epmapper_binding = dcerpc_binding_dup(s, binding);
+	if (composite_nomem(epmapper_binding, c)) return c;
+
+	/* basic endpoint mapping data */
+	c->status = dcerpc_binding_set_string_option(epmapper_binding,
+						     "endpoint", NULL);
+	if (!composite_is_ok(c)) {
+		return c;
+	}
+	c->status = dcerpc_binding_set_flags(epmapper_binding, 0, UINT32_MAX);
+	if (!composite_is_ok(c)) {
+		return c;
+	}
+	c->status = dcerpc_binding_set_assoc_group_id(epmapper_binding, 0);
+	if (!composite_is_ok(c)) {
+		return c;
+	}
+	c->status = dcerpc_binding_set_object(epmapper_binding, GUID_zero());
+	if (!composite_is_ok(c)) {
+		return c;
+	}
+
+	/* initiate rpc pipe connection */
+	pipe_connect_req = dcerpc_pipe_connect_b_send(s, epmapper_binding,
+						      &ndr_table_epmapper,
+						      creds, c->event_ctx,
+						      lp_ctx);
+	if (composite_nomem(pipe_connect_req, c)) return c;
+	
+	composite_continue(c, pipe_connect_req, continue_epm_recv_binding, c);
+	return c;
+}
+
+
+/*
+  Receive result of endpoint mapping request
+ */
+NTSTATUS dcerpc_epm_map_binding_recv(struct composite_context *c)
+{
+	NTSTATUS status = composite_wait(c);
+	
+	talloc_free(c);
+	return status;
+}
+
+
+/*
+  Get endpoint mapping for rpc connection
+*/
+_PUBLIC_ NTSTATUS dcerpc_epm_map_binding(TALLOC_CTX *mem_ctx, struct dcerpc_binding *binding,
+				const struct ndr_interface_table *table, struct tevent_context *ev,
+				struct loadparm_context *lp_ctx)
+{
+	struct composite_context *c;
+	struct cli_credentials *epm_creds;
+
+	epm_creds = cli_credentials_init_anon(mem_ctx);
+	if (epm_creds == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	c = dcerpc_epm_map_binding_send(mem_ctx, binding, table, epm_creds, ev, lp_ctx);
+	if (c == NULL) {
+		talloc_free(epm_creds);
+		return NT_STATUS_NO_MEMORY;
+	}
+	talloc_steal(c, epm_creds);
+	return dcerpc_epm_map_binding_recv(c);
+}
+
+
+struct pipe_auth_state {
+	struct dcerpc_pipe *pipe;
+	const struct dcerpc_binding *binding;
+	const struct ndr_interface_table *table;
+	struct loadparm_context *lp_ctx;
+	struct cli_credentials *credentials;
+	unsigned int logon_retries;
+};
+
+
+static void continue_auth_schannel(struct composite_context *ctx);
+static void continue_auth(struct composite_context *ctx);
+static void continue_auth_none(struct composite_context *ctx);
+static void continue_ntlmssp_connection(struct composite_context *ctx);
+static void continue_spnego_after_wrong_pass(struct composite_context *ctx);
+
+
+/*
+  Stage 2 of pipe_auth: Receive result of schannel bind request
+*/
+static void continue_auth_schannel(struct composite_context *ctx)
+{
+	struct composite_context *c = talloc_get_type(ctx->async.private_data,
+						      struct composite_context);
+
+	c->status = dcerpc_bind_auth_schannel_recv(ctx);
+	if (!composite_is_ok(c)) return;
+
+	composite_done(c);
+}
+
+
+/*
+  Stage 2 of pipe_auth: Receive result of authenticated bind request
+*/
+static void continue_auth(struct composite_context *ctx)
+{
+	struct composite_context *c = talloc_get_type(ctx->async.private_data,
+						      struct composite_context);
+
+	c->status = dcerpc_bind_auth_recv(ctx);
+	if (!composite_is_ok(c)) return;
+	
+	composite_done(c);
+}
+/*
+  Stage 2 of pipe_auth: Receive result of authenticated bind request, but handle fallbacks:
+  SPNEGO -> NTLMSSP
+*/
+static void continue_auth_auto(struct composite_context *ctx)
+{
+	struct composite_context *c = talloc_get_type(ctx->async.private_data,
+						      struct composite_context);
+	struct pipe_auth_state *s = talloc_get_type(c->private_data, struct pipe_auth_state);
+	struct composite_context *sec_conn_req;
+
+	c->status = dcerpc_bind_auth_recv(ctx);
+	if (NT_STATUS_EQUAL(c->status, NT_STATUS_INVALID_PARAMETER)) {
+		/*
+		 * Retry with NTLMSSP auth as fallback
+		 * send a request for secondary rpc connection
+		 */
+		sec_conn_req = dcerpc_secondary_connection_send(s->pipe,
+								s->binding);
+		composite_continue(c, sec_conn_req, continue_ntlmssp_connection, c);
+		return;
+	} else if (NT_STATUS_EQUAL(c->status, NT_STATUS_LOGON_FAILURE) ||
+		   NT_STATUS_EQUAL(c->status, NT_STATUS_UNSUCCESSFUL)) {
+		/*
+		  try a second time on any error. We don't just do it
+		  on LOGON_FAILURE as some servers will give a
+		  NT_STATUS_UNSUCCESSFUL on a authentication error on RPC
+		 */
+		const char *principal;
+		const char *endpoint;
+
+		principal = gensec_get_target_principal(s->pipe->conn->security_state.generic_state);
+		if (principal == NULL) {
+			const char *hostname = gensec_get_target_hostname(s->pipe->conn->security_state.generic_state);
+			const char *service  = gensec_get_target_service(s->pipe->conn->security_state.generic_state);
+			if (hostname != NULL && service != NULL) {
+				principal = talloc_asprintf(c, "%s/%s", service, hostname);
+			}
+		}
+
+		endpoint = dcerpc_binding_get_string_option(s->binding, "endpoint");
+
+		if ((cli_credentials_failed_kerberos_login(s->credentials, principal, &s->logon_retries) ||
+		     cli_credentials_wrong_password(s->credentials)) &&
+		    endpoint != NULL) {
+			/*
+			 * Retry SPNEGO with a better password
+			 * send a request for secondary rpc connection
+			 */
+			sec_conn_req = dcerpc_secondary_connection_send(s->pipe,
+									s->binding);
+			composite_continue(c, sec_conn_req, continue_spnego_after_wrong_pass, c);
+			return;
+		}
+	}
+
+	if (!composite_is_ok(c)) return;
+
+	composite_done(c);
+}
+
+/*
+  Stage 3 of pipe_auth (fallback to NTLMSSP case): Receive secondary
+  rpc connection (the first one can't be used any more, due to the
+  bind nak) and perform authenticated bind request
+*/
+static void continue_ntlmssp_connection(struct composite_context *ctx)
+{
+	struct composite_context *c;
+	struct pipe_auth_state *s;
+	struct composite_context *auth_req;
+	struct dcerpc_pipe *p2;
+	void *pp;
+
+	c = talloc_get_type(ctx->async.private_data, struct composite_context);
+	s = talloc_get_type(c->private_data, struct pipe_auth_state);
+
+	/* receive secondary rpc connection */
+	c->status = dcerpc_secondary_connection_recv(ctx, &p2);
+	if (!composite_is_ok(c)) return;
+
+
+	/* this is a rather strange situation. When
+	   we come into the routine, s is a child of s->pipe, and
+	   when we created p2 above, it also became a child of
+	   s->pipe.
+
+	   Now we want p2 to be a parent of s->pipe, and we want s to
+	   be a parent of both of them! If we don't do this very
+	   carefully we end up creating a talloc loop
+	*/
+
+	/* we need the new contexts to hang off the same context
+	   that s->pipe is on, but the only way to get that is
+	   via talloc_parent() */
+	pp = talloc_parent(s->pipe);
+
+	/* promote s to be at the top */
+	talloc_steal(pp, s);
+
+	/* and put p2 under s */
+	talloc_steal(s, p2);
+
+	/* now put s->pipe under p2 */
+	talloc_steal(p2, s->pipe);
+
+	s->pipe = p2;
+
+	/* initiate a authenticated bind */
+	auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table,
+					 s->credentials, 
+					 lpcfg_gensec_settings(c, s->lp_ctx),
+					 DCERPC_AUTH_TYPE_NTLMSSP,
+					 dcerpc_auth_level(s->pipe->conn),
+					 s->table->authservices->names[0]);
+	composite_continue(c, auth_req, continue_auth, c);
+}
+
+/*
+  Stage 3 of pipe_auth (retry on wrong password): Receive secondary
+  rpc connection (the first one can't be used any more, due to the
+  bind nak) and perform authenticated bind request
+*/
+static void continue_spnego_after_wrong_pass(struct composite_context *ctx)
+{
+	struct composite_context *c;
+	struct pipe_auth_state *s;
+	struct composite_context *auth_req;
+	struct dcerpc_pipe *p2;
+
+	c = talloc_get_type(ctx->async.private_data, struct composite_context);
+	s = talloc_get_type(c->private_data, struct pipe_auth_state);
+
+	/* receive secondary rpc connection */
+	c->status = dcerpc_secondary_connection_recv(ctx, &p2);
+	if (!composite_is_ok(c)) return;
+
+	talloc_steal(s, p2);
+	talloc_steal(p2, s->pipe);
+	s->pipe = p2;
+
+	/* initiate a authenticated bind */
+	auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table,
+					 s->credentials, 
+					 lpcfg_gensec_settings(c, s->lp_ctx),
+					 DCERPC_AUTH_TYPE_SPNEGO,
+					 dcerpc_auth_level(s->pipe->conn),
+					 s->table->authservices->names[0]);
+	composite_continue(c, auth_req, continue_auth, c);
+}
+
+
+/*
+  Stage 2 of pipe_auth: Receive result of non-authenticated bind request
+*/
+static void continue_auth_none(struct composite_context *ctx)
+{
+	struct composite_context *c = talloc_get_type(ctx->async.private_data,
+						      struct composite_context);
+
+	c->status = dcerpc_bind_auth_none_recv(ctx);
+	if (!composite_is_ok(c)) return;
+	
+	composite_done(c);
+}
+
+
+/*
+  Request to perform an authenticated bind if required. Authentication
+  is determined using credentials passed and binding flags.
+*/
+struct composite_context *dcerpc_pipe_auth_send(struct dcerpc_pipe *p, 
+						const struct dcerpc_binding *binding,
+						const struct ndr_interface_table *table,
+						struct cli_credentials *credentials,
+						struct loadparm_context *lp_ctx)
+{
+	struct composite_context *c;
+	struct pipe_auth_state *s;
+	struct composite_context *auth_schannel_req;
+	struct composite_context *auth_req;
+	struct composite_context *auth_none_req;
+	struct dcecli_connection *conn;
+	uint8_t auth_type;
+
+	/* composite context allocation and setup */
+	c = composite_create(p, p->conn->event_ctx);
+	if (c == NULL) return NULL;
+
+	s = talloc_zero(c, struct pipe_auth_state);
+	if (composite_nomem(s, c)) return c;
+	c->private_data = s;
+
+	/* store parameters in state structure */
+	s->binding      = binding;
+	s->table        = table;
+	s->credentials  = credentials;
+	s->pipe         = p;
+	s->lp_ctx       = lp_ctx;
+
+	conn = s->pipe->conn;
+	conn->flags = dcerpc_binding_get_flags(binding);
+
+	if (DEBUGLVL(100)) {
+		conn->flags |= DCERPC_DEBUG_PRINT_BOTH;
+	}
+
+	if (conn->transport.transport == NCALRPC) {
+		const char *v = dcerpc_binding_get_string_option(binding,
+							"auth_type");
+
+		if (v != NULL && strcmp(v, "ncalrpc_as_system") == 0) {
+			auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table,
+						 s->credentials,
+						 lpcfg_gensec_settings(c, s->lp_ctx),
+						 DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM,
+						 DCERPC_AUTH_LEVEL_CONNECT,
+						 s->table->authservices->names[0]);
+			composite_continue(c, auth_req, continue_auth, c);
+			return c;
+		}
+	}
+
+	if (cli_credentials_is_anonymous(s->credentials)) {
+		auth_none_req = dcerpc_bind_auth_none_send(c, s->pipe, s->table);
+		composite_continue(c, auth_none_req, continue_auth_none, c);
+		return c;
+	}
+
+	if ((conn->flags & DCERPC_SCHANNEL) &&
+	    !cli_credentials_get_netlogon_creds(s->credentials)) {
+		/* If we don't already have netlogon credentials for
+		 * the schannel bind, then we have to get these
+		 * first */
+		auth_schannel_req = dcerpc_bind_auth_schannel_send(c, s->pipe, s->table,
+								   s->credentials, s->lp_ctx,
+								   dcerpc_auth_level(conn));
+		composite_continue(c, auth_schannel_req, continue_auth_schannel, c);
+		return c;
+	}
+
+	/*
+	 * we rely on the already authenticated CIFS connection
+	 * if not doing sign or seal
+	 */
+	if (conn->transport.transport == NCACN_NP &&
+	    !(conn->flags & (DCERPC_PACKET|DCERPC_SIGN|DCERPC_SEAL))) {
+		auth_none_req = dcerpc_bind_auth_none_send(c, s->pipe, s->table);
+		composite_continue(c, auth_none_req, continue_auth_none, c);
+		return c;
+	}
+
+
+	/* Perform an authenticated DCE-RPC bind
+	 */
+	if (!(conn->flags & (DCERPC_CONNECT|DCERPC_SEAL|DCERPC_PACKET))) {
+		/*
+		  we are doing an authenticated connection,
+		  which needs to use [connect], [sign] or [seal].
+		  If nothing is specified, we default to [sign] now.
+		  This give roughly the same protection as
+		  ncacn_np with smb signing.
+		*/
+		conn->flags |= DCERPC_SIGN;
+	}
+
+	if (conn->flags & DCERPC_AUTH_SPNEGO) {
+		auth_type = DCERPC_AUTH_TYPE_SPNEGO;
+
+	} else if (conn->flags & DCERPC_AUTH_KRB5) {
+		auth_type = DCERPC_AUTH_TYPE_KRB5;
+
+	} else if (conn->flags & DCERPC_SCHANNEL) {
+		auth_type = DCERPC_AUTH_TYPE_SCHANNEL;
+
+	} else if (conn->flags & DCERPC_AUTH_NTLM) {
+		auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
+
+	} else {
+		/* try SPNEGO with fallback to NTLMSSP */
+		auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table,
+						 s->credentials, 
+						 lpcfg_gensec_settings(c, s->lp_ctx),
+						 DCERPC_AUTH_TYPE_SPNEGO,
+						 dcerpc_auth_level(conn),
+						 s->table->authservices->names[0]);
+		composite_continue(c, auth_req, continue_auth_auto, c);
+		return c;
+	}
+
+	auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table,
+					 s->credentials, 
+					 lpcfg_gensec_settings(c, s->lp_ctx),
+					 auth_type,
+					 dcerpc_auth_level(conn),
+					 s->table->authservices->names[0]);
+	composite_continue(c, auth_req, continue_auth, c);
+	return c;
+}
+
+
+/*
+  Receive result of authenticated bind request on dcerpc pipe
+
+  This returns *p, which may be different to the one originally
+  supplied, as it rebinds to a new pipe due to authentication fallback
+
+*/
+NTSTATUS dcerpc_pipe_auth_recv(struct composite_context *c, TALLOC_CTX *mem_ctx, 
+			       struct dcerpc_pipe **p)
+{
+	NTSTATUS status;
+
+	struct pipe_auth_state *s = talloc_get_type(c->private_data,
+						    struct pipe_auth_state);
+	status = composite_wait(c);
+	if (!NT_STATUS_IS_OK(status)) {
+		char *uuid_str = GUID_string(s->pipe, &s->table->syntax_id.uuid);
+		DEBUG(0, ("Failed to bind to uuid %s for %s %s\n", uuid_str,
+			  dcerpc_binding_string(uuid_str, s->binding), nt_errstr(status)));
+		talloc_free(uuid_str);
+	} else {
+		talloc_steal(mem_ctx, s->pipe);
+		*p = s->pipe;
+	}
+
+	talloc_free(c);
+	return status;
+}
+
+
+/* 
+   Perform an authenticated bind if needed - sync version
+
+   This may change *p, as it rebinds to a new pipe due to authentication fallback
+*/
+_PUBLIC_ NTSTATUS dcerpc_pipe_auth(TALLOC_CTX *mem_ctx,
+			  struct dcerpc_pipe **p, 
+			  const struct dcerpc_binding *binding,
+			  const struct ndr_interface_table *table,
+			  struct cli_credentials *credentials,
+			  struct loadparm_context *lp_ctx)
+{
+	struct composite_context *c;
+
+	c = dcerpc_pipe_auth_send(*p, binding, table, credentials, lp_ctx);
+	return dcerpc_pipe_auth_recv(c, mem_ctx, p);
+}
+
+
+NTSTATUS dcecli_generic_session_key(struct dcecli_connection *c,
+				    DATA_BLOB *session_key)
+{
+	if (c != NULL) {
+		if (c->transport.transport != NCALRPC &&
+		    c->transport.transport != NCACN_UNIX_STREAM)
+		{
+			return NT_STATUS_LOCAL_USER_SESSION_KEY;
+		}
+	}
+
+	return dcerpc_generic_session_key(session_key);
+}
+
+/*
+  fetch the user session key - may be default (above) or the SMB session key
+
+  The key is always truncated to 16 bytes 
+*/
+_PUBLIC_ NTSTATUS dcerpc_fetch_session_key(struct dcerpc_pipe *p,
+					   DATA_BLOB *session_key)
+{
+	NTSTATUS status;
+	status = p->conn->security_state.session_key(p->conn, session_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	session_key->length = MIN(session_key->length, 16);
+
+	return NT_STATUS_OK;
+}
+
+_PUBLIC_ bool dcerpc_transport_encrypted(struct dcerpc_pipe *p)
+{
+	if (p == NULL) {
+		return false;
+	}
+
+	if (p->conn == NULL) {
+		return false;
+	}
+
+	return p->conn->transport.encrypted;
+}
+
+/*
+  create a secondary context from a primary connection
+
+  this uses dcerpc_alter_context() to create a new dcerpc context_id
+*/
+_PUBLIC_ NTSTATUS dcerpc_secondary_context(struct dcerpc_pipe *p, 
+				  struct dcerpc_pipe **pp2,
+				  const struct ndr_interface_table *table)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p2;
+	struct GUID *object = NULL;
+	
+	p2 = talloc_zero(p, struct dcerpc_pipe);
+	if (p2 == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	p2->conn = talloc_reference(p2, p->conn);
+	p2->request_timeout = p->request_timeout;
+
+	p2->context_id = ++p->conn->next_context_id;
+
+	p2->syntax = table->syntax_id;
+
+	p2->transfer_syntax = p->transfer_syntax;
+
+	p2->binding = dcerpc_binding_dup(p2, p->binding);
+	if (p2->binding == NULL) {
+		talloc_free(p2);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	p2->object = dcerpc_binding_get_object(p2->binding);
+	if (!GUID_all_zero(&p2->object)) {
+		object = &p2->object;
+	}
+
+	p2->binding_handle = dcerpc_pipe_binding_handle(p2, object, table);
+	if (p2->binding_handle == NULL) {
+		talloc_free(p2);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	status = dcerpc_alter_context(p2, p2, &p2->syntax, &p2->transfer_syntax);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(p2);
+		return status;
+	}
+
+	*pp2 = p2;
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/librpc/rpc/pyrpc.c b/source4/librpc/rpc/pyrpc.c
new file mode 100644
index 0000000..3f1a867
--- /dev/null
+++ b/source4/librpc/rpc/pyrpc.c
@@ -0,0 +1,651 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "lib/replace/system/python.h"
+#include "python/py3compat.h"
+#include "includes.h"
+#include "python/modules.h"
+#include <structmember.h>
+#include "librpc/rpc/pyrpc.h"
+#include "lib/events/events.h"
+#include "param/pyparam.h"
+#include "librpc/rpc/dcerpc.h"
+#include "librpc/rpc/pyrpc_util.h"
+#include "auth/credentials/pycredentials.h"
+#include "auth/gensec/gensec.h"
+
+void initbase(void);
+
+static PyTypeObject dcerpc_InterfaceType;
+
+static PyTypeObject *BaseObject_Type;
+
+static PyTypeObject *ndr_syntax_id_Type;
+
+static bool PyString_AsGUID(PyObject *object, struct GUID *uuid)
+{
+	NTSTATUS status;
+	status = GUID_from_string(PyUnicode_AsUTF8(object), uuid);
+	if (NT_STATUS_IS_ERR(status)) {
+		PyErr_SetNTSTATUS(status);
+		return false;
+	}
+	return true;
+}
+
+static bool ndr_syntax_from_py_object(PyObject *object, struct ndr_syntax_id *syntax_id)
+{
+	ZERO_STRUCTP(syntax_id);
+
+	if (PyUnicode_Check(object)) {
+		return PyString_AsGUID(object, &syntax_id->uuid);
+	}
+
+	if (PyTuple_Check(object)) {
+		PyObject *item = NULL;
+		if (PyTuple_Size(object) < 1 || PyTuple_Size(object) > 2) {
+			PyErr_SetString(PyExc_ValueError, "Syntax ID tuple has invalid size");
+			return false;
+		}
+
+		item = PyTuple_GetItem(object, 0);
+		if (!PyUnicode_Check(item)) {
+			PyErr_SetString(PyExc_ValueError, "Expected GUID as first element in tuple");
+			return false;
+		}
+
+		if (!PyString_AsGUID(item, &syntax_id->uuid)) {
+			return false;
+		}
+
+		item = PyTuple_GetItem(object, 1);
+		if (!PyLong_Check(item)) {
+			PyErr_SetString(PyExc_ValueError, "Expected version as second element in tuple");
+			return false;
+		}
+
+		syntax_id->if_version = PyLong_AsLong(item);
+		return true;
+	}
+
+	PyErr_SetString(PyExc_TypeError, "Expected UUID or syntax id tuple");
+	return false;
+}
+
+static PyObject *py_iface_server_name(PyObject *obj, void *closure)
+{
+	const char *server_name;
+	dcerpc_InterfaceObject *iface = (dcerpc_InterfaceObject *)obj;
+
+	server_name = dcerpc_server_name(iface->pipe);
+	if (server_name == NULL)
+		Py_RETURN_NONE;
+
+	return PyUnicode_FromString(server_name);
+}
+
+static PyObject *py_ndr_syntax_id(struct ndr_syntax_id *syntax_id)
+{
+	PyObject *ret;
+	struct GUID_txt_buf buf;
+
+	ret = Py_BuildValue(
+		"(s,i)",
+		GUID_buf_string(&syntax_id->uuid, &buf),
+		syntax_id->if_version);
+
+	return ret;
+}
+
+static PyObject *py_iface_abstract_syntax(PyObject *obj, void *closure)
+{
+	dcerpc_InterfaceObject *iface = (dcerpc_InterfaceObject *)obj;
+
+	return py_ndr_syntax_id(&iface->pipe->syntax);
+}
+
+static PyObject *py_iface_transfer_syntax(PyObject *obj, void *closure)
+{
+	dcerpc_InterfaceObject *iface = (dcerpc_InterfaceObject *)obj;
+
+	return py_ndr_syntax_id(&iface->pipe->transfer_syntax);
+}
+
+static PyObject *py_iface_session_key(PyObject *obj, void *closure)
+{
+	dcerpc_InterfaceObject *iface = (dcerpc_InterfaceObject *)obj;
+	DATA_BLOB session_key;
+
+	NTSTATUS status = dcerpc_fetch_session_key(iface->pipe, &session_key);
+	PyErr_NTSTATUS_IS_ERR_RAISE(status);
+
+	return PyBytes_FromStringAndSize((const char *)session_key.data, session_key.length);
+}
+
+static PyObject *py_iface_user_session_key(PyObject *obj, void *closure)
+{
+	dcerpc_InterfaceObject *iface = (dcerpc_InterfaceObject *)obj;
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+	struct gensec_security *security = NULL;
+	DATA_BLOB session_key = data_blob_null;
+	static PyObject *session_key_obj = NULL;
+
+	if (iface->pipe == NULL) {
+		PyErr_SetNTSTATUS(NT_STATUS_NO_USER_SESSION_KEY);
+		return NULL;
+	}
+
+	if (iface->pipe->conn == NULL) {
+		PyErr_SetNTSTATUS(NT_STATUS_NO_USER_SESSION_KEY);
+		return NULL;
+	}
+
+	if (iface->pipe->conn->security_state.generic_state == NULL) {
+		PyErr_SetNTSTATUS(NT_STATUS_NO_USER_SESSION_KEY);
+		return NULL;
+	}
+
+	security = iface->pipe->conn->security_state.generic_state;
+
+	mem_ctx = talloc_new(NULL);
+
+	status = gensec_session_key(security, mem_ctx, &session_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(mem_ctx);
+		PyErr_SetNTSTATUS(status);
+		return NULL;
+	}
+
+	session_key_obj = PyBytes_FromStringAndSize((const char *)session_key.data,
+						     session_key.length);
+	talloc_free(mem_ctx);
+	return session_key_obj;
+}
+
+static PyObject *py_iface_get_timeout(PyObject *obj, void *closure)
+{
+	dcerpc_InterfaceObject *iface = (dcerpc_InterfaceObject *)obj;
+	uint32_t timeout;
+
+	timeout = dcerpc_binding_handle_set_timeout(iface->binding_handle, 0);
+	dcerpc_binding_handle_set_timeout(iface->binding_handle, timeout);
+
+	return PyLong_FromUnsignedLong(timeout);
+}
+
+static int py_iface_set_timeout(PyObject *obj, PyObject *value, void *closure)
+{
+	dcerpc_InterfaceObject *iface = (dcerpc_InterfaceObject *)obj;
+	uint32_t timeout;
+
+	timeout = PyLong_AsUnsignedLong(value);
+	if (PyErr_Occurred() != NULL) {
+		return -1;
+	}
+
+	dcerpc_binding_handle_set_timeout(iface->binding_handle, timeout);
+	return 0;
+}
+
+static PyGetSetDef dcerpc_interface_getsetters[] = {
+	{
+		.name = discard_const_p(char, "server_name"),
+		.get  = py_iface_server_name,
+		.doc  = discard_const_p(char, "name of the server, if connected over SMB"),
+	},
+	{
+		.name = discard_const_p(char, "abstract_syntax"),
+		.get  = py_iface_abstract_syntax,
+		.doc  = discard_const_p(char, "syntax id of the abstract syntax"),
+	},
+	{
+		.name = discard_const_p(char, "transfer_syntax"),
+		.get  = py_iface_transfer_syntax,
+		.doc  = discard_const_p(char, "syntax id of the transfer syntax"),
+	},
+	{
+		.name = discard_const_p(char, "session_key"),
+		.get  = py_iface_session_key,
+		.doc  = discard_const_p(char, "session key (as used for blob encryption on LSA and SAMR)"),
+	},
+	{
+		.name = discard_const_p(char, "user_session_key"),
+		.get  = py_iface_user_session_key,
+		.doc  = discard_const_p(char, "user_session key (as used for blob encryption on DRSUAPI)"),
+	},
+	{
+		.name = discard_const_p(char, "request_timeout"),
+		.get  = py_iface_get_timeout,
+		.set  = py_iface_set_timeout,
+		.doc  = discard_const_p(char, "request timeout,	in seconds"),
+	},
+	{ .name = NULL }
+};
+
+static PyObject *py_iface_request(PyObject *self, PyObject *args, PyObject *kwargs)
+{
+	dcerpc_InterfaceObject *iface = (dcerpc_InterfaceObject *)self;
+	int opnum;
+	DATA_BLOB data_in, data_out;
+	NTSTATUS status;
+	char *in_data;
+	Py_ssize_t in_length;
+	PyObject *ret;
+	PyObject *object = NULL;
+	struct GUID object_guid;
+	TALLOC_CTX *mem_ctx = talloc_new(NULL);
+	uint32_t out_flags = 0;
+	const char *kwnames[] = { "opnum", "data", "object", NULL };
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "is#|O:request", 
+		discard_const_p(char *, kwnames), &opnum, &in_data, &in_length, &object)) {
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	data_in.data = (uint8_t *)talloc_memdup(mem_ctx, in_data, in_length);
+	data_in.length = in_length;
+
+	ZERO_STRUCT(data_out);
+
+	if (object != NULL && !PyString_AsGUID(object, &object_guid)) {
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	status = dcerpc_binding_handle_raw_call(iface->binding_handle,
+						object?&object_guid:NULL,
+						opnum,
+						0, /* in_flags */
+						data_in.data,
+						data_in.length,
+						mem_ctx,
+						&data_out.data,
+						&data_out.length,
+						&out_flags);
+	if (!NT_STATUS_IS_OK(status)) {
+		PyErr_SetDCERPCStatus(iface->pipe, status);
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	ret = PyBytes_FromStringAndSize((char *)data_out.data, data_out.length);
+
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static PyObject *py_iface_transport_encrypted(PyObject *self)
+{
+	dcerpc_InterfaceObject *iface = (dcerpc_InterfaceObject *)self;
+
+	if (dcerpc_transport_encrypted(iface->pipe)) {
+		Py_RETURN_TRUE;
+	}
+
+	Py_RETURN_FALSE;
+}
+
+static PyMethodDef dcerpc_interface_methods[] = {
+	{ "request", PY_DISCARD_FUNC_SIG(PyCFunction, py_iface_request),
+		METH_VARARGS|METH_KEYWORDS,
+		"S.request(opnum, data, object=None) -> data\n"
+		"Make a raw request" },
+	{ "transport_encrypted", PY_DISCARD_FUNC_SIG(PyCFunction, py_iface_transport_encrypted),
+		METH_NOARGS,
+		"Check if the DCE transport is encrypted" },
+	{ NULL, NULL, 0, NULL },
+};
+
+static void dcerpc_interface_dealloc(PyObject* self)
+{
+	dcerpc_InterfaceObject *interface = (dcerpc_InterfaceObject *)self;
+
+	struct tevent_context *ev_save = talloc_reparent(
+		interface->mem_ctx, NULL, interface->ev);
+	SMB_ASSERT(ev_save != NULL);
+
+	interface->binding_handle = NULL;
+	interface->pipe = NULL;
+
+	/*
+	 * Free everything *except* the event context, which must go
+	 * away last
+	 */
+	TALLOC_FREE(interface->mem_ctx);
+
+	/*
+	 * Now wish a fond goodbye to the event context itself
+	 */
+	talloc_unlink(NULL, ev_save);
+	self->ob_type->tp_free(self);
+}
+
+static PyObject *dcerpc_interface_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
+{
+	PyObject *ret;
+	const char *binding_string = NULL;
+	PyObject *py_lp_ctx = Py_None;
+	PyObject *py_credentials = Py_None;
+	PyObject *syntax = Py_None;
+	PyObject *py_basis = Py_None;
+	const char *kwnames[] = {
+		"binding", "syntax", "lp_ctx", "credentials", "basis_connection", NULL
+	};
+	static struct ndr_interface_table dummy_table;
+	static struct ndr_interface_string_array dummy_endpoints;
+	PyObject *args2 = Py_None;
+	PyObject *kwargs2 = Py_None;
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "sO|OOO:connect", discard_const_p(char *, kwnames), &binding_string, &syntax, &py_lp_ctx, &py_credentials, &py_basis)) {
+		return NULL;
+	}
+
+	if (strncmp(binding_string, "irpc:", 5) == 0) {
+		PyErr_SetString(PyExc_ValueError, "irpc: transport not supported");
+		return NULL;
+	}
+
+	/*
+	 * Fill a dummy interface table struct. TODO: In the future, we should
+	 * rather just allow connecting without requiring an interface table.
+	 *
+	 * We just fill the syntax during the connect, but keep the memory valid
+	 * the whole time.
+	 */
+	if (!ndr_syntax_from_py_object(syntax, &dummy_table.syntax_id)) {
+		return NULL;
+	}
+
+	/*
+	 * Initialise the endpoints list in dummy_table if required
+	 */
+	if (dummy_table.endpoints == NULL) {
+		dummy_table.endpoints = &dummy_endpoints;
+	}
+
+	args2 = Py_BuildValue("(s)", binding_string);
+	if (args2 == NULL) {
+		return NULL;
+	}
+
+	kwargs2 = Py_BuildValue("{s:O,s:O,s:O}",
+				"lp_ctx", py_lp_ctx,
+				"credentials", py_credentials,
+				"basis_connection", py_basis);
+	if (kwargs2 == NULL) {
+		Py_DECREF(args2);
+		return NULL;
+	}
+
+	ret = py_dcerpc_interface_init_helper(type, args2, kwargs2, &dummy_table);
+	ZERO_STRUCT(dummy_table.syntax_id);
+	Py_DECREF(args2);
+	Py_DECREF(kwargs2);
+	return ret;
+}
+
+static PyTypeObject dcerpc_InterfaceType = {
+	PyVarObject_HEAD_INIT(NULL, 0)
+	.tp_name = "dcerpc.ClientConnection",
+	.tp_basicsize = sizeof(dcerpc_InterfaceObject),
+	.tp_dealloc = dcerpc_interface_dealloc,
+	.tp_getset = dcerpc_interface_getsetters,
+	.tp_methods = dcerpc_interface_methods,
+	.tp_doc = "ClientConnection(binding, syntax, lp_ctx=None, credentials=None) -> connection\n"
+"\n"
+"binding should be a DCE/RPC binding string (for example: ncacn_ip_tcp:127.0.0.1)\n"
+"syntax should be a tuple with a GUID and version number of an interface\n"
+"lp_ctx should be a path to a smb.conf file or a param.LoadParm object\n"
+"credentials should be a credentials.Credentials object.\n\n",
+	.tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE,
+	.tp_new = dcerpc_interface_new,
+};
+
+static PyObject *py_transfer_syntax_ndr_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
+{
+	return py_dcerpc_syntax_init_helper(type, args, kwargs, &ndr_transfer_syntax_ndr);
+}
+
+static PyTypeObject py_transfer_syntax_ndr_SyntaxType = {
+	PyVarObject_HEAD_INIT(NULL, 0)
+	.tp_name = "base.transfer_syntax_ndr",
+	.tp_doc = "transfer_syntax_ndr()\n",
+	.tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE,
+	.tp_new = py_transfer_syntax_ndr_new,
+};
+
+static PyObject *py_transfer_syntax_ndr64_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
+{
+	return py_dcerpc_syntax_init_helper(type, args, kwargs, &ndr_transfer_syntax_ndr64);
+}
+
+static PyTypeObject py_transfer_syntax_ndr64_SyntaxType = {
+	PyVarObject_HEAD_INIT(NULL, 0)
+	.tp_name = "base.transfer_syntax_ndr64",
+	.tp_doc = "transfer_syntax_ndr64()\n",
+	.tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE,
+	.tp_new = py_transfer_syntax_ndr64_new,
+};
+
+static PyObject *py_bind_time_features_syntax_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
+{
+	const char *kwnames[] = {
+		"features", NULL
+	};
+	unsigned long long features = 0;
+	struct ndr_syntax_id syntax;
+	PyObject *args2 = Py_None;
+	PyObject *kwargs2 = Py_None;
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "K:features", discard_const_p(char *, kwnames), &features)) {
+		return NULL;
+	}
+
+	args2 = Py_BuildValue("()");
+	if (args2 == NULL) {
+		return NULL;
+	}
+
+	kwargs2 = Py_BuildValue("{}");
+	if (kwargs2 == NULL) {
+		Py_DECREF(args2);
+		return NULL;
+	}
+
+	syntax = dcerpc_construct_bind_time_features(features);
+
+	return py_dcerpc_syntax_init_helper(type, args2, kwargs2, &syntax);
+}
+
+static PyTypeObject py_bind_time_features_syntax_SyntaxType = {
+	PyVarObject_HEAD_INIT(NULL, 0)
+	.tp_name = "base.bind_time_features_syntax",
+	.tp_doc = "bind_time_features_syntax(features)\n",
+	.tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE,
+	.tp_new = py_bind_time_features_syntax_new,
+};
+
+struct py_dcerpc_ndr_pointer {
+	PyObject *value;
+};
+
+static void py_dcerpc_ndr_pointer_dealloc(PyObject* self)
+{
+	struct py_dcerpc_ndr_pointer *obj =
+		pytalloc_get_type(self, struct py_dcerpc_ndr_pointer);
+
+	Py_CLEAR(obj->value);
+
+	self->ob_type->tp_free(self);
+}
+
+static PyObject *py_dcerpc_ndr_pointer_get_value(PyObject *self, void *closure)
+{
+	struct py_dcerpc_ndr_pointer *obj =
+		pytalloc_get_type(self, struct py_dcerpc_ndr_pointer);
+
+	Py_INCREF(obj->value);
+	return obj->value;
+}
+
+static int py_dcerpc_ndr_pointer_set_value(PyObject *self, PyObject *value, void *closure)
+{
+	struct py_dcerpc_ndr_pointer *obj =
+		pytalloc_get_type(self, struct py_dcerpc_ndr_pointer);
+
+	Py_CLEAR(obj->value);
+	obj->value = value;
+	Py_INCREF(obj->value);
+	return 0;
+}
+
+static PyGetSetDef py_dcerpc_ndr_pointer_getsetters[] = {
+	{
+		.name = discard_const_p(char, "value"),
+		.get  = py_dcerpc_ndr_pointer_get_value,
+		.set  = py_dcerpc_ndr_pointer_set_value,
+		.doc  = discard_const_p(char, "the value store by the pointer"),
+	},
+	{
+		.name = NULL,
+	},
+};
+
+static PyObject *py_dcerpc_ndr_pointer_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
+{
+	PyObject *ret = NULL;
+	struct py_dcerpc_ndr_pointer *obj = NULL;
+	const char *kwnames[] = { "value", NULL };
+	PyObject *value = NULL;
+	bool ok;
+
+	ok = PyArg_ParseTupleAndKeywords(args, kwargs, "O:value",
+					 discard_const_p(char *, kwnames),
+					 &value);
+	if (!ok) {
+		return NULL;
+	}
+
+	ret = pytalloc_new(struct py_dcerpc_ndr_pointer, type);
+	if (ret == NULL) {
+		return NULL;
+	}
+
+	obj = pytalloc_get_type(ret, struct py_dcerpc_ndr_pointer);
+	*obj = (struct py_dcerpc_ndr_pointer) {
+		.value = value,
+	};
+
+	Py_INCREF(obj->value);
+	return ret;
+}
+
+static PyTypeObject py_dcerpc_ndr_pointer_type = {
+	PyVarObject_HEAD_INIT(NULL, 0)
+	.tp_name = "base.ndr_pointer",
+	.tp_dealloc = py_dcerpc_ndr_pointer_dealloc,
+	.tp_getset = py_dcerpc_ndr_pointer_getsetters,
+	.tp_doc = "ndr_pointer(value)\n",
+	.tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE,
+	.tp_new = py_dcerpc_ndr_pointer_new,
+};
+
+static struct PyModuleDef moduledef = {
+    PyModuleDef_HEAD_INIT,
+    .m_name = "base",
+    .m_doc = "DCE/RPC protocol implementation",
+    .m_size = -1,
+};
+
+MODULE_INIT_FUNC(base)
+{
+	PyObject *m;
+	PyObject *dep_talloc;
+	PyObject *dep_samba_dcerpc_misc;
+
+	dep_talloc = PyImport_ImportModule("talloc");
+	if (dep_talloc == NULL)
+		return NULL;
+
+	BaseObject_Type = (PyTypeObject *)PyObject_GetAttrString(dep_talloc, "BaseObject");
+	if (BaseObject_Type == NULL) {
+		Py_CLEAR(dep_talloc);
+		return NULL;
+	}
+
+	Py_CLEAR(dep_talloc);
+	dep_samba_dcerpc_misc = PyImport_ImportModule("samba.dcerpc.misc");
+	if (dep_samba_dcerpc_misc == NULL) {
+		return NULL;
+	}
+
+	ndr_syntax_id_Type = (PyTypeObject *)PyObject_GetAttrString(dep_samba_dcerpc_misc, "ndr_syntax_id");
+	Py_CLEAR(dep_samba_dcerpc_misc);
+	if (ndr_syntax_id_Type == NULL) {
+		return NULL;
+	}
+
+	py_transfer_syntax_ndr_SyntaxType.tp_base = ndr_syntax_id_Type;
+	py_transfer_syntax_ndr_SyntaxType.tp_basicsize = pytalloc_BaseObject_size();
+	py_transfer_syntax_ndr64_SyntaxType.tp_base = ndr_syntax_id_Type;
+	py_transfer_syntax_ndr64_SyntaxType.tp_basicsize = pytalloc_BaseObject_size();
+	py_bind_time_features_syntax_SyntaxType.tp_base = ndr_syntax_id_Type;
+	py_bind_time_features_syntax_SyntaxType.tp_basicsize = pytalloc_BaseObject_size();
+
+	py_dcerpc_ndr_pointer_type.tp_base = BaseObject_Type;
+	py_dcerpc_ndr_pointer_type.tp_basicsize = pytalloc_BaseObject_size();
+
+	if (PyType_Ready(&dcerpc_InterfaceType) < 0) {
+		return NULL;
+	}
+
+	if (PyType_Ready(&py_transfer_syntax_ndr_SyntaxType) < 0) {
+		return NULL;
+	}
+	if (PyType_Ready(&py_transfer_syntax_ndr64_SyntaxType) < 0) {
+		return NULL;
+	}
+	if (PyType_Ready(&py_bind_time_features_syntax_SyntaxType) < 0) {
+		return NULL;
+	}
+
+	if (PyType_Ready(&py_dcerpc_ndr_pointer_type) < 0) {
+		return NULL;
+	}
+
+	m = PyModule_Create(&moduledef);
+	if (m == NULL) {
+		return NULL;
+	}
+
+	Py_INCREF((PyObject *)&dcerpc_InterfaceType);
+	PyModule_AddObject(m, "ClientConnection", (PyObject *)&dcerpc_InterfaceType);
+
+	Py_INCREF((PyObject *)(void *)&py_transfer_syntax_ndr_SyntaxType);
+	PyModule_AddObject(m, "transfer_syntax_ndr", (PyObject *)(void *)&py_transfer_syntax_ndr_SyntaxType);
+	Py_INCREF((PyObject *)(void *)&py_transfer_syntax_ndr64_SyntaxType);
+	PyModule_AddObject(m, "transfer_syntax_ndr64", (PyObject *)(void *)&py_transfer_syntax_ndr64_SyntaxType);
+	Py_INCREF((PyObject *)(void *)&py_bind_time_features_syntax_SyntaxType);
+	PyModule_AddObject(m, "bind_time_features_syntax", (PyObject *)(void *)&py_bind_time_features_syntax_SyntaxType);
+	Py_INCREF((PyObject *)(void *)&py_dcerpc_ndr_pointer_type);
+	PyModule_AddObject(m, "ndr_pointer", (PyObject *)(void *)&py_dcerpc_ndr_pointer_type);
+	return m;
+}
diff --git a/source4/librpc/rpc/pyrpc.h b/source4/librpc/rpc/pyrpc.h
new file mode 100644
index 0000000..390e01a
--- /dev/null
+++ b/source4/librpc/rpc/pyrpc.h
@@ -0,0 +1,60 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2008
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _PYRPC_H_
+#define _PYRPC_H_
+
+#include "libcli/util/pyerrors.h"
+
+#define PY_CHECK_TYPE(type, var, fail)					\
+	if (var == NULL) {						\
+		PyErr_Format(PyExc_TypeError,				\
+			     __location__				\
+			     ": Expected type '%s' for '%s', got NULL", \
+			     (type)->tp_name, #var);			\
+		fail;							\
+	} else if (!PyObject_TypeCheck(var, type)) {			\
+		PyErr_Format(PyExc_TypeError,				\
+			     __location__				\
+			     ": Expected type '%s' for '%s' of type '%s'", \
+			     (type)->tp_name, #var, Py_TYPE(var)->tp_name); \
+		fail;							\
+	}
+
+#define dom_sid0_Type dom_sid_Type
+#define dom_sid2_Type dom_sid_Type
+#define dom_sid28_Type dom_sid_Type
+#define dom_sid0_Check dom_sid_Check
+#define dom_sid2_Check dom_sid_Check
+#define dom_sid28_Check dom_sid_Check
+
+typedef struct {
+	PyObject_HEAD
+	TALLOC_CTX *mem_ctx;
+	struct dcerpc_pipe *pipe;
+	struct dcerpc_binding_handle *binding_handle;
+	struct tevent_context *ev;
+} dcerpc_InterfaceObject;
+
+
+#ifndef NDR_DCERPC_REQUEST_OBJECT_PRESENT
+#define NDR_DCERPC_REQUEST_OBJECT_PRESENT true
+#endif /* NDR_DCERPC_REQUEST_OBJECT_PRESENT */
+
+#endif /* _PYRPC_H_ */
diff --git a/source4/librpc/rpc/pyrpc_util.c b/source4/librpc/rpc/pyrpc_util.c
new file mode 100644
index 0000000..43c29af
--- /dev/null
+++ b/source4/librpc/rpc/pyrpc_util.c
@@ -0,0 +1,555 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Python interface to DCE/RPC library - utility functions.
+
+   Copyright (C) 2010 Jelmer Vernooij <jelmer@samba.org>
+   Copyright (C) 2010 Andrew Tridgell <tridge@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "lib/replace/system/python.h"
+#include "python/py3compat.h"
+#include "includes.h"
+#include "python/modules.h"
+#include "librpc/rpc/pyrpc_util.h"
+#include "librpc/rpc/dcerpc.h"
+#include "librpc/rpc/pyrpc.h"
+#include "param/pyparam.h"
+#include "auth/credentials/pycredentials.h"
+#include "lib/events/events.h"
+#include "lib/messaging/messaging.h"
+#include "lib/messaging/irpc.h"
+
+bool py_check_dcerpc_type(PyObject *obj, const char *module, const char *type_name)
+{
+	PyObject *mod;
+	PyTypeObject *type;
+	bool ret;
+
+	mod = PyImport_ImportModule(module);
+
+	if (mod == NULL) {
+		PyErr_Format(PyExc_RuntimeError, "Unable to import %s to check type %s",
+			module, type_name);
+		return false;
+	}
+
+	type = (PyTypeObject *)PyObject_GetAttrString(mod, type_name);
+	Py_DECREF(mod);
+	if (type == NULL) {
+		PyErr_Format(PyExc_RuntimeError, "Unable to find type %s in module %s",
+			module, type_name);
+		return false;
+	}
+
+	ret = PyObject_TypeCheck(obj, type);
+	Py_DECREF(type);
+
+	if (!ret)
+		PyErr_Format(PyExc_TypeError, "Expected type %s.%s, got %s",
+			module, type_name, Py_TYPE(obj)->tp_name);
+
+	return ret;
+}
+
+/*
+  connect to a IRPC pipe from python
+ */
+static NTSTATUS pyrpc_irpc_connect(TALLOC_CTX *mem_ctx, const char *irpc_server,
+				   const struct ndr_interface_table *table,
+				   struct tevent_context *event_ctx,
+				   struct loadparm_context *lp_ctx,
+				   struct dcerpc_binding_handle **binding_handle)
+{
+	struct imessaging_context *msg;
+
+	msg = imessaging_client_init(mem_ctx, lp_ctx, event_ctx);
+	NT_STATUS_HAVE_NO_MEMORY(msg);
+
+	*binding_handle = irpc_binding_handle_by_name(mem_ctx, msg, irpc_server, table);
+	if (*binding_handle == NULL) {
+		talloc_free(msg);
+		return NT_STATUS_INVALID_PIPE_STATE;
+	}
+
+	/*
+	 * Note: this allows nested event loops to happen,
+	 * but as there's no top level event loop it's not that critical.
+	 */
+	dcerpc_binding_handle_set_sync_ev(*binding_handle, event_ctx);
+
+	return NT_STATUS_OK;
+}
+
+PyObject *py_dcerpc_interface_init_helper(PyTypeObject *type, PyObject *args, PyObject *kwargs,
+					  const struct ndr_interface_table *table)
+{
+	dcerpc_InterfaceObject *ret;
+	const char *binding_string;
+	PyObject *py_lp_ctx = Py_None, *py_credentials = Py_None, *py_basis = Py_None;
+	NTSTATUS status;
+	unsigned int timeout = (unsigned int)-1;
+	const char *kwnames[] = {
+		"binding", "lp_ctx", "credentials", "timeout", "basis_connection", NULL
+	};
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|OOIO:samr", discard_const_p(char *, kwnames), &binding_string, &py_lp_ctx, &py_credentials, &timeout, &py_basis)) {
+		return NULL;
+	}
+
+	status = dcerpc_init();
+	if (!NT_STATUS_IS_OK(status)) {
+		PyErr_SetNTSTATUS(status);
+		return NULL;
+	}
+
+	ret = PyObject_New(dcerpc_InterfaceObject, type);
+	if (ret == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	ret->pipe = NULL;
+	ret->binding_handle = NULL;
+	ret->ev = NULL;
+	ret->mem_ctx = talloc_new(NULL);
+	if (ret->mem_ctx == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	if (strncmp(binding_string, "irpc:", 5) == 0) {
+		struct loadparm_context *lp_ctx;
+
+		ret->ev = s4_event_context_init(ret->mem_ctx);
+		if (ret->ev == NULL) {
+			PyErr_SetString(PyExc_TypeError,
+					"Unable to initialise event context");
+			Py_DECREF(ret);
+			return NULL;
+		}
+
+		lp_ctx = lpcfg_from_py_object(ret->ev, py_lp_ctx);
+		if (lp_ctx == NULL) {
+			PyErr_SetString(PyExc_TypeError, "Expected loadparm context");
+			Py_DECREF(ret);
+			return NULL;
+		}
+
+		status = pyrpc_irpc_connect(ret->mem_ctx, binding_string+5, table,
+					    ret->ev, lp_ctx, &ret->binding_handle);
+		if (!NT_STATUS_IS_OK(status)) {
+			PyErr_SetNTSTATUS(status);
+			Py_DECREF(ret);
+			return NULL;
+		}
+	} else if (py_basis != Py_None) {
+		struct dcerpc_pipe *base_pipe;
+		PyObject *py_base;
+		PyTypeObject *ClientConnection_Type;
+
+		py_base = PyImport_ImportModule("samba.dcerpc.base");
+		if (py_base == NULL) {
+			Py_DECREF(ret);
+			return NULL;
+		}
+
+		ClientConnection_Type = (PyTypeObject *)PyObject_GetAttrString(py_base, "ClientConnection");
+		if (ClientConnection_Type == NULL) {
+			PyErr_SetNone(PyExc_TypeError);
+			Py_DECREF(ret);
+			Py_DECREF(py_base);
+			return NULL;
+		}
+
+		if (!PyObject_TypeCheck(py_basis, ClientConnection_Type)) {
+			PyErr_SetString(PyExc_TypeError, "basis_connection must be a DCE/RPC connection");
+			Py_DECREF(ret);
+			Py_DECREF(py_base);
+			Py_DECREF(ClientConnection_Type);
+			return NULL;
+		}
+
+		base_pipe = talloc_reference(ret->mem_ctx,
+					 ((dcerpc_InterfaceObject *)py_basis)->pipe);
+		if (base_pipe == NULL) {
+			PyErr_NoMemory();
+			Py_DECREF(ret);
+			Py_DECREF(py_base);
+			Py_DECREF(ClientConnection_Type);
+			return NULL;
+		}
+
+		ret->ev = talloc_reference(
+			ret->mem_ctx,
+			((dcerpc_InterfaceObject *)py_basis)->ev);
+		if (ret->ev == NULL) {
+			PyErr_NoMemory();
+			Py_DECREF(ret);
+			Py_DECREF(py_base);
+			Py_DECREF(ClientConnection_Type);
+			return NULL;
+		}
+
+		status = dcerpc_secondary_context(base_pipe, &ret->pipe, table);
+		if (!NT_STATUS_IS_OK(status)) {
+			PyErr_SetNTSTATUS(status);
+			Py_DECREF(ret);
+			Py_DECREF(py_base);
+			Py_DECREF(ClientConnection_Type);
+			return NULL;
+		}
+
+		ret->pipe = talloc_steal(ret->mem_ctx, ret->pipe);
+		Py_XDECREF(ClientConnection_Type);
+		Py_XDECREF(py_base);
+	} else {
+		struct loadparm_context *lp_ctx;
+		struct cli_credentials *credentials;
+
+		ret->ev = s4_event_context_init(ret->mem_ctx);
+		if (ret->ev == NULL) {
+			PyErr_SetString(PyExc_TypeError, "Expected loadparm context");
+			Py_DECREF(ret);
+			return NULL;
+		}
+
+		lp_ctx = lpcfg_from_py_object(ret->ev, py_lp_ctx);
+		if (lp_ctx == NULL) {
+			PyErr_SetString(PyExc_TypeError, "Expected loadparm context");
+			Py_DECREF(ret);
+			return NULL;
+		}
+
+		credentials = cli_credentials_from_py_object(py_credentials);
+		if (credentials == NULL) {
+			PyErr_SetString(PyExc_TypeError, "Expected credentials");
+			Py_DECREF(ret);
+			return NULL;
+		}
+		status = dcerpc_pipe_connect(ret->mem_ctx, &ret->pipe, binding_string,
+			     table, credentials, ret->ev, lp_ctx);
+		if (!NT_STATUS_IS_OK(status)) {
+			PyErr_SetNTSTATUS(status);
+			Py_DECREF(ret);
+			return NULL;
+		}
+	}
+
+	if (ret->pipe) {
+		ret->pipe->conn->flags |= DCERPC_NDR_REF_ALLOC;
+		ret->binding_handle = ret->pipe->binding_handle;
+	}
+
+	/* reset timeout for the handle */
+	if ((timeout != ((unsigned int)-1)) && (ret->binding_handle != NULL)) {
+		dcerpc_binding_handle_set_timeout(ret->binding_handle, timeout);
+	}
+
+	return (PyObject *)ret;
+}
+
+static PyObject *py_dcerpc_run_function(dcerpc_InterfaceObject *iface,
+					const struct PyNdrRpcMethodDef *md,
+					PyObject *args, PyObject *kwargs)
+{
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+	void *r;
+	PyObject *result = Py_None;
+
+	if (md->pack_in_data == NULL || md->unpack_out_data == NULL) {
+		PyErr_SetString(PyExc_NotImplementedError, "No marshalling code available yet");
+		return NULL;
+	}
+
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	r = talloc_zero_size(mem_ctx, md->table->calls[md->opnum].struct_size);
+	if (r == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	if (!md->pack_in_data(args, kwargs, r)) {
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	status = md->call(iface->binding_handle, mem_ctx, r);
+	if (!NT_STATUS_IS_OK(status)) {
+		PyErr_SetDCERPCStatus(iface->pipe, status);
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	result = md->unpack_out_data(r);
+
+	talloc_free(mem_ctx);
+	return result;
+}
+
+static PyObject *py_dcerpc_call_wrapper(PyObject *self, PyObject *args, void *wrapped, PyObject *kwargs)
+{
+	dcerpc_InterfaceObject *iface = (dcerpc_InterfaceObject *)self;
+	const struct PyNdrRpcMethodDef *md = (const struct PyNdrRpcMethodDef *)wrapped;
+
+	return py_dcerpc_run_function(iface, md, args, kwargs);
+}
+
+bool PyInterface_AddNdrRpcMethods(PyTypeObject *ifacetype, const struct PyNdrRpcMethodDef *mds)
+{
+	int i;
+	for (i = 0; mds[i].name; i++) {
+		PyObject *ret;
+		struct wrapperbase *wb = (struct wrapperbase *)calloc(sizeof(struct wrapperbase), 1);
+
+		if (wb == NULL) {
+			return false;
+		}
+		wb->name = discard_const_p(char, mds[i].name);
+		wb->flags = PyWrapperFlag_KEYWORDS;
+		wb->wrapper = PY_DISCARD_FUNC_SIG(wrapperfunc,
+						  py_dcerpc_call_wrapper);
+		wb->doc = discard_const_p(char, mds[i].doc);
+
+		ret = PyDescr_NewWrapper(ifacetype, wb, discard_const_p(void, &mds[i]));
+
+		PyDict_SetItemString(ifacetype->tp_dict, mds[i].name,
+				     (PyObject *)ret);
+		Py_CLEAR(ret);
+	}
+
+	return true;
+}
+
+PyObject *py_dcerpc_syntax_init_helper(PyTypeObject *type, PyObject *args, PyObject *kwargs,
+				       const struct ndr_syntax_id *syntax)
+{
+	PyObject *ret;
+	struct ndr_syntax_id *obj;
+	const char *kwnames[] = { NULL };
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, ":abstract_syntax", discard_const_p(char *, kwnames))) {
+		return NULL;
+	}
+
+	ret = pytalloc_new(struct ndr_syntax_id, type);
+	if (ret == NULL) {
+		return NULL;
+	}
+
+	obj = pytalloc_get_type(ret, struct ndr_syntax_id);
+	*obj = *syntax;
+
+	return ret;
+}
+
+void PyErr_SetDCERPCStatus(struct dcerpc_pipe *p, NTSTATUS status)
+{
+	if (p && NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
+		status = dcerpc_fault_to_nt_status(p->last_fault_code);
+	}
+	PyErr_SetNTSTATUS(status);
+}
+
+
+/*
+  take a NDR structure that has a type in a python module and return
+  it as a python object
+
+  r is the NDR structure pointer (a C structure)
+
+  r_ctx is the context that is a parent of r. It will be referenced by
+  the resulting python object
+
+  This MUST only be used by objects that are based on pytalloc_Object
+  otherwise the pytalloc_reference_ex() will fail.
+ */
+PyObject *py_return_ndr_struct(const char *module_name, const char *type_name,
+			       TALLOC_CTX *r_ctx, void *r)
+{
+	PyTypeObject *py_type;
+	PyObject *module;
+	PyObject *result = NULL;
+
+	if (r == NULL) {
+		Py_RETURN_NONE;
+	}
+
+	module = PyImport_ImportModule(module_name);
+	if (module == NULL) {
+		return NULL;
+	}
+
+	py_type = (PyTypeObject *)PyObject_GetAttrString(module, type_name);
+	if (py_type == NULL) {
+		Py_DECREF(module);
+		return NULL;
+	}
+
+	result = pytalloc_reference_ex(py_type, r_ctx, r);
+	Py_CLEAR(module);
+	Py_CLEAR(py_type);
+	return result;
+}
+
+PyObject *PyString_FromStringOrNULL(const char *str)
+{
+	if (str == NULL) {
+		Py_RETURN_NONE;
+	}
+	return PyUnicode_FromString(str);
+}
+
+PyObject *PyBytes_FromUtf16StringOrNULL(const unsigned char *str)
+{
+	size_t len;
+
+	if (str == NULL) {
+		Py_RETURN_NONE;
+	}
+
+	len = utf16_len(str);
+	return PyBytes_FromStringAndSize((const char *)str, len);
+}
+
+unsigned char *PyUtf16String_FromBytes(TALLOC_CTX *mem_ctx, PyObject *value)
+{
+	char *bytes = NULL;
+	Py_ssize_t len = 0;
+	unsigned char *utf16_string = NULL;
+	int ret;
+
+	ret = PyBytes_AsStringAndSize(value, &bytes, &len);
+	if (ret) {
+		return NULL;
+	}
+
+	if (len < 0) {
+		PyErr_SetString(PyExc_ValueError, "bytes length is negative");
+		return NULL;
+	}
+	if (len & 1) {
+		PyErr_SetString(PyExc_ValueError, "bytes length is odd");
+		return NULL;
+	}
+
+	/* Ensure that the bytes object contains no embedded null terminator. */
+	if ((size_t)len != utf16_len_n(bytes, len)) {
+		PyErr_SetString(PyExc_ValueError,
+				"value contains an embedded null terminator");
+		return NULL;
+	}
+
+	utf16_string = talloc_utf16_strlendup(mem_ctx, bytes, len);
+	if (utf16_string == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	return utf16_string;
+}
+
+PyObject *pyrpc_import_union(PyTypeObject *type, TALLOC_CTX *mem_ctx, int level,
+			     const void *in, const char *typename)
+{
+	PyObject *mem_ctx_obj = NULL;
+	PyObject *in_obj = NULL;
+	PyObject *ret = NULL;
+
+	mem_ctx_obj = pytalloc_GenericObject_reference(mem_ctx);
+	if (mem_ctx_obj == NULL) {
+		return NULL;
+	}
+
+	in_obj = pytalloc_GenericObject_reference_ex(mem_ctx, discard_const(in));
+	if (in_obj == NULL) {
+		Py_XDECREF(mem_ctx_obj);
+		return NULL;
+	}
+
+	ret = PyObject_CallMethod((PyObject *)type,
+				  discard_const_p(char, "__import__"),
+				  discard_const_p(char, "OiO"),
+				  mem_ctx_obj, level, in_obj);
+	Py_XDECREF(mem_ctx_obj);
+	Py_XDECREF(in_obj);
+	if (ret == NULL) {
+		return NULL;
+	}
+
+	return ret;
+}
+
+void *pyrpc_export_union(PyTypeObject *type, TALLOC_CTX *mem_ctx, int level,
+			 PyObject *in, const char *typename)
+{
+	PyObject *mem_ctx_obj = NULL;
+	PyObject *ret_obj = NULL;
+	void *ret = NULL;
+
+	mem_ctx_obj = pytalloc_GenericObject_reference(mem_ctx);
+	if (mem_ctx_obj == NULL) {
+		return NULL;
+	}
+
+	ret_obj = PyObject_CallMethod((PyObject *)type,
+				      discard_const_p(char, "__export__"),
+				      discard_const_p(char, "OiO"),
+				      mem_ctx_obj, level, in);
+	Py_XDECREF(mem_ctx_obj);
+	if (ret_obj == NULL) {
+		return NULL;
+	}
+
+	ret = _pytalloc_get_type(ret_obj, typename);
+	Py_XDECREF(ret_obj);
+	return ret;
+}
+
+PyObject *py_dcerpc_ndr_pointer_deref(PyTypeObject *type, PyObject *obj)
+{
+	if (!PyObject_TypeCheck(obj, type)) {
+		PyErr_Format(PyExc_TypeError,
+			     "Expected type '%s' but got type '%s'",
+			     (type)->tp_name, Py_TYPE(obj)->tp_name);
+		return NULL;
+	}
+
+	return PyObject_GetAttrString(obj, discard_const_p(char, "value"));
+}
+
+PyObject *py_dcerpc_ndr_pointer_wrap(PyTypeObject *type, PyObject *obj)
+{
+	PyObject *args = NULL;
+	PyObject *ret_obj = NULL;
+
+	args = PyTuple_New(1);
+	if (args == NULL) {
+		return NULL;
+	}
+	Py_XINCREF(obj);
+	PyTuple_SetItem(args, 0, obj);
+
+	ret_obj = PyObject_Call((PyObject *)type, args, NULL);
+	Py_XDECREF(args);
+	return ret_obj;
+}
diff --git a/source4/librpc/rpc/pyrpc_util.h b/source4/librpc/rpc/pyrpc_util.h
new file mode 100644
index 0000000..73157fc
--- /dev/null
+++ b/source4/librpc/rpc/pyrpc_util.h
@@ -0,0 +1,74 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Python interface to DCE/RPC library - utility functions.
+
+   Copyright (C) 2010 Jelmer Vernooij <jelmer@samba.org>
+   Copyright (C) 2010 Andrew Tridgell <tridge@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __PYRPC_UTIL_H__
+#define __PYRPC_UTIL_H__
+
+#include "librpc/rpc/pyrpc.h"
+
+#define PyErr_FromNdrError(err) Py_BuildValue("(is)", err, ndr_map_error2string(err))
+
+#define PyErr_SetNdrError(err) \
+		PyErr_SetObject(PyExc_RuntimeError, PyErr_FromNdrError(err))
+
+void PyErr_SetDCERPCStatus(struct dcerpc_pipe *p, NTSTATUS status);
+
+typedef NTSTATUS (*py_dcerpc_call_fn) (struct dcerpc_binding_handle *, TALLOC_CTX *, void *);
+typedef bool (*py_data_pack_fn) (PyObject *args, PyObject *kwargs, void *r);
+typedef PyObject *(*py_data_unpack_fn) (void *r);
+
+struct PyNdrRpcMethodDef {
+	const char *name;
+	const char *doc;
+	py_dcerpc_call_fn call;
+	py_data_pack_fn pack_in_data;
+	py_data_unpack_fn unpack_out_data;
+	uint32_t opnum;
+	const struct ndr_interface_table *table;
+};
+
+bool py_check_dcerpc_type(PyObject *obj, const char *module, const char *type_name);
+bool PyInterface_AddNdrRpcMethods(PyTypeObject *object, const struct PyNdrRpcMethodDef *mds);
+PyObject *py_dcerpc_interface_init_helper(PyTypeObject *type, PyObject *args, PyObject *kwargs, const struct ndr_interface_table *table);
+
+struct ndr_syntax_id;
+PyObject *py_dcerpc_syntax_init_helper(PyTypeObject *type, PyObject *args, PyObject *kwargs,
+				       const struct ndr_syntax_id *syntax);
+
+PyObject *py_return_ndr_struct(const char *module_name, const char *type_name,
+			       TALLOC_CTX *r_ctx, void *r);
+
+PyObject *PyString_FromStringOrNULL(const char *str);
+
+PyObject *PyBytes_FromUtf16StringOrNULL(const unsigned char *str);
+
+unsigned char *PyUtf16String_FromBytes(TALLOC_CTX *mem_ctx, PyObject *value);
+
+PyObject *pyrpc_import_union(PyTypeObject *type, TALLOC_CTX *mem_ctx, int level,
+			     const void *in, const char *typename);
+void *pyrpc_export_union(PyTypeObject *type, TALLOC_CTX *mem_ctx, int level,
+			 PyObject *in, const char *typename);
+
+PyObject *py_dcerpc_ndr_pointer_deref(PyTypeObject *type, PyObject *obj);
+PyObject *py_dcerpc_ndr_pointer_wrap(PyTypeObject *type, PyObject *obj);
+
+#endif /* __PYRPC_UTIL_H__ */
diff --git a/source4/librpc/scripts/build_idl.sh b/source4/librpc/scripts/build_idl.sh
new file mode 100755
index 0000000..dde80f7
--- /dev/null
+++ b/source4/librpc/scripts/build_idl.sh
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+FULLBUILD=$1
+OUTDIR=$2
+shift 2
+IDL_FILES="$*"
+
+[ -d $OUTDIR ] || mkdir -p $OUTDIR || exit 1
+
+PIDL="$PIDL --outputdir $OUTDIR --header --ndr-parser --server --client --python --dcom-proxy --com-header --includedir ../librpc/idl -- "
+
+if [ x$FULLBUILD = xFULL ]; then
+	echo Rebuilding all idl files in $IDLDIR
+	$PIDL $IDL_FILES || exit 1
+	exit 0
+fi
+
+list=""
+
+for f in $IDL_FILES; do
+	basename=$(basename $f .idl)
+	ndr="$OUTDIR/ndr_$basename.c"
+	# blergh - most shells don't have the -nt function
+	if [ -f $ndr ]; then
+		if [ x$(find $f -newer $ndr -print) = x$f ]; then
+			list="$list $f"
+		fi
+	else
+		list="$list $f"
+	fi
+done
+
+if [ "x$list" != x ]; then
+	$PIDL $list || exit 1
+fi
+
+exit 0
diff --git a/source4/librpc/tests/binding_string.c b/source4/librpc/tests/binding_string.c
new file mode 100644
index 0000000..3ef7b7d
--- /dev/null
+++ b/source4/librpc/tests/binding_string.c
@@ -0,0 +1,327 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   local testing of RPC binding string parsing 
+
+   Copyright (C) Jelmer Vernooij 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/epmapper.h"
+#include "librpc/rpc/dcerpc.h"
+#include "librpc/rpc/dcerpc_proto.h"
+#include "torture/torture.h"
+#include "torture/local/proto.h"
+#include "lib/util/util_net.h"
+
+static bool test_BindingString(struct torture_context *tctx,
+							   const void *test_data)
+{
+	const char *binding = test_data;
+	struct dcerpc_binding *b, *b2;
+	char *s, *s2, *p;
+	struct epm_tower tower;
+	TALLOC_CTX *mem_ctx = tctx;
+	const char *host;
+	struct GUID object;
+
+	/* Parse */
+	torture_assert_ntstatus_ok(tctx, dcerpc_parse_binding(mem_ctx, binding, &b),
+		"Error parsing binding string");
+
+	object = dcerpc_binding_get_object(b);
+
+	s = dcerpc_binding_string(mem_ctx, b);
+	torture_assert(tctx, s != NULL, "Error converting binding back to string");
+
+	torture_assert_casestr_equal(tctx, binding, s, 
+		"Mismatch while comparing original and regenerated binding strings");
+
+	/* Generate protocol towers */
+	torture_assert_ntstatus_ok(tctx, dcerpc_binding_build_tower(mem_ctx, b, &tower),
+		"Error generating protocol tower");
+
+	/* Convert back to binding and then back to string and compare */
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_binding_from_tower(mem_ctx, &tower, &b2),
+			    "Error generating binding from tower for original binding");
+
+	/* The tower doesn't contain the object */
+	torture_assert_ntstatus_ok(tctx, dcerpc_binding_set_object(b2, object),
+			    "set object on tower binding");
+
+	s = dcerpc_binding_string(mem_ctx, b);
+	torture_assert(tctx, s != NULL, "Error converting binding back to string for (stripped down)"); 
+
+	/*
+	 * Compare to a stripped down version of the binding string because
+	 * the protocol tower doesn't contain the extra option data
+	 *
+	 * We remove all options except of the endpoint.
+	 */
+	p = strchr(s, '[');
+	if (p != NULL) {
+		char *p2;
+
+		p2 = strchr(p + 1, ',');
+		if (p2 != NULL) {
+			/*
+			 * We only look at the first option,
+			 * which might be the endpoint.
+			 */
+			p2[0] = ']';
+			p2[1] = '\0';
+		}
+
+		p2 = strchr(p + 1, '=');
+		if (p2 != NULL) {
+			/*
+			 * It's not the endpoint, so remove the
+			 * whole option section.
+			 */
+			*p = '\0';
+		}
+	}
+
+	s2 = dcerpc_binding_string(mem_ctx, b2);
+	torture_assert(tctx, s != NULL, "Error converting binding back to string"); 
+
+	host = dcerpc_binding_get_string_option(b, "host");
+	if (host && is_ipaddress_v4(host)) {
+		torture_assert_casestr_equal(tctx, s, s2, "Mismatch while comparing original and from protocol tower generated binding strings");
+	}
+
+	return true;
+}
+
+static const char *test_strings[] = {
+	"ncacn_np:", 
+	"ncalrpc:", 
+	"ncalrpc:[,Security=Sane]", 
+	"ncacn_np:[rpcecho]",
+	"ncacn_np:127.0.0.1[rpcecho]",
+	"ncacn_ip_tcp:127.0.0.1",
+	"ncacn_ip_tcp:127.0.0.1[20]",
+	"ncacn_ip_tcp:127.0.0.1[20,sign]",
+	"ncacn_ip_tcp:127.0.0.1[20,sign,Security=Foobar]",
+	"ncacn_http:127.0.0.1",
+	"ncacn_http:127.0.0.1[78]",
+	"ncacn_http:127.0.0.1[78,ProxyServer=myproxy:3128]",
+	"ncacn_np:localhost[rpcecho]",
+	"ncacn_np:[/pipe/rpcecho]",
+	"ncacn_np:localhost[/pipe/rpcecho,sign,seal]",
+	"ncacn_np:[,sign]",
+	"ncadg_ip_udp:",
+	"308FB580-1EB2-11CA-923B-08002B1075A7@ncacn_np:localhost",
+	"308FB580-1EB2-11CA-923B-08002B1075A7@ncacn_ip_tcp:127.0.0.1",
+	"ncacn_unix_stream:[/tmp/epmapper]",
+	"ncalrpc:[IDENTIFIER]",
+	"ncacn_unix_stream:[/tmp/epmapper,sign]",
+	"ncacn_ip_tcp:127.0.0.1[75,target_hostname=port75.example.com,target_principal=host/port75.example.com]",
+	"ncacn_ip_tcp:127.0.0.1[75,connect,target_hostname=port75.example.com,target_principal=host/port75.example.com,assoc_group_id=0x01234567]",
+	"ncacn_ip_tcp:127.0.0.1[75,packet,target_hostname=port75.example.com,target_principal=host/port75.example.com,assoc_group_id=0x01234567]",
+	"ncacn_ip_tcp:::",
+	"ncacn_ip_tcp:::[75]",
+	"ncacn_ip_tcp:FD00::5357:5F00",
+	"ncacn_ip_tcp:FD00::5357:5F00[75]",
+	"ncacn_ip_tcp:FD00::5357:5F00[,target_hostname=port75.example.com]",
+	"ncacn_ip_tcp:FD00::5357:5F00[75,target_hostname=port75.example.com]",
+	"ncacn_ip_tcp:fe80::5357:5F00%75",
+	"ncacn_ip_tcp:fe80::5357:5F00%75[75]",
+	"ncacn_ip_tcp:fe80::5357:5F00%75[,target_hostname=port75.example.com]",
+	"ncacn_ip_tcp:fe80::5357:5F00%75[75,target_hostname=port75.example.com]",
+};
+
+static bool test_parse_check_results(struct torture_context *tctx)
+{
+	struct dcerpc_binding *b;
+	struct GUID uuid;
+	struct GUID object;
+	struct ndr_syntax_id abstract;
+	enum dcerpc_transport_t transport;
+	const char *endpoint;
+	uint32_t flags;
+
+	torture_assert_ntstatus_ok(tctx, 
+				   GUID_from_string("308FB580-1EB2-11CA-923B-08002B1075A7", &uuid),
+				   "parsing uuid");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_parse_binding(tctx, "ncacn_np:$SERVER", &b), "parse");
+	transport = dcerpc_binding_get_transport(b);
+	torture_assert(tctx, transport == NCACN_NP, "ncacn_np expected");
+	torture_assert_ntstatus_ok(tctx, dcerpc_parse_binding(tctx, "ncacn_ip_tcp:$SERVER", &b), "parse");
+	transport = dcerpc_binding_get_transport(b);
+	torture_assert(tctx, transport == NCACN_IP_TCP, "ncacn_ip_tcp expected");
+	torture_assert_ntstatus_ok(tctx, dcerpc_parse_binding(tctx, "ncacn_np:$SERVER[rpcecho]", &b), "parse");
+	endpoint = dcerpc_binding_get_string_option(b, "endpoint");
+	torture_assert_str_equal(tctx, endpoint, "rpcecho", "endpoint");
+	torture_assert_ntstatus_ok(tctx, dcerpc_parse_binding(tctx, "ncacn_np:$SERVER[/pipe/rpcecho]", &b), "parse");
+	torture_assert_ntstatus_ok(tctx, dcerpc_parse_binding(tctx, "ncacn_np:$SERVER[/pipe/rpcecho,sign,seal]", &b), "parse");
+	flags = dcerpc_binding_get_flags(b);
+	torture_assert(tctx, flags == DCERPC_SIGN+DCERPC_SEAL, "sign+seal flags");
+	endpoint = dcerpc_binding_get_string_option(b, "endpoint");
+	torture_assert_str_equal(tctx, endpoint, "/pipe/rpcecho", "endpoint");
+	torture_assert_ntstatus_ok(tctx, dcerpc_parse_binding(tctx, "ncacn_np:$SERVER[,sign]", &b), "parse");
+	torture_assert_ntstatus_ok(tctx, dcerpc_parse_binding(tctx, "ncacn_ip_tcp:$SERVER[,sign]", &b), "parse");
+	endpoint = dcerpc_binding_get_string_option(b, "endpoint");
+	torture_assert(tctx, endpoint == NULL, "endpoint");
+	flags = dcerpc_binding_get_flags(b);
+	torture_assert(tctx, flags == DCERPC_SIGN, "sign flag");
+	torture_assert_ntstatus_ok(tctx, dcerpc_parse_binding(tctx, "ncalrpc:", &b), "parse");
+	transport = dcerpc_binding_get_transport(b);
+	torture_assert(tctx, transport == NCALRPC, "ncalrpc expected");
+	torture_assert_ntstatus_ok(tctx, dcerpc_parse_binding(tctx, 
+		"308FB580-1EB2-11CA-923B-08002B1075A7@ncacn_np:$SERVER", &b), "parse");
+	object = dcerpc_binding_get_object(b);
+	abstract = dcerpc_binding_get_abstract_syntax(b);
+	torture_assert(tctx, GUID_equal(&object, &uuid), "object uuid");
+	torture_assert(tctx, ndr_syntax_id_equal(&abstract, &ndr_syntax_id_null),
+		       "null abstract syntax");
+	torture_assert_ntstatus_ok(tctx, dcerpc_parse_binding(tctx, 
+		"308FB580-1EB2-11CA-923B-08002B1075A7@ncacn_ip_tcp:$SERVER", &b), "parse");
+	torture_assert_ntstatus_ok(tctx, dcerpc_parse_binding(tctx, "ncacn_ip_tcp:$SERVER[,sign,localaddress=192.168.1.1]", &b), "parse");
+	transport = dcerpc_binding_get_transport(b);
+	torture_assert(tctx, transport == NCACN_IP_TCP, "ncacn_ip_tcp expected");
+	flags = dcerpc_binding_get_flags(b);
+	torture_assert(tctx, flags == DCERPC_SIGN, "sign flag");
+	torture_assert_str_equal(tctx, dcerpc_binding_get_string_option(b, "localaddress"),
+				 "192.168.1.1", "localaddress");
+	torture_assert_str_equal(tctx, "ncacn_ip_tcp:$SERVER[,sign,localaddress=192.168.1.1]",
+				 dcerpc_binding_string(tctx, b), "back to string");
+	torture_assert_str_equal(tctx, dcerpc_binding_get_string_option(b, "host"),
+				 "$SERVER", "host");
+	torture_assert_str_equal(tctx, dcerpc_binding_get_string_option(b, "target_hostname"),
+				 "$SERVER", "target_hostname");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_parse_binding(tctx,
+		"ncacn_ip_tcp:$HOST[,target_hostname=$HOSTNAME,target_principal=$PRINCIPAL]",
+		&b), "parse");
+	torture_assert_str_equal(tctx, dcerpc_binding_get_string_option(b, "host"),
+				 "$HOST", "host");
+	torture_assert_str_equal(tctx, dcerpc_binding_get_string_option(b, "target_hostname"),
+				 "$HOSTNAME", "target_hostname");
+	torture_assert_str_equal(tctx, dcerpc_binding_get_string_option(b, "target_principal"),
+				 "$PRINCIPAL", "target_principal");
+	torture_assert_str_equal(tctx,
+				 dcerpc_binding_string(tctx, b),
+		"ncacn_ip_tcp:$HOST[,target_hostname=$HOSTNAME,target_principal=$PRINCIPAL]",
+				 "back to string");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_parse_binding(tctx,
+		"ncacn_ip_tcp:$HOST[,connect,target_hostname=$HOSTNAME,target_principal=$PRINCIPAL,assoc_group_id=0x01234567]",
+		&b), "parse");
+	flags = dcerpc_binding_get_flags(b);
+	torture_assert(tctx, flags == DCERPC_CONNECT, "connect flag");
+	torture_assert_str_equal(tctx, dcerpc_binding_get_string_option(b, "host"),
+				 "$HOST", "host");
+	torture_assert_str_equal(tctx, dcerpc_binding_get_string_option(b, "target_hostname"),
+				 "$HOSTNAME", "target_hostname");
+	torture_assert_str_equal(tctx, dcerpc_binding_get_string_option(b, "target_principal"),
+				 "$PRINCIPAL", "target_principal");
+	torture_assert_int_equal(tctx, dcerpc_binding_get_assoc_group_id(b), 0x01234567,
+				 "assoc_group_id");
+	torture_assert_str_equal(tctx,
+				 dcerpc_binding_string(tctx, b),
+		"ncacn_ip_tcp:$HOST[,connect,target_hostname=$HOSTNAME,target_principal=$PRINCIPAL,assoc_group_id=0x01234567]",
+				 "back to string");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_parse_binding(tctx,
+		"ncacn_ip_tcp:$HOST[,packet,target_hostname=$HOSTNAME,target_principal=$PRINCIPAL,assoc_group_id=0x01234567]",
+		&b), "parse");
+	flags = dcerpc_binding_get_flags(b);
+	torture_assert(tctx, flags == DCERPC_PACKET, "packet flag");
+	torture_assert_str_equal(tctx, dcerpc_binding_get_string_option(b, "host"),
+				 "$HOST", "host");
+	torture_assert_str_equal(tctx, dcerpc_binding_get_string_option(b, "target_hostname"),
+				 "$HOSTNAME", "target_hostname");
+	torture_assert_str_equal(tctx, dcerpc_binding_get_string_option(b, "target_principal"),
+				 "$PRINCIPAL", "target_principal");
+	torture_assert_int_equal(tctx, dcerpc_binding_get_assoc_group_id(b), 0x01234567,
+				 "assoc_group_id");
+	torture_assert_str_equal(tctx,
+				 dcerpc_binding_string(tctx, b),
+		"ncacn_ip_tcp:$HOST[,packet,target_hostname=$HOSTNAME,target_principal=$PRINCIPAL,assoc_group_id=0x01234567]",
+				 "back to string");
+
+	return true;
+}
+
+static bool test_no_transport(struct torture_context *tctx, const void *test_data)
+{
+	const char *binding = test_data;
+	struct dcerpc_binding *b;
+	enum dcerpc_transport_t transport;
+	const char *s;
+
+	/* Parse */
+	torture_assert_ntstatus_ok(tctx, dcerpc_parse_binding(tctx, binding, &b),
+		"Error parsing binding string");
+
+	transport = dcerpc_binding_get_transport(b);
+	torture_assert(tctx, transport == NCA_UNKNOWN, "invalid transport");
+
+	s = dcerpc_binding_string(tctx, b);
+	torture_assert(tctx, s != NULL, "Error converting binding back to string");
+
+	torture_assert_casestr_equal(tctx, binding, s, 
+		"Mismatch while comparing original and regenerated binding strings");
+
+	return true;
+}
+
+static const char *test_no_strings[] = {
+	"port75.example.com",
+	"port75.example.com[75]",
+	"127.0.0.1",
+	"127.0.0.1[75]",
+	"127.0.0.1[,target_hostname=port75.example.com]",
+	"127.0.0.1[75,target_hostname=port75.example.com]",
+	"::",
+	"::[75]",
+	"::[,target_hostname=port75.example.com]",
+	"::[75,target_hostname=port75.example.com]",
+	"FD00::5357:5F00",
+	"FD00::5357:5F00[75]",
+	"FD00::5357:5F00[,target_hostname=port75.example.com]",
+	"FD00::5357:5F00[75,target_hostname=port75.example.com]",
+	"fe80::5357:5F00%75",
+	"fe80::5357:5F00%75[75]",
+	"fe80::5357:5F00%75[,target_hostname=port75.example.com]",
+	"fe80::5357:5F00%75[75,target_hostname=port75.example.com]",
+};
+
+struct torture_suite *torture_local_binding_string(TALLOC_CTX *mem_ctx)
+{
+	int i;
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "binding");
+
+	for (i = 0; i < ARRAY_SIZE(test_strings); i++) {
+		torture_suite_add_simple_tcase_const(suite, test_strings[i],
+						test_BindingString,
+						test_strings[i]);
+	}
+
+	for (i = 0; i < ARRAY_SIZE(test_no_strings); i++) {
+		torture_suite_add_simple_tcase_const(suite, test_no_strings[i],
+						     test_no_transport,
+						     test_no_strings[i]);
+	}
+
+	torture_suite_add_simple_test(suite, "parsing results",
+			test_parse_check_results);
+
+	return suite;
+}
diff --git a/source4/librpc/tests/claims_CLAIMS_SET_NDR.dat b/source4/librpc/tests/claims_CLAIMS_SET_NDR.dat
new file mode 100644
index 0000000..07627b8
--- /dev/null
+++ b/source4/librpc/tests/claims_CLAIMS_SET_NDR.dat
@@ -0,0 +1,23 @@
+[0000] 01 10 08 00 CC CC CC CC   48 01 00 00 00 00 00 00   ........ H.......
+[0010] 00 00 02 00 01 00 00 00   04 00 02 00 00 00 00 00   ........ ........
+[0020] 00 00 00 00 00 00 00 00   01 00 00 00 01 00 00 00   ........ ........
+[0030] 03 00 00 00 08 00 02 00   03 00 00 00 0C 00 02 00   ........ ........
+[0040] 06 00 06 00 01 00 00 00   10 00 02 00 14 00 02 00   ........ ........
+[0050] 03 00 03 00 03 00 00 00   18 00 02 00 28 00 02 00   ........ ....(...
+[0060] 02 00 02 00 04 00 00 00   2C 00 02 00 0B 00 00 00   ........ ,.......
+[0070] 00 00 00 00 0B 00 00 00   37 00 32 00 30 00 66 00   ........ 7.2.0.f.
+[0080] 64 00 33 00 63 00 33 00   5F 00 39 00 00 00 00 00   d.3.c.3. _.9.....
+[0090] 01 00 00 00 00 00 00 00   01 00 00 00 00 00 00 00   ........ ........
+[00A0] 0B 00 00 00 00 00 00 00   0B 00 00 00 37 00 32 00   ........ ....7.2.
+[00B0] 30 00 66 00 64 00 33 00   63 00 33 00 5F 00 37 00   0.f.d.3. c.3._.7.
+[00C0] 00 00 00 00 03 00 00 00   1C 00 02 00 20 00 02 00   ........ .... ...
+[00D0] 24 00 02 00 04 00 00 00   00 00 00 00 04 00 00 00   $....... ........
+[00E0] 66 00 6F 00 6F 00 00 00   04 00 00 00 00 00 00 00   f.o.o... ........
+[00F0] 04 00 00 00 62 00 61 00   72 00 00 00 04 00 00 00   ....b.a. r.......
+[0100] 00 00 00 00 04 00 00 00   62 00 61 00 7A 00 00 00   ........ b.a.z...
+[0110] 0B 00 00 00 00 00 00 00   0B 00 00 00 37 00 32 00   ........ ....7.2.
+[0120] 30 00 66 00 64 00 33 00   63 00 33 00 5F 00 38 00   0.f.d.3. c.3._.8.
+[0130] 00 00 00 00 04 00 00 00   09 00 0A 00 00 00 00 00   ........ ........
+[0140] 07 00 01 00 00 00 00 00   06 00 01 00 00 00 00 00   ........ ........
+[0150] 00 00 01 00 00 00 00 00                             ........
+
diff --git a/source4/librpc/tests/claims_CLAIMS_SET_NDR.txt b/source4/librpc/tests/claims_CLAIMS_SET_NDR.txt
new file mode 100644
index 0000000..7865325
--- /dev/null
+++ b/source4/librpc/tests/claims_CLAIMS_SET_NDR.txt
@@ -0,0 +1,55 @@
+pull returned Success
+    CLAIMS_SET_NDR: struct CLAIMS_SET_NDR
+        claims: struct CLAIMS_SET_CTR
+            claims                   : *
+                claims: struct CLAIMS_SET
+                    claims_array_count       : 0x00000001 (1)
+                    claims_arrays            : *
+                        claims_arrays: ARRAY(1)
+                            claims_arrays: struct CLAIMS_ARRAY
+                                claims_source_type       : CLAIMS_SOURCE_TYPE_AD (1)
+                                claims_count             : 0x00000003 (3)
+                                claim_entries            : *
+                                    claim_entries: ARRAY(3)
+                                        claim_entries: struct CLAIM_ENTRY
+                                            id                       : *
+                                                id                       : '720fd3c3_9'
+                                            type                     : CLAIM_TYPE_BOOLEAN (6)
+                                            values                   : union CLAIM_ENTRY_VALUES(case 6)
+                                            claim_boolean: struct CLAIM_UINT64
+                                                value_count              : 0x00000001 (1)
+                                                values                   : *
+                                                    values: ARRAY(1)
+                                                        values                   : 0x0000000000000001 (1)
+                                        claim_entries: struct CLAIM_ENTRY
+                                            id                       : *
+                                                id                       : '720fd3c3_7'
+                                            type                     : CLAIM_TYPE_STRING (3)
+                                            values                   : union CLAIM_ENTRY_VALUES(case 3)
+                                            claim_string: struct CLAIM_STRING
+                                                value_count              : 0x00000003 (3)
+                                                values                   : *
+                                                    values: ARRAY(3)
+                                                        values                   : *
+                                                            values                   : 'foo'
+                                                        values                   : *
+                                                            values                   : 'bar'
+                                                        values                   : *
+                                                            values                   : 'baz'
+                                        claim_entries: struct CLAIM_ENTRY
+                                            id                       : *
+                                                id                       : '720fd3c3_8'
+                                            type                     : CLAIM_TYPE_UINT64 (2)
+                                            values                   : union CLAIM_ENTRY_VALUES(case 2)
+                                            claim_uint64: struct CLAIM_UINT64
+                                                value_count              : 0x00000004 (4)
+                                                values                   : *
+                                                    values: ARRAY(4)
+                                                        values                   : 0x00000000000a0009 (655369)
+                                                        values                   : 0x0000000000010007 (65543)
+                                                        values                   : 0x0000000000010006 (65542)
+                                                        values                   : 0x0000000000010000 (65536)
+                    reserved_type            : 0x0000 (0)
+                    reserved_field_size      : 0x00000000 (0)
+                    reserved_field           : NULL
+dump OK
diff --git a/source4/librpc/tests/compressed_claims.txt b/source4/librpc/tests/compressed_claims.txt
new file mode 100644
index 0000000..fe4ed20
--- /dev/null
+++ b/source4/librpc/tests/compressed_claims.txt
@@ -0,0 +1,96 @@
+pull returned Success
+    CLAIMS_SET_METADATA_NDR: struct CLAIMS_SET_METADATA_NDR
+        claims: struct CLAIMS_SET_METADATA_CTR
+            metadata                 : *
+                metadata: struct CLAIMS_SET_METADATA
+                    claims_set_size          : 0x00000229 (553)
+                    claims_set               : *
+                        claims_set: struct CLAIMS_SET_NDR
+                            claims: struct CLAIMS_SET_CTR
+                                claims                   : *
+                                    claims: struct CLAIMS_SET
+                                        claims_array_count       : 0x00000001 (1)
+                                        claims_arrays            : *
+                                            claims_arrays: ARRAY(1)
+                                                claims_arrays: struct CLAIMS_ARRAY
+                                                    claims_source_type       : CLAIMS_SOURCE_TYPE_AD (1)
+                                                    claims_count             : 0x00000005 (5)
+                                                    claim_entries            : *
+                                                        claim_entries: ARRAY(5)
+                                                            claim_entries: struct CLAIM_ENTRY
+                                                                id                       : *
+                                                                    id                       : '720fd3c3_4'
+                                                                type                     : CLAIM_TYPE_BOOLEAN (6)
+                                                                values                   : union CLAIM_ENTRY_VALUES(case 6)
+                                                                claim_boolean: struct CLAIM_UINT64
+                                                                    value_count              : 0x00000001 (1)
+                                                                    values                   : *
+                                                                        values: ARRAY(1)
+                                                                            values                   : 0x0000000000000001 (1)
+                                                            claim_entries: struct CLAIM_ENTRY
+                                                                id                       : *
+                                                                    id                       : '720fd3c3_0'
+                                                                type                     : CLAIM_TYPE_STRING (3)
+                                                                values                   : union CLAIM_ENTRY_VALUES(case 3)
+                                                                claim_string: struct CLAIM_STRING
+                                                                    value_count              : 0x00000004 (4)
+                                                                    values                   : *
+                                                                        values: ARRAY(4)
+                                                                            values                   : *
+                                                                                values                   : 'A first value.'
+                                                                            values                   : *
+                                                                                values                   : 'A second value.'
+                                                                            values                   : *
+                                                                                values                   : 'A third value.'
+                                                                            values                   : *
+                                                                                values                   : 'A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed. A very long attribute value to ensure that this claim will be compressed.'
+                                                            claim_entries: struct CLAIM_ENTRY
+                                                                id                       : *
+                                                                    id                       : '720fd3c3_1'
+                                                                type                     : CLAIM_TYPE_STRING (3)
+                                                                values                   : union CLAIM_ENTRY_VALUES(case 3)
+                                                                claim_string: struct CLAIM_STRING
+                                                                    value_count              : 0x00000003 (3)
+                                                                    values                   : *
+                                                                        values: ARRAY(3)
+                                                                            values                   : *
+                                                                                values                   : 'DC=win22,DC=example,DC=com'
+                                                                            values                   : *
+                                                                                values                   : 'CN=Users,DC=win22,DC=example,DC=com'
+                                                                            values                   : *
+                                                                                values                   : 'CN=Computers,DC=win22,DC=example,DC=com'
+                                                            claim_entries: struct CLAIM_ENTRY
+                                                                id                       : *
+                                                                    id                       : '720fd3c3_2'
+                                                                type                     : CLAIM_TYPE_UINT64 (2)
+                                                                values                   : union CLAIM_ENTRY_VALUES(case 2)
+                                                                claim_uint64: struct CLAIM_UINT64
+                                                                    value_count              : 0x00000004 (4)
+                                                                    values                   : *
+                                                                        values: ARRAY(4)
+                                                                            values                   : 0x00000000000a0009 (655369)
+                                                                            values                   : 0x0000000000010007 (65543)
+                                                                            values                   : 0x0000000000010006 (65542)
+                                                                            values                   : 0x0000000000010000 (65536)
+                                                            claim_entries: struct CLAIM_ENTRY
+                                                                id                       : *
+                                                                    id                       : '720fd3c3_3'
+                                                                type                     : CLAIM_TYPE_UINT64 (2)
+                                                                values                   : union CLAIM_ENTRY_VALUES(case 2)
+                                                                claim_uint64: struct CLAIM_UINT64
+                                                                    value_count              : 0x00000004 (4)
+                                                                    values                   : *
+                                                                        values: ARRAY(4)
+                                                                            values                   : 0x00000000000a0009 (655369)
+                                                                            values                   : 0x0000000000010007 (65543)
+                                                                            values                   : 0x0000000000010006 (65542)
+                                                                            values                   : 0x0000000000010000 (65536)
+                                        reserved_type            : 0x0000 (0)
+                                        reserved_field_size      : 0x00000000 (0)
+                                        reserved_field           : NULL
+                    compression_format       : CLAIMS_COMPRESSION_FORMAT_XPRESS_HUFF (4)
+                    uncompressed_claims_set_size: 0x00002028 (8232)
+                    reserved_type            : 0x0000 (0)
+                    reserved_field_size      : 0x00000000 (0)
+                    reserved_field           : NULL
+dump OK
diff --git a/source4/librpc/tests/dns-decode_dns_name_packet-hex.dat b/source4/librpc/tests/dns-decode_dns_name_packet-hex.dat
new file mode 100644
index 0000000..c095bcc
--- /dev/null
+++ b/source4/librpc/tests/dns-decode_dns_name_packet-hex.dat
@@ -0,0 +1,7 @@
+[0000] EC EF 28 00 00 01 00 00   00 01 00 00 09 73 61 6D   ..(..... .....sam
+[0010] 62 61 32 30 30 33 07 65   78 61 6D 70 6C 65 03 63   ba2003.e xample.c
+[0020] 6F 6D 00 00 06 00 01 0F   63 6E 61 6D 65 64 6F 74   om...... cnamedot
+[0030] 70 72 65 66 69 78 30 C0   0C 00 05 00 01 00 00 03   prefix0. ........
+[0040] 84 00 13 00 0F 62 6E 61   6D 65 64 6F 74 70 72 65   .....bna medotpre
+[0050] 66 69 78 32 C0 0C                                   fix2..
+
diff --git a/source4/librpc/tests/dns-decode_dns_name_packet-hex.txt b/source4/librpc/tests/dns-decode_dns_name_packet-hex.txt
new file mode 100644
index 0000000..84b55f2
--- /dev/null
+++ b/source4/librpc/tests/dns-decode_dns_name_packet-hex.txt
@@ -0,0 +1,35 @@
+pull returned Success
+    dns_name_packet: struct dns_name_packet
+        id                       : 0xecef (60655)
+        operation                : 0x2800 (10240)
+            0x00: DNS_RCODE                 (0)
+               0: DNS_FLAG_RECURSION_AVAIL 
+               0: DNS_FLAG_RECURSION_DESIRED
+               0: DNS_FLAG_TRUNCATION      
+               0: DNS_FLAG_AUTHORITATIVE   
+            0x05: DNS_OPCODE                (5)
+               0: DNS_FLAG_REPLY           
+        qdcount                  : 0x0001 (1)
+        ancount                  : 0x0000 (0)
+        nscount                  : 0x0001 (1)
+        arcount                  : 0x0000 (0)
+        questions: ARRAY(1)
+            questions: struct dns_name_question
+                name                     : 'samba2003.example.com'
+                question_type            : DNS_QTYPE_SOA (0x6)
+                question_class           : DNS_QCLASS_IN (0x1)
+        answers: ARRAY(0)
+        nsrecs: ARRAY(1)
+            nsrecs: struct dns_res_rec
+                name                     : 'cnamedotprefix0.samba2003.example.com'
+                rr_type                  : DNS_QTYPE_CNAME (0x5)
+                rr_class                 : DNS_QCLASS_IN (0x1)
+                ttl                      : 0x00000384 (900)
+                length                   : 0x0013 (19)
+                rdata                    : union dns_rdata(case 0x5)
+                cname_record             : ''
+                unexpected               : DATA_BLOB length=18
+[0000] 0F 62 6E 61 6D 65 64 6F   74 70 72 65 66 69 78 32   .bnamedo tprefix2
+[0010] C0 0C                                               ..
+        additional: ARRAY(0)
+dump OK
diff --git a/source4/librpc/tests/dnsp-DnssrvRpcRecord.txt b/source4/librpc/tests/dnsp-DnssrvRpcRecord.txt
new file mode 100644
index 0000000..fd16922
--- /dev/null
+++ b/source4/librpc/tests/dnsp-DnssrvRpcRecord.txt
@@ -0,0 +1,32 @@
+pull returned Success
+    dnsp_DnssrvRpcRecord: struct dnsp_DnssrvRpcRecord
+        wDataLength              : 0x0005 (5)
+        wType                    : DNS_TYPE_MX (15)
+        version                  : 0x05 (5)
+        rank                     : DNS_RANK_ZONE (240)
+        flags                    : 0x0000 (0)
+        dwSerial                 : 0x000000b7 (183)
+        dwTtlSeconds             : 0x00000384 (900)
+        dwReserved               : 0x00000000 (0)
+        dwTimeStamp              : 0x00000000 (0)
+        data                     : union dnsRecordData(case 15)
+        mx: struct dnsp_mx
+            wPriority                : 0x000a (10)
+            nameTarget               : 
+push returned Success
+pull returned Success
+    dnsp_DnssrvRpcRecord: struct dnsp_DnssrvRpcRecord
+        wDataLength              : 0x0005 (5)
+        wType                    : DNS_TYPE_MX (15)
+        version                  : 0x05 (5)
+        rank                     : DNS_RANK_ZONE (240)
+        flags                    : 0x0000 (0)
+        dwSerial                 : 0x000000b7 (183)
+        dwTtlSeconds             : 0x00000384 (900)
+        dwReserved               : 0x00000000 (0)
+        dwTimeStamp              : 0x00000000 (0)
+        data                     : union dnsRecordData(case 15)
+        mx: struct dnsp_mx
+            wPriority                : 0x000a (10)
+            nameTarget               : 
+dump OK
diff --git a/source4/librpc/tests/fuzzed_drsuapi_DsAddEntry_1.b64.txt b/source4/librpc/tests/fuzzed_drsuapi_DsAddEntry_1.b64.txt
new file mode 100644
index 0000000..2004462
--- /dev/null
+++ b/source4/librpc/tests/fuzzed_drsuapi_DsAddEntry_1.b64.txt
@@ -0,0 +1 @@
+AAAAAG38HKtrYtJKu7r2SJ3wBjACAAAAAgAAAAAAAAAAAAIAAAAAAAsAAAAEAAIAggAAADwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACBAAAAQwBOAD0ATgBUAEQAUwAgAFMAZQB0AHQAaQBuAGcAcwAsAEMATgA9AHMAbQBiAHQAbwByAHQAdQByAGUAZABjACwAQwBOAD0AUwBlAHIAdgBlAHIAcwAsAEMATgA9AEQAZQBmAGEAdQBsAHQALQBGAGkAcgBzAHQALQBTAGkAdABlAC0ATgBhAG0AZQAsAEMATgA9AFMAaQB0AGUAcwAsAEMATgA9AEMAbwBuAGYAaQBnAHUAcgBhAHQAaQBvAG4ALABE/0MAPQBzAGEAbQBiAGEAMgAwADAAOAByADIALABEAEMAPQBlAHgAYQBtAHAAbABlACwARABDAD3+AAAAAAAAAAALAAAAGQECAAEAAAAIAAIAAAAAAAEAAAAMAAIADgMJAAEAAAAQAAIAcwACAAEAAAAUAAIADgACAAMAAAAYAAIALAcJAAMAAAAcAAIAJAACAAEAAAAgAAIAHAcJAAEAAAAkAAIAswUJAAEAAACDAAIAdwEJAAEAAAAsAAIAAwAJAAEAAAAwAAIAAQAAAKAAAAA0AAIAoAAAAAEABIAUAAAAMAAAAAAAAABMAAAAAQUAAAAAAAUVAAAAS31jTHRMr+ateOGxAAIAAAEFAAAAAAAFFQAAAEt9Y0x0TK/mrXjhsQACAAACAFQAAwAAAAAAFACUAAIAAQEAAAAAAAULAAAAAAAkAP0BDwABBQAAAAAABRUAAABLfWNMdEyv5q144bEAAgAAAAAUAP8BDwABAQAAAAAABRIAAAABAAAABAAAADgAAgADAAAALwAXAAEAAADIAAAAPAACAMgAAADIAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARwAAAEMATgA9AE4AVABEAFMALQBEAFMAQQWaAEMATgA9AFMAYwBoAGUAbQBhACwAQwBOAD0AQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAsAEQAQwA9AHMAYQBtAGIAYQAyADAAMAA4AHIAMgAsAEQAQwA9AGUAeABhAG0AcABsAGUALABEAEMAPQBjAG8AbQAAAAEAAAAQAAAAQAACABAAAAAbcOooBthZR6nsXn3lUhbcAwAAAJwAAABEAAIAegAAAEgAAgCwAAAATAACAJwAAACcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMQAAAEMATgA9AEMAbwBuAGYAaQBnAHUAcgBhAHQAaQBvAG4ALABEAEMAPQBzAGEAbQBiAGEAMgAwADAAOAByADIALABEAEMAPQBlAHgAYQBtAHAAbABlACwARABDAD0AYwBvAG0AAAB6AAAAegAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAABEAEMAPQBzAGEAbQBiAGEAMgAwADAAOAByADIALABEAEMAPQBlAHgAYQBtAHAAbABlACwARABDAD0AYwBvAG0AAAAAALAAAACwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOwAAAEMATgA9AFMAYwBoAGUAbQBhACwAQwBOAD0AQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAsAEQAQwA9AHMAYQBtAGIAYQAyADAAMAA4AHIAMgAsAEQAQwA9AGUAeABhAG0AcABsAGUALABEAEMAPQBjAG8AbQAAAAMAAACcAAAAUAACAHoAAABUAAIAsAAAAFgAAgCcAAAAnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADEAAABDAE4APQBDAG8AbgBmAGkAZwB1AHIAYQB0AGkAbwBuACwARABDAD0AcwBhAG0AYgBhADIAMAAwADgAcgAyACwARABDAD0AZQB4AGEAbQBwAGwAZQAsAEQAQwA9AGMAbwBtAAAAegAAAHoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAARABDAD0AcwBhAG0AYgBhADIAMAAwADgAcgAyACwARABDAD0AZQB4AGEAbQBwAGwAZQAsAEQAQwA9AGMAbwBtAAAAAACwAAAAsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADsAAABDAE4APQBTAGMAaABkAG0AYQAsAEMATgA9AEMAbwBuAGYAaQBnAHUAcgBhAHQAaQBvAG4ALABEAEMAPQBzAGEAbQBiAGEAMgAwADAAOAByADIALABEAEMAPQBlAHgAYQBtAHAAbABlACwARABDAD0AYwBvAG0AAAABAAAAsAAAAFwAAgCwAAAAsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAADsAAABDAE4APQBTAGMAaABlAG0ABYSZza4ATv89AEMAbwBuAGYAaQBnAHUAcgBhAHQAaQBvAG4ALABEAEMAPQBzAGEAbQBiAGEAMgAwADAAOAByADIALABEAEMAPQBlAHgAYQBtAHAAbABlACwARABDAD0AYwBvAG0AAAABAAAAegAAAGAAAgB6AAAAegAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAABEAEMAPQBzAGEAbQBiAGEAMgAwADAAOAByADIALABEAEMAPQBlAHgAYQBtAHAAbABlACwARABDAD0AYwBvAG0AAAAAAAEAAAAEAAAAZAACAAQAAAAEAAAAAQAAAAQAAABoAAIABAAAAAAAAAIBAAAAtAAAAGwAAgC0AAAAtAAAAAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD0AAABDAE4APQBzAG0AYgB0AG8AcgB0AHUAcgBlAGQAYwAsAEMATgA9AEMAbwBtAHAAdQB0AGUAcgBzACwARABDAD0AcwBhAG0AYgBhADIAMAAwADgAcgAyACwARABDAD0AZQB4AGEAbQBwAGwAZQAsAEQAQwA9AGMAbwBtAOsAAT0BsQFpOxKN7SeSaRtLcWeFbQVEWmptqhYpN0lAzfUGr3aRSJAkOIGKonAOV2g=
diff --git a/source4/librpc/tests/fuzzed_drsuapi_DsAddEntry_1.txt b/source4/librpc/tests/fuzzed_drsuapi_DsAddEntry_1.txt
new file mode 100644
index 0000000..365be43
--- /dev/null
+++ b/source4/librpc/tests/fuzzed_drsuapi_DsAddEntry_1.txt
@@ -0,0 +1,785 @@
+pull returned Success
+WARNING! 47 unread bytes
+[0000] 01 3D 01 B1 01 69 3B 12   8D ED 27 92 69 1B 4B 71   .=...i;. ..'.i.Kq
+[0010] 67 85 6D 05 44 5A 6A 6D   AA 16 29 37 49 40 CD F5   g.m.DZjm ..)7I@..
+[0020] 06 AF 76 91 48 90 24 38   81 8A A2 70 0E 57 68      ..v.H.$8 ...p.Wh
+    drsuapi_DsAddEntry: struct drsuapi_DsAddEntry
+        in: struct drsuapi_DsAddEntry
+            bind_handle              : *
+                bind_handle: struct policy_handle
+                    handle_type              : 0x00000000 (0)
+                    uuid                     : ab1cfc6d-626b-4ad2-bbba-f6489df00630
+            level                    : 0x00000002 (2)
+            req                      : *
+                req                      : union drsuapi_DsAddEntryRequest(case 2)
+                req2: struct drsuapi_DsAddEntryRequest2
+                    first_object: struct drsuapi_DsReplicaObjectListItem
+                        next_object              : NULL
+                        object: struct drsuapi_DsReplicaObject
+                            identifier               : *
+                                identifier: struct drsuapi_DsReplicaObjectIdentifier
+                                    __ndr_size               : 0x0000013c (316)
+                                    __ndr_size_sid           : 0x00000000 (0)
+                                    guid                     : 00000000-0000-0000-0000-000000000000
+                                    sid                      : S-0-0
+                                    __ndr_size_dn            : 0x00000081 (129)
+                                    dn                       : 'CN=NTDS Settings,CN=smbtorturedc,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,ｄC=samba2008r2,DC=example,DC︽'
+                            flags                    : 0x00000000 (0)
+                                   0: DRSUAPI_DS_REPLICA_OBJECT_FROM_MASTER
+                                   0: DRSUAPI_DS_REPLICA_OBJECT_DYNAMIC
+                                   0: DRSUAPI_DS_REPLICA_OBJECT_REMOTE_MODIFY
+                            attribute_ctr: struct drsuapi_DsReplicaAttributeCtr
+                                num_attributes           : 0x0000000b (11)
+                                attributes               : *
+                                    attributes: ARRAY(11)
+                                        attributes: struct drsuapi_DsReplicaAttribute
+                                            attid                    : DRSUAPI_ATTID_ntSecurityDescriptor (0x20119)
+                                            value_ctr: struct drsuapi_DsAttributeValueCtr
+                                                num_values               : 0x00000001 (1)
+                                                values                   : *
+                                                    values: ARRAY(1)
+                                                        values: struct drsuapi_DsAttributeValue
+                                                            __ndr_size               : 0x000000a0 (160)
+                                                            blob                     : *
+                                                                blob                     : DATA_BLOB length=160
+[0000] 01 00 04 80 14 00 00 00   30 00 00 00 00 00 00 00   ........ 0.......
+[0010] 4C 00 00 00 01 05 00 00   00 00 00 05 15 00 00 00   L....... ........
+[0020] 4B 7D 63 4C 74 4C AF E6   AD 78 E1 B1 00 02 00 00   K}cLtL.. .x......
+[0030] 01 05 00 00 00 00 00 05   15 00 00 00 4B 7D 63 4C   ........ ....K}cL
+[0040] 74 4C AF E6 AD 78 E1 B1   00 02 00 00 02 00 54 00   tL...x.. ......T.
+[0050] 03 00 00 00 00 00 14 00   94 00 02 00 01 01 00 00   ........ ........
+[0060] 00 00 00 05 0B 00 00 00   00 00 24 00 FD 01 0F 00   ........ ..$.....
+[0070] 01 05 00 00 00 00 00 05   15 00 00 00 4B 7D 63 4C   ........ ....K}cL
+[0080] 74 4C AF E6 AD 78 E1 B1   00 02 00 00 00 00 14 00   tL...x.. ........
+[0090] FF 01 0F 00 01 01 00 00   00 00 00 05 12 00 00 00   ........ ........
+                                        attributes: struct drsuapi_DsReplicaAttribute
+                                            attid                    : DRSUAPI_ATTID_objectClass (0x0)
+                                            value_ctr: struct drsuapi_DsAttributeValueCtr
+                                                num_values               : 0x00000001 (1)
+                                                values                   : *
+                                                    values: ARRAY(1)
+                                                        values: struct drsuapi_DsAttributeValue
+                                                            attid                    : DATA_BLOB length=3
+[0000] 2F 00 17                                            /..
+                                        attributes: struct drsuapi_DsReplicaAttribute
+                                            attid                    : DRSUAPI_ATTID_objectCategory (0x9030E)
+                                            value_ctr: struct drsuapi_DsAttributeValueCtr
+                                                num_values               : 0x00000001 (1)
+                                                values                   : *
+                                                    values: ARRAY(1)
+                                                        values: struct drsuapi_DsAttributeValue
+                                                            __ndr_size               : 0x000000c8 (200)
+                                                            blob                     : *
+                                                                blob                     : DATA_BLOB length=200
+[0000] C8 00 00 00 00 00 00 00   00 00 00 00 00 00 02 00   ........ ........
+skipping zero buffer bytes
+[0030] 00 00 00 00 47 00 00 00   43 00 4E 00 3D 00 4E 00   ....G... C.N.=.N.
+[0040] 54 00 44 00 53 00 2D 00   44 00 53 00 41 05 9A 00   T.D.S.-. D.S.A...
+[0050] 43 00 4E 00 3D 00 53 00   63 00 68 00 65 00 6D 00   C.N.=.S. c.h.e.m.
+[0060] 61 00 2C 00 43 00 4E 00   3D 00 43 00 6F 00 6E 00   a.,.C.N. =.C.o.n.
+[0070] 66 00 69 00 67 00 75 00   72 00 61 00 74 00 69 00   f.i.g.u. r.a.t.i.
+[0080] 6F 00 6E 00 2C 00 44 00   43 00 3D 00 73 00 61 00   o.n.,.D. C.=.s.a.
+[0090] 6D 00 62 00 61 00 32 00   30 00 30 00 38 00 72 00   m.b.a.2. 0.0.8.r.
+[00A0] 32 00 2C 00 44 00 43 00   3D 00 65 00 78 00 61 00   2.,.D.C. =.e.x.a.
+[00B0] 6D 00 70 00 6C 00 65 00   2C 00 44 00 43 00 3D 00   m.p.l.e. ,.D.C.=.
+[00C0] 63 00 6F 00 6D 00 00 00                             c.o.m...
+                                        attributes: struct drsuapi_DsReplicaAttribute
+                                            attid                    : DRSUAPI_ATTID_invocationId (0x20073)
+                                            value_ctr: struct drsuapi_DsAttributeValueCtr
+                                                num_values               : 0x00000001 (1)
+                                                values                   : *
+                                                    values: ARRAY(1)
+                                                        values: struct drsuapi_DsAttributeValue
+                                                            __ndr_size               : 0x00000010 (16)
+                                                            blob                     : *
+                                                                blob                     : DATA_BLOB length=16
+[0000] 1B 70 EA 28 06 D8 59 47   A9 EC 5E 7D E5 52 16 DC   .p.(..YG ..^}.R..
+                                        attributes: struct drsuapi_DsReplicaAttribute
+                                            attid                    : DRSUAPI_ATTID_hasMasterNCs (0x2000E)
+                                            value_ctr: struct drsuapi_DsAttributeValueCtr
+                                                num_values               : 0x00000003 (3)
+                                                values                   : *
+                                                    values: ARRAY(3)
+                                                        values: struct drsuapi_DsAttributeValue
+                                                            __ndr_size               : 0x0000009c (156)
+                                                            blob                     : *
+                                                                blob                     : DATA_BLOB length=156
+[0000] 9C 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
+skipping zero buffer bytes
+[0030] 00 00 00 00 31 00 00 00   43 00 4E 00 3D 00 43 00   ....1... C.N.=.C.
+[0040] 6F 00 6E 00 66 00 69 00   67 00 75 00 72 00 61 00   o.n.f.i. g.u.r.a.
+[0050] 74 00 69 00 6F 00 6E 00   2C 00 44 00 43 00 3D 00   t.i.o.n. ,.D.C.=.
+[0060] 73 00 61 00 6D 00 62 00   61 00 32 00 30 00 30 00   s.a.m.b. a.2.0.0.
+[0070] 38 00 72 00 32 00 2C 00   44 00 43 00 3D 00 65 00   8.r.2.,. D.C.=.e.
+[0080] 78 00 61 00 6D 00 70 00   6C 00 65 00 2C 00 44 00   x.a.m.p. l.e.,.D.
+[0090] 43 00 3D 00 63 00 6F 00   6D 00 00 00               C.=.c.o. m...
+                                                        values: struct drsuapi_DsAttributeValue
+                                                            __ndr_size               : 0x0000007a (122)
+                                                            blob                     : *
+                                                                blob                     : DATA_BLOB length=122
+[0000] 7A 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   z....... ........
+skipping zero buffer bytes
+[0030] 00 00 00 00 20 00 00 00   44 00 43 00 3D 00 73 00   .... ... D.C.=.s.
+[0040] 61 00 6D 00 62 00 61 00   32 00 30 00 30 00 38 00   a.m.b.a. 2.0.0.8.
+[0050] 72 00 32 00 2C 00 44 00   43 00 3D 00 65 00 78 00   r.2.,.D. C.=.e.x.
+[0060] 61 00 6D 00 70 00 6C 00   65 00 2C 00 44 00 43 00   a.m.p.l. e.,.D.C.
+[0070] 3D 00 63 00 6F 00 6D 00   00 00                     =.c.o.m. ..
+                                                        values: struct drsuapi_DsAttributeValue
+                                                            __ndr_size               : 0x000000b0 (176)
+                                                            blob                     : *
+                                                                blob                     : DATA_BLOB length=176
+[0000] B0 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
+[0010] 00 00 00 00 00 00 00 00   08 00 00 00 00 00 00 00   ........ ........
+skipping zero buffer bytes
+[0030] 00 00 00 00 3B 00 00 00   43 00 4E 00 3D 00 53 00   ....;... C.N.=.S.
+[0040] 63 00 68 00 65 00 6D 00   61 00 2C 00 43 00 4E 00   c.h.e.m. a.,.C.N.
+[0050] 3D 00 43 00 6F 00 6E 00   66 00 69 00 67 00 75 00   =.C.o.n. f.i.g.u.
+[0060] 72 00 61 00 74 00 69 00   6F 00 6E 00 2C 00 44 00   r.a.t.i. o.n.,.D.
+[0070] 43 00 3D 00 73 00 61 00   6D 00 62 00 61 00 32 00   C.=.s.a. m.b.a.2.
+[0080] 30 00 30 00 38 00 72 00   32 00 2C 00 44 00 43 00   0.0.8.r. 2.,.D.C.
+[0090] 3D 00 65 00 78 00 61 00   6D 00 70 00 6C 00 65 00   =.e.x.a. m.p.l.e.
+[00A0] 2C 00 44 00 43 00 3D 00   63 00 6F 00 6D 00 00 00   ,.D.C.=. c.o.m...
+                                        attributes: struct drsuapi_DsReplicaAttribute
+                                            attid                    : DRSUAPI_ATTID_msDS_hasMasterNCs (0x9072C)
+                                            value_ctr: struct drsuapi_DsAttributeValueCtr
+                                                num_values               : 0x00000003 (3)
+                                                values                   : *
+                                                    values: ARRAY(3)
+                                                        values: struct drsuapi_DsAttributeValue
+                                                            __ndr_size               : 0x0000009c (156)
+                                                            blob                     : *
+                                                                blob                     : DATA_BLOB length=156
+[0000] 9C 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
+skipping zero buffer bytes
+[0030] 00 00 00 00 31 00 00 00   43 00 4E 00 3D 00 43 00   ....1... C.N.=.C.
+[0040] 6F 00 6E 00 66 00 69 00   67 00 75 00 72 00 61 00   o.n.f.i. g.u.r.a.
+[0050] 74 00 69 00 6F 00 6E 00   2C 00 44 00 43 00 3D 00   t.i.o.n. ,.D.C.=.
+[0060] 73 00 61 00 6D 00 62 00   61 00 32 00 30 00 30 00   s.a.m.b. a.2.0.0.
+[0070] 38 00 72 00 32 00 2C 00   44 00 43 00 3D 00 65 00   8.r.2.,. D.C.=.e.
+[0080] 78 00 61 00 6D 00 70 00   6C 00 65 00 2C 00 44 00   x.a.m.p. l.e.,.D.
+[0090] 43 00 3D 00 63 00 6F 00   6D 00 00 00               C.=.c.o. m...
+                                                        values: struct drsuapi_DsAttributeValue
+                                                            __ndr_size               : 0x0000007a (122)
+                                                            blob                     : *
+                                                                blob                     : DATA_BLOB length=122
+[0000] 7A 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   z....... ........
+skipping zero buffer bytes
+[0030] 00 00 00 00 20 00 00 00   44 00 43 00 3D 00 73 00   .... ... D.C.=.s.
+[0040] 61 00 6D 00 62 00 61 00   32 00 30 00 30 00 38 00   a.m.b.a. 2.0.0.8.
+[0050] 72 00 32 00 2C 00 44 00   43 00 3D 00 65 00 78 00   r.2.,.D. C.=.e.x.
+[0060] 61 00 6D 00 70 00 6C 00   65 00 2C 00 44 00 43 00   a.m.p.l. e.,.D.C.
+[0070] 3D 00 63 00 6F 00 6D 00   00 00                     =.c.o.m. ..
+                                                        values: struct drsuapi_DsAttributeValue
+                                                            __ndr_size               : 0x000000b0 (176)
+                                                            blob                     : *
+                                                                blob                     : DATA_BLOB length=176
+[0000] B0 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
+skipping zero buffer bytes
+[0030] 00 00 00 00 3B 00 00 00   43 00 4E 00 3D 00 53 00   ....;... C.N.=.S.
+[0040] 63 00 68 00 64 00 6D 00   61 00 2C 00 43 00 4E 00   c.h.d.m. a.,.C.N.
+[0050] 3D 00 43 00 6F 00 6E 00   66 00 69 00 67 00 75 00   =.C.o.n. f.i.g.u.
+[0060] 72 00 61 00 74 00 69 00   6F 00 6E 00 2C 00 44 00   r.a.t.i. o.n.,.D.
+[0070] 43 00 3D 00 73 00 61 00   6D 00 62 00 61 00 32 00   C.=.s.a. m.b.a.2.
+[0080] 30 00 30 00 38 00 72 00   32 00 2C 00 44 00 43 00   0.0.8.r. 2.,.D.C.
+[0090] 3D 00 65 00 78 00 61 00   6D 00 70 00 6C 00 65 00   =.e.x.a. m.p.l.e.
+[00A0] 2C 00 44 00 43 00 3D 00   63 00 6F 00 6D 00 00 00   ,.D.C.=. c.o.m...
+                                        attributes: struct drsuapi_DsReplicaAttribute
+                                            attid                    : DRSUAPI_ATTID_dMDLocation (0x20024)
+                                            value_ctr: struct drsuapi_DsAttributeValueCtr
+                                                num_values               : 0x00000001 (1)
+                                                values                   : *
+                                                    values: ARRAY(1)
+                                                        values: struct drsuapi_DsAttributeValue
+                                                            string                   : '°'
+                                        attributes: struct drsuapi_DsReplicaAttribute
+                                            attid                    : DRSUAPI_ATTID_msDS_HasDomainNCs (0x9071C)
+                                            value_ctr: struct drsuapi_DsAttributeValueCtr
+                                                num_values               : 0x00000001 (1)
+                                                values                   : *
+                                                    values: ARRAY(1)
+                                                        values: struct drsuapi_DsAttributeValue
+                                                            __ndr_size               : 0x0000007a (122)
+                                                            blob                     : *
+                                                                blob                     : DATA_BLOB length=122
+[0000] 7A 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   z....... ........
+skipping zero buffer bytes
+[0030] 00 00 00 00 20 00 00 00   44 00 43 00 3D 00 73 00   .... ... D.C.=.s.
+[0040] 61 00 6D 00 62 00 61 00   32 00 30 00 30 00 38 00   a.m.b.a. 2.0.0.8.
+[0050] 72 00 32 00 2C 00 44 00   43 00 3D 00 65 00 78 00   r.2.,.D. C.=.e.x.
+[0060] 61 00 6D 00 70 00 6C 00   65 00 2C 00 44 00 43 00   a.m.p.l. e.,.D.C.
+[0070] 3D 00 63 00 6F 00 6D 00   00 00                     =.c.o.m. ..
+                                        attributes: struct drsuapi_DsReplicaAttribute
+                                            attid                    : DRSUAPI_ATTID_msDS_Behavior_Version (0x905B3)
+                                            value_ctr: struct drsuapi_DsAttributeValueCtr
+                                                num_values               : 0x00000001 (1)
+                                                values                   : *
+                                                    values: ARRAY(1)
+                                                        values: struct drsuapi_DsAttributeValue
+                                                            __ndr_size               : 0x00000004 (4)
+                                                            blob                     : *
+                                                                blob                     : DATA_BLOB length=4
+[0000] 04 00 00 00                                         ....
+                                        attributes: struct drsuapi_DsReplicaAttribute
+                                            attid                    : DRSUAPI_ATTID_systemFlags (0x90177)
+                                            value_ctr: struct drsuapi_DsAttributeValueCtr
+                                                num_values               : 0x00000001 (1)
+                                                values                   : *
+                                                    values: ARRAY(1)
+                                                        values: struct drsuapi_DsAttributeValue
+                                                            __ndr_size               : 0x00000004 (4)
+                                                            blob                     : *
+                                                                blob                     : DATA_BLOB length=4
+[0000] 00 00 00 02                                         ....
+                                        attributes: struct drsuapi_DsReplicaAttribute
+                                            attid                    : DRSUAPI_ATTID_replPropertyMetaData (0x90003)
+                                            value_ctr: struct drsuapi_DsAttributeValueCtr
+                                                num_values               : 0x00000001 (1)
+                                                values                   : *
+                                                    values: ARRAY(1)
+                                                        values: struct drsuapi_DsAttributeValue
+                                                            __ndr_size               : 0x000000b4 (180)
+                                                            blob                     : *
+                                                                blob                     : DATA_BLOB length=180
+[0000] B4 00 00 00 00 00 00 00   00 00 00 00 00 00 00 02   ........ ........
+skipping zero buffer bytes
+[0030] 00 00 00 00 3D 00 00 00   43 00 4E 00 3D 00 73 00   ....=... C.N.=.s.
+[0040] 6D 00 62 00 74 00 6F 00   72 00 74 00 75 00 72 00   m.b.t.o. r.t.u.r.
+[0050] 65 00 64 00 63 00 2C 00   43 00 4E 00 3D 00 43 00   e.d.c.,. C.N.=.C.
+[0060] 6F 00 6D 00 70 00 75 00   74 00 65 00 72 00 73 00   o.m.p.u. t.e.r.s.
+[0070] 2C 00 44 00 43 00 3D 00   73 00 61 00 6D 00 62 00   ,.D.C.=. s.a.m.b.
+[0080] 61 00 32 00 30 00 30 00   38 00 72 00 32 00 2C 00   a.2.0.0. 8.r.2.,.
+[0090] 44 00 43 00 3D 00 65 00   78 00 61 00 6D 00 70 00   D.C.=.e. x.a.m.p.
+[00A0] 6C 00 65 00 2C 00 44 00   43 00 3D 00 63 00 6F 00   l.e.,.D. C.=.c.o.
+[00B0] 6D 00 EB 00                                         m...
+push returned Success
+pull returned Success
+    drsuapi_DsAddEntry: struct drsuapi_DsAddEntry
+        in: struct drsuapi_DsAddEntry
+            bind_handle              : *
+                bind_handle: struct policy_handle
+                    handle_type              : 0x00000000 (0)
+                    uuid                     : ab1cfc6d-626b-4ad2-bbba-f6489df00630
+            level                    : 0x00000002 (2)
+            req                      : *
+                req                      : union drsuapi_DsAddEntryRequest(case 2)
+                req2: struct drsuapi_DsAddEntryRequest2
+                    first_object: struct drsuapi_DsReplicaObjectListItem
+                        next_object              : NULL
+                        object: struct drsuapi_DsReplicaObject
+                            identifier               : *
+                                identifier: struct drsuapi_DsReplicaObjectIdentifier
+                                    __ndr_size               : 0x00000136 (310)
+                                    __ndr_size_sid           : 0x00000000 (0)
+                                    guid                     : 00000000-0000-0000-0000-000000000000
+                                    sid                      : S-0-0
+                                    __ndr_size_dn            : 0x0000007e (126)
+                                    dn                       : 'CN=NTDS Settings,CN=smbtorturedc,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,ｄC=samba2008r2,DC=example,DC︽'
+                            flags                    : 0x00000000 (0)
+                                   0: DRSUAPI_DS_REPLICA_OBJECT_FROM_MASTER
+                                   0: DRSUAPI_DS_REPLICA_OBJECT_DYNAMIC
+                                   0: DRSUAPI_DS_REPLICA_OBJECT_REMOTE_MODIFY
+                            attribute_ctr: struct drsuapi_DsReplicaAttributeCtr
+                                num_attributes           : 0x0000000b (11)
+                                attributes               : *
+                                    attributes: ARRAY(11)
+                                        attributes: struct drsuapi_DsReplicaAttribute
+                                            attid                    : DRSUAPI_ATTID_ntSecurityDescriptor (0x20119)
+                                            value_ctr: struct drsuapi_DsAttributeValueCtr
+                                                num_values               : 0x00000001 (1)
+                                                values                   : *
+                                                    values: ARRAY(1)
+                                                        values: struct drsuapi_DsAttributeValue
+                                                            __ndr_size               : 0x000000a0 (160)
+                                                            blob                     : *
+                                                                blob                     : DATA_BLOB length=160
+[0000] 01 00 04 80 14 00 00 00   30 00 00 00 00 00 00 00   ........ 0.......
+[0010] 4C 00 00 00 01 05 00 00   00 00 00 05 15 00 00 00   L....... ........
+[0020] 4B 7D 63 4C 74 4C AF E6   AD 78 E1 B1 00 02 00 00   K}cLtL.. .x......
+[0030] 01 05 00 00 00 00 00 05   15 00 00 00 4B 7D 63 4C   ........ ....K}cL
+[0040] 74 4C AF E6 AD 78 E1 B1   00 02 00 00 02 00 54 00   tL...x.. ......T.
+[0050] 03 00 00 00 00 00 14 00   94 00 02 00 01 01 00 00   ........ ........
+[0060] 00 00 00 05 0B 00 00 00   00 00 24 00 FD 01 0F 00   ........ ..$.....
+[0070] 01 05 00 00 00 00 00 05   15 00 00 00 4B 7D 63 4C   ........ ....K}cL
+[0080] 74 4C AF E6 AD 78 E1 B1   00 02 00 00 00 00 14 00   tL...x.. ........
+[0090] FF 01 0F 00 01 01 00 00   00 00 00 05 12 00 00 00   ........ ........
+                                        attributes: struct drsuapi_DsReplicaAttribute
+                                            attid                    : DRSUAPI_ATTID_objectClass (0x0)
+                                            value_ctr: struct drsuapi_DsAttributeValueCtr
+                                                num_values               : 0x00000001 (1)
+                                                values                   : *
+                                                    values: ARRAY(1)
+                                                        values: struct drsuapi_DsAttributeValue
+                                                            attid                    : DATA_BLOB length=3
+[0000] 2F 00 17                                            /..
+                                        attributes: struct drsuapi_DsReplicaAttribute
+                                            attid                    : DRSUAPI_ATTID_objectCategory (0x9030E)
+                                            value_ctr: struct drsuapi_DsAttributeValueCtr
+                                                num_values               : 0x00000001 (1)
+                                                values                   : *
+                                                    values: ARRAY(1)
+                                                        values: struct drsuapi_DsAttributeValue
+                                                            __ndr_size               : 0x000000c8 (200)
+                                                            blob                     : *
+                                                                blob                     : DATA_BLOB length=200
+[0000] C8 00 00 00 00 00 00 00   00 00 00 00 00 00 02 00   ........ ........
+skipping zero buffer bytes
+[0030] 00 00 00 00 47 00 00 00   43 00 4E 00 3D 00 4E 00   ....G... C.N.=.N.
+[0040] 54 00 44 00 53 00 2D 00   44 00 53 00 41 05 9A 00   T.D.S.-. D.S.A...
+[0050] 43 00 4E 00 3D 00 53 00   63 00 68 00 65 00 6D 00   C.N.=.S. c.h.e.m.
+[0060] 61 00 2C 00 43 00 4E 00   3D 00 43 00 6F 00 6E 00   a.,.C.N. =.C.o.n.
+[0070] 66 00 69 00 67 00 75 00   72 00 61 00 74 00 69 00   f.i.g.u. r.a.t.i.
+[0080] 6F 00 6E 00 2C 00 44 00   43 00 3D 00 73 00 61 00   o.n.,.D. C.=.s.a.
+[0090] 6D 00 62 00 61 00 32 00   30 00 30 00 38 00 72 00   m.b.a.2. 0.0.8.r.
+[00A0] 32 00 2C 00 44 00 43 00   3D 00 65 00 78 00 61 00   2.,.D.C. =.e.x.a.
+[00B0] 6D 00 70 00 6C 00 65 00   2C 00 44 00 43 00 3D 00   m.p.l.e. ,.D.C.=.
+[00C0] 63 00 6F 00 6D 00 00 00                             c.o.m...
+                                        attributes: struct drsuapi_DsReplicaAttribute
+                                            attid                    : DRSUAPI_ATTID_invocationId (0x20073)
+                                            value_ctr: struct drsuapi_DsAttributeValueCtr
+                                                num_values               : 0x00000001 (1)
+                                                values                   : *
+                                                    values: ARRAY(1)
+                                                        values: struct drsuapi_DsAttributeValue
+                                                            __ndr_size               : 0x00000010 (16)
+                                                            blob                     : *
+                                                                blob                     : DATA_BLOB length=16
+[0000] 1B 70 EA 28 06 D8 59 47   A9 EC 5E 7D E5 52 16 DC   .p.(..YG ..^}.R..
+                                        attributes: struct drsuapi_DsReplicaAttribute
+                                            attid                    : DRSUAPI_ATTID_hasMasterNCs (0x2000E)
+                                            value_ctr: struct drsuapi_DsAttributeValueCtr
+                                                num_values               : 0x00000003 (3)
+                                                values                   : *
+                                                    values: ARRAY(3)
+                                                        values: struct drsuapi_DsAttributeValue
+                                                            __ndr_size               : 0x0000009c (156)
+                                                            blob                     : *
+                                                                blob                     : DATA_BLOB length=156
+[0000] 9C 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
+skipping zero buffer bytes
+[0030] 00 00 00 00 31 00 00 00   43 00 4E 00 3D 00 43 00   ....1... C.N.=.C.
+[0040] 6F 00 6E 00 66 00 69 00   67 00 75 00 72 00 61 00   o.n.f.i. g.u.r.a.
+[0050] 74 00 69 00 6F 00 6E 00   2C 00 44 00 43 00 3D 00   t.i.o.n. ,.D.C.=.
+[0060] 73 00 61 00 6D 00 62 00   61 00 32 00 30 00 30 00   s.a.m.b. a.2.0.0.
+[0070] 38 00 72 00 32 00 2C 00   44 00 43 00 3D 00 65 00   8.r.2.,. D.C.=.e.
+[0080] 78 00 61 00 6D 00 70 00   6C 00 65 00 2C 00 44 00   x.a.m.p. l.e.,.D.
+[0090] 43 00 3D 00 63 00 6F 00   6D 00 00 00               C.=.c.o. m...
+                                                        values: struct drsuapi_DsAttributeValue
+                                                            __ndr_size               : 0x0000007a (122)
+                                                            blob                     : *
+                                                                blob                     : DATA_BLOB length=122
+[0000] 7A 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   z....... ........
+skipping zero buffer bytes
+[0030] 00 00 00 00 20 00 00 00   44 00 43 00 3D 00 73 00   .... ... D.C.=.s.
+[0040] 61 00 6D 00 62 00 61 00   32 00 30 00 30 00 38 00   a.m.b.a. 2.0.0.8.
+[0050] 72 00 32 00 2C 00 44 00   43 00 3D 00 65 00 78 00   r.2.,.D. C.=.e.x.
+[0060] 61 00 6D 00 70 00 6C 00   65 00 2C 00 44 00 43 00   a.m.p.l. e.,.D.C.
+[0070] 3D 00 63 00 6F 00 6D 00   00 00                     =.c.o.m. ..
+                                                        values: struct drsuapi_DsAttributeValue
+                                                            __ndr_size               : 0x000000b0 (176)
+                                                            blob                     : *
+                                                                blob                     : DATA_BLOB length=176
+[0000] B0 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
+[0010] 00 00 00 00 00 00 00 00   08 00 00 00 00 00 00 00   ........ ........
+skipping zero buffer bytes
+[0030] 00 00 00 00 3B 00 00 00   43 00 4E 00 3D 00 53 00   ....;... C.N.=.S.
+[0040] 63 00 68 00 65 00 6D 00   61 00 2C 00 43 00 4E 00   c.h.e.m. a.,.C.N.
+[0050] 3D 00 43 00 6F 00 6E 00   66 00 69 00 67 00 75 00   =.C.o.n. f.i.g.u.
+[0060] 72 00 61 00 74 00 69 00   6F 00 6E 00 2C 00 44 00   r.a.t.i. o.n.,.D.
+[0070] 43 00 3D 00 73 00 61 00   6D 00 62 00 61 00 32 00   C.=.s.a. m.b.a.2.
+[0080] 30 00 30 00 38 00 72 00   32 00 2C 00 44 00 43 00   0.0.8.r. 2.,.D.C.
+[0090] 3D 00 65 00 78 00 61 00   6D 00 70 00 6C 00 65 00   =.e.x.a. m.p.l.e.
+[00A0] 2C 00 44 00 43 00 3D 00   63 00 6F 00 6D 00 00 00   ,.D.C.=. c.o.m...
+                                        attributes: struct drsuapi_DsReplicaAttribute
+                                            attid                    : DRSUAPI_ATTID_msDS_hasMasterNCs (0x9072C)
+                                            value_ctr: struct drsuapi_DsAttributeValueCtr
+                                                num_values               : 0x00000003 (3)
+                                                values                   : *
+                                                    values: ARRAY(3)
+                                                        values: struct drsuapi_DsAttributeValue
+                                                            __ndr_size               : 0x0000009c (156)
+                                                            blob                     : *
+                                                                blob                     : DATA_BLOB length=156
+[0000] 9C 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
+skipping zero buffer bytes
+[0030] 00 00 00 00 31 00 00 00   43 00 4E 00 3D 00 43 00   ....1... C.N.=.C.
+[0040] 6F 00 6E 00 66 00 69 00   67 00 75 00 72 00 61 00   o.n.f.i. g.u.r.a.
+[0050] 74 00 69 00 6F 00 6E 00   2C 00 44 00 43 00 3D 00   t.i.o.n. ,.D.C.=.
+[0060] 73 00 61 00 6D 00 62 00   61 00 32 00 30 00 30 00   s.a.m.b. a.2.0.0.
+[0070] 38 00 72 00 32 00 2C 00   44 00 43 00 3D 00 65 00   8.r.2.,. D.C.=.e.
+[0080] 78 00 61 00 6D 00 70 00   6C 00 65 00 2C 00 44 00   x.a.m.p. l.e.,.D.
+[0090] 43 00 3D 00 63 00 6F 00   6D 00 00 00               C.=.c.o. m...
+                                                        values: struct drsuapi_DsAttributeValue
+                                                            __ndr_size               : 0x0000007a (122)
+                                                            blob                     : *
+                                                                blob                     : DATA_BLOB length=122
+[0000] 7A 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   z....... ........
+skipping zero buffer bytes
+[0030] 00 00 00 00 20 00 00 00   44 00 43 00 3D 00 73 00   .... ... D.C.=.s.
+[0040] 61 00 6D 00 62 00 61 00   32 00 30 00 30 00 38 00   a.m.b.a. 2.0.0.8.
+[0050] 72 00 32 00 2C 00 44 00   43 00 3D 00 65 00 78 00   r.2.,.D. C.=.e.x.
+[0060] 61 00 6D 00 70 00 6C 00   65 00 2C 00 44 00 43 00   a.m.p.l. e.,.D.C.
+[0070] 3D 00 63 00 6F 00 6D 00   00 00                     =.c.o.m. ..
+                                                        values: struct drsuapi_DsAttributeValue
+                                                            __ndr_size               : 0x000000b0 (176)
+                                                            blob                     : *
+                                                                blob                     : DATA_BLOB length=176
+[0000] B0 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
+skipping zero buffer bytes
+[0030] 00 00 00 00 3B 00 00 00   43 00 4E 00 3D 00 53 00   ....;... C.N.=.S.
+[0040] 63 00 68 00 64 00 6D 00   61 00 2C 00 43 00 4E 00   c.h.d.m. a.,.C.N.
+[0050] 3D 00 43 00 6F 00 6E 00   66 00 69 00 67 00 75 00   =.C.o.n. f.i.g.u.
+[0060] 72 00 61 00 74 00 69 00   6F 00 6E 00 2C 00 44 00   r.a.t.i. o.n.,.D.
+[0070] 43 00 3D 00 73 00 61 00   6D 00 62 00 61 00 32 00   C.=.s.a. m.b.a.2.
+[0080] 30 00 30 00 38 00 72 00   32 00 2C 00 44 00 43 00   0.0.8.r. 2.,.D.C.
+[0090] 3D 00 65 00 78 00 61 00   6D 00 70 00 6C 00 65 00   =.e.x.a. m.p.l.e.
+[00A0] 2C 00 44 00 43 00 3D 00   63 00 6F 00 6D 00 00 00   ,.D.C.=. c.o.m...
+                                        attributes: struct drsuapi_DsReplicaAttribute
+                                            attid                    : DRSUAPI_ATTID_dMDLocation (0x20024)
+                                            value_ctr: struct drsuapi_DsAttributeValueCtr
+                                                num_values               : 0x00000001 (1)
+                                                values                   : *
+                                                    values: ARRAY(1)
+                                                        values: struct drsuapi_DsAttributeValue
+                                                            string                   : '°'
+                                        attributes: struct drsuapi_DsReplicaAttribute
+                                            attid                    : DRSUAPI_ATTID_msDS_HasDomainNCs (0x9071C)
+                                            value_ctr: struct drsuapi_DsAttributeValueCtr
+                                                num_values               : 0x00000001 (1)
+                                                values                   : *
+                                                    values: ARRAY(1)
+                                                        values: struct drsuapi_DsAttributeValue
+                                                            __ndr_size               : 0x0000007a (122)
+                                                            blob                     : *
+                                                                blob                     : DATA_BLOB length=122
+[0000] 7A 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   z....... ........
+skipping zero buffer bytes
+[0030] 00 00 00 00 20 00 00 00   44 00 43 00 3D 00 73 00   .... ... D.C.=.s.
+[0040] 61 00 6D 00 62 00 61 00   32 00 30 00 30 00 38 00   a.m.b.a. 2.0.0.8.
+[0050] 72 00 32 00 2C 00 44 00   43 00 3D 00 65 00 78 00   r.2.,.D. C.=.e.x.
+[0060] 61 00 6D 00 70 00 6C 00   65 00 2C 00 44 00 43 00   a.m.p.l. e.,.D.C.
+[0070] 3D 00 63 00 6F 00 6D 00   00 00                     =.c.o.m. ..
+                                        attributes: struct drsuapi_DsReplicaAttribute
+                                            attid                    : DRSUAPI_ATTID_msDS_Behavior_Version (0x905B3)
+                                            value_ctr: struct drsuapi_DsAttributeValueCtr
+                                                num_values               : 0x00000001 (1)
+                                                values                   : *
+                                                    values: ARRAY(1)
+                                                        values: struct drsuapi_DsAttributeValue
+                                                            __ndr_size               : 0x00000004 (4)
+                                                            blob                     : *
+                                                                blob                     : DATA_BLOB length=4
+[0000] 04 00 00 00                                         ....
+                                        attributes: struct drsuapi_DsReplicaAttribute
+                                            attid                    : DRSUAPI_ATTID_systemFlags (0x90177)
+                                            value_ctr: struct drsuapi_DsAttributeValueCtr
+                                                num_values               : 0x00000001 (1)
+                                                values                   : *
+                                                    values: ARRAY(1)
+                                                        values: struct drsuapi_DsAttributeValue
+                                                            __ndr_size               : 0x00000004 (4)
+                                                            blob                     : *
+                                                                blob                     : DATA_BLOB length=4
+[0000] 00 00 00 02                                         ....
+                                        attributes: struct drsuapi_DsReplicaAttribute
+                                            attid                    : DRSUAPI_ATTID_replPropertyMetaData (0x90003)
+                                            value_ctr: struct drsuapi_DsAttributeValueCtr
+                                                num_values               : 0x00000001 (1)
+                                                values                   : *
+                                                    values: ARRAY(1)
+                                                        values: struct drsuapi_DsAttributeValue
+                                                            __ndr_size               : 0x000000b4 (180)
+                                                            blob                     : *
+                                                                blob                     : DATA_BLOB length=180
+[0000] B4 00 00 00 00 00 00 00   00 00 00 00 00 00 00 02   ........ ........
+skipping zero buffer bytes
+[0030] 00 00 00 00 3D 00 00 00   43 00 4E 00 3D 00 73 00   ....=... C.N.=.s.
+[0040] 6D 00 62 00 74 00 6F 00   72 00 74 00 75 00 72 00   m.b.t.o. r.t.u.r.
+[0050] 65 00 64 00 63 00 2C 00   43 00 4E 00 3D 00 43 00   e.d.c.,. C.N.=.C.
+[0060] 6F 00 6D 00 70 00 75 00   74 00 65 00 72 00 73 00   o.m.p.u. t.e.r.s.
+[0070] 2C 00 44 00 43 00 3D 00   73 00 61 00 6D 00 62 00   ,.D.C.=. s.a.m.b.
+[0080] 61 00 32 00 30 00 30 00   38 00 72 00 32 00 2C 00   a.2.0.0. 8.r.2.,.
+[0090] 44 00 43 00 3D 00 65 00   78 00 61 00 6D 00 70 00   D.C.=.e. x.a.m.p.
+[00A0] 6C 00 65 00 2C 00 44 00   43 00 3D 00 63 00 6F 00   l.e.,.D. C.=.c.o.
+[00B0] 6D 00 EB 00                                         m...
+WARNING! orig bytes:2555 validated pushed bytes:2504
+WARNING! orig pulled bytes:2508 validated pulled bytes:2504
+WARNING! orig and validated differ at byte 0x30 (48)
+WARNING! orig byte[0x30] = 0x82 validated byte[0x30] = 0x7F
+ [0000] 00 00 00 00 6D FC 1C AB   6B 62 D2 4A BB BA F6 48   ....m... kb.J...H
+ [0010] 9D F0 06 30 02 00 00 00   02 00 00 00 00 00 00 00   ...0.... ........
+ [0020] 00 00 02 00 00 00 00 00   0B 00 00 00 04 00 02 00   ........ ........
+-[0030] 82 00 00 00 3C 01 00 00   00 00 00 00 00 00 00 00   ....<... ........
++[0030] 7F 00 00 00 36 01 00 00   00 00 00 00 00 00 00 00   ....6... ........
+skipping zero buffer bytes
+-[0060] 00 00 00 00 00 00 00 00   81 00 00 00 43 00 4E 00   ........ ....C.N.
++[0060] 00 00 00 00 00 00 00 00   7E 00 00 00 43 00 4E 00   ........ ~...C.N.
+ [0070] 3D 00 4E 00 54 00 44 00   53 00 20 00 53 00 65 00   =.N.T.D. S. .S.e.
+ [0080] 74 00 74 00 69 00 6E 00   67 00 73 00 2C 00 43 00   t.t.i.n. g.s.,.C.
+ [0090] 4E 00 3D 00 73 00 6D 00   62 00 74 00 6F 00 72 00   N.=.s.m. b.t.o.r.
+ [00A0] 74 00 75 00 72 00 65 00   64 00 63 00 2C 00 43 00   t.u.r.e. d.c.,.C.
+ [00B0] 4E 00 3D 00 53 00 65 00   72 00 76 00 65 00 72 00   N.=.S.e. r.v.e.r.
+ [00C0] 73 00 2C 00 43 00 4E 00   3D 00 44 00 65 00 66 00   s.,.C.N. =.D.e.f.
+ [00D0] 61 00 75 00 6C 00 74 00   2D 00 46 00 69 00 72 00   a.u.l.t. -.F.i.r.
+ [00E0] 73 00 74 00 2D 00 53 00   69 00 74 00 65 00 2D 00   s.t.-.S. i.t.e.-.
+ [00F0] 4E 00 61 00 6D 00 65 00   2C 00 43 00 4E 00 3D 00   N.a.m.e. ,.C.N.=.
+ [0100] 53 00 69 00 74 00 65 00   73 00 2C 00 43 00 4E 00   S.i.t.e. s.,.C.N.
+ [0110] 3D 00 43 00 6F 00 6E 00   66 00 69 00 67 00 75 00   =.C.o.n. f.i.g.u.
+ [0120] 72 00 61 00 74 00 69 00   6F 00 6E 00 2C 00 44 FF   r.a.t.i. o.n.,.D.
+ [0130] 43 00 3D 00 73 00 61 00   6D 00 62 00 61 00 32 00   C.=.s.a. m.b.a.2.
+ [0140] 30 00 30 00 38 00 72 00   32 00 2C 00 44 00 43 00   0.0.8.r. 2.,.D.C.
+ [0150] 3D 00 65 00 78 00 61 00   6D 00 70 00 6C 00 65 00   =.e.x.a. m.p.l.e.
+-[0160] 2C 00 44 00 43 00 3D FE   00 00 00 00 00 00 00 00   ,.D.C.=. ........
++[0160] 2C 00 44 00 43 00 3D FE   00 00 00 00 0B 00 00 00   ,.D.C.=. ........
+-[0170] 0B 00 00 00 19 01 02 00   01 00 00 00 08 00 02 00   ........ ........
++[0170] 19 01 02 00 01 00 00 00   08 00 02 00 00 00 00 00   ........ ........
+-[0180] 00 00 00 00 01 00 00 00   0C 00 02 00 0E 03 09 00   ........ ........
++[0180] 01 00 00 00 0C 00 02 00   0E 03 09 00 01 00 00 00   ........ ........
+-[0190] 01 00 00 00 10 00 02 00   73 00 02 00 01 00 00 00   ........ s.......
++[0190] 10 00 02 00 73 00 02 00   01 00 00 00 14 00 02 00   ....s... ........
+-[01A0] 14 00 02 00 0E 00 02 00   03 00 00 00 18 00 02 00   ........ ........
++[01A0] 0E 00 02 00 03 00 00 00   18 00 02 00 2C 07 09 00   ........ ....,...
+-[01B0] 2C 07 09 00 03 00 00 00   1C 00 02 00 24 00 02 00   ,....... ....$...
++[01B0] 03 00 00 00 1C 00 02 00   24 00 02 00 01 00 00 00   ........ $.......
+-[01C0] 01 00 00 00 20 00 02 00   1C 07 09 00 01 00 00 00   .... ... ........
++[01C0] 20 00 02 00 1C 07 09 00   01 00 00 00 24 00 02 00    ....... ....$...
+-[01D0] 24 00 02 00 B3 05 09 00   01 00 00 00 83 00 02 00   $....... ........
++[01D0] B3 05 09 00 01 00 00 00   28 00 02 00 77 01 09 00   ........ (...w...
+-[01E0] 77 01 09 00 01 00 00 00   2C 00 02 00 03 00 09 00   w....... ,.......
++[01E0] 01 00 00 00 2C 00 02 00   03 00 09 00 01 00 00 00   ....,... ........
+-[01F0] 01 00 00 00 30 00 02 00   01 00 00 00 A0 00 00 00   ....0... ........
++[01F0] 30 00 02 00 01 00 00 00   A0 00 00 00 34 00 02 00   0....... ....4...
+-[0200] 34 00 02 00 A0 00 00 00   01 00 04 80 14 00 00 00   4....... ........
++[0200] A0 00 00 00 01 00 04 80   14 00 00 00 30 00 00 00   ........ ....0...
+-[0210] 30 00 00 00 00 00 00 00   4C 00 00 00 01 05 00 00   0....... L.......
++[0210] 00 00 00 00 4C 00 00 00   01 05 00 00 00 00 00 05   ....L... ........
+-[0220] 00 00 00 05 15 00 00 00   4B 7D 63 4C 74 4C AF E6   ........ K}cLtL..
++[0220] 15 00 00 00 4B 7D 63 4C   74 4C AF E6 AD 78 E1 B1   ....K}cL tL...x..
+-[0230] AD 78 E1 B1 00 02 00 00   01 05 00 00 00 00 00 05   .x...... ........
++[0230] 00 02 00 00 01 05 00 00   00 00 00 05 15 00 00 00   ........ ........
+-[0240] 15 00 00 00 4B 7D 63 4C   74 4C AF E6 AD 78 E1 B1   ....K}cL tL...x..
++[0240] 4B 7D 63 4C 74 4C AF E6   AD 78 E1 B1 00 02 00 00   K}cLtL.. .x......
+-[0250] 00 02 00 00 02 00 54 00   03 00 00 00 00 00 14 00   ......T. ........
++[0250] 02 00 54 00 03 00 00 00   00 00 14 00 94 00 02 00   ..T..... ........
+-[0260] 94 00 02 00 01 01 00 00   00 00 00 05 0B 00 00 00   ........ ........
++[0260] 01 01 00 00 00 00 00 05   0B 00 00 00 00 00 24 00   ........ ......$.
+-[0270] 00 00 24 00 FD 01 0F 00   01 05 00 00 00 00 00 05   ..$..... ........
++[0270] FD 01 0F 00 01 05 00 00   00 00 00 05 15 00 00 00   ........ ........
+-[0280] 15 00 00 00 4B 7D 63 4C   74 4C AF E6 AD 78 E1 B1   ....K}cL tL...x..
++[0280] 4B 7D 63 4C 74 4C AF E6   AD 78 E1 B1 00 02 00 00   K}cLtL.. .x......
+-[0290] 00 02 00 00 00 00 14 00   FF 01 0F 00 01 01 00 00   ........ ........
++[0290] 00 00 14 00 FF 01 0F 00   01 01 00 00 00 00 00 05   ........ ........
+-[02A0] 00 00 00 05 12 00 00 00   01 00 00 00 04 00 00 00   ........ ........
++[02A0] 12 00 00 00 01 00 00 00   03 00 00 00 38 00 02 00   ........ ....8...
+-[02B0] 38 00 02 00 03 00 00 00   2F 00 17 00 01 00 00 00   8....... /.......
++[02B0] 03 00 00 00 2F 00 17 00   01 00 00 00 C8 00 00 00   ..../... ........
+-[02C0] C8 00 00 00 3C 00 02 00   C8 00 00 00 C8 00 00 00   ....<... ........
++[02C0] 3C 00 02 00 C8 00 00 00   C8 00 00 00 00 00 00 00   <....... ........
+-[02D0] 00 00 00 00 00 00 00 00   00 00 02 00 00 00 00 00   ........ ........
++[02D0] 00 00 00 00 00 00 02 00   00 00 00 00 00 00 00 00   ........ ........
+skipping zero buffer bytes
+-[02F0] 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
++[02F0] 00 00 00 00 00 00 00 00   00 00 00 00 47 00 00 00   ........ ....G...
+-[0300] 47 00 00 00 43 00 4E 00   3D 00 4E 00 54 00 44 00   G...C.N. =.N.T.D.
++[0300] 43 00 4E 00 3D 00 4E 00   54 00 44 00 53 00 2D 00   C.N.=.N. T.D.S.-.
+-[0310] 53 00 2D 00 44 00 53 00   41 05 9A 00 43 00 4E 00   S.-.D.S. A...C.N.
++[0310] 44 00 53 00 41 05 9A 00   43 00 4E 00 3D 00 53 00   D.S.A... C.N.=.S.
+-[0320] 3D 00 53 00 63 00 68 00   65 00 6D 00 61 00 2C 00   =.S.c.h. e.m.a.,.
++[0320] 63 00 68 00 65 00 6D 00   61 00 2C 00 43 00 4E 00   c.h.e.m. a.,.C.N.
+-[0330] 43 00 4E 00 3D 00 43 00   6F 00 6E 00 66 00 69 00   C.N.=.C. o.n.f.i.
++[0330] 3D 00 43 00 6F 00 6E 00   66 00 69 00 67 00 75 00   =.C.o.n. f.i.g.u.
+-[0340] 67 00 75 00 72 00 61 00   74 00 69 00 6F 00 6E 00   g.u.r.a. t.i.o.n.
++[0340] 72 00 61 00 74 00 69 00   6F 00 6E 00 2C 00 44 00   r.a.t.i. o.n.,.D.
+-[0350] 2C 00 44 00 43 00 3D 00   73 00 61 00 6D 00 62 00   ,.D.C.=. s.a.m.b.
++[0350] 43 00 3D 00 73 00 61 00   6D 00 62 00 61 00 32 00   C.=.s.a. m.b.a.2.
+-[0360] 61 00 32 00 30 00 30 00   38 00 72 00 32 00 2C 00   a.2.0.0. 8.r.2.,.
++[0360] 30 00 30 00 38 00 72 00   32 00 2C 00 44 00 43 00   0.0.8.r. 2.,.D.C.
+-[0370] 44 00 43 00 3D 00 65 00   78 00 61 00 6D 00 70 00   D.C.=.e. x.a.m.p.
++[0370] 3D 00 65 00 78 00 61 00   6D 00 70 00 6C 00 65 00   =.e.x.a. m.p.l.e.
+-[0380] 6C 00 65 00 2C 00 44 00   43 00 3D 00 63 00 6F 00   l.e.,.D. C.=.c.o.
++[0380] 2C 00 44 00 43 00 3D 00   63 00 6F 00 6D 00 00 00   ,.D.C.=. c.o.m...
+-[0390] 6D 00 00 00 01 00 00 00   10 00 00 00 40 00 02 00   m....... ....@...
++[0390] 01 00 00 00 10 00 00 00   40 00 02 00 10 00 00 00   ........ @.......
+-[03A0] 10 00 00 00 1B 70 EA 28   06 D8 59 47 A9 EC 5E 7D   .....p.( ..YG..^}
++[03A0] 1B 70 EA 28 06 D8 59 47   A9 EC 5E 7D E5 52 16 DC   .p.(..YG ..^}.R..
+-[03B0] E5 52 16 DC 03 00 00 00   9C 00 00 00 44 00 02 00   .R...... ....D...
++[03B0] 03 00 00 00 9C 00 00 00   44 00 02 00 7A 00 00 00   ........ D...z...
+-[03C0] 7A 00 00 00 48 00 02 00   B0 00 00 00 4C 00 02 00   z...H... ....L...
++[03C0] 48 00 02 00 B0 00 00 00   4C 00 02 00 9C 00 00 00   H....... L.......
+-[03D0] 9C 00 00 00 9C 00 00 00   00 00 00 00 00 00 00 00   ........ ........
++[03D0] 9C 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
+skipping zero buffer bytes
+-[0400] 00 00 00 00 00 00 00 00   31 00 00 00 43 00 4E 00   ........ 1...C.N.
++[0400] 00 00 00 00 31 00 00 00   43 00 4E 00 3D 00 43 00   ....1... C.N.=.C.
+-[0410] 3D 00 43 00 6F 00 6E 00   66 00 69 00 67 00 75 00   =.C.o.n. f.i.g.u.
++[0410] 6F 00 6E 00 66 00 69 00   67 00 75 00 72 00 61 00   o.n.f.i. g.u.r.a.
+-[0420] 72 00 61 00 74 00 69 00   6F 00 6E 00 2C 00 44 00   r.a.t.i. o.n.,.D.
++[0420] 74 00 69 00 6F 00 6E 00   2C 00 44 00 43 00 3D 00   t.i.o.n. ,.D.C.=.
+-[0430] 43 00 3D 00 73 00 61 00   6D 00 62 00 61 00 32 00   C.=.s.a. m.b.a.2.
++[0430] 73 00 61 00 6D 00 62 00   61 00 32 00 30 00 30 00   s.a.m.b. a.2.0.0.
+-[0440] 30 00 30 00 38 00 72 00   32 00 2C 00 44 00 43 00   0.0.8.r. 2.,.D.C.
++[0440] 38 00 72 00 32 00 2C 00   44 00 43 00 3D 00 65 00   8.r.2.,. D.C.=.e.
+-[0450] 3D 00 65 00 78 00 61 00   6D 00 70 00 6C 00 65 00   =.e.x.a. m.p.l.e.
++[0450] 78 00 61 00 6D 00 70 00   6C 00 65 00 2C 00 44 00   x.a.m.p. l.e.,.D.
+-[0460] 2C 00 44 00 43 00 3D 00   63 00 6F 00 6D 00 00 00   ,.D.C.=. c.o.m...
++[0460] 43 00 3D 00 63 00 6F 00   6D 00 00 00 7A 00 00 00   C.=.c.o. m...z...
+-[0470] 7A 00 00 00 7A 00 00 00   00 00 00 00 00 00 00 00   z...z... ........
++[0470] 7A 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   z....... ........
+skipping zero buffer bytes
+-[04A0] 00 00 00 00 00 00 00 00   20 00 00 00 44 00 43 00   ........  ...D.C.
++[04A0] 00 00 00 00 20 00 00 00   44 00 43 00 3D 00 73 00   .... ... D.C.=.s.
+-[04B0] 3D 00 73 00 61 00 6D 00   62 00 61 00 32 00 30 00   =.s.a.m. b.a.2.0.
++[04B0] 61 00 6D 00 62 00 61 00   32 00 30 00 30 00 38 00   a.m.b.a. 2.0.0.8.
+-[04C0] 30 00 38 00 72 00 32 00   2C 00 44 00 43 00 3D 00   0.8.r.2. ,.D.C.=.
++[04C0] 72 00 32 00 2C 00 44 00   43 00 3D 00 65 00 78 00   r.2.,.D. C.=.e.x.
+-[04D0] 65 00 78 00 61 00 6D 00   70 00 6C 00 65 00 2C 00   e.x.a.m. p.l.e.,.
++[04D0] 61 00 6D 00 70 00 6C 00   65 00 2C 00 44 00 43 00   a.m.p.l. e.,.D.C.
+-[04E0] 44 00 43 00 3D 00 63 00   6F 00 6D 00 00 00 00 00   D.C.=.c. o.m.....
++[04E0] 3D 00 63 00 6F 00 6D 00   00 00 00 00 B0 00 00 00   =.c.o.m. ........
+-[04F0] B0 00 00 00 B0 00 00 00   00 00 00 00 00 00 00 00   ........ ........
++[04F0] B0 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
+-[0500] 00 00 00 00 00 00 00 00   00 00 00 00 08 00 00 00   ........ ........
++[0500] 00 00 00 00 00 00 00 00   08 00 00 00 00 00 00 00   ........ ........
+skipping zero buffer bytes
+-[0520] 00 00 00 00 00 00 00 00   3B 00 00 00 43 00 4E 00   ........ ;...C.N.
++[0520] 00 00 00 00 3B 00 00 00   43 00 4E 00 3D 00 53 00   ....;... C.N.=.S.
+-[0530] 3D 00 53 00 63 00 68 00   65 00 6D 00 61 00 2C 00   =.S.c.h. e.m.a.,.
++[0530] 63 00 68 00 65 00 6D 00   61 00 2C 00 43 00 4E 00   c.h.e.m. a.,.C.N.
+-[0540] 43 00 4E 00 3D 00 43 00   6F 00 6E 00 66 00 69 00   C.N.=.C. o.n.f.i.
++[0540] 3D 00 43 00 6F 00 6E 00   66 00 69 00 67 00 75 00   =.C.o.n. f.i.g.u.
+-[0550] 67 00 75 00 72 00 61 00   74 00 69 00 6F 00 6E 00   g.u.r.a. t.i.o.n.
++[0550] 72 00 61 00 74 00 69 00   6F 00 6E 00 2C 00 44 00   r.a.t.i. o.n.,.D.
+-[0560] 2C 00 44 00 43 00 3D 00   73 00 61 00 6D 00 62 00   ,.D.C.=. s.a.m.b.
++[0560] 43 00 3D 00 73 00 61 00   6D 00 62 00 61 00 32 00   C.=.s.a. m.b.a.2.
+-[0570] 61 00 32 00 30 00 30 00   38 00 72 00 32 00 2C 00   a.2.0.0. 8.r.2.,.
++[0570] 30 00 30 00 38 00 72 00   32 00 2C 00 44 00 43 00   0.0.8.r. 2.,.D.C.
+-[0580] 44 00 43 00 3D 00 65 00   78 00 61 00 6D 00 70 00   D.C.=.e. x.a.m.p.
++[0580] 3D 00 65 00 78 00 61 00   6D 00 70 00 6C 00 65 00   =.e.x.a. m.p.l.e.
+-[0590] 6C 00 65 00 2C 00 44 00   43 00 3D 00 63 00 6F 00   l.e.,.D. C.=.c.o.
++[0590] 2C 00 44 00 43 00 3D 00   63 00 6F 00 6D 00 00 00   ,.D.C.=. c.o.m...
+-[05A0] 6D 00 00 00 03 00 00 00   9C 00 00 00 50 00 02 00   m....... ....P...
++[05A0] 03 00 00 00 9C 00 00 00   50 00 02 00 7A 00 00 00   ........ P...z...
+-[05B0] 7A 00 00 00 54 00 02 00   B0 00 00 00 58 00 02 00   z...T... ....X...
++[05B0] 54 00 02 00 B0 00 00 00   58 00 02 00 9C 00 00 00   T....... X.......
+-[05C0] 9C 00 00 00 9C 00 00 00   00 00 00 00 00 00 00 00   ........ ........
++[05C0] 9C 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
+skipping zero buffer bytes
+-[05F0] 00 00 00 00 00 00 00 00   31 00 00 00 43 00 4E 00   ........ 1...C.N.
++[05F0] 00 00 00 00 31 00 00 00   43 00 4E 00 3D 00 43 00   ....1... C.N.=.C.
+-[0600] 3D 00 43 00 6F 00 6E 00   66 00 69 00 67 00 75 00   =.C.o.n. f.i.g.u.
++[0600] 6F 00 6E 00 66 00 69 00   67 00 75 00 72 00 61 00   o.n.f.i. g.u.r.a.
+-[0610] 72 00 61 00 74 00 69 00   6F 00 6E 00 2C 00 44 00   r.a.t.i. o.n.,.D.
++[0610] 74 00 69 00 6F 00 6E 00   2C 00 44 00 43 00 3D 00   t.i.o.n. ,.D.C.=.
+-[0620] 43 00 3D 00 73 00 61 00   6D 00 62 00 61 00 32 00   C.=.s.a. m.b.a.2.
++[0620] 73 00 61 00 6D 00 62 00   61 00 32 00 30 00 30 00   s.a.m.b. a.2.0.0.
+-[0630] 30 00 30 00 38 00 72 00   32 00 2C 00 44 00 43 00   0.0.8.r. 2.,.D.C.
++[0630] 38 00 72 00 32 00 2C 00   44 00 43 00 3D 00 65 00   8.r.2.,. D.C.=.e.
+-[0640] 3D 00 65 00 78 00 61 00   6D 00 70 00 6C 00 65 00   =.e.x.a. m.p.l.e.
++[0640] 78 00 61 00 6D 00 70 00   6C 00 65 00 2C 00 44 00   x.a.m.p. l.e.,.D.
+-[0650] 2C 00 44 00 43 00 3D 00   63 00 6F 00 6D 00 00 00   ,.D.C.=. c.o.m...
++[0650] 43 00 3D 00 63 00 6F 00   6D 00 00 00 7A 00 00 00   C.=.c.o. m...z...
+-[0660] 7A 00 00 00 7A 00 00 00   00 00 00 00 00 00 00 00   z...z... ........
++[0660] 7A 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   z....... ........
+skipping zero buffer bytes
+-[0690] 00 00 00 00 00 00 00 00   20 00 00 00 44 00 43 00   ........  ...D.C.
++[0690] 00 00 00 00 20 00 00 00   44 00 43 00 3D 00 73 00   .... ... D.C.=.s.
+-[06A0] 3D 00 73 00 61 00 6D 00   62 00 61 00 32 00 30 00   =.s.a.m. b.a.2.0.
++[06A0] 61 00 6D 00 62 00 61 00   32 00 30 00 30 00 38 00   a.m.b.a. 2.0.0.8.
+-[06B0] 30 00 38 00 72 00 32 00   2C 00 44 00 43 00 3D 00   0.8.r.2. ,.D.C.=.
++[06B0] 72 00 32 00 2C 00 44 00   43 00 3D 00 65 00 78 00   r.2.,.D. C.=.e.x.
+-[06C0] 65 00 78 00 61 00 6D 00   70 00 6C 00 65 00 2C 00   e.x.a.m. p.l.e.,.
++[06C0] 61 00 6D 00 70 00 6C 00   65 00 2C 00 44 00 43 00   a.m.p.l. e.,.D.C.
+-[06D0] 44 00 43 00 3D 00 63 00   6F 00 6D 00 00 00 00 00   D.C.=.c. o.m.....
++[06D0] 3D 00 63 00 6F 00 6D 00   00 00 00 00 B0 00 00 00   =.c.o.m. ........
+-[06E0] B0 00 00 00 B0 00 00 00   00 00 00 00 00 00 00 00   ........ ........
++[06E0] B0 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
+skipping zero buffer bytes
+-[0710] 00 00 00 00 00 00 00 00   3B 00 00 00 43 00 4E 00   ........ ;...C.N.
++[0710] 00 00 00 00 3B 00 00 00   43 00 4E 00 3D 00 53 00   ....;... C.N.=.S.
+-[0720] 3D 00 53 00 63 00 68 00   64 00 6D 00 61 00 2C 00   =.S.c.h. d.m.a.,.
++[0720] 63 00 68 00 64 00 6D 00   61 00 2C 00 43 00 4E 00   c.h.d.m. a.,.C.N.
+-[0730] 43 00 4E 00 3D 00 43 00   6F 00 6E 00 66 00 69 00   C.N.=.C. o.n.f.i.
++[0730] 3D 00 43 00 6F 00 6E 00   66 00 69 00 67 00 75 00   =.C.o.n. f.i.g.u.
+-[0740] 67 00 75 00 72 00 61 00   74 00 69 00 6F 00 6E 00   g.u.r.a. t.i.o.n.
++[0740] 72 00 61 00 74 00 69 00   6F 00 6E 00 2C 00 44 00   r.a.t.i. o.n.,.D.
+-[0750] 2C 00 44 00 43 00 3D 00   73 00 61 00 6D 00 62 00   ,.D.C.=. s.a.m.b.
++[0750] 43 00 3D 00 73 00 61 00   6D 00 62 00 61 00 32 00   C.=.s.a. m.b.a.2.
+-[0760] 61 00 32 00 30 00 30 00   38 00 72 00 32 00 2C 00   a.2.0.0. 8.r.2.,.
++[0760] 30 00 30 00 38 00 72 00   32 00 2C 00 44 00 43 00   0.0.8.r. 2.,.D.C.
+-[0770] 44 00 43 00 3D 00 65 00   78 00 61 00 6D 00 70 00   D.C.=.e. x.a.m.p.
++[0770] 3D 00 65 00 78 00 61 00   6D 00 70 00 6C 00 65 00   =.e.x.a. m.p.l.e.
+-[0780] 6C 00 65 00 2C 00 44 00   43 00 3D 00 63 00 6F 00   l.e.,.D. C.=.c.o.
++[0780] 2C 00 44 00 43 00 3D 00   63 00 6F 00 6D 00 00 00   ,.D.C.=. c.o.m...
+-[0790] 6D 00 00 00 01 00 00 00   B0 00 00 00 5C 00 02 00   m....... ....\...
++[0790] 01 00 00 00 B0 00 00 00   5C 00 02 00 B0 00 00 00   ........ \.......
+-[07A0] B0 00 00 00 B0 00 00 00   00 00 00 00 00 00 00 00   ........ ........
++[07A0] B0 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
+skipping zero buffer bytes
+-[07C0] 00 00 00 00 00 00 00 00   00 00 00 10 00 00 00 00   ........ ........
++[07C0] 00 00 00 00 00 00 00 10   00 00 00 00 00 00 00 00   ........ ........
+-[07D0] 00 00 00 00 00 00 00 00   3B 00 00 00 43 00 4E 00   ........ ;...C.N.
++[07D0] 00 00 00 00 3B 00 00 00   43 00 4E 00 3D 00 53 00   ....;... C.N.=.S.
+-[07E0] 3D 00 53 00 63 00 68 00   65 00 6D 00 05 84 99 CD   =.S.c.h. e.m.....
++[07E0] 63 00 68 00 65 00 6D 00   05 84 99 CD AE 00 4E FF   c.h.e.m. ......N.
+-[07F0] AE 00 4E FF 3D 00 43 00   6F 00 6E 00 66 00 69 00   ..N.=.C. o.n.f.i.
++[07F0] 3D 00 43 00 6F 00 6E 00   66 00 69 00 67 00 75 00   =.C.o.n. f.i.g.u.
+-[0800] 67 00 75 00 72 00 61 00   74 00 69 00 6F 00 6E 00   g.u.r.a. t.i.o.n.
++[0800] 72 00 61 00 74 00 69 00   6F 00 6E 00 2C 00 44 00   r.a.t.i. o.n.,.D.
+-[0810] 2C 00 44 00 43 00 3D 00   73 00 61 00 6D 00 62 00   ,.D.C.=. s.a.m.b.
++[0810] 43 00 3D 00 73 00 61 00   6D 00 62 00 61 00 32 00   C.=.s.a. m.b.a.2.
+-[0820] 61 00 32 00 30 00 30 00   38 00 72 00 32 00 2C 00   a.2.0.0. 8.r.2.,.
++[0820] 30 00 30 00 38 00 72 00   32 00 2C 00 44 00 43 00   0.0.8.r. 2.,.D.C.
+-[0830] 44 00 43 00 3D 00 65 00   78 00 61 00 6D 00 70 00   D.C.=.e. x.a.m.p.
++[0830] 3D 00 65 00 78 00 61 00   6D 00 70 00 6C 00 65 00   =.e.x.a. m.p.l.e.
+-[0840] 6C 00 65 00 2C 00 44 00   43 00 3D 00 63 00 6F 00   l.e.,.D. C.=.c.o.
++[0840] 2C 00 44 00 43 00 3D 00   63 00 6F 00 6D 00 00 00   ,.D.C.=. c.o.m...
+-[0850] 6D 00 00 00 01 00 00 00   7A 00 00 00 60 00 02 00   m....... z...`...
++[0850] 01 00 00 00 7A 00 00 00   60 00 02 00 7A 00 00 00   ....z... `...z...
+-[0860] 7A 00 00 00 7A 00 00 00   00 00 00 00 00 00 00 00   z...z... ........
++[0860] 7A 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   z....... ........
+skipping zero buffer bytes
+-[0890] 00 00 00 00 00 00 00 00   20 00 00 00 44 00 43 00   ........  ...D.C.
++[0890] 00 00 00 00 20 00 00 00   44 00 43 00 3D 00 73 00   .... ... D.C.=.s.
+-[08A0] 3D 00 73 00 61 00 6D 00   62 00 61 00 32 00 30 00   =.s.a.m. b.a.2.0.
++[08A0] 61 00 6D 00 62 00 61 00   32 00 30 00 30 00 38 00   a.m.b.a. 2.0.0.8.
+-[08B0] 30 00 38 00 72 00 32 00   2C 00 44 00 43 00 3D 00   0.8.r.2. ,.D.C.=.
++[08B0] 72 00 32 00 2C 00 44 00   43 00 3D 00 65 00 78 00   r.2.,.D. C.=.e.x.
+-[08C0] 65 00 78 00 61 00 6D 00   70 00 6C 00 65 00 2C 00   e.x.a.m. p.l.e.,.
++[08C0] 61 00 6D 00 70 00 6C 00   65 00 2C 00 44 00 43 00   a.m.p.l. e.,.D.C.
+-[08D0] 44 00 43 00 3D 00 63 00   6F 00 6D 00 00 00 00 00   D.C.=.c. o.m.....
++[08D0] 3D 00 63 00 6F 00 6D 00   00 00 00 00 01 00 00 00   =.c.o.m. ........
+-[08E0] 01 00 00 00 04 00 00 00   64 00 02 00 04 00 00 00   ........ d.......
++[08E0] 04 00 00 00 64 00 02 00   04 00 00 00 04 00 00 00   ....d... ........
+-[08F0] 04 00 00 00 01 00 00 00   04 00 00 00 68 00 02 00   ........ ....h...
++[08F0] 01 00 00 00 04 00 00 00   68 00 02 00 04 00 00 00   ........ h.......
+-[0900] 04 00 00 00 00 00 00 02   01 00 00 00 B4 00 00 00   ........ ........
++[0900] 00 00 00 02 01 00 00 00   B4 00 00 00 6C 00 02 00   ........ ....l...
+-[0910] 6C 00 02 00 B4 00 00 00   B4 00 00 00 00 00 00 00   l....... ........
++[0910] B4 00 00 00 B4 00 00 00   00 00 00 00 00 00 00 00   ........ ........
+-[0920] 00 00 00 00 00 00 00 02   00 00 00 00 00 00 00 00   ........ ........
++[0920] 00 00 00 02 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
+skipping zero buffer bytes
+-[0940] 00 00 00 00 00 00 00 00   00 00 00 00 3D 00 00 00   ........ ....=...
++[0940] 00 00 00 00 00 00 00 00   3D 00 00 00 43 00 4E 00   ........ =...C.N.
+-[0950] 43 00 4E 00 3D 00 73 00   6D 00 62 00 74 00 6F 00   C.N.=.s. m.b.t.o.
++[0950] 3D 00 73 00 6D 00 62 00   74 00 6F 00 72 00 74 00   =.s.m.b. t.o.r.t.
+-[0960] 72 00 74 00 75 00 72 00   65 00 64 00 63 00 2C 00   r.t.u.r. e.d.c.,.
++[0960] 75 00 72 00 65 00 64 00   63 00 2C 00 43 00 4E 00   u.r.e.d. c.,.C.N.
+-[0970] 43 00 4E 00 3D 00 43 00   6F 00 6D 00 70 00 75 00   C.N.=.C. o.m.p.u.
++[0970] 3D 00 43 00 6F 00 6D 00   70 00 75 00 74 00 65 00   =.C.o.m. p.u.t.e.
+-[0980] 74 00 65 00 72 00 73 00   2C 00 44 00 43 00 3D 00   t.e.r.s. ,.D.C.=.
++[0980] 72 00 73 00 2C 00 44 00   43 00 3D 00 73 00 61 00   r.s.,.D. C.=.s.a.
+-[0990] 73 00 61 00 6D 00 62 00   61 00 32 00 30 00 30 00   s.a.m.b. a.2.0.0.
++[0990] 6D 00 62 00 61 00 32 00   30 00 30 00 38 00 72 00   m.b.a.2. 0.0.8.r.
+-[09A0] 38 00 72 00 32 00 2C 00   44 00 43 00 3D 00 65 00   8.r.2.,. D.C.=.e.
++[09A0] 32 00 2C 00 44 00 43 00   3D 00 65 00 78 00 61 00   2.,.D.C. =.e.x.a.
+-[09B0] 78 00 61 00 6D 00 70 00   6C 00 65 00 2C 00 44 00   x.a.m.p. l.e.,.D.
++[09B0] 6D 00 70 00 6C 00 65 00   2C 00 44 00 43 00 3D 00   m.p.l.e. ,.D.C.=.
+-[09C0] 43 00 3D 00 63 00 6F 00   6D 00 EB 00 01 3D 01 B1   C.=.c.o. m....=..
++[09C0] 63 00 6F 00 6D 00 EB 00                             c.o.m...
+-[09D0] 01 69 3B 12 8D ED 27 92   69 1B 4B 71 67 85 6D 05   .i;...'. i.Kqg.m.
++[09D0]                                                     EMPTY   BLOCK
+-[09E0] 44 5A 6A 6D AA 16 29 37   49 40 CD F5 06 AF 76 91   DZjm..)7 I@....v.
++[09E0]                                                     EMPTY   BLOCK
+-[09F0] 48 90 24 38 81 8A A2 70   0E 57 68                  H.$8...p .Wh
++[09F0]                                                     EMPTY   BLOCK
+dump OK
diff --git a/source4/librpc/tests/fuzzed_drsuapi_DsGetNCChanges.txt b/source4/librpc/tests/fuzzed_drsuapi_DsGetNCChanges.txt
new file mode 100644
index 0000000..1e26364
--- /dev/null
+++ b/source4/librpc/tests/fuzzed_drsuapi_DsGetNCChanges.txt
@@ -0,0 +1,76 @@
+pull returned Success
+WARNING! 4 unread bytes
+[0000] 00 00 00 00                                         ....
+    drsuapi_DsGetNCChanges: struct drsuapi_DsGetNCChanges
+        out: struct drsuapi_DsGetNCChanges
+            level_out                : *
+                level_out                : 0x00000001 (1)
+            ctr                      : *
+                ctr                      : union drsuapi_DsGetNCChangesCtr(case 1)
+                ctr1: struct drsuapi_DsGetNCChangesCtr1
+                    source_dsa_guid          : 00aa0006-0000-0006-aa06-000300010000
+                    source_dsa_invocation_id : 13000600-0000-0000-0000-0000ff000000
+                    naming_context           : NULL
+                    old_highwatermark: struct drsuapi_DsReplicaHighWaterMark
+                        tmp_highest_usn          : 0x0000000000000000 (0)
+                        reserved_usn             : 0x005b000000000000 (25614222880669696)
+                        highest_usn              : 0x0000000000000000 (0)
+                    new_highwatermark: struct drsuapi_DsReplicaHighWaterMark
+                        tmp_highest_usn          : 0x0000010000110900 (1099512744192)
+                        reserved_usn             : 0x0000000000000100 (256)
+                        highest_usn              : 0x0000000000000000 (0)
+                    uptodateness_vector      : NULL
+                    mapping_ctr: struct drsuapi_DsReplicaOIDMapping_Ctr
+                        num_mappings             : 0x00000000 (0)
+                        mappings                 : NULL
+                    extended_ret             : UNKNOWN_ENUM_VALUE (0xF900)
+                    object_count             : 0x00000000 (0)
+                    __ndr_size               : 0xf8000001 (4160749569)
+                    first_object             : *
+                        first_object: struct drsuapi_DsReplicaObjectListItemEx
+                            next_object              : *
+                            object: struct drsuapi_DsReplicaObject
+                                identifier               : NULL
+                                flags                    : 0x3f000000 (1056964608)
+                                       0: DRSUAPI_DS_REPLICA_OBJECT_FROM_MASTER
+                                       0: DRSUAPI_DS_REPLICA_OBJECT_DYNAMIC
+                                       0: DRSUAPI_DS_REPLICA_OBJECT_REMOTE_MODIFY
+                                attribute_ctr: struct drsuapi_DsReplicaAttributeCtr
+                                    num_attributes           : 0x00000000 (0)
+                                    attributes               : NULL
+                            is_nc_prefix             : 0x00000000 (0)
+                            parent_object_guid       : NULL
+                            meta_data_ctr            : *
+                                meta_data_ctr: struct drsuapi_DsReplicaMetaDataCtr
+                                    count                    : 0x00000000 (0)
+                                    meta_data: ARRAY(0)
+                        next_object: struct drsuapi_DsReplicaObjectListItemEx
+                            next_object              : NULL
+                            object: struct drsuapi_DsReplicaObject
+                                identifier               : NULL
+                                flags                    : 0x00100006 (1048582)
+                                       0: DRSUAPI_DS_REPLICA_OBJECT_FROM_MASTER
+                                       1: DRSUAPI_DS_REPLICA_OBJECT_DYNAMIC
+                                       0: DRSUAPI_DS_REPLICA_OBJECT_REMOTE_MODIFY
+                                attribute_ctr: struct drsuapi_DsReplicaAttributeCtr
+                                    num_attributes           : 0x00000001 (1)
+                                    attributes               : *
+                                        attributes: ARRAY(1)
+                                            attributes: struct drsuapi_DsReplicaAttribute
+                                                attid                    : DRSUAPI_ATTID_cn (0x3)
+                                                value_ctr: struct drsuapi_DsAttributeValueCtr
+                                                    num_values               : 0x00000001 (1)
+                                                    values                   : *
+                                                        values: ARRAY(1)
+                                                            values: struct drsuapi_DsAttributeValue
+                                                                string                   : 'NULL'
+                            is_nc_prefix             : 0x00000001 (1)
+                            parent_object_guid       : *
+                                parent_object_guid       : 00100006-0001-0008-0100-000000000000
+                            meta_data_ctr            : *
+                                meta_data_ctr: struct drsuapi_DsReplicaMetaDataCtr
+                                    count                    : 0x00000000 (0)
+                                    meta_data: ARRAY(0)
+                    more_data                : 0x00000000 (0)
+            result                   : DOS code 0x00000100
+dump OK
diff --git a/source4/librpc/tests/fuzzed_drsuapi_DsReplicaAttribute.b64.txt b/source4/librpc/tests/fuzzed_drsuapi_DsReplicaAttribute.b64.txt
new file mode 100644
index 0000000..783d063
--- /dev/null
+++ b/source4/librpc/tests/fuzzed_drsuapi_DsReplicaAttribute.b64.txt
@@ -0,0 +1 @@
+AAAAAAEAAAABAACAAQAAAAEAAAAAAAAAAAAAAAD/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
diff --git a/source4/librpc/tests/fuzzed_drsuapi_DsReplicaAttribute.txt b/source4/librpc/tests/fuzzed_drsuapi_DsReplicaAttribute.txt
new file mode 100644
index 0000000..f32efee
--- /dev/null
+++ b/source4/librpc/tests/fuzzed_drsuapi_DsReplicaAttribute.txt
@@ -0,0 +1,60 @@
+pull returned Success
+WARNING! 179 unread bytes
+[0000] 00 00 00 00 00 FF 00 00   00 00 00 00 00 00 00 00   ........ ........
+skipping zero buffer bytes
+[0040] 00 00 00 00 00 00 00 00   00 40 00 00 00 00 00 00   ........ .@......
+skipping zero buffer bytes
+[0060] 00 00 00 40 00 00 00 00   00 00 00 00 00 00 00 00   ...@.... ........
+skipping zero buffer bytes
+[0080] 00 00 00 40 00 00 00 00   00 00 00 00 00 00 00 00   ...@.... ........
+[0090] 00 00 00 00 00 00 00 00   00 00 00 00 00 40 00 00   ........ .....@..
+skipping zero buffer bytes
+[00B0] 00 00 00                                            ...
+    drsuapi_DsReplicaAttribute: struct drsuapi_DsReplicaAttribute
+        attid                    : DRSUAPI_ATTID_objectClass (0x0)
+        value_ctr: struct drsuapi_DsAttributeValueCtr
+            num_values               : 0x00000001 (1)
+            values                   : *
+                values: ARRAY(1)
+                    values: struct drsuapi_DsAttributeValue
+                        attid                    : 'NULL'
+push returned Success
+pull returned Success
+    drsuapi_DsReplicaAttribute: struct drsuapi_DsReplicaAttribute
+        attid                    : DRSUAPI_ATTID_objectClass (0x0)
+        value_ctr: struct drsuapi_DsAttributeValueCtr
+            num_values               : 0x00000001 (1)
+            values                   : *
+                values: ARRAY(1)
+                    values: struct drsuapi_DsAttributeValue
+                        attid                    : 'NULL'
+WARNING! orig bytes:203 validated pushed bytes:24
+WARNING! orig and validated differ at byte 0x08 (8)
+WARNING! orig byte[0x08] = 0x01 validated byte[0x08] = 0x00
+-[0000] 00 00 00 00 01 00 00 00   01 00 00 80 01 00 00 00   ........ ........
++[0000] 00 00 00 00 01 00 00 00   00 00 02 00 01 00 00 00   ........ ........
+-[0010] 01 00 00 00 00 00 00 00   00 00 00 00 00 FF 00 00   ........ ........
++[0010] 00 00 00 00 00 00 00 00                             ........
+-[0020] 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
++[0020]                                                     EMPTY   BLOCK
+-[0030] 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
++[0030]                                                     EMPTY   BLOCK
+-[0040] 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
++[0040]                                                     EMPTY   BLOCK
+-[0050] 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
++[0050]                                                     EMPTY   BLOCK
+-[0060] 00 40 00 00 00 00 00 00   00 00 00 00 00 00 00 00   .@...... ........
++[0060]                                                     EMPTY   BLOCK
+-[0070] 00 00 00 00 00 00 00 00   00 00 00 40 00 00 00 00   ........ ...@....
++[0070]                                                     EMPTY   BLOCK
+-[0080] 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
++[0080]                                                     EMPTY   BLOCK
+-[0090] 00 00 00 00 00 00 00 00   00 00 00 40 00 00 00 00   ........ ...@....
++[0090]                                                     EMPTY   BLOCK
+-[00A0] 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
++[00A0]                                                     EMPTY   BLOCK
+-[00B0] 00 00 00 00 00 40 00 00   00 00 00 00 00 00 00 00   .....@.. ........
++[00B0]                                                     EMPTY   BLOCK
+-[00C0] 00 00 00 00 00 00 00 00   00 00 00                  ........ ...
++[00C0]                                                     EMPTY   BLOCK
+dump OK
diff --git a/source4/librpc/tests/fuzzed_drsuapi_DsaAddressListItem_V1-in.b64.txt b/source4/librpc/tests/fuzzed_drsuapi_DsaAddressListItem_V1-in.b64.txt
new file mode 100755
index 0000000..7d9f6f2
--- /dev/null
+++ b/source4/librpc/tests/fuzzed_drsuapi_DsaAddressListItem_V1-in.b64.txt
@@ -0,0 +1 @@
+AwAAAAMAAAAAAAAAAQAAAAYAFQABAAAAAAAVAAEAAAAGAAAVAwAAAAMAAAADAAAAAP4AAAMQP3uHAAAAAQAAAAYAFQABAAAAAQAVAAEAAAAGAAAVAwAAAAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVVVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYUxhXt7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3///////9/wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX//////////////////////////////wwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9////////f8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////8AAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYU6hYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF//////////////////////////////8MDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f///////3/DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////8AAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX//////////////////////////////wwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYUAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////wAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhTqFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX//////////////////////////////wwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwM/QwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9////////f8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/T09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////wAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf//////////////////////////////DAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3///////9/wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX//////////////////////////////wwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAkAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDFZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7YAAAAAAAAAB7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////////////////////////////////////////////////Av///1EAAAD///f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlVVVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFAAYAAACFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYIFhYX///////////////8UAAZV/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVVVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhQAGAAAAhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYX//////////////////////////wL///9RAAAA///3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVVVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhQAGAAAAhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWCBYWF////////////////FAAGVf+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////////////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAD///////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF//////////////////////////////8MDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT0/wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3s2ACwse3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF//////////////////////////////8MDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f///////3/DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////AAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAA/////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3///////9/wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////wAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf//////////////////////////////DAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3///////9/wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX//////////////////////////////wwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f///////3/DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf//////////////////////////////DAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAACQAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3tgAAAAAAAAAHt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////////////////////////////////////////////////8C////UQAAAP//9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVVVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYUABgAAAIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFggWFhf///////////////xQABlX/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlVVVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFAAYAAACFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhf//////////////////////////Av///1EAAAD///f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlVVVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFAAYAAACFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYIFhYX///////////////8UAAZV/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAP///////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX//////////////////////////////wwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT/AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7ezYALCx7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX//////////////////////////////wwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9////////f8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////8AAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAD/////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f///////3/DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////AAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF//////////////////////////////8MDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f///////3/DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf//////////////////////////////DAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAACQAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3tgAAAAAAAAAHt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////////////////////////////////////////////////8C////UQAAAP//9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVVVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYUABgAAAIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFggWFhf///////////////xQABlX/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3ure3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlVVVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFAAYAAACFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhf//////////////////////////Av///1EAAAD///f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlVVVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFAAYAAACFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYIFhYX///////////////8UAAZV/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP////////////////////////////////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF//////////////////////////////8MDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAJAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAxWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e2AAAAAAAAAAe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////////////////////////////////////////////////wL///9RAAAA///3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVVVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhQAGAAAAhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWCBYWF////////////////FAAGVf+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////////////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////AAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF//////////////////////////////8MDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f///////3/DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf//////////////////////////////DAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAACQAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3tgAAAAAAAAAHt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////////////////////////////////////////////////8C////UQAAAP//9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVVVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYUABgAAAIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFggWFhf///////////////xQABlX/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3ure3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlVVVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFAAYAAACFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhf//////////////////////////Av///1EAAAD///f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlVVVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFAAYAAACFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYIFhYX///////////////8UAAZV/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAP///////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX//////////////////////////////wwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT/AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7ezYALCx7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX//////////////////////////////wwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9P///////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3///////9/wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////8AAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX//////////////////////////////wwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYUAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////wAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhTqFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX//////////////////////////////wwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9////////f8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/T09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////wAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf//////////////////////////////DAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3///////9/wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX//////////////////////////////wwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAkAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDFZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7YAAAAAAAAAB7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////////////////////////////////////////////////Av///1EAAAD///f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlVVVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFAAYAAACFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYIFhYX///////////////8UAAZV/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVVVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhQAGAAAAhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYX//////////////////////////wL///9RAAAA///3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVVVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhQAGAAAAhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWCBYWF////////////////FAAGVf+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////////////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAD///////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF//////////////////////////////8MDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT0/wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3s2ACwse3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF//////////////////////////////8MDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f///////3/DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////AAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAA/////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3///////9/wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////wAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwDACYAAP////////////8AAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX//////////////////////////////wwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9////////f8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF//////////////////////////////8MDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAJAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAxWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e2AAAAAAAAAAe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////////////////////////////////////////////////wL///9RAAAA///3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVVVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhQAGAAAAhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWCBYWF////////////////FAAGVf+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////////////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVVVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYUABgAAAIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWF//////////////////////////8C////UQAAAP//9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVVVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYUABgAAAIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFggWFhf///////////////xQABlX/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAA////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf//////////////////////////////DAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09P8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7NgAsLHt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf//////////////////////////////DAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3///////9/wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////wAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAP////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9////////f8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////8AAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX//////////////////////////////wwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9////////f8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF//////////////////////////////8MDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3///////9/wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX//////////////////////////////wwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAkAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDFZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7YAAAAAAAAAB7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////////////////////////////////////////////////Av///1EAAAD///f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlVVVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFAAYAAACFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYIFhYX///////////////8UAAZV/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVVVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhQAGAAAAhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYX//////////////////////////wL///9RAAAA///3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVVVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhQAGAAAAhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWCBYWF////////////////FAAGVf+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////////////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAD///////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF//////////////////////////////8MDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT0/wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3s2ACwse3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF//////////////////////////////8MDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f///////3/DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////AAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAA/////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3///////9/wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////wAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e417e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf//////////////////////////////DAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3///////9/wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX//////////////////////////////wwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAkAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDFZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7YAAAAAAAAAB7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////////////////////////////////////////////////Av///1EAAAD///f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlVVVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFAAYAAACFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYIFhYX///////////////8UAAZV/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7q3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVVVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhQAGAAAAhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYX//////////////////////////wL///9RAAAA///3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVVVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhQAGAAAAhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWCBYWF////////////////FAAGVf+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////////////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD/////////////////////////////////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf//////////////////////////////DAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAACQAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3tgAAAAAAAAAHt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////////////////////////////////////////////////8C////UQAAAP//9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVVVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYUABgAAAIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFggWFhf///////////////xQABlX/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////wAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf//////////////////////////////DAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3///////9/wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX//////////////////////////////wwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAkAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDFZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7YAAAAAAAAAB7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////////////////////////////////////////////////Av///1EAAAD///f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlVVVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFAAYAAACFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYIFhYX///////////////8UAAZV/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7q3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVVVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhQAGAAAAhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYX//////////////////////////wL///9RAAAA///3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVVVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhQAGAAAAhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWCBYWF////////////////FAAGVf+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////////////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAD///////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF//////////////////////////////8MDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT0/wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3s2ACwse3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF//////////////////////////////8MDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT///////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9////////f8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////39PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////AAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF//////////////////////////////8MDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////8AAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYU6hYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF//////////////////////////////8MDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f///////3/DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////8AAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX///////8N/////////////////////wwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9////////f8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF//////////////////////////////8MDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAJAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAxWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e2AAAAAAAAAAe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////////////////////////////////////////////////wL///9RAAAA///3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVVVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhQAGAAAAhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWCBYWF////////////////FAAGVf+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////////////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVVVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYUABgAAAIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWF//////////////////////////8C////UQAAAP//9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVVVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYUABgAAAIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFggWFhf///////////////xQABlX/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAA////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf//////////////////////////////DAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09P8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7NgAsLHt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf//////////////////////////////DAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3///////9/wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////wAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAP////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9////////f8MDCEMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////AAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF//////////////////////////////8MDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f///////3/DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf//////////////////////////////DAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9////////f8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF//////////////////////////////8MDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAJAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAxWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e2AAAAAAAAAAe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////////////////////////////////////////////////wL///9RAAAA///3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVVVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhQAGAAAAhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWCBYWF////////////////FAAGVf+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////////////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVVVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYUABgAAAIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWF//////////////////////////8C////UQAAAP//9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVVVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYUABgAAAIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFggWFhf///////////////xQABlX/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAA////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf//////////////////////////////DAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09P8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7NwAsLHt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf//////////////////////////////DAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3///////9/wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////wAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAP////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9////////f8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf//////////////////////////////DAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3///////9/wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////wAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhTqFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX//////////////////////////////wwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9////////f8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/T09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////wAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf//////////////////////////////DAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhQAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////AAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFOoWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf//////////////////////////////DAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAz9DAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3///////9/wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////39PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////AAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF//////////////////////////////8MDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f///////3/DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf//////////////////////////////DAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAACQAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3tgAAAAAAAAAHt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////////////////////////////////////////////////8C////UQAAAP//9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVVVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYUABgAAAIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFggWFhf///////////////xQABlX/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlVVVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFAAYAAACFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhf//////////////////////////Av///1EAAAD///f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlVVVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFAAYAAACFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYIFhYX///////////////8UAAZV/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAP///////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX//////////////////////////////wwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT/AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7ezYALCx7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX//////////////////////////////wwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9////////f8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////8AAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAD/////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f///////3/DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////AAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF//////////////////////////////8MDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f///////3/DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf//////////////////////////////DAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9////////f8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF//////////////////////////////8MDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAJAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAxWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e2AAAAAAAAAAe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////////////////////////////////////////////////wL///9RAAAA///3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVVVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhQAGAAAAhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWCBYWF////////////////FAAGVf+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////////////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVVVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYUABgAAAIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWF//////////////////////////8C////UQAAAP//9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVVVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYUABgAAAIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFggWFhf///////////////xQABlX/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAA////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf//////////////////////////////DAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09P8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7NgAsLHt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf//////////////////////////////DAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3///////9/wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////wAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAP////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9////////f8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////8AAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX//////////////////////////////wwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9////////f8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF//////////////////////////////8MDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAJAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAxWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e2AAAAAAAAAAe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////////////////////////////////////////////////wL///9RAAAA///3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVVVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhQAGAAAAhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWCBYWF////////////////FAAGVf+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e6t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////////////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVVVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYUABgAAAIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWF//////////////////////////8C////UQAAAP//9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVVVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYUABgAAAIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFggWFhf///////////////xQABlX/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw/////////////////////////////////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX//////////////////////////////wwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAkAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDFZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7YAAAAAAAAAB7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////////////////////////////////////////////////Av///1EAAAD///f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlVVVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFAAYAAACFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYIFhYX///////////////8UAAZV/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////8AAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX//////////////////////////////wwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9////////f8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF//////////////////////////////8MDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAJAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAxWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e2AAAAAAAAAAe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////////////////////////////////////////////////wL///9RAAAA///3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVVVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhQAGAAAAhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWCBYWF////////////////FAAGVf+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e6t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////////////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVVVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYUABgAAAIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWF//////////////////////////8C////UQAAAP//9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVVVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYUABgAAAIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFggWFhf///////////////xQABlX/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAA////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf//////////////////////////////DAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09P8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7NgAsLHt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf//////////////////////////////DAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX0////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f///////3/DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/T09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////wAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf//////////////////////////////DAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhQAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////AAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFOoWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf//////////////////////////////DAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3///////9/wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////39PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////AAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF//////////////////////////////8MDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f///////3/DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf//////////////////////////////DAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAACQAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3tgAAAAAAAAAHt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////////////////////////////////////////////////8C////UQAAAP//9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVVVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYUABgAAAIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFggWFhf///////////////xQABlX/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlVVVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFAAYAAACFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhf//////////////////////////Av///1EAAAD///f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlVVVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFAAYAAACFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYIFhYX///////////////8UAAZV/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAP///////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX//////////////////////////////wwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT/AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7ezYALCx7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX//////////////////////////////wwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9////////f8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////8AAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAD/////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f///////3/DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////AAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAMAJgAA/////////////wAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf//////////////////////////////DAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3///////9/wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX//////////////////////////////wwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAkAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDFZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7YAAAAAAAAAB7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////////////////////////////////////////////////Av///1EAAAD///f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlVVVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFAAYAAACFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYIFhYX///////////////8UAAZV/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVVVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhQAGAAAAhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYX//////////////////////////wL///9RAAAA///3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVVVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhQAGAAAAhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWCBYWF////////////////FAAGVf+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////////////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAD///////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF//////////////////////////////8MDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT0/wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3s2ACwse3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF//////////////////////////////8MDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f///////3/DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////AAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAA/////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3///////9/wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////wAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf//////////////////////////////DAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3///////9/wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX//////////////////////////////wwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f///////3/DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf//////////////////////////////DAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAACQAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3tgAAAAAAAAAHt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////////////////////////////////////////////////8C////UQAAAP//9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVVVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYUABgAAAIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFggWFhf///////////////xQABlX/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlVVVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFAAYAAACFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhf//////////////////////////Av///1EAAAD///f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlVVVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFAAYAAACFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYIFhYX///////////////8UAAZV/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAP///////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX//////////////////////////////wwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT/AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7ezYALCx7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX//////////////////////////////wwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9////////f8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////8AAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAD/////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f///////3/DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////AAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7jXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF//////////////////////////////8MDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f///////3/DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf//////////////////////////////DAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAACQAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3tgAAAAAAAAAHt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////////////////////////////////////////////////8C////UQAAAP//9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVVVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYUABgAAAIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFggWFhf///////////////xQABlX/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3ure3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlVVVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFAAYAAACFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhf//////////////////////////Av///1EAAAD///f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlVVVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFAAYAAACFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYIFhYX///////////////8UAAZV/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP////////////////////////////////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF//////////////////////////////8MDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAJAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAxWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e2AAAAAAAAAAe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////////////////////////////////////////////////wL///9RAAAA///3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVVVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhQAGAAAAhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWCBYWF////////////////FAAGVf+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////////////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////AAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF//////////////////////////////8MDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f///////3/DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf//////////////////////////////DAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAACQAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3tgAAAAAAAAAHt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////////////////////////////////////////////////8C////UQAAAP//9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVVVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYUABgAAAIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFggWFhf///////////////xQABlX/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3ure3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlVVVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFAAYAAACFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhf//////////////////////////Av///1EAAAD///f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlVVVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFAAYAAACFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYIFhYX///////////////8UAAZV/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9/////////8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAP///////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX//////////////////////////////wwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT/AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7ezYALCx7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX//////////////////////////////wwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9P///////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3///////9/wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////8AAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX//////////////////////////////wwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYUAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////wAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhTqFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3////////ARz//////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////8AAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX/////////////l5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eX////////////////////////////////////////////Av////////////f/////////////////cHBwcHBwcP//////////cHBw////////////////////////////////////////////AAYAFQD0AQAAAAEAFQABAAD+BfT09PT0W/T09PT09PT09PT09PT09PT09PT09PT09PT09AAAAAAAAQAAAAYAFQD0AQAAAAEAFQABAAD+BfT09PT09PT09PT/hYWFVlV+VVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFe3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7hYWFggWFhf///////////////xQABlX///8GAAMAAgAAAAIAAAAGAAMAJgAA/////////////////////////////////////wL////////////3/////////wwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM////////cHBwcHBwcP+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYKFhYX//////////////////////////////wwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVX5VVVVVVVOFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYUMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////+Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5f///////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYWFhYWFhYWFhYWFp4WFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////////////////////8C////////////9////////f8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD/hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFp4UMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAyFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWChYWF/////////////5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl////////////////////////////////////////////wL////////////3/////////////////3BwcHBwcHD//////////3BwcP///////////////////////////////////////////wAGABUA9AEAAAABABUAAQAA/gX09PT09Fv09PT09PT09PT09PT09PT09PT09PT09PT09PQAAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVflVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhXt7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e4WFhYIFhYX///////////////8UAAZV////BgADAAIAAAACAAAABgADACYAAP////////////////////8AAAAAAAEAAAAGABUA9AEAAAABABUAAQAA/gX09PT09PT09PT0/4WFhVZVVVVVVVVThYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhQAGAAAAhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWCBYWF////////////////FAAGVf+FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYV7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3uFhYWCBYWF////////////////FAAGVf///wYAAwACAAAAAgAAAAYAAwAmAAD/////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz///////9wcHBwcHBw/4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhaeFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgoWFhf////////////////////////////////////////////////////////8C////////////9/////////////////9wcHBwcHBw//////////9wcHD///////////////////////////////////////////8ABgAVAPQBAAAAAQAVAAEAAP4F9PT09PRb9PT09PT09PT09PT09PT09PT09PT09PT09PT0AAAAAAABAAAABgAVAPQBAAAAAQAVAAEAAP4F9PT09PT09PT09P+FhYVWVVVVVVVVU4WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWnhYWFhYWFhYUABgAAAIWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFggWFhf///////////////xQABlX/////////////////////////////////////////Av////////////f/////////DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDNnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP///////3BwcHBwcHD//////////3BwcP//////////////AED/////////////////////////////9P//////9ABUVFRUVFRUVFRUVFRUVFRUVFRUVFRUVFRUVFRUVFRUVFRUVFRUVFRUVFRUVFRUVFRUVFRUVFRUVFRUVAAAAABUVFRUVFRUVFRUVFRUVFRUVFRUVAIAAAAAAAAAdAAAAAAAAPT//////////////3BwcP///////////////////////////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAP////////////T///////QAAgAAAAAAAAAAAAB0AAAAAAAA9P//////9AACAAAAAAAAAHQAAAAAAAD09PT09PT09Pss9PT09PT09AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQf///6qqqqqqqgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAAAAAAAAAAAAA= --ndr64
diff --git a/source4/librpc/tests/fuzzed_ntlmssp-AUTHENTICATE_MESSAGE.b64.txt b/source4/librpc/tests/fuzzed_ntlmssp-AUTHENTICATE_MESSAGE.b64.txt
new file mode 100644
index 0000000..0a10ab0
--- /dev/null
+++ b/source4/librpc/tests/fuzzed_ntlmssp-AUTHENTICATE_MESSAGE.b64.txt
@@ -0,0 +1 @@
+AA4AAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAzOQAAAAAAAAABAAAAAAAAAAD//gAAAAAAAAAABDMyMTUyMTE1MDI2MzE0Njg3/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+5+T2dekB8vfW3brf3WrDRDczOQAAAAA=
diff --git a/source4/librpc/tests/fuzzed_ntlmssp-AUTHENTICATE_MESSAGE.txt b/source4/librpc/tests/fuzzed_ntlmssp-AUTHENTICATE_MESSAGE.txt
new file mode 100644
index 0000000..7ce507c
--- /dev/null
+++ b/source4/librpc/tests/fuzzed_ntlmssp-AUTHENTICATE_MESSAGE.txt
@@ -0,0 +1,167 @@
+pull returned Success
+WARNING! 188 unread bytes
+[0000] 04 33 32 31 35 32 31 31   35 30 32 36 33 31 34 36   .3215211 50263146
+[0010] 38 37 FE FE FE FE FE FE   FE FE FE FE FE FE FE FE   87...... ........
+[0020] FE FE FE FE FE FE FE FE   FE FE FE FE FE FE FE FE   ........ ........
+[0030] FE FE FE FE FE FE FE FE   FE FE FE FE FE FE FE FE   ........ ........
+[0040] FE FE FE FE FE FE FE FE   FE FE FE FE FE FE FE FE   ........ ........
+[0050] FE FE FE FE FE FE FE FE   FE FE FE FE FE FE FE FE   ........ ........
+[0060] FE FE FE FE FE FE FE FE   FE FE FE FE FE FE FE FE   ........ ........
+[0070] FE FE FE FE FE FE FE FE   FE FE FE FE FE FE FE FE   ........ ........
+[0080] FE FE FE FE FE FE FE FE   FE FE FE FE FE FE FE FE   ........ ........
+[0090] FE FE FE FE FE FE FE FE   FE FE FE FE FE FE FE FE   ........ ........
+[00A0] FE FE FE FE FE E7 E4 F6   75 E9 01 F2 F7 D6 DD BA   ........ u.......
+[00B0] DF DD 6A C3 44 37 33 39   00 00 00 00               ..j.D739 ....
+    AUTHENTICATE_MESSAGE: struct AUTHENTICATE_MESSAGE
+        Signature                : ''
+        MessageType              : UNKNOWN_ENUM_VALUE (0)
+        LmChallengeResponseLen   : 0x0000 (0)
+        LmChallengeResponseMaxLen: 0x0000 (0)
+        LmChallengeResponse      : NULL
+        NtChallengeResponseLen   : 0x0000 (0)
+        NtChallengeResponseMaxLen: 0x0000 (0)
+        NtChallengeResponse      : NULL
+        DomainNameLen            : 0x0000 (0)
+        DomainNameMaxLen         : 0x0000 (0)
+        DomainName               : NULL
+        UserNameLen              : 0x0000 (0)
+        UserNameMaxLen           : 0x0001 (1)
+        UserName                 : NULL
+        WorkstationLen           : 0x3933 (14643)
+        WorkstationMaxLen        : 0x0000 (0)
+        Workstation              : NULL
+        EncryptedRandomSessionKeyLen: 0x0100 (256)
+        EncryptedRandomSessionKeyMaxLen: 0x0000 (0)
+        EncryptedRandomSessionKey: NULL
+        NegotiateFlags           : 0xfeff0000 (4278124544)
+               0: NTLMSSP_NEGOTIATE_UNICODE
+               0: NTLMSSP_NEGOTIATE_OEM    
+               0: NTLMSSP_REQUEST_TARGET   
+               0: NTLMSSP_NEGOTIATE_SIGN   
+               0: NTLMSSP_NEGOTIATE_SEAL   
+               0: NTLMSSP_NEGOTIATE_DATAGRAM
+               0: NTLMSSP_NEGOTIATE_LM_KEY 
+               0: NTLMSSP_NEGOTIATE_NETWARE
+               0: NTLMSSP_NEGOTIATE_NTLM   
+               0: NTLMSSP_NEGOTIATE_NT_ONLY
+               0: NTLMSSP_ANONYMOUS        
+               0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
+               0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
+               0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
+               0: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
+               1: NTLMSSP_TARGET_TYPE_DOMAIN
+               1: NTLMSSP_TARGET_TYPE_SERVER
+               1: NTLMSSP_TARGET_TYPE_SHARE
+               1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
+               1: NTLMSSP_NEGOTIATE_IDENTIFY
+               1: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
+               1: NTLMSSP_NEGOTIATE_TARGET_INFO
+               1: NTLMSSP_NEGOTIATE_VERSION
+               1: NTLMSSP_NEGOTIATE_128    
+               1: NTLMSSP_NEGOTIATE_KEY_EXCH
+               1: NTLMSSP_NEGOTIATE_56     
+        Version: struct ntlmssp_VERSION
+            ProductMajorVersion      : UNKNOWN_ENUM_VALUE (0)
+            ProductMinorVersion      : NTLMSSP_WINDOWS_MINOR_VERSION_0 (0)
+            ProductBuild             : 0x0000 (0)
+            Reserved: ARRAY(3)
+                [0]                      : 0x00 (0)
+                [1]                      : 0x00 (0)
+                [2]                      : 0x00 (0)
+            NTLMRevisionCurrent      : UNKNOWN_ENUM_VALUE (0)
+push returned Success
+pull returned Success
+    AUTHENTICATE_MESSAGE: struct AUTHENTICATE_MESSAGE
+        Signature                : 'NTLMSSP'
+        MessageType              : NtLmAuthenticate (3)
+        LmChallengeResponseLen   : 0x0000 (0)
+        LmChallengeResponseMaxLen: 0x0000 (0)
+        LmChallengeResponse      : NULL
+        NtChallengeResponseLen   : 0x0000 (0)
+        NtChallengeResponseMaxLen: 0x0000 (0)
+        NtChallengeResponse      : NULL
+        DomainNameLen            : 0x0000 (0)
+        DomainNameMaxLen         : 0x0000 (0)
+        DomainName               : NULL
+        UserNameLen              : 0x0000 (0)
+        UserNameMaxLen           : 0x0000 (0)
+        UserName                 : NULL
+        WorkstationLen           : 0x0000 (0)
+        WorkstationMaxLen        : 0x0000 (0)
+        Workstation              : NULL
+        EncryptedRandomSessionKeyLen: 0x0000 (0)
+        EncryptedRandomSessionKeyMaxLen: 0x0000 (0)
+        EncryptedRandomSessionKey: NULL
+        NegotiateFlags           : 0xfeff0000 (4278124544)
+               0: NTLMSSP_NEGOTIATE_UNICODE
+               0: NTLMSSP_NEGOTIATE_OEM    
+               0: NTLMSSP_REQUEST_TARGET   
+               0: NTLMSSP_NEGOTIATE_SIGN   
+               0: NTLMSSP_NEGOTIATE_SEAL   
+               0: NTLMSSP_NEGOTIATE_DATAGRAM
+               0: NTLMSSP_NEGOTIATE_LM_KEY 
+               0: NTLMSSP_NEGOTIATE_NETWARE
+               0: NTLMSSP_NEGOTIATE_NTLM   
+               0: NTLMSSP_NEGOTIATE_NT_ONLY
+               0: NTLMSSP_ANONYMOUS        
+               0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
+               0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
+               0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
+               0: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
+               1: NTLMSSP_TARGET_TYPE_DOMAIN
+               1: NTLMSSP_TARGET_TYPE_SERVER
+               1: NTLMSSP_TARGET_TYPE_SHARE
+               1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
+               1: NTLMSSP_NEGOTIATE_IDENTIFY
+               1: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
+               1: NTLMSSP_NEGOTIATE_TARGET_INFO
+               1: NTLMSSP_NEGOTIATE_VERSION
+               1: NTLMSSP_NEGOTIATE_128    
+               1: NTLMSSP_NEGOTIATE_KEY_EXCH
+               1: NTLMSSP_NEGOTIATE_56     
+        Version: struct ntlmssp_VERSION
+            ProductMajorVersion      : UNKNOWN_ENUM_VALUE (0)
+            ProductMinorVersion      : NTLMSSP_WINDOWS_MINOR_VERSION_0 (0)
+            ProductBuild             : 0x0000 (0)
+            Reserved: ARRAY(3)
+                [0]                      : 0x00 (0)
+                [1]                      : 0x00 (0)
+                [2]                      : 0x00 (0)
+            NTLMRevisionCurrent      : UNKNOWN_ENUM_VALUE (0)
+WARNING! orig bytes:260 validated pushed bytes:72
+WARNING! orig and validated differ at byte 0x00 (0)
+WARNING! orig byte[0x00] = 0x00 validated byte[0x00] = 0x4E
+-[0000] 00 0E 00 00 00 00 04 00   00 00 00 00 00 00 00 00   ........ ........
++[0000] 4E 54 4C 4D 53 53 50 00   03 00 00 00 00 00 00 00   NTLMSSP. ........
+skipping zero buffer bytes
+-[0020] 00 00 00 00 00 00 01 00   00 00 00 00 33 39 00 00   ........ ....39..
++[0020] 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
+-[0030] 00 00 00 00 00 01 00 00   00 00 00 00 00 00 FF FE   ........ ........
++[0030] 00 00 00 00 00 00 00 00   00 00 00 00 00 00 FF FE   ........ ........
+-[0040] 00 00 00 00 00 00 00 00   04 33 32 31 35 32 31 31   ........ .3215211
++[0040] 00 00 00 00 00 00 00 00                             ........
+-[0050] 35 30 32 36 33 31 34 36   38 37 FE FE FE FE FE FE   50263146 87......
++[0050]                                                     EMPTY   BLOCK
+-[0060] FE FE FE FE FE FE FE FE   FE FE FE FE FE FE FE FE   ........ ........
++[0060]                                                     EMPTY   BLOCK
+-[0070] FE FE FE FE FE FE FE FE   FE FE FE FE FE FE FE FE   ........ ........
++[0070]                                                     EMPTY   BLOCK
+-[0080] FE FE FE FE FE FE FE FE   FE FE FE FE FE FE FE FE   ........ ........
++[0080]                                                     EMPTY   BLOCK
+-[0090] FE FE FE FE FE FE FE FE   FE FE FE FE FE FE FE FE   ........ ........
++[0090]                                                     EMPTY   BLOCK
+-[00A0] FE FE FE FE FE FE FE FE   FE FE FE FE FE FE FE FE   ........ ........
++[00A0]                                                     EMPTY   BLOCK
+-[00B0] FE FE FE FE FE FE FE FE   FE FE FE FE FE FE FE FE   ........ ........
++[00B0]                                                     EMPTY   BLOCK
+-[00C0] FE FE FE FE FE FE FE FE   FE FE FE FE FE FE FE FE   ........ ........
++[00C0]                                                     EMPTY   BLOCK
+-[00D0] FE FE FE FE FE FE FE FE   FE FE FE FE FE FE FE FE   ........ ........
++[00D0]                                                     EMPTY   BLOCK
+-[00E0] FE FE FE FE FE FE FE FE   FE FE FE FE FE E7 E4 F6   ........ ........
++[00E0]                                                     EMPTY   BLOCK
+-[00F0] 75 E9 01 F2 F7 D6 DD BA   DF DD 6A C3 44 37 33 39   u....... ..j.D739
++[00F0]                                                     EMPTY   BLOCK
+-[0100] 00 00 00 00                                         ....
++[0100]                                                     EMPTY   BLOCK
+dump OK
diff --git a/source4/librpc/tests/fuzzed_ntlmssp-CHALLENGE_MESSAGE.txt b/source4/librpc/tests/fuzzed_ntlmssp-CHALLENGE_MESSAGE.txt
new file mode 100644
index 0000000..450c653
--- /dev/null
+++ b/source4/librpc/tests/fuzzed_ntlmssp-CHALLENGE_MESSAGE.txt
@@ -0,0 +1,89 @@
+pull returned Success
+    CHALLENGE_MESSAGE: struct CHALLENGE_MESSAGE
+        Signature                : ''
+        MessageType              : UNKNOWN_ENUM_VALUE (0x22700)
+        TargetNameLen            : 0x0000 (0)
+        TargetNameMaxLen         : 0x0000 (0)
+        TargetName               : *
+            TargetName               : ''
+        NegotiateFlags           : 0x00000000 (0)
+               0: NTLMSSP_NEGOTIATE_UNICODE
+               0: NTLMSSP_NEGOTIATE_OEM    
+               0: NTLMSSP_REQUEST_TARGET   
+               0: NTLMSSP_NEGOTIATE_SIGN   
+               0: NTLMSSP_NEGOTIATE_SEAL   
+               0: NTLMSSP_NEGOTIATE_DATAGRAM
+               0: NTLMSSP_NEGOTIATE_LM_KEY 
+               0: NTLMSSP_NEGOTIATE_NETWARE
+               0: NTLMSSP_NEGOTIATE_NTLM   
+               0: NTLMSSP_NEGOTIATE_NT_ONLY
+               0: NTLMSSP_ANONYMOUS        
+               0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
+               0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
+               0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
+               0: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
+               0: NTLMSSP_TARGET_TYPE_DOMAIN
+               0: NTLMSSP_TARGET_TYPE_SERVER
+               0: NTLMSSP_TARGET_TYPE_SHARE
+               0: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
+               0: NTLMSSP_NEGOTIATE_IDENTIFY
+               0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
+               0: NTLMSSP_NEGOTIATE_TARGET_INFO
+               0: NTLMSSP_NEGOTIATE_VERSION
+               0: NTLMSSP_NEGOTIATE_128    
+               0: NTLMSSP_NEGOTIATE_KEY_EXCH
+               0: NTLMSSP_NEGOTIATE_56     
+        ServerChallenge          : 00801b846f2eca4f
+        Reserved                 : 5d00bd26404ef730
+        TargetInfoLen            : 0x0000 (0)
+        TargetInfoMaxLen         : 0x0000 (0)
+        TargetInfo               : NULL
+push returned Success
+pull returned Success
+    CHALLENGE_MESSAGE: struct CHALLENGE_MESSAGE
+        Signature                : 'NTLMSSP'
+        MessageType              : NtLmChallenge (0x2)
+        TargetNameLen            : 0x0000 (0)
+        TargetNameMaxLen         : 0x0000 (0)
+        TargetName               : *
+            TargetName               : ''
+        NegotiateFlags           : 0x00000000 (0)
+               0: NTLMSSP_NEGOTIATE_UNICODE
+               0: NTLMSSP_NEGOTIATE_OEM    
+               0: NTLMSSP_REQUEST_TARGET   
+               0: NTLMSSP_NEGOTIATE_SIGN   
+               0: NTLMSSP_NEGOTIATE_SEAL   
+               0: NTLMSSP_NEGOTIATE_DATAGRAM
+               0: NTLMSSP_NEGOTIATE_LM_KEY 
+               0: NTLMSSP_NEGOTIATE_NETWARE
+               0: NTLMSSP_NEGOTIATE_NTLM   
+               0: NTLMSSP_NEGOTIATE_NT_ONLY
+               0: NTLMSSP_ANONYMOUS        
+               0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
+               0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
+               0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
+               0: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
+               0: NTLMSSP_TARGET_TYPE_DOMAIN
+               0: NTLMSSP_TARGET_TYPE_SERVER
+               0: NTLMSSP_TARGET_TYPE_SHARE
+               0: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
+               0: NTLMSSP_NEGOTIATE_IDENTIFY
+               0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
+               0: NTLMSSP_NEGOTIATE_TARGET_INFO
+               0: NTLMSSP_NEGOTIATE_VERSION
+               0: NTLMSSP_NEGOTIATE_128    
+               0: NTLMSSP_NEGOTIATE_KEY_EXCH
+               0: NTLMSSP_NEGOTIATE_56     
+        ServerChallenge          : 00801b846f2eca4f
+        Reserved                 : 5d00bd26404ef730
+        TargetInfoLen            : 0x0000 (0)
+        TargetInfoMaxLen         : 0x0000 (0)
+        TargetInfo               : NULL
+WARNING! orig and validated differ at byte 0x00 (0)
+WARNING! orig byte[0x00] = 0x00 validated byte[0x00] = 0x4E
+-[0000] 00 00 00 0B 02 00 00 00   00 27 02 00 00 00 00 00   ........ .'......
++[0000] 4E 54 4C 4D 53 53 50 00   02 00 00 00 00 00 00 00   NTLMSSP. ........
+-[0010] 07 00 00 00 00 00 00 00   00 80 1B 84 6F 2E CA 4F   ........ ....o..O
++[0010] 30 00 00 00 00 00 00 00   00 80 1B 84 6F 2E CA 4F   0....... ....o..O
+ [0020] 5D 00 BD 26 40 4E F7 30   00 00 00 00 00 00 00 00   ]..&@N.0 ........
+dump OK
diff --git a/source4/librpc/tests/gmsa_MANAGEDPASSWORD_BLOB.txt b/source4/librpc/tests/gmsa_MANAGEDPASSWORD_BLOB.txt
new file mode 100644
index 0000000..b77d0e3
--- /dev/null
+++ b/source4/librpc/tests/gmsa_MANAGEDPASSWORD_BLOB.txt
@@ -0,0 +1,28 @@
+pull returned Success
+    MANAGEDPASSWORD_BLOB: struct MANAGEDPASSWORD_BLOB
+        version                  : 0x0001 (1)
+        reserved                 : 0x0000 (0)
+        length                   : 0x00000122 (290)
+        passwords: struct MANAGEDPASSWORD_BLOB_PASSWORDS
+            current                  : *
+                current: ARRAY(256): <REDACTED SECRET VALUES>
+            previous                 : NULL
+            query_interval           : *
+                query_interval           : 0x0000178069019574 (25840284964212)
+            unchanged_interval       : *
+                unchanged_interval       : 0x0000177fb6313774 (25837284964212)
+push returned Success
+pull returned Success
+    MANAGEDPASSWORD_BLOB: struct MANAGEDPASSWORD_BLOB
+        version                  : 0x0001 (1)
+        reserved                 : 0x0000 (0)
+        length                   : 0x00000122 (290)
+        passwords: struct MANAGEDPASSWORD_BLOB_PASSWORDS
+            current                  : *
+                current: ARRAY(256): <REDACTED SECRET VALUES>
+            previous                 : NULL
+            query_interval           : *
+                query_interval           : 0x0000178069019574 (25840284964212)
+            unchanged_interval       : *
+                unchanged_interval       : 0x0000177fb6313774 (25837284964212)
+dump OK
diff --git a/source4/librpc/tests/krb5pac-PAC_DATA.dat b/source4/librpc/tests/krb5pac-PAC_DATA.dat
new file mode 100644
index 0000000..71b48d9
Binary files /dev/null and b/source4/librpc/tests/krb5pac-PAC_DATA.dat differ
diff --git a/source4/librpc/tests/krb5pac_upn_dns_info_ex.b64.txt b/source4/librpc/tests/krb5pac_upn_dns_info_ex.b64.txt
new file mode 100644
index 0000000..02b5706
--- /dev/null
+++ b/source4/librpc/tests/krb5pac_upn_dns_info_ex.b64.txt
@@ -0,0 +1 @@
+BgAAAAAAAAABAAAA0AEAAGgAAAAAAAAACgAAABwAAAA4AgAAAAAAAAwAAACoAAAAWAIAAAAAAAAGAAAAFAAAAAADAAAAAAAABwAAABAAAAAYAwAAAAAAABAAAAAQAAAAKAMAAAAAAAABEAgAzMzMzMABAAAAAAAAAAACAAAAAAAAAAAA/////////3//////////f7pMcCzXv9cBugzaVqDA1wG6zMkh2ODXARIAEgAEAAIAAAAAAAgAAgAAAAAADAACAAAAAAAQAAIAAAAAABQAAgAAAAAAGAACAAAAAACOBAAAAQIAAAEAAAAcAAIAIAAAAAAAAAAAAAAAAAAAAAAAAAAOABAAIAACABYAGAAkAAIAKAACAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAALAACAAAAAAAAAAAAAAAAAAkAAAAAAAAACQAAAHQAcwB0AHQAawB0AHUAcwByAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAECAAAHAAAACAAAAAAAAAAHAAAATABPAEMAQQBMAEQAQwAAAAwAAAAAAAAACwAAAFMAQQBNAEIAQQBEAE8ATQBBAEkATgAAAAQAAAABBAAAAAAABRUAAAC2fvX0wDGiOufKt1QBAAAAMAACAAcAAAABAAAAAQEAAAAAABIBAAAAAAAAAIC3ISzXv9cBEgB0AHMAdAB0AGsAdAB1AHMAcgAAAAAANgAYACIAUAADAAAAEgB4ABwAigAAAAAAdABzAHQAdABrAHQAdQBzAHIAQABzAGEAbQBiAGEALgBlAHgAYQBtAHAAbABlAC4AYwBvAG0AAABTAEEATQBCAEEALgBFAFgAQQBNAFAATABFAC4AQwBPAE0AAAAAAAAAdABzAHQAdABrAHQAdQBzAHIAAQUAAAAAAAUVAAAAtn719MAxojrnyrdUjgQAAAAAdv///ys5aox2KdqNY8CVVxkQbs4AAAAAEAAAAFrUeP0b8Pbct0VlVhAAAAB4SC+IGKoLP+0030o=
diff --git a/source4/librpc/tests/krb5pac_upn_dns_info_ex.txt b/source4/librpc/tests/krb5pac_upn_dns_info_ex.txt
new file mode 100644
index 0000000..5deec54
--- /dev/null
+++ b/source4/librpc/tests/krb5pac_upn_dns_info_ex.txt
@@ -0,0 +1,281 @@
+pull returned Success
+    PAC_DATA: struct PAC_DATA
+        num_buffers              : 0x00000006 (6)
+        version                  : 0x00000000 (0)
+        buffers: ARRAY(6)
+            buffers: struct PAC_BUFFER
+                type                     : PAC_TYPE_LOGON_INFO (1)
+                _ndr_size                : 0x000001d0 (464)
+                info                     : *
+                    info                     : union PAC_INFO(case 1)
+                    logon_info: struct PAC_LOGON_INFO_CTR
+                        info                     : *
+                            info: struct PAC_LOGON_INFO
+                                info3: struct netr_SamInfo3
+                                    base: struct netr_SamBaseInfo
+                                        logon_time               : NTTIME(0)
+                                        logoff_time              : Thu Sep 14 02:48:05 AM 30828 UTC
+                                        kickoff_time             : Thu Sep 14 02:48:05 AM 30828 UTC
+                                        last_password_change     : Wed Oct 13 02:08:12 AM 2021 UTC
+                                        allow_password_change    : Thu Oct 14 02:08:12 AM 2021 UTC
+                                        force_password_change    : Wed Nov 24 02:08:12 AM 2021 UTC
+                                        account_name: struct lsa_String
+                                            length                   : 0x0012 (18)
+                                            size                     : 0x0012 (18)
+                                            string                   : *
+                                                string                   : 'tsttktusr'
+                                        full_name: struct lsa_String
+                                            length                   : 0x0000 (0)
+                                            size                     : 0x0000 (0)
+                                            string                   : *
+                                                string                   : ''
+                                        logon_script: struct lsa_String
+                                            length                   : 0x0000 (0)
+                                            size                     : 0x0000 (0)
+                                            string                   : *
+                                                string                   : ''
+                                        profile_path: struct lsa_String
+                                            length                   : 0x0000 (0)
+                                            size                     : 0x0000 (0)
+                                            string                   : *
+                                                string                   : ''
+                                        home_directory: struct lsa_String
+                                            length                   : 0x0000 (0)
+                                            size                     : 0x0000 (0)
+                                            string                   : *
+                                                string                   : ''
+                                        home_drive: struct lsa_String
+                                            length                   : 0x0000 (0)
+                                            size                     : 0x0000 (0)
+                                            string                   : *
+                                                string                   : ''
+                                        logon_count              : 0x0000 (0)
+                                        bad_password_count       : 0x0000 (0)
+                                        rid                      : 0x0000048e (1166)
+                                        primary_gid              : 0x00000201 (513)
+                                        groups: struct samr_RidWithAttributeArray
+                                            count                    : 0x00000001 (1)
+                                            rids                     : *
+                                                rids: ARRAY(1)
+                                                    rids: struct samr_RidWithAttribute
+                                                        rid                      : 0x00000201 (513)
+                                                        attributes               : 0x00000007 (7)
+                                                               1: SE_GROUP_MANDATORY       
+                                                               1: SE_GROUP_ENABLED_BY_DEFAULT
+                                                               1: SE_GROUP_ENABLED         
+                                                               0: SE_GROUP_OWNER           
+                                                               0: SE_GROUP_USE_FOR_DENY_ONLY
+                                                               0: SE_GROUP_INTEGRITY       
+                                                               0: SE_GROUP_INTEGRITY_ENABLED
+                                                               0: SE_GROUP_RESOURCE        
+                                                            0x00: SE_GROUP_LOGON_ID         (0)
+                                        user_flags               : 0x00000020 (32)
+                                               0: NETLOGON_GUEST           
+                                               0: NETLOGON_NOENCRYPTION    
+                                               0: NETLOGON_CACHED_ACCOUNT  
+                                               0: NETLOGON_USED_LM_PASSWORD
+                                               1: NETLOGON_EXTRA_SIDS      
+                                               0: NETLOGON_SUBAUTH_SESSION_KEY
+                                               0: NETLOGON_SERVER_TRUST_ACCOUNT
+                                               0: NETLOGON_NTLMV2_ENABLED  
+                                               0: NETLOGON_RESOURCE_GROUPS 
+                                               0: NETLOGON_PROFILE_PATH_RETURNED
+                                               0: NETLOGON_GRACE_LOGON     
+                                        key: struct netr_UserSessionKey
+                                            key: ARRAY(16): <REDACTED SECRET VALUES>
+                                        logon_server: struct lsa_StringLarge
+                                            length                   : 0x000e (14)
+                                            size                     : 0x0010 (16)
+                                            string                   : *
+                                                string                   : 'LOCALDC'
+                                        logon_domain: struct lsa_StringLarge
+                                            length                   : 0x0016 (22)
+                                            size                     : 0x0018 (24)
+                                            string                   : *
+                                                string                   : 'SAMBADOMAIN'
+                                        domain_sid               : *
+                                            domain_sid               : S-1-5-21-4109729462-983708096-1421331175
+                                        LMSessKey: struct netr_LMSessionKey
+                                            key: ARRAY(8): <REDACTED SECRET VALUES>
+                                        acct_flags               : 0x00000010 (16)
+                                               0: ACB_DISABLED             
+                                               0: ACB_HOMDIRREQ            
+                                               0: ACB_PWNOTREQ             
+                                               0: ACB_TEMPDUP              
+                                               1: ACB_NORMAL               
+                                               0: ACB_MNS                  
+                                               0: ACB_DOMTRUST             
+                                               0: ACB_WSTRUST              
+                                               0: ACB_SVRTRUST             
+                                               0: ACB_PWNOEXP              
+                                               0: ACB_AUTOLOCK             
+                                               0: ACB_ENC_TXT_PWD_ALLOWED  
+                                               0: ACB_SMARTCARD_REQUIRED   
+                                               0: ACB_TRUSTED_FOR_DELEGATION
+                                               0: ACB_NOT_DELEGATED        
+                                               0: ACB_USE_DES_KEY_ONLY     
+                                               0: ACB_DONT_REQUIRE_PREAUTH 
+                                               0: ACB_PW_EXPIRED           
+                                               0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
+                                               0: ACB_NO_AUTH_DATA_REQD    
+                                               0: ACB_PARTIAL_SECRETS_ACCOUNT
+                                               0: ACB_USE_AES_KEYS         
+                                        sub_auth_status          : 0x00000000 (0)
+                                        last_successful_logon    : NTTIME(0)
+                                        last_failed_logon        : NTTIME(0)
+                                        failed_logon_count       : 0x00000000 (0)
+                                        reserved                 : 0x00000000 (0)
+                                    sidcount                 : 0x00000001 (1)
+                                    sids                     : *
+                                        sids: ARRAY(1)
+                                            sids: struct netr_SidAttr
+                                                sid                      : *
+                                                    sid                      : S-1-18-1
+                                                attributes               : 0x00000007 (7)
+                                                       1: SE_GROUP_MANDATORY       
+                                                       1: SE_GROUP_ENABLED_BY_DEFAULT
+                                                       1: SE_GROUP_ENABLED         
+                                                       0: SE_GROUP_OWNER           
+                                                       0: SE_GROUP_USE_FOR_DENY_ONLY
+                                                       0: SE_GROUP_INTEGRITY       
+                                                       0: SE_GROUP_INTEGRITY_ENABLED
+                                                       0: SE_GROUP_RESOURCE        
+                                                    0x00: SE_GROUP_LOGON_ID         (0)
+                                resource_groups: struct PAC_DOMAIN_GROUP_MEMBERSHIP
+                                    domain_sid               : NULL
+                                    groups: struct samr_RidWithAttributeArray
+                                        count                    : 0x00000000 (0)
+                                        rids                     : NULL
+                _pad                     : 0x00000000 (0)
+            buffers: struct PAC_BUFFER
+                type                     : PAC_TYPE_LOGON_NAME (10)
+                _ndr_size                : 0x0000001c (28)
+                info                     : *
+                    info                     : union PAC_INFO(case 10)
+                    logon_name: struct PAC_LOGON_NAME
+                        logon_time               : Wed Oct 13 02:08:11 AM 2021 UTC
+                        size                     : 0x0012 (18)
+                        account_name             : 'tsttktusr'
+                _pad                     : 0x00000000 (0)
+            buffers: struct PAC_BUFFER
+                type                     : PAC_TYPE_UPN_DNS_INFO (12)
+                _ndr_size                : 0x000000a8 (168)
+                info                     : *
+                    info                     : union PAC_INFO(case 12)
+                    upn_dns_info: struct PAC_UPN_DNS_INFO
+                        upn_name_size            : 0x0036 (54)
+                        upn_name                 : *
+                            upn_name                 : 'tsttktusr@samba.example.com'
+                        dns_domain_name_size     : 0x0022 (34)
+                        dns_domain_name          : *
+                            dns_domain_name          : 'SAMBA.EXAMPLE.COM'
+                        flags                    : 0x00000003 (3)
+                               1: PAC_UPN_DNS_FLAG_CONSTRUCTED
+                               1: PAC_UPN_DNS_FLAG_HAS_SAM_NAME_AND_SID
+                        ex                       : union PAC_UPN_DNS_INFO_EX(case 2)
+                        sam_name_and_sid: struct PAC_UPN_DNS_INFO_SAM_NAME_AND_SID
+                            samaccountname_size      : 0x0012 (18)
+                            samaccountname           : *
+                                samaccountname           : 'tsttktusr'
+                            objectsid_size           : 0x001c (28)
+                            objectsid                : *
+                                objectsid                : S-1-5-21-4109729462-983708096-1421331175-1166
+                _pad                     : 0x00000000 (0)
+            buffers: struct PAC_BUFFER
+                type                     : PAC_TYPE_SRV_CHECKSUM (6)
+                _ndr_size                : 0x00000014 (20)
+                info                     : *
+                    info                     : union PAC_INFO(case 6)
+                    srv_cksum: struct PAC_SIGNATURE_DATA
+                        type                     : 0xffffff76 (4294967158)
+                        signature                : DATA_BLOB length=16
+[0000] 2B 39 6A 8C 76 29 DA 8D   63 C0 95 57 19 10 6E CE   +9j.v).. c..W..n.
+                _pad                     : 0x00000000 (0)
+            buffers: struct PAC_BUFFER
+                type                     : PAC_TYPE_KDC_CHECKSUM (7)
+                _ndr_size                : 0x00000010 (16)
+                info                     : *
+                    info                     : union PAC_INFO(case 7)
+                    kdc_cksum: struct PAC_SIGNATURE_DATA
+                        type                     : 0x00000010 (16)
+                        signature                : DATA_BLOB length=12
+[0000] 5A D4 78 FD 1B F0 F6 DC   B7 45 65 56               Z.x..... .EeV
+                _pad                     : 0x00000000 (0)
+            buffers: struct PAC_BUFFER
+                type                     : PAC_TYPE_TICKET_CHECKSUM (16)
+                _ndr_size                : 0x00000010 (16)
+                info                     : *
+                    info                     : union PAC_INFO(case 16)
+                    ticket_checksum: struct PAC_SIGNATURE_DATA
+                        type                     : 0x00000010 (16)
+                        signature                : DATA_BLOB length=12
+[0000] 78 48 2F 88 18 AA 0B 3F   ED 34 DF 4A               xH/....? .4.J
+                _pad                     : 0x00000000 (0)
+push returned Success
+pull returned Success
+WARNING! orig bytes:824 validated pushed bytes:832
+WARNING! orig pulled bytes:824 validated pulled bytes:832
+WARNING! orig and validated differ at byte 0x2C (44)
+WARNING! orig byte[0x2C] = 0xA8 validated byte[0x2C] = 0xB0
+ [0000] 06 00 00 00 00 00 00 00   01 00 00 00 D0 01 00 00   ........ ........
+ [0010] 68 00 00 00 00 00 00 00   0A 00 00 00 1C 00 00 00   h....... ........
+-[0020] 38 02 00 00 00 00 00 00   0C 00 00 00 A8 00 00 00   8....... ........
++[0020] 38 02 00 00 00 00 00 00   0C 00 00 00 B0 00 00 00   8....... ........
+ [0030] 58 02 00 00 00 00 00 00   06 00 00 00 14 00 00 00   X....... ........
+-[0040] 00 03 00 00 00 00 00 00   07 00 00 00 10 00 00 00   ........ ........
++[0040] 08 03 00 00 00 00 00 00   07 00 00 00 10 00 00 00   ........ ........
+-[0050] 18 03 00 00 00 00 00 00   10 00 00 00 10 00 00 00   ........ ........
++[0050] 20 03 00 00 00 00 00 00   10 00 00 00 10 00 00 00    ....... ........
+-[0060] 28 03 00 00 00 00 00 00   01 10 08 00 CC CC CC CC   (....... ........
++[0060] 30 03 00 00 00 00 00 00   01 10 08 00 CC CC CC CC   0....... ........
+ [0070] C0 01 00 00 00 00 00 00   00 00 02 00 00 00 00 00   ........ ........
+ [0080] 00 00 00 00 FF FF FF FF   FF FF FF 7F FF FF FF FF   ........ ........
+ [0090] FF FF FF 7F BA 4C 70 2C   D7 BF D7 01 BA 0C DA 56   .....Lp, .......V
+ [00A0] A0 C0 D7 01 BA CC C9 21   D8 E0 D7 01 12 00 12 00   .......! ........
+ [00B0] 04 00 02 00 00 00 00 00   08 00 02 00 00 00 00 00   ........ ........
+ [00C0] 0C 00 02 00 00 00 00 00   10 00 02 00 00 00 00 00   ........ ........
+ [00D0] 14 00 02 00 00 00 00 00   18 00 02 00 00 00 00 00   ........ ........
+ [00E0] 8E 04 00 00 01 02 00 00   01 00 00 00 1C 00 02 00   ........ ........
+ [00F0] 20 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00    ....... ........
+ [0100] 00 00 00 00 0E 00 10 00   20 00 02 00 16 00 18 00   ........  .......
+ [0110] 24 00 02 00 28 00 02 00   00 00 00 00 00 00 00 00   $...(... ........
+ [0120] 10 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
+skipping zero buffer bytes
+ [0140] 01 00 00 00 2C 00 02 00   00 00 00 00 00 00 00 00   ....,... ........
+ [0150] 00 00 00 00 09 00 00 00   00 00 00 00 09 00 00 00   ........ ........
+ [0160] 74 00 73 00 74 00 74 00   6B 00 74 00 75 00 73 00   t.s.t.t. k.t.u.s.
+ [0170] 72 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   r....... ........
+skipping zero buffer bytes
+ [01B0] 01 00 00 00 01 02 00 00   07 00 00 00 08 00 00 00   ........ ........
+ [01C0] 00 00 00 00 07 00 00 00   4C 00 4F 00 43 00 41 00   ........ L.O.C.A.
+ [01D0] 4C 00 44 00 43 00 00 00   0C 00 00 00 00 00 00 00   L.D.C... ........
+ [01E0] 0B 00 00 00 53 00 41 00   4D 00 42 00 41 00 44 00   ....S.A. M.B.A.D.
+ [01F0] 4F 00 4D 00 41 00 49 00   4E 00 00 00 04 00 00 00   O.M.A.I. N.......
+ [0200] 01 04 00 00 00 00 00 05   15 00 00 00 B6 7E F5 F4   ........ .....~..
+ [0210] C0 31 A2 3A E7 CA B7 54   01 00 00 00 30 00 02 00   .1.:...T ....0...
+ [0220] 07 00 00 00 01 00 00 00   01 01 00 00 00 00 00 12   ........ ........
+ [0230] 01 00 00 00 00 00 00 00   80 B7 21 2C D7 BF D7 01   ........ ..!,....
+ [0240] 12 00 74 00 73 00 74 00   74 00 6B 00 74 00 75 00   ..t.s.t. t.k.t.u.
+ [0250] 73 00 72 00 00 00 00 00   36 00 18 00 22 00 50 00   s.r..... 6...".P.
+-[0260] 03 00 00 00 12 00 78 00   1C 00 8A 00 00 00 00 00   ......x. ........
++[0260] 03 00 00 00 12 00 78 00   1C 00 90 00 00 00 00 00   ......x. ........
+ [0270] 74 00 73 00 74 00 74 00   6B 00 74 00 75 00 73 00   t.s.t.t. k.t.u.s.
+ [0280] 72 00 40 00 73 00 61 00   6D 00 62 00 61 00 2E 00   r.@.s.a. m.b.a...
+ [0290] 65 00 78 00 61 00 6D 00   70 00 6C 00 65 00 2E 00   e.x.a.m. p.l.e...
+ [02A0] 63 00 6F 00 6D 00 00 00   53 00 41 00 4D 00 42 00   c.o.m... S.A.M.B.
+ [02B0] 41 00 2E 00 45 00 58 00   41 00 4D 00 50 00 4C 00   A...E.X. A.M.P.L.
+ [02C0] 45 00 2E 00 43 00 4F 00   4D 00 00 00 00 00 00 00   E...C.O. M.......
+ [02D0] 74 00 73 00 74 00 74 00   6B 00 74 00 75 00 73 00   t.s.t.t. k.t.u.s.
+-[02E0] 72 00 01 05 00 00 00 00   00 05 15 00 00 00 B6 7E   r....... .......~
++[02E0] 72 00 00 00 00 00 00 00   01 05 00 00 00 00 00 05   r....... ........
+-[02F0] F5 F4 C0 31 A2 3A E7 CA   B7 54 8E 04 00 00 00 00   ...1.:.. .T......
++[02F0] 15 00 00 00 B6 7E F5 F4   C0 31 A2 3A E7 CA B7 54   .....~.. .1.:...T
+-[0300] 76 FF FF FF 2B 39 6A 8C   76 29 DA 8D 63 C0 95 57   v...+9j. v)..c..W
++[0300] 8E 04 00 00 00 00 00 00   76 FF FF FF 2B 39 6A 8C   ........ v...+9j.
+-[0310] 19 10 6E CE 00 00 00 00   10 00 00 00 5A D4 78 FD   ..n..... ....Z.x.
++[0310] 76 29 DA 8D 63 C0 95 57   19 10 6E CE 00 00 00 00   v)..c..W ..n.....
+-[0320] 1B F0 F6 DC B7 45 65 56   10 00 00 00 78 48 2F 88   .....EeV ....xH/.
++[0320] 10 00 00 00 5A D4 78 FD   1B F0 F6 DC B7 45 65 56   ....Z.x. .....EeV
+-[0330] 18 AA 0B 3F ED 34 DF 4A                             ...?.4.J
++[0330] 10 00 00 00 78 48 2F 88   18 AA 0B 3F ED 34 DF 4A   ....xH/. ...?.4.J
+dump OK
diff --git a/source4/librpc/tests/krb5pac_upn_dns_info_ex_not_supported.b64.txt b/source4/librpc/tests/krb5pac_upn_dns_info_ex_not_supported.b64.txt
new file mode 100644
index 0000000..cd99b9d
--- /dev/null
+++ b/source4/librpc/tests/krb5pac_upn_dns_info_ex_not_supported.b64.txt
@@ -0,0 +1 @@
+BgAAAAAAAAABAAAA0AEAAGgAAAAAAAAACgAAABwAAAA4AgAAAAAAAAwAAACoAAAAWAIAAAAAAAAGAAAAFAAAAAADAAAAAAAABwAAABAAAAAYAwAAAAAAABAAAAAQAAAAKAMAAAAAAAABEAgAzMzMzMABAAAAAAAAAAACAAAAAAAAAAAA/////////3//////////f7pMcCzXv9cBugzaVqDA1wG6zMkh2ODXARIAEgAEAAIAAAAAAAgAAgAAAAAADAACAAAAAAAQAAIAAAAAABQAAgAAAAAAGAACAAAAAACOBAAAAQIAAAEAAAAcAAIAIAAAAAAAAAAAAAAAAAAAAAAAAAAOABAAIAACABYAGAAkAAIAKAACAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAALAACAAAAAAAAAAAAAAAAAAkAAAAAAAAACQAAAHQAcwB0AHQAawB0AHUAcwByAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAECAAAHAAAACAAAAAAAAAAHAAAATABPAEMAQQBMAEQAQwAAAAwAAAAAAAAACwAAAFMAQQBNAEIAQQBEAE8ATQBBAEkATgAAAAQAAAABBAAAAAAABRUAAAC2fvX0wDGiOufKt1QBAAAAMAACAAcAAAABAAAAAQEAAAAAABIBAAAAAAAAAIC3ISzXv9cBEgB0AHMAdAB0AGsAdAB1AHMAcgAAAAAANgAYACIAUAABAAAAEgB4ABwAigAAAAAAdABzAHQAdABrAHQAdQBzAHIAQABzAGEAbQBiAGEALgBlAHgAYQBtAHAAbABlAC4AYwBvAG0AAABTAEEATQBCAEEALgBFAFgAQQBNAFAATABFAC4AQwBPAE0AAAAAAAAAdABzAHQAdABrAHQAdQBzAHIAAQUAAAAAAAUVAAAAtn719MAxojrnyrdUjgQAAAAAdv///ys5aox2KdqNY8CVVxkQbs4AAAAAEAAAAFrUeP0b8Pbct0VlVhAAAAB4SC+IGKoLP+0030o=
diff --git a/source4/librpc/tests/krb5pac_upn_dns_info_ex_not_supported.txt b/source4/librpc/tests/krb5pac_upn_dns_info_ex_not_supported.txt
new file mode 100644
index 0000000..088f48b
--- /dev/null
+++ b/source4/librpc/tests/krb5pac_upn_dns_info_ex_not_supported.txt
@@ -0,0 +1,282 @@
+pull returned Success
+    PAC_DATA: struct PAC_DATA
+        num_buffers              : 0x00000006 (6)
+        version                  : 0x00000000 (0)
+        buffers: ARRAY(6)
+            buffers: struct PAC_BUFFER
+                type                     : PAC_TYPE_LOGON_INFO (1)
+                _ndr_size                : 0x000001d0 (464)
+                info                     : *
+                    info                     : union PAC_INFO(case 1)
+                    logon_info: struct PAC_LOGON_INFO_CTR
+                        info                     : *
+                            info: struct PAC_LOGON_INFO
+                                info3: struct netr_SamInfo3
+                                    base: struct netr_SamBaseInfo
+                                        logon_time               : NTTIME(0)
+                                        logoff_time              : Thu Sep 14 02:48:05 AM 30828 UTC
+                                        kickoff_time             : Thu Sep 14 02:48:05 AM 30828 UTC
+                                        last_password_change     : Wed Oct 13 02:08:12 AM 2021 UTC
+                                        allow_password_change    : Thu Oct 14 02:08:12 AM 2021 UTC
+                                        force_password_change    : Wed Nov 24 02:08:12 AM 2021 UTC
+                                        account_name: struct lsa_String
+                                            length                   : 0x0012 (18)
+                                            size                     : 0x0012 (18)
+                                            string                   : *
+                                                string                   : 'tsttktusr'
+                                        full_name: struct lsa_String
+                                            length                   : 0x0000 (0)
+                                            size                     : 0x0000 (0)
+                                            string                   : *
+                                                string                   : ''
+                                        logon_script: struct lsa_String
+                                            length                   : 0x0000 (0)
+                                            size                     : 0x0000 (0)
+                                            string                   : *
+                                                string                   : ''
+                                        profile_path: struct lsa_String
+                                            length                   : 0x0000 (0)
+                                            size                     : 0x0000 (0)
+                                            string                   : *
+                                                string                   : ''
+                                        home_directory: struct lsa_String
+                                            length                   : 0x0000 (0)
+                                            size                     : 0x0000 (0)
+                                            string                   : *
+                                                string                   : ''
+                                        home_drive: struct lsa_String
+                                            length                   : 0x0000 (0)
+                                            size                     : 0x0000 (0)
+                                            string                   : *
+                                                string                   : ''
+                                        logon_count              : 0x0000 (0)
+                                        bad_password_count       : 0x0000 (0)
+                                        rid                      : 0x0000048e (1166)
+                                        primary_gid              : 0x00000201 (513)
+                                        groups: struct samr_RidWithAttributeArray
+                                            count                    : 0x00000001 (1)
+                                            rids                     : *
+                                                rids: ARRAY(1)
+                                                    rids: struct samr_RidWithAttribute
+                                                        rid                      : 0x00000201 (513)
+                                                        attributes               : 0x00000007 (7)
+                                                               1: SE_GROUP_MANDATORY       
+                                                               1: SE_GROUP_ENABLED_BY_DEFAULT
+                                                               1: SE_GROUP_ENABLED         
+                                                               0: SE_GROUP_OWNER           
+                                                               0: SE_GROUP_USE_FOR_DENY_ONLY
+                                                               0: SE_GROUP_INTEGRITY       
+                                                               0: SE_GROUP_INTEGRITY_ENABLED
+                                                               0: SE_GROUP_RESOURCE        
+                                                            0x00: SE_GROUP_LOGON_ID         (0)
+                                        user_flags               : 0x00000020 (32)
+                                               0: NETLOGON_GUEST           
+                                               0: NETLOGON_NOENCRYPTION    
+                                               0: NETLOGON_CACHED_ACCOUNT  
+                                               0: NETLOGON_USED_LM_PASSWORD
+                                               1: NETLOGON_EXTRA_SIDS      
+                                               0: NETLOGON_SUBAUTH_SESSION_KEY
+                                               0: NETLOGON_SERVER_TRUST_ACCOUNT
+                                               0: NETLOGON_NTLMV2_ENABLED  
+                                               0: NETLOGON_RESOURCE_GROUPS 
+                                               0: NETLOGON_PROFILE_PATH_RETURNED
+                                               0: NETLOGON_GRACE_LOGON     
+                                        key: struct netr_UserSessionKey
+                                            key: ARRAY(16): <REDACTED SECRET VALUES>
+                                        logon_server: struct lsa_StringLarge
+                                            length                   : 0x000e (14)
+                                            size                     : 0x0010 (16)
+                                            string                   : *
+                                                string                   : 'LOCALDC'
+                                        logon_domain: struct lsa_StringLarge
+                                            length                   : 0x0016 (22)
+                                            size                     : 0x0018 (24)
+                                            string                   : *
+                                                string                   : 'SAMBADOMAIN'
+                                        domain_sid               : *
+                                            domain_sid               : S-1-5-21-4109729462-983708096-1421331175
+                                        LMSessKey: struct netr_LMSessionKey
+                                            key: ARRAY(8): <REDACTED SECRET VALUES>
+                                        acct_flags               : 0x00000010 (16)
+                                               0: ACB_DISABLED             
+                                               0: ACB_HOMDIRREQ            
+                                               0: ACB_PWNOTREQ             
+                                               0: ACB_TEMPDUP              
+                                               1: ACB_NORMAL               
+                                               0: ACB_MNS                  
+                                               0: ACB_DOMTRUST             
+                                               0: ACB_WSTRUST              
+                                               0: ACB_SVRTRUST             
+                                               0: ACB_PWNOEXP              
+                                               0: ACB_AUTOLOCK             
+                                               0: ACB_ENC_TXT_PWD_ALLOWED  
+                                               0: ACB_SMARTCARD_REQUIRED   
+                                               0: ACB_TRUSTED_FOR_DELEGATION
+                                               0: ACB_NOT_DELEGATED        
+                                               0: ACB_USE_DES_KEY_ONLY     
+                                               0: ACB_DONT_REQUIRE_PREAUTH 
+                                               0: ACB_PW_EXPIRED           
+                                               0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
+                                               0: ACB_NO_AUTH_DATA_REQD    
+                                               0: ACB_PARTIAL_SECRETS_ACCOUNT
+                                               0: ACB_USE_AES_KEYS         
+                                        sub_auth_status          : 0x00000000 (0)
+                                        last_successful_logon    : NTTIME(0)
+                                        last_failed_logon        : NTTIME(0)
+                                        failed_logon_count       : 0x00000000 (0)
+                                        reserved                 : 0x00000000 (0)
+                                    sidcount                 : 0x00000001 (1)
+                                    sids                     : *
+                                        sids: ARRAY(1)
+                                            sids: struct netr_SidAttr
+                                                sid                      : *
+                                                    sid                      : S-1-18-1
+                                                attributes               : 0x00000007 (7)
+                                                       1: SE_GROUP_MANDATORY       
+                                                       1: SE_GROUP_ENABLED_BY_DEFAULT
+                                                       1: SE_GROUP_ENABLED         
+                                                       0: SE_GROUP_OWNER           
+                                                       0: SE_GROUP_USE_FOR_DENY_ONLY
+                                                       0: SE_GROUP_INTEGRITY       
+                                                       0: SE_GROUP_INTEGRITY_ENABLED
+                                                       0: SE_GROUP_RESOURCE        
+                                                    0x00: SE_GROUP_LOGON_ID         (0)
+                                resource_groups: struct PAC_DOMAIN_GROUP_MEMBERSHIP
+                                    domain_sid               : NULL
+                                    groups: struct samr_RidWithAttributeArray
+                                        count                    : 0x00000000 (0)
+                                        rids                     : NULL
+                _pad                     : 0x00000000 (0)
+            buffers: struct PAC_BUFFER
+                type                     : PAC_TYPE_LOGON_NAME (10)
+                _ndr_size                : 0x0000001c (28)
+                info                     : *
+                    info                     : union PAC_INFO(case 10)
+                    logon_name: struct PAC_LOGON_NAME
+                        logon_time               : Wed Oct 13 02:08:11 AM 2021 UTC
+                        size                     : 0x0012 (18)
+                        account_name             : 'tsttktusr'
+                _pad                     : 0x00000000 (0)
+            buffers: struct PAC_BUFFER
+                type                     : PAC_TYPE_UPN_DNS_INFO (12)
+                _ndr_size                : 0x000000a8 (168)
+                info                     : *
+                    info                     : union PAC_INFO(case 12)
+                    upn_dns_info: struct PAC_UPN_DNS_INFO
+                        upn_name_size            : 0x0036 (54)
+                        upn_name                 : *
+                            upn_name                 : 'tsttktusr@samba.example.com'
+                        dns_domain_name_size     : 0x0022 (34)
+                        dns_domain_name          : *
+                            dns_domain_name          : 'SAMBA.EXAMPLE.COM'
+                        flags                    : 0x00000001 (1)
+                               1: PAC_UPN_DNS_FLAG_CONSTRUCTED
+                               0: PAC_UPN_DNS_FLAG_HAS_SAM_NAME_AND_SID
+                        ex                       : union PAC_UPN_DNS_INFO_EX(case 0)
+                _pad                     : 0x00000000 (0)
+            buffers: struct PAC_BUFFER
+                type                     : PAC_TYPE_SRV_CHECKSUM (6)
+                _ndr_size                : 0x00000014 (20)
+                info                     : *
+                    info                     : union PAC_INFO(case 6)
+                    srv_cksum: struct PAC_SIGNATURE_DATA
+                        type                     : 0xffffff76 (4294967158)
+                        signature                : DATA_BLOB length=16
+[0000] 2B 39 6A 8C 76 29 DA 8D   63 C0 95 57 19 10 6E CE   +9j.v).. c..W..n.
+                _pad                     : 0x00000000 (0)
+            buffers: struct PAC_BUFFER
+                type                     : PAC_TYPE_KDC_CHECKSUM (7)
+                _ndr_size                : 0x00000010 (16)
+                info                     : *
+                    info                     : union PAC_INFO(case 7)
+                    kdc_cksum: struct PAC_SIGNATURE_DATA
+                        type                     : 0x00000010 (16)
+                        signature                : DATA_BLOB length=12
+[0000] 5A D4 78 FD 1B F0 F6 DC   B7 45 65 56               Z.x..... .EeV
+                _pad                     : 0x00000000 (0)
+            buffers: struct PAC_BUFFER
+                type                     : PAC_TYPE_TICKET_CHECKSUM (16)
+                _ndr_size                : 0x00000010 (16)
+                info                     : *
+                    info                     : union PAC_INFO(case 16)
+                    ticket_checksum: struct PAC_SIGNATURE_DATA
+                        type                     : 0x00000010 (16)
+                        signature                : DATA_BLOB length=12
+[0000] 78 48 2F 88 18 AA 0B 3F   ED 34 DF 4A               xH/....? .4.J
+                _pad                     : 0x00000000 (0)
+push returned Success
+pull returned Success
+WARNING! orig bytes:824 validated pushed bytes:768
+WARNING! orig pulled bytes:824 validated pulled bytes:768
+WARNING! orig and validated differ at byte 0x2C (44)
+WARNING! orig byte[0x2C] = 0xA8 validated byte[0x2C] = 0x70
+ [0000] 06 00 00 00 00 00 00 00   01 00 00 00 D0 01 00 00   ........ ........
+ [0010] 68 00 00 00 00 00 00 00   0A 00 00 00 1C 00 00 00   h....... ........
+-[0020] 38 02 00 00 00 00 00 00   0C 00 00 00 A8 00 00 00   8....... ........
++[0020] 38 02 00 00 00 00 00 00   0C 00 00 00 70 00 00 00   8....... ....p...
+ [0030] 58 02 00 00 00 00 00 00   06 00 00 00 14 00 00 00   X....... ........
+-[0040] 00 03 00 00 00 00 00 00   07 00 00 00 10 00 00 00   ........ ........
++[0040] C8 02 00 00 00 00 00 00   07 00 00 00 10 00 00 00   ........ ........
+-[0050] 18 03 00 00 00 00 00 00   10 00 00 00 10 00 00 00   ........ ........
++[0050] E0 02 00 00 00 00 00 00   10 00 00 00 10 00 00 00   ........ ........
+-[0060] 28 03 00 00 00 00 00 00   01 10 08 00 CC CC CC CC   (....... ........
++[0060] F0 02 00 00 00 00 00 00   01 10 08 00 CC CC CC CC   ........ ........
+ [0070] C0 01 00 00 00 00 00 00   00 00 02 00 00 00 00 00   ........ ........
+ [0080] 00 00 00 00 FF FF FF FF   FF FF FF 7F FF FF FF FF   ........ ........
+ [0090] FF FF FF 7F BA 4C 70 2C   D7 BF D7 01 BA 0C DA 56   .....Lp, .......V
+ [00A0] A0 C0 D7 01 BA CC C9 21   D8 E0 D7 01 12 00 12 00   .......! ........
+ [00B0] 04 00 02 00 00 00 00 00   08 00 02 00 00 00 00 00   ........ ........
+ [00C0] 0C 00 02 00 00 00 00 00   10 00 02 00 00 00 00 00   ........ ........
+ [00D0] 14 00 02 00 00 00 00 00   18 00 02 00 00 00 00 00   ........ ........
+ [00E0] 8E 04 00 00 01 02 00 00   01 00 00 00 1C 00 02 00   ........ ........
+ [00F0] 20 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00    ....... ........
+ [0100] 00 00 00 00 0E 00 10 00   20 00 02 00 16 00 18 00   ........  .......
+ [0110] 24 00 02 00 28 00 02 00   00 00 00 00 00 00 00 00   $...(... ........
+ [0120] 10 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
+skipping zero buffer bytes
+ [0140] 01 00 00 00 2C 00 02 00   00 00 00 00 00 00 00 00   ....,... ........
+ [0150] 00 00 00 00 09 00 00 00   00 00 00 00 09 00 00 00   ........ ........
+ [0160] 74 00 73 00 74 00 74 00   6B 00 74 00 75 00 73 00   t.s.t.t. k.t.u.s.
+ [0170] 72 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   r....... ........
+skipping zero buffer bytes
+ [01B0] 01 00 00 00 01 02 00 00   07 00 00 00 08 00 00 00   ........ ........
+ [01C0] 00 00 00 00 07 00 00 00   4C 00 4F 00 43 00 41 00   ........ L.O.C.A.
+ [01D0] 4C 00 44 00 43 00 00 00   0C 00 00 00 00 00 00 00   L.D.C... ........
+ [01E0] 0B 00 00 00 53 00 41 00   4D 00 42 00 41 00 44 00   ....S.A. M.B.A.D.
+ [01F0] 4F 00 4D 00 41 00 49 00   4E 00 00 00 04 00 00 00   O.M.A.I. N.......
+ [0200] 01 04 00 00 00 00 00 05   15 00 00 00 B6 7E F5 F4   ........ .....~..
+ [0210] C0 31 A2 3A E7 CA B7 54   01 00 00 00 30 00 02 00   .1.:...T ....0...
+ [0220] 07 00 00 00 01 00 00 00   01 01 00 00 00 00 00 12   ........ ........
+ [0230] 01 00 00 00 00 00 00 00   80 B7 21 2C D7 BF D7 01   ........ ..!,....
+ [0240] 12 00 74 00 73 00 74 00   74 00 6B 00 74 00 75 00   ..t.s.t. t.k.t.u.
+-[0250] 73 00 72 00 00 00 00 00   36 00 18 00 22 00 50 00   s.r..... 6...".P.
++[0250] 73 00 72 00 00 00 00 00   36 00 10 00 22 00 48 00   s.r..... 6...".H.
+-[0260] 01 00 00 00 12 00 78 00   1C 00 8A 00 00 00 00 00   ......x. ........
++[0260] 01 00 00 00 00 00 00 00   74 00 73 00 74 00 74 00   ........ t.s.t.t.
+-[0270] 74 00 73 00 74 00 74 00   6B 00 74 00 75 00 73 00   t.s.t.t. k.t.u.s.
++[0270] 6B 00 74 00 75 00 73 00   72 00 40 00 73 00 61 00   k.t.u.s. r.@.s.a.
+-[0280] 72 00 40 00 73 00 61 00   6D 00 62 00 61 00 2E 00   r.@.s.a. m.b.a...
++[0280] 6D 00 62 00 61 00 2E 00   65 00 78 00 61 00 6D 00   m.b.a... e.x.a.m.
+-[0290] 65 00 78 00 61 00 6D 00   70 00 6C 00 65 00 2E 00   e.x.a.m. p.l.e...
++[0290] 70 00 6C 00 65 00 2E 00   63 00 6F 00 6D 00 00 00   p.l.e... c.o.m...
+-[02A0] 63 00 6F 00 6D 00 00 00   53 00 41 00 4D 00 42 00   c.o.m... S.A.M.B.
++[02A0] 53 00 41 00 4D 00 42 00   41 00 2E 00 45 00 58 00   S.A.M.B. A...E.X.
+-[02B0] 41 00 2E 00 45 00 58 00   41 00 4D 00 50 00 4C 00   A...E.X. A.M.P.L.
++[02B0] 41 00 4D 00 50 00 4C 00   45 00 2E 00 43 00 4F 00   A.M.P.L. E...C.O.
+-[02C0] 45 00 2E 00 43 00 4F 00   4D 00 00 00 00 00 00 00   E...C.O. M.......
++[02C0] 4D 00 00 00 00 00 00 00   76 FF FF FF 2B 39 6A 8C   M....... v...+9j.
+-[02D0] 74 00 73 00 74 00 74 00   6B 00 74 00 75 00 73 00   t.s.t.t. k.t.u.s.
++[02D0] 76 29 DA 8D 63 C0 95 57   19 10 6E CE 00 00 00 00   v)..c..W ..n.....
+-[02E0] 72 00 01 05 00 00 00 00   00 05 15 00 00 00 B6 7E   r....... .......~
++[02E0] 10 00 00 00 5A D4 78 FD   1B F0 F6 DC B7 45 65 56   ....Z.x. .....EeV
+-[02F0] F5 F4 C0 31 A2 3A E7 CA   B7 54 8E 04 00 00 00 00   ...1.:.. .T......
++[02F0] 10 00 00 00 78 48 2F 88   18 AA 0B 3F ED 34 DF 4A   ....xH/. ...?.4.J
+-[0300] 76 FF FF FF 2B 39 6A 8C   76 29 DA 8D 63 C0 95 57   v...+9j. v)..c..W
++[0300]                                                     EMPTY   BLOCK
+-[0310] 19 10 6E CE 00 00 00 00   10 00 00 00 5A D4 78 FD   ..n..... ....Z.x.
++[0310]                                                     EMPTY   BLOCK
+-[0320] 1B F0 F6 DC B7 45 65 56   10 00 00 00 78 48 2F 88   .....EeV ....xH/.
++[0320]                                                     EMPTY   BLOCK
+-[0330] 18 AA 0B 3F ED 34 DF 4A                             ...?.4.J
++[0330]                                                     EMPTY   BLOCK
+dump OK
diff --git a/source4/librpc/tests/misc-GUID.dat b/source4/librpc/tests/misc-GUID.dat
new file mode 100644
index 0000000..454f6b3
--- /dev/null
+++ b/source4/librpc/tests/misc-GUID.dat
@@ -0,0 +1 @@
+0123456789abcdef
\ No newline at end of file
diff --git a/source4/librpc/tests/samr-CreateUser-in.dat b/source4/librpc/tests/samr-CreateUser-in.dat
new file mode 100644
index 0000000..a5840e1
Binary files /dev/null and b/source4/librpc/tests/samr-CreateUser-in.dat differ
diff --git a/source4/librpc/tests/samr-CreateUser-out.dat b/source4/librpc/tests/samr-CreateUser-out.dat
new file mode 100644
index 0000000..cf9131d
Binary files /dev/null and b/source4/librpc/tests/samr-CreateUser-out.dat differ
diff --git a/source4/librpc/tests/uncompressed_claims.txt b/source4/librpc/tests/uncompressed_claims.txt
new file mode 100644
index 0000000..1cca8ae
--- /dev/null
+++ b/source4/librpc/tests/uncompressed_claims.txt
@@ -0,0 +1,66 @@
+pull returned Success
+    CLAIMS_SET_METADATA_NDR: struct CLAIMS_SET_METADATA_NDR
+        claims: struct CLAIMS_SET_METADATA_CTR
+            metadata                 : *
+                metadata: struct CLAIMS_SET_METADATA
+                    claims_set_size          : 0x00000158 (344)
+                    claims_set               : *
+                        claims_set: struct CLAIMS_SET_NDR
+                            claims: struct CLAIMS_SET_CTR
+                                claims                   : *
+                                    claims: struct CLAIMS_SET
+                                        claims_array_count       : 0x00000001 (1)
+                                        claims_arrays            : *
+                                            claims_arrays: ARRAY(1)
+                                                claims_arrays: struct CLAIMS_ARRAY
+                                                    claims_source_type       : CLAIMS_SOURCE_TYPE_AD (1)
+                                                    claims_count             : 0x00000003 (3)
+                                                    claim_entries            : *
+                                                        claim_entries: ARRAY(3)
+                                                            claim_entries: struct CLAIM_ENTRY
+                                                                id                       : *
+                                                                    id                       : '720fd3c3_9'
+                                                                type                     : CLAIM_TYPE_BOOLEAN (6)
+                                                                values                   : union CLAIM_ENTRY_VALUES(case 6)
+                                                                claim_boolean: struct CLAIM_UINT64
+                                                                    value_count              : 0x00000001 (1)
+                                                                    values                   : *
+                                                                        values: ARRAY(1)
+                                                                            values                   : 0x0000000000000001 (1)
+                                                            claim_entries: struct CLAIM_ENTRY
+                                                                id                       : *
+                                                                    id                       : '720fd3c3_7'
+                                                                type                     : CLAIM_TYPE_STRING (3)
+                                                                values                   : union CLAIM_ENTRY_VALUES(case 3)
+                                                                claim_string: struct CLAIM_STRING
+                                                                    value_count              : 0x00000003 (3)
+                                                                    values                   : *
+                                                                        values: ARRAY(3)
+                                                                            values                   : *
+                                                                                values                   : 'foo'
+                                                                            values                   : *
+                                                                                values                   : 'bar'
+                                                                            values                   : *
+                                                                                values                   : 'baz'
+                                                            claim_entries: struct CLAIM_ENTRY
+                                                                id                       : *
+                                                                    id                       : '720fd3c3_8'
+                                                                type                     : CLAIM_TYPE_UINT64 (2)
+                                                                values                   : union CLAIM_ENTRY_VALUES(case 2)
+                                                                claim_uint64: struct CLAIM_UINT64
+                                                                    value_count              : 0x00000004 (4)
+                                                                    values                   : *
+                                                                        values: ARRAY(4)
+                                                                            values                   : 0x00000000000a0009 (655369)
+                                                                            values                   : 0x0000000000010007 (65543)
+                                                                            values                   : 0x0000000000010006 (65542)
+                                                                            values                   : 0x0000000000010000 (65536)
+                                        reserved_type            : 0x0000 (0)
+                                        reserved_field_size      : 0x00000000 (0)
+                                        reserved_field           : NULL
+                    compression_format       : CLAIMS_COMPRESSION_FORMAT_NONE (0)
+                    uncompressed_claims_set_size: 0x00000158 (344)
+                    reserved_type            : 0x0000 (0)
+                    reserved_field_size      : 0x00000000 (0)
+                    reserved_field           : NULL
+dump OK
diff --git a/source4/librpc/tests/xattr_NTACL.dat b/source4/librpc/tests/xattr_NTACL.dat
new file mode 100644
index 0000000..8ec2eda
--- /dev/null
+++ b/source4/librpc/tests/xattr_NTACL.dat
@@ -0,0 +1,20 @@
+[0000] 04 00 04 00 00 00 02 00   04 00 02 00 01 00 04 07   ........ ........
+[0010] 8B 57 A0 0C F3 F7 9D 64   DF 3E 91 46 09 B8 07 A5   .W.....d .>.F....
+[0020] F1 6C BE 38 DC 55 5B 1F   38 0C 23 A8 4A 85 00 00   .l.8.U[. 8.#.J...
+[0030] 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
+[0040] 00 00 00 00 00 00 00 00   00 00 00 00 00 00 70 6F   ........ ......po
+[0050] 73 69 78 5F 61 63 6C 00   62 A2 D8 8C 4B AA D5 01   six_acl. b...K...
+[0060] 5D 60 E7 56 A5 D4 54 92   1A 77 A5 E1 DC E2 A9 28   ]`.V..T. .w.....(
+[0070] A9 5D 3B 97 71 6C F7 59   F4 92 FF E3 42 A5 E9 B5   .];.ql.Y ....B...
+[0080] 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
+[0090] 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
+[00A0] 01 00 14 90 B4 00 00 00   D0 00 00 00 00 00 00 00   ........ ........
+[00B0] E0 00 00 00 01 05 00 00   00 00 00 05 15 00 00 00   ........ ........
+[00C0] 70 CB 8E 6B F1 F8 4E 7C   31 87 57 84 F4 01 00 00   p..k..N| 1.W.....
+[00D0] 01 02 00 00 00 00 00 05   20 00 00 00 20 02 00 00   ........  ... ...
+[00E0] 04 00 60 00 04 00 00 00   00 03 18 00 FF 01 1F 00   ..`..... ........
+[00F0] 01 02 00 00 00 00 00 05   20 00 00 00 20 02 00 00   ........  ... ...
+[0100] 00 03 18 00 A9 00 12 00   01 02 00 00 00 00 00 05   ........ ........
+[0110] 20 00 00 00 25 02 00 00   00 03 14 00 FF 01 1F 00    ...%... ........
+[0120] 01 01 00 00 00 00 00 05   12 00 00 00 00 03 14 00   ........ ........
+[0130] A9 00 12 00 01 01 00 00   00 00 00 05 0B 00 00 00   ........ ........
diff --git a/source4/librpc/tests/xattr_NTACL.txt b/source4/librpc/tests/xattr_NTACL.txt
new file mode 100644
index 0000000..86f2f66
--- /dev/null
+++ b/source4/librpc/tests/xattr_NTACL.txt
@@ -0,0 +1,107 @@
+pull returned Success
+    xattr_NTACL: struct xattr_NTACL
+        version                  : 0x0004 (4)
+        info                     : union xattr_NTACL_Info(case 4)
+        sd_hs4                   : *
+            sd_hs4: struct security_descriptor_hash_v4
+                sd                       : *
+                    sd: struct security_descriptor
+                        revision                 : SECURITY_DESCRIPTOR_REVISION_1 (1)
+                        type                     : 0x9014 (36884)
+                               0: SEC_DESC_OWNER_DEFAULTED 
+                               0: SEC_DESC_GROUP_DEFAULTED 
+                               1: SEC_DESC_DACL_PRESENT    
+                               0: SEC_DESC_DACL_DEFAULTED  
+                               1: SEC_DESC_SACL_PRESENT    
+                               0: SEC_DESC_SACL_DEFAULTED  
+                               0: SEC_DESC_DACL_TRUSTED    
+                               0: SEC_DESC_SERVER_SECURITY 
+                               0: SEC_DESC_DACL_AUTO_INHERIT_REQ
+                               0: SEC_DESC_SACL_AUTO_INHERIT_REQ
+                               0: SEC_DESC_DACL_AUTO_INHERITED
+                               0: SEC_DESC_SACL_AUTO_INHERITED
+                               1: SEC_DESC_DACL_PROTECTED  
+                               0: SEC_DESC_SACL_PROTECTED  
+                               0: SEC_DESC_RM_CONTROL_VALID
+                               1: SEC_DESC_SELF_RELATIVE   
+                        owner_sid                : *
+                            owner_sid                : S-1-5-21-1804520304-2085550321-2220328753-500
+                        group_sid                : *
+                            group_sid                : S-1-5-32-544
+                        sacl                     : NULL
+                        dacl                     : *
+                            dacl: struct security_acl
+                                revision                 : SECURITY_ACL_REVISION_ADS (4)
+                                size                     : 0x0060 (96)
+                                num_aces                 : 0x00000004 (4)
+                                aces: ARRAY(4)
+                                    aces: struct security_ace
+                                        type                     : SEC_ACE_TYPE_ACCESS_ALLOWED (0)
+                                        flags                    : 0x03 (3)
+                                               1: SEC_ACE_FLAG_OBJECT_INHERIT
+                                               1: SEC_ACE_FLAG_CONTAINER_INHERIT
+                                               0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
+                                               0: SEC_ACE_FLAG_INHERIT_ONLY
+                                               0: SEC_ACE_FLAG_INHERITED_ACE
+                                            0x03: SEC_ACE_FLAG_VALID_INHERIT (3)
+                                               0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
+                                               0: SEC_ACE_FLAG_FAILED_ACCESS
+                                        size                     : 0x0018 (24)
+                                        access_mask              : 0x001f01ff (2032127)
+                                        object                   : union security_ace_object_ctr(case 0)
+                                        trustee                  : S-1-5-32-544
+                                        coda                     : union security_ace_coda(case 0)
+                                        ignored                  : DATA_BLOB length=0
+                                    aces: struct security_ace
+                                        type                     : SEC_ACE_TYPE_ACCESS_ALLOWED (0)
+                                        flags                    : 0x03 (3)
+                                               1: SEC_ACE_FLAG_OBJECT_INHERIT
+                                               1: SEC_ACE_FLAG_CONTAINER_INHERIT
+                                               0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
+                                               0: SEC_ACE_FLAG_INHERIT_ONLY
+                                               0: SEC_ACE_FLAG_INHERITED_ACE
+                                            0x03: SEC_ACE_FLAG_VALID_INHERIT (3)
+                                               0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
+                                               0: SEC_ACE_FLAG_FAILED_ACCESS
+                                        size                     : 0x0018 (24)
+                                        access_mask              : 0x001200a9 (1179817)
+                                        object                   : union security_ace_object_ctr(case 0)
+                                        trustee                  : S-1-5-32-549
+                                        coda                     : union security_ace_coda(case 0)
+                                        ignored                  : DATA_BLOB length=0
+                                    aces: struct security_ace
+                                        type                     : SEC_ACE_TYPE_ACCESS_ALLOWED (0)
+                                        flags                    : 0x03 (3)
+                                               1: SEC_ACE_FLAG_OBJECT_INHERIT
+                                               1: SEC_ACE_FLAG_CONTAINER_INHERIT
+                                               0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
+                                               0: SEC_ACE_FLAG_INHERIT_ONLY
+                                               0: SEC_ACE_FLAG_INHERITED_ACE
+                                            0x03: SEC_ACE_FLAG_VALID_INHERIT (3)
+                                               0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
+                                               0: SEC_ACE_FLAG_FAILED_ACCESS
+                                        size                     : 0x0014 (20)
+                                        access_mask              : 0x001f01ff (2032127)
+                                        object                   : union security_ace_object_ctr(case 0)
+                                        trustee                  : S-1-5-18
+                                        coda                     : union security_ace_coda(case 0)
+                                        ignored                  : DATA_BLOB length=0
+                                    aces: struct security_ace
+                                        type                     : SEC_ACE_TYPE_ACCESS_ALLOWED (0)
+                                        flags                    : 0x03 (3)
+                                               1: SEC_ACE_FLAG_OBJECT_INHERIT
+                                               1: SEC_ACE_FLAG_CONTAINER_INHERIT
+                                               0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
+                                               0: SEC_ACE_FLAG_INHERIT_ONLY
+                                               0: SEC_ACE_FLAG_INHERITED_ACE
+                                            0x03: SEC_ACE_FLAG_VALID_INHERIT (3)
+                                               0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
+                                               0: SEC_ACE_FLAG_FAILED_ACCESS
+                                        size                     : 0x0014 (20)
+                                        access_mask              : 0x001200a9 (1179817)
+                                        object                   : union security_ace_object_ctr(case 0)
+                                        trustee                  : S-1-5-11
+                                        coda                     : union security_ace_coda(case 0)
+                                        ignored                  : DATA_BLOB length=0
+                hash_type                : 0x0001 (1)
+                hash: ARRAY(64)
diff --git a/source4/librpc/wscript_build b/source4/librpc/wscript_build
new file mode 100644
index 0000000..7cc12cf
--- /dev/null
+++ b/source4/librpc/wscript_build
@@ -0,0 +1,554 @@
+#!/usr/bin/env python
+
+bld.RECURSE('../../librpc/idl')
+bld.RECURSE('../../librpc/tools')
+bld.RECURSE('idl')
+
+
+bld.SAMBA_SUBSYSTEM('NDR_IRPC',
+	source='gen_ndr/ndr_irpc.c',
+	public_deps='ndr NDR_SECURITY ndr_nbt'
+	)
+
+
+bld.SAMBA_SUBSYSTEM('NDR_SASL_HELPERS',
+	source='gen_ndr/ndr_sasl_helpers.c',
+	public_deps='ndr'
+	)
+
+
+
+bld.SAMBA_SUBSYSTEM('NDR_WINSIF',
+	source='gen_ndr/ndr_winsif.c',
+	public_deps='ndr NDR_WINSREPL'
+	)
+
+
+bld.SAMBA_SUBSYSTEM('NDR_OPENDB',
+	source='gen_ndr/ndr_opendb.c',
+	public_deps='ndr'
+	)
+
+
+bld.SAMBA_SUBSYSTEM('NDR_NTP_SIGND',
+	source='gen_ndr/ndr_ntp_signd.c',
+	public_deps='ndr'
+	)
+
+
+bld.SAMBA_SUBSYSTEM('NDR_WINSREPL',
+	source='gen_ndr/ndr_winsrepl.c',
+	public_deps='ndr ndr_nbt'
+	)
+
+
+# create a grouping library to consolidate our samba4 specific NDR code
+bld.SAMBA_LIBRARY('ndr-samba4',
+	source=[],
+	deps='NDR_WINBIND NDR_IRPC NDR_NFS4ACL NDR_OPENDB ndr-table',
+	private_library=True,
+	grouping_library=True
+	)
+
+# a grouping library for RPC_NDR subsystems that may be used by more than one target
+bld.SAMBA_LIBRARY('dcerpc-samba4',
+	source=[],
+	deps='RPC_NDR_WINBIND',
+	private_library=True,
+	grouping_library=True
+	)
+
+
+bld.SAMBA_PIDL_TABLES('GEN_NDR_TABLES', 'gen_ndr/tables.c')
+
+bld.SAMBA_SUBSYSTEM('ndr-table',
+	source='../../librpc/ndr/ndr_table.c gen_ndr/tables.c',
+        public_deps='''
+                    ndr-standard
+                    NDR_AUDIOSRV
+                    NDR_DSBACKUP
+                    NDR_EFS
+                    NDR_DRSUAPI
+                    NDR_POLICYAGENT
+                    NDR_UNIXINFO
+                    NDR_SPOOLSS
+                    NDR_EPMAPPER
+                    NDR_DBGIDL
+                    NDR_DSSETUP
+                    NDR_MSGSVC
+                    NDR_WINSIF
+                    NDR_MGMT
+                    NDR_WZCSVC
+                    NDR_BROWSER
+                    NDR_W32TIME
+                    NDR_SCERPC
+                    NDR_TRKWKS
+                    NDR_KEYSVC
+                    ndr-krb5pac
+                    NDR_SCHANNEL
+                    NDR_ROT
+                    NDR_DRSBLOBS
+                    ndr_nbt
+                    NDR_WINSREPL
+                    NDR_SECURITY
+                    NDR_DNSSERVER
+                    NDR_WINSTATION
+                    NDR_IRPC
+                    NDR_OPENDB
+                    NDR_SASL_HELPERS
+                    NDR_NOTIFY
+                    NDR_WINBIND
+                    NDR_FRSRPC
+                    NDR_FRSAPI
+                    NDR_FRSTRANS
+                    NDR_NTP_SIGND
+                    NDR_NAMED_PIPE_AUTH
+                    NDR_NTLMSSP
+                    NDR_DFSBLOBS
+                    NDR_DNSP
+                    NDR_NTPRINTING
+                    NDR_DNS
+                    NDR_BACKUPKEY
+                    NDR_PREG
+                    NDR_BKUPBLOBS
+                    NDR_FSCC
+                    NDR_CLUSAPI
+                    NDR_WINSPOOL
+                    NDR_CAB
+                    NDR_FSRVP_STATE
+                    NDR_IOCTL
+                    NDR_COMPRESSION
+                    NDR_PRINTCAP
+                    NDR_QUOTA
+                    NDR_RAP
+                    NDR_DCERPC
+                    NDR_MESSAGING
+                    NDR_SMB_ACL
+                    NDR_PERFCOUNT
+                    NDR_SECRETS
+                    NDR_LEASES_DB
+                    NDR_ODJ
+                    NDR_ADS
+                    ''',
+        depends_on='GEN_NDR_TABLES'
+        )
+
+
+bld.SAMBA_SUBSYSTEM('RPC_NDR_IRPC',
+	source='gen_ndr/ndr_irpc_c.c',
+	public_deps='dcerpc NDR_IRPC'
+	)
+
+bld.SAMBA_LIBRARY('dcerpc-samr',
+	source='',
+	pc_files='dcerpc_samr.pc',
+	vnum='0.0.1',
+	public_deps='dcerpc ndr-standard RPC_NDR_SAMR',
+	public_headers='../../librpc/gen_ndr/ndr_samr_c.h',
+	header_path='gen_ndr'
+	)
+
+
+bld.SAMBA_LIBRARY('dcerpc',
+	source='''rpc/dcerpc.c rpc/dcerpc_auth.c rpc/dcerpc_schannel.c
+	rpc/dcerpc_util.c rpc/dcerpc_smb.c rpc/dcerpc_sock.c
+	rpc/dcerpc_roh_channel_in.c rpc/dcerpc_roh_channel_out.c rpc/dcerpc_roh.c
+	rpc/dcerpc_connect.c rpc/dcerpc_secondary.c''',
+	pc_files='dcerpc.pc',
+	deps='''
+        samba_socket
+        LIBCLI_RESOLVE
+        LIBCLI_SMB
+        LIBCLI_SMB2
+        ndr
+        NDR_DCERPC
+        RPC_NDR_EPMAPPER
+        NDR_SCHANNEL
+        RPC_NDR_NETLOGON
+        RPC_NDR_MGMT
+        gensec
+        LIBCLI_AUTH
+        smbclient-raw
+        LP_RESOLVE
+        tevent-util
+        dcerpc-binding
+        dcerpc-pkt-auth
+        param_options
+        http''',
+	autoproto='rpc/dcerpc_proto.h',
+	public_deps='samba-credentials tevent talloc',
+	public_headers='''rpc/dcerpc.h''',
+	# It's very important to keep this form of construction
+	# it force the sambawaf extension to put everything that match the first element
+	# (*gen_ndr*) into the dir named by the second element (gen_ndr).
+	# If we just put header_path = 'gen_ndr' then all the public_headers will go
+	# in 'gen_ndr' and for dcerpc.h (at least) it will cause a problem as
+	# we have already a dcerpc.h installed by librpc/wscript_build
+	# and one will overwrite the other which is not what we expect.
+	header_path=[ ('*gen_ndr*', 'gen_ndr') ],
+	vnum='0.0.1'
+	)
+
+gen_cflags = ''
+if bld.CONFIG_SET('HAVE_WNO_UNUSED_FUNCTION'):
+    gen_cflags = '-Wno-unused-function'
+
+pyrpc_util = bld.pyembed_libname('pyrpc_util')
+pytalloc_util = bld.pyembed_libname('pytalloc-util')
+pyparam_util = bld.pyembed_libname('pyparam_util')
+
+bld.SAMBA_SUBSYSTEM(pyrpc_util,
+        source='rpc/pyrpc_util.c',
+        public_deps='%s %s dcerpc MESSAGING' % (pytalloc_util, pyparam_util),
+        pyext=True,
+        enabled=bld.PYTHON_BUILD_IS_ENABLED(),
+        )
+
+bld.SAMBA_PYTHON('python_dcerpc',
+        source='rpc/pyrpc.c',
+        public_deps='LIBCLI_SMB samba-util samba-hostconfig dcerpc-samr RPC_NDR_LSA DYNCONFIG %s gensec' % pyrpc_util,
+        realname='samba/dcerpc/base.so',
+        cflags_end=gen_cflags
+        )
+
+bld.SAMBA_PYTHON('python_dcerpc_misc',
+        source='../../librpc/gen_ndr/py_misc.c',
+        deps='%s %s ndr-krb5pac' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/misc.so',
+        cflags_end=gen_cflags
+        )
+
+bld.SAMBA_PYTHON('python_auth',
+        source='../../librpc/gen_ndr/py_auth.c',
+        deps='NDR_AUTH %s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/auth.so',
+        cflags_end=gen_cflags
+        )
+
+bld.SAMBA_PYTHON('python_dcerpc_security',
+        source='../../librpc/gen_ndr/py_security.c',
+        deps='%s %s NDR_SECURITY' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/security.so',
+        cflags_end=gen_cflags
+        )
+
+bld.SAMBA_PYTHON('python_conditional_ace',
+        source=('../../librpc/gen_ndr/py_conditional_ace.c '
+                '../../librpc/gen_ndr/ndr_conditional_ace.c'),
+        deps='%s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/conditional_ace.so',
+        cflags_end=gen_cflags
+        )
+
+bld.SAMBA_PYTHON('python_lsa',
+        source='../../librpc/gen_ndr/py_lsa.c',
+        deps='RPC_NDR_LSA %s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/lsa.so',
+        cflags_end=gen_cflags
+        )
+
+bld.SAMBA_PYTHON('python_krb5pac',
+        source='../../librpc/gen_ndr/py_krb5pac.c',
+        deps='ndr-krb5pac %s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/krb5pac.so',
+        cflags_end=gen_cflags
+        )
+
+bld.SAMBA_PYTHON('python_krb5ccache',
+        source='../../librpc/gen_ndr/py_krb5ccache.c',
+        deps='NDR_KRB5CCACHE %s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/krb5ccache.so',
+        cflags_end=gen_cflags
+        )
+
+bld.SAMBA_PYTHON('python_claims',
+        source='../../librpc/gen_ndr/py_claims.c',
+        deps='NDR_CLAIMS %s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/claims.so',
+        cflags_end=gen_cflags
+        )
+
+bld.SAMBA_PYTHON('python_gkdi',
+        source='../../librpc/gen_ndr/py_gkdi.c',
+        deps='RPC_NDR_GKDI %s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/gkdi.so',
+        cflags_end=gen_cflags
+        )
+
+bld.SAMBA_PYTHON('python_gmsa',
+        source='../../librpc/gen_ndr/py_gmsa.c',
+        deps='NDR_GMSA %s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/gmsa.so',
+        cflags_end=gen_cflags
+        )
+
+bld.SAMBA_PYTHON('python_netlogon',
+        source='../../librpc/gen_ndr/py_netlogon.c',
+        deps='RPC_NDR_NETLOGON %s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/netlogon.so',
+        cflags_end=gen_cflags
+        )
+
+bld.SAMBA_PYTHON('python_samr',
+        source='../../librpc/gen_ndr/py_samr.c',
+        deps='dcerpc-samr %s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/samr.so',
+        cflags_end=gen_cflags
+        )
+
+bld.SAMBA_PYTHON('python_spoolss',
+        source='../../librpc/gen_ndr/py_spoolss.c',
+        deps='RPC_NDR_SPOOLSS %s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/spoolss.so'
+        )
+
+bld.SAMBA_PYTHON('python_winspool',
+        source='../../librpc/gen_ndr/py_winspool.c',
+        deps='RPC_NDR_WINSPOOL %s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/winspool.so'
+        )
+
+bld.SAMBA_PYTHON('python_witness',
+        source='../../librpc/gen_ndr/py_witness.c',
+        deps='RPC_NDR_WITNESS %s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/witness.so'
+        )
+
+bld.SAMBA_PYTHON('python_dcerpc_nbt',
+        source='../../librpc/gen_ndr/py_nbt.c',
+        deps='ndr_nbt %s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/nbt.so',
+        cflags_end=gen_cflags
+        )
+
+bld.SAMBA_PYTHON('python_dcerpc_drsblobs',
+        source='../../librpc/gen_ndr/py_drsblobs.c',
+        deps='%s %s NDR_SECURITY NDR_DRSBLOBS' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/drsblobs.so',
+        cflags_end=gen_cflags
+        )
+
+bld.SAMBA_PYTHON('python_dcerpc_ntlmssp',
+        source='../../librpc/gen_ndr/py_ntlmssp.c',
+        deps='%s %s NDR_NTLMSSP' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/ntlmssp.so',
+        cflags_end=gen_cflags
+        )
+
+bld.SAMBA_PYTHON('python_srvsvc',
+    source='../../librpc/gen_ndr/py_srvsvc.c',
+    deps='RPC_NDR_SRVSVC %s %s' % (pytalloc_util, pyrpc_util),
+    realname='samba/dcerpc/srvsvc.so',
+    cflags_end=gen_cflags
+    )
+
+bld.SAMBA_PYTHON('python_echo',
+        source='../../librpc/gen_ndr/py_echo.c',
+        deps='RPC_NDR_ECHO %s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/echo.so',
+        cflags_end=gen_cflags
+        )
+
+bld.SAMBA_PYTHON('python_dns',
+        source='../../librpc/gen_ndr/py_dns.c',
+        deps='NDR_DNS %s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/dns.so',
+        cflags_end=gen_cflags
+        )
+
+bld.SAMBA_PYTHON('python_winreg',
+        source='../../librpc/gen_ndr/py_winreg.c',
+        deps='RPC_NDR_WINREG %s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/winreg.so',
+        cflags_end=gen_cflags
+        )
+
+bld.SAMBA_PYTHON('python_preg',
+        source='../../librpc/gen_ndr/py_preg.c',
+        deps='NDR_PREG %s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/preg.so',
+        cflags_end=gen_cflags
+        )
+
+bld.SAMBA_PYTHON('python_initshutdown',
+        source='../../librpc/gen_ndr/py_initshutdown.c',
+        deps='RPC_NDR_INITSHUTDOWN %s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/initshutdown.so',
+        cflags_end=gen_cflags
+        )
+
+
+bld.SAMBA_PYTHON('python_epmapper',
+        source='../../librpc/gen_ndr/py_epmapper.c',
+        deps='dcerpc %s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/epmapper.so',
+        cflags_end=gen_cflags
+        )
+
+
+bld.SAMBA_PYTHON('python_mgmt',
+        source='../../librpc/gen_ndr/py_mgmt.c',
+        deps='dcerpc %s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/mgmt.so',
+        cflags_end=gen_cflags
+        )
+
+
+bld.SAMBA_PYTHON('python_atsvc',
+        source='../../librpc/gen_ndr/py_atsvc.c',
+        deps='RPC_NDR_ATSVC %s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/atsvc.so',
+        cflags_end=gen_cflags
+        )
+
+
+bld.SAMBA_PYTHON('python_svcctl',
+        source='../../librpc/gen_ndr/py_svcctl.c',
+        deps='RPC_NDR_SVCCTL %s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/svcctl.so',
+        cflags_end=gen_cflags
+        )
+
+
+bld.SAMBA_PYTHON('python_wkssvc',
+        source='../../librpc/gen_ndr/py_wkssvc.c',
+        deps='RPC_NDR_WKSSVC %s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/wkssvc.so',
+        cflags_end=gen_cflags
+        )
+
+
+bld.SAMBA_PYTHON('python_dfs',
+        source='../../librpc/gen_ndr/py_dfs.c',
+        deps='RPC_NDR_DFS %s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/dfs.so',
+        cflags_end=gen_cflags
+        )
+
+bld.SAMBA_PYTHON('python_dcerpc_dcerpc',
+        source='../../librpc/gen_ndr/py_dcerpc.c',
+        deps='NDR_DCERPC %s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/dcerpc.so',
+        cflags_end=gen_cflags
+        )
+
+bld.SAMBA_PYTHON('python_unixinfo',
+        source='../../librpc/gen_ndr/py_unixinfo.c',
+        deps='RPC_NDR_UNIXINFO %s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/unixinfo.so',
+        cflags_end=gen_cflags
+        )
+
+
+bld.SAMBA_PYTHON('python_irpc',
+        source='gen_ndr/py_irpc.c',
+        deps='RPC_NDR_IRPC %s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/irpc.so',
+        cflags_end=gen_cflags
+        )
+
+bld.SAMBA_PYTHON('python_server_id',
+        source='../../librpc/gen_ndr/py_server_id.c',
+        deps='NDR_SERVER_ID %s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/server_id.so',
+        cflags_end=gen_cflags
+        )
+
+python_netlogon = 'python_netlogon'
+bld.SAMBA_PYTHON('python_winbind',
+        source='../../librpc/gen_ndr/py_winbind.c',
+        deps='RPC_NDR_WINBIND %s %s %s' % (pytalloc_util, pyrpc_util, python_netlogon),
+        realname='samba/dcerpc/winbind.so',
+        cflags_end=gen_cflags
+        )
+
+bld.SAMBA_PYTHON('python_drsuapi',
+        source='../../librpc/gen_ndr/py_drsuapi.c',
+        deps='RPC_NDR_DRSUAPI %s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/drsuapi.so',
+        cflags_end=gen_cflags
+        )
+
+bld.SAMBA_PYTHON('python_dcerpc_dnsp',
+        source='../../librpc/gen_ndr/py_dnsp.c',
+        deps='%s %s NDR_SECURITY NDR_DNSP' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/dnsp.so',
+        cflags_end=gen_cflags
+        )
+
+
+bld.SAMBA_PYTHON('python_dcerpc_xattr',
+        source='../../librpc/gen_ndr/py_xattr.c',
+        deps='%s %s NDR_XATTR' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/xattr.so',
+        cflags_end=gen_cflags
+        )
+
+bld.SAMBA_PYTHON('python_dcerpc_smb3posix',
+        source='../../librpc/gen_ndr/py_smb3posix.c',
+        deps='%s %s NDR_SMB3POSIX' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/smb3posix.so',
+        cflags_end=gen_cflags
+        )
+
+bld.SAMBA_PYTHON('python_dcerpc_idmap',
+        source='../../librpc/gen_ndr/py_idmap.c',
+        deps='%s %s NDR_IDMAP' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/idmap.so',
+        cflags_end=gen_cflags
+        )
+
+bld.SAMBA_PYTHON('python_dnsserver',
+        source='../../librpc/gen_ndr/py_dnsserver.c',
+        deps='RPC_NDR_DNSSERVER %s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/dnsserver.so',
+        cflags_end=gen_cflags
+        )
+
+bld.SAMBA_PYTHON('python_dcerpc_smb_acl',
+        source='../../librpc/gen_ndr/py_smb_acl.c',
+        deps='%s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/smb_acl.so',
+        cflags_end=gen_cflags
+        )
+
+bld.SAMBA_PYTHON('dcerpc_python_messaging',
+        source='../../librpc/gen_ndr/py_messaging.c',
+        deps='%s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/messaging.so',
+        cflags_end=gen_cflags
+        )
+
+bld.SAMBA_PYTHON('dcerpc_windows_event_ids',
+        source='../../librpc/gen_ndr/py_windows_event_ids.c',
+        deps='%s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/windows_event_ids.so',
+        cflags_end=gen_cflags
+        )
+
+bld.SAMBA_PYTHON('python_mdssvc',
+        source='../../librpc/gen_ndr/py_mdssvc.c',
+        deps='RPC_NDR_MDSSVC %s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/mdssvc.so',
+        cflags_end=gen_cflags
+        )
+
+bld.SAMBA_SUBSYSTEM('RPC_NDR_SMBXSRV',
+    source='../../source3/librpc/gen_ndr/ndr_smbXsrv_c.c',
+    public_deps='dcerpc-binding NDR_SMBXSRV'
+    )
+
+bld.SAMBA_PYTHON('python_smbXsrv',
+        source='../../source3/librpc/gen_ndr/py_smbXsrv.c',
+        deps='RPC_NDR_SMBXSRV %s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/smbXsrv.so',
+        cflags_end=gen_cflags
+        )
+
+if bld.PYTHON_BUILD_IS_ENABLED():
+    bld.SAMBA_SCRIPT('python_dcerpc_init',
+		    pattern='rpc/dcerpc.py',
+		     installdir='python/samba/dcerpc',
+		     installname='__init__.py')
+
+    bld.INSTALL_FILES('${PYTHONARCHDIR}/samba/dcerpc', 'rpc/dcerpc.py', destname='__init__.py')
diff --git a/source4/nbt_server/defense.c b/source4/nbt_server/defense.c
new file mode 100644
index 0000000..fbe22aa
--- /dev/null
+++ b/source4/nbt_server/defense.c
@@ -0,0 +1,79 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   defend our names against name registration requests
+
+   Copyright (C) Andrew Tridgell	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "../lib/util/dlinklist.h"
+#include "system/network.h"
+#include "nbt_server/nbt_server.h"
+#include "nbt_server/wins/winsserver.h"
+#include "librpc/gen_ndr/ndr_nbt.h"
+#include "lib/socket/socket.h"
+
+
+/*
+  defend our registered names against registration or name refresh
+  requests
+*/
+void nbtd_request_defense(struct nbt_name_socket *nbtsock, 
+			  struct nbt_name_packet *packet, 
+			  struct socket_address *src)
+{
+	struct nbtd_iface_name *iname;
+	struct nbt_name *name;
+	struct nbtd_interface *iface = talloc_get_type(nbtsock->incoming.private_data,
+						       struct nbtd_interface);
+
+	/*
+	 * if the packet comes from one of our interfaces
+	 * it must be our winsclient trying to reach the winsserver
+	 */
+	if (nbtd_self_packet(nbtsock, packet, src)) {
+		nbtd_winsserver_request(nbtsock, packet, src);
+		return;
+	}
+
+	NBTD_ASSERT_PACKET(packet, src, packet->qdcount == 1);
+	NBTD_ASSERT_PACKET(packet, src, packet->arcount == 1);
+	NBTD_ASSERT_PACKET(packet, src, 
+			   packet->questions[0].question_type == NBT_QTYPE_NETBIOS);
+	NBTD_ASSERT_PACKET(packet, src, 
+			   packet->questions[0].question_class == NBT_QCLASS_IP);
+	NBTD_ASSERT_PACKET(packet, src, 
+			  packet->additional[0].rr_type == NBT_QTYPE_NETBIOS);
+	NBTD_ASSERT_PACKET(packet, src, 
+			  packet->additional[0].rr_class == NBT_QCLASS_IP);
+	NBTD_ASSERT_PACKET(packet, src, 
+			  packet->additional[0].rdata.netbios.length == 6);
+
+	/* see if we have the requested name on this interface */
+	name = &packet->questions[0].name;
+
+	iname = nbtd_find_iname(iface, name, NBT_NM_ACTIVE);
+	if (iname != NULL && 
+	    !(name->type == NBT_NAME_LOGON || iname->nb_flags & NBT_NM_GROUP)) {
+		DEBUG(2,("Defending name %s on %s against %s\n",
+			 nbt_name_string(packet, name), 
+			 iface->bcast_address, src->addr));
+		nbtd_name_registration_reply(nbtsock, packet, src, NBT_RCODE_ACT);
+	} else {
+		nbtd_winsserver_request(nbtsock, packet, src);
+	}
+}
diff --git a/source4/nbt_server/dgram/browse.c b/source4/nbt_server/dgram/browse.c
new file mode 100644
index 0000000..1e4f28b
--- /dev/null
+++ b/source4/nbt_server/dgram/browse.c
@@ -0,0 +1,85 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   NBT datagram browse server
+
+   Copyright (C) Andrew Tridgell	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "nbt_server/nbt_server.h"
+#include "lib/socket/socket.h"
+#include "librpc/gen_ndr/ndr_nbt.h"
+#include "nbt_server/dgram/proto.h"
+
+static const char *nbt_browse_opcode_string(enum nbt_browse_opcode r)
+{
+	const char *val = NULL;
+
+	switch (r) {
+		case HostAnnouncement: val = "HostAnnouncement"; break;
+		case AnnouncementRequest: val = "AnnouncementRequest"; break;
+		case Election: val = "Election"; break;
+		case GetBackupListReq: val = "GetBackupListReq"; break;
+		case GetBackupListResp: val = "GetBackupListResp"; break;
+		case BecomeBackup: val = "BecomeBackup"; break;
+		case DomainAnnouncement: val = "DomainAnnouncement"; break;
+		case MasterAnnouncement: val = "MasterAnnouncement"; break;
+		case ResetBrowserState: val = "ResetBrowserState"; break;
+		case LocalMasterAnnouncement: val = "LocalMasterAnnouncement"; break;
+	}
+
+	return val;
+}
+
+/*
+  handle incoming browse mailslot requests
+*/
+void nbtd_mailslot_browse_handler(struct dgram_mailslot_handler *dgmslot, 
+				  struct nbt_dgram_packet *packet, 
+				  struct socket_address *src)
+{
+	struct nbt_browse_packet *browse = talloc(dgmslot, struct nbt_browse_packet);
+	struct nbt_name *name = &packet->data.msg.dest_name;
+	NTSTATUS status;
+
+	if (browse == NULL) {
+		status = NT_STATUS_INVALID_PARAMETER;
+		goto failed;
+	}
+
+	status = dgram_mailslot_browse_parse(dgmslot, browse, packet, browse);
+	if (!NT_STATUS_IS_OK(status)) goto failed;
+
+	DEBUG(4,("Browse %s (Op %d) on '%s' '%s' from %s:%d\n", 
+		nbt_browse_opcode_string(browse->opcode), browse->opcode,
+		nbt_name_string(browse, name), dgmslot->mailslot_name,
+		src->addr, src->port));
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_DEBUG(nbt_browse_packet, browse);
+	}
+
+	talloc_free(browse);
+	return;
+
+failed:
+	DEBUG(2,("nbtd browse handler failed from %s:%d to %s - %s\n",
+		 src->addr, src->port, nbt_name_string(browse, name),
+		 nt_errstr(status)));
+	talloc_free(browse);
+
+}
diff --git a/source4/nbt_server/dgram/netlogon.c b/source4/nbt_server/dgram/netlogon.c
new file mode 100644
index 0000000..e9d89e5
--- /dev/null
+++ b/source4/nbt_server/dgram/netlogon.c
@@ -0,0 +1,286 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   NBT datagram netlogon server
+
+   Copyright (C) Andrew Tridgell	2005
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2008
+  
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "nbt_server/nbt_server.h"
+#include "lib/socket/socket.h"
+#include <ldb.h>
+#include "dsdb/samdb/samdb.h"
+#include "auth/auth.h"
+#include "param/param.h"
+#include "samba/service_task.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+#include "libcli/security/security.h"
+#include "nbt_server/dgram/proto.h"
+#include "libds/common/roles.h"
+
+/*
+  reply to a GETDC request
+ */
+static NTSTATUS nbtd_netlogon_getdc(struct nbtd_server *nbtsrv,
+				    struct nbt_name *dst_name,
+				    struct nbt_netlogon_packet *netlogon,
+				    TALLOC_CTX *mem_ctx,
+				    struct nbt_netlogon_response **presponse,
+				    char **preply_mailslot)
+{
+	struct nbt_netlogon_response_from_pdc *pdc;
+	struct ldb_context *samctx;
+	struct nbt_netlogon_response *response = NULL;
+	char *reply_mailslot = NULL;
+
+	/* only answer getdc requests on the PDC or LOGON names */
+	if ((dst_name->type != NBT_NAME_PDC) &&
+	    (dst_name->type != NBT_NAME_LOGON)) {
+		return NT_STATUS_NOT_SUPPORTED;
+	}
+
+	samctx = nbtsrv->sam_ctx;
+
+	if (lpcfg_server_role(nbtsrv->task->lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC
+	    || !samdb_is_pdc(samctx)) {
+		DEBUG(2, ("Not a PDC, so not processing LOGON_PRIMARY_QUERY\n"));
+		return NT_STATUS_NOT_SUPPORTED;
+	}
+
+	if (strcasecmp_m(dst_name->name,
+			 lpcfg_workgroup(nbtsrv->task->lp_ctx)) != 0) {
+		DBG_INFO("GetDC requested for a domain %s that we don't "
+			 "host\n", dst_name->name);
+		return NT_STATUS_NOT_SUPPORTED;
+	}
+
+	reply_mailslot = talloc_strdup(
+		mem_ctx, netlogon->req.pdc.mailslot_name);
+	if (reply_mailslot == NULL) {
+		goto nomem;
+	}
+
+	/* setup a GETDC reply */
+	response = talloc_zero(mem_ctx, struct nbt_netlogon_response);
+	if (response == NULL) {
+		goto nomem;
+	}
+	response->response_type = NETLOGON_GET_PDC;
+	pdc = &response->data.get_pdc;
+
+	pdc->command = NETLOGON_RESPONSE_FROM_PDC;
+
+	pdc->pdc_name = talloc_strdup(
+		response, lpcfg_netbios_name(nbtsrv->task->lp_ctx));
+	if (pdc->pdc_name == NULL) {
+		goto nomem;
+	}
+
+	pdc->unicode_pdc_name = pdc->pdc_name;
+
+	pdc->domain_name = talloc_strdup(
+		response, lpcfg_workgroup(nbtsrv->task->lp_ctx));
+	if (pdc->domain_name == NULL) {
+		goto nomem;
+	}
+
+	pdc->nt_version       = 1;
+	pdc->lmnt_token       = 0xFFFF;
+	pdc->lm20_token       = 0xFFFF;
+
+	*presponse = response;
+	*preply_mailslot = reply_mailslot;
+	return NT_STATUS_OK;
+
+nomem:
+	TALLOC_FREE(response);
+	TALLOC_FREE(reply_mailslot);
+	return NT_STATUS_NO_MEMORY;
+}
+
+/*
+  reply to a ADS style GETDC request
+ */
+static NTSTATUS nbtd_netlogon_samlogon(
+	struct nbtd_server *nbtsrv,
+	struct nbt_name *dst_name,
+	const struct socket_address *src,
+	struct nbt_netlogon_packet *netlogon,
+	TALLOC_CTX *mem_ctx,
+	struct nbt_netlogon_response **presponse,
+	char **preply_mailslot)
+{
+	struct ldb_context *samctx;
+	struct dom_sid *sid = NULL;
+	struct nbt_netlogon_response *response = NULL;
+	char *reply_mailslot = NULL;
+	NTSTATUS status;
+
+	/* only answer getdc requests on the PDC or LOGON names */
+	if ((dst_name->type != NBT_NAME_PDC) &&
+	    (dst_name->type != NBT_NAME_LOGON)) {
+		return NT_STATUS_NOT_SUPPORTED;
+	}
+
+	samctx = nbtsrv->sam_ctx;
+
+	if (netlogon->req.logon.sid_size != 0) {
+		sid = &netlogon->req.logon.sid;
+	}
+
+	reply_mailslot = talloc_strdup(
+		mem_ctx, netlogon->req.logon.mailslot_name);
+	if (reply_mailslot == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	response = talloc_zero(mem_ctx, struct nbt_netlogon_response);
+	if (response == NULL) {
+		TALLOC_FREE(reply_mailslot);
+		return NT_STATUS_NO_MEMORY;
+	}
+	response->response_type = NETLOGON_SAMLOGON;
+
+	status = fill_netlogon_samlogon_response(
+		samctx, response, NULL, dst_name->name, sid, NULL,
+		netlogon->req.logon.user_name,
+		netlogon->req.logon.acct_control, src->addr,
+		netlogon->req.logon.nt_version, nbtsrv->task->lp_ctx,
+		&response->data.samlogon, false);
+	if (!NT_STATUS_IS_OK(status)) {
+		struct dom_sid_buf buf;
+
+		DBG_NOTICE("NBT netlogon query failed domain=%s sid=%s "
+			   "version=%d - %s\n",
+			   dst_name->name,
+			   dom_sid_str_buf(sid, &buf),
+			   netlogon->req.logon.nt_version,
+			   nt_errstr(status));
+		TALLOC_FREE(reply_mailslot);
+		TALLOC_FREE(response);
+		return status;
+	}
+
+	*presponse = response;
+	*preply_mailslot = reply_mailslot;
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS nbtd_mailslot_netlogon_reply(
+	struct nbtd_interface *iface,
+	struct nbt_dgram_packet *packet,
+	struct socket_address *src,
+	TALLOC_CTX *mem_ctx,
+	struct nbt_netlogon_response **presponse,
+	char **preply_mailslot)
+{
+	struct nbt_netlogon_packet *netlogon;
+	struct nbt_name *dst_name = &packet->data.msg.dest_name;
+	struct nbt_netlogon_response *response = NULL;
+	struct nbtd_iface_name *iname;
+	char *reply_mailslot = NULL;
+	NTSTATUS status;
+
+	/*
+	  see if the we are listening on the destination netbios name
+	*/
+	iname = nbtd_find_iname(iface, dst_name, 0);
+	if (iname == NULL) {
+		return NT_STATUS_BAD_NETWORK_NAME;
+	}
+
+	netlogon = talloc(mem_ctx, struct nbt_netlogon_packet);
+	if (netlogon == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	status = dgram_mailslot_netlogon_parse_request(netlogon, packet,
+						       netlogon);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto failed;
+	}
+
+	switch (netlogon->command) {
+	case LOGON_PRIMARY_QUERY:
+		status = nbtd_netlogon_getdc(
+			iface->nbtsrv, &packet->data.msg.dest_name,
+			netlogon, mem_ctx, &response, &reply_mailslot);
+		break;
+	case LOGON_SAM_LOGON_REQUEST:
+		status = nbtd_netlogon_samlogon(
+			iface->nbtsrv, &packet->data.msg.dest_name, src,
+			netlogon, mem_ctx, &response, &reply_mailslot);
+		break;
+	default:
+		DEBUG(2,("unknown netlogon op %d from %s:%d\n",
+			 netlogon->command, src->addr, src->port));
+		NDR_PRINT_DEBUG(nbt_netlogon_packet, netlogon);
+		status = NT_STATUS_NOT_SUPPORTED;
+		break;
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		DBG_DEBUG("Calculating reply failed: %s\n",
+			  nt_errstr(status));
+		goto failed;
+	}
+
+	*presponse = response;
+	*preply_mailslot = reply_mailslot;
+	return NT_STATUS_OK;
+
+failed:
+	TALLOC_FREE(reply_mailslot);
+	TALLOC_FREE(netlogon);
+	return status;
+}
+
+/*
+  handle incoming netlogon mailslot requests
+*/
+void nbtd_mailslot_netlogon_handler(struct dgram_mailslot_handler *dgmslot,
+				    struct nbt_dgram_packet *packet,
+				    struct socket_address *src)
+{
+	NTSTATUS status = NT_STATUS_NO_MEMORY;
+	struct nbtd_interface *iface =
+		talloc_get_type(dgmslot->private_data, struct nbtd_interface);
+	struct nbtd_interface *reply_iface = nbtd_find_reply_iface(
+		iface, src->addr, false);
+	struct nbt_netlogon_response *response = NULL;
+	char *reply_mailslot = NULL;
+
+	if (reply_iface->ip_address == NULL) {
+		DBG_WARNING("Could not obtain own IP address for datagram "
+			    "socket\n");
+		return;
+	}
+
+	status = nbtd_mailslot_netlogon_reply(
+		iface, packet, src, dgmslot, &response, &reply_mailslot);
+
+	if (NT_STATUS_IS_OK(status)) {
+		dgram_mailslot_netlogon_reply(
+			reply_iface->dgmsock, packet,
+			lpcfg_netbios_name(iface->nbtsrv->task->lp_ctx),
+			reply_mailslot, response);
+	}
+
+	TALLOC_FREE(response);
+	TALLOC_FREE(reply_mailslot);
+}
diff --git a/source4/nbt_server/dgram/ntlogon.c b/source4/nbt_server/dgram/ntlogon.c
new file mode 100644
index 0000000..8c6a6e9
--- /dev/null
+++ b/source4/nbt_server/dgram/ntlogon.c
@@ -0,0 +1,121 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   NBT datagram ntlogon server
+
+   Copyright (C) Andrew Tridgell	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "nbt_server/nbt_server.h"
+#include "samba/service_task.h"
+#include "lib/socket/socket.h"
+#include "librpc/gen_ndr/ndr_nbt.h"
+#include "param/param.h"
+
+/*
+  reply to a SAM LOGON request
+ */
+static void nbtd_ntlogon_sam_logon(struct dgram_mailslot_handler *dgmslot, 
+				   struct nbtd_interface *iface,
+				   struct nbt_dgram_packet *packet,
+				   const struct socket_address *src,
+				   struct nbt_ntlogon_packet *ntlogon)
+{
+	struct nbt_name *name = &packet->data.msg.dest_name;
+	struct nbtd_interface *reply_iface = nbtd_find_reply_iface(iface, src->addr, false);
+	struct nbt_ntlogon_packet reply;
+	struct nbt_ntlogon_sam_logon_reply *logon;
+
+	/* only answer sam logon requests on the PDC or LOGON names */
+	if (name->type != NBT_NAME_PDC && name->type != NBT_NAME_LOGON) {
+		return;
+	}
+
+	/* setup a SAM LOGON reply */
+	ZERO_STRUCT(reply);
+	reply.command = NTLOGON_SAM_LOGON_REPLY;
+	logon = &reply.req.reply;
+
+	logon->server           = talloc_asprintf(packet, "\\\\%s", 
+						  lpcfg_netbios_name(iface->nbtsrv->task->lp_ctx));
+	logon->user_name        = ntlogon->req.logon.user_name;
+	logon->domain           = lpcfg_workgroup(iface->nbtsrv->task->lp_ctx);
+	logon->nt_version       = 1;
+	logon->lmnt_token       = 0xFFFF;
+	logon->lm20_token       = 0xFFFF;
+
+	packet->data.msg.dest_name.type = 0;
+
+	dgram_mailslot_ntlogon_reply(reply_iface->dgmsock, 
+				     packet, 
+				     lpcfg_netbios_name(iface->nbtsrv->task->lp_ctx),
+				     ntlogon->req.logon.mailslot_name,
+				     &reply);
+}
+
+/*
+  handle incoming ntlogon mailslot requests
+*/
+void nbtd_mailslot_ntlogon_handler(struct dgram_mailslot_handler *dgmslot, 
+				   struct nbt_dgram_packet *packet, 
+				   struct socket_address *src)
+{
+	NTSTATUS status = NT_STATUS_NO_MEMORY;
+	struct nbtd_interface *iface = 
+		talloc_get_type(dgmslot->private_data, struct nbtd_interface);
+	struct nbt_ntlogon_packet *ntlogon = 
+		talloc(dgmslot, struct nbt_ntlogon_packet);
+	struct nbtd_iface_name *iname;
+	struct nbt_name *name = &packet->data.msg.dest_name;
+
+	if (ntlogon == NULL) goto failed;
+
+	/*
+	  see if the we are listening on the destination netbios name
+	*/
+	iname = nbtd_find_iname(iface, name, 0);
+	if (iname == NULL) {
+		status = NT_STATUS_BAD_NETWORK_NAME;
+		goto failed;
+	}
+
+	DEBUG(2,("ntlogon request to %s from %s:%d\n", 
+		 nbt_name_string(ntlogon, name), src->addr, src->port));
+	status = dgram_mailslot_ntlogon_parse(dgmslot, ntlogon, packet, ntlogon);
+	if (!NT_STATUS_IS_OK(status)) goto failed;
+
+	NDR_PRINT_DEBUG(nbt_ntlogon_packet, ntlogon);
+
+	switch (ntlogon->command) {
+	case NTLOGON_SAM_LOGON:
+		nbtd_ntlogon_sam_logon(dgmslot, iface, packet, src, ntlogon);
+		break;
+	default:
+		DEBUG(2,("unknown ntlogon op %d from %s:%d\n", 
+			 ntlogon->command, src->addr, src->port));
+		break;
+	}
+
+	talloc_free(ntlogon);
+	return;
+
+failed:
+	DEBUG(2,("nbtd ntlogon handler failed from %s:%d to %s - %s\n",
+		 src->addr, src->port, nbt_name_string(ntlogon, name),
+		 nt_errstr(status)));
+	talloc_free(ntlogon);
+}
diff --git a/source4/nbt_server/dgram/request.c b/source4/nbt_server/dgram/request.c
new file mode 100644
index 0000000..ea2b6e8
--- /dev/null
+++ b/source4/nbt_server/dgram/request.c
@@ -0,0 +1,150 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   NBT datagram server
+
+   Copyright (C) Andrew Tridgell	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "nbt_server/nbt_server.h"
+#include "samba/service_task.h"
+#include "lib/socket/socket.h"
+#include "libcli/resolve/resolve.h"
+#include "nbt_server/dgram/proto.h"
+#include "librpc/gen_ndr/ndr_nbt.h"
+#include "param/param.h"
+
+/*
+  a list of mailslots that we have static handlers for
+*/
+static const struct {
+	const char *mailslot_name;
+	dgram_mailslot_handler_t handler;
+} mailslot_handlers[] = {
+	/* Handle both NTLOGON and NETLOGON in the same function, as
+	 * they are very similar */
+	{ NBT_MAILSLOT_NETLOGON, nbtd_mailslot_netlogon_handler },
+	{ NBT_MAILSLOT_NTLOGON,  nbtd_mailslot_netlogon_handler },
+	{ NBT_MAILSLOT_BROWSE,   nbtd_mailslot_browse_handler }
+};
+
+/*
+  receive an incoming dgram request. This is used for general datagram
+  requests. Mailslot requests for our listening mailslots
+  are handled in the specific mailslot handlers
+*/
+void dgram_request_handler(struct nbt_dgram_socket *dgmsock, 
+			   struct nbt_dgram_packet *packet,
+			   struct socket_address *src)
+{
+	DEBUG(0,("General datagram request from %s:%d\n", src->addr, src->port));
+	NDR_PRINT_DEBUG(nbt_dgram_packet, packet);
+}
+
+
+/*
+  setup the port 138 datagram listener for a given interface
+*/
+NTSTATUS nbtd_dgram_setup(struct nbtd_interface *iface, const char *bind_address)
+{
+	struct nbt_dgram_socket *bcast_dgmsock = NULL;
+	struct nbtd_server *nbtsrv = iface->nbtsrv;
+	struct socket_address *bcast_addr, *bind_addr;
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(iface);
+	/* the list of mailslots that we are interested in */
+	size_t i;
+
+	if (!tmp_ctx) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (strcmp("0.0.0.0", iface->netmask) != 0) {
+		/* listen for broadcasts on port 138 */
+		bcast_dgmsock = nbt_dgram_socket_init(iface, nbtsrv->task->event_ctx);
+		if (!bcast_dgmsock) {
+			talloc_free(tmp_ctx);
+			return NT_STATUS_NO_MEMORY;
+		}
+	
+		bcast_addr = socket_address_from_strings(tmp_ctx, bcast_dgmsock->sock->backend_name, 
+							 iface->bcast_address, 
+							 lpcfg_dgram_port(iface->nbtsrv->task->lp_ctx));
+		if (!bcast_addr) {
+			talloc_free(tmp_ctx);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		status = socket_listen(bcast_dgmsock->sock, bcast_addr, 0, 0);
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(tmp_ctx);
+			DEBUG(0,("Failed to bind to %s:%d - %s\n", 
+				 iface->bcast_address, lpcfg_dgram_port(iface->nbtsrv->task->lp_ctx),
+				 nt_errstr(status)));
+			return status;
+		}
+	
+		dgram_set_incoming_handler(bcast_dgmsock, dgram_request_handler, iface);
+	}
+
+	/* listen for unicasts on port 138 */
+	iface->dgmsock = nbt_dgram_socket_init(iface, nbtsrv->task->event_ctx);
+	if (!iface->dgmsock) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	bind_addr = socket_address_from_strings(tmp_ctx, iface->dgmsock->sock->backend_name, 
+						bind_address, lpcfg_dgram_port(iface->nbtsrv->task->lp_ctx));
+	if (!bind_addr) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	status = socket_listen(iface->dgmsock->sock, bind_addr, 0, 0);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(tmp_ctx);
+		DEBUG(0,("Failed to bind to %s:%d - %s\n", 
+			 bind_address, lpcfg_dgram_port(iface->nbtsrv->task->lp_ctx), nt_errstr(status)));
+		return status;
+	}
+
+	dgram_set_incoming_handler(iface->dgmsock, dgram_request_handler, iface);
+
+	talloc_free(tmp_ctx);
+
+	for (i=0;i<ARRAY_SIZE(mailslot_handlers);i++) {
+		/* note that we don't need to keep the pointer
+		   to the dgmslot around - the callback is all
+		   we need */
+		struct dgram_mailslot_handler *dgmslot;
+
+		if (bcast_dgmsock) {
+			dgmslot = dgram_mailslot_listen(bcast_dgmsock, 
+						mailslot_handlers[i].mailslot_name,
+						mailslot_handlers[i].handler, iface);
+			NT_STATUS_HAVE_NO_MEMORY(dgmslot);
+		}
+
+		dgmslot = dgram_mailslot_listen(iface->dgmsock, 
+						mailslot_handlers[i].mailslot_name,
+						mailslot_handlers[i].handler, iface);
+		NT_STATUS_HAVE_NO_MEMORY(dgmslot);
+	}
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/nbt_server/interfaces.c b/source4/nbt_server/interfaces.c
new file mode 100644
index 0000000..b946a1d
--- /dev/null
+++ b/source4/nbt_server/interfaces.c
@@ -0,0 +1,426 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   NBT interface handling
+
+   Copyright (C) Andrew Tridgell	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "../lib/util/dlinklist.h"
+#include "nbt_server/nbt_server.h"
+#include "samba/service_task.h"
+#include "lib/socket/socket.h"
+#include "nbt_server/wins/winsserver.h"
+#include "nbt_server/dgram/proto.h"
+#include "system/network.h"
+#include "lib/socket/netif.h"
+#include "param/param.h"
+#include "lib/util/util_net.h"
+#include "lib/util/idtree.h"
+
+/*
+  receive an incoming request and dispatch it to the right place
+*/
+static void nbtd_request_handler(struct nbt_name_socket *nbtsock, 
+				 struct nbt_name_packet *packet, 
+				 struct socket_address *src)
+{
+	struct nbtd_interface *iface = talloc_get_type(nbtsock->incoming.private_data,
+						       struct nbtd_interface);
+	struct nbtd_server *nbtsrv = iface->nbtsrv;
+
+	nbtsrv->stats.total_received++;
+
+	/* see if it's from one of our own interfaces - if so, then ignore it */
+	if (nbtd_self_packet_and_bcast(nbtsock, packet, src)) {
+		DEBUG(10,("Ignoring bcast self packet from %s:%d\n", src->addr, src->port));
+		return;
+	}
+
+	switch (packet->operation & NBT_OPCODE) {
+	case NBT_OPCODE_QUERY:
+		nbtsrv->stats.query_count++;
+		nbtd_request_query(nbtsock, packet, src);
+		break;
+
+	case NBT_OPCODE_REGISTER:
+	case NBT_OPCODE_REFRESH:
+	case NBT_OPCODE_REFRESH2:
+		nbtsrv->stats.register_count++;
+		nbtd_request_defense(nbtsock, packet, src);
+		break;
+
+	case NBT_OPCODE_RELEASE:
+	case NBT_OPCODE_MULTI_HOME_REG:
+		nbtsrv->stats.release_count++;
+		nbtd_winsserver_request(nbtsock, packet, src);
+		break;
+
+	default:
+		nbtd_bad_packet(packet, src, "Unexpected opcode");
+		break;
+	}
+}
+
+static void nbtd_unexpected_handler(struct nbt_name_socket *nbtsock,
+				    struct nbt_name_packet *packet,
+				    struct socket_address *src)
+{
+	struct nbtd_interface *iface = talloc_get_type(nbtsock->incoming.private_data,
+						       struct nbtd_interface);
+	struct nbtd_server *nbtsrv = iface->nbtsrv;
+	struct nbtd_interface *i;
+	struct nbt_name_request *req = NULL;
+
+	nbtsrv->stats.total_received++;
+
+	DEBUG(10,("unexpected from src[%s] on interface[%p] %s/%s\n",
+		src->addr, iface, iface->ip_address, iface->netmask));
+
+	/* try the broadcast interface */
+	if (nbtsrv->bcast_interface) {
+		i = nbtsrv->bcast_interface;
+		req = idr_find(i->nbtsock->idr, packet->name_trn_id);
+	}
+
+	/* try the wins server client interface */
+	if (!req && nbtsrv->wins_interface && nbtsrv->wins_interface->nbtsock) {
+		i = nbtsrv->wins_interface;
+		req = idr_find(i->nbtsock->idr, packet->name_trn_id);
+	}
+
+	/* try all other interfaces... */
+	if (!req) {
+		for (i = nbtsrv->interfaces; i; i = i->next) {
+			if (i == iface) {
+				continue;
+			}
+			req = idr_find(i->nbtsock->idr, packet->name_trn_id);
+			if (req) break;
+		}
+	}
+
+	if (!req) {
+		DEBUG(10,("unexpected from src[%s] unable to redirected\n", src->addr));
+		return;
+	}
+
+	DEBUG(10,("unexpected from src[%s] redirected to interface[%p] %s/%s\n",
+		src->addr, i, i->ip_address, i->netmask));
+
+	/*
+	 * redirect the incoming response to the socket
+	 * we sent the matching request
+	 */
+	nbt_name_socket_handle_response_packet(req, packet, src);
+}
+
+/*
+  find a registered name on an interface
+*/
+struct nbtd_iface_name *nbtd_find_iname(struct nbtd_interface *iface, 
+					struct nbt_name *name, 
+					uint16_t nb_flags)
+{
+	struct nbtd_iface_name *iname;
+	for (iname=iface->names;iname;iname=iname->next) {
+		if (iname->name.type == name->type &&
+		    strcmp(name->name, iname->name.name) == 0 &&
+		    ((iname->nb_flags & nb_flags) == nb_flags)) {
+			return iname;
+		}
+	}
+	return NULL;
+}
+
+/*
+  start listening on the given address
+*/
+static NTSTATUS nbtd_add_socket(struct nbtd_server *nbtsrv, 
+				struct loadparm_context *lp_ctx,
+				const char *bind_address, 
+				const char *address, 
+				const char *bcast, 
+				const char *netmask)
+{
+	struct nbtd_interface *iface;
+	NTSTATUS status;
+	struct socket_address *bcast_address;
+	struct socket_address *unicast_address;
+
+	DEBUG(6,("nbtd_add_socket(%s, %s, %s, %s)\n", bind_address, address, bcast, netmask));
+
+	/*
+	  we actually create two sockets. One listens on the broadcast address
+	  for the interface, and the other listens on our specific address. This
+	  allows us to run with "bind interfaces only" while still receiving 
+	  broadcast addresses, and also simplifies matching incoming requests 
+	  to interfaces
+	*/
+
+	iface = talloc(nbtsrv, struct nbtd_interface);
+	NT_STATUS_HAVE_NO_MEMORY(iface);
+
+	iface->nbtsrv        = nbtsrv;
+	iface->bcast_address = talloc_steal(iface, bcast);
+	iface->ip_address    = talloc_steal(iface, address);
+	iface->netmask       = talloc_steal(iface, netmask);
+	iface->names         = NULL;
+	iface->wack_queue    = NULL;
+
+	if (strcmp(netmask, "0.0.0.0") != 0) {
+		struct nbt_name_socket *bcast_nbtsock;
+
+		/* listen for broadcasts on port 137 */
+		bcast_nbtsock = nbt_name_socket_init(iface, nbtsrv->task->event_ctx);
+		if (!bcast_nbtsock) {
+			talloc_free(iface);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		bcast_address = socket_address_from_strings(bcast_nbtsock, bcast_nbtsock->sock->backend_name, 
+							    bcast, lpcfg_nbt_port(lp_ctx));
+		if (!bcast_address) {
+			talloc_free(iface);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		status = socket_listen(bcast_nbtsock->sock, bcast_address, 0, 0);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0,("Failed to bind to %s:%d - %s\n", 
+				 bcast, lpcfg_nbt_port(lp_ctx), nt_errstr(status)));
+			talloc_free(iface);
+			return status;
+		}
+		talloc_free(bcast_address);
+
+		nbt_set_incoming_handler(bcast_nbtsock, nbtd_request_handler, iface);
+	}
+
+	/* listen for unicasts on port 137 */
+	iface->nbtsock = nbt_name_socket_init(iface, nbtsrv->task->event_ctx);
+	if (!iface->nbtsock) {
+		talloc_free(iface);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	unicast_address = socket_address_from_strings(iface->nbtsock, 
+						      iface->nbtsock->sock->backend_name, 
+						      bind_address, lpcfg_nbt_port(lp_ctx));
+
+	status = socket_listen(iface->nbtsock->sock, unicast_address, 0, 0);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("Failed to bind to %s:%d - %s\n", 
+			 bind_address, lpcfg_nbt_port(lp_ctx), nt_errstr(status)));
+		talloc_free(iface);
+		return status;
+	}
+	talloc_free(unicast_address);
+
+	nbt_set_incoming_handler(iface->nbtsock, nbtd_request_handler, iface);
+	nbt_set_unexpected_handler(iface->nbtsock, nbtd_unexpected_handler, iface);
+
+	/* also setup the datagram listeners */
+	status = nbtd_dgram_setup(iface, bind_address);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("Failed to setup dgram listen on %s - %s\n", 
+			 bind_address, nt_errstr(status)));
+		talloc_free(iface);
+		return status;
+	}
+	
+	if (strcmp(netmask, "0.0.0.0") == 0) {
+		DLIST_ADD(nbtsrv->bcast_interface, iface);
+	} else {
+		DLIST_ADD(nbtsrv->interfaces, iface);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  setup a socket for talking to our WINS servers
+*/
+static NTSTATUS nbtd_add_wins_socket(struct nbtd_server *nbtsrv)
+{
+	struct nbtd_interface *iface;
+
+	iface = talloc_zero(nbtsrv, struct nbtd_interface);
+	NT_STATUS_HAVE_NO_MEMORY(iface);
+
+	iface->nbtsrv        = nbtsrv;
+
+	DLIST_ADD(nbtsrv->wins_interface, iface);
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  setup our listening sockets on the configured network interfaces
+*/
+NTSTATUS nbtd_startup_interfaces(struct nbtd_server *nbtsrv, struct loadparm_context *lp_ctx,
+				 struct interface *ifaces)
+{
+	int num_interfaces = iface_list_count(ifaces);
+	int i;
+	TALLOC_CTX *tmp_ctx = talloc_new(nbtsrv);
+	NTSTATUS status;
+
+	/* if we are allowing incoming packets from any address, then
+	   we also need to bind to the wildcard address */
+	if (!lpcfg_bind_interfaces_only(lp_ctx)) {
+		const char *primary_address;
+
+		primary_address = iface_list_first_v4(ifaces);
+
+		/* the primary address is the address we will return
+		   for non-WINS queries not made on a specific
+		   interface */
+		if (primary_address == NULL) {
+			primary_address = inet_ntoa(interpret_addr2(
+							    lpcfg_netbios_name(lp_ctx)));
+		}
+
+		primary_address = talloc_strdup(tmp_ctx, primary_address);
+		NT_STATUS_HAVE_NO_MEMORY(primary_address);
+
+		status = nbtd_add_socket(nbtsrv, 
+					 lp_ctx,
+					 "0.0.0.0",
+					 primary_address,
+					 talloc_strdup(tmp_ctx, "255.255.255.255"),
+					 talloc_strdup(tmp_ctx, "0.0.0.0"));
+		NT_STATUS_NOT_OK_RETURN(status);
+	}
+
+	for (i=0; i<num_interfaces; i++) {
+		const char *bcast;
+		const char *address, *netmask;
+
+		if (!iface_list_n_is_v4(ifaces, i)) {
+			/* v4 only for NBT protocol */
+			continue;
+		}
+
+		bcast = iface_list_n_bcast(ifaces, i);
+		/* we can't assume every interface is broadcast capable */
+		if (bcast == NULL) continue;
+
+		address = talloc_strdup(tmp_ctx, iface_list_n_ip(ifaces, i));
+		bcast   = talloc_strdup(tmp_ctx, bcast);
+		netmask = talloc_strdup(tmp_ctx, iface_list_n_netmask(ifaces, i));
+
+		status = nbtd_add_socket(nbtsrv, lp_ctx,
+					 address, address, bcast, netmask);
+		NT_STATUS_NOT_OK_RETURN(status);
+	}
+
+	if (lpcfg_wins_server_list(lp_ctx)) {
+		status = nbtd_add_wins_socket(nbtsrv);
+		NT_STATUS_NOT_OK_RETURN(status);
+	}
+
+	talloc_free(tmp_ctx);
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  form a list of addresses that we should use in name query replies
+  we always place the IP in the given interface first
+*/
+const char **nbtd_address_list(struct nbtd_interface *iface, TALLOC_CTX *mem_ctx)
+{
+	struct nbtd_server *nbtsrv = iface->nbtsrv;
+	const char **ret = NULL;
+	struct nbtd_interface *iface2;
+	bool is_loopback = false;
+
+	if (iface->ip_address) {
+		is_loopback = iface_list_same_net(iface->ip_address, "127.0.0.1", "255.0.0.0");
+		ret = str_list_add(ret, iface->ip_address);
+	}
+
+	for (iface2=nbtsrv->interfaces;iface2;iface2=iface2->next) {
+		if (iface2 == iface) continue;
+
+		if (!iface2->ip_address) continue;
+
+		if (!is_loopback) {
+			if (iface_list_same_net(iface2->ip_address, "127.0.0.1", "255.0.0.0")) {
+				continue;
+			}
+		}
+
+		ret = str_list_add(ret, iface2->ip_address);
+	}
+
+	talloc_steal(mem_ctx, ret);
+
+	return ret;
+}
+
+
+/*
+  find the interface to use for sending a outgoing request
+*/
+struct nbtd_interface *nbtd_find_request_iface(struct nbtd_server *nbtd_server,
+					       const char *address, bool allow_bcast_iface)
+{
+	struct nbtd_interface *cur;
+
+	/* try to find a exact match */
+	for (cur=nbtd_server->interfaces;cur;cur=cur->next) {
+		if (iface_list_same_net(address, cur->ip_address, cur->netmask)) {
+			DEBUG(10,("find interface for dst[%s] ip: %s/%s (iface[%p])\n",
+				  address, cur->ip_address, cur->netmask, cur));
+			return cur;
+		}
+	}
+
+	/* no exact match, if we have the broadcast interface, use that */
+	if (allow_bcast_iface && nbtd_server->bcast_interface) {
+		cur = nbtd_server->bcast_interface;
+		DEBUG(10,("find interface for dst[%s] ip: %s/%s (bcast iface[%p])\n",
+			address, cur->ip_address, cur->netmask, cur));
+		return cur;
+	}
+
+	/* fallback to first interface */
+	cur = nbtd_server->interfaces;
+	DEBUG(10,("find interface for dst[%s] ip: %s/%s (default iface[%p])\n",
+		address, cur->ip_address, cur->netmask, cur));
+	return cur;
+}
+
+/*
+ * find the interface to use for sending a outgoing reply
+ */
+struct nbtd_interface *nbtd_find_reply_iface(struct nbtd_interface *iface,
+					     const char *address, bool allow_bcast_iface)
+{
+	struct nbtd_server *nbtd_server = iface->nbtsrv;
+
+	/* first try to use the given interfacel when it's not the broadcast one */
+	if (iface != nbtd_server->bcast_interface) {
+		return iface;
+	}
+
+	return nbtd_find_request_iface(nbtd_server, address, allow_bcast_iface);
+}
diff --git a/source4/nbt_server/irpc.c b/source4/nbt_server/irpc.c
new file mode 100644
index 0000000..e835ffd
--- /dev/null
+++ b/source4/nbt_server/irpc.c
@@ -0,0 +1,210 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   irpc services for the NBT server
+
+   Copyright (C) Andrew Tridgell	2005
+   Copyright (C) Volker Lendecke	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "samba/service_task.h"
+#include "samba/service.h"
+#include "nbt_server/nbt_server.h"
+#include "nbt_server/wins/winsserver.h"
+#include "librpc/gen_ndr/ndr_irpc.h"
+#include "lib/socket/socket.h"
+#include "libcli/resolve/resolve.h"
+#include "librpc/gen_ndr/ndr_nbt.h"
+
+/*
+  serve out the nbt statistics
+*/
+static NTSTATUS nbtd_information(struct irpc_message *msg, 
+				 struct nbtd_information *r)
+{
+	struct nbtd_server *server = talloc_get_type(msg->private_data,
+						     struct nbtd_server);
+
+	switch (r->in.level) {
+	case NBTD_INFO_STATISTICS:
+		r->out.info.stats = &server->stats;
+		break;
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  winbind needs to be able to do a getdc request, but most (all?) windows
+  servers always send the reply to port 138, regardless of the request
+  port. To cope with this we use a irpc request to the NBT server
+  which has port 138 open, and thus can receive the replies
+*/
+struct getdc_state {
+	struct irpc_message *msg;
+	struct nbtd_getdcname *req;
+};
+
+static void getdc_recv_netlogon_reply(struct dgram_mailslot_handler *dgmslot, 
+				      struct nbt_dgram_packet *packet, 
+				      struct socket_address *src)
+{
+	struct getdc_state *s =
+		talloc_get_type(dgmslot->private_data, struct getdc_state);
+	const char *p;
+	struct nbt_netlogon_response netlogon;
+	NTSTATUS status;
+
+	status = dgram_mailslot_netlogon_parse_response(packet, packet,
+							&netlogon);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(5, ("dgram_mailslot_ntlogon_parse failed: %s\n",
+			  nt_errstr(status)));
+		goto done;
+	}
+
+	/* We asked for version 1 only */
+	if (netlogon.response_type == NETLOGON_SAMLOGON
+	    && netlogon.data.samlogon.ntver != NETLOGON_NT_VERSION_1) {
+		status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+		goto done;
+	}
+
+	p = netlogon.data.samlogon.data.nt4.pdc_name;
+
+	DEBUG(10, ("NTLOGON_SAM_LOGON_REPLY: server: %s, user: %s, "
+		   "domain: %s\n", p,
+		   netlogon.data.samlogon.data.nt4.user_name,
+		   netlogon.data.samlogon.data.nt4.domain_name));
+
+	if (*p == '\\') p += 1;
+	if (*p == '\\') p += 1;
+	
+	s->req->out.dcname = talloc_strdup(s->req, p);
+	if (s->req->out.dcname == NULL) {
+		DEBUG(0, ("talloc failed\n"));
+		status = NT_STATUS_NO_MEMORY;
+		goto done;
+	}
+
+	status = NT_STATUS_OK;
+
+ done:
+	irpc_send_reply(s->msg, status);
+}
+
+static NTSTATUS nbtd_getdcname(struct irpc_message *msg, 
+			       struct nbtd_getdcname *req)
+{
+	struct nbtd_server *server =
+		talloc_get_type(msg->private_data, struct nbtd_server);
+	struct nbtd_interface *iface = nbtd_find_request_iface(server, req->in.ip_address, true);
+	struct getdc_state *s;
+	struct nbt_netlogon_packet p;
+	struct NETLOGON_SAM_LOGON_REQUEST *r;
+	struct nbt_name src, dst;
+	struct socket_address *dest;
+	struct dgram_mailslot_handler *handler;
+	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+
+	DEBUG(0, ("nbtd_getdcname called\n"));
+
+	s = talloc(msg, struct getdc_state);
+        NT_STATUS_HAVE_NO_MEMORY(s);
+
+	s->msg = msg;
+	s->req = req;
+	
+	handler = dgram_mailslot_temp(iface->dgmsock, NBT_MAILSLOT_GETDC,
+				      getdc_recv_netlogon_reply, s);
+        NT_STATUS_HAVE_NO_MEMORY(handler);
+	
+	ZERO_STRUCT(p);
+	p.command = LOGON_SAM_LOGON_REQUEST;
+	r = &p.req.logon;
+	r->request_count = 0;
+	r->computer_name = req->in.my_computername;
+	r->user_name = req->in.my_accountname;
+	r->mailslot_name = handler->mailslot_name;
+	r->acct_control = req->in.account_control;
+	r->sid = *req->in.domain_sid;
+	r->nt_version = NETLOGON_NT_VERSION_1;
+	r->lmnt_token = 0xffff;
+	r->lm20_token = 0xffff;
+
+	make_nbt_name_client(&src, req->in.my_computername);
+	make_nbt_name(&dst, req->in.domainname, 0x1c);
+
+	dest = socket_address_from_strings(msg, iface->dgmsock->sock->backend_name, 
+					   req->in.ip_address, 138);
+	NT_STATUS_HAVE_NO_MEMORY(dest);
+
+	status = dgram_mailslot_netlogon_send(iface->dgmsock, 
+					      &dst, dest,
+					      NBT_MAILSLOT_NETLOGON, 
+					      &src, &p);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("dgram_mailslot_ntlogon_send failed: %s\n",
+			  nt_errstr(status)));
+		return status;
+	}
+
+	msg->defer_reply = true;
+	return NT_STATUS_OK;
+}
+
+
+/*
+  register the irpc handlers for the nbt server
+*/
+void nbtd_register_irpc(struct nbtd_server *nbtsrv)
+{
+	NTSTATUS status;
+	struct task_server *task = nbtsrv->task;
+
+	status = IRPC_REGISTER(task->msg_ctx, irpc, NBTD_INFORMATION, 
+			       nbtd_information, nbtsrv);
+	if (!NT_STATUS_IS_OK(status)) {
+		task_server_terminate(task, "nbtd failed to setup monitoring", true);
+		return;
+	}
+
+	status = IRPC_REGISTER(task->msg_ctx, irpc, NBTD_GETDCNAME,
+			       nbtd_getdcname, nbtsrv);
+	if (!NT_STATUS_IS_OK(status)) {
+		task_server_terminate(task, "nbtd failed to setup getdcname "
+				      "handler", true);
+		return;
+	}
+
+	status = IRPC_REGISTER(task->msg_ctx, irpc, NBTD_PROXY_WINS_CHALLENGE,
+			       nbtd_proxy_wins_challenge, nbtsrv);
+	if (!NT_STATUS_IS_OK(status)) {
+		task_server_terminate(task, "nbtd failed to setup wins challenge "
+				      "handler", true);
+		return;
+	}
+
+	status = IRPC_REGISTER(task->msg_ctx, irpc, NBTD_PROXY_WINS_RELEASE_DEMAND,
+			       nbtd_proxy_wins_release_demand, nbtsrv);
+	if (!NT_STATUS_IS_OK(status)) {
+		task_server_terminate(task, "nbtd failed to setup wins release demand "
+				      "handler", true);
+		return;
+	}
+}
diff --git a/source4/nbt_server/nbt_server.c b/source4/nbt_server/nbt_server.c
new file mode 100644
index 0000000..6d28bbd
--- /dev/null
+++ b/source4/nbt_server/nbt_server.c
@@ -0,0 +1,117 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   NBT server task
+
+   Copyright (C) Andrew Tridgell	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "samba/service_task.h"
+#include "samba/service.h"
+#include "nbt_server/nbt_server.h"
+#include "nbt_server/wins/winsserver.h"
+#include "system/network.h"
+#include "lib/socket/netif.h"
+#include "auth/auth.h"
+#include "dsdb/samdb/samdb.h"
+#include "param/param.h"
+
+NTSTATUS server_service_nbtd_init(TALLOC_CTX *);
+
+/*
+  startup the nbtd task
+*/
+static NTSTATUS nbtd_task_init(struct task_server *task)
+{
+	struct nbtd_server *nbtsrv;
+	NTSTATUS status;
+	struct interface *ifaces;
+
+	load_interface_list(task, task->lp_ctx, &ifaces);
+
+	if (iface_list_count(ifaces) == 0) {
+		task_server_terminate(task, "nbtd: no network interfaces configured", false);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	if (lpcfg_disable_netbios(task->lp_ctx)) {
+		task_server_terminate(task, "nbtd: 'disable netbios = yes' set in smb.conf, shutting down nbt server", false);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	task_server_set_title(task, "task[nbtd]");
+
+	nbtsrv = talloc(task, struct nbtd_server);
+	if (nbtsrv == NULL) {
+		task_server_terminate(task, "nbtd: out of memory", true);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	nbtsrv->task            = task;
+	nbtsrv->interfaces      = NULL;
+	nbtsrv->bcast_interface = NULL;
+	nbtsrv->wins_interface  = NULL;
+
+	/* start listening on the configured network interfaces */
+	status = nbtd_startup_interfaces(nbtsrv, task->lp_ctx, ifaces);
+	if (!NT_STATUS_IS_OK(status)) {
+		task_server_terminate(task, "nbtd failed to setup interfaces", true);
+		return status;
+	}
+
+	nbtsrv->sam_ctx = samdb_connect(nbtsrv,
+				        task->event_ctx,
+					task->lp_ctx,
+					system_session(task->lp_ctx),
+					NULL,
+					0);
+	if (nbtsrv->sam_ctx == NULL) {
+		task_server_terminate(task, "nbtd failed to open samdb", true);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	/* start the WINS server, if appropriate */
+	status = nbtd_winsserver_init(nbtsrv);
+	if (!NT_STATUS_IS_OK(status)) {
+		task_server_terminate(task, "nbtd failed to start WINS server", true);
+		return status;
+	}
+
+	nbtd_register_irpc(nbtsrv);
+
+	/* start the process of registering our names on all interfaces */
+	nbtd_register_names(nbtsrv);
+
+	irpc_add_name(task->msg_ctx, "nbt_server");
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  register ourselves as a available server
+*/
+NTSTATUS server_service_nbtd_init(TALLOC_CTX *ctx)
+{
+	static const struct service_details details = {
+		.inhibit_fork_on_accept = true,
+		.inhibit_pre_fork = true,
+		.task_init = nbtd_task_init,
+		.post_fork = NULL
+	};
+	return register_server_service(ctx, "nbt", &details);
+}
diff --git a/source4/nbt_server/nbt_server.h b/source4/nbt_server/nbt_server.h
new file mode 100644
index 0000000..c80e5bf
--- /dev/null
+++ b/source4/nbt_server/nbt_server.h
@@ -0,0 +1,94 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   NBT server structures
+
+   Copyright (C) Andrew Tridgell	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "../libcli/nbt/libnbt.h"
+#include "libcli/wrepl/winsrepl.h"
+#include "libcli/dgram/libdgram.h"
+#include "librpc/gen_ndr/irpc.h"
+#include "lib/messaging/irpc.h"
+
+/* 
+   a list of our registered names on each interface
+*/
+struct nbtd_iface_name {
+	struct nbtd_iface_name *next, *prev;
+	struct nbtd_interface *iface;
+	struct nbt_name name;
+	uint16_t nb_flags;
+	struct timeval registration_time;
+	uint32_t ttl;
+
+	/* if registered with a wins server, then this lists the server being
+	   used */
+	const char *wins_server;
+};
+
+struct nbtd_wins_wack_state;
+
+/* a list of network interfaces we are listening on */
+struct nbtd_interface {
+	struct nbtd_interface *next, *prev;
+	struct nbtd_server *nbtsrv;
+	const char *ip_address;
+	const char *bcast_address;
+	const char *netmask;
+	struct nbt_name_socket *nbtsock;
+	struct nbt_dgram_socket *dgmsock;
+	struct nbtd_iface_name *names;
+	struct nbtd_wins_wack_state *wack_queue;
+};
+
+
+/*
+  top level context structure for the nbt server
+*/
+struct nbtd_server {
+	struct task_server *task;
+
+	/* the list of local network interfaces */
+	struct nbtd_interface *interfaces;
+
+	/* broadcast interface used for receiving packets only */
+	struct nbtd_interface *bcast_interface;
+
+	/* wins client interface - used for registering and refreshing
+	   our names with a WINS server */
+	struct nbtd_interface *wins_interface;
+
+	struct wins_server *winssrv;
+
+	struct nbtd_statistics stats;
+
+	struct ldb_context *sam_ctx;
+};
+
+
+
+/* check a condition on an incoming packet */
+#define NBTD_ASSERT_PACKET(packet, src, test) do { \
+	if (!(test)) { \
+		nbtd_bad_packet(packet, src, #test); \
+		return; \
+	} \
+} while (0)
+
+struct interface;
+#include "nbt_server/nbt_server_proto.h"
diff --git a/source4/nbt_server/nodestatus.c b/source4/nbt_server/nodestatus.c
new file mode 100644
index 0000000..e26cda7
--- /dev/null
+++ b/source4/nbt_server/nodestatus.c
@@ -0,0 +1,182 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   answer node status queries
+
+   Copyright (C) Andrew Tridgell	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "../lib/util/dlinklist.h"
+#include "system/network.h"
+#include "nbt_server/nbt_server.h"
+#include "lib/socket/socket.h"
+#include "librpc/gen_ndr/ndr_nbt.h"
+
+struct nbt_name_packet *nbtd_node_status_reply_packet(
+	TALLOC_CTX *mem_ctx,
+	uint16_t trn_id,
+	const struct nbt_name *name,
+	struct nbtd_interface *iface)
+{
+	struct nbtd_iface_name *iname;
+	struct nbt_name_packet *packet;
+	struct nbt_res_rec *answer;
+	struct nbt_rdata_status *stat;
+	uint32_t num_names;
+	NTSTATUS status;
+
+	num_names = 0;
+	for (iname = iface->names; iname != NULL; iname = iname->next) {
+		if ((iname->nb_flags & NBT_NM_ACTIVE) == 0) {
+			continue;
+		}
+		if (strcmp(iname->name.name, "*") == 0) {
+			continue;
+		}
+		num_names += 1;
+	}
+
+	packet = talloc_zero(mem_ctx, struct nbt_name_packet);
+	if (packet == NULL) {
+		return NULL;
+	}
+
+	packet->name_trn_id = trn_id;
+	packet->ancount = 1;
+	packet->operation =
+		NBT_OPCODE_QUERY |
+		NBT_FLAG_REPLY |
+		NBT_FLAG_AUTHORITATIVE;
+
+	packet->answers = talloc_array(packet, struct nbt_res_rec, 1);
+	if (packet->answers == NULL) {
+		goto failed;
+	}
+
+	answer = &packet->answers[0];
+
+	status = nbt_name_dup(packet->answers, name, &answer->name);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto failed;
+	}
+
+	answer->rr_type  = NBT_QTYPE_STATUS;
+	answer->rr_class = NBT_QCLASS_IP;
+	answer->ttl      = 0;
+
+	stat = &packet->answers[0].rdata.status;
+
+	stat->num_names = num_names;
+	stat->names = talloc_zero_array(
+		packet->answers,
+		struct nbt_status_name,
+		num_names);
+	if (stat->names == NULL) {
+		goto failed;
+	}
+
+	num_names = 0;
+	for (iname = iface->names; iname != NULL; iname = iname->next) {
+		struct nbt_status_name *n = &stat->names[num_names];
+
+		if ((iname->nb_flags & NBT_NM_ACTIVE) == 0) {
+			continue;
+		}
+		if (strcmp(iname->name.name, "*") == 0) {
+			continue;
+		}
+
+		n->name = talloc_asprintf(
+			stat->names,
+			"%-15s",
+			iname->name.name);
+		if (n->name == NULL) {
+			goto failed;
+		}
+		n->type = iname->name.type;
+		n->nb_flags = iname->nb_flags;
+
+		num_names += 1;
+	}
+
+	return packet;
+
+failed:
+	TALLOC_FREE(packet);
+	return NULL;
+}
+
+/*
+  send a name status reply
+*/
+static void nbtd_node_status_reply(struct nbt_name_socket *nbtsock, 
+				   struct nbt_name_packet *request_packet, 
+				   struct socket_address *src,
+				   struct nbt_name *name, 
+				   struct nbtd_interface *iface)
+{
+	struct nbt_name_packet *packet;
+	struct nbtd_server *nbtsrv = iface->nbtsrv;
+
+	packet = nbtd_node_status_reply_packet(
+		nbtsock,
+		request_packet->name_trn_id,
+		name,
+		iface);
+	if (packet == NULL) {
+		return;
+	}
+
+	DEBUG(7,("Sending node status reply for %s to %s:%d\n", 
+		 nbt_name_string(packet, name), src->addr, src->port));
+	
+	nbtsrv->stats.total_sent++;
+	nbt_name_reply_send(nbtsock, src, packet);
+
+	talloc_free(packet);
+}
+
+
+/*
+  answer a node status query
+*/
+void nbtd_query_status(struct nbt_name_socket *nbtsock, 
+		       struct nbt_name_packet *packet, 
+		       struct socket_address *src)
+{
+	struct nbt_name *name;
+	struct nbtd_iface_name *iname;
+	struct nbtd_interface *iface = talloc_get_type(nbtsock->incoming.private_data,
+						       struct nbtd_interface);
+
+	NBTD_ASSERT_PACKET(packet, src, packet->qdcount == 1);
+	NBTD_ASSERT_PACKET(packet, src, packet->questions[0].question_type == NBT_QTYPE_STATUS);
+	NBTD_ASSERT_PACKET(packet, src, packet->questions[0].question_class == NBT_QCLASS_IP);
+
+	/* see if we have the requested name on this interface */
+	name = &packet->questions[0].name;
+
+	iname = nbtd_find_iname(iface, name, NBT_NM_ACTIVE);
+	if (iname == NULL) {
+		DEBUG(7,("Node status query for %s from %s - not found on %s\n",
+			 nbt_name_string(packet, name), src->addr, iface->ip_address));
+		return;
+	}
+
+	nbtd_node_status_reply(nbtsock, packet, src, 
+			       &iname->name, iface);
+}
diff --git a/source4/nbt_server/packet.c b/source4/nbt_server/packet.c
new file mode 100644
index 0000000..1305d65
--- /dev/null
+++ b/source4/nbt_server/packet.c
@@ -0,0 +1,387 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   packet utility functions
+
+   Copyright (C) Andrew Tridgell	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "nbt_server/nbt_server.h"
+#include "samba/service_task.h"
+#include "lib/socket/socket.h"
+#include "librpc/gen_ndr/ndr_nbt.h"
+#include "param/param.h"
+
+/*
+  we received a badly formed packet - log it
+*/
+void nbtd_bad_packet(struct nbt_name_packet *packet, 
+		     const struct socket_address *src, const char *reason)
+{
+	DEBUG(2,("nbtd: bad packet '%s' from %s:%d\n", reason, src->addr, src->port));
+	if (DEBUGLVL(5)) {
+		NDR_PRINT_DEBUG(nbt_name_packet, packet);		
+	}
+}
+
+
+/*
+  see if an incoming packet is a broadcast packet from one of our own
+  interfaces
+*/
+bool nbtd_self_packet_and_bcast(struct nbt_name_socket *nbtsock, 
+				struct nbt_name_packet *packet, 
+				const struct socket_address *src)
+{
+	struct nbtd_interface *iface = talloc_get_type(nbtsock->incoming.private_data,
+						       struct nbtd_interface);
+
+	/* if its not a broadcast then its not considered a self packet */
+	if (!(packet->operation & NBT_FLAG_BROADCAST)) {
+		return false;
+	}
+
+	/* 
+	 * this uses the fact that iface->nbtsock is the unicast listen address
+	 * if the interface isn't the global bcast interface
+	 *
+	 * so if the request was directed to the unicast address it isn't a broadcast
+	 * message
+	 */
+	if (iface->nbtsock == nbtsock &&
+	    iface != iface->nbtsrv->bcast_interface) {
+		return false;
+	}
+
+	return nbtd_self_packet(nbtsock, packet, src);
+}
+
+bool nbtd_self_packet(struct nbt_name_socket *nbtsock, 
+		      struct nbt_name_packet *packet, 
+		      const struct socket_address *src)
+{
+	struct nbtd_interface *iface = talloc_get_type(nbtsock->incoming.private_data,
+						       struct nbtd_interface);
+	struct nbtd_server *nbtsrv = iface->nbtsrv;
+	
+	/* if its not from the nbt port, then it wasn't a broadcast from us */
+	if (src->port != lpcfg_nbt_port(iface->nbtsrv->task->lp_ctx)) {
+		return false;
+	}
+
+	/* we have to loop over our interface list, seeing if its from
+	   one of our own interfaces */
+	for (iface=nbtsrv->interfaces;iface;iface=iface->next) {
+		if (strcmp(src->addr, iface->ip_address) == 0) {
+			return true;
+		}
+	}
+
+	return false;
+}
+
+struct nbt_name_packet *nbtd_name_query_reply_packet(
+	TALLOC_CTX *mem_ctx,
+	uint16_t trn_id,
+	uint32_t ttl,
+	uint16_t nb_flags,
+	const struct nbt_name *name,
+	const char **addresses,
+	size_t num_addresses)
+{
+	struct nbt_name_packet *packet;
+	size_t i;
+	struct nbt_res_rec *answer;
+	struct nbt_rdata_netbios *rdata;
+	NTSTATUS status;
+
+	if (num_addresses == 0) {
+		return NULL;
+	}
+
+	packet = talloc_zero(mem_ctx, struct nbt_name_packet);
+	if (packet == NULL) {
+		return NULL;
+	}
+
+	packet->name_trn_id = trn_id;
+	packet->ancount = 1;
+	packet->operation =
+		NBT_FLAG_REPLY |
+		NBT_OPCODE_QUERY |
+		NBT_FLAG_AUTHORITATIVE |
+		NBT_FLAG_RECURSION_DESIRED |
+		NBT_FLAG_RECURSION_AVAIL;
+
+	packet->answers = talloc_array(packet, struct nbt_res_rec, 1);
+	if (packet->answers == NULL) {
+		goto failed;
+	}
+	answer = packet->answers;
+
+	status = nbt_name_dup(packet->answers, name, &answer->name);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto failed;
+	}
+	answer->rr_type  = NBT_QTYPE_NETBIOS;
+	answer->rr_class = NBT_QCLASS_IP;
+	answer->ttl      = ttl;
+
+	rdata = &answer->rdata.netbios;
+	rdata->length = num_addresses*6;
+	rdata->addresses = talloc_array(
+		packet->answers,
+		struct nbt_rdata_address,
+		num_addresses);
+	if (rdata->addresses == NULL) {
+		goto failed;
+	}
+
+	for (i=0; i<num_addresses; i++) {
+		struct nbt_rdata_address *addr = &rdata->addresses[i];
+		addr->nb_flags = nb_flags;
+		addr->ipaddr = talloc_strdup(packet->answers, addresses[i]);
+		if (addr->ipaddr == NULL) {
+			goto failed;
+		}
+	}
+
+	return packet;
+
+failed:
+	TALLOC_FREE(packet);
+	return NULL;
+}
+
+/*
+  send a name query reply
+*/
+void nbtd_name_query_reply(struct nbt_name_socket *nbtsock,
+			   struct nbt_name_packet *request_packet,
+			   struct socket_address *src,
+			   struct nbt_name *name, uint32_t ttl,
+			   uint16_t nb_flags, const char **addresses)
+{
+	struct nbt_name_packet *packet;
+	struct nbtd_interface *iface = talloc_get_type(nbtsock->incoming.private_data,
+						       struct nbtd_interface);
+	struct nbtd_server *nbtsrv = iface->nbtsrv;
+
+	packet = nbtd_name_query_reply_packet(
+		nbtsock,
+		request_packet->name_trn_id,
+		ttl,
+		nb_flags,
+		name,
+		addresses,
+		str_list_length(addresses));
+	if (packet == NULL) {
+		return;
+	}
+
+	DEBUG(7,("Sending name query reply for %s at %s to %s:%d\n", 
+		 nbt_name_string(packet, name), addresses[0], src->addr, src->port));
+	
+	nbtsrv->stats.total_sent++;
+	nbt_name_reply_send(nbtsock, src, packet);
+
+	talloc_free(packet);
+}
+
+
+/*
+  send a negative name query reply
+*/
+void nbtd_negative_name_query_reply(struct nbt_name_socket *nbtsock, 
+				    struct nbt_name_packet *request_packet, 
+				    struct socket_address *src)
+{
+	struct nbt_name_packet *packet;
+	struct nbt_name *name = &request_packet->questions[0].name;
+	struct nbtd_interface *iface = talloc_get_type(nbtsock->incoming.private_data,
+						       struct nbtd_interface);
+	struct nbtd_server *nbtsrv = iface->nbtsrv;
+
+	packet = talloc_zero(nbtsock, struct nbt_name_packet);
+	if (packet == NULL) return;
+
+	packet->name_trn_id = request_packet->name_trn_id;
+	packet->ancount = 1;
+	packet->operation =
+		NBT_FLAG_REPLY |
+		NBT_OPCODE_QUERY |
+		NBT_FLAG_AUTHORITATIVE |
+		NBT_RCODE_NAM;
+
+	packet->answers = talloc_array(packet, struct nbt_res_rec, 1);
+	if (packet->answers == NULL) goto failed;
+
+	packet->answers[0].name      = *name;
+	packet->answers[0].rr_type   = NBT_QTYPE_NULL;
+	packet->answers[0].rr_class  = NBT_QCLASS_IP;
+	packet->answers[0].ttl       = 0;
+	ZERO_STRUCT(packet->answers[0].rdata);
+
+	DEBUG(7,("Sending negative name query reply for %s to %s:%d\n", 
+		 nbt_name_string(packet, name), src->addr, src->port));
+	
+	nbtsrv->stats.total_sent++;
+	nbt_name_reply_send(nbtsock, src, packet);
+
+failed:
+	talloc_free(packet);
+}
+
+/*
+  send a name registration reply
+*/
+void nbtd_name_registration_reply(struct nbt_name_socket *nbtsock, 
+				  struct nbt_name_packet *request_packet, 
+				  struct socket_address *src,
+				  uint8_t rcode)
+{
+	struct nbt_name_packet *packet;
+	struct nbt_name *name = &request_packet->questions[0].name;
+	struct nbtd_interface *iface = talloc_get_type(nbtsock->incoming.private_data,
+						       struct nbtd_interface);
+	struct nbtd_server *nbtsrv = iface->nbtsrv;
+
+	packet = talloc_zero(nbtsock, struct nbt_name_packet);
+	if (packet == NULL) return;
+
+	packet->name_trn_id = request_packet->name_trn_id;
+	packet->ancount = 1;
+	packet->operation =
+		NBT_FLAG_REPLY |
+		NBT_OPCODE_REGISTER |
+		NBT_FLAG_AUTHORITATIVE |
+		NBT_FLAG_RECURSION_DESIRED |
+		NBT_FLAG_RECURSION_AVAIL |
+		rcode;
+	
+	packet->answers = talloc_array(packet, struct nbt_res_rec, 1);
+	if (packet->answers == NULL) goto failed;
+
+	packet->answers[0].name     = *name;
+	packet->answers[0].rr_type  = NBT_QTYPE_NETBIOS;
+	packet->answers[0].rr_class = NBT_QCLASS_IP;
+	packet->answers[0].ttl      = request_packet->additional[0].ttl;
+	packet->answers[0].rdata    = request_packet->additional[0].rdata;
+
+	DEBUG(7,("Sending %s name registration reply for %s to %s:%d\n", 
+		 rcode==0?"positive":"negative",
+		 nbt_name_string(packet, name), src->addr, src->port));
+	
+	nbtsrv->stats.total_sent++;
+	nbt_name_reply_send(nbtsock, src, packet);
+
+failed:
+	talloc_free(packet);
+}
+
+
+/*
+  send a name release reply
+*/
+void nbtd_name_release_reply(struct nbt_name_socket *nbtsock, 
+			     struct nbt_name_packet *request_packet, 
+			     struct socket_address *src,
+			     uint8_t rcode)
+{
+	struct nbt_name_packet *packet;
+	struct nbt_name *name = &request_packet->questions[0].name;
+	struct nbtd_interface *iface = talloc_get_type(nbtsock->incoming.private_data,
+						       struct nbtd_interface);
+	struct nbtd_server *nbtsrv = iface->nbtsrv;
+
+	packet = talloc_zero(nbtsock, struct nbt_name_packet);
+	if (packet == NULL) return;
+
+	packet->name_trn_id = request_packet->name_trn_id;
+	packet->ancount = 1;
+	packet->operation =
+		NBT_FLAG_REPLY |
+		NBT_OPCODE_RELEASE |
+		NBT_FLAG_AUTHORITATIVE |
+		rcode;
+	
+	packet->answers = talloc_array(packet, struct nbt_res_rec, 1);
+	if (packet->answers == NULL) goto failed;
+
+	packet->answers[0].name     = *name;
+	packet->answers[0].rr_type  = NBT_QTYPE_NETBIOS;
+	packet->answers[0].rr_class = NBT_QCLASS_IP;
+	packet->answers[0].ttl      = request_packet->additional[0].ttl;
+	packet->answers[0].rdata    = request_packet->additional[0].rdata;
+
+	DEBUG(7,("Sending %s name release reply for %s to %s:%d\n", 
+		 rcode==0?"positive":"negative",
+		 nbt_name_string(packet, name), src->addr, src->port));
+	
+	nbtsrv->stats.total_sent++;
+	nbt_name_reply_send(nbtsock, src, packet);
+
+failed:
+	talloc_free(packet);
+}
+
+
+/*
+  send a WACK reply
+*/
+void nbtd_wack_reply(struct nbt_name_socket *nbtsock, 
+		     struct nbt_name_packet *request_packet, 
+		     struct socket_address *src,
+		     uint32_t ttl)
+{
+	struct nbt_name_packet *packet;
+	struct nbt_name *name = &request_packet->questions[0].name;
+	struct nbtd_interface *iface = talloc_get_type(nbtsock->incoming.private_data,
+						       struct nbtd_interface);
+	struct nbtd_server *nbtsrv = iface->nbtsrv;
+
+	packet = talloc_zero(nbtsock, struct nbt_name_packet);
+	if (packet == NULL) return;
+
+	packet->name_trn_id = request_packet->name_trn_id;
+	packet->ancount = 1;
+	packet->operation =
+		NBT_FLAG_REPLY |
+		NBT_OPCODE_WACK |
+		NBT_FLAG_AUTHORITATIVE;
+	
+	packet->answers = talloc_array(packet, struct nbt_res_rec, 1);
+	if (packet->answers == NULL) goto failed;
+
+	packet->answers[0].name              = *name;
+	packet->answers[0].rr_type           = NBT_QTYPE_WACK;
+	packet->answers[0].rr_class          = NBT_QCLASS_IP;
+	packet->answers[0].ttl               = ttl;
+	packet->answers[0].rdata.data.length = 2;
+	packet->answers[0].rdata.data.data   = talloc_array(packet, uint8_t, 2);
+	if (packet->answers[0].rdata.data.data == NULL) goto failed;
+	RSSVAL(packet->answers[0].rdata.data.data, 0, request_packet->operation);
+
+	DEBUG(7,("Sending WACK reply for %s to %s:%d\n", 
+		 nbt_name_string(packet, name), src->addr, src->port));
+	
+	nbtsrv->stats.total_sent++;
+	nbt_name_reply_send(nbtsock, src, packet);
+
+failed:
+	talloc_free(packet);
+}
diff --git a/source4/nbt_server/query.c b/source4/nbt_server/query.c
new file mode 100644
index 0000000..7e1a760
--- /dev/null
+++ b/source4/nbt_server/query.c
@@ -0,0 +1,102 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   answer name queries
+
+   Copyright (C) Andrew Tridgell	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "../lib/util/dlinklist.h"
+#include "system/network.h"
+#include "nbt_server/nbt_server.h"
+#include "nbt_server/wins/winsserver.h"
+#include "samba/service_task.h"
+#include "librpc/gen_ndr/ndr_nbt.h"
+#include "lib/socket/socket.h"
+#include "param/param.h"
+
+/*
+  answer a name query
+*/
+void nbtd_request_query(struct nbt_name_socket *nbtsock, 
+			struct nbt_name_packet *packet, 
+			struct socket_address *src)
+{
+	struct nbtd_iface_name *iname;
+	struct nbt_name *name;
+	struct nbtd_interface *iface = talloc_get_type(nbtsock->incoming.private_data,
+						       struct nbtd_interface);
+
+	/* see if its a node status query */
+	if (packet->qdcount == 1 &&
+	    packet->questions[0].question_type == NBT_QTYPE_STATUS) {
+		nbtd_query_status(nbtsock, packet, src);
+		return;
+	}
+
+	NBTD_ASSERT_PACKET(packet, src, packet->qdcount == 1);
+	NBTD_ASSERT_PACKET(packet, src, 
+			   packet->questions[0].question_type == NBT_QTYPE_NETBIOS);
+	NBTD_ASSERT_PACKET(packet, src, 
+			   packet->questions[0].question_class == NBT_QCLASS_IP);
+
+	/* see if we have the requested name on this interface */
+	name = &packet->questions[0].name;
+
+	iname = nbtd_find_iname(iface, name, 0);
+	if (iname == NULL) {
+		/* don't send negative replies to broadcast queries */
+		if (packet->operation & NBT_FLAG_BROADCAST) {
+			return;
+		}
+
+		if (packet->operation & NBT_FLAG_RECURSION_DESIRED) {
+			nbtd_winsserver_request(nbtsock, packet, src);
+			return;
+		}
+
+		/* otherwise send a negative reply */
+		nbtd_negative_name_query_reply(nbtsock, packet, src);
+		return;
+	}
+
+	/*
+	 * normally we should forward all queries with the
+	 * recursion desired flag to the wins server, but this
+	 * breaks are winsclient code, when doing mhomed registrations
+	 */
+	if (!(packet->operation & NBT_FLAG_BROADCAST) &&
+	   (packet->operation & NBT_FLAG_RECURSION_DESIRED) &&
+	   (iname->nb_flags & NBT_NM_GROUP) &&
+	   lpcfg_we_are_a_wins_server(iface->nbtsrv->task->lp_ctx)) {
+		nbtd_winsserver_request(nbtsock, packet, src);
+		return;
+	}
+
+	/* if the name is not yet active and its a broadcast query then
+	   ignore it for now */
+	if (!(iname->nb_flags & NBT_NM_ACTIVE) && 
+	    (packet->operation & NBT_FLAG_BROADCAST)) {
+		DEBUG(7,("Query for %s from %s - name not active yet on %s\n",
+			 nbt_name_string(packet, name), src->addr, iface->ip_address));
+		return;
+	}
+
+	nbtd_name_query_reply(nbtsock, packet, src,
+			      &iname->name, iname->ttl, iname->nb_flags, 
+			      nbtd_address_list(iface, packet));
+}
diff --git a/source4/nbt_server/register.c b/source4/nbt_server/register.c
new file mode 100644
index 0000000..4d10e9b
--- /dev/null
+++ b/source4/nbt_server/register.c
@@ -0,0 +1,310 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   register our names
+
+   Copyright (C) Andrew Tridgell	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include "../lib/util/dlinklist.h"
+#include "nbt_server/nbt_server.h"
+#include "samba/service_task.h"
+#include "libcli/composite/composite.h"
+#include "librpc/gen_ndr/ndr_samr.h"
+#include "nbt_server/wins/winsserver.h"
+#include "librpc/gen_ndr/ndr_nbt.h"
+#include "dsdb/samdb/samdb.h"
+#include "param/param.h"
+#include "libds/common/roles.h"
+
+static void nbtd_start_refresh_timer(struct nbtd_iface_name *iname);
+
+/*
+  a name refresh request has completed
+*/
+static void refresh_completion_handler(struct nbt_name_request *req)
+{
+	struct nbtd_iface_name *iname = talloc_get_type(req->async.private_data,
+							struct nbtd_iface_name);
+	NTSTATUS status;
+	struct nbt_name_refresh io;
+	TALLOC_CTX *tmp_ctx = talloc_new(iname);
+
+	status = nbt_name_refresh_recv(req, tmp_ctx, &io);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
+		DEBUG(4,("Refreshed name %s with %s on interface %s\n", 
+			 nbt_name_string(tmp_ctx, &iname->name),
+			 iname->iface->ip_address, iname->iface->bcast_address));
+		iname->registration_time = timeval_current();
+		nbtd_start_refresh_timer(iname);
+		talloc_free(tmp_ctx);
+		return;
+	}
+
+	iname->nb_flags |= NBT_NM_CONFLICT;
+	iname->nb_flags &= ~NBT_NM_ACTIVE;
+
+	if (NT_STATUS_IS_OK(status)) {
+		DEBUG(1,("Name conflict from %s refreshing name %s with %s on interface %s - %s\n", 
+			 io.out.reply_addr, nbt_name_string(tmp_ctx, &iname->name),
+			 iname->iface->ip_address, iname->iface->bcast_address,
+			 nt_errstr(nbt_rcode_to_ntstatus(io.out.rcode))));
+	} else {
+		DEBUG(1,("Error refreshing name %s with %s on interface %s - %s\n", 
+			 nbt_name_string(tmp_ctx, &iname->name), 
+			 iname->iface->ip_address, iname->iface->bcast_address,
+			 nt_errstr(status)));
+	}
+
+	talloc_free(tmp_ctx);
+}
+
+
+/*
+  handle name refresh timer events
+*/
+static void name_refresh_handler(struct tevent_context *ev, struct tevent_timer *te, 
+				 struct timeval t, void *private_data)
+{
+	struct nbtd_iface_name *iname = talloc_get_type(private_data, struct nbtd_iface_name);
+	struct nbtd_interface *iface = iname->iface;
+	struct nbt_name_register io;
+	struct nbt_name_request *req;
+	struct nbtd_server *nbtsrv = iface->nbtsrv;
+
+	/* setup a single name register request. Notice that we don't
+	   use a name refresh request, as Windows and Samba3 do not
+	   defend against broadcast name refresh packets. So for this
+	   to be of any use at all, we need to refresh using name
+	   registration packets */
+	io.in.name            = iname->name;
+	io.in.dest_addr       = iface->bcast_address;
+	io.in.dest_port       = lpcfg_nbt_port(iface->nbtsrv->task->lp_ctx);
+	io.in.address         = iface->ip_address;
+	io.in.nb_flags        = iname->nb_flags;
+	io.in.ttl             = iname->ttl;
+	io.in.register_demand = false;
+	io.in.broadcast       = true;
+	io.in.multi_homed     = false;
+	io.in.timeout         = 3;
+	io.in.retries         = 0;
+
+	nbtsrv->stats.total_sent++;
+	req = nbt_name_register_send(iface->nbtsock, &io);
+	if (req == NULL) return;
+
+	req->async.fn = refresh_completion_handler;
+	req->async.private_data = iname;
+}
+
+
+/*
+  start a timer to refresh this name
+*/
+static void nbtd_start_refresh_timer(struct nbtd_iface_name *iname)
+{
+	uint32_t refresh_time;
+	uint32_t max_refresh_time = lpcfg_parm_int(iname->iface->nbtsrv->task->lp_ctx, NULL, "nbtd", "max_refresh_time", 7200);
+
+	refresh_time = MIN(max_refresh_time, iname->ttl/2);
+	
+	tevent_add_timer(iname->iface->nbtsrv->task->event_ctx,
+			iname, 
+			timeval_add(&iname->registration_time, refresh_time, 0),
+			name_refresh_handler, iname);
+}
+
+struct nbtd_register_name_state {
+	struct nbtd_iface_name *iname;
+	struct nbt_name_register_bcast io;
+};
+
+/*
+  a name registration has completed
+*/
+static void nbtd_register_name_handler(struct tevent_req *subreq)
+{
+	struct nbtd_register_name_state *state =
+		tevent_req_callback_data(subreq,
+		struct nbtd_register_name_state);
+	struct nbtd_iface_name *iname = state->iname;
+	NTSTATUS status;
+
+	status = nbt_name_register_bcast_recv(subreq);
+	TALLOC_FREE(subreq);
+	if (NT_STATUS_IS_OK(status)) {
+		/* good - nobody complained about our registration */
+		iname->nb_flags |= NBT_NM_ACTIVE;
+		DEBUG(3,("Registered %s with %s on interface %s\n",
+			 nbt_name_string(state, &iname->name),
+			 iname->iface->ip_address, iname->iface->bcast_address));
+		iname->registration_time = timeval_current();
+		talloc_free(state);
+		nbtd_start_refresh_timer(iname);
+		return;
+	}
+
+	/* someone must have replied with an objection! */
+	iname->nb_flags |= NBT_NM_CONFLICT;
+
+	DEBUG(1,("Error registering %s with %s on interface %s - %s\n",
+		 nbt_name_string(state, &iname->name),
+		 iname->iface->ip_address, iname->iface->bcast_address,
+		 nt_errstr(status)));
+	talloc_free(state);
+}
+
+
+/*
+  register a name on a network interface
+*/
+static void nbtd_register_name_iface(struct nbtd_interface *iface,
+				     const char *name, enum nbt_name_type type,
+				     uint16_t nb_flags)
+{
+	struct nbtd_iface_name *iname;
+	const char *scope = lpcfg_netbios_scope(iface->nbtsrv->task->lp_ctx);
+	struct nbtd_register_name_state *state;
+	struct tevent_req *subreq;
+	struct nbtd_server *nbtsrv = iface->nbtsrv;
+
+	iname = talloc(iface, struct nbtd_iface_name);
+	if (!iname) return;
+
+	iname->iface     = iface;
+	iname->name.name = strupper_talloc(iname, name);
+	iname->name.type = type;
+	if (scope && *scope) {
+		iname->name.scope = strupper_talloc(iname, scope);
+	} else {
+		iname->name.scope = NULL;
+	}
+	iname->nb_flags          = nb_flags;
+	iname->ttl               = lpcfg_parm_int(iface->nbtsrv->task->lp_ctx, NULL, "nbtd", "bcast_ttl", 300000);
+	iname->registration_time = timeval_zero();
+	iname->wins_server       = NULL;
+
+	DLIST_ADD_END(iface->names, iname);
+
+	if (nb_flags & NBT_NM_PERMANENT) {
+		/* permanent names are not announced and are immediately active */
+		iname->nb_flags |= NBT_NM_ACTIVE;
+		iname->ttl       = 0;
+		return;
+	}
+
+	/* if this is the wins interface, then we need to do a special
+	   wins name registration */
+	if (iface == iface->nbtsrv->wins_interface) {
+		nbtd_winsclient_register(iname);
+		return;
+	}
+
+	state = talloc_zero(iname, struct nbtd_register_name_state);
+	if (state == NULL) {
+		return;
+	}
+
+	state->iname = iname;
+
+	/* setup a broadcast name registration request */
+	state->io.in.name      = iname->name;
+	state->io.in.dest_addr = iface->bcast_address;
+	state->io.in.dest_port = lpcfg_nbt_port(iface->nbtsrv->task->lp_ctx);
+	state->io.in.address   = iface->ip_address;
+	state->io.in.nb_flags  = nb_flags;
+	state->io.in.ttl       = iname->ttl;
+
+	nbtsrv->stats.total_sent++;
+
+	subreq = nbt_name_register_bcast_send(state, nbtsrv->task->event_ctx,
+					      iface->nbtsock, &state->io);
+	if (subreq == NULL) {
+		return;
+	}
+
+	tevent_req_set_callback(subreq, nbtd_register_name_handler, state);
+}
+
+
+/*
+  register one name on all our interfaces
+*/
+void nbtd_register_name(struct nbtd_server *nbtsrv, 
+			const char *name, enum nbt_name_type type,
+			uint16_t nb_flags)
+{
+	struct nbtd_interface *iface;
+	
+	/* register with all the local interfaces */
+	for (iface=nbtsrv->interfaces;iface;iface=iface->next) {
+		nbtd_register_name_iface(iface, name, type, nb_flags);
+	}
+
+	/* register on our general broadcast interface as a permanent name */
+	if (nbtsrv->bcast_interface) {
+		nbtd_register_name_iface(nbtsrv->bcast_interface, name, type, 
+					 nb_flags | NBT_NM_PERMANENT);
+	}
+
+	/* register with our WINS servers */
+	if (nbtsrv->wins_interface) {
+		nbtd_register_name_iface(nbtsrv->wins_interface, name, type, nb_flags);
+	}
+}
+
+
+/*
+  register our names on all interfaces
+*/
+void nbtd_register_names(struct nbtd_server *nbtsrv)
+{
+	uint16_t nb_flags = NBT_NODE_M;
+	const char **aliases;
+
+	/* note that we don't initially mark the names "ACTIVE". They are 
+	   marked active once registration is successful */
+	nbtd_register_name(nbtsrv, lpcfg_netbios_name(nbtsrv->task->lp_ctx), NBT_NAME_CLIENT, nb_flags);
+	nbtd_register_name(nbtsrv, lpcfg_netbios_name(nbtsrv->task->lp_ctx), NBT_NAME_USER,   nb_flags);
+	nbtd_register_name(nbtsrv, lpcfg_netbios_name(nbtsrv->task->lp_ctx), NBT_NAME_SERVER, nb_flags);
+
+	aliases = lpcfg_netbios_aliases(nbtsrv->task->lp_ctx);
+	while (aliases && aliases[0]) {
+		nbtd_register_name(nbtsrv, aliases[0], NBT_NAME_CLIENT, nb_flags);
+		nbtd_register_name(nbtsrv, aliases[0], NBT_NAME_SERVER, nb_flags);
+		aliases++;
+	}
+
+	if (lpcfg_server_role(nbtsrv->task->lp_ctx) == ROLE_ACTIVE_DIRECTORY_DC)	{
+		bool is_pdc = samdb_is_pdc(nbtsrv->sam_ctx);
+		if (is_pdc) {
+			nbtd_register_name(nbtsrv, lpcfg_workgroup(nbtsrv->task->lp_ctx),
+					   NBT_NAME_PDC, nb_flags);
+		}
+		nbtd_register_name(nbtsrv, lpcfg_workgroup(nbtsrv->task->lp_ctx),
+				   NBT_NAME_LOGON, nb_flags | NBT_NM_GROUP);
+	}
+
+	nb_flags |= NBT_NM_GROUP;
+	nbtd_register_name(nbtsrv, lpcfg_workgroup(nbtsrv->task->lp_ctx), NBT_NAME_CLIENT, nb_flags);
+
+	nb_flags |= NBT_NM_PERMANENT;
+	nbtd_register_name(nbtsrv, "__SAMBA__",       NBT_NAME_CLIENT, nb_flags);
+	nbtd_register_name(nbtsrv, "__SAMBA__",       NBT_NAME_SERVER, nb_flags);
+	nbtd_register_name(nbtsrv, "*",               NBT_NAME_CLIENT, nb_flags);
+}
diff --git a/source4/nbt_server/wins/wins_dns_proxy.c b/source4/nbt_server/wins/wins_dns_proxy.c
new file mode 100644
index 0000000..95ceb21
--- /dev/null
+++ b/source4/nbt_server/wins/wins_dns_proxy.c
@@ -0,0 +1,99 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   wins server dns proxy
+
+   Copyright (C) Stefan Metzmacher	2005
+      
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "nbt_server/nbt_server.h"
+#include "nbt_server/wins/winsdb.h"
+#include "nbt_server/wins/winsserver.h"
+#include "system/time.h"
+#include "libcli/composite/composite.h"
+#include "samba/service_task.h"
+#include "libcli/resolve/resolve.h"
+#include "lib/socket/socket.h"
+
+struct wins_dns_proxy_state {
+	struct nbt_name_socket *nbtsock;
+	struct nbt_name_packet *packet;
+	struct socket_address *src;
+};
+
+static void nbtd_wins_dns_proxy_handler(struct composite_context *creq)
+{
+	NTSTATUS status;
+	struct wins_dns_proxy_state *s = talloc_get_type(creq->async.private_data,
+							 struct wins_dns_proxy_state);
+	struct nbt_name *name = &s->packet->questions[0].name;
+	const char *address;
+	const char **addresses;
+	uint16_t nb_flags = 0; /* TODO: ... */
+
+	status = resolve_name_recv(creq, s->packet, &address);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto notfound;
+	}
+
+	addresses = str_list_add(NULL, address);
+	talloc_steal(s->packet, addresses);
+	if (!addresses) goto notfound;
+
+	nbtd_name_query_reply(s->nbtsock, s->packet, s->src, name, 
+			      0, nb_flags, addresses);
+	return;
+notfound:
+	nbtd_negative_name_query_reply(s->nbtsock, s->packet, s->src);
+}
+
+/*
+  dns proxy query a name
+*/
+void nbtd_wins_dns_proxy_query(struct nbt_name_socket *nbtsock, 
+			       struct nbt_name_packet *packet, 
+			       struct socket_address *src)
+{
+	struct nbt_name *name = &packet->questions[0].name;
+	struct nbtd_interface *iface = talloc_get_type(nbtsock->incoming.private_data,
+						       struct nbtd_interface);
+	struct wins_dns_proxy_state *s;
+	struct composite_context *creq;
+	struct resolve_context *resolve_ctx;
+
+	s = talloc(nbtsock, struct wins_dns_proxy_state);
+	if (!s) goto failed;
+	s->nbtsock	= nbtsock;
+	s->packet	= talloc_steal(s, packet);
+	s->src		= socket_address_copy(s, src);
+	if (s->src == NULL) {
+		goto failed;
+	}
+
+	resolve_ctx = resolve_context_init(s);
+	if (resolve_ctx == NULL) goto failed;
+	resolve_context_add_host_method(resolve_ctx);
+
+	creq = resolve_name_send(resolve_ctx, s, name, iface->nbtsrv->task->event_ctx);
+	if (!creq) goto failed;
+
+	creq->async.fn		= nbtd_wins_dns_proxy_handler;
+	creq->async.private_data= s;
+	return;
+failed:
+	nbtd_negative_name_query_reply(nbtsock, packet, src);
+}
diff --git a/source4/nbt_server/wins/wins_hook.c b/source4/nbt_server/wins/wins_hook.c
new file mode 100644
index 0000000..1af471b
--- /dev/null
+++ b/source4/nbt_server/wins/wins_hook.c
@@ -0,0 +1,94 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   wins hook feature, we run a specified script
+   which can then do some custom actions
+
+   Copyright (C) Stefan Metzmacher	2005
+      
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "nbt_server/nbt_server.h"
+#include "nbt_server/wins/winsdb.h"
+#include "system/filesys.h"
+
+static const char *wins_hook_action_string(enum wins_hook_action action)
+{
+	switch (action) {
+	case WINS_HOOK_ADD:	return "add";
+	case WINS_HOOK_MODIFY:	return "refresh";
+	case WINS_HOOK_DELETE:	return "delete";
+	}
+
+	return "unknown";
+}
+
+void wins_hook(struct winsdb_handle *h, const struct winsdb_record *rec, 
+	       enum wins_hook_action action, const char *wins_hook_script)
+{
+	uint32_t i, length;
+	int child;
+	char *cmd = NULL;
+	TALLOC_CTX *tmp_mem = NULL;
+
+	if (!wins_hook_script || !wins_hook_script[0]) return;
+
+	tmp_mem = talloc_new(h);
+	if (!tmp_mem) goto failed;
+
+	length = winsdb_addr_list_length(rec->addresses);
+
+	if (action == WINS_HOOK_MODIFY && length < 1) {
+		action = WINS_HOOK_DELETE;
+	}
+
+	cmd = talloc_asprintf(tmp_mem,
+			      "%s %s %s %02x %ld",
+			      wins_hook_script,
+			      wins_hook_action_string(action),
+			      rec->name->name,
+			      rec->name->type,
+			      (long int) rec->expire_time);
+	if (!cmd) goto failed;
+
+	for (i=0; rec->addresses[i]; i++) {
+		cmd = talloc_asprintf_append_buffer(cmd, " %s", rec->addresses[i]->address);
+		if (!cmd) goto failed;
+	}
+
+	DEBUG(10,("call wins hook '%s'\n", cmd));
+
+	/* signal handling in posix really sucks - doing this in a library
+	   affects the whole app, but what else to do?? */
+	signal(SIGCHLD, SIG_IGN);
+
+	child = fork();
+	if (child == (pid_t)-1) {
+		goto failed;
+	}
+
+	if (child == 0) {
+/* TODO: close file handles */
+		execl("/bin/sh", "sh", "-c", cmd, NULL);
+		_exit(0);
+	}
+
+	talloc_free(tmp_mem);
+	return;
+failed:
+	talloc_free(tmp_mem);
+	DEBUG(0,("FAILED: calling wins hook '%s'\n", wins_hook_script));
+}
diff --git a/source4/nbt_server/wins/wins_ldb.c b/source4/nbt_server/wins/wins_ldb.c
new file mode 100644
index 0000000..304c98d
--- /dev/null
+++ b/source4/nbt_server/wins/wins_ldb.c
@@ -0,0 +1,127 @@
+/* 
+   ldb database module
+
+   Copyright (C) Stefan Metzmacher 2006
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: ldb
+ *
+ *  Component: ldb winsdb module
+ *
+ *  Description: verify winsdb records before they're written to disk
+ *
+ *  Author: Stefan Metzmacher
+ */
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include "nbt_server/nbt_server.h"
+#include "nbt_server/wins/winsdb.h"
+#include <ldb_module.h>
+#include "system/network.h"
+#include "lib/socket/netif.h"
+#include "param/param.h"
+
+static int wins_ldb_verify(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct winsdb_handle *h = talloc_get_type(ldb_get_opaque(ldb, "winsdb_handle"),
+						  struct winsdb_handle);
+	const struct ldb_message *msg;
+
+	switch (req->operation) {
+	case LDB_ADD:
+		msg = req->op.add.message;
+		break;
+		
+	case LDB_MODIFY:
+		msg = req->op.mod.message;
+		break;
+
+	default:
+		return ldb_next_request(module, req);
+	}
+
+	/* do not manipulate our control entries */
+	if (ldb_dn_is_special(msg->dn)) {
+		return ldb_next_request(module, req);
+	}
+
+	if (!h) {
+		ldb_debug_set(ldb, LDB_DEBUG_FATAL, "%s", "WINS_LDB: INTERNAL ERROR: no winsdb_handle present!");
+		return LDB_ERR_OTHER;
+	}
+
+	switch (h->caller) {
+	case WINSDB_HANDLE_CALLER_NBTD:
+	case WINSDB_HANDLE_CALLER_WREPL:
+		/* we trust our nbt and wrepl code ... */
+		return ldb_next_request(module, req);
+
+	case WINSDB_HANDLE_CALLER_ADMIN:
+		ldb_debug(ldb, LDB_DEBUG_WARNING, "%s\n", "WINS_LDB: TODO verify add/modify for WINSDB_HANDLE_CALLER_ADMIN");
+		return ldb_next_request(module, req);
+	}
+
+	return LDB_ERR_OTHER;
+}
+
+static int wins_ldb_init(struct ldb_module *module)
+{
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct winsdb_handle *h;
+	const char *owner;
+	struct loadparm_context *lp_ctx = ldb_get_opaque(ldb, "loadparm");
+
+	ldb_module_set_private(module, NULL);
+
+	owner = lpcfg_parm_string(lp_ctx, NULL, "winsdb", "local_owner");
+	if (!owner) {
+		struct interface *ifaces;
+		load_interface_list(module, lp_ctx, &ifaces);
+		owner = iface_list_first_v4(ifaces);
+		if (!owner) {
+			owner = "0.0.0.0";
+		}
+	}
+
+	h = talloc_zero(module, struct winsdb_handle);
+	if (!h) goto failed;
+	h->ldb		= ldb;
+	h->caller	= WINSDB_HANDLE_CALLER_ADMIN;
+	h->local_owner	= talloc_strdup(h, owner);
+	if (!h->local_owner) goto failed;
+
+	return ldb_set_opaque(ldb, "winsdb_handle", h);
+
+failed:
+	talloc_free(h);
+	return LDB_ERR_OTHER;
+}
+
+static const struct ldb_module_ops ldb_wins_ldb_module_ops = {
+	.name          = "wins_ldb",
+	.add           = wins_ldb_verify,
+	.modify        = wins_ldb_verify,
+	.init_context  = wins_ldb_init
+};
+
+int ldb_wins_ldb_module_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_wins_ldb_module_ops);
+}
diff --git a/source4/nbt_server/wins/winsclient.c b/source4/nbt_server/wins/winsclient.c
new file mode 100644
index 0000000..c1e7f9a
--- /dev/null
+++ b/source4/nbt_server/wins/winsclient.c
@@ -0,0 +1,284 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   wins client name registration and refresh
+
+   Copyright (C) Andrew Tridgell	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "nbt_server/nbt_server.h"
+#include "nbt_server/wins/winsserver.h"
+#include "libcli/composite/composite.h"
+#include "lib/events/events.h"
+#include "librpc/gen_ndr/ndr_nbt.h"
+#include "samba/service_task.h"
+#include "param/param.h"
+
+/* we send WINS client requests using our primary network interface 
+*/
+static struct nbt_name_socket *wins_socket(struct nbtd_interface *iface)
+{
+	struct nbtd_server *nbtsrv = iface->nbtsrv;
+	return nbtsrv->interfaces->nbtsock;
+}
+
+
+static void nbtd_wins_refresh(struct tevent_context *ev, struct tevent_timer *te,
+			      struct timeval t, void *private_data);
+
+/*
+  retry a WINS name registration
+*/
+static void nbtd_wins_register_retry(struct tevent_context *ev, struct tevent_timer *te,
+				     struct timeval t, void *private_data)
+{
+	struct nbtd_iface_name *iname = talloc_get_type(private_data, struct nbtd_iface_name);
+	nbtd_winsclient_register(iname);
+}
+
+/*
+  start a timer to refresh this name
+*/
+static void nbtd_wins_start_refresh_timer(struct nbtd_iface_name *iname)
+{
+	uint32_t refresh_time;
+	uint32_t max_refresh_time = lpcfg_parm_int(iname->iface->nbtsrv->task->lp_ctx, NULL, "nbtd", "max_refresh_time", 7200);
+
+	refresh_time = MIN(max_refresh_time, iname->ttl/2);
+	
+	tevent_add_timer(iname->iface->nbtsrv->task->event_ctx,
+			iname, 
+			timeval_add(&iname->registration_time, refresh_time, 0),
+			nbtd_wins_refresh, iname);
+}
+
+struct nbtd_wins_refresh_state {
+	struct nbtd_iface_name *iname;
+	struct nbt_name_refresh_wins io;
+};
+
+/*
+  called when a wins name refresh has completed
+*/
+static void nbtd_wins_refresh_handler(struct tevent_req *subreq)
+{
+	NTSTATUS status;
+	struct nbtd_wins_refresh_state *state =
+		tevent_req_callback_data(subreq,
+		struct nbtd_wins_refresh_state);
+	struct nbtd_iface_name *iname = state->iname;
+
+	status = nbt_name_refresh_wins_recv(subreq, state, &state->io);
+	TALLOC_FREE(subreq);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
+		/* our WINS server is dead - start registration over
+		   from scratch */
+		DEBUG(2,("Failed to refresh %s with WINS server %s\n",
+			 nbt_name_string(state, &iname->name), iname->wins_server));
+		talloc_free(state);
+		nbtd_winsclient_register(iname);
+		return;
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(1,("Name refresh failure with WINS for %s - %s\n", 
+			 nbt_name_string(state, &iname->name), nt_errstr(status)));
+		talloc_free(state);
+		return;
+	}
+
+	if (state->io.out.rcode != 0) {
+		DEBUG(1,("WINS server %s rejected name refresh of %s - %s\n", 
+			 state->io.out.wins_server,
+			 nbt_name_string(state, &iname->name),
+			 nt_errstr(nbt_rcode_to_ntstatus(state->io.out.rcode))));
+		iname->nb_flags |= NBT_NM_CONFLICT;
+		talloc_free(state);
+		return;
+	}	
+
+	DEBUG(4,("Refreshed name %s with WINS server %s\n",
+		 nbt_name_string(state, &iname->name), iname->wins_server));
+	/* success - start a periodic name refresh */
+	iname->nb_flags |= NBT_NM_ACTIVE;
+	if (iname->wins_server) {
+		/*
+		 * talloc_free() would generate a warning,
+		 * so steal it into the tmp context
+		 */
+		talloc_steal(state, iname->wins_server);
+	}
+	iname->wins_server = talloc_move(iname, &state->io.out.wins_server);
+	iname->registration_time = timeval_current();
+
+	talloc_free(state);
+
+	nbtd_wins_start_refresh_timer(iname);
+}
+
+
+/*
+  refresh a WINS name registration
+*/
+static void nbtd_wins_refresh(struct tevent_context *ev, struct tevent_timer *te,
+			      struct timeval t, void *private_data)
+{
+	struct nbtd_iface_name *iname = talloc_get_type(private_data, struct nbtd_iface_name);
+	struct nbtd_interface *iface = iname->iface;
+	struct nbt_name_socket *nbtsock = wins_socket(iface);
+	struct tevent_req *subreq;
+	struct nbtd_wins_refresh_state *state;
+	char **l;
+
+	state = talloc_zero(iname, struct nbtd_wins_refresh_state);
+	if (state == NULL) {
+		return;
+	}
+
+	state->iname = iname;
+
+	/* setup a wins name refresh request */
+	state->io.in.name            = iname->name;
+	l = str_list_make_single(state, iname->wins_server);
+	state->io.in.wins_servers    = discard_const_p(const char *, l);
+	state->io.in.wins_port       = lpcfg_nbt_port(iface->nbtsrv->task->lp_ctx);
+	state->io.in.addresses       = nbtd_address_list(iface, state);
+	state->io.in.nb_flags        = iname->nb_flags;
+	state->io.in.ttl             = iname->ttl;
+
+	if (!state->io.in.addresses) {
+		talloc_free(state);
+		return;
+	}
+
+	subreq = nbt_name_refresh_wins_send(state, ev, nbtsock, &state->io);
+	if (subreq == NULL) {
+		talloc_free(state);
+		return;
+	}
+
+	tevent_req_set_callback(subreq, nbtd_wins_refresh_handler, state);
+}
+
+struct nbtd_wins_register_state {
+	struct nbtd_iface_name *iname;
+	struct nbt_name_register_wins io;
+};
+
+/*
+  called when a wins name register has completed
+*/
+static void nbtd_wins_register_handler(struct tevent_req *subreq)
+{
+	NTSTATUS status;
+	struct nbtd_wins_register_state *state =
+		tevent_req_callback_data(subreq,
+		struct nbtd_wins_register_state);
+	struct nbtd_iface_name *iname = state->iname;
+
+	status = nbt_name_register_wins_recv(subreq, state, &state->io);
+	TALLOC_FREE(subreq);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
+		/* none of the WINS servers responded - try again 
+		   periodically */
+		int wins_retry_time = lpcfg_parm_int(iname->iface->nbtsrv->task->lp_ctx, NULL, "nbtd", "wins_retry", 300);
+		tevent_add_timer(iname->iface->nbtsrv->task->event_ctx,
+				iname,
+				timeval_current_ofs(wins_retry_time, 0),
+				nbtd_wins_register_retry,
+				iname);
+		talloc_free(state);
+		return;
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(1,("Name register failure with WINS for %s - %s\n", 
+			 nbt_name_string(state, &iname->name), nt_errstr(status)));
+		talloc_free(state);
+		return;
+	}	
+
+	if (state->io.out.rcode != 0) {
+		DEBUG(1,("WINS server %s rejected name register of %s - %s\n", 
+			 state->io.out.wins_server,
+			 nbt_name_string(state, &iname->name),
+			 nt_errstr(nbt_rcode_to_ntstatus(state->io.out.rcode))));
+		iname->nb_flags |= NBT_NM_CONFLICT;
+		talloc_free(state);
+		return;
+	}	
+
+	/* success - start a periodic name refresh */
+	iname->nb_flags |= NBT_NM_ACTIVE;
+	if (iname->wins_server) {
+		/*
+		 * talloc_free() would generate a warning,
+		 * so steal it into the tmp context
+		 */
+		talloc_steal(state, iname->wins_server);
+	}
+	iname->wins_server = talloc_move(iname, &state->io.out.wins_server);
+
+	iname->registration_time = timeval_current();
+
+	DEBUG(3,("Registered %s with WINS server %s\n",
+		 nbt_name_string(state, &iname->name), iname->wins_server));
+
+	talloc_free(state);
+
+	nbtd_wins_start_refresh_timer(iname);
+}
+
+/*
+  register a name with our WINS servers
+*/
+void nbtd_winsclient_register(struct nbtd_iface_name *iname)
+{
+	struct nbtd_interface *iface = iname->iface;
+	struct nbt_name_socket *nbtsock = wins_socket(iface);
+	struct nbtd_wins_register_state *state;
+	struct tevent_req *subreq;
+
+	state = talloc_zero(iname, struct nbtd_wins_register_state);
+	if (state == NULL) {
+		return;
+	}
+
+	state->iname = iname;
+
+	/* setup a wins name register request */
+	state->io.in.name         = iname->name;
+	state->io.in.wins_port    = lpcfg_nbt_port(iface->nbtsrv->task->lp_ctx);
+	state->io.in.wins_servers = lpcfg_wins_server_list(iface->nbtsrv->task->lp_ctx);
+	state->io.in.addresses    = nbtd_address_list(iface, state);
+	state->io.in.nb_flags     = iname->nb_flags;
+	state->io.in.ttl          = iname->ttl;
+
+	if (state->io.in.addresses == NULL) {
+		talloc_free(state);
+		return;
+	}
+
+	subreq = nbt_name_register_wins_send(state, iface->nbtsrv->task->event_ctx,
+					     nbtsock, &state->io);
+	if (subreq == NULL) {
+		talloc_free(state);
+		return;
+	}
+
+	tevent_req_set_callback(subreq, nbtd_wins_register_handler, state);
+}
diff --git a/source4/nbt_server/wins/winsdb.c b/source4/nbt_server/wins/winsdb.c
new file mode 100644
index 0000000..2a05e96
--- /dev/null
+++ b/source4/nbt_server/wins/winsdb.c
@@ -0,0 +1,1027 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   WINS database routines
+
+   Copyright (C) Andrew Tridgell	2005
+   Copyright (C) Stefan Metzmacher	2005
+      
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "nbt_server/nbt_server.h"
+#include "nbt_server/wins/winsdb.h"
+#include <ldb.h>
+#include <ldb_errors.h>
+#include "librpc/gen_ndr/ndr_nbt.h"
+#include "system/time.h"
+#include "ldb_wrap.h"
+#include "system/network.h"
+#include "lib/socket/netif.h"
+#include "param/param.h"
+#include "lib/util/smb_strtox.h"
+
+#undef strcasecmp
+
+uint64_t winsdb_get_maxVersion(struct winsdb_handle *h)
+{
+	int ret;
+	struct ldb_context *ldb = h->ldb;
+	struct ldb_dn *dn;
+	struct ldb_result *res = NULL;
+	TALLOC_CTX *tmp_ctx = talloc_new(ldb);
+	uint64_t maxVersion = 0;
+
+	dn = ldb_dn_new(tmp_ctx, ldb, "CN=VERSION");
+	if (!dn) goto failed;
+
+	/* find the record in the WINS database */
+	ret = ldb_search(ldb, tmp_ctx, &res, dn, LDB_SCOPE_BASE, NULL, NULL);
+	if (ret != LDB_SUCCESS) goto failed;
+	if (res->count > 1) goto failed;
+
+	if (res->count == 1) {
+		maxVersion = ldb_msg_find_attr_as_uint64(res->msgs[0], "maxVersion", 0);
+	}
+
+failed:
+	talloc_free(tmp_ctx);
+	return maxVersion;
+}
+
+/*
+ if newVersion == 0 return the old maxVersion + 1 and save it
+ if newVersion > 0 return MAX(oldMaxVersion, newMaxVersion) and save it
+*/
+uint64_t winsdb_set_maxVersion(struct winsdb_handle *h, uint64_t newMaxVersion)
+{
+	int trans;
+	int ret;
+	struct ldb_dn *dn;
+	struct ldb_result *res = NULL;
+	struct ldb_message *msg = NULL;
+	struct ldb_context *wins_db = h->ldb;
+	TALLOC_CTX *tmp_ctx = talloc_new(wins_db);
+	uint64_t oldMaxVersion = 0;
+
+	trans = ldb_transaction_start(wins_db);
+	if (trans != LDB_SUCCESS) goto failed;
+
+	dn = ldb_dn_new(tmp_ctx, wins_db, "CN=VERSION");
+	if (!dn) goto failed;
+
+	/* find the record in the WINS database */
+	ret = ldb_search(wins_db, tmp_ctx, &res, dn, LDB_SCOPE_BASE, NULL, NULL);
+	if (ret != LDB_SUCCESS) goto failed;
+	if (res->count > 1) goto failed;
+
+	if (res->count == 1) {
+		oldMaxVersion = ldb_msg_find_attr_as_uint64(res->msgs[0], "maxVersion", 0);
+	}
+
+	if (newMaxVersion == 0) {
+		newMaxVersion = oldMaxVersion + 1;
+	} else {
+		newMaxVersion = MAX(oldMaxVersion, newMaxVersion);
+	}
+
+	msg = ldb_msg_new(tmp_ctx);
+	if (!msg) goto failed;
+	msg->dn = dn;
+
+
+	ret = ldb_msg_append_string(msg, "objectClass", "winsMaxVersion",
+				    LDB_FLAG_MOD_REPLACE);
+	if (ret != LDB_SUCCESS) goto failed;
+	ret = ldb_msg_append_fmt(msg, LDB_FLAG_MOD_REPLACE,
+				 "maxVersion", "%llu", (long long)newMaxVersion);
+	if (ret != LDB_SUCCESS) goto failed;
+
+	ret = ldb_modify(wins_db, msg);
+	if (ret != LDB_SUCCESS) ret = ldb_add(wins_db, msg);
+	if (ret != LDB_SUCCESS) goto failed;
+
+	trans = ldb_transaction_commit(wins_db);
+	if (trans != LDB_SUCCESS) goto failed;
+
+	talloc_free(tmp_ctx);
+	return newMaxVersion;
+
+failed:
+	if (trans == LDB_SUCCESS) ldb_transaction_cancel(wins_db);
+	talloc_free(tmp_ctx);
+	return 0;
+}
+
+/*
+  return a DN for a nbt_name
+*/
+static struct ldb_dn *winsdb_dn(TALLOC_CTX *mem_ctx, struct ldb_context *ldb,
+				const struct nbt_name *name)
+{
+	struct ldb_dn *dn;
+
+	dn = ldb_dn_new_fmt(mem_ctx, ldb, "type=0x%02X", name->type);
+	if (ldb_dn_is_valid(dn) && name->name && *name->name) {
+		ldb_dn_add_child_fmt(dn, "name=%s", name->name);
+	}
+	if (ldb_dn_is_valid(dn) && name->scope && *name->scope) {
+		ldb_dn_add_child_fmt(dn, "scope=%s", name->scope);
+	}
+	return dn;
+}
+
+static NTSTATUS winsdb_nbt_name(TALLOC_CTX *mem_ctx, struct ldb_dn *dn, struct nbt_name **_name)
+{
+	NTSTATUS status;
+	struct nbt_name *name;
+	unsigned int comp_num;
+	uint32_t cur = 0;
+	int error = 0;
+
+	name = talloc(mem_ctx, struct nbt_name);
+	if (!name) {
+		status = NT_STATUS_NO_MEMORY;
+		goto failed;
+	}
+
+	comp_num = ldb_dn_get_comp_num(dn);
+
+	if (comp_num > 3) {
+		status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+		goto failed;
+	}
+
+	if (comp_num > cur && strcasecmp("scope", ldb_dn_get_component_name(dn, cur)) == 0) {
+		name->scope	= (const char *)talloc_strdup(name, (char *)ldb_dn_get_component_val(dn, cur)->data);
+		cur++;
+	} else {
+		name->scope	= NULL;
+	}
+
+	if (comp_num > cur && strcasecmp("name", ldb_dn_get_component_name(dn, cur)) == 0) {
+		name->name	= (const char *)talloc_strdup(name, (char *)ldb_dn_get_component_val(dn, cur)->data);
+		cur++;
+	} else {
+		name->name	= talloc_strdup(name, "");
+		if (!name->name) {
+			status = NT_STATUS_NO_MEMORY;
+			goto failed;
+		}
+	}
+
+	if (comp_num > cur && strcasecmp("type", ldb_dn_get_component_name(dn, cur)) == 0) {
+		name->type =
+			smb_strtoul(
+				(char *)ldb_dn_get_component_val(dn, cur)->data,
+				NULL,
+				0,
+				&error,
+				SMB_STR_STANDARD);
+		if (error != 0) {
+			status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+			goto failed;
+		}
+		cur++;
+	} else {
+		status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+		goto failed;
+	}
+
+	*_name = name;
+	return NT_STATUS_OK;
+failed:
+	talloc_free(name);
+	return status;
+}
+
+/*
+ decode the winsdb_addr("address") attribute:
+ "172.31.1.1" or 
+ "172.31.1.1;winsOwner:172.31.9.202;expireTime:20050923032330.0Z;"
+ are valid records
+*/
+static NTSTATUS winsdb_addr_decode(struct winsdb_handle *h, struct winsdb_record *rec, struct ldb_val *val,
+				   TALLOC_CTX *mem_ctx, struct winsdb_addr **_addr)
+{
+	NTSTATUS status;
+	struct winsdb_addr *addr;
+	const char *address;
+	const char *wins_owner;
+	const char *expire_time;
+	char *p;
+
+	addr = talloc(mem_ctx, struct winsdb_addr);
+	if (!addr) {
+		status = NT_STATUS_NO_MEMORY;
+		goto failed;
+	}
+
+	address = (char *)val->data;
+
+	p = strchr(address, ';');
+	if (!p) {
+		/* support old entries, with only the address */
+		addr->address		= (const char *)talloc_steal(addr, val->data);
+		addr->wins_owner	= talloc_strdup(addr, rec->wins_owner);
+		if (!addr->wins_owner) {
+			status = NT_STATUS_NO_MEMORY;
+			goto failed;
+		}
+		addr->expire_time	= rec->expire_time;
+		*_addr = addr;
+		return NT_STATUS_OK;
+	}
+
+	*p = '\0'; p++;
+	addr->address = talloc_strdup(addr, address);
+	if (!addr->address) {
+		status = NT_STATUS_NO_MEMORY;
+		goto failed;
+	}
+
+	if (strncmp("winsOwner:", p, 10) != 0) {
+		status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+		goto failed;
+	}
+	wins_owner = p + 10;
+	p = strchr(wins_owner, ';');
+	if (!p) {
+		status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+		goto failed;
+	}
+
+	*p = '\0';p++;
+	if (strcmp(wins_owner, "0.0.0.0") == 0) {
+		wins_owner = h->local_owner;
+	}
+	addr->wins_owner = talloc_strdup(addr, wins_owner);
+	if (!addr->wins_owner) {
+		status = NT_STATUS_NO_MEMORY;
+		goto failed;
+	}
+
+	if (strncmp("expireTime:", p, 11) != 0) {
+		status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+		goto failed;
+	}
+
+	expire_time = p + 11;
+	p = strchr(expire_time, ';');
+	if (!p) {
+		status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+		goto failed;
+	}
+
+	*p = '\0';p++;
+	addr->expire_time = ldb_string_to_time(expire_time);
+
+	*_addr = addr;
+	return NT_STATUS_OK;
+failed:
+	talloc_free(addr);
+	return status;
+}
+
+/*
+ encode the winsdb_addr("address") attribute like this:
+ non-static record:
+ "172.31.1.1;winsOwner:172.31.9.202;expireTime:20050923032330.0Z;"
+ static record:
+ "172.31.1.1"
+*/
+static int ldb_msg_add_winsdb_addr(struct ldb_message *msg, struct winsdb_record *rec,
+				   const char *attr_name, struct winsdb_addr *addr)
+{
+	const char *str;
+
+	if (rec->is_static) {
+		str = talloc_strdup(msg, addr->address);
+		if (!str) return LDB_ERR_OPERATIONS_ERROR;
+	} else {
+		char *expire_time;
+		expire_time = ldb_timestring(msg, addr->expire_time);
+		if (!expire_time) return LDB_ERR_OPERATIONS_ERROR;
+		str = talloc_asprintf(msg, "%s;winsOwner:%s;expireTime:%s;",
+				      addr->address, addr->wins_owner,
+				      expire_time);
+		talloc_free(expire_time);
+		if (!str) return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	return ldb_msg_add_string(msg, attr_name, str);
+}
+
+struct winsdb_addr **winsdb_addr_list_make(TALLOC_CTX *mem_ctx)
+{
+	struct winsdb_addr **addresses;
+
+	addresses = talloc_array(mem_ctx, struct winsdb_addr *, 1);
+	if (!addresses) return NULL;
+
+	addresses[0] = NULL;
+
+	return addresses;
+}
+
+static int winsdb_addr_sort_list (struct winsdb_addr **p1, struct winsdb_addr **p2, void *opaque)
+{
+	struct winsdb_addr *a1 = talloc_get_type(*p1, struct winsdb_addr);
+	struct winsdb_addr *a2 = talloc_get_type(*p2, struct winsdb_addr);
+	struct winsdb_handle *h= talloc_get_type(opaque, struct winsdb_handle);
+	bool a1_owned = false;
+	bool a2_owned = false;
+
+	/*
+	 * first the owned addresses with the newest to the oldest address
+	 * then the replica addresses with the newest to the oldest address
+	 */
+	if (a2->expire_time != a1->expire_time) {
+		return a2->expire_time - a1->expire_time;
+	}
+
+	if (strcmp(a2->wins_owner, h->local_owner) == 0) {
+		a2_owned = true;
+	}
+
+	if (strcmp(a1->wins_owner, h->local_owner) == 0) {
+		a1_owned = true;
+	}
+
+	return a2_owned - a1_owned;
+}
+
+struct winsdb_addr **winsdb_addr_list_add(struct winsdb_handle *h, const struct winsdb_record *rec,
+					  struct winsdb_addr **addresses, const char *address,
+					  const char *wins_owner, time_t expire_time,
+					  bool is_name_registration)
+{
+	struct winsdb_addr *old_addr = NULL;
+	size_t len = 0;
+	size_t i;
+	bool found_old_replica = false;
+
+	/*
+	 * count the addresses and maybe
+	 * find an old entry for the new address
+	 */
+	for (i=0; addresses[i]; i++) {
+		if (old_addr) continue;
+		if (strcmp(addresses[i]->address, address) == 0) {
+			old_addr = addresses[i];
+		}
+	}
+	len = i;
+
+	/*
+	 * the address is already there
+	 * and we can replace it
+	 */
+	if (old_addr) {
+		goto remove_old_addr;
+	}
+
+	/*
+	 * if we don't have 25 addresses already,
+	 * we can just add the new address
+	 */
+	if (len < 25) {
+		goto add_new_addr;
+	}
+
+	/*
+	 * if we haven't found the address,
+	 * and we have already have 25 addresses
+	 * if so then we need to do the following:
+	 * - if it isn't a name registration, then just ignore the new address
+	 * - if it is a name registration, then first search for 
+	 *   the oldest replica and if there's no replica address
+	 *   search the oldest owned address
+	 */
+	if (!is_name_registration) {
+		return addresses;
+	}
+
+	/*
+	 * find the oldest replica address, if there's no replica
+	 * record at all, find the oldest owned address
+	 */
+	for (i=0; addresses[i]; i++) {
+		bool cur_is_replica = false;
+		/* find out if the current address is a replica */
+		if (strcmp(addresses[i]->wins_owner, h->local_owner) != 0) {
+			cur_is_replica = true;
+		}
+
+		/*
+		 * if we already found a replica address and the current address
+		 * is not a replica, then skip it
+		 */
+		if (found_old_replica && !cur_is_replica) continue;
+
+		/*
+		 * if we found the first replica address, reset the address
+		 * that would be replaced
+		 */
+		if (!found_old_replica && cur_is_replica) {
+			found_old_replica = true;
+			old_addr = addresses[i];
+			continue;
+		}
+
+		/*
+		 * if the first address isn't a replica, just start with 
+		 * the first one
+		 */
+		if (!old_addr) {
+			old_addr = addresses[i];
+			continue;
+		}
+
+		/*
+		 * see if we find an older address
+		 */
+		if (addresses[i]->expire_time < old_addr->expire_time) {
+			old_addr = addresses[i];
+			continue;
+		}
+	}
+
+remove_old_addr:
+	winsdb_addr_list_remove(addresses, old_addr->address);
+	len --;
+
+add_new_addr:
+	addresses = talloc_realloc(addresses, addresses, struct winsdb_addr *, len + 2);
+	if (!addresses) return NULL;
+
+	addresses[len] = talloc(addresses, struct winsdb_addr);
+	if (!addresses[len]) {
+		talloc_free(addresses);
+		return NULL;
+	}
+
+	addresses[len]->address = talloc_strdup(addresses[len], address);
+	if (!addresses[len]->address) {
+		talloc_free(addresses);
+		return NULL;
+	}
+
+	addresses[len]->wins_owner = talloc_strdup(addresses[len], wins_owner);
+	if (!addresses[len]->wins_owner) {
+		talloc_free(addresses);
+		return NULL;
+	}
+
+	addresses[len]->expire_time = expire_time;
+
+	addresses[len+1] = NULL;
+
+	LDB_TYPESAFE_QSORT(addresses, len+1, h, winsdb_addr_sort_list);
+
+	return addresses;
+}
+
+void winsdb_addr_list_remove(struct winsdb_addr **addresses, const char *address)
+{
+	size_t i;
+
+	for (i=0; addresses[i]; i++) {
+		if (strcmp(addresses[i]->address, address) == 0) {
+			break;
+		}
+	}
+
+	for (; addresses[i]; i++) {
+		addresses[i] = addresses[i+1];
+	}
+
+	return;
+}
+
+struct winsdb_addr *winsdb_addr_list_check(struct winsdb_addr **addresses, const char *address)
+{
+	size_t i;
+
+	for (i=0; addresses[i]; i++) {
+		if (strcmp(addresses[i]->address, address) == 0) {
+			return addresses[i];
+		}
+	}
+
+	return NULL;
+}
+
+size_t winsdb_addr_list_length(struct winsdb_addr **addresses)
+{
+	size_t i;
+	for (i=0; addresses[i]; i++);
+	return i;
+}
+
+const char **winsdb_addr_string_list(TALLOC_CTX *mem_ctx, struct winsdb_addr **addresses)
+{
+	size_t len = winsdb_addr_list_length(addresses);
+	const char **str_list=NULL;
+	size_t i;
+
+	for (i=0; i < len; i++) {
+		str_list = str_list_add(str_list, addresses[i]->address);
+		if (!str_list[i]) {
+			return NULL;
+		}
+	}
+	talloc_steal(mem_ctx, str_list);
+	return str_list;
+}
+
+/*
+  load a WINS entry from the database
+*/
+NTSTATUS winsdb_lookup(struct winsdb_handle *h, 
+		       const struct nbt_name *name,
+		       TALLOC_CTX *mem_ctx,
+		       struct winsdb_record **_rec)
+{
+	NTSTATUS status;
+	struct ldb_result *res = NULL;
+	int ret;
+	struct winsdb_record *rec;
+	struct ldb_context *wins_db = h->ldb;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	time_t now = time(NULL);
+
+	/* find the record in the WINS database */
+	ret = ldb_search(wins_db, tmp_ctx, &res,
+			 winsdb_dn(tmp_ctx, wins_db, name),
+			 LDB_SCOPE_BASE, NULL, NULL);
+
+	if (ret != LDB_SUCCESS || res->count > 1) {
+		status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+		goto failed;
+	} else if (res->count== 0) {
+		status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
+		goto failed;
+	}
+
+	status = winsdb_record(h, res->msgs[0], tmp_ctx, now, &rec);
+	if (!NT_STATUS_IS_OK(status)) goto failed;
+
+	talloc_steal(mem_ctx, rec);
+	talloc_free(tmp_ctx);
+	*_rec = rec;
+	return NT_STATUS_OK;
+
+failed:
+	talloc_free(tmp_ctx);
+	return status;
+}
+
+NTSTATUS winsdb_record(struct winsdb_handle *h, struct ldb_message *msg, TALLOC_CTX *mem_ctx, time_t now, struct winsdb_record **_rec)
+{
+	NTSTATUS status;
+	struct winsdb_record *rec;
+	struct ldb_message_element *el;
+	struct nbt_name *name;
+	uint32_t i, j, num_values;
+
+	rec = talloc(mem_ctx, struct winsdb_record);
+	if (rec == NULL) {
+		status = NT_STATUS_NO_MEMORY;
+		goto failed;
+	}
+
+	status = winsdb_nbt_name(rec, msg->dn, &name);
+	if (!NT_STATUS_IS_OK(status)) goto failed;
+
+	if (strlen(name->name) > 15) {
+		status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+		goto failed;
+	}
+	if (name->scope && strlen(name->scope) > 238) {
+		status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+		goto failed;
+	}
+
+	/* parse it into a more convenient winsdb_record structure */
+	rec->name		= name;
+	rec->type		= ldb_msg_find_attr_as_int(msg, "recordType", WREPL_TYPE_UNIQUE);
+	rec->state		= ldb_msg_find_attr_as_int(msg, "recordState", WREPL_STATE_RELEASED);
+	rec->node		= ldb_msg_find_attr_as_int(msg, "nodeType", WREPL_NODE_B);
+	rec->is_static		= ldb_msg_find_attr_as_int(msg, "isStatic", 0);
+	rec->expire_time	= ldb_string_to_time(ldb_msg_find_attr_as_string(msg, "expireTime", NULL));
+	rec->version		= ldb_msg_find_attr_as_uint64(msg, "versionID", 0);
+	rec->wins_owner		= ldb_msg_find_attr_as_string(msg, "winsOwner", NULL);
+	rec->registered_by	= ldb_msg_find_attr_as_string(msg, "registeredBy", NULL);
+	talloc_steal(rec, rec->wins_owner);
+	talloc_steal(rec, rec->registered_by);
+
+	if (!rec->wins_owner || strcmp(rec->wins_owner, "0.0.0.0") == 0) {
+		rec->wins_owner = h->local_owner;
+	}
+
+	el = ldb_msg_find_element(msg, "address");
+	if (el) {
+		num_values = el->num_values;
+	} else {
+		num_values = 0;
+	}
+
+	if (rec->type == WREPL_TYPE_UNIQUE || rec->type == WREPL_TYPE_GROUP) {
+		if (num_values != 1) {
+			status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+			goto failed;
+		}
+	}
+	if (rec->state == WREPL_STATE_ACTIVE) {
+		if (num_values < 1) {
+			status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+			goto failed;
+		}
+	}
+	if (num_values > 25) {
+		status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+		goto failed;
+	}
+
+	rec->addresses     = talloc_array(rec, struct winsdb_addr *, num_values+1);
+	if (rec->addresses == NULL) {
+		status = NT_STATUS_NO_MEMORY;
+		goto failed;
+	}
+
+	for (i=0,j=0;i<num_values;i++) {
+		bool we_are_owner = false;
+
+		status = winsdb_addr_decode(h, rec, &el->values[i], rec->addresses, &rec->addresses[j]);
+		if (!NT_STATUS_IS_OK(status)) goto failed;
+
+		if (strcmp(rec->addresses[j]->wins_owner, h->local_owner) == 0) {
+			we_are_owner = true;
+		}
+
+		/*
+		 * the record isn't static and is active
+		 * then don't add the address if it's expired,
+		 * but only if we're the owner of the address
+		 *
+		 * This is important for SGROUP records,
+		 * because each server thinks he's the owner of the
+		 * record and the record isn't replicated on a
+		 * name_refresh. So addresses owned by another owner
+		 * could expire, but we still need to return them
+		 * (as windows does).
+		 */
+		if (!rec->is_static &&
+		    rec->addresses[j]->expire_time <= now &&
+		    rec->state == WREPL_STATE_ACTIVE &&
+		    we_are_owner) {
+			DEBUG(5,("WINS: expiring name addr %s of %s (expired at %s)\n", 
+				 rec->addresses[j]->address, nbt_name_string(rec->addresses[j], rec->name),
+				 timestring(rec->addresses[j], rec->addresses[j]->expire_time)));
+			talloc_free(rec->addresses[j]);
+			rec->addresses[j] = NULL;
+			continue;
+		}
+		j++;
+	}
+	rec->addresses[j] = NULL;
+	num_values = j;
+
+	if (rec->is_static && rec->state == WREPL_STATE_ACTIVE) {
+		rec->expire_time = get_time_t_max();
+		for (i=0;rec->addresses[i];i++) {
+			rec->addresses[i]->expire_time = rec->expire_time;
+		}
+	}
+
+	if (rec->state == WREPL_STATE_ACTIVE) {
+		if (num_values < 1) {
+			DEBUG(5,("WINS: expiring name %s (because it has no active addresses)\n", 
+				 nbt_name_string(mem_ctx, rec->name)));
+			rec->state = WREPL_STATE_RELEASED;
+		}
+	}
+
+	*_rec = rec;
+	return NT_STATUS_OK;
+failed:
+	if (NT_STATUS_EQUAL(NT_STATUS_INTERNAL_DB_CORRUPTION, status)) {
+		DEBUG(1,("winsdb_record: corrupted record: %s\n", ldb_dn_get_linearized(msg->dn)));
+	}
+	talloc_free(rec);
+	return status;
+}
+
+/*
+  form a ldb_message from a winsdb_record
+*/
+static struct ldb_message *winsdb_message(struct ldb_context *ldb,
+					  struct winsdb_record *rec,
+					  TALLOC_CTX *mem_ctx)
+{
+	int i, ret;
+	size_t addr_count;
+	const char *expire_time;
+	struct ldb_message *msg = ldb_msg_new(mem_ctx);
+	if (msg == NULL) goto failed;
+
+	/* make sure we don't put in corrupted records */
+	addr_count = winsdb_addr_list_length(rec->addresses);
+	if (rec->state == WREPL_STATE_ACTIVE && addr_count == 0) {
+		rec->state = WREPL_STATE_RELEASED;
+	}
+	if (rec->type == WREPL_TYPE_UNIQUE && addr_count > 1) {
+		rec->type = WREPL_TYPE_MHOMED;
+	}
+
+	expire_time = ldb_timestring(msg, rec->expire_time);
+	if (!expire_time) {
+		goto failed;
+	}
+
+	msg->dn = winsdb_dn(msg, ldb, rec->name);
+	if (msg->dn == NULL) goto failed;
+	ret = ldb_msg_add_fmt(msg, "type", "0x%02X", rec->name->type);
+	if (rec->name->name && *rec->name->name) {
+		ret |= ldb_msg_add_string(msg, "name", rec->name->name);
+	}
+	if (rec->name->scope && *rec->name->scope) {
+		ret |= ldb_msg_add_string(msg, "scope", rec->name->scope);
+	}
+	ret |= ldb_msg_add_fmt(msg, "objectClass", "winsRecord");
+	ret |= ldb_msg_add_fmt(msg, "recordType", "%u", rec->type);
+	ret |= ldb_msg_add_fmt(msg, "recordState", "%u", rec->state);
+	ret |= ldb_msg_add_fmt(msg, "nodeType", "%u", rec->node);
+	ret |= ldb_msg_add_fmt(msg, "isStatic", "%u", rec->is_static);
+	ret |= ldb_msg_add_empty(msg, "expireTime", 0, NULL);
+	if (!(rec->is_static && rec->state == WREPL_STATE_ACTIVE)) {
+		ret |= ldb_msg_add_string(msg, "expireTime", expire_time);
+	}
+	ret |= ldb_msg_add_fmt(msg, "versionID", "%llu", (long long)rec->version);
+	ret |= ldb_msg_add_string(msg, "winsOwner", rec->wins_owner);
+	ret |= ldb_msg_add_empty(msg, "address", 0, NULL);
+	for (i=0;rec->addresses[i];i++) {
+		ret |= ldb_msg_add_winsdb_addr(msg, rec, "address", rec->addresses[i]);
+	}
+	if (rec->registered_by) {
+		ret |= ldb_msg_append_string(msg, "registeredBy", rec->registered_by, 0);
+	}
+	if (ret != LDB_SUCCESS) goto failed;
+	return msg;
+
+failed:
+	talloc_free(msg);
+	return NULL;
+}
+
+/*
+  save a WINS record into the database
+*/
+uint8_t winsdb_add(struct winsdb_handle *h, struct winsdb_record *rec, uint32_t flags)
+{
+	struct ldb_message *msg;
+	struct ldb_context *wins_db = h->ldb;
+	TALLOC_CTX *tmp_ctx = talloc_new(wins_db);
+	int trans = -1;
+	int ret;
+
+	trans = ldb_transaction_start(wins_db);
+	if (trans != LDB_SUCCESS) goto failed;
+
+	if (flags & WINSDB_FLAG_ALLOC_VERSION) {
+		/* passing '0' means auto-allocate a new one */
+		rec->version = winsdb_set_maxVersion(h, 0);
+		if (rec->version == 0) goto failed;
+	}
+	if (flags & WINSDB_FLAG_TAKE_OWNERSHIP) {
+		rec->wins_owner = h->local_owner;
+	}
+
+	msg = winsdb_message(wins_db, rec, tmp_ctx);
+	if (msg == NULL) goto failed;
+	ret = ldb_add(wins_db, msg);
+	if (ret != LDB_SUCCESS) goto failed;
+
+	trans = ldb_transaction_commit(wins_db);
+	if (trans != LDB_SUCCESS) goto failed;
+
+	wins_hook(h, rec, WINS_HOOK_ADD, h->hook_script);
+
+	talloc_free(tmp_ctx);
+	return NBT_RCODE_OK;
+
+failed:
+	if (trans == LDB_SUCCESS) ldb_transaction_cancel(wins_db);
+	talloc_free(tmp_ctx);
+	return NBT_RCODE_SVR;
+}
+
+
+/*
+  modify a WINS record in the database
+*/
+uint8_t winsdb_modify(struct winsdb_handle *h, struct winsdb_record *rec, uint32_t flags)
+{
+	struct ldb_message *msg;
+	struct ldb_context *wins_db = h->ldb;
+	TALLOC_CTX *tmp_ctx = talloc_new(wins_db);
+	int trans;
+	int ret;
+	unsigned int i;
+
+	trans = ldb_transaction_start(wins_db);
+	if (trans != LDB_SUCCESS) goto failed;
+
+	if (flags & WINSDB_FLAG_ALLOC_VERSION) {
+		/* passing '0' means auto-allocate a new one */
+		rec->version = winsdb_set_maxVersion(h, 0);
+		if (rec->version == 0) goto failed;
+	}
+	if (flags & WINSDB_FLAG_TAKE_OWNERSHIP) {
+		rec->wins_owner = h->local_owner;
+	}
+
+	msg = winsdb_message(wins_db, rec, tmp_ctx);
+	if (msg == NULL) goto failed;
+
+	for (i=0;i<msg->num_elements;i++) {
+		msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
+	}
+
+	ret = ldb_modify(wins_db, msg);
+	if (ret != LDB_SUCCESS) goto failed;
+
+	trans = ldb_transaction_commit(wins_db);
+	if (trans != LDB_SUCCESS) goto failed;
+
+	wins_hook(h, rec, WINS_HOOK_MODIFY, h->hook_script);
+
+	talloc_free(tmp_ctx);
+	return NBT_RCODE_OK;
+
+failed:
+	if (trans == LDB_SUCCESS) ldb_transaction_cancel(wins_db);
+	talloc_free(tmp_ctx);
+	return NBT_RCODE_SVR;
+}
+
+
+/*
+  delete a WINS record from the database
+*/
+uint8_t winsdb_delete(struct winsdb_handle *h, struct winsdb_record *rec)
+{
+	struct ldb_context *wins_db = h->ldb;
+	TALLOC_CTX *tmp_ctx = talloc_new(wins_db);
+	struct ldb_dn *dn;
+	int trans;
+	int ret;
+
+	trans = ldb_transaction_start(wins_db);
+	if (trans != LDB_SUCCESS) goto failed;
+
+	dn = winsdb_dn(tmp_ctx, wins_db, rec->name);
+	if (dn == NULL) goto failed;
+
+	ret = ldb_delete(wins_db, dn);
+	if (ret != LDB_SUCCESS) goto failed;
+
+	trans = ldb_transaction_commit(wins_db);
+	if (trans != LDB_SUCCESS) goto failed;
+
+	wins_hook(h, rec, WINS_HOOK_DELETE, h->hook_script);
+
+	talloc_free(tmp_ctx);
+	return NBT_RCODE_OK;
+
+failed:
+	if (trans == LDB_SUCCESS) ldb_transaction_cancel(wins_db);
+	talloc_free(tmp_ctx);
+	return NBT_RCODE_SVR;
+}
+
+static bool winsdb_check_or_add_module_list(struct tevent_context *ev_ctx, 
+					    struct loadparm_context *lp_ctx, struct winsdb_handle *h,
+					    const char *wins_path)
+{
+	int trans;
+	int ret;
+	struct ldb_dn *dn;
+	struct ldb_result *res = NULL;
+	struct ldb_message *msg = NULL;
+	TALLOC_CTX *tmp_ctx = talloc_new(h);
+	unsigned int flags = 0;
+
+	trans = ldb_transaction_start(h->ldb);
+	if (trans != LDB_SUCCESS) goto failed;
+
+	/* check if we have a special @MODULES record already */
+	dn = ldb_dn_new(tmp_ctx, h->ldb, "@MODULES");
+	if (!dn) goto failed;
+
+	/* find the record in the WINS database */
+	ret = ldb_search(h->ldb, tmp_ctx, &res, dn, LDB_SCOPE_BASE, NULL, NULL);
+	if (ret != LDB_SUCCESS) goto failed;
+
+	if (res->count > 0) goto skip;
+
+	/* if there's no record, add one */
+	msg = ldb_msg_new(tmp_ctx);
+	if (!msg) goto failed;
+	msg->dn = dn;
+
+	ret = ldb_msg_add_string(msg, "@LIST", "wins_ldb");
+	if (ret != LDB_SUCCESS) goto failed;
+
+	ret = ldb_add(h->ldb, msg);
+	if (ret != LDB_SUCCESS) goto failed;
+
+	trans = ldb_transaction_commit(h->ldb);
+	if (trans != LDB_SUCCESS) goto failed;
+
+	/* close and reopen the database, with the modules */
+	trans = LDB_ERR_OTHER;
+	talloc_free(h->ldb);
+	h->ldb = NULL;
+
+	if (lpcfg_parm_bool(lp_ctx, NULL,"winsdb", "nosync", false)) {
+		flags |= LDB_FLG_NOSYNC;
+	}
+
+	h->ldb = ldb_wrap_connect(h, ev_ctx, lp_ctx, wins_path,
+				  NULL, NULL, flags);
+	if (!h->ldb) goto failed;
+
+	talloc_free(tmp_ctx);
+	return true;
+
+skip:
+	if (trans == LDB_SUCCESS) ldb_transaction_cancel(h->ldb);
+	talloc_free(tmp_ctx);
+	return true;
+
+failed:
+	if (trans == LDB_SUCCESS) ldb_transaction_cancel(h->ldb);
+	talloc_free(tmp_ctx);
+	return false;
+}
+
+struct winsdb_handle *winsdb_connect(TALLOC_CTX *mem_ctx, 
+				     struct tevent_context *ev_ctx,
+				     struct loadparm_context *lp_ctx,
+				     const char *owner,
+				     enum winsdb_handle_caller caller)
+{
+	const struct loadparm_substitution *lp_sub =
+		lpcfg_noop_substitution();
+	struct winsdb_handle *h = NULL;
+	unsigned int flags = 0;
+	bool ret;
+	int ldb_err;
+	char *wins_path;
+
+	h = talloc_zero(mem_ctx, struct winsdb_handle);
+	if (!h) return NULL;
+
+	wins_path = lpcfg_state_path(h, lp_ctx, "wins.ldb");
+
+	if (lpcfg_parm_bool(lp_ctx, NULL,"winsdb", "nosync", false)) {
+		flags |= LDB_FLG_NOSYNC;
+	}
+
+	h->ldb = ldb_wrap_connect(h, ev_ctx, lp_ctx, wins_path,
+				  NULL, NULL, flags);
+	if (!h->ldb) goto failed;
+
+	h->caller = caller;
+	h->hook_script = lpcfg_wins_hook(lp_ctx, lp_sub, h);
+
+	h->local_owner = talloc_strdup(h, owner);
+	if (!h->local_owner) goto failed;
+
+	/* make sure the module list is available and used */
+	ret = winsdb_check_or_add_module_list(ev_ctx, lp_ctx, h, wins_path);
+	if (!ret) goto failed;
+
+	ldb_err = ldb_set_opaque(h->ldb, "winsdb_handle", h);
+	if (ldb_err != LDB_SUCCESS) goto failed;
+
+	return h;
+failed:
+	talloc_free(h);
+	return NULL;
+}
+
diff --git a/source4/nbt_server/wins/winsdb.h b/source4/nbt_server/wins/winsdb.h
new file mode 100644
index 0000000..194bcc0
--- /dev/null
+++ b/source4/nbt_server/wins/winsdb.h
@@ -0,0 +1,81 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   WINS server structures
+
+   Copyright (C) Andrew Tridgell	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#define WINSDB_FLAG_ALLOC_VERSION	(1<<0)
+#define WINSDB_FLAG_TAKE_OWNERSHIP	(1<<1)
+
+struct winsdb_addr {
+	const char *address;
+	const char *wins_owner;
+	time_t expire_time;
+};
+
+/*
+  each record in the database contains the following information
+*/
+struct winsdb_record {
+	struct nbt_name *name;
+	enum wrepl_name_type type;
+	enum wrepl_name_state state;
+	enum wrepl_name_node node;
+	bool is_static;
+	time_t expire_time;
+	uint64_t version;
+	const char *wins_owner;
+	struct winsdb_addr **addresses;
+
+	/* only needed for debugging problems */
+	const char *registered_by;
+};
+
+enum winsdb_handle_caller {
+	WINSDB_HANDLE_CALLER_ADMIN	= 0,
+	WINSDB_HANDLE_CALLER_NBTD	= 1,
+	WINSDB_HANDLE_CALLER_WREPL	= 2
+};
+
+struct winsdb_handle {
+	/* wins server database handle */
+	struct ldb_context *ldb;
+
+	/*
+	 * the type of the caller, as we pass this to the
+	 * 'wins_ldb' ldb module can decide if it needs to verify the 
+	 * the records before they're written to disk
+	 */
+	enum winsdb_handle_caller caller;
+
+	/* local owner address */
+	const char *local_owner;
+
+	/* wins hook script */
+	const char *hook_script;
+};
+
+enum wins_hook_action {
+	WINS_HOOK_ADD		= 0,
+	WINS_HOOK_MODIFY	= 1,
+	WINS_HOOK_DELETE	= 2
+};
+
+struct ldb_message;
+struct tevent_context;
+#include "nbt_server/wins/winsdb_proto.h"
diff --git a/source4/nbt_server/wins/winsserver.c b/source4/nbt_server/wins/winsserver.c
new file mode 100644
index 0000000..a9f3ecd
--- /dev/null
+++ b/source4/nbt_server/wins/winsserver.c
@@ -0,0 +1,1074 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   core wins server handling
+
+   Copyright (C) Andrew Tridgell	2005
+   Copyright (C) Stefan Metzmacher	2005
+      
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/util/dlinklist.h"
+#include "nbt_server/nbt_server.h"
+#include "nbt_server/wins/winsdb.h"
+#include "nbt_server/wins/winsserver.h"
+#include "librpc/gen_ndr/ndr_nbt.h"
+#include "system/time.h"
+#include "libcli/composite/composite.h"
+#include "samba/service_task.h"
+#include "system/network.h"
+#include "lib/socket/socket.h"
+#include "lib/socket/netif.h"
+#include <ldb.h>
+#include "param/param.h"
+#include "libcli/resolve/resolve.h"
+#include "lib/util/util_net.h"
+
+/*
+  work out the ttl we will use given a client requested ttl
+*/
+uint32_t wins_server_ttl(struct wins_server *winssrv, uint32_t ttl)
+{
+	ttl = MIN(ttl, winssrv->config.max_renew_interval);
+	ttl = MAX(ttl, winssrv->config.min_renew_interval);
+	return ttl;
+}
+
+static enum wrepl_name_type wrepl_type(uint16_t nb_flags, struct nbt_name *name, bool mhomed)
+{
+	/* this copes with the nasty hack that is the type 0x1c name */
+	if (name->type == NBT_NAME_LOGON) {
+		return WREPL_TYPE_SGROUP;
+	}
+	if (nb_flags & NBT_NM_GROUP) {
+		return WREPL_TYPE_GROUP;
+	}
+	if (mhomed) {
+		return WREPL_TYPE_MHOMED;
+	}
+	return WREPL_TYPE_UNIQUE;
+}
+
+/*
+  register a new name with WINS
+*/
+static uint8_t wins_register_new(struct nbt_name_socket *nbtsock, 
+				 struct nbt_name_packet *packet, 
+				 const struct socket_address *src,
+				 enum wrepl_name_type type)
+{
+	struct nbtd_interface *iface = talloc_get_type(nbtsock->incoming.private_data,
+						       struct nbtd_interface);
+	struct wins_server *winssrv = iface->nbtsrv->winssrv;
+	struct nbt_name *name = &packet->questions[0].name;
+	uint32_t ttl = wins_server_ttl(winssrv, packet->additional[0].ttl);
+	uint16_t nb_flags = packet->additional[0].rdata.netbios.addresses[0].nb_flags;
+	const char *address = packet->additional[0].rdata.netbios.addresses[0].ipaddr;
+	struct winsdb_record rec;
+	enum wrepl_name_node node;
+
+#define WREPL_NODE_NBT_FLAGS(nb_flags) \
+	((nb_flags & NBT_NM_OWNER_TYPE)>>13)
+
+	node	= WREPL_NODE_NBT_FLAGS(nb_flags);
+
+	rec.name		= name;
+	rec.type		= type;
+	rec.state		= WREPL_STATE_ACTIVE;
+	rec.node		= node;
+	rec.is_static		= false;
+	rec.expire_time		= time(NULL) + ttl;
+	rec.version		= 0; /* will be allocated later */
+	rec.wins_owner		= NULL; /* will be set later */
+	rec.registered_by	= src->addr;
+	rec.addresses		= winsdb_addr_list_make(packet);
+	if (rec.addresses == NULL) return NBT_RCODE_SVR;
+
+	rec.addresses     = winsdb_addr_list_add(winssrv->wins_db,
+						 &rec, rec.addresses,
+						 address,
+						 winssrv->wins_db->local_owner,
+						 rec.expire_time,
+						 true);
+	if (rec.addresses == NULL) return NBT_RCODE_SVR;
+
+	DEBUG(4,("WINS: accepted registration of %s with address %s\n",
+		 nbt_name_string(packet, name), rec.addresses[0]->address));
+	
+	return winsdb_add(winssrv->wins_db, &rec, WINSDB_FLAG_ALLOC_VERSION | WINSDB_FLAG_TAKE_OWNERSHIP);
+}
+
+
+/*
+  update the ttl on an existing record
+*/
+static uint8_t wins_update_ttl(struct nbt_name_socket *nbtsock, 
+			       struct nbt_name_packet *packet, 
+			       struct winsdb_record *rec,
+			       struct winsdb_addr *winsdb_addr,
+			       const struct socket_address *src)
+{
+	struct nbtd_interface *iface = talloc_get_type(nbtsock->incoming.private_data,
+						       struct nbtd_interface);
+	struct wins_server *winssrv = iface->nbtsrv->winssrv;
+	uint32_t ttl = wins_server_ttl(winssrv, packet->additional[0].ttl);
+	const char *address = packet->additional[0].rdata.netbios.addresses[0].ipaddr;
+	uint32_t modify_flags = 0;
+
+	rec->expire_time   = time(NULL) + ttl;
+	rec->registered_by = src->addr;
+
+	if (winsdb_addr) {
+		rec->addresses = winsdb_addr_list_add(winssrv->wins_db,
+						      rec, rec->addresses,
+						      winsdb_addr->address,
+						      winssrv->wins_db->local_owner,
+						      rec->expire_time,
+						      true);
+		if (rec->addresses == NULL) return NBT_RCODE_SVR;
+	}
+
+	if (strcmp(winssrv->wins_db->local_owner, rec->wins_owner) != 0) {
+		modify_flags = WINSDB_FLAG_ALLOC_VERSION | WINSDB_FLAG_TAKE_OWNERSHIP;
+	}
+
+	DEBUG(5,("WINS: refreshed registration of %s at %s\n",
+		 nbt_name_string(packet, rec->name), address));
+	
+	return winsdb_modify(winssrv->wins_db, rec, modify_flags);
+}
+
+/*
+  do a sgroup merge
+*/
+static uint8_t wins_sgroup_merge(struct nbt_name_socket *nbtsock, 
+				 struct nbt_name_packet *packet, 
+			         struct winsdb_record *rec,
+			         const char *address,
+			         const struct socket_address *src)
+{
+	struct nbtd_interface *iface = talloc_get_type(nbtsock->incoming.private_data,
+						       struct nbtd_interface);
+	struct wins_server *winssrv = iface->nbtsrv->winssrv;
+	uint32_t ttl = wins_server_ttl(winssrv, packet->additional[0].ttl);
+
+	rec->expire_time   = time(NULL) + ttl;
+	rec->registered_by = src->addr;
+
+	rec->addresses     = winsdb_addr_list_add(winssrv->wins_db,
+						  rec, rec->addresses,
+						  address,
+						  winssrv->wins_db->local_owner,
+						  rec->expire_time,
+						  true);
+	if (rec->addresses == NULL) return NBT_RCODE_SVR;
+
+	DEBUG(5,("WINS: sgroup merge of %s at %s\n",
+		 nbt_name_string(packet, rec->name), address));
+	
+	return winsdb_modify(winssrv->wins_db, rec, WINSDB_FLAG_ALLOC_VERSION | WINSDB_FLAG_TAKE_OWNERSHIP);
+}
+
+struct nbtd_wins_wack_state {
+	struct nbtd_wins_wack_state *prev, *next;
+	struct wins_server *winssrv;
+	struct nbt_name_socket *nbtsock;
+	struct nbtd_interface *iface;
+	struct nbt_name_packet *request_packet;
+	struct winsdb_record *rec;
+	struct socket_address *src;
+	const char *reg_address;
+	enum wrepl_name_type new_type;
+	struct wins_challenge_io io;
+	NTSTATUS status;
+};
+
+static int nbtd_wins_wack_state_destructor(struct nbtd_wins_wack_state *s)
+{
+	DLIST_REMOVE(s->iface->wack_queue, s);
+	return 0;
+}
+
+static bool wins_check_wack_queue(struct nbtd_interface *iface,
+				  struct nbt_name_packet *packet,
+				  struct socket_address *src)
+{
+	struct nbtd_wins_wack_state *s;
+
+	for (s= iface->wack_queue; s; s = s->next) {
+		if (packet->name_trn_id != s->request_packet->name_trn_id) {
+			continue;
+		}
+		if (packet->operation != s->request_packet->operation) {
+			continue;
+		}
+		if (src->port != s->src->port) {
+			continue;
+		}
+		if (strcmp(src->addr, s->src->addr) != 0) {
+			continue;
+		}
+
+		return true;
+	}
+
+	return false;
+}
+
+/*
+  deny a registration request
+*/
+static void wins_wack_deny(struct nbtd_wins_wack_state *s)
+{
+	nbtd_name_registration_reply(s->nbtsock, s->request_packet, 
+				     s->src, NBT_RCODE_ACT);
+	DEBUG(4,("WINS: denied name registration request for %s from %s:%d\n",
+		 nbt_name_string(s, s->rec->name), s->src->addr, s->src->port));
+	talloc_free(s);
+}
+
+/*
+  allow a registration request
+*/
+static void wins_wack_allow(struct nbtd_wins_wack_state *s)
+{
+	NTSTATUS status;
+	uint32_t ttl = wins_server_ttl(s->winssrv, s->request_packet->additional[0].ttl);
+	struct winsdb_record *rec = s->rec, *rec2;
+	uint32_t i,j;
+
+	status = winsdb_lookup(s->winssrv->wins_db, rec->name, s, &rec2);
+	if (!NT_STATUS_IS_OK(status) ||
+	    rec2->version != rec->version ||
+	    strcmp(rec2->wins_owner, rec->wins_owner) != 0) {
+		DEBUG(5,("WINS: record %s changed during WACK - failing registration\n",
+			 nbt_name_string(s, rec->name)));
+		wins_wack_deny(s);
+		return;
+	}
+
+	/*
+	 * if the old name owner doesn't hold the name anymore
+	 * handle the request as new registration for the new name owner
+	 */
+	if (!NT_STATUS_IS_OK(s->status)) {
+		uint8_t rcode;
+
+		winsdb_delete(s->winssrv->wins_db, rec);
+		rcode = wins_register_new(s->nbtsock, s->request_packet, s->src, s->new_type);
+		if (rcode != NBT_RCODE_OK) {
+			DEBUG(1,("WINS: record %s failed to register as new during WACK\n",
+				 nbt_name_string(s, rec->name)));
+			wins_wack_deny(s);
+			return;
+		}
+		goto done;
+	}
+
+	rec->expire_time = time(NULL) + ttl;
+	rec->registered_by = s->src->addr;
+
+	/*
+	 * now remove all addresses that the client doesn't hold anymore
+	 * and update the time stamp and owner for the ones that are still there
+	 */
+	for (i=0; rec->addresses[i]; i++) {
+		bool found = false;
+		for (j=0; j < s->io.out.num_addresses; j++) {
+			if (strcmp(rec->addresses[i]->address, s->io.out.addresses[j]) != 0) continue;
+
+			found = true;
+			break;
+		}
+		if (found) {
+			rec->addresses = winsdb_addr_list_add(s->winssrv->wins_db,
+							      rec, rec->addresses,
+							      s->reg_address,
+							      s->winssrv->wins_db->local_owner,
+							      rec->expire_time,
+							      true);
+			if (rec->addresses == NULL) goto failed;
+			continue;
+		}
+
+		winsdb_addr_list_remove(rec->addresses, rec->addresses[i]->address);
+	}
+
+	rec->addresses = winsdb_addr_list_add(s->winssrv->wins_db,
+					      rec, rec->addresses,
+					      s->reg_address,
+					      s->winssrv->wins_db->local_owner,
+					      rec->expire_time,
+					      true);
+	if (rec->addresses == NULL) goto failed;
+
+	/* if we have more than one address, this becomes implicit a MHOMED record */
+	if (winsdb_addr_list_length(rec->addresses) > 1) {
+		rec->type = WREPL_TYPE_MHOMED;
+	}
+
+	winsdb_modify(s->winssrv->wins_db, rec, WINSDB_FLAG_ALLOC_VERSION | WINSDB_FLAG_TAKE_OWNERSHIP);
+
+	DEBUG(4,("WINS: accepted registration of %s with address %s\n",
+		 nbt_name_string(s, rec->name), s->reg_address));
+
+done:
+	nbtd_name_registration_reply(s->nbtsock, s->request_packet, 
+				     s->src, NBT_RCODE_OK);
+failed:
+	talloc_free(s);
+}
+
+/*
+  called when a name query to a current owner completes
+*/
+static void wack_wins_challenge_handler(struct composite_context *c_req)
+{
+	struct nbtd_wins_wack_state *s = talloc_get_type(c_req->async.private_data,
+					 struct nbtd_wins_wack_state);
+	bool found;
+	uint32_t i;
+
+	s->status = wins_challenge_recv(c_req, s, &s->io);
+
+	/*
+	 * if the owner denies it holds the name, then allow
+	 * the registration
+	 */
+	if (!NT_STATUS_IS_OK(s->status)) {
+		wins_wack_allow(s);
+		return;
+	}
+
+	if (s->new_type == WREPL_TYPE_GROUP || s->new_type == WREPL_TYPE_SGROUP) {
+		DEBUG(1,("WINS: record %s failed to register as group type(%u) during WACK, it's still type(%u)\n",
+			 nbt_name_string(s, s->rec->name), s->new_type, s->rec->type));
+		wins_wack_deny(s);
+		return;
+	}
+
+	/*
+	 * if the owner still wants the name and doesn't reply
+	 * with the address trying to be registered, then deny
+	 * the registration
+	 */
+	found = false;
+	for (i=0; i < s->io.out.num_addresses; i++) {
+		if (strcmp(s->reg_address, s->io.out.addresses[i]) != 0) continue;
+
+		found = true;
+		break;
+	}
+	if (!found) {
+		wins_wack_deny(s);
+		return;
+	}
+
+	wins_wack_allow(s);
+	return;
+}
+
+
+/*
+  a client has asked to register a unique name that someone else owns. We
+  need to ask each of the current owners if they still want it. If they do
+  then reject the registration, otherwise allow it
+*/
+static void wins_register_wack(struct nbt_name_socket *nbtsock, 
+			       struct nbt_name_packet *packet, 
+			       struct winsdb_record *rec,
+			       struct socket_address *src,
+			       enum wrepl_name_type new_type)
+{
+	struct nbtd_interface *iface = talloc_get_type(nbtsock->incoming.private_data,
+						       struct nbtd_interface);
+	struct wins_server *winssrv = iface->nbtsrv->winssrv;
+	struct nbtd_wins_wack_state *s;
+	struct composite_context *c_req;
+	uint32_t ttl;
+
+	s = talloc_zero(nbtsock, struct nbtd_wins_wack_state);
+	if (s == NULL) goto failed;
+
+	/* package up the state variables for this wack request */
+	s->winssrv		= winssrv;
+	s->nbtsock		= nbtsock;
+	s->iface		= iface;
+	s->request_packet	= talloc_steal(s, packet);
+	s->rec			= talloc_steal(s, rec);
+	s->reg_address		= packet->additional[0].rdata.netbios.addresses[0].ipaddr;
+	s->new_type		= new_type;
+	s->src		        = socket_address_copy(s, src);
+	if (s->src == NULL) goto failed;
+
+	s->io.in.nbtd_server	= iface->nbtsrv;
+	s->io.in.nbt_port       = lpcfg_nbt_port(iface->nbtsrv->task->lp_ctx);
+	s->io.in.event_ctx	= iface->nbtsrv->task->event_ctx;
+	s->io.in.name		= rec->name;
+	s->io.in.num_addresses	= winsdb_addr_list_length(rec->addresses);
+	s->io.in.addresses	= winsdb_addr_string_list(s, rec->addresses);
+	if (s->io.in.addresses == NULL) goto failed;
+
+	DLIST_ADD_END(iface->wack_queue, s);
+
+	talloc_set_destructor(s, nbtd_wins_wack_state_destructor);
+
+	/*
+	 * send a WACK to the client, specifying the maximum time it could
+         * take to check with the owner, plus some slack
+	 */
+	ttl = 5 + 4 * winsdb_addr_list_length(rec->addresses);
+	nbtd_wack_reply(nbtsock, packet, src, ttl);
+
+	/*
+	 * send the challenge to the old addresses
+	 */
+	c_req = wins_challenge_send(s, &s->io);
+	if (c_req == NULL) goto failed;
+
+	c_req->async.fn			= wack_wins_challenge_handler;
+	c_req->async.private_data	= s;
+	return;
+
+failed:
+	talloc_free(s);
+	nbtd_name_registration_reply(nbtsock, packet, src, NBT_RCODE_SVR);
+}
+
+/*
+  register a name
+*/
+static void nbtd_winsserver_register(struct nbt_name_socket *nbtsock, 
+				     struct nbt_name_packet *packet, 
+				     struct socket_address *src)
+{
+	NTSTATUS status;
+	struct nbtd_interface *iface = talloc_get_type(nbtsock->incoming.private_data,
+						       struct nbtd_interface);
+	struct wins_server *winssrv = iface->nbtsrv->winssrv;
+	struct nbt_name *name = &packet->questions[0].name;
+	struct winsdb_record *rec;
+	uint8_t rcode = NBT_RCODE_OK;
+	uint16_t nb_flags = packet->additional[0].rdata.netbios.addresses[0].nb_flags;
+	const char *address = packet->additional[0].rdata.netbios.addresses[0].ipaddr;
+	bool mhomed = ((packet->operation & NBT_OPCODE) == NBT_OPCODE_MULTI_HOME_REG);
+	enum wrepl_name_type new_type = wrepl_type(nb_flags, name, mhomed);
+	struct winsdb_addr *winsdb_addr = NULL;
+	bool duplicate_packet;
+
+	/*
+	 * as a special case, the local master browser name is always accepted
+	 * for registration, but never stored, but w2k3 stores it if it's registered
+	 * as a group name, (but a query for the 0x1D name still returns not found!)
+	 */
+	if (name->type == NBT_NAME_MASTER && !(nb_flags & NBT_NM_GROUP)) {
+		rcode = NBT_RCODE_OK;
+		goto done;
+	}
+
+	/* w2k3 refuses 0x1B names with marked as group */
+	if (name->type == NBT_NAME_PDC && (nb_flags & NBT_NM_GROUP)) {
+		rcode = NBT_RCODE_RFS;
+		goto done;
+	}
+
+	/* w2k3 refuses 0x1C names with out marked as group */
+	if (name->type == NBT_NAME_LOGON && !(nb_flags & NBT_NM_GROUP)) {
+		rcode = NBT_RCODE_RFS;
+		goto done;
+	}
+
+	/* w2k3 refuses 0x1E names with out marked as group */
+	if (name->type == NBT_NAME_BROWSER && !(nb_flags & NBT_NM_GROUP)) {
+		rcode = NBT_RCODE_RFS;
+		goto done;
+	}
+
+	if (name->scope && strlen(name->scope) > 237) {
+		rcode = NBT_RCODE_SVR;
+		goto done;
+	}
+
+	duplicate_packet = wins_check_wack_queue(iface, packet, src);
+	if (duplicate_packet) {
+		/* just ignore the packet */
+		DEBUG(5,("Ignoring duplicate packet while WACK is pending from %s:%d\n",
+			 src->addr, src->port));
+		return;
+	}
+
+	status = winsdb_lookup(winssrv->wins_db, name, packet, &rec);
+	if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_NOT_FOUND, status)) {
+		rcode = wins_register_new(nbtsock, packet, src, new_type);
+		goto done;
+	} else if (!NT_STATUS_IS_OK(status)) {
+		rcode = NBT_RCODE_SVR;
+		goto done;
+	} else if (rec->is_static) {
+		if (rec->type == WREPL_TYPE_GROUP || rec->type == WREPL_TYPE_SGROUP) {
+			rcode = NBT_RCODE_OK;
+			goto done;
+		}
+		rcode = NBT_RCODE_ACT;
+		goto done;
+	}
+
+	if (rec->type == WREPL_TYPE_GROUP) {
+		if (new_type != WREPL_TYPE_GROUP) {
+			DEBUG(2,("WINS: Attempt to register name %s as non normal group(%u)"
+				 " while a normal group is already there\n",
+				 nbt_name_string(packet, name), new_type));
+			rcode = NBT_RCODE_ACT;
+			goto done;
+		}
+
+		if (rec->state == WREPL_STATE_ACTIVE) {
+			/* TODO: is this correct? */
+			rcode = wins_update_ttl(nbtsock, packet, rec, NULL, src);
+			goto done;
+		}
+
+		/* TODO: is this correct? */
+		winsdb_delete(winssrv->wins_db, rec);
+		rcode = wins_register_new(nbtsock, packet, src, new_type);
+		goto done;
+	}
+
+	if (rec->state != WREPL_STATE_ACTIVE) {
+		winsdb_delete(winssrv->wins_db, rec);
+		rcode = wins_register_new(nbtsock, packet, src, new_type);
+		goto done;
+	}
+
+	switch (rec->type) {
+	case WREPL_TYPE_UNIQUE:
+	case WREPL_TYPE_MHOMED:
+		/* 
+		 * if its an active unique name, and the registration is for a group, then
+		 * see if the unique name owner still wants the name
+		 * TODO: is this correct?
+		 */
+		if (new_type == WREPL_TYPE_GROUP || new_type == WREPL_TYPE_GROUP) {
+			wins_register_wack(nbtsock, packet, rec, src, new_type);
+			return;
+		}
+
+		/* 
+		 * if the registration is for an address that is currently active, then 
+		 * just update the expiry time of the record and the address
+		 */
+		winsdb_addr = winsdb_addr_list_check(rec->addresses, address);
+		if (winsdb_addr) {
+			rcode = wins_update_ttl(nbtsock, packet, rec, winsdb_addr, src);
+			goto done;
+		}
+
+		/*
+		 * we have to do a WACK to see if the current owner is willing
+		 * to give up its claim
+		 */
+		wins_register_wack(nbtsock, packet, rec, src, new_type);
+		return;
+
+	case WREPL_TYPE_GROUP:
+		/* this should not be reached as normal groups are handled above */
+		DEBUG(0,("BUG at %s\n",__location__));
+		rcode = NBT_RCODE_ACT;
+		goto done;
+
+	case WREPL_TYPE_SGROUP:
+		/* if the new record isn't also a special group, refuse the registration */ 
+		if (new_type != WREPL_TYPE_SGROUP) {
+			DEBUG(2,("WINS: Attempt to register name %s as non special group(%u)"
+				 " while a special group is already there\n",
+				 nbt_name_string(packet, name), new_type));
+			rcode = NBT_RCODE_ACT;
+			goto done;
+		}
+
+		/* 
+		 * if the registration is for an address that is currently active, then 
+		 * just update the expiry time of the record and the address
+		 */
+		winsdb_addr = winsdb_addr_list_check(rec->addresses, address);
+		if (winsdb_addr) {
+			rcode = wins_update_ttl(nbtsock, packet, rec, winsdb_addr, src);
+			goto done;
+		}
+
+		rcode = wins_sgroup_merge(nbtsock, packet, rec, address, src);
+		goto done;
+	}
+
+done:
+	nbtd_name_registration_reply(nbtsock, packet, src, rcode);
+}
+
+static uint32_t ipv4_match_bits(struct in_addr ip1, struct in_addr ip2)
+{
+	uint32_t i, j, match=0;
+	uint8_t *p1, *p2;
+
+	p1 = (uint8_t *)&ip1.s_addr;
+	p2 = (uint8_t *)&ip2.s_addr;
+
+	for (i=0; i<4; i++) {
+		if (p1[i] != p2[i]) break;
+		match += 8;
+	}
+
+	if (i==4) return match;
+
+	for (j=0; j<8; j++) {
+		if ((p1[i] & (1<<(7-j))) != (p2[i] & (1<<(7-j))))
+			break;
+		match++;
+	}
+
+	return match;
+}
+
+static int nbtd_wins_randomize1Clist_sort(void *p1,/* (const char **) */
+					  void *p2,/* (const char **) */
+					  struct socket_address *src)
+{
+	const char *a1 = (const char *)*(const char **)p1;
+	const char *a2 = (const char *)*(const char **)p2;
+	uint32_t match_bits1;
+	uint32_t match_bits2;
+
+	match_bits1 = ipv4_match_bits(interpret_addr2(a1), interpret_addr2(src->addr));
+	match_bits2 = ipv4_match_bits(interpret_addr2(a2), interpret_addr2(src->addr));
+
+	return match_bits2 - match_bits1;
+}
+
+static void nbtd_wins_randomize1Clist(struct loadparm_context *lp_ctx,
+				      const char **addresses, struct socket_address *src)
+{
+	const char *mask;
+	const char *tmp;
+	uint32_t num_addrs;
+	uint32_t idx, sidx;
+	int r;
+
+	for (num_addrs=0; addresses[num_addrs]; num_addrs++) { /* noop */ }
+
+	if (num_addrs <= 1) return; /* nothing to do */
+
+	/* first sort the addresses depending on the matching to the client */
+	LDB_TYPESAFE_QSORT(addresses, num_addrs, src, nbtd_wins_randomize1Clist_sort);
+
+	mask = lpcfg_parm_string(lp_ctx, NULL, "nbtd", "wins_randomize1Clist_mask");
+	if (!mask) {
+		mask = "255.255.255.0";
+	}
+
+	/* 
+	 * choose a random address to be the first in the response to the client,
+	 * prefer the addresses inside the nbtd:wins_randomize1Clist_mask netmask
+	 */
+	r = random();
+	idx = sidx = r % num_addrs;
+
+	while (1) {
+		bool same;
+
+		/* if the current one is in the same subnet, use it */
+		same = iface_list_same_net(addresses[idx], src->addr, mask);
+		if (same) {
+			sidx = idx;
+			break;
+		}
+
+		/* we need to check for idx == 0, after checking for the same net */
+		if (idx == 0) break;
+		/* 
+		 * if we haven't found an address in the same subnet, search in ones
+		 * which match the client more
+		 *
+		 * some notes:
+		 *
+		 * it's not "idx = idx % r" but "idx = r % idx"
+		 * because in "a % b" b is the allowed range
+		 * and b-1 is the maximum possible result, so it must be decreasing
+		 * and the above idx == 0 check breaks the while(1) loop.
+		 */
+		idx = r % idx;
+	}
+
+	/* note sidx == 0 is also valid here ... */
+	tmp		= addresses[0];
+	addresses[0]	= addresses[sidx];
+	addresses[sidx]	= tmp;
+}
+
+/*
+  query a name
+*/
+static void nbtd_winsserver_query(struct loadparm_context *lp_ctx,
+				  struct nbt_name_socket *nbtsock, 
+				  struct nbt_name_packet *packet, 
+				  struct socket_address *src)
+{
+	NTSTATUS status;
+	struct nbtd_interface *iface = talloc_get_type(nbtsock->incoming.private_data,
+						       struct nbtd_interface);
+	struct wins_server *winssrv = iface->nbtsrv->winssrv;
+	struct nbt_name *name = &packet->questions[0].name;
+	struct winsdb_record *rec;
+	struct winsdb_record *rec_1b = NULL;
+	const char **addresses;
+	const char **addresses_1b = NULL;
+	uint16_t nb_flags = 0;
+
+	if (name->type == NBT_NAME_MASTER) {
+		goto notfound;
+	}
+
+	/*
+	 * w2k3 returns the first address of the 0x1B record as first address
+	 * to a 0x1C query
+	 *
+	 * since Windows 2000 Service Pack 2 there's on option to trigger this behavior:
+	 *
+	 * HKEY_LOCAL_MACHINE\System\CurrentControlset\Services\WINS\Parameters\Prepend1BTo1CQueries
+	 * Typ: Daten REG_DWORD
+	 * Value: 0 = deactivated, 1 = activated
+	 */
+	if (name->type == NBT_NAME_LOGON && 
+	    lpcfg_parm_bool(lp_ctx, NULL, "nbtd", "wins_prepend1Bto1Cqueries", true)) {
+		struct nbt_name name_1b;
+
+		name_1b = *name;
+		name_1b.type = NBT_NAME_PDC;
+
+		status = winsdb_lookup(winssrv->wins_db, &name_1b, packet, &rec_1b);
+		if (NT_STATUS_IS_OK(status)) {
+			addresses_1b = winsdb_addr_string_list(packet, rec_1b->addresses);
+		}
+	}
+
+	status = winsdb_lookup(winssrv->wins_db, name, packet, &rec);
+	if (!NT_STATUS_IS_OK(status)) {
+		if (!lpcfg_wins_dns_proxy(lp_ctx)) {
+			goto notfound;
+		}
+
+		if (name->type != NBT_NAME_CLIENT && name->type != NBT_NAME_SERVER) {
+			goto notfound;
+		}
+
+		nbtd_wins_dns_proxy_query(nbtsock, packet, src);
+		return;
+	}
+
+	/*
+	 * for group's we always reply with
+	 * 255.255.255.255 as address, even if
+	 * the record is released or tombstoned
+	 */
+	if (rec->type == WREPL_TYPE_GROUP) {
+		addresses = str_list_add(NULL, "255.255.255.255");
+		talloc_steal(packet, addresses);
+		if (!addresses) {
+			goto notfound;
+		}
+		nb_flags |= NBT_NM_GROUP;
+		goto found;
+	}
+
+	if (rec->state != WREPL_STATE_ACTIVE) {
+		goto notfound;
+	}
+
+	addresses = winsdb_addr_string_list(packet, rec->addresses);
+	if (!addresses) {
+		goto notfound;
+	}
+
+	/* 
+	 * if addresses_1b isn't NULL, we have a 0x1C query and need to return the
+	 * first 0x1B address as first address
+	 */
+	if (addresses_1b && addresses_1b[0]) {
+		const char **addresses_1c = addresses;
+		uint32_t i;
+		uint32_t num_addrs;
+
+		addresses = str_list_add(NULL, addresses_1b[0]);
+		if (!addresses) {
+			goto notfound;
+		}
+		talloc_steal(packet, addresses);
+		num_addrs = 1;
+
+		for (i=0; addresses_1c[i]; i++) {
+			if (strcmp(addresses_1b[0], addresses_1c[i]) == 0) continue;
+
+			/*
+			 * stop when we already have 25 addresses
+			 */
+			if (num_addrs >= 25) break;
+
+			num_addrs++;			
+			addresses = str_list_add(addresses, addresses_1c[i]);
+			if (!addresses) {
+				goto notfound;
+			}
+		}
+	}
+
+	if (rec->type == WREPL_TYPE_SGROUP) {
+		nb_flags |= NBT_NM_GROUP;
+	} else {
+		nb_flags |= (rec->node <<13);
+	}
+
+	/*
+	 * since Windows 2000 Service Pack 2 there's on option to trigger this behavior:
+	 *
+	 * HKEY_LOCAL_MACHINE\System\CurrentControlset\Services\WINS\Parameters\Randomize1CList
+	 * Typ: Daten REG_DWORD
+	 * Value: 0 = deactivated, 1 = activated
+	 */
+	if (name->type == NBT_NAME_LOGON && 
+	    lpcfg_parm_bool(lp_ctx, NULL, "nbtd", "wins_randomize1Clist", false)) {
+		nbtd_wins_randomize1Clist(lp_ctx, addresses, src);
+	}
+
+found:
+	nbtd_name_query_reply(nbtsock, packet, src, name, 
+			      0, nb_flags, addresses);
+	return;
+
+notfound:
+	nbtd_negative_name_query_reply(nbtsock, packet, src);
+}
+
+/*
+  release a name
+*/
+static void nbtd_winsserver_release(struct nbt_name_socket *nbtsock, 
+				    struct nbt_name_packet *packet, 
+				    struct socket_address *src)
+{
+	NTSTATUS status;
+	struct nbtd_interface *iface = talloc_get_type(nbtsock->incoming.private_data,
+						       struct nbtd_interface);
+	struct wins_server *winssrv = iface->nbtsrv->winssrv;
+	struct nbt_name *name = &packet->questions[0].name;
+	struct winsdb_record *rec;
+	uint32_t modify_flags = 0;
+	uint8_t ret;
+
+	if (name->type == NBT_NAME_MASTER) {
+		goto done;
+	}
+
+	if (name->scope && strlen(name->scope) > 237) {
+		goto done;
+	}
+
+	status = winsdb_lookup(winssrv->wins_db, name, packet, &rec);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
+
+	if (rec->is_static) {
+		if (rec->type == WREPL_TYPE_UNIQUE || rec->type == WREPL_TYPE_MHOMED) {
+			goto done;
+		}
+		nbtd_name_release_reply(nbtsock, packet, src, NBT_RCODE_ACT);
+		return;
+	}
+
+	if (rec->state != WREPL_STATE_ACTIVE) {
+		goto done;
+	}
+
+	/* 
+	 * TODO: do we need to check if
+	 *       src->addr matches packet->additional[0].rdata.netbios.addresses[0].ipaddr
+	 *       here?
+	 */
+
+	/* 
+	 * we only allow releases from an owner - other releases are
+	 * silently ignored
+	 */
+	if (!winsdb_addr_list_check(rec->addresses, src->addr)) {
+		int i;
+		DEBUG(4,("WINS: silently ignoring attempted name release on %s from %s\n", nbt_name_string(rec, rec->name), src->addr));
+		DEBUGADD(4, ("Registered Addresses: \n"));
+		for (i=0; rec->addresses && rec->addresses[i]; i++) {
+			DEBUGADD(4, ("%s\n", rec->addresses[i]->address));
+		}
+		goto done;
+	}
+
+	DEBUG(4,("WINS: released name %s from %s\n", nbt_name_string(rec, rec->name), src->addr));
+
+	switch (rec->type) {
+	case WREPL_TYPE_UNIQUE:
+		rec->state = WREPL_STATE_RELEASED;
+		break;
+
+	case WREPL_TYPE_GROUP:
+		rec->state = WREPL_STATE_RELEASED;
+		break;
+
+	case WREPL_TYPE_SGROUP:
+		winsdb_addr_list_remove(rec->addresses, src->addr);
+		/* TODO: do we need to take the ownership here? */
+		if (winsdb_addr_list_length(rec->addresses) == 0) {
+			rec->state = WREPL_STATE_RELEASED;
+		}
+		break;
+
+	case WREPL_TYPE_MHOMED:
+		winsdb_addr_list_remove(rec->addresses, src->addr);
+		/* TODO: do we need to take the ownership here? */
+		if (winsdb_addr_list_length(rec->addresses) == 0) {
+			rec->state = WREPL_STATE_RELEASED;
+		}
+		break;
+	}
+
+	if (rec->state == WREPL_STATE_ACTIVE) {
+		/*
+		 * If the record is still active, we need to update the
+		 * expire_time.
+		 *
+		 * if we're not the owner, we need to take the ownership.
+		 */
+		rec->expire_time= time(NULL) + winssrv->config.max_renew_interval;
+		if (strcmp(rec->wins_owner, winssrv->wins_db->local_owner) != 0) {
+			modify_flags = WINSDB_FLAG_ALLOC_VERSION | WINSDB_FLAG_TAKE_OWNERSHIP;
+		}
+		if (lpcfg_parm_bool(iface->nbtsrv->task->lp_ctx, NULL, "wreplsrv", "propagate name releases", false)) {
+			/*
+			 * We have an option to propagate every name release,
+			 * this is off by default to match windows servers
+			 */
+			modify_flags = WINSDB_FLAG_ALLOC_VERSION | WINSDB_FLAG_TAKE_OWNERSHIP;
+		}
+	} else if (rec->state == WREPL_STATE_RELEASED) {
+		/*
+		 * if we're not the owner, we need to take the owner ship
+		 * and make the record tombstone, but expire after
+		 * tombstone_interval + tombstone_timeout and not only after tombstone_timeout
+		 * like for normal tombstone records.
+		 * This is to replicate the record directly to the original owner,
+		 * where the record is still active
+		 */ 
+		if (strcmp(rec->wins_owner, winssrv->wins_db->local_owner) == 0) {
+			rec->expire_time= time(NULL) + winssrv->config.tombstone_interval;
+		} else {
+			rec->state	= WREPL_STATE_TOMBSTONE;
+			rec->expire_time= time(NULL) + 
+					  winssrv->config.tombstone_interval +
+					  winssrv->config.tombstone_timeout;
+			modify_flags	= WINSDB_FLAG_ALLOC_VERSION | WINSDB_FLAG_TAKE_OWNERSHIP;
+		}
+	}
+
+	ret = winsdb_modify(winssrv->wins_db, rec, modify_flags);
+	if (ret != NBT_RCODE_OK) {
+		DEBUG(1,("WINS: FAILED: released name %s at %s: error:%u\n",
+			nbt_name_string(rec, rec->name), src->addr, ret));
+	}
+done:
+	/* we match w2k3 by always giving a positive reply to name releases. */
+	nbtd_name_release_reply(nbtsock, packet, src, NBT_RCODE_OK);
+}
+
+
+/*
+  answer a name query
+*/
+void nbtd_winsserver_request(struct nbt_name_socket *nbtsock, 
+			     struct nbt_name_packet *packet, 
+			     struct socket_address *src)
+{
+	struct nbtd_interface *iface = talloc_get_type(nbtsock->incoming.private_data,
+						       struct nbtd_interface);
+	struct wins_server *winssrv = iface->nbtsrv->winssrv;
+	if ((packet->operation & NBT_FLAG_BROADCAST) || winssrv == NULL) {
+		return;
+	}
+
+	switch (packet->operation & NBT_OPCODE) {
+	case NBT_OPCODE_QUERY:
+		nbtd_winsserver_query(iface->nbtsrv->task->lp_ctx, nbtsock, packet, src);
+		break;
+
+	case NBT_OPCODE_REGISTER:
+	case NBT_OPCODE_REFRESH:
+	case NBT_OPCODE_REFRESH2:
+	case NBT_OPCODE_MULTI_HOME_REG:
+		nbtd_winsserver_register(nbtsock, packet, src);
+		break;
+
+	case NBT_OPCODE_RELEASE:
+		nbtd_winsserver_release(nbtsock, packet, src);
+		break;
+	}
+
+}
+
+/*
+  startup the WINS server, if configured
+*/
+NTSTATUS nbtd_winsserver_init(struct nbtd_server *nbtsrv)
+{
+	uint32_t tmp;
+	const char *owner;
+
+	if (!lpcfg_we_are_a_wins_server(nbtsrv->task->lp_ctx)) {
+		nbtsrv->winssrv = NULL;
+		return NT_STATUS_OK;
+	}
+
+	nbtsrv->winssrv = talloc_zero(nbtsrv, struct wins_server);
+	NT_STATUS_HAVE_NO_MEMORY(nbtsrv->winssrv);
+
+	nbtsrv->winssrv->config.max_renew_interval = lpcfg_max_wins_ttl(nbtsrv->task->lp_ctx);
+	nbtsrv->winssrv->config.min_renew_interval = lpcfg_min_wins_ttl(nbtsrv->task->lp_ctx);
+	tmp = lpcfg_parm_int(nbtsrv->task->lp_ctx, NULL, "wreplsrv", "tombstone_interval", 6*24*60*60);
+	nbtsrv->winssrv->config.tombstone_interval = tmp;
+	tmp = lpcfg_parm_int(nbtsrv->task->lp_ctx, NULL, "wreplsrv"," tombstone_timeout", 1*24*60*60);
+	nbtsrv->winssrv->config.tombstone_timeout = tmp;
+
+	owner = lpcfg_parm_string(nbtsrv->task->lp_ctx, NULL, "winsdb", "local_owner");
+
+	if (owner == NULL) {
+		struct interface *ifaces;
+		load_interface_list(nbtsrv->task, nbtsrv->task->lp_ctx, &ifaces);
+		owner = iface_list_first_v4(ifaces);
+	}
+
+	nbtsrv->winssrv->wins_db     = winsdb_connect(nbtsrv->winssrv, nbtsrv->task->event_ctx, 
+						      nbtsrv->task->lp_ctx,
+						      owner, WINSDB_HANDLE_CALLER_NBTD);
+	if (!nbtsrv->winssrv->wins_db) {
+		return NT_STATUS_INTERNAL_DB_ERROR;
+	}
+
+	irpc_add_name(nbtsrv->task->msg_ctx, "wins_server");
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/nbt_server/wins/winsserver.h b/source4/nbt_server/wins/winsserver.h
new file mode 100644
index 0000000..803a9e2
--- /dev/null
+++ b/source4/nbt_server/wins/winsserver.h
@@ -0,0 +1,67 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   wins server WACK processing
+
+   Copyright (C) Stefan Metzmacher	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+struct wins_server {
+	/* wins server database handle */
+	struct winsdb_handle *wins_db;
+
+	/* some configuration */
+	struct {
+		/* 
+		 * the interval (in secs) till an active record will be marked as RELEASED
+		 */
+		uint32_t min_renew_interval;
+		uint32_t max_renew_interval;
+
+		/* 
+		 * the interval (in secs) a record remains in RELEASED state,
+		 * before it will be marked as TOMBSTONE
+		 * (also known as extinction interval)
+		 */
+		uint32_t tombstone_interval;
+
+		/* 
+		 * the interval (in secs) a record remains in TOMBSTONE state,
+		 * before it will be removed from the database.
+		 * See also 'tombstone_extra_timeout'.
+		 * (also known as extinction timeout)
+		 */
+		uint32_t tombstone_timeout;
+	} config;
+};
+
+struct wins_challenge_io {
+	struct {
+		struct nbtd_server *nbtd_server;
+		uint16_t nbt_port;
+		struct tevent_context *event_ctx;
+		struct nbt_name *name;
+		uint32_t num_addresses;
+		const char **addresses;
+	} in;
+	struct {
+		uint32_t num_addresses;
+		const char **addresses;
+	} out;
+};
+
+struct composite_context;
+#include "nbt_server/wins/winsserver_proto.h"
diff --git a/source4/nbt_server/wins/winswack.c b/source4/nbt_server/wins/winswack.c
new file mode 100644
index 0000000..735a4e6
--- /dev/null
+++ b/source4/nbt_server/wins/winswack.c
@@ -0,0 +1,387 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   "secure" wins server WACK processing
+
+   Copyright (C) Andrew Tridgell	2005
+   Copyright (C) Stefan Metzmacher	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "nbt_server/nbt_server.h"
+#include "nbt_server/wins/winsdb.h"
+#include "nbt_server/wins/winsserver.h"
+#include "system/time.h"
+#include "libcli/composite/composite.h"
+#include "param/param.h"
+#include "samba/service_task.h"
+
+struct wins_challenge_state {
+	struct wins_challenge_io *io;
+	uint32_t current_address;
+	struct nbt_name_query query;
+};
+
+static void wins_challenge_handler(struct nbt_name_request *req)
+{
+	struct composite_context *ctx = talloc_get_type(req->async.private_data, struct composite_context);
+	struct wins_challenge_state *state = talloc_get_type(ctx->private_data, struct wins_challenge_state);
+
+	ctx->status = nbt_name_query_recv(req, state, &state->query);
+
+	/* if we timed out then try the next owner address, if any */
+	if (NT_STATUS_EQUAL(ctx->status, NT_STATUS_IO_TIMEOUT)) {
+		state->current_address++;
+		if (state->current_address < state->io->in.num_addresses) {
+			struct nbtd_interface *iface;
+
+			state->query.in.dest_port = state->io->in.nbt_port;
+			state->query.in.dest_addr = state->io->in.addresses[state->current_address];
+			
+			iface = nbtd_find_request_iface(state->io->in.nbtd_server, state->query.in.dest_addr, true);
+			if (!iface) {
+				composite_error(ctx, NT_STATUS_INTERNAL_ERROR);
+				return;
+			}
+
+			ZERO_STRUCT(state->query.out);
+			req = nbt_name_query_send(iface->nbtsock, &state->query);
+			composite_continue_nbt(ctx, req, wins_challenge_handler, ctx);
+			return;
+		}
+	}
+
+	composite_done(ctx);
+}
+
+NTSTATUS wins_challenge_recv(struct composite_context *ctx, TALLOC_CTX *mem_ctx, struct wins_challenge_io *io)
+{
+	NTSTATUS status = ctx->status;
+	struct wins_challenge_state *state = talloc_get_type(ctx->private_data, struct wins_challenge_state);
+
+	if (NT_STATUS_IS_OK(status)) {
+		io->out.num_addresses	= state->query.out.num_addrs;
+		io->out.addresses	= state->query.out.reply_addrs;
+		talloc_steal(mem_ctx, io->out.addresses);
+	} else {
+		ZERO_STRUCT(io->out);
+	}
+
+	talloc_free(ctx);
+	return status;
+}
+
+struct composite_context *wins_challenge_send(TALLOC_CTX *mem_ctx, struct wins_challenge_io *io)
+{
+	struct composite_context *result;
+	struct wins_challenge_state *state;
+	struct nbt_name_request *req;
+	struct nbtd_interface *iface;
+
+	result = talloc_zero(mem_ctx, struct composite_context);
+	if (result == NULL) return NULL;
+	result->state = COMPOSITE_STATE_IN_PROGRESS;
+	result->event_ctx = io->in.event_ctx;
+
+	state = talloc_zero(result, struct wins_challenge_state);
+	if (state == NULL) goto failed;
+	result->private_data = state;
+
+	/* package up the state variables for this wack request */
+	state->io		= io;
+	state->current_address	= 0;
+
+	/* setup a name query to the first address */
+	state->query.in.name        = *state->io->in.name;
+	state->query.in.dest_port   = state->io->in.nbt_port;
+	state->query.in.dest_addr   = state->io->in.addresses[state->current_address];
+	state->query.in.broadcast   = false;
+	state->query.in.wins_lookup = true;
+	state->query.in.timeout     = 1;
+	state->query.in.retries     = 2;
+	ZERO_STRUCT(state->query.out);
+
+	iface = nbtd_find_request_iface(state->io->in.nbtd_server, state->query.in.dest_addr, true);
+	if (!iface) {
+		goto failed;
+	}
+
+	req = nbt_name_query_send(iface->nbtsock, &state->query);
+	if (req == NULL) goto failed;
+
+	req->async.fn = wins_challenge_handler;
+	req->async.private_data = result;
+
+	return result;
+failed:
+	talloc_free(result);
+	return NULL;
+}
+
+struct wins_release_demand_io {
+	struct {
+		struct nbtd_server *nbtd_server;
+		struct tevent_context *event_ctx;
+		struct nbt_name *name;
+		uint16_t nb_flags;
+		uint32_t num_addresses;
+		const char **addresses;
+	} in;
+};
+
+struct wins_release_demand_state {
+	struct wins_release_demand_io *io;
+	uint32_t current_address;
+	uint32_t addresses_left;
+	struct nbt_name_release release;
+};
+
+static void wins_release_demand_handler(struct nbt_name_request *req)
+{
+	struct composite_context *ctx = talloc_get_type(req->async.private_data, struct composite_context);
+	struct wins_release_demand_state *state = talloc_get_type(ctx->private_data, struct wins_release_demand_state);
+
+	ctx->status = nbt_name_release_recv(req, state, &state->release);
+
+	/* if we timed out then try the next owner address, if any */
+	if (NT_STATUS_EQUAL(ctx->status, NT_STATUS_IO_TIMEOUT)) {
+		state->current_address++;
+		state->addresses_left--;
+		if (state->current_address < state->io->in.num_addresses) {
+			struct nbtd_interface *iface;
+
+			state->release.in.dest_port = lpcfg_nbt_port(state->io->in.nbtd_server->task->lp_ctx);
+			state->release.in.dest_addr = state->io->in.addresses[state->current_address];
+			state->release.in.address   = state->release.in.dest_addr;
+			state->release.in.timeout   = (state->addresses_left > 1 ? 2 : 1);
+			state->release.in.retries   = (state->addresses_left > 1 ? 0 : 2);
+
+			iface = nbtd_find_request_iface(state->io->in.nbtd_server, state->release.in.dest_addr, true);
+			if (!iface) {
+				composite_error(ctx, NT_STATUS_INTERNAL_ERROR);
+				return;
+			}
+
+			ZERO_STRUCT(state->release.out);
+			req = nbt_name_release_send(iface->nbtsock, &state->release);
+			composite_continue_nbt(ctx, req, wins_release_demand_handler, ctx);
+			return;
+		}
+	}
+
+	composite_done(ctx);
+}
+
+static NTSTATUS wins_release_demand_recv(struct composite_context *ctx,
+					 TALLOC_CTX *mem_ctx,
+					 struct wins_release_demand_io *io)
+{
+	NTSTATUS status = ctx->status;
+	talloc_free(ctx);
+	return status;
+}
+
+static struct composite_context *wins_release_demand_send(TALLOC_CTX *mem_ctx, struct wins_release_demand_io *io)
+{
+	struct composite_context *result;
+	struct wins_release_demand_state *state;
+	struct nbt_name_request *req;
+	struct nbtd_interface *iface;
+
+	result = talloc_zero(mem_ctx, struct composite_context);
+	if (result == NULL) return NULL;
+	result->state = COMPOSITE_STATE_IN_PROGRESS;
+	result->event_ctx = io->in.event_ctx;
+
+	state = talloc_zero(result, struct wins_release_demand_state);
+	if (state == NULL) goto failed;
+	result->private_data = state;
+
+	/* package up the state variables for this wack request */
+	state->io		= io;
+	state->current_address	= 0;
+	state->addresses_left	= state->io->in.num_addresses;
+
+	/* 
+	 * setup a name query to the first address
+	 * - if we have more than one address try the first
+	 *   with 2 secs timeout and no retry
+	 * - otherwise use 1 sec timeout (w2k3 uses 0.5 sec here)
+	 *   with 2 retries
+	 */
+	state->release.in.name        = *state->io->in.name;
+	state->release.in.dest_port   = lpcfg_nbt_port(state->io->in.nbtd_server->task->lp_ctx);
+	state->release.in.dest_addr   = state->io->in.addresses[state->current_address];
+	state->release.in.address     = state->release.in.dest_addr;
+	state->release.in.broadcast   = false;
+	state->release.in.timeout     = (state->addresses_left > 1 ? 2 : 1);
+	state->release.in.retries     = (state->addresses_left > 1 ? 0 : 2);
+	ZERO_STRUCT(state->release.out);
+
+	iface = nbtd_find_request_iface(state->io->in.nbtd_server, state->release.in.dest_addr, true);
+	if (!iface) {
+		goto failed;
+	}
+
+	req = nbt_name_release_send(iface->nbtsock, &state->release);
+	if (req == NULL) goto failed;
+
+	req->async.fn = wins_release_demand_handler;
+	req->async.private_data = result;
+
+	return result;
+failed:
+	talloc_free(result);
+	return NULL;
+}
+
+/*
+  wrepl_server needs to be able to do a name query request, but some windows
+  servers always send the reply to port 137, regardless of the request
+  port. To cope with this we use a irpc request to the NBT server
+  which has port 137 open, and thus can receive the replies
+*/
+struct proxy_wins_challenge_state {
+	struct irpc_message *msg;
+	struct nbtd_proxy_wins_challenge *req;
+	struct wins_challenge_io io;
+	struct composite_context *c_req;
+};
+
+static void proxy_wins_challenge_handler(struct composite_context *c_req)
+{
+	NTSTATUS status;
+	uint32_t i;
+	struct proxy_wins_challenge_state *s = talloc_get_type(c_req->async.private_data,
+							       struct proxy_wins_challenge_state);
+
+	status = wins_challenge_recv(s->c_req, s, &s->io);
+	if (!NT_STATUS_IS_OK(status)) {
+		ZERO_STRUCT(s->req->out);
+		irpc_send_reply(s->msg, status);
+		return;
+	}
+
+	s->req->out.num_addrs	= s->io.out.num_addresses;		
+	/* TODO: fix pidl to handle inline ipv4address arrays */
+	s->req->out.addrs	= talloc_array(s->msg, struct nbtd_proxy_wins_addr,
+					       s->io.out.num_addresses);
+	if (!s->req->out.addrs) {
+		ZERO_STRUCT(s->req->out);
+		irpc_send_reply(s->msg, NT_STATUS_NO_MEMORY);
+		return;
+	}
+	for (i=0; i < s->io.out.num_addresses; i++) {
+		s->req->out.addrs[i].addr = talloc_steal(s->req->out.addrs, s->io.out.addresses[i]);
+	}
+
+	irpc_send_reply(s->msg, status);
+}
+
+NTSTATUS nbtd_proxy_wins_challenge(struct irpc_message *msg, 
+				   struct nbtd_proxy_wins_challenge *req)
+{
+	struct nbtd_server *nbtd_server =
+		talloc_get_type(msg->private_data, struct nbtd_server);
+	struct proxy_wins_challenge_state *s;
+	uint32_t i;
+
+	s = talloc(msg, struct proxy_wins_challenge_state);
+        NT_STATUS_HAVE_NO_MEMORY(s);
+
+	s->msg = msg;
+	s->req = req;
+
+	s->io.in.nbtd_server	= nbtd_server;
+	s->io.in.nbt_port       = lpcfg_nbt_port(nbtd_server->task->lp_ctx);
+	s->io.in.event_ctx	= nbtd_server->task->event_ctx;
+	s->io.in.name		= &req->in.name;
+	s->io.in.num_addresses	= req->in.num_addrs;
+	s->io.in.addresses	= talloc_array(s, const char *, req->in.num_addrs);
+	NT_STATUS_HAVE_NO_MEMORY(s->io.in.addresses);
+	/* TODO: fix pidl to handle inline ipv4address arrays */
+	for (i=0; i < req->in.num_addrs; i++) {
+		s->io.in.addresses[i]	= talloc_steal(s->io.in.addresses, req->in.addrs[i].addr);
+	}
+
+	s->c_req = wins_challenge_send(s, &s->io);
+	NT_STATUS_HAVE_NO_MEMORY(s->c_req);
+
+	s->c_req->async.fn		= proxy_wins_challenge_handler;
+	s->c_req->async.private_data	= s;
+
+	msg->defer_reply = true;
+	return NT_STATUS_OK;
+}
+
+/*
+  wrepl_server needs to be able to do a name release demands, but some windows
+  servers always send the reply to port 137, regardless of the request
+  port. To cope with this we use a irpc request to the NBT server
+  which has port 137 open, and thus can receive the replies
+*/
+struct proxy_wins_release_demand_state {
+	struct irpc_message *msg;
+	struct nbtd_proxy_wins_release_demand *req;
+	struct wins_release_demand_io io;
+	struct composite_context *c_req;
+};
+
+static void proxy_wins_release_demand_handler(struct composite_context *c_req)
+{
+	NTSTATUS status;
+	struct proxy_wins_release_demand_state *s = talloc_get_type(c_req->async.private_data,
+							       struct proxy_wins_release_demand_state);
+
+	status = wins_release_demand_recv(s->c_req, s, &s->io);
+
+	irpc_send_reply(s->msg, status);
+}
+
+NTSTATUS nbtd_proxy_wins_release_demand(struct irpc_message *msg, 
+				   struct nbtd_proxy_wins_release_demand *req)
+{
+	struct nbtd_server *nbtd_server =
+		talloc_get_type(msg->private_data, struct nbtd_server);
+	struct proxy_wins_release_demand_state *s;
+	uint32_t i;
+
+	s = talloc(msg, struct proxy_wins_release_demand_state);
+        NT_STATUS_HAVE_NO_MEMORY(s);
+
+	s->msg = msg;
+	s->req = req;
+
+	s->io.in.nbtd_server	= nbtd_server;
+	s->io.in.event_ctx	= nbtd_server->task->event_ctx;
+	s->io.in.name		= &req->in.name;
+	s->io.in.num_addresses	= req->in.num_addrs;
+	s->io.in.addresses	= talloc_array(s, const char *, req->in.num_addrs);
+	NT_STATUS_HAVE_NO_MEMORY(s->io.in.addresses);
+	/* TODO: fix pidl to handle inline ipv4address arrays */
+	for (i=0; i < req->in.num_addrs; i++) {
+		s->io.in.addresses[i]	= talloc_steal(s->io.in.addresses, req->in.addrs[i].addr);
+	}
+
+	s->c_req = wins_release_demand_send(s, &s->io);
+	NT_STATUS_HAVE_NO_MEMORY(s->c_req);
+
+	s->c_req->async.fn		= proxy_wins_release_demand_handler;
+	s->c_req->async.private_data	= s;
+
+	msg->defer_reply = true;
+	return NT_STATUS_OK;
+}
diff --git a/source4/nbt_server/wscript_build b/source4/nbt_server/wscript_build
new file mode 100644
index 0000000..9d0c24a
--- /dev/null
+++ b/source4/nbt_server/wscript_build
@@ -0,0 +1,54 @@
+#!/usr/bin/env python
+
+bld.SAMBA_SUBSYSTEM('WINSDB',
+	source='wins/winsdb.c wins/wins_hook.c',
+	autoproto='wins/winsdb_proto.h',
+	public_deps='ldb ldbsamba',
+	enabled=bld.AD_DC_BUILD_IS_ENABLED()
+	)
+
+
+bld.SAMBA_MODULE('ldb_wins_ldb',
+	source='wins/wins_ldb.c',
+	subsystem='ldb',
+	init_function='ldb_wins_ldb_module_init',
+        module_init_name='ldb_init_module',
+	deps='ldb netif samba-hostconfig samba-util',
+	internal_module=False,
+	enabled=bld.AD_DC_BUILD_IS_ENABLED()
+	)
+
+
+bld.SAMBA_SUBSYSTEM('NBTD_WINS',
+	source='wins/winsserver.c wins/winsclient.c wins/winswack.c wins/wins_dns_proxy.c',
+	autoproto='wins/winsserver_proto.h',
+	deps='cli-nbt WINSDB',
+	enabled=bld.AD_DC_BUILD_IS_ENABLED()
+	)
+
+
+bld.SAMBA_SUBSYSTEM('NBTD_DGRAM',
+	source='dgram/request.c dgram/netlogon.c dgram/browse.c',
+	autoproto='dgram/proto.h',
+	deps='LIBCLI_DGRAM DSDB_MODULE_HELPERS',
+	enabled=bld.AD_DC_BUILD_IS_ENABLED()
+	)
+
+
+bld.SAMBA_SUBSYSTEM('NBT_SERVER',
+	source='interfaces.c register.c query.c nodestatus.c defense.c packet.c irpc.c',
+	autoproto='nbt_server_proto.h',
+	deps='cli-nbt NBTD_WINS NBTD_DGRAM service',
+	enabled=bld.AD_DC_BUILD_IS_ENABLED()
+	)
+
+
+bld.SAMBA_MODULE('service_nbtd',
+	source='nbt_server.c',
+	subsystem='service',
+	init_function='server_service_nbtd_init',
+	deps='NBT_SERVER process_model',
+	internal_module=False,
+	enabled=bld.AD_DC_BUILD_IS_ENABLED()
+	)
+
diff --git a/source4/ntp_signd/README b/source4/ntp_signd/README
new file mode 100644
index 0000000..585459b
--- /dev/null
+++ b/source4/ntp_signd/README
@@ -0,0 +1,7 @@
+Here are some pointers to the needed ntp version.
+
+https://support.ntp.org/bugs/show_bug.cgi?id=1028
+
+The patch against ntp-dev-4.2.5p125
+https://support.ntp.org/bugs/attachment.cgi?id=457
+
diff --git a/source4/ntp_signd/ntp-dev-4.2.5p125.diff b/source4/ntp_signd/ntp-dev-4.2.5p125.diff
new file mode 100644
index 0000000..40669fb
--- /dev/null
+++ b/source4/ntp_signd/ntp-dev-4.2.5p125.diff
@@ -0,0 +1,579 @@
+Only in ntp-samba: autom4te.cache
+Only in ntp-samba: config.h
+Only in ntp-samba: config.log
+Only in ntp-samba: config.status
+Only in ntp-samba/ElectricFence: .deps
+Only in ntp-samba/ElectricFence: Makefile
+Only in ntp-samba: .gcc-warning
+Only in ntp-samba/include/isc: Makefile
+Only in ntp-samba/include: Makefile
+diff -ur ntp-dev-4.2.5p125/include/ntp_config.h ntp-samba/include/ntp_config.h
+--- ntp-dev-4.2.5p125/include/ntp_config.h	2008-07-17 07:20:58.000000000 +1000
++++ ntp-samba/include/ntp_config.h	2008-08-28 21:59:06.000000000 +1000
+@@ -92,6 +92,7 @@
+     int requested_key;
+     int revoke;
+     queue *trusted_key_list;
++    char *ntp_signd_socket;
+ };
+ 
+ struct filegen_node {
+diff -ur ntp-dev-4.2.5p125/include/ntpd.h ntp-samba/include/ntpd.h
+--- ntp-dev-4.2.5p125/include/ntpd.h	2008-05-18 21:11:28.000000000 +1000
++++ ntp-samba/include/ntpd.h	2008-08-28 21:59:06.000000000 +1000
+@@ -259,6 +259,8 @@
+ extern int	config_priority;
+ #endif
+ 
++extern char const *ntp_signd_socket;
++
+ /* ntp_control.c */
+ extern int	num_ctl_traps;
+ extern keyid_t	ctl_auth_keyid;		/* keyid used for authenticating write requests */
+@@ -471,3 +473,15 @@
+ extern struct refclock *refclock_conf[]; /* refclock configuration table */
+ extern u_char	num_refclock_conf;
+ #endif
++
++/* ntp_signd.c */
++#ifdef HAVE_NTP_SIGND
++extern void 
++send_via_ntp_signd(
++	struct recvbuf *rbufp,	/* receive packet pointer */
++	int	xmode,
++	keyid_t	xkeyid, 
++	int flags,
++	struct pkt  *xpkt
++	);
++#endif
+diff -ur ntp-dev-4.2.5p125/include/ntp.h ntp-samba/include/ntp.h
+--- ntp-dev-4.2.5p125/include/ntp.h	2008-08-10 22:37:56.000000000 +1000
++++ ntp-samba/include/ntp.h	2008-08-28 21:59:06.000000000 +1000
+@@ -447,6 +447,7 @@
+ #ifdef	OPENSSL
+ #define FLAG_ASSOC	0x4000	/* autokey request */
+ #endif /* OPENSSL */
++#define FLAG_ADKEY      0x00010000      /* Authenticated (or wants reply to be authenticated) using AD authentication */
+ 
+ /*
+  * Definitions for the clear() routine.  We use memset() to clear
+Only in ntp-samba/include: ntp.h.orig
+Only in ntp-samba: libtool
+Only in ntp-samba: Makefile
+diff -ur ntp-dev-4.2.5p125/ntpd/Makefile.am ntp-samba/ntpd/Makefile.am
+--- ntp-dev-4.2.5p125/ntpd/Makefile.am	2008-05-18 21:11:29.000000000 +1000
++++ ntp-samba/ntpd/Makefile.am	2008-08-28 21:59:06.000000000 +1000
+@@ -65,7 +65,7 @@
+ 	ntp_crypto.c ntp_filegen.c \
+ 	ntp_intres.c ntp_loopfilter.c ntp_monitor.c ntp_peer.c \
+ 	ntp_proto.c ntp_refclock.c ntp_request.c \
+-	ntp_restrict.c ntp_timer.c ntp_util.c \
++	ntp_restrict.c ntp_timer.c ntp_util.c ntp_signd.c \
+ 	ppsapi_timepps.h \
+ 	refclock_acts.c refclock_arbiter.c refclock_arc.c refclock_as2201.c \
+ 	refclock_atom.c refclock_bancomm.c refclock_chronolog.c \
+diff -ur ntp-dev-4.2.5p125/ntpd/ntp_config.c ntp-samba/ntpd/ntp_config.c
+--- ntp-dev-4.2.5p125/ntpd/ntp_config.c	2008-08-10 22:37:54.000000000 +1000
++++ ntp-samba/ntpd/ntp_config.c	2008-08-28 22:03:52.000000000 +1000
+@@ -148,6 +148,7 @@
+ #endif
+ 
+ const char *config_file;
++const char *ntp_signd_socket;
+ #ifdef HAVE_NETINFO
+ struct netinfo_config_state *config_netinfo = NULL;
+ int check_netinfo = 1;
+@@ -276,6 +277,11 @@
+ 	my_config.auth.crypto_cmd_list = NULL;
+ 	my_config.auth.keys = NULL;
+ 	my_config.auth.keysdir = NULL;
++#ifdef NTP_SIGND_PATH
++	my_config.auth.ntp_signd_socket = NTP_SIGND_PATH;
++#else
++	my_config.auth.ntp_signd_socket = NULL;
++#endif
+ 	my_config.auth.requested_key = 0;
+ 	my_config.auth.revoke = 0;
+ 	my_config.auth.trusted_key_list = NULL;
+@@ -795,6 +801,7 @@
+ 	{ "crypto",		T_Crypto,          NO_ARG },
+ 	{ "keys",		T_Keys,            SINGLE_ARG },
+ 	{ "keysdir",		T_Keysdir,         SINGLE_ARG },
++	{ "ntpsigndsocket",     T_NtpSignDsocket,  SINGLE_ARG },
+ 	{ "requestkey",		T_Requestkey,      NO_ARG },
+ 	{ "revoke",		T_Revoke,          NO_ARG },
+ 	{ "trustedkey",		T_Trustedkey,      NO_ARG },
+@@ -1000,6 +1007,10 @@
+ 	if (my_config.auth.keysdir)
+ 		keysdir = my_config.auth.keysdir;
+ 
++	/* ntp_signd_socket Command */
++	if (my_config.auth.ntp_signd_socket)
++		ntp_signd_socket = my_config.auth.ntp_signd_socket;
++
+ #ifdef OPENSSL
+ 	if (cryptosw) {
+ 		crypto_setup();
+Only in ntp-samba/ntpd: ntp_config.c~
+Only in ntp-samba/ntpd: ntp_config.c.orig
+diff -ur ntp-dev-4.2.5p125/ntpd/ntp_parser.y ntp-samba/ntpd/ntp_parser.y
+--- ntp-dev-4.2.5p125/ntpd/ntp_parser.y	2008-07-17 07:21:06.000000000 +1000
++++ ntp-samba/ntpd/ntp_parser.y	2008-08-28 21:59:06.000000000 +1000
+@@ -155,6 +155,7 @@
+ %token		T_Novolley
+ %token		T_Ntp
+ %token		T_Ntpport
++%token		T_NtpSignDsocket
+ %token		T_Orphan
+ %token		T_Panic
+ %token		T_Peer
+@@ -432,6 +433,8 @@
+                     { my_config.auth.requested_key = $2;  }
+ 	|	T_Trustedkey integer_list
+                     { my_config.auth.trusted_key_list = $2;  }
++	|	T_NtpSignDsocket T_String
++                    { my_config.auth.ntp_signd_socket = $2;  }
+ 	;
+ 
+ crypto_command_line
+diff -ur ntp-dev-4.2.5p125/ntpd/ntp_proto.c ntp-samba/ntpd/ntp_proto.c
+--- ntp-dev-4.2.5p125/ntpd/ntp_proto.c	2008-07-17 07:21:02.000000000 +1000
++++ ntp-samba/ntpd/ntp_proto.c	2008-08-28 21:59:06.000000000 +1000
+@@ -128,7 +128,7 @@
+ static	void	clock_combine	(struct peer **, int);
+ static	void	peer_xmit	(struct peer *);
+ static	void	fast_xmit	(struct recvbuf *, int, keyid_t,
+-				    char *);
++				 char *, int);
+ static	void	clock_update	(struct peer *);
+ static	int	default_get_precision (void);
+ static	int	peer_unfit	(struct peer *);
+@@ -311,6 +311,7 @@
+ 	int	authlen;		/* offset of MAC field */
+ 	int	is_authentic = 0;	/* cryptosum ok */
+ 	int	retcode = AM_NOMATCH;	/* match code */
++	int     flags = 0;              /* flags with details about the authentication */
+ 	keyid_t	skeyid = 0;		/* key IDs */
+ 	u_int32	opcode = 0;		/* extension field opcode */
+ 	struct sockaddr_storage *dstadr_sin; /* active runway */
+@@ -324,6 +325,8 @@
+ 	keyid_t	pkeyid = 0, tkeyid = 0;	/* key IDs */
+ #endif /* OPENSSL */
+ 
++	static unsigned char zero_key[16];
++
+ 	/*
+ 	 * Monitor the packet and get restrictions. Note that the packet
+ 	 * length for control and private mode packets must be checked
+@@ -480,9 +483,9 @@
+ 			return;			/* rate exceeded */
+ 
+ 		if (hismode == MODE_CLIENT)
+-			fast_xmit(rbufp, MODE_SERVER, skeyid, "RATE");
++			fast_xmit(rbufp, MODE_SERVER, skeyid, "RATE", 0);
+ 		else
+-			fast_xmit(rbufp, MODE_ACTIVE, skeyid, "RATE");
++			fast_xmit(rbufp, MODE_ACTIVE, skeyid, "RATE", 0);
+ 		return;				/* rate exceeded */
+ 	}
+ 
+@@ -535,6 +538,7 @@
+ 	 * is zero, acceptable outcomes of y are NONE and OK. If x is
+ 	 * one, the only acceptable outcome of y is OK.
+ 	 */
++
+ 	if (has_mac == 0) {
+ 		is_authentic = AUTH_NONE; /* not required */
+ #ifdef DEBUG
+@@ -555,6 +559,25 @@
+ 			    stoa(&rbufp->recv_srcadr), hismode, skeyid,
+ 			    authlen + has_mac, is_authentic);
+ #endif
++
++		/* If the signature is 20 bytes long, the last 16 of
++		 * which are zero, then this is a Microsoft client
++		 * wanting AD-style authentication of the server's
++		 * reply.  
++		 *
++		 * This is described in Microsoft's WSPP docs, in MS-SNTP:
++		 * http://msdn.microsoft.com/en-us/library/cc212930.aspx
++		 */
++	} else if (has_mac == MAX_MAC_LEN
++		   && (retcode == AM_FXMIT || retcode == AM_NEWPASS)
++		   && (memcmp(zero_key, (char *)pkt + authlen + 4, MAX_MAC_LEN - 4) == 0)) {
++		
++		/* Don't try to verify the zeros, just set a
++		 * flag and otherwise pretend we never saw the signature */
++		is_authentic = AUTH_NONE;
++		
++		flags = FLAG_ADKEY;
++
+ 	} else {
+ #ifdef OPENSSL
+ 		/*
+@@ -696,9 +719,9 @@
+ 			if (AUTH(restrict_mask & RES_DONTTRUST,
+ 			   is_authentic)) {
+ 				fast_xmit(rbufp, MODE_SERVER, skeyid,
+-				    NULL);
++					  NULL, flags);
+ 			} else if (is_authentic == AUTH_ERROR) {
+-				fast_xmit(rbufp, MODE_SERVER, 0, NULL);
++				fast_xmit(rbufp, MODE_SERVER, 0, NULL, 0);
+ 				sys_badauth++;
+ 			} else {
+ 				sys_restricted++;
+@@ -733,7 +756,7 @@
+ 		 * crypto-NAK, as that would not be useful.
+ 		 */
+ 		if (AUTH(restrict_mask & RES_DONTTRUST, is_authentic))
+-			fast_xmit(rbufp, MODE_SERVER, skeyid, NULL);
++			fast_xmit(rbufp, MODE_SERVER, skeyid, NULL, 0);
+ 		return;				/* hooray */
+ 
+ 	/*
+@@ -888,7 +911,7 @@
+ 		    is_authentic)) {
+ #ifdef OPENSSL
+ 			if (crypto_flags && skeyid > NTP_MAXKEY)
+-				fast_xmit(rbufp, MODE_ACTIVE, 0, NULL);
++				fast_xmit(rbufp, MODE_ACTIVE, 0, NULL, 0);
+ #endif /* OPENSSL */
+ 			sys_restricted++;
+ 			return;			/* access denied */
+@@ -904,7 +927,7 @@
+ 			 * This is for drat broken Windows clients. See
+ 			 * Microsoft KB 875424 for preferred workaround.
+ 			 */
+-			fast_xmit(rbufp, MODE_PASSIVE, skeyid, NULL);
++			fast_xmit(rbufp, MODE_PASSIVE, skeyid, NULL, flags);
+ #else /* WINTIME */
+ 			sys_restricted++;
+ #endif /* WINTIME */
+@@ -938,6 +961,7 @@
+ 		}
+ 		break;
+ 
++
+ 	/*
+ 	 * Process regular packet. Nothing special.
+ 	 */
+@@ -1090,7 +1114,7 @@
+ 		peer->flash |= TEST5;		/* bad auth */
+ 		peer->badauth++;
+ 		if (hismode == MODE_ACTIVE || hismode == MODE_PASSIVE)
+-			fast_xmit(rbufp, MODE_ACTIVE, 0, NULL);
++			fast_xmit(rbufp, MODE_ACTIVE, 0, NULL, 0);
+ 		if (peer->flags & FLAG_PREEMPT) {
+ 			unpeer(peer);
+ 			return;
+@@ -3159,7 +3183,8 @@
+ 	struct recvbuf *rbufp,	/* receive packet pointer */
+ 	int	xmode,		/* receive mode */
+ 	keyid_t	xkeyid,		/* transmit key ID */
+-	char	*mask		/* kiss code */
++	char	*mask,		/* kiss code */
++	int     flags           /* Flags to indicate signing behaviour */
+ 	)
+ {
+ 	struct pkt xpkt;	/* transmit packet structure */
+@@ -3220,6 +3245,19 @@
+ 		HTONL_FP(&rbufp->recv_time, &xpkt.rec);
+ 	}
+ 
++	if (flags & FLAG_ADKEY) {
++#ifdef HAVE_NTP_SIGND
++		get_systime(&xmt_tx);
++		if (mask == NULL) {
++			HTONL_FP(&xmt_tx, &xpkt.xmt);
++		}
++		send_via_ntp_signd(rbufp, xmode, xkeyid, flags, &xpkt);
++#endif
++		/* If we don't have the support, drop the packet on the floor.  
++		   An all zero sig is compleatly bogus anyway */
++		return;
++	}
++
+ 	/*
+ 	 * If the received packet contains a MAC, the transmitted packet
+ 	 * is authenticated and contains a MAC. If not, the transmitted
+@@ -3252,7 +3290,7 @@
+ 	 * source-destination-key ID combination.
+ 	 */
+ #ifdef OPENSSL
+-	if (xkeyid > NTP_MAXKEY) {
++	if (!(flags & FLAG_ADKEY) && (xkeyid > NTP_MAXKEY)) {
+ 		keyid_t cookie;
+ 
+ 		/*
+@@ -3284,8 +3322,10 @@
+ 	if (mask == NULL) {
+ 		HTONL_FP(&xmt_tx, &xpkt.xmt);
+ 	}
++
+ 	authlen = authencrypt(xkeyid, (u_int32 *)&xpkt, sendlen);
+ 	sendlen += authlen;
++
+ #ifdef OPENSSL
+ 	if (xkeyid > NTP_MAXKEY)
+ 		authtrust(xkeyid, 0);
+Only in ntp-samba/ntpd: ntp_signd.c
+Only in ntp-dev-4.2.5p125/ntpdc: nl.pl
+Only in ntp-samba/scripts: calc_tickadj
+Only in ntp-samba/scripts: checktime
+Only in ntp-samba/scripts: freq_adj
+Only in ntp-samba/scripts: html2man
+Only in ntp-samba/scripts: Makefile
+Only in ntp-samba/scripts: mkver
+Only in ntp-samba/scripts: ntpsweep
+Only in ntp-samba/scripts: ntptrace
+Only in ntp-samba/scripts: ntpver
+Only in ntp-samba/scripts: ntp-wait
+Only in ntp-samba/scripts: plot_summary
+Only in ntp-samba/scripts: summary
+Only in ntp-samba: stamp-h1
+--- /dev/null	2008-08-25 07:28:22.036002925 +1000
++++ ntp-samba/ntpd/ntp_signd.c	2008-08-28 21:59:06.000000000 +1000
+@@ -0,0 +1,242 @@
++/* Copyright 2008, Red Hat, Inc.
++   Copyright 2008, Andrew Tridgell.
++   Licenced under the same terms as NTP itself. 
++ */
++#ifdef HAVE_CONFIG_H
++#include <config.h>
++#endif
++
++#ifdef HAVE_NTP_SIGND
++
++#include "ntpd.h"
++#include "ntp_io.h"
++#include "ntp_stdlib.h"
++#include "ntp_unixtime.h"
++#include "ntp_control.h"
++#include "ntp_string.h"
++
++#include <stdio.h>
++#include <stddef.h>
++#ifdef HAVE_LIBSCF_H
++#include <libscf.h>
++#include <unistd.h>
++#endif /* HAVE_LIBSCF_H */
++
++#include <sys/un.h>
++
++/* socket routines by tridge - from junkcode.samba.org */
++
++/*
++  connect to a unix domain socket
++*/
++static int 
++ux_socket_connect(const char *name)
++{
++	int fd;
++        struct sockaddr_un addr;
++	if (!name) {
++		return -1;
++	}
++
++        memset(&addr, 0, sizeof(addr));
++        addr.sun_family = AF_UNIX;
++        strncpy(addr.sun_path, name, sizeof(addr.sun_path));
++
++	fd = socket(AF_UNIX, SOCK_STREAM, 0);
++	if (fd == -1) {
++		return -1;
++	}
++	
++	if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
++		close(fd);
++		return -1;
++	}
++
++	return fd;
++}
++
++
++/*
++  keep writing until its all sent
++*/
++static int 
++write_all(int fd, const void *buf, size_t len)
++{
++	size_t total = 0;
++	while (len) {
++		int n = write(fd, buf, len);
++		if (n <= 0) return total;
++		buf = n + (char *)buf;
++		len -= n;
++		total += n;
++	}
++	return total;
++}
++
++/*
++  keep reading until its all read
++*/
++static int 
++read_all(int fd, void *buf, size_t len)
++{
++	size_t total = 0;
++	while (len) {
++		int n = read(fd, buf, len);
++		if (n <= 0) return total;
++		buf = n + (char *)buf;
++		len -= n;
++		total += n;
++	}
++	return total;
++}
++
++/*
++  send a packet in length prefix format
++*/
++static int 
++send_packet(int fd, const char *buf, uint32_t len)
++{
++	uint32_t net_len = htonl(len);
++	if (write_all(fd, &net_len, sizeof(net_len)) != sizeof(net_len)) return -1;
++	if (write_all(fd, buf, len) != len) return -1;	
++	return 0;
++}
++
++/*
++  receive a packet in length prefix format
++*/
++static int 
++recv_packet(int fd, char **buf, uint32_t *len)
++{
++	if (read_all(fd, len, sizeof(*len)) != sizeof(*len)) return -1;
++	*len = ntohl(*len);
++	(*buf) = malloc(*len);
++	if (!*buf) {
++		return -1;
++	}
++	if (read_all(fd, *buf, *len) != *len) {
++		free(*buf);
++		return -1;
++	}
++	return 0;
++}
++
++void 
++send_via_ntp_signd(
++	struct recvbuf *rbufp,	/* receive packet pointer */
++	int	xmode,
++	keyid_t	xkeyid, 
++	int flags,
++	struct pkt  *xpkt
++	)
++{
++	
++	/* We are here because it was detected that the client
++	 * sent an all-zero signature, and we therefore know
++	 * it's windows trying to talk to an AD server
++	 *
++	 * Because we don't want to dive into Samba's secrets
++	 * database just to find the long-term kerberos key
++	 * that is re-used as the NTP key, we instead hand the
++	 * packet over to Samba to sign, and return to us.
++	 *
++	 * The signing method Samba will use is described by
++	 * Microsoft in MS-SNTP, found here:
++	 * http://msdn.microsoft.com/en-us/library/cc212930.aspx
++	 */
++	
++	int fd, sendlen;
++	struct samba_key_in {
++		uint32_t version;
++		uint32_t op;
++		uint32_t packet_id;
++		uint32_t key_id_le;
++		struct pkt pkt;
++	} samba_pkt;
++	
++	struct samba_key_out {
++		uint32_t version;
++		uint32_t op;
++		uint32_t packet_id;
++		struct pkt pkt;
++	} samba_reply;
++	
++	char full_socket[256];
++
++	char *reply = NULL;
++	uint32_t reply_len;
++	
++	memset(&samba_pkt, 0, sizeof(samba_pkt));
++	samba_pkt.op = 0; /* Sign message */
++	/* This will be echoed into the reply - a different
++	 * impelementation might want multiple packets
++	 * awaiting signing */
++
++	samba_pkt.packet_id = 1;
++
++	/* Swap the byte order back - it's actually little
++	 * endian on the wire, but it was read above as
++	 * network byte order */
++	samba_pkt.key_id_le = htonl(xkeyid);
++	samba_pkt.pkt = *xpkt;
++
++	snprintf(full_socket, sizeof(full_socket), "%s/socket", ntp_signd_socket);
++
++	fd = ux_socket_connect(full_socket);
++	/* Only continue with this if we can talk to Samba */
++	if (fd != -1) {
++		/* Send old packet to Samba, expect response */
++		/* Packet to Samba is quite simple: 
++		   All values BIG endian except key ID as noted
++		   [packet size as BE] - 4 bytes
++		   [protocol version (0)] - 4 bytes
++		   [packet ID] - 4 bytes
++		   [operation (sign message=0)] - 4 bytes
++		   [key id] - LITTLE endian (as on wire) - 4 bytes
++		   [message to sign] - as marshalled, without signature
++		*/
++			
++		if (send_packet(fd, (char *)&samba_pkt, offsetof(struct samba_key_in, pkt) + LEN_PKT_NOMAC) != 0) {
++			/* Huh?  could not talk to Samba... */
++			close(fd);
++			return;
++		}
++			
++		if (recv_packet(fd, &reply, &reply_len) != 0) {
++			if (reply) {
++				free(reply);
++			}
++			close(fd);
++			return;
++		}
++		/* Return packet is also simple: 
++		   [packet size] - network byte order - 4 bytes
++		   [protocol version (0)] network byte order - - 4 bytes
++		   [operation (signed success=3, failure=4)] network byte order - - 4 byte
++		   (optional) [signed message] - as provided before, with signature appended
++		*/
++			
++		if (reply_len <= sizeof(samba_reply)) {
++			memcpy(&samba_reply, reply, reply_len);
++			if (ntohl(samba_reply.op) == 3 && reply_len >  offsetof(struct samba_key_out, pkt)) {
++				sendlen = reply_len - offsetof(struct samba_key_out, pkt);
++				xpkt = &samba_reply.pkt;
++				sendpkt(&rbufp->recv_srcadr, rbufp->dstadr, 0, xpkt, sendlen);
++#ifdef DEBUG
++				if (debug)
++					printf(
++						"transmit ntp_signd packet: at %ld %s->%s mode %d keyid %08x len %d\n",
++						current_time, ntoa(&rbufp->dstadr->sin),
++						ntoa(&rbufp->recv_srcadr), xmode, xkeyid, sendlen);
++#endif
++			}
++		}
++		
++		if (reply) {
++			free(reply);
++		}
++		close(fd);
++		
++	}
++}
++#endif
diff --git a/source4/ntp_signd/ntp_signd.c b/source4/ntp_signd/ntp_signd.c
new file mode 100644
index 0000000..e7ceba0
--- /dev/null
+++ b/source4/ntp_signd/ntp_signd.c
@@ -0,0 +1,592 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   NTP packet signing server
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
+   Copyright (C) Andrew Tridgell	2005
+   Copyright (C) Stefan Metzmacher	2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "samba/service_task.h"
+#include "samba/service.h"
+#include "samba/service_stream.h"
+#include "samba/process_model.h"
+#include "lib/stream/packet.h"
+#include "lib/tsocket/tsocket.h"
+#include "libcli/util/tstream.h"
+#include "librpc/gen_ndr/ndr_ntp_signd.h"
+#include "param/param.h"
+#include "dsdb/samdb/samdb.h"
+#include "auth/auth.h"
+#include "libcli/security/security.h"
+#include "libcli/ldap/ldap_ndr.h"
+#include <ldb.h>
+#include <ldb_errors.h>
+#include "system/network.h"
+#include "system/passwd.h"
+
+#include "lib/crypto/gnutls_helpers.h"
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+
+NTSTATUS server_service_ntp_signd_init(TALLOC_CTX *);
+
+/*
+  top level context structure for the ntp_signd server
+*/
+struct ntp_signd_server {
+	struct task_server *task;
+	struct ldb_context *samdb;
+};
+
+/*
+  state of an open connection
+*/
+struct ntp_signd_connection {
+	/* stream connection we belong to */
+	struct stream_connection *conn;
+
+	/* the ntp_signd_server the connection belongs to */
+	struct ntp_signd_server *ntp_signd;
+
+	struct tstream_context *tstream;
+
+	struct tevent_queue *send_queue;
+};
+
+static void ntp_signd_terminate_connection(struct ntp_signd_connection *ntp_signd_conn, const char *reason)
+{
+	stream_terminate_connection(ntp_signd_conn->conn, reason);
+}
+
+static NTSTATUS signing_failure(struct ntp_signd_connection *ntp_signdconn,
+				TALLOC_CTX *mem_ctx,
+				DATA_BLOB *output,
+				uint32_t packet_id)
+{
+	struct signed_reply signed_reply;
+	enum ndr_err_code ndr_err;
+
+	signed_reply.op = SIGNING_FAILURE;
+	signed_reply.packet_id = packet_id;
+	signed_reply.signed_packet = data_blob(NULL, 0);
+	
+	ndr_err = ndr_push_struct_blob(output, mem_ctx, &signed_reply,
+				       (ndr_push_flags_fn_t)ndr_push_signed_reply);
+
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		DEBUG(1,("failed to push ntp error reply\n"));
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  receive a full packet on a NTP_SIGND connection
+*/
+static NTSTATUS ntp_signd_process(struct ntp_signd_connection *ntp_signd_conn,
+				  TALLOC_CTX *mem_ctx,
+				  DATA_BLOB *input,
+				  DATA_BLOB *output)
+{
+	const struct dom_sid *domain_sid;
+	struct dom_sid *sid;
+	struct sign_request sign_request;
+	struct signed_reply signed_reply;
+	enum ndr_err_code ndr_err;
+	struct ldb_result *res;
+	const char *attrs[] = { "unicodePwd", "userAccountControl", "cn", NULL };
+	gnutls_hash_hd_t hash_hnd = NULL;
+	struct samr_Password *nt_hash;
+	uint32_t user_account_control;
+	struct dom_sid_buf buf;
+	int ret;
+
+	ndr_err = ndr_pull_struct_blob_all(input, mem_ctx,
+					   &sign_request,
+					   (ndr_pull_flags_fn_t)ndr_pull_sign_request);
+
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		DEBUG(1,("failed to parse ntp signing request\n"));
+		dump_data(1, input->data, input->length);
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+
+	/* We need to implement 'check signature' and 'request server
+	 * to sign' operations at some point */
+	if (sign_request.op != SIGN_TO_CLIENT) {
+		return signing_failure(ntp_signd_conn,
+				       mem_ctx,
+				       output,
+				       sign_request.packet_id);
+	}
+
+	/* We need to implement 'check signature' and 'request server
+	 * to sign' operations at some point */
+	if (sign_request.version != NTP_SIGND_PROTOCOL_VERSION_0) {
+		return signing_failure(ntp_signd_conn,
+				       mem_ctx,
+				       output,
+				       sign_request.packet_id);
+	}
+
+	domain_sid = samdb_domain_sid(ntp_signd_conn->ntp_signd->samdb);
+	if (domain_sid == NULL) {
+		return signing_failure(ntp_signd_conn,
+				       mem_ctx,
+				       output,
+				       sign_request.packet_id);
+	}
+	
+	/* The top bit is a 'key selector' */
+	sid = dom_sid_add_rid(mem_ctx, domain_sid,
+			      sign_request.key_id & 0x7FFFFFFF);
+	if (sid == NULL) {
+		talloc_free(mem_ctx);
+		return signing_failure(ntp_signd_conn,
+				       mem_ctx,
+				       output,
+				       sign_request.packet_id);
+	}
+
+	ret = ldb_search(ntp_signd_conn->ntp_signd->samdb, mem_ctx,
+				 &res,
+				 ldb_get_default_basedn(ntp_signd_conn->ntp_signd->samdb),
+				 LDB_SCOPE_SUBTREE,
+				 attrs,
+				 "(&(objectSid=%s)(objectClass=user))",
+				 ldap_encode_ndr_dom_sid(mem_ctx, sid));
+	if (ret != LDB_SUCCESS) {
+		DEBUG(2, ("Failed to search for SID %s in SAM for NTP signing: "
+			  "%s\n",
+			  dom_sid_str_buf(sid, &buf),
+			  ldb_errstring(ntp_signd_conn->ntp_signd->samdb)));
+		return signing_failure(ntp_signd_conn,
+				       mem_ctx,
+				       output,
+				       sign_request.packet_id);
+	}
+
+	if (res->count == 0) {
+		DEBUG(2, ("Failed to find SID %s in SAM for NTP signing\n",
+			  dom_sid_str_buf(sid, &buf)));
+		return signing_failure(ntp_signd_conn,
+				       mem_ctx,
+				       output,
+				       sign_request.packet_id);
+	} else if (res->count != 1) {
+		DEBUG(1, ("Found SID %s %u times in SAM for NTP signing\n",
+			  dom_sid_str_buf(sid, &buf),
+			  res->count));
+		return signing_failure(ntp_signd_conn,
+				       mem_ctx,
+				       output,
+				       sign_request.packet_id);
+	}
+
+	user_account_control = ldb_msg_find_attr_as_uint(res->msgs[0],
+							 "userAccountControl",
+							 0);
+
+	if (user_account_control & UF_ACCOUNTDISABLE) {
+		DEBUG(1, ("Account %s for SID [%s] is disabled\n",
+			  ldb_dn_get_linearized(res->msgs[0]->dn),
+			  dom_sid_str_buf(sid, &buf)));
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	if (!(user_account_control & (UF_INTERDOMAIN_TRUST_ACCOUNT|UF_SERVER_TRUST_ACCOUNT|UF_WORKSTATION_TRUST_ACCOUNT))) {
+		DEBUG(1, ("Account %s for SID [%s] is not a trust account\n",
+			  ldb_dn_get_linearized(res->msgs[0]->dn),
+			  dom_sid_str_buf(sid, &buf)));
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	nt_hash = samdb_result_hash(mem_ctx, res->msgs[0], "unicodePwd");
+	if (!nt_hash) {
+		DEBUG(1, ("No unicodePwd found on record of SID %s "
+			  "for NTP signing\n",
+			  dom_sid_str_buf(sid, &buf)));
+		return signing_failure(ntp_signd_conn,
+				       mem_ctx,
+				       output,
+				       sign_request.packet_id);
+	}
+
+	/* Generate the reply packet */
+	signed_reply.packet_id = sign_request.packet_id;
+	signed_reply.op = SIGNING_SUCCESS;
+	signed_reply.signed_packet = data_blob_talloc(mem_ctx,
+						      NULL,
+						      sign_request.packet_to_sign.length + 20);
+
+	if (!signed_reply.signed_packet.data) {
+		return signing_failure(ntp_signd_conn,
+				       mem_ctx,
+				       output,
+				       sign_request.packet_id);
+	}
+
+	memcpy(signed_reply.signed_packet.data, sign_request.packet_to_sign.data, sign_request.packet_to_sign.length);
+	SIVAL(signed_reply.signed_packet.data, sign_request.packet_to_sign.length, sign_request.key_id);
+
+	/* Sign the NTP response with the unicodePwd */
+	ret = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
+	if (ret < 0) {
+		return gnutls_error_to_ntstatus(ret, NT_STATUS_HASH_NOT_SUPPORTED);
+	}
+
+	ret = gnutls_hash(hash_hnd,
+			  nt_hash->hash,
+			  sizeof(nt_hash->hash));
+	if (ret < 0) {
+		gnutls_hash_deinit(hash_hnd, NULL);
+		return gnutls_error_to_ntstatus(ret, NT_STATUS_HASH_NOT_SUPPORTED);
+	}
+	ret = gnutls_hash(hash_hnd,
+			  sign_request.packet_to_sign.data,
+			  sign_request.packet_to_sign.length);
+	if (ret < 0) {
+		gnutls_hash_deinit(hash_hnd, NULL);
+		return gnutls_error_to_ntstatus(ret, NT_STATUS_HASH_NOT_SUPPORTED);
+	}
+
+	gnutls_hash_deinit(hash_hnd,
+			   signed_reply.signed_packet.data +
+			   sign_request.packet_to_sign.length + 4);
+
+	/* Place it into the packet for the wire */
+	ndr_err = ndr_push_struct_blob(output, mem_ctx, &signed_reply,
+				       (ndr_push_flags_fn_t)ndr_push_signed_reply);
+
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		DEBUG(1,("failed to push ntp error reply\n"));
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  called on a tcp recv
+*/
+static void ntp_signd_recv(struct stream_connection *conn, uint16_t flags)
+{
+	struct ntp_signd_connection *ntp_signd_conn = talloc_get_type(conn->private_data,
+							struct ntp_signd_connection);
+	ntp_signd_terminate_connection(ntp_signd_conn,
+				       "ntp_signd_recv: called");
+}
+
+/*
+  called when we can write to a connection
+*/
+static void ntp_signd_send(struct stream_connection *conn, uint16_t flags)
+{
+	struct ntp_signd_connection *ntp_signd_conn = talloc_get_type(conn->private_data,
+							struct ntp_signd_connection);
+	/* this should never be triggered! */
+	ntp_signd_terminate_connection(ntp_signd_conn,
+				       "ntp_signd_send: called");
+}
+
+struct ntp_signd_call {
+	struct ntp_signd_connection *ntp_signd_conn;
+	DATA_BLOB in;
+	DATA_BLOB out;
+	uint8_t out_hdr[4];
+	struct iovec out_iov[2];
+};
+
+static void ntp_signd_call_writev_done(struct tevent_req *subreq);
+
+static void ntp_signd_call_loop(struct tevent_req *subreq)
+{
+	struct ntp_signd_connection *ntp_signd_conn = tevent_req_callback_data(subreq,
+				      struct ntp_signd_connection);
+	struct ntp_signd_call *call;
+	NTSTATUS status;
+
+	call = talloc(ntp_signd_conn, struct ntp_signd_call);
+	if (call == NULL) {
+		ntp_signd_terminate_connection(ntp_signd_conn,
+				"ntp_signd_call_loop: "
+				"no memory for ntp_signd_call");
+		return;
+	}
+	call->ntp_signd_conn = ntp_signd_conn;
+
+	status = tstream_read_pdu_blob_recv(subreq,
+					    call,
+					    &call->in);
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(status)) {
+		const char *reason;
+
+		reason = talloc_asprintf(call, "ntp_signd_call_loop: "
+					 "tstream_read_pdu_blob_recv() - %s",
+					 nt_errstr(status));
+		if (reason == NULL) {
+			reason = nt_errstr(status);
+		}
+
+		ntp_signd_terminate_connection(ntp_signd_conn, reason);
+		return;
+	}
+
+	DEBUG(10,("Received NTP TCP packet of length %lu from %s\n",
+		 (long) call->in.length,
+		 tsocket_address_string(ntp_signd_conn->conn->remote_address, call)));
+
+	/* skip length header */
+	call->in.data +=4;
+	call->in.length -= 4;
+
+	status = ntp_signd_process(ntp_signd_conn,
+				     call,
+				     &call->in,
+				     &call->out);
+	if (! NT_STATUS_IS_OK(status)) {
+		const char *reason;
+
+		reason = talloc_asprintf(call, "ntp_signd_process failed: %s",
+					 nt_errstr(status));
+		if (reason == NULL) {
+			reason = nt_errstr(status);
+		}
+
+		ntp_signd_terminate_connection(ntp_signd_conn, reason);
+		return;
+	}
+
+	/* First add the length of the out buffer */
+	RSIVAL(call->out_hdr, 0, call->out.length);
+	call->out_iov[0].iov_base = (char *) call->out_hdr;
+	call->out_iov[0].iov_len = 4;
+
+	call->out_iov[1].iov_base = (char *) call->out.data;
+	call->out_iov[1].iov_len = call->out.length;
+
+	subreq = tstream_writev_queue_send(call,
+					   ntp_signd_conn->conn->event.ctx,
+					   ntp_signd_conn->tstream,
+					   ntp_signd_conn->send_queue,
+					   call->out_iov, 2);
+	if (subreq == NULL) {
+		ntp_signd_terminate_connection(ntp_signd_conn, "ntp_signd_call_loop: "
+				"no memory for tstream_writev_queue_send");
+		return;
+	}
+
+	tevent_req_set_callback(subreq, ntp_signd_call_writev_done, call);
+
+	/*
+	 * The NTP tcp pdu's has the length as 4 byte (initial_read_size),
+	 * tstream_full_request_u32 provides the pdu length then.
+	 */
+	subreq = tstream_read_pdu_blob_send(ntp_signd_conn,
+					    ntp_signd_conn->conn->event.ctx,
+					    ntp_signd_conn->tstream,
+					    4, /* initial_read_size */
+					    tstream_full_request_u32,
+					    ntp_signd_conn);
+	if (subreq == NULL) {
+		ntp_signd_terminate_connection(ntp_signd_conn, "ntp_signd_call_loop: "
+				"no memory for tstream_read_pdu_blob_send");
+		return;
+	}
+	tevent_req_set_callback(subreq, ntp_signd_call_loop, ntp_signd_conn);
+}
+
+static void ntp_signd_call_writev_done(struct tevent_req *subreq)
+{
+	struct ntp_signd_call *call = tevent_req_callback_data(subreq,
+			struct ntp_signd_call);
+	int sys_errno;
+	int rc;
+
+	rc = tstream_writev_queue_recv(subreq, &sys_errno);
+	TALLOC_FREE(subreq);
+	if (rc == -1) {
+		const char *reason;
+
+		reason = talloc_asprintf(call, "ntp_signd_call_writev_done: "
+					 "tstream_writev_queue_recv() - %d:%s",
+					 sys_errno, strerror(sys_errno));
+		if (!reason) {
+			reason = "ntp_signd_call_writev_done: "
+				 "tstream_writev_queue_recv() failed";
+		}
+
+		ntp_signd_terminate_connection(call->ntp_signd_conn, reason);
+		return;
+	}
+
+	/* We don't care about errors */
+
+	talloc_free(call);
+}
+
+/*
+  called when we get a new connection
+*/
+static void ntp_signd_accept(struct stream_connection *conn)
+{
+	struct ntp_signd_server *ntp_signd = talloc_get_type(conn->private_data,
+						struct ntp_signd_server);
+	struct ntp_signd_connection *ntp_signd_conn;
+	struct tevent_req *subreq;
+	int rc;
+
+	ntp_signd_conn = talloc_zero(conn, struct ntp_signd_connection);
+	if (ntp_signd_conn == NULL) {
+		stream_terminate_connection(conn,
+				"ntp_signd_accept: out of memory");
+		return;
+	}
+
+	ntp_signd_conn->send_queue = tevent_queue_create(conn,
+			"ntp_signd_accept");
+	if (ntp_signd_conn->send_queue == NULL) {
+		stream_terminate_connection(conn,
+				"ntp_signd_accept: out of memory");
+		return;
+	}
+
+	TALLOC_FREE(conn->event.fde);
+
+	rc = tstream_bsd_existing_socket(ntp_signd_conn,
+			socket_get_fd(conn->socket),
+			&ntp_signd_conn->tstream);
+	if (rc < 0) {
+		stream_terminate_connection(conn,
+				"ntp_signd_accept: out of memory");
+		return;
+	}
+	/* as server we want to fail early */
+	tstream_bsd_fail_readv_first_error(ntp_signd_conn->tstream, true);
+
+	ntp_signd_conn->conn = conn;
+	ntp_signd_conn->ntp_signd = ntp_signd;
+	conn->private_data = ntp_signd_conn;
+
+	/*
+	 * The NTP tcp pdu's has the length as 4 byte (initial_read_size),
+	 * tstream_full_request_u32 provides the pdu length then.
+	 */
+	subreq = tstream_read_pdu_blob_send(ntp_signd_conn,
+					    ntp_signd_conn->conn->event.ctx,
+					    ntp_signd_conn->tstream,
+					    4, /* initial_read_size */
+					    tstream_full_request_u32,
+					    ntp_signd_conn);
+	if (subreq == NULL) {
+		ntp_signd_terminate_connection(ntp_signd_conn,
+				"ntp_signd_accept: "
+				"no memory for tstream_read_pdu_blob_send");
+		return;
+	}
+	tevent_req_set_callback(subreq, ntp_signd_call_loop, ntp_signd_conn);
+}
+
+static const struct stream_server_ops ntp_signd_stream_ops = {
+	.name			= "ntp_signd",
+	.accept_connection	= ntp_signd_accept,
+	.recv_handler		= ntp_signd_recv,
+	.send_handler		= ntp_signd_send
+};
+
+/*
+  startup the ntp_signd task
+*/
+static NTSTATUS ntp_signd_task_init(struct task_server *task)
+{
+	struct ntp_signd_server *ntp_signd;
+	NTSTATUS status;
+
+	const char *address;
+
+	if (!directory_create_or_exist_strict(lpcfg_ntp_signd_socket_directory(task->lp_ctx), geteuid(), 0750)) {
+		char *error = talloc_asprintf(task, "Cannot create NTP signd pipe directory: %s", 
+					      lpcfg_ntp_signd_socket_directory(task->lp_ctx));
+		task_server_terminate(task,
+				      error, true);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	task_server_set_title(task, "task[ntp_signd]");
+
+	ntp_signd = talloc(task, struct ntp_signd_server);
+	if (ntp_signd == NULL) {
+		task_server_terminate(task, "ntp_signd: out of memory", true);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ntp_signd->task = task;
+
+	/* Must be system to get at the password hashes */
+	ntp_signd->samdb = samdb_connect(ntp_signd,
+					 task->event_ctx,
+					 task->lp_ctx,
+					 system_session(task->lp_ctx),
+					 NULL,
+					 0);
+	if (ntp_signd->samdb == NULL) {
+		task_server_terminate(task, "ntp_signd failed to open samdb", true);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	address = talloc_asprintf(ntp_signd, "%s/socket", lpcfg_ntp_signd_socket_directory(task->lp_ctx));
+	if (address == NULL) {
+		task_server_terminate(
+		    task, "ntp_signd out of memory in talloc_asprintf()", true);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	status = stream_setup_socket(ntp_signd->task,
+				     ntp_signd->task->event_ctx,
+				     ntp_signd->task->lp_ctx,
+				     task->model_ops,
+				     &ntp_signd_stream_ops, 
+				     "unix", address, NULL,
+				     lpcfg_socket_options(ntp_signd->task->lp_ctx),
+				     ntp_signd,
+				     ntp_signd->task->process_context);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("Failed to bind to %s - %s\n",
+			 address, nt_errstr(status)));
+		return status;
+	}
+
+	return NT_STATUS_OK;
+
+}
+
+
+/* called at smbd startup - register ourselves as a server service */
+NTSTATUS server_service_ntp_signd_init(TALLOC_CTX *ctx)
+{
+	static const struct service_details details = {
+		.inhibit_fork_on_accept = true,
+		.inhibit_pre_fork = true,
+		.task_init = ntp_signd_task_init,
+		.post_fork = NULL
+	};
+	return register_server_service(ctx, "ntp_signd", &details);
+}
diff --git a/source4/ntp_signd/wscript_build b/source4/ntp_signd/wscript_build
new file mode 100644
index 0000000..ec8a2e5
--- /dev/null
+++ b/source4/ntp_signd/wscript_build
@@ -0,0 +1,11 @@
+#!/usr/bin/env python
+
+bld.SAMBA_MODULE('service_ntp_signd',
+	source='ntp_signd.c',
+	subsystem='service',
+	init_function='server_service_ntp_signd_init',
+	deps='samdb NDR_NTP_SIGND LIBTSOCKET LIBSAMBA_TSOCKET GNUTLS_HELPERS',
+	internal_module=False,
+	enabled=bld.AD_DC_BUILD_IS_ENABLED()
+	)
+
diff --git a/source4/ntvfs/README b/source4/ntvfs/README
new file mode 100644
index 0000000..c86c9a0
--- /dev/null
+++ b/source4/ntvfs/README
@@ -0,0 +1,26 @@
+This is the base of the new NTVFS subsystem for Samba. The model for
+NTVFS backends is quite different than for the older style VFS
+backends, in particular:
+
+- the NTVFS backends receive windows style file names, although they
+  are in the unix charset (usually UTF8). This means the backend is
+  responsible for mapping windows filename conventions to unix
+  filename conventions if necessary
+
+- the NTVFS backends are responsible for changing effective UID before
+  calling any OS local filesystem operations (if needed). The
+  become_*() functions are provided to make this easier.
+
+- the NTVFS backends are responsible for resolving DFS paths
+
+- each NTVFS backend handles either disk, printer or IPC$ shares,
+  rather than one backend handling all types
+
+- the entry points of the NTVFS backends correspond closely with basic
+  SMB operations, wheres the old VFS was modelled directly on the
+  POSIX filesystem interface.
+
+- the NTVFS backends are responsible for all semantic mappings, such
+  as mapping dos file attributes, ACLs, file ownership and file times
+
+
diff --git a/source4/ntvfs/cifs/README b/source4/ntvfs/cifs/README
new file mode 100644
index 0000000..f9ab50c
--- /dev/null
+++ b/source4/ntvfs/cifs/README
@@ -0,0 +1,40 @@
+This is the 'CIFS on CIFS' backend for Samba. It provides a NTVFS
+backend that talks to a remote CIFS server. The primary aim of this
+backend is for debugging and development, although some people may
+find it useful as a CIFS gateway.
+
+There are two modes of operation: Password specified and delegated
+credentials.
+
+Password specified:
+-------------------
+
+This uses a static username/password in the config file, example:
+
+[myshare]
+	ntvfs handler = cifs
+	cifs:server = myserver
+	cifs:user = tridge
+	cifs:password = mypass
+	cifs:domain = TESTDOM
+	cifs:share = test
+
+
+Delegated credentials:
+----------------------
+
+If your incoming user is authenticated with Kerberos, and the machine
+account for this Samba4 proxy server is 'trusted for delegation', then
+the Samba4 proxy can forward the client's credentials to the target.
+
+You must be joined to the domain (net join <domain> member).
+
+To set 'trusted for delegation' with MMC, see the checkbox in the
+Computer account property page under Users and Computers.
+
+[myshare]
+	ntvfs handler = cifs
+	cifs:server = myserver
+	cifs:share = test
+
+
diff --git a/source4/ntvfs/cifs/vfs_cifs.c b/source4/ntvfs/cifs/vfs_cifs.c
new file mode 100644
index 0000000..121ff57
--- /dev/null
+++ b/source4/ntvfs/cifs/vfs_cifs.c
@@ -0,0 +1,1263 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   CIFS-on-CIFS NTVFS filesystem backend
+
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) James J Myers 2003 <myersjj@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+  this implements a CIFS->CIFS NTVFS filesystem backend. 
+  
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/smb_composite/smb_composite.h"
+#include "auth/auth.h"
+#include "auth/credentials/credentials.h"
+#include "ntvfs/ntvfs.h"
+#include "../lib/util/dlinklist.h"
+#include "param/param.h"
+#include "libcli/resolve/resolve.h"
+#include "../libcli/smb/smbXcli_base.h"
+
+struct cvfs_file {
+	struct cvfs_file *prev, *next;
+	uint16_t fnum;
+	struct ntvfs_handle *h;
+};
+
+/* this is stored in ntvfs_private */
+struct cvfs_private {
+	struct smbcli_tree *tree;
+	struct smbcli_transport *transport;
+	struct ntvfs_module_context *ntvfs;
+	struct async_info *pending;
+	struct cvfs_file *files;
+	bool map_generic;
+	bool map_trans2;
+};
+
+
+/* a structure used to pass information to an async handler */
+struct async_info {
+	struct async_info *next, *prev;
+	struct cvfs_private *cvfs;
+	struct ntvfs_request *req;
+	struct smbcli_request *c_req;
+	struct cvfs_file *f;
+	void *parms;
+};
+
+NTSTATUS ntvfs_cifs_init(TALLOC_CTX *);
+
+#define CHECK_UPSTREAM_OPEN do { \
+	if (!smbXcli_conn_is_connected(p->transport->conn)) { \
+		req->async_states->state|=NTVFS_ASYNC_STATE_CLOSE; \
+		return NT_STATUS_CONNECTION_DISCONNECTED; \
+	} \
+} while(0)
+
+#define SETUP_PID do { \
+	p->tree->session->pid = req->smbpid; \
+	CHECK_UPSTREAM_OPEN; \
+} while(0)
+
+#define SETUP_FILE_HERE(f) do { \
+	f = ntvfs_handle_get_backend_data(io->generic.in.file.ntvfs, ntvfs); \
+	if (!f) return NT_STATUS_INVALID_HANDLE; \
+	io->generic.in.file.fnum = f->fnum; \
+} while (0)
+
+#define SETUP_FILE do { \
+	struct cvfs_file *f; \
+	SETUP_FILE_HERE(f); \
+} while (0)
+
+#define SETUP_PID_AND_FILE do { \
+	SETUP_PID; \
+	SETUP_FILE; \
+} while (0)
+
+#define CIFS_SERVER		"cifs:server"
+#define CIFS_USER		"cifs:user"
+#define CIFS_PASSWORD		"cifs:password"
+#define CIFS_DOMAIN		"cifs:domain"
+#define CIFS_SHARE		"cifs:share"
+#define CIFS_USE_MACHINE_ACCT	"cifs:use-machine-account"
+#define CIFS_USE_S4U2PROXY	"cifs:use-s4u2proxy"
+#define CIFS_MAP_GENERIC	"cifs:map-generic"
+#define CIFS_MAP_TRANS2		"cifs:map-trans2"
+
+#define CIFS_USE_MACHINE_ACCT_DEFAULT	false
+#define CIFS_USE_S4U2PROXY_DEFAULT	false
+#define CIFS_MAP_GENERIC_DEFAULT	false
+#define CIFS_MAP_TRANS2_DEFAULT		true
+
+/*
+  a handler for oplock break events from the server - these need to be passed
+  along to the client
+ */
+static bool oplock_handler(struct smbcli_transport *transport, uint16_t tid, uint16_t fnum, uint8_t level, void *p_private)
+{
+	struct cvfs_private *p = p_private;
+	NTSTATUS status;
+	struct ntvfs_handle *h = NULL;
+	struct cvfs_file *f;
+
+	for (f=p->files; f; f=f->next) {
+		if (f->fnum != fnum) continue;
+		h = f->h;
+		break;
+	}
+
+	if (!h) {
+		DEBUG(5,("vfs_cifs: ignoring oplock break level %d for fnum %d\n", level, fnum));
+		return true;
+	}
+
+	DEBUG(5,("vfs_cifs: sending oplock break level %d for fnum %d\n", level, fnum));
+	status = ntvfs_send_oplock_break(p->ntvfs, h, level);
+	if (!NT_STATUS_IS_OK(status)) return false;
+	return true;
+}
+
+/*
+  connect to a share - used when a tree_connect operation comes in.
+*/
+static NTSTATUS cvfs_connect(struct ntvfs_module_context *ntvfs, 
+			     struct ntvfs_request *req,
+			     union smb_tcon *tcon)
+{
+	NTSTATUS status;
+	struct cvfs_private *p;
+	const char *host, *user, *pass, *domain, *remote_share;
+	struct smb_composite_connect io;
+	struct composite_context *creq;
+	struct share_config *scfg = ntvfs->ctx->config;
+
+	struct cli_credentials *credentials;
+	bool machine_account;
+	bool s4u2proxy;
+	const char* sharename;
+	TALLOC_CTX *tmp_ctx;
+
+	tmp_ctx = talloc_new(req);
+	if (tmp_ctx == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	switch (tcon->generic.level) {
+	case RAW_TCON_TCON:
+		sharename = tcon->tcon.in.service;
+		break;
+	case RAW_TCON_TCONX:
+		sharename = tcon->tconx.in.path;
+		break;
+	case RAW_TCON_SMB2:
+		sharename = tcon->smb2.in.path;
+		break;
+	default:
+		status = NT_STATUS_INVALID_LEVEL;
+		goto out;
+	}
+
+	if (strncmp(sharename, "\\\\", 2) == 0) {
+		char *str = strchr(sharename+2, '\\');
+		if (str) {
+			sharename = str + 1;
+		}
+	}
+
+	/* Here we need to determine which server to connect to.
+	 * For now we use parametric options, type cifs.
+	 */
+	host = share_string_option(tmp_ctx, scfg, CIFS_SERVER, NULL);
+	user = share_string_option(tmp_ctx, scfg, CIFS_USER, NULL);
+	pass = share_string_option(tmp_ctx, scfg, CIFS_PASSWORD, NULL);
+	domain = share_string_option(tmp_ctx, scfg, CIFS_DOMAIN, NULL);
+	remote_share = share_string_option(tmp_ctx, scfg, CIFS_SHARE, NULL);
+	if (!remote_share) {
+		remote_share = sharename;
+	}
+
+	machine_account = share_bool_option(scfg, CIFS_USE_MACHINE_ACCT, CIFS_USE_MACHINE_ACCT_DEFAULT);
+	s4u2proxy = share_bool_option(scfg, CIFS_USE_S4U2PROXY, CIFS_USE_S4U2PROXY_DEFAULT);
+
+	p = talloc_zero(ntvfs, struct cvfs_private);
+	if (!p) {
+		status = NT_STATUS_NO_MEMORY;
+		goto out;
+	}
+
+	ntvfs->private_data = p;
+
+	if (!host) {
+		DEBUG(1,("CIFS backend: You must supply server\n"));
+		status = NT_STATUS_INVALID_PARAMETER;
+		goto out;
+	} 
+	
+	if (user && pass) {
+		DEBUG(5, ("CIFS backend: Using specified password\n"));
+		credentials = cli_credentials_init(p);
+		if (!credentials) {
+			status = NT_STATUS_NO_MEMORY;
+			goto out;
+		}
+		cli_credentials_set_conf(credentials, ntvfs->ctx->lp_ctx);
+		cli_credentials_set_username(credentials, user, CRED_SPECIFIED);
+		if (domain) {
+			cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
+		}
+		cli_credentials_set_password(credentials, pass, CRED_SPECIFIED);
+	} else if (machine_account) {
+		DEBUG(5, ("CIFS backend: Using machine account\n"));
+		credentials = cli_credentials_init_server(p,
+							  ntvfs->ctx->lp_ctx);
+		if (credentials == NULL) {
+			status = NT_STATUS_NO_MEMORY;
+			goto out;
+		}
+	} else if (req->session_info->credentials) {
+		DEBUG(5, ("CIFS backend: Using delegated credentials\n"));
+		credentials = req->session_info->credentials;
+	} else if (s4u2proxy) {
+		struct ccache_container *ccc = NULL;
+		const char *err_str = NULL;
+		int ret;
+		char *impersonate_principal;
+		char *self_service;
+		char *target_service;
+
+		impersonate_principal = talloc_asprintf(req, "%s@%s",
+						req->session_info->info->account_name,
+						req->session_info->info->domain_name);
+
+		self_service = talloc_asprintf(req, "cifs/%s",
+					       lpcfg_netbios_name(ntvfs->ctx->lp_ctx));
+
+		target_service = talloc_asprintf(req, "cifs/%s", host);
+
+		DEBUG(5, ("CIFS backend: Using S4U2Proxy credentials\n"));
+
+		credentials = cli_credentials_init_server(p,
+							  ntvfs->ctx->lp_ctx);
+		if (credentials == NULL) {
+			status = NT_STATUS_NO_MEMORY;
+			goto out;
+		}
+		cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED);
+		cli_credentials_set_impersonate_principal(credentials,
+							  impersonate_principal,
+							  self_service);
+		cli_credentials_set_target_service(credentials, target_service);
+		ret = cli_credentials_get_ccache(credentials,
+						 ntvfs->ctx->event_ctx,
+						 ntvfs->ctx->lp_ctx,
+						 &ccc,
+						 &err_str);
+		if (ret != 0) {
+			status = NT_STATUS_CROSSREALM_DELEGATION_FAILURE;
+			DEBUG(1,("S4U2Proxy: cli_credentials_get_ccache() gave: ret[%d] str[%s] - %s\n",
+				ret, err_str, nt_errstr(status)));
+			goto out;
+		}
+
+	} else {
+		DEBUG(1,("CIFS backend: NO delegated credentials found: You must supply server, user and password or the client must supply delegated credentials\n"));
+		status = NT_STATUS_INTERNAL_ERROR;
+		goto out;
+	}
+
+	/* connect to the server, using the smbd event context */
+	io.in.dest_host = host;
+	io.in.dest_ports = lpcfg_smb_ports(ntvfs->ctx->lp_ctx);
+	io.in.socket_options = lpcfg_socket_options(ntvfs->ctx->lp_ctx);
+	io.in.called_name = host;
+	io.in.existing_conn = NULL;
+	io.in.credentials = credentials;
+	io.in.fallback_to_anonymous = false;
+	io.in.workgroup = lpcfg_workgroup(ntvfs->ctx->lp_ctx);
+	io.in.service = remote_share;
+	io.in.service_type = "?????";
+	io.in.gensec_settings = lpcfg_gensec_settings(p, ntvfs->ctx->lp_ctx);
+	lpcfg_smbcli_options(ntvfs->ctx->lp_ctx, &io.in.options);
+	lpcfg_smbcli_session_options(ntvfs->ctx->lp_ctx, &io.in.session_options);
+
+	if (!(ntvfs->ctx->client_caps & NTVFS_CLIENT_CAP_LEVEL_II_OPLOCKS)) {
+		io.in.options.use_level2_oplocks = false;
+	}
+
+	creq = smb_composite_connect_send(&io, p,
+					  lpcfg_resolve_context(ntvfs->ctx->lp_ctx),
+					  ntvfs->ctx->event_ctx);
+	status = smb_composite_connect_recv(creq, p);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto out;
+	}
+
+	p->tree = io.out.tree;
+
+	p->transport = p->tree->session->transport;
+	SETUP_PID;
+	p->ntvfs = ntvfs;
+
+	ntvfs->ctx->fs_type = talloc_strdup(ntvfs->ctx, "NTFS");
+	if (ntvfs->ctx->fs_type == NULL) {
+		status = NT_STATUS_NO_MEMORY;
+		goto out;
+	}
+	ntvfs->ctx->dev_type = talloc_strdup(ntvfs->ctx, "A:");
+	if (ntvfs->ctx->dev_type == NULL) {
+		status = NT_STATUS_NO_MEMORY;
+		goto out;
+	}
+
+	if (tcon->generic.level == RAW_TCON_TCONX) {
+		tcon->tconx.out.fs_type = ntvfs->ctx->fs_type;
+		tcon->tconx.out.dev_type = ntvfs->ctx->dev_type;
+	}
+
+	/* we need to receive oplock break requests from the server */
+	smbcli_oplock_handler(p->transport, oplock_handler, p);
+
+	p->map_generic = share_bool_option(scfg, CIFS_MAP_GENERIC, CIFS_MAP_GENERIC_DEFAULT);
+
+	p->map_trans2 = share_bool_option(scfg, CIFS_MAP_TRANS2, CIFS_MAP_TRANS2_DEFAULT);
+
+	status = NT_STATUS_OK;
+
+out:
+	TALLOC_FREE(tmp_ctx);
+	return status;
+}
+
+/*
+  disconnect from a share
+*/
+static NTSTATUS cvfs_disconnect(struct ntvfs_module_context *ntvfs)
+{
+	struct cvfs_private *p = ntvfs->private_data;
+	struct async_info *a, *an;
+
+	/* first cleanup pending requests */
+	for (a=p->pending; a; a = an) {
+		an = a->next;
+		smbcli_request_destroy(a->c_req);
+		talloc_free(a);
+	}
+
+	talloc_free(p);
+	ntvfs->private_data = NULL;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  destroy an async info structure
+*/
+static int async_info_destructor(struct async_info *async)
+{
+	DLIST_REMOVE(async->cvfs->pending, async);
+	return 0;
+}
+
+/*
+  a handler for simple async replies
+  this handler can only be used for functions that don't return any
+  parameters (those that just return a status code)
+ */
+static void async_simple(struct smbcli_request *c_req)
+{
+	struct async_info *async = c_req->async.private_data;
+	struct ntvfs_request *req = async->req;
+	req->async_states->status = smbcli_request_simple_recv(c_req);
+	talloc_free(async);
+	req->async_states->send_fn(req);
+}
+
+
+/* save some typing for the simple functions */
+#define ASYNC_RECV_TAIL_F(io, async_fn, file) do { \
+	if (!c_req) return NT_STATUS_UNSUCCESSFUL; \
+	{ \
+		struct async_info *async; \
+		async = talloc(req, struct async_info); \
+		if (!async) return NT_STATUS_NO_MEMORY; \
+		async->parms = io; \
+		async->req = req; \
+		async->f = file; \
+		async->cvfs = p; \
+		async->c_req = c_req; \
+		DLIST_ADD(p->pending, async); \
+		c_req->async.private_data = async; \
+		talloc_set_destructor(async, async_info_destructor); \
+	} \
+	c_req->async.fn = async_fn; \
+	req->async_states->state |= NTVFS_ASYNC_STATE_ASYNC; \
+	return NT_STATUS_OK; \
+} while (0)
+
+#define ASYNC_RECV_TAIL(io, async_fn) ASYNC_RECV_TAIL_F(io, async_fn, NULL)
+
+#define SIMPLE_ASYNC_TAIL ASYNC_RECV_TAIL(NULL, async_simple)
+
+/*
+  delete a file - the dirtype specifies the file types to include in the search. 
+  The name can contain CIFS wildcards, but rarely does (except with OS/2 clients)
+*/
+static NTSTATUS cvfs_unlink(struct ntvfs_module_context *ntvfs, 
+			    struct ntvfs_request *req, union smb_unlink *unl)
+{
+	struct cvfs_private *p = ntvfs->private_data;
+	struct smbcli_request *c_req;
+
+	SETUP_PID;
+
+	/* see if the front end will allow us to perform this
+	   function asynchronously.  */
+	if (!(req->async_states->state & NTVFS_ASYNC_STATE_MAY_ASYNC)) {
+		return smb_raw_unlink(p->tree, unl);
+	}
+
+	c_req = smb_raw_unlink_send(p->tree, unl);
+
+	SIMPLE_ASYNC_TAIL;
+}
+
+/*
+  a handler for async ioctl replies
+ */
+static void async_ioctl(struct smbcli_request *c_req)
+{
+	struct async_info *async = c_req->async.private_data;
+	struct ntvfs_request *req = async->req;
+	req->async_states->status = smb_raw_ioctl_recv(c_req, req, async->parms);
+	talloc_free(async);
+	req->async_states->send_fn(req);
+}
+
+/*
+  ioctl interface
+*/
+static NTSTATUS cvfs_ioctl(struct ntvfs_module_context *ntvfs, 
+			   struct ntvfs_request *req, union smb_ioctl *io)
+{
+	struct cvfs_private *p = ntvfs->private_data;
+	struct smbcli_request *c_req;
+
+	SETUP_PID_AND_FILE;
+
+	/* see if the front end will allow us to perform this
+	   function asynchronously.  */
+	if (!(req->async_states->state & NTVFS_ASYNC_STATE_MAY_ASYNC)) {
+		return smb_raw_ioctl(p->tree, req, io);
+	}
+
+	c_req = smb_raw_ioctl_send(p->tree, io);
+
+	ASYNC_RECV_TAIL(io, async_ioctl);
+}
+
+/*
+  check if a directory exists
+*/
+static NTSTATUS cvfs_chkpath(struct ntvfs_module_context *ntvfs, 
+			     struct ntvfs_request *req, union smb_chkpath *cp)
+{
+	struct cvfs_private *p = ntvfs->private_data;
+	struct smbcli_request *c_req;
+
+	SETUP_PID;
+
+	if (!(req->async_states->state & NTVFS_ASYNC_STATE_MAY_ASYNC)) {
+		return smb_raw_chkpath(p->tree, cp);
+	}
+
+	c_req = smb_raw_chkpath_send(p->tree, cp);
+
+	SIMPLE_ASYNC_TAIL;
+}
+
+/*
+  a handler for async qpathinfo replies
+ */
+static void async_qpathinfo(struct smbcli_request *c_req)
+{
+	struct async_info *async = c_req->async.private_data;
+	struct ntvfs_request *req = async->req;
+	req->async_states->status = smb_raw_pathinfo_recv(c_req, req, async->parms);
+	talloc_free(async);
+	req->async_states->send_fn(req);
+}
+
+/*
+  return info on a pathname
+*/
+static NTSTATUS cvfs_qpathinfo(struct ntvfs_module_context *ntvfs, 
+			       struct ntvfs_request *req, union smb_fileinfo *info)
+{
+	struct cvfs_private *p = ntvfs->private_data;
+	struct smbcli_request *c_req;
+
+	SETUP_PID;
+
+	if (!(req->async_states->state & NTVFS_ASYNC_STATE_MAY_ASYNC)) {
+		return smb_raw_pathinfo(p->tree, req, info);
+	}
+
+	c_req = smb_raw_pathinfo_send(p->tree, info);
+
+	ASYNC_RECV_TAIL(info, async_qpathinfo);
+}
+
+/*
+  a handler for async qfileinfo replies
+ */
+static void async_qfileinfo(struct smbcli_request *c_req)
+{
+	struct async_info *async = c_req->async.private_data;
+	struct ntvfs_request *req = async->req;
+	req->async_states->status = smb_raw_fileinfo_recv(c_req, req, async->parms);
+	talloc_free(async);
+	req->async_states->send_fn(req);
+}
+
+/*
+  query info on a open file
+*/
+static NTSTATUS cvfs_qfileinfo(struct ntvfs_module_context *ntvfs, 
+			       struct ntvfs_request *req, union smb_fileinfo *io)
+{
+	struct cvfs_private *p = ntvfs->private_data;
+	struct smbcli_request *c_req;
+
+	SETUP_PID_AND_FILE;
+
+	if (!(req->async_states->state & NTVFS_ASYNC_STATE_MAY_ASYNC)) {
+		return smb_raw_fileinfo(p->tree, req, io);
+	}
+
+	c_req = smb_raw_fileinfo_send(p->tree, io);
+
+	ASYNC_RECV_TAIL(io, async_qfileinfo);
+}
+
+
+/*
+  set info on a pathname
+*/
+static NTSTATUS cvfs_setpathinfo(struct ntvfs_module_context *ntvfs, 
+				 struct ntvfs_request *req, union smb_setfileinfo *st)
+{
+	struct cvfs_private *p = ntvfs->private_data;
+	struct smbcli_request *c_req;
+
+	SETUP_PID;
+
+	if (!(req->async_states->state & NTVFS_ASYNC_STATE_MAY_ASYNC)) {
+		return smb_raw_setpathinfo(p->tree, st);
+	}
+
+	c_req = smb_raw_setpathinfo_send(p->tree, st);
+
+	SIMPLE_ASYNC_TAIL;
+}
+
+
+/*
+  a handler for async open replies
+ */
+static void async_open(struct smbcli_request *c_req)
+{
+	struct async_info *async = c_req->async.private_data;
+	struct cvfs_private *cvfs = async->cvfs;
+	struct ntvfs_request *req = async->req;
+	struct cvfs_file *f = async->f;
+	union smb_open *io = async->parms;
+	union smb_handle *file;
+	if (f == NULL) {
+		goto failed;
+	}
+	talloc_free(async);
+	req->async_states->status = smb_raw_open_recv(c_req, req, io);
+	SMB_OPEN_OUT_FILE(io, file);
+	if (file == NULL) {
+		goto failed;
+	}
+	f->fnum = file->fnum;
+	file->ntvfs = NULL;
+	if (!NT_STATUS_IS_OK(req->async_states->status)) goto failed;
+	req->async_states->status = ntvfs_handle_set_backend_data(f->h, cvfs->ntvfs, f);
+	if (!NT_STATUS_IS_OK(req->async_states->status)) goto failed;
+	file->ntvfs = f->h;
+	DLIST_ADD(cvfs->files, f);
+failed:
+	req->async_states->send_fn(req);
+}
+
+/*
+  open a file
+*/
+static NTSTATUS cvfs_open(struct ntvfs_module_context *ntvfs, 
+			  struct ntvfs_request *req, union smb_open *io)
+{
+	struct cvfs_private *p = ntvfs->private_data;
+	struct smbcli_request *c_req;
+	struct ntvfs_handle *h;
+	struct cvfs_file *f;
+	NTSTATUS status;
+
+	SETUP_PID;
+
+	if (io->generic.level != RAW_OPEN_GENERIC &&
+	    p->map_generic) {
+		return ntvfs_map_open(ntvfs, req, io);
+	}
+
+	status = ntvfs_handle_new(ntvfs, req, &h);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	f = talloc_zero(h, struct cvfs_file);
+	NT_STATUS_HAVE_NO_MEMORY(f);
+	f->h = h;
+
+	if (!(req->async_states->state & NTVFS_ASYNC_STATE_MAY_ASYNC)) {
+		union smb_handle *file;
+
+		status = smb_raw_open(p->tree, req, io);
+		NT_STATUS_NOT_OK_RETURN(status);
+
+		SMB_OPEN_OUT_FILE(io, file);
+		if (file == NULL) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+		f->fnum = file->fnum;
+		file->ntvfs = NULL;
+		status = ntvfs_handle_set_backend_data(f->h, p->ntvfs, f);
+		NT_STATUS_NOT_OK_RETURN(status);
+		file->ntvfs = f->h;
+		DLIST_ADD(p->files, f);
+
+		return NT_STATUS_OK;
+	}
+
+	c_req = smb_raw_open_send(p->tree, io);
+
+	ASYNC_RECV_TAIL_F(io, async_open, f);
+}
+
+/*
+  create a directory
+*/
+static NTSTATUS cvfs_mkdir(struct ntvfs_module_context *ntvfs, 
+			   struct ntvfs_request *req, union smb_mkdir *md)
+{
+	struct cvfs_private *p = ntvfs->private_data;
+	struct smbcli_request *c_req;
+
+	SETUP_PID;
+
+	if (!(req->async_states->state & NTVFS_ASYNC_STATE_MAY_ASYNC)) {
+		return smb_raw_mkdir(p->tree, md);
+	}
+
+	c_req = smb_raw_mkdir_send(p->tree, md);
+
+	SIMPLE_ASYNC_TAIL;
+}
+
+/*
+  remove a directory
+*/
+static NTSTATUS cvfs_rmdir(struct ntvfs_module_context *ntvfs, 
+			   struct ntvfs_request *req, struct smb_rmdir *rd)
+{
+	struct cvfs_private *p = ntvfs->private_data;
+	struct smbcli_request *c_req;
+
+	SETUP_PID;
+
+	if (!(req->async_states->state & NTVFS_ASYNC_STATE_MAY_ASYNC)) {
+		return smb_raw_rmdir(p->tree, rd);
+	}
+	c_req = smb_raw_rmdir_send(p->tree, rd);
+
+	SIMPLE_ASYNC_TAIL;
+}
+
+/*
+  rename a set of files
+*/
+static NTSTATUS cvfs_rename(struct ntvfs_module_context *ntvfs, 
+			    struct ntvfs_request *req, union smb_rename *ren)
+{
+	struct cvfs_private *p = ntvfs->private_data;
+	struct smbcli_request *c_req;
+
+	SETUP_PID;
+
+	if (ren->nttrans.level == RAW_RENAME_NTTRANS) {
+		struct cvfs_file *f;
+		f = ntvfs_handle_get_backend_data(ren->nttrans.in.file.ntvfs, ntvfs);
+		if (!f) return NT_STATUS_INVALID_HANDLE;
+		ren->nttrans.in.file.fnum = f->fnum;
+	}
+
+	if (!(req->async_states->state & NTVFS_ASYNC_STATE_MAY_ASYNC)) {
+		return smb_raw_rename(p->tree, ren);
+	}
+
+	c_req = smb_raw_rename_send(p->tree, ren);
+
+	SIMPLE_ASYNC_TAIL;
+}
+
+/*
+  copy a set of files
+*/
+static NTSTATUS cvfs_copy(struct ntvfs_module_context *ntvfs, 
+			  struct ntvfs_request *req, struct smb_copy *cp)
+{
+	return NT_STATUS_NOT_SUPPORTED;
+}
+
+/*
+  a handler for async read replies
+ */
+static void async_read(struct smbcli_request *c_req)
+{
+	struct async_info *async = c_req->async.private_data;
+	struct ntvfs_request *req = async->req;
+	req->async_states->status = smb_raw_read_recv(c_req, async->parms);
+	talloc_free(async);
+	req->async_states->send_fn(req);
+}
+
+/*
+  read from a file
+*/
+static NTSTATUS cvfs_read(struct ntvfs_module_context *ntvfs, 
+			  struct ntvfs_request *req, union smb_read *io)
+{
+	struct cvfs_private *p = ntvfs->private_data;
+	struct smbcli_request *c_req;
+
+	SETUP_PID;
+
+	if (io->generic.level != RAW_READ_GENERIC &&
+	    p->map_generic) {
+		return ntvfs_map_read(ntvfs, req, io);
+	}
+
+	SETUP_FILE;
+
+	if (!(req->async_states->state & NTVFS_ASYNC_STATE_MAY_ASYNC)) {
+		return smb_raw_read(p->tree, io);
+	}
+
+	c_req = smb_raw_read_send(p->tree, io);
+
+	ASYNC_RECV_TAIL(io, async_read);
+}
+
+/*
+  a handler for async write replies
+ */
+static void async_write(struct smbcli_request *c_req)
+{
+	struct async_info *async = c_req->async.private_data;
+	struct ntvfs_request *req = async->req;
+	req->async_states->status = smb_raw_write_recv(c_req, async->parms);
+	talloc_free(async);
+	req->async_states->send_fn(req);
+}
+
+/*
+  write to a file
+*/
+static NTSTATUS cvfs_write(struct ntvfs_module_context *ntvfs, 
+			   struct ntvfs_request *req, union smb_write *io)
+{
+	struct cvfs_private *p = ntvfs->private_data;
+	struct smbcli_request *c_req;
+
+	SETUP_PID;
+
+	if (io->generic.level != RAW_WRITE_GENERIC &&
+	    p->map_generic) {
+		return ntvfs_map_write(ntvfs, req, io);
+	}
+	SETUP_FILE;
+
+	if (!(req->async_states->state & NTVFS_ASYNC_STATE_MAY_ASYNC)) {
+		return smb_raw_write(p->tree, io);
+	}
+
+	c_req = smb_raw_write_send(p->tree, io);
+
+	ASYNC_RECV_TAIL(io, async_write);
+}
+
+/*
+  a handler for async seek replies
+ */
+static void async_seek(struct smbcli_request *c_req)
+{
+	struct async_info *async = c_req->async.private_data;
+	struct ntvfs_request *req = async->req;
+	req->async_states->status = smb_raw_seek_recv(c_req, async->parms);
+	talloc_free(async);
+	req->async_states->send_fn(req);
+}
+
+/*
+  seek in a file
+*/
+static NTSTATUS cvfs_seek(struct ntvfs_module_context *ntvfs, 
+			  struct ntvfs_request *req,
+			  union smb_seek *io)
+{
+	struct cvfs_private *p = ntvfs->private_data;
+	struct smbcli_request *c_req;
+
+	SETUP_PID_AND_FILE;
+
+	if (!(req->async_states->state & NTVFS_ASYNC_STATE_MAY_ASYNC)) {
+		return smb_raw_seek(p->tree, io);
+	}
+
+	c_req = smb_raw_seek_send(p->tree, io);
+
+	ASYNC_RECV_TAIL(io, async_seek);
+}
+
+/*
+  flush a file
+*/
+static NTSTATUS cvfs_flush(struct ntvfs_module_context *ntvfs, 
+			   struct ntvfs_request *req,
+			   union smb_flush *io)
+{
+	struct cvfs_private *p = ntvfs->private_data;
+	struct smbcli_request *c_req;
+
+	SETUP_PID;
+	switch (io->generic.level) {
+	case RAW_FLUSH_FLUSH:
+		SETUP_FILE;
+		break;
+	case RAW_FLUSH_ALL:
+		io->generic.in.file.fnum = 0xFFFF;
+		break;
+	case RAW_FLUSH_SMB2:
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	if (!(req->async_states->state & NTVFS_ASYNC_STATE_MAY_ASYNC)) {
+		return smb_raw_flush(p->tree, io);
+	}
+
+	c_req = smb_raw_flush_send(p->tree, io);
+
+	SIMPLE_ASYNC_TAIL;
+}
+
+/*
+  close a file
+*/
+static NTSTATUS cvfs_close(struct ntvfs_module_context *ntvfs, 
+			   struct ntvfs_request *req, union smb_close *io)
+{
+	struct cvfs_private *p = ntvfs->private_data;
+	struct smbcli_request *c_req;
+	struct cvfs_file *f;
+	union smb_close io2;
+
+	SETUP_PID;
+
+	if (io->generic.level != RAW_CLOSE_GENERIC &&
+	    p->map_generic) {
+		return ntvfs_map_close(ntvfs, req, io);
+	}
+
+	if (io->generic.level == RAW_CLOSE_GENERIC) {
+		ZERO_STRUCT(io2);
+		io2.close.level = RAW_CLOSE_CLOSE;
+		io2.close.in.file = io->generic.in.file;
+		io2.close.in.write_time = io->generic.in.write_time;
+		io = &io2;
+	}
+
+	SETUP_FILE_HERE(f);
+	/* Note, we aren't free-ing f, or it's h here. Should we?
+	   even if file-close fails, we'll remove it from the list,
+	   what else would we do? Maybe we should not remove until
+	   after the proxied call completes? */
+	DLIST_REMOVE(p->files, f);
+
+	if (!(req->async_states->state & NTVFS_ASYNC_STATE_MAY_ASYNC)) {
+		return smb_raw_close(p->tree, io);
+	}
+
+	c_req = smb_raw_close_send(p->tree, io);
+
+	SIMPLE_ASYNC_TAIL;
+}
+
+/*
+  exit - closing files open by the pid
+*/
+static NTSTATUS cvfs_exit(struct ntvfs_module_context *ntvfs, 
+			  struct ntvfs_request *req)
+{
+	struct cvfs_private *p = ntvfs->private_data;
+	struct smbcli_request *c_req;
+
+	SETUP_PID;
+
+	if (!(req->async_states->state & NTVFS_ASYNC_STATE_MAY_ASYNC)) {
+		return smb_raw_exit(p->tree->session);
+	}
+
+	c_req = smb_raw_exit_send(p->tree->session);
+
+	SIMPLE_ASYNC_TAIL;
+}
+
+/*
+  logoff - closing files open by the user
+*/
+static NTSTATUS cvfs_logoff(struct ntvfs_module_context *ntvfs, 
+			    struct ntvfs_request *req)
+{
+	/* we can't do this right in the cifs backend .... */
+	return NT_STATUS_OK;
+}
+
+/*
+  setup for an async call - nothing to do yet
+*/
+static NTSTATUS cvfs_async_setup(struct ntvfs_module_context *ntvfs, 
+				 struct ntvfs_request *req, 
+				 void *private_data)
+{
+	return NT_STATUS_OK;
+}
+
+/*
+  cancel an async call
+*/
+static NTSTATUS cvfs_cancel(struct ntvfs_module_context *ntvfs, 
+			    struct ntvfs_request *req)
+{
+	struct cvfs_private *p = ntvfs->private_data;
+	struct async_info *a;
+
+	/* find the matching request */
+	for (a=p->pending;a;a=a->next) {
+		if (a->req == req) {
+			break;
+		}
+	}
+
+	if (a == NULL) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	return smb_raw_ntcancel(a->c_req);
+}
+
+/*
+  lock a byte range
+*/
+static NTSTATUS cvfs_lock(struct ntvfs_module_context *ntvfs, 
+			  struct ntvfs_request *req, union smb_lock *io)
+{
+	struct cvfs_private *p = ntvfs->private_data;
+	struct smbcli_request *c_req;
+
+	SETUP_PID;
+
+	if (io->generic.level != RAW_LOCK_GENERIC &&
+	    p->map_generic) {
+		return ntvfs_map_lock(ntvfs, req, io);
+	}
+	SETUP_FILE;
+
+	if (!(req->async_states->state & NTVFS_ASYNC_STATE_MAY_ASYNC)) {
+		return smb_raw_lock(p->tree, io);
+	}
+
+	c_req = smb_raw_lock_send(p->tree, io);
+	SIMPLE_ASYNC_TAIL;
+}
+
+/*
+  set info on a open file
+*/
+static NTSTATUS cvfs_setfileinfo(struct ntvfs_module_context *ntvfs, 
+				 struct ntvfs_request *req, 
+				 union smb_setfileinfo *io)
+{
+	struct cvfs_private *p = ntvfs->private_data;
+	struct smbcli_request *c_req;
+
+	SETUP_PID_AND_FILE;
+
+	if (!(req->async_states->state & NTVFS_ASYNC_STATE_MAY_ASYNC)) {
+		return smb_raw_setfileinfo(p->tree, io);
+	}
+	c_req = smb_raw_setfileinfo_send(p->tree, io);
+
+	SIMPLE_ASYNC_TAIL;
+}
+
+
+/*
+  a handler for async fsinfo replies
+ */
+static void async_fsinfo(struct smbcli_request *c_req)
+{
+	struct async_info *async = c_req->async.private_data;
+	struct ntvfs_request *req = async->req;
+	req->async_states->status = smb_raw_fsinfo_recv(c_req, req, async->parms);
+	talloc_free(async);
+	req->async_states->send_fn(req);
+}
+
+/*
+  return filesystem space info
+*/
+static NTSTATUS cvfs_fsinfo(struct ntvfs_module_context *ntvfs, 
+			    struct ntvfs_request *req, union smb_fsinfo *fs)
+{
+	struct cvfs_private *p = ntvfs->private_data;
+	struct smbcli_request *c_req;
+
+	SETUP_PID;
+
+	if (!(req->async_states->state & NTVFS_ASYNC_STATE_MAY_ASYNC)) {
+		return smb_raw_fsinfo(p->tree, req, fs);
+	}
+
+	c_req = smb_raw_fsinfo_send(p->tree, req, fs);
+
+	ASYNC_RECV_TAIL(fs, async_fsinfo);
+}
+
+/*
+  return print queue info
+*/
+static NTSTATUS cvfs_lpq(struct ntvfs_module_context *ntvfs, 
+			 struct ntvfs_request *req, union smb_lpq *lpq)
+{
+	return NT_STATUS_NOT_SUPPORTED;
+}
+
+/* 
+   list files in a directory matching a wildcard pattern
+*/
+static NTSTATUS cvfs_search_first(struct ntvfs_module_context *ntvfs, 
+				  struct ntvfs_request *req, union smb_search_first *io, 
+				  void *search_private, 
+				  bool (*callback)(void *, const union smb_search_data *))
+{
+	struct cvfs_private *p = ntvfs->private_data;
+
+	SETUP_PID;
+
+	return smb_raw_search_first(p->tree, req, io, search_private, callback);
+}
+
+/* continue a search */
+static NTSTATUS cvfs_search_next(struct ntvfs_module_context *ntvfs, 
+				 struct ntvfs_request *req, union smb_search_next *io, 
+				 void *search_private, 
+				 bool (*callback)(void *, const union smb_search_data *))
+{
+	struct cvfs_private *p = ntvfs->private_data;
+
+	SETUP_PID;
+
+	return smb_raw_search_next(p->tree, req, io, search_private, callback);
+}
+
+/* close a search */
+static NTSTATUS cvfs_search_close(struct ntvfs_module_context *ntvfs, 
+				  struct ntvfs_request *req, union smb_search_close *io)
+{
+	struct cvfs_private *p = ntvfs->private_data;
+
+	SETUP_PID;
+
+	return smb_raw_search_close(p->tree, io);
+}
+
+/*
+  a handler for async trans2 replies
+ */
+static void async_trans2(struct smbcli_request *c_req)
+{
+	struct async_info *async = c_req->async.private_data;
+	struct ntvfs_request *req = async->req;
+	req->async_states->status = smb_raw_trans2_recv(c_req, req, async->parms);
+	talloc_free(async);
+	req->async_states->send_fn(req);
+}
+
+/* raw trans2 */
+static NTSTATUS cvfs_trans2(struct ntvfs_module_context *ntvfs, 
+			    struct ntvfs_request *req,
+			    struct smb_trans2 *trans2)
+{
+	struct cvfs_private *p = ntvfs->private_data;
+	struct smbcli_request *c_req;
+
+	if (p->map_trans2) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	SETUP_PID;
+
+	if (!(req->async_states->state & NTVFS_ASYNC_STATE_MAY_ASYNC)) {
+		return smb_raw_trans2(p->tree, req, trans2);
+	}
+
+	c_req = smb_raw_trans2_send(p->tree, trans2);
+
+	ASYNC_RECV_TAIL(trans2, async_trans2);
+}
+
+
+/* SMBtrans - not used on file shares */
+static NTSTATUS cvfs_trans(struct ntvfs_module_context *ntvfs, 
+			   struct ntvfs_request *req,
+			   struct smb_trans2 *trans2)
+{
+	return NT_STATUS_ACCESS_DENIED;
+}
+
+/*
+  a handler for async change notify replies
+ */
+static void async_changenotify(struct smbcli_request *c_req)
+{
+	struct async_info *async = c_req->async.private_data;
+	struct ntvfs_request *req = async->req;
+	req->async_states->status = smb_raw_changenotify_recv(c_req, req, async->parms);
+	talloc_free(async);
+	req->async_states->send_fn(req);
+}
+
+/* change notify request - always async */
+static NTSTATUS cvfs_notify(struct ntvfs_module_context *ntvfs, 
+			    struct ntvfs_request *req,
+			    union smb_notify *io)
+{
+	struct cvfs_private *p = ntvfs->private_data;
+	struct smbcli_request *c_req;
+	int saved_timeout = p->transport->options.request_timeout;
+	struct cvfs_file *f;
+
+	if (io->nttrans.level != RAW_NOTIFY_NTTRANS) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	SETUP_PID;
+
+	f = ntvfs_handle_get_backend_data(io->nttrans.in.file.ntvfs, ntvfs);
+	if (!f) return NT_STATUS_INVALID_HANDLE;
+	io->nttrans.in.file.fnum = f->fnum;
+
+	/* this request doesn't make sense unless its async */
+	if (!(req->async_states->state & NTVFS_ASYNC_STATE_MAY_ASYNC)) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/* we must not timeout on notify requests - they wait
+	   forever */
+	p->transport->options.request_timeout = 0;
+
+	c_req = smb_raw_changenotify_send(p->tree, io);
+
+	p->transport->options.request_timeout = saved_timeout;
+
+	ASYNC_RECV_TAIL(io, async_changenotify);
+}
+
+/*
+  initialise the CIFS->CIFS backend, registering ourselves with the ntvfs subsystem
+ */
+NTSTATUS ntvfs_cifs_init(TALLOC_CTX *ctx)
+{
+	NTSTATUS ret;
+	struct ntvfs_ops ops;
+	NTVFS_CURRENT_CRITICAL_SIZES(vers);
+
+	ZERO_STRUCT(ops);
+
+	/* fill in the name and type */
+	ops.name = "cifs";
+	ops.type = NTVFS_DISK;
+	
+	/* fill in all the operations */
+	ops.connect_fn = cvfs_connect;
+	ops.disconnect_fn = cvfs_disconnect;
+	ops.unlink_fn = cvfs_unlink;
+	ops.chkpath_fn = cvfs_chkpath;
+	ops.qpathinfo_fn = cvfs_qpathinfo;
+	ops.setpathinfo_fn = cvfs_setpathinfo;
+	ops.open_fn = cvfs_open;
+	ops.mkdir_fn = cvfs_mkdir;
+	ops.rmdir_fn = cvfs_rmdir;
+	ops.rename_fn = cvfs_rename;
+	ops.copy_fn = cvfs_copy;
+	ops.ioctl_fn = cvfs_ioctl;
+	ops.read_fn = cvfs_read;
+	ops.write_fn = cvfs_write;
+	ops.seek_fn = cvfs_seek;
+	ops.flush_fn = cvfs_flush;
+	ops.close_fn = cvfs_close;
+	ops.exit_fn = cvfs_exit;
+	ops.lock_fn = cvfs_lock;
+	ops.setfileinfo_fn = cvfs_setfileinfo;
+	ops.qfileinfo_fn = cvfs_qfileinfo;
+	ops.fsinfo_fn = cvfs_fsinfo;
+	ops.lpq_fn = cvfs_lpq;
+	ops.search_first_fn = cvfs_search_first;
+	ops.search_next_fn = cvfs_search_next;
+	ops.search_close_fn = cvfs_search_close;
+	ops.trans_fn = cvfs_trans;
+	ops.logoff_fn = cvfs_logoff;
+	ops.async_setup_fn = cvfs_async_setup;
+	ops.cancel_fn = cvfs_cancel;
+	ops.notify_fn = cvfs_notify;
+	ops.trans2_fn = cvfs_trans2;
+
+	/* register ourselves with the NTVFS subsystem. We register
+	   under the name 'cifs'. */
+	ret = ntvfs_register(&ops, &vers);
+
+	if (!NT_STATUS_IS_OK(ret)) {
+		DEBUG(0,("Failed to register CIFS backend!\n"));
+	}
+	
+	return ret;
+}
diff --git a/source4/ntvfs/common/brlock.c b/source4/ntvfs/common/brlock.c
new file mode 100644
index 0000000..d99cc4e
--- /dev/null
+++ b/source4/ntvfs/common/brlock.c
@@ -0,0 +1,136 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   generic byte range locking code
+
+   Copyright (C) Andrew Tridgell 1992-2004
+   Copyright (C) Jeremy Allison 1992-2000
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/* This module implements a tdb based byte range locking service,
+   replacing the fcntl() based byte range locking previously
+   used. This allows us to provide the same semantics as NT */
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "messaging/messaging.h"
+#include "lib/messaging/irpc.h"
+#include "libcli/libcli.h"
+#include "cluster/cluster.h"
+#include "ntvfs/common/ntvfs_common.h"
+
+static const struct brlock_ops *ops;
+
+/*
+  set the brl backend ops
+*/
+void brlock_set_ops(const struct brlock_ops *new_ops)
+{
+	ops = new_ops;
+}
+
+/*
+  Open up the brlock database. Close it down using talloc_free(). We
+  need the imessaging_ctx to allow for pending lock notifications.
+*/
+struct brl_context *brlock_init(TALLOC_CTX *mem_ctx, struct server_id server, 
+			     struct loadparm_context *lp_ctx,
+			     struct imessaging_context *imessaging_ctx)
+{
+	if (ops == NULL) {
+		brl_tdb_init_ops();
+	}
+	return ops->brl_init(mem_ctx, server, lp_ctx, imessaging_ctx);
+}
+
+struct brl_handle *brlock_create_handle(TALLOC_CTX *mem_ctx, struct ntvfs_handle *ntvfs, DATA_BLOB *file_key)
+{
+	return ops->brl_create_handle(mem_ctx, ntvfs, file_key);
+}
+
+/*
+  Lock a range of bytes.  The lock_type can be a PENDING_*_LOCK, in
+  which case a real lock is first tried, and if that fails then a
+  pending lock is created. When the pending lock is triggered (by
+  someone else closing an overlapping lock range) a messaging
+  notification is sent, identified by the notify_ptr
+*/
+NTSTATUS brlock_lock(struct brl_context *brl,
+		  struct brl_handle *brlh,
+		  uint32_t smbpid,
+		  uint64_t start, uint64_t size, 
+		  enum brl_type lock_type,
+		  void *notify_ptr)
+{
+	return ops->brl_lock(brl, brlh, smbpid, start, size, lock_type, notify_ptr);
+}
+
+
+/*
+ Unlock a range of bytes.
+*/
+NTSTATUS brlock_unlock(struct brl_context *brl,
+		    struct brl_handle *brlh, 
+		    uint32_t smbpid,
+		    uint64_t start, uint64_t size)
+{
+	return ops->brl_unlock(brl, brlh, smbpid, start, size);
+}
+
+/*
+  remove a pending lock. This is called when the caller has either
+  given up trying to establish a lock or when they have succeeded in
+  getting it. In either case they no longer need to be notified.
+*/
+NTSTATUS brlock_remove_pending(struct brl_context *brl,
+			    struct brl_handle *brlh, 
+			    void *notify_ptr)
+{
+	return ops->brl_remove_pending(brl, brlh, notify_ptr);
+}
+
+
+/*
+  Test if we are allowed to perform IO on a region of an open file
+*/
+NTSTATUS brlock_locktest(struct brl_context *brl,
+		      struct brl_handle *brlh,
+		      uint32_t smbpid, 
+		      uint64_t start, uint64_t size, 
+		      enum brl_type lock_type)
+{
+	return ops->brl_locktest(brl, brlh, smbpid, start, size, lock_type);
+}
+
+
+/*
+ Remove any locks associated with a open file.
+*/
+NTSTATUS brlock_close(struct brl_context *brl,
+		   struct brl_handle *brlh)
+{
+	return ops->brl_close(brl, brlh);
+}
+
+/*
+ Get a number of locks associated with a open file.
+*/
+NTSTATUS brlock_count(struct brl_context *brl,
+		   struct brl_handle *brlh,
+		   int *count)
+{
+	return ops->brl_count(brl, brlh, count);
+}
diff --git a/source4/ntvfs/common/brlock.h b/source4/ntvfs/common/brlock.h
new file mode 100644
index 0000000..650136b
--- /dev/null
+++ b/source4/ntvfs/common/brlock.h
@@ -0,0 +1,55 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   generic byte range locking code - common include
+
+   Copyright (C) Andrew Tridgell 2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "libcli/libcli.h"
+
+struct brlock_ops {
+	struct brl_context *(*brl_init)(TALLOC_CTX *, struct server_id , 
+					struct loadparm_context *lp_ctx,
+					struct imessaging_context *);
+	struct brl_handle *(*brl_create_handle)(TALLOC_CTX *, struct ntvfs_handle *, DATA_BLOB *);
+	NTSTATUS (*brl_lock)(struct brl_context *,
+			     struct brl_handle *,
+			     uint32_t ,
+			     uint64_t , uint64_t , 
+			     enum brl_type ,
+			     void *);
+	NTSTATUS (*brl_unlock)(struct brl_context *,
+			       struct brl_handle *, 
+			       uint32_t ,
+			       uint64_t , uint64_t );
+	NTSTATUS (*brl_remove_pending)(struct brl_context *,
+				       struct brl_handle *, 
+				       void *);
+	NTSTATUS (*brl_locktest)(struct brl_context *,
+				 struct brl_handle *,
+				 uint32_t , 
+				 uint64_t , uint64_t , 
+				 enum brl_type );
+	NTSTATUS (*brl_close)(struct brl_context *,
+			      struct brl_handle *);
+	NTSTATUS (*brl_count)(struct brl_context *,
+			      struct brl_handle *,
+			      int *count);
+};
+
+void brlock_set_ops(const struct brlock_ops *new_ops);
+void brl_tdb_init_ops(void);
diff --git a/source4/ntvfs/common/brlock_tdb.c b/source4/ntvfs/common/brlock_tdb.c
new file mode 100644
index 0000000..c4cd76b
--- /dev/null
+++ b/source4/ntvfs/common/brlock_tdb.c
@@ -0,0 +1,775 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   generic byte range locking code - tdb backend
+
+   Copyright (C) Andrew Tridgell 1992-2006
+   Copyright (C) Jeremy Allison 1992-2000
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/* This module implements a tdb based byte range locking service,
+   replacing the fcntl() based byte range locking previously
+   used. This allows us to provide the same semantics as NT */
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "messaging/messaging.h"
+#include "lib/messaging/irpc.h"
+#include "libcli/libcli.h"
+#include "cluster/cluster.h"
+#include "ntvfs/common/brlock.h"
+#include "ntvfs/ntvfs.h"
+#include "param/param.h"
+#include "dbwrap/dbwrap.h"
+
+/*
+  in this module a "DATA_BLOB *file_key" is a blob that uniquely identifies
+  a file. For a local posix filesystem this will usually be a combination
+  of the device and inode numbers of the file, but it can be anything 
+  that uniquely identifies a file for locking purposes, as long
+  as it is applied consistently.
+*/
+
+/* this struct is typically attached to tcon */
+struct brl_context {
+	struct db_context *db;
+	struct server_id server;
+	struct imessaging_context *imessaging_ctx;
+};
+
+/*
+  the lock context contains the elements that define whether one
+  lock is the same as another lock
+*/
+struct lock_context {
+	struct server_id server;
+	uint32_t smbpid;
+	struct brl_context *ctx;
+};
+
+/* The data in brlock records is an unsorted linear array of these
+   records.  It is unnecessary to store the count as tdb provides the
+   size of the record */
+struct lock_struct {
+	struct lock_context context;
+	struct ntvfs_handle *ntvfs;
+	uint64_t start;
+	uint64_t size;
+	enum brl_type lock_type;
+	void *notify_ptr;
+};
+
+/* this struct is attached to on oprn file handle */
+struct brl_handle {
+	DATA_BLOB key;
+	struct ntvfs_handle *ntvfs;
+	struct lock_struct last_lock;
+};
+
+/* see if we have wrapped locks, which are no longer allowed (windows
+ * changed this in win7 */
+static bool brl_invalid_lock_range(uint64_t start, uint64_t size)
+{
+	return (size > 1 && (start + size < start));
+}
+
+/*
+  Open up the brlock.tdb database. Close it down using
+  talloc_free(). We need the imessaging_ctx to allow for
+  pending lock notifications.
+*/
+static struct brl_context *brl_tdb_init(TALLOC_CTX *mem_ctx, struct server_id server, 
+					struct loadparm_context *lp_ctx,
+				    struct imessaging_context *imessaging_ctx)
+{
+	struct brl_context *brl;
+
+	brl = talloc(mem_ctx, struct brl_context);
+	if (brl == NULL) {
+		return NULL;
+	}
+
+	brl->db = cluster_db_tmp_open(brl, lp_ctx, "brlock", TDB_DEFAULT);
+	if (brl->db == NULL) {
+		talloc_free(brl);
+		return NULL;
+	}
+
+	brl->server = server;
+	brl->imessaging_ctx = imessaging_ctx;
+
+	return brl;
+}
+
+static struct brl_handle *brl_tdb_create_handle(TALLOC_CTX *mem_ctx, struct ntvfs_handle *ntvfs, 
+						    DATA_BLOB *file_key)
+{
+	struct brl_handle *brlh;
+
+	brlh = talloc(mem_ctx, struct brl_handle);
+	if (brlh == NULL) {
+		return NULL;
+	}
+
+	brlh->key = *file_key;
+	brlh->ntvfs = ntvfs;
+	ZERO_STRUCT(brlh->last_lock);
+
+	return brlh;
+}
+
+/*
+  see if two locking contexts are equal
+*/
+static bool brl_tdb_same_context(struct lock_context *ctx1, struct lock_context *ctx2)
+{
+	return (cluster_id_equal(&ctx1->server, &ctx2->server) &&
+		ctx1->smbpid == ctx2->smbpid &&
+		ctx1->ctx == ctx2->ctx);
+}
+
+/*
+  see if lck1 and lck2 overlap
+
+  lck1 is the existing lock. lck2 is the new lock we are 
+  looking at adding
+*/
+static bool brl_tdb_overlap(struct lock_struct *lck1, 
+			    struct lock_struct *lck2)
+{
+	/* this extra check is not redundant - it copes with locks
+	   that go beyond the end of 64 bit file space */
+	if (lck1->size != 0 &&
+	    lck1->start == lck2->start &&
+	    lck1->size == lck2->size) {
+		return true;
+	}
+	    
+	if (lck1->start >= (lck2->start+lck2->size) ||
+	    lck2->start >= (lck1->start+lck1->size)) {
+		return false;
+	}
+
+	/* we have a conflict. Now check to see if lck1 really still
+	 * exists, which involves checking if the process still
+	 * exists. We leave this test to last as its the most
+	 * expensive test, especially when we are clustered */
+	/* TODO: need to do this via a server_id_exists() call, which
+	 * hasn't been written yet. When clustered this will need to
+	 * call into ctdb */
+
+	return true;
+} 
+
+/*
+ See if lock2 can be added when lock1 is in place.
+*/
+static bool brl_tdb_conflict(struct lock_struct *lck1, 
+			 struct lock_struct *lck2)
+{
+	/* pending locks don't conflict with anything */
+	if (lck1->lock_type >= PENDING_READ_LOCK ||
+	    lck2->lock_type >= PENDING_READ_LOCK) {
+		return false;
+	}
+
+	if (lck1->lock_type == READ_LOCK && lck2->lock_type == READ_LOCK) {
+		return false;
+	}
+
+	if (brl_tdb_same_context(&lck1->context, &lck2->context) &&
+	    lck2->lock_type == READ_LOCK && lck1->ntvfs == lck2->ntvfs) {
+		return false;
+	}
+
+	return brl_tdb_overlap(lck1, lck2);
+} 
+
+
+/*
+ Check to see if this lock conflicts, but ignore our own locks on the
+ same fnum only.
+*/
+static bool brl_tdb_conflict_other(struct lock_struct *lck1, struct lock_struct *lck2)
+{
+	/* pending locks don't conflict with anything */
+	if (lck1->lock_type >= PENDING_READ_LOCK ||
+	    lck2->lock_type >= PENDING_READ_LOCK) {
+		return false;
+	}
+
+	if (lck1->lock_type == READ_LOCK && lck2->lock_type == READ_LOCK) 
+		return false;
+
+	/*
+	 * note that incoming write calls conflict with existing READ
+	 * locks even if the context is the same. JRA. See LOCKTEST7
+	 * in smbtorture.
+	 */
+	if (brl_tdb_same_context(&lck1->context, &lck2->context) &&
+	    lck1->ntvfs == lck2->ntvfs &&
+	    (lck2->lock_type == READ_LOCK || lck1->lock_type == WRITE_LOCK)) {
+		return false;
+	}
+
+	return brl_tdb_overlap(lck1, lck2);
+} 
+
+
+/*
+  amazingly enough, w2k3 "remembers" whether the last lock failure
+  is the same as this one and changes its error code. I wonder if any
+  app depends on this?
+*/
+static NTSTATUS brl_tdb_lock_failed(struct brl_handle *brlh, struct lock_struct *lock)
+{
+	/*
+	 * this function is only called for non pending lock!
+	 */
+
+	/* in SMB2 mode always return NT_STATUS_LOCK_NOT_GRANTED! */
+	if (lock->ntvfs->ctx->protocol >= PROTOCOL_SMB2_02) {
+		return NT_STATUS_LOCK_NOT_GRANTED;
+	}
+
+	/* 
+	 * if the notify_ptr is non NULL,
+	 * it means that we're at the end of a pending lock
+	 * and the real lock is requested after the timeout went by
+	 * In this case we need to remember the last_lock and always
+	 * give FILE_LOCK_CONFLICT
+	 */
+	if (lock->notify_ptr) {
+		brlh->last_lock = *lock;
+		return NT_STATUS_FILE_LOCK_CONFLICT;
+	}
+
+	/* 
+	 * amazing the little things you learn with a test
+	 * suite. Locks beyond this offset (as a 64 bit
+	 * number!) always generate the conflict error code,
+	 * unless the top bit is set
+	 */
+	if (lock->start >= 0xEF000000 && (lock->start >> 63) == 0) {
+		brlh->last_lock = *lock;
+		return NT_STATUS_FILE_LOCK_CONFLICT;
+	}
+
+	/*
+	 * if the current lock matches the last failed lock on the file handle
+	 * and starts at the same offset, then FILE_LOCK_CONFLICT should be returned
+	 */
+	if (cluster_id_equal(&lock->context.server, &brlh->last_lock.context.server) &&
+	    lock->context.ctx == brlh->last_lock.context.ctx &&
+	    lock->ntvfs == brlh->last_lock.ntvfs &&
+	    lock->start == brlh->last_lock.start) {
+		return NT_STATUS_FILE_LOCK_CONFLICT;
+	}
+
+	brlh->last_lock = *lock;
+	return NT_STATUS_LOCK_NOT_GRANTED;
+}
+
+/*
+  Lock a range of bytes.  The lock_type can be a PENDING_*_LOCK, in
+  which case a real lock is first tried, and if that fails then a
+  pending lock is created. When the pending lock is triggered (by
+  someone else closing an overlapping lock range) a messaging
+  notification is sent, identified by the notify_ptr
+*/
+static NTSTATUS brl_tdb_lock(struct brl_context *brl,
+			 struct brl_handle *brlh,
+			 uint32_t smbpid,
+			 uint64_t start, uint64_t size, 
+			 enum brl_type lock_type,
+			 void *notify_ptr)
+{
+	TDB_DATA kbuf, dbuf;
+	int count=0, i;
+	struct lock_struct lock, *locks=NULL;
+	NTSTATUS status;
+	struct db_record *locked;
+
+	kbuf.dptr = brlh->key.data;
+	kbuf.dsize = brlh->key.length;
+
+	if (brl_invalid_lock_range(start, size)) {
+		return NT_STATUS_INVALID_LOCK_RANGE;
+	}
+
+	locked = dbwrap_fetch_locked(brl->db, brl, kbuf);
+	if (!locked) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	/* if this is a pending lock, then with the chainlock held we
+	   try to get the real lock. If we succeed then we don't need
+	   to make it pending. This prevents a possible race condition
+	   where the pending lock gets created after the lock that is
+	   preventing the real lock gets removed */
+	if (lock_type >= PENDING_READ_LOCK) {
+		enum brl_type rw = (lock_type==PENDING_READ_LOCK? READ_LOCK : WRITE_LOCK);
+
+		/* here we need to force that the last_lock isn't overwritten */
+		lock = brlh->last_lock;
+		status = brl_tdb_lock(brl, brlh, smbpid, start, size, rw, NULL);
+		brlh->last_lock = lock;
+
+		if (NT_STATUS_IS_OK(status)) {
+			talloc_free(locked);
+			return NT_STATUS_OK;
+		}
+	}
+
+	dbuf = dbwrap_record_get_value(locked);
+
+	lock.context.smbpid = smbpid;
+	lock.context.server = brl->server;
+	lock.context.ctx = brl;
+	lock.ntvfs = brlh->ntvfs;
+	lock.context.ctx = brl;
+	lock.start = start;
+	lock.size = size;
+	lock.lock_type = lock_type;
+	lock.notify_ptr = notify_ptr;
+
+	if (dbuf.dptr) {
+		/* there are existing locks - make sure they don't conflict */
+		locks = (struct lock_struct *)dbuf.dptr;
+		count = dbuf.dsize / sizeof(*locks);
+		for (i=0; i<count; i++) {
+			if (brl_tdb_conflict(&locks[i], &lock)) {
+				status = brl_tdb_lock_failed(brlh, &lock);
+				goto fail;
+			}
+		}
+	}
+
+	/* no conflicts - add it to the list of locks */
+	/* FIXME: a dbwrap_record_append() would help here! */
+	locks = talloc_array(locked, struct lock_struct, count+1);
+	if (!locks) {
+		status = NT_STATUS_NO_MEMORY;
+		goto fail;
+	}
+	if (dbuf.dsize > 0) {
+		memcpy(locks, dbuf.dptr, dbuf.dsize);
+	}
+	locks[count] = lock;
+
+	dbuf.dptr = (unsigned char *)locks;
+	dbuf.dsize += sizeof(lock);
+
+	status = dbwrap_record_store(locked, dbuf, TDB_REPLACE);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto fail;
+	}
+
+	talloc_free(locked);
+
+	/* the caller needs to know if the real lock was granted. If
+	   we have reached here then it must be a pending lock that
+	   was granted, so tell them the lock failed */
+	if (lock_type >= PENDING_READ_LOCK) {
+		return NT_STATUS_LOCK_NOT_GRANTED;
+	}
+
+	return NT_STATUS_OK;
+
+ fail:
+	talloc_free(locked);
+	return status;
+}
+
+
+/*
+  we are removing a lock that might be holding up a pending lock. Scan for pending
+  locks that cover this range and if we find any then notify the server that it should
+  retry the lock
+*/
+static void brl_tdb_notify_unlock(struct brl_context *brl,
+			      struct lock_struct *locks, int count, 
+			      struct lock_struct *removed_lock)
+{
+	int i, last_notice;
+
+	/* the last_notice logic is to prevent stampeding on a lock
+	   range. It prevents us sending hundreds of notifies on the
+	   same range of bytes. It doesn't prevent all possible
+	   stampedes, but it does prevent the most common problem */
+	last_notice = -1;
+
+	for (i=0;i<count;i++) {
+		if (locks[i].lock_type >= PENDING_READ_LOCK &&
+		    brl_tdb_overlap(&locks[i], removed_lock)) {
+			if (last_notice != -1 && brl_tdb_overlap(&locks[i], &locks[last_notice])) {
+				continue;
+			}
+			if (locks[i].lock_type == PENDING_WRITE_LOCK) {
+				last_notice = i;
+			}
+			imessaging_send_ptr(brl->imessaging_ctx, locks[i].context.server,
+					   MSG_BRL_RETRY, locks[i].notify_ptr);
+		}
+	}
+}
+
+
+/*
+  send notifications for all pending locks - the file is being closed by this
+  user
+*/
+static void brl_tdb_notify_all(struct brl_context *brl,
+			   struct lock_struct *locks, int count)
+{
+	int i;
+	for (i=0;i<count;i++) {
+		if (locks->lock_type >= PENDING_READ_LOCK) {
+			brl_tdb_notify_unlock(brl, locks, count, &locks[i]);
+		}
+	}
+}
+
+
+
+/*
+ Unlock a range of bytes.
+*/
+static NTSTATUS brl_tdb_unlock(struct brl_context *brl,
+			   struct brl_handle *brlh, 
+			   uint32_t smbpid,
+			   uint64_t start, uint64_t size)
+{
+	TDB_DATA kbuf, dbuf;
+	int count, i;
+	struct lock_struct *locks, *lock = NULL;
+	struct lock_context context;
+	struct db_record *locked;
+	NTSTATUS status;
+
+	kbuf.dptr = brlh->key.data;
+	kbuf.dsize = brlh->key.length;
+
+	if (brl_invalid_lock_range(start, size)) {
+		return NT_STATUS_INVALID_LOCK_RANGE;
+	}
+
+	locked = dbwrap_fetch_locked(brl->db, brl, kbuf);
+	if (!locked) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+	dbuf = dbwrap_record_get_value(locked);
+
+	context.smbpid = smbpid;
+	context.server = brl->server;
+	context.ctx = brl;
+
+	/* there are existing locks - find a match */
+	locks = (struct lock_struct *)dbuf.dptr;
+	count = dbuf.dsize / sizeof(*locks);
+
+	for (i=0; i<count; i++) {
+		lock = &locks[i];
+		if (brl_tdb_same_context(&lock->context, &context) &&
+		    lock->ntvfs == brlh->ntvfs &&
+		    lock->start == start &&
+		    lock->size == size &&
+		    lock->lock_type == WRITE_LOCK) {
+			break;
+		}
+	}
+	if (i < count) goto found;
+
+	for (i=0; i<count; i++) {
+		lock = &locks[i];
+		if (brl_tdb_same_context(&lock->context, &context) &&
+		    lock->ntvfs == brlh->ntvfs &&
+		    lock->start == start &&
+		    lock->size == size &&
+		    lock->lock_type < PENDING_READ_LOCK) {
+			break;
+		}
+	}
+
+found:
+	if (i < count) {
+		/* found it - delete it */
+		if (count == 1) {
+			status = dbwrap_record_delete(locked);
+			if (!NT_STATUS_IS_OK(status)) {
+				goto fail;
+			}
+		} else {
+			struct lock_struct removed_lock = *lock;
+			if (i < count-1) {
+				memmove(&locks[i], &locks[i+1], 
+					sizeof(*locks)*((count-1) - i));
+			}
+			count--;
+			
+			/* send notifications for any relevant pending locks */
+			brl_tdb_notify_unlock(brl, locks, count, &removed_lock);
+			
+			dbuf.dsize = count * sizeof(*locks);
+
+			status = dbwrap_record_store(locked, dbuf, TDB_REPLACE);
+			if (!NT_STATUS_IS_OK(status)) {
+				goto fail;
+			}
+		}
+
+		talloc_free(locked);
+		return NT_STATUS_OK;
+	}
+	
+	/* we didn't find it */
+	status = NT_STATUS_RANGE_NOT_LOCKED;
+
+ fail:
+	talloc_free(locked);
+	return status;
+}
+
+
+/*
+  remove a pending lock. This is called when the caller has either
+  given up trying to establish a lock or when they have succeeded in
+  getting it. In either case they no longer need to be notified.
+*/
+static NTSTATUS brl_tdb_remove_pending(struct brl_context *brl,
+				   struct brl_handle *brlh, 
+				   void *notify_ptr)
+{
+	TDB_DATA kbuf, dbuf;
+	int count, i;
+	struct lock_struct *locks;
+	NTSTATUS status;
+	struct db_record *locked;
+
+	kbuf.dptr = brlh->key.data;
+	kbuf.dsize = brlh->key.length;
+
+	locked = dbwrap_fetch_locked(brl->db, brl, kbuf);
+	if (!locked) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	dbuf = dbwrap_record_get_value(locked);
+	if (!dbuf.dptr) {
+		talloc_free(locked);
+		return NT_STATUS_RANGE_NOT_LOCKED;
+	}
+
+	/* there are existing locks - find a match */
+	locks = (struct lock_struct *)dbuf.dptr;
+	count = dbuf.dsize / sizeof(*locks);
+
+	for (i=0; i<count; i++) {
+		struct lock_struct *lock = &locks[i];
+		
+		if (lock->lock_type >= PENDING_READ_LOCK &&
+		    lock->notify_ptr == notify_ptr &&
+		    cluster_id_equal(&lock->context.server, &brl->server)) {
+			/* found it - delete it */
+			if (count == 1) {
+				status = dbwrap_record_delete(locked);
+				if (!NT_STATUS_IS_OK(status)) {
+					goto fail;
+				}
+			} else {
+				if (i < count-1) {
+					memmove(&locks[i], &locks[i+1], 
+						sizeof(*locks)*((count-1) - i));
+				}
+				count--;
+				dbuf.dsize = count * sizeof(*locks);
+				status = dbwrap_record_store(locked, dbuf,
+							     TDB_REPLACE);
+				if (!NT_STATUS_IS_OK(status)) {
+					goto fail;
+				}
+			}
+			
+			talloc_free(locked);
+			return NT_STATUS_OK;
+		}
+	}
+	
+	/* we didn't find it */
+	status = NT_STATUS_RANGE_NOT_LOCKED;
+
+ fail:
+	talloc_free(locked);
+	return status;
+}
+
+
+/*
+  Test if we are allowed to perform IO on a region of an open file
+*/
+static NTSTATUS brl_tdb_locktest(struct brl_context *brl,
+			     struct brl_handle *brlh,
+			     uint32_t smbpid, 
+			     uint64_t start, uint64_t size, 
+			     enum brl_type lock_type)
+{
+	TDB_DATA kbuf, dbuf;
+	int count, i;
+	struct lock_struct lock, *locks;
+	NTSTATUS status;
+
+	kbuf.dptr = brlh->key.data;
+	kbuf.dsize = brlh->key.length;
+
+	if (brl_invalid_lock_range(start, size)) {
+		return NT_STATUS_INVALID_LOCK_RANGE;
+	}
+
+	status = dbwrap_fetch(brl->db, brl, kbuf, &dbuf);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
+		return NT_STATUS_OK;
+	} else if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	lock.context.smbpid = smbpid;
+	lock.context.server = brl->server;
+	lock.context.ctx = brl;
+	lock.ntvfs = brlh->ntvfs;
+	lock.start = start;
+	lock.size = size;
+	lock.lock_type = lock_type;
+
+	/* there are existing locks - make sure they don't conflict */
+	locks = (struct lock_struct *)dbuf.dptr;
+	count = dbuf.dsize / sizeof(*locks);
+
+	for (i=0; i<count; i++) {
+		if (brl_tdb_conflict_other(&locks[i], &lock)) {
+			talloc_free(dbuf.dptr);
+			return NT_STATUS_FILE_LOCK_CONFLICT;
+		}
+	}
+
+	talloc_free(dbuf.dptr);
+	return NT_STATUS_OK;
+}
+
+
+/*
+ Remove any locks associated with a open file.
+*/
+static NTSTATUS brl_tdb_close(struct brl_context *brl,
+			  struct brl_handle *brlh)
+{
+	TDB_DATA kbuf, dbuf;
+	int count, i, dcount=0;
+	struct lock_struct *locks;
+	struct db_record *locked;
+	NTSTATUS status;
+
+	kbuf.dptr = brlh->key.data;
+	kbuf.dsize = brlh->key.length;
+
+	locked = dbwrap_fetch_locked(brl->db, brl, kbuf);
+	if (!locked) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+	dbuf = dbwrap_record_get_value(locked);
+	if (!dbuf.dptr) {
+		talloc_free(locked);
+		return NT_STATUS_OK;
+	}
+
+	/* there are existing locks - remove any for this fnum */
+	locks = (struct lock_struct *)dbuf.dptr;
+	count = dbuf.dsize / sizeof(*locks);
+
+	for (i=0; i<count; i++) {
+		struct lock_struct *lock = &locks[i];
+
+		if (lock->context.ctx == brl &&
+		    cluster_id_equal(&lock->context.server, &brl->server) &&
+		    lock->ntvfs == brlh->ntvfs) {
+			/* found it - delete it */
+			if (count > 1 && i < count-1) {
+				memmove(&locks[i], &locks[i+1], 
+					sizeof(*locks)*((count-1) - i));
+			}
+			count--;
+			i--;
+			dcount++;
+		}
+	}
+
+	status = NT_STATUS_OK;
+
+	if (count == 0) {
+		status = dbwrap_record_delete(locked);
+	} else if (dcount != 0) {
+		/* tell all pending lock holders for this file that
+		   they have a chance now. This is a bit indiscriminant,
+		   but works OK */
+		brl_tdb_notify_all(brl, locks, count);
+
+		dbuf.dsize = count * sizeof(*locks);
+
+		status = dbwrap_record_store(locked, dbuf, TDB_REPLACE);
+	}
+	talloc_free(locked);
+
+	return status;
+}
+
+static NTSTATUS brl_tdb_count(struct brl_context *brl, struct brl_handle *brlh,
+			      int *count)
+{
+	TDB_DATA kbuf, dbuf;
+	NTSTATUS status;
+
+	kbuf.dptr = brlh->key.data;
+	kbuf.dsize = brlh->key.length;
+	*count = 0;
+
+	status = dbwrap_fetch(brl->db, brl, kbuf, &dbuf);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
+		return NT_STATUS_OK;
+	} else if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+	*count = dbuf.dsize / sizeof(struct lock_struct);
+
+	talloc_free(dbuf.dptr);
+
+	return NT_STATUS_OK;
+}
+
+static const struct brlock_ops brlock_tdb_ops = {
+	.brl_init           = brl_tdb_init,
+	.brl_create_handle  = brl_tdb_create_handle,
+	.brl_lock           = brl_tdb_lock,
+	.brl_unlock         = brl_tdb_unlock,
+	.brl_remove_pending = brl_tdb_remove_pending,
+	.brl_locktest       = brl_tdb_locktest,
+	.brl_close          = brl_tdb_close,
+	.brl_count          = brl_tdb_count
+};
+
+
+void brl_tdb_init_ops(void)
+{
+	brlock_set_ops(&brlock_tdb_ops);
+}
diff --git a/source4/ntvfs/common/init.c b/source4/ntvfs/common/init.c
new file mode 100644
index 0000000..f8f8e27
--- /dev/null
+++ b/source4/ntvfs/common/init.c
@@ -0,0 +1,34 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Stefan Metzmacher 2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+  this is the change notify database. It implements mechanisms for
+  storing current change notify waiters in a tdb, and checking if a
+  given event matches any of the stored notify waiiters.
+*/
+
+#include "includes.h"
+#include "ntvfs/sysdep/sys_notify.h"
+
+NTSTATUS ntvfs_common_init(void);
+
+NTSTATUS ntvfs_common_init(void)
+{
+	return sys_notify_init();
+}
diff --git a/source4/ntvfs/common/notify.c b/source4/ntvfs/common/notify.c
new file mode 100644
index 0000000..a434fab
--- /dev/null
+++ b/source4/ntvfs/common/notify.c
@@ -0,0 +1,687 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Andrew Tridgell 2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+  this is the change notify database. It implements mechanisms for
+  storing current change notify waiters in a tdb, and checking if a
+  given event matches any of the stored notify waiiters.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "messaging/messaging.h"
+#include "lib/messaging/irpc.h"
+#include "librpc/gen_ndr/ndr_notify.h"
+#include "../lib/util/dlinklist.h"
+#include "ntvfs/common/ntvfs_common.h"
+#include "ntvfs/sysdep/sys_notify.h"
+#include "cluster/cluster.h"
+#include "param/param.h"
+#include "lib/util/tsort.h"
+#include "lib/dbwrap/dbwrap.h"
+#include "../lib/util/util_tdb.h"
+
+struct notify_context {
+	struct db_context *db;
+	struct server_id server;
+	struct imessaging_context *imessaging_ctx;
+	struct notify_list *list;
+	struct notify_array *array;
+	int64_t seqnum;
+	struct sys_notify_context *sys_notify_ctx;
+};
+
+
+struct notify_list {
+	struct notify_list *next, *prev;
+	void *private_data;
+	void (*callback)(void *, const struct notify_event *);
+	void *sys_notify_handle;
+	int depth;
+};
+
+#define NOTIFY_KEY "notify array"
+
+#define NOTIFY_ENABLE		"notify:enable"
+#define NOTIFY_ENABLE_DEFAULT	true
+
+static NTSTATUS notify_remove_all(struct notify_context *notify);
+static void notify_handler(struct imessaging_context *msg_ctx,
+			   void *private_data,
+			   uint32_t msg_type,
+			   struct server_id server_id,
+			   size_t num_fds,
+			   int *fds,
+			   DATA_BLOB *data);
+
+/*
+  destroy the notify context
+*/
+static int notify_destructor(struct notify_context *notify)
+{
+	imessaging_deregister(notify->imessaging_ctx, MSG_PVFS_NOTIFY, notify);
+	notify_remove_all(notify);
+	return 0;
+}
+
+/*
+  Open up the notify.tdb database. You should close it down using
+  talloc_free(). We need the imessaging_ctx to allow for notifications
+  via internal messages
+*/
+struct notify_context *notify_init(TALLOC_CTX *mem_ctx, struct server_id server, 
+				   struct imessaging_context *imessaging_ctx,
+				   struct loadparm_context *lp_ctx,
+				   struct tevent_context *ev,
+				   struct share_config *scfg)
+{
+	struct notify_context *notify;
+
+	if (share_bool_option(scfg, NOTIFY_ENABLE, NOTIFY_ENABLE_DEFAULT) != true) {
+		return NULL;
+	}
+
+	if (ev == NULL) {
+		return NULL;
+	}
+
+	notify = talloc(mem_ctx, struct notify_context);
+	if (notify == NULL) {
+		return NULL;
+	}
+
+	notify->db = cluster_db_tmp_open(notify, lp_ctx, "notify", TDB_SEQNUM);
+	if (notify->db == NULL) {
+		talloc_free(notify);
+		return NULL;
+	}
+
+	notify->server = server;
+	notify->imessaging_ctx = imessaging_ctx;
+	notify->list = NULL;
+	notify->array = NULL;
+	notify->seqnum = dbwrap_get_seqnum(notify->db);
+
+	talloc_set_destructor(notify, notify_destructor);
+
+	/* register with the messaging subsystem for the notify
+	   message type */
+	imessaging_register(notify->imessaging_ctx, notify,
+			   MSG_PVFS_NOTIFY, notify_handler);
+
+	notify->sys_notify_ctx = sys_notify_context_create(scfg, notify, ev);
+
+	return notify;
+}
+
+
+/*
+  lock the notify db
+*/
+static struct db_record *notify_lock(struct notify_context *notify)
+{
+	TDB_DATA key = string_term_tdb_data(NOTIFY_KEY);
+
+	return dbwrap_fetch_locked(notify->db, notify, key);
+}
+
+static void notify_unlock(struct db_record *lock)
+{
+	talloc_free(lock);
+}
+
+/*
+  load the notify array
+*/
+static NTSTATUS notify_load(struct notify_context *notify)
+{
+	TDB_DATA dbuf;
+	DATA_BLOB blob;
+	enum ndr_err_code ndr_err;
+	int seqnum;
+	NTSTATUS status;
+
+	seqnum = dbwrap_get_seqnum(notify->db);
+
+	if (seqnum == notify->seqnum && notify->array != NULL) {
+		return NT_STATUS_OK;
+	}
+
+	notify->seqnum = seqnum;
+
+	talloc_free(notify->array);
+	notify->array = talloc_zero(notify, struct notify_array);
+	NT_STATUS_HAVE_NO_MEMORY(notify->array);
+
+	status = dbwrap_fetch_bystring(notify->db, notify, NOTIFY_KEY, &dbuf);
+	if (!NT_STATUS_IS_OK(status)) {
+		return NT_STATUS_OK;
+	}
+
+	blob.data = dbuf.dptr;
+	blob.length = dbuf.dsize;
+
+	ndr_err = ndr_pull_struct_blob(&blob, notify->array, notify->array,
+				       (ndr_pull_flags_fn_t)ndr_pull_notify_array);
+	talloc_free(dbuf.dptr);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  compare notify entries for sorting
+*/
+static int notify_compare(const void *p1, const void *p2)
+{
+	const struct notify_entry *e1 = p1, *e2 = p2;
+	return strcmp(e1->path, e2->path);
+}
+
+/*
+  save the notify array
+*/
+static NTSTATUS notify_save(struct notify_context *notify)
+{
+	TDB_DATA dbuf;
+	DATA_BLOB blob;
+	enum ndr_err_code ndr_err;
+	TALLOC_CTX *tmp_ctx;
+	NTSTATUS status;
+
+	/* if possible, remove some depth arrays */
+	while (notify->array->num_depths > 0 &&
+	       notify->array->depth[notify->array->num_depths-1].num_entries == 0) {
+		notify->array->num_depths--;
+	}
+
+	/* we might just be able to delete the record */
+	if (notify->array->num_depths == 0) {
+		return dbwrap_delete_bystring(notify->db, NOTIFY_KEY);
+	}
+
+	tmp_ctx = talloc_new(notify);
+	NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
+
+	ndr_err = ndr_push_struct_blob(&blob, tmp_ctx, notify->array,
+				       (ndr_push_flags_fn_t)ndr_push_notify_array);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(tmp_ctx);
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+
+	dbuf.dptr = blob.data;
+	dbuf.dsize = blob.length;
+
+	status = dbwrap_store_bystring(notify->db, NOTIFY_KEY, dbuf,
+				       TDB_REPLACE);
+	talloc_free(tmp_ctx);
+	return status;
+}
+
+
+/*
+  handle incoming notify messages
+*/
+static void notify_handler(struct imessaging_context *msg_ctx,
+			   void *private_data,
+			   uint32_t msg_type,
+			   struct server_id server_id,
+			   size_t num_fds,
+			   int *fds,
+			   DATA_BLOB *data)
+{
+	struct notify_context *notify = talloc_get_type(private_data, struct notify_context);
+	enum ndr_err_code ndr_err;
+	struct notify_event ev;
+	TALLOC_CTX *tmp_ctx = talloc_new(notify);
+	struct notify_list *listel;
+
+	if (num_fds != 0) {
+		DBG_WARNING("Received %zu fds, ignoring message\n", num_fds);
+		return;
+	}
+
+	if (tmp_ctx == NULL) {
+		return;
+	}
+
+	ndr_err = ndr_pull_struct_blob(data, tmp_ctx, &ev,
+				      (ndr_pull_flags_fn_t)ndr_pull_notify_event);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(tmp_ctx);
+		return;
+	}
+
+	for (listel=notify->list;listel;listel=listel->next) {
+		if (listel->private_data == ev.private_data) {
+			listel->callback(listel->private_data, &ev);
+			break;
+		}
+	}
+
+	talloc_free(tmp_ctx);	
+}
+
+/*
+  callback from sys_notify telling us about changes from the OS
+*/
+static void sys_notify_callback(struct sys_notify_context *ctx, 
+				void *ptr, struct notify_event *ev)
+{
+	struct notify_list *listel = talloc_get_type(ptr, struct notify_list);
+	ev->private_data = listel;
+	listel->callback(listel->private_data, ev);
+}
+
+/*
+  add an entry to the notify array
+*/
+static NTSTATUS notify_add_array(struct notify_context *notify, struct notify_entry *e,
+				 void *private_data, int depth)
+{
+	int i;
+	struct notify_depth *d;
+	struct notify_entry *ee;
+
+	/* possibly expand the depths array */
+	if (depth >= notify->array->num_depths) {
+		d = talloc_realloc(notify->array, notify->array->depth, 
+				   struct notify_depth, depth+1);
+		NT_STATUS_HAVE_NO_MEMORY(d);
+		for (i=notify->array->num_depths;i<=depth;i++) {
+			ZERO_STRUCT(d[i]);
+		}
+		notify->array->depth = d;
+		notify->array->num_depths = depth+1;
+	}
+	d = &notify->array->depth[depth];
+
+	/* expand the entries array */
+	ee = talloc_realloc(notify->array->depth, d->entries, struct notify_entry,
+			    d->num_entries+1);
+	NT_STATUS_HAVE_NO_MEMORY(ee);
+	d->entries = ee;
+
+	d->entries[d->num_entries] = *e;
+	d->entries[d->num_entries].private_data = private_data;
+	d->entries[d->num_entries].server = notify->server;
+	d->entries[d->num_entries].path_len = strlen(e->path);
+	d->num_entries++;
+
+	d->max_mask |= e->filter;
+	d->max_mask_subdir |= e->subdir_filter;
+
+	TYPESAFE_QSORT(d->entries, d->num_entries, notify_compare);
+
+	/* recalculate the maximum masks */
+	d->max_mask = 0;
+	d->max_mask_subdir = 0;
+
+	for (i=0;i<d->num_entries;i++) {
+		d->max_mask |= d->entries[i].filter;
+		d->max_mask_subdir |= d->entries[i].subdir_filter;
+	}
+
+	return notify_save(notify);
+}
+
+/*
+  add a notify watch. This is called when a notify is first setup on a open
+  directory handle.
+*/
+NTSTATUS notify_add(struct notify_context *notify, struct notify_entry *e0,
+		    void (*callback)(void *, const struct notify_event *), 
+		    void *private_data)
+{
+	struct notify_entry e = *e0;
+	NTSTATUS status;
+	char *tmp_path = NULL;
+	struct notify_list *listel;
+	size_t len;
+	int depth;
+	struct db_record *locked;
+
+	/* see if change notify is enabled at all */
+	if (notify == NULL) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	locked = notify_lock(notify);
+	if (!locked) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	status = notify_load(notify);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
+
+	/* cope with /. on the end of the path */
+	len = strlen(e.path);
+	if (len > 1 && e.path[len-1] == '.' && e.path[len-2] == '/') {
+		tmp_path = talloc_strndup(notify, e.path, len-2);
+		if (tmp_path == NULL) {
+			status = NT_STATUS_NO_MEMORY;
+			goto done;
+		}
+		e.path = tmp_path;
+	}
+
+	depth = count_chars(e.path, '/');
+
+	listel = talloc_zero(notify, struct notify_list);
+	if (listel == NULL) {
+		status = NT_STATUS_NO_MEMORY;
+		goto done;
+	}
+
+	listel->private_data = private_data;
+	listel->callback = callback;
+	listel->depth = depth;
+	DLIST_ADD(notify->list, listel);
+
+	/* ignore failures from sys_notify */
+	if (notify->sys_notify_ctx != NULL) {
+		/*
+		  this call will modify e.filter and e.subdir_filter
+		  to remove bits handled by the backend
+		*/
+		status = sys_notify_watch(notify->sys_notify_ctx, &e,
+					  sys_notify_callback, listel, 
+					  &listel->sys_notify_handle);
+		if (NT_STATUS_IS_OK(status)) {
+			talloc_steal(listel, listel->sys_notify_handle);
+		}
+	}
+
+	/* if the system notify handler couldn't handle some of the
+	   filter bits, or couldn't handle a request for recursion
+	   then we need to install it in the array used for the
+	   intra-samba notify handling */
+	if (e.filter != 0 || e.subdir_filter != 0) {
+		status = notify_add_array(notify, &e, private_data, depth);
+	}
+
+done:
+	notify_unlock(locked);
+	talloc_free(tmp_path);
+
+	return status;
+}
+
+/*
+  remove a notify watch. Called when the directory handle is closed
+*/
+NTSTATUS notify_remove(struct notify_context *notify, void *private_data)
+{
+	NTSTATUS status;
+	struct notify_list *listel;
+	int i, depth;
+	struct notify_depth *d;
+	struct db_record *locked;
+
+	/* see if change notify is enabled at all */
+	if (notify == NULL) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	for (listel=notify->list;listel;listel=listel->next) {
+		if (listel->private_data == private_data) {
+			DLIST_REMOVE(notify->list, listel);
+			break;
+		}
+	}
+	if (listel == NULL) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	depth = listel->depth;
+
+	talloc_free(listel);
+
+	locked = notify_lock(notify);
+	if (!locked) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	status = notify_load(notify);
+	if (!NT_STATUS_IS_OK(status)) {
+		notify_unlock(locked);
+		return status;
+	}
+
+	if (depth >= notify->array->num_depths) {
+		notify_unlock(locked);
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	/* we only have to search at the depth of this element */
+	d = &notify->array->depth[depth];
+
+	for (i=0;i<d->num_entries;i++) {
+		if (private_data == d->entries[i].private_data &&
+		    cluster_id_equal(&notify->server, &d->entries[i].server)) {
+			break;
+		}
+	}
+	if (i == d->num_entries) {
+		notify_unlock(locked);
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	if (i < d->num_entries-1) {
+		memmove(&d->entries[i], &d->entries[i+1], 
+			sizeof(d->entries[i])*(d->num_entries-(i+1)));
+	}
+	d->num_entries--;
+
+	status = notify_save(notify);
+
+	notify_unlock(locked);
+
+	return status;
+}
+
+/*
+  remove all notify watches for this messaging server
+*/
+static NTSTATUS notify_remove_all(struct notify_context *notify)
+{
+	NTSTATUS status;
+	int i, depth, del_count=0;
+	struct db_record *locked;
+
+	if (notify->list == NULL) {
+		return NT_STATUS_OK;
+	}
+
+	locked = notify_lock(notify);
+	if (!locked) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	status = notify_load(notify);
+	if (!NT_STATUS_IS_OK(status)) {
+		notify_unlock(locked);
+		return status;
+	}
+
+	/* we have to search for all entries across all depths, looking for matches
+	   for our server id */
+	for (depth=0;depth<notify->array->num_depths;depth++) {
+		struct notify_depth *d = &notify->array->depth[depth];
+		for (i=0;i<d->num_entries;i++) {
+			if (cluster_id_equal(&notify->server, &d->entries[i].server)) {
+				if (i < d->num_entries-1) {
+					memmove(&d->entries[i], &d->entries[i+1], 
+						sizeof(d->entries[i])*(d->num_entries-(i+1)));
+				}
+				i--;
+				d->num_entries--;
+				del_count++;
+			}
+		}
+	}
+
+	if (del_count > 0) {
+		status = notify_save(notify);
+	}
+
+	notify_unlock(locked);
+
+	return status;
+}
+
+
+/*
+  send a notify message to another messaging server
+*/
+static void notify_send(struct notify_context *notify, struct notify_entry *e,
+			const char *path, uint32_t action)
+{
+	struct notify_event ev;
+	DATA_BLOB data;
+	NTSTATUS status;
+	enum ndr_err_code ndr_err;
+	TALLOC_CTX *tmp_ctx;
+
+	ev.action = action;
+	ev.dir = discard_const_p(char, "");
+	ev.path = path;
+	ev.private_data = e->private_data;
+
+	tmp_ctx = talloc_new(notify);
+
+	ndr_err = ndr_push_struct_blob(&data, tmp_ctx, &ev, (ndr_push_flags_fn_t)ndr_push_notify_event);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(tmp_ctx);
+		return;
+	}
+
+	status = imessaging_send(notify->imessaging_ctx, e->server,
+				MSG_PVFS_NOTIFY, &data);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(tmp_ctx);
+		return;
+	}
+
+	talloc_free(tmp_ctx);
+}
+
+
+/*
+  trigger a notify message for anyone waiting on a matching event
+
+  This function is called a lot, and needs to be very fast. The unusual data structure
+  and traversal is designed to be fast in the average case, even for large numbers of
+  notifies
+*/
+void notify_trigger(struct notify_context *notify,
+		    uint32_t action, uint32_t filter, const char *path)
+{
+	NTSTATUS status;
+	int depth;
+	const char *p, *next_p;
+
+	/* see if change notify is enabled at all */
+	if (notify == NULL) {
+		return;
+	}
+
+	status = notify_load(notify);
+	if (!NT_STATUS_IS_OK(status)) {
+		return;
+	}
+
+	/* loop along the given path, working with each directory depth separately */
+	for (depth=0,p=path;
+	     p && depth < notify->array->num_depths;
+	     p=next_p,depth++) {
+		int p_len = p - path;
+		int min_i, max_i, i;
+		struct notify_depth *d = &notify->array->depth[depth];
+		next_p = strchr(p+1, '/');
+
+		/* see if there are any entries at this depth */
+		if (d->num_entries == 0) continue;
+		
+		/* try to skip based on the maximum mask. If next_p is
+		 NULL then we know it will be a 'this directory'
+		 match, otherwise it must be a subdir match */
+		if (next_p != NULL) {
+			if (0 == (filter & d->max_mask_subdir)) {
+				continue;
+			}
+		} else {
+			if (0 == (filter & d->max_mask)) {
+				continue;
+			}
+		}
+
+		/* we know there is an entry here worth looking
+		 for. Use a bisection search to find the first entry
+		 with a matching path */
+		min_i = 0;
+		max_i = d->num_entries-1;
+
+		while (min_i < max_i) {
+			struct notify_entry *e;
+			int cmp;
+			i = (min_i+max_i)/2;
+			e = &d->entries[i];
+			cmp = strncmp(path, e->path, p_len);
+			if (cmp == 0) {
+				if (p_len == e->path_len) {
+					max_i = i;
+				} else {
+					max_i = i-1;
+				}
+			} else if (cmp < 0) {
+				max_i = i-1;
+			} else {
+				min_i = i+1;
+			}
+		}
+
+		if (min_i != max_i) {
+			/* none match */
+			continue;
+		}
+
+		/* we now know that the entries start at min_i */
+		for (i=min_i;i<d->num_entries;i++) {
+			struct notify_entry *e = &d->entries[i];
+			if (p_len != e->path_len ||
+			    strncmp(path, e->path, p_len) != 0) break;
+			if (next_p != NULL) {
+				if (0 == (filter & e->subdir_filter)) {
+					continue;
+				}
+			} else {
+				if (0 == (filter & e->filter)) {
+					continue;
+				}
+			}
+			notify_send(notify, e, path + e->path_len + 1, action);
+		}
+	}
+}
diff --git a/source4/ntvfs/common/ntvfs_common.h b/source4/ntvfs/common/ntvfs_common.h
new file mode 100644
index 0000000..37dd553
--- /dev/null
+++ b/source4/ntvfs/common/ntvfs_common.h
@@ -0,0 +1,32 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Stefan Metzmacher 2007
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _NTVFS_COMMON_H_
+#define _NTVFS_COMMON_H_
+
+#include "ntvfs/ntvfs.h"
+
+struct notify_event;
+struct notify_entry;
+
+#include "ntvfs/common/brlock.h"
+#include "ntvfs/common/opendb.h"
+#include "ntvfs/common/proto.h"
+
+#endif /* _NTVFS_COMMON_H_ */
diff --git a/source4/ntvfs/common/opendb.c b/source4/ntvfs/common/opendb.c
new file mode 100644
index 0000000..29081ef
--- /dev/null
+++ b/source4/ntvfs/common/opendb.c
@@ -0,0 +1,200 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Andrew Tridgell 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+  this is the open files database. It implements shared storage of
+  what files are open between server instances, and implements the rules
+  of shared access to files.
+
+  The caller needs to provide a file_key, which specifies what file
+  they are talking about. This needs to be a unique key across all
+  filesystems, and is usually implemented in terms of a device/inode
+  pair.
+
+  Before any operations can be performed the caller needs to establish
+  a lock on the record associated with file_key. That is done by
+  calling odb_lock(). The caller releases this lock by calling
+  talloc_free() on the returned handle.
+
+  All other operations on a record are done by passing the odb_lock()
+  handle back to this module. The handle contains internal
+  information about what file_key is being operated on.
+*/
+
+#include "includes.h"
+#include "ntvfs/ntvfs.h"
+#include "ntvfs/common/ntvfs_common.h"
+#include "cluster/cluster.h"
+#include "param/param.h"
+
+static const struct opendb_ops *ops;
+
+/*
+  set the odb backend ops
+*/
+void odb_set_ops(const struct opendb_ops *new_ops)
+{
+	ops = new_ops;
+}
+
+/*
+  Open up the openfiles.tdb database. Close it down using
+  talloc_free(). We need the imessaging_ctx to allow for pending open
+  notifications.
+*/
+struct odb_context *odb_init(TALLOC_CTX *mem_ctx, 
+				      struct ntvfs_context *ntvfs_ctx)
+{
+	if (ops == NULL) {
+		odb_tdb_init_ops();
+	}
+	return ops->odb_init(mem_ctx, ntvfs_ctx);
+}
+
+/*
+  get a lock on a entry in the odb. This call returns a lock handle,
+  which the caller should unlock using talloc_free().
+*/
+struct odb_lock *odb_lock(TALLOC_CTX *mem_ctx,
+				   struct odb_context *odb, DATA_BLOB *file_key)
+{
+	return ops->odb_lock(mem_ctx, odb, file_key);
+}
+
+DATA_BLOB odb_get_key(TALLOC_CTX *mem_ctx, struct odb_lock *lck)
+{
+	return ops->odb_get_key(mem_ctx, lck);
+}
+
+/*
+  register an open file in the open files database.
+  The share_access rules are implemented by odb_can_open()
+  and it's needed to call odb_can_open() before
+  odb_open_file() otherwise NT_STATUS_INTERNAL_ERROR is returned
+
+  Note that the path is only used by the delete on close logic, not
+  for comparing with other filenames
+*/
+NTSTATUS odb_open_file(struct odb_lock *lck,
+				void *file_handle, const char *path,
+				int *fd, NTTIME open_write_time,
+				bool allow_level_II_oplock,
+				uint32_t oplock_level, uint32_t *oplock_granted)
+{
+	return ops->odb_open_file(lck, file_handle, path,
+				  fd, open_write_time,
+				  allow_level_II_oplock,
+				  oplock_level, oplock_granted);
+}
+
+
+/*
+  register a pending open file in the open files database
+*/
+NTSTATUS odb_open_file_pending(struct odb_lock *lck, void *private_data)
+{
+	return ops->odb_open_file_pending(lck, private_data);
+}
+
+
+/*
+  remove a opendb entry
+*/
+NTSTATUS odb_close_file(struct odb_lock *lck, void *file_handle,
+				 const char **delete_path)
+{
+	return ops->odb_close_file(lck, file_handle, delete_path);
+}
+
+
+/*
+  remove a pending opendb entry
+*/
+NTSTATUS odb_remove_pending(struct odb_lock *lck, void *private_data)
+{
+	return ops->odb_remove_pending(lck, private_data);
+}
+
+
+/*
+  rename the path in a open file
+*/
+NTSTATUS odb_rename(struct odb_lock *lck, const char *path)
+{
+	return ops->odb_rename(lck, path);
+}
+
+/*
+  get back the path of an open file
+*/
+NTSTATUS odb_get_path(struct odb_lock *lck, const char **path)
+{
+	return ops->odb_get_path(lck, path);
+}
+
+/*
+  update delete on close flag on an open file
+*/
+NTSTATUS odb_set_delete_on_close(struct odb_lock *lck, bool del_on_close)
+{
+	return ops->odb_set_delete_on_close(lck, del_on_close);
+}
+
+/*
+  update the write time on an open file
+*/
+NTSTATUS odb_set_write_time(struct odb_lock *lck,
+			    NTTIME write_time, bool force)
+{
+	return ops->odb_set_write_time(lck, write_time, force);
+}
+
+/*
+  return the current value of the delete_on_close bit,
+  and the current write time.
+*/
+NTSTATUS odb_get_file_infos(struct odb_context *odb, DATA_BLOB *key,
+			    bool *del_on_close, NTTIME *write_time)
+{
+	return ops->odb_get_file_infos(odb, key, del_on_close, write_time);
+}
+
+/*
+  determine if a file can be opened with the given share_access,
+  create_options and access_mask
+*/
+NTSTATUS odb_can_open(struct odb_lock *lck,
+			       uint32_t stream_id, uint32_t share_access,
+			       uint32_t access_mask, bool delete_on_close,
+			       uint32_t open_disposition, bool break_to_none)
+{
+	return ops->odb_can_open(lck, stream_id, share_access, access_mask,
+				 delete_on_close, open_disposition, break_to_none);
+}
+
+NTSTATUS odb_update_oplock(struct odb_lock *lck, void *file_handle,
+				    uint32_t oplock_level)
+{
+	return ops->odb_update_oplock(lck, file_handle, oplock_level);
+}
+
+NTSTATUS odb_break_oplocks(struct odb_lock *lck)
+{
+	return ops->odb_break_oplocks(lck);
+}
diff --git a/source4/ntvfs/common/opendb.h b/source4/ntvfs/common/opendb.h
new file mode 100644
index 0000000..1bfc6aa
--- /dev/null
+++ b/source4/ntvfs/common/opendb.h
@@ -0,0 +1,59 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   open database code - common include
+
+   Copyright (C) Andrew Tridgell 2007
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+struct opendb_ops {
+	struct odb_context *(*odb_init)(TALLOC_CTX *mem_ctx, 
+					struct ntvfs_context *ntvfs_ctx);
+	struct odb_lock *(*odb_lock)(TALLOC_CTX *mem_ctx,
+				     struct odb_context *odb, DATA_BLOB *file_key);
+	DATA_BLOB (*odb_get_key)(TALLOC_CTX *mem_ctx, struct odb_lock *lck);
+	NTSTATUS (*odb_open_file)(struct odb_lock *lck,
+				  void *file_handle, const char *path,
+				  int *fd, NTTIME open_write_time,
+				  bool allow_level_II_oplock,
+				  uint32_t oplock_level, uint32_t *oplock_granted);
+	NTSTATUS (*odb_open_file_pending)(struct odb_lock *lck, void *private_data);
+	NTSTATUS (*odb_close_file)(struct odb_lock *lck, void *file_handle,
+				   const char **delete_path);
+	NTSTATUS (*odb_remove_pending)(struct odb_lock *lck, void *private_data);
+	NTSTATUS (*odb_rename)(struct odb_lock *lck, const char *path);
+	NTSTATUS (*odb_get_path)(struct odb_lock *lck, const char **path);
+	NTSTATUS (*odb_set_delete_on_close)(struct odb_lock *lck, bool del_on_close);
+	NTSTATUS (*odb_set_write_time)(struct odb_lock *lck,
+				       NTTIME write_time, bool force);
+	NTSTATUS (*odb_get_file_infos)(struct odb_context *odb, DATA_BLOB *key,
+				       bool *del_on_close, NTTIME *write_time);
+	NTSTATUS (*odb_can_open)(struct odb_lock *lck,
+				 uint32_t stream_id, uint32_t share_access,
+				 uint32_t access_mask, bool delete_on_close,
+				 uint32_t open_disposition, bool break_to_none);
+	NTSTATUS (*odb_update_oplock)(struct odb_lock *lck, void *file_handle,
+				      uint32_t oplock_level);
+	NTSTATUS (*odb_break_oplocks)(struct odb_lock *lck);
+};
+
+struct opendb_oplock_break {
+	void *file_handle;
+	uint8_t level;
+};
+
+void odb_set_ops(const struct opendb_ops *new_ops);
+void odb_tdb_init_ops(void);
diff --git a/source4/ntvfs/common/opendb_tdb.c b/source4/ntvfs/common/opendb_tdb.c
new file mode 100644
index 0000000..9fe0b26
--- /dev/null
+++ b/source4/ntvfs/common/opendb_tdb.c
@@ -0,0 +1,886 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Andrew Tridgell 2004
+   Copyright (C) Stefan Metzmacher 2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+  this is the open files database, tdb backend. It implements shared
+  storage of what files are open between server instances, and
+  implements the rules of shared access to files.
+
+  The caller needs to provide a file_key, which specifies what file
+  they are talking about. This needs to be a unique key across all
+  filesystems, and is usually implemented in terms of a device/inode
+  pair.
+
+  Before any operations can be performed the caller needs to establish
+  a lock on the record associated with file_key. That is done by
+  calling odb_lock(). The caller releases this lock by calling
+  talloc_free() on the returned handle.
+
+  All other operations on a record are done by passing the odb_lock()
+  handle back to this module. The handle contains internal
+  information about what file_key is being operated on.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "lib/dbwrap/dbwrap.h"
+#include "messaging/messaging.h"
+#include "lib/messaging/irpc.h"
+#include "librpc/gen_ndr/ndr_opendb.h"
+#include "ntvfs/ntvfs.h"
+#include "ntvfs/common/ntvfs_common.h"
+#include "cluster/cluster.h"
+#include "param/param.h"
+#include "ntvfs/sysdep/sys_lease.h"
+
+struct odb_context {
+	struct db_context *db;
+	struct ntvfs_context *ntvfs_ctx;
+	bool oplocks;
+	struct sys_lease_context *lease_ctx;
+};
+
+/*
+  an odb lock handle. You must obtain one of these using odb_lock() before doing
+  any other operations. 
+*/
+struct odb_lock {
+	struct odb_context *odb;
+	struct db_record *locked;
+
+	struct opendb_file file;
+
+	struct {
+		struct opendb_entry *e;
+		bool attrs_only;
+	} can_open;
+};
+
+static NTSTATUS odb_oplock_break_send(struct imessaging_context *msg_ctx,
+				      struct opendb_entry *e,
+				      uint8_t level);
+
+/*
+  Open up the openfiles.tdb database. Close it down using
+  talloc_free(). We need the imessaging_ctx to allow for pending open
+  notifications.
+*/
+static struct odb_context *odb_tdb_init(TALLOC_CTX *mem_ctx, 
+					struct ntvfs_context *ntvfs_ctx)
+{
+	struct odb_context *odb;
+
+	odb = talloc(mem_ctx, struct odb_context);
+	if (odb == NULL) {
+		return NULL;
+	}
+
+	odb->db = cluster_db_tmp_open(odb, ntvfs_ctx->lp_ctx,
+				      "openfiles", TDB_DEFAULT);
+	if (odb->db == NULL) {
+		talloc_free(odb);
+		return NULL;
+	}
+
+	odb->ntvfs_ctx = ntvfs_ctx;
+
+	odb->oplocks = share_bool_option(ntvfs_ctx->config, SHARE_OPLOCKS, SHARE_OPLOCKS_DEFAULT);
+
+	odb->lease_ctx = sys_lease_context_create(ntvfs_ctx->config, odb,
+						  ntvfs_ctx->event_ctx,
+						  ntvfs_ctx->msg_ctx,
+						  odb_oplock_break_send);
+
+	return odb;
+}
+
+static NTSTATUS odb_pull_record(struct odb_lock *lck, struct opendb_file *file);
+
+/*
+  get a lock on a entry in the odb. This call returns a lock handle,
+  which the caller should unlock using talloc_free().
+*/
+static struct odb_lock *odb_tdb_lock(TALLOC_CTX *mem_ctx,
+				     struct odb_context *odb, DATA_BLOB *file_key)
+{
+	struct odb_lock *lck;
+	NTSTATUS status;
+	TDB_DATA key;
+
+	lck = talloc(mem_ctx, struct odb_lock);
+	if (lck == NULL) {
+		return NULL;
+	}
+
+	lck->odb = talloc_reference(lck, odb);
+	key.dptr = talloc_memdup(lck, file_key->data, file_key->length);
+	key.dsize = file_key->length;
+	if (key.dptr == NULL) {
+		talloc_free(lck);
+		return NULL;
+	}
+
+	lck->locked = dbwrap_fetch_locked(odb->db, lck, key);
+	if (!lck->locked) {
+		talloc_free(lck);
+		return NULL;
+	}
+
+	ZERO_STRUCT(lck->can_open);
+
+	status = odb_pull_record(lck, &lck->file);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+		/* initialise a blank structure */
+		ZERO_STRUCT(lck->file);
+	} else if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(lck);
+		return NULL;
+	}
+	
+	return lck;
+}
+
+static DATA_BLOB odb_tdb_get_key(TALLOC_CTX *mem_ctx, struct odb_lock *lck)
+{
+	TDB_DATA key = dbwrap_record_get_key(lck->locked);
+	return data_blob_talloc(mem_ctx, key.dptr, key.dsize);
+}
+
+
+/*
+  determine if two odb_entry structures conflict
+
+  return NT_STATUS_OK on no conflict
+*/
+static NTSTATUS share_conflict(struct opendb_entry *e1,
+			       uint32_t stream_id,
+			       uint32_t share_access,
+			       uint32_t access_mask)
+{
+	/* if either open involves no read.write or delete access then
+	   it can't conflict */
+	if (!(e1->access_mask & (SEC_FILE_WRITE_DATA |
+				 SEC_FILE_APPEND_DATA |
+				 SEC_FILE_READ_DATA |
+				 SEC_FILE_EXECUTE |
+				 SEC_STD_DELETE))) {
+		return NT_STATUS_OK;
+	}
+	if (!(access_mask & (SEC_FILE_WRITE_DATA |
+			     SEC_FILE_APPEND_DATA |
+			     SEC_FILE_READ_DATA |
+			     SEC_FILE_EXECUTE |
+			     SEC_STD_DELETE))) {
+		return NT_STATUS_OK;
+	}
+
+	/* data IO access masks. This is skipped if the two open handles
+	   are on different streams (as in that case the masks don't
+	   interact) */
+	if (e1->stream_id != stream_id) {
+		return NT_STATUS_OK;
+	}
+
+#define CHECK_MASK(am, right, sa, share) \
+	if (((am) & (right)) && !((sa) & (share))) return NT_STATUS_SHARING_VIOLATION
+
+	CHECK_MASK(e1->access_mask, SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA,
+		   share_access, NTCREATEX_SHARE_ACCESS_WRITE);
+	CHECK_MASK(access_mask, SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA,
+		   e1->share_access, NTCREATEX_SHARE_ACCESS_WRITE);
+	
+	CHECK_MASK(e1->access_mask, SEC_FILE_READ_DATA | SEC_FILE_EXECUTE,
+		   share_access, NTCREATEX_SHARE_ACCESS_READ);
+	CHECK_MASK(access_mask, SEC_FILE_READ_DATA | SEC_FILE_EXECUTE,
+		   e1->share_access, NTCREATEX_SHARE_ACCESS_READ);
+
+	CHECK_MASK(e1->access_mask, SEC_STD_DELETE,
+		   share_access, NTCREATEX_SHARE_ACCESS_DELETE);
+	CHECK_MASK(access_mask, SEC_STD_DELETE,
+		   e1->share_access, NTCREATEX_SHARE_ACCESS_DELETE);
+#undef CHECK_MASK
+	return NT_STATUS_OK;
+}
+
+/*
+  pull a record, translating from the db format to the opendb_file structure defined
+  in opendb.idl
+*/
+static NTSTATUS odb_pull_record(struct odb_lock *lck, struct opendb_file *file)
+{
+	TDB_DATA dbuf;
+	DATA_BLOB blob;
+	enum ndr_err_code ndr_err;
+
+	dbuf = dbwrap_record_get_value(lck->locked);
+	if (!dbuf.dptr) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	blob.data = dbuf.dptr;
+	blob.length = dbuf.dsize;
+
+	ndr_err = ndr_pull_struct_blob(&blob, lck, file, (ndr_pull_flags_fn_t)ndr_pull_opendb_file);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  push a record, translating from the opendb_file structure defined in opendb.idl
+*/
+static NTSTATUS odb_push_record(struct odb_lock *lck, struct opendb_file *file)
+{
+	TDB_DATA dbuf;
+	DATA_BLOB blob;
+	enum ndr_err_code ndr_err;
+	NTSTATUS status;
+
+	if (file->num_entries == 0) {
+		return dbwrap_record_delete(lck->locked);
+	}
+
+	ndr_err = ndr_push_struct_blob(&blob, lck, file, (ndr_push_flags_fn_t)ndr_push_opendb_file);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+
+	dbuf.dptr = blob.data;
+	dbuf.dsize = blob.length;
+		
+	status = dbwrap_record_store(lck->locked, dbuf, TDB_REPLACE);
+	data_blob_free(&blob);
+	return status;
+}
+
+/*
+  send an oplock break to a client
+*/
+static NTSTATUS odb_oplock_break_send(struct imessaging_context *msg_ctx,
+				      struct opendb_entry *e,
+				      uint8_t level)
+{
+	NTSTATUS status;
+	struct opendb_oplock_break op_break;
+	DATA_BLOB blob;
+
+	ZERO_STRUCT(op_break);
+
+	/* tell the server handling this open file about the need to send the client
+	   a break */
+	op_break.file_handle	= e->file_handle;
+	op_break.level		= level;
+
+	blob = data_blob_const(&op_break, sizeof(op_break));
+
+	status = imessaging_send(msg_ctx, e->server,
+				MSG_NTVFS_OPLOCK_BREAK, &blob);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	return NT_STATUS_OK;
+}
+
+static bool access_attributes_only(uint32_t access_mask,
+				   uint32_t open_disposition,
+				   bool break_to_none)
+{
+	switch (open_disposition) {
+	case NTCREATEX_DISP_SUPERSEDE:
+	case NTCREATEX_DISP_OVERWRITE_IF:
+	case NTCREATEX_DISP_OVERWRITE:
+		return false;
+	default:
+		break;
+	}
+
+	if (break_to_none) {
+		return false;
+	}
+
+#define CHECK_MASK(m,g) ((m) && (((m) & ~(g))==0) && (((m) & (g)) != 0))
+	return CHECK_MASK(access_mask,
+			  SEC_STD_SYNCHRONIZE |
+			  SEC_FILE_READ_ATTRIBUTE |
+			  SEC_FILE_WRITE_ATTRIBUTE);
+#undef CHECK_MASK
+}
+
+static NTSTATUS odb_tdb_open_can_internal(struct odb_context *odb,
+					  const struct opendb_file *file,
+					  uint32_t stream_id, uint32_t share_access,
+					  uint32_t access_mask, bool delete_on_close,
+					  uint32_t open_disposition, bool break_to_none,
+					  bool *_attrs_only)
+{
+	NTSTATUS status;
+	uint32_t i;
+	bool attrs_only = false;
+
+	/* see if anyone has an oplock, which we need to break */
+	for (i=0;i<file->num_entries;i++) {
+		if (file->entries[i].oplock_level == OPLOCK_BATCH) {
+			bool oplock_return = OPLOCK_BREAK_TO_LEVEL_II;
+			/* if this is an attribute only access
+			 * it doesn't conflict with a BACTCH oplock
+			 * but we'll not grant the oplock below
+			 */
+			attrs_only = access_attributes_only(access_mask,
+							    open_disposition,
+							    break_to_none);
+			if (attrs_only) {
+				break;
+			}
+			/* a batch oplock caches close calls, which
+			   means the client application might have
+			   already closed the file. We have to allow
+			   this close to propagate by sending a oplock
+			   break request and suspending this call
+			   until the break is acknowledged or the file
+			   is closed */
+			if (break_to_none ||
+			    !file->entries[i].allow_level_II_oplock) {
+				oplock_return = OPLOCK_BREAK_TO_NONE;
+			}
+			odb_oplock_break_send(odb->ntvfs_ctx->msg_ctx,
+					      &file->entries[i],
+					      oplock_return);
+			return NT_STATUS_OPLOCK_NOT_GRANTED;
+		}
+	}
+
+	if (file->delete_on_close) {
+		/* while delete on close is set, no new opens are allowed */
+		return NT_STATUS_DELETE_PENDING;
+	}
+
+	if (file->num_entries != 0 && delete_on_close) {
+		return NT_STATUS_SHARING_VIOLATION;
+	}
+
+	/* check for sharing violations */
+	for (i=0;i<file->num_entries;i++) {
+		status = share_conflict(&file->entries[i], stream_id,
+					share_access, access_mask);
+		NT_STATUS_NOT_OK_RETURN(status);
+	}
+
+	/* we now know the open could succeed, but we need to check
+	   for any exclusive oplocks. We can't grant a second open
+	   till these are broken. Note that we check for batch oplocks
+	   before checking for sharing violations, and check for
+	   exclusive oplocks afterwards. */
+	for (i=0;i<file->num_entries;i++) {
+		if (file->entries[i].oplock_level == OPLOCK_EXCLUSIVE) {
+			bool oplock_return = OPLOCK_BREAK_TO_LEVEL_II;
+			/* if this is an attribute only access
+			 * it doesn't conflict with an EXCLUSIVE oplock
+			 * but we'll not grant the oplock below
+			 */
+			attrs_only = access_attributes_only(access_mask,
+							    open_disposition,
+							    break_to_none);
+			if (attrs_only) {
+				break;
+			}
+			/*
+			 * send an oplock break to the holder of the
+			 * oplock and tell caller to retry later
+			 */
+			if (break_to_none ||
+			    !file->entries[i].allow_level_II_oplock) {
+				oplock_return = OPLOCK_BREAK_TO_NONE;
+			}
+			odb_oplock_break_send(odb->ntvfs_ctx->msg_ctx,
+					      &file->entries[i],
+					      oplock_return);
+			return NT_STATUS_OPLOCK_NOT_GRANTED;
+		}
+	}
+
+	if (_attrs_only) {
+		*_attrs_only = attrs_only;
+	}
+	return NT_STATUS_OK;
+}
+
+/*
+  register an open file in the open files database.
+  The share_access rules are implemented by odb_can_open()
+  and it's needed to call odb_can_open() before
+  odb_open_file() otherwise NT_STATUS_INTERNAL_ERROR is returned
+
+  Note that the path is only used by the delete on close logic, not
+  for comparing with other filenames
+*/
+static NTSTATUS odb_tdb_open_file(struct odb_lock *lck,
+				  void *file_handle, const char *path,
+				  int *fd, NTTIME open_write_time,
+				  bool allow_level_II_oplock,
+				  uint32_t oplock_level, uint32_t *oplock_granted)
+{
+	struct odb_context *odb = lck->odb;
+
+	if (!lck->can_open.e) {
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	if (odb->oplocks == false) {
+		oplock_level = OPLOCK_NONE;
+	}
+
+	if (!oplock_granted) {
+		oplock_level = OPLOCK_NONE;
+	}
+
+	if (lck->file.path == NULL) {
+		lck->file.path = talloc_strdup(lck, path);
+		NT_STATUS_HAVE_NO_MEMORY(lck->file.path);
+	}
+
+	if (lck->file.open_write_time == 0) {
+		lck->file.open_write_time = open_write_time;
+	}
+
+	/*
+	  possibly grant an exclusive, batch or level2 oplock
+	*/
+	if (lck->can_open.attrs_only) {
+		oplock_level	= OPLOCK_NONE;
+	} else if (oplock_level == OPLOCK_EXCLUSIVE) {
+		if (lck->file.num_entries == 0) {
+			oplock_level	= OPLOCK_EXCLUSIVE;
+		} else if (allow_level_II_oplock) {
+			oplock_level	= OPLOCK_LEVEL_II;
+		} else {
+			oplock_level	= OPLOCK_NONE;
+		}
+	} else if (oplock_level == OPLOCK_BATCH) {
+		if (lck->file.num_entries == 0) {
+			oplock_level	= OPLOCK_BATCH;
+		} else if (allow_level_II_oplock) {
+			oplock_level	= OPLOCK_LEVEL_II;
+		} else {
+			oplock_level	= OPLOCK_NONE;
+		}
+	} else if (oplock_level == OPLOCK_LEVEL_II) {
+		oplock_level	= OPLOCK_LEVEL_II;
+	} else {
+		oplock_level	= OPLOCK_NONE;
+	}
+
+	lck->can_open.e->file_handle		= file_handle;
+	lck->can_open.e->fd			= fd;
+	lck->can_open.e->allow_level_II_oplock	= allow_level_II_oplock;
+	lck->can_open.e->oplock_level		= oplock_level;
+
+	if (odb->lease_ctx && fd) {
+		NTSTATUS status;
+		status = sys_lease_setup(odb->lease_ctx, lck->can_open.e);
+		NT_STATUS_NOT_OK_RETURN(status);
+	}
+
+	if (oplock_granted) {
+		if (lck->can_open.e->oplock_level == OPLOCK_EXCLUSIVE) {
+			*oplock_granted	= EXCLUSIVE_OPLOCK_RETURN;
+		} else if (lck->can_open.e->oplock_level == OPLOCK_BATCH) {
+			*oplock_granted	= BATCH_OPLOCK_RETURN;
+		} else if (lck->can_open.e->oplock_level == OPLOCK_LEVEL_II) {
+			*oplock_granted	= LEVEL_II_OPLOCK_RETURN;
+		} else {
+			*oplock_granted	= NO_OPLOCK_RETURN;
+		}
+	}
+
+	/* it doesn't conflict, so add it to the end */
+	lck->file.entries = talloc_realloc(lck, lck->file.entries,
+					   struct opendb_entry,
+					   lck->file.num_entries+1);
+	NT_STATUS_HAVE_NO_MEMORY(lck->file.entries);
+
+	lck->file.entries[lck->file.num_entries] = *lck->can_open.e;
+	lck->file.num_entries++;
+
+	talloc_free(lck->can_open.e);
+	lck->can_open.e = NULL;
+
+	return odb_push_record(lck, &lck->file);
+}
+
+
+/*
+  register a pending open file in the open files database
+*/
+static NTSTATUS odb_tdb_open_file_pending(struct odb_lock *lck, void *private_data)
+{
+	struct odb_context *odb = lck->odb;
+
+	if (lck->file.path == NULL) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	lck->file.pending = talloc_realloc(lck, lck->file.pending,
+					   struct opendb_pending,
+					   lck->file.num_pending+1);
+	NT_STATUS_HAVE_NO_MEMORY(lck->file.pending);
+
+	lck->file.pending[lck->file.num_pending].server = odb->ntvfs_ctx->server_id;
+	lck->file.pending[lck->file.num_pending].notify_ptr = private_data;
+
+	lck->file.num_pending++;
+
+	return odb_push_record(lck, &lck->file);
+}
+
+
+/*
+  remove a opendb entry
+*/
+static NTSTATUS odb_tdb_close_file(struct odb_lock *lck, void *file_handle,
+				   const char **_delete_path)
+{
+	struct odb_context *odb = lck->odb;
+	const char *delete_path = NULL;
+	int i;
+
+	if (lck->file.path == NULL) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	/* find the entry, and delete it */
+	for (i=0;i<lck->file.num_entries;i++) {
+		if (file_handle == lck->file.entries[i].file_handle &&
+		    cluster_id_equal(&odb->ntvfs_ctx->server_id, &lck->file.entries[i].server)) {
+			if (lck->file.entries[i].delete_on_close) {
+				lck->file.delete_on_close = true;
+			}
+			if (odb->lease_ctx && lck->file.entries[i].fd) {
+				NTSTATUS status;
+				status = sys_lease_remove(odb->lease_ctx, &lck->file.entries[i]);
+				NT_STATUS_NOT_OK_RETURN(status);
+			}
+			if (i < lck->file.num_entries-1) {
+				memmove(lck->file.entries+i, lck->file.entries+i+1,
+					(lck->file.num_entries - (i+1)) *
+					sizeof(struct opendb_entry));
+			}
+			break;
+		}
+	}
+
+	if (i == lck->file.num_entries) {
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	/* send any pending notifications, removing them once sent */
+	for (i=0;i<lck->file.num_pending;i++) {
+		imessaging_send_ptr(odb->ntvfs_ctx->msg_ctx,
+				   lck->file.pending[i].server,
+				   MSG_PVFS_RETRY_OPEN,
+				   lck->file.pending[i].notify_ptr);
+	}
+	lck->file.num_pending = 0;
+
+	lck->file.num_entries--;
+
+	if (lck->file.num_entries == 0 && lck->file.delete_on_close) {
+		delete_path = lck->file.path;
+	}
+
+	if (_delete_path) {
+		*_delete_path = delete_path;
+	}
+
+	return odb_push_record(lck, &lck->file);
+}
+
+/*
+  update the oplock level of the client
+*/
+static NTSTATUS odb_tdb_update_oplock(struct odb_lock *lck, void *file_handle,
+				      uint32_t oplock_level)
+{
+	struct odb_context *odb = lck->odb;
+	int i;
+
+	if (lck->file.path == NULL) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	/* find the entry, and update it */
+	for (i=0;i<lck->file.num_entries;i++) {
+		if (file_handle == lck->file.entries[i].file_handle &&
+		    cluster_id_equal(&odb->ntvfs_ctx->server_id, &lck->file.entries[i].server)) {
+			lck->file.entries[i].oplock_level = oplock_level;
+
+			if (odb->lease_ctx && lck->file.entries[i].fd) {
+				NTSTATUS status;
+				status = sys_lease_update(odb->lease_ctx, &lck->file.entries[i]);
+				NT_STATUS_NOT_OK_RETURN(status);
+			}
+
+			break;
+		}
+	}
+
+	if (i == lck->file.num_entries) {
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	/* send any pending notifications, removing them once sent */
+	for (i=0;i<lck->file.num_pending;i++) {
+		imessaging_send_ptr(odb->ntvfs_ctx->msg_ctx,
+				   lck->file.pending[i].server,
+				   MSG_PVFS_RETRY_OPEN,
+				   lck->file.pending[i].notify_ptr);
+	}
+	lck->file.num_pending = 0;
+
+	return odb_push_record(lck, &lck->file);
+}
+
+/*
+  send oplocks breaks to none to all level2 holders
+*/
+static NTSTATUS odb_tdb_break_oplocks(struct odb_lock *lck)
+{
+	struct odb_context *odb = lck->odb;
+	int i;
+	bool modified = false;
+
+	/* see if anyone has an oplock, which we need to break */
+	for (i=0;i<lck->file.num_entries;i++) {
+		if (lck->file.entries[i].oplock_level == OPLOCK_LEVEL_II) {
+			/*
+			 * there could be multiple level2 oplocks
+			 * and we just send a break to none to all of them
+			 * without waiting for a release
+			 */
+			odb_oplock_break_send(odb->ntvfs_ctx->msg_ctx,
+					      &lck->file.entries[i],
+					      OPLOCK_BREAK_TO_NONE);
+			lck->file.entries[i].oplock_level = OPLOCK_NONE;
+			modified = true;
+		}
+	}
+
+	if (modified) {
+		return odb_push_record(lck, &lck->file);
+	}
+	return NT_STATUS_OK;
+}
+
+/*
+  remove a pending opendb entry
+*/
+static NTSTATUS odb_tdb_remove_pending(struct odb_lock *lck, void *private_data)
+{
+	struct odb_context *odb = lck->odb;
+	int i;
+
+	if (lck->file.path == NULL) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	/* find the entry, and delete it */
+	for (i=0;i<lck->file.num_pending;i++) {
+		if (private_data == lck->file.pending[i].notify_ptr &&
+		    cluster_id_equal(&odb->ntvfs_ctx->server_id, &lck->file.pending[i].server)) {
+			if (i < lck->file.num_pending-1) {
+				memmove(lck->file.pending+i, lck->file.pending+i+1,
+					(lck->file.num_pending - (i+1)) *
+					sizeof(struct opendb_pending));
+			}
+			break;
+		}
+	}
+
+	if (i == lck->file.num_pending) {
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	lck->file.num_pending--;
+	
+	return odb_push_record(lck, &lck->file);
+}
+
+
+/*
+  rename the path in a open file
+*/
+static NTSTATUS odb_tdb_rename(struct odb_lock *lck, const char *path)
+{
+	if (lck->file.path == NULL) {
+		/* not having the record at all is OK */
+		return NT_STATUS_OK;
+	}
+
+	lck->file.path = talloc_strdup(lck, path);
+	NT_STATUS_HAVE_NO_MEMORY(lck->file.path);
+
+	return odb_push_record(lck, &lck->file);
+}
+
+/*
+  get the path of an open file
+*/
+static NTSTATUS odb_tdb_get_path(struct odb_lock *lck, const char **path)
+{
+	*path = NULL;
+
+	/* we don't ignore NT_STATUS_OBJECT_NAME_NOT_FOUND here */
+	if (lck->file.path == NULL) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	*path = lck->file.path;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  update delete on close flag on an open file
+*/
+static NTSTATUS odb_tdb_set_delete_on_close(struct odb_lock *lck, bool del_on_close)
+{
+	if (lck->file.path == NULL) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	lck->file.delete_on_close = del_on_close;
+
+	return odb_push_record(lck, &lck->file);
+}
+
+/*
+  update the write time on an open file
+*/
+static NTSTATUS odb_tdb_set_write_time(struct odb_lock *lck,
+				       NTTIME write_time, bool force)
+{
+	if (lck->file.path == NULL) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	if (lck->file.changed_write_time != 0 && !force) {
+		return NT_STATUS_OK;
+	}
+
+	lck->file.changed_write_time = write_time;
+
+	return odb_push_record(lck, &lck->file);
+}
+
+/*
+  return the current value of the delete_on_close bit, and how many
+  people still have the file open
+*/
+static NTSTATUS odb_tdb_get_file_infos(struct odb_context *odb, DATA_BLOB *key,
+				       bool *del_on_close, NTTIME *write_time)
+{
+	struct odb_lock *lck;
+
+	if (del_on_close) {
+		*del_on_close = false;
+	}
+	if (write_time) {
+		*write_time = 0;
+	}
+
+	lck = odb_lock(odb, odb, key);
+	NT_STATUS_HAVE_NO_MEMORY(lck);
+
+	if (del_on_close) {
+		*del_on_close = lck->file.delete_on_close;
+	}
+	if (write_time) {
+		if (lck->file.changed_write_time == 0) {
+			*write_time = lck->file.open_write_time;
+		} else {
+			*write_time = lck->file.changed_write_time;
+		}
+	}
+
+	talloc_free(lck);
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  determine if a file can be opened with the given share_access,
+  create_options and access_mask
+*/
+static NTSTATUS odb_tdb_can_open(struct odb_lock *lck,
+				 uint32_t stream_id, uint32_t share_access,
+				 uint32_t access_mask, bool delete_on_close,
+				 uint32_t open_disposition, bool break_to_none)
+{
+	struct odb_context *odb = lck->odb;
+	NTSTATUS status;
+
+	status = odb_tdb_open_can_internal(odb, &lck->file, stream_id,
+					   share_access, access_mask,
+					   delete_on_close, open_disposition,
+					   break_to_none, &lck->can_open.attrs_only);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	lck->can_open.e	= talloc(lck, struct opendb_entry);
+	NT_STATUS_HAVE_NO_MEMORY(lck->can_open.e);
+
+	lck->can_open.e->server			= odb->ntvfs_ctx->server_id;
+	lck->can_open.e->file_handle		= NULL;
+	lck->can_open.e->fd			= NULL;
+	lck->can_open.e->stream_id		= stream_id;
+	lck->can_open.e->share_access		= share_access;
+	lck->can_open.e->access_mask		= access_mask;
+	lck->can_open.e->delete_on_close	= delete_on_close;
+	lck->can_open.e->allow_level_II_oplock	= false;
+	lck->can_open.e->oplock_level		= OPLOCK_NONE;
+
+	return NT_STATUS_OK;
+}
+
+
+static const struct opendb_ops opendb_tdb_ops = {
+	.odb_init                = odb_tdb_init,
+	.odb_lock                = odb_tdb_lock,
+	.odb_get_key             = odb_tdb_get_key,
+	.odb_open_file           = odb_tdb_open_file,
+	.odb_open_file_pending   = odb_tdb_open_file_pending,
+	.odb_close_file          = odb_tdb_close_file,
+	.odb_remove_pending      = odb_tdb_remove_pending,
+	.odb_rename              = odb_tdb_rename,
+	.odb_get_path            = odb_tdb_get_path,
+	.odb_set_delete_on_close = odb_tdb_set_delete_on_close,
+	.odb_set_write_time      = odb_tdb_set_write_time,
+	.odb_get_file_infos      = odb_tdb_get_file_infos,
+	.odb_can_open            = odb_tdb_can_open,
+	.odb_update_oplock       = odb_tdb_update_oplock,
+	.odb_break_oplocks       = odb_tdb_break_oplocks
+};
+
+
+void odb_tdb_init_ops(void)
+{
+	sys_lease_init();
+	odb_set_ops(&opendb_tdb_ops);
+}
diff --git a/source4/ntvfs/common/wscript_build b/source4/ntvfs/common/wscript_build
new file mode 100644
index 0000000..b144472
--- /dev/null
+++ b/source4/ntvfs/common/wscript_build
@@ -0,0 +1,9 @@
+#!/usr/bin/env python
+
+bld.SAMBA_SUBSYSTEM('ntvfs_common',
+	source='init.c brlock.c brlock_tdb.c opendb.c opendb_tdb.c notify.c',
+	autoproto='proto.h',
+	deps='util_tdb tdb-wrap',
+	public_deps='NDR_OPENDB NDR_NOTIFY sys_notify sys_lease share'
+	)
+
diff --git a/source4/ntvfs/ipc/README b/source4/ntvfs/ipc/README
new file mode 100644
index 0000000..059a714
--- /dev/null
+++ b/source4/ntvfs/ipc/README
@@ -0,0 +1,5 @@
+This is the IPC$ backend for Samba. NTVFS operations that are made on
+IPC$ shares are directed here by default. Most file operations 
+are not supported on IPC$ shares.
+
+
diff --git a/source4/ntvfs/ipc/ipc_rap.c b/source4/ntvfs/ipc/ipc_rap.c
new file mode 100644
index 0000000..9ddde5e
--- /dev/null
+++ b/source4/ntvfs/ipc/ipc_rap.c
@@ -0,0 +1,511 @@
+/* 
+   Unix SMB/CIFS implementation.
+   RAP handlers
+
+   Copyright (C) Volker Lendecke 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/interfaces.h"
+#include "../librpc/gen_ndr/rap.h"
+#include "events/events.h"
+#include "ntvfs/ipc/proto.h"
+#include "librpc/ndr/libndr.h"
+#include "param/param.h"
+
+#define NDR_RETURN(call) do { \
+	enum ndr_err_code _ndr_err; \
+	_ndr_err = call; \
+	if (!NDR_ERR_CODE_IS_SUCCESS(_ndr_err)) { \
+		return ndr_map_error2ntstatus(_ndr_err); \
+	} \
+} while (0)
+
+#define RAP_GOTO(call) do { \
+	result = call; \
+	if (NT_STATUS_EQUAL(result, NT_STATUS_BUFFER_TOO_SMALL)) {\
+		goto buffer_overflow; \
+	} \
+	if (!NT_STATUS_IS_OK(result)) { \
+		goto done; \
+	} \
+} while (0)
+
+#define NDR_GOTO(call) do { \
+	enum ndr_err_code _ndr_err; \
+	_ndr_err = call; \
+	if (!NDR_ERR_CODE_IS_SUCCESS(_ndr_err)) { \
+		RAP_GOTO(ndr_map_error2ntstatus(_ndr_err)); \
+	} \
+} while (0)
+
+
+#define NERR_notsupported 50
+
+struct rap_string_heap {
+	TALLOC_CTX *mem_ctx;
+	int offset;
+	int num_strings;
+	const char **strings;
+};
+
+struct rap_heap_save {
+	int offset, num_strings;
+};
+
+static void rap_heap_save(struct rap_string_heap *heap,
+			  struct rap_heap_save *save)
+{
+	save->offset = heap->offset;
+	save->num_strings = heap->num_strings;
+}
+
+static void rap_heap_restore(struct rap_string_heap *heap,
+			     struct rap_heap_save *save)
+{
+	heap->offset = save->offset;
+	heap->num_strings = save->num_strings;
+}
+
+struct rap_call {
+	struct loadparm_context *lp_ctx;
+
+	TALLOC_CTX *mem_ctx;
+	uint16_t callno;
+	const char *paramdesc;
+	const char *datadesc;
+
+	uint16_t status;
+	uint16_t convert;
+
+	uint16_t rcv_paramlen, rcv_datalen;
+
+	struct ndr_push *ndr_push_param;
+	struct ndr_push *ndr_push_data;
+	struct rap_string_heap *heap;
+
+	struct ndr_pull *ndr_pull_param;
+	struct ndr_pull *ndr_pull_data;
+
+	struct tevent_context *event_ctx;
+};
+
+#define RAPNDR_FLAGS (LIBNDR_FLAG_NOALIGN|LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_NULLTERM);
+
+static struct rap_call *new_rap_srv_call(TALLOC_CTX *mem_ctx,
+					 struct tevent_context *ev_ctx,
+					 struct loadparm_context *lp_ctx,
+					 struct smb_trans2 *trans)
+{
+	struct rap_call *call;
+
+	call = talloc(mem_ctx, struct rap_call);
+
+	if (call == NULL)
+		return NULL;
+
+	ZERO_STRUCTP(call);
+
+	call->lp_ctx = talloc_reference(call, lp_ctx);
+	call->event_ctx = ev_ctx;
+
+	call->mem_ctx = mem_ctx;
+
+	call->ndr_pull_param = ndr_pull_init_blob(&trans->in.params, mem_ctx);
+	call->ndr_pull_param->flags = RAPNDR_FLAGS;
+
+	call->ndr_pull_data = ndr_pull_init_blob(&trans->in.data, mem_ctx);
+	call->ndr_pull_data->flags = RAPNDR_FLAGS;
+
+	call->heap = talloc(mem_ctx, struct rap_string_heap);
+
+	if (call->heap == NULL)
+		return NULL;
+
+	ZERO_STRUCTP(call->heap);
+
+	call->heap->mem_ctx = mem_ctx;
+
+	return call;
+}
+
+static NTSTATUS rap_srv_pull_word(struct rap_call *call, uint16_t *result)
+{
+	enum ndr_err_code ndr_err;
+
+	if (*call->paramdesc++ != 'W')
+		return NT_STATUS_INVALID_PARAMETER;
+
+	ndr_err = ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, result);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS rap_srv_pull_dword(struct rap_call *call, uint32_t *result)
+{
+	enum ndr_err_code ndr_err;
+
+	if (*call->paramdesc++ != 'D')
+		return NT_STATUS_INVALID_PARAMETER;
+
+	ndr_err = ndr_pull_uint32(call->ndr_pull_param, NDR_SCALARS, result);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS rap_srv_pull_string(struct rap_call *call, const char **result)
+{
+	enum ndr_err_code ndr_err;
+	char paramdesc = *call->paramdesc++;
+
+	if (paramdesc == 'O') {
+		*result = NULL;
+		return NT_STATUS_OK;
+	}
+
+	if (paramdesc != 'z')
+		return NT_STATUS_INVALID_PARAMETER;
+
+	ndr_err = ndr_pull_string(call->ndr_pull_param, NDR_SCALARS, result);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS rap_srv_pull_bufsize(struct rap_call *call, uint16_t *bufsize)
+{
+	enum ndr_err_code ndr_err;
+
+	if ( (*call->paramdesc++ != 'r') || (*call->paramdesc++ != 'L') )
+		return NT_STATUS_INVALID_PARAMETER;
+
+	ndr_err = ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, bufsize);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+
+	call->heap->offset = *bufsize;
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS rap_srv_pull_expect_multiple(struct rap_call *call)
+{
+	if ( (*call->paramdesc++ != 'e') || (*call->paramdesc++ != 'h') )
+		return NT_STATUS_INVALID_PARAMETER;
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS rap_push_string(struct ndr_push *data_push,
+				struct rap_string_heap *heap,
+				const char *str)
+{
+	size_t space;
+
+	if (str == NULL)
+		str = "";
+
+	space = strlen(str)+1;
+
+	if (heap->offset < space)
+		return NT_STATUS_BUFFER_TOO_SMALL;
+
+	heap->offset -= space;
+
+	NDR_RETURN(ndr_push_uint16(data_push, NDR_SCALARS, heap->offset));
+	NDR_RETURN(ndr_push_uint16(data_push, NDR_SCALARS, 0));
+
+	heap->strings = talloc_realloc(heap->mem_ctx,
+					 heap->strings,
+					 const char *,
+					 heap->num_strings + 1);
+
+	if (heap->strings == NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	heap->strings[heap->num_strings] = str;
+	heap->num_strings += 1;
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS _rap_netshareenum(struct rap_call *call)
+{
+	struct rap_NetShareEnum r;
+	NTSTATUS result;
+	uint32_t offset_save = 0;
+	struct rap_heap_save heap_save = {0};
+
+	RAP_GOTO(rap_srv_pull_word(call, &r.in.level));
+	RAP_GOTO(rap_srv_pull_bufsize(call, &r.in.bufsize));
+	RAP_GOTO(rap_srv_pull_expect_multiple(call));
+
+	switch(r.in.level) {
+	case 0:
+		if (strcmp(call->datadesc, "B13") != 0)
+			return NT_STATUS_INVALID_PARAMETER;
+		break;
+	case 1:
+		if (strcmp(call->datadesc, "B13BWz") != 0)
+			return NT_STATUS_INVALID_PARAMETER;
+		break;
+	default:
+		return NT_STATUS_INVALID_PARAMETER;
+		break;
+	}
+
+	result = rap_netshareenum(call, call->event_ctx, call->lp_ctx, &r);
+
+	if (!NT_STATUS_IS_OK(result))
+		return result;
+
+	for (r.out.count = 0; r.out.count < r.out.available; r.out.count++) {
+
+		int i = r.out.count;
+
+		offset_save = call->ndr_push_data->offset;
+		rap_heap_save(call->heap, &heap_save);
+
+		switch(r.in.level) {
+		case 0:
+			NDR_GOTO(ndr_push_bytes(call->ndr_push_data,
+					      (const uint8_t *)r.out.info[i].info0.share_name,
+					      sizeof(r.out.info[i].info0.share_name)));
+			break;
+		case 1:
+			NDR_GOTO(ndr_push_bytes(call->ndr_push_data,
+					      (const uint8_t *)r.out.info[i].info1.share_name,
+					      sizeof(r.out.info[i].info1.share_name)));
+			NDR_GOTO(ndr_push_uint8(call->ndr_push_data,
+					      NDR_SCALARS, r.out.info[i].info1.reserved1));
+			NDR_GOTO(ndr_push_uint16(call->ndr_push_data,
+					       NDR_SCALARS, r.out.info[i].info1.share_type));
+
+			RAP_GOTO(rap_push_string(call->ndr_push_data,
+					       call->heap,
+					       r.out.info[i].info1.comment));
+
+			break;
+		}
+
+		if (call->ndr_push_data->offset > call->heap->offset) {
+
+	buffer_overflow:
+
+			call->ndr_push_data->offset = offset_save;
+			rap_heap_restore(call->heap, &heap_save);
+			break;
+		}
+	}
+
+	call->status = r.out.status;
+
+	NDR_RETURN(ndr_push_uint16(call->ndr_push_param, NDR_SCALARS, r.out.count));
+	NDR_RETURN(ndr_push_uint16(call->ndr_push_param, NDR_SCALARS, r.out.available));
+
+	result = NT_STATUS_OK;
+
+ done:
+	return result;
+}
+
+static NTSTATUS _rap_netserverenum2(struct rap_call *call)
+{
+	struct rap_NetServerEnum2 r;
+	NTSTATUS result;
+	uint32_t offset_save = 0;
+	struct rap_heap_save heap_save = {0};
+
+	RAP_GOTO(rap_srv_pull_word(call, &r.in.level));
+	RAP_GOTO(rap_srv_pull_bufsize(call, &r.in.bufsize));
+	RAP_GOTO(rap_srv_pull_expect_multiple(call));
+	RAP_GOTO(rap_srv_pull_dword(call, &r.in.servertype));
+	RAP_GOTO(rap_srv_pull_string(call, &r.in.domain));
+
+	switch(r.in.level) {
+	case 0:
+		if (strcmp(call->datadesc, "B16") != 0)
+			return NT_STATUS_INVALID_PARAMETER;
+		break;
+	case 1:
+		if (strcmp(call->datadesc, "B16BBDz") != 0)
+			return NT_STATUS_INVALID_PARAMETER;
+		break;
+	default:
+		return NT_STATUS_INVALID_PARAMETER;
+		break;
+	}
+
+	result = rap_netserverenum2(call, call->lp_ctx, &r);
+
+	if (!NT_STATUS_IS_OK(result))
+		return result;
+
+	for (r.out.count = 0; r.out.count < r.out.available; r.out.count++) {
+
+		int i = r.out.count;
+
+		offset_save = call->ndr_push_data->offset;
+		rap_heap_save(call->heap, &heap_save);
+
+		switch(r.in.level) {
+		case 0:
+			NDR_GOTO(ndr_push_bytes(call->ndr_push_data,
+					      (const uint8_t *)r.out.info[i].info0.name,
+					      sizeof(r.out.info[i].info0.name)));
+			break;
+		case 1:
+			NDR_GOTO(ndr_push_bytes(call->ndr_push_data,
+					      (const uint8_t *)r.out.info[i].info1.name,
+					      sizeof(r.out.info[i].info1.name)));
+			NDR_GOTO(ndr_push_uint8(call->ndr_push_data,
+					      NDR_SCALARS, r.out.info[i].info1.version_major));
+			NDR_GOTO(ndr_push_uint8(call->ndr_push_data,
+					      NDR_SCALARS, r.out.info[i].info1.version_minor));
+			NDR_GOTO(ndr_push_uint32(call->ndr_push_data,
+					       NDR_SCALARS, r.out.info[i].info1.servertype));
+
+			RAP_GOTO(rap_push_string(call->ndr_push_data,
+					       call->heap,
+					       r.out.info[i].info1.comment));
+
+			break;
+		}
+
+		if (call->ndr_push_data->offset > call->heap->offset) {
+
+	buffer_overflow:
+
+			call->ndr_push_data->offset = offset_save;
+			rap_heap_restore(call->heap, &heap_save);
+			break;
+		}
+	}
+
+	call->status = r.out.status;
+
+	NDR_RETURN(ndr_push_uint16(call->ndr_push_param, NDR_SCALARS, r.out.count));
+	NDR_RETURN(ndr_push_uint16(call->ndr_push_param, NDR_SCALARS, r.out.available));
+
+	result = NT_STATUS_OK;
+
+ done:
+	return result;
+}
+
+static NTSTATUS api_Unsupported(struct rap_call *call)
+{
+	call->status = NERR_notsupported;
+	call->convert = 0;
+	return NT_STATUS_OK;
+}
+
+static const struct
+{
+	const char *name;
+	int id;
+	NTSTATUS (*fn)(struct rap_call *call);
+} api_commands[] = {
+	{"NetShareEnum", RAP_WshareEnum, _rap_netshareenum },
+	{"NetServerEnum2", RAP_NetServerEnum2, _rap_netserverenum2 },
+	{NULL, -1, api_Unsupported}
+};
+
+NTSTATUS ipc_rap_call(TALLOC_CTX *mem_ctx, struct tevent_context *event_ctx, struct loadparm_context *lp_ctx,
+		      struct smb_trans2 *trans)
+{
+	int i;
+	NTSTATUS result;
+	struct rap_call *call;
+	DATA_BLOB result_param, result_data;
+	struct ndr_push *final_param;
+	struct ndr_push *final_data;
+
+	call = new_rap_srv_call(mem_ctx, event_ctx, lp_ctx, trans);
+
+	if (call == NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	NDR_RETURN(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &call->callno));
+	NDR_RETURN(ndr_pull_string(call->ndr_pull_param, NDR_SCALARS,
+				  &call->paramdesc));
+	NDR_RETURN(ndr_pull_string(call->ndr_pull_param, NDR_SCALARS,
+				  &call->datadesc));
+
+	call->ndr_push_param = ndr_push_init_ctx(call);
+	call->ndr_push_data = ndr_push_init_ctx(call);
+
+	if ((call->ndr_push_param == NULL) || (call->ndr_push_data == NULL))
+		return NT_STATUS_NO_MEMORY;
+
+	call->ndr_push_param->flags = RAPNDR_FLAGS;
+	call->ndr_push_data->flags = RAPNDR_FLAGS;
+
+	result = NT_STATUS_INVALID_SYSTEM_SERVICE;
+
+	for (i=0; api_commands[i].name != NULL; i++) {
+		if (api_commands[i].id == call->callno) {
+			DEBUG(5, ("Running RAP call %s\n",
+				  api_commands[i].name));
+			result = api_commands[i].fn(call);
+			break;
+		}
+	}
+
+	if (!NT_STATUS_IS_OK(result))
+		return result;
+
+	result_param = ndr_push_blob(call->ndr_push_param);
+	result_data = ndr_push_blob(call->ndr_push_data);
+
+	final_param = ndr_push_init_ctx(call);
+	final_data = ndr_push_init_ctx(call);
+
+	if ((final_param == NULL) || (final_data == NULL))
+		return NT_STATUS_NO_MEMORY;
+
+	final_param->flags = RAPNDR_FLAGS;
+	final_data->flags = RAPNDR_FLAGS;
+
+	NDR_RETURN(ndr_push_uint16(final_param, NDR_SCALARS, call->status));
+	NDR_RETURN(ndr_push_uint16(final_param,
+				  NDR_SCALARS, call->heap->offset - result_data.length));
+	NDR_RETURN(ndr_push_bytes(final_param, result_param.data,
+				 result_param.length));
+
+	NDR_RETURN(ndr_push_bytes(final_data, result_data.data,
+				 result_data.length));
+
+	for (i=call->heap->num_strings-1; i>=0; i--)
+		NDR_RETURN(ndr_push_string(final_data, NDR_SCALARS,
+					  call->heap->strings[i]));
+
+	trans->out.setup_count = 0;
+	trans->out.setup = NULL;
+	trans->out.params = ndr_push_blob(final_param);
+	trans->out.data = ndr_push_blob(final_data);
+
+	return result;
+}
diff --git a/source4/ntvfs/ipc/rap_server.c b/source4/ntvfs/ipc/rap_server.c
new file mode 100644
index 0000000..4c4beca
--- /dev/null
+++ b/source4/ntvfs/ipc/rap_server.c
@@ -0,0 +1,95 @@
+/* 
+   Unix SMB/CIFS implementation.
+   RAP handlers
+
+   Copyright (C) Volker Lendecke 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "param/share.h"
+#include "../librpc/gen_ndr/rap.h"
+#include "libcli/raw/interfaces.h"
+#include "librpc/gen_ndr/srvsvc.h"
+#include "librpc/gen_ndr/dcerpc.h"
+#include "rpc_server/common/common.h"
+#include "rpc_server/common/share.h"
+#include "param/param.h"
+#include "ntvfs/ipc/proto.h"
+
+/* At this moment these are just dummy functions, but you might get the
+ * idea. */
+
+NTSTATUS rap_netshareenum(TALLOC_CTX *mem_ctx,
+			  struct tevent_context *event_ctx,
+			  struct loadparm_context *lp_ctx,
+			  struct rap_NetShareEnum *r)
+{
+	NTSTATUS nterr;
+	const char **snames;
+	struct share_context *sctx;
+	struct share_config *scfg;
+	int i, j, count;
+
+	r->out.status = 0;
+	r->out.available = 0;
+	r->out.info = NULL;
+
+	nterr = share_get_context(mem_ctx, lp_ctx, &sctx);
+	if (!NT_STATUS_IS_OK(nterr)) {
+		return nterr;
+	}
+
+	nterr = share_list_all(mem_ctx, sctx, &count, &snames);
+	if (!NT_STATUS_IS_OK(nterr)) {
+		return nterr;
+	}
+
+	r->out.available = count;
+	r->out.info = talloc_array(mem_ctx,
+				   union rap_share_info, r->out.available);
+
+	for (i = 0, j = 0; i < r->out.available; i++) {
+		size_t sname_len;
+
+		if (!NT_STATUS_IS_OK(share_get_config(mem_ctx, sctx, snames[i], &scfg))) {
+			DEBUG(3, ("WARNING: Service [%s] disappeared after enumeration!\n", snames[i]));
+			continue;
+		}
+		/* Make sure we have NUL-termination */
+		sname_len = MIN(strlen(snames[i]),
+				sizeof(r->out.info[j].info1.share_name));
+		strlcpy((char *)r->out.info[j].info1.share_name,
+			snames[i],
+			sname_len);
+		r->out.info[i].info1.reserved1 = 0;
+		r->out.info[i].info1.share_type = dcesrv_common_get_share_type(mem_ctx, NULL, scfg);
+		r->out.info[i].info1.comment = share_string_option(mem_ctx, scfg, SHARE_COMMENT, "");
+		talloc_free(scfg);
+		j++;
+	}
+	r->out.available = j;
+	
+	return NT_STATUS_OK;
+}
+
+NTSTATUS rap_netserverenum2(TALLOC_CTX *mem_ctx,
+			    struct loadparm_context *lp_ctx,
+			    struct rap_NetServerEnum2 *r)
+{
+	r->out.status = 0;
+	r->out.available = 0;
+	return NT_STATUS_OK;
+}
diff --git a/source4/ntvfs/ipc/vfs_ipc.c b/source4/ntvfs/ipc/vfs_ipc.c
new file mode 100644
index 0000000..01e2a5d
--- /dev/null
+++ b/source4/ntvfs/ipc/vfs_ipc.c
@@ -0,0 +1,1356 @@
+/* 
+   Unix SMB/CIFS implementation.
+   default IPC$ NTVFS backend
+
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) Stefan (metze) Metzmacher 2004-2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+  this implements the IPC$ backend, called by the NTVFS subsystem to
+  handle requests on IPC$ shares
+*/
+
+
+#include "includes.h"
+#include "../lib/util/dlinklist.h"
+#include "ntvfs/ntvfs.h"
+#include "../librpc/gen_ndr/rap.h"
+#include "ntvfs/ipc/proto.h"
+#include "../libcli/smb/smb_constants.h"
+#include "param/param.h"
+#include "../lib/tsocket/tsocket.h"
+#include "../libcli/named_pipe_auth/npa_tstream.h"
+#include "auth/auth.h"
+#include "auth/auth_sam_reply.h"
+#include "lib/socket/socket.h"
+#include "auth/credentials/credentials.h"
+#include "auth/credentials/credentials_krb5.h"
+#include "system/kerberos.h"
+#include "system/gssapi.h"
+#include "system/locale.h"
+#include "system/filesys.h"
+
+#undef strncasecmp
+
+/* this is the private structure used to keep the state of an open
+   ipc$ connection. It needs to keep information about all open
+   pipes */
+struct ipc_private {
+	struct ntvfs_module_context *ntvfs;
+
+	/* a list of open pipes */
+	struct pipe_state {
+		struct pipe_state *next, *prev;
+		struct ipc_private *ipriv;
+		const char *pipe_name;
+		struct ntvfs_handle *handle;
+		struct tstream_context *npipe;
+		uint16_t file_type;
+		uint16_t device_state;
+		uint64_t allocation_size;
+		struct tevent_queue *write_queue;
+		struct tevent_queue *read_queue;
+	} *pipe_list;
+};
+
+
+/*
+  find a open pipe give a file handle
+*/
+static struct pipe_state *pipe_state_find(struct ipc_private *ipriv, struct ntvfs_handle *handle)
+{
+	struct pipe_state *s;
+	void *p;
+
+	p = ntvfs_handle_get_backend_data(handle, ipriv->ntvfs);
+	if (!p) return NULL;
+
+	s = talloc_get_type(p, struct pipe_state);
+	if (!s) return NULL;
+
+	return s;
+}
+
+/*
+  find a open pipe give a wire fnum
+*/
+static struct pipe_state *pipe_state_find_key(struct ipc_private *ipriv, struct ntvfs_request *req, const DATA_BLOB *key)
+{
+	struct ntvfs_handle *h;
+
+	h = ntvfs_handle_search_by_wire_key(ipriv->ntvfs, req, key);
+	if (!h) return NULL;
+
+	return pipe_state_find(ipriv, h);
+}
+
+
+/*
+  connect to a share - always works 
+*/
+static NTSTATUS ipc_connect(struct ntvfs_module_context *ntvfs,
+			    struct ntvfs_request *req,
+			    union smb_tcon* tcon)
+{
+	struct ipc_private *ipriv;
+	const char *sharename;
+
+	switch (tcon->generic.level) {
+	case RAW_TCON_TCON:
+		sharename = tcon->tcon.in.service;
+		break;
+	case RAW_TCON_TCONX:
+		sharename = tcon->tconx.in.path;
+		break;
+	case RAW_TCON_SMB2:
+		sharename = tcon->smb2.in.path;
+		break;
+	default:
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	if (strncmp(sharename, "\\\\", 2) == 0) {
+		char *p = strchr(sharename+2, '\\');
+		if (p) {
+			sharename = p + 1;
+		}
+	}
+
+	ntvfs->ctx->fs_type = talloc_strdup(ntvfs->ctx, "IPC");
+	NT_STATUS_HAVE_NO_MEMORY(ntvfs->ctx->fs_type);
+
+	ntvfs->ctx->dev_type = talloc_strdup(ntvfs->ctx, "IPC");
+	NT_STATUS_HAVE_NO_MEMORY(ntvfs->ctx->dev_type);
+
+	if (tcon->generic.level == RAW_TCON_TCONX) {
+		tcon->tconx.out.fs_type = ntvfs->ctx->fs_type;
+		tcon->tconx.out.dev_type = ntvfs->ctx->dev_type;
+	}
+
+	/* prepare the private state for this connection */
+	ipriv = talloc(ntvfs, struct ipc_private);
+	NT_STATUS_HAVE_NO_MEMORY(ipriv);
+
+	ntvfs->private_data = ipriv;
+
+	ipriv->ntvfs = ntvfs;
+	ipriv->pipe_list = NULL;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  disconnect from a share
+*/
+static NTSTATUS ipc_disconnect(struct ntvfs_module_context *ntvfs)
+{
+	return NT_STATUS_OK;
+}
+
+/*
+  delete a file
+*/
+static NTSTATUS ipc_unlink(struct ntvfs_module_context *ntvfs,
+			   struct ntvfs_request *req,
+			   union smb_unlink *unl)
+{
+	return NT_STATUS_ACCESS_DENIED;
+}
+
+/*
+  check if a directory exists
+*/
+static NTSTATUS ipc_chkpath(struct ntvfs_module_context *ntvfs,
+			    struct ntvfs_request *req,
+			    union smb_chkpath *cp)
+{
+	return NT_STATUS_ACCESS_DENIED;
+}
+
+/*
+  return info on a pathname
+*/
+static NTSTATUS ipc_qpathinfo(struct ntvfs_module_context *ntvfs,
+			      struct ntvfs_request *req, union smb_fileinfo *info)
+{
+	switch (info->generic.level) {
+	case  RAW_FILEINFO_GENERIC:
+		return NT_STATUS_INVALID_DEVICE_REQUEST;
+	case RAW_FILEINFO_GETATTR:
+		return NT_STATUS_ACCESS_DENIED;
+	default:
+		return ntvfs_map_qpathinfo(ntvfs, req, info);
+	}
+}
+
+/*
+  set info on a pathname
+*/
+static NTSTATUS ipc_setpathinfo(struct ntvfs_module_context *ntvfs,
+				struct ntvfs_request *req, union smb_setfileinfo *st)
+{
+	return NT_STATUS_ACCESS_DENIED;
+}
+
+
+/*
+  destroy a open pipe structure
+*/
+static int ipc_fd_destructor(struct pipe_state *p)
+{
+	DLIST_REMOVE(p->ipriv->pipe_list, p);
+	ntvfs_handle_remove_backend_data(p->handle, p->ipriv->ntvfs);
+	return 0;
+}
+
+struct ipc_open_state {
+	struct ipc_private *ipriv;
+	struct pipe_state *p;
+	struct ntvfs_request *req;
+	union smb_open *oi;
+	struct auth_session_info_transport *session_info_transport;
+};
+
+static void ipc_open_done(struct tevent_req *subreq);
+
+/*
+  check the pipename is valid
+ */
+static NTSTATUS validate_pipename(const char *name)
+{
+	while (*name) {
+		if (!isalnum(*name) && *name != '_') {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+		name++;
+	}
+	return NT_STATUS_OK;
+}
+
+/*
+  open a file - used for MSRPC pipes
+*/
+static NTSTATUS ipc_open(struct ntvfs_module_context *ntvfs,
+			 struct ntvfs_request *req, union smb_open *oi)
+{
+	NTSTATUS status;
+	struct pipe_state *p;
+	struct ipc_private *ipriv = talloc_get_type_abort(ntvfs->private_data,
+				    struct ipc_private);
+	struct ntvfs_handle *h;
+	struct ipc_open_state *state;
+	struct tevent_req *subreq;
+	const char *fname;
+	const char *directory;
+	const struct tsocket_address *remote_client_addr;
+	const struct tsocket_address *local_server_addr;
+
+	switch (oi->generic.level) {
+	case RAW_OPEN_NTCREATEX:
+	case RAW_OPEN_NTTRANS_CREATE:
+		fname = oi->ntcreatex.in.fname;
+		while (fname[0] == '\\') fname++;
+		break;
+	case RAW_OPEN_OPENX:
+		fname = oi->openx.in.fname;
+		while (fname[0] == '\\') fname++;
+		if (strncasecmp(fname, "PIPE\\", 5) != 0) {
+			return NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
+		}
+		while (fname[0] == '\\') fname++;
+		break;
+	case RAW_OPEN_SMB2:
+		fname = oi->smb2.in.fname;
+		break;
+	default:
+		return NT_STATUS_NOT_SUPPORTED;
+	}
+
+	directory = talloc_asprintf(req, "%s/np",
+				    lpcfg_ncalrpc_dir(ipriv->ntvfs->ctx->lp_ctx));
+	NT_STATUS_HAVE_NO_MEMORY(directory);
+
+	state = talloc(req, struct ipc_open_state);
+	NT_STATUS_HAVE_NO_MEMORY(state);
+
+	status = ntvfs_handle_new(ntvfs, req, &h);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	p = talloc(h, struct pipe_state);
+	NT_STATUS_HAVE_NO_MEMORY(p);
+
+	/* check for valid characters in name */
+	fname = strlower_talloc(p, fname);
+
+	status = validate_pipename(fname);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	p->pipe_name = talloc_asprintf(p, "\\pipe\\%s", fname);
+	NT_STATUS_HAVE_NO_MEMORY(p->pipe_name);
+
+	p->handle = h;
+	p->ipriv = ipriv;
+
+	p->write_queue = tevent_queue_create(p, "ipc_write_queue");
+	NT_STATUS_HAVE_NO_MEMORY(p->write_queue);
+
+	p->read_queue = tevent_queue_create(p, "ipc_read_queue");
+	NT_STATUS_HAVE_NO_MEMORY(p->read_queue);
+
+	state->ipriv = ipriv;
+	state->p = p;
+	state->req = req;
+	state->oi = oi;
+
+	status = auth_session_info_transport_from_session(state,
+							  req->session_info,
+							  ipriv->ntvfs->ctx->event_ctx,
+							  ipriv->ntvfs->ctx->lp_ctx,
+							  &state->session_info_transport);
+
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	local_server_addr = ntvfs_get_local_address(ipriv->ntvfs);
+	remote_client_addr = ntvfs_get_remote_address(ipriv->ntvfs);
+
+	subreq = tstream_npa_connect_send(p,
+					  ipriv->ntvfs->ctx->event_ctx,
+					  directory,
+					  fname,
+					  NCACN_NP,
+					  remote_client_addr,
+					  NULL,
+					  local_server_addr,
+					  NULL,
+					  state->session_info_transport);
+	NT_STATUS_HAVE_NO_MEMORY(subreq);
+	tevent_req_set_callback(subreq, ipc_open_done, state);
+
+	req->async_states->state |= NTVFS_ASYNC_STATE_ASYNC;
+	return NT_STATUS_OK;
+}
+
+static void ipc_open_done(struct tevent_req *subreq)
+{
+	struct ipc_open_state *state = tevent_req_callback_data(subreq,
+				       struct ipc_open_state);
+	struct ipc_private *ipriv = state->ipriv;
+	struct pipe_state *p = state->p;
+	struct ntvfs_request *req = state->req;
+	union smb_open *oi = state->oi;
+	int ret;
+	int sys_errno;
+	NTSTATUS status;
+
+	ret = tstream_npa_connect_recv(subreq, &sys_errno,
+				       p, &p->npipe,
+				       &p->file_type,
+				       &p->device_state,
+				       &p->allocation_size);
+	TALLOC_FREE(subreq);
+	if (ret == -1) {
+		status = map_nt_error_from_unix_common(sys_errno);
+		goto reply;
+	}
+
+	DLIST_ADD(ipriv->pipe_list, p);
+	talloc_set_destructor(p, ipc_fd_destructor);
+
+	status = ntvfs_handle_set_backend_data(p->handle, ipriv->ntvfs, p);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto reply;
+	}
+
+	switch (oi->generic.level) {
+	case RAW_OPEN_NTCREATEX:
+		ZERO_STRUCT(oi->ntcreatex.out);
+		oi->ntcreatex.out.file.ntvfs	= p->handle;
+		oi->ntcreatex.out.oplock_level	= 0;
+		oi->ntcreatex.out.create_action	= NTCREATEX_ACTION_EXISTED;
+		oi->ntcreatex.out.create_time	= 0;
+		oi->ntcreatex.out.access_time	= 0;
+		oi->ntcreatex.out.write_time	= 0;
+		oi->ntcreatex.out.change_time	= 0;
+		oi->ntcreatex.out.attrib	= FILE_ATTRIBUTE_NORMAL;
+		oi->ntcreatex.out.alloc_size	= p->allocation_size;
+		oi->ntcreatex.out.size		= 0;
+		oi->ntcreatex.out.file_type	= p->file_type;
+		oi->ntcreatex.out.ipc_state	= p->device_state;
+		oi->ntcreatex.out.is_directory	= 0;
+		break;
+	case RAW_OPEN_OPENX:
+		ZERO_STRUCT(oi->openx.out);
+		oi->openx.out.file.ntvfs	= p->handle;
+		oi->openx.out.attrib		= FILE_ATTRIBUTE_NORMAL;
+		oi->openx.out.write_time	= 0;
+		oi->openx.out.size		= 0;
+		oi->openx.out.access		= 0;
+		oi->openx.out.ftype		= p->file_type;
+		oi->openx.out.devstate		= p->device_state;
+		oi->openx.out.action		= 0;
+		oi->openx.out.unique_fid	= 0;
+		oi->openx.out.access_mask	= 0;
+		oi->openx.out.unknown		= 0;
+		break;
+	case RAW_OPEN_SMB2:
+		ZERO_STRUCT(oi->smb2.out);
+		oi->smb2.out.file.ntvfs		= p->handle;
+		oi->smb2.out.oplock_level	= oi->smb2.in.oplock_level;
+		oi->smb2.out.create_action	= NTCREATEX_ACTION_EXISTED;
+		oi->smb2.out.create_time	= 0;
+		oi->smb2.out.access_time	= 0;
+		oi->smb2.out.write_time		= 0;
+		oi->smb2.out.change_time	= 0;
+		oi->smb2.out.alloc_size		= p->allocation_size;
+		oi->smb2.out.size		= 0;
+		oi->smb2.out.file_attr		= FILE_ATTRIBUTE_NORMAL;
+		oi->smb2.out.reserved2		= 0;
+		break;
+	default:
+		break;
+	}
+
+reply:
+	req->async_states->status = status;
+	req->async_states->send_fn(req);
+}
+
+/*
+  create a directory
+*/
+static NTSTATUS ipc_mkdir(struct ntvfs_module_context *ntvfs,
+			  struct ntvfs_request *req, union smb_mkdir *md)
+{
+	return NT_STATUS_ACCESS_DENIED;
+}
+
+/*
+  remove a directory
+*/
+static NTSTATUS ipc_rmdir(struct ntvfs_module_context *ntvfs,
+			  struct ntvfs_request *req, struct smb_rmdir *rd)
+{
+	return NT_STATUS_ACCESS_DENIED;
+}
+
+/*
+  rename a set of files
+*/
+static NTSTATUS ipc_rename(struct ntvfs_module_context *ntvfs,
+			   struct ntvfs_request *req, union smb_rename *ren)
+{
+	return NT_STATUS_ACCESS_DENIED;
+}
+
+/*
+  copy a set of files
+*/
+static NTSTATUS ipc_copy(struct ntvfs_module_context *ntvfs,
+			 struct ntvfs_request *req, struct smb_copy *cp)
+{
+	return NT_STATUS_ACCESS_DENIED;
+}
+
+struct ipc_readv_next_vector_state {
+	uint8_t *buf;
+	size_t len;
+	off_t ofs;
+	size_t remaining;
+};
+
+static void ipc_readv_next_vector_init(struct ipc_readv_next_vector_state *s,
+				       uint8_t *buf, size_t len)
+{
+	ZERO_STRUCTP(s);
+
+	s->buf = buf;
+	s->len = MIN(len, UINT16_MAX);
+}
+
+static int ipc_readv_next_vector(struct tstream_context *stream,
+				 void *private_data,
+				 TALLOC_CTX *mem_ctx,
+				 struct iovec **_vector,
+				 size_t *count)
+{
+	struct ipc_readv_next_vector_state *state =
+		(struct ipc_readv_next_vector_state *)private_data;
+	struct iovec *vector;
+	ssize_t pending;
+	size_t wanted;
+
+	if (state->ofs == state->len) {
+		*_vector = NULL;
+		*count = 0;
+		return 0;
+	}
+
+	pending = tstream_pending_bytes(stream);
+	if (pending == -1) {
+		return -1;
+	}
+
+	if (pending == 0 && state->ofs != 0) {
+		/* return a short read */
+		*_vector = NULL;
+		*count = 0;
+		return 0;
+	}
+
+	if (pending == 0) {
+		/* we want at least one byte and recheck again */
+		wanted = 1;
+	} else {
+		size_t missing = state->len - state->ofs;
+		if (pending > missing) {
+			/* there's more available */
+			state->remaining = pending - missing;
+			wanted = missing;
+		} else {
+			/* read what we can get and recheck in the next cycle */
+			wanted = pending;
+		}
+	}
+
+	vector = talloc_array(mem_ctx, struct iovec, 1);
+	if (!vector) {
+		return -1;
+	}
+
+	vector[0].iov_base = (char *) (state->buf + state->ofs);
+	vector[0].iov_len = wanted;
+
+	state->ofs += wanted;
+
+	*_vector = vector;
+	*count = 1;
+	return 0;
+}
+
+struct ipc_read_state {
+	struct ipc_private *ipriv;
+	struct pipe_state *p;
+	struct ntvfs_request *req;
+	union smb_read *rd;
+	struct ipc_readv_next_vector_state next_vector;
+};
+
+static void ipc_read_done(struct tevent_req *subreq);
+
+/*
+  read from a file
+*/
+static NTSTATUS ipc_read(struct ntvfs_module_context *ntvfs,
+			 struct ntvfs_request *req, union smb_read *rd)
+{
+	struct ipc_private *ipriv = talloc_get_type_abort(ntvfs->private_data,
+				    struct ipc_private);
+	struct pipe_state *p;
+	struct ipc_read_state *state;
+	struct tevent_req *subreq;
+
+	if (rd->generic.level != RAW_READ_GENERIC) {
+		return ntvfs_map_read(ntvfs, req, rd);
+	}
+
+	p = pipe_state_find(ipriv, rd->readx.in.file.ntvfs);
+	if (!p) {
+		return NT_STATUS_INVALID_HANDLE;
+	}
+
+	state = talloc(req, struct ipc_read_state);
+	NT_STATUS_HAVE_NO_MEMORY(state);
+
+	state->ipriv = ipriv;
+	state->p = p;
+	state->req = req;
+	state->rd = rd;
+
+	/* rd->readx.out.data is already allocated */
+	ipc_readv_next_vector_init(&state->next_vector,
+				   rd->readx.out.data,
+				   rd->readx.in.maxcnt);
+
+	subreq = tstream_readv_pdu_queue_send(req,
+					      ipriv->ntvfs->ctx->event_ctx,
+					      p->npipe,
+					      p->read_queue,
+					      ipc_readv_next_vector,
+					      &state->next_vector);
+	NT_STATUS_HAVE_NO_MEMORY(subreq);
+	tevent_req_set_callback(subreq, ipc_read_done, state);
+
+	req->async_states->state |= NTVFS_ASYNC_STATE_ASYNC;
+	return NT_STATUS_OK;
+}
+
+static void ipc_read_done(struct tevent_req *subreq)
+{
+	struct ipc_read_state *state =
+		tevent_req_callback_data(subreq,
+		struct ipc_read_state);
+	struct ntvfs_request *req = state->req;
+	union smb_read *rd = state->rd;
+	int ret;
+	int sys_errno;
+	NTSTATUS status;
+
+	ret = tstream_readv_pdu_queue_recv(subreq, &sys_errno);
+	TALLOC_FREE(subreq);
+	if (ret == -1) {
+		status = map_nt_error_from_unix_common(sys_errno);
+		goto reply;
+	}
+
+	status = NT_STATUS_OK;
+	if (state->next_vector.remaining > 0) {
+		status = STATUS_BUFFER_OVERFLOW;
+	}
+
+	rd->readx.out.remaining = state->next_vector.remaining;
+	rd->readx.out.compaction_mode = 0;
+	rd->readx.out.nread = ret;
+
+reply:
+	req->async_states->status = status;
+	req->async_states->send_fn(req);
+}
+
+struct ipc_write_state {
+	struct ipc_private *ipriv;
+	struct pipe_state *p;
+	struct ntvfs_request *req;
+	union smb_write *wr;
+	struct iovec iov;
+};
+
+static void ipc_write_done(struct tevent_req *subreq);
+
+/*
+  write to a file
+*/
+static NTSTATUS ipc_write(struct ntvfs_module_context *ntvfs,
+			  struct ntvfs_request *req, union smb_write *wr)
+{
+	struct ipc_private *ipriv = talloc_get_type_abort(ntvfs->private_data,
+				    struct ipc_private);
+	struct pipe_state *p;
+	struct tevent_req *subreq;
+	struct ipc_write_state *state;
+
+	if (wr->generic.level != RAW_WRITE_GENERIC) {
+		return ntvfs_map_write(ntvfs, req, wr);
+	}
+
+	p = pipe_state_find(ipriv, wr->writex.in.file.ntvfs);
+	if (!p) {
+		return NT_STATUS_INVALID_HANDLE;
+	}
+
+	state = talloc(req, struct ipc_write_state);
+	NT_STATUS_HAVE_NO_MEMORY(state);
+
+	state->ipriv = ipriv;
+	state->p = p;
+	state->req = req;
+	state->wr = wr;
+	state->iov.iov_base = discard_const_p(void, wr->writex.in.data);
+	state->iov.iov_len = wr->writex.in.count;
+
+	subreq = tstream_writev_queue_send(state,
+					   ipriv->ntvfs->ctx->event_ctx,
+					   p->npipe,
+					   p->write_queue,
+					   &state->iov, 1);
+	NT_STATUS_HAVE_NO_MEMORY(subreq);
+	tevent_req_set_callback(subreq, ipc_write_done, state);
+
+	req->async_states->state |= NTVFS_ASYNC_STATE_ASYNC;
+	return NT_STATUS_OK;
+}
+
+static void ipc_write_done(struct tevent_req *subreq)
+{
+	struct ipc_write_state *state =
+		tevent_req_callback_data(subreq,
+		struct ipc_write_state);
+	struct ntvfs_request *req = state->req;
+	union smb_write *wr = state->wr;
+	int ret;
+	int sys_errno;
+	NTSTATUS status;
+
+	ret = tstream_writev_queue_recv(subreq, &sys_errno);
+	TALLOC_FREE(subreq);
+	if (ret == -1) {
+		status = map_nt_error_from_unix_common(sys_errno);
+		goto reply;
+	}
+
+	status = NT_STATUS_OK;
+
+	wr->writex.out.nwritten = ret;
+	wr->writex.out.remaining = 0;
+
+reply:
+	req->async_states->status = status;
+	req->async_states->send_fn(req);
+}
+
+/*
+  seek in a file
+*/
+static NTSTATUS ipc_seek(struct ntvfs_module_context *ntvfs,
+			 struct ntvfs_request *req,
+			 union smb_seek *io)
+{
+	return NT_STATUS_ACCESS_DENIED;
+}
+
+/*
+  flush a file
+*/
+static NTSTATUS ipc_flush(struct ntvfs_module_context *ntvfs,
+			  struct ntvfs_request *req,
+			  union smb_flush *io)
+{
+	return NT_STATUS_ACCESS_DENIED;
+}
+
+/*
+  close a file
+*/
+static NTSTATUS ipc_close(struct ntvfs_module_context *ntvfs,
+			  struct ntvfs_request *req, union smb_close *io)
+{
+	struct ipc_private *ipriv = talloc_get_type_abort(ntvfs->private_data,
+				    struct ipc_private);
+	struct pipe_state *p;
+
+	if (io->generic.level != RAW_CLOSE_GENERIC) {
+		return ntvfs_map_close(ntvfs, req, io);
+	}
+
+	ZERO_STRUCT(io->generic.out);
+
+	p = pipe_state_find(ipriv, io->generic.in.file.ntvfs);
+	if (!p) {
+		return NT_STATUS_INVALID_HANDLE;
+	}
+
+	talloc_free(p);
+
+	return NT_STATUS_OK;
+}
+
+/*
+  exit - closing files
+*/
+static NTSTATUS ipc_exit(struct ntvfs_module_context *ntvfs,
+			 struct ntvfs_request *req)
+{
+	struct ipc_private *ipriv = talloc_get_type_abort(ntvfs->private_data,
+				    struct ipc_private);
+	struct pipe_state *p, *next;
+	
+	for (p=ipriv->pipe_list; p; p=next) {
+		next = p->next;
+		if (p->handle->session_info == req->session_info &&
+		    p->handle->smbpid == req->smbpid) {
+			talloc_free(p);
+		}
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  logoff - closing files open by the user
+*/
+static NTSTATUS ipc_logoff(struct ntvfs_module_context *ntvfs,
+			   struct ntvfs_request *req)
+{
+	struct ipc_private *ipriv = talloc_get_type_abort(ntvfs->private_data,
+				    struct ipc_private);
+	struct pipe_state *p, *next;
+	
+	for (p=ipriv->pipe_list; p; p=next) {
+		next = p->next;
+		if (p->handle->session_info == req->session_info) {
+			talloc_free(p);
+		}
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  setup for an async call
+*/
+static NTSTATUS ipc_async_setup(struct ntvfs_module_context *ntvfs,
+				struct ntvfs_request *req,
+				void *private_data)
+{
+	return NT_STATUS_OK;
+}
+
+/*
+  cancel an async call
+*/
+static NTSTATUS ipc_cancel(struct ntvfs_module_context *ntvfs,
+			   struct ntvfs_request *req)
+{
+	return NT_STATUS_UNSUCCESSFUL;
+}
+
+/*
+  lock a byte range
+*/
+static NTSTATUS ipc_lock(struct ntvfs_module_context *ntvfs,
+			 struct ntvfs_request *req, union smb_lock *lck)
+{
+	return NT_STATUS_ACCESS_DENIED;
+}
+
+/*
+  set info on a open file
+*/
+static NTSTATUS ipc_setfileinfo(struct ntvfs_module_context *ntvfs,
+				struct ntvfs_request *req, union smb_setfileinfo *info)
+{
+	return NT_STATUS_ACCESS_DENIED;
+}
+
+/*
+  query info on a open file
+*/
+static NTSTATUS ipc_qfileinfo(struct ntvfs_module_context *ntvfs,
+			      struct ntvfs_request *req, union smb_fileinfo *info)
+{
+	struct ipc_private *ipriv = talloc_get_type_abort(ntvfs->private_data,
+				    struct ipc_private);
+	struct pipe_state *p = pipe_state_find(ipriv, info->generic.in.file.ntvfs);
+	if (!p) {
+		return NT_STATUS_INVALID_HANDLE;
+	}
+	switch (info->generic.level) {
+	case RAW_FILEINFO_GENERIC: 
+	{
+		ZERO_STRUCT(info->generic.out);
+		info->generic.out.attrib = FILE_ATTRIBUTE_NORMAL;
+		info->generic.out.fname.s = strrchr(p->pipe_name, '\\');
+		info->generic.out.alloc_size = 4096;
+		info->generic.out.nlink = 1;
+		/* What the heck?  Match Win2k3: IPC$ pipes are delete pending */
+		info->generic.out.delete_pending = 1;
+		return NT_STATUS_OK;
+	}
+	case RAW_FILEINFO_ALT_NAME_INFO:
+	case RAW_FILEINFO_ALT_NAME_INFORMATION:
+	case RAW_FILEINFO_STREAM_INFO:
+	case RAW_FILEINFO_STREAM_INFORMATION:
+	case RAW_FILEINFO_COMPRESSION_INFO:
+	case RAW_FILEINFO_COMPRESSION_INFORMATION:
+	case RAW_FILEINFO_NETWORK_OPEN_INFORMATION:
+	case RAW_FILEINFO_ATTRIBUTE_TAG_INFORMATION:
+		return NT_STATUS_INVALID_PARAMETER;
+	case  RAW_FILEINFO_ALL_EAS:
+		return NT_STATUS_ACCESS_DENIED;
+	default:
+		return ntvfs_map_qfileinfo(ntvfs, req, info);
+	}
+}
+
+
+/*
+  return filesystem info
+*/
+static NTSTATUS ipc_fsinfo(struct ntvfs_module_context *ntvfs,
+			   struct ntvfs_request *req, union smb_fsinfo *fs)
+{
+	return NT_STATUS_ACCESS_DENIED;
+}
+
+/*
+  return print queue info
+*/
+static NTSTATUS ipc_lpq(struct ntvfs_module_context *ntvfs,
+			struct ntvfs_request *req, union smb_lpq *lpq)
+{
+	return NT_STATUS_ACCESS_DENIED;
+}
+
+/* 
+   list files in a directory matching a wildcard pattern
+*/
+static NTSTATUS ipc_search_first(struct ntvfs_module_context *ntvfs,
+			  struct ntvfs_request *req, union smb_search_first *io,
+			  void *search_private, 
+			  bool (*callback)(void *, const union smb_search_data *))
+{
+	return NT_STATUS_ACCESS_DENIED;
+}
+
+/* 
+   continue listing files in a directory 
+*/
+static NTSTATUS ipc_search_next(struct ntvfs_module_context *ntvfs,
+			 struct ntvfs_request *req, union smb_search_next *io,
+			 void *search_private, 
+			 bool (*callback)(void *, const union smb_search_data *))
+{
+	return NT_STATUS_ACCESS_DENIED;
+}
+
+/* 
+   end listing files in a directory 
+*/
+static NTSTATUS ipc_search_close(struct ntvfs_module_context *ntvfs,
+			  struct ntvfs_request *req, union smb_search_close *io)
+{
+	return NT_STATUS_ACCESS_DENIED;
+}
+
+struct ipc_trans_state {
+	struct ipc_private *ipriv;
+	struct pipe_state *p;
+	struct ntvfs_request *req;
+	struct smb_trans2 *trans;
+	struct iovec writev_iov;
+	struct ipc_readv_next_vector_state next_vector;
+};
+
+static void ipc_trans_writev_done(struct tevent_req *subreq);
+static void ipc_trans_readv_done(struct tevent_req *subreq);
+
+/* SMBtrans - handle a DCERPC command */
+static NTSTATUS ipc_dcerpc_cmd(struct ntvfs_module_context *ntvfs,
+			       struct ntvfs_request *req, struct smb_trans2 *trans)
+{
+	struct ipc_private *ipriv = talloc_get_type_abort(ntvfs->private_data,
+				    struct ipc_private);
+	struct pipe_state *p;
+	DATA_BLOB fnum_key;
+	uint16_t fnum;
+	struct ipc_trans_state *state;
+	struct tevent_req *subreq;
+
+	/*
+	 * the fnum is in setup[1], a 16 bit value
+	 * the setup[*] values are already in host byteorder
+	 * but ntvfs_handle_search_by_wire_key() expects
+	 * network byteorder
+	 */
+	SSVAL(&fnum, 0, trans->in.setup[1]);
+	fnum_key = data_blob_const(&fnum, 2);
+
+	p = pipe_state_find_key(ipriv, req, &fnum_key);
+	if (!p) {
+		return NT_STATUS_INVALID_HANDLE;
+	}
+
+	/*
+	 * Trans requests are only allowed
+	 * if no other Trans or Read is active
+	 */
+	if (tevent_queue_length(p->read_queue) > 0) {
+		return NT_STATUS_PIPE_BUSY;
+	}
+
+	state = talloc(req, struct ipc_trans_state);
+	NT_STATUS_HAVE_NO_MEMORY(state);
+
+	trans->out.setup_count = 0;
+	trans->out.setup = NULL;
+	trans->out.params = data_blob(NULL, 0);
+	trans->out.data = data_blob_talloc(req, NULL, trans->in.max_data);
+	NT_STATUS_HAVE_NO_MEMORY(trans->out.data.data);
+
+	state->ipriv = ipriv;
+	state->p = p;
+	state->req = req;
+	state->trans = trans;
+	state->writev_iov.iov_base = (char *) trans->in.data.data;
+	state->writev_iov.iov_len = trans->in.data.length;
+
+	ipc_readv_next_vector_init(&state->next_vector,
+				   trans->out.data.data,
+				   trans->out.data.length);
+
+	subreq = tstream_writev_queue_send(state,
+					   ipriv->ntvfs->ctx->event_ctx,
+					   p->npipe,
+					   p->write_queue,
+					   &state->writev_iov, 1);
+	NT_STATUS_HAVE_NO_MEMORY(subreq);
+	tevent_req_set_callback(subreq, ipc_trans_writev_done, state);
+
+	req->async_states->state |= NTVFS_ASYNC_STATE_ASYNC;
+	return NT_STATUS_OK;
+}
+
+static void ipc_trans_writev_done(struct tevent_req *subreq)
+{
+	struct ipc_trans_state *state =
+		tevent_req_callback_data(subreq,
+		struct ipc_trans_state);
+	struct ipc_private *ipriv = state->ipriv;
+	struct pipe_state *p = state->p;
+	struct ntvfs_request *req = state->req;
+	int ret;
+	int sys_errno;
+	NTSTATUS status;
+
+	ret = tstream_writev_queue_recv(subreq, &sys_errno);
+	TALLOC_FREE(subreq);
+	if (ret == 0) {
+		status = NT_STATUS_PIPE_DISCONNECTED;
+		goto reply;
+	} else if (ret == -1) {
+		status = map_nt_error_from_unix_common(sys_errno);
+		goto reply;
+	}
+
+	subreq = tstream_readv_pdu_queue_send(state,
+					      ipriv->ntvfs->ctx->event_ctx,
+					      p->npipe,
+					      p->read_queue,
+					      ipc_readv_next_vector,
+					      &state->next_vector);
+	if (!subreq) {
+		status = NT_STATUS_NO_MEMORY;
+		goto reply;
+	}
+	tevent_req_set_callback(subreq, ipc_trans_readv_done, state);
+	return;
+
+reply:
+	req->async_states->status = status;
+	req->async_states->send_fn(req);
+}
+
+static void ipc_trans_readv_done(struct tevent_req *subreq)
+{
+	struct ipc_trans_state *state =
+		tevent_req_callback_data(subreq,
+		struct ipc_trans_state);
+	struct ntvfs_request *req = state->req;
+	struct smb_trans2 *trans = state->trans;
+	int ret;
+	int sys_errno;
+	NTSTATUS status;
+
+	ret = tstream_readv_pdu_queue_recv(subreq, &sys_errno);
+	TALLOC_FREE(subreq);
+	if (ret == -1) {
+		status = map_nt_error_from_unix_common(sys_errno);
+		goto reply;
+	}
+
+	status = NT_STATUS_OK;
+	if (state->next_vector.remaining > 0) {
+		status = STATUS_BUFFER_OVERFLOW;
+	}
+
+	trans->out.data.length = ret;
+
+reply:
+	req->async_states->status = status;
+	req->async_states->send_fn(req);
+}
+
+/* SMBtrans - set named pipe state */
+static NTSTATUS ipc_set_nm_pipe_state(struct ntvfs_module_context *ntvfs,
+				      struct ntvfs_request *req, struct smb_trans2 *trans)
+{
+	struct ipc_private *ipriv = talloc_get_type_abort(ntvfs->private_data,
+				    struct ipc_private);
+	struct pipe_state *p;
+	DATA_BLOB fnum_key;
+
+	/* the fnum is in setup[1] */
+	fnum_key = data_blob_const(&trans->in.setup[1], sizeof(trans->in.setup[1]));
+
+	p = pipe_state_find_key(ipriv, req, &fnum_key);
+	if (!p) {
+		return NT_STATUS_INVALID_HANDLE;
+	}
+
+	if (trans->in.params.length != 2) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/*
+	 * TODO: pass this to the tstream_npa logic
+	 */
+	p->device_state = SVAL(trans->in.params.data, 0);
+
+	trans->out.setup_count = 0;
+	trans->out.setup = NULL;
+	trans->out.params = data_blob(NULL, 0);
+	trans->out.data = data_blob(NULL, 0);
+
+	return NT_STATUS_OK;
+}
+
+
+/* SMBtrans - used to provide access to SMB pipes */
+static NTSTATUS ipc_trans(struct ntvfs_module_context *ntvfs,
+				struct ntvfs_request *req, struct smb_trans2 *trans)
+{
+	NTSTATUS status;
+
+	if (strequal(trans->in.trans_name, "\\PIPE\\LANMAN"))
+		return ipc_rap_call(req, ntvfs->ctx->event_ctx, ntvfs->ctx->lp_ctx, trans);
+
+       	if (trans->in.setup_count != 2) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	switch (trans->in.setup[0]) {
+	case TRANSACT_SETNAMEDPIPEHANDLESTATE:
+		status = ipc_set_nm_pipe_state(ntvfs, req, trans);
+		break;
+	case TRANSACT_DCERPCCMD:
+		status = ipc_dcerpc_cmd(ntvfs, req, trans);
+		break;
+	default:
+		status = NT_STATUS_INVALID_PARAMETER;
+		break;
+	}
+
+	return status;
+}
+
+struct ipc_ioctl_state {
+	struct ipc_private *ipriv;
+	struct pipe_state *p;
+	struct ntvfs_request *req;
+	union smb_ioctl *io;
+	struct iovec writev_iov;
+	struct ipc_readv_next_vector_state next_vector;
+};
+
+static void ipc_ioctl_writev_done(struct tevent_req *subreq);
+static void ipc_ioctl_readv_done(struct tevent_req *subreq);
+
+static NTSTATUS ipc_ioctl_smb2(struct ntvfs_module_context *ntvfs,
+			       struct ntvfs_request *req, union smb_ioctl *io)
+{
+	struct ipc_private *ipriv = talloc_get_type_abort(ntvfs->private_data,
+				    struct ipc_private);
+	struct pipe_state *p;
+	struct ipc_ioctl_state *state;
+	struct tevent_req *subreq;
+
+	switch (io->smb2.in.function) {
+	case FSCTL_NAMED_PIPE_READ_WRITE:
+		break;
+
+	default:
+		return NT_STATUS_FS_DRIVER_REQUIRED;
+	}
+
+	p = pipe_state_find(ipriv, io->smb2.in.file.ntvfs);
+	if (!p) {
+		return NT_STATUS_INVALID_HANDLE;
+	}
+
+	/*
+	 * Trans requests are only allowed
+	 * if no other Trans or Read is active
+	 */
+	if (tevent_queue_length(p->read_queue) > 0) {
+		return NT_STATUS_PIPE_BUSY;
+	}
+
+	state = talloc(req, struct ipc_ioctl_state);
+	NT_STATUS_HAVE_NO_MEMORY(state);
+
+	io->smb2.out.reserved	= 0;
+	io->smb2.out.function	= io->smb2.in.function;
+	io->smb2.out.flags	= 0;
+	io->smb2.out.reserved2	= 0;
+	io->smb2.out.in		= data_blob_null;
+	io->smb2.out.out = data_blob_talloc(req, NULL, io->smb2.in.max_output_response);
+	NT_STATUS_HAVE_NO_MEMORY(io->smb2.out.out.data);
+
+	state->ipriv = ipriv;
+	state->p = p;
+	state->req = req;
+	state->io = io;
+	state->writev_iov.iov_base = (char *) io->smb2.in.out.data;
+	state->writev_iov.iov_len = io->smb2.in.out.length;
+
+	ipc_readv_next_vector_init(&state->next_vector,
+				   io->smb2.out.out.data,
+				   io->smb2.out.out.length);
+
+	subreq = tstream_writev_queue_send(state,
+					   ipriv->ntvfs->ctx->event_ctx,
+					   p->npipe,
+					   p->write_queue,
+					   &state->writev_iov, 1);
+	NT_STATUS_HAVE_NO_MEMORY(subreq);
+	tevent_req_set_callback(subreq, ipc_ioctl_writev_done, state);
+
+	req->async_states->state |= NTVFS_ASYNC_STATE_ASYNC;
+	return NT_STATUS_OK;
+}
+
+static void ipc_ioctl_writev_done(struct tevent_req *subreq)
+{
+	struct ipc_ioctl_state *state =
+		tevent_req_callback_data(subreq,
+		struct ipc_ioctl_state);
+	struct ipc_private *ipriv = state->ipriv;
+	struct pipe_state *p = state->p;
+	struct ntvfs_request *req = state->req;
+	int ret;
+	int sys_errno;
+	NTSTATUS status;
+
+	ret = tstream_writev_queue_recv(subreq, &sys_errno);
+	TALLOC_FREE(subreq);
+	if (ret == -1) {
+		status = map_nt_error_from_unix_common(sys_errno);
+		goto reply;
+	}
+
+	subreq = tstream_readv_pdu_queue_send(state,
+					      ipriv->ntvfs->ctx->event_ctx,
+					      p->npipe,
+					      p->read_queue,
+					      ipc_readv_next_vector,
+					      &state->next_vector);
+	if (!subreq) {
+		status = NT_STATUS_NO_MEMORY;
+		goto reply;
+	}
+	tevent_req_set_callback(subreq, ipc_ioctl_readv_done, state);
+	return;
+
+reply:
+	req->async_states->status = status;
+	req->async_states->send_fn(req);
+}
+
+static void ipc_ioctl_readv_done(struct tevent_req *subreq)
+{
+	struct ipc_ioctl_state *state =
+		tevent_req_callback_data(subreq,
+		struct ipc_ioctl_state);
+	struct ntvfs_request *req = state->req;
+	union smb_ioctl *io = state->io;
+	int ret;
+	int sys_errno;
+	NTSTATUS status;
+
+	ret = tstream_readv_pdu_queue_recv(subreq, &sys_errno);
+	TALLOC_FREE(subreq);
+	if (ret == -1) {
+		status = map_nt_error_from_unix_common(sys_errno);
+		goto reply;
+	}
+
+	status = NT_STATUS_OK;
+	if (state->next_vector.remaining > 0) {
+		status = STATUS_BUFFER_OVERFLOW;
+	}
+
+	io->smb2.out.out.length = ret;
+
+reply:
+	req->async_states->status = status;
+	req->async_states->send_fn(req);
+}
+
+/*
+  ioctl interface
+*/
+static NTSTATUS ipc_ioctl(struct ntvfs_module_context *ntvfs,
+			  struct ntvfs_request *req, union smb_ioctl *io)
+{
+	switch (io->generic.level) {
+	case RAW_IOCTL_SMB2:
+		return ipc_ioctl_smb2(ntvfs, req, io);
+
+	case RAW_IOCTL_SMB2_NO_HANDLE:
+		return NT_STATUS_FS_DRIVER_REQUIRED;
+
+	default:
+		return NT_STATUS_ACCESS_DENIED;
+	}
+}
+
+
+/*
+  initialise the IPC backend, registering ourselves with the ntvfs subsystem
+ */
+NTSTATUS ntvfs_ipc_init(TALLOC_CTX *ctx)
+{
+	NTSTATUS ret;
+	struct ntvfs_ops ops;
+	NTVFS_CURRENT_CRITICAL_SIZES(vers);
+
+	ZERO_STRUCT(ops);
+	
+	/* fill in the name and type */
+	ops.name = "default";
+	ops.type = NTVFS_IPC;
+
+	/* fill in all the operations */
+	ops.connect_fn = ipc_connect;
+	ops.disconnect_fn = ipc_disconnect;
+	ops.unlink_fn = ipc_unlink;
+	ops.chkpath_fn = ipc_chkpath;
+	ops.qpathinfo_fn = ipc_qpathinfo;
+	ops.setpathinfo_fn = ipc_setpathinfo;
+	ops.open_fn = ipc_open;
+	ops.mkdir_fn = ipc_mkdir;
+	ops.rmdir_fn = ipc_rmdir;
+	ops.rename_fn = ipc_rename;
+	ops.copy_fn = ipc_copy;
+	ops.ioctl_fn = ipc_ioctl;
+	ops.read_fn = ipc_read;
+	ops.write_fn = ipc_write;
+	ops.seek_fn = ipc_seek;
+	ops.flush_fn = ipc_flush;
+	ops.close_fn = ipc_close;
+	ops.exit_fn = ipc_exit;
+	ops.lock_fn = ipc_lock;
+	ops.setfileinfo_fn = ipc_setfileinfo;
+	ops.qfileinfo_fn = ipc_qfileinfo;
+	ops.fsinfo_fn = ipc_fsinfo;
+	ops.lpq_fn = ipc_lpq;
+	ops.search_first_fn = ipc_search_first;
+	ops.search_next_fn = ipc_search_next;
+	ops.search_close_fn = ipc_search_close;
+	ops.trans_fn = ipc_trans;
+	ops.logoff_fn = ipc_logoff;
+	ops.async_setup_fn = ipc_async_setup;
+	ops.cancel_fn = ipc_cancel;
+
+	/* register ourselves with the NTVFS subsystem. */
+	ret = ntvfs_register(&ops, &vers);
+
+	if (!NT_STATUS_IS_OK(ret)) {
+		DEBUG(0,("Failed to register IPC backend!\n"));
+		return ret;
+	}
+
+	return ret;
+}
diff --git a/source4/ntvfs/ntvfs.h b/source4/ntvfs/ntvfs.h
new file mode 100644
index 0000000..b459579
--- /dev/null
+++ b/source4/ntvfs/ntvfs.h
@@ -0,0 +1,338 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NTVFS structures and defines
+   Copyright (C) Andrew Tridgell			2003
+   Copyright (C) Stefan Metzmacher			2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _NTVFS_H_
+#define _NTVFS_H_
+
+#include "libcli/raw/interfaces.h"
+#include "param/share.h"
+#include "librpc/gen_ndr/security.h"
+#include "librpc/gen_ndr/server_id.h"
+
+/* modules can use the following to determine if the interface has changed */
+/* version 1 -> 0 - make module stacking easier -- metze */
+#define NTVFS_INTERFACE_VERSION 0
+
+struct ntvfs_module_context;
+struct ntvfs_request;
+
+/* each backend has to be one one of the following 3 basic types. In
+   earlier versions of Samba backends needed to handle all types, now
+   we implement them separately.
+   The values 1..3 match the SMB2 SMB2_SHARE_TYPE_* values
+ */
+enum ntvfs_type {NTVFS_DISK=1, NTVFS_IPC=2, NTVFS_PRINT=3};
+
+/* the ntvfs operations structure - contains function pointers to 
+   the backend implementations of each operation */
+struct ntvfs_ops {
+	const char *name;
+	enum ntvfs_type type;
+
+	/* initial setup */
+	NTSTATUS (*connect_fn)(struct ntvfs_module_context *ntvfs,
+			    struct ntvfs_request *req,
+			    union smb_tcon *tcon);
+	NTSTATUS (*disconnect_fn)(struct ntvfs_module_context *ntvfs);
+
+	/* async_setup - called when a backend is processing a async request */
+	NTSTATUS (*async_setup_fn)(struct ntvfs_module_context *ntvfs,
+				struct ntvfs_request *req,
+				void *private_data);
+
+	/* filesystem operations */
+	NTSTATUS (*fsinfo_fn)(struct ntvfs_module_context *ntvfs,
+			   struct ntvfs_request *req,
+			   union smb_fsinfo *fs);
+
+	/* path operations */
+	NTSTATUS (*unlink_fn)(struct ntvfs_module_context *ntvfs,
+			   struct ntvfs_request *req,
+			   union smb_unlink *unl);
+	NTSTATUS (*chkpath_fn)(struct ntvfs_module_context *ntvfs,
+			    struct ntvfs_request *req,
+			    union smb_chkpath *cp);
+	NTSTATUS (*qpathinfo_fn)(struct ntvfs_module_context *ntvfs,
+			      struct ntvfs_request *req,
+			      union smb_fileinfo *st);
+	NTSTATUS (*setpathinfo_fn)(struct ntvfs_module_context *ntvfs,
+				struct ntvfs_request *req,
+				union smb_setfileinfo *st);
+	NTSTATUS (*mkdir_fn)(struct ntvfs_module_context *ntvfs,
+			  struct ntvfs_request *req,
+			  union smb_mkdir *md);
+	NTSTATUS (*rmdir_fn)(struct ntvfs_module_context *ntvfs,
+			  struct ntvfs_request *req,
+			  struct smb_rmdir *rd);
+	NTSTATUS (*rename_fn)(struct ntvfs_module_context *ntvfs,
+			   struct ntvfs_request *req,
+			   union smb_rename *ren);
+	NTSTATUS (*copy_fn)(struct ntvfs_module_context *ntvfs,
+			 struct ntvfs_request *req,
+			 struct smb_copy *cp);
+	NTSTATUS (*open_fn)(struct ntvfs_module_context *ntvfs,
+			 struct ntvfs_request *req,
+			 union smb_open *oi);
+
+	/* directory search */
+	NTSTATUS (*search_first_fn)(struct ntvfs_module_context *ntvfs,
+				 struct ntvfs_request *req,
+				 union smb_search_first *io, void *private_data,
+				 bool (*callback_fn)(void *private_data, const union smb_search_data *file));
+	NTSTATUS (*search_next_fn)(struct ntvfs_module_context *ntvfs,
+				struct ntvfs_request *req,
+				union smb_search_next *io, void *private_data,
+				bool (*callback_fn)(void *private_data, const union smb_search_data *file));
+	NTSTATUS (*search_close_fn)(struct ntvfs_module_context *ntvfs,
+				 struct ntvfs_request *req,
+				 union smb_search_close *io);
+
+	/* operations on open files */
+	NTSTATUS (*ioctl_fn)(struct ntvfs_module_context *ntvfs,
+			  struct ntvfs_request *req,
+			  union smb_ioctl *io);
+	NTSTATUS (*read_fn)(struct ntvfs_module_context *ntvfs,
+			 struct ntvfs_request *req,
+			 union smb_read *io);
+	NTSTATUS (*write_fn)(struct ntvfs_module_context *ntvfs,
+			  struct ntvfs_request *req,
+			  union smb_write *io);
+	NTSTATUS (*seek_fn)(struct ntvfs_module_context *ntvfs,
+			 struct ntvfs_request *req,
+			 union smb_seek *io);
+	NTSTATUS (*flush_fn)(struct ntvfs_module_context *ntvfs,
+			  struct ntvfs_request *req,
+			  union smb_flush *flush);
+	NTSTATUS (*lock_fn)(struct ntvfs_module_context *ntvfs,
+			 struct ntvfs_request *req,
+			 union smb_lock *lck);
+	NTSTATUS (*qfileinfo_fn)(struct ntvfs_module_context *ntvfs,
+			      struct ntvfs_request *req,
+			      union smb_fileinfo *info);
+	NTSTATUS (*setfileinfo_fn)(struct ntvfs_module_context *ntvfs,
+				struct ntvfs_request *req,
+				union smb_setfileinfo *info);
+	NTSTATUS (*close_fn)(struct ntvfs_module_context *ntvfs,
+			  struct ntvfs_request *req,
+			  union smb_close *io);
+
+	/* trans interface - used by IPC backend for pipes and RAP calls */
+	NTSTATUS (*trans_fn)(struct ntvfs_module_context *ntvfs,
+			  struct ntvfs_request *req,
+			  struct smb_trans2 *trans);
+
+	/* trans2 interface - only used by CIFS backend to prover complete passthru for testing */
+	NTSTATUS (*trans2_fn)(struct ntvfs_module_context *ntvfs,
+			   struct ntvfs_request *req,
+			   struct smb_trans2 *trans2);
+
+	/* change notify request */
+	NTSTATUS (*notify_fn)(struct ntvfs_module_context *ntvfs,
+			   struct ntvfs_request *req,
+			   union smb_notify *info);
+
+	/* cancel - cancels any pending async request */
+	NTSTATUS (*cancel_fn)(struct ntvfs_module_context *ntvfs,
+			   struct ntvfs_request *req);
+
+	/* printing specific operations */
+	NTSTATUS (*lpq_fn)(struct ntvfs_module_context *ntvfs,
+			struct ntvfs_request *req,
+			union smb_lpq *lpq);
+
+	/* logoff - called when a vuid is closed */
+	NTSTATUS (*logoff_fn)(struct ntvfs_module_context *ntvfs,
+			   struct ntvfs_request *req);
+	NTSTATUS (*exit_fn)(struct ntvfs_module_context *ntvfs,
+			 struct ntvfs_request *req);
+};
+
+struct ntvfs_module_context {
+	struct ntvfs_module_context *prev, *next;
+	struct ntvfs_context *ctx;
+	int depth;
+	const struct ntvfs_ops *ops;
+	void *private_data;
+};
+
+struct ntvfs_context {
+	enum ntvfs_type type;
+
+	/* the reported filesystem type */
+	char *fs_type;
+
+	/* the reported device type */
+	char *dev_type;
+
+	enum protocol_types protocol;
+
+	/*
+	 * client capabilities
+	 * this field doesn't use protocol specific
+	 * values!
+	 */
+#define NTVFS_CLIENT_CAP_LEVEL_II_OPLOCKS	0x0000000000000001LLU
+	uint64_t client_caps;
+
+	/* 
+	 * linked list of module contexts
+	 */
+	struct ntvfs_module_context *modules;
+
+	struct share_config *config;
+
+	struct server_id server_id;
+	struct loadparm_context *lp_ctx;
+	struct tevent_context *event_ctx;
+	struct imessaging_context *msg_ctx;
+
+	struct {
+		void *private_data;
+		NTSTATUS (*handler)(void *private_data, struct ntvfs_handle *handle, uint8_t level);
+	} oplock;
+
+	struct {
+		const struct tsocket_address *local_address;
+		const struct tsocket_address *remote_address;
+	} client;
+
+	struct {
+		void *private_data;
+		NTSTATUS (*create_new)(void *private_data, struct ntvfs_request *req, struct ntvfs_handle **h);
+		NTSTATUS (*make_valid)(void *private_data, struct ntvfs_handle *h);
+		void (*destroy)(void *private_data, struct ntvfs_handle *h);
+		struct ntvfs_handle *(*search_by_wire_key)(void *private_data,  struct ntvfs_request *req, const DATA_BLOB *key);
+		DATA_BLOB (*get_wire_key)(void *private_data, struct ntvfs_handle *handle, TALLOC_CTX *mem_ctx);
+	} handles;
+};
+
+/* a set of flags to control handling of request structures */
+#define NTVFS_ASYNC_STATE_ASYNC     (1<<1) /* the backend will answer this one later */
+#define NTVFS_ASYNC_STATE_MAY_ASYNC (1<<2) /* the backend is allowed to answer async */
+#define NTVFS_ASYNC_STATE_CLOSE     (1<<3) /* the backend session should be closed */
+
+/* the ntvfs_async_state structure allows backend functions to 
+   delay replying to requests. To use this, the front end must
+   set send_fn to a function to be called by the backend
+   when the reply is finally ready to be sent. The backend
+   must set status to the status it wants in the
+   reply. The backend must set the NTVFS_ASYNC_STATE_ASYNC
+   control_flag on the request to indicate that it wishes to
+   delay the reply
+
+   If NTVFS_ASYNC_STATE_MAY_ASYNC is not set then the backend cannot
+   ask for a delayed reply for this request
+
+   note that the private_data pointer is private to the layer which alloced this struct
+*/
+struct ntvfs_async_state {
+	struct ntvfs_async_state *prev, *next;
+	/* the async handling infos */
+	unsigned int state;
+	void *private_data;
+	void (*send_fn)(struct ntvfs_request *);
+	NTSTATUS status;
+
+	/* the passthru module's per session private data */
+	struct ntvfs_module_context *ntvfs;
+};
+
+struct ntvfs_request {
+	/* the ntvfs_context this requests belongs to */
+	struct ntvfs_context *ctx;
+
+	/* ntvfs per request async states */
+	struct ntvfs_async_state *async_states;
+
+	/* the session_info, with security_token and maybe delegated credentials */
+	struct auth_session_info *session_info;
+
+	/* the smb pid is needed for locking contexts */
+	uint32_t smbpid;
+
+	/*
+	 * client capabilities
+	 * this field doesn't use protocol specific
+	 * values!
+	 * see NTVFS_CLIENT_CAP_*
+	 */
+	uint64_t client_caps;
+
+	/* some statistics for the management tools */
+	struct {
+		/* the system time when the request arrived */
+		struct timeval request_time;
+	} statistics;
+
+	struct {
+		void *private_data;
+	} frontend_data;
+};
+
+struct ntvfs_handle {
+	struct ntvfs_context *ctx;
+
+	struct auth_session_info *session_info;
+
+	uint16_t smbpid;
+
+	struct ntvfs_handle_data {
+		struct ntvfs_handle_data *prev, *next;
+		struct ntvfs_module_context *owner;
+		void *private_data;/* this must be a valid talloc pointer */
+	} *backend_data;
+
+	struct {
+		void *private_data;
+	} frontend_data;
+};
+
+/* this structure is used by backends to determine the size of some critical types */
+struct ntvfs_critical_sizes {
+	int interface_version;
+	int sizeof_ntvfs_critical_sizes;
+	int sizeof_ntvfs_context;
+	int sizeof_ntvfs_module_context;
+	int sizeof_ntvfs_ops;
+	int sizeof_ntvfs_async_state;
+	int sizeof_ntvfs_request;
+	int sizeof_ntvfs_handle;
+	int sizeof_ntvfs_handle_data;
+};
+
+#define NTVFS_CURRENT_CRITICAL_SIZES(c) \
+    struct ntvfs_critical_sizes c = { \
+	.interface_version		= NTVFS_INTERFACE_VERSION, \
+	.sizeof_ntvfs_critical_sizes	= sizeof(struct ntvfs_critical_sizes), \
+	.sizeof_ntvfs_context		= sizeof(struct ntvfs_context), \
+	.sizeof_ntvfs_module_context	= sizeof(struct ntvfs_module_context), \
+	.sizeof_ntvfs_ops		= sizeof(struct ntvfs_ops), \
+	.sizeof_ntvfs_async_state	= sizeof(struct ntvfs_async_state), \
+	.sizeof_ntvfs_request		= sizeof(struct ntvfs_request), \
+	.sizeof_ntvfs_handle		= sizeof(struct ntvfs_handle), \
+	.sizeof_ntvfs_handle_data	= sizeof(struct ntvfs_handle_data), \
+    }
+
+struct imessaging_context;
+#include "librpc/gen_ndr/security.h"
+#include "librpc/gen_ndr/notify.h"
+#include "ntvfs/ntvfs_proto.h"
+
+#endif /* _NTVFS_H_ */
diff --git a/source4/ntvfs/ntvfs_base.c b/source4/ntvfs/ntvfs_base.c
new file mode 100644
index 0000000..5c438bb
--- /dev/null
+++ b/source4/ntvfs/ntvfs_base.c
@@ -0,0 +1,249 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NTVFS base code
+
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) Stefan (metze) Metzmacher 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+  this implements the core code for all NTVFS modules. Backends register themselves here.
+*/
+
+#include "includes.h"
+#include "../lib/util/dlinklist.h"
+#include "ntvfs/ntvfs.h"
+#include "param/param.h"
+#include "lib/util/samba_modules.h"
+
+/* the list of currently registered NTVFS backends, note that there
+ * can be more than one backend with the same name, as long as they
+ * have different typesx */
+static struct ntvfs_backend {
+	const struct ntvfs_ops *ops;
+} *backends = NULL;
+static int num_backends;
+
+/*
+  register a NTVFS backend. 
+
+  The 'name' can be later used by other backends to find the operations
+  structure for this backend.  
+
+  The 'type' is used to specify whether this is for a disk, printer or IPC$ share
+*/
+NTSTATUS ntvfs_register(const struct ntvfs_ops *ops,
+				 const struct ntvfs_critical_sizes *const sizes)
+{
+	struct ntvfs_ops *new_ops;
+
+	if (ntvfs_interface_differs(sizes)) {
+		DEBUG(0, ("NTVFS backend '%s' for type %d "
+			  "failed version check\n",
+			  ops->name, (int)ops->type));
+		return NT_STATUS_BAD_FUNCTION_TABLE;
+	}
+
+	if (ntvfs_backend_byname(ops->name, ops->type) != NULL) {
+		/* its already registered! */
+		DEBUG(0,("NTVFS backend '%s' for type %d already registered\n", 
+			 ops->name, (int)ops->type));
+		return NT_STATUS_OBJECT_NAME_COLLISION;
+	}
+
+	backends = realloc_p(backends, struct ntvfs_backend, num_backends+1);
+	if (!backends) {
+		smb_panic("out of memory in ntvfs_register");
+	}
+
+	new_ops = smb_xmemdup(ops, sizeof(*ops));
+	new_ops->name = smb_xstrdup(ops->name);
+
+	backends[num_backends].ops = new_ops;
+
+	num_backends++;
+
+	DEBUG(3,("NTVFS backend '%s' for type %d registered\n", 
+		 ops->name,ops->type));
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  return the operations structure for a named backend of the specified type
+*/
+const struct ntvfs_ops *ntvfs_backend_byname(const char *name, enum ntvfs_type type)
+{
+	int i;
+
+	for (i=0;i<num_backends;i++) {
+		if (backends[i].ops->type == type && 
+		    strcmp(backends[i].ops->name, name) == 0) {
+			return backends[i].ops;
+		}
+	}
+
+	return NULL;
+}
+
+
+/*
+  return the NTVFS interface version, and the size of some critical types
+  This can be used by backends to either detect compilation errors, or provide
+  multiple implementations for different smbd compilation options in one module
+*/
+
+static const NTVFS_CURRENT_CRITICAL_SIZES(critical_sizes);
+
+const struct ntvfs_critical_sizes *ntvfs_interface_version(void)
+{
+	return &critical_sizes;
+}
+
+bool ntvfs_interface_differs(const struct ntvfs_critical_sizes *const iface)
+{
+	/* The comparison would be easier with memcmp, but compiler-interset
+	 * alignment padding is not guaranteed to be zeroed.
+	 */
+
+#define FIELD_DIFFERS(field) (iface->field != critical_sizes.field)
+
+	if (FIELD_DIFFERS(interface_version))
+		return true;
+
+	if (FIELD_DIFFERS(sizeof_ntvfs_critical_sizes))
+		return true;
+
+	if (FIELD_DIFFERS(sizeof_ntvfs_context))
+		return true;
+
+	if (FIELD_DIFFERS(sizeof_ntvfs_module_context))
+		return true;
+
+	if (FIELD_DIFFERS(sizeof_ntvfs_ops))
+		return true;
+
+	if (FIELD_DIFFERS(sizeof_ntvfs_async_state))
+		return true;
+
+	if (FIELD_DIFFERS(sizeof_ntvfs_request))
+		return true;
+
+	/* Versions match. */
+	return false;
+
+#undef FIELD_DIFFERS
+}
+
+/*
+  initialise a connection structure to point at a NTVFS backend
+*/
+NTSTATUS ntvfs_init_connection(TALLOC_CTX *mem_ctx, struct share_config *scfg, enum ntvfs_type type,
+			       enum protocol_types protocol,
+			       uint64_t ntvfs_client_caps,
+			       struct tevent_context *ev, struct imessaging_context *msg,
+			       struct loadparm_context *lp_ctx,
+			       struct server_id server_id, struct ntvfs_context **_ctx)
+{
+	const char **handlers = share_string_list_option(mem_ctx, scfg, SHARE_NTVFS_HANDLER);
+	int i;
+	struct ntvfs_context *ctx;
+
+	if (!handlers) {
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	ctx = talloc_zero(mem_ctx, struct ntvfs_context);
+	NT_STATUS_HAVE_NO_MEMORY(ctx);
+	ctx->protocol		= protocol;
+	ctx->client_caps	= ntvfs_client_caps;
+	ctx->type		= type;
+	ctx->config		= talloc_steal(ctx, scfg);
+	ctx->event_ctx		= ev;
+	ctx->msg_ctx		= msg;
+	ctx->server_id		= server_id;
+	ctx->lp_ctx		= lp_ctx;
+
+	for (i=0; handlers[i]; i++) {
+		struct ntvfs_module_context *ntvfs;
+
+		ntvfs = talloc_zero(ctx, struct ntvfs_module_context);
+		NT_STATUS_HAVE_NO_MEMORY(ntvfs);
+		ntvfs->ctx = ctx;
+		ntvfs->ops = ntvfs_backend_byname(handlers[i], ctx->type);
+		if (!ntvfs->ops) {
+			DEBUG(1,("ntvfs_init_connection: failed to find backend=%s, type=%d\n",
+				handlers[i], ctx->type));
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+		ntvfs->depth = i;
+		DLIST_ADD_END(ctx->modules, ntvfs);
+	}
+
+	if (!ctx->modules) {
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	*_ctx = ctx;
+	return NT_STATUS_OK;
+}
+
+/*
+  adds the IPC$ share, needed for RPC calls
+ */
+static NTSTATUS ntvfs_add_ipc_share(struct loadparm_context *lp_ctx)
+{
+	struct loadparm_service *ipc;
+
+	if (lpcfg_service(lp_ctx, "IPC$")) {
+		/* it has already been defined in smb.conf or elsewhere */
+		return NT_STATUS_OK;
+	}
+
+	ipc = lpcfg_add_service(lp_ctx, NULL, "IPC$");
+	NT_STATUS_HAVE_NO_MEMORY(ipc);
+
+	lpcfg_do_service_parameter(lp_ctx, ipc, "comment", "IPC Service");
+	lpcfg_do_service_parameter(lp_ctx, ipc, "path", "/dev/null");
+	lpcfg_do_service_parameter(lp_ctx, ipc, "ntvfs handler", "default");
+	lpcfg_do_service_parameter(lp_ctx, ipc, "browseable", "No");
+	lpcfg_do_service_parameter(lp_ctx, ipc, "fstype", "IPC");
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS ntvfs_init(struct loadparm_context *lp_ctx)
+{
+	static bool initialized = false;
+#define _MODULE_PROTO(init) extern NTSTATUS init(TALLOC_CTX *);
+	STATIC_ntvfs_MODULES_PROTO;
+	init_module_fn static_init[] = { STATIC_ntvfs_MODULES };
+	init_module_fn *shared_init;
+
+	if (initialized) return NT_STATUS_OK;
+	initialized = true;
+	
+	shared_init = load_samba_modules(NULL, "ntvfs");
+
+	run_init_functions(NULL, static_init);
+	run_init_functions(NULL, shared_init);
+
+	talloc_free(shared_init);
+
+	ntvfs_add_ipc_share(lp_ctx);
+	
+	return NT_STATUS_OK;
+}
diff --git a/source4/ntvfs/ntvfs_generic.c b/source4/ntvfs/ntvfs_generic.c
new file mode 100644
index 0000000..de0ae2c
--- /dev/null
+++ b/source4/ntvfs/ntvfs_generic.c
@@ -0,0 +1,1648 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   NTVFS generic level mapping code
+
+   Copyright (C) Andrew Tridgell 2003-2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+  this implements mappings between info levels for NTVFS backend calls
+
+  the idea is that each of these functions implements one of the NTVFS
+  backend calls in terms of the 'generic' call. All backends that use
+  these functions must supply the generic call, but can if it wants to
+  also implement other levels if the need arises
+
+  this allows backend writers to only implement one variant of each
+  call unless they need fine grained control of the calls.
+*/
+
+#include "includes.h"
+#include "ntvfs/ntvfs.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+
+#undef strcasecmp
+
+/* a second stage function converts from the out parameters of the generic
+   call onto the out parameters of the specific call made */
+typedef NTSTATUS (*second_stage_t)(struct ntvfs_module_context *,
+				   struct ntvfs_request *,
+				   void *, void *, NTSTATUS);
+
+/* 
+   this structure holds the async state for pending mapped async calls
+*/
+struct ntvfs_map_async {
+	struct ntvfs_module_context *ntvfs;
+	void *io, *io2;
+	second_stage_t fn;
+};
+
+/*
+  this is a async wrapper, called from the backend when it has completed
+  a function that it has decided to reply to in an async fashion
+*/
+static void ntvfs_map_async_send(struct ntvfs_request *req)
+{
+	struct ntvfs_map_async *m = talloc_get_type(req->async_states->private_data,
+				    struct ntvfs_map_async);
+
+	ntvfs_async_state_pop(req);
+
+	/* call the _finish function setup in ntvfs_map_async_setup() */
+	req->async_states->status = m->fn(m->ntvfs, req, m->io, m->io2, req->async_states->status);
+
+	/* call the send function from the next module up */
+	req->async_states->send_fn(req);
+}
+
+/*
+  prepare for calling a ntvfs backend with async support
+  io is the original call structure
+  io2 is the new call structure for the mapped call
+  fn is a second stage function for processing the out arguments
+*/
+static NTSTATUS ntvfs_map_async_setup(struct ntvfs_module_context *ntvfs,
+				      struct ntvfs_request *req,
+				      void *io, void *io2,
+				      second_stage_t fn)
+{
+	struct ntvfs_map_async *m;
+	m = talloc(req, struct ntvfs_map_async);
+	if (m == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	m->ntvfs = ntvfs;
+	m->io = io;
+	m->io2 = io2;
+	m->fn = fn;
+	return ntvfs_async_state_push(ntvfs, req, m, ntvfs_map_async_send);
+}
+
+/*
+  called when first stage processing is complete. 
+*/	
+static NTSTATUS ntvfs_map_async_finish(struct ntvfs_request *req, NTSTATUS status)
+{
+	struct ntvfs_map_async *m;
+
+	/* if the backend has decided to reply in an async fashion then
+	   we don't need to do any work here */
+	if (req->async_states->state & NTVFS_ASYNC_STATE_ASYNC) {
+		return status;
+	}
+
+	/* the backend is replying immediately. call the 2nd stage function after popping our local
+	   async state */
+	m = talloc_get_type(req->async_states->private_data,
+			    struct ntvfs_map_async);
+
+	ntvfs_async_state_pop(req);
+
+	return m->fn(m->ntvfs, req, m->io, m->io2, status);
+}
+
+/*
+  see if a filename ends in EXE COM DLL or SYM. This is needed for the
+  DENY_DOS mapping for OpenX
+*/
+bool is_exe_filename(const char *fname)
+{
+	char *p;
+	p = strrchr(fname, '.');
+	if (!p) {
+		return false;
+	}
+	p++;
+	if (strcasecmp(p, "EXE") == 0 ||
+	    strcasecmp(p, "COM") == 0 ||
+	    strcasecmp(p, "DLL") == 0 ||
+	    strcasecmp(p, "SYM") == 0) {
+		return true;
+	}
+	return false;
+}
+
+
+/* 
+   NTVFS openx to ntcreatex mapper
+*/
+static NTSTATUS ntvfs_map_open_finish(struct ntvfs_module_context *ntvfs,
+				      struct ntvfs_request *req, 
+				      union smb_open *io, 
+				      union smb_open *io2, 
+				      NTSTATUS status)
+{
+	time_t write_time = 0;
+	uint32_t set_size = 0;
+	union smb_setfileinfo *sf;
+	unsigned int state;
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	switch (io->generic.level) {
+	case RAW_OPEN_OPEN:
+		io->openold.out.file.ntvfs = io2->generic.out.file.ntvfs;
+		io->openold.out.attrib     = io2->generic.out.attrib;
+		io->openold.out.write_time = nt_time_to_unix(io2->generic.out.write_time);
+		io->openold.out.size       = io2->generic.out.size;
+		io->openold.out.rmode      = io->openold.in.open_mode;
+		break;
+
+	case RAW_OPEN_OPENX:
+		io->openx.out.file.ntvfs  = io2->generic.out.file.ntvfs;
+		io->openx.out.attrib      = io2->generic.out.attrib;
+		io->openx.out.write_time  = nt_time_to_unix(io2->generic.out.write_time);
+		io->openx.out.size        = io2->generic.out.size;
+		io->openx.out.access      = (io->openx.in.open_mode & OPENX_MODE_ACCESS_MASK);
+		io->openx.out.ftype       = 0;
+		io->openx.out.devstate    = 0;
+		io->openx.out.action      = io2->generic.out.create_action;
+		io->openx.out.unique_fid  = 0;
+		io->openx.out.access_mask = SEC_STD_ALL;
+		io->openx.out.unknown     = 0;
+		
+		/* we need to extend the file to the requested size if
+		   it was newly created */
+		if (io2->generic.out.create_action == NTCREATEX_ACTION_CREATED) {
+			set_size = io->openx.in.size;
+		}
+		break;
+
+	case RAW_OPEN_T2OPEN:
+		io->t2open.out.file.ntvfs  = io2->generic.out.file.ntvfs;
+		io->t2open.out.attrib      = io2->generic.out.attrib;
+		io->t2open.out.write_time  = nt_time_to_unix(io2->generic.out.write_time);
+		io->t2open.out.size        = io2->generic.out.size;
+		io->t2open.out.access      = io->t2open.in.open_mode;
+		io->t2open.out.ftype       = 0;
+		io->t2open.out.devstate    = 0;
+		io->t2open.out.action      = io2->generic.out.create_action;
+		io->t2open.out.file_id      = 0;
+		break;
+
+	case RAW_OPEN_MKNEW:
+	case RAW_OPEN_CREATE:
+		io->mknew.out.file.ntvfs= io2->generic.out.file.ntvfs;
+		write_time		= io->mknew.in.write_time;
+		break;
+
+	case RAW_OPEN_CTEMP:
+		io->ctemp.out.file.ntvfs= io2->generic.out.file.ntvfs;
+		io->ctemp.out.name 	= talloc_strdup(req, io2->generic.in.fname + 
+							strlen(io->ctemp.in.directory) + 1);
+		NT_STATUS_HAVE_NO_MEMORY(io->ctemp.out.name);
+		break;
+
+	case RAW_OPEN_SMB2:
+		ZERO_STRUCT(io->smb2.out);
+		io->smb2.out.file.ntvfs		= io2->generic.out.file.ntvfs;
+		switch (io2->generic.out.oplock_level) {
+		case BATCH_OPLOCK_RETURN:
+			io->smb2.out.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+			break;
+		case EXCLUSIVE_OPLOCK_RETURN:
+			io->smb2.out.oplock_level = SMB2_OPLOCK_LEVEL_EXCLUSIVE;
+			break;
+		case LEVEL_II_OPLOCK_RETURN:
+			io->smb2.out.oplock_level = SMB2_OPLOCK_LEVEL_II;
+			break;
+		default:
+			io->smb2.out.oplock_level = SMB2_OPLOCK_LEVEL_NONE;
+			break;
+		}
+		io->smb2.out.reserved		= 0;
+		io->smb2.out.create_action	= io2->generic.out.create_action;
+		io->smb2.out.create_time	= io2->generic.out.create_time;
+		io->smb2.out.access_time	= io2->generic.out.access_time;
+		io->smb2.out.write_time		= io2->generic.out.write_time;
+		io->smb2.out.change_time	= io2->generic.out.change_time;
+		io->smb2.out.alloc_size		= io2->generic.out.alloc_size;
+		io->smb2.out.size		= io2->generic.out.size;
+		io->smb2.out.file_attr		= io2->generic.out.attrib;
+		io->smb2.out.reserved2		= 0;
+		io->smb2.out.maximal_access     = io2->generic.out.maximal_access;
+		memcpy(io->smb2.out.on_disk_id, io2->generic.out.on_disk_id,
+		       sizeof(io2->generic.out.on_disk_id));
+		break;
+
+	default:
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	/* doing a secondary request async is more trouble than its
+	   worth */
+	state = req->async_states->state;
+	req->async_states->state &= ~NTVFS_ASYNC_STATE_MAY_ASYNC;
+
+	if (write_time != 0) {
+		sf = talloc(req, union smb_setfileinfo);
+		NT_STATUS_HAVE_NO_MEMORY(sf);
+		sf->generic.level           = RAW_SFILEINFO_STANDARD;
+		sf->generic.in.file.ntvfs   = io2->generic.out.file.ntvfs;
+		sf->standard.in.create_time = 0;
+		sf->standard.in.write_time  = write_time;
+		sf->standard.in.access_time = 0;
+		status = ntvfs->ops->setfileinfo_fn(ntvfs, req, sf);
+	}
+
+	if (set_size != 0) {
+		sf = talloc(req, union smb_setfileinfo);			
+		NT_STATUS_HAVE_NO_MEMORY(sf);
+		sf->generic.level            = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
+		sf->generic.in.file.ntvfs    = io2->generic.out.file.ntvfs;
+		sf->end_of_file_info.in.size = set_size;
+		status = ntvfs->ops->setfileinfo_fn(ntvfs, req, sf);
+		if (NT_STATUS_IS_OK(status)) {
+			io->openx.out.size = io->openx.in.size;
+		}
+	}
+
+	req->async_states->state = state;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  the core of the mapping between openx style parameters and ntcreatex 
+  parameters
+*/
+static NTSTATUS map_openx_open(uint16_t flags, uint16_t open_mode, 
+			       uint16_t open_func, const char *fname,
+			       union smb_open *io2)
+{
+	io2->generic.in.create_options = NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+	io2->generic.in.private_flags = 0;
+
+	if (flags & OPENX_FLAGS_REQUEST_OPLOCK) {
+		io2->generic.in.flags |= NTCREATEX_FLAGS_REQUEST_OPLOCK;
+	}
+	if (flags & OPENX_FLAGS_REQUEST_BATCH_OPLOCK) {
+		io2->generic.in.flags |= NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	}
+
+	switch (open_mode & OPENX_MODE_ACCESS_MASK) {
+	case OPENX_MODE_ACCESS_READ:
+	case OPENX_MODE_ACCESS_EXEC:
+		io2->generic.in.access_mask = SEC_RIGHTS_FILE_READ;
+		break;
+	case OPENX_MODE_ACCESS_WRITE:
+		io2->generic.in.access_mask = SEC_RIGHTS_FILE_WRITE;
+		break;
+	case OPENX_MODE_ACCESS_RDWR:
+	case OPENX_MODE_ACCESS_FCB:
+		io2->generic.in.access_mask = 
+			SEC_RIGHTS_FILE_READ | 
+			SEC_RIGHTS_FILE_WRITE;
+		break;
+	default:
+		return NT_STATUS_DOS(ERRDOS, ERRbadaccess);
+	}
+
+	switch (open_mode & OPENX_MODE_DENY_MASK) {
+	case OPENX_MODE_DENY_READ:
+		io2->generic.in.share_access = NTCREATEX_SHARE_ACCESS_WRITE;
+		break;
+	case OPENX_MODE_DENY_WRITE:
+		io2->generic.in.share_access = NTCREATEX_SHARE_ACCESS_READ;
+		break;
+	case OPENX_MODE_DENY_ALL:
+		io2->generic.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+		break;
+	case OPENX_MODE_DENY_NONE:
+		io2->generic.in.share_access = 
+			NTCREATEX_SHARE_ACCESS_READ | 
+			NTCREATEX_SHARE_ACCESS_WRITE;
+		break;
+	case OPENX_MODE_DENY_DOS:
+		/* DENY_DOS is quite strange - it depends on the filename! */
+		io2->generic.in.private_flags |=
+			NTCREATEX_FLAG_DENY_DOS;
+		if (is_exe_filename(fname)) {
+			io2->generic.in.share_access = 
+				NTCREATEX_SHARE_ACCESS_READ | 
+				NTCREATEX_SHARE_ACCESS_WRITE;
+		} else {
+			if ((open_mode & OPENX_MODE_ACCESS_MASK) == OPENX_MODE_ACCESS_READ) {
+				io2->generic.in.share_access = NTCREATEX_SHARE_ACCESS_READ;
+			} else {
+				io2->generic.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+			}
+		}
+		break;
+	case OPENX_MODE_DENY_FCB:
+		io2->generic.in.private_flags |= NTCREATEX_FLAG_DENY_FCB;
+		io2->generic.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+		break;
+	default:
+		return NT_STATUS_DOS(ERRDOS, ERRbadaccess);
+	}
+
+	switch (open_func) {
+	case (OPENX_OPEN_FUNC_OPEN):
+		io2->generic.in.open_disposition = NTCREATEX_DISP_OPEN;
+		break;
+	case (OPENX_OPEN_FUNC_TRUNC):
+		io2->generic.in.open_disposition = NTCREATEX_DISP_OVERWRITE;
+		break;
+	case (OPENX_OPEN_FUNC_FAIL | OPENX_OPEN_FUNC_CREATE):
+		io2->generic.in.open_disposition = NTCREATEX_DISP_CREATE;
+		break;
+	case (OPENX_OPEN_FUNC_OPEN | OPENX_OPEN_FUNC_CREATE):
+		io2->generic.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+		break;
+	case (OPENX_OPEN_FUNC_TRUNC | OPENX_OPEN_FUNC_CREATE):
+		io2->generic.in.open_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+		break;			
+	default:
+		/* this one is very strange */
+		if ((open_mode & OPENX_MODE_ACCESS_MASK) == OPENX_MODE_ACCESS_EXEC) {
+			io2->generic.in.open_disposition = NTCREATEX_DISP_CREATE;
+			break;
+		}
+		return NT_STATUS_DOS(ERRDOS, ERRbadaccess);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/* 
+   NTVFS open generic to any mapper
+*/
+NTSTATUS ntvfs_map_open(struct ntvfs_module_context *ntvfs,
+				 struct ntvfs_request *req,
+				 union smb_open *io)
+{
+	NTSTATUS status;
+	union smb_open *io2;
+
+	io2 = talloc_zero(req, union smb_open);
+	if (io2 == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	status = ntvfs_map_async_setup(ntvfs, req,
+				       io, io2, 
+				       (second_stage_t)ntvfs_map_open_finish);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	io2->generic.level = RAW_OPEN_GENERIC;
+		
+	switch (io->generic.level) {
+	case RAW_OPEN_OPENX:
+		status = map_openx_open(io->openx.in.flags,
+					io->openx.in.open_mode, 
+					io->openx.in.open_func, 
+					io->openx.in.fname,
+					io2);
+		if (!NT_STATUS_IS_OK(status)) {
+			goto done;
+		}
+		
+		io2->generic.in.file_attr = io->openx.in.file_attrs;
+		io2->generic.in.fname = io->openx.in.fname;
+		
+		status = ntvfs->ops->open_fn(ntvfs, req, io2);
+		break;
+		
+		
+	case RAW_OPEN_OPEN:
+		status = map_openx_open(0,
+					io->openold.in.open_mode, 
+					OPENX_OPEN_FUNC_OPEN, 
+					io->openold.in.fname,
+					io2);
+		if (!NT_STATUS_IS_OK(status)) {
+			goto done;
+		}
+
+		io2->generic.in.file_attr = io->openold.in.search_attrs;
+		io2->generic.in.fname = io->openold.in.fname;
+
+		status = ntvfs->ops->open_fn(ntvfs, req, io2);
+		break;
+
+	case RAW_OPEN_T2OPEN:
+		io2->generic.level         = RAW_OPEN_NTTRANS_CREATE;
+
+		if (io->t2open.in.open_func == 0) {
+			status = NT_STATUS_OBJECT_NAME_COLLISION;
+			goto done;
+		}
+
+		status = map_openx_open(io->t2open.in.flags,
+					io->t2open.in.open_mode, 
+					io->t2open.in.open_func, 
+					io->t2open.in.fname,
+					io2);
+		if (!NT_STATUS_IS_OK(status)) {
+			goto done;
+		}
+
+		io2->generic.in.file_attr        = io->t2open.in.file_attrs;
+		io2->generic.in.fname            = io->t2open.in.fname;
+		io2->generic.in.ea_list          = talloc(io2, struct smb_ea_list);
+		io2->generic.in.ea_list->num_eas = io->t2open.in.num_eas;
+		io2->generic.in.ea_list->eas     = io->t2open.in.eas;
+
+		status = ntvfs->ops->open_fn(ntvfs, req, io2);
+		break;
+
+	case RAW_OPEN_MKNEW:
+		io2->generic.in.file_attr = io->mknew.in.attrib;
+		io2->generic.in.fname = io->mknew.in.fname;
+		io2->generic.in.open_disposition = NTCREATEX_DISP_CREATE;
+		io2->generic.in.access_mask = 
+			SEC_RIGHTS_FILE_READ |
+			SEC_RIGHTS_FILE_WRITE;
+		io2->generic.in.share_access = 
+			NTCREATEX_SHARE_ACCESS_READ | 
+			NTCREATEX_SHARE_ACCESS_WRITE;
+		status = ntvfs->ops->open_fn(ntvfs, req, io2);
+		break;
+
+	case RAW_OPEN_CREATE:
+		io2->generic.in.file_attr = io->mknew.in.attrib;
+		io2->generic.in.fname = io->mknew.in.fname;
+		io2->generic.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+		io2->generic.in.access_mask = 
+			SEC_RIGHTS_FILE_READ |
+			SEC_RIGHTS_FILE_WRITE;
+		io2->generic.in.share_access = 
+			NTCREATEX_SHARE_ACCESS_READ | 
+			NTCREATEX_SHARE_ACCESS_WRITE;
+		status = ntvfs->ops->open_fn(ntvfs, req, io2);
+		break;
+
+	case RAW_OPEN_CTEMP:
+		io2->generic.in.file_attr = io->ctemp.in.attrib;
+		io2->generic.in.fname = 
+			talloc_asprintf(io2, "%s\\SRV%s", 
+					io->ctemp.in.directory,
+					generate_random_str_list(io2, 5, "0123456789"));
+		io2->generic.in.open_disposition = NTCREATEX_DISP_CREATE;
+		io2->generic.in.access_mask = 
+			SEC_RIGHTS_FILE_READ |
+			SEC_RIGHTS_FILE_WRITE;
+		io2->generic.in.share_access = 
+			NTCREATEX_SHARE_ACCESS_READ | 
+			NTCREATEX_SHARE_ACCESS_WRITE;
+		status = ntvfs->ops->open_fn(ntvfs, req, io2);
+		break;
+	case RAW_OPEN_SMB2:
+		switch (io->smb2.in.oplock_level) {
+		case SMB2_OPLOCK_LEVEL_BATCH:
+			io2->generic.in.flags = NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK |
+						NTCREATEX_FLAGS_REQUEST_OPLOCK;
+			break;
+		case SMB2_OPLOCK_LEVEL_EXCLUSIVE:
+			io2->generic.in.flags = NTCREATEX_FLAGS_REQUEST_OPLOCK;
+			break;
+		default:
+			io2->generic.in.flags = 0;
+			break;
+		}
+		io2->generic.in.root_fid.fnum	= 0;
+		io2->generic.in.access_mask	= io->smb2.in.desired_access;
+		io2->generic.in.alloc_size	= io->smb2.in.alloc_size;
+		io2->generic.in.file_attr	= io->smb2.in.file_attributes;
+		io2->generic.in.share_access	= io->smb2.in.share_access;
+		io2->generic.in.open_disposition= io->smb2.in.create_disposition;
+		io2->generic.in.create_options	= io->smb2.in.create_options;
+		io2->generic.in.impersonation	= io->smb2.in.impersonation_level;
+		io2->generic.in.security_flags	= 0;
+		io2->generic.in.fname		= io->smb2.in.fname;
+		io2->generic.in.sec_desc	= io->smb2.in.sec_desc;
+		io2->generic.in.ea_list		= &io->smb2.in.eas;
+		io2->generic.in.query_maximal_access = io->smb2.in.query_maximal_access; 
+		io2->generic.in.query_on_disk_id = io->smb2.in.query_on_disk_id;
+		io2->generic.in.private_flags	= 0;
+
+		/* we don't support timewarp yet */
+		if (io->smb2.in.timewarp != 0) {
+			status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
+			break;
+		}
+
+		/* we need to check these bits before we check the private mask */
+		if (io2->generic.in.create_options & SMB2_CREATE_OPTIONS_NOT_SUPPORTED_MASK) {
+			DEBUG(2,(__location__ " create_options 0x%x not supported\n",
+				 io2->generic.in.create_options));
+			status = NT_STATUS_NOT_SUPPORTED;
+			break;
+		}
+
+		/* TODO: find out why only SMB2 ignores these */
+		io2->generic.in.create_options &= ~NTCREATEX_OPTIONS_SYNC_ALERT;
+		io2->generic.in.create_options &= ~NTCREATEX_OPTIONS_ASYNC_ALERT;
+
+		status = ntvfs->ops->open_fn(ntvfs, req, io2);
+		break;
+
+	default:
+		status = NT_STATUS_INVALID_LEVEL;
+		break;
+	}
+done:
+	return ntvfs_map_async_finish(req, status);
+}
+
+
+/* 
+   NTVFS any to fsinfo mapper
+*/
+static NTSTATUS ntvfs_map_fsinfo_finish(struct ntvfs_module_context *ntvfs,
+				      struct ntvfs_request *req,
+				      union smb_fsinfo *fs,
+				      union smb_fsinfo *fs2,
+				      NTSTATUS status)
+{
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	/* and convert it to the required level */
+	switch (fs->generic.level) {
+	case RAW_QFS_DSKATTR: {
+		/* map from generic to DSKATTR */
+		unsigned int bpunit = 64;
+
+		/* we need to scale the sizes to fit */
+		for (bpunit=64; bpunit<0x10000; bpunit *= 2) {
+			if (fs2->generic.out.blocks_total * (double)fs2->generic.out.block_size < bpunit * 512 * 65535.0) {
+				break;
+			}
+		}
+
+		fs->dskattr.out.blocks_per_unit = bpunit;
+		fs->dskattr.out.block_size = 512;
+		fs->dskattr.out.units_total = 
+			(fs2->generic.out.blocks_total * (double)fs2->generic.out.block_size) / (bpunit * 512);
+		fs->dskattr.out.units_free  = 
+			(fs2->generic.out.blocks_free  * (double)fs2->generic.out.block_size) / (bpunit * 512);
+
+		/* we must return a maximum of 2G to old DOS systems, or they get very confused */
+		if (bpunit > 64 && req->ctx->protocol <= PROTOCOL_LANMAN2) {
+			fs->dskattr.out.blocks_per_unit = 64;
+			fs->dskattr.out.units_total = 0xFFFF;
+			fs->dskattr.out.units_free = 0xFFFF;
+		}
+		return NT_STATUS_OK;
+	}
+
+	case RAW_QFS_ALLOCATION:
+		fs->allocation.out.fs_id = fs2->generic.out.fs_id;
+		fs->allocation.out.total_alloc_units = fs2->generic.out.blocks_total;
+		fs->allocation.out.avail_alloc_units = fs2->generic.out.blocks_free;
+		fs->allocation.out.sectors_per_unit = 1;
+		fs->allocation.out.bytes_per_sector = fs2->generic.out.block_size;
+		return NT_STATUS_OK;
+
+	case RAW_QFS_VOLUME:
+		fs->volume.out.serial_number = fs2->generic.out.serial_number;
+		fs->volume.out.volume_name.s = fs2->generic.out.volume_name;
+		return NT_STATUS_OK;
+
+	case RAW_QFS_VOLUME_INFO:
+	case RAW_QFS_VOLUME_INFORMATION:
+		fs->volume_info.out.create_time = fs2->generic.out.create_time;
+		fs->volume_info.out.serial_number = fs2->generic.out.serial_number;
+		fs->volume_info.out.volume_name.s = fs2->generic.out.volume_name;
+		return NT_STATUS_OK;
+
+	case RAW_QFS_SIZE_INFO:
+	case RAW_QFS_SIZE_INFORMATION:
+		fs->size_info.out.total_alloc_units = fs2->generic.out.blocks_total;
+		fs->size_info.out.avail_alloc_units = fs2->generic.out.blocks_free;
+		fs->size_info.out.sectors_per_unit = 1;
+		fs->size_info.out.bytes_per_sector = fs2->generic.out.block_size;
+		return NT_STATUS_OK;
+
+	case RAW_QFS_DEVICE_INFO:
+	case RAW_QFS_DEVICE_INFORMATION:
+		fs->device_info.out.device_type = fs2->generic.out.device_type;
+		fs->device_info.out.characteristics = fs2->generic.out.device_characteristics;
+		return NT_STATUS_OK;
+
+	case RAW_QFS_ATTRIBUTE_INFO:
+	case RAW_QFS_ATTRIBUTE_INFORMATION:
+		fs->attribute_info.out.fs_attr = fs2->generic.out.fs_attr;
+		fs->attribute_info.out.max_file_component_length = fs2->generic.out.max_file_component_length;
+		fs->attribute_info.out.fs_type.s = fs2->generic.out.fs_type;
+		return NT_STATUS_OK;
+
+	case RAW_QFS_QUOTA_INFORMATION:
+		ZERO_STRUCT(fs->quota_information.out.unknown);
+		fs->quota_information.out.quota_soft = fs2->generic.out.quota_soft;
+		fs->quota_information.out.quota_hard = fs2->generic.out.quota_hard;
+		fs->quota_information.out.quota_flags = fs2->generic.out.quota_flags;
+		return NT_STATUS_OK;
+
+	case RAW_QFS_FULL_SIZE_INFORMATION:
+		fs->full_size_information.out.total_alloc_units = fs2->generic.out.blocks_total;
+		fs->full_size_information.out.call_avail_alloc_units = fs2->generic.out.blocks_free;
+		fs->full_size_information.out.actual_avail_alloc_units = fs2->generic.out.blocks_free;
+		fs->full_size_information.out.sectors_per_unit = 1;
+		fs->full_size_information.out.bytes_per_sector = fs2->generic.out.block_size;
+		return NT_STATUS_OK;
+
+	case RAW_QFS_OBJECTID_INFORMATION:
+		fs->objectid_information.out.guid = fs2->generic.out.guid;
+		ZERO_STRUCT(fs->objectid_information.out.unknown);
+		return NT_STATUS_OK;
+
+	case RAW_QFS_SECTOR_SIZE_INFORMATION:
+		fs->sector_size_info.out.logical_bytes_per_sector
+						= fs2->generic.out.block_size;
+		fs->sector_size_info.out.phys_bytes_per_sector_atomic
+						= fs2->generic.out.block_size;
+		fs->sector_size_info.out.phys_bytes_per_sector_perf
+						= fs2->generic.out.block_size;
+		fs->sector_size_info.out.fs_effective_phys_bytes_per_sector_atomic
+						= fs2->generic.out.block_size;
+		fs->sector_size_info.out.flags
+					= QFS_SSINFO_FLAGS_ALIGNED_DEVICE
+				| QFS_SSINFO_FLAGS_PARTITION_ALIGNED_ON_DEVICE;
+		fs->sector_size_info.out.byte_off_sector_align = 0;
+		fs->sector_size_info.out.byte_off_partition_align = 0;
+		return NT_STATUS_OK;
+
+	case RAW_QFS_GENERIC:
+	case RAW_QFS_UNIX_INFO:
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	return NT_STATUS_INVALID_LEVEL;
+}
+
+/*
+   NTVFS fsinfo any to generic mapper
+*/
+NTSTATUS ntvfs_map_fsinfo(struct ntvfs_module_context *ntvfs,
+			  struct ntvfs_request *req,
+			  union smb_fsinfo *fs)
+{
+	NTSTATUS status;
+	union smb_fsinfo *fs2;
+
+	fs2 = talloc(req, union smb_fsinfo);
+	if (fs2 == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (fs->generic.level == RAW_QFS_GENERIC) {
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	status = ntvfs_map_async_setup(ntvfs, req, fs, fs2,
+				       (second_stage_t)ntvfs_map_fsinfo_finish);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	/* ask the backend for the generic info */
+	fs2->generic.level = RAW_QFS_GENERIC;
+
+	status = ntvfs->ops->fsinfo_fn(ntvfs, req, fs2);
+	return ntvfs_map_async_finish(req, status);
+}
+
+
+/* 
+   NTVFS fileinfo generic to any mapper
+*/
+NTSTATUS ntvfs_map_fileinfo(TALLOC_CTX *mem_ctx,
+				     union smb_fileinfo *info, 
+				     union smb_fileinfo *info2)
+{
+	int i;
+	/* and convert it to the required level using results in info2 */
+	switch (info->generic.level) {
+	case RAW_FILEINFO_GETATTR:
+		info->getattr.out.attrib = info2->generic.out.attrib & 0xff;
+		info->getattr.out.size = info2->generic.out.size;
+		info->getattr.out.write_time = nt_time_to_unix(info2->generic.out.write_time);
+		return NT_STATUS_OK;
+		
+	case RAW_FILEINFO_GETATTRE:
+		info->getattre.out.attrib = info2->generic.out.attrib;
+		info->getattre.out.size = info2->generic.out.size;
+		info->getattre.out.write_time = nt_time_to_unix(info2->generic.out.write_time);
+		info->getattre.out.create_time = nt_time_to_unix(info2->generic.out.create_time);
+		info->getattre.out.access_time = nt_time_to_unix(info2->generic.out.access_time);
+		info->getattre.out.alloc_size = info2->generic.out.alloc_size;
+		return NT_STATUS_OK;
+		
+	case RAW_FILEINFO_NETWORK_OPEN_INFORMATION:
+		info->network_open_information.out.create_time = info2->generic.out.create_time;
+		info->network_open_information.out.access_time = info2->generic.out.access_time;
+		info->network_open_information.out.write_time =  info2->generic.out.write_time;
+		info->network_open_information.out.change_time = info2->generic.out.change_time;
+		info->network_open_information.out.alloc_size = info2->generic.out.alloc_size;
+		info->network_open_information.out.size = info2->generic.out.size;
+		info->network_open_information.out.attrib = info2->generic.out.attrib;
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_ALL_INFO:
+	case RAW_FILEINFO_ALL_INFORMATION:
+		info->all_info.out.create_time = info2->generic.out.create_time;
+		info->all_info.out.access_time = info2->generic.out.access_time;
+		info->all_info.out.write_time =  info2->generic.out.write_time;
+		info->all_info.out.change_time = info2->generic.out.change_time;
+		info->all_info.out.attrib = info2->generic.out.attrib;
+		info->all_info.out.alloc_size = info2->generic.out.alloc_size;
+		info->all_info.out.size = info2->generic.out.size;
+		info->all_info.out.nlink = info2->generic.out.nlink;
+		info->all_info.out.delete_pending = info2->generic.out.delete_pending;
+		info->all_info.out.directory = info2->generic.out.directory;
+		info->all_info.out.ea_size = info2->generic.out.ea_size;
+		info->all_info.out.fname.s = info2->generic.out.fname.s;
+		info->all_info.out.fname.private_length = info2->generic.out.fname.private_length;
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_BASIC_INFO:
+	case RAW_FILEINFO_BASIC_INFORMATION:
+		info->basic_info.out.create_time = info2->generic.out.create_time;
+		info->basic_info.out.access_time = info2->generic.out.access_time;
+		info->basic_info.out.write_time = info2->generic.out.write_time;
+		info->basic_info.out.change_time = info2->generic.out.change_time;
+		info->basic_info.out.attrib = info2->generic.out.attrib;
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_STANDARD:
+		info->standard.out.create_time = nt_time_to_unix(info2->generic.out.create_time);
+		info->standard.out.access_time = nt_time_to_unix(info2->generic.out.access_time);
+		info->standard.out.write_time = nt_time_to_unix(info2->generic.out.write_time);
+		info->standard.out.size = info2->generic.out.size;
+		info->standard.out.alloc_size = info2->generic.out.alloc_size;
+		info->standard.out.attrib = info2->generic.out.attrib;
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_EA_SIZE:
+		info->ea_size.out.create_time = nt_time_to_unix(info2->generic.out.create_time);
+		info->ea_size.out.access_time = nt_time_to_unix(info2->generic.out.access_time);
+		info->ea_size.out.write_time = nt_time_to_unix(info2->generic.out.write_time);
+		info->ea_size.out.size = info2->generic.out.size;
+		info->ea_size.out.alloc_size = info2->generic.out.alloc_size;
+		info->ea_size.out.attrib = info2->generic.out.attrib;
+		info->ea_size.out.ea_size = info2->generic.out.ea_size;
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_STANDARD_INFO:
+	case RAW_FILEINFO_STANDARD_INFORMATION:
+		info->standard_info.out.alloc_size = info2->generic.out.alloc_size;
+		info->standard_info.out.size = info2->generic.out.size;
+		info->standard_info.out.nlink = info2->generic.out.nlink;
+		info->standard_info.out.delete_pending = info2->generic.out.delete_pending;
+		info->standard_info.out.directory = info2->generic.out.directory;
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_INTERNAL_INFORMATION:
+		info->internal_information.out.file_id = info2->generic.out.file_id;
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_EA_INFO:
+	case RAW_FILEINFO_EA_INFORMATION:
+		info->ea_info.out.ea_size = info2->generic.out.ea_size;
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_ATTRIBUTE_TAG_INFORMATION:
+		info->attribute_tag_information.out.attrib = info2->generic.out.attrib;
+		info->attribute_tag_information.out.reparse_tag = info2->generic.out.reparse_tag;
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_STREAM_INFO:
+	case RAW_FILEINFO_STREAM_INFORMATION:
+		info->stream_info.out.num_streams = info2->generic.out.num_streams;
+		if (info->stream_info.out.num_streams > 0) {
+			info->stream_info.out.streams = 
+				talloc_array(mem_ctx, 
+					       struct stream_struct,
+					       info->stream_info.out.num_streams);
+			if (!info->stream_info.out.streams) {
+				DEBUG(2,("ntvfs_map_fileinfo: no memory for %d streams\n",
+					info->stream_info.out.num_streams));
+				return NT_STATUS_NO_MEMORY;
+			}
+			for (i=0; i < info->stream_info.out.num_streams; i++) {
+				info->stream_info.out.streams[i] = info2->generic.out.streams[i];
+				info->stream_info.out.streams[i].stream_name.s = 
+					talloc_strdup(info->stream_info.out.streams,
+						      info2->generic.out.streams[i].stream_name.s);
+				if (!info->stream_info.out.streams[i].stream_name.s) {
+					DEBUG(2,("ntvfs_map_fileinfo: no memory for stream_name\n"));
+					return NT_STATUS_NO_MEMORY;
+				}
+			}
+		}
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_NAME_INFO:
+	case RAW_FILEINFO_NAME_INFORMATION:
+		info->name_info.out.fname.s = talloc_strdup(mem_ctx, info2->generic.out.fname.s);
+		NT_STATUS_HAVE_NO_MEMORY(info->name_info.out.fname.s);
+		info->name_info.out.fname.private_length = info2->generic.out.fname.private_length;
+		return NT_STATUS_OK;
+		
+	case RAW_FILEINFO_ALT_NAME_INFO:
+	case RAW_FILEINFO_ALT_NAME_INFORMATION:
+	case RAW_FILEINFO_SMB2_ALT_NAME_INFORMATION:
+		info->alt_name_info.out.fname.s = talloc_strdup(mem_ctx, info2->generic.out.alt_fname.s);
+		NT_STATUS_HAVE_NO_MEMORY(info->alt_name_info.out.fname.s);
+		info->alt_name_info.out.fname.private_length = info2->generic.out.alt_fname.private_length;
+		return NT_STATUS_OK;
+	
+	case RAW_FILEINFO_POSITION_INFORMATION:
+		info->position_information.out.position = info2->generic.out.position;
+		return NT_STATUS_OK;
+	
+	case RAW_FILEINFO_ALL_EAS:
+		info->all_eas.out.num_eas = info2->generic.out.num_eas;
+		if (info->all_eas.out.num_eas > 0) {
+			info->all_eas.out.eas = talloc_array(mem_ctx, 
+							       struct ea_struct,
+							       info->all_eas.out.num_eas);
+			if (!info->all_eas.out.eas) {
+				DEBUG(2,("ntvfs_map_fileinfo: no memory for %d eas\n",
+					info->all_eas.out.num_eas));
+				return NT_STATUS_NO_MEMORY;
+			}
+			for (i = 0; i < info->all_eas.out.num_eas; i++) {
+				info->all_eas.out.eas[i] = info2->generic.out.eas[i];
+				info->all_eas.out.eas[i].name.s = 
+					talloc_strdup(info->all_eas.out.eas,
+						      info2->generic.out.eas[i].name.s);
+				if (!info->all_eas.out.eas[i].name.s) {
+					DEBUG(2,("ntvfs_map_fileinfo: no memory for stream_name\n"));
+					return NT_STATUS_NO_MEMORY;
+				}
+				info->all_eas.out.eas[i].value.data = 
+					(uint8_t *)talloc_memdup(info->all_eas.out.eas,
+						info2->generic.out.eas[i].value.data,
+						info2->generic.out.eas[i].value.length);
+				if (!info->all_eas.out.eas[i].value.data) {
+					DEBUG(2,("ntvfs_map_fileinfo: no memory for stream_name\n"));
+					return NT_STATUS_NO_MEMORY;
+				}
+			}
+		}
+		return NT_STATUS_OK;
+		
+	case RAW_FILEINFO_IS_NAME_VALID:
+		return NT_STATUS_OK;
+		
+	case RAW_FILEINFO_COMPRESSION_INFO:
+	case RAW_FILEINFO_COMPRESSION_INFORMATION:
+		info->compression_info.out.compressed_size = info2->generic.out.compressed_size;
+		info->compression_info.out.format = info2->generic.out.format;
+		info->compression_info.out.unit_shift = info2->generic.out.unit_shift;
+		info->compression_info.out.chunk_shift = info2->generic.out.chunk_shift;
+		info->compression_info.out.cluster_shift = info2->generic.out.cluster_shift;
+		return NT_STATUS_OK;
+		
+	case RAW_FILEINFO_ACCESS_INFORMATION:
+		info->access_information.out.access_flags = info2->generic.out.access_flags;
+		return NT_STATUS_OK;
+		
+	case RAW_FILEINFO_MODE_INFORMATION:
+		info->mode_information.out.mode = info2->generic.out.mode;
+		return NT_STATUS_OK;
+		
+	case RAW_FILEINFO_ALIGNMENT_INFORMATION:
+		info->alignment_information.out.alignment_requirement =
+			info2->generic.out.alignment_requirement;
+		return NT_STATUS_OK;
+	case RAW_FILEINFO_UNIX_BASIC:
+#if 1
+		return NT_STATUS_INVALID_LEVEL;
+#else
+		info->unix_basic_info.out.end_of_file = info2->generic.out.end_of_file;
+		info->unix_basic_info.out.num_bytes = info2->generic.out.size;
+		info->unix_basic_info.out.status_change_time = info2->generic.out.change_time;
+		info->unix_basic_info.out.access_time = info2->generic.out.access_time;
+		info->unix_basic_info.out.change_time = info2->generic.out.change_time;
+		info->unix_basic_info.out.uid = info2->generic.out.uid;
+		info->unix_basic_info.out.gid = info2->generic.out.gid;
+		info->unix_basic_info.out.file_type = info2->generic.out.file_type;
+		info->unix_basic_info.out.dev_major = info2->generic.out.device;
+		info->unix_basic_info.out.dev_minor = info2->generic.out.device;
+		info->unix_basic_info.out.unique_id = info2->generic.out.inode;
+		info->unix_basic_info.out.permissions = info2->generic.out.permissions;
+		info->unix_basic_info.out.nlink = info2->generic.out.nlink;
+		return NT_STATUS_OK;
+#endif
+	case RAW_FILEINFO_UNIX_LINK:
+#if 1
+		return NT_STATUS_INVALID_LEVEL;
+#else
+		info->unix_link_info.out.link_dest = info2->generic.out.link_dest;
+		return NT_STATUS_OK;
+#endif
+	case RAW_FILEINFO_GENERIC:
+	case RAW_FILEINFO_SEC_DESC:
+	case RAW_FILEINFO_EA_LIST:
+	case RAW_FILEINFO_UNIX_INFO2:
+	case RAW_FILEINFO_SMB2_ALL_EAS:
+	case RAW_FILEINFO_SMB2_ALL_INFORMATION:
+		return NT_STATUS_INVALID_LEVEL;
+	case RAW_FILEINFO_NORMALIZED_NAME_INFORMATION:
+		return NT_STATUS_NOT_SUPPORTED;
+	}
+
+	return NT_STATUS_INVALID_LEVEL;
+}
+
+/* 
+   NTVFS any to fileinfo mapper
+*/
+static NTSTATUS ntvfs_map_qfileinfo_finish(struct ntvfs_module_context *ntvfs,
+				      struct ntvfs_request *req,
+				      union smb_fileinfo *info,
+				      union smb_fileinfo *info2,
+				      NTSTATUS status)
+{
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	return ntvfs_map_fileinfo(req, info, info2);
+}
+
+/*
+   NTVFS fileinfo generic to any mapper
+*/
+NTSTATUS ntvfs_map_qfileinfo(struct ntvfs_module_context *ntvfs,
+				      struct ntvfs_request *req,
+				      union smb_fileinfo *info)
+{
+	NTSTATUS status;
+	union smb_fileinfo *info2;
+
+	info2 = talloc(req, union smb_fileinfo);
+	if (info2 == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (info->generic.level == RAW_FILEINFO_GENERIC) {
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	status = ntvfs_map_async_setup(ntvfs, req, info, info2,
+				       (second_stage_t)ntvfs_map_qfileinfo_finish);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	/* ask the backend for the generic info */
+	info2->generic.level = RAW_FILEINFO_GENERIC;
+	info2->generic.in.file.ntvfs= info->generic.in.file.ntvfs;
+
+	status = ntvfs->ops->qfileinfo_fn(ntvfs, req, info2);
+	return ntvfs_map_async_finish(req, status);
+}
+
+/*
+   NTVFS any to fileinfo mapper
+*/
+static NTSTATUS ntvfs_map_qpathinfo_finish(struct ntvfs_module_context *ntvfs,
+				      struct ntvfs_request *req,
+				      union smb_fileinfo *info,
+				      union smb_fileinfo *info2,
+				      NTSTATUS status)
+{
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	return ntvfs_map_fileinfo(req, info, info2);
+}
+
+/* 
+   NTVFS pathinfo generic to any mapper
+*/
+NTSTATUS ntvfs_map_qpathinfo(struct ntvfs_module_context *ntvfs,
+				      struct ntvfs_request *req,
+				      union smb_fileinfo *info)
+{
+	NTSTATUS status;
+	union smb_fileinfo *info2;
+
+	info2 = talloc(req, union smb_fileinfo);
+	if (info2 == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (info->generic.level == RAW_FILEINFO_GENERIC) {
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	status = ntvfs_map_async_setup(ntvfs, req, info, info2,
+				       (second_stage_t)ntvfs_map_qpathinfo_finish);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	/* ask the backend for the generic info */
+	info2->generic.level		= RAW_FILEINFO_GENERIC;
+	info2->generic.in.file.path	= info->generic.in.file.path;
+
+	status = ntvfs->ops->qpathinfo_fn(ntvfs, req, info2);
+	return ntvfs_map_async_finish(req, status);
+}
+
+
+/* 
+   NTVFS lock generic to any mapper
+*/
+NTSTATUS ntvfs_map_lock(struct ntvfs_module_context *ntvfs,
+			struct ntvfs_request *req,
+			union smb_lock *lck)
+{
+	union smb_lock *lck2;
+	struct smb_lock_entry *locks;
+
+	lck2 = talloc(req, union smb_lock);
+	if (lck2 == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	locks = talloc_array(lck2, struct smb_lock_entry, 1);
+	if (locks == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	switch (lck->generic.level) {
+	case RAW_LOCK_LOCKX:
+		return NT_STATUS_INVALID_LEVEL;
+
+	case RAW_LOCK_LOCK:
+		lck2->generic.level = RAW_LOCK_GENERIC;
+		lck2->generic.in.file.ntvfs= lck->lock.in.file.ntvfs;
+		lck2->generic.in.mode = 0;
+		lck2->generic.in.timeout = 0;
+		lck2->generic.in.ulock_cnt = 0;
+		lck2->generic.in.lock_cnt = 1;
+		lck2->generic.in.locks = locks;
+		locks->pid = req->smbpid;
+		locks->offset = lck->lock.in.offset;
+		locks->count = lck->lock.in.count;
+		break;
+
+	case RAW_LOCK_UNLOCK:
+		lck2->generic.level = RAW_LOCK_GENERIC;
+		lck2->generic.in.file.ntvfs= lck->unlock.in.file.ntvfs;
+		lck2->generic.in.mode = 0;
+		lck2->generic.in.timeout = 0;
+		lck2->generic.in.ulock_cnt = 1;
+		lck2->generic.in.lock_cnt = 0;
+		lck2->generic.in.locks = locks;
+		locks->pid = req->smbpid;
+		locks->offset = lck->unlock.in.offset;
+		locks->count = lck->unlock.in.count;
+		break;
+
+	case RAW_LOCK_SMB2: {
+		/* this is only approximate! We need to change the
+		   generic structure to fix this properly */
+		int i;
+		bool isunlock;
+		if (lck->smb2.in.lock_count < 1) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		lck2->generic.level = RAW_LOCK_GENERIC;
+		lck2->generic.in.file.ntvfs= lck->smb2.in.file.ntvfs;
+		lck2->generic.in.timeout = UINT32_MAX;
+		lck2->generic.in.mode = 0;
+		lck2->generic.in.lock_cnt = 0;
+		lck2->generic.in.ulock_cnt = 0;
+		lck2->generic.in.locks = talloc_zero_array(lck2, struct smb_lock_entry, 
+							   lck->smb2.in.lock_count);
+		if (lck2->generic.in.locks == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		/* only the first lock gives the UNLOCK bit - see
+		   MS-SMB2 3.3.5.14 */
+		if (lck->smb2.in.locks[0].flags & SMB2_LOCK_FLAG_UNLOCK) {
+			if (lck->smb2.in.locks[0].flags & SMB2_LOCK_FLAG_FAIL_IMMEDIATELY) {
+				return NT_STATUS_INVALID_PARAMETER;
+			}
+			lck2->generic.in.ulock_cnt = lck->smb2.in.lock_count;
+			isunlock = true;
+		} else {
+			lck2->generic.in.lock_cnt = lck->smb2.in.lock_count;
+			isunlock = false;
+		}
+		for (i=0;i<lck->smb2.in.lock_count;i++) {
+			if (!isunlock &&
+			    lck->smb2.in.locks[i].flags == SMB2_LOCK_FLAG_NONE) {
+				return NT_STATUS_INVALID_PARAMETER;
+			}
+
+			if (lck->smb2.in.locks[i].flags & ~SMB2_LOCK_FLAG_ALL_MASK) {
+				return NT_STATUS_INVALID_PARAMETER;
+			}
+
+			if (isunlock && 
+			    (lck->smb2.in.locks[i].flags & 
+			     (SMB2_LOCK_FLAG_SHARED|SMB2_LOCK_FLAG_EXCLUSIVE))) {
+				return NT_STATUS_INVALID_PARAMETER;
+			}
+			if (!isunlock && 
+			    (lck->smb2.in.locks[i].flags & SMB2_LOCK_FLAG_UNLOCK)) {
+				return NT_STATUS_INVALID_PARAMETER;
+			}
+			lck2->generic.in.locks[i].pid    = req->smbpid;
+			lck2->generic.in.locks[i].offset = lck->smb2.in.locks[i].offset;
+			lck2->generic.in.locks[i].count  = lck->smb2.in.locks[i].length;
+			if (!(lck->smb2.in.locks[i].flags & SMB2_LOCK_FLAG_EXCLUSIVE)) {
+				lck2->generic.in.mode = LOCKING_ANDX_SHARED_LOCK;
+			}
+			if (lck->smb2.in.locks[i].flags & SMB2_LOCK_FLAG_FAIL_IMMEDIATELY) {
+				lck2->generic.in.timeout = 0;
+			}
+		}
+		/* initialize output value */
+		lck->smb2.out.reserved = 0;
+		break;
+	}
+
+	case RAW_LOCK_SMB2_BREAK:
+		lck2->generic.level		= RAW_LOCK_GENERIC;
+		lck2->generic.in.file.ntvfs	= lck->smb2_break.in.file.ntvfs;
+		lck2->generic.in.mode		= LOCKING_ANDX_OPLOCK_RELEASE |
+						  ((lck->smb2_break.in.oplock_level << 8) & 0xFF00);
+		lck2->generic.in.timeout	= 0;
+		lck2->generic.in.ulock_cnt	= 0;
+		lck2->generic.in.lock_cnt	= 0;
+		lck2->generic.in.locks		= NULL;
+
+		/* initialize output value */
+		lck->smb2_break.out.oplock_level= lck->smb2_break.in.oplock_level;
+		lck->smb2_break.out.reserved	= lck->smb2_break.in.reserved;
+		lck->smb2_break.out.reserved2	= lck->smb2_break.in.reserved2;
+		lck->smb2_break.out.file	= lck->smb2_break.in.file;
+		break;
+	}
+
+	/* 
+	 * we don't need to call ntvfs_map_async_setup() here,
+	 * as lock() doesn't have any output fields
+	 */
+
+	return ntvfs->ops->lock_fn(ntvfs, req, lck2);
+}
+
+
+/* 
+   NTVFS write generic to any mapper
+*/
+static NTSTATUS ntvfs_map_write_finish(struct ntvfs_module_context *ntvfs,
+				       struct ntvfs_request *req,
+				       union smb_write *wr, 
+				       union smb_write *wr2, 
+				       NTSTATUS status)
+{
+	union smb_lock *lck;
+	union smb_close *cl;
+	unsigned int state;
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	switch (wr->generic.level) {
+	case RAW_WRITE_WRITE:
+		wr->write.out.nwritten    = wr2->generic.out.nwritten;
+		break;
+
+	case RAW_WRITE_WRITEUNLOCK:
+		wr->writeunlock.out.nwritten = wr2->generic.out.nwritten;
+
+		lck = talloc(wr2, union smb_lock);
+		if (lck == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		lck->unlock.level		= RAW_LOCK_UNLOCK;
+		lck->unlock.in.file.ntvfs	= wr->writeunlock.in.file.ntvfs;
+		lck->unlock.in.count		= wr->writeunlock.in.count;
+		lck->unlock.in.offset		= wr->writeunlock.in.offset;
+
+		if (lck->unlock.in.count != 0) {
+			/* do the lock sync for now */
+			state = req->async_states->state;
+			req->async_states->state &= ~NTVFS_ASYNC_STATE_MAY_ASYNC;
+			status = ntvfs->ops->lock_fn(ntvfs, req, lck);
+			req->async_states->state = state;
+		}
+		break;
+
+	case RAW_WRITE_WRITECLOSE:
+		wr->writeclose.out.nwritten    = wr2->generic.out.nwritten;
+
+		cl = talloc(wr2, union smb_close);
+		if (cl == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		cl->close.level		= RAW_CLOSE_CLOSE;
+		cl->close.in.file.ntvfs	= wr->writeclose.in.file.ntvfs;
+		cl->close.in.write_time	= wr->writeclose.in.mtime;
+
+		if (wr2->generic.in.count != 0) {
+			/* do the close sync for now */
+			state = req->async_states->state;
+			req->async_states->state &= ~NTVFS_ASYNC_STATE_MAY_ASYNC;
+			status = ntvfs->ops->close_fn(ntvfs, req, cl);
+			req->async_states->state = state;
+		}
+		break;
+
+	case RAW_WRITE_SPLWRITE:
+		break;
+
+	case RAW_WRITE_SMB2:
+		wr->smb2.out._pad	= 0;
+		wr->smb2.out.nwritten	= wr2->generic.out.nwritten;
+		wr->smb2.out.unknown1	= 0;
+		break;
+
+	default:
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	return status;
+}
+
+
+/* 
+   NTVFS write generic to any mapper
+*/
+NTSTATUS ntvfs_map_write(struct ntvfs_module_context *ntvfs,
+				  struct ntvfs_request *req,
+				  union smb_write *wr)
+{
+	union smb_write *wr2;
+	NTSTATUS status;
+
+	wr2 = talloc(req, union smb_write);
+	if (wr2 == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	status = ntvfs_map_async_setup(ntvfs, req, wr, wr2, 
+				       (second_stage_t)ntvfs_map_write_finish);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	wr2->writex.level = RAW_WRITE_GENERIC;
+
+	switch (wr->generic.level) {
+	case RAW_WRITE_WRITEX:
+		status = NT_STATUS_INVALID_LEVEL;
+		break;
+
+	case RAW_WRITE_WRITE:
+		wr2->writex.in.file.ntvfs= wr->write.in.file.ntvfs;
+		wr2->writex.in.offset    = wr->write.in.offset;
+		wr2->writex.in.wmode     = 0;
+		wr2->writex.in.remaining = wr->write.in.remaining;
+		wr2->writex.in.count     = wr->write.in.count;
+		wr2->writex.in.data      = wr->write.in.data;
+		status = ntvfs->ops->write_fn(ntvfs, req, wr2);
+		break;
+
+	case RAW_WRITE_WRITEUNLOCK:
+		wr2->writex.in.file.ntvfs= wr->writeunlock.in.file.ntvfs;
+		wr2->writex.in.offset    = wr->writeunlock.in.offset;
+		wr2->writex.in.wmode     = 0;
+		wr2->writex.in.remaining = wr->writeunlock.in.remaining;
+		wr2->writex.in.count     = wr->writeunlock.in.count;
+		wr2->writex.in.data      = wr->writeunlock.in.data;
+		status = ntvfs->ops->write_fn(ntvfs, req, wr2);
+		break;
+
+	case RAW_WRITE_WRITECLOSE:
+		wr2->writex.in.file.ntvfs= wr->writeclose.in.file.ntvfs;
+		wr2->writex.in.offset    = wr->writeclose.in.offset;
+		wr2->writex.in.wmode     = 0;
+		wr2->writex.in.remaining = 0;
+		wr2->writex.in.count     = wr->writeclose.in.count;
+		wr2->writex.in.data      = wr->writeclose.in.data;
+		status = ntvfs->ops->write_fn(ntvfs, req, wr2);
+		break;
+
+	case RAW_WRITE_SPLWRITE:
+		wr2->writex.in.file.ntvfs= wr->splwrite.in.file.ntvfs;
+		wr2->writex.in.offset    = 0;
+		wr2->writex.in.wmode     = 0;
+		wr2->writex.in.remaining = 0;
+		wr2->writex.in.count     = wr->splwrite.in.count;
+		wr2->writex.in.data      = wr->splwrite.in.data;
+		status = ntvfs->ops->write_fn(ntvfs, req, wr2);
+		break;
+
+	case RAW_WRITE_SMB2:
+		wr2->writex.in.file.ntvfs= wr->smb2.in.file.ntvfs;
+		wr2->writex.in.offset    = wr->smb2.in.offset;
+		wr2->writex.in.wmode     = 0;
+		wr2->writex.in.remaining = 0;
+		wr2->writex.in.count     = wr->smb2.in.data.length;
+		wr2->writex.in.data      = wr->smb2.in.data.data;
+		status = ntvfs->ops->write_fn(ntvfs, req, wr2);
+	}
+
+	return ntvfs_map_async_finish(req, status);
+}
+
+
+/* 
+   NTVFS read generic to any mapper - finish the out mapping
+*/
+static NTSTATUS ntvfs_map_read_finish(struct ntvfs_module_context *ntvfs,
+				      struct ntvfs_request *req, 
+				      union smb_read *rd, 
+				      union smb_read *rd2,
+				      NTSTATUS status)
+{
+	switch (rd->generic.level) {
+	case RAW_READ_READ:
+		rd->read.out.nread	= rd2->generic.out.nread;
+		break;
+	case RAW_READ_READBRAW:
+		rd->readbraw.out.nread	= rd2->generic.out.nread;
+		break;
+	case RAW_READ_LOCKREAD:
+		rd->lockread.out.nread	= rd2->generic.out.nread;
+		break;
+	case RAW_READ_SMB2:
+		rd->smb2.out.data.length= rd2->generic.out.nread;
+		rd->smb2.out.remaining	= 0;
+		rd->smb2.out.reserved	= 0;
+		break;
+	default:
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	return status;
+}
+
+/* 
+   NTVFS read* to readx mapper
+*/
+NTSTATUS ntvfs_map_read(struct ntvfs_module_context *ntvfs,
+				 struct ntvfs_request *req,
+				 union smb_read *rd)
+{
+	union smb_read *rd2;
+	union smb_lock *lck;
+	NTSTATUS status;
+	unsigned int state;
+
+	rd2 = talloc(req, union smb_read);
+	if (rd2 == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	status = ntvfs_map_async_setup(ntvfs, req, rd, rd2, 
+				       (second_stage_t)ntvfs_map_read_finish);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	rd2->readx.level = RAW_READ_READX;
+	rd2->readx.in.read_for_execute = false;
+
+	switch (rd->generic.level) {
+	case RAW_READ_READX:
+		status = NT_STATUS_INVALID_LEVEL;
+		break;
+
+	case RAW_READ_READ:
+		rd2->readx.in.file.ntvfs= rd->read.in.file.ntvfs;
+		rd2->readx.in.offset    = rd->read.in.offset;
+		rd2->readx.in.mincnt    = rd->read.in.count;
+		rd2->readx.in.maxcnt    = rd->read.in.count;
+		rd2->readx.in.remaining = rd->read.in.remaining;
+		rd2->readx.out.data     = rd->read.out.data;
+		status = ntvfs->ops->read_fn(ntvfs, req, rd2);
+		break;
+
+	case RAW_READ_READBRAW:
+		rd2->readx.in.file.ntvfs= rd->readbraw.in.file.ntvfs;
+		rd2->readx.in.offset    = rd->readbraw.in.offset;
+		rd2->readx.in.mincnt    = rd->readbraw.in.mincnt;
+		rd2->readx.in.maxcnt    = rd->readbraw.in.maxcnt;
+		rd2->readx.in.remaining = 0;
+		rd2->readx.out.data     = rd->readbraw.out.data;
+		status = ntvfs->ops->read_fn(ntvfs, req, rd2);
+		break;
+
+	case RAW_READ_LOCKREAD:
+		/* do the initial lock sync for now */
+		state = req->async_states->state;
+		req->async_states->state &= ~NTVFS_ASYNC_STATE_MAY_ASYNC;
+
+		lck = talloc(rd2, union smb_lock);
+		if (lck == NULL) {
+			status = NT_STATUS_NO_MEMORY;
+			goto done;
+		}
+		lck->lock.level		= RAW_LOCK_LOCK;
+		lck->lock.in.file.ntvfs	= rd->lockread.in.file.ntvfs;
+		lck->lock.in.count	= rd->lockread.in.count;
+		lck->lock.in.offset	= rd->lockread.in.offset;
+		status = ntvfs->ops->lock_fn(ntvfs, req, lck);
+		req->async_states->state = state;
+
+		rd2->readx.in.file.ntvfs= rd->lockread.in.file.ntvfs;
+		rd2->readx.in.offset    = rd->lockread.in.offset;
+		rd2->readx.in.mincnt    = rd->lockread.in.count;
+		rd2->readx.in.maxcnt    = rd->lockread.in.count;
+		rd2->readx.in.remaining = rd->lockread.in.remaining;
+		rd2->readx.out.data     = rd->lockread.out.data;
+
+		if (NT_STATUS_IS_OK(status)) {
+			status = ntvfs->ops->read_fn(ntvfs, req, rd2);
+		}
+		break;
+
+	case RAW_READ_SMB2:
+		rd2->readx.in.file.ntvfs= rd->smb2.in.file.ntvfs;
+		rd2->readx.in.offset    = rd->smb2.in.offset;
+		rd2->readx.in.mincnt    = rd->smb2.in.min_count;
+		rd2->readx.in.maxcnt    = rd->smb2.in.length;
+		rd2->readx.in.remaining = 0;
+		rd2->readx.out.data     = rd->smb2.out.data.data;
+		status = ntvfs->ops->read_fn(ntvfs, req, rd2);
+		break;
+	}
+
+done:
+	return ntvfs_map_async_finish(req, status);
+}
+
+
+/* 
+   NTVFS close generic to any mapper
+*/
+static NTSTATUS ntvfs_map_close_finish(struct ntvfs_module_context *ntvfs,
+					struct ntvfs_request *req,
+					union smb_close *cl, 
+					union smb_close *cl2, 
+					NTSTATUS status)
+{
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	switch (cl->generic.level) {
+	case RAW_CLOSE_SMB2:
+		cl->smb2.out.flags        = cl2->generic.out.flags;
+		cl->smb2.out._pad         = 0;
+		cl->smb2.out.create_time  = cl2->generic.out.create_time;
+		cl->smb2.out.access_time  = cl2->generic.out.access_time;
+		cl->smb2.out.write_time   = cl2->generic.out.write_time;
+		cl->smb2.out.change_time  = cl2->generic.out.change_time;
+		cl->smb2.out.alloc_size   = cl2->generic.out.alloc_size;
+		cl->smb2.out.size         = cl2->generic.out.size;
+		cl->smb2.out.file_attr    = cl2->generic.out.file_attr;
+		break;
+	default:
+		break;
+	}
+
+	return status;
+}
+
+/* 
+   NTVFS close generic to any mapper
+*/
+NTSTATUS ntvfs_map_close(struct ntvfs_module_context *ntvfs,
+				  struct ntvfs_request *req,
+				  union smb_close *cl)
+{
+	union smb_close *cl2;
+	NTSTATUS status;
+
+	cl2 = talloc(req, union smb_close);
+	if (cl2 == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	switch (cl->generic.level) {
+	case RAW_CLOSE_GENERIC:
+		return NT_STATUS_INVALID_LEVEL;
+
+	case RAW_CLOSE_CLOSE:
+		cl2->generic.level		= RAW_CLOSE_GENERIC;
+		cl2->generic.in.file		= cl->close.in.file;
+		cl2->generic.in.write_time	= cl->close.in.write_time;
+		cl2->generic.in.flags		= 0;
+		break;
+
+	case RAW_CLOSE_SPLCLOSE:
+		cl2->generic.level		= RAW_CLOSE_GENERIC;
+		cl2->generic.in.file		= cl->splclose.in.file;
+		cl2->generic.in.write_time	= 0;
+		cl2->generic.in.flags		= 0;
+		break;
+
+	case RAW_CLOSE_SMB2:
+		cl2->generic.level		= RAW_CLOSE_GENERIC;
+		cl2->generic.in.file		= cl->smb2.in.file;
+		cl2->generic.in.write_time	= 0;
+		cl2->generic.in.flags		= cl->smb2.in.flags;
+		break;
+	}
+
+	status = ntvfs_map_async_setup(ntvfs, req, cl, cl2, 
+				       (second_stage_t)ntvfs_map_close_finish);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	status = ntvfs->ops->close_fn(ntvfs, req, cl2);
+
+	return ntvfs_map_async_finish(req, status);
+}
+
+/* 
+   NTVFS notify generic to any mapper
+*/
+static NTSTATUS ntvfs_map_notify_finish(struct ntvfs_module_context *ntvfs,
+					struct ntvfs_request *req,
+					union smb_notify *nt, 
+					union smb_notify *nt2, 
+					NTSTATUS status)
+{
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	switch (nt->nttrans.level) {
+	case RAW_NOTIFY_SMB2:
+		if (nt2->nttrans.out.num_changes == 0) {
+			return NT_STATUS_NOTIFY_ENUM_DIR;
+		}
+		nt->smb2.out.num_changes	= nt2->nttrans.out.num_changes;
+		nt->smb2.out.changes		= talloc_steal(req, nt2->nttrans.out.changes);
+		break;
+
+	default:
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	return status;
+}
+
+
+/* 
+   NTVFS notify generic to any mapper
+*/
+NTSTATUS ntvfs_map_notify(struct ntvfs_module_context *ntvfs,
+				   struct ntvfs_request *req,
+				   union smb_notify *nt)
+{
+	union smb_notify *nt2;
+	NTSTATUS status;
+
+	nt2 = talloc(req, union smb_notify);
+	NT_STATUS_HAVE_NO_MEMORY(nt2);
+
+	status = ntvfs_map_async_setup(ntvfs, req, nt, nt2, 
+				       (second_stage_t)ntvfs_map_notify_finish);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	nt2->nttrans.level = RAW_NOTIFY_NTTRANS;
+
+	switch (nt->nttrans.level) {
+	case RAW_NOTIFY_NTTRANS:
+		status = NT_STATUS_INVALID_LEVEL;
+		break;
+
+	case RAW_NOTIFY_SMB2:
+		nt2->nttrans.in.file.ntvfs		= nt->smb2.in.file.ntvfs;
+		nt2->nttrans.in.buffer_size		= nt->smb2.in.buffer_size;
+		nt2->nttrans.in.completion_filter	= nt->smb2.in.completion_filter;
+		nt2->nttrans.in.recursive		= nt->smb2.in.recursive;
+		status = ntvfs->ops->notify_fn(ntvfs, req, nt2);
+		break;
+	}
+
+	return ntvfs_map_async_finish(req, status);
+}
diff --git a/source4/ntvfs/ntvfs_interface.c b/source4/ntvfs/ntvfs_interface.c
new file mode 100644
index 0000000..a9e3101
--- /dev/null
+++ b/source4/ntvfs/ntvfs_interface.c
@@ -0,0 +1,702 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NTVFS interface functions
+
+   Copyright (C) Stefan (metze) Metzmacher 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "ntvfs/ntvfs.h"
+#include "lib/tsocket/tsocket.h"
+
+/* connect/disconnect */
+NTSTATUS ntvfs_connect(struct ntvfs_request *req, union smb_tcon *tcon)
+{
+	struct ntvfs_module_context *ntvfs = req->ctx->modules;
+	if (!ntvfs->ops->connect_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->ops->connect_fn(ntvfs, req, tcon);
+}
+
+NTSTATUS ntvfs_disconnect(struct ntvfs_context *ntvfs_ctx)
+{
+	struct ntvfs_module_context *ntvfs;
+	if (ntvfs_ctx == NULL) {
+		return NT_STATUS_INVALID_CONNECTION;
+	}
+	ntvfs = ntvfs_ctx->modules;
+	if (!ntvfs->ops->disconnect_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->ops->disconnect_fn(ntvfs);
+}
+
+/* async setup - called by a backend that wants to setup any state for
+   a async request */
+NTSTATUS ntvfs_async_setup(struct ntvfs_request *req, void *private_data)
+{
+	struct ntvfs_module_context *ntvfs = req->ctx->modules;
+	if (!ntvfs->ops->async_setup_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->ops->async_setup_fn(ntvfs, req, private_data);
+}
+
+/* filesystem operations */
+NTSTATUS ntvfs_fsinfo(struct ntvfs_request *req, union smb_fsinfo *fs)
+{
+	struct ntvfs_module_context *ntvfs = req->ctx->modules;
+	if (!ntvfs->ops->fsinfo_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->ops->fsinfo_fn(ntvfs, req, fs);
+}
+
+/* path operations */
+NTSTATUS ntvfs_unlink(struct ntvfs_request *req, union smb_unlink *unl)
+{
+	struct ntvfs_module_context *ntvfs = req->ctx->modules;
+	if (!ntvfs->ops->unlink_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->ops->unlink_fn(ntvfs, req, unl);
+}
+
+NTSTATUS ntvfs_chkpath(struct ntvfs_request *req, union smb_chkpath *cp)
+{
+	struct ntvfs_module_context *ntvfs = req->ctx->modules;
+	if (!ntvfs->ops->chkpath_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->ops->chkpath_fn(ntvfs, req, cp);
+}
+
+NTSTATUS ntvfs_qpathinfo(struct ntvfs_request *req, union smb_fileinfo *st)
+{
+	struct ntvfs_module_context *ntvfs = req->ctx->modules;
+	if (!ntvfs->ops->qpathinfo_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->ops->qpathinfo_fn(ntvfs, req, st);
+}
+
+NTSTATUS ntvfs_setpathinfo(struct ntvfs_request *req, union smb_setfileinfo *st)
+{
+	struct ntvfs_module_context *ntvfs = req->ctx->modules;
+	if (!ntvfs->ops->setpathinfo_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->ops->setpathinfo_fn(ntvfs, req, st);
+}
+
+NTSTATUS ntvfs_open(struct ntvfs_request *req, union smb_open *oi)
+{
+	struct ntvfs_module_context *ntvfs = req->ctx->modules;
+	if (!ntvfs->ops->open_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->ops->open_fn(ntvfs, req, oi);
+}
+
+NTSTATUS ntvfs_mkdir(struct ntvfs_request *req, union smb_mkdir *md)
+{
+	struct ntvfs_module_context *ntvfs = req->ctx->modules;
+	if (!ntvfs->ops->mkdir_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->ops->mkdir_fn(ntvfs, req, md);
+}
+
+NTSTATUS ntvfs_rmdir(struct ntvfs_request *req, struct smb_rmdir *rd)
+{
+	struct ntvfs_module_context *ntvfs = req->ctx->modules;
+	if (!ntvfs->ops->rmdir_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->ops->rmdir_fn(ntvfs, req, rd);
+}
+
+NTSTATUS ntvfs_rename(struct ntvfs_request *req, union smb_rename *ren)
+{
+	struct ntvfs_module_context *ntvfs = req->ctx->modules;
+	if (!ntvfs->ops->rename_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->ops->rename_fn(ntvfs, req, ren);
+}
+
+NTSTATUS ntvfs_copy(struct ntvfs_request *req, struct smb_copy *cp)
+{
+	struct ntvfs_module_context *ntvfs = req->ctx->modules;
+	if (!ntvfs->ops->copy_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->ops->copy_fn(ntvfs, req, cp);
+}
+
+/* directory search */
+NTSTATUS ntvfs_search_first(struct ntvfs_request *req, union smb_search_first *io, void *private_data,
+				     bool ntvfs_callback(void *private_data, const union smb_search_data *file))
+{
+	struct ntvfs_module_context *ntvfs = req->ctx->modules;
+	if (!ntvfs->ops->search_first_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->ops->search_first_fn(ntvfs, req, io, private_data, ntvfs_callback);
+}
+
+NTSTATUS ntvfs_search_next(struct ntvfs_request *req, union smb_search_next *io, void *private_data,
+				    bool ntvfs_callback(void *private_data, const union smb_search_data *file))
+{
+	struct ntvfs_module_context *ntvfs = req->ctx->modules;
+	if (!ntvfs->ops->search_next_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->ops->search_next_fn(ntvfs, req, io, private_data, ntvfs_callback);
+}
+
+NTSTATUS ntvfs_search_close(struct ntvfs_request *req, union smb_search_close *io)
+{
+	struct ntvfs_module_context *ntvfs = req->ctx->modules;
+	if (!ntvfs->ops->search_close_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->ops->search_close_fn(ntvfs, req, io);
+}
+
+/* operations on open files */
+NTSTATUS ntvfs_ioctl(struct ntvfs_request *req, union smb_ioctl *io)
+{
+	struct ntvfs_module_context *ntvfs = req->ctx->modules;
+	if (!ntvfs->ops->ioctl_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->ops->ioctl_fn(ntvfs, req, io);
+}
+
+NTSTATUS ntvfs_read(struct ntvfs_request *req, union smb_read *io)
+{
+	struct ntvfs_module_context *ntvfs = req->ctx->modules;
+	if (!ntvfs->ops->read_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->ops->read_fn(ntvfs, req, io);
+}
+
+NTSTATUS ntvfs_write(struct ntvfs_request *req, union smb_write *io)
+{
+	struct ntvfs_module_context *ntvfs = req->ctx->modules;
+	if (!ntvfs->ops->write_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->ops->write_fn(ntvfs, req, io);
+}
+
+NTSTATUS ntvfs_seek(struct ntvfs_request *req, union smb_seek *io)
+{
+	struct ntvfs_module_context *ntvfs = req->ctx->modules;
+	if (!ntvfs->ops->seek_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->ops->seek_fn(ntvfs, req, io);
+}
+
+NTSTATUS ntvfs_flush(struct ntvfs_request *req,
+			      union smb_flush *flush)
+{
+	struct ntvfs_module_context *ntvfs = req->ctx->modules;
+	if (!ntvfs->ops->flush_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->ops->flush_fn(ntvfs, req, flush);
+}
+
+NTSTATUS ntvfs_lock(struct ntvfs_request *req, union smb_lock *lck)
+{
+	struct ntvfs_module_context *ntvfs = req->ctx->modules;
+	if (!ntvfs->ops->lock_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->ops->lock_fn(ntvfs, req, lck);
+}
+
+NTSTATUS ntvfs_qfileinfo(struct ntvfs_request *req, union smb_fileinfo *info)
+{
+	struct ntvfs_module_context *ntvfs = req->ctx->modules;
+	if (!ntvfs->ops->qfileinfo_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->ops->qfileinfo_fn(ntvfs, req, info);
+}
+
+NTSTATUS ntvfs_setfileinfo(struct ntvfs_request *req, union smb_setfileinfo *info)
+{
+	struct ntvfs_module_context *ntvfs = req->ctx->modules;
+	if (!ntvfs->ops->setfileinfo_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->ops->setfileinfo_fn(ntvfs, req, info);
+}
+
+NTSTATUS ntvfs_close(struct ntvfs_request *req, union smb_close *io)
+{
+	struct ntvfs_module_context *ntvfs = req->ctx->modules;
+	if (!ntvfs->ops->close_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->ops->close_fn(ntvfs, req, io);
+}
+
+/* trans interface - used by IPC backend for pipes and RAP calls */
+NTSTATUS ntvfs_trans(struct ntvfs_request *req, struct smb_trans2 *trans)
+{
+	struct ntvfs_module_context *ntvfs = req->ctx->modules;
+	if (!ntvfs->ops->trans_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->ops->trans_fn(ntvfs, req, trans);
+}
+
+/* trans2 interface - only used by CIFS backend to prover complete passthru for testing */
+NTSTATUS ntvfs_trans2(struct ntvfs_request *req, struct smb_trans2 *trans2)
+{
+	struct ntvfs_module_context *ntvfs = req->ctx->modules;
+	if (!ntvfs->ops->trans2_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->ops->trans2_fn(ntvfs, req, trans2);
+}
+
+/* printing specific operations */
+NTSTATUS ntvfs_lpq(struct ntvfs_request *req, union smb_lpq *lpq)
+{
+	struct ntvfs_module_context *ntvfs = req->ctx->modules;
+	if (!ntvfs->ops->lpq_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->ops->lpq_fn(ntvfs, req, lpq);
+}
+
+/* logoff - called when a vuid is closed */
+NTSTATUS ntvfs_logoff(struct ntvfs_request *req)
+{
+	struct ntvfs_module_context *ntvfs = req->ctx->modules;
+	if (!ntvfs->ops->logoff_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->ops->logoff_fn(ntvfs, req);
+}
+
+NTSTATUS ntvfs_exit(struct ntvfs_request *req)
+{
+	struct ntvfs_module_context *ntvfs = req->ctx->modules;
+	if (!ntvfs->ops->exit_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->ops->exit_fn(ntvfs, req);
+}
+
+/*
+  change notify request
+*/
+NTSTATUS ntvfs_notify(struct ntvfs_request *req, union smb_notify *info)
+{
+	struct ntvfs_module_context *ntvfs = req->ctx->modules;
+	if (!ntvfs->ops->notify_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->ops->notify_fn(ntvfs, req, info);
+}
+
+/*
+  cancel an outstanding async request
+*/
+NTSTATUS ntvfs_cancel(struct ntvfs_request *req)
+{
+	struct ntvfs_module_context *ntvfs = req->ctx->modules;
+	if (!ntvfs->ops->cancel_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->ops->cancel_fn(ntvfs, req);
+}
+
+/* initial setup */
+NTSTATUS ntvfs_next_connect(struct ntvfs_module_context *ntvfs, 
+				     struct ntvfs_request *req,
+				     union smb_tcon *tcon)
+{
+	if (!ntvfs->next || !ntvfs->next->ops->connect_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->next->ops->connect_fn(ntvfs->next, req, tcon);
+}
+
+NTSTATUS ntvfs_next_disconnect(struct ntvfs_module_context *ntvfs)
+{
+	if (!ntvfs->next || !ntvfs->next->ops->disconnect_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->next->ops->disconnect_fn(ntvfs->next);
+}
+
+/* async_setup - called when setting up for a async request */
+NTSTATUS ntvfs_next_async_setup(struct ntvfs_module_context *ntvfs, 
+					 struct ntvfs_request *req, 
+					 void *private_data)
+{
+	if (!ntvfs->next || !ntvfs->next->ops->async_setup_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->next->ops->async_setup_fn(ntvfs->next, req, private_data);
+}
+
+/* filesystem operations */
+NTSTATUS ntvfs_next_fsinfo(struct ntvfs_module_context *ntvfs, 
+				    struct ntvfs_request *req,
+				    union smb_fsinfo *fs)
+{
+	if (!ntvfs->next || !ntvfs->next->ops->fsinfo_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->next->ops->fsinfo_fn(ntvfs->next, req, fs);
+}
+
+/* path operations */
+NTSTATUS ntvfs_next_unlink(struct ntvfs_module_context *ntvfs, 
+				    struct ntvfs_request *req,
+				    union smb_unlink *unl)
+{
+	if (!ntvfs->next || !ntvfs->next->ops->unlink_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->next->ops->unlink_fn(ntvfs->next, req, unl);
+}
+
+NTSTATUS ntvfs_next_chkpath(struct ntvfs_module_context *ntvfs, 
+				     struct ntvfs_request *req,
+				     union smb_chkpath *cp)
+{
+	if (!ntvfs->next || !ntvfs->next->ops->chkpath_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->next->ops->chkpath_fn(ntvfs->next, req, cp);
+}
+
+NTSTATUS ntvfs_next_qpathinfo(struct ntvfs_module_context *ntvfs, 
+				       struct ntvfs_request *req,
+				       union smb_fileinfo *st)
+{
+	if (!ntvfs->next || !ntvfs->next->ops->qpathinfo_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->next->ops->qpathinfo_fn(ntvfs->next, req, st);
+}
+
+NTSTATUS ntvfs_next_setpathinfo(struct ntvfs_module_context *ntvfs, 
+					 struct ntvfs_request *req,
+					 union smb_setfileinfo *st)
+{
+	if (!ntvfs->next || !ntvfs->next->ops->setpathinfo_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->next->ops->setpathinfo_fn(ntvfs->next, req, st);
+}
+
+NTSTATUS ntvfs_next_mkdir(struct ntvfs_module_context *ntvfs, 
+				   struct ntvfs_request *req,
+				   union smb_mkdir *md)
+{
+	if (!ntvfs->next || !ntvfs->next->ops->mkdir_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->next->ops->mkdir_fn(ntvfs->next, req, md);
+}
+
+NTSTATUS ntvfs_next_rmdir(struct ntvfs_module_context *ntvfs, 
+				   struct ntvfs_request *req,
+				   struct smb_rmdir *rd)
+{
+	if (!ntvfs->next || !ntvfs->next->ops->rmdir_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->next->ops->rmdir_fn(ntvfs->next, req, rd);
+}
+
+NTSTATUS ntvfs_next_rename(struct ntvfs_module_context *ntvfs, 
+				    struct ntvfs_request *req,
+				    union smb_rename *ren)
+{
+	if (!ntvfs->next || !ntvfs->next->ops->rename_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->next->ops->rename_fn(ntvfs->next, req, ren);
+}
+
+NTSTATUS ntvfs_next_copy(struct ntvfs_module_context *ntvfs, 
+				  struct ntvfs_request *req,
+				  struct smb_copy *cp)
+{
+	if (!ntvfs->next || !ntvfs->next->ops->copy_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->next->ops->copy_fn(ntvfs->next, req, cp);
+}
+
+NTSTATUS ntvfs_next_open(struct ntvfs_module_context *ntvfs, 
+				  struct ntvfs_request *req,
+				  union smb_open *oi)
+{
+	if (!ntvfs->next || !ntvfs->next->ops->open_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->next->ops->open_fn(ntvfs->next, req, oi);
+}
+
+
+/* directory search */
+NTSTATUS ntvfs_next_search_first(struct ntvfs_module_context *ntvfs, 
+					  struct ntvfs_request *req,
+					  union smb_search_first *io, void *private_data,
+					  bool (*callback)(void *private_data, const union smb_search_data *file))
+{
+	if (!ntvfs->next || !ntvfs->next->ops->search_first_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->next->ops->search_first_fn(ntvfs->next, req, io, private_data, callback);
+}
+
+NTSTATUS ntvfs_next_search_next(struct ntvfs_module_context *ntvfs, 
+					 struct ntvfs_request *req,
+					 union smb_search_next *io, void *private_data,
+					 bool (*callback)(void *private_data, const union smb_search_data *file))
+{
+	if (!ntvfs->next || !ntvfs->next->ops->search_next_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->next->ops->search_next_fn(ntvfs->next, req, io, private_data, callback);
+}
+
+NTSTATUS ntvfs_next_search_close(struct ntvfs_module_context *ntvfs, 
+					  struct ntvfs_request *req,
+					  union smb_search_close *io)
+{
+	if (!ntvfs->next || !ntvfs->next->ops->search_close_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->next->ops->search_close_fn(ntvfs->next, req, io);
+}
+
+/* operations on open files */
+NTSTATUS ntvfs_next_ioctl(struct ntvfs_module_context *ntvfs, 
+				   struct ntvfs_request *req,
+				   union smb_ioctl *io)
+{
+	if (!ntvfs->next || !ntvfs->next->ops->ioctl_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->next->ops->ioctl_fn(ntvfs->next, req, io);
+}
+
+NTSTATUS ntvfs_next_read(struct ntvfs_module_context *ntvfs, 
+				  struct ntvfs_request *req,
+				  union smb_read *io)
+{
+	if (!ntvfs->next || !ntvfs->next->ops->read_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->next->ops->read_fn(ntvfs->next, req, io);
+}
+
+NTSTATUS ntvfs_next_write(struct ntvfs_module_context *ntvfs, 
+				   struct ntvfs_request *req,
+				   union smb_write *io)
+{
+	if (!ntvfs->next || !ntvfs->next->ops->write_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->next->ops->write_fn(ntvfs->next, req, io);
+}
+
+NTSTATUS ntvfs_next_seek(struct ntvfs_module_context *ntvfs, 
+				  struct ntvfs_request *req,
+				  union smb_seek *io)
+{
+	if (!ntvfs->next || !ntvfs->next->ops->seek_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->next->ops->seek_fn(ntvfs->next, req, io);
+}
+
+NTSTATUS ntvfs_next_flush(struct ntvfs_module_context *ntvfs, 
+				   struct ntvfs_request *req,
+				   union smb_flush *flush)
+{
+	if (!ntvfs->next || !ntvfs->next->ops->flush_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->next->ops->flush_fn(ntvfs->next, req, flush);
+}
+
+NTSTATUS ntvfs_next_lock(struct ntvfs_module_context *ntvfs, 
+				  struct ntvfs_request *req,
+				  union smb_lock *lck)
+{
+	if (!ntvfs->next || !ntvfs->next->ops->lock_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->next->ops->lock_fn(ntvfs->next, req, lck);
+}
+
+NTSTATUS ntvfs_next_qfileinfo(struct ntvfs_module_context *ntvfs, 
+				       struct ntvfs_request *req,
+				       union smb_fileinfo *info)
+{
+	if (!ntvfs->next || !ntvfs->next->ops->qfileinfo_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->next->ops->qfileinfo_fn(ntvfs->next, req, info);
+}
+
+NTSTATUS ntvfs_next_setfileinfo(struct ntvfs_module_context *ntvfs, 
+					 struct ntvfs_request *req,
+					 union smb_setfileinfo *info)
+{
+	if (!ntvfs->next || !ntvfs->next->ops->setfileinfo_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->next->ops->setfileinfo_fn(ntvfs->next, req, info);
+}
+
+NTSTATUS ntvfs_next_close(struct ntvfs_module_context *ntvfs, 
+				   struct ntvfs_request *req,
+				   union smb_close *io)
+{
+	if (!ntvfs->next || !ntvfs->next->ops->close_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->next->ops->close_fn(ntvfs->next, req, io);
+}
+
+/* trans interface - used by IPC backend for pipes and RAP calls */
+NTSTATUS ntvfs_next_trans(struct ntvfs_module_context *ntvfs, 
+				   struct ntvfs_request *req,
+				   struct smb_trans2 *trans)
+{
+	if (!ntvfs->next || !ntvfs->next->ops->trans_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->next->ops->trans_fn(ntvfs->next, req, trans);
+}
+
+/*
+  change notify request
+*/
+NTSTATUS ntvfs_next_notify(struct ntvfs_module_context *ntvfs,
+				    struct ntvfs_request *req,
+				    union smb_notify *info)
+{
+	if (!ntvfs->next || !ntvfs->next->ops->notify_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->next->ops->notify_fn(ntvfs->next, req, info);
+}
+
+/* cancel - called to cancel an outstanding async request */
+NTSTATUS ntvfs_next_cancel(struct ntvfs_module_context *ntvfs, 
+				    struct ntvfs_request *req)
+{
+	if (!ntvfs->next || !ntvfs->next->ops->cancel_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->next->ops->cancel_fn(ntvfs->next, req);
+}
+
+/* printing specific operations */
+NTSTATUS ntvfs_next_lpq(struct ntvfs_module_context *ntvfs, 
+				 struct ntvfs_request *req,
+				 union smb_lpq *lpq)
+{
+	if (!ntvfs->next || !ntvfs->next->ops->lpq_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->next->ops->lpq_fn(ntvfs->next, req, lpq);
+}
+
+
+/* logoff - called when a vuid is closed */
+NTSTATUS ntvfs_next_logoff(struct ntvfs_module_context *ntvfs, 
+				    struct ntvfs_request *req)
+{
+	if (!ntvfs->next || !ntvfs->next->ops->logoff_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->next->ops->logoff_fn(ntvfs->next, req);
+}
+
+NTSTATUS ntvfs_next_exit(struct ntvfs_module_context *ntvfs, 
+				  struct ntvfs_request *req)
+{
+	if (!ntvfs->next || !ntvfs->next->ops->exit_fn) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->next->ops->exit_fn(ntvfs->next, req);
+}
+
+/* client connection callback */
+NTSTATUS ntvfs_set_addresses(struct ntvfs_context *ntvfs,
+			     const struct tsocket_address *local_address,
+			     const struct tsocket_address *remote_address)
+{
+	ntvfs->client.local_address = tsocket_address_copy(local_address, ntvfs);
+	NT_STATUS_HAVE_NO_MEMORY(ntvfs->client.local_address);
+
+	ntvfs->client.remote_address = tsocket_address_copy(remote_address, ntvfs);
+	NT_STATUS_HAVE_NO_MEMORY(ntvfs->client.remote_address);
+
+	return NT_STATUS_OK;
+}
+
+const struct tsocket_address *ntvfs_get_local_address(struct ntvfs_module_context *ntvfs)
+{
+	return ntvfs->ctx->client.local_address;
+}
+
+const struct tsocket_address *ntvfs_get_remote_address(struct ntvfs_module_context *ntvfs)
+{
+	return ntvfs->ctx->client.remote_address;
+}
+
+/* oplock helpers */
+NTSTATUS ntvfs_set_oplock_handler(struct ntvfs_context *ntvfs,
+					   NTSTATUS (*handler)(void *private_data, struct ntvfs_handle *handle, uint8_t level),
+					   void *private_data)
+{
+	ntvfs->oplock.handler		= handler;
+	ntvfs->oplock.private_data	= private_data;
+	return NT_STATUS_OK;
+}
+
+NTSTATUS ntvfs_send_oplock_break(struct ntvfs_module_context *ntvfs,
+					  struct ntvfs_handle *handle, uint8_t level)
+{
+	if (!ntvfs->ctx->oplock.handler) {
+		return NT_STATUS_OK;
+	}
+
+	return ntvfs->ctx->oplock.handler(ntvfs->ctx->oplock.private_data, handle, level);
+}
+
diff --git a/source4/ntvfs/ntvfs_util.c b/source4/ntvfs/ntvfs_util.c
new file mode 100644
index 0000000..2888ef4
--- /dev/null
+++ b/source4/ntvfs/ntvfs_util.c
@@ -0,0 +1,197 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NTVFS utility code
+   Copyright (C) Stefan Metzmacher 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+  this implements common utility functions that many NTVFS backends may wish to use
+*/
+
+#include "includes.h"
+#include "../lib/util/dlinklist.h"
+#include "ntvfs/ntvfs.h"
+
+
+struct ntvfs_request *ntvfs_request_create(struct ntvfs_context *ctx, TALLOC_CTX *mem_ctx,
+						    struct auth_session_info *session_info,
+						    uint16_t smbpid,
+						    struct timeval request_time,
+						    void *private_data,
+						    void (*send_fn)(struct ntvfs_request *),
+						    uint32_t state)
+{
+	struct ntvfs_request *req;
+	struct ntvfs_async_state *async;
+
+	req = talloc(mem_ctx, struct ntvfs_request);
+	if (!req) return NULL;
+	req->ctx			= ctx;
+	req->async_states		= NULL;
+	req->session_info		= session_info;
+	req->smbpid			= smbpid;
+	req->client_caps		= ctx->client_caps;
+	req->statistics.request_time	= request_time;
+
+	async = talloc(req, struct ntvfs_async_state);
+	if (!async) goto failed;
+
+	async->state		= state;
+	async->private_data	= private_data;
+	async->send_fn		= send_fn;
+	async->status		= NT_STATUS_INTERNAL_ERROR;
+	async->ntvfs		= NULL;
+
+	DLIST_ADD(req->async_states, async);
+
+	return req;
+failed:
+	talloc_free(req);
+	return NULL;
+}
+
+NTSTATUS ntvfs_async_state_push(struct ntvfs_module_context *ntvfs,
+					 struct ntvfs_request *req,
+					 void *private_data,
+					 void (*send_fn)(struct ntvfs_request *))
+{
+	struct ntvfs_async_state *async;
+
+	async = talloc(req, struct ntvfs_async_state);
+	NT_STATUS_HAVE_NO_MEMORY(async);
+
+	async->state		= req->async_states->state;
+	async->private_data	= private_data;
+	async->send_fn		= send_fn;
+	async->status		= NT_STATUS_INTERNAL_ERROR;
+
+	async->ntvfs		= ntvfs;
+
+	DLIST_ADD(req->async_states, async);
+
+	return NT_STATUS_OK;
+}
+
+void ntvfs_async_state_pop(struct ntvfs_request *req)
+{
+	struct ntvfs_async_state *async;
+
+	async = req->async_states;
+
+	DLIST_REMOVE(req->async_states, async);
+
+	req->async_states->state	= async->state;
+	req->async_states->status	= async->status;
+
+	talloc_free(async);
+}
+
+NTSTATUS ntvfs_handle_new(struct ntvfs_module_context *ntvfs,
+				   struct ntvfs_request *req,
+				   struct ntvfs_handle **h)
+{
+	if (!ntvfs->ctx->handles.create_new) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return ntvfs->ctx->handles.create_new(ntvfs->ctx->handles.private_data, req, h);
+}
+
+NTSTATUS ntvfs_handle_set_backend_data(struct ntvfs_handle *h,
+						struct ntvfs_module_context *ntvfs,
+						TALLOC_CTX *private_data)
+{
+	struct ntvfs_handle_data *d;
+	bool first_time = h->backend_data?false:true;
+
+	for (d=h->backend_data; d; d = d->next) {
+		if (d->owner != ntvfs) continue;
+		d->private_data = talloc_steal(d, private_data);
+		return NT_STATUS_OK;
+	}
+
+	d = talloc(h, struct ntvfs_handle_data);
+	NT_STATUS_HAVE_NO_MEMORY(d);
+	d->owner = ntvfs;
+	d->private_data = talloc_steal(d, private_data);
+
+	DLIST_ADD(h->backend_data, d);
+
+	if (first_time) {
+		NTSTATUS status;
+		status = h->ctx->handles.make_valid(h->ctx->handles.private_data, h);
+		NT_STATUS_NOT_OK_RETURN(status);
+	}
+
+	return NT_STATUS_OK;
+}
+
+void *ntvfs_handle_get_backend_data(struct ntvfs_handle *h,
+					     struct ntvfs_module_context *ntvfs)
+{
+	struct ntvfs_handle_data *d;
+
+	for (d=h->backend_data; d; d = d->next) {
+		if (d->owner != ntvfs) continue;
+		return d->private_data;
+	}
+
+	return NULL;
+}
+
+void ntvfs_handle_remove_backend_data(struct ntvfs_handle *h,
+					       struct ntvfs_module_context *ntvfs)
+{
+	struct ntvfs_handle_data *d,*n;
+
+	for (d=h->backend_data; d; d = n) {
+		n = d->next;
+		if (d->owner != ntvfs) continue;
+		DLIST_REMOVE(h->backend_data, d);
+		talloc_free(d);
+		d = NULL;
+	}
+
+	if (h->backend_data) return;
+
+	/* if there's no backend_data anymore, destroy the handle */
+	h->ctx->handles.destroy(h->ctx->handles.private_data, h);
+}
+
+struct ntvfs_handle *ntvfs_handle_search_by_wire_key(struct ntvfs_module_context *ntvfs,
+							      struct ntvfs_request *req,
+							      const DATA_BLOB *key)
+{
+	if (!ntvfs->ctx->handles.search_by_wire_key) {
+		return NULL;
+	}
+	return ntvfs->ctx->handles.search_by_wire_key(ntvfs->ctx->handles.private_data, req, key);
+}
+
+NTSTATUS ntvfs_set_handle_callbacks(struct ntvfs_context *ntvfs,
+					     NTSTATUS (*create_new)(void *private_data, struct ntvfs_request *req, struct ntvfs_handle **h),
+					     NTSTATUS (*make_valid)(void *private_data, struct ntvfs_handle *h),
+					     void (*destroy)(void *private_data, struct ntvfs_handle *h),
+					     struct ntvfs_handle *(*search_by_wire_key)(void *private_data, struct ntvfs_request *req, const DATA_BLOB *key),
+					     DATA_BLOB (*get_wire_key)(void *private_data, struct ntvfs_handle *handle, TALLOC_CTX *mem_ctx),
+					     void *private_data)
+{
+	ntvfs->handles.create_new		= create_new;
+	ntvfs->handles.make_valid		= make_valid;
+	ntvfs->handles.destroy			= destroy;
+	ntvfs->handles.search_by_wire_key	= search_by_wire_key;
+	ntvfs->handles.get_wire_key		= get_wire_key;
+	ntvfs->handles.private_data		= private_data;
+	return NT_STATUS_OK;
+}
diff --git a/source4/ntvfs/posix/posix_eadb.c b/source4/ntvfs/posix/posix_eadb.c
new file mode 100644
index 0000000..2d181fd
--- /dev/null
+++ b/source4/ntvfs/posix/posix_eadb.c
@@ -0,0 +1,299 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   POSIX NTVFS backend - xattr support using a tdb
+
+   Copyright (C) Andrew Tridgell 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/tdb_wrap/tdb_wrap.h"
+#ifdef WITH_NTVFS_FILESERVER
+#include "vfs_posix.h"
+#endif
+#include "posix_eadb.h"
+
+#define XATTR_LIST_ATTR ".xattr_list"
+
+/*
+  we need to maintain a list of attributes on each file, so that unlink
+  can automatically clean them up
+*/
+static NTSTATUS posix_eadb_add_list(struct tdb_wrap *ea_tdb, TALLOC_CTX *ctx, const char *attr_name,
+				   const char *fname, int fd)
+{
+	DATA_BLOB blob;
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+	size_t len;
+
+	if (strcmp(attr_name, XATTR_LIST_ATTR) == 0) {
+		return NT_STATUS_OK;
+	}
+
+	mem_ctx = talloc_new(ctx);
+
+	status = pull_xattr_blob_tdb_raw(ea_tdb, mem_ctx, XATTR_LIST_ATTR,
+				     fname, fd, 100, &blob);
+	if (NT_STATUS_IS_OK(status)) {
+		const char *s;
+
+		for (s = (const char *)blob.data;
+		     s < (const char *)(blob.data + blob.length);
+		     s += strlen(s) + 1) {
+			if (strcmp(attr_name, s) == 0) {
+				talloc_free(mem_ctx);
+				return NT_STATUS_OK;
+			}
+		}
+	} else {
+		blob = data_blob(NULL, 0);
+		/* No need to parse an empty blob */
+	}
+
+	len = strlen(attr_name) + 1;
+
+	blob.data = talloc_realloc(mem_ctx, blob.data, uint8_t, blob.length + len);
+	if (blob.data == NULL) {
+		talloc_free(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+	memcpy(blob.data + blob.length, attr_name, len);
+	blob.length += len;
+
+	status = push_xattr_blob_tdb_raw(ea_tdb, XATTR_LIST_ATTR, fname, fd, &blob);
+	talloc_free(mem_ctx);
+
+	return status;
+}
+
+/*
+  form a key for using in the ea_tdb
+*/
+static NTSTATUS get_ea_tdb_key(TALLOC_CTX *mem_ctx,
+			      const char *attr_name,
+			      const char *fname, int fd,
+			      TDB_DATA *key)
+{
+	struct stat st;
+	size_t len = strlen(attr_name);
+
+	if (fd == -1) {
+		if (stat(fname, &st) == -1) {
+			return NT_STATUS_NOT_FOUND;
+		}
+	} else {
+		if (fstat(fd, &st) == -1) {
+			return NT_STATUS_NOT_FOUND;
+		}
+	}
+
+	key->dptr = talloc_array(mem_ctx, uint8_t, 16 + len);
+	if (key->dptr == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	key->dsize = 16 + len;
+
+	SBVAL(key->dptr, 0, st.st_dev);
+	SBVAL(key->dptr, 8, st.st_ino);
+	memcpy(key->dptr+16, attr_name, len);
+
+	return NT_STATUS_OK;
+}
+
+
+
+/*
+  pull a xattr as a blob, using the ea_tdb_context tdb
+*/
+NTSTATUS pull_xattr_blob_tdb_raw(struct tdb_wrap *ea_tdb,
+			     TALLOC_CTX *mem_ctx,
+			     const char *attr_name,
+			     const char *fname,
+			     int fd,
+			     size_t estimated_size,
+			     DATA_BLOB *blob)
+{
+	TDB_DATA tkey, tdata;
+	NTSTATUS status;
+
+	status = get_ea_tdb_key(mem_ctx, attr_name, fname, fd, &tkey);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	tdata = tdb_fetch(ea_tdb->tdb, tkey);
+	if (tdata.dptr == NULL) {
+		return NT_STATUS_NOT_FOUND;
+	}
+
+	*blob = data_blob_talloc(mem_ctx, tdata.dptr, tdata.dsize);
+	free(tdata.dptr);
+	if (blob->data == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  push a xattr as a blob, using ea_tdb
+*/
+NTSTATUS push_xattr_blob_tdb_raw(struct tdb_wrap *ea_tdb,
+			     const char *attr_name,
+			     const char *fname,
+			     int fd,
+			     const DATA_BLOB *blob)
+{
+	TDB_DATA tkey, tdata;
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(ea_tdb);
+	if (!mem_ctx) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	status = get_ea_tdb_key(mem_ctx, attr_name, fname, fd, &tkey);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(mem_ctx);
+		return status;
+	}
+
+	tdata.dptr = blob->data;
+	tdata.dsize = blob->length;
+
+	if (tdb_chainlock(ea_tdb->tdb, tkey) != 0) {
+		talloc_free(mem_ctx);
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	status = posix_eadb_add_list(ea_tdb,mem_ctx, attr_name, fname, fd);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(mem_ctx);
+		goto done;
+	}
+
+	if (tdb_store(ea_tdb->tdb, tkey, tdata, TDB_REPLACE) != 0) {
+		status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+done:
+	tdb_chainunlock(ea_tdb->tdb, tkey);
+	talloc_free(mem_ctx);
+	return status;
+}
+
+
+/*
+  delete a xattr
+*/
+NTSTATUS delete_posix_eadb_raw(struct tdb_wrap *ea_tdb, const char *attr_name,
+			  const char *fname, int fd)
+{
+	TDB_DATA tkey;
+	NTSTATUS status;
+
+	status = get_ea_tdb_key(NULL, attr_name, fname, fd, &tkey);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (tdb_delete(ea_tdb->tdb, tkey) != 0) {
+		talloc_free(tkey.dptr);
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	talloc_free(tkey.dptr);
+	return NT_STATUS_OK;
+}
+
+
+/*
+  delete all xattrs for a file
+*/
+NTSTATUS unlink_posix_eadb_raw(struct tdb_wrap *ea_tdb, const char *fname, int fd)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(ea_tdb);
+	DATA_BLOB blob;
+	const char *s;
+	NTSTATUS status;
+
+	status = pull_xattr_blob_tdb_raw(ea_tdb, mem_ctx, XATTR_LIST_ATTR,
+				     fname, fd, 100, &blob);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(mem_ctx);
+		return NT_STATUS_OK;
+	}
+
+	for (s=(const char *)blob.data; s < (const char *)(blob.data+blob.length); s += strlen(s) + 1) {
+		delete_posix_eadb_raw(ea_tdb, s, fname, -1);
+	}
+
+	status = delete_posix_eadb_raw(ea_tdb, XATTR_LIST_ATTR, fname, fd);
+	talloc_free(mem_ctx);
+	return status;
+}
+
+/*
+  list all xattrs for a file
+*/
+NTSTATUS list_posix_eadb_raw(struct tdb_wrap *ea_tdb, TALLOC_CTX *mem_ctx,
+			    const char *fname, int fd,
+			    DATA_BLOB *list)
+{
+	return pull_xattr_blob_tdb_raw(ea_tdb, mem_ctx, XATTR_LIST_ATTR,
+				     fname, fd, 100, list);
+}
+
+#ifdef WITH_NTVFS_FILESERVER
+NTSTATUS pull_xattr_blob_tdb(struct pvfs_state *pvfs_state,
+			     TALLOC_CTX *mem_ctx,
+			     const char *attr_name,
+			     const char *fname,
+			     int fd,
+			     size_t estimated_size,
+			     DATA_BLOB *blob)
+{
+	return pull_xattr_blob_tdb_raw(pvfs_state->ea_db,mem_ctx,attr_name,fname,fd,estimated_size,blob);
+}
+
+NTSTATUS push_xattr_blob_tdb(struct pvfs_state *pvfs_state,
+			     const char *attr_name,
+			     const char *fname,
+			     int fd,
+			     const DATA_BLOB *blob)
+{
+	return push_xattr_blob_tdb_raw(pvfs_state->ea_db, attr_name, fname, fd, blob);
+}
+
+/*
+  delete a xattr
+*/
+NTSTATUS delete_posix_eadb(struct pvfs_state *pvfs_state, const char *attr_name,
+			  const char *fname, int fd)
+{
+	return delete_posix_eadb_raw(pvfs_state->ea_db,
+				    attr_name, fname, fd);
+}
+
+/*
+  delete all xattrs for a file
+*/
+NTSTATUS unlink_posix_eadb(struct pvfs_state *pvfs_state, const char *fname)
+{
+	return unlink_posix_eadb_raw(pvfs_state->ea_db, fname, -1);
+}
+
+#endif
diff --git a/source4/ntvfs/posix/posix_eadb.h b/source4/ntvfs/posix/posix_eadb.h
new file mode 100644
index 0000000..14b9439
--- /dev/null
+++ b/source4/ntvfs/posix/posix_eadb.h
@@ -0,0 +1,20 @@
+/*
+   Unix SMB/CIFS implementation. Xattr manipulation bindings.
+   Copyright (C) Andrew Bartlett 2011
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+struct pvfs_state;
+#include "source4/ntvfs/posix/posix_eadb_proto.h"
diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c
new file mode 100644
index 0000000..e643293
--- /dev/null
+++ b/source4/ntvfs/posix/pvfs_acl.c
@@ -0,0 +1,1083 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   POSIX NTVFS backend - ACL support
+
+   Copyright (C) Andrew Tridgell 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/passwd.h"
+#include "auth/auth.h"
+#include "vfs_posix.h"
+#include "librpc/gen_ndr/xattr.h"
+#include "libcli/security/security.h"
+#include "param/param.h"
+#include "../lib/util/unix_privs.h"
+#include "lib/util/samba_modules.h"
+
+/* the list of currently registered ACL backends */
+static struct pvfs_acl_backend {
+	const struct pvfs_acl_ops *ops;
+} *backends = NULL;
+static int num_backends;
+
+/*
+  register a pvfs acl backend. 
+
+  The 'name' can be later used by other backends to find the operations
+  structure for this backend.  
+*/
+NTSTATUS pvfs_acl_register(TALLOC_CTX *ctx, const struct pvfs_acl_ops *ops)
+{
+	struct pvfs_acl_ops *new_ops;
+
+	if (pvfs_acl_backend_byname(ops->name) != NULL) {
+		DEBUG(0,("pvfs acl backend '%s' already registered\n", ops->name));
+		return NT_STATUS_OBJECT_NAME_COLLISION;
+	}
+
+	backends = talloc_realloc(ctx, backends,
+			struct pvfs_acl_backend, num_backends+1);
+	NT_STATUS_HAVE_NO_MEMORY(backends);
+
+	new_ops = (struct pvfs_acl_ops *)talloc_memdup(backends, ops, sizeof(*ops));
+	new_ops->name = talloc_strdup(new_ops, ops->name);
+
+	backends[num_backends].ops = new_ops;
+
+	num_backends++;
+
+	DEBUG(3,("NTVFS backend '%s' registered\n", ops->name));
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  return the operations structure for a named backend
+*/
+const struct pvfs_acl_ops *pvfs_acl_backend_byname(const char *name)
+{
+	int i;
+
+	for (i=0;i<num_backends;i++) {
+		if (strcmp(backends[i].ops->name, name) == 0) {
+			return backends[i].ops;
+		}
+	}
+
+	return NULL;
+}
+
+NTSTATUS pvfs_acl_init(void)
+{
+	static bool initialized = false;
+#define _MODULE_PROTO(init) extern NTSTATUS init(TALLOC_CTX *);
+	STATIC_pvfs_acl_MODULES_PROTO;
+	init_module_fn static_init[] = { STATIC_pvfs_acl_MODULES };
+	init_module_fn *shared_init;
+
+	if (initialized) return NT_STATUS_OK;
+	initialized = true;
+
+	shared_init = load_samba_modules(NULL, "pvfs_acl");
+
+	run_init_functions(NULL, static_init);
+	run_init_functions(NULL, shared_init);
+
+	talloc_free(shared_init);
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  map a single access_mask from generic to specific bits for files/dirs
+*/
+static uint32_t pvfs_translate_mask(uint32_t access_mask)
+{
+	if (access_mask & SEC_MASK_GENERIC) {
+		if (access_mask & SEC_GENERIC_READ)    access_mask |= SEC_RIGHTS_FILE_READ;
+		if (access_mask & SEC_GENERIC_WRITE)   access_mask |= SEC_RIGHTS_FILE_WRITE;
+		if (access_mask & SEC_GENERIC_EXECUTE) access_mask |= SEC_RIGHTS_FILE_EXECUTE;
+		if (access_mask & SEC_GENERIC_ALL)     access_mask |= SEC_RIGHTS_FILE_ALL;
+		access_mask &= ~SEC_MASK_GENERIC;
+	}
+	return access_mask;
+}
+
+
+/*
+  map any generic access bits in the given acl
+  this relies on the fact that the mappings for files and directories
+  are the same
+*/
+static void pvfs_translate_generic_bits(struct security_acl *acl)
+{
+	unsigned i;
+
+	if (!acl) return;
+
+	for (i=0;i<acl->num_aces;i++) {
+		struct security_ace *ace = &acl->aces[i];
+		ace->access_mask = pvfs_translate_mask(ace->access_mask);
+	}
+}
+
+
+/*
+  setup a default ACL for a file
+*/
+static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs,
+				 struct ntvfs_request *req,
+				 struct pvfs_filename *name, int fd, 
+				 struct security_descriptor **psd)
+{
+	struct security_descriptor *sd;
+	NTSTATUS status;
+	struct security_ace ace = {};
+	mode_t mode;
+	struct id_map *ids;
+
+	*psd = security_descriptor_initialise(req);
+	if (*psd == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	sd = *psd;
+
+	ids = talloc_zero_array(sd, struct id_map, 2);
+	NT_STATUS_HAVE_NO_MEMORY(ids);
+
+	ids[0].xid.id = name->st.st_uid;
+	ids[0].xid.type = ID_TYPE_UID;
+	ids[0].sid = NULL;
+
+	ids[1].xid.id = name->st.st_gid;
+	ids[1].xid.type = ID_TYPE_GID;
+	ids[1].sid = NULL;
+
+	status = wbc_xids_to_sids(ids, 2);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	sd->owner_sid = talloc_steal(sd, ids[0].sid);
+	sd->group_sid = talloc_steal(sd, ids[1].sid);
+
+	talloc_free(ids);
+	sd->type |= SEC_DESC_DACL_PRESENT;
+
+	mode = name->st.st_mode;
+
+	/*
+	  we provide up to 4 ACEs
+	    - Owner
+	    - Group
+	    - Everyone
+	    - Administrator
+	 */
+
+
+	/* setup owner ACE */
+	ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
+	ace.flags = 0;
+	ace.trustee = *sd->owner_sid;
+	ace.access_mask = 0;
+
+	if (mode & S_IRUSR) {
+		if (mode & S_IWUSR) {
+			ace.access_mask |= SEC_RIGHTS_FILE_ALL;
+		} else {
+			ace.access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE;
+		}
+	}
+	if (mode & S_IWUSR) {
+		ace.access_mask |= SEC_RIGHTS_FILE_WRITE | SEC_STD_DELETE;
+	}
+	if (ace.access_mask) {
+		security_descriptor_dacl_add(sd, &ace);
+	}
+
+
+	/* setup group ACE */
+	ace.trustee = *sd->group_sid;
+	ace.access_mask = 0;
+	if (mode & S_IRGRP) {
+		ace.access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE;
+	}
+	if (mode & S_IWGRP) {
+		/* note that delete is not granted - this matches posix behaviour */
+		ace.access_mask |= SEC_RIGHTS_FILE_WRITE;
+	}
+	if (ace.access_mask) {
+		security_descriptor_dacl_add(sd, &ace);
+	}
+
+	/* setup other ACE */
+	ace.trustee = global_sid_World;
+	ace.access_mask = 0;
+	if (mode & S_IROTH) {
+		ace.access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE;
+	}
+	if (mode & S_IWOTH) {
+		ace.access_mask |= SEC_RIGHTS_FILE_WRITE;
+	}
+	if (ace.access_mask) {
+		security_descriptor_dacl_add(sd, &ace);
+	}
+
+	/* setup system ACE */
+	ace.trustee = global_sid_System;
+	ace.access_mask = SEC_RIGHTS_FILE_ALL;
+	security_descriptor_dacl_add(sd, &ace);
+	
+	return NT_STATUS_OK;
+}
+				 
+
+/*
+  omit any security_descriptor elements not specified in the given
+  secinfo flags
+*/
+static void normalise_sd_flags(struct security_descriptor *sd, uint32_t secinfo_flags)
+{
+	if (!(secinfo_flags & SECINFO_OWNER)) {
+		sd->owner_sid = NULL;
+	}
+	if (!(secinfo_flags & SECINFO_GROUP)) {
+		sd->group_sid = NULL;
+	}
+	if (!(secinfo_flags & SECINFO_DACL)) {
+		sd->dacl = NULL;
+	}
+	if (!(secinfo_flags & SECINFO_SACL)) {
+		sd->sacl = NULL;
+	}
+}
+
+static bool pvfs_privileged_access(uid_t uid)
+{
+	uid_t euid;
+
+	if (uid_wrapper_enabled()) {
+		setenv("UID_WRAPPER_MYUID", "1", 1);
+	}
+
+	euid = geteuid();
+
+	if (uid_wrapper_enabled()) {
+		unsetenv("UID_WRAPPER_MYUID");
+	}
+
+	return (uid == euid);
+}
+
+/*
+  answer a setfileinfo for an ACL
+*/
+NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs, 
+		      struct ntvfs_request *req,
+		      struct pvfs_filename *name, int fd, 
+		      uint32_t access_mask,
+		      union smb_setfileinfo *info)
+{
+	uint32_t secinfo_flags = info->set_secdesc.in.secinfo_flags;
+	struct security_descriptor *new_sd, *sd, orig_sd;
+	NTSTATUS status = NT_STATUS_NOT_FOUND;
+	uid_t old_uid = -1;
+	gid_t old_gid = -1;
+	uid_t new_uid = -1;
+	gid_t new_gid = -1;
+	struct id_map *ids;
+
+	if (pvfs->acl_ops != NULL) {
+		status = pvfs->acl_ops->acl_load(pvfs, name, fd, req, &sd);
+	}
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
+		status = pvfs_default_acl(pvfs, req, name, fd, &sd);
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	ids = talloc(req, struct id_map);
+	NT_STATUS_HAVE_NO_MEMORY(ids);
+	ZERO_STRUCT(ids->xid);
+	ids->sid = NULL;
+	ids->status = ID_UNKNOWN;
+
+	new_sd = info->set_secdesc.in.sd;
+	orig_sd = *sd;
+
+	old_uid = name->st.st_uid;
+	old_gid = name->st.st_gid;
+
+	/* only set the elements that have been specified */
+	if (secinfo_flags & SECINFO_OWNER) {
+		if (!(access_mask & SEC_STD_WRITE_OWNER)) {
+			return NT_STATUS_ACCESS_DENIED;
+		}
+		if (!dom_sid_equal(sd->owner_sid, new_sd->owner_sid)) {
+			ids->sid = new_sd->owner_sid;
+			status = wbc_sids_to_xids(ids, 1);
+			NT_STATUS_NOT_OK_RETURN(status);
+
+			if (ids->xid.type == ID_TYPE_BOTH ||
+			    ids->xid.type == ID_TYPE_UID) {
+				new_uid = ids->xid.id;
+			}
+		}
+		sd->owner_sid = new_sd->owner_sid;
+	}
+
+	if (secinfo_flags & SECINFO_GROUP) {
+		if (!(access_mask & SEC_STD_WRITE_OWNER)) {
+			return NT_STATUS_ACCESS_DENIED;
+		}
+		if (!dom_sid_equal(sd->group_sid, new_sd->group_sid)) {
+			ids->sid = new_sd->group_sid;
+			status = wbc_sids_to_xids(ids, 1);
+			NT_STATUS_NOT_OK_RETURN(status);
+
+			if (ids->xid.type == ID_TYPE_BOTH ||
+			    ids->xid.type == ID_TYPE_GID) {
+				new_gid = ids->xid.id;
+			}
+
+		}
+		sd->group_sid = new_sd->group_sid;
+	}
+
+	if (secinfo_flags & SECINFO_DACL) {
+		if (!(access_mask & SEC_STD_WRITE_DAC)) {
+			return NT_STATUS_ACCESS_DENIED;
+		}
+		sd->dacl = new_sd->dacl;
+		pvfs_translate_generic_bits(sd->dacl);
+		sd->type |= SEC_DESC_DACL_PRESENT;
+	}
+
+	if (secinfo_flags & SECINFO_SACL) {
+		if (!(access_mask & SEC_FLAG_SYSTEM_SECURITY)) {
+			return NT_STATUS_ACCESS_DENIED;
+		}
+		sd->sacl = new_sd->sacl;
+		pvfs_translate_generic_bits(sd->sacl);
+		sd->type |= SEC_DESC_SACL_PRESENT;
+	}
+
+	if (secinfo_flags & SECINFO_PROTECTED_DACL) {
+		if (new_sd->type & SEC_DESC_DACL_PROTECTED) {
+			sd->type |= SEC_DESC_DACL_PROTECTED;
+		} else {
+			sd->type &= ~SEC_DESC_DACL_PROTECTED;
+		}
+	}
+
+	if (secinfo_flags & SECINFO_PROTECTED_SACL) {
+		if (new_sd->type & SEC_DESC_SACL_PROTECTED) {
+			sd->type |= SEC_DESC_SACL_PROTECTED;
+		} else {
+			sd->type &= ~SEC_DESC_SACL_PROTECTED;
+		}
+	}
+
+	if (new_uid == old_uid) {
+		new_uid = -1;
+	}
+
+	if (new_gid == old_gid) {
+		new_gid = -1;
+	}
+
+	/* if there's something to change try it */
+	if (new_uid != -1 || new_gid != -1) {
+		int ret;
+		if (fd == -1) {
+			ret = chown(name->full_name, new_uid, new_gid);
+		} else {
+			ret = fchown(fd, new_uid, new_gid);
+		}
+		if (errno == EPERM) {
+			if (pvfs_privileged_access(name->st.st_uid)) {
+				ret = 0;
+			} else {
+				/* try again as root if we have SEC_PRIV_RESTORE or
+				   SEC_PRIV_TAKE_OWNERSHIP */
+				if (security_token_has_privilege(req->session_info->security_token,
+								 SEC_PRIV_RESTORE) ||
+				    security_token_has_privilege(req->session_info->security_token,
+								 SEC_PRIV_TAKE_OWNERSHIP)) {
+					void *privs;
+					privs = root_privileges();
+					if (fd == -1) {
+						ret = chown(name->full_name, new_uid, new_gid);
+					} else {
+						ret = fchown(fd, new_uid, new_gid);
+					}
+					talloc_free(privs);
+				}
+			}
+		}
+		if (ret == -1) {
+			return pvfs_map_errno(pvfs, errno);
+		}
+	}
+
+	/* we avoid saving if the sd is the same. This means when clients
+	   copy files and end up copying the default sd that we don't
+	   needlessly use xattrs */
+	if (!security_descriptor_equal(sd, &orig_sd) && pvfs->acl_ops) {
+		status = pvfs->acl_ops->acl_save(pvfs, name, fd, sd);
+	}
+
+	return status;
+}
+
+
+/*
+  answer a fileinfo query for the ACL
+*/
+NTSTATUS pvfs_acl_query(struct pvfs_state *pvfs, 
+			struct ntvfs_request *req,
+			struct pvfs_filename *name, int fd, 
+			union smb_fileinfo *info)
+{
+	NTSTATUS status = NT_STATUS_NOT_FOUND;
+	struct security_descriptor *sd;
+
+	if (pvfs->acl_ops) {
+		status = pvfs->acl_ops->acl_load(pvfs, name, fd, req, &sd);
+	}
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
+		status = pvfs_default_acl(pvfs, req, name, fd, &sd);
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	normalise_sd_flags(sd, info->query_secdesc.in.secinfo_flags);
+
+	info->query_secdesc.out.sd = sd;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  check the read only bit against any of the write access bits
+*/
+static bool pvfs_read_only(struct pvfs_state *pvfs, uint32_t access_mask)
+{
+	if ((pvfs->flags & PVFS_FLAG_READONLY) &&
+	    (access_mask & (SEC_FILE_WRITE_DATA |
+			    SEC_FILE_APPEND_DATA | 
+			    SEC_FILE_WRITE_EA | 
+			    SEC_FILE_WRITE_ATTRIBUTE | 
+			    SEC_STD_DELETE | 
+			    SEC_STD_WRITE_DAC | 
+			    SEC_STD_WRITE_OWNER | 
+			    SEC_DIR_DELETE_CHILD))) {
+		return true;
+	}
+	return false;
+}
+
+/*
+  see if we are a member of the appropriate unix group
+ */
+static bool pvfs_group_member(struct pvfs_state *pvfs, gid_t gid)
+{
+	int i, ngroups;
+	gid_t *groups;
+	if (getegid() == gid) {
+		return true;
+	}
+	ngroups = getgroups(0, NULL);
+	if (ngroups <= 0) {
+		return false;
+	}
+	groups = talloc_array(pvfs, gid_t, ngroups);
+	if (groups == NULL) {
+		return false;
+	}
+	if (getgroups(ngroups, groups) != ngroups) {
+		talloc_free(groups);
+		return false;
+	}
+	for (i=0; i<ngroups; i++) {
+		if (groups[i] == gid) break;
+	}
+	talloc_free(groups);
+	return i < ngroups;
+}
+
+/*
+  default access check function based on unix permissions
+  doing this saves on building a full security descriptor
+  for the common case of access check on files with no 
+  specific NT ACL
+
+  If name is NULL then treat as a new file creation
+*/
+static NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs,
+				       struct ntvfs_request *req,
+				       struct pvfs_filename *name,
+				       uint32_t *access_mask)
+{
+	uint32_t max_bits = 0;
+	struct security_token *token = req->session_info->security_token;
+
+	if (pvfs_read_only(pvfs, *access_mask)) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	if (name == NULL) {
+		max_bits |= SEC_RIGHTS_FILE_ALL | SEC_STD_ALL;
+	} else if (pvfs_privileged_access(name->st.st_uid)) {
+		/* use the IxUSR bits */
+		if ((name->st.st_mode & S_IWUSR)) {
+			max_bits |= SEC_RIGHTS_FILE_ALL | SEC_STD_ALL;
+		} else if ((name->st.st_mode & (S_IRUSR | S_IXUSR))) {
+			max_bits |= SEC_RIGHTS_FILE_READ | SEC_RIGHTS_FILE_EXECUTE | SEC_STD_ALL;
+		}
+	} else if (pvfs_group_member(pvfs, name->st.st_gid)) {
+		/* use the IxGRP bits */
+		if ((name->st.st_mode & S_IWGRP)) {
+			max_bits |= SEC_RIGHTS_FILE_ALL | SEC_STD_ALL;
+		} else if ((name->st.st_mode & (S_IRGRP | S_IXGRP))) {
+			max_bits |= SEC_RIGHTS_FILE_READ | SEC_RIGHTS_FILE_EXECUTE | SEC_STD_ALL;
+		}
+	} else {
+		/* use the IxOTH bits */
+		if ((name->st.st_mode & S_IWOTH)) {
+			max_bits |= SEC_RIGHTS_FILE_ALL | SEC_STD_ALL;
+		} else if ((name->st.st_mode & (S_IROTH | S_IXOTH))) {
+			max_bits |= SEC_RIGHTS_FILE_READ | SEC_RIGHTS_FILE_EXECUTE | SEC_STD_ALL;
+		}
+	}
+
+	if (*access_mask & SEC_FLAG_MAXIMUM_ALLOWED) {
+		*access_mask |= max_bits;
+		*access_mask &= ~SEC_FLAG_MAXIMUM_ALLOWED;
+	}
+
+	if ((*access_mask & SEC_FLAG_SYSTEM_SECURITY) &&
+	    security_token_has_privilege(token, SEC_PRIV_SECURITY)) {
+		max_bits |= SEC_FLAG_SYSTEM_SECURITY;
+	}
+	
+	if (((*access_mask & ~max_bits) & SEC_RIGHTS_PRIV_RESTORE) &&
+	    security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
+		max_bits |= ~(SEC_RIGHTS_PRIV_RESTORE);
+	}
+	if (((*access_mask & ~max_bits) & SEC_RIGHTS_PRIV_BACKUP) &&
+	    security_token_has_privilege(token, SEC_PRIV_BACKUP)) {
+		max_bits |= ~(SEC_RIGHTS_PRIV_BACKUP);
+	}
+
+	if (*access_mask & ~max_bits) {
+		DEBUG(5,(__location__ " denied access to '%s' - wanted 0x%08x but got 0x%08x (missing 0x%08x)\n",
+			 name?name->full_name:"(new file)", *access_mask, max_bits, *access_mask & ~max_bits));
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	if (pvfs->ntvfs->ctx->protocol < PROTOCOL_SMB2_02) {
+		/* on SMB, this bit is always granted, even if not
+		   asked for */
+		*access_mask |= SEC_FILE_READ_ATTRIBUTE;
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  check the security descriptor on a file, if any
+  
+  *access_mask is modified with the access actually granted
+*/
+NTSTATUS pvfs_access_check(struct pvfs_state *pvfs, 
+			   struct ntvfs_request *req,
+			   struct pvfs_filename *name,
+			   uint32_t *access_mask)
+{
+	struct security_token *token = req->session_info->security_token;
+	struct xattr_NTACL *acl;
+	NTSTATUS status;
+	struct security_descriptor *sd;
+	bool allow_delete = false;
+
+	/* on SMB2 a blank access mask is always denied */
+	if (pvfs->ntvfs->ctx->protocol >= PROTOCOL_SMB2_02 &&
+	    *access_mask == 0) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	if (pvfs_read_only(pvfs, *access_mask)) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	if (*access_mask & SEC_FLAG_MAXIMUM_ALLOWED ||
+	    *access_mask & SEC_STD_DELETE) {
+		status = pvfs_access_check_parent(pvfs, req,
+						  name, SEC_DIR_DELETE_CHILD);
+		if (NT_STATUS_IS_OK(status)) {
+			allow_delete = true;
+			*access_mask &= ~SEC_STD_DELETE;
+		}
+	}
+
+	acl = talloc(req, struct xattr_NTACL);
+	if (acl == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* expand the generic access bits to file specific bits */
+	*access_mask = pvfs_translate_mask(*access_mask);
+	if (pvfs->ntvfs->ctx->protocol < PROTOCOL_SMB2_02) {
+		*access_mask &= ~SEC_FILE_READ_ATTRIBUTE;
+	}
+
+	status = pvfs_acl_load(pvfs, name, -1, acl);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
+		talloc_free(acl);
+		status = pvfs_access_check_unix(pvfs, req, name, access_mask);
+		goto done;
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	switch (acl->version) {
+	case 1:
+		sd = acl->info.sd;
+		break;
+	default:
+		return NT_STATUS_INVALID_ACL;
+	}
+
+	/* check the acl against the required access mask */
+	status = se_file_access_check(sd, token, false, *access_mask, access_mask);
+	talloc_free(acl);
+
+	/* if we used a NT acl, then allow access override if the
+	   share allows for posix permission override
+	*/
+	if (NT_STATUS_IS_OK(status)) {
+		name->allow_override = (pvfs->flags & PVFS_FLAG_PERM_OVERRIDE) != 0;
+	}
+
+done:
+	if (pvfs->ntvfs->ctx->protocol < PROTOCOL_SMB2_02) {
+		/* on SMB, this bit is always granted, even if not
+		   asked for */
+		*access_mask |= SEC_FILE_READ_ATTRIBUTE;
+	}
+
+	if (allow_delete) {
+		*access_mask |= SEC_STD_DELETE;
+	}
+
+	return status;
+}
+
+
+/*
+  a simplified interface to access check, designed for calls that
+  do not take or return an access check mask
+*/
+NTSTATUS pvfs_access_check_simple(struct pvfs_state *pvfs, 
+				  struct ntvfs_request *req,
+				  struct pvfs_filename *name,
+				  uint32_t access_needed)
+{
+	if (access_needed == 0) {
+		return NT_STATUS_OK;
+	}
+	return pvfs_access_check(pvfs, req, name, &access_needed);
+}
+
+/*
+  access check for creating a new file/directory
+*/
+NTSTATUS pvfs_access_check_create(struct pvfs_state *pvfs, 
+				  struct ntvfs_request *req,
+				  struct pvfs_filename *name,
+				  uint32_t *access_mask,
+				  bool container,
+				  struct security_descriptor **sd)
+{
+	struct pvfs_filename *parent;
+	NTSTATUS status;
+	uint32_t parent_mask;
+	bool allow_delete = false;
+
+	if (pvfs_read_only(pvfs, *access_mask)) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	status = pvfs_resolve_parent(pvfs, req, name, &parent);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	if (container) {
+		parent_mask = SEC_DIR_ADD_SUBDIR;
+	} else {
+		parent_mask = SEC_DIR_ADD_FILE;
+	}
+	if (*access_mask & SEC_FLAG_MAXIMUM_ALLOWED ||
+	    *access_mask & SEC_STD_DELETE) {
+		parent_mask |= SEC_DIR_DELETE_CHILD;
+	}
+
+	status = pvfs_access_check(pvfs, req, parent, &parent_mask);
+	if (NT_STATUS_IS_OK(status)) {
+		if (parent_mask & SEC_DIR_DELETE_CHILD) {
+			allow_delete = true;
+		}
+	} else if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+		/*
+		 * on ACCESS_DENIED we get the rejected bits
+		 * remove the non critical SEC_DIR_DELETE_CHILD
+		 * and check if something else was rejected.
+		 */
+		parent_mask &= ~SEC_DIR_DELETE_CHILD;
+		if (parent_mask != 0) {
+			return NT_STATUS_ACCESS_DENIED;
+		}
+		status = NT_STATUS_OK;
+	} else {
+		return status;
+	}
+
+	if (*sd == NULL) {
+		status = pvfs_acl_inherited_sd(pvfs, req, req, parent, container, sd);
+	}
+
+	talloc_free(parent);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	/* expand the generic access bits to file specific bits */
+	*access_mask = pvfs_translate_mask(*access_mask);
+
+	if (*access_mask & SEC_FLAG_MAXIMUM_ALLOWED) {
+		*access_mask |= SEC_RIGHTS_FILE_ALL;
+		*access_mask &= ~SEC_FLAG_MAXIMUM_ALLOWED;
+	}
+
+	if (pvfs->ntvfs->ctx->protocol < PROTOCOL_SMB2_02) {
+		/* on SMB, this bit is always granted, even if not
+		   asked for */
+		*access_mask |= SEC_FILE_READ_ATTRIBUTE;
+	}
+
+	if (allow_delete) {
+		*access_mask |= SEC_STD_DELETE;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  access check for creating a new file/directory - no access mask supplied
+*/
+NTSTATUS pvfs_access_check_parent(struct pvfs_state *pvfs, 
+				  struct ntvfs_request *req,
+				  struct pvfs_filename *name,
+				  uint32_t access_mask)
+{
+	struct pvfs_filename *parent;
+	NTSTATUS status;
+
+	status = pvfs_resolve_parent(pvfs, req, name, &parent);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	status = pvfs_access_check_simple(pvfs, req, parent, access_mask);
+	if (NT_STATUS_IS_OK(status) && parent->allow_override) {
+		name->allow_override = true;
+	}
+	return status;
+}
+
+
+/*
+  determine if an ACE is inheritable
+*/
+static bool pvfs_inheritable_ace(struct pvfs_state *pvfs,
+				 const struct security_ace *ace,
+				 bool container)
+{
+	if (!container) {
+		return (ace->flags & SEC_ACE_FLAG_OBJECT_INHERIT) != 0;
+	}
+
+	if (ace->flags & SEC_ACE_FLAG_CONTAINER_INHERIT) {
+		return true;
+	}
+
+	if ((ace->flags & SEC_ACE_FLAG_OBJECT_INHERIT) &&
+	    !(ace->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT)) {
+		return true;
+	}
+
+	return false;
+}
+
+/*
+  this is the core of ACL inheritance. It copies any inheritable
+  aces from the parent SD to the child SD. Note that the algorithm 
+  depends on whether the child is a container or not
+*/
+static NTSTATUS pvfs_acl_inherit_aces(struct pvfs_state *pvfs, 
+				      struct security_descriptor *parent_sd,
+				      struct security_descriptor *sd,
+				      bool container)
+{
+	int i;
+	
+	for (i=0;i<parent_sd->dacl->num_aces;i++) {
+		struct security_ace ace = parent_sd->dacl->aces[i];
+		NTSTATUS status;
+		const struct dom_sid *creator = NULL, *new_id = NULL;
+		uint32_t orig_flags;
+
+		if (!pvfs_inheritable_ace(pvfs, &ace, container)) {
+			continue;
+		}
+
+		orig_flags = ace.flags;
+
+		/* see the RAW-ACLS inheritance test for details on these rules */
+		if (!container) {
+			ace.flags = 0;
+		} else {
+			ace.flags &= ~SEC_ACE_FLAG_INHERIT_ONLY;
+
+			if (!(ace.flags & SEC_ACE_FLAG_CONTAINER_INHERIT)) {
+				ace.flags |= SEC_ACE_FLAG_INHERIT_ONLY;
+			}
+			if (ace.flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT) {
+				ace.flags = 0;
+			}
+		}
+
+		/* the CREATOR sids are special when inherited */
+		if (dom_sid_equal(&ace.trustee, pvfs->sid_cache.creator_owner)) {
+			creator = pvfs->sid_cache.creator_owner;
+			new_id = sd->owner_sid;
+		} else if (dom_sid_equal(&ace.trustee, pvfs->sid_cache.creator_group)) {
+			creator = pvfs->sid_cache.creator_group;
+			new_id = sd->group_sid;
+		} else {
+			new_id = &ace.trustee;
+		}
+
+		if (creator && container && 
+		    (ace.flags & SEC_ACE_FLAG_CONTAINER_INHERIT)) {
+			uint32_t flags = ace.flags;
+
+			ace.trustee = *new_id;
+			ace.flags = 0;
+			status = security_descriptor_dacl_add(sd, &ace);
+			if (!NT_STATUS_IS_OK(status)) {
+				return status;
+			}
+
+			ace.trustee = *creator;
+			ace.flags = flags | SEC_ACE_FLAG_INHERIT_ONLY;
+			status = security_descriptor_dacl_add(sd, &ace);
+		} else if (container && 
+			   !(orig_flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT)) {
+			status = security_descriptor_dacl_add(sd, &ace);
+		} else {
+			ace.trustee = *new_id;
+			status = security_descriptor_dacl_add(sd, &ace);
+		}
+
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+
+/*
+  calculate the ACL on a new file/directory based on the inherited ACL
+  from the parent. If there is no inherited ACL then return a NULL
+  ACL, which means the default ACL should be used
+*/
+NTSTATUS pvfs_acl_inherited_sd(struct pvfs_state *pvfs, 
+			       TALLOC_CTX *mem_ctx,
+			       struct ntvfs_request *req,
+			       struct pvfs_filename *parent,
+			       bool container,
+			       struct security_descriptor **ret_sd)
+{
+	struct xattr_NTACL *acl;
+	NTSTATUS status;
+	struct security_descriptor *parent_sd, *sd;
+	struct id_map *ids;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+
+	*ret_sd = NULL;
+
+	acl = talloc(req, struct xattr_NTACL);
+	if (acl == NULL) {
+		TALLOC_FREE(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	status = pvfs_acl_load(pvfs, parent, -1, acl);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_OK;
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(tmp_ctx);
+		return status;
+	}
+
+	switch (acl->version) {
+	case 1:
+		parent_sd = acl->info.sd;
+		break;
+	default:
+		talloc_free(tmp_ctx);
+		return NT_STATUS_INVALID_ACL;
+	}
+
+	if (parent_sd == NULL ||
+	    parent_sd->dacl == NULL ||
+	    parent_sd->dacl->num_aces == 0) {
+		/* go with the default ACL */
+		talloc_free(tmp_ctx);
+		return NT_STATUS_OK;
+	}
+
+	/* create the new sd */
+	sd = security_descriptor_initialise(req);
+	if (sd == NULL) {
+		TALLOC_FREE(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ids = talloc_array(sd, struct id_map, 2);
+	if (ids == NULL) {
+		TALLOC_FREE(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ids[0].xid.id = geteuid();
+	ids[0].xid.type = ID_TYPE_UID;
+	ids[0].sid = NULL;
+	ids[0].status = ID_UNKNOWN;
+
+	ids[1].xid.id = getegid();
+	ids[1].xid.type = ID_TYPE_GID;
+	ids[1].sid = NULL;
+	ids[1].status = ID_UNKNOWN;
+
+	status = wbc_xids_to_sids(ids, 2);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(tmp_ctx);
+		return status;
+	}
+
+	sd->owner_sid = talloc_steal(sd, ids[0].sid);
+	sd->group_sid = talloc_steal(sd, ids[1].sid);
+
+	sd->type |= SEC_DESC_DACL_PRESENT;
+
+	/* fill in the aces from the parent */
+	status = pvfs_acl_inherit_aces(pvfs, parent_sd, sd, container);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(tmp_ctx);
+		return status;
+	}
+
+	/* if there is nothing to inherit then we fallback to the
+	   default acl */
+	if (sd->dacl == NULL || sd->dacl->num_aces == 0) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_OK;
+	}
+
+	*ret_sd = talloc_steal(mem_ctx, sd);
+
+	talloc_free(tmp_ctx);
+	return NT_STATUS_OK;
+}
+
+
+/*
+  setup an ACL on a new file/directory based on the inherited ACL from
+  the parent. If there is no inherited ACL then we don't set anything,
+  as the default ACL applies anyway
+*/
+NTSTATUS pvfs_acl_inherit(struct pvfs_state *pvfs, 
+			  struct ntvfs_request *req,
+			  struct pvfs_filename *name,
+			  int fd)
+{
+	struct xattr_NTACL acl;
+	NTSTATUS status;
+	struct security_descriptor *sd;
+	struct pvfs_filename *parent;
+	bool container;
+
+	/* form the parents path */
+	status = pvfs_resolve_parent(pvfs, req, name, &parent);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	container = (name->dos.attrib & FILE_ATTRIBUTE_DIRECTORY) ? true:false;
+
+	status = pvfs_acl_inherited_sd(pvfs, req, req, parent, container, &sd);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(parent);
+		return status;
+	}
+
+	if (sd == NULL) {
+		return NT_STATUS_OK;
+	}
+
+	acl.version = 1;
+	acl.info.sd = sd;
+
+	status = pvfs_acl_save(pvfs, name, fd, &acl);
+	talloc_free(sd);
+	talloc_free(parent);
+
+	return status;
+}
+
+/*
+  return the maximum allowed access mask
+*/
+NTSTATUS pvfs_access_maximal_allowed(struct pvfs_state *pvfs, 
+				     struct ntvfs_request *req,
+				     struct pvfs_filename *name,
+				     uint32_t *maximal_access)
+{
+	*maximal_access = SEC_FLAG_MAXIMUM_ALLOWED;
+	return pvfs_access_check(pvfs, req, name, maximal_access);
+}
diff --git a/source4/ntvfs/posix/pvfs_acl_nfs4.c b/source4/ntvfs/posix/pvfs_acl_nfs4.c
new file mode 100644
index 0000000..3ddc1b6
--- /dev/null
+++ b/source4/ntvfs/posix/pvfs_acl_nfs4.c
@@ -0,0 +1,199 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   POSIX NTVFS backend - NT ACLs mapped to NFS4 ACLs, as per
+   http://www.suse.de/~agruen/nfs4acl/
+
+   Copyright (C) Andrew Tridgell 2006
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "vfs_posix.h"
+#include "../lib/util/unix_privs.h"
+#include "librpc/gen_ndr/ndr_nfs4acl.h"
+#include "libcli/security/security.h"
+
+NTSTATUS pvfs_acl_nfs4_init(TALLOC_CTX *);
+
+#define ACE4_IDENTIFIER_GROUP 0x40
+
+/*
+  load the current ACL from system.nfs4acl
+*/
+static NTSTATUS pvfs_acl_load_nfs4(struct pvfs_state *pvfs, struct pvfs_filename *name, int fd,
+				   TALLOC_CTX *mem_ctx,
+				   struct security_descriptor **psd)
+{
+	NTSTATUS status;
+	struct nfs4acl *acl;
+	struct security_descriptor *sd;
+	int i, num_ids;
+	struct id_map *ids;
+
+	acl = talloc_zero(mem_ctx, struct nfs4acl);
+	NT_STATUS_HAVE_NO_MEMORY(acl);
+
+	status = pvfs_xattr_ndr_load(pvfs, mem_ctx, name->full_name, fd, 
+				     NFS4ACL_NDR_XATTR_NAME,
+				     acl, (void *) ndr_pull_nfs4acl);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(acl);
+		return status;
+	}
+
+	*psd = security_descriptor_initialise(mem_ctx);
+	NT_STATUS_HAVE_NO_MEMORY(*psd);
+
+	sd = *psd;
+
+	sd->type |= acl->a_flags;
+
+	/* the number of ids to map is the acl count plus uid and gid */
+	num_ids = acl->a_count +2;
+	ids = talloc_array(sd, struct id_map, num_ids);
+	NT_STATUS_HAVE_NO_MEMORY(ids);
+
+	ids[0].xid.id = name->st.st_uid;
+	ids[0].xid.type = ID_TYPE_UID;
+	ids[0].sid = NULL;
+	ids[0].status = ID_UNKNOWN;
+
+	ids[1].xid.id = name->st.st_gid;
+	ids[1].xid.type = ID_TYPE_GID;
+	ids[1].sid = NULL;
+	ids[1].status = ID_UNKNOWN;
+
+	for (i=0;i<acl->a_count;i++) {
+		struct nfs4ace *a = &acl->ace[i];
+		ids[i+2].xid.id = a->e_id;
+		if (a->e_flags & ACE4_IDENTIFIER_GROUP) {
+			ids[i+2].xid.type = ID_TYPE_GID;
+		} else {
+			ids[i+2].xid.type = ID_TYPE_UID;
+		}
+		ids[i+2].sid = NULL;
+		ids[i+2].status = ID_UNKNOWN;
+	}
+
+	/* Allocate memory for the sids from the security descriptor to be on
+	 * the safe side. */
+	status = wbc_xids_to_sids(ids, num_ids);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	sd->owner_sid = talloc_steal(sd, ids[0].sid);
+	sd->group_sid = talloc_steal(sd, ids[1].sid);
+
+	for (i=0;i<acl->a_count;i++) {
+		struct nfs4ace *a = &acl->ace[i];
+		struct security_ace ace = {};
+		ace.type = a->e_type;
+		ace.flags = a->e_flags;
+		ace.access_mask = a->e_mask;
+		ace.trustee = *ids[i+2].sid;
+		security_descriptor_dacl_add(sd, &ace);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  save the acl for a file into system.nfs4acl
+*/
+static NTSTATUS pvfs_acl_save_nfs4(struct pvfs_state *pvfs, struct pvfs_filename *name, int fd,
+				   struct security_descriptor *sd)
+{
+	NTSTATUS status;
+	void *privs;
+	struct nfs4acl acl;
+	int i;
+	TALLOC_CTX *tmp_ctx;
+	struct id_map *ids;
+
+	tmp_ctx = talloc_new(pvfs);
+	NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
+
+	acl.a_version = 0;
+	acl.a_flags   = sd->type;
+	acl.a_count   = sd->dacl?sd->dacl->num_aces:0;
+	acl.a_owner_mask = 0;
+	acl.a_group_mask = 0;
+	acl.a_other_mask = 0;
+
+	acl.ace = talloc_array(tmp_ctx, struct nfs4ace, acl.a_count);
+	if (!acl.ace) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ids = talloc_array(tmp_ctx, struct id_map, acl.a_count);
+	if (ids == NULL) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i=0;i<acl.a_count;i++) {
+		struct security_ace *ace = &sd->dacl->aces[i];
+		ZERO_STRUCT(ids[i].xid);
+		ids[i].sid = dom_sid_dup(ids, &ace->trustee);
+		if (ids[i].sid == NULL) {
+			talloc_free(tmp_ctx);
+			return NT_STATUS_NO_MEMORY;
+		}
+		ids[i].status = ID_UNKNOWN;
+	}
+
+	status = wbc_sids_to_xids(ids, acl.a_count);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(tmp_ctx);
+		return status;
+	}
+
+	for (i=0;i<acl.a_count;i++) {
+		struct nfs4ace *a = &acl.ace[i];
+		struct security_ace *ace = &sd->dacl->aces[i];
+		a->e_type  = ace->type;
+		a->e_flags = ace->flags;
+		a->e_mask  = ace->access_mask;
+		if (ids[i].xid.type != ID_TYPE_UID) {
+			a->e_flags |= ACE4_IDENTIFIER_GROUP;
+		}
+		a->e_id = ids[i].xid.id;
+		a->e_who   = "";
+	}
+
+	privs = root_privileges();
+	status = pvfs_xattr_ndr_save(pvfs, name->full_name, fd, 
+				     NFS4ACL_NDR_XATTR_NAME,
+				     &acl, (void *) ndr_push_nfs4acl);
+	talloc_free(privs);
+
+	talloc_free(tmp_ctx);
+	return status;
+}
+
+
+/*
+  initialise pvfs acl NFS4 backend
+*/
+NTSTATUS pvfs_acl_nfs4_init(TALLOC_CTX *ctx)
+{
+	struct pvfs_acl_ops ops = {
+		.name = "nfs4acl",
+		.acl_load = pvfs_acl_load_nfs4,
+		.acl_save = pvfs_acl_save_nfs4
+	};
+	return pvfs_acl_register(ctx, &ops);
+}
diff --git a/source4/ntvfs/posix/pvfs_acl_xattr.c b/source4/ntvfs/posix/pvfs_acl_xattr.c
new file mode 100644
index 0000000..1f569ca
--- /dev/null
+++ b/source4/ntvfs/posix/pvfs_acl_xattr.c
@@ -0,0 +1,104 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   POSIX NTVFS backend - NT ACLs in xattrs
+
+   Copyright (C) Andrew Tridgell 2006
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "vfs_posix.h"
+#include "../lib/util/unix_privs.h"
+#include "librpc/gen_ndr/ndr_xattr.h"
+
+NTSTATUS pvfs_acl_xattr_init(TALLOC_CTX *);
+
+/*
+  load the current ACL from extended attributes
+*/
+static NTSTATUS pvfs_acl_load_xattr(struct pvfs_state *pvfs, struct pvfs_filename *name, int fd,
+				    TALLOC_CTX *mem_ctx,
+				    struct security_descriptor **sd)
+{
+	NTSTATUS status;
+	struct xattr_NTACL *acl;
+
+	if (!(pvfs->flags & PVFS_FLAG_XATTR_ENABLE)) {
+		return NT_STATUS_NOT_FOUND;
+	}
+
+	acl = talloc_zero(mem_ctx, struct xattr_NTACL);
+	NT_STATUS_HAVE_NO_MEMORY(acl);
+
+	status = pvfs_xattr_ndr_load(pvfs, mem_ctx, name->full_name, fd, 
+				     XATTR_NTACL_NAME,
+				     acl, (void *) ndr_pull_xattr_NTACL);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(acl);
+		return status;
+	}
+
+	if (acl->version != 1) {
+		talloc_free(acl);
+		return NT_STATUS_INVALID_ACL;
+	}
+	
+	*sd = talloc_steal(mem_ctx, acl->info.sd);
+
+	return NT_STATUS_OK;
+}
+
+/*
+  save the acl for a file into filesystem xattr
+*/
+static NTSTATUS pvfs_acl_save_xattr(struct pvfs_state *pvfs, struct pvfs_filename *name, int fd,
+				    struct security_descriptor *sd)
+{
+	NTSTATUS status;
+	void *privs;
+	struct xattr_NTACL acl;
+
+	if (!(pvfs->flags & PVFS_FLAG_XATTR_ENABLE)) {
+		return NT_STATUS_OK;
+	}
+
+	acl.version = 1;
+	acl.info.sd = sd;
+
+	/* this xattr is in the "system" namespace, so we need
+	   admin privileges to set it */
+	privs = root_privileges();
+	status = pvfs_xattr_ndr_save(pvfs, name->full_name, fd, 
+				     XATTR_NTACL_NAME, 
+				     &acl, (void *) ndr_push_xattr_NTACL);
+	talloc_free(privs);
+	return status;
+}
+
+
+/*
+  initialise pvfs acl xattr backend
+*/
+NTSTATUS pvfs_acl_xattr_init(TALLOC_CTX *ctx)
+{
+	struct pvfs_acl_ops ops = {
+		.name = "xattr",
+		.acl_load = pvfs_acl_load_xattr,
+		.acl_save = pvfs_acl_save_xattr
+	};
+	return pvfs_acl_register(ctx, &ops);
+}
diff --git a/source4/ntvfs/posix/pvfs_dirlist.c b/source4/ntvfs/posix/pvfs_dirlist.c
new file mode 100644
index 0000000..1207287
--- /dev/null
+++ b/source4/ntvfs/posix/pvfs_dirlist.c
@@ -0,0 +1,411 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Andrew Tridgell 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+  directory listing functions for posix backend
+*/
+
+#include "includes.h"
+#include "vfs_posix.h"
+#include "system/dir.h"
+
+#define NAME_CACHE_SIZE 100
+
+struct name_cache_entry {
+	char *name;
+	off_t offset;
+};
+
+struct pvfs_dir {
+	struct pvfs_state *pvfs;
+	bool no_wildcard;
+	char *single_name;
+	const char *pattern;
+	off_t offset;
+	DIR *dir;
+	const char *unix_path;
+	bool end_of_search;
+	struct name_cache_entry *name_cache;
+	uint32_t name_cache_index;
+};
+
+/* these three numbers are chosen to minimise the chances of a bad
+   interaction with the OS value for 'end of directory'. On IRIX
+   telldir() returns 0xFFFFFFFF at the end of a directory, and that
+   caused an infinite loop with the original values of 0,1,2
+
+   On XFS on linux telldir returns 0x7FFFFFFF at the end of a
+   directory. Thus the change from 0x80000002, as otherwise
+   0x7FFFFFFF+0x80000002==1==DIR_OFFSET_DOTDOT
+*/
+#define DIR_OFFSET_DOT    0
+#define DIR_OFFSET_DOTDOT 1
+#define DIR_OFFSET_BASE   0x80000022
+
+/*
+  a special directory listing case where the pattern has no wildcard. We can just do a single stat()
+  thus avoiding the more expensive directory scan
+*/
+static NTSTATUS pvfs_list_no_wildcard(struct pvfs_state *pvfs, struct pvfs_filename *name,
+				      const char *pattern, struct pvfs_dir *dir)
+{
+	if (!name->exists) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	dir->pvfs = pvfs;
+	dir->no_wildcard = true;
+	dir->end_of_search = false;
+	dir->unix_path = talloc_strdup(dir, name->full_name);
+	if (!dir->unix_path) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	dir->single_name = talloc_strdup(dir, pattern);
+	if (!dir->single_name) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	dir->dir = NULL;
+	dir->offset = 0;
+	dir->pattern = NULL;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  destroy an open search
+*/
+static int pvfs_dirlist_destructor(struct pvfs_dir *dir)
+{
+	if (dir->dir) closedir(dir->dir);
+	return 0;
+}
+
+/*
+  start to read a directory
+
+  if the pattern matches no files then we return NT_STATUS_OK, with dir->count = 0
+*/
+NTSTATUS pvfs_list_start(struct pvfs_state *pvfs, struct pvfs_filename *name,
+			 TALLOC_CTX *mem_ctx, struct pvfs_dir **dirp)
+{
+	char *pattern;
+	struct pvfs_dir *dir;
+
+	(*dirp) = talloc_zero(mem_ctx, struct pvfs_dir);
+	if (*dirp == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	dir = *dirp;
+
+	/* split the unix path into a directory + pattern */
+	pattern = strrchr(name->full_name, '/');
+	if (!pattern) {
+		/* this should not happen, as pvfs_unix_path is supposed to
+		   return an absolute path */
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	*pattern++ = 0;
+
+	if (!name->has_wildcard) {
+		return pvfs_list_no_wildcard(pvfs, name, pattern, dir);
+	}
+
+	dir->unix_path = talloc_strdup(dir, name->full_name);
+	if (!dir->unix_path) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	dir->pattern = talloc_strdup(dir, pattern);
+	if (dir->pattern == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	dir->dir = opendir(name->full_name);
+	if (!dir->dir) {
+		return pvfs_map_errno(pvfs, errno);
+	}
+
+	dir->pvfs = pvfs;
+	dir->no_wildcard = false;
+	dir->end_of_search = false;
+	dir->offset = DIR_OFFSET_DOT;
+	dir->name_cache = talloc_zero_array(dir,
+					    struct name_cache_entry,
+					    NAME_CACHE_SIZE);
+	if (dir->name_cache == NULL) {
+		talloc_free(dir);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	talloc_set_destructor(dir, pvfs_dirlist_destructor);
+
+	return NT_STATUS_OK;
+}
+
+/*
+  add an entry to the local cache
+*/
+static void dcache_add(struct pvfs_dir *dir, const char *name)
+{
+	struct name_cache_entry *e;
+
+	dir->name_cache_index = (dir->name_cache_index+1) % NAME_CACHE_SIZE;
+	e = &dir->name_cache[dir->name_cache_index];
+
+	if (e->name) talloc_free(e->name);
+
+	e->name = talloc_strdup(dir->name_cache, name);
+	e->offset = dir->offset;
+}
+
+/*
+   return the next entry
+*/
+const char *pvfs_list_next(struct pvfs_dir *dir, off_t *ofs)
+{
+	struct dirent *de;
+	enum protocol_types protocol = dir->pvfs->ntvfs->ctx->protocol;
+
+	/* non-wildcard searches are easy */
+	if (dir->no_wildcard) {
+		dir->end_of_search = true;
+		if (*ofs != 0) return NULL;
+		(*ofs)++;
+		return dir->single_name;
+	}
+
+	/* . and .. are handled separately as some unix systems will
+	   not return them first in a directory, but windows client
+	   may assume that these entries always appear first */
+	if (*ofs == DIR_OFFSET_DOT) {
+		(*ofs) = DIR_OFFSET_DOTDOT;
+		dir->offset = *ofs;
+		if (ms_fnmatch_protocol(dir->pattern, ".", protocol,
+					false) == 0) {
+			dcache_add(dir, ".");
+			return ".";
+		}
+	}
+
+	if (*ofs == DIR_OFFSET_DOTDOT) {
+		(*ofs) = DIR_OFFSET_BASE;
+		dir->offset = *ofs;
+		if (ms_fnmatch_protocol(dir->pattern, "..", protocol,
+					false) == 0) {
+			dcache_add(dir, "..");
+			return "..";
+		}
+	}
+
+	if (*ofs == DIR_OFFSET_BASE) {
+		rewinddir(dir->dir);
+	} else if (*ofs != dir->offset) {
+		seekdir(dir->dir, (*ofs) - DIR_OFFSET_BASE);
+	}
+	dir->offset = *ofs;
+
+	while ((de = readdir(dir->dir))) {
+		const char *dname = de->d_name;
+
+		if (ISDOT(dname) || ISDOTDOT(dname)) {
+			continue;
+		}
+
+		if (ms_fnmatch_protocol(dir->pattern, dname, protocol,
+					false) != 0) {
+			char *short_name = pvfs_short_name_component(dir->pvfs, dname);
+			if (short_name == NULL ||
+			    ms_fnmatch_protocol(dir->pattern, short_name,
+						protocol, false) != 0) {
+				talloc_free(short_name);
+				continue;
+			}
+			talloc_free(short_name);
+		}
+
+		/* Casting is necessary to avoid signed integer overflow. */
+		dir->offset = (unsigned long)telldir(dir->dir) + (unsigned long)DIR_OFFSET_BASE;
+		(*ofs) = dir->offset;
+
+		dcache_add(dir, dname);
+
+		return dname;
+	}
+
+	dir->end_of_search = true;
+	return NULL;
+}
+
+/*
+  return unix directory of an open search
+*/
+const char *pvfs_list_unix_path(struct pvfs_dir *dir)
+{
+	return dir->unix_path;
+}
+
+/*
+  return true if end of search has been reached
+*/
+bool pvfs_list_eos(struct pvfs_dir *dir, off_t ofs)
+{
+	return dir->end_of_search;
+}
+
+/*
+  seek to the given name
+*/
+NTSTATUS pvfs_list_seek(struct pvfs_dir *dir, const char *name, off_t *ofs)
+{
+	struct dirent *de;
+	int i;
+
+	dir->end_of_search = false;
+
+	if (ISDOT(name)) {
+		dir->offset = DIR_OFFSET_DOTDOT;
+		*ofs = dir->offset;
+		return NT_STATUS_OK;
+	}
+
+	if (ISDOTDOT(name)) {
+		dir->offset = DIR_OFFSET_BASE;
+		*ofs = dir->offset;
+		return NT_STATUS_OK;
+	}
+
+	for (i=dir->name_cache_index;i>=0;i--) {
+		struct name_cache_entry *e = &dir->name_cache[i];
+		if (e->name && strcasecmp_m(name, e->name) == 0) {
+			*ofs = e->offset;
+			return NT_STATUS_OK;
+		}
+	}
+	for (i=NAME_CACHE_SIZE-1;i>dir->name_cache_index;i--) {
+		struct name_cache_entry *e = &dir->name_cache[i];
+		if (e->name && strcasecmp_m(name, e->name) == 0) {
+			*ofs = e->offset;
+			return NT_STATUS_OK;
+		}
+	}
+
+	rewinddir(dir->dir);
+
+	while ((de = readdir(dir->dir))) {
+		if (strcasecmp_m(name, de->d_name) == 0) {
+			/* Casting is necessary to avoid signed integer overflow. */
+			dir->offset = (unsigned long)telldir(dir->dir) + (unsigned long)DIR_OFFSET_BASE;
+			*ofs = dir->offset;
+			return NT_STATUS_OK;
+		}
+	}
+
+	dir->end_of_search = true;
+
+	return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+}
+
+/*
+  seek to the given offset
+*/
+NTSTATUS pvfs_list_seek_ofs(struct pvfs_dir *dir, uint32_t resume_key, off_t *ofs)
+{
+	struct dirent *de;
+	int i;
+
+	dir->end_of_search = false;
+
+	if (resume_key == DIR_OFFSET_DOT) {
+		*ofs = DIR_OFFSET_DOTDOT;
+		return NT_STATUS_OK;
+	}
+
+	if (resume_key == DIR_OFFSET_DOTDOT) {
+		*ofs = DIR_OFFSET_BASE;
+		return NT_STATUS_OK;
+	}
+
+	if (resume_key == DIR_OFFSET_BASE) {
+		rewinddir(dir->dir);
+		if ((de=readdir(dir->dir)) == NULL) {
+			dir->end_of_search = true;
+			return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+		}
+		/* Casting is necessary to avoid signed integer overflow. */
+		*ofs = (unsigned long)telldir(dir->dir) + (unsigned long)DIR_OFFSET_BASE;
+		dir->offset = *ofs;
+		return NT_STATUS_OK;
+	}
+
+	for (i=dir->name_cache_index;i>=0;i--) {
+		struct name_cache_entry *e = &dir->name_cache[i];
+		if (resume_key == (uint32_t)e->offset) {
+			*ofs = e->offset;
+			return NT_STATUS_OK;
+		}
+	}
+	for (i=NAME_CACHE_SIZE-1;i>dir->name_cache_index;i--) {
+		struct name_cache_entry *e = &dir->name_cache[i];
+		if (resume_key == (uint32_t)e->offset) {
+			*ofs = e->offset;
+			return NT_STATUS_OK;
+		}
+	}
+
+	rewinddir(dir->dir);
+
+	while ((de = readdir(dir->dir))) {
+		/* Casting is necessary to avoid signed integer overflow. */
+		dir->offset = (unsigned long)telldir(dir->dir) + (unsigned long)DIR_OFFSET_BASE;
+		if (resume_key == (uint32_t)dir->offset) {
+			*ofs = dir->offset;
+			return NT_STATUS_OK;
+		}
+	}
+
+	dir->end_of_search = true;
+
+	return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+}
+
+
+/*
+  see if a directory is empty
+*/
+bool pvfs_directory_empty(struct pvfs_state *pvfs, struct pvfs_filename *name)
+{
+	struct dirent *de;
+	DIR *dir = opendir(name->full_name);
+	if (dir == NULL) {
+		return true;
+	}
+
+	while ((de = readdir(dir))) {
+		if (!ISDOT(de->d_name) && !ISDOTDOT(de->d_name)) {
+			closedir(dir);
+			return false;
+		}
+	}
+
+	closedir(dir);
+	return true;
+}
diff --git a/source4/ntvfs/posix/pvfs_fileinfo.c b/source4/ntvfs/posix/pvfs_fileinfo.c
new file mode 100644
index 0000000..977ea4f
--- /dev/null
+++ b/source4/ntvfs/posix/pvfs_fileinfo.c
@@ -0,0 +1,158 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   POSIX NTVFS backend - 
+
+   Copyright (C) Andrew Tridgell 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "vfs_posix.h"
+#include "lib/util/time.h"
+
+/****************************************************************************
+ Change a unix mode to a dos mode.
+****************************************************************************/
+static uint32_t dos_mode_from_stat(struct pvfs_state *pvfs, struct stat *st)
+{
+	int result = 0;
+
+	if ((st->st_mode & S_IWUSR) == 0)
+		result |= FILE_ATTRIBUTE_READONLY;
+	
+	if ((pvfs->flags & PVFS_FLAG_MAP_ARCHIVE) && ((st->st_mode & S_IXUSR) != 0))
+		result |= FILE_ATTRIBUTE_ARCHIVE;
+	
+	if ((pvfs->flags & PVFS_FLAG_MAP_SYSTEM) && ((st->st_mode & S_IXGRP) != 0))
+		result |= FILE_ATTRIBUTE_SYSTEM;
+	
+	if ((pvfs->flags & PVFS_FLAG_MAP_HIDDEN) && ((st->st_mode & S_IXOTH) != 0))
+		result |= FILE_ATTRIBUTE_HIDDEN;
+  
+	if (S_ISDIR(st->st_mode))
+		result = FILE_ATTRIBUTE_DIRECTORY | (result & FILE_ATTRIBUTE_READONLY);
+
+	return result;
+}
+
+
+
+/*
+  fill in the dos file attributes for a file
+*/
+NTSTATUS pvfs_fill_dos_info(struct pvfs_state *pvfs, struct pvfs_filename *name,
+			    unsigned int flags, int fd)
+{
+	NTSTATUS status;
+	DATA_BLOB lkey;
+	NTTIME write_time;
+
+	/* make directories appear as size 0 with 1 link */
+	if (S_ISDIR(name->st.st_mode)) {
+		name->st.st_size = 0;
+		name->st.st_nlink = 1;
+	} else if (name->stream_id == 0) {
+		name->stream_name = NULL;
+	}
+
+	/* for now just use the simple samba mapping */
+	unix_to_nt_time(&name->dos.create_time, name->st.st_ctime);
+	unix_to_nt_time(&name->dos.access_time, name->st.st_atime);
+	unix_to_nt_time(&name->dos.write_time,  name->st.st_mtime);
+	unix_to_nt_time(&name->dos.change_time, name->st.st_ctime);
+	name->dos.create_time += get_ctimensec(&name->st) / 100;
+	name->dos.access_time += get_atimensec(&name->st) / 100;
+	name->dos.write_time  += get_mtimensec(&name->st) / 100;
+	name->dos.change_time += get_ctimensec(&name->st) / 100;
+	name->dos.attrib = dos_mode_from_stat(pvfs, &name->st);
+	name->dos.alloc_size = pvfs_round_alloc_size(pvfs, name->st.st_size);
+	name->dos.nlink = name->st.st_nlink;
+	name->dos.ea_size = 4;  /* TODO: Fill this in without hitting the stream bad in pvfs_doseas_load() */
+	if (pvfs->ntvfs->ctx->protocol >= PROTOCOL_SMB2_02) {
+		/* SMB2 represents a null EA with zero bytes */
+		name->dos.ea_size = 0;
+	}
+	
+	name->dos.file_id = (((uint64_t)name->st.st_dev)<<32) | name->st.st_ino;
+	name->dos.flags = 0;
+
+	status = pvfs_dosattrib_load(pvfs, name, fd);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	if (flags & PVFS_RESOLVE_NO_OPENDB) {
+		return NT_STATUS_OK;
+	}
+
+	status = pvfs_locking_key(name, name, &lkey);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	status = odb_get_file_infos(pvfs->odb_context, &lkey,
+				    NULL, &write_time);
+	data_blob_free(&lkey);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(1,("WARNING: odb_get_file_infos: %s\n", nt_errstr(status)));
+		return status;
+	}
+
+	if (!null_time(write_time)) {
+		name->dos.write_time = write_time;
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  return a set of unix file permissions for a new file or directory
+*/
+mode_t pvfs_fileperms(struct pvfs_state *pvfs, uint32_t attrib)
+{
+	mode_t mode = (S_IRUSR | S_IRGRP | S_IROTH | S_IWUSR | S_IWGRP | S_IWOTH);
+
+	if (!(pvfs->flags & PVFS_FLAG_XATTR_ENABLE) &&
+	    (attrib & FILE_ATTRIBUTE_READONLY)) {
+		mode &= ~(S_IWUSR | S_IWGRP | S_IWOTH);
+	}
+
+	if (!(pvfs->flags & PVFS_FLAG_XATTR_ENABLE)) {
+		if ((attrib & FILE_ATTRIBUTE_ARCHIVE) &&
+		    (pvfs->flags & PVFS_FLAG_MAP_ARCHIVE)) {
+			mode |= S_IXUSR;
+		}
+		if ((attrib & FILE_ATTRIBUTE_SYSTEM) &&
+		    (pvfs->flags & PVFS_FLAG_MAP_SYSTEM)) {
+			mode |= S_IXGRP;
+		}
+		if ((attrib & FILE_ATTRIBUTE_HIDDEN) &&
+		    (pvfs->flags & PVFS_FLAG_MAP_HIDDEN)) {
+			mode |= S_IXOTH;
+		}
+	}
+
+	if (attrib & FILE_ATTRIBUTE_DIRECTORY) {
+		mode |= (S_IFDIR | S_IWUSR);
+		mode |= (S_IXUSR | S_IXGRP | S_IXOTH);                 
+		mode &= pvfs->options.dir_mask;
+		mode |= pvfs->options.force_dir_mode;
+	} else {
+		mode &= pvfs->options.create_mask;
+		mode |= pvfs->options.force_create_mode;
+	}
+
+	return mode;
+}
+
+
diff --git a/source4/ntvfs/posix/pvfs_flush.c b/source4/ntvfs/posix/pvfs_flush.c
new file mode 100644
index 0000000..f425fcc
--- /dev/null
+++ b/source4/ntvfs/posix/pvfs_flush.c
@@ -0,0 +1,80 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   POSIX NTVFS backend - flush
+
+   Copyright (C) Andrew Tridgell 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "vfs_posix.h"
+
+/*
+  flush a single open file
+*/
+static void pvfs_flush_file(struct pvfs_state *pvfs, struct pvfs_file *f)
+{
+	if (f->handle->fd == -1) {
+		return;
+	}
+	if (pvfs->flags & PVFS_FLAG_STRICT_SYNC) {
+		fsync(f->handle->fd);
+	}
+}
+
+/*
+  flush a fnum
+*/
+NTSTATUS pvfs_flush(struct ntvfs_module_context *ntvfs,
+		    struct ntvfs_request *req,
+		    union smb_flush *io)
+{
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	struct pvfs_file *f;
+
+	switch (io->generic.level) {
+	case RAW_FLUSH_FLUSH:
+	case RAW_FLUSH_SMB2:
+		/* TODO: take care of io->smb2.in.unknown */
+		f = pvfs_find_fd(pvfs, req, io->generic.in.file.ntvfs);
+		if (!f) {
+			return NT_STATUS_INVALID_HANDLE;
+		}
+		pvfs_flush_file(pvfs, f);
+		io->smb2.out.reserved = 0;
+		return NT_STATUS_OK;
+
+	case RAW_FLUSH_ALL:
+		if (!(pvfs->flags & PVFS_FLAG_STRICT_SYNC)) {
+			return NT_STATUS_OK;
+		}
+
+		/* 
+		 * they are asking to flush all open files
+		 * for the given SMBPID
+		 */
+		for (f=pvfs->files.list;f;f=f->next) {
+			if (f->ntvfs->smbpid != req->smbpid) continue;
+
+			pvfs_flush_file(pvfs, f);
+		}
+
+		return NT_STATUS_OK;
+	}
+
+	return NT_STATUS_INVALID_LEVEL;
+}
diff --git a/source4/ntvfs/posix/pvfs_fsinfo.c b/source4/ntvfs/posix/pvfs_fsinfo.c
new file mode 100644
index 0000000..c355c19
--- /dev/null
+++ b/source4/ntvfs/posix/pvfs_fsinfo.c
@@ -0,0 +1,224 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   POSIX NTVFS backend - fsinfo
+
+   Copyright (C) Andrew Tridgell 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "vfs_posix.h"
+#include "librpc/gen_ndr/xattr.h"
+#include "librpc/ndr/libndr.h"
+
+/* We use libblkid out of e2fsprogs to identify UUID of a volume */
+#ifdef HAVE_LIBBLKID
+#include <blkid/blkid.h>
+#endif
+
+static NTSTATUS pvfs_blkid_fs_uuid(struct pvfs_state *pvfs, struct stat *st, struct GUID *uuid)
+{
+#ifdef HAVE_LIBBLKID
+	NTSTATUS status;
+	char *uuid_value = NULL;
+	char *devname = NULL;
+
+	devname = blkid_devno_to_devname(st->st_dev);
+	if (!devname) {
+		ZERO_STRUCTP(uuid);
+		return NT_STATUS_OK;
+	}
+
+	uuid_value = blkid_get_tag_value(NULL, "UUID", devname);
+	free(devname);
+	if (!uuid_value) {
+		ZERO_STRUCTP(uuid);
+		return NT_STATUS_OK;
+	}
+
+	status = GUID_from_string(uuid_value, uuid);
+	free(uuid_value);
+	if (!NT_STATUS_IS_OK(status)) {
+		ZERO_STRUCTP(uuid);
+		return NT_STATUS_OK;
+	}
+	return NT_STATUS_OK;
+#else
+	ZERO_STRUCTP(uuid);
+	return NT_STATUS_OK;
+#endif
+}
+
+static NTSTATUS pvfs_cache_base_fs_uuid(struct pvfs_state *pvfs, struct stat *st)
+{
+	NTSTATUS status;
+	struct GUID uuid;
+
+	if (pvfs->base_fs_uuid) return NT_STATUS_OK;
+
+	status = pvfs_blkid_fs_uuid(pvfs, st, &uuid);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	pvfs->base_fs_uuid = talloc(pvfs, struct GUID);
+	NT_STATUS_HAVE_NO_MEMORY(pvfs->base_fs_uuid);
+	*pvfs->base_fs_uuid = uuid;
+
+	return NT_STATUS_OK;
+}
+/*
+  return filesystem space info
+*/
+NTSTATUS pvfs_fsinfo(struct ntvfs_module_context *ntvfs,
+		     struct ntvfs_request *req, union smb_fsinfo *fs)
+{
+	NTSTATUS status;
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	uint64_t blocks_free, blocks_total;
+	unsigned int bpunit;
+	struct stat st;
+	const uint16_t block_size = 512;
+
+	/* only some levels need the expensive sys_fsusage() call */
+	switch (fs->generic.level) {
+	case RAW_QFS_DSKATTR:
+	case RAW_QFS_ALLOCATION:
+	case RAW_QFS_SIZE_INFO:
+	case RAW_QFS_SIZE_INFORMATION:
+	case RAW_QFS_FULL_SIZE_INFORMATION:
+		if (sys_fsusage(pvfs->base_directory, &blocks_free, &blocks_total) == -1) {
+			return pvfs_map_errno(pvfs, errno);
+		}
+		break;
+	default:
+		break;
+	}
+
+	if (stat(pvfs->base_directory, &st) != 0) {
+		return NT_STATUS_DISK_CORRUPT_ERROR;
+	}
+
+	/* now fill in the out fields */
+	switch (fs->generic.level) {
+	case RAW_QFS_GENERIC:
+		return NT_STATUS_INVALID_LEVEL;
+
+	case RAW_QFS_DSKATTR:
+		/* we need to scale the sizes to fit */
+		for (bpunit=64; bpunit<0x10000; bpunit *= 2) {
+			if (blocks_total * (double)block_size < bpunit * 512 * 65535.0) {
+				break;
+			}
+		}
+		fs->dskattr.out.blocks_per_unit = bpunit;
+		fs->dskattr.out.block_size = block_size;
+		fs->dskattr.out.units_total = (blocks_total * (double)block_size) / (bpunit * 512);
+		fs->dskattr.out.units_free  = (blocks_free  * (double)block_size) / (bpunit * 512);
+
+		/* we must return a maximum of 2G to old DOS systems, or they get very confused */
+		if (bpunit > 64 && req->ctx->protocol <= PROTOCOL_LANMAN2) {
+			fs->dskattr.out.blocks_per_unit = 64;
+			fs->dskattr.out.units_total = 0xFFFF;
+			fs->dskattr.out.units_free = 0xFFFF;
+		}
+		return NT_STATUS_OK;
+
+	case RAW_QFS_ALLOCATION:
+		fs->allocation.out.fs_id = st.st_dev;
+		fs->allocation.out.total_alloc_units = blocks_total;
+		fs->allocation.out.avail_alloc_units = blocks_free;
+		fs->allocation.out.sectors_per_unit = 1;
+		fs->allocation.out.bytes_per_sector = block_size;
+		return NT_STATUS_OK;
+
+	case RAW_QFS_VOLUME:
+		fs->volume.out.serial_number = st.st_ino;
+		fs->volume.out.volume_name.s = pvfs->share_name;
+		return NT_STATUS_OK;
+
+	case RAW_QFS_VOLUME_INFO:
+	case RAW_QFS_VOLUME_INFORMATION:
+		unix_to_nt_time(&fs->volume_info.out.create_time, st.st_ctime);
+		fs->volume_info.out.serial_number = st.st_ino;
+		fs->volume_info.out.volume_name.s = pvfs->share_name;
+		return NT_STATUS_OK;
+
+	case RAW_QFS_SIZE_INFO:
+	case RAW_QFS_SIZE_INFORMATION:
+		fs->size_info.out.total_alloc_units = blocks_total;
+		fs->size_info.out.avail_alloc_units = blocks_free;
+		fs->size_info.out.sectors_per_unit = 1;
+		fs->size_info.out.bytes_per_sector = block_size;
+		return NT_STATUS_OK;
+
+	case RAW_QFS_DEVICE_INFO:
+	case RAW_QFS_DEVICE_INFORMATION:
+		fs->device_info.out.device_type = 0;
+		fs->device_info.out.characteristics = 0;
+		return NT_STATUS_OK;
+
+	case RAW_QFS_ATTRIBUTE_INFO:
+	case RAW_QFS_ATTRIBUTE_INFORMATION:
+		fs->attribute_info.out.fs_attr                   = pvfs->fs_attribs;
+		fs->attribute_info.out.max_file_component_length = 255;
+		fs->attribute_info.out.fs_type.s                 = ntvfs->ctx->fs_type;
+		return NT_STATUS_OK;
+
+	case RAW_QFS_QUOTA_INFORMATION:
+		ZERO_STRUCT(fs->quota_information.out.unknown);
+		fs->quota_information.out.quota_soft = 0;
+		fs->quota_information.out.quota_hard = 0;
+		fs->quota_information.out.quota_flags = 0;
+		return NT_STATUS_OK;
+
+	case RAW_QFS_FULL_SIZE_INFORMATION:
+		fs->full_size_information.out.total_alloc_units = blocks_total;
+		fs->full_size_information.out.call_avail_alloc_units = blocks_free;
+		fs->full_size_information.out.actual_avail_alloc_units = blocks_free;
+		fs->full_size_information.out.sectors_per_unit = 1;
+		fs->full_size_information.out.bytes_per_sector = block_size;
+		return NT_STATUS_OK;
+
+	case RAW_QFS_OBJECTID_INFORMATION:
+		ZERO_STRUCT(fs->objectid_information.out.guid);
+		ZERO_STRUCT(fs->objectid_information.out.unknown);
+
+		status = pvfs_cache_base_fs_uuid(pvfs, &st);
+		NT_STATUS_NOT_OK_RETURN(status);
+
+		fs->objectid_information.out.guid = *pvfs->base_fs_uuid;
+		return NT_STATUS_OK;
+
+	case RAW_QFS_SECTOR_SIZE_INFORMATION:
+		fs->sector_size_info.out.logical_bytes_per_sector = block_size;
+		fs->sector_size_info.out.phys_bytes_per_sector_atomic
+								= block_size;
+		fs->sector_size_info.out.phys_bytes_per_sector_perf
+								= block_size;
+		fs->sector_size_info.out.fs_effective_phys_bytes_per_sector_atomic
+								= block_size;
+		fs->sector_size_info.out.flags
+					= QFS_SSINFO_FLAGS_ALIGNED_DEVICE
+				| QFS_SSINFO_FLAGS_PARTITION_ALIGNED_ON_DEVICE;
+		fs->sector_size_info.out.byte_off_sector_align = 0;
+		fs->sector_size_info.out.byte_off_partition_align = 0;
+		return NT_STATUS_OK;
+
+	default:
+		break;
+	}
+	return NT_STATUS_INVALID_LEVEL;
+}
diff --git a/source4/ntvfs/posix/pvfs_ioctl.c b/source4/ntvfs/posix/pvfs_ioctl.c
new file mode 100644
index 0000000..1d5e8fd
--- /dev/null
+++ b/source4/ntvfs/posix/pvfs_ioctl.c
@@ -0,0 +1,82 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   POSIX NTVFS backend - open and close
+
+   Copyright (C) Andrew Tridgell 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "vfs_posix.h"
+#include "../libcli/smb/smb_constants.h"
+
+/*
+  old ioctl interface 
+*/
+static NTSTATUS pvfs_ioctl_old(struct ntvfs_module_context *ntvfs,
+			struct ntvfs_request *req, union smb_ioctl *io)
+{
+	return NT_STATUS_DOS(ERRSRV, ERRerror);
+}
+
+/*
+  nt ioctl interface 
+*/
+static NTSTATUS pvfs_ntioctl(struct ntvfs_module_context *ntvfs,
+			     struct ntvfs_request *req, union smb_ioctl *io)
+{
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	struct pvfs_file *f;
+
+	f = pvfs_find_fd(pvfs, req, io->ntioctl.in.file.ntvfs);
+	if (!f) {
+		return NT_STATUS_INVALID_HANDLE;
+	}
+
+	switch (io->ntioctl.in.function) {
+	case FSCTL_SET_SPARSE:
+		/* maybe some posix systems have a way of marking
+		   a file non-sparse? */
+		io->ntioctl.out.blob = data_blob(NULL, 0);
+		return NT_STATUS_OK;
+	}
+
+	return NT_STATUS_NOT_SUPPORTED;
+}
+
+/*
+  ioctl interface 
+*/
+NTSTATUS pvfs_ioctl(struct ntvfs_module_context *ntvfs,
+		    struct ntvfs_request *req,
+		    union smb_ioctl *io)
+{
+	switch (io->generic.level) {
+	case RAW_IOCTL_IOCTL:
+		return pvfs_ioctl_old(ntvfs, req, io);
+
+	case RAW_IOCTL_NTIOCTL:
+		return pvfs_ntioctl(ntvfs, req, io);
+
+	case RAW_IOCTL_SMB2:
+	case RAW_IOCTL_SMB2_NO_HANDLE:
+		/* see WSPP SMB2 test 46 */
+		return NT_STATUS_INVALID_DEVICE_REQUEST;
+	}
+
+	return NT_STATUS_INVALID_LEVEL;
+}
diff --git a/source4/ntvfs/posix/pvfs_lock.c b/source4/ntvfs/posix/pvfs_lock.c
new file mode 100644
index 0000000..0802ded
--- /dev/null
+++ b/source4/ntvfs/posix/pvfs_lock.c
@@ -0,0 +1,404 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   POSIX NTVFS backend - locking
+
+   Copyright (C) Andrew Tridgell 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "vfs_posix.h"
+#include "system/time.h"
+#include "../lib/util/dlinklist.h"
+#include "messaging/messaging.h"
+
+
+/*
+  check if we can perform IO on a range that might be locked
+*/
+NTSTATUS pvfs_check_lock(struct pvfs_state *pvfs,
+			 struct pvfs_file *f,
+			 uint32_t smbpid,
+			 uint64_t offset, uint64_t count,
+			 enum brl_type rw)
+{
+	if (!(pvfs->flags & PVFS_FLAG_STRICT_LOCKING)) {
+		return NT_STATUS_OK;
+	}
+
+	return brlock_locktest(pvfs->brl_context,
+			    f->brl_handle,
+			    smbpid,
+			    offset, count, rw);
+}
+
+/* this state structure holds information about a lock we are waiting on */
+struct pvfs_pending_lock {
+	struct pvfs_pending_lock *next, *prev;
+	struct pvfs_state *pvfs;
+	union smb_lock *lck;
+	struct pvfs_file *f;
+	struct ntvfs_request *req;
+	int pending_lock;
+	struct pvfs_wait *wait_handle;
+	struct timeval end_time;
+};
+
+/*
+  a secondary attempt to setup a lock has failed - back out
+  the locks we did get and send an error
+*/
+static void pvfs_lock_async_failed(struct pvfs_state *pvfs,
+				   struct ntvfs_request *req,
+				   struct pvfs_file *f,
+				   struct smb_lock_entry *locks,
+				   int i,
+				   NTSTATUS status)
+{
+	/* undo the locks we just did */
+	for (i--;i>=0;i--) {
+		brlock_unlock(pvfs->brl_context,
+			   f->brl_handle,
+			   locks[i].pid,
+			   locks[i].offset,
+			   locks[i].count);
+		f->lock_count--;
+	}
+	req->async_states->status = status;
+	req->async_states->send_fn(req);
+}
+
+
+/*
+  called when we receive a pending lock notification. It means that
+  either our lock timed out or someone else has unlocked a overlapping
+  range, so we should try the lock again. Note that on timeout we
+  do retry the lock, giving it a last chance.
+*/
+static void pvfs_pending_lock_continue(void *private_data, enum pvfs_wait_notice reason)
+{
+	struct pvfs_pending_lock *pending = talloc_get_type(private_data,
+					    struct pvfs_pending_lock);
+	struct pvfs_state *pvfs = pending->pvfs;
+	struct pvfs_file *f = pending->f;
+	struct ntvfs_request *req = pending->req;
+	union smb_lock *lck = pending->lck;
+	struct smb_lock_entry *locks;
+	enum brl_type rw;
+	NTSTATUS status;
+	int i;
+	bool timed_out;
+
+	timed_out = (reason != PVFS_WAIT_EVENT);
+
+	locks = lck->lockx.in.locks + lck->lockx.in.ulock_cnt;
+
+	if (lck->lockx.in.mode & LOCKING_ANDX_SHARED_LOCK) {
+		rw = READ_LOCK;
+	} else {
+		rw = WRITE_LOCK;
+	}
+
+	DLIST_REMOVE(f->pending_list, pending);
+
+	/* we don't retry on a cancel */
+	if (reason == PVFS_WAIT_CANCEL) {
+		if (pvfs->ntvfs->ctx->protocol < PROTOCOL_SMB2_02) {
+			status = NT_STATUS_FILE_LOCK_CONFLICT;
+		} else {
+			status = NT_STATUS_CANCELLED;
+		}
+	} else {
+		/* 
+		 * here it's important to pass the pending pointer
+		 * because with this we'll get the correct error code
+		 * FILE_LOCK_CONFLICT in the error case
+		 */
+		status = brlock_lock(pvfs->brl_context,
+				  f->brl_handle,
+				  locks[pending->pending_lock].pid,
+				  locks[pending->pending_lock].offset,
+				  locks[pending->pending_lock].count,
+				  rw, pending);
+	}
+	if (NT_STATUS_IS_OK(status)) {
+		f->lock_count++;
+		timed_out = false;
+	}
+
+	/* if we have failed and timed out, or succeeded, then we
+	   don't need the pending lock any more */
+	if (NT_STATUS_IS_OK(status) || timed_out) {
+		NTSTATUS status2;
+		status2 = brlock_remove_pending(pvfs->brl_context, 
+					     f->brl_handle, pending);
+		if (!NT_STATUS_IS_OK(status2)) {
+			DEBUG(0,("pvfs_lock: failed to remove pending lock - %s\n", nt_errstr(status2)));
+		}
+		talloc_free(pending->wait_handle);
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		if (timed_out) {
+			/* no more chances */
+			pvfs_lock_async_failed(pvfs, req, f, locks, pending->pending_lock, status);
+			talloc_free(pending);
+		} else {
+			/* we can try again */
+			DLIST_ADD(f->pending_list, pending);
+		}
+		return;
+	}
+
+	/* if we haven't timed out yet, then we can do more pending locks */
+	if (rw == READ_LOCK) {
+		rw = PENDING_READ_LOCK;
+	} else {
+		rw = PENDING_WRITE_LOCK;
+	}
+
+	/* we've now got the pending lock. try and get the rest, which might
+	   lead to more pending locks */
+	for (i=pending->pending_lock+1;i<lck->lockx.in.lock_cnt;i++) {		
+		pending->pending_lock = i;
+
+		status = brlock_lock(pvfs->brl_context,
+				  f->brl_handle,
+				  locks[i].pid,
+				  locks[i].offset,
+				  locks[i].count,
+				  rw, pending);
+		if (!NT_STATUS_IS_OK(status)) {
+			/* a timed lock failed - setup a wait message to handle
+			   the pending lock notification or a timeout */
+			pending->wait_handle = pvfs_wait_message(pvfs, req, MSG_BRL_RETRY,
+								 pending->end_time,
+								 pvfs_pending_lock_continue,
+								 pending);
+			if (pending->wait_handle == NULL) {
+				pvfs_lock_async_failed(pvfs, req, f, locks, i, NT_STATUS_NO_MEMORY);
+				talloc_free(pending);
+			} else {
+				talloc_steal(pending, pending->wait_handle);
+				DLIST_ADD(f->pending_list, pending);
+			}
+			return;
+		}
+
+		f->lock_count++;
+	}
+
+	/* we've managed to get all the locks. Tell the client */
+	req->async_states->status = NT_STATUS_OK;
+	req->async_states->send_fn(req);
+	talloc_free(pending);
+}
+
+
+/*
+  called when we close a file that might have locks
+*/
+void pvfs_lock_close(struct pvfs_state *pvfs, struct pvfs_file *f)
+{
+	struct pvfs_pending_lock *p, *next;
+
+	if (f->lock_count || f->pending_list) {
+		DEBUG(5,("pvfs_lock: removing %.0f locks on close\n", 
+			 (double)f->lock_count));
+		brlock_close(f->pvfs->brl_context, f->brl_handle);
+		f->lock_count = 0;
+	}
+
+	/* reply to all the pending lock requests, telling them the 
+	   lock failed */
+	for (p=f->pending_list;p;p=next) {
+		next = p->next;
+		DLIST_REMOVE(f->pending_list, p);
+		p->req->async_states->status = NT_STATUS_RANGE_NOT_LOCKED;
+		p->req->async_states->send_fn(p->req);
+	}
+}
+
+
+/*
+  cancel a set of locks
+*/
+static NTSTATUS pvfs_lock_cancel(struct pvfs_state *pvfs, struct ntvfs_request *req, union smb_lock *lck,
+				 struct pvfs_file *f)
+{
+	struct pvfs_pending_lock *p;
+
+	for (p=f->pending_list;p;p=p->next) {
+		/* check if the lock request matches exactly - you can only cancel with exact matches */
+		if (p->lck->lockx.in.ulock_cnt == lck->lockx.in.ulock_cnt &&
+		    p->lck->lockx.in.lock_cnt  == lck->lockx.in.lock_cnt &&
+		    p->lck->lockx.in.file.ntvfs== lck->lockx.in.file.ntvfs &&
+		    p->lck->lockx.in.mode      == (lck->lockx.in.mode & ~LOCKING_ANDX_CANCEL_LOCK)) {
+			int i;
+
+			for (i=0;i<lck->lockx.in.ulock_cnt + lck->lockx.in.lock_cnt;i++) {
+				if (p->lck->lockx.in.locks[i].pid != lck->lockx.in.locks[i].pid ||
+				    p->lck->lockx.in.locks[i].offset != lck->lockx.in.locks[i].offset ||
+				    p->lck->lockx.in.locks[i].count != lck->lockx.in.locks[i].count) {
+					break;
+				}
+			}
+			if (i < lck->lockx.in.ulock_cnt) continue;
+
+			/* an exact match! we can cancel it, which is equivalent
+			   to triggering the timeout early */
+			pvfs_pending_lock_continue(p, PVFS_WAIT_TIMEOUT);
+			return NT_STATUS_OK;
+		}
+	}
+
+	return NT_STATUS_DOS(ERRDOS, ERRcancelviolation);
+}
+
+
+/*
+  lock or unlock a byte range
+*/
+NTSTATUS pvfs_lock(struct ntvfs_module_context *ntvfs,
+		   struct ntvfs_request *req, union smb_lock *lck)
+{
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	struct pvfs_file *f;
+	struct smb_lock_entry *locks;
+	int i;
+	enum brl_type rw;
+	struct pvfs_pending_lock *pending = NULL;
+	NTSTATUS status;
+
+	if (lck->generic.level != RAW_LOCK_GENERIC) {
+		return ntvfs_map_lock(ntvfs, req, lck);
+	}
+
+	if (lck->lockx.in.mode & LOCKING_ANDX_OPLOCK_RELEASE) {
+		return pvfs_oplock_release(ntvfs, req, lck);
+	}
+
+	f = pvfs_find_fd(pvfs, req, lck->lockx.in.file.ntvfs);
+	if (!f) {
+		return NT_STATUS_INVALID_HANDLE;
+	}
+
+	if (f->handle->fd == -1) {
+		return NT_STATUS_FILE_IS_A_DIRECTORY;
+	}
+
+	status = pvfs_break_level2_oplocks(f);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	if (lck->lockx.in.timeout != 0 && 
+	    (req->async_states->state & NTVFS_ASYNC_STATE_MAY_ASYNC)) {
+		pending = talloc(f, struct pvfs_pending_lock);
+		if (pending == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		pending->pvfs = pvfs;
+		pending->lck = lck;
+		pending->f = f;
+		pending->req = req;
+
+		pending->end_time = 
+			timeval_current_ofs_msec(lck->lockx.in.timeout);
+	}
+
+	if (lck->lockx.in.mode & LOCKING_ANDX_SHARED_LOCK) {
+		rw = pending? PENDING_READ_LOCK : READ_LOCK;
+	} else {
+		rw = pending? PENDING_WRITE_LOCK : WRITE_LOCK;
+	}
+
+	if (lck->lockx.in.mode & LOCKING_ANDX_CANCEL_LOCK) {
+		talloc_free(pending);
+		return pvfs_lock_cancel(pvfs, req, lck, f);
+	}
+
+	if (lck->lockx.in.mode & LOCKING_ANDX_CHANGE_LOCKTYPE) {
+		/* this seems to not be supported by any windows server,
+		   or used by any clients */
+		talloc_free(pending);
+		return NT_STATUS_DOS(ERRDOS, ERRnoatomiclocks);
+	}
+
+	/* the unlocks happen first */
+	locks = lck->lockx.in.locks;
+
+	for (i=0;i<lck->lockx.in.ulock_cnt;i++) {
+		status = brlock_unlock(pvfs->brl_context,
+				    f->brl_handle,
+				    locks[i].pid,
+				    locks[i].offset,
+				    locks[i].count);
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(pending);
+			return status;
+		}
+		f->lock_count--;
+	}
+
+	locks += i;
+
+	for (i=0;i<lck->lockx.in.lock_cnt;i++) {
+		if (pending) {
+			pending->pending_lock = i;
+		}
+
+		status = brlock_lock(pvfs->brl_context,
+				  f->brl_handle,
+				  locks[i].pid,
+				  locks[i].offset,
+				  locks[i].count,
+				  rw, pending);
+		if (!NT_STATUS_IS_OK(status)) {
+			if (pending) {
+				/* a timed lock failed - setup a wait message to handle
+				   the pending lock notification or a timeout */
+				pending->wait_handle = pvfs_wait_message(pvfs, req, MSG_BRL_RETRY, 
+									 pending->end_time,
+									 pvfs_pending_lock_continue,
+									 pending);
+				if (pending->wait_handle == NULL) {
+					talloc_free(pending);
+					return NT_STATUS_NO_MEMORY;
+				}
+				talloc_steal(pending, pending->wait_handle);
+				DLIST_ADD(f->pending_list, pending);
+				return NT_STATUS_OK;
+			}
+
+			/* undo the locks we just did */
+			for (i--;i>=0;i--) {
+				brlock_unlock(pvfs->brl_context,
+					   f->brl_handle,
+					   locks[i].pid,
+					   locks[i].offset,
+					   locks[i].count);
+				f->lock_count--;
+			}
+			talloc_free(pending);
+			return status;
+		}
+		f->lock_count++;
+	}
+
+	talloc_free(pending);
+	return NT_STATUS_OK;
+}
diff --git a/source4/ntvfs/posix/pvfs_mkdir.c b/source4/ntvfs/posix/pvfs_mkdir.c
new file mode 100644
index 0000000..2cf43ab
--- /dev/null
+++ b/source4/ntvfs/posix/pvfs_mkdir.c
@@ -0,0 +1,196 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   POSIX NTVFS backend - mkdir and rmdir
+
+   Copyright (C) Andrew Tridgell 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/dir.h"
+#include "vfs_posix.h"
+#include "librpc/gen_ndr/security.h"
+
+/*
+  create a directory with EAs
+*/
+static NTSTATUS pvfs_t2mkdir(struct pvfs_state *pvfs,
+			     struct ntvfs_request *req, union smb_mkdir *md)
+{
+	NTSTATUS status;
+	struct pvfs_filename *name;
+	mode_t mode;
+
+	/* resolve the cifs name to a posix name */
+	status = pvfs_resolve_name(pvfs, req, md->t2mkdir.in.path, 0, &name);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (name->exists) {
+		return NT_STATUS_OBJECT_NAME_COLLISION;
+	}
+
+	status = pvfs_access_check_parent(pvfs, req, name, SEC_DIR_ADD_FILE);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	mode = pvfs_fileperms(pvfs, FILE_ATTRIBUTE_DIRECTORY);
+
+	if (pvfs_sys_mkdir(pvfs, name->full_name, mode, name->allow_override) == -1) {
+		return pvfs_map_errno(pvfs, errno);
+	}
+
+	pvfs_xattr_unlink_hook(pvfs, name->full_name);
+
+	status = pvfs_resolve_name(pvfs, req, md->t2mkdir.in.path, 0, &name);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+	if (!name->exists ||
+	    !(name->dos.attrib & FILE_ATTRIBUTE_DIRECTORY)) {
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	/* setup an inherited acl from the parent */
+	status = pvfs_acl_inherit(pvfs, req, name, -1);
+	if (!NT_STATUS_IS_OK(status)) {
+		pvfs_sys_rmdir(pvfs, name->full_name, name->allow_override);
+		return status;
+	}
+
+	/* setup any EAs that were asked for */
+	status = pvfs_setfileinfo_ea_set(pvfs, name, -1, 
+					 md->t2mkdir.in.num_eas,
+					 md->t2mkdir.in.eas);
+	if (!NT_STATUS_IS_OK(status)) {
+		pvfs_sys_rmdir(pvfs, name->full_name, name->allow_override);
+		return status;
+	}
+
+	notify_trigger(pvfs->notify_context, 
+		       NOTIFY_ACTION_ADDED, 
+		       FILE_NOTIFY_CHANGE_DIR_NAME,
+		       name->full_name);
+
+	return NT_STATUS_OK;
+}
+
+/*
+  create a directory
+*/
+NTSTATUS pvfs_mkdir(struct ntvfs_module_context *ntvfs,
+		    struct ntvfs_request *req, union smb_mkdir *md)
+{
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	NTSTATUS status;
+	struct pvfs_filename *name;
+	mode_t mode;
+
+	if (md->generic.level == RAW_MKDIR_T2MKDIR) {
+		return pvfs_t2mkdir(pvfs, req, md);
+	}
+
+	if (md->generic.level != RAW_MKDIR_MKDIR) {
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	/* resolve the cifs name to a posix name */
+	status = pvfs_resolve_name(pvfs, req, md->mkdir.in.path, 0, &name);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (name->exists) {
+		return NT_STATUS_OBJECT_NAME_COLLISION;
+	}
+
+	status = pvfs_access_check_parent(pvfs, req, name, SEC_DIR_ADD_FILE);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	mode = pvfs_fileperms(pvfs, FILE_ATTRIBUTE_DIRECTORY);
+
+	if (pvfs_sys_mkdir(pvfs, name->full_name, mode, name->allow_override) == -1) {
+		return pvfs_map_errno(pvfs, errno);
+	}
+
+	pvfs_xattr_unlink_hook(pvfs, name->full_name);
+
+	/* setup an inherited acl from the parent */
+	status = pvfs_acl_inherit(pvfs, req, name, -1);
+	if (!NT_STATUS_IS_OK(status)) {
+		pvfs_sys_rmdir(pvfs, name->full_name, name->allow_override);
+		return status;
+	}
+
+	notify_trigger(pvfs->notify_context, 
+		       NOTIFY_ACTION_ADDED, 
+		       FILE_NOTIFY_CHANGE_DIR_NAME,
+		       name->full_name);
+
+	return NT_STATUS_OK;
+}
+
+/*
+  remove a directory
+*/
+NTSTATUS pvfs_rmdir(struct ntvfs_module_context *ntvfs,
+		    struct ntvfs_request *req, struct smb_rmdir *rd)
+{
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	NTSTATUS status;
+	struct pvfs_filename *name;
+
+	/* resolve the cifs name to a posix name */
+	status = pvfs_resolve_name(pvfs, req, rd->in.path, 0, &name);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (!name->exists) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	status = pvfs_access_check_simple(pvfs, req, name, SEC_STD_DELETE);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	status = pvfs_xattr_unlink_hook(pvfs, name->full_name);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (pvfs_sys_rmdir(pvfs, name->full_name, name->allow_override) == -1) {
+		/* some olders systems don't return ENOTEMPTY to rmdir() */
+		if (errno == EEXIST) {
+			return NT_STATUS_DIRECTORY_NOT_EMPTY;
+		}
+		return pvfs_map_errno(pvfs, errno);
+	}
+
+	notify_trigger(pvfs->notify_context, 
+		       NOTIFY_ACTION_REMOVED, 
+		       FILE_NOTIFY_CHANGE_DIR_NAME,
+		       name->full_name);
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/ntvfs/posix/pvfs_notify.c b/source4/ntvfs/posix/pvfs_notify.c
new file mode 100644
index 0000000..91a151b
--- /dev/null
+++ b/source4/ntvfs/posix/pvfs_notify.c
@@ -0,0 +1,300 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   POSIX NTVFS backend - notify
+
+   Copyright (C) Andrew Tridgell 2006
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "vfs_posix.h"
+#include "lib/messaging/irpc.h"
+#include "messaging/messaging.h"
+#include "../lib/util/dlinklist.h"
+#include "lib/events/events.h"
+
+/* pending notifies buffer, hung off struct pvfs_file for open directories
+   that have used change notify */
+struct pvfs_notify_buffer {
+	struct pvfs_file *f;
+	uint32_t num_changes;
+	struct notify_changes *changes;
+	uint32_t max_buffer_size;
+	uint32_t current_buffer_size;
+	bool overflowed;
+
+	/* a list of requests waiting for events on this handle */
+	struct notify_pending {
+		struct notify_pending *next, *prev;
+		struct ntvfs_request *req;
+		union smb_notify *info;
+	} *pending;
+};
+
+/*
+  send a notify on the next event run. 
+*/
+static void pvfs_notify_send_next(struct tevent_context *ev, struct tevent_timer *te, 
+				  struct timeval t, void *ptr)
+{
+	struct ntvfs_request *req = talloc_get_type(ptr, struct ntvfs_request);
+	req->async_states->send_fn(req);
+}
+
+
+/*
+  send a reply to a pending notify request
+*/
+static void pvfs_notify_send(struct pvfs_notify_buffer *notify_buffer, 
+			     NTSTATUS status, bool immediate)
+{
+	struct notify_pending *pending = notify_buffer->pending;
+	struct ntvfs_request *req;
+	union smb_notify *info;
+
+	if (notify_buffer->current_buffer_size > notify_buffer->max_buffer_size && 
+	    notify_buffer->num_changes != 0) {
+		/* on buffer overflow return no changes and destroys the notify buffer */
+		notify_buffer->num_changes = 0;
+		while (notify_buffer->pending) {
+			pvfs_notify_send(notify_buffer, NT_STATUS_OK, immediate);
+		}
+		notify_buffer->overflowed = true;
+		return;
+	}
+
+	/* see if there is anyone waiting */
+	if (notify_buffer->pending == NULL) {
+		return;
+	}
+
+	DLIST_REMOVE(notify_buffer->pending, pending);
+
+	req = pending->req;
+	info = pending->info;
+
+	info->nttrans.out.num_changes = notify_buffer->num_changes;
+	info->nttrans.out.changes = talloc_steal(req, notify_buffer->changes);
+	notify_buffer->num_changes = 0;
+	notify_buffer->overflowed = false;
+	notify_buffer->changes = NULL;
+	notify_buffer->current_buffer_size = 0;
+
+	talloc_free(pending);
+
+	if (info->nttrans.out.num_changes != 0) {
+		status = NT_STATUS_OK;
+	}
+
+	req->async_states->status = status;
+
+	if (immediate) {
+		req->async_states->send_fn(req);
+		return;
+	} 
+
+	/* we can't call pvfs_notify_send() directly here, as that
+	   would free the request, and the ntvfs modules above us
+	   could use it, so call it on the next event */
+	tevent_add_timer(req->ctx->event_ctx,
+			req, timeval_zero(), pvfs_notify_send_next, req);
+}
+
+/*
+  destroy a notify buffer. Called when the handle is closed
+ */
+static int pvfs_notify_destructor(struct pvfs_notify_buffer *n)
+{
+	notify_remove(n->f->pvfs->notify_context, n);
+	n->f->notify_buffer = NULL;
+	pvfs_notify_send(n, NT_STATUS_OK, true);
+	return 0;
+}
+
+
+/*
+  called when a async notify event comes in
+*/
+static void pvfs_notify_callback(void *private_data, const struct notify_event *ev)
+{
+	struct pvfs_notify_buffer *n = talloc_get_type(private_data, struct pvfs_notify_buffer);
+	size_t len;
+	struct notify_changes *n2;
+	char *new_path;
+
+	if (n->overflowed) {
+		return;
+	}
+
+	n2 = talloc_realloc(n, n->changes, struct notify_changes, n->num_changes+1);
+	if (n2 == NULL) {
+		/* nothing much we can do for this */
+		return;
+	}
+	n->changes = n2;
+
+	new_path = talloc_strdup(n->changes, ev->path);
+	if (new_path == NULL) {
+		return;
+	}
+	string_replace(new_path, '/', '\\');
+
+	n->changes[n->num_changes].action = ev->action;
+	n->changes[n->num_changes].name.s = new_path;
+	n->num_changes++;
+
+	/*
+	  work out how much room this will take in the buffer
+	*/
+	len = 12 + strlen_m(ev->path)*2;
+	if (len & 3) {
+		len += 4 - (len & 3);
+	}
+	n->current_buffer_size += len;
+
+	/* send what we have, unless its the first part of a rename */
+	if (ev->action != NOTIFY_ACTION_OLD_NAME) {
+		pvfs_notify_send(n, NT_STATUS_OK, true);
+	}
+}
+
+/*
+  setup a notify buffer on a directory handle
+*/
+static NTSTATUS pvfs_notify_setup(struct pvfs_state *pvfs, struct pvfs_file *f, 
+				  uint32_t buffer_size, uint32_t filter, bool recursive)
+{
+	NTSTATUS status;
+	struct notify_entry e;
+	
+	/* We may not fill in all the elements in this entry -
+	 * structure may in future be shared with Samba3 */
+	ZERO_STRUCT(e);
+
+	/* We may not fill in all the elements in this entry -
+	 * structure may in future be shared with Samba3 */
+	ZERO_STRUCT(e);
+
+	f->notify_buffer = talloc_zero(f, struct pvfs_notify_buffer);
+	NT_STATUS_HAVE_NO_MEMORY(f->notify_buffer);
+
+	f->notify_buffer->max_buffer_size = buffer_size;
+	f->notify_buffer->f = f;
+
+	e.filter    = filter;
+	e.path      = f->handle->name->full_name;
+	if (recursive) {
+		e.subdir_filter = filter;
+	} else {
+		e.subdir_filter = 0;
+	}
+
+	status = notify_add(pvfs->notify_context, &e, 
+			    pvfs_notify_callback, f->notify_buffer);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	talloc_set_destructor(f->notify_buffer, pvfs_notify_destructor);
+
+	return NT_STATUS_OK;
+}
+
+/*
+  called from the pvfs_wait code when either an event has come in, or
+  the notify request has been cancelled
+*/
+static void pvfs_notify_end(void *private_data, enum pvfs_wait_notice reason)
+{
+	struct pvfs_notify_buffer *notify_buffer = talloc_get_type(private_data,
+								   struct pvfs_notify_buffer);
+	if (reason == PVFS_WAIT_CANCEL) {
+		pvfs_notify_send(notify_buffer, NT_STATUS_CANCELLED, false);
+	} else {
+		pvfs_notify_send(notify_buffer, NT_STATUS_OK, true);
+	}
+}
+
+/* change notify request - always async. This request blocks until the
+   event buffer is non-empty */
+NTSTATUS pvfs_notify(struct ntvfs_module_context *ntvfs, 
+		     struct ntvfs_request *req,
+		     union smb_notify *info)
+{
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data, 
+						  struct pvfs_state);
+	struct pvfs_file *f;
+	NTSTATUS status;
+	struct notify_pending *pending;
+
+	if (info->nttrans.level != RAW_NOTIFY_NTTRANS) {
+		return ntvfs_map_notify(ntvfs, req, info);
+	}
+
+	f = pvfs_find_fd(pvfs, req, info->nttrans.in.file.ntvfs);
+	if (!f) {
+		return NT_STATUS_INVALID_HANDLE;
+	}
+
+	/* this request doesn't make sense unless its async */
+	if (!(req->async_states->state & NTVFS_ASYNC_STATE_MAY_ASYNC)) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/* its only valid for directories */
+	if (f->handle->fd != -1) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/* if the handle doesn't currently have a notify buffer then
+	   create one */
+	if (f->notify_buffer == NULL) {
+		status = pvfs_notify_setup(pvfs, f, 
+					   info->nttrans.in.buffer_size, 
+					   info->nttrans.in.completion_filter,
+					   info->nttrans.in.recursive);
+		NT_STATUS_NOT_OK_RETURN(status);
+	}
+
+	/* we update the max_buffer_size on each call, but we do not
+	   update the recursive flag or filter */
+	f->notify_buffer->max_buffer_size = info->nttrans.in.buffer_size;
+
+	pending = talloc(f->notify_buffer, struct notify_pending);
+	NT_STATUS_HAVE_NO_MEMORY(pending);
+
+	pending->req = talloc_reference(pending, req);
+	NT_STATUS_HAVE_NO_MEMORY(pending->req);	
+	pending->info = info;
+
+	DLIST_ADD_END(f->notify_buffer->pending, pending);
+
+	/* if the buffer is empty then start waiting */
+	if (f->notify_buffer->num_changes == 0 && 
+	    !f->notify_buffer->overflowed) {
+		struct pvfs_wait *wait_handle;
+		wait_handle = pvfs_wait_message(pvfs, req, -1,
+						timeval_zero(),
+						pvfs_notify_end,
+						f->notify_buffer);
+		NT_STATUS_HAVE_NO_MEMORY(wait_handle);
+		talloc_steal(req, wait_handle);
+		return NT_STATUS_OK;
+	}
+
+	req->async_states->state |= NTVFS_ASYNC_STATE_ASYNC;
+	pvfs_notify_send(f->notify_buffer, NT_STATUS_OK, false);
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/ntvfs/posix/pvfs_open.c b/source4/ntvfs/posix/pvfs_open.c
new file mode 100644
index 0000000..860861d
--- /dev/null
+++ b/source4/ntvfs/posix/pvfs_open.c
@@ -0,0 +1,2094 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   POSIX NTVFS backend - open and close
+
+   Copyright (C) Andrew Tridgell 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "vfs_posix.h"
+#include "system/dir.h"
+#include "system/time.h"
+#include "../lib/util/dlinklist.h"
+#include "messaging/messaging.h"
+#include "librpc/gen_ndr/xattr.h"
+
+/*
+  find open file handle given fnum
+*/
+struct pvfs_file *pvfs_find_fd(struct pvfs_state *pvfs,
+			       struct ntvfs_request *req, struct ntvfs_handle *h)
+{
+	void *p;
+	struct pvfs_file *f;
+
+	p = ntvfs_handle_get_backend_data(h, pvfs->ntvfs);
+	if (!p) return NULL;
+
+	f = talloc_get_type(p, struct pvfs_file);
+	if (!f) return NULL;
+
+	return f;
+}
+
+/*
+  cleanup a open directory handle
+*/
+static int pvfs_dir_handle_destructor(struct pvfs_file_handle *h)
+{
+	if (h->have_opendb_entry) {
+		struct odb_lock *lck;
+		NTSTATUS status;
+		const char *delete_path = NULL;
+
+		lck = odb_lock(h, h->pvfs->odb_context, &h->odb_locking_key);
+		if (lck == NULL) {
+			DEBUG(0,("Unable to lock opendb for close\n"));
+			return 0;
+		}
+
+		status = odb_close_file(lck, h, &delete_path);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0,("Unable to remove opendb entry for '%s' - %s\n",
+				 h->name->full_name, nt_errstr(status)));
+		}
+
+		if (h->name->stream_name == NULL && delete_path) {
+			status = pvfs_xattr_unlink_hook(h->pvfs, delete_path);
+			if (!NT_STATUS_IS_OK(status)) {
+				DEBUG(0,("Warning: xattr unlink hook failed for '%s' - %s\n",
+					 delete_path, nt_errstr(status)));
+			}
+			if (pvfs_sys_rmdir(h->pvfs, delete_path, h->name->allow_override) != 0) {
+				DEBUG(0,("pvfs_dir_handle_destructor: failed to rmdir '%s' - %s\n",
+					 delete_path, strerror(errno)));
+			}
+		}
+
+		talloc_free(lck);
+	}
+
+	return 0;
+}
+
+/*
+  cleanup a open directory fnum
+*/
+static int pvfs_dir_fnum_destructor(struct pvfs_file *f)
+{
+	DLIST_REMOVE(f->pvfs->files.list, f);
+	ntvfs_handle_remove_backend_data(f->ntvfs, f->pvfs->ntvfs);
+
+	return 0;
+}
+
+/*
+  setup any EAs and the ACL on newly created files/directories
+*/
+static NTSTATUS pvfs_open_setup_eas_acl(struct pvfs_state *pvfs,
+					struct ntvfs_request *req,
+					struct pvfs_filename *name,
+					int fd,	struct pvfs_file *f,
+					union smb_open *io,
+					struct security_descriptor *sd)
+{
+	NTSTATUS status = NT_STATUS_OK;
+
+	/* setup any EAs that were asked for */
+	if (io->ntcreatex.in.ea_list) {
+		status = pvfs_setfileinfo_ea_set(pvfs, name, fd, 
+						 io->ntcreatex.in.ea_list->num_eas,
+						 io->ntcreatex.in.ea_list->eas);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+	}
+
+	/* setup an initial sec_desc if requested */
+	if (sd && (sd->type & SEC_DESC_DACL_PRESENT)) {
+		union smb_setfileinfo set;
+/* 
+ * TODO: set the full ACL! 
+ *       - vista denies the creation of the file with NT_STATUS_PRIVILEGE_NOT_HELD,
+ *         when a SACL is present on the sd,
+ *         but the user doesn't have SeSecurityPrivilege
+ *       - w2k3 allows it
+ */
+		set.set_secdesc.in.file.ntvfs = f->ntvfs;
+		set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+		set.set_secdesc.in.sd = sd;
+
+		status = pvfs_acl_set(pvfs, req, name, fd, SEC_STD_WRITE_DAC, &set);
+	}
+
+	return status;
+}
+
+/*
+  form the lock context used for opendb locking. Note that we must
+  zero here to take account of possible padding on some architectures
+*/
+NTSTATUS pvfs_locking_key(struct pvfs_filename *name,
+			  TALLOC_CTX *mem_ctx, DATA_BLOB *key)
+{
+	struct {
+		dev_t device;
+		ino_t inode;
+	} lock_context;
+	ZERO_STRUCT(lock_context);
+
+	lock_context.device = name->st.st_dev;
+	lock_context.inode = name->st.st_ino;
+
+	*key = data_blob_talloc(mem_ctx, &lock_context, sizeof(lock_context));
+	if (key->data == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	
+	return NT_STATUS_OK;
+}
+
+
+/*
+  open a directory
+*/
+static NTSTATUS pvfs_open_directory(struct pvfs_state *pvfs, 
+				    struct ntvfs_request *req, 
+				    struct pvfs_filename *name, 
+				    union smb_open *io)
+{
+	struct pvfs_file *f;
+	struct ntvfs_handle *h;
+	NTSTATUS status;
+	uint32_t create_action;
+	uint32_t access_mask = io->generic.in.access_mask;
+	struct odb_lock *lck;
+	bool del_on_close;
+	uint32_t create_options;
+	uint32_t share_access;
+	bool forced;
+	struct security_descriptor *sd = NULL;
+
+	create_options = io->generic.in.create_options;
+	share_access   = io->generic.in.share_access;
+
+	forced = (io->generic.in.create_options & NTCREATEX_OPTIONS_DIRECTORY)?true:false;
+
+	if (name->stream_name) {
+		if (forced) {
+			return NT_STATUS_NOT_A_DIRECTORY;
+		} else {
+			return NT_STATUS_FILE_IS_A_DIRECTORY;
+		}
+	}
+
+	/* if the client says it must be a directory, and it isn't,
+	   then fail */
+	if (name->exists && !(name->dos.attrib & FILE_ATTRIBUTE_DIRECTORY)) {
+		return NT_STATUS_NOT_A_DIRECTORY;
+	}
+
+	/* found with gentest */
+	if (io->ntcreatex.in.access_mask == SEC_FLAG_MAXIMUM_ALLOWED &&
+	    (io->ntcreatex.in.create_options & NTCREATEX_OPTIONS_DIRECTORY) &&
+	    (io->ntcreatex.in.create_options & NTCREATEX_OPTIONS_DELETE_ON_CLOSE)) {
+		DEBUG(3,(__location__ ": Invalid access_mask/create_options 0x%08x 0x%08x for %s\n",
+			 io->ntcreatex.in.access_mask, io->ntcreatex.in.create_options, name->original_name));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+	
+	switch (io->generic.in.open_disposition) {
+	case NTCREATEX_DISP_OPEN_IF:
+		break;
+
+	case NTCREATEX_DISP_OPEN:
+		if (!name->exists) {
+			return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+		}
+		break;
+
+	case NTCREATEX_DISP_CREATE:
+		if (name->exists) {
+			return NT_STATUS_OBJECT_NAME_COLLISION;
+		}
+		break;
+
+	case NTCREATEX_DISP_OVERWRITE_IF:
+	case NTCREATEX_DISP_OVERWRITE:
+	case NTCREATEX_DISP_SUPERSEDE:
+	default:
+		DEBUG(3,(__location__ ": Invalid open disposition 0x%08x for %s\n",
+			 io->generic.in.open_disposition, name->original_name));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	status = ntvfs_handle_new(pvfs->ntvfs, req, &h);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	f = talloc(h, struct pvfs_file);
+	if (f == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	f->handle = talloc(f, struct pvfs_file_handle);
+	if (f->handle == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (name->exists) {
+		/* check the security descriptor */
+		status = pvfs_access_check(pvfs, req, name, &access_mask);
+	} else {		
+		sd = io->ntcreatex.in.sec_desc;
+		status = pvfs_access_check_create(pvfs, req, name, &access_mask, true, &sd);
+	}
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	if (io->generic.in.query_maximal_access) {
+		status = pvfs_access_maximal_allowed(pvfs, req, name, 
+						     &io->generic.out.maximal_access);
+		NT_STATUS_NOT_OK_RETURN(status);
+	}
+
+	f->ntvfs         = h;
+	f->pvfs          = pvfs;
+	f->pending_list  = NULL;
+	f->lock_count    = 0;
+	f->share_access  = io->generic.in.share_access;
+	f->impersonation = io->generic.in.impersonation;
+	f->access_mask   = access_mask;
+	f->brl_handle	 = NULL;
+	f->notify_buffer = NULL;
+	f->search        = NULL;
+
+	f->handle->pvfs              = pvfs;
+	f->handle->name              = talloc_steal(f->handle, name);
+	f->handle->fd                = -1;
+	f->handle->odb_locking_key   = data_blob(NULL, 0);
+	f->handle->create_options    = io->generic.in.create_options;
+	f->handle->private_flags     = io->generic.in.private_flags;
+	f->handle->seek_offset       = 0;
+	f->handle->position          = 0;
+	f->handle->mode              = 0;
+	f->handle->oplock            = NULL;
+	ZERO_STRUCT(f->handle->write_time);
+	f->handle->open_completed    = false;
+
+	if ((create_options & NTCREATEX_OPTIONS_DELETE_ON_CLOSE) &&
+	    pvfs_directory_empty(pvfs, f->handle->name)) {
+		del_on_close = true;
+	} else {
+		del_on_close = false;
+	}
+
+	if (name->exists) {
+		/* form the lock context used for opendb locking */
+		status = pvfs_locking_key(name, f->handle, &f->handle->odb_locking_key);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+
+		/* get a lock on this file before the actual open */
+		lck = odb_lock(req, pvfs->odb_context, &f->handle->odb_locking_key);
+		if (lck == NULL) {
+			DEBUG(0,("pvfs_open: failed to lock file '%s' in opendb\n",
+				 name->full_name));
+			/* we were supposed to do a blocking lock, so something
+			   is badly wrong! */
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+		
+		/* see if we are allowed to open at the same time as existing opens */
+		status = odb_can_open(lck, name->stream_id,
+				      share_access, access_mask, del_on_close,
+				      io->generic.in.open_disposition, false);
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(lck);
+			return status;
+		}
+
+		/* now really mark the file as open */
+		status = odb_open_file(lck, f->handle, name->full_name,
+				       NULL, name->dos.write_time,
+				       false, OPLOCK_NONE, NULL);
+
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(lck);
+			return status;
+		}
+
+		f->handle->have_opendb_entry = true;
+	}
+
+	DLIST_ADD(pvfs->files.list, f);
+
+	/* setup destructors to avoid leaks on abnormal termination */
+	talloc_set_destructor(f->handle, pvfs_dir_handle_destructor);
+	talloc_set_destructor(f, pvfs_dir_fnum_destructor);
+
+	if (!name->exists) {
+		uint32_t attrib = io->generic.in.file_attr | FILE_ATTRIBUTE_DIRECTORY;
+		mode_t mode = pvfs_fileperms(pvfs, attrib);
+
+		if (pvfs_sys_mkdir(pvfs, name->full_name, mode, name->allow_override) == -1) {
+			return pvfs_map_errno(pvfs,errno);
+		}
+
+		pvfs_xattr_unlink_hook(pvfs, name->full_name);
+
+		status = pvfs_resolve_name(pvfs, req, io->ntcreatex.in.fname, 0, &name);
+		if (!NT_STATUS_IS_OK(status)) {
+			goto cleanup_delete;
+		}
+
+		status = pvfs_open_setup_eas_acl(pvfs, req, name, -1, f, io, sd);
+		if (!NT_STATUS_IS_OK(status)) {
+			goto cleanup_delete;
+		}
+
+		/* form the lock context used for opendb locking */
+		status = pvfs_locking_key(name, f->handle, &f->handle->odb_locking_key);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+
+		lck = odb_lock(req, pvfs->odb_context, &f->handle->odb_locking_key);
+		if (lck == NULL) {
+			DEBUG(0,("pvfs_open: failed to lock file '%s' in opendb\n",
+				 name->full_name));
+			/* we were supposed to do a blocking lock, so something
+			   is badly wrong! */
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+
+		status = odb_can_open(lck, name->stream_id,
+				      share_access, access_mask, del_on_close,
+				      io->generic.in.open_disposition, false);
+
+		if (!NT_STATUS_IS_OK(status)) {
+			goto cleanup_delete;
+		}
+
+		status = odb_open_file(lck, f->handle, name->full_name,
+				       NULL, name->dos.write_time,
+				       false, OPLOCK_NONE, NULL);
+
+		if (!NT_STATUS_IS_OK(status)) {
+			goto cleanup_delete;
+		}
+
+		f->handle->have_opendb_entry = true;
+
+		create_action = NTCREATEX_ACTION_CREATED;
+
+		notify_trigger(pvfs->notify_context, 
+			       NOTIFY_ACTION_ADDED, 
+			       FILE_NOTIFY_CHANGE_DIR_NAME,
+			       name->full_name);
+	} else {
+		create_action = NTCREATEX_ACTION_EXISTED;
+	}
+
+	if (!name->exists) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	if (io->generic.in.query_on_disk_id) {
+		ZERO_ARRAY(io->generic.out.on_disk_id);
+		SBVAL(io->generic.out.on_disk_id, 0, name->st.st_ino);
+		SBVAL(io->generic.out.on_disk_id, 8, name->st.st_dev);
+	}
+
+	/* the open succeeded, keep this handle permanently */
+	status = ntvfs_handle_set_backend_data(h, pvfs->ntvfs, f);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto cleanup_delete;
+	}
+
+	f->handle->open_completed = true;
+
+	io->generic.out.oplock_level  = OPLOCK_NONE;
+	io->generic.out.file.ntvfs    = h;
+	io->generic.out.create_action = create_action;
+	io->generic.out.create_time   = name->dos.create_time;
+	io->generic.out.access_time   = name->dos.access_time;
+	io->generic.out.write_time    = name->dos.write_time;
+	io->generic.out.change_time   = name->dos.change_time;
+	io->generic.out.attrib        = name->dos.attrib;
+	io->generic.out.alloc_size    = name->dos.alloc_size;
+	io->generic.out.size          = name->st.st_size;
+	io->generic.out.file_type     = FILE_TYPE_DISK;
+	io->generic.out.ipc_state     = 0;
+	io->generic.out.is_directory  = 1;
+
+	return NT_STATUS_OK;
+
+cleanup_delete:
+	pvfs_sys_rmdir(pvfs, name->full_name, name->allow_override);
+	return status;
+}
+
+/*
+  destroy a struct pvfs_file_handle
+*/
+static int pvfs_handle_destructor(struct pvfs_file_handle *h)
+{
+	talloc_free(h->write_time.update_event);
+	h->write_time.update_event = NULL;
+
+	if ((h->create_options & NTCREATEX_OPTIONS_DELETE_ON_CLOSE) &&
+	    h->name->stream_name) {
+		NTSTATUS status;
+		status = pvfs_stream_delete(h->pvfs, h->name, h->fd);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0,("Failed to delete stream '%s' on close of '%s'\n",
+				 h->name->stream_name, h->name->full_name));
+		}
+	}
+
+	if (h->fd != -1) {
+		if (close(h->fd) != 0) {
+			DEBUG(0,("pvfs_handle_destructor: close(%d) failed for %s - %s\n",
+				 h->fd, h->name->full_name, strerror(errno)));
+		}
+		h->fd = -1;
+	}
+
+	if (!h->write_time.update_forced &&
+	    h->write_time.update_on_close &&
+	    h->write_time.close_time == 0) {
+		struct timeval tv;
+		tv = timeval_current();
+		h->write_time.close_time = timeval_to_nttime(&tv);
+	}
+
+	if (h->have_opendb_entry) {
+		struct odb_lock *lck;
+		NTSTATUS status;
+		const char *delete_path = NULL;
+
+		lck = odb_lock(h, h->pvfs->odb_context, &h->odb_locking_key);
+		if (lck == NULL) {
+			DEBUG(0,("Unable to lock opendb for close\n"));
+			return 0;
+		}
+
+		if (h->write_time.update_forced) {
+			status = odb_get_file_infos(h->pvfs->odb_context,
+						    &h->odb_locking_key,
+						    NULL,
+						    &h->write_time.close_time);
+			if (!NT_STATUS_IS_OK(status)) {
+				DEBUG(0,("Unable get write time for '%s' - %s\n",
+					 h->name->full_name, nt_errstr(status)));
+			}
+
+			h->write_time.update_forced = false;
+			h->write_time.update_on_close = true;
+		} else if (h->write_time.update_on_close) {
+			status = odb_set_write_time(lck, h->write_time.close_time, true);
+			if (!NT_STATUS_IS_OK(status)) {
+				DEBUG(0,("Unable set write time for '%s' - %s\n",
+					 h->name->full_name, nt_errstr(status)));
+			}
+		}
+
+		status = odb_close_file(lck, h, &delete_path);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0,("Unable to remove opendb entry for '%s' - %s\n", 
+				 h->name->full_name, nt_errstr(status)));
+		}
+
+		if (h->name->stream_name == NULL &&
+		    h->open_completed && delete_path) {
+			status = pvfs_xattr_unlink_hook(h->pvfs, delete_path);
+			if (!NT_STATUS_IS_OK(status)) {
+				DEBUG(0,("Warning: xattr unlink hook failed for '%s' - %s\n",
+					 delete_path, nt_errstr(status)));
+			}
+			if (pvfs_sys_unlink(h->pvfs, delete_path, h->name->allow_override) != 0) {
+				DEBUG(0,("pvfs_close: failed to delete '%s' - %s\n",
+					 delete_path, strerror(errno)));
+			} else {
+				notify_trigger(h->pvfs->notify_context,
+					       NOTIFY_ACTION_REMOVED,
+					       FILE_NOTIFY_CHANGE_FILE_NAME,
+					       delete_path);
+			}
+			h->write_time.update_on_close = false;
+		}
+
+		talloc_free(lck);
+	}
+
+	if (h->write_time.update_on_close) {
+		struct timeval tv[2];
+
+		nttime_to_timeval(&tv[0], h->name->dos.access_time);
+		nttime_to_timeval(&tv[1], h->write_time.close_time);
+
+		if (!timeval_is_zero(&tv[0]) || !timeval_is_zero(&tv[1])) {
+			if (utimes(h->name->full_name, tv) == -1) {
+				DEBUG(3,("pvfs_handle_destructor: utimes() failed '%s' - %s\n",
+					 h->name->full_name, strerror(errno)));
+			}
+		}
+	}
+
+	return 0;
+}
+
+
+/*
+  destroy a struct pvfs_file
+*/
+static int pvfs_fnum_destructor(struct pvfs_file *f)
+{
+	DLIST_REMOVE(f->pvfs->files.list, f);
+	pvfs_lock_close(f->pvfs, f);
+	ntvfs_handle_remove_backend_data(f->ntvfs, f->pvfs->ntvfs);
+
+	return 0;
+}
+
+
+/*
+  form the lock context used for byte range locking. This is separate
+  from the locking key used for opendb locking as it needs to take
+  account of file streams (each stream is a separate byte range
+  locking space)
+*/
+static NTSTATUS pvfs_brl_locking_handle(TALLOC_CTX *mem_ctx,
+					struct pvfs_filename *name,
+					struct ntvfs_handle *ntvfs,
+					struct brl_handle **_h)
+{
+	DATA_BLOB odb_key, key;
+	NTSTATUS status;
+	struct brl_handle *h;
+
+	status = pvfs_locking_key(name, mem_ctx, &odb_key);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	if (name->stream_name == NULL) {
+		key = odb_key;
+	} else {
+		key = data_blob_talloc(mem_ctx, NULL, 
+				       odb_key.length + strlen(name->stream_name) + 1);
+		NT_STATUS_HAVE_NO_MEMORY(key.data);
+		memcpy(key.data, odb_key.data, odb_key.length);
+		memcpy(key.data + odb_key.length, 
+		       name->stream_name, strlen(name->stream_name) + 1);
+		data_blob_free(&odb_key);
+	}
+
+	h = brlock_create_handle(mem_ctx, ntvfs, &key);
+	NT_STATUS_HAVE_NO_MEMORY(h);
+
+	*_h = h;
+	return NT_STATUS_OK;
+}
+
+/*
+  create a new file
+*/
+static NTSTATUS pvfs_create_file(struct pvfs_state *pvfs, 
+				 struct ntvfs_request *req, 
+				 struct pvfs_filename *name, 
+				 union smb_open *io)
+{
+	struct pvfs_file *f;
+	NTSTATUS status;
+	struct ntvfs_handle *h;
+	int flags, fd;
+	struct odb_lock *lck;
+	uint32_t create_options = io->generic.in.create_options;
+	uint32_t share_access = io->generic.in.share_access;
+	uint32_t access_mask = io->generic.in.access_mask;
+	mode_t mode;
+	uint32_t attrib;
+	bool del_on_close;
+	struct pvfs_filename *parent;
+	uint32_t oplock_level = OPLOCK_NONE, oplock_granted;
+	bool allow_level_II_oplock = false;
+	struct security_descriptor *sd = NULL;
+
+	if (io->ntcreatex.in.file_attr & ~FILE_ATTRIBUTE_ALL_MASK) {
+		DEBUG(3,(__location__ ": Invalid file_attr 0x%08x for %s\n",
+			 io->ntcreatex.in.file_attr, name->original_name));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (io->ntcreatex.in.file_attr & FILE_ATTRIBUTE_ENCRYPTED) {
+		DEBUG(3,(__location__ ": Invalid encryption request for %s\n",
+			 name->original_name));
+		return NT_STATUS_ACCESS_DENIED;
+	}
+	    
+	if ((io->ntcreatex.in.file_attr & FILE_ATTRIBUTE_READONLY) &&
+	    (create_options & NTCREATEX_OPTIONS_DELETE_ON_CLOSE)) {
+		DEBUG(4,(__location__ ": Invalid delete on close for readonly file %s\n",
+			 name->original_name));
+		return NT_STATUS_CANNOT_DELETE;
+	}
+
+	sd = io->ntcreatex.in.sec_desc;
+	status = pvfs_access_check_create(pvfs, req, name, &access_mask, false, &sd);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	/* check that the parent isn't opened with delete on close set */
+	status = pvfs_resolve_parent(pvfs, req, name, &parent);
+	if (NT_STATUS_IS_OK(status)) {
+		DATA_BLOB locking_key;
+		status = pvfs_locking_key(parent, req, &locking_key);
+		NT_STATUS_NOT_OK_RETURN(status);
+		status = odb_get_file_infos(pvfs->odb_context, &locking_key,
+					    &del_on_close, NULL);
+		NT_STATUS_NOT_OK_RETURN(status);
+		if (del_on_close) {
+			return NT_STATUS_DELETE_PENDING;
+		}
+	}
+
+	if (access_mask & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA)) {
+		flags = O_RDWR;
+	} else {
+		flags = O_RDONLY;
+	}
+
+	status = ntvfs_handle_new(pvfs->ntvfs, req, &h);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	f = talloc(h, struct pvfs_file);
+	NT_STATUS_HAVE_NO_MEMORY(f);
+
+	f->handle = talloc(f, struct pvfs_file_handle);
+	NT_STATUS_HAVE_NO_MEMORY(f->handle);
+
+	attrib = io->ntcreatex.in.file_attr | FILE_ATTRIBUTE_ARCHIVE;
+	mode = pvfs_fileperms(pvfs, attrib);
+
+	/* create the file */
+	fd = pvfs_sys_open(pvfs, name->full_name, flags | O_CREAT | O_EXCL| O_NONBLOCK, mode, name->allow_override);
+	if (fd == -1) {
+		return pvfs_map_errno(pvfs, errno);
+	}
+
+	pvfs_xattr_unlink_hook(pvfs, name->full_name);
+
+	/* if this was a stream create then create the stream as well */
+	if (name->stream_name) {
+		status = pvfs_stream_create(pvfs, name, fd);
+		if (!NT_STATUS_IS_OK(status)) {
+			close(fd);
+			return status;
+		}
+	}
+
+	/* re-resolve the open fd */
+	status = pvfs_resolve_name_fd(pvfs, fd, name, 0);
+	if (!NT_STATUS_IS_OK(status)) {
+		close(fd);
+		return status;
+	}
+
+	/* support initial alloc sizes */
+	name->dos.alloc_size = io->ntcreatex.in.alloc_size;
+	name->dos.attrib = attrib;
+	status = pvfs_dosattrib_save(pvfs, name, fd);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto cleanup_delete;
+	}
+
+
+	status = pvfs_open_setup_eas_acl(pvfs, req, name, fd, f, io, sd);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto cleanup_delete;
+	}
+
+	if (io->generic.in.query_maximal_access) {
+		status = pvfs_access_maximal_allowed(pvfs, req, name, 
+						     &io->generic.out.maximal_access);
+		if (!NT_STATUS_IS_OK(status)) {
+			goto cleanup_delete;
+		}
+	}
+
+	if (io->generic.in.query_on_disk_id) {
+		ZERO_ARRAY(io->generic.out.on_disk_id);
+		SBVAL(io->generic.out.on_disk_id, 0, name->st.st_ino);
+		SBVAL(io->generic.out.on_disk_id, 8, name->st.st_dev);
+	}
+
+	/* form the lock context used for byte range locking and
+	   opendb locking */
+	status = pvfs_locking_key(name, f->handle, &f->handle->odb_locking_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto cleanup_delete;
+	}
+
+	status = pvfs_brl_locking_handle(f, name, h, &f->brl_handle);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto cleanup_delete;
+	}
+
+	/* grab a lock on the open file record */
+	lck = odb_lock(req, pvfs->odb_context, &f->handle->odb_locking_key);
+	if (lck == NULL) {
+		DEBUG(0,("pvfs_open: failed to lock file '%s' in opendb\n",
+			 name->full_name));
+		/* we were supposed to do a blocking lock, so something
+		   is badly wrong! */
+		status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+		goto cleanup_delete;
+	}
+
+	if (create_options & NTCREATEX_OPTIONS_DELETE_ON_CLOSE) {
+		del_on_close = true;
+	} else {
+		del_on_close = false;
+	}
+
+	if (pvfs->flags & PVFS_FLAG_FAKE_OPLOCKS) {
+		oplock_level = OPLOCK_NONE;
+	} else if (io->ntcreatex.in.flags & NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK) {
+		oplock_level = OPLOCK_BATCH;
+	} else if (io->ntcreatex.in.flags & NTCREATEX_FLAGS_REQUEST_OPLOCK) {
+		oplock_level = OPLOCK_EXCLUSIVE;
+	}
+
+	if (req->client_caps & NTVFS_CLIENT_CAP_LEVEL_II_OPLOCKS) {
+		allow_level_II_oplock = true;
+	}
+
+	status = odb_can_open(lck, name->stream_id,
+			      share_access, access_mask, del_on_close,
+			      io->generic.in.open_disposition, false);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(lck);
+		/* bad news, we must have hit a race - we don't delete the file
+		   here as the most likely scenario is that someone else created
+		   the file at the same time */
+		close(fd);
+		return status;
+	}
+
+	f->ntvfs             = h;
+	f->pvfs              = pvfs;
+	f->pending_list      = NULL;
+	f->lock_count        = 0;
+	f->share_access      = io->generic.in.share_access;
+	f->access_mask       = access_mask;
+	f->impersonation     = io->generic.in.impersonation;
+	f->notify_buffer     = NULL;
+	f->search            = NULL;
+
+	f->handle->pvfs              = pvfs;
+	f->handle->name              = talloc_steal(f->handle, name);
+	f->handle->fd                = fd;
+	f->handle->create_options    = io->generic.in.create_options;
+	f->handle->private_flags     = io->generic.in.private_flags;
+	f->handle->seek_offset       = 0;
+	f->handle->position          = 0;
+	f->handle->mode              = 0;
+	f->handle->oplock            = NULL;
+	f->handle->have_opendb_entry = true;
+	ZERO_STRUCT(f->handle->write_time);
+	f->handle->open_completed    = false;
+
+	status = odb_open_file(lck, f->handle, name->full_name,
+			       &f->handle->fd, name->dos.write_time,
+			       allow_level_II_oplock,
+			       oplock_level, &oplock_granted);
+	talloc_free(lck);
+	if (!NT_STATUS_IS_OK(status)) {
+		/* bad news, we must have hit a race - we don't delete the file
+		   here as the most likely scenario is that someone else created
+		   the file at the same time */
+		close(fd);
+		return status;
+	}
+
+	DLIST_ADD(pvfs->files.list, f);
+
+	/* setup a destructor to avoid file descriptor leaks on
+	   abnormal termination */
+	talloc_set_destructor(f, pvfs_fnum_destructor);
+	talloc_set_destructor(f->handle, pvfs_handle_destructor);
+
+	if (pvfs->flags & PVFS_FLAG_FAKE_OPLOCKS) {
+		oplock_granted = OPLOCK_BATCH;
+	} else if (oplock_granted != OPLOCK_NONE) {
+		status = pvfs_setup_oplock(f, oplock_granted);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+	}
+
+	io->generic.out.oplock_level  = oplock_granted;
+	io->generic.out.file.ntvfs    = f->ntvfs;
+	io->generic.out.create_action = NTCREATEX_ACTION_CREATED;
+	io->generic.out.create_time   = name->dos.create_time;
+	io->generic.out.access_time   = name->dos.access_time;
+	io->generic.out.write_time    = name->dos.write_time;
+	io->generic.out.change_time   = name->dos.change_time;
+	io->generic.out.attrib        = name->dos.attrib;
+	io->generic.out.alloc_size    = name->dos.alloc_size;
+	io->generic.out.size          = name->st.st_size;
+	io->generic.out.file_type     = FILE_TYPE_DISK;
+	io->generic.out.ipc_state     = 0;
+	io->generic.out.is_directory  = 0;
+
+	/* success - keep the file handle */
+	status = ntvfs_handle_set_backend_data(h, pvfs->ntvfs, f);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto cleanup_delete;
+	}
+
+	f->handle->open_completed = true;
+
+	notify_trigger(pvfs->notify_context, 
+		       NOTIFY_ACTION_ADDED, 
+		       FILE_NOTIFY_CHANGE_FILE_NAME,
+		       name->full_name);
+
+	return NT_STATUS_OK;
+
+cleanup_delete:
+	close(fd);
+	pvfs_sys_unlink(pvfs, name->full_name, name->allow_override);
+	return status;
+}
+
+/*
+  state of a pending retry
+*/
+struct pvfs_odb_retry {
+	struct ntvfs_module_context *ntvfs;
+	struct ntvfs_request *req;
+	DATA_BLOB odb_locking_key;
+	void *io;
+	void *private_data;
+	void (*callback)(struct pvfs_odb_retry *r,
+			 struct ntvfs_module_context *ntvfs,
+			 struct ntvfs_request *req,
+			 void *io,
+			 void *private_data,
+			 enum pvfs_wait_notice reason);
+};
+
+/* destroy a pending request */
+static int pvfs_odb_retry_destructor(struct pvfs_odb_retry *r)
+{
+	struct pvfs_state *pvfs = talloc_get_type(r->ntvfs->private_data,
+				  struct pvfs_state);
+	if (r->odb_locking_key.data) {
+		struct odb_lock *lck;
+		lck = odb_lock(r->req, pvfs->odb_context, &r->odb_locking_key);
+		if (lck != NULL) {
+			odb_remove_pending(lck, r);
+		}
+		talloc_free(lck);
+	}
+	return 0;
+}
+
+static void pvfs_odb_retry_callback(void *_r, enum pvfs_wait_notice reason)
+{
+	struct pvfs_odb_retry *r = talloc_get_type(_r, struct pvfs_odb_retry);
+
+	if (reason == PVFS_WAIT_EVENT) {
+		/*
+		 * The pending odb entry is already removed.
+		 * We use a null locking key to indicate this
+		 * to the destructor.
+		 */
+		data_blob_free(&r->odb_locking_key);
+	}
+
+	r->callback(r, r->ntvfs, r->req, r->io, r->private_data, reason);
+}
+
+/*
+  setup for a retry of a request that was rejected
+  by odb_can_open()
+*/
+NTSTATUS pvfs_odb_retry_setup(struct ntvfs_module_context *ntvfs,
+			      struct ntvfs_request *req,
+			      struct odb_lock *lck,
+			      struct timeval end_time,
+			      void *io,
+			      void *private_data,
+			      void (*callback)(struct pvfs_odb_retry *r,
+					       struct ntvfs_module_context *ntvfs,
+					       struct ntvfs_request *req,
+					       void *io,
+					       void *private_data,
+					       enum pvfs_wait_notice reason))
+{
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	struct pvfs_odb_retry *r;
+	struct pvfs_wait *wait_handle;
+	NTSTATUS status;
+
+	r = talloc(req, struct pvfs_odb_retry);
+	NT_STATUS_HAVE_NO_MEMORY(r);
+
+	r->ntvfs = ntvfs;
+	r->req = req;
+	r->io = io;
+	r->private_data = private_data;
+	r->callback = callback;
+	r->odb_locking_key = odb_get_key(r, lck);
+	if (r->odb_locking_key.data == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* setup a pending lock */
+	status = odb_open_file_pending(lck, r);
+	if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_NOT_FOUND,status)) {
+		/*
+		 * maybe only a unix application
+		 * has the file open
+		 */
+		data_blob_free(&r->odb_locking_key);
+	} else if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	talloc_free(lck);
+
+	talloc_set_destructor(r, pvfs_odb_retry_destructor);
+
+	wait_handle = pvfs_wait_message(pvfs, req,
+					MSG_PVFS_RETRY_OPEN, end_time,
+					pvfs_odb_retry_callback, r);
+	if (wait_handle == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	talloc_steal(r, wait_handle);
+
+	return NT_STATUS_OK;
+}
+
+/*
+  retry an open after a sharing violation
+*/
+static void pvfs_retry_open_sharing(struct pvfs_odb_retry *r,
+				    struct ntvfs_module_context *ntvfs,
+				    struct ntvfs_request *req,
+				    void *_io,
+				    void *private_data,
+				    enum pvfs_wait_notice reason)
+{
+	union smb_open *io = talloc_get_type(_io, union smb_open);
+	struct timeval *final_timeout = NULL;
+	NTSTATUS status;
+
+	if (private_data) {
+		final_timeout = talloc_get_type(private_data,
+						struct timeval);
+	}
+
+	/* w2k3 ignores SMBntcancel for outstanding open requests. It's probably
+	   just a bug in their server, but we better do the same */
+	if (reason == PVFS_WAIT_CANCEL) {
+		return;
+	}
+
+	if (reason == PVFS_WAIT_TIMEOUT) {
+		if (final_timeout &&
+		    !timeval_expired(final_timeout)) {
+			/*
+			 * we need to retry periodictly
+			 * after an EAGAIN as there's
+			 * no way the kernel tell us
+			 * an oplock is released.
+			 */
+			goto retry;
+		}
+		/* if it timed out, then give the failure
+		   immediately */
+		talloc_free(r);
+		req->async_states->status = NT_STATUS_SHARING_VIOLATION;
+		req->async_states->send_fn(req);
+		return;
+	}
+
+retry:
+	talloc_free(r);
+
+	/* try the open again, which could trigger another retry setup
+	   if it wants to, so we have to unmark the async flag so we
+	   will know if it does a second async reply */
+	req->async_states->state &= ~NTVFS_ASYNC_STATE_ASYNC;
+
+	status = pvfs_open(ntvfs, req, io);
+	if (req->async_states->state & NTVFS_ASYNC_STATE_ASYNC) {
+		/* the 2nd try also replied async, so we don't send
+		   the reply yet */
+		return;
+	}
+
+	/* re-mark it async, just in case someone up the chain does
+	   paranoid checking */
+	req->async_states->state |= NTVFS_ASYNC_STATE_ASYNC;
+
+	/* send the reply up the chain */
+	req->async_states->status = status;
+	req->async_states->send_fn(req);
+}
+
+
+/*
+  special handling for openx DENY_DOS semantics
+
+  This function attempts a reference open using an existing handle. If its allowed,
+  then it returns NT_STATUS_OK, otherwise it returns any other code and normal
+  open processing continues.
+*/
+static NTSTATUS pvfs_open_deny_dos(struct ntvfs_module_context *ntvfs,
+				   struct ntvfs_request *req, union smb_open *io,
+				   struct pvfs_file *f, struct odb_lock *lck)
+{
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	struct pvfs_file *f2;
+	struct pvfs_filename *name;
+	NTSTATUS status;
+
+	/* search for an existing open with the right parameters. Note
+	   the magic ntcreatex options flag, which is set in the
+	   generic mapping code. This might look ugly, but its
+	   actually pretty much now w2k does it internally as well. 
+	   
+	   If you look at the BASE-DENYDOS test you will see that a
+	   DENY_DOS is a very special case, and in the right
+	   circumstances you actually get the _same_ handle back
+	   twice, rather than a new handle.
+	*/
+	for (f2=pvfs->files.list;f2;f2=f2->next) {
+		if (f2 != f &&
+		    f2->ntvfs->session_info == req->session_info &&
+		    f2->ntvfs->smbpid == req->smbpid &&
+		    (f2->handle->private_flags &
+		     (NTCREATEX_FLAG_DENY_DOS |
+		      NTCREATEX_FLAG_DENY_FCB)) &&
+		    (f2->access_mask & SEC_FILE_WRITE_DATA) &&
+		    strcasecmp_m(f2->handle->name->original_name, 
+			       io->generic.in.fname)==0) {
+			break;
+		}
+	}
+
+	if (!f2) {
+		return NT_STATUS_SHARING_VIOLATION;
+	}
+
+	/* quite an insane set of semantics ... */
+	if (is_exe_filename(io->generic.in.fname) &&
+	    (f2->handle->private_flags & NTCREATEX_FLAG_DENY_DOS)) {
+		return NT_STATUS_SHARING_VIOLATION;
+	}
+
+	/*
+	  setup a reference to the existing handle
+	 */
+	talloc_free(f->handle);
+	f->handle = talloc_reference(f, f2->handle);
+
+	talloc_free(lck);
+
+	name = f->handle->name;
+
+	io->generic.out.oplock_level  = OPLOCK_NONE;
+	io->generic.out.file.ntvfs    = f->ntvfs;
+	io->generic.out.create_action = NTCREATEX_ACTION_EXISTED;
+	io->generic.out.create_time   = name->dos.create_time;
+	io->generic.out.access_time   = name->dos.access_time;
+	io->generic.out.write_time    = name->dos.write_time;
+	io->generic.out.change_time   = name->dos.change_time;
+	io->generic.out.attrib        = name->dos.attrib;
+	io->generic.out.alloc_size    = name->dos.alloc_size;
+	io->generic.out.size          = name->st.st_size;
+	io->generic.out.file_type     = FILE_TYPE_DISK;
+	io->generic.out.ipc_state     = 0;
+	io->generic.out.is_directory  = 0;
+ 
+	status = ntvfs_handle_set_backend_data(f->ntvfs, ntvfs, f);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	return NT_STATUS_OK;
+}
+
+
+
+/*
+  setup for a open retry after a sharing violation
+*/
+static NTSTATUS pvfs_open_setup_retry(struct ntvfs_module_context *ntvfs,
+				      struct ntvfs_request *req, 
+				      union smb_open *io,
+				      struct pvfs_file *f,
+				      struct odb_lock *lck,
+				      NTSTATUS parent_status)
+{
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	NTSTATUS status;
+	struct timeval end_time;
+	struct timeval *final_timeout = NULL;
+
+	if (io->generic.in.private_flags &
+	    (NTCREATEX_FLAG_DENY_DOS | NTCREATEX_FLAG_DENY_FCB)) {
+		/* see if we can satisfy the request using the special DENY_DOS
+		   code */
+		status = pvfs_open_deny_dos(ntvfs, req, io, f, lck);
+		if (NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+	}
+
+	/* the retry should allocate a new file handle */
+	talloc_free(f);
+
+	if (NT_STATUS_EQUAL(parent_status, NT_STATUS_SHARING_VIOLATION)) {
+		end_time = timeval_add(&req->statistics.request_time,
+				       0, pvfs->sharing_violation_delay);
+	} else if (NT_STATUS_EQUAL(parent_status, NT_STATUS_OPLOCK_NOT_GRANTED)) {
+		end_time = timeval_add(&req->statistics.request_time,
+				       pvfs->oplock_break_timeout, 0);
+	} else if (NT_STATUS_EQUAL(parent_status, STATUS_MORE_ENTRIES)) {
+		/*
+		 * we got EAGAIN which means a unix application
+		 * has an oplock or share mode
+		 *
+		 * we retry every 4/5 of the sharing violation delay
+		 * to see if the unix application
+		 * has released the oplock or share mode.
+		 */
+		final_timeout = talloc(req, struct timeval);
+		NT_STATUS_HAVE_NO_MEMORY(final_timeout);
+		*final_timeout = timeval_add(&req->statistics.request_time,
+					     pvfs->oplock_break_timeout,
+					     0);
+		end_time = timeval_current_ofs_usec((pvfs->sharing_violation_delay*4)/5);
+		end_time = timeval_min(final_timeout, &end_time);
+	} else {
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	return pvfs_odb_retry_setup(ntvfs, req, lck, end_time, io,
+				    final_timeout, pvfs_retry_open_sharing);
+}
+
+/*
+  open a file
+*/
+NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs,
+		   struct ntvfs_request *req, union smb_open *io)
+{
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	int flags = 0;
+	struct pvfs_filename *name;
+	struct pvfs_file *f;
+	struct ntvfs_handle *h;
+	NTSTATUS status;
+	int fd, count;
+	struct odb_lock *lck;
+	uint32_t create_options;
+	uint32_t create_options_must_ignore_mask;
+	uint32_t share_access;
+	uint32_t access_mask;
+	uint32_t create_action = NTCREATEX_ACTION_EXISTED;
+	bool del_on_close;
+	bool stream_existed, stream_truncate=false;
+	uint32_t oplock_level = OPLOCK_NONE, oplock_granted;
+	bool allow_level_II_oplock = false;
+
+	/* use the generic mapping code to avoid implementing all the
+	   different open calls. */
+	if (io->generic.level != RAW_OPEN_GENERIC &&
+	    io->generic.level != RAW_OPEN_NTTRANS_CREATE) {
+		return ntvfs_map_open(ntvfs, req, io);
+	}
+
+	ZERO_STRUCT(io->generic.out);
+
+	create_options = io->generic.in.create_options;
+	share_access   = io->generic.in.share_access;
+	access_mask    = io->generic.in.access_mask;
+
+	if (share_access & ~NTCREATEX_SHARE_ACCESS_MASK) {
+		DEBUG(3,(__location__ ": Invalid share_access 0x%08x for %s\n",
+			 share_access, io->ntcreatex.in.fname));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/*
+	 * These options are ignored,
+	 * but we reuse some of them as private values for the generic mapping
+	 */
+	create_options_must_ignore_mask = NTCREATEX_OPTIONS_MUST_IGNORE_MASK;
+	create_options &= ~create_options_must_ignore_mask;
+
+	if (create_options & NTCREATEX_OPTIONS_NOT_SUPPORTED_MASK) {
+		DEBUG(2,(__location__ " create_options 0x%x not supported\n", 
+			 create_options));
+		return NT_STATUS_NOT_SUPPORTED;
+	}
+
+	if (create_options & NTCREATEX_OPTIONS_INVALID_PARAM_MASK) {
+		DEBUG(3,(__location__ ": Invalid create_options 0x%08x for %s\n",
+			 create_options, io->ntcreatex.in.fname));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/* TODO: When we implement HSM, add a hook here not to pull
+	 * the actual file off tape, when this option is passed from
+	 * the client */
+	if (create_options & NTCREATEX_OPTIONS_NO_RECALL) {
+		/* no-op */
+	}
+
+	/* TODO: If (unlikely) Linux does a good compressed
+	 * filesystem, we might need an ioctl call for this */
+	if (create_options & NTCREATEX_OPTIONS_NO_COMPRESSION) {
+		/* no-op */
+	}
+
+	if (create_options & NTCREATEX_OPTIONS_NO_INTERMEDIATE_BUFFERING) {
+		create_options |= NTCREATEX_OPTIONS_WRITE_THROUGH;
+	}
+
+	/* Open the file with sync, if they asked for it, but
+	   'strict sync = no' turns this client request into a no-op */
+	if (create_options & (NTCREATEX_OPTIONS_WRITE_THROUGH) && pvfs->flags & PVFS_FLAG_STRICT_SYNC) {
+		flags |= O_SYNC;
+	}
+
+
+	/* other create options are not allowed */
+	if ((create_options & NTCREATEX_OPTIONS_DELETE_ON_CLOSE) &&
+	    !(access_mask & SEC_STD_DELETE)) {
+		DEBUG(3,(__location__ ": Invalid delete_on_close option 0x%08x with access_mask 0x%08x for %s\n",
+			 create_options, access_mask, io->ntcreatex.in.fname));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (access_mask & SEC_MASK_INVALID) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	/* what does this bit really mean?? */
+	if (req->ctx->protocol >= PROTOCOL_SMB2_02 &&
+	    access_mask == SEC_STD_SYNCHRONIZE) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	/* cope with non-zero root_fid */
+	if (io->ntcreatex.in.root_fid.ntvfs != NULL) {
+		f = pvfs_find_fd(pvfs, req, io->ntcreatex.in.root_fid.ntvfs);
+		if (f == NULL) {
+			return NT_STATUS_INVALID_HANDLE;
+		}
+		if (f->handle->fd != -1) {
+			return NT_STATUS_INVALID_DEVICE_REQUEST;
+		}
+		io->ntcreatex.in.fname = talloc_asprintf(req, "%s\\%s", 
+							 f->handle->name->original_name,
+							 io->ntcreatex.in.fname);
+		NT_STATUS_HAVE_NO_MEMORY(io->ntcreatex.in.fname);			
+	}
+
+	if (io->ntcreatex.in.file_attr & (FILE_ATTRIBUTE_DEVICE|
+					  FILE_ATTRIBUTE_VOLUME| 
+					  (~FILE_ATTRIBUTE_ALL_MASK))) {
+		DEBUG(3,(__location__ ": Invalid file_attr 0x%08x for %s\n",
+			 io->ntcreatex.in.file_attr, io->ntcreatex.in.fname));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/* we ignore some file_attr bits */
+	io->ntcreatex.in.file_attr &= ~(FILE_ATTRIBUTE_NONINDEXED | 
+					FILE_ATTRIBUTE_COMPRESSED |
+					FILE_ATTRIBUTE_REPARSE_POINT |
+					FILE_ATTRIBUTE_SPARSE |
+					FILE_ATTRIBUTE_NORMAL);
+
+	/* resolve the cifs name to a posix name */
+	status = pvfs_resolve_name(pvfs, req, io->ntcreatex.in.fname, 
+				   PVFS_RESOLVE_STREAMS, &name);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	/* if the client specified that it must not be a directory then
+	   check that it isn't */
+	if (name->exists && (name->dos.attrib & FILE_ATTRIBUTE_DIRECTORY) &&
+	    (io->generic.in.create_options & NTCREATEX_OPTIONS_NON_DIRECTORY_FILE)) {
+		return NT_STATUS_FILE_IS_A_DIRECTORY;
+	}
+
+	/* if the client specified that it must be a directory then
+	   check that it is */
+	if (name->exists && !(name->dos.attrib & FILE_ATTRIBUTE_DIRECTORY) &&
+	    (io->generic.in.create_options & NTCREATEX_OPTIONS_DIRECTORY)) {
+		return NT_STATUS_NOT_A_DIRECTORY;
+	}
+
+	/* directory opens are handled separately */
+	if ((name->exists && (name->dos.attrib & FILE_ATTRIBUTE_DIRECTORY)) ||
+	    (io->generic.in.create_options & NTCREATEX_OPTIONS_DIRECTORY)) {
+		return pvfs_open_directory(pvfs, req, name, io);
+	}
+
+	/* FILE_ATTRIBUTE_DIRECTORY is ignored if the above test for directory
+	   open doesn't match */
+	io->generic.in.file_attr &= ~FILE_ATTRIBUTE_DIRECTORY;
+
+	switch (io->generic.in.open_disposition) {
+	case NTCREATEX_DISP_SUPERSEDE:
+	case NTCREATEX_DISP_OVERWRITE_IF:
+		if (name->stream_name == NULL) {
+			flags |= O_TRUNC;
+		} else {
+			stream_truncate = true;
+		}
+		create_action = NTCREATEX_ACTION_TRUNCATED;
+		break;
+
+	case NTCREATEX_DISP_OPEN:
+		if (!name->stream_exists) {
+			return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+		}
+		break;
+
+	case NTCREATEX_DISP_OVERWRITE:
+		if (!name->stream_exists) {
+			return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+		}
+		if (name->stream_name == NULL) {
+			flags |= O_TRUNC;
+		} else {
+			stream_truncate = true;
+		}
+		create_action = NTCREATEX_ACTION_TRUNCATED;
+		break;
+
+	case NTCREATEX_DISP_CREATE:
+		if (name->stream_exists) {
+			return NT_STATUS_OBJECT_NAME_COLLISION;
+		}
+		break;
+
+	case NTCREATEX_DISP_OPEN_IF:
+		break;
+
+	default:
+		DEBUG(3,(__location__ ": Invalid open disposition 0x%08x for %s\n",
+			 io->generic.in.open_disposition, name->original_name));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/* handle creating a new file separately */
+	if (!name->exists) {
+		status = pvfs_create_file(pvfs, req, name, io);
+		if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_COLLISION)) {
+			return status;
+		}
+
+		/* we've hit a race - the file was created during this call */
+		if (io->generic.in.open_disposition == NTCREATEX_DISP_CREATE) {
+			return status;
+		}
+
+		/* try re-resolving the name */
+		status = pvfs_resolve_name(pvfs, req, io->ntcreatex.in.fname, 0, &name);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+		/* fall through to a normal open */
+	}
+
+	if ((name->dos.attrib & FILE_ATTRIBUTE_READONLY) &&
+	    (create_options & NTCREATEX_OPTIONS_DELETE_ON_CLOSE)) {
+		return NT_STATUS_CANNOT_DELETE;
+	}
+
+	/* check the security descriptor */
+	status = pvfs_access_check(pvfs, req, name, &access_mask);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	if (io->generic.in.query_maximal_access) {
+		status = pvfs_access_maximal_allowed(pvfs, req, name, 
+						     &io->generic.out.maximal_access);
+		NT_STATUS_NOT_OK_RETURN(status);
+	}
+
+	if (io->generic.in.query_on_disk_id) {
+		ZERO_ARRAY(io->generic.out.on_disk_id);
+		SBVAL(io->generic.out.on_disk_id, 0, name->st.st_ino);
+		SBVAL(io->generic.out.on_disk_id, 8, name->st.st_dev);
+	}
+
+	status = ntvfs_handle_new(pvfs->ntvfs, req, &h);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	f = talloc(h, struct pvfs_file);
+	if (f == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	f->handle = talloc(f, struct pvfs_file_handle);
+	if (f->handle == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	f->ntvfs         = h;
+	f->pvfs          = pvfs;
+	f->pending_list  = NULL;
+	f->lock_count    = 0;
+	f->share_access  = io->generic.in.share_access;
+	f->access_mask   = access_mask;
+	f->impersonation = io->generic.in.impersonation;
+	f->notify_buffer = NULL;
+	f->search        = NULL;
+
+	f->handle->pvfs              = pvfs;
+	f->handle->fd                = -1;
+	f->handle->name              = talloc_steal(f->handle, name);
+	f->handle->create_options    = io->generic.in.create_options;
+	f->handle->private_flags     = io->generic.in.private_flags;
+	f->handle->seek_offset       = 0;
+	f->handle->position          = 0;
+	f->handle->mode              = 0;
+	f->handle->oplock            = NULL;
+	f->handle->have_opendb_entry = false;
+	ZERO_STRUCT(f->handle->write_time);
+	f->handle->open_completed    = false;
+
+	/* form the lock context used for byte range locking and
+	   opendb locking */
+	status = pvfs_locking_key(name, f->handle, &f->handle->odb_locking_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	status = pvfs_brl_locking_handle(f, name, h, &f->brl_handle);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	/* get a lock on this file before the actual open */
+	lck = odb_lock(req, pvfs->odb_context, &f->handle->odb_locking_key);
+	if (lck == NULL) {
+		DEBUG(0,("pvfs_open: failed to lock file '%s' in opendb\n",
+			 name->full_name));
+		/* we were supposed to do a blocking lock, so something
+		   is badly wrong! */
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	DLIST_ADD(pvfs->files.list, f);
+
+	/* setup a destructor to avoid file descriptor leaks on
+	   abnormal termination */
+	talloc_set_destructor(f, pvfs_fnum_destructor);
+	talloc_set_destructor(f->handle, pvfs_handle_destructor);
+
+	/* 
+	 * Only SMB2 takes care of the delete_on_close,
+	 * on existing files
+	 */
+	if (create_options & NTCREATEX_OPTIONS_DELETE_ON_CLOSE &&
+	    req->ctx->protocol >= PROTOCOL_SMB2_02) {
+		del_on_close = true;
+	} else {
+		del_on_close = false;
+	}
+
+	if (pvfs->flags & PVFS_FLAG_FAKE_OPLOCKS) {
+		oplock_level = OPLOCK_NONE;
+	} else if (io->ntcreatex.in.flags & NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK) {
+		oplock_level = OPLOCK_BATCH;
+	} else if (io->ntcreatex.in.flags & NTCREATEX_FLAGS_REQUEST_OPLOCK) {
+		oplock_level = OPLOCK_EXCLUSIVE;
+	}
+
+	if (req->client_caps & NTVFS_CLIENT_CAP_LEVEL_II_OPLOCKS) {
+		allow_level_II_oplock = true;
+	}
+
+	/* see if we are allowed to open at the same time as existing opens */
+	status = odb_can_open(lck, name->stream_id,
+			      share_access, access_mask, del_on_close,
+			      io->generic.in.open_disposition, false);
+
+	/*
+	 * on a sharing violation we need to retry when the file is closed by
+	 * the other user, or after 1 second
+	 * on a non granted oplock we need to retry when the file is closed by
+	 * the other user, or after 30 seconds
+	*/
+	if ((NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION) ||
+	     NT_STATUS_EQUAL(status, NT_STATUS_OPLOCK_NOT_GRANTED)) &&
+	    (req->async_states->state & NTVFS_ASYNC_STATE_MAY_ASYNC)) {
+		return pvfs_open_setup_retry(ntvfs, req, io, f, lck, status);
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(lck);
+		return status;
+	}
+
+	if (access_mask & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA)) {
+		flags |= O_RDWR;
+	} else {
+		flags |= O_RDONLY;
+	}
+
+	/* do the actual open */
+	fd = pvfs_sys_open(pvfs, f->handle->name->full_name, flags | O_NONBLOCK, 0, name->allow_override);
+	if (fd == -1) {
+		status = pvfs_map_errno(f->pvfs, errno);
+
+		DEBUG(0,(__location__ " mapped errno %s for %s (was %d)\n", 
+			 nt_errstr(status), f->handle->name->full_name, errno));
+		/*
+		 * STATUS_MORE_ENTRIES is EAGAIN or EWOULDBLOCK
+		 */
+		if (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES) &&
+		    (req->async_states->state & NTVFS_ASYNC_STATE_MAY_ASYNC)) {
+			return pvfs_open_setup_retry(ntvfs, req, io, f, lck, status);
+		}
+
+		talloc_free(lck);
+		return status;
+	}
+
+	f->handle->fd = fd;
+
+	status = brlock_count(f->pvfs->brl_context, f->brl_handle, &count);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(lck);
+		return status;
+	}
+
+	if (count != 0) {
+		oplock_level = OPLOCK_NONE;
+	}
+
+	/* now really mark the file as open */
+	status = odb_open_file(lck, f->handle, name->full_name,
+			       &f->handle->fd, name->dos.write_time,
+			       allow_level_II_oplock,
+			       oplock_level, &oplock_granted);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(lck);
+		return status;
+	}
+
+	f->handle->have_opendb_entry = true;
+
+	if (pvfs->flags & PVFS_FLAG_FAKE_OPLOCKS) {
+		oplock_granted = OPLOCK_BATCH;
+	} else if (oplock_granted != OPLOCK_NONE) {
+		status = pvfs_setup_oplock(f, oplock_granted);
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(lck);
+			return status;
+		}
+	}
+
+	stream_existed = name->stream_exists;
+
+	/* if this was a stream create then create the stream as well */
+	if (!name->stream_exists) {
+		status = pvfs_stream_create(pvfs, f->handle->name, fd);
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(lck);
+			return status;
+		}
+		if (stream_truncate) {
+			status = pvfs_stream_truncate(pvfs, f->handle->name, fd, 0);
+			if (!NT_STATUS_IS_OK(status)) {
+				talloc_free(lck);
+				return status;
+			}
+		}
+	}
+
+	/* re-resolve the open fd */
+	status = pvfs_resolve_name_fd(f->pvfs, fd, f->handle->name, PVFS_RESOLVE_NO_OPENDB);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(lck);
+		return status;
+	}
+
+	if (f->handle->name->stream_id == 0 &&
+	    (io->generic.in.open_disposition == NTCREATEX_DISP_OVERWRITE ||
+	     io->generic.in.open_disposition == NTCREATEX_DISP_OVERWRITE_IF)) {
+		/* for overwrite we may need to replace file permissions */
+		uint32_t attrib = io->ntcreatex.in.file_attr | FILE_ATTRIBUTE_ARCHIVE;
+		mode_t mode = pvfs_fileperms(pvfs, attrib);
+		if (f->handle->name->st.st_mode != mode &&
+		    f->handle->name->dos.attrib != attrib &&
+		    pvfs_sys_fchmod(pvfs, fd, mode, name->allow_override) == -1) {
+			talloc_free(lck);
+			return pvfs_map_errno(pvfs, errno);
+		}
+		name->dos.alloc_size = io->ntcreatex.in.alloc_size;
+		name->dos.attrib = attrib;
+		status = pvfs_dosattrib_save(pvfs, name, fd);
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(lck);
+			return status;
+		}
+	}
+	    
+	talloc_free(lck);
+
+	status = ntvfs_handle_set_backend_data(h, ntvfs, f);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	/* mark the open as having completed fully, so delete on close
+	   can now be used */
+	f->handle->open_completed     = true;
+
+	io->generic.out.oplock_level  = oplock_granted;
+	io->generic.out.file.ntvfs    = h;
+	io->generic.out.create_action = stream_existed?
+		create_action:NTCREATEX_ACTION_CREATED;
+	
+	io->generic.out.create_time   = name->dos.create_time;
+	io->generic.out.access_time   = name->dos.access_time;
+	io->generic.out.write_time    = name->dos.write_time;
+	io->generic.out.change_time   = name->dos.change_time;
+	io->generic.out.attrib        = name->dos.attrib;
+	io->generic.out.alloc_size    = name->dos.alloc_size;
+	io->generic.out.size          = name->st.st_size;
+	io->generic.out.file_type     = FILE_TYPE_DISK;
+	io->generic.out.ipc_state     = 0;
+	io->generic.out.is_directory  = 0;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  close a file
+*/
+NTSTATUS pvfs_close(struct ntvfs_module_context *ntvfs,
+		    struct ntvfs_request *req, union smb_close *io)
+{
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	struct pvfs_file *f;
+
+	if (io->generic.level == RAW_CLOSE_SPLCLOSE) {
+		return NT_STATUS_DOS(ERRSRV, ERRerror);
+	}
+
+	if (io->generic.level != RAW_CLOSE_GENERIC) {
+		return ntvfs_map_close(ntvfs, req, io);
+	}
+
+	f = pvfs_find_fd(pvfs, req, io->generic.in.file.ntvfs);
+	if (!f) {
+		return NT_STATUS_INVALID_HANDLE;
+	}
+
+	if (!null_time(io->generic.in.write_time)) {
+		f->handle->write_time.update_forced = false;
+		f->handle->write_time.update_on_close = true;
+		unix_to_nt_time(&f->handle->write_time.close_time, io->generic.in.write_time);
+	}
+
+	if (io->generic.in.flags & SMB2_CLOSE_FLAGS_FULL_INFORMATION) {
+		struct pvfs_filename *name;
+		NTSTATUS status;
+		struct pvfs_file_handle *h = f->handle;
+
+		status = pvfs_resolve_name_handle(pvfs, h);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+		name = h->name;
+
+		io->generic.out.flags = SMB2_CLOSE_FLAGS_FULL_INFORMATION;
+		io->generic.out.create_time = name->dos.create_time;
+		io->generic.out.access_time = name->dos.access_time;
+		io->generic.out.write_time  = name->dos.write_time;
+		io->generic.out.change_time = name->dos.change_time;
+		io->generic.out.alloc_size  = name->dos.alloc_size;
+		io->generic.out.size        = name->st.st_size;
+		io->generic.out.file_attr   = name->dos.attrib;		
+	} else {
+		ZERO_STRUCT(io->generic.out);
+	}
+
+	talloc_free(f);
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  logoff - close all file descriptors open by a vuid
+*/
+NTSTATUS pvfs_logoff(struct ntvfs_module_context *ntvfs,
+		     struct ntvfs_request *req)
+{
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	struct pvfs_file *f, *next;
+
+	/* If pvfs is NULL, we never logged on, and no files are open. */
+	if(pvfs == NULL) {
+		return NT_STATUS_OK;
+	}
+
+	for (f=pvfs->files.list;f;f=next) {
+		next = f->next;
+		if (f->ntvfs->session_info == req->session_info) {
+			talloc_free(f);
+		}
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  exit - close files for the current pid
+*/
+NTSTATUS pvfs_exit(struct ntvfs_module_context *ntvfs,
+		   struct ntvfs_request *req)
+{
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	struct pvfs_file *f, *next;
+
+	for (f=pvfs->files.list;f;f=next) {
+		next = f->next;
+		if (f->ntvfs->session_info == req->session_info &&
+		    f->ntvfs->smbpid == req->smbpid) {
+			talloc_free(f);
+		}
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  change the delete on close flag on an already open file
+*/
+NTSTATUS pvfs_set_delete_on_close(struct pvfs_state *pvfs,
+				  struct ntvfs_request *req, 
+				  struct pvfs_file *f, bool del_on_close)
+{
+	struct odb_lock *lck;
+	NTSTATUS status;
+
+	if ((f->handle->name->dos.attrib & FILE_ATTRIBUTE_READONLY) && del_on_close) {
+		return NT_STATUS_CANNOT_DELETE;
+	}
+	
+	if ((f->handle->name->dos.attrib & FILE_ATTRIBUTE_DIRECTORY) &&
+	    !pvfs_directory_empty(pvfs, f->handle->name)) {
+		return NT_STATUS_DIRECTORY_NOT_EMPTY;
+	}
+
+	if (del_on_close) {
+		f->handle->create_options |= NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
+	} else {
+		f->handle->create_options &= ~NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
+	}
+	
+	lck = odb_lock(req, pvfs->odb_context, &f->handle->odb_locking_key);
+	if (lck == NULL) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	status = odb_set_delete_on_close(lck, del_on_close);
+
+	talloc_free(lck);
+
+	return status;
+}
+
+
+/*
+  determine if a file can be deleted, or if it is prevented by an
+  already open file
+*/
+NTSTATUS pvfs_can_delete(struct pvfs_state *pvfs, 
+			 struct ntvfs_request *req,
+			 struct pvfs_filename *name,
+			 struct odb_lock **lckp)
+{
+	NTSTATUS status;
+	DATA_BLOB key;
+	struct odb_lock *lck;
+	uint32_t share_access;
+	uint32_t access_mask;
+	bool delete_on_close;
+
+	status = pvfs_locking_key(name, name, &key);
+	if (!NT_STATUS_IS_OK(status)) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	lck = odb_lock(req, pvfs->odb_context, &key);
+	if (lck == NULL) {
+		DEBUG(0,("Unable to lock opendb for can_delete\n"));
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	share_access	= NTCREATEX_SHARE_ACCESS_READ |
+			  NTCREATEX_SHARE_ACCESS_WRITE |
+			  NTCREATEX_SHARE_ACCESS_DELETE;
+	access_mask	= SEC_STD_DELETE;
+	delete_on_close	= true;
+
+	status = odb_can_open(lck, name->stream_id,
+			      share_access, access_mask, delete_on_close,
+			      NTCREATEX_DISP_OPEN, false);
+
+	if (NT_STATUS_IS_OK(status)) {
+		status = pvfs_access_check_simple(pvfs, req, name, access_mask);
+	}
+
+	/*
+	 * if it's a sharing violation or we got no oplock
+	 * only keep the lock if the caller requested access
+	 * to the lock
+	 */
+	if (NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION) ||
+	    NT_STATUS_EQUAL(status, NT_STATUS_OPLOCK_NOT_GRANTED)) {
+		if (lckp) {
+			*lckp = lck;
+		} else {
+			talloc_free(lck);
+		}
+	} else if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(lck);
+		if (lckp) {
+			*lckp = NULL;
+		}
+	} else if (lckp) {
+		*lckp = lck;
+	}
+
+	return status;
+}
+
+/*
+  determine if a file can be renamed, or if it is prevented by an
+  already open file
+*/
+NTSTATUS pvfs_can_rename(struct pvfs_state *pvfs, 
+			 struct ntvfs_request *req,
+			 struct pvfs_filename *name,
+			 struct odb_lock **lckp)
+{
+	NTSTATUS status;
+	DATA_BLOB key;
+	struct odb_lock *lck;
+	uint32_t share_access;
+	uint32_t access_mask;
+	bool delete_on_close;
+
+	status = pvfs_locking_key(name, name, &key);
+	if (!NT_STATUS_IS_OK(status)) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	lck = odb_lock(req, pvfs->odb_context, &key);
+	if (lck == NULL) {
+		DEBUG(0,("Unable to lock opendb for can_stat\n"));
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	share_access	= NTCREATEX_SHARE_ACCESS_READ |
+			  NTCREATEX_SHARE_ACCESS_WRITE;
+	access_mask	= SEC_STD_DELETE;
+	delete_on_close	= false;
+
+	status = odb_can_open(lck, name->stream_id,
+			      share_access, access_mask, delete_on_close,
+			      NTCREATEX_DISP_OPEN, false);
+
+	/*
+	 * if it's a sharing violation or we got no oplock
+	 * only keep the lock if the caller requested access
+	 * to the lock
+	 */
+	if (NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION) ||
+	    NT_STATUS_EQUAL(status, NT_STATUS_OPLOCK_NOT_GRANTED)) {
+		if (lckp) {
+			*lckp = lck;
+		} else {
+			talloc_free(lck);
+		}
+	} else if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(lck);
+		if (lckp) {
+			*lckp = NULL;
+		}
+	} else if (lckp) {
+		*lckp = lck;
+	}
+
+	return status;
+}
+
+/*
+  determine if the file size of a file can be changed,
+  or if it is prevented by an already open file
+*/
+NTSTATUS pvfs_can_update_file_size(struct pvfs_state *pvfs,
+				   struct ntvfs_request *req,
+				   struct pvfs_filename *name,
+				   struct odb_lock **lckp)
+{
+	NTSTATUS status;
+	DATA_BLOB key;
+	struct odb_lock *lck;
+	uint32_t share_access;
+	uint32_t access_mask;
+	bool break_to_none;
+	bool delete_on_close;
+
+	status = pvfs_locking_key(name, name, &key);
+	if (!NT_STATUS_IS_OK(status)) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	lck = odb_lock(req, pvfs->odb_context, &key);
+	if (lck == NULL) {
+		DEBUG(0,("Unable to lock opendb for can_stat\n"));
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	share_access	= NTCREATEX_SHARE_ACCESS_READ |
+			  NTCREATEX_SHARE_ACCESS_WRITE |
+			  NTCREATEX_SHARE_ACCESS_DELETE;
+	/*
+	 * this code previous set only SEC_FILE_WRITE_ATTRIBUTE, with
+	 * a comment that this seemed to be wrong, but matched windows
+	 * behaviour. It now appears that this windows behaviour is
+	 * just a bug.
+	 */
+	access_mask	= SEC_FILE_WRITE_ATTRIBUTE | SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA;
+	delete_on_close	= false;
+	break_to_none	= true;
+
+	status = odb_can_open(lck, name->stream_id,
+			      share_access, access_mask, delete_on_close,
+			      NTCREATEX_DISP_OPEN, break_to_none);
+
+	/*
+	 * if it's a sharing violation or we got no oplock
+	 * only keep the lock if the caller requested access
+	 * to the lock
+	 */
+	if (NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION) ||
+	    NT_STATUS_EQUAL(status, NT_STATUS_OPLOCK_NOT_GRANTED)) {
+		if (lckp) {
+			*lckp = lck;
+		} else {
+			talloc_free(lck);
+		}
+	} else if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(lck);
+		if (lckp) {
+			*lckp = NULL;
+		}
+	} else if (lckp) {
+		*lckp = lck;
+	}
+
+	return status;
+}
+
+/*
+  determine if file meta data can be accessed, or if it is prevented by an
+  already open file
+*/
+NTSTATUS pvfs_can_stat(struct pvfs_state *pvfs, 
+		       struct ntvfs_request *req,
+		       struct pvfs_filename *name)
+{
+	NTSTATUS status;
+	DATA_BLOB key;
+	struct odb_lock *lck;
+	uint32_t share_access;
+	uint32_t access_mask;
+	bool delete_on_close;
+
+	status = pvfs_locking_key(name, name, &key);
+	if (!NT_STATUS_IS_OK(status)) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	lck = odb_lock(req, pvfs->odb_context, &key);
+	if (lck == NULL) {
+		DEBUG(0,("Unable to lock opendb for can_stat\n"));
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	share_access	= NTCREATEX_SHARE_ACCESS_READ |
+			  NTCREATEX_SHARE_ACCESS_WRITE;
+	access_mask	= SEC_FILE_READ_ATTRIBUTE;
+	delete_on_close	= false;
+
+	status = odb_can_open(lck, name->stream_id,
+			      share_access, access_mask, delete_on_close,
+			      NTCREATEX_DISP_OPEN, false);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(lck);
+	}
+
+	return status;
+}
+
+
+/*
+  determine if delete on close is set on 
+*/
+bool pvfs_delete_on_close_set(struct pvfs_state *pvfs, struct pvfs_file_handle *h)
+{
+	NTSTATUS status;
+	bool del_on_close;
+
+	status = odb_get_file_infos(pvfs->odb_context, &h->odb_locking_key, 
+				    &del_on_close, NULL);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(1,("WARNING: unable to determine delete on close status for open file\n"));
+		return false;
+	}
+
+	return del_on_close;
+}
diff --git a/source4/ntvfs/posix/pvfs_oplock.c b/source4/ntvfs/posix/pvfs_oplock.c
new file mode 100644
index 0000000..ba5d25d
--- /dev/null
+++ b/source4/ntvfs/posix/pvfs_oplock.c
@@ -0,0 +1,307 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   POSIX NTVFS backend - oplock handling
+
+   Copyright (C) Stefan Metzmacher 2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/messaging/messaging.h"
+#include "lib/messaging/irpc.h"
+#include "system/time.h"
+#include "vfs_posix.h"
+
+
+struct pvfs_oplock {
+	struct pvfs_file_handle *handle;
+	struct pvfs_file *file;
+	uint32_t level;
+	struct timeval break_to_level_II;
+	struct timeval break_to_none;
+	struct imessaging_context *msg_ctx;
+};
+
+static NTSTATUS pvfs_oplock_release_internal(struct pvfs_file_handle *h,
+					     uint8_t oplock_break)
+{
+	struct odb_lock *olck;
+	NTSTATUS status;
+
+	if (h->fd == -1) {
+		return NT_STATUS_FILE_IS_A_DIRECTORY;
+	}
+
+	if (!h->have_opendb_entry) {
+		return NT_STATUS_FOOBAR;
+	}
+
+	if (!h->oplock) {
+		return NT_STATUS_FOOBAR;
+	}
+
+	olck = odb_lock(h, h->pvfs->odb_context, &h->odb_locking_key);
+	if (olck == NULL) {
+		DEBUG(0,("Unable to lock opendb for oplock update\n"));
+		return NT_STATUS_FOOBAR;
+	}
+
+	if (oplock_break == OPLOCK_BREAK_TO_NONE) {
+		h->oplock->level = OPLOCK_NONE;
+	} else if (oplock_break == OPLOCK_BREAK_TO_LEVEL_II) {
+		h->oplock->level = OPLOCK_LEVEL_II;
+	} else {
+		/* fallback to level II in case of a invalid value */
+		DEBUG(1,("unexpected oplock break level[0x%02X]\n", oplock_break));
+		h->oplock->level = OPLOCK_LEVEL_II;
+	}
+	status = odb_update_oplock(olck, h, h->oplock->level);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("Unable to update oplock level for '%s' - %s\n",
+			 h->name->full_name, nt_errstr(status)));
+		talloc_free(olck);
+		return status;
+	}
+
+	talloc_free(olck);
+
+	/* after a break to none, we no longer have an oplock attached */
+	if (h->oplock->level == OPLOCK_NONE) {
+		talloc_free(h->oplock);
+		h->oplock = NULL;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  receive oplock breaks and forward them to the client
+*/
+static void pvfs_oplock_break(struct pvfs_oplock *opl, uint8_t level)
+{
+	NTSTATUS status;
+	struct pvfs_file *f = opl->file;
+	struct pvfs_file_handle *h = opl->handle;
+	struct pvfs_state *pvfs = h->pvfs;
+	struct timeval cur = timeval_current();
+	struct timeval *last = NULL;
+	struct timeval end;
+
+	switch (level) {
+	case OPLOCK_BREAK_TO_LEVEL_II:
+		last = &opl->break_to_level_II;
+		break;
+	case OPLOCK_BREAK_TO_NONE:
+		last = &opl->break_to_none;
+		break;
+	}
+
+	if (!last) {
+		DEBUG(0,("%s: got unexpected level[0x%02X]\n",
+			__FUNCTION__, level));
+		return;
+	}
+
+	if (timeval_is_zero(last)) {
+		/*
+		 * this is the first break we for this level
+		 * remember the time
+		 */
+		*last = cur;
+
+		DEBUG(5,("%s: sending oplock break level %d for '%s' %p\n",
+			__FUNCTION__, level, h->name->original_name, h));
+		status = ntvfs_send_oplock_break(pvfs->ntvfs, f->ntvfs, level);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0,("%s: sending oplock break failed: %s\n",
+				__FUNCTION__, nt_errstr(status)));
+		}
+		return;
+	}
+
+	end = timeval_add(last, pvfs->oplock_break_timeout, 0);
+
+	if (timeval_compare(&cur, &end) < 0) {
+		/*
+		 * If it's not expired just ignore the break
+		 * as we already sent the break request to the client
+		 */
+		DEBUG(0,("%s: do not resend oplock break level %d for '%s' %p\n",
+			__FUNCTION__, level, h->name->original_name, h));
+		return;
+	}
+
+	/*
+	 * If the client did not send a release within the
+	 * oplock break timeout time frame we auto release
+	 * the oplock
+	 */
+	DEBUG(0,("%s: auto release oplock level %d for '%s' %p\n",
+		__FUNCTION__, level, h->name->original_name, h));
+	status = pvfs_oplock_release_internal(h, level);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("%s: failed to auto release the oplock[0x%02X]: %s\n",
+			__FUNCTION__, level, nt_errstr(status)));
+	}
+}
+
+static void pvfs_oplock_break_dispatch(struct imessaging_context *msg,
+				       void *private_data,
+				       uint32_t msg_type,
+				       struct server_id src,
+				       size_t num_fds,
+				       int *fds,
+				       DATA_BLOB *data)
+{
+	struct pvfs_oplock *opl = talloc_get_type(private_data,
+						  struct pvfs_oplock);
+	struct opendb_oplock_break opb;
+
+	if (num_fds != 0) {
+		DBG_WARNING("Received %zu fds, ignoring message\n", num_fds);
+		return;
+	}
+
+	ZERO_STRUCT(opb);
+
+	/* we need to check that this one is for us. See
+	   imessaging_send_ptr() for the other side of this.
+	 */
+	if (data->length == sizeof(struct opendb_oplock_break)) {
+		struct opendb_oplock_break *p;
+		p = (struct opendb_oplock_break *)data->data;
+		opb = *p;
+	} else {
+		DEBUG(0,("%s: ignore oplock break with length[%u]\n",
+			 __location__, (unsigned)data->length));
+		return;
+	}
+	if (opb.file_handle != opl->handle) {
+		return;
+	}
+
+	/*
+	 * maybe we should use ntvfs_setup_async()
+	 */
+	pvfs_oplock_break(opl, opb.level);
+}
+
+static int pvfs_oplock_destructor(struct pvfs_oplock *opl)
+{
+	imessaging_deregister(opl->msg_ctx, MSG_NTVFS_OPLOCK_BREAK, opl);
+	return 0;
+}
+
+NTSTATUS pvfs_setup_oplock(struct pvfs_file *f, uint32_t oplock_granted)
+{
+	NTSTATUS status;
+	struct pvfs_oplock *opl;
+	uint32_t level = OPLOCK_NONE;
+
+	f->handle->oplock = NULL;
+
+	switch (oplock_granted) {
+	case EXCLUSIVE_OPLOCK_RETURN:
+		level = OPLOCK_EXCLUSIVE;
+		break;
+	case BATCH_OPLOCK_RETURN:
+		level = OPLOCK_BATCH;
+		break;
+	case LEVEL_II_OPLOCK_RETURN:
+		level = OPLOCK_LEVEL_II;
+		break;
+	}
+
+	if (level == OPLOCK_NONE) {
+		return NT_STATUS_OK;
+	}
+
+	opl = talloc_zero(f->handle, struct pvfs_oplock);
+	NT_STATUS_HAVE_NO_MEMORY(opl);
+
+	opl->handle	= f->handle;
+	opl->file	= f;
+	opl->level	= level;
+	opl->msg_ctx	= f->pvfs->ntvfs->ctx->msg_ctx;
+
+	status = imessaging_register(opl->msg_ctx,
+				    opl,
+				    MSG_NTVFS_OPLOCK_BREAK,
+				    pvfs_oplock_break_dispatch);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	/* destructor */
+	talloc_set_destructor(opl, pvfs_oplock_destructor);
+
+	f->handle->oplock = opl;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS pvfs_oplock_release(struct ntvfs_module_context *ntvfs,
+			     struct ntvfs_request *req, union smb_lock *lck)
+{
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	struct pvfs_file *f;
+	uint8_t oplock_break;
+	NTSTATUS status;
+
+	f = pvfs_find_fd(pvfs, req, lck->lockx.in.file.ntvfs);
+	if (!f) {
+		return NT_STATUS_INVALID_HANDLE;
+	}
+
+	oplock_break = (lck->lockx.in.mode >> 8) & 0xFF;
+
+	status = pvfs_oplock_release_internal(f->handle, oplock_break);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("%s: failed to release the oplock[0x%02X]: %s\n",
+			__FUNCTION__, oplock_break, nt_errstr(status)));
+		return status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS pvfs_break_level2_oplocks(struct pvfs_file *f)
+{
+	struct pvfs_file_handle *h = f->handle;
+	struct odb_lock *olck;
+	NTSTATUS status;
+
+	if (h->oplock && h->oplock->level != OPLOCK_LEVEL_II) {
+		return NT_STATUS_OK;
+	}
+
+	olck = odb_lock(h, h->pvfs->odb_context, &h->odb_locking_key);
+	if (olck == NULL) {
+		DEBUG(0,("Unable to lock opendb for oplock update\n"));
+		return NT_STATUS_FOOBAR;
+	}
+
+	status = odb_break_oplocks(olck);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("Unable to break level2 oplocks to none for '%s' - %s\n",
+			 h->name->full_name, nt_errstr(status)));
+		talloc_free(olck);
+		return status;
+	}
+
+	talloc_free(olck);
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/ntvfs/posix/pvfs_qfileinfo.c b/source4/ntvfs/posix/pvfs_qfileinfo.c
new file mode 100644
index 0000000..be601a2
--- /dev/null
+++ b/source4/ntvfs/posix/pvfs_qfileinfo.c
@@ -0,0 +1,468 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   POSIX NTVFS backend - read
+
+   Copyright (C) Andrew Tridgell 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "vfs_posix.h"
+#include "librpc/gen_ndr/xattr.h"
+
+
+/*
+  determine what access bits are needed for a call
+*/
+static uint32_t pvfs_fileinfo_access(union smb_fileinfo *info)
+{
+	uint32_t needed;
+
+	switch (info->generic.level) {
+	case RAW_FILEINFO_EA_LIST:
+	case RAW_FILEINFO_ALL_EAS:
+		needed = SEC_FILE_READ_EA;
+		break;
+
+	case RAW_FILEINFO_IS_NAME_VALID:
+		needed = 0;
+		break;
+
+	case RAW_FILEINFO_ACCESS_INFORMATION:
+		needed = 0;
+		break;
+
+	case RAW_FILEINFO_STREAM_INFO:
+	case RAW_FILEINFO_STREAM_INFORMATION:
+		needed = 0;
+		break;
+
+	case RAW_FILEINFO_SEC_DESC:
+		needed = 0;
+		if (info->query_secdesc.in.secinfo_flags & (SECINFO_OWNER|SECINFO_GROUP)) {
+			needed |= SEC_STD_READ_CONTROL;
+		}
+		if (info->query_secdesc.in.secinfo_flags & SECINFO_DACL) {
+			needed |= SEC_STD_READ_CONTROL;
+		}
+		if (info->query_secdesc.in.secinfo_flags & SECINFO_SACL) {
+			needed |= SEC_FLAG_SYSTEM_SECURITY;
+		}
+		break;
+
+	default:
+		needed = SEC_FILE_READ_ATTRIBUTE;
+		break;
+	}
+
+	return needed;
+}
+
+/*
+  reply to a RAW_FILEINFO_EA_LIST call
+*/
+NTSTATUS pvfs_query_ea_list(struct pvfs_state *pvfs, TALLOC_CTX *mem_ctx, 
+			    struct pvfs_filename *name, int fd, 
+			    unsigned int num_names,
+			    struct ea_name *names,
+			    struct smb_ea_list *eas)
+{
+	NTSTATUS status;
+	int i;
+	struct xattr_DosEAs *ealist = talloc(mem_ctx, struct xattr_DosEAs);
+
+	ZERO_STRUCTP(eas);
+	status = pvfs_doseas_load(pvfs, name, fd, ealist);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+	eas->eas = talloc_array(mem_ctx, struct ea_struct, num_names);
+	if (eas->eas == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	eas->num_eas = num_names;
+	for (i=0;i<num_names;i++) {
+		int j;
+		eas->eas[i].flags = 0;
+		eas->eas[i].name.s = names[i].name.s;
+		eas->eas[i].value = data_blob(NULL, 0);
+		for (j=0;j<ealist->num_eas;j++) {
+			if (strcasecmp_m(eas->eas[i].name.s, 
+				       ealist->eas[j].name) == 0) {
+				if (ealist->eas[j].value.length == 0) {
+					continue;
+				}
+				eas->eas[i].value = ealist->eas[j].value;
+				break;
+			}
+		}
+	}
+	return NT_STATUS_OK;
+}
+
+/*
+  reply to a RAW_FILEINFO_ALL_EAS call
+*/
+static NTSTATUS pvfs_query_all_eas(struct pvfs_state *pvfs, TALLOC_CTX *mem_ctx, 
+				   struct pvfs_filename *name, int fd, 
+				   struct smb_ea_list *eas)
+{
+	NTSTATUS status;
+	int i;
+	struct xattr_DosEAs *ealist = talloc(mem_ctx, struct xattr_DosEAs);
+
+	ZERO_STRUCTP(eas);
+	status = pvfs_doseas_load(pvfs, name, fd, ealist);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+	eas->eas = talloc_array(mem_ctx, struct ea_struct, ealist->num_eas);
+	if (eas->eas == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	eas->num_eas = 0;
+	for (i=0;i<ealist->num_eas;i++) {
+		eas->eas[eas->num_eas].flags = 0;
+		eas->eas[eas->num_eas].name.s = ealist->eas[i].name;
+		if (ealist->eas[i].value.length == 0) {
+			continue;
+		}
+		eas->eas[eas->num_eas].value = ealist->eas[i].value;
+		eas->num_eas++;
+	}
+	return NT_STATUS_OK;
+}
+
+/*
+  approximately map a struct pvfs_filename to a generic fileinfo struct
+*/
+static NTSTATUS pvfs_map_fileinfo(struct pvfs_state *pvfs, 
+				  struct ntvfs_request *req,
+				  struct pvfs_filename *name, union smb_fileinfo *info, 
+				  int fd)
+{
+	switch (info->generic.level) {
+	case RAW_FILEINFO_GETATTR:
+		info->getattr.out.attrib     = name->dos.attrib;
+		info->getattr.out.size       = name->st.st_size;
+		info->getattr.out.write_time = nt_time_to_unix(name->dos.write_time);
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_GETATTRE:
+	case RAW_FILEINFO_STANDARD:
+		info->standard.out.create_time = nt_time_to_unix(name->dos.create_time);
+		info->standard.out.access_time = nt_time_to_unix(name->dos.access_time);
+		info->standard.out.write_time  = nt_time_to_unix(name->dos.write_time);
+		info->standard.out.size        = name->st.st_size;
+		info->standard.out.alloc_size  = name->dos.alloc_size;
+		info->standard.out.attrib      = name->dos.attrib;
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_EA_SIZE:
+		info->ea_size.out.create_time = nt_time_to_unix(name->dos.create_time);
+		info->ea_size.out.access_time = nt_time_to_unix(name->dos.access_time);
+		info->ea_size.out.write_time  = nt_time_to_unix(name->dos.write_time);
+		info->ea_size.out.size        = name->st.st_size;
+		info->ea_size.out.alloc_size  = name->dos.alloc_size;
+		info->ea_size.out.attrib      = name->dos.attrib;
+		info->ea_size.out.ea_size     = name->dos.ea_size;
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_EA_LIST:
+		return pvfs_query_ea_list(pvfs, req, name, fd, 
+					  info->ea_list.in.num_names,
+					  info->ea_list.in.ea_names, 
+					  &info->ea_list.out);
+
+	case RAW_FILEINFO_ALL_EAS:
+		return pvfs_query_all_eas(pvfs, req, name, fd, &info->all_eas.out);
+
+	case RAW_FILEINFO_SMB2_ALL_EAS: {
+		NTSTATUS status = pvfs_query_all_eas(pvfs, req, name, fd, &info->all_eas.out);
+		if (NT_STATUS_IS_OK(status) &&
+		    info->all_eas.out.num_eas == 0) {
+			return NT_STATUS_NO_EAS_ON_FILE;
+		}
+		return status;
+	}
+
+	case RAW_FILEINFO_IS_NAME_VALID:
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_BASIC_INFO:
+	case RAW_FILEINFO_BASIC_INFORMATION:
+		info->basic_info.out.create_time = name->dos.create_time;
+		info->basic_info.out.access_time = name->dos.access_time;
+		info->basic_info.out.write_time  = name->dos.write_time;
+		info->basic_info.out.change_time = name->dos.change_time;
+		info->basic_info.out.attrib      = name->dos.attrib;
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_STANDARD_INFO:
+	case RAW_FILEINFO_STANDARD_INFORMATION:
+		info->standard_info.out.alloc_size     = name->dos.alloc_size;
+		info->standard_info.out.size           = name->st.st_size;
+		info->standard_info.out.nlink          = name->dos.nlink;
+		info->standard_info.out.delete_pending = 0; /* only for qfileinfo */
+		info->standard_info.out.directory   = 
+			(name->dos.attrib & FILE_ATTRIBUTE_DIRECTORY)? 1 : 0;
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_EA_INFO:
+	case RAW_FILEINFO_EA_INFORMATION:
+		info->ea_info.out.ea_size = name->dos.ea_size;
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_NAME_INFO:
+	case RAW_FILEINFO_NAME_INFORMATION:
+		if (req->ctx->protocol >= PROTOCOL_SMB2_02) {
+			/* strange that SMB2 doesn't have this */
+			return NT_STATUS_NOT_SUPPORTED;
+		}
+		info->name_info.out.fname.s = name->original_name;
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_ALL_INFO:
+	case RAW_FILEINFO_ALL_INFORMATION:
+		info->all_info.out.create_time    = name->dos.create_time;
+		info->all_info.out.access_time    = name->dos.access_time;
+		info->all_info.out.write_time     = name->dos.write_time;
+		info->all_info.out.change_time    = name->dos.change_time;
+		info->all_info.out.attrib         = name->dos.attrib;
+		info->all_info.out.alloc_size     = name->dos.alloc_size;
+		info->all_info.out.size           = name->st.st_size;
+		info->all_info.out.nlink          = name->dos.nlink;
+		info->all_info.out.delete_pending = 0; /* only set by qfileinfo */
+		info->all_info.out.directory      = 
+			(name->dos.attrib & FILE_ATTRIBUTE_DIRECTORY)? 1 : 0;
+		info->all_info.out.ea_size        = name->dos.ea_size;
+		info->all_info.out.fname.s        = name->original_name;
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_ALT_NAME_INFO:
+	case RAW_FILEINFO_ALT_NAME_INFORMATION:
+	case RAW_FILEINFO_SMB2_ALT_NAME_INFORMATION:
+		info->name_info.out.fname.s = pvfs_short_name(pvfs, name, name);
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_STREAM_INFO:
+	case RAW_FILEINFO_STREAM_INFORMATION:
+		return pvfs_stream_information(pvfs, req, name, fd, &info->stream_info.out);
+
+	case RAW_FILEINFO_COMPRESSION_INFO:
+	case RAW_FILEINFO_COMPRESSION_INFORMATION:
+		info->compression_info.out.compressed_size = name->st.st_size;
+		info->compression_info.out.format          = 0;
+		info->compression_info.out.unit_shift      = 0;
+		info->compression_info.out.chunk_shift     = 0;
+		info->compression_info.out.cluster_shift   = 0;
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_INTERNAL_INFORMATION:
+		info->internal_information.out.file_id = name->dos.file_id;
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_ACCESS_INFORMATION:
+		info->access_information.out.access_flags = 0; /* only set by qfileinfo */
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_POSITION_INFORMATION:
+		info->position_information.out.position = 0; /* only set by qfileinfo */
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_MODE_INFORMATION:
+		info->mode_information.out.mode = 0; /* only set by qfileinfo */
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_ALIGNMENT_INFORMATION:
+		info->alignment_information.out.alignment_requirement = 0;
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_NETWORK_OPEN_INFORMATION:
+		info->network_open_information.out.create_time = name->dos.create_time;
+		info->network_open_information.out.access_time = name->dos.access_time;
+		info->network_open_information.out.write_time  = name->dos.write_time;
+		info->network_open_information.out.change_time = name->dos.change_time;
+		info->network_open_information.out.alloc_size  = name->dos.alloc_size;
+		info->network_open_information.out.size        = name->st.st_size;
+		info->network_open_information.out.attrib      = name->dos.attrib;
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_ATTRIBUTE_TAG_INFORMATION:
+		info->attribute_tag_information.out.attrib      = name->dos.attrib;
+		info->attribute_tag_information.out.reparse_tag = 0;
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_SEC_DESC:
+		return pvfs_acl_query(pvfs, req, name, fd, info);
+
+	case RAW_FILEINFO_SMB2_ALL_INFORMATION:
+		info->all_info2.out.create_time    = name->dos.create_time;
+		info->all_info2.out.access_time    = name->dos.access_time;
+		info->all_info2.out.write_time     = name->dos.write_time;
+		info->all_info2.out.change_time    = name->dos.change_time;
+		info->all_info2.out.attrib         = name->dos.attrib;
+		info->all_info2.out.unknown1       = 0;
+		info->all_info2.out.alloc_size     = name->dos.alloc_size;
+		info->all_info2.out.size           = name->st.st_size;
+		info->all_info2.out.nlink          = name->dos.nlink;
+		info->all_info2.out.delete_pending = 0; /* only set by qfileinfo */
+		info->all_info2.out.directory      = 
+			(name->dos.attrib & FILE_ATTRIBUTE_DIRECTORY)? 1 : 0;
+		info->all_info2.out.file_id        = name->dos.file_id;
+		info->all_info2.out.ea_size        = name->dos.ea_size;
+		info->all_info2.out.access_mask    = 0; /* only set by qfileinfo */
+		info->all_info2.out.position       = 0; /* only set by qfileinfo */
+		info->all_info2.out.mode           = 0; /* only set by qfileinfo */
+		info->all_info2.out.alignment_requirement = 0;
+		/* windows wants the full path on disk for this
+		   result, but I really don't want to expose that on
+		   the wire, so I'll give the path with a share
+		   prefix, which is a good approximation */
+		info->all_info2.out.fname.s = talloc_asprintf(req, "\\%s\\%s",
+							      pvfs->share_name, 
+							      name->original_name);
+		NT_STATUS_HAVE_NO_MEMORY(info->all_info2.out.fname.s);
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_GENERIC:
+	case RAW_FILEINFO_UNIX_BASIC:
+	case RAW_FILEINFO_UNIX_INFO2:
+	case RAW_FILEINFO_UNIX_LINK:
+		return NT_STATUS_INVALID_LEVEL;
+	case RAW_FILEINFO_NORMALIZED_NAME_INFORMATION:
+		return NT_STATUS_NOT_SUPPORTED;
+	}
+
+	return NT_STATUS_INVALID_LEVEL;
+}
+
+/*
+  return info on a pathname
+*/
+NTSTATUS pvfs_qpathinfo(struct ntvfs_module_context *ntvfs,
+		        struct ntvfs_request *req, union smb_fileinfo *info)
+{
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	struct pvfs_filename *name;
+	NTSTATUS status;
+
+	/* resolve the cifs name to a posix name */
+	status = pvfs_resolve_name(pvfs, req, info->generic.in.file.path, PVFS_RESOLVE_STREAMS, &name);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (!name->stream_exists) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	status = pvfs_can_stat(pvfs, req, name);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	status = pvfs_access_check_simple(pvfs, req, name, 
+					  pvfs_fileinfo_access(info));
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	status = pvfs_map_fileinfo(pvfs, req, name, info, -1);
+
+	return status;
+}
+
+/*
+  query info on a open file
+*/
+NTSTATUS pvfs_qfileinfo(struct ntvfs_module_context *ntvfs,
+		        struct ntvfs_request *req, union smb_fileinfo *info)
+{
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	struct pvfs_file *f;
+	struct pvfs_file_handle *h;
+	NTSTATUS status;
+	uint32_t access_needed;
+
+	f = pvfs_find_fd(pvfs, req, info->generic.in.file.ntvfs);
+	if (!f) {
+		return NT_STATUS_INVALID_HANDLE;
+	}
+	h = f->handle;
+
+	access_needed = pvfs_fileinfo_access(info);
+	if ((f->access_mask & access_needed) != access_needed) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	/* update the file information */
+	status = pvfs_resolve_name_handle(pvfs, h);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+	
+	status = pvfs_map_fileinfo(pvfs, req, h->name, info, h->fd);
+
+	/* a qfileinfo can fill in a bit more info than a qpathinfo -
+	   now modify the levels that need to be fixed up */
+	switch (info->generic.level) {
+	case RAW_FILEINFO_STANDARD_INFO:
+	case RAW_FILEINFO_STANDARD_INFORMATION:
+		if (pvfs_delete_on_close_set(pvfs, h)) {
+			info->standard_info.out.delete_pending = 1;
+			info->standard_info.out.nlink--;
+		}
+		break;
+
+	case RAW_FILEINFO_ALL_INFO:
+	case RAW_FILEINFO_ALL_INFORMATION:
+		if (pvfs_delete_on_close_set(pvfs, h)) {
+			info->all_info.out.delete_pending = 1;
+			info->all_info.out.nlink--;
+		}
+		break;
+
+	case RAW_FILEINFO_POSITION_INFORMATION:
+		info->position_information.out.position = h->position;
+		break;
+
+	case RAW_FILEINFO_ACCESS_INFORMATION:
+		info->access_information.out.access_flags = f->access_mask;
+		break;
+
+	case RAW_FILEINFO_MODE_INFORMATION:
+		info->mode_information.out.mode = h->mode;
+		break;
+
+	case RAW_FILEINFO_SMB2_ALL_INFORMATION:
+		if (pvfs_delete_on_close_set(pvfs, h)) {
+			info->all_info2.out.delete_pending = 1;
+			info->all_info2.out.nlink--;
+		}
+		info->all_info2.out.position	= h->position;
+		info->all_info2.out.access_mask	= f->access_mask;
+		info->all_info2.out.mode	= h->mode;
+		break;
+
+	default:
+		break;
+	}
+	
+	return status;
+}
diff --git a/source4/ntvfs/posix/pvfs_read.c b/source4/ntvfs/posix/pvfs_read.c
new file mode 100644
index 0000000..09eedd5
--- /dev/null
+++ b/source4/ntvfs/posix/pvfs_read.c
@@ -0,0 +1,103 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   POSIX NTVFS backend - read
+
+   Copyright (C) Andrew Tridgell 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "vfs_posix.h"
+#include "lib/events/events.h"
+
+/*
+  read from a file
+*/
+NTSTATUS pvfs_read(struct ntvfs_module_context *ntvfs,
+		   struct ntvfs_request *req, union smb_read *rd)
+{
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	ssize_t ret;
+	struct pvfs_file *f;
+	NTSTATUS status;
+	uint32_t maxcnt;
+	uint32_t mask;
+
+	if (rd->generic.level != RAW_READ_READX) {
+		return ntvfs_map_read(ntvfs, req, rd);
+	}
+
+	f = pvfs_find_fd(pvfs, req, rd->readx.in.file.ntvfs);
+	if (!f) {
+		return NT_STATUS_INVALID_HANDLE;
+	}
+
+	if (f->handle->fd == -1) {
+		return NT_STATUS_INVALID_DEVICE_REQUEST;
+	}
+
+	mask = SEC_FILE_READ_DATA;
+	if (rd->readx.in.read_for_execute) {
+		mask |= SEC_FILE_EXECUTE;
+	}
+	if (!(f->access_mask & mask)) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	maxcnt = rd->readx.in.maxcnt;
+	if (maxcnt > 2*UINT16_MAX && req->ctx->protocol < PROTOCOL_SMB2_02) {
+		DEBUG(3,(__location__ ": Invalid SMB maxcnt 0x%x\n", maxcnt));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	status = pvfs_check_lock(pvfs, f, req->smbpid, 
+				 rd->readx.in.offset,
+				 maxcnt,
+				 READ_LOCK);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (f->handle->name->stream_name) {
+		ret = pvfs_stream_read(pvfs, f->handle, 
+				       rd->readx.out.data, maxcnt, rd->readx.in.offset);
+	} else {
+		ret = pread(f->handle->fd, 
+			    rd->readx.out.data, 
+			    maxcnt,
+			    rd->readx.in.offset);
+	}
+	if (ret == -1) {
+		return pvfs_map_errno(pvfs, errno);
+	}
+
+	/* only SMB2 honors mincnt */
+	if (req->ctx->protocol >= PROTOCOL_SMB2_02) {
+		if (rd->readx.in.mincnt > ret ||
+		    (ret == 0 && maxcnt > 0)) {
+			return NT_STATUS_END_OF_FILE;
+		}
+	}
+
+	f->handle->position = f->handle->seek_offset = rd->readx.in.offset + ret;
+
+	rd->readx.out.nread = ret;
+	rd->readx.out.remaining = 0xFFFF;
+	rd->readx.out.compaction_mode = 0; 
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/ntvfs/posix/pvfs_rename.c b/source4/ntvfs/posix/pvfs_rename.c
new file mode 100644
index 0000000..4327161
--- /dev/null
+++ b/source4/ntvfs/posix/pvfs_rename.c
@@ -0,0 +1,675 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   POSIX NTVFS backend - rename
+
+   Copyright (C) Andrew Tridgell 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "vfs_posix.h"
+#include "librpc/gen_ndr/security.h"
+#include "param/param.h"
+
+
+/*
+  do a file rename, and send any notify triggers
+*/
+NTSTATUS pvfs_do_rename(struct pvfs_state *pvfs,
+			struct odb_lock *lck,
+			const struct pvfs_filename *name1,
+			const char *name2)
+{
+	const char *r1, *r2;
+	uint32_t mask;
+	NTSTATUS status;
+
+	if (pvfs_sys_rename(pvfs, name1->full_name, name2,
+			    name1->allow_override) == -1) {
+		return pvfs_map_errno(pvfs, errno);
+	}
+
+	status = odb_rename(lck, name2);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	if (name1->dos.attrib & FILE_ATTRIBUTE_DIRECTORY) {
+		mask = FILE_NOTIFY_CHANGE_DIR_NAME;
+	} else {
+		mask = FILE_NOTIFY_CHANGE_FILE_NAME;
+	}
+	/* 
+	   renames to the same directory cause a OLD_NAME->NEW_NAME notify.
+	   renames to a different directory are considered a remove/add 
+	*/
+	r1 = strrchr_m(name1->full_name, '/');
+	r2 = strrchr_m(name2, '/');
+
+	if ((r1-name1->full_name) != (r2-name2) ||
+	    strncmp(name1->full_name, name2, r1-name1->full_name) != 0) {
+		notify_trigger(pvfs->notify_context, 
+			       NOTIFY_ACTION_REMOVED, 
+			       mask,
+			       name1->full_name);
+		notify_trigger(pvfs->notify_context, 
+			       NOTIFY_ACTION_ADDED, 
+			       mask,
+			       name2);
+	} else {
+		notify_trigger(pvfs->notify_context, 
+			       NOTIFY_ACTION_OLD_NAME, 
+			       mask,
+			       name1->full_name);
+		notify_trigger(pvfs->notify_context, 
+			       NOTIFY_ACTION_NEW_NAME, 
+			       mask,
+			       name2);
+	}
+
+	/* this is a strange one. w2k3 gives an additional event for CHANGE_ATTRIBUTES
+	   and CHANGE_CREATION on the new file when renaming files, but not 
+	   directories */
+	if ((name1->dos.attrib & FILE_ATTRIBUTE_DIRECTORY) == 0) {
+		notify_trigger(pvfs->notify_context, 
+			       NOTIFY_ACTION_MODIFIED, 
+			       FILE_NOTIFY_CHANGE_ATTRIBUTES|FILE_NOTIFY_CHANGE_CREATION,
+			       name2);
+	}
+	
+	return NT_STATUS_OK;
+}
+
+
+/*
+  resolve a wildcard rename pattern. This works on one component of the name
+*/
+static const char *pvfs_resolve_wildcard_component(TALLOC_CTX *mem_ctx, 
+						   const char *fname, 
+						   const char *pattern)
+{
+	const char *p1, *p2;
+	char *dest, *d;
+
+	/* the length is bounded by the length of the two strings combined */
+	dest = talloc_array(mem_ctx, char, strlen(fname) + strlen(pattern) + 1);
+	if (dest == NULL) {
+		return NULL;
+	}
+
+	p1 = fname;
+	p2 = pattern;
+	d = dest;
+
+	while (*p2) {
+		codepoint_t c1, c2;
+		size_t c_size1, c_size2;
+		c1 = next_codepoint(p1, &c_size1);
+		c2 = next_codepoint(p2, &c_size2);
+		if (c2 == '?') {
+			d += push_codepoint(d, c1);
+		} else if (c2 == '*') {
+			memcpy(d, p1, strlen(p1));
+			d += strlen(p1);
+			break;
+		} else {
+			d += push_codepoint(d, c2);
+		}
+
+		p1 += c_size1;
+		p2 += c_size2;
+	}
+
+	*d = 0;
+
+	talloc_set_name_const(dest, dest);
+
+	return dest;
+}
+
+/*
+  resolve a wildcard rename pattern.
+*/
+static const char *pvfs_resolve_wildcard(TALLOC_CTX *mem_ctx, 
+					 const char *fname, 
+					 const char *pattern)
+{
+	const char *base1, *base2;
+	const char *ext1, *ext2;
+	char *p;
+
+	/* break into base part plus extension */
+	p = strrchr_m(fname, '.');
+	if (p == NULL) {
+		ext1 = "";
+		base1 = fname;
+	} else {
+		ext1 = talloc_strdup(mem_ctx, p+1);
+		base1 = talloc_strndup(mem_ctx, fname, p-fname);
+	}
+	if (ext1 == NULL || base1 == NULL) {
+		return NULL;
+	}
+
+	p = strrchr_m(pattern, '.');
+	if (p == NULL) {
+		ext2 = "";
+		base2 = fname;
+	} else {
+		ext2 = talloc_strdup(mem_ctx, p+1);
+		base2 = talloc_strndup(mem_ctx, pattern, p-pattern);
+	}
+	if (ext2 == NULL || base2 == NULL) {
+		return NULL;
+	}
+
+	base1 = pvfs_resolve_wildcard_component(mem_ctx, base1, base2);
+	ext1 = pvfs_resolve_wildcard_component(mem_ctx, ext1, ext2);
+	if (base1 == NULL || ext1 == NULL) {
+		return NULL;
+	}
+
+	if (*ext1 == 0) {
+		return base1;
+	}
+
+	return talloc_asprintf(mem_ctx, "%s.%s", base1, ext1);
+}
+
+/*
+  retry an rename after a sharing violation
+*/
+static void pvfs_retry_rename(struct pvfs_odb_retry *r,
+			      struct ntvfs_module_context *ntvfs,
+			      struct ntvfs_request *req,
+			      void *_io,
+			      void *private_data,
+			      enum pvfs_wait_notice reason)
+{
+	union smb_rename *io = talloc_get_type(_io, union smb_rename);
+	NTSTATUS status = NT_STATUS_INTERNAL_ERROR;
+
+	talloc_free(r);
+
+	switch (reason) {
+	case PVFS_WAIT_CANCEL:
+/*TODO*/
+		status = NT_STATUS_CANCELLED;
+		break;
+	case PVFS_WAIT_TIMEOUT:
+		/* if it timed out, then give the failure
+		   immediately */
+/*TODO*/
+		status = NT_STATUS_SHARING_VIOLATION;
+		break;
+	case PVFS_WAIT_EVENT:
+
+		/* try the open again, which could trigger another retry setup
+		   if it wants to, so we have to unmark the async flag so we
+		   will know if it does a second async reply */
+		req->async_states->state &= ~NTVFS_ASYNC_STATE_ASYNC;
+
+		status = pvfs_rename(ntvfs, req, io);
+		if (req->async_states->state & NTVFS_ASYNC_STATE_ASYNC) {
+			/* the 2nd try also replied async, so we don't send
+			   the reply yet */
+			return;
+		}
+
+		/* re-mark it async, just in case someone up the chain does
+		   paranoid checking */
+		req->async_states->state |= NTVFS_ASYNC_STATE_ASYNC;
+		break;
+	}
+
+	/* send the reply up the chain */
+	req->async_states->status = status;
+	req->async_states->send_fn(req);
+}
+
+/*
+  setup for a rename retry after a sharing violation
+  or a non granted oplock
+*/
+static NTSTATUS pvfs_rename_setup_retry(struct ntvfs_module_context *ntvfs,
+					struct ntvfs_request *req,
+					union smb_rename *io,
+					struct odb_lock *lck,
+					NTSTATUS status)
+{
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	struct timeval end_time;
+
+	if (NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION)) {
+		end_time = timeval_add(&req->statistics.request_time,
+				       0, pvfs->sharing_violation_delay);
+	} else if (NT_STATUS_EQUAL(status, NT_STATUS_OPLOCK_NOT_GRANTED)) {
+		end_time = timeval_add(&req->statistics.request_time,
+				       pvfs->oplock_break_timeout, 0);
+	} else {
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	return pvfs_odb_retry_setup(ntvfs, req, lck, end_time, io, NULL,
+				    pvfs_retry_rename);
+}
+
+/*
+  rename one file from a wildcard set
+*/
+static NTSTATUS pvfs_rename_one(struct pvfs_state *pvfs, 
+				struct ntvfs_request *req, 
+				const char *dir_path,
+				const char *fname1,
+				const char *fname2,
+				uint16_t attrib)
+{
+	struct pvfs_filename *name1, *name2;
+	TALLOC_CTX *mem_ctx = talloc_new(req);
+	struct odb_lock *lck = NULL;
+	NTSTATUS status;
+
+	/* resolve the wildcard pattern for this name */
+	fname2 = pvfs_resolve_wildcard(mem_ctx, fname1, fname2);
+	if (fname2 == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* get a pvfs_filename source object */
+	status = pvfs_resolve_partial(pvfs, mem_ctx, 
+				      dir_path, fname1,
+				      PVFS_RESOLVE_NO_OPENDB,
+				      &name1);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto failed;
+	}
+
+	/* make sure its matches the given attributes */
+	status = pvfs_match_attrib(pvfs, name1, attrib, 0);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto failed;
+	}
+
+	status = pvfs_can_rename(pvfs, req, name1, &lck);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(lck);
+		goto failed;
+	}
+
+	/* get a pvfs_filename dest object */
+	status = pvfs_resolve_partial(pvfs, mem_ctx, 
+				      dir_path, fname2,
+				      PVFS_RESOLVE_NO_OPENDB,
+				      &name2);
+	if (NT_STATUS_IS_OK(status)) {
+		status = pvfs_can_delete(pvfs, req, name2, NULL);
+		if (!NT_STATUS_IS_OK(status)) {
+			goto failed;
+		}
+	}
+
+	status = NT_STATUS_OK;
+
+	fname2 = talloc_asprintf(mem_ctx, "%s/%s", dir_path, fname2);
+	if (fname2 == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	status = pvfs_do_rename(pvfs, lck, name1, fname2);
+
+failed:
+	talloc_free(mem_ctx);
+	return status;
+}
+
+
+/*
+  rename a set of files with wildcards
+*/
+static NTSTATUS pvfs_rename_wildcard(struct pvfs_state *pvfs, 
+				     struct ntvfs_request *req, 
+				     union smb_rename *ren, 
+				     struct pvfs_filename *name1, 
+				     struct pvfs_filename *name2)
+{
+	struct pvfs_dir *dir;
+	NTSTATUS status;
+	off_t ofs = 0;
+	const char *fname, *fname2, *dir_path;
+	uint16_t attrib = ren->rename.in.attrib;
+	int total_renamed = 0;
+
+	/* get list of matching files */
+	status = pvfs_list_start(pvfs, name1, req, &dir);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	status = NT_STATUS_NO_SUCH_FILE;
+
+	dir_path = pvfs_list_unix_path(dir);
+
+	/* only allow wildcard renames within a directory */
+	if (strncmp(dir_path, name2->full_name, strlen(dir_path)) != 0 ||
+	    name2->full_name[strlen(dir_path)] != '/' ||
+	    strchr(name2->full_name + strlen(dir_path) + 1, '/')) {
+		DEBUG(3,(__location__ ": Invalid rename for %s -> %s\n",
+			 name1->original_name, name2->original_name));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	fname2 = talloc_strdup(name2, name2->full_name + strlen(dir_path) + 1);
+	if (fname2 == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	while ((fname = pvfs_list_next(dir, &ofs))) {
+		status = pvfs_rename_one(pvfs, req, 
+					 dir_path,
+					 fname, fname2, attrib);
+		if (NT_STATUS_IS_OK(status)) {
+			total_renamed++;
+		}
+	}
+
+	if (total_renamed == 0) {
+		return status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  rename a set of files - SMBmv interface
+*/
+static NTSTATUS pvfs_rename_mv(struct ntvfs_module_context *ntvfs,
+			       struct ntvfs_request *req, union smb_rename *ren)
+{
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	NTSTATUS status;
+	struct pvfs_filename *name1, *name2;
+	struct odb_lock *lck = NULL;
+
+	/* resolve the cifs name to a posix name */
+	status = pvfs_resolve_name(pvfs, req, ren->rename.in.pattern1, 
+				   PVFS_RESOLVE_WILDCARD, &name1);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	status = pvfs_resolve_name(pvfs, req, ren->rename.in.pattern2, 
+				   PVFS_RESOLVE_WILDCARD, &name2);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (name1->has_wildcard || name2->has_wildcard) {
+		return pvfs_rename_wildcard(pvfs, req, ren, name1, name2);
+	}
+
+	if (!name1->exists) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	if (strcmp(name1->full_name, name2->full_name) == 0) {
+		return NT_STATUS_OK;
+	}
+
+	if (name2->exists) {
+		return NT_STATUS_OBJECT_NAME_COLLISION;
+	}
+
+	status = pvfs_match_attrib(pvfs, name1, ren->rename.in.attrib, 0);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	status = pvfs_access_check_parent(pvfs, req, name2, SEC_DIR_ADD_FILE);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	status = pvfs_can_rename(pvfs, req, name1, &lck);
+	/*
+	 * on a sharing violation we need to retry when the file is closed by
+	 * the other user, or after 1 second
+	 * on a non granted oplock we need to retry when the file is closed by
+	 * the other user, or after 30 seconds
+	 */
+	if ((NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION) ||
+	     NT_STATUS_EQUAL(status, NT_STATUS_OPLOCK_NOT_GRANTED)) &&
+	    (req->async_states->state & NTVFS_ASYNC_STATE_MAY_ASYNC)) {
+		return pvfs_rename_setup_retry(pvfs->ntvfs, req, ren, lck, status);
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	status = pvfs_do_rename(pvfs, lck, name1, name2->full_name);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+	
+	return NT_STATUS_OK;
+}
+
+
+/*
+  rename a stream
+*/
+static NTSTATUS pvfs_rename_stream(struct ntvfs_module_context *ntvfs,
+				   struct ntvfs_request *req, union smb_rename *ren,
+				   struct pvfs_filename *name1)
+{
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	NTSTATUS status;
+	struct odb_lock *lck = NULL;
+
+	if (name1->has_wildcard) {
+		DEBUG(3,(__location__ ": Invalid wildcard rename for %s\n",
+			 name1->original_name));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (ren->ntrename.in.new_name[0] != ':') {
+		DEBUG(3,(__location__ ": Invalid rename for %s\n",
+			 ren->ntrename.in.new_name));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (!name1->exists) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	if (ren->ntrename.in.flags != RENAME_FLAG_RENAME) {
+		DEBUG(3,(__location__ ": Invalid rename flags 0x%x for %s\n",
+			 ren->ntrename.in.flags, ren->ntrename.in.new_name));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	status = pvfs_can_rename(pvfs, req, name1, &lck);
+	/*
+	 * on a sharing violation we need to retry when the file is closed by
+	 * the other user, or after 1 second
+	 * on a non granted oplock we need to retry when the file is closed by
+	 * the other user, or after 30 seconds
+	 */
+	if ((NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION) ||
+	     NT_STATUS_EQUAL(status, NT_STATUS_OPLOCK_NOT_GRANTED)) &&
+	    (req->async_states->state & NTVFS_ASYNC_STATE_MAY_ASYNC)) {
+		return pvfs_rename_setup_retry(pvfs->ntvfs, req, ren, lck, status);
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	status = pvfs_access_check_simple(pvfs, req, name1, SEC_FILE_WRITE_ATTRIBUTE);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	status = pvfs_stream_rename(pvfs, name1, -1, 
+				    ren->ntrename.in.new_name+1, 
+				    true);
+	NT_STATUS_NOT_OK_RETURN(status);
+	
+	return NT_STATUS_OK;
+}
+
+/*
+  rename a set of files - ntrename interface
+*/
+static NTSTATUS pvfs_rename_nt(struct ntvfs_module_context *ntvfs,
+			       struct ntvfs_request *req, union smb_rename *ren)
+{
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	NTSTATUS status;
+	struct pvfs_filename *name1, *name2;
+	struct odb_lock *lck = NULL;
+
+	switch (ren->ntrename.in.flags) {
+	case RENAME_FLAG_RENAME:
+	case RENAME_FLAG_HARD_LINK:
+	case RENAME_FLAG_COPY:
+	case RENAME_FLAG_MOVE_CLUSTER_INFORMATION:
+		break;
+	default:
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	/* resolve the cifs name to a posix name */
+	status = pvfs_resolve_name(pvfs, req, ren->ntrename.in.old_name, 
+				   PVFS_RESOLVE_WILDCARD | PVFS_RESOLVE_STREAMS, &name1);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (name1->stream_name) {
+		/* stream renames need to be handled separately */
+		return pvfs_rename_stream(ntvfs, req, ren, name1);
+	}
+
+	status = pvfs_resolve_name(pvfs, req, ren->ntrename.in.new_name, 
+				   PVFS_RESOLVE_WILDCARD, &name2);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (name1->has_wildcard || name2->has_wildcard) {
+		return NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
+	}
+
+	if (!name1->exists) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	if (strcmp(name1->full_name, name2->full_name) == 0) {
+		return NT_STATUS_OK;
+	}
+
+	if (name2->exists) {
+		return NT_STATUS_OBJECT_NAME_COLLISION;
+	}
+
+	status = pvfs_match_attrib(pvfs, name1, ren->ntrename.in.attrib, 0);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	status = pvfs_can_rename(pvfs, req, name1, &lck);
+	/*
+	 * on a sharing violation we need to retry when the file is closed by
+	 * the other user, or after 1 second
+	 * on a non granted oplock we need to retry when the file is closed by
+	 * the other user, or after 30 seconds
+	 */
+	if ((NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION) ||
+	     NT_STATUS_EQUAL(status, NT_STATUS_OPLOCK_NOT_GRANTED)) &&
+	    (req->async_states->state & NTVFS_ASYNC_STATE_MAY_ASYNC)) {
+		return pvfs_rename_setup_retry(pvfs->ntvfs, req, ren, lck, status);
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	switch (ren->ntrename.in.flags) {
+	case RENAME_FLAG_RENAME:
+		status = pvfs_access_check_parent(pvfs, req, name2, SEC_DIR_ADD_FILE);
+		NT_STATUS_NOT_OK_RETURN(status);
+		status = pvfs_do_rename(pvfs, lck, name1, name2->full_name);
+		NT_STATUS_NOT_OK_RETURN(status);
+		break;
+
+	case RENAME_FLAG_HARD_LINK:
+		status = pvfs_access_check_parent(pvfs, req, name2, SEC_DIR_ADD_FILE);
+		NT_STATUS_NOT_OK_RETURN(status);
+		if (link(name1->full_name, name2->full_name) == -1) {
+			return pvfs_map_errno(pvfs, errno);
+		}
+		break;
+
+	case RENAME_FLAG_COPY:
+		status = pvfs_access_check_parent(pvfs, req, name2, SEC_DIR_ADD_FILE);
+		NT_STATUS_NOT_OK_RETURN(status);
+		return pvfs_copy_file(pvfs, name1, name2, name1->allow_override && name2->allow_override);
+
+	case RENAME_FLAG_MOVE_CLUSTER_INFORMATION:
+		DEBUG(3,(__location__ ": Invalid rename cluster for %s\n",
+			 name1->original_name));
+		return NT_STATUS_INVALID_PARAMETER;
+
+	default:
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	
+	return NT_STATUS_OK;
+}
+
+/*
+  rename a set of files - ntrename interface
+*/
+NTSTATUS pvfs_rename(struct ntvfs_module_context *ntvfs,
+		     struct ntvfs_request *req, union smb_rename *ren)
+{
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	struct pvfs_file *f;
+
+	switch (ren->generic.level) {
+	case RAW_RENAME_RENAME:
+		return pvfs_rename_mv(ntvfs, req, ren);
+
+	case RAW_RENAME_NTRENAME:
+		return pvfs_rename_nt(ntvfs, req, ren);
+
+	case RAW_RENAME_NTTRANS:
+		f = pvfs_find_fd(pvfs, req, ren->nttrans.in.file.ntvfs);
+		if (!f) {
+			return NT_STATUS_INVALID_HANDLE;
+		}
+
+		/* wk23 ignores the request */
+		return NT_STATUS_OK;
+
+	default:
+		break;
+	}
+
+	return NT_STATUS_INVALID_LEVEL;
+}
+
diff --git a/source4/ntvfs/posix/pvfs_resolve.c b/source4/ntvfs/posix/pvfs_resolve.c
new file mode 100644
index 0000000..fbd8c7d
--- /dev/null
+++ b/source4/ntvfs/posix/pvfs_resolve.c
@@ -0,0 +1,826 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   POSIX NTVFS backend - filename resolution
+
+   Copyright (C) Andrew Tridgell 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+  this is the core code for converting a filename from the format as
+  given by a client to a posix filename, including any case-matching
+  required, and checks for legal characters
+*/
+
+
+#include "includes.h"
+#include "vfs_posix.h"
+#include "system/dir.h"
+#include "param/param.h"
+
+/**
+  compare two filename components. This is where the name mangling hook will go
+*/
+static int component_compare(struct pvfs_state *pvfs, const char *comp, const char *name)
+{
+	int ret;
+
+	ret = strcasecmp_m(comp, name);
+
+	if (ret != 0) {
+		char *shortname = pvfs_short_name_component(pvfs, name);
+		if (shortname) {
+			ret = strcasecmp_m(comp, shortname);
+			talloc_free(shortname);
+		}
+	}
+
+	return ret;
+}
+
+/*
+  search for a filename in a case insensitive fashion
+
+  TODO: add a cache for previously resolved case-insensitive names
+  TODO: add mangled name support
+*/
+static NTSTATUS pvfs_case_search(struct pvfs_state *pvfs,
+				 struct pvfs_filename *name,
+				 unsigned int flags)
+{
+	/* break into a series of components */
+	size_t num_components;
+	char **components;
+	char *p, *partial_name;
+	size_t i;
+
+	/* break up the full name into pathname components */
+	num_components=2;
+	p = name->full_name + strlen(pvfs->base_directory) + 1;
+
+	for (;*p;p++) {
+		if (*p == '/') {
+			num_components++;
+		}
+	}
+
+	components = talloc_array(name, char *, num_components);
+	p = name->full_name + strlen(pvfs->base_directory);
+	*p++ = 0;
+
+	components[0] = name->full_name;
+
+	for (i=1;i<num_components;i++) {
+		components[i] = p;
+		p = strchr(p, '/');
+		if (p) *p++ = 0;
+		if (pvfs_is_reserved_name(pvfs, components[i])) {
+			return NT_STATUS_ACCESS_DENIED;
+		}
+	}
+
+	partial_name = talloc_strdup(name, components[0]);
+	if (!partial_name) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* for each component, check if it exists as-is, and if not then
+	   do a directory scan */
+	for (i=1;i<num_components;i++) {
+		char *test_name;
+		DIR *dir;
+		struct dirent *de;
+		char *long_component;
+
+		/* possibly remap from the short name cache */
+		long_component = pvfs_mangled_lookup(pvfs, name, components[i]);
+		if (long_component) {
+			components[i] = long_component;
+		}
+
+		test_name = talloc_asprintf(name, "%s/%s", partial_name, components[i]);
+		if (!test_name) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		/* check if this component exists as-is */
+		if (stat(test_name, &name->st) == 0) {
+			if (i<num_components-1 && !S_ISDIR(name->st.st_mode)) {
+				return NT_STATUS_OBJECT_PATH_NOT_FOUND;
+			}
+			talloc_free(partial_name);
+			partial_name = test_name;
+			if (i == num_components - 1) {
+				name->exists = true;
+			}
+			continue;
+		}
+
+		/* the filesystem might be case insensitive, in which
+		   case a search is pointless unless the name is
+		   mangled */
+		if ((pvfs->flags & PVFS_FLAG_CI_FILESYSTEM) &&
+		    !pvfs_is_mangled_component(pvfs, components[i])) {
+			if (i < num_components-1) {
+				return NT_STATUS_OBJECT_PATH_NOT_FOUND;
+			}
+			partial_name = test_name;
+			continue;
+		}
+		
+		dir = opendir(partial_name);
+		if (!dir) {
+			return pvfs_map_errno(pvfs, errno);
+		}
+
+		while ((de = readdir(dir))) {
+			if (component_compare(pvfs, components[i], de->d_name) == 0) {
+				break;
+			}
+		}
+
+		if (!de) {
+			if (i < num_components-1) {
+				closedir(dir);
+				return NT_STATUS_OBJECT_PATH_NOT_FOUND;
+			}
+		} else {
+			components[i] = talloc_strdup(name, de->d_name);
+		}
+		test_name = talloc_asprintf(name, "%s/%s", partial_name, components[i]);
+		talloc_free(partial_name);
+		partial_name = test_name;
+
+		closedir(dir);
+	}
+
+	if (!name->exists) {
+		if (stat(partial_name, &name->st) == 0) {
+			name->exists = true;
+		}
+	}
+
+	talloc_free(name->full_name);
+	name->full_name = partial_name;
+
+	if (name->exists) {
+		return pvfs_fill_dos_info(pvfs, name, flags, -1);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  parse a alternate data stream name
+*/
+static NTSTATUS parse_stream_name(struct pvfs_filename *name,
+				  const char *s)
+{
+	char *p, *stream_name;
+	if (s[1] == '\0') {
+		return NT_STATUS_OBJECT_NAME_INVALID;
+	}
+	name->stream_name = stream_name = talloc_strdup(name, s+1);
+	if (name->stream_name == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	p = stream_name;
+
+	while (*p) {
+		size_t c_size;
+		codepoint_t c = next_codepoint(p, &c_size);
+
+		switch (c) {
+		case '/':
+		case '\\':
+			return NT_STATUS_OBJECT_NAME_INVALID;
+		case ':':
+			*p= 0;
+			p++;
+			if (*p == '\0') {
+				return NT_STATUS_OBJECT_NAME_INVALID;
+			}
+			if (strcasecmp_m(p, "$DATA") != 0) {
+				if (strchr_m(p, ':')) {
+					return NT_STATUS_OBJECT_NAME_INVALID;
+				}
+				return NT_STATUS_INVALID_PARAMETER;
+			}
+			c_size = 0;
+			p--;
+			break;
+		}
+
+		p += c_size;
+	}
+
+	if (strcmp(name->stream_name, "") == 0) {
+		/*
+		 * we don't set stream_name to NULL, here
+		 * as this would be wrong for directories
+		 *
+		 * pvfs_fill_dos_info() will set it to NULL
+		 * if it's not a directory.
+		 */
+		name->stream_id = 0;
+	} else {
+		name->stream_id = pvfs_name_hash(name->stream_name, 
+						 strlen(name->stream_name));
+	}
+						 
+	return NT_STATUS_OK;	
+}
+
+
+/*
+  convert a CIFS pathname to a unix pathname. Note that this does NOT
+  take into account case insensitivity, and in fact does not access
+  the filesystem at all. It is merely a reformatting and charset
+  checking routine.
+
+  errors are returned if the filename is illegal given the flags
+*/
+static NTSTATUS pvfs_unix_path(struct pvfs_state *pvfs, const char *cifs_name,
+			       unsigned int flags, struct pvfs_filename *name)
+{
+	char *ret, *p, *p_start;
+	NTSTATUS status;
+
+	name->original_name = talloc_strdup(name, cifs_name);
+
+	/* remove any :$DATA */
+	p = strrchr(name->original_name, ':');
+	if (p && strcasecmp_m(p, ":$DATA") == 0) {
+		if (p > name->original_name && p[-1] == ':') {
+			p--;
+		}
+		*p = 0;
+	}
+
+	name->stream_name = NULL;
+	name->stream_id = 0;
+	name->has_wildcard = false;
+
+	while (*cifs_name == '\\') {
+		cifs_name++;
+	}
+
+	if (*cifs_name == 0) {
+		name->full_name = talloc_asprintf(name, "%s/.", pvfs->base_directory);
+		if (name->full_name == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		return NT_STATUS_OK;
+	}
+
+	ret = talloc_asprintf(name, "%s/%s", pvfs->base_directory, cifs_name);
+	if (ret == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	p = ret + strlen(pvfs->base_directory) + 1;
+
+	/* now do an in-place conversion of '\' to '/', checking
+	   for legal characters */
+	p_start = p;
+
+	while (*p) {
+		size_t c_size;
+		codepoint_t c = next_codepoint(p, &c_size);
+
+		if (c <= 0x1F) {
+			return NT_STATUS_OBJECT_NAME_INVALID;
+		}
+
+		switch (c) {
+		case '\\':
+			if (name->has_wildcard) {
+				/* wildcards are only allowed in the last part
+				   of a name */
+				return NT_STATUS_OBJECT_NAME_INVALID;
+			}
+			if (p > p_start && (p[1] == '\\' || p[1] == '\0')) {
+				/* see if it is definitely a "\\" or
+				 * a trailing "\". If it is then fail here,
+				 * and let the next layer up try again after
+				 * pvfs_reduce_name() if it wants to. This is
+				 * much more efficient on average than always
+				 * scanning for these separately
+				 */
+				return NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
+			} else {
+				*p = '/';
+			}
+			break;
+		case ':':
+			if (!(flags & PVFS_RESOLVE_STREAMS)) {
+				return NT_STATUS_OBJECT_NAME_INVALID;
+			}
+			if (name->has_wildcard) {
+				return NT_STATUS_OBJECT_NAME_INVALID;
+			}
+			status = parse_stream_name(name, p);
+			if (!NT_STATUS_IS_OK(status)) {
+				return status;
+			}
+			*p-- = 0;
+			break;
+		case '*':
+		case '>':
+		case '<':
+		case '?':
+		case '"':
+			if (!(flags & PVFS_RESOLVE_WILDCARD)) {
+				return NT_STATUS_OBJECT_NAME_INVALID;
+			}
+			name->has_wildcard = true;
+			break;
+		case '/':
+		case '|':
+			return NT_STATUS_OBJECT_NAME_INVALID;
+		case '.':
+			/* see if it is definitely a .. or
+			   . component. If it is then fail here, and
+			   let the next layer up try again after
+			   pvfs_reduce_name() if it wants to. This is
+			   much more efficient on average than always
+			   scanning for these separately */
+			if (p[1] == '.' && 
+			    (p[2] == 0 || p[2] == '\\') &&
+			    (p == p_start || p[-1] == '/')) {
+				return NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
+			}
+			if ((p[1] == 0 || p[1] == '\\') &&
+			    (p == p_start || p[-1] == '/')) {
+				return NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
+			}
+			break;
+		}
+
+		p += c_size;
+	}
+
+	name->full_name = ret;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  reduce a name that contains .. components or repeated \ separators
+  return NULL if it can't be reduced
+*/
+static NTSTATUS pvfs_reduce_name(TALLOC_CTX *mem_ctx, 
+				 const char **fname, unsigned int flags)
+{
+	codepoint_t c;
+	size_t c_size, len;
+	size_t i, num_components, err_count;
+	char **components;
+	char *p, *s, *ret;
+
+	s = talloc_strdup(mem_ctx, *fname);
+	if (s == NULL) return NT_STATUS_NO_MEMORY;
+
+	for (num_components=1, p=s; *p; p += c_size) {
+		c = next_codepoint(p, &c_size);
+		if (c == '\\') num_components++;
+	}
+
+	components = talloc_array(s, char *, num_components+1);
+	if (components == NULL) {
+		talloc_free(s);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	components[0] = s;
+	for (i=0, p=s; *p; p += c_size) {
+		c = next_codepoint(p, &c_size);
+		if (c == '\\') {
+			*p = 0;
+			components[++i] = p+1;
+		}
+	}
+	components[i+1] = NULL;
+
+	/*
+	  rather bizarre!
+
+	  '.' components are not allowed, but the rules for what error
+	  code to give don't seem to make sense. This is a close
+	  approximation.
+	*/
+	for (err_count=i=0;components[i];i++) {
+		if (strcmp(components[i], "") == 0) {
+			continue;
+		}
+		if (ISDOT(components[i]) || err_count) {
+			err_count++;
+		}
+	}
+	if (err_count > 0) {
+		if (flags & PVFS_RESOLVE_WILDCARD) err_count--;
+
+		if (err_count==1) {
+			return NT_STATUS_OBJECT_NAME_INVALID;
+		} else {
+			return NT_STATUS_OBJECT_PATH_NOT_FOUND;
+		}
+	}
+
+	/* remove any null components */
+	for (i=0;components[i];i++) {
+		if (strcmp(components[i], "") == 0) {
+			memmove(&components[i], &components[i+1], 
+				sizeof(char *)*(num_components-i));
+			i--;
+			continue;
+		}
+		if (ISDOTDOT(components[i])) {
+			if (i < 1) return NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
+			memmove(&components[i-1], &components[i+1], 
+				sizeof(char *)*(num_components-i));
+			i -= 2;
+			continue;
+		}
+	}
+
+	if (components[0] == NULL) {
+		talloc_free(s);
+		*fname = talloc_strdup(mem_ctx, "\\");
+		return NT_STATUS_OK;
+	}
+
+	for (len=i=0;components[i];i++) {
+		len += strlen(components[i]) + 1;
+	}
+
+	/* rebuild the name */
+	ret = talloc_array(mem_ctx, char, len+1);
+	if (ret == NULL) {
+		talloc_free(s);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (len=0,i=0;components[i];i++) {
+		size_t len1 = strlen(components[i]);
+		ret[len] = '\\';
+		memcpy(ret+len+1, components[i], len1);
+		len += len1 + 1;
+	}	
+	ret[len] = 0;
+
+	talloc_set_name_const(ret, ret);
+
+	talloc_free(s);
+
+	*fname = ret;
+	
+	return NT_STATUS_OK;
+}
+
+
+/*
+  resolve a name from relative client format to a struct pvfs_filename
+  the memory for the filename is made as a talloc child of 'name'
+
+  flags include:
+     PVFS_RESOLVE_NO_WILDCARD = wildcards are considered illegal characters
+     PVFS_RESOLVE_STREAMS     = stream names are allowed
+
+     TODO: ../ collapsing, and outside share checking
+*/
+NTSTATUS pvfs_resolve_name(struct pvfs_state *pvfs, 
+			   struct ntvfs_request *req,
+			   const char *cifs_name,
+			   unsigned int flags, struct pvfs_filename **name)
+{
+	NTSTATUS status;
+
+	*name = talloc(req, struct pvfs_filename);
+	if (*name == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	(*name)->exists = false;
+	(*name)->stream_exists = false;
+	(*name)->allow_override = false;
+
+	if (!(pvfs->fs_attribs & FS_ATTR_NAMED_STREAMS)) {
+		flags &= ~PVFS_RESOLVE_STREAMS;
+	}
+
+	/* SMB2 doesn't allow a leading slash */
+	if (req->ctx->protocol >= PROTOCOL_SMB2_02 &&
+	    *cifs_name == '\\') {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/* do the basic conversion to a unix formatted path,
+	   also checking for allowable characters */
+	status = pvfs_unix_path(pvfs, cifs_name, flags, *name);
+
+	if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_PATH_SYNTAX_BAD)) {
+		/* it might contain .. components which need to be reduced */
+		status = pvfs_reduce_name(*name, &cifs_name, flags);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+		status = pvfs_unix_path(pvfs, cifs_name, flags, *name);
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	/* if it has a wildcard then no point doing a stat() of the
+	   full name. Instead We need check if the directory exists 
+	 */
+	if ((*name)->has_wildcard) {
+		const char *p;
+		char *dir_name, *saved_name;
+		p = strrchr((*name)->full_name, '/');
+		if (p == NULL) {
+			/* root directory wildcard is OK */
+			return NT_STATUS_OK;
+		}
+		dir_name = talloc_strndup(*name, (*name)->full_name, (p-(*name)->full_name));
+		if (stat(dir_name, &(*name)->st) == 0) {
+			talloc_free(dir_name);
+			return NT_STATUS_OK;
+		}
+		/* we need to search for a matching name */
+		saved_name = (*name)->full_name;
+		(*name)->full_name = dir_name;
+		status = pvfs_case_search(pvfs, *name, flags);
+		if (!NT_STATUS_IS_OK(status)) {
+			/* the directory doesn't exist */
+			(*name)->full_name = saved_name;
+			return status;
+		}
+		/* it does exist, but might need a case change */
+		if (dir_name != (*name)->full_name) {
+			(*name)->full_name = talloc_asprintf(*name, "%s%s",
+							     (*name)->full_name, p);
+			NT_STATUS_HAVE_NO_MEMORY((*name)->full_name);
+		} else {
+			(*name)->full_name = saved_name;
+			talloc_free(dir_name);
+		}
+		return NT_STATUS_OK;
+	}
+
+	/* if we can stat() the full name now then we are done */
+	if (stat((*name)->full_name, &(*name)->st) == 0) {
+		(*name)->exists = true;
+		return pvfs_fill_dos_info(pvfs, *name, flags, -1);
+	}
+
+	/* search for a matching filename */
+	status = pvfs_case_search(pvfs, *name, flags);
+
+	return status;
+}
+
+
+/*
+  do a partial resolve, returning a pvfs_filename structure given a
+  base path and a relative component. It is an error if the file does
+  not exist. No case-insensitive matching is done.
+
+  this is used in places like directory searching where we need a pvfs_filename
+  to pass to a function, but already know the unix base directory and component
+*/
+NTSTATUS pvfs_resolve_partial(struct pvfs_state *pvfs, TALLOC_CTX *mem_ctx,
+			      const char *unix_dir, const char *fname,
+			      unsigned int flags, struct pvfs_filename **name)
+{
+	NTSTATUS status;
+
+	*name = talloc(mem_ctx, struct pvfs_filename);
+	if (*name == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	(*name)->full_name = talloc_asprintf(*name, "%s/%s", unix_dir, fname);
+	if ((*name)->full_name == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (stat((*name)->full_name, &(*name)->st) == -1) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	(*name)->exists = true;
+	(*name)->stream_exists = true;
+	(*name)->has_wildcard = false;
+	(*name)->original_name = talloc_strdup(*name, fname);
+	(*name)->stream_name = NULL;
+	(*name)->stream_id = 0;
+	(*name)->allow_override = false;
+
+	status = pvfs_fill_dos_info(pvfs, *name, flags, -1);
+
+	return status;
+}
+
+
+/*
+  fill in the pvfs_filename info for an open file, given the current
+  info for a (possibly) non-open file. This is used by places that need
+  to update the pvfs_filename stat information, and by pvfs_open()
+*/
+NTSTATUS pvfs_resolve_name_fd(struct pvfs_state *pvfs, int fd,
+			      struct pvfs_filename *name, unsigned int flags)
+{
+	dev_t device = (dev_t)0;
+	ino_t inode = 0;
+
+	if (name->exists) {
+		device = name->st.st_dev;
+		inode = name->st.st_ino;
+	}
+
+	if (fd == -1) {
+		if (stat(name->full_name, &name->st) == -1) {
+			return NT_STATUS_INVALID_HANDLE;
+		}
+	} else {
+		if (fstat(fd, &name->st) == -1) {
+			return NT_STATUS_INVALID_HANDLE;
+		}
+	}
+
+	if (name->exists &&
+	    (device != name->st.st_dev || inode != name->st.st_ino)) {
+		/* the file we are looking at has changed! this could
+		 be someone trying to exploit a race
+		 condition. Certainly we don't want to continue
+		 operating on this file */
+		DEBUG(0,("pvfs: WARNING: file '%s' changed during resolve - failing\n",
+			 name->full_name));
+		return NT_STATUS_UNEXPECTED_IO_ERROR;
+	}
+
+	name->exists = true;
+	
+	return pvfs_fill_dos_info(pvfs, name, flags, fd);
+}
+
+/*
+  fill in the pvfs_filename info for an open file, given the current
+  info for a (possibly) non-open file. This is used by places that need
+  to update the pvfs_filename stat information, and the path
+  after a possible rename on a different handle.
+*/
+NTSTATUS pvfs_resolve_name_handle(struct pvfs_state *pvfs,
+				  struct pvfs_file_handle *h)
+{
+	NTSTATUS status;
+
+	if (h->have_opendb_entry) {
+		struct odb_lock *lck;
+		const char *name = NULL;
+
+		lck = odb_lock(h, h->pvfs->odb_context, &h->odb_locking_key);
+		if (lck == NULL) {
+			DEBUG(0,("%s: failed to lock file '%s' in opendb\n",
+				 __FUNCTION__, h->name->full_name));
+			/* we were supposed to do a blocking lock, so something
+			   is badly wrong! */
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+
+		status = odb_get_path(lck, &name);
+		if (NT_STATUS_IS_OK(status)) {
+			/*
+			 * This relies on the fact that
+			 * renames of open files are only
+			 * allowed by setpathinfo() and setfileinfo()
+			 * and there're only renames within the same
+			 * directory supported
+			 */
+			if (strcmp(h->name->full_name, name) != 0) {
+				const char *orig_dir;
+				const char *new_file;
+				char *new_orig;
+				char *delim;
+				char *full_name = discard_const_p(char, name);
+
+				delim = strrchr(name, '/');
+				if (!delim) {
+					talloc_free(lck);
+					return NT_STATUS_INTERNAL_ERROR;
+				}
+
+				new_file = delim + 1;
+				delim = strrchr(h->name->original_name, '\\');
+				if (delim) {
+					delim[0] = '\0';
+					orig_dir = h->name->original_name;
+					new_orig = talloc_asprintf(h->name, "%s\\%s",
+								   orig_dir, new_file);
+					if (!new_orig) {
+						talloc_free(lck);
+						return NT_STATUS_NO_MEMORY;
+					}
+				} else {
+					new_orig = talloc_strdup(h->name, new_file);
+					if (!new_orig) {
+						talloc_free(lck);
+						return NT_STATUS_NO_MEMORY;
+					}
+				}
+
+				talloc_free(h->name->original_name);
+				talloc_free(h->name->full_name);
+				h->name->full_name = talloc_steal(h->name, full_name);
+				h->name->original_name = new_orig;
+			}
+		}
+
+		talloc_free(lck);
+	}
+
+	/*
+	 * TODO: pass PVFS_RESOLVE_NO_OPENDB and get
+	 *       the write time from odb_lock() above.
+	 */
+	status = pvfs_resolve_name_fd(pvfs, h->fd, h->name, 0);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	if (!null_nttime(h->write_time.close_time)) {
+		h->name->dos.write_time = h->write_time.close_time;
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  resolve the parent of a given name
+*/
+NTSTATUS pvfs_resolve_parent(struct pvfs_state *pvfs, TALLOC_CTX *mem_ctx,
+			     const struct pvfs_filename *child,
+			     struct pvfs_filename **name)
+{
+	NTSTATUS status;
+	char *p;
+
+	*name = talloc(mem_ctx, struct pvfs_filename);
+	if (*name == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	(*name)->full_name = talloc_strdup(*name, child->full_name);
+	if ((*name)->full_name == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	p = strrchr_m((*name)->full_name, '/');
+	if (p == NULL) {
+		return NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
+	}
+
+	/* this handles the root directory */
+	if (p == (*name)->full_name) {
+		p[1] = 0;
+	} else {
+		p[0] = 0;
+	}
+
+	if (stat((*name)->full_name, &(*name)->st) == -1) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	(*name)->exists = true;
+	(*name)->stream_exists = true;
+	(*name)->has_wildcard = false;
+	/* we can't get the correct 'original_name', but for the purposes
+	   of this call this is close enough */
+	(*name)->original_name = talloc_strdup(*name, child->original_name);
+	if ((*name)->original_name == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	(*name)->stream_name = NULL;
+	(*name)->stream_id = 0;
+	(*name)->allow_override = false;
+
+	status = pvfs_fill_dos_info(pvfs, *name, PVFS_RESOLVE_NO_OPENDB, -1);
+
+	return status;
+}
diff --git a/source4/ntvfs/posix/pvfs_search.c b/source4/ntvfs/posix/pvfs_search.c
new file mode 100644
index 0000000..f352a6a
--- /dev/null
+++ b/source4/ntvfs/posix/pvfs_search.c
@@ -0,0 +1,865 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   POSIX NTVFS backend - directory search functions
+
+   Copyright (C) Andrew Tridgell 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "vfs_posix.h"
+#include "system/time.h"
+#include "librpc/gen_ndr/security.h"
+#include "samba/service_stream.h"
+#include "lib/events/events.h"
+#include "../lib/util/dlinklist.h"
+#include "lib/util/idtree.h"
+
+/* place a reasonable limit on old-style searches as clients tend to
+   not send search close requests */
+#define MAX_OLD_SEARCHES 2000
+#define MAX_SEARCH_HANDLES (UINT16_MAX - 1)
+#define INVALID_SEARCH_HANDLE UINT16_MAX
+
+/*
+  destroy an open search
+*/
+static int pvfs_search_destructor(struct pvfs_search_state *search)
+{
+	DLIST_REMOVE(search->pvfs->search.list, search);
+	idr_remove(search->pvfs->search.idtree, search->handle);
+	return 0;
+}
+
+/*
+  called when a search timer goes off
+*/
+static void pvfs_search_timer(struct tevent_context *ev, struct tevent_timer *te, 
+				      struct timeval t, void *ptr)
+{
+	struct pvfs_search_state *search = talloc_get_type(ptr, struct pvfs_search_state);
+	talloc_free(search);
+}
+
+/*
+  setup a timer to destroy a open search after a inactivity period
+*/
+static void pvfs_search_setup_timer(struct pvfs_search_state *search)
+{
+	struct tevent_context *ev = search->pvfs->ntvfs->ctx->event_ctx;
+	if (search->handle == INVALID_SEARCH_HANDLE) return;
+	talloc_free(search->te);
+	search->te = tevent_add_timer(ev, search,
+				     timeval_current_ofs(search->pvfs->search.inactivity_time, 0), 
+				     pvfs_search_timer, search);
+}
+
+/*
+  fill in a single search result for a given info level
+*/
+static NTSTATUS fill_search_info(struct pvfs_state *pvfs,
+				 enum smb_search_data_level level,
+				 const char *unix_path,
+				 const char *fname, 
+				 struct pvfs_search_state *search,
+				 off_t dir_offset,
+				 union smb_search_data *file)
+{
+	struct pvfs_filename *name;
+	NTSTATUS status;
+	const char *shortname;
+	uint32_t dir_index = (uint32_t)dir_offset; /* truncated - see the code 
+						      in pvfs_list_seek_ofs() for 
+						      how we cope with this */
+
+	status = pvfs_resolve_partial(pvfs, file, unix_path, fname, 0, &name);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	status = pvfs_match_attrib(pvfs, name, search->search_attrib, search->must_attrib);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	switch (level) {
+	case RAW_SEARCH_DATA_SEARCH:
+		shortname = pvfs_short_name(pvfs, name, name);
+		file->search.attrib           = name->dos.attrib;
+		file->search.write_time       = nt_time_to_unix(name->dos.write_time);
+		file->search.size             = name->st.st_size;
+		file->search.name             = shortname;
+		file->search.id.reserved      = search->handle >> 8;
+		memset(file->search.id.name, ' ', sizeof(file->search.id.name));
+		memcpy(file->search.id.name, shortname, 
+		       MIN(strlen(shortname)+1, sizeof(file->search.id.name)));
+		file->search.id.handle        = search->handle & 0xFF;
+		file->search.id.server_cookie = dir_index;
+		file->search.id.client_cookie = 0;
+		return NT_STATUS_OK;
+
+	case RAW_SEARCH_DATA_STANDARD:
+		file->standard.resume_key   = dir_index;
+		file->standard.create_time  = nt_time_to_unix(name->dos.create_time);
+		file->standard.access_time  = nt_time_to_unix(name->dos.access_time);
+		file->standard.write_time   = nt_time_to_unix(name->dos.write_time);
+		file->standard.size         = name->st.st_size;
+		file->standard.alloc_size   = name->dos.alloc_size;
+		file->standard.attrib       = name->dos.attrib;
+		file->standard.name.s       = fname;
+		return NT_STATUS_OK;
+
+	case RAW_SEARCH_DATA_EA_SIZE:
+		file->ea_size.resume_key   = dir_index;
+		file->ea_size.create_time  = nt_time_to_unix(name->dos.create_time);
+		file->ea_size.access_time  = nt_time_to_unix(name->dos.access_time);
+		file->ea_size.write_time   = nt_time_to_unix(name->dos.write_time);
+		file->ea_size.size         = name->st.st_size;
+		file->ea_size.alloc_size   = name->dos.alloc_size;
+		file->ea_size.attrib       = name->dos.attrib;
+		file->ea_size.ea_size      = name->dos.ea_size;
+		file->ea_size.name.s       = fname;
+		return NT_STATUS_OK;
+
+	case RAW_SEARCH_DATA_EA_LIST:
+		file->ea_list.resume_key   = dir_index;
+		file->ea_list.create_time  = nt_time_to_unix(name->dos.create_time);
+		file->ea_list.access_time  = nt_time_to_unix(name->dos.access_time);
+		file->ea_list.write_time   = nt_time_to_unix(name->dos.write_time);
+		file->ea_list.size         = name->st.st_size;
+		file->ea_list.alloc_size   = name->dos.alloc_size;
+		file->ea_list.attrib       = name->dos.attrib;
+		file->ea_list.name.s       = fname;
+		return pvfs_query_ea_list(pvfs, file, name, -1, 
+					  search->num_ea_names,
+					  search->ea_names,
+					  &file->ea_list.eas);
+
+	case RAW_SEARCH_DATA_DIRECTORY_INFO:
+		file->directory_info.file_index   = dir_index;
+		file->directory_info.create_time  = name->dos.create_time;
+		file->directory_info.access_time  = name->dos.access_time;
+		file->directory_info.write_time   = name->dos.write_time;
+		file->directory_info.change_time  = name->dos.change_time;
+		file->directory_info.size         = name->st.st_size;
+		file->directory_info.alloc_size   = name->dos.alloc_size;
+		file->directory_info.attrib       = name->dos.attrib;
+		file->directory_info.name.s       = fname;
+		return NT_STATUS_OK;
+
+	case RAW_SEARCH_DATA_FULL_DIRECTORY_INFO:
+		file->full_directory_info.file_index   = dir_index;
+		file->full_directory_info.create_time  = name->dos.create_time;
+		file->full_directory_info.access_time  = name->dos.access_time;
+		file->full_directory_info.write_time   = name->dos.write_time;
+		file->full_directory_info.change_time  = name->dos.change_time;
+		file->full_directory_info.size         = name->st.st_size;
+		file->full_directory_info.alloc_size   = name->dos.alloc_size;
+		file->full_directory_info.attrib       = name->dos.attrib;
+		file->full_directory_info.ea_size      = name->dos.ea_size;
+		file->full_directory_info.name.s       = fname;
+		return NT_STATUS_OK;
+
+	case RAW_SEARCH_DATA_NAME_INFO:
+		file->name_info.file_index   = dir_index;
+		file->name_info.name.s       = fname;
+		return NT_STATUS_OK;
+
+	case RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO:
+		file->both_directory_info.file_index   = dir_index;
+		file->both_directory_info.create_time  = name->dos.create_time;
+		file->both_directory_info.access_time  = name->dos.access_time;
+		file->both_directory_info.write_time   = name->dos.write_time;
+		file->both_directory_info.change_time  = name->dos.change_time;
+		file->both_directory_info.size         = name->st.st_size;
+		file->both_directory_info.alloc_size   = name->dos.alloc_size;
+		file->both_directory_info.attrib       = name->dos.attrib;
+		file->both_directory_info.ea_size      = name->dos.ea_size;
+		file->both_directory_info.short_name.s = pvfs_short_name(pvfs, file, name);
+		file->both_directory_info.name.s       = fname;
+		return NT_STATUS_OK;
+
+	case RAW_SEARCH_DATA_ID_FULL_DIRECTORY_INFO:
+		file->id_full_directory_info.file_index   = dir_index;
+		file->id_full_directory_info.create_time  = name->dos.create_time;
+		file->id_full_directory_info.access_time  = name->dos.access_time;
+		file->id_full_directory_info.write_time   = name->dos.write_time;
+		file->id_full_directory_info.change_time  = name->dos.change_time;
+		file->id_full_directory_info.size         = name->st.st_size;
+		file->id_full_directory_info.alloc_size   = name->dos.alloc_size;
+		file->id_full_directory_info.attrib       = name->dos.attrib;
+		file->id_full_directory_info.ea_size      = name->dos.ea_size;
+		file->id_full_directory_info.file_id      = name->dos.file_id;
+		file->id_full_directory_info.name.s       = fname;
+		return NT_STATUS_OK;
+
+	case RAW_SEARCH_DATA_ID_BOTH_DIRECTORY_INFO:
+		file->id_both_directory_info.file_index   = dir_index;
+		file->id_both_directory_info.create_time  = name->dos.create_time;
+		file->id_both_directory_info.access_time  = name->dos.access_time;
+		file->id_both_directory_info.write_time   = name->dos.write_time;
+		file->id_both_directory_info.change_time  = name->dos.change_time;
+		file->id_both_directory_info.size         = name->st.st_size;
+		file->id_both_directory_info.alloc_size   = name->dos.alloc_size;
+		file->id_both_directory_info.attrib       = name->dos.attrib;
+		file->id_both_directory_info.ea_size      = name->dos.ea_size;
+		file->id_both_directory_info.file_id      = name->dos.file_id;
+		file->id_both_directory_info.short_name.s = pvfs_short_name(pvfs, file, name);
+		file->id_both_directory_info.name.s       = fname;
+		return NT_STATUS_OK;
+
+	case RAW_SEARCH_DATA_GENERIC:
+	case RAW_SEARCH_DATA_UNIX_INFO:
+	case RAW_SEARCH_DATA_UNIX_INFO2:
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	return NT_STATUS_INVALID_LEVEL;
+}
+
+
+/*
+  the search fill loop
+*/
+static NTSTATUS pvfs_search_fill(struct pvfs_state *pvfs, TALLOC_CTX *mem_ctx, 
+				 unsigned int max_count,
+				 struct pvfs_search_state *search,
+				 enum smb_search_data_level level,
+				 unsigned int *reply_count,
+				 void *search_private, 
+				 bool (*callback)(void *, const union smb_search_data *))
+{
+	struct pvfs_dir *dir = search->dir;
+	NTSTATUS status;
+
+	*reply_count = 0;
+
+	if (max_count == 0) {
+		max_count = 1;
+	}
+
+	while ((*reply_count) < max_count) {
+		union smb_search_data *file;
+		const char *name;
+		off_t ofs = search->current_index;
+
+		name = pvfs_list_next(dir, &search->current_index);
+		if (name == NULL) break;
+
+		file = talloc(mem_ctx, union smb_search_data);
+		if (!file) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		status = fill_search_info(pvfs, level, 
+					  pvfs_list_unix_path(dir), name, 
+					  search, search->current_index, file);
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(file);
+			continue;
+		}
+
+		if (!callback(search_private, file)) {
+			talloc_free(file);
+			search->current_index = ofs;
+			break;
+		}
+
+		(*reply_count)++;
+		talloc_free(file);
+	}
+
+	pvfs_search_setup_timer(search);
+
+	return NT_STATUS_OK;
+}
+
+/*
+  we've run out of search handles - cleanup those that the client forgot
+  to close
+*/
+static void pvfs_search_cleanup(struct pvfs_state *pvfs)
+{
+	int i;
+	time_t t = time_mono(NULL);
+
+	for (i=0;i<MAX_OLD_SEARCHES;i++) {
+		struct pvfs_search_state *search;
+		void *p = idr_find(pvfs->search.idtree, i);
+
+		if (p == NULL) return;
+
+		search = talloc_get_type(p, struct pvfs_search_state);
+		if (pvfs_list_eos(search->dir, search->current_index) &&
+		    search->last_used != 0 &&
+		    t > search->last_used + 30) {
+			/* its almost certainly been forgotten
+			 about */
+			talloc_free(search);
+		}
+	}
+}
+
+
+/* 
+   list files in a directory matching a wildcard pattern - old SMBsearch interface
+*/
+static NTSTATUS pvfs_search_first_old(struct ntvfs_module_context *ntvfs,
+				      struct ntvfs_request *req, union smb_search_first *io, 
+				      void *search_private, 
+				      bool (*callback)(void *, const union smb_search_data *))
+{
+	struct pvfs_dir *dir;
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	struct pvfs_search_state *search;
+	unsigned int reply_count;
+	uint16_t search_attrib;
+	const char *pattern;
+	NTSTATUS status;
+	struct pvfs_filename *name;
+	int id;
+
+	search_attrib = io->search_first.in.search_attrib;
+	pattern       = io->search_first.in.pattern;
+
+	/* resolve the cifs name to a posix name */
+	status = pvfs_resolve_name(pvfs, req, pattern, PVFS_RESOLVE_WILDCARD, &name);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (!name->has_wildcard && !name->exists) {
+		return STATUS_NO_MORE_FILES;
+	}
+
+	status = pvfs_access_check_parent(pvfs, req, name, SEC_DIR_TRAVERSE | SEC_DIR_LIST);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	/* we initially make search a child of the request, then if we
+	   need to keep it long term we steal it for the private
+	   structure */
+	search = talloc(req, struct pvfs_search_state);
+	if (!search) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* do the actual directory listing */
+	status = pvfs_list_start(pvfs, name, search, &dir);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	/* we need to give a handle back to the client so it
+	   can continue a search */
+	id = idr_get_new(pvfs->search.idtree, search, MAX_OLD_SEARCHES);
+	if (id == -1) {
+		pvfs_search_cleanup(pvfs);
+		id = idr_get_new(pvfs->search.idtree, search, MAX_OLD_SEARCHES);
+	}
+	if (id == -1) {
+		return NT_STATUS_INSUFFICIENT_RESOURCES;
+	}
+
+	search->pvfs = pvfs;
+	search->handle = id;
+	search->dir = dir;
+	search->current_index = 0;
+	search->search_attrib = search_attrib & 0xFF;
+	search->must_attrib = (search_attrib>>8) & 0xFF;
+	search->last_used = time_mono(NULL);
+	search->te = NULL;
+
+	DLIST_ADD(pvfs->search.list, search);
+
+	talloc_set_destructor(search, pvfs_search_destructor);
+
+	status = pvfs_search_fill(pvfs, req, io->search_first.in.max_count, search, io->generic.data_level,
+				  &reply_count, search_private, callback);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	io->search_first.out.count = reply_count;
+
+	/* not matching any entries is an error */
+	if (reply_count == 0) {
+		return STATUS_NO_MORE_FILES;
+	}
+
+	talloc_steal(pvfs, search);
+
+	return NT_STATUS_OK;
+}
+
+/* continue a old style search */
+static NTSTATUS pvfs_search_next_old(struct ntvfs_module_context *ntvfs,
+				     struct ntvfs_request *req, union smb_search_next *io, 
+				     void *search_private, 
+				     bool (*callback)(void *, const union smb_search_data *))
+{
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	void *p;
+	struct pvfs_search_state *search;
+	struct pvfs_dir *dir;
+	unsigned int reply_count, max_count;
+	uint16_t handle;
+	NTSTATUS status;
+
+	handle    = io->search_next.in.id.handle | (io->search_next.in.id.reserved<<8);
+	max_count = io->search_next.in.max_count;
+
+	p = idr_find(pvfs->search.idtree, handle);
+	if (p == NULL) {
+		/* we didn't find the search handle */
+		return NT_STATUS_INVALID_HANDLE;
+	}
+
+	search = talloc_get_type(p, struct pvfs_search_state);
+
+	dir = search->dir;
+
+	status = pvfs_list_seek_ofs(dir, io->search_next.in.id.server_cookie, 
+				    &search->current_index);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+	search->last_used = time_mono(NULL);
+
+	status = pvfs_search_fill(pvfs, req, max_count, search, io->generic.data_level,
+				  &reply_count, search_private, callback);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	io->search_next.out.count = reply_count;
+
+	/* not matching any entries means end of search */
+	if (reply_count == 0) {
+		talloc_free(search);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/* 
+   list files in a directory matching a wildcard pattern
+*/
+static NTSTATUS pvfs_search_first_trans2(struct ntvfs_module_context *ntvfs,
+					 struct ntvfs_request *req, union smb_search_first *io, 
+					 void *search_private, 
+					 bool (*callback)(void *, const union smb_search_data *))
+{
+	struct pvfs_dir *dir;
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	struct pvfs_search_state *search;
+	unsigned int reply_count;
+	uint16_t search_attrib, max_count;
+	const char *pattern;
+	NTSTATUS status;
+	struct pvfs_filename *name;
+	int id;
+
+	search_attrib = io->t2ffirst.in.search_attrib;
+	pattern       = io->t2ffirst.in.pattern;
+	max_count     = io->t2ffirst.in.max_count;
+
+	/* resolve the cifs name to a posix name */
+	status = pvfs_resolve_name(pvfs, req, pattern, PVFS_RESOLVE_WILDCARD, &name);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (!name->has_wildcard && !name->exists) {
+		return NT_STATUS_NO_SUCH_FILE;
+	}
+
+	status = pvfs_access_check_parent(pvfs, req, name, SEC_DIR_TRAVERSE | SEC_DIR_LIST);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	/* we initially make search a child of the request, then if we
+	   need to keep it long term we steal it for the private
+	   structure */
+	search = talloc(req, struct pvfs_search_state);
+	if (!search) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* do the actual directory listing */
+	status = pvfs_list_start(pvfs, name, search, &dir);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	id = idr_get_new(pvfs->search.idtree, search, MAX_SEARCH_HANDLES);
+	if (id == -1) {
+		return NT_STATUS_INSUFFICIENT_RESOURCES;
+	}
+
+	search->pvfs = pvfs;
+	search->handle = id;
+	search->dir = dir;
+	search->current_index = 0;
+	search->search_attrib = search_attrib;
+	search->must_attrib = 0;
+	search->last_used = 0;
+	search->num_ea_names = io->t2ffirst.in.num_names;
+	search->ea_names = io->t2ffirst.in.ea_names;
+	search->te = NULL;
+
+	DLIST_ADD(pvfs->search.list, search);
+	talloc_set_destructor(search, pvfs_search_destructor);
+
+	status = pvfs_search_fill(pvfs, req, max_count, search, io->generic.data_level,
+				  &reply_count, search_private, callback);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	/* not matching any entries is an error */
+	if (reply_count == 0) {
+		return NT_STATUS_NO_SUCH_FILE;
+	}
+
+	io->t2ffirst.out.count = reply_count;
+	io->t2ffirst.out.handle = search->handle;
+	io->t2ffirst.out.end_of_search = pvfs_list_eos(dir, search->current_index) ? 1 : 0;
+
+	/* work out if we are going to keep the search state
+	   and allow for a search continue */
+	if ((io->t2ffirst.in.flags & FLAG_TRANS2_FIND_CLOSE) ||
+	    ((io->t2ffirst.in.flags & FLAG_TRANS2_FIND_CLOSE_IF_END) && 
+	     io->t2ffirst.out.end_of_search)) {
+		talloc_free(search);
+	} else {
+		talloc_steal(pvfs, search);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/* continue a search */
+static NTSTATUS pvfs_search_next_trans2(struct ntvfs_module_context *ntvfs,
+					struct ntvfs_request *req, union smb_search_next *io, 
+					void *search_private, 
+					bool (*callback)(void *, const union smb_search_data *))
+{
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	void *p;
+	struct pvfs_search_state *search;
+	struct pvfs_dir *dir;
+	unsigned int reply_count;
+	uint16_t handle;
+	NTSTATUS status;
+
+	handle = io->t2fnext.in.handle;
+
+	p = idr_find(pvfs->search.idtree, handle);
+	if (p == NULL) {
+		/* we didn't find the search handle */
+		return NT_STATUS_INVALID_HANDLE;
+	}
+
+	search = talloc_get_type(p, struct pvfs_search_state);
+
+	dir = search->dir;
+	
+	status = NT_STATUS_OK;
+
+	/* work out what type of continuation is being used */
+	if (io->t2fnext.in.last_name && *io->t2fnext.in.last_name) {
+		status = pvfs_list_seek(dir, io->t2fnext.in.last_name, &search->current_index);
+		if (!NT_STATUS_IS_OK(status) && io->t2fnext.in.resume_key) {
+			status = pvfs_list_seek_ofs(dir, io->t2fnext.in.resume_key, 
+						    &search->current_index);
+		}
+	} else if (!(io->t2fnext.in.flags & FLAG_TRANS2_FIND_CONTINUE)) {
+		status = pvfs_list_seek_ofs(dir, io->t2fnext.in.resume_key, 
+					    &search->current_index);
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	search->num_ea_names = io->t2fnext.in.num_names;
+	search->ea_names = io->t2fnext.in.ea_names;
+
+	status = pvfs_search_fill(pvfs, req, io->t2fnext.in.max_count, search, io->generic.data_level,
+				  &reply_count, search_private, callback);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	io->t2fnext.out.count = reply_count;
+	io->t2fnext.out.end_of_search = pvfs_list_eos(dir, search->current_index) ? 1 : 0;
+
+	/* work out if we are going to keep the search state */
+	if ((io->t2fnext.in.flags & FLAG_TRANS2_FIND_CLOSE) ||
+	    ((io->t2fnext.in.flags & FLAG_TRANS2_FIND_CLOSE_IF_END) && 
+	     io->t2fnext.out.end_of_search)) {
+		talloc_free(search);
+	}
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS pvfs_search_first_smb2(struct ntvfs_module_context *ntvfs,
+				       struct ntvfs_request *req, const struct smb2_find *io, 
+				       void *search_private, 
+				       bool (*callback)(void *, const union smb_search_data *))
+{
+	struct pvfs_dir *dir;
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	struct pvfs_search_state *search;
+	unsigned int reply_count;
+	uint16_t max_count;
+	const char *pattern;
+	NTSTATUS status;
+	struct pvfs_filename *name;
+	struct pvfs_file *f;
+
+	f = pvfs_find_fd(pvfs, req, io->in.file.ntvfs);
+	if (!f) {
+		return NT_STATUS_FILE_CLOSED;
+	}
+
+	/* its only valid for directories */
+	if (f->handle->fd != -1) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (!(f->access_mask & SEC_DIR_LIST)) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	if (f->search) {
+		talloc_free(f->search);
+		f->search = NULL;
+	}
+
+	if (strequal(io->in.pattern, "")) {
+		return NT_STATUS_OBJECT_NAME_INVALID;
+	}
+	if (strchr_m(io->in.pattern, '\\')) {
+		return NT_STATUS_OBJECT_NAME_INVALID;
+	}
+	if (strchr_m(io->in.pattern, '/')) {
+		return NT_STATUS_OBJECT_NAME_INVALID;
+	}
+
+	if (strequal("", f->handle->name->original_name)) {
+		pattern = talloc_asprintf(req, "%s", io->in.pattern);
+		NT_STATUS_HAVE_NO_MEMORY(pattern);
+	} else {
+		pattern = talloc_asprintf(req, "%s\\%s",
+					  f->handle->name->original_name,
+					  io->in.pattern);
+		NT_STATUS_HAVE_NO_MEMORY(pattern);
+	}
+
+	/* resolve the cifs name to a posix name */
+	status = pvfs_resolve_name(pvfs, req, pattern, PVFS_RESOLVE_WILDCARD, &name);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	if (!name->has_wildcard && !name->exists) {
+		return NT_STATUS_NO_SUCH_FILE;
+	}
+
+	/* we initially make search a child of the request, then if we
+	   need to keep it long term we steal it for the private
+	   structure */
+	search = talloc(req, struct pvfs_search_state);
+	NT_STATUS_HAVE_NO_MEMORY(search);
+
+	/* do the actual directory listing */
+	status = pvfs_list_start(pvfs, name, search, &dir);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	search->pvfs		= pvfs;
+	search->handle		= INVALID_SEARCH_HANDLE;
+	search->dir		= dir;
+	search->current_index	= 0;
+	search->search_attrib	= 0x0000FFFF;
+	search->must_attrib	= 0;
+	search->last_used	= 0;
+	search->num_ea_names	= 0;
+	search->ea_names	= NULL;
+	search->te		= NULL;
+
+	if (io->in.continue_flags & SMB2_CONTINUE_FLAG_SINGLE) {
+		max_count = 1;
+	} else {
+		max_count = UINT16_MAX;
+	}
+
+	status = pvfs_search_fill(pvfs, req, max_count, search, io->data_level,
+				  &reply_count, search_private, callback);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	/* not matching any entries is an error */
+	if (reply_count == 0) {
+		return NT_STATUS_NO_SUCH_FILE;
+	}
+
+	f->search = talloc_steal(f, search);
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS pvfs_search_next_smb2(struct ntvfs_module_context *ntvfs,
+				      struct ntvfs_request *req, const struct smb2_find *io, 
+				      void *search_private, 
+				      bool (*callback)(void *, const union smb_search_data *))
+{
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	struct pvfs_search_state *search;
+	unsigned int reply_count;
+	uint16_t max_count;
+	NTSTATUS status;
+	struct pvfs_file *f;
+
+	f = pvfs_find_fd(pvfs, req, io->in.file.ntvfs);
+	if (!f) {
+		return NT_STATUS_FILE_CLOSED;
+	}
+
+	/* its only valid for directories */
+	if (f->handle->fd != -1) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/* if there's no search started on the dir handle, it's like a search_first */
+	search = f->search;
+	if (!search) {
+		return pvfs_search_first_smb2(ntvfs, req, io, search_private, callback);
+	}
+
+	if (io->in.continue_flags & SMB2_CONTINUE_FLAG_RESTART) {
+		search->current_index = 0;
+	}
+
+	if (io->in.continue_flags & SMB2_CONTINUE_FLAG_SINGLE) {
+		max_count = 1;
+	} else {
+		max_count = UINT16_MAX;
+	}
+
+	status = pvfs_search_fill(pvfs, req, max_count, search, io->data_level,
+				  &reply_count, search_private, callback);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	/* not matching any entries is an error */
+	if (reply_count == 0) {
+		return STATUS_NO_MORE_FILES;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/* 
+   list files in a directory matching a wildcard pattern
+*/
+NTSTATUS pvfs_search_first(struct ntvfs_module_context *ntvfs,
+			   struct ntvfs_request *req, union smb_search_first *io, 
+			   void *search_private, 
+			   bool (*callback)(void *, const union smb_search_data *))
+{
+	switch (io->generic.level) {
+	case RAW_SEARCH_SEARCH:
+	case RAW_SEARCH_FFIRST:
+	case RAW_SEARCH_FUNIQUE:
+		return pvfs_search_first_old(ntvfs, req, io, search_private, callback);
+
+	case RAW_SEARCH_TRANS2:
+		return pvfs_search_first_trans2(ntvfs, req, io, search_private, callback);
+
+	case RAW_SEARCH_SMB2:
+		return pvfs_search_first_smb2(ntvfs, req, &io->smb2, search_private, callback);
+	}
+
+	return NT_STATUS_INVALID_LEVEL;
+}
+
+/* continue a search */
+NTSTATUS pvfs_search_next(struct ntvfs_module_context *ntvfs,
+			  struct ntvfs_request *req, union smb_search_next *io, 
+			  void *search_private, 
+			  bool (*callback)(void *, const union smb_search_data *))
+{
+	switch (io->generic.level) {
+	case RAW_SEARCH_SEARCH:
+	case RAW_SEARCH_FFIRST:
+		return pvfs_search_next_old(ntvfs, req, io, search_private, callback);
+
+	case RAW_SEARCH_FUNIQUE:
+		return NT_STATUS_INVALID_LEVEL;
+
+	case RAW_SEARCH_TRANS2:
+		return pvfs_search_next_trans2(ntvfs, req, io, search_private, callback);
+
+	case RAW_SEARCH_SMB2:
+		return pvfs_search_next_smb2(ntvfs, req, &io->smb2, search_private, callback);
+	}
+
+	return NT_STATUS_INVALID_LEVEL;
+}
+
+
+/* close a search */
+NTSTATUS pvfs_search_close(struct ntvfs_module_context *ntvfs,
+			   struct ntvfs_request *req, union smb_search_close *io)
+{
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	void *p;
+	struct pvfs_search_state *search;
+	uint16_t handle = INVALID_SEARCH_HANDLE;
+
+	switch (io->generic.level) {
+	case RAW_FINDCLOSE_GENERIC:
+		return NT_STATUS_INVALID_LEVEL;
+
+	case RAW_FINDCLOSE_FCLOSE:
+		handle = io->fclose.in.id.handle;
+		break;
+
+	case RAW_FINDCLOSE_FINDCLOSE:
+		handle = io->findclose.in.handle;
+		break;
+	}
+
+	p = idr_find(pvfs->search.idtree, handle);
+	if (p == NULL) {
+		/* we didn't find the search handle */
+		return NT_STATUS_INVALID_HANDLE;
+	}
+
+	search = talloc_get_type(p, struct pvfs_search_state);
+
+	talloc_free(search);
+
+	return NT_STATUS_OK;
+}
+
diff --git a/source4/ntvfs/posix/pvfs_seek.c b/source4/ntvfs/posix/pvfs_seek.c
new file mode 100644
index 0000000..2cd3410
--- /dev/null
+++ b/source4/ntvfs/posix/pvfs_seek.c
@@ -0,0 +1,65 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   POSIX NTVFS backend - seek
+
+   Copyright (C) Andrew Tridgell 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "vfs_posix.h"
+
+/*
+  seek in a file
+*/
+NTSTATUS pvfs_seek(struct ntvfs_module_context *ntvfs,
+		   struct ntvfs_request *req,
+		   union smb_seek *io)
+{
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	struct pvfs_file *f;
+	struct pvfs_file_handle *h;
+	NTSTATUS status;
+
+	f = pvfs_find_fd(pvfs, req, io->lseek.in.file.ntvfs);
+	if (!f) {
+		return NT_STATUS_INVALID_HANDLE;
+	}
+	h = f->handle;
+
+	status = NT_STATUS_OK;
+
+	switch (io->lseek.in.mode) {
+	case SEEK_MODE_START:
+		h->seek_offset = io->lseek.in.offset;
+		break;
+
+	case SEEK_MODE_CURRENT:
+		h->seek_offset += io->lseek.in.offset;
+		break;
+
+	case SEEK_MODE_END:
+		status = pvfs_resolve_name_fd(pvfs, h->fd, h->name, PVFS_RESOLVE_NO_OPENDB);
+		h->seek_offset = h->name->st.st_size + io->lseek.in.offset;
+		break;
+	}
+
+	io->lseek.out.offset = h->seek_offset;
+
+	return status;
+}
+
diff --git a/source4/ntvfs/posix/pvfs_setfileinfo.c b/source4/ntvfs/posix/pvfs_setfileinfo.c
new file mode 100644
index 0000000..7fd4e35
--- /dev/null
+++ b/source4/ntvfs/posix/pvfs_setfileinfo.c
@@ -0,0 +1,884 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   POSIX NTVFS backend - setfileinfo
+
+   Copyright (C) Andrew Tridgell 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "vfs_posix.h"
+#include "system/time.h"
+#include "librpc/gen_ndr/xattr.h"
+
+
+/*
+  determine what access bits are needed for a call
+*/
+static uint32_t pvfs_setfileinfo_access(union smb_setfileinfo *info)
+{
+	uint32_t needed;
+
+	switch (info->generic.level) {
+	case RAW_SFILEINFO_EA_SET:
+		needed = SEC_FILE_WRITE_EA;
+		break;
+
+	case RAW_SFILEINFO_DISPOSITION_INFO:
+	case RAW_SFILEINFO_DISPOSITION_INFORMATION:
+		needed = SEC_STD_DELETE;
+		break;
+
+	case RAW_SFILEINFO_END_OF_FILE_INFO:
+		needed = SEC_FILE_WRITE_DATA;
+		break;
+
+	case RAW_SFILEINFO_POSITION_INFORMATION:
+		needed = 0;
+		break;
+
+	case RAW_SFILEINFO_SEC_DESC:
+		needed = 0;
+		if (info->set_secdesc.in.secinfo_flags & (SECINFO_OWNER|SECINFO_GROUP)) {
+			needed |= SEC_STD_WRITE_OWNER;
+		}
+		if (info->set_secdesc.in.secinfo_flags & SECINFO_DACL) {
+			needed |= SEC_STD_WRITE_DAC;
+		}
+		if (info->set_secdesc.in.secinfo_flags & SECINFO_SACL) {
+			needed |= SEC_FLAG_SYSTEM_SECURITY;
+		}
+		break;
+
+	case RAW_SFILEINFO_RENAME_INFORMATION:
+	case RAW_SFILEINFO_RENAME_INFORMATION_SMB2:
+		needed = SEC_STD_DELETE;
+		break;
+
+	default:
+		needed = SEC_FILE_WRITE_ATTRIBUTE;
+		break;
+	}
+
+	return needed;
+}
+
+/*
+  rename_information level for streams
+*/
+static NTSTATUS pvfs_setfileinfo_rename_stream(struct pvfs_state *pvfs, 
+					       struct ntvfs_request *req, 
+					       struct pvfs_filename *name,
+					       int fd,
+					       DATA_BLOB *odb_locking_key,
+					       union smb_setfileinfo *info)
+{
+	NTSTATUS status;
+	struct odb_lock *lck = NULL;
+
+	/* strangely, this gives a sharing violation, not invalid
+	   parameter */
+	if (info->rename_information.in.new_name[0] != ':') {
+		return NT_STATUS_SHARING_VIOLATION;
+	}
+
+	status = pvfs_access_check_simple(pvfs, req, name, SEC_FILE_WRITE_ATTRIBUTE);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	lck = odb_lock(req, pvfs->odb_context, odb_locking_key);
+	if (lck == NULL) {
+		DEBUG(0,("Unable to lock opendb for can_stat\n"));
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+
+	status = pvfs_stream_rename(pvfs, name, fd, 
+				    info->rename_information.in.new_name+1,
+				    info->rename_information.in.overwrite);
+	return status;
+}
+
+/*
+  rename_information level
+*/
+static NTSTATUS pvfs_setfileinfo_rename(struct pvfs_state *pvfs, 
+					struct ntvfs_request *req, 
+					struct pvfs_filename *name,
+					int fd,
+					DATA_BLOB *odb_locking_key,
+					union smb_setfileinfo *info)
+{
+	NTSTATUS status;
+	struct pvfs_filename *name2;
+	char *new_name, *p;
+	struct odb_lock *lck = NULL;
+
+	/* renames are only allowed within a directory */
+	if (strchr_m(info->rename_information.in.new_name, '\\') &&
+	    (req->ctx->protocol < PROTOCOL_SMB2_02)) {
+		return NT_STATUS_NOT_SUPPORTED;
+	}
+
+	/* handle stream renames specially */
+	if (name->stream_name) {
+		return pvfs_setfileinfo_rename_stream(pvfs, req, name, fd, 
+						      odb_locking_key, info);
+	}
+
+	/* w2k3 does not appear to allow relative rename. On SMB2, vista sends it sometimes,
+	   but I suspect it is just uninitialised memory */
+	if (info->rename_information.in.root_fid != 0 && 
+	    (req->ctx->protocol < PROTOCOL_SMB2_02)) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/* construct the fully qualified windows name for the new file name */
+	if (req->ctx->protocol >= PROTOCOL_SMB2_02) {
+		/* SMB2 sends the full path of the new name */
+		new_name = talloc_asprintf(req, "\\%s", info->rename_information.in.new_name);
+	} else {
+		new_name = talloc_strdup(req, name->original_name);
+		if (new_name == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		p = strrchr_m(new_name, '\\');
+		if (p == NULL) {
+			return NT_STATUS_OBJECT_NAME_INVALID;
+		} else {
+			*p = 0;
+		}
+
+		new_name = talloc_asprintf(req, "%s\\%s", new_name,
+					   info->rename_information.in.new_name);
+	}
+	if (new_name == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* resolve the new name */
+	status = pvfs_resolve_name(pvfs, req, new_name, 0, &name2);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	/* if the destination exists, then check the rename is allowed */
+	if (name2->exists) {
+		if (strcmp(name2->full_name, name->full_name) == 0) {
+			/* rename to same name is null-op */
+			return NT_STATUS_OK;
+		}
+
+		if (!info->rename_information.in.overwrite) {
+			return NT_STATUS_OBJECT_NAME_COLLISION;
+		}
+
+		status = pvfs_can_delete(pvfs, req, name2, NULL);
+		if (NT_STATUS_EQUAL(status, NT_STATUS_DELETE_PENDING)) {
+			return NT_STATUS_ACCESS_DENIED;
+		}
+		if (NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION)) {
+			return NT_STATUS_ACCESS_DENIED;
+		}
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+	}
+
+	status = pvfs_access_check_parent(pvfs, req, name2, SEC_DIR_ADD_FILE);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	lck = odb_lock(req, pvfs->odb_context, odb_locking_key);
+	if (lck == NULL) {
+		DEBUG(0,("Unable to lock opendb for can_stat\n"));
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	status = pvfs_do_rename(pvfs, lck, name, name2->full_name);
+	talloc_free(lck);
+	NT_STATUS_NOT_OK_RETURN(status);
+	if (NT_STATUS_IS_OK(status)) {
+		name->full_name = talloc_steal(name, name2->full_name);
+		name->original_name = talloc_steal(name, name2->original_name);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  add a single DOS EA
+*/
+NTSTATUS pvfs_setfileinfo_ea_set(struct pvfs_state *pvfs, 
+				 struct pvfs_filename *name,
+				 int fd, uint16_t num_eas,
+				 struct ea_struct *eas)
+{
+	struct xattr_DosEAs *ealist;
+	int i, j;
+	NTSTATUS status;
+
+	if (num_eas == 0) {
+		return NT_STATUS_OK;
+	}
+
+	if (!(pvfs->flags & PVFS_FLAG_XATTR_ENABLE)) {
+		return NT_STATUS_NOT_SUPPORTED;
+	}
+
+	ealist = talloc(name, struct xattr_DosEAs);
+
+	/* load the current list */
+	status = pvfs_doseas_load(pvfs, name, fd, ealist);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	for (j=0;j<num_eas;j++) {
+		struct ea_struct *ea = &eas[j];
+		/* see if its already there */
+		for (i=0;i<ealist->num_eas;i++) {
+			if (strcasecmp_m(ealist->eas[i].name, ea->name.s) == 0) {
+				ealist->eas[i].value = ea->value;
+				break;
+			}
+		}
+
+		if (i==ealist->num_eas) {
+			/* add it */
+			ealist->eas = talloc_realloc(ealist, ealist->eas, 
+						       struct xattr_EA, 
+						       ealist->num_eas+1);
+			if (ealist->eas == NULL) {
+				return NT_STATUS_NO_MEMORY;
+			}
+			ealist->eas[i].name = ea->name.s;
+			ealist->eas[i].value = ea->value;
+			ealist->num_eas++;
+		}
+	}
+	
+	/* pull out any null EAs */
+	for (i=0;i<ealist->num_eas;i++) {
+		if (ealist->eas[i].value.length == 0) {
+			memmove(&ealist->eas[i],
+				&ealist->eas[i+1],
+				(ealist->num_eas-(i+1)) * sizeof(ealist->eas[i]));
+			ealist->num_eas--;
+			i--;
+		}
+	}
+
+	status = pvfs_doseas_save(pvfs, name, fd, ealist);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	notify_trigger(pvfs->notify_context, 
+		       NOTIFY_ACTION_MODIFIED, 
+		       FILE_NOTIFY_CHANGE_EA,
+		       name->full_name);
+
+	name->dos.ea_size = 4;
+	for (i=0;i<ealist->num_eas;i++) {
+		name->dos.ea_size += 4 + strlen(ealist->eas[i].name)+1 + 
+			ealist->eas[i].value.length;
+	}
+
+	/* update the ea_size attrib */
+	return pvfs_dosattrib_save(pvfs, name, fd);
+}
+
+/*
+  set info on a open file
+*/
+NTSTATUS pvfs_setfileinfo(struct ntvfs_module_context *ntvfs,
+			  struct ntvfs_request *req, 
+			  union smb_setfileinfo *info)
+{
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	struct pvfs_file *f;
+	struct pvfs_file_handle *h;
+	struct pvfs_filename newstats;
+	NTSTATUS status;
+	uint32_t access_needed;
+	uint32_t change_mask = 0;
+
+	f = pvfs_find_fd(pvfs, req, info->generic.in.file.ntvfs);
+	if (!f) {
+		return NT_STATUS_INVALID_HANDLE;
+	}
+
+	h = f->handle;
+
+	access_needed = pvfs_setfileinfo_access(info);
+	if ((f->access_mask & access_needed) != access_needed) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	/* update the file information */
+	status = pvfs_resolve_name_handle(pvfs, h);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	/* we take a copy of the current file stats, then update
+	   newstats in each of the elements below. At the end we
+	   compare, and make any changes needed */
+	newstats = *h->name;
+
+	switch (info->generic.level) {
+	case RAW_SFILEINFO_SETATTR:
+		if (!null_time(info->setattr.in.write_time)) {
+			unix_to_nt_time(&newstats.dos.write_time, info->setattr.in.write_time);
+		}
+		if (info->setattr.in.attrib != FILE_ATTRIBUTE_NORMAL) {
+			newstats.dos.attrib = info->setattr.in.attrib;
+		}
+  		break;
+
+	case RAW_SFILEINFO_SETATTRE:
+	case RAW_SFILEINFO_STANDARD:
+		if (!null_time(info->setattre.in.create_time)) {
+			unix_to_nt_time(&newstats.dos.create_time, info->setattre.in.create_time);
+		}
+		if (!null_time(info->setattre.in.access_time)) {
+			unix_to_nt_time(&newstats.dos.access_time, info->setattre.in.access_time);
+		}
+		if (!null_time(info->setattre.in.write_time)) {
+			unix_to_nt_time(&newstats.dos.write_time, info->setattre.in.write_time);
+		}
+  		break;
+
+	case RAW_SFILEINFO_EA_SET:
+		return pvfs_setfileinfo_ea_set(pvfs, h->name, h->fd,
+					       info->ea_set.in.num_eas,
+					       info->ea_set.in.eas);
+
+	case RAW_SFILEINFO_BASIC_INFO:
+	case RAW_SFILEINFO_BASIC_INFORMATION:
+		if (!null_nttime(info->basic_info.in.create_time)) {
+			newstats.dos.create_time = info->basic_info.in.create_time;
+		}
+		if (!null_nttime(info->basic_info.in.access_time)) {
+			newstats.dos.access_time = info->basic_info.in.access_time;
+		}
+		if (!null_nttime(info->basic_info.in.write_time)) {
+			newstats.dos.write_time = info->basic_info.in.write_time;
+		}
+		if (!null_nttime(info->basic_info.in.change_time)) {
+			newstats.dos.change_time = info->basic_info.in.change_time;
+		}
+		if (info->basic_info.in.attrib != 0) {
+			newstats.dos.attrib = info->basic_info.in.attrib;
+		}
+  		break;
+
+	case RAW_SFILEINFO_DISPOSITION_INFO:
+	case RAW_SFILEINFO_DISPOSITION_INFORMATION:
+		return pvfs_set_delete_on_close(pvfs, req, f, 
+						info->disposition_info.in.delete_on_close);
+
+	case RAW_SFILEINFO_ALLOCATION_INFO:
+	case RAW_SFILEINFO_ALLOCATION_INFORMATION:
+		status = pvfs_break_level2_oplocks(f);
+		NT_STATUS_NOT_OK_RETURN(status);
+
+		newstats.dos.alloc_size = info->allocation_info.in.alloc_size;
+		if (newstats.dos.alloc_size < newstats.st.st_size) {
+			newstats.st.st_size = newstats.dos.alloc_size;
+		}
+		newstats.dos.alloc_size = pvfs_round_alloc_size(pvfs, 
+								newstats.dos.alloc_size);
+		break;
+
+	case RAW_SFILEINFO_END_OF_FILE_INFO:
+	case RAW_SFILEINFO_END_OF_FILE_INFORMATION:
+		status = pvfs_break_level2_oplocks(f);
+		NT_STATUS_NOT_OK_RETURN(status);
+
+		newstats.st.st_size = info->end_of_file_info.in.size;
+		break;
+
+	case RAW_SFILEINFO_POSITION_INFORMATION:
+		h->position = info->position_information.in.position;
+		break;
+
+	case RAW_SFILEINFO_FULL_EA_INFORMATION:
+		return pvfs_setfileinfo_ea_set(pvfs, h->name, h->fd,
+				info->full_ea_information.in.eas.num_eas,
+				info->full_ea_information.in.eas.eas);
+
+	case RAW_SFILEINFO_MODE_INFORMATION:
+		/* this one is a puzzle */
+		if (info->mode_information.in.mode != 0 &&
+		    info->mode_information.in.mode != 2 &&
+		    info->mode_information.in.mode != 4 &&
+		    info->mode_information.in.mode != 6) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+		h->mode = info->mode_information.in.mode;
+		break;
+
+	case RAW_SFILEINFO_RENAME_INFORMATION:
+	case RAW_SFILEINFO_RENAME_INFORMATION_SMB2:
+		return pvfs_setfileinfo_rename(pvfs, req, h->name, f->handle->fd,
+					       &h->odb_locking_key,
+					       info);
+
+	case RAW_SFILEINFO_SEC_DESC:
+		notify_trigger(pvfs->notify_context, 
+			       NOTIFY_ACTION_MODIFIED, 
+			       FILE_NOTIFY_CHANGE_SECURITY,
+			       h->name->full_name);
+		return pvfs_acl_set(pvfs, req, h->name, h->fd, f->access_mask, info);
+
+	default:
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	/* possibly change the file size */
+	if (newstats.st.st_size != h->name->st.st_size) {
+		if (h->name->dos.attrib & FILE_ATTRIBUTE_DIRECTORY) {
+			return NT_STATUS_FILE_IS_A_DIRECTORY;
+		}
+		if (h->name->stream_name) {
+			status = pvfs_stream_truncate(pvfs, h->name, h->fd, newstats.st.st_size);
+			if (!NT_STATUS_IS_OK(status)) {
+				return status;
+			}
+			
+			change_mask |= FILE_NOTIFY_CHANGE_STREAM_SIZE;
+		} else {
+			int ret;
+			if (f->access_mask & 
+			    (SEC_FILE_WRITE_DATA|SEC_FILE_APPEND_DATA)) {
+				ret = ftruncate(h->fd, newstats.st.st_size);
+			} else {
+				ret = truncate(h->name->full_name, newstats.st.st_size);
+			}
+			if (ret == -1) {
+				return pvfs_map_errno(pvfs, errno);
+			}
+			change_mask |= FILE_NOTIFY_CHANGE_SIZE | FILE_NOTIFY_CHANGE_ATTRIBUTES;
+		}
+	}
+
+	/* possibly change the file timestamps */
+	if (newstats.dos.create_time != h->name->dos.create_time) {
+		change_mask |= FILE_NOTIFY_CHANGE_CREATION;
+	}
+	if (newstats.dos.access_time != h->name->dos.access_time) {
+		change_mask |= FILE_NOTIFY_CHANGE_LAST_ACCESS;
+	}
+	if (newstats.dos.write_time != h->name->dos.write_time) {
+		change_mask |= FILE_NOTIFY_CHANGE_LAST_WRITE;
+	}
+	if ((change_mask & FILE_NOTIFY_CHANGE_LAST_ACCESS) ||
+	    (change_mask & FILE_NOTIFY_CHANGE_LAST_WRITE)) {
+		struct timeval tv[2];
+
+		nttime_to_timeval(&tv[0], newstats.dos.access_time);
+		nttime_to_timeval(&tv[1], newstats.dos.write_time);
+
+		if (!timeval_is_zero(&tv[0]) || !timeval_is_zero(&tv[1])) {
+			if (utimes(h->name->full_name, tv) == -1) {
+				DEBUG(0,("pvfs_setfileinfo: utimes() failed '%s' - %s\n",
+					 h->name->full_name, strerror(errno)));
+				return pvfs_map_errno(pvfs, errno);
+			}
+		}
+	}
+	if (change_mask & FILE_NOTIFY_CHANGE_LAST_WRITE) {
+		struct odb_lock *lck;
+
+		lck = odb_lock(req, h->pvfs->odb_context, &h->odb_locking_key);
+		if (lck == NULL) {
+			DEBUG(0,("Unable to lock opendb for write time update\n"));
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+
+		status = odb_set_write_time(lck, newstats.dos.write_time, true);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0,("Unable to update write time: %s\n",
+				nt_errstr(status)));
+			talloc_free(lck);
+			return status;
+		}
+
+		talloc_free(lck);
+
+		h->write_time.update_forced = true;
+		h->write_time.update_on_close = false;
+		talloc_free(h->write_time.update_event);
+		h->write_time.update_event = NULL;
+	}
+
+	/* possibly change the attribute */
+	if (newstats.dos.attrib != h->name->dos.attrib) {
+		mode_t mode;
+		if ((newstats.dos.attrib & FILE_ATTRIBUTE_DIRECTORY) &&
+		    !(h->name->dos.attrib & FILE_ATTRIBUTE_DIRECTORY)) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+		mode = pvfs_fileperms(pvfs, newstats.dos.attrib);
+		if (!(h->name->dos.attrib & FILE_ATTRIBUTE_DIRECTORY)) {
+			if (pvfs_sys_fchmod(pvfs, h->fd, mode, h->name->allow_override) == -1) {
+				return pvfs_map_errno(pvfs, errno);
+			}
+		}
+		change_mask |= FILE_NOTIFY_CHANGE_ATTRIBUTES;
+	}
+
+	*h->name = newstats;
+
+	notify_trigger(pvfs->notify_context, 
+		       NOTIFY_ACTION_MODIFIED, 
+		       change_mask,
+		       h->name->full_name);
+
+	return pvfs_dosattrib_save(pvfs, h->name, h->fd);
+}
+
+/*
+  retry an open after a sharing violation
+*/
+static void pvfs_retry_setpathinfo(struct pvfs_odb_retry *r,
+				   struct ntvfs_module_context *ntvfs,
+				   struct ntvfs_request *req,
+				   void *_info,
+				   void *private_data,
+				   enum pvfs_wait_notice reason)
+{
+	union smb_setfileinfo *info = talloc_get_type(_info,
+				      union smb_setfileinfo);
+	NTSTATUS status = NT_STATUS_INTERNAL_ERROR;
+
+	talloc_free(r);
+
+	switch (reason) {
+	case PVFS_WAIT_CANCEL:
+/*TODO*/
+		status = NT_STATUS_CANCELLED;
+		break;
+	case PVFS_WAIT_TIMEOUT:
+		/* if it timed out, then give the failure
+		   immediately */
+/*TODO*/
+		status = NT_STATUS_SHARING_VIOLATION;
+		break;
+	case PVFS_WAIT_EVENT:
+
+		/* try the open again, which could trigger another retry setup
+		   if it wants to, so we have to unmark the async flag so we
+		   will know if it does a second async reply */
+		req->async_states->state &= ~NTVFS_ASYNC_STATE_ASYNC;
+
+		status = pvfs_setpathinfo(ntvfs, req, info);
+		if (req->async_states->state & NTVFS_ASYNC_STATE_ASYNC) {
+			/* the 2nd try also replied async, so we don't send
+			   the reply yet */
+			return;
+		}
+
+		/* re-mark it async, just in case someone up the chain does
+		   paranoid checking */
+		req->async_states->state |= NTVFS_ASYNC_STATE_ASYNC;
+		break;
+	}
+
+	/* send the reply up the chain */
+	req->async_states->status = status;
+	req->async_states->send_fn(req);
+}
+
+/*
+  setup for a unlink retry after a sharing violation
+  or a non granted oplock
+*/
+static NTSTATUS pvfs_setpathinfo_setup_retry(struct ntvfs_module_context *ntvfs,
+					     struct ntvfs_request *req,
+					     union smb_setfileinfo *info,
+					     struct odb_lock *lck,
+					     NTSTATUS status)
+{
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	struct timeval end_time;
+
+	if (NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION)) {
+		end_time = timeval_add(&req->statistics.request_time,
+				       0, pvfs->sharing_violation_delay);
+	} else if (NT_STATUS_EQUAL(status, NT_STATUS_OPLOCK_NOT_GRANTED)) {
+		end_time = timeval_add(&req->statistics.request_time,
+				       pvfs->oplock_break_timeout, 0);
+	} else {
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	return pvfs_odb_retry_setup(ntvfs, req, lck, end_time, info, NULL,
+				    pvfs_retry_setpathinfo);
+}
+
+/*
+  set info on a pathname
+*/
+NTSTATUS pvfs_setpathinfo(struct ntvfs_module_context *ntvfs,
+			  struct ntvfs_request *req, union smb_setfileinfo *info)
+{
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	struct pvfs_filename *name;
+	struct pvfs_filename newstats;
+	NTSTATUS status;
+	uint32_t access_needed;
+	uint32_t change_mask = 0;
+	struct odb_lock *lck = NULL;
+	DATA_BLOB odb_locking_key;
+
+	/* resolve the cifs name to a posix name */
+	status = pvfs_resolve_name(pvfs, req, info->generic.in.file.path, 
+				   PVFS_RESOLVE_STREAMS, &name);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (!name->exists) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	access_needed = pvfs_setfileinfo_access(info);
+	status = pvfs_access_check_simple(pvfs, req, name, access_needed);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	/* we take a copy of the current file stats, then update
+	   newstats in each of the elements below. At the end we
+	   compare, and make any changes needed */
+	newstats = *name;
+
+	switch (info->generic.level) {
+	case RAW_SFILEINFO_SETATTR:
+		if (!null_time(info->setattr.in.write_time)) {
+			unix_to_nt_time(&newstats.dos.write_time, info->setattr.in.write_time);
+		}
+		if (info->setattr.in.attrib == 0) {
+			newstats.dos.attrib = FILE_ATTRIBUTE_NORMAL;
+		} else if (info->setattr.in.attrib != FILE_ATTRIBUTE_NORMAL) {
+			newstats.dos.attrib = info->setattr.in.attrib;
+		}
+  		break;
+
+	case RAW_SFILEINFO_SETATTRE:
+	case RAW_SFILEINFO_STANDARD:
+		if (!null_time(info->setattre.in.create_time)) {
+			unix_to_nt_time(&newstats.dos.create_time, info->setattre.in.create_time);
+		}
+		if (!null_time(info->setattre.in.access_time)) {
+			unix_to_nt_time(&newstats.dos.access_time, info->setattre.in.access_time);
+		}
+		if (!null_time(info->setattre.in.write_time)) {
+			unix_to_nt_time(&newstats.dos.write_time, info->setattre.in.write_time);
+		}
+  		break;
+
+	case RAW_SFILEINFO_EA_SET:
+		return pvfs_setfileinfo_ea_set(pvfs, name, -1, 
+					       info->ea_set.in.num_eas,
+					       info->ea_set.in.eas);
+
+	case RAW_SFILEINFO_BASIC_INFO:
+	case RAW_SFILEINFO_BASIC_INFORMATION:
+		if (!null_nttime(info->basic_info.in.create_time)) {
+			newstats.dos.create_time = info->basic_info.in.create_time;
+		}
+		if (!null_nttime(info->basic_info.in.access_time)) {
+			newstats.dos.access_time = info->basic_info.in.access_time;
+		}
+		if (!null_nttime(info->basic_info.in.write_time)) {
+			newstats.dos.write_time = info->basic_info.in.write_time;
+		}
+		if (!null_nttime(info->basic_info.in.change_time)) {
+			newstats.dos.change_time = info->basic_info.in.change_time;
+		}
+		if (info->basic_info.in.attrib != 0) {
+			newstats.dos.attrib = info->basic_info.in.attrib;
+		}
+  		break;
+
+	case RAW_SFILEINFO_ALLOCATION_INFO:
+	case RAW_SFILEINFO_ALLOCATION_INFORMATION:
+		status = pvfs_can_update_file_size(pvfs, req, name, &lck);
+		/*
+		 * on a sharing violation we need to retry when the file is closed by
+		 * the other user, or after 1 second
+		 * on a non granted oplock we need to retry when the file is closed by
+		 * the other user, or after 30 seconds
+		*/
+		if ((NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION) ||
+		     NT_STATUS_EQUAL(status, NT_STATUS_OPLOCK_NOT_GRANTED)) &&
+		    (req->async_states->state & NTVFS_ASYNC_STATE_MAY_ASYNC)) {
+			return pvfs_setpathinfo_setup_retry(pvfs->ntvfs, req, info, lck, status);
+		}
+		NT_STATUS_NOT_OK_RETURN(status);
+
+		if (info->allocation_info.in.alloc_size > newstats.dos.alloc_size) {
+			/* strange. Increasing the allocation size via setpathinfo 
+			   should be silently ignored */
+			break;
+		}
+		newstats.dos.alloc_size = info->allocation_info.in.alloc_size;
+		if (newstats.dos.alloc_size < newstats.st.st_size) {
+			newstats.st.st_size = newstats.dos.alloc_size;
+		}
+		newstats.dos.alloc_size = pvfs_round_alloc_size(pvfs, 
+								newstats.dos.alloc_size);
+		break;
+
+	case RAW_SFILEINFO_END_OF_FILE_INFO:
+	case RAW_SFILEINFO_END_OF_FILE_INFORMATION:
+		status = pvfs_can_update_file_size(pvfs, req, name, &lck);
+		/*
+		 * on a sharing violation we need to retry when the file is closed by
+		 * the other user, or after 1 second
+		 * on a non granted oplock we need to retry when the file is closed by
+		 * the other user, or after 30 seconds
+		*/
+		if ((NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION) ||
+		     NT_STATUS_EQUAL(status, NT_STATUS_OPLOCK_NOT_GRANTED)) &&
+		    (req->async_states->state & NTVFS_ASYNC_STATE_MAY_ASYNC)) {
+			return pvfs_setpathinfo_setup_retry(pvfs->ntvfs, req, info, lck, status);
+		}
+		NT_STATUS_NOT_OK_RETURN(status);
+
+		newstats.st.st_size = info->end_of_file_info.in.size;
+		break;
+
+	case RAW_SFILEINFO_MODE_INFORMATION:
+		if (info->mode_information.in.mode != 0 &&
+		    info->mode_information.in.mode != 2 &&
+		    info->mode_information.in.mode != 4 &&
+		    info->mode_information.in.mode != 6) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+		return NT_STATUS_OK;
+
+	case RAW_SFILEINFO_RENAME_INFORMATION:
+	case RAW_SFILEINFO_RENAME_INFORMATION_SMB2:
+		status = pvfs_locking_key(name, name, &odb_locking_key);
+		NT_STATUS_NOT_OK_RETURN(status);
+		status = pvfs_setfileinfo_rename(pvfs, req, name, -1,
+						 &odb_locking_key, info);
+		NT_STATUS_NOT_OK_RETURN(status);
+		return NT_STATUS_OK;
+
+	case RAW_SFILEINFO_DISPOSITION_INFO:
+	case RAW_SFILEINFO_DISPOSITION_INFORMATION:
+	case RAW_SFILEINFO_POSITION_INFORMATION:
+		return NT_STATUS_OK;
+
+	default:
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	/* possibly change the file size */
+	if (newstats.st.st_size != name->st.st_size) {
+		if (name->stream_name) {
+			status = pvfs_stream_truncate(pvfs, name, -1, newstats.st.st_size);
+			if (!NT_STATUS_IS_OK(status)) {
+				return status;
+			}
+		} else if (truncate(name->full_name, newstats.st.st_size) == -1) {
+			return pvfs_map_errno(pvfs, errno);
+		}
+		change_mask |= FILE_NOTIFY_CHANGE_SIZE | FILE_NOTIFY_CHANGE_ATTRIBUTES;
+	}
+
+	/* possibly change the file timestamps */
+	if (newstats.dos.create_time != name->dos.create_time) {
+		change_mask |= FILE_NOTIFY_CHANGE_CREATION;
+	}
+	if (newstats.dos.access_time != name->dos.access_time) {
+		change_mask |= FILE_NOTIFY_CHANGE_LAST_ACCESS;
+	}
+	if (newstats.dos.write_time != name->dos.write_time) {
+		change_mask |= FILE_NOTIFY_CHANGE_LAST_WRITE;
+	}
+	if ((change_mask & FILE_NOTIFY_CHANGE_LAST_ACCESS) ||
+	    (change_mask & FILE_NOTIFY_CHANGE_LAST_WRITE)) {
+		struct timeval tv[2];
+
+		nttime_to_timeval(&tv[0], newstats.dos.access_time);
+		nttime_to_timeval(&tv[1], newstats.dos.write_time);
+
+		if (!timeval_is_zero(&tv[0]) || !timeval_is_zero(&tv[1])) {
+			if (utimes(name->full_name, tv) == -1) {
+				DEBUG(0,("pvfs_setpathinfo: utimes() failed '%s' - %s\n",
+					 name->full_name, strerror(errno)));
+				return pvfs_map_errno(pvfs, errno);
+			}
+		}
+	}
+	if (change_mask & FILE_NOTIFY_CHANGE_LAST_WRITE) {
+		if (lck == NULL) {
+			DATA_BLOB lkey;
+			status = pvfs_locking_key(name, name, &lkey);
+			NT_STATUS_NOT_OK_RETURN(status);
+
+			lck = odb_lock(req, pvfs->odb_context, &lkey);
+			data_blob_free(&lkey);
+			if (lck == NULL) {
+				DEBUG(0,("Unable to lock opendb for write time update\n"));
+				return NT_STATUS_INTERNAL_ERROR;
+			}
+		}
+
+		status = odb_set_write_time(lck, newstats.dos.write_time, true);
+		if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+			/* it could be that nobody has opened the file */
+		} else if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0,("Unable to update write time: %s\n",
+				nt_errstr(status)));
+			return status;
+		}
+	}
+
+	/* possibly change the attribute */
+	newstats.dos.attrib |= (name->dos.attrib & FILE_ATTRIBUTE_DIRECTORY);
+	if (newstats.dos.attrib != name->dos.attrib) {
+		mode_t mode = pvfs_fileperms(pvfs, newstats.dos.attrib);
+		if (pvfs_sys_chmod(pvfs, name->full_name, mode, name->allow_override) == -1) {
+			return pvfs_map_errno(pvfs, errno);
+		}
+		change_mask |= FILE_NOTIFY_CHANGE_ATTRIBUTES;
+	}
+
+	*name = newstats;
+
+	if (change_mask != 0) {
+		notify_trigger(pvfs->notify_context, 
+			       NOTIFY_ACTION_MODIFIED, 
+			       change_mask,
+			       name->full_name);
+	}
+
+	return pvfs_dosattrib_save(pvfs, name, -1);
+}
+
diff --git a/source4/ntvfs/posix/pvfs_shortname.c b/source4/ntvfs/posix/pvfs_shortname.c
new file mode 100644
index 0000000..9e3cf5f
--- /dev/null
+++ b/source4/ntvfs/posix/pvfs_shortname.c
@@ -0,0 +1,699 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   POSIX NTVFS backend - 8.3 name routines
+
+   Copyright (C) Andrew Tridgell 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/locale.h"
+#include "vfs_posix.h"
+#include "param/param.h"
+
+#undef strcasecmp
+
+/*
+  this mangling scheme uses the following format
+
+  Annnn~n.AAA
+
+  where nnnnn is a base 36 hash, and A represents characters from the original string
+
+  The hash is taken of the leading part of the long filename, in uppercase
+
+  for simplicity, we only allow ascii characters in 8.3 names
+*/
+
+/*
+  ===============================================================================
+  NOTE NOTE NOTE!!!
+
+  This file deliberately uses non-multibyte string functions in many places. This
+  is *not* a mistake. This code is multi-byte safe, but it gets this property
+  through some very subtle knowledge of the way multi-byte strings are encoded 
+  and the fact that this mangling algorithm only supports ascii characters in
+  8.3 names.
+
+  please don't convert this file to use the *_m() functions!!
+  ===============================================================================
+*/
+
+
+#if 1
+#define M_DEBUG(level, x) DEBUG(level, x)
+#else
+#define M_DEBUG(level, x)
+#endif
+
+/* these flags are used to mark characters in as having particular
+   properties */
+#define FLAG_BASECHAR 1
+#define FLAG_ASCII 2
+#define FLAG_ILLEGAL 4
+#define FLAG_WILDCARD 8
+
+/* the "possible" flags are used as a fast way to find possible DOS
+   reserved filenames */
+#define FLAG_POSSIBLE1 16
+#define FLAG_POSSIBLE2 32
+#define FLAG_POSSIBLE3 64
+#define FLAG_POSSIBLE4 128
+
+#define DEFAULT_MANGLE_PREFIX 4
+
+#define MANGLE_BASECHARS "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+
+#define FLAG_CHECK(c, flag) (ctx->char_flags[(uint8_t)(c)] & (flag))
+
+static const char *reserved_names[] = 
+{ "AUX", "CON",
+  "COM1", "COM2", "COM3", "COM4", "COM5", "COM6", "COM7", "COM8", "COM9",
+  "LPT1", "LPT2", "LPT3", "LPT4", "LPT5", "LPT6", "LPT7", "LPT8", "LPT9",
+  "NUL", "PRN", NULL };
+
+
+struct pvfs_mangle_context {
+	uint8_t char_flags[256];
+	/*
+	  this determines how many characters are used from the original
+	  filename in the 8.3 mangled name. A larger value leads to a weaker
+	  hash and more collisions.  The largest possible value is 6.
+	*/
+	int mangle_prefix;
+	uint32_t mangle_modulus;
+
+	/* we will use a very simple direct mapped prefix cache. The big
+	   advantage of this cache structure is speed and low memory usage 
+
+	   The cache is indexed by the low-order bits of the hash, and confirmed by
+	   hashing the resulting cache entry to match the known hash
+	*/
+	uint32_t cache_size;
+	char **prefix_cache;
+	uint32_t *prefix_cache_hashes;
+
+	/* this is used to reverse the base 36 mapping */
+	unsigned char base_reverse[256];
+};
+
+
+/* 
+   hash a string of the specified length. The string does not need to be
+   null terminated 
+
+   this hash needs to be fast with a low collision rate (what hash doesn't?)
+*/
+static uint32_t mangle_hash(struct pvfs_mangle_context *ctx,
+			    const char *key, size_t length)
+{
+	return pvfs_name_hash(key, length) % ctx->mangle_modulus;
+}
+
+/*
+  insert an entry into the prefix cache. The string might not be null
+  terminated */
+static void cache_insert(struct pvfs_mangle_context *ctx,
+			 const char *prefix, int length, uint32_t hash)
+{
+	int i = hash % ctx->cache_size;
+
+	if (ctx->prefix_cache[i]) {
+		talloc_free(ctx->prefix_cache[i]);
+	}
+
+	ctx->prefix_cache[i] = talloc_strndup(ctx->prefix_cache, prefix, length);
+	ctx->prefix_cache_hashes[i] = hash;
+}
+
+/*
+  lookup an entry in the prefix cache. Return NULL if not found.
+*/
+static const char *cache_lookup(struct pvfs_mangle_context *ctx, uint32_t hash)
+{
+	int i = hash % ctx->cache_size;
+
+
+	if (!ctx->prefix_cache[i] || hash != ctx->prefix_cache_hashes[i]) {
+		return NULL;
+	}
+
+	/* yep, it matched */
+	return ctx->prefix_cache[i];
+}
+
+
+/* 
+   determine if a string is possibly in a mangled format, ignoring
+   case 
+
+   In this algorithm, mangled names use only pure ascii characters (no
+   multi-byte) so we can avoid doing a UCS2 conversion 
+ */
+static bool is_mangled_component(struct pvfs_mangle_context *ctx,
+				 const char *name, size_t len)
+{
+	unsigned int i;
+
+	M_DEBUG(10,("is_mangled_component %s (len %u) ?\n", name, (unsigned int)len));
+
+	/* check the length */
+	if (len > 12 || len < 8)
+		return false;
+
+	/* the best distinguishing characteristic is the ~ */
+	if (name[6] != '~')
+		return false;
+
+	/* check extension */
+	if (len > 8) {
+		if (name[8] != '.')
+			return false;
+		for (i=9; name[i] && i < len; i++) {
+			if (! FLAG_CHECK(name[i], FLAG_ASCII)) {
+				return false;
+			}
+		}
+	}
+	
+	/* check lead characters */
+	for (i=0;i<ctx->mangle_prefix;i++) {
+		if (! FLAG_CHECK(name[i], FLAG_ASCII)) {
+			return false;
+		}
+	}
+	
+	/* check rest of hash */
+	if (! FLAG_CHECK(name[7], FLAG_BASECHAR)) {
+		return false;
+	}
+	for (i=ctx->mangle_prefix;i<6;i++) {
+		if (! FLAG_CHECK(name[i], FLAG_BASECHAR)) {
+			return false;
+		}
+	}
+
+	M_DEBUG(10,("is_mangled_component %s (len %u) -> yes\n", name, (unsigned int)len));
+
+	return true;
+}
+
+
+
+/* 
+   determine if a string is possibly in a mangled format, ignoring
+   case 
+
+   In this algorithm, mangled names use only pure ascii characters (no
+   multi-byte) so we can avoid doing a UCS2 conversion 
+
+   NOTE! This interface must be able to handle a path with unix
+   directory separators. It should return true if any component is
+   mangled
+ */
+static bool is_mangled(struct pvfs_mangle_context *ctx, const char *name)
+{
+	const char *p;
+	const char *s;
+
+	M_DEBUG(10,("is_mangled %s ?\n", name));
+
+	for (s=name; (p=strchr(s, '/')); s=p+1) {
+		if (is_mangled_component(ctx, s, PTR_DIFF(p, s))) {
+			return true;
+		}
+	}
+	
+	/* and the last part ... */
+	return is_mangled_component(ctx, s, strlen(s));
+}
+
+
+/* 
+   see if a filename is an allowable 8.3 name.
+
+   we are only going to allow ascii characters in 8.3 names, as this
+   simplifies things greatly (it means that we know the string won't
+   get larger when converted from UNIX to DOS formats)
+*/
+static bool is_8_3(struct pvfs_mangle_context *ctx,
+		   const char *name, bool check_case, bool allow_wildcards)
+{
+	int len, i;
+	char *dot_p;
+
+	/* as a special case, the names '.' and '..' are allowable 8.3 names */
+	if (name[0] == '.') {
+		if (!name[1] || (name[1] == '.' && !name[2])) {
+			return true;
+		}
+	}
+
+	/* the simplest test is on the overall length of the
+	 filename. Note that we deliberately use the ascii string
+	 length (not the multi-byte one) as it is faster, and gives us
+	 the result we need in this case. Using strlen_m would not
+	 only be slower, it would be incorrect */
+	len = strlen(name);
+	if (len > 12)
+		return false;
+
+	/* find the '.'. Note that once again we use the non-multibyte
+           function */
+	dot_p = strchr(name, '.');
+
+	if (!dot_p) {
+		/* if the name doesn't contain a '.' then its length
+                   must be less than 8 */
+		if (len > 8) {
+			return false;
+		}
+	} else {
+		int prefix_len, suffix_len;
+
+		/* if it does contain a dot then the prefix must be <=
+		   8 and the suffix <= 3 in length */
+		prefix_len = PTR_DIFF(dot_p, name);
+		suffix_len = len - (prefix_len+1);
+
+		if (prefix_len > 8 || suffix_len > 3 || suffix_len == 0) {
+			return false;
+		}
+
+		/* a 8.3 name cannot contain more than 1 '.' */
+		if (strchr(dot_p+1, '.')) {
+			return false;
+		}
+	}
+
+	/* the length are all OK. Now check to see if the characters themselves are OK */
+	for (i=0; name[i]; i++) {
+		/* note that we may allow wildcard petterns! */
+		if (!FLAG_CHECK(name[i], FLAG_ASCII|(allow_wildcards ? FLAG_WILDCARD : 0)) && 
+		    name[i] != '.') {
+			return false;
+		}
+	}
+
+	/* it is a good 8.3 name */
+	return true;
+}
+
+
+/*
+  try to find a 8.3 name in the cache, and if found then
+  return the original long name. 
+*/
+static char *check_cache(struct pvfs_mangle_context *ctx, 
+			 TALLOC_CTX *mem_ctx, const char *name)
+{
+	uint32_t hash, multiplier;
+	unsigned int i;
+	const char *prefix;
+	char extension[4];
+
+	/* make sure that this is a mangled name from this cache */
+	if (!is_mangled(ctx, name)) {
+		M_DEBUG(10,("check_cache: %s -> not mangled\n", name));
+		return NULL;
+	}
+
+	/* we need to extract the hash from the 8.3 name */
+	hash = ctx->base_reverse[(unsigned char)name[7]];
+	for (multiplier=36, i=5;i>=ctx->mangle_prefix;i--) {
+		uint32_t v = ctx->base_reverse[(unsigned char)name[i]];
+		hash += multiplier * v;
+		multiplier *= 36;
+	}
+
+	/* now look in the prefix cache for that hash */
+	prefix = cache_lookup(ctx, hash);
+	if (!prefix) {
+		M_DEBUG(10,("check_cache: %s -> %08X -> not found\n", name, hash));
+		return NULL;
+	}
+
+	/* we found it - construct the full name */
+	if (name[8] == '.') {
+		strncpy(extension, name+9, 3);
+		extension[3] = 0;
+	} else {
+		extension[0] = 0;
+	}
+
+	if (extension[0]) {
+		return talloc_asprintf(mem_ctx, "%s.%s", prefix, extension);
+	}
+
+	return talloc_strdup(mem_ctx, prefix);
+}
+
+
+/*
+  look for a DOS reserved name
+*/
+static bool is_reserved_name(struct pvfs_mangle_context *ctx, const char *name)
+{
+	if (FLAG_CHECK(name[0], FLAG_POSSIBLE1) &&
+	    FLAG_CHECK(name[1], FLAG_POSSIBLE2) &&
+	    FLAG_CHECK(name[2], FLAG_POSSIBLE3) &&
+	    FLAG_CHECK(name[3], FLAG_POSSIBLE4)) {
+		/* a likely match, scan the lot */
+		int i;
+		for (i=0; reserved_names[i]; i++) {
+			if (strcasecmp(name, reserved_names[i]) == 0) {
+				return true;
+			}
+		}
+	}
+
+	return false;
+}
+
+
+/*
+ See if a filename is a legal long filename.
+ A filename ending in a '.' is not legal unless it's "." or "..". JRA.
+*/
+static bool is_legal_name(struct pvfs_mangle_context *ctx, const char *name)
+{
+	while (*name) {
+		size_t c_size;
+		codepoint_t c = next_codepoint(name, &c_size);
+		if (c == INVALID_CODEPOINT) {
+			return false;
+		}
+		/* all high chars are OK */
+		if (c >= 128) {
+			name += c_size;
+			continue;
+		}
+		if (FLAG_CHECK(c, FLAG_ILLEGAL)) {
+			return false;
+		}
+		name += c_size;
+	}
+
+	return true;
+}
+
+/*
+  the main forward mapping function, which converts a long filename to 
+  a 8.3 name
+
+  if need83 is not set then we only do the mangling if the name is illegal
+  as a long name
+
+  if cache83 is not set then we don't cache the result
+
+  return NULL if we don't need to do any conversion
+*/
+static char *name_map(struct pvfs_mangle_context *ctx,
+		      const char *name, bool need83, bool cache83)
+{
+	char *dot_p;
+	char lead_chars[7];
+	char extension[4];
+	unsigned int extension_length, i;
+	unsigned int prefix_len;
+	uint32_t hash, v;
+	char *new_name;
+	const char *basechars = MANGLE_BASECHARS;
+
+	/* reserved names are handled specially */
+	if (!is_reserved_name(ctx, name)) {
+		/* if the name is already a valid 8.3 name then we don't need to 
+		   do anything */
+		if (is_8_3(ctx, name, false, false)) {
+			return NULL;
+		}
+
+		/* if the caller doesn't strictly need 8.3 then just check for illegal 
+		   filenames */
+		if (!need83 && is_legal_name(ctx, name)) {
+			return NULL;
+		}
+	}
+
+	/* find the '.' if any */
+	dot_p = strrchr(name, '.');
+
+	if (dot_p) {
+		/* if the extension contains any illegal characters or
+		   is too long or zero length then we treat it as part
+		   of the prefix */
+		for (i=0; i<4 && dot_p[i+1]; i++) {
+			if (! FLAG_CHECK(dot_p[i+1], FLAG_ASCII)) {
+				dot_p = NULL;
+				break;
+			}
+		}
+		if (i == 0 || i == 4) dot_p = NULL;
+	}
+
+	/* the leading characters in the mangled name is taken from
+	   the first characters of the name, if they are ascii otherwise
+	   '_' is used
+	*/
+	for (i=0;i<ctx->mangle_prefix && name[i];i++) {
+		lead_chars[i] = name[i];
+		if (! FLAG_CHECK(lead_chars[i], FLAG_ASCII)) {
+			lead_chars[i] = '_';
+		}
+		lead_chars[i] = toupper((unsigned char)lead_chars[i]);
+	}
+	for (;i<ctx->mangle_prefix;i++) {
+		lead_chars[i] = '_';
+	}
+
+	/* the prefix is anything up to the first dot */
+	if (dot_p) {
+		prefix_len = PTR_DIFF(dot_p, name);
+	} else {
+		prefix_len = strlen(name);
+	}
+
+	/* the extension of the mangled name is taken from the first 3
+	   ascii chars after the dot */
+	extension_length = 0;
+	if (dot_p) {
+		for (i=1; extension_length < 3 && dot_p[i]; i++) {
+			unsigned char c = dot_p[i];
+			if (FLAG_CHECK(c, FLAG_ASCII)) {
+				extension[extension_length++] = toupper(c);
+			}
+		}
+	}
+	   
+	/* find the hash for this prefix */
+	v = hash = mangle_hash(ctx, name, prefix_len);
+
+	new_name = talloc_array(ctx, char, 13);
+	if (new_name == NULL) {
+		return NULL;
+	}
+
+	/* now form the mangled name. */
+	for (i=0;i<ctx->mangle_prefix;i++) {
+		new_name[i] = lead_chars[i];
+	}
+	new_name[7] = basechars[v % 36];
+	new_name[6] = '~';	
+	for (i=5; i>=ctx->mangle_prefix; i--) {
+		v = v / 36;
+		new_name[i] = basechars[v % 36];
+	}
+
+	/* add the extension */
+	if (extension_length) {
+		new_name[8] = '.';
+		memcpy(&new_name[9], extension, extension_length);
+		new_name[9+extension_length] = 0;
+	} else {
+		new_name[8] = 0;
+	}
+
+	if (cache83) {
+		/* put it in the cache */
+		cache_insert(ctx, name, prefix_len, hash);
+	}
+
+	M_DEBUG(10,("name_map: %s -> %08X -> %s (cache=%d)\n", 
+		   name, hash, new_name, cache83));
+
+	return new_name;
+}
+
+
+/* initialise the flags table 
+
+  we allow only a very restricted set of characters as 'ascii' in this
+  mangling backend. This isn't a significant problem as modern clients
+  use the 'long' filenames anyway, and those don't have these
+  restrictions. 
+*/
+static void init_tables(struct pvfs_mangle_context *ctx)
+{
+	const char *basechars = MANGLE_BASECHARS;
+	int i;
+	/* the list of reserved dos names - all of these are illegal */
+
+	ZERO_STRUCT(ctx->char_flags);
+
+	for (i=1;i<128;i++) {
+		if ((i >= '0' && i <= '9') || 
+		    (i >= 'a' && i <= 'z') || 
+		    (i >= 'A' && i <= 'Z')) {
+			ctx->char_flags[i] |=  (FLAG_ASCII | FLAG_BASECHAR);
+		}
+		if (strchr("_-$~", i)) {
+			ctx->char_flags[i] |= FLAG_ASCII;
+		}
+
+		if (strchr("*\\/?<>|\":", i)) {
+			ctx->char_flags[i] |= FLAG_ILLEGAL;
+		}
+
+		if (strchr("*?\"<>", i)) {
+			ctx->char_flags[i] |= FLAG_WILDCARD;
+		}
+	}
+
+	ZERO_STRUCT(ctx->base_reverse);
+	for (i=0;i<36;i++) {
+		ctx->base_reverse[(uint8_t)basechars[i]] = i;
+	}	
+
+	/* fill in the reserved names flags. These are used as a very
+	   fast filter for finding possible DOS reserved filenames */
+	for (i=0; reserved_names[i]; i++) {
+		unsigned char c1, c2, c3, c4;
+
+		c1 = (unsigned char)reserved_names[i][0];
+		c2 = (unsigned char)reserved_names[i][1];
+		c3 = (unsigned char)reserved_names[i][2];
+		c4 = (unsigned char)reserved_names[i][3];
+
+		ctx->char_flags[c1] |= FLAG_POSSIBLE1;
+		ctx->char_flags[c2] |= FLAG_POSSIBLE2;
+		ctx->char_flags[c3] |= FLAG_POSSIBLE3;
+		ctx->char_flags[c4] |= FLAG_POSSIBLE4;
+		ctx->char_flags[tolower(c1)] |= FLAG_POSSIBLE1;
+		ctx->char_flags[tolower(c2)] |= FLAG_POSSIBLE2;
+		ctx->char_flags[tolower(c3)] |= FLAG_POSSIBLE3;
+		ctx->char_flags[tolower(c4)] |= FLAG_POSSIBLE4;
+
+		ctx->char_flags[(unsigned char)'.'] |= FLAG_POSSIBLE4;
+	}
+
+	ctx->mangle_modulus = 1;
+	for (i=0;i<(7-ctx->mangle_prefix);i++) {
+		ctx->mangle_modulus *= 36;
+	}
+}
+
+/* 
+   initialise the mangling code 
+ */
+NTSTATUS pvfs_mangle_init(struct pvfs_state *pvfs)
+{
+	struct pvfs_mangle_context *ctx;
+
+	ctx = talloc(pvfs, struct pvfs_mangle_context);
+	if (ctx == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* by default have a max of 512 entries in the cache. */
+	ctx->cache_size = lpcfg_parm_int(pvfs->ntvfs->ctx->lp_ctx, NULL, "mangle", "cachesize", 512);
+
+	ctx->prefix_cache = talloc_array(ctx, char *, ctx->cache_size);
+	if (ctx->prefix_cache == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	ctx->prefix_cache_hashes = talloc_array(ctx, uint32_t, ctx->cache_size);
+	if (ctx->prefix_cache_hashes == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	memset(ctx->prefix_cache, 0, sizeof(char *) * ctx->cache_size);
+	memset(ctx->prefix_cache_hashes, 0, sizeof(uint32_t) * ctx->cache_size);
+
+	ctx->mangle_prefix = lpcfg_parm_int(pvfs->ntvfs->ctx->lp_ctx, NULL, "mangle", "prefix", -1);
+	if (ctx->mangle_prefix < 0 || ctx->mangle_prefix > 6) {
+		ctx->mangle_prefix = DEFAULT_MANGLE_PREFIX;
+	}
+
+	init_tables(ctx);
+
+	pvfs->mangle_ctx = ctx;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  return the short name for a component of a full name
+*/
+char *pvfs_short_name_component(struct pvfs_state *pvfs, const char *name)
+{
+	return name_map(pvfs->mangle_ctx, name, true, true);
+}
+
+
+/*
+  return the short name for a given entry in a directory
+*/
+const char *pvfs_short_name(struct pvfs_state *pvfs, TALLOC_CTX *mem_ctx, 
+			    struct pvfs_filename *name)
+{
+	char *p = strrchr(name->full_name, '/');
+	char *ret = pvfs_short_name_component(pvfs, p+1);
+	if (ret == NULL) {
+		return p+1;
+	}
+	talloc_steal(mem_ctx, ret);
+	return ret;
+}
+
+/*
+  lookup a mangled name, returning the original long name if present
+  in the cache
+*/
+char *pvfs_mangled_lookup(struct pvfs_state *pvfs, TALLOC_CTX *mem_ctx, 
+			  const char *name)
+{
+	return check_cache(pvfs->mangle_ctx, mem_ctx, name);
+}
+
+
+/*
+  look for a DOS reserved name
+*/
+bool pvfs_is_reserved_name(struct pvfs_state *pvfs, const char *name)
+{
+	return is_reserved_name(pvfs->mangle_ctx, name);
+}
+
+
+/*
+  see if a component of a filename could be a mangled name from our
+  mangling code
+*/
+bool pvfs_is_mangled_component(struct pvfs_state *pvfs, const char *name)
+{
+	return is_mangled_component(pvfs->mangle_ctx, name, strlen(name));
+}
diff --git a/source4/ntvfs/posix/pvfs_streams.c b/source4/ntvfs/posix/pvfs_streams.c
new file mode 100644
index 0000000..9210237
--- /dev/null
+++ b/source4/ntvfs/posix/pvfs_streams.c
@@ -0,0 +1,556 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   POSIX NTVFS backend - alternate data streams
+
+   Copyright (C) Andrew Tridgell 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "vfs_posix.h"
+#include "librpc/gen_ndr/xattr.h"
+
+/*
+  normalise a stream name, removing a :$DATA suffix if there is one 
+  Note: this returns the existing pointer to the name if the name does 
+        not need normalising
+ */
+static const char *stream_name_normalise(TALLOC_CTX *ctx, const char *name)
+{
+	const char *c = strchr_m(name, ':');
+	if (c == NULL || strcasecmp_m(c, ":$DATA") != 0) {
+		return name;
+	}
+	return talloc_strndup(ctx, name, c-name);
+}
+
+/*
+  compare two stream names, taking account of the default $DATA extension
+ */
+static int stream_name_cmp(const char *name1, const char *name2)
+{
+	const char *c1, *c2;
+	int l1, l2, ret;
+	c1 = strchr_m(name1, ':');
+	c2 = strchr_m(name2, ':');
+	
+	/* check the first part is the same */
+	l1 = c1?(c1 - name1):strlen(name1);
+	l2 = c2?(c2 - name2):strlen(name2);
+	if (l1 != l2) {
+		return l1 - l2;
+	}
+	ret = strncasecmp_m(name1, name2, l1);
+	if (ret != 0) {
+		return ret;
+	}
+
+	/* the first parts are the same, check the suffix */
+	if (c1 && c2) {
+		return strcasecmp_m(c1, c2);
+	}
+
+	if (c1) {
+		return strcasecmp_m(c1, ":$DATA");
+	}
+	if (c2) {
+		return strcasecmp_m(c2, ":$DATA");
+	}
+
+	/* neither names have a suffix */
+	return 0;
+}
+
+
+/*
+  return the list of file streams for RAW_FILEINFO_STREAM_INFORMATION
+*/
+NTSTATUS pvfs_stream_information(struct pvfs_state *pvfs, 
+				 TALLOC_CTX *mem_ctx,
+				 struct pvfs_filename *name, int fd, 
+				 struct stream_information *info)
+{
+	struct xattr_DosStreams *streams;
+	int i;
+	NTSTATUS status;
+
+	/* directories don't have streams */
+	if (name->dos.attrib & FILE_ATTRIBUTE_DIRECTORY) {
+		info->num_streams = 0;
+		info->streams = NULL;
+		return NT_STATUS_OK;
+	}
+
+	streams = talloc(mem_ctx, struct xattr_DosStreams);
+	if (streams == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	status = pvfs_streams_load(pvfs, name, fd, streams);
+	if (!NT_STATUS_IS_OK(status)) {
+		ZERO_STRUCTP(streams);
+	}
+
+	info->num_streams = streams->num_streams+1;
+	info->streams = talloc_array(mem_ctx, struct stream_struct, info->num_streams);
+	if (!info->streams) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	info->streams[0].size          = name->st.st_size;
+	info->streams[0].alloc_size    = name->dos.alloc_size;
+	info->streams[0].stream_name.s = talloc_strdup(info->streams, "::$DATA");
+
+	for (i=0;i<streams->num_streams;i++) {
+		info->streams[i+1].size          = streams->streams[i].size;
+		info->streams[i+1].alloc_size    = streams->streams[i].alloc_size;
+		if (strchr(streams->streams[i].name, ':') == NULL) {
+			info->streams[i+1].stream_name.s = talloc_asprintf(streams->streams, 
+									   ":%s:$DATA",
+									   streams->streams[i].name);
+		} else {
+			info->streams[i+1].stream_name.s = talloc_strdup(streams->streams, 
+									 streams->streams[i].name);
+		}
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  fill in the stream information for a name
+*/
+NTSTATUS pvfs_stream_info(struct pvfs_state *pvfs, struct pvfs_filename *name, int fd)
+{
+	struct xattr_DosStreams *streams;
+	int i;
+	NTSTATUS status;
+
+	/* the NULL stream always exists */
+	if (name->stream_name == NULL) {
+		name->stream_exists = true;
+		return NT_STATUS_OK;
+	}
+
+	streams = talloc(name, struct xattr_DosStreams);
+	if (streams == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	status = pvfs_streams_load(pvfs, name, fd, streams);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(streams);
+		return status;
+	}
+
+	for (i=0;i<streams->num_streams;i++) {
+		struct xattr_DosStream *s = &streams->streams[i];
+		if (stream_name_cmp(s->name, name->stream_name) == 0) {
+			name->dos.alloc_size = pvfs_round_alloc_size(pvfs, s->alloc_size);
+			name->st.st_size     = s->size;
+			name->stream_exists = true;
+			talloc_free(streams);
+			return NT_STATUS_OK;
+		}
+	}
+
+	talloc_free(streams);
+
+	name->dos.alloc_size = 0;
+	name->st.st_size     = 0;
+	name->stream_exists = false;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  update size information for a stream
+*/
+static NTSTATUS pvfs_stream_update_size(struct pvfs_state *pvfs, struct pvfs_filename *name, int fd,
+					off_t size)
+{
+	struct xattr_DosStreams *streams;
+	int i;
+	NTSTATUS status;
+
+	streams = talloc(name, struct xattr_DosStreams);
+	if (streams == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	status = pvfs_streams_load(pvfs, name, fd, streams);
+	if (!NT_STATUS_IS_OK(status)) {
+		ZERO_STRUCTP(streams);
+	}
+
+	for (i=0;i<streams->num_streams;i++) {
+		struct xattr_DosStream *s = &streams->streams[i];
+		if (stream_name_cmp(s->name, name->stream_name) == 0) {
+			s->size       = size;
+			s->alloc_size = pvfs_round_alloc_size(pvfs, size);
+			break;
+		}
+	}
+
+	if (i == streams->num_streams) {
+		struct xattr_DosStream *s;
+		streams->streams = talloc_realloc(streams, streams->streams, 
+						    struct xattr_DosStream,
+						    streams->num_streams+1);
+		if (streams->streams == NULL) {
+			talloc_free(streams);
+			return NT_STATUS_NO_MEMORY;
+		}
+		streams->num_streams++;
+		s = &streams->streams[i];
+		
+		s->flags      = XATTR_STREAM_FLAG_INTERNAL;
+		s->size       = size;
+		s->alloc_size = pvfs_round_alloc_size(pvfs, size);
+		s->name       = stream_name_normalise(streams, name->stream_name);
+		if (s->name == NULL) {
+			talloc_free(streams);
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
+	status = pvfs_streams_save(pvfs, name, fd, streams);
+	talloc_free(streams);
+
+	return status;
+}
+
+
+/*
+  rename a stream
+*/
+NTSTATUS pvfs_stream_rename(struct pvfs_state *pvfs, struct pvfs_filename *name, int fd,
+			    const char *new_name, bool overwrite)
+{
+	struct xattr_DosStreams *streams;
+	int i, found_old, found_new;
+	NTSTATUS status;
+
+	streams = talloc(name, struct xattr_DosStreams);
+	if (streams == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	new_name = stream_name_normalise(streams, new_name);
+	if (new_name == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	status = pvfs_streams_load(pvfs, name, fd, streams);
+	if (!NT_STATUS_IS_OK(status)) {
+		ZERO_STRUCTP(streams);
+	}
+
+	/* the default stream always exists */
+	if (strcmp(new_name, "") == 0 ||
+	    strcasecmp_m(new_name, ":$DATA") == 0) {
+		return NT_STATUS_OBJECT_NAME_COLLISION;		
+	}
+
+	/* try to find the old/new names in the list */
+	found_old = found_new = -1;
+	for (i=0;i<streams->num_streams;i++) {
+		struct xattr_DosStream *s = &streams->streams[i];
+		if (stream_name_cmp(s->name, new_name) == 0) {
+			found_new = i;
+		}
+		if (stream_name_cmp(s->name, name->stream_name) == 0) {
+			found_old = i;
+		}
+	}
+
+	if (found_old == -1) {
+		talloc_free(streams);
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;		
+	}
+
+	if (found_new == -1) {
+		/* a simple rename */
+		struct xattr_DosStream *s = &streams->streams[found_old];
+		s->name = new_name;
+	} else {
+		if (!overwrite) {
+			return NT_STATUS_OBJECT_NAME_COLLISION;
+		}
+		if (found_old != found_new) {
+			/* remove the old one and replace with the new one */
+			streams->streams[found_old].name = new_name;
+			memmove(&streams->streams[found_new],
+				&streams->streams[found_new+1],
+				sizeof(streams->streams[0]) *
+				(streams->num_streams - (found_new+1)));
+			streams->num_streams--;
+		}
+	}
+
+	status = pvfs_streams_save(pvfs, name, fd, streams);
+
+	if (NT_STATUS_IS_OK(status)) {
+
+		/* update the in-memory copy of the name of the open file */
+		talloc_free(name->stream_name);
+		name->stream_name = talloc_strdup(name, new_name);
+
+		talloc_free(streams);
+	}
+
+	return status;
+}
+
+
+/*
+  create the xattr for a alternate data stream
+*/
+NTSTATUS pvfs_stream_create(struct pvfs_state *pvfs, 
+			    struct pvfs_filename *name, 
+			    int fd)
+{
+	NTSTATUS status;
+	status = pvfs_xattr_create(pvfs, name->full_name, fd, 
+				   XATTR_DOSSTREAM_PREFIX, name->stream_name);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+	return pvfs_stream_update_size(pvfs, name, fd, 0);
+}
+
+/*
+  delete the xattr for a alternate data stream
+*/
+NTSTATUS pvfs_stream_delete(struct pvfs_state *pvfs, 
+			    struct pvfs_filename *name, 
+			    int fd)
+{
+	NTSTATUS status;
+	struct xattr_DosStreams *streams;
+	int i;
+
+	status = pvfs_xattr_delete(pvfs, name->full_name, fd, 
+				   XATTR_DOSSTREAM_PREFIX, name->stream_name);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	streams = talloc(name, struct xattr_DosStreams);
+	if (streams == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	status = pvfs_streams_load(pvfs, name, fd, streams);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(streams);
+		return status;
+	}
+
+	for (i=0;i<streams->num_streams;i++) {
+		struct xattr_DosStream *s = &streams->streams[i];
+		if (stream_name_cmp(s->name, name->stream_name) == 0) {
+			memmove(s, s+1, (streams->num_streams - (i+1)) * sizeof(*s));
+			streams->num_streams--;
+			break;
+		}
+	}
+
+	status = pvfs_streams_save(pvfs, name, fd, streams);
+	talloc_free(streams);
+
+	return status;
+}
+
+/* 
+   load a stream into a blob
+*/
+static NTSTATUS pvfs_stream_load(struct pvfs_state *pvfs,
+				 TALLOC_CTX *mem_ctx,
+				 struct pvfs_filename *name,
+				 int fd,
+				 size_t estimated_size,
+				 DATA_BLOB *blob)
+{
+	NTSTATUS status;
+
+	status = pvfs_xattr_load(pvfs, mem_ctx, name->full_name, fd, 
+				 XATTR_DOSSTREAM_PREFIX,
+				 name->stream_name, estimated_size, blob);
+
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
+		/* try with a case insensitive match */
+		struct xattr_DosStreams *streams;
+		int i;
+
+		streams = talloc(mem_ctx, struct xattr_DosStreams);
+		if (streams == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		
+		status = pvfs_streams_load(pvfs, name, fd, streams);
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(streams);
+			return NT_STATUS_NOT_FOUND;
+		}
+		for (i=0;i<streams->num_streams;i++) {
+			struct xattr_DosStream *s = &streams->streams[i];
+			if (stream_name_cmp(s->name, name->stream_name) == 0) {
+				status = pvfs_xattr_load(pvfs, mem_ctx, name->full_name, fd, 
+							 XATTR_DOSSTREAM_PREFIX,
+							 s->name, estimated_size, blob);
+				talloc_free(streams);
+				return status;
+			}
+		}
+		talloc_free(streams);
+		return NT_STATUS_NOT_FOUND;
+	}
+	
+	return status;
+}
+
+/*
+  the equivalent of pread() on a stream
+*/
+ssize_t pvfs_stream_read(struct pvfs_state *pvfs,
+			 struct pvfs_file_handle *h, void *data, size_t count, off_t offset)
+{
+	NTSTATUS status;
+	DATA_BLOB blob;
+	if (count == 0) {
+		return 0;
+	}
+	status = pvfs_stream_load(pvfs, h, h->name, h->fd, offset+count, &blob);
+	if (!NT_STATUS_IS_OK(status)) {
+		errno = EIO;
+		return -1;
+	}
+	if (offset >= blob.length) {
+		data_blob_free(&blob);
+		return 0;
+	}
+	if (count > blob.length - offset) {
+		count = blob.length - offset;
+	}
+	memcpy(data, blob.data + offset, count);
+	data_blob_free(&blob);
+	return count;
+}
+
+
+/*
+  the equivalent of pwrite() on a stream
+*/
+ssize_t pvfs_stream_write(struct pvfs_state *pvfs,
+			  struct pvfs_file_handle *h, const void *data, size_t count, off_t offset)
+{
+	NTSTATUS status;
+	DATA_BLOB blob;
+	if (count == 0) {
+		return 0;
+	}
+
+	if (count+offset > XATTR_MAX_STREAM_SIZE) {
+		if (!pvfs->ea_db || count+offset > XATTR_MAX_STREAM_SIZE_TDB) {
+			errno = ENOSPC;
+			return -1;
+		}
+	}
+
+	/* we have to load the existing stream, then modify, then save */
+	status = pvfs_stream_load(pvfs, h, h->name, h->fd, offset+count, &blob);
+	if (!NT_STATUS_IS_OK(status)) {
+		blob = data_blob(NULL, 0);
+	}
+	if (count+offset > blob.length) {
+		blob.data = talloc_realloc(blob.data, blob.data, uint8_t, count+offset);
+		if (blob.data == NULL) {
+			errno = ENOMEM;
+			return -1;
+		}
+		if (offset > blob.length) {
+			memset(blob.data+blob.length, 0, offset - blob.length);
+		}
+		blob.length = count+offset;
+	}
+	memcpy(blob.data + offset, data, count);
+
+	status = pvfs_xattr_save(pvfs, h->name->full_name, h->fd, XATTR_DOSSTREAM_PREFIX,
+				 h->name->stream_name, &blob);
+	if (!NT_STATUS_IS_OK(status)) {
+		data_blob_free(&blob);
+		/* getting this error mapping right is probably
+		   not worth it */
+		errno = ENOSPC;
+		return -1;
+	}
+
+	status = pvfs_stream_update_size(pvfs, h->name, h->fd, blob.length);
+
+	data_blob_free(&blob);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		errno = EIO;
+		return -1;
+	}
+
+	return count;
+}
+
+/*
+  the equivalent of truncate() on a stream
+*/
+NTSTATUS pvfs_stream_truncate(struct pvfs_state *pvfs,
+			      struct pvfs_filename *name, int fd, off_t length)
+{
+	NTSTATUS status;
+	DATA_BLOB blob;
+
+	if (length > XATTR_MAX_STREAM_SIZE) {
+		if (!pvfs->ea_db || length > XATTR_MAX_STREAM_SIZE_TDB) {
+			return NT_STATUS_DISK_FULL;
+		}
+	}
+
+	/* we have to load the existing stream, then modify, then save */
+	status = pvfs_stream_load(pvfs, name, name, fd, length, &blob);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+	if (length <= blob.length) {
+		blob.length = length;
+	} else if (length > blob.length) {
+		blob.data = talloc_realloc(blob.data, blob.data, uint8_t, length);
+		if (blob.data == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		memset(blob.data+blob.length, 0, length - blob.length);
+		blob.length = length;
+	}
+
+	status = pvfs_xattr_save(pvfs, name->full_name, fd, XATTR_DOSSTREAM_PREFIX,
+				 name->stream_name, &blob);
+
+	if (NT_STATUS_IS_OK(status)) {
+		status = pvfs_stream_update_size(pvfs, name, fd, blob.length);
+	}
+	data_blob_free(&blob);
+
+	return status;
+}
diff --git a/source4/ntvfs/posix/pvfs_sys.c b/source4/ntvfs/posix/pvfs_sys.c
new file mode 100644
index 0000000..32770c1
--- /dev/null
+++ b/source4/ntvfs/posix/pvfs_sys.c
@@ -0,0 +1,662 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   POSIX NTVFS backend - pvfs_sys wrappers
+
+   Copyright (C) Andrew Tridgell 2010
+   Copyright (C) Andrew Bartlett 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "vfs_posix.h"
+#include "../lib/util/unix_privs.h"
+
+/*
+  these wrapper functions must only be called when the appropriate ACL
+  has already been checked. The wrappers will override a EACCES result
+  by gaining root privileges if the 'pvfs:perm override' is set on the
+  share (it is enabled by default)
+
+  Careful use of O_NOFOLLOW and O_DIRECTORY is used to prevent
+  security attacks via symlinks
+ */
+
+
+struct pvfs_sys_ctx {
+	struct pvfs_state *pvfs;
+	void *privs;
+	const char *old_wd;
+	struct stat st_orig;
+};
+
+
+/*
+  we create PVFS_NOFOLLOW and PVFS_DIRECTORY as aliases for O_NOFOLLOW
+  and O_DIRECTORY on systems that have them. On systems that don't
+  have O_NOFOLLOW we are less safe, but the root override code is off
+  by default.
+ */
+#ifdef O_NOFOLLOW
+#define PVFS_NOFOLLOW O_NOFOLLOW
+#else
+#define PVFS_NOFOLLOW 0
+#endif
+#ifdef O_DIRECTORY
+#define PVFS_DIRECTORY O_DIRECTORY
+#else
+#define PVFS_DIRECTORY 0
+#endif
+
+/*
+  return to original directory when context is destroyed
+ */
+static int pvfs_sys_pushdir_destructor(struct pvfs_sys_ctx *ctx)
+{
+	struct stat st;
+
+	if (ctx->old_wd == NULL) {
+		return 0;
+	}
+
+	if (chdir(ctx->old_wd) != 0) {
+		smb_panic("Failed to restore working directory");
+	}
+	if (stat(".", &st) != 0) {
+		smb_panic("Failed to stat working directory");
+	}
+	if (st.st_ino != ctx->st_orig.st_ino ||
+	    st.st_dev != ctx->st_orig.st_dev) {
+		smb_panic("Working directory changed during call");
+	}
+
+	return 0;
+}
+
+
+/*
+  chdir() to the directory part of a pathname, but disallow any
+  component with a symlink
+
+  Note that we can't use O_NOFOLLOW on the whole path as that only
+  prevents links in the final component of the path
+ */
+static int pvfs_sys_chdir_nosymlink(struct pvfs_sys_ctx *ctx, const char *pathname)
+{
+	char *p, *path;
+	size_t base_len = strlen(ctx->pvfs->base_directory);
+
+	/* don't check for symlinks in the base directory of the share */
+	if (strncmp(ctx->pvfs->base_directory, pathname, base_len) == 0 &&
+	    pathname[base_len] == '/') {
+		if (chdir(ctx->pvfs->base_directory) != 0) {
+			return -1;
+		}
+		pathname += base_len + 1;
+	}
+
+	path = talloc_strdup(ctx, pathname);
+	if (path == NULL) {
+		return -1;
+	}
+	while ((p = strchr(path, '/'))) {
+		int fd;
+		struct stat st1, st2;
+		*p = 0;
+		fd = open(path, PVFS_NOFOLLOW | PVFS_DIRECTORY | O_RDONLY);
+		if (fd == -1) {
+			return -1;
+		}
+		if (chdir(path) != 0) {
+			close(fd);
+			return -1;
+		}
+		if (stat(".", &st1) != 0 ||
+		    fstat(fd, &st2) != 0) {
+			close(fd);
+			return -1;
+		}
+		close(fd);
+		if (st1.st_ino != st2.st_ino ||
+		    st1.st_dev != st2.st_dev) {
+			DEBUG(0,(__location__ ": Inode changed during chdir in '%s' - symlink attack?\n",
+				 pathname));
+			return -1;
+		}
+		path = p + 1;
+	}
+
+	return 0;
+}
+
+
+/*
+  become root, and change directory to the directory component of a
+  path. Return a talloc context which when freed will move us back
+  to the original directory, and return us to the original uid
+
+  change the pathname argument to contain just the base component of
+  the path
+
+  return NULL on error, which could include an attempt to subvert
+  security using symlink tricks
+ */
+static struct pvfs_sys_ctx *pvfs_sys_pushdir(struct pvfs_state *pvfs,
+					     const char **pathname)
+{
+	struct pvfs_sys_ctx *ctx;
+	char *cwd, *p, *dirname;
+	int ret;
+
+	ctx = talloc_zero(pvfs, struct pvfs_sys_ctx);
+	if (ctx == NULL) {
+		return NULL;
+	}
+	ctx->pvfs = pvfs;
+	ctx->privs = root_privileges();
+	if (ctx->privs == NULL) {
+		talloc_free(ctx);
+		return NULL;
+	}
+
+	talloc_steal(ctx, ctx->privs);
+
+	if (!pathname) {
+		/* no pathname needed */
+		return ctx;
+	}
+
+	p = strrchr(*pathname, '/');
+	if (p == NULL) {
+		/* we don't need to change directory */
+		return ctx;
+	}
+
+	/* we keep the old st around, so we can tell that
+	   we have come back to the right directory */
+	if (stat(".", &ctx->st_orig) != 0) {
+		talloc_free(ctx);
+		return NULL;
+	}
+
+	cwd = get_current_dir_name();
+	if (cwd == NULL) {
+		talloc_free(ctx);
+		return NULL;
+	}
+
+	ctx->old_wd = talloc_strdup(ctx, cwd);
+	free(cwd);
+
+	if (ctx->old_wd == NULL) {
+		talloc_free(ctx);
+		return NULL;
+	}
+
+	dirname = talloc_strndup(ctx, *pathname, (p - *pathname));
+	if (dirname == NULL) {
+		talloc_free(ctx);
+		return NULL;
+	}
+
+	ret = pvfs_sys_chdir_nosymlink(ctx, *pathname);
+	if (ret == -1) {
+		talloc_free(ctx);
+		return NULL;
+	}
+
+	talloc_set_destructor(ctx, pvfs_sys_pushdir_destructor);
+
+	/* return the basename as the filename that should be operated on */
+	(*pathname) = talloc_strdup(ctx, p+1);
+	if (! *pathname) {
+		talloc_free(ctx);
+		return NULL;
+	}
+
+	return ctx;
+}
+
+
+/*
+  chown a file that we created with a root privileges override
+ */
+static int pvfs_sys_fchown(struct pvfs_state *pvfs, struct pvfs_sys_ctx *ctx, int fd)
+{
+	return fchown(fd, root_privileges_original_uid(ctx->privs), -1);
+}
+
+/*
+  chown a directory that we created with a root privileges override
+ */
+static int pvfs_sys_chown(struct pvfs_state *pvfs, struct pvfs_sys_ctx *ctx, const char *name)
+{
+	/* to avoid symlink hacks, we need to use fchown() on a directory fd */
+	int ret, fd;
+	fd = open(name, PVFS_DIRECTORY | PVFS_NOFOLLOW | O_RDONLY);
+	if (fd == -1) {
+		return -1;
+	}
+	ret = pvfs_sys_fchown(pvfs, ctx, fd);
+	close(fd);
+	return ret;
+}
+
+
+/*
+  wrap open for system override
+*/
+int pvfs_sys_open(struct pvfs_state *pvfs, const char *filename, int flags, mode_t mode, bool allow_override)
+{
+	int fd, ret;
+	struct pvfs_sys_ctx *ctx;
+	int saved_errno, orig_errno;
+	int retries = 5;
+
+	orig_errno = errno;
+
+	fd = open(filename, flags, mode);
+	if (fd != -1 ||
+	    !allow_override ||
+	    errno != EACCES) {
+		return fd;
+	}
+
+	saved_errno = errno;
+	ctx = pvfs_sys_pushdir(pvfs, &filename);
+	if (ctx == NULL) {
+		errno = saved_errno;
+		return -1;
+	}
+
+	/* don't allow permission overrides to follow links */
+	flags |= PVFS_NOFOLLOW;
+
+	/*
+	   if O_CREAT was specified and O_EXCL was not specified
+	   then initially do the open without O_CREAT, as in that case
+	   we know that we did not create the file, so we don't have
+	   to fchown it
+	 */
+	if ((flags & O_CREAT) && !(flags & O_EXCL)) {
+	try_again:
+		fd = open(filename, flags & ~O_CREAT, mode);
+		/* if this open succeeded, or if it failed
+		   with anything other than ENOENT, then we return the
+		   open result, with the original errno */
+		if (fd == -1 && errno != ENOENT) {
+			talloc_free(ctx);
+			errno = saved_errno;
+			return -1;
+		}
+		if (fd != -1) {
+			/* the file already existed and we opened it */
+			talloc_free(ctx);
+			errno = orig_errno;
+			return fd;
+		}
+
+		fd = open(filename, flags | O_EXCL, mode);
+		if (fd == -1 && errno != EEXIST) {
+			talloc_free(ctx);
+			errno = saved_errno;
+			return -1;
+		}
+		if (fd != -1) {
+			/* we created the file, we need to set the
+			   right ownership on it */
+			ret = pvfs_sys_fchown(pvfs, ctx, fd);
+			if (ret == -1) {
+				close(fd);
+				unlink(filename);
+				talloc_free(ctx);
+				errno = saved_errno;
+				return -1;
+			}
+			talloc_free(ctx);
+			errno = orig_errno;
+			return fd;
+		}
+
+		/* the file got created between the two times
+		   we tried to open it! Try again */
+		if (retries-- > 0) {
+			goto try_again;
+		}
+
+		talloc_free(ctx);
+		errno = saved_errno;
+		return -1;
+	}
+
+	fd = open(filename, flags, mode);
+	if (fd == -1) {
+		talloc_free(ctx);
+		errno = saved_errno;
+		return -1;
+	}
+
+	/* if we have created a file then fchown it */
+	if (flags & O_CREAT) {
+		ret = pvfs_sys_fchown(pvfs, ctx, fd);
+		if (ret == -1) {
+			close(fd);
+			unlink(filename);
+			talloc_free(ctx);
+			errno = saved_errno;
+			return -1;
+		}
+	}
+
+	talloc_free(ctx);
+	return fd;
+}
+
+
+/*
+  wrap unlink for system override
+*/
+int pvfs_sys_unlink(struct pvfs_state *pvfs, const char *filename, bool allow_override)
+{
+	int ret;
+	struct pvfs_sys_ctx *ctx;
+	int saved_errno, orig_errno;
+
+	orig_errno = errno;
+
+	ret = unlink(filename);
+	if (ret != -1 ||
+	    !allow_override ||
+	    errno != EACCES) {
+		return ret;
+	}
+
+	saved_errno = errno;
+
+	ctx = pvfs_sys_pushdir(pvfs, &filename);
+	if (ctx == NULL) {
+		errno = saved_errno;
+		return -1;
+	}
+
+	ret = unlink(filename);
+	if (ret == -1) {
+		talloc_free(ctx);
+		errno = saved_errno;
+		return -1;
+	}
+
+	talloc_free(ctx);
+	errno = orig_errno;
+	return ret;
+}
+
+
+static bool contains_symlink(const char *path)
+{
+	int fd = open(path, PVFS_NOFOLLOW | O_RDONLY);
+	int posix_errno = errno;
+	if (fd != -1) {
+		close(fd);
+		return false;
+	}
+
+#if defined(ENOTSUP) && defined(OSF1)
+	/* handle special Tru64 errno */
+	if (errno == ENOTSUP) {
+		posix_errno = ELOOP;
+	}
+#endif /* ENOTSUP */
+
+#ifdef EFTYPE
+	/* fix broken NetBSD errno */
+	if (errno == EFTYPE) {
+		posix_errno = ELOOP;
+	}
+#endif /* EFTYPE */
+
+	/* fix broken FreeBSD errno */
+	if (errno == EMLINK) {
+		posix_errno = ELOOP;
+	}
+
+	return (posix_errno == ELOOP);
+}
+
+/*
+  wrap rename for system override
+*/
+int pvfs_sys_rename(struct pvfs_state *pvfs, const char *name1, const char *name2, bool allow_override)
+{
+	int ret;
+	struct pvfs_sys_ctx *ctx;
+	int saved_errno, orig_errno;
+
+	orig_errno = errno;
+
+	ret = rename(name1, name2);
+	if (ret != -1 ||
+	    !allow_override ||
+	    errno != EACCES) {
+		return ret;
+	}
+
+	saved_errno = errno;
+
+	ctx = pvfs_sys_pushdir(pvfs, &name1);
+	if (ctx == NULL) {
+		errno = saved_errno;
+		return -1;
+	}
+
+	/* we need the destination as an absolute path */
+	if (name2[0] != '/') {
+		name2 = talloc_asprintf(ctx, "%s/%s", ctx->old_wd, name2);
+		if (name2 == NULL) {
+			talloc_free(ctx);
+			errno = saved_errno;
+			return -1;
+		}
+	}
+
+	/* make sure the destination isn't a symlink beforehand */
+	if (contains_symlink(name2)) {
+		talloc_free(ctx);
+		errno = saved_errno;
+		return -1;
+	}
+
+	ret = rename(name1, name2);
+	if (ret == -1) {
+		talloc_free(ctx);
+		errno = saved_errno;
+		return -1;
+	}
+
+	/* make sure the destination isn't a symlink afterwards */
+	if (contains_symlink(name2)) {
+		DEBUG(0,(__location__ ": Possible symlink attack in rename to '%s' - unlinking\n", name2));
+		unlink(name2);
+		talloc_free(ctx);
+		errno = saved_errno;
+		return -1;
+	}
+
+	talloc_free(ctx);
+	errno = orig_errno;
+	return ret;
+}
+
+
+/*
+  wrap mkdir for system override
+*/
+int pvfs_sys_mkdir(struct pvfs_state *pvfs, const char *dirname, mode_t mode, bool allow_override)
+{
+	int ret;
+	struct pvfs_sys_ctx *ctx;
+	int saved_errno, orig_errno;
+
+	orig_errno = errno;
+
+	ret = mkdir(dirname, mode);
+	if (ret != -1 ||
+	    !allow_override ||
+	    errno != EACCES) {
+		return ret;
+	}
+
+	saved_errno = errno;
+	ctx = pvfs_sys_pushdir(pvfs, &dirname);
+	if (ctx == NULL) {
+		errno = saved_errno;
+		return -1;
+	}
+
+	ret = mkdir(dirname, mode);
+	if (ret == -1) {
+		talloc_free(ctx);
+		errno = saved_errno;
+		return -1;
+	}
+
+	ret = pvfs_sys_chown(pvfs, ctx, dirname);
+	if (ret == -1) {
+		rmdir(dirname);
+		talloc_free(ctx);
+		errno = saved_errno;
+		return -1;
+	}
+
+	talloc_free(ctx);
+	errno = orig_errno;
+	return ret;
+}
+
+
+/*
+  wrap rmdir for system override
+*/
+int pvfs_sys_rmdir(struct pvfs_state *pvfs, const char *dirname, bool allow_override)
+{
+	int ret;
+	struct pvfs_sys_ctx *ctx;
+	int saved_errno, orig_errno;
+
+	orig_errno = errno;
+
+	ret = rmdir(dirname);
+	if (ret != -1 ||
+	    !allow_override ||
+	    errno != EACCES) {
+		return ret;
+	}
+
+	saved_errno = errno;
+
+	ctx = pvfs_sys_pushdir(pvfs, &dirname);
+	if (ctx == NULL) {
+		errno = saved_errno;
+		return -1;
+	}
+
+	ret = rmdir(dirname);
+	if (ret == -1) {
+		talloc_free(ctx);
+		errno = saved_errno;
+		return -1;
+	}
+
+	talloc_free(ctx);
+	errno = orig_errno;
+	return ret;
+}
+
+/*
+  wrap fchmod for system override
+*/
+int pvfs_sys_fchmod(struct pvfs_state *pvfs, int fd, mode_t mode, bool allow_override)
+{
+	int ret;
+	struct pvfs_sys_ctx *ctx;
+	int saved_errno, orig_errno;
+
+	orig_errno = errno;
+
+	ret = fchmod(fd, mode);
+	if (ret != -1 ||
+	    !allow_override ||
+	    errno != EACCES) {
+		return ret;
+	}
+
+	saved_errno = errno;
+
+	ctx = pvfs_sys_pushdir(pvfs, NULL);
+	if (ctx == NULL) {
+		errno = saved_errno;
+		return -1;
+	}
+
+	ret = fchmod(fd, mode);
+	if (ret == -1) {
+		talloc_free(ctx);
+		errno = saved_errno;
+		return -1;
+	}
+
+	talloc_free(ctx);
+	errno = orig_errno;
+	return ret;
+}
+
+
+/*
+  wrap chmod for system override
+*/
+int pvfs_sys_chmod(struct pvfs_state *pvfs, const char *filename, mode_t mode, bool allow_override)
+{
+	int ret;
+	struct pvfs_sys_ctx *ctx;
+	int saved_errno, orig_errno;
+
+	orig_errno = errno;
+
+	ret = chmod(filename, mode);
+	if (ret != -1 ||
+	    !allow_override ||
+	    errno != EACCES) {
+		return ret;
+	}
+
+	saved_errno = errno;
+
+	ctx = pvfs_sys_pushdir(pvfs, &filename);
+	if (ctx == NULL) {
+		errno = saved_errno;
+		return -1;
+	}
+
+	ret = chmod(filename, mode);
+	if (ret == -1) {
+		talloc_free(ctx);
+		errno = saved_errno;
+		return -1;
+	}
+
+	talloc_free(ctx);
+	errno = orig_errno;
+	return ret;
+}
diff --git a/source4/ntvfs/posix/pvfs_unlink.c b/source4/ntvfs/posix/pvfs_unlink.c
new file mode 100644
index 0000000..605ec10
--- /dev/null
+++ b/source4/ntvfs/posix/pvfs_unlink.c
@@ -0,0 +1,276 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   POSIX NTVFS backend - unlink
+
+   Copyright (C) Andrew Tridgell 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "vfs_posix.h"
+#include "system/dir.h"
+
+/*
+  retry an open after a sharing violation
+*/
+static void pvfs_retry_unlink(struct pvfs_odb_retry *r,
+			      struct ntvfs_module_context *ntvfs,
+			      struct ntvfs_request *req,
+			      void *_io,
+			      void *private_data,
+			      enum pvfs_wait_notice reason)
+{
+	union smb_unlink *io = talloc_get_type(_io, union smb_unlink);
+	NTSTATUS status = NT_STATUS_INTERNAL_ERROR;
+
+	talloc_free(r);
+
+	switch (reason) {
+	case PVFS_WAIT_CANCEL:
+/*TODO*/
+		status = NT_STATUS_CANCELLED;
+		break;
+	case PVFS_WAIT_TIMEOUT:
+		/* if it timed out, then give the failure
+		   immediately */
+/*TODO*/
+		status = NT_STATUS_SHARING_VIOLATION;
+		break;
+	case PVFS_WAIT_EVENT:
+
+		/* try the open again, which could trigger another retry setup
+		   if it wants to, so we have to unmark the async flag so we
+		   will know if it does a second async reply */
+		req->async_states->state &= ~NTVFS_ASYNC_STATE_ASYNC;
+
+		status = pvfs_unlink(ntvfs, req, io);
+		if (req->async_states->state & NTVFS_ASYNC_STATE_ASYNC) {
+			/* the 2nd try also replied async, so we don't send
+			   the reply yet */
+			return;
+		}
+
+		/* re-mark it async, just in case someone up the chain does
+		   paranoid checking */
+		req->async_states->state |= NTVFS_ASYNC_STATE_ASYNC;
+		break;
+	}
+
+	/* send the reply up the chain */
+	req->async_states->status = status;
+	req->async_states->send_fn(req);
+}
+
+/*
+  setup for a unlink retry after a sharing violation
+  or a non granted oplock
+*/
+static NTSTATUS pvfs_unlink_setup_retry(struct ntvfs_module_context *ntvfs,
+					struct ntvfs_request *req,
+					union smb_unlink *io,
+					struct odb_lock *lck,
+					NTSTATUS status)
+{
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	struct timeval end_time;
+
+	if (NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION)) {
+		end_time = timeval_add(&req->statistics.request_time,
+				       0, pvfs->sharing_violation_delay);
+	} else if (NT_STATUS_EQUAL(status, NT_STATUS_OPLOCK_NOT_GRANTED)) {
+		end_time = timeval_add(&req->statistics.request_time,
+				       pvfs->oplock_break_timeout, 0);
+	} else {
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	return pvfs_odb_retry_setup(ntvfs, req, lck, end_time, io, NULL,
+				    pvfs_retry_unlink);
+}
+
+
+/*
+  unlink a file
+*/
+static NTSTATUS pvfs_unlink_file(struct pvfs_state *pvfs,
+				 struct pvfs_filename *name)
+{
+	NTSTATUS status = NT_STATUS_OK;
+
+	if (name->dos.attrib & FILE_ATTRIBUTE_DIRECTORY) {
+		return NT_STATUS_FILE_IS_A_DIRECTORY;
+	}
+
+	if (name->st.st_nlink == 1) {
+		status = pvfs_xattr_unlink_hook(pvfs, name->full_name);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+	}
+
+	/* finally try the actual unlink */
+	if (pvfs_sys_unlink(pvfs, name->full_name, name->allow_override) == -1) {
+		status = pvfs_map_errno(pvfs, errno);
+	}
+
+	if (NT_STATUS_IS_OK(status)) {
+		notify_trigger(pvfs->notify_context, 
+			       NOTIFY_ACTION_REMOVED, 
+			       FILE_NOTIFY_CHANGE_FILE_NAME,
+			       name->full_name);
+	}
+
+	return status;
+}
+
+/*
+  unlink one file
+*/
+static NTSTATUS pvfs_unlink_one(struct pvfs_state *pvfs,
+				struct ntvfs_request *req,
+				union smb_unlink *unl,
+				struct pvfs_filename *name)
+{
+	NTSTATUS status;
+	struct odb_lock *lck = NULL;
+
+	/* make sure its matches the given attributes */
+	status = pvfs_match_attrib(pvfs, name,
+				   unl->unlink.in.attrib, 0);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	status = pvfs_can_delete(pvfs, req, name, &lck);
+
+	/*
+	 * on a sharing violation we need to retry when the file is closed by
+	 * the other user, or after 1 second
+	 * on a non granted oplock we need to retry when the file is closed by
+	 * the other user, or after 30 seconds
+	 */
+	if ((NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION) ||
+	     NT_STATUS_EQUAL(status, NT_STATUS_OPLOCK_NOT_GRANTED)) &&
+	    (req->async_states->state & NTVFS_ASYNC_STATE_MAY_ASYNC)) {
+		return pvfs_unlink_setup_retry(pvfs->ntvfs, req, unl, lck, status);
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (name->stream_name) {
+		if (!name->stream_exists) {
+			return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+		}
+
+		return pvfs_stream_delete(pvfs, name, -1);
+	}
+
+	return pvfs_unlink_file(pvfs, name);
+}
+
+/*
+  delete a file - the dirtype specifies the file types to include in the search. 
+  The name can contain CIFS wildcards, but rarely does (except with OS/2 clients)
+*/
+NTSTATUS pvfs_unlink(struct ntvfs_module_context *ntvfs,
+		     struct ntvfs_request *req,
+		     union smb_unlink *unl)
+{
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	struct pvfs_dir *dir;
+	NTSTATUS status;
+	uint32_t total_deleted=0;
+	struct pvfs_filename *name;
+	const char *fname;
+	off_t ofs;
+
+	/* resolve the cifs name to a posix name */
+	status = pvfs_resolve_name(pvfs, req, unl->unlink.in.pattern, 
+				   PVFS_RESOLVE_WILDCARD |
+				   PVFS_RESOLVE_STREAMS |
+				   PVFS_RESOLVE_NO_OPENDB,
+				   &name);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (!name->exists && !name->has_wildcard) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	if (name->exists && 
+	    (name->dos.attrib & FILE_ATTRIBUTE_DIRECTORY)) {
+		return NT_STATUS_FILE_IS_A_DIRECTORY;
+	}
+
+	if (!name->has_wildcard) {
+		return pvfs_unlink_one(pvfs, req, unl, name);
+	}
+
+	/*
+	 * disable async requests in the wildcard case
+	 * until we have proper tests for this
+	 */
+	req->async_states->state &= ~NTVFS_ASYNC_STATE_MAY_ASYNC;
+
+	/* get list of matching files */
+	status = pvfs_list_start(pvfs, name, req, &dir);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	status = NT_STATUS_NO_SUCH_FILE;
+	talloc_free(name);
+
+	ofs = 0;
+
+	while ((fname = pvfs_list_next(dir, &ofs))) {
+		/* this seems to be a special case */
+		if ((unl->unlink.in.attrib & FILE_ATTRIBUTE_DIRECTORY) &&
+		    (ISDOT(fname) || ISDOTDOT(fname))) {
+			return NT_STATUS_OBJECT_NAME_INVALID;
+		}
+
+		/* get a pvfs_filename object */
+		status = pvfs_resolve_partial(pvfs, req,
+					      pvfs_list_unix_path(dir),
+					      fname,
+					      PVFS_RESOLVE_NO_OPENDB,
+					      &name);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+
+		status = pvfs_unlink_one(pvfs, req, unl, name);
+		if (NT_STATUS_IS_OK(status)) {
+			total_deleted++;
+		}
+
+		talloc_free(name);
+	}
+
+	if (total_deleted > 0) {
+		status = NT_STATUS_OK;
+	}
+
+	return status;
+}
+
+
diff --git a/source4/ntvfs/posix/pvfs_util.c b/source4/ntvfs/posix/pvfs_util.c
new file mode 100644
index 0000000..2975e04
--- /dev/null
+++ b/source4/ntvfs/posix/pvfs_util.c
@@ -0,0 +1,206 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Andrew Tridgell 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+  utility functions for posix backend
+*/
+
+#include "includes.h"
+#include "vfs_posix.h"
+
+/*
+  return true if a string contains one of the CIFS wildcard characters
+*/
+bool pvfs_has_wildcard(const char *str)
+{
+	if (strpbrk(str, "*?<>\"")) {
+		return true;
+	}
+	return false;
+}
+
+/*
+  map a unix errno to a NTSTATUS
+*/
+NTSTATUS pvfs_map_errno(struct pvfs_state *pvfs, int unix_errno)
+{
+	NTSTATUS status;
+	status = map_nt_error_from_unix_common(unix_errno);
+	DEBUG(10,(__location__ " mapped unix errno %d -> %s\n", unix_errno, nt_errstr(status)));
+	return status;
+}
+
+
+/*
+  check if a filename has an attribute matching the given attribute search value
+  this is used by calls like unlink and search which take an attribute
+  and only include special files if they match the given attribute
+*/
+NTSTATUS pvfs_match_attrib(struct pvfs_state *pvfs, struct pvfs_filename *name, 
+			   uint32_t attrib, uint32_t must_attrib)
+{
+	if ((name->dos.attrib & ~attrib) & FILE_ATTRIBUTE_DIRECTORY) {
+		return NT_STATUS_FILE_IS_A_DIRECTORY;
+	}
+	if ((name->dos.attrib & ~attrib) & (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)) {
+		return NT_STATUS_NO_SUCH_FILE;
+	}
+	if (must_attrib & ~name->dos.attrib) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+	return NT_STATUS_OK;
+}
+
+
+/*
+  normalise a file attribute
+*/
+uint32_t pvfs_attrib_normalise(uint32_t attrib, mode_t mode)
+{
+	if (attrib != FILE_ATTRIBUTE_NORMAL) {
+		attrib &= ~FILE_ATTRIBUTE_NORMAL;
+	}
+	if (S_ISDIR(mode)) {
+		attrib |= FILE_ATTRIBUTE_DIRECTORY;
+	} else {
+		attrib &= ~FILE_ATTRIBUTE_DIRECTORY;
+	}
+	return attrib;
+}
+
+
+/*
+  copy a file. Caller is supposed to have already ensured that the
+  operation is allowed. The destination file must not exist.
+*/
+NTSTATUS pvfs_copy_file(struct pvfs_state *pvfs,
+			struct pvfs_filename *name1, 
+			struct pvfs_filename *name2,
+			bool allow_override)
+{
+	int fd1, fd2;
+	mode_t mode;
+	NTSTATUS status;
+	size_t buf_size = 0x10000;
+	uint8_t *buf = talloc_array(name2, uint8_t, buf_size);
+
+	if (buf == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	fd1 = pvfs_sys_open(pvfs, name1->full_name, O_RDONLY, 0, allow_override);
+	if (fd1 == -1) {
+		talloc_free(buf);
+		return pvfs_map_errno(pvfs, errno);
+	}
+
+	fd2 = pvfs_sys_open(pvfs, name2->full_name, O_CREAT|O_EXCL|O_WRONLY, 0, allow_override);
+	if (fd2 == -1) {
+		close(fd1);
+		talloc_free(buf);
+		return pvfs_map_errno(pvfs, errno);
+	}
+
+	while (1) {
+		ssize_t ret2, ret = read(fd1, buf, buf_size);
+		if (ret == -1 && 
+		    (errno == EINTR || errno == EAGAIN)) {
+			continue;
+		}
+		if (ret <= 0) break;
+
+		ret2 = write(fd2, buf, ret);
+		if (ret2 == -1 &&
+		    (errno == EINTR || errno == EAGAIN)) {
+			continue;
+		}
+		
+		if (ret2 != ret) {
+			close(fd1);
+			close(fd2);
+			talloc_free(buf);
+			pvfs_sys_unlink(pvfs, name2->full_name, allow_override);
+			if (ret2 == -1) {
+				return pvfs_map_errno(pvfs, errno);
+			}
+			return NT_STATUS_DISK_FULL;
+		}
+	}
+
+	talloc_free(buf);
+	close(fd1);
+
+	mode = pvfs_fileperms(pvfs, name1->dos.attrib);
+	if (pvfs_sys_fchmod(pvfs, fd2, mode, allow_override) == -1) {
+		status = pvfs_map_errno(pvfs, errno);
+		close(fd2);
+		pvfs_sys_unlink(pvfs, name2->full_name, allow_override);
+		return status;
+	}
+
+	name2->st.st_mode = mode;
+	name2->dos = name1->dos;
+
+	status = pvfs_dosattrib_save(pvfs, name2, fd2);
+	if (!NT_STATUS_IS_OK(status)) {
+		close(fd2);
+		pvfs_sys_unlink(pvfs, name2->full_name, allow_override);
+		return status;
+	}
+
+	close(fd2);
+
+	return NT_STATUS_OK;
+}
+
+
+/* 
+   hash a string of the specified length. The string does not need to be
+   null terminated 
+
+   hash algorithm changed to FNV1 by idra@samba.org (Simo Sorce).
+   see http://www.isthe.com/chongo/tech/comp/fnv/index.html for a
+   discussion on Fowler / Noll / Vo (FNV) Hash by one of it's authors
+*/
+uint32_t pvfs_name_hash(const char *key, size_t length)
+{
+	const uint32_t fnv1_prime = 0x01000193;
+	const uint32_t fnv1_init = 0xa6b93095;
+	uint32_t value = fnv1_init;
+
+	while (*key && length--) {
+		size_t c_size;
+		codepoint_t c = next_codepoint(key, &c_size);
+		c = toupper_m(c);
+                value *= fnv1_prime;
+                value ^= (uint32_t)c;
+		key += c_size;
+        }
+
+	return value;
+}
+
+
+/*
+  file allocation size rounding. This is required to pass ifstest
+*/
+uint64_t pvfs_round_alloc_size(struct pvfs_state *pvfs, uint64_t size)
+{
+	const uint32_t round_value = pvfs->alloc_size_rounding;
+	return round_value * ((size + round_value - 1)/round_value);
+}
diff --git a/source4/ntvfs/posix/pvfs_wait.c b/source4/ntvfs/posix/pvfs_wait.c
new file mode 100644
index 0000000..21ff33e
--- /dev/null
+++ b/source4/ntvfs/posix/pvfs_wait.c
@@ -0,0 +1,212 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   POSIX NTVFS backend - async request wait routines
+
+   Copyright (C) Andrew Tridgell 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include "../lib/util/dlinklist.h"
+#include "vfs_posix.h"
+#include "samba/service_stream.h"
+#include "lib/messaging/irpc.h"
+
+/* the context for a single wait instance */
+struct pvfs_wait {
+	struct pvfs_wait *next, *prev;
+	struct pvfs_state *pvfs;
+	void (*handler)(void *, enum pvfs_wait_notice);
+	void *private_data;
+	int msg_type;
+	struct imessaging_context *msg_ctx;
+	struct tevent_context *ev;
+	struct ntvfs_request *req;
+	enum pvfs_wait_notice reason;
+};
+
+/*
+  called from the ntvfs layer when we have requested setup of an async
+  call.  this ensures that async calls runs with the right state of
+  previous ntvfs handlers in the chain (such as security context)
+*/
+NTSTATUS pvfs_async_setup(struct ntvfs_module_context *ntvfs,
+			  struct ntvfs_request *req, void *private_data)
+{
+	struct pvfs_wait *pwait = talloc_get_type(private_data,
+						  struct pvfs_wait);
+	pwait->handler(pwait->private_data, pwait->reason);
+	return NT_STATUS_OK;
+}
+
+/*
+  receive a completion message for a wait
+*/
+static void pvfs_wait_dispatch(struct imessaging_context *msg,
+			       void *private_data,
+			       uint32_t msg_type,
+			       struct server_id src,
+			       size_t num_fds,
+			       int *fds,
+			       DATA_BLOB *data)
+{
+	struct pvfs_wait *pwait = talloc_get_type(private_data,
+						  struct pvfs_wait);
+	struct ntvfs_request *req;
+	void *p = NULL;
+
+	if (num_fds != 0) {
+		DBG_WARNING("Received %zu fds, ignoring message\n", num_fds);
+		return;
+	}
+
+	/* we need to check that this one is for us. See
+	   imessaging_send_ptr() for the other side of this.
+	 */
+	if (data->length == sizeof(void *)) {
+		void **pp;
+		pp = (void **)data->data;
+		p = *pp;
+	}
+	if (p == NULL || p != pwait->private_data) {
+		return;
+	}
+
+	pwait->reason = PVFS_WAIT_EVENT;
+
+	/* the extra reference here is to ensure that the req
+	   structure is not destroyed when the async request reply is
+	   sent, which would cause problems with the other ntvfs
+	   modules above us */
+	req = talloc_reference(msg, pwait->req);
+	ntvfs_async_setup(pwait->req, pwait);
+	talloc_unlink(msg, req);
+}
+
+
+/*
+  receive a timeout on a message wait
+*/
+static void pvfs_wait_timeout(struct tevent_context *ev, 
+			      struct tevent_timer *te, struct timeval t,
+			      void *private_data)
+{
+	struct pvfs_wait *pwait = talloc_get_type(private_data,
+						  struct pvfs_wait);
+	struct ntvfs_request *req = pwait->req;
+
+	pwait->reason = PVFS_WAIT_TIMEOUT;
+
+	req = talloc_reference(ev, req);
+	if (req != NULL) {
+		ntvfs_async_setup(req, pwait);
+		talloc_unlink(ev, req);
+	}
+}
+
+
+/*
+  destroy a pending wait
+ */
+static int pvfs_wait_destructor(struct pvfs_wait *pwait)
+{
+	if (pwait->msg_type != -1) {
+		imessaging_deregister(pwait->msg_ctx, pwait->msg_type, pwait);
+	}
+	DLIST_REMOVE(pwait->pvfs->wait_list, pwait);
+	return 0;
+}
+
+/*
+  setup a request to wait on a message of type msg_type, with a
+  timeout (given as an expiry time)
+
+  the return value is a handle. To stop waiting talloc_free this
+  handle.
+
+  if msg_type == -1 then no message is registered, and it is assumed
+  that the caller handles any messaging setup needed
+*/
+struct pvfs_wait *pvfs_wait_message(struct pvfs_state *pvfs,
+				    struct ntvfs_request *req,
+				    int msg_type,
+				    struct timeval end_time,
+				    void (*fn)(void *, enum pvfs_wait_notice),
+				    void *private_data)
+{
+	struct pvfs_wait *pwait;
+
+	pwait = talloc(pvfs, struct pvfs_wait);
+	if (pwait == NULL) {
+		return NULL;
+	}
+
+	pwait->private_data = private_data;
+	pwait->handler = fn;
+	pwait->msg_ctx = pvfs->ntvfs->ctx->msg_ctx;
+	pwait->ev = pvfs->ntvfs->ctx->event_ctx;
+	pwait->msg_type = msg_type;
+	pwait->req = talloc_reference(pwait, req);
+	pwait->pvfs = pvfs;
+
+	if (!timeval_is_zero(&end_time)) {
+		/* setup a timer */
+		tevent_add_timer(pwait->ev, pwait, end_time, pvfs_wait_timeout, pwait);
+	}
+
+	/* register with the messaging subsystem for this message
+	   type */
+	if (msg_type != -1) {
+		imessaging_register(pwait->msg_ctx,
+				   pwait,
+				   msg_type,
+				   pvfs_wait_dispatch);
+	}
+
+	/* tell the main smb server layer that we will be replying 
+	   asynchronously */
+	req->async_states->state |= NTVFS_ASYNC_STATE_ASYNC;
+
+	DLIST_ADD(pvfs->wait_list, pwait);
+
+	/* make sure we cleanup the timer and message handler */
+	talloc_set_destructor(pwait, pvfs_wait_destructor);
+
+	return pwait;
+}
+
+
+/*
+  cancel an outstanding async request
+*/
+NTSTATUS pvfs_cancel(struct ntvfs_module_context *ntvfs, struct ntvfs_request *req)
+{
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	struct pvfs_wait *pwait;
+
+	for (pwait=pvfs->wait_list;pwait;pwait=pwait->next) {
+		if (pwait->req == req) {
+			/* trigger a cancel on the request */
+			pwait->reason = PVFS_WAIT_CANCEL;
+			ntvfs_async_setup(pwait->req, pwait);
+			return NT_STATUS_OK;
+		}
+	}
+
+	return NT_STATUS_DOS(ERRDOS, ERRcancelviolation);
+}
diff --git a/source4/ntvfs/posix/pvfs_write.c b/source4/ntvfs/posix/pvfs_write.c
new file mode 100644
index 0000000..9773325
--- /dev/null
+++ b/source4/ntvfs/posix/pvfs_write.c
@@ -0,0 +1,145 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   POSIX NTVFS backend - write
+
+   Copyright (C) Andrew Tridgell 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "vfs_posix.h"
+#include "librpc/gen_ndr/security.h"
+#include "lib/events/events.h"
+
+static void pvfs_write_time_update_handler(struct tevent_context *ev,
+					   struct tevent_timer *te,
+					   struct timeval tv,
+					   void *private_data)
+{
+	struct pvfs_file_handle *h = talloc_get_type(private_data,
+				     struct pvfs_file_handle);
+	struct odb_lock *lck;
+	NTSTATUS status;
+	NTTIME write_time;
+
+	lck = odb_lock(h, h->pvfs->odb_context, &h->odb_locking_key);
+	if (lck == NULL) {
+		DEBUG(0,("Unable to lock opendb for write time update\n"));
+		return;
+	}
+
+	write_time = timeval_to_nttime(&tv);
+
+	status = odb_set_write_time(lck, write_time, false);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("Unable to update write time: %s\n",
+			nt_errstr(status)));
+		return;
+	}
+
+	talloc_free(lck);
+
+	h->write_time.update_event = NULL;
+}
+
+static void pvfs_trigger_write_time_update(struct pvfs_file_handle *h)
+{
+	struct pvfs_state *pvfs = h->pvfs;
+	struct timeval tv;
+
+	if (h->write_time.update_triggered) {
+		return;
+	}
+
+	tv = timeval_current_ofs_usec(pvfs->writetime_delay);
+
+	h->write_time.update_triggered = true;
+	h->write_time.update_on_close = true;
+	h->write_time.update_event = tevent_add_timer(pvfs->ntvfs->ctx->event_ctx,
+						     h, tv,
+						     pvfs_write_time_update_handler,
+						     h);
+	if (!h->write_time.update_event) {
+		DEBUG(0,("Failed tevent_add_timer\n"));
+	}
+}
+
+/*
+  write to a file
+*/
+NTSTATUS pvfs_write(struct ntvfs_module_context *ntvfs,
+		    struct ntvfs_request *req, union smb_write *wr)
+{
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	ssize_t ret;
+	struct pvfs_file *f;
+	NTSTATUS status;
+
+	if (wr->generic.level != RAW_WRITE_WRITEX) {
+		return ntvfs_map_write(ntvfs, req, wr);
+	}
+
+	f = pvfs_find_fd(pvfs, req, wr->writex.in.file.ntvfs);
+	if (!f) {
+		return NT_STATUS_INVALID_HANDLE;
+	}
+
+	if (f->handle->fd == -1) {
+		return NT_STATUS_INVALID_DEVICE_REQUEST;
+	}
+
+	if (!(f->access_mask & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA))) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	status = pvfs_check_lock(pvfs, f, req->smbpid, 
+				 wr->writex.in.offset,
+				 wr->writex.in.count,
+				 WRITE_LOCK);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	status = pvfs_break_level2_oplocks(f);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	pvfs_trigger_write_time_update(f->handle);
+
+	if (f->handle->name->stream_name) {
+		ret = pvfs_stream_write(pvfs,
+					f->handle,
+					wr->writex.in.data, 
+					wr->writex.in.count,
+					wr->writex.in.offset);
+	} else {
+		ret = pwrite(f->handle->fd, 
+			     wr->writex.in.data, 
+			     wr->writex.in.count,
+			     wr->writex.in.offset);
+	}
+	if (ret == -1) {
+		if (errno == EFBIG) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+		return pvfs_map_errno(pvfs, errno);
+	}
+
+	f->handle->seek_offset = wr->writex.in.offset + ret;
+	
+	wr->writex.out.nwritten = ret;
+	wr->writex.out.remaining = 0; /* should fill this in? */
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/ntvfs/posix/pvfs_xattr.c b/source4/ntvfs/posix/pvfs_xattr.c
new file mode 100644
index 0000000..ab88d89
--- /dev/null
+++ b/source4/ntvfs/posix/pvfs_xattr.c
@@ -0,0 +1,488 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   POSIX NTVFS backend - xattr support
+
+   Copyright (C) Andrew Tridgell 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "vfs_posix.h"
+#include "../lib/util/unix_privs.h"
+#include "librpc/gen_ndr/ndr_xattr.h"
+#include "param/param.h"
+#include "ntvfs/posix/posix_eadb_proto.h"
+
+/*
+  pull a xattr as a blob
+*/
+static NTSTATUS pull_xattr_blob(struct pvfs_state *pvfs,
+				TALLOC_CTX *mem_ctx,
+				const char *attr_name, 
+				const char *fname, 
+				int fd, 
+				size_t estimated_size,
+				DATA_BLOB *blob)
+{
+	NTSTATUS status;
+
+	if (pvfs->ea_db) {
+		return pull_xattr_blob_tdb(pvfs, mem_ctx, attr_name, fname, 
+					   fd, estimated_size, blob);
+	}
+
+	status = pull_xattr_blob_system(pvfs, mem_ctx, attr_name, fname, 
+					fd, estimated_size, blob);
+
+	/* if the filesystem doesn't support them, then tell pvfs not to try again */
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)||
+	    NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)||
+	    NT_STATUS_EQUAL(status, NT_STATUS_INVALID_SYSTEM_SERVICE)) {
+		DEBUG(2,("pvfs_xattr: xattr not supported in filesystem: %s\n", nt_errstr(status)));
+		pvfs->flags &= ~PVFS_FLAG_XATTR_ENABLE;
+		status = NT_STATUS_NOT_FOUND;
+	}
+
+	return status;
+}
+
+/*
+  push a xattr as a blob
+*/
+static NTSTATUS push_xattr_blob(struct pvfs_state *pvfs,
+				const char *attr_name, 
+				const char *fname, 
+				int fd, 
+				const DATA_BLOB *blob)
+{
+	if (pvfs->ea_db) {
+		return push_xattr_blob_tdb(pvfs, attr_name, fname, fd, blob);
+	}
+	return push_xattr_blob_system(pvfs, attr_name, fname, fd, blob);
+}
+
+
+/*
+  delete a xattr
+*/
+static NTSTATUS delete_xattr(struct pvfs_state *pvfs, const char *attr_name, 
+			     const char *fname, int fd)
+{
+	if (pvfs->ea_db) {
+		return delete_posix_eadb(pvfs, attr_name, fname, fd);
+	}
+	return delete_xattr_system(pvfs, attr_name, fname, fd);
+}
+
+/*
+  a hook called on unlink - allows the tdb xattr backend to cleanup
+*/
+NTSTATUS pvfs_xattr_unlink_hook(struct pvfs_state *pvfs, const char *fname)
+{
+	if (pvfs->ea_db) {
+		return unlink_posix_eadb(pvfs, fname);
+	}
+	return unlink_xattr_system(pvfs, fname);
+}
+
+
+/*
+  load a NDR structure from a xattr
+*/
+NTSTATUS pvfs_xattr_ndr_load(struct pvfs_state *pvfs,
+			     TALLOC_CTX *mem_ctx,
+			     const char *fname, int fd, const char *attr_name,
+			     void *p, void *pull_fn)
+{
+	NTSTATUS status;
+	DATA_BLOB blob;
+	enum ndr_err_code ndr_err;
+
+	status = pull_xattr_blob(pvfs, mem_ctx, attr_name, fname, 
+				 fd, XATTR_DOSATTRIB_ESTIMATED_SIZE, &blob);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	/* pull the blob */
+	ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, p,
+								   (ndr_pull_flags_fn_t)pull_fn);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+
+	data_blob_free(&blob);
+
+	return NT_STATUS_OK;
+}
+
+/*
+  save a NDR structure into a xattr
+*/
+NTSTATUS pvfs_xattr_ndr_save(struct pvfs_state *pvfs,
+			     const char *fname, int fd, const char *attr_name, 
+			     void *p, void *push_fn)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(NULL);
+	DATA_BLOB blob;
+	NTSTATUS status;
+	enum ndr_err_code ndr_err;
+
+	ndr_err = ndr_push_struct_blob(&blob, mem_ctx, p, (ndr_push_flags_fn_t)push_fn);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(mem_ctx);
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+
+	status = push_xattr_blob(pvfs, attr_name, fname, fd, &blob);
+	talloc_free(mem_ctx);
+
+	return status;
+}
+
+
+/*
+  fill in file attributes from extended attributes
+*/
+NTSTATUS pvfs_dosattrib_load(struct pvfs_state *pvfs, struct pvfs_filename *name, int fd)
+{
+	NTSTATUS status;
+	struct xattr_DosAttrib attrib;
+	TALLOC_CTX *mem_ctx = talloc_new(name);
+	struct xattr_DosInfo1 *info1;
+	struct xattr_DosInfo2Old *info2;
+
+	if (name->stream_name != NULL) {
+		name->stream_exists = false;
+	} else {
+		name->stream_exists = true;
+	}
+
+	if (!(pvfs->flags & PVFS_FLAG_XATTR_ENABLE)) {
+		return NT_STATUS_OK;
+	}
+
+	status = pvfs_xattr_ndr_load(pvfs, mem_ctx, name->full_name, 
+				     fd, XATTR_DOSATTRIB_NAME,
+				     &attrib,
+				     (void *) ndr_pull_xattr_DosAttrib);
+
+	/* not having a DosAttrib is not an error */
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
+		talloc_free(mem_ctx);
+		return pvfs_stream_info(pvfs, name, fd);
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(mem_ctx);
+		return status;
+	}
+
+	switch (attrib.version) {
+	case 1:
+		info1 = &attrib.info.info1;
+		name->dos.attrib = pvfs_attrib_normalise(info1->attrib, 
+							 name->st.st_mode);
+		name->dos.ea_size = info1->ea_size;
+		if (name->st.st_size == info1->size) {
+			name->dos.alloc_size = 
+				pvfs_round_alloc_size(pvfs, info1->alloc_size);
+		}
+		if (!null_nttime(info1->create_time)) {
+			name->dos.create_time = info1->create_time;
+		}
+		if (!null_nttime(info1->change_time)) {
+			name->dos.change_time = info1->change_time;
+		}
+		name->dos.flags = 0;
+		break;
+
+	case 2:
+		/*
+		 * Note: This is only used to parse existing values from disk
+		 *       We use xattr_DosInfo1 again for storing new values
+		 */
+		info2 = &attrib.info.oldinfo2;
+		name->dos.attrib = pvfs_attrib_normalise(info2->attrib, 
+							 name->st.st_mode);
+		name->dos.ea_size = info2->ea_size;
+		if (name->st.st_size == info2->size) {
+			name->dos.alloc_size = 
+				pvfs_round_alloc_size(pvfs, info2->alloc_size);
+		}
+		if (!null_nttime(info2->create_time)) {
+			name->dos.create_time = info2->create_time;
+		}
+		if (!null_nttime(info2->change_time)) {
+			name->dos.change_time = info2->change_time;
+		}
+		name->dos.flags = info2->flags;
+		break;
+
+	default:
+		DEBUG(0,("ERROR: Unsupported xattr DosAttrib version %d on '%s'\n",
+			 attrib.version, name->full_name));
+		talloc_free(mem_ctx);
+		return NT_STATUS_INVALID_LEVEL;
+	}
+	talloc_free(mem_ctx);
+	
+	status = pvfs_stream_info(pvfs, name, fd);
+
+	return status;
+}
+
+
+/*
+  save the file attribute into the xattr
+*/
+NTSTATUS pvfs_dosattrib_save(struct pvfs_state *pvfs, struct pvfs_filename *name, int fd)
+{
+	struct xattr_DosAttrib attrib;
+	struct xattr_DosInfo1 *info1;
+
+	if (!(pvfs->flags & PVFS_FLAG_XATTR_ENABLE)) {
+		return NT_STATUS_OK;
+	}
+
+	attrib.version = 1;
+	info1 = &attrib.info.info1;
+
+	name->dos.attrib = pvfs_attrib_normalise(name->dos.attrib, name->st.st_mode);
+
+	info1->attrib      = name->dos.attrib;
+	info1->ea_size     = name->dos.ea_size;
+	info1->size        = name->st.st_size;
+	info1->alloc_size  = name->dos.alloc_size;
+	info1->create_time = name->dos.create_time;
+	info1->change_time = name->dos.change_time;
+
+	return pvfs_xattr_ndr_save(pvfs, name->full_name, fd, 
+				   XATTR_DOSATTRIB_NAME, &attrib, 
+				   (void *) ndr_push_xattr_DosAttrib);
+}
+
+
+/*
+  load the set of DOS EAs
+*/
+NTSTATUS pvfs_doseas_load(struct pvfs_state *pvfs, struct pvfs_filename *name, int fd,
+			  struct xattr_DosEAs *eas)
+{
+	NTSTATUS status;
+	ZERO_STRUCTP(eas);
+
+	if (name->stream_name) {
+		/* We don't support EAs on streams */
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (!(pvfs->flags & PVFS_FLAG_XATTR_ENABLE)) {
+		return NT_STATUS_OK;
+	}
+	status = pvfs_xattr_ndr_load(pvfs, eas, name->full_name, fd, XATTR_DOSEAS_NAME,
+				     eas, (void *) ndr_pull_xattr_DosEAs);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
+		return NT_STATUS_OK;
+	}
+	return status;
+}
+
+/*
+  save the set of DOS EAs
+*/
+NTSTATUS pvfs_doseas_save(struct pvfs_state *pvfs, struct pvfs_filename *name, int fd,
+			  struct xattr_DosEAs *eas)
+{
+	if (!(pvfs->flags & PVFS_FLAG_XATTR_ENABLE)) {
+		return NT_STATUS_OK;
+	}
+	return pvfs_xattr_ndr_save(pvfs, name->full_name, fd, XATTR_DOSEAS_NAME, eas, 
+				   (void *) ndr_push_xattr_DosEAs);
+}
+
+
+/*
+  load the set of streams from extended attributes
+*/
+NTSTATUS pvfs_streams_load(struct pvfs_state *pvfs, struct pvfs_filename *name, int fd,
+			   struct xattr_DosStreams *streams)
+{
+	NTSTATUS status;
+	ZERO_STRUCTP(streams);
+	if (!(pvfs->flags & PVFS_FLAG_XATTR_ENABLE)) {
+		return NT_STATUS_OK;
+	}
+	status = pvfs_xattr_ndr_load(pvfs, streams, name->full_name, fd, 
+				     XATTR_DOSSTREAMS_NAME,
+				     streams, 
+				     (void *) ndr_pull_xattr_DosStreams);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
+		return NT_STATUS_OK;
+	}
+	return status;
+}
+
+/*
+  save the set of streams into filesystem xattr
+*/
+NTSTATUS pvfs_streams_save(struct pvfs_state *pvfs, struct pvfs_filename *name, int fd,
+			   struct xattr_DosStreams *streams)
+{
+	if (!(pvfs->flags & PVFS_FLAG_XATTR_ENABLE)) {
+		return NT_STATUS_OK;
+	}
+	return pvfs_xattr_ndr_save(pvfs, name->full_name, fd, 
+				   XATTR_DOSSTREAMS_NAME, 
+				   streams, 
+				   (void *) ndr_push_xattr_DosStreams);
+}
+
+
+/*
+  load the current ACL from extended attributes
+*/
+NTSTATUS pvfs_acl_load(struct pvfs_state *pvfs, struct pvfs_filename *name, int fd,
+		       struct xattr_NTACL *acl)
+{
+	NTSTATUS status;
+	ZERO_STRUCTP(acl);
+	if (!(pvfs->flags & PVFS_FLAG_XATTR_ENABLE)) {
+		return NT_STATUS_NOT_FOUND;
+	}
+	status = pvfs_xattr_ndr_load(pvfs, acl, name->full_name, fd, 
+				     XATTR_NTACL_NAME,
+				     acl, 
+				     (void *) ndr_pull_xattr_NTACL);
+	return status;
+}
+
+/*
+  save the acl for a file into filesystem xattr
+*/
+NTSTATUS pvfs_acl_save(struct pvfs_state *pvfs, struct pvfs_filename *name, int fd,
+		       struct xattr_NTACL *acl)
+{
+	NTSTATUS status;
+	void *privs;
+
+	if (!(pvfs->flags & PVFS_FLAG_XATTR_ENABLE)) {
+		return NT_STATUS_OK;
+	}
+
+	/* this xattr is in the "system" namespace, so we need
+	   admin privileges to set it */
+	privs = root_privileges();
+	status = pvfs_xattr_ndr_save(pvfs, name->full_name, fd, 
+				     XATTR_NTACL_NAME, 
+				     acl, 
+				     (void *) ndr_push_xattr_NTACL);
+	talloc_free(privs);
+	return status;
+}
+
+/*
+  create a zero length xattr with the given name
+*/
+NTSTATUS pvfs_xattr_create(struct pvfs_state *pvfs, 
+			   const char *fname, int fd,
+			   const char *attr_prefix,
+			   const char *attr_name)
+{
+	NTSTATUS status;
+	DATA_BLOB blob = data_blob(NULL, 0);
+	char *aname = talloc_asprintf(NULL, "%s%s", attr_prefix, attr_name);
+	if (aname == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	status = push_xattr_blob(pvfs, aname, fname, fd, &blob);
+	talloc_free(aname);
+	return status;
+}
+
+
+/*
+  delete a xattr with the given name
+*/
+NTSTATUS pvfs_xattr_delete(struct pvfs_state *pvfs, 
+			   const char *fname, int fd,
+			   const char *attr_prefix,
+			   const char *attr_name)
+{
+	NTSTATUS status;
+	char *aname = talloc_asprintf(NULL, "%s%s", attr_prefix, attr_name);
+	if (aname == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	status = delete_xattr(pvfs, aname, fname, fd);
+	talloc_free(aname);
+	return status;
+}
+
+/*
+  load a xattr with the given name
+*/
+NTSTATUS pvfs_xattr_load(struct pvfs_state *pvfs, 
+			 TALLOC_CTX *mem_ctx,
+			 const char *fname, int fd,
+			 const char *attr_prefix,
+			 const char *attr_name,
+			 size_t estimated_size,
+			 DATA_BLOB *blob)
+{
+	NTSTATUS status;
+	char *aname = talloc_asprintf(mem_ctx, "%s%s", attr_prefix, attr_name);
+	if (aname == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	status = pull_xattr_blob(pvfs, mem_ctx, aname, fname, fd, estimated_size, blob);
+	talloc_free(aname);
+	return status;
+}
+
+/*
+  save a xattr with the given name
+*/
+NTSTATUS pvfs_xattr_save(struct pvfs_state *pvfs, 
+			 const char *fname, int fd,
+			 const char *attr_prefix,
+			 const char *attr_name,
+			 const DATA_BLOB *blob)
+{
+	NTSTATUS status;
+	char *aname = talloc_asprintf(NULL, "%s%s", attr_prefix, attr_name);
+	if (aname == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	status = push_xattr_blob(pvfs, aname, fname, fd, blob);
+	talloc_free(aname);
+	return status;
+}
+
+
+/*
+  probe for system support for xattrs
+*/
+void pvfs_xattr_probe(struct pvfs_state *pvfs)
+{
+	TALLOC_CTX *tmp_ctx = talloc_new(pvfs);
+	DATA_BLOB blob;
+	pull_xattr_blob(pvfs, tmp_ctx, "user.XattrProbe", pvfs->base_directory, 
+			-1, 1, &blob);
+	pull_xattr_blob(pvfs, tmp_ctx, "security.XattrProbe", pvfs->base_directory, 
+			-1, 1, &blob);
+	talloc_free(tmp_ctx);
+}
diff --git a/source4/ntvfs/posix/python/pyposix_eadb.c b/source4/ntvfs/posix/python/pyposix_eadb.c
new file mode 100644
index 0000000..aca92e7
--- /dev/null
+++ b/source4/ntvfs/posix/python/pyposix_eadb.c
@@ -0,0 +1,140 @@
+/*
+   Unix SMB/CIFS implementation. Xattr manipulation bindings.
+   Copyright (C) Matthieu Patou <mat@matws.net> 2009-2010
+   Base on work of pyglue.c by Jelmer Vernooij <jelmer@samba.org> 2007 and
+    Matthias Dieter Wallnöfer 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "lib/replace/system/python.h"
+#include "python/py3compat.h"
+#include "includes.h"
+#include "system/filesys.h"
+#include <tdb.h>
+#include "lib/tdb_wrap/tdb_wrap.h"
+#include "librpc/ndr/libndr.h"
+#include "ntvfs/posix/posix_eadb.h"
+#include "libcli/util/pyerrors.h"
+#include "param/pyparam.h"
+
+static PyObject *py_is_xattr_supported(PyObject *self,
+			PyObject *Py_UNUSED(ignored))
+{
+	Py_RETURN_TRUE;
+}
+
+static PyObject *py_wrap_setxattr(PyObject *self, PyObject *args)
+{
+	char *filename, *attribute, *tdbname;
+	DATA_BLOB blob;
+	Py_ssize_t blobsize;
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx;
+	struct tdb_wrap *eadb;
+
+	if (!PyArg_ParseTuple(args, "sss"PYARG_BYTES_LEN, &tdbname, &filename, &attribute,
+						  &blob.data, &blobsize))
+		return NULL;
+
+	blob.length = blobsize;
+	mem_ctx = talloc_new(NULL);
+	eadb = tdb_wrap_open(
+		mem_ctx, tdbname, 50000,
+		lpcfg_tdb_flags(py_default_loadparm_context(mem_ctx),
+				TDB_DEFAULT),
+		O_RDWR|O_CREAT, 0600);
+
+	if (eadb == NULL) {
+		PyErr_SetFromErrno(PyExc_IOError);
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+	status = push_xattr_blob_tdb_raw(eadb, attribute, filename, -1,
+					 &blob);
+	if (!NT_STATUS_IS_OK(status)) {
+		PyErr_SetNTSTATUS(status);
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+	talloc_free(mem_ctx);
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_wrap_getxattr(PyObject *self, PyObject *args)
+{
+	char *filename, *attribute, *tdbname;
+	TALLOC_CTX *mem_ctx;
+	DATA_BLOB blob;
+	PyObject *ret;
+	NTSTATUS status;
+	struct tdb_wrap *eadb = NULL;
+
+	if (!PyArg_ParseTuple(args, "sss", &tdbname, &filename, &attribute))
+		return NULL;
+
+	mem_ctx = talloc_new(NULL);
+	eadb = tdb_wrap_open(
+		mem_ctx, tdbname, 50000,
+		lpcfg_tdb_flags(py_default_loadparm_context(mem_ctx),
+				TDB_DEFAULT),
+		O_RDWR|O_CREAT, 0600);
+	if (eadb == NULL) {
+		PyErr_SetFromErrno(PyExc_IOError);
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+	status = pull_xattr_blob_tdb_raw(eadb, mem_ctx, attribute, filename,
+									 -1, 100, &blob);
+	if (!NT_STATUS_IS_OK(status)) {
+		PyErr_SetNTSTATUS(status);
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+	ret = Py_BuildValue(PYARG_BYTES_LEN, blob.data, blob.length);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static PyMethodDef py_posix_eadb_methods[] = {
+	{ "wrap_getxattr", (PyCFunction)py_wrap_getxattr, METH_VARARGS,
+		"wrap_getxattr(filename,attribute) -> blob\n"
+		"Retrieve given attribute on the given file." },
+	{ "wrap_setxattr", (PyCFunction)py_wrap_setxattr, METH_VARARGS,
+		"wrap_setxattr(filename,attribute,value)\n"
+		"Set the given attribute to the given value on the given file." },
+	{ "is_xattr_supported", (PyCFunction)py_is_xattr_supported, METH_NOARGS,
+		"Return true if xattr are supported on this system\n"},
+	{0}
+};
+
+static struct PyModuleDef moduledef = {
+    PyModuleDef_HEAD_INIT,
+    .m_name = "posix_eadb",
+    .m_doc = "Python bindings for xattr manipulation.",
+    .m_size = -1,
+    .m_methods = py_posix_eadb_methods,
+};
+
+MODULE_INIT_FUNC(posix_eadb)
+{
+	PyObject *m;
+
+	m = PyModule_Create(&moduledef);
+
+	if (m == NULL)
+		return NULL;
+
+	return m;
+}
diff --git a/source4/ntvfs/posix/python/pyxattr_native.c b/source4/ntvfs/posix/python/pyxattr_native.c
new file mode 100644
index 0000000..6b237b0
--- /dev/null
+++ b/source4/ntvfs/posix/python/pyxattr_native.c
@@ -0,0 +1,129 @@
+/*
+   Unix SMB/CIFS implementation. Xattr manipulation bindings.
+   Copyright (C) Matthieu Patou <mat@matws.net> 2009
+   Base on work of pyglue.c by Jelmer Vernooij <jelmer@samba.org> 2007 and
+    Matthias Dieter Wallnöfer 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "lib/replace/system/python.h"
+#include "python/py3compat.h"
+#include "includes.h"
+#include "librpc/ndr/libndr.h"
+#include "system/filesys.h"
+#include "lib/util/base64.h"
+
+static PyObject *py_is_xattr_supported(PyObject *self,
+		PyObject *Py_UNUSED(ignored))
+{
+#if !defined(HAVE_XATTR_SUPPORT)
+	Py_RETURN_FALSE;
+#else
+	Py_RETURN_TRUE;
+#endif
+}
+
+static PyObject *py_wrap_setxattr(PyObject *self, PyObject *args)
+{
+	char *filename, *attribute;
+	int ret = 0;
+	Py_ssize_t blobsize;
+	DATA_BLOB blob;
+
+	if (!PyArg_ParseTuple(args, "ss"PYARG_BYTES_LEN, &filename, &attribute, &blob.data,
+        &blobsize))
+		return NULL;
+
+	blob.length = blobsize;
+	ret = setxattr(filename, attribute, blob.data, blob.length, 0);
+	if( ret < 0 ) {
+		if (errno == ENOTSUP) {
+			PyErr_SetFromErrno(PyExc_IOError);
+		} else {
+			PyErr_SetFromErrnoWithFilename(PyExc_OSError, filename);
+		}
+		return NULL;
+	}
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_wrap_getxattr(PyObject *self, PyObject *args)
+{
+	char *filename, *attribute;
+	int len;
+	TALLOC_CTX *mem_ctx;
+	char *buf;
+	PyObject *ret;
+	if (!PyArg_ParseTuple(args, "ss", &filename, &attribute))
+		return NULL;
+	mem_ctx = talloc_new(NULL);
+	len = getxattr(filename,attribute,NULL,0);
+	if( len < 0 ) {
+		if (errno == ENOTSUP) {
+			PyErr_SetFromErrno(PyExc_IOError);
+		} else {
+			PyErr_SetFromErrnoWithFilename(PyExc_OSError, filename);
+		}
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+	/* check length ... */
+	buf = talloc_zero_array(mem_ctx, char, len);
+	len = getxattr(filename, attribute, buf, len);
+	if( len < 0 ) {
+		if (errno == ENOTSUP) {
+			PyErr_SetFromErrno(PyExc_IOError);
+		} else {
+			PyErr_SetFromErrnoWithFilename(PyExc_OSError, filename);
+		}
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+	ret = Py_BuildValue(PYARG_BYTES_LEN, buf, len);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static PyMethodDef py_xattr_methods[] = {
+	{ "wrap_getxattr", (PyCFunction)py_wrap_getxattr, METH_VARARGS,
+		"wrap_getxattr(filename,attribute) -> blob\n"
+		"Retrieve given attribute on the given file." },
+	{ "wrap_setxattr", (PyCFunction)py_wrap_setxattr, METH_VARARGS,
+		"wrap_setxattr(filename,attribute,value)\n"
+		"Set the given attribute to the given value on the given file." },
+	{ "is_xattr_supported", (PyCFunction)py_is_xattr_supported, METH_NOARGS,
+		"Return true if xattr are supported on this system\n"},
+	{0}
+};
+
+static struct PyModuleDef moduledef = {
+    PyModuleDef_HEAD_INIT,
+    .m_name = "xattr_native",
+    .m_doc = "Python bindings for xattr manipulation.",
+    .m_size = -1,
+    .m_methods = py_xattr_methods,
+};
+
+MODULE_INIT_FUNC(xattr_native)
+{
+	PyObject *m;
+
+	m = PyModule_Create(&moduledef);
+
+	if (m == NULL)
+		return NULL;
+
+	return m;
+}
diff --git a/source4/ntvfs/posix/python/pyxattr_tdb.c b/source4/ntvfs/posix/python/pyxattr_tdb.c
new file mode 100644
index 0000000..5f07809
--- /dev/null
+++ b/source4/ntvfs/posix/python/pyxattr_tdb.c
@@ -0,0 +1,177 @@
+/*
+   Unix SMB/CIFS implementation. Xattr manipulation bindings.
+   Copyright (C) Matthieu Patou <mat@matws.net> 2009-2010
+   Base on work of pyglue.c by Jelmer Vernooij <jelmer@samba.org> 2007 and
+    Matthias Dieter Wallnöfer 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "lib/replace/system/python.h"
+#include "python/py3compat.h"
+#include "includes.h"
+#include "system/filesys.h"
+#include <tdb.h>
+#include "lib/tdb_wrap/tdb_wrap.h"
+#include "librpc/ndr/libndr.h"
+#include "ntvfs/posix/posix_eadb.h"
+#include "libcli/util/pyerrors.h"
+#include "param/pyparam.h"
+#include "lib/dbwrap/dbwrap.h"
+#include "lib/dbwrap/dbwrap_open.h"
+#include "lib/dbwrap/dbwrap_tdb.h"
+#include "source3/lib/xattr_tdb.h"
+
+static PyObject *py_is_xattr_supported(PyObject *self,
+		PyObject *Py_UNUSED(ignored))
+{
+	Py_RETURN_TRUE;
+}
+
+static PyObject *py_wrap_setxattr(PyObject *self, PyObject *args)
+{
+	char *filename, *attribute, *tdbname;
+	DATA_BLOB blob;
+	Py_ssize_t blobsize;
+	int ret;
+	TALLOC_CTX *mem_ctx;
+	struct loadparm_context *lp_ctx;
+	struct db_context *eadb = NULL;
+	struct file_id id;
+	struct stat sbuf;
+
+	if (!PyArg_ParseTuple(args, "sss"PYARG_BYTES_LEN, &tdbname, &filename, &attribute,
+						  &blob.data, &blobsize))
+		return NULL;
+
+	blob.length = blobsize;
+	mem_ctx = talloc_new(NULL);
+
+	lp_ctx = py_default_loadparm_context(mem_ctx);
+	eadb = db_open_tdb(mem_ctx, tdbname, 50000,
+			   lpcfg_tdb_flags(lp_ctx, TDB_DEFAULT),
+			   O_RDWR|O_CREAT, 0600, DBWRAP_LOCK_ORDER_2,
+			   DBWRAP_FLAG_NONE);
+
+	if (eadb == NULL) {
+		PyErr_SetFromErrno(PyExc_IOError);
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	ret = stat(filename, &sbuf);
+	if (ret < 0) {
+		PyErr_SetFromErrno(PyExc_IOError);
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	ZERO_STRUCT(id);
+	id.devid = sbuf.st_dev;
+	id.inode = sbuf.st_ino;
+
+	ret = xattr_tdb_setattr(eadb, &id, attribute, blob.data, blob.length, 0);
+	if (ret < 0) {
+		PyErr_SetFromErrno(PyExc_TypeError);
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+	talloc_free(mem_ctx);
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_wrap_getxattr(PyObject *self, PyObject *args)
+{
+	char *filename, *attribute, *tdbname;
+	TALLOC_CTX *mem_ctx;
+	struct loadparm_context *lp_ctx;
+	DATA_BLOB blob;
+	PyObject *ret_obj;
+	int ret;
+	ssize_t xattr_size;
+	struct db_context *eadb = NULL;
+	struct file_id id;
+	struct stat sbuf;
+
+	if (!PyArg_ParseTuple(args, "sss", &tdbname, &filename, &attribute))
+		return NULL;
+
+	mem_ctx = talloc_new(NULL);
+
+	lp_ctx = py_default_loadparm_context(mem_ctx);
+	eadb = db_open_tdb(mem_ctx, tdbname, 50000,
+			   lpcfg_tdb_flags(lp_ctx, TDB_DEFAULT),
+			   O_RDWR|O_CREAT, 0600, DBWRAP_LOCK_ORDER_2,
+			   DBWRAP_FLAG_NONE);
+
+	if (eadb == NULL) {
+		PyErr_SetFromErrno(PyExc_IOError);
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	ret = stat(filename, &sbuf);
+	if (ret < 0) {
+		PyErr_SetFromErrno(PyExc_IOError);
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	ZERO_STRUCT(id);
+	id.devid = sbuf.st_dev;
+	id.inode = sbuf.st_ino;
+
+	xattr_size = xattr_tdb_getattr(eadb, mem_ctx, &id, attribute, &blob);
+	if (xattr_size < 0) {
+		PyErr_SetFromErrno(PyExc_TypeError);
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+	ret_obj = Py_BuildValue(PYARG_BYTES_LEN, blob.data, xattr_size);
+	talloc_free(mem_ctx);
+	return ret_obj;
+}
+
+static PyMethodDef py_xattr_methods[] = {
+	{ "wrap_getxattr", (PyCFunction)py_wrap_getxattr, METH_VARARGS,
+		"wrap_getxattr(filename,attribute) -> blob\n"
+		"Retrieve given attribute on the given file." },
+	{ "wrap_setxattr", (PyCFunction)py_wrap_setxattr, METH_VARARGS,
+		"wrap_setxattr(filename,attribute,value)\n"
+		"Set the given attribute to the given value on the given file." },
+	{ "is_xattr_supported", (PyCFunction)py_is_xattr_supported, METH_NOARGS,
+		"Return true if xattr are supported on this system\n"},
+	{0}
+};
+
+static struct PyModuleDef moduledef = {
+    PyModuleDef_HEAD_INIT,
+    .m_name = "xattr_tdb",
+    .m_doc = "Python bindings for xattr manipulation.",
+    .m_size = -1,
+    .m_methods = py_xattr_methods,
+};
+
+MODULE_INIT_FUNC(xattr_tdb)
+{
+	PyObject *m;
+
+	m = PyModule_Create(&moduledef);
+
+	if (m == NULL)
+		return NULL;
+
+	return m;
+}
+
diff --git a/source4/ntvfs/posix/vfs_posix.c b/source4/ntvfs/posix/vfs_posix.c
new file mode 100644
index 0000000..8375def
--- /dev/null
+++ b/source4/ntvfs/posix/vfs_posix.c
@@ -0,0 +1,426 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   POSIX NTVFS backend
+
+   Copyright (C) Andrew Tridgell 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+  this implements most of the POSIX NTVFS backend
+  This is the default backend
+*/
+
+#include "includes.h"
+#include "vfs_posix.h"
+#include "librpc/gen_ndr/security.h"
+#include <tdb.h>
+#include "lib/tdb_wrap/tdb_wrap.h"
+#include "libcli/security/security.h"
+#include "lib/events/events.h"
+#include "param/param.h"
+#include "lib/util/idtree.h"
+
+/*
+  setup config options for a posix share
+*/
+static void pvfs_setup_options(struct pvfs_state *pvfs)
+{
+	struct share_config *scfg = pvfs->ntvfs->ctx->config;
+	char *eadb;
+	char *xattr_backend;
+	bool def_perm_override = false;
+
+	if (share_bool_option(scfg, SHARE_MAP_HIDDEN, SHARE_MAP_HIDDEN_DEFAULT))
+		pvfs->flags |= PVFS_FLAG_MAP_HIDDEN;
+	if (share_bool_option(scfg, SHARE_MAP_ARCHIVE, SHARE_MAP_ARCHIVE_DEFAULT))
+		pvfs->flags |= PVFS_FLAG_MAP_ARCHIVE;
+	if (share_bool_option(scfg, SHARE_MAP_SYSTEM, SHARE_MAP_SYSTEM_DEFAULT))
+		pvfs->flags |= PVFS_FLAG_MAP_SYSTEM;
+	if (share_bool_option(scfg, SHARE_READONLY, SHARE_READONLY_DEFAULT))
+		pvfs->flags |= PVFS_FLAG_READONLY;
+	if (share_bool_option(scfg, SHARE_STRICT_SYNC, SHARE_STRICT_SYNC_DEFAULT))
+		pvfs->flags |= PVFS_FLAG_STRICT_SYNC;
+	if (share_bool_option(scfg, SHARE_STRICT_LOCKING, SHARE_STRICT_LOCKING_DEFAULT))
+		pvfs->flags |= PVFS_FLAG_STRICT_LOCKING;
+	if (share_bool_option(scfg, SHARE_CI_FILESYSTEM, SHARE_CI_FILESYSTEM_DEFAULT))
+		pvfs->flags |= PVFS_FLAG_CI_FILESYSTEM;
+	if (share_bool_option(scfg, PVFS_FAKE_OPLOCKS, PVFS_FAKE_OPLOCKS_DEFAULT))
+		pvfs->flags |= PVFS_FLAG_FAKE_OPLOCKS;
+
+#if defined(O_DIRECTORY) && defined(O_NOFOLLOW)
+	/* set PVFS_PERM_OVERRIDE by default only if the system
+	 * supports the necessary capabilities to make it secure
+	 */
+	def_perm_override = true;
+#endif
+	if (share_bool_option(scfg, PVFS_PERM_OVERRIDE, def_perm_override))
+		pvfs->flags |= PVFS_FLAG_PERM_OVERRIDE;
+
+	/* file perm options */
+	pvfs->options.create_mask       = share_int_option(scfg,
+							   SHARE_CREATE_MASK,
+							   SHARE_CREATE_MASK_DEFAULT);
+	pvfs->options.dir_mask          = share_int_option(scfg,
+							   SHARE_DIR_MASK,
+							   SHARE_DIR_MASK_DEFAULT);
+	pvfs->options.force_dir_mode    = share_int_option(scfg,
+							   SHARE_FORCE_DIR_MODE,
+							   SHARE_FORCE_DIR_MODE_DEFAULT);
+	pvfs->options.force_create_mode = share_int_option(scfg,
+							   SHARE_FORCE_CREATE_MODE,
+							   SHARE_FORCE_CREATE_MODE_DEFAULT);
+	/* this must be a power of 2 */
+	pvfs->alloc_size_rounding = share_int_option(scfg,
+							PVFS_ALLOCATION_ROUNDING,
+							PVFS_ALLOCATION_ROUNDING_DEFAULT);
+
+	pvfs->search.inactivity_time = share_int_option(scfg,
+							PVFS_SEARCH_INACTIVITY,
+							PVFS_SEARCH_INACTIVITY_DEFAULT);
+
+#ifdef HAVE_XATTR_SUPPORT
+	if (share_bool_option(scfg, PVFS_XATTR, PVFS_XATTR_DEFAULT))
+		pvfs->flags |= PVFS_FLAG_XATTR_ENABLE;
+#endif
+
+	pvfs->sharing_violation_delay = share_int_option(scfg,
+							PVFS_SHARE_DELAY,
+							PVFS_SHARE_DELAY_DEFAULT);
+
+	pvfs->oplock_break_timeout = share_int_option(scfg,
+						      PVFS_OPLOCK_TIMEOUT,
+						      PVFS_OPLOCK_TIMEOUT_DEFAULT);
+
+	pvfs->writetime_delay = share_int_option(scfg,
+						 PVFS_WRITETIME_DELAY,
+						 PVFS_WRITETIME_DELAY_DEFAULT);
+
+	pvfs->share_name = talloc_strdup(pvfs, scfg->name);
+
+	pvfs->fs_attribs = 
+		FS_ATTR_CASE_SENSITIVE_SEARCH | 
+		FS_ATTR_CASE_PRESERVED_NAMES |
+		FS_ATTR_UNICODE_ON_DISK;
+
+	/* allow xattrs to be stored in a external tdb */
+	eadb = share_string_option(pvfs, scfg, PVFS_EADB, NULL);
+	if (eadb != NULL) {
+		pvfs->ea_db = tdb_wrap_open(
+			pvfs, eadb, 50000,
+			lpcfg_tdb_flags(pvfs->ntvfs->ctx->lp_ctx, TDB_DEFAULT),
+			O_RDWR|O_CREAT, 0600);
+		if (pvfs->ea_db != NULL) {
+			pvfs->flags |= PVFS_FLAG_XATTR_ENABLE;
+		} else {
+			DEBUG(0,("Failed to open eadb '%s' - %s\n",
+				 eadb, strerror(errno)));
+			pvfs->flags &= ~PVFS_FLAG_XATTR_ENABLE;
+		}
+		TALLOC_FREE(eadb);
+	}
+
+	if (pvfs->flags & PVFS_FLAG_XATTR_ENABLE) {
+		pvfs->fs_attribs |= FS_ATTR_NAMED_STREAMS;
+	}
+	if (pvfs->flags & PVFS_FLAG_XATTR_ENABLE) {
+		pvfs->fs_attribs |= FS_ATTR_PERSISTANT_ACLS;
+	}
+
+	pvfs->sid_cache.creator_owner = dom_sid_parse_talloc(pvfs, SID_CREATOR_OWNER);
+	pvfs->sid_cache.creator_group = dom_sid_parse_talloc(pvfs, SID_CREATOR_GROUP);
+
+	/* check if the system really supports xattrs */
+	if (pvfs->flags & PVFS_FLAG_XATTR_ENABLE) {
+		pvfs_xattr_probe(pvfs);
+	}
+
+	/* enable an ACL backend */
+	xattr_backend = share_string_option(pvfs, scfg, PVFS_ACL, "xattr");
+	pvfs->acl_ops = pvfs_acl_backend_byname(xattr_backend);
+	TALLOC_FREE(xattr_backend);
+}
+
+static int pvfs_state_destructor(struct pvfs_state *pvfs)
+{
+	struct pvfs_file *f, *fn;
+	struct pvfs_search_state *s, *sn;
+
+	/* 
+	 * make sure we cleanup files and searches before anything else
+	 * because there destructors need to access the pvfs_state struct
+	 */
+	for (f=pvfs->files.list; f; f=fn) {
+		fn = f->next;
+		talloc_free(f);
+	}
+
+	for (s=pvfs->search.list; s; s=sn) {
+		sn = s->next;
+		talloc_free(s);
+	}
+
+	return 0;
+}
+
+/*
+  connect to a share - used when a tree_connect operation comes
+  in. For a disk based backend we needs to ensure that the base
+  directory exists (tho it doesn't need to be accessible by the user,
+  that comes later)
+*/
+static NTSTATUS pvfs_connect(struct ntvfs_module_context *ntvfs,
+			     struct ntvfs_request *req,
+			     union smb_tcon* tcon)
+{
+	struct pvfs_state *pvfs;
+	struct stat st;
+	char *base_directory;
+	NTSTATUS status;
+	const char *sharename;
+
+	switch (tcon->generic.level) {
+	case RAW_TCON_TCON:
+		sharename = tcon->tcon.in.service;
+		break;
+	case RAW_TCON_TCONX:
+		sharename = tcon->tconx.in.path;
+		break;
+	case RAW_TCON_SMB2:
+		sharename = tcon->smb2.in.path;
+		break;
+	default:
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	if (strncmp(sharename, "\\\\", 2) == 0) {
+		char *p = strchr(sharename+2, '\\');
+		if (p) {
+			sharename = p + 1;
+		}
+	}
+
+	/*
+	 * TODO: call this from ntvfs_posix_init()
+	 *       but currently we don't have a lp_ctx there
+	 */
+	status = pvfs_acl_init();
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	pvfs = talloc_zero(ntvfs, struct pvfs_state);
+	NT_STATUS_HAVE_NO_MEMORY(pvfs);
+
+	/* for simplicity of path construction, remove any trailing slash now */
+	base_directory = share_string_option(pvfs, ntvfs->ctx->config, SHARE_PATH, "");
+	NT_STATUS_HAVE_NO_MEMORY(base_directory);
+	if (strcmp(base_directory, "/") != 0) {
+		trim_string(base_directory, NULL, "/");
+	}
+
+	pvfs->ntvfs = ntvfs;
+	pvfs->base_directory = base_directory;
+
+	/* the directory must exist. Note that we deliberately don't
+	   check that it is readable */
+	if (stat(pvfs->base_directory, &st) != 0 || !S_ISDIR(st.st_mode)) {
+		DEBUG(0,("pvfs_connect: '%s' is not a directory, when connecting to [%s]\n", 
+			 pvfs->base_directory, sharename));
+		return NT_STATUS_BAD_NETWORK_NAME;
+	}
+
+	ntvfs->ctx->fs_type = talloc_strdup(ntvfs->ctx, "NTFS");
+	NT_STATUS_HAVE_NO_MEMORY(ntvfs->ctx->fs_type);
+
+	ntvfs->ctx->dev_type = talloc_strdup(ntvfs->ctx, "A:");
+	NT_STATUS_HAVE_NO_MEMORY(ntvfs->ctx->dev_type);
+
+	if (tcon->generic.level == RAW_TCON_TCONX) {
+		tcon->tconx.out.fs_type = ntvfs->ctx->fs_type;
+		tcon->tconx.out.dev_type = ntvfs->ctx->dev_type;
+	}
+
+	ntvfs->private_data = pvfs;
+
+	pvfs->brl_context = brlock_init(pvfs, 
+				     pvfs->ntvfs->ctx->server_id,
+				     pvfs->ntvfs->ctx->lp_ctx,
+				     pvfs->ntvfs->ctx->msg_ctx);
+	if (pvfs->brl_context == NULL) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	pvfs->odb_context = odb_init(pvfs, pvfs->ntvfs->ctx);
+	if (pvfs->odb_context == NULL) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	/* allow this to be NULL - we just disable change notify */
+	pvfs->notify_context = notify_init(pvfs, 
+					   pvfs->ntvfs->ctx->server_id,  
+					   pvfs->ntvfs->ctx->msg_ctx, 
+					   pvfs->ntvfs->ctx->lp_ctx,
+					   pvfs->ntvfs->ctx->event_ctx,
+					   pvfs->ntvfs->ctx->config);
+
+	/* allocate the search handle -> ptr tree */
+	pvfs->search.idtree = idr_init(pvfs);
+	NT_STATUS_HAVE_NO_MEMORY(pvfs->search.idtree);
+
+	status = pvfs_mangle_init(pvfs);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	pvfs_setup_options(pvfs);
+
+	talloc_set_destructor(pvfs, pvfs_state_destructor);
+
+#ifdef SIGXFSZ
+	/* who had the stupid idea to generate a signal on a large
+	   file write instead of just failing it!? */
+	BlockSignals(true, SIGXFSZ);
+#endif
+
+	return NT_STATUS_OK;
+}
+
+/*
+  disconnect from a share
+*/
+static NTSTATUS pvfs_disconnect(struct ntvfs_module_context *ntvfs)
+{
+	return NT_STATUS_OK;
+}
+
+/*
+  check if a directory exists
+*/
+static NTSTATUS pvfs_chkpath(struct ntvfs_module_context *ntvfs,
+			     struct ntvfs_request *req,
+			     union smb_chkpath *cp)
+{
+	struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
+				  struct pvfs_state);
+	struct pvfs_filename *name;
+	NTSTATUS status;
+
+	/* resolve the cifs name to a posix name */
+	status = pvfs_resolve_name(pvfs, req, cp->chkpath.in.path, 0, &name);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	if (!name->exists) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	if (!S_ISDIR(name->st.st_mode)) {
+		return NT_STATUS_NOT_A_DIRECTORY;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  copy a set of files
+*/
+static NTSTATUS pvfs_copy(struct ntvfs_module_context *ntvfs,
+			  struct ntvfs_request *req, struct smb_copy *cp)
+{
+	DEBUG(0,("pvfs_copy not implemented\n"));
+	return NT_STATUS_NOT_SUPPORTED;
+}
+
+/*
+  return print queue info
+*/
+static NTSTATUS pvfs_lpq(struct ntvfs_module_context *ntvfs,
+			 struct ntvfs_request *req, union smb_lpq *lpq)
+{
+	return NT_STATUS_NOT_SUPPORTED;
+}
+
+/* SMBtrans - not used on file shares */
+static NTSTATUS pvfs_trans(struct ntvfs_module_context *ntvfs,
+			   struct ntvfs_request *req, struct smb_trans2 *trans2)
+{
+	return NT_STATUS_ACCESS_DENIED;
+}
+
+/*
+  initialise the POSIX disk backend, registering ourselves with the ntvfs subsystem
+ */
+NTSTATUS ntvfs_posix_init(TALLOC_CTX *ctx)
+{
+	NTSTATUS ret;
+	struct ntvfs_ops ops;
+	NTVFS_CURRENT_CRITICAL_SIZES(vers);
+
+	ZERO_STRUCT(ops);
+
+	ops.type = NTVFS_DISK;
+	
+	/* fill in all the operations */
+	ops.connect_fn = pvfs_connect;
+	ops.disconnect_fn = pvfs_disconnect;
+	ops.unlink_fn = pvfs_unlink;
+	ops.chkpath_fn = pvfs_chkpath;
+	ops.qpathinfo_fn = pvfs_qpathinfo;
+	ops.setpathinfo_fn = pvfs_setpathinfo;
+	ops.open_fn = pvfs_open;
+	ops.mkdir_fn = pvfs_mkdir;
+	ops.rmdir_fn = pvfs_rmdir;
+	ops.rename_fn = pvfs_rename;
+	ops.copy_fn = pvfs_copy;
+	ops.ioctl_fn = pvfs_ioctl;
+	ops.read_fn = pvfs_read;
+	ops.write_fn = pvfs_write;
+	ops.seek_fn = pvfs_seek;
+	ops.flush_fn = pvfs_flush;
+	ops.close_fn = pvfs_close;
+	ops.exit_fn = pvfs_exit;
+	ops.lock_fn = pvfs_lock;
+	ops.setfileinfo_fn = pvfs_setfileinfo;
+	ops.qfileinfo_fn = pvfs_qfileinfo;
+	ops.fsinfo_fn = pvfs_fsinfo;
+	ops.lpq_fn = pvfs_lpq;
+	ops.search_first_fn = pvfs_search_first;
+	ops.search_next_fn = pvfs_search_next;
+	ops.search_close_fn = pvfs_search_close;
+	ops.trans_fn = pvfs_trans;
+	ops.logoff_fn = pvfs_logoff;
+	ops.async_setup_fn = pvfs_async_setup;
+	ops.cancel_fn = pvfs_cancel;
+	ops.notify_fn = pvfs_notify;
+
+	/* register ourselves with the NTVFS subsystem. We register
+	   under the name 'default' as we wish to be the default
+	   backend, and also register as 'posix' */
+	ops.name = "default";
+	ret = ntvfs_register(&ops, &vers);
+
+	if (!NT_STATUS_IS_OK(ret)) {
+		DEBUG(0,("Failed to register POSIX backend as '%s'!\n", ops.name));
+	}
+
+	ops.name = "posix";
+	ret = ntvfs_register(&ops, &vers);
+
+	if (!NT_STATUS_IS_OK(ret)) {
+		DEBUG(0,("Failed to register POSIX backend as '%s'!\n", ops.name));
+	}
+
+	if (NT_STATUS_IS_OK(ret)) {
+		ret = ntvfs_common_init();
+	}
+
+	return ret;
+}
diff --git a/source4/ntvfs/posix/vfs_posix.h b/source4/ntvfs/posix/vfs_posix.h
new file mode 100644
index 0000000..3dbd785
--- /dev/null
+++ b/source4/ntvfs/posix/vfs_posix.h
@@ -0,0 +1,290 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   POSIX NTVFS backend - structure definitions
+
+   Copyright (C) Andrew Tridgell 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _VFS_POSIX_H_
+#define _VFS_POSIX_H_
+
+#include "librpc/gen_ndr/xattr.h"
+#include "system/filesys.h"
+#include "ntvfs/ntvfs.h"
+#include "ntvfs/common/ntvfs_common.h"
+#include "libcli/wbclient/wbclient.h"
+#include "lib/events/events.h"
+
+struct pvfs_wait;
+struct pvfs_oplock;
+
+/* this is the private structure for the posix vfs backend. It is used
+   to hold per-connection (per tree connect) state information */
+struct pvfs_state {
+	struct ntvfs_module_context *ntvfs;
+	const char *base_directory;
+	struct GUID *base_fs_uuid;
+
+	const char *share_name;
+	unsigned int flags;
+
+	struct pvfs_mangle_context *mangle_ctx;
+
+	struct brl_context *brl_context;
+	struct odb_context *odb_context;
+	struct notify_context *notify_context;
+
+	/* a list of pending async requests. Needed to support
+	   ntcancel */
+	struct pvfs_wait *wait_list;
+
+	/* the sharing violation timeout (nsecs) */
+	unsigned int sharing_violation_delay;
+
+	/* the oplock break timeout (secs) */
+	unsigned int oplock_break_timeout;
+
+	/* the write time update delay (nsecs) */
+	unsigned int writetime_delay;
+
+	/* filesystem attributes (see FS_ATTR_*) */
+	uint32_t fs_attribs;
+
+	/* if posix:eadb is set, then this gets setup */
+	struct tdb_wrap *ea_db;
+
+	/* the allocation size rounding */
+	uint32_t alloc_size_rounding;
+
+	struct {
+		/* the open files as DLINKLIST */
+		struct pvfs_file *list;
+	} files;
+
+	struct {
+		/* an id tree mapping open search ID to a pvfs_search_state structure */
+		struct idr_context *idtree;
+
+		/* the open searches as DLINKLIST */
+		struct pvfs_search_state *list;
+
+		/* how long to keep inactive searches around for */
+		unsigned int inactivity_time;
+	} search;
+
+	/* used to accelerate acl mapping */
+	struct {
+		const struct dom_sid *creator_owner;
+		const struct dom_sid *creator_group;		
+	} sid_cache;
+
+	/* the acl backend */
+	const struct pvfs_acl_ops *acl_ops;
+
+	/* non-flag share options */
+	struct {
+		mode_t dir_mask;
+		mode_t force_dir_mode;
+		mode_t create_mask;
+		mode_t force_create_mode;
+	} options;
+};
+
+/* this is the basic information needed about a file from the filesystem */
+struct pvfs_dos_fileinfo {
+	NTTIME create_time;
+	NTTIME access_time;
+	NTTIME write_time;
+	NTTIME change_time;
+	uint32_t attrib;
+	uint64_t alloc_size;
+	uint32_t nlink;
+	uint32_t ea_size;
+	uint64_t file_id;
+	uint32_t flags;
+};
+
+/*
+  this is the structure returned by pvfs_resolve_name(). It holds the posix details of
+  a filename passed by the client to any function
+*/
+struct pvfs_filename {
+	char *original_name;
+	char *full_name;
+	char *stream_name; /* does not include :$DATA suffix */
+	uint32_t stream_id;      /* this uses a hash, so is probabilistic */
+	bool has_wildcard;
+	bool exists;          /* true if the base filename exists */
+	bool stream_exists;   /* true if the stream exists */
+	bool allow_override;
+	struct stat st;
+	struct pvfs_dos_fileinfo dos;
+};
+
+
+/* open file handle state - encapsulates the posix fd
+
+   Note that this is separated from the pvfs_file structure in order
+   to cope with the openx DENY_DOS semantics where a 2nd DENY_DOS open
+   on the same connection gets the same low level filesystem handle,
+   rather than a new handle
+*/
+struct pvfs_file_handle {
+	int fd;
+
+	struct pvfs_filename *name;
+
+	/* a unique file key to be used for open file locking */
+	DATA_BLOB odb_locking_key;
+
+	uint32_t create_options;
+
+	/* this is set by the mode_information level. What does it do? */
+	uint32_t mode;
+
+	/* yes, we need 2 independent positions ... */
+	uint64_t seek_offset;
+	uint64_t position;
+
+	bool have_opendb_entry;
+
+	/*
+	 * we need to wait for oplock break requests from other processes,
+	 * and we need to remember the pvfs_file so we can correctly
+	 * forward the oplock break to the client
+	 */
+	struct pvfs_oplock *oplock;
+
+	/* we need this hook back to our parent for lock destruction */
+	struct pvfs_state *pvfs;
+
+	struct {
+		bool update_triggered;
+		struct tevent_timer *update_event;
+		bool update_on_close;
+		NTTIME close_time;
+		bool update_forced;
+	} write_time;
+
+	/* the open went through to completion */
+	bool open_completed;
+
+	uint8_t private_flags;
+};
+
+/* open file state */
+struct pvfs_file {
+	struct pvfs_file *next, *prev;
+	struct pvfs_file_handle *handle;
+	struct ntvfs_handle *ntvfs;
+
+	struct pvfs_state *pvfs;
+
+	uint32_t impersonation;
+	uint32_t share_access;
+	uint32_t access_mask;
+
+	/* a list of pending locks - used for locking cancel operations */
+	struct pvfs_pending_lock *pending_list;
+
+	/* a file handle to be used for byte range locking */
+	struct brl_handle *brl_handle;
+
+	/* a count of active locks - used to avoid calling brlock_close on
+	   file close */
+	uint64_t lock_count;
+
+	/* for directories, a buffer of pending notify events */
+	struct pvfs_notify_buffer *notify_buffer;
+
+	/* for directories, the state of an incomplete SMB2 Find */
+	struct pvfs_search_state *search;
+};
+
+/* the state of a search started with pvfs_search_first() */
+struct pvfs_search_state {
+	struct pvfs_search_state *prev, *next;
+	struct pvfs_state *pvfs;
+	uint16_t handle;
+	off_t current_index;
+	uint16_t search_attrib;
+	uint16_t must_attrib;
+	struct pvfs_dir *dir;
+	time_t last_used; /* monotonic clock time */
+	unsigned int num_ea_names;
+	struct ea_name *ea_names;
+	struct tevent_timer *te;
+};
+
+/* flags to pvfs_resolve_name() */
+#define PVFS_RESOLVE_WILDCARD    (1<<0)
+#define PVFS_RESOLVE_STREAMS     (1<<1)
+#define PVFS_RESOLVE_NO_OPENDB   (1<<2)
+
+/* flags in pvfs->flags */
+#define PVFS_FLAG_CI_FILESYSTEM  (1<<0) /* the filesystem is case insensitive */
+#define PVFS_FLAG_MAP_ARCHIVE    (1<<1)
+#define PVFS_FLAG_MAP_SYSTEM     (1<<2)
+#define PVFS_FLAG_MAP_HIDDEN     (1<<3)
+#define PVFS_FLAG_READONLY       (1<<4)
+#define PVFS_FLAG_STRICT_SYNC    (1<<5)
+#define PVFS_FLAG_STRICT_LOCKING (1<<6)
+#define PVFS_FLAG_XATTR_ENABLE   (1<<7)
+#define PVFS_FLAG_FAKE_OPLOCKS   (1<<8)
+#define PVFS_FLAG_PERM_OVERRIDE  (1<<10)
+
+/* forward declare some anonymous structures */
+struct pvfs_dir;
+
+/* types of notification for pvfs wait events */
+enum pvfs_wait_notice {PVFS_WAIT_EVENT, PVFS_WAIT_TIMEOUT, PVFS_WAIT_CANCEL};
+
+/*
+  state of a pending retry
+*/
+struct pvfs_odb_retry;
+
+#define PVFS_EADB			"posix:eadb"
+#define PVFS_XATTR			"posix:xattr"
+#define PVFS_FAKE_OPLOCKS		"posix:fakeoplocks"
+#define PVFS_SHARE_DELAY		"posix:sharedelay"
+#define PVFS_OPLOCK_TIMEOUT		"posix:oplocktimeout"
+#define PVFS_WRITETIME_DELAY		"posix:writetimeupdatedelay"
+#define PVFS_ALLOCATION_ROUNDING	"posix:allocationrounding"
+#define PVFS_SEARCH_INACTIVITY		"posix:searchinactivity"
+#define PVFS_ACL			"posix:acl"
+#define PVFS_PERM_OVERRIDE		"posix:permission override"
+
+#define PVFS_XATTR_DEFAULT			true
+#define PVFS_FAKE_OPLOCKS_DEFAULT		false
+#define PVFS_SHARE_DELAY_DEFAULT		1000000 /* nsecs */
+#define PVFS_OPLOCK_TIMEOUT_DEFAULT		30 /* secs */
+#define PVFS_WRITETIME_DELAY_DEFAULT		2000000 /* nsecs */
+#define PVFS_ALLOCATION_ROUNDING_DEFAULT	512
+#define PVFS_SEARCH_INACTIVITY_DEFAULT		300
+
+struct pvfs_acl_ops {
+	const char *name;
+	NTSTATUS (*acl_load)(struct pvfs_state *, struct pvfs_filename *, int , TALLOC_CTX *, 
+			     struct security_descriptor **);
+	NTSTATUS (*acl_save)(struct pvfs_state *, struct pvfs_filename *, int , struct security_descriptor *);
+};
+
+#include "ntvfs/posix/vfs_posix_proto.h"
+#include "ntvfs/posix/vfs_acl_proto.h"
+
+#endif /* _VFS_POSIX_H_ */
diff --git a/source4/ntvfs/posix/wscript_build b/source4/ntvfs/posix/wscript_build
new file mode 100644
index 0000000..649dea6
--- /dev/null
+++ b/source4/ntvfs/posix/wscript_build
@@ -0,0 +1,61 @@
+#!/usr/bin/env python
+
+if bld.CONFIG_SET('WITH_NTVFS_FILESERVER'):
+    bld.SAMBA_SUBSYSTEM('pvfs_acl',
+	                source='pvfs_acl.c',
+	                autoproto='vfs_acl_proto.h',
+	                deps='events samba-modules',
+    )
+
+
+    bld.SAMBA_MODULE('pvfs_acl_xattr',
+	             source='pvfs_acl_xattr.c',
+	             subsystem='pvfs_acl',
+	             init_function='pvfs_acl_xattr_init',
+	            deps='NDR_XATTR events'
+    )
+
+
+    bld.SAMBA_MODULE('pvfs_acl_nfs4',
+	             source='pvfs_acl_nfs4.c',
+	             subsystem='pvfs_acl',
+	             init_function='pvfs_acl_nfs4_init',
+	            deps='NDR_NFS4ACL samdb events'
+    )
+
+
+    bld.SAMBA_MODULE('ntvfs_posix',
+	             source='vfs_posix.c pvfs_util.c pvfs_search.c pvfs_dirlist.c pvfs_fileinfo.c pvfs_unlink.c pvfs_mkdir.c pvfs_open.c pvfs_read.c pvfs_flush.c pvfs_write.c pvfs_fsinfo.c pvfs_qfileinfo.c pvfs_setfileinfo.c pvfs_rename.c pvfs_resolve.c pvfs_shortname.c pvfs_lock.c pvfs_oplock.c pvfs_wait.c pvfs_seek.c pvfs_ioctl.c pvfs_xattr.c pvfs_streams.c pvfs_notify.c pvfs_sys.c xattr_system.c',
+	             autoproto='vfs_posix_proto.h',
+	             subsystem='ntvfs',
+	            init_function='ntvfs_posix_init',
+	             deps='NDR_XATTR attr ntvfs_common MESSAGING LIBWBCLIENT_OLD pvfs_acl posix_eadb',
+	             internal_module=True
+    )
+
+
+bld.SAMBA_LIBRARY('posix_eadb',
+                  source='posix_eadb.c',
+                  deps='tdb tdb-wrap samba-util',
+                  autoproto='posix_eadb_proto.h',
+                  private_library=True)
+
+pyparam_util = bld.pyembed_libname('pyparam_util')
+
+bld.SAMBA_PYTHON('python_xattr_native',
+        source='python/pyxattr_native.c',
+        deps='ndr ldb samdb samba-credentials %s attr' % pyparam_util,
+        realname='samba/xattr_native.so'
+        )
+
+bld.SAMBA_PYTHON('python_posix_eadb',
+	source='python/pyposix_eadb.c',
+	deps='%s posix_eadb tdb' % pyparam_util,
+	realname='samba/posix_eadb.so'
+	)
+
+bld.SAMBA_PYTHON('python_xattr_tdb',
+	source='python/pyxattr_tdb.c',
+	deps='%s xattr_tdb' % pyparam_util,
+	realname='samba/xattr_tdb.so'
+	)
diff --git a/source4/ntvfs/posix/xattr_system.c b/source4/ntvfs/posix/xattr_system.c
new file mode 100644
index 0000000..ebb2010
--- /dev/null
+++ b/source4/ntvfs/posix/xattr_system.c
@@ -0,0 +1,145 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   POSIX NTVFS backend - xattr support using filesystem xattrs
+
+   Copyright (C) Andrew Tridgell 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "vfs_posix.h"
+
+/*
+  pull a xattr as a blob, from either a file or a file descriptor
+*/
+NTSTATUS pull_xattr_blob_system(struct pvfs_state *pvfs,
+				TALLOC_CTX *mem_ctx,
+				const char *attr_name, 
+				const char *fname, 
+				int fd, 
+				size_t estimated_size,
+				DATA_BLOB *blob)
+{
+	int ret;
+
+	*blob = data_blob_talloc(mem_ctx, NULL, estimated_size+16);
+	if (blob->data == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+again:
+	if (fd != -1) {
+		ret = fgetxattr(fd, attr_name, blob->data, estimated_size);
+	} else {
+		ret = getxattr(fname, attr_name, blob->data, estimated_size);
+	}
+	if (ret == -1 && errno == ERANGE) {
+		estimated_size *= 2;
+		blob->data = talloc_realloc(mem_ctx, blob->data, 
+					    uint8_t, estimated_size);
+		if (blob->data == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		blob->length = estimated_size;
+		goto again;
+	}
+	if (ret == -1 && errno == EPERM) {
+		struct stat statbuf;
+
+		if (fd != -1) {
+			ret = fstat(fd, &statbuf);
+		} else {
+			ret = stat(fname, &statbuf);
+		}
+		if (ret == 0) {
+			/* check if this is a directory and the sticky bit is set */
+			if (S_ISDIR(statbuf.st_mode) && (statbuf.st_mode & S_ISVTX)) {
+				/* pretend we could not find the xattr */
+
+				data_blob_free(blob);
+				return NT_STATUS_NOT_FOUND;
+
+			} else {
+				/* if not this was probably a legitimate error
+				 * reset ret and errno to the correct values */
+				errno = EPERM;
+				ret = -1;
+			}
+		}
+	}
+
+	if (ret == -1) {
+		data_blob_free(blob);
+		return pvfs_map_errno(pvfs, errno);
+	}
+
+	blob->length = ret;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  push a xattr as a blob, from either a file or a file descriptor
+*/
+NTSTATUS push_xattr_blob_system(struct pvfs_state *pvfs,
+				const char *attr_name, 
+				const char *fname, 
+				int fd, 
+				const DATA_BLOB *blob)
+{
+	int ret;
+
+	if (fd != -1) {
+		ret = fsetxattr(fd, attr_name, blob->data, blob->length, 0);
+	} else {
+		ret = setxattr(fname, attr_name, blob->data, blob->length, 0);
+	}
+	if (ret == -1) {
+		return pvfs_map_errno(pvfs, errno);
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  delete a xattr
+*/
+NTSTATUS delete_xattr_system(struct pvfs_state *pvfs, const char *attr_name, 
+			     const char *fname, int fd)
+{
+	int ret;
+
+	if (fd != -1) {
+		ret = fremovexattr(fd, attr_name);
+	} else {
+		ret = removexattr(fname, attr_name);
+	}
+	if (ret == -1) {
+		return pvfs_map_errno(pvfs, errno);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  unlink a file - cleanup any xattrs
+*/
+NTSTATUS unlink_xattr_system(struct pvfs_state *pvfs, const char *fname)
+{
+	/* nothing needs to be done for filesystem based xattrs */
+	return NT_STATUS_OK;
+}
diff --git a/source4/ntvfs/simple/README b/source4/ntvfs/simple/README
new file mode 100644
index 0000000..f1de5d9
--- /dev/null
+++ b/source4/ntvfs/simple/README
@@ -0,0 +1,10 @@
+This module (ntvfs 'simple') provides a very, very simple posix backend.
+
+WARNING: All file access is done as user 'root'!!!
+	 Only use this module for testing, with only test data!!! 
+
+For activating this module use:
+
+[testshare]
+	path = /tmp/testshare
+	nfvfs handler = simple
diff --git a/source4/ntvfs/simple/svfs.h b/source4/ntvfs/simple/svfs.h
new file mode 100644
index 0000000..e5ad3b9
--- /dev/null
+++ b/source4/ntvfs/simple/svfs.h
@@ -0,0 +1,38 @@
+
+struct svfs_private {
+	struct ntvfs_module_context *ntvfs;
+
+	/* the base directory */
+	char *connectpath;
+
+	/* a linked list of open searches */
+	struct search_state *search;
+
+	/* next available search handle */
+	uint16_t next_search_handle;
+
+	struct svfs_file *open_files;
+};
+
+struct svfs_dir {
+	unsigned int count;
+	char *unix_dir;
+	struct svfs_dirfile {
+		char *name;
+		struct stat st;
+	} *files;
+};
+
+struct svfs_file {
+	struct svfs_file *next, *prev;
+	int fd;
+	struct ntvfs_handle *handle;
+	char *name;
+};
+
+struct search_state {
+	struct search_state *next, *prev;
+	uint16_t handle;
+	unsigned int current_index;
+	struct svfs_dir *dir;
+};
diff --git a/source4/ntvfs/simple/svfs_util.c b/source4/ntvfs/simple/svfs_util.c
new file mode 100644
index 0000000..fd32311
--- /dev/null
+++ b/source4/ntvfs/simple/svfs_util.c
@@ -0,0 +1,189 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   simple NTVFS filesystem backend
+
+   Copyright (C) Andrew Tridgell 2003
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+  utility functions for simple backend
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "svfs.h"
+#include "system/time.h"
+#include "system/dir.h"
+#include "ntvfs/ntvfs.h"
+#include "ntvfs/simple/proto.h"
+
+/*
+  convert a windows path to a unix path - don't do any mangling or case sensitive handling
+*/
+char *svfs_unix_path(struct ntvfs_module_context *ntvfs,
+		     struct ntvfs_request *req, const char *name)
+{
+	struct svfs_private *p = ntvfs->private_data;
+	char *ret;
+	char *name_lower = strlower_talloc(p, name);
+
+	if (*name != '\\') {
+		ret = talloc_asprintf(req, "%s/%s", p->connectpath, name_lower);
+	} else {
+		ret = talloc_asprintf(req, "%s%s", p->connectpath, name_lower);
+	}
+	all_string_sub(ret, "\\", "/", 0);
+	talloc_free(name_lower);
+	return ret;
+}
+
+
+/*
+  read a directory and find all matching file names and stat info
+  returned names are separate unix and DOS names. The returned names
+  are relative to the directory
+*/
+struct svfs_dir *svfs_list_unix(TALLOC_CTX *mem_ctx, struct ntvfs_request *req, const char *unix_path)
+{
+	char *p, *mask;
+	struct svfs_dir *dir;
+	DIR *odir;
+	struct dirent *dent;
+	unsigned int allocated = 0;
+	char *low_mask;
+
+	dir = talloc(mem_ctx, struct svfs_dir);
+	if (!dir) { return NULL; }
+
+	dir->count = 0;
+	dir->files = 0;
+
+	/* find the base directory */
+	p = strrchr(unix_path, '/');
+	if (!p) { return NULL; }
+
+	dir->unix_dir = talloc_strndup(mem_ctx, unix_path, PTR_DIFF(p, unix_path));
+	if (!dir->unix_dir) { return NULL; }
+
+	/* the wildcard pattern is the last part */
+	mask = p+1;
+
+	low_mask = strlower_talloc(mem_ctx, mask);
+	if (!low_mask) { return NULL; }
+
+	odir = opendir(dir->unix_dir);
+	if (!odir) { return NULL; }
+
+	while ((dent = readdir(odir))) {
+		unsigned int i = dir->count;
+		char *full_name;
+		char *low_name;
+
+		if (strchr(dent->d_name, ':') && !strchr(unix_path, ':')) {
+			/* don't show streams in dir listing */
+			continue;
+		}
+
+		low_name = strlower_talloc(mem_ctx, dent->d_name);
+		if (!low_name) { continue; }
+
+		/* check it matches the wildcard pattern */
+		if (ms_fnmatch_protocol(low_mask, low_name, PROTOCOL_NT1,
+					false) != 0) {
+			continue;
+		}
+		
+		if (dir->count >= allocated) {
+			allocated = (allocated + 100) * 1.2;
+			dir->files = talloc_realloc(dir, dir->files, struct svfs_dirfile, allocated);
+			if (!dir->files) { 
+				closedir(odir);
+				return NULL;
+			}
+		}
+
+		dir->files[i].name = low_name;
+		if (!dir->files[i].name) { continue; }
+
+		full_name = talloc_asprintf(mem_ctx, "%s/%s", dir->unix_dir,
+					    dir->files[i].name);
+		if (!full_name) { continue; }
+
+		if (stat(full_name, &dir->files[i].st) == 0) { 
+			dir->count++;
+		}
+
+		talloc_free(full_name);
+	}
+
+	closedir(odir);
+
+	return dir;
+}
+
+/*
+  read a directory and find all matching file names and stat info
+  returned names are separate unix and DOS names. The returned names
+  are relative to the directory
+*/
+struct svfs_dir *svfs_list(struct ntvfs_module_context *ntvfs, struct ntvfs_request *req, const char *pattern)
+{
+	struct svfs_private *p = ntvfs->private_data;
+	char *unix_path;
+
+	unix_path = svfs_unix_path(ntvfs, req, pattern);
+	if (!unix_path) { return NULL; }
+
+	return svfs_list_unix(p, req, unix_path);
+}
+
+
+/*******************************************************************
+set the time on a file via file descriptor
+*******************************************************************/
+int svfs_file_utime(int fd, struct utimbuf *times)
+{
+	char *fd_path = NULL;
+	int ret;
+
+	ret = asprintf(&fd_path, "/proc/self/%d", fd);
+	if (ret == -1) {
+		errno = ENOMEM;
+		return -1;
+	}
+
+	if (!fd_path) {
+		errno = ENOMEM;
+		return -1;
+	}
+	
+	ret = utime(fd_path, times);
+	free(fd_path);
+	return ret;
+}
+
+
+/*
+  map a unix file attrib to a DOS attribute
+*/
+uint16_t svfs_unix_to_dos_attrib(mode_t mode)
+{
+	uint16_t ret = 0;
+	if (S_ISDIR(mode)) ret |= FILE_ATTRIBUTE_DIRECTORY;
+	if (!(mode & S_IWUSR)) ret |= FILE_ATTRIBUTE_READONLY;
+	return ret;
+}
+
diff --git a/source4/ntvfs/simple/vfs_simple.c b/source4/ntvfs/simple/vfs_simple.c
new file mode 100644
index 0000000..000da41
--- /dev/null
+++ b/source4/ntvfs/simple/vfs_simple.c
@@ -0,0 +1,1112 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   simple NTVFS filesystem backend
+
+   Copyright (C) Andrew Tridgell 2003
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+  this implements a very simple NTVFS filesystem backend. 
+  
+  this backend largely ignores the POSIX -> CIFS mappings, just doing absolutely
+  minimal work to give a working backend.
+*/
+
+#include "includes.h"
+#include "system/dir.h"
+#include "system/filesys.h"
+#include "svfs.h"
+#include "system/time.h"
+#include "../lib/util/dlinklist.h"
+#include "ntvfs/ntvfs.h"
+#include "ntvfs/simple/proto.h"
+
+#ifndef O_DIRECTORY
+#define O_DIRECTORY 0
+#endif
+
+#define CHECK_READ_ONLY(req) do { if (share_bool_option(ntvfs->ctx->config, SHARE_READONLY, true)) return NT_STATUS_ACCESS_DENIED; } while (0)
+
+/*
+  connect to a share - used when a tree_connect operation comes
+  in. For a disk based backend we needs to ensure that the base
+  directory exists (tho it doesn't need to be accessible by the user,
+  that comes later)
+*/
+static NTSTATUS svfs_connect(struct ntvfs_module_context *ntvfs,
+			     struct ntvfs_request *req,
+			     union smb_tcon* tcon)
+{
+	struct stat st;
+	struct svfs_private *p;
+	struct share_config *scfg = ntvfs->ctx->config;
+	const char *sharename;
+
+	switch (tcon->generic.level) {
+	case RAW_TCON_TCON:
+		sharename = tcon->tcon.in.service;
+		break;
+	case RAW_TCON_TCONX:
+		sharename = tcon->tconx.in.path;
+		break;
+	case RAW_TCON_SMB2:
+		sharename = tcon->smb2.in.path;
+		break;
+	default:
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	if (strncmp(sharename, "\\\\", 2) == 0) {
+		char *p2 = strchr(sharename+2, '\\');
+		if (p2) {
+			sharename = p2 + 1;
+		}
+	}
+
+	p = talloc(ntvfs, struct svfs_private);
+	NT_STATUS_HAVE_NO_MEMORY(p);
+	p->ntvfs = ntvfs;
+	p->next_search_handle = 0;
+	p->connectpath = share_string_option(p, scfg, SHARE_PATH, "");
+	p->open_files = NULL;
+	p->search = NULL;
+
+	/* the directory must exist */
+	if (stat(p->connectpath, &st) != 0 || !S_ISDIR(st.st_mode)) {
+		DEBUG(0,("'%s' is not a directory, when connecting to [%s]\n", 
+			 p->connectpath, sharename));
+		return NT_STATUS_BAD_NETWORK_NAME;
+	}
+
+	ntvfs->ctx->fs_type = talloc_strdup(ntvfs->ctx, "NTFS");
+	NT_STATUS_HAVE_NO_MEMORY(ntvfs->ctx->fs_type);
+	ntvfs->ctx->dev_type = talloc_strdup(ntvfs->ctx, "A:");
+	NT_STATUS_HAVE_NO_MEMORY(ntvfs->ctx->dev_type);
+
+	if (tcon->generic.level == RAW_TCON_TCONX) {
+		tcon->tconx.out.fs_type = ntvfs->ctx->fs_type;
+		tcon->tconx.out.dev_type = ntvfs->ctx->dev_type;
+	}
+
+	ntvfs->private_data = p;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  disconnect from a share
+*/
+static NTSTATUS svfs_disconnect(struct ntvfs_module_context *ntvfs)
+{
+	return NT_STATUS_OK;
+}
+
+/*
+  find open file handle given fd
+*/
+static struct svfs_file *find_fd(struct svfs_private *sp, struct ntvfs_handle *handle)
+{
+	struct svfs_file *f;
+	void *p;
+
+	p = ntvfs_handle_get_backend_data(handle, sp->ntvfs);
+	if (!p) return NULL;
+
+	f = talloc_get_type(p, struct svfs_file);
+	if (!f) return NULL;
+
+	return f;
+}
+
+/*
+  delete a file - the dirtype specifies the file types to include in the search. 
+  The name can contain CIFS wildcards, but rarely does (except with OS/2 clients)
+*/
+static NTSTATUS svfs_unlink(struct ntvfs_module_context *ntvfs,
+			    struct ntvfs_request *req,
+			    union smb_unlink *unl)
+{
+	char *unix_path;
+
+	CHECK_READ_ONLY(req);
+
+	unix_path = svfs_unix_path(ntvfs, req, unl->unlink.in.pattern);
+
+	/* ignoring wildcards ... */
+	if (unlink(unix_path) == -1) {
+		return map_nt_error_from_unix_common(errno);
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  ioctl interface - we don't do any
+*/
+static NTSTATUS svfs_ioctl(struct ntvfs_module_context *ntvfs,
+			   struct ntvfs_request *req, union smb_ioctl *io)
+{
+	return NT_STATUS_INVALID_PARAMETER;
+}
+
+/*
+  check if a directory exists
+*/
+static NTSTATUS svfs_chkpath(struct ntvfs_module_context *ntvfs,
+			     struct ntvfs_request *req,
+			     union smb_chkpath *cp)
+{
+	char *unix_path;
+	struct stat st;
+
+	unix_path = svfs_unix_path(ntvfs, req, cp->chkpath.in.path);
+
+	if (stat(unix_path, &st) == -1) {
+		return map_nt_error_from_unix_common(errno);
+	}
+
+	if (!S_ISDIR(st.st_mode)) {
+		return NT_STATUS_NOT_A_DIRECTORY;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  build a file_id from a stat struct
+*/
+static uint64_t svfs_file_id(struct stat *st)
+{
+	uint64_t ret = st->st_ino;
+	ret <<= 32;
+	ret |= st->st_dev;
+	return ret;
+}
+
+/*
+  approximately map a struct stat to a generic fileinfo struct
+*/
+static NTSTATUS svfs_map_fileinfo(struct ntvfs_module_context *ntvfs,
+				  struct ntvfs_request *req, union smb_fileinfo *info, 
+				  struct stat *st, const char *unix_path)
+{
+	struct svfs_dir *dir = NULL;
+	char *pattern = NULL;
+	int i, ret;
+	const char *s, *short_name;
+
+	s = strrchr(unix_path, '/');
+	if (s) {
+		short_name = s+1;
+	} else {
+		short_name = "";
+	}
+
+	ret = asprintf(&pattern, "%s:*", unix_path);
+	if (ret == -1) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (pattern) {
+		dir = svfs_list_unix(req, req, pattern);
+	}
+
+	unix_to_nt_time(&info->generic.out.create_time, st->st_ctime);
+	unix_to_nt_time(&info->generic.out.access_time, st->st_atime);
+	unix_to_nt_time(&info->generic.out.write_time,  st->st_mtime);
+	unix_to_nt_time(&info->generic.out.change_time, st->st_mtime);
+	info->generic.out.alloc_size = st->st_size;
+	info->generic.out.size = st->st_size;
+	info->generic.out.attrib = svfs_unix_to_dos_attrib(st->st_mode);
+	info->generic.out.alloc_size = st->st_blksize * st->st_blocks;
+	info->generic.out.nlink = st->st_nlink;
+	info->generic.out.directory = S_ISDIR(st->st_mode) ? 1 : 0;
+	info->generic.out.file_id = svfs_file_id(st);
+	/* REWRITE: TODO stuff in here */
+	info->generic.out.delete_pending = 0;
+	info->generic.out.ea_size = 0;
+	info->generic.out.num_eas = 0;
+	info->generic.out.fname.s = talloc_strdup(req, short_name);
+	info->generic.out.alt_fname.s = talloc_strdup(req, short_name);
+	info->generic.out.compressed_size = 0;
+	info->generic.out.format = 0;
+	info->generic.out.unit_shift = 0;
+	info->generic.out.chunk_shift = 0;
+	info->generic.out.cluster_shift = 0;
+	
+	info->generic.out.access_flags = 0;
+	info->generic.out.position = 0;
+	info->generic.out.mode = 0;
+	info->generic.out.alignment_requirement = 0;
+	info->generic.out.reparse_tag = 0;
+	info->generic.out.num_streams = 0;
+	/* setup a single data stream */
+	info->generic.out.num_streams = 1 + (dir?dir->count:0);
+	info->generic.out.streams = talloc_array(req, 
+						   struct stream_struct,
+						   info->generic.out.num_streams);
+	if (!info->generic.out.streams) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	info->generic.out.streams[0].size = st->st_size;
+	info->generic.out.streams[0].alloc_size = st->st_size;
+	info->generic.out.streams[0].stream_name.s = talloc_strdup(req,"::$DATA");
+
+	for (i=0;dir && i<dir->count;i++) {
+		s = strchr(dir->files[i].name, ':');
+		info->generic.out.streams[1+i].size = dir->files[i].st.st_size;
+		info->generic.out.streams[1+i].alloc_size = dir->files[i].st.st_size;
+		info->generic.out.streams[1+i].stream_name.s = s?s:dir->files[i].name;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  return info on a pathname
+*/
+static NTSTATUS svfs_qpathinfo(struct ntvfs_module_context *ntvfs,
+			       struct ntvfs_request *req, union smb_fileinfo *info)
+{
+	char *unix_path;
+	struct stat st;
+
+	DEBUG(19,("svfs_qpathinfo: file %s level 0x%x\n", info->generic.in.file.path, info->generic.level));
+	if (info->generic.level != RAW_FILEINFO_GENERIC) {
+		return ntvfs_map_qpathinfo(ntvfs, req, info);
+	}
+	
+	unix_path = svfs_unix_path(ntvfs, req, info->generic.in.file.path);
+	DEBUG(19,("svfs_qpathinfo: file %s\n", unix_path));
+	if (stat(unix_path, &st) == -1) {
+		DEBUG(19,("svfs_qpathinfo: file %s errno=%d\n", unix_path, errno));
+		return map_nt_error_from_unix_common(errno);
+	}
+	DEBUG(19,("svfs_qpathinfo: file %s, stat done\n", unix_path));
+	return svfs_map_fileinfo(ntvfs, req, info, &st, unix_path);
+}
+
+/*
+  query info on a open file
+*/
+static NTSTATUS svfs_qfileinfo(struct ntvfs_module_context *ntvfs,
+			       struct ntvfs_request *req, union smb_fileinfo *info)
+{
+	struct svfs_private *p = ntvfs->private_data;
+	struct svfs_file *f;
+	struct stat st;
+
+	if (info->generic.level != RAW_FILEINFO_GENERIC) {
+		return ntvfs_map_qfileinfo(ntvfs, req, info);
+	}
+
+	f = find_fd(p, info->generic.in.file.ntvfs);
+	if (!f) {
+		return NT_STATUS_INVALID_HANDLE;
+	}
+	
+	if (fstat(f->fd, &st) == -1) {
+		return map_nt_error_from_unix_common(errno);
+	}
+
+	return svfs_map_fileinfo(ntvfs, req,info, &st, f->name);
+}
+
+
+/*
+  open a file
+*/
+static NTSTATUS svfs_open(struct ntvfs_module_context *ntvfs,
+			  struct ntvfs_request *req, union smb_open *io)
+{
+	struct svfs_private *p = ntvfs->private_data;
+	char *unix_path;
+	struct stat st;
+	int fd, flags;
+	struct svfs_file *f;
+	int create_flags, rdwr_flags;
+	bool readonly;
+	NTSTATUS status;
+	struct ntvfs_handle *handle;
+	
+	if (io->generic.level != RAW_OPEN_GENERIC) {
+		return ntvfs_map_open(ntvfs, req, io);
+	}
+
+	readonly = share_bool_option(ntvfs->ctx->config, SHARE_READONLY, SHARE_READONLY_DEFAULT);
+	if (readonly) {
+		create_flags = 0;
+		rdwr_flags = O_RDONLY;
+	} else {
+		create_flags = O_CREAT;
+		rdwr_flags = O_RDWR;
+	}
+
+	unix_path = svfs_unix_path(ntvfs, req, io->ntcreatex.in.fname);
+
+	switch (io->generic.in.open_disposition) {
+	case NTCREATEX_DISP_SUPERSEDE:
+	case NTCREATEX_DISP_OVERWRITE_IF:
+		flags = create_flags | O_TRUNC;
+		break;
+	case NTCREATEX_DISP_OPEN:
+	case NTCREATEX_DISP_OVERWRITE:
+		flags = 0;
+		break;
+	case NTCREATEX_DISP_CREATE:
+		flags = create_flags | O_EXCL;
+		break;
+	case NTCREATEX_DISP_OPEN_IF:
+		flags = create_flags;
+		break;
+	default:
+		flags = 0;
+		break;
+	}
+	
+	flags |= rdwr_flags;
+
+	if (io->generic.in.create_options & NTCREATEX_OPTIONS_DIRECTORY) {
+		flags = O_RDONLY | O_DIRECTORY;
+		if (readonly) {
+			goto do_open;
+		}
+		switch (io->generic.in.open_disposition) {
+		case NTCREATEX_DISP_CREATE:
+			if (mkdir(unix_path, 0755) == -1) {
+				DEBUG(9,("svfs_open: mkdir %s errno=%d\n", unix_path, errno));
+				return map_nt_error_from_unix_common(errno);
+			}
+			break;
+		case NTCREATEX_DISP_OPEN_IF:
+			if (mkdir(unix_path, 0755) == -1 && errno != EEXIST) {
+				DEBUG(9,("svfs_open: mkdir %s errno=%d\n", unix_path, errno));
+				return map_nt_error_from_unix_common(errno);
+			}
+			break;
+		}
+	}
+
+do_open:
+	fd = open(unix_path, flags, 0644);
+	if (fd == -1) {
+		return map_nt_error_from_unix_common(errno);
+	}
+
+	if (fstat(fd, &st) == -1) {
+		DEBUG(9,("svfs_open: fstat errno=%d\n", errno));
+		close(fd);
+		return map_nt_error_from_unix_common(errno);
+	}
+
+	status = ntvfs_handle_new(ntvfs, req, &handle);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	f = talloc(handle, struct svfs_file);
+	if (f == NULL) {
+		close(fd);
+		return NT_STATUS_NO_MEMORY;
+	}
+	f->fd = fd;
+	f->name = talloc_strdup(f, unix_path);
+	NT_STATUS_HAVE_NO_MEMORY(f->name);
+
+	DLIST_ADD(p->open_files, f);
+
+	status = ntvfs_handle_set_backend_data(handle, ntvfs, f);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	ZERO_STRUCT(io->generic.out);
+	
+	unix_to_nt_time(&io->generic.out.create_time, st.st_ctime);
+	unix_to_nt_time(&io->generic.out.access_time, st.st_atime);
+	unix_to_nt_time(&io->generic.out.write_time,  st.st_mtime);
+	unix_to_nt_time(&io->generic.out.change_time, st.st_mtime);
+	io->generic.out.file.ntvfs = handle;
+	io->generic.out.alloc_size = st.st_size;
+	io->generic.out.size = st.st_size;
+	io->generic.out.attrib = svfs_unix_to_dos_attrib(st.st_mode);
+	io->generic.out.is_directory = S_ISDIR(st.st_mode) ? 1 : 0;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  create a directory
+*/
+static NTSTATUS svfs_mkdir(struct ntvfs_module_context *ntvfs,
+			   struct ntvfs_request *req, union smb_mkdir *md)
+{
+	char *unix_path;
+
+	CHECK_READ_ONLY(req);
+
+	if (md->generic.level != RAW_MKDIR_MKDIR) {
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	unix_path = svfs_unix_path(ntvfs, req, md->mkdir.in.path);
+
+	if (mkdir(unix_path, 0777) == -1) {
+		return map_nt_error_from_unix_common(errno);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  remove a directory
+*/
+static NTSTATUS svfs_rmdir(struct ntvfs_module_context *ntvfs,
+			   struct ntvfs_request *req, struct smb_rmdir *rd)
+{
+	char *unix_path;
+
+	CHECK_READ_ONLY(req);
+
+	unix_path = svfs_unix_path(ntvfs, req, rd->in.path);
+
+	if (rmdir(unix_path) == -1) {
+		return map_nt_error_from_unix_common(errno);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  rename a set of files
+*/
+static NTSTATUS svfs_rename(struct ntvfs_module_context *ntvfs,
+			    struct ntvfs_request *req, union smb_rename *ren)
+{
+	char *unix_path1, *unix_path2;
+
+	CHECK_READ_ONLY(req);
+
+	if (ren->generic.level != RAW_RENAME_RENAME) {
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	unix_path1 = svfs_unix_path(ntvfs, req, ren->rename.in.pattern1);
+	unix_path2 = svfs_unix_path(ntvfs, req, ren->rename.in.pattern2);
+
+	if (rename(unix_path1, unix_path2) == -1) {
+		return map_nt_error_from_unix_common(errno);
+	}
+	
+	return NT_STATUS_OK;
+}
+
+/*
+  copy a set of files
+*/
+static NTSTATUS svfs_copy(struct ntvfs_module_context *ntvfs,
+			  struct ntvfs_request *req, struct smb_copy *cp)
+{
+	return NT_STATUS_NOT_SUPPORTED;
+}
+
+/*
+  read from a file
+*/
+static NTSTATUS svfs_read(struct ntvfs_module_context *ntvfs,
+			  struct ntvfs_request *req, union smb_read *rd)
+{
+	struct svfs_private *p = ntvfs->private_data;
+	struct svfs_file *f;
+	ssize_t ret;
+
+	if (rd->generic.level != RAW_READ_READX) {
+		return NT_STATUS_NOT_SUPPORTED;
+	}
+
+	f = find_fd(p, rd->readx.in.file.ntvfs);
+	if (!f) {
+		return NT_STATUS_INVALID_HANDLE;
+	}
+
+	ret = pread(f->fd, 
+		    rd->readx.out.data, 
+		    rd->readx.in.maxcnt,
+		    rd->readx.in.offset);
+	if (ret == -1) {
+		return map_nt_error_from_unix_common(errno);
+	}
+
+	rd->readx.out.nread = ret;
+	rd->readx.out.remaining = 0; /* should fill this in? */
+	rd->readx.out.compaction_mode = 0; 
+
+	return NT_STATUS_OK;
+}
+
+/*
+  write to a file
+*/
+static NTSTATUS svfs_write(struct ntvfs_module_context *ntvfs,
+			   struct ntvfs_request *req, union smb_write *wr)
+{
+	struct svfs_private *p = ntvfs->private_data;
+	struct svfs_file *f;
+	ssize_t ret;
+
+	if (wr->generic.level != RAW_WRITE_WRITEX) {
+		return ntvfs_map_write(ntvfs, req, wr);
+	}
+
+	CHECK_READ_ONLY(req);
+
+	f = find_fd(p, wr->writex.in.file.ntvfs);
+	if (!f) {
+		return NT_STATUS_INVALID_HANDLE;
+	}
+
+	ret = pwrite(f->fd, 
+		     wr->writex.in.data, 
+		     wr->writex.in.count,
+		     wr->writex.in.offset);
+	if (ret == -1) {
+		return map_nt_error_from_unix_common(errno);
+	}
+		
+	wr->writex.out.nwritten = ret;
+	wr->writex.out.remaining = 0; /* should fill this in? */
+	
+	return NT_STATUS_OK;
+}
+
+/*
+  seek in a file
+*/
+static NTSTATUS svfs_seek(struct ntvfs_module_context *ntvfs,
+			  struct ntvfs_request *req,
+			  union smb_seek *io)
+{
+	return NT_STATUS_NOT_SUPPORTED;
+}
+
+/*
+  flush a file
+*/
+static NTSTATUS svfs_flush(struct ntvfs_module_context *ntvfs,
+			   struct ntvfs_request *req,
+			   union smb_flush *io)
+{
+	struct svfs_private *p = ntvfs->private_data;
+	struct svfs_file *f;
+
+	switch (io->generic.level) {
+	case RAW_FLUSH_FLUSH:
+	case RAW_FLUSH_SMB2:
+		/* ignore the additional unknown option in SMB2 */
+		f = find_fd(p, io->generic.in.file.ntvfs);
+		if (!f) {
+			return NT_STATUS_INVALID_HANDLE;
+		}
+		fsync(f->fd);
+		return NT_STATUS_OK;
+
+	case RAW_FLUSH_ALL:
+		for (f=p->open_files;f;f=f->next) {
+			fsync(f->fd);
+		}
+		return NT_STATUS_OK;
+	}
+
+	return NT_STATUS_INVALID_LEVEL;
+}
+
+/*
+  close a file
+*/
+static NTSTATUS svfs_close(struct ntvfs_module_context *ntvfs,
+			   struct ntvfs_request *req,
+			   union smb_close *io)
+{
+	struct svfs_private *p = ntvfs->private_data;
+	struct svfs_file *f;
+
+	if (io->generic.level != RAW_CLOSE_CLOSE) {
+		/* we need a mapping function */
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	f = find_fd(p, io->close.in.file.ntvfs);
+	if (!f) {
+		return NT_STATUS_INVALID_HANDLE;
+	}
+
+	if (close(f->fd) == -1) {
+		return map_nt_error_from_unix_common(errno);
+	}
+
+	DLIST_REMOVE(p->open_files, f);
+	talloc_free(f->name);
+	talloc_free(f);
+
+	return NT_STATUS_OK;
+}
+
+/*
+  exit - closing files
+*/
+static NTSTATUS svfs_exit(struct ntvfs_module_context *ntvfs,
+			  struct ntvfs_request *req)
+{
+	return NT_STATUS_NOT_SUPPORTED;
+}
+
+/*
+  logoff - closing files
+*/
+static NTSTATUS svfs_logoff(struct ntvfs_module_context *ntvfs,
+			    struct ntvfs_request *req)
+{
+	return NT_STATUS_NOT_SUPPORTED;
+}
+
+/*
+  setup for an async call
+*/
+static NTSTATUS svfs_async_setup(struct ntvfs_module_context *ntvfs,
+				 struct ntvfs_request *req, 
+				 void *private_data)
+{
+	return NT_STATUS_OK;
+}
+
+/*
+  cancel an async call
+*/
+static NTSTATUS svfs_cancel(struct ntvfs_module_context *ntvfs, struct ntvfs_request *req)
+{
+	return NT_STATUS_UNSUCCESSFUL;
+}
+
+/*
+  lock a byte range
+*/
+static NTSTATUS svfs_lock(struct ntvfs_module_context *ntvfs,
+			  struct ntvfs_request *req, union smb_lock *lck)
+{
+	DEBUG(0,("REWRITE: not doing byte range locking!\n"));
+	return NT_STATUS_OK;
+}
+
+/*
+  set info on a pathname
+*/
+static NTSTATUS svfs_setpathinfo(struct ntvfs_module_context *ntvfs,
+				 struct ntvfs_request *req, union smb_setfileinfo *st)
+{
+	CHECK_READ_ONLY(req);
+
+	return NT_STATUS_NOT_SUPPORTED;
+}
+
+/*
+  set info on a open file
+*/
+static NTSTATUS svfs_setfileinfo(struct ntvfs_module_context *ntvfs,
+				 struct ntvfs_request *req, 
+				 union smb_setfileinfo *info)
+{
+	struct svfs_private *p = ntvfs->private_data;
+	struct svfs_file *f;
+	struct utimbuf unix_times;
+
+	CHECK_READ_ONLY(req);
+
+	f = find_fd(p, info->generic.in.file.ntvfs);
+	if (!f) {
+		return NT_STATUS_INVALID_HANDLE;
+	}
+	
+	switch (info->generic.level) {
+	case RAW_SFILEINFO_END_OF_FILE_INFO:
+	case RAW_SFILEINFO_END_OF_FILE_INFORMATION:
+		if (ftruncate(f->fd, 
+			      info->end_of_file_info.in.size) == -1) {
+			return map_nt_error_from_unix_common(errno);
+		}
+		break;
+	case RAW_SFILEINFO_SETATTRE:
+		unix_times.actime = info->setattre.in.access_time;
+		unix_times.modtime = info->setattre.in.write_time;
+
+		if (unix_times.actime == 0 && unix_times.modtime == 0) {
+			break;
+		} 
+
+		/* set modify time = to access time if modify time was 0 */
+		if (unix_times.actime != 0 && unix_times.modtime == 0) {
+			unix_times.modtime = unix_times.actime;
+		}
+
+		/* Set the date on this file */
+		if (svfs_file_utime(f->fd, &unix_times) != 0) {
+			return NT_STATUS_ACCESS_DENIED;
+		}
+  		break;
+	default:
+		DEBUG(2,("svfs_setfileinfo: level %d not implemented\n", 
+			 info->generic.level));
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+	return NT_STATUS_OK;
+}
+
+
+/*
+  return filesystem space info
+*/
+static NTSTATUS svfs_fsinfo(struct ntvfs_module_context *ntvfs,
+			    struct ntvfs_request *req, union smb_fsinfo *fs)
+{
+	struct svfs_private *p = ntvfs->private_data;
+	struct stat st;
+
+	if (fs->generic.level != RAW_QFS_GENERIC) {
+		return ntvfs_map_fsinfo(ntvfs, req, fs);
+	}
+
+	if (sys_fsusage(p->connectpath,
+			&fs->generic.out.blocks_free, 
+			&fs->generic.out.blocks_total) == -1) {
+		return map_nt_error_from_unix_common(errno);
+	}
+
+	fs->generic.out.block_size = 512;
+
+	if (stat(p->connectpath, &st) != 0) {
+		return NT_STATUS_DISK_CORRUPT_ERROR;
+	}
+	
+	fs->generic.out.fs_id = st.st_ino;
+	unix_to_nt_time(&fs->generic.out.create_time, st.st_ctime);
+	fs->generic.out.serial_number = st.st_ino;
+	fs->generic.out.fs_attr = 0;
+	fs->generic.out.max_file_component_length = 255;
+	fs->generic.out.device_type = 0;
+	fs->generic.out.device_characteristics = 0;
+	fs->generic.out.quota_soft = 0;
+	fs->generic.out.quota_hard = 0;
+	fs->generic.out.quota_flags = 0;
+	fs->generic.out.volume_name = talloc_strdup(req, ntvfs->ctx->config->name);
+	fs->generic.out.fs_type = ntvfs->ctx->fs_type;
+
+	return NT_STATUS_OK;
+}
+
+#if 0
+/*
+  return filesystem attribute info
+*/
+static NTSTATUS svfs_fsattr(struct ntvfs_module_context *ntvfs,
+			    struct ntvfs_request *req, union smb_fsattr *fs)
+{
+	struct stat st;
+	struct svfs_private *p = ntvfs->private_data;
+
+	if (fs->generic.level != RAW_FSATTR_GENERIC) {
+		return ntvfs_map_fsattr(ntvfs, req, fs);
+	}
+
+	if (stat(p->connectpath, &st) == -1) {
+		return map_nt_error_from_unix_common(errno);
+	}
+
+	unix_to_nt_time(&fs->generic.out.create_time, st.st_ctime);
+	fs->generic.out.fs_attr = 
+		FILE_CASE_PRESERVED_NAMES | 
+		FILE_CASE_SENSITIVE_SEARCH | 
+		FILE_PERSISTENT_ACLS;
+	fs->generic.out.max_file_component_length = 255;
+	fs->generic.out.serial_number = 1;
+	fs->generic.out.fs_type = talloc_strdup(req, "NTFS");
+	fs->generic.out.volume_name = talloc_strdup(req, 
+						    lpcfg_servicename(req->tcon->service));
+
+	return NT_STATUS_OK;
+}
+#endif
+
+/*
+  return print queue info
+*/
+static NTSTATUS svfs_lpq(struct ntvfs_module_context *ntvfs,
+			 struct ntvfs_request *req, union smb_lpq *lpq)
+{
+	return NT_STATUS_NOT_SUPPORTED;
+}
+
+/* 
+   list files in a directory matching a wildcard pattern
+*/
+static NTSTATUS svfs_search_first(struct ntvfs_module_context *ntvfs,
+				  struct ntvfs_request *req, union smb_search_first *io, 
+				  void *search_private, 
+				  bool (*callback)(void *, const union smb_search_data *))
+{
+	struct svfs_dir *dir;
+	int i;
+	struct svfs_private *p = ntvfs->private_data;
+	struct search_state *search;
+	union smb_search_data file;
+	unsigned int max_count;
+
+	if (io->generic.level != RAW_SEARCH_TRANS2) {
+		return NT_STATUS_NOT_SUPPORTED;
+	}
+
+	if (io->generic.data_level != RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO) {
+		return NT_STATUS_NOT_SUPPORTED;
+	}
+
+	search = talloc_zero(p, struct search_state);
+	if (!search) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	max_count = io->t2ffirst.in.max_count;
+
+	dir = svfs_list(ntvfs, req, io->t2ffirst.in.pattern);
+	if (!dir) {
+		return NT_STATUS_FOOBAR;
+	}
+
+	search->handle = p->next_search_handle;
+	search->dir = dir;
+
+	if (dir->count < max_count) {
+		max_count = dir->count;
+	}
+
+	for (i=0; i < max_count;i++) {
+		ZERO_STRUCT(file);
+		unix_to_nt_time(&file.both_directory_info.create_time, dir->files[i].st.st_ctime);
+		unix_to_nt_time(&file.both_directory_info.access_time, dir->files[i].st.st_atime);
+		unix_to_nt_time(&file.both_directory_info.write_time,  dir->files[i].st.st_mtime);
+		unix_to_nt_time(&file.both_directory_info.change_time, dir->files[i].st.st_mtime);
+		file.both_directory_info.name.s = dir->files[i].name;
+		file.both_directory_info.short_name.s = dir->files[i].name;
+		file.both_directory_info.size = dir->files[i].st.st_size;
+		file.both_directory_info.attrib = svfs_unix_to_dos_attrib(dir->files[i].st.st_mode);
+
+		if (!callback(search_private, &file)) {
+			break;
+		}
+	}
+
+	search->current_index = i;
+
+	io->t2ffirst.out.count = i;
+	io->t2ffirst.out.handle = search->handle;
+	io->t2ffirst.out.end_of_search = (i == dir->count) ? 1 : 0;
+
+	/* work out if we are going to keep the search state */
+	if ((io->t2ffirst.in.flags & FLAG_TRANS2_FIND_CLOSE) ||
+	    ((io->t2ffirst.in.flags & FLAG_TRANS2_FIND_CLOSE_IF_END) && (i == dir->count))) {
+		talloc_free(search);
+	} else {
+		p->next_search_handle++;
+		DLIST_ADD(p->search, search);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/* continue a search */
+static NTSTATUS svfs_search_next(struct ntvfs_module_context *ntvfs,
+				 struct ntvfs_request *req, union smb_search_next *io, 
+				 void *search_private, 
+				 bool (*callback)(void *, const union smb_search_data *))
+{
+	struct svfs_dir *dir;
+	int i;
+	struct svfs_private *p = ntvfs->private_data;
+	struct search_state *search;
+	union smb_search_data file;
+	unsigned int max_count;
+
+	if (io->generic.level != RAW_SEARCH_TRANS2) {
+		return NT_STATUS_NOT_SUPPORTED;
+	}
+
+	if (io->generic.data_level != RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO) {
+		return NT_STATUS_NOT_SUPPORTED;
+	}
+
+	for (search=p->search; search; search = search->next) {
+		if (search->handle == io->t2fnext.in.handle) break;
+	}
+	
+	if (!search) {
+		/* we didn't find the search handle */
+		return NT_STATUS_FOOBAR;
+	}
+
+	dir = search->dir;
+
+	/* the client might be asking for something other than just continuing
+	   with the search */
+	if (!(io->t2fnext.in.flags & FLAG_TRANS2_FIND_CONTINUE) &&
+	    (io->t2fnext.in.flags & FLAG_TRANS2_FIND_REQUIRE_RESUME) &&
+	    io->t2fnext.in.last_name && *io->t2fnext.in.last_name) {
+		/* look backwards first */
+		for (i=search->current_index; i > 0; i--) {
+			if (strcmp(io->t2fnext.in.last_name, dir->files[i-1].name) == 0) {
+				search->current_index = i;
+				goto found;
+			}
+		}
+
+		/* then look forwards */
+		for (i=search->current_index+1; i <= dir->count; i++) {
+			if (strcmp(io->t2fnext.in.last_name, dir->files[i-1].name) == 0) {
+				search->current_index = i;
+				goto found;
+			}
+		}
+	}
+
+found:	
+	max_count = search->current_index + io->t2fnext.in.max_count;
+
+	if (max_count > dir->count) {
+		max_count = dir->count;
+	}
+
+	for (i = search->current_index; i < max_count;i++) {
+		ZERO_STRUCT(file);
+		unix_to_nt_time(&file.both_directory_info.create_time, dir->files[i].st.st_ctime);
+		unix_to_nt_time(&file.both_directory_info.access_time, dir->files[i].st.st_atime);
+		unix_to_nt_time(&file.both_directory_info.write_time,  dir->files[i].st.st_mtime);
+		unix_to_nt_time(&file.both_directory_info.change_time, dir->files[i].st.st_mtime);
+		file.both_directory_info.name.s = dir->files[i].name;
+		file.both_directory_info.short_name.s = dir->files[i].name;
+		file.both_directory_info.size = dir->files[i].st.st_size;
+		file.both_directory_info.attrib = svfs_unix_to_dos_attrib(dir->files[i].st.st_mode);
+
+		if (!callback(search_private, &file)) {
+			break;
+		}
+	}
+
+	io->t2fnext.out.count = i - search->current_index;
+	io->t2fnext.out.end_of_search = (i == dir->count) ? 1 : 0;
+
+	search->current_index = i;
+
+	/* work out if we are going to keep the search state */
+	if ((io->t2fnext.in.flags & FLAG_TRANS2_FIND_CLOSE) ||
+	    ((io->t2fnext.in.flags & FLAG_TRANS2_FIND_CLOSE_IF_END) && (i == dir->count))) {
+		DLIST_REMOVE(p->search, search);
+		talloc_free(search);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/* close a search */
+static NTSTATUS svfs_search_close(struct ntvfs_module_context *ntvfs,
+				  struct ntvfs_request *req, union smb_search_close *io)
+{
+	struct svfs_private *p = ntvfs->private_data;
+	struct search_state *search;
+
+	for (search=p->search; search; search = search->next) {
+		if (search->handle == io->findclose.in.handle) break;
+	}
+	
+	if (!search) {
+		/* we didn't find the search handle */
+		return NT_STATUS_FOOBAR;
+	}
+
+	DLIST_REMOVE(p->search, search);
+	talloc_free(search);
+
+	return NT_STATUS_OK;
+}
+
+/* SMBtrans - not used on file shares */
+static NTSTATUS svfs_trans(struct ntvfs_module_context *ntvfs,
+			   struct ntvfs_request *req, struct smb_trans2 *trans2)
+{
+	return NT_STATUS_ACCESS_DENIED;
+}
+
+
+/*
+  initialise the POSIX disk backend, registering ourselves with the ntvfs subsystem
+ */
+NTSTATUS ntvfs_simple_init(TALLOC_CTX *ctx)
+{
+	NTSTATUS ret;
+	struct ntvfs_ops ops;
+	NTVFS_CURRENT_CRITICAL_SIZES(vers);
+
+	ZERO_STRUCT(ops);
+
+	/* fill in all the operations */
+	ops.connect_fn = svfs_connect;
+	ops.disconnect_fn = svfs_disconnect;
+	ops.unlink_fn = svfs_unlink;
+	ops.chkpath_fn = svfs_chkpath;
+	ops.qpathinfo_fn = svfs_qpathinfo;
+	ops.setpathinfo_fn = svfs_setpathinfo;
+	ops.open_fn = svfs_open;
+	ops.mkdir_fn = svfs_mkdir;
+	ops.rmdir_fn = svfs_rmdir;
+	ops.rename_fn = svfs_rename;
+	ops.copy_fn = svfs_copy;
+	ops.ioctl_fn = svfs_ioctl;
+	ops.read_fn = svfs_read;
+	ops.write_fn = svfs_write;
+	ops.seek_fn = svfs_seek;
+	ops.flush_fn = svfs_flush;
+	ops.close_fn = svfs_close;
+	ops.exit_fn = svfs_exit;
+	ops.lock_fn = svfs_lock;
+	ops.setfileinfo_fn = svfs_setfileinfo;
+	ops.qfileinfo_fn = svfs_qfileinfo;
+	ops.fsinfo_fn = svfs_fsinfo;
+	ops.lpq_fn = svfs_lpq;
+	ops.search_first_fn = svfs_search_first;
+	ops.search_next_fn = svfs_search_next;
+	ops.search_close_fn = svfs_search_close;
+	ops.trans_fn = svfs_trans;
+	ops.logoff_fn = svfs_logoff;
+	ops.async_setup_fn = svfs_async_setup;
+	ops.cancel_fn = svfs_cancel;
+
+	/* register ourselves with the NTVFS subsystem. We register
+	   under names 'simple'
+	*/
+
+	ops.type = NTVFS_DISK;
+	ops.name = "simple";
+	ret = ntvfs_register(&ops, &vers);
+
+	if (!NT_STATUS_IS_OK(ret)) {
+		DEBUG(0,("Failed to register simple backend with name: %s!\n",
+			 ops.name));
+	}
+
+	return ret;
+}
diff --git a/source4/ntvfs/sysdep/README b/source4/ntvfs/sysdep/README
new file mode 100644
index 0000000..86b473e
--- /dev/null
+++ b/source4/ntvfs/sysdep/README
@@ -0,0 +1,5 @@
+This directory contains OS dependent interfaces to facilities that
+are only available on a few of our target systems, and require
+substantial code to abstract.
+
+
diff --git a/source4/ntvfs/sysdep/inotify.c b/source4/ntvfs/sysdep/inotify.c
new file mode 100644
index 0000000..94e0b17
--- /dev/null
+++ b/source4/ntvfs/sysdep/inotify.c
@@ -0,0 +1,398 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Andrew Tridgell 2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+  notify implementation using inotify
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include <tevent.h>
+#include "ntvfs/sysdep/sys_notify.h"
+#include "../lib/util/dlinklist.h"
+#include "libcli/raw/smb.h"
+#include "param/param.h"
+
+#include <sys/inotify.h>
+
+/* glibc < 2.5 headers don't have these defines */
+#ifndef IN_ONLYDIR
+#define IN_ONLYDIR 0x01000000
+#endif
+#ifndef IN_MASK_ADD
+#define IN_MASK_ADD 0x20000000
+#endif
+
+struct inotify_private {
+	struct sys_notify_context *ctx;
+	int fd;
+	struct inotify_watch_context *watches;
+};
+
+struct inotify_watch_context {
+	struct inotify_watch_context *next, *prev;
+	struct inotify_private *in;
+	int wd;
+	sys_notify_callback_t callback;
+	void *private_data;
+	uint32_t mask; /* the inotify mask */
+	uint32_t filter; /* the windows completion filter */
+	const char *path;
+};
+
+
+/*
+  see if a particular event from inotify really does match a requested
+  notify event in SMB
+*/
+static bool filter_match(struct inotify_watch_context *w,
+			 struct inotify_event *e)
+{
+	if ((e->mask & w->mask) == 0) {
+		/* this happens because inotify_add_watch() coalesces watches on the same
+		   path, oring their masks together */
+		return false;
+	}
+
+	/* SMB separates the filters for files and directories */
+	if (e->mask & IN_ISDIR) {
+		if ((w->filter & FILE_NOTIFY_CHANGE_DIR_NAME) == 0) {
+			return false;
+		}
+	} else {
+		if ((e->mask & IN_ATTRIB) &&
+		    (w->filter & (FILE_NOTIFY_CHANGE_ATTRIBUTES|
+				  FILE_NOTIFY_CHANGE_LAST_WRITE|
+				  FILE_NOTIFY_CHANGE_LAST_ACCESS|
+				  FILE_NOTIFY_CHANGE_EA|
+				  FILE_NOTIFY_CHANGE_SECURITY))) {
+			return true;
+		}
+		if ((e->mask & IN_MODIFY) && 
+		    (w->filter & FILE_NOTIFY_CHANGE_ATTRIBUTES)) {
+			return true;
+		}
+		if ((w->filter & FILE_NOTIFY_CHANGE_FILE_NAME) == 0) {
+			return false;
+		}
+	}
+
+	return true;
+}
+	
+
+
+/*
+  dispatch one inotify event
+  
+  the cookies are used to correctly handle renames
+*/
+static void inotify_dispatch(struct inotify_private *in, 
+			     struct inotify_event *e, 
+			     uint32_t prev_cookie,
+			     struct inotify_event *e2)
+{
+	struct inotify_watch_context *w, *next;
+	struct notify_event ne;
+
+	/* ignore extraneous events, such as unmount and IN_IGNORED events */
+	if ((e->mask & (IN_ATTRIB|IN_MODIFY|IN_CREATE|IN_DELETE|
+			IN_MOVED_FROM|IN_MOVED_TO)) == 0) {
+		return;
+	}
+
+	/* map the inotify mask to a action. This gets complicated for
+	   renames */
+	if (e->mask & IN_CREATE) {
+		ne.action = NOTIFY_ACTION_ADDED;
+	} else if (e->mask & IN_DELETE) {
+		ne.action = NOTIFY_ACTION_REMOVED;
+	} else if (e->mask & IN_MOVED_FROM) {
+		if (e2 != NULL && e2->cookie == e->cookie) {
+			ne.action = NOTIFY_ACTION_OLD_NAME;
+		} else {
+			ne.action = NOTIFY_ACTION_REMOVED;
+		}
+	} else if (e->mask & IN_MOVED_TO) {
+		if (e->cookie == prev_cookie) {
+			ne.action = NOTIFY_ACTION_NEW_NAME;
+		} else {
+			ne.action = NOTIFY_ACTION_ADDED;
+		}
+	} else {
+		ne.action = NOTIFY_ACTION_MODIFIED;
+	}
+	ne.path = e->name;
+
+	/* find any watches that have this watch descriptor */
+	for (w=in->watches;w;w=next) {
+		next = w->next;
+		if (w->wd == e->wd && filter_match(w, e)) {
+			ne.dir = w->path;
+			w->callback(in->ctx, w->private_data, &ne);
+		}
+	}
+
+	/* SMB expects a file rename to generate three events, two for
+	   the rename and the other for a modify of the
+	   destination. Strange! */
+	if (ne.action != NOTIFY_ACTION_NEW_NAME ||
+	    (e->mask & IN_ISDIR) != 0) {
+		return;
+	}
+
+	ne.action = NOTIFY_ACTION_MODIFIED;
+	e->mask = IN_ATTRIB;
+	
+	for (w=in->watches;w;w=next) {
+		next = w->next;
+		if (w->wd == e->wd && filter_match(w, e) &&
+		    !(w->filter & FILE_NOTIFY_CHANGE_CREATION)) {
+			ne.dir = w->path;
+			w->callback(in->ctx, w->private_data, &ne);
+		}
+	}
+}
+
+/*
+  called when the kernel has some events for us
+*/
+static void inotify_handler(struct tevent_context *ev, struct tevent_fd *fde,
+			    uint16_t flags, void *private_data)
+{
+	struct inotify_private *in = talloc_get_type(private_data,
+						     struct inotify_private);
+	int bufsize = 0;
+	struct inotify_event *e0, *e;
+	uint32_t prev_cookie=0;
+
+	/*
+	  we must use FIONREAD as we cannot predict the length of the
+	  filenames, and thus can't know how much to allocate
+	  otherwise
+	*/
+	if (ioctl(in->fd, FIONREAD, &bufsize) != 0 || 
+	    bufsize == 0) {
+		DEBUG(0,("No data on inotify fd?!\n"));
+		return;
+	}
+
+	e0 = e = talloc_size(in, bufsize);
+	if (e == NULL) return;
+
+	if (read(in->fd, e0, bufsize) != bufsize) {
+		DEBUG(0,("Failed to read all inotify data\n"));
+		talloc_free(e0);
+		return;
+	}
+
+	/* we can get more than one event in the buffer */
+	while (bufsize >= sizeof(*e)) {
+		struct inotify_event *e2 = NULL;
+		bufsize -= e->len + sizeof(*e);
+		if (bufsize >= sizeof(*e)) {
+			e2 = (struct inotify_event *)(e->len + sizeof(*e) + (char *)e);
+		}
+		inotify_dispatch(in, e, prev_cookie, e2);
+		prev_cookie = e->cookie;
+		e = e2;
+	}
+
+	talloc_free(e0);
+}
+
+/*
+  setup the inotify handle - called the first time a watch is added on
+  this context
+*/
+static NTSTATUS inotify_setup(struct sys_notify_context *ctx)
+{
+	struct inotify_private *in;
+	struct tevent_fd *fde;
+
+	in = talloc(ctx, struct inotify_private);
+	NT_STATUS_HAVE_NO_MEMORY(in);
+
+	in->fd = inotify_init();
+	if (in->fd == -1) {
+		DEBUG(0,("Failed to init inotify - %s\n", strerror(errno)));
+		talloc_free(in);
+		return map_nt_error_from_unix_common(errno);
+	}
+	in->ctx = ctx;
+	in->watches = NULL;
+
+	ctx->private_data = in;
+
+	/* add a event waiting for the inotify fd to be readable */
+	fde = tevent_add_fd(ctx->ev, in, in->fd,
+			   TEVENT_FD_READ, inotify_handler, in);
+	if (!fde) {
+		if (errno == 0) {
+			errno = ENOMEM;
+		}
+		DEBUG(0,("Failed to tevent_add_fd() - %s\n", strerror(errno)));
+		talloc_free(in);
+		return map_nt_error_from_unix_common(errno);
+	}
+
+	tevent_fd_set_auto_close(fde);
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  map from a change notify mask to a inotify mask. Remove any bits
+  which we can handle
+*/
+static const struct {
+	uint32_t notify_mask;
+	uint32_t inotify_mask;
+} inotify_mapping[] = {
+	{FILE_NOTIFY_CHANGE_FILE_NAME,   IN_CREATE|IN_DELETE|IN_MOVED_FROM|IN_MOVED_TO},
+	{FILE_NOTIFY_CHANGE_DIR_NAME,    IN_CREATE|IN_DELETE|IN_MOVED_FROM|IN_MOVED_TO},
+	{FILE_NOTIFY_CHANGE_ATTRIBUTES,  IN_ATTRIB|IN_MOVED_TO|IN_MOVED_FROM|IN_MODIFY},
+	{FILE_NOTIFY_CHANGE_LAST_WRITE,  IN_ATTRIB},
+	{FILE_NOTIFY_CHANGE_LAST_ACCESS, IN_ATTRIB},
+	{FILE_NOTIFY_CHANGE_EA,          IN_ATTRIB},
+	{FILE_NOTIFY_CHANGE_SECURITY,    IN_ATTRIB}
+};
+
+static uint32_t inotify_map(struct notify_entry *e)
+{
+	int i;
+	uint32_t out=0;
+	for (i=0;i<ARRAY_SIZE(inotify_mapping);i++) {
+		if (inotify_mapping[i].notify_mask & e->filter) {
+			out |= inotify_mapping[i].inotify_mask;
+			e->filter &= ~inotify_mapping[i].notify_mask;
+		}
+	}
+	return out;
+}
+
+/*
+  destroy a watch
+*/
+static int watch_destructor(struct inotify_watch_context *w)
+{
+	struct inotify_private *in = w->in;
+	int wd = w->wd;
+	DLIST_REMOVE(w->in->watches, w);
+
+	/* only rm the watch if its the last one with this wd */
+	for (w=in->watches;w;w=w->next) {
+		if (w->wd == wd) break;
+	}
+	if (w == NULL) {
+		inotify_rm_watch(in->fd, wd);
+	}
+	return 0;
+}
+
+
+/*
+  add a watch. The watch is removed when the caller calls
+  talloc_free() on *handle
+*/
+static NTSTATUS inotify_watch(struct sys_notify_context *ctx,
+			      struct notify_entry *e,
+			      sys_notify_callback_t callback,
+			      void *private_data, 
+			      void *handle_p)
+{
+	struct inotify_private *in;
+	int wd;
+	uint32_t mask;
+	struct inotify_watch_context *w;
+	uint32_t filter = e->filter;
+	void **handle = (void **)handle_p;
+
+	/* maybe setup the inotify fd */
+	if (ctx->private_data == NULL) {
+		NTSTATUS status;
+		status = inotify_setup(ctx);
+		NT_STATUS_NOT_OK_RETURN(status);
+	}
+
+	in = talloc_get_type(ctx->private_data, struct inotify_private);
+
+	mask = inotify_map(e);
+	if (mask == 0) {
+		/* this filter can't be handled by inotify */
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/* using IN_MASK_ADD allows us to cope with inotify() returning the same
+	   watch descriptor for multiple watches on the same path */
+	mask |= (IN_MASK_ADD | IN_ONLYDIR);
+
+	/* get a new watch descriptor for this path */
+	wd = inotify_add_watch(in->fd, e->path, mask);
+	if (wd == -1) {
+		e->filter = filter;
+		return map_nt_error_from_unix_common(errno);
+	}
+
+	w = talloc(in, struct inotify_watch_context);
+	if (w == NULL) {
+		inotify_rm_watch(in->fd, wd);
+		e->filter = filter;
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	w->in = in;
+	w->wd = wd;
+	w->callback = callback;
+	w->private_data = private_data;
+	w->mask = mask;
+	w->filter = filter;
+	w->path = talloc_strdup(w, e->path);
+	if (w->path == NULL) {
+		inotify_rm_watch(in->fd, wd);
+		e->filter = filter;
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	(*handle) = w;
+
+	DLIST_ADD(in->watches, w);
+
+	/* the caller frees the handle to stop watching */
+	talloc_set_destructor(w, watch_destructor);
+	
+	return NT_STATUS_OK;
+}
+
+
+static struct sys_notify_backend inotify = {
+	.name = "inotify",
+	.notify_watch = inotify_watch
+};
+
+/*
+  initialise the inotify module
+ */
+NTSTATUS sys_notify_inotify_init(TALLOC_CTX *);
+NTSTATUS sys_notify_inotify_init(TALLOC_CTX *ctx)
+{
+	/* register ourselves as a system inotify module */
+	return sys_notify_register(ctx, &inotify);
+}
diff --git a/source4/ntvfs/sysdep/sys_lease.c b/source4/ntvfs/sysdep/sys_lease.c
new file mode 100644
index 0000000..1ef72f1
--- /dev/null
+++ b/source4/ntvfs/sysdep/sys_lease.c
@@ -0,0 +1,152 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Stefan Metzmacher 2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+  abstract the various kernel interfaces to leases (oplocks) into a
+  single Samba friendly interface
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "ntvfs/sysdep/sys_lease.h"
+#include "../lib/util/dlinklist.h"
+#include "param/param.h"
+#include "lib/util/samba_modules.h"
+
+#undef strcasecmp
+
+/* list of registered backends */
+static struct sys_lease_ops *backends;
+static uint32_t num_backends;
+
+#define LEASE_BACKEND	"lease:backend"
+
+/*
+  initialise a system change notify backend
+*/
+_PUBLIC_ struct sys_lease_context *sys_lease_context_create(struct share_config *scfg,
+							    TALLOC_CTX *mem_ctx,
+							    struct tevent_context *ev,
+							    struct imessaging_context *msg,
+							    sys_lease_send_break_fn break_send)
+{
+	struct sys_lease_context *ctx;
+	const char *bname;
+	int i;
+	NTSTATUS status;
+	TALLOC_CTX * tmp_ctx;
+
+	if (num_backends == 0) {
+		return NULL;
+	}
+
+	if (ev == NULL) {
+		return NULL;
+	}
+
+	ctx = talloc_zero(mem_ctx, struct sys_lease_context);
+	if (ctx == NULL) {
+		return NULL;
+	}
+
+	tmp_ctx = talloc_new(ctx);
+	if (tmp_ctx == NULL) {
+		return NULL;
+	}
+
+	ctx->event_ctx = ev;
+	ctx->msg_ctx = msg;
+	ctx->break_send = break_send;
+
+	bname = share_string_option(tmp_ctx, scfg, LEASE_BACKEND, NULL);
+	if (!bname) {
+		talloc_free(ctx);
+		return NULL;
+	}
+
+	for (i=0;i<num_backends;i++) {
+		if (strcasecmp(backends[i].name, bname) == 0) {
+			ctx->ops = &backends[i];
+			break;
+		}
+	}
+
+	if (!ctx->ops) {
+		talloc_free(ctx);
+		return NULL;
+	}
+
+	status = ctx->ops->init(ctx);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(ctx);
+		return NULL;
+	}
+
+	TALLOC_FREE(tmp_ctx);
+	return ctx;
+}
+
+/*
+  register a lease backend
+*/
+_PUBLIC_ NTSTATUS sys_lease_register(TALLOC_CTX *ctx,
+			const struct sys_lease_ops *backend)
+{
+	struct sys_lease_ops *b;
+	b = talloc_realloc(ctx, backends,
+			   struct sys_lease_ops, num_backends+1);
+	NT_STATUS_HAVE_NO_MEMORY(b);
+	backends = b;
+	backends[num_backends] = *backend;
+	num_backends++;
+	return NT_STATUS_OK;
+}
+
+_PUBLIC_ NTSTATUS sys_lease_init(void)
+{
+	static bool initialized = false;
+#define _MODULE_PROTO(init) extern NTSTATUS init(TALLOC_CTX *);
+	STATIC_sys_lease_MODULES_PROTO;
+	init_module_fn static_init[] = { STATIC_sys_lease_MODULES };
+
+	if (initialized) return NT_STATUS_OK;
+	initialized = true;
+
+	run_init_functions(NULL, static_init);
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sys_lease_setup(struct sys_lease_context *ctx,
+			 struct opendb_entry *e)
+{
+	return ctx->ops->setup(ctx, e);
+}
+
+NTSTATUS sys_lease_update(struct sys_lease_context *ctx,
+			  struct opendb_entry *e)
+{
+	return ctx->ops->update(ctx, e);
+}
+
+NTSTATUS sys_lease_remove(struct sys_lease_context *ctx,
+			  struct opendb_entry *e)
+{
+	return ctx->ops->remove(ctx, e);
+}
diff --git a/source4/ntvfs/sysdep/sys_lease.h b/source4/ntvfs/sysdep/sys_lease.h
new file mode 100644
index 0000000..8b8d4bd
--- /dev/null
+++ b/source4/ntvfs/sysdep/sys_lease.h
@@ -0,0 +1,66 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Stefan Metzmacher 2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "param/share.h"
+
+struct sys_lease_context;
+struct opendb_entry;
+struct imessaging_context;
+struct tevent_context;
+
+typedef NTSTATUS (*sys_lease_send_break_fn)(struct imessaging_context *,
+					    struct opendb_entry *,
+					    uint8_t level);
+
+struct sys_lease_ops {
+	const char *name;
+	NTSTATUS (*init)(struct sys_lease_context *ctx);
+	NTSTATUS (*setup)(struct sys_lease_context *ctx,
+			  struct opendb_entry *e);
+	NTSTATUS (*update)(struct sys_lease_context *ctx,
+			   struct opendb_entry *e);
+	NTSTATUS (*remove)(struct sys_lease_context *ctx,
+			   struct opendb_entry *e);
+};
+
+struct sys_lease_context {
+	struct tevent_context *event_ctx;
+	struct imessaging_context *msg_ctx;
+	sys_lease_send_break_fn break_send;
+	void *private_data; /* for use of backend */
+	const struct sys_lease_ops *ops;
+};
+
+NTSTATUS sys_lease_register(TALLOC_CTX *ctx, const struct sys_lease_ops *ops);
+NTSTATUS sys_lease_init(void);
+
+struct sys_lease_context *sys_lease_context_create(struct share_config *scfg,
+						   TALLOC_CTX *mem_ctx,
+						   struct tevent_context *ev,
+						   struct imessaging_context *msg_ctx,
+						   sys_lease_send_break_fn break_send);
+
+NTSTATUS sys_lease_setup(struct sys_lease_context *ctx,
+			 struct opendb_entry *e);
+
+NTSTATUS sys_lease_update(struct sys_lease_context *ctx,
+			  struct opendb_entry *e);
+
+NTSTATUS sys_lease_remove(struct sys_lease_context *ctx,
+			  struct opendb_entry *e);
diff --git a/source4/ntvfs/sysdep/sys_lease_linux.c b/source4/ntvfs/sysdep/sys_lease_linux.c
new file mode 100644
index 0000000..54c0007
--- /dev/null
+++ b/source4/ntvfs/sysdep/sys_lease_linux.c
@@ -0,0 +1,215 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Stefan Metzmacher 2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+  lease (oplock) implementation using fcntl F_SETLEASE on linux
+*/
+
+#include "includes.h"
+#include <tevent.h>
+#include "system/filesys.h"
+#include "ntvfs/sysdep/sys_lease.h"
+#include "ntvfs/ntvfs.h"
+#include "librpc/gen_ndr/ndr_opendb.h"
+#include "../lib/util/dlinklist.h"
+#include "cluster/cluster.h"
+
+NTSTATUS sys_lease_linux_init(TALLOC_CTX *);
+
+#define LINUX_LEASE_RT_SIGNAL (SIGRTMIN+1)
+
+struct linux_lease_pending {
+	struct linux_lease_pending *prev, *next;
+	struct sys_lease_context *ctx;
+	struct opendb_entry e;
+};
+
+/* the global linked list of pending leases */
+static struct linux_lease_pending *leases;
+
+static void linux_lease_signal_handler(struct tevent_context *ev_ctx,
+				       struct tevent_signal *se,
+				       int signum, int count,
+				       void *_info, void *private_data)
+{
+	struct sys_lease_context *ctx = talloc_get_type(private_data,
+					struct sys_lease_context);
+	siginfo_t *info = (siginfo_t *)_info;
+	struct linux_lease_pending *c;
+	int got_fd = info->si_fd;
+
+	for (c = leases; c; c = c->next) {
+		int *fd = (int *)c->e.fd;
+
+		if (got_fd == *fd) {
+			break;
+		}
+	}
+
+	if (!c) {
+		return;
+	}
+
+	ctx->break_send(ctx->msg_ctx, &c->e, OPLOCK_BREAK_TO_NONE);
+}
+
+static int linux_lease_pending_destructor(struct linux_lease_pending *p)
+{
+	int ret;
+	int *fd = (int *)p->e.fd;
+
+	DLIST_REMOVE(leases, p);
+
+	if (*fd == -1) {
+		return 0;
+	}
+
+	ret = fcntl(*fd, F_SETLEASE, F_UNLCK);
+	if (ret == -1) {
+		DEBUG(0,("%s: failed to remove oplock: %s\n",
+			__FUNCTION__, strerror(errno)));
+	}
+
+	return 0;
+}
+
+static NTSTATUS linux_lease_init(struct sys_lease_context *ctx)
+{
+	struct tevent_signal *se;
+
+	se = tevent_add_signal(ctx->event_ctx, ctx,
+			       LINUX_LEASE_RT_SIGNAL, SA_SIGINFO,
+			       linux_lease_signal_handler, ctx);
+	NT_STATUS_HAVE_NO_MEMORY(se);
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS linux_lease_setup(struct sys_lease_context *ctx,
+				  struct opendb_entry *e)
+{
+	int ret;
+	int *fd = (int *)e->fd;
+	struct linux_lease_pending *p;
+
+	if (e->oplock_level == OPLOCK_NONE) {
+		e->fd = NULL;
+		return NT_STATUS_OK;
+	} else if (e->oplock_level == OPLOCK_LEVEL_II) {
+		/*
+		 * the linux kernel doesn't support level2 oplocks
+		 * so fix up the granted oplock level
+		 */
+		e->oplock_level = OPLOCK_NONE;
+		e->allow_level_II_oplock = false;
+		e->fd = NULL;
+		return NT_STATUS_OK;
+	}
+
+	p = talloc(ctx, struct linux_lease_pending);
+	NT_STATUS_HAVE_NO_MEMORY(p);
+
+	p->ctx = ctx;
+	p->e = *e;
+
+	ret = fcntl(*fd, F_SETSIG, LINUX_LEASE_RT_SIGNAL);
+	if (ret == -1) {
+		talloc_free(p);
+		return map_nt_error_from_unix_common(errno);
+	}
+
+	ret = fcntl(*fd, F_SETLEASE, F_WRLCK);
+	if (ret == -1) {
+		talloc_free(p);
+		return map_nt_error_from_unix_common(errno);
+	}
+
+	DLIST_ADD(leases, p);
+
+	talloc_set_destructor(p, linux_lease_pending_destructor);
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS linux_lease_remove(struct sys_lease_context *ctx,
+				   struct opendb_entry *e);
+
+static NTSTATUS linux_lease_update(struct sys_lease_context *ctx,
+				   struct opendb_entry *e)
+{
+	struct linux_lease_pending *c;
+
+	for (c = leases; c; c = c->next) {
+		if (c->e.fd == e->fd) {
+			break;
+		}
+	}
+
+	if (!c) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	/*
+	 * set the fd pointer to NULL so that the caller
+	 * will not call the remove function as the oplock
+	 * is already removed
+	 */
+	e->fd = NULL;
+
+	talloc_free(c);
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS linux_lease_remove(struct sys_lease_context *ctx,
+				   struct opendb_entry *e)
+{
+	struct linux_lease_pending *c;
+
+	for (c = leases; c; c = c->next) {
+		if (c->e.fd == e->fd) {
+			break;
+		}
+	}
+
+	if (!c) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	talloc_free(c);
+
+	return NT_STATUS_OK;
+}
+
+static struct sys_lease_ops linux_lease_ops = {
+	.name	= "linux",
+	.init	= linux_lease_init,
+	.setup	= linux_lease_setup,
+	.update	= linux_lease_update,
+	.remove	= linux_lease_remove
+};
+
+/*
+  initialise the linux lease module
+ */
+NTSTATUS sys_lease_linux_init(TALLOC_CTX *ctx)
+{
+	/* register ourselves as a system lease module */
+	return sys_lease_register(ctx, &linux_lease_ops);
+}
diff --git a/source4/ntvfs/sysdep/sys_notify.c b/source4/ntvfs/sysdep/sys_notify.c
new file mode 100644
index 0000000..6991461
--- /dev/null
+++ b/source4/ntvfs/sysdep/sys_notify.c
@@ -0,0 +1,151 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Andrew Tridgell 2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+  abstract the various kernel interfaces to change notify into a
+  single Samba friendly interface
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "ntvfs/sysdep/sys_notify.h"
+#include <tevent.h>
+#include "../lib/util/dlinklist.h"
+#include "param/param.h"
+#include "lib/util/samba_modules.h"
+
+#undef strcasecmp
+
+/* list of registered backends */
+static struct sys_notify_backend *backends;
+static uint32_t num_backends;
+
+#define NOTIFY_BACKEND	"notify:backend"
+
+/*
+  initialise a system change notify backend
+*/
+_PUBLIC_ struct sys_notify_context *sys_notify_context_create(struct share_config *scfg,
+							      TALLOC_CTX *mem_ctx, 
+							      struct tevent_context *ev)
+{
+	struct sys_notify_context *ctx;
+	const char *bname;
+	int i;
+
+	if (num_backends == 0) {
+		return NULL;
+	}
+
+	if (ev == NULL) {
+		return NULL;
+	}
+
+	ctx = talloc_zero(mem_ctx, struct sys_notify_context);
+	if (ctx == NULL) {
+		return NULL;
+	}
+
+	ctx->ev = ev;
+
+	bname = share_string_option(ctx, scfg, NOTIFY_BACKEND, NULL);
+	if (!bname) {
+		if (num_backends) {
+			bname = backends[0].name;
+		} else {
+			bname = "__unknown__";
+		}
+	}
+
+	for (i=0;i<num_backends;i++) {
+		char *enable_opt_name;
+		bool enabled;
+		
+		enable_opt_name = talloc_asprintf(mem_ctx, "notify:%s", 
+										  backends[i].name);
+		enabled = share_bool_option(scfg, enable_opt_name, true);
+		talloc_free(enable_opt_name);
+
+		if (!enabled) 
+			continue;
+
+		if (strcasecmp(backends[i].name, bname) == 0) {
+			bname = backends[i].name;
+			break;
+		}
+	}
+
+	ctx->name = bname;
+	ctx->notify_watch = NULL;
+
+	if (i < num_backends) {
+		ctx->notify_watch = backends[i].notify_watch;
+	}
+
+	return ctx;
+}
+
+/*
+  add a watch
+
+  note that this call must modify the e->filter and e->subdir_filter
+  bits to remove ones handled by this backend. Any remaining bits will
+  be handled by the generic notify layer
+*/
+_PUBLIC_ NTSTATUS sys_notify_watch(struct sys_notify_context *ctx,
+				   struct notify_entry *e,
+				   sys_notify_callback_t callback,
+				   void *private_data, void *handle)
+{
+	if (!ctx->notify_watch) {
+		return NT_STATUS_INVALID_SYSTEM_SERVICE;
+	}
+	return ctx->notify_watch(ctx, e, callback, private_data, handle);
+}
+
+/*
+  register a notify backend
+*/
+_PUBLIC_ NTSTATUS sys_notify_register(TALLOC_CTX *ctx,
+			struct sys_notify_backend *backend)
+{
+	struct sys_notify_backend *b;
+	b = talloc_realloc(ctx, backends,
+			   struct sys_notify_backend, num_backends+1);
+	NT_STATUS_HAVE_NO_MEMORY(b);
+	backends = b;
+	backends[num_backends] = *backend;
+	num_backends++;
+	return NT_STATUS_OK;
+}
+
+_PUBLIC_ NTSTATUS sys_notify_init(void)
+{
+	static bool initialized = false;
+#define _MODULE_PROTO(init) extern NTSTATUS init(TALLOC_CTX *);
+	STATIC_sys_notify_MODULES_PROTO;
+	init_module_fn static_init[] = { STATIC_sys_notify_MODULES };
+
+	if (initialized) return NT_STATUS_OK;
+	initialized = true;
+
+	run_init_functions(NULL, static_init);
+	
+	return NT_STATUS_OK;
+}
diff --git a/source4/ntvfs/sysdep/sys_notify.h b/source4/ntvfs/sysdep/sys_notify.h
new file mode 100644
index 0000000..9e10f14
--- /dev/null
+++ b/source4/ntvfs/sysdep/sys_notify.h
@@ -0,0 +1,54 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Andrew Tridgell 2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "librpc/gen_ndr/notify.h"
+#include "param/share.h"
+
+struct sys_notify_context;
+
+typedef void (*sys_notify_callback_t)(struct sys_notify_context *, 
+				      void *, struct notify_event *ev);
+
+typedef NTSTATUS (*notify_watch_t)(struct sys_notify_context *ctx, 
+				   struct notify_entry *e,
+				   sys_notify_callback_t callback,
+				   void *private_data, 
+				   void *handle_p);
+
+struct sys_notify_context {
+	struct tevent_context *ev;
+	void *private_data; /* for use of backend */
+	const char *name;
+	notify_watch_t notify_watch;
+};
+
+struct sys_notify_backend {
+	const char *name;
+	notify_watch_t notify_watch;
+};
+
+NTSTATUS sys_notify_register(TALLOC_CTX *ctx,
+			struct sys_notify_backend *backend);
+struct sys_notify_context *sys_notify_context_create(struct share_config *scfg,
+						     TALLOC_CTX *mem_ctx, 
+						     struct tevent_context *ev);
+NTSTATUS sys_notify_watch(struct sys_notify_context *ctx, struct notify_entry *e,
+			  sys_notify_callback_t callback, void *private_data, 
+			  void *handle);
+NTSTATUS sys_notify_init(void);
diff --git a/source4/ntvfs/sysdep/wscript_build b/source4/ntvfs/sysdep/wscript_build
new file mode 100644
index 0000000..bfb4e55
--- /dev/null
+++ b/source4/ntvfs/sysdep/wscript_build
@@ -0,0 +1,31 @@
+#!/usr/bin/env python
+
+bld.SAMBA_MODULE('sys_notify_inotify',
+                 source='inotify.c',
+                 subsystem='sys_notify',
+                 init_function='sys_notify_inotify_init',
+                 deps='events inotify',
+                 enabled = bld.CONFIG_SET('HAVE_LINUX_INOTIFY')
+                 )
+
+
+bld.SAMBA_SUBSYSTEM('sys_notify',
+                    source='sys_notify.c',
+                    deps='talloc tevent'
+                    )
+
+
+bld.SAMBA_MODULE('sys_lease_linux',
+                 source='sys_lease_linux.c',
+                 deps='tevent',
+                 subsystem='sys_lease',
+                 init_function='sys_lease_linux_init',
+                 enabled = bld.CONFIG_SET('HAVE_F_SETLEASE_DECL')
+                 )
+
+
+bld.SAMBA_SUBSYSTEM('sys_lease',
+                    source='sys_lease.c',
+                    deps='talloc'
+                    )
+
diff --git a/source4/ntvfs/sysdep/wscript_configure b/source4/ntvfs/sysdep/wscript_configure
new file mode 100644
index 0000000..2035884
--- /dev/null
+++ b/source4/ntvfs/sysdep/wscript_configure
@@ -0,0 +1,13 @@
+#!/usr/bin/env python
+
+import sys
+
+# Check for inotify support (Skip if we are SunOS)
+#NOTE: illumos provides sys/inotify.h but is not an exact match for linux
+host_os = sys.platform
+if host_os.rfind('sunos') == -1:
+    conf.CHECK_HEADERS('sys/inotify.h', add_headers=False)
+    if (conf.CONFIG_SET('HAVE_SYS_INOTIFY_H')):
+        conf.DEFINE('HAVE_LINUX_INOTIFY', 1)
+
+conf.CHECK_DECLS('SA_SIGINFO', headers='signal.h', reverse=True)
diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c
new file mode 100644
index 0000000..a7729d2
--- /dev/null
+++ b/source4/ntvfs/unixuid/vfs_unixuid.c
@@ -0,0 +1,724 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   A pass-through NTVFS module to setup a security context using unix
+   uid/gid
+
+   Copyright (C) Andrew Tridgell 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "system/passwd.h"
+#include "auth/auth.h"
+#include "ntvfs/ntvfs.h"
+#include "libcli/wbclient/wbclient.h"
+#define TEVENT_DEPRECATED
+#include <tevent.h>
+#include "../lib/util/setid.h"
+
+NTSTATUS ntvfs_unixuid_init(TALLOC_CTX *);
+
+struct unixuid_private {
+	struct security_unix_token *last_sec_ctx;
+	struct security_token *last_token;
+};
+
+
+/*
+  pull the current security context into a security_unix_token
+*/
+static struct security_unix_token *save_unix_security(TALLOC_CTX *mem_ctx)
+{
+	struct security_unix_token *sec = talloc(mem_ctx, struct security_unix_token);
+	if (sec == NULL) {
+		return NULL;
+	}
+	sec->uid = geteuid();
+	sec->gid = getegid();
+	sec->ngroups = getgroups(0, NULL);
+	if (sec->ngroups == -1) {
+		talloc_free(sec);
+		return NULL;
+	}
+	sec->groups = talloc_array(sec, gid_t, sec->ngroups);
+	if (sec->groups == NULL) {
+		talloc_free(sec);
+		return NULL;
+	}
+
+	if (getgroups(sec->ngroups, sec->groups) != sec->ngroups) {
+		talloc_free(sec);
+		return NULL;
+	}
+
+	return sec;
+}
+
+/*
+  set the current security context from a security_unix_token
+*/
+static NTSTATUS set_unix_security(struct security_unix_token *sec)
+{
+	samba_seteuid(0);
+
+	if (samba_setgroups(sec->ngroups, sec->groups) != 0) {
+		DBG_ERR("*** samba_setgroups failed\n");
+		return NT_STATUS_ACCESS_DENIED;
+	}
+	if (samba_setegid(sec->gid) != 0) {
+		DBG_ERR("*** samba_setegid(%u) failed\n", sec->gid);
+		return NT_STATUS_ACCESS_DENIED;
+	}
+	if (samba_seteuid(sec->uid) != 0) {
+		DBG_ERR("*** samba_seteuid(%u) failed\n", sec->uid);
+		return NT_STATUS_ACCESS_DENIED;
+	}
+	return NT_STATUS_OK;
+}
+
+static int unixuid_nesting_level;
+
+/*
+  called at the start and end of a tevent nesting loop. Needs to save/restore
+  unix security context
+ */
+static int unixuid_event_nesting_hook(struct tevent_context *ev,
+				      void *private_data,
+				      uint32_t level,
+				      bool begin,
+				      void *stack_ptr,
+				      const char *location)
+{
+	struct security_unix_token *sec_ctx;
+
+	if (unixuid_nesting_level == 0) {
+		/* we don't need to do anything unless we are nested
+		   inside of a call in this module */
+		return 0;
+	}
+
+	if (begin) {
+		sec_ctx = save_unix_security(ev);
+		if (sec_ctx == NULL) {
+			DEBUG(0,("%s: Failed to save security context\n", location));
+			return -1;
+		}
+		*(struct security_unix_token **)stack_ptr = sec_ctx;
+		if (samba_seteuid(0) != 0 || samba_setegid(0) != 0) {
+			DEBUG(0,("%s: Failed to change to root\n", location));
+			return -1;
+		}
+	} else {
+		/* called when we come out of a nesting level */
+		NTSTATUS status;
+
+		sec_ctx = *(struct security_unix_token **)stack_ptr;
+		if (sec_ctx == NULL) {
+			/* this happens the first time this function
+			   is called, as we install the hook while
+			   inside an event in unixuid_connect() */
+			return 0;
+		}
+
+		sec_ctx = talloc_get_type_abort(sec_ctx, struct security_unix_token);
+		status = set_unix_security(sec_ctx);
+		talloc_free(sec_ctx);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0,("%s: Failed to revert security context (%s)\n",
+				 location, nt_errstr(status)));
+			return -1;
+		}
+	}
+
+	return 0;
+}
+
+
+/*
+  form a security_unix_token from the current security_token
+*/
+static NTSTATUS nt_token_to_unix_security(struct ntvfs_module_context *ntvfs,
+					  struct ntvfs_request *req,
+					  struct security_token *token,
+					  struct security_unix_token **sec)
+{
+	return security_token_to_unix_token(req, token, sec);
+}
+
+/*
+  setup our unix security context according to the session authentication info
+*/
+static NTSTATUS unixuid_setup_security(struct ntvfs_module_context *ntvfs,
+				       struct ntvfs_request *req, struct security_unix_token **sec)
+{
+	struct unixuid_private *priv = ntvfs->private_data;
+	struct security_token *token;
+	struct security_unix_token *newsec;
+	NTSTATUS status;
+
+	/* If we are asked to set up, but have not had a successful
+	 * session setup or tree connect, then these may not be filled
+	 * in.  ACCESS_DENIED is the right error code here */
+	if (req->session_info == NULL || priv == NULL) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	token = req->session_info->security_token;
+
+	*sec = save_unix_security(ntvfs);
+	if (*sec == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (token == priv->last_token) {
+		newsec = priv->last_sec_ctx;
+	} else {
+		status = nt_token_to_unix_security(ntvfs, req, token, &newsec);
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(*sec);
+			return status;
+		}
+		if (priv->last_sec_ctx) {
+			talloc_free(priv->last_sec_ctx);
+		}
+		priv->last_sec_ctx = newsec;
+		priv->last_token = token;
+		talloc_steal(priv, newsec);
+	}
+
+	status = set_unix_security(newsec);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(*sec);
+		return status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  this pass through macro operates on request contexts
+*/
+#define PASS_THRU_REQ(ntvfs, req, op, args) do { \
+	NTSTATUS status2; \
+	struct security_unix_token *sec; \
+	status = unixuid_setup_security(ntvfs, req, &sec); \
+	NT_STATUS_NOT_OK_RETURN(status); \
+	unixuid_nesting_level++; \
+	status = ntvfs_next_##op args; \
+	unixuid_nesting_level--; \
+	status2 = set_unix_security(sec); \
+	talloc_free(sec); \
+	if (!NT_STATUS_IS_OK(status2)) smb_panic("Unable to reset security context"); \
+} while (0)
+
+
+
+/*
+  connect to a share - used when a tree_connect operation comes in.
+*/
+static NTSTATUS unixuid_connect(struct ntvfs_module_context *ntvfs,
+				struct ntvfs_request *req, union smb_tcon *tcon)
+{
+	struct unixuid_private *priv;
+	NTSTATUS status;
+
+	priv = talloc(ntvfs, struct unixuid_private);
+	if (!priv) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	priv->last_sec_ctx = NULL;
+	priv->last_token = NULL;
+	ntvfs->private_data = priv;
+
+	tevent_loop_set_nesting_hook(ntvfs->ctx->event_ctx,
+				     unixuid_event_nesting_hook,
+				     &unixuid_nesting_level);
+
+	/* we don't use PASS_THRU_REQ here, as the connect operation runs with
+	   root privileges. This allows the backends to setup any database
+	   links they might need during the connect. */
+	status = ntvfs_next_connect(ntvfs, req, tcon);
+
+	return status;
+}
+
+/*
+  disconnect from a share
+*/
+static NTSTATUS unixuid_disconnect(struct ntvfs_module_context *ntvfs)
+{
+	struct unixuid_private *priv = ntvfs->private_data;
+	NTSTATUS status;
+
+	talloc_free(priv);
+	ntvfs->private_data = NULL;
+
+	status = ntvfs_next_disconnect(ntvfs);
+
+	return status;
+}
+
+
+/*
+  delete a file
+*/
+static NTSTATUS unixuid_unlink(struct ntvfs_module_context *ntvfs,
+			      struct ntvfs_request *req,
+			      union smb_unlink *unl)
+{
+	NTSTATUS status;
+
+	PASS_THRU_REQ(ntvfs, req, unlink, (ntvfs, req, unl));
+
+	return status;
+}
+
+/*
+  ioctl interface
+*/
+static NTSTATUS unixuid_ioctl(struct ntvfs_module_context *ntvfs,
+			     struct ntvfs_request *req, union smb_ioctl *io)
+{
+	NTSTATUS status;
+
+	PASS_THRU_REQ(ntvfs, req, ioctl, (ntvfs, req, io));
+
+	return status;
+}
+
+/*
+  check if a directory exists
+*/
+static NTSTATUS unixuid_chkpath(struct ntvfs_module_context *ntvfs,
+			        struct ntvfs_request *req,
+				union smb_chkpath *cp)
+{
+	NTSTATUS status;
+
+	PASS_THRU_REQ(ntvfs, req, chkpath, (ntvfs, req, cp));
+
+	return status;
+}
+
+/*
+  return info on a pathname
+*/
+static NTSTATUS unixuid_qpathinfo(struct ntvfs_module_context *ntvfs,
+				 struct ntvfs_request *req, union smb_fileinfo *info)
+{
+	NTSTATUS status;
+
+	PASS_THRU_REQ(ntvfs, req, qpathinfo, (ntvfs, req, info));
+
+	return status;
+}
+
+/*
+  query info on a open file
+*/
+static NTSTATUS unixuid_qfileinfo(struct ntvfs_module_context *ntvfs,
+				 struct ntvfs_request *req, union smb_fileinfo *info)
+{
+	NTSTATUS status;
+
+	PASS_THRU_REQ(ntvfs, req, qfileinfo, (ntvfs, req, info));
+
+	return status;
+}
+
+
+/*
+  set info on a pathname
+*/
+static NTSTATUS unixuid_setpathinfo(struct ntvfs_module_context *ntvfs,
+				   struct ntvfs_request *req, union smb_setfileinfo *st)
+{
+	NTSTATUS status;
+
+	PASS_THRU_REQ(ntvfs, req, setpathinfo, (ntvfs, req, st));
+
+	return status;
+}
+
+/*
+  open a file
+*/
+static NTSTATUS unixuid_open(struct ntvfs_module_context *ntvfs,
+			     struct ntvfs_request *req, union smb_open *io)
+{
+	NTSTATUS status;
+
+	PASS_THRU_REQ(ntvfs, req, open, (ntvfs, req, io));
+
+	return status;
+}
+
+/*
+  create a directory
+*/
+static NTSTATUS unixuid_mkdir(struct ntvfs_module_context *ntvfs,
+			     struct ntvfs_request *req, union smb_mkdir *md)
+{
+	NTSTATUS status;
+
+	PASS_THRU_REQ(ntvfs, req, mkdir, (ntvfs, req, md));
+
+	return status;
+}
+
+/*
+  remove a directory
+*/
+static NTSTATUS unixuid_rmdir(struct ntvfs_module_context *ntvfs,
+			     struct ntvfs_request *req, struct smb_rmdir *rd)
+{
+	NTSTATUS status;
+
+	PASS_THRU_REQ(ntvfs, req, rmdir, (ntvfs, req, rd));
+
+	return status;
+}
+
+/*
+  rename a set of files
+*/
+static NTSTATUS unixuid_rename(struct ntvfs_module_context *ntvfs,
+			      struct ntvfs_request *req, union smb_rename *ren)
+{
+	NTSTATUS status;
+
+	PASS_THRU_REQ(ntvfs, req, rename, (ntvfs, req, ren));
+
+	return status;
+}
+
+/*
+  copy a set of files
+*/
+static NTSTATUS unixuid_copy(struct ntvfs_module_context *ntvfs,
+			    struct ntvfs_request *req, struct smb_copy *cp)
+{
+	NTSTATUS status;
+
+	PASS_THRU_REQ(ntvfs, req, copy, (ntvfs, req, cp));
+
+	return status;
+}
+
+/*
+  read from a file
+*/
+static NTSTATUS unixuid_read(struct ntvfs_module_context *ntvfs,
+			    struct ntvfs_request *req, union smb_read *rd)
+{
+	NTSTATUS status;
+
+	PASS_THRU_REQ(ntvfs, req, read, (ntvfs, req, rd));
+
+	return status;
+}
+
+/*
+  write to a file
+*/
+static NTSTATUS unixuid_write(struct ntvfs_module_context *ntvfs,
+			     struct ntvfs_request *req, union smb_write *wr)
+{
+	NTSTATUS status;
+
+	PASS_THRU_REQ(ntvfs, req, write, (ntvfs, req, wr));
+
+	return status;
+}
+
+/*
+  seek in a file
+*/
+static NTSTATUS unixuid_seek(struct ntvfs_module_context *ntvfs,
+			     struct ntvfs_request *req,
+			     union smb_seek *io)
+{
+	NTSTATUS status;
+
+	PASS_THRU_REQ(ntvfs, req, seek, (ntvfs, req, io));
+
+	return status;
+}
+
+/*
+  flush a file
+*/
+static NTSTATUS unixuid_flush(struct ntvfs_module_context *ntvfs,
+			      struct ntvfs_request *req,
+			      union smb_flush *io)
+{
+	NTSTATUS status;
+
+	PASS_THRU_REQ(ntvfs, req, flush, (ntvfs, req, io));
+
+	return status;
+}
+
+/*
+  close a file
+*/
+static NTSTATUS unixuid_close(struct ntvfs_module_context *ntvfs,
+			     struct ntvfs_request *req, union smb_close *io)
+{
+	NTSTATUS status;
+
+	PASS_THRU_REQ(ntvfs, req, close, (ntvfs, req, io));
+
+	return status;
+}
+
+/*
+  exit - closing files
+*/
+static NTSTATUS unixuid_exit(struct ntvfs_module_context *ntvfs,
+			    struct ntvfs_request *req)
+{
+	NTSTATUS status;
+
+	PASS_THRU_REQ(ntvfs, req, exit, (ntvfs, req));
+
+	return status;
+}
+
+/*
+  logoff - closing files
+*/
+static NTSTATUS unixuid_logoff(struct ntvfs_module_context *ntvfs,
+			      struct ntvfs_request *req)
+{
+	struct unixuid_private *priv = ntvfs->private_data;
+	NTSTATUS status;
+
+	PASS_THRU_REQ(ntvfs, req, logoff, (ntvfs, req));
+
+	priv->last_token = NULL;
+
+	return status;
+}
+
+/*
+  async setup
+*/
+static NTSTATUS unixuid_async_setup(struct ntvfs_module_context *ntvfs,
+				    struct ntvfs_request *req,
+				    void *private_data)
+{
+	NTSTATUS status;
+
+	PASS_THRU_REQ(ntvfs, req, async_setup, (ntvfs, req, private_data));
+
+	return status;
+}
+
+/*
+  cancel an async request
+*/
+static NTSTATUS unixuid_cancel(struct ntvfs_module_context *ntvfs,
+			       struct ntvfs_request *req)
+{
+	NTSTATUS status;
+
+	PASS_THRU_REQ(ntvfs, req, cancel, (ntvfs, req));
+
+	return status;
+}
+
+/*
+  change notify
+*/
+static NTSTATUS unixuid_notify(struct ntvfs_module_context *ntvfs,
+			       struct ntvfs_request *req, union smb_notify *info)
+{
+	NTSTATUS status;
+
+	PASS_THRU_REQ(ntvfs, req, notify, (ntvfs, req, info));
+
+	return status;
+}
+
+/*
+  lock a byte range
+*/
+static NTSTATUS unixuid_lock(struct ntvfs_module_context *ntvfs,
+			    struct ntvfs_request *req, union smb_lock *lck)
+{
+	NTSTATUS status;
+
+	PASS_THRU_REQ(ntvfs, req, lock, (ntvfs, req, lck));
+
+	return status;
+}
+
+/*
+  set info on a open file
+*/
+static NTSTATUS unixuid_setfileinfo(struct ntvfs_module_context *ntvfs,
+				   struct ntvfs_request *req,
+				   union smb_setfileinfo *info)
+{
+	NTSTATUS status;
+
+	PASS_THRU_REQ(ntvfs, req, setfileinfo, (ntvfs, req, info));
+
+	return status;
+}
+
+
+/*
+  return filesystem space info
+*/
+static NTSTATUS unixuid_fsinfo(struct ntvfs_module_context *ntvfs,
+			      struct ntvfs_request *req, union smb_fsinfo *fs)
+{
+	NTSTATUS status;
+
+	PASS_THRU_REQ(ntvfs, req, fsinfo, (ntvfs, req, fs));
+
+	return status;
+}
+
+/*
+  return print queue info
+*/
+static NTSTATUS unixuid_lpq(struct ntvfs_module_context *ntvfs,
+			   struct ntvfs_request *req, union smb_lpq *lpq)
+{
+	NTSTATUS status;
+
+	PASS_THRU_REQ(ntvfs, req, lpq, (ntvfs, req, lpq));
+
+	return status;
+}
+
+/*
+   list files in a directory matching a wildcard pattern
+*/
+static NTSTATUS unixuid_search_first(struct ntvfs_module_context *ntvfs,
+				    struct ntvfs_request *req, union smb_search_first *io,
+				    void *search_private,
+				    bool (*callback)(void *, const union smb_search_data *))
+{
+	NTSTATUS status;
+
+	PASS_THRU_REQ(ntvfs, req, search_first, (ntvfs, req, io, search_private, callback));
+
+	return status;
+}
+
+/* continue a search */
+static NTSTATUS unixuid_search_next(struct ntvfs_module_context *ntvfs,
+				   struct ntvfs_request *req, union smb_search_next *io,
+				   void *search_private,
+				   bool (*callback)(void *, const union smb_search_data *))
+{
+	NTSTATUS status;
+
+	PASS_THRU_REQ(ntvfs, req, search_next, (ntvfs, req, io, search_private, callback));
+
+	return status;
+}
+
+/* close a search */
+static NTSTATUS unixuid_search_close(struct ntvfs_module_context *ntvfs,
+				    struct ntvfs_request *req, union smb_search_close *io)
+{
+	NTSTATUS status;
+
+	PASS_THRU_REQ(ntvfs, req, search_close, (ntvfs, req, io));
+
+	return status;
+}
+
+/* SMBtrans - not used on file shares */
+static NTSTATUS unixuid_trans(struct ntvfs_module_context *ntvfs,
+			     struct ntvfs_request *req, struct smb_trans2 *trans2)
+{
+	NTSTATUS status;
+
+	PASS_THRU_REQ(ntvfs, req, trans, (ntvfs, req, trans2));
+
+	return status;
+}
+
+/*
+  initialise the unixuid backend, registering ourselves with the ntvfs subsystem
+ */
+NTSTATUS ntvfs_unixuid_init(TALLOC_CTX *ctx)
+{
+	NTSTATUS ret;
+	struct ntvfs_ops ops;
+	NTVFS_CURRENT_CRITICAL_SIZES(vers);
+
+	ZERO_STRUCT(ops);
+
+	/* fill in all the operations */
+	ops.connect_fn = unixuid_connect;
+	ops.disconnect_fn = unixuid_disconnect;
+	ops.unlink_fn = unixuid_unlink;
+	ops.chkpath_fn = unixuid_chkpath;
+	ops.qpathinfo_fn = unixuid_qpathinfo;
+	ops.setpathinfo_fn = unixuid_setpathinfo;
+	ops.open_fn = unixuid_open;
+	ops.mkdir_fn = unixuid_mkdir;
+	ops.rmdir_fn = unixuid_rmdir;
+	ops.rename_fn = unixuid_rename;
+	ops.copy_fn = unixuid_copy;
+	ops.ioctl_fn = unixuid_ioctl;
+	ops.read_fn = unixuid_read;
+	ops.write_fn = unixuid_write;
+	ops.seek_fn = unixuid_seek;
+	ops.flush_fn = unixuid_flush;
+	ops.close_fn = unixuid_close;
+	ops.exit_fn = unixuid_exit;
+	ops.lock_fn = unixuid_lock;
+	ops.setfileinfo_fn = unixuid_setfileinfo;
+	ops.qfileinfo_fn = unixuid_qfileinfo;
+	ops.fsinfo_fn = unixuid_fsinfo;
+	ops.lpq_fn = unixuid_lpq;
+	ops.search_first_fn = unixuid_search_first;
+	ops.search_next_fn = unixuid_search_next;
+	ops.search_close_fn = unixuid_search_close;
+	ops.trans_fn = unixuid_trans;
+	ops.logoff_fn = unixuid_logoff;
+	ops.async_setup_fn = unixuid_async_setup;
+	ops.cancel_fn = unixuid_cancel;
+	ops.notify_fn = unixuid_notify;
+
+	ops.name = "unixuid";
+
+	/* we register under all 3 backend types, as we are not type specific */
+	ops.type = NTVFS_DISK;
+	ret = ntvfs_register(&ops, &vers);
+	if (!NT_STATUS_IS_OK(ret)) goto failed;
+
+	ops.type = NTVFS_PRINT;
+	ret = ntvfs_register(&ops, &vers);
+	if (!NT_STATUS_IS_OK(ret)) goto failed;
+
+	ops.type = NTVFS_IPC;
+	ret = ntvfs_register(&ops, &vers);
+	if (!NT_STATUS_IS_OK(ret)) goto failed;
+
+failed:
+	return ret;
+}
diff --git a/source4/ntvfs/unixuid/wscript_build b/source4/ntvfs/unixuid/wscript_build
new file mode 100644
index 0000000..56fd42d
--- /dev/null
+++ b/source4/ntvfs/unixuid/wscript_build
@@ -0,0 +1,9 @@
+#!/usr/bin/env python
+
+bld.SAMBA_MODULE('ntvfs_unixuid',
+	source='vfs_unixuid.c',
+	subsystem='ntvfs',
+	init_function='ntvfs_unixuid_init',
+	deps='auth_unix_token talloc'
+	)
+
diff --git a/source4/ntvfs/wscript_build b/source4/ntvfs/wscript_build
new file mode 100644
index 0000000..3b81216
--- /dev/null
+++ b/source4/ntvfs/wscript_build
@@ -0,0 +1,40 @@
+#!/usr/bin/env python
+
+bld.SAMBA_LIBRARY('ntvfs',
+                  source='ntvfs_base.c ntvfs_generic.c ntvfs_interface.c ntvfs_util.c',
+                  autoproto='ntvfs_proto.h',
+                  deps='tevent samba-modules',
+                  private_library=True,
+	          enabled=bld.CONFIG_SET('WITH_NTVFS_FILESERVER')
+                  )
+
+bld.RECURSE('posix')
+if bld.CONFIG_SET('WITH_NTVFS_FILESERVER'):
+    bld.RECURSE('common')
+    bld.RECURSE('unixuid')
+    bld.RECURSE('sysdep')
+
+    bld.SAMBA_MODULE('ntvfs_cifs',
+	             source='cifs/vfs_cifs.c',
+	             subsystem='ntvfs',
+	             init_function='ntvfs_cifs_init',
+	             deps='LIBCLI_SMB smbclient-raw param_options'
+    )
+
+
+    bld.SAMBA_MODULE('ntvfs_simple',
+	             source='simple/vfs_simple.c simple/svfs_util.c',
+	             autoproto='simple/proto.h',
+	             subsystem='ntvfs',
+	             init_function='ntvfs_simple_init',
+	             deps='talloc'
+    )
+
+
+    bld.SAMBA_MODULE('ntvfs_ipc',
+	             source='ipc/vfs_ipc.c ipc/ipc_rap.c ipc/rap_server.c',
+	             autoproto='ipc/proto.h',
+	            subsystem='ntvfs',
+	             init_function='ntvfs_ipc_init',
+	             deps='NDR_NAMED_PIPE_AUTH npa_tstream gssapi samba-credentials DCERPC_SHARE'
+    )
diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c
new file mode 100644
index 0000000..7d3891d
--- /dev/null
+++ b/source4/param/loadparm.c
@@ -0,0 +1,77 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Parameter loading functions
+   Copyright (C) Karl Auer 1993-1998
+
+   Largely re-written by Andrew Tridgell, September 1994
+
+   Copyright (C) Simo Sorce 2001
+   Copyright (C) Alexander Bokovoy 2002
+   Copyright (C) Stefan (metze) Metzmacher 2002
+   Copyright (C) Jim McDonough (jmcd@us.ibm.com)  2003.
+   Copyright (C) James Myers 2003 <myersjj@samba.org>
+   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/param/param.h"
+#include "libcli/raw/libcliraw.h"
+#include "librpc/ndr/libndr.h"
+#include "libcli/smb/smb2_negotiate_context.h"
+
+void lpcfg_smbcli_options(struct loadparm_context *lp_ctx,
+			 struct smbcli_options *options)
+{
+	struct GUID client_guid;
+	const char *str = NULL;
+
+	str = lpcfg_parm_string(lp_ctx, NULL, "libsmb", "client_guid");
+	if (str != NULL) {
+		GUID_from_string(str, &client_guid);
+	} else {
+		client_guid = GUID_random();
+	}
+	*options = (struct smbcli_options) {
+		.max_xmit = lpcfg_max_xmit(lp_ctx),
+		.max_mux = lpcfg_max_mux(lp_ctx),
+		.use_spnego = lpcfg_nt_status_support(lp_ctx) && lpcfg_client_use_spnego(lp_ctx),
+		.signing = lpcfg_client_signing(lp_ctx),
+		.request_timeout = SMB_REQUEST_TIMEOUT,
+		.ntstatus_support = lpcfg_nt_status_support(lp_ctx),
+		.min_protocol = lpcfg_client_min_protocol(lp_ctx),
+		.max_protocol = lpcfg__client_max_protocol(lp_ctx),
+		.unicode = lpcfg_unicode(lp_ctx),
+		.use_oplocks = true,
+		.use_level2_oplocks = true,
+		.smb2_capabilities = SMB2_CAP_ALL,
+		.client_guid = client_guid,
+		.max_credits = WINDOWS_CLIENT_PURE_SMB2_NEGPROT_INITIAL_CREDIT_ASK,
+		.smb3_capabilities = smb311_capabilities_parse("client",
+			lpcfg_client_smb3_signing_algorithms(lp_ctx),
+			lpcfg_client_smb3_encryption_algorithms(lp_ctx)),
+	};
+}
+
+void lpcfg_smbcli_session_options(struct loadparm_context *lp_ctx,
+				 struct smbcli_session_options *options)
+{
+	*options = (struct smbcli_session_options) {
+		.lanman_auth = lpcfg_client_lanman_auth(lp_ctx),
+		.ntlmv2_auth = lpcfg_client_ntlmv2_auth(lp_ctx),
+		.plaintext_auth = lpcfg_client_plaintext_auth(lp_ctx),
+	};
+}
+
diff --git a/source4/param/provision.c b/source4/param/provision.c
new file mode 100644
index 0000000..a084aec
--- /dev/null
+++ b/source4/param/provision.c
@@ -0,0 +1,571 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2008-2009
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "lib/replace/system/python.h"
+#include "python/py3compat.h"
+#include <ldb.h>
+#include <pyldb.h>
+#include "includes.h"
+#include "librpc/ndr/libndr.h"
+#include "param/provision.h"
+#include "param/secrets.h"
+#include <pytalloc.h>
+#include "python/modules.h"
+#include "param/pyparam.h"
+#include "dynconfig/dynconfig.h"
+
+static bool dict_insert(PyObject* dict,
+			const char* key,
+			PyObject* value)
+{
+	if (value == NULL) {
+		return false;
+	}
+	if (PyDict_SetItemString(dict, key, value) == -1) {
+		Py_XDECREF(value);
+		return false;
+	}
+	Py_XDECREF(value);
+	return true;
+}
+
+static PyObject *provision_module(void)
+{
+	PyObject *name = PyUnicode_FromString("samba.provision");
+	PyObject *mod = NULL;
+	if (name == NULL)
+		return NULL;
+	mod = PyImport_Import(name);
+	Py_CLEAR(name);
+	return mod;
+}
+
+static PyObject *schema_module(void)
+{
+	PyObject *name = PyUnicode_FromString("samba.schema");
+	PyObject *mod = NULL;
+	if (name == NULL)
+		return NULL;
+	mod = PyImport_Import(name);
+	Py_CLEAR(name);
+	return mod;
+}
+
+static PyObject *ldb_module(void)
+{
+	PyObject *name = PyUnicode_FromString("ldb");
+	PyObject *mod = NULL;
+	if (name == NULL)
+		return NULL;
+	mod = PyImport_Import(name);
+	Py_CLEAR(name);
+	return mod;
+}
+
+static PyObject *PyLdb_FromLdbContext(struct ldb_context *ldb_ctx)
+{
+	PyLdbObject *ret;
+	PyObject *ldb_mod = ldb_module();
+	PyTypeObject *ldb_ctx_type;
+	if (ldb_mod == NULL)
+		return NULL;
+
+	ldb_ctx_type = (PyTypeObject *)PyObject_GetAttrString(ldb_mod, "Ldb");
+
+	ret = (PyLdbObject *)ldb_ctx_type->tp_alloc(ldb_ctx_type, 0);
+	if (ret == NULL) {
+		PyErr_NoMemory();
+		Py_XDECREF(ldb_ctx_type);
+		return NULL;
+	}
+	ret->mem_ctx = talloc_new(NULL);
+	ret->ldb_ctx = talloc_reference(ret->mem_ctx, ldb_ctx);
+	Py_XDECREF(ldb_ctx_type);
+	return (PyObject *)ret;
+}
+
+static PyObject *call_wrapper(PyObject *callable, PyObject *kwargs)
+{
+	/*
+	 * Helper for calls with zero non-keyword arguments.
+	 */
+	PyObject *empty = PyTuple_New(0), *result = NULL;
+	SMB_ASSERT(empty);
+	result = PyObject_Call(callable, empty, kwargs);
+	Py_XDECREF(empty);
+	return result;
+}
+
+NTSTATUS provision_bare(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx,
+			struct provision_settings *settings, 
+			struct provision_result *result)
+{
+	const char *configfile;
+	PyObject *provision_mod = NULL, *provision_dict = NULL;
+	PyObject *provision_fn = NULL, *py_result = NULL;
+	PyObject *parameters = NULL, *py_lp_ctx = NULL, *py_domaindn = NULL;
+
+	struct ldb_context *samdb;
+	NTSTATUS status = NT_STATUS_OK;
+	
+	DEBUG(0,("Provision for Become-DC test using python\n"));
+
+	Py_Initialize();
+	py_update_path(); /* Put the samba path at the start of sys.path */
+
+	provision_mod = provision_module();
+
+	if (provision_mod == NULL) {
+		PyErr_Print();
+		DEBUG(0, ("Unable to import provision Python module.\n"));
+	      	return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	provision_dict = PyModule_GetDict(provision_mod);
+
+	if (provision_dict == NULL) {
+		DEBUG(0, ("Unable to get dictionary for provision module\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	provision_fn = PyDict_GetItemString(provision_dict, "provision_become_dc");
+	if (provision_fn == NULL) {
+		PyErr_Print();
+		DEBUG(0, ("Unable to get provision_become_dc function\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	
+	DEBUG(0,("New Server in Site[%s]\n", 
+		 settings->site_name));
+
+	DEBUG(0,("DSA Instance [%s]\n"
+		"\tinvocationId[%s]\n",
+		settings->ntds_dn_str,
+		settings->invocation_id == NULL?"None":GUID_string(mem_ctx, settings->invocation_id)));
+
+	DEBUG(0,("Paths under targetdir[%s]\n",
+		 settings->targetdir));
+	parameters = PyDict_New();
+
+	configfile = lpcfg_configfile(lp_ctx);
+	if (configfile != NULL) {
+		if (!dict_insert(parameters, "smbconf",
+				 PyUnicode_FromString(configfile))) {
+			status = NT_STATUS_UNSUCCESSFUL;
+			goto out;
+		}
+	}
+
+	if (!dict_insert(parameters,
+			 "rootdn",
+			 PyUnicode_FromString(settings->root_dn_str))) {
+		status = NT_STATUS_UNSUCCESSFUL;
+		goto out;
+	}
+	if (settings->targetdir != NULL) {
+		if (!dict_insert(parameters,
+				 "targetdir",
+				 PyUnicode_FromString(settings->targetdir))) {
+			status = NT_STATUS_UNSUCCESSFUL;
+			goto out;
+		}
+	}
+	if (!dict_insert(parameters,
+			 "hostname",
+			 PyUnicode_FromString(settings->netbios_name))) {
+		status = NT_STATUS_UNSUCCESSFUL;
+		goto out;
+	}
+	if (!dict_insert(parameters,
+			 "domain",
+			 PyUnicode_FromString(settings->domain))) {
+		status = NT_STATUS_UNSUCCESSFUL;
+		goto out;
+	}
+	if (!dict_insert(parameters,
+			 "realm",
+			 PyUnicode_FromString(settings->realm))) {
+		status = NT_STATUS_UNSUCCESSFUL;
+		goto out;
+	}
+	if (settings->root_dn_str) {
+		if (!dict_insert(parameters,
+				 "rootdn",
+				 PyUnicode_FromString(settings->root_dn_str))) {
+			status = NT_STATUS_UNSUCCESSFUL;
+			goto out;
+		}
+	}
+
+	if (settings->domain_dn_str) {
+		if (!dict_insert(parameters,
+				 "domaindn",
+				 PyUnicode_FromString(settings->domain_dn_str))) {
+			status = NT_STATUS_UNSUCCESSFUL;
+			goto out;
+		}
+	}
+
+	if (settings->schema_dn_str) {
+		if (!dict_insert(parameters,
+				 "schemadn",
+				 PyUnicode_FromString(settings->schema_dn_str))) {
+			status = NT_STATUS_UNSUCCESSFUL;
+			goto out;
+		}
+	}
+	if (settings->config_dn_str) {
+		if (!dict_insert(parameters,
+				 "configdn",
+				 PyUnicode_FromString(settings->config_dn_str))) {
+			status = NT_STATUS_UNSUCCESSFUL;
+			goto out;
+		}
+	}
+	if (settings->server_dn_str) {
+		if (!dict_insert(parameters,
+				 "serverdn",
+				 PyUnicode_FromString(settings->server_dn_str))) {
+			status = NT_STATUS_UNSUCCESSFUL;
+			goto out;
+		}
+	}
+	if (settings->site_name) {
+		if (!dict_insert(parameters,
+				 "sitename",
+				  PyUnicode_FromString(settings->site_name))) {
+			status = NT_STATUS_UNSUCCESSFUL;
+			goto out;
+		}
+	}
+
+	if (!dict_insert(parameters,
+			 "machinepass",
+			 PyUnicode_FromString(settings->machine_password))){
+		status = NT_STATUS_UNSUCCESSFUL;
+		goto out;
+	}
+
+	if (!dict_insert(parameters,
+			 "debuglevel",
+			 PyLong_FromLong(DEBUGLEVEL))) {
+		status = NT_STATUS_UNSUCCESSFUL;
+		goto out;
+	}
+
+	if (!dict_insert(parameters,
+			 "use_ntvfs",
+			 PyLong_FromLong(settings->use_ntvfs))) {
+		status = NT_STATUS_UNSUCCESSFUL;
+		goto out;
+	}
+
+	py_result = call_wrapper(provision_fn, parameters);
+
+	if (py_result == NULL) {
+		status = NT_STATUS_UNSUCCESSFUL;
+		goto out;
+	}
+
+	py_domaindn = PyObject_GetAttrString(py_result, "domaindn");
+	result->domaindn = talloc_strdup(mem_ctx, PyUnicode_AsUTF8(py_domaindn));
+
+	/* FIXME paths */
+	py_lp_ctx = PyObject_GetAttrString(py_result, "lp");
+	if (py_lp_ctx == NULL) {
+		DEBUG(0, ("Missing 'lp' attribute\n"));
+		status = NT_STATUS_UNSUCCESSFUL;
+		goto out;
+	}
+	result->lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
+
+	samdb = pyldb_Ldb_AsLdbContext(PyObject_GetAttrString(py_result, "samdb"));
+	if (samdb == NULL) {
+		DEBUG(0, ("Missing 'samdb' attribute\n"));
+		status = NT_STATUS_UNSUCCESSFUL;
+		goto out;
+	}
+	result->samdb = samdb;
+	status = NT_STATUS_OK;
+out:
+	Py_CLEAR(parameters);
+	Py_CLEAR(provision_mod);
+	Py_CLEAR(provision_fn);
+	Py_CLEAR(provision_dict);
+	Py_CLEAR(py_result);
+	Py_CLEAR(py_lp_ctx);
+	Py_CLEAR(py_domaindn);
+	if (!NT_STATUS_IS_OK(status)) {
+		PyErr_Print();
+		PyErr_Clear();
+	}
+	return status;
+}
+
+static PyObject *py_dom_sid_FromSid(struct dom_sid *sid)
+{
+	PyObject *mod_security = NULL, *dom_sid_Type = NULL, *result = NULL;
+
+	mod_security = PyImport_ImportModule("samba.dcerpc.security");
+	if (mod_security == NULL) {
+		return NULL;
+	}
+
+	dom_sid_Type = PyObject_GetAttrString(mod_security, "dom_sid");
+	if (dom_sid_Type == NULL) {
+		Py_DECREF(mod_security);
+		return NULL;
+	}
+
+	result = pytalloc_reference((PyTypeObject *)dom_sid_Type, sid);
+	Py_DECREF(mod_security);
+	Py_DECREF(dom_sid_Type);
+	return result;
+}
+
+NTSTATUS provision_store_self_join(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx,
+				   struct tevent_context *event_ctx,
+				   struct provision_store_self_join_settings *settings,
+				   const char **error_string)
+{
+	int ret;
+	PyObject *provision_mod = NULL, *provision_dict = NULL;
+	PyObject *provision_fn = NULL, *py_result = NULL;
+	PyObject *parameters = NULL;
+	struct ldb_context *ldb = NULL;
+	TALLOC_CTX *tmp_mem = talloc_new(mem_ctx);
+
+	NTSTATUS status = NT_STATUS_OK;
+	*error_string = NULL;
+
+	if (!tmp_mem) {
+		status = NT_STATUS_UNSUCCESSFUL;
+		goto out;
+	}
+
+	/* Create/Open the secrets database */
+	ldb = secrets_db_create(tmp_mem, lp_ctx);
+	if (!ldb) {
+		*error_string
+			= talloc_asprintf(mem_ctx, 
+					  "Could not open secrets database");
+		status = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+		goto out;
+	}
+
+	ret = ldb_transaction_start(ldb);
+
+	if (ret != LDB_SUCCESS) {
+		*error_string
+			= talloc_asprintf(mem_ctx, 
+					  "Could not start transaction on secrets database: %s", ldb_errstring(ldb));
+		status = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+		goto out;
+	}
+
+	Py_Initialize();
+	py_update_path(); /* Put the samba path at the start of sys.path */
+	provision_mod = provision_module();
+
+	if (provision_mod == NULL) {
+		*error_string
+			= talloc_asprintf(mem_ctx, "Unable to import provision Python module.");
+		status = NT_STATUS_UNSUCCESSFUL;
+		goto out;
+	}
+
+	provision_dict = PyModule_GetDict(provision_mod);
+
+	if (provision_dict == NULL) {
+		*error_string
+			= talloc_asprintf(mem_ctx, "Unable to get dictionary for provision module");
+		status = NT_STATUS_UNSUCCESSFUL;
+		goto out;
+	}
+
+	provision_fn = PyDict_GetItemString(provision_dict, "secretsdb_self_join");
+	if (provision_fn == NULL) {
+		*error_string
+			= talloc_asprintf(mem_ctx, "Unable to get provision_become_dc function");
+		status = NT_STATUS_UNSUCCESSFUL;
+		goto out;
+	}
+
+	parameters = PyDict_New();
+
+	if(!dict_insert(parameters,
+			"secretsdb",
+			PyLdb_FromLdbContext(ldb))){
+		status = NT_STATUS_UNSUCCESSFUL;
+		goto out;
+	}
+	if (!dict_insert(parameters,
+			 "domain",
+			 PyUnicode_FromString(settings->domain_name))) {
+		status = NT_STATUS_UNSUCCESSFUL;
+		goto out;
+	}
+	if (settings->realm != NULL) {
+		if (!dict_insert(parameters,
+				 "realm",
+				 PyUnicode_FromString(settings->realm))) {
+			status = NT_STATUS_UNSUCCESSFUL;
+			goto out;
+		}
+	}
+	if (!dict_insert(parameters,
+			 "machinepass",
+			 PyUnicode_FromString(settings->machine_password))) {
+		status = NT_STATUS_UNSUCCESSFUL;
+		goto out;
+	}
+	if (!dict_insert(parameters,
+			 "netbiosname",
+			 PyUnicode_FromString(settings->netbios_name))) {
+		status = NT_STATUS_UNSUCCESSFUL;
+		goto out;
+	}
+
+
+	if (!dict_insert(parameters,
+			 "domainsid",
+			 py_dom_sid_FromSid(settings->domain_sid))) {
+		status = NT_STATUS_UNSUCCESSFUL;
+		goto out;
+	}
+
+	if (!dict_insert(parameters,
+			 "secure_channel_type",
+			 PyLong_FromLong(settings->secure_channel_type))) {
+		status = NT_STATUS_UNSUCCESSFUL;
+		goto out;
+	}
+
+	if (!dict_insert(parameters,
+			 "key_version_number",
+			 PyLong_FromLong(settings->key_version_number))) {
+		status = NT_STATUS_UNSUCCESSFUL;
+		goto out;
+	}
+
+	py_result = call_wrapper(provision_fn, parameters);
+
+	if (py_result == NULL) {
+		ldb_transaction_cancel(ldb);
+		status = NT_STATUS_UNSUCCESSFUL;
+		goto out;
+	}
+
+	ret = ldb_transaction_commit(ldb);
+	if (ret != LDB_SUCCESS) {
+		*error_string
+			= talloc_asprintf(mem_ctx, 
+					  "Could not commit transaction on secrets database: %s", ldb_errstring(ldb));
+		status = NT_STATUS_INTERNAL_DB_ERROR;
+		goto out;
+	}
+
+	status = NT_STATUS_OK;
+out:
+	talloc_free(tmp_mem);
+	Py_CLEAR(parameters);
+	Py_CLEAR(provision_mod);
+	Py_CLEAR(provision_dict);
+	Py_CLEAR(py_result);
+	if (!NT_STATUS_IS_OK(status)) {
+		PyErr_Print();
+		PyErr_Clear();
+	}
+	return status;
+}
+
+
+struct ldb_context *provision_get_schema(TALLOC_CTX *mem_ctx,
+					 struct loadparm_context *lp_ctx,
+					 const char *schema_dn,
+					 DATA_BLOB *override_prefixmap)
+{
+	PyObject *schema_mod, *schema_dict, *schema_fn, *py_result, *parameters;
+	PyObject *py_ldb = NULL;
+	struct ldb_context *ldb_result = NULL;
+	Py_Initialize();
+	py_update_path(); /* Put the samba path at the start of sys.path */
+
+	schema_mod = schema_module();
+
+	if (schema_mod == NULL) {
+		PyErr_Print();
+		DEBUG(0, ("Unable to import schema Python module.\n"));
+	      	return NULL;
+	}
+
+	schema_dict = PyModule_GetDict(schema_mod);
+
+	if (schema_dict == NULL) {
+		DEBUG(0, ("Unable to get dictionary for schema module\n"));
+		return NULL;
+	}
+
+	schema_fn = PyDict_GetItemString(schema_dict, "ldb_with_schema");
+	if (schema_fn == NULL) {
+		PyErr_Print();
+		DEBUG(0, ("Unable to get schema_get_ldb function\n"));
+		return NULL;
+	}
+	
+	parameters = PyDict_New();
+
+	if (schema_dn) {
+		if (!dict_insert(parameters,
+				 "schemadn",
+				 PyUnicode_FromString(schema_dn))) {
+			return NULL;
+		}
+	}
+
+	if (override_prefixmap) {
+		if (!dict_insert(parameters,
+				 "override_prefixmap",
+				 PyBytes_FromStringAndSize(
+					(const char *)override_prefixmap->data,
+					override_prefixmap->length))) {
+			return NULL;
+		}
+	}
+
+	py_result = call_wrapper(schema_fn, parameters);
+
+	Py_DECREF(parameters);
+
+	if (py_result == NULL) {
+		PyErr_Print();
+		PyErr_Clear();
+		return NULL;
+	}
+
+	py_ldb = PyObject_GetAttrString(py_result, "ldb");
+	Py_DECREF(py_result);
+	ldb_result = pyldb_Ldb_AsLdbContext(py_ldb);
+	if (talloc_reference(mem_ctx, ldb_result) == NULL) {
+		ldb_result = NULL;
+	}
+	Py_DECREF(py_ldb);
+	return ldb_result;
+}
diff --git a/source4/param/provision.h b/source4/param/provision.h
new file mode 100644
index 0000000..2f6f582
--- /dev/null
+++ b/source4/param/provision.h
@@ -0,0 +1,72 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2008
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _PROVISION_H_
+#define _PROVISION_H_
+
+struct provision_settings {
+	const char *site_name;
+	const char *root_dn_str; 
+	const char *domain_dn_str;
+	const char *config_dn_str;
+	const char *schema_dn_str;
+	const char *server_dn_str;
+	const struct GUID *invocation_id;
+	const char *netbios_name;
+	const char *host_ip;
+	const char *realm;
+	const char *domain;
+	const char *ntds_dn_str;
+	const char *machine_password;
+	const char *targetdir;
+	bool use_ntvfs;
+};
+
+/* FIXME: Rename this to hostconfig ? */
+struct provision_result {
+	const char *domaindn;
+        struct ldb_context *samdb;
+        struct loadparm_context *lp_ctx;
+};
+
+struct provision_store_self_join_settings {
+	const char *domain_name;
+	const char *realm;
+	const char *netbios_name;
+	enum netr_SchannelType secure_channel_type;
+	const char *machine_password;
+	int key_version_number;
+	struct dom_sid *domain_sid;
+};
+
+NTSTATUS provision_bare(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx,
+						struct provision_settings *settings,
+						struct provision_result *result);
+
+NTSTATUS provision_store_self_join(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx,
+				   struct tevent_context *ev_ctx,
+				   struct provision_store_self_join_settings *settings,
+				   const char **error_string);
+
+struct ldb_context *provision_get_schema(TALLOC_CTX *mem_ctx,
+					 struct loadparm_context *lp_ctx,
+					 const char *schema_dn,
+					 DATA_BLOB *override_prefixmap);
+
+#endif /* _PROVISION_H_ */
diff --git a/source4/param/pyparam.c b/source4/param/pyparam.c
new file mode 100644
index 0000000..8288d2e
--- /dev/null
+++ b/source4/param/pyparam.c
@@ -0,0 +1,746 @@
+/*
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "lib/replace/system/python.h"
+#include "python/py3compat.h"
+#include "includes.h"
+#include "param/param.h"
+#include "param/loadparm.h"
+#include <pytalloc.h>
+#include "dynconfig/dynconfig.h"
+
+#define PyLoadparmContext_AsLoadparmContext(obj) pytalloc_get_type(obj, struct loadparm_context)
+#define PyLoadparmService_AsLoadparmService(obj) pytalloc_get_type(obj, struct loadparm_service)
+
+extern PyTypeObject PyLoadparmContext;
+extern PyTypeObject PyLoadparmService;
+
+static PyObject *PyLoadparmService_FromService(struct loadparm_service *service)
+{
+	return pytalloc_reference(&PyLoadparmService, service);
+}
+
+static PyObject *py_lp_ctx_get_helper(struct loadparm_context *lp_ctx, const char *service_name, const char *param_name)
+{
+	struct parm_struct *parm = NULL;
+	void *parm_ptr = NULL;
+	int i;
+
+	if (service_name != NULL && strwicmp(service_name, GLOBAL_NAME) &&
+		strwicmp(service_name, GLOBAL_NAME2)) {
+		struct loadparm_service *service;
+		/* its a share parameter */
+		service = lpcfg_service(lp_ctx, service_name);
+		if (service == NULL) {
+			return NULL;
+		}
+		if (strchr(param_name, ':')) {
+			/* its a parametric option on a share */
+			const char *type = talloc_strndup(lp_ctx, param_name,
+											  strcspn(param_name, ":"));
+			const char *option = strchr(param_name, ':') + 1;
+			const char *value;
+			if (type == NULL || option == NULL) {
+			return NULL;
+			}
+			value = lpcfg_get_parametric(lp_ctx, service, type, option);
+			if (value == NULL) {
+			return NULL;
+			}
+			return PyUnicode_FromString(value);
+		}
+
+		parm = lpcfg_parm_struct(lp_ctx, param_name);
+		if (parm == NULL || parm->p_class == P_GLOBAL) {
+			return NULL;
+		}
+		parm_ptr = lpcfg_parm_ptr(lp_ctx, service, parm);
+    } else if (strchr(param_name, ':')) {
+		/* its a global parametric option */
+		const char *type = talloc_strndup(lp_ctx,
+				  param_name, strcspn(param_name, ":"));
+		const char *option = strchr(param_name, ':') + 1;
+		const char *value;
+		if (type == NULL || option == NULL) {
+			return NULL;
+		}
+		value = lpcfg_get_parametric(lp_ctx, NULL, type, option);
+		if (value == NULL)
+			return NULL;
+		return PyUnicode_FromString(value);
+	} else {
+		/* its a global parameter */
+		parm = lpcfg_parm_struct(lp_ctx, param_name);
+		if (parm == NULL) {
+			return NULL;
+		}
+		parm_ptr = lpcfg_parm_ptr(lp_ctx, NULL, parm);
+	}
+
+	if (parm == NULL || parm_ptr == NULL) {
+		return NULL;
+    }
+
+    /* construct and return the right type of python object */
+    switch (parm->type) {
+    case P_CHAR:
+	return PyUnicode_FromFormat("%c", *(char *)parm_ptr);
+    case P_STRING:
+    case P_USTRING:
+	return PyUnicode_FromString(*(char **)parm_ptr);
+    case P_BOOL:
+	return PyBool_FromLong(*(bool *)parm_ptr);
+    case P_BOOLREV:
+	return PyBool_FromLong(!(*(bool *)parm_ptr));
+    case P_INTEGER:
+    case P_OCTAL:
+    case P_BYTES:
+	return PyLong_FromLong(*(int *)parm_ptr);
+    case P_ENUM:
+	for (i=0; parm->enum_list[i].name; i++) {
+	    if (*(int *)parm_ptr == parm->enum_list[i].value) {
+		return PyUnicode_FromString(parm->enum_list[i].name);
+	    }
+	}
+	return NULL;
+    case P_CMDLIST:
+    case P_LIST:
+	{
+	    int j;
+	    const char **strlist = *(const char ***)parm_ptr;
+	    PyObject *pylist;
+
+	    if(strlist == NULL) {
+		    return PyList_New(0);
+	    }
+
+	    pylist = PyList_New(str_list_length(strlist));
+	    for (j = 0; strlist[j]; j++)
+		PyList_SetItem(pylist, j,
+			       PyUnicode_FromString(strlist[j]));
+	    return pylist;
+	}
+    }
+    return NULL;
+
+}
+
+static PyObject *py_lp_ctx_load(PyObject *self, PyObject *args)
+{
+	char *filename;
+	bool ret;
+	if (!PyArg_ParseTuple(args, "s", &filename))
+		return NULL;
+
+	ret = lpcfg_load(PyLoadparmContext_AsLoadparmContext(self), filename);
+
+	if (!ret) {
+		PyErr_Format(PyExc_RuntimeError, "Unable to load file %s", filename);
+		return NULL;
+	}
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_lp_ctx_load_default(PyObject *self, PyObject *unused)
+{
+	bool ret;
+        ret = lpcfg_load_default(PyLoadparmContext_AsLoadparmContext(self));
+
+	if (!ret) {
+		PyErr_SetString(PyExc_RuntimeError, "Unable to load default file");
+		return NULL;
+	}
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_lp_ctx_get(PyObject *self, PyObject *args)
+{
+	char *param_name;
+	char *section_name = NULL;
+	PyObject *ret;
+	if (!PyArg_ParseTuple(args, "s|z", &param_name, &section_name))
+		return NULL;
+
+	ret = py_lp_ctx_get_helper(PyLoadparmContext_AsLoadparmContext(self), section_name, param_name);
+	if (ret == NULL)
+		Py_RETURN_NONE;
+	return ret;
+}
+
+static PyObject *py_lp_ctx_is_myname(PyObject *self, PyObject *args)
+{
+	char *name;
+	if (!PyArg_ParseTuple(args, "s", &name))
+		return NULL;
+
+	return PyBool_FromLong(lpcfg_is_myname(PyLoadparmContext_AsLoadparmContext(self), name));
+}
+
+static PyObject *py_lp_ctx_is_mydomain(PyObject *self, PyObject *args)
+{
+	char *name;
+	if (!PyArg_ParseTuple(args, "s", &name))
+		return NULL;
+
+	return PyBool_FromLong(lpcfg_is_mydomain(PyLoadparmContext_AsLoadparmContext(self), name));
+}
+
+static PyObject *py_lp_ctx_set(PyObject *self, PyObject *args)
+{
+	char *name, *value;
+	bool ret;
+	if (!PyArg_ParseTuple(args, "ss", &name, &value))
+		return NULL;
+
+	ret = lpcfg_set_cmdline(PyLoadparmContext_AsLoadparmContext(self), name, value);
+	if (!ret) {
+		PyErr_SetString(PyExc_RuntimeError, "Unable to set parameter");
+		return NULL;
+        }
+
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_lp_ctx_private_path(PyObject *self, PyObject *args)
+{
+	char *name, *path;
+	PyObject *ret;
+	if (!PyArg_ParseTuple(args, "s", &name))
+		return NULL;
+
+	path = lpcfg_private_path(NULL, PyLoadparmContext_AsLoadparmContext(self), name);
+	ret = PyUnicode_FromString(path);
+	talloc_free(path);
+
+	return ret;
+}
+
+static PyObject *py_lp_ctx_services(PyObject *self, PyObject *unused)
+{
+	struct loadparm_context *lp_ctx = PyLoadparmContext_AsLoadparmContext(self);
+	PyObject *ret;
+	int i;
+	ret = PyList_New(lpcfg_numservices(lp_ctx));
+	for (i = 0; i < lpcfg_numservices(lp_ctx); i++) {
+		struct loadparm_service *service = lpcfg_servicebynum(lp_ctx, i);
+		if (service != NULL) {
+			PyList_SetItem(ret, i, PyUnicode_FromString(lpcfg_servicename(service)));
+		}
+	}
+	return ret;
+}
+
+static PyObject *py_lp_ctx_server_role(PyObject *self, PyObject *unused)
+{
+	struct loadparm_context *lp_ctx = PyLoadparmContext_AsLoadparmContext(self);
+	uint32_t role;
+	const char *role_str;
+
+	role = lpcfg_server_role(lp_ctx);
+	role_str = server_role_str(role);
+
+	return PyUnicode_FromString(role_str);
+}
+
+static PyObject *py_lp_dump(PyObject *self, PyObject *args)
+{
+	bool show_defaults = false;
+	const char *file_name = "";
+	const char *mode = "w";
+	FILE *f;
+	struct loadparm_context *lp_ctx = PyLoadparmContext_AsLoadparmContext(self);
+
+	if (!PyArg_ParseTuple(args, "|bss", &show_defaults, &file_name, &mode))
+		return NULL;
+
+	if (file_name[0] == '\0') {
+		f = stdout;
+	} else {
+		f = fopen(file_name, mode);
+	}
+
+	if (f == NULL) {
+		PyErr_SetFromErrno(PyExc_IOError);
+		return NULL;
+	}
+
+	lpcfg_dump(lp_ctx, f, show_defaults, lpcfg_numservices(lp_ctx));
+
+	if (f != stdout) {
+		fclose(f);
+	}
+
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_lp_dump_globals(PyObject *self, PyObject *args)
+{
+	bool show_defaults = false;
+	const char *file_name = "";
+	const char *mode = "w";
+	FILE *f;
+	struct loadparm_context *lp_ctx = PyLoadparmContext_AsLoadparmContext(self);
+
+	if (!PyArg_ParseTuple(args, "|bss", &show_defaults, &file_name, &mode))
+		return NULL;
+
+	if (file_name[0] == '\0') {
+		f = stdout;
+	} else {
+		f = fopen(file_name, mode);
+	}
+
+	if (f == NULL) {
+		PyErr_SetFromErrno(PyExc_IOError);
+		return NULL;
+	}
+
+	lpcfg_dump_globals(lp_ctx, f, show_defaults);
+
+	if (f != stdout) {
+		fclose(f);
+	}
+
+	Py_RETURN_NONE;
+}
+
+static PyObject *py_lp_dump_a_parameter(PyObject *self, PyObject *args)
+{
+	char *param_name;
+	const char *section_name = NULL;
+	const char *file_name = "";
+	const char *mode = "w";
+	FILE *f;
+	struct loadparm_context *lp_ctx = PyLoadparmContext_AsLoadparmContext(self);
+	struct loadparm_service *service;
+	bool ret;
+
+	if (!PyArg_ParseTuple(args, "s|zss", &param_name, &section_name, &file_name, &mode))
+		return NULL;
+
+	if (file_name[0] == '\0') {
+		f = stdout;
+	} else {
+		f = fopen(file_name, mode);
+	}
+
+	if (f == NULL) {
+		return NULL;
+	}
+
+	if (section_name != NULL && strwicmp(section_name, GLOBAL_NAME) &&
+		strwicmp(section_name, GLOBAL_NAME2)) {
+		/* it's a share parameter */
+		service = lpcfg_service(lp_ctx, section_name);
+		if (service == NULL) {
+			PyErr_Format(PyExc_RuntimeError, "Unknown section %s", section_name);
+			return NULL;
+		}
+	} else {
+		/* it's global */
+		service = NULL;
+		section_name = "global";
+	}
+
+	ret = lpcfg_dump_a_parameter(lp_ctx, service, param_name, f);
+
+	if (!ret) {
+		PyErr_Format(PyExc_RuntimeError, "Parameter %s unknown for section %s", param_name, section_name);
+		if (f != stdout) {
+			fclose(f);
+		}
+		return NULL;
+	}
+
+	if (f != stdout) {
+		fclose(f);
+	}
+
+	Py_RETURN_NONE;
+
+}
+
+static PyObject *py_lp_log_level(PyObject *self, PyObject *unused)
+{
+	int ret = debuglevel_get();
+	return PyLong_FromLong(ret);
+}
+
+
+static PyObject *py_samdb_url(PyObject *self, PyObject *unused)
+{
+	struct loadparm_context *lp_ctx = PyLoadparmContext_AsLoadparmContext(self);
+	return PyUnicode_FromFormat("tdb://%s/sam.ldb", lpcfg_private_dir(lp_ctx));
+}
+
+static PyObject *py_cache_path(PyObject *self, PyObject *args)
+{
+	struct loadparm_context *lp_ctx = PyLoadparmContext_AsLoadparmContext(self);
+	char *name = NULL;
+	char *path = NULL;
+	PyObject *ret = NULL;
+
+	if (!PyArg_ParseTuple(args, "s", &name)) {
+		return NULL;
+	}
+
+	path = lpcfg_cache_path(NULL, lp_ctx, name);
+	if (!path) {
+		PyErr_Format(PyExc_RuntimeError,
+			     "Unable to access cache %s", name);
+		return NULL;
+	}
+	ret = PyUnicode_FromString(path);
+	talloc_free(path);
+
+	return ret;
+}
+
+static PyObject *py_state_path(PyObject *self, PyObject *args)
+{
+	struct loadparm_context *lp_ctx =
+		PyLoadparmContext_AsLoadparmContext(self);
+	char *name = NULL;
+	char *path = NULL;
+	PyObject *ret = NULL;
+
+	if (!PyArg_ParseTuple(args, "s", &name)) {
+		return NULL;
+	}
+
+	path = lpcfg_state_path(NULL, lp_ctx, name);
+	if (!path) {
+		PyErr_Format(PyExc_RuntimeError,
+			     "Unable to access cache %s", name);
+		return NULL;
+	}
+	ret = PyUnicode_FromString(path);
+	talloc_free(path);
+
+	return ret;
+}
+
+static PyMethodDef py_lp_ctx_methods[] = {
+	{ "load", py_lp_ctx_load, METH_VARARGS,
+		"S.load(filename) -> None\n"
+		"Load specified file." },
+	{ "load_default", py_lp_ctx_load_default, METH_NOARGS,
+        	"S.load_default() -> None\n"
+		"Load default smb.conf file." },
+	{ "is_myname", py_lp_ctx_is_myname, METH_VARARGS,
+		"S.is_myname(name) -> bool\n"
+		"Check whether the specified name matches one of our netbios names." },
+	{ "is_mydomain", py_lp_ctx_is_mydomain, METH_VARARGS,
+		"S.is_mydomain(name) -> bool\n"
+		"Check whether the specified name matches our domain name." },
+	{ "get", py_lp_ctx_get, METH_VARARGS,
+        	"S.get(name, service_name) -> value\n"
+		"Find specified parameter." },
+	{ "set", py_lp_ctx_set, METH_VARARGS,
+		"S.set(name, value) -> bool\n"
+		"Change a parameter." },
+	{ "private_path", py_lp_ctx_private_path, METH_VARARGS,
+		"S.private_path(name) -> path\n" },
+	{ "services", py_lp_ctx_services, METH_NOARGS,
+		"S.services() -> list" },
+	{ "server_role", py_lp_ctx_server_role, METH_NOARGS,
+		"S.server_role() -> value\n"
+		"Get the server role." },
+	{ "dump", py_lp_dump, METH_VARARGS,
+		"S.dump(show_defaults=False, file_name='', mode='w')" },
+	{ "dump_globals", py_lp_dump_globals, METH_VARARGS,
+	        "S.dump_globals(show_defaults=False, file_name='', mode='w')" },
+	{ "dump_a_parameter", py_lp_dump_a_parameter, METH_VARARGS,
+		"S.dump_a_parameter(name, service_name, file_name='', mode='w')" },
+	{ "log_level", py_lp_log_level, METH_NOARGS,
+		"S.log_level() -> int\n Get the active log level" },
+	{ "samdb_url", py_samdb_url, METH_NOARGS,
+	        "S.samdb_url() -> string\n"
+	        "Returns the current URL for sam.ldb." },
+	{ "cache_path", py_cache_path, METH_VARARGS,
+		"S.cache_path(name) -> string\n"
+		"Returns a path in the Samba cache directory." },
+	{ "state_path", py_state_path, METH_VARARGS,
+		"S.state_path(name) -> string\n"
+		"Returns a path in the Samba state directory." },
+	{0}
+};
+
+static PyObject *py_lp_ctx_default_service(PyObject *self, void *closure)
+{
+	return PyLoadparmService_FromService(lpcfg_default_service(PyLoadparmContext_AsLoadparmContext(self)));
+}
+
+static PyObject *py_lp_ctx_config_file(PyObject *self, void *closure)
+{
+	const char *configfile = lpcfg_configfile(PyLoadparmContext_AsLoadparmContext(self));
+	if (configfile == NULL)
+		Py_RETURN_NONE;
+	else
+		return PyUnicode_FromString(configfile);
+}
+
+static PyObject *py_lp_ctx_weak_crypto(PyObject *self, void *closure)
+{
+	enum samba_weak_crypto weak_crypto =
+		lpcfg_weak_crypto(PyLoadparmContext_AsLoadparmContext(self));
+
+	switch(weak_crypto) {
+	case SAMBA_WEAK_CRYPTO_UNKNOWN:
+		Py_RETURN_NONE;
+	case SAMBA_WEAK_CRYPTO_ALLOWED:
+		return PyUnicode_FromString("allowed");
+	case SAMBA_WEAK_CRYPTO_DISALLOWED:
+		return PyUnicode_FromString("disallowed");
+	}
+
+	Py_RETURN_NONE;
+}
+
+static PyGetSetDef py_lp_ctx_getset[] = {
+	{
+		.name = discard_const_p(char, "default_service"),
+		.get  = (getter)py_lp_ctx_default_service,
+	},
+	{
+		.name = discard_const_p(char, "configfile"),
+		.get  = (getter)py_lp_ctx_config_file,
+		.doc  = discard_const_p(char, "Name of last config file that was loaded.")
+	},
+	{
+		.name = discard_const_p(char, "weak_crypto"),
+		.get  = (getter)py_lp_ctx_weak_crypto,
+		.doc  = discard_const_p(char, "If weak crypto is allowed.")
+	},
+	{ .name = NULL }
+};
+
+static PyObject *py_lp_ctx_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
+{
+	const char *kwnames[] = {"filename_for_non_global_lp", NULL};
+	PyObject *lp_ctx;
+	const char *non_global_conf = NULL;
+	struct loadparm_context *ctx;
+
+	if (!PyArg_ParseTupleAndKeywords(args,
+					 kwargs,
+					 "|s",
+					 discard_const_p(char *,
+							 kwnames),
+					 &non_global_conf)) {
+		return NULL;
+	}
+
+	/*
+	 * by default, any LoadParm python objects map to a single global
+	 * underlying object. The filename_for_non_global_lp arg overrides this
+	 * default behaviour and creates a separate underlying LoadParm object.
+	 */
+	if (non_global_conf != NULL) {
+		bool ok;
+		ctx = loadparm_init(NULL);
+		if (ctx == NULL) {
+			PyErr_NoMemory();
+			return NULL;
+		}
+
+		lp_ctx = pytalloc_reference(type, ctx);
+		if (lp_ctx == NULL) {
+			PyErr_NoMemory();
+			return NULL;
+		}
+
+		ok = lpcfg_load_no_global(
+			PyLoadparmContext_AsLoadparmContext(lp_ctx),
+			non_global_conf);
+		if (!ok) {
+			PyErr_Format(PyExc_ValueError,
+				     "Could not load non-global conf %s",
+				     non_global_conf);
+			return NULL;
+		}
+		return lp_ctx;
+	} else{
+		return pytalloc_reference(type, loadparm_init_global(false));
+	}
+}
+
+static Py_ssize_t py_lp_ctx_len(PyObject *self)
+{
+	return lpcfg_numservices(PyLoadparmContext_AsLoadparmContext(self));
+}
+
+static PyObject *py_lp_ctx_getitem(PyObject *self, PyObject *name)
+{
+	struct loadparm_service *service;
+	if (!PyUnicode_Check(name)) {
+		PyErr_SetString(PyExc_TypeError, "Only string subscripts are supported");
+		return NULL;
+	}
+	service = lpcfg_service(PyLoadparmContext_AsLoadparmContext(self), PyUnicode_AsUTF8(name));
+	if (service == NULL) {
+		PyErr_SetString(PyExc_KeyError, "No such section");
+		return NULL;
+	}
+	return PyLoadparmService_FromService(service);
+}
+
+static PyMappingMethods py_lp_ctx_mapping = {
+	.mp_length = (lenfunc)py_lp_ctx_len,
+	.mp_subscript = (binaryfunc)py_lp_ctx_getitem,
+};
+
+PyTypeObject PyLoadparmContext = {
+	.tp_name = "param.LoadParm",
+	.tp_getset = py_lp_ctx_getset,
+	.tp_methods = py_lp_ctx_methods,
+	.tp_new = py_lp_ctx_new,
+	.tp_as_mapping = &py_lp_ctx_mapping,
+	.tp_flags = Py_TPFLAGS_DEFAULT,
+};
+
+static PyObject *py_lp_service_dump(PyObject *self, PyObject *args)
+{
+	bool show_defaults = false;
+	FILE *f;
+	const char *file_name = "";
+	const char *mode = "w";
+	struct loadparm_service *service = PyLoadparmService_AsLoadparmService(self);
+	struct loadparm_service *default_service;
+	PyObject *py_default_service;
+
+	if (!PyArg_ParseTuple(args, "O|bss", &py_default_service, &show_defaults, &file_name, &mode))
+		return NULL;
+
+	if (file_name[0] == '\0') {
+		f = stdout;
+	} else {
+		f = fopen(file_name, mode);
+	}
+
+	if (f == NULL) {
+		return NULL;
+	}
+
+	if (!PyObject_TypeCheck(py_default_service, &PyLoadparmService)) {
+		PyErr_SetNone(PyExc_TypeError);
+		if (f != stdout) {
+			fclose(f);
+		}
+		return NULL;
+	}
+
+	default_service = PyLoadparmService_AsLoadparmService(py_default_service);
+
+	lpcfg_dump_one(f, show_defaults, service, default_service);
+
+	if (f != stdout) {
+		fclose(f);
+	}
+
+	Py_RETURN_NONE;
+}
+
+static PyMethodDef py_lp_service_methods[] = {
+	{ "dump", (PyCFunction)py_lp_service_dump, METH_VARARGS,
+		"S.dump(default_service, show_defaults=False, file_name='', mode='w')" },
+	{0}
+};
+
+PyTypeObject PyLoadparmService = {
+	.tp_name = "param.LoadparmService",
+	.tp_methods = py_lp_service_methods,
+	.tp_flags = Py_TPFLAGS_DEFAULT,
+};
+
+static PyObject *py_data_dir(PyObject *self, PyObject *Py_UNUSED(ignored))
+{
+        return PyUnicode_FromString(dyn_DATADIR);
+}
+
+static PyObject *py_default_path(PyObject *self, PyObject *Py_UNUSED(ignored))
+{
+	return PyUnicode_FromString(lp_default_path());
+}
+
+static PyObject *py_setup_dir(PyObject *self, PyObject *Py_UNUSED(ignored))
+{
+	return PyUnicode_FromString(dyn_SETUPDIR);
+}
+
+static PyObject *py_modules_dir(PyObject *self, PyObject *Py_UNUSED(ignored))
+{
+	return PyUnicode_FromString(dyn_MODULESDIR);
+}
+
+static PyObject *py_bin_dir(PyObject *self, PyObject *Py_UNUSED(ignored))
+{
+	return PyUnicode_FromString(dyn_BINDIR);
+}
+
+static PyObject *py_sbin_dir(PyObject *self, PyObject *Py_UNUSED(ignored))
+{
+	return PyUnicode_FromString(dyn_SBINDIR);
+}
+
+static PyMethodDef pyparam_methods[] = {
+	{ "data_dir", (PyCFunction)py_data_dir, METH_NOARGS,
+		"Returns the compiled in location of data directory." },
+	{ "default_path", (PyCFunction)py_default_path, METH_NOARGS,
+		"Returns the default smb.conf path." },
+	{ "setup_dir", (PyCFunction)py_setup_dir, METH_NOARGS,
+		"Returns the compiled in location of provision templates." },
+	{ "modules_dir", (PyCFunction)py_modules_dir, METH_NOARGS,
+		"Returns the compiled in location of modules." },
+	{ "bin_dir", (PyCFunction)py_bin_dir, METH_NOARGS,
+		"Returns the compiled in BINDIR." },
+	{ "sbin_dir", (PyCFunction)py_sbin_dir, METH_NOARGS,
+		"Returns the compiled in SBINDIR." },
+	{0}
+};
+
+static struct PyModuleDef moduledef = {
+	PyModuleDef_HEAD_INIT,
+	.m_name = "param",
+	.m_doc = "Parsing and writing Samba configuration files.",
+	.m_size = -1,
+	.m_methods = pyparam_methods,
+};
+
+MODULE_INIT_FUNC(param)
+{
+	PyObject *m;
+	PyTypeObject *talloc_type = pytalloc_GetObjectType();
+	if (talloc_type == NULL)
+		return NULL;
+
+	if (pytalloc_BaseObject_PyType_Ready(&PyLoadparmContext) < 0)
+		return NULL;
+
+	if (pytalloc_BaseObject_PyType_Ready(&PyLoadparmService) < 0)
+		return NULL;
+
+	m = PyModule_Create(&moduledef);
+	if (m == NULL)
+		return NULL;
+
+	Py_INCREF(&PyLoadparmContext);
+	PyModule_AddObject(m, "LoadParm", (PyObject *)&PyLoadparmContext);
+	return m;
+}
diff --git a/source4/param/pyparam.h b/source4/param/pyparam.h
new file mode 100644
index 0000000..e8944f5
--- /dev/null
+++ b/source4/param/pyparam.h
@@ -0,0 +1,28 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2008
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _PYPARAM_H_
+#define _PYPARAM_H_
+
+#include "param/param.h"
+
+_PUBLIC_ struct loadparm_context *lpcfg_from_py_object(TALLOC_CTX *mem_ctx, PyObject *py_obj);
+_PUBLIC_ struct loadparm_context *py_default_loadparm_context(TALLOC_CTX *mem_ctx);
+
+#endif /* _PYPARAM_H_ */
diff --git a/source4/param/pyparam_util.c b/source4/param/pyparam_util.c
new file mode 100644
index 0000000..bb7ffda
--- /dev/null
+++ b/source4/param/pyparam_util.c
@@ -0,0 +1,81 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2008
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "lib/replace/system/python.h"
+#include "py3compat.h"
+#include "includes.h"
+#include "param/param.h"
+#include "param/pyparam.h"
+#include "param/loadparm.h"
+#include <pytalloc.h>
+
+#define PyLoadparmContext_AsLoadparmContext(obj) pytalloc_get_type(obj, struct loadparm_context)
+
+_PUBLIC_ struct loadparm_context *lpcfg_from_py_object(TALLOC_CTX *mem_ctx, PyObject *py_obj)
+{
+	struct loadparm_context *lp_ctx;
+	PyObject *param_mod;
+	PyTypeObject *lp_type;
+	bool is_lpobj;
+
+	if (PyUnicode_Check(py_obj)) {
+		lp_ctx = loadparm_init_global(false);
+		if (lp_ctx == NULL) {
+			return NULL;
+		}
+		if (!lpcfg_load(lp_ctx, PyUnicode_AsUTF8(py_obj))) {
+			PyErr_Format(PyExc_RuntimeError, "Unable to load %s", 
+				     PyUnicode_AsUTF8(py_obj));
+			return NULL;
+		}
+		return lp_ctx;
+	}
+
+	if (py_obj == Py_None) {
+		return loadparm_init_global(true);
+	}
+
+	param_mod = PyImport_ImportModule("samba.param");
+	if (param_mod == NULL) {
+		return NULL;
+	}
+
+	lp_type = (PyTypeObject *)PyObject_GetAttrString(param_mod, "LoadParm");
+	Py_DECREF(param_mod);
+	if (lp_type == NULL) {
+		PyErr_SetString(PyExc_RuntimeError, "Unable to import LoadParm");
+		return NULL;
+	}
+
+	is_lpobj = PyObject_TypeCheck(py_obj, lp_type);
+	Py_DECREF(lp_type);
+	if (is_lpobj) {
+		return talloc_reference(mem_ctx, PyLoadparmContext_AsLoadparmContext(py_obj));
+	}
+
+	PyErr_SetNone(PyExc_TypeError);
+	return NULL;
+}
+
+struct loadparm_context *py_default_loadparm_context(TALLOC_CTX *mem_ctx)
+{
+	return loadparm_init_global(true);
+}
+
+
diff --git a/source4/param/secrets.c b/source4/param/secrets.c
new file mode 100644
index 0000000..1df8620
--- /dev/null
+++ b/source4/param/secrets.c
@@ -0,0 +1,152 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Copyright (C) Andrew Tridgell 1992-2001
+   Copyright (C) Andrew Bartlett      2002
+   Copyright (C) Rafal Szczesniak     2002
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/* the Samba secrets database stores any generated, private information
+   such as the local SID and machine trust password */
+
+#include "includes.h"
+#include "secrets.h"
+#include "param/param.h"
+#include "system/filesys.h"
+#include "lib/tdb_wrap/tdb_wrap.h"
+#include "lib/ldb-samba/ldb_wrap.h"
+#include <ldb.h>
+#include "../lib/util/util_tdb.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "dsdb/samdb/samdb.h"
+
+/**
+  create or connect to the secrets ldb
+*/
+struct ldb_context *secrets_db_create(TALLOC_CTX *mem_ctx,
+				      struct loadparm_context *lp_ctx)
+{
+	return ldb_wrap_connect(mem_ctx, NULL, lp_ctx, "secrets.ldb",
+			       NULL, NULL, 0);
+}
+
+/**
+  connect to the secrets ldb
+*/
+struct ldb_context *secrets_db_connect(TALLOC_CTX *mem_ctx,
+					struct loadparm_context *lp_ctx)
+{
+	return ldb_wrap_connect(mem_ctx, NULL, lp_ctx, "secrets.ldb",
+			       NULL, NULL, LDB_FLG_DONT_CREATE_DB);
+}
+
+/**
+ * Retrieve the domain SID from the secrets database.
+ * @return pointer to a SID object if the SID could be obtained, NULL otherwise
+ */
+struct dom_sid *secrets_get_domain_sid(TALLOC_CTX *mem_ctx,
+				       struct loadparm_context *lp_ctx,
+				       const char *domain,
+				       enum netr_SchannelType *sec_channel_type,
+				       char **errstring)
+{
+	struct ldb_context *ldb;
+	struct ldb_message *msg;
+	int ldb_ret;
+	const char *attrs[] = { "objectSid", "secureChannelType", NULL };
+	struct dom_sid *result = NULL;
+	const struct ldb_val *v;
+	enum ndr_err_code ndr_err;
+
+	*errstring = NULL;
+
+	ldb = secrets_db_connect(mem_ctx, lp_ctx);
+	if (ldb == NULL) {
+		DEBUG(5, ("secrets_db_connect failed\n"));
+		return NULL;
+	}
+
+	ldb_ret = dsdb_search_one(ldb, ldb, &msg,
+			      ldb_dn_new(mem_ctx, ldb, SECRETS_PRIMARY_DOMAIN_DN),
+			      LDB_SCOPE_ONELEVEL,
+			      attrs, 0, SECRETS_PRIMARY_DOMAIN_FILTER, domain);
+
+	if (ldb_ret != LDB_SUCCESS) {
+		*errstring = talloc_asprintf(mem_ctx, "Failed to find record for %s in %s: %s: %s", 
+					     domain, (char *) ldb_get_opaque(ldb, "ldb_url"),
+					     ldb_strerror(ldb_ret), ldb_errstring(ldb));
+		return NULL;
+	}
+	v = ldb_msg_find_ldb_val(msg, "objectSid");
+	if (v == NULL) {
+		*errstring = talloc_asprintf(mem_ctx, "Failed to find a SID on record for %s in %s", 
+					     domain, (char *) ldb_get_opaque(ldb, "ldb_url"));
+		return NULL;
+	}
+
+	if (sec_channel_type) {
+		int t;
+		t = ldb_msg_find_attr_as_int(msg, "secureChannelType", -1);
+		if (t == -1) {
+			*errstring = talloc_asprintf(mem_ctx, "Failed to find secureChannelType for %s in %s",
+						     domain, (char *) ldb_get_opaque(ldb, "ldb_url"));
+			return NULL;
+		}
+		*sec_channel_type = t;
+	}
+
+	result = talloc(mem_ctx, struct dom_sid);
+	if (result == NULL) {
+		talloc_free(ldb);
+		return NULL;
+	}
+
+	ndr_err = ndr_pull_struct_blob(v, result, result,
+				       (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		*errstring = talloc_asprintf(mem_ctx, "Failed to parse SID on record for %s in %s", 
+					     domain, (char *) ldb_get_opaque(ldb, "ldb_url"));
+		talloc_free(result);
+		talloc_free(ldb);
+		return NULL;
+	}
+
+	return result;
+}
+
+char *keytab_name_from_msg(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, struct ldb_message *msg) 
+{
+	const char *krb5keytab = ldb_msg_find_attr_as_string(msg, "krb5Keytab", NULL);
+	if (krb5keytab) {
+		return talloc_strdup(mem_ctx, krb5keytab);
+	} else {
+		char *file_keytab;
+		char *relative_path;
+		const char *privateKeytab = ldb_msg_find_attr_as_string(msg, "privateKeytab", NULL);
+		if (!privateKeytab) {
+			return NULL;
+		}
+
+		relative_path = ldb_relative_path(ldb, mem_ctx, privateKeytab);
+		if (!relative_path) {
+			return NULL;
+		}
+		file_keytab = talloc_asprintf(mem_ctx, "FILE:%s", relative_path);
+		talloc_free(relative_path);
+		return file_keytab;
+	}
+	return NULL;
+}
+
diff --git a/source4/param/secrets.h b/source4/param/secrets.h
new file mode 100644
index 0000000..1d2dc2b
--- /dev/null
+++ b/source4/param/secrets.h
@@ -0,0 +1,51 @@
+/*
+ * Unix SMB/CIFS implementation. 
+ * secrets.tdb file format info
+ * Copyright (C) Andrew Tridgell              2000
+ * 
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 3 of the License, or (at your
+ * option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, see <http://www.gnu.org/licenses/>.  
+ */
+
+#ifndef _SOURCE4_PARAM_SECRETS_H
+#define _SOURCE4_PARAM_SECRETS_H
+
+#define SECRETS_PRIMARY_DOMAIN_DN "cn=Primary Domains"
+#define SECRETS_PRINCIPALS_DN "cn=Principals"
+#define SECRETS_PRIMARY_DOMAIN_FILTER "(&(flatname=%s)(objectclass=primaryDomain))"
+#define SECRETS_PRIMARY_REALM_FILTER "(&(realm=%s)(objectclass=primaryDomain))"
+#define SECRETS_KRBTGT_SEARCH "(&((|(realm=%s)(flatname=%s))(samAccountName=krbtgt)))"
+#define SECRETS_PRINCIPAL_SEARCH "(&(|(realm=%s)(flatname=%s))(servicePrincipalName=%s))"
+#define SECRETS_LDAP_FILTER "(&(objectclass=ldapSecret)(cn=SAMDB Credentials))"
+
+struct loadparm_context;
+struct tevent_context;
+struct ldb_message;
+struct ldb_context;
+
+#include "librpc/gen_ndr/misc.h"
+
+bool randseed_init(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx);
+
+struct ldb_context *secrets_db_create(TALLOC_CTX *mem_ctx,
+				      struct loadparm_context *lp_ctx);
+struct ldb_context *secrets_db_connect(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx);
+struct dom_sid *secrets_get_domain_sid(TALLOC_CTX *mem_ctx,
+				       struct loadparm_context *lp_ctx,
+				       const char *domain,
+				       enum netr_SchannelType *sec_channel_type,
+				       char **errstring);
+char *keytab_name_from_msg(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, struct ldb_message *msg);
+
+
+#endif /* _SOURCE4_PARAM_SECRETS_H */
diff --git a/source4/param/share.c b/source4/param/share.c
new file mode 100644
index 0000000..aa477c7
--- /dev/null
+++ b/source4/param/share.c
@@ -0,0 +1,156 @@
+/* 
+   Unix SMB/CIFS implementation.
+   
+   Modular shares configuration system
+   
+   Copyright (C) Simo Sorce	2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "param/share.h"
+#include "param/param.h"
+#include "lib/util/samba_modules.h"
+
+char *share_string_option(TALLOC_CTX *mem_ctx, struct share_config *scfg, const char *opt_name, const char *defval)
+{
+	return scfg->ctx->ops->string_option(mem_ctx, scfg, opt_name, defval);
+}
+
+int share_int_option(struct share_config *scfg, const char *opt_name, int defval)
+{
+	return scfg->ctx->ops->int_option(scfg, opt_name, defval);
+}
+
+bool share_bool_option(struct share_config *scfg, const char *opt_name, bool defval)
+{
+	return scfg->ctx->ops->bool_option(scfg, opt_name, defval);
+}
+
+const char **share_string_list_option(TALLOC_CTX *mem_ctx, struct share_config *scfg, const char *opt_name)
+{
+	return scfg->ctx->ops->string_list_option(mem_ctx, scfg, opt_name);
+}
+
+NTSTATUS share_list_all(TALLOC_CTX *mem_ctx, struct share_context *sctx, int *count, const char ***names)
+{
+	return sctx->ops->list_all(mem_ctx, sctx, count, names);
+}
+
+NTSTATUS share_get_config(TALLOC_CTX *mem_ctx, struct share_context *sctx, const char *name, struct share_config **scfg)
+{
+	return sctx->ops->get_config(mem_ctx, sctx, name, scfg);
+}
+
+NTSTATUS share_create(struct share_context *sctx, const char *name, struct share_info *info, int count)
+{
+	if (sctx->ops->create) {
+		return sctx->ops->create(sctx, name, info, count);
+	}
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+NTSTATUS share_set(struct share_context *sctx, const char *name, struct share_info *info, int count)
+{
+	if (sctx->ops->set) {
+		return sctx->ops->set(sctx, name, info, count);
+	}
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+NTSTATUS share_remove(struct share_context *sctx, const char *name)
+{
+	if (sctx->ops->remove) {
+		return sctx->ops->remove(sctx, name);
+	}
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/* List of currently available share backends */
+static struct share_ops **backends = NULL;
+
+static const struct share_ops *share_backend_by_name(const char *name)
+{
+	int i;
+
+	for (i = 0; backends && backends[i]; i++) {
+		if (strcmp(backends[i]->name, name) == 0) {
+			return backends[i];
+		}
+	}
+
+	return NULL;
+}
+
+/*
+  Register the share backend
+*/
+NTSTATUS share_register(const struct share_ops *ops)
+{
+	int i;
+
+	if (share_backend_by_name(ops->name) != NULL) {
+		DEBUG(0,("SHARE backend [%s] already registered\n", ops->name));
+		return NT_STATUS_OBJECT_NAME_COLLISION;
+	}
+
+	i = 0;
+	while (backends && backends[i]) {
+		i++;
+	}
+
+	backends = realloc_p(backends, struct share_ops *, i + 2);
+	if (!backends) {
+		smb_panic("out of memory in share_register");
+	}
+
+	backends[i] = (struct share_ops *)smb_xmemdup(ops, sizeof(*ops));
+	backends[i]->name = smb_xstrdup(ops->name);
+
+	backends[i + 1] = NULL;
+
+	DEBUG(3, ("SHARE backend [%s] registered.\n", ops->name));
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS share_get_context(TALLOC_CTX *mem_ctx,
+			   struct loadparm_context *lp_ctx,
+			   struct share_context **ctx)
+{
+	const struct share_ops *ops;
+
+	ops = share_backend_by_name("classic");
+	if (!ops) {
+		DEBUG(0, ("share_init_connection: share backend [classic] not found!\n"));
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	return ops->init(mem_ctx, ops, lp_ctx, ctx);
+}
+
+/*
+  initialise the SHARE subsystem
+*/
+NTSTATUS share_init(void)
+{
+#define _MODULE_PROTO(init) extern NTSTATUS init(TALLOC_CTX *);
+	STATIC_share_MODULES_PROTO;
+	init_module_fn static_init[] = { STATIC_share_MODULES };
+
+	run_init_functions(NULL, static_init);
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/param/share.h b/source4/param/share.h
new file mode 100644
index 0000000..087697a
--- /dev/null
+++ b/source4/param/share.h
@@ -0,0 +1,149 @@
+/* 
+   Unix SMB/CIFS implementation.
+   
+   Modular services configuration
+   
+   Copyright (C) Simo Sorce	2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _SHARE_H
+#define _SHARE_H
+
+struct share_ops;
+
+struct share_context {
+	const struct share_ops *ops;
+	void *priv_data;
+};
+
+struct share_config {
+	const char *name;
+	struct share_context *ctx;
+	void *opaque;
+};
+
+enum share_info_type {
+	SHARE_INFO_STRING,
+	SHARE_INFO_INT,
+	SHARE_INFO_BLOB
+};
+
+struct share_info {
+	enum share_info_type type;
+	const char *name;
+	void *value;
+};
+
+struct tevent_context;
+
+struct share_ops {
+	const char *name;
+	NTSTATUS (*init)(TALLOC_CTX *, const struct share_ops*,
+			 struct loadparm_context *lp_ctx,
+			 struct share_context **);
+	char *(*string_option)(TALLOC_CTX *, struct share_config *, const char *, const char *);
+	int (*int_option)(struct share_config *, const char *, int);
+	bool (*bool_option)(struct share_config *, const char *, bool);
+	const char **(*string_list_option)(TALLOC_CTX *, struct share_config *, const char *);
+	NTSTATUS (*list_all)(TALLOC_CTX *, struct share_context *, int *, const char ***);
+	NTSTATUS (*get_config)(TALLOC_CTX *, struct share_context *, const char *, struct share_config **);
+	NTSTATUS (*create)(struct share_context *, const char *, struct share_info *, int);
+	NTSTATUS (*set)(struct share_context *, const char *, struct share_info *, int);
+	NTSTATUS (*remove)(struct share_context *, const char *);
+};
+
+struct loadparm_context;
+
+char *share_string_option(TALLOC_CTX *mem_ctx, struct share_config *scfg, const char *opt_name, const char *defval);
+int share_int_option(struct share_config *scfg, const char *opt_name, int defval);
+bool share_bool_option(struct share_config *scfg, const char *opt_name, bool defval);
+const char **share_string_list_option(TALLOC_CTX *mem_ctx, struct share_config *scfg, const char *opt_name);
+NTSTATUS share_list_all(TALLOC_CTX *mem_ctx, struct share_context *sctx, int *count, const char ***names);
+NTSTATUS share_get_config(TALLOC_CTX *mem_ctx, struct share_context *sctx, const char *name, struct share_config **scfg);
+NTSTATUS share_create(struct share_context *sctx, const char *name, struct share_info *info, int count);
+NTSTATUS share_set(struct share_context *sctx, const char *name, struct share_info *info, int count);
+NTSTATUS share_remove(struct share_context *sctx, const char *name);
+NTSTATUS share_register(const struct share_ops *ops);
+NTSTATUS share_get_context(TALLOC_CTX *mem_ctx,
+			   struct loadparm_context *lp_ctx,
+			   struct share_context **ctx);
+NTSTATUS share_init(void);
+
+/* list of shares options */
+
+#define SHARE_NAME		"name"
+#define SHARE_PATH		"path"
+#define SHARE_COMMENT		"comment"
+#define SHARE_PASSWORD		"password"
+#define SHARE_HOSTS_ALLOW	"hosts-allow"
+#define SHARE_HOSTS_DENY	"hosts-deny"
+#define SHARE_NTVFS_HANDLER	"ntvfs-handler"
+#define SHARE_TYPE		"type"
+#define SHARE_CSC_POLICY	"csc-policy"
+#define SHARE_AVAILABLE		"available"
+#define SHARE_BROWSEABLE	"browseable"
+#define SHARE_MAX_CONNECTIONS	"max-connections"
+
+/* I'd like to see the following options go away
+ * and always use EAs and SECDESCs */
+#define SHARE_READONLY		"readonly"
+#define SHARE_MAP_SYSTEM	"map-system"
+#define SHARE_MAP_HIDDEN	"map-hidden"
+#define SHARE_MAP_ARCHIVE	"map-archive"
+
+#define SHARE_STRICT_LOCKING	"strict-locking"
+#define SHARE_OPLOCKS	        "oplocks"
+#define SHARE_STRICT_SYNC	"strict-sync"
+#define SHARE_MSDFS_ROOT	"msdfs-root"
+#define SHARE_CI_FILESYSTEM	"ci-filesystem"
+
+#define SHARE_DIR_MASK             "directory mask"
+#define SHARE_CREATE_MASK          "create mask"
+#define SHARE_FORCE_CREATE_MODE    "force create mode"
+#define SHARE_FORCE_DIR_MODE       "force directory mode"
+
+/* defaults */
+
+#define SHARE_HOST_ALLOW_DEFAULT	NULL
+#define SHARE_HOST_DENY_DEFAULT		NULL
+#define SHARE_VOLUME_DEFAULT		NULL
+#define SHARE_TYPE_DEFAULT		"DISK"	
+#define SHARE_CSC_POLICY_DEFAULT	0
+#define SHARE_AVAILABLE_DEFAULT		true
+#define SHARE_BROWSEABLE_DEFAULT	true
+#define SHARE_MAX_CONNECTIONS_DEFAULT	0
+
+#define SHARE_DIR_MASK_DEFAULT                   0755
+#define SHARE_CREATE_MASK_DEFAULT                0744
+#define SHARE_FORCE_CREATE_MODE_DEFAULT          0000
+#define SHARE_FORCE_DIR_MODE_DEFAULT             0000
+
+
+
+/* I'd like to see the following options go away
+ * and always use EAs and SECDESCs */
+#define SHARE_READONLY_DEFAULT		true
+#define SHARE_MAP_SYSTEM_DEFAULT	false
+#define SHARE_MAP_HIDDEN_DEFAULT	false
+#define SHARE_MAP_ARCHIVE_DEFAULT	true
+
+#define SHARE_STRICT_LOCKING_DEFAULT	true
+#define SHARE_OPLOCKS_DEFAULT	true
+#define SHARE_STRICT_SYNC_DEFAULT	false
+#define SHARE_MSDFS_ROOT_DEFAULT	false
+#define SHARE_CI_FILESYSTEM_DEFAULT	false
+
+#endif /* _SHARE_H */
diff --git a/source4/param/share_classic.c b/source4/param/share_classic.c
new file mode 100644
index 0000000..d03558d
--- /dev/null
+++ b/source4/param/share_classic.c
@@ -0,0 +1,385 @@
+/* 
+   Unix SMB/CIFS implementation.
+   
+   Classic file based shares configuration
+   
+   Copyright (C) Simo Sorce	2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "param/share.h"
+#include "param/param.h"
+
+NTSTATUS share_classic_init(TALLOC_CTX *);
+
+static NTSTATUS sclassic_init(TALLOC_CTX *mem_ctx, 
+			      const struct share_ops *ops, 
+			      struct loadparm_context *lp_ctx,
+			      struct share_context **ctx)
+{
+	*ctx = talloc(mem_ctx, struct share_context);
+	if (!*ctx) {
+		DEBUG(0, ("ERROR: Out of memory!\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	(*ctx)->ops = ops;
+	(*ctx)->priv_data = lp_ctx;
+
+	return NT_STATUS_OK;
+}
+
+static char *sclassic_string_option(TALLOC_CTX *mem_ctx,
+				    struct share_config *scfg,
+				    const char *opt_name,
+				    const char *defval)
+{
+	struct loadparm_service *s = talloc_get_type(scfg->opaque, 
+						     struct loadparm_service);
+	struct loadparm_context *lp_ctx = talloc_get_type(scfg->ctx->priv_data,
+							  struct loadparm_context);
+	char *parm, *val;
+	const char *ret;
+
+	if (strchr(opt_name, ':')) {
+		parm = talloc_strdup(scfg, opt_name);
+		if (!parm) {
+			return NULL;
+		}
+		val = strchr(parm, ':');
+		*val = '\0';
+		val++;
+
+		ret = lpcfg_parm_string(lp_ctx, s, parm, val);
+		if (!ret) {
+			ret = defval;
+		}
+		talloc_free(parm);
+		return talloc_strdup(mem_ctx, ret);
+	}
+
+	if (strcmp(opt_name, SHARE_NAME) == 0) {
+		return talloc_strdup(mem_ctx, scfg->name);
+	}
+
+	if (strcmp(opt_name, SHARE_PATH) == 0) {
+		return lpcfg_path(s, lpcfg_default_service(lp_ctx), mem_ctx);
+	}
+
+	if (strcmp(opt_name, SHARE_COMMENT) == 0) {
+		return lpcfg_comment(s, lpcfg_default_service(lp_ctx), mem_ctx);
+	}
+
+	if (strcmp(opt_name, SHARE_TYPE) == 0) {
+		if (lpcfg_printable(s, lpcfg_default_service(lp_ctx))) {
+			return talloc_strdup(mem_ctx, "PRINTER");
+		}
+		if (strcmp("NTFS", lpcfg_fstype(s, lpcfg_default_service(lp_ctx))) == 0) {
+			return talloc_strdup(mem_ctx, "DISK");
+		}
+		return talloc_strdup(mem_ctx, lpcfg_fstype(s, lpcfg_default_service(lp_ctx)));
+	}
+
+	if (strcmp(opt_name, SHARE_PASSWORD) == 0) {
+		return talloc_strdup(mem_ctx, defval);
+	}
+
+	DEBUG(0,("request for unknown share string option '%s'\n",
+		 opt_name));
+
+	return talloc_strdup(mem_ctx, defval);
+}
+
+static int sclassic_int_option(struct share_config *scfg, const char *opt_name, int defval)
+{
+	struct loadparm_service *s = talloc_get_type(scfg->opaque, 
+						     struct loadparm_service);
+	struct loadparm_context *lp_ctx = talloc_get_type(scfg->ctx->priv_data,
+							  struct loadparm_context);
+	char *parm, *val;
+	int ret;
+
+	if (strchr(opt_name, ':')) {
+		parm = talloc_strdup(scfg, opt_name);
+		if (!parm) {
+			return -1;
+		}
+		val = strchr(parm, ':');
+		*val = '\0';
+		val++;
+
+		ret = lpcfg_parm_int(lp_ctx, s, parm, val, defval);
+		if (!ret) {
+			ret = defval;
+		}
+		talloc_free(parm);
+		return ret;
+	}
+
+	if (strcmp(opt_name, SHARE_CSC_POLICY) == 0) {
+		return lpcfg_csc_policy(s, lpcfg_default_service(lp_ctx));
+	}
+
+	if (strcmp(opt_name, SHARE_MAX_CONNECTIONS) == 0) {
+		return lpcfg_max_connections(s, lpcfg_default_service(lp_ctx));
+	}
+
+	if (strcmp(opt_name, SHARE_CREATE_MASK) == 0) {
+		return lpcfg_create_mask(s, lpcfg_default_service(lp_ctx));
+	}
+
+	if (strcmp(opt_name, SHARE_DIR_MASK) == 0) {
+		return lpcfg_directory_mask(s, lpcfg_default_service(lp_ctx));
+	}
+
+	if (strcmp(opt_name, SHARE_FORCE_DIR_MODE) == 0) {
+		return lpcfg_force_directory_mode(s, lpcfg_default_service(lp_ctx));
+	}
+
+	if (strcmp(opt_name, SHARE_FORCE_CREATE_MODE) == 0) {
+		return lpcfg_force_create_mode(s, lpcfg_default_service(lp_ctx));
+	}
+
+
+	DEBUG(0,("request for unknown share int option '%s'\n",
+		 opt_name));
+
+	return defval;
+}
+
+static bool sclassic_bool_option(struct share_config *scfg, const char *opt_name, 
+			  bool defval)
+{
+	struct loadparm_service *s = talloc_get_type(scfg->opaque, 
+						     struct loadparm_service);
+	struct loadparm_context *lp_ctx = talloc_get_type(scfg->ctx->priv_data,
+							  struct loadparm_context);
+	char *parm, *val;
+	bool ret;
+
+	if (strchr(opt_name, ':')) {
+		parm = talloc_strdup(scfg, opt_name);
+		if(!parm) {
+			return false;
+		}
+		val = strchr(parm, ':');
+		*val = '\0';
+		val++;
+
+		ret = lpcfg_parm_bool(lp_ctx, s, parm, val, defval);
+		talloc_free(parm);
+		return ret;
+	}
+
+	if (strcmp(opt_name, SHARE_AVAILABLE) == 0) {
+		return s != NULL;
+	}
+
+	if (strcmp(opt_name, SHARE_BROWSEABLE) == 0) {
+		return lpcfg_browseable(s, lpcfg_default_service(lp_ctx));
+	}
+
+	if (strcmp(opt_name, SHARE_READONLY) == 0) {
+		return lpcfg_read_only(s, lpcfg_default_service(lp_ctx));
+	}
+
+	if (strcmp(opt_name, SHARE_MAP_SYSTEM) == 0) {
+		return lpcfg_map_system(s, lpcfg_default_service(lp_ctx));
+	}
+
+	if (strcmp(opt_name, SHARE_MAP_HIDDEN) == 0) {
+		return lpcfg_map_hidden(s, lpcfg_default_service(lp_ctx));
+	}
+
+	if (strcmp(opt_name, SHARE_MAP_ARCHIVE) == 0) {
+		return lpcfg_map_archive(s, lpcfg_default_service(lp_ctx));
+	}
+
+	if (strcmp(opt_name, SHARE_STRICT_LOCKING) == 0) {
+		return lpcfg_strict_locking(s, lpcfg_default_service(lp_ctx));
+	}
+
+	if (strcmp(opt_name, SHARE_OPLOCKS) == 0) {
+		return lpcfg_oplocks(s, lpcfg_default_service(lp_ctx));
+	}
+
+	if (strcmp(opt_name, SHARE_STRICT_SYNC) == 0) {
+		return lpcfg_strict_sync(s, lpcfg_default_service(lp_ctx));
+	}
+
+	if (strcmp(opt_name, SHARE_MSDFS_ROOT) == 0) {
+		return lpcfg_msdfs_root(s, lpcfg_default_service(lp_ctx));
+	}
+
+	if (strcmp(opt_name, SHARE_CI_FILESYSTEM) == 0) {
+		int case_sensitive = lpcfg_case_sensitive(s, lpcfg_default_service(lp_ctx));
+		/*
+		 * Yes, this confusingly named option means Samba acts
+		 * case sensitive, so that the filesystem can act case
+		 * insensitive.
+		 *
+		 */
+		if (case_sensitive == Auto) {
+			/* Auto is for unix extensions and unix
+			 * clients, which we don't support here.
+			 * Samba needs to do the case changing,
+			 * because the filesystem is case
+			 * sensitive  */
+			return false;
+		} else if (case_sensitive) {
+			/* True means that Samba won't do anything to
+			 * change the case of incoming requests.
+			 * Essentially this means we trust the file
+			 * system to be case insensitive */
+			return true;
+		} else {
+			/* False means that Smaba needs to do the case
+			 * changing, because the filesystem is case
+			 * sensitive */
+			return false;
+		}
+	}
+
+	DEBUG(0,("request for unknown share bool option '%s'\n",
+		 opt_name));
+
+	return defval;
+}
+
+static const char **sclassic_string_list_option(TALLOC_CTX *mem_ctx, struct share_config *scfg, const char *opt_name)
+{
+	struct loadparm_service *s = talloc_get_type(scfg->opaque, 
+						     struct loadparm_service);
+	struct loadparm_context *lp_ctx = talloc_get_type(scfg->ctx->priv_data,
+							  struct loadparm_context);
+	char *parm, *val;
+	const char **ret;
+
+	if (strchr(opt_name, ':')) {
+		parm = talloc_strdup(scfg, opt_name);
+		if (!parm) {
+			return NULL;
+		}
+		val = strchr(parm, ':');
+		*val = '\0';
+		val++;
+
+		ret = lpcfg_parm_string_list(mem_ctx, lp_ctx, s, parm, val, ",;");
+		talloc_free(parm);
+		return ret;
+	}
+
+	if (strcmp(opt_name, SHARE_HOSTS_ALLOW) == 0) {
+		return lpcfg_hosts_allow(s, lpcfg_default_service(lp_ctx));
+	}
+
+	if (strcmp(opt_name, SHARE_HOSTS_DENY) == 0) {
+		return lpcfg_hosts_deny(s, lpcfg_default_service(lp_ctx));
+	}
+
+	if (strcmp(opt_name, SHARE_NTVFS_HANDLER) == 0) {
+		return lpcfg_ntvfs_handler(s, lpcfg_default_service(lp_ctx));
+	}
+
+	DEBUG(0,("request for unknown share list option '%s'\n",
+		 opt_name));
+
+	return NULL;
+}
+
+static NTSTATUS sclassic_list_all(TALLOC_CTX *mem_ctx,
+				  struct share_context *ctx,
+				  int *count,
+				  const char ***names)
+{
+	int i;
+	int num_services;
+	const char **n;
+       
+	num_services = lpcfg_numservices((struct loadparm_context *)ctx->priv_data);
+
+	n = talloc_array(mem_ctx, const char *, num_services);
+	if (!n) {
+		DEBUG(0,("ERROR: Out of memory!\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i = 0; i < num_services; i++) {
+		n[i] = talloc_strdup(n, lpcfg_servicename(lpcfg_servicebynum((struct loadparm_context *)ctx->priv_data, i)));
+		if (!n[i]) {
+			DEBUG(0,("ERROR: Out of memory!\n"));
+			talloc_free(n);
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
+	*names = n;
+	*count = num_services;
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS sclassic_get_config(TALLOC_CTX *mem_ctx,
+				    struct share_context *ctx,
+				    const char *name,
+				    struct share_config **scfg)
+{
+	struct share_config *s;
+	struct loadparm_service *service;
+
+	service = lpcfg_service((struct loadparm_context *)ctx->priv_data, name);
+
+	if (service == NULL) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	s = talloc(mem_ctx, struct share_config);
+	if (!s) {
+		DEBUG(0,("ERROR: Out of memory!\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	s->name = talloc_strdup(s, lpcfg_servicename(service));
+	if (!s->name) {
+		DEBUG(0,("ERROR: Out of memory!\n"));
+		talloc_free(s);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	s->opaque = (void *)service;
+	s->ctx = ctx;
+	
+	*scfg = s;
+
+	return NT_STATUS_OK;
+}
+
+static const struct share_ops ops = {
+	.name = "classic",
+	.init = sclassic_init,
+	.string_option = sclassic_string_option,
+	.int_option = sclassic_int_option,
+	.bool_option = sclassic_bool_option,
+	.string_list_option = sclassic_string_list_option,
+	.list_all = sclassic_list_all,
+	.get_config = sclassic_get_config
+};
+
+NTSTATUS share_classic_init(TALLOC_CTX *ctx)
+{
+	return share_register(&ops);
+}
+
diff --git a/source4/param/tests/loadparm.c b/source4/param/tests/loadparm.c
new file mode 100644
index 0000000..6a6e33e
--- /dev/null
+++ b/source4/param/tests/loadparm.c
@@ -0,0 +1,271 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "param/share.h"
+#include "param/param.h"
+#include "torture/torture.h"
+#include "torture/local/proto.h"
+#include "libds/common/roles.h"
+
+static bool test_create(struct torture_context *tctx)
+{
+	struct loadparm_context *lp_ctx = loadparm_init(tctx);
+	torture_assert(tctx, lp_ctx != NULL, "lp_ctx");
+	return true;
+}
+
+static bool test_set_option(struct torture_context *tctx)
+{
+	struct loadparm_context *lp_ctx = loadparm_init(tctx);
+	torture_assert(tctx, lpcfg_set_option(lp_ctx, "workgroup=werkgroep"), "lpcfg_set_option failed");
+	torture_assert_str_equal(tctx, "WERKGROEP", lpcfg_workgroup(lp_ctx), "workgroup");
+	return true;
+}
+
+static bool test_set_cmdline(struct torture_context *tctx)
+{
+	struct loadparm_context *lp_ctx = loadparm_init(tctx);
+	torture_assert(tctx, lpcfg_set_cmdline(lp_ctx, "workgroup", "werkgroep"), "lpcfg_set_cmdline failed");
+	torture_assert(tctx, lpcfg_do_global_parameter(lp_ctx, "workgroup", "barbla"), "lpcfg_set_option failed");
+	torture_assert_str_equal(tctx, "WERKGROEP", lpcfg_workgroup(lp_ctx), "workgroup");
+	return true;
+}
+
+static bool test_do_global_parameter(struct torture_context *tctx)
+{
+	struct loadparm_context *lp_ctx = loadparm_init(tctx);
+	torture_assert(tctx, lpcfg_do_global_parameter(lp_ctx, "workgroup", "werkgroep42"),
+		       "lpcfg_set_cmdline failed");
+	torture_assert_str_equal(tctx, lpcfg_workgroup(lp_ctx), "WERKGROEP42", "workgroup");
+	return true;
+}
+
+
+static bool test_do_global_parameter_var(struct torture_context *tctx)
+{
+	struct loadparm_context *lp_ctx = loadparm_init(tctx);
+	torture_assert(tctx, lpcfg_do_global_parameter_var(lp_ctx, "workgroup", "werk%s%d", "groep", 42),
+		       "lpcfg_set_cmdline failed");
+	torture_assert_str_equal(tctx, lpcfg_workgroup(lp_ctx), "WERKGROEP42", "workgroup");
+	return true;
+}
+
+
+static bool test_set_option_invalid(struct torture_context *tctx)
+{
+	struct loadparm_context *lp_ctx = loadparm_init(tctx);
+	torture_assert(tctx, !lpcfg_set_option(lp_ctx, "workgroup"), "lpcfg_set_option succeeded");
+	return true;
+}
+
+static bool test_set_option_parametric(struct torture_context *tctx)
+{
+	struct loadparm_context *lp_ctx = loadparm_init(tctx);
+	torture_assert(tctx, lpcfg_set_option(lp_ctx, "some:thing=blaat"), "lpcfg_set_option failed");
+	torture_assert_str_equal(tctx, lpcfg_parm_string(lp_ctx, NULL, "some", "thing"), "blaat",
+				 "invalid parametric option");
+	return true;
+}
+
+static bool test_lp_parm_double(struct torture_context *tctx)
+{
+	struct loadparm_context *lp_ctx = loadparm_init(tctx);
+	torture_assert(tctx, lpcfg_set_option(lp_ctx, "some:thing=3.4"), "lpcfg_set_option failed");
+	torture_assert(tctx, lpcfg_parm_double(lp_ctx, NULL, "some", "thing", 2.0) == 3.4,
+				 "invalid parametric option");
+	torture_assert(tctx, lpcfg_parm_double(lp_ctx, NULL, "some", "bla", 2.0) == 2.0,
+				 "invalid parametric option");
+	return true;
+}
+
+static bool test_lp_parm_bool(struct torture_context *tctx)
+{
+	struct loadparm_context *lp_ctx = loadparm_init(tctx);
+	torture_assert(tctx, lpcfg_set_option(lp_ctx, "some:thing=true"), "lpcfg_set_option failed");
+	torture_assert(tctx, lpcfg_parm_bool(lp_ctx, NULL, "some", "thing", false) == true,
+				 "invalid parametric option");
+	torture_assert(tctx, lpcfg_parm_bool(lp_ctx, NULL, "some", "bla", true) == true,
+				 "invalid parametric option");
+	return true;
+}
+
+static bool test_lp_parm_int(struct torture_context *tctx)
+{
+	struct loadparm_context *lp_ctx = loadparm_init(tctx);
+	torture_assert(tctx, lpcfg_set_option(lp_ctx, "some:thing=34"), "lpcfg_set_option failed");
+	torture_assert_int_equal(tctx, lpcfg_parm_int(lp_ctx, NULL, "some", "thing", 20), 34,
+				 "invalid parametric option");
+	torture_assert_int_equal(tctx, lpcfg_parm_int(lp_ctx, NULL, "some", "bla", 42), 42,
+				 "invalid parametric option");
+	return true;
+}
+
+static bool test_lp_parm_bytes(struct torture_context *tctx)
+{
+	struct loadparm_context *lp_ctx = loadparm_init(tctx);
+	torture_assert(tctx, lpcfg_set_option(lp_ctx, "some:thing=16K"), "lpcfg_set_option failed");
+	torture_assert_int_equal(tctx, lpcfg_parm_bytes(lp_ctx, NULL, "some", "thing", 20), 16 * 1024,
+				 "invalid parametric option");
+	torture_assert_int_equal(tctx, lpcfg_parm_bytes(lp_ctx, NULL, "some", "bla", 42), 42,
+				 "invalid parametric option");
+	return true;
+}
+
+static bool test_lp_do_service_parameter(struct torture_context *tctx)
+{
+	struct loadparm_context *lp_ctx = loadparm_init(tctx);
+	struct loadparm_service *service = lpcfg_add_service(lp_ctx, lpcfg_default_service(lp_ctx), "foo");
+	torture_assert(tctx, lpcfg_do_service_parameter(lp_ctx, service,
+						     "some:thing", "foo"), "lpcfg_set_option failed");
+	torture_assert_str_equal(tctx, lpcfg_parm_string(lp_ctx, service, "some", "thing"), "foo",
+				 "invalid parametric option");
+	return true;
+}
+
+static bool test_lp_service(struct torture_context *tctx)
+{
+	struct loadparm_context *lp_ctx = loadparm_init(tctx);
+	struct loadparm_service *service = lpcfg_add_service(lp_ctx, lpcfg_default_service(lp_ctx), "foo");
+	torture_assert(tctx, service == lpcfg_service(lp_ctx, "foo"), "invalid service");
+	return true;
+}
+
+static bool test_server_role_default(struct torture_context *tctx)
+{
+	struct loadparm_context *lp_ctx = loadparm_init(tctx);
+	torture_assert_int_equal(tctx, lpcfg_server_role(lp_ctx), ROLE_STANDALONE, "ROLE should be standalone by default");
+	torture_assert_int_equal(tctx, lpcfg_security(lp_ctx), SEC_USER, "security should be user");
+	return true;
+}
+
+static bool test_server_role_dc_specified(struct torture_context *tctx)
+{
+	struct loadparm_context *lp_ctx = loadparm_init(tctx);
+	torture_assert(tctx, lpcfg_set_option(lp_ctx, "server role=domain controller"), "lpcfg_set_option failed");
+	torture_assert_int_equal(tctx, lpcfg_server_role(lp_ctx), ROLE_ACTIVE_DIRECTORY_DC, "ROLE should be DC");
+	torture_assert_int_equal(tctx, lpcfg_security(lp_ctx), SEC_USER, "security should be USER");
+	return true;
+}
+
+static bool test_server_role_member_specified(struct torture_context *tctx)
+{
+	struct loadparm_context *lp_ctx = loadparm_init(tctx);
+	torture_assert(tctx, lpcfg_set_option(lp_ctx, "server role=member"), "lpcfg_set_option failed");
+	torture_assert_int_equal(tctx, lpcfg_server_role(lp_ctx), ROLE_DOMAIN_MEMBER, "ROLE should be member");
+	torture_assert_int_equal(tctx, lpcfg_security(lp_ctx), SEC_ADS, "security should be ADS");
+	return true;
+}
+
+static bool test_server_role_member_specified2(struct torture_context *tctx)
+{
+	struct loadparm_context *lp_ctx = loadparm_init(tctx);
+	torture_assert(tctx, lpcfg_set_option(lp_ctx, "server role=member"), "lpcfg_set_option failed");
+	torture_assert(tctx, lpcfg_set_option(lp_ctx, "security=domain"), "lpcfg_set_option failed");
+	torture_assert_int_equal(tctx, lpcfg_server_role(lp_ctx), ROLE_DOMAIN_MEMBER, "ROLE should be member");
+	torture_assert_int_equal(tctx, lpcfg_security(lp_ctx), SEC_DOMAIN, "security should be domain");
+	return true;
+}
+
+static bool test_server_role_member_specified3(struct torture_context *tctx)
+{
+	struct loadparm_context *lp_ctx = loadparm_init(tctx);
+	torture_assert(tctx, lpcfg_set_option(lp_ctx, "server role=member"), "lpcfg_set_option failed");
+	torture_assert(tctx, lpcfg_set_option(lp_ctx, "security=ads"), "lpcfg_set_option failed");
+	torture_assert_int_equal(tctx, lpcfg_server_role(lp_ctx), ROLE_DOMAIN_MEMBER, "ROLE should be member");
+	torture_assert_int_equal(tctx, lpcfg_security(lp_ctx), SEC_ADS, "security should be ads");
+	return true;
+}
+
+static bool test_server_role_standalone_specified(struct torture_context *tctx)
+{
+	struct loadparm_context *lp_ctx = loadparm_init(tctx);
+	torture_assert(tctx, lpcfg_set_option(lp_ctx, "server role=standalone"), "lpcfg_set_option failed");
+	torture_assert_int_equal(tctx, lpcfg_server_role(lp_ctx), ROLE_STANDALONE, "ROLE should be standalone");
+	torture_assert_int_equal(tctx, lpcfg_security(lp_ctx), SEC_USER, "security should be USER");
+	return true;
+}
+
+static bool test_server_role_dc_domain_logons(struct torture_context *tctx)
+{
+	struct loadparm_context *lp_ctx = loadparm_init(tctx);
+	torture_assert(tctx, lpcfg_set_option(lp_ctx, "domain logons=true"), "lpcfg_set_option failed");
+	torture_assert_int_equal(tctx, lpcfg_server_role(lp_ctx), ROLE_DOMAIN_PDC, "ROLE should be PDC");
+	torture_assert_int_equal(tctx, lpcfg_security(lp_ctx), SEC_USER, "security should be user");
+	return true;
+}
+
+static bool test_server_role_dc_domain_logons_and_not_master(struct torture_context *tctx)
+{
+	struct loadparm_context *lp_ctx = loadparm_init(tctx);
+	torture_assert(tctx, lpcfg_set_option(lp_ctx, "domain logons=true"), "lpcfg_set_option failed");
+	torture_assert(tctx, lpcfg_set_option(lp_ctx, "domain master=false"), "lpcfg_set_option failed");
+	torture_assert_int_equal(tctx, lpcfg_server_role(lp_ctx), ROLE_DOMAIN_BDC, "ROLE should be BDC");
+	torture_assert_int_equal(tctx, lpcfg_security(lp_ctx), SEC_USER, "security should be user");
+	return true;
+}
+
+static bool test_server_role_security_ads(struct torture_context *tctx)
+{
+	struct loadparm_context *lp_ctx = loadparm_init(tctx);
+	torture_assert(tctx, lpcfg_set_option(lp_ctx, "security=ads"), "lpcfg_set_option failed");
+	torture_assert_int_equal(tctx, lpcfg_server_role(lp_ctx), ROLE_DOMAIN_MEMBER, "ROLE should be MEMBER");
+	torture_assert_int_equal(tctx, lpcfg_security(lp_ctx), SEC_ADS, "security should be ads");
+	return true;
+}
+
+static bool test_server_role_security_domain(struct torture_context *tctx)
+{
+	struct loadparm_context *lp_ctx = loadparm_init(tctx);
+	torture_assert(tctx, lpcfg_set_option(lp_ctx, "security=domain"), "lpcfg_set_option failed");
+	torture_assert_int_equal(tctx, lpcfg_server_role(lp_ctx), ROLE_DOMAIN_MEMBER, "ROLE should be MEMBER");
+	torture_assert_int_equal(tctx, lpcfg_security(lp_ctx), SEC_DOMAIN, "security should be domain");
+	return true;
+}
+
+struct torture_suite *torture_local_loadparm(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "loadparm");
+
+	torture_suite_add_simple_test(suite, "create", test_create);
+	torture_suite_add_simple_test(suite, "set_option", test_set_option);
+	torture_suite_add_simple_test(suite, "set_cmdline", test_set_cmdline);
+	torture_suite_add_simple_test(suite, "set_option_invalid", test_set_option_invalid);
+	torture_suite_add_simple_test(suite, "set_option_parametric", test_set_option_parametric);
+	torture_suite_add_simple_test(suite, "set_lp_parm_double", test_lp_parm_double);
+	torture_suite_add_simple_test(suite, "set_lp_parm_bool", test_lp_parm_bool);
+	torture_suite_add_simple_test(suite, "set_lp_parm_int", test_lp_parm_int);
+	torture_suite_add_simple_test(suite, "set_lp_parm_bytes", test_lp_parm_bytes);
+	torture_suite_add_simple_test(suite, "service_parameter", test_lp_do_service_parameter);
+	torture_suite_add_simple_test(suite, "lpcfg_service", test_lp_service);
+	torture_suite_add_simple_test(suite, "do_global_parameter_var", test_do_global_parameter_var);
+	torture_suite_add_simple_test(suite, "do_global_parameter", test_do_global_parameter);
+	torture_suite_add_simple_test(suite, "test_server_role_default", test_server_role_default);
+	torture_suite_add_simple_test(suite, "test_server_role_dc_specified", test_server_role_dc_specified);
+	torture_suite_add_simple_test(suite, "test_server_role_member_specified", test_server_role_member_specified);
+	torture_suite_add_simple_test(suite, "test_server_role_member_specified2", test_server_role_member_specified2);
+	torture_suite_add_simple_test(suite, "test_server_role_member_specified3", test_server_role_member_specified3);
+	torture_suite_add_simple_test(suite, "test_server_role_standalone_specified", test_server_role_standalone_specified);
+	torture_suite_add_simple_test(suite, "test_server_role_dc_domain_logons", test_server_role_dc_domain_logons);
+	torture_suite_add_simple_test(suite, "test_server_role_dc_domain_logons_and_not_master", test_server_role_dc_domain_logons_and_not_master);
+	torture_suite_add_simple_test(suite, "test_server_role_security_ads", test_server_role_security_ads);
+	torture_suite_add_simple_test(suite, "test_server_role_security_domain", test_server_role_security_domain);
+
+	return suite;
+}
diff --git a/source4/param/tests/share.c b/source4/param/tests/share.c
new file mode 100644
index 0000000..9ac43ba
--- /dev/null
+++ b/source4/param/tests/share.c
@@ -0,0 +1,207 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   local testing of share code
+
+   Copyright (C) Jelmer Vernooij 2007
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "param/share.h"
+#include "param/param.h"
+#include "torture/torture.h"
+#include "torture/local/proto.h"
+
+static bool test_list_empty(struct torture_context *tctx, 
+			    const void *tcase_data, 
+			    const void *test_data)
+{
+	struct share_context *ctx = (struct share_context *)discard_const(tcase_data);
+	int count;
+	const char **names;
+
+	torture_assert_ntstatus_ok(tctx, share_list_all(tctx, ctx, &count, &names),
+							   "share_list_all failed");
+
+	return true;
+}
+
+static bool test_create(struct torture_context *tctx, 
+			const void *tcase_data, 
+			const void *test_data)
+{
+	struct share_context *ctx = (struct share_context *)discard_const(tcase_data);
+	int count;
+	const char **names;
+	int i;
+	bool found = false;
+	struct share_info inf[] = { 
+		{ SHARE_INFO_STRING, SHARE_TYPE, discard_const_p(void *, "IPC$") },
+		{ SHARE_INFO_STRING, SHARE_PATH, discard_const_p(void *, "/tmp/bla") }
+	};
+	NTSTATUS status;
+
+	status = share_create(ctx, "bloe", inf, 2);
+
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED))
+		torture_skip(tctx, "Not supported by backend");
+
+	torture_assert_ntstatus_ok(tctx, status, "create_share failed");
+
+	torture_assert_ntstatus_ok(tctx, share_list_all(tctx, ctx, &count, &names),
+							   "share_list_all failed");
+
+	torture_assert(tctx, count >= 1, "creating share failed");
+
+
+	for (i = 0; i < count; i++) {
+		found |= strcmp(names[i], "bloe") == 0;
+	}
+
+	torture_assert(tctx, found, "created share found");
+
+	return true;
+}
+
+
+static bool test_create_invalid(struct torture_context *tctx, 
+				const void *tcase_data, 
+				const void *test_data)
+{
+	struct share_context *ctx = (struct share_context *)discard_const(tcase_data);
+	NTSTATUS status;
+
+	status = share_create(ctx, "bla", NULL, 0);
+
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED))
+		torture_skip(tctx, "Not supported by backend");
+
+	torture_assert_ntstatus_equal(tctx, NT_STATUS_INVALID_PARAMETER, 
+				      status,
+				      "create_share failed");
+
+	torture_assert_ntstatus_equal(tctx, NT_STATUS_INVALID_PARAMETER, 
+				      share_create(ctx, NULL, NULL, 0),
+				      "create_share failed");
+
+	return true;
+}
+
+static bool test_share_remove_invalid(struct torture_context *tctx, 
+				      const void *tcase_data, 
+				      const void *test_data)
+{
+	struct share_context *ctx = (struct share_context *)discard_const(tcase_data);
+	NTSTATUS status;
+
+	status = share_remove(ctx, "nonexistent");
+
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED))
+		torture_skip(tctx, "Not supported by backend");
+
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_UNSUCCESSFUL, "remove fails");
+
+	return true;
+}
+
+
+
+static bool test_share_remove(struct torture_context *tctx, 
+			      const void *tcase_data, 
+			      const void *test_data)
+{
+	struct share_context *ctx = (struct share_context *)discard_const(tcase_data);
+	struct share_info inf[] = { 
+		{ SHARE_INFO_STRING, SHARE_TYPE, discard_const_p(void *, "IPC$") },
+		{ SHARE_INFO_STRING, SHARE_PATH, discard_const_p(void *, "/tmp/bla") }
+	};
+	NTSTATUS status;
+
+	status = share_create(ctx, "blie", inf, 2);
+
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED))
+		torture_skip(tctx, "Not supported by backend");
+
+	torture_assert_ntstatus_ok(tctx, status, "create_share failed");
+
+	torture_assert_ntstatus_ok(tctx, share_remove(ctx, "blie"), "remove failed");
+
+	return true;
+}
+
+static bool test_double_create(struct torture_context *tctx, 
+			       const void *tcase_data, 
+			       const void *test_data)
+{
+	struct share_context *ctx = (struct share_context *)discard_const(tcase_data);
+	struct share_info inf[] = { 
+		{ SHARE_INFO_STRING, SHARE_TYPE, discard_const_p(void *, "IPC$") },
+		{ SHARE_INFO_STRING, SHARE_PATH, discard_const_p(void *, "/tmp/bla") }
+	};
+	NTSTATUS status;
+
+	status = share_create(ctx, "bla", inf, 2);
+
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED))
+		torture_skip(tctx, "Not supported by backend");
+
+	torture_assert_ntstatus_ok(tctx, status, "create_share failed");
+
+	torture_assert_ntstatus_equal(tctx, NT_STATUS_OBJECT_NAME_COLLISION,
+				      share_create(ctx, "bla", inf, 2),
+				      "create_share failed");
+
+	return true;
+}
+
+static void tcase_add_share_tests(struct torture_tcase *tcase)
+{
+	torture_tcase_add_test_const(tcase, "list_empty", test_list_empty,NULL);
+	torture_tcase_add_test_const(tcase, "share_create", test_create, NULL);
+	torture_tcase_add_test_const(tcase, "share_remove", test_share_remove,
+			NULL);
+	torture_tcase_add_test_const(tcase, "share_remove_invalid",
+			test_share_remove_invalid, NULL);
+	torture_tcase_add_test_const(tcase, "share_create_invalid",
+			test_create_invalid, NULL);
+	torture_tcase_add_test_const(tcase, "share_double_create",
+			test_double_create, NULL);
+}
+
+static bool setup_classic(struct torture_context *tctx, void **data)
+{
+	return NT_STATUS_IS_OK(share_get_context(tctx, tctx->lp_ctx, (struct share_context **)data));
+}
+
+static bool teardown(struct torture_context *tctx, void *data)
+{
+	talloc_free(data);
+	return true;
+}
+
+struct torture_suite *torture_local_share(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "share");
+	struct torture_tcase *tcase;
+
+	share_init();
+
+	tcase = torture_suite_add_tcase(suite, "classic");
+	torture_tcase_set_fixture(tcase, setup_classic, teardown);
+	tcase_add_share_tests(tcase);
+
+	return suite;
+}
diff --git a/source4/param/wscript_build b/source4/param/wscript_build
new file mode 100644
index 0000000..d1b852c
--- /dev/null
+++ b/source4/param/wscript_build
@@ -0,0 +1,62 @@
+#!/usr/bin/env python
+name = bld.pyembed_libname('PROVISION')
+pytalloc_util = bld.pyembed_libname('pytalloc-util')
+pyparam_util = bld.pyembed_libname('pyparam_util')
+libpython = bld.pyembed_libname('LIBPYTHON')
+
+pyldb_util = bld.pyembed_libname('pyldb-util')
+bld.SAMBA_SUBSYSTEM(name,
+		    source='provision.c pyparam.c',
+		    deps='%s %s ldb %s %s' % (libpython, pyparam_util, pytalloc_util, pyldb_util),
+		    pyext=True,
+		    enabled=bld.PYTHON_BUILD_IS_ENABLED(),
+)
+
+
+bld.SAMBA_SUBSYSTEM('share',
+	source='share.c',
+	public_headers='share.h',
+	deps='samba-util samba-modules'
+	)
+
+
+bld.SAMBA_MODULE('share_classic',
+	source='share_classic.c',
+	subsystem='share',
+	init_function='share_classic_init',
+	deps='samba-util samba-hostconfig'
+	)
+
+
+bld.SAMBA_SUBSYSTEM('SECRETS',
+	source='secrets.c',
+	deps='ldb tdb-wrap util_tdb NDR_SECURITY tevent ldbwrap'
+	)
+
+pytalloc_util = bld.pyembed_libname('pytalloc-util')
+pyparam_util = bld.pyembed_libname('pyparam_util')
+libpython = bld.pyembed_libname('LIBPYTHON')
+
+bld.SAMBA_PYTHON('pyparam',
+	         source='pyparam.c',
+	         deps='samba-hostconfig %s' % pytalloc_util,
+	         realname='samba/param.so'
+	         )
+
+bld.SAMBA_SUBSYSTEM(pyparam_util,
+	            source='pyparam_util.c',
+	            deps='%s samba-hostconfig %s' % (libpython, pytalloc_util),
+	            pyext=True,
+	            enabled=bld.PYTHON_BUILD_IS_ENABLED()
+	            )
+
+bld.SAMBA_SUBSYSTEM('param_options',
+	source='loadparm.c',
+	deps='samba-hostconfig')
+
+
+bld.SAMBA_LIBRARY('shares',
+                  source=[],
+                  deps='share',
+                  grouping_library=True,
+                  private_library=True)
diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c
new file mode 100644
index 0000000..77b8b8c
--- /dev/null
+++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c
@@ -0,0 +1,1867 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   endpoint server for the backupkey interface
+
+   Copyright (C) Matthieu Patou <mat@samba.org> 2010
+   Copyright (C) Andreas Schneider <asn@samba.org> 2015
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "rpc_server/dcerpc_server.h"
+#include "rpc_server/common/common.h"
+#include "librpc/gen_ndr/ndr_backupkey.h"
+#include "dsdb/common/util.h"
+#include "dsdb/samdb/samdb.h"
+#include "lib/ldb/include/ldb_errors.h"
+#include "../lib/util/util_ldb.h"
+#include "param/param.h"
+#include "auth/session.h"
+#include "system/network.h"
+
+#include "../lib/tsocket/tsocket.h"
+#include "../libcli/security/security.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "libds/common/roles.h"
+
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+#include <gnutls/crypto.h>
+#include <gnutls/abstract.h>
+
+#include "lib/crypto/gnutls_helpers.h"
+
+#undef strncasecmp
+
+#define DCESRV_INTERFACE_BACKUPKEY_BIND(context, iface) \
+	dcesrv_interface_backupkey_bind(context, iface)
+static NTSTATUS dcesrv_interface_backupkey_bind(struct dcesrv_connection_context *context,
+						const struct dcesrv_interface *iface)
+{
+	return dcesrv_interface_bind_require_privacy(context, iface);
+}
+
+static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx,
+			       struct ldb_context *ldb,
+			       const char *name,
+			       const DATA_BLOB *lsa_secret)
+{
+	TALLOC_CTX *frame = talloc_stackframe();
+	struct ldb_message *msg;
+	struct ldb_result *res;
+	struct ldb_dn *system_dn = NULL;
+	struct ldb_val val;
+	int ret;
+	char *name2;
+	struct timeval now = timeval_current();
+	NTTIME nt_now = timeval_to_nttime(&now);
+	const char *attrs[] = {
+		NULL
+	};
+
+	msg = ldb_msg_new(frame);
+	if (msg == NULL) {
+		talloc_free(frame);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/*
+	 * This function is a lot like dcesrv_lsa_CreateSecret
+	 * in the rpc_server/lsa directory
+	 * The reason why we duplicate the effort here is that:
+	 * * we want to keep the former function static
+	 * * we want to avoid the burden of doing LSA calls
+	 *   when we can just manipulate the secrets directly
+	 * * taillor the function to the particular needs of backup protocol
+	 */
+
+	system_dn = samdb_system_container_dn(ldb, frame);
+	if (system_dn == NULL) {
+		talloc_free(frame);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	name2 = talloc_asprintf(msg, "%s Secret", name);
+	if (name2 == NULL) {
+		talloc_free(frame);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ret = ldb_search(ldb, frame, &res, system_dn, LDB_SCOPE_SUBTREE, attrs,
+			   "(&(cn=%s)(objectclass=secret))",
+			   ldb_binary_encode_string(frame, name2));
+
+	if (ret != LDB_SUCCESS ||  res->count != 0 ) {
+		DEBUG(2, ("Secret %s already exists !\n", name2));
+		talloc_free(frame);
+		return NT_STATUS_OBJECT_NAME_COLLISION;
+	}
+
+	/*
+	 * We don't care about previous value as we are
+	 * here only if the key didn't exists before
+	 */
+
+	msg->dn = ldb_dn_copy(frame, system_dn);
+	if (msg->dn == NULL) {
+		talloc_free(frame);
+		return NT_STATUS_NO_MEMORY;
+	}
+	if (!ldb_dn_add_child_fmt(msg->dn, "cn=%s", name2)) {
+		talloc_free(frame);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ret = ldb_msg_add_string(msg, "cn", name2);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(frame);
+		return NT_STATUS_NO_MEMORY;
+	}
+	ret = ldb_msg_add_string(msg, "objectClass", "secret");
+	if (ret != LDB_SUCCESS) {
+		talloc_free(frame);
+		return NT_STATUS_NO_MEMORY;
+	}
+	ret = samdb_msg_add_uint64(ldb, frame, msg, "priorSetTime", nt_now);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(frame);
+		return NT_STATUS_NO_MEMORY;
+	}
+	val.data = lsa_secret->data;
+	val.length = lsa_secret->length;
+	ret = ldb_msg_add_value(msg, "currentValue", &val, NULL);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(frame);
+		return NT_STATUS_NO_MEMORY;
+	}
+	ret = samdb_msg_add_uint64(ldb, frame, msg, "lastSetTime", nt_now);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(frame);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/*
+	 * create the secret with DSDB_MODIFY_RELAX
+	 * otherwise dsdb/samdb/ldb_modules/objectclass.c forbid
+	 * the create of LSA secret object
+	 */
+	ret = dsdb_add(ldb, msg, DSDB_MODIFY_RELAX);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(2,("Failed to create secret record %s: %s\n",
+			ldb_dn_get_linearized(msg->dn),
+			ldb_errstring(ldb)));
+		talloc_free(frame);
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	talloc_free(frame);
+	return NT_STATUS_OK;
+}
+
+/* This function is pretty much like dcesrv_lsa_QuerySecret */
+static NTSTATUS get_lsa_secret(TALLOC_CTX *mem_ctx,
+			       struct ldb_context *ldb,
+			       const char *name,
+			       DATA_BLOB *lsa_secret)
+{
+	TALLOC_CTX *tmp_mem;
+	struct ldb_result *res;
+	struct ldb_dn *system_dn = NULL;
+	const struct ldb_val *val;
+	uint8_t *data;
+	const char *attrs[] = {
+		"currentValue",
+		NULL
+	};
+	int ret;
+
+	lsa_secret->data = NULL;
+	lsa_secret->length = 0;
+
+	tmp_mem = talloc_new(mem_ctx);
+	if (tmp_mem == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	system_dn = samdb_system_container_dn(ldb, tmp_mem);
+	if (system_dn == NULL) {
+		talloc_free(tmp_mem);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ret = ldb_search(ldb, tmp_mem, &res, system_dn, LDB_SCOPE_SUBTREE, attrs,
+			   "(&(cn=%s Secret)(objectclass=secret))",
+			   ldb_binary_encode_string(tmp_mem, name));
+
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_mem);
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+	if (res->count == 0) {
+		talloc_free(tmp_mem);
+		return NT_STATUS_RESOURCE_NAME_NOT_FOUND;
+	}
+	if (res->count > 1) {
+		DEBUG(2, ("Secret %s collision\n", name));
+		talloc_free(tmp_mem);
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	val = ldb_msg_find_ldb_val(res->msgs[0], "currentValue");
+	if (val == NULL) {
+		/*
+		 * The secret object is here but we don't have the secret value
+		 * The most common case is a RODC
+		 */
+		*lsa_secret = data_blob_null;
+		talloc_free(tmp_mem);
+		return NT_STATUS_OK;
+	}
+
+	data = val->data;
+	lsa_secret->data = talloc_move(mem_ctx, &data);
+	lsa_secret->length = val->length;
+
+	talloc_free(tmp_mem);
+	return NT_STATUS_OK;
+}
+
+static int reverse_and_get_bignum(TALLOC_CTX *mem_ctx,
+				  DATA_BLOB blob,
+				  gnutls_datum_t *datum)
+{
+	uint32_t i;
+
+	datum->data = talloc_array(mem_ctx, uint8_t, blob.length);
+	if (datum->data == NULL) {
+		return -1;
+	}
+
+	for(i = 0; i < blob.length; i++) {
+		datum->data[i] = blob.data[blob.length - i - 1];
+	}
+	datum->size = blob.length;
+
+	return 0;
+}
+
+static NTSTATUS get_pk_from_raw_keypair_params(TALLOC_CTX *ctx,
+				struct bkrp_exported_RSA_key_pair *keypair,
+				gnutls_privkey_t *pk)
+{
+	gnutls_x509_privkey_t x509_privkey = NULL;
+	gnutls_privkey_t privkey = NULL;
+	gnutls_datum_t m, e, d, p, q, u, e1, e2;
+	int rc;
+
+	rc = reverse_and_get_bignum(ctx, keypair->modulus, &m);
+	if (rc != 0) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+	rc = reverse_and_get_bignum(ctx, keypair->public_exponent, &e);
+	if (rc != 0) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+	rc = reverse_and_get_bignum(ctx, keypair->private_exponent, &d);
+	if (rc != 0) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	rc = reverse_and_get_bignum(ctx, keypair->prime1, &p);
+	if (rc != 0) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+	rc = reverse_and_get_bignum(ctx, keypair->prime2, &q);
+	if (rc != 0) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	rc = reverse_and_get_bignum(ctx, keypair->coefficient, &u);
+	if (rc != 0) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	rc = reverse_and_get_bignum(ctx, keypair->exponent1, &e1);
+	if (rc != 0) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+	rc = reverse_and_get_bignum(ctx, keypair->exponent2, &e2);
+	if (rc != 0) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	rc = gnutls_x509_privkey_init(&x509_privkey);
+	if (rc != GNUTLS_E_SUCCESS) {
+		DBG_ERR("gnutls_x509_privkey_init failed - %s\n",
+			gnutls_strerror(rc));
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	rc = gnutls_x509_privkey_import_rsa_raw2(x509_privkey,
+						 &m,
+						 &e,
+						 &d,
+						 &p,
+						 &q,
+						 &u,
+						 &e1,
+						 &e2);
+	if (rc != GNUTLS_E_SUCCESS) {
+		DBG_ERR("gnutls_x509_privkey_import_rsa_raw2 failed - %s\n",
+			gnutls_strerror(rc));
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	rc = gnutls_privkey_init(&privkey);
+	if (rc != GNUTLS_E_SUCCESS) {
+		DBG_ERR("gnutls_privkey_init failed - %s\n",
+			gnutls_strerror(rc));
+		gnutls_x509_privkey_deinit(x509_privkey);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	rc = gnutls_privkey_import_x509(privkey,
+					x509_privkey,
+					GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
+	if (rc != GNUTLS_E_SUCCESS) {
+		DBG_ERR("gnutls_privkey_import_x509 failed - %s\n",
+			gnutls_strerror(rc));
+		gnutls_x509_privkey_deinit(x509_privkey);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	*pk = privkey;
+
+	return NT_STATUS_OK;
+}
+
+static WERROR get_and_verify_access_check(TALLOC_CTX *sub_ctx,
+					  uint32_t version,
+					  uint8_t *key_and_iv,
+					  uint8_t *access_check,
+					  uint32_t access_check_len,
+					  struct auth_session_info *session_info)
+{
+	struct bkrp_access_check_v2 uncrypted_accesscheckv2;
+	struct bkrp_access_check_v3 uncrypted_accesscheckv3;
+	gnutls_cipher_hd_t cipher_handle = { 0 };
+	gnutls_cipher_algorithm_t cipher_algo;
+	DATA_BLOB blob_us;
+	enum ndr_err_code ndr_err;
+	gnutls_datum_t key;
+	gnutls_datum_t iv;
+
+	struct dom_sid *access_sid = NULL;
+	struct dom_sid *caller_sid = NULL;
+	int rc;
+
+	switch (version) {
+	case 2:
+		cipher_algo = GNUTLS_CIPHER_3DES_CBC;
+		break;
+	case 3:
+		cipher_algo = GNUTLS_CIPHER_AES_256_CBC;
+		break;
+	default:
+		return WERR_INVALID_DATA;
+	}
+
+	key.data = key_and_iv;
+	key.size = gnutls_cipher_get_key_size(cipher_algo);
+
+	iv.data = key_and_iv + key.size;
+	iv.size = gnutls_cipher_get_iv_size(cipher_algo);
+
+	/* Allocate data structure for the plaintext */
+	blob_us = data_blob_talloc_zero(sub_ctx, access_check_len);
+	if (blob_us.data == NULL) {
+		return WERR_INVALID_DATA;
+	}
+
+	rc = gnutls_cipher_init(&cipher_handle,
+				cipher_algo,
+				&key,
+				&iv);
+	if (rc < 0) {
+		DBG_ERR("gnutls_cipher_init failed: %s\n",
+			gnutls_strerror(rc));
+		return WERR_INVALID_DATA;
+	}
+
+	rc = gnutls_cipher_decrypt2(cipher_handle,
+				    access_check,
+				    access_check_len,
+				    blob_us.data,
+				    blob_us.length);
+	gnutls_cipher_deinit(cipher_handle);
+	if (rc < 0) {
+		DBG_ERR("gnutls_cipher_decrypt2 failed: %s\n",
+			gnutls_strerror(rc));
+		return WERR_INVALID_DATA;
+	}
+
+	switch (version) {
+	case 2:
+	{
+		uint32_t hash_size = 20;
+		uint8_t hash[hash_size];
+		gnutls_hash_hd_t dig_ctx;
+
+		ndr_err = ndr_pull_struct_blob(&blob_us, sub_ctx, &uncrypted_accesscheckv2,
+					(ndr_pull_flags_fn_t)ndr_pull_bkrp_access_check_v2);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			/* Unable to unmarshall */
+			return WERR_INVALID_DATA;
+		}
+		if (uncrypted_accesscheckv2.magic != 0x1) {
+			/* wrong magic */
+			return WERR_INVALID_DATA;
+		}
+
+		rc = gnutls_hash_init(&dig_ctx, GNUTLS_DIG_SHA1);
+		if (rc != GNUTLS_E_SUCCESS) {
+			return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
+		}
+		rc = gnutls_hash(dig_ctx,
+				 blob_us.data,
+				 blob_us.length - hash_size);
+		gnutls_hash_deinit(dig_ctx, hash);
+		if (rc != GNUTLS_E_SUCCESS) {
+			return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
+		}
+
+		/*
+		 * We free it after the sha1 calculation because blob.data
+		 * points to the same area
+		 */
+
+		if (!mem_equal_const_time(hash, uncrypted_accesscheckv2.hash, hash_size)) {
+			DEBUG(2, ("Wrong hash value in the access check in backup key remote protocol\n"));
+			return WERR_INVALID_DATA;
+		}
+		access_sid = &(uncrypted_accesscheckv2.sid);
+		break;
+	}
+	case 3:
+	{
+		uint32_t hash_size = 64;
+		uint8_t hash[hash_size];
+		gnutls_hash_hd_t dig_ctx;
+
+		ndr_err = ndr_pull_struct_blob(&blob_us, sub_ctx, &uncrypted_accesscheckv3,
+					(ndr_pull_flags_fn_t)ndr_pull_bkrp_access_check_v3);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			/* Unable to unmarshall */
+			return WERR_INVALID_DATA;
+		}
+		if (uncrypted_accesscheckv3.magic != 0x1) {
+			/* wrong magic */
+			return WERR_INVALID_DATA;
+		}
+
+		rc = gnutls_hash_init(&dig_ctx, GNUTLS_DIG_SHA512);
+		if (rc != GNUTLS_E_SUCCESS) {
+			return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
+		}
+		rc = gnutls_hash(dig_ctx,
+				 blob_us.data,
+				 blob_us.length - hash_size);
+		gnutls_hash_deinit(dig_ctx, hash);
+		if (rc != GNUTLS_E_SUCCESS) {
+			return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
+		}
+
+		/*
+		 * We free it after the sha1 calculation because blob.data
+		 * points to the same area
+		 */
+
+		if (!mem_equal_const_time(hash, uncrypted_accesscheckv3.hash, hash_size)) {
+			DEBUG(2, ("Wrong hash value in the access check in backup key remote protocol\n"));
+			return WERR_INVALID_DATA;
+		}
+		access_sid = &(uncrypted_accesscheckv3.sid);
+		break;
+	}
+	default:
+		/* Never reached normally as we filtered at the switch / case level */
+		return WERR_INVALID_DATA;
+	}
+
+	caller_sid = &session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
+
+	if (!dom_sid_equal(caller_sid, access_sid)) {
+		return WERR_INVALID_ACCESS;
+	}
+	return WERR_OK;
+}
+
+/*
+ * We have some data, such as saved website or IMAP passwords that the
+ * client has in profile on-disk.  This needs to be decrypted.  This
+ * version gives the server the data over the network (protected by
+ * the X.509 certificate and public key encryption, and asks that it
+ * be decrypted returned for short-term use, protected only by the
+ * negotiated transport encryption.
+ *
+ * The data is NOT stored in the LSA, but a X.509 certificate, public
+ * and private keys used to encrypt the data will be stored.  There is
+ * only one active encryption key pair and certificate per domain, it
+ * is pointed at with G$BCKUPKEY_PREFERRED in the LSA secrets store.
+ *
+ * The potentially multiple valid decrypting key pairs are in turn
+ * stored in the LSA secrets store as G$BCKUPKEY_keyGuidString.
+ *
+ */
+static WERROR bkrp_client_wrap_decrypt_data(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct bkrp_BackupKey *r,
+					    struct ldb_context *ldb_ctx)
+{
+	struct auth_session_info *session_info =
+		dcesrv_call_session_info(dce_call);
+	struct bkrp_client_side_wrapped uncrypt_request;
+	DATA_BLOB blob;
+	enum ndr_err_code ndr_err;
+	char *guid_string;
+	char *cert_secret_name;
+	DATA_BLOB lsa_secret;
+	DATA_BLOB *uncrypted_data = NULL;
+	NTSTATUS status;
+	uint32_t requested_version;
+
+	blob.data = r->in.data_in;
+	blob.length = r->in.data_in_len;
+
+	if (r->in.data_in_len < 4 || r->in.data_in == NULL) {
+		return WERR_INVALID_PARAMETER;
+	}
+
+	/*
+	 * We check for the version here, so we can actually print the
+	 * message as we are unlikely to parse it with NDR.
+	 */
+	requested_version = IVAL(r->in.data_in, 0);
+	if ((requested_version != BACKUPKEY_CLIENT_WRAP_VERSION2)
+	    && (requested_version != BACKUPKEY_CLIENT_WRAP_VERSION3)) {
+		DEBUG(1, ("Request for unknown BackupKey sub-protocol %d\n", requested_version));
+		return WERR_INVALID_PARAMETER;
+	}
+
+	ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, &uncrypt_request,
+				       (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_wrapped);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return WERR_INVALID_PARAMETER;
+	}
+
+	if ((uncrypt_request.version != BACKUPKEY_CLIENT_WRAP_VERSION2)
+	    && (uncrypt_request.version != BACKUPKEY_CLIENT_WRAP_VERSION3)) {
+		DEBUG(1, ("Request for unknown BackupKey sub-protocol %d\n", uncrypt_request.version));
+		return WERR_INVALID_PARAMETER;
+	}
+
+	guid_string = GUID_string(mem_ctx, &uncrypt_request.guid);
+	if (guid_string == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	cert_secret_name = talloc_asprintf(mem_ctx,
+					   "BCKUPKEY_%s",
+					   guid_string);
+	if (cert_secret_name == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	status = get_lsa_secret(mem_ctx,
+				ldb_ctx,
+				cert_secret_name,
+				&lsa_secret);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(10, ("Error while fetching secret %s\n", cert_secret_name));
+		return WERR_INVALID_DATA;
+	} else if (lsa_secret.length == 0) {
+		/* we do not have the real secret attribute, like if we are an RODC */
+		return WERR_INVALID_PARAMETER;
+	} else {
+		struct bkrp_exported_RSA_key_pair keypair;
+		gnutls_privkey_t privkey = NULL;
+		gnutls_datum_t reversed_secret;
+		gnutls_datum_t uncrypted_secret;
+		uint32_t i;
+		DATA_BLOB blob_us;
+		WERROR werr;
+		int rc;
+
+		ndr_err = ndr_pull_struct_blob(&lsa_secret, mem_ctx, &keypair, (ndr_pull_flags_fn_t)ndr_pull_bkrp_exported_RSA_key_pair);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			DEBUG(2, ("Unable to parse the ndr encoded cert in key %s\n", cert_secret_name));
+			return WERR_FILE_NOT_FOUND;
+		}
+
+		status = get_pk_from_raw_keypair_params(mem_ctx,
+							&keypair,
+							&privkey);
+		if (!NT_STATUS_IS_OK(status)) {
+			return WERR_INTERNAL_ERROR;
+		}
+
+		reversed_secret.data = talloc_array(mem_ctx, uint8_t,
+						    uncrypt_request.encrypted_secret_len);
+		if (reversed_secret.data == NULL) {
+			gnutls_privkey_deinit(privkey);
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+
+		/* The secret has to be reversed ... */
+		for(i=0; i< uncrypt_request.encrypted_secret_len; i++) {
+			uint8_t *reversed = (uint8_t *)reversed_secret.data;
+			uint8_t *uncrypt = uncrypt_request.encrypted_secret;
+			reversed[i] = uncrypt[uncrypt_request.encrypted_secret_len - 1 - i];
+		}
+		reversed_secret.size = uncrypt_request.encrypted_secret_len;
+
+		/*
+		 * Let's try to decrypt the secret now that
+		 * we have the private key ...
+		 */
+		rc = gnutls_privkey_decrypt_data(privkey,
+						 0,
+						 &reversed_secret,
+						 &uncrypted_secret);
+		gnutls_privkey_deinit(privkey);
+		if (rc != GNUTLS_E_SUCCESS) {
+			/* We are not able to decrypt the secret, looks like something is wrong */
+			return WERR_INVALID_PARAMETER;
+		}
+		blob_us.data = uncrypted_secret.data;
+		blob_us.length = uncrypted_secret.size;
+
+		if (uncrypt_request.version == 2) {
+			struct bkrp_encrypted_secret_v2 uncrypted_secretv2;
+
+			ndr_err = ndr_pull_struct_blob(&blob_us, mem_ctx, &uncrypted_secretv2,
+					(ndr_pull_flags_fn_t)ndr_pull_bkrp_encrypted_secret_v2);
+			gnutls_free(uncrypted_secret.data);
+			if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+				/* Unable to unmarshall */
+				return WERR_INVALID_DATA;
+			}
+			if (uncrypted_secretv2.magic != 0x20) {
+				/* wrong magic */
+				return WERR_INVALID_DATA;
+			}
+
+			werr = get_and_verify_access_check(mem_ctx, 2,
+							   uncrypted_secretv2.payload_key,
+							   uncrypt_request.access_check,
+							   uncrypt_request.access_check_len,
+							   session_info);
+			if (!W_ERROR_IS_OK(werr)) {
+				return werr;
+			}
+			uncrypted_data = talloc(mem_ctx, DATA_BLOB);
+			if (uncrypted_data == NULL) {
+				return WERR_INVALID_DATA;
+			}
+
+			uncrypted_data->data = uncrypted_secretv2.secret;
+			uncrypted_data->length = uncrypted_secretv2.secret_len;
+		}
+		if (uncrypt_request.version == 3) {
+			struct bkrp_encrypted_secret_v3 uncrypted_secretv3;
+
+			ndr_err = ndr_pull_struct_blob(&blob_us, mem_ctx, &uncrypted_secretv3,
+					(ndr_pull_flags_fn_t)ndr_pull_bkrp_encrypted_secret_v3);
+			gnutls_free(uncrypted_secret.data);
+			if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+				/* Unable to unmarshall */
+				return WERR_INVALID_DATA;
+			}
+
+			if (uncrypted_secretv3.magic1 != 0x30  ||
+			    uncrypted_secretv3.magic2 != 0x6610 ||
+			    uncrypted_secretv3.magic3 != 0x800e) {
+				/* wrong magic */
+				return WERR_INVALID_DATA;
+			}
+
+			/*
+			 * Confirm that the caller is permitted to
+			 * read this particular data.  Because one key
+			 * pair is used per domain, the caller could
+			 * have stolen the profile data on-disk and
+			 * would otherwise be able to read the
+			 * passwords.
+			 */
+
+			werr = get_and_verify_access_check(mem_ctx, 3,
+							   uncrypted_secretv3.payload_key,
+							   uncrypt_request.access_check,
+							   uncrypt_request.access_check_len,
+							   session_info);
+			if (!W_ERROR_IS_OK(werr)) {
+				return werr;
+			}
+
+			uncrypted_data = talloc(mem_ctx, DATA_BLOB);
+			if (uncrypted_data == NULL) {
+				return WERR_INVALID_DATA;
+			}
+
+			uncrypted_data->data = uncrypted_secretv3.secret;
+			uncrypted_data->length = uncrypted_secretv3.secret_len;
+		}
+
+		/*
+		 * Yeah if we are here all looks pretty good:
+		 * - hash is ok
+		 * - user sid is the same as the one in access check
+		 * - we were able to decrypt the whole stuff
+		 */
+	}
+
+	if (uncrypted_data->data == NULL) {
+		return WERR_INVALID_DATA;
+	}
+
+	/* There is a magic value at the beginning of the data
+	 * we can use an ad hoc structure but as the
+	 * parent structure is just an array of bytes it is a lot of
+	 * work just prepending 4 bytes
+	 */
+	*(r->out.data_out) = talloc_zero_array(mem_ctx, uint8_t, uncrypted_data->length + 4);
+	W_ERROR_HAVE_NO_MEMORY(*(r->out.data_out));
+	memcpy(4+*(r->out.data_out), uncrypted_data->data, uncrypted_data->length);
+	*(r->out.data_out_len) = uncrypted_data->length + 4;
+
+	return WERR_OK;
+}
+
+static DATA_BLOB *reverse_and_get_blob(TALLOC_CTX *mem_ctx,
+				       gnutls_datum_t *datum)
+{
+	DATA_BLOB *blob;
+	size_t i;
+
+	blob = talloc(mem_ctx, DATA_BLOB);
+	if (blob == NULL) {
+		return NULL;
+	}
+
+	blob->length = datum->size;
+	if (datum->data[0] == '\0') {
+		/* The datum has a leading byte zero, skip it */
+		blob->length = datum->size - 1;
+	}
+	blob->data = talloc_zero_array(mem_ctx, uint8_t, blob->length);
+	if (blob->data == NULL) {
+		talloc_free(blob);
+		return NULL;
+	}
+
+	for (i = 0; i < blob->length; i++) {
+		blob->data[i] = datum->data[datum->size - i - 1];
+	}
+
+	return blob;
+}
+
+static WERROR create_privkey_rsa(gnutls_privkey_t *pk)
+{
+	int bits = 2048;
+	gnutls_x509_privkey_t x509_privkey = NULL;
+	gnutls_privkey_t privkey = NULL;
+	int rc;
+
+	rc = gnutls_x509_privkey_init(&x509_privkey);
+	if (rc != GNUTLS_E_SUCCESS) {
+		DBG_ERR("gnutls_x509_privkey_init failed - %s\n",
+			gnutls_strerror(rc));
+		return WERR_INTERNAL_ERROR;
+	}
+
+	rc = gnutls_x509_privkey_generate(x509_privkey,
+					  GNUTLS_PK_RSA,
+					  bits,
+					  0);
+	if (rc != GNUTLS_E_SUCCESS) {
+		DBG_ERR("gnutls_x509_privkey_generate failed - %s\n",
+			gnutls_strerror(rc));
+		gnutls_x509_privkey_deinit(x509_privkey);
+		return WERR_INTERNAL_ERROR;
+	}
+
+	rc = gnutls_privkey_init(&privkey);
+	if (rc != GNUTLS_E_SUCCESS) {
+		DBG_ERR("gnutls_privkey_init failed - %s\n",
+			gnutls_strerror(rc));
+		gnutls_x509_privkey_deinit(x509_privkey);
+		return WERR_INTERNAL_ERROR;
+	}
+
+	rc = gnutls_privkey_import_x509(privkey,
+					x509_privkey,
+					GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
+	if (rc != GNUTLS_E_SUCCESS) {
+		DBG_ERR("gnutls_privkey_import_x509 failed - %s\n",
+			gnutls_strerror(rc));
+		gnutls_x509_privkey_deinit(x509_privkey);
+		return WERR_INTERNAL_ERROR;
+	}
+
+	*pk = privkey;
+
+	return WERR_OK;
+}
+
+static WERROR self_sign_cert(TALLOC_CTX *mem_ctx,
+			     time_t lifetime,
+			     const char *dn,
+			     gnutls_privkey_t issuer_privkey,
+			     gnutls_x509_crt_t *certificate,
+			     DATA_BLOB *guidblob)
+{
+	gnutls_datum_t unique_id;
+	gnutls_datum_t serial_number;
+	gnutls_x509_crt_t issuer_cert;
+	gnutls_x509_privkey_t x509_issuer_privkey;
+	time_t activation = time(NULL);
+	time_t expiry = activation + lifetime;
+	const char *error_string;
+	uint8_t *reversed;
+	size_t i;
+	int rc;
+
+	unique_id.size = guidblob->length;
+	unique_id.data = talloc_memdup(mem_ctx,
+				       guidblob->data,
+				       guidblob->length);
+	if (unique_id.data == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	reversed = talloc_array(mem_ctx, uint8_t, guidblob->length);
+	if (reversed == NULL) {
+		talloc_free(unique_id.data);
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	/* Native AD generates certificates with serialnumber in reversed notation */
+	for (i = 0; i < guidblob->length; i++) {
+		uint8_t *uncrypt = guidblob->data;
+		reversed[i] = uncrypt[guidblob->length - i - 1];
+	}
+	serial_number.size = guidblob->length;
+	serial_number.data = reversed;
+
+	/* Create certificate to sign */
+	rc = gnutls_x509_crt_init(&issuer_cert);
+	if (rc != GNUTLS_E_SUCCESS) {
+		DBG_ERR("gnutls_x509_crt_init failed - %s\n",
+			gnutls_strerror(rc));
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	rc = gnutls_x509_crt_set_dn(issuer_cert, dn, &error_string);
+	if (rc != GNUTLS_E_SUCCESS) {
+		DBG_ERR("gnutls_x509_crt_set_dn failed - %s (%s)\n",
+			gnutls_strerror(rc),
+			error_string);
+		gnutls_x509_crt_deinit(issuer_cert);
+		return WERR_INVALID_PARAMETER;
+	}
+
+	rc = gnutls_x509_crt_set_issuer_dn(issuer_cert, dn, &error_string);
+	if (rc != GNUTLS_E_SUCCESS) {
+		DBG_ERR("gnutls_x509_crt_set_issuer_dn failed - %s (%s)\n",
+			gnutls_strerror(rc),
+			error_string);
+		gnutls_x509_crt_deinit(issuer_cert);
+		return WERR_INVALID_PARAMETER;
+	}
+
+	/* Get x509 privkey for subjectPublicKeyInfo */
+	rc = gnutls_x509_privkey_init(&x509_issuer_privkey);
+	if (rc != GNUTLS_E_SUCCESS) {
+		DBG_ERR("gnutls_x509_privkey_init failed - %s\n",
+			gnutls_strerror(rc));
+		gnutls_x509_crt_deinit(issuer_cert);
+		return WERR_INVALID_PARAMETER;
+	}
+
+	rc = gnutls_privkey_export_x509(issuer_privkey,
+					&x509_issuer_privkey);
+	if (rc != GNUTLS_E_SUCCESS) {
+		DBG_ERR("gnutls_x509_privkey_init failed - %s\n",
+			gnutls_strerror(rc));
+		gnutls_x509_privkey_deinit(x509_issuer_privkey);
+		gnutls_x509_crt_deinit(issuer_cert);
+		return WERR_INVALID_PARAMETER;
+	}
+
+	/* Set subjectPublicKeyInfo */
+	rc = gnutls_x509_crt_set_key(issuer_cert, x509_issuer_privkey);
+	gnutls_x509_privkey_deinit(x509_issuer_privkey);
+	if (rc != GNUTLS_E_SUCCESS) {
+		DBG_ERR("gnutls_x509_crt_set_pubkey failed - %s\n",
+			gnutls_strerror(rc));
+		gnutls_x509_crt_deinit(issuer_cert);
+		return WERR_INVALID_PARAMETER;
+	}
+
+	rc = gnutls_x509_crt_set_activation_time(issuer_cert, activation);
+	if (rc != GNUTLS_E_SUCCESS) {
+		DBG_ERR("gnutls_x509_crt_set_activation_time failed - %s\n",
+			gnutls_strerror(rc));
+		gnutls_x509_crt_deinit(issuer_cert);
+		return WERR_INVALID_PARAMETER;
+	}
+
+	rc = gnutls_x509_crt_set_expiration_time(issuer_cert, expiry);
+	if (rc != GNUTLS_E_SUCCESS) {
+		DBG_ERR("gnutls_x509_crt_set_expiration_time failed - %s\n",
+			gnutls_strerror(rc));
+		gnutls_x509_crt_deinit(issuer_cert);
+		return WERR_INVALID_PARAMETER;
+	}
+
+	rc = gnutls_x509_crt_set_version(issuer_cert, 3);
+	if (rc != GNUTLS_E_SUCCESS) {
+		DBG_ERR("gnutls_x509_crt_set_version failed - %s\n",
+			gnutls_strerror(rc));
+		gnutls_x509_crt_deinit(issuer_cert);
+		return WERR_INVALID_PARAMETER;
+	}
+
+	rc = gnutls_x509_crt_set_subject_unique_id(issuer_cert,
+						   unique_id.data,
+						   unique_id.size);
+	if (rc != GNUTLS_E_SUCCESS) {
+		DBG_ERR("gnutls_x509_crt_set_subject_key_id failed - %s\n",
+			gnutls_strerror(rc));
+		gnutls_x509_crt_deinit(issuer_cert);
+		return WERR_INVALID_PARAMETER;
+	}
+
+	rc = gnutls_x509_crt_set_issuer_unique_id(issuer_cert,
+						  unique_id.data,
+						  unique_id.size);
+	if (rc != GNUTLS_E_SUCCESS) {
+		DBG_ERR("gnutls_x509_crt_set_issuer_unique_id failed - %s\n",
+			gnutls_strerror(rc));
+		gnutls_x509_crt_deinit(issuer_cert);
+		return WERR_INVALID_PARAMETER;
+	}
+
+	rc = gnutls_x509_crt_set_serial(issuer_cert,
+					serial_number.data,
+					serial_number.size);
+	if (rc != GNUTLS_E_SUCCESS) {
+		DBG_ERR("gnutls_x509_crt_set_serial failed - %s\n",
+			gnutls_strerror(rc));
+		gnutls_x509_crt_deinit(issuer_cert);
+		return WERR_INVALID_PARAMETER;
+	}
+
+	rc = gnutls_x509_crt_privkey_sign(issuer_cert,
+					  issuer_cert,
+					  issuer_privkey,
+					  GNUTLS_DIG_SHA1,
+					  0);
+	if (rc != GNUTLS_E_SUCCESS) {
+		DBG_ERR("gnutls_x509_crt_privkey_sign failed - %s\n",
+			gnutls_strerror(rc));
+		return WERR_INVALID_PARAMETER;
+	}
+
+	*certificate = issuer_cert;
+
+	return WERR_OK;
+}
+
+/* Return an error when we fail to generate a certificate */
+static WERROR generate_bkrp_cert(TALLOC_CTX *mem_ctx,
+				 struct dcesrv_call_state *dce_call,
+				 struct ldb_context *ldb_ctx,
+				 const char *dn)
+{
+	WERROR werr;
+	gnutls_privkey_t issuer_privkey = NULL;
+	gnutls_x509_crt_t cert = NULL;
+	gnutls_datum_t cert_blob;
+	gnutls_datum_t m, e, d, p, q, u, e1, e2;
+	DATA_BLOB blob;
+	DATA_BLOB blobkeypair;
+	DATA_BLOB *tmp;
+	bool ok = true;
+	struct GUID guid = GUID_random();
+	NTSTATUS status;
+	char *secret_name;
+	struct bkrp_exported_RSA_key_pair keypair;
+	enum ndr_err_code ndr_err;
+	time_t nb_seconds_validity = 3600 * 24 * 365;
+	int rc;
+
+	DEBUG(6, ("Trying to generate a certificate\n"));
+	werr = create_privkey_rsa(&issuer_privkey);
+	if (!W_ERROR_IS_OK(werr)) {
+		return werr;
+	}
+
+	status = GUID_to_ndr_blob(&guid, mem_ctx, &blob);
+	if (!NT_STATUS_IS_OK(status)) {
+		gnutls_privkey_deinit(issuer_privkey);
+		return WERR_INVALID_DATA;
+	}
+
+	werr = self_sign_cert(mem_ctx,
+			      nb_seconds_validity,
+			      dn,
+			      issuer_privkey,
+			      &cert,
+			      &blob);
+	if (!W_ERROR_IS_OK(werr)) {
+		gnutls_privkey_deinit(issuer_privkey);
+		return WERR_INVALID_DATA;
+	}
+
+	rc = gnutls_x509_crt_export2(cert, GNUTLS_X509_FMT_DER, &cert_blob);
+	if (rc != GNUTLS_E_SUCCESS) {
+		DBG_ERR("gnutls_x509_crt_export2 failed - %s\n",
+			gnutls_strerror(rc));
+		gnutls_privkey_deinit(issuer_privkey);
+		gnutls_x509_crt_deinit(cert);
+		return WERR_INVALID_DATA;
+	}
+
+	keypair.cert.length = cert_blob.size;
+	keypair.cert.data = talloc_memdup(mem_ctx, cert_blob.data, cert_blob.size);
+	gnutls_x509_crt_deinit(cert);
+	gnutls_free(cert_blob.data);
+	if (keypair.cert.data == NULL) {
+		gnutls_privkey_deinit(issuer_privkey);
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	rc = gnutls_privkey_export_rsa_raw(issuer_privkey,
+					   &m,
+					   &e,
+					   &d,
+					   &p,
+					   &q,
+					   &u,
+					   &e1,
+					   &e2);
+	if (rc != GNUTLS_E_SUCCESS) {
+		gnutls_privkey_deinit(issuer_privkey);
+		return WERR_INVALID_DATA;
+	}
+
+	/*
+	 * Heimdal's bignum are big endian and the
+	 * structure expect it to be in little endian
+	 * so we reverse the buffer to make it work
+	 */
+	tmp = reverse_and_get_blob(mem_ctx, &e);
+	if (tmp == NULL) {
+		ok = false;
+	} else {
+		SMB_ASSERT(tmp->length <= 4);
+		keypair.public_exponent = *tmp;
+	}
+
+	tmp = reverse_and_get_blob(mem_ctx, &d);
+	if (tmp == NULL) {
+		ok = false;
+	} else {
+		keypair.private_exponent = *tmp;
+	}
+
+	tmp = reverse_and_get_blob(mem_ctx, &m);
+	if (tmp == NULL) {
+		ok = false;
+	} else {
+		keypair.modulus = *tmp;
+	}
+
+	tmp = reverse_and_get_blob(mem_ctx, &p);
+	if (tmp == NULL) {
+		ok = false;
+	} else {
+		keypair.prime1 = *tmp;
+	}
+
+	tmp = reverse_and_get_blob(mem_ctx, &q);
+	if (tmp == NULL) {
+		ok = false;
+	} else {
+		keypair.prime2 = *tmp;
+	}
+
+	tmp = reverse_and_get_blob(mem_ctx, &e1);
+	if (tmp == NULL) {
+		ok = false;
+	} else {
+		keypair.exponent1 = *tmp;
+	}
+
+	tmp = reverse_and_get_blob(mem_ctx, &e2);
+	if (tmp == NULL) {
+		ok = false;
+	} else {
+		keypair.exponent2 = *tmp;
+	}
+
+	tmp = reverse_and_get_blob(mem_ctx, &u);
+	if (tmp == NULL) {
+		ok = false;
+	} else {
+		keypair.coefficient = *tmp;
+	}
+
+	/* One of the keypair allocation was wrong */
+	if (ok == false) {
+		gnutls_privkey_deinit(issuer_privkey);
+		return WERR_INVALID_DATA;
+	}
+
+	keypair.certificate_len = keypair.cert.length;
+	ndr_err = ndr_push_struct_blob(&blobkeypair,
+				       mem_ctx,
+				       &keypair,
+				       (ndr_push_flags_fn_t)ndr_push_bkrp_exported_RSA_key_pair);
+	gnutls_privkey_deinit(issuer_privkey);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return WERR_INVALID_DATA;
+	}
+
+	secret_name = talloc_asprintf(mem_ctx, "BCKUPKEY_%s", GUID_string(mem_ctx, &guid));
+	if (secret_name == NULL) {
+		return WERR_OUTOFMEMORY;
+	}
+
+	status = set_lsa_secret(mem_ctx, ldb_ctx, secret_name, &blobkeypair);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(2, ("Failed to save the secret %s\n", secret_name));
+	}
+	talloc_free(secret_name);
+
+	GUID_to_ndr_blob(&guid, mem_ctx, &blob);
+	status = set_lsa_secret(mem_ctx, ldb_ctx, "BCKUPKEY_PREFERRED", &blob);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(2, ("Failed to save the secret BCKUPKEY_PREFERRED\n"));
+	}
+
+	return WERR_OK;
+}
+
+static WERROR bkrp_retrieve_client_wrap_key(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+					    struct bkrp_BackupKey *r, struct ldb_context *ldb_ctx)
+{
+	struct GUID guid;
+	char *guid_string;
+	DATA_BLOB lsa_secret;
+	enum ndr_err_code ndr_err;
+	NTSTATUS status;
+
+	/*
+	 * here we basically need to return our certificate
+	 * search for lsa secret BCKUPKEY_PREFERRED first
+	 */
+
+	status = get_lsa_secret(mem_ctx,
+				ldb_ctx,
+				"BCKUPKEY_PREFERRED",
+				&lsa_secret);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_RESOURCE_NAME_NOT_FOUND)) {
+		/* Ok we can be in this case if there was no certs */
+		struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
+		char *dn = talloc_asprintf(mem_ctx, "CN=%s",
+					   lpcfg_realm(lp_ctx));
+
+		WERROR werr =  generate_bkrp_cert(mem_ctx, dce_call, ldb_ctx, dn);
+		if (!W_ERROR_IS_OK(werr)) {
+			return WERR_INVALID_PARAMETER;
+		}
+		status = get_lsa_secret(mem_ctx,
+					ldb_ctx,
+					"BCKUPKEY_PREFERRED",
+					&lsa_secret);
+
+		if (!NT_STATUS_IS_OK(status)) {
+			/* Ok we really don't manage to get this certs ...*/
+			DEBUG(2, ("Unable to locate BCKUPKEY_PREFERRED after cert generation\n"));
+			return WERR_FILE_NOT_FOUND;
+		}
+	} else if (!NT_STATUS_IS_OK(status)) {
+		return WERR_INTERNAL_ERROR;
+	}
+
+	if (lsa_secret.length == 0) {
+		DEBUG(1, ("No secret in BCKUPKEY_PREFERRED, are we an undetected RODC?\n"));
+		return WERR_INTERNAL_ERROR;
+	} else {
+		char *cert_secret_name;
+
+		status = GUID_from_ndr_blob(&lsa_secret, &guid);
+		if (!NT_STATUS_IS_OK(status)) {
+			return WERR_FILE_NOT_FOUND;
+		}
+
+		guid_string = GUID_string(mem_ctx, &guid);
+		if (guid_string == NULL) {
+			/* We return file not found because the client
+			 * expect this error
+			 */
+			return WERR_FILE_NOT_FOUND;
+		}
+
+		cert_secret_name = talloc_asprintf(mem_ctx,
+							"BCKUPKEY_%s",
+							guid_string);
+		status = get_lsa_secret(mem_ctx,
+					ldb_ctx,
+					cert_secret_name,
+					&lsa_secret);
+		if (!NT_STATUS_IS_OK(status)) {
+			return WERR_FILE_NOT_FOUND;
+		}
+
+		if (lsa_secret.length != 0) {
+			struct bkrp_exported_RSA_key_pair keypair;
+			ndr_err = ndr_pull_struct_blob(&lsa_secret, mem_ctx, &keypair,
+					(ndr_pull_flags_fn_t)ndr_pull_bkrp_exported_RSA_key_pair);
+			if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+				return WERR_FILE_NOT_FOUND;
+			}
+			*(r->out.data_out_len) = keypair.cert.length;
+			*(r->out.data_out) = talloc_memdup(mem_ctx, keypair.cert.data, keypair.cert.length);
+			W_ERROR_HAVE_NO_MEMORY(*(r->out.data_out));
+			return WERR_OK;
+		} else {
+			DEBUG(1, ("No or broken secret called %s\n", cert_secret_name));
+			return WERR_INTERNAL_ERROR;
+		}
+	}
+
+	return WERR_NOT_SUPPORTED;
+}
+
+static WERROR generate_bkrp_server_wrap_key(TALLOC_CTX *ctx, struct ldb_context *ldb_ctx)
+{
+	struct GUID guid = GUID_random();
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob_wrap_key, guid_blob;
+	struct bkrp_dc_serverwrap_key wrap_key;
+	NTSTATUS status;
+	char *secret_name;
+	TALLOC_CTX *frame = talloc_stackframe();
+
+	generate_random_buffer(wrap_key.key, sizeof(wrap_key.key));
+
+	ndr_err = ndr_push_struct_blob(&blob_wrap_key, ctx, &wrap_key, (ndr_push_flags_fn_t)ndr_push_bkrp_dc_serverwrap_key);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		TALLOC_FREE(frame);
+		return WERR_INVALID_DATA;
+	}
+
+	secret_name = talloc_asprintf(frame, "BCKUPKEY_%s", GUID_string(ctx, &guid));
+	if (secret_name == NULL) {
+		TALLOC_FREE(frame);
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	status = set_lsa_secret(frame, ldb_ctx, secret_name, &blob_wrap_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(2, ("Failed to save the secret %s\n", secret_name));
+		TALLOC_FREE(frame);
+		return WERR_INTERNAL_ERROR;
+	}
+
+	status = GUID_to_ndr_blob(&guid, frame, &guid_blob);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(2, ("Failed to save the secret %s\n", secret_name));
+		TALLOC_FREE(frame);
+	}
+
+	status = set_lsa_secret(frame, ldb_ctx, "BCKUPKEY_P", &guid_blob);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(2, ("Failed to save the secret %s\n", secret_name));
+		TALLOC_FREE(frame);
+		return WERR_INTERNAL_ERROR;
+	}
+
+	TALLOC_FREE(frame);
+
+	return WERR_OK;
+}
+
+/*
+ * Find the specified decryption keys from the LSA secrets store as
+ * G$BCKUPKEY_keyGuidString.
+ */
+
+static WERROR bkrp_do_retrieve_server_wrap_key(TALLOC_CTX *mem_ctx, struct ldb_context *ldb_ctx,
+					       struct bkrp_dc_serverwrap_key *server_key,
+					       struct GUID *guid)
+{
+	NTSTATUS status;
+	DATA_BLOB lsa_secret;
+	char *secret_name;
+	char *guid_string;
+	enum ndr_err_code ndr_err;
+
+	guid_string = GUID_string(mem_ctx, guid);
+	if (guid_string == NULL) {
+		/* We return file not found because the client
+		 * expect this error
+		 */
+		return WERR_FILE_NOT_FOUND;
+	}
+
+	secret_name = talloc_asprintf(mem_ctx, "BCKUPKEY_%s", guid_string);
+	if (secret_name == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	status = get_lsa_secret(mem_ctx, ldb_ctx, secret_name, &lsa_secret);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(10, ("Error while fetching secret %s\n", secret_name));
+		return WERR_INVALID_DATA;
+	}
+	if (lsa_secret.length == 0) {
+		/* RODC case, we do not have secrets locally */
+		DEBUG(1, ("Unable to fetch value for secret %s, are we an undetected RODC?\n",
+			  secret_name));
+		return WERR_INTERNAL_ERROR;
+	}
+	ndr_err = ndr_pull_struct_blob(&lsa_secret, mem_ctx, server_key,
+				       (ndr_pull_flags_fn_t)ndr_pull_bkrp_dc_serverwrap_key);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		DEBUG(2, ("Unable to parse the ndr encoded server wrap key %s\n", secret_name));
+		return WERR_INVALID_DATA;
+	}
+
+	return WERR_OK;
+}
+
+/*
+ * Find the current, preferred ServerWrap Key by looking at
+ * G$BCKUPKEY_P in the LSA secrets store.
+ *
+ * Then find the current decryption keys from the LSA secrets store as
+ * G$BCKUPKEY_keyGuidString.
+ */
+
+static WERROR bkrp_do_retrieve_default_server_wrap_key(TALLOC_CTX *mem_ctx,
+						       struct ldb_context *ldb_ctx,
+						       struct bkrp_dc_serverwrap_key *server_key,
+						       struct GUID *returned_guid)
+{
+	NTSTATUS status;
+	DATA_BLOB guid_binary;
+
+	status = get_lsa_secret(mem_ctx, ldb_ctx, "BCKUPKEY_P", &guid_binary);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(10, ("Error while fetching secret BCKUPKEY_P to find current GUID\n"));
+		return WERR_FILE_NOT_FOUND;
+	} else if (guid_binary.length == 0) {
+		/* RODC case, we do not have secrets locally */
+		DEBUG(1, ("Unable to fetch value for secret BCKUPKEY_P, are we an undetected RODC?\n"));
+		return WERR_INTERNAL_ERROR;
+	}
+
+	status = GUID_from_ndr_blob(&guid_binary, returned_guid);
+	if (!NT_STATUS_IS_OK(status)) {
+		return WERR_FILE_NOT_FOUND;
+	}
+
+	return bkrp_do_retrieve_server_wrap_key(mem_ctx, ldb_ctx,
+						server_key, returned_guid);
+}
+
+static WERROR bkrp_server_wrap_decrypt_data(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+					    struct bkrp_BackupKey *r ,struct ldb_context *ldb_ctx)
+{
+	struct auth_session_info *session_info =
+		dcesrv_call_session_info(dce_call);
+	WERROR werr;
+	struct bkrp_server_side_wrapped decrypt_request;
+	DATA_BLOB sid_blob, encrypted_blob;
+	DATA_BLOB blob;
+	enum ndr_err_code ndr_err;
+	struct bkrp_dc_serverwrap_key server_key;
+	struct bkrp_rc4encryptedpayload rc4payload;
+	struct dom_sid *caller_sid;
+	uint8_t symkey[20]; /* SHA-1 hash len */
+	uint8_t mackey[20]; /* SHA-1 hash len */
+	uint8_t mac[20]; /* SHA-1 hash len */
+	gnutls_hmac_hd_t hmac_hnd;
+	gnutls_cipher_hd_t cipher_hnd;
+	gnutls_datum_t cipher_key;
+	int rc;
+
+	blob.data = r->in.data_in;
+	blob.length = r->in.data_in_len;
+
+	if (r->in.data_in_len == 0 || r->in.data_in == NULL) {
+		return WERR_INVALID_PARAMETER;
+	}
+
+	ndr_err = ndr_pull_struct_blob_all(&blob, mem_ctx, &decrypt_request,
+					   (ndr_pull_flags_fn_t)ndr_pull_bkrp_server_side_wrapped);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return WERR_INVALID_PARAMETER;
+	}
+
+	if (decrypt_request.magic != BACKUPKEY_SERVER_WRAP_VERSION) {
+		return WERR_INVALID_PARAMETER;
+	}
+
+	werr = bkrp_do_retrieve_server_wrap_key(mem_ctx, ldb_ctx, &server_key,
+						&decrypt_request.guid);
+	if (!W_ERROR_IS_OK(werr)) {
+		return werr;
+	}
+
+	dump_data_pw("server_key: \n", server_key.key, sizeof(server_key.key));
+
+	dump_data_pw("r2: \n", decrypt_request.r2, sizeof(decrypt_request.r2));
+
+	/*
+	 * This is *not* the leading 64 bytes, as indicated in MS-BKRP 3.1.4.1.1
+	 * BACKUPKEY_BACKUP_GUID, it really is the whole key
+	 */
+
+	rc = gnutls_hmac_init(&hmac_hnd,
+			      GNUTLS_MAC_SHA1,
+			      server_key.key,
+			      sizeof(server_key.key));
+	if (rc != GNUTLS_E_SUCCESS) {
+		return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
+	}
+
+	rc = gnutls_hmac(hmac_hnd,
+		    decrypt_request.r2,
+		    sizeof(decrypt_request.r2));
+
+	if (rc != GNUTLS_E_SUCCESS) {
+		return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
+	}
+
+	gnutls_hmac_output(hmac_hnd, symkey);
+	dump_data_pw("symkey: \n", symkey, sizeof(symkey));
+
+	/* rc4 decrypt sid and secret using sym key */
+	cipher_key.data = symkey;
+	cipher_key.size = sizeof(symkey);
+
+	encrypted_blob = data_blob_const(decrypt_request.rc4encryptedpayload,
+					 decrypt_request.ciphertext_length);
+
+	rc = gnutls_cipher_init(&cipher_hnd,
+				GNUTLS_CIPHER_ARCFOUR_128,
+				&cipher_key,
+				NULL);
+	if (rc != GNUTLS_E_SUCCESS) {
+		return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
+	}
+	rc = gnutls_cipher_encrypt2(cipher_hnd,
+				    encrypted_blob.data,
+				    encrypted_blob.length,
+				    encrypted_blob.data,
+				    encrypted_blob.length);
+	gnutls_cipher_deinit(cipher_hnd);
+	if (rc != GNUTLS_E_SUCCESS) {
+		return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
+	}
+
+	ndr_err = ndr_pull_struct_blob_all(&encrypted_blob, mem_ctx, &rc4payload,
+					   (ndr_pull_flags_fn_t)ndr_pull_bkrp_rc4encryptedpayload);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return WERR_INVALID_PARAMETER;
+	}
+
+	if (decrypt_request.payload_length != rc4payload.secret_data.length) {
+		return WERR_INVALID_PARAMETER;
+	}
+
+	dump_data_pw("r3: \n", rc4payload.r3, sizeof(rc4payload.r3));
+
+	/*
+	 * This is *not* the leading 64 bytes, as indicated in MS-BKRP 3.1.4.1.1
+	 * BACKUPKEY_BACKUP_GUID, it really is the whole key
+	 */
+	rc = gnutls_hmac(hmac_hnd,
+			 rc4payload.r3,
+			 sizeof(rc4payload.r3));
+	if (rc != GNUTLS_E_SUCCESS) {
+		return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
+	}
+
+	gnutls_hmac_deinit(hmac_hnd, mackey);
+
+	dump_data_pw("mackey: \n", mackey, sizeof(mackey));
+
+	ndr_err = ndr_push_struct_blob(&sid_blob, mem_ctx, &rc4payload.sid,
+				       (ndr_push_flags_fn_t)ndr_push_dom_sid);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return WERR_INTERNAL_ERROR;
+	}
+
+	rc = gnutls_hmac_init(&hmac_hnd,
+			      GNUTLS_MAC_SHA1,
+			      mackey,
+			      sizeof(mackey));
+	if (rc != GNUTLS_E_SUCCESS) {
+		return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
+	}
+
+	/* SID field */
+	rc = gnutls_hmac(hmac_hnd,
+			 sid_blob.data,
+			 sid_blob.length);
+	if (rc != GNUTLS_E_SUCCESS) {
+		return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
+	}
+
+	/* Secret field */
+	rc = gnutls_hmac(hmac_hnd,
+			 rc4payload.secret_data.data,
+			 rc4payload.secret_data.length);
+	if (rc != GNUTLS_E_SUCCESS) {
+		return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
+	}
+
+	gnutls_hmac_deinit(hmac_hnd, mac);
+	dump_data_pw("mac: \n", mac, sizeof(mac));
+	dump_data_pw("rc4payload.mac: \n", rc4payload.mac, sizeof(rc4payload.mac));
+
+	if (!mem_equal_const_time(mac, rc4payload.mac, sizeof(mac))) {
+		return WERR_INVALID_ACCESS;
+	}
+
+	caller_sid = &session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
+
+	if (!dom_sid_equal(&rc4payload.sid, caller_sid)) {
+		return WERR_INVALID_ACCESS;
+	}
+
+	*(r->out.data_out) = rc4payload.secret_data.data;
+	*(r->out.data_out_len) = rc4payload.secret_data.length;
+
+	return WERR_OK;
+}
+
+/*
+ * For BACKUPKEY_RESTORE_GUID we need to check the first 4 bytes to
+ * determine what type of restore is wanted.
+ *
+ * See MS-BKRP 3.1.4.1.4 BACKUPKEY_RESTORE_GUID point 1.
+ */
+
+static WERROR bkrp_generic_decrypt_data(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+					struct bkrp_BackupKey *r, struct ldb_context *ldb_ctx)
+{
+	if (r->in.data_in_len < 4 || r->in.data_in == NULL) {
+		return WERR_INVALID_PARAMETER;
+	}
+
+	if (IVAL(r->in.data_in, 0) == BACKUPKEY_SERVER_WRAP_VERSION) {
+		return bkrp_server_wrap_decrypt_data(dce_call, mem_ctx, r, ldb_ctx);
+	}
+
+	return bkrp_client_wrap_decrypt_data(dce_call, mem_ctx, r, ldb_ctx);
+}
+
+/*
+ * We have some data, such as saved website or IMAP passwords that the
+ * client would like to put into the profile on-disk.  This needs to
+ * be encrypted.  This version gives the server the data over the
+ * network (protected only by the negotiated transport encryption),
+ * and asks that it be encrypted and returned for long-term storage.
+ *
+ * The data is NOT stored in the LSA, but a key to encrypt the data
+ * will be stored.  There is only one active encryption key per domain,
+ * it is pointed at with G$BCKUPKEY_P in the LSA secrets store.
+ *
+ * The potentially multiple valid decryption keys (and the encryption
+ * key) are in turn stored in the LSA secrets store as
+ * G$BCKUPKEY_keyGuidString.
+ *
+ */
+
+static WERROR bkrp_server_wrap_encrypt_data(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+					    struct bkrp_BackupKey *r ,struct ldb_context *ldb_ctx)
+{
+	struct auth_session_info *session_info =
+		dcesrv_call_session_info(dce_call);
+	DATA_BLOB sid_blob, encrypted_blob, server_wrapped_blob;
+	WERROR werr;
+	struct dom_sid *caller_sid;
+	uint8_t symkey[20]; /* SHA-1 hash len */
+	uint8_t mackey[20]; /* SHA-1 hash len */
+	struct bkrp_rc4encryptedpayload rc4payload;
+	gnutls_hmac_hd_t hmac_hnd;
+	struct bkrp_dc_serverwrap_key server_key;
+	enum ndr_err_code ndr_err;
+	struct bkrp_server_side_wrapped server_side_wrapped;
+	struct GUID guid;
+	gnutls_cipher_hd_t cipher_hnd;
+	gnutls_datum_t cipher_key;
+	int rc;
+
+	if (r->in.data_in_len == 0 || r->in.data_in == NULL) {
+		return WERR_INVALID_PARAMETER;
+	}
+
+	werr = bkrp_do_retrieve_default_server_wrap_key(mem_ctx,
+							ldb_ctx, &server_key,
+							&guid);
+
+	if (!W_ERROR_IS_OK(werr)) {
+		if (W_ERROR_EQUAL(werr, WERR_FILE_NOT_FOUND)) {
+			/* Generate the server wrap key since one wasn't found */
+			werr =  generate_bkrp_server_wrap_key(mem_ctx,
+							      ldb_ctx);
+			if (!W_ERROR_IS_OK(werr)) {
+				return WERR_INVALID_PARAMETER;
+			}
+			werr = bkrp_do_retrieve_default_server_wrap_key(mem_ctx,
+									ldb_ctx,
+									&server_key,
+									&guid);
+
+			if (W_ERROR_EQUAL(werr, WERR_FILE_NOT_FOUND)) {
+				/* Ok we really don't manage to get this secret ...*/
+				return WERR_FILE_NOT_FOUND;
+			}
+		} else {
+			/* In theory we should NEVER reach this point as it
+			   should only appear in a rodc server */
+			/* we do not have the real secret attribute */
+			return WERR_INVALID_PARAMETER;
+		}
+	}
+
+	caller_sid = &session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
+
+	dump_data_pw("server_key: \n", server_key.key, sizeof(server_key.key));
+
+	/*
+	 * This is the key derivation step, so that the HMAC and RC4
+	 * operations over the user-supplied data are not able to
+	 * disclose the master key.  By using random data, the symkey
+	 * and mackey values are unique for this operation, and
+	 * discovering these (by reversing the RC4 over the
+	 * attacker-controlled data) does not return something able to
+	 * be used to decrypt the encrypted data of other users
+	 */
+	generate_random_buffer(server_side_wrapped.r2, sizeof(server_side_wrapped.r2));
+
+	dump_data_pw("r2: \n", server_side_wrapped.r2, sizeof(server_side_wrapped.r2));
+
+	generate_random_buffer(rc4payload.r3, sizeof(rc4payload.r3));
+
+	dump_data_pw("r3: \n", rc4payload.r3, sizeof(rc4payload.r3));
+
+
+	/*
+	 * This is *not* the leading 64 bytes, as indicated in MS-BKRP 3.1.4.1.1
+	 * BACKUPKEY_BACKUP_GUID, it really is the whole key
+	 */
+	rc = gnutls_hmac_init(&hmac_hnd,
+			      GNUTLS_MAC_SHA1,
+			      server_key.key,
+			      sizeof(server_key.key));
+	if (rc != GNUTLS_E_SUCCESS) {
+		return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
+	}
+
+	rc = gnutls_hmac(hmac_hnd,
+			 server_side_wrapped.r2,
+			 sizeof(server_side_wrapped.r2));
+	if (rc != GNUTLS_E_SUCCESS) {
+		return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
+	}
+	gnutls_hmac_output(hmac_hnd, symkey);
+	dump_data_pw("symkey: \n", symkey, sizeof(symkey));
+
+	/*
+	 * This is *not* the leading 64 bytes, as indicated in MS-BKRP 3.1.4.1.1
+	 * BACKUPKEY_BACKUP_GUID, it really is the whole key
+	 */
+	rc = gnutls_hmac(hmac_hnd,
+			 rc4payload.r3,
+			 sizeof(rc4payload.r3));
+	if (rc != GNUTLS_E_SUCCESS) {
+		return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
+	}
+	gnutls_hmac_deinit(hmac_hnd, mackey);
+	dump_data_pw("mackey: \n", mackey, sizeof(mackey));
+
+	ndr_err = ndr_push_struct_blob(&sid_blob, mem_ctx, caller_sid,
+				       (ndr_push_flags_fn_t)ndr_push_dom_sid);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return WERR_INTERNAL_ERROR;
+	}
+
+	rc4payload.secret_data.data = r->in.data_in;
+	rc4payload.secret_data.length = r->in.data_in_len;
+
+	rc = gnutls_hmac_init(&hmac_hnd,
+			      GNUTLS_MAC_SHA1,
+			      mackey,
+			      sizeof(mackey));
+	if (rc != GNUTLS_E_SUCCESS) {
+		return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
+	}
+
+	/* SID field */
+	rc = gnutls_hmac(hmac_hnd,
+			 sid_blob.data,
+			 sid_blob.length);
+	if (rc != GNUTLS_E_SUCCESS) {
+		return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
+	}
+
+	/* Secret field */
+	rc = gnutls_hmac(hmac_hnd,
+			 rc4payload.secret_data.data,
+			 rc4payload.secret_data.length);
+	if (rc != GNUTLS_E_SUCCESS) {
+		return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
+	}
+
+	gnutls_hmac_deinit(hmac_hnd, rc4payload.mac);
+	dump_data_pw("rc4payload.mac: \n", rc4payload.mac, sizeof(rc4payload.mac));
+
+	rc4payload.sid = *caller_sid;
+
+	ndr_err = ndr_push_struct_blob(&encrypted_blob, mem_ctx, &rc4payload,
+				       (ndr_push_flags_fn_t)ndr_push_bkrp_rc4encryptedpayload);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return WERR_INTERNAL_ERROR;
+	}
+
+	/* rc4 encrypt sid and secret using sym key */
+	cipher_key.data = symkey;
+	cipher_key.size = sizeof(symkey);
+
+	rc = gnutls_cipher_init(&cipher_hnd,
+				GNUTLS_CIPHER_ARCFOUR_128,
+				&cipher_key,
+				NULL);
+	if (rc != GNUTLS_E_SUCCESS) {
+		return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
+	}
+	rc = gnutls_cipher_encrypt2(cipher_hnd,
+				    encrypted_blob.data,
+				    encrypted_blob.length,
+				    encrypted_blob.data,
+				    encrypted_blob.length);
+	gnutls_cipher_deinit(cipher_hnd);
+	if (rc != GNUTLS_E_SUCCESS) {
+		return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
+	}
+
+	/* create server wrap structure */
+
+	server_side_wrapped.payload_length = rc4payload.secret_data.length;
+	server_side_wrapped.ciphertext_length = encrypted_blob.length;
+	server_side_wrapped.guid = guid;
+	server_side_wrapped.rc4encryptedpayload = encrypted_blob.data;
+
+	ndr_err = ndr_push_struct_blob(&server_wrapped_blob, mem_ctx, &server_side_wrapped,
+				       (ndr_push_flags_fn_t)ndr_push_bkrp_server_side_wrapped);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return WERR_INTERNAL_ERROR;
+	}
+
+	*(r->out.data_out) = server_wrapped_blob.data;
+	*(r->out.data_out_len) = server_wrapped_blob.length;
+
+	return WERR_OK;
+}
+
+static WERROR dcesrv_bkrp_BackupKey(struct dcesrv_call_state *dce_call,
+				    TALLOC_CTX *mem_ctx, struct bkrp_BackupKey *r)
+{
+	WERROR error = WERR_INVALID_PARAMETER;
+	struct ldb_context *ldb_ctx;
+	bool is_rodc;
+	const char *addr = "unknown";
+	/* At which level we start to add more debug of what is done in the protocol */
+	const int debuglevel = 4;
+
+	if (DEBUGLVL(debuglevel)) {
+		const struct tsocket_address *remote_address;
+		remote_address = dcesrv_connection_get_remote_address(dce_call->conn);
+		if (tsocket_address_is_inet(remote_address, "ip")) {
+			addr = tsocket_address_inet_addr_string(remote_address, mem_ctx);
+			W_ERROR_HAVE_NO_MEMORY(addr);
+		}
+	}
+
+	if (lpcfg_server_role(dce_call->conn->dce_ctx->lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC) {
+		return WERR_NOT_SUPPORTED;
+	}
+
+	/*
+	 * Save the current remote session details so they can used by the
+	 * audit logging module. This allows the audit logging to report the
+	 * remote users details, rather than the system users details.
+	 */
+	ldb_ctx = dcesrv_samdb_connect_as_system(mem_ctx, dce_call);
+
+	if (samdb_rodc(ldb_ctx, &is_rodc) != LDB_SUCCESS) {
+		talloc_unlink(mem_ctx, ldb_ctx);
+		return WERR_INVALID_PARAMETER;
+	}
+
+	if (!is_rodc) {
+		if(strncasecmp(GUID_string(mem_ctx, r->in.guidActionAgent),
+			BACKUPKEY_RESTORE_GUID, strlen(BACKUPKEY_RESTORE_GUID)) == 0) {
+			DEBUG(debuglevel, ("Client %s requested to decrypt a wrapped secret\n", addr));
+			error = bkrp_generic_decrypt_data(dce_call, mem_ctx, r, ldb_ctx);
+		}
+
+		if (strncasecmp(GUID_string(mem_ctx, r->in.guidActionAgent),
+			BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, strlen(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID)) == 0) {
+			DEBUG(debuglevel, ("Client %s requested certificate for client wrapped secret\n", addr));
+			error = bkrp_retrieve_client_wrap_key(dce_call, mem_ctx, r, ldb_ctx);
+		}
+
+		if (strncasecmp(GUID_string(mem_ctx, r->in.guidActionAgent),
+			BACKUPKEY_RESTORE_GUID_WIN2K, strlen(BACKUPKEY_RESTORE_GUID_WIN2K)) == 0) {
+			DEBUG(debuglevel, ("Client %s requested to decrypt a server side wrapped secret\n", addr));
+			error = bkrp_server_wrap_decrypt_data(dce_call, mem_ctx, r, ldb_ctx);
+		}
+
+		if (strncasecmp(GUID_string(mem_ctx, r->in.guidActionAgent),
+			BACKUPKEY_BACKUP_GUID, strlen(BACKUPKEY_BACKUP_GUID)) == 0) {
+			DEBUG(debuglevel, ("Client %s requested a server wrapped secret\n", addr));
+			error = bkrp_server_wrap_encrypt_data(dce_call, mem_ctx, r, ldb_ctx);
+		}
+	}
+	/*else: I am a RODC so I don't handle backup key protocol */
+
+	talloc_unlink(mem_ctx, ldb_ctx);
+	return error;
+}
+
+/* include the generated boilerplate */
+#include "librpc/gen_ndr/ndr_backupkey_s.c"
diff --git a/source4/rpc_server/browser/dcesrv_browser.c b/source4/rpc_server/browser/dcesrv_browser.c
new file mode 100644
index 0000000..797eb86
--- /dev/null
+++ b/source4/rpc_server/browser/dcesrv_browser.c
@@ -0,0 +1,169 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   endpoint server for the browser pipe
+
+   Copyright (C) Stefan Metzmacher 2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "rpc_server/dcerpc_server.h"
+#include "librpc/gen_ndr/ndr_browser.h"
+
+
+/*
+  BrowserrServerEnum
+*/
+static void dcesrv_BrowserrServerEnum(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct BrowserrServerEnum *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  BrowserrDebugCall
+*/
+static void dcesrv_BrowserrDebugCall(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct BrowserrDebugCall *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  BrowserrQueryOtherDomains
+*/
+static WERROR dcesrv_BrowserrQueryOtherDomains(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct BrowserrQueryOtherDomains *r)
+{
+	struct BrowserrSrvInfo100Ctr *ctr100;
+
+	switch (r->in.info->level) {
+	case 100:
+		if (!r->in.info->info.info100) {
+			return WERR_INVALID_PARAMETER;
+		}
+
+		ctr100 = talloc(mem_ctx, struct BrowserrSrvInfo100Ctr);
+		W_ERROR_HAVE_NO_MEMORY(ctr100);
+
+		ctr100->entries_read = 0;
+		ctr100->entries = talloc_zero_array(ctr100, struct srvsvc_NetSrvInfo100,
+						    ctr100->entries_read);
+		W_ERROR_HAVE_NO_MEMORY(ctr100->entries);
+
+		r->out.info->info.info100 = ctr100;
+		*r->out.total_entries = ctr100->entries_read;
+		return WERR_OK;
+	default:
+		return WERR_INVALID_LEVEL;
+	}
+}
+
+
+/*
+  BrowserrResetNetlogonState
+*/
+static void dcesrv_BrowserrResetNetlogonState(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct BrowserrResetNetlogonState *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  BrowserrDebugTrace
+*/
+static void dcesrv_BrowserrDebugTrace(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct BrowserrDebugTrace *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  BrowserrQueryStatistics
+*/
+static void dcesrv_BrowserrQueryStatistics(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct BrowserrQueryStatistics *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  BrowserResetStatistics
+*/
+static void dcesrv_BrowserResetStatistics(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct BrowserResetStatistics *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  NetrBrowserStatisticsClear
+*/
+static void dcesrv_NetrBrowserStatisticsClear(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct NetrBrowserStatisticsClear *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  NetrBrowserStatisticsGet
+*/
+static void dcesrv_NetrBrowserStatisticsGet(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct NetrBrowserStatisticsGet *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  BrowserrSetNetlogonState
+*/
+static void dcesrv_BrowserrSetNetlogonState(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct BrowserrSetNetlogonState *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  BrowserrQueryEmulatedDomains
+*/
+static void dcesrv_BrowserrQueryEmulatedDomains(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct BrowserrQueryEmulatedDomains *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  BrowserrServerEnumEx
+*/
+static void dcesrv_BrowserrServerEnumEx(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct BrowserrServerEnumEx *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* include the generated boilerplate */
+#include "librpc/gen_ndr/ndr_browser_s.c"
diff --git a/source4/rpc_server/common/common.h b/source4/rpc_server/common/common.h
new file mode 100644
index 0000000..b57ddf2
--- /dev/null
+++ b/source4/rpc_server/common/common.h
@@ -0,0 +1,44 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   common macros for the dcerpc server interfaces
+
+   Copyright (C) Stefan (metze) Metzmacher 2004
+   Copyright (C) Andrew Tridgell 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _DCERPC_SERVER_COMMON_H_
+#define _DCERPC_SERVER_COMMON_H_
+
+struct share_config;
+struct dcesrv_connection;
+struct dcesrv_context;
+struct dcesrv_context;
+struct dcesrv_call_state;
+struct ndr_interface_table;
+struct ncacn_packet;
+struct auth_session_info;
+
+struct dcerpc_server_info { 
+	const char *domain_name;
+	uint32_t version_major;
+	uint32_t version_minor;
+	uint32_t version_build;
+};
+
+#include "rpc_server/common/proto.h"
+
+#endif /* _DCERPC_SERVER_COMMON_H_ */
diff --git a/source4/rpc_server/common/forward.c b/source4/rpc_server/common/forward.c
new file mode 100644
index 0000000..9346eb4
--- /dev/null
+++ b/source4/rpc_server/common/forward.c
@@ -0,0 +1,130 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   forwarding of RPC calls to other tasks
+
+   Copyright (C) Andrew Tridgell 2009
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <tevent.h>
+#include "rpc_server/dcerpc_server.h"
+#include "librpc/gen_ndr/dcerpc.h"
+#include "rpc_server/common/common.h"
+#include "messaging/irpc.h"
+#include "auth/auth.h"
+
+
+struct dcesrv_forward_state {
+	const char *opname;
+	struct dcesrv_call_state *dce_call;
+};
+
+/*
+  called when the forwarded rpc request is finished
+ */
+static void dcesrv_irpc_forward_callback(struct tevent_req *subreq)
+{
+	struct dcesrv_forward_state *st =
+		tevent_req_callback_data(subreq,
+		struct dcesrv_forward_state);
+	const char *opname = st->opname;
+	NTSTATUS status;
+
+	status = dcerpc_binding_handle_call_recv(subreq);
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("IRPC callback failed for %s - %s\n",
+			 opname, nt_errstr(status)));
+		st->dce_call->fault_code = DCERPC_FAULT_CANT_PERFORM;
+	}
+	_dcesrv_async_reply(st->dce_call, __func__, opname);
+}
+
+
+
+/**
+ * Forward a RPC call using IRPC to another task
+ */
+void dcesrv_irpc_forward_rpc_call(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				  void *r, uint32_t callid,
+				  const struct ndr_interface_table *ndr_table,
+				  const char *dest_task, const char *opname,
+				  uint32_t timeout)
+{
+	struct dcesrv_forward_state *st;
+	struct dcerpc_binding_handle *binding_handle;
+	struct tevent_req *subreq;
+	struct auth_session_info *session_info =
+		dcesrv_call_session_info(dce_call);
+	struct imessaging_context *imsg_ctx =
+		dcesrv_imessaging_context(dce_call->conn);
+
+	st = talloc(mem_ctx, struct dcesrv_forward_state);
+	if (st == NULL) {
+		dce_call->fault_code = DCERPC_FAULT_CANT_PERFORM;
+		return;
+	}
+
+	st->dce_call = dce_call;
+	st->opname   = opname;
+
+	/* if the caller has said they can't support async calls
+	   then fail the call */
+	if (!(dce_call->state_flags & DCESRV_CALL_STATE_FLAG_MAY_ASYNC)) {
+		/* we're not allowed to reply async */
+		DEBUG(0,("%s: Not available synchronously\n", dest_task));
+		dce_call->fault_code = DCERPC_FAULT_CANT_PERFORM;
+		return;
+	}
+
+	binding_handle = irpc_binding_handle_by_name(st,
+						     imsg_ctx,
+						     dest_task,
+						     ndr_table);
+	if (binding_handle == NULL) {
+		DEBUG(0,("%s: Failed to forward request to %s task\n",
+			 opname, dest_task));
+		dce_call->fault_code = DCERPC_FAULT_CANT_PERFORM;
+		return;
+	}
+
+	/* reset timeout for the handle */
+	dcerpc_binding_handle_set_timeout(binding_handle, timeout);
+
+	/* add security token to the handle*/
+	irpc_binding_handle_add_security_token(binding_handle,
+					       session_info->security_token);
+
+	/* forward the call */
+	subreq = dcerpc_binding_handle_call_send(st, dce_call->event_ctx,
+						 binding_handle,
+						 NULL, ndr_table,
+						 callid,
+						 dce_call, r);
+	if (subreq == NULL) {
+		DEBUG(0,("%s: Failed to forward request to %s task\n", 
+			 opname, dest_task));
+		dce_call->fault_code = DCERPC_FAULT_CANT_PERFORM;
+		return;
+	}
+
+	/* mark the request as replied async */
+	dce_call->state_flags |= DCESRV_CALL_STATE_FLAG_ASYNC;
+
+	/* setup the callback */
+	tevent_req_set_callback(subreq, dcesrv_irpc_forward_callback, st);
+}
diff --git a/source4/rpc_server/common/loadparm.c b/source4/rpc_server/common/loadparm.c
new file mode 100644
index 0000000..174063e
--- /dev/null
+++ b/source4/rpc_server/common/loadparm.c
@@ -0,0 +1,45 @@
+/*
+   Unix SMB/CIFS implementation.
+   DCERPC server info param function
+   Moved into rpc_server/common to break dependencies to rpc_server from param
+   Copyright (C) Karl Auer 1993-1998
+
+   Largely re-written by Andrew Tridgell, September 1994
+
+   Copyright (C) Simo Sorce 2001
+   Copyright (C) Alexander Bokovoy 2002
+   Copyright (C) Stefan (metze) Metzmacher 2002
+   Copyright (C) Jim McDonough (jmcd@us.ibm.com)  2003.
+   Copyright (C) James Myers 2003 <myersjj@samba.org>
+   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/param/param.h"
+#include "rpc_server/common/common.h"
+
+_PUBLIC_ struct dcerpc_server_info *lpcfg_dcerpc_server_info(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx)
+{
+	struct dcerpc_server_info *ret = talloc_zero(mem_ctx, struct dcerpc_server_info);
+
+	ret->domain_name = talloc_reference(mem_ctx, lpcfg_workgroup(lp_ctx));
+	ret->version_major = lpcfg_parm_int(lp_ctx, NULL, "server_info", "version_major", 5);
+	ret->version_minor = lpcfg_parm_int(lp_ctx, NULL, "server_info", "version_minor", 2);
+	ret->version_build = lpcfg_parm_int(lp_ctx, NULL, "server_info", "version_build", 3790);
+
+	return ret;
+}
+
diff --git a/source4/rpc_server/common/server_info.c b/source4/rpc_server/common/server_info.c
new file mode 100644
index 0000000..ed09bc8
--- /dev/null
+++ b/source4/rpc_server/common/server_info.c
@@ -0,0 +1,319 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   common server info functions
+
+   Copyright (C) Stefan (metze) Metzmacher 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/srvsvc.h"
+#include "rpc_server/dcerpc_server.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
+#include "auth/auth.h"
+#include "param/param.h"
+#include "rpc_server/common/common.h"
+#include "libds/common/roles.h"
+#include "auth/auth_util.h"
+#include "lib/tsocket/tsocket.h"
+
+/* 
+    Here are common server info functions used by some dcerpc server interfaces
+*/
+
+/* This hardcoded value should go into a ldb database! */
+enum srvsvc_PlatformId dcesrv_common_get_platform_id(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx)
+{
+	enum srvsvc_PlatformId id;
+
+	id = lpcfg_parm_int(dce_ctx->lp_ctx, NULL, "server_info", "platform_id", PLATFORM_ID_NT);
+
+	return id;
+}
+
+const char *dcesrv_common_get_server_name(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx, const char *server_unc)
+{
+	const char *p = server_unc;
+
+	/* if there's no string return our NETBIOS name */
+	if (!p) {
+		return talloc_strdup(mem_ctx, lpcfg_netbios_name(dce_ctx->lp_ctx));
+	}
+
+	/* if there're '\\\\' in front remove them otherwise just pass the string */
+	if (p[0] == '\\' && p[1] == '\\') {
+		p += 2;
+	}
+
+	return talloc_strdup(mem_ctx, p);
+}
+
+
+/* This hardcoded value should go into a ldb database! */
+uint32_t dcesrv_common_get_server_type(TALLOC_CTX *mem_ctx, struct tevent_context *event_ctx, struct dcesrv_context *dce_ctx)
+{
+	int default_server_announce = 0;
+	default_server_announce |= SV_TYPE_WORKSTATION;
+	default_server_announce |= SV_TYPE_SERVER;
+	default_server_announce |= SV_TYPE_SERVER_UNIX;
+
+	default_server_announce |= SV_TYPE_SERVER_NT;
+	default_server_announce |= SV_TYPE_NT;
+
+	switch (lpcfg_server_role(dce_ctx->lp_ctx)) {
+		case ROLE_DOMAIN_MEMBER:
+			default_server_announce |= SV_TYPE_DOMAIN_MEMBER;
+			break;
+		case ROLE_ACTIVE_DIRECTORY_DC:
+		{
+			struct ldb_context *samctx;
+			TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+			if (!tmp_ctx) {
+				break;
+			}
+			/* open main ldb */
+			samctx = samdb_connect(
+				tmp_ctx,
+				event_ctx,
+				dce_ctx->lp_ctx,
+				anonymous_session(tmp_ctx, dce_ctx->lp_ctx),
+				NULL,
+				0);
+			if (samctx == NULL) {
+				DEBUG(2,("Unable to open samdb in determining server announce flags\n"));
+			} else {
+				/* Determine if we are the pdc */
+				bool is_pdc = samdb_is_pdc(samctx);
+				if (is_pdc) {
+					default_server_announce |= SV_TYPE_DOMAIN_CTRL;
+				} else {
+					default_server_announce |= SV_TYPE_DOMAIN_BAKCTRL;
+				}
+			}
+			/* Close it */
+			talloc_free(tmp_ctx);
+			break;
+		}
+		case ROLE_STANDALONE:
+		default:
+			break;
+	}
+	if (lpcfg_time_server(dce_ctx->lp_ctx))
+		default_server_announce |= SV_TYPE_TIME_SOURCE;
+
+	if (lpcfg_host_msdfs(dce_ctx->lp_ctx))
+		default_server_announce |= SV_TYPE_DFS_SERVER;
+
+
+#if 0
+	{ 
+		/* TODO: announce us as print server when we are a print server */
+		bool is_print_server = false;
+		if (is_print_server) {
+			default_server_announce |= SV_TYPE_PRINTQ_SERVER;
+		}
+	}
+#endif
+	return default_server_announce;
+}
+
+/* This hardcoded value should go into a ldb database! */
+const char *dcesrv_common_get_lan_root(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx)
+{
+	return talloc_strdup(mem_ctx, "");
+}
+
+/* This hardcoded value should go into a ldb database! */
+uint32_t dcesrv_common_get_users(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx)
+{
+	return -1;
+}
+
+/* This hardcoded value should go into a ldb database! */
+uint32_t dcesrv_common_get_disc(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx)
+{
+	return 15;
+}
+
+/* This hardcoded value should go into a ldb database! */
+uint32_t dcesrv_common_get_hidden(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx)
+{
+	return 0;
+}
+
+/* This hardcoded value should go into a ldb database! */
+uint32_t dcesrv_common_get_announce(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx)
+{
+	return 240;
+}
+
+/* This hardcoded value should go into a ldb database! */
+uint32_t dcesrv_common_get_anndelta(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx)
+{
+	return 3000;
+}
+
+/* This hardcoded value should go into a ldb database! */
+uint32_t dcesrv_common_get_licenses(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx)
+{
+	return 0;
+}
+
+/* This hardcoded value should go into a ldb database! */
+const char *dcesrv_common_get_userpath(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx)
+{
+	return talloc_strdup(mem_ctx, "c:\\");
+}
+
+#define INVALID_SHARE_NAME_CHARS " \"*+,./:;<=>?[\\]|"
+
+bool dcesrv_common_validate_share_name(TALLOC_CTX *mem_ctx, const char *share_name)
+{
+	if (strpbrk(share_name, INVALID_SHARE_NAME_CHARS)) {
+		return false;
+	}
+
+	return true;
+}
+
+/*
+ * call_session_info is session info for samdb. call_audit_session_info is for
+ * auditing and may be NULL.
+ */
+struct ldb_context *dcesrv_samdb_connect_session_info(
+	TALLOC_CTX *mem_ctx,
+	struct dcesrv_call_state *dce_call,
+	const struct auth_session_info *call_session_info,
+	const struct auth_session_info *call_audit_session_info)
+{
+	struct ldb_context *samdb = NULL;
+	struct auth_session_info *user_session_info = NULL;
+	struct auth_session_info *audit_session_info = NULL;
+	struct tsocket_address *remote_address = NULL;
+
+	user_session_info = copy_session_info(mem_ctx, call_session_info);
+	if (user_session_info == NULL) {
+		return NULL;
+	}
+
+	if (call_audit_session_info != NULL) {
+		audit_session_info = copy_session_info(mem_ctx, call_audit_session_info);
+		if (audit_session_info == NULL) {
+			talloc_free(user_session_info);
+			return NULL;
+		}
+	}
+
+	if (dce_call->conn->remote_address != NULL) {
+		remote_address = tsocket_address_copy(dce_call->conn->remote_address,
+						      user_session_info);
+		if (remote_address == NULL) {
+			TALLOC_FREE(audit_session_info);
+			talloc_free(user_session_info);
+			return NULL;
+		}
+	}
+
+	/*
+	 * We need to make sure every argument
+	 * stays around for the lifetime of 'samdb',
+	 * typically it is allocated on the scope of
+	 * an assoc group, so we can't reference dce_call->conn,
+	 * as the assoc group may stay when the current connection
+	 * gets disconnected.
+	 *
+	 * The following are global per process:
+	 * - dce_call->conn->dce_ctx->lp_ctx
+	 * - dce_call->event_ctx
+	 * - system_session
+	 *
+	 * We make a copy of:
+	 * - dce_call->conn->remote_address
+	 * - dce_call->auth_state->session_info
+	 */
+	samdb = samdb_connect(
+		mem_ctx,
+		dce_call->event_ctx,
+		dce_call->conn->dce_ctx->lp_ctx,
+		user_session_info,
+		remote_address,
+		0);
+	if (samdb == NULL) {
+		TALLOC_FREE(audit_session_info);
+		talloc_free(user_session_info);
+		return NULL;
+	}
+	talloc_move(samdb, &user_session_info);
+
+	if (audit_session_info != NULL) {
+		int ret;
+
+		talloc_steal(samdb, audit_session_info);
+
+		ret = ldb_set_opaque(samdb,
+				     DSDB_NETWORK_SESSION_INFO,
+				     audit_session_info);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(samdb);
+			return NULL;
+		}
+	}
+
+	return samdb;
+}
+
+/*
+ * Open an ldb connection under the system session and save the remote users
+ * session details in a ldb_opaque. This will allow the audit logging to
+ * log the original session for operations performed in the system session.
+ *
+ * Access checks are required by the caller!
+ */
+struct ldb_context *dcesrv_samdb_connect_as_system(
+	TALLOC_CTX *mem_ctx,
+	struct dcesrv_call_state *dce_call)
+{
+	const struct auth_session_info *system_session_info = NULL;
+	const struct auth_session_info *call_session_info = NULL;
+
+	system_session_info = system_session(dce_call->conn->dce_ctx->lp_ctx);
+	if (system_session_info == NULL) {
+		return NULL;
+	}
+
+	call_session_info = dcesrv_call_session_info(dce_call);
+
+	return dcesrv_samdb_connect_session_info(mem_ctx, dce_call,
+						 system_session_info, call_session_info);
+}
+
+/*
+ * Open an ldb connection under the remote users session details.
+ *
+ * Access checks are done at the ldb level.
+ */
+struct ldb_context *dcesrv_samdb_connect_as_user(
+	TALLOC_CTX *mem_ctx,
+	struct dcesrv_call_state *dce_call)
+{
+	const struct auth_session_info *call_session_info = NULL;
+
+	call_session_info = dcesrv_call_session_info(dce_call);
+
+	return dcesrv_samdb_connect_session_info(mem_ctx, dce_call,
+						 call_session_info, NULL);
+}
diff --git a/source4/rpc_server/common/share_info.c b/source4/rpc_server/common/share_info.c
new file mode 100644
index 0000000..d7ed5ee
--- /dev/null
+++ b/source4/rpc_server/common/share_info.c
@@ -0,0 +1,123 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   common share info functions
+
+   Copyright (C) Stefan (metze) Metzmacher 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "param/share.h"
+#include "librpc/gen_ndr/srvsvc.h"
+#include "rpc_server/dcerpc_server.h"
+#include "rpc_server/common/share.h"
+
+#undef strcasecmp
+
+/* 
+    Here are common server info functions used by some dcerpc server interfaces
+*/
+
+/* This hardcoded value should go into a ldb database! */
+uint32_t dcesrv_common_get_share_permissions(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx, struct share_config *scfg)
+{
+	return 0;
+}
+
+/* This hardcoded value should go into a ldb database! */
+uint32_t dcesrv_common_get_share_current_users(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx, struct share_config *scfg)
+{
+	return 1;
+}
+
+/* This hardcoded value should go into a ldb database! */
+enum srvsvc_ShareType dcesrv_common_get_share_type(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx, struct share_config *scfg)
+{
+	/* for disk share	0x00000000
+	 * for print share	0x00000001
+	 * for IPC$ share	0x00000003 
+	 *
+	 * administrative shares:
+	 * ADMIN$, IPC$, C$, D$, E$ ...  are type |= 0x80000000
+	 * this ones are hidden in NetShareEnum, but shown in NetShareEnumAll
+	 */
+	enum srvsvc_ShareType share_type = 0;
+	char *sharetype;
+
+	if (!share_bool_option(scfg, SHARE_BROWSEABLE, SHARE_BROWSEABLE_DEFAULT)) {
+		share_type |= STYPE_HIDDEN;
+	}
+
+	sharetype = share_string_option(mem_ctx, scfg, SHARE_TYPE, SHARE_TYPE_DEFAULT);
+	if (sharetype && strcasecmp(sharetype, "IPC") == 0) {
+		share_type |= STYPE_IPC;
+		TALLOC_FREE(sharetype);
+		return share_type;
+	}
+
+	if (sharetype && strcasecmp(sharetype, "PRINTER") == 0) {
+		share_type |= STYPE_PRINTQ;
+		TALLOC_FREE(sharetype);
+		return share_type;
+	}
+
+	TALLOC_FREE(sharetype);
+	share_type |= STYPE_DISKTREE;
+
+	return share_type;
+}
+
+/* This hardcoded value should go into a ldb database! */
+const char *dcesrv_common_get_share_path(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx, struct share_config *scfg)
+{
+	char *sharetype;
+	char *p;
+	char *path;
+
+	sharetype = share_string_option(mem_ctx, scfg, SHARE_TYPE, SHARE_TYPE_DEFAULT);
+	
+	if (sharetype && strcasecmp(sharetype, "IPC") == 0) {
+		TALLOC_FREE(sharetype);
+		return talloc_strdup(mem_ctx, "");
+	}
+
+	TALLOC_FREE(sharetype);
+
+	p = share_string_option(mem_ctx, scfg, SHARE_PATH, "");
+	if (!p) {
+		return NULL;
+	}
+	if (p[0] == '\0') {
+		return p;
+	}
+	all_string_sub(p, "/", "\\", 0);
+	
+	path = talloc_asprintf(mem_ctx, "C:%s", p);
+	TALLOC_FREE(p);
+	return path;
+}
+
+/* This hardcoded value should go into a ldb database! */
+uint32_t dcesrv_common_get_share_dfs_flags(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx, struct share_config *scfg)
+{
+	return 0;
+}
+
+/* This hardcoded value should go into a ldb database! */
+struct security_descriptor *dcesrv_common_get_security_descriptor(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx, struct share_config *scfg)
+{
+	return NULL;
+}
diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c
new file mode 100644
index 0000000..e072cd2
--- /dev/null
+++ b/source4/rpc_server/dcerpc_server.c
@@ -0,0 +1,726 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   server side dcerpc core code
+
+   Copyright (C) Andrew Tridgell 2003-2005
+   Copyright (C) Stefan (metze) Metzmacher 2004-2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "auth/auth.h"
+#include "auth/gensec/gensec.h"
+#include "auth/credentials/credentials.h"
+#include "rpc_server/dcerpc_server.h"
+#include "rpc_server/dcerpc_server_proto.h"
+#include "param/param.h"
+#include "samba/service_stream.h"
+#include "lib/tsocket/tsocket.h"
+#include "lib/socket/socket.h"
+#include "samba/process_model.h"
+#include "lib/util/samba_modules.h"
+#include "lib/util/tevent_ntstatus.h"
+#include "lib/util/idtree_random.h"
+
+/*
+  take a reference to an existing association group
+ */
+static struct dcesrv_assoc_group *dcesrv_assoc_group_reference(struct dcesrv_connection *conn,
+							       uint32_t id)
+{
+	const struct dcesrv_endpoint *endpoint = conn->endpoint;
+	enum dcerpc_transport_t transport =
+		dcerpc_binding_get_transport(endpoint->ep_description);
+	struct dcesrv_assoc_group *assoc_group;
+	void *id_ptr = NULL;
+
+	/* find an association group given a assoc_group_id */
+	id_ptr = idr_find(conn->dce_ctx->assoc_groups_idr, id);
+	if (id_ptr == NULL) {
+		DBG_NOTICE("Failed to find assoc_group 0x%08x\n", id);
+		return NULL;
+	}
+	assoc_group = talloc_get_type_abort(id_ptr, struct dcesrv_assoc_group);
+
+	if (assoc_group->transport != transport) {
+		const char *at =
+			derpc_transport_string_by_transport(
+				assoc_group->transport);
+		const char *ct =
+			derpc_transport_string_by_transport(
+				transport);
+
+		DBG_NOTICE("assoc_group 0x%08x (transport %s) "
+			   "is not available on transport %s\n",
+			   id, at, ct);
+		return NULL;
+	}
+
+	return talloc_reference(conn, assoc_group);
+}
+
+static int dcesrv_assoc_group_destructor(struct dcesrv_assoc_group *assoc_group)
+{
+	int ret;
+	ret = idr_remove(assoc_group->dce_ctx->assoc_groups_idr, assoc_group->id);
+	if (ret != 0) {
+		DEBUG(0,(__location__ ": Failed to remove assoc_group 0x%08x\n",
+			 assoc_group->id));
+	}
+	SMB_ASSERT(assoc_group->dce_ctx->assoc_groups_num > 0);
+	assoc_group->dce_ctx->assoc_groups_num -= 1;
+	return 0;
+}
+
+/*
+  allocate a new association group
+ */
+static struct dcesrv_assoc_group *dcesrv_assoc_group_new(struct dcesrv_connection *conn)
+{
+	struct dcesrv_context *dce_ctx = conn->dce_ctx;
+	const struct dcesrv_endpoint *endpoint = conn->endpoint;
+	enum dcerpc_transport_t transport =
+		dcerpc_binding_get_transport(endpoint->ep_description);
+	struct dcesrv_assoc_group *assoc_group;
+	int id;
+
+	assoc_group = talloc_zero(conn, struct dcesrv_assoc_group);
+	if (assoc_group == NULL) {
+		return NULL;
+	}
+
+	id = idr_get_new_random(
+		dce_ctx->assoc_groups_idr, assoc_group, 1, UINT16_MAX);
+	if (id == -1) {
+		talloc_free(assoc_group);
+		DEBUG(0,(__location__ ": Out of association groups!\n"));
+		return NULL;
+	}
+
+	assoc_group->transport = transport;
+	assoc_group->id = id;
+	assoc_group->dce_ctx = dce_ctx;
+
+	talloc_set_destructor(assoc_group, dcesrv_assoc_group_destructor);
+
+	SMB_ASSERT(dce_ctx->assoc_groups_num < UINT16_MAX);
+	dce_ctx->assoc_groups_num += 1;
+
+	return assoc_group;
+}
+
+NTSTATUS dcesrv_assoc_group_find_s4(
+	struct dcesrv_call_state *call,
+	void *private_data)
+{
+	/*
+	  if provided, check the assoc_group is valid
+	 */
+	if (call->pkt.u.bind.assoc_group_id != 0) {
+		call->conn->assoc_group =
+			dcesrv_assoc_group_reference(call->conn,
+					call->pkt.u.bind.assoc_group_id);
+	} else {
+		call->conn->assoc_group = dcesrv_assoc_group_new(call->conn);
+	}
+
+	/*
+	 * The NETLOGON server does not use handles and so
+	 * there is no need to support association groups, but
+	 * we need to give back a number regardless.
+	 *
+	 * We have to do this when it is not run as a single process,
+	 * because then it can't see the other valid association
+	 * groups.  We handle this generically for all endpoints not
+	 * running in single process mode.
+	 *
+	 * We know which endpoint we are on even before checking the
+	 * iface UUID, so for simplicity we enforce the same policy
+	 * for all interfaces on the endpoint.
+	 *
+	 * This means that where NETLOGON
+	 * shares an endpoint (such as ncalrpc or if 'lsa over
+	 * netlogon' is set) we will still check association groups.
+	 *
+	 */
+
+	if (call->conn->assoc_group == NULL &&
+	    !call->conn->endpoint->use_single_process) {
+		call->conn->assoc_group
+			= dcesrv_assoc_group_new(call->conn);
+	}
+
+	if (call->conn->assoc_group == NULL) {
+		/* TODO Return correct status */
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	return NT_STATUS_OK;
+}
+
+void dcerpc_server_init(struct loadparm_context *lp_ctx)
+{
+	static bool initialized;
+#define _MODULE_PROTO(init) extern NTSTATUS init(TALLOC_CTX *);
+	STATIC_dcerpc_server_MODULES_PROTO;
+	init_module_fn static_init[] = { STATIC_dcerpc_server_MODULES };
+	init_module_fn *shared_init;
+
+	if (initialized) {
+		return;
+	}
+	initialized = true;
+
+	shared_init = load_samba_modules(NULL, "dcerpc_server");
+
+	run_init_functions(NULL, static_init);
+	run_init_functions(NULL, shared_init);
+
+	talloc_free(shared_init);
+}
+
+struct dcesrv_socket_context {
+	const struct dcesrv_endpoint *endpoint;
+	struct dcesrv_context *dcesrv_ctx;
+};
+
+static void dcesrv_sock_accept(struct stream_connection *srv_conn)
+{
+	NTSTATUS status;
+	struct dcesrv_socket_context *dcesrv_sock = 
+		talloc_get_type(srv_conn->private_data, struct dcesrv_socket_context);
+	enum dcerpc_transport_t transport =
+		dcerpc_binding_get_transport(dcesrv_sock->endpoint->ep_description);
+	struct dcesrv_connection *dcesrv_conn = NULL;
+	int ret;
+	struct loadparm_context *lp_ctx = dcesrv_sock->dcesrv_ctx->lp_ctx;
+
+	dcesrv_cleanup_broken_connections(dcesrv_sock->dcesrv_ctx);
+
+	if (!srv_conn->session_info) {
+		status = auth_anonymous_session_info(srv_conn,
+						     lp_ctx,
+						     &srv_conn->session_info);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0,("dcesrv_sock_accept: auth_anonymous_session_info failed: %s\n",
+				nt_errstr(status)));
+			stream_terminate_connection(srv_conn, nt_errstr(status));
+			return;
+		}
+	}
+
+	/*
+	 * This fills in dcesrv_conn->endpoint with the endpoint
+	 * associated with the socket.  From this point on we know
+	 * which (group of) services we are handling, but not the
+	 * specific interface.
+	 */
+
+	status = dcesrv_endpoint_connect(dcesrv_sock->dcesrv_ctx,
+					 srv_conn,
+					 dcesrv_sock->endpoint,
+					 srv_conn->session_info,
+					 srv_conn->event.ctx,
+					 DCESRV_CALL_STATE_FLAG_MAY_ASYNC,
+					 &dcesrv_conn);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("dcesrv_sock_accept: dcesrv_endpoint_connect failed: %s\n", 
+			nt_errstr(status)));
+		stream_terminate_connection(srv_conn, nt_errstr(status));
+		return;
+	}
+
+	dcesrv_conn->transport.private_data		= srv_conn;
+	dcesrv_conn->transport.report_output_data	= dcesrv_sock_report_output_data;
+	dcesrv_conn->transport.terminate_connection	= dcesrv_transport_terminate_connection_s4;
+
+	TALLOC_FREE(srv_conn->event.fde);
+
+	dcesrv_conn->send_queue = tevent_queue_create(dcesrv_conn, "dcesrv send queue");
+	if (!dcesrv_conn->send_queue) {
+		status = NT_STATUS_NO_MEMORY;
+		DEBUG(0,("dcesrv_sock_accept: tevent_queue_create(%s)\n",
+			nt_errstr(status)));
+		stream_terminate_connection(srv_conn, nt_errstr(status));
+		return;
+	}
+
+	if (transport == NCACN_NP) {
+		dcesrv_conn->stream = talloc_move(dcesrv_conn,
+						  &srv_conn->tstream);
+	} else {
+		ret = tstream_bsd_existing_socket(dcesrv_conn,
+						  socket_get_fd(srv_conn->socket),
+						  &dcesrv_conn->stream);
+		if (ret == -1) {
+			status = map_nt_error_from_unix_common(errno);
+			DEBUG(0, ("dcesrv_sock_accept: "
+				  "failed to setup tstream: %s\n",
+				  nt_errstr(status)));
+			stream_terminate_connection(srv_conn, nt_errstr(status));
+			return;
+		}
+		socket_set_flags(srv_conn->socket, SOCKET_FLAG_NOCLOSE);
+		/* as server we want to fail early */
+		tstream_bsd_fail_readv_first_error(dcesrv_conn->stream, true);
+	}
+
+	dcesrv_conn->local_address = srv_conn->local_address;
+	dcesrv_conn->remote_address = srv_conn->remote_address;
+
+	if (transport == NCALRPC) {
+		uid_t uid;
+		gid_t gid;
+		int sock_fd;
+
+		sock_fd = socket_get_fd(srv_conn->socket);
+		if (sock_fd == -1) {
+			stream_terminate_connection(
+				srv_conn, "socket_get_fd failed\n");
+			return;
+		}
+
+		ret = getpeereid(sock_fd, &uid, &gid);
+		if (ret == -1) {
+			status = map_nt_error_from_unix_common(errno);
+			DEBUG(0, ("dcesrv_sock_accept: "
+				  "getpeereid() failed for NCALRPC: %s\n",
+				  nt_errstr(status)));
+			stream_terminate_connection(srv_conn, nt_errstr(status));
+			return;
+		}
+		if (uid == dcesrv_conn->dce_ctx->initial_euid) {
+			struct tsocket_address *r = NULL;
+
+			ret = tsocket_address_unix_from_path(dcesrv_conn,
+							     AS_SYSTEM_MAGIC_PATH_TOKEN,
+							     &r);
+			if (ret == -1) {
+				status = map_nt_error_from_unix_common(errno);
+				DEBUG(0, ("dcesrv_sock_accept: "
+					  "tsocket_address_unix_from_path() failed for NCALRPC: %s\n",
+					  nt_errstr(status)));
+				stream_terminate_connection(srv_conn, nt_errstr(status));
+				return;
+			}
+			dcesrv_conn->remote_address = r;
+		}
+	}
+
+	srv_conn->private_data = dcesrv_conn;
+
+	status = dcesrv_connection_loop_start(dcesrv_conn);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("dcesrv_sock_accept: dcerpc_read_fragment_buffer_send(%s)\n",
+			nt_errstr(status)));
+		stream_terminate_connection(srv_conn, nt_errstr(status));
+		return;
+	}
+
+	return;
+}
+
+static void dcesrv_sock_recv(struct stream_connection *conn, uint16_t flags)
+{
+	struct dcesrv_connection *dce_conn = talloc_get_type(conn->private_data,
+					     struct dcesrv_connection);
+	dcesrv_terminate_connection(dce_conn, "dcesrv_sock_recv triggered");
+}
+
+static void dcesrv_sock_send(struct stream_connection *conn, uint16_t flags)
+{
+	struct dcesrv_connection *dce_conn = talloc_get_type(conn->private_data,
+					     struct dcesrv_connection);
+	dcesrv_terminate_connection(dce_conn, "dcesrv_sock_send triggered");
+}
+
+
+static const struct stream_server_ops dcesrv_stream_ops = {
+	.name			= "rpc",
+	.accept_connection	= dcesrv_sock_accept,
+	.recv_handler		= dcesrv_sock_recv,
+	.send_handler		= dcesrv_sock_send,
+};
+
+static NTSTATUS dcesrv_add_ep_unix(struct dcesrv_context *dce_ctx, 
+				   struct loadparm_context *lp_ctx,
+				   struct dcesrv_endpoint *e,
+				   struct tevent_context *event_ctx,
+				   const struct model_ops *model_ops,
+				   void *process_context)
+{
+	struct dcesrv_socket_context *dcesrv_sock;
+	uint16_t port = 1;
+	NTSTATUS status;
+	const char *endpoint;
+
+	dcesrv_sock = talloc_zero(event_ctx, struct dcesrv_socket_context);
+	NT_STATUS_HAVE_NO_MEMORY(dcesrv_sock);
+
+	/* remember the endpoint of this socket */
+	dcesrv_sock->endpoint		= e;
+	dcesrv_sock->dcesrv_ctx		= talloc_reference(dcesrv_sock, dce_ctx);
+
+	endpoint = dcerpc_binding_get_string_option(e->ep_description, "endpoint");
+
+	status = stream_setup_socket(dcesrv_sock, event_ctx, lp_ctx,
+				     model_ops, &dcesrv_stream_ops, 
+				     "unix", endpoint, &port,
+				     lpcfg_socket_options(lp_ctx),
+				     dcesrv_sock, process_context);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("service_setup_stream_socket(path=%s) failed - %s\n",
+			 endpoint, nt_errstr(status)));
+	}
+
+	return status;
+}
+
+static NTSTATUS dcesrv_add_ep_ncalrpc(struct dcesrv_context *dce_ctx, 
+				      struct loadparm_context *lp_ctx,
+				      struct dcesrv_endpoint *e,
+				      struct tevent_context *event_ctx,
+				      const struct model_ops *model_ops,
+				      void *process_context)
+{
+	struct dcesrv_socket_context *dcesrv_sock;
+	uint16_t port = 1;
+	char *full_path;
+	NTSTATUS status;
+	const char *endpoint;
+
+	endpoint = dcerpc_binding_get_string_option(e->ep_description, "endpoint");
+
+	if (endpoint == NULL) {
+		/*
+		 * No identifier specified: use DEFAULT.
+		 *
+		 * TODO: DO NOT hardcode this value anywhere else. Rather, specify
+		 * no endpoint and let the epmapper worry about it.
+		 */
+		endpoint = "DEFAULT";
+		status = dcerpc_binding_set_string_option(e->ep_description,
+							  "endpoint",
+							  endpoint);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0,("dcerpc_binding_set_string_option() failed - %s\n",
+				  nt_errstr(status)));
+			return status;
+		}
+	}
+
+	full_path = talloc_asprintf(dce_ctx, "%s/%s", lpcfg_ncalrpc_dir(lp_ctx),
+				    endpoint);
+
+	dcesrv_sock = talloc_zero(event_ctx, struct dcesrv_socket_context);
+	NT_STATUS_HAVE_NO_MEMORY(dcesrv_sock);
+
+	/* remember the endpoint of this socket */
+	dcesrv_sock->endpoint		= e;
+	dcesrv_sock->dcesrv_ctx		= talloc_reference(dcesrv_sock, dce_ctx);
+
+	status = stream_setup_socket(dcesrv_sock, event_ctx, lp_ctx,
+				     model_ops, &dcesrv_stream_ops, 
+				     "unix", full_path, &port, 
+				     lpcfg_socket_options(lp_ctx),
+				     dcesrv_sock, process_context);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("service_setup_stream_socket(identifier=%s,path=%s) failed - %s\n",
+			 endpoint, full_path, nt_errstr(status)));
+	}
+	return status;
+}
+
+static NTSTATUS dcesrv_add_ep_np(struct dcesrv_context *dce_ctx,
+				 struct loadparm_context *lp_ctx,
+				 struct dcesrv_endpoint *e,
+				 struct tevent_context *event_ctx,
+				 const struct model_ops *model_ops,
+				 void *process_context)
+{
+	struct dcesrv_socket_context *dcesrv_sock;
+	NTSTATUS status;
+	const char *endpoint;
+
+	endpoint = dcerpc_binding_get_string_option(e->ep_description, "endpoint");
+	if (endpoint == NULL) {
+		DEBUG(0, ("Endpoint mandatory for named pipes\n"));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	dcesrv_sock = talloc_zero(event_ctx, struct dcesrv_socket_context);
+	NT_STATUS_HAVE_NO_MEMORY(dcesrv_sock);
+
+	/* remember the endpoint of this socket */
+	dcesrv_sock->endpoint		= e;
+	dcesrv_sock->dcesrv_ctx		= talloc_reference(dcesrv_sock, dce_ctx);
+
+	status = tstream_setup_named_pipe(dce_ctx, event_ctx, lp_ctx,
+					  model_ops, &dcesrv_stream_ops,
+					  endpoint,
+					  dcesrv_sock, process_context);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("stream_setup_named_pipe(pipe=%s) failed - %s\n",
+			 endpoint, nt_errstr(status)));
+		return status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  add a socket address to the list of events, one event per dcerpc endpoint
+*/
+static NTSTATUS add_socket_rpc_tcp_iface(struct dcesrv_context *dce_ctx,
+					 struct dcesrv_endpoint *e,
+					 struct tevent_context *event_ctx,
+					 const struct model_ops *model_ops,
+					 const char *address,
+					 void *process_context)
+{
+	struct dcesrv_socket_context *dcesrv_sock;
+	uint16_t port = 0;
+	NTSTATUS status;
+	const char *endpoint;
+	char port_str[6];
+
+	endpoint = dcerpc_binding_get_string_option(e->ep_description, "endpoint");
+	if (endpoint != NULL) {
+		port = atoi(endpoint);
+	}
+
+	dcesrv_sock = talloc_zero(event_ctx, struct dcesrv_socket_context);
+	NT_STATUS_HAVE_NO_MEMORY(dcesrv_sock);
+
+	/* remember the endpoint of this socket */
+	dcesrv_sock->endpoint		= e;
+	dcesrv_sock->dcesrv_ctx		= talloc_reference(dcesrv_sock, dce_ctx);
+
+	status = stream_setup_socket(dcesrv_sock, event_ctx, dce_ctx->lp_ctx,
+				     model_ops, &dcesrv_stream_ops, 
+				     "ip", address, &port,
+				     lpcfg_socket_options(dce_ctx->lp_ctx),
+				     dcesrv_sock, process_context);
+	if (!NT_STATUS_IS_OK(status)) {
+		struct dcesrv_if_list *iface;
+		DEBUG(0,("service_setup_stream_socket(address=%s,port=%u) for ",
+			 address, port));
+		for (iface = e->interface_list; iface; iface = iface->next) {
+			DEBUGADD(0, ("%s ", iface->iface->name));
+		}
+		DEBUGADD(0, ("failed - %s\n",
+			     nt_errstr(status)));
+		return status;
+	}
+
+	snprintf(port_str, sizeof(port_str), "%u", port);
+
+	status = dcerpc_binding_set_string_option(e->ep_description,
+						  "endpoint", port_str);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("dcerpc_binding_set_string_option(endpoint, %s) failed - %s\n",
+			 port_str, nt_errstr(status)));
+		return status;
+	} else {
+		struct dcesrv_if_list *iface;
+		DEBUG(4,("Successfully listening on ncacn_ip_tcp endpoint [%s]:[%s] for ",
+			 address, port_str));
+		for (iface = e->interface_list; iface; iface = iface->next) {
+			DEBUGADD(4, ("%s ", iface->iface->name));
+		}
+		DEBUGADD(4, ("\n"));
+	}
+
+	return NT_STATUS_OK;
+}
+
+#include "lib/socket/netif.h" /* Included here to work around the fact that socket_wrapper redefines bind() */
+
+static NTSTATUS dcesrv_add_ep_tcp(struct dcesrv_context *dce_ctx, 
+				  struct loadparm_context *lp_ctx,
+				  struct dcesrv_endpoint *e,
+				  struct tevent_context *event_ctx,
+				  const struct model_ops *model_ops,
+				  void *process_context)
+{
+	NTSTATUS status;
+
+	/* Add TCP/IP sockets */
+	if (lpcfg_interfaces(lp_ctx) && lpcfg_bind_interfaces_only(lp_ctx)) {
+		int num_interfaces;
+		int i;
+		struct interface *ifaces;
+
+		load_interface_list(dce_ctx, lp_ctx, &ifaces);
+
+		num_interfaces = iface_list_count(ifaces);
+		for(i = 0; i < num_interfaces; i++) {
+			const char *address = iface_list_n_ip(ifaces, i);
+			status = add_socket_rpc_tcp_iface(dce_ctx, e, event_ctx,
+					                  model_ops, address,
+							  process_context);
+			NT_STATUS_NOT_OK_RETURN(status);
+		}
+	} else {
+		char **wcard;
+		size_t i;
+		size_t num_binds = 0;
+		wcard = iface_list_wildcard(dce_ctx);
+		NT_STATUS_HAVE_NO_MEMORY(wcard);
+		for (i=0; wcard[i]; i++) {
+			status = add_socket_rpc_tcp_iface(dce_ctx, e, event_ctx,
+							  model_ops, wcard[i],
+							  process_context);
+			if (NT_STATUS_IS_OK(status)) {
+				num_binds++;
+			}
+		}
+		talloc_free(wcard);
+		if (num_binds == 0) {
+			return NT_STATUS_INVALID_PARAMETER_MIX;
+		}
+	}
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS dcesrv_add_ep(struct dcesrv_context *dce_ctx,
+		       struct loadparm_context *lp_ctx,
+		       struct dcesrv_endpoint *e,
+		       struct tevent_context *event_ctx,
+		       const struct model_ops *model_ops,
+		       void *process_context)
+{
+	enum dcerpc_transport_t transport =
+		dcerpc_binding_get_transport(e->ep_description);
+
+	switch (transport) {
+	case NCACN_UNIX_STREAM:
+		return dcesrv_add_ep_unix(dce_ctx, lp_ctx, e, event_ctx,
+					  model_ops, process_context);
+
+	case NCALRPC:
+		return dcesrv_add_ep_ncalrpc(dce_ctx, lp_ctx, e, event_ctx,
+					     model_ops, process_context);
+
+	case NCACN_IP_TCP:
+		return dcesrv_add_ep_tcp(dce_ctx, lp_ctx, e, event_ctx,
+					 model_ops, process_context);
+
+	case NCACN_NP:
+		return dcesrv_add_ep_np(dce_ctx, lp_ctx, e, event_ctx,
+					model_ops, process_context);
+
+	default:
+		return NT_STATUS_NOT_SUPPORTED;
+	}
+}
+
+_PUBLIC_ struct imessaging_context *dcesrv_imessaging_context(
+					struct dcesrv_connection *conn)
+{
+	struct stream_connection *srv_conn =
+		talloc_get_type_abort(conn->transport.private_data,
+				      struct stream_connection);
+	return srv_conn->msg_ctx;
+}
+
+_PUBLIC_ struct server_id dcesrv_server_id(struct dcesrv_connection *conn)
+{
+	struct stream_connection *srv_conn =
+		talloc_get_type_abort(conn->transport.private_data,
+				struct stream_connection);
+	return srv_conn->server_id;
+}
+
+void log_successful_dcesrv_authz_event(
+	struct dcesrv_call_state *call,
+	void *private_data)
+{
+	struct dcesrv_auth *auth = call->auth_state;
+	enum dcerpc_transport_t transport =
+		dcerpc_binding_get_transport(call->conn->endpoint->ep_description);
+	struct imessaging_context *imsg_ctx =
+		dcesrv_imessaging_context(call->conn);
+	const char *auth_type = derpc_transport_string_by_transport(transport);
+	const char *transport_protection = AUTHZ_TRANSPORT_PROTECTION_NONE;
+
+	if (transport == NCACN_NP) {
+		transport_protection = AUTHZ_TRANSPORT_PROTECTION_SMB;
+	}
+
+	/*
+	 * Log the authorization to this RPC interface.  This
+	 * covered ncacn_np pass-through auth, and anonymous
+	 * DCE/RPC (eg epmapper, netlogon etc)
+	 */
+	log_successful_authz_event(imsg_ctx,
+				   call->conn->dce_ctx->lp_ctx,
+				   call->conn->remote_address,
+				   call->conn->local_address,
+				   "DCE/RPC",
+				   auth_type,
+				   transport_protection,
+				   auth->session_info,
+				   NULL /* client_audit_info */,
+				   NULL /* server_audit_info */);
+
+	auth->auth_audited = true;
+}
+
+NTSTATUS dcesrv_gensec_prepare(
+	TALLOC_CTX *mem_ctx,
+	struct dcesrv_call_state *call,
+	struct gensec_security **out,
+	void *private_data)
+{
+	struct cli_credentials *server_creds = NULL;
+	struct imessaging_context *imsg_ctx =
+		dcesrv_imessaging_context(call->conn);
+	bool ok;
+
+	server_creds = cli_credentials_init_server(call->auth_state,
+						   call->conn->dce_ctx->lp_ctx);
+	if (server_creds == NULL) {
+		DEBUG(1, ("Failed to init server credentials\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
+	/* This is required for ncalrpc_as_system. */
+	ok = cli_credentials_set_kerberos_state(server_creds,
+						CRED_USE_KERBEROS_DESIRED,
+						CRED_SPECIFIED);
+	if (!ok) {
+		DBG_WARNING("Failed to set kerberos state\n");
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	return samba_server_gensec_start(mem_ctx,
+					 call->event_ctx,
+					 imsg_ctx,
+					 call->conn->dce_ctx->lp_ctx,
+					 server_creds,
+					 NULL,
+					 out);
+}
+
+void dcesrv_transport_terminate_connection_s4(struct dcesrv_connection *dce_conn,
+					      const char *reason)
+{
+	struct stream_connection *srv_conn =
+		talloc_get_type_abort(dce_conn->transport.private_data,
+				      struct stream_connection);
+	stream_terminate_connection(srv_conn, reason);
+}
diff --git a/source4/rpc_server/dcerpc_server.h b/source4/rpc_server/dcerpc_server.h
new file mode 100644
index 0000000..529c604
--- /dev/null
+++ b/source4/rpc_server/dcerpc_server.h
@@ -0,0 +1,41 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   server side dcerpc defines
+
+   Copyright (C) Andrew Tridgell 2003-2005
+   Copyright (C) Stefan (metze) Metzmacher 2004-2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef SAMBA_DCERPC_SERVER_H
+#define SAMBA_DCERPC_SERVER_H
+
+#include "librpc/rpc/dcesrv_core.h"
+
+struct model_ops;
+
+NTSTATUS dcesrv_add_ep(struct dcesrv_context *dce_ctx,
+		       struct loadparm_context *lp_ctx,
+		       struct dcesrv_endpoint *e,
+		       struct tevent_context *event_ctx,
+		       const struct model_ops *model_ops,
+		       void *process_context);
+
+_PUBLIC_ struct imessaging_context *dcesrv_imessaging_context(
+                                       struct dcesrv_connection *conn);
+_PUBLIC_ struct server_id dcesrv_server_id(struct dcesrv_connection *conn);
+
+#endif /* SAMBA_DCERPC_SERVER_H */
diff --git a/source4/rpc_server/dcerpc_server.pc.in b/source4/rpc_server/dcerpc_server.pc.in
new file mode 100644
index 0000000..0ab833a
--- /dev/null
+++ b/source4/rpc_server/dcerpc_server.pc.in
@@ -0,0 +1,12 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+modulesdir=@modulesdir@/dcerpc_server
+
+Name: dcerpc_server
+Description: DCE/RPC server library
+Requires: dcerpc
+Version: @PACKAGE_VERSION@
+Libs: @LIB_RPATH@ -L${libdir} -ldcerpc-server
+Cflags: -I${includedir} -DHAVE_IMMEDIATE_STRUCTURES=1
diff --git a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
new file mode 100644
index 0000000..b1c7e2a
--- /dev/null
+++ b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
@@ -0,0 +1,2410 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   DNS Server
+
+   Copyright (C) Amitay Isaacs 2011
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "talloc.h"
+#include "rpc_server/dcerpc_server.h"
+#include "rpc_server/common/common.h"
+#include "dsdb/samdb/samdb.h"
+#include "lib/util/dlinklist.h"
+#include "librpc/gen_ndr/ndr_dnsserver.h"
+#include "dns_server/dnsserver_common.h"
+#include "dnsserver.h"
+
+#undef strcasecmp
+
+#define DCESRV_INTERFACE_DNSSERVER_BIND(context, iface) \
+	dcesrv_interface_dnsserver_bind(context, iface)
+static NTSTATUS dcesrv_interface_dnsserver_bind(struct dcesrv_connection_context *context,
+					        const struct dcesrv_interface *iface)
+{
+	return dcesrv_interface_bind_require_integrity(context, iface);
+}
+
+#define DNSSERVER_STATE_MAGIC 0xc9657ab4
+struct dnsserver_state {
+	struct loadparm_context *lp_ctx;
+	struct ldb_context *samdb;
+	struct dnsserver_partition *partitions;
+	struct dnsserver_zone *zones;
+	int zones_count;
+	struct dnsserver_serverinfo *serverinfo;
+};
+
+
+/* Utility functions */
+
+static void dnsserver_reload_zones(struct dnsserver_state *dsstate)
+{
+	struct dnsserver_partition *p;
+	struct dnsserver_zone *zones, *z, *znext, *zmatch;
+	struct dnsserver_zone *old_list, *new_list;
+
+	old_list = dsstate->zones;
+	new_list = NULL;
+
+	for (p = dsstate->partitions; p; p = p->next) {
+		zones = dnsserver_db_enumerate_zones(dsstate, dsstate->samdb, p);
+		if (zones == NULL) {
+			continue;
+		}
+		for (z = zones; z; ) {
+			znext = z->next;
+			zmatch = dnsserver_find_zone(old_list, z->name);
+			if (zmatch == NULL) {
+				/* Missing zone */
+				z->zoneinfo = dnsserver_init_zoneinfo(z, dsstate->serverinfo);
+				if (z->zoneinfo == NULL) {
+					continue;
+				}
+				DLIST_ADD_END(new_list, z);
+				p->zones_count++;
+				dsstate->zones_count++;
+			} else {
+				/* Existing zone */
+				talloc_free(z);
+				DLIST_REMOVE(old_list, zmatch);
+				DLIST_ADD_END(new_list, zmatch);
+			}
+			z = znext;
+		}
+	}
+
+	if (new_list == NULL) {
+		return;
+	}
+
+	/* Deleted zones */
+	for (z = old_list; z; ) {
+		znext = z->next;
+		z->partition->zones_count--;
+		dsstate->zones_count--;
+		talloc_free(z);
+		z = znext;
+	}
+
+	dsstate->zones = new_list;
+}
+
+
+static struct dnsserver_state *dnsserver_connect(struct dcesrv_call_state *dce_call)
+{
+	struct dnsserver_state *dsstate;
+	struct dnsserver_zone *zones, *z, *znext;
+	struct dnsserver_partition *partitions, *p;
+	NTSTATUS status;
+
+	dsstate = dcesrv_iface_state_find_conn(dce_call,
+					       DNSSERVER_STATE_MAGIC,
+					       struct dnsserver_state);
+	if (dsstate != NULL) {
+		return dsstate;
+	}
+
+	dsstate = talloc_zero(dce_call, struct dnsserver_state);
+	if (dsstate == NULL) {
+		return NULL;
+	}
+
+	dsstate->lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
+
+	dsstate->samdb = dcesrv_samdb_connect_as_user(dsstate, dce_call);
+	if (dsstate->samdb == NULL) {
+		DEBUG(0,("dnsserver: Failed to open samdb\n"));
+		goto failed;
+	}
+
+	/* Initialize server info */
+	dsstate->serverinfo = dnsserver_init_serverinfo(dsstate,
+							dsstate->lp_ctx,
+							dsstate->samdb);
+	if (dsstate->serverinfo == NULL) {
+		goto failed;
+	}
+
+	/* Search for DNS partitions */
+	partitions = dnsserver_db_enumerate_partitions(dsstate, dsstate->serverinfo, dsstate->samdb);
+	if (partitions == NULL) {
+		goto failed;
+	}
+	dsstate->partitions = partitions;
+
+	/* Search for DNS zones */
+	for (p = partitions; p; p = p->next) {
+		zones = dnsserver_db_enumerate_zones(dsstate, dsstate->samdb, p);
+		if (zones == NULL) {
+			goto failed;
+		}
+		for (z = zones; z; ) {
+			znext = z->next;
+			if (dnsserver_find_zone(dsstate->zones, z->name) == NULL) {
+				z->zoneinfo = dnsserver_init_zoneinfo(z, dsstate->serverinfo);
+				if (z->zoneinfo == NULL) {
+					goto failed;
+				}
+				DLIST_ADD_END(dsstate->zones, z);
+				p->zones_count++;
+				dsstate->zones_count++;
+			} else {
+				/* Ignore duplicate zone */
+				DEBUG(3,("dnsserver: Ignoring duplicate zone '%s' from '%s'\n",
+					 z->name, ldb_dn_get_linearized(z->zone_dn)));
+			}
+			z = znext;
+		}
+	}
+
+	status = dcesrv_iface_state_store_conn(dce_call,
+					       DNSSERVER_STATE_MAGIC,
+					       dsstate);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto failed;
+	}
+
+	return dsstate;
+
+failed:
+	talloc_free(dsstate);
+	dsstate = NULL;
+	return NULL;
+}
+
+
+/* dnsserver query functions */
+
+/* [MS-DNSP].pdf Section 3.1.1.1 DNS Server Configuration Information */
+static WERROR dnsserver_query_server(struct dnsserver_state *dsstate,
+					TALLOC_CTX *mem_ctx,
+					const char *operation,
+					const unsigned int client_version,
+					enum DNS_RPC_TYPEID *typeid,
+					union DNSSRV_RPC_UNION *r)
+{
+	uint8_t is_integer, is_addresses, is_string, is_wstring, is_stringlist;
+	uint32_t answer_integer;
+	struct IP4_ARRAY *answer_iparray = NULL;
+	struct DNS_ADDR_ARRAY *answer_addrarray = NULL;
+	char *answer_string = NULL;
+	struct DNS_RPC_UTF8_STRING_LIST *answer_stringlist = NULL;
+	struct dnsserver_serverinfo *serverinfo;
+
+	serverinfo = dsstate->serverinfo;
+
+	if (strcasecmp(operation, "ServerInfo") == 0) {
+		if (client_version == DNS_CLIENT_VERSION_W2K) {
+			*typeid = DNSSRV_TYPEID_SERVER_INFO_W2K;
+			r->ServerInfoW2K = talloc_zero(mem_ctx, struct DNS_RPC_SERVER_INFO_W2K);
+
+			r->ServerInfoW2K->dwVersion = serverinfo->dwVersion;
+			r->ServerInfoW2K->fBootMethod = serverinfo->fBootMethod;
+			r->ServerInfoW2K->fAdminConfigured = serverinfo->fAdminConfigured;
+			r->ServerInfoW2K->fAllowUpdate = serverinfo->fAllowUpdate;
+			r->ServerInfoW2K->fDsAvailable = serverinfo->fDsAvailable;
+			r->ServerInfoW2K->pszServerName = talloc_strdup(mem_ctx, serverinfo->pszServerName);
+			r->ServerInfoW2K->pszDsContainer = talloc_strdup(mem_ctx, serverinfo->pszDsContainer);
+			r->ServerInfoW2K->aipServerAddrs = dns_addr_array_to_ip4_array(mem_ctx,
+										       serverinfo->aipServerAddrs);
+			r->ServerInfoW2K->aipListenAddrs = dns_addr_array_to_ip4_array(mem_ctx,
+										       serverinfo->aipListenAddrs);
+			r->ServerInfoW2K->aipForwarders = ip4_array_copy(mem_ctx, serverinfo->aipForwarders);
+			r->ServerInfoW2K->dwLogLevel = serverinfo->dwLogLevel;
+			r->ServerInfoW2K->dwDebugLevel = serverinfo->dwDebugLevel;
+			r->ServerInfoW2K->dwForwardTimeout = serverinfo->dwForwardTimeout;
+			r->ServerInfoW2K->dwRpcProtocol = serverinfo->dwRpcProtocol;
+			r->ServerInfoW2K->dwNameCheckFlag = serverinfo->dwNameCheckFlag;
+			r->ServerInfoW2K->cAddressAnswerLimit = serverinfo->cAddressAnswerLimit;
+			r->ServerInfoW2K->dwRecursionRetry = serverinfo->dwRecursionRetry;
+			r->ServerInfoW2K->dwRecursionTimeout = serverinfo->dwRecursionTimeout;
+			r->ServerInfoW2K->dwMaxCacheTtl = serverinfo->dwMaxCacheTtl;
+			r->ServerInfoW2K->dwDsPollingInterval = serverinfo->dwDsPollingInterval;
+			r->ServerInfoW2K->dwScavengingInterval = serverinfo->dwScavengingInterval;
+			r->ServerInfoW2K->dwDefaultRefreshInterval = serverinfo->dwDefaultRefreshInterval;
+			r->ServerInfoW2K->dwDefaultNoRefreshInterval = serverinfo->dwDefaultNoRefreshInterval;
+			r->ServerInfoW2K->fAutoReverseZones = serverinfo->fAutoReverseZones;
+			r->ServerInfoW2K->fAutoCacheUpdate = serverinfo->fAutoCacheUpdate;
+			r->ServerInfoW2K->fRecurseAfterForwarding = serverinfo->fRecurseAfterForwarding;
+			r->ServerInfoW2K->fForwardDelegations = serverinfo->fForwardDelegations;
+			r->ServerInfoW2K->fNoRecursion = serverinfo->fNoRecursion;
+			r->ServerInfoW2K->fSecureResponses = serverinfo->fSecureResponses;
+			r->ServerInfoW2K->fRoundRobin = serverinfo->fRoundRobin;
+			r->ServerInfoW2K->fLocalNetPriority = serverinfo->fLocalNetPriority;
+			r->ServerInfoW2K->fBindSecondaries = serverinfo->fBindSecondaries;
+			r->ServerInfoW2K->fWriteAuthorityNs = serverinfo->fWriteAuthorityNs;
+			r->ServerInfoW2K->fStrictFileParsing = serverinfo->fStrictFileParsing;
+			r->ServerInfoW2K->fLooseWildcarding = serverinfo->fLooseWildcarding;
+			r->ServerInfoW2K->fDefaultAgingState = serverinfo->fDefaultAgingState;
+
+		} else if (client_version == DNS_CLIENT_VERSION_DOTNET) {
+			*typeid = DNSSRV_TYPEID_SERVER_INFO_DOTNET;
+			r->ServerInfoDotNet = talloc_zero(mem_ctx, struct DNS_RPC_SERVER_INFO_DOTNET);
+
+			r->ServerInfoDotNet->dwRpcStructureVersion = 0x01;
+			r->ServerInfoDotNet->dwVersion = serverinfo->dwVersion;
+			r->ServerInfoDotNet->fBootMethod = serverinfo->fBootMethod;
+			r->ServerInfoDotNet->fAdminConfigured = serverinfo->fAdminConfigured;
+			r->ServerInfoDotNet->fAllowUpdate = serverinfo->fAllowUpdate;
+			r->ServerInfoDotNet->fDsAvailable = serverinfo->fDsAvailable;
+			r->ServerInfoDotNet->pszServerName = talloc_strdup(mem_ctx, serverinfo->pszServerName);
+			r->ServerInfoDotNet->pszDsContainer = talloc_strdup(mem_ctx, serverinfo->pszDsContainer);
+			r->ServerInfoDotNet->aipServerAddrs = dns_addr_array_to_ip4_array(mem_ctx,
+											  serverinfo->aipServerAddrs);
+			r->ServerInfoDotNet->aipListenAddrs = dns_addr_array_to_ip4_array(mem_ctx,
+											  serverinfo->aipListenAddrs);
+			r->ServerInfoDotNet->aipForwarders = ip4_array_copy(mem_ctx, serverinfo->aipForwarders);
+			r->ServerInfoDotNet->aipLogFilter = ip4_array_copy(mem_ctx, serverinfo->aipLogFilter);
+			r->ServerInfoDotNet->pwszLogFilePath = talloc_strdup(mem_ctx, serverinfo->pwszLogFilePath);
+			r->ServerInfoDotNet->pszDomainName = talloc_strdup(mem_ctx, serverinfo->pszDomainName);
+			r->ServerInfoDotNet->pszForestName = talloc_strdup(mem_ctx, serverinfo->pszForestName);
+			r->ServerInfoDotNet->pszDomainDirectoryPartition = talloc_strdup(mem_ctx, serverinfo->pszDomainDirectoryPartition);
+			r->ServerInfoDotNet->pszForestDirectoryPartition = talloc_strdup(mem_ctx, serverinfo->pszForestDirectoryPartition);
+			r->ServerInfoDotNet->dwLogLevel = serverinfo->dwLogLevel;
+			r->ServerInfoDotNet->dwDebugLevel = serverinfo->dwDebugLevel;
+			r->ServerInfoDotNet->dwForwardTimeout = serverinfo->dwForwardTimeout;
+			r->ServerInfoDotNet->dwRpcProtocol = serverinfo->dwRpcProtocol;
+			r->ServerInfoDotNet->dwNameCheckFlag = serverinfo->dwNameCheckFlag;
+			r->ServerInfoDotNet->cAddressAnswerLimit = serverinfo->cAddressAnswerLimit;
+			r->ServerInfoDotNet->dwRecursionRetry = serverinfo->dwRecursionRetry;
+			r->ServerInfoDotNet->dwRecursionTimeout = serverinfo->dwRecursionTimeout;
+			r->ServerInfoDotNet->dwMaxCacheTtl = serverinfo->dwMaxCacheTtl;
+			r->ServerInfoDotNet->dwDsPollingInterval = serverinfo->dwDsPollingInterval;
+			r->ServerInfoDotNet->dwLocalNetPriorityNetMask = serverinfo->dwLocalNetPriorityNetMask;
+			r->ServerInfoDotNet->dwScavengingInterval = serverinfo->dwScavengingInterval;
+			r->ServerInfoDotNet->dwDefaultRefreshInterval = serverinfo->dwDefaultRefreshInterval;
+			r->ServerInfoDotNet->dwDefaultNoRefreshInterval = serverinfo->dwDefaultNoRefreshInterval;
+			r->ServerInfoDotNet->dwLastScavengeTime = serverinfo->dwLastScavengeTime;
+			r->ServerInfoDotNet->dwEventLogLevel = serverinfo->dwEventLogLevel;
+			r->ServerInfoDotNet->dwLogFileMaxSize = serverinfo->dwLogFileMaxSize;
+			r->ServerInfoDotNet->dwDsForestVersion = serverinfo->dwDsForestVersion;
+			r->ServerInfoDotNet->dwDsDomainVersion = serverinfo->dwDsDomainVersion;
+			r->ServerInfoDotNet->dwDsDsaVersion = serverinfo->dwDsDsaVersion;
+			r->ServerInfoDotNet->fAutoReverseZones = serverinfo->fAutoReverseZones;
+			r->ServerInfoDotNet->fAutoCacheUpdate = serverinfo->fAutoCacheUpdate;
+			r->ServerInfoDotNet->fRecurseAfterForwarding = serverinfo->fRecurseAfterForwarding;
+			r->ServerInfoDotNet->fForwardDelegations = serverinfo->fForwardDelegations;
+			r->ServerInfoDotNet->fNoRecursion = serverinfo->fNoRecursion;
+			r->ServerInfoDotNet->fSecureResponses = serverinfo->fSecureResponses;
+			r->ServerInfoDotNet->fRoundRobin = serverinfo->fRoundRobin;
+			r->ServerInfoDotNet->fLocalNetPriority = serverinfo->fLocalNetPriority;
+			r->ServerInfoDotNet->fBindSecondaries = serverinfo->fBindSecondaries;
+			r->ServerInfoDotNet->fWriteAuthorityNs = serverinfo->fWriteAuthorityNs;
+			r->ServerInfoDotNet->fStrictFileParsing = serverinfo->fStrictFileParsing;
+			r->ServerInfoDotNet->fLooseWildcarding = serverinfo->fLooseWildcarding;
+			r->ServerInfoDotNet->fDefaultAgingState = serverinfo->fDefaultAgingState;
+
+		} else if (client_version == DNS_CLIENT_VERSION_LONGHORN) {
+			*typeid = DNSSRV_TYPEID_SERVER_INFO;
+			r->ServerInfo = talloc_zero(mem_ctx, struct DNS_RPC_SERVER_INFO_LONGHORN);
+
+			r->ServerInfo->dwRpcStructureVersion = 0x02;
+			r->ServerInfo->dwVersion = serverinfo->dwVersion;
+			r->ServerInfo->fBootMethod = serverinfo->fBootMethod;
+			r->ServerInfo->fAdminConfigured = serverinfo->fAdminConfigured;
+			r->ServerInfo->fAllowUpdate = serverinfo->fAllowUpdate;
+			r->ServerInfo->fDsAvailable = serverinfo->fDsAvailable;
+			r->ServerInfo->pszServerName = talloc_strdup(mem_ctx, serverinfo->pszServerName);
+			r->ServerInfo->pszDsContainer = talloc_strdup(mem_ctx, serverinfo->pszDsContainer);
+			r->ServerInfo->aipServerAddrs = serverinfo->aipServerAddrs;
+			r->ServerInfo->aipListenAddrs = serverinfo->aipListenAddrs;
+			r->ServerInfo->aipForwarders = ip4_array_to_dns_addr_array(mem_ctx, serverinfo->aipForwarders);
+			r->ServerInfo->aipLogFilter = ip4_array_to_dns_addr_array(mem_ctx, serverinfo->aipLogFilter);
+			r->ServerInfo->pwszLogFilePath = talloc_strdup(mem_ctx, serverinfo->pwszLogFilePath);
+			r->ServerInfo->pszDomainName = talloc_strdup(mem_ctx, serverinfo->pszDomainName);
+			r->ServerInfo->pszForestName = talloc_strdup(mem_ctx, serverinfo->pszForestName);
+			r->ServerInfo->pszDomainDirectoryPartition = talloc_strdup(mem_ctx, serverinfo->pszDomainDirectoryPartition);
+			r->ServerInfo->pszForestDirectoryPartition = talloc_strdup(mem_ctx, serverinfo->pszForestDirectoryPartition);
+			r->ServerInfo->dwLogLevel = serverinfo->dwLogLevel;
+			r->ServerInfo->dwDebugLevel = serverinfo->dwDebugLevel;
+			r->ServerInfo->dwForwardTimeout = serverinfo->dwForwardTimeout;
+			r->ServerInfo->dwRpcProtocol = serverinfo->dwRpcProtocol;
+			r->ServerInfo->dwNameCheckFlag = serverinfo->dwNameCheckFlag;
+			r->ServerInfo->cAddressAnswerLimit = serverinfo->cAddressAnswerLimit;
+			r->ServerInfo->dwRecursionRetry = serverinfo->dwRecursionRetry;
+			r->ServerInfo->dwRecursionTimeout = serverinfo->dwRecursionTimeout;
+			r->ServerInfo->dwMaxCacheTtl = serverinfo->dwMaxCacheTtl;
+			r->ServerInfo->dwDsPollingInterval = serverinfo->dwDsPollingInterval;
+			r->ServerInfo->dwLocalNetPriorityNetMask = serverinfo->dwLocalNetPriorityNetMask;
+			r->ServerInfo->dwScavengingInterval = serverinfo->dwScavengingInterval;
+			r->ServerInfo->dwDefaultRefreshInterval = serverinfo->dwDefaultRefreshInterval;
+			r->ServerInfo->dwDefaultNoRefreshInterval = serverinfo->dwDefaultNoRefreshInterval;
+			r->ServerInfo->dwLastScavengeTime = serverinfo->dwLastScavengeTime;
+			r->ServerInfo->dwEventLogLevel = serverinfo->dwEventLogLevel;
+			r->ServerInfo->dwLogFileMaxSize = serverinfo->dwLogFileMaxSize;
+			r->ServerInfo->dwDsForestVersion = serverinfo->dwDsForestVersion;
+			r->ServerInfo->dwDsDomainVersion = serverinfo->dwDsDomainVersion;
+			r->ServerInfo->dwDsDsaVersion = serverinfo->dwDsDsaVersion;
+			r->ServerInfo->fReadOnlyDC = serverinfo->fReadOnlyDC;
+			r->ServerInfo->fAutoReverseZones = serverinfo->fAutoReverseZones;
+			r->ServerInfo->fAutoCacheUpdate = serverinfo->fAutoCacheUpdate;
+			r->ServerInfo->fRecurseAfterForwarding = serverinfo->fRecurseAfterForwarding;
+			r->ServerInfo->fForwardDelegations = serverinfo->fForwardDelegations;
+			r->ServerInfo->fNoRecursion = serverinfo->fNoRecursion;
+			r->ServerInfo->fSecureResponses = serverinfo->fSecureResponses;
+			r->ServerInfo->fRoundRobin = serverinfo->fRoundRobin;
+			r->ServerInfo->fLocalNetPriority = serverinfo->fLocalNetPriority;
+			r->ServerInfo->fBindSecondaries = serverinfo->fBindSecondaries;
+			r->ServerInfo->fWriteAuthorityNs = serverinfo->fWriteAuthorityNs;
+			r->ServerInfo->fStrictFileParsing = serverinfo->fStrictFileParsing;
+			r->ServerInfo->fLooseWildcarding = serverinfo->fLooseWildcarding;
+			r->ServerInfo->fDefaultAgingState = serverinfo->fDefaultAgingState;
+		}
+		return WERR_OK;
+	}
+
+	is_integer = 0;
+	answer_integer = 0;
+
+	if (strcasecmp(operation, "AddressAnswerLimit") == 0) {
+		answer_integer = serverinfo->cAddressAnswerLimit;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "AdminConfigured") == 0) {
+		answer_integer = serverinfo->fAdminConfigured;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "AllowCNAMEAtNS") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "AllowUpdate") == 0) {
+		answer_integer = serverinfo->fAllowUpdate;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "AutoCacheUpdate") == 0) {
+		answer_integer = serverinfo->fAutoCacheUpdate;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "AutoConfigFileZones") == 0) {
+		answer_integer = 1;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "BindSecondaries") == 0) {
+		answer_integer = serverinfo->fBindSecondaries;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "BootMethod") == 0) {
+		answer_integer = serverinfo->fBootMethod;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "DebugLevel") == 0) {
+		answer_integer = serverinfo->dwDebugLevel;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "DefaultAgingState") == 0) {
+		answer_integer = serverinfo->fDefaultAgingState;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "DefaultNoRefreshInterval") == 0) {
+		answer_integer = serverinfo->dwDefaultNoRefreshInterval;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "DefaultRefreshInterval") == 0) {
+		answer_integer = serverinfo->dwDefaultRefreshInterval;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "DeleteOutsideGlue") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "DisjointNets") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "DsLazyUpdateInterval") == 0) {
+		answer_integer = 3; /* seconds */
+		is_integer = 1;
+	} else if (strcasecmp(operation, "DsPollingInterval") == 0) {
+		answer_integer = serverinfo->dwDsPollingInterval;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "DsTombstoneInterval") == 0) {
+		answer_integer = 0x00127500; /* 14 days */
+		is_integer = 1;
+	} else if (strcasecmp(operation, "EnableRegistryBoot") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "EventLogLevel") == 0) {
+		answer_integer = serverinfo->dwEventLogLevel;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "ForceSoaSerial") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "ForceSaoRetry") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "ForceSoaRefresh") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "ForceSoaMinimumTtl") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "ForwardDelegations") == 0) {
+		answer_integer = 1;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "ForwardingTimeout") == 0) {
+		answer_integer = serverinfo->dwForwardTimeout;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "IsSlave") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "LocalNetPriority") == 0) {
+		answer_integer = serverinfo->fLocalNetPriority;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "LogFileMaxSize") == 0) {
+		answer_integer = serverinfo->dwLogFileMaxSize;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "LogLevel") == 0) {
+		answer_integer = serverinfo->dwLogLevel;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "LooseWildcarding") == 0) {
+		answer_integer = serverinfo->fLooseWildcarding;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "MaxCacheTtl") == 0) {
+		answer_integer = serverinfo->dwMaxCacheTtl;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "MaxNegativeCacheTtl") == 0) {
+		answer_integer = 0x00000384; /* 15 minutes */
+		is_integer = 1;
+	} else if (strcasecmp(operation, "NameCheckFlag") == 0) {
+		answer_integer = serverinfo->dwNameCheckFlag;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "NoRecursion") == 0) {
+		answer_integer = serverinfo->fNoRecursion;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "NoUpdateDelegations") == 0) {
+		answer_integer = 1;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "PublishAutonet") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "QuietRecvFaultInterval") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "QuietRecvLogInterval") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "RecursionRetry") == 0) {
+		answer_integer = serverinfo->dwRecursionRetry;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "RecursionTimeout") == 0) {
+		answer_integer = serverinfo->dwRecursionTimeout;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "ReloadException") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "RoundRobin") == 0) {
+		answer_integer = serverinfo->fRoundRobin;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "RpcProtocol") == 0) {
+		answer_integer = serverinfo->dwRpcProtocol;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "SecureResponses") == 0) {
+		answer_integer = serverinfo->fSecureResponses;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "SendPort") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "ScavengingInterval") == 0) {
+		answer_integer = serverinfo->dwScavengingInterval;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "SocketPoolSize") == 0) {
+		answer_integer = 0x000009C4;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "StrictFileParsing") == 0) {
+		answer_integer = serverinfo->fStrictFileParsing;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "SyncDnsZoneSerial") == 0) {
+		answer_integer = 2; /* ZONE_SERIAL_SYNC_XFER */
+		is_integer = 1;
+	} else if (strcasecmp(operation, "UpdateOptions") == 0) {
+		answer_integer = 0x0000030F; /* DNS_DEFAULT_UPDATE_OPTIONS */
+		is_integer = 1;
+	} else if (strcasecmp(operation, "UseSystemEvengLog") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "Version") == 0) {
+		answer_integer = serverinfo->dwVersion;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "XfrConnectTimeout") == 0) {
+		answer_integer = 0x0000001E;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "WriteAuthorityNs") == 0) {
+		answer_integer = serverinfo->fWriteAuthorityNs;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "AdditionalRecursionTimeout") == 0) {
+		answer_integer = 0x00000004;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "AppendMsZoneTransferFlag") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "AutoCreateDelegations") == 0) {
+		answer_integer = 0; /* DNS_ACD_DONT_CREATE */
+		is_integer = 1;
+	} else if (strcasecmp(operation, "BreakOnAscFailure") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "CacheEmptyAuthResponses") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "DirectoryPartitionAutoEnlistInterval") == 0) {
+		answer_integer = 0x00015180; /* 1 day */
+		is_integer = 1;
+	} else if (strcasecmp(operation, "DisableAutoReverseZones") == 0) {
+		answer_integer = ~serverinfo->fAutoReverseZones;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "EDnsCacheTimeout") == 0) {
+		answer_integer = 0x00000384; /* 15 minutes */
+		is_integer = 1;
+	} else if (strcasecmp(operation, "EnableDirectoryPartitions") == 0) {
+		answer_integer = serverinfo->fDsAvailable;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "EnableDnsSec") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "EnableEDnsProbes") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "EnableEDnsReception") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "EnableIPv6") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "EnableIQueryResponseGeneration") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "EnableSendErrorSuppression") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "EnableUpdateForwarding") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "EnableWinsR") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "ForceDsaBehaviorVersion") == 0) {
+		answer_integer = serverinfo->dwDsDsaVersion;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "ForceDomainBehaviorVersion") == 0) {
+		answer_integer = serverinfo->dwDsDsaVersion;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "ForceForestBehaviorVersion") == 0) {
+		answer_integer = serverinfo->dwDsDsaVersion;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "HeapDebug") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "LameDelegationTtl") == 0) {
+		answer_integer = 0; /* seconds */
+		is_integer = 1;
+	} else if (strcasecmp(operation, "LocalNetPriorityNetMask") == 0) {
+		answer_integer = serverinfo->dwLocalNetPriorityNetMask;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "MaxCacheSize") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "MaxResourceRecordsInNonSecureUpdate") == 0) {
+		answer_integer = 0x0000001E;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "OperationsLogLevel") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "OperationsLogLevel2") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "MaximumUdpPacketSize") == 0) {
+		answer_integer = 0x00004000; /* maximum possible */
+		is_integer = 1;
+	} else if (strcasecmp(operation, "RecurseToInternetRootMask") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "SelfTest") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "SilentlyIgnoreCNameUpdateConflicts") == 0) {
+		answer_integer = 1;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "TcpReceivePacketSize") == 0) {
+		answer_integer = 0x00010000;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "XfrThrottleMultiplier") == 0) {
+		answer_integer = 0x0000000A;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "AllowMsdcsLookupRetry") == 0) {
+		answer_integer = 1;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "AllowReadOnlyZoneTransfer") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "DsBackGroundLoadPaused") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "DsMinimumBackgroundLoadThreads") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "DsRemoteReplicationDelay") == 0) {
+		answer_integer = 0x0000001E; /* 30 seconds */
+		is_integer = 1;
+	} else if (strcasecmp(operation, "EnableDuplicateQuerySuppresion") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "EnableGlobalNamesSupport") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "EnableVersionQuery") == 0) {
+		answer_integer = 1; /* DNS_VERSION_QUERY_FULL */
+		is_integer = 1;
+	} else if (strcasecmp(operation, "EnableRsoForRodc") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "ForceRODCMode") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "GlobalNamesAlwaysQuerySrv") == 0) {
+		answer_integer = 1;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "GlobalNamesBlockUpdates") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "GlobalNamesEnableEDnsProbes") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "GlobalNamesPreferAAAA") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "GlobalNamesQueryOrder") == 0) {
+		answer_integer = 1;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "GlobalNamesSendTimeout") == 0) {
+		answer_integer = 3; /* seconds */
+		is_integer = 1;
+	} else if (strcasecmp(operation, "GlobalNamesServerQueryInterval") == 0) {
+		answer_integer = 0x00005460; /* 6 hours */
+		is_integer = 1;
+	} else if (strcasecmp(operation, "RemoteIPv4RankBoost") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "RemoteIPv6RankBoost") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "MaximumRodcRsoAttemptsPerCycle") == 0) {
+		answer_integer = 0x00000064;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "MaximumRodcRsoQueueLength") == 0) {
+		answer_integer = 0x0000012C;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "EnableGlobalQueryBlockList") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "OpenACLOnProxyUpdates") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "CacheLockingPercent") == 0) {
+		answer_integer = 0x00000064;
+		is_integer = 1;
+	}
+
+	if (is_integer == 1) {
+		*typeid = DNSSRV_TYPEID_DWORD;
+		r->Dword = answer_integer;
+		return WERR_OK;
+	}
+
+	is_addresses = 0;
+
+	if (strcasecmp(operation, "Forwarders") == 0) {
+		if (client_version == DNS_CLIENT_VERSION_LONGHORN) {
+			answer_addrarray = ip4_array_to_dns_addr_array(mem_ctx, serverinfo->aipForwarders);
+		} else {
+			answer_iparray = ip4_array_copy(mem_ctx, serverinfo->aipForwarders);
+		}
+		is_addresses = 1;
+	} else if (strcasecmp(operation, "ListenAddresses") == 0) {
+		if (client_version == DNS_CLIENT_VERSION_LONGHORN) {
+			answer_addrarray = serverinfo->aipListenAddrs;
+		} else {
+			answer_iparray = dns_addr_array_to_ip4_array(mem_ctx, serverinfo->aipListenAddrs);
+		}
+		is_addresses = 1;
+	} else if (strcasecmp(operation, "BreakOnReceiveFrom") == 0) {
+		is_addresses = 1;
+	} else if (strcasecmp(operation, "BreakOnUpdateFrom") == 0) {
+		is_addresses = 1;
+	} else if (strcasecmp(operation, "LogIPFilterList") == 0) {
+		if (client_version == DNS_CLIENT_VERSION_LONGHORN) {
+			answer_addrarray = ip4_array_to_dns_addr_array(mem_ctx, serverinfo->aipLogFilter);
+		} else {
+			answer_iparray = ip4_array_copy(mem_ctx, serverinfo->aipLogFilter);
+		}
+		is_addresses = 1;
+	}
+
+	if (is_addresses == 1) {
+		if (client_version == DNS_CLIENT_VERSION_LONGHORN) {
+			*typeid = DNSSRV_TYPEID_ADDRARRAY;
+			r->AddrArray = answer_addrarray;
+		} else {
+			*typeid = DNSSRV_TYPEID_IPARRAY;
+			r->IpArray = answer_iparray;
+		}
+		return WERR_OK;
+	}
+
+	is_string = is_wstring = 0;
+
+	if (strcasecmp(operation, "DomainDirectoryPartitionBaseName") == 0) {
+		answer_string = talloc_strdup(mem_ctx, "DomainDnsZones");
+		if (! answer_string) {
+			return WERR_OUTOFMEMORY;
+		}
+		is_string = 1;
+	} else if (strcasecmp(operation, "ForestDirectoryPartitionBaseName") == 0) {
+		answer_string = talloc_strdup(mem_ctx, "ForestDnsZones");
+		if (! answer_string) {
+			return WERR_OUTOFMEMORY;
+		}
+		is_string = 1;
+	} else if (strcasecmp(operation, "LogFilePath") == 0) {
+		answer_string = talloc_strdup(mem_ctx, serverinfo->pwszLogFilePath);
+		is_wstring = 1;
+	} else if (strcasecmp(operation, "ServerLevelPluginDll") == 0) {
+		is_wstring = 1;
+	} else if (strcasecmp(operation, "DsBackgroundPauseName") == 0) {
+		is_string = 1;
+	} else if (strcasecmp(operation, "DsNotRoundRobinTypes") == 0) {
+		is_string = 1;
+	}
+
+	if (is_string == 1) {
+		*typeid = DNSSRV_TYPEID_LPSTR;
+		r->String = answer_string;
+		return WERR_OK;
+	} else if (is_wstring == 1) {
+		*typeid = DNSSRV_TYPEID_LPWSTR;
+		r->WideString = answer_string;
+		return WERR_OK;
+	}
+
+	is_stringlist = 0;
+
+	if (strcasecmp(operation, "GlobalQueryBlockList") == 0) {
+		is_stringlist = 1;
+	} else if (strcasecmp(operation, "SocketPoolExcludedPortRanges") == 0) {
+		is_stringlist = 1;
+	}
+
+	if (is_stringlist == 1) {
+		*typeid = DNSSRV_TYPEID_UTF8_STRING_LIST;
+		r->Utf8StringList = answer_stringlist;
+		return WERR_OK;
+	}
+
+	DEBUG(0,("dnsserver: Invalid server operation %s\n", operation));
+	return WERR_DNS_ERROR_INVALID_PROPERTY;
+}
+
+/* [MS-DNSP].pdf Section 3.1.1.2 Zone Configuration Information */
+static WERROR dnsserver_query_zone(struct dnsserver_state *dsstate,
+					TALLOC_CTX *mem_ctx,
+					struct dnsserver_zone *z,
+					const char *operation,
+					const unsigned int client_version,
+					enum DNS_RPC_TYPEID *typeid,
+					union DNSSRV_RPC_UNION *r)
+{
+	uint8_t is_integer, is_addresses, is_string;
+	uint32_t answer_integer = 0;
+	struct IP4_ARRAY *answer_iparray = NULL;
+	struct DNS_ADDR_ARRAY *answer_addrarray = NULL;
+	char *answer_string = NULL;
+	struct dnsserver_zoneinfo *zoneinfo;
+
+	zoneinfo = z->zoneinfo;
+
+	if (strcasecmp(operation, "Zone") == 0) {
+		if (client_version == DNS_CLIENT_VERSION_W2K) {
+			*typeid = DNSSRV_TYPEID_ZONE_W2K;
+			r->ZoneW2K = talloc_zero(mem_ctx, struct DNS_RPC_ZONE_W2K);
+
+			r->ZoneW2K->pszZoneName = talloc_strdup(mem_ctx, z->name);
+			r->ZoneW2K->Flags = zoneinfo->Flags;
+			r->ZoneW2K->ZoneType = zoneinfo->dwZoneType;
+			r->ZoneW2K->Version = zoneinfo->Version;
+		} else {
+			*typeid = DNSSRV_TYPEID_ZONE;
+			r->Zone = talloc_zero(mem_ctx, struct DNS_RPC_ZONE_DOTNET);
+
+			r->Zone->dwRpcStructureVersion = 0x01;
+			r->Zone->pszZoneName = talloc_strdup(mem_ctx, z->name);
+			r->Zone->Flags = zoneinfo->Flags;
+			r->Zone->ZoneType = zoneinfo->dwZoneType;
+			r->Zone->Version = zoneinfo->Version;
+			r->Zone->dwDpFlags = z->partition->dwDpFlags;
+			r->Zone->pszDpFqdn = talloc_strdup(mem_ctx, z->partition->pszDpFqdn);
+		}
+		return WERR_OK;
+	}
+
+	if (strcasecmp(operation, "ZoneInfo") == 0) {
+		if (client_version == DNS_CLIENT_VERSION_W2K) {
+			*typeid = DNSSRV_TYPEID_ZONE_INFO_W2K;
+			r->ZoneInfoW2K = talloc_zero(mem_ctx, struct DNS_RPC_ZONE_INFO_W2K);
+
+			r->ZoneInfoW2K->pszZoneName = talloc_strdup(mem_ctx, z->name);
+			r->ZoneInfoW2K->dwZoneType = zoneinfo->dwZoneType;
+			r->ZoneInfoW2K->fReverse = zoneinfo->fReverse;
+			r->ZoneInfoW2K->fAllowUpdate = zoneinfo->fAllowUpdate;
+			r->ZoneInfoW2K->fPaused = zoneinfo->fPaused;
+			r->ZoneInfoW2K->fShutdown = zoneinfo->fShutdown;
+			r->ZoneInfoW2K->fAutoCreated = zoneinfo->fAutoCreated;
+			r->ZoneInfoW2K->fUseDatabase = zoneinfo->fUseDatabase;
+			r->ZoneInfoW2K->pszDataFile = talloc_strdup(mem_ctx, zoneinfo->pszDataFile);
+			r->ZoneInfoW2K->aipMasters = ip4_array_copy(mem_ctx, zoneinfo->aipMasters);
+			r->ZoneInfoW2K->fSecureSecondaries = zoneinfo->fSecureSecondaries;
+			r->ZoneInfoW2K->fNotifyLevel = zoneinfo->fNotifyLevel;
+			r->ZoneInfoW2K->aipSecondaries = ip4_array_copy(mem_ctx, zoneinfo->aipSecondaries);
+			r->ZoneInfoW2K->aipNotify = ip4_array_copy(mem_ctx, zoneinfo->aipNotify);
+			r->ZoneInfoW2K->fUseWins = zoneinfo->fUseWins;
+			r->ZoneInfoW2K->fUseNbstat = zoneinfo->fUseNbstat;
+			r->ZoneInfoW2K->fAging = zoneinfo->fAging;
+			r->ZoneInfoW2K->dwNoRefreshInterval = zoneinfo->dwNoRefreshInterval;
+			r->ZoneInfoW2K->dwRefreshInterval = zoneinfo->dwRefreshInterval;
+			r->ZoneInfoW2K->dwAvailForScavengeTime = zoneinfo->dwAvailForScavengeTime;
+			r->ZoneInfoW2K->aipScavengeServers = ip4_array_copy(mem_ctx, zoneinfo->aipScavengeServers);
+
+		} else if (client_version == DNS_CLIENT_VERSION_DOTNET) {
+			*typeid = DNSSRV_TYPEID_ZONE_INFO_DOTNET;
+			r->ZoneInfoDotNet = talloc_zero(mem_ctx, struct DNS_RPC_ZONE_INFO_DOTNET);
+
+			r->ZoneInfoDotNet->dwRpcStructureVersion = 0x01;
+			r->ZoneInfoDotNet->pszZoneName = talloc_strdup(mem_ctx, z->name);
+			r->ZoneInfoDotNet->dwZoneType = zoneinfo->dwZoneType;
+			r->ZoneInfoDotNet->fReverse = zoneinfo->fReverse;
+			r->ZoneInfoDotNet->fAllowUpdate = zoneinfo->fAllowUpdate;
+			r->ZoneInfoDotNet->fPaused = zoneinfo->fPaused;
+			r->ZoneInfoDotNet->fShutdown = zoneinfo->fShutdown;
+			r->ZoneInfoDotNet->fAutoCreated = zoneinfo->fAutoCreated;
+			r->ZoneInfoDotNet->fUseDatabase = zoneinfo->fUseDatabase;
+			r->ZoneInfoDotNet->pszDataFile = talloc_strdup(mem_ctx, zoneinfo->pszDataFile);
+			r->ZoneInfoDotNet->aipMasters = ip4_array_copy(mem_ctx, zoneinfo->aipMasters);
+			r->ZoneInfoDotNet->fSecureSecondaries = zoneinfo->fSecureSecondaries;
+			r->ZoneInfoDotNet->fNotifyLevel = zoneinfo->fNotifyLevel;
+			r->ZoneInfoDotNet->aipSecondaries = ip4_array_copy(mem_ctx, zoneinfo->aipSecondaries);
+			r->ZoneInfoDotNet->aipNotify = ip4_array_copy(mem_ctx, zoneinfo->aipNotify);
+			r->ZoneInfoDotNet->fUseWins = zoneinfo->fUseWins;
+			r->ZoneInfoDotNet->fUseNbstat = zoneinfo->fUseNbstat;
+			r->ZoneInfoDotNet->fAging = zoneinfo->fAging;
+			r->ZoneInfoDotNet->dwNoRefreshInterval = zoneinfo->dwNoRefreshInterval;
+			r->ZoneInfoDotNet->dwRefreshInterval = zoneinfo->dwRefreshInterval;
+			r->ZoneInfoDotNet->dwAvailForScavengeTime = zoneinfo->dwAvailForScavengeTime;
+			r->ZoneInfoDotNet->aipScavengeServers = ip4_array_copy(mem_ctx, zoneinfo->aipScavengeServers);
+			r->ZoneInfoDotNet->dwForwarderTimeout = zoneinfo->dwForwarderTimeout;
+			r->ZoneInfoDotNet->fForwarderSlave = zoneinfo->fForwarderSlave;
+			r->ZoneInfoDotNet->aipLocalMasters = ip4_array_copy(mem_ctx, zoneinfo->aipLocalMasters);
+			r->ZoneInfoDotNet->dwDpFlags = z->partition->dwDpFlags;
+			r->ZoneInfoDotNet->pszDpFqdn = talloc_strdup(mem_ctx, z->partition->pszDpFqdn);
+			r->ZoneInfoDotNet->pwszZoneDn = talloc_strdup(mem_ctx, zoneinfo->pwszZoneDn);
+			r->ZoneInfoDotNet->dwLastSuccessfulSoaCheck = zoneinfo->dwLastSuccessfulSoaCheck;
+			r->ZoneInfoDotNet->dwLastSuccessfulXfr = zoneinfo->dwLastSuccessfulXfr;
+
+		} else {
+			*typeid = DNSSRV_TYPEID_ZONE_INFO;
+			r->ZoneInfo = talloc_zero(mem_ctx, struct DNS_RPC_ZONE_INFO_LONGHORN);
+
+			r->ZoneInfo->dwRpcStructureVersion = 0x02;
+			r->ZoneInfo->pszZoneName = talloc_strdup(mem_ctx, z->name);
+			r->ZoneInfo->dwZoneType = zoneinfo->dwZoneType;
+			r->ZoneInfo->fReverse = zoneinfo->fReverse;
+			r->ZoneInfo->fAllowUpdate = zoneinfo->fAllowUpdate;
+			r->ZoneInfo->fPaused = zoneinfo->fPaused;
+			r->ZoneInfo->fShutdown = zoneinfo->fShutdown;
+			r->ZoneInfo->fAutoCreated = zoneinfo->fAutoCreated;
+			r->ZoneInfo->fUseDatabase = zoneinfo->fUseDatabase;
+			r->ZoneInfo->pszDataFile = talloc_strdup(mem_ctx, zoneinfo->pszDataFile);
+			r->ZoneInfo->aipMasters = ip4_array_to_dns_addr_array(mem_ctx, zoneinfo->aipMasters);
+			r->ZoneInfo->fSecureSecondaries = zoneinfo->fSecureSecondaries;
+			r->ZoneInfo->fNotifyLevel = zoneinfo->fNotifyLevel;
+			r->ZoneInfo->aipSecondaries = ip4_array_to_dns_addr_array(mem_ctx, zoneinfo->aipSecondaries);
+			r->ZoneInfo->aipNotify = ip4_array_to_dns_addr_array(mem_ctx, zoneinfo->aipNotify);
+			r->ZoneInfo->fUseWins = zoneinfo->fUseWins;
+			r->ZoneInfo->fUseNbstat = zoneinfo->fUseNbstat;
+			r->ZoneInfo->fAging = zoneinfo->fAging;
+			r->ZoneInfo->dwNoRefreshInterval = zoneinfo->dwNoRefreshInterval;
+			r->ZoneInfo->dwRefreshInterval = zoneinfo->dwRefreshInterval;
+			r->ZoneInfo->dwAvailForScavengeTime = zoneinfo->dwAvailForScavengeTime;
+			r->ZoneInfo->aipScavengeServers = ip4_array_to_dns_addr_array(mem_ctx, zoneinfo->aipScavengeServers);
+			r->ZoneInfo->dwForwarderTimeout = zoneinfo->dwForwarderTimeout;
+			r->ZoneInfo->fForwarderSlave = zoneinfo->fForwarderSlave;
+			r->ZoneInfo->aipLocalMasters = ip4_array_to_dns_addr_array(mem_ctx, zoneinfo->aipLocalMasters);
+			r->ZoneInfo->dwDpFlags = z->partition->dwDpFlags;
+			r->ZoneInfo->pszDpFqdn = talloc_strdup(mem_ctx, z->partition->pszDpFqdn);
+			r->ZoneInfo->pwszZoneDn = talloc_strdup(mem_ctx, zoneinfo->pwszZoneDn);
+			r->ZoneInfo->dwLastSuccessfulSoaCheck = zoneinfo->dwLastSuccessfulSoaCheck;
+			r->ZoneInfo->dwLastSuccessfulXfr = zoneinfo->dwLastSuccessfulXfr;
+
+			r->ZoneInfo->fQueuedForBackgroundLoad = zoneinfo->fQueuedForBackgroundLoad;
+			r->ZoneInfo->fBackgroundLoadInProgress = zoneinfo->fBackgroundLoadInProgress;
+			r->ZoneInfo->fReadOnlyZone = zoneinfo->fReadOnlyZone;
+			r->ZoneInfo->dwLastXfrAttempt = zoneinfo->dwLastXfrAttempt;
+			r->ZoneInfo->dwLastXfrResult = zoneinfo->dwLastXfrResult;
+		}
+
+		return WERR_OK;
+	}
+
+	is_integer = 0;
+
+	if (strcasecmp(operation, "AllowUpdate") == 0) {
+		answer_integer = zoneinfo->fAllowUpdate;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "Secured") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "DsIntegrated") == 0) {
+		answer_integer = zoneinfo->fUseDatabase;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "LogUpdates") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "NoRefreshInterval") == 0) {
+		answer_integer = zoneinfo->dwNoRefreshInterval;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "NotifyLevel") == 0) {
+		answer_integer = zoneinfo->fNotifyLevel;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "RefreshInterval") == 0) {
+		answer_integer = zoneinfo->dwRefreshInterval;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "SecureSecondaries") == 0) {
+		answer_integer = zoneinfo->fSecureSecondaries;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "Type") == 0) {
+		answer_integer = zoneinfo->dwZoneType;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "Aging") == 0) {
+		answer_integer = zoneinfo->fAging;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "ForwarderSlave") == 0) {
+		answer_integer = zoneinfo->fForwarderSlave;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "ForwarderTimeout") == 0) {
+		answer_integer = zoneinfo->dwForwarderTimeout;
+		is_integer = 1;
+	} else if (strcasecmp(operation, "Unicode") == 0) {
+		answer_integer = 0;
+		is_integer = 1;
+	}
+
+	if (is_integer == 1) {
+		*typeid = DNSSRV_TYPEID_DWORD;
+		r->Dword = answer_integer;
+		return WERR_OK;
+	}
+
+	is_addresses = 0;
+
+	if (strcasecmp(operation, "AllowNSRecordsAutoCreation") == 0) {
+		is_addresses = 1;
+	} else if (strcasecmp(operation, "ScavengeServers") == 0) {
+		if (client_version == DNS_CLIENT_VERSION_LONGHORN) {
+			answer_addrarray = ip4_array_to_dns_addr_array(mem_ctx, zoneinfo->aipScavengeServers);
+		} else {
+			answer_iparray = ip4_array_copy(mem_ctx, zoneinfo->aipScavengeServers);
+		}
+		is_addresses = 1;
+	} else if (strcasecmp(operation, "MasterServers") == 0) {
+		if (client_version == DNS_CLIENT_VERSION_LONGHORN) {
+			answer_addrarray = ip4_array_to_dns_addr_array(mem_ctx, zoneinfo->aipMasters);
+		} else {
+			answer_iparray = ip4_array_copy(mem_ctx, zoneinfo->aipMasters);
+		}
+		is_addresses = 1;
+	} else if (strcasecmp(operation, "LocalMasterServers") == 0) {
+		if (client_version == DNS_CLIENT_VERSION_LONGHORN) {
+			answer_addrarray = ip4_array_to_dns_addr_array(mem_ctx, zoneinfo->aipLocalMasters);
+		} else {
+			answer_iparray = ip4_array_copy(mem_ctx, zoneinfo->aipLocalMasters);
+		}
+		is_addresses = 1;
+	} else if (strcasecmp(operation, "NotifyServers") == 0) {
+		if (client_version == DNS_CLIENT_VERSION_LONGHORN) {
+			answer_addrarray = ip4_array_to_dns_addr_array(mem_ctx, zoneinfo->aipNotify);
+		} else {
+			answer_iparray = ip4_array_copy(mem_ctx, zoneinfo->aipNotify);
+		}
+		is_addresses = 1;
+	} else if (strcasecmp(operation, "SecondaryServers") == 0) {
+		if (client_version == DNS_CLIENT_VERSION_LONGHORN) {
+			answer_addrarray = ip4_array_to_dns_addr_array(mem_ctx, zoneinfo->aipSecondaries);
+		} else {
+			answer_iparray = ip4_array_copy(mem_ctx, zoneinfo->aipSecondaries);
+		}
+		is_addresses = 1;
+	}
+
+	if (is_addresses == 1) {
+		if (client_version == DNS_CLIENT_VERSION_LONGHORN) {
+			*typeid = DNSSRV_TYPEID_ADDRARRAY;
+			r->AddrArray = answer_addrarray;
+		} else {
+			*typeid = DNSSRV_TYPEID_IPARRAY;
+			r->IpArray = answer_iparray;
+		}
+		return WERR_OK;
+	}
+
+	is_string = 0;
+
+	if (strcasecmp(operation, "DatabaseFile") == 0) {
+		answer_string = talloc_strdup(mem_ctx, zoneinfo->pszDataFile);
+		is_string = 1;
+	} else if (strcasecmp(operation, "ApplicationDirectoryPartition") == 0) {
+		answer_string = talloc_strdup(mem_ctx, z->partition->pszDpFqdn);
+		is_string = 1;
+	} else if (strcasecmp(operation, "BreakOnNameUpdate") == 0) {
+		is_string = 1;
+	}
+
+	if (is_string == 1) {
+		*typeid = DNSSRV_TYPEID_LPSTR;
+		r->String = answer_string;
+		return WERR_OK;
+	}
+
+	DEBUG(0,("dnsserver: Invalid zone operation %s\n", operation));
+	return WERR_DNS_ERROR_INVALID_PROPERTY;
+
+}
+
+/* dnsserver operation functions */
+
+/* [MS-DNSP].pdf Section 3.1.1.1 DNS Server Configuration Information */
+static WERROR dnsserver_operate_server(struct dnsserver_state *dsstate,
+					TALLOC_CTX *mem_ctx,
+					const char *operation,
+					const unsigned int client_version,
+					enum DNS_RPC_TYPEID typeid,
+					union DNSSRV_RPC_UNION *r)
+{
+	bool valid_operation = false;
+
+	if (strcasecmp(operation, "ResetDwordProperty") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "Restart") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "ClearDebugLog") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "ClearCache") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "WriteDirtyZones") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "ZoneCreate") == 0) {
+		struct dnsserver_zone *z, *z2;
+		WERROR status;
+		size_t len;
+		const char *name;
+		z = talloc_zero(mem_ctx, struct dnsserver_zone);
+		W_ERROR_HAVE_NO_MEMORY(z);
+		z->partition = talloc_zero(z, struct dnsserver_partition);
+		W_ERROR_HAVE_NO_MEMORY_AND_FREE(z->partition, z);
+		z->zoneinfo = talloc_zero(z, struct dnsserver_zoneinfo);
+		W_ERROR_HAVE_NO_MEMORY_AND_FREE(z->zoneinfo, z);
+
+		if (typeid == DNSSRV_TYPEID_ZONE_CREATE_W2K) {
+			name = r->ZoneCreateW2K->pszZoneName;
+			z->zoneinfo->dwZoneType = r->ZoneCreateW2K->dwZoneType;
+			z->zoneinfo->fAllowUpdate = r->ZoneCreateW2K->fAllowUpdate;
+			z->zoneinfo->fAging = r->ZoneCreateW2K->fAging;
+			z->zoneinfo->Flags = r->ZoneCreateW2K->dwFlags;
+		} else if (typeid == DNSSRV_TYPEID_ZONE_CREATE_DOTNET) {
+			name = r->ZoneCreateDotNet->pszZoneName;
+			z->zoneinfo->dwZoneType = r->ZoneCreateDotNet->dwZoneType;
+			z->zoneinfo->fAllowUpdate = r->ZoneCreateDotNet->fAllowUpdate;
+			z->zoneinfo->fAging = r->ZoneCreateDotNet->fAging;
+			z->zoneinfo->Flags = r->ZoneCreateDotNet->dwFlags;
+			z->partition->dwDpFlags = r->ZoneCreateDotNet->dwDpFlags;
+		} else if (typeid == DNSSRV_TYPEID_ZONE_CREATE) {
+			name = r->ZoneCreate->pszZoneName;
+			z->zoneinfo->dwZoneType = r->ZoneCreate->dwZoneType;
+			z->zoneinfo->fAllowUpdate = r->ZoneCreate->fAllowUpdate;
+			z->zoneinfo->fAging = r->ZoneCreate->fAging;
+			z->zoneinfo->Flags = r->ZoneCreate->dwFlags;
+			z->partition->dwDpFlags = r->ZoneCreate->dwDpFlags;
+		} else {
+			talloc_free(z);
+			return WERR_DNS_ERROR_INVALID_PROPERTY;
+		}
+
+		len = strlen(name);
+		if (name[len-1] == '.') {
+			len -= 1;
+		}
+		z->name = talloc_strndup(z, name, len);
+		if (z->name == NULL) {
+			talloc_free(z);
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+
+		z2 = dnsserver_find_zone(dsstate->zones, z->name);
+		if (z2 != NULL) {
+			talloc_free(z);
+			return WERR_DNS_ERROR_ZONE_ALREADY_EXISTS;
+		}
+
+		status = dnsserver_db_create_zone(dsstate->samdb, dsstate->partitions, z,
+						  dsstate->lp_ctx);
+		talloc_free(z);
+
+		if (W_ERROR_IS_OK(status)) {
+			dnsserver_reload_zones(dsstate);
+		}
+		return status;
+	} else if (strcasecmp(operation, "ClearStatistics") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "EnlistDirectoryPartition") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "StartScavenging") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "AbortScavenging") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "AutoConfigure") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "ExportSettings") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "PrepareForDemotion") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "PrepareForUninstall") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "DeleteNode") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "DeleteRecord") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "WriteBackFile") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "ListenAddresses") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "Forwarders") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "LogFilePath") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "LogIpFilterList") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "ForestDirectoryPartitionBaseName") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "DomainDirectoryPartitionBaseName") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "GlobalQueryBlockList") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "BreakOnReceiveFrom") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "BreakOnUpdateFrom") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "ServerLevelPluginDll") == 0) {
+		valid_operation = true;
+	}
+
+	if (valid_operation) {
+		DEBUG(0, ("dnsserver: server operation '%s' not implemented\n", operation));
+		return WERR_CALL_NOT_IMPLEMENTED;
+	}
+
+	DEBUG(0, ("dnsserver: invalid server operation '%s'\n", operation));
+	return WERR_DNS_ERROR_INVALID_PROPERTY;
+}
+
+static WERROR dnsserver_complex_operate_server(struct dnsserver_state *dsstate,
+					TALLOC_CTX *mem_ctx,
+					const char *operation,
+					const unsigned int client_version,
+					enum DNS_RPC_TYPEID typeid_in,
+					union DNSSRV_RPC_UNION *rin,
+					enum DNS_RPC_TYPEID *typeid_out,
+					union DNSSRV_RPC_UNION *rout)
+{
+	int valid_operation = 0;
+	struct dnsserver_zone *z, **zlist;
+	size_t zcount;
+	bool found1, found2, found3, found4;
+	size_t i;
+
+	if (strcasecmp(operation, "QueryDwordProperty") == 0) {
+		if (typeid_in == DNSSRV_TYPEID_LPSTR) {
+			return dnsserver_query_server(dsstate, mem_ctx,
+							rin->String,
+							client_version,
+							typeid_out,
+							rout);
+		}
+	} else if (strcasecmp(operation, "EnumZones") == 0) {
+		if (typeid_in != DNSSRV_TYPEID_DWORD) {
+			return WERR_DNS_ERROR_INVALID_PROPERTY;
+		}
+
+		zcount = 0;
+		zlist = talloc_zero_array(mem_ctx, struct dnsserver_zone *, 0);
+		for (z = dsstate->zones; z; z = z->next) {
+
+			/* Match the flags in groups
+			 *
+			 * Group1 : PRIMARY, SECONDARY, CACHE, AUTO
+			 * Group2 : FORWARD, REVERSE, FORWARDER, STUB
+			 * Group3 : DS, NON_DS, DOMAIN_DP, FOREST_DP
+			 * Group4 : CUSTOM_DP, LEGACY_DP
+			 */
+			
+			/* Group 1 */
+			found1 = false;
+			if (rin->Dword & 0x0000000f) {
+				if (rin->Dword & DNS_ZONE_REQUEST_PRIMARY) {
+					if (z->zoneinfo->dwZoneType == DNS_ZONE_TYPE_PRIMARY) {
+					found1 = true;
+					}
+				}
+				if (rin->Dword & DNS_ZONE_REQUEST_SECONDARY) {
+					if (z->zoneinfo->dwZoneType == DNS_ZONE_TYPE_SECONDARY) {
+						found1 = true;
+					}
+				}
+				if (rin->Dword & DNS_ZONE_REQUEST_CACHE) {
+					if (z->zoneinfo->dwZoneType == DNS_ZONE_TYPE_CACHE) {
+						found1 = true;
+					}
+				}
+				if (rin->Dword & DNS_ZONE_REQUEST_AUTO) {
+					if (z->zoneinfo->fAutoCreated 
+						|| z->partition->dwDpFlags & DNS_DP_AUTOCREATED) {
+						found1 = true;
+					}
+				}
+			} else {
+				found1 = true;
+			}
+
+			/* Group 2 */
+			found2 = false;
+			if (rin->Dword & 0x000000f0) {
+				if (rin->Dword & DNS_ZONE_REQUEST_FORWARD) {
+					if (!(z->zoneinfo->fReverse)) {
+						found2 = true;
+					}
+				}
+				if (rin->Dword & DNS_ZONE_REQUEST_REVERSE) {
+					if (z->zoneinfo->fReverse) {
+						found2 = true;
+					}
+				}
+				if (rin->Dword & DNS_ZONE_REQUEST_FORWARDER) {
+					if (z->zoneinfo->dwZoneType == DNS_ZONE_TYPE_FORWARDER) {
+						found2 = true;
+					}
+				}
+				if (rin->Dword & DNS_ZONE_REQUEST_STUB) {
+					if (z->zoneinfo->dwZoneType == DNS_ZONE_TYPE_STUB) {
+						found2 = true;
+					}
+				}
+			} else {
+				found2 = true;
+			}
+
+			/* Group 3 */
+			found3 = false;
+			if (rin->Dword & 0x00000f00) {
+				if (rin->Dword & DNS_ZONE_REQUEST_DS) {
+					if (z->zoneinfo->Flags & DNS_RPC_ZONE_DSINTEGRATED) {
+						found3 = true;
+					}
+				}
+				if (rin->Dword & DNS_ZONE_REQUEST_NON_DS) {
+					if (!(z->zoneinfo->Flags & DNS_RPC_ZONE_DSINTEGRATED)) {
+						found3 = true;
+					}
+				}
+				if (rin->Dword & DNS_ZONE_REQUEST_DOMAIN_DP) {
+					if (!(z->partition->dwDpFlags & DNS_DP_DOMAIN_DEFAULT)) {
+						found3 = true;
+					}
+				}
+				if (rin->Dword & DNS_ZONE_REQUEST_FOREST_DP) {
+					if (!(z->partition->dwDpFlags & DNS_DP_FOREST_DEFAULT)) {
+						found3 = true;
+					}
+				}
+			} else {
+				found3 = true;
+			}
+	
+			/* Group 4 */
+			if (rin->Dword & 0x0000f000) {
+				found4 = false;
+			} else {
+				found4 = true;
+			}
+
+			if (found1 && found2 && found3 && found4) {
+				zlist = talloc_realloc(mem_ctx, zlist, struct dnsserver_zone *, zcount+1);
+				zlist[zcount] = z;
+				zcount++;
+			}
+		}
+
+		if (client_version == DNS_CLIENT_VERSION_W2K) {
+			*typeid_out = DNSSRV_TYPEID_ZONE_LIST_W2K;
+			rout->ZoneListW2K = talloc_zero(mem_ctx, struct DNS_RPC_ZONE_LIST_W2K);
+
+			if (zcount == 0) {
+				rout->ZoneListW2K->dwZoneCount = 0;
+				rout->ZoneListW2K->ZoneArray = NULL;
+
+				return WERR_OK;
+			}
+
+			rout->ZoneListW2K->ZoneArray = talloc_zero_array(mem_ctx, struct DNS_RPC_ZONE_W2K *, zcount);
+			W_ERROR_HAVE_NO_MEMORY_AND_FREE(rout->ZoneListW2K->ZoneArray, zlist);
+
+			for (i=0; i<zcount; i++) {
+				rout->ZoneListW2K->ZoneArray[i] = talloc_zero(mem_ctx, struct DNS_RPC_ZONE_W2K);
+
+				rout->ZoneListW2K->ZoneArray[i]->pszZoneName = talloc_strdup(mem_ctx, zlist[i]->name);
+				rout->ZoneListW2K->ZoneArray[i]->Flags = zlist[i]->zoneinfo->Flags;
+				rout->ZoneListW2K->ZoneArray[i]->ZoneType = zlist[i]->zoneinfo->dwZoneType;
+				rout->ZoneListW2K->ZoneArray[i]->Version = zlist[i]->zoneinfo->Version;
+			}
+			rout->ZoneListW2K->dwZoneCount = zcount;
+
+		} else {
+			*typeid_out = DNSSRV_TYPEID_ZONE_LIST;
+			rout->ZoneList = talloc_zero(mem_ctx, struct DNS_RPC_ZONE_LIST_DOTNET);
+
+			if (zcount == 0) {
+				rout->ZoneList->dwRpcStructureVersion = 1;
+				rout->ZoneList->dwZoneCount = 0;
+				rout->ZoneList->ZoneArray = NULL;
+
+				return WERR_OK;
+			}
+
+			rout->ZoneList->ZoneArray = talloc_zero_array(mem_ctx, struct DNS_RPC_ZONE_DOTNET *, zcount);
+			W_ERROR_HAVE_NO_MEMORY_AND_FREE(rout->ZoneList->ZoneArray, zlist);
+
+			for (i=0; i<zcount; i++) {
+				rout->ZoneList->ZoneArray[i] = talloc_zero(mem_ctx, struct DNS_RPC_ZONE_DOTNET);
+
+				rout->ZoneList->ZoneArray[i]->dwRpcStructureVersion = 1;
+				rout->ZoneList->ZoneArray[i]->pszZoneName = talloc_strdup(mem_ctx, zlist[i]->name);
+				rout->ZoneList->ZoneArray[i]->Flags = zlist[i]->zoneinfo->Flags;
+				rout->ZoneList->ZoneArray[i]->ZoneType = zlist[i]->zoneinfo->dwZoneType;
+				rout->ZoneList->ZoneArray[i]->Version = zlist[i]->zoneinfo->Version;
+				rout->ZoneList->ZoneArray[i]->dwDpFlags = zlist[i]->partition->dwDpFlags;
+				rout->ZoneList->ZoneArray[i]->pszDpFqdn = talloc_strdup(mem_ctx, zlist[i]->partition->pszDpFqdn);
+			}
+			rout->ZoneList->dwRpcStructureVersion = 1;
+			rout->ZoneList->dwZoneCount = zcount;
+		}
+		talloc_free(zlist);
+		return WERR_OK;
+	} else if (strcasecmp(operation, "EnumZones2") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "EnumDirectoryPartitions") == 0) {
+		if (typeid_in != DNSSRV_TYPEID_DWORD) {
+			return WERR_DNS_ERROR_INVALID_PROPERTY;
+		}
+
+		*typeid_out = DNSSRV_TYPEID_DP_LIST;
+		rout->DirectoryPartitionList = talloc_zero(mem_ctx, struct DNS_RPC_DP_LIST);
+
+		if (rin->Dword != 0) {
+			rout->DirectoryPartitionList->dwDpCount = 0;
+			rout->DirectoryPartitionList->DpArray = NULL;
+		} else {
+			struct DNS_RPC_DP_ENUM **dplist;
+			struct dnsserver_partition *p;
+			int pcount = 2;
+
+			dplist = talloc_zero_array(mem_ctx, struct DNS_RPC_DP_ENUM *, pcount);
+			W_ERROR_HAVE_NO_MEMORY(dplist);
+
+			p = dsstate->partitions;
+			for (i=0; i<pcount; i++) {
+				dplist[i] = talloc_zero(dplist, struct DNS_RPC_DP_ENUM);
+
+				dplist[i]->pszDpFqdn = talloc_strdup(mem_ctx, p->pszDpFqdn);
+				dplist[i]->dwFlags = p->dwDpFlags;
+				dplist[i]->dwZoneCount = p->zones_count;
+				p = p->next;
+			}
+
+			rout->DirectoryPartitionList->dwDpCount = pcount;
+			rout->DirectoryPartitionList->DpArray = dplist;
+		}
+		return WERR_OK;
+	} else if (strcasecmp(operation, "DirectoryPartitionInfo") == 0) {
+		struct dnsserver_partition *p;
+		struct dnsserver_partition_info *partinfo;
+		struct DNS_RPC_DP_INFO *dpinfo = NULL;
+
+		if (typeid_in != DNSSRV_TYPEID_LPSTR) {
+			return WERR_DNS_ERROR_INVALID_PROPERTY;
+		}
+
+		*typeid_out = DNSSRV_TYPEID_DP_INFO;
+
+		for (p = dsstate->partitions; p; p = p->next) {
+			if (strcasecmp(p->pszDpFqdn, rin->String) == 0) {
+				dpinfo = talloc_zero(mem_ctx, struct DNS_RPC_DP_INFO);
+				W_ERROR_HAVE_NO_MEMORY(dpinfo);
+
+				partinfo = dnsserver_db_partition_info(mem_ctx, dsstate->samdb, p);
+				W_ERROR_HAVE_NO_MEMORY(partinfo);
+
+				dpinfo->pszDpFqdn = talloc_strdup(dpinfo, p->pszDpFqdn);
+				dpinfo->pszDpDn = talloc_strdup(dpinfo, ldb_dn_get_linearized(p->partition_dn));
+				dpinfo->pszCrDn = talloc_steal(dpinfo, partinfo->pszCrDn);
+				dpinfo->dwFlags = p->dwDpFlags;
+				dpinfo->dwZoneCount = p->zones_count;
+				dpinfo->dwState = partinfo->dwState;
+				dpinfo->dwReplicaCount = partinfo->dwReplicaCount;
+				if (partinfo->dwReplicaCount > 0) {
+					dpinfo->ReplicaArray = talloc_steal(dpinfo,
+									    partinfo->ReplicaArray);
+				} else {
+					dpinfo->ReplicaArray = NULL;
+				}
+				break;
+			}
+		}
+
+		if (dpinfo == NULL) {
+			return WERR_DNS_ERROR_DP_DOES_NOT_EXIST;
+		}
+
+		rout->DirectoryPartition = dpinfo;
+		return WERR_OK;
+	} else if (strcasecmp(operation, "Statistics") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "IpValidate") == 0) {
+		valid_operation = true;
+	}
+
+	if (valid_operation) {
+		DEBUG(0, ("dnsserver: server complex operation '%s' not implemented\n", operation));
+		return WERR_CALL_NOT_IMPLEMENTED;
+	}
+
+	DEBUG(0, ("dnsserver: invalid server complex operation '%s'\n", operation));
+	return WERR_DNS_ERROR_INVALID_PROPERTY;
+}
+
+/* [MS-DNSP].pdf Section 3.1.1.2 Zone Configuration Information */
+static WERROR dnsserver_operate_zone(struct dnsserver_state *dsstate,
+					TALLOC_CTX *mem_ctx,
+					struct dnsserver_zone *z,
+					unsigned int request_filter,
+					const char *operation,
+					const unsigned int client_version,
+					enum DNS_RPC_TYPEID typeid,
+					union DNSSRV_RPC_UNION *r)
+{
+	bool valid_operation = false;
+
+	if (strcasecmp(operation, "ResetDwordProperty") == 0) {
+
+		if (typeid != DNSSRV_TYPEID_NAME_AND_PARAM) {
+			return WERR_DNS_ERROR_INVALID_PROPERTY;
+		}
+
+		return dnsserver_db_do_reset_dword(dsstate->samdb, z,
+					           r->NameAndParam);
+
+	} else if (strcasecmp(operation, "ZoneTypeReset") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "PauseZone") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "ResumeZone") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "DeleteZone") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "ReloadZone") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "RefreshZone") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "ExpireZone") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "IncrementVersion") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "WriteBackFile") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "DeleteZoneFromDs") == 0) {
+		WERROR status;
+		if (z == NULL) {
+			return WERR_DNS_ERROR_ZONE_DOES_NOT_EXIST;
+		}
+		status =  dnsserver_db_delete_zone(dsstate->samdb, z);
+		if (W_ERROR_IS_OK(status)) {
+			dnsserver_reload_zones(dsstate);
+		}
+		return status;
+	} else if (strcasecmp(operation, "UpdateZoneFromDs") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "ZoneExport") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "ZoneChangeDirectoryPartition") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "DeleteNode") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "DeleteRecordSet") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "ForceAgingOnNode") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "DatabaseFile") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "MasterServers") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "LocalMasterServers") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "NotifyServers") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "SecondaryServers") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "ScavengingServers") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "AllowNSRecordsAutoCreation") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "BreakOnNameUpdate") == 0) {
+		valid_operation = true;
+	} else if (strcasecmp(operation, "ApplicationDirectoryPartition") == 0) {
+		valid_operation = true;
+	}
+
+	if (valid_operation) {
+		DEBUG(0, ("dnsserver: zone operation '%s' not implemented\n", operation));
+		return WERR_CALL_NOT_IMPLEMENTED;
+	}
+
+	DEBUG(0, ("dnsserver: invalid zone operation '%s'\n", operation));
+	return WERR_DNS_ERROR_INVALID_PROPERTY;
+}
+
+static WERROR dnsserver_complex_operate_zone(struct dnsserver_state *dsstate,
+					TALLOC_CTX *mem_ctx,
+					struct dnsserver_zone *z,
+					const char *operation,
+					const unsigned int client_version,
+					enum DNS_RPC_TYPEID typeid_in,
+					union DNSSRV_RPC_UNION *rin,
+					enum DNS_RPC_TYPEID *typeid_out,
+					union DNSSRV_RPC_UNION *rout)
+{
+	if (strcasecmp(operation, "QueryDwordProperty") == 0) {
+		if (typeid_in == DNSSRV_TYPEID_LPSTR) {
+			return dnsserver_query_zone(dsstate, mem_ctx, z,
+						rin->String,
+						client_version,
+						typeid_out,
+						rout);
+
+		}
+	}
+
+	DEBUG(0,("dnsserver: Invalid zone operation %s\n", operation));
+	return WERR_DNS_ERROR_INVALID_PROPERTY;
+}
+
+/* dnsserver enumerate function */
+
+static WERROR dnsserver_enumerate_root_records(struct dnsserver_state *dsstate,
+					TALLOC_CTX *mem_ctx,
+					unsigned int client_version,
+					const char *node_name,
+					enum dns_record_type record_type,
+					unsigned int select_flag,
+					unsigned int *buffer_length,
+					struct DNS_RPC_RECORDS_ARRAY **buffer)
+{
+	TALLOC_CTX *tmp_ctx;
+	struct dnsserver_zone *z;
+	const char * const attrs[] = { "name", "dnsRecord", NULL };
+	struct ldb_result *res;
+	struct DNS_RPC_RECORDS_ARRAY *recs;
+	char **add_names;
+	char *rname;
+	int add_count;
+	int i, ret, len;
+	WERROR status;
+
+	tmp_ctx = talloc_new(mem_ctx);
+	W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
+
+	z = dnsserver_find_zone(dsstate->zones, ".");
+	if (z == NULL) {
+		return WERR_DNS_ERROR_NAME_DOES_NOT_EXIST;
+	}
+
+	ret = ldb_search(dsstate->samdb, tmp_ctx, &res, z->zone_dn,
+			 LDB_SCOPE_ONELEVEL, attrs,
+			 "(&(objectClass=dnsNode)(name=@)(!(dNSTombstoned=TRUE)))");
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return WERR_INTERNAL_DB_ERROR;
+	}
+	if (res->count == 0) {
+		talloc_free(tmp_ctx);
+		return WERR_DNS_ERROR_NAME_DOES_NOT_EXIST;
+	}
+
+	recs = talloc_zero(mem_ctx, struct DNS_RPC_RECORDS_ARRAY);
+	W_ERROR_HAVE_NO_MEMORY_AND_FREE(recs, tmp_ctx);
+
+	add_names = NULL;
+	add_count = 0;
+
+	for (i=0; i<res->count; i++) {
+		status = dns_fill_records_array(tmp_ctx, NULL, record_type,
+						select_flag, NULL,
+						res->msgs[i], 0, recs,
+						&add_names, &add_count);
+		if (!W_ERROR_IS_OK(status)) {
+			talloc_free(tmp_ctx);
+			return status;
+		}
+	}
+	talloc_free(res);
+
+	/* Add any additional records */
+	if (select_flag & DNS_RPC_VIEW_ADDITIONAL_DATA) {
+		for (i=0; i<add_count; i++) {
+			char *encoded_name
+				= ldb_binary_encode_string(tmp_ctx,
+							   add_names[i]);
+			ret = ldb_search(dsstate->samdb, tmp_ctx, &res, z->zone_dn,
+					 LDB_SCOPE_ONELEVEL, attrs,
+					 "(&(objectClass=dnsNode)(name=%s)(!(dNSTombstoned=TRUE)))",
+					 encoded_name);
+			if (ret != LDB_SUCCESS || res->count == 0) {
+				talloc_free(res);
+				continue;
+			}
+
+			len = strlen(add_names[i]);
+			if (add_names[i][len-1] == '.') {
+				rname = talloc_strdup(tmp_ctx, add_names[i]);
+			} else {
+				rname = talloc_asprintf(tmp_ctx, "%s.", add_names[i]);
+			}
+			status = dns_fill_records_array(tmp_ctx, NULL, DNS_TYPE_A,
+							select_flag, rname,
+							res->msgs[0], 0, recs,
+							NULL, NULL);
+			talloc_free(rname);
+			talloc_free(res);
+			if (!W_ERROR_IS_OK(status)) {
+				talloc_free(tmp_ctx);
+				return status;
+			}
+		}
+	}
+
+	talloc_free(tmp_ctx);
+
+	*buffer_length = ndr_size_DNS_RPC_RECORDS_ARRAY(recs, 0);
+	*buffer = recs;
+
+	return WERR_OK;
+}
+
+
+static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
+					TALLOC_CTX *mem_ctx,
+					struct dnsserver_zone *z,
+					unsigned int client_version,
+					const char *node_name,
+					const char *start_child,
+					enum dns_record_type record_type,
+					unsigned int select_flag,
+					const char *filter_start,
+					const char *filter_stop,
+					unsigned int *buffer_length,
+					struct DNS_RPC_RECORDS_ARRAY **buffer)
+{
+	TALLOC_CTX *tmp_ctx;
+	char *name;
+	const char * const attrs[] = { "name", "dnsRecord", NULL };
+	struct ldb_result *res = NULL;
+	struct DNS_RPC_RECORDS_ARRAY *recs = NULL;
+	char **add_names = NULL;
+	char *rname = NULL;
+	const char *preference_name = NULL;
+	int add_count = 0;
+	int i, ret, len;
+	WERROR status;
+	struct dns_tree *tree = NULL;
+	struct dns_tree *base = NULL;
+	struct dns_tree *node = NULL;
+
+	tmp_ctx = talloc_new(mem_ctx);
+	W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
+
+	name = dns_split_node_name(tmp_ctx, node_name, z->name);
+	W_ERROR_HAVE_NO_MEMORY_AND_FREE(name, tmp_ctx);
+
+	/* search all records under parent tree */
+	if (strcasecmp(name, z->name) == 0) {
+		ret = ldb_search(dsstate->samdb, tmp_ctx, &res, z->zone_dn,
+				 LDB_SCOPE_ONELEVEL, attrs,
+				 "(&(objectClass=dnsNode)(!(dNSTombstoned=TRUE)))");
+		preference_name = "@";
+	} else {
+		char *encoded_name
+			= ldb_binary_encode_string(tmp_ctx, name);
+		ret = ldb_search(dsstate->samdb, tmp_ctx, &res, z->zone_dn,
+				 LDB_SCOPE_ONELEVEL, attrs,
+				 "(&(objectClass=dnsNode)(|(name=%s)(name=*.%s))(!(dNSTombstoned=TRUE)))",
+				 encoded_name, encoded_name);
+		preference_name = name;
+	}
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return WERR_INTERNAL_DB_ERROR;
+	}
+	if (res->count == 0) {
+		talloc_free(tmp_ctx);
+		return WERR_DNS_ERROR_NAME_DOES_NOT_EXIST;
+	}
+
+	recs = talloc_zero(mem_ctx, struct DNS_RPC_RECORDS_ARRAY);
+	W_ERROR_HAVE_NO_MEMORY_AND_FREE(recs, tmp_ctx);
+
+	/*
+	 * Sort the names, so that the records are in order by the child
+	 * component below "name".
+	 *
+	 * A full tree sort is not required, so we pass in "name" so
+	 * we know which level to sort, as only direct children are
+	 * eventually returned
+	 */
+	LDB_TYPESAFE_QSORT(res->msgs, res->count, name, dns_name_compare);
+
+	/* Build a tree of name components from dns name */
+	tree = dns_build_tree(tmp_ctx, preference_name, res);
+	W_ERROR_HAVE_NO_MEMORY_AND_FREE(tree, tmp_ctx);
+
+	/* Find the parent record in the tree */
+	base = tree;
+	while (base->level != -1) {
+		base = base->children[0];
+	}
+
+	/* Add the parent record with blank name */
+	if (!(select_flag & DNS_RPC_VIEW_ONLY_CHILDREN)) {
+		status = dns_fill_records_array(tmp_ctx, z, record_type,
+						select_flag, NULL,
+						base->data, 0,
+						recs, &add_names, &add_count);
+		if (!W_ERROR_IS_OK(status)) {
+			talloc_free(tmp_ctx);
+			return status;
+		}
+	}
+
+	/* Add all the children records */
+	if (!(select_flag & DNS_RPC_VIEW_NO_CHILDREN)) {
+		for (i=0; i<base->num_children; i++) {
+			node = base->children[i];
+
+			status = dns_fill_records_array(tmp_ctx, z, record_type,
+							select_flag, node->name,
+							node->data, node->num_children,
+							recs, &add_names, &add_count);
+			if (!W_ERROR_IS_OK(status)) {
+				talloc_free(tmp_ctx);
+				return status;
+			}
+		}
+	}
+
+	TALLOC_FREE(res);
+	TALLOC_FREE(tree);
+	TALLOC_FREE(name);
+
+	/* Add any additional records */
+	if (select_flag & DNS_RPC_VIEW_ADDITIONAL_DATA) {
+		for (i=0; i<add_count; i++) {
+			struct dnsserver_zone *z2 = NULL;
+			struct ldb_message *msg = NULL;
+			/* Search all the available zones for additional name */
+			for (z2 = dsstate->zones; z2; z2 = z2->next) {
+				char *encoded_name;
+				name = dns_split_node_name(tmp_ctx, add_names[i], z2->name);
+				encoded_name
+					= ldb_binary_encode_string(tmp_ctx,
+								   name);
+				ret = ldb_search(dsstate->samdb, tmp_ctx, &res, z2->zone_dn,
+						LDB_SCOPE_ONELEVEL, attrs,
+						"(&(objectClass=dnsNode)(name=%s)(!(dNSTombstoned=TRUE)))",
+						encoded_name);
+				TALLOC_FREE(name);
+				if (ret != LDB_SUCCESS) {
+					continue;
+				}
+				if (res->count == 1) {
+					msg = res->msgs[0];
+					break;
+				} else {
+					TALLOC_FREE(res);
+					continue;
+				}
+			}
+
+			len = strlen(add_names[i]);
+			if (add_names[i][len-1] == '.') {
+				rname = talloc_strdup(tmp_ctx, add_names[i]);
+			} else {
+				rname = talloc_asprintf(tmp_ctx, "%s.", add_names[i]);
+			}
+			status = dns_fill_records_array(tmp_ctx, NULL, DNS_TYPE_A,
+							select_flag, rname,
+							msg, 0, recs,
+							NULL, NULL);
+			TALLOC_FREE(rname);
+			TALLOC_FREE(res);
+			if (!W_ERROR_IS_OK(status)) {
+				talloc_free(tmp_ctx);
+				return status;
+			}
+		}
+	}
+
+	*buffer_length = ndr_size_DNS_RPC_RECORDS_ARRAY(recs, 0);
+	*buffer = recs;
+
+	return WERR_OK;
+}
+
+/*
+ * Check str1 + '.' + str2 = name, for example:
+ * ("dc0", "example.com", "dc0.example.com") = true
+ */
+static bool cname_self_reference(const char* node_name,
+				 const char* zone_name,
+				 struct DNS_RPC_NAME name) {
+	size_t node_len, zone_len;
+
+	if (node_name == NULL || zone_name == NULL) {
+		return false;
+	}
+
+	node_len = strlen(node_name);
+	zone_len = strlen(zone_name);
+
+	if (node_len == 0 ||
+	    zone_len == 0 ||
+	    (name.len != node_len + zone_len + 1)) {
+		return false;
+	}
+
+	if (strncmp(node_name, name.str, node_len) == 0 &&
+	    name.str[node_len] == '.' &&
+	    strncmp(zone_name, name.str + node_len + 1, zone_len) == 0) {
+		return true;
+	}
+
+	return false;
+}
+
+/* dnsserver update function */
+
+static WERROR dnsserver_update_record(struct dnsserver_state *dsstate,
+					TALLOC_CTX *mem_ctx,
+					struct dnsserver_zone *z,
+					unsigned int client_version,
+					const char *node_name,
+					struct DNS_RPC_RECORD_BUF *add_buf,
+					struct DNS_RPC_RECORD_BUF *del_buf)
+{
+	TALLOC_CTX *tmp_ctx;
+	char *name;
+	WERROR status;
+
+	tmp_ctx = talloc_new(mem_ctx);
+	W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
+
+	/* If node_name is @ or zone name, dns record is @ */
+	if (strcmp(node_name, "@") == 0 ||
+	    strcmp(node_name, ".") == 0 ||
+	    strcasecmp(node_name, z->name) == 0) {
+		name = talloc_strdup(tmp_ctx, "@");
+	} else {
+		name = dns_split_node_name(tmp_ctx, node_name, z->name);
+	}
+	W_ERROR_HAVE_NO_MEMORY_AND_FREE(name, tmp_ctx);
+
+	/* CNAMEs can't point to themselves */
+	if (add_buf != NULL && add_buf->rec.wType == DNS_TYPE_CNAME) {
+		if (cname_self_reference(node_name, z->name, add_buf->rec.data.name)) {
+			return WERR_DNS_ERROR_CNAME_LOOP;
+		}
+	}
+
+	if (add_buf != NULL) {
+		if (del_buf == NULL) {
+			/* Add record */
+			status = dnsserver_db_add_record(tmp_ctx, dsstate->samdb,
+								z, name,
+								&add_buf->rec);
+		} else {
+			/* Update record */
+			status = dnsserver_db_update_record(tmp_ctx, dsstate->samdb,
+								z, name,
+								&add_buf->rec,
+								&del_buf->rec);
+		}
+	} else {
+		if (del_buf == NULL) {
+			/* Add empty node */
+			status = dnsserver_db_add_empty_node(tmp_ctx, dsstate->samdb,
+								z, name);
+		} else {
+			/* Delete record */
+			status = dnsserver_db_delete_record(tmp_ctx, dsstate->samdb,
+								z, name,
+								&del_buf->rec);
+		}
+	}
+
+	talloc_free(tmp_ctx);
+	return status;
+}
+
+
+/* dnsserver interface functions */
+
+static WERROR dcesrv_DnssrvOperation(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct DnssrvOperation *r)
+{
+	struct dnsserver_state *dsstate;
+	struct dnsserver_zone *z = NULL;
+	uint32_t request_filter = 0;
+	WERROR ret;
+
+	if ((dsstate = dnsserver_connect(dce_call)) == NULL) {
+		return WERR_DNS_ERROR_DS_UNAVAILABLE;
+	}
+
+	if (r->in.dwContext == 0) {
+		if (r->in.pszZone != NULL) {
+			request_filter = dnsserver_zone_to_request_filter(r->in.pszZone);
+		}
+	} else {
+		request_filter = r->in.dwContext;
+	}
+
+	if (r->in.pszZone == NULL) {
+		ret = dnsserver_operate_server(dsstate, mem_ctx,
+						r->in.pszOperation,
+						DNS_CLIENT_VERSION_W2K,
+						r->in.dwTypeId,
+						&r->in.pData);
+	} else {
+		z = dnsserver_find_zone(dsstate->zones, r->in.pszZone);
+		/*
+		 * In the case that request_filter is not 0 and z is NULL,
+		 * the request is for a multizone operation, which we do not
+		 * yet support, so just error on NULL zone name.
+		 */
+		if (z == NULL) {
+			return WERR_DNS_ERROR_ZONE_DOES_NOT_EXIST;
+		}
+
+		ret = dnsserver_operate_zone(dsstate, mem_ctx, z,
+						request_filter,
+						r->in.pszOperation,
+						DNS_CLIENT_VERSION_W2K,
+						r->in.dwTypeId,
+						&r->in.pData);
+	}
+
+	if (W_ERROR_EQUAL(ret, WERR_CALL_NOT_IMPLEMENTED)) {
+		NDR_PRINT_FUNCTION_DEBUG(DnssrvOperation, NDR_IN, r);
+	}
+	return ret;
+}
+
+static WERROR dcesrv_DnssrvQuery(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct DnssrvQuery *r)
+{
+	struct dnsserver_state *dsstate;
+	struct dnsserver_zone *z;
+	WERROR ret;
+
+	ZERO_STRUCTP(r->out.pdwTypeId);
+	ZERO_STRUCTP(r->out.ppData);
+
+	if ((dsstate = dnsserver_connect(dce_call)) == NULL) {
+		return WERR_DNS_ERROR_DS_UNAVAILABLE;
+	}
+
+	if (r->in.pszZone == NULL) {
+		/* FIXME: DNS Server Configuration Access Control List */
+		ret = dnsserver_query_server(dsstate, mem_ctx,
+						r->in.pszOperation,
+						DNS_CLIENT_VERSION_W2K,
+						r->out.pdwTypeId,
+						r->out.ppData);
+	} else {
+		z = dnsserver_find_zone(dsstate->zones, r->in.pszZone);
+		if (z == NULL) {
+			return WERR_DNS_ERROR_ZONE_DOES_NOT_EXIST;
+		}
+
+		ret = dnsserver_query_zone(dsstate, mem_ctx, z,
+						r->in.pszOperation,
+						DNS_CLIENT_VERSION_W2K,
+						r->out.pdwTypeId,
+						r->out.ppData);
+	}
+
+	if (W_ERROR_EQUAL(ret, WERR_CALL_NOT_IMPLEMENTED)) {
+		NDR_PRINT_FUNCTION_DEBUG(DnssrvQuery, NDR_IN, r);
+	}
+	return ret;
+}
+
+static WERROR dcesrv_DnssrvComplexOperation(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct DnssrvComplexOperation *r)
+{
+	struct dnsserver_state *dsstate;
+	struct dnsserver_zone *z;
+	WERROR ret;
+
+	ZERO_STRUCTP(r->out.pdwTypeOut);
+	ZERO_STRUCTP(r->out.ppDataOut);
+
+	if ((dsstate = dnsserver_connect(dce_call)) == NULL) {
+		return WERR_DNS_ERROR_DS_UNAVAILABLE;
+	}
+
+	if (r->in.pszZone == NULL) {
+		/* Server operation */
+		ret = dnsserver_complex_operate_server(dsstate, mem_ctx,
+							r->in.pszOperation,
+							DNS_CLIENT_VERSION_W2K,
+							r->in.dwTypeIn,
+							&r->in.pDataIn,
+							r->out.pdwTypeOut,
+							r->out.ppDataOut);
+	} else {
+		z = dnsserver_find_zone(dsstate->zones, r->in.pszZone);
+		if (z == NULL) {
+			return WERR_DNS_ERROR_ZONE_DOES_NOT_EXIST;
+		}
+
+		ret = dnsserver_complex_operate_zone(dsstate, mem_ctx, z,
+							r->in.pszOperation,
+							DNS_CLIENT_VERSION_W2K,
+							r->in.dwTypeIn,
+							&r->in.pDataIn,
+							r->out.pdwTypeOut,
+							r->out.ppDataOut);
+	}
+
+	if (W_ERROR_EQUAL(ret, WERR_CALL_NOT_IMPLEMENTED)) {
+		NDR_PRINT_FUNCTION_DEBUG(DnssrvComplexOperation, NDR_IN, r);
+	}
+	return ret;
+}
+
+static WERROR dcesrv_DnssrvEnumRecords(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct DnssrvEnumRecords *r)
+{
+	struct dnsserver_state *dsstate;
+	struct dnsserver_zone *z;
+	WERROR ret;
+
+	ZERO_STRUCTP(r->out.pdwBufferLength);
+	ZERO_STRUCTP(r->out.pBuffer);
+
+	if ((dsstate = dnsserver_connect(dce_call)) == NULL) {
+		return WERR_DNS_ERROR_DS_UNAVAILABLE;
+	}
+
+	if (r->in.pszZone == NULL) {
+		return WERR_DNS_ERROR_NAME_DOES_NOT_EXIST;
+	}
+
+	if (strcasecmp(r->in.pszZone, "..RootHints") == 0) {
+		ret = dnsserver_enumerate_root_records(dsstate, mem_ctx,
+					DNS_CLIENT_VERSION_W2K,
+					r->in.pszNodeName,
+					r->in.wRecordType,
+					r->in.fSelectFlag,
+					r->out.pdwBufferLength,
+					r->out.pBuffer);
+	} else {
+		z = dnsserver_find_zone(dsstate->zones, r->in.pszZone);
+		if (z == NULL) {
+			return WERR_DNS_ERROR_NAME_DOES_NOT_EXIST;
+		}
+
+		ret = dnsserver_enumerate_records(dsstate, mem_ctx, z,
+					DNS_CLIENT_VERSION_W2K,
+					r->in.pszNodeName,
+					r->in.pszStartChild,
+					r->in.wRecordType,
+					r->in.fSelectFlag,
+					r->in.pszFilterStart,
+					r->in.pszFilterStop,
+					r->out.pdwBufferLength,
+					r->out.pBuffer);
+	}
+
+	if (W_ERROR_EQUAL(ret, WERR_CALL_NOT_IMPLEMENTED)) {
+		NDR_PRINT_FUNCTION_DEBUG(DnssrvEnumRecords, NDR_IN, r);
+	}
+	return ret;
+}
+
+static WERROR dcesrv_DnssrvUpdateRecord(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct DnssrvUpdateRecord *r)
+{
+	struct dnsserver_state *dsstate;
+	struct dnsserver_zone *z;
+	WERROR ret;
+
+	if ((dsstate = dnsserver_connect(dce_call)) == NULL) {
+		return WERR_DNS_ERROR_DS_UNAVAILABLE;
+	}
+
+	if (r->in.pszZone == NULL) {
+		return WERR_DNS_ERROR_NAME_DOES_NOT_EXIST;
+	}
+
+	z = dnsserver_find_zone(dsstate->zones, r->in.pszZone);
+	if (z == NULL) {
+		return WERR_DNS_ERROR_NAME_DOES_NOT_EXIST;
+	}
+
+	ret = dnsserver_update_record(dsstate, mem_ctx, z,
+					DNS_CLIENT_VERSION_W2K,
+					r->in.pszNodeName,
+					r->in.pAddRecord,
+					r->in.pDeleteRecord);
+
+	if (W_ERROR_EQUAL(ret, WERR_CALL_NOT_IMPLEMENTED)) {
+		NDR_PRINT_FUNCTION_DEBUG(DnssrvUpdateRecord, NDR_IN, r);
+	}
+	return ret;
+}
+
+static WERROR dcesrv_DnssrvOperation2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct DnssrvOperation2 *r)
+{
+	struct dnsserver_state *dsstate;
+	struct dnsserver_zone *z = NULL;
+	uint32_t request_filter = 0;
+	WERROR ret;
+
+	if ((dsstate = dnsserver_connect(dce_call)) == NULL) {
+		return WERR_DNS_ERROR_DS_UNAVAILABLE;
+	}
+
+	if (r->in.dwContext == 0) {
+		if (r->in.pszZone != NULL) {
+			request_filter = dnsserver_zone_to_request_filter(r->in.pszZone);
+		}
+	} else {
+		request_filter = r->in.dwContext;
+	}
+
+	if (r->in.pszZone == NULL) {
+		ret = dnsserver_operate_server(dsstate, mem_ctx,
+						r->in.pszOperation,
+						r->in.dwClientVersion,
+						r->in.dwTypeId,
+						&r->in.pData);
+	} else {
+		z = dnsserver_find_zone(dsstate->zones, r->in.pszZone);
+		/*
+		 * In the case that request_filter is not 0 and z is NULL,
+		 * the request is for a multizone operation, which we do not
+		 * yet support, so just error on NULL zone name.
+		 */
+		if (z == NULL) {
+			return WERR_DNS_ERROR_ZONE_DOES_NOT_EXIST;
+		}
+
+		ret = dnsserver_operate_zone(dsstate, mem_ctx, z,
+						request_filter,
+						r->in.pszOperation,
+						r->in.dwClientVersion,
+						r->in.dwTypeId,
+						&r->in.pData);
+	}
+
+	if (W_ERROR_EQUAL(ret, WERR_CALL_NOT_IMPLEMENTED)) {
+		NDR_PRINT_FUNCTION_DEBUG(DnssrvOperation2, NDR_IN, r);
+	}
+	return ret;
+}
+
+static WERROR dcesrv_DnssrvQuery2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct DnssrvQuery2 *r)
+{
+	struct dnsserver_state *dsstate;
+	struct dnsserver_zone *z;
+	WERROR ret;
+
+	ZERO_STRUCTP(r->out.pdwTypeId);
+	ZERO_STRUCTP(r->out.ppData);
+
+	if ((dsstate = dnsserver_connect(dce_call)) == NULL) {
+		return WERR_DNS_ERROR_DS_UNAVAILABLE;
+	}
+
+	if (r->in.pszZone == NULL) {
+		/* FIXME: DNS Server Configuration Access Control List */
+		ret = dnsserver_query_server(dsstate, mem_ctx,
+						r->in.pszOperation,
+						r->in.dwClientVersion,
+						r->out.pdwTypeId,
+						r->out.ppData);
+	} else {
+		z = dnsserver_find_zone(dsstate->zones, r->in.pszZone);
+		if (z == NULL) {
+			return WERR_DNS_ERROR_ZONE_DOES_NOT_EXIST;
+		}
+
+		ret = dnsserver_query_zone(dsstate, mem_ctx, z,
+					r->in.pszOperation,
+					r->in.dwClientVersion,
+					r->out.pdwTypeId,
+					r->out.ppData);
+	}
+
+	if (W_ERROR_EQUAL(ret, WERR_CALL_NOT_IMPLEMENTED)) {
+		NDR_PRINT_FUNCTION_DEBUG(DnssrvQuery2, NDR_IN, r);
+	}
+	return ret;
+}
+
+static WERROR dcesrv_DnssrvComplexOperation2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct DnssrvComplexOperation2 *r)
+{
+	struct dnsserver_state *dsstate;
+	struct dnsserver_zone *z;
+	WERROR ret;
+
+	ZERO_STRUCTP(r->out.pdwTypeOut);
+	ZERO_STRUCTP(r->out.ppDataOut);
+
+	if ((dsstate = dnsserver_connect(dce_call)) == NULL) {
+		return WERR_DNS_ERROR_DS_UNAVAILABLE;
+	}
+
+	if (r->in.pszZone == NULL) {
+		/* Server operation */
+		ret =  dnsserver_complex_operate_server(dsstate, mem_ctx,
+							r->in.pszOperation,
+							r->in.dwClientVersion,
+							r->in.dwTypeIn,
+							&r->in.pDataIn,
+							r->out.pdwTypeOut,
+							r->out.ppDataOut);
+	} else {
+
+		z = dnsserver_find_zone(dsstate->zones, r->in.pszZone);
+		if (z == NULL) {
+			return WERR_DNS_ERROR_ZONE_DOES_NOT_EXIST;
+		}
+
+		ret = dnsserver_complex_operate_zone(dsstate, mem_ctx, z,
+							r->in.pszOperation,
+							r->in.dwClientVersion,
+							r->in.dwTypeIn,
+							&r->in.pDataIn,
+							r->out.pdwTypeOut,
+							r->out.ppDataOut);
+	}
+
+	if (W_ERROR_EQUAL(ret, WERR_CALL_NOT_IMPLEMENTED)) {
+		NDR_PRINT_FUNCTION_DEBUG(DnssrvComplexOperation2, NDR_IN, r);
+	}
+	return ret;
+}
+
+static WERROR dcesrv_DnssrvEnumRecords2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct DnssrvEnumRecords2 *r)
+{
+	struct dnsserver_state *dsstate;
+	struct dnsserver_zone *z;
+	WERROR ret;
+
+	ZERO_STRUCTP(r->out.pdwBufferLength);
+	ZERO_STRUCTP(r->out.pBuffer);
+
+	if ((dsstate = dnsserver_connect(dce_call)) == NULL) {
+		return WERR_DNS_ERROR_DS_UNAVAILABLE;
+	}
+
+	if (r->in.pszZone == NULL) {
+		return WERR_DNS_ERROR_NAME_DOES_NOT_EXIST;
+	}
+
+	if (strcasecmp(r->in.pszZone, "..RootHints") == 0) {
+		ret =  dnsserver_enumerate_root_records(dsstate, mem_ctx,
+					r->in.dwClientVersion,
+					r->in.pszNodeName,
+					r->in.wRecordType,
+					r->in.fSelectFlag,
+					r->out.pdwBufferLength,
+					r->out.pBuffer);
+	} else {
+		z = dnsserver_find_zone(dsstate->zones, r->in.pszZone);
+		if (z == NULL) {
+			return WERR_DNS_ERROR_NAME_DOES_NOT_EXIST;
+		}
+
+		ret =  dnsserver_enumerate_records(dsstate, mem_ctx, z,
+					r->in.dwClientVersion,
+					r->in.pszNodeName,
+					r->in.pszStartChild,
+					r->in.wRecordType,
+					r->in.fSelectFlag,
+					r->in.pszFilterStart,
+					r->in.pszFilterStop,
+					r->out.pdwBufferLength,
+					r->out.pBuffer);
+
+	}
+
+	if (W_ERROR_EQUAL(ret, WERR_CALL_NOT_IMPLEMENTED)) {
+		NDR_PRINT_FUNCTION_DEBUG(DnssrvEnumRecords2, NDR_IN, r);
+	}
+	return ret;
+}
+
+static WERROR dcesrv_DnssrvUpdateRecord2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct DnssrvUpdateRecord2 *r)
+{
+	struct dnsserver_state *dsstate;
+	struct dnsserver_zone *z;
+	WERROR ret;
+
+	if ((dsstate = dnsserver_connect(dce_call)) == NULL) {
+		return WERR_DNS_ERROR_DS_UNAVAILABLE;
+	}
+
+	if (r->in.pszZone == NULL) {
+		return WERR_DNS_ERROR_NAME_DOES_NOT_EXIST;
+	}
+
+	z = dnsserver_find_zone(dsstate->zones, r->in.pszZone);
+	if (z == NULL) {
+		return WERR_DNS_ERROR_NAME_DOES_NOT_EXIST;
+	}
+
+	ret = dnsserver_update_record(dsstate, mem_ctx, z,
+					r->in.dwClientVersion,
+					r->in.pszNodeName,
+					r->in.pAddRecord,
+					r->in.pDeleteRecord);
+
+	if (W_ERROR_EQUAL(ret, WERR_CALL_NOT_IMPLEMENTED)) {
+		NDR_PRINT_FUNCTION_DEBUG(DnssrvUpdateRecord2, NDR_IN, r);
+	}
+	return ret;
+}
+
+/* include the generated boilerplate */
+#include "librpc/gen_ndr/ndr_dnsserver_s.c"
diff --git a/source4/rpc_server/dnsserver/dnsdata.c b/source4/rpc_server/dnsserver/dnsdata.c
new file mode 100644
index 0000000..e6d35fc
--- /dev/null
+++ b/source4/rpc_server/dnsserver/dnsdata.c
@@ -0,0 +1,1121 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   DNS Server
+
+   Copyright (C) Amitay Isaacs 2011
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "dnsserver.h"
+#include "dns_server/dnsserver_common.h"
+#include "lib/replace/system/network.h"
+#include "librpc/gen_ndr/ndr_dnsp.h"
+#include "librpc/gen_ndr/ndr_dnsserver.h"
+
+#undef strcasecmp
+
+struct IP4_ARRAY *ip4_array_copy(TALLOC_CTX *mem_ctx, struct IP4_ARRAY *ip4)
+{
+	struct IP4_ARRAY *ret;
+
+	if (!ip4) {
+		return NULL;
+	}
+
+	ret = talloc_zero(mem_ctx, struct IP4_ARRAY);
+	if (!ret) {
+		return ret;
+	}
+
+	ret->AddrCount = ip4->AddrCount;
+	if (ip4->AddrCount > 0) {
+		ret->AddrArray = talloc_zero_array(mem_ctx, unsigned int, ip4->AddrCount);
+		if (ret->AddrArray) {
+			memcpy(ret->AddrArray, ip4->AddrArray,
+				sizeof(unsigned int) * ip4->AddrCount);
+		} else {
+			talloc_free(ret);
+			return NULL;
+		}
+	}
+	return ret;
+}
+
+
+struct DNS_ADDR_ARRAY *ip4_array_to_dns_addr_array(TALLOC_CTX *mem_ctx,
+							struct IP4_ARRAY *ip4)
+{
+	struct DNS_ADDR_ARRAY *ret;
+	int i;
+
+	if (!ip4) {
+		return NULL;
+	}
+
+	ret = talloc_zero(mem_ctx, struct DNS_ADDR_ARRAY);
+	if (!ret) {
+		return ret;
+	}
+
+	ret->MaxCount = ip4->AddrCount;
+	ret->AddrCount = ip4->AddrCount;
+	ret->Family = AF_INET;
+	if (ip4->AddrCount > 0) {
+		ret->AddrArray = talloc_zero_array(mem_ctx, struct DNS_ADDR, ip4->AddrCount);
+		if (ret->AddrArray) {
+			for (i=0; i<ip4->AddrCount; i++) {
+				ret->AddrArray[i].MaxSa[0] = 0x02;
+				ret->AddrArray[i].MaxSa[3] = 53;
+				memcpy(&ret->AddrArray[i].MaxSa[4], ip4->AddrArray,
+					sizeof(unsigned int));
+				ret->AddrArray[i].DnsAddrUserDword[0] = 6;
+			}
+
+		} else {
+			talloc_free(ret);
+			return NULL;
+		}
+	}
+	return ret;
+}
+
+struct IP4_ARRAY *dns_addr_array_to_ip4_array(TALLOC_CTX *mem_ctx,
+					      struct DNS_ADDR_ARRAY *ip)
+{
+	struct IP4_ARRAY *ret;
+	size_t i, count, curr;
+
+	if (ip == NULL) {
+		return NULL;
+	}
+	/* We must only return IPv4 addresses.
+	   The passed DNS_ADDR_ARRAY may contain:
+	   - only ipv4 addresses
+	   - only ipv6 addresses
+	   - a mixture of both
+	   - an empty array
+	*/
+	ret = talloc_zero(mem_ctx, struct IP4_ARRAY);
+	if (!ret) {
+		return ret;
+	}
+	if (ip->AddrCount == 0 || ip->Family == AF_INET6) {
+		ret->AddrCount = 0;
+		return ret;
+	}
+	/* Now only ipv4 addresses or a mixture are left */
+	count = 0;
+	for (i = 0; i < ip->AddrCount; i++) {
+		if (ip->AddrArray[i].MaxSa[0] == 0x02) {
+			/* Is ipv4 */
+			count++;
+		}
+	}
+	if (count == 0) {
+		/* should not happen */
+		ret->AddrCount = 0;
+		return ret;
+	}
+	ret->AddrArray = talloc_zero_array(mem_ctx, uint32_t, count);
+	if (ret->AddrArray) {
+		curr = 0;
+		for (i = 0; i < ip->AddrCount; i++) {
+			if (ip->AddrArray[i].MaxSa[0] == 0x02) {
+				/* Is ipv4 */
+				memcpy(&ret->AddrArray[curr],
+				       &ip->AddrArray[i].MaxSa[4],
+				       sizeof(uint32_t));
+				curr++;
+			}
+		}
+	} else {
+		talloc_free(ret);
+		return NULL;
+	}
+	ret->AddrCount = curr;
+	return ret;
+}
+
+struct DNS_ADDR_ARRAY *dns_addr_array_copy(TALLOC_CTX *mem_ctx,
+						struct DNS_ADDR_ARRAY *addr)
+{
+	struct DNS_ADDR_ARRAY *ret;
+
+	if (!addr) {
+		return NULL;
+	}
+
+	ret = talloc_zero(mem_ctx, struct DNS_ADDR_ARRAY);
+	if (!ret) {
+		return ret;
+	}
+
+	ret->MaxCount = addr->MaxCount;
+	ret->AddrCount = addr->AddrCount;
+	ret->Family = addr->Family;
+	if (addr->AddrCount > 0) {
+		ret->AddrArray = talloc_zero_array(mem_ctx, struct DNS_ADDR, addr->AddrCount);
+		if (ret->AddrArray) {
+			memcpy(ret->AddrArray, addr->AddrArray,
+				sizeof(struct DNS_ADDR) * addr->AddrCount);
+		} else {
+			talloc_free(ret);
+			return NULL;
+		}
+	}
+	return ret;
+}
+
+
+int dns_split_name_components(TALLOC_CTX *tmp_ctx, const char *name, char ***components)
+{
+	char *str = NULL, *ptr, **list;
+	int count = 0;
+
+	if (name == NULL) {
+		return 0;
+	}
+
+	str = talloc_strdup(tmp_ctx, name);
+	if (!str) {
+		goto failed;
+	}
+
+	list = talloc_zero_array(tmp_ctx, char *, 0);
+	if (!list) {
+		goto failed;
+	}
+
+	ptr = strtok(str, ".");
+	while (ptr != NULL) {
+		count++;
+		list = talloc_realloc(tmp_ctx, list, char *, count);
+		if (!list) {
+			goto failed;
+		}
+		list[count-1] = talloc_strdup(tmp_ctx, ptr);
+		if (list[count-1] == NULL) {
+			goto failed;
+		}
+		ptr = strtok(NULL, ".");
+	}
+
+	talloc_free(str);
+
+	*components = list;
+	return count;
+
+failed:
+	TALLOC_FREE(str);
+	return -1;
+}
+
+
+char *dns_split_node_name(TALLOC_CTX *tmp_ctx, const char *node_name, const char *zone_name)
+{
+	char **nlist, **zlist;
+	char *prefix;
+	int ncount, zcount, i, match;
+
+	/*
+	 * If node_name is "@", return the zone_name
+	 * If node_name is ".", return NULL
+	 * If there is no '.' in node_name, return the node_name as is.
+	 *
+	 * If node_name does not have zone_name in it, return the node_name as is.
+	 *
+	 * If node_name has additional components as compared to zone_name
+	 *  return only the additional components as a prefix.
+	 *
+	 */
+	if (strcmp(node_name, "@") == 0) {
+		prefix = talloc_strdup(tmp_ctx, zone_name);
+	} else if (strcmp(node_name, ".") == 0) {
+		prefix = NULL;
+	} else if (strchr(node_name, '.') == NULL) {
+		prefix = talloc_strdup(tmp_ctx, node_name);
+	} else {
+		zcount = dns_split_name_components(tmp_ctx, zone_name, &zlist);
+		ncount = dns_split_name_components(tmp_ctx, node_name, &nlist);
+		if (zcount < 0 || ncount < 0) {
+			return NULL;
+		}
+
+		if (ncount < zcount) {
+			prefix = talloc_strdup(tmp_ctx, node_name);
+		} else {
+			match = 0;
+			for (i=1; i<=zcount; i++) {
+				if (strcasecmp(nlist[ncount-i], zlist[zcount-i]) != 0) {
+					break;
+				}
+				match++;
+			}
+
+			if (match == ncount) {
+				prefix = talloc_strdup(tmp_ctx, zone_name);
+			} else {
+				prefix = talloc_strdup(tmp_ctx, nlist[0]);
+				if (prefix != NULL) {
+					for (i=1; i<ncount-match; i++) {
+						prefix = talloc_asprintf_append(prefix, ".%s", nlist[i]);
+						if (prefix == NULL) {
+							break;
+						}
+					}
+				}
+			}
+		}
+
+		talloc_free(zlist);
+		talloc_free(nlist);
+	}
+
+	return prefix;
+}
+
+
+void dnsp_to_dns_copy(TALLOC_CTX *mem_ctx, struct dnsp_DnssrvRpcRecord *dnsp,
+				struct DNS_RPC_RECORD *dns)
+{
+	int i, len;
+
+	ZERO_STRUCTP(dns);
+
+	dns->wDataLength = dnsp->wDataLength;
+	dns->wType = dnsp->wType;
+	dns->dwFlags = dnsp->rank;
+	dns->dwSerial = dnsp->dwSerial;
+	dns->dwTtlSeconds = dnsp->dwTtlSeconds;
+	dns->dwTimeStamp = dnsp->dwTimeStamp;
+
+	switch (dnsp->wType) {
+
+	case DNS_TYPE_TOMBSTONE:
+		dns->data.EntombedTime = dnsp->data.EntombedTime;
+		break;
+
+	case DNS_TYPE_A:
+		dns->data.ipv4 = talloc_strdup(mem_ctx, dnsp->data.ipv4);
+		break;
+
+	case DNS_TYPE_NS:
+		len = strlen(dnsp->data.ns);
+		if (dnsp->data.ns[len-1] == '.') {
+			dns->data.name.len = len;
+			dns->data.name.str = talloc_strdup(mem_ctx, dnsp->data.ns);
+		} else {
+			dns->data.name.len = len+1;
+			dns->data.name.str = talloc_asprintf(mem_ctx, "%s.", dnsp->data.ns);
+		}
+		break;
+
+	case DNS_TYPE_CNAME:
+		len = strlen(dnsp->data.cname);
+		if (dnsp->data.cname[len-1] == '.') {
+			dns->data.name.len = len;
+			dns->data.name.str = talloc_strdup(mem_ctx, dnsp->data.cname);
+		} else {
+			dns->data.name.len = len+1;
+			dns->data.name.str = talloc_asprintf(mem_ctx, "%s.", dnsp->data.cname);
+		}
+		break;
+
+	case DNS_TYPE_SOA:
+		dns->data.soa.dwSerialNo = dnsp->data.soa.serial;
+		dns->data.soa.dwRefresh = dnsp->data.soa.refresh;
+		dns->data.soa.dwRetry = dnsp->data.soa.retry;
+		dns->data.soa.dwExpire = dnsp->data.soa.expire;
+		dns->data.soa.dwMinimumTtl = dnsp->data.soa.minimum;
+
+		len = strlen(dnsp->data.soa.mname);
+		if (dnsp->data.soa.mname[len-1] == '.') {
+			dns->data.soa.NamePrimaryServer.len = len;
+			dns->data.soa.NamePrimaryServer.str = talloc_strdup(mem_ctx, dnsp->data.soa.mname);
+		} else {
+			dns->data.soa.NamePrimaryServer.len = len+1;
+			dns->data.soa.NamePrimaryServer.str = talloc_asprintf(mem_ctx, "%s.", dnsp->data.soa.mname);
+		}
+
+		len = strlen(dnsp->data.soa.rname);
+		if (dnsp->data.soa.rname[len-1] == '.') {
+			dns->data.soa.ZoneAdministratorEmail.len = len;
+			dns->data.soa.ZoneAdministratorEmail.str = talloc_strdup(mem_ctx, dnsp->data.soa.rname);
+		} else {
+			dns->data.soa.ZoneAdministratorEmail.len = len+1;
+			dns->data.soa.ZoneAdministratorEmail.str = talloc_asprintf(mem_ctx, "%s.", dnsp->data.soa.rname);
+		}
+		break;
+
+	case DNS_TYPE_PTR:
+		dns->data.ptr.len = strlen(dnsp->data.ptr);
+		dns->data.ptr.str = talloc_strdup(mem_ctx, dnsp->data.ptr);
+		break;
+
+	case DNS_TYPE_MX:
+		dns->data.mx.wPreference = dnsp->data.mx.wPriority;
+		len = strlen(dnsp->data.mx.nameTarget);
+		if (dnsp->data.mx.nameTarget[len-1] == '.') {
+			dns->data.mx.nameExchange.len = len;
+			dns->data.mx.nameExchange.str = talloc_strdup(mem_ctx, dnsp->data.mx.nameTarget);
+		} else {
+			dns->data.mx.nameExchange.len = len+1;
+			dns->data.mx.nameExchange.str = talloc_asprintf(mem_ctx, "%s.", dnsp->data.mx.nameTarget);
+		}
+		break;
+
+	case DNS_TYPE_TXT:
+		dns->data.txt.count = dnsp->data.txt.count;
+		dns->data.txt.str = talloc_array(mem_ctx, struct DNS_RPC_NAME, dnsp->data.txt.count);
+		for (i=0; i<dnsp->data.txt.count; i++) {
+			dns->data.txt.str[i].str = talloc_strdup(mem_ctx, dnsp->data.txt.str[i]);
+			dns->data.txt.str[i].len = strlen(dnsp->data.txt.str[i]);
+		}
+		break;
+
+	case DNS_TYPE_AAAA:
+		dns->data.ipv6 = talloc_strdup(mem_ctx, dnsp->data.ipv6);
+		break;
+
+	case DNS_TYPE_SRV:
+		dns->data.srv.wPriority = dnsp->data.srv.wPriority;
+		dns->data.srv.wWeight = dnsp->data.srv.wWeight;
+		dns->data.srv.wPort = dnsp->data.srv.wPort;
+		len = strlen(dnsp->data.srv.nameTarget);
+		if (dnsp->data.srv.nameTarget[len-1] == '.') {
+			dns->data.srv.nameTarget.len = len;
+			dns->data.srv.nameTarget.str = talloc_strdup(mem_ctx, dnsp->data.srv.nameTarget);
+		} else {
+			dns->data.srv.nameTarget.len = len+1;
+			dns->data.srv.nameTarget.str = talloc_asprintf(mem_ctx, "%s.", dnsp->data.srv.nameTarget);
+		}
+		break;
+
+	default:
+		memcpy(&dns->data, &dnsp->data, sizeof(union DNS_RPC_RECORD_DATA));
+		DEBUG(0, ("dnsserver: Found Unhandled DNS record type=%d\n", dnsp->wType));
+	}
+
+}
+
+WERROR dns_to_dnsp_convert(TALLOC_CTX *mem_ctx, struct DNS_RPC_RECORD *dns,
+			   struct dnsp_DnssrvRpcRecord **out_dnsp, bool check_name)
+{
+	WERROR res;
+	int i, len;
+	const char *name;
+	char *talloc_res = NULL;
+	struct dnsp_DnssrvRpcRecord *dnsp = NULL;
+
+	dnsp = talloc_zero(mem_ctx, struct dnsp_DnssrvRpcRecord);
+	if (dnsp == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	dnsp->wDataLength = dns->wDataLength;
+	dnsp->wType = dns->wType;
+	dnsp->version = 5;
+	dnsp->rank = dns->dwFlags & 0x000000FF;
+	dnsp->dwSerial = dns->dwSerial;
+	dnsp->dwTtlSeconds = dns->dwTtlSeconds;
+	dnsp->dwTimeStamp = dns->dwTimeStamp;
+
+	switch (dns->wType) {
+
+	case DNS_TYPE_TOMBSTONE:
+		dnsp->data.EntombedTime = dns->data.EntombedTime;
+		break;
+
+	case DNS_TYPE_A:
+		talloc_res = talloc_strdup(mem_ctx, dns->data.ipv4);
+		if (talloc_res == NULL) {
+			goto fail_nomemory;
+		}
+		dnsp->data.ipv4 = talloc_res;
+		break;
+
+	case DNS_TYPE_NS:
+		name = dns->data.name.str;
+		len = dns->data.name.len;
+
+		if (check_name) {
+			res = dns_name_check(mem_ctx, len, name);
+			if (!W_ERROR_IS_OK(res)) {
+				return res;
+			}
+		}
+
+		if (len > 0 && name[len-1] == '.') {
+			talloc_res = talloc_strndup(mem_ctx, name, len-1);
+			if (talloc_res == NULL) {
+				goto fail_nomemory;
+			}
+			dnsp->data.ns = talloc_res;
+		} else {
+			talloc_res = talloc_strdup(mem_ctx, name);
+			if (talloc_res == NULL) {
+				goto fail_nomemory;
+			}
+			dnsp->data.ns = talloc_res;
+		}
+
+		break;
+
+	case DNS_TYPE_CNAME:
+		name = dns->data.name.str;
+		len = dns->data.name.len;
+
+		if (check_name) {
+			res = dns_name_check(mem_ctx, len, name);
+			if (!W_ERROR_IS_OK(res)) {
+				return res;
+			}
+		}
+
+		if (len > 0 && name[len-1] == '.') {
+			talloc_res = talloc_strndup(mem_ctx, name, len-1);
+			if (talloc_res == NULL) {
+				goto fail_nomemory;
+			}
+			dnsp->data.cname = talloc_res;
+		} else {
+			talloc_res = talloc_strdup(mem_ctx, name);
+			if (talloc_res == NULL) {
+				goto fail_nomemory;
+			}
+			dnsp->data.cname = talloc_res;
+		}
+
+		break;
+
+	case DNS_TYPE_SOA:
+		dnsp->data.soa.serial = dns->data.soa.dwSerialNo;
+		dnsp->data.soa.refresh = dns->data.soa.dwRefresh;
+		dnsp->data.soa.retry = dns->data.soa.dwRetry;
+		dnsp->data.soa.expire = dns->data.soa.dwExpire;
+		dnsp->data.soa.minimum = dns->data.soa.dwMinimumTtl;
+
+		name = dns->data.soa.NamePrimaryServer.str;
+		len = dns->data.soa.NamePrimaryServer.len;
+
+		if (check_name) {
+			res = dns_name_check(mem_ctx, len, name);
+			if (!W_ERROR_IS_OK(res)) {
+				return res;
+			}
+		}
+
+		if (len > 0 && name[len-1] == '.') {
+			talloc_res = talloc_strndup(mem_ctx, name, len-1);
+			if (talloc_res == NULL) {
+				goto fail_nomemory;
+			}
+			dnsp->data.soa.mname = talloc_res;
+		} else {
+			talloc_res = talloc_strdup(mem_ctx, name);
+			if (talloc_res == NULL) {
+				goto fail_nomemory;
+			}
+			dnsp->data.soa.mname = talloc_res;
+		}
+
+		name = dns->data.soa.ZoneAdministratorEmail.str;
+		len = dns->data.soa.ZoneAdministratorEmail.len;
+
+		res = dns_name_check(mem_ctx, len, name);
+		if (!W_ERROR_IS_OK(res)) {
+			return res;
+		}
+
+		if (len > 0 && name[len-1] == '.') {
+			talloc_res = talloc_strndup(mem_ctx, name, len-1);
+			if (talloc_res == NULL) {
+				goto fail_nomemory;
+			}
+			dnsp->data.soa.rname = talloc_res;
+		} else {
+			talloc_res = talloc_strdup(mem_ctx, name);
+			if (talloc_res == NULL) {
+				goto fail_nomemory;
+			}
+			dnsp->data.soa.rname = talloc_res;
+		}
+
+		break;
+
+	case DNS_TYPE_PTR:
+		name = dns->data.ptr.str;
+		len = dns->data.ptr.len;
+
+		if (check_name) {
+			res = dns_name_check(mem_ctx, len, name);
+			if (!W_ERROR_IS_OK(res)) {
+				return res;
+			}
+		}
+
+		talloc_res = talloc_strdup(mem_ctx, name);
+		if (talloc_res == NULL) {
+			goto fail_nomemory;
+		}
+		dnsp->data.ptr = talloc_res;
+
+		break;
+
+	case DNS_TYPE_MX:
+		dnsp->data.mx.wPriority = dns->data.mx.wPreference;
+
+		name = dns->data.mx.nameExchange.str;
+		len = dns->data.mx.nameExchange.len;
+
+		if (check_name) {
+			res = dns_name_check(mem_ctx, len, name);
+			if (!W_ERROR_IS_OK(res)) {
+				return res;
+			}
+		}
+
+		if (len > 0 && name[len-1] == '.') {
+			talloc_res = talloc_strndup(mem_ctx, name, len-1);
+			if (talloc_res == NULL) {
+				goto fail_nomemory;
+			}
+			dnsp->data.mx.nameTarget = talloc_res;
+		} else {
+			talloc_res = talloc_strdup(mem_ctx, name);
+			if (talloc_res == NULL) {
+				goto fail_nomemory;
+			}
+			dnsp->data.mx.nameTarget = talloc_res;
+		}
+
+		break;
+
+	case DNS_TYPE_TXT:
+		dnsp->data.txt.count = dns->data.txt.count;
+		dnsp->data.txt.str = talloc_array(mem_ctx, const char *, dns->data.txt.count);
+		for (i=0; i<dns->data.txt.count; i++) {
+			talloc_res = talloc_strdup(mem_ctx, dns->data.txt.str[i].str);
+			if (talloc_res == NULL) {
+				goto fail_nomemory;
+			}
+			dnsp->data.txt.str[i] = talloc_res;
+		}
+		break;
+
+	case DNS_TYPE_AAAA:
+		dnsp->data.ipv6 = talloc_strdup(mem_ctx, dns->data.ipv6);
+		break;
+
+	case DNS_TYPE_SRV:
+		dnsp->data.srv.wPriority = dns->data.srv.wPriority;
+		dnsp->data.srv.wWeight = dns->data.srv.wWeight;
+		dnsp->data.srv.wPort = dns->data.srv.wPort;
+
+		name = dns->data.srv.nameTarget.str;
+		len = dns->data.srv.nameTarget.len;
+
+		if (check_name) {
+			res = dns_name_check(mem_ctx, len, name);
+			if (!W_ERROR_IS_OK(res)) {
+				return res;
+			}
+		}
+
+		if (len > 0 && name[len-1] == '.') {
+			talloc_res = talloc_strndup(mem_ctx, name, len-1);
+			if (talloc_res == NULL) {
+				goto fail_nomemory;
+			}
+			dnsp->data.srv.nameTarget = talloc_res;
+		} else {
+			talloc_res = talloc_strdup(mem_ctx, name);
+			if (talloc_res == NULL) {
+				goto fail_nomemory;
+			}
+			dnsp->data.srv.nameTarget = talloc_res;
+		}
+
+		break;
+
+	default:
+		memcpy(&dnsp->data, &dns->data, sizeof(union dnsRecordData));
+		DEBUG(0, ("dnsserver: Found Unhandled DNS record type=%d\n", dns->wType));
+	}
+
+	*out_dnsp = dnsp;
+	return WERR_OK;
+
+fail_nomemory:
+	return WERR_NOT_ENOUGH_MEMORY;
+}
+
+/* Initialize tree with given name as the root */
+static struct dns_tree *dns_tree_init(TALLOC_CTX *mem_ctx, const char *name, void *data)
+{
+	struct dns_tree *tree;
+
+	tree = talloc_zero(mem_ctx, struct dns_tree);
+	if (tree == NULL) {
+		return NULL;
+	}
+
+	tree->name = talloc_strdup(tree, name);
+	if (tree->name == NULL) {
+		talloc_free(tree);
+		return NULL;
+	}
+
+	tree->data = data;
+
+	return tree;
+}
+
+
+/* Add a child one level below */
+static struct dns_tree *dns_tree_add(struct dns_tree *tree, const char *name, void *data)
+{
+	struct dns_tree *node;
+
+	node = talloc_zero(tree, struct dns_tree);
+	if (node == NULL) {
+		return NULL;
+	}
+
+	node->name = talloc_strdup(tree, name);
+	if (node->name == NULL) {
+		talloc_free(node);
+		return NULL;
+	}
+	node->level = tree->level + 1;
+	node->num_children = 0;
+	node->children = NULL;
+	node->data = data;
+
+	if (tree->num_children == 0) {
+		tree->children = talloc_zero(tree, struct dns_tree *);
+	} else {
+		tree->children = talloc_realloc(tree, tree->children, struct dns_tree *,
+						tree->num_children+1);
+	}
+	if (tree->children == NULL) {
+		talloc_free(node);
+		return NULL;
+	}
+	tree->children[tree->num_children] = node;
+	tree->num_children++;
+
+	return node;
+}
+
+/* Find a node that matches the name components */
+static struct dns_tree *dns_tree_find(struct dns_tree *tree, int ncount, char **nlist, int *match_count)
+{
+	struct dns_tree *node, *next;
+	int i, j, start;
+
+	*match_count = -1;
+
+	if (strcmp(tree->name, "@") == 0) {
+		start = 0;
+	} else {
+		if (strcasecmp(tree->name, nlist[ncount-1]) != 0) {
+			return NULL;
+		}
+		start = 1;
+		*match_count = 0;
+	}
+
+	node = tree;
+	for (i=start; i<ncount; i++) {
+		if (node->num_children == 0) {
+			break;
+		}
+		next = NULL;
+		for (j=0; j<node->num_children; j++) {
+			if (strcasecmp(nlist[(ncount-1)-i], node->children[j]->name) == 0) {
+				next = node->children[j];
+				*match_count = i;
+				break;
+			}
+		}
+		if (next == NULL) {
+			break;
+		} else {
+			node = next;
+		}
+	}
+
+	return node;
+}
+
+/* Build a 2-level tree for resulting dns names */
+struct dns_tree *dns_build_tree(TALLOC_CTX *mem_ctx, const char *name, struct ldb_result *res)
+{
+	struct dns_tree *root, *base, *tree, *node;
+	const char *ptr;
+	int rootcount, ncount;
+	char **nlist;
+	int i, level, match_count;
+
+	rootcount = dns_split_name_components(mem_ctx, name, &nlist);
+	if (rootcount <= 0) {
+		return NULL;
+	}
+
+	root = dns_tree_init(mem_ctx, nlist[rootcount-1], NULL);
+	if (root == NULL) {
+		talloc_free(nlist);
+		return NULL;
+	}
+
+	tree = root;
+	for (i=rootcount-2; i>=0; i--) {
+		tree = dns_tree_add(tree, nlist[i], NULL);
+		if (tree == NULL) {
+			goto failed;
+		}
+	}
+
+	base = tree;
+
+	/* Add all names in the result in a tree */
+	for (i=0; i<res->count; i++) {
+		ptr = ldb_msg_find_attr_as_string(res->msgs[i], "name", NULL);
+		if (ptr == NULL) {
+			DBG_ERR("dnsserver: dns record has no name (%s)\n",
+				ldb_dn_get_linearized(res->msgs[i]->dn));
+			goto failed;
+		}
+
+		/*
+		 * This might be the sub-domain in the zone being
+		 * requested, or @ for the root of the zone
+		 */
+		if (strcasecmp(ptr, name) == 0) {
+			base->data = res->msgs[i];
+			continue;
+		}
+
+		ncount = dns_split_name_components(root, ptr, &nlist);
+		if (ncount < 0) {
+			goto failed;
+		}
+
+		/* Find matching node */
+		tree = dns_tree_find(root, ncount, nlist, &match_count);
+		if (tree == NULL) {
+			goto failed;
+		}
+
+		/* If the node is on leaf, then add record data */
+		if (match_count+1 == ncount) {
+			tree->data = res->msgs[i];
+		}
+
+		/* Add missing name components */
+		for (level=match_count+1; level<ncount; level++) {
+			if (tree->level == rootcount+1) {
+				break;
+			}
+			if (level == ncount-1) {
+				node = dns_tree_add(tree, nlist[(ncount-1)-level], res->msgs[i]);
+			} else {
+				node = dns_tree_add(tree, nlist[(ncount-1)-level], NULL);
+			}
+			if (node == NULL) {
+				goto failed;
+			}
+			tree = node;
+		}
+
+		talloc_free(nlist);
+	}
+
+	/* Mark the base record, so it can be found easily */
+	base->level = -1;
+
+	return root;
+
+failed:
+	talloc_free(nlist);
+	talloc_free(root);
+	return NULL;
+}
+
+
+static void _dns_add_name(TALLOC_CTX *mem_ctx, const char *name, char ***add_names, int *add_count)
+{
+	int i;
+	char **ptr = *add_names;
+	int count = *add_count;
+
+	for (i=0; i<count; i++) {
+		if (strcasecmp(ptr[i], name) == 0) {
+			return;
+		}
+	}
+
+	ptr = talloc_realloc(mem_ctx, ptr, char *, count+1);
+	if (ptr == NULL) {
+		return;
+	}
+
+	ptr[count] = talloc_strdup(mem_ctx, name);
+	if (ptr[count] == NULL) {
+		talloc_free(ptr);
+		return;
+	}
+
+	*add_names = ptr;
+	*add_count = count+1;
+}
+
+
+static void dns_find_additional_names(TALLOC_CTX *mem_ctx, struct dnsp_DnssrvRpcRecord *rec, char ***add_names, int *add_count)
+{
+	if (add_names == NULL) {
+		return;
+	}
+
+	switch (rec->wType) {
+
+	case DNS_TYPE_NS:
+		_dns_add_name(mem_ctx, rec->data.ns, add_names, add_count);
+		break;
+
+	case DNS_TYPE_CNAME:
+		_dns_add_name(mem_ctx, rec->data.cname, add_names, add_count);
+		break;
+
+	case DNS_TYPE_SOA:
+		_dns_add_name(mem_ctx, rec->data.soa.mname, add_names, add_count);
+		break;
+
+	case DNS_TYPE_MX:
+		_dns_add_name(mem_ctx, rec->data.mx.nameTarget, add_names, add_count);
+		break;
+
+	case DNS_TYPE_SRV:
+		_dns_add_name(mem_ctx, rec->data.srv.nameTarget, add_names, add_count);
+		break;
+
+	default:
+		break;
+	}
+}
+
+
+WERROR dns_fill_records_array(TALLOC_CTX *mem_ctx,
+				struct dnsserver_zone *z,
+				enum dns_record_type record_type,
+				unsigned int select_flag,
+				const char *branch_name,
+				struct ldb_message *msg,
+				int num_children,
+				struct DNS_RPC_RECORDS_ARRAY *recs,
+				char ***add_names,
+				int *add_count)
+{
+	struct ldb_message_element *el;
+	const char *ptr;
+	int i, j;
+	bool found;
+
+	if (recs->count == 0) {
+		recs->rec = talloc_zero(recs, struct DNS_RPC_RECORDS);
+	} else {
+		recs->rec = talloc_realloc(recs, recs->rec, struct DNS_RPC_RECORDS, recs->count+1);
+	}
+	if (recs->rec == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+	i = recs->count;
+	recs->rec[i].wLength = 0;
+	recs->rec[i].wRecordCount = 0;
+	recs->rec[i].dwChildCount = num_children;
+	recs->rec[i].dwFlags = 0;
+
+	/* The base records returned with empty name */
+	/* Children records returned with names */
+	if (branch_name == NULL) {
+		recs->rec[i].dnsNodeName.str = talloc_strdup(recs, "");
+		recs->rec[i].dnsNodeName.len = 0;
+	} else {
+		recs->rec[i].dnsNodeName.str = talloc_strdup(recs, branch_name);
+		recs->rec[i].dnsNodeName.len = strlen(branch_name);
+	}
+	recs->rec[i].records = talloc_zero_array(recs, struct DNS_RPC_RECORD, 0);
+	recs->count++;
+
+	/* Allow empty records */
+	if (msg == NULL) {
+		return WERR_OK;
+	}
+
+	/* Do not return RR records, if the node has children */
+	if (branch_name != NULL && num_children > 0) {
+		return WERR_OK;
+	}
+
+	ptr = ldb_msg_find_attr_as_string(msg, "name", NULL);
+	if (ptr == NULL) {
+		DBG_ERR("dnsserver: dns record has no name (%s)\n",
+			ldb_dn_get_linearized(msg->dn));
+		return WERR_INTERNAL_DB_ERROR;
+	}
+
+	el = ldb_msg_find_element(msg, "dnsRecord");
+	if (el == NULL || el->values == 0) {
+		return WERR_OK;
+	}
+
+	/* Add RR records */
+	for (j=0; j<el->num_values; j++) {
+		struct dnsp_DnssrvRpcRecord dnsp_rec;
+		struct DNS_RPC_RECORD *dns_rec;
+		enum ndr_err_code ndr_err;
+
+		ndr_err = ndr_pull_struct_blob(&el->values[j], mem_ctx, &dnsp_rec,
+					(ndr_pull_flags_fn_t)ndr_pull_dnsp_DnssrvRpcRecord);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			DEBUG(0, ("dnsserver: Unable to parse dns record (%s)\n", ldb_dn_get_linearized(msg->dn)));
+			return WERR_INTERNAL_DB_ERROR;
+		}
+
+		/* Match the records based on search criteria */
+		if (record_type == DNS_TYPE_ALL || dnsp_rec.wType == record_type) {
+			found = false;
+
+			if (select_flag & DNS_RPC_VIEW_AUTHORITY_DATA) {
+				if (dnsp_rec.rank == DNS_RANK_ZONE) {
+					found = true;
+				} else if (dnsp_rec.rank == DNS_RANK_NS_GLUE) {
+					/*
+					 * If branch_name is NULL, we're
+					 * explicitly asked to also return
+					 * DNS_RANK_NS_GLUE records
+					 */
+					if (branch_name == NULL) {
+						found = true;
+					}
+				}
+			}
+			if (select_flag & DNS_RPC_VIEW_CACHE_DATA) {
+				if (dnsp_rec.rank == DNS_RANK_ZONE) {
+					found = true;
+				}
+			}
+			if (select_flag & DNS_RPC_VIEW_GLUE_DATA) {
+				if (dnsp_rec.rank == DNS_RANK_GLUE) {
+					found = true;
+				}
+			}
+			if (select_flag & DNS_RPC_VIEW_ROOT_HINT_DATA) {
+				if (dnsp_rec.rank == DNS_RANK_ROOT_HINT) {
+					found = true;
+				}
+			}
+
+			if (found) {
+				recs->rec[i].records = talloc_realloc(recs,
+							recs->rec[i].records,
+							struct DNS_RPC_RECORD,
+							recs->rec[i].wRecordCount+1);
+				if (recs->rec[i].records == NULL) {
+					return WERR_NOT_ENOUGH_MEMORY;
+				}
+
+				dns_rec = &recs->rec[i].records[recs->rec[i].wRecordCount];
+				dnsp_to_dns_copy(recs, &dnsp_rec, dns_rec);
+
+				/* Fix record flags */
+				if (strcmp(ptr, "@") == 0) {
+					dns_rec->dwFlags |= DNS_RPC_FLAG_ZONE_ROOT;
+
+					if (dnsp_rec.rank == DNS_RANK_ZONE) {
+						dns_rec->dwFlags |= DNS_RPC_FLAG_AUTH_ZONE_ROOT;
+					}
+				}
+
+				if (dns_rec->dwFlags == DNS_RANK_NS_GLUE) {
+					dns_rec->dwFlags |= DNS_RPC_FLAG_ZONE_ROOT;
+				}
+
+				recs->rec[i].wRecordCount++;
+
+				dns_find_additional_names(mem_ctx, &dnsp_rec, add_names, add_count);
+			}
+		}
+	}
+
+	return WERR_OK;
+}
+
+
+int dns_name_compare(struct ldb_message * const *m1, struct ldb_message * const *m2,
+		     const char *search_name)
+{
+	const char *name1, *name2;
+	const char *ptr1, *ptr2;
+
+	name1 = ldb_msg_find_attr_as_string(*m1, "name", NULL);
+	name2 = ldb_msg_find_attr_as_string(*m2, "name", NULL);
+	if (name1 == NULL || name2 == NULL) {
+		return 0;
+	}
+
+	/* Compare the last components of names.
+	 * If search_name is not NULL, compare the second last components of names */
+	ptr1 = strrchr(name1, '.');
+	if (ptr1 == NULL) {
+		ptr1 = name1;
+	} else {
+		if (search_name && strcasecmp(ptr1+1, search_name) == 0) {
+			ptr1--;
+			while (ptr1 != name1) {
+				ptr1--;
+				if (*ptr1 == '.') {
+					break;
+				}
+			}
+		}
+		if (*ptr1 == '.') {
+			ptr1 = &ptr1[1];
+		}
+	}
+
+	ptr2 = strrchr(name2, '.');
+	if (ptr2 == NULL) {
+		ptr2 = name2;
+	} else {
+		if (search_name && strcasecmp(ptr2+1, search_name) == 0) {
+			ptr2--;
+			while (ptr2 != name2) {
+				ptr2--;
+				if (*ptr2 == '.') {
+					break;
+				}
+			}
+		}
+		if (*ptr2 == '.') {
+			ptr2 = &ptr2[1];
+		}
+	}
+
+	return strcasecmp(ptr1, ptr2);
+}
diff --git a/source4/rpc_server/dnsserver/dnsdb.c b/source4/rpc_server/dnsserver/dnsdb.c
new file mode 100644
index 0000000..bde54a0
--- /dev/null
+++ b/source4/rpc_server/dnsserver/dnsdb.c
@@ -0,0 +1,1272 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   DNS Server
+
+   Copyright (C) Amitay Isaacs 2011
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "dnsserver.h"
+#include "lib/util/dlinklist.h"
+#include "librpc/gen_ndr/ndr_dnsp.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "dsdb/samdb/samdb.h"
+#include "libcli/security/security.h"
+#include "dsdb/common/util.h"
+
+#undef strcasecmp
+
+/* There are only 2 fixed partitions for DNS */
+struct dnsserver_partition *dnsserver_db_enumerate_partitions(TALLOC_CTX *mem_ctx,
+							struct dnsserver_serverinfo *serverinfo,
+							struct ldb_context *samdb)
+{
+	struct dnsserver_partition *partitions, *p;
+
+	partitions = NULL;
+
+	/* Domain partition */
+	p = talloc_zero(mem_ctx, struct dnsserver_partition);
+	if (p == NULL) {
+		goto failed;
+	}
+
+	p->partition_dn = ldb_dn_new(p, samdb, serverinfo->pszDomainDirectoryPartition);
+	if (p->partition_dn == NULL) {
+		goto failed;
+	}
+
+	p->pszDpFqdn = samdb_dn_to_dns_domain(p, p->partition_dn);
+	p->dwDpFlags = DNS_DP_AUTOCREATED | DNS_DP_DOMAIN_DEFAULT | DNS_DP_ENLISTED;
+	p->is_forest = false;
+
+	DLIST_ADD_END(partitions, p);
+
+	/* Forest Partition */
+	p = talloc_zero(mem_ctx, struct dnsserver_partition);
+	if (p == NULL) {
+		goto failed;
+	}
+
+	p->partition_dn = ldb_dn_new(p, samdb, serverinfo->pszForestDirectoryPartition);
+	if (p->partition_dn == NULL) {
+		goto failed;
+	}
+
+	p->pszDpFqdn = samdb_dn_to_dns_domain(p, p->partition_dn);
+	p->dwDpFlags = DNS_DP_AUTOCREATED | DNS_DP_FOREST_DEFAULT | DNS_DP_ENLISTED;
+	p->is_forest = true;
+
+	DLIST_ADD_END(partitions, p);
+
+	return partitions;
+
+failed:
+	return NULL;
+
+}
+
+
+/* Search for all dnsZone records */
+struct dnsserver_zone *dnsserver_db_enumerate_zones(TALLOC_CTX *mem_ctx,
+						struct ldb_context *samdb,
+						struct dnsserver_partition *p)
+{
+	TALLOC_CTX *tmp_ctx;
+	const char * const attrs[] = {"name", "dNSProperty", NULL};
+	struct ldb_dn *dn;
+	struct ldb_result *res;
+	struct dnsserver_zone *zones, *z;
+	int i, j, ret;
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		return NULL;
+	}
+
+	dn = ldb_dn_copy(tmp_ctx, p->partition_dn);
+	if (dn == NULL) {
+		goto failed;
+	}
+	if (!ldb_dn_add_child_fmt(dn, "CN=MicrosoftDNS")) {
+		goto failed;
+	}
+
+	ret = ldb_search(samdb, tmp_ctx, &res, dn, LDB_SCOPE_SUBTREE,
+			  attrs, "(objectClass=dnsZone)");
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0, ("dnsserver: Failed to find DNS Zones in %s\n",
+			ldb_dn_get_linearized(dn)));
+		goto failed;
+	}
+
+	zones = NULL;
+	for(i=0; i<res->count; i++) {
+		char *name;
+		struct ldb_message_element *element = NULL;
+		struct dnsp_DnsProperty *props = NULL;
+		enum ndr_err_code err;
+		z = talloc_zero(mem_ctx, struct dnsserver_zone);
+		if (z == NULL) {
+			goto failed;
+		}
+
+		z->partition = p;
+		name = talloc_strdup(z,
+				ldb_msg_find_attr_as_string(res->msgs[i],
+							    "name", NULL));
+		if (strcmp(name, "..TrustAnchors") == 0) {
+			talloc_free(z);
+			continue;
+		}
+		if (strcmp(name, "RootDNSServers") == 0) {
+			talloc_free(name);
+			z->name = talloc_strdup(z, ".");
+		} else {
+			z->name = name;
+		}
+		z->zone_dn = talloc_steal(z, res->msgs[i]->dn);
+
+		DLIST_ADD_END(zones, z);
+		DEBUG(2, ("dnsserver: Found DNS zone %s\n", z->name));
+
+		element = ldb_msg_find_element(res->msgs[i], "dNSProperty");
+		if(element != NULL){
+			props = talloc_zero_array(tmp_ctx,
+						  struct dnsp_DnsProperty,
+						  element->num_values);
+			for (j = 0; j < element->num_values; j++ ) {
+				err = ndr_pull_struct_blob(
+					&(element->values[j]),
+					mem_ctx,
+					&props[j],
+					(ndr_pull_flags_fn_t)
+						ndr_pull_dnsp_DnsProperty);
+				if (!NDR_ERR_CODE_IS_SUCCESS(err)){
+					/*
+					 * Per Microsoft we must
+					 * ignore invalid data here
+					 * and continue as a Windows
+					 * server can put in a
+					 * structure with an invalid
+					 * length.
+					 *
+					 * We can safely fill in an
+					 * extra empty property here
+					 * because
+					 * dns_zoneinfo_load_zone_property()
+					 * just ignores
+					 * DSPROPERTY_ZONE_EMPTY
+					 */
+					ZERO_STRUCT(props[j]);
+					props[j].id = DSPROPERTY_ZONE_EMPTY;
+					continue;
+				}
+			}
+			z->tmp_props = props;
+			z->num_props = element->num_values;
+		}
+	}
+	return zones;
+
+failed:
+	talloc_free(tmp_ctx);
+	return NULL;
+}
+
+
+/* Find DNS partition information */
+struct dnsserver_partition_info *dnsserver_db_partition_info(TALLOC_CTX *mem_ctx,
+							struct ldb_context *samdb,
+							struct dnsserver_partition *p)
+{
+	const char * const attrs[] = { "instanceType", "msDs-masteredBy", NULL };
+	const char * const attrs_none[] = { NULL };
+	struct ldb_result *res;
+	struct ldb_message_element *el;
+	struct ldb_dn *dn;
+	struct dnsserver_partition_info *partinfo;
+	int i, ret, instance_type;
+	TALLOC_CTX *tmp_ctx;
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		return NULL;
+	}
+
+	partinfo = talloc_zero(mem_ctx, struct dnsserver_partition_info);
+	if (partinfo == NULL) {
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+
+	/* Search for the active replica and state */
+	ret = ldb_search(samdb, tmp_ctx, &res, p->partition_dn, LDB_SCOPE_BASE,
+			attrs, NULL);
+	if (ret != LDB_SUCCESS || res->count != 1) {
+		goto failed;
+	}
+
+	/* Set the state of the partition */
+	instance_type = ldb_msg_find_attr_as_int(res->msgs[0], "instanceType", -1);
+	if (instance_type == -1) {
+		partinfo->dwState = DNS_DP_STATE_UNKNOWN;
+	} else if (instance_type & INSTANCE_TYPE_NC_COMING) {
+		partinfo->dwState = DNS_DP_STATE_REPL_INCOMING;
+	} else if (instance_type & INSTANCE_TYPE_NC_GOING) {
+		partinfo->dwState = DNS_DP_STATE_REPL_OUTGOING;
+	} else {
+		partinfo->dwState = DNS_DP_OKAY;
+	}
+
+	el = ldb_msg_find_element(res->msgs[0], "msDs-masteredBy");
+	if (el == NULL) {
+		partinfo->dwReplicaCount = 0;
+		partinfo->ReplicaArray = NULL;
+	} else {
+		partinfo->dwReplicaCount = el->num_values;
+		partinfo->ReplicaArray = talloc_zero_array(partinfo,
+							   struct DNS_RPC_DP_REPLICA *,
+							   el->num_values);
+		if (partinfo->ReplicaArray == NULL) {
+			goto failed;
+		}
+		for (i=0; i<el->num_values; i++) {
+			partinfo->ReplicaArray[i] = talloc_zero(partinfo,
+							struct DNS_RPC_DP_REPLICA);
+			if (partinfo->ReplicaArray[i] == NULL) {
+				goto failed;
+			}
+			partinfo->ReplicaArray[i]->pszReplicaDn = talloc_strdup(
+									partinfo,
+									(const char *)el->values[i].data);
+			if (partinfo->ReplicaArray[i]->pszReplicaDn == NULL) {
+				goto failed;
+			}
+		}
+	}
+	talloc_free(res);
+
+	/* Search for cross-reference object */
+	dn = ldb_dn_copy(tmp_ctx, ldb_get_config_basedn(samdb));
+	if (dn == NULL) {
+		goto failed;
+	}
+
+	ret = ldb_search(samdb, tmp_ctx, &res, dn, LDB_SCOPE_DEFAULT, attrs_none,
+			"(nCName=%s)", ldb_dn_get_linearized(p->partition_dn));
+	if (ret != LDB_SUCCESS || res->count != 1) {
+		goto failed;
+	}
+	partinfo->pszCrDn = talloc_strdup(partinfo, ldb_dn_get_linearized(res->msgs[0]->dn));
+	if (partinfo->pszCrDn == NULL) {
+		goto failed;
+	}
+	talloc_free(res);
+
+	talloc_free(tmp_ctx);
+	return partinfo;
+
+failed:
+	talloc_free(tmp_ctx);
+	talloc_free(partinfo);
+	return NULL;
+}
+
+
+/* Increment serial number and update timestamp */
+static unsigned int dnsserver_update_soa(TALLOC_CTX *mem_ctx,
+				struct ldb_context *samdb,
+				struct dnsserver_zone *z,
+				WERROR *werr)
+{
+	const char * const attrs[] = { "dnsRecord", NULL };
+	struct ldb_result *res;
+	struct dnsp_DnssrvRpcRecord rec;
+	struct ldb_message_element *el;
+	enum ndr_err_code ndr_err;
+	int ret, i, serial = -1;
+
+	*werr = WERR_INTERNAL_DB_ERROR;
+
+	ret = ldb_search(samdb, mem_ctx, &res, z->zone_dn, LDB_SCOPE_ONELEVEL, attrs,
+			"(&(objectClass=dnsNode)(name=@))");
+	if (ret != LDB_SUCCESS || res->count == 0) {
+		return -1;
+	}
+
+	el = ldb_msg_find_element(res->msgs[0], "dnsRecord");
+	if (el == NULL) {
+		return -1;
+	}
+
+	for (i=0; i<el->num_values; i++) {
+		ndr_err = ndr_pull_struct_blob(&el->values[i], mem_ctx, &rec,
+					(ndr_pull_flags_fn_t)ndr_pull_dnsp_DnssrvRpcRecord);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			continue;
+		}
+
+		if (rec.wType == DNS_TYPE_SOA) {
+			serial = rec.data.soa.serial + 1;
+			rec.dwSerial = serial;
+			rec.dwTimeStamp = 0;
+			rec.data.soa.serial = serial;
+
+			ndr_err = ndr_push_struct_blob(&el->values[i], mem_ctx, &rec,
+					(ndr_push_flags_fn_t)ndr_push_dnsp_DnssrvRpcRecord);
+			if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+				*werr = WERR_NOT_ENOUGH_MEMORY;
+				return -1;
+			}
+			break;
+		}
+	}
+
+	if (serial != -1) {
+		el->flags = LDB_FLAG_MOD_REPLACE;
+		ret = ldb_modify(samdb, res->msgs[0]);
+		if (ret != LDB_SUCCESS) {
+			if (ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS) {
+				*werr = WERR_ACCESS_DENIED;
+			}
+			return -1;
+		}
+	}
+
+	*werr = WERR_OK;
+
+	return serial;
+}
+
+
+/* Add DNS record to the database */
+static WERROR dnsserver_db_do_add_rec(TALLOC_CTX *mem_ctx,
+				struct ldb_context *samdb,
+				struct ldb_dn *dn,
+				int num_rec,
+				struct dnsp_DnssrvRpcRecord *rec)
+{
+	struct ldb_message *msg;
+	struct ldb_val v;
+	int ret;
+	enum ndr_err_code ndr_err;
+	int i;
+
+	msg = ldb_msg_new(mem_ctx);
+	W_ERROR_HAVE_NO_MEMORY(msg);
+
+	msg->dn = dn;
+	ret = ldb_msg_add_string(msg, "objectClass", "dnsNode");
+	if (ret != LDB_SUCCESS) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	if (num_rec > 0 && rec) {
+		for (i=0; i<num_rec; i++) {
+			ndr_err = ndr_push_struct_blob(&v, mem_ctx, &rec[i],
+					(ndr_push_flags_fn_t)ndr_push_dnsp_DnssrvRpcRecord);
+			if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+				return WERR_GEN_FAILURE;
+			}
+
+			ret = ldb_msg_add_value(msg, "dnsRecord", &v, NULL);
+			if (ret != LDB_SUCCESS) {
+				return WERR_NOT_ENOUGH_MEMORY;
+			}
+		}
+	}
+
+	ret = ldb_add(samdb, msg);
+	if (ret != LDB_SUCCESS) {
+		return WERR_INTERNAL_DB_ERROR;
+	}
+
+	return WERR_OK;
+}
+
+
+/* Add dnsNode record to the database with DNS record */
+WERROR dnsserver_db_add_empty_node(TALLOC_CTX *mem_ctx,
+					struct ldb_context *samdb,
+					struct dnsserver_zone *z,
+					const char *name)
+{
+	const char * const attrs[] = { "name", NULL };
+	struct ldb_result *res;
+	struct ldb_dn *dn;
+	char *encoded_name = ldb_binary_encode_string(mem_ctx, name);
+	struct ldb_val name_val = data_blob_string_const(name);
+	int ret;
+
+	ret = ldb_search(samdb, mem_ctx, &res, z->zone_dn, LDB_SCOPE_BASE, attrs,
+			"(&(objectClass=dnsNode)(name=%s))",
+			 encoded_name);
+	if (ret != LDB_SUCCESS) {
+		return WERR_INTERNAL_DB_ERROR;
+	}
+
+	if (res->count > 0) {
+		talloc_free(res);
+		return WERR_DNS_ERROR_RECORD_ALREADY_EXISTS;
+	}
+
+	dn = ldb_dn_copy(mem_ctx, z->zone_dn);
+	W_ERROR_HAVE_NO_MEMORY(dn);
+
+	if (!ldb_dn_add_child_val(dn, "DC", name_val)) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	return dnsserver_db_do_add_rec(mem_ctx, samdb, dn, 0, NULL);
+}
+
+static void set_record_rank(struct dnsserver_zone *z,
+			    const char *name,
+			    struct dnsp_DnssrvRpcRecord *rec)
+{
+	if (z->zoneinfo->dwZoneType == DNS_ZONE_TYPE_PRIMARY) {
+		if (strcmp(name, "@") != 0 && rec->wType == DNS_TYPE_NS) {
+			rec->rank = DNS_RANK_NS_GLUE;
+		} else {
+			rec->rank = DNS_RANK_ZONE;
+		}
+	} else if (strcmp(z->name, ".") == 0) {
+		rec->rank = DNS_RANK_ROOT_HINT;
+	}
+}
+
+
+/* Add a DNS record */
+WERROR dnsserver_db_add_record(TALLOC_CTX *mem_ctx,
+					struct ldb_context *samdb,
+					struct dnsserver_zone *z,
+					const char *name,
+					struct DNS_RPC_RECORD *add_record)
+{
+	const char * const attrs[] = { "dnsRecord", "dNSTombstoned", NULL };
+	struct ldb_result *res;
+	struct dnsp_DnssrvRpcRecord *rec = NULL;
+	struct ldb_message_element *el;
+	struct ldb_dn *dn;
+	enum ndr_err_code ndr_err;
+	int ret, i;
+	int serial;
+	WERROR werr;
+	bool was_tombstoned = false;
+	char *encoded_name = ldb_binary_encode_string(mem_ctx, name);
+
+	werr = dns_to_dnsp_convert(mem_ctx, add_record, &rec, true);
+	if (!W_ERROR_IS_OK(werr)) {
+		return werr;
+	}
+
+	/* Set the correct rank for the record. */
+	set_record_rank(z, name, rec);
+
+	serial = dnsserver_update_soa(mem_ctx, samdb, z, &werr);
+	if (serial < 0) {
+		return werr;
+	}
+
+	rec->dwSerial = serial;
+	rec->dwTimeStamp = 0;
+
+	ret = ldb_search(samdb, mem_ctx, &res, z->zone_dn, LDB_SCOPE_ONELEVEL, attrs,
+			"(&(objectClass=dnsNode)(name=%s))",
+			 encoded_name);
+	if (ret != LDB_SUCCESS) {
+		return WERR_INTERNAL_DB_ERROR;
+	}
+
+	if (res->count == 0) {
+		dn = dnsserver_name_to_dn(mem_ctx, z, name);
+		W_ERROR_HAVE_NO_MEMORY(dn);
+
+		return dnsserver_db_do_add_rec(mem_ctx, samdb, dn, 1, rec);
+	}
+
+	el = ldb_msg_find_element(res->msgs[0], "dnsRecord");
+	if (el == NULL) {
+		ret = ldb_msg_add_empty(res->msgs[0], "dnsRecord", 0, &el);
+		if (ret != LDB_SUCCESS) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+	}
+
+	was_tombstoned = ldb_msg_find_attr_as_bool(res->msgs[0],
+						   "dNSTombstoned", false);
+	if (was_tombstoned) {
+		el->num_values = 0;
+	}
+
+	for (i=0; i<el->num_values; i++) {
+		struct dnsp_DnssrvRpcRecord rec2;
+
+		ndr_err = ndr_pull_struct_blob(&el->values[i], mem_ctx, &rec2,
+						(ndr_pull_flags_fn_t)ndr_pull_dnsp_DnssrvRpcRecord);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			return WERR_GEN_FAILURE;
+		}
+
+		if (dns_record_match(rec, &rec2)) {
+			break;
+		}
+	}
+	if (i < el->num_values) {
+		return WERR_DNS_ERROR_RECORD_ALREADY_EXISTS;
+	}
+	if (i == el->num_values) {
+		/* adding a new value */
+		el->values = talloc_realloc(el, el->values, struct ldb_val, el->num_values+1);
+		W_ERROR_HAVE_NO_MEMORY(el->values);
+		el->num_values++;
+	}
+
+	ndr_err = ndr_push_struct_blob(&el->values[i], mem_ctx, rec,
+					(ndr_push_flags_fn_t)ndr_push_dnsp_DnssrvRpcRecord);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return WERR_GEN_FAILURE;
+	}
+
+	el->flags = LDB_FLAG_MOD_REPLACE;
+
+	el = ldb_msg_find_element(res->msgs[0], "dNSTombstoned");
+	if (el != NULL) {
+		el->flags = LDB_FLAG_MOD_DELETE;
+	}
+
+	ret = ldb_modify(samdb, res->msgs[0]);
+	if (ret != LDB_SUCCESS) {
+		return WERR_INTERNAL_DB_ERROR;
+	}
+
+	return WERR_OK;
+}
+
+
+/* Update a DNS record */
+WERROR dnsserver_db_update_record(TALLOC_CTX *mem_ctx,
+					struct ldb_context *samdb,
+					struct dnsserver_zone *z,
+					const char *name,
+					struct DNS_RPC_RECORD *add_record,
+					struct DNS_RPC_RECORD *del_record)
+{
+	const char * const attrs[] = { "dnsRecord", NULL };
+	struct ldb_result *res;
+	struct dnsp_DnssrvRpcRecord rec2;
+	struct dnsp_DnssrvRpcRecord *arec = NULL, *drec = NULL;
+	struct ldb_message_element *el;
+	enum ndr_err_code ndr_err;
+	int ret, i;
+	int serial;
+	WERROR werr;
+	bool updating_ttl = false;
+	char *encoded_name = ldb_binary_encode_string(mem_ctx, name);
+
+	werr = dns_to_dnsp_convert(mem_ctx, add_record, &arec, true);
+	if (!W_ERROR_IS_OK(werr)) {
+		return werr;
+	}
+
+	werr = dns_to_dnsp_convert(mem_ctx, del_record, &drec, true);
+	if (!W_ERROR_IS_OK(werr)) {
+		return werr;
+	}
+
+	ret = ldb_search(samdb, mem_ctx, &res, z->zone_dn, LDB_SCOPE_ONELEVEL, attrs,
+			"(&(objectClass=dnsNode)(name=%s)(!(dNSTombstoned=TRUE)))",
+			 encoded_name);
+	if (ret != LDB_SUCCESS) {
+		return WERR_INTERNAL_DB_ERROR;
+	}
+
+	if (res->count == 0) {
+		return WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST;
+	}
+
+	el = ldb_msg_find_element(res->msgs[0], "dnsRecord");
+	if (el == NULL || el->num_values == 0) {
+		return WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST;
+	}
+
+	for (i=0; i<el->num_values; i++) {
+		ndr_err = ndr_pull_struct_blob(&el->values[i], mem_ctx, &rec2,
+						(ndr_pull_flags_fn_t)ndr_pull_dnsp_DnssrvRpcRecord);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			return WERR_GEN_FAILURE;
+		}
+
+		if (dns_record_match(arec, &rec2)) {
+			break;
+		}
+	}
+	if (i < el->num_values) {
+		/*
+		 * The record already exists, which is an error UNLESS we are
+		 * doing an in-place update.
+		 *
+		 * Therefore we need to see if drec also matches, in which
+		 * case it's OK, though we can only update dwTtlSeconds and
+		 * reset the timestamp to zero.
+		 */
+		updating_ttl = dns_record_match(drec, &rec2);
+		if (! updating_ttl) {
+			return WERR_DNS_ERROR_RECORD_ALREADY_EXISTS;
+		}
+		/* In this case the next loop is redundant */
+	}
+
+	for (i=0; i<el->num_values; i++) {
+		ndr_err = ndr_pull_struct_blob(&el->values[i], mem_ctx, &rec2,
+						(ndr_pull_flags_fn_t)ndr_pull_dnsp_DnssrvRpcRecord);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			return WERR_GEN_FAILURE;
+		}
+
+		if (dns_record_match(drec, &rec2)) {
+			/*
+			 * we are replacing this one with arec, which is done
+			 * by pushing arec into el->values[i] below, after the
+			 * various manipulations.
+			 */
+			break;
+		}
+	}
+	if (i == el->num_values) {
+		return WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST;
+	}
+
+	/*
+	 * If we're updating a SOA record, use the specified serial.
+	 *
+	 * Otherwise, if we are updating ttl in place (i.e., not changing
+	 * .wType and .data on a record), we should increment the existing
+	 * serial, and save to the SOA.
+	 *
+	 * Outside of those two cases, we look for the zone's SOA record and
+	 * use its serial.
+	 */
+	if (arec->wType != DNS_TYPE_SOA) {
+		if (updating_ttl) {
+			/*
+			 * In this case, we keep some of the old values.
+			 */
+			arec->dwSerial = rec2.dwSerial;
+			arec->dwReserved = rec2.dwReserved;
+			/*
+			 * TODO: if the old TTL and the new TTL are
+			 * different, the serial number is incremented.
+			 */
+		} else {
+			arec->dwReserved = 0;
+			serial = dnsserver_update_soa(mem_ctx, samdb, z, &werr);
+			if (serial < 0) {
+				return werr;
+			}
+			arec->dwSerial = serial;
+		}
+	}
+
+	/* Set the correct rank for the record. */
+	set_record_rank(z, name, arec);
+	/*
+	 * Successful RPC updates *always* zero timestamp and flags and set
+	 * version.
+	 */
+	arec->dwTimeStamp = 0;
+	arec->version = 5;
+	arec->flags = 0;
+
+	ndr_err = ndr_push_struct_blob(&el->values[i], mem_ctx, arec,
+					(ndr_push_flags_fn_t)ndr_push_dnsp_DnssrvRpcRecord);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return WERR_GEN_FAILURE;
+	}
+
+	el->flags = LDB_FLAG_MOD_REPLACE;
+	ret = ldb_modify(samdb, res->msgs[0]);
+	if (ret != LDB_SUCCESS) {
+		return WERR_INTERNAL_DB_ERROR;
+	}
+
+	return WERR_OK;
+}
+
+
+/* Delete a DNS record */
+WERROR dnsserver_db_delete_record(TALLOC_CTX *mem_ctx,
+					struct ldb_context *samdb,
+					struct dnsserver_zone *z,
+					const char *name,
+					struct DNS_RPC_RECORD *del_record)
+{
+	const char * const attrs[] = { "dnsRecord", NULL };
+	struct ldb_result *res;
+	struct dnsp_DnssrvRpcRecord *rec = NULL;
+	struct ldb_message_element *el;
+	enum ndr_err_code ndr_err;
+	int ret, i;
+	int serial;
+	WERROR werr;
+
+	serial = dnsserver_update_soa(mem_ctx, samdb, z, &werr);
+	if (serial < 0) {
+		return werr;
+	}
+
+	werr = dns_to_dnsp_convert(mem_ctx, del_record, &rec, false);
+	if (!W_ERROR_IS_OK(werr)) {
+		return werr;
+	}
+
+	ret = ldb_search(samdb, mem_ctx, &res, z->zone_dn, LDB_SCOPE_ONELEVEL, attrs,
+			"(&(objectClass=dnsNode)(name=%s))",
+			 ldb_binary_encode_string(mem_ctx, name));
+	if (ret != LDB_SUCCESS) {
+		return WERR_INTERNAL_DB_ERROR;
+	}
+
+	if (res->count == 0) {
+		return WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST;
+	}
+	if (res->count > 1) {
+		return WERR_DNS_ERROR_RCODE_SERVER_FAILURE;
+	}
+
+	el = ldb_msg_find_element(res->msgs[0], "dnsRecord");
+	if (el == NULL || el->num_values == 0) {
+		return WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST;
+	}
+
+	for (i=0; i<el->num_values; i++) {
+		struct dnsp_DnssrvRpcRecord rec2;
+
+		ndr_err = ndr_pull_struct_blob(&el->values[i], mem_ctx, &rec2,
+						(ndr_pull_flags_fn_t)ndr_pull_dnsp_DnssrvRpcRecord);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			return WERR_GEN_FAILURE;
+		}
+
+		if (dns_record_match(rec, &rec2)) {
+			break;
+		}
+	}
+	if (i == el->num_values) {
+		return WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST;
+	}
+	if (i < el->num_values-1) {
+		memmove(&el->values[i], &el->values[i+1], sizeof(el->values[0])*((el->num_values-1)-i));
+	}
+	el->num_values--;
+
+	if (el->num_values == 0) {
+		ret = ldb_delete(samdb, res->msgs[0]->dn);
+	} else {
+		el->flags = LDB_FLAG_MOD_REPLACE;
+		ret = ldb_modify(samdb, res->msgs[0]);
+	}
+	if (ret != LDB_SUCCESS) {
+		return WERR_INTERNAL_DB_ERROR;
+	}
+
+	return WERR_OK;
+}
+
+
+static bool dnsserver_db_msg_add_dnsproperty(TALLOC_CTX *mem_ctx,
+					     struct ldb_message *msg,
+					     struct dnsp_DnsProperty *prop)
+{
+	DATA_BLOB *prop_blob;
+	enum ndr_err_code ndr_err;
+	int ret;
+
+	prop_blob = talloc_zero(mem_ctx, DATA_BLOB);
+	if (prop_blob == NULL) return false;
+
+	ndr_err = ndr_push_struct_blob(prop_blob, mem_ctx, prop,
+			(ndr_push_flags_fn_t)ndr_push_dnsp_DnsProperty);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return false;
+	}
+	ret = ldb_msg_add_steal_value(msg, "dNSProperty", prop_blob);
+	if (ret != LDB_SUCCESS) {
+		return false;
+	}
+	return true;
+}
+
+WERROR dnsserver_db_do_reset_dword(struct ldb_context *samdb,
+				   struct dnsserver_zone *z,
+				   struct DNS_RPC_NAME_AND_PARAM *n_p)
+{
+	struct ldb_message_element *element = NULL;
+	struct dnsp_DnsProperty *prop = NULL;
+	enum ndr_err_code err;
+	TALLOC_CTX *tmp_ctx = NULL;
+	const char * const attrs[] = {"dNSProperty", NULL};
+	struct ldb_result *res = NULL;
+	int i, ret, prop_id;
+
+	if (strcasecmp(n_p->pszNodeName, "Aging") == 0) {
+		z->zoneinfo->fAging = n_p->dwParam;
+		prop_id = DSPROPERTY_ZONE_AGING_STATE;
+	} else if (strcasecmp(n_p->pszNodeName, "RefreshInterval") == 0) {
+		z->zoneinfo->dwRefreshInterval = n_p->dwParam;
+		prop_id = DSPROPERTY_ZONE_REFRESH_INTERVAL;
+	} else if (strcasecmp(n_p->pszNodeName, "NoRefreshInterval") == 0) {
+		z->zoneinfo->dwNoRefreshInterval = n_p->dwParam;
+		prop_id = DSPROPERTY_ZONE_NOREFRESH_INTERVAL;
+	} else if (strcasecmp(n_p->pszNodeName, "AllowUpdate") == 0) {
+		z->zoneinfo->fAllowUpdate = n_p->dwParam;
+		prop_id = DSPROPERTY_ZONE_ALLOW_UPDATE;
+	} else {
+		return WERR_UNKNOWN_PROPERTY;
+	}
+
+	tmp_ctx = talloc_new(NULL);
+	if (tmp_ctx == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	ret = ldb_search(samdb, tmp_ctx, &res, z->zone_dn, LDB_SCOPE_BASE,
+			 attrs, "(objectClass=dnsZone)");
+	if (ret != LDB_SUCCESS) {
+		DBG_ERR("dnsserver: no zone: %s\n",
+			ldb_dn_get_linearized(z->zone_dn));
+		TALLOC_FREE(tmp_ctx);
+		return WERR_INTERNAL_DB_ERROR;
+	}
+
+	if (res->count != 1) {
+		DBG_ERR("dnsserver: duplicate zone: %s\n",
+			ldb_dn_get_linearized(z->zone_dn));
+		TALLOC_FREE(tmp_ctx);
+		return WERR_GEN_FAILURE;
+	}
+
+	element = ldb_msg_find_element(res->msgs[0], "dNSProperty");
+	if (element == NULL) {
+		DBG_ERR("dnsserver: zone %s has no properties.\n",
+			ldb_dn_get_linearized(z->zone_dn));
+		TALLOC_FREE(tmp_ctx);
+		return WERR_INTERNAL_DB_ERROR;
+	}
+
+	for (i = 0; i < element->num_values; i++) {
+		prop = talloc_zero(element, struct dnsp_DnsProperty);
+		if (prop == NULL) {
+			TALLOC_FREE(tmp_ctx);
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+		err = ndr_pull_struct_blob(
+			&(element->values[i]),
+			tmp_ctx,
+			prop,
+			(ndr_pull_flags_fn_t)ndr_pull_dnsp_DnsProperty);
+		if (!NDR_ERR_CODE_IS_SUCCESS(err)){
+			/*
+			 * If we can't pull it then try again parsing
+			 * it again.  A Windows server in the domain
+			 * will permit the addition of an invalidly
+			 * formed property with a 0 length and cause a
+			 * failure here
+			 */
+			struct dnsp_DnsProperty_short
+				*short_property
+				= talloc_zero(element,
+					      struct dnsp_DnsProperty_short);
+			if (short_property == NULL) {
+				TALLOC_FREE(tmp_ctx);
+				return WERR_NOT_ENOUGH_MEMORY;
+			}
+			err = ndr_pull_struct_blob_all(
+				&(element->values[i]),
+				tmp_ctx,
+				short_property,
+				(ndr_pull_flags_fn_t)ndr_pull_dnsp_DnsProperty_short);
+			if (!NDR_ERR_CODE_IS_SUCCESS(err)) {
+				/*
+				 * Unknown invalid data should be
+				 * ignored and logged to match Windows
+				 * behaviour
+				 */
+				DBG_NOTICE("dnsserver: couldn't PULL "
+					   "dnsProperty value#%d in "
+					   "zone %s while trying to "
+					   "reset id %d\n",
+					   i,
+					   ldb_dn_get_linearized(z->zone_dn),
+					   prop_id);
+				continue;
+			}
+
+			/*
+			 * Initialise the parts of the property not
+			 * overwritten by value() in the IDL for
+			 * re-push
+			 */
+			*prop = (struct dnsp_DnsProperty){
+				.namelength = short_property->namelength,
+				.id = short_property->id,
+				.name = short_property->name
+				/* .data will be filled in below */
+			};
+		}
+
+		if (prop->id == prop_id) {
+			switch (prop_id) {
+			case DSPROPERTY_ZONE_AGING_STATE:
+				prop->data.aging_enabled = n_p->dwParam;
+				break;
+			case DSPROPERTY_ZONE_NOREFRESH_INTERVAL:
+				prop->data.norefresh_hours = n_p->dwParam;
+				break;
+			case DSPROPERTY_ZONE_REFRESH_INTERVAL:
+				prop->data.refresh_hours = n_p->dwParam;
+				break;
+			case DSPROPERTY_ZONE_ALLOW_UPDATE:
+				prop->data.allow_update_flag = n_p->dwParam;
+				break;
+			}
+
+			err = ndr_push_struct_blob(
+				&(element->values[i]),
+				tmp_ctx,
+				prop,
+				(ndr_push_flags_fn_t)ndr_push_dnsp_DnsProperty);
+			if (!NDR_ERR_CODE_IS_SUCCESS(err)){
+				DBG_ERR("dnsserver: couldn't PUSH dns prop id "
+					"%d in zone %s\n",
+					prop->id,
+					ldb_dn_get_linearized(z->zone_dn));
+				TALLOC_FREE(tmp_ctx);
+				return WERR_INTERNAL_DB_ERROR;
+			}
+		}
+	}
+
+	element->flags = LDB_FLAG_MOD_REPLACE;
+	ret = ldb_modify(samdb, res->msgs[0]);
+	if (ret != LDB_SUCCESS) {
+		TALLOC_FREE(tmp_ctx);
+		DBG_ERR("dnsserver: Failed to modify zone %s prop %s: %s\n",
+			z->name,
+			n_p->pszNodeName,
+			ldb_errstring(samdb));
+		return WERR_INTERNAL_DB_ERROR;
+	}
+	TALLOC_FREE(tmp_ctx);
+
+	return WERR_OK;
+}
+
+/* Create dnsZone record to database and set security descriptor */
+static WERROR dnsserver_db_do_create_zone(TALLOC_CTX *tmp_ctx,
+					  struct ldb_context *samdb,
+					  struct ldb_dn *zone_dn,
+					  struct dnsserver_zone *z)
+{
+	const char * const attrs[] = { "objectSID", NULL };
+	struct ldb_message *msg;
+	struct ldb_result *res;
+	struct ldb_message_element *el;
+	const char sddl_template[] = "D:AI(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;CC;;;AU)(A;;RPLCLORC;;;WD)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPWPCRCCDCLCRCWOWDSDDTSW;;;ED)(A;CIID;RPWPCRCCDCLCRCWOWDSDDTSW;;;%s)(A;CIID;RPWPCRCCDCLCRCWOWDSDDTSW;;;ED)(OA;CIID;RPWPCR;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)(A;CIID;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;CIID;LC;;;RU)(A;CIID;RPWPCRCCLCLORCWOWDSDSW;;;BA)S:AI";
+	char *sddl;
+	struct dom_sid dnsadmins_sid;
+	const struct dom_sid *domain_sid;
+	struct security_descriptor *secdesc;
+	struct dnsp_DnsProperty *prop;
+	DATA_BLOB *sd_encoded;
+	enum ndr_err_code ndr_err;
+	int ret;
+
+	/* Get DnsAdmins SID */
+	ret = ldb_search(samdb, tmp_ctx, &res, ldb_get_default_basedn(samdb),
+			 LDB_SCOPE_DEFAULT, attrs, "(sAMAccountName=DnsAdmins)");
+	if (ret != LDB_SUCCESS || res->count != 1) {
+		return WERR_INTERNAL_DB_ERROR;
+	}
+
+	el = ldb_msg_find_element(res->msgs[0], "objectSID");
+	if (el == NULL || el->num_values != 1) {
+		return WERR_INTERNAL_DB_ERROR;
+	}
+
+	ndr_err = ndr_pull_struct_blob(&el->values[0], tmp_ctx, &dnsadmins_sid,
+				(ndr_pull_flags_fn_t)ndr_pull_dom_sid);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return WERR_INTERNAL_DB_ERROR;
+	}
+
+	/* create security descriptor with DnsAdmins GUID in sddl template */
+	sddl = talloc_asprintf(tmp_ctx, sddl_template,
+			       dom_sid_string(tmp_ctx, &dnsadmins_sid));
+	if (sddl == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+	talloc_free(res);
+
+	domain_sid = samdb_domain_sid(samdb);
+	if (domain_sid == NULL) {
+		return WERR_INTERNAL_DB_ERROR;
+	}
+
+	secdesc = sddl_decode(tmp_ctx, sddl, domain_sid);
+	if (secdesc == NULL) {
+		return WERR_GEN_FAILURE;
+	}
+
+	msg = ldb_msg_new(tmp_ctx);
+	W_ERROR_HAVE_NO_MEMORY(msg);
+
+	msg->dn = zone_dn;
+	ret = ldb_msg_add_string(msg, "objectClass", "dnsZone");
+	if (ret != LDB_SUCCESS) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	sd_encoded = talloc_zero(tmp_ctx, DATA_BLOB);
+	W_ERROR_HAVE_NO_MEMORY(sd_encoded);
+
+	ndr_err = ndr_push_struct_blob(sd_encoded, tmp_ctx, secdesc,
+			(ndr_push_flags_fn_t)ndr_push_security_descriptor);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return WERR_GEN_FAILURE;
+	}
+
+	ret = ldb_msg_add_steal_value(msg, "nTSecurityDescriptor", sd_encoded);
+	if (ret != LDB_SUCCESS) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	/* dns zone Properties */
+	prop = talloc_zero(tmp_ctx, struct dnsp_DnsProperty);
+	W_ERROR_HAVE_NO_MEMORY(prop);
+
+	prop->version = 1;
+
+	/* zone type */
+	prop->id = DSPROPERTY_ZONE_TYPE;
+	prop->data.zone_type = z->zoneinfo->dwZoneType;
+	if (!dnsserver_db_msg_add_dnsproperty(tmp_ctx, msg, prop)) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	/* allow update */
+	prop->id = DSPROPERTY_ZONE_ALLOW_UPDATE;
+	prop->data.allow_update_flag = z->zoneinfo->fAllowUpdate;
+	if (!dnsserver_db_msg_add_dnsproperty(tmp_ctx, msg, prop)) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	/* secure time */
+	prop->id = DSPROPERTY_ZONE_SECURE_TIME;
+	prop->data.zone_secure_time = 0;
+	if (!dnsserver_db_msg_add_dnsproperty(tmp_ctx, msg, prop)) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	/* norefresh interval */
+	prop->id = DSPROPERTY_ZONE_NOREFRESH_INTERVAL;
+	prop->data.norefresh_hours = 168;
+	if (!dnsserver_db_msg_add_dnsproperty(tmp_ctx, msg, prop)) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	/* refresh interval */
+	prop->id = DSPROPERTY_ZONE_REFRESH_INTERVAL;
+	prop->data.refresh_hours = 168;
+	if (!dnsserver_db_msg_add_dnsproperty(tmp_ctx, msg, prop)) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	/* aging state */
+	prop->id = DSPROPERTY_ZONE_AGING_STATE;
+	prop->data.aging_enabled = z->zoneinfo->fAging;
+	if (!dnsserver_db_msg_add_dnsproperty(tmp_ctx, msg, prop)) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	/* aging enabled time */
+	prop->id = DSPROPERTY_ZONE_AGING_ENABLED_TIME;
+	prop->data.next_scavenging_cycle_hours = 0;
+	if (!dnsserver_db_msg_add_dnsproperty(tmp_ctx, msg, prop)) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	talloc_free(prop);
+
+	ret = ldb_add(samdb, msg);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0, ("dnsserver: Failed to create zone (%s): %s\n",
+		      z->name, ldb_errstring(samdb)));
+
+		if (ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS) {
+			return WERR_ACCESS_DENIED;
+		}
+
+		return WERR_INTERNAL_DB_ERROR;
+	}
+
+	return WERR_OK;
+}
+
+
+/* Create new dnsZone record and @ record (SOA + NS) */
+WERROR dnsserver_db_create_zone(struct ldb_context *samdb,
+				struct dnsserver_partition *partitions,
+				struct dnsserver_zone *zone,
+				struct loadparm_context *lp_ctx)
+{
+	struct dnsserver_partition *p;
+	bool in_forest = false;
+	WERROR status;
+	struct ldb_dn *dn;
+	TALLOC_CTX *tmp_ctx;
+	struct dnsp_DnssrvRpcRecord *dns_rec;
+	struct dnsp_soa soa;
+	char *tmpstr, *server_fqdn, *soa_email;
+	struct ldb_val name_val = data_blob_string_const(zone->name);
+
+	/* We only support primary zones for now */
+	if (zone->zoneinfo->dwZoneType != DNS_ZONE_TYPE_PRIMARY) {
+		return WERR_CALL_NOT_IMPLEMENTED;
+	}
+
+	/* Get the correct partition */
+	if (zone->partition->dwDpFlags & DNS_DP_FOREST_DEFAULT) {
+		in_forest = true;
+	}
+	for (p = partitions; p; p = p->next) {
+		if (in_forest == p->is_forest) {
+			break;
+		}
+	}
+	if (p == NULL) {
+		return WERR_DNS_ERROR_DP_DOES_NOT_EXIST;
+	}
+
+	tmp_ctx = talloc_new(NULL);
+	W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
+
+	dn = ldb_dn_copy(tmp_ctx, p->partition_dn);
+	W_ERROR_HAVE_NO_MEMORY_AND_FREE(dn, tmp_ctx);
+
+	if (!ldb_dn_add_child_fmt(dn, "CN=MicrosoftDNS")) {
+		talloc_free(tmp_ctx);
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	if (!ldb_dn_add_child_val(dn, "DC", name_val)) {
+		talloc_free(tmp_ctx);
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	/* Add dnsZone record */
+	status = dnsserver_db_do_create_zone(tmp_ctx, samdb, dn, zone);
+	if (!W_ERROR_IS_OK(status)) {
+		talloc_free(tmp_ctx);
+		return status;
+	}
+
+	if (!ldb_dn_add_child_fmt(dn, "DC=@")) {
+		talloc_free(tmp_ctx);
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	dns_rec = talloc_zero_array(tmp_ctx, struct dnsp_DnssrvRpcRecord, 2);
+	W_ERROR_HAVE_NO_MEMORY_AND_FREE(dns_rec, tmp_ctx);
+
+	tmpstr = talloc_asprintf(tmp_ctx, "%s.%s",
+				 lpcfg_netbios_name(lp_ctx),
+				 lpcfg_realm(lp_ctx));
+	W_ERROR_HAVE_NO_MEMORY_AND_FREE(tmpstr, tmp_ctx);
+	server_fqdn = strlower_talloc(tmp_ctx, tmpstr);
+	W_ERROR_HAVE_NO_MEMORY_AND_FREE(server_fqdn, tmp_ctx);
+	talloc_free(tmpstr);
+
+	tmpstr = talloc_asprintf(tmp_ctx, "hostmaster.%s",
+				  lpcfg_realm(lp_ctx));
+	W_ERROR_HAVE_NO_MEMORY_AND_FREE(tmpstr, tmp_ctx);
+	soa_email = strlower_talloc(tmp_ctx, tmpstr);
+	W_ERROR_HAVE_NO_MEMORY_AND_FREE(soa_email, tmp_ctx);
+	talloc_free(tmpstr);
+
+	/* SOA Record - values same as defined in provision/sambadns.py */
+	soa.serial = 1;
+	soa.refresh = 900;
+	soa.retry = 600;
+	soa.expire = 86400;
+	soa.minimum = 3600;
+	soa.mname = server_fqdn;
+	soa.rname = soa_email;
+
+	dns_rec[0].wType = DNS_TYPE_SOA;
+	dns_rec[0].rank = DNS_RANK_ZONE;
+	dns_rec[0].dwSerial = soa.serial;
+	dns_rec[0].dwTtlSeconds = 3600;
+	dns_rec[0].dwTimeStamp = 0;
+	dns_rec[0].data.soa = soa;
+
+	/* NS Record */
+	dns_rec[1].wType = DNS_TYPE_NS;
+	dns_rec[1].rank = DNS_RANK_ZONE;
+	dns_rec[1].dwSerial = soa.serial;
+	dns_rec[1].dwTtlSeconds = 3600;
+	dns_rec[1].dwTimeStamp = 0;
+	dns_rec[1].data.ns = server_fqdn;
+
+	/* Add @ Record */
+	status = dnsserver_db_do_add_rec(tmp_ctx, samdb, dn, 2, dns_rec);
+
+	talloc_free(tmp_ctx);
+	return status;
+}
+
+
+/* Delete dnsZone record and all DNS records in the zone */
+WERROR dnsserver_db_delete_zone(struct ldb_context *samdb,
+				struct dnsserver_zone *zone)
+{
+	int ret;
+
+	ret = ldb_transaction_start(samdb);
+	if (ret != LDB_SUCCESS) {
+		return WERR_INTERNAL_DB_ERROR;
+	}
+
+	ret = dsdb_delete(samdb, zone->zone_dn, DSDB_TREE_DELETE);
+	if (ret != LDB_SUCCESS) {
+		ldb_transaction_cancel(samdb);
+
+		if (ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS) {
+			return WERR_ACCESS_DENIED;
+		}
+		return WERR_INTERNAL_DB_ERROR;
+	}
+
+	ret = ldb_transaction_commit(samdb);
+	if (ret != LDB_SUCCESS) {
+		return WERR_INTERNAL_DB_ERROR;
+	}
+
+	return WERR_OK;
+}
diff --git a/source4/rpc_server/dnsserver/dnsserver.h b/source4/rpc_server/dnsserver/dnsserver.h
new file mode 100644
index 0000000..2e46e7c
--- /dev/null
+++ b/source4/rpc_server/dnsserver/dnsserver.h
@@ -0,0 +1,264 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   DNS Server
+
+   Copyright (C) Amitay Isaacs 2011
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __DNSSERVER_H__
+#define __DNSSERVER_H__
+
+#include "librpc/gen_ndr/dnsp.h"
+#include "librpc/gen_ndr/dnsserver.h"
+#include "param/param.h"
+#include "ldb.h"
+
+struct dnsserver_serverinfo {
+	uint32_t	dwVersion;
+	uint8_t		fBootMethod;
+	uint8_t		fAdminConfigured;
+	uint8_t		fAllowUpdate;
+	uint8_t		fDsAvailable;
+
+	char *		pszServerName;
+	char *		pszDsContainer;
+
+	uint32_t	dwDsForestVersion;
+	uint32_t	dwDsDomainVersion;
+	uint32_t	dwDsDsaVersion;
+	uint32_t	fReadOnlyDC;
+	char *		pszDomainName;
+	char *		pszForestName;
+	char *		pszDomainDirectoryPartition;
+	char *		pszForestDirectoryPartition;
+
+	struct DNS_ADDR_ARRAY * aipServerAddrs;
+	struct DNS_ADDR_ARRAY * aipListenAddrs;
+	struct IP4_ARRAY * aipForwarders;
+
+	struct IP4_ARRAY * aipLogFilter;
+	char *		pwszLogFilePath;
+
+	uint32_t 	dwLogLevel;
+	uint32_t 	dwDebugLevel;
+	uint32_t 	dwEventLogLevel;
+	uint32_t 	dwLogFileMaxSize;
+
+	uint32_t 	dwForwardTimeout;
+	uint32_t 	dwRpcProtocol;
+	uint32_t 	dwNameCheckFlag;
+	uint32_t 	cAddressAnswerLimit;
+	uint32_t 	dwRecursionRetry;
+	uint32_t 	dwRecursionTimeout;
+	uint32_t 	dwMaxCacheTtl;
+	uint32_t 	dwDsPollingInterval;
+	uint32_t 	dwLocalNetPriorityNetMask;
+
+	uint32_t 	dwScavengingInterval;
+	uint32_t 	dwDefaultRefreshInterval;
+	uint32_t 	dwDefaultNoRefreshInterval;
+	uint32_t 	dwLastScavengeTime;
+
+	uint8_t 	fAutoReverseZones;
+	uint8_t 	fAutoCacheUpdate;
+
+	uint8_t 	fRecurseAfterForwarding;
+	uint8_t 	fForwardDelegations;
+	uint8_t 	fNoRecursion;
+	uint8_t 	fSecureResponses;
+
+	uint8_t 	fRoundRobin;
+	uint8_t 	fLocalNetPriority;
+
+	uint8_t 	fBindSecondaries;
+	uint8_t 	fWriteAuthorityNs;
+
+	uint8_t 	fStrictFileParsing;
+	uint8_t 	fLooseWildcarding;
+	uint8_t 	fDefaultAgingState;
+};
+
+struct dnsserver_zoneinfo {
+	uint8_t		Version;
+	uint32_t	Flags;
+	uint8_t		dwZoneType;
+	uint8_t		fReverse;
+	uint8_t		fAllowUpdate;
+	uint8_t		fPaused;
+	uint8_t		fShutdown;
+	uint8_t		fAutoCreated;
+
+	uint8_t		fUseDatabase;
+	char *		pszDataFile;
+
+	struct IP4_ARRAY * aipMasters;
+
+	uint32_t	fSecureSecondaries;
+	uint32_t	fNotifyLevel;
+	struct IP4_ARRAY * aipSecondaries;
+	struct IP4_ARRAY * aipNotify;
+
+	uint32_t	fUseWins;
+	uint32_t	fUseNbstat;
+
+	uint32_t	fAging;
+	uint32_t	dwNoRefreshInterval;
+	uint32_t	dwRefreshInterval;
+	uint32_t	dwAvailForScavengeTime;
+	struct IP4_ARRAY * aipScavengeServers;
+
+	uint32_t	dwForwarderTimeout;
+	uint32_t	fForwarderSlave;
+
+	struct IP4_ARRAY * aipLocalMasters;
+
+	char *		pwszZoneDn;
+
+	uint32_t	dwLastSuccessfulSoaCheck;
+	uint32_t	dwLastSuccessfulXfr;
+
+	uint32_t	fQueuedForBackgroundLoad;
+	uint32_t	fBackgroundLoadInProgress;
+	uint8_t		fReadOnlyZone;
+
+	uint32_t	dwLastXfrAttempt;
+	uint32_t	dwLastXfrResult;
+};
+
+
+struct dnsserver_partition {
+	struct dnsserver_partition *prev, *next;
+	struct ldb_dn *partition_dn;
+	const char *pszDpFqdn;
+	uint32_t dwDpFlags;
+	bool is_forest;
+	int zones_count;
+};
+
+
+struct dnsserver_partition_info {
+	const char *pszCrDn;
+	uint32_t dwState;
+	uint32_t dwReplicaCount;
+	struct DNS_RPC_DP_REPLICA **ReplicaArray;
+};
+
+
+struct dnsserver_zone {
+	struct dnsserver_zone *prev, *next;
+	struct dnsserver_partition *partition;
+	const char *name;
+	struct ldb_dn *zone_dn;
+	struct dnsserver_zoneinfo *zoneinfo;
+	struct dnsp_DnsProperty *tmp_props;
+	int32_t num_props;
+};
+
+
+struct dns_tree {
+	const char *name;
+	int level;
+	unsigned int num_children;
+	struct dns_tree **children;
+	void *data;
+};
+
+/* Data structure manipulation functions from dnsdata.c */
+
+struct IP4_ARRAY *ip4_array_copy(TALLOC_CTX *mem_ctx, struct IP4_ARRAY *ip4);
+struct DNS_ADDR_ARRAY *ip4_array_to_dns_addr_array(TALLOC_CTX *mem_ctx, struct IP4_ARRAY *ip4);
+struct IP4_ARRAY *dns_addr_array_to_ip4_array(TALLOC_CTX *mem_ctx,
+					      struct DNS_ADDR_ARRAY *ip);
+struct DNS_ADDR_ARRAY *dns_addr_array_copy(TALLOC_CTX *mem_ctx, struct DNS_ADDR_ARRAY *addr);
+
+int dns_split_name_components(TALLOC_CTX *mem_ctx, const char *name, char ***components);
+char *dns_split_node_name(TALLOC_CTX *mem_ctx, const char *node_name, const char *zone_name);
+
+int dns_name_compare(struct ldb_message * const *m1, struct ldb_message * const *m2,
+		     const char *search_name);
+bool dns_record_match(struct dnsp_DnssrvRpcRecord *rec1, struct dnsp_DnssrvRpcRecord *rec2);
+
+void dnsp_to_dns_copy(TALLOC_CTX *mem_ctx, struct dnsp_DnssrvRpcRecord *dnsp,
+			struct DNS_RPC_RECORD *dns);
+WERROR dns_to_dnsp_convert(TALLOC_CTX *mem_ctx, struct DNS_RPC_RECORD *dns,
+			   struct dnsp_DnssrvRpcRecord **out_dnsp,
+			   bool check_name);
+
+struct dns_tree *dns_build_tree(TALLOC_CTX *mem_ctx, const char *name, struct ldb_result *res);
+WERROR dns_fill_records_array(TALLOC_CTX *mem_ctx, struct dnsserver_zone *z,
+			enum dns_record_type record_type,
+			unsigned int select_flag, const char *zone_name,
+			struct ldb_message *msg, int num_children,
+			struct DNS_RPC_RECORDS_ARRAY *recs,
+			char ***add_names, int *add_count);
+
+
+/* Utility functions from dnsutils.c */
+
+struct dnsserver_serverinfo *dnsserver_init_serverinfo(TALLOC_CTX *mem_ctx,
+					struct loadparm_context *lp_ctx,
+					struct ldb_context *samdb);
+struct dnsserver_zoneinfo *dnsserver_init_zoneinfo(struct dnsserver_zone *zone,
+					struct dnsserver_serverinfo *serverinfo);
+struct dnsserver_zone *dnsserver_find_zone(struct dnsserver_zone *zones,
+					const char *zone_name);
+struct ldb_dn *dnsserver_name_to_dn(TALLOC_CTX *mem_ctx, struct dnsserver_zone *z,
+					const char *name);
+uint32_t dnsserver_zone_to_request_filter(const char *zone);
+
+/* Database functions from dnsdb.c */
+
+struct dnsserver_partition *dnsserver_db_enumerate_partitions(TALLOC_CTX *mem_ctx,
+					struct dnsserver_serverinfo *serverinfo,
+					struct ldb_context *samdb);
+struct dnsserver_zone *dnsserver_db_enumerate_zones(TALLOC_CTX *mem_ctx,
+					struct ldb_context *samdb,
+					struct dnsserver_partition *p);
+struct dnsserver_partition_info *dnsserver_db_partition_info(TALLOC_CTX *mem_ctx,
+					struct ldb_context *samdb,
+					struct dnsserver_partition *p);
+WERROR dnsserver_db_add_empty_node(TALLOC_CTX *mem_ctx,
+					struct ldb_context *samdb,
+					struct dnsserver_zone *z,
+					const char *node_name);
+WERROR dnsserver_db_add_record(TALLOC_CTX *mem_ctx,
+					struct ldb_context *samdb,
+					struct dnsserver_zone *z,
+					const char *node_name,
+					struct DNS_RPC_RECORD *add_record);
+WERROR dnsserver_db_update_record(TALLOC_CTX *mem_ctx,
+					struct ldb_context *samdb,
+					struct dnsserver_zone *z,
+					const char *node_name,
+					struct DNS_RPC_RECORD *add_record,
+					struct DNS_RPC_RECORD *del_record);
+WERROR dnsserver_db_do_reset_dword(struct ldb_context *samdb,
+					struct dnsserver_zone *z,
+					struct DNS_RPC_NAME_AND_PARAM *n_p);
+WERROR dnsserver_db_delete_record(TALLOC_CTX *mem_ctx,
+				  struct ldb_context *samdb,
+				  struct dnsserver_zone *z,
+				  const char *node_name,
+				  struct DNS_RPC_RECORD *del_record);
+WERROR dnsserver_db_create_zone(struct ldb_context *samdb,
+				struct dnsserver_partition *partitions,
+				struct dnsserver_zone *z,
+				struct loadparm_context *lp_ctx);
+WERROR dnsserver_db_delete_zone(struct ldb_context *samdb,
+				struct dnsserver_zone *z);
+
+#endif /* __DNSSERVER_H__ */
diff --git a/source4/rpc_server/dnsserver/dnsutils.c b/source4/rpc_server/dnsserver/dnsutils.c
new file mode 100644
index 0000000..2c56946
--- /dev/null
+++ b/source4/rpc_server/dnsserver/dnsutils.c
@@ -0,0 +1,414 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   DNS Server
+
+   Copyright (C) Amitay Isaacs 2011
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "dnsserver.h"
+#include "rpc_server/common/common.h"
+#include "dns_server/dnsserver_common.h"
+#include "dsdb/samdb/samdb.h"
+#include "lib/socket/netif.h"
+#include "lib/util/util_net.h"
+#include "dnsserver_common.h"
+
+#undef strcasecmp
+
+static struct DNS_ADDR_ARRAY *fill_dns_addr_array(TALLOC_CTX *mem_ctx,
+					   struct loadparm_context *lp_ctx,
+					   bool listen_only)
+{
+	struct interface *ifaces;
+	int num_interfaces, i;
+	struct DNS_ADDR_ARRAY *dns_addr_array;
+	const char *ipstr;
+	bool have_ipv4, have_ipv6;
+	uint16_t family;
+
+	have_ipv4 = have_ipv6 = false;
+
+	if (!listen_only) {
+		/*
+		  Return all interfaces from kernel
+		  Not implemented!
+		*/
+		return NULL;
+	}
+
+	/* Only the used interfaces */
+	load_interface_list(mem_ctx, lp_ctx, &ifaces);
+	num_interfaces = iface_list_count(ifaces);
+
+	dns_addr_array = talloc_zero(mem_ctx, struct DNS_ADDR_ARRAY);
+	if (dns_addr_array == NULL) {
+		goto nomem;
+	}
+	dns_addr_array->MaxCount = num_interfaces;
+	dns_addr_array->AddrCount = num_interfaces;
+	if (num_interfaces == 0) {
+		goto nomem;
+	}
+
+	dns_addr_array->AddrArray = talloc_zero_array(mem_ctx, struct DNS_ADDR,
+						      num_interfaces);
+	if (!dns_addr_array->AddrArray) {
+		TALLOC_FREE(dns_addr_array);
+		goto nomem;
+	}
+
+	for (i = 0; i < num_interfaces; i++) {
+		int ret;
+		ipstr = iface_list_n_ip(ifaces, i);
+		if (is_ipaddress_v4(ipstr)) {
+			have_ipv4 = true;
+			dns_addr_array->AddrArray[i].MaxSa[0] = 0x02;
+			ret = inet_pton(AF_INET, ipstr,
+					&dns_addr_array->AddrArray[i].MaxSa[4]);
+		} else {
+			have_ipv6 = true;
+			dns_addr_array->AddrArray[i].MaxSa[0] = 0x17;
+			ret = inet_pton(AF_INET6, ipstr,
+					&dns_addr_array->AddrArray[i].MaxSa[8]);
+		}
+		if (ret != 1) { /*yep, 1 means success for inet_pton */
+			DBG_ERR("Interface %d address (%s) is invalid\n",
+				i, ipstr);
+			goto nomem;
+		}
+	}
+
+	if (have_ipv4 && have_ipv6) {
+		family = 0;   /* mixed: MS-DNSP */
+	} else if (have_ipv4 && !have_ipv6) {
+		family = AF_INET;
+	} else {
+		family = AF_INET6;
+	}
+	dns_addr_array->Family = family;
+
+nomem:
+	talloc_free(ifaces);
+	return dns_addr_array;
+}
+
+struct dnsserver_serverinfo *dnsserver_init_serverinfo(TALLOC_CTX *mem_ctx,
+							struct loadparm_context *lp_ctx,
+							struct ldb_context *samdb)
+{
+	struct dnsserver_serverinfo *serverinfo;
+	struct dcerpc_server_info *dinfo;
+	struct ldb_dn *domain_dn, *forest_dn;
+
+	serverinfo = talloc_zero(mem_ctx, struct dnsserver_serverinfo);
+	if (serverinfo == NULL) {
+		return NULL;
+	}
+
+	dinfo = lpcfg_dcerpc_server_info(mem_ctx, lp_ctx);
+	if (dinfo) {
+		serverinfo->dwVersion = (dinfo->version_build & 0x0000FFFF) << 16 |
+				(dinfo->version_minor & 0x000000FF) << 8 |
+				(dinfo->version_major & 0x000000FF);
+		talloc_free(dinfo);
+	} else {
+		serverinfo->dwVersion = 0x0ECE0205; /* build, os_minor, os_major */;
+	}
+
+	serverinfo->fBootMethod = DNS_BOOT_METHOD_DIRECTORY;
+	serverinfo->fAdminConfigured = 0;
+	serverinfo->fAllowUpdate = 1;
+	serverinfo->fDsAvailable = 1;
+
+	serverinfo->pszServerName = talloc_asprintf(mem_ctx, "%s.%s",
+					lpcfg_netbios_name(lp_ctx),
+					lpcfg_dnsdomain(lp_ctx));
+
+	domain_dn = ldb_get_default_basedn(samdb);
+	forest_dn = ldb_get_root_basedn(samdb);
+
+	serverinfo->pszDsContainer = talloc_asprintf(mem_ctx,
+					"CN=MicrosoftDNS,DC=DomainDnsZones,%s",
+					ldb_dn_get_linearized(domain_dn));
+
+	serverinfo->dwDsForestVersion = dsdb_forest_functional_level(samdb);
+	serverinfo->dwDsDomainVersion = dsdb_functional_level(samdb);
+	serverinfo->dwDsDsaVersion = dsdb_dc_functional_level(samdb);
+
+	serverinfo->pszDomainName = samdb_dn_to_dns_domain(mem_ctx, domain_dn);
+	serverinfo->pszForestName = samdb_dn_to_dns_domain(mem_ctx, forest_dn);
+
+	serverinfo->pszDomainDirectoryPartition = talloc_asprintf(mem_ctx,
+							"DC=DomainDnsZones,%s",
+							ldb_dn_get_linearized(domain_dn));
+	serverinfo->pszForestDirectoryPartition = talloc_asprintf(mem_ctx,
+							"DC=ForestDnsZones,%s",
+							ldb_dn_get_linearized(forest_dn));
+	/* IP addresses on which the DNS server listens for DNS requests */
+	serverinfo->aipListenAddrs = fill_dns_addr_array(mem_ctx, lp_ctx, true);
+
+	/* All IP addresses available on the server
+	 * Not implemented!
+	 * Use same as listen addresses
+	 */
+	serverinfo->aipServerAddrs = serverinfo->aipListenAddrs;
+
+	serverinfo->aipForwarders = NULL;
+
+	serverinfo->aipLogFilter = NULL;
+	serverinfo->pwszLogFilePath = NULL;
+
+	serverinfo->dwLogLevel = 0;
+	serverinfo->dwDebugLevel = 0;
+	serverinfo->dwEventLogLevel = DNS_EVENT_LOG_INFORMATION_TYPE;
+	serverinfo->dwLogFileMaxSize = 0;
+
+	serverinfo->dwForwardTimeout = 3; /* seconds (default) */
+	serverinfo->dwRpcProtocol = 5;
+	serverinfo->dwNameCheckFlag = DNS_ALLOW_MULTIBYTE_NAMES;
+	serverinfo->cAddressAnswerLimit = 0;
+	serverinfo->dwRecursionRetry = 3;       /* seconds (default) */
+	serverinfo->dwRecursionTimeout = 8;     /* seconds (default) */
+	serverinfo->dwMaxCacheTtl = 0x00015180; /* 1 day (default) */
+	serverinfo->dwDsPollingInterval = 0xB4; /* 3 minutes (default) */
+	serverinfo->dwLocalNetPriorityNetMask = 0x000000FF;
+
+	serverinfo->dwScavengingInterval = lpcfg_parm_int(
+	    lp_ctx, NULL, "dnsserver", "ScavengingInterval", 24 * 7);
+	serverinfo->dwDefaultRefreshInterval = lpcfg_parm_int(
+	    lp_ctx, NULL, "dnsserver", "DefaultRefreshInterval", 24 * 3);
+	serverinfo->dwDefaultNoRefreshInterval = lpcfg_parm_int(
+	    lp_ctx, NULL, "dnsserver", "DefaultNoRefreshInterval", 24 * 3);
+
+	serverinfo->dwLastScavengeTime = 0;
+
+	serverinfo->fAutoReverseZones = 0;
+	serverinfo->fAutoCacheUpdate = 0;
+
+	serverinfo->fRecurseAfterForwarding = 0;
+	serverinfo->fForwardDelegations = 1;
+	serverinfo->fNoRecursion = 0;
+	serverinfo->fSecureResponses = 0;
+
+	serverinfo->fRoundRobin = 1;
+	serverinfo->fLocalNetPriority = 0;
+
+	serverinfo->fBindSecondaries = 0;
+	serverinfo->fWriteAuthorityNs = 0;
+
+	serverinfo->fStrictFileParsing = 0;
+	serverinfo->fLooseWildcarding = 0 ;
+	serverinfo->fDefaultAgingState = 0;
+
+	return serverinfo;
+}
+
+struct dnsserver_zoneinfo *dnsserver_init_zoneinfo(struct dnsserver_zone *zone,
+						struct dnsserver_serverinfo *serverinfo)
+{
+	struct dnsserver_zoneinfo *zoneinfo;
+	uint32_t fReverse;
+	const char *revzone = "in-addr.arpa";
+	const char *revzone6 = "ip6.arpa";
+	int len1, len2;
+	unsigned int i = 0;
+
+	zoneinfo = talloc_zero(zone, struct dnsserver_zoneinfo);
+	if (zoneinfo == NULL) {
+		return NULL;
+	}
+
+	/* If the zone name ends with in-addr.arpa, it's reverse zone */
+	/* If the zone name ends with ip6.arpa, it's reverse zone (IPv6) */
+	fReverse = 0;
+	len1 = strlen(zone->name);
+	len2 = strlen(revzone);
+	if (len1 > len2 && strcasecmp(&zone->name[len1-len2], revzone) == 0) {
+		fReverse = 1;
+	} else {
+		len2 = strlen(revzone6);
+		if (len1 > len2 && strcasecmp(&zone->name[len1-len2], revzone6) == 0) {
+			fReverse = 1;
+		}
+	}
+
+	zoneinfo->Version = 0x32;
+	zoneinfo->Flags = DNS_RPC_ZONE_DSINTEGRATED;
+
+	if (strcmp(zone->name, ".") == 0) {
+		zoneinfo->dwZoneType = DNS_ZONE_TYPE_CACHE;
+		zoneinfo->fAllowUpdate = DNS_ZONE_UPDATE_OFF;
+		zoneinfo->fSecureSecondaries = DNS_ZONE_SECSECURE_NO_SECURITY;
+		zoneinfo->fNotifyLevel = DNS_ZONE_NOTIFY_OFF;
+		zoneinfo->dwNoRefreshInterval = 0;
+		zoneinfo->dwRefreshInterval = 0;
+	} else {
+		zoneinfo->Flags |= DNS_RPC_ZONE_UPDATE_SECURE;
+		zoneinfo->dwZoneType = DNS_ZONE_TYPE_PRIMARY;
+		zoneinfo->fAllowUpdate = DNS_ZONE_UPDATE_SECURE;
+		zoneinfo->fSecureSecondaries = DNS_ZONE_SECSECURE_NO_XFER;
+		zoneinfo->fNotifyLevel = DNS_ZONE_NOTIFY_LIST_ONLY;
+		zoneinfo->dwNoRefreshInterval = serverinfo->dwDefaultNoRefreshInterval;
+		zoneinfo->dwRefreshInterval = serverinfo->dwDefaultRefreshInterval;
+	}
+
+	zoneinfo->fReverse = fReverse;
+	zoneinfo->fPaused = 0;
+	zoneinfo->fShutdown = 0;
+	zoneinfo->fAutoCreated = 0;
+	zoneinfo->fUseDatabase = 1;
+	zoneinfo->pszDataFile = NULL;
+	zoneinfo->aipMasters = NULL;
+	zoneinfo->aipSecondaries = NULL;
+	zoneinfo->aipNotify = NULL;
+	zoneinfo->fUseWins = 0;
+	zoneinfo->fUseNbstat = 0;
+	zoneinfo->fAging = 0;
+	zoneinfo->dwAvailForScavengeTime = 0;
+	zoneinfo->aipScavengeServers = NULL;
+	zoneinfo->dwForwarderTimeout = 0;
+	zoneinfo->fForwarderSlave = 0;
+	zoneinfo->aipLocalMasters = NULL;
+	zoneinfo->pwszZoneDn = discard_const_p(char, ldb_dn_get_linearized(zone->zone_dn));
+	zoneinfo->dwLastSuccessfulSoaCheck = 0;
+	zoneinfo->dwLastSuccessfulXfr = 0;
+	zoneinfo->fQueuedForBackgroundLoad = 0;
+	zoneinfo->fBackgroundLoadInProgress = 0;
+	zoneinfo->fReadOnlyZone = 0;
+	zoneinfo->dwLastXfrAttempt = 0;
+	zoneinfo->dwLastXfrResult = 0;
+
+	for(i=0; i<zone->num_props; i++){
+		bool valid_property;
+		valid_property = dns_zoneinfo_load_zone_property(
+		    zoneinfo, &zone->tmp_props[i]);
+		if (!valid_property) {
+			TALLOC_FREE(zoneinfo);
+			return NULL;
+		}
+	}
+
+	return zoneinfo;
+}
+
+struct dnsserver_zone *dnsserver_find_zone(struct dnsserver_zone *zones, const char *zone_name)
+{
+	struct dnsserver_zone *z = NULL;
+
+	for (z = zones; z; z = z->next) {
+		if (samba_dns_name_equal(zone_name, z->name)) {
+			break;
+		}
+	}
+
+	return z;
+}
+
+struct ldb_dn *dnsserver_name_to_dn(TALLOC_CTX *mem_ctx, struct dnsserver_zone *z, const char *name)
+{
+	struct ldb_dn *dn;
+	bool ret;
+	struct ldb_val name_val =
+		data_blob_string_const(name);
+
+	dn = ldb_dn_copy(mem_ctx, z->zone_dn);
+	if (dn == NULL) {
+		return NULL;
+	}
+	if (strcasecmp(name, z->name) == 0) {
+		ret = ldb_dn_add_child_fmt(dn, "DC=@");
+		if (!ret) {
+			talloc_free(dn);
+			return NULL;
+		}
+		return dn;
+	}
+
+	ret = ldb_dn_add_child_val(dn,
+				   "DC",
+				   name_val);
+
+	if (!ret) {
+		talloc_free(dn);
+		return NULL;
+	}
+
+	return dn;
+}
+
+uint32_t dnsserver_zone_to_request_filter(const char *zone_name)
+{
+	uint32_t request_filter = 0;
+
+	if (strcmp(zone_name, "..AllZones") == 0) {
+		request_filter = DNS_ZONE_REQUEST_PRIMARY
+			| DNS_ZONE_REQUEST_SECONDARY
+			| DNS_ZONE_REQUEST_AUTO
+			| DNS_ZONE_REQUEST_FORWARD
+			| DNS_ZONE_REQUEST_REVERSE
+			| DNS_ZONE_REQUEST_FORWARDER
+			| DNS_ZONE_REQUEST_STUB
+			| DNS_ZONE_REQUEST_DS
+			| DNS_ZONE_REQUEST_NON_DS
+			| DNS_ZONE_REQUEST_DOMAIN_DP
+			| DNS_ZONE_REQUEST_FOREST_DP
+			| DNS_ZONE_REQUEST_CUSTOM_DP
+			| DNS_ZONE_REQUEST_LEGACY_DP;
+	} else if (strcmp(zone_name, "..AllZonesAndCache") == 0) {
+		request_filter = DNS_ZONE_REQUEST_PRIMARY
+			| DNS_ZONE_REQUEST_SECONDARY
+			| DNS_ZONE_REQUEST_CACHE
+			| DNS_ZONE_REQUEST_AUTO
+			| DNS_ZONE_REQUEST_FORWARD
+			| DNS_ZONE_REQUEST_REVERSE
+			| DNS_ZONE_REQUEST_FORWARDER
+			| DNS_ZONE_REQUEST_STUB
+			| DNS_ZONE_REQUEST_DS
+			| DNS_ZONE_REQUEST_NON_DS
+			| DNS_ZONE_REQUEST_DOMAIN_DP
+			| DNS_ZONE_REQUEST_FOREST_DP
+			| DNS_ZONE_REQUEST_CUSTOM_DP
+			| DNS_ZONE_REQUEST_LEGACY_DP;
+	} else if (strcmp(zone_name, "..AllPrimaryZones") == 0) {
+		request_filter = DNS_ZONE_REQUEST_PRIMARY;
+	} else if (strcmp(zone_name, "..AllSecondaryZones") == 0) {
+		request_filter = DNS_ZONE_REQUEST_SECONDARY;
+	} else if (strcmp(zone_name, "..AllForwardZones") == 0) {
+		request_filter = DNS_ZONE_REQUEST_FORWARD;
+	} else if (strcmp(zone_name, "..AllReverseZones") == 0) {
+		request_filter = DNS_ZONE_REQUEST_REVERSE;
+	} else if (strcmp(zone_name, "..AllDsZones") == 0) {
+		request_filter = DNS_ZONE_REQUEST_DS;
+	} else if (strcmp(zone_name, "..AllNonDsZones") == 0) {
+		request_filter = DNS_ZONE_REQUEST_NON_DS;
+	} else if (strcmp(zone_name, "..AllPrimaryReverseZones") == 0) {
+		request_filter = DNS_ZONE_REQUEST_PRIMARY
+			| DNS_ZONE_REQUEST_REVERSE;
+	} else if (strcmp(zone_name, "..AllPrimaryForwardZones") == 0) {
+		request_filter = DNS_ZONE_REQUEST_PRIMARY
+			| DNS_ZONE_REQUEST_FORWARD;
+	} else if (strcmp(zone_name, "..AllSecondaryReverseZones") == 0) {
+		request_filter = DNS_ZONE_REQUEST_SECONDARY
+			| DNS_ZONE_REQUEST_REVERSE;
+	} else if (strcmp(zone_name, "..AllSecondaryForwardZones") == 0) {
+		request_filter = DNS_ZONE_REQUEST_SECONDARY
+			| DNS_ZONE_REQUEST_REVERSE;
+	}
+
+	return request_filter;
+}
diff --git a/source4/rpc_server/drsuapi/addentry.c b/source4/rpc_server/drsuapi/addentry.c
new file mode 100644
index 0000000..ff23c52
--- /dev/null
+++ b/source4/rpc_server/drsuapi/addentry.c
@@ -0,0 +1,240 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   implement the DsAddEntry call
+
+   Copyright (C) Stefan Metzmacher 2009
+   Copyright (C) Andrew Tridgell   2009
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "rpc_server/dcerpc_server.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
+#include "param/param.h"
+#include "libcli/security/security.h"
+#include "libcli/security/session.h"
+#include "rpc_server/drsuapi/dcesrv_drsuapi.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS            DBGC_DRS_REPL
+
+/*
+  add special SPNs needed for DRS replication to machine accounts when
+  an AddEntry is done to create a nTDSDSA object
+ */
+static WERROR drsuapi_add_SPNs(struct drsuapi_bind_state *b_state,
+			       struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+			       const struct drsuapi_DsReplicaObjectListItem *first_object)
+{
+	int ret;
+	const struct drsuapi_DsReplicaObjectListItem *obj;
+	const char *attrs[] = { "serverReference", "objectGUID", NULL };
+
+	for (obj = first_object; obj; obj=obj->next_object) {
+		const char *dn_string = obj->object.identifier->dn;
+		struct ldb_dn *dn = ldb_dn_new(mem_ctx, b_state->sam_ctx, dn_string);
+		struct ldb_result *res, *res2;
+		struct ldb_dn *ref_dn;
+		struct GUID ntds_guid;
+		struct ldb_message *msg;
+		struct ldb_message_element *el;
+		const char *ntds_guid_str;
+		const char *dom_string;
+		const char *attrs2[] = { "dNSHostName", "cn", NULL };
+		const char *dNSHostName, *cn;
+
+		DEBUG(6,(__location__ ": Adding SPNs for %s\n", 
+			 ldb_dn_get_linearized(dn)));
+		 
+		ret = ldb_search(b_state->sam_ctx, mem_ctx, &res,
+				 dn, LDB_SCOPE_BASE, attrs,
+				 "(objectClass=ntDSDSA)");
+		if (ret != LDB_SUCCESS) {
+			DEBUG(0,(__location__ ": Failed to find dn '%s'\n", dn_string));
+			return WERR_DS_DRA_INTERNAL_ERROR;
+		}
+
+		if (res->count < 1) {
+			/* we only add SPNs for nTDSDSA objects */
+			continue;
+		}
+
+		ref_dn = samdb_result_dn(b_state->sam_ctx, mem_ctx, res->msgs[0], "serverReference", NULL);
+		if (ref_dn == NULL) {
+			/* we only add SPNs for objects with a
+			   serverReference */
+			continue;
+		}
+
+		DEBUG(6,(__location__ ": serverReference %s\n", 
+			 ldb_dn_get_linearized(ref_dn)));
+
+		ntds_guid = samdb_result_guid(res->msgs[0], "objectGUID");
+
+		ntds_guid_str = GUID_string(res, &ntds_guid);
+
+		dom_string = lpcfg_dnsdomain(dce_call->conn->dce_ctx->lp_ctx);
+
+		/* get the dNSHostName and cn */
+		ret = ldb_search(b_state->sam_ctx, mem_ctx, &res2,
+				 ref_dn, LDB_SCOPE_BASE, attrs2, NULL);
+		if (ret != LDB_SUCCESS) {
+			DEBUG(0,(__location__ ": Failed to find ref_dn '%s'\n",
+				 ldb_dn_get_linearized(ref_dn)));
+			return WERR_DS_DRA_INTERNAL_ERROR;
+		}
+
+		dNSHostName = ldb_msg_find_attr_as_string(res2->msgs[0], "dNSHostName", NULL);
+		cn = ldb_msg_find_attr_as_string(res2->msgs[0], "cn", NULL);
+
+		/*
+		 * construct a modify request to add the new SPNs to
+		 * the machine account
+		 */
+		msg = ldb_msg_new(mem_ctx);
+		if (msg == NULL) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+
+		msg->dn = ref_dn;
+		ret = ldb_msg_add_empty(msg, "servicePrincipalName",
+					LDB_FLAG_MOD_ADD, &el);
+		if (ret != LDB_SUCCESS) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+
+
+		ldb_msg_add_steal_string(msg, "servicePrincipalName",
+					 talloc_asprintf(el->values,
+							 "E3514235-4B06-11D1-AB04-00C04FC2DCD2/%s/%s",
+							 ntds_guid_str, dom_string));
+		ldb_msg_add_steal_string(msg, "servicePrincipalName",
+					 talloc_asprintf(el->values, "ldap/%s._msdcs.%s",
+							 ntds_guid_str, dom_string));
+		if (cn) {
+			ldb_msg_add_steal_string(msg, "servicePrincipalName",
+						 talloc_asprintf(el->values, "ldap/%s", cn));
+		}
+		if (dNSHostName) {
+			ldb_msg_add_steal_string(msg, "servicePrincipalName",
+						 talloc_asprintf(el->values, "ldap/%s", dNSHostName));
+		}
+		if (el->num_values < 2) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+
+		ret = dsdb_modify(b_state->sam_ctx, msg, DSDB_MODIFY_PERMISSIVE);
+		if (ret != LDB_SUCCESS) {
+			DEBUG(0,(__location__ ": Failed to add SPNs - %s\n",
+				 ldb_errstring(b_state->sam_ctx)));
+			return WERR_DS_DRA_INTERNAL_ERROR;
+		}
+	}
+	
+	return WERR_OK;
+}
+
+
+
+
+/* 
+  drsuapi_DsAddEntry
+*/
+WERROR dcesrv_drsuapi_DsAddEntry(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				 struct drsuapi_DsAddEntry *r)
+{
+	WERROR status;
+	struct drsuapi_bind_state *b_state;
+	struct dcesrv_handle *h;
+	uint32_t num = 0;
+	struct drsuapi_DsReplicaObjectIdentifier2 *ids = NULL;
+	int ret;
+	const struct drsuapi_DsReplicaObjectListItem *first_object;
+
+	if (DEBUGLVL(4)) {
+		NDR_PRINT_FUNCTION_DEBUG(drsuapi_DsAddEntry, NDR_IN, r);
+	}
+
+	/* TODO: check which out level the client supports */
+
+	ZERO_STRUCTP(r->out.ctr);
+	*r->out.level_out = 3;
+	r->out.ctr->ctr3.err_ver = 1;
+	r->out.ctr->ctr3.err_data = talloc_zero(mem_ctx, union drsuapi_DsAddEntry_ErrData);
+
+	DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
+	b_state = h->data;
+
+	status = drs_security_level_check(dce_call, "DsAddEntry", SECURITY_DOMAIN_CONTROLLER, NULL);
+	if (!W_ERROR_IS_OK(status)) {
+		return status;
+	}
+
+	switch (r->in.level) {
+	case 2:
+		ret = ldb_transaction_start(b_state->sam_ctx);
+		if (ret != LDB_SUCCESS) {
+			DBG_ERR("DsAddEntry start transaction failed: %s\n",
+				ldb_errstring(b_state->sam_ctx));
+			return WERR_DS_DRA_INTERNAL_ERROR;
+		}
+
+
+		first_object = &r->in.req->req2.first_object;
+
+		status = dsdb_origin_objects_commit(b_state->sam_ctx,
+						    mem_ctx,
+						    first_object,
+						    &num,
+						    DSDB_REPL_FLAG_ADD_NCNAME,
+						    &ids);
+		if (!W_ERROR_IS_OK(status)) {
+			r->out.ctr->ctr3.err_data->v1.status = status;
+			ldb_transaction_cancel(b_state->sam_ctx);
+			DEBUG(0,(__location__ ": DsAddEntry failed - %s\n", win_errstr(status)));
+			return status;
+		}
+
+		r->out.ctr->ctr3.count = num;
+		r->out.ctr->ctr3.objects = ids;
+
+		break;
+	default:
+		return WERR_FOOBAR;
+	}
+
+	/* if any of the added entries are nTDSDSA objects then we
+	 * need to add the SPNs to the machine account
+	 */
+	status = drsuapi_add_SPNs(b_state, dce_call, mem_ctx, first_object);
+	if (!W_ERROR_IS_OK(status)) {
+		r->out.ctr->ctr3.err_data->v1.status = status;
+		ldb_transaction_cancel(b_state->sam_ctx);
+		DEBUG(0,(__location__ ": DsAddEntry add SPNs failed - %s\n", win_errstr(status)));
+		return status;
+	}
+
+	ret = ldb_transaction_commit(b_state->sam_ctx);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,(__location__ ": DsAddEntry commit failed: %s\n",
+			 ldb_errstring(b_state->sam_ctx)));
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	return WERR_OK;
+}
diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
new file mode 100644
index 0000000..377cae4
--- /dev/null
+++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
@@ -0,0 +1,1070 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   endpoint server for the drsuapi pipe
+
+   Copyright (C) Stefan Metzmacher 2004
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+#include "rpc_server/dcerpc_server.h"
+#include "rpc_server/common/common.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
+#include "libcli/security/security.h"
+#include "libcli/security/session.h"
+#include "rpc_server/drsuapi/dcesrv_drsuapi.h"
+#include "auth/auth.h"
+#include "param/param.h"
+#include "lib/messaging/irpc.h"
+
+#undef strcasecmp
+#undef DBGC_CLASS
+#define DBGC_CLASS            DBGC_DRS_REPL
+
+#define DRSUAPI_UNSUPPORTED(fname) do { \
+	DBG_WARNING(__location__ ": Unsupported DRS call %s\n", #fname); \
+	if (DEBUGLVL(DBGLVL_NOTICE)) NDR_PRINT_IN_DEBUG(fname, r); \
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); \
+} while (0)
+
+#define DCESRV_INTERFACE_DRSUAPI_BIND(context, iface) \
+	dcesrv_interface_drsuapi_bind(context, iface)
+static NTSTATUS dcesrv_interface_drsuapi_bind(struct dcesrv_connection_context *context,
+					      const struct dcesrv_interface *iface)
+{
+	return dcesrv_interface_bind_require_privacy(context, iface);
+}
+
+/* 
+  drsuapi_DsBind 
+*/
+static WERROR dcesrv_drsuapi_DsBind(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct drsuapi_DsBind *r)
+{
+	struct drsuapi_bind_state *b_state;
+	struct dcesrv_handle *handle;
+	struct drsuapi_DsBindInfoCtr *bind_info;
+	struct drsuapi_DsBindInfoCtr *local_info;
+	struct GUID site_guid, config_guid;
+	struct ldb_result *site_res, *config_res;
+	struct ldb_dn *server_site_dn, *config_dn;
+	static const char *site_attrs[] = { "objectGUID", NULL };
+	static const char *config_attrs[] = { "objectGUID", NULL };
+	struct ldb_result *ntds_res;
+	struct ldb_dn *ntds_dn;
+	static const char *ntds_attrs[] = { "ms-DS-ReplicationEpoch", NULL };
+	uint32_t pid;
+	uint32_t repl_epoch;
+	uint32_t supported_extensions;
+	uint32_t req_length;
+	int ret;
+	WERROR werr;
+
+	r->out.bind_info = NULL;
+	ZERO_STRUCTP(r->out.bind_handle);
+
+	b_state = talloc_zero(mem_ctx, struct drsuapi_bind_state);
+	W_ERROR_HAVE_NO_MEMORY(b_state);
+
+	/* if this is a DC connecting, give them system level access */
+	werr = drs_security_level_check(dce_call, NULL, SECURITY_DOMAIN_CONTROLLER, NULL);
+	if (W_ERROR_IS_OK(werr)) {
+		DBG_NOTICE("doing DsBind with system_session\n");
+		b_state->sam_ctx_system = dcesrv_samdb_connect_as_system(b_state, dce_call);
+		if (b_state->sam_ctx_system == NULL) {
+			return WERR_DS_UNAVAILABLE;
+		}
+		b_state->sam_ctx = b_state->sam_ctx_system;
+	} else {
+		b_state->sam_ctx = dcesrv_samdb_connect_as_user(b_state, dce_call);
+		if (b_state->sam_ctx == NULL) {
+			return WERR_DS_UNAVAILABLE;
+		}
+
+		/*
+		 * an RODC also needs system samdb access for secret
+		 * attribute replication
+		 */
+		werr = drs_security_level_check(dce_call, NULL, SECURITY_RO_DOMAIN_CONTROLLER,
+						samdb_domain_sid(b_state->sam_ctx));
+		if (W_ERROR_IS_OK(werr)) {
+			DBG_NOTICE("doing DsBind as RODC\n");
+			b_state->sam_ctx_system =
+				dcesrv_samdb_connect_as_system(b_state, dce_call);
+			if (b_state->sam_ctx_system == NULL) {
+				return WERR_DS_UNAVAILABLE;
+			}
+		}
+	}
+
+	/*
+	 * find out the guid of our own site
+	 */
+	server_site_dn = samdb_server_site_dn(b_state->sam_ctx, mem_ctx);
+	W_ERROR_HAVE_NO_MEMORY(server_site_dn);
+
+	ret = ldb_search(b_state->sam_ctx, mem_ctx, &site_res,
+				 server_site_dn, LDB_SCOPE_BASE, site_attrs,
+				 "(objectClass=*)");
+	if (ret != LDB_SUCCESS) {
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+	if (site_res->count != 1) {
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+	site_guid = samdb_result_guid(site_res->msgs[0], "objectGUID");
+
+	/*
+	 * lookup the local servers Replication Epoch
+	 */
+	ntds_dn = samdb_ntds_settings_dn(b_state->sam_ctx, mem_ctx);
+	W_ERROR_HAVE_NO_MEMORY(ntds_dn);
+
+	ret = ldb_search(b_state->sam_ctx, mem_ctx, &ntds_res,
+				 ntds_dn, LDB_SCOPE_BASE, ntds_attrs,
+				 "(objectClass=*)");
+	if (ret != LDB_SUCCESS) {
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+	if (ntds_res->count != 1) {
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+	repl_epoch = ldb_msg_find_attr_as_uint(ntds_res->msgs[0],
+					       "ms-DS-ReplicationEpoch", 0);
+
+	/*
+	 * The "process identifier" of the client.
+	 * According to the WSPP docs, section 5.35, this is
+	 * for informational and debugging purposes only.
+	 * The assignment is implementation specific.
+	 */
+	pid = 0;
+
+	/*
+	 * store the clients bind_guid
+	 */
+	if (r->in.bind_guid) {
+		b_state->remote_bind_guid = *r->in.bind_guid;
+	}
+
+	/*
+	 * store the clients bind_info
+	 */
+	if (r->in.bind_info) {
+		b_state->remote_info = r->in.bind_info;
+	}
+
+	/*
+	 * fill in our local bind info
+	 */
+	local_info = talloc_zero(mem_ctx, struct drsuapi_DsBindInfoCtr);
+	W_ERROR_HAVE_NO_MEMORY(local_info);
+
+	/*
+	 * Fill in supported extensions
+	 */
+	supported_extensions = 0;
+	supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_BASE;
+	supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION;
+	supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI;
+	supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2;
+#if 0 /* we don't support MSZIP compression (only decompression) */
+	supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS;
+#endif
+	supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1;
+	supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION;
+	supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE;
+	supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2;
+	supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION;
+	supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2;
+	supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD;
+	supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND;
+	supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO;
+	supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION;
+	supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01;
+	supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP;
+	supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY;
+	supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3;
+	supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5;
+	supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2;
+	supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6;
+	supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS;
+	supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8;
+	supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5;
+	supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6;
+	supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3;
+	supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7;
+	supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT;
+#if 0 /* we don't support XPRESS compression yet */
+	supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS;
+#endif
+	supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10;
+
+	/*
+	 * There is a chance for r->in.bind_info == NULL
+	 * Currently we don't care, since it seems to be used nowhere else.
+	 * But we need a request length. So use 28 as default.
+	 */
+	req_length = 28;
+	if (r->in.bind_info) {
+		req_length = r->in.bind_info->length;
+	}
+
+	/*
+	 * fill 28 or 48 info, depends on request
+	 */
+	if (req_length < 48) {
+		local_info->length = 28;
+		local_info->info.info28.supported_extensions = supported_extensions;
+		local_info->info.info28.site_guid = site_guid;
+		local_info->info.info28.pid = pid;
+		local_info->info.info28.repl_epoch = repl_epoch;
+	} else {
+		local_info->length = 48;
+		local_info->info.info48.supported_extensions = supported_extensions;
+		local_info->info.info48.site_guid = site_guid;
+		local_info->info.info48.pid = pid;
+		local_info->info.info48.repl_epoch = repl_epoch;
+
+		local_info->info.info48.supported_extensions_ext = 0;
+		local_info->info.info48.supported_extensions_ext |= DRSUAPI_SUPPORTED_EXTENSION_LH_BETA2;
+
+		/*
+		 * find out the guid of our own site
+		 */
+		config_dn = ldb_get_config_basedn(b_state->sam_ctx);
+		W_ERROR_HAVE_NO_MEMORY(config_dn);
+
+		ret = ldb_search(b_state->sam_ctx, mem_ctx, &config_res,
+		             config_dn, LDB_SCOPE_BASE, config_attrs,
+		             "(objectClass=*)");
+		if (ret != LDB_SUCCESS) {
+			return WERR_DS_DRA_INTERNAL_ERROR;
+		}
+		if (config_res->count != 1) {
+			return WERR_DS_DRA_INTERNAL_ERROR;
+		}
+		config_guid = samdb_result_guid(config_res->msgs[0], "objectGUID");
+		local_info->info.info48.config_dn_guid = config_guid;
+	}
+
+	/*
+	 * set local_info
+	 */
+	b_state->local_info = local_info;
+
+	/*
+	 * set bind_info
+	 */
+	bind_info = local_info;
+
+	/*
+	 * allocate a bind handle
+	 */
+	handle = dcesrv_handle_create(dce_call, DRSUAPI_BIND_HANDLE);
+	W_ERROR_HAVE_NO_MEMORY(handle);
+	handle->data = talloc_steal(handle, b_state);
+
+	/*
+	 * prepare reply
+	 */
+	r->out.bind_info = bind_info;
+	*r->out.bind_handle = handle->wire_handle;
+
+	return WERR_OK;
+}
+
+
+/* 
+  drsuapi_DsUnbind 
+*/
+static WERROR dcesrv_drsuapi_DsUnbind(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+			       struct drsuapi_DsUnbind *r)
+{
+	struct dcesrv_handle *h;
+
+	*r->out.bind_handle = *r->in.bind_handle;
+
+	DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
+
+	talloc_free(h);
+
+	ZERO_STRUCTP(r->out.bind_handle);
+
+	return WERR_OK;
+}
+
+
+/* 
+  drsuapi_DsReplicaSync 
+*/
+static WERROR dcesrv_drsuapi_DsReplicaSync(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+					   struct drsuapi_DsReplicaSync *r)
+{
+	WERROR status;
+	uint32_t timeout;
+
+	status = drs_security_level_check(dce_call, "DsReplicaSync", SECURITY_DOMAIN_CONTROLLER, NULL);
+	if (!W_ERROR_IS_OK(status)) {
+		return status;
+	}
+
+	if (r->in.level != 1) {
+		DBG_ERR("DsReplicaSync called with unsupported level %d\n", r->in.level);
+		return WERR_DS_DRA_INVALID_PARAMETER;
+	}
+
+	if (r->in.req->req1.options & DRSUAPI_DRS_ASYNC_OP) {
+		timeout = IRPC_CALL_TIMEOUT;
+	} else {
+		/*
+		 * use Infinite time for timeout in case
+		 * the caller made a sync call
+		 */
+		timeout = IRPC_CALL_TIMEOUT_INF;
+	}
+
+	dcesrv_irpc_forward_rpc_call(dce_call, mem_ctx,
+				     r, NDR_DRSUAPI_DSREPLICASYNC,
+				     &ndr_table_drsuapi,
+				     "dreplsrv", "DsReplicaSync",
+				     timeout);
+
+	return WERR_OK;
+}
+
+
+/* 
+  drsuapi_DsReplicaAdd 
+*/
+static WERROR dcesrv_drsuapi_DsReplicaAdd(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+					  struct drsuapi_DsReplicaAdd *r)
+{
+	WERROR status;
+
+	status = drs_security_level_check(dce_call, "DsReplicaAdd", SECURITY_DOMAIN_CONTROLLER, NULL);
+	if (!W_ERROR_IS_OK(status)) {
+		return status;
+	}
+
+	dcesrv_irpc_forward_rpc_call(dce_call, mem_ctx,
+				     r, NDR_DRSUAPI_DSREPLICAADD,
+				     &ndr_table_drsuapi,
+				     "dreplsrv", "DsReplicaAdd",
+				     IRPC_CALL_TIMEOUT);
+
+	return WERR_OK;
+}
+
+
+/* 
+  drsuapi_DsReplicaDel 
+*/
+static WERROR dcesrv_drsuapi_DsReplicaDel(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+					  struct drsuapi_DsReplicaDel *r)
+{
+	WERROR status;
+
+	status = drs_security_level_check(dce_call, "DsReplicaDel", SECURITY_DOMAIN_CONTROLLER, NULL);
+	if (!W_ERROR_IS_OK(status)) {
+		return status;
+	}
+
+	dcesrv_irpc_forward_rpc_call(dce_call, mem_ctx,
+				     r, NDR_DRSUAPI_DSREPLICADEL,
+				     &ndr_table_drsuapi,
+				     "dreplsrv", "DsReplicaDel",
+				     IRPC_CALL_TIMEOUT);
+
+	return WERR_OK;
+}
+
+
+/* 
+  drsuapi_DsReplicaModify 
+*/
+static WERROR dcesrv_drsuapi_DsReplicaMod(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+					  struct drsuapi_DsReplicaMod *r)
+{
+	WERROR status;
+
+	status = drs_security_level_check(dce_call, "DsReplicaMod", SECURITY_DOMAIN_CONTROLLER, NULL);
+	if (!W_ERROR_IS_OK(status)) {
+		return status;
+	}
+
+	dcesrv_irpc_forward_rpc_call(dce_call, mem_ctx,
+				     r, NDR_DRSUAPI_DSREPLICAMOD,
+				     &ndr_table_drsuapi,
+				     "dreplsrv", "DsReplicaMod",
+				     IRPC_CALL_TIMEOUT);
+
+	return WERR_OK;
+}
+
+
+/* 
+  DRSUAPI_VERIFY_NAMES 
+*/
+static WERROR dcesrv_DRSUAPI_VERIFY_NAMES(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct DRSUAPI_VERIFY_NAMES *r)
+{
+	DRSUAPI_UNSUPPORTED(DRSUAPI_VERIFY_NAMES);
+}
+
+
+/* 
+  drsuapi_DsGetMemberships 
+*/
+static WERROR dcesrv_drsuapi_DsGetMemberships(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct drsuapi_DsGetMemberships *r)
+{
+	DRSUAPI_UNSUPPORTED(drsuapi_DsGetMemberships);
+}
+
+
+/* 
+  DRSUAPI_INTER_DOMAIN_MOVE 
+*/
+static WERROR dcesrv_DRSUAPI_INTER_DOMAIN_MOVE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct DRSUAPI_INTER_DOMAIN_MOVE *r)
+{
+	DRSUAPI_UNSUPPORTED(DRSUAPI_INTER_DOMAIN_MOVE);
+}
+
+
+/* 
+  drsuapi_DsGetNT4ChangeLog 
+*/
+static WERROR dcesrv_drsuapi_DsGetNT4ChangeLog(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct drsuapi_DsGetNT4ChangeLog *r)
+{
+	DRSUAPI_UNSUPPORTED(drsuapi_DsGetNT4ChangeLog);
+}
+
+/* 
+  drsuapi_DsCrackNames 
+*/
+static WERROR dcesrv_drsuapi_DsCrackNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+			    struct drsuapi_DsCrackNames *r)
+{
+	struct drsuapi_bind_state *b_state;
+	struct dcesrv_handle *h;
+
+	*r->out.level_out = r->in.level;
+
+	DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
+	b_state = h->data;
+
+	r->out.ctr = talloc_zero(mem_ctx, union drsuapi_DsNameCtr);
+	W_ERROR_HAVE_NO_MEMORY(r->out.ctr);
+
+	switch (r->in.level) {
+		case 1: {
+			switch(r->in.req->req1.format_offered){
+			case DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT_NAME_SANS_DOMAIN_EX:
+			case DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT_NAME_SANS_DOMAIN:
+			case DRSUAPI_DS_NAME_FORMAT_STRING_SID_NAME:
+			case DRSUAPI_DS_NAME_FORMAT_ALT_SECURITY_IDENTITIES_NAME:
+			case DRSUAPI_DS_NAME_FORMAT_MAP_SCHEMA_GUID:
+			case DRSUAPI_DS_NAME_FORMAT_LIST_NCS:
+			case DRSUAPI_DS_NAME_FORMAT_LIST_DOMAINS:
+			case DRSUAPI_DS_NAME_FORMAT_LIST_GLOBAL_CATALOG_SERVERS:
+			case DRSUAPI_DS_NAME_FORMAT_LIST_SERVERS_WITH_DCS_IN_SITE:
+			case DRSUAPI_DS_NAME_FORMAT_LIST_SERVERS_FOR_DOMAIN_IN_SITE:
+			case DRSUAPI_DS_NAME_FORMAT_LIST_DOMAINS_IN_SITE:
+			case DRSUAPI_DS_NAME_FORMAT_LIST_SERVERS_IN_SITE:
+			case DRSUAPI_DS_NAME_FORMAT_LIST_SITES:
+			case DRSUAPI_DS_NAME_FORMAT_UPN_AND_ALTSECID:
+			case DRSUAPI_DS_NAME_FORMAT_UPN_FOR_LOGON:
+				DBG_ERR("DsCrackNames: Unsupported operation requested: %X\n",
+					  r->in.req->req1.format_offered);
+				return WERR_OK;
+			case DRSUAPI_DS_NAME_FORMAT_LIST_INFO_FOR_SERVER:
+				return dcesrv_drsuapi_ListInfoServer(b_state->sam_ctx, mem_ctx, &r->in.req->req1, &r->out.ctr->ctr1);
+			case DRSUAPI_DS_NAME_FORMAT_LIST_ROLES:
+				return dcesrv_drsuapi_ListRoles(b_state->sam_ctx, mem_ctx,
+								&r->in.req->req1, &r->out.ctr->ctr1);
+			default:/* format_offered is in the enum drsuapi_DsNameFormat*/
+				return dcesrv_drsuapi_CrackNamesByNameFormat(b_state->sam_ctx, mem_ctx,
+									     &r->in.req->req1, &r->out.ctr->ctr1);
+			}
+		}
+	}
+	return WERR_INVALID_LEVEL;
+}
+
+
+/* 
+  drsuapi_DsRemoveDSServer
+*/
+static WERROR dcesrv_drsuapi_DsRemoveDSServer(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				       struct drsuapi_DsRemoveDSServer *r)
+{
+	struct drsuapi_bind_state *b_state;
+	struct dcesrv_handle *h;
+	struct ldb_dn *ntds_dn;
+	int ret;
+	bool ok;
+	WERROR status;
+
+	*r->out.level_out = 1;
+
+	status = drs_security_level_check(dce_call, "DsRemoveDSServer", SECURITY_DOMAIN_CONTROLLER, NULL);
+	if (!W_ERROR_IS_OK(status)) {
+		return status;
+	}
+
+	DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
+	b_state = h->data;
+
+	switch (r->in.level) {
+	case 1:
+		ntds_dn = ldb_dn_new(mem_ctx, b_state->sam_ctx, r->in.req->req1.server_dn);
+		W_ERROR_HAVE_NO_MEMORY(ntds_dn);
+
+		ok = ldb_dn_validate(ntds_dn);
+		if (!ok) {
+			return WERR_FOOBAR;
+		}
+
+		/* TODO: it's likely that we need more checks here */
+
+		ok = ldb_dn_add_child_fmt(ntds_dn, "CN=NTDS Settings");
+		if (!ok) {
+			return WERR_FOOBAR;
+		}
+
+		if (r->in.req->req1.commit) {
+			ret = dsdb_delete(b_state->sam_ctx, ntds_dn, DSDB_TREE_DELETE);
+			if (ret != LDB_SUCCESS) {
+				return WERR_FOOBAR;
+			}
+		}
+
+		return WERR_OK;
+	default:
+		break;
+	}
+
+	return WERR_FOOBAR;
+}
+
+
+/* 
+  DRSUAPI_REMOVE_DS_DOMAIN 
+*/
+static WERROR dcesrv_DRSUAPI_REMOVE_DS_DOMAIN(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct DRSUAPI_REMOVE_DS_DOMAIN *r)
+{
+	DRSUAPI_UNSUPPORTED(DRSUAPI_REMOVE_DS_DOMAIN);
+}
+
+/* Obtain the site name from a server DN */
+static const char *result_site_name(struct ldb_dn *server_dn)
+{
+	/* Format is cn=<NETBIOS name>,cn=Servers,cn=<site>,cn=sites.... */
+	const struct ldb_val *val = ldb_dn_get_component_val(server_dn, 2);
+	const char *name = ldb_dn_get_component_name(server_dn, 2);
+
+	if (!name || (ldb_attr_cmp(name, "cn") != 0)) {
+		/* Ensure this matches the format.  This gives us a
+		 * bit more confidence that a 'cn' value will be a
+		 * ascii string */
+		return NULL;
+	}
+	if (val) {
+		return (char *)val->data;
+	}
+	return NULL;
+}
+
+/* 
+  drsuapi_DsGetDomainControllerInfo 
+*/
+static WERROR dcesrv_drsuapi_DsGetDomainControllerInfo_1(struct drsuapi_bind_state *b_state, 
+						TALLOC_CTX *mem_ctx,
+						struct drsuapi_DsGetDomainControllerInfo *r)
+{
+	struct ldb_dn *sites_dn;
+	struct ldb_result *res;
+
+	const char *attrs_account_1[] = { "cn", "dnsHostName", NULL };
+	const char *attrs_account_2[] = { "cn", "dnsHostName", "objectGUID", NULL };
+
+	const char *attrs_none[] = { NULL };
+
+	const char *attrs_site[] = { "objectGUID", NULL };
+
+	const char *attrs_ntds[] = { "options", "objectGUID", NULL };
+
+	const char *attrs_1[] = { "serverReference", "cn", "dnsHostName", NULL };
+	const char *attrs_2[] = { "serverReference", "cn", "dnsHostName", "objectGUID", NULL };
+	const char **attrs;
+
+	struct drsuapi_DsGetDCInfoCtr1 *ctr1;
+	struct drsuapi_DsGetDCInfoCtr2 *ctr2;
+	struct drsuapi_DsGetDCInfoCtr3 *ctr3;
+
+	int ret;
+	unsigned int i;
+
+	*r->out.level_out = r->in.req->req1.level;
+	r->out.ctr = talloc_zero(mem_ctx, union drsuapi_DsGetDCInfoCtr);
+	W_ERROR_HAVE_NO_MEMORY(r->out.ctr);
+
+	switch (*r->out.level_out) {
+	case -1:
+		/* this level is not like the others */
+		return WERR_INVALID_LEVEL;
+	case 1:
+		attrs = attrs_1;
+		break;
+	case 2:
+	case 3:
+		attrs = attrs_2;
+		break;
+	default:
+		return WERR_INVALID_LEVEL;
+	}
+
+	sites_dn = samdb_sites_dn(b_state->sam_ctx, mem_ctx);
+	if (!sites_dn) {
+		return WERR_DS_OBJ_NOT_FOUND;
+	}
+
+	ret = ldb_search(b_state->sam_ctx, mem_ctx, &res, sites_dn, LDB_SCOPE_SUBTREE, attrs,
+				 "(&(objectClass=server)(serverReference=*))");
+	
+	if (ret) {
+		DBG_WARNING("searching for servers in sites DN %s failed: %s\n", 
+			  ldb_dn_get_linearized(sites_dn), ldb_errstring(b_state->sam_ctx));
+		return WERR_GEN_FAILURE;
+	}
+
+	switch (*r->out.level_out) {
+	case 1:
+		ctr1 = &r->out.ctr->ctr1;
+		ctr1->count = res->count;
+		ctr1->array = talloc_zero_array(mem_ctx, 
+						struct drsuapi_DsGetDCInfo1, 
+						res->count);
+		for (i=0; i < res->count; i++) {
+			struct ldb_dn *domain_dn;
+			struct ldb_result *res_domain;
+			struct ldb_result *res_account;
+			struct ldb_dn *ntds_dn = ldb_dn_copy(mem_ctx, res->msgs[i]->dn);
+			
+			struct ldb_dn *ref_dn
+				= ldb_msg_find_attr_as_dn(b_state->sam_ctx, 
+							  mem_ctx, res->msgs[i], 
+							  "serverReference");
+
+			if (!ntds_dn || !ldb_dn_add_child_fmt(ntds_dn, "CN=NTDS Settings")) {
+				return WERR_NOT_ENOUGH_MEMORY;
+			}
+
+			ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_account, ref_dn,
+						 LDB_SCOPE_BASE, attrs_account_1,
+						"(&(objectClass=computer)(userAccountControl:"LDB_OID_COMPARATOR_AND":=%u))",
+						UF_SERVER_TRUST_ACCOUNT);
+			if (ret == LDB_SUCCESS && res_account->count == 1) {
+				const char *errstr;
+				ctr1->array[i].dns_name
+					= ldb_msg_find_attr_as_string(res_account->msgs[0], "dNSHostName", NULL);
+				ctr1->array[i].netbios_name
+					= ldb_msg_find_attr_as_string(res_account->msgs[0], "cn", NULL);
+				ctr1->array[i].computer_dn
+					= ldb_dn_get_linearized(res_account->msgs[0]->dn);
+
+				/* Determine if this is the PDC */
+				ret = samdb_search_for_parent_domain(b_state->sam_ctx, 
+								     mem_ctx, res_account->msgs[0]->dn,
+								     &domain_dn, &errstr);
+				
+				if (ret == LDB_SUCCESS) {
+					ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_domain, domain_dn,
+								 LDB_SCOPE_BASE, attrs_none, "fSMORoleOwner=%s",
+								 ldb_dn_get_linearized(ntds_dn));
+					if (ret) {
+						return WERR_GEN_FAILURE;
+					}
+					if (res_domain->count == 1) {
+						ctr1->array[i].is_pdc = true;
+					}
+				}
+			}
+			if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
+				DBG_INFO("warning: searching for computer DN %s failed: %s\n", 
+					  ldb_dn_get_linearized(ref_dn), ldb_errstring(b_state->sam_ctx));
+			}
+
+			/* Look at server DN and extract site component */
+			ctr1->array[i].site_name = result_site_name(res->msgs[i]->dn);
+			ctr1->array[i].server_dn = ldb_dn_get_linearized(res->msgs[i]->dn);
+
+
+			ctr1->array[i].is_enabled = true;
+
+		}
+		break;
+	case 2:
+		ctr2 = &r->out.ctr->ctr2;
+		ctr2->count = res->count;
+		ctr2->array = talloc_zero_array(mem_ctx, 
+						 struct drsuapi_DsGetDCInfo2, 
+						 res->count);
+		for (i=0; i < res->count; i++) {
+			struct ldb_dn *domain_dn;
+			struct ldb_result *res_domain;
+			struct ldb_result *res_account;
+			struct ldb_dn *ntds_dn = ldb_dn_copy(mem_ctx, res->msgs[i]->dn);
+			struct ldb_result *res_ntds;
+			struct ldb_dn *site_dn = ldb_dn_copy(mem_ctx, res->msgs[i]->dn);
+			struct ldb_result *res_site;
+			struct ldb_dn *ref_dn
+				= ldb_msg_find_attr_as_dn(b_state->sam_ctx, 
+							  mem_ctx, res->msgs[i], 
+							  "serverReference");
+
+			if (!ntds_dn || !ldb_dn_add_child_fmt(ntds_dn, "CN=NTDS Settings")) {
+				return WERR_NOT_ENOUGH_MEMORY;
+			}
+
+			/* Format is cn=<NETBIOS name>,cn=Servers,cn=<site>,cn=sites.... */
+			if (!site_dn || !ldb_dn_remove_child_components(site_dn, 2)) {
+				return WERR_NOT_ENOUGH_MEMORY;
+			}
+
+			ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_ntds, ntds_dn,
+						 LDB_SCOPE_BASE, attrs_ntds, "objectClass=nTDSDSA");
+			if (ret == LDB_SUCCESS && res_ntds->count == 1) {
+				ctr2->array[i].is_gc
+					= (ldb_msg_find_attr_as_uint(res_ntds->msgs[0], "options", 0) & DS_NTDSDSA_OPT_IS_GC);
+				ctr2->array[i].ntds_guid 
+					= samdb_result_guid(res_ntds->msgs[0], "objectGUID");
+				ctr2->array[i].ntds_dn = ldb_dn_get_linearized(res_ntds->msgs[0]->dn);
+			}
+			if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
+				DBG_INFO("warning: searching for NTDS DN %s failed: %s\n", 
+					  ldb_dn_get_linearized(ntds_dn), ldb_errstring(b_state->sam_ctx));
+			}
+
+			ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_site, site_dn,
+						 LDB_SCOPE_BASE, attrs_site, "objectClass=site");
+			if (ret == LDB_SUCCESS && res_site->count == 1) {
+				ctr2->array[i].site_guid 
+					= samdb_result_guid(res_site->msgs[0], "objectGUID");
+				ctr2->array[i].site_dn = ldb_dn_get_linearized(res_site->msgs[0]->dn);
+			}
+			if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
+				DBG_INFO("warning: searching for site DN %s failed: %s\n", 
+					  ldb_dn_get_linearized(site_dn), ldb_errstring(b_state->sam_ctx));
+			}
+
+			ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_account, ref_dn,
+						 LDB_SCOPE_BASE, attrs_account_2, "objectClass=computer");
+			if (ret == LDB_SUCCESS && res_account->count == 1) {
+				const char *errstr;
+				ctr2->array[i].dns_name
+					= ldb_msg_find_attr_as_string(res_account->msgs[0], "dNSHostName", NULL);
+				ctr2->array[i].netbios_name
+					= ldb_msg_find_attr_as_string(res_account->msgs[0], "cn", NULL);
+				ctr2->array[i].computer_dn = ldb_dn_get_linearized(res_account->msgs[0]->dn);
+				ctr2->array[i].computer_guid 
+					= samdb_result_guid(res_account->msgs[0], "objectGUID");
+
+				/* Determine if this is the PDC */
+				ret = samdb_search_for_parent_domain(b_state->sam_ctx, 
+								     mem_ctx, res_account->msgs[0]->dn,
+								     &domain_dn, &errstr);
+				
+				if (ret == LDB_SUCCESS) {
+					ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_domain, domain_dn,
+								 LDB_SCOPE_BASE, attrs_none, "fSMORoleOwner=%s",
+								 ldb_dn_get_linearized(ntds_dn));
+					if (ret == LDB_SUCCESS && res_domain->count == 1) {
+						ctr2->array[i].is_pdc = true;
+					}
+					if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
+						DBG_INFO("warning: searching for domain DN %s failed: %s\n", 
+							  ldb_dn_get_linearized(domain_dn), ldb_errstring(b_state->sam_ctx));
+					}
+				}
+			}
+			if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
+				DBG_INFO("warning: searching for computer account DN %s failed: %s\n", 
+					  ldb_dn_get_linearized(ref_dn), ldb_errstring(b_state->sam_ctx));
+			}
+
+			/* Look at server DN and extract site component */
+			ctr2->array[i].site_name = result_site_name(res->msgs[i]->dn);
+			ctr2->array[i].server_dn = ldb_dn_get_linearized(res->msgs[i]->dn);
+			ctr2->array[i].server_guid 
+				= samdb_result_guid(res->msgs[i], "objectGUID");
+
+			ctr2->array[i].is_enabled = true;
+
+		}
+		break;
+	case 3:
+		ctr3 = &r->out.ctr->ctr3;
+		ctr3->count = res->count;
+		ctr3->array = talloc_zero_array(mem_ctx,
+						 struct drsuapi_DsGetDCInfo3,
+						 res->count);
+		for (i=0; i<res->count; i++) {
+			struct ldb_dn *domain_dn;
+			struct ldb_result *res_domain;
+			struct ldb_result *res_account;
+			struct ldb_dn *ntds_dn = ldb_dn_copy(mem_ctx, res->msgs[i]->dn);
+			struct ldb_result *res_ntds;
+			struct ldb_dn *site_dn = ldb_dn_copy(mem_ctx, res->msgs[i]->dn);
+			struct ldb_result *res_site;
+			bool is_rodc;
+			struct ldb_dn *ref_dn
+				= ldb_msg_find_attr_as_dn(b_state->sam_ctx,
+							  mem_ctx, res->msgs[i],
+							  "serverReference");
+
+			if (!ntds_dn || !ldb_dn_add_child_fmt(ntds_dn, "CN=NTDS Settings")) {
+				return WERR_NOT_ENOUGH_MEMORY;
+			}
+
+			/* Format is cn=<NETBIOS name>,cn=Servers,cn=<site>,cn=sites.... */
+			if (!site_dn || !ldb_dn_remove_child_components(site_dn, 2)) {
+				return WERR_NOT_ENOUGH_MEMORY;
+			}
+
+			ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_ntds, ntds_dn,
+						 LDB_SCOPE_BASE, attrs_ntds, "objectClass=nTDSDSA");
+			if (ret == LDB_SUCCESS && res_ntds->count == 1) {
+				ctr3->array[i].is_gc
+					= (ldb_msg_find_attr_as_uint(res_ntds->msgs[0], "options", 0) & DS_NTDSDSA_OPT_IS_GC);
+				ctr3->array[i].ntds_guid
+					= samdb_result_guid(res_ntds->msgs[0], "objectGUID");
+				ctr3->array[i].ntds_dn = ldb_dn_get_linearized(res_ntds->msgs[0]->dn);
+			}
+			if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
+				DBG_INFO("warning: searching for NTDS DN %s failed: %s\n",
+					  ldb_dn_get_linearized(ntds_dn), ldb_errstring(b_state->sam_ctx));
+			}
+
+			ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_site, site_dn,
+						 LDB_SCOPE_BASE, attrs_site, "objectClass=site");
+			if (ret == LDB_SUCCESS && res_site->count == 1) {
+				ctr3->array[i].site_guid
+					= samdb_result_guid(res_site->msgs[0], "objectGUID");
+				ctr3->array[i].site_dn = ldb_dn_get_linearized(res_site->msgs[0]->dn);
+			}
+			if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
+				DBG_INFO("warning: searching for site DN %s failed: %s\n",
+					  ldb_dn_get_linearized(site_dn), ldb_errstring(b_state->sam_ctx));
+			}
+
+			ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_account, ref_dn,
+						 LDB_SCOPE_BASE, attrs_account_2, "objectClass=computer");
+			if (ret == LDB_SUCCESS && res_account->count == 1) {
+				const char *errstr;
+				ctr3->array[i].dns_name
+					= ldb_msg_find_attr_as_string(res_account->msgs[0], "dNSHostName", NULL);
+				ctr3->array[i].netbios_name
+					= ldb_msg_find_attr_as_string(res_account->msgs[0], "cn", NULL);
+				ctr3->array[i].computer_dn = ldb_dn_get_linearized(res_account->msgs[0]->dn);
+				ctr3->array[i].computer_guid
+					= samdb_result_guid(res_account->msgs[0], "objectGUID");
+
+				/* Determine if this is the PDC */
+				ret = samdb_search_for_parent_domain(b_state->sam_ctx,
+								     mem_ctx, res_account->msgs[0]->dn,
+								     &domain_dn, &errstr);
+
+				if (ret == LDB_SUCCESS) {
+					ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_domain, domain_dn,
+								 LDB_SCOPE_BASE, attrs_none, "fSMORoleOwner=%s",
+								 ldb_dn_get_linearized(ntds_dn));
+					if (ret == LDB_SUCCESS && res_domain->count == 1) {
+						ctr3->array[i].is_pdc = true;
+					}
+					if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
+						DBG_INFO("warning: searching for domain DN %s failed: %s\n",
+							  ldb_dn_get_linearized(domain_dn), ldb_errstring(b_state->sam_ctx));
+					}
+				}
+			}
+			if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
+				DBG_INFO("warning: searching for computer account DN %s failed: %s\n",
+					  ldb_dn_get_linearized(ref_dn), ldb_errstring(b_state->sam_ctx));
+			}
+
+			/* Look at server DN and extract site component */
+			ctr3->array[i].site_name = result_site_name(res->msgs[i]->dn);
+			ctr3->array[i].server_dn = ldb_dn_get_linearized(res->msgs[i]->dn);
+			ctr3->array[i].server_guid
+				= samdb_result_guid(res->msgs[i], "objectGUID");
+
+			ctr3->array[i].is_enabled = true;
+
+			/* rodc? */
+			ret = samdb_is_rodc(b_state->sam_ctx, &ctr3->array[i].server_guid, &is_rodc);
+			if (ret == LDB_SUCCESS && is_rodc) {
+				ctr3->array[i].is_rodc = true;
+			}
+		}
+		break;
+	default:
+		return WERR_INVALID_LEVEL;
+	}
+	return WERR_OK;
+}
+
+/* 
+  drsuapi_DsGetDomainControllerInfo 
+*/
+static WERROR dcesrv_drsuapi_DsGetDomainControllerInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+						struct drsuapi_DsGetDomainControllerInfo *r)
+{
+	struct dcesrv_handle *h;
+	struct drsuapi_bind_state *b_state;	
+	DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
+	b_state = h->data;
+
+	switch (r->in.level) {
+	case 1:
+		return dcesrv_drsuapi_DsGetDomainControllerInfo_1(b_state, mem_ctx, r);
+	}
+
+	return WERR_INVALID_LEVEL;
+}
+
+
+
+/* 
+  drsuapi_DsExecuteKCC 
+*/
+static WERROR dcesrv_drsuapi_DsExecuteKCC(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				  struct drsuapi_DsExecuteKCC *r)
+{
+	WERROR status;
+	uint32_t timeout;
+	status = drs_security_level_check(dce_call, "DsExecuteKCC", SECURITY_DOMAIN_CONTROLLER, NULL);
+
+	if (!W_ERROR_IS_OK(status)) {
+		return status;
+	}
+	if (r->in.req->ctr1.taskID != 0) {
+		return WERR_INVALID_PARAMETER;
+	}
+	if (r->in.req->ctr1.flags & DRSUAPI_DS_EXECUTE_KCC_ASYNCHRONOUS_OPERATION) {
+		timeout = IRPC_CALL_TIMEOUT;
+	} else {
+		/*
+		 * use Infinite time for timeout in case
+		 * the caller made a sync call
+		 */
+		timeout = IRPC_CALL_TIMEOUT_INF;
+	}
+
+	dcesrv_irpc_forward_rpc_call(dce_call, mem_ctx, r, NDR_DRSUAPI_DSEXECUTEKCC,
+				     &ndr_table_drsuapi, "kccsrv", "DsExecuteKCC",
+				     timeout);
+	DBG_DEBUG("Forwarded the call to execute the KCC\n");
+	return WERR_OK;
+}
+
+
+/* 
+  drsuapi_DsReplicaGetInfo 
+*/
+static WERROR dcesrv_drsuapi_DsReplicaGetInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct drsuapi_DsReplicaGetInfo *r)
+{
+	struct auth_session_info *session_info =
+		dcesrv_call_session_info(dce_call);
+	enum security_user_level level;
+
+	if (!lpcfg_parm_bool(dce_call->conn->dce_ctx->lp_ctx, NULL,
+			 "drs", "disable_sec_check", false)) {
+		level = security_session_user_level(session_info, NULL);
+		if (level < SECURITY_DOMAIN_CONTROLLER) {
+			DBG_WARNING(__location__ ": Administrator access required for DsReplicaGetInfo\n");
+			security_token_debug(DBGC_DRS_REPL, 2,
+					     session_info->security_token);
+			return WERR_DS_DRA_ACCESS_DENIED;
+		}
+	}
+
+	dcesrv_irpc_forward_rpc_call(dce_call, mem_ctx, r, NDR_DRSUAPI_DSREPLICAGETINFO,
+				     &ndr_table_drsuapi, "kccsrv", "DsReplicaGetInfo",
+				     IRPC_CALL_TIMEOUT);
+
+	return WERR_OK;
+}
+
+
+/* 
+  DRSUAPI_ADD_SID_HISTORY 
+*/
+static WERROR dcesrv_DRSUAPI_ADD_SID_HISTORY(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct DRSUAPI_ADD_SID_HISTORY *r)
+{
+	DRSUAPI_UNSUPPORTED(DRSUAPI_ADD_SID_HISTORY);
+}
+
+/* 
+  drsuapi_DsGetMemberships2 
+*/
+static WERROR dcesrv_drsuapi_DsGetMemberships2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct drsuapi_DsGetMemberships2 *r)
+{
+	DRSUAPI_UNSUPPORTED(drsuapi_DsGetMemberships2);
+}
+
+/* 
+  DRSUAPI_REPLICA_VERIFY_OBJECTS 
+*/
+static WERROR dcesrv_DRSUAPI_REPLICA_VERIFY_OBJECTS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct DRSUAPI_REPLICA_VERIFY_OBJECTS *r)
+{
+	DRSUAPI_UNSUPPORTED(DRSUAPI_REPLICA_VERIFY_OBJECTS);
+}
+
+
+/* 
+  DRSUAPI_GET_OBJECT_EXISTENCE 
+*/
+static WERROR dcesrv_DRSUAPI_GET_OBJECT_EXISTENCE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct DRSUAPI_GET_OBJECT_EXISTENCE *r)
+{
+	DRSUAPI_UNSUPPORTED(DRSUAPI_GET_OBJECT_EXISTENCE);
+}
+
+
+/* 
+  drsuapi_QuerySitesByCost 
+*/
+static WERROR dcesrv_drsuapi_QuerySitesByCost(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct drsuapi_QuerySitesByCost *r)
+{
+	DRSUAPI_UNSUPPORTED(drsuapi_QuerySitesByCost);
+}
+
+
+/* include the generated boilerplate */
+#include "librpc/gen_ndr/ndr_drsuapi_s.c"
diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.h b/source4/rpc_server/drsuapi/dcesrv_drsuapi.h
new file mode 100644
index 0000000..18ac997
--- /dev/null
+++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.h
@@ -0,0 +1,84 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   endpoint server for the drsuapi pipe
+
+   Copyright (C) Stefan Metzmacher 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+  this type allows us to distinguish handle types
+*/
+enum drsuapi_handle {
+	DRSUAPI_BIND_HANDLE,
+};
+
+/*
+  state asscoiated with a drsuapi_DsBind*() operation
+*/
+struct drsuapi_bind_state {
+	struct ldb_context *sam_ctx;
+	struct ldb_context *sam_ctx_system;
+	struct GUID remote_bind_guid;
+	struct drsuapi_DsBindInfoCtr *remote_info;
+	struct drsuapi_DsBindInfoCtr *local_info;
+	struct drsuapi_getncchanges_state *getncchanges_full_repl_state;
+};
+
+
+/* prototypes of internal functions */
+WERROR drsuapi_UpdateRefs(struct imessaging_context *msg_ctx,
+			  struct tevent_context *event_ctx,
+			  struct drsuapi_bind_state *b_state, TALLOC_CTX *mem_ctx,
+			  struct drsuapi_DsReplicaUpdateRefsRequest1 *req);
+WERROR dcesrv_drsuapi_DsReplicaUpdateRefs(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+					  struct drsuapi_DsReplicaUpdateRefs *r);
+WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				     struct drsuapi_DsGetNCChanges *r);
+WERROR dcesrv_drsuapi_DsAddEntry(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				 struct drsuapi_DsAddEntry *r);
+WERROR dcesrv_drsuapi_DsWriteAccountSpn(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+					struct drsuapi_DsWriteAccountSpn *r);
+
+char *drs_ObjectIdentifier_to_string(TALLOC_CTX *mem_ctx,
+				     struct drsuapi_DsReplicaObjectIdentifier *nc);
+
+int drsuapi_search_with_extended_dn(struct ldb_context *ldb,
+				    TALLOC_CTX *mem_ctx,
+				    struct ldb_result **_res,
+				    struct ldb_dn *basedn,
+				    enum ldb_scope scope,
+				    const char * const *attrs,
+				    const char *filter);
+
+WERROR drs_security_level_check(struct dcesrv_call_state *dce_call,
+				const char* call, enum security_user_level minimum_level,
+				const struct dom_sid *domain_sid);
+
+void drsuapi_process_secret_attribute(struct drsuapi_DsReplicaAttribute *attr,
+				      struct drsuapi_DsReplicaMetaData *meta_data);
+
+WERROR drs_security_access_check(struct ldb_context *sam_ctx,
+				 TALLOC_CTX *mem_ctx,
+				 struct security_token *token,
+				 struct drsuapi_DsReplicaObjectIdentifier *nc,
+				 const char *ext_right);
+
+WERROR drs_security_access_check_nc_root(struct ldb_context *sam_ctx,
+					 TALLOC_CTX *mem_ctx,
+					 struct security_token *token,
+					 struct drsuapi_DsReplicaObjectIdentifier *nc,
+					 const char *ext_right);
diff --git a/source4/rpc_server/drsuapi/drsutil.c b/source4/rpc_server/drsuapi/drsutil.c
new file mode 100644
index 0000000..48423bb
--- /dev/null
+++ b/source4/rpc_server/drsuapi/drsutil.c
@@ -0,0 +1,237 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   useful utilities for the DRS server
+
+   Copyright (C) Andrew Tridgell 2009
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "rpc_server/dcerpc_server.h"
+#include "dsdb/samdb/samdb.h"
+#include "libcli/security/security.h"
+#include "libcli/security/session.h"
+#include "param/param.h"
+#include "auth/session.h"
+#include "rpc_server/drsuapi/dcesrv_drsuapi.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS            DBGC_DRS_REPL
+
+int drsuapi_search_with_extended_dn(struct ldb_context *ldb,
+				    TALLOC_CTX *mem_ctx,
+				    struct ldb_result **_res,
+				    struct ldb_dn *basedn,
+				    enum ldb_scope scope,
+				    const char * const *attrs,
+				    const char *filter)
+{
+	int ret;
+	struct ldb_request *req;
+	TALLOC_CTX *tmp_ctx;
+	struct ldb_result *res;
+
+	tmp_ctx = talloc_new(mem_ctx);
+
+	res = talloc_zero(tmp_ctx, struct ldb_result);
+	if (!res) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	ret = ldb_build_search_req(&req, ldb, tmp_ctx,
+				   basedn,
+				   scope,
+				   filter,
+				   attrs,
+				   NULL,
+				   res,
+				   ldb_search_default_callback,
+				   NULL);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+
+	ret = ldb_request_add_control(req, LDB_CONTROL_EXTENDED_DN_OID, true, NULL);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = ldb_request_add_control(req, LDB_CONTROL_SHOW_RECYCLED_OID, true, NULL);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = ldb_request_add_control(req, LDB_CONTROL_REVEAL_INTERNALS, false, NULL);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = ldb_request(ldb, req);
+	if (ret == LDB_SUCCESS) {
+		ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+	}
+
+	talloc_free(req);
+	*_res = talloc_steal(mem_ctx, res);
+	return ret;
+}
+
+WERROR drs_security_level_check(struct dcesrv_call_state *dce_call,
+				const char* call,
+				enum security_user_level minimum_level,
+				const struct dom_sid *domain_sid)
+{
+	struct auth_session_info *session_info =
+		dcesrv_call_session_info(dce_call);
+	enum security_user_level level;
+
+	if (lpcfg_parm_bool(dce_call->conn->dce_ctx->lp_ctx, NULL,
+			 "drs", "disable_sec_check", false)) {
+		return WERR_OK;
+	}
+
+	level = security_session_user_level(session_info, domain_sid);
+	if (level < minimum_level) {
+		if (call) {
+			DEBUG(0,("%s refused for security token (level=%u)\n",
+				 call, (unsigned)level));
+			security_token_debug(DBGC_DRS_REPL, 2, session_info->security_token);
+		}
+		return WERR_DS_DRA_ACCESS_DENIED;
+	}
+
+	return WERR_OK;
+}
+
+void drsuapi_process_secret_attribute(struct drsuapi_DsReplicaAttribute *attr,
+				      struct drsuapi_DsReplicaMetaData *meta_data)
+{
+	if (attr->value_ctr.num_values == 0) {
+		return;
+	}
+
+	switch (attr->attid) {
+	case DRSUAPI_ATTID_dBCSPwd:
+	case DRSUAPI_ATTID_unicodePwd:
+	case DRSUAPI_ATTID_ntPwdHistory:
+	case DRSUAPI_ATTID_lmPwdHistory:
+	case DRSUAPI_ATTID_supplementalCredentials:
+	case DRSUAPI_ATTID_priorValue:
+	case DRSUAPI_ATTID_currentValue:
+	case DRSUAPI_ATTID_trustAuthOutgoing:
+	case DRSUAPI_ATTID_trustAuthIncoming:
+	case DRSUAPI_ATTID_initialAuthOutgoing:
+	case DRSUAPI_ATTID_initialAuthIncoming:
+		/*set value to null*/
+		attr->value_ctr.num_values = 0;
+		talloc_free(attr->value_ctr.values);
+		attr->value_ctr.values = NULL;
+		meta_data->originating_change_time = 0;
+		return;
+	default:
+		return;
+	}
+}
+
+
+/*
+  check security on a DN, with logging of errors
+ */
+static WERROR drs_security_access_check_log(struct ldb_context *sam_ctx,
+					    TALLOC_CTX *mem_ctx,
+					    struct security_token *token,
+					    struct ldb_dn *dn,
+					    const char *ext_right)
+{
+	int ret;
+	if (!dn) {
+		DEBUG(3,("drs_security_access_check: Null dn provided, access is denied for %s\n",
+			      ext_right));
+		return WERR_DS_DRA_ACCESS_DENIED;
+	}
+	ret = dsdb_check_access_on_dn(sam_ctx,
+				      mem_ctx,
+				      dn,
+				      token,
+				      SEC_ADS_CONTROL_ACCESS,
+				      ext_right);
+	if (ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS) {
+		DEBUG(3,("%s refused for security token on %s\n",
+			 ext_right, ldb_dn_get_linearized(dn)));
+		security_token_debug(DBGC_DRS_REPL, 3, token);
+		return WERR_DS_DRA_ACCESS_DENIED;
+	} else if (ret != LDB_SUCCESS) {
+		DEBUG(1,("Failed to perform access check on %s: %s\n", ldb_dn_get_linearized(dn), ldb_strerror(ret)));
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+	return WERR_OK;
+}
+
+
+/*
+  check security on a object identifier
+ */
+WERROR drs_security_access_check(struct ldb_context *sam_ctx,
+				 TALLOC_CTX *mem_ctx,
+				 struct security_token *token,
+				 struct drsuapi_DsReplicaObjectIdentifier *nc,
+				 const char *ext_right)
+{
+	struct ldb_dn *dn;
+	WERROR werr;
+	int ret;
+
+	ret = drs_ObjectIdentifier_to_dn_and_nc_root(mem_ctx,
+						     sam_ctx,
+						     nc,
+						     &dn,
+						     NULL);
+	if (ret != LDB_SUCCESS) {
+		return WERR_DS_DRA_BAD_DN;
+	}
+
+	werr = drs_security_access_check_log(sam_ctx, mem_ctx, token, dn, ext_right);
+	talloc_free(dn);
+	return werr;
+}
+
+/*
+  check security on the NC root of a object identifier
+ */
+WERROR drs_security_access_check_nc_root(struct ldb_context *sam_ctx,
+					 TALLOC_CTX *mem_ctx,
+					 struct security_token *token,
+					 struct drsuapi_DsReplicaObjectIdentifier *nc,
+					 const char *ext_right)
+{
+	struct ldb_dn *nc_root;
+	WERROR werr;
+	int ret;
+
+	ret = drs_ObjectIdentifier_to_dn_and_nc_root(mem_ctx,
+						     sam_ctx,
+						     nc,
+						     NULL,
+						     &nc_root);
+	if (ret != LDB_SUCCESS) {
+		return WERR_DS_DRA_BAD_NC;
+	}
+
+	werr = drs_security_access_check_log(sam_ctx, mem_ctx, token, nc_root, ext_right);
+	talloc_free(nc_root);
+	return werr;
+}
diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c
new file mode 100644
index 0000000..e33c212
--- /dev/null
+++ b/source4/rpc_server/drsuapi/getncchanges.c
@@ -0,0 +1,3861 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   implement the DSGetNCChanges call
+
+   Copyright (C) Anatoliy Atanasov 2009
+   Copyright (C) Andrew Tridgell 2009-2010
+   Copyright (C) Andrew Bartlett 2010-2016
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "rpc_server/dcerpc_server.h"
+#include "dsdb/samdb/samdb.h"
+#include "param/param.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "libcli/security/security.h"
+#include "libcli/security/session.h"
+#include "rpc_server/drsuapi/dcesrv_drsuapi.h"
+#include "../libcli/drsuapi/drsuapi.h"
+#include "lib/util/binsearch.h"
+#include "lib/util/tsort.h"
+#include "auth/session.h"
+#include "dsdb/common/util.h"
+#include "lib/dbwrap/dbwrap.h"
+#include "lib/dbwrap/dbwrap_rbt.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS            DBGC_DRS_REPL
+
+#define DRS_GUID_SIZE       16
+#define DEFAULT_MAX_OBJECTS 1000
+#define DEFAULT_MAX_LINKS   1500
+
+/*
+ * state of a partially-completed replication cycle. This state persists
+ * over multiple calls to dcesrv_drsuapi_DsGetNCChanges()
+ */
+struct drsuapi_getncchanges_state {
+	struct db_context *obj_cache;
+	struct GUID *guids;
+	uint32_t num_records;
+	uint32_t num_processed;
+	struct ldb_dn *ncRoot_dn;
+	struct GUID ncRoot_guid;
+	bool is_schema_nc;
+	bool is_get_anc;
+	bool broken_samba_4_5_get_anc_emulation;
+	bool is_get_tgt;
+	bool send_nc_root_first;
+	uint64_t min_usn;
+	uint64_t max_usn;
+	struct drsuapi_DsReplicaHighWaterMark last_hwm;
+	struct ldb_dn *last_dn;
+	struct drsuapi_DsReplicaHighWaterMark final_hwm;
+	struct drsuapi_DsReplicaCursor2CtrEx *final_udv;
+	struct drsuapi_DsReplicaLinkedAttribute *la_list;
+	uint32_t la_count;
+	uint32_t la_idx;
+
+	/* these are just used for debugging the replication's progress */
+	uint32_t links_given;
+	uint32_t total_links;
+};
+
+/* We must keep the GUIDs in NDR form for sorting */
+struct la_for_sorting {
+	const struct drsuapi_DsReplicaLinkedAttribute *link;
+	uint8_t target_guid[DRS_GUID_SIZE];
+	uint8_t source_guid[DRS_GUID_SIZE];
+};
+
+/*
+ * stores the state for a chunk of replication data. This state information
+ * only exists for a single call to dcesrv_drsuapi_DsGetNCChanges()
+ */
+struct getncchanges_repl_chunk {
+	uint32_t max_objects;
+	uint32_t max_links;
+	uint32_t tgt_la_count;
+	bool immediate_link_sync;
+	time_t max_wait;
+	time_t start;
+
+	/* stores the objects to be sent in this chunk */
+	uint32_t object_count;
+	struct drsuapi_DsReplicaObjectListItemEx *object_list;
+
+	/* the last object added to this replication chunk */
+	struct drsuapi_DsReplicaObjectListItemEx *last_object;
+};
+
+static int drsuapi_DsReplicaHighWaterMark_cmp(const struct drsuapi_DsReplicaHighWaterMark *h1,
+					      const struct drsuapi_DsReplicaHighWaterMark *h2)
+{
+	if (h1->highest_usn < h2->highest_usn) {
+		return -1;
+	} else if (h1->highest_usn > h2->highest_usn) {
+		return 1;
+	} else if (h1->tmp_highest_usn < h2->tmp_highest_usn) {
+		return -1;
+	} else if (h1->tmp_highest_usn > h2->tmp_highest_usn) {
+		return 1;
+	} else if (h1->reserved_usn < h2->reserved_usn) {
+		return -1;
+	} else if (h1->reserved_usn > h2->reserved_usn) {
+		return 1;
+	}
+
+	return 0;
+}
+
+/*
+  build a DsReplicaObjectIdentifier from a ldb msg
+ */
+static struct drsuapi_DsReplicaObjectIdentifier *get_object_identifier(TALLOC_CTX *mem_ctx,
+								       const struct ldb_message *msg)
+{
+	struct drsuapi_DsReplicaObjectIdentifier *identifier;
+	struct dom_sid *sid;
+
+	identifier = talloc(mem_ctx, struct drsuapi_DsReplicaObjectIdentifier);
+	if (identifier == NULL) {
+		return NULL;
+	}
+
+	identifier->dn = ldb_dn_alloc_linearized(identifier, msg->dn);
+	identifier->guid = samdb_result_guid(msg, "objectGUID");
+
+	sid = samdb_result_dom_sid(identifier, msg, "objectSid");
+	if (sid) {
+		identifier->sid = *sid;
+	} else {
+		ZERO_STRUCT(identifier->sid);
+	}
+	return identifier;
+}
+
+static int udv_compare(const struct GUID *guid1, struct GUID guid2)
+{
+	return GUID_compare(guid1, &guid2);
+}
+
+/*
+  see if we can filter an attribute using the uptodateness_vector
+ */
+static bool udv_filter(const struct drsuapi_DsReplicaCursorCtrEx *udv,
+		       const struct GUID *originating_invocation_id,
+		       uint64_t originating_usn)
+{
+	const struct drsuapi_DsReplicaCursor *c;
+	if (udv == NULL) return false;
+	BINARY_ARRAY_SEARCH(udv->cursors, udv->count, source_dsa_invocation_id,
+			    originating_invocation_id, udv_compare, c);
+	if (c && originating_usn <= c->highest_usn) {
+		return true;
+	}
+	return false;
+}
+
+static int uint32_t_cmp(uint32_t a1, uint32_t a2)
+{
+	if (a1 == a2) return 0;
+	return a1 > a2 ? 1 : -1;
+}
+
+static int uint32_t_ptr_cmp(uint32_t *a1, uint32_t *a2)
+{
+	if (*a1 == *a2) return 0;
+	return *a1 > *a2 ? 1 : -1;
+}
+
+static WERROR getncchanges_attid_remote_to_local(const struct dsdb_schema *schema,
+						 const struct dsdb_syntax_ctx *ctx,
+						 enum drsuapi_DsAttributeId remote_attid_as_enum,
+						 enum drsuapi_DsAttributeId *local_attid_as_enum,
+						 const struct dsdb_attribute **_sa)
+{
+	WERROR werr;
+	const struct dsdb_attribute *sa = NULL;
+
+	if (ctx->pfm_remote == NULL) {
+		DEBUG(7, ("No prefixMap supplied, falling back to local prefixMap.\n"));
+		goto fail;
+	}
+
+	werr = dsdb_attribute_drsuapi_remote_to_local(ctx,
+						      remote_attid_as_enum,
+						      local_attid_as_enum,
+						      _sa);
+	if (!W_ERROR_IS_OK(werr)) {
+		DEBUG(3, ("WARNING: Unable to resolve remote attid, falling back to local prefixMap.\n"));
+		goto fail;
+	}
+
+	return werr;
+fail:
+
+	sa = dsdb_attribute_by_attributeID_id(schema, remote_attid_as_enum);
+	if (sa == NULL) {
+		return WERR_DS_DRA_SCHEMA_MISMATCH;
+	} else {
+		if (local_attid_as_enum != NULL) {
+			*local_attid_as_enum = sa->attributeID_id;
+		}
+		if (_sa != NULL) {
+			*_sa = sa;
+		}
+		return WERR_OK;
+	}
+}
+
+static WERROR getncchanges_update_revealed_list(struct ldb_context *sam_ctx,
+						TALLOC_CTX *mem_ctx,
+						struct ldb_message **msg,
+						struct ldb_dn *object_dn,
+						const struct GUID *object_guid,
+						const struct dsdb_attribute *sa,
+						struct replPropertyMetaData1 *meta_data,
+						struct ldb_message *revealed_users)
+{
+	enum ndr_err_code ndr_err;
+	int ldb_err;
+	char *attr_str = NULL;
+	char *attr_hex = NULL;
+	DATA_BLOB attr_blob;
+	struct ldb_message_element *existing = NULL, *el_add = NULL, *el_del = NULL;
+	const char * const * secret_attributes = ldb_get_opaque(sam_ctx, "LDB_SECRET_ATTRIBUTE_LIST");
+
+	if (!ldb_attr_in_list(secret_attributes,
+			      sa->lDAPDisplayName)) {
+		return WERR_OK;
+	}
+
+
+	ndr_err = ndr_push_struct_blob(&attr_blob, mem_ctx, meta_data, (ndr_push_flags_fn_t)ndr_push_replPropertyMetaData1);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	attr_hex = hex_encode_talloc(mem_ctx, attr_blob.data, attr_blob.length);
+	if (attr_hex == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	attr_str = talloc_asprintf(mem_ctx, "B:%zd:%s:%s", attr_blob.length*2, attr_hex, ldb_dn_get_linearized(object_dn));
+	if (attr_str == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	existing = ldb_msg_find_element(revealed_users, "msDS-RevealedUsers");
+	if (existing != NULL) {
+		/* Replace the old value (if one exists) with the current one */
+		struct parsed_dn *link_dns;
+		struct parsed_dn *exact = NULL, *unused = NULL;
+		uint8_t attid[4];
+		DATA_BLOB partial_meta;
+
+		ldb_err = get_parsed_dns_trusted(mem_ctx, existing, &link_dns);
+		if (ldb_err != LDB_SUCCESS) {
+			return WERR_DS_DRA_INTERNAL_ERROR;
+		}
+
+		/* Construct a partial metadata blob to match on in the DB */
+		SIVAL(attid, 0, sa->attributeID_id);
+		partial_meta.length = 4;
+		partial_meta.data = attid;
+
+		/* Binary search using GUID and attribute id for uniqueness */
+		ldb_err = parsed_dn_find(sam_ctx, link_dns, existing->num_values,
+					 object_guid, object_dn,
+					 partial_meta, 4,
+					 &exact, &unused,
+					 DSDB_SYNTAX_BINARY_DN, true);
+
+		if (ldb_err != LDB_SUCCESS) {
+			DEBUG(0,(__location__ ": Failed parsed DN find - %s\n",
+				 ldb_errstring(sam_ctx)));
+			return WERR_DS_DRA_INTERNAL_ERROR;
+		}
+
+		if (exact != NULL) {
+			/* Perform some verification of the blob */
+			struct replPropertyMetaData1 existing_meta_data;
+			ndr_err = ndr_pull_struct_blob_all_noalloc(&exact->dsdb_dn->extra_part,
+								   &existing_meta_data,
+								   (ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaData1);
+			if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+				return WERR_DS_DRA_INTERNAL_ERROR;
+			}
+
+			if (existing_meta_data.attid == sa->attributeID_id) {
+				ldb_err = ldb_msg_add_empty(*msg, "msDS-RevealedUsers", LDB_FLAG_MOD_DELETE, &el_del);
+				if (ldb_err != LDB_SUCCESS) {
+					return WERR_DS_DRA_INTERNAL_ERROR;
+				}
+
+				el_del->values = talloc_array((*msg)->elements, struct ldb_val, 1);
+				if (el_del->values == NULL) {
+					return WERR_NOT_ENOUGH_MEMORY;
+				}
+				el_del->values[0] = *exact->v;
+				el_del->num_values = 1;
+			} else {
+				return WERR_DS_DRA_INTERNAL_ERROR;
+			}
+		}
+	}
+
+	ldb_err = ldb_msg_add_empty(*msg, "msDS-RevealedUsers", LDB_FLAG_MOD_ADD, &el_add);
+	if (ldb_err != LDB_SUCCESS) {
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	el_add->values = talloc_array((*msg)->elements, struct ldb_val, 1);
+	if (el_add->values == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+
+	}
+
+	el_add->values[0] = data_blob_string_const(attr_str);
+	el_add->num_values = 1;
+
+	return WERR_OK;
+}
+
+/*
+ * This function filter attributes for build_object based on the
+ * uptodatenessvector and partial attribute set.
+ *
+ * Any secret attributes are forced here for REPL_SECRET, and audited at this
+ * point with msDS-RevealedUsers.
+ */
+static WERROR get_nc_changes_filter_attrs(struct drsuapi_DsReplicaObjectListItemEx *obj,
+					  struct replPropertyMetaDataBlob md,
+					  struct ldb_context *sam_ctx,
+					  const struct ldb_message *msg,
+					  const struct GUID *guid,
+					  uint32_t *count,
+					  uint64_t highest_usn,
+					  const struct dsdb_attribute *rdn_sa,
+					  struct dsdb_schema *schema,
+					  struct drsuapi_DsReplicaCursorCtrEx *uptodateness_vector,
+					  struct drsuapi_DsPartialAttributeSet *partial_attribute_set,
+					  uint32_t *local_pas,
+					  uint32_t *attids,
+					  bool exop_secret,
+					  struct ldb_message **revealed_list_msg,
+					  struct ldb_message *existing_revealed_list_msg)
+{
+	uint32_t i, n;
+	WERROR werr;
+	for (n=i=0; i<md.ctr.ctr1.count; i++) {
+		const struct dsdb_attribute *sa;
+		bool force_attribute = false;
+
+		/* if the attribute has not changed, and it is not the
+		   instanceType then don't include it */
+		if (md.ctr.ctr1.array[i].local_usn < highest_usn &&
+		    !exop_secret &&
+		    md.ctr.ctr1.array[i].attid != DRSUAPI_ATTID_instanceType) continue;
+
+		/* don't include the rDN */
+		if (md.ctr.ctr1.array[i].attid == rdn_sa->attributeID_id) continue;
+
+		sa = dsdb_attribute_by_attributeID_id(schema, md.ctr.ctr1.array[i].attid);
+		if (!sa) {
+			DEBUG(0,(__location__ ": Failed to find attribute in schema for attrid %u mentioned in replPropertyMetaData of %s\n",
+				 (unsigned int)md.ctr.ctr1.array[i].attid,
+				 ldb_dn_get_linearized(msg->dn)));
+			return WERR_DS_DRA_INTERNAL_ERROR;
+		}
+
+		if (sa->linkID) {
+			struct ldb_message_element *el;
+			el = ldb_msg_find_element(msg, sa->lDAPDisplayName);
+			if (el && el->num_values && dsdb_dn_is_upgraded_link_val(&el->values[0])) {
+				/* don't send upgraded links inline */
+				continue;
+			}
+		}
+
+		if (exop_secret &&
+		    !dsdb_attr_in_rodc_fas(sa)) {
+			force_attribute = true;
+			DEBUG(4,("Forcing attribute %s in %s\n",
+				 sa->lDAPDisplayName, ldb_dn_get_linearized(msg->dn)));
+			werr = getncchanges_update_revealed_list(sam_ctx, obj,
+								 revealed_list_msg,
+								 msg->dn, guid, sa,
+								 &md.ctr.ctr1.array[i],
+								 existing_revealed_list_msg);
+			if (!W_ERROR_IS_OK(werr)) {
+				return werr;
+			}
+		}
+
+		/* filter by uptodateness_vector */
+		if (md.ctr.ctr1.array[i].attid != DRSUAPI_ATTID_instanceType &&
+		    !force_attribute &&
+		    udv_filter(uptodateness_vector,
+			       &md.ctr.ctr1.array[i].originating_invocation_id,
+			       md.ctr.ctr1.array[i].originating_usn)) {
+			continue;
+		}
+
+		/* filter by partial_attribute_set */
+		if (partial_attribute_set && !force_attribute) {
+			uint32_t *result = NULL;
+			BINARY_ARRAY_SEARCH_V(local_pas, partial_attribute_set->num_attids, sa->attributeID_id,
+					      uint32_t_cmp, result);
+			if (result == NULL) {
+				continue;
+			}
+		}
+
+		obj->meta_data_ctr->meta_data[n].originating_change_time = md.ctr.ctr1.array[i].originating_change_time;
+		obj->meta_data_ctr->meta_data[n].version = md.ctr.ctr1.array[i].version;
+		obj->meta_data_ctr->meta_data[n].originating_invocation_id = md.ctr.ctr1.array[i].originating_invocation_id;
+		obj->meta_data_ctr->meta_data[n].originating_usn = md.ctr.ctr1.array[i].originating_usn;
+		attids[n] = md.ctr.ctr1.array[i].attid;
+
+		n++;
+	}
+
+	*count = n;
+
+	return WERR_OK;
+}
+
+/* 
+  drsuapi_DsGetNCChanges for one object
+*/
+static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItemEx *obj,
+					  const struct ldb_message *msg,
+					  struct ldb_context *sam_ctx,
+					  struct drsuapi_getncchanges_state *getnc_state,
+					  struct dsdb_schema *schema,
+					  DATA_BLOB *session_key,
+					  struct drsuapi_DsGetNCChangesRequest10 *req10,
+					  bool force_object_return,
+					  uint32_t *local_pas,
+					  struct ldb_dn *machine_dn,
+					  const struct GUID *guid)
+{
+	const struct ldb_val *md_value;
+	uint32_t i, n;
+	struct replPropertyMetaDataBlob md;
+	uint32_t rid = 0;
+	int ldb_err;
+	enum ndr_err_code ndr_err;
+	uint32_t *attids;
+	const char *rdn;
+	const struct dsdb_attribute *rdn_sa;
+	uint64_t uSNChanged;
+	unsigned int instanceType;
+	struct dsdb_syntax_ctx syntax_ctx;
+	struct ldb_result *res = NULL;
+	WERROR werr;
+	int ret;
+	uint32_t replica_flags = req10->replica_flags;
+	struct drsuapi_DsPartialAttributeSet *partial_attribute_set =
+			req10->partial_attribute_set;
+	struct drsuapi_DsReplicaCursorCtrEx *uptodateness_vector =
+			req10->uptodateness_vector;
+	enum drsuapi_DsExtendedOperation extended_op = req10->extended_op;
+	bool is_schema_nc = getnc_state->is_schema_nc;
+	uint64_t highest_usn = getnc_state->min_usn;
+
+	/* make dsdb syntax context for conversions */
+	dsdb_syntax_ctx_init(&syntax_ctx, sam_ctx, schema);
+	syntax_ctx.is_schema_nc = is_schema_nc;
+
+	uSNChanged = ldb_msg_find_attr_as_uint64(msg, "uSNChanged", 0);
+	instanceType = ldb_msg_find_attr_as_uint(msg, "instanceType", 0);
+	if (instanceType & INSTANCE_TYPE_IS_NC_HEAD) {
+		obj->is_nc_prefix = true;
+		obj->parent_object_guid = NULL;
+	} else {
+		obj->is_nc_prefix = false;
+		obj->parent_object_guid = talloc(obj, struct GUID);
+		if (obj->parent_object_guid == NULL) {
+			return WERR_DS_DRA_INTERNAL_ERROR;
+		}
+		*obj->parent_object_guid = samdb_result_guid(msg, "parentGUID");
+		if (GUID_all_zero(obj->parent_object_guid)) {
+			DEBUG(0,(__location__ ": missing parentGUID for %s\n",
+				 ldb_dn_get_linearized(msg->dn)));
+			return WERR_DS_DRA_INTERNAL_ERROR;
+		}
+	}
+	obj->next_object = NULL;
+
+	md_value = ldb_msg_find_ldb_val(msg, "replPropertyMetaData");
+	if (!md_value) {
+		/* nothing to send */
+		return WERR_OK;
+	}
+
+	if (instanceType & INSTANCE_TYPE_UNINSTANT) {
+		/* don't send uninstantiated objects */
+		return WERR_OK;
+	}
+
+	if (uSNChanged <= highest_usn) {
+		/* nothing to send */
+		return WERR_OK;
+	}
+
+	ndr_err = ndr_pull_struct_blob(md_value, obj, &md,
+				       (ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaDataBlob);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	if (md.version != 1) {
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	rdn = ldb_dn_get_rdn_name(msg->dn);
+	if (rdn == NULL) {
+		DEBUG(0,(__location__ ": No rDN for %s\n", ldb_dn_get_linearized(msg->dn)));
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	rdn_sa = dsdb_attribute_by_lDAPDisplayName(schema, rdn);
+	if (rdn_sa == NULL) {
+		DEBUG(0,(__location__ ": Can't find dsds_attribute for rDN %s in %s\n",
+			 rdn, ldb_dn_get_linearized(msg->dn)));
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	obj->meta_data_ctr = talloc(obj, struct drsuapi_DsReplicaMetaDataCtr);
+	attids = talloc_array(obj, uint32_t, md.ctr.ctr1.count);
+
+	obj->object.identifier = get_object_identifier(obj, msg);
+	if (obj->object.identifier == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+	dom_sid_split_rid(NULL, &obj->object.identifier->sid, NULL, &rid);
+
+	obj->meta_data_ctr->meta_data = talloc_array(obj, struct drsuapi_DsReplicaMetaData, md.ctr.ctr1.count);
+
+	if (extended_op == DRSUAPI_EXOP_REPL_SECRET) {
+		/* Get the existing revealed users for the destination */
+		struct ldb_message *revealed_list_msg = NULL;
+		struct ldb_message *existing_revealed_list_msg = NULL;
+		const char *machine_attrs[] = {
+			"msDS-RevealedUsers",
+			NULL
+		};
+
+		revealed_list_msg = ldb_msg_new(sam_ctx);
+		if (revealed_list_msg == NULL) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+		revealed_list_msg->dn = machine_dn;
+
+		ret = ldb_transaction_start(sam_ctx);
+		if (ret != LDB_SUCCESS) {
+			DEBUG(0,(__location__ ": Failed transaction start - %s\n",
+				 ldb_errstring(sam_ctx)));
+			return WERR_DS_DRA_INTERNAL_ERROR;
+		}
+
+		ldb_err = dsdb_search_dn(sam_ctx, obj, &res, machine_dn, machine_attrs, DSDB_SEARCH_SHOW_EXTENDED_DN);
+		if (ldb_err != LDB_SUCCESS || res->count != 1) {
+			ldb_transaction_cancel(sam_ctx);
+			return WERR_DS_DRA_INTERNAL_ERROR;
+		}
+
+		existing_revealed_list_msg = res->msgs[0];
+
+		werr = get_nc_changes_filter_attrs(obj, md, sam_ctx, msg,
+						   guid, &n, highest_usn,
+						   rdn_sa, schema,
+						   uptodateness_vector,
+						   partial_attribute_set, local_pas,
+						   attids,
+						   true,
+						   &revealed_list_msg,
+						   existing_revealed_list_msg);
+		if (!W_ERROR_IS_OK(werr)) {
+			ldb_transaction_cancel(sam_ctx);
+			return werr;
+		}
+
+		if (revealed_list_msg != NULL) {
+			ret = ldb_modify(sam_ctx, revealed_list_msg);
+			if (ret != LDB_SUCCESS) {
+				DEBUG(0,(__location__ ": Failed to alter revealed links - %s\n",
+					 ldb_errstring(sam_ctx)));
+				ldb_transaction_cancel(sam_ctx);
+				return WERR_DS_DRA_INTERNAL_ERROR;
+			}
+		}
+
+		ret = ldb_transaction_commit(sam_ctx);
+		if (ret != LDB_SUCCESS) {
+			DEBUG(0,(__location__ ": Failed transaction commit - %s\n",
+				 ldb_errstring(sam_ctx)));
+			return WERR_DS_DRA_INTERNAL_ERROR;
+		}
+	} else {
+		werr = get_nc_changes_filter_attrs(obj, md, sam_ctx, msg, guid,
+						   &n, highest_usn, rdn_sa,
+						   schema, uptodateness_vector,
+						   partial_attribute_set, local_pas,
+						   attids,
+						   false,
+						   NULL,
+						   NULL);
+		if (!W_ERROR_IS_OK(werr)) {
+			return werr;
+		}
+	}
+
+	/* ignore it if its an empty change. Note that renames always
+	 * change the 'name' attribute, so they won't be ignored by
+	 * this
+
+	 * the force_object_return check is used to force an empty
+	 * object return when we timeout in the getncchanges loop.
+	 * This allows us to return an empty object, which keeps the
+	 * client happy while preventing timeouts
+	 */
+	if (n == 0 ||
+	    (n == 1 &&
+	     attids[0] == DRSUAPI_ATTID_instanceType &&
+	     !force_object_return)) {
+		talloc_free(obj->meta_data_ctr);
+		obj->meta_data_ctr = NULL;
+		return WERR_OK;
+	}
+
+	obj->meta_data_ctr->count = n;
+
+	obj->object.flags = DRSUAPI_DS_REPLICA_OBJECT_FROM_MASTER;
+	obj->object.attribute_ctr.num_attributes = obj->meta_data_ctr->count;
+	obj->object.attribute_ctr.attributes = talloc_array(obj, struct drsuapi_DsReplicaAttribute,
+							    obj->object.attribute_ctr.num_attributes);
+	if (obj->object.attribute_ctr.attributes == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	/*
+	 * Note that the meta_data array and the attributes array must
+	 * be the same size and in the same order
+	 */
+	for (i=0; i<obj->object.attribute_ctr.num_attributes; i++) {
+		struct ldb_message_element *el;
+		const struct dsdb_attribute *sa;
+
+		sa = dsdb_attribute_by_attributeID_id(schema, attids[i]);
+		if (!sa) {
+			DEBUG(0,("Unable to find attributeID %u in schema\n", attids[i]));
+			return WERR_DS_DRA_INTERNAL_ERROR;
+		}
+
+		el = ldb_msg_find_element(msg, sa->lDAPDisplayName);
+		if (el == NULL) {
+			/* this happens for attributes that have been removed */
+			DEBUG(5,("No element '%s' for attributeID %u in message\n",
+				 sa->lDAPDisplayName, attids[i]));
+			ZERO_STRUCT(obj->object.attribute_ctr.attributes[i]);
+			obj->object.attribute_ctr.attributes[i].attid =
+					dsdb_attribute_get_attid(sa, syntax_ctx.is_schema_nc);
+		} else {
+			werr = sa->syntax->ldb_to_drsuapi(&syntax_ctx, sa, el, obj,
+			                                  &obj->object.attribute_ctr.attributes[i]);
+			if (!W_ERROR_IS_OK(werr)) {
+				DEBUG(0,("Unable to convert %s on %s to DRS object - %s\n",
+					 sa->lDAPDisplayName, ldb_dn_get_linearized(msg->dn),
+					 win_errstr(werr)));
+				return werr;
+			}
+			/* if DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING is set
+			 * check if attribute is secret and send a null value
+			 */
+			if (replica_flags & DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING) {
+				drsuapi_process_secret_attribute(&obj->object.attribute_ctr.attributes[i],
+								 &obj->meta_data_ctr->meta_data[i]);
+			}
+			/* some attributes needs to be encrypted
+			   before being sent */
+			werr = drsuapi_encrypt_attribute(obj, session_key, rid, 
+							 &obj->object.attribute_ctr.attributes[i]);
+			if (!W_ERROR_IS_OK(werr)) {
+				DEBUG(0,("Unable to encrypt %s on %s in DRS object - %s\n",
+					 sa->lDAPDisplayName, ldb_dn_get_linearized(msg->dn),
+					 win_errstr(werr)));
+				return werr;
+			}
+		}
+		if (attids[i] != obj->object.attribute_ctr.attributes[i].attid) {
+			DEBUG(0, ("Unable to replicate attribute %s on %s via DRS, incorrect attributeID:  "
+				  "0x%08x vs 0x%08x "
+				  "Run dbcheck!\n",
+				  sa->lDAPDisplayName,
+				  ldb_dn_get_linearized(msg->dn),
+				  attids[i],
+				  obj->object.attribute_ctr.attributes[i].attid));
+			return WERR_DS_DATABASE_ERROR;
+		}
+	}
+
+	return WERR_OK;
+}
+
+/*
+  add one linked attribute from an object to the list of linked
+  attributes in a getncchanges request
+ */
+static WERROR get_nc_changes_add_la(TALLOC_CTX *mem_ctx,
+				    struct ldb_context *sam_ctx,
+				    const struct dsdb_schema *schema,
+				    const struct dsdb_attribute *sa,
+				    const struct ldb_message *msg,
+				    struct dsdb_dn *dsdb_dn,
+				    struct drsuapi_DsReplicaLinkedAttribute **la_list,
+				    uint32_t *la_count,
+				    bool is_schema_nc)
+{
+	struct drsuapi_DsReplicaLinkedAttribute *la;
+	bool active;
+	NTSTATUS status;
+	WERROR werr;
+
+	(*la_list) = talloc_realloc(mem_ctx, *la_list, struct drsuapi_DsReplicaLinkedAttribute, (*la_count)+1);
+	W_ERROR_HAVE_NO_MEMORY(*la_list);
+
+	la = &(*la_list)[*la_count];
+
+	la->identifier = get_object_identifier(*la_list, msg);
+	W_ERROR_HAVE_NO_MEMORY(la->identifier);
+
+	active = (dsdb_dn_rmd_flags(dsdb_dn->dn) & DSDB_RMD_FLAG_DELETED) == 0;
+
+	if (!active) {
+		/* We have to check that the inactive link still point to an existing object */
+		struct GUID guid;
+		struct ldb_dn *tdn;
+		int ret;
+		const char *v;
+
+		v = ldb_msg_find_attr_as_string(msg, "isDeleted", "FALSE");
+		if (strncmp(v, "TRUE", 4) == 0) {
+			/*
+			  * Note: we skip the transmission of the deleted link even if the other part used to
+			  * know about it because when we transmit the deletion of the object, the link will
+			  * be deleted too due to deletion of object where link points and Windows do so.
+			  */
+			if (dsdb_functional_level(sam_ctx) >= DS_DOMAIN_FUNCTION_2008_R2) {
+				v = ldb_msg_find_attr_as_string(msg, "isRecycled", "FALSE");
+				/*
+				 * On Windows 2008R2 isRecycled is always present even if FL or DL are < FL 2K8R2
+				 * if it join an existing domain with deleted objects, it firsts impose to have a
+				 * schema with the is-Recycled object and for all deleted objects it adds the isRecycled
+				 * either during initial replication or after the getNCChanges.
+				 * Behavior of samba has been changed to always have this attribute if it's present in the schema.
+				 *
+				 * So if FL <2K8R2 isRecycled might be here or not but we don't care, it's meaning less.
+				 * If FL >=2K8R2 we are sure that this attribute will be here.
+				 * For this kind of forest level we do not return the link if the object is recycled
+				 * (isRecycled = true).
+				 */
+				if (strncmp(v, "TRUE", 4) == 0) {
+					DEBUG(2, (" object %s is recycled, not returning linked attribute !\n",
+								ldb_dn_get_linearized(msg->dn)));
+					return WERR_OK;
+				}
+			} else {
+				return WERR_OK;
+			}
+		}
+		status = dsdb_get_extended_dn_guid(dsdb_dn->dn, &guid, "GUID");
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0,(__location__ " Unable to extract GUID in linked attribute '%s' in '%s'\n",
+				sa->lDAPDisplayName, ldb_dn_get_linearized(msg->dn)));
+			return ntstatus_to_werror(status);
+		}
+		ret = dsdb_find_dn_by_guid(sam_ctx, mem_ctx, &guid, 0, &tdn);
+		if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+			DEBUG(2, (" Search of guid %s returned 0 objects, skipping it !\n",
+						GUID_string(mem_ctx, &guid)));
+			return WERR_OK;
+		} else if (ret != LDB_SUCCESS) {
+			DEBUG(0, (__location__ " Search of guid %s failed with error code %d\n",
+						GUID_string(mem_ctx, &guid),
+						ret));
+			return WERR_OK;
+		}
+	}
+	la->attid = dsdb_attribute_get_attid(sa, is_schema_nc);
+	la->flags = active?DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE:0;
+
+	status = dsdb_get_extended_dn_uint32(dsdb_dn->dn, &la->meta_data.version, "RMD_VERSION");
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,(__location__ " No RMD_VERSION in linked attribute '%s' in '%s'\n",
+			 sa->lDAPDisplayName, ldb_dn_get_linearized(msg->dn)));
+		return ntstatus_to_werror(status);
+	}
+	status = dsdb_get_extended_dn_nttime(dsdb_dn->dn, &la->meta_data.originating_change_time, "RMD_CHANGETIME");
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,(__location__ " No RMD_CHANGETIME in linked attribute '%s' in '%s'\n",
+			 sa->lDAPDisplayName, ldb_dn_get_linearized(msg->dn)));
+		return ntstatus_to_werror(status);
+	}
+	status = dsdb_get_extended_dn_guid(dsdb_dn->dn, &la->meta_data.originating_invocation_id, "RMD_INVOCID");
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,(__location__ " No RMD_INVOCID in linked attribute '%s' in '%s'\n",
+			 sa->lDAPDisplayName, ldb_dn_get_linearized(msg->dn)));
+		return ntstatus_to_werror(status);
+	}
+	status = dsdb_get_extended_dn_uint64(dsdb_dn->dn, &la->meta_data.originating_usn, "RMD_ORIGINATING_USN");
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,(__location__ " No RMD_ORIGINATING_USN in linked attribute '%s' in '%s'\n",
+			 sa->lDAPDisplayName, ldb_dn_get_linearized(msg->dn)));
+		return ntstatus_to_werror(status);
+	}
+
+	status = dsdb_get_extended_dn_nttime(dsdb_dn->dn, &la->originating_add_time, "RMD_ADDTIME");
+	if (!NT_STATUS_IS_OK(status)) {
+		/* this is possible for upgraded links */
+		la->originating_add_time = la->meta_data.originating_change_time;
+	}
+
+	werr = dsdb_dn_la_to_blob(sam_ctx, sa, schema, *la_list, dsdb_dn, &la->value.blob);
+	W_ERROR_NOT_OK_RETURN(werr);
+
+	(*la_count)++;
+	return WERR_OK;
+}
+
+
+/*
+  add linked attributes from an object to the list of linked
+  attributes in a getncchanges request
+ */
+static WERROR get_nc_changes_add_links(struct ldb_context *sam_ctx,
+				       TALLOC_CTX *mem_ctx,
+				       bool is_schema_nc,
+				       struct dsdb_schema *schema,
+				       uint64_t highest_usn,
+				       uint32_t replica_flags,
+				       const struct ldb_message *msg,
+				       struct drsuapi_DsReplicaLinkedAttribute **la_list,
+				       uint32_t *la_count,
+				       struct drsuapi_DsReplicaCursorCtrEx *uptodateness_vector)
+{
+	unsigned int i;
+	TALLOC_CTX *tmp_ctx = NULL;
+	uint64_t uSNChanged = ldb_msg_find_attr_as_uint64(msg, "uSNChanged", 0);
+	bool is_critical = ldb_msg_find_attr_as_bool(msg, "isCriticalSystemObject", false);
+
+	if (replica_flags & DRSUAPI_DRS_CRITICAL_ONLY) {
+		if (!is_critical) {
+			return WERR_OK;
+		}
+	}
+
+	if (uSNChanged <= highest_usn) {
+		return WERR_OK;
+	}
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	for (i=0; i<msg->num_elements; i++) {
+		struct ldb_message_element *el = &msg->elements[i];
+		const struct dsdb_attribute *sa;
+		unsigned int j;
+
+		sa = dsdb_attribute_by_lDAPDisplayName(schema, el->name);
+
+		if (!sa || sa->linkID == 0 || (sa->linkID & 1)) {
+			/* we only want forward links */
+			continue;
+		}
+
+		if (el->num_values && !dsdb_dn_is_upgraded_link_val(&el->values[0])) {
+			/* its an old style link, it will have been
+			 * sent in the main replication data */
+			continue;
+		}
+
+		for (j=0; j<el->num_values; j++) {
+			struct dsdb_dn *dsdb_dn;
+			uint64_t local_usn;
+			uint64_t originating_usn;
+			NTSTATUS status, status2;
+			WERROR werr;
+			struct GUID originating_invocation_id;
+
+			dsdb_dn = dsdb_dn_parse(tmp_ctx, sam_ctx, &el->values[j], sa->syntax->ldap_oid);
+			if (dsdb_dn == NULL) {
+				DEBUG(1,(__location__ ": Failed to parse DN for %s in %s\n",
+					 el->name, ldb_dn_get_linearized(msg->dn)));
+				talloc_free(tmp_ctx);
+				return WERR_DS_DRA_INTERNAL_ERROR;
+			}
+
+			status = dsdb_get_extended_dn_uint64(dsdb_dn->dn, &local_usn, "RMD_LOCAL_USN");
+			if (!NT_STATUS_IS_OK(status)) {
+				/* this can happen for attributes
+				   given to us with old style meta
+				   data */
+				continue;
+			}
+
+			if (local_usn > uSNChanged) {
+				DEBUG(1,(__location__ ": uSNChanged less than RMD_LOCAL_USN for %s on %s\n",
+					 el->name, ldb_dn_get_linearized(msg->dn)));
+				talloc_free(tmp_ctx);
+				return WERR_DS_DRA_INTERNAL_ERROR;
+			}
+
+			if (local_usn <= highest_usn) {
+				continue;
+			}
+
+			status = dsdb_get_extended_dn_guid(dsdb_dn->dn,
+							   &originating_invocation_id,
+							   "RMD_INVOCID");
+			status2 = dsdb_get_extended_dn_uint64(dsdb_dn->dn,
+							      &originating_usn,
+							      "RMD_ORIGINATING_USN");
+
+			if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(status2)) {
+				if (udv_filter(uptodateness_vector,
+					       &originating_invocation_id,
+					       originating_usn)) {
+					continue;
+				}
+			}
+
+			werr = get_nc_changes_add_la(mem_ctx, sam_ctx, schema,
+						     sa, msg, dsdb_dn, la_list,
+						     la_count, is_schema_nc);
+			if (!W_ERROR_IS_OK(werr)) {
+				talloc_free(tmp_ctx);
+				return werr;
+			}
+		}
+	}
+
+	talloc_free(tmp_ctx);
+	return WERR_OK;
+}
+
+/*
+  fill in the cursors return based on the replUpToDateVector for the ncRoot_dn
+ */
+static WERROR get_nc_changes_udv(struct ldb_context *sam_ctx,
+				 struct ldb_dn *ncRoot_dn,
+				 struct drsuapi_DsReplicaCursor2CtrEx *udv)
+{
+	int ret;
+
+	udv->version = 2;
+	udv->reserved1 = 0;
+	udv->reserved2 = 0;
+
+	ret = dsdb_load_udv_v2(sam_ctx, ncRoot_dn, udv, &udv->cursors, &udv->count);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,(__location__ ": Failed to load UDV for %s - %s\n",
+			 ldb_dn_get_linearized(ncRoot_dn), ldb_errstring(sam_ctx)));
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	return WERR_OK;
+}
+
+
+/* comparison function for linked attributes - see CompareLinks() in
+ * MS-DRSR section 4.1.10.5.17 */
+static int linked_attribute_compare(const struct la_for_sorting *la1,
+				    const struct la_for_sorting *la2)
+{
+	int c;
+	c = memcmp(la1->source_guid,
+		   la2->source_guid, sizeof(la2->source_guid));
+	if (c != 0) {
+		return c;
+	}
+
+	if (la1->link->attid != la2->link->attid) {
+		return la1->link->attid < la2->link->attid? -1:1;
+	}
+
+	if ((la1->link->flags & DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE) !=
+	    (la2->link->flags & DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE)) {
+		return (la1->link->flags &
+			DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE)? 1:-1;
+	}
+
+	return memcmp(la1->target_guid,
+		      la2->target_guid, sizeof(la2->target_guid));
+}
+
+struct drsuapi_changed_objects {
+	struct ldb_dn *dn;
+	struct GUID guid;
+	uint64_t usn;
+};
+
+
+/*
+  sort the objects we send by tree order (Samba 4.5 emulation)
+ */
+static int site_res_cmp_anc_order(struct drsuapi_changed_objects *m1,
+				  struct drsuapi_changed_objects *m2,
+				  struct drsuapi_getncchanges_state *getnc_state)
+{
+	return ldb_dn_compare(m2->dn, m1->dn);
+}
+
+/*
+  sort the objects we send first by uSNChanged
+ */
+static int site_res_cmp_usn_order(struct drsuapi_changed_objects *m1,
+				  struct drsuapi_changed_objects *m2,
+				  struct drsuapi_getncchanges_state *getnc_state)
+{
+	if (m1->usn == m2->usn) {
+		return ldb_dn_compare(m2->dn, m1->dn);
+	}
+
+	if (m1->usn < m2->usn) {
+		return -1;
+	}
+
+	return 1;
+}
+
+
+/*
+  handle a DRSUAPI_EXOP_FSMO_RID_ALLOC call
+ */
+static WERROR getncchanges_rid_alloc(struct drsuapi_bind_state *b_state,
+				     TALLOC_CTX *mem_ctx,
+				     struct drsuapi_DsGetNCChangesRequest10 *req10,
+				     struct drsuapi_DsGetNCChangesCtr6 *ctr6,
+				     struct ldb_dn **rid_manager_dn)
+{
+	struct ldb_dn *req_dn, *ntds_dn = NULL;
+	int ret;
+	struct ldb_context *ldb = b_state->sam_ctx;
+	struct ldb_result *ext_res;
+	struct dsdb_fsmo_extended_op *exop;
+	bool is_us;
+
+	/*
+	  steps:
+	    - verify that the DN being asked for is the RID Manager DN
+	    - verify that we are the RID Manager
+	 */
+
+	/* work out who is the RID Manager, also return to caller */
+	ret = samdb_rid_manager_dn(ldb, mem_ctx, rid_manager_dn);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0, (__location__ ": Failed to find RID Manager object - %s\n", ldb_errstring(ldb)));
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	ret = drs_ObjectIdentifier_to_dn_and_nc_root(mem_ctx,
+						     ldb,
+						     req10->naming_context,
+						     &req_dn,
+						     NULL);
+	if (ret != LDB_SUCCESS) {
+		DBG_ERR("RID Alloc request for invalid DN %s: %s\n",
+			drs_ObjectIdentifier_to_debug_string(mem_ctx, req10->naming_context),
+			ldb_strerror(ret));
+		ctr6->extended_ret = DRSUAPI_EXOP_ERR_MISMATCH;
+		return WERR_OK;
+	}
+
+	if (ldb_dn_compare(req_dn, *rid_manager_dn) != 0) {
+		/* that isn't the RID Manager DN */
+		DBG_ERR("RID Alloc request for wrong DN %s\n",
+			drs_ObjectIdentifier_to_debug_string(mem_ctx,
+							     req10->naming_context));
+		ctr6->extended_ret = DRSUAPI_EXOP_ERR_MISMATCH;
+		return WERR_OK;
+	}
+
+	/* TODO: make sure ntds_dn is a valid nTDSDSA object */
+	ret = dsdb_find_dn_by_guid(ldb, mem_ctx, &req10->destination_dsa_guid, 0, &ntds_dn);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0, (__location__ ": Unable to find NTDS object for guid %s - %s\n",
+			  GUID_string(mem_ctx, &req10->destination_dsa_guid), ldb_errstring(ldb)));
+		ctr6->extended_ret = DRSUAPI_EXOP_ERR_UNKNOWN_CALLER;
+		return WERR_OK;
+	}
+
+	/* find the DN of the RID Manager */
+	ret = samdb_reference_dn_is_our_ntdsa(ldb, *rid_manager_dn, "fSMORoleOwner", &is_us);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,("Failed to find fSMORoleOwner in RID Manager object\n"));
+		ctr6->extended_ret = DRSUAPI_EXOP_ERR_FSMO_NOT_OWNER;
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	if (!is_us) {
+		/* we're not the RID Manager - go away */
+		DEBUG(0,(__location__ ": RID Alloc request when not RID Manager\n"));
+		ctr6->extended_ret = DRSUAPI_EXOP_ERR_FSMO_NOT_OWNER;
+		return WERR_OK;
+	}
+
+	exop = talloc(mem_ctx, struct dsdb_fsmo_extended_op);
+	W_ERROR_HAVE_NO_MEMORY(exop);
+
+	exop->fsmo_info = req10->fsmo_info;
+	exop->destination_dsa_guid = req10->destination_dsa_guid;
+
+	ret = ldb_transaction_start(ldb);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,(__location__ ": Failed transaction start - %s\n",
+			 ldb_errstring(ldb)));
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	ret = ldb_extended(ldb, DSDB_EXTENDED_ALLOCATE_RID_POOL, exop, &ext_res);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,(__location__ ": Failed extended allocation RID pool operation - %s\n",
+			 ldb_errstring(ldb)));
+		ldb_transaction_cancel(ldb);
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	ret = ldb_transaction_commit(ldb);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,(__location__ ": Failed transaction commit - %s\n",
+			 ldb_errstring(ldb)));
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	talloc_free(ext_res);
+
+	DEBUG(2,("Allocated RID pool for server %s\n",
+		 GUID_string(mem_ctx, &req10->destination_dsa_guid)));
+
+	ctr6->extended_ret = DRSUAPI_EXOP_ERR_SUCCESS;
+
+	return WERR_OK;
+}
+
+/*
+  handle a DRSUAPI_EXOP_REPL_SECRET call
+ */
+static WERROR getncchanges_repl_secret(struct drsuapi_bind_state *b_state,
+				       TALLOC_CTX *mem_ctx,
+				       struct drsuapi_DsGetNCChangesRequest10 *req10,
+				       struct dom_sid *user_sid,
+				       struct drsuapi_DsGetNCChangesCtr6 *ctr6,
+				       bool has_get_all_changes,
+				       struct ldb_dn **machine_dn)
+{
+	struct drsuapi_DsReplicaObjectIdentifier *ncRoot = req10->naming_context;
+	struct ldb_dn *obj_dn = NULL;
+	struct ldb_message *ntds_msg = NULL;
+	struct ldb_dn *ntds_dn = NULL, *server_dn = NULL;
+	struct ldb_dn *rodc_dn, *krbtgt_link_dn;
+	int ret;
+	const char *ntds_attrs[] = { NULL };
+	const char *rodc_attrs[] = { "msDS-KrbTgtLink",
+				     "msDS-NeverRevealGroup",
+				     "msDS-RevealOnDemandGroup",
+				     "userAccountControl",
+				     NULL };
+	const char *obj_attrs[] = { "tokenGroups", "objectSid", "UserAccountControl", "msDS-KrbTgtLinkBL", NULL };
+	struct ldb_result *rodc_res = NULL, *obj_res = NULL;
+	WERROR werr;
+	struct GUID_txt_buf guid_buf;
+
+	DEBUG(3,(__location__ ": DRSUAPI_EXOP_REPL_SECRET extended op on %s\n",
+		 drs_ObjectIdentifier_to_debug_string(mem_ctx, ncRoot)));
+
+	/*
+	 * we need to work out if we will allow this DC to
+	 * replicate the secrets for this object
+	 *
+	 * see 4.1.10.5.14 GetRevealSecretsPolicyForUser for details
+	 * of this function
+	 */
+
+	if (b_state->sam_ctx_system == NULL) {
+		/* this operation needs system level access */
+		ctr6->extended_ret = DRSUAPI_EXOP_ERR_ACCESS_DENIED;
+		return WERR_DS_DRA_ACCESS_DENIED;
+	}
+
+	/*
+	 * Before we accept or deny, fetch the machine DN for the destination
+	 * DSA GUID.
+	 *
+	 * If we are the RODC, we will check that this matches the SID.
+	 */
+	ret = samdb_get_ntds_obj_by_guid(mem_ctx,
+					 b_state->sam_ctx_system,
+					 &req10->destination_dsa_guid,
+					 ntds_attrs,
+					 &ntds_msg);
+	if (ret != LDB_SUCCESS) {
+		goto dest_dsa_error;
+	}
+
+	ntds_dn = ntds_msg->dn;
+
+	server_dn = ldb_dn_get_parent(mem_ctx, ntds_dn);
+	if (server_dn == NULL) {
+		goto failed;
+	}
+
+	ret = samdb_reference_dn(b_state->sam_ctx_system, mem_ctx, server_dn,
+				 "serverReference", machine_dn);
+
+	if (ret != LDB_SUCCESS) {
+		goto dest_dsa_error;
+	}
+
+	/*
+	 * In MS-DRSR.pdf 5.99 IsGetNCChangesPermissionGranted
+	 *
+	 * The pseudo code indicate
+	 * revealsecrets = true
+	 * if IsRevealSecretRequest(msgIn) then
+	 *   if AccessCheckCAR(ncRoot, Ds-Replication-Get-Changes-All) = false
+	 *   then
+	 *     if (msgIn.ulExtendedOp = EXOP_REPL_SECRETS) then
+	 *     <... check if this account is ok to be replicated on this DC ...>
+	 *     <... and if not reveal secrets = no ...>
+	 *     else
+	 *       reveal secrets = false
+	 *     endif
+	 *   endif
+	 * endif
+	 *
+	 * Which basically means that if you have GET_ALL_CHANGES rights (~== RWDC)
+	 * then you can do EXOP_REPL_SECRETS
+	 */
+	ret = drs_ObjectIdentifier_to_dn_and_nc_root(mem_ctx,
+							b_state->sam_ctx_system,
+							ncRoot,
+							&obj_dn,
+							NULL);
+	if (ret != LDB_SUCCESS) {
+		DBG_ERR("RevealSecretRequest for invalid DN %s\n",
+			 drs_ObjectIdentifier_to_debug_string(mem_ctx, ncRoot));
+		goto failed;
+	}
+
+	if (!ldb_dn_validate(obj_dn)) goto failed;
+
+	if (has_get_all_changes) {
+		goto allowed;
+	}
+
+	rodc_dn = ldb_dn_new_fmt(mem_ctx, b_state->sam_ctx_system, "<SID=%s>",
+				 dom_sid_string(mem_ctx, user_sid));
+	if (!ldb_dn_validate(rodc_dn)) goto failed;
+
+	/*
+	 * do the two searches we need
+	 * We need DSDB_SEARCH_SHOW_EXTENDED_DN as we get a SID lists
+	 * out of the extended DNs
+	 */
+	ret = dsdb_search_dn(b_state->sam_ctx_system, mem_ctx, &rodc_res, rodc_dn, rodc_attrs,
+			     DSDB_SEARCH_SHOW_EXTENDED_DN);
+	if (ret != LDB_SUCCESS || rodc_res->count != 1) goto failed;
+
+	ret = dsdb_search_dn(b_state->sam_ctx_system, mem_ctx, &obj_res, obj_dn, obj_attrs, 0);
+	if (ret != LDB_SUCCESS || obj_res->count != 1) goto failed;
+
+	/*
+	 * Must be an RODC account at this point, verify machine DN matches the
+	 * SID account
+	 */
+	if (ldb_dn_compare(rodc_res->msgs[0]->dn, *machine_dn) != 0) {
+		goto denied;
+	}
+
+	/* an RODC is allowed to get its own krbtgt account secrets */
+	krbtgt_link_dn = samdb_result_dn(b_state->sam_ctx_system, mem_ctx,
+					 rodc_res->msgs[0], "msDS-KrbTgtLink", NULL);
+	if (krbtgt_link_dn != NULL &&
+	    ldb_dn_compare(obj_dn, krbtgt_link_dn) == 0) {
+		goto allowed;
+	}
+
+	werr = samdb_confirm_rodc_allowed_to_repl_to(b_state->sam_ctx_system,
+						     user_sid,
+						     rodc_res->msgs[0],
+						     obj_res->msgs[0]);
+
+	if (W_ERROR_IS_OK(werr)) {
+		goto allowed;
+	}
+
+	/* default deny */
+denied:
+	DEBUG(2,(__location__ ": Denied single object with secret replication for %s by RODC %s\n",
+		 ldb_dn_get_linearized(obj_dn), ldb_dn_get_linearized(rodc_res->msgs[0]->dn)));
+	ctr6->extended_ret = DRSUAPI_EXOP_ERR_NONE;
+	return WERR_DS_DRA_SECRETS_DENIED;
+
+allowed:
+	DEBUG(2,(__location__ ": Allowed single object with secret replication for %s by %s %s\n",
+		 ldb_dn_get_linearized(obj_dn), has_get_all_changes?"RWDC":"RODC",
+		 ldb_dn_get_linearized(*machine_dn)));
+	ctr6->extended_ret = DRSUAPI_EXOP_ERR_SUCCESS;
+	req10->highwatermark.highest_usn = 0;
+	return WERR_OK;
+
+failed:
+	DEBUG(2,(__location__ ": Failed single secret replication for %s by RODC %s\n",
+		 ldb_dn_get_linearized(obj_dn), dom_sid_string(mem_ctx, user_sid)));
+	ctr6->extended_ret = DRSUAPI_EXOP_ERR_NONE;
+	return WERR_DS_DRA_BAD_DN;
+
+dest_dsa_error:
+	DBG_WARNING("Failed secret replication for %s by RODC %s as dest_dsa_guid %s is invalid\n",
+		    ldb_dn_get_linearized(obj_dn),
+		    dom_sid_string(mem_ctx, user_sid),
+		    GUID_buf_string(&req10->destination_dsa_guid,
+				    &guid_buf));
+	ctr6->extended_ret = DRSUAPI_EXOP_ERR_NONE;
+	return WERR_DS_DRA_DB_ERROR;
+}
+
+/*
+  handle a DRSUAPI_EXOP_REPL_OBJ call
+ */
+static WERROR getncchanges_repl_obj(struct drsuapi_bind_state *b_state,
+				    TALLOC_CTX *mem_ctx,
+				    struct drsuapi_DsGetNCChangesRequest10 *req10,
+				    struct dom_sid *user_sid,
+				    struct drsuapi_DsGetNCChangesCtr6 *ctr6)
+{
+	struct drsuapi_DsReplicaObjectIdentifier *ncRoot = req10->naming_context;
+
+	DEBUG(3,(__location__ ": DRSUAPI_EXOP_REPL_OBJ extended op on %s\n",
+		 drs_ObjectIdentifier_to_debug_string(mem_ctx, ncRoot)));
+
+	ctr6->extended_ret = DRSUAPI_EXOP_ERR_SUCCESS;
+	return WERR_OK;
+}
+
+
+/*
+  handle DRSUAPI_EXOP_FSMO_REQ_ROLE,
+  DRSUAPI_EXOP_FSMO_RID_REQ_ROLE,
+  and DRSUAPI_EXOP_FSMO_REQ_PDC calls
+ */
+static WERROR getncchanges_change_master(struct drsuapi_bind_state *b_state,
+					 TALLOC_CTX *mem_ctx,
+					 struct drsuapi_DsGetNCChangesRequest10 *req10,
+					 struct drsuapi_DsGetNCChangesCtr6 *ctr6)
+{
+	struct ldb_dn *req_dn, *ntds_dn;
+	int ret;
+	unsigned int i;
+	struct ldb_context *ldb = b_state->sam_ctx;
+	struct ldb_message *msg;
+	bool is_us;
+
+	/*
+	  steps:
+	    - verify that the client dn exists
+	    - verify that we are the current master
+	 */
+
+	ret = drs_ObjectIdentifier_to_dn_and_nc_root(mem_ctx, ldb, req10->naming_context,
+						     &req_dn, NULL);
+	if (ret != LDB_SUCCESS) {
+		/* that is not a valid dn */
+		DBG_ERR("FSMO role transfer request for invalid DN %s: %s\n",
+			drs_ObjectIdentifier_to_debug_string(mem_ctx, req10->naming_context),
+			ldb_strerror(ret));
+		ctr6->extended_ret = DRSUAPI_EXOP_ERR_MISMATCH;
+		return WERR_OK;
+	}
+
+	/* find the DN of the current role owner */
+	ret = samdb_reference_dn_is_our_ntdsa(ldb, req_dn, "fSMORoleOwner", &is_us);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,("Failed to find fSMORoleOwner in RID Manager object\n"));
+		ctr6->extended_ret = DRSUAPI_EXOP_ERR_FSMO_NOT_OWNER;
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	if (!is_us) {
+		/* we're not the RID Manager or role owner - go away */
+		DEBUG(0,(__location__ ": FSMO role or RID manager transfer owner request when not role owner\n"));
+		ctr6->extended_ret = DRSUAPI_EXOP_ERR_FSMO_NOT_OWNER;
+		return WERR_OK;
+	}
+
+	/* change the current master */
+	msg = ldb_msg_new(ldb);
+	W_ERROR_HAVE_NO_MEMORY(msg);
+	ret = drs_ObjectIdentifier_to_dn_and_nc_root(msg, ldb, req10->naming_context,
+						     &msg->dn, NULL);
+	if (ret != LDB_SUCCESS) {
+		/* that is not a valid dn */
+		DBG_ERR("FSMO role transfer request for invalid DN %s: %s\n",
+			drs_ObjectIdentifier_to_debug_string(mem_ctx, req10->naming_context),
+			ldb_strerror(ret));
+		ctr6->extended_ret = DRSUAPI_EXOP_ERR_MISMATCH;
+		return WERR_OK;
+	}
+
+	/* TODO: make sure ntds_dn is a valid nTDSDSA object */
+	ret = dsdb_find_dn_by_guid(ldb, msg, &req10->destination_dsa_guid, 0, &ntds_dn);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0, (__location__ ": Unable to find NTDS object for guid %s - %s\n",
+			  GUID_string(mem_ctx, &req10->destination_dsa_guid), ldb_errstring(ldb)));
+		talloc_free(msg);
+		ctr6->extended_ret = DRSUAPI_EXOP_ERR_UNKNOWN_CALLER;
+		return WERR_OK;
+	}
+
+	ret = ldb_msg_add_string(msg, "fSMORoleOwner", ldb_dn_get_linearized(ntds_dn));
+	if (ret != 0) {
+		talloc_free(msg);
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	for (i=0;i<msg->num_elements;i++) {
+		msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
+	}
+
+	ret = ldb_transaction_start(ldb);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,(__location__ ": Failed transaction start - %s\n",
+			 ldb_errstring(ldb)));
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	ret = ldb_modify(ldb, msg);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,(__location__ ": Failed to change current owner - %s\n",
+			 ldb_errstring(ldb)));
+		ldb_transaction_cancel(ldb);
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	ret = ldb_transaction_commit(ldb);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,(__location__ ": Failed transaction commit - %s\n",
+			 ldb_errstring(ldb)));
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	ctr6->extended_ret = DRSUAPI_EXOP_ERR_SUCCESS;
+
+	return WERR_OK;
+}
+
+/*
+  see if this getncchanges request includes a request to reveal secret information
+ */
+static WERROR dcesrv_drsuapi_is_reveal_secrets_request(struct drsuapi_bind_state *b_state,
+						       struct drsuapi_DsGetNCChangesRequest10 *req10,
+						       struct dsdb_schema_prefixmap *pfm_remote,
+						       bool *is_secret_request)
+{
+	enum drsuapi_DsExtendedOperation exop;
+	uint32_t i;
+	struct dsdb_schema *schema;
+	struct dsdb_syntax_ctx syntax_ctx;
+
+	*is_secret_request = true;
+
+	exop = req10->extended_op;
+
+	switch (exop) {
+	case DRSUAPI_EXOP_FSMO_REQ_ROLE:
+	case DRSUAPI_EXOP_FSMO_RID_ALLOC:
+	case DRSUAPI_EXOP_FSMO_RID_REQ_ROLE:
+	case DRSUAPI_EXOP_FSMO_REQ_PDC:
+	case DRSUAPI_EXOP_FSMO_ABANDON_ROLE:
+		/* FSMO exops can reveal secrets */
+		*is_secret_request = true;
+		return WERR_OK;
+	case DRSUAPI_EXOP_REPL_SECRET:
+	case DRSUAPI_EXOP_REPL_OBJ:
+	case DRSUAPI_EXOP_NONE:
+		break;
+	}
+
+	if (req10->replica_flags & DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING) {
+		*is_secret_request = false;
+		return WERR_OK;
+	}
+
+	if (exop == DRSUAPI_EXOP_REPL_SECRET ||
+	    req10->partial_attribute_set == NULL) {
+		/* they want secrets */
+		*is_secret_request = true;
+		return WERR_OK;
+	}
+
+	schema = dsdb_get_schema(b_state->sam_ctx, NULL);
+	dsdb_syntax_ctx_init(&syntax_ctx, b_state->sam_ctx, schema);
+	syntax_ctx.pfm_remote = pfm_remote;
+
+	/* check the attributes they asked for */
+	for (i=0; i<req10->partial_attribute_set->num_attids; i++) {
+		const struct dsdb_attribute *sa;
+		WERROR werr = getncchanges_attid_remote_to_local(schema,
+								 &syntax_ctx,
+								 req10->partial_attribute_set->attids[i],
+								 NULL,
+								 &sa);
+
+		if (!W_ERROR_IS_OK(werr)) {
+			DEBUG(0,(__location__": attid 0x%08X not found: %s\n",
+				 req10->partial_attribute_set->attids[i], win_errstr(werr)));
+			return werr;
+		}
+
+		if (!dsdb_attr_in_rodc_fas(sa)) {
+			*is_secret_request = true;
+			return WERR_OK;
+		}
+	}
+
+	if (req10->partial_attribute_set_ex) {
+		/* check the extended attributes they asked for */
+		for (i=0; i<req10->partial_attribute_set_ex->num_attids; i++) {
+			const struct dsdb_attribute *sa;
+			WERROR werr = getncchanges_attid_remote_to_local(schema,
+									 &syntax_ctx,
+									 req10->partial_attribute_set_ex->attids[i],
+									 NULL,
+									 &sa);
+
+			if (!W_ERROR_IS_OK(werr)) {
+				DEBUG(0,(__location__": attid 0x%08X not found: %s\n",
+					 req10->partial_attribute_set_ex->attids[i], win_errstr(werr)));
+				return werr;
+			}
+
+			if (!dsdb_attr_in_rodc_fas(sa)) {
+				*is_secret_request = true;
+				return WERR_OK;
+			}
+		}
+	}
+
+	*is_secret_request = false;
+	return WERR_OK;
+}
+
+/*
+  see if this getncchanges request is only for attributes in the GC
+  partial attribute set
+ */
+static WERROR dcesrv_drsuapi_is_gc_pas_request(struct drsuapi_bind_state *b_state,
+					       struct drsuapi_DsGetNCChangesRequest10 *req10,
+					       struct dsdb_schema_prefixmap *pfm_remote,
+					       bool *is_gc_pas_request)
+{
+	enum drsuapi_DsExtendedOperation exop;
+	uint32_t i;
+	struct dsdb_schema *schema;
+	struct dsdb_syntax_ctx syntax_ctx;
+
+	exop = req10->extended_op;
+
+	switch (exop) {
+	case DRSUAPI_EXOP_FSMO_REQ_ROLE:
+	case DRSUAPI_EXOP_FSMO_RID_ALLOC:
+	case DRSUAPI_EXOP_FSMO_RID_REQ_ROLE:
+	case DRSUAPI_EXOP_FSMO_REQ_PDC:
+	case DRSUAPI_EXOP_FSMO_ABANDON_ROLE:
+	case DRSUAPI_EXOP_REPL_SECRET:
+		*is_gc_pas_request = false;
+		return WERR_OK;
+	case DRSUAPI_EXOP_REPL_OBJ:
+	case DRSUAPI_EXOP_NONE:
+		break;
+	}
+
+	if (req10->partial_attribute_set == NULL) {
+		/* they want it all */
+		*is_gc_pas_request = false;
+		return WERR_OK;
+	}
+
+	schema = dsdb_get_schema(b_state->sam_ctx, NULL);
+	dsdb_syntax_ctx_init(&syntax_ctx, b_state->sam_ctx, schema);
+	syntax_ctx.pfm_remote = pfm_remote;
+
+	/* check the attributes they asked for */
+	for (i=0; i<req10->partial_attribute_set->num_attids; i++) {
+		const struct dsdb_attribute *sa;
+		WERROR werr = getncchanges_attid_remote_to_local(schema,
+								 &syntax_ctx,
+								 req10->partial_attribute_set->attids[i],
+								 NULL,
+								 &sa);
+
+		if (!W_ERROR_IS_OK(werr)) {
+			DEBUG(0,(__location__": attid 0x%08X not found: %s\n",
+				 req10->partial_attribute_set->attids[i], win_errstr(werr)));
+			return werr;
+		}
+
+		if (!sa->isMemberOfPartialAttributeSet) {
+			*is_gc_pas_request = false;
+			return WERR_OK;
+		}
+	}
+
+	if (req10->partial_attribute_set_ex) {
+		/* check the extended attributes they asked for */
+		for (i=0; i<req10->partial_attribute_set_ex->num_attids; i++) {
+			const struct dsdb_attribute *sa;
+			WERROR werr = getncchanges_attid_remote_to_local(schema,
+									 &syntax_ctx,
+									 req10->partial_attribute_set_ex->attids[i],
+									 NULL,
+									 &sa);
+
+			if (!W_ERROR_IS_OK(werr)) {
+				DEBUG(0,(__location__": attid 0x%08X not found: %s\n",
+					 req10->partial_attribute_set_ex->attids[i], win_errstr(werr)));
+				return werr;
+			}
+
+			if (!sa->isMemberOfPartialAttributeSet) {
+				*is_gc_pas_request = false;
+				return WERR_OK;
+			}
+		}
+	}
+
+	*is_gc_pas_request = true;
+	return WERR_OK;
+}
+
+
+/*
+  map from req8 to req10
+ */
+static struct drsuapi_DsGetNCChangesRequest10 *
+getncchanges_map_req8(TALLOC_CTX *mem_ctx,
+		      struct drsuapi_DsGetNCChangesRequest8 *req8)
+{
+	struct drsuapi_DsGetNCChangesRequest10 *req10 = talloc_zero(mem_ctx,
+								    struct drsuapi_DsGetNCChangesRequest10);
+	if (req10 == NULL) {
+		return NULL;
+	}
+
+	req10->destination_dsa_guid = req8->destination_dsa_guid;
+	req10->source_dsa_invocation_id = req8->source_dsa_invocation_id;
+	req10->naming_context = req8->naming_context;
+	req10->highwatermark = req8->highwatermark;
+	req10->uptodateness_vector = req8->uptodateness_vector;
+	req10->replica_flags = req8->replica_flags;
+	req10->max_object_count = req8->max_object_count;
+	req10->max_ndr_size = req8->max_ndr_size;
+	req10->extended_op = req8->extended_op;
+	req10->fsmo_info = req8->fsmo_info;
+	req10->partial_attribute_set = req8->partial_attribute_set;
+	req10->partial_attribute_set_ex = req8->partial_attribute_set_ex;
+	req10->mapping_ctr = req8->mapping_ctr;
+
+	return req10;
+}
+
+static const char *collect_objects_attrs[] = { "uSNChanged",
+					       "objectGUID" ,
+					       NULL };
+
+/**
+ * Collects object for normal replication cycle.
+ */
+static WERROR getncchanges_collect_objects(struct drsuapi_bind_state *b_state,
+					   TALLOC_CTX *mem_ctx,
+					   struct drsuapi_getncchanges_state *getnc_state,
+					   struct drsuapi_DsGetNCChangesRequest10 *req10,
+					   struct ldb_dn *search_dn,
+					   const char *extra_filter,
+					   struct ldb_result **search_res)
+{
+	int ret;
+	char* search_filter;
+	enum ldb_scope scope = LDB_SCOPE_SUBTREE;
+	bool critical_only = false;
+
+	if (req10->replica_flags & DRSUAPI_DRS_CRITICAL_ONLY) {
+		critical_only = true;
+	}
+
+	if (req10->extended_op == DRSUAPI_EXOP_REPL_OBJ ||
+	    req10->extended_op == DRSUAPI_EXOP_REPL_SECRET) {
+		scope = LDB_SCOPE_BASE;
+		critical_only = false;
+	}
+
+	/* Construct response. */
+	search_filter = talloc_asprintf(mem_ctx,
+					"(uSNChanged>=%llu)",
+					(unsigned long long)(getnc_state->min_usn+1));
+
+	if (extra_filter) {
+		search_filter = talloc_asprintf(mem_ctx, "(&%s(%s))", search_filter, extra_filter);
+	}
+
+	if (critical_only) {
+		search_filter = talloc_asprintf(mem_ctx,
+						"(&%s(isCriticalSystemObject=TRUE))",
+						search_filter);
+	}
+
+	if (req10->replica_flags & DRSUAPI_DRS_ASYNC_REP) {
+		scope = LDB_SCOPE_BASE;
+	}
+
+	if (!search_dn) {
+		search_dn = getnc_state->ncRoot_dn;
+	}
+
+	DEBUG(2,(__location__ ": getncchanges on %s using filter %s\n",
+		 ldb_dn_get_linearized(getnc_state->ncRoot_dn), search_filter));
+	ret = drsuapi_search_with_extended_dn(b_state->sam_ctx, getnc_state, search_res,
+					      search_dn, scope,
+					      collect_objects_attrs,
+					      search_filter);
+	if (ret != LDB_SUCCESS) {
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	return WERR_OK;
+}
+
+/**
+ * Collects object for normal replication cycle.
+ */
+static WERROR getncchanges_collect_objects_exop(struct drsuapi_bind_state *b_state,
+						TALLOC_CTX *mem_ctx,
+						struct drsuapi_getncchanges_state *getnc_state,
+						struct drsuapi_DsGetNCChangesRequest10 *req10,
+						struct drsuapi_DsGetNCChangesCtr6 *ctr6,
+						struct ldb_dn *search_dn,
+						const char *extra_filter,
+						struct ldb_result **search_res)
+{
+	/* we have nothing to do in case of ex-op failure */
+	if (ctr6->extended_ret != DRSUAPI_EXOP_ERR_SUCCESS) {
+		return WERR_OK;
+	}
+
+	switch (req10->extended_op) {
+	case DRSUAPI_EXOP_FSMO_RID_ALLOC:
+	{
+		int ret;
+		struct ldb_dn *ntds_dn = NULL;
+		struct ldb_dn *server_dn = NULL;
+		struct ldb_dn *machine_dn = NULL;
+		struct ldb_dn *rid_set_dn = NULL;
+		struct ldb_result *search_res2 = NULL;
+		struct ldb_result *search_res3 = NULL;
+		TALLOC_CTX *frame = talloc_stackframe();
+		/* get RID manager, RID set and server DN (in that order) */
+
+		/* This first search will get the RID Manager */
+		ret = drsuapi_search_with_extended_dn(b_state->sam_ctx, frame,
+						      search_res,
+						      search_dn, LDB_SCOPE_BASE,
+						      collect_objects_attrs,
+						      NULL);
+		if (ret != LDB_SUCCESS) {
+			DEBUG(1, ("DRSUAPI_EXOP_FSMO_RID_ALLOC: Failed to get RID Manager object %s - %s\n",
+				  ldb_dn_get_linearized(search_dn),
+				  ldb_errstring(b_state->sam_ctx)));
+			TALLOC_FREE(frame);
+			return WERR_DS_DRA_INTERNAL_ERROR;
+		}
+
+		if ((*search_res)->count != 1) {
+			DEBUG(1, ("DRSUAPI_EXOP_FSMO_RID_ALLOC: Failed to get RID Manager object %s - %u objects returned\n",
+				  ldb_dn_get_linearized(search_dn),
+				  (*search_res)->count));
+			TALLOC_FREE(frame);
+			return WERR_DS_DRA_INTERNAL_ERROR;
+		}
+
+		/* Now extend it to the RID set */
+
+		/* Find the computer account DN for the destination
+		 * dsa GUID specified */
+
+		ret = dsdb_find_dn_by_guid(b_state->sam_ctx, frame,
+					   &req10->destination_dsa_guid, 0,
+					   &ntds_dn);
+		if (ret != LDB_SUCCESS) {
+			DEBUG(1, ("DRSUAPI_EXOP_FSMO_RID_ALLOC: Unable to find NTDS object for guid %s - %s\n",
+				  GUID_string(frame,
+					      &req10->destination_dsa_guid),
+				  ldb_errstring(b_state->sam_ctx)));
+			TALLOC_FREE(frame);
+			return WERR_DS_DRA_INTERNAL_ERROR;
+		}
+
+		server_dn = ldb_dn_get_parent(frame, ntds_dn);
+		if (!server_dn) {
+			TALLOC_FREE(frame);
+			return WERR_DS_DRA_INTERNAL_ERROR;
+		}
+
+		ret = samdb_reference_dn(b_state->sam_ctx, frame, server_dn,
+					 "serverReference", &machine_dn);
+		if (ret != LDB_SUCCESS) {
+			DEBUG(1, ("DRSUAPI_EXOP_FSMO_RID_ALLOC: Failed to find serverReference in %s - %s\n",
+				  ldb_dn_get_linearized(server_dn),
+				  ldb_errstring(b_state->sam_ctx)));
+			TALLOC_FREE(frame);
+			return WERR_DS_DRA_INTERNAL_ERROR;
+		}
+
+		ret = samdb_reference_dn(b_state->sam_ctx, frame, machine_dn,
+					 "rIDSetReferences", &rid_set_dn);
+		if (ret != LDB_SUCCESS) {
+			DEBUG(1, ("DRSUAPI_EXOP_FSMO_RID_ALLOC: Failed to find rIDSetReferences in %s - %s\n",
+				  ldb_dn_get_linearized(server_dn),
+				  ldb_errstring(b_state->sam_ctx)));
+			TALLOC_FREE(frame);
+			return WERR_DS_DRA_INTERNAL_ERROR;
+		}
+
+
+		/* This first search will get the RID Manager, now get the RID set */
+		ret = drsuapi_search_with_extended_dn(b_state->sam_ctx, frame,
+						      &search_res2,
+						      rid_set_dn, LDB_SCOPE_BASE,
+						      collect_objects_attrs,
+						      NULL);
+		if (ret != LDB_SUCCESS) {
+			DEBUG(1, ("DRSUAPI_EXOP_FSMO_RID_ALLOC: Failed to get RID Set object %s - %s\n",
+				  ldb_dn_get_linearized(rid_set_dn),
+				  ldb_errstring(b_state->sam_ctx)));
+			TALLOC_FREE(frame);
+			return WERR_DS_DRA_INTERNAL_ERROR;
+		}
+
+		if (search_res2->count != 1) {
+			DEBUG(1, ("DRSUAPI_EXOP_FSMO_RID_ALLOC: Failed to get RID Set object %s - %u objects returned\n",
+				  ldb_dn_get_linearized(rid_set_dn),
+				  search_res2->count));
+			TALLOC_FREE(frame);
+			return WERR_DS_DRA_INTERNAL_ERROR;
+		}
+
+		/* Finally get the server DN */
+		ret = drsuapi_search_with_extended_dn(b_state->sam_ctx, frame,
+						      &search_res3,
+						      machine_dn, LDB_SCOPE_BASE,
+						      collect_objects_attrs,
+						      NULL);
+		if (ret != LDB_SUCCESS) {
+			DEBUG(1, ("DRSUAPI_EXOP_FSMO_RID_ALLOC: Failed to get server object %s - %s\n",
+				  ldb_dn_get_linearized(server_dn),
+				  ldb_errstring(b_state->sam_ctx)));
+			TALLOC_FREE(frame);
+			return WERR_DS_DRA_INTERNAL_ERROR;
+		}
+
+		if (search_res3->count != 1) {
+			DEBUG(1, ("DRSUAPI_EXOP_FSMO_RID_ALLOC: Failed to get server object %s - %u objects returned\n",
+				  ldb_dn_get_linearized(server_dn),
+				  search_res3->count));
+			TALLOC_FREE(frame);
+			return WERR_DS_DRA_INTERNAL_ERROR;
+		}
+
+		/* Now extend the original search_res with these answers */
+		(*search_res)->count = 3;
+
+		(*search_res)->msgs = talloc_realloc(frame, (*search_res)->msgs,
+						     struct ldb_message *,
+						     (*search_res)->count);
+		if ((*search_res)->msgs == NULL) {
+			TALLOC_FREE(frame);
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+
+
+		talloc_steal(mem_ctx, *search_res);
+		(*search_res)->msgs[1] =
+			talloc_steal((*search_res)->msgs, search_res2->msgs[0]);
+		(*search_res)->msgs[2] =
+			talloc_steal((*search_res)->msgs, search_res3->msgs[0]);
+
+		TALLOC_FREE(frame);
+		return WERR_OK;
+	}
+	default:
+		/* TODO: implement extended op specific collection
+		 * of objects. Right now we just normal procedure
+		 * for collecting objects */
+		return getncchanges_collect_objects(b_state,
+						    mem_ctx,
+						    getnc_state,
+						    req10,
+						    search_dn,
+						    extra_filter,
+						    search_res);
+	}
+}
+
+static void dcesrv_drsuapi_update_highwatermark(const struct ldb_message *msg,
+						uint64_t max_usn,
+						struct drsuapi_DsReplicaHighWaterMark *hwm)
+{
+	uint64_t uSN = ldb_msg_find_attr_as_uint64(msg, "uSNChanged", 0);
+
+	if (uSN > max_usn) {
+		/*
+		 * Only report the max_usn we had at the start
+		 * of the replication cycle.
+		 *
+		 * If this object has changed lately we better
+		 * let the destination dsa refetch the change.
+		 * This is better than the risk of losing some
+		 * objects or linked attributes.
+		 */
+		return;
+	}
+
+	if (uSN <= hwm->tmp_highest_usn) {
+		return;
+	}
+
+	hwm->tmp_highest_usn = uSN;
+	hwm->reserved_usn = 0;
+}
+
+/**
+ * Adds an object's GUID to the cache of objects already sent.
+ * This avoids us sending the same object multiple times when
+ * the GetNCChanges request uses a flag like GET_ANC.
+ */
+static WERROR dcesrv_drsuapi_obj_cache_add(struct db_context *obj_cache,
+					   const struct GUID *guid)
+{
+	enum ndr_err_code ndr_err;
+	uint8_t guid_buf[DRS_GUID_SIZE] = { 0, };
+	DATA_BLOB b = {
+		.data = guid_buf,
+		.length = sizeof(guid_buf),
+	};
+	TDB_DATA key = {
+		.dptr = b.data,
+		.dsize = b.length,
+	};
+	TDB_DATA val = {
+		.dptr = NULL,
+		.dsize = 0,
+	};
+	NTSTATUS status;
+
+	ndr_err = ndr_push_struct_into_fixed_blob(&b, guid,
+			(ndr_push_flags_fn_t)ndr_push_GUID);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	status = dbwrap_store(obj_cache, key, val, TDB_REPLACE);
+	if (!NT_STATUS_IS_OK(status)) {
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	return WERR_OK;
+}
+
+/**
+ * Checks if the object with the GUID specified already exists in the
+ * object cache, i.e. it's already been sent in a GetNCChanges response.
+ */
+static WERROR dcesrv_drsuapi_obj_cache_exists(struct db_context *obj_cache,
+					      const struct GUID *guid)
+{
+	enum ndr_err_code ndr_err;
+	uint8_t guid_buf[DRS_GUID_SIZE] = { 0, };
+	DATA_BLOB b = {
+		.data = guid_buf,
+		.length = sizeof(guid_buf),
+	};
+	TDB_DATA key = {
+		.dptr = b.data,
+		.dsize = b.length,
+	};
+	bool exists;
+
+	ndr_err = ndr_push_struct_into_fixed_blob(&b, guid,
+			(ndr_push_flags_fn_t)ndr_push_GUID);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	exists = dbwrap_exists(obj_cache, key);
+	if (!exists) {
+		return WERR_OBJECT_NOT_FOUND;
+	}
+
+	return WERR_OBJECT_NAME_EXISTS;
+}
+
+/**
+ * Copies the la_list specified into a sorted array, ready to be sent in a
+ * GetNCChanges response.
+ */
+static WERROR getncchanges_get_sorted_array(const struct drsuapi_DsReplicaLinkedAttribute *la_list,
+					    const uint32_t link_count,
+					    struct ldb_context *sam_ctx,
+					    TALLOC_CTX *mem_ctx,
+					    const struct dsdb_schema *schema,
+					    struct la_for_sorting **ret_array)
+{
+	int j;
+	struct la_for_sorting *guid_array;
+	WERROR werr = WERR_OK;
+
+	*ret_array = NULL;
+	guid_array = talloc_array(mem_ctx, struct la_for_sorting, link_count);
+	if (guid_array == NULL) {
+		DEBUG(0, ("Out of memory allocating %u linked attributes for sorting\n", link_count));
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	for (j = 0; j < link_count; j++) {
+
+		/* we need to get the target GUIDs to compare */
+		struct dsdb_dn *dn;
+		const struct drsuapi_DsReplicaLinkedAttribute *la = &la_list[j];
+		const struct dsdb_attribute *schema_attrib;
+		const struct ldb_val *target_guid;
+		DATA_BLOB source_guid;
+		TALLOC_CTX *frame = talloc_stackframe();
+		NTSTATUS status;
+
+		schema_attrib = dsdb_attribute_by_attributeID_id(schema, la->attid);
+
+		werr = dsdb_dn_la_from_blob(sam_ctx, schema_attrib, schema, frame, la->value.blob, &dn);
+		if (!W_ERROR_IS_OK(werr)) {
+			DEBUG(0,(__location__ ": Bad la blob in sort\n"));
+			TALLOC_FREE(frame);
+			return werr;
+		}
+
+		/* Extract the target GUID in NDR form */
+		target_guid = ldb_dn_get_extended_component(dn->dn, "GUID");
+		if (target_guid == NULL
+				|| target_guid->length != sizeof(guid_array[0].target_guid)) {
+			status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
+		} else {
+			/* Repack the source GUID as NDR for sorting */
+			status = GUID_to_ndr_blob(&la->identifier->guid,
+						  frame,
+						  &source_guid);
+		}
+
+		if (!NT_STATUS_IS_OK(status)
+				|| source_guid.length != sizeof(guid_array[0].source_guid)) {
+			DEBUG(0,(__location__ ": Bad la guid in sort\n"));
+			TALLOC_FREE(frame);
+			return ntstatus_to_werror(status);
+		}
+
+		guid_array[j].link = &la_list[j];
+		memcpy(guid_array[j].target_guid, target_guid->data,
+		       sizeof(guid_array[j].target_guid));
+		memcpy(guid_array[j].source_guid, source_guid.data,
+		       sizeof(guid_array[j].source_guid));
+		TALLOC_FREE(frame);
+	}
+
+	TYPESAFE_QSORT(guid_array, link_count, linked_attribute_compare);
+
+	*ret_array = guid_array;
+
+	return werr;
+}
+
+
+/**
+ * Adds any ancestor/parent objects of the child_obj specified.
+ * This is needed when the GET_ANC flag is specified in the request.
+ * @param new_objs if parents are added, this gets updated to point to a chain
+ * of parent objects (with the parents first and the child last)
+ */
+static WERROR getncchanges_add_ancestors(const struct GUID *parent_object_guid,
+					 struct ldb_dn *child_dn,
+					 TALLOC_CTX *mem_ctx,
+					 struct ldb_context *sam_ctx,
+					 struct drsuapi_getncchanges_state *getnc_state,
+					 struct dsdb_schema *schema,
+					 DATA_BLOB *session_key,
+					 struct drsuapi_DsGetNCChangesRequest10 *req10,
+					 uint32_t *local_pas,
+					 struct ldb_dn *machine_dn,
+					 struct drsuapi_DsReplicaObjectListItemEx **new_objs)
+{
+	int ret;
+	const struct GUID *next_anc_guid = NULL;
+	WERROR werr = WERR_OK;
+	static const char * const msg_attrs[] = {
+					    "*",
+					    "nTSecurityDescriptor",
+					    "parentGUID",
+					    "replPropertyMetaData",
+					    DSDB_SECRET_ATTRIBUTES,
+					    NULL };
+
+	next_anc_guid = parent_object_guid;
+
+	while (next_anc_guid != NULL) {
+		struct drsuapi_DsReplicaObjectListItemEx *anc_obj = NULL;
+		struct ldb_message *anc_msg = NULL;
+		struct ldb_result *anc_res = NULL;
+		struct ldb_dn *anc_dn = NULL;
+
+		/*
+		 * For the GET_ANC case (but not the 'send NC root
+		 * first' case), don't send an object twice.
+		 *
+		 * (If we've sent the object, then we've also sent all
+		 * its parents as well)
+		 */
+		if (getnc_state->obj_cache) {
+			werr = dcesrv_drsuapi_obj_cache_exists(getnc_state->obj_cache,
+							       next_anc_guid);
+			if (W_ERROR_EQUAL(werr, WERR_OBJECT_NAME_EXISTS)) {
+				return WERR_OK;
+			}
+			if (W_ERROR_IS_OK(werr)) {
+				return WERR_INTERNAL_ERROR;
+			}
+			if (!W_ERROR_EQUAL(werr, WERR_OBJECT_NOT_FOUND)) {
+				return werr;
+			}
+		}
+
+		anc_obj = talloc_zero(mem_ctx,
+				      struct drsuapi_DsReplicaObjectListItemEx);
+		if (anc_obj == NULL) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+
+		anc_dn = ldb_dn_new_fmt(anc_obj, sam_ctx, "<GUID=%s>",
+					GUID_string(anc_obj, next_anc_guid));
+		if (anc_dn == NULL) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+
+		ret = drsuapi_search_with_extended_dn(sam_ctx, anc_obj,
+						      &anc_res, anc_dn,
+						      LDB_SCOPE_BASE,
+						      msg_attrs, NULL);
+		if (ret != LDB_SUCCESS) {
+			const char *anc_str = NULL;
+			const char *obj_str = NULL;
+
+			anc_str = ldb_dn_get_extended_linearized(anc_obj,
+								 anc_dn,
+								 1);
+			obj_str = ldb_dn_get_extended_linearized(anc_obj,
+								 child_dn,
+								 1);
+
+			DBG_ERR("getncchanges: failed to fetch ANC "
+				"DN %s for DN %s - %s\n",
+				anc_str, obj_str, ldb_errstring(sam_ctx));
+			return WERR_DS_DRA_INCONSISTENT_DIT;
+		}
+
+		anc_msg = anc_res->msgs[0];
+
+		werr = get_nc_changes_build_object(anc_obj, anc_msg,
+						   sam_ctx,
+						   getnc_state,
+						   schema, session_key,
+						   req10,
+						   false, /* force_object_return */
+						   local_pas,
+						   machine_dn,
+						   next_anc_guid);
+		if (!W_ERROR_IS_OK(werr)) {
+			return werr;
+		}
+
+		/*
+		 * Regardless of whether we actually use it or not,
+		 * we add it to the cache so we don't look at it again
+		 *
+		 * The only time we are here without
+		 * getnc_state->obj_cache is for the forced addition
+		 * of the NC root to the start of the reply, this we
+		 * want to add each and every call..
+		 */
+		if (getnc_state->obj_cache) {
+			werr = dcesrv_drsuapi_obj_cache_add(getnc_state->obj_cache,
+							    next_anc_guid);
+			if (!W_ERROR_IS_OK(werr)) {
+				return werr;
+			}
+		}
+
+		/*
+		 * Any ancestors which are below the highwatermark
+		 * or uptodateness_vector shouldn't be added,
+		 * but we still look further up the
+		 * tree for ones which have been changed recently.
+		 */
+		if (anc_obj->meta_data_ctr != NULL) {
+
+			/*
+			 * prepend the parent to the list so that the client-side
+			 * adds the parent object before it adds the children
+			 */
+			anc_obj->next_object = *new_objs;
+			*new_objs = anc_obj;
+		}
+
+		anc_msg = NULL;
+		TALLOC_FREE(anc_res);
+		TALLOC_FREE(anc_dn);
+
+		/*
+		 * We may need to resolve more parents...
+		 */
+		next_anc_guid = anc_obj->parent_object_guid;
+	}
+	return werr;
+}
+
+/**
+ * Adds a list of new objects into the current chunk of replication data to send
+ */
+static void getncchanges_chunk_add_objects(struct getncchanges_repl_chunk *repl_chunk,
+					   struct drsuapi_DsReplicaObjectListItemEx *obj_list)
+{
+	struct drsuapi_DsReplicaObjectListItemEx *obj;
+
+	/*
+	 * We track the last object added to the replication chunk, so just add
+	 * the new object-list onto the end
+	 */
+	if (repl_chunk->object_list == NULL) {
+		repl_chunk->object_list = obj_list;
+	} else {
+		repl_chunk->last_object->next_object = obj_list;
+	}
+
+	for (obj = obj_list; obj != NULL; obj = obj->next_object) {
+		repl_chunk->object_count += 1;
+
+		/*
+		 * Remember the last object in the response - we'll use this to
+		 * link the next object(s) processed onto the existing list
+		 */
+		if (obj->next_object == NULL) {
+			repl_chunk->last_object = obj;
+		}
+	}
+}
+
+/**
+ * Gets the object to send, packed into an RPC struct ready to send. This also
+ * adds the object to the object cache, and adds any ancestors (if needed).
+ * @param msg - DB search result for the object to add
+ * @param guid - GUID of the object to add
+ * @param ret_obj_list - returns the object ready to be sent (in a list, along
+ * with any ancestors that might be needed). NULL if nothing to send.
+ */
+static WERROR getncchanges_get_obj_to_send(const struct ldb_message *msg,
+					   TALLOC_CTX *mem_ctx,
+					   struct ldb_context *sam_ctx,
+					   struct drsuapi_getncchanges_state *getnc_state,
+					   struct dsdb_schema *schema,
+					   DATA_BLOB *session_key,
+					   struct drsuapi_DsGetNCChangesRequest10 *req10,
+					   bool force_object_return,
+					   uint32_t *local_pas,
+					   struct ldb_dn *machine_dn,
+					   const struct GUID *guid,
+					   struct drsuapi_DsReplicaObjectListItemEx **ret_obj_list)
+{
+	struct drsuapi_DsReplicaObjectListItemEx *obj;
+	WERROR werr;
+
+	*ret_obj_list = NULL;
+
+	obj = talloc_zero(mem_ctx, struct drsuapi_DsReplicaObjectListItemEx);
+	W_ERROR_HAVE_NO_MEMORY(obj);
+
+	werr = get_nc_changes_build_object(obj, msg, sam_ctx, getnc_state,
+					   schema, session_key, req10,
+					   force_object_return,
+					   local_pas, machine_dn, guid);
+	if (!W_ERROR_IS_OK(werr)) {
+		return werr;
+	}
+
+	/*
+	 * The object may get filtered out by the UTDV's USN and not actually
+	 * sent, in which case there's nothing more to do here
+	 */
+	if (obj->meta_data_ctr == NULL) {
+		TALLOC_FREE(obj);
+		return WERR_OK;
+	}
+
+	if (getnc_state->obj_cache != NULL) {
+		werr = dcesrv_drsuapi_obj_cache_add(getnc_state->obj_cache,
+						    guid);
+		if (!W_ERROR_IS_OK(werr)) {
+			return werr;
+		}
+	}
+
+	*ret_obj_list = obj;
+
+	/*
+	 * If required, also add any ancestors that the client may need to know
+	 * about before it can resolve this object. These get prepended to the
+	 * ret_obj_list so the client adds them first.
+	 *
+	 * We allow this to be disabled to permit testing of a
+	 * client-side fallback for the broken behaviour in Samba 4.5
+	 * and earlier.
+	 */
+	if (getnc_state->is_get_anc
+	    && !getnc_state->broken_samba_4_5_get_anc_emulation) {
+		werr = getncchanges_add_ancestors(obj->parent_object_guid,
+						  msg->dn, mem_ctx,
+						  sam_ctx, getnc_state,
+						  schema, session_key,
+						  req10, local_pas,
+						  machine_dn, ret_obj_list);
+	}
+
+	return werr;
+}
+
+/**
+ * Returns the number of links that are waiting to be sent
+ */
+static uint32_t getncchanges_chunk_links_pending(struct getncchanges_repl_chunk *repl_chunk,
+						 struct drsuapi_getncchanges_state *getnc_state)
+{
+	uint32_t links_to_send = 0;
+
+	if (getnc_state->is_get_tgt) {
+
+		/*
+		 * when the GET_TGT flag is set, only include the linked
+		 * attributes whose target object has already been checked
+		 * (i.e. they're ready to send).
+		 */
+		if (repl_chunk->tgt_la_count > getnc_state->la_idx) {
+			links_to_send = (repl_chunk->tgt_la_count -
+					 getnc_state->la_idx);
+		}
+	} else {
+		links_to_send = getnc_state->la_count - getnc_state->la_idx;
+	}
+
+	return links_to_send;
+}
+
+/**
+ * Returns the max number of links that will fit in the current replication chunk
+ */
+static uint32_t getncchanges_chunk_max_links(struct getncchanges_repl_chunk *repl_chunk)
+{
+	uint32_t max_links = 0;
+
+	if (repl_chunk->max_links != DEFAULT_MAX_LINKS ||
+	    repl_chunk->max_objects != DEFAULT_MAX_OBJECTS) {
+
+		/*
+		 * We're using non-default settings, so don't try to adjust
+		 * them, just trust the user has configured decent values
+		 */
+		max_links = repl_chunk->max_links;
+
+	} else if (repl_chunk->max_links > repl_chunk->object_count) {
+
+		/*
+		 * This is just an approximate guess to avoid overfilling the
+		 * replication chunk. It's the logic we've used historically.
+		 * E.g. if we've already sent 1000 objects, then send 1000 fewer
+		 * links. For comparison, the max that Windows seems to send is
+		 * ~2700 links and ~250 objects (although this may vary based
+		 * on timeouts)
+		 */
+		max_links = repl_chunk->max_links - repl_chunk->object_count;
+	}
+
+	return max_links;
+}
+
+/**
+ * Returns true if the current GetNCChanges() call has taken longer than its
+ * allotted time. This prevents the client from timing out.
+ */
+static bool getncchanges_chunk_timed_out(struct getncchanges_repl_chunk *repl_chunk)
+{
+	return (time(NULL) - repl_chunk->start > repl_chunk->max_wait);
+}
+
+/**
+ * Returns true if the current chunk of replication data has reached the
+ * max_objects and/or max_links thresholds.
+ */
+static bool getncchanges_chunk_is_full(struct getncchanges_repl_chunk *repl_chunk,
+				       struct drsuapi_getncchanges_state *getnc_state)
+{
+	bool chunk_full = false;
+	uint32_t links_to_send;
+	uint32_t chunk_limit;
+
+	/* check if the current chunk is already full with objects */
+	if (repl_chunk->object_count >= repl_chunk->max_objects) {
+		chunk_full = true;
+
+	} else if (repl_chunk->object_count > 0 &&
+		   getncchanges_chunk_timed_out(repl_chunk)) {
+
+		/*
+		 * We've exceeded our allotted time building this chunk,
+		 * and we have at least one object to send back to the client
+		 */
+		chunk_full = true;
+
+	} else if (repl_chunk->immediate_link_sync) {
+
+		/* check if the chunk is already full with links */
+		links_to_send = getncchanges_chunk_links_pending(repl_chunk,
+								 getnc_state);
+
+		chunk_limit = getncchanges_chunk_max_links(repl_chunk);
+
+		/*
+		 * The chunk is full if we've got more links to send than will
+		 * fit in one chunk
+		 */
+		if (links_to_send > 0 && chunk_limit <= links_to_send) {
+			chunk_full = true;
+		}
+	}
+
+	return chunk_full;
+}
+
+/**
+ * Goes through any new linked attributes and checks that the target object
+ * will be known to the client, i.e. we've already sent it in an replication
+ * chunk. If not, then it adds the target object to the current replication
+ * chunk. This is only done when the client specifies DRS_GET_TGT.
+ */
+static WERROR getncchanges_chunk_add_la_targets(struct getncchanges_repl_chunk *repl_chunk,
+						struct drsuapi_getncchanges_state *getnc_state,
+						uint32_t start_la_index,
+						TALLOC_CTX *mem_ctx,
+						struct ldb_context *sam_ctx,
+						struct dsdb_schema *schema,
+						DATA_BLOB *session_key,
+						struct drsuapi_DsGetNCChangesRequest10 *req10,
+						uint32_t *local_pas,
+						struct ldb_dn *machine_dn)
+{
+	int ret;
+	uint32_t i;
+	uint32_t max_la_index;
+	uint32_t max_links;
+	uint32_t target_count = 0;
+	WERROR werr = WERR_OK;
+	static const char * const msg_attrs[] = {
+					    "*",
+					    "nTSecurityDescriptor",
+					    "parentGUID",
+					    "replPropertyMetaData",
+					    DSDB_SECRET_ATTRIBUTES,
+					    NULL };
+
+	/*
+	 * A object can potentially link to thousands of targets. Only bother
+	 * checking as many targets as will fit into the current response
+	 */
+	max_links = getncchanges_chunk_max_links(repl_chunk);
+	max_la_index = MIN(getnc_state->la_count,
+			   start_la_index + max_links);
+
+	/* loop through any linked attributes to check */
+	for (i = start_la_index;
+	     (i < max_la_index &&
+	      !getncchanges_chunk_is_full(repl_chunk, getnc_state));
+	     i++) {
+
+		struct GUID target_guid;
+		struct drsuapi_DsReplicaObjectListItemEx *new_objs = NULL;
+		const struct drsuapi_DsReplicaLinkedAttribute *la;
+		struct ldb_result *msg_res;
+		struct ldb_dn *search_dn;
+		TALLOC_CTX *tmp_ctx;
+		struct dsdb_dn *dn;
+		const struct dsdb_attribute *schema_attrib;
+		NTSTATUS status;
+		bool same_nc;
+
+		la = &getnc_state->la_list[i];
+		tmp_ctx = talloc_new(mem_ctx);
+
+		/*
+		 * Track what linked attribute targets we've checked. We might
+		 * not have time to check them all, so we should only send back
+		 * the ones we've actually checked.
+		 */
+		repl_chunk->tgt_la_count = i + 1;
+
+		/* get the GUID of the linked attribute's target object */
+		schema_attrib = dsdb_attribute_by_attributeID_id(schema,
+								 la->attid);
+
+		werr = dsdb_dn_la_from_blob(sam_ctx, schema_attrib, schema,
+					    tmp_ctx, la->value.blob, &dn);
+
+		if (!W_ERROR_IS_OK(werr)) {
+			DEBUG(0,(__location__ ": Bad la blob\n"));
+			return werr;
+		}
+
+		status = dsdb_get_extended_dn_guid(dn->dn, &target_guid, "GUID");
+
+		if (!NT_STATUS_IS_OK(status)) {
+			return ntstatus_to_werror(status);
+		}
+
+		/*
+		 * if the target isn't in the cache, then the client
+		 * might not know about it, so send the target now
+		 */
+		werr = dcesrv_drsuapi_obj_cache_exists(getnc_state->obj_cache,
+						       &target_guid);
+
+		if (W_ERROR_EQUAL(werr, WERR_OBJECT_NAME_EXISTS)) {
+
+			/* target already sent, nothing to do */
+			TALLOC_FREE(tmp_ctx);
+			continue;
+		}
+
+		same_nc = dsdb_objects_have_same_nc(sam_ctx, tmp_ctx, dn->dn,
+						    getnc_state->ncRoot_dn);
+
+		/* don't try to fetch target objects from another partition */
+		if (!same_nc) {
+			TALLOC_FREE(tmp_ctx);
+			continue;
+		}
+
+		search_dn = ldb_dn_new_fmt(tmp_ctx, sam_ctx, "<GUID=%s>",
+					   GUID_string(tmp_ctx, &target_guid));
+		W_ERROR_HAVE_NO_MEMORY(search_dn);
+
+		ret = drsuapi_search_with_extended_dn(sam_ctx, tmp_ctx,
+						      &msg_res, search_dn,
+						      LDB_SCOPE_BASE,
+						      msg_attrs, NULL);
+
+		/*
+		 * Don't fail the replication if we can't find the target.
+		 * This could happen for a one-way linked attribute, if the
+		 * target is deleted and then later expunged (thus, the source
+		 * object can be left with a hanging link). Continue to send
+		 * the the link (the client-side has already tried once with
+		 * GET_TGT, so it should just end up ignoring it).
+		 */
+		if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+			DBG_WARNING("Encountered unknown link target DN %s\n",
+				    ldb_dn_get_extended_linearized(tmp_ctx, dn->dn, 1));
+			TALLOC_FREE(tmp_ctx);
+			continue;
+
+		} else if (ret != LDB_SUCCESS) {
+			DBG_ERR("Failed to fetch link target DN %s - %s\n",
+				ldb_dn_get_extended_linearized(tmp_ctx, dn->dn, 1),
+				ldb_errstring(sam_ctx));
+			return WERR_DS_DRA_INCONSISTENT_DIT;
+		}
+
+		/*
+		 * Construct an object, ready to send (this will include
+		 * the object's ancestors as well, if GET_ANC is set)
+		 */
+		werr = getncchanges_get_obj_to_send(msg_res->msgs[0], mem_ctx,
+						    sam_ctx, getnc_state,
+						    schema, session_key, req10,
+						    false, local_pas,
+						    machine_dn, &target_guid,
+						    &new_objs);
+		if (!W_ERROR_IS_OK(werr)) {
+			return werr;
+		}
+
+		if (new_objs != NULL) {
+			target_count++;
+			getncchanges_chunk_add_objects(repl_chunk, new_objs);
+		}
+		TALLOC_FREE(tmp_ctx);
+	}
+
+	if (target_count > 0) {
+		DEBUG(3, ("GET_TGT: checked %u link-attrs, added %u target objs\n",
+			  i - start_la_index, target_count));
+	}
+
+	return WERR_OK;
+}
+
+/**
+ * Creates a helper struct used for building a chunk of replication data,
+ * i.e. used over a single call to dcesrv_drsuapi_DsGetNCChanges().
+ */
+static struct getncchanges_repl_chunk * getncchanges_chunk_new(TALLOC_CTX *mem_ctx,
+							       struct dcesrv_call_state *dce_call,
+							       struct drsuapi_DsGetNCChangesRequest10 *req10)
+{
+	struct getncchanges_repl_chunk *repl_chunk;
+
+	repl_chunk = talloc_zero(mem_ctx, struct getncchanges_repl_chunk);
+
+	repl_chunk->start = time(NULL);
+
+	repl_chunk->max_objects = lpcfg_parm_int(dce_call->conn->dce_ctx->lp_ctx, NULL,
+						 "drs", "max object sync",
+						 DEFAULT_MAX_OBJECTS);
+
+	/*
+	 * The client control here only applies in normal replication, not extended
+	 * operations, which return a fixed set, even if the caller
+	 * sets max_object_count == 0
+	 */
+	if (req10->extended_op == DRSUAPI_EXOP_NONE) {
+
+		/*
+		 * use this to force single objects at a time, which is useful
+		 * for working out what object is giving problems
+		 */
+		if (req10->max_object_count < repl_chunk->max_objects) {
+			repl_chunk->max_objects = req10->max_object_count;
+		}
+	}
+
+	repl_chunk->max_links =
+			lpcfg_parm_int(dce_call->conn->dce_ctx->lp_ctx, NULL,
+				       "drs", "max link sync",
+					DEFAULT_MAX_LINKS);
+
+	repl_chunk->immediate_link_sync =
+			lpcfg_parm_bool(dce_call->conn->dce_ctx->lp_ctx, NULL,
+					"drs", "immediate link sync", false);
+
+	/*
+	 * Maximum time that we can spend in a getncchanges
+	 * in order to avoid timeout of the other part.
+	 * 10 seconds by default.
+	 */
+	repl_chunk->max_wait = lpcfg_parm_int(dce_call->conn->dce_ctx->lp_ctx,
+					      NULL, "drs", "max work time", 10);
+
+	return repl_chunk;
+}
+
+/*
+  drsuapi_DsGetNCChanges
+
+  see MS-DRSR 4.1.10.5.2 for basic logic of this function
+*/
+WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				     struct drsuapi_DsGetNCChanges *r)
+{
+	struct auth_session_info *session_info =
+		dcesrv_call_session_info(dce_call);
+	struct imessaging_context *imsg_ctx =
+		dcesrv_imessaging_context(dce_call->conn);
+	struct drsuapi_DsReplicaObjectIdentifier *untrusted_ncRoot;
+	int ret;
+	uint32_t i, k;
+	struct dsdb_schema *schema;
+	struct drsuapi_DsReplicaOIDMapping_Ctr *ctr;
+	struct getncchanges_repl_chunk *repl_chunk;
+	NTSTATUS status;
+	DATA_BLOB session_key;
+	WERROR werr;
+	struct dcesrv_handle *h;
+	struct drsuapi_bind_state *b_state;
+	struct drsuapi_getncchanges_state *getnc_state = NULL;
+	struct drsuapi_DsGetNCChangesRequest10 *req10;
+	uint32_t options;
+	uint32_t link_count = 0;
+	struct ldb_dn *search_dn = NULL;
+	bool am_rodc;
+	enum security_user_level security_level;
+	struct ldb_context *sam_ctx;
+	struct dom_sid *user_sid;
+	bool is_secret_request;
+	bool is_gc_pas_request;
+	struct drsuapi_changed_objects *changes;
+	bool has_get_all_changes = false;
+	struct GUID invocation_id;
+	static const struct drsuapi_DsReplicaLinkedAttribute no_linked_attr;
+	struct dsdb_schema_prefixmap *pfm_remote = NULL;
+	bool full = true;
+	uint32_t *local_pas = NULL;
+	struct ldb_dn *machine_dn = NULL; /* Only used for REPL SECRET EXOP */
+
+	DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
+	b_state = h->data;
+
+	/* sam_ctx_system is not present for non-administrator users */
+	sam_ctx = b_state->sam_ctx_system?b_state->sam_ctx_system:b_state->sam_ctx;
+
+	invocation_id = *(samdb_ntds_invocation_id(sam_ctx));
+
+	*r->out.level_out = 6;
+
+	r->out.ctr->ctr6.linked_attributes_count = 0;
+	r->out.ctr->ctr6.linked_attributes = discard_const_p(struct drsuapi_DsReplicaLinkedAttribute, &no_linked_attr);
+
+	r->out.ctr->ctr6.object_count = 0;
+	r->out.ctr->ctr6.nc_object_count = 0;
+	r->out.ctr->ctr6.more_data = false;
+	r->out.ctr->ctr6.uptodateness_vector = NULL;
+	r->out.ctr->ctr6.source_dsa_guid = *(samdb_ntds_objectGUID(sam_ctx));
+	r->out.ctr->ctr6.source_dsa_invocation_id = *(samdb_ntds_invocation_id(sam_ctx));
+	r->out.ctr->ctr6.first_object = NULL;
+
+	/* Check request revision. 
+	 */
+	switch (r->in.level) {
+	case 8:
+		req10 = getncchanges_map_req8(mem_ctx, &r->in.req->req8);
+		if (req10 == NULL) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+		break;
+	case 10:
+		req10 = &r->in.req->req10;
+		break;
+	default:
+		DEBUG(0,(__location__ ": Request for DsGetNCChanges with unsupported level %u\n",
+			 r->in.level));
+		return WERR_REVISION_MISMATCH;
+	}
+
+	repl_chunk = getncchanges_chunk_new(mem_ctx, dce_call, req10);
+
+	if (repl_chunk == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	/* a RODC doesn't allow for any replication */
+	ret = samdb_rodc(sam_ctx, &am_rodc);
+	if (ret == LDB_SUCCESS && am_rodc) {
+		DEBUG(0,(__location__ ": DsGetNCChanges attempt on RODC\n"));
+		return WERR_DS_DRA_SOURCE_DISABLED;
+	}
+
+	/*
+	 * Help our tests pass by pre-checking the
+	 * destination_dsa_guid before the NC permissions.  Info on
+	 * valid DSA GUIDs is not sensitive so this isn't a leak
+	 */
+	switch (req10->extended_op) {
+	case DRSUAPI_EXOP_FSMO_REQ_ROLE:
+	case DRSUAPI_EXOP_FSMO_RID_ALLOC:
+	case DRSUAPI_EXOP_FSMO_RID_REQ_ROLE:
+	case DRSUAPI_EXOP_FSMO_REQ_PDC:
+	case DRSUAPI_EXOP_FSMO_ABANDON_ROLE:
+	{
+		const char *attrs[] = { NULL };
+
+		ret = samdb_get_ntds_obj_by_guid(mem_ctx,
+						 sam_ctx,
+						 &req10->destination_dsa_guid,
+						 attrs,
+						 NULL);
+		if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+			/*
+			 * Error out with an EXOP error but success at
+			 * the top level return value
+			 */
+			r->out.ctr->ctr6.extended_ret = DRSUAPI_EXOP_ERR_UNKNOWN_CALLER;
+			return WERR_OK;
+		} else if (ret != LDB_SUCCESS) {
+			return WERR_DS_DRA_INTERNAL_ERROR;
+		}
+
+		break;
+	}
+	case DRSUAPI_EXOP_REPL_SECRET:
+	case DRSUAPI_EXOP_REPL_OBJ:
+	case DRSUAPI_EXOP_NONE:
+		break;
+	}
+
+	/* Perform access checks. */
+	untrusted_ncRoot = req10->naming_context;
+	if (untrusted_ncRoot == NULL) {
+		DEBUG(0,(__location__ ": Request for DsGetNCChanges with no NC\n"));
+		return WERR_DS_DRA_INVALID_PARAMETER;
+	}
+
+	if (samdb_ntds_options(sam_ctx, &options) != LDB_SUCCESS) {
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	if ((options & DS_NTDSDSA_OPT_DISABLE_OUTBOUND_REPL) &&
+	    !(req10->replica_flags & DRSUAPI_DRS_SYNC_FORCED)) {
+		return WERR_DS_DRA_SOURCE_DISABLED;
+	}
+
+	user_sid = &session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
+
+	/*
+	 * all clients must have GUID_DRS_GET_CHANGES.  This finds the
+	 * actual NC root of the given value and checks that, allowing
+	 * REPL_OBJ to work safely
+	 */
+	werr = drs_security_access_check_nc_root(sam_ctx,
+						 mem_ctx,
+						 session_info->security_token,
+						 req10->naming_context,
+						 GUID_DRS_GET_CHANGES);
+
+	if (W_ERROR_EQUAL(werr, WERR_DS_DRA_BAD_NC)) {
+		/*
+		 * These extended operations need a different error if
+		 * the supplied DN can't be found
+		 */
+		switch (req10->extended_op) {
+		case DRSUAPI_EXOP_REPL_OBJ:
+		case DRSUAPI_EXOP_REPL_SECRET:
+			return WERR_DS_DRA_BAD_DN;
+		default:
+			return werr;
+		}
+	}
+	if (!W_ERROR_IS_OK(werr)) {
+		return werr;
+	}
+
+	if (dsdb_functional_level(sam_ctx) >= DS_DOMAIN_FUNCTION_2008) {
+		full = req10->partial_attribute_set == NULL &&
+		       req10->partial_attribute_set_ex == NULL;
+	} else {
+		full = (options & DRSUAPI_DRS_WRIT_REP) != 0;
+	}
+
+	werr = dsdb_schema_pfm_from_drsuapi_pfm(&req10->mapping_ctr, true,
+						mem_ctx, &pfm_remote, NULL);
+
+	/* We were supplied a partial attribute set, without the prefix map! */
+	if (!full && !W_ERROR_IS_OK(werr)) {
+		if (req10->mapping_ctr.num_mappings == 0) {
+			/*
+			 * Despite the fact MS-DRSR specifies that this shouldn't
+			 * happen, Windows RODCs will in fact not provide a prefixMap.
+			 */
+			DEBUG(5,(__location__ ": Failed to provide a remote prefixMap,"
+				 " falling back to local prefixMap\n"));
+		} else {
+			DEBUG(0,(__location__ ": Failed to decode remote prefixMap: %s\n",
+				 win_errstr(werr)));
+			return werr;
+		}
+	}
+
+	/* allowed if the GC PAS and client has
+	   GUID_DRS_GET_FILTERED_ATTRIBUTES */
+	werr = dcesrv_drsuapi_is_gc_pas_request(b_state, req10, pfm_remote, &is_gc_pas_request);
+	if (!W_ERROR_IS_OK(werr)) {
+		return werr;
+	}
+	if (is_gc_pas_request) {
+		werr = drs_security_access_check_nc_root(sam_ctx,
+							 mem_ctx,
+							 session_info->security_token,
+							 req10->naming_context,
+							 GUID_DRS_GET_FILTERED_ATTRIBUTES);
+		if (W_ERROR_IS_OK(werr)) {
+			goto allowed;
+		}
+	}
+
+	werr = dcesrv_drsuapi_is_reveal_secrets_request(b_state, req10,
+							pfm_remote,
+							&is_secret_request);
+	if (!W_ERROR_IS_OK(werr)) {
+		return werr;
+	}
+	if (is_secret_request) {
+		werr = drs_security_access_check_nc_root(sam_ctx,
+							 mem_ctx,
+							 session_info->security_token,
+							 req10->naming_context,
+							 GUID_DRS_GET_ALL_CHANGES);
+		if (!W_ERROR_IS_OK(werr)) {
+			/* Only bail if this is not a EXOP_REPL_SECRET */
+			if (req10->extended_op != DRSUAPI_EXOP_REPL_SECRET) {
+				return werr;
+			}
+		} else {
+			has_get_all_changes = true;
+		}
+	}
+
+allowed:
+	/* for non-administrator replications, check that they have
+	   given the correct source_dsa_invocation_id */
+	security_level = security_session_user_level(session_info,
+						     samdb_domain_sid(sam_ctx));
+	if (security_level == SECURITY_RO_DOMAIN_CONTROLLER) {
+		if (req10->replica_flags & DRSUAPI_DRS_WRIT_REP) {
+			/* we rely on this flag being unset for RODC requests */
+			req10->replica_flags &= ~DRSUAPI_DRS_WRIT_REP;
+		}
+	}
+
+	if (req10->replica_flags & DRSUAPI_DRS_FULL_SYNC_PACKET) {
+		/* Ignore the _in_ uptodateness vector*/
+		req10->uptodateness_vector = NULL;
+	}
+
+	if (GUID_all_zero(&req10->source_dsa_invocation_id)) {
+		req10->source_dsa_invocation_id = invocation_id;
+	}
+
+	if (!GUID_equal(&req10->source_dsa_invocation_id, &invocation_id)) {
+		/*
+		 * The given highwatermark is only valid relative to the
+		 * specified source_dsa_invocation_id.
+		 */
+		ZERO_STRUCT(req10->highwatermark);
+	}
+
+	/*
+	 * An extended operation is "special single-response cycle"
+	 * per MS-DRSR 4.1.10.1.1 "Start and Finish" so we don't need
+	 * to guess if this is a continuation of any long-term
+	 * state.
+	 *
+	 * Otherwise, maintain (including marking as stale, which is
+	 * what the below is for) the replication state.
+	 *
+	 * Note that point 5 "The server implementation MAY declare
+	 * the supplied values ... as too stale to use."  would allow
+	 * resetting the state at almost any point, Microsoft Azure AD
+	 * Connect will switch back and forth between a REPL_OBJ and a
+	 * full replication, so we must not reset the statue during
+	 * extended operations.
+	 */
+	if (req10->extended_op == DRSUAPI_EXOP_NONE &&
+	    b_state->getncchanges_full_repl_state != NULL) {
+		/*
+		 * Knowing that this is not an extended operation, we
+		 * can access (and validate) the full replication
+		 * state
+		 */
+		getnc_state = b_state->getncchanges_full_repl_state;
+	}
+
+	/* see if a previous replication has been abandoned */
+	if (getnc_state != NULL) {
+		struct ldb_dn *new_dn;
+		ret = drs_ObjectIdentifier_to_dn_and_nc_root(getnc_state,
+							     sam_ctx,
+							     untrusted_ncRoot,
+							     &new_dn,
+							     NULL);
+		if (ret != LDB_SUCCESS) {
+			/*
+			 * This can't fail as we have done this above
+			 * implicitly but not got the DN out, but
+			 * print a good error message regardless just
+			 * in case.
+			 */
+			DBG_ERR("Bad DN '%s' as Naming Context for GetNCChanges: %s\n",
+				drs_ObjectIdentifier_to_debug_string(mem_ctx, untrusted_ncRoot),
+				ldb_strerror(ret));
+			return WERR_DS_DRA_INVALID_PARAMETER;
+		}
+		if (ldb_dn_compare(new_dn, getnc_state->ncRoot_dn) != 0) {
+			DEBUG(0,(__location__ ": DsGetNCChanges 2nd replication on different DN %s %s (last_dn %s)\n",
+				 ldb_dn_get_linearized(new_dn),
+				 ldb_dn_get_linearized(getnc_state->ncRoot_dn),
+				 ldb_dn_get_linearized(getnc_state->last_dn)));
+			TALLOC_FREE(getnc_state);
+			b_state->getncchanges_full_repl_state = NULL;
+		}
+	}
+
+	if (getnc_state != NULL) {
+		ret = drsuapi_DsReplicaHighWaterMark_cmp(&getnc_state->last_hwm,
+							 &req10->highwatermark);
+		if (ret != 0) {
+			DEBUG(0,(__location__ ": DsGetNCChanges 2nd replication "
+				 "on DN %s %s highwatermark (last_dn %s)\n",
+				 ldb_dn_get_linearized(getnc_state->ncRoot_dn),
+				 (ret > 0) ? "older" : "newer",
+				 ldb_dn_get_linearized(getnc_state->last_dn)));
+			TALLOC_FREE(getnc_state);
+			b_state->getncchanges_full_repl_state = NULL;
+		}
+	}
+
+	 /*
+	  * This is either a new replication cycle, or an extended
+	  * operation.  A new cycle is triggered above by the
+	  * TALLOC_FREE() which sets getnc_state to NULL.
+	  */
+	if (getnc_state == NULL) {
+		struct ldb_result *res = NULL;
+		const char *attrs[] = {
+			"instanceType",
+			"objectGuID",
+			NULL
+		};
+		uint32_t nc_instanceType;
+		struct ldb_dn *ncRoot_dn;
+
+		ret = drs_ObjectIdentifier_to_dn_and_nc_root(mem_ctx,
+							     sam_ctx,
+							     untrusted_ncRoot,
+							     &ncRoot_dn,
+							     NULL);
+		if (ret != LDB_SUCCESS) {
+			DBG_ERR("Bad DN '%s' as Naming Context or EXOP DN for GetNCChanges: %s\n",
+				drs_ObjectIdentifier_to_debug_string(mem_ctx, untrusted_ncRoot),
+				ldb_strerror(ret));
+			return WERR_DS_DRA_BAD_DN;
+		}
+
+		ret = dsdb_search_dn(sam_ctx, mem_ctx, &res,
+				     ncRoot_dn, attrs,
+				     DSDB_SEARCH_SHOW_DELETED |
+				     DSDB_SEARCH_SHOW_RECYCLED);
+		if (ret != LDB_SUCCESS) {
+			DBG_WARNING("Failed to find ncRoot_dn %s\n",
+				    ldb_dn_get_linearized(ncRoot_dn));
+			return WERR_DS_DRA_BAD_DN;
+		}
+		nc_instanceType = ldb_msg_find_attr_as_int(res->msgs[0],
+							   "instanceType",
+							   0);
+
+		if (req10->extended_op != DRSUAPI_EXOP_NONE) {
+			r->out.ctr->ctr6.extended_ret = DRSUAPI_EXOP_ERR_SUCCESS;
+		}
+
+		/*
+		 * This is the first replication cycle and it is
+		 * a good place to handle extended operations
+		 *
+		 * FIXME: we don't fully support extended operations yet
+		 */
+		switch (req10->extended_op) {
+		case DRSUAPI_EXOP_NONE:
+			if ((nc_instanceType & INSTANCE_TYPE_IS_NC_HEAD) == 0) {
+				const char *dn_str
+					= ldb_dn_get_linearized(ncRoot_dn);
+
+				DBG_NOTICE("Rejecting full replication on "
+					   "not NC %s\n", dn_str);
+
+				return WERR_DS_CANT_FIND_EXPECTED_NC;
+			}
+
+			break;
+		case DRSUAPI_EXOP_FSMO_RID_ALLOC:
+			werr = getncchanges_rid_alloc(b_state, mem_ctx, req10, &r->out.ctr->ctr6, &search_dn);
+			W_ERROR_NOT_OK_RETURN(werr);
+			if (r->out.ctr->ctr6.extended_ret != DRSUAPI_EXOP_ERR_SUCCESS) {
+				return WERR_OK;
+			}
+			break;
+		case DRSUAPI_EXOP_REPL_SECRET:
+			werr = getncchanges_repl_secret(b_state, mem_ctx, req10,
+						        user_sid,
+						        &r->out.ctr->ctr6,
+						        has_get_all_changes,
+							&machine_dn);
+			r->out.result = werr;
+			W_ERROR_NOT_OK_RETURN(werr);
+			break;
+		case DRSUAPI_EXOP_FSMO_REQ_ROLE:
+			werr = getncchanges_change_master(b_state, mem_ctx, req10, &r->out.ctr->ctr6);
+			W_ERROR_NOT_OK_RETURN(werr);
+			if (r->out.ctr->ctr6.extended_ret != DRSUAPI_EXOP_ERR_SUCCESS) {
+				return WERR_OK;
+			}
+			break;
+		case DRSUAPI_EXOP_FSMO_RID_REQ_ROLE:
+			werr = getncchanges_change_master(b_state, mem_ctx, req10, &r->out.ctr->ctr6);
+			W_ERROR_NOT_OK_RETURN(werr);
+			if (r->out.ctr->ctr6.extended_ret != DRSUAPI_EXOP_ERR_SUCCESS) {
+				return WERR_OK;
+			}
+			break;
+		case DRSUAPI_EXOP_FSMO_REQ_PDC:
+			werr = getncchanges_change_master(b_state, mem_ctx, req10, &r->out.ctr->ctr6);
+			W_ERROR_NOT_OK_RETURN(werr);
+			if (r->out.ctr->ctr6.extended_ret != DRSUAPI_EXOP_ERR_SUCCESS) {
+				return WERR_OK;
+			}
+			break;
+		case DRSUAPI_EXOP_REPL_OBJ:
+			werr = getncchanges_repl_obj(b_state, mem_ctx, req10, user_sid, &r->out.ctr->ctr6);
+			r->out.result = werr;
+			W_ERROR_NOT_OK_RETURN(werr);
+			break;
+
+		case DRSUAPI_EXOP_FSMO_ABANDON_ROLE:
+
+			DEBUG(0,(__location__ ": Request for DsGetNCChanges unsupported extended op 0x%x\n",
+				 (unsigned)req10->extended_op));
+			return WERR_DS_DRA_NOT_SUPPORTED;
+		}
+
+		/*
+		 * Initialize the state, initially for the remainder
+		 * of this call (EXOPs)
+		 *
+		 * An extended operation is a "special single-response
+		 * cycle" per MS-DRSR 4.1.10.1.1 "Start and Finish"
+		 *
+		 */
+		getnc_state = talloc_zero(mem_ctx, struct drsuapi_getncchanges_state);
+		if (getnc_state == NULL) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+
+		if (req10->extended_op == DRSUAPI_EXOP_NONE) {
+			/*
+			 * Promote the memory to being a store of
+			 * long-term state that we will use over the
+			 * replication cycle for full replication
+			 * requests
+			 *
+			 * Store the state in a clearly named location
+			 * for pulling back only during full
+			 * replications
+			 */
+			b_state->getncchanges_full_repl_state
+				= talloc_steal(b_state, getnc_state);
+		}
+
+		getnc_state->ncRoot_dn = ncRoot_dn;
+		talloc_steal(getnc_state, ncRoot_dn);
+
+		getnc_state->ncRoot_guid = samdb_result_guid(res->msgs[0],
+							     "objectGUID");
+
+		/* find out if we are to replicate Schema NC */
+		ret = ldb_dn_compare_base(ldb_get_schema_basedn(sam_ctx),
+					  ncRoot_dn);
+		getnc_state->is_schema_nc = (0 == ret);
+
+		TALLOC_FREE(res);
+	}
+
+	/* we need the session key for encrypting password attributes */
+	status = dcesrv_auth_session_key(dce_call, &session_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,(__location__ ": Failed to get session key\n"));
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	/* 
+	   TODO: MS-DRSR section 4.1.10.1.1
+	   Work out if this is the start of a new cycle */
+
+	if (getnc_state->guids == NULL) {
+		const char *extra_filter;
+		struct ldb_result *search_res = NULL;
+		static const struct drsuapi_DsReplicaCursorCtrEx empty_udv;
+		const struct drsuapi_DsReplicaCursorCtrEx *udv = NULL;
+
+		extra_filter = lpcfg_parm_string(dce_call->conn->dce_ctx->lp_ctx, NULL, "drs", "object filter");
+
+		if (req10->extended_op == DRSUAPI_EXOP_NONE) {
+			if (req10->uptodateness_vector != NULL) {
+				udv = req10->uptodateness_vector;
+			} else {
+				udv = &empty_udv;
+			}
+
+			getnc_state->min_usn = req10->highwatermark.highest_usn;
+			for (i = 0; i < udv->count; i++) {
+				bool match;
+				const struct drsuapi_DsReplicaCursor *cur =
+					&udv->cursors[i];
+
+				match = GUID_equal(&invocation_id,
+						   &cur->source_dsa_invocation_id);
+				if (!match) {
+					continue;
+				}
+				if (cur->highest_usn > getnc_state->min_usn) {
+					getnc_state->min_usn = cur->highest_usn;
+				}
+				break;
+			}
+		} else {
+			/* We do not want REPL_SECRETS or REPL_SINGLE to return empty-handed */
+			udv = &empty_udv;
+			getnc_state->min_usn = 0;
+		}
+
+		getnc_state->max_usn = getnc_state->min_usn;
+
+		getnc_state->final_udv = talloc_zero(getnc_state,
+					struct drsuapi_DsReplicaCursor2CtrEx);
+		if (getnc_state->final_udv == NULL) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+		werr = get_nc_changes_udv(sam_ctx, getnc_state->ncRoot_dn,
+					  getnc_state->final_udv);
+		if (!W_ERROR_IS_OK(werr)) {
+			return werr;
+		}
+
+		if (req10->extended_op == DRSUAPI_EXOP_NONE) {
+			werr = getncchanges_collect_objects(b_state, mem_ctx,
+							    getnc_state, req10,
+							    search_dn, extra_filter,
+							    &search_res);
+		} else {
+			werr = getncchanges_collect_objects_exop(b_state, mem_ctx,
+								 getnc_state, req10,
+								 &r->out.ctr->ctr6,
+								 search_dn, extra_filter,
+								 &search_res);
+		}
+		W_ERROR_NOT_OK_RETURN(werr);
+
+		/* extract out the GUIDs list */
+		getnc_state->num_records = search_res ? search_res->count : 0;
+		getnc_state->guids = talloc_array(getnc_state, struct GUID, getnc_state->num_records);
+		W_ERROR_HAVE_NO_MEMORY(getnc_state->guids);
+
+		changes = talloc_array(getnc_state,
+				       struct drsuapi_changed_objects,
+				       getnc_state->num_records);
+		W_ERROR_HAVE_NO_MEMORY(changes);
+
+		for (i=0; i<getnc_state->num_records; i++) {
+			changes[i].dn = search_res->msgs[i]->dn;
+			changes[i].guid = samdb_result_guid(search_res->msgs[i], "objectGUID");
+			changes[i].usn = ldb_msg_find_attr_as_uint64(search_res->msgs[i], "uSNChanged", 0);
+
+			if (changes[i].usn > getnc_state->max_usn) {
+				getnc_state->max_usn = changes[i].usn;
+			}
+
+			if (req10->extended_op == DRSUAPI_EXOP_NONE &&
+			    GUID_equal(&changes[i].guid, &getnc_state->ncRoot_guid))
+			{
+				getnc_state->send_nc_root_first = true;
+			}
+		}
+
+		if (req10->extended_op == DRSUAPI_EXOP_NONE) {
+			getnc_state->is_get_anc =
+				((req10->replica_flags & DRSUAPI_DRS_GET_ANC) != 0);
+			if (getnc_state->is_get_anc
+				&& lpcfg_parm_bool(dce_call->conn->dce_ctx->lp_ctx,
+						    NULL,
+						    "drs",
+						    "broken_samba_4.5_get_anc_emulation",
+						   false)) {
+				getnc_state->broken_samba_4_5_get_anc_emulation = true;
+			}
+			if (lpcfg_parm_bool(dce_call->conn->dce_ctx->lp_ctx,
+					     NULL,
+					     "drs",
+					     "get_tgt_support",
+					     true)) {
+				getnc_state->is_get_tgt =
+					((req10->more_flags & DRSUAPI_DRS_GET_TGT) != 0);
+			}
+		}
+
+		/* RID_ALLOC returns 3 objects in a fixed order */
+		if (req10->extended_op == DRSUAPI_EXOP_FSMO_RID_ALLOC) {
+			/* Do nothing */
+		} else if (getnc_state->broken_samba_4_5_get_anc_emulation) {
+			LDB_TYPESAFE_QSORT(changes,
+					   getnc_state->num_records,
+					   getnc_state,
+					   site_res_cmp_anc_order);
+		} else {
+			LDB_TYPESAFE_QSORT(changes,
+					   getnc_state->num_records,
+					   getnc_state,
+					   site_res_cmp_usn_order);
+		}
+
+		for (i=0; i < getnc_state->num_records; i++) {
+			getnc_state->guids[i] = changes[i].guid;
+			if (GUID_all_zero(&getnc_state->guids[i])) {
+				DEBUG(2,("getncchanges: bad objectGUID from %s\n",
+					 ldb_dn_get_linearized(search_res->msgs[i]->dn)));
+				return WERR_DS_DRA_INTERNAL_ERROR;
+			}
+		}
+
+		getnc_state->final_hwm.tmp_highest_usn = getnc_state->max_usn;
+		getnc_state->final_hwm.reserved_usn = 0;
+		getnc_state->final_hwm.highest_usn = getnc_state->max_usn;
+
+		talloc_free(search_res);
+		talloc_free(changes);
+
+		/*
+		 * when using GET_ANC or GET_TGT, cache the objects that have
+		 * been already sent, to avoid sending them multiple times
+		 */
+		if (getnc_state->is_get_anc || getnc_state->is_get_tgt) {
+			DEBUG(3,("Using object cache, GET_ANC %u, GET_TGT %u\n",
+				 getnc_state->is_get_anc,
+				 getnc_state->is_get_tgt));
+
+			getnc_state->obj_cache = db_open_rbt(getnc_state);
+			if (getnc_state->obj_cache == NULL) {
+				return WERR_NOT_ENOUGH_MEMORY;
+			}
+		}
+	}
+
+	if (req10->uptodateness_vector) {
+		/* make sure its sorted */
+		TYPESAFE_QSORT(req10->uptodateness_vector->cursors,
+			       req10->uptodateness_vector->count,
+			       drsuapi_DsReplicaCursor_compare);
+	}
+
+	/* Prefix mapping */
+	schema = dsdb_get_schema(sam_ctx, mem_ctx);
+	if (!schema) {
+		DEBUG(0,("No schema in sam_ctx\n"));
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	r->out.ctr->ctr6.naming_context = talloc(mem_ctx, struct drsuapi_DsReplicaObjectIdentifier);
+	if (r->out.ctr->ctr6.naming_context == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	/*
+	 * Match Windows and echo back the original values from the request, even if
+	 * they say DummyDN for the string NC
+	 */
+	*r->out.ctr->ctr6.naming_context = *untrusted_ncRoot;
+
+	/* find the SID if there is one */
+	dsdb_find_sid_by_dn(sam_ctx, getnc_state->ncRoot_dn, &r->out.ctr->ctr6.naming_context->sid);
+
+	/* Set GUID */
+	r->out.ctr->ctr6.naming_context->guid = getnc_state->ncRoot_guid;
+
+	dsdb_get_oid_mappings_drsuapi(schema, true, mem_ctx, &ctr);
+	r->out.ctr->ctr6.mapping_ctr = *ctr;
+
+	r->out.ctr->ctr6.source_dsa_guid = *(samdb_ntds_objectGUID(sam_ctx));
+	r->out.ctr->ctr6.source_dsa_invocation_id = *(samdb_ntds_invocation_id(sam_ctx));
+
+	r->out.ctr->ctr6.old_highwatermark = req10->highwatermark;
+	r->out.ctr->ctr6.new_highwatermark = req10->highwatermark;
+
+	/*
+	 * If the client has already set GET_TGT then we know they can handle
+	 * receiving the linked attributes interleaved with the source objects
+	 */
+	if (getnc_state->is_get_tgt) {
+		repl_chunk->immediate_link_sync = true;
+	}
+
+	if (req10->partial_attribute_set != NULL) {
+		struct dsdb_syntax_ctx syntax_ctx;
+		uint32_t j = 0;
+
+		dsdb_syntax_ctx_init(&syntax_ctx, sam_ctx, schema);
+		syntax_ctx.pfm_remote = pfm_remote;
+
+		local_pas = talloc_array(b_state, uint32_t, req10->partial_attribute_set->num_attids);
+
+		for (j = 0; j < req10->partial_attribute_set->num_attids; j++) {
+			getncchanges_attid_remote_to_local(schema,
+							   &syntax_ctx,
+							   req10->partial_attribute_set->attids[j],
+							   (enum drsuapi_DsAttributeId *)&local_pas[j],
+							   NULL);
+		}
+
+		TYPESAFE_QSORT(local_pas,
+			       req10->partial_attribute_set->num_attids,
+			       uint32_t_ptr_cmp);
+	}
+
+	/*
+	 * If we have the NC root in this replication, send it
+	 * first regardless.  However, don't bump the USN now,
+	 * treat it as if it was sent early due to GET_ANC
+	 *
+	 * This is triggered for each call, so every page of responses
+	 * gets the NC root as the first object, up to the point where
+	 * it naturally occurs in the replication.
+	 */
+
+	if (getnc_state->send_nc_root_first) {
+		struct drsuapi_DsReplicaObjectListItemEx *new_objs = NULL;
+
+		werr = getncchanges_add_ancestors(&getnc_state->ncRoot_guid,
+						  NULL, mem_ctx,
+						  sam_ctx, getnc_state,
+						  schema, &session_key,
+						  req10, local_pas,
+						  machine_dn, &new_objs);
+
+		if (!W_ERROR_IS_OK(werr)) {
+			return werr;
+		}
+
+		getncchanges_chunk_add_objects(repl_chunk, new_objs);
+
+		DEBUG(8,(__location__ ": replicating NC root %s\n",
+			 ldb_dn_get_linearized(getnc_state->ncRoot_dn)));
+	}
+
+	/*
+	 * Check in case we're still processing the links from an object in the
+	 * previous chunk. We want to send the links (and any targets needed)
+	 * before moving on to the next object.
+	 */
+	if (getnc_state->is_get_tgt) {
+		werr = getncchanges_chunk_add_la_targets(repl_chunk,
+							 getnc_state,
+							 getnc_state->la_idx,
+							 mem_ctx, sam_ctx,
+							 schema, &session_key,
+							 req10, local_pas,
+							 machine_dn);
+
+		if (!W_ERROR_IS_OK(werr)) {
+			return werr;
+		}
+	}
+
+	for (i=getnc_state->num_processed;
+	     i<getnc_state->num_records &&
+		     !getncchanges_chunk_is_full(repl_chunk, getnc_state);
+	    i++) {
+		struct drsuapi_DsReplicaObjectListItemEx *new_objs = NULL;
+		struct ldb_message *msg;
+		static const char * const msg_attrs[] = {
+					    "*",
+					    "nTSecurityDescriptor",
+					    "parentGUID",
+					    "replPropertyMetaData",
+					    DSDB_SECRET_ATTRIBUTES,
+					    NULL };
+		struct ldb_result *msg_res;
+		struct ldb_dn *msg_dn;
+		bool obj_already_sent = false;
+		TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+		uint32_t old_la_index;
+
+		/*
+		 * Once we get to the 'natural' place to send the NC
+		 * root, stop sending it at the front of each reply
+		 * and make sure to suppress sending it now
+		 *
+		 * We don't just 'continue' here as we must send links
+		 * and unlike Windows we want to update the
+		 * tmp_highest_usn
+		 */
+
+		if (getnc_state->send_nc_root_first &&
+		    GUID_equal(&getnc_state->guids[i], &getnc_state->ncRoot_guid))
+		{
+			getnc_state->send_nc_root_first = false;
+			obj_already_sent = true;
+		}
+
+		msg_dn = ldb_dn_new_fmt(tmp_ctx, sam_ctx, "<GUID=%s>",
+					GUID_string(tmp_ctx, &getnc_state->guids[i]));
+		W_ERROR_HAVE_NO_MEMORY(msg_dn);
+
+		/*
+		 * by re-searching here we avoid having a lot of full
+		 * records in memory between calls to getncchanges.
+		 *
+		 * We expect that we may get some objects that vanish
+		 * (tombstone expunge) between the first and second
+		 * check.
+		 */
+		ret = drsuapi_search_with_extended_dn(sam_ctx, tmp_ctx, &msg_res,
+						      msg_dn,
+						      LDB_SCOPE_BASE, msg_attrs, NULL);
+		if (ret != LDB_SUCCESS) {
+			if (ret != LDB_ERR_NO_SUCH_OBJECT) {
+				DEBUG(1,("getncchanges: failed to fetch DN %s - %s\n",
+					 ldb_dn_get_extended_linearized(tmp_ctx, msg_dn, 1),
+					 ldb_errstring(sam_ctx)));
+			}
+			TALLOC_FREE(tmp_ctx);
+			continue;
+		}
+
+		if (msg_res->count == 0) {
+			DEBUG(1,("getncchanges: got LDB_SUCCESS but failed"
+				 "to get any results in fetch of DN "
+				 "%s (race with tombstone expunge?)\n",
+				 ldb_dn_get_extended_linearized(tmp_ctx,
+								msg_dn, 1)));
+			TALLOC_FREE(tmp_ctx);
+			continue;
+		}
+
+		msg = msg_res->msgs[0];
+
+		/*
+		 * Check if we've already sent the object as an ancestor of
+		 * another object. If so, we don't need to send it again
+		 */
+		if (getnc_state->obj_cache != NULL) {
+			werr = dcesrv_drsuapi_obj_cache_exists(getnc_state->obj_cache,
+							       &getnc_state->guids[i]);
+			if (W_ERROR_EQUAL(werr, WERR_OBJECT_NAME_EXISTS)) {
+				obj_already_sent = true;
+			}
+		}
+
+		if (!obj_already_sent) {
+			bool max_wait_reached;
+
+			max_wait_reached = getncchanges_chunk_timed_out(repl_chunk);
+
+			/*
+			 * Construct an object, ready to send (this will include
+			 * the object's ancestors as well, if needed)
+			 */
+			werr = getncchanges_get_obj_to_send(msg, mem_ctx, sam_ctx,
+							    getnc_state, schema,
+							    &session_key, req10,
+							    max_wait_reached,
+							    local_pas, machine_dn,
+							    &getnc_state->guids[i],
+							    &new_objs);
+			if (!W_ERROR_IS_OK(werr)) {
+				return werr;
+			}
+		}
+
+		old_la_index = getnc_state->la_count;
+
+		/*
+		 * We've reached the USN where this object naturally occurs.
+		 * Regardless of whether we've already sent the object (as an
+		 * ancestor), we add its links and update the HWM at this point
+		 */
+		werr = get_nc_changes_add_links(sam_ctx, getnc_state,
+						getnc_state->is_schema_nc,
+						schema, getnc_state->min_usn,
+						req10->replica_flags,
+						msg,
+						&getnc_state->la_list,
+						&getnc_state->la_count,
+						req10->uptodateness_vector);
+		if (!W_ERROR_IS_OK(werr)) {
+			return werr;
+		}
+
+		dcesrv_drsuapi_update_highwatermark(msg,
+					getnc_state->max_usn,
+					&r->out.ctr->ctr6.new_highwatermark);
+
+		if (new_objs != NULL) {
+
+			/*
+			 * Add the object (and, if GET_ANC, any parents it may
+			 * have) into the current chunk of replication data
+			 */
+			getncchanges_chunk_add_objects(repl_chunk, new_objs);
+
+			talloc_free(getnc_state->last_dn);
+			/*
+			 * talloc_steal() as we still need msg->dn to
+			 * be a valid pointer for the log on the next
+			 * line.
+			 *
+			 * msg only remains in scope for the next 25
+			 * lines or so anyway.
+			 */
+			getnc_state->last_dn = talloc_steal(getnc_state, msg->dn);
+		}
+
+		DEBUG(8,(__location__ ": %s object %s new tmp_highest_usn=%" PRIu64 "\n",
+			 new_objs ? "replicating" : "skipping send of",
+			 ldb_dn_get_linearized(msg->dn),
+			 r->out.ctr->ctr6.new_highwatermark.tmp_highest_usn));
+
+		getnc_state->total_links += (getnc_state->la_count - old_la_index);
+
+		/*
+		 * If the GET_TGT flag was set, check any new links added to
+		 * make sure the client knows about the link target object
+		 */
+		if (getnc_state->is_get_tgt) {
+			werr = getncchanges_chunk_add_la_targets(repl_chunk,
+								 getnc_state,
+								 old_la_index,
+								 mem_ctx, sam_ctx,
+								 schema, &session_key,
+								 req10, local_pas,
+								 machine_dn);
+
+			if (!W_ERROR_IS_OK(werr)) {
+				return werr;
+			}
+		}
+
+		TALLOC_FREE(tmp_ctx);
+	}
+
+	/* copy the constructed object list into the response message */
+	r->out.ctr->ctr6.object_count = repl_chunk->object_count;
+	r->out.ctr->ctr6.first_object = repl_chunk->object_list;
+
+	getnc_state->num_processed = i;
+
+	if (i < getnc_state->num_records) {
+		r->out.ctr->ctr6.more_data = true;
+	}
+
+	/* the client can us to call UpdateRefs on its behalf to
+	   re-establish monitoring of the NC */
+	if ((req10->replica_flags & (DRSUAPI_DRS_ADD_REF | DRSUAPI_DRS_REF_GCSPN)) &&
+	    !GUID_all_zero(&req10->destination_dsa_guid)) {
+		struct drsuapi_DsReplicaUpdateRefsRequest1 ureq;
+		DEBUG(3,("UpdateRefs on getncchanges for %s\n",
+			 GUID_string(mem_ctx, &req10->destination_dsa_guid)));
+
+		/*
+		 * We pass the pre-validation NC root here as
+		 * drsuapi_UpdateRefs() has to check its own input
+		 * values due to being called from
+		 * dcesrv_drsuapi_DsReplicaUpdateRefs()
+		 */
+
+		ureq.naming_context = untrusted_ncRoot;
+		ureq.dest_dsa_dns_name = samdb_ntds_msdcs_dns_name(sam_ctx, mem_ctx,
+								   &req10->destination_dsa_guid);
+		if (!ureq.dest_dsa_dns_name) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+		ureq.dest_dsa_guid = req10->destination_dsa_guid;
+		ureq.options = DRSUAPI_DRS_ADD_REF |
+			DRSUAPI_DRS_ASYNC_OP |
+			DRSUAPI_DRS_GETCHG_CHECK;
+
+		/* we also need to pass through the
+		   DRSUAPI_DRS_REF_GCSPN bit so that repsTo gets flagged
+		   to send notifies using the GC SPN */
+		ureq.options |= (req10->replica_flags & DRSUAPI_DRS_REF_GCSPN);
+
+		werr = drsuapi_UpdateRefs(imsg_ctx,
+					  dce_call->event_ctx,
+					  b_state,
+					  mem_ctx,
+					  &ureq);
+		if (!W_ERROR_IS_OK(werr)) {
+			DEBUG(0,(__location__ ": Failed UpdateRefs on %s for %s in DsGetNCChanges - %s\n",
+				 drs_ObjectIdentifier_to_debug_string(mem_ctx, untrusted_ncRoot),
+				 ureq.dest_dsa_dns_name,
+				 win_errstr(werr)));
+		}
+	}
+
+	/*
+	 * Work out how many links we can send in this chunk. The default is to
+	 * send all the links last, but there is a config option to send them
+	 * immediately, in the same chunk as their source object
+	 */
+	if (!r->out.ctr->ctr6.more_data || repl_chunk->immediate_link_sync) {
+		link_count = getncchanges_chunk_links_pending(repl_chunk,
+							      getnc_state);
+		link_count = MIN(link_count,
+				 getncchanges_chunk_max_links(repl_chunk));
+	}
+
+	/* If we've got linked attributes to send, add them now */
+	if (link_count > 0) {
+		struct la_for_sorting *la_sorted;
+
+		/*
+		 * Grab a chunk of linked attributes off the list and put them
+		 * in sorted array, ready to send
+		 */
+		werr = getncchanges_get_sorted_array(&getnc_state->la_list[getnc_state->la_idx],
+						     link_count,
+						     sam_ctx, getnc_state,
+						     schema,
+						     &la_sorted);
+		if (!W_ERROR_IS_OK(werr)) {
+			return werr;
+		}
+
+		r->out.ctr->ctr6.linked_attributes_count = link_count;
+		r->out.ctr->ctr6.linked_attributes = talloc_array(r->out.ctr, struct drsuapi_DsReplicaLinkedAttribute, link_count);
+		if (r->out.ctr->ctr6.linked_attributes == NULL) {
+			DEBUG(0, ("Out of memory allocating %u linked attributes for output\n", link_count));
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+
+		for (k = 0; k < link_count; k++) {
+			r->out.ctr->ctr6.linked_attributes[k] = *la_sorted[k].link;
+		}
+
+		getnc_state->la_idx += link_count;
+		getnc_state->links_given += link_count;
+
+		if (getnc_state->la_idx < getnc_state->la_count) {
+			r->out.ctr->ctr6.more_data = true;
+		} else {
+
+			/*
+			 * We've now sent all the links seen so far, so we can
+			 * reset la_list back to an empty list again. Note that
+			 * the steal means the linked attribute memory gets
+			 * freed after this RPC message is sent on the wire.
+			 */
+			talloc_steal(mem_ctx, getnc_state->la_list);
+			getnc_state->la_list = NULL;
+			getnc_state->la_idx = 0;
+			getnc_state->la_count = 0;
+		}
+
+		TALLOC_FREE(la_sorted);
+	}
+
+	if (req10->replica_flags & DRSUAPI_DRS_GET_NC_SIZE) {
+		/*
+		 * TODO: This implementation is wrong
+		 * we should find out the total number of
+		 * objects and links in the whole naming context
+		 * at the start of the cycle and return these
+		 * values in each message.
+		 *
+		 * For now we keep our current strategy and return
+		 * the number of objects for this cycle and the number
+		 * of links we found so far during the cycle.
+		 */
+		r->out.ctr->ctr6.nc_object_count = getnc_state->num_records;
+		r->out.ctr->ctr6.nc_linked_attributes_count = getnc_state->total_links;
+	}
+
+	if (req10->extended_op != DRSUAPI_EXOP_NONE) {
+		r->out.ctr->ctr6.uptodateness_vector = NULL;
+		r->out.ctr->ctr6.nc_object_count = 0;
+		ZERO_STRUCT(r->out.ctr->ctr6.new_highwatermark);
+	} else if (!r->out.ctr->ctr6.more_data) {
+
+		/* this is the last response in the replication cycle */
+		r->out.ctr->ctr6.new_highwatermark = getnc_state->final_hwm;
+		r->out.ctr->ctr6.uptodateness_vector = talloc_move(mem_ctx,
+								   &getnc_state->final_udv);
+
+		/*
+		 * Free the state info stored for the replication cycle. Note
+		 * that the RPC message we're sending contains links stored in
+		 * getnc_state. mem_ctx is local to this RPC call, so the memory
+		 * will get freed after the RPC message is sent on the wire.
+		 *
+		 * We must not do this for an EXOP, as that should not
+		 * end the replication state, which is why that is
+		 * checked first above.
+		 */
+		talloc_steal(mem_ctx, getnc_state);
+		b_state->getncchanges_full_repl_state = NULL;
+	} else {
+		ret = drsuapi_DsReplicaHighWaterMark_cmp(&r->out.ctr->ctr6.old_highwatermark,
+							 &r->out.ctr->ctr6.new_highwatermark);
+		if (ret == 0) {
+			/*
+			 * We need to make sure that we never return the
+			 * same highwatermark within the same replication
+			 * cycle more than once. Otherwise we cannot detect
+			 * when the client uses an unexpected highwatermark.
+			 *
+			 * This is a HACK which is needed because our
+			 * object ordering is wrong and set tmp_highest_usn
+			 * to a value that is higher than what we already
+			 * sent to the client (destination dsa).
+			 */
+			r->out.ctr->ctr6.new_highwatermark.reserved_usn += 1;
+		}
+
+		getnc_state->last_hwm = r->out.ctr->ctr6.new_highwatermark;
+	}
+
+	TALLOC_FREE(repl_chunk);
+
+	DEBUG(r->out.ctr->ctr6.more_data?4:2,
+	      ("DsGetNCChanges with uSNChanged >= %llu flags 0x%08x on %s gave %u objects (done %u/%u) %u links (done %u/%u (as %s))\n",
+	       (unsigned long long)(req10->highwatermark.highest_usn+1),
+	       req10->replica_flags,
+	       drs_ObjectIdentifier_to_debug_string(mem_ctx, untrusted_ncRoot),
+	       r->out.ctr->ctr6.object_count,
+	       i, r->out.ctr->ctr6.more_data?getnc_state->num_records:i,
+	       r->out.ctr->ctr6.linked_attributes_count,
+	       getnc_state->links_given, getnc_state->total_links,
+	       dom_sid_string(mem_ctx, user_sid)));
+
+#if 0
+	if (!r->out.ctr->ctr6.more_data && req10->extended_op != DRSUAPI_EXOP_NONE) {
+		NDR_PRINT_FUNCTION_DEBUG(drsuapi_DsGetNCChanges, NDR_BOTH, r);
+	}
+#endif
+
+	return WERR_OK;
+}
+
diff --git a/source4/rpc_server/drsuapi/updaterefs.c b/source4/rpc_server/drsuapi/updaterefs.c
new file mode 100644
index 0000000..fede4ba
--- /dev/null
+++ b/source4/rpc_server/drsuapi/updaterefs.c
@@ -0,0 +1,416 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   implement the DRSUpdateRefs call
+
+   Copyright (C) Andrew Tridgell 2009
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "rpc_server/dcerpc_server.h"
+#include "dsdb/samdb/samdb.h"
+#include "libcli/security/security.h"
+#include "libcli/security/session.h"
+#include "rpc_server/drsuapi/dcesrv_drsuapi.h"
+#include "auth/session.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+#include "librpc/gen_ndr/ndr_irpc_c.h"
+#include "lib/messaging/irpc.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS            DBGC_DRS_REPL
+
+struct repsTo {
+	uint32_t count;
+	struct repsFromToBlob *r;
+};
+
+static WERROR uref_check_dest(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
+			      struct ldb_dn *dn, struct GUID *dest_guid,
+			      uint32_t options)
+{
+	struct repsTo reps;
+	WERROR werr;
+	unsigned int i;
+	bool found = false;
+
+	werr = dsdb_loadreps(sam_ctx, mem_ctx, dn, "repsTo", &reps.r, &reps.count);
+	if (!W_ERROR_IS_OK(werr)) {
+		return werr;
+	}
+
+	for (i=0; i<reps.count; i++) {
+		if (GUID_equal(dest_guid,
+			       &reps.r[i].ctr.ctr1.source_dsa_obj_guid)) {
+			found = true;
+			break;
+		}
+	}
+
+	if (options & DRSUAPI_DRS_ADD_REF) {
+		if (found && !(options & DRSUAPI_DRS_DEL_REF)) {
+			return WERR_DS_DRA_REF_ALREADY_EXISTS;
+		}
+	}
+
+	if (options & DRSUAPI_DRS_DEL_REF) {
+		if (!found && !(options & DRSUAPI_DRS_ADD_REF)) {
+			return WERR_DS_DRA_REF_NOT_FOUND;
+		}
+	}
+
+	return WERR_OK;
+}
+
+/*
+  add a replication destination for a given partition GUID
+ */
+static WERROR uref_add_dest(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, 
+			    struct ldb_dn *dn, struct repsFromTo1 *dest, 
+			    uint32_t options)
+{
+	struct repsTo reps;
+	WERROR werr;
+	unsigned int i;
+
+	werr = dsdb_loadreps(sam_ctx, mem_ctx, dn, "repsTo", &reps.r, &reps.count);
+	if (!W_ERROR_IS_OK(werr)) {
+		return werr;
+	}
+
+	for (i=0; i<reps.count; i++) {
+		if (GUID_equal(&dest->source_dsa_obj_guid,
+			       &reps.r[i].ctr.ctr1.source_dsa_obj_guid)) {
+			if (options & DRSUAPI_DRS_GETCHG_CHECK) {
+				return WERR_OK;
+			} else {
+				return WERR_DS_DRA_REF_ALREADY_EXISTS;
+			}
+		}
+	}
+
+	reps.r = talloc_realloc(mem_ctx, reps.r, struct repsFromToBlob, reps.count+1);
+	if (reps.r == NULL) {
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+	ZERO_STRUCT(reps.r[reps.count]);
+	reps.r[reps.count].version = 1;
+	reps.r[reps.count].ctr.ctr1 = *dest;
+	/* add the GCSPN flag if the client asked for it */
+	reps.r[reps.count].ctr.ctr1.replica_flags |= (options & DRSUAPI_DRS_REF_GCSPN);
+	reps.count++;
+
+	werr = dsdb_savereps(sam_ctx, mem_ctx, dn, "repsTo", reps.r, reps.count);
+	if (!W_ERROR_IS_OK(werr)) {
+		return werr;
+	}
+
+	return WERR_OK;	
+}
+
+/*
+  delete a replication destination for a given partition GUID
+ */
+static WERROR uref_del_dest(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, 
+			    struct ldb_dn *dn, struct GUID *dest_guid, 
+			    uint32_t options)
+{
+	struct repsTo reps;
+	WERROR werr;
+	unsigned int i;
+	bool found = false;
+
+	werr = dsdb_loadreps(sam_ctx, mem_ctx, dn, "repsTo", &reps.r, &reps.count);
+	if (!W_ERROR_IS_OK(werr)) {
+		return werr;
+	}
+
+	for (i=0; i<reps.count; i++) {
+		if (GUID_equal(dest_guid,
+			       &reps.r[i].ctr.ctr1.source_dsa_obj_guid)) {
+			if (i+1 < reps.count) {
+				memmove(&reps.r[i], &reps.r[i+1], sizeof(reps.r[i])*(reps.count-(i+1)));
+			}
+			/*
+			 * If we remove an element, decrement i so that we don't
+			 * skip over the element following.
+			 */
+			i--;
+			reps.count--;
+			found = true;
+		}
+	}
+
+	werr = dsdb_savereps(sam_ctx, mem_ctx, dn, "repsTo", reps.r, reps.count);
+	if (!W_ERROR_IS_OK(werr)) {
+		return werr;
+	}
+
+	if (!found &&
+	    !(options & DRSUAPI_DRS_GETCHG_CHECK) &&
+	    !(options & DRSUAPI_DRS_ADD_REF)) {
+		return WERR_DS_DRA_REF_NOT_FOUND;
+	}
+
+	return WERR_OK;	
+}
+
+struct drepl_refresh_state {
+	struct dreplsrv_refresh r;
+};
+
+/**
+ * @brief Update the references for the given NC and the destination DSA object
+ *
+ * This function is callable from non RPC functions (ie. getncchanges), it
+ * will validate the request to update reference and then will add/del a repsTo
+ * to the specified server referenced by its DSA GUID in the request.
+ *
+ * @param[in]       msg_ctx          Messaging context for sending partition
+ *                                   refresh in dreplsrv
+ *
+ * @param[in]       b_state          A bind_state object
+ *
+ * @param[in]       mem_ctx          A talloc context for memory allocation
+ *
+ * @param[in]       req              A drsuapi_DsReplicaUpdateRefsRequest1
+ *                                   object which NC, which server and which
+ *                                   action (add/delete) should be performed
+ *
+ * @return                           WERR_OK is success, different error
+ *                                   otherwise.
+ */
+WERROR drsuapi_UpdateRefs(struct imessaging_context *msg_ctx,
+			  struct tevent_context *event_ctx,
+			  struct drsuapi_bind_state *b_state, TALLOC_CTX *mem_ctx,
+			  struct drsuapi_DsReplicaUpdateRefsRequest1 *req)
+{
+	WERROR werr;
+	int ret;
+	struct ldb_dn *dn_normalised;
+	struct ldb_dn *nc_root;
+	struct ldb_context *sam_ctx = b_state->sam_ctx_system?b_state->sam_ctx_system:b_state->sam_ctx;
+	struct dcerpc_binding_handle *irpc_handle;
+	struct tevent_req *subreq;
+	struct drepl_refresh_state *state;
+
+
+	DEBUG(4,("DsReplicaUpdateRefs for host '%s' with GUID %s options 0x%08x nc=%s\n",
+		 req->dest_dsa_dns_name, GUID_string(mem_ctx, &req->dest_dsa_guid),
+		 req->options,
+		 drs_ObjectIdentifier_to_debug_string(mem_ctx, req->naming_context)));
+
+	/*
+	 * 4.1.26.2 Server Behavior of the IDL_DRSUpdateRefs Method
+	 * Implements the input validation checks
+	 */
+	if (GUID_all_zero(&req->dest_dsa_guid)) {
+		return WERR_DS_DRA_INVALID_PARAMETER;
+	}
+
+	/* FIXME it seems that we should check the length of the stuff too*/
+	if (req->dest_dsa_dns_name == NULL) {
+		return WERR_DS_DRA_INVALID_PARAMETER;
+	}
+
+	if (!(req->options & (DRSUAPI_DRS_DEL_REF|DRSUAPI_DRS_ADD_REF))) {
+		return WERR_DS_DRA_INVALID_PARAMETER;
+	}
+
+	ret = drs_ObjectIdentifier_to_dn_and_nc_root(mem_ctx, sam_ctx, req->naming_context,
+						     &dn_normalised, &nc_root);
+	if (ret != LDB_SUCCESS) {
+		DBG_WARNING("Didn't find a nc for %s: %s\n",
+			    drs_ObjectIdentifier_to_debug_string(mem_ctx,
+								 req->naming_context),
+			    ldb_errstring(sam_ctx));
+		return WERR_DS_DRA_BAD_NC;
+	}
+	if (ldb_dn_compare(dn_normalised, nc_root) != 0) {
+		DBG_NOTICE("dn %s is not equal to %s (from %s)\n",
+			   ldb_dn_get_linearized(dn_normalised),
+			   ldb_dn_get_linearized(nc_root),
+			   drs_ObjectIdentifier_to_debug_string(mem_ctx,
+								req->naming_context));
+		return WERR_DS_DRA_BAD_NC;
+	}
+
+	/*
+	 * First check without a transaction open.
+	 *
+	 * This means that in the usual case, it will never open it and never
+	 * bother to refresh the dreplsrv.
+	 */
+	werr = uref_check_dest(sam_ctx,
+			       mem_ctx,
+			       dn_normalised,
+			       &req->dest_dsa_guid,
+			       req->options);
+	if (W_ERROR_EQUAL(werr, WERR_DS_DRA_REF_ALREADY_EXISTS) ||
+	    W_ERROR_EQUAL(werr, WERR_DS_DRA_REF_NOT_FOUND)) {
+		if (req->options & DRSUAPI_DRS_GETCHG_CHECK) {
+			return WERR_OK;
+		}
+		return werr;
+	}
+
+	if (ldb_transaction_start(sam_ctx) != LDB_SUCCESS) {
+		DEBUG(0,(__location__ ": Failed to start transaction on samdb: %s\n",
+			 ldb_errstring(sam_ctx)));
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	if (req->options & DRSUAPI_DRS_DEL_REF) {
+		werr = uref_del_dest(sam_ctx,
+				     mem_ctx,
+				     dn_normalised,
+				     &req->dest_dsa_guid,
+				     req->options);
+		if (!W_ERROR_IS_OK(werr)) {
+			DEBUG(0,("Failed to delete repsTo for %s: %s\n",
+				 GUID_string(mem_ctx, &req->dest_dsa_guid),
+				 win_errstr(werr)));
+			goto failed;
+		}
+	}
+
+	if (req->options & DRSUAPI_DRS_ADD_REF) {
+		struct repsFromTo1 dest;
+		struct repsFromTo1OtherInfo oi;
+
+		ZERO_STRUCT(dest);
+		ZERO_STRUCT(oi);
+
+		oi.dns_name = req->dest_dsa_dns_name;
+		dest.other_info          = &oi;
+		dest.source_dsa_obj_guid = req->dest_dsa_guid;
+		dest.replica_flags       = req->options;
+
+		werr = uref_add_dest(sam_ctx,
+				     mem_ctx,
+				     dn_normalised,
+				     &dest,
+				     req->options);
+		if (!W_ERROR_IS_OK(werr)) {
+			DEBUG(0,("Failed to add repsTo for %s: %s\n",
+				 GUID_string(mem_ctx, &dest.source_dsa_obj_guid),
+				 win_errstr(werr)));
+			goto failed;
+		}
+	}
+
+	if (ldb_transaction_commit(sam_ctx) != LDB_SUCCESS) {
+		DEBUG(0,(__location__ ": Failed to commit transaction on samdb: %s\n",
+			 ldb_errstring(sam_ctx)));
+		return WERR_DS_DRA_INTERNAL_ERROR;
+	}
+
+	state = talloc_zero(mem_ctx, struct drepl_refresh_state);
+	if (state == NULL) {
+		return WERR_OK;
+	}
+
+	irpc_handle = irpc_binding_handle_by_name(mem_ctx, msg_ctx,
+						  "dreplsrv", &ndr_table_irpc);
+	if (irpc_handle == NULL) {
+		/* dreplsrv is not running yet */
+		TALLOC_FREE(state);
+		return WERR_OK;
+	}
+
+        /*
+	 * [Taken from auth_sam_trigger_repl_secret in auth_sam.c]
+	 *
+         * This seem to rely on the current IRPC implementation,
+         * which delivers the message in the _send function.
+         *
+         * TODO: we need a ONE_WAY IRPC handle and register
+         * a callback and wait for it to be triggered!
+         */
+	subreq = dcerpc_dreplsrv_refresh_r_send(state, event_ctx,
+						irpc_handle, &state->r);
+	TALLOC_FREE(subreq);
+	TALLOC_FREE(state);
+
+	return WERR_OK;
+
+failed:
+	ldb_transaction_cancel(sam_ctx);
+	return werr;
+}
+
+/* 
+  drsuapi_DsReplicaUpdateRefs
+*/
+WERROR dcesrv_drsuapi_DsReplicaUpdateRefs(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+					  struct drsuapi_DsReplicaUpdateRefs *r)
+{
+	struct auth_session_info *session_info =
+		dcesrv_call_session_info(dce_call);
+	struct imessaging_context *imsg_ctx =
+		dcesrv_imessaging_context(dce_call->conn);
+	struct dcesrv_handle *h;
+	struct drsuapi_bind_state *b_state;
+	struct drsuapi_DsReplicaUpdateRefsRequest1 *req;
+	WERROR werr;
+	int ret;
+	enum security_user_level security_level;
+
+	DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
+	b_state = h->data;
+
+	if (r->in.level != 1) {
+		DEBUG(0,("DrReplicUpdateRefs - unsupported level %u\n", r->in.level));
+		return WERR_DS_DRA_INVALID_PARAMETER;
+	}
+	req = &r->in.req.req1;
+	werr = drs_security_access_check(b_state->sam_ctx,
+					 mem_ctx,
+					 session_info->security_token,
+					 req->naming_context,
+					 GUID_DRS_MANAGE_TOPOLOGY);
+
+	if (!W_ERROR_IS_OK(werr)) {
+		return werr;
+	}
+
+	security_level = security_session_user_level(session_info, NULL);
+	if (security_level < SECURITY_ADMINISTRATOR) {
+		/* check that they are using an DSA objectGUID that they own */
+		ret = dsdb_validate_dsa_guid(b_state->sam_ctx,
+		                             &req->dest_dsa_guid,
+		                             &session_info->security_token->sids[PRIMARY_USER_SID_INDEX]);
+		if (ret != LDB_SUCCESS) {
+			DEBUG(0,(__location__ ": Refusing DsReplicaUpdateRefs for sid %s with GUID %s\n",
+				 dom_sid_string(mem_ctx,
+						&session_info->security_token->sids[PRIMARY_USER_SID_INDEX]),
+				 GUID_string(mem_ctx, &req->dest_dsa_guid)));
+			return WERR_DS_DRA_ACCESS_DENIED;
+		}
+	}
+
+	werr = drsuapi_UpdateRefs(imsg_ctx,
+				  dce_call->event_ctx,
+				  b_state,
+				  mem_ctx,
+				  req);
+
+#if 0
+	NDR_PRINT_FUNCTION_DEBUG(drsuapi_DsReplicaUpdateRefs, NDR_BOTH, r);
+#endif
+
+	return werr;
+}
diff --git a/source4/rpc_server/drsuapi/writespn.c b/source4/rpc_server/drsuapi/writespn.c
new file mode 100644
index 0000000..ac91999
--- /dev/null
+++ b/source4/rpc_server/drsuapi/writespn.c
@@ -0,0 +1,263 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   implement the DsWriteAccountSpn call
+
+   Copyright (C) Stefan Metzmacher 2009
+   Copyright (C) Andrew Tridgell   2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "rpc_server/dcerpc_server.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
+#include "system/kerberos.h"
+#include "auth/kerberos/kerberos.h"
+#include "libcli/security/security.h"
+#include "libcli/security/session.h"
+#include "rpc_server/drsuapi/dcesrv_drsuapi.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+#include "auth/session.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS            DBGC_DRS_REPL
+
+#undef strcasecmp
+
+/*
+  check that the SPN update should be allowed as an override
+  via sam_ctx_system
+
+  This is only called if the client is not a domain controller or
+  administrator
+ */
+static bool writespn_check_spn(struct drsuapi_bind_state *b_state,
+			       struct dcesrv_call_state *dce_call,
+			       struct ldb_dn *dn,
+			       const char *spn)
+{
+	/*
+	 * we only allow SPN updates if:
+	 *
+	 * 1) they are on the clients own account object
+	 * 2) they are of the form SERVICE/dnshostname
+	 */
+	struct auth_session_info *session_info =
+		dcesrv_call_session_info(dce_call);
+	struct dom_sid *user_sid, *sid;
+	TALLOC_CTX *tmp_ctx = talloc_new(dce_call);
+	struct ldb_result *res;
+	const char *attrs[] = { "objectSID", "dNSHostName", NULL };
+	int ret;
+	krb5_context krb_ctx;
+	krb5_error_code kerr;
+	krb5_principal principal;
+	krb5_data component;
+	const char *dns_name, *dnsHostName;
+
+	/* The service principal name shouldn't be NULL */
+	if (spn == NULL) {
+		talloc_free(tmp_ctx);
+		return false;
+	}
+
+	/*
+	  get the objectSid of the DN that is being modified, and
+	  check it matches the user_sid in their token
+	 */
+
+	ret = dsdb_search_dn(b_state->sam_ctx, tmp_ctx, &res, dn, attrs,
+			     DSDB_SEARCH_ONE_ONLY);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return false;
+	}
+
+	user_sid = &session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
+	sid = samdb_result_dom_sid(tmp_ctx, res->msgs[0], "objectSid");
+	if (sid == NULL) {
+		talloc_free(tmp_ctx);
+		return false;
+	}
+
+	dnsHostName = ldb_msg_find_attr_as_string(res->msgs[0], "dNSHostName",
+						  NULL);
+	if (dnsHostName == NULL) {
+		talloc_free(tmp_ctx);
+		return false;
+	}
+
+	if (!dom_sid_equal(sid, user_sid)) {
+		talloc_free(tmp_ctx);
+		return false;
+	}
+
+	kerr = smb_krb5_init_context_basic(tmp_ctx,
+					   dce_call->conn->dce_ctx->lp_ctx,
+					   &krb_ctx);
+	if (kerr != 0) {
+		talloc_free(tmp_ctx);
+		return false;
+	}
+
+	kerr = krb5_parse_name_flags(krb_ctx, spn, KRB5_PRINCIPAL_PARSE_NO_REALM,
+				     &principal);
+	if (kerr != 0) {
+		krb5_free_context(krb_ctx);
+		talloc_free(tmp_ctx);
+		return false;
+	}
+
+	if (krb5_princ_size(krb_ctx, principal) != 2) {
+		krb5_free_principal(krb_ctx, principal);
+		krb5_free_context(krb_ctx);
+		talloc_free(tmp_ctx);
+		return false;
+	}
+
+	kerr = smb_krb5_princ_component(krb_ctx, principal, 1, &component);
+	if (kerr) {
+		krb5_free_principal(krb_ctx, principal);
+		krb5_free_context(krb_ctx);
+		talloc_free(tmp_ctx);
+		return false;
+	}
+	dns_name = (const char *)component.data;
+
+	if (strcasecmp(dns_name, dnsHostName) != 0) {
+		krb5_free_principal(krb_ctx, principal);
+		krb5_free_context(krb_ctx);
+		talloc_free(tmp_ctx);
+		return false;
+	}
+
+	/* its a simple update on their own account - allow it with
+	 * permissions override */
+	krb5_free_principal(krb_ctx, principal);
+	krb5_free_context(krb_ctx);
+	talloc_free(tmp_ctx);
+
+	return true;
+}
+
+/*
+  drsuapi_DsWriteAccountSpn
+*/
+WERROR dcesrv_drsuapi_DsWriteAccountSpn(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+					struct drsuapi_DsWriteAccountSpn *r)
+{
+	struct drsuapi_bind_state *b_state;
+	struct dcesrv_handle *h;
+
+	*r->out.level_out = r->in.level;
+
+	DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
+	b_state = h->data;
+
+	r->out.res = talloc(mem_ctx, union drsuapi_DsWriteAccountSpnResult);
+	W_ERROR_HAVE_NO_MEMORY(r->out.res);
+
+	switch (r->in.level) {
+		case 1: {
+			struct drsuapi_DsWriteAccountSpnRequest1 *req;
+			struct ldb_message *msg;
+			uint32_t count;
+			unsigned int i;
+			int ret;
+			unsigned spn_count=0;
+			bool passed_checks = true;
+			struct ldb_context *sam_ctx;
+
+			req = &r->in.req->req1;
+			count = req->count;
+
+			msg = ldb_msg_new(mem_ctx);
+			if (msg == NULL) {
+				return WERR_NOT_ENOUGH_MEMORY;
+			}
+
+			msg->dn = ldb_dn_new(msg, b_state->sam_ctx,
+					     req->object_dn);
+			if ( ! ldb_dn_validate(msg->dn)) {
+				r->out.res->res1.status = WERR_OK;
+				return WERR_OK;
+			}
+
+			/* construct mods */
+			for (i = 0; i < count; i++) {
+				if (!writespn_check_spn(b_state,
+						       dce_call,
+						       msg->dn,
+						       req->spn_names[i].str)) {
+					passed_checks = false;
+				}
+				ret = ldb_msg_add_string(msg,
+							 "servicePrincipalName",
+							 req->spn_names[i].str);
+				if (ret != LDB_SUCCESS) {
+					return WERR_NOT_ENOUGH_MEMORY;
+				}
+				spn_count++;
+			}
+
+			if (msg->num_elements == 0) {
+				DEBUG(2,("No SPNs need changing on %s\n",
+					 ldb_dn_get_linearized(msg->dn)));
+				r->out.res->res1.status = WERR_OK;
+				return WERR_OK;
+			}
+
+			for (i=0;i<msg->num_elements;i++) {
+				switch (req->operation) {
+				case DRSUAPI_DS_SPN_OPERATION_ADD:
+					msg->elements[i].flags = LDB_FLAG_MOD_ADD;
+					break;
+				case DRSUAPI_DS_SPN_OPERATION_REPLACE:
+					msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
+					break;
+				case DRSUAPI_DS_SPN_OPERATION_DELETE:
+					msg->elements[i].flags = LDB_FLAG_MOD_DELETE;
+					break;
+				}
+			}
+
+			if (passed_checks && b_state->sam_ctx_system) {
+				sam_ctx = b_state->sam_ctx_system;
+			} else {
+				sam_ctx = b_state->sam_ctx;
+			}
+
+			/* Apply to database */
+			ret = dsdb_modify(sam_ctx, msg, DSDB_MODIFY_PERMISSIVE);
+			if (ret != LDB_SUCCESS) {
+				DEBUG(0,("Failed to modify SPNs on %s: %s\n",
+					 ldb_dn_get_linearized(msg->dn),
+					 ldb_errstring(b_state->sam_ctx)));
+				NDR_PRINT_IN_DEBUG(
+					drsuapi_DsWriteAccountSpn, r);
+				r->out.res->res1.status = WERR_ACCESS_DENIED;
+			} else {
+				DEBUG(2,("Modified %u SPNs on %s\n", spn_count,
+					 ldb_dn_get_linearized(msg->dn)));
+				r->out.res->res1.status = WERR_OK;
+			}
+
+			return WERR_OK;
+		}
+	}
+
+	return WERR_INVALID_LEVEL;
+}
diff --git a/source4/rpc_server/echo/rpc_echo.c b/source4/rpc_server/echo/rpc_echo.c
new file mode 100644
index 0000000..82d9556
--- /dev/null
+++ b/source4/rpc_server/echo/rpc_echo.c
@@ -0,0 +1,206 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   endpoint server for the echo pipe
+
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) Stefan (metze) Metzmacher 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "rpc_server/dcerpc_server.h"
+#include "librpc/gen_ndr/ndr_echo.h"
+#include "lib/events/events.h"
+
+#define DCESRV_INTERFACE_RPCECHO_BIND(context, iface) \
+       dcesrv_interface_rpcecho_bind(context, iface)
+static NTSTATUS dcesrv_interface_rpcecho_bind(struct dcesrv_connection_context *context,
+					      const struct dcesrv_interface *iface)
+{
+	return dcesrv_interface_bind_allow_connect(context, iface);
+}
+
+static NTSTATUS dcesrv_echo_AddOne(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct echo_AddOne *r)
+{
+	*r->out.out_data = r->in.in_data + 1;
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS dcesrv_echo_EchoData(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct echo_EchoData *r)
+{
+	if (!r->in.len) {
+		return NT_STATUS_OK;
+	}
+
+	r->out.out_data = (uint8_t *)talloc_memdup(mem_ctx, r->in.in_data, r->in.len);
+	if (!r->out.out_data) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS dcesrv_echo_SinkData(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct echo_SinkData *r)
+{
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS dcesrv_echo_SourceData(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct echo_SourceData *r)
+{
+	unsigned int i;
+
+	r->out.data = talloc_array(mem_ctx, uint8_t, r->in.len);
+	if (!r->out.data) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	
+	for (i=0;i<r->in.len;i++) {
+		r->out.data[i] = i;
+	}
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS dcesrv_echo_TestCall(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct echo_TestCall *r)
+{
+	*r->out.s2 = talloc_strdup(mem_ctx, r->in.s1);
+	if (r->in.s1 && !*r->out.s2) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS dcesrv_echo_TestCall2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct echo_TestCall2 *r)
+{
+	r->out.info = talloc(mem_ctx, union echo_Info);
+	if (!r->out.info) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	switch (r->in.level) {
+	case 1:
+		r->out.info->info1.v = 10;
+		break;
+	case 2:
+		r->out.info->info2.v = 20;
+		break;
+	case 3:
+		r->out.info->info3.v = 30;
+		break;
+	case 4:
+		r->out.info->info4.v = 40;
+		break;
+	case 5:
+		r->out.info->info5.v1 = 50;
+		r->out.info->info5.v2 = 60;
+		break;
+	case 6:
+		r->out.info->info6.v1 = 70;
+		r->out.info->info6.info1.v= 80;
+		break;
+	case 7:
+		r->out.info->info7.v1 = 80;
+		r->out.info->info7.info4.v = 90;
+		break;
+	default:
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS dcesrv_echo_TestEnum(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct echo_TestEnum *r)
+{
+	r->out.foo2->e1 = ECHO_ENUM2;
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS dcesrv_echo_TestSurrounding(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct echo_TestSurrounding *r)
+{
+	if (!r->in.data) {
+		r->out.data = NULL;
+		return NT_STATUS_OK;
+	}
+
+	r->out.data = talloc(mem_ctx, struct echo_Surrounding);
+	if (!r->out.data) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	r->out.data->x = 2 * r->in.data->x;
+	r->out.data->surrounding = talloc_zero_array(mem_ctx, uint16_t, r->out.data->x);
+	if (!r->out.data->surrounding) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	return NT_STATUS_OK;
+}
+
+static uint16_t dcesrv_echo_TestDoublePointer(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct echo_TestDoublePointer *r) 
+{
+	if (!*r->in.data) 
+		return 0;
+	if (!**r->in.data)
+		return 0;
+	return ***r->in.data;
+}
+
+struct echo_TestSleep_private {
+	struct dcesrv_call_state *dce_call;
+	struct echo_TestSleep *r;
+};
+
+static void echo_TestSleep_handler(struct tevent_context *ev, struct tevent_timer *te, 
+				   struct timeval t, void *private_data)
+{
+	struct echo_TestSleep_private *p = talloc_get_type(private_data,
+							   struct echo_TestSleep_private);
+	struct echo_TestSleep *r = p->r;
+
+	r->out.result = r->in.seconds;
+
+	dcesrv_async_reply(p->dce_call);
+}
+
+static long dcesrv_echo_TestSleep(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct echo_TestSleep *r)
+{
+	struct echo_TestSleep_private *p;
+
+	if (!(dce_call->state_flags & DCESRV_CALL_STATE_FLAG_MAY_ASYNC)) {
+		/* we're not allowed to reply async */
+		sleep(r->in.seconds);
+		return r->in.seconds;
+	}
+
+	/* we're allowed to reply async */
+	p = talloc(mem_ctx, struct echo_TestSleep_private);
+	if (!p) {
+		return 0;
+	}
+
+	p->dce_call	= dce_call;
+	p->r		= r;
+
+	tevent_add_timer(dce_call->event_ctx, p,
+			timeval_add(&dce_call->time, r->in.seconds, 0),
+			echo_TestSleep_handler, p);
+
+	dce_call->state_flags |= DCESRV_CALL_STATE_FLAG_ASYNC;
+	return 0;
+}
+
+/* include the generated boilerplate */
+#include "librpc/gen_ndr/ndr_echo_s.c"
diff --git a/source4/rpc_server/epmapper/rpc_epmapper.c b/source4/rpc_server/epmapper/rpc_epmapper.c
new file mode 100644
index 0000000..7c7de2e
--- /dev/null
+++ b/source4/rpc_server/epmapper/rpc_epmapper.c
@@ -0,0 +1,315 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   endpoint server for the epmapper pipe
+
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) Jelmer Vernooij 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_epmapper.h"
+#include "rpc_server/dcerpc_server.h"
+
+#define DCESRV_INTERFACE_EPMAPPER_BIND(context, iface) \
+       dcesrv_interface_epmapper_bind(context, iface)
+static NTSTATUS dcesrv_interface_epmapper_bind(struct dcesrv_connection_context *context,
+					     const struct dcesrv_interface *iface)
+{
+	return dcesrv_interface_bind_allow_connect(context, iface);
+}
+
+typedef uint32_t error_status_t;
+
+/* handle types for this module */
+enum handle_types {HTYPE_LOOKUP};
+
+/* a endpoint combined with an interface description */
+struct dcesrv_ep_iface {
+	const char *name;
+	struct epm_tower ep;
+};
+
+/*
+  build a list of all interfaces handled by all endpoint servers
+*/
+static uint32_t build_ep_list(TALLOC_CTX *mem_ctx,
+			      struct dcesrv_endpoint *endpoint_list,
+			      struct dcesrv_ep_iface **eps)
+{
+	struct dcesrv_endpoint *d;
+	uint32_t total = 0;
+	NTSTATUS status;
+
+	*eps = NULL;
+
+	for (d=endpoint_list; d; d=d->next) {
+		struct dcesrv_if_list *iface;
+
+		for (iface=d->interface_list;iface;iface=iface->next) {
+			struct dcerpc_binding *description;
+
+			(*eps) = talloc_realloc(mem_ctx, 
+						  *eps, 
+						  struct dcesrv_ep_iface,
+						  total + 1);
+			if (!*eps) {
+				return 0;
+			}
+			(*eps)[total].name = iface->iface->name;
+
+			description = dcerpc_binding_dup(*eps, d->ep_description);
+			if (description == NULL) {
+				return 0;
+			}
+
+			status = dcerpc_binding_set_abstract_syntax(description,
+						&iface->iface->syntax_id);
+			if (!NT_STATUS_IS_OK(status)) {
+				return 0;
+			}
+
+			status = dcerpc_binding_build_tower(*eps, description, &(*eps)[total].ep);
+			TALLOC_FREE(description);
+			if (!NT_STATUS_IS_OK(status)) {
+				DBG_ERR("Unable to build tower for %s - %s\n",
+					iface->iface->name,
+					nt_errstr(status));
+				continue;
+			}
+			total++;
+		}
+	}
+
+	return total;
+}
+
+
+static error_status_t dcesrv_epm_Insert(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct epm_Insert *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+static error_status_t dcesrv_epm_Delete(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, 
+				 struct epm_Delete *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  implement epm_Lookup. This call is used to enumerate the interfaces
+  available on a rpc server
+*/
+static error_status_t dcesrv_epm_Lookup(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, 
+				 struct epm_Lookup *r)
+{
+	struct dcesrv_handle *h;
+	struct rpc_eps {
+		uint32_t count;
+		struct dcesrv_ep_iface *e;
+	} *eps;
+	uint32_t num_ents;
+	unsigned int i;
+
+	DCESRV_PULL_HANDLE_FAULT(h, r->in.entry_handle, HTYPE_LOOKUP);
+
+	eps = h->data;
+
+	if (!eps) {
+		/* this is the first call - fill the list. Subsequent calls 
+		   will feed from this list, stored in the handle */
+		eps = talloc(h, struct rpc_eps);
+		if (!eps) {
+			return EPMAPPER_STATUS_NO_MEMORY;
+		}
+		h->data = eps;
+
+		eps->count = build_ep_list(h, dce_call->conn->dce_ctx->endpoint_list, &eps->e);
+	}
+
+	/* return the next N elements */
+	num_ents = r->in.max_ents;
+	if (num_ents > eps->count) {
+		num_ents = eps->count;
+	}
+
+	*r->out.entry_handle = h->wire_handle;
+	r->out.num_ents = talloc(mem_ctx, uint32_t);
+	*r->out.num_ents = num_ents;
+
+	if (num_ents == 0) {
+		r->out.entries = NULL;
+		ZERO_STRUCTP(r->out.entry_handle);
+		talloc_free(h);
+		return EPMAPPER_STATUS_NO_MORE_ENTRIES;
+	}
+
+	r->out.entries = talloc_array(mem_ctx, struct epm_entry_t, num_ents);
+	if (!r->out.entries) {
+		return EPMAPPER_STATUS_NO_MEMORY;
+	}
+
+	for (i=0;i<num_ents;i++) {
+		ZERO_STRUCT(r->out.entries[i].object);
+		r->out.entries[i].annotation = eps->e[i].name;
+		r->out.entries[i].tower = talloc(mem_ctx, struct epm_twr_t);
+		if (!r->out.entries[i].tower) {
+			return EPMAPPER_STATUS_NO_MEMORY;
+		}
+		r->out.entries[i].tower->tower = eps->e[i].ep;
+	}
+
+	eps->count -= num_ents;
+	eps->e += num_ents;
+
+	return EPMAPPER_STATUS_OK;
+}
+
+
+/*
+  implement epm_Map. This is used to find the specific endpoint to talk to given
+  a generic protocol tower
+*/
+static error_status_t dcesrv_epm_Map(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, 
+			      struct epm_Map *r)
+{
+	uint32_t count;
+	unsigned int i;
+	struct dcesrv_ep_iface *eps;
+	struct epm_floor *floors;
+	enum dcerpc_transport_t transport;
+	struct ndr_syntax_id abstract_syntax;
+	struct ndr_syntax_id ndr_syntax;
+	NTSTATUS status;
+
+	count = build_ep_list(mem_ctx, dce_call->conn->dce_ctx->endpoint_list, &eps);
+
+	ZERO_STRUCT(*r->out.entry_handle);
+	r->out.num_towers = talloc(mem_ctx, uint32_t);
+	if (!r->out.num_towers) {
+		return EPMAPPER_STATUS_NO_MEMORY;
+	}
+	*r->out.num_towers = 1;
+	r->out.towers = talloc(mem_ctx, struct epm_twr_p_t);
+	if (!r->out.towers) {
+		return EPMAPPER_STATUS_NO_MEMORY;
+	}
+	r->out.towers->twr = talloc(mem_ctx, struct epm_twr_t);
+	if (!r->out.towers->twr) {
+		return EPMAPPER_STATUS_NO_MEMORY;
+	}
+	
+	if (!r->in.map_tower || r->in.max_towers == 0 || 
+	    r->in.map_tower->tower.num_floors < 3) {
+		goto failed;
+	}
+
+	floors = r->in.map_tower->tower.floors;
+
+	status = dcerpc_floor_get_uuid_full(&floors[0], &abstract_syntax);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto failed;
+	}
+
+	status = dcerpc_floor_get_uuid_full(&floors[1], &ndr_syntax);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto failed;
+	}
+
+	if (!ndr_syntax_id_equal(&ndr_syntax, &ndr_transfer_syntax_ndr)) {
+		goto failed;
+	}
+
+	transport = dcerpc_transport_by_tower(&r->in.map_tower->tower);
+
+	if (transport == -1) {
+		DEBUG(2, ("Client requested unknown transport with levels: "));
+		for (i = 2; i < r->in.map_tower->tower.num_floors; i++) {
+			DEBUG(2, ("%d, ", r->in.map_tower->tower.floors[i].lhs.protocol));
+		}
+		DEBUG(2, ("\n"));
+		goto failed;
+	}
+
+	for (i=0;i<count;i++) {
+		struct ndr_syntax_id ep_abstract_syntax;
+		int match;
+
+		if (transport != dcerpc_transport_by_tower(&eps[i].ep)) {
+			continue;
+		}
+
+		status = dcerpc_floor_get_uuid_full(&eps[i].ep.floors[0],
+						    &ep_abstract_syntax);
+		if (!NT_STATUS_IS_OK(status)) {
+			continue;
+		}
+
+		match = ndr_syntax_id_equal(&ep_abstract_syntax,
+					    &abstract_syntax);
+		if (!match) {
+			continue;
+		}
+
+		r->out.towers->twr->tower = eps[i].ep;
+		r->out.towers->twr->tower_length = 0;
+		return EPMAPPER_STATUS_OK;
+	}
+
+
+failed:
+	*r->out.num_towers = 0;
+	r->out.towers->twr = NULL;
+
+	return EPMAPPER_STATUS_NO_MORE_ENTRIES;
+}
+
+static error_status_t dcesrv_epm_LookupHandleFree(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, 
+					   struct epm_LookupHandleFree *r)
+{
+	struct dcesrv_handle *h = NULL;
+
+	r->out.entry_handle = r->in.entry_handle;
+
+	DCESRV_PULL_HANDLE_FAULT(h, r->in.entry_handle, HTYPE_LOOKUP);
+	TALLOC_FREE(h);
+
+	ZERO_STRUCTP(r->out.entry_handle);
+
+	return EPMAPPER_STATUS_OK;
+}
+
+static error_status_t dcesrv_epm_InqObject(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, 
+				    struct epm_InqObject *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+static error_status_t dcesrv_epm_MgmtDelete(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, 
+			       struct epm_MgmtDelete *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+static error_status_t dcesrv_epm_MapAuth(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+			    struct epm_MapAuth *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/* include the generated boilerplate */
+#include "librpc/gen_ndr/ndr_epmapper_s.c"
diff --git a/source4/rpc_server/eventlog/dcesrv_eventlog6.c b/source4/rpc_server/eventlog/dcesrv_eventlog6.c
new file mode 100644
index 0000000..4962984
--- /dev/null
+++ b/source4/rpc_server/eventlog/dcesrv_eventlog6.c
@@ -0,0 +1,331 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   endpoint server for the eventlog6 pipe
+
+   Copyright (C) Anatoliy Atanasov 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "rpc_server/dcerpc_server.h"
+#include "librpc/gen_ndr/ndr_eventlog6.h"
+#include "rpc_server/common/common.h"
+
+
+/*
+  eventlog6_EvtRpcRegisterRemoteSubscription
+*/
+static WERROR dcesrv_eventlog6_EvtRpcRegisterRemoteSubscription(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct eventlog6_EvtRpcRegisterRemoteSubscription *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  eventlog6_EvtRpcRemoteSubscriptionNextAsync
+*/
+static WERROR dcesrv_eventlog6_EvtRpcRemoteSubscriptionNextAsync(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct eventlog6_EvtRpcRemoteSubscriptionNextAsync *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  eventlog6_EvtRpcRemoteSubscriptionNext
+*/
+static WERROR dcesrv_eventlog6_EvtRpcRemoteSubscriptionNext(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct eventlog6_EvtRpcRemoteSubscriptionNext *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  eventlog6_EvtRpcRemoteSubscriptionWaitAsync
+*/
+static WERROR dcesrv_eventlog6_EvtRpcRemoteSubscriptionWaitAsync(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct eventlog6_EvtRpcRemoteSubscriptionWaitAsync *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  eventlog6_EvtRpcRegisterControllableOperation
+*/
+static WERROR dcesrv_eventlog6_EvtRpcRegisterControllableOperation(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct eventlog6_EvtRpcRegisterControllableOperation *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  eventlog6_EvtRpcRegisterLogQuery
+*/
+static WERROR dcesrv_eventlog6_EvtRpcRegisterLogQuery(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct eventlog6_EvtRpcRegisterLogQuery *r)
+{
+	struct dcesrv_handle *handle;
+
+	handle = dcesrv_handle_create(dce_call, 0);
+	W_ERROR_HAVE_NO_MEMORY(handle);
+
+	r->out.handle = &handle->wire_handle;
+
+	handle = dcesrv_handle_create(dce_call, 0);
+	W_ERROR_HAVE_NO_MEMORY(handle);
+
+	r->out.opControl = &handle->wire_handle;
+
+	return WERR_OK;
+}
+
+
+/*
+  eventlog6_EvtRpcClearLog
+*/
+static WERROR dcesrv_eventlog6_EvtRpcClearLog(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct eventlog6_EvtRpcClearLog *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  eventlog6_EvtRpcExportLog
+*/
+static WERROR dcesrv_eventlog6_EvtRpcExportLog(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct eventlog6_EvtRpcExportLog *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  eventlog6_EvtRpcLocalizeExportLog
+*/
+static WERROR dcesrv_eventlog6_EvtRpcLocalizeExportLog(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct eventlog6_EvtRpcLocalizeExportLog *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  eventlog6_EvtRpcMessageRender
+*/
+static WERROR dcesrv_eventlog6_EvtRpcMessageRender(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct eventlog6_EvtRpcMessageRender *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  eventlog6_EvtRpcMessageRenderDefault
+*/
+static WERROR dcesrv_eventlog6_EvtRpcMessageRenderDefault(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct eventlog6_EvtRpcMessageRenderDefault *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  eventlog6_EvtRpcQueryNext
+*/
+static WERROR dcesrv_eventlog6_EvtRpcQueryNext(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct eventlog6_EvtRpcQueryNext *r)
+{
+	return WERR_OK;
+}
+
+
+/*
+  eventlog6_EvtRpcQuerySeek
+*/
+static WERROR dcesrv_eventlog6_EvtRpcQuerySeek(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct eventlog6_EvtRpcQuerySeek *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  eventlog6_EvtRpcClose
+*/
+static WERROR dcesrv_eventlog6_EvtRpcClose(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct eventlog6_EvtRpcClose *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  eventlog6_EvtRpcCancel
+*/
+static WERROR dcesrv_eventlog6_EvtRpcCancel(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct eventlog6_EvtRpcCancel *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  eventlog6_EvtRpcAssertConfig
+*/
+static WERROR dcesrv_eventlog6_EvtRpcAssertConfig(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct eventlog6_EvtRpcAssertConfig *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  eventlog6_EvtRpcRetractConfig
+*/
+static WERROR dcesrv_eventlog6_EvtRpcRetractConfig(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct eventlog6_EvtRpcRetractConfig *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  eventlog6_EvtRpcOpenLogHandle
+*/
+static WERROR dcesrv_eventlog6_EvtRpcOpenLogHandle(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct eventlog6_EvtRpcOpenLogHandle *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  eventlog6_EvtRpcGetLogFileInfo
+*/
+static WERROR dcesrv_eventlog6_EvtRpcGetLogFileInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct eventlog6_EvtRpcGetLogFileInfo *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  eventlog6_EvtRpcGetChannelList
+*/
+static WERROR dcesrv_eventlog6_EvtRpcGetChannelList(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct eventlog6_EvtRpcGetChannelList *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  eventlog6_EvtRpcGetChannelConfig
+*/
+static WERROR dcesrv_eventlog6_EvtRpcGetChannelConfig(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct eventlog6_EvtRpcGetChannelConfig *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  eventlog6_EvtRpcPutChannelConfig
+*/
+static WERROR dcesrv_eventlog6_EvtRpcPutChannelConfig(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct eventlog6_EvtRpcPutChannelConfig *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  eventlog6_EvtRpcGetPublisherList
+*/
+static WERROR dcesrv_eventlog6_EvtRpcGetPublisherList(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct eventlog6_EvtRpcGetPublisherList *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  eventlog6_EvtRpcGetPublisherListForChannel
+*/
+static WERROR dcesrv_eventlog6_EvtRpcGetPublisherListForChannel(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct eventlog6_EvtRpcGetPublisherListForChannel *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  eventlog6_EvtRpcGetPublisherMetadata
+*/
+static WERROR dcesrv_eventlog6_EvtRpcGetPublisherMetadata(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct eventlog6_EvtRpcGetPublisherMetadata *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  eventlog6_EvtRpcGetPublisherResourceMetadata
+*/
+static WERROR dcesrv_eventlog6_EvtRpcGetPublisherResourceMetadata(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct eventlog6_EvtRpcGetPublisherResourceMetadata *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  eventlog6_EvtRpcGetEventMetadataEnum
+*/
+static WERROR dcesrv_eventlog6_EvtRpcGetEventMetadataEnum(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct eventlog6_EvtRpcGetEventMetadataEnum *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  eventlog6_EvtRpcGetNextEventMetadata
+*/
+static WERROR dcesrv_eventlog6_EvtRpcGetNextEventMetadata(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct eventlog6_EvtRpcGetNextEventMetadata *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  eventlog6_EvtRpcGetClassicLogDisplayName
+*/
+static WERROR dcesrv_eventlog6_EvtRpcGetClassicLogDisplayName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct eventlog6_EvtRpcGetClassicLogDisplayName *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* include the generated boilerplate */
+#include "librpc/gen_ndr/ndr_eventlog6_s.c"
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
new file mode 100644
index 0000000..3b3ebb6
--- /dev/null
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -0,0 +1,5361 @@
+/* need access mask/acl implementation */
+
+/* 
+   Unix SMB/CIFS implementation.
+
+   endpoint server for the lsarpc pipe
+
+   Copyright (C) Andrew Tridgell 2004
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "rpc_server/lsa/lsa.h"
+#include "system/kerberos.h"
+#include "auth/kerberos/kerberos.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "librpc/gen_ndr/ndr_lsa.h"
+#include "lib/util/tsort.h"
+#include "dsdb/common/util.h"
+#include "libcli/security/session.h"
+#include "libcli/lsarpc/util_lsarpc.h"
+#include "lib/messaging/irpc.h"
+#include "libds/common/roles.h"
+#include "lib/util/smb_strtox.h"
+#include "lib/param/loadparm.h"
+#include "librpc/rpc/dcerpc_helper.h"
+
+#include "lib/crypto/gnutls_helpers.h"
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+
+#undef strcasecmp
+
+#define DCESRV_INTERFACE_LSARPC_BIND(context, iface) \
+       dcesrv_interface_lsarpc_bind(context, iface)
+static NTSTATUS dcesrv_interface_lsarpc_bind(struct dcesrv_connection_context *context,
+					     const struct dcesrv_interface *iface)
+{
+	return dcesrv_interface_bind_reject_connect(context, iface);
+}
+
+static NTSTATUS lsarpc__op_init_server(struct dcesrv_context *dce_ctx,
+				       const struct dcesrv_endpoint_server *ep_server);
+static const struct dcesrv_interface dcesrv_lsarpc_interface;
+
+#define NCACN_NP_PIPE_NETLOGON "ncacn_np:[\\pipe\\netlogon]"
+#define NCACN_NP_PIPE_LSASS "ncacn_np:[\\pipe\\lsass]"
+#define DCESRV_INTERFACE_LSARPC_NCACN_NP_SECONDARY_ENDPOINT NCACN_NP_PIPE_LSASS
+
+#define DCESRV_INTERFACE_LSARPC_INIT_SERVER	\
+       dcesrv_interface_lsarpc_init_server
+static NTSTATUS dcesrv_interface_lsarpc_init_server(struct dcesrv_context *dce_ctx,
+						    const struct dcesrv_endpoint_server *ep_server)
+{
+	if (lpcfg_lsa_over_netlogon(dce_ctx->lp_ctx)) {
+		NTSTATUS ret = dcesrv_interface_register(dce_ctx,
+						NCACN_NP_PIPE_NETLOGON,
+						NCACN_NP_PIPE_LSASS,
+						&dcesrv_lsarpc_interface, NULL);
+		if (!NT_STATUS_IS_OK(ret)) {
+			DEBUG(1,("lsarpc_op_init_server: failed to register endpoint '\\pipe\\netlogon'\n"));
+			return ret;
+		}
+	}
+	return lsarpc__op_init_server(dce_ctx, ep_server);
+}
+
+/*
+  this type allows us to distinguish handle types
+*/
+
+/*
+  state associated with a lsa_OpenAccount() operation
+*/
+struct lsa_account_state {
+	struct lsa_policy_state *policy;
+	uint32_t access_mask;
+	struct dom_sid *account_sid;
+};
+
+
+/*
+  state associated with a lsa_OpenSecret() operation
+*/
+struct lsa_secret_state {
+	struct lsa_policy_state *policy;
+	uint32_t access_mask;
+	struct ldb_dn *secret_dn;
+	struct ldb_context *sam_ldb;
+	bool global;
+};
+
+/*
+  state associated with a lsa_OpenTrustedDomain() operation
+*/
+struct lsa_trusted_domain_state {
+	struct lsa_policy_state *policy;
+	uint32_t access_mask;
+	struct ldb_dn *trusted_domain_dn;
+	struct ldb_dn *trusted_domain_user_dn;
+};
+
+static bool dcesrc_lsa_valid_AccountRight(const char *right)
+{
+	enum sec_privilege priv_id;
+	uint32_t right_bit;
+
+	priv_id = sec_privilege_id(right);
+	if (priv_id != SEC_PRIV_INVALID) {
+		return true;
+	}
+
+	right_bit = sec_right_bit(right);
+	if (right_bit != 0) {
+		return true;
+	}
+
+	return false;
+}
+
+/*
+  this is based on the samba3 function make_lsa_object_sd()
+  It uses the same logic, but with samba4 helper functions
+ */
+static NTSTATUS dcesrv_build_lsa_sd(TALLOC_CTX *mem_ctx,
+				    struct security_descriptor **sd,
+				    struct dom_sid *sid,
+				    uint32_t sid_access)
+{
+	NTSTATUS status;
+	uint32_t rid;
+	struct dom_sid *domain_sid, *domain_admins_sid;
+	const char *domain_admins_sid_str, *sidstr;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+
+	status = dom_sid_split_rid(tmp_ctx, sid, &domain_sid, &rid);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(tmp_ctx);
+		return status;
+	}
+
+	domain_admins_sid = dom_sid_add_rid(tmp_ctx, domain_sid, DOMAIN_RID_ADMINS);
+	if (domain_admins_sid == NULL) {
+		TALLOC_FREE(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	domain_admins_sid_str = dom_sid_string(tmp_ctx, domain_admins_sid);
+	if (domain_admins_sid_str == NULL) {
+		TALLOC_FREE(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	sidstr = dom_sid_string(tmp_ctx, sid);
+	if (sidstr == NULL) {
+		TALLOC_FREE(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	*sd = security_descriptor_dacl_create(mem_ctx,
+					      0, sidstr, NULL,
+
+					      SID_WORLD,
+					      SEC_ACE_TYPE_ACCESS_ALLOWED,
+					      SEC_GENERIC_EXECUTE | SEC_GENERIC_READ, 0,
+
+					      SID_BUILTIN_ADMINISTRATORS,
+					      SEC_ACE_TYPE_ACCESS_ALLOWED,
+					      SEC_GENERIC_ALL, 0,
+
+					      SID_BUILTIN_ACCOUNT_OPERATORS,
+					      SEC_ACE_TYPE_ACCESS_ALLOWED,
+					      SEC_GENERIC_ALL, 0,
+
+					      domain_admins_sid_str,
+					      SEC_ACE_TYPE_ACCESS_ALLOWED,
+					      SEC_GENERIC_ALL, 0,
+
+					      sidstr,
+					      SEC_ACE_TYPE_ACCESS_ALLOWED,
+					      sid_access, 0,
+
+					      NULL);
+	talloc_free(tmp_ctx);
+
+	NT_STATUS_HAVE_NO_MEMORY(*sd);
+
+	return NT_STATUS_OK;
+}
+
+
+static NTSTATUS dcesrv_lsa_EnumAccountRights(struct dcesrv_call_state *dce_call,
+				      TALLOC_CTX *mem_ctx,
+				      struct lsa_EnumAccountRights *r);
+
+static NTSTATUS dcesrv_lsa_AddRemoveAccountRights(struct dcesrv_call_state *dce_call,
+					   TALLOC_CTX *mem_ctx,
+					   struct lsa_policy_state *state,
+					   int ldb_flag,
+					   struct dom_sid *sid,
+					   const struct lsa_RightSet *rights);
+
+/*
+  lsa_Close
+*/
+static NTSTATUS dcesrv_lsa_Close(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+			  struct lsa_Close *r)
+{
+	enum dcerpc_transport_t transport =
+		dcerpc_binding_get_transport(dce_call->conn->endpoint->ep_description);
+	struct dcesrv_handle *h;
+
+	if (transport != NCACN_NP && transport != NCALRPC) {
+		DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
+	}
+
+	*r->out.handle = *r->in.handle;
+
+	DCESRV_PULL_HANDLE(h, r->in.handle, DCESRV_HANDLE_ANY);
+
+	talloc_free(h);
+
+	ZERO_STRUCTP(r->out.handle);
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  lsa_Delete
+*/
+static NTSTATUS dcesrv_lsa_Delete(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+			   struct lsa_Delete *r)
+{
+	return NT_STATUS_NOT_SUPPORTED;
+}
+
+
+/*
+  lsa_DeleteObject
+*/
+static NTSTATUS dcesrv_lsa_DeleteObject(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_DeleteObject *r)
+{
+	struct auth_session_info *session_info =
+		dcesrv_call_session_info(dce_call);
+	struct dcesrv_handle *h;
+	int ret;
+
+	DCESRV_PULL_HANDLE(h, r->in.handle, DCESRV_HANDLE_ANY);
+
+	if (h->wire_handle.handle_type == LSA_HANDLE_SECRET) {
+		struct lsa_secret_state *secret_state = h->data;
+
+		/* Ensure user is permitted to delete this... */
+		switch (security_session_user_level(session_info, NULL))
+		{
+		case SECURITY_SYSTEM:
+		case SECURITY_ADMINISTRATOR:
+			break;
+		default:
+			/* Users and anonymous are not allowed to delete things */
+			return NT_STATUS_ACCESS_DENIED;
+		}
+
+		ret = ldb_delete(secret_state->sam_ldb,
+				 secret_state->secret_dn);
+		if (ret != LDB_SUCCESS) {
+			return NT_STATUS_INVALID_HANDLE;
+		}
+
+		ZERO_STRUCTP(r->out.handle);
+
+		return NT_STATUS_OK;
+
+	} else if (h->wire_handle.handle_type == LSA_HANDLE_TRUSTED_DOMAIN) {
+		struct lsa_trusted_domain_state *trusted_domain_state =
+			talloc_get_type(h->data, struct lsa_trusted_domain_state);
+		ret = ldb_transaction_start(trusted_domain_state->policy->sam_ldb);
+		if (ret != LDB_SUCCESS) {
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+
+		ret = ldb_delete(trusted_domain_state->policy->sam_ldb,
+				 trusted_domain_state->trusted_domain_dn);
+		if (ret != LDB_SUCCESS) {
+			ldb_transaction_cancel(trusted_domain_state->policy->sam_ldb);
+			return NT_STATUS_INVALID_HANDLE;
+		}
+
+		if (trusted_domain_state->trusted_domain_user_dn) {
+			ret = ldb_delete(trusted_domain_state->policy->sam_ldb,
+					 trusted_domain_state->trusted_domain_user_dn);
+			if (ret != LDB_SUCCESS) {
+				ldb_transaction_cancel(trusted_domain_state->policy->sam_ldb);
+				return NT_STATUS_INVALID_HANDLE;
+			}
+		}
+
+		ret = ldb_transaction_commit(trusted_domain_state->policy->sam_ldb);
+		if (ret != LDB_SUCCESS) {
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+
+		ZERO_STRUCTP(r->out.handle);
+
+		return NT_STATUS_OK;
+
+	} else if (h->wire_handle.handle_type == LSA_HANDLE_ACCOUNT) {
+		struct lsa_RightSet *rights;
+		struct lsa_account_state *astate;
+		struct lsa_EnumAccountRights r2;
+		NTSTATUS status;
+
+		rights = talloc(mem_ctx, struct lsa_RightSet);
+
+		DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_ACCOUNT);
+
+		astate = h->data;
+
+		r2.in.handle = &astate->policy->handle->wire_handle;
+		r2.in.sid = astate->account_sid;
+		r2.out.rights = rights;
+
+		/* dcesrv_lsa_EnumAccountRights takes a LSA_HANDLE_POLICY,
+		   but we have a LSA_HANDLE_ACCOUNT here, so this call
+		   will always fail */
+		status = dcesrv_lsa_EnumAccountRights(dce_call, mem_ctx, &r2);
+		if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+			return NT_STATUS_OK;
+		}
+
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+
+		status = dcesrv_lsa_AddRemoveAccountRights(dce_call, mem_ctx, astate->policy,
+						    LDB_FLAG_MOD_DELETE, astate->account_sid,
+						    r2.out.rights);
+		if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+			return NT_STATUS_OK;
+		}
+
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+
+		ZERO_STRUCTP(r->out.handle);
+
+		return NT_STATUS_OK;
+	}
+
+	return NT_STATUS_INVALID_HANDLE;
+}
+
+
+/*
+  lsa_EnumPrivs
+*/
+static NTSTATUS dcesrv_lsa_EnumPrivs(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+			      struct lsa_EnumPrivs *r)
+{
+	struct dcesrv_handle *h;
+	uint32_t i;
+	enum sec_privilege priv;
+	const char *privname;
+
+	DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+	i = *r->in.resume_handle;
+
+	while (((priv = sec_privilege_from_index(i)) != SEC_PRIV_INVALID) &&
+	       r->out.privs->count < r->in.max_count) {
+		struct lsa_PrivEntry *e;
+		privname = sec_privilege_name(priv);
+		r->out.privs->privs = talloc_realloc(r->out.privs,
+						       r->out.privs->privs,
+						       struct lsa_PrivEntry,
+						       r->out.privs->count+1);
+		if (r->out.privs->privs == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		e = &r->out.privs->privs[r->out.privs->count];
+		e->luid.low = priv;
+		e->luid.high = 0;
+		e->name.string = privname;
+		r->out.privs->count++;
+		i++;
+	}
+
+	*r->out.resume_handle = i;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  lsa_QuerySecObj
+*/
+static NTSTATUS dcesrv_lsa_QuerySecurity(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+					 struct lsa_QuerySecurity *r)
+{
+	struct auth_session_info *session_info =
+		dcesrv_call_session_info(dce_call);
+	struct dcesrv_handle *h;
+	const struct security_descriptor *sd = NULL;
+	uint32_t access_granted = 0;
+	struct sec_desc_buf *sdbuf = NULL;
+	NTSTATUS status;
+	struct dom_sid *sid;
+
+	DCESRV_PULL_HANDLE(h, r->in.handle, DCESRV_HANDLE_ANY);
+
+	sid = &session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
+
+	if (h->wire_handle.handle_type == LSA_HANDLE_POLICY) {
+		struct lsa_policy_state *pstate = h->data;
+
+		sd = pstate->sd;
+		access_granted = pstate->access_mask;
+
+	} else if (h->wire_handle.handle_type == LSA_HANDLE_ACCOUNT) {
+		struct lsa_account_state *astate = h->data;
+		struct security_descriptor *_sd = NULL;
+
+		status = dcesrv_build_lsa_sd(mem_ctx, &_sd, sid,
+					     LSA_ACCOUNT_ALL_ACCESS);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+		sd = _sd;
+		access_granted = astate->access_mask;
+	} else {
+		return NT_STATUS_INVALID_HANDLE;
+	}
+
+	sdbuf = talloc_zero(mem_ctx, struct sec_desc_buf);
+	if (sdbuf == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	status = security_descriptor_for_client(sdbuf, sd, r->in.sec_info,
+						access_granted, &sdbuf->sd);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	*r->out.sdbuf = sdbuf;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  lsa_SetSecObj
+*/
+static NTSTATUS dcesrv_lsa_SetSecObj(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+			      struct lsa_SetSecObj *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  lsa_ChangePassword
+*/
+static NTSTATUS dcesrv_lsa_ChangePassword(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				   struct lsa_ChangePassword *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  dssetup_DsRoleGetPrimaryDomainInformation
+
+  This is not an LSA call, but is the only call left on the DSSETUP
+  pipe (after the pipe was truncated), and needs lsa_get_policy_state
+*/
+static WERROR dcesrv_dssetup_DsRoleGetPrimaryDomainInformation(struct dcesrv_call_state *dce_call,
+						 TALLOC_CTX *mem_ctx,
+						 struct dssetup_DsRoleGetPrimaryDomainInformation *r)
+{
+	union dssetup_DsRoleInfo *info;
+
+	info = talloc_zero(mem_ctx, union dssetup_DsRoleInfo);
+	W_ERROR_HAVE_NO_MEMORY(info);
+
+	switch (r->in.level) {
+	case DS_ROLE_BASIC_INFORMATION:
+	{
+		enum dssetup_DsRole role = DS_ROLE_STANDALONE_SERVER;
+		uint32_t flags = 0;
+		const char *domain = NULL;
+		const char *dns_domain = NULL;
+		const char *forest = NULL;
+		struct GUID domain_guid;
+		struct lsa_policy_state *state;
+
+		NTSTATUS status = dcesrv_lsa_get_policy_state(dce_call, mem_ctx,
+							      0, /* we skip access checks */
+							      &state);
+		if (!NT_STATUS_IS_OK(status)) {
+			return ntstatus_to_werror(status);
+		}
+
+		ZERO_STRUCT(domain_guid);
+
+		switch (lpcfg_server_role(dce_call->conn->dce_ctx->lp_ctx)) {
+		case ROLE_STANDALONE:
+			role		= DS_ROLE_STANDALONE_SERVER;
+			break;
+		case ROLE_DOMAIN_MEMBER:
+			role		= DS_ROLE_MEMBER_SERVER;
+			break;
+		case ROLE_ACTIVE_DIRECTORY_DC:
+			if (samdb_is_pdc(state->sam_ldb)) {
+				role	= DS_ROLE_PRIMARY_DC;
+			} else {
+				role    = DS_ROLE_BACKUP_DC;
+			}
+			break;
+		}
+
+		switch (lpcfg_server_role(dce_call->conn->dce_ctx->lp_ctx)) {
+		case ROLE_STANDALONE:
+			domain		= talloc_strdup(mem_ctx, lpcfg_workgroup(dce_call->conn->dce_ctx->lp_ctx));
+			W_ERROR_HAVE_NO_MEMORY(domain);
+			break;
+		case ROLE_DOMAIN_MEMBER:
+			domain		= talloc_strdup(mem_ctx, lpcfg_workgroup(dce_call->conn->dce_ctx->lp_ctx));
+			W_ERROR_HAVE_NO_MEMORY(domain);
+			/* TODO: what is with dns_domain and forest and guid? */
+			break;
+		case ROLE_ACTIVE_DIRECTORY_DC:
+			flags		= DS_ROLE_PRIMARY_DS_RUNNING;
+
+			if (state->mixed_domain == 1) {
+				flags	|= DS_ROLE_PRIMARY_DS_MIXED_MODE;
+			}
+
+			domain		= state->domain_name;
+			dns_domain	= state->domain_dns;
+			forest		= state->forest_dns;
+
+			domain_guid	= state->domain_guid;
+			flags	|= DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT;
+			break;
+		}
+
+		info->basic.role        = role;
+		info->basic.flags       = flags;
+		info->basic.domain      = domain;
+		info->basic.dns_domain  = dns_domain;
+		info->basic.forest      = forest;
+		info->basic.domain_guid = domain_guid;
+
+		r->out.info = info;
+		return WERR_OK;
+	}
+	case DS_ROLE_UPGRADE_STATUS:
+	{
+		info->upgrade.upgrading     = DS_ROLE_NOT_UPGRADING;
+		info->upgrade.previous_role = DS_ROLE_PREVIOUS_UNKNOWN;
+
+		r->out.info = info;
+		return WERR_OK;
+	}
+	case DS_ROLE_OP_STATUS:
+	{
+		info->opstatus.status = DS_ROLE_OP_IDLE;
+
+		r->out.info = info;
+		return WERR_OK;
+	}
+	default:
+		return WERR_INVALID_PARAMETER;
+	}
+}
+
+/*
+  fill in the AccountDomain info
+*/
+static NTSTATUS dcesrv_lsa_info_AccountDomain(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
+				       struct lsa_DomainInfo *info)
+{
+	info->name.string = state->domain_name;
+	info->sid         = state->domain_sid;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  fill in the DNS domain info
+*/
+static NTSTATUS dcesrv_lsa_info_DNS(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
+			     struct lsa_DnsDomainInfo *info)
+{
+	info->name.string = state->domain_name;
+	info->sid         = state->domain_sid;
+	info->dns_domain.string = state->domain_dns;
+	info->dns_forest.string = state->forest_dns;
+	info->domain_guid       = state->domain_guid;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  lsa_QueryInfoPolicy2
+*/
+static NTSTATUS dcesrv_lsa_QueryInfoPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				     struct lsa_QueryInfoPolicy2 *r)
+{
+	struct lsa_policy_state *state;
+	struct dcesrv_handle *h;
+	union lsa_PolicyInformation *info;
+
+	*r->out.info = NULL;
+
+	DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+	state = h->data;
+
+	info = talloc_zero(mem_ctx, union lsa_PolicyInformation);
+	if (!info) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	*r->out.info = info;
+
+	switch (r->in.level) {
+	case LSA_POLICY_INFO_AUDIT_LOG:
+		/* we don't need to fill in any of this */
+		ZERO_STRUCT(info->audit_log);
+		return NT_STATUS_OK;
+	case LSA_POLICY_INFO_AUDIT_EVENTS:
+		/* we don't need to fill in any of this */
+		ZERO_STRUCT(info->audit_events);
+		return NT_STATUS_OK;
+	case LSA_POLICY_INFO_PD:
+		/* we don't need to fill in any of this */
+		ZERO_STRUCT(info->pd);
+		return NT_STATUS_OK;
+
+	case LSA_POLICY_INFO_DOMAIN:
+		return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &info->domain);
+	case LSA_POLICY_INFO_ACCOUNT_DOMAIN:
+		return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &info->account_domain);
+	case LSA_POLICY_INFO_L_ACCOUNT_DOMAIN:
+		return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &info->l_account_domain);
+
+	case LSA_POLICY_INFO_ROLE:
+		info->role.role = LSA_ROLE_PRIMARY;
+		return NT_STATUS_OK;
+
+	case LSA_POLICY_INFO_DNS:
+		return dcesrv_lsa_info_DNS(state, mem_ctx, &info->dns);
+	case LSA_POLICY_INFO_DNS_INT:
+		return dcesrv_lsa_info_DNS(state, mem_ctx, &info->dns_int);
+
+	case LSA_POLICY_INFO_REPLICA:
+		ZERO_STRUCT(info->replica);
+		return NT_STATUS_OK;
+
+	case LSA_POLICY_INFO_QUOTA:
+		ZERO_STRUCT(info->quota);
+		return NT_STATUS_OK;
+
+	case LSA_POLICY_INFO_MOD:
+	case LSA_POLICY_INFO_AUDIT_FULL_SET:
+	case LSA_POLICY_INFO_AUDIT_FULL_QUERY:
+		/* windows gives INVALID_PARAMETER */
+		*r->out.info = NULL;
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	*r->out.info = NULL;
+	return NT_STATUS_INVALID_INFO_CLASS;
+}
+
+/*
+  lsa_QueryInfoPolicy
+*/
+static NTSTATUS dcesrv_lsa_QueryInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				    struct lsa_QueryInfoPolicy *r)
+{
+	struct lsa_QueryInfoPolicy2 r2;
+	NTSTATUS status;
+
+	ZERO_STRUCT(r2);
+
+	r2.in.handle = r->in.handle;
+	r2.in.level = r->in.level;
+	r2.out.info = r->out.info;
+
+	status = dcesrv_lsa_QueryInfoPolicy2(dce_call, mem_ctx, &r2);
+
+	return status;
+}
+
+/*
+  lsa_SetInfoPolicy
+*/
+static NTSTATUS dcesrv_lsa_SetInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				  struct lsa_SetInfoPolicy *r)
+{
+	/* need to support this */
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  lsa_ClearAuditLog
+*/
+static NTSTATUS dcesrv_lsa_ClearAuditLog(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				  struct lsa_ClearAuditLog *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+static const struct generic_mapping dcesrv_lsa_account_mapping = {
+	LSA_ACCOUNT_READ,
+	LSA_ACCOUNT_WRITE,
+	LSA_ACCOUNT_EXECUTE,
+	LSA_ACCOUNT_ALL_ACCESS
+};
+
+/*
+  lsa_CreateAccount
+
+  This call does not seem to have any long-term effects, hence no database operations
+
+  we need to talk to the MS product group to find out what this account database means!
+
+  answer is that the lsa database is totally separate from the SAM and
+  ldap databases. We are going to need a separate ldb to store these
+  accounts. The SIDs on this account bear no relation to the SIDs in
+  AD
+*/
+static NTSTATUS dcesrv_lsa_CreateAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				  struct lsa_CreateAccount *r)
+{
+	struct lsa_account_state *astate;
+
+	struct lsa_policy_state *state;
+	struct dcesrv_handle *h, *ah;
+
+	ZERO_STRUCTP(r->out.acct_handle);
+
+	DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+	state = h->data;
+
+	astate = talloc(dce_call->conn, struct lsa_account_state);
+	if (astate == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	astate->account_sid = dom_sid_dup(astate, r->in.sid);
+	if (astate->account_sid == NULL) {
+		talloc_free(astate);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	astate->policy = talloc_reference(astate, state);
+	astate->access_mask = r->in.access_mask;
+
+	/*
+	 * For now we grant all requested access.
+	 *
+	 * We will fail at the ldb layer later.
+	 */
+	if (astate->access_mask & SEC_FLAG_MAXIMUM_ALLOWED) {
+		astate->access_mask &= ~SEC_FLAG_MAXIMUM_ALLOWED;
+		astate->access_mask |= LSA_ACCOUNT_ALL_ACCESS;
+	}
+	se_map_generic(&astate->access_mask, &dcesrv_lsa_account_mapping);
+
+	DEBUG(10,("%s: %s access desired[0x%08X] granted[0x%08X].\n",
+		  __func__, dom_sid_string(mem_ctx, astate->account_sid),
+		 (unsigned)r->in.access_mask,
+		 (unsigned)astate->access_mask));
+
+	ah = dcesrv_handle_create(dce_call, LSA_HANDLE_ACCOUNT);
+	if (!ah) {
+		talloc_free(astate);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ah->data = talloc_steal(ah, astate);
+
+	*r->out.acct_handle = ah->wire_handle;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  lsa_EnumAccounts
+*/
+static NTSTATUS dcesrv_lsa_EnumAccounts(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				 struct lsa_EnumAccounts *r)
+{
+	struct dcesrv_handle *h;
+	struct lsa_policy_state *state;
+	int ret;
+	struct ldb_message **res;
+	const char * const attrs[] = { "objectSid", NULL};
+	uint32_t count, i;
+
+	DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+	state = h->data;
+
+	/* NOTE: This call must only return accounts that have at least
+	   one privilege set
+	*/
+	ret = gendb_search(state->pdb, mem_ctx, NULL, &res, attrs,
+			   "(&(objectSid=*)(privilege=*))");
+	if (ret < 0) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	if (*r->in.resume_handle >= ret) {
+		return NT_STATUS_NO_MORE_ENTRIES;
+	}
+
+	count = ret - *r->in.resume_handle;
+	if (count > r->in.num_entries) {
+		count = r->in.num_entries;
+	}
+
+	if (count == 0) {
+		return NT_STATUS_NO_MORE_ENTRIES;
+	}
+
+	r->out.sids->sids = talloc_array(r->out.sids, struct lsa_SidPtr, count);
+	if (r->out.sids->sids == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i=0;i<count;i++) {
+		r->out.sids->sids[i].sid =
+			samdb_result_dom_sid(r->out.sids->sids,
+					     res[i + *r->in.resume_handle],
+					     "objectSid");
+		NT_STATUS_HAVE_NO_MEMORY(r->out.sids->sids[i].sid);
+	}
+
+	r->out.sids->num_sids = count;
+	*r->out.resume_handle = count + *r->in.resume_handle;
+
+	return NT_STATUS_OK;
+}
+
+/* This decrypts and returns Trusted Domain Auth Information Internal data */
+static NTSTATUS get_trustdom_auth_blob(struct dcesrv_call_state *dce_call,
+				       TALLOC_CTX *mem_ctx, DATA_BLOB *auth_blob,
+				       struct trustDomainPasswords *auth_struct)
+{
+	DATA_BLOB session_key = data_blob(NULL, 0);
+	enum ndr_err_code ndr_err;
+	NTSTATUS nt_status;
+	gnutls_cipher_hd_t cipher_hnd = NULL;
+	gnutls_datum_t _session_key;
+	int rc;
+	struct auth_session_info *session_info =
+		dcesrv_call_session_info(dce_call);
+	struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
+	bool encrypted;
+
+	encrypted =
+		dcerpc_is_transport_encrypted(session_info);
+	if (lpcfg_weak_crypto(lp_ctx) == SAMBA_WEAK_CRYPTO_DISALLOWED &&
+	    !encrypted) {
+		DBG_ERR("Transport isn't encrypted and weak crypto disallowed!\n");
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+
+	nt_status = dcesrv_transport_session_key(dce_call, &session_key);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		return nt_status;
+	}
+
+	_session_key = (gnutls_datum_t) {
+		.data = session_key.data,
+		.size = session_key.length,
+	};
+
+	GNUTLS_FIPS140_SET_LAX_MODE();
+	rc = gnutls_cipher_init(&cipher_hnd,
+				GNUTLS_CIPHER_ARCFOUR_128,
+				&_session_key,
+				NULL);
+	if (rc < 0) {
+		GNUTLS_FIPS140_SET_STRICT_MODE();
+		nt_status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
+		goto out;
+	}
+
+	rc = gnutls_cipher_decrypt(cipher_hnd,
+				   auth_blob->data,
+				   auth_blob->length);
+	gnutls_cipher_deinit(cipher_hnd);
+	GNUTLS_FIPS140_SET_STRICT_MODE();
+	if (rc < 0) {
+		nt_status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
+		goto out;
+	}
+
+	ndr_err = ndr_pull_struct_blob(auth_blob, mem_ctx,
+				       auth_struct,
+				       (ndr_pull_flags_fn_t)ndr_pull_trustDomainPasswords);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	nt_status = NT_STATUS_OK;
+out:
+	return nt_status;
+}
+
+static NTSTATUS get_trustauth_inout_blob(struct dcesrv_call_state *dce_call,
+					 TALLOC_CTX *mem_ctx,
+					 struct trustAuthInOutBlob *iopw,
+					 DATA_BLOB *trustauth_blob)
+{
+	enum ndr_err_code ndr_err;
+
+	if (iopw->current.count != iopw->count) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (iopw->previous.count > iopw->current.count) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (iopw->previous.count == 0) {
+		/*
+		 * If the previous credentials are not present
+		 * we need to make a copy.
+		 */
+		iopw->previous = iopw->current;
+	}
+
+	if (iopw->previous.count < iopw->current.count) {
+		struct AuthenticationInformationArray *c = &iopw->current;
+		struct AuthenticationInformationArray *p = &iopw->previous;
+
+		/*
+		 * The previous array needs to have the same size
+		 * as the current one.
+		 *
+		 * We may have to fill with TRUST_AUTH_TYPE_NONE
+		 * elements.
+		 */
+		p->array = talloc_realloc(mem_ctx, p->array,
+				   struct AuthenticationInformation,
+				   c->count);
+		if (p->array == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		while (p->count < c->count) {
+			struct AuthenticationInformation *a =
+				&p->array[p->count++];
+
+			*a = (struct AuthenticationInformation) {
+				.LastUpdateTime = p->array[0].LastUpdateTime,
+				.AuthType = TRUST_AUTH_TYPE_NONE,
+			};
+		}
+	}
+
+	ndr_err = ndr_push_struct_blob(trustauth_blob, mem_ctx,
+				       iopw,
+				       (ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS add_trust_user(TALLOC_CTX *mem_ctx,
+			       struct ldb_context *sam_ldb,
+			       struct ldb_dn *base_dn,
+			       const char *netbios_name,
+			       struct trustAuthInOutBlob *in,
+			       struct ldb_dn **user_dn)
+{
+	struct ldb_request *req;
+	struct ldb_message *msg;
+	struct ldb_dn *dn;
+	uint32_t i;
+	int ret;
+
+	dn = ldb_dn_copy(mem_ctx, base_dn);
+	if (!dn) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	if (!ldb_dn_add_child_fmt(dn, "cn=%s$,cn=users", netbios_name)) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	msg = ldb_msg_new(mem_ctx);
+	if (!msg) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	msg->dn = dn;
+
+	ret = ldb_msg_add_string(msg, "objectClass", "user");
+	if (ret != LDB_SUCCESS) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ret = ldb_msg_add_fmt(msg, "samAccountName", "%s$", netbios_name);
+	if (ret != LDB_SUCCESS) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ret = samdb_msg_add_uint(sam_ldb, msg, msg, "userAccountControl",
+				 UF_INTERDOMAIN_TRUST_ACCOUNT);
+	if (ret != LDB_SUCCESS) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i = 0; i < in->count; i++) {
+		const char *attribute;
+		struct ldb_val v;
+		switch (in->current.array[i].AuthType) {
+		case TRUST_AUTH_TYPE_NT4OWF:
+			attribute = "unicodePwd";
+			v.data = (uint8_t *)&in->current.array[i].AuthInfo.nt4owf.password;
+			v.length = 16;
+			break;
+		case TRUST_AUTH_TYPE_CLEAR:
+			attribute = "clearTextPassword";
+			v.data = in->current.array[i].AuthInfo.clear.password;
+			v.length = in->current.array[i].AuthInfo.clear.size;
+			break;
+		default:
+			continue;
+		}
+
+		ret = ldb_msg_add_value(msg, attribute, &v, NULL);
+		if (ret != LDB_SUCCESS) {
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
+	/* create the trusted_domain user account */
+	ret = ldb_build_add_req(&req, sam_ldb, mem_ctx, msg, NULL, NULL,
+				ldb_op_default_callback, NULL);
+	if (ret != LDB_SUCCESS) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ret = ldb_request_add_control(req, DSDB_CONTROL_PERMIT_INTERDOMAIN_TRUST_UAC_OID,
+				      false, NULL);
+	if (ret != LDB_SUCCESS) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ret = dsdb_autotransaction_request(sam_ldb, req);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,("Failed to create user record %s: %s\n",
+			 ldb_dn_get_linearized(msg->dn),
+			 ldb_errstring(sam_ldb)));
+
+		switch (ret) {
+		case LDB_ERR_ENTRY_ALREADY_EXISTS:
+			return NT_STATUS_DOMAIN_EXISTS;
+		case LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS:
+			return NT_STATUS_ACCESS_DENIED;
+		default:
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+	}
+
+	if (user_dn) {
+		*user_dn = dn;
+	}
+	return NT_STATUS_OK;
+}
+
+/*
+  lsa_CreateTrustedDomainEx2
+*/
+static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dce_call,
+						    TALLOC_CTX *mem_ctx,
+						    struct lsa_CreateTrustedDomainEx2 *r,
+						    int op,
+						    struct lsa_TrustDomainInfoAuthInfo *unencrypted_auth_info)
+{
+	struct dcesrv_handle *policy_handle;
+	struct lsa_policy_state *policy_state;
+	struct lsa_trusted_domain_state *trusted_domain_state;
+	struct dcesrv_handle *handle;
+	struct ldb_message **msgs, *msg;
+	const char *attrs[] = {
+		NULL
+	};
+	const char *netbios_name;
+	const char *dns_name;
+	DATA_BLOB trustAuthIncoming, trustAuthOutgoing, auth_blob;
+	struct trustDomainPasswords auth_struct;
+	int ret;
+	NTSTATUS nt_status;
+	struct ldb_context *sam_ldb;
+	struct server_id *server_ids = NULL;
+	uint32_t num_server_ids = 0;
+	NTSTATUS status;
+	bool ok;
+	char *dns_encoded = NULL;
+	char *netbios_encoded = NULL;
+	char *sid_encoded = NULL;
+	struct imessaging_context *imsg_ctx =
+		dcesrv_imessaging_context(dce_call->conn);
+
+	DCESRV_PULL_HANDLE(policy_handle, r->in.policy_handle, LSA_HANDLE_POLICY);
+	ZERO_STRUCTP(r->out.trustdom_handle);
+
+	policy_state = policy_handle->data;
+	sam_ldb = policy_state->sam_ldb;
+
+	netbios_name = r->in.info->netbios_name.string;
+	if (!netbios_name) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	dns_name = r->in.info->domain_name.string;
+	if (dns_name == NULL) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (r->in.info->sid == NULL) {
+		return NT_STATUS_INVALID_SID;
+	}
+
+	/*
+	 * We expect S-1-5-21-A-B-C, but we don't
+	 * allow S-1-5-21-0-0-0 as this is used
+	 * for claims and compound identities.
+	 */
+	ok = dom_sid_is_valid_account_domain(r->in.info->sid);
+	if (!ok) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	dns_encoded = ldb_binary_encode_string(mem_ctx, dns_name);
+	if (dns_encoded == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	netbios_encoded = ldb_binary_encode_string(mem_ctx, netbios_name);
+	if (netbios_encoded == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	sid_encoded = ldap_encode_ndr_dom_sid(mem_ctx, r->in.info->sid);
+	if (sid_encoded == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	trusted_domain_state = talloc_zero(mem_ctx, struct lsa_trusted_domain_state);
+	if (!trusted_domain_state) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	trusted_domain_state->policy = policy_state;
+
+	if (strcasecmp(netbios_name, "BUILTIN") == 0
+	    || (strcasecmp(dns_name, "BUILTIN") == 0)
+	    || (dom_sid_in_domain(policy_state->builtin_sid, r->in.info->sid))) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (strcasecmp(netbios_name, policy_state->domain_name) == 0
+	    || strcasecmp(netbios_name, policy_state->domain_dns) == 0
+	    || strcasecmp(dns_name, policy_state->domain_dns) == 0
+	    || strcasecmp(dns_name, policy_state->domain_name) == 0
+	    || (dom_sid_equal(policy_state->domain_sid, r->in.info->sid))) {
+		return NT_STATUS_CURRENT_DOMAIN_NOT_ALLOWED;
+	}
+
+	/* While this is a REF pointer, some of the functions that wrap this don't provide this */
+	if (op == NDR_LSA_CREATETRUSTEDDOMAIN) {
+		/* No secrets are created at this time, for this function */
+		auth_struct.outgoing.count = 0;
+		auth_struct.incoming.count = 0;
+	} else if (op == NDR_LSA_CREATETRUSTEDDOMAINEX2) {
+		auth_blob = data_blob_const(r->in.auth_info_internal->auth_blob.data,
+					    r->in.auth_info_internal->auth_blob.size);
+		nt_status = get_trustdom_auth_blob(dce_call, mem_ctx,
+						   &auth_blob, &auth_struct);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			return nt_status;
+		}
+	} else if (op == NDR_LSA_CREATETRUSTEDDOMAINEX) {
+
+		if (unencrypted_auth_info->incoming_count > 1) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		/* more investigation required here, do not create secrets for
+		 * now */
+		auth_struct.outgoing.count = 0;
+		auth_struct.incoming.count = 0;
+	} else {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (auth_struct.incoming.count) {
+		nt_status = get_trustauth_inout_blob(dce_call, mem_ctx,
+						     &auth_struct.incoming,
+						     &trustAuthIncoming);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			return nt_status;
+		}
+	} else {
+		trustAuthIncoming = data_blob(NULL, 0);
+	}
+
+	if (auth_struct.outgoing.count) {
+		nt_status = get_trustauth_inout_blob(dce_call, mem_ctx,
+						     &auth_struct.outgoing,
+						     &trustAuthOutgoing);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			return nt_status;
+		}
+	} else {
+		trustAuthOutgoing = data_blob(NULL, 0);
+	}
+
+	ret = ldb_transaction_start(sam_ldb);
+	if (ret != LDB_SUCCESS) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	/* search for the trusted_domain record */
+	ret = gendb_search(sam_ldb,
+			   mem_ctx, policy_state->system_dn, &msgs, attrs,
+			   "(&(objectClass=trustedDomain)(|"
+			     "(flatname=%s)(trustPartner=%s)"
+			     "(flatname=%s)(trustPartner=%s)"
+			     "(securityIdentifier=%s)))",
+			   dns_encoded, dns_encoded,
+			   netbios_encoded, netbios_encoded,
+			   sid_encoded);
+	if (ret > 0) {
+		ldb_transaction_cancel(sam_ldb);
+		return NT_STATUS_OBJECT_NAME_COLLISION;
+	}
+	if (ret < 0) {
+		ldb_transaction_cancel(sam_ldb);
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	msg = ldb_msg_new(mem_ctx);
+	if (msg == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	msg->dn = ldb_dn_copy(mem_ctx, policy_state->system_dn);
+	if ( ! ldb_dn_add_child_fmt(msg->dn, "cn=%s", dns_name)) {
+			ldb_transaction_cancel(sam_ldb);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ret = ldb_msg_add_string(msg, "objectClass", "trustedDomain");
+	if (ret != LDB_SUCCESS) {
+		ldb_transaction_cancel(sam_ldb);
+		return NT_STATUS_NO_MEMORY;;
+	}
+
+	ret = ldb_msg_add_string(msg, "flatname", netbios_name);
+	if (ret != LDB_SUCCESS) {
+		ldb_transaction_cancel(sam_ldb);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ret = ldb_msg_add_string(msg, "trustPartner", dns_name);
+	if (ret != LDB_SUCCESS) {
+		ldb_transaction_cancel(sam_ldb);
+		return NT_STATUS_NO_MEMORY;;
+	}
+
+	ret = samdb_msg_add_dom_sid(sam_ldb, mem_ctx, msg, "securityIdentifier",
+				    r->in.info->sid);
+	if (ret != LDB_SUCCESS) {
+		ldb_transaction_cancel(sam_ldb);
+		return NT_STATUS_NO_MEMORY;;
+	}
+
+	ret = samdb_msg_add_int(sam_ldb, mem_ctx, msg, "trustType", r->in.info->trust_type);
+	if (ret != LDB_SUCCESS) {
+		ldb_transaction_cancel(sam_ldb);
+		return NT_STATUS_NO_MEMORY;;
+	}
+
+	ret = samdb_msg_add_int(sam_ldb, mem_ctx, msg, "trustAttributes", r->in.info->trust_attributes);
+	if (ret != LDB_SUCCESS) {
+		ldb_transaction_cancel(sam_ldb);
+		return NT_STATUS_NO_MEMORY;;
+	}
+
+	ret = samdb_msg_add_int(sam_ldb, mem_ctx, msg, "trustDirection", r->in.info->trust_direction);
+	if (ret != LDB_SUCCESS) {
+		ldb_transaction_cancel(sam_ldb);
+		return NT_STATUS_NO_MEMORY;;
+	}
+
+	if (trustAuthIncoming.data) {
+		ret = ldb_msg_add_value(msg, "trustAuthIncoming", &trustAuthIncoming, NULL);
+		if (ret != LDB_SUCCESS) {
+			ldb_transaction_cancel(sam_ldb);
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+	if (trustAuthOutgoing.data) {
+		ret = ldb_msg_add_value(msg, "trustAuthOutgoing", &trustAuthOutgoing, NULL);
+		if (ret != LDB_SUCCESS) {
+			ldb_transaction_cancel(sam_ldb);
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
+	trusted_domain_state->trusted_domain_dn = talloc_reference(trusted_domain_state, msg->dn);
+
+	/* create the trusted_domain */
+	ret = ldb_add(sam_ldb, msg);
+	switch (ret) {
+	case  LDB_SUCCESS:
+		break;
+	case  LDB_ERR_ENTRY_ALREADY_EXISTS:
+		ldb_transaction_cancel(sam_ldb);
+		DEBUG(0,("Failed to create trusted domain record %s: %s\n",
+			 ldb_dn_get_linearized(msg->dn),
+			 ldb_errstring(sam_ldb)));
+		return NT_STATUS_DOMAIN_EXISTS;
+	case  LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS:
+		ldb_transaction_cancel(sam_ldb);
+		DEBUG(0,("Failed to create trusted domain record %s: %s\n",
+			 ldb_dn_get_linearized(msg->dn),
+			 ldb_errstring(sam_ldb)));
+		return NT_STATUS_ACCESS_DENIED;
+	default:
+		ldb_transaction_cancel(sam_ldb);
+		DEBUG(0,("Failed to create user record %s: %s\n",
+			 ldb_dn_get_linearized(msg->dn),
+			 ldb_errstring(sam_ldb)));
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	if (r->in.info->trust_direction & LSA_TRUST_DIRECTION_INBOUND) {
+		struct ldb_dn *user_dn;
+		/* Inbound trusts must also create a cn=users object to match */
+		nt_status = add_trust_user(mem_ctx, sam_ldb,
+					   policy_state->domain_dn,
+					   netbios_name,
+					   &auth_struct.incoming,
+					   &user_dn);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			ldb_transaction_cancel(sam_ldb);
+			return nt_status;
+		}
+
+		/* save the trust user dn */
+		trusted_domain_state->trusted_domain_user_dn
+			= talloc_steal(trusted_domain_state, user_dn);
+	}
+
+	ret = ldb_transaction_commit(sam_ldb);
+	if (ret != LDB_SUCCESS) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	/*
+	 * Notify winbindd that we have a new trust
+	 */
+	status = irpc_servers_byname(imsg_ctx,
+				     mem_ctx,
+				     "winbind_server",
+				     &num_server_ids,
+				     &server_ids);
+	if (NT_STATUS_IS_OK(status) && num_server_ids >= 1) {
+		imessaging_send(imsg_ctx,
+				server_ids[0],
+				MSG_WINBIND_RELOAD_TRUSTED_DOMAINS,
+				NULL);
+	}
+	TALLOC_FREE(server_ids);
+
+	handle = dcesrv_handle_create(dce_call, LSA_HANDLE_TRUSTED_DOMAIN);
+	if (!handle) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	handle->data = talloc_steal(handle, trusted_domain_state);
+
+	trusted_domain_state->access_mask = r->in.access_mask;
+	trusted_domain_state->policy = talloc_reference(trusted_domain_state, policy_state);
+
+	*r->out.trustdom_handle = handle->wire_handle;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  lsa_CreateTrustedDomainEx2
+*/
+static NTSTATUS dcesrv_lsa_CreateTrustedDomainEx2(struct dcesrv_call_state *dce_call,
+					   TALLOC_CTX *mem_ctx,
+					   struct lsa_CreateTrustedDomainEx2 *r)
+{
+	return dcesrv_lsa_CreateTrustedDomain_base(dce_call, mem_ctx, r, NDR_LSA_CREATETRUSTEDDOMAINEX2, NULL);
+}
+/*
+  lsa_CreateTrustedDomainEx
+*/
+static NTSTATUS dcesrv_lsa_CreateTrustedDomainEx(struct dcesrv_call_state *dce_call,
+					  TALLOC_CTX *mem_ctx,
+					  struct lsa_CreateTrustedDomainEx *r)
+{
+	struct lsa_CreateTrustedDomainEx2 r2 = {};
+
+	r2.in.policy_handle = r->in.policy_handle;
+	r2.in.info = r->in.info;
+	r2.out.trustdom_handle = r->out.trustdom_handle;
+	return dcesrv_lsa_CreateTrustedDomain_base(dce_call, mem_ctx, &r2, NDR_LSA_CREATETRUSTEDDOMAINEX, r->in.auth_info);
+}
+
+/*
+  lsa_CreateTrustedDomain
+*/
+static NTSTATUS dcesrv_lsa_CreateTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+					struct lsa_CreateTrustedDomain *r)
+{
+	struct lsa_CreateTrustedDomainEx2 r2 = {};
+
+	r2.in.policy_handle = r->in.policy_handle;
+	r2.in.info = talloc(mem_ctx, struct lsa_TrustDomainInfoInfoEx);
+	if (!r2.in.info) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	r2.in.info->domain_name = r->in.info->name;
+	r2.in.info->netbios_name = r->in.info->name;
+	r2.in.info->sid = r->in.info->sid;
+	r2.in.info->trust_direction = LSA_TRUST_DIRECTION_OUTBOUND;
+	r2.in.info->trust_type = LSA_TRUST_TYPE_DOWNLEVEL;
+	r2.in.info->trust_attributes = 0;
+
+	r2.in.access_mask = r->in.access_mask;
+	r2.out.trustdom_handle = r->out.trustdom_handle;
+
+	return dcesrv_lsa_CreateTrustedDomain_base(dce_call, mem_ctx, &r2, NDR_LSA_CREATETRUSTEDDOMAIN, NULL);
+}
+
+static NTSTATUS dcesrv_lsa_OpenTrustedDomain_common(
+					struct dcesrv_call_state *dce_call,
+					TALLOC_CTX *tmp_mem,
+					struct lsa_policy_state *policy_state,
+					const char *filter,
+					uint32_t access_mask,
+					struct dcesrv_handle **_handle)
+{
+	struct lsa_trusted_domain_state *trusted_domain_state;
+	struct dcesrv_handle *handle;
+	struct ldb_message **msgs;
+	const char *attrs[] = {
+		"trustDirection",
+		"flatname",
+		NULL
+	};
+	uint32_t direction;
+	int ret;
+
+        /* TODO: perform access checks */
+
+	/* search for the trusted_domain record */
+	ret = gendb_search(policy_state->sam_ldb, tmp_mem,
+			   policy_state->system_dn,
+			   &msgs, attrs, "%s", filter);
+	if (ret == 0) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	if (ret != 1) {
+		DEBUG(0,("Found %d records matching %s under %s\n", ret,
+			 filter,
+			 ldb_dn_get_linearized(policy_state->system_dn)));
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	trusted_domain_state = talloc_zero(tmp_mem,
+					   struct lsa_trusted_domain_state);
+	if (!trusted_domain_state) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	trusted_domain_state->policy = policy_state;
+
+	trusted_domain_state->trusted_domain_dn =
+		talloc_steal(trusted_domain_state, msgs[0]->dn);
+
+	direction = ldb_msg_find_attr_as_int(msgs[0], "trustDirection", 0);
+	if (direction & LSA_TRUST_DIRECTION_INBOUND) {
+		const char *flatname = ldb_msg_find_attr_as_string(msgs[0],
+							"flatname", NULL);
+
+		/* search for the trusted_domain account */
+		ret = gendb_search(policy_state->sam_ldb, tmp_mem,
+				   policy_state->domain_dn,
+				   &msgs, attrs,
+				   "(&(samaccountname=%s$)(objectclass=user)"
+				   "(userAccountControl:%s:=%u))",
+				   flatname,
+				   LDB_OID_COMPARATOR_AND,
+				   UF_INTERDOMAIN_TRUST_ACCOUNT);
+		if (ret == 1) {
+			trusted_domain_state->trusted_domain_user_dn =
+				talloc_steal(trusted_domain_state, msgs[0]->dn);
+		}
+	}
+
+	handle = dcesrv_handle_create(dce_call, LSA_HANDLE_TRUSTED_DOMAIN);
+	if (!handle) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	handle->data = talloc_steal(handle, trusted_domain_state);
+
+	trusted_domain_state->access_mask = access_mask;
+	trusted_domain_state->policy = talloc_reference(trusted_domain_state,
+							policy_state);
+
+	*_handle = handle;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  lsa_OpenTrustedDomain
+*/
+static NTSTATUS dcesrv_lsa_OpenTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				      struct lsa_OpenTrustedDomain *r)
+{
+	struct dcesrv_handle *policy_handle;
+	struct lsa_policy_state *policy_state;
+	struct dcesrv_handle *handle;
+	const char *sid_string;
+	char *filter;
+	NTSTATUS status;
+
+	DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
+	ZERO_STRUCTP(r->out.trustdom_handle);
+	policy_state = policy_handle->data;
+
+	sid_string = dom_sid_string(mem_ctx, r->in.sid);
+	if (!sid_string) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	filter = talloc_asprintf(mem_ctx,
+				 "(&(securityIdentifier=%s)"
+				 "(objectclass=trustedDomain))",
+				 sid_string);
+	if (filter == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	status = dcesrv_lsa_OpenTrustedDomain_common(dce_call, mem_ctx,
+						     policy_state,
+						     filter,
+						     r->in.access_mask,
+						     &handle);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	*r->out.trustdom_handle = handle->wire_handle;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  lsa_OpenTrustedDomainByName
+*/
+static NTSTATUS dcesrv_lsa_OpenTrustedDomainByName(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_OpenTrustedDomainByName *r)
+{
+	struct dcesrv_handle *policy_handle;
+	struct lsa_policy_state *policy_state;
+	struct dcesrv_handle *handle;
+	char *td_name;
+	char *filter;
+	NTSTATUS status;
+
+	DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
+	ZERO_STRUCTP(r->out.trustdom_handle);
+	policy_state = policy_handle->data;
+
+	if (!r->in.name.string) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/* search for the trusted_domain record */
+	td_name = ldb_binary_encode_string(mem_ctx, r->in.name.string);
+	if (td_name == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	filter = talloc_asprintf(mem_ctx,
+			   "(&(|(flatname=%s)(cn=%s)(trustPartner=%s))"
+			     "(objectclass=trustedDomain))",
+			   td_name, td_name, td_name);
+	if (filter == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	status = dcesrv_lsa_OpenTrustedDomain_common(dce_call, mem_ctx,
+						     policy_state,
+						     filter,
+						     r->in.access_mask,
+						     &handle);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	*r->out.trustdom_handle = handle->wire_handle;
+
+	return NT_STATUS_OK;
+}
+
+
+
+/*
+  lsa_SetTrustedDomainInfo
+*/
+static NTSTATUS dcesrv_lsa_SetTrustedDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+					 struct lsa_SetTrustedDomainInfo *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+
+/* parameters 4 to 6 are optional if the dn is a dn of a TDO object,
+ * otherwise at least one must be provided */
+static NTSTATUS get_tdo(struct ldb_context *sam, TALLOC_CTX *mem_ctx,
+			struct ldb_dn *basedn, const char *dns_domain,
+			const char *netbios, struct dom_sid2 *sid,
+			struct ldb_message ***msgs)
+{
+	const char *attrs[] = { "flatname", "trustPartner",
+				"securityIdentifier", "trustDirection",
+				"trustType", "trustAttributes",
+				"trustPosixOffset",
+				"msDs-supportedEncryptionTypes",
+				"msDS-TrustForestTrustInfo",
+				NULL
+	};
+	char *dns = NULL;
+	char *nbn = NULL;
+	char *filter;
+	int ret;
+
+
+	if (dns_domain || netbios || sid) {
+		filter = talloc_strdup(mem_ctx,
+				   "(&(objectclass=trustedDomain)(|");
+	} else {
+		filter = talloc_strdup(mem_ctx,
+				       "(objectclass=trustedDomain)");
+	}
+
+	if (dns_domain) {
+		dns = ldb_binary_encode_string(mem_ctx, dns_domain);
+		if (!dns) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		talloc_asprintf_addbuf(&filter, "(trustPartner=%s)", dns);
+	}
+	if (netbios) {
+		nbn = ldb_binary_encode_string(mem_ctx, netbios);
+		if (!nbn) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		talloc_asprintf_addbuf(&filter, "(flatname=%s)", nbn);
+	}
+	if (sid) {
+		struct dom_sid_buf buf;
+		char *sidstr = dom_sid_str_buf(sid, &buf);
+		talloc_asprintf_addbuf(
+			&filter, "(securityIdentifier=%s)", sidstr);
+	}
+	if (dns_domain || netbios || sid) {
+		talloc_asprintf_addbuf(&filter, "))");
+	}
+	if (filter == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ret = gendb_search(sam, mem_ctx, basedn, msgs, attrs, "%s", filter);
+	if (ret == 0) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	if (ret != 1) {
+		return NT_STATUS_OBJECT_NAME_COLLISION;
+	}
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS update_uint32_t_value(TALLOC_CTX *mem_ctx,
+				      struct ldb_context *sam_ldb,
+				      struct ldb_message *orig,
+				      struct ldb_message *dest,
+				      const char *attribute,
+				      uint32_t value,
+				      uint32_t *orig_value)
+{
+	const struct ldb_val *orig_val;
+	uint32_t orig_uint = 0;
+	unsigned int flags = 0;
+	int ret;
+	int error = 0;
+
+	orig_val = ldb_msg_find_ldb_val(orig, attribute);
+	if (!orig_val || !orig_val->data) {
+		/* add new attribute */
+		flags = LDB_FLAG_MOD_ADD;
+
+	} else {
+		orig_uint = smb_strtoul((const char *)orig_val->data,
+					NULL,
+					0,
+					&error,
+					SMB_STR_STANDARD);
+		if (error != 0 || orig_uint != value) {
+			/* replace also if can't get value */
+			flags = LDB_FLAG_MOD_REPLACE;
+		}
+	}
+
+	if (flags == 0) {
+		/* stored value is identical, nothing to change */
+		goto done;
+	}
+
+	ret = samdb_msg_append_uint(sam_ldb, dest, dest, attribute, value, flags);
+	if (ret != LDB_SUCCESS) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+done:
+	if (orig_value) {
+		*orig_value = orig_uint;
+	}
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS update_trust_user(TALLOC_CTX *mem_ctx,
+				  struct ldb_context *sam_ldb,
+				  struct ldb_dn *base_dn,
+				  bool delete_user,
+				  const char *netbios_name,
+				  struct trustAuthInOutBlob *in)
+{
+	const char *attrs[] = { "userAccountControl", NULL };
+	struct ldb_message **msgs;
+	struct ldb_message *msg;
+	uint32_t uac;
+	uint32_t i;
+	int ret;
+
+	ret = gendb_search(sam_ldb, mem_ctx,
+			   base_dn, &msgs, attrs,
+			   "samAccountName=%s$", netbios_name);
+	if (ret > 1) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	if (ret == 0) {
+		if (delete_user) {
+			return NT_STATUS_OK;
+		}
+
+		/* ok no existing user, add it from scratch */
+		return add_trust_user(mem_ctx, sam_ldb, base_dn,
+				      netbios_name, in, NULL);
+	}
+
+	/* check user is what we are looking for */
+	uac = ldb_msg_find_attr_as_uint(msgs[0],
+					"userAccountControl", 0);
+	if (!(uac & UF_INTERDOMAIN_TRUST_ACCOUNT)) {
+		return NT_STATUS_OBJECT_NAME_COLLISION;
+	}
+
+	if (delete_user) {
+		ret = ldb_delete(sam_ldb, msgs[0]->dn);
+		switch (ret) {
+		case LDB_SUCCESS:
+			return NT_STATUS_OK;
+		case LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS:
+			return NT_STATUS_ACCESS_DENIED;
+		default:
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+	}
+
+	/* entry exists, just modify secret if any */
+	if (in == NULL || in->count == 0) {
+		return NT_STATUS_OK;
+	}
+
+	msg = ldb_msg_new(mem_ctx);
+	if (!msg) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	msg->dn = msgs[0]->dn;
+
+	for (i = 0; i < in->count; i++) {
+		const char *attribute;
+		struct ldb_val v;
+		switch (in->current.array[i].AuthType) {
+		case TRUST_AUTH_TYPE_NT4OWF:
+			attribute = "unicodePwd";
+			v.data = (uint8_t *)&in->current.array[i].AuthInfo.nt4owf.password;
+			v.length = 16;
+			break;
+		case TRUST_AUTH_TYPE_CLEAR:
+			attribute = "clearTextPassword";
+			v.data = in->current.array[i].AuthInfo.clear.password;
+			v.length = in->current.array[i].AuthInfo.clear.size;
+			break;
+		default:
+			continue;
+		}
+
+		ret = ldb_msg_append_value(msg, attribute, &v, LDB_FLAG_MOD_REPLACE);
+		if (ret != LDB_SUCCESS) {
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
+	/* create the trusted_domain user account */
+	ret = ldb_modify(sam_ldb, msg);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,("Failed to create user record %s: %s\n",
+			 ldb_dn_get_linearized(msg->dn),
+			 ldb_errstring(sam_ldb)));
+
+		switch (ret) {
+		case LDB_ERR_ENTRY_ALREADY_EXISTS:
+			return NT_STATUS_DOMAIN_EXISTS;
+		case LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS:
+			return NT_STATUS_ACCESS_DENIED;
+		default:
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call,
+					  struct lsa_policy_state *p_state,
+					  TALLOC_CTX *mem_ctx,
+					  struct ldb_message *dom_msg,
+					  enum lsa_TrustDomInfoEnum level,
+					  union lsa_TrustedDomainInfo *info)
+{
+	uint32_t *posix_offset = NULL;
+	struct lsa_TrustDomainInfoInfoEx *info_ex = NULL;
+	struct lsa_TrustDomainInfoAuthInfo *auth_info = NULL;
+	struct lsa_TrustDomainInfoAuthInfoInternal *auth_info_int = NULL;
+	uint32_t *enc_types = NULL;
+	DATA_BLOB trustAuthIncoming, trustAuthOutgoing, auth_blob;
+	struct trustDomainPasswords auth_struct;
+	struct trustAuthInOutBlob *current_passwords = NULL;
+	NTSTATUS nt_status;
+	struct ldb_message **msgs;
+	struct ldb_message *msg;
+	bool add_outgoing = false;
+	bool add_incoming = false;
+	bool del_outgoing = false;
+	bool del_incoming = false;
+	bool del_forest_info = false;
+	bool in_transaction = false;
+	int ret;
+	bool am_rodc;
+
+	switch (level) {
+	case LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET:
+		posix_offset = &info->posix_offset.posix_offset;
+		break;
+	case LSA_TRUSTED_DOMAIN_INFO_INFO_EX:
+		info_ex = &info->info_ex;
+		break;
+	case LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO:
+		auth_info = &info->auth_info;
+		break;
+	case LSA_TRUSTED_DOMAIN_INFO_FULL_INFO:
+		posix_offset = &info->full_info.posix_offset.posix_offset;
+		info_ex = &info->full_info.info_ex;
+		auth_info = &info->full_info.auth_info;
+		break;
+	case LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO_INTERNAL:
+		auth_info_int = &info->auth_info_internal;
+		break;
+	case LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL:
+		posix_offset = &info->full_info_internal.posix_offset.posix_offset;
+		info_ex = &info->full_info_internal.info_ex;
+		auth_info_int = &info->full_info_internal.auth_info;
+		break;
+	case LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES:
+		enc_types = &info->enc_types.enc_types;
+		break;
+	default:
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (auth_info) {
+		nt_status = auth_info_2_auth_blob(mem_ctx, auth_info,
+						  &trustAuthIncoming,
+						  &trustAuthOutgoing);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			return nt_status;
+		}
+		if (trustAuthIncoming.data) {
+			/* This does the decode of some of this twice, but it is easier that way */
+			nt_status = auth_info_2_trustauth_inout(mem_ctx,
+								auth_info->incoming_count,
+								auth_info->incoming_current_auth_info,
+								NULL,
+								&current_passwords);
+			if (!NT_STATUS_IS_OK(nt_status)) {
+				return nt_status;
+			}
+		}
+	}
+
+	/* decode auth_info_int if set */
+	if (auth_info_int) {
+
+		/* now decrypt blob */
+		auth_blob = data_blob_const(auth_info_int->auth_blob.data,
+					    auth_info_int->auth_blob.size);
+
+		nt_status = get_trustdom_auth_blob(dce_call, mem_ctx,
+						   &auth_blob, &auth_struct);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			return nt_status;
+		}
+	}
+
+	if (info_ex) {
+		/* verify data matches */
+		if (info_ex->trust_attributes &
+		    LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) {
+			/* TODO: check what behavior level we have */
+		       if (strcasecmp_m(p_state->domain_dns,
+					p_state->forest_dns) != 0) {
+				return NT_STATUS_INVALID_DOMAIN_STATE;
+			}
+		}
+
+		ret = samdb_rodc(p_state->sam_ldb, &am_rodc);
+		if (ret == LDB_SUCCESS && am_rodc) {
+			return NT_STATUS_NO_SUCH_DOMAIN;
+		}
+
+		/* verify only one object matches the dns/netbios/sid
+		 * triplet and that this is the one we already have */
+		nt_status = get_tdo(p_state->sam_ldb, mem_ctx,
+				    p_state->system_dn,
+				    info_ex->domain_name.string,
+				    info_ex->netbios_name.string,
+				    info_ex->sid, &msgs);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			return nt_status;
+		}
+		if (ldb_dn_compare(dom_msg->dn, msgs[0]->dn) != 0) {
+			return NT_STATUS_OBJECT_NAME_COLLISION;
+		}
+		talloc_free(msgs);
+	}
+
+	/* TODO: should we fetch previous values from the existing entry
+	 * and append them ? */
+	if (auth_info_int && auth_struct.incoming.count) {
+		nt_status = get_trustauth_inout_blob(dce_call, mem_ctx,
+						     &auth_struct.incoming,
+						     &trustAuthIncoming);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			return nt_status;
+		}
+
+		current_passwords = &auth_struct.incoming;
+
+	} else {
+		trustAuthIncoming = data_blob(NULL, 0);
+	}
+
+	if (auth_info_int && auth_struct.outgoing.count) {
+		nt_status = get_trustauth_inout_blob(dce_call, mem_ctx,
+						     &auth_struct.outgoing,
+						     &trustAuthOutgoing);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			return nt_status;
+		}
+	} else {
+		trustAuthOutgoing = data_blob(NULL, 0);
+	}
+
+	msg = ldb_msg_new(mem_ctx);
+	if (msg == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	msg->dn = dom_msg->dn;
+
+	if (posix_offset) {
+		nt_status = update_uint32_t_value(mem_ctx, p_state->sam_ldb,
+						  dom_msg, msg,
+						  "trustPosixOffset",
+						  *posix_offset, NULL);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			return nt_status;
+		}
+	}
+
+	if (info_ex) {
+		uint32_t origattrs;
+		uint32_t changed_attrs;
+		uint32_t origdir;
+		int origtype;
+
+		nt_status = update_uint32_t_value(mem_ctx, p_state->sam_ldb,
+						  dom_msg, msg,
+						  "trustDirection",
+						  info_ex->trust_direction,
+						  &origdir);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			return nt_status;
+		}
+
+		if (info_ex->trust_direction & LSA_TRUST_DIRECTION_INBOUND) {
+			if (auth_info != NULL && trustAuthIncoming.length > 0) {
+				add_incoming = true;
+			}
+		}
+		if (info_ex->trust_direction & LSA_TRUST_DIRECTION_OUTBOUND) {
+			if (auth_info != NULL && trustAuthOutgoing.length > 0) {
+				add_outgoing = true;
+			}
+		}
+
+		if ((origdir & LSA_TRUST_DIRECTION_INBOUND) &&
+		    !(info_ex->trust_direction & LSA_TRUST_DIRECTION_INBOUND)) {
+			del_incoming = true;
+		}
+		if ((origdir & LSA_TRUST_DIRECTION_OUTBOUND) &&
+		    !(info_ex->trust_direction & LSA_TRUST_DIRECTION_OUTBOUND)) {
+			del_outgoing = true;
+		}
+
+		origtype = ldb_msg_find_attr_as_int(dom_msg, "trustType", -1);
+		if (origtype == -1 || origtype != info_ex->trust_type) {
+			DEBUG(1, ("Attempted to change trust type! "
+				  "Operation not handled\n"));
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		nt_status = update_uint32_t_value(mem_ctx, p_state->sam_ldb,
+						  dom_msg, msg,
+						  "trustAttributes",
+						  info_ex->trust_attributes,
+						  &origattrs);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			return nt_status;
+		}
+		/* TODO: check forestFunctionality from ldb opaque */
+		/* TODO: check what is set makes sense */
+
+		changed_attrs = origattrs ^ info_ex->trust_attributes;
+		if (changed_attrs & ~LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) {
+			/*
+			 * For now we only allow
+			 * LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE to be changed.
+			 *
+			 * TODO: we may need to support more attribute changes
+			 */
+			DEBUG(1, ("Attempted to change trust attributes "
+				  "(0x%08x != 0x%08x)! "
+				  "Operation not handled yet...\n",
+				  (unsigned)origattrs,
+				  (unsigned)info_ex->trust_attributes));
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		if (!(info_ex->trust_attributes &
+		      LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE))
+		{
+			struct ldb_message_element *orig_forest_el = NULL;
+
+			orig_forest_el = ldb_msg_find_element(dom_msg,
+						"msDS-TrustForestTrustInfo");
+			if (orig_forest_el != NULL) {
+				del_forest_info = true;
+			}
+		}
+	}
+
+	if (enc_types) {
+		nt_status = update_uint32_t_value(mem_ctx, p_state->sam_ldb,
+						  dom_msg, msg,
+						  "msDS-SupportedEncryptionTypes",
+						  *enc_types, NULL);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			return nt_status;
+		}
+	}
+
+	if (add_incoming || del_incoming) {
+		if (add_incoming) {
+			ret = ldb_msg_append_value(msg, "trustAuthIncoming",
+						   &trustAuthIncoming, LDB_FLAG_MOD_REPLACE);
+			if (ret != LDB_SUCCESS) {
+				return NT_STATUS_NO_MEMORY;
+			}
+		} else {
+			ret = ldb_msg_add_empty(msg, "trustAuthIncoming",
+						LDB_FLAG_MOD_REPLACE, NULL);
+			if (ret != LDB_SUCCESS) {
+				return NT_STATUS_NO_MEMORY;
+			}
+		}
+	}
+	if (add_outgoing || del_outgoing) {
+		if (add_outgoing) {
+			ret = ldb_msg_append_value(msg, "trustAuthOutgoing",
+						   &trustAuthOutgoing, LDB_FLAG_MOD_REPLACE);
+			if (ret != LDB_SUCCESS) {
+				return NT_STATUS_NO_MEMORY;
+			}
+		} else {
+			ret = ldb_msg_add_empty(msg, "trustAuthOutgoing",
+						LDB_FLAG_MOD_REPLACE, NULL);
+			if (ret != LDB_SUCCESS) {
+				return NT_STATUS_NO_MEMORY;
+			}
+		}
+	}
+	if (del_forest_info) {
+		ret = ldb_msg_add_empty(msg, "msDS-TrustForestTrustInfo",
+					LDB_FLAG_MOD_REPLACE, NULL);
+		if (ret != LDB_SUCCESS) {
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
+	/* start transaction */
+	ret = ldb_transaction_start(p_state->sam_ldb);
+	if (ret != LDB_SUCCESS) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+	in_transaction = true;
+
+	if (msg->num_elements) {
+		ret = ldb_modify(p_state->sam_ldb, msg);
+		if (ret != LDB_SUCCESS) {
+			DEBUG(1,("Failed to modify trusted domain record %s: %s\n",
+				 ldb_dn_get_linearized(msg->dn),
+				 ldb_errstring(p_state->sam_ldb)));
+			nt_status = dsdb_ldb_err_to_ntstatus(ret);
+			goto done;
+		}
+	}
+
+	if (add_incoming || del_incoming) {
+		const char *netbios_name;
+
+		netbios_name = ldb_msg_find_attr_as_string(dom_msg,
+							   "flatname", NULL);
+		if (!netbios_name) {
+			nt_status = NT_STATUS_INVALID_DOMAIN_STATE;
+			goto done;
+		}
+
+		/* We use trustAuthIncoming.data to indicate that auth_struct.incoming is valid */
+		nt_status = update_trust_user(mem_ctx,
+					      p_state->sam_ldb,
+					      p_state->domain_dn,
+					      del_incoming,
+					      netbios_name,
+					      current_passwords);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			goto done;
+		}
+	}
+
+	/* ok, all fine, commit transaction and return */
+	ret = ldb_transaction_commit(p_state->sam_ldb);
+	if (ret != LDB_SUCCESS) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+	in_transaction = false;
+
+	nt_status = NT_STATUS_OK;
+
+done:
+	if (in_transaction) {
+		ldb_transaction_cancel(p_state->sam_ldb);
+	}
+	return nt_status;
+}
+
+/*
+  lsa_SetInformationTrustedDomain
+*/
+static NTSTATUS dcesrv_lsa_SetInformationTrustedDomain(
+				struct dcesrv_call_state *dce_call,
+				TALLOC_CTX *mem_ctx,
+				struct lsa_SetInformationTrustedDomain *r)
+{
+	struct dcesrv_handle *h;
+	struct lsa_trusted_domain_state *td_state;
+	struct ldb_message **msgs;
+	NTSTATUS nt_status;
+
+	DCESRV_PULL_HANDLE(h, r->in.trustdom_handle,
+			   LSA_HANDLE_TRUSTED_DOMAIN);
+
+	td_state = talloc_get_type(h->data, struct lsa_trusted_domain_state);
+
+	/* get the trusted domain object */
+	nt_status = get_tdo(td_state->policy->sam_ldb, mem_ctx,
+			    td_state->trusted_domain_dn,
+			    NULL, NULL, NULL, &msgs);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		if (NT_STATUS_EQUAL(nt_status,
+				    NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+			return nt_status;
+		}
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	return setInfoTrustedDomain_base(dce_call, td_state->policy, mem_ctx,
+					 msgs[0], r->in.level, r->in.info);
+}
+
+
+/*
+  lsa_DeleteTrustedDomain
+*/
+static NTSTATUS dcesrv_lsa_DeleteTrustedDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				      struct lsa_DeleteTrustedDomain *r)
+{
+	NTSTATUS status;
+	struct lsa_OpenTrustedDomain opn = {{0},{0}};
+	struct lsa_DeleteObject del;
+	struct dcesrv_handle *h;
+
+	opn.in.handle = r->in.handle;
+	opn.in.sid = r->in.dom_sid;
+	opn.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	opn.out.trustdom_handle = talloc(mem_ctx, struct policy_handle);
+	if (!opn.out.trustdom_handle) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	status = dcesrv_lsa_OpenTrustedDomain(dce_call, mem_ctx, &opn);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	DCESRV_PULL_HANDLE(h, opn.out.trustdom_handle, DCESRV_HANDLE_ANY);
+	talloc_steal(mem_ctx, h);
+
+	del.in.handle = opn.out.trustdom_handle;
+	del.out.handle = opn.out.trustdom_handle;
+	status = dcesrv_lsa_DeleteObject(dce_call, mem_ctx, &del);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS fill_trust_domain_ex(TALLOC_CTX *mem_ctx,
+				     struct ldb_message *msg,
+				     struct lsa_TrustDomainInfoInfoEx *info_ex)
+{
+	info_ex->domain_name.string
+		= ldb_msg_find_attr_as_string(msg, "trustPartner", NULL);
+	info_ex->netbios_name.string
+		= ldb_msg_find_attr_as_string(msg, "flatname", NULL);
+	info_ex->sid
+		= samdb_result_dom_sid(mem_ctx, msg, "securityIdentifier");
+	info_ex->trust_direction
+		= ldb_msg_find_attr_as_int(msg, "trustDirection", 0);
+	info_ex->trust_type
+		= ldb_msg_find_attr_as_int(msg, "trustType", 0);
+	info_ex->trust_attributes
+		= ldb_msg_find_attr_as_int(msg, "trustAttributes", 0);
+	return NT_STATUS_OK;
+}
+
+/*
+  lsa_QueryTrustedDomainInfo
+*/
+static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+					   struct lsa_QueryTrustedDomainInfo *r)
+{
+	union lsa_TrustedDomainInfo *info = NULL;
+	struct dcesrv_handle *h;
+	struct lsa_trusted_domain_state *trusted_domain_state;
+	struct ldb_message *msg;
+	int ret;
+	struct ldb_message **res;
+	const char *attrs[] = {
+		"flatname",
+		"trustPartner",
+		"securityIdentifier",
+		"trustDirection",
+		"trustType",
+		"trustAttributes",
+		"msDs-supportedEncryptionTypes",
+		NULL
+	};
+
+	DCESRV_PULL_HANDLE(h, r->in.trustdom_handle, LSA_HANDLE_TRUSTED_DOMAIN);
+
+	trusted_domain_state = talloc_get_type(h->data, struct lsa_trusted_domain_state);
+
+	/* pull all the user attributes */
+	ret = gendb_search_dn(trusted_domain_state->policy->sam_ldb, mem_ctx,
+			      trusted_domain_state->trusted_domain_dn, &res, attrs);
+	if (ret != 1) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+	msg = res[0];
+
+	info = talloc_zero(mem_ctx, union lsa_TrustedDomainInfo);
+	if (!info) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	*r->out.info = info;
+
+	switch (r->in.level) {
+	case LSA_TRUSTED_DOMAIN_INFO_NAME:
+		info->name.netbios_name.string
+			= ldb_msg_find_attr_as_string(msg, "flatname", NULL);
+		break;
+	case LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET:
+		info->posix_offset.posix_offset
+			= ldb_msg_find_attr_as_uint(msg, "posixOffset", 0);
+		break;
+#if 0  /* Win2k3 doesn't implement this */
+	case LSA_TRUSTED_DOMAIN_INFO_BASIC:
+		r->out.info->info_basic.netbios_name.string
+			= ldb_msg_find_attr_as_string(msg, "flatname", NULL);
+		r->out.info->info_basic.sid
+			= samdb_result_dom_sid(mem_ctx, msg, "securityIdentifier");
+		break;
+#endif
+	case LSA_TRUSTED_DOMAIN_INFO_INFO_EX:
+		return fill_trust_domain_ex(mem_ctx, msg, &info->info_ex);
+
+	case LSA_TRUSTED_DOMAIN_INFO_FULL_INFO:
+		ZERO_STRUCT(info->full_info);
+		return fill_trust_domain_ex(mem_ctx, msg, &info->full_info.info_ex);
+	case LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL:
+		ZERO_STRUCT(info->full_info2_internal);
+		info->full_info2_internal.posix_offset.posix_offset
+			= ldb_msg_find_attr_as_uint(msg, "posixOffset", 0);
+		return fill_trust_domain_ex(mem_ctx, msg, &info->full_info2_internal.info.info_ex);
+
+	case LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES:
+		info->enc_types.enc_types
+			= ldb_msg_find_attr_as_uint(msg, "msDs-supportedEncryptionTypes", KERB_ENCTYPE_RC4_HMAC_MD5);
+		break;
+
+	case LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS:
+	case LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL:
+		/* oops, we don't want to return the info after all */
+		talloc_free(info);
+		*r->out.info = NULL;
+		return NT_STATUS_INVALID_PARAMETER;
+	default:
+		/* oops, we don't want to return the info after all */
+		talloc_free(info);
+		*r->out.info = NULL;
+		return NT_STATUS_INVALID_INFO_CLASS;
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  lsa_QueryTrustedDomainInfoBySid
+*/
+static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfoBySid(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+						struct lsa_QueryTrustedDomainInfoBySid *r)
+{
+	NTSTATUS status;
+	struct lsa_OpenTrustedDomain opn = {{0},{0}};
+	struct lsa_QueryTrustedDomainInfo query;
+	struct dcesrv_handle *h;
+
+	opn.in.handle = r->in.handle;
+	opn.in.sid = r->in.dom_sid;
+	opn.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	opn.out.trustdom_handle = talloc(mem_ctx, struct policy_handle);
+	if (!opn.out.trustdom_handle) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	status = dcesrv_lsa_OpenTrustedDomain(dce_call, mem_ctx, &opn);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	/* Ensure this handle goes away at the end of this call */
+	DCESRV_PULL_HANDLE(h, opn.out.trustdom_handle, DCESRV_HANDLE_ANY);
+	talloc_steal(mem_ctx, h);
+
+	query.in.trustdom_handle = opn.out.trustdom_handle;
+	query.in.level = r->in.level;
+	query.out.info = r->out.info;
+	status = dcesrv_lsa_QueryTrustedDomainInfo(dce_call, mem_ctx, &query);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  lsa_SetTrustedDomainInfoByName
+*/
+static NTSTATUS dcesrv_lsa_SetTrustedDomainInfoByName(struct dcesrv_call_state *dce_call,
+					       TALLOC_CTX *mem_ctx,
+					       struct lsa_SetTrustedDomainInfoByName *r)
+{
+	struct dcesrv_handle *policy_handle;
+	struct lsa_policy_state *policy_state;
+	struct ldb_message **msgs;
+	NTSTATUS nt_status;
+
+	DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
+	policy_state = policy_handle->data;
+
+	/* get the trusted domain object */
+	nt_status = get_tdo(policy_state->sam_ldb, mem_ctx,
+			    policy_state->domain_dn,
+			    r->in.trusted_domain->string,
+			    r->in.trusted_domain->string,
+			    NULL, &msgs);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		if (NT_STATUS_EQUAL(nt_status,
+				    NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+			return nt_status;
+		}
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	return setInfoTrustedDomain_base(dce_call, policy_state, mem_ctx,
+					 msgs[0], r->in.level, r->in.info);
+}
+
+/*
+   lsa_QueryTrustedDomainInfoByName
+*/
+static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfoByName(struct dcesrv_call_state *dce_call,
+						 TALLOC_CTX *mem_ctx,
+						 struct lsa_QueryTrustedDomainInfoByName *r)
+{
+	NTSTATUS status;
+	struct lsa_OpenTrustedDomainByName opn = {{0},{0}};
+	struct lsa_QueryTrustedDomainInfo query;
+	struct dcesrv_handle *h;
+
+	opn.in.handle = r->in.handle;
+	opn.in.name = *r->in.trusted_domain;
+	opn.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	opn.out.trustdom_handle = talloc(mem_ctx, struct policy_handle);
+	if (!opn.out.trustdom_handle) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	status = dcesrv_lsa_OpenTrustedDomainByName(dce_call, mem_ctx, &opn);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	/* Ensure this handle goes away at the end of this call */
+	DCESRV_PULL_HANDLE(h, opn.out.trustdom_handle, DCESRV_HANDLE_ANY);
+	talloc_steal(mem_ctx, h);
+
+	query.in.trustdom_handle = opn.out.trustdom_handle;
+	query.in.level = r->in.level;
+	query.out.info = r->out.info;
+	status = dcesrv_lsa_QueryTrustedDomainInfo(dce_call, mem_ctx, &query);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  lsa_CloseTrustedDomainEx
+*/
+static NTSTATUS dcesrv_lsa_CloseTrustedDomainEx(struct dcesrv_call_state *dce_call,
+					 TALLOC_CTX *mem_ctx,
+					 struct lsa_CloseTrustedDomainEx *r)
+{
+	/* The result of a bad hair day from an IDL programmer?  Not
+	 * implemented in Win2k3.  You should always just lsa_Close
+	 * anyway. */
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+
+/*
+  comparison function for sorting lsa_DomainInformation array
+*/
+static int compare_DomainInfo(struct lsa_DomainInfo *e1, struct lsa_DomainInfo *e2)
+{
+	return strcasecmp_m(e1->name.string, e2->name.string);
+}
+
+/*
+  lsa_EnumTrustDom
+*/
+static NTSTATUS dcesrv_lsa_EnumTrustDom(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				 struct lsa_EnumTrustDom *r)
+{
+	struct dcesrv_handle *policy_handle;
+	struct lsa_DomainInfo *entries;
+	struct lsa_policy_state *policy_state;
+	struct ldb_message **domains;
+	const char *attrs[] = {
+		"flatname",
+		"securityIdentifier",
+		NULL
+	};
+
+
+	int count, i;
+
+	*r->out.resume_handle = 0;
+
+	r->out.domains->domains = NULL;
+	r->out.domains->count = 0;
+
+	DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
+
+	policy_state = policy_handle->data;
+
+	/* search for all users in this domain. This could possibly be cached and
+	   resumed based on resume_key */
+	count = gendb_search(policy_state->sam_ldb, mem_ctx, policy_state->system_dn, &domains, attrs,
+			     "objectclass=trustedDomain");
+	if (count < 0) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	/* convert to lsa_TrustInformation format */
+	entries = talloc_array(mem_ctx, struct lsa_DomainInfo, count);
+	if (!entries) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	for (i=0;i<count;i++) {
+		entries[i].sid = samdb_result_dom_sid(mem_ctx, domains[i], "securityIdentifier");
+		entries[i].name.string = ldb_msg_find_attr_as_string(domains[i], "flatname", NULL);
+	}
+
+	/* sort the results by name */
+	TYPESAFE_QSORT(entries, count, compare_DomainInfo);
+
+	if (*r->in.resume_handle >= count) {
+		*r->out.resume_handle = -1;
+
+		return NT_STATUS_NO_MORE_ENTRIES;
+	}
+
+	/* return the rest, limit by max_size. Note that we
+	   use the w2k3 element size value of 60 */
+	r->out.domains->count = count - *r->in.resume_handle;
+	r->out.domains->count = MIN(r->out.domains->count,
+				 1+(r->in.max_size/LSA_ENUM_TRUST_DOMAIN_MULTIPLIER));
+
+	r->out.domains->domains = entries + *r->in.resume_handle;
+
+	if (r->out.domains->count < count - *r->in.resume_handle) {
+		*r->out.resume_handle = *r->in.resume_handle + r->out.domains->count;
+		return STATUS_MORE_ENTRIES;
+	}
+
+	/* according to MS-LSAD 3.1.4.7.8 output resume handle MUST
+	 * always be larger than the previous input resume handle, in
+	 * particular when hitting the last query it is vital to set the
+	 * resume handle correctly to avoid infinite client loops, as
+	 * seen e.g. with Windows XP SP3 when resume handle is 0 and
+	 * status is NT_STATUS_OK - gd */
+
+	*r->out.resume_handle = (uint32_t)-1;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  comparison function for sorting lsa_DomainInformation array
+*/
+static int compare_TrustDomainInfoInfoEx(struct lsa_TrustDomainInfoInfoEx *e1, struct lsa_TrustDomainInfoInfoEx *e2)
+{
+	return strcasecmp_m(e1->netbios_name.string, e2->netbios_name.string);
+}
+
+/*
+  lsa_EnumTrustedDomainsEx
+*/
+static NTSTATUS dcesrv_lsa_EnumTrustedDomainsEx(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+					struct lsa_EnumTrustedDomainsEx *r)
+{
+	struct dcesrv_handle *policy_handle;
+	struct lsa_TrustDomainInfoInfoEx *entries;
+	struct lsa_policy_state *policy_state;
+	struct ldb_message **domains;
+	const char *attrs[] = {
+		"flatname",
+		"trustPartner",
+		"securityIdentifier",
+		"trustDirection",
+		"trustType",
+		"trustAttributes",
+		NULL
+	};
+	NTSTATUS nt_status;
+
+	int count, i;
+
+	*r->out.resume_handle = 0;
+
+	r->out.domains->domains = NULL;
+	r->out.domains->count = 0;
+
+	DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
+
+	policy_state = policy_handle->data;
+
+	/* search for all users in this domain. This could possibly be cached and
+	   resumed based on resume_key */
+	count = gendb_search(policy_state->sam_ldb, mem_ctx, policy_state->system_dn, &domains, attrs,
+			     "objectclass=trustedDomain");
+	if (count < 0) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	/* convert to lsa_DomainInformation format */
+	entries = talloc_array(mem_ctx, struct lsa_TrustDomainInfoInfoEx, count);
+	if (!entries) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	for (i=0;i<count;i++) {
+		nt_status = fill_trust_domain_ex(mem_ctx, domains[i], &entries[i]);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			return nt_status;
+		}
+	}
+
+	/* sort the results by name */
+	TYPESAFE_QSORT(entries, count, compare_TrustDomainInfoInfoEx);
+
+	if (*r->in.resume_handle >= count) {
+		*r->out.resume_handle = -1;
+
+		return NT_STATUS_NO_MORE_ENTRIES;
+	}
+
+	/* return the rest, limit by max_size. Note that we
+	   use the w2k3 element size value of 60 */
+	r->out.domains->count = count - *r->in.resume_handle;
+	r->out.domains->count = MIN(r->out.domains->count,
+				 1+(r->in.max_size/LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER));
+
+	r->out.domains->domains = entries + *r->in.resume_handle;
+
+	if (r->out.domains->count < count - *r->in.resume_handle) {
+		*r->out.resume_handle = *r->in.resume_handle + r->out.domains->count;
+		return STATUS_MORE_ENTRIES;
+	}
+
+	*r->out.resume_handle = *r->in.resume_handle + r->out.domains->count;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  lsa_OpenAccount
+*/
+static NTSTATUS dcesrv_lsa_OpenAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				struct lsa_OpenAccount *r)
+{
+	struct dcesrv_handle *h, *ah;
+	struct lsa_policy_state *state;
+	struct lsa_account_state *astate;
+
+	ZERO_STRUCTP(r->out.acct_handle);
+
+	DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+	state = h->data;
+
+	astate = talloc(dce_call->conn, struct lsa_account_state);
+	if (astate == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	astate->account_sid = dom_sid_dup(astate, r->in.sid);
+	if (astate->account_sid == NULL) {
+		talloc_free(astate);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	astate->policy = talloc_reference(astate, state);
+	astate->access_mask = r->in.access_mask;
+
+	/*
+	 * For now we grant all requested access.
+	 *
+	 * We will fail at the ldb layer later.
+	 */
+	if (astate->access_mask & SEC_FLAG_MAXIMUM_ALLOWED) {
+		astate->access_mask &= ~SEC_FLAG_MAXIMUM_ALLOWED;
+		astate->access_mask |= LSA_ACCOUNT_ALL_ACCESS;
+	}
+	se_map_generic(&astate->access_mask, &dcesrv_lsa_account_mapping);
+
+	DEBUG(10,("%s: %s access desired[0x%08X] granted[0x%08X] - success.\n",
+		  __func__, dom_sid_string(mem_ctx, astate->account_sid),
+		 (unsigned)r->in.access_mask,
+		 (unsigned)astate->access_mask));
+
+	ah = dcesrv_handle_create(dce_call, LSA_HANDLE_ACCOUNT);
+	if (!ah) {
+		talloc_free(astate);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ah->data = talloc_steal(ah, astate);
+
+	*r->out.acct_handle = ah->wire_handle;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  lsa_EnumPrivsAccount
+*/
+static NTSTATUS dcesrv_lsa_EnumPrivsAccount(struct dcesrv_call_state *dce_call,
+				     TALLOC_CTX *mem_ctx,
+				     struct lsa_EnumPrivsAccount *r)
+{
+	struct dcesrv_handle *h;
+	struct lsa_account_state *astate;
+	int ret;
+	unsigned int i, j;
+	struct ldb_message **res;
+	const char * const attrs[] = { "privilege", NULL};
+	struct ldb_message_element *el;
+	const char *sidstr;
+	struct lsa_PrivilegeSet *privs;
+
+	DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_ACCOUNT);
+
+	astate = h->data;
+
+	privs = talloc(mem_ctx, struct lsa_PrivilegeSet);
+	if (privs == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	privs->count = 0;
+	privs->unknown = 0;
+	privs->set = NULL;
+
+	*r->out.privs = privs;
+
+	sidstr = ldap_encode_ndr_dom_sid(mem_ctx, astate->account_sid);
+	if (sidstr == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ret = gendb_search(astate->policy->pdb, mem_ctx, NULL, &res, attrs,
+			   "objectSid=%s", sidstr);
+	if (ret < 0) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+	if (ret != 1) {
+		return NT_STATUS_OK;
+	}
+
+	el = ldb_msg_find_element(res[0], "privilege");
+	if (el == NULL || el->num_values == 0) {
+		return NT_STATUS_OK;
+	}
+
+	privs->set = talloc_array(privs,
+				  struct lsa_LUIDAttribute, el->num_values);
+	if (privs->set == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	j = 0;
+	for (i=0;i<el->num_values;i++) {
+		int id = sec_privilege_id((const char *)el->values[i].data);
+		if (id == SEC_PRIV_INVALID) {
+			/* Perhaps an account right, not a privilege */
+			continue;
+		}
+		privs->set[j].attribute = 0;
+		privs->set[j].luid.low = id;
+		privs->set[j].luid.high = 0;
+		j++;
+	}
+
+	privs->count = j;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  lsa_EnumAccountRights
+*/
+static NTSTATUS dcesrv_lsa_EnumAccountRights(struct dcesrv_call_state *dce_call,
+				      TALLOC_CTX *mem_ctx,
+				      struct lsa_EnumAccountRights *r)
+{
+	struct dcesrv_handle *h;
+	struct lsa_policy_state *state;
+	int ret;
+	unsigned int i;
+	struct ldb_message **res;
+	const char * const attrs[] = { "privilege", NULL};
+	const char *sidstr;
+	struct ldb_message_element *el;
+
+	DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+	state = h->data;
+
+	sidstr = ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid);
+	if (sidstr == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ret = gendb_search(state->pdb, mem_ctx, NULL, &res, attrs,
+			   "(&(objectSid=%s)(privilege=*))", sidstr);
+	if (ret == 0) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+	if (ret != 1) {
+		DEBUG(3, ("searching for account rights for SID: %s failed: %s\n",
+			  dom_sid_string(mem_ctx, r->in.sid),
+			  ldb_errstring(state->pdb)));
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	el = ldb_msg_find_element(res[0], "privilege");
+	if (el == NULL || el->num_values == 0) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	r->out.rights->count = el->num_values;
+	r->out.rights->names = talloc_array(r->out.rights,
+					    struct lsa_StringLarge, r->out.rights->count);
+	if (r->out.rights->names == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i=0;i<el->num_values;i++) {
+		r->out.rights->names[i].string = (const char *)el->values[i].data;
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+
+/*
+  helper for lsa_AddAccountRights and lsa_RemoveAccountRights
+*/
+static NTSTATUS dcesrv_lsa_AddRemoveAccountRights(struct dcesrv_call_state *dce_call,
+					   TALLOC_CTX *mem_ctx,
+					   struct lsa_policy_state *state,
+					   int ldb_flag,
+					   struct dom_sid *sid,
+					   const struct lsa_RightSet *rights)
+{
+	struct auth_session_info *session_info =
+		dcesrv_call_session_info(dce_call);
+	const char *sidstr, *sidndrstr;
+	struct ldb_message *msg;
+	struct ldb_message_element *el;
+	int ret;
+	uint32_t i;
+	struct lsa_EnumAccountRights r2;
+	char *dnstr;
+
+	if (security_session_user_level(session_info, NULL) <
+	    SECURITY_ADMINISTRATOR) {
+		DEBUG(0,("lsa_AddRemoveAccount refused for supplied security token\n"));
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	msg = ldb_msg_new(mem_ctx);
+	if (msg == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	sidndrstr = ldap_encode_ndr_dom_sid(msg, sid);
+	if (sidndrstr == NULL) {
+		TALLOC_FREE(msg);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	sidstr = dom_sid_string(msg, sid);
+	if (sidstr == NULL) {
+		TALLOC_FREE(msg);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	dnstr = talloc_asprintf(msg, "sid=%s", sidstr);
+	if (dnstr == NULL) {
+		TALLOC_FREE(msg);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	msg->dn = ldb_dn_new(msg, state->pdb, dnstr);
+	if (msg->dn == NULL) {
+		TALLOC_FREE(msg);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (LDB_FLAG_MOD_TYPE(ldb_flag) == LDB_FLAG_MOD_ADD) {
+		NTSTATUS status;
+
+		r2.in.handle = &state->handle->wire_handle;
+		r2.in.sid = sid;
+		r2.out.rights = talloc(mem_ctx, struct lsa_RightSet);
+
+		status = dcesrv_lsa_EnumAccountRights(dce_call, mem_ctx, &r2);
+		if (!NT_STATUS_IS_OK(status)) {
+			ZERO_STRUCTP(r2.out.rights);
+		}
+	}
+
+	for (i=0;i<rights->count;i++) {
+		bool ok;
+
+		ok = dcesrc_lsa_valid_AccountRight(rights->names[i].string);
+		if (!ok) {
+			talloc_free(msg);
+			return NT_STATUS_NO_SUCH_PRIVILEGE;
+		}
+
+		if (LDB_FLAG_MOD_TYPE(ldb_flag) == LDB_FLAG_MOD_ADD) {
+			uint32_t j;
+			for (j=0;j<r2.out.rights->count;j++) {
+				if (strcasecmp_m(r2.out.rights->names[j].string,
+					       rights->names[i].string) == 0) {
+					break;
+				}
+			}
+			if (j != r2.out.rights->count) continue;
+		}
+
+		ret = ldb_msg_add_string(msg, "privilege", rights->names[i].string);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(msg);
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
+	el = ldb_msg_find_element(msg, "privilege");
+	if (!el) {
+		talloc_free(msg);
+		return NT_STATUS_OK;
+	}
+
+	el->flags = ldb_flag;
+
+	ret = ldb_modify(state->pdb, msg);
+	if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+		if (samdb_msg_add_dom_sid(state->pdb, msg, msg, "objectSid", sid) != LDB_SUCCESS) {
+			talloc_free(msg);
+			return NT_STATUS_NO_MEMORY;
+		}
+		ldb_msg_add_string(msg, "comment", "added via LSA");
+		ret = ldb_add(state->pdb, msg);
+	}
+	if (ret != LDB_SUCCESS) {
+		if (LDB_FLAG_MOD_TYPE(ldb_flag) == LDB_FLAG_MOD_DELETE && ret == LDB_ERR_NO_SUCH_ATTRIBUTE) {
+			talloc_free(msg);
+			return NT_STATUS_OK;
+		}
+		DEBUG(3, ("Could not %s attributes from %s: %s\n",
+			  LDB_FLAG_MOD_TYPE(ldb_flag) == LDB_FLAG_MOD_DELETE ? "delete" : "add",
+			  ldb_dn_get_linearized(msg->dn), ldb_errstring(state->pdb)));
+		talloc_free(msg);
+		return NT_STATUS_UNEXPECTED_IO_ERROR;
+	}
+
+	talloc_free(msg);
+	return NT_STATUS_OK;
+}
+
+/*
+  lsa_AddPrivilegesToAccount
+*/
+static NTSTATUS dcesrv_lsa_AddPrivilegesToAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+					   struct lsa_AddPrivilegesToAccount *r)
+{
+	struct lsa_RightSet rights;
+	struct dcesrv_handle *h;
+	struct lsa_account_state *astate;
+	uint32_t i;
+
+	DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_ACCOUNT);
+
+	astate = h->data;
+
+	rights.count = r->in.privs->count;
+	rights.names = talloc_array(mem_ctx, struct lsa_StringLarge, rights.count);
+	if (rights.names == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	for (i=0;i<rights.count;i++) {
+		int id = r->in.privs->set[i].luid.low;
+		if (r->in.privs->set[i].luid.high) {
+			return NT_STATUS_NO_SUCH_PRIVILEGE;
+		}
+		rights.names[i].string = sec_privilege_name(id);
+		if (rights.names[i].string == NULL) {
+			return NT_STATUS_NO_SUCH_PRIVILEGE;
+		}
+	}
+
+	return dcesrv_lsa_AddRemoveAccountRights(dce_call, mem_ctx, astate->policy,
+					  LDB_FLAG_MOD_ADD, astate->account_sid,
+					  &rights);
+}
+
+
+/*
+  lsa_RemovePrivilegesFromAccount
+*/
+static NTSTATUS dcesrv_lsa_RemovePrivilegesFromAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+						struct lsa_RemovePrivilegesFromAccount *r)
+{
+	struct lsa_RightSet *rights;
+	struct dcesrv_handle *h;
+	struct lsa_account_state *astate;
+	uint32_t i;
+
+	DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_ACCOUNT);
+
+	astate = h->data;
+
+	rights = talloc(mem_ctx, struct lsa_RightSet);
+
+	if (r->in.remove_all == 1 &&
+	    r->in.privs == NULL) {
+		struct lsa_EnumAccountRights r2;
+		NTSTATUS status;
+
+		r2.in.handle = &astate->policy->handle->wire_handle;
+		r2.in.sid = astate->account_sid;
+		r2.out.rights = rights;
+
+		status = dcesrv_lsa_EnumAccountRights(dce_call, mem_ctx, &r2);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+
+		return dcesrv_lsa_AddRemoveAccountRights(dce_call, mem_ctx, astate->policy,
+						  LDB_FLAG_MOD_DELETE, astate->account_sid,
+						  r2.out.rights);
+	}
+
+	if (r->in.remove_all != 0) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	rights->count = r->in.privs->count;
+	rights->names = talloc_array(mem_ctx, struct lsa_StringLarge, rights->count);
+	if (rights->names == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	for (i=0;i<rights->count;i++) {
+		int id = r->in.privs->set[i].luid.low;
+		if (r->in.privs->set[i].luid.high) {
+			return NT_STATUS_NO_SUCH_PRIVILEGE;
+		}
+		rights->names[i].string = sec_privilege_name(id);
+		if (rights->names[i].string == NULL) {
+			return NT_STATUS_NO_SUCH_PRIVILEGE;
+		}
+	}
+
+	return dcesrv_lsa_AddRemoveAccountRights(dce_call, mem_ctx, astate->policy,
+					  LDB_FLAG_MOD_DELETE, astate->account_sid,
+					  rights);
+}
+
+
+/*
+  lsa_GetQuotasForAccount
+*/
+static NTSTATUS dcesrv_lsa_GetQuotasForAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_GetQuotasForAccount *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  lsa_SetQuotasForAccount
+*/
+static NTSTATUS dcesrv_lsa_SetQuotasForAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_SetQuotasForAccount *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  lsa_GetSystemAccessAccount
+*/
+static NTSTATUS dcesrv_lsa_GetSystemAccessAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_GetSystemAccessAccount *r)
+{
+	struct dcesrv_handle *h;
+	struct lsa_account_state *astate;
+	int ret;
+	unsigned int i;
+	struct ldb_message **res;
+	const char * const attrs[] = { "privilege", NULL};
+	struct ldb_message_element *el;
+	const char *sidstr;
+
+	*(r->out.access_mask) = 0x00000000;
+
+	DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_ACCOUNT);
+
+	astate = h->data;
+
+	sidstr = ldap_encode_ndr_dom_sid(mem_ctx, astate->account_sid);
+	if (sidstr == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ret = gendb_search(astate->policy->pdb, mem_ctx, NULL, &res, attrs,
+			   "objectSid=%s", sidstr);
+	if (ret < 0) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+	if (ret != 1) {
+		return NT_STATUS_OK;
+	}
+
+	el = ldb_msg_find_element(res[0], "privilege");
+	if (el == NULL || el->num_values == 0) {
+		return NT_STATUS_OK;
+	}
+
+	for (i=0;i<el->num_values;i++) {
+		uint32_t right_bit = sec_right_bit((const char *)el->values[i].data);
+		if (right_bit == 0) {
+			/* Perhaps an privilege, not a right */
+			continue;
+		}
+		*(r->out.access_mask) |= right_bit;
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  lsa_SetSystemAccessAccount
+*/
+static NTSTATUS dcesrv_lsa_SetSystemAccessAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_SetSystemAccessAccount *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+/*
+  lsa_CreateSecret
+*/
+static NTSTATUS dcesrv_lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				 struct lsa_CreateSecret *r)
+{
+	struct auth_session_info *session_info =
+		dcesrv_call_session_info(dce_call);
+	struct dcesrv_handle *policy_handle;
+	struct lsa_policy_state *policy_state;
+	struct lsa_secret_state *secret_state;
+	struct dcesrv_handle *handle;
+	struct ldb_message **msgs, *msg;
+	const char *attrs[] = {
+		NULL
+	};
+
+	const char *name;
+
+	int ret;
+
+	DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
+	ZERO_STRUCTP(r->out.sec_handle);
+
+	switch (security_session_user_level(session_info, NULL))
+	{
+	case SECURITY_SYSTEM:
+	case SECURITY_ADMINISTRATOR:
+		break;
+	default:
+		/* Users and anonymous are not allowed create secrets */
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	policy_state = policy_handle->data;
+
+	if (!r->in.name.string) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	secret_state = talloc(mem_ctx, struct lsa_secret_state);
+	NT_STATUS_HAVE_NO_MEMORY(secret_state);
+	secret_state->policy = policy_state;
+
+	msg = ldb_msg_new(mem_ctx);
+	if (msg == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (strncmp("G$", r->in.name.string, 2) == 0) {
+		const char *name2;
+
+		secret_state->global = true;
+
+		name = &r->in.name.string[2];
+		if (strlen(name) == 0) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		name2 = talloc_asprintf(mem_ctx, "%s Secret",
+					ldb_binary_encode_string(mem_ctx, name));
+		NT_STATUS_HAVE_NO_MEMORY(name2);
+
+		/*
+		 * We need to connect to the database as system, as this is
+		 * one of the rare RPC calls that must read the secrets
+		 * (and this is denied otherwise)
+		 *
+		 * We also save the current remote session details so they can
+		 * used by the audit logging module. This allows the audit
+		 * logging to report the remote users details, rather than the
+		 * system users details.
+		 */
+		secret_state->sam_ldb =
+			dcesrv_samdb_connect_as_system(secret_state, dce_call);
+		NT_STATUS_HAVE_NO_MEMORY(secret_state->sam_ldb);
+
+		/* search for the secret record */
+		ret = gendb_search(secret_state->sam_ldb,
+				   mem_ctx, policy_state->system_dn, &msgs, attrs,
+				   "(&(cn=%s)(objectclass=secret))",
+				   name2);
+		if (ret > 0) {
+			return NT_STATUS_OBJECT_NAME_COLLISION;
+		}
+
+		if (ret < 0) {
+			DEBUG(0,("Failure searching for CN=%s: %s\n",
+				 name2, ldb_errstring(secret_state->sam_ldb)));
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+
+		msg->dn = ldb_dn_copy(mem_ctx, policy_state->system_dn);
+		NT_STATUS_HAVE_NO_MEMORY(msg->dn);
+		if (!ldb_dn_add_child_fmt(msg->dn, "cn=%s", name2)) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		ret = ldb_msg_add_string(msg, "cn", name2);
+		if (ret != LDB_SUCCESS) return NT_STATUS_NO_MEMORY;
+	} else {
+		secret_state->global = false;
+
+		name = r->in.name.string;
+		if (strlen(name) == 0) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		secret_state->sam_ldb = secrets_db_connect(secret_state,
+					dce_call->conn->dce_ctx->lp_ctx);
+		NT_STATUS_HAVE_NO_MEMORY(secret_state->sam_ldb);
+
+		/* search for the secret record */
+		ret = gendb_search(secret_state->sam_ldb, mem_ctx,
+				   ldb_dn_new(mem_ctx, secret_state->sam_ldb, "cn=LSA Secrets"),
+				   &msgs, attrs,
+				   "(&(cn=%s)(objectclass=secret))",
+				   ldb_binary_encode_string(mem_ctx, name));
+		if (ret > 0) {
+			return NT_STATUS_OBJECT_NAME_COLLISION;
+		}
+
+		if (ret < 0) {
+			DEBUG(0,("Failure searching for CN=%s: %s\n",
+				 name, ldb_errstring(secret_state->sam_ldb)));
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+
+		msg->dn = ldb_dn_new_fmt(mem_ctx, secret_state->sam_ldb,
+					 "cn=%s,cn=LSA Secrets", name);
+		NT_STATUS_HAVE_NO_MEMORY(msg->dn);
+		ret = ldb_msg_add_string(msg, "cn", name);
+		if (ret != LDB_SUCCESS) return NT_STATUS_NO_MEMORY;
+	}
+
+	ret = ldb_msg_add_string(msg, "objectClass", "secret");
+	if (ret != LDB_SUCCESS) return NT_STATUS_NO_MEMORY;
+
+	secret_state->secret_dn = talloc_reference(secret_state, msg->dn);
+	NT_STATUS_HAVE_NO_MEMORY(secret_state->secret_dn);
+
+	/* create the secret */
+	ret = ldb_add(secret_state->sam_ldb, msg);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(0,("Failed to create secret record %s: %s\n",
+			 ldb_dn_get_linearized(msg->dn),
+			 ldb_errstring(secret_state->sam_ldb)));
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	handle = dcesrv_handle_create(dce_call, LSA_HANDLE_SECRET);
+	NT_STATUS_HAVE_NO_MEMORY(handle);
+
+	handle->data = talloc_steal(handle, secret_state);
+
+	secret_state->access_mask = r->in.access_mask;
+	secret_state->policy = talloc_reference(secret_state, policy_state);
+	NT_STATUS_HAVE_NO_MEMORY(secret_state->policy);
+
+	*r->out.sec_handle = handle->wire_handle;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  lsa_OpenSecret
+*/
+static NTSTATUS dcesrv_lsa_OpenSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+			       struct lsa_OpenSecret *r)
+{
+	struct auth_session_info *session_info =
+		dcesrv_call_session_info(dce_call);
+	struct dcesrv_handle *policy_handle;
+	struct lsa_policy_state *policy_state;
+	struct lsa_secret_state *secret_state;
+	struct dcesrv_handle *handle;
+	struct ldb_message **msgs;
+	const char *attrs[] = {
+		NULL
+	};
+	const char *name;
+	int ret;
+
+	DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
+	ZERO_STRUCTP(r->out.sec_handle);
+	policy_state = policy_handle->data;
+
+	if (!r->in.name.string) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	switch (security_session_user_level(session_info, NULL))
+	{
+	case SECURITY_SYSTEM:
+	case SECURITY_ADMINISTRATOR:
+		break;
+	default:
+		/* Users and anonymous are not allowed to access secrets */
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	secret_state = talloc(mem_ctx, struct lsa_secret_state);
+	if (!secret_state) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	secret_state->policy = policy_state;
+
+	if (strncmp("G$", r->in.name.string, 2) == 0) {
+		name = &r->in.name.string[2];
+		/*
+		 * We need to connect to the database as system, as this is
+		 * one of the rare RPC calls that must read the secrets
+		 * (and this is denied otherwise)
+		 *
+		 * We also save the current remote session details so they can
+		 * used by the audit logging module. This allows the audit
+		 * logging to report the remote users details, rather than the
+		 * system users details.
+		 */
+		secret_state->sam_ldb =
+			dcesrv_samdb_connect_as_system(secret_state, dce_call);
+		NT_STATUS_HAVE_NO_MEMORY(secret_state->sam_ldb);
+		secret_state->global = true;
+
+		if (strlen(name) < 1) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		/* search for the secret record */
+		ret = gendb_search(secret_state->sam_ldb,
+				   mem_ctx, policy_state->system_dn, &msgs, attrs,
+				   "(&(cn=%s Secret)(objectclass=secret))",
+				   ldb_binary_encode_string(mem_ctx, name));
+		if (ret == 0) {
+			return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+		}
+
+		if (ret != 1) {
+			DEBUG(0,("Found %d records matching DN %s\n", ret,
+				 ldb_dn_get_linearized(policy_state->system_dn)));
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+	} else {
+		secret_state->global = false;
+		secret_state->sam_ldb = secrets_db_connect(secret_state,
+					dce_call->conn->dce_ctx->lp_ctx);
+		NT_STATUS_HAVE_NO_MEMORY(secret_state->sam_ldb);
+
+		name = r->in.name.string;
+		if (strlen(name) < 1) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		/* search for the secret record */
+		ret = gendb_search(secret_state->sam_ldb, mem_ctx,
+				   ldb_dn_new(mem_ctx, secret_state->sam_ldb, "cn=LSA Secrets"),
+				   &msgs, attrs,
+				   "(&(cn=%s)(objectclass=secret))",
+				   ldb_binary_encode_string(mem_ctx, name));
+		if (ret == 0) {
+			return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+		}
+
+		if (ret != 1) {
+			DEBUG(0,("Found %d records matching CN=%s\n",
+				 ret, ldb_binary_encode_string(mem_ctx, name)));
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+	}
+
+	secret_state->secret_dn = talloc_reference(secret_state, msgs[0]->dn);
+
+	handle = dcesrv_handle_create(dce_call, LSA_HANDLE_SECRET);
+	if (!handle) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	handle->data = talloc_steal(handle, secret_state);
+
+	secret_state->access_mask = r->in.access_mask;
+	secret_state->policy = talloc_reference(secret_state, policy_state);
+
+	*r->out.sec_handle = handle->wire_handle;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  lsa_SetSecret
+*/
+static NTSTATUS dcesrv_lsa_SetSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+			      struct lsa_SetSecret *r)
+{
+
+	struct dcesrv_handle *h;
+	struct lsa_secret_state *secret_state;
+	struct ldb_message *msg;
+	DATA_BLOB session_key;
+	DATA_BLOB crypt_secret, secret;
+	struct ldb_val val;
+	int ret;
+	NTSTATUS status = NT_STATUS_OK;
+
+	struct timeval now = timeval_current();
+	NTTIME nt_now = timeval_to_nttime(&now);
+
+	DCESRV_PULL_HANDLE(h, r->in.sec_handle, LSA_HANDLE_SECRET);
+
+	secret_state = h->data;
+
+	msg = ldb_msg_new(mem_ctx);
+	if (msg == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	msg->dn = talloc_reference(mem_ctx, secret_state->secret_dn);
+	if (!msg->dn) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	status = dcesrv_transport_session_key(dce_call, &session_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (r->in.old_val) {
+		/* Decrypt */
+		crypt_secret.data = r->in.old_val->data;
+		crypt_secret.length = r->in.old_val->size;
+
+		status = sess_decrypt_blob(mem_ctx, &crypt_secret, &session_key, &secret);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+
+		val.data = secret.data;
+		val.length = secret.length;
+
+		/* set value */
+		if (ldb_msg_add_value(msg, "priorValue", &val, NULL) != LDB_SUCCESS) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		/* set old value mtime */
+		if (samdb_msg_add_uint64(secret_state->sam_ldb,
+					 mem_ctx, msg, "priorSetTime", nt_now) != LDB_SUCCESS) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+	} else {
+		/* If the old value is not set, then migrate the
+		 * current value to the old value */
+		const struct ldb_val *old_val;
+		NTTIME last_set_time;
+		struct ldb_message **res;
+		const char *attrs[] = {
+			"currentValue",
+			"lastSetTime",
+			NULL
+		};
+
+		/* search for the secret record */
+		ret = gendb_search_dn(secret_state->sam_ldb,mem_ctx,
+				      secret_state->secret_dn, &res, attrs);
+		if (ret == 0) {
+			return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+		}
+
+		if (ret != 1) {
+			DEBUG(0,("Found %d records matching dn=%s\n", ret,
+				 ldb_dn_get_linearized(secret_state->secret_dn)));
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+
+		old_val = ldb_msg_find_ldb_val(res[0], "currentValue");
+		last_set_time = ldb_msg_find_attr_as_uint64(res[0], "lastSetTime", 0);
+
+		if (old_val) {
+			/* set old value */
+			if (ldb_msg_add_value(msg, "priorValue",
+					      old_val, NULL) != LDB_SUCCESS) {
+				return NT_STATUS_NO_MEMORY;
+			}
+		} else {
+			if (samdb_msg_add_delete(secret_state->sam_ldb,
+						 mem_ctx, msg, "priorValue") != LDB_SUCCESS) {
+				return NT_STATUS_NO_MEMORY;
+			}
+		}
+
+		/* set old value mtime */
+		if (ldb_msg_find_ldb_val(res[0], "lastSetTime")) {
+			if (samdb_msg_add_uint64(secret_state->sam_ldb,
+						 mem_ctx, msg, "priorSetTime", last_set_time) != LDB_SUCCESS) {
+				return NT_STATUS_NO_MEMORY;
+			}
+		} else {
+			if (samdb_msg_add_uint64(secret_state->sam_ldb,
+						 mem_ctx, msg, "priorSetTime", nt_now) != LDB_SUCCESS) {
+				return NT_STATUS_NO_MEMORY;
+			}
+		}
+	}
+
+	if (r->in.new_val) {
+		/* Decrypt */
+		crypt_secret.data = r->in.new_val->data;
+		crypt_secret.length = r->in.new_val->size;
+
+		status = sess_decrypt_blob(mem_ctx, &crypt_secret, &session_key, &secret);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+
+		val.data = secret.data;
+		val.length = secret.length;
+
+		/* set value */
+		if (ldb_msg_add_value(msg, "currentValue", &val, NULL) != LDB_SUCCESS) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		/* set new value mtime */
+		if (samdb_msg_add_uint64(secret_state->sam_ldb,
+					 mem_ctx, msg, "lastSetTime", nt_now) != LDB_SUCCESS) {
+			return NT_STATUS_NO_MEMORY;
+		}
+	} else {
+		/* NULL out the NEW value */
+		if (samdb_msg_add_uint64(secret_state->sam_ldb,
+					 mem_ctx, msg, "lastSetTime", nt_now) != LDB_SUCCESS) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		if (samdb_msg_add_delete(secret_state->sam_ldb,
+					 mem_ctx, msg, "currentValue") != LDB_SUCCESS) {
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
+	/* modify the samdb record */
+	ret = dsdb_replace(secret_state->sam_ldb, msg, 0);
+	if (ret != LDB_SUCCESS) {
+		return dsdb_ldb_err_to_ntstatus(ret);
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  lsa_QuerySecret
+*/
+static NTSTATUS dcesrv_lsa_QuerySecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				struct lsa_QuerySecret *r)
+{
+	struct auth_session_info *session_info =
+		dcesrv_call_session_info(dce_call);
+	struct dcesrv_handle *h;
+	struct lsa_secret_state *secret_state;
+	struct ldb_message *msg;
+	DATA_BLOB session_key;
+	DATA_BLOB crypt_secret, secret;
+	int ret;
+	struct ldb_message **res;
+	const char *attrs[] = {
+		"currentValue",
+		"priorValue",
+		"lastSetTime",
+		"priorSetTime",
+		NULL
+	};
+
+	NTSTATUS nt_status;
+
+	DCESRV_PULL_HANDLE(h, r->in.sec_handle, LSA_HANDLE_SECRET);
+
+	/* Ensure user is permitted to read this... */
+	switch (security_session_user_level(session_info, NULL))
+	{
+	case SECURITY_SYSTEM:
+	case SECURITY_ADMINISTRATOR:
+		break;
+	default:
+		/* Users and anonymous are not allowed to read secrets */
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	secret_state = h->data;
+
+	/* pull all the user attributes */
+	ret = gendb_search_dn(secret_state->sam_ldb, mem_ctx,
+			      secret_state->secret_dn, &res, attrs);
+	if (ret != 1) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+	msg = res[0];
+
+	nt_status = dcesrv_transport_session_key(dce_call, &session_key);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		return nt_status;
+	}
+
+	if (r->in.old_val) {
+		const struct ldb_val *prior_val;
+		r->out.old_val = talloc_zero(mem_ctx, struct lsa_DATA_BUF_PTR);
+		if (!r->out.old_val) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		prior_val = ldb_msg_find_ldb_val(msg, "priorValue");
+
+		if (prior_val && prior_val->length) {
+			secret.data = prior_val->data;
+			secret.length = prior_val->length;
+
+			/* Encrypt */
+			crypt_secret = sess_encrypt_blob(mem_ctx, &secret, &session_key);
+			if (!crypt_secret.length) {
+				return NT_STATUS_NO_MEMORY;
+			}
+			r->out.old_val->buf = talloc(mem_ctx, struct lsa_DATA_BUF);
+			if (!r->out.old_val->buf) {
+				return NT_STATUS_NO_MEMORY;
+			}
+			r->out.old_val->buf->size = crypt_secret.length;
+			r->out.old_val->buf->length = crypt_secret.length;
+			r->out.old_val->buf->data = crypt_secret.data;
+		}
+	}
+
+	if (r->in.old_mtime) {
+		r->out.old_mtime = talloc(mem_ctx, NTTIME);
+		if (!r->out.old_mtime) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		*r->out.old_mtime = ldb_msg_find_attr_as_uint64(msg, "priorSetTime", 0);
+	}
+
+	if (r->in.new_val) {
+		const struct ldb_val *new_val;
+		r->out.new_val = talloc_zero(mem_ctx, struct lsa_DATA_BUF_PTR);
+		if (!r->out.new_val) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		new_val = ldb_msg_find_ldb_val(msg, "currentValue");
+
+		if (new_val && new_val->length) {
+			secret.data = new_val->data;
+			secret.length = new_val->length;
+
+			/* Encrypt */
+			crypt_secret = sess_encrypt_blob(mem_ctx, &secret, &session_key);
+			if (!crypt_secret.length) {
+				return NT_STATUS_NO_MEMORY;
+			}
+			r->out.new_val->buf = talloc(mem_ctx, struct lsa_DATA_BUF);
+			if (!r->out.new_val->buf) {
+				return NT_STATUS_NO_MEMORY;
+			}
+			r->out.new_val->buf->length = crypt_secret.length;
+			r->out.new_val->buf->size = crypt_secret.length;
+			r->out.new_val->buf->data = crypt_secret.data;
+		}
+	}
+
+	if (r->in.new_mtime) {
+		r->out.new_mtime = talloc(mem_ctx, NTTIME);
+		if (!r->out.new_mtime) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		*r->out.new_mtime = ldb_msg_find_attr_as_uint64(msg, "lastSetTime", 0);
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  lsa_LookupPrivValue
+*/
+static NTSTATUS dcesrv_lsa_LookupPrivValue(struct dcesrv_call_state *dce_call,
+				    TALLOC_CTX *mem_ctx,
+				    struct lsa_LookupPrivValue *r)
+{
+	struct dcesrv_handle *h;
+	int id;
+
+	DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+	id = sec_privilege_id(r->in.name->string);
+	if (id == SEC_PRIV_INVALID) {
+		return NT_STATUS_NO_SUCH_PRIVILEGE;
+	}
+
+	r->out.luid->low = id;
+	r->out.luid->high = 0;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  lsa_LookupPrivName
+*/
+static NTSTATUS dcesrv_lsa_LookupPrivName(struct dcesrv_call_state *dce_call,
+				   TALLOC_CTX *mem_ctx,
+				   struct lsa_LookupPrivName *r)
+{
+	struct dcesrv_handle *h;
+	struct lsa_StringLarge *name;
+	const char *privname;
+
+	DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+	if (r->in.luid->high != 0) {
+		return NT_STATUS_NO_SUCH_PRIVILEGE;
+	}
+
+	privname = sec_privilege_name(r->in.luid->low);
+	if (privname == NULL) {
+		return NT_STATUS_NO_SUCH_PRIVILEGE;
+	}
+
+	name = talloc(mem_ctx, struct lsa_StringLarge);
+	if (name == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	name->string = privname;
+
+	*r->out.name = name;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  lsa_LookupPrivDisplayName
+*/
+static NTSTATUS dcesrv_lsa_LookupPrivDisplayName(struct dcesrv_call_state *dce_call,
+					  TALLOC_CTX *mem_ctx,
+					  struct lsa_LookupPrivDisplayName *r)
+{
+	struct dcesrv_handle *h;
+	struct lsa_StringLarge *disp_name = NULL;
+	enum sec_privilege id;
+
+	DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+	id = sec_privilege_id(r->in.name->string);
+	if (id == SEC_PRIV_INVALID) {
+		return NT_STATUS_NO_SUCH_PRIVILEGE;
+	}
+
+	disp_name = talloc(mem_ctx, struct lsa_StringLarge);
+	if (disp_name == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	disp_name->string = sec_privilege_display_name(id, &r->in.language_id);
+	if (disp_name->string == NULL) {
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	*r->out.disp_name = disp_name;
+	*r->out.returned_language_id = 0;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  lsa_EnumAccountsWithUserRight
+*/
+static NTSTATUS dcesrv_lsa_EnumAccountsWithUserRight(struct dcesrv_call_state *dce_call,
+					      TALLOC_CTX *mem_ctx,
+					      struct lsa_EnumAccountsWithUserRight *r)
+{
+	struct dcesrv_handle *h;
+	struct lsa_policy_state *state;
+	int ret, i;
+	struct ldb_message **res;
+	const char * const attrs[] = { "objectSid", NULL};
+	const char *privname;
+	bool ok;
+
+	DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+	state = h->data;
+
+	if (r->in.name == NULL) {
+		return NT_STATUS_NO_SUCH_PRIVILEGE;
+	}
+
+	privname = r->in.name->string;
+
+	ok = dcesrc_lsa_valid_AccountRight(privname);
+	if (!ok) {
+		return NT_STATUS_NO_SUCH_PRIVILEGE;
+	}
+
+	ret = gendb_search(state->pdb, mem_ctx, NULL, &res, attrs,
+			   "privilege=%s", privname);
+	if (ret < 0) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+	if (ret == 0) {
+		return NT_STATUS_NO_MORE_ENTRIES;
+	}
+
+	r->out.sids->sids = talloc_array(r->out.sids, struct lsa_SidPtr, ret);
+	if (r->out.sids->sids == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	for (i=0;i<ret;i++) {
+		r->out.sids->sids[i].sid = samdb_result_dom_sid(r->out.sids->sids,
+								res[i], "objectSid");
+		NT_STATUS_HAVE_NO_MEMORY(r->out.sids->sids[i].sid);
+	}
+	r->out.sids->num_sids = ret;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  lsa_AddAccountRights
+*/
+static NTSTATUS dcesrv_lsa_AddAccountRights(struct dcesrv_call_state *dce_call,
+				     TALLOC_CTX *mem_ctx,
+				     struct lsa_AddAccountRights *r)
+{
+	struct dcesrv_handle *h;
+	struct lsa_policy_state *state;
+
+	DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+	state = h->data;
+
+	return dcesrv_lsa_AddRemoveAccountRights(dce_call, mem_ctx, state,
+					  LDB_FLAG_MOD_ADD,
+					  r->in.sid, r->in.rights);
+}
+
+
+/*
+  lsa_RemoveAccountRights
+*/
+static NTSTATUS dcesrv_lsa_RemoveAccountRights(struct dcesrv_call_state *dce_call,
+					TALLOC_CTX *mem_ctx,
+					struct lsa_RemoveAccountRights *r)
+{
+	struct dcesrv_handle *h;
+	struct lsa_policy_state *state;
+
+	DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+	state = h->data;
+
+	return dcesrv_lsa_AddRemoveAccountRights(dce_call, mem_ctx, state,
+					  LDB_FLAG_MOD_DELETE,
+					  r->in.sid, r->in.rights);
+}
+
+
+/*
+  lsa_StorePrivateData
+*/
+static NTSTATUS dcesrv_lsa_StorePrivateData(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_StorePrivateData *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  lsa_RetrievePrivateData
+*/
+static NTSTATUS dcesrv_lsa_RetrievePrivateData(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_RetrievePrivateData *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  lsa_GetUserName
+*/
+static NTSTATUS dcesrv_lsa_GetUserName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				struct lsa_GetUserName *r)
+{
+	enum dcerpc_transport_t transport =
+		dcerpc_binding_get_transport(dce_call->conn->endpoint->ep_description);
+	struct auth_session_info *session_info =
+		dcesrv_call_session_info(dce_call);
+	NTSTATUS status = NT_STATUS_OK;
+	const char *account_name;
+	const char *authority_name;
+	struct lsa_String *_account_name;
+	struct lsa_String *_authority_name = NULL;
+
+	if (transport != NCACN_NP && transport != NCALRPC) {
+		DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
+	}
+
+	/* this is what w2k3 does */
+	r->out.account_name = r->in.account_name;
+	r->out.authority_name = r->in.authority_name;
+
+	if (r->in.account_name
+	    && *r->in.account_name
+	    /* && *(*r->in.account_name)->string */
+	    ) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (r->in.authority_name
+	    && *r->in.authority_name
+	    /* && *(*r->in.authority_name)->string */
+	    ) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	account_name = talloc_reference(mem_ctx, session_info->info->account_name);
+	authority_name = talloc_reference(mem_ctx, session_info->info->domain_name);
+
+	_account_name = talloc(mem_ctx, struct lsa_String);
+	NT_STATUS_HAVE_NO_MEMORY(_account_name);
+	_account_name->string = account_name;
+
+	if (r->in.authority_name) {
+		_authority_name = talloc(mem_ctx, struct lsa_String);
+		NT_STATUS_HAVE_NO_MEMORY(_authority_name);
+		_authority_name->string = authority_name;
+	}
+
+	*r->out.account_name = _account_name;
+	if (r->out.authority_name) {
+		*r->out.authority_name = _authority_name;
+	}
+
+	return status;
+}
+
+/*
+  lsa_SetInfoPolicy2
+*/
+static NTSTATUS dcesrv_lsa_SetInfoPolicy2(struct dcesrv_call_state *dce_call,
+				   TALLOC_CTX *mem_ctx,
+				   struct lsa_SetInfoPolicy2 *r)
+{
+	/* need to support these */
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+static void kdc_get_policy(TALLOC_CTX *mem_ctx,
+			   struct loadparm_context *lp_ctx,
+			   struct smb_krb5_context *smb_krb5_context,
+			   struct lsa_DomainInfoKerberos *k)
+{
+	time_t svc_tkt_lifetime;
+	time_t usr_tkt_lifetime;
+	time_t renewal_lifetime;
+
+	/* Our KDC always re-validates the client */
+	k->authentication_options = LSA_POLICY_KERBEROS_VALIDATE_CLIENT;
+
+	lpcfg_default_kdc_policy(mem_ctx, lp_ctx, &svc_tkt_lifetime,
+				 &usr_tkt_lifetime, &renewal_lifetime);
+
+	unix_to_nt_time(&k->service_tkt_lifetime, svc_tkt_lifetime);
+	unix_to_nt_time(&k->user_tkt_lifetime, usr_tkt_lifetime);
+	unix_to_nt_time(&k->user_tkt_renewaltime, renewal_lifetime);
+#ifdef SAMBA4_USES_HEIMDAL /* MIT lacks krb5_get_max_time_skew.
+	However in the parent function we basically just did a full
+	krb5_context init with the only purpose of getting a global
+	config option (the max skew), it would probably make more sense
+	to have a lp_ or ldb global option as the samba default */
+	if (smb_krb5_context) {
+		unix_to_nt_time(&k->clock_skew,
+				krb5_get_max_time_skew(smb_krb5_context->krb5_context));
+	}
+#endif
+	k->reserved = 0;
+}
+/*
+  lsa_QueryDomainInformationPolicy
+*/
+static NTSTATUS dcesrv_lsa_QueryDomainInformationPolicy(struct dcesrv_call_state *dce_call,
+						 TALLOC_CTX *mem_ctx,
+						 struct lsa_QueryDomainInformationPolicy *r)
+{
+	union lsa_DomainInformationPolicy *info;
+
+	info = talloc_zero(r->out.info, union lsa_DomainInformationPolicy);
+	if (!info) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	switch (r->in.level) {
+	case LSA_DOMAIN_INFO_POLICY_EFS:
+		talloc_free(info);
+		*r->out.info = NULL;
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	case LSA_DOMAIN_INFO_POLICY_KERBEROS:
+	{
+		struct lsa_DomainInfoKerberos *k = &info->kerberos_info;
+		struct smb_krb5_context *smb_krb5_context;
+		int ret = smb_krb5_init_context(mem_ctx,
+							dce_call->conn->dce_ctx->lp_ctx,
+							&smb_krb5_context);
+		if (ret != 0) {
+			talloc_free(info);
+			*r->out.info = NULL;
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+		kdc_get_policy(mem_ctx, dce_call->conn->dce_ctx->lp_ctx,
+			       smb_krb5_context,
+			       k);
+		talloc_free(smb_krb5_context);
+		*r->out.info = info;
+		return NT_STATUS_OK;
+	}
+	default:
+		talloc_free(info);
+		*r->out.info = NULL;
+		return NT_STATUS_INVALID_INFO_CLASS;
+	}
+}
+
+/*
+  lsa_SetDomInfoPolicy
+*/
+static NTSTATUS dcesrv_lsa_SetDomainInformationPolicy(struct dcesrv_call_state *dce_call,
+					      TALLOC_CTX *mem_ctx,
+					      struct lsa_SetDomainInformationPolicy *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_TestCall
+*/
+static NTSTATUS dcesrv_lsa_TestCall(struct dcesrv_call_state *dce_call,
+			     TALLOC_CTX *mem_ctx,
+			     struct lsa_TestCall *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_CREDRWRITE
+*/
+static NTSTATUS dcesrv_lsa_CREDRWRITE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_CREDRWRITE *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  lsa_CREDRREAD
+*/
+static NTSTATUS dcesrv_lsa_CREDRREAD(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_CREDRREAD *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  lsa_CREDRENUMERATE
+*/
+static NTSTATUS dcesrv_lsa_CREDRENUMERATE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_CREDRENUMERATE *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  lsa_CREDRWRITEDOMAINCREDENTIALS
+*/
+static NTSTATUS dcesrv_lsa_CREDRWRITEDOMAINCREDENTIALS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_CREDRWRITEDOMAINCREDENTIALS *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  lsa_CREDRREADDOMAINCREDENTIALS
+*/
+static NTSTATUS dcesrv_lsa_CREDRREADDOMAINCREDENTIALS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_CREDRREADDOMAINCREDENTIALS *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  lsa_CREDRDELETE
+*/
+static NTSTATUS dcesrv_lsa_CREDRDELETE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_CREDRDELETE *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  lsa_CREDRGETTARGETINFO
+*/
+static NTSTATUS dcesrv_lsa_CREDRGETTARGETINFO(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_CREDRGETTARGETINFO *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  lsa_CREDRPROFILELOADED
+*/
+static NTSTATUS dcesrv_lsa_CREDRPROFILELOADED(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_CREDRPROFILELOADED *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  lsa_CREDRGETSESSIONTYPES
+*/
+static NTSTATUS dcesrv_lsa_CREDRGETSESSIONTYPES(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_CREDRGETSESSIONTYPES *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  lsa_LSARREGISTERAUDITEVENT
+*/
+static NTSTATUS dcesrv_lsa_LSARREGISTERAUDITEVENT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_LSARREGISTERAUDITEVENT *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  lsa_LSARGENAUDITEVENT
+*/
+static NTSTATUS dcesrv_lsa_LSARGENAUDITEVENT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_LSARGENAUDITEVENT *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  lsa_LSARUNREGISTERAUDITEVENT
+*/
+static NTSTATUS dcesrv_lsa_LSARUNREGISTERAUDITEVENT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_LSARUNREGISTERAUDITEVENT *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  lsa_lsaRQueryForestTrustInformation
+*/
+static NTSTATUS dcesrv_lsa_lsaRQueryForestTrustInformation(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_lsaRQueryForestTrustInformation *r)
+{
+	struct dcesrv_handle *h = NULL;
+	struct lsa_policy_state *p_state = NULL;
+	int forest_level = DS_DOMAIN_FUNCTION_2000;
+	const char * const trust_attrs[] = {
+		"securityIdentifier",
+		"flatName",
+		"trustPartner",
+		"trustAttributes",
+		"trustDirection",
+		"trustType",
+		"msDS-TrustForestTrustInfo",
+		NULL
+	};
+	struct ldb_message *trust_tdo_msg = NULL;
+	struct lsa_TrustDomainInfoInfoEx *trust_tdo = NULL;
+	struct ForestTrustInfo *trust_fti = NULL;
+	struct lsa_ForestTrustInformation *trust_lfti = NULL;
+	NTSTATUS status;
+
+	DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+	p_state = h->data;
+
+	if (strcmp(p_state->domain_dns, p_state->forest_dns)) {
+		return NT_STATUS_INVALID_DOMAIN_STATE;
+	}
+
+	forest_level = dsdb_forest_functional_level(p_state->sam_ldb);
+	if (forest_level < DS_DOMAIN_FUNCTION_2003) {
+		return NT_STATUS_INVALID_DOMAIN_STATE;
+	}
+
+	if (r->in.trusted_domain_name->string == NULL) {
+		return NT_STATUS_NO_SUCH_DOMAIN;
+	}
+
+	status = dsdb_trust_search_tdo(p_state->sam_ldb,
+				       r->in.trusted_domain_name->string,
+				       r->in.trusted_domain_name->string,
+				       trust_attrs, mem_ctx, &trust_tdo_msg);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+		return NT_STATUS_NO_SUCH_DOMAIN;
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	status = dsdb_trust_parse_tdo_info(mem_ctx, trust_tdo_msg, &trust_tdo);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (!(trust_tdo->trust_attributes & LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE)) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (r->in.highest_record_type >= LSA_FOREST_TRUST_RECORD_TYPE_LAST) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	status = dsdb_trust_parse_forest_info(mem_ctx,
+					      trust_tdo_msg,
+					      &trust_fti);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	status = dsdb_trust_forest_info_to_lsa(mem_ctx, trust_fti,
+					       &trust_lfti);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	*r->out.forest_trust_info = trust_lfti;
+	return NT_STATUS_OK;
+}
+
+/*
+  lsa_lsaRSetForestTrustInformation
+*/
+static NTSTATUS dcesrv_lsa_lsaRSetForestTrustInformation(struct dcesrv_call_state *dce_call,
+							 TALLOC_CTX *mem_ctx,
+							 struct lsa_lsaRSetForestTrustInformation *r)
+{
+	struct dcesrv_handle *h;
+	struct lsa_policy_state *p_state;
+	const char * const trust_attrs[] = {
+		"securityIdentifier",
+		"flatName",
+		"trustPartner",
+		"trustAttributes",
+		"trustDirection",
+		"trustType",
+		"msDS-TrustForestTrustInfo",
+		NULL
+	};
+	struct ldb_message *trust_tdo_msg = NULL;
+	struct lsa_TrustDomainInfoInfoEx *trust_tdo = NULL;
+	struct lsa_ForestTrustInformation *step1_lfti = NULL;
+	struct lsa_ForestTrustInformation *step2_lfti = NULL;
+	struct ForestTrustInfo *trust_fti = NULL;
+	struct ldb_result *trusts_res = NULL;
+	unsigned int i;
+	struct lsa_TrustDomainInfoInfoEx *xref_tdo = NULL;
+	struct lsa_ForestTrustInformation *xref_lfti = NULL;
+	struct lsa_ForestTrustCollisionInfo *c_info = NULL;
+	DATA_BLOB ft_blob = {};
+	struct ldb_message *msg = NULL;
+	struct server_id *server_ids = NULL;
+	uint32_t num_server_ids = 0;
+	NTSTATUS status;
+	enum ndr_err_code ndr_err;
+	int ret;
+	bool in_transaction = false;
+	struct imessaging_context *imsg_ctx =
+		dcesrv_imessaging_context(dce_call->conn);
+
+	DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+	p_state = h->data;
+
+	if (strcmp(p_state->domain_dns, p_state->forest_dns)) {
+		return NT_STATUS_INVALID_DOMAIN_STATE;
+	}
+
+	if (r->in.check_only == 0) {
+		ret = ldb_transaction_start(p_state->sam_ldb);
+		if (ret != LDB_SUCCESS) {
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+		in_transaction = true;
+	}
+
+	/*
+	 * abort if we are not a PDC
+	 *
+	 * In future we should use a function like IsEffectiveRoleOwner()
+	 */
+	if (!samdb_is_pdc(p_state->sam_ldb)) {
+		status = NT_STATUS_INVALID_DOMAIN_ROLE;
+		goto done;
+	}
+
+	if (r->in.trusted_domain_name->string == NULL) {
+		status = NT_STATUS_NO_SUCH_DOMAIN;
+		goto done;
+	}
+
+	status = dsdb_trust_search_tdo(p_state->sam_ldb,
+				       r->in.trusted_domain_name->string,
+				       r->in.trusted_domain_name->string,
+				       trust_attrs, mem_ctx, &trust_tdo_msg);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+		status = NT_STATUS_NO_SUCH_DOMAIN;
+		goto done;
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
+
+	status = dsdb_trust_parse_tdo_info(mem_ctx, trust_tdo_msg, &trust_tdo);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
+
+	if (!(trust_tdo->trust_attributes & LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE)) {
+		status = NT_STATUS_INVALID_PARAMETER;
+		goto done;
+	}
+
+	if (r->in.highest_record_type >= LSA_FOREST_TRUST_RECORD_TYPE_LAST) {
+		status = NT_STATUS_INVALID_PARAMETER;
+		goto done;
+	}
+
+	/*
+	 * verify and normalize the given forest trust info.
+	 *
+	 * Step1: doesn't reorder yet, so step1_lfti might contain
+	 * NULL entries. This means dsdb_trust_verify_forest_info()
+	 * can generate collision entries with the callers index.
+	 */
+	status = dsdb_trust_normalize_forest_info_step1(mem_ctx,
+							r->in.forest_trust_info,
+							&step1_lfti);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
+
+	c_info = talloc_zero(r->out.collision_info,
+			     struct lsa_ForestTrustCollisionInfo);
+	if (c_info == NULL) {
+		status = NT_STATUS_NO_MEMORY;
+		goto done;
+	}
+
+	/*
+	 * First check our own forest, then other domains/forests
+	 */
+
+	status = dsdb_trust_xref_tdo_info(mem_ctx, p_state->sam_ldb,
+					  &xref_tdo);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
+	status = dsdb_trust_xref_forest_info(mem_ctx, p_state->sam_ldb,
+					     &xref_lfti);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
+
+	/*
+	 * The documentation proposed to generate
+	 * LSA_FOREST_TRUST_COLLISION_XREF collisions.
+	 * But Windows always uses LSA_FOREST_TRUST_COLLISION_TDO.
+	 */
+	status = dsdb_trust_verify_forest_info(xref_tdo, xref_lfti,
+					       LSA_FOREST_TRUST_COLLISION_TDO,
+					       c_info, step1_lfti);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
+
+	/* fetch all other trusted domain objects */
+	status = dsdb_trust_search_tdos(p_state->sam_ldb,
+					trust_tdo->domain_name.string,
+					trust_attrs,
+					mem_ctx, &trusts_res);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
+
+	/*
+	 * now check against the other domains.
+	 * and generate LSA_FOREST_TRUST_COLLISION_TDO collisions.
+	 */
+	for (i = 0; i < trusts_res->count; i++) {
+		struct lsa_TrustDomainInfoInfoEx *tdo = NULL;
+		struct ForestTrustInfo *fti = NULL;
+		struct lsa_ForestTrustInformation *lfti = NULL;
+
+		status = dsdb_trust_parse_tdo_info(mem_ctx,
+						   trusts_res->msgs[i],
+						   &tdo);
+		if (!NT_STATUS_IS_OK(status)) {
+			goto done;
+		}
+
+		status = dsdb_trust_parse_forest_info(tdo,
+						      trusts_res->msgs[i],
+						      &fti);
+		if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
+			continue;
+		}
+		if (!NT_STATUS_IS_OK(status)) {
+			goto done;
+		}
+
+		status = dsdb_trust_forest_info_to_lsa(tdo, fti, &lfti);
+		if (!NT_STATUS_IS_OK(status)) {
+			goto done;
+		}
+
+		status = dsdb_trust_verify_forest_info(tdo, lfti,
+						LSA_FOREST_TRUST_COLLISION_TDO,
+						c_info, step1_lfti);
+		if (!NT_STATUS_IS_OK(status)) {
+			goto done;
+		}
+
+		TALLOC_FREE(tdo);
+	}
+
+	if (r->in.check_only != 0) {
+		status = NT_STATUS_OK;
+		goto done;
+	}
+
+	/*
+	 * not just a check, write info back
+	 */
+
+	/*
+	 * normalize the given forest trust info.
+	 *
+	 * Step2: adds TOP_LEVEL_NAME[_EX] in reverse order,
+	 * followed by DOMAIN_INFO in reverse order. It also removes
+	 * possible NULL entries from Step1.
+	 */
+	status = dsdb_trust_normalize_forest_info_step2(mem_ctx, step1_lfti,
+							&step2_lfti);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
+
+	status = dsdb_trust_forest_info_from_lsa(mem_ctx, step2_lfti,
+						 &trust_fti);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
+
+	ndr_err = ndr_push_struct_blob(&ft_blob, mem_ctx, trust_fti,
+				       (ndr_push_flags_fn_t)ndr_push_ForestTrustInfo);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		status = NT_STATUS_INVALID_PARAMETER;
+		goto done;
+	}
+
+	msg = ldb_msg_new(mem_ctx);
+	if (msg == NULL) {
+		status = NT_STATUS_NO_MEMORY;
+		goto done;
+	}
+
+	msg->dn = ldb_dn_copy(mem_ctx, trust_tdo_msg->dn);
+	if (!msg->dn) {
+		status = NT_STATUS_NO_MEMORY;
+		goto done;
+	}
+
+	ret = ldb_msg_append_value(msg, "msDS-TrustForestTrustInfo",
+				   &ft_blob, LDB_FLAG_MOD_REPLACE);
+	if (ret != LDB_SUCCESS) {
+		status = NT_STATUS_NO_MEMORY;
+		goto done;
+	}
+
+	ret = ldb_modify(p_state->sam_ldb, msg);
+	if (ret != LDB_SUCCESS) {
+		status = dsdb_ldb_err_to_ntstatus(ret);
+
+		DEBUG(0, ("Failed to store Forest Trust Info: %s\n",
+			  ldb_errstring(p_state->sam_ldb)));
+
+		goto done;
+	}
+
+	/* ok, all fine, commit transaction and return */
+	in_transaction = false;
+	ret = ldb_transaction_commit(p_state->sam_ldb);
+	if (ret != LDB_SUCCESS) {
+		status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+		goto done;
+	}
+
+	/*
+	 * Notify winbindd that we have a acquired forest trust info
+	 */
+	status = irpc_servers_byname(imsg_ctx,
+				     mem_ctx,
+				     "winbind_server",
+				     &num_server_ids,
+				     &server_ids);
+	if (!NT_STATUS_IS_OK(status)) {
+		DBG_ERR("irpc_servers_byname failed\n");
+		goto done;
+	}
+
+	imessaging_send(imsg_ctx,
+			server_ids[0],
+			MSG_WINBIND_RELOAD_TRUSTED_DOMAINS,
+			NULL);
+
+	status = NT_STATUS_OK;
+
+done:
+	if (NT_STATUS_IS_OK(status) && c_info->count != 0) {
+		*r->out.collision_info = c_info;
+	}
+
+	if (in_transaction) {
+		ldb_transaction_cancel(p_state->sam_ldb);
+	}
+
+	return status;
+}
+
+/*
+  lsa_CREDRRENAME
+*/
+static NTSTATUS dcesrv_lsa_CREDRRENAME(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_CREDRRENAME *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+
+/*
+  lsa_LSAROPENPOLICYSCE
+*/
+static NTSTATUS dcesrv_lsa_LSAROPENPOLICYSCE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_LSAROPENPOLICYSCE *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  lsa_LSARADTREGISTERSECURITYEVENTSOURCE
+*/
+static NTSTATUS dcesrv_lsa_LSARADTREGISTERSECURITYEVENTSOURCE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_LSARADTREGISTERSECURITYEVENTSOURCE *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE
+*/
+static NTSTATUS dcesrv_lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  lsa_LSARADTREPORTSECURITYEVENT
+*/
+static NTSTATUS dcesrv_lsa_LSARADTREPORTSECURITYEVENT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_LSARADTREPORTSECURITYEVENT *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum82NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum82NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum82NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum83NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum83NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum83NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum84NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum84NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum84NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum85NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum85NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum85NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum86NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum86NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum86NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum87NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum87NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum87NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum88NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum88NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum88NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum89NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum89NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum89NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum90NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum90NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum90NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum91NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum91NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum91NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum92NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum92NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum92NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum93NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum93NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum93NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum94NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum94NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum94NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum95NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum95NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum95NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum96NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum96NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum96NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum97NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum97NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum97NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum98NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum98NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum98NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum99NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum99NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum99NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum100NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum100NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum100NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum101NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum101NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum101NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum102NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum102NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum102NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum103NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum103NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum103NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum104NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum104NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum104NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum105NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum105NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum105NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum106NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum106NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum106NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum107NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum107NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum107NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum108NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum108NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum108NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum109NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum109NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum109NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum110NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum110NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum110NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum111NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum111NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum111NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum112NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum112NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum112NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum113NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum113NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum113NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum114NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum114NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum114NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum115NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum115NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum115NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum116NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum116NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum116NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum117NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum117NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum117NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum118NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum118NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum118NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum119NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum119NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum119NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum120NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum120NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum120NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum121NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum121NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum121NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum122NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum122NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum122NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum123NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum123NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum123NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum124NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum124NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum124NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum125NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum125NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum125NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum126NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum126NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum126NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum127NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum127NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum127NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum128NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum128NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum128NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_CreateTrustedDomainEx3
+*/
+static NTSTATUS dcesrv_lsa_CreateTrustedDomainEx3(struct dcesrv_call_state *dce_call,
+						  TALLOC_CTX *mem_ctx,
+						  struct lsa_CreateTrustedDomainEx3 *r)
+{
+	/* TODO */
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_Opnum131NotUsedOnWire
+*/
+static void dcesrv_lsa_Opnum131NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_Opnum131NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_lsaRQueryForestTrustInformation2
+*/
+static NTSTATUS dcesrv_lsa_lsaRQueryForestTrustInformation2(
+		struct dcesrv_call_state *dce_call,
+		TALLOC_CTX *mem_ctx,
+		struct lsa_lsaRQueryForestTrustInformation2 *r)
+{
+	/* TODO */
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/*
+  lsa_lsaRSetForestTrustInformation2
+*/
+static NTSTATUS dcesrv_lsa_lsaRSetForestTrustInformation2(struct dcesrv_call_state *dce_call,
+							  TALLOC_CTX *mem_ctx,
+							  struct lsa_lsaRSetForestTrustInformation2 *r)
+{
+	/* TODO */
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/* include the generated boilerplate */
+#include "librpc/gen_ndr/ndr_lsa_s.c"
+
+
+
+/*****************************************
+NOTE! The remaining calls below were
+removed in w2k3, so the DCESRV_FAULT()
+replies are the correct implementation. Do
+not try and fill these in with anything else
+******************************************/
+
+/*
+  dssetup_DsRoleDnsNameToFlatName
+*/
+static WERROR dcesrv_dssetup_DsRoleDnsNameToFlatName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+					struct dssetup_DsRoleDnsNameToFlatName *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  dssetup_DsRoleDcAsDc
+*/
+static WERROR dcesrv_dssetup_DsRoleDcAsDc(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+			     struct dssetup_DsRoleDcAsDc *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  dssetup_DsRoleDcAsReplica
+*/
+static WERROR dcesrv_dssetup_DsRoleDcAsReplica(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				  struct dssetup_DsRoleDcAsReplica *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  dssetup_DsRoleDemoteDc
+*/
+static WERROR dcesrv_dssetup_DsRoleDemoteDc(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+			       struct dssetup_DsRoleDemoteDc *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  dssetup_DsRoleGetDcOperationProgress
+*/
+static WERROR dcesrv_dssetup_DsRoleGetDcOperationProgress(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+					     struct dssetup_DsRoleGetDcOperationProgress *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  dssetup_DsRoleGetDcOperationResults 
+*/
+static WERROR dcesrv_dssetup_DsRoleGetDcOperationResults(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+					    struct dssetup_DsRoleGetDcOperationResults *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  dssetup_DsRoleCancel 
+*/
+static WERROR dcesrv_dssetup_DsRoleCancel(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+			     struct dssetup_DsRoleCancel *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  dssetup_DsRoleServerSaveStateForUpgrade
+*/
+static WERROR dcesrv_dssetup_DsRoleServerSaveStateForUpgrade(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+						struct dssetup_DsRoleServerSaveStateForUpgrade *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  dssetup_DsRoleUpgradeDownlevelServer
+*/
+static WERROR dcesrv_dssetup_DsRoleUpgradeDownlevelServer(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+					     struct dssetup_DsRoleUpgradeDownlevelServer *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  dssetup_DsRoleAbortDownlevelServerUpgrade
+*/
+static WERROR dcesrv_dssetup_DsRoleAbortDownlevelServerUpgrade(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+						  struct dssetup_DsRoleAbortDownlevelServerUpgrade *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* include the generated boilerplate */
+#include "librpc/gen_ndr/ndr_dssetup_s.c"
+
+NTSTATUS dcerpc_server_lsa_init(TALLOC_CTX *ctx)
+{
+	NTSTATUS ret;
+
+	ret = dcerpc_server_dssetup_init(ctx);
+	if (!NT_STATUS_IS_OK(ret)) {
+		return ret;
+	}
+	ret = dcerpc_server_lsarpc_init(ctx);
+	if (!NT_STATUS_IS_OK(ret)) {
+		return ret;
+	}
+	return ret;
+}
diff --git a/source4/rpc_server/lsa/lsa.h b/source4/rpc_server/lsa/lsa.h
new file mode 100644
index 0000000..5c00ba5
--- /dev/null
+++ b/source4/rpc_server/lsa/lsa.h
@@ -0,0 +1,70 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   endpoint server for the lsarpc pipe
+
+   Copyright (C) Andrew Tridgell 2004
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "rpc_server/dcerpc_server.h"
+#include "rpc_server/common/common.h"
+#include "auth/auth.h"
+#include "dsdb/samdb/samdb.h"
+#include "libcli/ldap/ldap_ndr.h"
+#include <ldb_errors.h>
+#include "libcli/security/security.h"
+#include "libcli/auth/libcli_auth.h"
+#include "param/secrets.h"
+#include "../lib/util/util_ldb.h"
+#include "librpc/gen_ndr/ndr_dssetup.h"
+#include "param/param.h"
+
+/*
+  state associated with a lsa_OpenPolicy() operation
+*/
+struct lsa_policy_state {
+	struct dcesrv_handle *handle;
+	struct ldb_context *sam_ldb;
+	struct ldb_context *pdb;
+	struct ldb_dn *domain_dn;
+	struct ldb_dn *forest_dn;
+	struct ldb_dn *builtin_dn;
+	struct ldb_dn *system_dn;
+	const char *domain_name;
+	const char *domain_dns;
+	const char *forest_dns;
+	struct dom_sid *domain_sid;
+	struct GUID domain_guid;
+	struct dom_sid *builtin_sid;
+	struct dom_sid *nt_authority_sid;
+	struct dom_sid *creator_owner_domain_sid;
+	struct dom_sid *world_domain_sid;
+	int mixed_domain;
+	struct security_descriptor *sd;
+	uint32_t access_mask;
+};
+
+enum lsa_handle {
+	LSA_HANDLE_POLICY,
+	LSA_HANDLE_ACCOUNT,
+	LSA_HANDLE_SECRET,
+	LSA_HANDLE_TRUSTED_DOMAIN
+};
+
+#include "rpc_server/lsa/proto.h"
+
diff --git a/source4/rpc_server/lsa/lsa_init.c b/source4/rpc_server/lsa/lsa_init.c
new file mode 100644
index 0000000..575bc6f
--- /dev/null
+++ b/source4/rpc_server/lsa/lsa_init.c
@@ -0,0 +1,356 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   endpoint server for the lsarpc pipe
+
+   Copyright (C) Andrew Tridgell 2004
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2007
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "rpc_server/lsa/lsa.h"
+
+/*
+ * This matches a Windows 2012R2 dc in
+ * a domain with function level 2012R2.
+ */
+#define DCESRV_LSA_POLICY_SD_SDDL \
+	"O:BAG:SY" \
+	"D:" \
+	"(D;;0x00000800;;;AN)" \
+	"(A;;0x000f1fff;;;BA)" \
+	"(A;;0x00020801;;;WD)" \
+	"(A;;0x00000801;;;AN)" \
+	"(A;;0x00001000;;;LS)" \
+	"(A;;0x00001000;;;NS)" \
+	"(A;;0x00001000;;;S-1-5-17)" \
+	"(A;;0x00000801;;;AC)" \
+	"(A;;0x00000801;;;S-1-15-2-2)"
+
+static const struct generic_mapping dcesrv_lsa_policy_mapping = {
+	LSA_POLICY_READ,
+	LSA_POLICY_WRITE,
+	LSA_POLICY_EXECUTE,
+	LSA_POLICY_ALL_ACCESS
+};
+
+NTSTATUS dcesrv_lsa_get_policy_state(struct dcesrv_call_state *dce_call,
+				     TALLOC_CTX *mem_ctx,
+				     uint32_t access_desired,
+				     struct lsa_policy_state **_state)
+{
+	struct auth_session_info *session_info =
+		dcesrv_call_session_info(dce_call);
+	enum security_user_level security_level;
+	struct lsa_policy_state *state;
+	struct ldb_result *dom_res;
+	const char *dom_attrs[] = {
+		"objectSid",
+		"objectGUID",
+		"nTMixedDomain",
+		"fSMORoleOwner",
+		NULL
+	};
+	char *p;
+	int ret;
+
+	state = talloc_zero(mem_ctx, struct lsa_policy_state);
+	if (!state) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* make sure the sam database is accessible */
+	state->sam_ldb = dcesrv_samdb_connect_as_user(state, dce_call);
+	if (state->sam_ldb == NULL) {
+		return NT_STATUS_INVALID_SYSTEM_SERVICE;
+	}
+
+	/* and the privilege database */
+	state->pdb = privilege_connect(state, dce_call->conn->dce_ctx->lp_ctx);
+	if (state->pdb == NULL) {
+		return NT_STATUS_INVALID_SYSTEM_SERVICE;
+	}
+
+	/* work out the domain_dn - useful for so many calls its worth
+	   fetching here */
+	state->domain_dn = ldb_get_default_basedn(state->sam_ldb);
+	if (!state->domain_dn) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* work out the forest root_dn - useful for so many calls its worth
+	   fetching here */
+	state->forest_dn = ldb_get_root_basedn(state->sam_ldb);
+	if (!state->forest_dn) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ret = ldb_search(state->sam_ldb, mem_ctx, &dom_res,
+			 state->domain_dn, LDB_SCOPE_BASE, dom_attrs, NULL);
+	if (ret != LDB_SUCCESS) {
+		return NT_STATUS_INVALID_SYSTEM_SERVICE;
+	}
+	if (dom_res->count != 1) {
+		return NT_STATUS_NO_SUCH_DOMAIN;
+	}
+
+	state->domain_sid = samdb_result_dom_sid(state, dom_res->msgs[0], "objectSid");
+	if (!state->domain_sid) {
+		return NT_STATUS_NO_SUCH_DOMAIN;
+	}
+
+	state->domain_guid = samdb_result_guid(dom_res->msgs[0], "objectGUID");
+
+	state->mixed_domain = ldb_msg_find_attr_as_uint(dom_res->msgs[0], "nTMixedDomain", 0);
+
+	talloc_free(dom_res);
+
+	state->domain_name = lpcfg_sam_name(dce_call->conn->dce_ctx->lp_ctx);
+
+	state->domain_dns = ldb_dn_canonical_string(state, state->domain_dn);
+	if (!state->domain_dns) {
+		return NT_STATUS_NO_SUCH_DOMAIN;
+	}
+	p = strchr(state->domain_dns, '/');
+	if (p) {
+		*p = '\0';
+	}
+
+	state->forest_dns = ldb_dn_canonical_string(state, state->forest_dn);
+	if (!state->forest_dns) {
+		return NT_STATUS_NO_SUCH_DOMAIN;
+	}
+	p = strchr(state->forest_dns, '/');
+	if (p) {
+		*p = '\0';
+	}
+
+	/* work out the builtin_dn - useful for so many calls its worth
+	   fetching here */
+	state->builtin_dn = samdb_search_dn(state->sam_ldb, state, state->domain_dn, "(objectClass=builtinDomain)");
+	if (!state->builtin_dn) {
+		return NT_STATUS_NO_SUCH_DOMAIN;
+	}
+
+	/* work out the system_dn - useful for so many calls its worth
+	   fetching here */
+	state->system_dn = samdb_system_container_dn(state->sam_ldb, state);
+	if (state->system_dn == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	state->builtin_sid = dom_sid_parse_talloc(state, SID_BUILTIN);
+	if (!state->builtin_sid) {
+		return NT_STATUS_NO_SUCH_DOMAIN;
+	}
+
+	state->nt_authority_sid = dom_sid_parse_talloc(state, SID_NT_AUTHORITY);
+	if (!state->nt_authority_sid) {
+		return NT_STATUS_NO_SUCH_DOMAIN;
+	}
+
+	state->creator_owner_domain_sid = dom_sid_parse_talloc(state, SID_CREATOR_OWNER_DOMAIN);
+	if (!state->creator_owner_domain_sid) {
+		return NT_STATUS_NO_SUCH_DOMAIN;
+	}
+
+	state->world_domain_sid = dom_sid_parse_talloc(state, SID_WORLD_DOMAIN);
+	if (!state->world_domain_sid) {
+		return NT_STATUS_NO_SUCH_DOMAIN;
+	}
+
+	state->sd = sddl_decode(state, DCESRV_LSA_POLICY_SD_SDDL,
+				state->domain_sid);
+	if (state->sd == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	state->sd->dacl->revision = SECURITY_ACL_REVISION_NT4;
+
+	se_map_generic(&access_desired, &dcesrv_lsa_policy_mapping);
+	security_acl_map_generic(state->sd->dacl, &dcesrv_lsa_policy_mapping);
+
+	security_level = security_session_user_level(session_info, NULL);
+	if (security_level >= SECURITY_SYSTEM) {
+		/*
+		 * The security descriptor doesn't allow system,
+		 * but we want to allow system via ncalrpc as root.
+		 */
+		state->access_mask = access_desired;
+		if (state->access_mask & SEC_FLAG_MAXIMUM_ALLOWED) {
+			state->access_mask &= ~SEC_FLAG_MAXIMUM_ALLOWED;
+			state->access_mask |= LSA_POLICY_ALL_ACCESS;
+		}
+	} else {
+		NTSTATUS status;
+
+		status = se_access_check(state->sd,
+					 session_info->security_token,
+					 access_desired,
+					 &state->access_mask);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(2,("%s: access desired[0x%08X] rejected[0x%08X] - %s\n",
+				 __func__,
+				 (unsigned)access_desired,
+				 (unsigned)state->access_mask,
+				 nt_errstr(status)));
+			return status;
+		}
+	}
+
+	DEBUG(10,("%s: access desired[0x%08X] granted[0x%08X] - success.\n",
+		  __func__,
+		 (unsigned)access_desired,
+		 (unsigned)state->access_mask));
+
+	*_state = state;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  lsa_OpenPolicy3
+*/
+NTSTATUS dcesrv_lsa_OpenPolicy3(struct dcesrv_call_state *dce_call,
+				TALLOC_CTX *mem_ctx,
+				struct lsa_OpenPolicy3 *r)
+{
+	enum dcerpc_transport_t transport =
+		dcerpc_binding_get_transport(dce_call->conn->endpoint->ep_description);
+	struct lsa_policy_state *state = NULL;
+	struct dcesrv_handle *handle = NULL;
+	NTSTATUS status;
+
+	if (transport != NCACN_NP && transport != NCALRPC) {
+		DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
+	}
+
+	ZERO_STRUCTP(r->out.handle);
+
+	/*
+	 * The attributes have no effect and MUST be ignored, except the
+	 * root_dir which MUST be NULL.
+	 */
+	if (r->in.attr != NULL && r->in.attr->root_dir != NULL) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	switch (r->in.in_version) {
+	case 1:
+		*r->out.out_version = 1;
+
+		r->out.out_revision_info->info1.revision = 1;
+		/* TODO: Enable as soon as we support it */
+#if 0
+		r->out.out_revision_info->info1.supported_features =
+				LSA_FEATURE_TDO_AUTH_INFO_AES_CIPHER;
+#endif
+
+		break;
+	default:
+		return NT_STATUS_NOT_SUPPORTED;
+	}
+
+	status = dcesrv_lsa_get_policy_state(dce_call, mem_ctx,
+					     r->in.access_mask,
+					     &state);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	handle = dcesrv_handle_create(dce_call, LSA_HANDLE_POLICY);
+	if (handle == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	handle->data = talloc_steal(handle, state);
+
+	state->handle = handle;
+	*r->out.handle = handle->wire_handle;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  lsa_OpenPolicy2
+*/
+NTSTATUS dcesrv_lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				struct lsa_OpenPolicy2 *r)
+{
+	enum dcerpc_transport_t transport =
+		dcerpc_binding_get_transport(dce_call->conn->endpoint->ep_description);
+	NTSTATUS status;
+	struct lsa_policy_state *state;
+	struct dcesrv_handle *handle;
+
+	if (transport != NCACN_NP && transport != NCALRPC) {
+		DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
+	}
+
+	ZERO_STRUCTP(r->out.handle);
+
+	if (r->in.attr != NULL &&
+	    r->in.attr->root_dir != NULL) {
+		/* MS-LSAD 3.1.4.4.1 */
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	status = dcesrv_lsa_get_policy_state(dce_call, mem_ctx,
+					     r->in.access_mask,
+					     &state);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	handle = dcesrv_handle_create(dce_call, LSA_HANDLE_POLICY);
+	if (!handle) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	handle->data = talloc_steal(handle, state);
+
+	state->handle = handle;
+	*r->out.handle = handle->wire_handle;
+
+	/* note that we have completely ignored the attr element of
+	   the OpenPolicy. As far as I can tell, this is what w2k3
+	   does */
+
+	return NT_STATUS_OK;
+}
+
+/*
+  lsa_OpenPolicy
+  a wrapper around lsa_OpenPolicy2
+*/
+NTSTATUS dcesrv_lsa_OpenPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				struct lsa_OpenPolicy *r)
+{
+	enum dcerpc_transport_t transport =
+		dcerpc_binding_get_transport(dce_call->conn->endpoint->ep_description);
+	struct lsa_OpenPolicy2 r2;
+
+	if (transport != NCACN_NP && transport != NCALRPC) {
+		DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
+	}
+
+	r2 = (struct lsa_OpenPolicy2) {
+		.in.attr = r->in.attr,
+		.in.access_mask = r->in.access_mask,
+		.out.handle = r->out.handle,
+	};
+
+	return dcesrv_lsa_OpenPolicy2(dce_call, mem_ctx, &r2);
+}
+
+
diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c
new file mode 100644
index 0000000..ca3ad4f
--- /dev/null
+++ b/source4/rpc_server/lsa/lsa_lookup.c
@@ -0,0 +1,2275 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   endpoint server for the lsarpc pipe
+
+   Copyright (C) Andrew Tridgell 2004
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2007
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "rpc_server/lsa/lsa.h"
+#include "libds/common/roles.h"
+#include "libds/common/flag_mapping.h"
+#include "lib/messaging/irpc.h"
+#include "librpc/gen_ndr/ndr_lsa_c.h"
+
+struct dcesrv_lsa_TranslatedItem {
+	enum lsa_SidType type;
+	const struct dom_sid *sid;
+	const char *name;
+	const char *authority_name;
+	const struct dom_sid *authority_sid;
+	uint32_t flags;
+	uint32_t wb_idx;
+	bool done;
+	struct {
+		const char *domain; /* only $DOMAIN\ */
+		const char *namespace; /* $NAMESPACE\ or @$NAMESPACE */
+		const char *principal; /* \$PRINCIPAL or $PRIN@IPAL */
+		const char *sid; /* "S-1-5-21-9000-8000-7000-6000" */
+		const char *rid; /* "00001770" */
+	} hints;
+};
+
+struct dcesrv_lsa_LookupSids_base_state;
+struct dcesrv_lsa_LookupNames_base_state;
+
+struct dcesrv_lsa_Lookup_view {
+	const char *name;
+	NTSTATUS (*lookup_sid)(struct dcesrv_lsa_LookupSids_base_state *state,
+			       struct dcesrv_lsa_TranslatedItem *item);
+	NTSTATUS (*lookup_name)(struct dcesrv_lsa_LookupNames_base_state *state,
+				struct dcesrv_lsa_TranslatedItem *item);
+};
+
+struct dcesrv_lsa_Lookup_view_table {
+	const char *name;
+	size_t count;
+	const struct dcesrv_lsa_Lookup_view **array;
+};
+
+static const struct dcesrv_lsa_Lookup_view_table *dcesrv_lsa_view_table(
+	enum lsa_LookupNamesLevel level);
+
+/*
+  lookup a SID for 1 name
+*/
+static NTSTATUS dcesrv_lsa_lookup_name(struct lsa_policy_state *state,
+				       TALLOC_CTX *mem_ctx,
+				       const char *domain_name,
+				       const struct dom_sid *domain_sid,
+				       struct ldb_dn *domain_dn,
+				       const char *principal,
+				       const struct dom_sid **p_sid,
+				       enum lsa_SidType *p_type)
+{
+	const char * const attrs[] = { "objectSid", "sAMAccountType", NULL};
+	struct ldb_message **res = NULL;
+	const char *nt4_account = NULL;
+	char *encoded_account = NULL;
+	const char *at = NULL;
+	NTSTATUS status;
+	const struct dom_sid *sid = NULL;
+	uint32_t atype;
+	enum lsa_SidType type;
+	bool match = false;
+	int ret;
+
+	if ((principal == NULL) || (principal[0] == '\0')) {
+		return NT_STATUS_NONE_MAPPED;
+	}
+
+	at = strchr(principal, '@');
+	if (at != NULL) {
+		const char *nt4_domain = NULL;
+
+		status = crack_name_to_nt4_name(mem_ctx,
+						state->sam_ldb,
+						DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
+						principal,
+						&nt4_domain,
+						&nt4_account);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(3, ("Failed to crack name %s into an NT4 name: %s\n",
+				  principal, nt_errstr(status)));
+			return status;
+		}
+
+		match = strequal(nt4_domain, domain_name);
+		if (!match) {
+			/*
+			 * TODO: handle multiple domains in a forest.
+			 */
+			return NT_STATUS_NONE_MAPPED;
+		}
+	} else {
+		nt4_account = principal;
+	}
+
+	encoded_account = ldb_binary_encode_string(mem_ctx, nt4_account);
+	if (encoded_account == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ret = gendb_search(state->sam_ldb, mem_ctx, domain_dn, &res, attrs, 
+			   "(&(sAMAccountName=%s)(objectSid=*))", 
+			   encoded_account);
+	TALLOC_FREE(encoded_account);
+	if (ret < 0) {
+		return NT_STATUS_INTERNAL_DB_ERROR;
+	}
+	if (ret == 0) {
+		return NT_STATUS_NONE_MAPPED;
+	}
+	if (ret > 1) {
+		status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+		DBG_ERR("nt4_account[%s] found %d times (principal[%s]) - %s\n",
+			nt4_account, ret, principal, nt_errstr(status));
+		return status;
+	}
+
+	sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
+	if (sid == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* Check that this is in the domain */
+	match = dom_sid_in_domain(domain_sid, sid);
+	if (!match) {
+		return NT_STATUS_NONE_MAPPED;
+	}
+
+	atype = ldb_msg_find_attr_as_uint(res[0], "sAMAccountType", 0);
+	type = ds_atype_map(atype);
+	if (type == SID_NAME_UNKNOWN) {
+		return NT_STATUS_NONE_MAPPED;
+	}
+
+	*p_sid = sid;
+	*p_type = type;
+	return NT_STATUS_OK;
+}
+
+
+/*
+  add to the lsa_RefDomainList for LookupSids and LookupNames
+*/
+static NTSTATUS dcesrv_lsa_authority_list(const char *authority_name,
+					  const struct dom_sid *authority_sid,
+					  struct lsa_RefDomainList *domains,
+					  uint32_t *sid_index)
+{
+	uint32_t i;
+
+	*sid_index = UINT32_MAX;
+
+	if (authority_name == NULL) {
+		return NT_STATUS_OK;
+	}
+
+	/* see if we've already done this authority name */
+	for (i=0;i<domains->count;i++) {
+		if (strcasecmp_m(authority_name, domains->domains[i].name.string) == 0) {
+			*sid_index = i;
+			return NT_STATUS_OK;
+		}
+	}
+
+	domains->domains = talloc_realloc(domains, 
+					  domains->domains,
+					  struct lsa_DomainInfo,
+					  domains->count+1);
+	if (domains->domains == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	domains->domains[i].name.string = talloc_strdup(domains->domains,
+							authority_name);
+	if (domains->domains[i].name.string == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	domains->domains[i].sid         = dom_sid_dup(domains->domains,
+						      authority_sid);
+	if (domains->domains[i].sid == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	domains->count++;
+	domains->max_size = LSA_REF_DOMAIN_LIST_MULTIPLIER * domains->count;
+	*sid_index = i;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  lookup a name for 1 SID
+*/
+static NTSTATUS dcesrv_lsa_lookup_sid(struct lsa_policy_state *state,
+				      TALLOC_CTX *mem_ctx,
+				      const char *domain_name,
+				      const struct dom_sid *domain_sid,
+				      struct ldb_dn *domain_dn,
+				      const struct dom_sid *sid,
+				      const char **p_name,
+				      enum lsa_SidType *p_type)
+{
+	const char * const attrs[] = { "sAMAccountName", "sAMAccountType", NULL};
+	struct ldb_message **res = NULL;
+	char *encoded_sid = NULL;
+	const char *name = NULL;
+	uint32_t atype;
+	enum lsa_SidType type;
+	int ret;
+
+	encoded_sid = ldap_encode_ndr_dom_sid(mem_ctx, sid);
+	if (encoded_sid == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ret = gendb_search(state->sam_ldb, mem_ctx, domain_dn, &res, attrs, 
+			   "(&(objectSid=%s)(sAMAccountName=*))", encoded_sid);
+	TALLOC_FREE(encoded_sid);
+	if (ret < 0) {
+		return NT_STATUS_INTERNAL_DB_ERROR;
+	}
+	if (ret == 0) {
+		return NT_STATUS_NONE_MAPPED;
+	}
+	if (ret > 1) {
+		NTSTATUS status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+		DBG_ERR("sid[%s] found %d times - %s\n",
+			dom_sid_string(mem_ctx, sid), ret, nt_errstr(status));
+		return status;
+	}
+
+	name = ldb_msg_find_attr_as_string(res[0], "sAMAccountName", NULL);
+	if (name == NULL) {
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	atype = ldb_msg_find_attr_as_uint(res[0], "sAMAccountType", 0);
+	type = ds_atype_map(atype);
+	if (type == SID_NAME_UNKNOWN) {
+		return NT_STATUS_NONE_MAPPED;
+	}
+
+	*p_name = name;
+	*p_type = type;
+	return NT_STATUS_OK;
+}
+
+struct dcesrv_lsa_LookupSids_base_state {
+	struct dcesrv_call_state *dce_call;
+
+	TALLOC_CTX *mem_ctx;
+
+	struct lsa_policy_state *policy_state;
+
+	struct lsa_LookupSids3 r;
+
+	const struct dcesrv_lsa_Lookup_view_table *view_table;
+	struct dcesrv_lsa_TranslatedItem *items;
+
+	struct dsdb_trust_routing_table *routing_table;
+
+	struct {
+		struct dcerpc_binding_handle *irpc_handle;
+		struct lsa_SidArray sids;
+		struct lsa_RefDomainList *domains;
+		struct lsa_TransNameArray2 names;
+		uint32_t count;
+		NTSTATUS result;
+	} wb;
+
+	struct {
+		struct lsa_LookupSids *l;
+		struct lsa_LookupSids2 *l2;
+		struct lsa_LookupSids3 *l3;
+	} _r;
+};
+
+static NTSTATUS dcesrv_lsa_LookupSids_base_finish(
+	struct dcesrv_lsa_LookupSids_base_state *state);
+static void dcesrv_lsa_LookupSids_base_map(
+	struct dcesrv_lsa_LookupSids_base_state *state);
+static void dcesrv_lsa_LookupSids_base_done(struct tevent_req *subreq);
+
+static NTSTATUS dcesrv_lsa_LookupSids_base_call(struct dcesrv_lsa_LookupSids_base_state *state)
+{
+	struct lsa_LookupSids3 *r = &state->r;
+	struct tevent_req *subreq = NULL;
+	uint32_t v;
+	uint32_t i;
+
+	*r->out.domains = NULL;
+	r->out.names->count = 0;
+	r->out.names->names = NULL;
+	*r->out.count = 0;
+
+	state->view_table = dcesrv_lsa_view_table(r->in.level);
+	if (state->view_table == NULL) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	*r->out.domains = talloc_zero(r->out.domains, struct lsa_RefDomainList);
+	if (*r->out.domains == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	r->out.names->names = talloc_zero_array(r->out.names,
+						struct lsa_TranslatedName2,
+						r->in.sids->num_sids);
+	if (r->out.names->names == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	state->items = talloc_zero_array(state,
+					 struct dcesrv_lsa_TranslatedItem,
+					 r->in.sids->num_sids);
+	if (state->items == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i=0;i<r->in.sids->num_sids;i++) {
+		struct dcesrv_lsa_TranslatedItem *item = &state->items[i];
+		uint32_t rid = 0;
+
+		if (r->in.sids->sids[i].sid == NULL) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		item->type = SID_NAME_UNKNOWN;
+		item->sid = r->in.sids->sids[i].sid;
+
+		item->hints.sid = dom_sid_string(state->items, item->sid);
+		if (item->hints.sid == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		dom_sid_split_rid(state->items, item->sid, NULL, &rid);
+		item->hints.rid = talloc_asprintf(state->items,
+						  "%08X", (unsigned)rid);
+		if (item->hints.rid == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
+	for (v=0; v < state->view_table->count; v++) {
+		const struct dcesrv_lsa_Lookup_view *view =
+			state->view_table->array[v];
+
+		for (i=0; i < r->in.sids->num_sids; i++) {
+			struct dcesrv_lsa_TranslatedItem *item = &state->items[i];
+			NTSTATUS status;
+
+			if (item->done) {
+				continue;
+			}
+
+			status = view->lookup_sid(state, item);
+			if (NT_STATUS_IS_OK(status)) {
+				item->done = true;
+			} else if (NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
+				status = NT_STATUS_OK;
+			} else if (NT_STATUS_EQUAL(status, NT_STATUS_SOME_NOT_MAPPED)) {
+				status = NT_STATUS_OK;
+			}
+			if (!NT_STATUS_IS_OK(status)) {
+				return status;
+			}
+		}
+	}
+
+	if (state->wb.irpc_handle == NULL) {
+		return dcesrv_lsa_LookupSids_base_finish(state);
+	}
+
+	state->wb.sids.sids = talloc_zero_array(state, struct lsa_SidPtr,
+						r->in.sids->num_sids);
+	if (state->wb.sids.sids == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i=0; i < r->in.sids->num_sids; i++) {
+		struct dcesrv_lsa_TranslatedItem *item = &state->items[i];
+
+		if (item->done) {
+			continue;
+		}
+
+		item->wb_idx = state->wb.sids.num_sids;
+		state->wb.sids.sids[item->wb_idx] = r->in.sids->sids[i];
+		state->wb.sids.num_sids++;
+	}
+
+	subreq = dcerpc_lsa_LookupSids3_send(state,
+					     state->dce_call->event_ctx,
+					     state->wb.irpc_handle,
+					     &state->wb.sids,
+					     &state->wb.domains,
+					     &state->wb.names,
+					     state->r.in.level,
+					     &state->wb.count,
+					     state->r.in.lookup_options,
+					     state->r.in.client_revision);
+	if (subreq == NULL) {
+		return NT_STATUS_NO_MEMORY;;
+	}
+	state->dce_call->state_flags |= DCESRV_CALL_STATE_FLAG_ASYNC;
+	tevent_req_set_callback(subreq,
+				dcesrv_lsa_LookupSids_base_done,
+				state);
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS dcesrv_lsa_LookupSids_base_finish(
+	struct dcesrv_lsa_LookupSids_base_state *state)
+{
+	struct lsa_LookupSids3 *r = &state->r;
+	uint32_t i;
+
+	for (i=0;i<r->in.sids->num_sids;i++) {
+		struct dcesrv_lsa_TranslatedItem *item = &state->items[i];
+		NTSTATUS status;
+		uint32_t sid_index = UINT32_MAX;
+
+		status = dcesrv_lsa_authority_list(item->authority_name,
+						   item->authority_sid,
+						   *r->out.domains,
+						   &sid_index);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+
+		if (item->name == NULL && r->in.level == LSA_LOOKUP_NAMES_ALL) {
+			if (sid_index == UINT32_MAX) {
+				item->name = item->hints.sid;
+			} else {
+				item->name = item->hints.rid;
+			}
+		}
+
+		r->out.names->names[i].sid_type    = item->type;
+		r->out.names->names[i].name.string = item->name;
+		r->out.names->names[i].sid_index   = sid_index;
+		r->out.names->names[i].unknown     = item->flags;
+
+		r->out.names->count++;
+		if (item->type != SID_NAME_UNKNOWN) {
+			(*r->out.count)++;
+		}
+	}
+
+	if (*r->out.count == 0) {
+		return NT_STATUS_NONE_MAPPED;
+	}
+	if (*r->out.count != r->in.sids->num_sids) {
+		return STATUS_SOME_UNMAPPED;
+	}
+
+	return NT_STATUS_OK;
+}
+
+static void dcesrv_lsa_LookupSids_base_map(
+	struct dcesrv_lsa_LookupSids_base_state *state)
+{
+	if (state->_r.l3 != NULL) {
+		struct lsa_LookupSids3 *r = state->_r.l3;
+
+		r->out.result = state->r.out.result;
+		return;
+	}
+
+	if (state->_r.l2 != NULL) {
+		struct lsa_LookupSids2 *r = state->_r.l2;
+
+		r->out.result = state->r.out.result;
+		return;
+	}
+
+	if (state->_r.l != NULL) {
+		struct lsa_LookupSids *r = state->_r.l;
+		uint32_t i;
+
+		r->out.result = state->r.out.result;
+
+		SMB_ASSERT(state->r.out.names->count <= r->in.sids->num_sids);
+		for (i = 0; i < state->r.out.names->count; i++) {
+			struct lsa_TranslatedName2 *n2 =
+				&state->r.out.names->names[i];
+			struct lsa_TranslatedName *n =
+				&r->out.names->names[i];
+
+			n->sid_type = n2->sid_type;
+			n->name = n2->name;
+			n->sid_index = n2->sid_index;
+		}
+		r->out.names->count = state->r.out.names->count;
+		return;
+	}
+}
+
+static void dcesrv_lsa_LookupSids_base_done(struct tevent_req *subreq)
+{
+	struct dcesrv_lsa_LookupSids_base_state *state =
+		tevent_req_callback_data(subreq,
+		struct dcesrv_lsa_LookupSids_base_state);
+	struct dcesrv_call_state *dce_call = state->dce_call;
+	NTSTATUS status;
+	uint32_t i;
+
+	status = dcerpc_lsa_LookupSids3_recv(subreq, state->mem_ctx,
+					     &state->wb.result);
+	TALLOC_FREE(subreq);
+	TALLOC_FREE(state->wb.irpc_handle);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
+		DEBUG(0,(__location__ ": IRPC callback failed %s\n",
+			 nt_errstr(status)));
+		goto finished;
+	} else if (!NT_STATUS_IS_OK(status)) {
+		state->dce_call->fault_code = DCERPC_FAULT_CANT_PERFORM;
+		DEBUG(0,(__location__ ": IRPC callback failed %s\n",
+			 nt_errstr(status)));
+		goto finished;
+	}
+
+	status = state->wb.result;
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
+		status = NT_STATUS_OK;
+	} else if (NT_STATUS_EQUAL(status, NT_STATUS_SOME_NOT_MAPPED)) {
+		status = NT_STATUS_OK;
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		goto finished;
+	}
+
+	for (i=0; i < state->r.in.sids->num_sids; i++) {
+		struct dcesrv_lsa_TranslatedItem *item = &state->items[i];
+		struct lsa_TranslatedName2 *s2 = NULL;
+		struct lsa_DomainInfo *d = NULL;
+
+		if (item->done) {
+			continue;
+		}
+
+		if (item->wb_idx >= state->wb.names.count) {
+			status = NT_STATUS_INTERNAL_ERROR;
+			goto finished;
+		}
+
+		s2 = &state->wb.names.names[item->wb_idx];
+
+		item->type = s2->sid_type;
+		item->name = s2->name.string;
+		item->flags = s2->unknown;
+
+		if (s2->sid_index == UINT32_MAX) {
+			continue;
+		}
+
+		if (state->wb.domains == NULL) {
+			status = NT_STATUS_INTERNAL_ERROR;
+			goto finished;
+		}
+
+		if (s2->sid_index >= state->wb.domains->count) {
+			status = NT_STATUS_INTERNAL_ERROR;
+			goto finished;
+		}
+
+		d = &state->wb.domains->domains[s2->sid_index];
+
+		item->authority_name = d->name.string;
+		item->authority_sid = d->sid;
+	}
+
+	status = dcesrv_lsa_LookupSids_base_finish(state);
+ finished:
+	state->r.out.result = status;
+	dcesrv_lsa_LookupSids_base_map(state);
+
+	dcesrv_async_reply(dce_call);
+}
+
+/*
+  lsa_LookupSids2
+*/
+NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call,
+				TALLOC_CTX *mem_ctx,
+				struct lsa_LookupSids2 *r)
+{
+	enum dcerpc_transport_t transport =
+		dcerpc_binding_get_transport(dce_call->conn->endpoint->ep_description);
+	struct dcesrv_lsa_LookupSids_base_state *state = NULL;
+	struct dcesrv_handle *policy_handle = NULL;
+	NTSTATUS status;
+
+	if (transport != NCACN_NP && transport != NCALRPC) {
+		DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
+	}
+
+	DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
+
+	*r->out.domains = NULL;
+	r->out.names->count = 0;
+	r->out.names->names = NULL;
+	*r->out.count = 0;
+
+	state = talloc_zero(mem_ctx, struct dcesrv_lsa_LookupSids_base_state);
+	if (state == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	state->dce_call = dce_call;
+	state->mem_ctx = mem_ctx;
+
+	state->policy_state = policy_handle->data;
+
+	state->r.in.sids = r->in.sids;
+	state->r.in.level = r->in.level;
+	state->r.in.lookup_options = r->in.lookup_options;
+	state->r.in.client_revision = r->in.client_revision;
+	state->r.in.names = r->in.names;
+	state->r.in.count = r->in.count;
+	state->r.out.domains = r->out.domains;
+	state->r.out.names = r->out.names;
+	state->r.out.count = r->out.count;
+
+	state->_r.l2 = r;
+
+	status = dcesrv_lsa_LookupSids_base_call(state);
+
+	if (dce_call->state_flags & DCESRV_CALL_STATE_FLAG_ASYNC) {
+		return status;
+	}
+
+	state->r.out.result = status;
+	dcesrv_lsa_LookupSids_base_map(state);
+	return status;
+}
+
+/* A random hexadecimal number (honest!) */
+#define LSA_SERVER_IMPLICIT_POLICY_STATE_MAGIC 0xc0c99e00
+
+/*
+  Ensure we're operating on an schannel connection,
+  and use a lsa_policy_state cache on the connection.
+*/
+static NTSTATUS schannel_call_setup(struct dcesrv_call_state *dce_call,
+				    struct lsa_policy_state **_policy_state)
+{
+	struct lsa_policy_state *policy_state = NULL;
+	enum dcerpc_transport_t transport =
+		dcerpc_binding_get_transport(dce_call->conn->endpoint->ep_description);
+	enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
+	if (transport != NCACN_IP_TCP) {
+		/* We can't call DCESRV_FAULT() in the sub-function */
+		dce_call->fault_code = DCERPC_FAULT_ACCESS_DENIED;
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	/*
+	 * We don't have policy handles on this call. So this must be restricted
+	 * to crypto connections only.
+	 *
+	 * NB. gensec requires schannel connections to
+	 * have at least DCERPC_AUTH_LEVEL_INTEGRITY.
+	 */
+	dcesrv_call_auth_info(dce_call, &auth_type, NULL);
+	if (auth_type != DCERPC_AUTH_TYPE_SCHANNEL) {
+		/* We can't call DCESRV_FAULT() in the sub-function */
+		dce_call->fault_code = DCERPC_FAULT_ACCESS_DENIED;
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	/*
+	 * We don't have a policy handle on this call, so we want to
+	 * make a policy state and cache it for the life of the
+	 * connection, to avoid re-opening the DB each call.
+	 */
+	policy_state
+		= dcesrv_iface_state_find_conn(dce_call,
+					       LSA_SERVER_IMPLICIT_POLICY_STATE_MAGIC,
+					       struct lsa_policy_state);
+
+	if (policy_state == NULL) {
+		NTSTATUS status
+			= dcesrv_lsa_get_policy_state(dce_call,
+						      dce_call /* mem_ctx */,
+						      0, /* we skip access checks */
+						      &policy_state);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+
+		/*
+		 * This will talloc_steal() policy_state onto the
+		 * connection, which has longer lifetime than the
+		 * immediate caller requires
+		 */
+		status = dcesrv_iface_state_store_conn(dce_call,
+						       LSA_SERVER_IMPLICIT_POLICY_STATE_MAGIC,
+						       policy_state);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+	}
+	*_policy_state = policy_state;
+	return NT_STATUS_OK;
+}
+
+/*
+  lsa_LookupSids3
+
+  Identical to LookupSids2, but doesn't take a policy handle
+
+*/
+NTSTATUS dcesrv_lsa_LookupSids3(struct dcesrv_call_state *dce_call,
+				TALLOC_CTX *mem_ctx,
+				struct lsa_LookupSids3 *r)
+{
+	struct dcesrv_lsa_LookupSids_base_state *state = NULL;
+	NTSTATUS status;
+
+	*r->out.domains = NULL;
+	r->out.names->count = 0;
+	r->out.names->names = NULL;
+	*r->out.count = 0;
+
+	state = talloc_zero(mem_ctx, struct dcesrv_lsa_LookupSids_base_state);
+	if (state == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/*
+	 * We don't have a policy handle on this call, so we want to
+	 * make a policy state and cache it for the life of the
+	 * connection, to avoid re-opening the DB each call.
+	 *
+	 * This also enforces that this is only available over
+	 * ncacn_ip_tcp and with SCHANNEL.
+	 *
+	 * schannel_call_setup may also set the fault state.
+	 *
+	 * state->policy_state is shared between all calls on this
+	 * connection and is moved with talloc_steal() under the
+	 * connection, not dce_call or state.
+	 */
+	status = schannel_call_setup(dce_call, &state->policy_state);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	state->dce_call = dce_call;
+	state->mem_ctx = mem_ctx;
+	state->r.in.sids = r->in.sids;
+	state->r.in.level = r->in.level;
+	state->r.in.lookup_options = r->in.lookup_options;
+	state->r.in.client_revision = r->in.client_revision;
+	state->r.in.names = r->in.names;
+	state->r.in.count = r->in.count;
+	state->r.out.domains = r->out.domains;
+	state->r.out.names = r->out.names;
+	state->r.out.count = r->out.count;
+
+	state->_r.l3 = r;
+
+	status = dcesrv_lsa_LookupSids_base_call(state);
+
+	if (dce_call->state_flags & DCESRV_CALL_STATE_FLAG_ASYNC) {
+		return status;
+	}
+
+	state->r.out.result = status;
+	dcesrv_lsa_LookupSids_base_map(state);
+	return status;
+}
+
+
+/* 
+  lsa_LookupSids 
+*/
+NTSTATUS dcesrv_lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+			       struct lsa_LookupSids *r)
+{
+	enum dcerpc_transport_t transport =
+		dcerpc_binding_get_transport(dce_call->conn->endpoint->ep_description);
+	struct dcesrv_lsa_LookupSids_base_state *state = NULL;
+	struct dcesrv_handle *policy_handle = NULL;
+	NTSTATUS status;
+
+	if (transport != NCACN_NP && transport != NCALRPC) {
+		DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
+	}
+
+	DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
+
+	*r->out.domains = NULL;
+	r->out.names->count = 0;
+	r->out.names->names = NULL;
+	*r->out.count = 0;
+
+	r->out.names->names = talloc_zero_array(r->out.names,
+						struct lsa_TranslatedName,
+						r->in.sids->num_sids);
+	if (r->out.names->names == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	state = talloc_zero(mem_ctx, struct dcesrv_lsa_LookupSids_base_state);
+	if (state == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	state->dce_call = dce_call;
+	state->mem_ctx = mem_ctx;
+
+	state->policy_state = policy_handle->data;
+
+	state->r.in.sids = r->in.sids;
+	state->r.in.level = r->in.level;
+	state->r.in.lookup_options = LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES;
+	state->r.in.client_revision = LSA_CLIENT_REVISION_1;
+	state->r.in.names = talloc_zero(state, struct lsa_TransNameArray2);
+	if (state->r.in.names == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	state->r.in.count = r->in.count;
+	state->r.out.domains = r->out.domains;
+	state->r.out.names = talloc_zero(state, struct lsa_TransNameArray2);
+	if (state->r.out.names == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	state->r.out.count = r->out.count;
+
+	state->_r.l = r;
+
+	status = dcesrv_lsa_LookupSids_base_call(state);
+
+	if (dce_call->state_flags & DCESRV_CALL_STATE_FLAG_ASYNC) {
+		return status;
+	}
+
+	state->r.out.result = status;
+	dcesrv_lsa_LookupSids_base_map(state);
+	return status;
+}
+
+struct dcesrv_lsa_LookupNames_base_state {
+	struct dcesrv_call_state *dce_call;
+
+	TALLOC_CTX *mem_ctx;
+
+	struct lsa_policy_state *policy_state;
+
+	struct lsa_LookupNames4 r;
+
+	const struct dcesrv_lsa_Lookup_view_table *view_table;
+	struct dcesrv_lsa_TranslatedItem *items;
+
+	struct dsdb_trust_routing_table *routing_table;
+
+	struct {
+		struct dcerpc_binding_handle *irpc_handle;
+		uint32_t num_names;
+		struct lsa_String *names;
+		struct lsa_RefDomainList *domains;
+		struct lsa_TransSidArray3 sids;
+		uint32_t count;
+		NTSTATUS result;
+	} wb;
+
+	struct {
+		struct lsa_LookupNames *l;
+		struct lsa_LookupNames2 *l2;
+		struct lsa_LookupNames3 *l3;
+		struct lsa_LookupNames4 *l4;
+	} _r;
+};
+
+static NTSTATUS dcesrv_lsa_LookupNames_base_finish(
+	struct dcesrv_lsa_LookupNames_base_state *state);
+static void dcesrv_lsa_LookupNames_base_map(
+	struct dcesrv_lsa_LookupNames_base_state *state);
+static void dcesrv_lsa_LookupNames_base_done(struct tevent_req *subreq);
+
+static NTSTATUS dcesrv_lsa_LookupNames_base_call(struct dcesrv_lsa_LookupNames_base_state *state)
+{
+	struct lsa_LookupNames4 *r = &state->r;
+	enum lsa_LookupOptions invalid_lookup_options = 0;
+	struct tevent_req *subreq = NULL;
+	uint32_t v;
+	uint32_t i;
+
+	*r->out.domains = NULL;
+	r->out.sids->count = 0;
+	r->out.sids->sids = NULL;
+	*r->out.count = 0;
+
+	if (r->in.level != LSA_LOOKUP_NAMES_ALL) {
+		invalid_lookup_options |=
+			LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES_LOCAL;
+	}
+	if (r->in.lookup_options & invalid_lookup_options) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	state->view_table = dcesrv_lsa_view_table(r->in.level);
+	if (state->view_table == NULL) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	*r->out.domains = talloc_zero(r->out.domains, struct lsa_RefDomainList);
+	if (*r->out.domains == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	r->out.sids->sids = talloc_zero_array(r->out.sids,
+					      struct lsa_TranslatedSid3,
+					      r->in.num_names);
+	if (r->out.sids->sids == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	state->items = talloc_zero_array(state,
+					 struct dcesrv_lsa_TranslatedItem,
+					 r->in.num_names);
+	if (state->items == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i=0;i<r->in.num_names;i++) {
+		struct dcesrv_lsa_TranslatedItem *item = &state->items[i];
+		char *p = NULL;
+
+		item->type = SID_NAME_UNKNOWN;
+		item->name = r->in.names[i].string;
+		/*
+		 * Note: that item->name can be NULL!
+		 *
+		 * See test_LookupNames_NULL() in
+		 * source4/torture/rpc/lsa.c
+		 *
+		 * nt4 returns NT_STATUS_NONE_MAPPED with sid_type
+		 * SID_NAME_UNKNOWN, rid 0, and sid_index -1;
+		 *
+		 * w2k3/w2k8 return NT_STATUS_OK with sid_type
+		 * SID_NAME_DOMAIN, rid -1 and sid_index 0 and BUILTIN domain
+		 */
+		if (item->name == NULL) {
+			continue;
+		}
+
+		item->hints.principal = item->name;
+		p = strchr(item->name, '\\');
+		if (p != NULL && p != item->name) {
+			item->hints.domain = talloc_strndup(state->items,
+							    item->name,
+							    p - item->name);
+			if (item->hints.domain == NULL) {
+				return NT_STATUS_NO_MEMORY;
+			}
+			item->hints.namespace = item->hints.domain;
+			p++;
+			if (p[0] == '\0') {
+				/*
+				 * This is just 'BUILTIN\'.
+				 */
+				item->hints.principal = NULL;
+			} else {
+				item->hints.principal = p;
+			}
+		}
+		if (item->hints.domain == NULL) {
+			p = strchr(item->name, '@');
+			if (p != NULL && p != item->name && p[1] != '\0') {
+				item->hints.namespace = p + 1;
+			}
+		}
+	}
+
+	for (v=0; v < state->view_table->count; v++) {
+		const struct dcesrv_lsa_Lookup_view *view =
+			state->view_table->array[v];
+
+		for (i=0; i < r->in.num_names; i++) {
+			struct dcesrv_lsa_TranslatedItem *item = &state->items[i];
+			NTSTATUS status;
+
+			if (item->done) {
+				continue;
+			}
+
+			status = view->lookup_name(state, item);
+			if (NT_STATUS_IS_OK(status)) {
+				item->done = true;
+			} else if (NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
+				status = NT_STATUS_OK;
+			} else if (NT_STATUS_EQUAL(status, NT_STATUS_SOME_NOT_MAPPED)) {
+				status = NT_STATUS_OK;
+			}
+			if (!NT_STATUS_IS_OK(status)) {
+				return status;
+			}
+		}
+	}
+
+	if (state->wb.irpc_handle == NULL) {
+		return dcesrv_lsa_LookupNames_base_finish(state);
+	}
+
+	state->wb.names = talloc_zero_array(state, struct lsa_String,
+					    r->in.num_names);
+	if (state->wb.names == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i=0;i<r->in.num_names;i++) {
+		struct dcesrv_lsa_TranslatedItem *item = &state->items[i];
+
+		if (item->done) {
+			continue;
+		}
+
+		item->wb_idx = state->wb.num_names;
+		state->wb.names[item->wb_idx] = r->in.names[i];
+		state->wb.num_names++;
+	}
+
+	subreq = dcerpc_lsa_LookupNames4_send(state,
+					      state->dce_call->event_ctx,
+					      state->wb.irpc_handle,
+					      state->wb.num_names,
+					      state->wb.names,
+					      &state->wb.domains,
+					      &state->wb.sids,
+					      state->r.in.level,
+					      &state->wb.count,
+					      state->r.in.lookup_options,
+					      state->r.in.client_revision);
+	if (subreq == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	state->dce_call->state_flags |= DCESRV_CALL_STATE_FLAG_ASYNC;
+	tevent_req_set_callback(subreq,
+				dcesrv_lsa_LookupNames_base_done,
+				state);
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS dcesrv_lsa_LookupNames_base_finish(
+	struct dcesrv_lsa_LookupNames_base_state *state)
+{
+	struct lsa_LookupNames4 *r = &state->r;
+	uint32_t i;
+
+	for (i=0;i<r->in.num_names;i++) {
+		struct dcesrv_lsa_TranslatedItem *item = &state->items[i];
+		NTSTATUS status;
+		uint32_t sid_index = UINT32_MAX;
+
+		status = dcesrv_lsa_authority_list(item->authority_name,
+						   item->authority_sid,
+						   *r->out.domains,
+						   &sid_index);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+
+		r->out.sids->sids[i].sid_type  = item->type;
+		r->out.sids->sids[i].sid       = discard_const_p(struct dom_sid,
+								 item->sid);
+		r->out.sids->sids[i].sid_index = sid_index;
+		r->out.sids->sids[i].flags     = item->flags;
+
+		r->out.sids->count++;
+		if (item->type != SID_NAME_UNKNOWN) {
+			(*r->out.count)++;
+		}
+	}
+
+	if (*r->out.count == 0) {
+		return NT_STATUS_NONE_MAPPED;
+	}
+	if (*r->out.count != r->in.num_names) {
+		return STATUS_SOME_UNMAPPED;
+	}
+
+	return NT_STATUS_OK;
+}
+
+static void dcesrv_lsa_LookupNames_base_map(
+	struct dcesrv_lsa_LookupNames_base_state *state)
+{
+	if (state->_r.l4 != NULL) {
+		struct lsa_LookupNames4 *r = state->_r.l4;
+
+		r->out.result = state->r.out.result;
+		return;
+	}
+
+	if (state->_r.l3 != NULL) {
+		struct lsa_LookupNames3 *r = state->_r.l3;
+
+		r->out.result = state->r.out.result;
+		return;
+	}
+
+	if (state->_r.l2 != NULL) {
+		struct lsa_LookupNames2 *r = state->_r.l2;
+		uint32_t i;
+
+		r->out.result = state->r.out.result;
+
+		SMB_ASSERT(state->r.out.sids->count <= r->in.num_names);
+		for (i = 0; i < state->r.out.sids->count; i++) {
+			const struct lsa_TranslatedSid3 *s3 =
+				&state->r.out.sids->sids[i];
+			struct lsa_TranslatedSid2 *s2 =
+				&r->out.sids->sids[i];
+
+			s2->sid_type = s3->sid_type;
+			if (s3->sid_type == SID_NAME_DOMAIN) {
+				s2->rid = UINT32_MAX;
+			} else if (s3->flags & 0x00000004) {
+				s2->rid = UINT32_MAX;
+			} else if (s3->sid == NULL) {
+				/*
+				 * MS-LSAT 3.1.4.7 - rid zero is considered
+				 * equivalent to sid NULL - so we should return
+				 * 0 rid for unmapped entries
+				 */
+				s2->rid = 0;
+			} else {
+				s2->rid = 0;
+				dom_sid_split_rid(NULL, s3->sid,
+						  NULL, &s2->rid);
+			}
+			s2->sid_index = s3->sid_index;
+			s2->unknown = s3->flags;
+		}
+		r->out.sids->count = state->r.out.sids->count;
+		return;
+	}
+
+	if (state->_r.l != NULL) {
+		struct lsa_LookupNames *r = state->_r.l;
+		uint32_t i;
+
+		r->out.result = state->r.out.result;
+
+		SMB_ASSERT(state->r.out.sids->count <= r->in.num_names);
+		for (i = 0; i < state->r.out.sids->count; i++) {
+			struct lsa_TranslatedSid3 *s3 =
+				&state->r.out.sids->sids[i];
+			struct lsa_TranslatedSid *s =
+				&r->out.sids->sids[i];
+
+			s->sid_type = s3->sid_type;
+			if (s3->sid_type == SID_NAME_DOMAIN) {
+				s->rid = UINT32_MAX;
+			} else if (s3->flags & 0x00000004) {
+				s->rid = UINT32_MAX;
+			} else if (s3->sid == NULL) {
+				/*
+				 * MS-LSAT 3.1.4.7 - rid zero is considered
+				 * equivalent to sid NULL - so we should return
+				 * 0 rid for unmapped entries
+				 */
+				s->rid = 0;
+			} else {
+				s->rid = 0;
+				dom_sid_split_rid(NULL, s3->sid,
+						  NULL, &s->rid);
+			}
+			s->sid_index = s3->sid_index;
+		}
+		r->out.sids->count = state->r.out.sids->count;
+		return;
+	}
+}
+
+static void dcesrv_lsa_LookupNames_base_done(struct tevent_req *subreq)
+{
+	struct dcesrv_lsa_LookupNames_base_state *state =
+		tevent_req_callback_data(subreq,
+		struct dcesrv_lsa_LookupNames_base_state);
+	struct dcesrv_call_state *dce_call = state->dce_call;
+	NTSTATUS status;
+	uint32_t i;
+
+	status = dcerpc_lsa_LookupNames4_recv(subreq, state->mem_ctx,
+					      &state->wb.result);
+	TALLOC_FREE(subreq);
+	TALLOC_FREE(state->wb.irpc_handle);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
+		DEBUG(0,(__location__ ": IRPC callback failed %s\n",
+			 nt_errstr(status)));
+		goto finished;
+	} else if (!NT_STATUS_IS_OK(status)) {
+		state->dce_call->fault_code = DCERPC_FAULT_CANT_PERFORM;
+		DEBUG(0,(__location__ ": IRPC callback failed %s\n",
+			 nt_errstr(status)));
+		goto finished;
+	}
+
+	status = state->wb.result;
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
+		status = NT_STATUS_OK;
+	} else if (NT_STATUS_EQUAL(status, NT_STATUS_SOME_NOT_MAPPED)) {
+		status = NT_STATUS_OK;
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		goto finished;
+	}
+
+	for (i=0; i < state->r.in.num_names;i++) {
+		struct dcesrv_lsa_TranslatedItem *item = &state->items[i];
+		struct lsa_TranslatedSid3 *s3 = NULL;
+		struct lsa_DomainInfo *d = NULL;
+
+		if (item->done) {
+			continue;
+		}
+
+		if (item->wb_idx >= state->wb.sids.count) {
+			status = NT_STATUS_INTERNAL_ERROR;
+			goto finished;
+		}
+
+		s3 = &state->wb.sids.sids[item->wb_idx];
+
+		item->type = s3->sid_type;
+		item->sid = s3->sid;
+		item->flags = s3->flags;
+
+		if (s3->sid_index == UINT32_MAX) {
+			continue;
+		}
+
+		if (state->wb.domains == NULL) {
+			status = NT_STATUS_INTERNAL_ERROR;
+			goto finished;
+		}
+
+		if (s3->sid_index >= state->wb.domains->count) {
+			status = NT_STATUS_INTERNAL_ERROR;
+			goto finished;
+		}
+
+		d = &state->wb.domains->domains[s3->sid_index];
+
+		item->authority_name = d->name.string;
+		item->authority_sid = d->sid;
+	}
+
+	status = dcesrv_lsa_LookupNames_base_finish(state);
+ finished:
+	state->r.out.result = status;
+	dcesrv_lsa_LookupNames_base_map(state);
+
+	dcesrv_async_reply(dce_call);
+}
+
+/*
+  lsa_LookupNames3
+*/
+NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call,
+				 TALLOC_CTX *mem_ctx,
+				 struct lsa_LookupNames3 *r)
+{
+	enum dcerpc_transport_t transport =
+		dcerpc_binding_get_transport(dce_call->conn->endpoint->ep_description);
+	struct dcesrv_lsa_LookupNames_base_state *state = NULL;
+	struct dcesrv_handle *policy_handle = NULL;
+	NTSTATUS status;
+
+	if (transport != NCACN_NP && transport != NCALRPC) {
+		DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
+	}
+
+	DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
+
+	*r->out.domains = NULL;
+	r->out.sids->count = 0;
+	r->out.sids->sids = NULL;
+	*r->out.count = 0;
+
+	state = talloc_zero(mem_ctx, struct dcesrv_lsa_LookupNames_base_state);
+	if (state == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	state->dce_call = dce_call;
+	state->mem_ctx = mem_ctx;
+
+	state->policy_state = policy_handle->data;
+
+	state->r.in.num_names = r->in.num_names;
+	state->r.in.names = r->in.names;
+	state->r.in.level = r->in.level;
+	state->r.in.lookup_options = r->in.lookup_options;
+	state->r.in.client_revision = r->in.client_revision;
+	state->r.in.sids = r->in.sids;
+	state->r.in.count = r->in.count;
+	state->r.out.domains = r->out.domains;
+	state->r.out.sids = r->out.sids;
+	state->r.out.count = r->out.count;
+
+	state->_r.l3 = r;
+
+	status = dcesrv_lsa_LookupNames_base_call(state);
+
+	if (dce_call->state_flags & DCESRV_CALL_STATE_FLAG_ASYNC) {
+		return status;
+	}
+
+	state->r.out.result = status;
+	dcesrv_lsa_LookupNames_base_map(state);
+	return status;
+}
+
+/* 
+  lsa_LookupNames4
+
+  Identical to LookupNames3, but doesn't take a policy handle
+  
+*/
+NTSTATUS dcesrv_lsa_LookupNames4(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				 struct lsa_LookupNames4 *r)
+{
+	struct dcesrv_lsa_LookupNames_base_state *state = NULL;
+	NTSTATUS status;
+
+	*r->out.domains = NULL;
+	r->out.sids->count = 0;
+	r->out.sids->sids = NULL;
+	*r->out.count = 0;
+
+	state = talloc_zero(mem_ctx, struct dcesrv_lsa_LookupNames_base_state);
+	if (state == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	state->dce_call = dce_call;
+	state->mem_ctx = mem_ctx;
+
+	/*
+	 * We don't have a policy handle on this call, so we want to
+	 * make a policy state and cache it for the life of the
+	 * connection, to avoid re-opening the DB each call.
+	 *
+	 * This also enforces that this is only available over
+	 * ncacn_ip_tcp and with SCHANNEL.
+	 *
+	 * schannel_call_setup may also set the fault state.
+	 *
+	 * state->policy_state is shared between all calls on this
+	 * connection and is moved with talloc_steal() under the
+	 * connection, not dce_call or state.
+	 */
+	status = schannel_call_setup(dce_call, &state->policy_state);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	state->r.in.num_names = r->in.num_names;
+	state->r.in.names = r->in.names;
+	state->r.in.level = r->in.level;
+	state->r.in.lookup_options = r->in.lookup_options;
+	state->r.in.client_revision = r->in.client_revision;
+	state->r.in.sids = r->in.sids;
+	state->r.in.count = r->in.count;
+	state->r.out.domains = r->out.domains;
+	state->r.out.sids = r->out.sids;
+	state->r.out.count = r->out.count;
+
+	state->_r.l4 = r;
+
+	status = dcesrv_lsa_LookupNames_base_call(state);
+
+	if (dce_call->state_flags & DCESRV_CALL_STATE_FLAG_ASYNC) {
+		return status;
+	}
+
+	state->r.out.result = status;
+	dcesrv_lsa_LookupNames_base_map(state);
+	return status;
+}
+
+/*
+  lsa_LookupNames2
+*/
+NTSTATUS dcesrv_lsa_LookupNames2(struct dcesrv_call_state *dce_call,
+				 TALLOC_CTX *mem_ctx,
+				 struct lsa_LookupNames2 *r)
+{
+	enum dcerpc_transport_t transport =
+		dcerpc_binding_get_transport(dce_call->conn->endpoint->ep_description);
+	struct dcesrv_lsa_LookupNames_base_state *state = NULL;
+	struct dcesrv_handle *policy_handle = NULL;
+	NTSTATUS status;
+
+	if (transport != NCACN_NP && transport != NCALRPC) {
+		DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
+	}
+
+	DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
+
+	*r->out.domains = NULL;
+	r->out.sids->count = 0;
+	r->out.sids->sids = NULL;
+	*r->out.count = 0;
+
+	r->out.sids->sids = talloc_zero_array(r->out.sids,
+					      struct lsa_TranslatedSid2,
+					      r->in.num_names);
+	if (r->out.sids->sids == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	state = talloc_zero(mem_ctx, struct dcesrv_lsa_LookupNames_base_state);
+	if (state == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	state->dce_call = dce_call;
+	state->mem_ctx = mem_ctx;
+
+	state->policy_state = policy_handle->data;
+
+	state->r.in.num_names = r->in.num_names;
+	state->r.in.names = r->in.names;
+	state->r.in.level = r->in.level;
+	/*
+	 * MS-LSAT 3.1.4.7:
+	 *
+	 * The LookupOptions and ClientRevision parameters MUST be ignored.
+	 * Message processing MUST happen as if LookupOptions is set to
+	 * 0x00000000 and ClientRevision is set to 0x00000002.
+	 */
+	state->r.in.lookup_options = LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES;
+	state->r.in.client_revision = LSA_CLIENT_REVISION_2;
+	state->r.in.sids = talloc_zero(state, struct lsa_TransSidArray3);
+	if (state->r.in.sids == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	state->r.in.count = r->in.count;
+	state->r.out.domains = r->out.domains;
+	state->r.out.sids = talloc_zero(state, struct lsa_TransSidArray3);
+	if (state->r.out.sids == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	state->r.out.count = r->out.count;
+
+	state->_r.l2 = r;
+
+	status = dcesrv_lsa_LookupNames_base_call(state);
+
+	if (dce_call->state_flags & DCESRV_CALL_STATE_FLAG_ASYNC) {
+		return status;
+	}
+
+	state->r.out.result = status;
+	dcesrv_lsa_LookupNames_base_map(state);
+	return status;
+}
+
+/* 
+  lsa_LookupNames 
+*/
+NTSTATUS dcesrv_lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct lsa_LookupNames *r)
+{
+	enum dcerpc_transport_t transport =
+		dcerpc_binding_get_transport(dce_call->conn->endpoint->ep_description);
+	struct dcesrv_lsa_LookupNames_base_state *state = NULL;
+	struct dcesrv_handle *policy_handle = NULL;
+	NTSTATUS status;
+
+	if (transport != NCACN_NP && transport != NCALRPC) {
+		DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
+	}
+
+	DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
+
+	*r->out.domains = NULL;
+	r->out.sids->count = 0;
+	r->out.sids->sids = NULL;
+	*r->out.count = 0;
+
+	r->out.sids->sids = talloc_zero_array(r->out.sids,
+					      struct lsa_TranslatedSid,
+					      r->in.num_names);
+	if (r->out.sids->sids == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	state = talloc_zero(mem_ctx, struct dcesrv_lsa_LookupNames_base_state);
+	if (state == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	state->dce_call = dce_call;
+	state->mem_ctx = mem_ctx;
+
+	state->policy_state = policy_handle->data;
+
+	state->r.in.num_names = r->in.num_names;
+	state->r.in.names = r->in.names;
+	state->r.in.level = r->in.level;
+	state->r.in.lookup_options = LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES;
+	state->r.in.client_revision = LSA_CLIENT_REVISION_1;
+	state->r.in.sids = talloc_zero(state, struct lsa_TransSidArray3);
+	if (state->r.in.sids == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	state->r.in.count = r->in.count;
+	state->r.out.domains = r->out.domains;
+	state->r.out.sids = talloc_zero(state, struct lsa_TransSidArray3);
+	if (state->r.out.sids == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	state->r.out.count = r->out.count;
+
+	state->_r.l = r;
+
+	status = dcesrv_lsa_LookupNames_base_call(state);
+
+	if (dce_call->state_flags & DCESRV_CALL_STATE_FLAG_ASYNC) {
+		return status;
+	}
+
+	state->r.out.result = status;
+	dcesrv_lsa_LookupNames_base_map(state);
+	return status;
+}
+
+static NTSTATUS dcesrv_lsa_lookup_name_predefined(
+		struct dcesrv_lsa_LookupNames_base_state *state,
+		struct dcesrv_lsa_TranslatedItem *item)
+{
+	NTSTATUS status;
+
+	status = dom_sid_lookup_predefined_name(item->name,
+						&item->sid,
+						&item->type,
+						&item->authority_sid,
+						&item->authority_name);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
+		return status;
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS dcesrv_lsa_lookup_sid_predefined(
+		struct dcesrv_lsa_LookupSids_base_state *state,
+		struct dcesrv_lsa_TranslatedItem *item)
+{
+	NTSTATUS status;
+
+	status = dom_sid_lookup_predefined_sid(item->sid,
+					       &item->name,
+					       &item->type,
+					       &item->authority_sid,
+					       &item->authority_name);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
+		return status;
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+static const struct dcesrv_lsa_Lookup_view view_predefined = {
+	.name = "Predefined",
+	.lookup_sid = dcesrv_lsa_lookup_sid_predefined,
+	.lookup_name = dcesrv_lsa_lookup_name_predefined,
+};
+
+static NTSTATUS dcesrv_lsa_lookup_name_builtin(
+		struct dcesrv_lsa_LookupNames_base_state *state,
+		struct dcesrv_lsa_TranslatedItem *item)
+{
+	struct lsa_policy_state *policy_state = state->policy_state;
+	NTSTATUS status;
+	bool is_builtin = false;
+
+	if (item->name == NULL) {
+		/*
+		 * This should not be mapped.
+		 */
+		return NT_STATUS_OK;
+	}
+
+	/*
+	 * The predefined view already handled the BUILTIN domain.
+	 *
+	 * Now we just need to find the principal.
+	 *
+	 * We only allow 'BUILTIN\something' and
+	 * not 'something@BUILTIN.
+	 *
+	 * And we try out best for just 'something'.
+	 */
+	is_builtin = strequal(item->hints.domain, NAME_BUILTIN);
+	if (!is_builtin && item->hints.domain != NULL) {
+		return NT_STATUS_NONE_MAPPED;
+	}
+
+	status = dcesrv_lsa_lookup_name(state->policy_state,
+					state->mem_ctx,
+					NAME_BUILTIN,
+					policy_state->builtin_sid,
+					policy_state->builtin_dn,
+					item->hints.principal,
+					&item->sid,
+					&item->type);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
+		if (!is_builtin) {
+			return NT_STATUS_NONE_MAPPED;
+		}
+		/*
+		 * We know we're authoritative
+		 */
+		status = NT_STATUS_OK;
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	item->authority_name = NAME_BUILTIN;
+	item->authority_sid = policy_state->builtin_sid;
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS dcesrv_lsa_lookup_sid_builtin(
+		struct dcesrv_lsa_LookupSids_base_state *state,
+		struct dcesrv_lsa_TranslatedItem *item)
+{
+	struct lsa_policy_state *policy_state = state->policy_state;
+	NTSTATUS status;
+	bool is_builtin = false;
+
+	/*
+	 * The predefined view already handled the BUILTIN domain.
+	 *
+	 * Now we just need to find the principal.
+	 */
+	is_builtin = dom_sid_in_domain(policy_state->builtin_sid, item->sid);
+	if (!is_builtin) {
+		return NT_STATUS_NONE_MAPPED;
+	}
+
+	status = dcesrv_lsa_lookup_sid(state->policy_state,
+				       state->mem_ctx,
+				       NAME_BUILTIN,
+				       policy_state->builtin_sid,
+				       policy_state->builtin_dn,
+				       item->sid,
+				       &item->name,
+				       &item->type);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
+		/*
+		 * We know we're authoritative
+		 */
+		status = NT_STATUS_OK;
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	item->authority_name = NAME_BUILTIN;
+	item->authority_sid = policy_state->builtin_sid;
+	return NT_STATUS_OK;
+}
+
+static const struct dcesrv_lsa_Lookup_view view_builtin = {
+	.name = "Builtin",
+	.lookup_sid = dcesrv_lsa_lookup_sid_builtin,
+	.lookup_name = dcesrv_lsa_lookup_name_builtin,
+};
+
+static NTSTATUS dcesrv_lsa_lookup_name_account(
+		struct dcesrv_lsa_LookupNames_base_state *state,
+		struct dcesrv_lsa_TranslatedItem *item)
+{
+	struct lsa_policy_state *policy_state = state->policy_state;
+	struct loadparm_context *lp_ctx = state->dce_call->conn->dce_ctx->lp_ctx;
+	struct lsa_LookupNames4 *r = &state->r;
+	NTSTATUS status;
+	int role;
+	bool (*is_local_match_fn)(struct loadparm_context *, const char *) = NULL;
+	bool is_domain = false;
+	bool try_lookup = false;
+	const char *check_domain_name = NULL;
+
+	role = lpcfg_server_role(lp_ctx);
+	if (role == ROLE_ACTIVE_DIRECTORY_DC) {
+		is_local_match_fn = lpcfg_is_my_domain_or_realm;
+	} else {
+		is_local_match_fn = lpcfg_is_myname;
+	}
+
+	if (item->name == NULL) {
+		/*
+		 * This should not be mapped.
+		 */
+		return NT_STATUS_OK;
+	}
+
+	if (item->hints.domain != NULL && item->hints.principal == NULL) {
+		/*
+		 * This is 'DOMAIN\'.
+		 */
+		check_domain_name = item->hints.domain;
+	} else {
+		/*
+		 * This is just 'DOMAIN'.
+		 */
+		check_domain_name = item->name;
+	}
+	is_domain = is_local_match_fn(lp_ctx, check_domain_name);
+	if (is_domain) {
+		item->type = SID_NAME_DOMAIN;
+		item->sid = policy_state->domain_sid;
+		item->authority_name = policy_state->domain_name;
+		item->authority_sid = policy_state->domain_sid;
+		return NT_STATUS_OK;
+	}
+
+	if (r->in.lookup_options & LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES_LOCAL) {
+		if (item->hints.domain != item->hints.namespace) {
+			/*
+			 * This means the client asked for an UPN,
+			 * and it should not be mapped.
+			 */
+			return NT_STATUS_OK;
+		}
+	}
+
+	if (item->hints.namespace != NULL) {
+		is_domain = is_local_match_fn(lp_ctx, item->hints.namespace);
+		try_lookup = is_domain;
+	} else {
+		try_lookup = true;
+	}
+
+	if (!try_lookup) {
+		struct dcesrv_lsa_TranslatedItem tmp;
+
+		tmp = *item;
+		status = dom_sid_lookup_predefined_name(item->hints.namespace,
+							&tmp.sid,
+							&tmp.type,
+							&tmp.authority_sid,
+							&tmp.authority_name);
+		if (NT_STATUS_IS_OK(status)) {
+			/*
+			 * It should not be handled by us.
+			 */
+			return NT_STATUS_NONE_MAPPED;
+		}
+		if (!NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
+			return status;
+		}
+	}
+
+	if (!try_lookup) {
+		const struct lsa_TrustDomainInfoInfoEx *tdo = NULL;
+		const struct lsa_ForestTrustDomainInfo *di = NULL;
+
+		if (state->routing_table == NULL) {
+			status = dsdb_trust_routing_table_load(policy_state->sam_ldb,
+							       state,
+							       &state->routing_table);
+			if (!NT_STATUS_IS_OK(status)) {
+				return status;
+			}
+		}
+
+		tdo = dsdb_trust_domain_by_name(state->routing_table,
+						item->hints.namespace,
+						&di);
+		if (tdo == NULL) {
+			/*
+			 * The name is not resolvable at all...
+			 */
+			return NT_STATUS_OK;
+		}
+
+		if (!(tdo->trust_attributes & LSA_TRUST_ATTRIBUTE_WITHIN_FOREST)) {
+			/*
+			 * The name is not resolvable here
+			 */
+			return NT_STATUS_NONE_MAPPED;
+		}
+
+		/*
+		 * TODO: handle multiple domains in a forest together with
+		 * LSA_LOOKUP_NAMES_PRIMARY_DOMAIN_ONLY
+		 */
+		is_domain = true;
+		try_lookup = true;
+	}
+
+	if (!try_lookup) {
+		/*
+		 * It should not be handled by us.
+		 */
+		return NT_STATUS_NONE_MAPPED;
+	}
+
+	/*
+	 * TODO: handle multiple domains in our forest.
+	 */
+
+	status = dcesrv_lsa_lookup_name(state->policy_state,
+					state->mem_ctx,
+					policy_state->domain_name,
+					policy_state->domain_sid,
+					policy_state->domain_dn,
+					item->hints.principal,
+					&item->sid,
+					&item->type);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
+		if (!is_domain) {
+			return NT_STATUS_NONE_MAPPED;
+		}
+		/*
+		 * We know we're authoritative
+		 */
+		status = NT_STATUS_OK;
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	item->authority_name = policy_state->domain_name;
+	item->authority_sid = policy_state->domain_sid;
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS dcesrv_lsa_lookup_sid_account(
+		struct dcesrv_lsa_LookupSids_base_state *state,
+		struct dcesrv_lsa_TranslatedItem *item)
+{
+	struct lsa_policy_state *policy_state = state->policy_state;
+	NTSTATUS status;
+	bool is_domain;
+
+	is_domain = dom_sid_equal(policy_state->domain_sid, item->sid);
+	if (is_domain) {
+		item->type = SID_NAME_DOMAIN;
+		item->name = policy_state->domain_name;
+		item->authority_name = policy_state->domain_name;
+		item->authority_sid = policy_state->domain_sid;
+		return NT_STATUS_OK;
+	}
+	is_domain = dom_sid_in_domain(policy_state->domain_sid, item->sid);
+	if (!is_domain) {
+		return NT_STATUS_NONE_MAPPED;
+	}
+
+	status = dcesrv_lsa_lookup_sid(state->policy_state,
+				       state->mem_ctx,
+				       policy_state->domain_name,
+				       policy_state->domain_sid,
+				       policy_state->domain_dn,
+				       item->sid,
+				       &item->name,
+				       &item->type);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
+		/*
+		 * We know we're authoritative
+		 */
+		status = NT_STATUS_OK;
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	item->authority_name = policy_state->domain_name;
+	item->authority_sid = policy_state->domain_sid;
+	return NT_STATUS_OK;
+}
+
+static const struct dcesrv_lsa_Lookup_view view_account = {
+	.name = "Account",
+	.lookup_sid = dcesrv_lsa_lookup_sid_account,
+	.lookup_name = dcesrv_lsa_lookup_name_account,
+};
+
+static NTSTATUS dcesrv_lsa_lookup_name_winbind(
+		struct dcesrv_lsa_LookupNames_base_state *state,
+		struct dcesrv_lsa_TranslatedItem *item)
+{
+	struct lsa_LookupNames4 *r = &state->r;
+	const struct lsa_TrustDomainInfoInfoEx *tdo = NULL;
+	const struct lsa_ForestTrustDomainInfo *di = NULL;
+	NTSTATUS status;
+	const char *check_domain_name = NULL;
+	bool expect_domain = false;
+	struct imessaging_context *imsg_ctx =
+		dcesrv_imessaging_context(state->dce_call->conn);
+
+	if (item->name == NULL) {
+		/*
+		 * This should not be mapped.
+		 */
+		return NT_STATUS_OK;
+	}
+
+	if (item->hints.domain != NULL && item->hints.principal == NULL) {
+		/*
+		 * This is 'DOMAIN\'.
+		 */
+		check_domain_name = item->hints.domain;
+		expect_domain = true;
+	} else if (item->hints.namespace != NULL) {
+		/*
+		 * This is 'DOMAIN\someone'
+		 * or 'someone@DOMAIN'
+		 */
+		check_domain_name = item->hints.namespace;
+	} else {
+		/*
+		 * This is just 'DOMAIN'.
+		 */
+		check_domain_name = item->name;
+		expect_domain = true;
+	}
+
+	if (state->routing_table == NULL) {
+		struct lsa_policy_state *policy_state = state->policy_state;
+
+		status = dsdb_trust_routing_table_load(policy_state->sam_ldb,
+						       state,
+						       &state->routing_table);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+	}
+
+	tdo = dsdb_trust_domain_by_name(state->routing_table,
+					check_domain_name,
+					&di);
+	if (tdo == NULL) {
+		/*
+		 * The name is not resolvable at all...
+		 *
+		 * And for now we don't send unqualified names
+		 * to winbindd, as we don't handle them
+		 * there yet.
+		 *
+		 * TODO: how should that work within
+		 * winbindd?
+		 */
+		return NT_STATUS_OK;
+	}
+
+	if (tdo->trust_attributes & LSA_TRUST_ATTRIBUTE_WITHIN_FOREST) {
+		/*
+		 * The name should have been resolved in the account view.
+		 *
+		 * TODO: handle multiple domains in a forest...
+		 */
+		return NT_STATUS_OK;
+	}
+
+	if (expect_domain) {
+		const char *name = NULL;
+		const struct dom_sid *sid = NULL;
+
+		name = talloc_strdup(state->mem_ctx,
+				     di->netbios_domain_name.string);
+		if (name == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		sid = dom_sid_dup(state->mem_ctx,
+				  di->domain_sid);
+		if (sid == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		item->type = SID_NAME_DOMAIN;
+		item->sid = sid;
+		item->authority_name = name;
+		item->authority_sid = sid;
+		return NT_STATUS_OK;
+	}
+
+	if (r->in.lookup_options & LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES_LOCAL) {
+		if (item->hints.namespace == NULL) {
+			/*
+			 * We should not try to resolve isolated names
+			 * remotely.
+			 */
+			return NT_STATUS_OK;
+		}
+	}
+
+	/*
+	 * We know at least the domain part of the name exists.
+	 *
+	 * For now the rest handled within winbindd.
+	 *
+	 * In future we can optimize it based on
+	 * r->in.level.
+	 *
+	 * We can also try to resolve SID_NAME_DOMAIN
+	 * just based on the routing table.
+	 */
+
+	if (state->wb.irpc_handle != NULL) {
+		/*
+		 * already called...
+		 */
+		return NT_STATUS_NONE_MAPPED;
+	}
+
+	state->wb.irpc_handle = irpc_binding_handle_by_name(state,
+							    imsg_ctx,
+							    "winbind_server",
+							    &ndr_table_lsarpc);
+	if (state->wb.irpc_handle == NULL) {
+		DEBUG(0,("Failed to get binding_handle for winbind_server task\n"));
+		state->dce_call->fault_code = DCERPC_FAULT_CANT_PERFORM;
+		return NT_STATUS_INVALID_SYSTEM_SERVICE;
+	}
+
+	/*
+	 * 60 seconds timeout should be enough
+	 */
+	dcerpc_binding_handle_set_timeout(state->wb.irpc_handle, 60);
+
+	return NT_STATUS_NONE_MAPPED;
+}
+
+static NTSTATUS dcesrv_lsa_lookup_sid_winbind(
+		struct dcesrv_lsa_LookupSids_base_state *state,
+		struct dcesrv_lsa_TranslatedItem *item)
+{
+	const struct lsa_TrustDomainInfoInfoEx *tdo = NULL;
+	const struct lsa_ForestTrustDomainInfo *di = NULL;
+	struct dcesrv_lsa_TranslatedItem tmp;
+	struct dom_sid domain_sid = {0,};
+	NTSTATUS status;
+	bool match;
+	struct imessaging_context *imsg_ctx =
+		dcesrv_imessaging_context(state->dce_call->conn);
+
+	/*
+	 * Verify the sid is not INVALID.
+	 */
+	tmp = *item;
+	status = dom_sid_lookup_predefined_sid(tmp.sid,
+					       &tmp.name,
+					       &tmp.type,
+					       &tmp.authority_sid,
+					       &tmp.authority_name);
+	if (NT_STATUS_IS_OK(status)) {
+		status = NT_STATUS_NONE_MAPPED;
+	}
+	if (!NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
+		/*
+		 * Typically INVALID_SID
+		 */
+		return status;
+	}
+
+	if (state->routing_table == NULL) {
+		struct lsa_policy_state *policy_state = state->policy_state;
+
+		status = dsdb_trust_routing_table_load(policy_state->sam_ldb,
+						       state,
+						       &state->routing_table);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+	}
+
+	domain_sid = *item->sid;
+	if (domain_sid.num_auths == 5) {
+		sid_split_rid(&domain_sid, NULL);
+	}
+
+	tdo = dsdb_trust_domain_by_sid(state->routing_table,
+				       &domain_sid, &di);
+	if (tdo == NULL) {
+		/*
+		 * The sid is not resolvable at all...
+		 */
+		return NT_STATUS_OK;
+	}
+
+	if (tdo->trust_attributes & LSA_TRUST_ATTRIBUTE_WITHIN_FOREST) {
+		/*
+		 * The name should have been resolved in the account view.
+		 *
+		 * TODO: handle multiple domains in a forest...
+		 */
+		return NT_STATUS_OK;
+	}
+
+	match = dom_sid_equal(di->domain_sid, item->sid);
+	if (match) {
+		const char *name = NULL;
+
+		name = talloc_strdup(state->mem_ctx,
+				     di->netbios_domain_name.string);
+		if (name == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		item->type = SID_NAME_DOMAIN;
+		item->name = name;
+		item->authority_name = name;
+		item->authority_sid = item->sid;
+		return NT_STATUS_OK;
+	}
+
+	/*
+	 * We know at least the domain part of the sid exists.
+	 *
+	 * For now the rest handled within winbindd.
+	 *
+	 * In future we can optimize it based on
+	 * r->in.level.
+	 *
+	 * We can also try to resolve SID_NAME_DOMAIN
+	 * just based on the routing table.
+	 */
+	if (state->wb.irpc_handle != NULL) {
+		/*
+		 * already called...
+		 */
+		return NT_STATUS_NONE_MAPPED;
+	}
+
+	state->wb.irpc_handle = irpc_binding_handle_by_name(state,
+							    imsg_ctx,
+							    "winbind_server",
+							    &ndr_table_lsarpc);
+	if (state->wb.irpc_handle == NULL) {
+		DEBUG(0,("Failed to get binding_handle for winbind_server task\n"));
+		state->dce_call->fault_code = DCERPC_FAULT_CANT_PERFORM;
+		return NT_STATUS_INVALID_SYSTEM_SERVICE;
+	}
+
+	/*
+	 * 60 seconds timeout should be enough
+	 */
+	dcerpc_binding_handle_set_timeout(state->wb.irpc_handle, 60);
+
+	return NT_STATUS_NONE_MAPPED;
+}
+
+static const struct dcesrv_lsa_Lookup_view view_winbind = {
+	.name = "Winbind",
+	.lookup_sid = dcesrv_lsa_lookup_sid_winbind,
+	.lookup_name = dcesrv_lsa_lookup_name_winbind,
+};
+
+static const struct dcesrv_lsa_Lookup_view *table_all_views[] = {
+	&view_predefined,
+	&view_builtin,
+	&view_account,
+	&view_winbind,
+};
+
+static const struct dcesrv_lsa_Lookup_view_table table_all = {
+	.name = "LSA_LOOKUP_NAMES_ALL",
+	.count = ARRAY_SIZE(table_all_views),
+	.array = table_all_views,
+};
+
+static const struct dcesrv_lsa_Lookup_view *table_domains_views[] = {
+	&view_account,
+	&view_winbind,
+};
+
+static const struct dcesrv_lsa_Lookup_view_table table_domains = {
+	.name = "LSA_LOOKUP_NAMES_DOMAINS_ONLY",
+	.count = ARRAY_SIZE(table_domains_views),
+	.array = table_domains_views,
+};
+
+static const struct dcesrv_lsa_Lookup_view *table_primary_views[] = {
+	&view_account,
+};
+
+static const struct dcesrv_lsa_Lookup_view_table table_primary = {
+	.name = "LSA_LOOKUP_NAMES_PRIMARY_DOMAIN_ONLY",
+	.count = ARRAY_SIZE(table_primary_views),
+	.array = table_primary_views,
+};
+
+static const struct dcesrv_lsa_Lookup_view *table_remote_views[] = {
+	&view_winbind,
+};
+
+static const struct dcesrv_lsa_Lookup_view_table table_gc = {
+	.name = "LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY",
+	.count = ARRAY_SIZE(table_domains_views),
+	.array = table_domains_views,
+};
+
+static const struct dcesrv_lsa_Lookup_view_table table_xreferral = {
+	.name = "LSA_LOOKUP_NAMES_FOREST_TRUSTS_ONLY",
+	.count = ARRAY_SIZE(table_remote_views),
+	.array = table_remote_views,
+};
+
+static const struct dcesrv_lsa_Lookup_view_table table_xresolve = {
+	.name = "LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2",
+	.count = ARRAY_SIZE(table_domains_views),
+	.array = table_domains_views,
+};
+
+static const struct dcesrv_lsa_Lookup_view_table table_rodc = {
+	.name = "LSA_LOOKUP_NAMES_RODC_REFERRAL_TO_FULL_DC",
+	.count = ARRAY_SIZE(table_remote_views),
+	.array = table_remote_views,
+};
+
+static const struct dcesrv_lsa_Lookup_view_table *dcesrv_lsa_view_table(
+	enum lsa_LookupNamesLevel level)
+{
+	switch (level) {
+	case LSA_LOOKUP_NAMES_ALL:
+		return &table_all;
+	case LSA_LOOKUP_NAMES_DOMAINS_ONLY:
+		return &table_domains;
+	case LSA_LOOKUP_NAMES_PRIMARY_DOMAIN_ONLY:
+		return &table_primary;
+	case LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY:
+		return &table_gc;
+	case LSA_LOOKUP_NAMES_FOREST_TRUSTS_ONLY:
+		return &table_xreferral;
+	case LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2:
+		return &table_xresolve;
+	case LSA_LOOKUP_NAMES_RODC_REFERRAL_TO_FULL_DC:
+		return &table_rodc;
+	}
+
+	return NULL;
+}
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
new file mode 100644
index 0000000..2c7fecc
--- /dev/null
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -0,0 +1,4672 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   endpoint server for the netlogon pipe
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2008
+   Copyright (C) Stefan Metzmacher <metze@samba.org>  2005
+   Copyright (C) Matthias Dieter Wallnöfer            2009-2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "rpc_server/dcerpc_server.h"
+#include "rpc_server/common/common.h"
+#include "auth/auth.h"
+#include "auth/auth_sam_reply.h"
+#include "dsdb/samdb/samdb.h"
+#include "../lib/util/util_ldb.h"
+#include "../libcli/auth/schannel.h"
+#include "libcli/security/security.h"
+#include "param/param.h"
+#include "lib/messaging/irpc.h"
+#include "librpc/gen_ndr/ndr_irpc_c.h"
+#include "../libcli/ldap/ldap_ndr.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+#include "lib/tsocket/tsocket.h"
+#include "librpc/gen_ndr/ndr_netlogon.h"
+#include "librpc/gen_ndr/ndr_lsa.h"
+#include "librpc/gen_ndr/ndr_samr.h"
+#include "librpc/gen_ndr/ndr_irpc.h"
+#include "librpc/gen_ndr/ndr_winbind.h"
+#include "librpc/gen_ndr/ndr_winbind_c.h"
+#include "librpc/rpc/server/netlogon/schannel_util.h"
+#include "lib/socket/netif.h"
+#include "lib/util/util_str_escape.h"
+#include "lib/param/loadparm.h"
+
+#define DCESRV_INTERFACE_NETLOGON_BIND(context, iface) \
+       dcesrv_interface_netlogon_bind(context, iface)
+
+#undef strcasecmp
+
+/*
+ * This #define allows the netlogon interface to accept invalid
+ * association groups, because association groups are to coordinate
+ * handles, and handles are not used in NETLOGON. This in turn avoids
+ * the need to coordinate these across multiple possible NETLOGON
+ * processes
+ */
+#define DCESRV_INTERFACE_NETLOGON_FLAGS DCESRV_INTERFACE_FLAGS_HANDLES_NOT_USED
+
+static NTSTATUS dcesrv_interface_netlogon_bind(struct dcesrv_connection_context *context,
+					       const struct dcesrv_interface *iface)
+{
+	struct loadparm_context *lp_ctx = context->conn->dce_ctx->lp_ctx;
+	bool global_allow_nt4_crypto = lpcfg_allow_nt4_crypto(lp_ctx);
+	bool global_reject_md5_client = lpcfg_reject_md5_clients(lp_ctx);
+	int schannel = lpcfg_server_schannel(lp_ctx);
+	bool schannel_global_required = (schannel == true);
+	bool global_require_seal = lpcfg_server_schannel_require_seal(lp_ctx);
+	static bool warned_global_nt4_once = false;
+	static bool warned_global_md5_once = false;
+	static bool warned_global_schannel_once = false;
+	static bool warned_global_seal_once = false;
+
+	if (global_allow_nt4_crypto && !warned_global_nt4_once) {
+		/*
+		 * We want admins to notice their misconfiguration!
+		 */
+		D_ERR("CVE-2022-38023 (and others): "
+		      "Please configure 'allow nt4 crypto = no' (the default), "
+		      "See https://bugzilla.samba.org/show_bug.cgi?id=15240\n");
+		warned_global_nt4_once = true;
+	}
+
+	if (!global_reject_md5_client && !warned_global_md5_once) {
+		/*
+		 * We want admins to notice their misconfiguration!
+		 */
+		D_ERR("CVE-2022-38023: "
+		      "Please configure 'reject md5 clients = yes' (the default), "
+		      "See https://bugzilla.samba.org/show_bug.cgi?id=15240\n");
+		warned_global_md5_once = true;
+	}
+
+	if (!schannel_global_required && !warned_global_schannel_once) {
+		/*
+		 * We want admins to notice their misconfiguration!
+		 */
+		D_ERR("CVE-2020-1472(ZeroLogon): "
+		      "Please configure 'server schannel = yes' (the default), "
+		      "See https://bugzilla.samba.org/show_bug.cgi?id=14497\n");
+		warned_global_schannel_once = true;
+	}
+
+	if (!global_require_seal && !warned_global_seal_once) {
+		/*
+		 * We want admins to notice their misconfiguration!
+		 */
+		D_ERR("CVE-2022-38023 (and others): "
+		      "Please configure 'server schannel require seal = yes' (the default), "
+		      "See https://bugzilla.samba.org/show_bug.cgi?id=15240\n");
+		warned_global_seal_once = true;
+	}
+
+	return dcesrv_interface_bind_reject_connect(context, iface);
+}
+
+static NTSTATUS dcesrv_netr_ServerReqChallenge(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+					struct netr_ServerReqChallenge *r)
+{
+	struct netlogon_server_pipe_state *pipe_state = NULL;
+	NTSTATUS ntstatus;
+
+	ZERO_STRUCTP(r->out.return_credentials);
+
+	pipe_state = dcesrv_iface_state_find_conn(dce_call,
+			NETLOGON_SERVER_PIPE_STATE_MAGIC,
+			struct netlogon_server_pipe_state);
+	TALLOC_FREE(pipe_state);
+
+	pipe_state = talloc_zero(dce_call,
+				 struct netlogon_server_pipe_state);
+	if (pipe_state == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	pipe_state->client_challenge = *r->in.credentials;
+
+	netlogon_creds_random_challenge(&pipe_state->server_challenge);
+
+	*r->out.return_credentials = pipe_state->server_challenge;
+
+	ntstatus = dcesrv_iface_state_store_conn(dce_call,
+			NETLOGON_SERVER_PIPE_STATE_MAGIC,
+			pipe_state);
+	if (!NT_STATUS_IS_OK(ntstatus)) {
+		return ntstatus;
+	}
+
+	ntstatus = schannel_save_challenge(dce_call->conn->dce_ctx->lp_ctx,
+					   &pipe_state->client_challenge,
+					   &pipe_state->server_challenge,
+					   r->in.computer_name);
+	if (!NT_STATUS_IS_OK(ntstatus)) {
+		TALLOC_FREE(pipe_state);
+		return ntstatus;
+	}
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS dcesrv_netr_ServerAuthenticate3_check_downgrade(
+	struct dcesrv_call_state *dce_call,
+	struct netr_ServerAuthenticate3 *r,
+	struct netlogon_server_pipe_state *pipe_state,
+	uint32_t negotiate_flags,
+	const char *trust_account_in_db,
+	NTSTATUS orig_status)
+{
+	struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
+	bool global_allow_nt4_crypto = lpcfg_allow_nt4_crypto(lp_ctx);
+	bool account_allow_nt4_crypto = global_allow_nt4_crypto;
+	const char *explicit_nt4_opt = NULL;
+	bool global_reject_md5_client = lpcfg_reject_md5_clients(lp_ctx);
+	bool account_reject_md5_client = global_reject_md5_client;
+	const char *explicit_md5_opt = NULL;
+	bool reject_des_client;
+	bool allow_nt4_crypto;
+	bool reject_md5_client;
+	bool need_des = true;
+	bool need_md5 = true;
+	int CVE_2022_38023_warn_level = lpcfg_parm_int(lp_ctx, NULL,
+			"CVE_2022_38023", "warn_about_unused_debug_level", DBGLVL_ERR);
+	int CVE_2022_38023_error_level = lpcfg_parm_int(lp_ctx, NULL,
+			"CVE_2022_38023", "error_debug_level", DBGLVL_ERR);
+
+	/*
+	 * We don't use lpcfg_parm_bool(), as we
+	 * need the explicit_opt pointer in order to
+	 * adjust the debug messages.
+	 */
+
+	if (trust_account_in_db != NULL) {
+		explicit_nt4_opt = lpcfg_get_parametric(lp_ctx,
+							NULL,
+							"allow nt4 crypto",
+							trust_account_in_db);
+	}
+	if (explicit_nt4_opt != NULL) {
+		account_allow_nt4_crypto = lp_bool(explicit_nt4_opt);
+	}
+	allow_nt4_crypto = account_allow_nt4_crypto;
+	if (trust_account_in_db != NULL) {
+		explicit_md5_opt = lpcfg_get_parametric(lp_ctx,
+							NULL,
+							"server reject md5 schannel",
+							trust_account_in_db);
+	}
+	if (explicit_md5_opt != NULL) {
+		account_reject_md5_client = lp_bool(explicit_md5_opt);
+	}
+	reject_md5_client = account_reject_md5_client;
+
+	reject_des_client = !allow_nt4_crypto;
+
+	/*
+	 * If weak crypto is disabled, do not announce that we support RC4.
+	 */
+	if (lpcfg_weak_crypto(lp_ctx) == SAMBA_WEAK_CRYPTO_DISALLOWED) {
+		/* Without RC4 and DES we require AES */
+		reject_des_client = true;
+		reject_md5_client = true;
+	}
+
+	if (negotiate_flags & NETLOGON_NEG_STRONG_KEYS) {
+		need_des = false;
+		reject_des_client = false;
+	}
+
+	if (negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+		need_des = false;
+		need_md5 = false;
+		reject_des_client = false;
+		reject_md5_client = false;
+	}
+
+	if (reject_des_client || reject_md5_client) {
+		TALLOC_CTX *frame = talloc_stackframe();
+
+		if (lpcfg_weak_crypto(lp_ctx) == SAMBA_WEAK_CRYPTO_DISALLOWED) {
+			if (CVE_2022_38023_error_level < DBGLVL_NOTICE) {
+				CVE_2022_38023_error_level = DBGLVL_NOTICE;
+			}
+			DEBUG(CVE_2022_38023_error_level, (
+			      "CVE-2022-38023: "
+			      "client_account[%s] computer_name[%s] "
+			      "schannel_type[%u] "
+			      "client_negotiate_flags[0x%x] "
+			      "%s%s%s "
+			      "NT_STATUS_DOWNGRADE_DETECTED "
+			      "WEAK_CRYPTO_DISALLOWED\n",
+			      log_escape(frame, r->in.account_name),
+			      log_escape(frame, r->in.computer_name),
+			      r->in.secure_channel_type,
+			      (unsigned)*r->in.negotiate_flags,
+			      trust_account_in_db ? "real_account[" : "",
+			      trust_account_in_db ? trust_account_in_db : "",
+			      trust_account_in_db ? "]" : ""));
+			goto return_downgrade;
+		}
+
+		DEBUG(CVE_2022_38023_error_level, (
+		      "CVE-2022-38023: "
+		      "client_account[%s] computer_name[%s] "
+		      "schannel_type[%u] "
+		      "client_negotiate_flags[0x%x] "
+		      "%s%s%s "
+		      "NT_STATUS_DOWNGRADE_DETECTED "
+		      "reject_des[%u] reject_md5[%u]\n",
+		      log_escape(frame, r->in.account_name),
+		      log_escape(frame, r->in.computer_name),
+		      r->in.secure_channel_type,
+		      (unsigned)*r->in.negotiate_flags,
+		      trust_account_in_db ? "real_account[" : "",
+		      trust_account_in_db ? trust_account_in_db : "",
+		      trust_account_in_db ? "]" : "",
+		      reject_des_client,
+		      reject_md5_client));
+		if (trust_account_in_db == NULL) {
+			goto return_downgrade;
+		}
+
+		if (reject_md5_client && explicit_md5_opt == NULL) {
+			DEBUG(CVE_2022_38023_error_level, (
+			      "CVE-2022-38023: Check if option "
+			      "'server reject md5 schannel:%s = no' "
+			      "might be needed for a legacy client.\n",
+			      trust_account_in_db));
+		}
+		if (reject_des_client && explicit_nt4_opt == NULL) {
+			DEBUG(CVE_2022_38023_error_level, (
+			      "CVE-2022-38023: Check if option "
+			      "'allow nt4 crypto:%s = yes' "
+			      "might be needed for a legacy client.\n",
+			      trust_account_in_db));
+		}
+
+return_downgrade:
+		/*
+		 * Here we match Windows 2012 and return no flags.
+		 */
+		*r->out.negotiate_flags = 0;
+		TALLOC_FREE(frame);
+		return NT_STATUS_DOWNGRADE_DETECTED;
+	}
+
+	/*
+	 * This talloc_free is important to prevent re-use of the
+	 * challenge.  We have to delay it this far due to NETApp
+	 * servers per:
+	 * https://bugzilla.samba.org/show_bug.cgi?id=11291
+	 */
+	TALLOC_FREE(pipe_state);
+
+	/*
+	 * At this point we must also cleanup the TDB cache
+	 * entry, if we fail the client needs to call
+	 * netr_ServerReqChallenge again.
+	 *
+	 * Note: this handles a non existing record just fine,
+	 * the r->in.computer_name might not be the one used
+	 * in netr_ServerReqChallenge(), but we are trying to
+	 * just tidy up the normal case to prevent re-use.
+	 */
+	schannel_delete_challenge(dce_call->conn->dce_ctx->lp_ctx,
+				  r->in.computer_name);
+
+	/*
+	 * According to Microsoft (see bugid #6099)
+	 * Windows 7 looks at the negotiate_flags
+	 * returned in this structure *even if the
+	 * call fails with access denied!
+	 */
+	*r->out.negotiate_flags = negotiate_flags;
+
+	if (!NT_STATUS_IS_OK(orig_status) || trust_account_in_db == NULL) {
+		return orig_status;
+	}
+
+	if (global_reject_md5_client && account_reject_md5_client && explicit_md5_opt) {
+		D_INFO("CVE-2022-38023: Check if option "
+		       "'server reject md5 schannel:%s = yes' not needed!?\n",
+		       trust_account_in_db);
+	} else if (need_md5 && !account_reject_md5_client && explicit_md5_opt) {
+		D_INFO("CVE-2022-38023: Check if option "
+			 "'server reject md5 schannel:%s = no' "
+			 "still needed for a legacy client.\n",
+			 trust_account_in_db);
+	} else if (need_md5 && explicit_md5_opt == NULL) {
+		DEBUG(CVE_2022_38023_error_level, (
+		      "CVE-2022-38023: Check if option "
+		      "'server reject md5 schannel:%s = no' "
+		      "might be needed for a legacy client.\n",
+		      trust_account_in_db));
+	} else if (!account_reject_md5_client && explicit_md5_opt) {
+		DEBUG(CVE_2022_38023_warn_level, (
+		      "CVE-2022-38023: Check if option "
+		      "'server reject md5 schannel:%s = no' not needed!?\n",
+		      trust_account_in_db));
+	}
+
+	if (!global_allow_nt4_crypto && !account_allow_nt4_crypto && explicit_nt4_opt) {
+		D_INFO("CVE-2022-38023: Check if option "
+		       "'allow nt4 crypto:%s = no' not needed!?\n",
+		       trust_account_in_db);
+	} else if (need_des && account_allow_nt4_crypto && explicit_nt4_opt) {
+		D_INFO("CVE-2022-38023: Check if option "
+			 "'allow nt4 crypto:%s = yes' "
+			 "still needed for a legacy client.\n",
+			 trust_account_in_db);
+	} else if (need_des && explicit_nt4_opt == NULL) {
+		DEBUG(CVE_2022_38023_error_level, (
+		      "CVE-2022-38023: Check if option "
+		      "'allow nt4 crypto:%s = yes' "
+		      "might be needed for a legacy client.\n",
+		      trust_account_in_db));
+	} else if (account_allow_nt4_crypto && explicit_nt4_opt) {
+		DEBUG(CVE_2022_38023_warn_level, (
+		      "CVE-2022-38023: Check if option "
+		      "'allow nt4 crypto:%s = yes' not needed!?\n",
+		      trust_account_in_db));
+	}
+
+	return orig_status;
+}
+
+/*
+ * Do the actual processing of a netr_ServerAuthenticate3 message.
+ * called from dcesrv_netr_ServerAuthenticate3, which handles the logging.
+ */
+static NTSTATUS dcesrv_netr_ServerAuthenticate3_helper(
+	struct dcesrv_call_state *dce_call,
+	TALLOC_CTX *mem_ctx,
+	struct netr_ServerAuthenticate3 *r,
+	const char **trust_account_for_search,
+	const char **trust_account_in_db,
+	struct dom_sid **sid)
+{
+	struct netlogon_server_pipe_state *pipe_state = NULL;
+	bool challenge_valid = false;
+	struct netlogon_server_pipe_state challenge;
+	struct netlogon_creds_CredentialState *creds;
+	struct ldb_context *sam_ctx;
+	struct samr_Password *curNtHash = NULL;
+	struct samr_Password *prevNtHash = NULL;
+	uint32_t user_account_control;
+	int num_records;
+	struct ldb_message **msgs;
+	NTSTATUS nt_status;
+	const char *attrs[] = {"unicodePwd", "userAccountControl",
+			       "objectSid", "samAccountName", NULL};
+	uint32_t server_flags = 0;
+	uint32_t negotiate_flags = 0;
+
+	ZERO_STRUCTP(r->out.return_credentials);
+	*r->out.negotiate_flags = 0;
+	*r->out.rid = 0;
+
+	pipe_state = dcesrv_iface_state_find_conn(dce_call,
+			NETLOGON_SERVER_PIPE_STATE_MAGIC,
+			struct netlogon_server_pipe_state);
+	if (pipe_state != NULL) {
+		/*
+		 * If we had a challenge remembered on the connection
+		 * consider this for usage. This can't be cleanup
+		 * by other clients.
+		 *
+		 * This is the default code path for typical clients
+		 * which call netr_ServerReqChallenge() and
+		 * netr_ServerAuthenticate3() on the same dcerpc connection.
+		 */
+		challenge = *pipe_state;
+
+		challenge_valid = true;
+
+	} else {
+		NTSTATUS ntstatus;
+
+		/*
+		 * Fallback and try to get the challenge from
+		 * the global cache.
+		 *
+		 * If too many clients are using this code path,
+		 * they may destroy their cache entries as the
+		 * TDB has a fixed size limited via a lossy hash
+		 *
+		 * The TDB used is the schannel store, which is
+		 * initialised at startup.
+		 *
+		 * NOTE: The challenge is deleted from the DB as soon as it is
+		 * fetched, to prevent reuse.
+		 *
+		 */
+
+		ntstatus = schannel_get_challenge(dce_call->conn->dce_ctx->lp_ctx,
+						  &challenge.client_challenge,
+						  &challenge.server_challenge,
+						  r->in.computer_name);
+
+		if (!NT_STATUS_IS_OK(ntstatus)) {
+			ZERO_STRUCT(challenge);
+		} else {
+			challenge_valid = true;
+		}
+	}
+
+	server_flags = NETLOGON_NEG_ACCOUNT_LOCKOUT |
+		       NETLOGON_NEG_PERSISTENT_SAMREPL |
+		       NETLOGON_NEG_ARCFOUR |
+		       NETLOGON_NEG_PROMOTION_COUNT |
+		       NETLOGON_NEG_CHANGELOG_BDC |
+		       NETLOGON_NEG_FULL_SYNC_REPL |
+		       NETLOGON_NEG_MULTIPLE_SIDS |
+		       NETLOGON_NEG_REDO |
+		       NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL |
+		       NETLOGON_NEG_SEND_PASSWORD_INFO_PDC |
+		       NETLOGON_NEG_GENERIC_PASSTHROUGH |
+		       NETLOGON_NEG_CONCURRENT_RPC |
+		       NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL |
+		       NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL |
+		       NETLOGON_NEG_STRONG_KEYS |
+		       NETLOGON_NEG_TRANSITIVE_TRUSTS |
+		       NETLOGON_NEG_DNS_DOMAIN_TRUSTS |
+		       NETLOGON_NEG_PASSWORD_SET2 |
+		       NETLOGON_NEG_GETDOMAININFO |
+		       NETLOGON_NEG_CROSS_FOREST_TRUSTS |
+		       NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION |
+		       NETLOGON_NEG_RODC_PASSTHROUGH |
+		       NETLOGON_NEG_SUPPORTS_AES |
+		       NETLOGON_NEG_AUTHENTICATED_RPC_LSASS |
+		       NETLOGON_NEG_AUTHENTICATED_RPC;
+
+	/*
+	 * If weak crypto is disabled, do not announce that we support RC4.
+	 */
+	if (lpcfg_weak_crypto(dce_call->conn->dce_ctx->lp_ctx) ==
+	    SAMBA_WEAK_CRYPTO_DISALLOWED) {
+		server_flags &= ~NETLOGON_NEG_ARCFOUR;
+	}
+
+	negotiate_flags = *r->in.negotiate_flags & server_flags;
+
+	switch (r->in.secure_channel_type) {
+	case SEC_CHAN_WKSTA:
+	case SEC_CHAN_DNS_DOMAIN:
+	case SEC_CHAN_DOMAIN:
+	case SEC_CHAN_BDC:
+	case SEC_CHAN_RODC:
+		break;
+	case SEC_CHAN_NULL:
+		return dcesrv_netr_ServerAuthenticate3_check_downgrade(
+				dce_call, r, pipe_state, negotiate_flags,
+				NULL, /* trust_account_in_db */
+				NT_STATUS_INVALID_PARAMETER);
+	default:
+		DEBUG(1, ("Client asked for an invalid secure channel type: %d\n",
+			  r->in.secure_channel_type));
+		return dcesrv_netr_ServerAuthenticate3_check_downgrade(
+				dce_call, r, pipe_state, negotiate_flags,
+				NULL, /* trust_account_in_db */
+				NT_STATUS_INVALID_PARAMETER);
+	}
+
+	sam_ctx = dcesrv_samdb_connect_as_system(mem_ctx, dce_call);
+	if (sam_ctx == NULL) {
+		return dcesrv_netr_ServerAuthenticate3_check_downgrade(
+				dce_call, r, pipe_state, negotiate_flags,
+				NULL, /* trust_account_in_db */
+				NT_STATUS_INVALID_SYSTEM_SERVICE);
+	}
+
+	if (r->in.secure_channel_type == SEC_CHAN_DOMAIN ||
+	    r->in.secure_channel_type == SEC_CHAN_DNS_DOMAIN)
+	{
+		struct ldb_message *tdo_msg = NULL;
+		const char * const tdo_attrs[] = {
+			"trustAuthIncoming",
+			"trustAttributes",
+			"flatName",
+			NULL
+		};
+		char *encoded_name = NULL;
+		size_t len;
+		const char *flatname = NULL;
+		char trailer = '$';
+		bool require_trailer = true;
+		const char *netbios = NULL;
+		const char *dns = NULL;
+
+		if (r->in.secure_channel_type == SEC_CHAN_DNS_DOMAIN) {
+			trailer = '.';
+			require_trailer = false;
+		}
+
+		encoded_name = ldb_binary_encode_string(mem_ctx,
+							r->in.account_name);
+		if (encoded_name == NULL) {
+			return dcesrv_netr_ServerAuthenticate3_check_downgrade(
+				dce_call, r, pipe_state, negotiate_flags,
+				NULL, /* trust_account_in_db */
+				NT_STATUS_NO_MEMORY);
+		}
+
+		len = strlen(encoded_name);
+		if (len < 2) {
+			return dcesrv_netr_ServerAuthenticate3_check_downgrade(
+				dce_call, r, pipe_state, negotiate_flags,
+				NULL, /* trust_account_in_db */
+				NT_STATUS_NO_TRUST_SAM_ACCOUNT);
+		}
+
+		if (require_trailer && encoded_name[len - 1] != trailer) {
+			return dcesrv_netr_ServerAuthenticate3_check_downgrade(
+				dce_call, r, pipe_state, negotiate_flags,
+				NULL, /* trust_account_in_db */
+				NT_STATUS_NO_TRUST_SAM_ACCOUNT);
+		}
+		encoded_name[len - 1] = '\0';
+
+		if (r->in.secure_channel_type == SEC_CHAN_DNS_DOMAIN) {
+			dns = encoded_name;
+		} else {
+			netbios = encoded_name;
+		}
+
+		nt_status = dsdb_trust_search_tdo(sam_ctx,
+						  netbios, dns,
+						  tdo_attrs, mem_ctx, &tdo_msg);
+		if (NT_STATUS_EQUAL(nt_status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+			DEBUG(2, ("Client asked for a trusted domain secure channel, "
+				  "but there's no tdo for [%s] => [%s] \n",
+				  log_escape(mem_ctx, r->in.account_name),
+				  encoded_name));
+			return dcesrv_netr_ServerAuthenticate3_check_downgrade(
+				dce_call, r, pipe_state, negotiate_flags,
+				NULL, /* trust_account_in_db */
+				NT_STATUS_NO_TRUST_SAM_ACCOUNT);
+		}
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			return dcesrv_netr_ServerAuthenticate3_check_downgrade(
+				dce_call, r, pipe_state, negotiate_flags,
+				NULL, /* trust_account_in_db */
+				nt_status);
+		}
+
+		nt_status = dsdb_trust_get_incoming_passwords(tdo_msg, mem_ctx,
+							      &curNtHash,
+							      &prevNtHash);
+		if (NT_STATUS_EQUAL(nt_status, NT_STATUS_ACCOUNT_DISABLED)) {
+			return dcesrv_netr_ServerAuthenticate3_check_downgrade(
+				dce_call, r, pipe_state, negotiate_flags,
+				NULL, /* trust_account_in_db */
+				NT_STATUS_NO_TRUST_SAM_ACCOUNT);
+		}
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			return dcesrv_netr_ServerAuthenticate3_check_downgrade(
+				dce_call, r, pipe_state, negotiate_flags,
+				NULL, /* trust_account_in_db */
+				nt_status);
+		}
+
+		flatname = ldb_msg_find_attr_as_string(tdo_msg, "flatName", NULL);
+		if (flatname == NULL) {
+			return dcesrv_netr_ServerAuthenticate3_check_downgrade(
+				dce_call, r, pipe_state, negotiate_flags,
+				NULL, /* trust_account_in_db */
+				NT_STATUS_NO_TRUST_SAM_ACCOUNT);
+		}
+
+		*trust_account_for_search = talloc_asprintf(mem_ctx, "%s$", flatname);
+		if (*trust_account_for_search == NULL) {
+			return dcesrv_netr_ServerAuthenticate3_check_downgrade(
+				dce_call, r, pipe_state, negotiate_flags,
+				NULL, /* trust_account_in_db */
+				NT_STATUS_NO_MEMORY);
+		}
+	} else {
+		*trust_account_for_search = r->in.account_name;
+	}
+
+	/* pull the user attributes */
+	num_records = gendb_search(sam_ctx, mem_ctx, NULL, &msgs, attrs,
+				   "(&(sAMAccountName=%s)(objectclass=user))",
+				   ldb_binary_encode_string(mem_ctx,
+							    *trust_account_for_search));
+
+	if (num_records == 0) {
+		DEBUG(3,("Couldn't find user [%s] in samdb.\n",
+			 log_escape(mem_ctx, r->in.account_name)));
+		return dcesrv_netr_ServerAuthenticate3_check_downgrade(
+				dce_call, r, pipe_state, negotiate_flags,
+				NULL, /* trust_account_in_db */
+				NT_STATUS_NO_TRUST_SAM_ACCOUNT);
+	}
+
+	if (num_records > 1) {
+		DEBUG(0,("Found %d records matching user [%s]\n",
+			 num_records,
+			 log_escape(mem_ctx, r->in.account_name)));
+		return dcesrv_netr_ServerAuthenticate3_check_downgrade(
+				dce_call, r, pipe_state, negotiate_flags,
+				NULL, /* trust_account_in_db */
+				NT_STATUS_INTERNAL_DB_CORRUPTION);
+	}
+
+	*trust_account_in_db = ldb_msg_find_attr_as_string(msgs[0],
+							   "samAccountName",
+							   NULL);
+	if (*trust_account_in_db == NULL) {
+		DEBUG(0,("No samAccountName returned in record matching user [%s]\n",
+			 r->in.account_name));
+		return dcesrv_netr_ServerAuthenticate3_check_downgrade(
+				dce_call, r, pipe_state, negotiate_flags,
+				NULL, /* trust_account_in_db */
+				NT_STATUS_INTERNAL_DB_CORRUPTION);
+	}
+
+	nt_status = dcesrv_netr_ServerAuthenticate3_check_downgrade(
+			dce_call, r, pipe_state, negotiate_flags,
+			*trust_account_in_db,
+			NT_STATUS_OK);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		return nt_status;
+	}
+
+	user_account_control = ldb_msg_find_attr_as_uint(msgs[0], "userAccountControl", 0);
+
+	if (user_account_control & UF_ACCOUNTDISABLE) {
+		DEBUG(1, ("Account [%s] is disabled\n",
+			  log_escape(mem_ctx, r->in.account_name)));
+		return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
+	}
+
+	switch (r->in.secure_channel_type) {
+	case SEC_CHAN_WKSTA:
+		if (!(user_account_control & UF_WORKSTATION_TRUST_ACCOUNT)) {
+			DBG_WARNING("Client asked for a workstation "
+				    "secure channel, but is not a workstation "
+				    "(member server) acb flags: 0x%x\n",
+				    user_account_control);
+			return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
+		}
+		break;
+
+	case SEC_CHAN_DOMAIN:
+		FALL_THROUGH;
+	case SEC_CHAN_DNS_DOMAIN:
+		if (!(user_account_control & UF_INTERDOMAIN_TRUST_ACCOUNT)) {
+			DBG_WARNING("Client asked for a trusted domain "
+				    "secure channel, but is not a trusted "
+				    "domain: acb flags: 0x%x\n",
+				    user_account_control);
+			return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
+		}
+		break;
+
+	case SEC_CHAN_BDC:
+		if (!(user_account_control & UF_SERVER_TRUST_ACCOUNT)) {
+			DBG_WARNING("Client asked for a server "
+				    "secure channel, but is not a server "
+				    "(domain controller): acb flags: 0x%x\n",
+				    user_account_control);
+			return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
+		}
+		break;
+
+	case SEC_CHAN_RODC:
+		if (!(user_account_control & UF_PARTIAL_SECRETS_ACCOUNT)) {
+			DBG_WARNING("Client asked for a RODC secure channel, "
+				    "but is not a RODC: acb flags: 0x%x\n",
+				    user_account_control);
+			return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
+		}
+		break;
+
+	default:
+		/* we should never reach this */
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	if (!(user_account_control & UF_INTERDOMAIN_TRUST_ACCOUNT)) {
+		nt_status = samdb_result_passwords_no_lockout(mem_ctx,
+					dce_call->conn->dce_ctx->lp_ctx,
+					msgs[0], &curNtHash);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			return NT_STATUS_ACCESS_DENIED;
+		}
+	}
+
+	if (curNtHash == NULL) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	if (!challenge_valid) {
+		DEBUG(1, ("No challenge requested by client [%s/%s], "
+			  "cannot authenticate\n",
+			  log_escape(mem_ctx, r->in.computer_name),
+			  log_escape(mem_ctx, r->in.account_name)));
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	creds = netlogon_creds_server_init(mem_ctx,
+					   r->in.account_name,
+					   r->in.computer_name,
+					   r->in.secure_channel_type,
+					   &challenge.client_challenge,
+					   &challenge.server_challenge,
+					   curNtHash,
+					   r->in.credentials,
+					   r->out.return_credentials,
+					   negotiate_flags);
+	if (creds == NULL && prevNtHash != NULL) {
+		/*
+		 * We fallback to the previous password for domain trusts.
+		 *
+		 * Note that lpcfg_old_password_allowed_period() doesn't
+		 * apply here.
+		 */
+		creds = netlogon_creds_server_init(mem_ctx,
+						   r->in.account_name,
+						   r->in.computer_name,
+						   r->in.secure_channel_type,
+						   &challenge.client_challenge,
+						   &challenge.server_challenge,
+						   prevNtHash,
+						   r->in.credentials,
+						   r->out.return_credentials,
+						   negotiate_flags);
+	}
+
+	if (creds == NULL) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+	creds->sid = samdb_result_dom_sid(creds, msgs[0], "objectSid");
+	*sid = talloc_memdup(mem_ctx, creds->sid, sizeof(struct dom_sid));
+
+	nt_status = schannel_save_creds_state(mem_ctx,
+					      dce_call->conn->dce_ctx->lp_ctx,
+					      creds);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		ZERO_STRUCTP(r->out.return_credentials);
+		return nt_status;
+	}
+
+	*r->out.rid = samdb_result_rid_from_sid(mem_ctx, msgs[0],
+						"objectSid", 0);
+
+	return NT_STATUS_OK;
+}
+
+/*
+ * Log a netr_ServerAuthenticate3 request, and then invoke
+ * dcesrv_netr_ServerAuthenticate3_helper to perform the actual processing
+ */
+static NTSTATUS dcesrv_netr_ServerAuthenticate3(
+	struct dcesrv_call_state *dce_call,
+	TALLOC_CTX *mem_ctx,
+	struct netr_ServerAuthenticate3 *r)
+{
+	NTSTATUS status;
+	struct dom_sid *sid = NULL;
+	const char *trust_account_for_search = NULL;
+	const char *trust_account_in_db = NULL;
+	struct imessaging_context *imsg_ctx =
+		dcesrv_imessaging_context(dce_call->conn);
+	struct auth_usersupplied_info ui = {
+		.local_host = dce_call->conn->local_address,
+		.remote_host = dce_call->conn->remote_address,
+		.client = {
+			.account_name = r->in.account_name,
+			.domain_name = lpcfg_workgroup(dce_call->conn->dce_ctx->lp_ctx),
+		},
+		.service_description = "NETLOGON",
+		.auth_description = "ServerAuthenticate",
+		.netlogon_trust_account = {
+			.computer_name = r->in.computer_name,
+			.negotiate_flags = *r->in.negotiate_flags,
+			.secure_channel_type = r->in.secure_channel_type,
+		},
+	};
+
+	status = dcesrv_netr_ServerAuthenticate3_helper(dce_call,
+							mem_ctx,
+							r,
+							&trust_account_for_search,
+							&trust_account_in_db,
+							&sid);
+	ui.netlogon_trust_account.sid = sid;
+	ui.netlogon_trust_account.account_name = trust_account_in_db;
+	ui.mapped.account_name = trust_account_for_search;
+	log_authentication_event(
+		imsg_ctx,
+		dce_call->conn->dce_ctx->lp_ctx,
+		NULL,
+		&ui,
+		status,
+		lpcfg_workgroup(dce_call->conn->dce_ctx->lp_ctx),
+		trust_account_in_db,
+		sid,
+		NULL /* client_audit_info */,
+		NULL /* server_audit_info */);
+
+	return status;
+}
+static NTSTATUS dcesrv_netr_ServerAuthenticate(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+					struct netr_ServerAuthenticate *r)
+{
+	struct netr_ServerAuthenticate3 a;
+	uint32_t rid;
+	/* TODO:
+	 * negotiate_flags is used as an [in] parameter
+	 * so it need to be initialised.
+	 *
+	 * (I think ... = 0; seems wrong here --metze)
+	 */
+	uint32_t negotiate_flags_in = 0;
+	uint32_t negotiate_flags_out = 0;
+
+	a.in.server_name		= r->in.server_name;
+	a.in.account_name		= r->in.account_name;
+	a.in.secure_channel_type	= r->in.secure_channel_type;
+	a.in.computer_name		= r->in.computer_name;
+	a.in.credentials		= r->in.credentials;
+	a.in.negotiate_flags		= &negotiate_flags_in;
+
+	a.out.return_credentials	= r->out.return_credentials;
+	a.out.rid			= &rid;
+	a.out.negotiate_flags		= &negotiate_flags_out;
+
+	return dcesrv_netr_ServerAuthenticate3(dce_call, mem_ctx, &a);
+}
+
+static NTSTATUS dcesrv_netr_ServerAuthenticate2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+					 struct netr_ServerAuthenticate2 *r)
+{
+	struct netr_ServerAuthenticate3 r3;
+	uint32_t rid = 0;
+
+	r3.in.server_name = r->in.server_name;
+	r3.in.account_name = r->in.account_name;
+	r3.in.secure_channel_type = r->in.secure_channel_type;
+	r3.in.computer_name = r->in.computer_name;
+	r3.in.credentials = r->in.credentials;
+	r3.out.return_credentials = r->out.return_credentials;
+	r3.in.negotiate_flags = r->in.negotiate_flags;
+	r3.out.negotiate_flags = r->out.negotiate_flags;
+	r3.out.rid = &rid;
+
+	return dcesrv_netr_ServerAuthenticate3(dce_call, mem_ctx, &r3);
+}
+
+/*
+  Change the machine account password for the currently connected
+  client.  Supplies only the NT#.
+*/
+
+static NTSTATUS dcesrv_netr_ServerPasswordSet(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				       struct netr_ServerPasswordSet *r)
+{
+	struct netlogon_creds_CredentialState *creds;
+	struct ldb_context *sam_ctx;
+	NTSTATUS nt_status;
+
+	nt_status = dcesrv_netr_creds_server_step_check(dce_call,
+							mem_ctx,
+							r->in.computer_name,
+							r->in.credential, r->out.return_authenticator,
+							&creds);
+	NT_STATUS_NOT_OK_RETURN(nt_status);
+
+	sam_ctx = dcesrv_samdb_connect_as_system(mem_ctx, dce_call);
+	if (sam_ctx == NULL) {
+		return NT_STATUS_INVALID_SYSTEM_SERVICE;
+	}
+
+	nt_status = netlogon_creds_des_decrypt(creds, r->in.new_password);
+	NT_STATUS_NOT_OK_RETURN(nt_status);
+
+	/* Using the sid for the account as the key, set the password */
+	nt_status = samdb_set_password_sid(sam_ctx, mem_ctx,
+					   creds->sid,
+					   NULL, /* Don't have version */
+					   NULL, /* Don't have plaintext */
+					   r->in.new_password,
+					   DSDB_PASSWORD_CHECKED_AND_CORRECT, /* Password change */
+					   NULL, NULL);
+	return nt_status;
+}
+
+/*
+  Change the machine account password for the currently connected
+  client.  Supplies new plaintext.
+*/
+static NTSTATUS dcesrv_netr_ServerPasswordSet2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				       struct netr_ServerPasswordSet2 *r)
+{
+	struct netlogon_creds_CredentialState *creds;
+	struct ldb_context *sam_ctx;
+	struct NL_PASSWORD_VERSION version = {};
+	const uint32_t *new_version = NULL;
+	NTSTATUS nt_status;
+	DATA_BLOB new_password = data_blob_null;
+	size_t confounder_len;
+	DATA_BLOB dec_blob = data_blob_null;
+	DATA_BLOB enc_blob = data_blob_null;
+	struct samr_CryptPassword password_buf;
+
+	nt_status = dcesrv_netr_creds_server_step_check(dce_call,
+							mem_ctx,
+							r->in.computer_name,
+							r->in.credential, r->out.return_authenticator,
+							&creds);
+	NT_STATUS_NOT_OK_RETURN(nt_status);
+
+	sam_ctx = dcesrv_samdb_connect_as_system(mem_ctx, dce_call);
+	if (sam_ctx == NULL) {
+		return NT_STATUS_INVALID_SYSTEM_SERVICE;
+	}
+
+	memcpy(password_buf.data, r->in.new_password->data, 512);
+	SIVAL(password_buf.data, 512, r->in.new_password->length);
+
+	if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+		nt_status = netlogon_creds_aes_decrypt(creds,
+						       password_buf.data,
+						       516);
+	} else {
+		nt_status = netlogon_creds_arcfour_crypt(creds,
+							 password_buf.data,
+							 516);
+	}
+
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		return nt_status;
+	}
+
+	switch (creds->secure_channel_type) {
+	case SEC_CHAN_DOMAIN:
+	case SEC_CHAN_DNS_DOMAIN: {
+		uint32_t len = IVAL(password_buf.data, 512);
+		if (len <= 500) {
+			uint32_t ofs = 500 - len;
+			uint8_t *p;
+
+			p = password_buf.data + ofs;
+
+			version.ReservedField = IVAL(p, 0);
+			version.PasswordVersionNumber = IVAL(p, 4);
+			version.PasswordVersionPresent = IVAL(p, 8);
+
+			if (version.PasswordVersionPresent == NETLOGON_PASSWORD_VERSION_NUMBER_PRESENT) {
+				new_version = &version.PasswordVersionNumber;
+			}
+		}}
+		break;
+	default:
+		break;
+	}
+
+	if (!extract_pw_from_buffer(mem_ctx, password_buf.data, &new_password)) {
+		DEBUG(3,("samr: failed to decode password buffer\n"));
+		return NT_STATUS_WRONG_PASSWORD;
+	}
+
+	/*
+	 * Make sure the length field was encrypted,
+	 * otherwise we are under attack.
+	 */
+	if (new_password.length == r->in.new_password->length) {
+		DBG_WARNING("Length[%zu] field not encrypted\n",
+			    new_password.length);
+		return NT_STATUS_WRONG_PASSWORD;
+	}
+
+	/*
+	 * We don't allow empty passwords for machine accounts.
+	 */
+	if (new_password.length < 2) {
+		DBG_WARNING("Empty password Length[%zu]\n",
+			    new_password.length);
+		return NT_STATUS_WRONG_PASSWORD;
+	}
+
+	/*
+	 * Make sure the confounder part of CryptPassword
+	 * buffer was encrypted, otherwise we are under attack.
+	 */
+	confounder_len = 512 - new_password.length;
+	enc_blob = data_blob_const(r->in.new_password->data, confounder_len);
+	dec_blob = data_blob_const(password_buf.data, confounder_len);
+	if (confounder_len > 0 && data_blob_equal_const_time(&dec_blob, &enc_blob)) {
+		DBG_WARNING("Confounder buffer not encrypted Length[%zu]\n",
+			    confounder_len);
+		return NT_STATUS_WRONG_PASSWORD;
+	}
+
+	/*
+	 * Check that the password part was actually encrypted,
+	 * otherwise we are under attack.
+	 */
+	enc_blob = data_blob_const(r->in.new_password->data + confounder_len,
+				   new_password.length);
+	dec_blob = data_blob_const(password_buf.data + confounder_len,
+				   new_password.length);
+	if (data_blob_equal_const_time(&dec_blob, &enc_blob)) {
+		DBG_WARNING("Password buffer not encrypted Length[%zu]\n",
+			    new_password.length);
+		return NT_STATUS_WRONG_PASSWORD;
+	}
+
+	/*
+	 * don't allow zero buffers
+	 */
+	if (all_zero(new_password.data, new_password.length)) {
+		DBG_WARNING("Password zero buffer Length[%zu]\n",
+			    new_password.length);
+		return NT_STATUS_WRONG_PASSWORD;
+	}
+
+	/* Using the sid for the account as the key, set the password */
+	nt_status = samdb_set_password_sid(sam_ctx, mem_ctx,
+					   creds->sid,
+					   new_version,
+					   &new_password, /* we have plaintext */
+					   NULL,
+					   DSDB_PASSWORD_CHECKED_AND_CORRECT, /* Password change */
+					   NULL, NULL);
+	return nt_status;
+}
+
+
+/*
+  netr_LogonUasLogon
+*/
+static WERROR dcesrv_netr_LogonUasLogon(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				 struct netr_LogonUasLogon *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  netr_LogonUasLogoff
+*/
+static WERROR dcesrv_netr_LogonUasLogoff(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct netr_LogonUasLogoff *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+static NTSTATUS dcesrv_netr_LogonSamLogon_check(struct dcesrv_call_state *dce_call,
+						const struct netr_LogonSamLogonEx *r)
+{
+	enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
+
+	switch (r->in.logon_level) {
+	case NetlogonInteractiveInformation:
+	case NetlogonServiceInformation:
+	case NetlogonInteractiveTransitiveInformation:
+	case NetlogonServiceTransitiveInformation:
+		if (r->in.logon->password == NULL) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		switch (r->in.validation_level) {
+		case NetlogonValidationSamInfo:  /* 2 */
+		case NetlogonValidationSamInfo2: /* 3 */
+		case NetlogonValidationSamInfo4: /* 6 */
+			break;
+		default:
+			return NT_STATUS_INVALID_INFO_CLASS;
+		}
+
+		break;
+	case NetlogonNetworkInformation:
+	case NetlogonNetworkTransitiveInformation:
+		if (r->in.logon->network == NULL) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		switch (r->in.validation_level) {
+		case NetlogonValidationSamInfo:  /* 2 */
+		case NetlogonValidationSamInfo2: /* 3 */
+		case NetlogonValidationSamInfo4: /* 6 */
+			break;
+		default:
+			return NT_STATUS_INVALID_INFO_CLASS;
+		}
+
+		break;
+
+	case NetlogonGenericInformation:
+		if (r->in.logon->generic == NULL) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		switch (r->in.validation_level) {
+		/* TODO: case NetlogonValidationGenericInfo: 4 */
+		case NetlogonValidationGenericInfo2: /* 5 */
+			break;
+		default:
+			return NT_STATUS_INVALID_INFO_CLASS;
+		}
+
+		break;
+	default:
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	dcesrv_call_auth_info(dce_call, NULL, &auth_level);
+
+	switch (r->in.validation_level) {
+	case NetlogonValidationSamInfo4: /* 6 */
+		if (auth_level < DCERPC_AUTH_LEVEL_PRIVACY) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+		break;
+
+	default:
+		break;
+	}
+
+	return NT_STATUS_OK;
+}
+
+struct dcesrv_netr_LogonSamLogon_base_state {
+	struct dcesrv_call_state *dce_call;
+
+	TALLOC_CTX *mem_ctx;
+
+	struct netlogon_creds_CredentialState *creds;
+
+	struct netr_LogonSamLogonEx r;
+
+	uint32_t _ignored_flags;
+
+	struct {
+		struct netr_LogonSamLogon *lsl;
+		struct netr_LogonSamLogonWithFlags *lslwf;
+		struct netr_LogonSamLogonEx *lslex;
+	} _r;
+
+	struct kdc_check_generic_kerberos kr;
+};
+
+static void dcesrv_netr_LogonSamLogon_base_auth_done(struct tevent_req *subreq);
+static void dcesrv_netr_LogonSamLogon_base_krb5_done(struct tevent_req *subreq);
+static void dcesrv_netr_LogonSamLogon_base_reply(
+	struct dcesrv_netr_LogonSamLogon_base_state *state);
+
+/*
+  netr_LogonSamLogon_base
+
+  This version of the function allows other wrappers to say 'do not check the credentials'
+
+  We can't do the traditional 'wrapping' format completely, as this
+  function must only run under schannel
+*/
+static NTSTATUS dcesrv_netr_LogonSamLogon_base_call(struct dcesrv_netr_LogonSamLogon_base_state *state)
+{
+	struct dcesrv_call_state *dce_call = state->dce_call;
+	struct imessaging_context *imsg_ctx =
+		dcesrv_imessaging_context(dce_call->conn);
+	TALLOC_CTX *mem_ctx = state->mem_ctx;
+	struct netr_LogonSamLogonEx *r = &state->r;
+	struct netlogon_creds_CredentialState *creds = state->creds;
+	struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
+	const char *workgroup = lpcfg_workgroup(lp_ctx);
+	struct auth4_context *auth_context = NULL;
+	struct auth_usersupplied_info *user_info = NULL;
+	NTSTATUS nt_status;
+	struct tevent_req *subreq = NULL;
+	enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
+	enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
+
+	dcesrv_call_auth_info(dce_call, &auth_type, &auth_level);
+
+	switch (dce_call->pkt.u.request.opnum) {
+	case NDR_NETR_LOGONSAMLOGON:
+	case NDR_NETR_LOGONSAMLOGONWITHFLAGS:
+		/*
+		 * These already called dcesrv_netr_check_schannel()
+		 * via dcesrv_netr_creds_server_step_check()
+		 */
+		break;
+	case NDR_NETR_LOGONSAMLOGONEX:
+	default:
+		if (auth_type != DCERPC_AUTH_TYPE_SCHANNEL) {
+			return NT_STATUS_ACCESS_DENIED;
+		}
+
+		nt_status = dcesrv_netr_check_schannel(dce_call,
+						       creds,
+						       auth_type,
+						       auth_level,
+						       dce_call->pkt.u.request.opnum);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			return nt_status;
+		}
+		break;
+	}
+
+	*r->out.authoritative = 1;
+
+	if (*r->in.flags & NETLOGON_SAMLOGON_FLAG_PASS_TO_FOREST_ROOT) {
+		/*
+		 * Currently we're always the forest root ourself.
+		 */
+		return NT_STATUS_NO_SUCH_USER;
+	}
+
+	if (*r->in.flags & NETLOGON_SAMLOGON_FLAG_PASS_CROSS_FOREST_HOP) {
+		/*
+		 * Currently we don't support trusts correctly yet.
+		 */
+		return NT_STATUS_NO_SUCH_USER;
+	}
+
+	user_info = talloc_zero(mem_ctx, struct auth_usersupplied_info);
+	NT_STATUS_HAVE_NO_MEMORY(user_info);
+
+	user_info->service_description = "SamLogon";
+
+	nt_status = netlogon_creds_decrypt_samlogon_logon(creds,
+							  r->in.logon_level,
+							  r->in.logon);
+	NT_STATUS_NOT_OK_RETURN(nt_status);
+
+	switch (r->in.logon_level) {
+	case NetlogonInteractiveInformation:
+	case NetlogonServiceInformation:
+	case NetlogonInteractiveTransitiveInformation:
+	case NetlogonServiceTransitiveInformation:
+	case NetlogonNetworkInformation:
+	case NetlogonNetworkTransitiveInformation:
+
+		nt_status = auth_context_create_for_netlogon(mem_ctx,
+					dce_call->event_ctx,
+					imsg_ctx,
+					dce_call->conn->dce_ctx->lp_ctx,
+					&auth_context);
+		NT_STATUS_NOT_OK_RETURN(nt_status);
+
+		user_info->remote_host = dce_call->conn->remote_address;
+		user_info->local_host = dce_call->conn->local_address;
+
+		user_info->netlogon_trust_account.secure_channel_type
+			= creds->secure_channel_type;
+		user_info->netlogon_trust_account.negotiate_flags
+			= creds->negotiate_flags;
+
+		/*
+		 * These two can be unrelated when the account is
+		 * actually that of a trusted domain, so we want to
+		 * know which DC in that trusted domain contacted
+		 * us
+		 */
+		user_info->netlogon_trust_account.computer_name
+			= creds->computer_name;
+		user_info->netlogon_trust_account.account_name
+			= creds->account_name;
+		user_info->netlogon_trust_account.sid
+			= creds->sid;
+
+		break;
+	default:
+		/* We do not need to set up the user_info in this case */
+		break;
+	}
+
+	switch (r->in.logon_level) {
+	case NetlogonInteractiveInformation:
+	case NetlogonServiceInformation:
+	case NetlogonInteractiveTransitiveInformation:
+	case NetlogonServiceTransitiveInformation:
+		user_info->auth_description = "interactive";
+
+		user_info->logon_parameters
+			= r->in.logon->password->identity_info.parameter_control;
+		user_info->client.account_name
+			= r->in.logon->password->identity_info.account_name.string;
+		user_info->client.domain_name
+			= r->in.logon->password->identity_info.domain_name.string;
+		user_info->workstation_name
+			= r->in.logon->password->identity_info.workstation.string;
+		user_info->flags |= USER_INFO_INTERACTIVE_LOGON;
+		user_info->password_state = AUTH_PASSWORD_HASH;
+
+		user_info->password.hash.lanman = talloc(user_info, struct samr_Password);
+		NT_STATUS_HAVE_NO_MEMORY(user_info->password.hash.lanman);
+		*user_info->password.hash.lanman = r->in.logon->password->lmpassword;
+
+		user_info->password.hash.nt = talloc(user_info, struct samr_Password);
+		NT_STATUS_HAVE_NO_MEMORY(user_info->password.hash.nt);
+		*user_info->password.hash.nt = r->in.logon->password->ntpassword;
+
+		user_info->logon_id
+		    = r->in.logon->password->identity_info.logon_id;
+
+		break;
+	case NetlogonNetworkInformation:
+	case NetlogonNetworkTransitiveInformation:
+		user_info->auth_description = "network";
+
+		nt_status = auth_context_set_challenge(
+			auth_context,
+			r->in.logon->network->challenge,
+			"netr_LogonSamLogonWithFlags");
+		NT_STATUS_NOT_OK_RETURN(nt_status);
+
+		user_info->logon_parameters
+			= r->in.logon->network->identity_info.parameter_control;
+		user_info->client.account_name
+			= r->in.logon->network->identity_info.account_name.string;
+		user_info->client.domain_name
+			= r->in.logon->network->identity_info.domain_name.string;
+		user_info->workstation_name
+			= r->in.logon->network->identity_info.workstation.string;
+
+		user_info->password_state = AUTH_PASSWORD_RESPONSE;
+		user_info->password.response.lanman = data_blob_talloc(mem_ctx, r->in.logon->network->lm.data, r->in.logon->network->lm.length);
+		user_info->password.response.nt = data_blob_talloc(mem_ctx, r->in.logon->network->nt.data, r->in.logon->network->nt.length);
+
+		user_info->logon_id
+		    = r->in.logon->network->identity_info.logon_id;
+
+		nt_status = NTLMv2_RESPONSE_verify_netlogon_creds(
+					user_info->client.account_name,
+					user_info->client.domain_name,
+					user_info->password.response.nt,
+					creds, workgroup);
+		NT_STATUS_NOT_OK_RETURN(nt_status);
+
+		break;
+
+
+	case NetlogonGenericInformation:
+	{
+		if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+			/* OK */
+		} else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
+			/* OK */
+		} else {
+			/* Using DES to verify kerberos tickets makes no sense */
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		if (strcmp(r->in.logon->generic->package_name.string, "Kerberos") == 0) {
+			struct dcerpc_binding_handle *irpc_handle;
+			struct netr_GenericInfo2 *generic = talloc_zero(mem_ctx, struct netr_GenericInfo2);
+			NT_STATUS_HAVE_NO_MEMORY(generic);
+
+			r->out.validation->generic = generic;
+
+			user_info->logon_id
+			    = r->in.logon->generic->identity_info.logon_id;
+
+			irpc_handle = irpc_binding_handle_by_name(mem_ctx,
+								  imsg_ctx,
+								  "kdc_server",
+								  &ndr_table_irpc);
+			if (irpc_handle == NULL) {
+				return NT_STATUS_NO_LOGON_SERVERS;
+			}
+
+			state->kr.in.generic_request =
+				data_blob_const(r->in.logon->generic->data,
+						r->in.logon->generic->length);
+
+			/*
+			 * 60 seconds should be enough
+			 */
+			dcerpc_binding_handle_set_timeout(irpc_handle, 60);
+			subreq = dcerpc_kdc_check_generic_kerberos_r_send(state,
+						state->dce_call->event_ctx,
+						irpc_handle, &state->kr);
+			if (subreq == NULL) {
+				return NT_STATUS_NO_MEMORY;
+			}
+			state->dce_call->state_flags |= DCESRV_CALL_STATE_FLAG_ASYNC;
+			tevent_req_set_callback(subreq,
+					dcesrv_netr_LogonSamLogon_base_krb5_done,
+					state);
+			return NT_STATUS_OK;
+		}
+
+		/* Until we get an implementation of these other packages */
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+	default:
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	subreq = auth_check_password_send(state, state->dce_call->event_ctx,
+					  auth_context, user_info);
+	state->dce_call->state_flags |= DCESRV_CALL_STATE_FLAG_ASYNC;
+	tevent_req_set_callback(subreq,
+				dcesrv_netr_LogonSamLogon_base_auth_done,
+				state);
+	return NT_STATUS_OK;
+}
+
+static void dcesrv_netr_LogonSamLogon_base_auth_done(struct tevent_req *subreq)
+{
+	struct dcesrv_netr_LogonSamLogon_base_state *state =
+		tevent_req_callback_data(subreq,
+		struct dcesrv_netr_LogonSamLogon_base_state);
+	TALLOC_CTX *mem_ctx = state->mem_ctx;
+	struct netr_LogonSamLogonEx *r = &state->r;
+	struct auth_user_info_dc *user_info_dc = NULL;
+	struct netr_SamInfo2 *sam2 = NULL;
+	struct netr_SamInfo3 *sam3 = NULL;
+	struct netr_SamInfo6 *sam6 = NULL;
+	NTSTATUS nt_status;
+
+	nt_status = auth_check_password_recv(subreq, mem_ctx,
+					     &user_info_dc,
+					     r->out.authoritative);
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		r->out.result = nt_status;
+		dcesrv_netr_LogonSamLogon_base_reply(state);
+		return;
+	}
+
+	switch (r->in.validation_level) {
+	case 2:
+		nt_status = auth_convert_user_info_dc_saminfo2(mem_ctx,
+							       user_info_dc,
+							       AUTH_INCLUDE_RESOURCE_GROUPS,
+							       &sam2);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			r->out.result = nt_status;
+			dcesrv_netr_LogonSamLogon_base_reply(state);
+			return;
+		}
+
+		r->out.validation->sam2 = sam2;
+		break;
+
+	case 3:
+		nt_status = auth_convert_user_info_dc_saminfo3(mem_ctx,
+							       user_info_dc,
+							       AUTH_INCLUDE_RESOURCE_GROUPS,
+							       &sam3, NULL);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			r->out.result = nt_status;
+			dcesrv_netr_LogonSamLogon_base_reply(state);
+			return;
+		}
+
+		r->out.validation->sam3 = sam3;
+		break;
+
+	case 6:
+		nt_status = auth_convert_user_info_dc_saminfo6(mem_ctx,
+							       user_info_dc,
+							       AUTH_INCLUDE_RESOURCE_GROUPS,
+							       &sam6, NULL);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			r->out.result = nt_status;
+			dcesrv_netr_LogonSamLogon_base_reply(state);
+			return;
+		}
+
+		r->out.validation->sam6 = sam6;
+		break;
+
+	default:
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			r->out.result = NT_STATUS_INVALID_INFO_CLASS;
+			dcesrv_netr_LogonSamLogon_base_reply(state);
+			return;
+		}
+	}
+
+	/* TODO: Describe and deal with these flags */
+	*r->out.flags = 0;
+
+	r->out.result = NT_STATUS_OK;
+
+	dcesrv_netr_LogonSamLogon_base_reply(state);
+}
+
+static void dcesrv_netr_LogonSamLogon_base_krb5_done(struct tevent_req *subreq)
+{
+	struct dcesrv_netr_LogonSamLogon_base_state *state =
+		tevent_req_callback_data(subreq,
+		struct dcesrv_netr_LogonSamLogon_base_state);
+	TALLOC_CTX *mem_ctx = state->mem_ctx;
+	struct netr_LogonSamLogonEx *r = &state->r;
+	struct netr_GenericInfo2 *generic = NULL;
+	NTSTATUS status;
+
+	status = dcerpc_kdc_check_generic_kerberos_r_recv(subreq, mem_ctx);
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(status)) {
+		r->out.result = status;
+		dcesrv_netr_LogonSamLogon_base_reply(state);
+		return;
+	}
+
+	generic = r->out.validation->generic;
+	generic->length = state->kr.out.generic_reply.length;
+	generic->data = state->kr.out.generic_reply.data;
+
+	/* TODO: Describe and deal with these flags */
+	*r->out.flags = 0;
+
+	r->out.result = NT_STATUS_OK;
+
+	dcesrv_netr_LogonSamLogon_base_reply(state);
+}
+
+static void dcesrv_netr_LogonSamLogon_base_reply(
+	struct dcesrv_netr_LogonSamLogon_base_state *state)
+{
+	struct netr_LogonSamLogonEx *r = &state->r;
+	NTSTATUS status;
+
+	if (NT_STATUS_IS_OK(r->out.result)) {
+		status = netlogon_creds_encrypt_samlogon_validation(state->creds,
+								    r->in.validation_level,
+								    r->out.validation);
+		if (!NT_STATUS_IS_OK(status)) {
+			DBG_ERR("netlogon_creds_encrypt_samlogon_validation() "
+				"failed - %s\n",
+				nt_errstr(status));
+		}
+	}
+
+	if (state->_r.lslex != NULL) {
+		struct netr_LogonSamLogonEx *_r = state->_r.lslex;
+		_r->out.result = r->out.result;
+	} else if (state->_r.lslwf != NULL) {
+		struct netr_LogonSamLogonWithFlags *_r = state->_r.lslwf;
+		_r->out.result = r->out.result;
+	} else if (state->_r.lsl != NULL) {
+		struct netr_LogonSamLogon *_r = state->_r.lsl;
+		_r->out.result = r->out.result;
+	}
+
+	dcesrv_async_reply(state->dce_call);
+}
+
+static NTSTATUS dcesrv_netr_LogonSamLogonEx(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				     struct netr_LogonSamLogonEx *r)
+{
+	struct dcesrv_netr_LogonSamLogon_base_state *state;
+	NTSTATUS nt_status;
+
+	*r->out.authoritative = 1;
+
+	state = talloc_zero(mem_ctx, struct dcesrv_netr_LogonSamLogon_base_state);
+	if (state == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	state->dce_call = dce_call;
+	state->mem_ctx = mem_ctx;
+
+	state->r.in.server_name      = r->in.server_name;
+	state->r.in.computer_name    = r->in.computer_name;
+	state->r.in.logon_level      = r->in.logon_level;
+	state->r.in.logon            = r->in.logon;
+	state->r.in.validation_level = r->in.validation_level;
+	state->r.in.flags            = r->in.flags;
+	state->r.out.validation      = r->out.validation;
+	state->r.out.authoritative   = r->out.authoritative;
+	state->r.out.flags           = r->out.flags;
+
+	state->_r.lslex = r;
+
+	nt_status = dcesrv_netr_LogonSamLogon_check(dce_call, &state->r);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		return nt_status;
+	}
+
+	nt_status = schannel_get_creds_state(mem_ctx,
+					     dce_call->conn->dce_ctx->lp_ctx,
+					     r->in.computer_name, &state->creds);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		return nt_status;
+	}
+
+	nt_status = dcesrv_netr_LogonSamLogon_base_call(state);
+
+	if (dce_call->state_flags & DCESRV_CALL_STATE_FLAG_ASYNC) {
+		return nt_status;
+	}
+
+	return nt_status;
+}
+
+/*
+  netr_LogonSamLogonWithFlags
+
+*/
+static NTSTATUS dcesrv_netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+					    struct netr_LogonSamLogonWithFlags *r)
+{
+	struct dcesrv_netr_LogonSamLogon_base_state *state;
+	NTSTATUS nt_status;
+
+	*r->out.authoritative = 1;
+
+	state = talloc_zero(mem_ctx, struct dcesrv_netr_LogonSamLogon_base_state);
+	if (state == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	state->dce_call = dce_call;
+	state->mem_ctx = mem_ctx;
+
+	state->r.in.server_name      = r->in.server_name;
+	state->r.in.computer_name    = r->in.computer_name;
+	state->r.in.logon_level      = r->in.logon_level;
+	state->r.in.logon            = r->in.logon;
+	state->r.in.validation_level = r->in.validation_level;
+	state->r.in.flags            = r->in.flags;
+	state->r.out.validation      = r->out.validation;
+	state->r.out.authoritative   = r->out.authoritative;
+	state->r.out.flags           = r->out.flags;
+
+	state->_r.lslwf = r;
+
+	nt_status = dcesrv_netr_LogonSamLogon_check(dce_call, &state->r);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		return nt_status;
+	}
+
+	r->out.return_authenticator = talloc_zero(mem_ctx,
+						  struct netr_Authenticator);
+	if (r->out.return_authenticator == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	nt_status = dcesrv_netr_creds_server_step_check(dce_call,
+							mem_ctx,
+							r->in.computer_name,
+							r->in.credential,
+							r->out.return_authenticator,
+							&state->creds);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		return nt_status;
+	}
+
+	nt_status = dcesrv_netr_LogonSamLogon_base_call(state);
+
+	if (dce_call->state_flags & DCESRV_CALL_STATE_FLAG_ASYNC) {
+		return nt_status;
+	}
+
+	return nt_status;
+}
+
+/*
+  netr_LogonSamLogon
+*/
+static NTSTATUS dcesrv_netr_LogonSamLogon(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				   struct netr_LogonSamLogon *r)
+{
+	struct dcesrv_netr_LogonSamLogon_base_state *state;
+	NTSTATUS nt_status;
+
+	*r->out.authoritative = 1;
+
+	state = talloc_zero(mem_ctx, struct dcesrv_netr_LogonSamLogon_base_state);
+	if (state == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	state->dce_call = dce_call;
+	state->mem_ctx = mem_ctx;
+
+	state->r.in.server_name      = r->in.server_name;
+	state->r.in.computer_name    = r->in.computer_name;
+	state->r.in.logon_level      = r->in.logon_level;
+	state->r.in.logon            = r->in.logon;
+	state->r.in.validation_level = r->in.validation_level;
+	state->r.in.flags            = &state->_ignored_flags;
+	state->r.out.validation      = r->out.validation;
+	state->r.out.authoritative   = r->out.authoritative;
+	state->r.out.flags           = &state->_ignored_flags;
+
+	state->_r.lsl = r;
+
+	nt_status = dcesrv_netr_LogonSamLogon_check(dce_call, &state->r);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		return nt_status;
+	}
+
+	r->out.return_authenticator = talloc_zero(mem_ctx,
+						  struct netr_Authenticator);
+	if (r->out.return_authenticator == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	nt_status = dcesrv_netr_creds_server_step_check(dce_call,
+							mem_ctx,
+							r->in.computer_name,
+							r->in.credential,
+							r->out.return_authenticator,
+							&state->creds);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		return nt_status;
+	}
+
+	nt_status = dcesrv_netr_LogonSamLogon_base_call(state);
+
+	if (dce_call->state_flags & DCESRV_CALL_STATE_FLAG_ASYNC) {
+		return nt_status;
+	}
+
+	return nt_status;
+}
+
+
+/*
+  netr_LogonSamLogoff
+*/
+static NTSTATUS dcesrv_netr_LogonSamLogoff(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct netr_LogonSamLogoff *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+
+/*
+  netr_DatabaseDeltas
+*/
+static NTSTATUS dcesrv_netr_DatabaseDeltas(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct netr_DatabaseDeltas *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  netr_DatabaseSync2
+*/
+static NTSTATUS dcesrv_netr_DatabaseSync2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct netr_DatabaseSync2 *r)
+{
+	/* win2k3 native mode returns  "NOT IMPLEMENTED" for this call */
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+
+/*
+  netr_DatabaseSync
+*/
+static NTSTATUS dcesrv_netr_DatabaseSync(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct netr_DatabaseSync *r)
+{
+	struct netr_DatabaseSync2 r2;
+	NTSTATUS status;
+
+	ZERO_STRUCT(r2);
+
+	r2.in.logon_server = r->in.logon_server;
+	r2.in.computername = r->in.computername;
+	r2.in.credential = r->in.credential;
+	r2.in.database_id = r->in.database_id;
+	r2.in.restart_state = SYNCSTATE_NORMAL_STATE;
+	r2.in.sync_context = r->in.sync_context;
+	r2.out.sync_context = r->out.sync_context;
+	r2.out.delta_enum_array = r->out.delta_enum_array;
+	r2.in.preferredmaximumlength = r->in.preferredmaximumlength;
+
+	status = dcesrv_netr_DatabaseSync2(dce_call, mem_ctx, &r2);
+
+	return status;
+}
+
+
+/*
+  netr_AccountDeltas
+*/
+static NTSTATUS dcesrv_netr_AccountDeltas(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct netr_AccountDeltas *r)
+{
+	/* w2k3 returns "NOT IMPLEMENTED" for this call */
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+
+/*
+  netr_AccountSync
+*/
+static NTSTATUS dcesrv_netr_AccountSync(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct netr_AccountSync *r)
+{
+	/* w2k3 returns "NOT IMPLEMENTED" for this call */
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+
+/*
+  netr_GetDcName
+*/
+static WERROR dcesrv_netr_GetDcName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct netr_GetDcName *r)
+{
+	const char * const attrs[] = { NULL };
+	struct ldb_context *sam_ctx;
+	struct ldb_message **res;
+	struct ldb_dn *domain_dn;
+	int ret;
+	const char *dcname;
+
+	/*
+	 * [MS-NRPC] 3.5.5.3.4 NetrGetDCName says
+	 * that the domainname needs to be a valid netbios domain
+	 * name, if it is not NULL.
+	 */
+	if (r->in.domainname) {
+		const char *dot = strchr(r->in.domainname, '.');
+		size_t len = strlen(r->in.domainname);
+
+		if (dot || len > 15) {
+			return WERR_NERR_DCNOTFOUND;
+		}
+
+		/*
+		 * TODO: Should we also verify that only valid
+		 *       netbios name characters are used?
+		 */
+	}
+
+	sam_ctx = dcesrv_samdb_connect_as_user(mem_ctx, dce_call);
+	if (sam_ctx == NULL) {
+		return WERR_DS_UNAVAILABLE;
+	}
+
+	domain_dn = samdb_domain_to_dn(sam_ctx, mem_ctx,
+				       r->in.domainname);
+	if (domain_dn == NULL) {
+		return WERR_NO_SUCH_DOMAIN;
+	}
+
+	ret = gendb_search_dn(sam_ctx, mem_ctx,
+			      domain_dn, &res, attrs);
+	if (ret != 1) {
+		return WERR_NO_SUCH_DOMAIN;
+	}
+
+	/* TODO: - return real IP address
+	 *       - check all r->in.* parameters (server_unc is ignored by w2k3!)
+	 */
+	dcname = talloc_asprintf(mem_ctx, "\\\\%s",
+				 lpcfg_netbios_name(dce_call->conn->dce_ctx->lp_ctx));
+	W_ERROR_HAVE_NO_MEMORY(dcname);
+
+	*r->out.dcname = dcname;
+	return WERR_OK;
+}
+
+struct dcesrv_netr_LogonControl_base_state {
+	struct dcesrv_call_state *dce_call;
+
+	TALLOC_CTX *mem_ctx;
+
+	struct netr_LogonControl2Ex r;
+
+	struct {
+		struct netr_LogonControl *l;
+		struct netr_LogonControl2 *l2;
+		struct netr_LogonControl2Ex *l2ex;
+	} _r;
+};
+
+static void dcesrv_netr_LogonControl_base_done(struct tevent_req *subreq);
+
+static WERROR dcesrv_netr_LogonControl_base_call(struct dcesrv_netr_LogonControl_base_state *state)
+{
+	struct loadparm_context *lp_ctx = state->dce_call->conn->dce_ctx->lp_ctx;
+	struct auth_session_info *session_info =
+		dcesrv_call_session_info(state->dce_call);
+	struct imessaging_context *imsg_ctx =
+		dcesrv_imessaging_context(state->dce_call->conn);
+	enum security_user_level security_level;
+	struct dcerpc_binding_handle *irpc_handle;
+	struct tevent_req *subreq;
+	bool ok;
+
+	/* TODO: check for WERR_INVALID_COMPUTERNAME ? */
+
+	if (state->_r.l != NULL) {
+		/*
+		 * netr_LogonControl
+		 */
+		if (state->r.in.level == 0x00000002) {
+			return WERR_NOT_SUPPORTED;
+		} else if (state->r.in.level != 0x00000001) {
+			return WERR_INVALID_LEVEL;
+		}
+
+		switch (state->r.in.function_code) {
+		case NETLOGON_CONTROL_QUERY:
+		case NETLOGON_CONTROL_REPLICATE:
+		case NETLOGON_CONTROL_SYNCHRONIZE:
+		case NETLOGON_CONTROL_PDC_REPLICATE:
+		case NETLOGON_CONTROL_BREAKPOINT:
+		case NETLOGON_CONTROL_BACKUP_CHANGE_LOG:
+		case NETLOGON_CONTROL_TRUNCATE_LOG:
+			break;
+		default:
+			return WERR_NOT_SUPPORTED;
+		}
+	}
+
+	if (state->r.in.level < 0x00000001) {
+		return WERR_INVALID_LEVEL;
+	}
+
+	if (state->r.in.level > 0x00000004) {
+		return WERR_INVALID_LEVEL;
+	}
+
+	if (state->r.in.function_code == NETLOGON_CONTROL_QUERY) {
+		struct netr_NETLOGON_INFO_1 *info1 = NULL;
+		struct netr_NETLOGON_INFO_3 *info3 = NULL;
+
+		switch (state->r.in.level) {
+		case 0x00000001:
+			info1 = talloc_zero(state->mem_ctx,
+					    struct netr_NETLOGON_INFO_1);
+			if (info1 == NULL) {
+				return WERR_NOT_ENOUGH_MEMORY;
+			}
+			state->r.out.query->info1 = info1;
+			return WERR_OK;
+
+		case 0x00000003:
+			info3 = talloc_zero(state->mem_ctx,
+					    struct netr_NETLOGON_INFO_3);
+			if (info3 == NULL) {
+				return WERR_NOT_ENOUGH_MEMORY;
+			}
+			state->r.out.query->info3 = info3;
+			return WERR_OK;
+
+		default:
+			return WERR_INVALID_PARAMETER;
+		}
+	}
+
+	/*
+	 * Some validations are done before the access check
+	 * and some after the access check
+	 */
+	security_level = security_session_user_level(session_info, NULL);
+	if (security_level < SECURITY_ADMINISTRATOR) {
+		return WERR_ACCESS_DENIED;
+	}
+
+	if (state->_r.l2 != NULL) {
+		/*
+		 * netr_LogonControl2
+		 */
+		if (state->r.in.level == 0x00000004) {
+			return WERR_INVALID_LEVEL;
+		}
+	}
+
+	switch (state->r.in.level) {
+	case 0x00000001:
+		break;
+
+	case 0x00000002:
+		switch (state->r.in.function_code) {
+		case NETLOGON_CONTROL_REDISCOVER:
+		case NETLOGON_CONTROL_TC_QUERY:
+		case NETLOGON_CONTROL_TC_VERIFY:
+			break;
+		default:
+			return WERR_INVALID_PARAMETER;
+		}
+
+		break;
+
+	case 0x00000003:
+		break;
+
+	case 0x00000004:
+		if (state->r.in.function_code != NETLOGON_CONTROL_FIND_USER) {
+			return WERR_INVALID_PARAMETER;
+		}
+
+		break;
+
+	default:
+		return WERR_INVALID_LEVEL;
+	}
+
+	switch (state->r.in.function_code) {
+	case NETLOGON_CONTROL_REDISCOVER:
+	case NETLOGON_CONTROL_TC_QUERY:
+	case NETLOGON_CONTROL_TC_VERIFY:
+		if (state->r.in.level != 2) {
+			return WERR_INVALID_PARAMETER;
+		}
+
+		if (state->r.in.data == NULL) {
+			return WERR_INVALID_PARAMETER;
+		}
+
+		if (state->r.in.data->domain == NULL) {
+			return WERR_INVALID_PARAMETER;
+		}
+
+		break;
+
+	case NETLOGON_CONTROL_CHANGE_PASSWORD:
+		if (state->r.in.level != 1) {
+			return WERR_INVALID_PARAMETER;
+		}
+
+		if (state->r.in.data == NULL) {
+			return WERR_INVALID_PARAMETER;
+		}
+
+		if (state->r.in.data->domain == NULL) {
+			return WERR_INVALID_PARAMETER;
+		}
+
+		ok = lpcfg_is_my_domain_or_realm(lp_ctx,
+						 state->r.in.data->domain);
+		if (!ok) {
+			struct ldb_context *sam_ctx;
+
+			sam_ctx = dcesrv_samdb_connect_as_system(state,
+								 state->dce_call);
+			if (sam_ctx == NULL) {
+				return WERR_DS_UNAVAILABLE;
+			}
+
+			/*
+			 * Secrets for trusted domains can only be triggered on
+			 * the PDC.
+			 */
+			ok = samdb_is_pdc(sam_ctx);
+			TALLOC_FREE(sam_ctx);
+			if (!ok) {
+				return WERR_INVALID_DOMAIN_ROLE;
+			}
+		}
+
+		break;
+	default:
+		return WERR_NOT_SUPPORTED;
+	}
+
+	irpc_handle = irpc_binding_handle_by_name(state,
+						  imsg_ctx,
+						  "winbind_server",
+						  &ndr_table_winbind);
+	if (irpc_handle == NULL) {
+		DEBUG(0,("Failed to get binding_handle for winbind_server task\n"));
+		state->dce_call->fault_code = DCERPC_FAULT_CANT_PERFORM;
+		return WERR_SERVICE_NOT_FOUND;
+	}
+
+	/*
+	 * 60 seconds timeout should be enough
+	 */
+	dcerpc_binding_handle_set_timeout(irpc_handle, 60);
+
+	subreq = dcerpc_winbind_LogonControl_send(state,
+						  state->dce_call->event_ctx,
+						  irpc_handle,
+						  state->r.in.function_code,
+						  state->r.in.level,
+						  state->r.in.data,
+						  state->r.out.query);
+	if (subreq == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+	state->dce_call->state_flags |= DCESRV_CALL_STATE_FLAG_ASYNC;
+	tevent_req_set_callback(subreq,
+				dcesrv_netr_LogonControl_base_done,
+				state);
+
+	return WERR_OK;
+}
+
+static void dcesrv_netr_LogonControl_base_done(struct tevent_req *subreq)
+{
+	struct dcesrv_netr_LogonControl_base_state *state =
+		tevent_req_callback_data(subreq,
+		struct dcesrv_netr_LogonControl_base_state);
+	NTSTATUS status;
+
+	status = dcerpc_winbind_LogonControl_recv(subreq, state->mem_ctx,
+						  &state->r.out.result);
+	TALLOC_FREE(subreq);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
+		state->r.out.result = WERR_TIMEOUT;
+	} else if (!NT_STATUS_IS_OK(status)) {
+		state->dce_call->fault_code = DCERPC_FAULT_CANT_PERFORM;
+		DEBUG(0,(__location__ ": IRPC callback failed %s\n",
+			 nt_errstr(status)));
+	}
+
+	if (state->_r.l2ex != NULL) {
+		struct netr_LogonControl2Ex *r = state->_r.l2ex;
+		r->out.result = state->r.out.result;
+	} else if (state->_r.l2 != NULL) {
+		struct netr_LogonControl2 *r = state->_r.l2;
+		r->out.result = state->r.out.result;
+	} else if (state->_r.l != NULL) {
+		struct netr_LogonControl *r = state->_r.l;
+		r->out.result = state->r.out.result;
+	}
+
+	dcesrv_async_reply(state->dce_call);
+}
+
+/*
+  netr_LogonControl
+*/
+static WERROR dcesrv_netr_LogonControl(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct netr_LogonControl *r)
+{
+	struct dcesrv_netr_LogonControl_base_state *state;
+	WERROR werr;
+
+	state = talloc_zero(mem_ctx, struct dcesrv_netr_LogonControl_base_state);
+	if (state == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	state->dce_call = dce_call;
+	state->mem_ctx = mem_ctx;
+
+	state->r.in.logon_server = r->in.logon_server;
+	state->r.in.function_code = r->in.function_code;
+	state->r.in.level = r->in.level;
+	state->r.in.data = NULL;
+	state->r.out.query = r->out.query;
+
+	state->_r.l = r;
+
+	werr = dcesrv_netr_LogonControl_base_call(state);
+
+	if (dce_call->state_flags & DCESRV_CALL_STATE_FLAG_ASYNC) {
+		return werr;
+	}
+
+	return werr;
+}
+
+/*
+  netr_LogonControl2
+*/
+static WERROR dcesrv_netr_LogonControl2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct netr_LogonControl2 *r)
+{
+	struct dcesrv_netr_LogonControl_base_state *state;
+	WERROR werr;
+
+	state = talloc_zero(mem_ctx, struct dcesrv_netr_LogonControl_base_state);
+	if (state == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	state->dce_call = dce_call;
+	state->mem_ctx = mem_ctx;
+
+	state->r.in.logon_server = r->in.logon_server;
+	state->r.in.function_code = r->in.function_code;
+	state->r.in.level = r->in.level;
+	state->r.in.data = r->in.data;
+	state->r.out.query = r->out.query;
+
+	state->_r.l2 = r;
+
+	werr = dcesrv_netr_LogonControl_base_call(state);
+
+	if (dce_call->state_flags & DCESRV_CALL_STATE_FLAG_ASYNC) {
+		return werr;
+	}
+
+	return werr;
+}
+
+/*
+  netr_LogonControl2Ex
+*/
+static WERROR dcesrv_netr_LogonControl2Ex(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct netr_LogonControl2Ex *r)
+{
+	struct dcesrv_netr_LogonControl_base_state *state;
+	WERROR werr;
+
+	state = talloc_zero(mem_ctx, struct dcesrv_netr_LogonControl_base_state);
+	if (state == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	state->dce_call = dce_call;
+	state->mem_ctx = mem_ctx;
+
+	state->r = *r;
+	state->_r.l2ex = r;
+
+	werr = dcesrv_netr_LogonControl_base_call(state);
+
+	if (dce_call->state_flags & DCESRV_CALL_STATE_FLAG_ASYNC) {
+		return werr;
+	}
+
+	return werr;
+}
+
+static WERROR fill_trusted_domains_array(TALLOC_CTX *mem_ctx,
+					 struct ldb_context *sam_ctx,
+					 struct netr_DomainTrustList *trusts,
+					 uint32_t trust_flags);
+
+/*
+  netr_GetAnyDCName
+*/
+static WERROR dcesrv_netr_GetAnyDCName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct netr_GetAnyDCName *r)
+{
+	struct netr_DomainTrustList *trusts;
+	struct ldb_context *sam_ctx;
+	struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
+	uint32_t i;
+	WERROR werr;
+
+	*r->out.dcname = NULL;
+
+	if ((r->in.domainname == NULL) || (r->in.domainname[0] == '\0')) {
+		/* if the domainname parameter wasn't set assume our domain */
+		r->in.domainname = lpcfg_workgroup(lp_ctx);
+	}
+
+	sam_ctx = dcesrv_samdb_connect_as_user(mem_ctx, dce_call);
+	if (sam_ctx == NULL) {
+		return WERR_DS_UNAVAILABLE;
+	}
+
+	if (strcasecmp(r->in.domainname, lpcfg_workgroup(lp_ctx)) == 0) {
+		/* well we asked for a DC of our own domain */
+		if (samdb_is_pdc(sam_ctx)) {
+			/* we are the PDC of the specified domain */
+			return WERR_NO_SUCH_DOMAIN;
+		}
+
+		*r->out.dcname = talloc_asprintf(mem_ctx, "\\%s",
+						lpcfg_netbios_name(lp_ctx));
+		W_ERROR_HAVE_NO_MEMORY(*r->out.dcname);
+
+		return WERR_OK;
+	}
+
+	/* Okay, now we have to consider the trusted domains */
+
+	trusts = talloc_zero(mem_ctx, struct netr_DomainTrustList);
+	W_ERROR_HAVE_NO_MEMORY(trusts);
+
+	trusts->count = 0;
+
+	werr = fill_trusted_domains_array(mem_ctx, sam_ctx, trusts,
+					  NETR_TRUST_FLAG_INBOUND
+					  | NETR_TRUST_FLAG_OUTBOUND);
+	W_ERROR_NOT_OK_RETURN(werr);
+
+	for (i = 0; i < trusts->count; i++) {
+		if (strcasecmp(r->in.domainname, trusts->array[i].netbios_name) == 0) {
+			/* FIXME: Here we need to find a DC for the specified
+			 * trusted domain. */
+
+			/* return WERR_OK; */
+			return WERR_NO_SUCH_DOMAIN;
+		}
+	}
+
+	return WERR_NO_SUCH_DOMAIN;
+}
+
+
+/*
+  netr_DatabaseRedo
+*/
+static NTSTATUS dcesrv_netr_DatabaseRedo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct netr_DatabaseRedo *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  netr_NetrEnumerateTrustedDomains
+*/
+static NTSTATUS dcesrv_netr_NetrEnumerateTrustedDomains(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct netr_NetrEnumerateTrustedDomains *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  netr_LogonGetCapabilities
+*/
+static NTSTATUS dcesrv_netr_LogonGetCapabilities(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct netr_LogonGetCapabilities *r)
+{
+	struct netlogon_creds_CredentialState *creds;
+	NTSTATUS status;
+
+	switch (r->in.query_level) {
+	case 1:
+		break;
+	case 2:
+		/*
+		 * Until we know the details behind KB5028166
+		 * just return DCERPC_NCA_S_FAULT_INVALID_TAG
+		 * like an unpatched Windows Server.
+		 */
+		FALL_THROUGH;
+	default:
+		/*
+		 * There would not be a way to marshall the
+		 * the response. Which would mean our final
+		 * ndr_push would fail an we would return
+		 * an RPC-level fault with DCERPC_FAULT_BAD_STUB_DATA.
+		 *
+		 * But it's important to match a Windows server
+		 * especially before KB5028166, see also our bug #15418
+		 * Otherwise Windows client would stop talking to us.
+		 */
+		DCESRV_FAULT(DCERPC_NCA_S_FAULT_INVALID_TAG);
+	}
+
+	status = dcesrv_netr_creds_server_step_check(dce_call,
+						     mem_ctx,
+						     r->in.computer_name,
+						     r->in.credential,
+						     r->out.return_authenticator,
+						     &creds);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,(__location__ " Bad credentials - error\n"));
+	}
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	r->out.capabilities->server_capabilities = creds->negotiate_flags;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  netr_NETRLOGONSETSERVICEBITS
+*/
+static WERROR dcesrv_netr_NETRLOGONSETSERVICEBITS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct netr_NETRLOGONSETSERVICEBITS *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  netr_LogonGetTrustRid
+*/
+static WERROR dcesrv_netr_LogonGetTrustRid(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct netr_LogonGetTrustRid *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  netr_NETRLOGONCOMPUTESERVERDIGEST
+*/
+static WERROR dcesrv_netr_NETRLOGONCOMPUTESERVERDIGEST(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct netr_NETRLOGONCOMPUTESERVERDIGEST *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  netr_NETRLOGONCOMPUTECLIENTDIGEST
+*/
+static WERROR dcesrv_netr_NETRLOGONCOMPUTECLIENTDIGEST(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct netr_NETRLOGONCOMPUTECLIENTDIGEST *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+
+/*
+  netr_DsRGetSiteName
+*/
+static WERROR dcesrv_netr_DsRGetSiteName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				  struct netr_DsRGetSiteName *r)
+{
+	struct ldb_context *sam_ctx;
+
+	sam_ctx = dcesrv_samdb_connect_as_user(mem_ctx, dce_call);
+	if (sam_ctx == NULL) {
+		return WERR_DS_UNAVAILABLE;
+	}
+
+	/*
+	 * We assume to be a DC when we get called over NETLOGON. Hence we
+	 * get our site name always by using "samdb_server_site_name()"
+	 * and not "samdb_client_site_name()".
+	 */
+	*r->out.site = samdb_server_site_name(sam_ctx, mem_ctx);
+	W_ERROR_HAVE_NO_MEMORY(*r->out.site);
+
+	return WERR_OK;
+}
+
+
+/*
+  fill in a netr_OneDomainInfo from our own domain/forest
+*/
+static NTSTATUS fill_our_one_domain_info(TALLOC_CTX *mem_ctx,
+				const struct lsa_TrustDomainInfoInfoEx *our_tdo,
+				struct GUID domain_guid,
+				struct netr_OneDomainInfo *info,
+				bool is_trust_list)
+{
+	ZERO_STRUCTP(info);
+
+	if (is_trust_list) {
+		struct netr_trust_extension *te = NULL;
+		struct netr_trust_extension_info *tei = NULL;
+
+		/* w2k8 only fills this on trusted domains */
+		te = talloc_zero(mem_ctx, struct netr_trust_extension);
+		if (te == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		tei = &te->info;
+		tei->flags |= NETR_TRUST_FLAG_PRIMARY;
+
+		/*
+		 * We're always within a native forest
+		 */
+		tei->flags |= NETR_TRUST_FLAG_IN_FOREST;
+		tei->flags |= NETR_TRUST_FLAG_NATIVE;
+
+		/* For now we assume we're always the tree root */
+		tei->flags |= NETR_TRUST_FLAG_TREEROOT;
+		tei->parent_index = 0;
+
+		tei->trust_type = our_tdo->trust_type;
+		/*
+		 * This needs to be 0 instead of our_tdo->trust_attributes
+		 * It means LSA_TRUST_ATTRIBUTE_WITHIN_FOREST won't
+		 * be set, while NETR_TRUST_FLAG_IN_FOREST is set above.
+		 */
+		tei->trust_attributes = 0;
+
+		info->trust_extension.info = te;
+	}
+
+	if (is_trust_list) {
+		info->dns_domainname.string = our_tdo->domain_name.string;
+
+		/* MS-NRPC 3.5.4.3.9 - must be set to NULL for trust list */
+		info->dns_forestname.string = NULL;
+	} else {
+		info->dns_domainname.string = talloc_asprintf(mem_ctx, "%s.",
+						our_tdo->domain_name.string);
+		if (info->dns_domainname.string == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		info->dns_forestname.string = info->dns_domainname.string;
+	}
+
+	info->domainname.string = our_tdo->netbios_name.string;
+	info->domain_sid = our_tdo->sid;
+	info->domain_guid = domain_guid;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  fill in a netr_OneDomainInfo from a trust tdo
+*/
+static NTSTATUS fill_trust_one_domain_info(TALLOC_CTX *mem_ctx,
+				struct GUID domain_guid,
+				const struct lsa_TrustDomainInfoInfoEx *tdo,
+				struct netr_OneDomainInfo *info)
+{
+	struct netr_trust_extension *te = NULL;
+	struct netr_trust_extension_info *tei = NULL;
+
+	ZERO_STRUCTP(info);
+
+	/* w2k8 only fills this on trusted domains */
+	te = talloc_zero(mem_ctx, struct netr_trust_extension);
+	if (te == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	tei = &te->info;
+
+	if (tdo->trust_direction & LSA_TRUST_DIRECTION_INBOUND) {
+		tei->flags |= NETR_TRUST_FLAG_INBOUND;
+	}
+	if (tdo->trust_direction & LSA_TRUST_DIRECTION_OUTBOUND) {
+		tei->flags |= NETR_TRUST_FLAG_OUTBOUND;
+	}
+	if (tdo->trust_attributes & LSA_TRUST_ATTRIBUTE_WITHIN_FOREST) {
+		tei->flags |= NETR_TRUST_FLAG_IN_FOREST;
+	}
+
+	/*
+	 * TODO: once we support multiple domains within our forest,
+	 * we need to fill this correct (or let the caller do it
+	 * for all domains marked with NETR_TRUST_FLAG_IN_FOREST).
+	 */
+	tei->parent_index = 0;
+
+	tei->trust_type = tdo->trust_type;
+	tei->trust_attributes = tdo->trust_attributes;
+
+	info->trust_extension.info = te;
+
+	info->domainname.string = tdo->netbios_name.string;
+	if (tdo->trust_type != LSA_TRUST_TYPE_DOWNLEVEL) {
+		info->dns_domainname.string = tdo->domain_name.string;
+	} else {
+		info->dns_domainname.string = NULL;
+	}
+	info->domain_sid = tdo->sid;
+	info->domain_guid = domain_guid;
+
+	/* MS-NRPC 3.5.4.3.9 - must be set to NULL for trust list */
+	info->dns_forestname.string = NULL;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  netr_LogonGetDomainInfo
+  this is called as part of the ADS domain logon procedure.
+
+  It has an important role in convaying details about the client, such
+  as Operating System, Version, Service Pack etc.
+*/
+static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_call,
+	TALLOC_CTX *mem_ctx, struct netr_LogonGetDomainInfo *r)
+{
+	struct netlogon_creds_CredentialState *creds;
+	const char * const trusts_attrs[] = {
+		"securityIdentifier",
+		"flatName",
+		"trustPartner",
+		"trustAttributes",
+		"trustDirection",
+		"trustType",
+		NULL
+	};
+	const char * const attrs2[] = { "sAMAccountName", "dNSHostName",
+		"msDS-SupportedEncryptionTypes", NULL };
+	const char *sam_account_name, *old_dns_hostname;
+	struct ldb_context *sam_ctx;
+	const struct GUID *our_domain_guid = NULL;
+	struct lsa_TrustDomainInfoInfoEx *our_tdo = NULL;
+	struct ldb_message **res1, *new_msg;
+	struct ldb_result *trusts_res = NULL;
+	struct ldb_dn *workstation_dn;
+	struct netr_DomainInformation *domain_info;
+	struct netr_LsaPolicyInformation *lsa_policy_info;
+	struct auth_session_info *workstation_session_info = NULL;
+	uint32_t default_supported_enc_types = 0xFFFFFFFF;
+	bool update_dns_hostname = true;
+	int ret, i;
+	NTSTATUS status;
+
+	status = dcesrv_netr_creds_server_step_check(dce_call,
+						     mem_ctx,
+						     r->in.computer_name,
+						     r->in.credential,
+						     r->out.return_authenticator,
+						     &creds);
+	if (!NT_STATUS_IS_OK(status)) {
+		char* local  = NULL;
+		char* remote = NULL;
+		TALLOC_CTX *frame = talloc_stackframe();
+		remote = tsocket_address_string(dce_call->conn->remote_address,
+						frame);
+		local  = tsocket_address_string(dce_call->conn->local_address,
+						frame);
+		DBG_ERR("Bad credentials - "
+			"computer[%s] remote[%s] local[%s]\n",
+			log_escape(frame, r->in.computer_name),
+			remote,
+			local);
+		talloc_free(frame);
+	}
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	/* We want to avoid connecting as system. */
+	sam_ctx = dcesrv_samdb_connect_as_user(mem_ctx, dce_call);
+	if (sam_ctx == NULL) {
+		return NT_STATUS_INVALID_SYSTEM_SERVICE;
+	}
+
+	switch (r->in.level) {
+	case 1: /* Domain information */
+
+		if (r->in.query->workstation_info == NULL) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		/* Prepares the workstation DN */
+		workstation_dn = ldb_dn_new_fmt(mem_ctx, sam_ctx, "<SID=%s>",
+						dom_sid_string(mem_ctx, creds->sid));
+		NT_STATUS_HAVE_NO_MEMORY(workstation_dn);
+
+		/* Get the workstation's session info from the database. */
+		status = authsam_get_session_info_principal(mem_ctx,
+							    dce_call->conn->dce_ctx->lp_ctx,
+							    sam_ctx,
+							    NULL, /* principal */
+							    workstation_dn,
+							    0, /* session_info_flags */
+							    &workstation_session_info);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+
+		/*
+		 * Reconnect to samdb as the workstation, now that we have its
+		 * session info. We do this so the database update can be
+		 * attributed to the workstation account in the audit logs --
+		 * otherwise it might be incorrectly attributed to
+		 * SID_NT_ANONYMOUS.
+		 */
+		sam_ctx = dcesrv_samdb_connect_session_info(mem_ctx,
+							    dce_call,
+							    workstation_session_info,
+							    workstation_session_info);
+		if (sam_ctx == NULL) {
+			return NT_STATUS_INVALID_SYSTEM_SERVICE;
+		}
+
+		/* Lookup for attributes in workstation object */
+		ret = gendb_search_dn(sam_ctx, mem_ctx, workstation_dn, &res1,
+				      attrs2);
+		if (ret != 1) {
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+
+		/* Gets the sam account name which is checked against the DNS
+		 * hostname parameter. */
+		sam_account_name = ldb_msg_find_attr_as_string(res1[0],
+							       "sAMAccountName",
+							       NULL);
+		if (sam_account_name == NULL) {
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+
+		if (r->in.query->workstation_info->dns_hostname == NULL) {
+			update_dns_hostname = false;
+		}
+
+		/* Gets the old DNS hostname */
+		old_dns_hostname = ldb_msg_find_attr_as_string(res1[0],
+							       "dNSHostName",
+							       NULL);
+
+		/*
+		 * Updates the DNS hostname when the client wishes that the
+		 * server should handle this for him
+		 * ("NETR_WS_FLAG_HANDLES_SPN_UPDATE" not set).
+		 * See MS-NRPC section 3.5.4.3.9
+		 */
+		if ((r->in.query->workstation_info->workstation_flags
+		    & NETR_WS_FLAG_HANDLES_SPN_UPDATE) != 0) {
+			update_dns_hostname = false;
+		}
+
+		/* Gets host information and put them into our directory */
+
+		new_msg = ldb_msg_new(mem_ctx);
+		NT_STATUS_HAVE_NO_MEMORY(new_msg);
+
+		new_msg->dn = workstation_dn;
+
+		/* Sets the OS name */
+
+		if (r->in.query->workstation_info->os_name.string == NULL) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		ret = ldb_msg_add_string(new_msg, "operatingSystem",
+					 r->in.query->workstation_info->os_name.string);
+		if (ret != LDB_SUCCESS) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		/*
+		 * Sets information from "os_version". On an empty structure
+		 * the values are cleared.
+		 */
+		if (r->in.query->workstation_info->os_version.os != NULL) {
+			struct netr_OsVersionInfoEx *os_version;
+			const char *os_version_str;
+
+			os_version = &r->in.query->workstation_info->os_version.os->os;
+
+			if (os_version->CSDVersion == NULL) {
+				return NT_STATUS_INVALID_PARAMETER;
+			}
+
+			os_version_str = talloc_asprintf(new_msg, "%u.%u (%u)",
+							 os_version->MajorVersion,
+							 os_version->MinorVersion,
+							 os_version->BuildNumber);
+			NT_STATUS_HAVE_NO_MEMORY(os_version_str);
+
+			if (strlen(os_version->CSDVersion) != 0) {
+				ret = ldb_msg_add_string(new_msg,
+							 "operatingSystemServicePack",
+							 os_version->CSDVersion);
+			} else {
+				ret = samdb_msg_add_delete(sam_ctx, mem_ctx, new_msg,
+							   "operatingSystemServicePack");
+			}
+			if (ret != LDB_SUCCESS) {
+				return NT_STATUS_NO_MEMORY;
+			}
+
+			ret = ldb_msg_add_string(new_msg,
+						 "operatingSystemVersion",
+						 os_version_str);
+			if (ret != LDB_SUCCESS) {
+				return NT_STATUS_NO_MEMORY;
+			}
+		} else {
+			ret = samdb_msg_add_delete(sam_ctx, mem_ctx, new_msg,
+						   "operatingSystemServicePack");
+			if (ret != LDB_SUCCESS) {
+				return NT_STATUS_NO_MEMORY;
+			}
+
+			ret = samdb_msg_add_delete(sam_ctx, mem_ctx, new_msg,
+						   "operatingSystemVersion");
+			if (ret != LDB_SUCCESS) {
+				return NT_STATUS_NO_MEMORY;
+			}
+		}
+
+		/*
+		 * If the boolean "update_dns_hostname" remained true, then we
+		 * are fine to start the update.
+		 */
+		if (update_dns_hostname) {
+			ret = ldb_msg_add_string(new_msg,
+						 "dNSHostname",
+						 r->in.query->workstation_info->dns_hostname);
+			if (ret != LDB_SUCCESS) {
+				return NT_STATUS_NO_MEMORY;
+			}
+
+			/* This manual "servicePrincipalName" generation is
+			 * still needed! Since the update in the samldb LDB
+			 * module does only work if the entries already exist
+			 * which isn't always the case. */
+			ret = ldb_msg_add_string(new_msg,
+						 "servicePrincipalName",
+						 talloc_asprintf(new_msg, "HOST/%s",
+						 r->in.computer_name));
+			if (ret != LDB_SUCCESS) {
+				return NT_STATUS_NO_MEMORY;
+			}
+
+			ret = ldb_msg_add_string(new_msg,
+						 "servicePrincipalName",
+						 talloc_asprintf(new_msg, "HOST/%s",
+						 r->in.query->workstation_info->dns_hostname));
+			if (ret != LDB_SUCCESS) {
+				return NT_STATUS_NO_MEMORY;
+			}
+		}
+
+		if (dsdb_replace(sam_ctx, new_msg, DSDB_FLAG_FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE) != LDB_SUCCESS) {
+			DEBUG(3,("Impossible to update samdb: %s\n",
+				ldb_errstring(sam_ctx)));
+		}
+
+		talloc_free(new_msg);
+
+		/* Writes back the domain information */
+
+		our_domain_guid = samdb_domain_guid(sam_ctx);
+		if (our_domain_guid == NULL) {
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+
+		status = dsdb_trust_local_tdo_info(mem_ctx, sam_ctx, &our_tdo);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+
+		status = dsdb_trust_search_tdos(sam_ctx,
+						NULL, /* exclude */
+						trusts_attrs,
+						mem_ctx,
+						&trusts_res);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+
+		domain_info = talloc(mem_ctx, struct netr_DomainInformation);
+		NT_STATUS_HAVE_NO_MEMORY(domain_info);
+
+		ZERO_STRUCTP(domain_info);
+
+		/* Information about the local and trusted domains */
+
+		status = fill_our_one_domain_info(mem_ctx,
+						  our_tdo,
+						  *our_domain_guid,
+						  &domain_info->primary_domain,
+						  false);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+
+		domain_info->trusted_domain_count = trusts_res->count + 1;
+		domain_info->trusted_domains = talloc_zero_array(mem_ctx,
+			struct netr_OneDomainInfo,
+			domain_info->trusted_domain_count);
+		NT_STATUS_HAVE_NO_MEMORY(domain_info->trusted_domains);
+
+		for (i=0; i < trusts_res->count; i++) {
+			struct netr_OneDomainInfo *o =
+				&domain_info->trusted_domains[i];
+			/* we can't know the guid of trusts outside our forest */
+			struct GUID trust_domain_guid = GUID_zero();
+			struct lsa_TrustDomainInfoInfoEx *tdo = NULL;
+
+			status = dsdb_trust_parse_tdo_info(mem_ctx,
+							   trusts_res->msgs[i],
+							   &tdo);
+			if (!NT_STATUS_IS_OK(status)) {
+				return status;
+			}
+
+			status = fill_trust_one_domain_info(mem_ctx,
+							    trust_domain_guid,
+							    tdo,
+							    o);
+			if (!NT_STATUS_IS_OK(status)) {
+				return status;
+			}
+		}
+
+		status = fill_our_one_domain_info(mem_ctx,
+						  our_tdo,
+						  *our_domain_guid,
+						  &domain_info->trusted_domains[i],
+						  true);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+
+		/* Sets the supported encryption types */
+		domain_info->supported_enc_types = ldb_msg_find_attr_as_uint(res1[0],
+			"msDS-SupportedEncryptionTypes",
+			default_supported_enc_types);
+
+		/* Other host domain information */
+
+		lsa_policy_info = talloc(mem_ctx,
+			struct netr_LsaPolicyInformation);
+		NT_STATUS_HAVE_NO_MEMORY(lsa_policy_info);
+		ZERO_STRUCTP(lsa_policy_info);
+
+		domain_info->lsa_policy = *lsa_policy_info;
+
+		/* The DNS hostname is only returned back when there is a chance
+		 * for a change. */
+		if ((r->in.query->workstation_info->workstation_flags
+		    & NETR_WS_FLAG_HANDLES_SPN_UPDATE) != 0) {
+			domain_info->dns_hostname.string = old_dns_hostname;
+		} else {
+			domain_info->dns_hostname.string = NULL;
+		}
+
+		domain_info->workstation_flags =
+			r->in.query->workstation_info->workstation_flags & (
+			NETR_WS_FLAG_HANDLES_SPN_UPDATE | NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS);
+
+		r->out.info->domain_info = domain_info;
+	break;
+	case 2: /* LSA policy information - not used at the moment */
+		lsa_policy_info = talloc(mem_ctx,
+			struct netr_LsaPolicyInformation);
+		NT_STATUS_HAVE_NO_MEMORY(lsa_policy_info);
+		ZERO_STRUCTP(lsa_policy_info);
+
+		r->out.info->lsa_policy_info = lsa_policy_info;
+	break;
+	default:
+		return NT_STATUS_INVALID_LEVEL;
+	break;
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  netr_ServerPasswordGet
+*/
+static NTSTATUS dcesrv_netr_ServerPasswordGet(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct netr_ServerPasswordGet *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+static bool sam_rodc_access_check(struct ldb_context *sam_ctx,
+				  TALLOC_CTX *mem_ctx,
+				  struct dom_sid *user_sid,
+				  struct ldb_dn *obj_dn)
+{
+	const char *rodc_attrs[] = { "msDS-NeverRevealGroup",
+				     "msDS-RevealOnDemandGroup",
+				     "userAccountControl",
+				     NULL };
+	const char *obj_attrs[] = { "tokenGroups", "objectSid", "UserAccountControl", "msDS-KrbTgtLinkBL", NULL };
+	struct ldb_dn *rodc_dn;
+	int ret;
+	struct ldb_result *rodc_res = NULL, *obj_res = NULL;
+	WERROR werr;
+
+	rodc_dn = ldb_dn_new_fmt(mem_ctx, sam_ctx, "<SID=%s>",
+				 dom_sid_string(mem_ctx, user_sid));
+	if (!ldb_dn_validate(rodc_dn)) goto denied;
+
+	/*
+	 * do the two searches we need
+	 * We need DSDB_SEARCH_SHOW_EXTENDED_DN as we get a SID list
+	 * out of the extended DNs
+	 */
+	ret = dsdb_search_dn(sam_ctx, mem_ctx, &rodc_res, rodc_dn, rodc_attrs,
+			     DSDB_SEARCH_SHOW_EXTENDED_DN);
+	if (ret != LDB_SUCCESS || rodc_res->count != 1) goto denied;
+
+	ret = dsdb_search_dn(sam_ctx, mem_ctx, &obj_res, obj_dn, obj_attrs, 0);
+	if (ret != LDB_SUCCESS || obj_res->count != 1) goto denied;
+
+	werr = samdb_confirm_rodc_allowed_to_repl_to(sam_ctx,
+						     user_sid,
+						     rodc_res->msgs[0],
+						     obj_res->msgs[0]);
+
+	if (W_ERROR_IS_OK(werr)) {
+		goto allowed;
+	}
+denied:
+	return false;
+allowed:
+	return true;
+
+}
+
+/*
+  netr_NetrLogonSendToSam
+*/
+static NTSTATUS dcesrv_netr_NetrLogonSendToSam(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+					       struct netr_NetrLogonSendToSam *r)
+{
+	struct netlogon_creds_CredentialState *creds;
+	struct ldb_context *sam_ctx;
+	NTSTATUS nt_status;
+	DATA_BLOB decrypted_blob;
+	enum ndr_err_code ndr_err;
+	struct netr_SendToSamBase base_msg = { 0 };
+
+	nt_status = dcesrv_netr_creds_server_step_check(dce_call,
+							mem_ctx,
+							r->in.computer_name,
+							r->in.credential,
+							r->out.return_authenticator,
+							&creds);
+
+	NT_STATUS_NOT_OK_RETURN(nt_status);
+
+	switch (creds->secure_channel_type) {
+	case SEC_CHAN_BDC:
+	case SEC_CHAN_RODC:
+		break;
+	case SEC_CHAN_WKSTA:
+	case SEC_CHAN_DNS_DOMAIN:
+	case SEC_CHAN_DOMAIN:
+	case SEC_CHAN_NULL:
+		return NT_STATUS_INVALID_PARAMETER;
+	default:
+		DEBUG(1, ("Client asked for an invalid secure channel type: %d\n",
+			  creds->secure_channel_type));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	sam_ctx = dcesrv_samdb_connect_as_system(mem_ctx, dce_call);
+	if (sam_ctx == NULL) {
+		return NT_STATUS_INVALID_SYSTEM_SERVICE;
+	}
+
+	/* Buffer is meant to be 16-bit aligned */
+	if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+		nt_status = netlogon_creds_aes_decrypt(creds,
+						       r->in.opaque_buffer,
+						       r->in.buffer_len);
+	} else {
+		nt_status = netlogon_creds_arcfour_crypt(creds,
+							 r->in.opaque_buffer,
+							 r->in.buffer_len);
+	}
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		return nt_status;
+	}
+
+	decrypted_blob.data = r->in.opaque_buffer;
+	decrypted_blob.length = r->in.buffer_len;
+
+	ndr_err = ndr_pull_struct_blob(&decrypted_blob, mem_ctx, &base_msg,
+				       (ndr_pull_flags_fn_t)ndr_pull_netr_SendToSamBase);
+
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		/* We only partially implement SendToSam */
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	/* Now 'send' to SAM */
+	switch (base_msg.message_type) {
+	case SendToSamResetBadPasswordCount:
+	{
+		struct ldb_message *msg = ldb_msg_new(mem_ctx);
+		struct ldb_dn *dn = NULL;
+		int ret = 0;
+
+
+		ret = ldb_transaction_start(sam_ctx);
+		if (ret != LDB_SUCCESS) {
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+
+		ret = dsdb_find_dn_by_guid(sam_ctx,
+					   mem_ctx,
+					   &base_msg.message.reset_bad_password.guid,
+					   0,
+					   &dn);
+		if (ret != LDB_SUCCESS) {
+			ldb_transaction_cancel(sam_ctx);
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		if (creds->secure_channel_type == SEC_CHAN_RODC &&
+		    !sam_rodc_access_check(sam_ctx, mem_ctx, creds->sid, dn)) {
+			DEBUG(1, ("Client asked to reset bad password on "
+				  "an arbitrary user: %s\n",
+				  ldb_dn_get_linearized(dn)));
+			ldb_transaction_cancel(sam_ctx);
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		msg->dn = dn;
+
+		ret = samdb_msg_add_int(sam_ctx, mem_ctx, msg, "badPwdCount", 0);
+		if (ret != LDB_SUCCESS) {
+			ldb_transaction_cancel(sam_ctx);
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		ret = dsdb_replace(sam_ctx, msg, 0);
+		if (ret != LDB_SUCCESS) {
+			ldb_transaction_cancel(sam_ctx);
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		ret = ldb_transaction_commit(sam_ctx);
+		if (ret != LDB_SUCCESS) {
+			ldb_transaction_cancel(sam_ctx);
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+
+		break;
+	}
+	default:
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	return NT_STATUS_OK;
+}
+
+struct dcesrv_netr_DsRGetDCName_base_state {
+	struct dcesrv_call_state *dce_call;
+	TALLOC_CTX *mem_ctx;
+
+	struct netr_DsRGetDCNameEx2 r;
+	const char *client_site;
+
+	struct {
+		struct netr_DsRGetDCName *dc;
+		struct netr_DsRGetDCNameEx *dcex;
+		struct netr_DsRGetDCNameEx2 *dcex2;
+	} _r;
+};
+
+static void dcesrv_netr_DsRGetDCName_base_done(struct tevent_req *subreq);
+
+/* Returns a nonzero value if multiple bits in 'val' are set. */
+static bool multiple_bits_set(uint32_t val)
+{
+	/*
+	 * Subtracting one from an integer has the effect of flipping all the
+	 * bits from the least significant bit up to and including the least
+	 * significant '1' bit. For example,
+	 *
+	 *   0b101000 - 1
+	 * = 0b100111
+	 *       ====
+	 *
+	 * If 'val' is zero, all the bits will be flipped and thus the bitwise
+	 * AND of 'val' with 'val - 1' will be zero.
+	 *
+	 * If the integer is nonzero, the least significant '1' bit will be
+	 * ANDed with a '0' bit and so will be reset in the final result, but
+	 * all other '1' bits will remain set. In other words, the effect of
+	 * this expression is to mask off the least significant bit that is
+	 * set. Therefore iff the result of 'val & (val - 1)' is non-zero, 'val'
+	 * must contain multiple set bits.
+	 */
+	return val & (val - 1);
+}
+
+static WERROR dcesrv_netr_DsRGetDCName_base_call(struct dcesrv_netr_DsRGetDCName_base_state *state)
+{
+	struct dcesrv_call_state *dce_call = state->dce_call;
+	struct imessaging_context *imsg_ctx =
+		dcesrv_imessaging_context(dce_call->conn);
+	TALLOC_CTX *mem_ctx = state->mem_ctx;
+	struct netr_DsRGetDCNameEx2 *r = &state->r;
+	struct ldb_context *sam_ctx;
+	struct netr_DsRGetDCNameInfo *info;
+	struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
+	const struct tsocket_address *local_address;
+	char *local_addr = NULL;
+	const struct tsocket_address *remote_address;
+	char *remote_addr = NULL;
+	const char *server_site_name;
+	char *guid_str;
+	struct netlogon_samlogon_response response;
+	NTSTATUS status;
+	const char *dc_name = NULL;
+	const char *domain_name = NULL;
+	const char *pdc_ip;
+	bool different_domain = true;
+	bool force_remote_lookup = false;
+	uint32_t valid_flags;
+	uint32_t this_dc_valid_flags;
+	int dc_level;
+
+	ZERO_STRUCTP(r->out.info);
+
+	sam_ctx = dcesrv_samdb_connect_as_user(mem_ctx, dce_call);
+	if (sam_ctx == NULL) {
+		return WERR_DS_UNAVAILABLE;
+	}
+
+	local_address = dcesrv_connection_get_local_address(dce_call->conn);
+	if (tsocket_address_is_inet(local_address, "ip")) {
+		local_addr = tsocket_address_inet_addr_string(local_address, state);
+		W_ERROR_HAVE_NO_MEMORY(local_addr);
+	}
+
+	remote_address = dcesrv_connection_get_remote_address(dce_call->conn);
+	if (tsocket_address_is_inet(remote_address, "ip")) {
+		remote_addr = tsocket_address_inet_addr_string(remote_address, state);
+		W_ERROR_HAVE_NO_MEMORY(remote_addr);
+	}
+
+	/* "server_unc" is ignored by w2k3 */
+
+	/*
+	 * With the following flags:
+	 * DS_FORCE_REDISCOVERY (Flag A)
+	 * DS_DIRECTORY_SERVICE_REQUIRED (Flag B)
+	 * DS_DIRECTORY_SERVICE_PREFERRED (Flag C)
+	 * DS_GC_SERVER_REQUIRED (Flag D)
+	 * DS_PDC_REQUIRED (Flag E)
+	 * DS_BACKGROUND_ONLY (Flag F)
+	 * DS_IP_REQUIRED (Flag G)
+	 * DS_KDC_REQUIRED (Flag H)
+	 * DS_TIMESERV_REQUIRED (Flag I)
+	 * DS_WRITABLE_REQUIRED (Flag J)
+	 * DS_GOOD_TIMESERV_PREFERRED (Flag K)
+	 * DS_AVOID_SELF (Flag L)
+	 * DS_ONLY_LDAP_NEEDED (Flag M)
+	 * DS_IS_FLAT_NAME (Flag N)
+	 * DS_IS_DNS_NAME (Flag O)
+	 * DS_TRY_NEXTCLOSEST_SITE (Flag P)
+	 * DS_DIRECTORY_SERVICE_6_REQUIRED  (Flag Q)
+	 * DS_WEB_SERVICE_REQUIRED (Flag T)
+	 * DS_DIRECTORY_SERVICE_8_REQUIRED  (Flag U)
+	 * DS_DIRECTORY_SERVICE_9_REQUIRED  (Flag V)
+	 * DS_DIRECTORY_SERVICE_10_REQUIRED (Flag W)
+	 * DS_RETURN_DNS_NAME (Flag R)
+	 * DS_RETURN_FLAT_NAME (Flag S)
+	 *
+	 * MS-NRPC 3.5.4.3.1 says:
+	 * ...
+	 * On receiving this call, the server MUST perform the following Flags
+	 * parameter validations:
+	 * - Flags D, E, and H MUST NOT be combined with each other.
+	 * - Flag N MUST NOT be combined with the O flag.
+	 * - Flag R MUST NOT be combined with the S flag.
+	 * - Flags B, Q, U, V, and W MUST NOT be combined with each other.
+	 * - Flag K MUST NOT be combined with any of the flags: B, C, D, E, or H.
+	 * - Flag P MUST NOT be set when the SiteName parameter is provided.
+	 * The server MUST return ERROR_INVALID_FLAGS for any of the previously
+	 * mentioned conflicting combinations.
+	 * ...
+	 */
+
+	valid_flags = DSGETDC_VALID_FLAGS;
+
+	if (r->in.flags & ~valid_flags) {
+		/*
+		 * TODO: add tests to prove this (maybe based on the
+		 * msDS-Behavior-Version levels of dc, domain and/or forest
+		 */
+		return WERR_INVALID_FLAGS;
+	}
+
+	/* Flags D, E, and H MUST NOT be combined with each other. */
+#define _DEH (DS_GC_SERVER_REQUIRED|DS_PDC_REQUIRED|DS_KDC_REQUIRED)
+	if (multiple_bits_set(r->in.flags & _DEH)) {
+		return WERR_INVALID_FLAGS;
+	}
+
+	/* Flag N MUST NOT be combined with the O flag. */
+	if (r->in.flags & DS_IS_FLAT_NAME &&
+	    r->in.flags & DS_IS_DNS_NAME) {
+		return WERR_INVALID_FLAGS;
+	}
+
+	/* Flag R MUST NOT be combined with the S flag. */
+	if (r->in.flags & DS_RETURN_DNS_NAME &&
+	    r->in.flags & DS_RETURN_FLAT_NAME) {
+		return WERR_INVALID_FLAGS;
+	}
+
+	/* Flags B, Q, U, V, and W MUST NOT be combined with each other */
+#define _BQUVW ( \
+	DS_DIRECTORY_SERVICE_REQUIRED | \
+	DS_DIRECTORY_SERVICE_6_REQUIRED | \
+	DS_DIRECTORY_SERVICE_8_REQUIRED | \
+	DS_DIRECTORY_SERVICE_9_REQUIRED | \
+	DS_DIRECTORY_SERVICE_10_REQUIRED | \
+0)
+	if (multiple_bits_set(r->in.flags & _BQUVW)) {
+		return WERR_INVALID_FLAGS;
+	}
+
+	/*
+	 * Flag K MUST NOT be combined with any of the flags:
+	 * B, C, D, E, or H.
+	 */
+	if (r->in.flags & DS_GOOD_TIMESERV_PREFERRED &&
+	    r->in.flags &
+	    (DS_DIRECTORY_SERVICE_REQUIRED |
+	     DS_DIRECTORY_SERVICE_PREFERRED |
+	     DS_GC_SERVER_REQUIRED |
+	     DS_PDC_REQUIRED |
+	     DS_KDC_REQUIRED)) {
+		return WERR_INVALID_FLAGS;
+	}
+
+	/* Flag P MUST NOT be set when the SiteName parameter is provided. */
+	if (r->in.flags & DS_TRY_NEXTCLOSEST_SITE &&
+	    r->in.site_name) {
+		return WERR_INVALID_FLAGS;
+	}
+
+	/*
+	 * If we send an all-zero GUID, we should ignore it as winbind actually
+	 * checks it with a DNS query. Windows also appears to ignore it.
+	 */
+	if (r->in.domain_guid != NULL && GUID_all_zero(r->in.domain_guid)) {
+		r->in.domain_guid = NULL;
+	}
+
+	/* Attempt winbind search only if we suspect the domain is incorrect */
+	if (r->in.domain_name != NULL && strcmp("", r->in.domain_name) != 0) {
+		if (r->in.flags & DS_IS_FLAT_NAME) {
+			if (strcasecmp_m(r->in.domain_name,
+					 lpcfg_sam_name(lp_ctx)) == 0) {
+				different_domain = false;
+			}
+		} else if (r->in.flags & DS_IS_DNS_NAME) {
+			if (strcasecmp_m(r->in.domain_name,
+					 lpcfg_dnsdomain(lp_ctx)) == 0) {
+				different_domain = false;
+			}
+		} else {
+			if (strcasecmp_m(r->in.domain_name,
+					 lpcfg_sam_name(lp_ctx)) == 0 ||
+			    strcasecmp_m(r->in.domain_name,
+					 lpcfg_dnsdomain(lp_ctx)) == 0) {
+				different_domain = false;
+			}
+		}
+	} else {
+		/*
+		 * We need to be able to handle empty domain names, where we
+		 * revert to our domain by default.
+		 */
+		different_domain = false;
+	}
+
+	if (!different_domain) {
+		dc_level = dsdb_dc_functional_level(sam_ctx);
+
+		/*
+		 * Do not return a local response if we do not support the
+		 * functional level or feature (eg web services)
+		 */
+		this_dc_valid_flags = valid_flags;
+
+		/* Samba does not implement this */
+		this_dc_valid_flags &= ~DS_WEB_SERVICE_REQUIRED;
+
+		if (dc_level < DS_DOMAIN_FUNCTION_2012) {
+			this_dc_valid_flags &= ~DS_DIRECTORY_SERVICE_8_REQUIRED;
+		}
+		if (dc_level < DS_DOMAIN_FUNCTION_2012_R2) {
+			this_dc_valid_flags &= ~DS_DIRECTORY_SERVICE_9_REQUIRED;
+		}
+		if (dc_level < DS_DOMAIN_FUNCTION_2016) {
+			this_dc_valid_flags &= ~DS_DIRECTORY_SERVICE_10_REQUIRED;
+		}
+		if (r->in.flags & ~this_dc_valid_flags) {
+			DBG_INFO("Forcing remote lookup to find another DC "
+				 "in this domain %s with more features, "
+				 "as this Samba DC is Functional level %d but flags are 0x08%x\n",
+				 r->in.domain_name, dc_level, (unsigned int)r->in.flags);
+			force_remote_lookup = true;
+		}
+	}
+
+	/* Proof server site parameter "site_name" if it was specified */
+	server_site_name = samdb_server_site_name(sam_ctx, state);
+	W_ERROR_HAVE_NO_MEMORY(server_site_name);
+	if (force_remote_lookup
+	    || different_domain
+	    || (r->in.site_name != NULL &&
+		(strcasecmp_m(r->in.site_name,
+			      server_site_name) != 0))) {
+
+		struct dcerpc_binding_handle *irpc_handle = NULL;
+		struct tevent_req *subreq = NULL;
+
+		/*
+		 * Retrieve the client site to override the winbind response.
+		 *
+		 * DO NOT use Windows fallback for client site.
+		 * In the case of multiple domains, this is plainly wrong.
+		 *
+		 * Note: It's possible that the client may belong to multiple
+		 * subnets across domains. It's not clear what this would mean,
+		 * but here we only return what this domain knows.
+		 */
+		state->client_site = samdb_client_site_name(sam_ctx,
+							    state,
+							    remote_addr,
+							    NULL,
+							    false);
+
+		irpc_handle = irpc_binding_handle_by_name(state,
+							  imsg_ctx,
+							  "winbind_server",
+							  &ndr_table_winbind);
+		if (irpc_handle == NULL) {
+			DEBUG(0,("Failed to get binding_handle for "
+				 "winbind_server task\n"));
+			dce_call->fault_code = DCERPC_FAULT_CANT_PERFORM;
+			return WERR_SERVICE_NOT_FOUND;
+		}
+
+		dcerpc_binding_handle_set_timeout(irpc_handle, 60);
+
+		dce_call->state_flags |= DCESRV_CALL_STATE_FLAG_ASYNC;
+
+		subreq = dcerpc_wbint_DsGetDcName_send(state,
+						       dce_call->event_ctx,
+						       irpc_handle,
+						       r->in.domain_name,
+						       r->in.domain_guid,
+						       r->in.site_name,
+						       r->in.flags,
+						       r->out.info);
+		if (subreq == NULL) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+
+		tevent_req_set_callback(subreq,
+					dcesrv_netr_DsRGetDCName_base_done,
+					state);
+
+		return WERR_OK;
+	}
+
+	guid_str = r->in.domain_guid != NULL ?
+		 GUID_string(state, r->in.domain_guid) : NULL;
+
+	status = fill_netlogon_samlogon_response(sam_ctx, mem_ctx,
+						 r->in.domain_name,
+						 r->in.domain_name,
+						 NULL, guid_str,
+						 r->in.client_account,
+						 r->in.mask, remote_addr,
+						 NETLOGON_NT_VERSION_5EX_WITH_IP,
+						 lp_ctx, &response, true);
+	if (!NT_STATUS_IS_OK(status)) {
+		return ntstatus_to_werror(status);
+	}
+
+	/*
+	 * According to MS-NRPC 2.2.1.2.1 we should set the "DS_DNS_FOREST_ROOT"
+	 * (O) flag when the returned forest name is in DNS format. This is here
+	 * always the case (see below).
+	 */
+	response.data.nt5_ex.server_type |= DS_DNS_FOREST_ROOT;
+
+	if (r->in.flags & DS_RETURN_DNS_NAME) {
+		dc_name = response.data.nt5_ex.pdc_dns_name;
+		domain_name = response.data.nt5_ex.dns_domain;
+		/*
+		 * According to MS-NRPC 2.2.1.2.1 we should set the
+		 * "DS_DNS_CONTROLLER" (M) and "DS_DNS_DOMAIN" (N) flags when
+		 * the returned information is in DNS form.
+		 */
+		response.data.nt5_ex.server_type |=
+			DS_DNS_CONTROLLER | DS_DNS_DOMAIN;
+	} else if (r->in.flags & DS_RETURN_FLAT_NAME) {
+		dc_name = response.data.nt5_ex.pdc_name;
+		domain_name = response.data.nt5_ex.domain_name;
+	} else {
+
+		/*
+		 * TODO: autodetect what we need to return
+		 * based on the given arguments
+		 */
+		dc_name = response.data.nt5_ex.pdc_name;
+		domain_name = response.data.nt5_ex.domain_name;
+	}
+
+	if (!dc_name || !dc_name[0]) {
+		return WERR_NO_SUCH_DOMAIN;
+	}
+
+	if (!domain_name || !domain_name[0]) {
+		return WERR_NO_SUCH_DOMAIN;
+	}
+
+	info = talloc(mem_ctx, struct netr_DsRGetDCNameInfo);
+	W_ERROR_HAVE_NO_MEMORY(info);
+	info->dc_unc = talloc_asprintf(mem_ctx, "%s%s",
+			dc_name[0] != '\\'? "\\\\":"",
+			talloc_strdup(mem_ctx, dc_name));
+	W_ERROR_HAVE_NO_MEMORY(info->dc_unc);
+
+	pdc_ip = local_addr;
+	if (pdc_ip == NULL) {
+		pdc_ip = "127.0.0.1";
+	}
+	info->dc_address = talloc_asprintf(mem_ctx, "\\\\%s", pdc_ip);
+	W_ERROR_HAVE_NO_MEMORY(info->dc_address);
+	info->dc_address_type  = DS_ADDRESS_TYPE_INET;
+	info->domain_guid      = response.data.nt5_ex.domain_uuid;
+	info->domain_name      = domain_name;
+	info->forest_name      = response.data.nt5_ex.forest;
+	info->dc_flags         = response.data.nt5_ex.server_type;
+	if (r->in.flags & DS_RETURN_DNS_NAME) {
+		/* As MS-NRPC.pdf in 2.2.1.2.1 the DS_DNS_CONTROLLER flag should be
+		 * returned if we are returning info->dc_unc containing a FQDN.
+		 * This attribute is called DomainControllerName in the specs,
+		 * it seems that we decide to return FQDN or netbios depending on
+		 * DS_RETURN_DNS_NAME.
+		 */
+		info->dc_flags |= DS_DNS_CONTROLLER;
+	}
+	info->dc_site_name     = response.data.nt5_ex.server_site;
+	info->client_site_name = response.data.nt5_ex.client_site;
+
+	*r->out.info = info;
+
+	return WERR_OK;
+}
+
+static void dcesrv_netr_DsRGetDCName_base_done(struct tevent_req *subreq)
+{
+	struct dcesrv_netr_DsRGetDCName_base_state *state =
+		tevent_req_callback_data(subreq,
+		struct dcesrv_netr_DsRGetDCName_base_state);
+	struct dcesrv_call_state *dce_call = state->dce_call;
+	NTSTATUS result, status;
+
+	status = dcerpc_wbint_DsGetDcName_recv(subreq,
+					       state->mem_ctx,
+					       &result);
+	TALLOC_FREE(subreq);
+
+	if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
+		state->r.out.result = WERR_TIMEOUT;
+		goto finished;
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		DBG_ERR(__location__ ": IRPC callback failed %s\n",
+			nt_errstr(status));
+		state->r.out.result = WERR_GEN_FAILURE;
+		goto finished;
+	}
+
+	if (!NT_STATUS_IS_OK(result)) {
+		DBG_NOTICE("DC location via winbind failed - %s\n",
+			   nt_errstr(result));
+		state->r.out.result = WERR_NO_SUCH_DOMAIN;
+		goto finished;
+	}
+
+	if (state->r.out.info == NULL || state->r.out.info[0] == NULL) {
+		DBG_ERR("DC location via winbind returned no results\n");
+		state->r.out.result = WERR_GEN_FAILURE;
+		goto finished;
+	}
+
+	if (state->r.out.info[0]->dc_unc == NULL) {
+		DBG_ERR("DC location via winbind returned no DC unc\n");
+		state->r.out.result = WERR_GEN_FAILURE;
+		goto finished;
+	}
+
+	/*
+	 * Either the supplied site name is NULL (possibly via
+	 * TRY_NEXT_CLOSEST_SITE) or the resulting site name matches
+	 * the input match name.
+	 *
+	 * TODO: Currently this means that requests with NETBIOS domain
+	 * names can fail because they do not return the site name.
+	 */
+	if (state->r.in.site_name == NULL ||
+	    strcasecmp_m("", state->r.in.site_name) == 0 ||
+	    (state->r.out.info[0]->dc_site_name != NULL &&
+	     strcasecmp_m(state->r.out.info[0]->dc_site_name,
+			  state->r.in.site_name) == 0)) {
+
+		state->r.out.info[0]->client_site_name =
+			talloc_move(state->mem_ctx, &state->client_site);
+
+		/*
+		 * Make sure to return our DC UNC with // prefix.
+		 * Winbind currently doesn't send the leading slashes
+		 * for some reason.
+		 */
+		if (strlen(state->r.out.info[0]->dc_unc) > 2 &&
+		    strncmp("\\\\", state->r.out.info[0]->dc_unc, 2) != 0) {
+			const char *dc_unc = NULL;
+
+			dc_unc = talloc_asprintf(state->mem_ctx,
+						 "\\\\%s",
+						 state->r.out.info[0]->dc_unc);
+			state->r.out.info[0]->dc_unc = dc_unc;
+		}
+
+		state->r.out.result = WERR_OK;
+	} else {
+		state->r.out.info = NULL;
+		state->r.out.result = WERR_NO_SUCH_DOMAIN;
+	}
+
+finished:
+	if (state->_r.dcex2 != NULL) {
+		struct netr_DsRGetDCNameEx2 *r = state->_r.dcex2;
+		r->out.result = state->r.out.result;
+	} else if (state->_r.dcex != NULL) {
+		struct netr_DsRGetDCNameEx *r = state->_r.dcex;
+		r->out.result = state->r.out.result;
+	} else if (state->_r.dc != NULL) {
+		struct netr_DsRGetDCName *r = state->_r.dc;
+		r->out.result = state->r.out.result;
+	}
+
+	TALLOC_FREE(state);
+	dcesrv_async_reply(dce_call);
+}
+
+/*
+  netr_DsRGetDCNameEx2
+*/
+static WERROR dcesrv_netr_DsRGetDCNameEx2(struct dcesrv_call_state *dce_call,
+					  TALLOC_CTX *mem_ctx,
+					  struct netr_DsRGetDCNameEx2 *r)
+{
+	struct dcesrv_netr_DsRGetDCName_base_state *state;
+
+	state = talloc_zero(mem_ctx, struct dcesrv_netr_DsRGetDCName_base_state);
+	if (state == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	state->dce_call = dce_call;
+	state->mem_ctx = mem_ctx;
+
+	state->r = *r;
+	state->_r.dcex2 = r;
+
+	return dcesrv_netr_DsRGetDCName_base_call(state);
+}
+
+/*
+  netr_DsRGetDCNameEx
+*/
+static WERROR dcesrv_netr_DsRGetDCNameEx(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				  struct netr_DsRGetDCNameEx *r)
+{
+	struct dcesrv_netr_DsRGetDCName_base_state *state;
+
+	state = talloc_zero(mem_ctx, struct dcesrv_netr_DsRGetDCName_base_state);
+	if (state == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	state->dce_call = dce_call;
+	state->mem_ctx = mem_ctx;
+
+	state->r.in.server_unc = r->in.server_unc;
+	state->r.in.client_account = NULL;
+	state->r.in.mask = 0;
+	state->r.in.domain_guid = r->in.domain_guid;
+	state->r.in.domain_name = r->in.domain_name;
+	state->r.in.site_name = r->in.site_name;
+	state->r.in.flags = r->in.flags;
+	state->r.out.info = r->out.info;
+
+	state->_r.dcex = r;
+
+	return dcesrv_netr_DsRGetDCName_base_call(state);
+}
+
+/*
+ * netr_DsRGetDCName
+ *
+ * This function is a predecessor to DsrGetDcNameEx2 according to [MS-NRPC].
+ * Although it has a site-guid parameter, the documentation 3.5.4.3.3 DsrGetDcName
+ * insists that it be ignored.
+ */
+static WERROR dcesrv_netr_DsRGetDCName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				       struct netr_DsRGetDCName *r)
+{
+	struct dcesrv_netr_DsRGetDCName_base_state *state;
+
+	state = talloc_zero(mem_ctx, struct dcesrv_netr_DsRGetDCName_base_state);
+	if (state == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	state->dce_call = dce_call;
+	state->mem_ctx = mem_ctx;
+
+	state->r.in.server_unc = r->in.server_unc;
+	state->r.in.client_account = NULL;
+	state->r.in.mask = 0;
+	state->r.in.domain_name = r->in.domain_name;
+	state->r.in.domain_guid = r->in.domain_guid;
+
+	state->r.in.site_name = NULL; /* this is correct, we should ignore site GUID */
+	state->r.in.flags = r->in.flags;
+	state->r.out.info = r->out.info;
+
+	state->_r.dc = r;
+
+	return dcesrv_netr_DsRGetDCName_base_call(state);
+}
+/*
+  netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN
+*/
+static WERROR dcesrv_netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  netr_NetrEnumerateTrustedDomainsEx
+*/
+static WERROR dcesrv_netr_NetrEnumerateTrustedDomainsEx(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct netr_NetrEnumerateTrustedDomainsEx *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  netr_DsRAddressToSitenamesExW
+*/
+static WERROR dcesrv_netr_DsRAddressToSitenamesExW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+						   struct netr_DsRAddressToSitenamesExW *r)
+{
+	struct ldb_context *sam_ctx;
+	struct netr_DsRAddressToSitenamesExWCtr *ctr;
+	sa_family_t sin_family;
+	struct sockaddr_in *addr;
+#ifdef HAVE_IPV6
+	struct sockaddr_in6 *addr6;
+	char addr_str[INET6_ADDRSTRLEN];
+#else
+	char addr_str[INET_ADDRSTRLEN];
+#endif
+	char *subnet_name;
+	const char *res;
+	uint32_t i;
+
+	sam_ctx = dcesrv_samdb_connect_as_user(mem_ctx, dce_call);
+	if (sam_ctx == NULL) {
+		return WERR_DS_UNAVAILABLE;
+	}
+
+	ctr = talloc(mem_ctx, struct netr_DsRAddressToSitenamesExWCtr);
+	W_ERROR_HAVE_NO_MEMORY(ctr);
+
+	*r->out.ctr = ctr;
+
+	ctr->count = r->in.count;
+	ctr->sitename = talloc_array(ctr, struct lsa_String, ctr->count);
+	W_ERROR_HAVE_NO_MEMORY(ctr->sitename);
+	ctr->subnetname = talloc_array(ctr, struct lsa_String, ctr->count);
+	W_ERROR_HAVE_NO_MEMORY(ctr->subnetname);
+
+	for (i=0; i<ctr->count; i++) {
+		ctr->sitename[i].string = NULL;
+		ctr->subnetname[i].string = NULL;
+
+		if (r->in.addresses[i].size < sizeof(sa_family_t)) {
+			continue;
+		}
+		/* The first two byte of the buffer are reserved for the
+		 * "sin_family" but for now only the first one is used. */
+		sin_family = r->in.addresses[i].buffer[0];
+
+		switch (sin_family) {
+		case AF_INET:
+			if (r->in.addresses[i].size < sizeof(struct sockaddr_in)) {
+				continue;
+			}
+			addr = (struct sockaddr_in *) r->in.addresses[i].buffer;
+			res = inet_ntop(AF_INET, &addr->sin_addr,
+					addr_str, sizeof(addr_str));
+			break;
+#ifdef HAVE_IPV6
+		case AF_INET6:
+			if (r->in.addresses[i].size < sizeof(struct sockaddr_in6)) {
+				continue;
+			}
+			addr6 = (struct sockaddr_in6 *) r->in.addresses[i].buffer;
+			res = inet_ntop(AF_INET6, &addr6->sin6_addr,
+					addr_str, sizeof(addr_str));
+			break;
+#endif
+		default:
+			continue;
+		}
+
+		if (res == NULL) {
+			continue;
+		}
+
+		ctr->sitename[i].string   = samdb_client_site_name(sam_ctx,
+								   mem_ctx,
+								   addr_str,
+								   &subnet_name,
+								   true);
+		W_ERROR_HAVE_NO_MEMORY(ctr->sitename[i].string);
+		ctr->subnetname[i].string = subnet_name;
+	}
+
+	return WERR_OK;
+}
+
+
+/*
+  netr_DsRAddressToSitenamesW
+*/
+static WERROR dcesrv_netr_DsRAddressToSitenamesW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct netr_DsRAddressToSitenamesW *r)
+{
+	struct netr_DsRAddressToSitenamesExW r2;
+	struct netr_DsRAddressToSitenamesWCtr *ctr;
+	uint32_t i;
+	WERROR werr;
+
+	ZERO_STRUCT(r2);
+
+	r2.in.server_name = r->in.server_name;
+	r2.in.count = r->in.count;
+	r2.in.addresses = r->in.addresses;
+
+	r2.out.ctr = talloc(mem_ctx, struct netr_DsRAddressToSitenamesExWCtr *);
+	W_ERROR_HAVE_NO_MEMORY(r2.out.ctr);
+
+	ctr = talloc(mem_ctx, struct netr_DsRAddressToSitenamesWCtr);
+	W_ERROR_HAVE_NO_MEMORY(ctr);
+
+	*r->out.ctr = ctr;
+
+	ctr->count = r->in.count;
+	ctr->sitename = talloc_array(ctr, struct lsa_String, ctr->count);
+	W_ERROR_HAVE_NO_MEMORY(ctr->sitename);
+
+	werr = dcesrv_netr_DsRAddressToSitenamesExW(dce_call, mem_ctx, &r2);
+
+	for (i=0; i<ctr->count; i++) {
+		ctr->sitename[i].string   = (*r2.out.ctr)->sitename[i].string;
+	}
+
+	return werr;
+}
+
+
+/*
+  netr_DsrGetDcSiteCoverageW
+*/
+static WERROR dcesrv_netr_DsrGetDcSiteCoverageW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct netr_DsrGetDcSiteCoverageW *r)
+{
+	struct ldb_context *sam_ctx;
+	struct DcSitesCtr *ctr;
+
+	sam_ctx = dcesrv_samdb_connect_as_user(mem_ctx, dce_call);
+	if (sam_ctx == NULL) {
+		return WERR_DS_UNAVAILABLE;
+	}
+
+	ctr = talloc(mem_ctx, struct DcSitesCtr);
+	W_ERROR_HAVE_NO_MEMORY(ctr);
+
+	*r->out.ctr = ctr;
+
+	/* For now only return our default site */
+	ctr->num_sites = 1;
+	ctr->sites = talloc_array(ctr, struct lsa_String, ctr->num_sites);
+	W_ERROR_HAVE_NO_MEMORY(ctr->sites);
+	ctr->sites[0].string = samdb_server_site_name(sam_ctx, mem_ctx);
+	W_ERROR_HAVE_NO_MEMORY(ctr->sites[0].string);
+
+	return WERR_OK;
+}
+
+
+static WERROR fill_trusted_domains_array(TALLOC_CTX *mem_ctx,
+					 struct ldb_context *sam_ctx,
+					 struct netr_DomainTrustList *trusts,
+					 uint32_t trust_flags)
+{
+	struct ldb_dn *system_dn;
+	struct ldb_message **dom_res = NULL;
+	const char *trust_attrs[] = { "flatname", "trustPartner",
+				      "securityIdentifier", "trustDirection",
+				      "trustType", "trustAttributes", NULL };
+	uint32_t n;
+	int i;
+	int ret;
+
+	if (!(trust_flags & (NETR_TRUST_FLAG_INBOUND |
+			     NETR_TRUST_FLAG_OUTBOUND))) {
+		return WERR_INVALID_FLAGS;
+	}
+
+	system_dn = samdb_system_container_dn(sam_ctx, mem_ctx);
+	if (system_dn == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	ret = gendb_search(sam_ctx, mem_ctx, system_dn,
+			   &dom_res, trust_attrs,
+			   "(objectclass=trustedDomain)");
+
+	for (i = 0; i < ret; i++) {
+		unsigned int trust_dir;
+		uint32_t flags = 0;
+
+		trust_dir = ldb_msg_find_attr_as_uint(dom_res[i],
+						      "trustDirection", 0);
+
+		if (trust_dir & LSA_TRUST_DIRECTION_INBOUND) {
+			flags |= NETR_TRUST_FLAG_INBOUND;
+		}
+		if (trust_dir & LSA_TRUST_DIRECTION_OUTBOUND) {
+			flags |= NETR_TRUST_FLAG_OUTBOUND;
+		}
+
+		if (!(flags & trust_flags)) {
+			/* this trust direction was not requested */
+			continue;
+		}
+
+		n = trusts->count;
+		trusts->array = talloc_realloc(trusts, trusts->array,
+					       struct netr_DomainTrust,
+					       n + 1);
+		W_ERROR_HAVE_NO_MEMORY(trusts->array);
+
+		trusts->array[n].netbios_name = talloc_steal(trusts->array, ldb_msg_find_attr_as_string(dom_res[i], "flatname", NULL));
+		if (!trusts->array[n].netbios_name) {
+			DEBUG(0, ("DB Error, TrustedDomain entry (%s) "
+				  "without flatname\n", 
+				  ldb_dn_get_linearized(dom_res[i]->dn)));
+		}
+
+		trusts->array[n].trust_flags = flags;
+		if ((trust_flags & NETR_TRUST_FLAG_IN_FOREST) &&
+		    !(flags & NETR_TRUST_FLAG_TREEROOT)) {
+			/* TODO: find if we have parent in the list */
+			trusts->array[n].parent_index = 0;
+		}
+
+		trusts->array[n].trust_type =
+				ldb_msg_find_attr_as_uint(dom_res[i],
+						  "trustType", 0);
+		trusts->array[n].trust_attributes =
+				ldb_msg_find_attr_as_uint(dom_res[i],
+						  "trustAttributes", 0);
+
+		if (trusts->array[n].trust_type != LSA_TRUST_TYPE_DOWNLEVEL) {
+			trusts->array[n].dns_name = talloc_steal(
+				trusts->array,
+				ldb_msg_find_attr_as_string(dom_res[i],
+							    "trustPartner",
+							    NULL));
+		} else {
+			trusts->array[n].dns_name = NULL;
+		}
+
+		if ((trusts->array[n].trust_type == LSA_TRUST_TYPE_MIT) ||
+		    (trusts->array[n].trust_type == LSA_TRUST_TYPE_DCE)) {
+			struct dom_sid zero_sid;
+			ZERO_STRUCT(zero_sid);
+			trusts->array[n].sid =
+				dom_sid_dup(trusts, &zero_sid);
+		} else {
+			trusts->array[n].sid =
+				samdb_result_dom_sid(trusts, dom_res[i],
+						     "securityIdentifier");
+		}
+		trusts->array[n].guid = GUID_zero();
+
+		trusts->count = n + 1;
+	}
+
+	talloc_free(dom_res);
+	return WERR_OK;
+}
+
+/*
+  netr_DsrEnumerateDomainTrusts
+*/
+static WERROR dcesrv_netr_DsrEnumerateDomainTrusts(struct dcesrv_call_state *dce_call,
+						   TALLOC_CTX *mem_ctx,
+						   struct netr_DsrEnumerateDomainTrusts *r)
+{
+	struct netr_DomainTrustList *trusts;
+	struct ldb_context *sam_ctx;
+	int ret;
+	struct ldb_message **dom_res;
+	const char * const dom_attrs[] = { "objectSid", "objectGUID", NULL };
+	struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
+	const char *dnsdomain = lpcfg_dnsdomain(lp_ctx);
+	const char *p;
+	WERROR werr;
+
+	if (r->in.trust_flags & 0xFFFFFE00) {
+		return WERR_INVALID_FLAGS;
+	}
+
+	/* TODO: turn to hard check once we are sure this is 100% correct */
+	if (!r->in.server_name) {
+		DEBUG(3, ("Invalid domain! Expected name in domain [%s]. "
+			  "But received NULL!\n", dnsdomain));
+	} else {
+		p = strchr(r->in.server_name, '.');
+		if (!p) {
+			DEBUG(3, ("Invalid domain! Expected name in domain "
+				  "[%s]. But received [%s]!\n",
+				  dnsdomain, r->in.server_name));
+			p = r->in.server_name;
+		} else {
+			p++;
+                }
+	        if (strcasecmp(p, dnsdomain)) {
+			DEBUG(3, ("Invalid domain! Expected name in domain "
+				  "[%s]. But received [%s]!\n",
+				  dnsdomain, r->in.server_name));
+		}
+	}
+
+	trusts = talloc_zero(mem_ctx, struct netr_DomainTrustList);
+	W_ERROR_HAVE_NO_MEMORY(trusts);
+
+	trusts->count = 0;
+	r->out.trusts = trusts;
+
+	sam_ctx = dcesrv_samdb_connect_as_user(mem_ctx, dce_call);
+	if (sam_ctx == NULL) {
+		return WERR_GEN_FAILURE;
+	}
+
+	if ((r->in.trust_flags & NETR_TRUST_FLAG_INBOUND) ||
+	    (r->in.trust_flags & NETR_TRUST_FLAG_OUTBOUND)) {
+
+		werr = fill_trusted_domains_array(mem_ctx, sam_ctx,
+						  trusts, r->in.trust_flags);
+		W_ERROR_NOT_OK_RETURN(werr);
+	}
+
+	/* NOTE: we currently are always the root of the forest */
+	if (r->in.trust_flags & NETR_TRUST_FLAG_IN_FOREST) {
+		uint32_t n = trusts->count;
+
+		ret = gendb_search_dn(sam_ctx, mem_ctx, NULL,
+				      &dom_res, dom_attrs);
+		if (ret != 1) {
+			return WERR_GEN_FAILURE;
+		}
+
+		trusts->count = n + 1;
+		trusts->array = talloc_realloc(trusts, trusts->array,
+					       struct netr_DomainTrust,
+					       trusts->count);
+		W_ERROR_HAVE_NO_MEMORY(trusts->array);
+
+		trusts->array[n].netbios_name = lpcfg_workgroup(lp_ctx);
+		trusts->array[n].dns_name = lpcfg_dnsdomain(lp_ctx);
+		trusts->array[n].trust_flags =
+			NETR_TRUST_FLAG_NATIVE |
+			NETR_TRUST_FLAG_TREEROOT |
+			NETR_TRUST_FLAG_IN_FOREST |
+			NETR_TRUST_FLAG_PRIMARY;
+		/* we are always the root domain for now */
+		trusts->array[n].parent_index = 0;
+		trusts->array[n].trust_type = LSA_TRUST_TYPE_UPLEVEL;
+		trusts->array[n].trust_attributes = 0;
+		trusts->array[n].sid = samdb_result_dom_sid(mem_ctx,
+							    dom_res[0],
+							    "objectSid");
+		trusts->array[n].guid = samdb_result_guid(dom_res[0],
+							  "objectGUID");
+		talloc_free(dom_res);
+	}
+
+	return WERR_OK;
+}
+
+
+/*
+  netr_DsrDeregisterDNSHostRecords
+*/
+static WERROR dcesrv_netr_DsrDeregisterDNSHostRecords(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct netr_DsrDeregisterDNSHostRecords *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+static NTSTATUS dcesrv_netr_ServerGetTrustInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct netr_ServerGetTrustInfo *r);
+
+/*
+  netr_ServerTrustPasswordsGet
+*/
+static NTSTATUS dcesrv_netr_ServerTrustPasswordsGet(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct netr_ServerTrustPasswordsGet *r)
+{
+	struct netr_ServerGetTrustInfo r2 = {};
+	struct netr_TrustInfo *_ti = NULL;
+	NTSTATUS status;
+
+	r2.in.server_name = r->in.server_name;
+	r2.in.account_name = r->in.account_name;
+	r2.in.secure_channel_type = r->in.secure_channel_type;
+	r2.in.computer_name = r->in.computer_name;
+	r2.in.credential = r->in.credential;
+
+	r2.out.return_authenticator = r->out.return_authenticator;
+	r2.out.new_owf_password = r->out.new_owf_password;
+	r2.out.old_owf_password = r->out.old_owf_password;
+	r2.out.trust_info = &_ti;
+
+	status = dcesrv_netr_ServerGetTrustInfo(dce_call, mem_ctx, &r2);
+
+	r->out.return_authenticator = r2.out.return_authenticator;
+	r->out.new_owf_password = r2.out.new_owf_password;
+	r->out.old_owf_password = r2.out.old_owf_password;
+
+	return status;
+}
+
+/*
+  netr_DsRGetForestTrustInformation
+*/
+struct dcesrv_netr_DsRGetForestTrustInformation_state {
+	struct dcesrv_call_state *dce_call;
+	TALLOC_CTX *mem_ctx;
+	struct netr_DsRGetForestTrustInformation *r;
+};
+
+static void dcesrv_netr_DsRGetForestTrustInformation_done(struct tevent_req *subreq);
+
+static WERROR dcesrv_netr_DsRGetForestTrustInformation(struct dcesrv_call_state *dce_call,
+						       TALLOC_CTX *mem_ctx,
+						       struct netr_DsRGetForestTrustInformation *r)
+{
+	struct auth_session_info *session_info =
+		dcesrv_call_session_info(dce_call);
+	struct imessaging_context *imsg_ctx =
+		dcesrv_imessaging_context(dce_call->conn);
+	enum security_user_level security_level;
+	struct ldb_context *sam_ctx = NULL;
+	struct dcesrv_netr_DsRGetForestTrustInformation_state *state = NULL;
+	struct dcerpc_binding_handle *irpc_handle = NULL;
+	struct tevent_req *subreq = NULL;
+	struct ldb_dn *domain_dn = NULL;
+	struct ldb_dn *forest_dn = NULL;
+	int cmp;
+	int forest_level;
+
+	security_level = security_session_user_level(session_info, NULL);
+	if (security_level < SECURITY_USER) {
+		return WERR_ACCESS_DENIED;
+	}
+
+	if (r->in.flags & 0xFFFFFFFE) {
+		return WERR_INVALID_FLAGS;
+	}
+
+	sam_ctx = dcesrv_samdb_connect_as_user(mem_ctx, dce_call);
+	if (sam_ctx == NULL) {
+		return WERR_GEN_FAILURE;
+	}
+
+	domain_dn = ldb_get_default_basedn(sam_ctx);
+	if (domain_dn == NULL) {
+		return WERR_GEN_FAILURE;
+	}
+
+	forest_dn = ldb_get_root_basedn(sam_ctx);
+	if (forest_dn == NULL) {
+		return WERR_GEN_FAILURE;
+	}
+
+	cmp = ldb_dn_compare(domain_dn, forest_dn);
+	if (cmp != 0) {
+		return WERR_NERR_ACFNOTLOADED;
+	}
+
+	forest_level = dsdb_forest_functional_level(sam_ctx);
+	if (forest_level < DS_DOMAIN_FUNCTION_2003) {
+		return WERR_INVALID_FUNCTION;
+	}
+
+	if (r->in.flags & DS_GFTI_UPDATE_TDO) {
+		if (!samdb_is_pdc(sam_ctx)) {
+			return WERR_NERR_NOTPRIMARY;
+		}
+
+		if (r->in.trusted_domain_name == NULL) {
+			return WERR_INVALID_FLAGS;
+		}
+	}
+
+	if (r->in.trusted_domain_name == NULL) {
+		NTSTATUS status;
+
+		/*
+		 * information about our own domain
+		 */
+		status = dsdb_trust_xref_forest_info(mem_ctx, sam_ctx,
+						r->out.forest_trust_info);
+		if (!NT_STATUS_IS_OK(status)) {
+			return ntstatus_to_werror(status);
+		}
+
+		return WERR_OK;
+	}
+
+	/*
+	 * Forward the request to winbindd
+	 */
+
+	state = talloc_zero(mem_ctx,
+			struct dcesrv_netr_DsRGetForestTrustInformation_state);
+	if (state == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+	state->dce_call = dce_call;
+	state->mem_ctx = mem_ctx;
+	state->r = r;
+
+	irpc_handle = irpc_binding_handle_by_name(state,
+						  imsg_ctx,
+						  "winbind_server",
+						  &ndr_table_winbind);
+	if (irpc_handle == NULL) {
+		DEBUG(0,("Failed to get binding_handle for winbind_server task\n"));
+		state->dce_call->fault_code = DCERPC_FAULT_CANT_PERFORM;
+		return WERR_SERVICE_NOT_FOUND;
+	}
+
+	/*
+	 * 60 seconds timeout should be enough
+	 */
+	dcerpc_binding_handle_set_timeout(irpc_handle, 60);
+
+	subreq = dcerpc_winbind_GetForestTrustInformation_send(state,
+						state->dce_call->event_ctx,
+						irpc_handle,
+						r->in.trusted_domain_name,
+						r->in.flags,
+						r->out.forest_trust_info);
+	if (subreq == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+	state->dce_call->state_flags |= DCESRV_CALL_STATE_FLAG_ASYNC;
+	tevent_req_set_callback(subreq,
+				dcesrv_netr_DsRGetForestTrustInformation_done,
+				state);
+
+	return WERR_OK;
+}
+
+static void dcesrv_netr_DsRGetForestTrustInformation_done(struct tevent_req *subreq)
+{
+	struct dcesrv_netr_DsRGetForestTrustInformation_state *state =
+		tevent_req_callback_data(subreq,
+		struct dcesrv_netr_DsRGetForestTrustInformation_state);
+	NTSTATUS status;
+
+	status = dcerpc_winbind_GetForestTrustInformation_recv(subreq,
+							state->mem_ctx,
+							&state->r->out.result);
+	TALLOC_FREE(subreq);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
+		state->r->out.result = WERR_TIMEOUT;
+	} else if (!NT_STATUS_IS_OK(status)) {
+		state->dce_call->fault_code = DCERPC_FAULT_CANT_PERFORM;
+		DEBUG(0,(__location__ ": IRPC callback failed %s\n",
+			 nt_errstr(status)));
+	}
+
+	dcesrv_async_reply(state->dce_call);
+}
+
+/*
+  netr_GetForestTrustInformation
+*/
+static NTSTATUS dcesrv_netr_GetForestTrustInformation(struct dcesrv_call_state *dce_call,
+						      TALLOC_CTX *mem_ctx,
+						      struct netr_GetForestTrustInformation *r)
+{
+	struct netlogon_creds_CredentialState *creds = NULL;
+	struct ldb_context *sam_ctx = NULL;
+	struct ldb_dn *domain_dn = NULL;
+	struct ldb_dn *forest_dn = NULL;
+	int cmp;
+	int forest_level;
+	NTSTATUS status;
+
+	status = dcesrv_netr_creds_server_step_check(dce_call,
+						     mem_ctx,
+						     r->in.computer_name,
+						     r->in.credential,
+						     r->out.return_authenticator,
+						     &creds);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if ((creds->secure_channel_type != SEC_CHAN_DNS_DOMAIN) &&
+	    (creds->secure_channel_type != SEC_CHAN_DOMAIN)) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	sam_ctx = dcesrv_samdb_connect_as_user(mem_ctx, dce_call);
+	if (sam_ctx == NULL) {
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	/* TODO: check r->in.server_name is our name */
+
+	domain_dn = ldb_get_default_basedn(sam_ctx);
+	if (domain_dn == NULL) {
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	forest_dn = ldb_get_root_basedn(sam_ctx);
+	if (forest_dn == NULL) {
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	cmp = ldb_dn_compare(domain_dn, forest_dn);
+	if (cmp != 0) {
+		return NT_STATUS_INVALID_DOMAIN_STATE;
+	}
+
+	forest_level = dsdb_forest_functional_level(sam_ctx);
+	if (forest_level < DS_DOMAIN_FUNCTION_2003) {
+		return NT_STATUS_INVALID_DOMAIN_STATE;
+	}
+
+	status = dsdb_trust_xref_forest_info(mem_ctx, sam_ctx,
+					     r->out.forest_trust_info);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  netr_ServerGetTrustInfo
+*/
+static NTSTATUS dcesrv_netr_ServerGetTrustInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct netr_ServerGetTrustInfo *r)
+{
+	struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
+	struct netlogon_creds_CredentialState *creds = NULL;
+	struct ldb_context *sam_ctx = NULL;
+	const char * const attrs[] = {
+		"unicodePwd",
+		"sAMAccountName",
+		"userAccountControl",
+		NULL
+	};
+	struct ldb_message **res = NULL;
+	struct samr_Password *curNtHash = NULL, *prevNtHash = NULL;
+	NTSTATUS nt_status;
+	int ret;
+	const char *asid = NULL;
+	uint32_t uac = 0;
+	const char *aname = NULL;
+	struct ldb_message *tdo_msg = NULL;
+	const char * const tdo_attrs[] = {
+		"trustAuthIncoming",
+		"trustAttributes",
+		NULL
+	};
+	struct netr_TrustInfo *trust_info = NULL;
+
+	ZERO_STRUCTP(r->out.new_owf_password);
+	ZERO_STRUCTP(r->out.old_owf_password);
+
+	nt_status = dcesrv_netr_creds_server_step_check(dce_call,
+							mem_ctx,
+							r->in.computer_name,
+							r->in.credential,
+							r->out.return_authenticator,
+							&creds);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		return nt_status;
+	}
+
+	/* TODO: check r->in.server_name is our name */
+
+	if (strcasecmp_m(r->in.account_name, creds->account_name) != 0) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (r->in.secure_channel_type != creds->secure_channel_type) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (strcasecmp_m(r->in.computer_name, creds->computer_name) != 0) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	sam_ctx = dcesrv_samdb_connect_as_system(mem_ctx, dce_call);
+	if (sam_ctx == NULL) {
+		return NT_STATUS_INVALID_SYSTEM_SERVICE;
+	}
+
+	asid = ldap_encode_ndr_dom_sid(mem_ctx, creds->sid);
+	if (asid == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ret = gendb_search(sam_ctx, mem_ctx, NULL, &res, attrs,
+			   "(&(objectClass=user)(objectSid=%s))",
+			   asid);
+	if (ret != 1) {
+		return NT_STATUS_ACCOUNT_DISABLED;
+	}
+
+	switch (creds->secure_channel_type) {
+	case SEC_CHAN_DNS_DOMAIN:
+	case SEC_CHAN_DOMAIN:
+		uac = ldb_msg_find_attr_as_uint(res[0], "userAccountControl", 0);
+
+		if (uac & UF_ACCOUNTDISABLE) {
+			return NT_STATUS_ACCOUNT_DISABLED;
+		}
+
+		if (!(uac & UF_INTERDOMAIN_TRUST_ACCOUNT)) {
+			return NT_STATUS_ACCOUNT_DISABLED;
+		}
+
+		aname = ldb_msg_find_attr_as_string(res[0], "sAMAccountName", NULL);
+		if (aname == NULL) {
+			return NT_STATUS_ACCOUNT_DISABLED;
+		}
+
+		nt_status = dsdb_trust_search_tdo_by_type(sam_ctx,
+						SEC_CHAN_DOMAIN, aname,
+						tdo_attrs, mem_ctx, &tdo_msg);
+		if (NT_STATUS_EQUAL(nt_status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+			return NT_STATUS_ACCOUNT_DISABLED;
+		}
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			return nt_status;
+		}
+
+		nt_status = dsdb_trust_get_incoming_passwords(tdo_msg, mem_ctx,
+							      &curNtHash,
+							      &prevNtHash);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			return nt_status;
+		}
+
+		trust_info = talloc_zero(mem_ctx, struct netr_TrustInfo);
+		if (trust_info == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		trust_info->count = 1;
+		trust_info->data = talloc_array(trust_info, uint32_t,
+						trust_info->count);
+		if (trust_info->data == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		trust_info->data[0] = ldb_msg_find_attr_as_uint(tdo_msg,
+							"trustAttributes",
+							0);
+		break;
+
+	default:
+		nt_status = samdb_result_passwords_no_lockout(mem_ctx, lp_ctx,
+							      res[0],
+							      &curNtHash);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			return nt_status;
+		}
+
+		prevNtHash = talloc(mem_ctx, struct samr_Password);
+		if (prevNtHash == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		E_md4hash("", prevNtHash->hash);
+		break;
+	}
+
+	if (curNtHash != NULL) {
+		*r->out.new_owf_password = *curNtHash;
+		nt_status = netlogon_creds_des_encrypt(creds, r->out.new_owf_password);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			return nt_status;
+		}
+	}
+	if (prevNtHash != NULL) {
+		*r->out.old_owf_password = *prevNtHash;
+		nt_status = netlogon_creds_des_encrypt(creds, r->out.old_owf_password);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			return nt_status;
+		}
+	}
+
+	if (trust_info != NULL) {
+		*r->out.trust_info = trust_info;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  netr_Unused47
+*/
+static NTSTATUS dcesrv_netr_Unused47(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				     struct netr_Unused47 *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+struct netr_dnsupdate_RODC_state {
+	struct dcesrv_call_state *dce_call;
+	struct netr_DsrUpdateReadOnlyServerDnsRecords *r;
+	struct dnsupdate_RODC *r2;
+};
+
+/*
+  called when the forwarded RODC dns update request is finished
+ */
+static void netr_dnsupdate_RODC_callback(struct tevent_req *subreq)
+{
+	struct netr_dnsupdate_RODC_state *st =
+		tevent_req_callback_data(subreq,
+					 struct netr_dnsupdate_RODC_state);
+	NTSTATUS status;
+
+	status = dcerpc_dnsupdate_RODC_r_recv(subreq, st->dce_call);
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,(__location__ ": IRPC callback failed %s\n", nt_errstr(status)));
+		st->dce_call->fault_code = DCERPC_FAULT_CANT_PERFORM;
+	}
+
+	st->r->out.dns_names = talloc_steal(st->dce_call, st->r2->out.dns_names);
+
+	dcesrv_async_reply(st->dce_call);
+}
+
+/*
+  netr_DsrUpdateReadOnlyServerDnsRecords
+*/
+static NTSTATUS dcesrv_netr_DsrUpdateReadOnlyServerDnsRecords(struct dcesrv_call_state *dce_call,
+							      TALLOC_CTX *mem_ctx,
+							      struct netr_DsrUpdateReadOnlyServerDnsRecords *r)
+{
+	struct netlogon_creds_CredentialState *creds;
+	NTSTATUS nt_status;
+	struct dcerpc_binding_handle *binding_handle;
+	struct netr_dnsupdate_RODC_state *st;
+	struct tevent_req *subreq;
+	struct imessaging_context *imsg_ctx =
+		dcesrv_imessaging_context(dce_call->conn);
+
+	nt_status = dcesrv_netr_creds_server_step_check(dce_call,
+							mem_ctx,
+							r->in.computer_name,
+							r->in.credential,
+							r->out.return_authenticator,
+							&creds);
+	NT_STATUS_NOT_OK_RETURN(nt_status);
+
+	if (creds->secure_channel_type != SEC_CHAN_RODC) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	st = talloc_zero(mem_ctx, struct netr_dnsupdate_RODC_state);
+	NT_STATUS_HAVE_NO_MEMORY(st);
+
+	st->dce_call = dce_call;
+	st->r = r;
+	st->r2 = talloc_zero(st, struct dnsupdate_RODC);
+	NT_STATUS_HAVE_NO_MEMORY(st->r2);
+
+	st->r2->in.dom_sid = creds->sid;
+	st->r2->in.site_name = r->in.site_name;
+	st->r2->in.dns_ttl = r->in.dns_ttl;
+	st->r2->in.dns_names = r->in.dns_names;
+	st->r2->out.dns_names = r->out.dns_names;
+
+	binding_handle = irpc_binding_handle_by_name(st,
+						     imsg_ctx,
+						     "dnsupdate",
+						     &ndr_table_irpc);
+	if (binding_handle == NULL) {
+		DEBUG(0,("Failed to get binding_handle for dnsupdate task\n"));
+		dce_call->fault_code = DCERPC_FAULT_CANT_PERFORM;
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	/* forward the call */
+	subreq = dcerpc_dnsupdate_RODC_r_send(st, dce_call->event_ctx,
+					      binding_handle, st->r2);
+	NT_STATUS_HAVE_NO_MEMORY(subreq);
+
+	dce_call->state_flags |= DCESRV_CALL_STATE_FLAG_ASYNC;
+
+	/* setup the callback */
+	tevent_req_set_callback(subreq, netr_dnsupdate_RODC_callback, st);
+
+	return NT_STATUS_OK;
+}
+
+
+/* include the generated boilerplate */
+#include "librpc/gen_ndr/ndr_netlogon_s.c"
diff --git a/source4/rpc_server/remote/README b/source4/rpc_server/remote/README
new file mode 100644
index 0000000..0d235a9
--- /dev/null
+++ b/source4/rpc_server/remote/README
@@ -0,0 +1,38 @@
+This is an RPC backend that implements all operations in terms of
+remote RPC operations.  This may be useful in certain debugging
+situations, where the traffic is encrypted, or you wish to validate
+that IDL is correct before implementing full test clients, or with
+windows clients.
+
+There are two modes of operation: Password specified and delegated
+credentials.
+
+Password specified:
+-------------------
+
+This uses a static username/password in the config file, example:
+
+[global]
+	dcerpc endpoint servers = remote
+	dcerpc_remote:binding = ncacn_np:win2003
+	dcerpc_remote:username = administrator
+	dcerpc_remote:password = PASSWORD
+	dcerpc_remote:interfaces = samr, lsarpc, netlogon
+
+Delegated credentials:
+----------------------
+
+If your incoming user is authenticated with Kerberos, and the machine
+account for this Samba4 proxy server is 'trusted for delegation', then
+the Samba4 proxy can forward the client's credentials to the target.
+
+You must be joined to the domain (net join <domain> member).
+
+To set 'trusted for delegation' with MMC, see the checkbox in the
+Computer account property page under Users and Computers.
+
+[global]
+	dcerpc endpoint servers = remote
+	dcerpc_remote:binding = ncacn_np:win2003
+	dcerpc_remote:interfaces = samr, lsarpc, netlogon
+
diff --git a/source4/rpc_server/remote/dcesrv_remote.c b/source4/rpc_server/remote/dcesrv_remote.c
new file mode 100644
index 0000000..0892752
--- /dev/null
+++ b/source4/rpc_server/remote/dcesrv_remote.c
@@ -0,0 +1,524 @@
+/* 
+   Unix SMB/CIFS implementation.
+   remote dcerpc operations
+
+   Copyright (C) Stefan (metze) Metzmacher 2004
+   Copyright (C) Julien Kerihuel 2008-2009
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <tevent.h>
+#include "rpc_server/dcerpc_server.h"
+#include "auth/auth.h"
+#include "auth/credentials/credentials.h"
+#include "librpc/rpc/dcerpc.h"
+#include "librpc/ndr/ndr_table.h"
+#include "param/param.h"
+
+NTSTATUS dcerpc_server_remote_init(TALLOC_CTX *ctx);
+
+#define DCESRV_REMOTE_ASSOC_MAGIC 0x782f50c4
+struct dcesrv_remote_assoc {
+	uint32_t assoc_group_id;
+};
+
+#define DCESRV_REMOTE_PRIVATE_MAGIC 0x7eceafa6
+struct dcesrv_remote_private {
+	struct dcerpc_pipe *c_pipe;
+};
+
+static NTSTATUS remote_op_reply(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, void *r)
+{
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS remote_op_bind(struct dcesrv_connection_context *context,
+			       const struct dcesrv_interface *iface)
+{
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS remote_get_private(struct dcesrv_call_state *dce_call,
+				   struct dcesrv_remote_private **_priv)
+{
+	const struct ndr_interface_table *table =
+		(const struct ndr_interface_table *)dce_call->context->iface->private_data;
+	struct dcesrv_remote_private *priv = NULL;
+	struct dcesrv_remote_assoc *assoc = NULL;
+	const char *binding = NULL;
+	const char *user, *pass, *domain;
+	struct cli_credentials *credentials;
+	bool must_free_credentials = false;
+	bool machine_account;
+	bool allow_anonymous;
+	struct dcerpc_binding		*b;
+	struct composite_context	*pipe_conn_req;
+	uint32_t flags = 0;
+	NTSTATUS status;
+
+	priv = dcesrv_iface_state_find_conn(dce_call,
+					    DCESRV_REMOTE_PRIVATE_MAGIC,
+					    struct dcesrv_remote_private);
+	if (priv != NULL) {
+		*_priv = priv;
+		return NT_STATUS_OK;
+	}
+
+	priv = talloc_zero(dce_call, struct dcesrv_remote_private);
+	if (priv == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	assoc = dcesrv_iface_state_find_assoc(dce_call,
+					DCESRV_REMOTE_ASSOC_MAGIC,
+					struct dcesrv_remote_assoc);
+	if (assoc == NULL) {
+		assoc = talloc_zero(dce_call, struct dcesrv_remote_assoc);
+		if (assoc == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
+	binding = lpcfg_parm_string(dce_call->conn->dce_ctx->lp_ctx,
+				    NULL,
+				    "dcerpc_remote",
+				    "binding");
+	if (binding == NULL) {
+		DEBUG(0,("You must specify a DCE/RPC binding string\n"));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	user = lpcfg_parm_string(dce_call->conn->dce_ctx->lp_ctx, NULL, "dcerpc_remote", "user");
+	pass = lpcfg_parm_string(dce_call->conn->dce_ctx->lp_ctx, NULL, "dcerpc_remote", "password");
+	domain = lpcfg_parm_string(dce_call->conn->dce_ctx->lp_ctx, NULL, "dceprc_remote", "domain");
+
+	machine_account = lpcfg_parm_bool(dce_call->conn->dce_ctx->lp_ctx,
+					  NULL,
+					  "dcerpc_remote",
+					  "use_machine_account",
+					  false);
+	allow_anonymous = lpcfg_parm_bool(dce_call->conn->dce_ctx->lp_ctx,
+					  NULL,
+					  "dcerpc_remote",
+					  "allow_anonymous_fallback",
+					  false);
+
+	credentials = dcesrv_call_credentials(dce_call);
+
+	if (user && pass) {
+		bool ok;
+
+		DEBUG(5, ("dcerpc_remote: RPC Proxy: Using specified account\n"));
+		credentials = cli_credentials_init(priv);
+		if (!credentials) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		must_free_credentials = true;
+
+		ok = cli_credentials_set_conf(credentials,
+					      dce_call->conn->dce_ctx->lp_ctx);
+		if (!ok) {
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+
+		cli_credentials_set_username(credentials, user, CRED_SPECIFIED);
+		if (domain) {
+			cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
+		}
+		cli_credentials_set_password(credentials, pass, CRED_SPECIFIED);
+	} else if (machine_account) {
+		DEBUG(5, ("dcerpc_remote: RPC Proxy: Using machine account\n"));
+		credentials = cli_credentials_init_server(
+				priv,
+				dce_call->conn->dce_ctx->lp_ctx);
+		if (!credentials) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		must_free_credentials = true;
+	} else if (credentials != NULL) {
+		DEBUG(5, ("dcerpc_remote: RPC Proxy: Using delegated credentials\n"));
+	} else if (allow_anonymous) {
+		DEBUG(5, ("dcerpc_remote: RPC Proxy: Using anonymous\n"));
+		credentials = cli_credentials_init_anon(priv);
+		if (!credentials) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		must_free_credentials = true;
+	} else {
+		DEBUG(1,("dcerpc_remote: RPC Proxy: You must supply binding, user and password or have delegated credentials\n"));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/* parse binding string to the structure */
+	status = dcerpc_parse_binding(priv, binding, &b);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("Failed to parse dcerpc binding '%s'\n", binding));
+		return status;
+	}
+
+	/* If we already have a remote association group ID, then use that */
+	if (assoc->assoc_group_id != 0) {
+		status = dcerpc_binding_set_assoc_group_id(b,
+			assoc->assoc_group_id);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0, ("dcerpc_binding_set_assoc_group_id() - %s'\n",
+				  nt_errstr(status)));
+			return status;
+		}
+	}
+
+	status = dcerpc_binding_set_abstract_syntax(b, &table->syntax_id);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("dcerpc_binding_set_abstract_syntax() - %s'\n",
+			  nt_errstr(status)));
+		return status;
+	}
+
+	if (dce_call->conn->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED) {
+		status = dcerpc_binding_set_flags(b, DCERPC_CONCURRENT_MULTIPLEX, 0);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0, ("dcerpc_binding_set_flags(CONC_MPX) - %s'\n",
+				  nt_errstr(status)));
+			return status;
+		}
+	}
+
+	DEBUG(3, ("Using binding %s\n", dcerpc_binding_string(dce_call->context, b)));
+
+	pipe_conn_req = dcerpc_pipe_connect_b_send(priv, b, table,
+						   credentials, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx);
+	status = dcerpc_pipe_connect_b_recv(pipe_conn_req, priv, &(priv->c_pipe));
+	
+	if (must_free_credentials) {
+		talloc_free(credentials);
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (dce_call->conn->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED) {
+		flags = dcerpc_binding_get_flags(priv->c_pipe->binding);
+		if (!(flags & DCERPC_CONCURRENT_MULTIPLEX)) {
+			DEBUG(1,("dcerpc_remote: RPC Proxy: "
+				 "Remote server doesn't support MPX\n"));
+			return NT_STATUS_INVALID_NETWORK_RESPONSE;
+		}
+	}
+
+	if (assoc->assoc_group_id == 0) {
+		assoc->assoc_group_id =
+			dcerpc_binding_get_assoc_group_id(priv->c_pipe->binding);
+		if (assoc->assoc_group_id == 0) {
+			return NT_STATUS_INVALID_NETWORK_RESPONSE;
+		}
+
+		status = dcesrv_iface_state_store_assoc(dce_call,
+						DCESRV_REMOTE_ASSOC_MAGIC,
+						assoc);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+	}
+
+	status = dcesrv_iface_state_store_conn(dce_call,
+					DCESRV_REMOTE_PRIVATE_MAGIC,
+					priv);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	*_priv = priv;
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS remote_op_ndr_pull(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct ndr_pull *pull, void **r)
+{
+	enum ndr_err_code ndr_err;
+	const struct ndr_interface_table *table = (const struct ndr_interface_table *)dce_call->context->iface->private_data;
+	uint16_t opnum = dce_call->pkt.u.request.opnum;
+
+	dce_call->fault_code = 0;
+
+	if (opnum >= table->num_calls) {
+		dce_call->fault_code = DCERPC_FAULT_OP_RNG_ERROR;
+		return NT_STATUS_NET_WRITE_FAULT;
+	}
+
+	/*
+	 * We don't have support for calls with pipes.
+	 */
+	if (table->calls[opnum].in_pipes.num_pipes != 0) {
+		dce_call->fault_code = DCERPC_FAULT_OP_RNG_ERROR;
+		return NT_STATUS_NET_WRITE_FAULT;
+	}
+	if (table->calls[opnum].out_pipes.num_pipes != 0) {
+		dce_call->fault_code = DCERPC_FAULT_OP_RNG_ERROR;
+		return NT_STATUS_NET_WRITE_FAULT;
+	}
+
+	*r = talloc_size(mem_ctx, table->calls[opnum].struct_size);
+	if (!*r) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+        /* unravel the NDR for the packet */
+	ndr_err = table->calls[opnum].ndr_pull(pull, NDR_IN, *r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		dce_call->fault_code = DCERPC_FAULT_NDR;
+		return NT_STATUS_NET_WRITE_FAULT;
+	}
+
+	return NT_STATUS_OK;
+}
+
+static void remote_op_dispatch_done(struct tevent_req *subreq);
+
+struct dcesrv_remote_call {
+	struct dcesrv_call_state *dce_call;
+	struct dcesrv_remote_private *priv;
+};
+
+static NTSTATUS remote_op_dispatch(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, void *r)
+{
+	struct dcesrv_remote_call *rcall = NULL;
+	struct dcesrv_remote_private *priv = NULL;
+	uint16_t opnum = dce_call->pkt.u.request.opnum;
+	const struct ndr_interface_table *table = dce_call->context->iface->private_data;
+	const struct ndr_interface_call *call;
+	const char *name;
+	struct tevent_req *subreq;
+	NTSTATUS status;
+
+	name = table->calls[opnum].name;
+	call = &table->calls[opnum];
+
+	status = remote_get_private(dce_call, &priv);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("dcesrv_remote: call[%s] %s\n", name, nt_errstr(status)));
+		return status;
+	}
+
+	rcall = talloc_zero(dce_call, struct dcesrv_remote_call);
+	if (rcall == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	rcall->dce_call = dce_call;
+	rcall->priv = priv;
+
+	if (priv->c_pipe->conn->flags & DCERPC_DEBUG_PRINT_IN) {
+		ndr_print_function_debug(call->ndr_print, name, NDR_IN | NDR_SET_VALUES, r);		
+	}
+
+	priv->c_pipe->conn->flags |= DCERPC_NDR_REF_ALLOC;
+
+	/* we didn't use the return code of this function as we only check the last_fault_code */
+	subreq = dcerpc_binding_handle_call_send(rcall, dce_call->event_ctx,
+						 priv->c_pipe->binding_handle,
+						 NULL, table,
+						 opnum, mem_ctx, r);
+	if (subreq == NULL) {
+		DEBUG(0,("dcesrv_remote: call[%s] dcerpc_binding_handle_call_send() failed!\n", name));
+		return NT_STATUS_NO_MEMORY;
+	}
+	tevent_req_set_callback(subreq, remote_op_dispatch_done, rcall);
+
+	dce_call->state_flags |= DCESRV_CALL_STATE_FLAG_ASYNC;
+	return NT_STATUS_OK;
+}
+
+static void remote_op_dispatch_done(struct tevent_req *subreq)
+{
+	struct dcesrv_remote_call *rcall =
+		tevent_req_callback_data(subreq,
+		struct dcesrv_remote_call);
+	struct dcesrv_call_state *dce_call = rcall->dce_call;
+	struct dcesrv_remote_private *priv = rcall->priv;
+	uint16_t opnum = dce_call->pkt.u.request.opnum;
+	const struct ndr_interface_table *table = dce_call->context->iface->private_data;
+	const struct ndr_interface_call *call;
+	const char *name;
+	NTSTATUS status;
+
+	name = table->calls[opnum].name;
+	call = &table->calls[opnum];
+
+	/* we didn't use the return code of this function as we only check the last_fault_code */
+	status = dcerpc_binding_handle_call_recv(subreq);
+	TALLOC_FREE(subreq);
+
+	dce_call->fault_code = priv->c_pipe->last_fault_code;
+	if (dce_call->fault_code != 0) {
+		DEBUG(0,("dcesrv_remote: call[%s] failed with: %s!\n",
+			name, dcerpc_errstr(dce_call, dce_call->fault_code)));
+		goto reply;
+	}
+
+	if (NT_STATUS_IS_OK(status) &&
+	    (priv->c_pipe->conn->flags & DCERPC_DEBUG_PRINT_OUT)) {
+		ndr_print_function_debug(call->ndr_print, name, NDR_OUT, dce_call->r);
+	}
+
+reply:
+	_dcesrv_async_reply(dce_call, __func__, name);
+}
+
+static NTSTATUS remote_op_ndr_push(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct ndr_push *push, const void *r)
+{
+	enum ndr_err_code ndr_err;
+	const struct ndr_interface_table *table = dce_call->context->iface->private_data;
+	uint16_t opnum = dce_call->pkt.u.request.opnum;
+
+        /* unravel the NDR for the packet */
+	ndr_err = table->calls[opnum].ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		dce_call->fault_code = DCERPC_FAULT_NDR;
+		return NT_STATUS_NET_WRITE_FAULT;
+	}
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS remote_register_one_iface(struct dcesrv_context *dce_ctx, const struct dcesrv_interface *iface)
+{
+	unsigned int i;
+	const struct ndr_interface_table *table = iface->private_data;
+
+	for (i=0;i<table->endpoints->count;i++) {
+		NTSTATUS ret;
+		const char *name = table->endpoints->names[i];
+
+		ret = dcesrv_interface_register(dce_ctx, name, NULL, iface, NULL);
+		if (!NT_STATUS_IS_OK(ret)) {
+			DEBUG(1,("remote_op_init_server: failed to register endpoint '%s'\n",name));
+			return ret;
+		}
+	}
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS remote_op_init_server(struct dcesrv_context *dce_ctx, const struct dcesrv_endpoint_server *ep_server)
+{
+	unsigned int i;
+	char **ifaces = str_list_make(dce_ctx, lpcfg_parm_string(dce_ctx->lp_ctx, NULL, "dcerpc_remote", "interfaces"),NULL);
+
+	if (!ifaces) {
+		DEBUG(3,("remote_op_init_server: no interfaces configured\n"));
+		return NT_STATUS_OK;
+	}
+
+	for (i=0;ifaces[i];i++) {
+		NTSTATUS ret;
+		struct dcesrv_interface iface;
+		
+		if (!ep_server->interface_by_name(&iface, ifaces[i])) {
+			DEBUG(0,("remote_op_init_server: failed to find interface = '%s'\n", ifaces[i]));
+			talloc_free(ifaces);
+			return NT_STATUS_UNSUCCESSFUL;
+		}
+
+		ret = remote_register_one_iface(dce_ctx, &iface);
+		if (!NT_STATUS_IS_OK(ret)) {
+			DEBUG(0,("remote_op_init_server: failed to register interface = '%s'\n", ifaces[i]));
+			talloc_free(ifaces);
+			return ret;
+		}
+	}
+
+	talloc_free(ifaces);
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS remote_op_shutdown_server(struct dcesrv_context *dce_ctx,
+				const struct dcesrv_endpoint_server *ep_server)
+{
+	return NT_STATUS_OK;
+}
+
+static bool remote_fill_interface(struct dcesrv_interface *iface, const struct ndr_interface_table *if_tabl)
+{
+	iface->name = if_tabl->name;
+	iface->syntax_id = if_tabl->syntax_id;
+	
+	iface->bind = remote_op_bind;
+	iface->unbind = NULL;
+
+	iface->ndr_pull = remote_op_ndr_pull;
+	iface->dispatch = remote_op_dispatch;
+	iface->reply = remote_op_reply;
+	iface->ndr_push = remote_op_ndr_push;
+
+	iface->private_data = if_tabl;
+	iface->flags = 0;
+
+	return true;
+}
+
+static bool remote_op_interface_by_uuid(struct dcesrv_interface *iface, const struct GUID *uuid, uint32_t if_version)
+{
+	const struct ndr_interface_list *l;
+
+	for (l=ndr_table_list();l;l=l->next) {
+		if (l->table->syntax_id.if_version == if_version &&
+			GUID_equal(&l->table->syntax_id.uuid, uuid)==0) {
+			return remote_fill_interface(iface, l->table);
+		}
+	}
+
+	return false;	
+}
+
+static bool remote_op_interface_by_name(struct dcesrv_interface *iface, const char *name)
+{
+	const struct ndr_interface_table *tbl = ndr_table_by_name(name);
+
+	if (tbl)
+		return remote_fill_interface(iface, tbl);
+
+	return false;	
+}
+
+NTSTATUS dcerpc_server_remote_init(TALLOC_CTX *ctx)
+{
+	NTSTATUS ret;
+	static const struct dcesrv_endpoint_server ep_server = {
+		/* fill in our name */
+		.name = "remote",
+
+		.initialized = false,
+
+		/* fill in all the operations */
+		.init_server = remote_op_init_server,
+		.shutdown_server = remote_op_shutdown_server,
+
+		.interface_by_uuid = remote_op_interface_by_uuid,
+		.interface_by_name = remote_op_interface_by_name
+	};
+
+	/* register ourselves with the DCERPC subsystem. */
+	ret = dcerpc_register_ep_server(&ep_server);
+	if (!NT_STATUS_IS_OK(ret)) {
+		DEBUG(0,("Failed to register 'remote' endpoint server!\n"));
+		return ret;
+	}
+
+	/* We need the full DCE/RPC interface table */
+	ndr_table_init();
+
+	return ret;
+}
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
new file mode 100644
index 0000000..841c764
--- /dev/null
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -0,0 +1,5371 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   endpoint server for the samr pipe
+
+   Copyright (C) Andrew Tridgell 2004
+   Copyright (C) Volker Lendecke 2004
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
+   Copyright (C) Matthias Dieter Wallnöfer 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_samr.h"
+#include "rpc_server/dcerpc_server.h"
+#include "rpc_server/common/common.h"
+#include "rpc_server/samr/dcesrv_samr.h"
+#include "system/time.h"
+#include <ldb.h>
+#include <ldb_errors.h>
+#include "../libds/common/flags.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
+#include "libcli/ldap/ldap_ndr.h"
+#include "libcli/security/security.h"
+#include "rpc_server/samr/proto.h"
+#include "../lib/util/util_ldb.h"
+#include "param/param.h"
+#include "lib/util/tsort.h"
+#include "libds/common/flag_mapping.h"
+
+#undef strcasecmp
+
+#define DCESRV_INTERFACE_SAMR_BIND(context, iface) \
+       dcesrv_interface_samr_bind(context, iface)
+static NTSTATUS dcesrv_interface_samr_bind(struct dcesrv_connection_context *context,
+					     const struct dcesrv_interface *iface)
+{
+	return dcesrv_interface_bind_reject_connect(context, iface);
+}
+
+/* these query macros make samr_Query[User|Group|Alias]Info a bit easier to read */
+
+#define QUERY_STRING(msg, field, attr) \
+	info->field.string = ldb_msg_find_attr_as_string(msg, attr, "");
+#define QUERY_UINT(msg, field, attr) \
+	info->field = ldb_msg_find_attr_as_uint(msg, attr, 0);
+#define QUERY_RID(msg, field, attr) \
+	info->field = samdb_result_rid_from_sid(mem_ctx, msg, attr, 0);
+#define QUERY_UINT64(msg, field, attr) \
+	info->field = ldb_msg_find_attr_as_uint64(msg, attr, 0);
+#define QUERY_APASSC(msg, field, attr) \
+	info->field = samdb_result_allow_password_change(sam_ctx, mem_ctx, \
+							 a_state->domain_state->domain_dn, msg, attr);
+#define QUERY_BPWDCT(msg, field, attr) \
+	info->field = samdb_result_effective_badPwdCount(sam_ctx, mem_ctx, \
+							 a_state->domain_state->domain_dn, msg);
+#define QUERY_LHOURS(msg, field, attr) \
+	info->field = samdb_result_logon_hours(mem_ctx, msg, attr);
+#define QUERY_AFLAGS(msg, field, attr) \
+	info->field = samdb_result_acct_flags(msg, attr);
+
+
+/* these are used to make the Set[User|Group]Info code easier to follow */
+
+#define SET_STRING(msg, field, attr) do {				\
+	struct ldb_message_element *set_el;				\
+	if (r->in.info->field.string == NULL) return NT_STATUS_INVALID_PARAMETER; \
+        if (r->in.info->field.string[0] == '\0') {			\
+		if (ldb_msg_add_empty(msg, attr, LDB_FLAG_MOD_DELETE, NULL) != LDB_SUCCESS) { \
+			return NT_STATUS_NO_MEMORY;			\
+		}							\
+	}								\
+        if (ldb_msg_add_string(msg, attr, r->in.info->field.string) != LDB_SUCCESS) { \
+		return NT_STATUS_NO_MEMORY;				\
+	}								\
+        set_el = ldb_msg_find_element(msg, attr);			\
+        set_el->flags = LDB_FLAG_MOD_REPLACE;				\
+} while (0)
+
+#define SET_UINT(msg, field, attr) do {					\
+	struct ldb_message_element *set_el;				\
+	if (samdb_msg_add_uint(sam_ctx, mem_ctx, msg, attr, r->in.info->field) != LDB_SUCCESS) { \
+		return NT_STATUS_NO_MEMORY;				\
+	}								\
+        set_el = ldb_msg_find_element(msg, attr);			\
+ 	set_el->flags = LDB_FLAG_MOD_REPLACE;				\
+} while (0)
+
+#define SET_INT64(msg, field, attr) do {				\
+	struct ldb_message_element *set_el;				\
+	if (samdb_msg_add_int64(sam_ctx, mem_ctx, msg, attr, r->in.info->field) != LDB_SUCCESS) { \
+		return NT_STATUS_NO_MEMORY;				\
+	}								\
+        set_el = ldb_msg_find_element(msg, attr);			\
+ 	set_el->flags = LDB_FLAG_MOD_REPLACE;				\
+} while (0)
+
+#define SET_UINT64(msg, field, attr) do {				\
+	struct ldb_message_element *set_el;				\
+	if (samdb_msg_add_uint64(sam_ctx, mem_ctx, msg, attr, r->in.info->field) != LDB_SUCCESS) { \
+		return NT_STATUS_NO_MEMORY;				\
+	}								\
+        set_el = ldb_msg_find_element(msg, attr);			\
+ 	set_el->flags = LDB_FLAG_MOD_REPLACE;				\
+} while (0)
+
+/* Set account flags, discarding flags that cannot be set with SAMR */
+#define SET_AFLAGS(msg, field, attr) do {				\
+	struct ldb_message_element *set_el;				\
+	if (samdb_msg_add_acct_flags(sam_ctx, mem_ctx, msg, attr, r->in.info->field) != 0) { \
+		return NT_STATUS_NO_MEMORY;				\
+	}								\
+        set_el = ldb_msg_find_element(msg, attr);			\
+ 	set_el->flags = LDB_FLAG_MOD_REPLACE;				\
+} while (0)
+
+#define SET_LHOURS(msg, field, attr) do {				\
+	struct ldb_message_element *set_el;				\
+	if (samdb_msg_add_logon_hours(sam_ctx, mem_ctx, msg, attr, &r->in.info->field) != LDB_SUCCESS) { \
+		return NT_STATUS_NO_MEMORY;				\
+	}								\
+        set_el = ldb_msg_find_element(msg, attr);			\
+ 	set_el->flags = LDB_FLAG_MOD_REPLACE;				\
+} while (0)
+
+#define SET_PARAMETERS(msg, field, attr) do {				\
+	struct ldb_message_element *set_el;				\
+	if (r->in.info->field.length != 0) {				\
+		if (samdb_msg_add_parameters(sam_ctx, mem_ctx, msg, attr, &r->in.info->field) != LDB_SUCCESS) { \
+			return NT_STATUS_NO_MEMORY;			\
+		}							\
+		set_el = ldb_msg_find_element(msg, attr);		\
+		set_el->flags = LDB_FLAG_MOD_REPLACE;			\
+	}								\
+} while (0)
+
+/*
+ * Clear a GUID cache
+ */
+static void clear_guid_cache(struct samr_guid_cache *cache)
+{
+	cache->handle = 0;
+	cache->size = 0;
+	TALLOC_FREE(cache->entries);
+}
+
+/*
+ * initialize a GUID cache
+ */
+static void initialize_guid_cache(struct samr_guid_cache *cache)
+{
+	cache->handle = 0;
+	cache->size = 0;
+	cache->entries = NULL;
+}
+
+static NTSTATUS load_guid_cache(
+	struct samr_guid_cache *cache,
+	struct samr_domain_state *d_state,
+	unsigned int ldb_cnt,
+	struct ldb_message **res)
+{
+	NTSTATUS status = NT_STATUS_OK;
+	unsigned int i;
+	TALLOC_CTX *frame = talloc_stackframe();
+
+	clear_guid_cache(cache);
+
+	/*
+	 * Store the GUID's in the cache.
+	 */
+	cache->handle = 0;
+	cache->size = ldb_cnt;
+	cache->entries = talloc_array(d_state, struct GUID, ldb_cnt);
+	if (cache->entries == NULL) {
+		clear_guid_cache(cache);
+		status = NT_STATUS_NO_MEMORY;
+		goto exit;
+	}
+
+	/*
+	 * Extract a list of the GUIDs for all the matching objects
+	 * we cache just the GUIDS to reduce the memory overhead of
+	 * the result cache.
+	 */
+	for (i = 0; i < ldb_cnt; i++) {
+		cache->entries[i] = samdb_result_guid(res[i], "objectGUID");
+	}
+exit:
+	TALLOC_FREE(frame);
+	return status;
+}
+
+/*
+  samr_Connect
+
+  create a connection to the SAM database
+*/
+static NTSTATUS dcesrv_samr_Connect(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+			     struct samr_Connect *r)
+{
+	struct samr_connect_state *c_state;
+	struct dcesrv_handle *handle;
+
+	ZERO_STRUCTP(r->out.connect_handle);
+
+	c_state = talloc(mem_ctx, struct samr_connect_state);
+	if (!c_state) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* make sure the sam database is accessible */
+	c_state->sam_ctx = dcesrv_samdb_connect_as_user(c_state, dce_call);
+	if (c_state->sam_ctx == NULL) {
+		talloc_free(c_state);
+		return NT_STATUS_INVALID_SYSTEM_SERVICE;
+	}
+
+	handle = dcesrv_handle_create(dce_call, SAMR_HANDLE_CONNECT);
+	if (!handle) {
+		talloc_free(c_state);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	handle->data = talloc_steal(handle, c_state);
+
+	c_state->access_mask = r->in.access_mask;
+	*r->out.connect_handle = handle->wire_handle;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  samr_Close
+*/
+static NTSTATUS dcesrv_samr_Close(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+			   struct samr_Close *r)
+{
+	struct dcesrv_handle *h;
+
+	*r->out.handle = *r->in.handle;
+
+	DCESRV_PULL_HANDLE(h, r->in.handle, DCESRV_HANDLE_ANY);
+
+	talloc_free(h);
+
+	ZERO_STRUCTP(r->out.handle);
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  samr_SetSecurity
+*/
+static NTSTATUS dcesrv_samr_SetSecurity(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				 struct samr_SetSecurity *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  samr_QuerySecurity
+*/
+static NTSTATUS dcesrv_samr_QuerySecurity(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				   struct samr_QuerySecurity *r)
+{
+	struct dcesrv_handle *h;
+	struct sec_desc_buf *sd;
+
+	*r->out.sdbuf = NULL;
+
+	DCESRV_PULL_HANDLE(h, r->in.handle, DCESRV_HANDLE_ANY);
+
+	sd = talloc(mem_ctx, struct sec_desc_buf);
+	if (sd == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	sd->sd = samdb_default_security_descriptor(mem_ctx);
+
+	*r->out.sdbuf = sd;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  samr_Shutdown
+
+  we refuse this operation completely. If a admin wants to shutdown samr
+  in Samba then they should use the samba admin tools to disable the samr pipe
+*/
+static NTSTATUS dcesrv_samr_Shutdown(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+			      struct samr_Shutdown *r)
+{
+	return NT_STATUS_ACCESS_DENIED;
+}
+
+
+/*
+  samr_LookupDomain
+
+  this maps from a domain name to a SID
+*/
+static NTSTATUS dcesrv_samr_LookupDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				  struct samr_LookupDomain *r)
+{
+	struct samr_connect_state *c_state;
+	struct dcesrv_handle *h;
+	struct dom_sid *sid;
+	const char * const dom_attrs[] = { "objectSid", NULL};
+	struct ldb_message **dom_msgs;
+	int ret;
+
+	*r->out.sid = NULL;
+
+	DCESRV_PULL_HANDLE(h, r->in.connect_handle, SAMR_HANDLE_CONNECT);
+
+	c_state = h->data;
+
+	if (r->in.domain_name->string == NULL) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (strcasecmp(r->in.domain_name->string, "BUILTIN") == 0) {
+		ret = gendb_search(c_state->sam_ctx,
+				   mem_ctx, NULL, &dom_msgs, dom_attrs,
+				   "(objectClass=builtinDomain)");
+	} else if (strcasecmp_m(r->in.domain_name->string, lpcfg_sam_name(dce_call->conn->dce_ctx->lp_ctx)) == 0) {
+		ret = gendb_search_dn(c_state->sam_ctx,
+				      mem_ctx, ldb_get_default_basedn(c_state->sam_ctx),
+				      &dom_msgs, dom_attrs);
+	} else {
+		return NT_STATUS_NO_SUCH_DOMAIN;
+	}
+	if (ret != 1) {
+		return NT_STATUS_NO_SUCH_DOMAIN;
+	}
+
+	sid = samdb_result_dom_sid(mem_ctx, dom_msgs[0],
+				   "objectSid");
+
+	if (sid == NULL) {
+		return NT_STATUS_NO_SUCH_DOMAIN;
+	}
+
+	*r->out.sid = sid;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  samr_EnumDomains
+
+  list the domains in the SAM
+*/
+static NTSTATUS dcesrv_samr_EnumDomains(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				 struct samr_EnumDomains *r)
+{
+	struct dcesrv_handle *h;
+	struct samr_SamArray *array;
+	uint32_t i, start_i;
+
+	*r->out.resume_handle = 0;
+	*r->out.sam = NULL;
+	*r->out.num_entries = 0;
+
+	DCESRV_PULL_HANDLE(h, r->in.connect_handle, SAMR_HANDLE_CONNECT);
+
+	*r->out.resume_handle = 2;
+
+	start_i = *r->in.resume_handle;
+
+	if (start_i >= 2) {
+		/* search past end of list is not an error for this call */
+		return NT_STATUS_OK;
+	}
+
+	array = talloc(mem_ctx, struct samr_SamArray);
+	if (array == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	array->count = 0;
+	array->entries = NULL;
+
+	array->entries = talloc_array(mem_ctx, struct samr_SamEntry, 2 - start_i);
+	if (array->entries == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i=0;i<2-start_i;i++) {
+		array->entries[i].idx = start_i + i;
+		if (i == 0) {
+			array->entries[i].name.string = lpcfg_sam_name(dce_call->conn->dce_ctx->lp_ctx);
+		} else {
+			array->entries[i].name.string = "BUILTIN";
+		}
+	}
+
+	*r->out.sam = array;
+	*r->out.num_entries = i;
+	array->count = *r->out.num_entries;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  samr_OpenDomain
+*/
+static NTSTATUS dcesrv_samr_OpenDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				struct samr_OpenDomain *r)
+{
+	struct dcesrv_handle *h_conn, *h_domain;
+	struct samr_connect_state *c_state;
+	struct samr_domain_state *d_state;
+	const char * const dom_attrs[] = { "cn", NULL};
+	struct ldb_message **dom_msgs;
+	int ret;
+	unsigned int i;
+
+	ZERO_STRUCTP(r->out.domain_handle);
+
+	DCESRV_PULL_HANDLE(h_conn, r->in.connect_handle, SAMR_HANDLE_CONNECT);
+
+	c_state = h_conn->data;
+
+	if (r->in.sid == NULL) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	d_state = talloc(mem_ctx, struct samr_domain_state);
+	if (!d_state) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	d_state->domain_sid = talloc_steal(d_state, r->in.sid);
+
+	if (dom_sid_equal(d_state->domain_sid, &global_sid_Builtin)) {
+		d_state->builtin = true;
+		d_state->domain_name = "BUILTIN";
+	} else {
+		d_state->builtin = false;
+		d_state->domain_name = lpcfg_sam_name(dce_call->conn->dce_ctx->lp_ctx);
+	}
+
+	ret = gendb_search(c_state->sam_ctx,
+			   mem_ctx, ldb_get_default_basedn(c_state->sam_ctx), &dom_msgs, dom_attrs,
+			   "(objectSid=%s)",
+			   ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid));
+
+	if (ret == 0) {
+		talloc_free(d_state);
+		return NT_STATUS_NO_SUCH_DOMAIN;
+	} else if (ret > 1) {
+		talloc_free(d_state);
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	} else if (ret == -1) {
+		talloc_free(d_state);
+		DEBUG(1, ("Failed to open domain %s: %s\n", dom_sid_string(mem_ctx, r->in.sid), ldb_errstring(c_state->sam_ctx)));
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	d_state->domain_dn = talloc_steal(d_state, dom_msgs[0]->dn);
+	d_state->role = lpcfg_server_role(dce_call->conn->dce_ctx->lp_ctx);
+	d_state->connect_state = talloc_reference(d_state, c_state);
+	d_state->sam_ctx = c_state->sam_ctx;
+	d_state->access_mask = r->in.access_mask;
+	d_state->domain_users_cached = NULL;
+
+	d_state->lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
+
+	for (i = 0; i < SAMR_LAST_CACHE; i++) {
+		initialize_guid_cache(&d_state->guid_caches[i]);
+	}
+
+	h_domain = dcesrv_handle_create(dce_call, SAMR_HANDLE_DOMAIN);
+	if (!h_domain) {
+		talloc_free(d_state);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	h_domain->data = talloc_steal(h_domain, d_state);
+
+	*r->out.domain_handle = h_domain->wire_handle;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  return DomInfo1
+*/
+static NTSTATUS dcesrv_samr_info_DomInfo1(struct samr_domain_state *state,
+					  TALLOC_CTX *mem_ctx,
+					  struct ldb_message **dom_msgs,
+					  struct samr_DomInfo1 *info)
+{
+	info->min_password_length =
+		ldb_msg_find_attr_as_uint(dom_msgs[0], "minPwdLength", 0);
+	info->password_history_length =
+		ldb_msg_find_attr_as_uint(dom_msgs[0], "pwdHistoryLength", 0);
+	info->password_properties =
+		ldb_msg_find_attr_as_uint(dom_msgs[0], "pwdProperties", 0);
+	info->max_password_age =
+		ldb_msg_find_attr_as_int64(dom_msgs[0], "maxPwdAge", 0);
+	info->min_password_age =
+		ldb_msg_find_attr_as_int64(dom_msgs[0], "minPwdAge", 0);
+
+	return NT_STATUS_OK;
+}
+
+/*
+  return DomInfo2
+*/
+static NTSTATUS dcesrv_samr_info_DomGeneralInformation(struct samr_domain_state *state,
+						       TALLOC_CTX *mem_ctx,
+						       struct ldb_message **dom_msgs,
+						       struct samr_DomGeneralInformation *info)
+{
+	size_t count = 0;
+	const enum ldb_scope scope = LDB_SCOPE_SUBTREE;
+	int ret = 0;
+
+	/* MS-SAMR 2.2.4.1 - ReplicaSourceNodeName: "domainReplica" attribute */
+	info->primary.string = ldb_msg_find_attr_as_string(dom_msgs[0],
+							   "domainReplica",
+							   "");
+
+	info->force_logoff_time = ldb_msg_find_attr_as_uint64(dom_msgs[0], "forceLogoff",
+							    0x8000000000000000LL);
+
+	info->oem_information.string = ldb_msg_find_attr_as_string(dom_msgs[0],
+								   "oEMInformation",
+								   "");
+	info->domain_name.string  = state->domain_name;
+
+	info->sequence_num = ldb_msg_find_attr_as_uint64(dom_msgs[0], "modifiedCount",
+						 0);
+	switch (state->role) {
+	case ROLE_ACTIVE_DIRECTORY_DC:
+		/* This pulls the NetBIOS name from the
+		   cn=NTDS Settings,cn=<NETBIOS name of PDC>,....
+		   string */
+		if (samdb_is_pdc(state->sam_ctx)) {
+			info->role = SAMR_ROLE_DOMAIN_PDC;
+		} else {
+			info->role = SAMR_ROLE_DOMAIN_BDC;
+		}
+		break;
+	case ROLE_DOMAIN_PDC:
+	case ROLE_DOMAIN_BDC:
+	case ROLE_IPA_DC:
+	case ROLE_AUTO:
+		return NT_STATUS_INTERNAL_ERROR;
+	case ROLE_DOMAIN_MEMBER:
+		info->role = SAMR_ROLE_DOMAIN_MEMBER;
+		break;
+	case ROLE_STANDALONE:
+		info->role = SAMR_ROLE_STANDALONE;
+		break;
+	}
+
+	/*
+	 * Users are not meant to be in BUILTIN
+	 * so to speed up the query we do not filter on domain_sid
+	 */
+	ret = dsdb_domain_count(
+		state->sam_ctx,
+		&count,
+		state->domain_dn,
+		NULL,
+		scope,
+		"(objectClass=user)");
+	if (ret != LDB_SUCCESS || count > UINT32_MAX) {
+		goto error;
+	}
+	info->num_users = count;
+
+	/*
+	 * Groups are not meant to be in BUILTIN
+	 * so to speed up the query we do not filter on domain_sid
+	 */
+	ret = dsdb_domain_count(
+		state->sam_ctx,
+		&count,
+		state->domain_dn,
+		NULL,
+		scope,
+		"(&(objectClass=group)(|(groupType=%d)(groupType=%d)))",
+		GTYPE_SECURITY_UNIVERSAL_GROUP,
+		GTYPE_SECURITY_GLOBAL_GROUP);
+	if (ret != LDB_SUCCESS || count > UINT32_MAX) {
+		goto error;
+	}
+	info->num_groups = count;
+
+	ret = dsdb_domain_count(
+		state->sam_ctx,
+		&count,
+		state->domain_dn,
+		state->domain_sid,
+		scope,
+		"(&(objectClass=group)(|(groupType=%d)(groupType=%d)))",
+		GTYPE_SECURITY_BUILTIN_LOCAL_GROUP,
+		GTYPE_SECURITY_DOMAIN_LOCAL_GROUP);
+	if (ret != LDB_SUCCESS || count > UINT32_MAX) {
+		goto error;
+	}
+	info->num_aliases = count;
+
+	return NT_STATUS_OK;
+
+error:
+	if (count > UINT32_MAX) {
+		return NT_STATUS_INTEGER_OVERFLOW;
+	}
+	return dsdb_ldb_err_to_ntstatus(ret);
+
+}
+
+/*
+  return DomInfo3
+*/
+static NTSTATUS dcesrv_samr_info_DomInfo3(struct samr_domain_state *state,
+					  TALLOC_CTX *mem_ctx,
+					  struct ldb_message **dom_msgs,
+					  struct samr_DomInfo3 *info)
+{
+	info->force_logoff_time = ldb_msg_find_attr_as_uint64(dom_msgs[0], "forceLogoff",
+						      0x8000000000000000LL);
+
+	return NT_STATUS_OK;
+}
+
+/*
+  return DomInfo4
+*/
+static NTSTATUS dcesrv_samr_info_DomOEMInformation(struct samr_domain_state *state,
+				   TALLOC_CTX *mem_ctx,
+				    struct ldb_message **dom_msgs,
+				   struct samr_DomOEMInformation *info)
+{
+	info->oem_information.string = ldb_msg_find_attr_as_string(dom_msgs[0],
+								   "oEMInformation",
+								   "");
+
+	return NT_STATUS_OK;
+}
+
+/*
+  return DomInfo5
+*/
+static NTSTATUS dcesrv_samr_info_DomInfo5(struct samr_domain_state *state,
+					  TALLOC_CTX *mem_ctx,
+					  struct ldb_message **dom_msgs,
+					  struct samr_DomInfo5 *info)
+{
+	info->domain_name.string  = state->domain_name;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  return DomInfo6
+*/
+static NTSTATUS dcesrv_samr_info_DomInfo6(struct samr_domain_state *state,
+					  TALLOC_CTX *mem_ctx,
+					  struct ldb_message **dom_msgs,
+					  struct samr_DomInfo6 *info)
+{
+	/* MS-SAMR 2.2.4.1 - ReplicaSourceNodeName: "domainReplica" attribute */
+	info->primary.string = ldb_msg_find_attr_as_string(dom_msgs[0],
+							   "domainReplica",
+							   "");
+
+	return NT_STATUS_OK;
+}
+
+/*
+  return DomInfo7
+*/
+static NTSTATUS dcesrv_samr_info_DomInfo7(struct samr_domain_state *state,
+					  TALLOC_CTX *mem_ctx,
+					  struct ldb_message **dom_msgs,
+					  struct samr_DomInfo7 *info)
+{
+
+	switch (state->role) {
+	case ROLE_ACTIVE_DIRECTORY_DC:
+		/* This pulls the NetBIOS name from the
+		   cn=NTDS Settings,cn=<NETBIOS name of PDC>,....
+		   string */
+		if (samdb_is_pdc(state->sam_ctx)) {
+			info->role = SAMR_ROLE_DOMAIN_PDC;
+		} else {
+			info->role = SAMR_ROLE_DOMAIN_BDC;
+		}
+		break;
+	case ROLE_DOMAIN_PDC:
+	case ROLE_DOMAIN_BDC:
+	case ROLE_IPA_DC:
+	case ROLE_AUTO:
+		return NT_STATUS_INTERNAL_ERROR;
+	case ROLE_DOMAIN_MEMBER:
+		info->role = SAMR_ROLE_DOMAIN_MEMBER;
+		break;
+	case ROLE_STANDALONE:
+		info->role = SAMR_ROLE_STANDALONE;
+		break;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  return DomInfo8
+*/
+static NTSTATUS dcesrv_samr_info_DomInfo8(struct samr_domain_state *state,
+					  TALLOC_CTX *mem_ctx,
+					  struct ldb_message **dom_msgs,
+					  struct samr_DomInfo8 *info)
+{
+	info->sequence_num = ldb_msg_find_attr_as_uint64(dom_msgs[0], "modifiedCount",
+					       time(NULL));
+
+	info->domain_create_time = ldb_msg_find_attr_as_uint(dom_msgs[0], "creationTime",
+						     0x0LL);
+
+	return NT_STATUS_OK;
+}
+
+/*
+  return DomInfo9
+*/
+static NTSTATUS dcesrv_samr_info_DomInfo9(struct samr_domain_state *state,
+					  TALLOC_CTX *mem_ctx,
+					  struct ldb_message **dom_msgs,
+					  struct samr_DomInfo9 *info)
+{
+	info->domain_server_state = DOMAIN_SERVER_ENABLED;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  return DomInfo11
+*/
+static NTSTATUS dcesrv_samr_info_DomGeneralInformation2(struct samr_domain_state *state,
+							TALLOC_CTX *mem_ctx,
+							struct ldb_message **dom_msgs,
+							struct samr_DomGeneralInformation2 *info)
+{
+	NTSTATUS status;
+	status = dcesrv_samr_info_DomGeneralInformation(state, mem_ctx, dom_msgs, &info->general);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	info->lockout_duration = ldb_msg_find_attr_as_int64(dom_msgs[0], "lockoutDuration",
+						    -18000000000LL);
+	info->lockout_window = ldb_msg_find_attr_as_int64(dom_msgs[0], "lockOutObservationWindow",
+						    -18000000000LL);
+	info->lockout_threshold = ldb_msg_find_attr_as_int64(dom_msgs[0], "lockoutThreshold", 0);
+
+	return NT_STATUS_OK;
+}
+
+/*
+  return DomInfo12
+*/
+static NTSTATUS dcesrv_samr_info_DomInfo12(struct samr_domain_state *state,
+					   TALLOC_CTX *mem_ctx,
+					   struct ldb_message **dom_msgs,
+					   struct samr_DomInfo12 *info)
+{
+	info->lockout_duration = ldb_msg_find_attr_as_int64(dom_msgs[0], "lockoutDuration",
+						    -18000000000LL);
+	info->lockout_window = ldb_msg_find_attr_as_int64(dom_msgs[0], "lockOutObservationWindow",
+						    -18000000000LL);
+	info->lockout_threshold = ldb_msg_find_attr_as_int64(dom_msgs[0], "lockoutThreshold", 0);
+
+	return NT_STATUS_OK;
+}
+
+/*
+  return DomInfo13
+*/
+static NTSTATUS dcesrv_samr_info_DomInfo13(struct samr_domain_state *state,
+					   TALLOC_CTX *mem_ctx,
+					   struct ldb_message **dom_msgs,
+					   struct samr_DomInfo13 *info)
+{
+	info->sequence_num = ldb_msg_find_attr_as_uint64(dom_msgs[0], "modifiedCount",
+					       time(NULL));
+
+	info->domain_create_time = ldb_msg_find_attr_as_uint(dom_msgs[0], "creationTime",
+						     0x0LL);
+
+	info->modified_count_at_last_promotion = 0;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  samr_QueryDomainInfo
+*/
+static NTSTATUS dcesrv_samr_QueryDomainInfo(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct samr_QueryDomainInfo *r)
+{
+	struct dcesrv_handle *h;
+	struct samr_domain_state *d_state;
+	union samr_DomainInfo *info;
+
+	struct ldb_message **dom_msgs;
+	const char * const *attrs = NULL;
+
+	*r->out.info = NULL;
+
+	DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
+
+	d_state = h->data;
+
+	switch (r->in.level) {
+	case 1:
+	{
+		static const char * const attrs2[] = { "minPwdLength",
+						       "pwdHistoryLength",
+						       "pwdProperties",
+						       "maxPwdAge",
+						       "minPwdAge",
+						       NULL };
+		attrs = attrs2;
+		break;
+	}
+	case 2:
+	{
+		static const char * const attrs2[] = {"forceLogoff",
+						      "oEMInformation",
+						      "modifiedCount",
+						      "domainReplica",
+						      NULL};
+		attrs = attrs2;
+		break;
+	}
+	case 3:
+	{
+		static const char * const attrs2[] = {"forceLogoff",
+						      NULL};
+		attrs = attrs2;
+		break;
+	}
+	case 4:
+	{
+		static const char * const attrs2[] = {"oEMInformation",
+						      NULL};
+		attrs = attrs2;
+		break;
+	}
+	case 5:
+	{
+		attrs = NULL;
+		break;
+	}
+	case 6:
+	{
+		static const char * const attrs2[] = { "domainReplica",
+						       NULL };
+		attrs = attrs2;
+		break;
+	}
+	case 7:
+	{
+		attrs = NULL;
+		break;
+	}
+	case 8:
+	{
+		static const char * const attrs2[] = { "modifiedCount",
+						       "creationTime",
+						       NULL };
+		attrs = attrs2;
+		break;
+	}
+	case 9:
+	{
+		attrs = NULL;
+		break;
+	}
+	case 11:
+	{
+		static const char * const attrs2[] = { "oEMInformation",
+						       "forceLogoff",
+						       "modifiedCount",
+						       "lockoutDuration",
+						       "lockOutObservationWindow",
+						       "lockoutThreshold",
+						       NULL};
+		attrs = attrs2;
+		break;
+	}
+	case 12:
+	{
+		static const char * const attrs2[] = { "lockoutDuration",
+						       "lockOutObservationWindow",
+						       "lockoutThreshold",
+						       NULL};
+		attrs = attrs2;
+		break;
+	}
+	case 13:
+	{
+		static const char * const attrs2[] = { "modifiedCount",
+						       "creationTime",
+						       NULL };
+		attrs = attrs2;
+		break;
+	}
+	default:
+	{
+		return NT_STATUS_INVALID_INFO_CLASS;
+	}
+	}
+
+	/* some levels don't need a search */
+	if (attrs) {
+		int ret;
+		ret = gendb_search_dn(d_state->sam_ctx, mem_ctx,
+				      d_state->domain_dn, &dom_msgs, attrs);
+		if (ret == 0) {
+			return NT_STATUS_NO_SUCH_DOMAIN;
+		}
+		if (ret != 1) {
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+	}
+
+	/* allocate the info structure */
+	info = talloc_zero(mem_ctx, union samr_DomainInfo);
+	if (info == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	*r->out.info = info;
+
+	switch (r->in.level) {
+	case 1:
+		return dcesrv_samr_info_DomInfo1(d_state, mem_ctx, dom_msgs,
+						 &info->info1);
+	case 2:
+		return dcesrv_samr_info_DomGeneralInformation(d_state, mem_ctx, dom_msgs,
+							      &info->general);
+	case 3:
+		return dcesrv_samr_info_DomInfo3(d_state, mem_ctx, dom_msgs,
+						 &info->info3);
+	case 4:
+		return dcesrv_samr_info_DomOEMInformation(d_state, mem_ctx, dom_msgs,
+							  &info->oem);
+	case 5:
+		return dcesrv_samr_info_DomInfo5(d_state, mem_ctx, dom_msgs,
+						 &info->info5);
+	case 6:
+		return dcesrv_samr_info_DomInfo6(d_state, mem_ctx, dom_msgs,
+						 &info->info6);
+	case 7:
+		return dcesrv_samr_info_DomInfo7(d_state, mem_ctx, dom_msgs,
+						 &info->info7);
+	case 8:
+		return dcesrv_samr_info_DomInfo8(d_state, mem_ctx, dom_msgs,
+						 &info->info8);
+	case 9:
+		return dcesrv_samr_info_DomInfo9(d_state, mem_ctx, dom_msgs,
+						 &info->info9);
+	case 11:
+		return dcesrv_samr_info_DomGeneralInformation2(d_state, mem_ctx, dom_msgs,
+							       &info->general2);
+	case 12:
+		return dcesrv_samr_info_DomInfo12(d_state, mem_ctx, dom_msgs,
+						  &info->info12);
+	case 13:
+		return dcesrv_samr_info_DomInfo13(d_state, mem_ctx, dom_msgs,
+						  &info->info13);
+	default:
+		return NT_STATUS_INVALID_INFO_CLASS;
+	}
+}
+
+
+/*
+  samr_SetDomainInfo
+*/
+static NTSTATUS dcesrv_samr_SetDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct samr_SetDomainInfo *r)
+{
+	struct dcesrv_handle *h;
+	struct samr_domain_state *d_state;
+	struct ldb_message *msg;
+	int ret;
+	struct ldb_context *sam_ctx;
+
+	DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
+
+	d_state = h->data;
+	sam_ctx = d_state->sam_ctx;
+
+	msg = ldb_msg_new(mem_ctx);
+	if (msg == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	msg->dn = talloc_reference(mem_ctx, d_state->domain_dn);
+	if (!msg->dn) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	switch (r->in.level) {
+	case 1:
+		SET_UINT  (msg, info1.min_password_length,     "minPwdLength");
+		SET_UINT  (msg, info1.password_history_length, "pwdHistoryLength");
+		SET_UINT  (msg, info1.password_properties,     "pwdProperties");
+		SET_INT64  (msg, info1.max_password_age,       "maxPwdAge");
+		SET_INT64  (msg, info1.min_password_age,       "minPwdAge");
+		break;
+	case 3:
+		SET_UINT64  (msg, info3.force_logoff_time,     "forceLogoff");
+		break;
+	case 4:
+		SET_STRING(msg, oem.oem_information,           "oEMInformation");
+		break;
+
+	case 6:
+	case 7:
+	case 9:
+		/* No op, we don't know where to set these */
+		return NT_STATUS_OK;
+
+	case 12:
+		/*
+		 * It is not possible to set lockout_duration < lockout_window.
+		 * (The test is the other way around since the negative numbers
+		 *  are stored...)
+		 *
+		 * TODO:
+		 *   This check should be moved to the backend, i.e. to some
+		 *   ldb module under dsdb/samdb/ldb_modules/ .
+		 *
+		 * This constraint is documented here for the samr rpc service:
+		 * MS-SAMR 3.1.1.6 Attribute Constraints for Originating Updates
+		 * http://msdn.microsoft.com/en-us/library/cc245667%28PROT.10%29.aspx
+		 *
+		 * And here for the ldap backend:
+		 * MS-ADTS 3.1.1.5.3.2 Constraints
+		 * http://msdn.microsoft.com/en-us/library/cc223462(PROT.10).aspx
+		 */
+		if (r->in.info->info12.lockout_duration >
+		    r->in.info->info12.lockout_window)
+		{
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+		SET_INT64  (msg, info12.lockout_duration,      "lockoutDuration");
+		SET_INT64  (msg, info12.lockout_window,        "lockOutObservationWindow");
+		SET_INT64  (msg, info12.lockout_threshold,     "lockoutThreshold");
+		break;
+
+	default:
+		/* many info classes are not valid for SetDomainInfo */
+		return NT_STATUS_INVALID_INFO_CLASS;
+	}
+
+	/* modify the samdb record */
+	ret = ldb_modify(sam_ctx, msg);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(1,("Failed to modify record %s: %s\n",
+			 ldb_dn_get_linearized(d_state->domain_dn),
+			 ldb_errstring(sam_ctx)));
+		return dsdb_ldb_err_to_ntstatus(ret);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  samr_CreateDomainGroup
+*/
+static NTSTATUS dcesrv_samr_CreateDomainGroup(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				       struct samr_CreateDomainGroup *r)
+{
+	NTSTATUS status;
+	struct samr_domain_state *d_state;
+	struct samr_account_state *a_state;
+	struct dcesrv_handle *h;
+	const char *groupname;
+	struct dom_sid *group_sid;
+	struct ldb_dn *group_dn;
+	struct dcesrv_handle *g_handle;
+
+	ZERO_STRUCTP(r->out.group_handle);
+	*r->out.rid = 0;
+
+	DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
+
+	d_state = h->data;
+
+	if (d_state->builtin) {
+		DEBUG(5, ("Cannot create a domain group in the BUILTIN domain\n"));
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	groupname = r->in.name->string;
+
+	if (groupname == NULL) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	status = dsdb_add_domain_group(d_state->sam_ctx, mem_ctx, groupname, &group_sid, &group_dn);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	a_state = talloc(mem_ctx, struct samr_account_state);
+	if (!a_state) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	a_state->sam_ctx = d_state->sam_ctx;
+	a_state->access_mask = r->in.access_mask;
+	a_state->domain_state = talloc_reference(a_state, d_state);
+	a_state->account_dn = talloc_steal(a_state, group_dn);
+
+	a_state->account_name = talloc_steal(a_state, groupname);
+
+	/* create the policy handle */
+	g_handle = dcesrv_handle_create(dce_call, SAMR_HANDLE_GROUP);
+	if (!g_handle) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	g_handle->data = talloc_steal(g_handle, a_state);
+
+	*r->out.group_handle = g_handle->wire_handle;
+	*r->out.rid = group_sid->sub_auths[group_sid->num_auths-1];
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  comparison function for sorting SamEntry array
+*/
+static int compare_SamEntry(struct samr_SamEntry *e1, struct samr_SamEntry *e2)
+{
+	return e1->idx - e2->idx;
+}
+
+static int compare_msgRid(struct ldb_message **m1, struct ldb_message **m2) {
+	struct dom_sid *sid1 = NULL;
+	struct dom_sid *sid2 = NULL;
+	uint32_t rid1;
+	uint32_t rid2;
+	int res = 0;
+	NTSTATUS status;
+	TALLOC_CTX *frame = talloc_stackframe();
+
+	sid1 = samdb_result_dom_sid(frame, *m1, "objectSid");
+	sid2 = samdb_result_dom_sid(frame, *m2, "objectSid");
+
+	/*
+	 * If entries don't have a SID we want to sort them to the end of
+	 * the list.
+	 */
+	if (sid1 == NULL && sid2 == NULL) {
+		res = 0;
+		goto exit;
+	} else if (sid2 == NULL) {
+		res = 1;
+		goto exit;
+	} else if (sid1 == NULL) {
+		res = -1;
+		goto exit;
+	}
+
+	/*
+	 * Get and compare the rids, if we fail to extract a rid treat it as a
+	 * missing SID and sort to the end of the list
+	 */
+	status = dom_sid_split_rid(NULL, sid1, NULL, &rid1);
+	if (!NT_STATUS_IS_OK(status)) {
+		res = 1;
+		goto exit;
+	}
+
+	status = dom_sid_split_rid(NULL, sid2, NULL, &rid2);
+	if (!NT_STATUS_IS_OK(status)) {
+		res = -1;
+		goto exit;
+	}
+
+	if (rid1 == rid2) {
+		res = 0;
+	}
+	else if (rid1 > rid2) {
+		res = 1;
+	}
+	else {
+		res = -1;
+	}
+exit:
+	TALLOC_FREE(frame);
+	return res;
+}
+
+/*
+  samr_EnumDomainGroups
+*/
+static NTSTATUS dcesrv_samr_EnumDomainGroups(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				      struct samr_EnumDomainGroups *r)
+{
+	struct dcesrv_handle *h;
+	struct samr_domain_state *d_state;
+	struct ldb_message **res;
+	uint32_t i;
+	uint32_t count;
+	uint32_t results;
+	uint32_t max_entries;
+	uint32_t remaining_entries;
+	uint32_t resume_handle;
+	struct samr_SamEntry *entries;
+	const char * const attrs[] = { "objectSid", "sAMAccountName", NULL };
+	const char * const cache_attrs[] = { "objectSid", "objectGUID", NULL };
+	struct samr_SamArray *sam;
+	struct samr_guid_cache *cache = NULL;
+
+	*r->out.resume_handle = 0;
+	*r->out.sam = NULL;
+	*r->out.num_entries = 0;
+
+	DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
+
+	d_state = h->data;
+	cache = &d_state->guid_caches[SAMR_ENUM_DOMAIN_GROUPS_CACHE];
+
+	/*
+	 * If the resume_handle is zero, query the database and cache the
+	 * matching GUID's
+	 */
+	if (*r->in.resume_handle == 0) {
+		NTSTATUS status;
+		int ldb_cnt;
+		clear_guid_cache(cache);
+		/*
+		 * search for all domain groups in this domain.
+		 */
+		ldb_cnt = samdb_search_domain(
+		    d_state->sam_ctx,
+		    mem_ctx,
+		    d_state->domain_dn,
+		    &res,
+		    cache_attrs,
+		    d_state->domain_sid,
+		    "(&(|(groupType=%d)(groupType=%d))(objectClass=group))",
+		    GTYPE_SECURITY_UNIVERSAL_GROUP,
+		    GTYPE_SECURITY_GLOBAL_GROUP);
+		if (ldb_cnt < 0) {
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+		/*
+		 * Sort the results into RID order, while the spec states there
+		 * is no order, Windows appears to sort the results by RID and
+		 * so it is possible that there are clients that depend on
+		 * this ordering
+		 */
+		TYPESAFE_QSORT(res, ldb_cnt, compare_msgRid);
+
+		/*
+		 * cache the sorted GUID's
+		 */
+		status = load_guid_cache(cache, d_state, ldb_cnt, res);
+		TALLOC_FREE(res);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+		cache->handle = 0;
+	}
+
+
+	/*
+	 * If the resume handle is out of range we return an empty response
+	 * and invalidate the cache.
+	 *
+	 * From the specification:
+	 * Servers SHOULD validate that EnumerationContext is an expected
+	 * value for the server's implementation. Windows does NOT validate
+	 * the input, though the result of malformed information merely results
+	 * in inconsistent output to the client.
+	 */
+	if (*r->in.resume_handle >= cache->size) {
+		clear_guid_cache(cache);
+		sam = talloc(mem_ctx, struct samr_SamArray);
+		if (!sam) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		sam->entries = NULL;
+		sam->count = 0;
+
+		*r->out.sam = sam;
+		*r->out.resume_handle = 0;
+		return NT_STATUS_OK;
+	}
+
+
+	/*
+	 * Calculate the number of entries to return limit by max_size.
+	 * Note that we use the w2k3 element size value of 54
+	 */
+	max_entries = 1 + (r->in.max_size/SAMR_ENUM_USERS_MULTIPLIER);
+	remaining_entries = cache->size - *r->in.resume_handle;
+	results = MIN(remaining_entries, max_entries);
+
+	/*
+	 * Process the list of result GUID's.
+	 * Read the details of each object and populate the Entries
+	 * for the current level.
+	 */
+	count = 0;
+	resume_handle = *r->in.resume_handle;
+	entries = talloc_array(mem_ctx, struct samr_SamEntry, results);
+	if (entries == NULL) {
+		clear_guid_cache(cache);
+		return NT_STATUS_NO_MEMORY;
+	}
+	for (i = 0; i < results; i++) {
+		struct dom_sid *objectsid;
+		uint32_t rid;
+		struct ldb_result *rec;
+		const uint32_t idx = *r->in.resume_handle + i;
+		int ret;
+		NTSTATUS status;
+		const char *name = NULL;
+		resume_handle++;
+		/*
+		 * Read an object from disk using the GUID as the key
+		 *
+		 * If the object can not be read, or it does not have a SID
+		 * it is ignored.
+		 *
+		 * As a consequence of this, if all the remaining GUID's
+		 * have been deleted an empty result will be returned.
+		 * i.e. even if the previous call returned a non zero
+		 * resume_handle it is possible for no results to be returned.
+		 *
+		 */
+		ret = dsdb_search_by_dn_guid(d_state->sam_ctx,
+					     mem_ctx,
+					     &rec,
+					     &cache->entries[idx],
+					     attrs,
+					     0);
+		if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+			struct GUID_txt_buf guid_buf;
+			DBG_WARNING(
+			    "GUID [%s] not found\n",
+			    GUID_buf_string(&cache->entries[idx], &guid_buf));
+			continue;
+		} else if (ret != LDB_SUCCESS) {
+			clear_guid_cache(cache);
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+
+		objectsid = samdb_result_dom_sid(mem_ctx,
+						 rec->msgs[0],
+						 "objectSID");
+		if (objectsid == NULL) {
+			struct GUID_txt_buf guid_buf;
+			DBG_WARNING(
+			    "objectSID for GUID [%s] not found\n",
+			    GUID_buf_string(&cache->entries[idx], &guid_buf));
+			continue;
+		}
+		status = dom_sid_split_rid(NULL,
+					   objectsid,
+					   NULL,
+					   &rid);
+		if (!NT_STATUS_IS_OK(status)) {
+			struct dom_sid_buf sid_buf;
+			struct GUID_txt_buf guid_buf;
+			DBG_WARNING(
+			    "objectSID [%s] for GUID [%s] invalid\n",
+			    dom_sid_str_buf(objectsid, &sid_buf),
+			    GUID_buf_string(&cache->entries[idx], &guid_buf));
+			continue;
+		}
+
+		entries[count].idx = rid;
+		name = ldb_msg_find_attr_as_string(
+		    rec->msgs[0], "sAMAccountName", "");
+		entries[count].name.string = talloc_strdup(entries, name);
+		count++;
+	}
+
+	sam = talloc(mem_ctx, struct samr_SamArray);
+	if (!sam) {
+		clear_guid_cache(cache);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	sam->entries = entries;
+	sam->count = count;
+
+	*r->out.sam = sam;
+	*r->out.resume_handle = resume_handle;
+	*r->out.num_entries = count;
+
+	/*
+	 * Signal no more results by returning zero resume handle,
+	 * the cache is also cleared at this point
+	 */
+	if (*r->out.resume_handle >= cache->size) {
+		*r->out.resume_handle = 0;
+		clear_guid_cache(cache);
+		return NT_STATUS_OK;
+	}
+	/*
+	 * There are more results to be returned.
+	 */
+	return STATUS_MORE_ENTRIES;
+}
+
+
+/*
+  samr_CreateUser2
+
+  This call uses transactions to ensure we don't get a new conflicting
+  user while we are processing this, and to ensure the user either
+  completely exists, or does not.
+*/
+static NTSTATUS dcesrv_samr_CreateUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				 struct samr_CreateUser2 *r)
+{
+	NTSTATUS status;
+	struct samr_domain_state *d_state;
+	struct samr_account_state *a_state;
+	struct dcesrv_handle *h;
+	struct ldb_dn *dn;
+	struct dom_sid *sid;
+	struct dcesrv_handle *u_handle;
+	const char *account_name;
+
+	ZERO_STRUCTP(r->out.user_handle);
+	*r->out.access_granted = 0;
+	*r->out.rid = 0;
+
+	DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
+
+	d_state = h->data;
+
+	if (d_state->builtin) {
+		DEBUG(5, ("Cannot create a user in the BUILTIN domain\n"));
+		return NT_STATUS_ACCESS_DENIED;
+	} else if (r->in.acct_flags == ACB_DOMTRUST) {
+		/* Domain trust accounts must be created by the LSA calls */
+		return NT_STATUS_ACCESS_DENIED;
+	}
+	account_name = r->in.account_name->string;
+
+	if (account_name == NULL) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	status = dsdb_add_user(d_state->sam_ctx, mem_ctx, account_name, r->in.acct_flags, NULL,
+			       &sid, &dn);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+	a_state = talloc(mem_ctx, struct samr_account_state);
+	if (!a_state) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	a_state->sam_ctx = d_state->sam_ctx;
+	a_state->access_mask = r->in.access_mask;
+	a_state->domain_state = talloc_reference(a_state, d_state);
+	a_state->account_dn = talloc_steal(a_state, dn);
+
+	a_state->account_name = talloc_steal(a_state, account_name);
+	if (!a_state->account_name) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* create the policy handle */
+	u_handle = dcesrv_handle_create(dce_call, SAMR_HANDLE_USER);
+	if (!u_handle) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	u_handle->data = talloc_steal(u_handle, a_state);
+
+	*r->out.user_handle = u_handle->wire_handle;
+	*r->out.access_granted = 0xf07ff; /* TODO: fix access mask calculations */
+
+	*r->out.rid = sid->sub_auths[sid->num_auths-1];
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  samr_CreateUser
+*/
+static NTSTATUS dcesrv_samr_CreateUser(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				struct samr_CreateUser *r)
+{
+	struct samr_CreateUser2 r2;
+	uint32_t access_granted = 0;
+
+
+	/* a simple wrapper around samr_CreateUser2 works nicely */
+
+	r2 = (struct samr_CreateUser2) {
+		.in.domain_handle = r->in.domain_handle,
+		.in.account_name = r->in.account_name,
+		.in.acct_flags = ACB_NORMAL,
+		.in.access_mask = r->in.access_mask,
+		.out.user_handle = r->out.user_handle,
+		.out.access_granted = &access_granted,
+		.out.rid = r->out.rid
+	};
+
+	return dcesrv_samr_CreateUser2(dce_call, mem_ctx, &r2);
+}
+
+struct enum_dom_users_ctx {
+	struct samr_SamEntry *entries;
+	uint32_t num_entries;
+	uint32_t acct_flags;
+	struct dom_sid *domain_sid;
+};
+
+static int user_iterate_callback(struct ldb_request *req,
+				 struct ldb_reply *ares);
+
+/*
+ * Iterate users and add all those that match a domain SID and pass an acct
+ * flags check to an array of SamEntry objects.
+ */
+static int user_iterate_callback(struct ldb_request *req,
+				 struct ldb_reply *ares)
+{
+	struct enum_dom_users_ctx *ac =\
+		talloc_get_type(req->context, struct enum_dom_users_ctx);
+	int ret = LDB_ERR_OPERATIONS_ERROR;
+
+	if (!ares) {
+		return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_request_done(req, ares->error);
+	}
+
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+	{
+		struct ldb_message *msg = ares->message;
+		const struct ldb_val *val;
+		struct samr_SamEntry *ent;
+		struct dom_sid objectsid;
+		uint32_t rid;
+		size_t entries_array_len = 0;
+		NTSTATUS status;
+		ssize_t sid_size;
+
+		if (ac->acct_flags && ((samdb_result_acct_flags(msg, NULL) &
+					ac->acct_flags) == 0)) {
+			ret = LDB_SUCCESS;
+			break;
+		}
+
+		val = ldb_msg_find_ldb_val(msg, "objectSID");
+		if (val == NULL) {
+			DBG_WARNING("objectSID for DN %s not found\n",
+				    ldb_dn_get_linearized(msg->dn));
+			ret = ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
+			break;
+		}
+
+		sid_size = sid_parse(val->data, val->length, &objectsid);
+		if (sid_size == -1) {
+			struct dom_sid_buf sid_buf;
+			DBG_WARNING("objectsid [%s] for DN [%s] invalid\n",
+				    dom_sid_str_buf(&objectsid, &sid_buf),
+				    ldb_dn_get_linearized(msg->dn));
+			ret = ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
+			break;
+		}
+
+		if (!dom_sid_in_domain(ac->domain_sid, &objectsid)) {
+			/* Ignore if user isn't in the domain */
+			ret = LDB_SUCCESS;
+			break;
+		}
+
+		status = dom_sid_split_rid(ares, &objectsid, NULL, &rid);
+		if (!NT_STATUS_IS_OK(status)) {
+			struct dom_sid_buf sid_buf;
+			DBG_WARNING("Couldn't split RID from "
+				    "SID [%s] of DN [%s]\n",
+				    dom_sid_str_buf(&objectsid, &sid_buf),
+				    ldb_dn_get_linearized(msg->dn));
+			ret = ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
+			break;
+		}
+
+		entries_array_len = talloc_array_length(ac->entries);
+		if (ac->num_entries >= entries_array_len) {
+			if (entries_array_len * 2 < entries_array_len) {
+				ret = ldb_request_done(req,
+					LDB_ERR_OPERATIONS_ERROR);
+				break;
+			}
+			ac->entries = talloc_realloc(ac,
+						     ac->entries,
+						     struct samr_SamEntry,
+						     entries_array_len * 2);
+			if (ac->entries == NULL) {
+				ret = ldb_request_done(req,
+					LDB_ERR_OPERATIONS_ERROR);
+				break;
+			}
+		}
+
+		ent = &(ac->entries[ac->num_entries++]);
+		val = ldb_msg_find_ldb_val(msg, "samaccountname");
+		if (val == NULL) {
+			DBG_WARNING("samaccountname attribute not found\n");
+			ret = ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
+			break;
+		}
+		ent->name.string = talloc_steal(ac->entries,
+					        (char *)val->data);
+		ent->idx = rid;
+		ret = LDB_SUCCESS;
+		break;
+	}
+	case LDB_REPLY_DONE:
+	{
+		if (ac->num_entries != 0 &&
+		    ac->num_entries != talloc_array_length(ac->entries)) {
+			ac->entries = talloc_realloc(ac,
+						     ac->entries,
+						     struct samr_SamEntry,
+						     ac->num_entries);
+			if (ac->entries == NULL) {
+				ret = ldb_request_done(req,
+					LDB_ERR_OPERATIONS_ERROR);
+				break;
+			}
+		}
+		ret = ldb_request_done(req, LDB_SUCCESS);
+		break;
+	}
+	case LDB_REPLY_REFERRAL:
+	{
+		ret = LDB_SUCCESS;
+		break;
+	}
+	default:
+		/* Doesn't happen */
+		ret = LDB_ERR_OPERATIONS_ERROR;
+	}
+	TALLOC_FREE(ares);
+
+	return ret;
+}
+
+/*
+ * samr_EnumDomainUsers
+ * The previous implementation did an initial search and stored a list of
+ * matching GUIDs on the connection handle's domain state, then did direct
+ * GUID lookups for each record in a page indexed by resume_handle. That
+ * approach was memory efficient, requiring only 16 bytes per record, but
+ * was too slow for winbind which needs this RPC call for getpwent.
+ *
+ * Now we use an iterate pattern to populate a cached list of the rids and
+ * names for each record. This improves runtime performance but requires
+ * about 200 bytes per record which will mean for a 100k database we use
+ * about 2MB, which is fine. The speedup achieved by this new approach is
+ * around 50%.
+ */
+static NTSTATUS dcesrv_samr_EnumDomainUsers(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct samr_EnumDomainUsers *r)
+{
+	struct dcesrv_handle *h;
+	struct samr_domain_state *d_state;
+	uint32_t results;
+	uint32_t max_entries;
+	uint32_t num_entries;
+	uint32_t remaining_entries;
+	struct samr_SamEntry *entries;
+	const char * const attrs[] = { "objectSid", "sAMAccountName",
+		"userAccountControl", NULL };
+	struct samr_SamArray *sam;
+	struct ldb_request *req;
+
+	*r->out.resume_handle = 0;
+	*r->out.sam = NULL;
+	*r->out.num_entries = 0;
+
+	DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
+
+	d_state = h->data;
+	entries = d_state->domain_users_cached;
+
+	/*
+	 * If the resume_handle is zero, query the database and cache the
+	 * matching entries.
+	 */
+	if (*r->in.resume_handle == 0) {
+		int ret;
+		struct enum_dom_users_ctx *ac;
+		if (entries != NULL) {
+			talloc_free(entries);
+			d_state->domain_users_cached = NULL;
+		}
+
+		ac = talloc(mem_ctx, struct enum_dom_users_ctx);
+		ac->num_entries = 0;
+		ac->domain_sid = d_state->domain_sid;
+		ac->entries = talloc_array(ac,
+					   struct samr_SamEntry,
+					   100);
+		if (ac->entries == NULL) {
+			talloc_free(ac);
+			return NT_STATUS_NO_MEMORY;
+		}
+		ac->acct_flags = r->in.acct_flags;
+
+		ret = ldb_build_search_req(&req,
+					   d_state->sam_ctx,
+					   mem_ctx,
+					   d_state->domain_dn,
+					   LDB_SCOPE_SUBTREE,
+					   "(objectClass=user)",
+					   attrs,
+					   NULL,
+					   ac,
+					   user_iterate_callback,
+					   NULL);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(ac);
+			return dsdb_ldb_err_to_ntstatus(ret);
+		}
+
+		ret = ldb_request(d_state->sam_ctx, req);
+		if (ret != LDB_SUCCESS) {
+			talloc_free(ac);
+			return dsdb_ldb_err_to_ntstatus(ret);
+		}
+
+		ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+		if (ret != LDB_SUCCESS) {
+			return dsdb_ldb_err_to_ntstatus(ret);
+		}
+
+		if (ac->num_entries == 0) {
+			DBG_WARNING("No users in domain %s\n",
+				    ldb_dn_get_linearized(d_state->domain_dn));
+			talloc_free(ac);
+
+			/*
+			 * test_EnumDomainUsers_all() expects that r.out.sam
+			 * should be non-NULL, even if we have no entries.
+			 */
+			sam = talloc_zero(mem_ctx, struct samr_SamArray);
+			if (sam == NULL) {
+				return NT_STATUS_NO_MEMORY;
+			}
+			*r->out.sam = sam;
+
+			return NT_STATUS_OK;
+		}
+
+		entries = talloc_steal(d_state, ac->entries);
+		d_state->domain_users_cached = entries;
+		num_entries = ac->num_entries;
+		talloc_free(ac);
+
+		/*
+		 * Sort the entries into RID order, while the spec states there
+		 * is no order, Windows appears to sort the results by RID and
+		 * so it is possible that there are clients that depend on
+		 * this ordering
+		 */
+		TYPESAFE_QSORT(entries, num_entries, compare_SamEntry);
+	} else {
+		num_entries = talloc_array_length(entries);
+	}
+
+	/*
+	 * If the resume handle is out of range we return an empty response
+	 * and invalidate the cache.
+	 *
+	 * From the specification:
+	 * Servers SHOULD validate that EnumerationContext is an expected
+	 * value for the server's implementation. Windows does NOT validate
+	 * the input, though the result of malformed information merely results
+	 * in inconsistent output to the client.
+	 */
+	if (*r->in.resume_handle >= num_entries) {
+		talloc_free(entries);
+		d_state->domain_users_cached = NULL;
+		sam = talloc(mem_ctx, struct samr_SamArray);
+		if (!sam) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		sam->entries = NULL;
+		sam->count = 0;
+
+		*r->out.sam = sam;
+		*r->out.resume_handle = 0;
+		return NT_STATUS_OK;
+	}
+
+	/*
+	 * Calculate the number of entries to return limit by max_size.
+	 * Note that we use the w2k3 element size value of 54
+	 */
+	max_entries = 1 + (r->in.max_size / SAMR_ENUM_USERS_MULTIPLIER);
+	remaining_entries = num_entries - *r->in.resume_handle;
+	results = MIN(remaining_entries, max_entries);
+
+	sam = talloc(mem_ctx, struct samr_SamArray);
+	if (!sam) {
+		d_state->domain_users_cached = NULL;
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	sam->entries = entries + *r->in.resume_handle;
+	sam->count = results;
+
+	*r->out.sam = sam;
+	*r->out.resume_handle = *r->in.resume_handle + results;
+	*r->out.num_entries = results;
+
+	/*
+	 * Signal no more results by returning zero resume handle,
+	 * the cache is also cleared at this point
+	 */
+	if (*r->out.resume_handle >= num_entries) {
+		*r->out.resume_handle = 0;
+		return NT_STATUS_OK;
+	}
+	/*
+	 * There are more results to be returned.
+	 */
+	return STATUS_MORE_ENTRIES;
+}
+
+
+/*
+  samr_CreateDomAlias
+*/
+static NTSTATUS dcesrv_samr_CreateDomAlias(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct samr_CreateDomAlias *r)
+{
+	struct samr_domain_state *d_state;
+	struct samr_account_state *a_state;
+	struct dcesrv_handle *h;
+	const char *alias_name;
+	struct dom_sid *sid;
+	struct dcesrv_handle *a_handle;
+	struct ldb_dn *dn;
+	NTSTATUS status;
+
+	ZERO_STRUCTP(r->out.alias_handle);
+	*r->out.rid = 0;
+
+	DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
+
+	d_state = h->data;
+
+	if (d_state->builtin) {
+		DEBUG(5, ("Cannot create a domain alias in the BUILTIN domain\n"));
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	alias_name = r->in.alias_name->string;
+
+	if (alias_name == NULL) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	status = dsdb_add_domain_alias(d_state->sam_ctx, mem_ctx, alias_name, &sid, &dn);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	a_state = talloc(mem_ctx, struct samr_account_state);
+	if (!a_state) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	a_state->sam_ctx = d_state->sam_ctx;
+	a_state->access_mask = r->in.access_mask;
+	a_state->domain_state = talloc_reference(a_state, d_state);
+	a_state->account_dn = talloc_steal(a_state, dn);
+
+	a_state->account_name = talloc_steal(a_state, alias_name);
+
+	/* create the policy handle */
+	a_handle = dcesrv_handle_create(dce_call, SAMR_HANDLE_ALIAS);
+	if (a_handle == NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	a_handle->data = talloc_steal(a_handle, a_state);
+
+	*r->out.alias_handle = a_handle->wire_handle;
+
+	*r->out.rid = sid->sub_auths[sid->num_auths-1];
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  samr_EnumDomainAliases
+*/
+static NTSTATUS dcesrv_samr_EnumDomainAliases(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct samr_EnumDomainAliases *r)
+{
+	struct dcesrv_handle *h;
+	struct samr_domain_state *d_state;
+	struct ldb_message **res;
+	int i, ldb_cnt;
+	uint32_t first, count;
+	struct samr_SamEntry *entries;
+	const char * const attrs[] = { "objectSid", "sAMAccountName", NULL };
+	struct samr_SamArray *sam;
+
+	*r->out.resume_handle = 0;
+	*r->out.sam = NULL;
+	*r->out.num_entries = 0;
+
+	DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
+
+	d_state = h->data;
+
+	/* search for all domain aliases in this domain. This could possibly be
+	   cached and resumed based on resume_key */
+	ldb_cnt = samdb_search_domain(d_state->sam_ctx, mem_ctx, NULL,
+				      &res, attrs,
+				      d_state->domain_sid,
+				      "(&(|(grouptype=%d)(grouptype=%d)))"
+				      "(objectclass=group))",
+				      GTYPE_SECURITY_BUILTIN_LOCAL_GROUP,
+				      GTYPE_SECURITY_DOMAIN_LOCAL_GROUP);
+	if (ldb_cnt < 0) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	/* convert to SamEntry format */
+	entries = talloc_array(mem_ctx, struct samr_SamEntry, ldb_cnt);
+	if (!entries) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	count = 0;
+
+	for (i=0;i<ldb_cnt;i++) {
+		struct dom_sid *alias_sid;
+
+		alias_sid = samdb_result_dom_sid(mem_ctx, res[i],
+						 "objectSid");
+
+		if (alias_sid == NULL) {
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+
+		entries[count].idx =
+			alias_sid->sub_auths[alias_sid->num_auths-1];
+		entries[count].name.string =
+			ldb_msg_find_attr_as_string(res[i], "sAMAccountName", "");
+		count += 1;
+	}
+
+	/* sort the results by rid */
+	TYPESAFE_QSORT(entries, count, compare_SamEntry);
+
+	/* find the first entry to return */
+	for (first=0;
+	     first<count && entries[first].idx <= *r->in.resume_handle;
+	     first++) ;
+
+	/* return the rest, limit by max_size. Note that we
+	   use the w2k3 element size value of 54 */
+	*r->out.num_entries = count - first;
+	*r->out.num_entries = MIN(*r->out.num_entries,
+				  1+(r->in.max_size/SAMR_ENUM_USERS_MULTIPLIER));
+
+	sam = talloc(mem_ctx, struct samr_SamArray);
+	if (!sam) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	sam->entries = entries+first;
+	sam->count = *r->out.num_entries;
+
+	*r->out.sam = sam;
+
+	if (first == count) {
+		return NT_STATUS_OK;
+	}
+
+	if (*r->out.num_entries < count - first) {
+		*r->out.resume_handle =
+			entries[first+*r->out.num_entries-1].idx;
+		return STATUS_MORE_ENTRIES;
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  samr_GetAliasMembership
+*/
+static NTSTATUS dcesrv_samr_GetAliasMembership(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct samr_GetAliasMembership *r)
+{
+	struct dcesrv_handle *h;
+	struct samr_domain_state *d_state;
+	char *filter;
+	const char * const attrs[] = { "objectSid", NULL };
+	struct ldb_message **res;
+	uint32_t i;
+	int count = 0;
+
+	DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
+
+	d_state = h->data;
+
+	filter = talloc_asprintf(mem_ctx,
+				 "(&(|(grouptype=%d)(grouptype=%d))"
+				 "(objectclass=group)(|",
+				 GTYPE_SECURITY_BUILTIN_LOCAL_GROUP,
+				 GTYPE_SECURITY_DOMAIN_LOCAL_GROUP);
+	if (filter == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i=0; i<r->in.sids->num_sids; i++) {
+		struct dom_sid_buf buf;
+
+		filter = talloc_asprintf_append(
+			filter,
+			"(member=<SID=%s>)",
+			dom_sid_str_buf(r->in.sids->sids[i].sid, &buf));
+
+		if (filter == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
+	/* Find out if we had at least one valid member SID passed - otherwise
+	 * just skip the search. */
+	if (strstr(filter, "member") != NULL) {
+		count = samdb_search_domain(d_state->sam_ctx, mem_ctx, NULL,
+					    &res, attrs, d_state->domain_sid,
+					    "%s))", filter);
+		if (count < 0) {
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+	}
+
+	r->out.rids->count = 0;
+	r->out.rids->ids = talloc_array(mem_ctx, uint32_t, count);
+	if (r->out.rids->ids == NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	for (i=0; i<count; i++) {
+		struct dom_sid *alias_sid;
+
+		alias_sid = samdb_result_dom_sid(mem_ctx, res[i], "objectSid");
+		if (alias_sid == NULL) {
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+
+		r->out.rids->ids[r->out.rids->count] =
+			alias_sid->sub_auths[alias_sid->num_auths-1];
+		r->out.rids->count += 1;
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  samr_LookupNames
+*/
+static NTSTATUS dcesrv_samr_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				 struct samr_LookupNames *r)
+{
+	struct dcesrv_handle *h;
+	struct samr_domain_state *d_state;
+	uint32_t i, num_mapped;
+	NTSTATUS status = NT_STATUS_OK;
+	const char * const attrs[] = { "sAMAccountType", "objectSid", NULL };
+	int count;
+
+	ZERO_STRUCTP(r->out.rids);
+	ZERO_STRUCTP(r->out.types);
+
+	DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
+
+	d_state = h->data;
+
+	if (r->in.num_names == 0) {
+		return NT_STATUS_OK;
+	}
+
+	r->out.rids->ids = talloc_array(mem_ctx, uint32_t, r->in.num_names);
+	r->out.types->ids = talloc_array(mem_ctx, uint32_t, r->in.num_names);
+	if (!r->out.rids->ids || !r->out.types->ids) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	r->out.rids->count = r->in.num_names;
+	r->out.types->count = r->in.num_names;
+
+	num_mapped = 0;
+
+	for (i=0;i<r->in.num_names;i++) {
+		struct ldb_message **res;
+		struct dom_sid *sid;
+		uint32_t atype, rtype;
+
+		r->out.rids->ids[i] = 0;
+		r->out.types->ids[i] = SID_NAME_UNKNOWN;
+
+		count = gendb_search(d_state->sam_ctx, mem_ctx, d_state->domain_dn, &res, attrs,
+				     "sAMAccountName=%s",
+				     ldb_binary_encode_string(mem_ctx, r->in.names[i].string));
+		if (count != 1) {
+			status = STATUS_SOME_UNMAPPED;
+			continue;
+		}
+
+		sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
+		if (sid == NULL) {
+			status = STATUS_SOME_UNMAPPED;
+			continue;
+		}
+
+		atype = ldb_msg_find_attr_as_uint(res[0], "sAMAccountType", 0);
+		if (atype == 0) {
+			status = STATUS_SOME_UNMAPPED;
+			continue;
+		}
+
+		rtype = ds_atype_map(atype);
+
+		if (rtype == SID_NAME_UNKNOWN) {
+			status = STATUS_SOME_UNMAPPED;
+			continue;
+		}
+
+		r->out.rids->ids[i] = sid->sub_auths[sid->num_auths-1];
+		r->out.types->ids[i] = rtype;
+		num_mapped++;
+	}
+
+	if (num_mapped == 0) {
+		return NT_STATUS_NONE_MAPPED;
+	}
+	return status;
+}
+
+
+/*
+  samr_LookupRids
+*/
+static NTSTATUS dcesrv_samr_LookupRids(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct samr_LookupRids *r)
+{
+	NTSTATUS status;
+	struct dcesrv_handle *h;
+	struct samr_domain_state *d_state;
+	const char **names;
+	struct lsa_String *lsa_names;
+	enum lsa_SidType *ids;
+
+	ZERO_STRUCTP(r->out.names);
+	ZERO_STRUCTP(r->out.types);
+
+	DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
+
+	d_state = h->data;
+
+	if (r->in.num_rids == 0)
+		return NT_STATUS_OK;
+
+	lsa_names = talloc_zero_array(mem_ctx, struct lsa_String, r->in.num_rids);
+	names = talloc_zero_array(mem_ctx, const char *, r->in.num_rids);
+	ids = talloc_zero_array(mem_ctx, enum lsa_SidType, r->in.num_rids);
+
+	if ((lsa_names == NULL) || (names == NULL) || (ids == NULL))
+		return NT_STATUS_NO_MEMORY;
+
+	r->out.names->names = lsa_names;
+	r->out.names->count = r->in.num_rids;
+
+	r->out.types->ids = (uint32_t *) ids;
+	r->out.types->count = r->in.num_rids;
+
+	status = dsdb_lookup_rids(d_state->sam_ctx, mem_ctx, d_state->domain_sid,
+				  r->in.num_rids, r->in.rids, names, ids);
+	if (NT_STATUS_IS_OK(status) || NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED) || NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
+		uint32_t i;
+		for (i = 0; i < r->in.num_rids; i++) {
+			lsa_names[i].string = names[i];
+		}
+	}
+	return status;
+}
+
+
+/*
+  samr_OpenGroup
+*/
+static NTSTATUS dcesrv_samr_OpenGroup(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct samr_OpenGroup *r)
+{
+	struct samr_domain_state *d_state;
+	struct samr_account_state *a_state;
+	struct dcesrv_handle *h;
+	const char *groupname;
+	struct dom_sid *sid;
+	struct ldb_message **msgs;
+	struct dcesrv_handle *g_handle;
+	const char * const attrs[2] = { "sAMAccountName", NULL };
+	int ret;
+
+	ZERO_STRUCTP(r->out.group_handle);
+
+	DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
+
+	d_state = h->data;
+
+	/* form the group SID */
+	sid = dom_sid_add_rid(mem_ctx, d_state->domain_sid, r->in.rid);
+	if (!sid) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* search for the group record */
+	if (d_state->builtin) {
+		ret = gendb_search(d_state->sam_ctx,
+				   mem_ctx, d_state->domain_dn, &msgs, attrs,
+				   "(&(objectSid=%s)(objectClass=group)"
+				   "(groupType=%d))",
+				   ldap_encode_ndr_dom_sid(mem_ctx, sid),
+				   GTYPE_SECURITY_BUILTIN_LOCAL_GROUP);
+	} else {
+		ret = gendb_search(d_state->sam_ctx,
+				   mem_ctx, d_state->domain_dn, &msgs, attrs,
+				   "(&(objectSid=%s)(objectClass=group)"
+				   "(|(groupType=%d)(groupType=%d)))",
+				   ldap_encode_ndr_dom_sid(mem_ctx, sid),
+				   GTYPE_SECURITY_UNIVERSAL_GROUP,
+				   GTYPE_SECURITY_GLOBAL_GROUP);
+	}
+	if (ret == 0) {
+		return NT_STATUS_NO_SUCH_GROUP;
+	}
+	if (ret != 1) {
+		DEBUG(0,("Found %d records matching sid %s\n",
+			 ret, dom_sid_string(mem_ctx, sid)));
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	groupname = ldb_msg_find_attr_as_string(msgs[0], "sAMAccountName", NULL);
+	if (groupname == NULL) {
+		DEBUG(0,("sAMAccountName field missing for sid %s\n",
+			 dom_sid_string(mem_ctx, sid)));
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	a_state = talloc(mem_ctx, struct samr_account_state);
+	if (!a_state) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	a_state->sam_ctx = d_state->sam_ctx;
+	a_state->access_mask = r->in.access_mask;
+	a_state->domain_state = talloc_reference(a_state, d_state);
+	a_state->account_dn = talloc_steal(a_state, msgs[0]->dn);
+	a_state->account_sid = talloc_steal(a_state, sid);
+	a_state->account_name = talloc_strdup(a_state, groupname);
+	if (!a_state->account_name) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* create the policy handle */
+	g_handle = dcesrv_handle_create(dce_call, SAMR_HANDLE_GROUP);
+	if (!g_handle) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	g_handle->data = talloc_steal(g_handle, a_state);
+
+	*r->out.group_handle = g_handle->wire_handle;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  samr_QueryGroupInfo
+*/
+static NTSTATUS dcesrv_samr_QueryGroupInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct samr_QueryGroupInfo *r)
+{
+	struct dcesrv_handle *h;
+	struct samr_account_state *a_state;
+	struct ldb_message *msg, **res;
+	const char * const attrs[4] = { "sAMAccountName", "description",
+					"numMembers", NULL };
+	int ret;
+	union samr_GroupInfo *info;
+
+	*r->out.info = NULL;
+
+	DCESRV_PULL_HANDLE(h, r->in.group_handle, SAMR_HANDLE_GROUP);
+
+	a_state = h->data;
+
+	/* pull all the group attributes */
+	ret = gendb_search_dn(a_state->sam_ctx, mem_ctx,
+			      a_state->account_dn, &res, attrs);
+	if (ret == 0) {
+		return NT_STATUS_NO_SUCH_GROUP;
+	}
+	if (ret != 1) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+	msg = res[0];
+
+	/* allocate the info structure */
+	info = talloc_zero(mem_ctx, union samr_GroupInfo);
+	if (info == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* Fill in the level */
+	switch (r->in.level) {
+	case GROUPINFOALL:
+		QUERY_STRING(msg, all.name,        "sAMAccountName");
+		info->all.attributes = SE_GROUP_DEFAULT_FLAGS; /* Do like w2k3 */
+		QUERY_UINT  (msg, all.num_members,      "numMembers")
+		QUERY_STRING(msg, all.description, "description");
+		break;
+	case GROUPINFONAME:
+		QUERY_STRING(msg, name,            "sAMAccountName");
+		break;
+	case GROUPINFOATTRIBUTES:
+		info->attributes.attributes = SE_GROUP_DEFAULT_FLAGS; /* Do like w2k3 */
+		break;
+	case GROUPINFODESCRIPTION:
+		QUERY_STRING(msg, description, "description");
+		break;
+	case GROUPINFOALL2:
+		QUERY_STRING(msg, all2.name,        "sAMAccountName");
+		info->all.attributes = SE_GROUP_DEFAULT_FLAGS; /* Do like w2k3 */
+		QUERY_UINT  (msg, all2.num_members,      "numMembers")
+		QUERY_STRING(msg, all2.description, "description");
+		break;
+	default:
+		talloc_free(info);
+		return NT_STATUS_INVALID_INFO_CLASS;
+	}
+
+	*r->out.info = info;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  samr_SetGroupInfo
+*/
+static NTSTATUS dcesrv_samr_SetGroupInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				  struct samr_SetGroupInfo *r)
+{
+	struct dcesrv_handle *h;
+	struct samr_account_state *g_state;
+	struct ldb_message *msg;
+	int ret;
+
+	DCESRV_PULL_HANDLE(h, r->in.group_handle, SAMR_HANDLE_GROUP);
+
+	g_state = h->data;
+
+	msg = ldb_msg_new(mem_ctx);
+	if (msg == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	msg->dn = ldb_dn_copy(mem_ctx, g_state->account_dn);
+	if (!msg->dn) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	switch (r->in.level) {
+	case GROUPINFODESCRIPTION:
+		SET_STRING(msg, description,         "description");
+		break;
+	case GROUPINFONAME:
+		/* On W2k3 this does not change the name, it changes the
+		 * sAMAccountName attribute */
+		SET_STRING(msg, name,                "sAMAccountName");
+		break;
+	case GROUPINFOATTRIBUTES:
+		/* This does not do anything obviously visible in W2k3 LDAP */
+		return NT_STATUS_OK;
+	default:
+		return NT_STATUS_INVALID_INFO_CLASS;
+	}
+
+	/* modify the samdb record */
+	ret = ldb_modify(g_state->sam_ctx, msg);
+	if (ret != LDB_SUCCESS) {
+		return dsdb_ldb_err_to_ntstatus(ret);
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  samr_AddGroupMember
+*/
+static NTSTATUS dcesrv_samr_AddGroupMember(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct samr_AddGroupMember *r)
+{
+	struct dcesrv_handle *h;
+	struct samr_account_state *a_state;
+	struct samr_domain_state *d_state;
+	struct ldb_message *mod;
+	struct dom_sid *membersid;
+	const char *memberdn;
+	struct ldb_result *res;
+	const char * const attrs[] = { NULL };
+	int ret;
+
+	DCESRV_PULL_HANDLE(h, r->in.group_handle, SAMR_HANDLE_GROUP);
+
+	a_state = h->data;
+	d_state = a_state->domain_state;
+
+	membersid = dom_sid_add_rid(mem_ctx, d_state->domain_sid, r->in.rid);
+	if (membersid == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* according to MS-SAMR 3.1.5.8.2 all type of accounts are accepted */
+	ret = ldb_search(d_state->sam_ctx, mem_ctx, &res,
+			 d_state->domain_dn, LDB_SCOPE_SUBTREE, attrs,
+			 "(objectSid=%s)",
+			 ldap_encode_ndr_dom_sid(mem_ctx, membersid));
+
+	if (ret != LDB_SUCCESS) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	if (res->count == 0) {
+		return NT_STATUS_NO_SUCH_USER;
+	}
+
+	if (res->count > 1) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	memberdn = ldb_dn_alloc_linearized(mem_ctx, res->msgs[0]->dn);
+
+	if (memberdn == NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	mod = ldb_msg_new(mem_ctx);
+	if (mod == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	mod->dn = talloc_reference(mem_ctx, a_state->account_dn);
+
+	ret = samdb_msg_add_addval(d_state->sam_ctx, mem_ctx, mod, "member",
+								memberdn);
+	if (ret != LDB_SUCCESS) {
+		return dsdb_ldb_err_to_ntstatus(ret);
+	}
+
+	ret = ldb_modify(a_state->sam_ctx, mod);
+	switch (ret) {
+	case LDB_SUCCESS:
+		return NT_STATUS_OK;
+	case LDB_ERR_ENTRY_ALREADY_EXISTS:
+		return NT_STATUS_MEMBER_IN_GROUP;
+	case LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS:
+		return NT_STATUS_ACCESS_DENIED;
+	default:
+		return dsdb_ldb_err_to_ntstatus(ret);
+	}
+}
+
+
+/*
+  samr_DeleteDomainGroup
+*/
+static NTSTATUS dcesrv_samr_DeleteDomainGroup(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct samr_DeleteDomainGroup *r)
+{
+	struct dcesrv_handle *h;
+	struct samr_account_state *a_state;
+	int ret;
+
+        *r->out.group_handle = *r->in.group_handle;
+
+	DCESRV_PULL_HANDLE(h, r->in.group_handle, SAMR_HANDLE_GROUP);
+
+	a_state = h->data;
+
+	ret = ldb_delete(a_state->sam_ctx, a_state->account_dn);
+	if (ret != LDB_SUCCESS) {
+		return dsdb_ldb_err_to_ntstatus(ret);
+	}
+
+	talloc_free(h);
+	ZERO_STRUCTP(r->out.group_handle);
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  samr_DeleteGroupMember
+*/
+static NTSTATUS dcesrv_samr_DeleteGroupMember(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct samr_DeleteGroupMember *r)
+{
+	struct dcesrv_handle *h;
+	struct samr_account_state *a_state;
+	struct samr_domain_state *d_state;
+	struct ldb_message *mod;
+	struct dom_sid *membersid;
+	const char *memberdn;
+	struct ldb_result *res;
+	const char * const attrs[] = { NULL };
+	int ret;
+
+	DCESRV_PULL_HANDLE(h, r->in.group_handle, SAMR_HANDLE_GROUP);
+
+	a_state = h->data;
+	d_state = a_state->domain_state;
+
+	membersid = dom_sid_add_rid(mem_ctx, d_state->domain_sid, r->in.rid);
+	if (membersid == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* according to MS-SAMR 3.1.5.8.2 all type of accounts are accepted */
+	ret = ldb_search(d_state->sam_ctx, mem_ctx, &res,
+			 d_state->domain_dn, LDB_SCOPE_SUBTREE, attrs,
+			 "(objectSid=%s)",
+			 ldap_encode_ndr_dom_sid(mem_ctx, membersid));
+
+	if (ret != LDB_SUCCESS) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	if (res->count == 0) {
+		return NT_STATUS_NO_SUCH_USER;
+	}
+
+	if (res->count > 1) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	memberdn = ldb_dn_alloc_linearized(mem_ctx, res->msgs[0]->dn);
+
+	if (memberdn == NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	mod = ldb_msg_new(mem_ctx);
+	if (mod == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	mod->dn = talloc_reference(mem_ctx, a_state->account_dn);
+
+	ret = samdb_msg_add_delval(d_state->sam_ctx, mem_ctx, mod, "member",
+								memberdn);
+	if (ret != LDB_SUCCESS) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ret = ldb_modify(a_state->sam_ctx, mod);
+	switch (ret) {
+	case LDB_SUCCESS:
+		return NT_STATUS_OK;
+	case LDB_ERR_UNWILLING_TO_PERFORM:
+	case LDB_ERR_NO_SUCH_ATTRIBUTE:
+		return NT_STATUS_MEMBER_NOT_IN_GROUP;
+	case LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS:
+		return NT_STATUS_ACCESS_DENIED;
+	default:
+		return dsdb_ldb_err_to_ntstatus(ret);
+	}
+}
+
+
+/*
+  samr_QueryGroupMember
+*/
+static NTSTATUS dcesrv_samr_QueryGroupMember(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				      struct samr_QueryGroupMember *r)
+{
+	struct dcesrv_handle *h;
+	struct samr_account_state *a_state;
+	struct samr_domain_state *d_state;
+	struct samr_RidAttrArray *array;
+	unsigned int i, num_members;
+	struct dom_sid *members;
+	NTSTATUS status;
+
+	DCESRV_PULL_HANDLE(h, r->in.group_handle, SAMR_HANDLE_GROUP);
+
+	a_state = h->data;
+	d_state = a_state->domain_state;
+
+	status = dsdb_enum_group_mem(d_state->sam_ctx, mem_ctx,
+				     a_state->account_dn, &members,
+				     &num_members);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	array = talloc_zero(mem_ctx, struct samr_RidAttrArray);
+	if (array == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (num_members == 0) {
+		*r->out.rids = array;
+
+		return NT_STATUS_OK;
+	}
+
+	array->rids = talloc_array(array, uint32_t, num_members);
+	if (array->rids == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	array->attributes = talloc_array(array, uint32_t, num_members);
+	if (array->attributes == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	array->count = 0;
+	for (i=0; i<num_members; i++) {
+		if (!dom_sid_in_domain(d_state->domain_sid, &members[i])) {
+			continue;
+		}
+
+		status = dom_sid_split_rid(NULL, &members[i], NULL,
+					   &array->rids[array->count]);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+
+		array->attributes[array->count] = SE_GROUP_DEFAULT_FLAGS;
+		array->count++;
+	}
+
+	*r->out.rids = array;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  samr_SetMemberAttributesOfGroup
+*/
+static NTSTATUS dcesrv_samr_SetMemberAttributesOfGroup(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct samr_SetMemberAttributesOfGroup *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  samr_OpenAlias
+*/
+static NTSTATUS dcesrv_samr_OpenAlias(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct samr_OpenAlias *r)
+{
+	struct samr_domain_state *d_state;
+	struct samr_account_state *a_state;
+	struct dcesrv_handle *h;
+	const char *alias_name;
+	struct dom_sid *sid;
+	struct ldb_message **msgs;
+	struct dcesrv_handle *g_handle;
+	const char * const attrs[2] = { "sAMAccountName", NULL };
+	int ret;
+
+	ZERO_STRUCTP(r->out.alias_handle);
+
+	DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
+
+	d_state = h->data;
+
+	/* form the alias SID */
+	sid = dom_sid_add_rid(mem_ctx, d_state->domain_sid, r->in.rid);
+	if (sid == NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	/* search for the group record */
+	ret = gendb_search(d_state->sam_ctx, mem_ctx, NULL, &msgs, attrs,
+			   "(&(objectSid=%s)(objectclass=group)"
+			   "(|(grouptype=%d)(grouptype=%d)))",
+			   ldap_encode_ndr_dom_sid(mem_ctx, sid),
+			   GTYPE_SECURITY_BUILTIN_LOCAL_GROUP,
+			   GTYPE_SECURITY_DOMAIN_LOCAL_GROUP);
+	if (ret == 0) {
+		return NT_STATUS_NO_SUCH_ALIAS;
+	}
+	if (ret != 1) {
+		DEBUG(0,("Found %d records matching sid %s\n",
+			 ret, dom_sid_string(mem_ctx, sid)));
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	alias_name = ldb_msg_find_attr_as_string(msgs[0], "sAMAccountName", NULL);
+	if (alias_name == NULL) {
+		DEBUG(0,("sAMAccountName field missing for sid %s\n",
+			 dom_sid_string(mem_ctx, sid)));
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	a_state = talloc(mem_ctx, struct samr_account_state);
+	if (!a_state) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	a_state->sam_ctx = d_state->sam_ctx;
+	a_state->access_mask = r->in.access_mask;
+	a_state->domain_state = talloc_reference(a_state, d_state);
+	a_state->account_dn = talloc_steal(a_state, msgs[0]->dn);
+	a_state->account_sid = talloc_steal(a_state, sid);
+	a_state->account_name = talloc_strdup(a_state, alias_name);
+	if (!a_state->account_name) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* create the policy handle */
+	g_handle = dcesrv_handle_create(dce_call, SAMR_HANDLE_ALIAS);
+	if (!g_handle) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	g_handle->data = talloc_steal(g_handle, a_state);
+
+	*r->out.alias_handle = g_handle->wire_handle;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  samr_QueryAliasInfo
+*/
+static NTSTATUS dcesrv_samr_QueryAliasInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct samr_QueryAliasInfo *r)
+{
+	struct dcesrv_handle *h;
+	struct samr_account_state *a_state;
+	struct ldb_message *msg, **res;
+	const char * const attrs[4] = { "sAMAccountName", "description",
+					"numMembers", NULL };
+	int ret;
+	union samr_AliasInfo *info;
+
+	*r->out.info = NULL;
+
+	DCESRV_PULL_HANDLE(h, r->in.alias_handle, SAMR_HANDLE_ALIAS);
+
+	a_state = h->data;
+
+	/* pull all the alias attributes */
+	ret = gendb_search_dn(a_state->sam_ctx, mem_ctx,
+			      a_state->account_dn, &res, attrs);
+	if (ret == 0) {
+		return NT_STATUS_NO_SUCH_ALIAS;
+	}
+	if (ret != 1) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+	msg = res[0];
+
+	/* allocate the info structure */
+	info = talloc_zero(mem_ctx, union samr_AliasInfo);
+	if (info == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	switch(r->in.level) {
+	case ALIASINFOALL:
+		QUERY_STRING(msg, all.name, "sAMAccountName");
+		QUERY_UINT  (msg, all.num_members, "numMembers");
+		QUERY_STRING(msg, all.description, "description");
+		break;
+	case ALIASINFONAME:
+		QUERY_STRING(msg, name, "sAMAccountName");
+		break;
+	case ALIASINFODESCRIPTION:
+		QUERY_STRING(msg, description, "description");
+		break;
+	default:
+		talloc_free(info);
+		return NT_STATUS_INVALID_INFO_CLASS;
+	}
+
+	*r->out.info = info;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  samr_SetAliasInfo
+*/
+static NTSTATUS dcesrv_samr_SetAliasInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct samr_SetAliasInfo *r)
+{
+	struct dcesrv_handle *h;
+	struct samr_account_state *a_state;
+	struct ldb_message *msg;
+	int ret;
+
+	DCESRV_PULL_HANDLE(h, r->in.alias_handle, SAMR_HANDLE_ALIAS);
+
+	a_state = h->data;
+
+	msg = ldb_msg_new(mem_ctx);
+	if (msg == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	msg->dn = ldb_dn_copy(mem_ctx, a_state->account_dn);
+	if (!msg->dn) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	switch (r->in.level) {
+	case ALIASINFODESCRIPTION:
+		SET_STRING(msg, description,         "description");
+		break;
+	case ALIASINFONAME:
+		/* On W2k3 this does not change the name, it changes the
+		 * sAMAccountName attribute */
+		SET_STRING(msg, name,                "sAMAccountName");
+		break;
+	default:
+		return NT_STATUS_INVALID_INFO_CLASS;
+	}
+
+	/* modify the samdb record */
+	ret = ldb_modify(a_state->sam_ctx, msg);
+	if (ret != LDB_SUCCESS) {
+		return dsdb_ldb_err_to_ntstatus(ret);
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  samr_DeleteDomAlias
+*/
+static NTSTATUS dcesrv_samr_DeleteDomAlias(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct samr_DeleteDomAlias *r)
+{
+	struct dcesrv_handle *h;
+	struct samr_account_state *a_state;
+	int ret;
+
+        *r->out.alias_handle = *r->in.alias_handle;
+
+	DCESRV_PULL_HANDLE(h, r->in.alias_handle, SAMR_HANDLE_ALIAS);
+
+	a_state = h->data;
+
+	ret = ldb_delete(a_state->sam_ctx, a_state->account_dn);
+	if (ret != LDB_SUCCESS) {
+		return dsdb_ldb_err_to_ntstatus(ret);
+	}
+
+	talloc_free(h);
+	ZERO_STRUCTP(r->out.alias_handle);
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  samr_AddAliasMember
+*/
+static NTSTATUS dcesrv_samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct samr_AddAliasMember *r)
+{
+	struct dcesrv_handle *h;
+	struct samr_account_state *a_state;
+	struct samr_domain_state *d_state;
+	struct ldb_message *mod;
+	struct ldb_message **msgs;
+	const char * const attrs[] = { NULL };
+	struct ldb_dn *memberdn = NULL;
+	int ret;
+	NTSTATUS status;
+
+	DCESRV_PULL_HANDLE(h, r->in.alias_handle, SAMR_HANDLE_ALIAS);
+
+	a_state = h->data;
+	d_state = a_state->domain_state;
+
+	ret = gendb_search(d_state->sam_ctx, mem_ctx, NULL,
+			   &msgs, attrs, "(objectsid=%s)",
+			   ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid));
+
+	if (ret == 1) {
+		memberdn = msgs[0]->dn;
+	} else if (ret == 0) {
+		status = samdb_create_foreign_security_principal(
+			d_state->sam_ctx, mem_ctx, r->in.sid, &memberdn);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+	} else {
+		DEBUG(0,("Found %d records matching sid %s\n",
+			 ret, dom_sid_string(mem_ctx, r->in.sid)));
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	if (memberdn == NULL) {
+		DEBUG(0, ("Could not find memberdn\n"));
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	mod = ldb_msg_new(mem_ctx);
+	if (mod == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	mod->dn = talloc_reference(mem_ctx, a_state->account_dn);
+
+	ret = samdb_msg_add_addval(d_state->sam_ctx, mem_ctx, mod, "member",
+				 ldb_dn_alloc_linearized(mem_ctx, memberdn));
+	if (ret != LDB_SUCCESS) {
+		return dsdb_ldb_err_to_ntstatus(ret);
+	}
+
+	ret = ldb_modify(a_state->sam_ctx, mod);
+	switch (ret) {
+	case LDB_SUCCESS:
+		return NT_STATUS_OK;
+	case LDB_ERR_ENTRY_ALREADY_EXISTS:
+		return NT_STATUS_MEMBER_IN_GROUP;
+	case LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS:
+		return NT_STATUS_ACCESS_DENIED;
+	default:
+		return dsdb_ldb_err_to_ntstatus(ret);
+	}
+}
+
+
+/*
+  samr_DeleteAliasMember
+*/
+static NTSTATUS dcesrv_samr_DeleteAliasMember(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct samr_DeleteAliasMember *r)
+{
+	struct dcesrv_handle *h;
+	struct samr_account_state *a_state;
+	struct samr_domain_state *d_state;
+	struct ldb_message *mod;
+	const char *memberdn;
+	int ret;
+
+	DCESRV_PULL_HANDLE(h, r->in.alias_handle, SAMR_HANDLE_ALIAS);
+
+	a_state = h->data;
+	d_state = a_state->domain_state;
+
+	memberdn = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL,
+				       "distinguishedName", "(objectSid=%s)",
+				       ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid));
+	if (memberdn == NULL) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	mod = ldb_msg_new(mem_ctx);
+	if (mod == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	mod->dn = talloc_reference(mem_ctx, a_state->account_dn);
+
+	ret = samdb_msg_add_delval(d_state->sam_ctx, mem_ctx, mod, "member",
+								 memberdn);
+	if (ret != LDB_SUCCESS) {
+		return dsdb_ldb_err_to_ntstatus(ret);
+	}
+
+	ret = ldb_modify(a_state->sam_ctx, mod);
+	switch (ret) {
+	case LDB_SUCCESS:
+		return NT_STATUS_OK;
+	case LDB_ERR_UNWILLING_TO_PERFORM:
+		return NT_STATUS_MEMBER_NOT_IN_GROUP;
+	case LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS:
+		return NT_STATUS_ACCESS_DENIED;
+	default:
+		return dsdb_ldb_err_to_ntstatus(ret);
+	}
+}
+
+
+/*
+  samr_GetMembersInAlias
+*/
+static NTSTATUS dcesrv_samr_GetMembersInAlias(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct samr_GetMembersInAlias *r)
+{
+	struct dcesrv_handle *h;
+	struct samr_account_state *a_state;
+	struct samr_domain_state *d_state;
+	struct lsa_SidPtr *array;
+	unsigned int i, num_members;
+	struct dom_sid *members;
+	NTSTATUS status;
+
+	DCESRV_PULL_HANDLE(h, r->in.alias_handle, SAMR_HANDLE_ALIAS);
+
+	a_state = h->data;
+	d_state = a_state->domain_state;
+
+	status = dsdb_enum_group_mem(d_state->sam_ctx, mem_ctx,
+				     a_state->account_dn, &members,
+				     &num_members);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (num_members == 0) {
+		r->out.sids->sids = NULL;
+
+		return NT_STATUS_OK;
+	}
+
+	array = talloc_array(mem_ctx, struct lsa_SidPtr, num_members);
+	if (array == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i=0; i<num_members; i++) {
+		array[i].sid = &members[i];
+	}
+
+	r->out.sids->num_sids = num_members;
+	r->out.sids->sids = array;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  samr_OpenUser
+*/
+static NTSTATUS dcesrv_samr_OpenUser(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+			      struct samr_OpenUser *r)
+{
+	struct samr_domain_state *d_state;
+	struct samr_account_state *a_state;
+	struct dcesrv_handle *h;
+	const char *account_name;
+	struct dom_sid *sid;
+	struct ldb_message **msgs;
+	struct dcesrv_handle *u_handle;
+	const char * const attrs[2] = { "sAMAccountName", NULL };
+	int ret;
+
+	ZERO_STRUCTP(r->out.user_handle);
+
+	DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
+
+	d_state = h->data;
+
+	/* form the users SID */
+	sid = dom_sid_add_rid(mem_ctx, d_state->domain_sid, r->in.rid);
+	if (!sid) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* search for the user record */
+	ret = gendb_search(d_state->sam_ctx,
+			   mem_ctx, d_state->domain_dn, &msgs, attrs,
+			   "(&(objectSid=%s)(objectclass=user))",
+			   ldap_encode_ndr_dom_sid(mem_ctx, sid));
+	if (ret == 0) {
+		return NT_STATUS_NO_SUCH_USER;
+	}
+	if (ret != 1) {
+		DEBUG(0,("Found %d records matching sid %s\n", ret,
+			 dom_sid_string(mem_ctx, sid)));
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	account_name = ldb_msg_find_attr_as_string(msgs[0], "sAMAccountName", NULL);
+	if (account_name == NULL) {
+		DEBUG(0,("sAMAccountName field missing for sid %s\n",
+			 dom_sid_string(mem_ctx, sid)));
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	a_state = talloc(mem_ctx, struct samr_account_state);
+	if (!a_state) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	a_state->sam_ctx = d_state->sam_ctx;
+	a_state->access_mask = r->in.access_mask;
+	a_state->domain_state = talloc_reference(a_state, d_state);
+	a_state->account_dn = talloc_steal(a_state, msgs[0]->dn);
+	a_state->account_sid = talloc_steal(a_state, sid);
+	a_state->account_name = talloc_strdup(a_state, account_name);
+	if (!a_state->account_name) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* create the policy handle */
+	u_handle = dcesrv_handle_create(dce_call, SAMR_HANDLE_USER);
+	if (!u_handle) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	u_handle->data = talloc_steal(u_handle, a_state);
+
+	*r->out.user_handle = u_handle->wire_handle;
+
+	return NT_STATUS_OK;
+
+}
+
+
+/*
+  samr_DeleteUser
+*/
+static NTSTATUS dcesrv_samr_DeleteUser(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				struct samr_DeleteUser *r)
+{
+	struct dcesrv_handle *h;
+	struct samr_account_state *a_state;
+	int ret;
+
+	*r->out.user_handle = *r->in.user_handle;
+
+	DCESRV_PULL_HANDLE(h, r->in.user_handle, SAMR_HANDLE_USER);
+
+	a_state = h->data;
+
+	ret = ldb_delete(a_state->sam_ctx, a_state->account_dn);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(1, ("Failed to delete user: %s: %s\n",
+			  ldb_dn_get_linearized(a_state->account_dn),
+			  ldb_errstring(a_state->sam_ctx)));
+		return dsdb_ldb_err_to_ntstatus(ret);
+	}
+
+	talloc_free(h);
+	ZERO_STRUCTP(r->out.user_handle);
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  samr_QueryUserInfo
+*/
+static NTSTATUS dcesrv_samr_QueryUserInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				   struct samr_QueryUserInfo *r)
+{
+	struct dcesrv_handle *h;
+	struct samr_account_state *a_state;
+	struct ldb_message *msg, **res;
+	int ret;
+	struct ldb_context *sam_ctx;
+
+	const char * const *attrs = NULL;
+	union samr_UserInfo *info;
+
+	NTSTATUS status;
+
+	*r->out.info = NULL;
+
+	DCESRV_PULL_HANDLE(h, r->in.user_handle, SAMR_HANDLE_USER);
+
+	a_state = h->data;
+	sam_ctx = a_state->sam_ctx;
+
+	/* fill in the reply */
+	switch (r->in.level) {
+	case 1:
+	{
+		static const char * const attrs2[] = {"sAMAccountName",
+						      "displayName",
+						      "primaryGroupID",
+						      "description",
+						      "comment",
+						      NULL};
+		attrs = attrs2;
+		break;
+	}
+	case 2:
+	{
+		static const char * const attrs2[] = {"comment",
+						      "countryCode",
+						      "codePage",
+						      NULL};
+		attrs = attrs2;
+		break;
+	}
+	case 3:
+	{
+		static const char * const attrs2[] = {"sAMAccountName",
+						      "displayName",
+						      "objectSid",
+						      "primaryGroupID",
+						      "homeDirectory",
+						      "homeDrive",
+						      "scriptPath",
+						      "profilePath",
+						      "userWorkstations",
+						      "lastLogon",
+						      "lastLogoff",
+						      "pwdLastSet",
+						      "msDS-UserPasswordExpiryTimeComputed",
+						      "logonHours",
+						      "badPwdCount",
+						      "badPasswordTime",
+						      "logonCount",
+						      "userAccountControl",
+						      "msDS-User-Account-Control-Computed",
+						      NULL};
+		attrs = attrs2;
+		break;
+	}
+	case 4:
+	{
+		static const char * const attrs2[] = {"logonHours",
+						      NULL};
+		attrs = attrs2;
+		break;
+	}
+	case 5:
+	{
+		static const char * const attrs2[] = {"sAMAccountName",
+						      "displayName",
+						      "objectSid",
+						      "primaryGroupID",
+						      "homeDirectory",
+						      "homeDrive",
+						      "scriptPath",
+						      "profilePath",
+						      "description",
+						      "userWorkstations",
+						      "lastLogon",
+						      "lastLogoff",
+						      "logonHours",
+						      "badPwdCount",
+						      "badPasswordTime",
+						      "logonCount",
+						      "pwdLastSet",
+						      "msDS-ResultantPSO",
+						      "msDS-UserPasswordExpiryTimeComputed",
+						      "accountExpires",
+						      "userAccountControl",
+						      "msDS-User-Account-Control-Computed",
+						      NULL};
+		attrs = attrs2;
+		break;
+	}
+	case 6:
+	{
+		static const char * const attrs2[] = {"sAMAccountName",
+						      "displayName",
+						      NULL};
+		attrs = attrs2;
+		break;
+	}
+	case 7:
+	{
+		static const char * const attrs2[] = {"sAMAccountName",
+						      NULL};
+		attrs = attrs2;
+		break;
+	}
+	case 8:
+	{
+		static const char * const attrs2[] = {"displayName",
+						      NULL};
+		attrs = attrs2;
+		break;
+	}
+	case 9:
+	{
+		static const char * const attrs2[] = {"primaryGroupID",
+						      NULL};
+		attrs = attrs2;
+		break;
+	}
+	case 10:
+	{
+		static const char * const attrs2[] = {"homeDirectory",
+						      "homeDrive",
+						      NULL};
+		attrs = attrs2;
+		break;
+	}
+	case 11:
+	{
+		static const char * const attrs2[] = {"scriptPath",
+						      NULL};
+		attrs = attrs2;
+		break;
+	}
+	case 12:
+	{
+		static const char * const attrs2[] = {"profilePath",
+						      NULL};
+		attrs = attrs2;
+		break;
+	}
+	case 13:
+	{
+		static const char * const attrs2[] = {"description",
+						      NULL};
+		attrs = attrs2;
+		break;
+	}
+	case 14:
+	{
+		static const char * const attrs2[] = {"userWorkstations",
+						      NULL};
+		attrs = attrs2;
+		break;
+	}
+	case 16:
+	{
+		static const char * const attrs2[] = {"userAccountControl",
+						      "msDS-User-Account-Control-Computed",
+						      "pwdLastSet",
+						      "msDS-UserPasswordExpiryTimeComputed",
+						      NULL};
+		attrs = attrs2;
+		break;
+	}
+	case 17:
+	{
+		static const char * const attrs2[] = {"accountExpires",
+						      NULL};
+		attrs = attrs2;
+		break;
+	}
+	case 18:
+	{
+		return NT_STATUS_NOT_SUPPORTED;
+	}
+	case 20:
+	{
+		static const char * const attrs2[] = {"userParameters",
+						      NULL};
+		attrs = attrs2;
+		break;
+	}
+	case 21:
+	{
+		static const char * const attrs2[] = {"lastLogon",
+						      "lastLogoff",
+						      "pwdLastSet",
+						      "msDS-ResultantPSO",
+						      "msDS-UserPasswordExpiryTimeComputed",
+						      "accountExpires",
+						      "sAMAccountName",
+						      "displayName",
+						      "homeDirectory",
+						      "homeDrive",
+						      "scriptPath",
+						      "profilePath",
+						      "description",
+						      "userWorkstations",
+						      "comment",
+						      "userParameters",
+						      "objectSid",
+						      "primaryGroupID",
+						      "userAccountControl",
+						      "msDS-User-Account-Control-Computed",
+						      "logonHours",
+						      "badPwdCount",
+						      "badPasswordTime",
+						      "logonCount",
+						      "countryCode",
+						      "codePage",
+						      NULL};
+		attrs = attrs2;
+		break;
+	}
+	case 23:
+	case 24:
+	case 25:
+	case 26:
+	{
+		return NT_STATUS_NOT_SUPPORTED;
+	}
+	default:
+	{
+		return NT_STATUS_INVALID_INFO_CLASS;
+	}
+	}
+
+	/* pull all the user attributes */
+	ret = gendb_search_dn(a_state->sam_ctx, mem_ctx,
+			      a_state->account_dn, &res, attrs);
+	if (ret == 0) {
+		return NT_STATUS_NO_SUCH_USER;
+	}
+	if (ret != 1) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+	msg = res[0];
+
+	/* allocate the info structure */
+	info = talloc_zero(mem_ctx, union samr_UserInfo);
+	if (info == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* fill in the reply */
+	switch (r->in.level) {
+	case 1:
+		QUERY_STRING(msg, info1.account_name,          "sAMAccountName");
+		QUERY_STRING(msg, info1.full_name,             "displayName");
+		QUERY_UINT  (msg, info1.primary_gid,           "primaryGroupID");
+		QUERY_STRING(msg, info1.description,           "description");
+		QUERY_STRING(msg, info1.comment,               "comment");
+		break;
+
+	case 2:
+		QUERY_STRING(msg, info2.comment,               "comment");
+		QUERY_UINT  (msg, info2.country_code,          "countryCode");
+		QUERY_UINT  (msg, info2.code_page,             "codePage");
+		break;
+
+	case 3:
+		QUERY_STRING(msg, info3.account_name,          "sAMAccountName");
+		QUERY_STRING(msg, info3.full_name,             "displayName");
+		QUERY_RID   (msg, info3.rid,                   "objectSid");
+		QUERY_UINT  (msg, info3.primary_gid,           "primaryGroupID");
+		QUERY_STRING(msg, info3.home_directory,        "homeDirectory");
+		QUERY_STRING(msg, info3.home_drive,            "homeDrive");
+		QUERY_STRING(msg, info3.logon_script,          "scriptPath");
+		QUERY_STRING(msg, info3.profile_path,          "profilePath");
+		QUERY_STRING(msg, info3.workstations,          "userWorkstations");
+		QUERY_UINT64(msg, info3.last_logon,            "lastLogon");
+		QUERY_UINT64(msg, info3.last_logoff,           "lastLogoff");
+		QUERY_UINT64(msg, info3.last_password_change,  "pwdLastSet");
+		QUERY_APASSC(msg, info3.allow_password_change, "pwdLastSet");
+		QUERY_UINT64(msg, info3.force_password_change, "msDS-UserPasswordExpiryTimeComputed");
+		QUERY_LHOURS(msg, info3.logon_hours,           "logonHours");
+		/* level 3 gives the raw badPwdCount value */
+		QUERY_UINT  (msg, info3.bad_password_count,    "badPwdCount");
+		QUERY_UINT  (msg, info3.logon_count,           "logonCount");
+		QUERY_AFLAGS(msg, info3.acct_flags,            "msDS-User-Account-Control-Computed");
+		break;
+
+	case 4:
+		QUERY_LHOURS(msg, info4.logon_hours,           "logonHours");
+		break;
+
+	case 5:
+		QUERY_STRING(msg, info5.account_name,          "sAMAccountName");
+		QUERY_STRING(msg, info5.full_name,             "displayName");
+		QUERY_RID   (msg, info5.rid,                   "objectSid");
+		QUERY_UINT  (msg, info5.primary_gid,           "primaryGroupID");
+		QUERY_STRING(msg, info5.home_directory,        "homeDirectory");
+		QUERY_STRING(msg, info5.home_drive,            "homeDrive");
+		QUERY_STRING(msg, info5.logon_script,          "scriptPath");
+		QUERY_STRING(msg, info5.profile_path,          "profilePath");
+		QUERY_STRING(msg, info5.description,           "description");
+		QUERY_STRING(msg, info5.workstations,          "userWorkstations");
+		QUERY_UINT64(msg, info5.last_logon,            "lastLogon");
+		QUERY_UINT64(msg, info5.last_logoff,           "lastLogoff");
+		QUERY_LHOURS(msg, info5.logon_hours,           "logonHours");
+		QUERY_BPWDCT(msg, info5.bad_password_count,    "badPwdCount");
+		QUERY_UINT  (msg, info5.logon_count,           "logonCount");
+		QUERY_UINT64(msg, info5.last_password_change,  "pwdLastSet");
+		QUERY_UINT64(msg, info5.acct_expiry,           "accountExpires");
+		QUERY_AFLAGS(msg, info5.acct_flags,            "msDS-User-Account-Control-Computed");
+		break;
+
+	case 6:
+		QUERY_STRING(msg, info6.account_name,   "sAMAccountName");
+		QUERY_STRING(msg, info6.full_name,      "displayName");
+		break;
+
+	case 7:
+		QUERY_STRING(msg, info7.account_name,   "sAMAccountName");
+		break;
+
+	case 8:
+		QUERY_STRING(msg, info8.full_name,      "displayName");
+		break;
+
+	case 9:
+		QUERY_UINT  (msg, info9.primary_gid,    "primaryGroupID");
+		break;
+
+	case 10:
+		QUERY_STRING(msg, info10.home_directory,"homeDirectory");
+		QUERY_STRING(msg, info10.home_drive,    "homeDrive");
+		break;
+
+	case 11:
+		QUERY_STRING(msg, info11.logon_script,  "scriptPath");
+		break;
+
+	case 12:
+		QUERY_STRING(msg, info12.profile_path,  "profilePath");
+		break;
+
+	case 13:
+		QUERY_STRING(msg, info13.description,   "description");
+		break;
+
+	case 14:
+		QUERY_STRING(msg, info14.workstations,  "userWorkstations");
+		break;
+
+	case 16:
+		QUERY_AFLAGS(msg, info16.acct_flags,    "msDS-User-Account-Control-Computed");
+		break;
+
+	case 17:
+		QUERY_UINT64(msg, info17.acct_expiry,   "accountExpires");
+		break;
+
+	case 20:
+		status = samdb_result_parameters(mem_ctx, msg, "userParameters", &info->info20.parameters);
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(info);
+			return status;
+		}
+		break;
+
+	case 21:
+		QUERY_UINT64(msg, info21.last_logon,           "lastLogon");
+		QUERY_UINT64(msg, info21.last_logoff,          "lastLogoff");
+		QUERY_UINT64(msg, info21.last_password_change, "pwdLastSet");
+		QUERY_UINT64(msg, info21.acct_expiry,          "accountExpires");
+		QUERY_APASSC(msg, info21.allow_password_change,"pwdLastSet");
+		QUERY_UINT64(msg, info21.force_password_change, "msDS-UserPasswordExpiryTimeComputed");
+		QUERY_STRING(msg, info21.account_name,         "sAMAccountName");
+		QUERY_STRING(msg, info21.full_name,            "displayName");
+		QUERY_STRING(msg, info21.home_directory,       "homeDirectory");
+		QUERY_STRING(msg, info21.home_drive,           "homeDrive");
+		QUERY_STRING(msg, info21.logon_script,         "scriptPath");
+		QUERY_STRING(msg, info21.profile_path,         "profilePath");
+		QUERY_STRING(msg, info21.description,          "description");
+		QUERY_STRING(msg, info21.workstations,         "userWorkstations");
+		QUERY_STRING(msg, info21.comment,              "comment");
+		status = samdb_result_parameters(mem_ctx, msg, "userParameters", &info->info21.parameters);
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(info);
+			return status;
+		}
+
+		QUERY_RID   (msg, info21.rid,                  "objectSid");
+		QUERY_UINT  (msg, info21.primary_gid,          "primaryGroupID");
+		QUERY_AFLAGS(msg, info21.acct_flags,           "msDS-User-Account-Control-Computed");
+		info->info21.fields_present = 0x08FFFFFF;
+		QUERY_LHOURS(msg, info21.logon_hours,          "logonHours");
+		QUERY_BPWDCT(msg, info21.bad_password_count,   "badPwdCount");
+		QUERY_UINT  (msg, info21.logon_count,          "logonCount");
+		if ((info->info21.acct_flags & ACB_PW_EXPIRED) != 0) {
+			info->info21.password_expired = PASS_MUST_CHANGE_AT_NEXT_LOGON;
+		} else {
+			info->info21.password_expired = PASS_DONT_CHANGE_AT_NEXT_LOGON;
+		}
+		QUERY_UINT  (msg, info21.country_code,         "countryCode");
+		QUERY_UINT  (msg, info21.code_page,            "codePage");
+		break;
+
+
+	default:
+		talloc_free(info);
+		return NT_STATUS_INVALID_INFO_CLASS;
+	}
+
+	*r->out.info = info;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  samr_SetUserInfo
+*/
+static NTSTATUS dcesrv_samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				 struct samr_SetUserInfo *r)
+{
+	struct dcesrv_handle *h;
+	struct samr_account_state *a_state;
+	struct ldb_message *msg;
+	int ret;
+	NTSTATUS status = NT_STATUS_OK;
+	struct ldb_context *sam_ctx;
+	DATA_BLOB session_key = data_blob_null;
+
+	DCESRV_PULL_HANDLE(h, r->in.user_handle, SAMR_HANDLE_USER);
+
+	a_state = h->data;
+	sam_ctx = a_state->sam_ctx;
+
+	msg = ldb_msg_new(mem_ctx);
+	if (msg == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	msg->dn = talloc_reference(mem_ctx, a_state->account_dn);
+	if (!msg->dn) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ret = ldb_transaction_start(sam_ctx);
+	if (ret != LDB_SUCCESS) {
+		DBG_ERR("Failed to start a transaction: %s\n",
+			ldb_errstring(sam_ctx));
+		return NT_STATUS_LOCK_NOT_GRANTED;
+	}
+
+	switch (r->in.level) {
+	case 2:
+		SET_STRING(msg, info2.comment,          "comment");
+		SET_UINT  (msg, info2.country_code,     "countryCode");
+		SET_UINT  (msg, info2.code_page,        "codePage");
+		break;
+
+	case 4:
+		SET_LHOURS(msg, info4.logon_hours,      "logonHours");
+		break;
+
+	case 6:
+		SET_STRING(msg, info6.account_name,     "samAccountName");
+		SET_STRING(msg, info6.full_name,        "displayName");
+		break;
+
+	case 7:
+		SET_STRING(msg, info7.account_name,     "samAccountName");
+		break;
+
+	case 8:
+		SET_STRING(msg, info8.full_name,        "displayName");
+		break;
+
+	case 9:
+		SET_UINT(msg, info9.primary_gid,        "primaryGroupID");
+		break;
+
+	case 10:
+		SET_STRING(msg, info10.home_directory,  "homeDirectory");
+		SET_STRING(msg, info10.home_drive,      "homeDrive");
+		break;
+
+	case 11:
+		SET_STRING(msg, info11.logon_script,    "scriptPath");
+		break;
+
+	case 12:
+		SET_STRING(msg, info12.profile_path,    "profilePath");
+		break;
+
+	case 13:
+		SET_STRING(msg, info13.description,     "description");
+		break;
+
+	case 14:
+		SET_STRING(msg, info14.workstations,    "userWorkstations");
+		break;
+
+	case 16:
+		SET_AFLAGS(msg, info16.acct_flags,      "userAccountControl");
+		break;
+
+	case 17:
+		SET_UINT64(msg, info17.acct_expiry,     "accountExpires");
+		break;
+
+	case 18:
+		status = samr_set_password_buffers(dce_call,
+						   sam_ctx,
+						   a_state->account_dn,
+						   a_state->domain_state->domain_dn,
+						   mem_ctx,
+						   r->in.info->info18.lm_pwd_active ? r->in.info->info18.lm_pwd.hash : NULL,
+						   r->in.info->info18.nt_pwd_active ? r->in.info->info18.nt_pwd.hash : NULL);
+		if (!NT_STATUS_IS_OK(status)) {
+			goto done;
+		}
+
+		if (r->in.info->info18.password_expired > 0) {
+			struct ldb_message_element *set_el;
+			if (samdb_msg_add_uint64(sam_ctx, mem_ctx, msg, "pwdLastSet", 0) != LDB_SUCCESS) {
+				status = NT_STATUS_NO_MEMORY;
+				goto done;
+			}
+			set_el = ldb_msg_find_element(msg, "pwdLastSet");
+			set_el->flags = LDB_FLAG_MOD_REPLACE;
+		}
+		break;
+
+	case 20:
+		SET_PARAMETERS(msg, info20.parameters,      "userParameters");
+		break;
+
+	case 21:
+		if (r->in.info->info21.fields_present == 0) {
+			status = NT_STATUS_INVALID_PARAMETER;
+			goto done;
+		}
+
+#define IFSET(bit) if (bit & r->in.info->info21.fields_present)
+		IFSET(SAMR_FIELD_LAST_LOGON)
+			SET_UINT64(msg, info21.last_logon,     "lastLogon");
+		IFSET(SAMR_FIELD_LAST_LOGOFF)
+			SET_UINT64(msg, info21.last_logoff,    "lastLogoff");
+		IFSET(SAMR_FIELD_ACCT_EXPIRY)
+			SET_UINT64(msg, info21.acct_expiry,    "accountExpires");
+		IFSET(SAMR_FIELD_ACCOUNT_NAME)
+			SET_STRING(msg, info21.account_name,   "samAccountName");
+		IFSET(SAMR_FIELD_FULL_NAME)
+			SET_STRING(msg, info21.full_name,      "displayName");
+		IFSET(SAMR_FIELD_HOME_DIRECTORY)
+			SET_STRING(msg, info21.home_directory, "homeDirectory");
+		IFSET(SAMR_FIELD_HOME_DRIVE)
+			SET_STRING(msg, info21.home_drive,     "homeDrive");
+		IFSET(SAMR_FIELD_LOGON_SCRIPT)
+			SET_STRING(msg, info21.logon_script,   "scriptPath");
+		IFSET(SAMR_FIELD_PROFILE_PATH)
+			SET_STRING(msg, info21.profile_path,   "profilePath");
+		IFSET(SAMR_FIELD_DESCRIPTION)
+			SET_STRING(msg, info21.description,    "description");
+		IFSET(SAMR_FIELD_WORKSTATIONS)
+			SET_STRING(msg, info21.workstations,   "userWorkstations");
+		IFSET(SAMR_FIELD_COMMENT)
+			SET_STRING(msg, info21.comment,        "comment");
+		IFSET(SAMR_FIELD_PARAMETERS)
+			SET_PARAMETERS(msg, info21.parameters, "userParameters");
+		IFSET(SAMR_FIELD_PRIMARY_GID)
+			SET_UINT(msg, info21.primary_gid,      "primaryGroupID");
+		IFSET(SAMR_FIELD_ACCT_FLAGS)
+			SET_AFLAGS(msg, info21.acct_flags,     "userAccountControl");
+		IFSET(SAMR_FIELD_LOGON_HOURS)
+			SET_LHOURS(msg, info21.logon_hours,    "logonHours");
+		IFSET(SAMR_FIELD_BAD_PWD_COUNT)
+			SET_UINT  (msg, info21.bad_password_count, "badPwdCount");
+		IFSET(SAMR_FIELD_NUM_LOGONS)
+			SET_UINT  (msg, info21.logon_count,    "logonCount");
+		IFSET(SAMR_FIELD_COUNTRY_CODE)
+			SET_UINT  (msg, info21.country_code,   "countryCode");
+		IFSET(SAMR_FIELD_CODE_PAGE)
+			SET_UINT  (msg, info21.code_page,      "codePage");
+
+		/* password change fields */
+		IFSET(SAMR_FIELD_LAST_PWD_CHANGE) {
+			status = NT_STATUS_ACCESS_DENIED;
+			goto done;
+		}
+
+		IFSET((SAMR_FIELD_LM_PASSWORD_PRESENT
+					| SAMR_FIELD_NT_PASSWORD_PRESENT)) {
+			uint8_t *lm_pwd_hash = NULL, *nt_pwd_hash = NULL;
+
+			if (r->in.info->info21.lm_password_set) {
+				if ((r->in.info->info21.lm_owf_password.length != 16)
+				 || (r->in.info->info21.lm_owf_password.size != 16)) {
+					status = NT_STATUS_INVALID_PARAMETER;
+					goto done;
+				}
+
+				lm_pwd_hash = (uint8_t *) r->in.info->info21.lm_owf_password.array;
+			}
+			if (r->in.info->info21.nt_password_set) {
+				if ((r->in.info->info21.nt_owf_password.length != 16)
+				 || (r->in.info->info21.nt_owf_password.size != 16)) {
+					status = NT_STATUS_INVALID_PARAMETER;
+					goto done;
+				}
+
+				nt_pwd_hash = (uint8_t *) r->in.info->info21.nt_owf_password.array;
+			}
+			status = samr_set_password_buffers(dce_call,
+							   sam_ctx,
+							   a_state->account_dn,
+							   a_state->domain_state->domain_dn,
+							   mem_ctx,
+							   lm_pwd_hash,
+							   nt_pwd_hash);
+			if (!NT_STATUS_IS_OK(status)) {
+				goto done;
+			}
+		}
+
+
+		IFSET(SAMR_FIELD_EXPIRED_FLAG) {
+			const char *t = "0";
+			struct ldb_message_element *set_el;
+			if (r->in.info->info21.password_expired
+					== PASS_DONT_CHANGE_AT_NEXT_LOGON) {
+				t = "-1";
+			}
+			if (ldb_msg_add_string(msg, "pwdLastSet", t) != LDB_SUCCESS) {
+				status = NT_STATUS_NO_MEMORY;
+				goto done;
+			}
+			set_el = ldb_msg_find_element(msg, "pwdLastSet");
+			set_el->flags = LDB_FLAG_MOD_REPLACE;
+		}
+#undef IFSET
+		break;
+
+	case 23:
+		if (r->in.info->info23.info.fields_present == 0) {
+			status = NT_STATUS_INVALID_PARAMETER;
+			goto done;
+		}
+
+#define IFSET(bit) if (bit & r->in.info->info23.info.fields_present)
+		IFSET(SAMR_FIELD_LAST_LOGON)
+			SET_UINT64(msg, info23.info.last_logon,     "lastLogon");
+		IFSET(SAMR_FIELD_LAST_LOGOFF)
+			SET_UINT64(msg, info23.info.last_logoff,    "lastLogoff");
+		IFSET(SAMR_FIELD_ACCT_EXPIRY)
+			SET_UINT64(msg, info23.info.acct_expiry,    "accountExpires");
+		IFSET(SAMR_FIELD_ACCOUNT_NAME)
+			SET_STRING(msg, info23.info.account_name,   "samAccountName");
+		IFSET(SAMR_FIELD_FULL_NAME)
+			SET_STRING(msg, info23.info.full_name,      "displayName");
+		IFSET(SAMR_FIELD_HOME_DIRECTORY)
+			SET_STRING(msg, info23.info.home_directory, "homeDirectory");
+		IFSET(SAMR_FIELD_HOME_DRIVE)
+			SET_STRING(msg, info23.info.home_drive,     "homeDrive");
+		IFSET(SAMR_FIELD_LOGON_SCRIPT)
+			SET_STRING(msg, info23.info.logon_script,   "scriptPath");
+		IFSET(SAMR_FIELD_PROFILE_PATH)
+			SET_STRING(msg, info23.info.profile_path,   "profilePath");
+		IFSET(SAMR_FIELD_DESCRIPTION)
+			SET_STRING(msg, info23.info.description,    "description");
+		IFSET(SAMR_FIELD_WORKSTATIONS)
+			SET_STRING(msg, info23.info.workstations,   "userWorkstations");
+		IFSET(SAMR_FIELD_COMMENT)
+			SET_STRING(msg, info23.info.comment,        "comment");
+		IFSET(SAMR_FIELD_PARAMETERS)
+			SET_PARAMETERS(msg, info23.info.parameters, "userParameters");
+		IFSET(SAMR_FIELD_PRIMARY_GID)
+			SET_UINT(msg, info23.info.primary_gid,      "primaryGroupID");
+		IFSET(SAMR_FIELD_ACCT_FLAGS)
+			SET_AFLAGS(msg, info23.info.acct_flags,     "userAccountControl");
+		IFSET(SAMR_FIELD_LOGON_HOURS)
+			SET_LHOURS(msg, info23.info.logon_hours,    "logonHours");
+		IFSET(SAMR_FIELD_BAD_PWD_COUNT)
+			SET_UINT  (msg, info23.info.bad_password_count, "badPwdCount");
+		IFSET(SAMR_FIELD_NUM_LOGONS)
+			SET_UINT  (msg, info23.info.logon_count,    "logonCount");
+
+		IFSET(SAMR_FIELD_COUNTRY_CODE)
+			SET_UINT  (msg, info23.info.country_code,   "countryCode");
+		IFSET(SAMR_FIELD_CODE_PAGE)
+			SET_UINT  (msg, info23.info.code_page,      "codePage");
+
+		/* password change fields */
+		IFSET(SAMR_FIELD_LAST_PWD_CHANGE) {
+			status = NT_STATUS_ACCESS_DENIED;
+			goto done;
+		}
+
+		IFSET(SAMR_FIELD_NT_PASSWORD_PRESENT) {
+			status = samr_set_password(dce_call,
+						   sam_ctx,
+						   a_state->account_dn,
+						   a_state->domain_state->domain_dn,
+						   mem_ctx,
+						   &r->in.info->info23.password);
+		} else IFSET(SAMR_FIELD_LM_PASSWORD_PRESENT) {
+			status = samr_set_password(dce_call,
+						   sam_ctx,
+						   a_state->account_dn,
+						   a_state->domain_state->domain_dn,
+						   mem_ctx,
+						   &r->in.info->info23.password);
+		}
+		if (!NT_STATUS_IS_OK(status)) {
+			goto done;
+		}
+
+		IFSET(SAMR_FIELD_EXPIRED_FLAG) {
+			const char *t = "0";
+			struct ldb_message_element *set_el;
+			if (r->in.info->info23.info.password_expired
+					== PASS_DONT_CHANGE_AT_NEXT_LOGON) {
+				t = "-1";
+			}
+			if (ldb_msg_add_string(msg, "pwdLastSet", t) != LDB_SUCCESS) {
+				status = NT_STATUS_NO_MEMORY;
+				goto done;
+			}
+			set_el = ldb_msg_find_element(msg, "pwdLastSet");
+			set_el->flags = LDB_FLAG_MOD_REPLACE;
+		}
+#undef IFSET
+		break;
+
+		/* the set password levels are handled separately */
+	case 24:
+		status = samr_set_password(dce_call,
+					   sam_ctx,
+					   a_state->account_dn,
+					   a_state->domain_state->domain_dn,
+					   mem_ctx,
+					   &r->in.info->info24.password);
+		if (!NT_STATUS_IS_OK(status)) {
+			goto done;
+		}
+
+		if (r->in.info->info24.password_expired > 0) {
+			struct ldb_message_element *set_el;
+			if (samdb_msg_add_uint64(sam_ctx, mem_ctx, msg, "pwdLastSet", 0) != LDB_SUCCESS) {
+				status = NT_STATUS_NO_MEMORY;
+				goto done;
+			}
+			set_el = ldb_msg_find_element(msg, "pwdLastSet");
+			set_el->flags = LDB_FLAG_MOD_REPLACE;
+		}
+		break;
+
+	case 25:
+		if (r->in.info->info25.info.fields_present == 0) {
+			status = NT_STATUS_INVALID_PARAMETER;
+			goto done;
+		}
+
+#define IFSET(bit) if (bit & r->in.info->info25.info.fields_present)
+		IFSET(SAMR_FIELD_LAST_LOGON)
+			SET_UINT64(msg, info25.info.last_logon,     "lastLogon");
+		IFSET(SAMR_FIELD_LAST_LOGOFF)
+			SET_UINT64(msg, info25.info.last_logoff,    "lastLogoff");
+		IFSET(SAMR_FIELD_ACCT_EXPIRY)
+			SET_UINT64(msg, info25.info.acct_expiry,    "accountExpires");
+		IFSET(SAMR_FIELD_ACCOUNT_NAME)
+			SET_STRING(msg, info25.info.account_name,   "samAccountName");
+		IFSET(SAMR_FIELD_FULL_NAME)
+			SET_STRING(msg, info25.info.full_name,      "displayName");
+		IFSET(SAMR_FIELD_HOME_DIRECTORY)
+			SET_STRING(msg, info25.info.home_directory, "homeDirectory");
+		IFSET(SAMR_FIELD_HOME_DRIVE)
+			SET_STRING(msg, info25.info.home_drive,     "homeDrive");
+		IFSET(SAMR_FIELD_LOGON_SCRIPT)
+			SET_STRING(msg, info25.info.logon_script,   "scriptPath");
+		IFSET(SAMR_FIELD_PROFILE_PATH)
+			SET_STRING(msg, info25.info.profile_path,   "profilePath");
+		IFSET(SAMR_FIELD_DESCRIPTION)
+			SET_STRING(msg, info25.info.description,    "description");
+		IFSET(SAMR_FIELD_WORKSTATIONS)
+			SET_STRING(msg, info25.info.workstations,   "userWorkstations");
+		IFSET(SAMR_FIELD_COMMENT)
+			SET_STRING(msg, info25.info.comment,        "comment");
+		IFSET(SAMR_FIELD_PARAMETERS)
+			SET_PARAMETERS(msg, info25.info.parameters, "userParameters");
+		IFSET(SAMR_FIELD_PRIMARY_GID)
+			SET_UINT(msg, info25.info.primary_gid,      "primaryGroupID");
+		IFSET(SAMR_FIELD_ACCT_FLAGS)
+			SET_AFLAGS(msg, info25.info.acct_flags,     "userAccountControl");
+		IFSET(SAMR_FIELD_LOGON_HOURS)
+			SET_LHOURS(msg, info25.info.logon_hours,    "logonHours");
+		IFSET(SAMR_FIELD_BAD_PWD_COUNT)
+			SET_UINT  (msg, info25.info.bad_password_count, "badPwdCount");
+		IFSET(SAMR_FIELD_NUM_LOGONS)
+			SET_UINT  (msg, info25.info.logon_count,    "logonCount");
+		IFSET(SAMR_FIELD_COUNTRY_CODE)
+			SET_UINT  (msg, info25.info.country_code,   "countryCode");
+		IFSET(SAMR_FIELD_CODE_PAGE)
+			SET_UINT  (msg, info25.info.code_page,      "codePage");
+
+		/* password change fields */
+		IFSET(SAMR_FIELD_LAST_PWD_CHANGE) {
+			status = NT_STATUS_ACCESS_DENIED;
+			goto done;
+		}
+
+		IFSET(SAMR_FIELD_NT_PASSWORD_PRESENT) {
+			status = samr_set_password_ex(dce_call,
+						      sam_ctx,
+						      a_state->account_dn,
+						      a_state->domain_state->domain_dn,
+						      mem_ctx,
+						      &r->in.info->info25.password);
+		} else IFSET(SAMR_FIELD_LM_PASSWORD_PRESENT) {
+			status = samr_set_password_ex(dce_call,
+						      sam_ctx,
+						      a_state->account_dn,
+						      a_state->domain_state->domain_dn,
+						      mem_ctx,
+						      &r->in.info->info25.password);
+		}
+		if (!NT_STATUS_IS_OK(status)) {
+			goto done;
+		}
+
+		IFSET(SAMR_FIELD_EXPIRED_FLAG) {
+			const char *t = "0";
+			struct ldb_message_element *set_el;
+			if (r->in.info->info25.info.password_expired
+					== PASS_DONT_CHANGE_AT_NEXT_LOGON) {
+				t = "-1";
+			}
+			if (ldb_msg_add_string(msg, "pwdLastSet", t) != LDB_SUCCESS) {
+				status = NT_STATUS_NO_MEMORY;
+				goto done;
+			}
+			set_el = ldb_msg_find_element(msg, "pwdLastSet");
+			set_el->flags = LDB_FLAG_MOD_REPLACE;
+		}
+#undef IFSET
+		break;
+
+		/* the set password levels are handled separately */
+	case 26:
+		status = samr_set_password_ex(dce_call,
+					      sam_ctx,
+					      a_state->account_dn,
+					      a_state->domain_state->domain_dn,
+					      mem_ctx,
+					      &r->in.info->info26.password);
+		if (!NT_STATUS_IS_OK(status)) {
+			goto done;
+		}
+
+		if (r->in.info->info26.password_expired > 0) {
+			const char *t = "0";
+			struct ldb_message_element *set_el;
+			if (r->in.info->info26.password_expired
+					== PASS_DONT_CHANGE_AT_NEXT_LOGON) {
+				t = "-1";
+			}
+			if (ldb_msg_add_string(msg, "pwdLastSet", t) != LDB_SUCCESS) {
+				status = NT_STATUS_NO_MEMORY;
+				goto done;
+			}
+			set_el = ldb_msg_find_element(msg, "pwdLastSet");
+			set_el->flags = LDB_FLAG_MOD_REPLACE;
+		}
+		break;
+
+	case 31:
+		status = dcesrv_transport_session_key(dce_call, &session_key);
+		if (!NT_STATUS_IS_OK(status)) {
+			DBG_NOTICE("samr: failed to get session key: %s\n",
+				   nt_errstr(status));
+			goto done;
+		}
+
+		status = samr_set_password_aes(dce_call,
+					       mem_ctx,
+					       &session_key,
+					       sam_ctx,
+					       a_state->account_dn,
+					       a_state->domain_state->domain_dn,
+					       &r->in.info->info31.password,
+					       DSDB_PASSWORD_RESET);
+		if (!NT_STATUS_IS_OK(status)) {
+			goto done;
+		}
+
+		if (r->in.info->info31.password_expired > 0) {
+			const char *t = "0";
+			struct ldb_message_element *set_el = NULL;
+
+			if (r->in.info->info31.password_expired ==
+			    PASS_DONT_CHANGE_AT_NEXT_LOGON) {
+				t = "-1";
+			}
+
+			ret = ldb_msg_add_string(msg, "pwdLastSet", t);
+			if (ret != LDB_SUCCESS) {
+				status = NT_STATUS_NO_MEMORY;
+				goto done;
+			}
+			set_el = ldb_msg_find_element(msg, "pwdLastSet");
+			set_el->flags = LDB_FLAG_MOD_REPLACE;
+		}
+
+		break;
+	case 32:
+		status = dcesrv_transport_session_key(dce_call, &session_key);
+		if (!NT_STATUS_IS_OK(status)) {
+			DBG_NOTICE("samr: failed to get session key: %s\n",
+				   nt_errstr(status));
+			goto done;
+		}
+
+		if (r->in.info->info32.info.fields_present == 0) {
+			status = NT_STATUS_INVALID_PARAMETER;
+			goto done;
+		}
+
+#define IFSET(bit) if (bit & r->in.info->info32.info.fields_present)
+		IFSET(SAMR_FIELD_LAST_LOGON)
+		{
+			SET_UINT64(msg, info32.info.last_logon, "lastLogon");
+		}
+		IFSET(SAMR_FIELD_LAST_LOGOFF)
+		{
+			SET_UINT64(msg, info32.info.last_logoff, "lastLogoff");
+		}
+		IFSET(SAMR_FIELD_ACCT_EXPIRY)
+		{
+			SET_UINT64(msg,
+				   info32.info.acct_expiry,
+				   "accountExpires");
+		}
+		IFSET(SAMR_FIELD_ACCOUNT_NAME)
+		{
+			SET_STRING(msg,
+				   info32.info.account_name,
+				   "samAccountName");
+		}
+		IFSET(SAMR_FIELD_FULL_NAME)
+		{
+			SET_STRING(msg, info32.info.full_name, "displayName");
+		}
+		IFSET(SAMR_FIELD_HOME_DIRECTORY)
+		{
+			SET_STRING(msg,
+				   info32.info.home_directory,
+				   "homeDirectory");
+		}
+		IFSET(SAMR_FIELD_HOME_DRIVE)
+		{
+			SET_STRING(msg, info32.info.home_drive, "homeDrive");
+		}
+		IFSET(SAMR_FIELD_LOGON_SCRIPT)
+		{
+			SET_STRING(msg, info32.info.logon_script, "scriptPath");
+		}
+		IFSET(SAMR_FIELD_PROFILE_PATH)
+		{
+			SET_STRING(msg,
+				   info32.info.profile_path,
+				   "profilePath");
+		}
+		IFSET(SAMR_FIELD_DESCRIPTION)
+		{
+			SET_STRING(msg, info32.info.description, "description");
+		}
+		IFSET(SAMR_FIELD_WORKSTATIONS)
+		{
+			SET_STRING(msg,
+				   info32.info.workstations,
+				   "userWorkstations");
+		}
+		IFSET(SAMR_FIELD_COMMENT)
+		{
+			SET_STRING(msg, info32.info.comment, "comment");
+		}
+		IFSET(SAMR_FIELD_PARAMETERS)
+		{
+			SET_PARAMETERS(msg,
+				       info32.info.parameters,
+				       "userParameters");
+		}
+		IFSET(SAMR_FIELD_PRIMARY_GID)
+		{
+			SET_UINT(msg,
+				 info32.info.primary_gid,
+				 "primaryGroupID");
+		}
+		IFSET(SAMR_FIELD_ACCT_FLAGS)
+		{
+			SET_AFLAGS(msg,
+				   info32.info.acct_flags,
+				   "userAccountControl");
+		}
+		IFSET(SAMR_FIELD_LOGON_HOURS)
+		{
+			SET_LHOURS(msg, info32.info.logon_hours, "logonHours");
+		}
+		IFSET(SAMR_FIELD_BAD_PWD_COUNT)
+		{
+			SET_UINT(msg,
+				 info32.info.bad_password_count,
+				 "badPwdCount");
+		}
+		IFSET(SAMR_FIELD_NUM_LOGONS)
+		{
+			SET_UINT(msg, info32.info.logon_count, "logonCount");
+		}
+		IFSET(SAMR_FIELD_COUNTRY_CODE)
+		{
+			SET_UINT(msg, info32.info.country_code, "countryCode");
+		}
+		IFSET(SAMR_FIELD_CODE_PAGE)
+		{
+			SET_UINT(msg, info32.info.code_page, "codePage");
+		}
+
+		/* password change fields */
+		IFSET(SAMR_FIELD_LAST_PWD_CHANGE)
+		{
+			status = NT_STATUS_ACCESS_DENIED;
+			goto done;
+		}
+
+		IFSET(SAMR_FIELD_NT_PASSWORD_PRESENT)
+		{
+			status = samr_set_password_aes(
+				dce_call,
+				mem_ctx,
+				&session_key,
+				a_state->sam_ctx,
+				a_state->account_dn,
+				a_state->domain_state->domain_dn,
+				&r->in.info->info32.password,
+				DSDB_PASSWORD_RESET);
+		}
+		else IFSET(SAMR_FIELD_LM_PASSWORD_PRESENT)
+		{
+			status = samr_set_password_aes(
+				dce_call,
+				mem_ctx,
+				&session_key,
+				a_state->sam_ctx,
+				a_state->account_dn,
+				a_state->domain_state->domain_dn,
+				&r->in.info->info32.password,
+				DSDB_PASSWORD_RESET);
+		}
+		if (!NT_STATUS_IS_OK(status)) {
+			goto done;
+		}
+
+		IFSET(SAMR_FIELD_EXPIRED_FLAG)
+		{
+			const char *t = "0";
+			struct ldb_message_element *set_el;
+			if (r->in.info->info32.info.password_expired ==
+			    PASS_DONT_CHANGE_AT_NEXT_LOGON) {
+				t = "-1";
+			}
+			if (ldb_msg_add_string(msg, "pwdLastSet", t) !=
+			    LDB_SUCCESS) {
+				status = NT_STATUS_NO_MEMORY;
+				goto done;
+			}
+			set_el = ldb_msg_find_element(msg, "pwdLastSet");
+			set_el->flags = LDB_FLAG_MOD_REPLACE;
+		}
+#undef IFSET
+
+		break;
+	default:
+		/* many info classes are not valid for SetUserInfo */
+		status = NT_STATUS_INVALID_INFO_CLASS;
+		goto done;
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
+
+	/* modify the samdb record */
+	if (msg->num_elements > 0) {
+		ret = ldb_modify(sam_ctx, msg);
+		if (ret != LDB_SUCCESS) {
+			DEBUG(1,("Failed to modify record %s: %s\n",
+				 ldb_dn_get_linearized(a_state->account_dn),
+				 ldb_errstring(sam_ctx)));
+
+			status = dsdb_ldb_err_to_ntstatus(ret);
+			goto done;
+		}
+	}
+
+	ret = ldb_transaction_commit(sam_ctx);
+	if (ret != LDB_SUCCESS) {
+		DBG_ERR("Failed to commit transaction modifying account record "
+			"%s: %s\n",
+			ldb_dn_get_linearized(msg->dn),
+			ldb_errstring(sam_ctx));
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	status = NT_STATUS_OK;
+done:
+	if (!NT_STATUS_IS_OK(status)) {
+		ldb_transaction_cancel(sam_ctx);
+	}
+
+	return status;
+}
+
+
+/*
+  samr_GetGroupsForUser
+*/
+static NTSTATUS dcesrv_samr_GetGroupsForUser(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct samr_GetGroupsForUser *r)
+{
+	struct dcesrv_handle *h;
+	struct samr_account_state *a_state;
+	struct samr_domain_state *d_state;
+	struct ldb_result *res, *res_memberof;
+	const char * const attrs[] = { "primaryGroupID",
+				       "memberOf",
+				       NULL };
+	const char * const group_attrs[] = { "objectSid",
+					     NULL };
+
+	struct samr_RidWithAttributeArray *array;
+	struct ldb_message_element *memberof_el;
+	int i, ret, count = 0;
+	uint32_t primary_group_id;
+	char *filter;
+
+	DCESRV_PULL_HANDLE(h, r->in.user_handle, SAMR_HANDLE_USER);
+
+	a_state = h->data;
+	d_state = a_state->domain_state;
+
+	ret = dsdb_search_dn(a_state->sam_ctx, mem_ctx,
+			     &res,
+			     a_state->account_dn,
+			     attrs, DSDB_SEARCH_SHOW_EXTENDED_DN);
+
+	if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+		return NT_STATUS_NO_SUCH_USER;
+	} else if (ret != LDB_SUCCESS) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	} else if (res->count != 1) {
+		return NT_STATUS_NO_SUCH_USER;
+	}
+
+	primary_group_id = ldb_msg_find_attr_as_uint(res->msgs[0], "primaryGroupID",
+						     0);
+
+	filter = talloc_asprintf(mem_ctx,
+				 "(&(|(grouptype=%d)(grouptype=%d))"
+				 "(objectclass=group)(|",
+				 GTYPE_SECURITY_UNIVERSAL_GROUP,
+				 GTYPE_SECURITY_GLOBAL_GROUP);
+	if (filter == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	memberof_el = ldb_msg_find_element(res->msgs[0], "memberOf");
+	if (memberof_el != NULL) {
+		for (i = 0; i < memberof_el->num_values; i++) {
+			const struct ldb_val *memberof_sid_binary;
+			char *memberof_sid_escaped;
+			struct ldb_dn *memberof_dn
+				= ldb_dn_from_ldb_val(mem_ctx,
+						      a_state->sam_ctx,
+						      &memberof_el->values[i]);
+			if (memberof_dn == NULL) {
+				return NT_STATUS_INTERNAL_DB_CORRUPTION;
+			}
+
+			memberof_sid_binary
+				= ldb_dn_get_extended_component(memberof_dn,
+								"SID");
+			if (memberof_sid_binary == NULL) {
+				return NT_STATUS_INTERNAL_DB_CORRUPTION;
+			}
+
+			memberof_sid_escaped = ldb_binary_encode(mem_ctx,
+								 *memberof_sid_binary);
+			if (memberof_sid_escaped == NULL) {
+				return NT_STATUS_NO_MEMORY;
+			}
+			filter = talloc_asprintf_append(filter, "(objectSID=%s)",
+							memberof_sid_escaped);
+			if (filter == NULL) {
+				return NT_STATUS_NO_MEMORY;
+			}
+		}
+
+		ret = dsdb_search(a_state->sam_ctx, mem_ctx,
+				  &res_memberof,
+				  d_state->domain_dn,
+				  LDB_SCOPE_SUBTREE,
+				  group_attrs, 0,
+				  "%s))", filter);
+
+		if (ret != LDB_SUCCESS) {
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+		count = res_memberof->count;
+	}
+
+	array = talloc(mem_ctx, struct samr_RidWithAttributeArray);
+	if (array == NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	array->count = 0;
+	array->rids = NULL;
+
+	array->rids = talloc_array(mem_ctx, struct samr_RidWithAttribute,
+				   count + 1);
+	if (array->rids == NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	/* Adds the primary group */
+
+	array->rids[0].rid = primary_group_id;
+	array->rids[0].attributes = SE_GROUP_DEFAULT_FLAGS;
+	array->count += 1;
+
+	/* Adds the additional groups */
+	for (i = 0; i < count; i++) {
+		struct dom_sid *group_sid;
+
+		group_sid = samdb_result_dom_sid(mem_ctx,
+						 res_memberof->msgs[i],
+						 "objectSid");
+		if (group_sid == NULL) {
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+
+		array->rids[i + 1].rid =
+			group_sid->sub_auths[group_sid->num_auths-1];
+		array->rids[i + 1].attributes = SE_GROUP_DEFAULT_FLAGS;
+		array->count += 1;
+	}
+
+	*r->out.rids = array;
+
+	return NT_STATUS_OK;
+}
+
+/*
+ * samr_QueryDisplayInfo
+ *
+ * A cache of the GUID's matching the last query is maintained
+ * in the SAMR_QUERY_DISPLAY_INFO_CACHE guid_cache maintained o
+ * n the dcesrv_handle.
+ */
+static NTSTATUS dcesrv_samr_QueryDisplayInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct samr_QueryDisplayInfo *r)
+{
+	struct dcesrv_handle *h;
+	struct samr_domain_state *d_state;
+	struct ldb_result *res;
+	uint32_t i;
+	uint32_t results = 0;
+	uint32_t count = 0;
+	const char *const cache_attrs[] = {"objectGUID", NULL};
+	const char *const attrs[] = {
+	    "objectSID", "sAMAccountName", "displayName", "description", NULL};
+	struct samr_DispEntryFull *entriesFull = NULL;
+	struct samr_DispEntryFullGroup *entriesFullGroup = NULL;
+	struct samr_DispEntryAscii *entriesAscii = NULL;
+	struct samr_DispEntryGeneral *entriesGeneral = NULL;
+	const char *filter;
+	int ret;
+	NTSTATUS status;
+	struct samr_guid_cache *cache = NULL;
+
+	DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
+
+	d_state = h->data;
+
+	cache = &d_state->guid_caches[SAMR_QUERY_DISPLAY_INFO_CACHE];
+	/*
+	 * Can the cached results be used?
+	 * The cache is discarded if the start index is zero, or the requested
+	 * level is different from that in the cache.
+	 */
+	if ((r->in.start_idx == 0) || (r->in.level != cache->handle)) {
+		/*
+		 * The cached results can not be used, so will need to query
+		 * the database.
+		 */
+
+		/*
+		 * Get the search filter for the current level
+		 */
+		switch (r->in.level) {
+		case 1:
+		case 4:
+			filter = talloc_asprintf(mem_ctx,
+						 "(&(objectclass=user)"
+						 "(sAMAccountType=%d))",
+						 ATYPE_NORMAL_ACCOUNT);
+			break;
+		case 2:
+			filter = talloc_asprintf(mem_ctx,
+						 "(&(objectclass=user)"
+						 "(sAMAccountType=%d))",
+						 ATYPE_WORKSTATION_TRUST);
+			break;
+		case 3:
+		case 5:
+			filter =
+			    talloc_asprintf(mem_ctx,
+					    "(&(|(groupType=%d)(groupType=%d))"
+					    "(objectClass=group))",
+					    GTYPE_SECURITY_UNIVERSAL_GROUP,
+					    GTYPE_SECURITY_GLOBAL_GROUP);
+			break;
+		default:
+			return NT_STATUS_INVALID_INFO_CLASS;
+		}
+		clear_guid_cache(cache);
+
+		/*
+		 * search for all requested objects in all domains.
+		 */
+		ret = dsdb_search(d_state->sam_ctx,
+				  mem_ctx,
+				  &res,
+				  ldb_get_default_basedn(d_state->sam_ctx),
+				  LDB_SCOPE_SUBTREE,
+				  cache_attrs,
+				  0,
+				  "%s",
+				  filter);
+		if (ret != LDB_SUCCESS) {
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+		if ((res->count == 0) || (r->in.max_entries == 0)) {
+			return NT_STATUS_OK;
+		}
+
+		status = load_guid_cache(cache, d_state, res->count, res->msgs);
+		TALLOC_FREE(res);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+		cache->handle = r->in.level;
+	}
+	*r->out.total_size = cache->size;
+
+	/*
+	 * if there are no entries or the requested start index is greater
+	 * than the number of entries, we return an empty response.
+	 */
+	if (r->in.start_idx >= cache->size) {
+		*r->out.returned_size = 0;
+		switch(r->in.level) {
+		case 1:
+			r->out.info->info1.count = *r->out.returned_size;
+			r->out.info->info1.entries = NULL;
+			break;
+		case 2:
+			r->out.info->info2.count = *r->out.returned_size;
+			r->out.info->info2.entries = NULL;
+			break;
+		case 3:
+			r->out.info->info3.count = *r->out.returned_size;
+			r->out.info->info3.entries = NULL;
+			break;
+		case 4:
+			r->out.info->info4.count = *r->out.returned_size;
+			r->out.info->info4.entries = NULL;
+			break;
+		case 5:
+			r->out.info->info5.count = *r->out.returned_size;
+			r->out.info->info5.entries = NULL;
+			break;
+		}
+		return NT_STATUS_OK;
+	}
+
+	/*
+	 * Allocate an array of the appropriate result structures for the
+	 * current query level.
+	 *
+	 * r->in.start_idx is always < cache->size due to the check above
+	 */
+	results = MIN((cache->size - r->in.start_idx), r->in.max_entries);
+	switch (r->in.level) {
+	case 1:
+		entriesGeneral = talloc_array(
+		    mem_ctx, struct samr_DispEntryGeneral, results);
+		break;
+	case 2:
+		entriesFull =
+		    talloc_array(mem_ctx, struct samr_DispEntryFull, results);
+		break;
+	case 3:
+		entriesFullGroup = talloc_array(
+		    mem_ctx, struct samr_DispEntryFullGroup, results);
+		break;
+	case 4:
+	case 5:
+		entriesAscii =
+		    talloc_array(mem_ctx, struct samr_DispEntryAscii, results);
+		break;
+	}
+
+	if ((entriesGeneral == NULL) && (entriesFull == NULL) &&
+	    (entriesAscii == NULL) && (entriesFullGroup == NULL))
+		return NT_STATUS_NO_MEMORY;
+
+	/*
+	 * Process the list of result GUID's.
+	 * Read the details of each object and populate the result structure
+	 * for the current level.
+	 */
+	count = 0;
+	for (i = 0; i < results; i++) {
+		struct dom_sid *objectsid;
+		struct ldb_result *rec;
+		const uint32_t idx = r->in.start_idx + i;
+		uint32_t rid;
+
+		/*
+		 * Read an object from disk using the GUID as the key
+		 *
+		 * If the object can not be read, or it does not have a SID
+		 * it is ignored.  In this case the number of entries returned
+		 * will be less than the requested size, there will also be
+		 * a gap in the idx numbers in the returned elements e.g. if
+		 * there are 3 GUIDs a, b, c in the cache and b is deleted from
+		 * disk then details for a, and c will be returned with
+		 * idx values of 1 and 3 respectively.
+		 *
+		 */
+		ret = dsdb_search_by_dn_guid(d_state->sam_ctx,
+					     mem_ctx,
+					     &rec,
+					     &cache->entries[idx],
+					     attrs,
+					     0);
+		if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+			struct GUID_txt_buf guid_buf;
+			char *guid_str =
+				GUID_buf_string(&cache->entries[idx],
+						&guid_buf);
+			DBG_WARNING("GUID [%s] not found\n", guid_str);
+			continue;
+		} else if (ret != LDB_SUCCESS) {
+			clear_guid_cache(cache);
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+		objectsid = samdb_result_dom_sid(mem_ctx,
+						 rec->msgs[0],
+						 "objectSID");
+		if (objectsid == NULL) {
+			struct GUID_txt_buf guid_buf;
+			DBG_WARNING(
+			    "objectSID for GUID [%s] not found\n",
+			    GUID_buf_string(&cache->entries[idx], &guid_buf));
+			continue;
+		}
+		status = dom_sid_split_rid(NULL,
+					   objectsid,
+					   NULL,
+					   &rid);
+		if (!NT_STATUS_IS_OK(status)) {
+			struct dom_sid_buf sid_buf;
+			struct GUID_txt_buf guid_buf;
+			DBG_WARNING(
+			    "objectSID [%s] for GUID [%s] invalid\n",
+			    dom_sid_str_buf(objectsid, &sid_buf),
+			    GUID_buf_string(&cache->entries[idx], &guid_buf));
+			continue;
+		}
+
+		/*
+		 * Populate the result structure for the current object
+		 */
+		switch(r->in.level) {
+		case 1:
+
+			entriesGeneral[count].idx = idx + 1;
+			entriesGeneral[count].rid = rid;
+
+			entriesGeneral[count].acct_flags =
+			    samdb_result_acct_flags(rec->msgs[0], NULL);
+			entriesGeneral[count].account_name.string =
+			    ldb_msg_find_attr_as_string(
+				rec->msgs[0], "sAMAccountName", "");
+			entriesGeneral[count].full_name.string =
+			    ldb_msg_find_attr_as_string(
+				rec->msgs[0], "displayName", "");
+			entriesGeneral[count].description.string =
+			    ldb_msg_find_attr_as_string(
+				rec->msgs[0], "description", "");
+			break;
+		case 2:
+			entriesFull[count].idx = idx + 1;
+			entriesFull[count].rid = rid;
+
+			/*
+			 * No idea why we need to or in ACB_NORMAL here,
+			 * but this is what Win2k3 seems to do...
+			 */
+			entriesFull[count].acct_flags =
+			    samdb_result_acct_flags(rec->msgs[0], NULL) |
+			    ACB_NORMAL;
+			entriesFull[count].account_name.string =
+			    ldb_msg_find_attr_as_string(
+				rec->msgs[0], "sAMAccountName", "");
+			entriesFull[count].description.string =
+			    ldb_msg_find_attr_as_string(
+				rec->msgs[0], "description", "");
+			break;
+		case 3:
+			entriesFullGroup[count].idx = idx + 1;
+			entriesFullGroup[count].rid = rid;
+
+			/*
+			 * We get a "7" here for groups
+			 */
+			entriesFullGroup[count].acct_flags = SE_GROUP_DEFAULT_FLAGS;
+			entriesFullGroup[count].account_name.string =
+			    ldb_msg_find_attr_as_string(
+				rec->msgs[0], "sAMAccountName", "");
+			entriesFullGroup[count].description.string =
+			    ldb_msg_find_attr_as_string(
+				rec->msgs[0], "description", "");
+			break;
+		case 4:
+		case 5:
+			entriesAscii[count].idx = idx + 1;
+			entriesAscii[count].account_name.string =
+			    ldb_msg_find_attr_as_string(
+				rec->msgs[0], "sAMAccountName", "");
+			break;
+		}
+		count++;
+	}
+
+	/*
+	 * Build the response based on the request level.
+	 */
+	*r->out.returned_size = count;
+	switch(r->in.level) {
+	case 1:
+		r->out.info->info1.count = count;
+		r->out.info->info1.entries = entriesGeneral;
+		break;
+	case 2:
+		r->out.info->info2.count = count;
+		r->out.info->info2.entries = entriesFull;
+		break;
+	case 3:
+		r->out.info->info3.count = count;
+		r->out.info->info3.entries = entriesFullGroup;
+		break;
+	case 4:
+		r->out.info->info4.count = count;
+		r->out.info->info4.entries = entriesAscii;
+		break;
+	case 5:
+		r->out.info->info5.count = count;
+		r->out.info->info5.entries = entriesAscii;
+		break;
+	}
+
+	return ((r->in.start_idx + results) < cache->size)
+		   ? STATUS_MORE_ENTRIES
+		   : NT_STATUS_OK;
+}
+
+
+/*
+  samr_GetDisplayEnumerationIndex
+*/
+static NTSTATUS dcesrv_samr_GetDisplayEnumerationIndex(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct samr_GetDisplayEnumerationIndex *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  samr_TestPrivateFunctionsDomain
+*/
+static NTSTATUS dcesrv_samr_TestPrivateFunctionsDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct samr_TestPrivateFunctionsDomain *r)
+{
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+
+/*
+  samr_TestPrivateFunctionsUser
+*/
+static NTSTATUS dcesrv_samr_TestPrivateFunctionsUser(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct samr_TestPrivateFunctionsUser *r)
+{
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+
+/*
+  samr_GetUserPwInfo
+*/
+static NTSTATUS dcesrv_samr_GetUserPwInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				   struct samr_GetUserPwInfo *r)
+{
+	struct dcesrv_handle *h;
+	struct samr_account_state *a_state;
+
+	ZERO_STRUCTP(r->out.info);
+
+	DCESRV_PULL_HANDLE(h, r->in.user_handle, SAMR_HANDLE_USER);
+
+	a_state = h->data;
+
+	r->out.info->min_password_length = samdb_search_uint(a_state->sam_ctx,
+		mem_ctx, 0, a_state->domain_state->domain_dn, "minPwdLength",
+		NULL);
+	r->out.info->password_properties = samdb_search_uint(a_state->sam_ctx,
+		mem_ctx, 0, a_state->account_dn, "pwdProperties", NULL);
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  samr_RemoveMemberFromForeignDomain
+*/
+static NTSTATUS dcesrv_samr_RemoveMemberFromForeignDomain(struct dcesrv_call_state *dce_call,
+							  TALLOC_CTX *mem_ctx,
+							  struct samr_RemoveMemberFromForeignDomain *r)
+{
+	struct dcesrv_handle *h;
+	struct samr_domain_state *d_state;
+	const char *memberdn;
+	struct ldb_message **res;
+	const char *no_attrs[] = { NULL };
+	int i, count;
+
+	DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
+
+	d_state = h->data;
+
+	memberdn = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL,
+				       "distinguishedName", "(objectSid=%s)",
+				       ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid));
+	/* Nothing to do */
+	if (memberdn == NULL) {
+		return NT_STATUS_OK;
+	}
+
+	count = samdb_search_domain(d_state->sam_ctx, mem_ctx,
+				    d_state->domain_dn, &res, no_attrs,
+				    d_state->domain_sid,
+				    "(&(member=%s)(objectClass=group)"
+				    "(|(groupType=%d)(groupType=%d)))",
+				    memberdn,
+				    GTYPE_SECURITY_BUILTIN_LOCAL_GROUP,
+				    GTYPE_SECURITY_DOMAIN_LOCAL_GROUP);
+
+	if (count < 0)
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+
+	for (i=0; i<count; i++) {
+		struct ldb_message *mod;
+		int ret;
+
+		mod = ldb_msg_new(mem_ctx);
+		if (mod == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		mod->dn = res[i]->dn;
+
+		if (samdb_msg_add_delval(d_state->sam_ctx, mem_ctx, mod,
+					 "member", memberdn) != LDB_SUCCESS)
+			return NT_STATUS_NO_MEMORY;
+
+		ret = ldb_modify(d_state->sam_ctx, mod);
+		talloc_free(mod);
+		if (ret != LDB_SUCCESS) {
+			return dsdb_ldb_err_to_ntstatus(ret);
+		}
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  samr_QueryDomainInfo2
+
+  just an alias for samr_QueryDomainInfo
+*/
+static NTSTATUS dcesrv_samr_QueryDomainInfo2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct samr_QueryDomainInfo2 *r)
+{
+	struct samr_QueryDomainInfo r1;
+	NTSTATUS status;
+
+	r1 = (struct samr_QueryDomainInfo) {
+		.in.domain_handle = r->in.domain_handle,
+		.in.level  = r->in.level,
+		.out.info  = r->out.info,
+	};
+
+	status = dcesrv_samr_QueryDomainInfo(dce_call, mem_ctx, &r1);
+
+	return status;
+}
+
+
+/*
+  samr_QueryUserInfo2
+
+  just an alias for samr_QueryUserInfo
+*/
+static NTSTATUS dcesrv_samr_QueryUserInfo2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				    struct samr_QueryUserInfo2 *r)
+{
+	struct samr_QueryUserInfo r1;
+	NTSTATUS status;
+
+	r1 = (struct samr_QueryUserInfo) {
+		.in.user_handle = r->in.user_handle,
+		.in.level  = r->in.level,
+		.out.info  = r->out.info
+	};
+
+	status = dcesrv_samr_QueryUserInfo(dce_call, mem_ctx, &r1);
+
+	return status;
+}
+
+
+/*
+  samr_QueryDisplayInfo2
+*/
+static NTSTATUS dcesrv_samr_QueryDisplayInfo2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				       struct samr_QueryDisplayInfo2 *r)
+{
+	struct samr_QueryDisplayInfo q;
+	NTSTATUS result;
+
+	q = (struct samr_QueryDisplayInfo) {
+		.in.domain_handle = r->in.domain_handle,
+		.in.level = r->in.level,
+		.in.start_idx = r->in.start_idx,
+		.in.max_entries = r->in.max_entries,
+		.in.buf_size = r->in.buf_size,
+		.out.total_size = r->out.total_size,
+		.out.returned_size = r->out.returned_size,
+		.out.info = r->out.info,
+	};
+
+	result = dcesrv_samr_QueryDisplayInfo(dce_call, mem_ctx, &q);
+
+	return result;
+}
+
+
+/*
+  samr_GetDisplayEnumerationIndex2
+*/
+static NTSTATUS dcesrv_samr_GetDisplayEnumerationIndex2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct samr_GetDisplayEnumerationIndex2 *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  samr_QueryDisplayInfo3
+*/
+static NTSTATUS dcesrv_samr_QueryDisplayInfo3(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct samr_QueryDisplayInfo3 *r)
+{
+	struct samr_QueryDisplayInfo q;
+	NTSTATUS result;
+
+	q = (struct samr_QueryDisplayInfo) {
+		.in.domain_handle = r->in.domain_handle,
+		.in.level = r->in.level,
+		.in.start_idx = r->in.start_idx,
+		.in.max_entries = r->in.max_entries,
+		.in.buf_size = r->in.buf_size,
+		.out.total_size = r->out.total_size,
+		.out.returned_size = r->out.returned_size,
+		.out.info = r->out.info,
+	};
+
+	result = dcesrv_samr_QueryDisplayInfo(dce_call, mem_ctx, &q);
+
+	return result;
+}
+
+
+/*
+  samr_AddMultipleMembersToAlias
+*/
+static NTSTATUS dcesrv_samr_AddMultipleMembersToAlias(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct samr_AddMultipleMembersToAlias *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  samr_RemoveMultipleMembersFromAlias
+*/
+static NTSTATUS dcesrv_samr_RemoveMultipleMembersFromAlias(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct samr_RemoveMultipleMembersFromAlias *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  samr_GetDomPwInfo
+
+  this fetches the default password properties for a domain
+
+  note that w2k3 completely ignores the domain name in this call, and
+  always returns the information for the servers primary domain
+*/
+static NTSTATUS dcesrv_samr_GetDomPwInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				  struct samr_GetDomPwInfo *r)
+{
+	struct ldb_message **msgs;
+	int ret;
+	const char * const attrs[] = {"minPwdLength", "pwdProperties", NULL };
+	struct ldb_context *sam_ctx;
+
+	ZERO_STRUCTP(r->out.info);
+
+	sam_ctx = dcesrv_samdb_connect_as_user(mem_ctx, dce_call);
+	if (sam_ctx == NULL) {
+		return NT_STATUS_INVALID_SYSTEM_SERVICE;
+	}
+
+	/* The domain name in this call is ignored */
+	ret = gendb_search_dn(sam_ctx,
+			   mem_ctx, NULL, &msgs, attrs);
+	if (ret <= 0) {
+		talloc_free(sam_ctx);
+
+		return NT_STATUS_NO_SUCH_DOMAIN;
+	}
+	if (ret > 1) {
+		talloc_free(msgs);
+		talloc_free(sam_ctx);
+
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	r->out.info->min_password_length = ldb_msg_find_attr_as_uint(msgs[0],
+		"minPwdLength", 0);
+	r->out.info->password_properties = ldb_msg_find_attr_as_uint(msgs[0],
+		"pwdProperties", 1);
+
+	talloc_free(msgs);
+	talloc_unlink(mem_ctx, sam_ctx);
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  samr_Connect2
+*/
+static NTSTATUS dcesrv_samr_Connect2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+			      struct samr_Connect2 *r)
+{
+	struct samr_Connect c;
+
+	c = (struct samr_Connect) {
+		.in.system_name = NULL,
+		.in.access_mask = r->in.access_mask,
+		.out.connect_handle = r->out.connect_handle,
+	};
+
+	return dcesrv_samr_Connect(dce_call, mem_ctx, &c);
+}
+
+
+/*
+  samr_SetUserInfo2
+
+  just an alias for samr_SetUserInfo
+*/
+static NTSTATUS dcesrv_samr_SetUserInfo2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				  struct samr_SetUserInfo2 *r)
+{
+	struct samr_SetUserInfo r2;
+
+	r2 = (struct samr_SetUserInfo) {
+		.in.user_handle = r->in.user_handle,
+		.in.level = r->in.level,
+		.in.info = r->in.info,
+	};
+
+	return dcesrv_samr_SetUserInfo(dce_call, mem_ctx, &r2);
+}
+
+
+/*
+  samr_SetBootKeyInformation
+*/
+static NTSTATUS dcesrv_samr_SetBootKeyInformation(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct samr_SetBootKeyInformation *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  samr_GetBootKeyInformation
+*/
+static NTSTATUS dcesrv_samr_GetBootKeyInformation(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct samr_GetBootKeyInformation *r)
+{
+	/* Windows Server 2008 returns this */
+	return NT_STATUS_NOT_SUPPORTED;
+}
+
+
+/*
+  samr_Connect3
+*/
+static NTSTATUS dcesrv_samr_Connect3(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct samr_Connect3 *r)
+{
+	struct samr_Connect c;
+
+	c = (struct samr_Connect) {
+		.in.system_name = NULL,
+		.in.access_mask = r->in.access_mask,
+		.out.connect_handle = r->out.connect_handle,
+	};
+
+	return dcesrv_samr_Connect(dce_call, mem_ctx, &c);
+}
+
+
+/*
+  samr_Connect4
+*/
+static NTSTATUS dcesrv_samr_Connect4(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct samr_Connect4 *r)
+{
+	struct samr_Connect c;
+
+	c = (struct samr_Connect) {
+		.in.system_name = NULL,
+		.in.access_mask = r->in.access_mask,
+		.out.connect_handle = r->out.connect_handle,
+	};
+
+	return dcesrv_samr_Connect(dce_call, mem_ctx, &c);
+}
+
+
+/*
+  samr_Connect5
+*/
+static NTSTATUS dcesrv_samr_Connect5(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+			      struct samr_Connect5 *r)
+{
+	struct samr_Connect c;
+	NTSTATUS status;
+
+	c = (struct samr_Connect) {
+		.in.system_name = NULL,
+		.in.access_mask = r->in.access_mask,
+		.out.connect_handle = r->out.connect_handle,
+	};
+
+	status = dcesrv_samr_Connect(dce_call, mem_ctx, &c);
+
+	r->out.info_out->info1.client_version = SAMR_CONNECT_AFTER_W2K;
+	r->out.info_out->info1.supported_features = 0;
+	*r->out.level_out = r->in.level_in;
+
+	return status;
+}
+
+
+/*
+  samr_RidToSid
+*/
+static NTSTATUS dcesrv_samr_RidToSid(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+			      struct samr_RidToSid *r)
+{
+	struct samr_domain_state *d_state;
+	struct dcesrv_handle *h;
+
+	DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
+
+	d_state = h->data;
+
+	/* form the users SID */
+	*r->out.sid = dom_sid_add_rid(mem_ctx, d_state->domain_sid, r->in.rid);
+	if (!*r->out.sid) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  samr_SetDsrmPassword
+*/
+static NTSTATUS dcesrv_samr_SetDsrmPassword(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct samr_SetDsrmPassword *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  samr_ValidatePassword
+
+  For now the call checks the password complexity (if active) and the minimum
+  password length on level 2 and 3. Level 1 is ignored for now.
+*/
+static NTSTATUS dcesrv_samr_ValidatePassword(struct dcesrv_call_state *dce_call,
+					     TALLOC_CTX *mem_ctx,
+					     struct samr_ValidatePassword *r)
+{
+	struct samr_GetDomPwInfo r2 = {};
+	struct samr_PwInfo pwInfo = {};
+	const char *account = NULL;
+	DATA_BLOB password;
+	enum samr_ValidationStatus res;
+	NTSTATUS status;
+	enum dcerpc_transport_t transport =
+		dcerpc_binding_get_transport(dce_call->conn->endpoint->ep_description);
+	enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
+
+	if (transport != NCACN_IP_TCP && transport != NCALRPC) {
+		DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
+	}
+
+	dcesrv_call_auth_info(dce_call, NULL, &auth_level);
+	if (auth_level != DCERPC_AUTH_LEVEL_PRIVACY) {
+		DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
+	}
+
+	(*r->out.rep) = talloc_zero(mem_ctx, union samr_ValidatePasswordRep);
+
+	r2 = (struct samr_GetDomPwInfo) {
+		.in.domain_name = NULL,
+		.out.info = &pwInfo,
+	};
+
+	status = dcesrv_samr_GetDomPwInfo(dce_call, mem_ctx, &r2);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	switch (r->in.level) {
+	case NetValidateAuthentication:
+		/* we don't support this yet */
+		return NT_STATUS_NOT_SUPPORTED;
+	break;
+	case NetValidatePasswordChange:
+		account = r->in.req->req2.account.string;
+		password = data_blob_const(r->in.req->req2.password.string,
+					   r->in.req->req2.password.length);
+		res = samdb_check_password(mem_ctx,
+					   dce_call->conn->dce_ctx->lp_ctx,
+					   account,
+					   NULL, /* userPrincipalName */
+					   NULL, /* displayName/full_name */
+					   &password,
+					   pwInfo.password_properties,
+					   pwInfo.min_password_length);
+		(*r->out.rep)->ctr2.status = res;
+	break;
+	case NetValidatePasswordReset:
+		account = r->in.req->req3.account.string;
+		password = data_blob_const(r->in.req->req3.password.string,
+					   r->in.req->req3.password.length);
+		res = samdb_check_password(mem_ctx,
+					   dce_call->conn->dce_ctx->lp_ctx,
+					   account,
+					   NULL, /* userPrincipalName */
+					   NULL, /* displayName/full_name */
+					   &password,
+					   pwInfo.password_properties,
+					   pwInfo.min_password_length);
+		(*r->out.rep)->ctr3.status = res;
+	break;
+	default:
+		return NT_STATUS_INVALID_INFO_CLASS;
+	break;
+	}
+
+	return NT_STATUS_OK;
+}
+
+static void dcesrv_samr_Opnum68NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					     TALLOC_CTX *mem_ctx,
+					     struct samr_Opnum68NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+static void dcesrv_samr_Opnum69NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					     TALLOC_CTX *mem_ctx,
+					     struct samr_Opnum69NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+static void dcesrv_samr_Opnum70NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					     TALLOC_CTX *mem_ctx,
+					     struct samr_Opnum70NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+static void dcesrv_samr_Opnum71NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					     TALLOC_CTX *mem_ctx,
+					     struct samr_Opnum71NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+static void dcesrv_samr_Opnum72NotUsedOnWire(struct dcesrv_call_state *dce_call,
+					     TALLOC_CTX *mem_ctx,
+					     struct samr_Opnum72NotUsedOnWire *r)
+{
+	DCESRV_FAULT_VOID(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/* include the generated boilerplate */
+#include "librpc/gen_ndr/ndr_samr_s.c"
diff --git a/source4/rpc_server/samr/dcesrv_samr.h b/source4/rpc_server/samr/dcesrv_samr.h
new file mode 100644
index 0000000..66038ed
--- /dev/null
+++ b/source4/rpc_server/samr/dcesrv_samr.h
@@ -0,0 +1,88 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   endpoint server for the samr pipe - definitions
+
+   Copyright (C) Andrew Tridgell 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "param/param.h"
+#include "libds/common/roles.h"
+
+/*
+  this type allows us to distinguish handle types
+*/
+enum samr_handle {
+	SAMR_HANDLE_CONNECT,
+	SAMR_HANDLE_DOMAIN,
+	SAMR_HANDLE_USER,
+	SAMR_HANDLE_GROUP,
+	SAMR_HANDLE_ALIAS
+};
+
+
+/*
+  state asscoiated with a samr_Connect*() operation
+*/
+struct samr_connect_state {
+	struct ldb_context *sam_ctx;
+	uint32_t access_mask;
+};
+
+/*
+ * Cache of object GUIDS
+ */
+struct samr_guid_cache {
+	unsigned handle;
+	unsigned size;
+	struct GUID *entries;
+};
+
+enum samr_guid_cache_id {
+	SAMR_QUERY_DISPLAY_INFO_CACHE,
+	SAMR_ENUM_DOMAIN_GROUPS_CACHE,
+	SAMR_ENUM_DOMAIN_USERS_CACHE,
+	SAMR_LAST_CACHE
+};
+
+/*
+  state associated with a samr_OpenDomain() operation
+*/
+struct samr_domain_state {
+	struct samr_connect_state *connect_state;
+	void *sam_ctx;
+	uint32_t access_mask;
+	struct dom_sid *domain_sid;
+	const char *domain_name;
+	struct ldb_dn *domain_dn;
+	enum server_role role;
+	bool builtin;
+	struct loadparm_context *lp_ctx;
+	struct samr_guid_cache guid_caches[SAMR_LAST_CACHE];
+	struct samr_SamEntry *domain_users_cached;
+};
+
+/*
+  state associated with a open account handle
+*/
+struct samr_account_state {
+	struct samr_domain_state *domain_state;
+	void *sam_ctx;
+	uint32_t access_mask;
+	struct dom_sid *account_sid;
+	const char *account_name;
+	struct ldb_dn *account_dn;
+};
diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
new file mode 100644
index 0000000..2b5cd4a
--- /dev/null
+++ b/source4/rpc_server/samr/samr_password.c
@@ -0,0 +1,841 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   samr server password set/change handling
+
+   Copyright (C) Andrew Tridgell 2004
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "rpc_server/dcerpc_server.h"
+#include "rpc_server/common/common.h"
+#include "rpc_server/samr/dcesrv_samr.h"
+#include "system/time.h"
+#include "lib/crypto/md4.h"
+#include "dsdb/common/util.h"
+#include "dsdb/samdb/samdb.h"
+#include "auth/auth.h"
+#include "libcli/auth/libcli_auth.h"
+#include "../lib/util/util_ldb.h"
+#include "rpc_server/samr/proto.h"
+#include "auth/auth_sam.h"
+#include "lib/param/loadparm.h"
+#include "librpc/rpc/dcerpc_helper.h"
+#include "librpc/rpc/dcerpc_samr.h"
+
+#include "lib/crypto/gnutls_helpers.h"
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+
+static void log_password_change_event(struct imessaging_context *msg_ctx,
+				      struct loadparm_context *lp_ctx,
+				      const struct tsocket_address *remote_client_address,
+				      const struct tsocket_address *local_server_address,
+				      const char *auth_description,
+				      const char *password_type,
+				      const char *original_client_name,
+				      const char *account_name_from_db,
+				      NTSTATUS status,
+				      struct dom_sid *sid)
+{
+	/*
+	 * Forcing this via the NTLM auth structure is not ideal, but
+	 * it is the most practical option right now, and ensures the
+	 * logs are consistent, even if some elements are always NULL.
+	 */
+	struct auth_usersupplied_info ui = {
+		.was_mapped = true,
+		.client = {
+			.account_name = original_client_name,
+			.domain_name = lpcfg_sam_name(lp_ctx),
+		},
+		.mapped = {
+			.account_name = account_name_from_db,
+			.domain_name = lpcfg_sam_name(lp_ctx),
+		},
+		.remote_host = remote_client_address,
+		.local_host = local_server_address,
+		.service_description = "SAMR Password Change",
+		.auth_description = auth_description,
+		.password_type = password_type,
+	};
+
+	log_authentication_event(msg_ctx,
+				 lp_ctx,
+				 NULL,
+				 &ui,
+				 status,
+				 ui.mapped.domain_name,
+				 ui.mapped.account_name,
+				 sid,
+				 NULL /* client_audit_info */,
+				 NULL /* server_audit_info */);
+}
+/*
+  samr_ChangePasswordUser
+
+  So old it is just not worth implementing
+  because it does not supply a plaintext and so we can't do password
+  complexity checking and cannot update all the other password hashes.
+
+*/
+NTSTATUS dcesrv_samr_ChangePasswordUser(struct dcesrv_call_state *dce_call,
+					TALLOC_CTX *mem_ctx,
+					struct samr_ChangePasswordUser *r)
+{
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/*
+  samr_OemChangePasswordUser2
+
+  No longer implemented as it requires the LM hash
+*/
+NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct samr_OemChangePasswordUser2 *r)
+{
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/*
+  samr_ChangePasswordUser4
+*/
+NTSTATUS dcesrv_samr_ChangePasswordUser4(struct dcesrv_call_state *dce_call,
+					 TALLOC_CTX *mem_ctx,
+					 struct samr_ChangePasswordUser4 *r)
+{
+	struct ldb_context *sam_ctx = NULL;
+	struct ldb_message *msg = NULL;
+	struct ldb_dn *dn = NULL;
+	const char *samAccountName = NULL;
+	struct dom_sid *objectSid = NULL;
+	struct samr_Password *nt_pwd = NULL;
+	gnutls_datum_t nt_key;
+	gnutls_datum_t salt = {
+		.data = r->in.password->salt,
+		.size = sizeof(r->in.password->salt),
+	};
+	uint8_t cdk_data[16] = {0};
+	DATA_BLOB cdk = {
+		.data = cdk_data,
+		.length = sizeof(cdk_data),
+	};
+	struct auth_session_info *call_session_info = NULL;
+	struct auth_session_info *old_session_info = NULL;
+	NTSTATUS status = NT_STATUS_WRONG_PASSWORD;
+	int rc;
+
+	r->out.result = NT_STATUS_WRONG_PASSWORD;
+
+	if (r->in.password == NULL) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (r->in.password->PBKDF2Iterations < 5000 ||
+	    r->in.password->PBKDF2Iterations > 1000000) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+	/*
+	 * Connect to a SAMDB with system privileges for fetching the old
+	 * password hashes.
+	 */
+	sam_ctx = samdb_connect(mem_ctx,
+				dce_call->event_ctx,
+				dce_call->conn->dce_ctx->lp_ctx,
+				system_session(dce_call->conn->dce_ctx->lp_ctx),
+				dce_call->conn->remote_address,
+				0);
+	if (sam_ctx == NULL) {
+		return NT_STATUS_INVALID_SYSTEM_SERVICE;
+	}
+
+	rc = ldb_transaction_start(sam_ctx);
+	if (rc != LDB_SUCCESS) {
+		DBG_WARNING("Failed to start transaction: %s\n",
+			    ldb_errstring(sam_ctx));
+		return NT_STATUS_TRANSACTION_ABORTED;
+	}
+
+	/*
+	 * We use authsam_search_account() to be consistent with the
+	 * other callers in the bad password and audit log handling
+	 * systems.  It ensures we get DSDB_SEARCH_SHOW_EXTENDED_DN.
+	 */
+	status = authsam_search_account(mem_ctx,
+					sam_ctx,
+					r->in.account->string,
+					ldb_get_default_basedn(sam_ctx),
+					&msg);
+	if (!NT_STATUS_IS_OK(status)) {
+		ldb_transaction_cancel(sam_ctx);
+		goto done;
+	}
+
+	dn = msg->dn;
+	samAccountName = ldb_msg_find_attr_as_string(msg, "samAccountName", NULL);
+	objectSid = samdb_result_dom_sid(msg, msg, "objectSid");
+
+	status = samdb_result_passwords(mem_ctx,
+					dce_call->conn->dce_ctx->lp_ctx,
+					msg,
+					&nt_pwd);
+	if (!NT_STATUS_IS_OK(status)) {
+		ldb_transaction_cancel(sam_ctx);
+		goto done;
+	}
+
+	if (nt_pwd == NULL) {
+		ldb_transaction_cancel(sam_ctx);
+		status = NT_STATUS_WRONG_PASSWORD;
+		goto done;
+	}
+
+	nt_key = (gnutls_datum_t){
+		.data = nt_pwd->hash,
+		.size = sizeof(nt_pwd->hash),
+	};
+
+	rc = gnutls_pbkdf2(GNUTLS_MAC_SHA512,
+			   &nt_key,
+			   &salt,
+			   r->in.password->PBKDF2Iterations,
+			   cdk.data,
+			   cdk.length);
+	if (rc < 0) {
+		ldb_transaction_cancel(sam_ctx);
+		status = NT_STATUS_WRONG_PASSWORD;
+		goto done;
+	}
+
+	/* Drop to user privileges for the password change */
+
+	old_session_info = ldb_get_opaque(sam_ctx, DSDB_SESSION_INFO);
+	call_session_info = dcesrv_call_session_info(dce_call);
+
+	rc = ldb_set_opaque(sam_ctx, DSDB_SESSION_INFO, call_session_info);
+	if (rc != LDB_SUCCESS) {
+		ldb_transaction_cancel(sam_ctx);
+		status = NT_STATUS_INVALID_SYSTEM_SERVICE;
+		goto done;
+	}
+
+	status = samr_set_password_aes(dce_call,
+				       mem_ctx,
+				       &cdk,
+				       sam_ctx,
+				       dn,
+				       NULL,
+				       r->in.password,
+				       DSDB_PASSWORD_CHECKED_AND_CORRECT);
+	BURN_DATA(cdk_data);
+
+	/* Restore our privileges to system level */
+	if (old_session_info != NULL) {
+		ldb_set_opaque(sam_ctx, DSDB_SESSION_INFO, old_session_info);
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		ldb_transaction_cancel(sam_ctx);
+		goto done;
+	}
+
+	/* And this confirms it in a transaction commit */
+	rc = ldb_transaction_commit(sam_ctx);
+	if (rc != LDB_SUCCESS) {
+		DBG_WARNING("Failed to commit transaction to change password "
+			    "on %s: %s\n",
+			    ldb_dn_get_linearized(dn),
+			    ldb_errstring(sam_ctx));
+		status = NT_STATUS_TRANSACTION_ABORTED;
+		goto done;
+	}
+
+	status = NT_STATUS_OK;
+done:
+	{
+		struct imessaging_context *imsg_ctx =
+			dcesrv_imessaging_context(dce_call->conn);
+
+		log_password_change_event(imsg_ctx,
+					dce_call->conn->dce_ctx->lp_ctx,
+					dce_call->conn->remote_address,
+					dce_call->conn->local_address,
+					"samr_ChangePasswordUser4",
+					"AES using NTLM-hash",
+					r->in.account->string,
+					samAccountName,
+					status,
+					objectSid);
+	}
+
+	/* Only update the badPwdCount if we found the user */
+	if (NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
+		authsam_update_bad_pwd_count(sam_ctx,
+					     msg,
+					     ldb_get_default_basedn(sam_ctx));
+	} else if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) {
+		/*
+		 * Don't give the game away: (don't allow anonymous users to
+		 * prove the existence of usernames)
+		 */
+		status = NT_STATUS_WRONG_PASSWORD;
+	}
+
+	return status;
+}
+
+static NTSTATUS dcesrv_samr_ChangePasswordUser_impl(struct dcesrv_call_state *dce_call,
+						    TALLOC_CTX *mem_ctx,
+						    struct samr_ChangePasswordUser3 *r,
+						    const char *function_name)
+{
+	struct imessaging_context *imsg_ctx =
+		dcesrv_imessaging_context(dce_call->conn);
+	NTSTATUS status = NT_STATUS_WRONG_PASSWORD;
+	DATA_BLOB new_password;
+	struct ldb_context *sam_ctx = NULL;
+	struct ldb_dn *user_dn = NULL;
+	int ret;
+	struct ldb_message *msg = NULL;
+	struct samr_Password *nt_pwd;
+	struct samr_DomInfo1 *dominfo = NULL;
+	struct userPwdChangeFailureInformation *reject = NULL;
+	enum samPwdChangeReason reason = SAM_PWD_CHANGE_NO_ERROR;
+	uint8_t new_nt_hash[16];
+	struct samr_Password nt_verifier;
+	const char *user_samAccountName = NULL;
+	struct dom_sid *user_objectSid = NULL;
+	struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
+	enum ntlm_auth_level ntlm_auth_level
+		= lpcfg_ntlm_auth(lp_ctx);
+	gnutls_cipher_hd_t cipher_hnd = NULL;
+	gnutls_datum_t nt_session_key;
+	struct auth_session_info *call_session_info = NULL;
+	struct auth_session_info *old_session_info = NULL;
+	int rc;
+
+	*r->out.dominfo = NULL;
+	*r->out.reject = NULL;
+
+	/* this call should be disabled without NTLM auth */
+	if (ntlm_auth_level == NTLM_AUTH_DISABLED) {
+		DBG_WARNING("NTLM password changes not"
+			    "permitted by configuration.\n");
+		return NT_STATUS_NTLM_BLOCKED;
+	}
+
+	if (r->in.nt_password == NULL ||
+	    r->in.nt_verifier == NULL) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/* Connect to a SAMDB with system privileges for fetching the old pw
+	 * hashes. */
+	sam_ctx = dcesrv_samdb_connect_as_system(mem_ctx, dce_call);
+	if (sam_ctx == NULL) {
+		return NT_STATUS_INVALID_SYSTEM_SERVICE;
+	}
+
+	ret = ldb_transaction_start(sam_ctx);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(1, ("Failed to start transaction: %s\n", ldb_errstring(sam_ctx)));
+		return NT_STATUS_TRANSACTION_ABORTED;
+	}
+
+	/*
+	 * We use authsam_search_account() to be consistent with the
+	 * other callers in the bad password and audit log handling
+	 * systems.  It ensures we get DSDB_SEARCH_SHOW_EXTENDED_DN.
+	 */
+	status = authsam_search_account(mem_ctx,
+					sam_ctx,
+					r->in.account->string,
+					ldb_get_default_basedn(sam_ctx),
+					&msg);
+	if (!NT_STATUS_IS_OK(status)) {
+		ldb_transaction_cancel(sam_ctx);
+		goto failed;
+	}
+
+	user_dn = msg->dn;
+	user_samAccountName = ldb_msg_find_attr_as_string(msg, "samAccountName", NULL);
+	user_objectSid = samdb_result_dom_sid(mem_ctx, msg, "objectSid");
+
+	status = samdb_result_passwords(mem_ctx, lp_ctx,
+					msg, &nt_pwd);
+	if (!NT_STATUS_IS_OK(status) ) {
+		ldb_transaction_cancel(sam_ctx);
+		goto failed;
+	}
+
+	if (!nt_pwd) {
+		status = NT_STATUS_WRONG_PASSWORD;
+		ldb_transaction_cancel(sam_ctx);
+		goto failed;
+	}
+
+	/* decrypt the password we have been given */
+	nt_session_key = (gnutls_datum_t) {
+		.data = nt_pwd->hash,
+		.size = sizeof(nt_pwd->hash),
+	};
+
+	rc = gnutls_cipher_init(&cipher_hnd,
+				GNUTLS_CIPHER_ARCFOUR_128,
+				&nt_session_key,
+				NULL);
+	if (rc < 0) {
+		status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
+		ldb_transaction_cancel(sam_ctx);
+		goto failed;
+	}
+
+	rc = gnutls_cipher_decrypt(cipher_hnd,
+				   r->in.nt_password->data,
+				   516);
+	gnutls_cipher_deinit(cipher_hnd);
+	if (rc < 0) {
+		status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
+		ldb_transaction_cancel(sam_ctx);
+		goto failed;
+	}
+
+	if (!extract_pw_from_buffer(mem_ctx, r->in.nt_password->data, &new_password)) {
+		DEBUG(3,("samr: failed to decode password buffer\n"));
+		status =  NT_STATUS_WRONG_PASSWORD;
+		ldb_transaction_cancel(sam_ctx);
+		goto failed;
+	}
+
+	if (r->in.nt_verifier == NULL) {
+		status = NT_STATUS_WRONG_PASSWORD;
+		ldb_transaction_cancel(sam_ctx);
+		goto failed;
+	}
+
+	/* check NT verifier */
+	mdfour(new_nt_hash, new_password.data, new_password.length);
+
+	rc = E_old_pw_hash(new_nt_hash, nt_pwd->hash, nt_verifier.hash);
+	if (rc != 0) {
+		status = gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
+		ldb_transaction_cancel(sam_ctx);
+		goto failed;
+	}
+	if (!mem_equal_const_time(nt_verifier.hash, r->in.nt_verifier->hash, 16)) {
+		status = NT_STATUS_WRONG_PASSWORD;
+		ldb_transaction_cancel(sam_ctx);
+		goto failed;
+	}
+
+	/* Drop to user privileges for the password change */
+
+	old_session_info = ldb_get_opaque(sam_ctx, DSDB_SESSION_INFO);
+	call_session_info = dcesrv_call_session_info(dce_call);
+
+	ret = ldb_set_opaque(sam_ctx, DSDB_SESSION_INFO, call_session_info);
+	if (ret != LDB_SUCCESS) {
+		status = NT_STATUS_INVALID_SYSTEM_SERVICE;
+		ldb_transaction_cancel(sam_ctx);
+		goto failed;
+	}
+
+	/* Performs the password modification. We pass the old hashes read out
+	 * from the database since they were already checked against the user-
+	 * provided ones. */
+	status = samdb_set_password(sam_ctx, mem_ctx,
+				    user_dn, NULL,
+				    &new_password,
+				    NULL,
+				    DSDB_PASSWORD_CHECKED_AND_CORRECT,
+				    &reason,
+				    &dominfo);
+
+	/* Restore our privileges to system level */
+	if (old_session_info != NULL) {
+		ldb_set_opaque(sam_ctx, DSDB_SESSION_INFO, old_session_info);
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		ldb_transaction_cancel(sam_ctx);
+		goto failed;
+	}
+
+	/* And this confirms it in a transaction commit */
+	ret = ldb_transaction_commit(sam_ctx);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(1,("Failed to commit transaction to change password on %s: %s\n",
+			 ldb_dn_get_linearized(user_dn),
+			 ldb_errstring(sam_ctx)));
+		status = NT_STATUS_TRANSACTION_ABORTED;
+		goto failed;
+	}
+
+	status = NT_STATUS_OK;
+
+failed:
+
+	log_password_change_event(imsg_ctx,
+				  lp_ctx,
+				  dce_call->conn->remote_address,
+				  dce_call->conn->local_address,
+				  function_name,
+				  "RC4/DES using NTLM-hash",
+				  r->in.account->string,
+				  user_samAccountName,
+				  status,
+				  user_objectSid);
+	if (NT_STATUS_IS_OK(status)) {
+		return NT_STATUS_OK;
+	}
+
+	/* Only update the badPwdCount if we found the user */
+	if (NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
+		NTSTATUS bad_pwd_status;
+
+		bad_pwd_status = authsam_update_bad_pwd_count(
+			sam_ctx, msg, ldb_get_default_basedn(sam_ctx));
+		if (NT_STATUS_EQUAL(bad_pwd_status, NT_STATUS_ACCOUNT_LOCKED_OUT)) {
+			status = bad_pwd_status;
+		}
+	} else if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) {
+		/* Don't give the game away:  (don't allow anonymous users to prove the existence of usernames) */
+		status = NT_STATUS_WRONG_PASSWORD;
+	}
+
+	reject = talloc_zero(mem_ctx, struct userPwdChangeFailureInformation);
+	if (reject != NULL) {
+		reject->extendedFailureReason = reason;
+
+		*r->out.reject = reject;
+	}
+
+	*r->out.dominfo = dominfo;
+
+	return status;
+}
+
+/*
+  samr_ChangePasswordUser3
+*/
+NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
+					 TALLOC_CTX *mem_ctx,
+					 struct samr_ChangePasswordUser3 *r)
+{
+	return dcesrv_samr_ChangePasswordUser_impl(dce_call, mem_ctx, r,
+						   "samr_ChangePasswordUser3");
+}
+
+/*
+  samr_ChangePasswordUser2
+
+  easy - just a subset of samr_ChangePasswordUser3
+*/
+NTSTATUS dcesrv_samr_ChangePasswordUser2(struct dcesrv_call_state *dce_call,
+					 TALLOC_CTX *mem_ctx,
+					 struct samr_ChangePasswordUser2 *r)
+{
+	struct samr_ChangePasswordUser3 r2;
+	struct samr_DomInfo1 *dominfo = NULL;
+	struct userPwdChangeFailureInformation *reject = NULL;
+
+	r2.in.server = r->in.server;
+	r2.in.account = r->in.account;
+	r2.in.nt_password = r->in.nt_password;
+	r2.in.nt_verifier = r->in.nt_verifier;
+	r2.in.lm_change = r->in.lm_change;
+	r2.in.lm_password = r->in.lm_password;
+	r2.in.lm_verifier = r->in.lm_verifier;
+	r2.in.password3 = NULL;
+	r2.out.dominfo = &dominfo;
+	r2.out.reject = &reject;
+
+	return dcesrv_samr_ChangePasswordUser_impl(dce_call, mem_ctx, &r2,
+						   "samr_ChangePasswordUser2");
+}
+
+
+/*
+  set password via a samr_CryptPassword buffer
+*/
+NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
+			   struct ldb_context *sam_ctx,
+			   struct ldb_dn *account_dn, struct ldb_dn *domain_dn,
+			   TALLOC_CTX *mem_ctx,
+			   struct samr_CryptPassword *pwbuf)
+{
+	NTSTATUS nt_status;
+	DATA_BLOB new_password;
+	DATA_BLOB session_key = data_blob(NULL, 0);
+	gnutls_cipher_hd_t cipher_hnd = NULL;
+	gnutls_datum_t _session_key;
+	struct auth_session_info *session_info =
+		dcesrv_call_session_info(dce_call);
+	struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
+	int rc;
+	bool encrypted;
+
+	encrypted = dcerpc_is_transport_encrypted(session_info);
+	if (lpcfg_weak_crypto(lp_ctx) == SAMBA_WEAK_CRYPTO_DISALLOWED &&
+	    !encrypted) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	nt_status = dcesrv_transport_session_key(dce_call, &session_key);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		DBG_NOTICE("samr: failed to get session key: %s\n",
+			   nt_errstr(nt_status));
+		return nt_status;
+	}
+
+	_session_key = (gnutls_datum_t) {
+		.data = session_key.data,
+		.size = session_key.length,
+	};
+
+	/*
+	 * This is safe to support as we only have a session key
+	 * over a SMB connection which we force to be encrypted.
+	 */
+	GNUTLS_FIPS140_SET_LAX_MODE();
+	rc = gnutls_cipher_init(&cipher_hnd,
+				GNUTLS_CIPHER_ARCFOUR_128,
+				&_session_key,
+				NULL);
+	if (rc < 0) {
+		GNUTLS_FIPS140_SET_STRICT_MODE();
+		nt_status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
+		goto out;
+	}
+
+	rc = gnutls_cipher_decrypt(cipher_hnd,
+				   pwbuf->data,
+				   516);
+	gnutls_cipher_deinit(cipher_hnd);
+	GNUTLS_FIPS140_SET_STRICT_MODE();
+	if (rc < 0) {
+		nt_status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
+		goto out;
+	}
+
+	if (!extract_pw_from_buffer(mem_ctx, pwbuf->data, &new_password)) {
+		DEBUG(3,("samr: failed to decode password buffer\n"));
+		return NT_STATUS_WRONG_PASSWORD;
+	}
+
+	/* set the password - samdb needs to know both the domain and user DNs,
+	   so the domain password policy can be used */
+	nt_status = samdb_set_password(sam_ctx,
+				       mem_ctx,
+				       account_dn,
+				       domain_dn,
+				       &new_password,
+				       NULL,
+				       DSDB_PASSWORD_RESET,
+				       NULL,
+				       NULL);
+out:
+	return nt_status;
+}
+
+
+/*
+  set password via a samr_CryptPasswordEx buffer
+*/
+NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
+			      struct ldb_context *sam_ctx,
+			      struct ldb_dn *account_dn,
+			      struct ldb_dn *domain_dn,
+			      TALLOC_CTX *mem_ctx,
+			      struct samr_CryptPasswordEx *pwbuf)
+{
+	struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
+	struct auth_session_info *session_info =
+		dcesrv_call_session_info(dce_call);
+	NTSTATUS nt_status;
+	DATA_BLOB new_password;
+
+	/* The confounder is in the last 16 bytes of the buffer */
+	DATA_BLOB confounder = data_blob_const(&pwbuf->data[516], 16);
+	DATA_BLOB pw_data = data_blob_const(pwbuf->data, 516);
+	DATA_BLOB session_key = data_blob(NULL, 0);
+	int rc;
+	bool encrypted;
+
+	nt_status = dcesrv_transport_session_key(dce_call, &session_key);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		DEBUG(3,("samr: failed to get session key: %s "
+			 "=> NT_STATUS_WRONG_PASSWORD\n",
+			nt_errstr(nt_status)));
+		return NT_STATUS_WRONG_PASSWORD;
+	}
+
+	encrypted = dcerpc_is_transport_encrypted(session_info);
+	if (lpcfg_weak_crypto(lp_ctx) == SAMBA_WEAK_CRYPTO_DISALLOWED &&
+	    !encrypted) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	GNUTLS_FIPS140_SET_LAX_MODE();
+	rc = samba_gnutls_arcfour_confounded_md5(&confounder,
+						 &session_key,
+						 &pw_data,
+						 SAMBA_GNUTLS_DECRYPT);
+	GNUTLS_FIPS140_SET_STRICT_MODE();
+	if (rc < 0) {
+		nt_status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
+		goto out;
+	}
+
+	if (!extract_pw_from_buffer(mem_ctx, pwbuf->data, &new_password)) {
+		DEBUG(3,("samr: failed to decode password buffer\n"));
+		nt_status = NT_STATUS_WRONG_PASSWORD;
+		goto out;
+	}
+
+	/* set the password - samdb needs to know both the domain and user DNs,
+	   so the domain password policy can be used */
+	nt_status = samdb_set_password(sam_ctx,
+				       mem_ctx,
+				       account_dn,
+				       domain_dn,
+				       &new_password,
+				       NULL,
+				       DSDB_PASSWORD_RESET,
+				       NULL,
+				       NULL);
+	ZERO_ARRAY_LEN(new_password.data,
+		       new_password.length);
+
+out:
+	return nt_status;
+}
+
+/*
+  set password via encrypted NT and LM hash buffers
+*/
+NTSTATUS samr_set_password_buffers(struct dcesrv_call_state *dce_call,
+				   struct ldb_context *sam_ctx,
+				   struct ldb_dn *account_dn,
+				   struct ldb_dn *domain_dn,
+				   TALLOC_CTX *mem_ctx,
+				   const uint8_t *lm_pwd_hash,
+				   const uint8_t *nt_pwd_hash)
+{
+	struct samr_Password *d_lm_pwd_hash = NULL, *d_nt_pwd_hash = NULL;
+	uint8_t random_session_key[16] = { 0, };
+	DATA_BLOB session_key = data_blob(NULL, 0);
+	DATA_BLOB in, out;
+	NTSTATUS nt_status = NT_STATUS_OK;
+	int rc;
+
+	nt_status = dcesrv_transport_session_key(dce_call, &session_key);
+	if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_USER_SESSION_KEY)) {
+		DEBUG(3,("samr: failed to get session key: %s "
+			 "=> use a random session key\n",
+			 nt_errstr(nt_status)));
+
+		/*
+		 * Windows just uses a random key
+		 */
+		generate_random_buffer(random_session_key,
+				       sizeof(random_session_key));
+		session_key = data_blob_const(random_session_key,
+					      sizeof(random_session_key));
+		nt_status = NT_STATUS_OK;
+	}
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		return nt_status;
+	}
+
+	if (nt_pwd_hash != NULL) {
+		in = data_blob_const(nt_pwd_hash, 16);
+		out = data_blob_talloc_zero(mem_ctx, 16);
+
+		rc = sess_crypt_blob(&out, &in, &session_key, SAMBA_GNUTLS_DECRYPT);
+		if (rc != 0) {
+			return gnutls_error_to_ntstatus(rc,
+							NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
+		}
+
+		d_nt_pwd_hash = (struct samr_Password *) out.data;
+	}
+
+	if ((d_lm_pwd_hash != NULL) || (d_nt_pwd_hash != NULL)) {
+		nt_status = samdb_set_password(sam_ctx, mem_ctx, account_dn,
+					       domain_dn, NULL,
+					       d_nt_pwd_hash,
+					       DSDB_PASSWORD_RESET,
+					       NULL, NULL);
+	}
+
+	return nt_status;
+}
+
+NTSTATUS samr_set_password_aes(struct dcesrv_call_state *dce_call,
+			       TALLOC_CTX *mem_ctx,
+			       const DATA_BLOB *cdk,
+			       struct ldb_context *sam_ctx,
+			       struct ldb_dn *account_dn,
+			       struct ldb_dn *domain_dn,
+			       struct samr_EncryptedPasswordAES *pwbuf,
+			       enum dsdb_password_checked old_password_checked)
+{
+	DATA_BLOB pw_data = data_blob_null;
+	DATA_BLOB new_password = data_blob_null;
+	const DATA_BLOB ciphertext =
+		data_blob_const(pwbuf->cipher, pwbuf->cipher_len);
+	DATA_BLOB iv = data_blob_const(pwbuf->salt, sizeof(pwbuf->salt));
+	NTSTATUS nt_status = NT_STATUS_OK;
+	bool ok;
+
+	nt_status = samba_gnutls_aead_aes_256_cbc_hmac_sha512_decrypt(
+		mem_ctx,
+		&ciphertext,
+		cdk,
+		&samr_aes256_enc_key_salt,
+		&samr_aes256_mac_key_salt,
+		&iv,
+		pwbuf->auth_data,
+		&pw_data);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		return NT_STATUS_WRONG_PASSWORD;
+	}
+
+	ok = extract_pwd_blob_from_buffer514(mem_ctx,
+					     pw_data.data,
+					     &new_password);
+	TALLOC_FREE(pw_data.data);
+	if (!ok) {
+		DBG_NOTICE("samr: failed to decode password buffer\n");
+		return NT_STATUS_WRONG_PASSWORD;
+	}
+
+	nt_status = samdb_set_password(sam_ctx,
+				       mem_ctx,
+				       account_dn,
+				       domain_dn,
+				       &new_password,
+				       NULL,
+				       old_password_checked,
+				       NULL,
+				       NULL);
+	TALLOC_FREE(new_password.data);
+
+	return nt_status;
+}
diff --git a/source4/rpc_server/service_rpc.c b/source4/rpc_server/service_rpc.c
new file mode 100644
index 0000000..e4f72a1
--- /dev/null
+++ b/source4/rpc_server/service_rpc.c
@@ -0,0 +1,224 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   smbd-specific dcerpc server code
+
+   Copyright (C) Andrew Tridgell 2003-2005
+   Copyright (C) Stefan (metze) Metzmacher 2004-2005
+   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2004,2007
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_dcerpc.h"
+#include "auth/auth.h"
+#include "../lib/util/dlinklist.h"
+#include "rpc_server/dcerpc_server.h"
+#include "rpc_server/dcerpc_server_proto.h"
+#include "librpc/rpc/dcerpc.h"
+#include "system/filesys.h"
+#include "lib/messaging/irpc.h"
+#include "system/network.h"
+#include "lib/socket/netif.h"
+#include "param/param.h"
+#include "../lib/tsocket/tsocket.h"
+#include "librpc/rpc/dcerpc_proto.h"
+#include "../lib/util/tevent_ntstatus.h"
+#include "libcli/raw/smb.h"
+#include "samba/process_model.h"
+
+static void skip_become_root(void)
+{
+}
+
+static void skip_unbecome_root(void)
+{
+}
+
+static struct dcesrv_context_callbacks srv_callbacks = {
+	.log.successful_authz = log_successful_dcesrv_authz_event,
+	.auth.gensec_prepare = dcesrv_gensec_prepare,
+	.auth.become_root = skip_become_root,
+	.auth.unbecome_root = skip_unbecome_root,
+	.assoc_group.find = dcesrv_assoc_group_find_s4,
+};
+
+/*
+ * Need to run the majority of the RPC endpoints in a single process to allow
+ * for shared handles, and the sharing of ldb contexts.
+ *
+ * However other endpoints are capable of being run in multiple processes
+ * e.g. NETLOGON.
+ *
+ * To support this the process model is manipulated to force those end points
+ * not supporting multiple processes into the single process model. The code
+ * responsible for this is in dcesrv_init_endpoints
+ *
+ */
+NTSTATUS server_service_rpc_init(TALLOC_CTX *);
+
+/*
+ * Initialise the rpc endpoints.
+ */
+static NTSTATUS dcesrv_init_endpoints(struct task_server *task,
+				      struct dcesrv_context *dce_ctx,
+				      bool use_single_process)
+{
+
+	struct dcesrv_endpoint *e;
+	const struct model_ops *model_ops = NULL;
+
+	/*
+	 * For those RPC services that run with shared context we need to
+	 * ensure that they don't fork a new process on accept (standard_model).
+	 * And as there is only one process handling these requests we need
+	 * to handle accept errors in a similar manner to the single process
+	 * model.
+	 *
+	 * To do this we override the process model operations with the single
+	 * process operations. This is not the most elegant solution, but it is
+	 * the least ugly, and is confined to the next block of code.
+	 */
+	if (use_single_process) {
+		model_ops = process_model_startup("single");
+		if (model_ops == NULL) {
+			DBG_ERR("Unable to load single process model\n");
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+	} else {
+		model_ops = task->model_ops;
+	}
+
+	for (e = dce_ctx->endpoint_list; e; e = e->next) {
+
+		enum dcerpc_transport_t transport =
+		    dcerpc_binding_get_transport(e->ep_description);
+
+		if (transport == NCACN_HTTP) {
+			/*
+			 * We don't support ncacn_http yet
+			 */
+			continue;
+		}
+		if (e->use_single_process == use_single_process) {
+			NTSTATUS status;
+			status = dcesrv_add_ep(dce_ctx,
+					       task->lp_ctx,
+					       e,
+					       task->event_ctx,
+					       model_ops,
+					       task->process_context);
+			if (!NT_STATUS_IS_OK(status)) {
+				return status;
+			}
+		}
+	}
+	return NT_STATUS_OK;
+}
+
+/*
+ * Initialise the RPC service.
+ * And those end points that can be serviced by multiple processes.
+ * The endpoints that need to be run in a single process are setup in the
+ * post_fork hook.
+*/
+static NTSTATUS dcesrv_task_init(struct task_server *task)
+{
+	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+	struct dcesrv_context *dce_ctx;
+	const char **ep_servers = NULL;
+
+	dcerpc_server_init(task->lp_ctx);
+
+	task_server_set_title(task, "task[dcesrv]");
+
+	status = dcesrv_init_context(task->event_ctx,
+				     task->lp_ctx,
+				     &srv_callbacks,
+				     &dce_ctx);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	ep_servers = lpcfg_dcerpc_endpoint_servers(task->lp_ctx);
+	status = dcesrv_init_ep_servers(dce_ctx, ep_servers);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	/* Make sure the directory for NCALRPC exists */
+	if (!directory_exist(lpcfg_ncalrpc_dir(task->lp_ctx))) {
+		int ret;
+
+		ret = mkdir(lpcfg_ncalrpc_dir(task->lp_ctx), 0755);
+		if (ret == -1 && errno != EEXIST) {
+			return map_nt_error_from_unix_common(errno);
+		}
+	}
+	status = dcesrv_init_endpoints(task, dce_ctx, false);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	task->private_data = dce_ctx;
+	return NT_STATUS_OK;
+}
+
+/*
+ * Initialise the endpoints that need to run in a single process fork.
+ * The endpoint registration is only done for the first process instance.
+ *
+ */
+static void dcesrv_post_fork(struct task_server *task,
+			     struct process_details *pd)
+{
+
+	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+	struct dcesrv_context *dce_ctx;
+
+	if (task->private_data == NULL) {
+		task_server_terminate(task, "dcerpc: No dcesrv_context", true);
+		return;
+	}
+	dce_ctx =
+	    talloc_get_type_abort(task->private_data, struct dcesrv_context);
+
+	/*
+	 * Ensure the single process endpoints are only available to the
+	 * first instance.
+	 */
+	if (pd->instances == 0) {
+		status = dcesrv_init_endpoints(task, dce_ctx, true);
+		if (!NT_STATUS_IS_OK(status)) {
+			task_server_terminate(
+			    task,
+			    "dcerpc: Failed to initialise end points",
+			    true);
+			return;
+		}
+	}
+
+	irpc_add_name(task->msg_ctx, "rpc_server");
+}
+
+NTSTATUS server_service_rpc_init(TALLOC_CTX *ctx)
+{
+	static const struct service_details details = {
+	    .inhibit_fork_on_accept = false,
+	    .inhibit_pre_fork = false,
+	    .task_init = dcesrv_task_init,
+	    .post_fork = dcesrv_post_fork};
+	return register_server_service(ctx, "rpc", &details);
+}
diff --git a/source4/rpc_server/srvsvc/dcesrv_srvsvc.c b/source4/rpc_server/srvsvc/dcesrv_srvsvc.c
new file mode 100644
index 0000000..9847fc3
--- /dev/null
+++ b/source4/rpc_server/srvsvc/dcesrv_srvsvc.c
@@ -0,0 +1,2300 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   endpoint server for the srvsvc pipe
+
+   Copyright (C) Stefan (metze) Metzmacher 2004-2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "ntvfs/ntvfs.h"
+#include "rpc_server/dcerpc_server.h"
+#include "librpc/gen_ndr/ndr_srvsvc.h"
+#include "rpc_server/common/common.h"
+#include "rpc_server/common/share.h"
+#include "auth/auth.h"
+#include "libcli/security/security.h"
+#include "system/time.h"
+#include "rpc_server/srvsvc/proto.h"
+#include "param/param.h"
+
+#undef strcasecmp
+#undef strncasecmp
+
+#define SRVSVC_CHECK_ADMIN_ACCESS do { \
+	struct auth_session_info *si = dcesrv_call_session_info(dce_call); \
+	struct security_token *t = si->security_token; \
+	if (!security_token_has_builtin_administrators(t) && \
+	    !security_token_has_sid(t, &global_sid_Builtin_Server_Operators)) { \
+	    	return WERR_ACCESS_DENIED; \
+	} \
+} while (0)
+
+/* 
+  srvsvc_NetCharDevEnum 
+*/
+static WERROR dcesrv_srvsvc_NetCharDevEnum(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				      struct srvsvc_NetCharDevEnum *r)
+{
+	*r->out.totalentries = 0;
+
+	switch (r->in.info_ctr->level) {
+	case 0:
+		r->out.info_ctr->ctr.ctr0 = talloc(mem_ctx, struct srvsvc_NetCharDevCtr0);
+		W_ERROR_HAVE_NO_MEMORY(r->out.info_ctr->ctr.ctr0);
+
+		r->out.info_ctr->ctr.ctr0->count = 0;
+		r->out.info_ctr->ctr.ctr0->array = NULL;
+
+		return WERR_NOT_SUPPORTED;
+
+	case 1:
+		r->out.info_ctr->ctr.ctr1 = talloc(mem_ctx, struct srvsvc_NetCharDevCtr1);
+		W_ERROR_HAVE_NO_MEMORY(r->out.info_ctr->ctr.ctr1);
+
+		r->out.info_ctr->ctr.ctr1->count = 0;
+		r->out.info_ctr->ctr.ctr1->array = NULL;
+
+		return WERR_NOT_SUPPORTED;
+
+	default:
+		return WERR_INVALID_LEVEL;
+	}
+}
+
+
+/* 
+  srvsvc_NetCharDevGetInfo 
+*/
+static WERROR dcesrv_srvsvc_NetCharDevGetInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NetCharDevGetInfo *r)
+{
+	ZERO_STRUCTP(r->out.info);
+
+	switch (r->in.level) {
+	case 0:
+	{
+		return WERR_NOT_SUPPORTED;
+	}
+	case 1:
+	{
+		return WERR_NOT_SUPPORTED;
+	}
+	default:
+		return WERR_INVALID_LEVEL;
+	}
+}
+
+
+/* 
+  srvsvc_NetCharDevControl 
+*/
+static WERROR dcesrv_srvsvc_NetCharDevControl(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NetCharDevControl *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  srvsvc_NetCharDevQEnum 
+*/
+static WERROR dcesrv_srvsvc_NetCharDevQEnum(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				     struct srvsvc_NetCharDevQEnum *r)
+{
+	*r->out.totalentries = 0;
+
+	switch (r->in.info_ctr->level) {
+	case 0:
+	{
+		r->out.info_ctr->ctr.ctr0 = talloc(mem_ctx, struct srvsvc_NetCharDevQCtr0);
+		W_ERROR_HAVE_NO_MEMORY(r->out.info_ctr->ctr.ctr0);
+
+		r->out.info_ctr->ctr.ctr0->count = 0;
+		r->out.info_ctr->ctr.ctr0->array = NULL;
+
+		return WERR_NOT_SUPPORTED;
+	}
+	case 1:
+	{
+		r->out.info_ctr->ctr.ctr1 = talloc(mem_ctx, struct srvsvc_NetCharDevQCtr1);
+		W_ERROR_HAVE_NO_MEMORY(r->out.info_ctr->ctr.ctr1);
+
+		r->out.info_ctr->ctr.ctr1->count = 0;
+		r->out.info_ctr->ctr.ctr1->array = NULL;
+
+		return WERR_NOT_SUPPORTED;
+	}
+	default:
+		return WERR_INVALID_LEVEL;
+	}
+}
+
+
+/* 
+  srvsvc_NetCharDevQGetInfo 
+*/
+static WERROR dcesrv_srvsvc_NetCharDevQGetInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+					struct srvsvc_NetCharDevQGetInfo *r)
+{
+	ZERO_STRUCTP(r->out.info);
+
+	switch (r->in.level) {
+	case 0:
+	{
+		return WERR_NOT_SUPPORTED;
+	}
+	case 1:
+	{
+		return WERR_NOT_SUPPORTED;
+	}
+	default:
+		return WERR_INVALID_LEVEL;
+	}
+}
+
+
+/* 
+  srvsvc_NetCharDevQSetInfo 
+*/
+static WERROR dcesrv_srvsvc_NetCharDevQSetInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NetCharDevQSetInfo *r)
+{
+	switch (r->in.level) {
+	case 0:
+	{
+		if (r->in.parm_error) {
+			r->out.parm_error = r->in.parm_error;
+		}
+		return WERR_NOT_SUPPORTED;
+	}
+	case 1:
+	{
+		if (r->in.parm_error) {
+			r->out.parm_error = r->in.parm_error;
+		}
+		return WERR_NOT_SUPPORTED;
+	}
+	default:
+		return WERR_INVALID_LEVEL;
+	}
+}
+
+
+/* 
+  srvsvc_NetCharDevQPurge 
+*/
+static WERROR dcesrv_srvsvc_NetCharDevQPurge(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NetCharDevQPurge *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  srvsvc_NetCharDevQPurgeSelf 
+*/
+static WERROR dcesrv_srvsvc_NetCharDevQPurgeSelf(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+					  struct srvsvc_NetCharDevQPurgeSelf *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);	
+}
+
+
+/* 
+  srvsvc_NetConnEnum 
+*/
+static WERROR dcesrv_srvsvc_NetConnEnum(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NetConnEnum *r)
+{
+	*r->out.totalentries = 0;
+
+	switch (r->in.info_ctr->level) {
+	case 0:
+	{
+		r->out.info_ctr->ctr.ctr0 = talloc(mem_ctx, struct srvsvc_NetConnCtr0);
+		W_ERROR_HAVE_NO_MEMORY(r->out.info_ctr->ctr.ctr0);
+
+		r->out.info_ctr->ctr.ctr0->count = 0;
+		r->out.info_ctr->ctr.ctr0->array = NULL;
+
+		return WERR_NOT_SUPPORTED;
+	}
+	case 1:
+	{
+		r->out.info_ctr->ctr.ctr1 = talloc(mem_ctx, struct srvsvc_NetConnCtr1);
+		W_ERROR_HAVE_NO_MEMORY(r->out.info_ctr->ctr.ctr1);
+
+		r->out.info_ctr->ctr.ctr1->count = 0;
+		r->out.info_ctr->ctr.ctr1->array = NULL;
+
+		return WERR_NOT_SUPPORTED;
+	}
+	default:
+		return WERR_INVALID_LEVEL;
+	}
+}
+
+
+/* 
+  srvsvc_NetFileEnum 
+*/
+static WERROR dcesrv_srvsvc_NetFileEnum(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				 struct srvsvc_NetFileEnum *r)
+{
+	*r->out.totalentries = 0;
+
+	switch (r->in.info_ctr->level) {
+	case 2:
+	{
+		r->out.info_ctr->ctr.ctr2 = talloc(mem_ctx, struct srvsvc_NetFileCtr2);
+		W_ERROR_HAVE_NO_MEMORY(r->out.info_ctr->ctr.ctr2);
+
+		r->out.info_ctr->ctr.ctr2->count = 0;
+		r->out.info_ctr->ctr.ctr2->array = NULL;
+
+		return WERR_NOT_SUPPORTED;
+	}
+	case 3:
+	{
+		r->out.info_ctr->ctr.ctr3 = talloc(mem_ctx, struct srvsvc_NetFileCtr3);
+		W_ERROR_HAVE_NO_MEMORY(r->out.info_ctr->ctr.ctr3);
+
+		r->out.info_ctr->ctr.ctr3->count = 0;
+		r->out.info_ctr->ctr.ctr3->array = NULL;
+
+		return WERR_NOT_SUPPORTED;
+	}
+	default:
+		return WERR_INVALID_LEVEL;
+	}
+}
+
+
+/* 
+  srvsvc_NetFileGetInfo 
+*/
+static WERROR dcesrv_srvsvc_NetFileGetInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				    struct srvsvc_NetFileGetInfo *r)
+{
+	ZERO_STRUCTP(r->out.info);
+
+	switch (r->in.level) {
+	case 2:
+	{
+		return WERR_NOT_SUPPORTED;
+	}
+	case 3:
+	{
+		return WERR_NOT_SUPPORTED;
+	}
+	default:
+		return WERR_INVALID_LEVEL;
+	}
+}
+
+
+/* 
+  srvsvc_NetFileClose 
+*/
+static WERROR dcesrv_srvsvc_NetFileClose(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NetFileClose *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  srvsvc_NetSessEnum 
+*/
+static WERROR dcesrv_srvsvc_NetSessEnum(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NetSessEnum *r)
+{
+	*r->out.totalentries = 0;
+
+	switch (r->in.info_ctr->level) {
+	case 0:
+	{
+		r->out.info_ctr->ctr.ctr0 = talloc(mem_ctx, struct srvsvc_NetSessCtr0);
+		W_ERROR_HAVE_NO_MEMORY(r->out.info_ctr->ctr.ctr0);
+
+		r->out.info_ctr->ctr.ctr0->count = 0;
+		r->out.info_ctr->ctr.ctr0->array = NULL;
+
+		return WERR_NOT_SUPPORTED;
+	}
+	case 1:
+	{
+		r->out.info_ctr->ctr.ctr1 = talloc(mem_ctx, struct srvsvc_NetSessCtr1);
+		W_ERROR_HAVE_NO_MEMORY(r->out.info_ctr->ctr.ctr1);
+
+		r->out.info_ctr->ctr.ctr1->count = 0;
+		r->out.info_ctr->ctr.ctr1->array = NULL;
+
+		return WERR_NOT_SUPPORTED;
+	}
+	case 2:
+	{
+		r->out.info_ctr->ctr.ctr2 = talloc(mem_ctx, struct srvsvc_NetSessCtr2);
+		W_ERROR_HAVE_NO_MEMORY(r->out.info_ctr->ctr.ctr2);
+
+		r->out.info_ctr->ctr.ctr2->count = 0;
+		r->out.info_ctr->ctr.ctr2->array = NULL;
+
+		return WERR_NOT_SUPPORTED;
+	}
+	case 10:
+	{
+		r->out.info_ctr->ctr.ctr10 = talloc(mem_ctx, struct srvsvc_NetSessCtr10);
+		W_ERROR_HAVE_NO_MEMORY(r->out.info_ctr->ctr.ctr10);
+
+		r->out.info_ctr->ctr.ctr10->count = 0;
+		r->out.info_ctr->ctr.ctr10->array = NULL;
+
+		return WERR_NOT_SUPPORTED;
+	}
+	case 502:
+	{
+		r->out.info_ctr->ctr.ctr502 = talloc(mem_ctx, struct srvsvc_NetSessCtr502);
+		W_ERROR_HAVE_NO_MEMORY(r->out.info_ctr->ctr.ctr502);
+
+		r->out.info_ctr->ctr.ctr502->count = 0;
+		r->out.info_ctr->ctr.ctr502->array = NULL;
+
+		return WERR_NOT_SUPPORTED;
+	}
+	default:
+		return WERR_INVALID_LEVEL;
+	}
+}
+
+
+/* 
+  srvsvc_NetSessDel 
+*/
+static WERROR dcesrv_srvsvc_NetSessDel(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NetSessDel *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  srvsvc_NetShareAdd 
+*/
+static WERROR dcesrv_srvsvc_NetShareAdd(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NetShareAdd *r)
+{
+	switch (r->in.level) {
+	case 0:
+	{
+		if (r->in.parm_error) {
+			r->out.parm_error = r->in.parm_error;
+		}
+		return WERR_NOT_SUPPORTED;
+	}
+	case 1:
+	{
+		if (r->in.parm_error) {
+			r->out.parm_error = r->in.parm_error;
+		}
+		return WERR_NOT_SUPPORTED;
+	}
+	case 2:
+	{
+		NTSTATUS nterr;
+		struct share_info *info;
+		struct share_context *sctx;
+		unsigned int count = 8;
+		unsigned int i;
+
+		nterr = share_get_context(mem_ctx, dce_call->conn->dce_ctx->lp_ctx, &sctx);
+		if (!NT_STATUS_IS_OK(nterr)) {
+			return ntstatus_to_werror(nterr);
+		}
+
+		/* there are no more than 8 options in struct srvsvc_NetShareInfo2 */
+		info = talloc_array(mem_ctx, struct share_info, count);
+		W_ERROR_HAVE_NO_MEMORY(info);
+
+		i = 0;
+
+		info[i].name = SHARE_TYPE;
+		info[i].type = SHARE_INFO_STRING;
+		switch (r->in.info->info2->type) {
+		case STYPE_DISKTREE:
+			info[i].value = talloc_strdup(info, "DISK");
+			break;
+		case STYPE_PRINTQ:
+			info[i].value = talloc_strdup(info, "PRINTER");
+			break;
+		case STYPE_IPC:
+			info[i].value = talloc_strdup(info, "IPC");
+			break;
+		default:
+			return WERR_INVALID_PARAMETER;
+		}
+		W_ERROR_HAVE_NO_MEMORY(info[i].value);
+		i++;
+
+		if (r->in.info->info2->path && r->in.info->info2->path[0]) {
+			info[i].name = SHARE_PATH;
+			info[i].type = SHARE_INFO_STRING;
+
+			/* Windows will send a path in a form of C:\example\path */
+			if (r->in.info->info2->path[1] == ':') {
+				info[i].value = talloc_strdup(info, &r->in.info->info2->path[2]);
+			} else {
+				/* very strange let's try to set as is */
+				info[i].value = talloc_strdup(info, r->in.info->info2->path);
+			}
+			W_ERROR_HAVE_NO_MEMORY(info[i].value);
+			all_string_sub((char *)info[i].value, "\\", "/", 0);
+
+			i++;
+		}
+
+		if (r->in.info->info2->comment && r->in.info->info2->comment[0]) {
+			info[i].name = SHARE_COMMENT;
+			info[i].type = SHARE_INFO_STRING;
+			info[i].value = talloc_strdup(info, r->in.info->info2->comment);
+			W_ERROR_HAVE_NO_MEMORY(info[i].value);
+
+			i++;
+		}
+
+		if (r->in.info->info2->password && r->in.info->info2->password[0]) {
+			info[i].name = SHARE_PASSWORD;
+			info[i].type = SHARE_INFO_STRING;
+			info[i].value = talloc_strdup(info, r->in.info->info2->password);
+			W_ERROR_HAVE_NO_MEMORY(info[i].value);
+
+			i++;
+		}
+
+		info[i].name = SHARE_MAX_CONNECTIONS;
+		info[i].type = SHARE_INFO_INT;
+		info[i].value = talloc(info, int);
+		*((int *)info[i].value) = r->in.info->info2->max_users;
+		i++;
+
+		/* TODO: security descriptor */
+
+		nterr = share_create(sctx, r->in.info->info2->name, info, i);
+		if (!NT_STATUS_IS_OK(nterr)) {
+			return ntstatus_to_werror(nterr);
+		}
+
+		if (r->in.parm_error) {
+			r->out.parm_error = r->in.parm_error;
+		}
+		
+		return WERR_OK;
+	}
+	case 501:
+	{	
+		if (r->in.parm_error) {
+			r->out.parm_error = r->in.parm_error;
+		}
+		return WERR_NOT_SUPPORTED;
+	}
+	case 502:
+	{
+		NTSTATUS nterr;
+		struct share_info *info;
+		struct share_context *sctx;
+		unsigned int count = 10;
+		unsigned int i;
+
+		nterr = share_get_context(mem_ctx, dce_call->conn->dce_ctx->lp_ctx, &sctx);
+		if (!NT_STATUS_IS_OK(nterr)) {
+			return ntstatus_to_werror(nterr);
+		}
+
+		/* there are no more than 10 options in struct srvsvc_NetShareInfo502 */
+		info = talloc_array(mem_ctx, struct share_info, count);
+		W_ERROR_HAVE_NO_MEMORY(info);
+
+		i = 0;
+
+		info[i].name = SHARE_TYPE;
+		info[i].type = SHARE_INFO_STRING;
+		switch (r->in.info->info502->type) {
+		case 0x00:
+			info[i].value = talloc_strdup(info, "DISK");
+			break;
+		case 0x01:
+			info[i].value = talloc_strdup(info, "PRINTER");
+			break;
+		case 0x03:
+			info[i].value = talloc_strdup(info, "IPC");
+			break;
+		default:
+			return WERR_INVALID_PARAMETER;
+		}
+		W_ERROR_HAVE_NO_MEMORY(info[i].value);
+		i++;
+
+		if (r->in.info->info502->path && r->in.info->info502->path[0]) {
+			info[i].name = SHARE_PATH;
+			info[i].type = SHARE_INFO_STRING;
+
+			/* Windows will send a path in a form of C:\example\path */
+			if (r->in.info->info502->path[1] == ':') {
+				info[i].value = talloc_strdup(info, &r->in.info->info502->path[2]);
+			} else {
+				/* very strange let's try to set as is */
+				info[i].value = talloc_strdup(info, r->in.info->info502->path);
+			}
+			W_ERROR_HAVE_NO_MEMORY(info[i].value);
+			all_string_sub((char *)info[i].value, "\\", "/", 0);
+
+			i++;
+		}
+
+		if (r->in.info->info502->comment && r->in.info->info502->comment[0]) {
+			info[i].name = SHARE_COMMENT;
+			info[i].type = SHARE_INFO_STRING;
+			info[i].value = talloc_strdup(info, r->in.info->info502->comment);
+			W_ERROR_HAVE_NO_MEMORY(info[i].value);
+
+			i++;
+		}
+
+		if (r->in.info->info502->password && r->in.info->info502->password[0]) {
+			info[i].name = SHARE_PASSWORD;
+			info[i].type = SHARE_INFO_STRING;
+			info[i].value = talloc_strdup(info, r->in.info->info502->password);
+			W_ERROR_HAVE_NO_MEMORY(info[i].value);
+
+			i++;
+		}
+
+		info[i].name = SHARE_MAX_CONNECTIONS;
+		info[i].type = SHARE_INFO_INT;
+		info[i].value = talloc(info, int);
+		*((int *)info[i].value) = r->in.info->info502->max_users;
+		i++;
+
+		/* TODO: security descriptor */
+
+		nterr = share_create(sctx, r->in.info->info502->name, info, i);
+		if (!NT_STATUS_IS_OK(nterr)) {
+			return ntstatus_to_werror(nterr);
+		}
+
+		if (r->in.parm_error) {
+			r->out.parm_error = r->in.parm_error;
+		}
+		
+		return WERR_OK;
+	}
+	default:
+		return WERR_INVALID_LEVEL;
+	}
+}
+
+static WERROR dcesrv_srvsvc_fiel_ShareInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				    struct share_config *scfg, uint32_t level,
+				    union srvsvc_NetShareInfo *info)
+{
+	struct dcesrv_context *dce_ctx = dce_call->conn->dce_ctx;
+
+	switch (level) {
+	case 0:
+	{
+		info->info0->name	= talloc_strdup(mem_ctx, scfg->name);
+		W_ERROR_HAVE_NO_MEMORY(info->info0->name);
+
+		return WERR_OK;
+	}
+	case 1:
+	{
+		info->info1->name	= talloc_strdup(mem_ctx, scfg->name);
+		W_ERROR_HAVE_NO_MEMORY(info->info1->name);
+		info->info1->type	= dcesrv_common_get_share_type(mem_ctx, dce_ctx, scfg);
+		info->info1->comment	= share_string_option(mem_ctx, scfg, SHARE_COMMENT, "");
+		W_ERROR_HAVE_NO_MEMORY(info->info1->comment);
+
+		return WERR_OK;
+	}
+	case 2:
+	{
+		info->info2->name		= talloc_strdup(mem_ctx, scfg->name);
+		W_ERROR_HAVE_NO_MEMORY(info->info2->name);
+		info->info2->type		= dcesrv_common_get_share_type(mem_ctx, dce_ctx, scfg);
+		info->info2->comment		= share_string_option(mem_ctx, scfg, SHARE_COMMENT, "");
+		W_ERROR_HAVE_NO_MEMORY(info->info2->comment);
+		info->info2->permissions 	= dcesrv_common_get_share_permissions(mem_ctx, dce_ctx, scfg);
+		info->info2->max_users		= share_int_option(scfg, SHARE_MAX_CONNECTIONS, SHARE_MAX_CONNECTIONS_DEFAULT);
+		info->info2->current_users	= dcesrv_common_get_share_current_users(mem_ctx, dce_ctx, scfg);
+		info->info2->path		= dcesrv_common_get_share_path(mem_ctx, dce_ctx, scfg);
+		W_ERROR_HAVE_NO_MEMORY(info->info2->path);
+		info->info2->password		= share_string_option(mem_ctx, scfg, SHARE_PASSWORD, NULL);
+
+		return WERR_OK;
+	}
+	case 501:
+	{
+		info->info501->name		= talloc_strdup(mem_ctx, scfg->name);
+		W_ERROR_HAVE_NO_MEMORY(info->info501->name);
+		info->info501->type		= dcesrv_common_get_share_type(mem_ctx, dce_ctx, scfg);
+		info->info501->comment		= share_string_option(mem_ctx, scfg, SHARE_COMMENT, "");
+		W_ERROR_HAVE_NO_MEMORY(info->info501->comment);
+		info->info501->csc_policy	= share_int_option(scfg, SHARE_CSC_POLICY, SHARE_CSC_POLICY_DEFAULT);
+
+		return WERR_OK;
+	}
+	case 502:
+	{
+		info->info502->name		= talloc_strdup(mem_ctx, scfg->name);
+		W_ERROR_HAVE_NO_MEMORY(info->info502->name);
+		info->info502->type		= dcesrv_common_get_share_type(mem_ctx, dce_ctx, scfg);
+		info->info502->comment		= share_string_option(mem_ctx, scfg, SHARE_COMMENT, "");
+		W_ERROR_HAVE_NO_MEMORY(info->info502->comment);
+		info->info502->permissions	= dcesrv_common_get_share_permissions(mem_ctx, dce_ctx, scfg);
+		info->info502->max_users	= share_int_option(scfg, SHARE_MAX_CONNECTIONS, SHARE_MAX_CONNECTIONS_DEFAULT);
+		info->info502->current_users	= dcesrv_common_get_share_current_users(mem_ctx, dce_ctx, scfg);
+		info->info502->path		= dcesrv_common_get_share_path(mem_ctx, dce_ctx, scfg);
+		W_ERROR_HAVE_NO_MEMORY(info->info502->path);
+		info->info502->password		= share_string_option(mem_ctx, scfg, SHARE_PASSWORD, NULL);
+		info->info502->sd_buf.sd	= dcesrv_common_get_security_descriptor(mem_ctx, dce_ctx, scfg);
+
+		return WERR_OK;
+	}
+	case 1005:
+	{
+		info->info1005->dfs_flags	= dcesrv_common_get_share_dfs_flags(mem_ctx, dce_ctx, scfg);
+
+		return WERR_OK;
+	}
+	default:
+		return WERR_INVALID_LEVEL;
+	}
+}
+
+/* 
+  srvsvc_NetShareEnumAll
+*/
+static WERROR dcesrv_srvsvc_NetShareEnumAll(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				     struct srvsvc_NetShareEnumAll *r)
+{
+	NTSTATUS nterr;
+	int numshares = 0;
+	const char **snames;
+	struct share_context *sctx;
+	struct share_config *scfg;
+
+	*r->out.totalentries = 0;
+
+	/* TODO: - paging of results 
+	 */
+
+	nterr = share_get_context(mem_ctx, dce_call->conn->dce_ctx->lp_ctx, &sctx);
+	if (!NT_STATUS_IS_OK(nterr)) {
+		return ntstatus_to_werror(nterr);
+	}
+
+	nterr = share_list_all(mem_ctx, sctx, &numshares, &snames);
+	if (!NT_STATUS_IS_OK(nterr)) {
+		return ntstatus_to_werror(nterr);
+	}
+
+	switch (r->in.info_ctr->level) {
+	case 0:
+	{
+		unsigned int i;
+		struct srvsvc_NetShareCtr0 *ctr0;
+
+		ctr0 = talloc(mem_ctx, struct srvsvc_NetShareCtr0);
+		W_ERROR_HAVE_NO_MEMORY(ctr0);
+
+		ctr0->count = numshares;
+		ctr0->array = NULL;
+
+		if (ctr0->count == 0) {
+			r->out.info_ctr->ctr.ctr0	= ctr0;
+			return WERR_OK;
+		}
+
+		ctr0->array = talloc_array(mem_ctx, struct srvsvc_NetShareInfo0, ctr0->count);
+		W_ERROR_HAVE_NO_MEMORY(ctr0->array);
+
+		for (i = 0; i < ctr0->count; i++) {
+			WERROR status;
+			union srvsvc_NetShareInfo info;
+
+			nterr = share_get_config(mem_ctx, sctx, snames[i], &scfg);
+			if (!NT_STATUS_IS_OK(nterr)) {
+				DEBUG(1, ("ERROR: Service [%s] disappeared after enumeration\n", snames[i]));
+				return WERR_GEN_FAILURE;
+			}
+			info.info0 = &ctr0->array[i];
+			status = dcesrv_srvsvc_fiel_ShareInfo(dce_call, mem_ctx, scfg, r->in.info_ctr->level, &info);
+			if (!W_ERROR_IS_OK(status)) {
+				return status;
+			}
+			talloc_free(scfg);
+		}
+		talloc_free(snames);
+
+		r->out.info_ctr->ctr.ctr0	= ctr0;
+		*r->out.totalentries		= r->out.info_ctr->ctr.ctr0->count;
+		return WERR_OK;
+	}
+	case 1:
+	{
+		unsigned int i;
+		struct srvsvc_NetShareCtr1 *ctr1;
+
+		ctr1 = talloc(mem_ctx, struct srvsvc_NetShareCtr1);
+		W_ERROR_HAVE_NO_MEMORY(ctr1);
+
+		ctr1->count = numshares;
+		ctr1->array = NULL;
+
+		if (ctr1->count == 0) {
+			r->out.info_ctr->ctr.ctr1	= ctr1;
+			return WERR_OK;
+		}
+
+		ctr1->array = talloc_array(mem_ctx, struct srvsvc_NetShareInfo1, ctr1->count);
+		W_ERROR_HAVE_NO_MEMORY(ctr1->array);
+
+		for (i=0; i < ctr1->count; i++) {
+			WERROR status;
+			union srvsvc_NetShareInfo info;
+
+			nterr = share_get_config(mem_ctx, sctx, snames[i], &scfg);
+			if (!NT_STATUS_IS_OK(nterr)) {
+				DEBUG(1, ("ERROR: Service [%s] disappeared after enumeration\n", snames[i]));
+				return WERR_GEN_FAILURE;
+			}
+			info.info1 = &ctr1->array[i];
+			status = dcesrv_srvsvc_fiel_ShareInfo(dce_call, mem_ctx, scfg, r->in.info_ctr->level, &info);
+			if (!W_ERROR_IS_OK(status)) {
+				return status;
+			}
+			talloc_free(scfg);
+		}
+		talloc_free(snames);
+
+		r->out.info_ctr->ctr.ctr1	= ctr1;
+		*r->out.totalentries		= r->out.info_ctr->ctr.ctr1->count;
+
+		return WERR_OK;
+	}
+	case 2:
+	{
+		unsigned int i;
+		struct srvsvc_NetShareCtr2 *ctr2;
+
+		SRVSVC_CHECK_ADMIN_ACCESS;
+
+		ctr2 = talloc(mem_ctx, struct srvsvc_NetShareCtr2);
+		W_ERROR_HAVE_NO_MEMORY(ctr2);
+
+		ctr2->count = numshares;
+		ctr2->array = NULL;
+
+		if (ctr2->count == 0) {
+			r->out.info_ctr->ctr.ctr2	= ctr2;
+			return WERR_OK;
+		}
+
+		ctr2->array = talloc_array(mem_ctx, struct srvsvc_NetShareInfo2, ctr2->count);
+		W_ERROR_HAVE_NO_MEMORY(ctr2->array);
+
+		for (i=0; i < ctr2->count; i++) {
+			WERROR status;
+			union srvsvc_NetShareInfo info;
+
+			nterr = share_get_config(mem_ctx, sctx, snames[i], &scfg);
+			if (!NT_STATUS_IS_OK(nterr)) {
+				DEBUG(1, ("ERROR: Service [%s] disappeared after enumeration\n", snames[i]));
+				return WERR_GEN_FAILURE;
+			}
+			info.info2 = &ctr2->array[i];
+			status = dcesrv_srvsvc_fiel_ShareInfo(dce_call, mem_ctx, scfg, r->in.info_ctr->level, &info);
+			if (!W_ERROR_IS_OK(status)) {
+				return status;
+			}
+			talloc_free(scfg);
+		}
+		talloc_free(snames);
+
+		r->out.info_ctr->ctr.ctr2	= ctr2;
+		*r->out.totalentries		= r->out.info_ctr->ctr.ctr2->count;
+
+		return WERR_OK;
+	}
+	case 501:
+	{
+		unsigned int i;
+		struct srvsvc_NetShareCtr501 *ctr501;
+
+		SRVSVC_CHECK_ADMIN_ACCESS;
+
+		ctr501 = talloc(mem_ctx, struct srvsvc_NetShareCtr501);
+		W_ERROR_HAVE_NO_MEMORY(ctr501);
+
+		ctr501->count = numshares;
+		ctr501->array = NULL;
+
+		if (ctr501->count == 0) {
+			r->out.info_ctr->ctr.ctr501	= ctr501;
+			return WERR_OK;
+		}
+
+		ctr501->array = talloc_array(mem_ctx, struct srvsvc_NetShareInfo501, ctr501->count);
+		W_ERROR_HAVE_NO_MEMORY(ctr501->array);
+
+		for (i=0; i < ctr501->count; i++) {
+			WERROR status;
+			union srvsvc_NetShareInfo info;
+
+			nterr = share_get_config(mem_ctx, sctx, snames[i], &scfg);
+			if (!NT_STATUS_IS_OK(nterr)) {
+				DEBUG(1, ("ERROR: Service [%s] disappeared after enumeration\n", snames[i]));
+				return WERR_GEN_FAILURE;
+			}
+			info.info501 = &ctr501->array[i];
+			status = dcesrv_srvsvc_fiel_ShareInfo(dce_call, mem_ctx, scfg, r->in.info_ctr->level, &info);
+			if (!W_ERROR_IS_OK(status)) {
+				return status;
+			}
+			talloc_free(scfg);
+		}
+		talloc_free(snames);
+
+		r->out.info_ctr->ctr.ctr501	= ctr501;
+		*r->out.totalentries		= r->out.info_ctr->ctr.ctr501->count;
+
+		return WERR_OK;
+	}
+	case 502:
+	{
+		unsigned int i;
+		struct srvsvc_NetShareCtr502 *ctr502;
+
+		SRVSVC_CHECK_ADMIN_ACCESS;
+
+		ctr502 = talloc(mem_ctx, struct srvsvc_NetShareCtr502);
+		W_ERROR_HAVE_NO_MEMORY(ctr502);
+
+		ctr502->count = numshares;
+		ctr502->array = NULL;
+
+		if (ctr502->count == 0) {
+			r->out.info_ctr->ctr.ctr502	= ctr502;
+			return WERR_OK;
+		}
+
+		ctr502->array = talloc_array(mem_ctx, struct srvsvc_NetShareInfo502, ctr502->count);
+		W_ERROR_HAVE_NO_MEMORY(ctr502->array);
+
+		for (i=0; i < ctr502->count; i++) {
+			WERROR status;
+			union srvsvc_NetShareInfo info;
+
+			nterr = share_get_config(mem_ctx, sctx, snames[i], &scfg);
+			if (!NT_STATUS_IS_OK(nterr)) {
+				DEBUG(1, ("ERROR: Service [%s] disappeared after enumeration\n", snames[i]));
+				return WERR_GEN_FAILURE;
+			}
+			info.info502 = &ctr502->array[i];
+			status = dcesrv_srvsvc_fiel_ShareInfo(dce_call, mem_ctx, scfg, r->in.info_ctr->level, &info);
+			if (!W_ERROR_IS_OK(status)) {
+				return status;
+			}
+			talloc_free(scfg);
+		}
+		talloc_free(snames);
+
+		r->out.info_ctr->ctr.ctr502	= ctr502;
+		*r->out.totalentries		= r->out.info_ctr->ctr.ctr502->count;
+
+		return WERR_OK;
+	}
+	default:
+		return WERR_INVALID_LEVEL;
+	}
+}
+
+
+/* 
+  srvsvc_NetShareGetInfo 
+*/
+static WERROR dcesrv_srvsvc_NetShareGetInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				     struct srvsvc_NetShareGetInfo *r)
+{
+	NTSTATUS nterr;
+	struct share_context *sctx = NULL;
+	struct share_config *scfg = NULL;
+
+	ZERO_STRUCTP(r->out.info);
+
+	/* TODO: - access check
+	 */
+
+	if (strcmp("", r->in.share_name) == 0) {
+		return WERR_INVALID_PARAMETER;
+	}
+
+	nterr = share_get_context(mem_ctx, dce_call->conn->dce_ctx->lp_ctx, &sctx);
+	if (!NT_STATUS_IS_OK(nterr)) {
+		return ntstatus_to_werror(nterr);
+	}
+
+	nterr = share_get_config(mem_ctx, sctx, r->in.share_name, &scfg);
+	if (!NT_STATUS_IS_OK(nterr)) {
+		return ntstatus_to_werror(nterr);
+	}
+
+	switch (r->in.level) {
+	case 0:
+	{
+		WERROR status;
+		union srvsvc_NetShareInfo info;
+
+		info.info0 = talloc(mem_ctx, struct srvsvc_NetShareInfo0);
+		W_ERROR_HAVE_NO_MEMORY(info.info0);
+
+		status = dcesrv_srvsvc_fiel_ShareInfo(dce_call, mem_ctx, scfg, r->in.level, &info);
+		if (!W_ERROR_IS_OK(status)) {
+			return status;
+		}
+
+		r->out.info->info0 = info.info0;
+		return WERR_OK;
+	}
+	case 1:
+	{
+		WERROR status;
+		union srvsvc_NetShareInfo info;
+
+		info.info1 = talloc(mem_ctx, struct srvsvc_NetShareInfo1);
+		W_ERROR_HAVE_NO_MEMORY(info.info1);
+
+		status = dcesrv_srvsvc_fiel_ShareInfo(dce_call, mem_ctx, scfg, r->in.level, &info);
+		if (!W_ERROR_IS_OK(status)) {
+			return status;
+		}
+
+		r->out.info->info1 = info.info1;
+		return WERR_OK;
+	}
+	case 2:
+	{
+		WERROR status;
+		union srvsvc_NetShareInfo info;
+
+		SRVSVC_CHECK_ADMIN_ACCESS;
+
+		info.info2 = talloc(mem_ctx, struct srvsvc_NetShareInfo2);
+		W_ERROR_HAVE_NO_MEMORY(info.info2);
+
+		status = dcesrv_srvsvc_fiel_ShareInfo(dce_call, mem_ctx, scfg, r->in.level, &info);
+		if (!W_ERROR_IS_OK(status)) {
+			return status;
+		}
+
+		r->out.info->info2 = info.info2;
+		return WERR_OK;
+	}
+	case 501:
+	{
+		WERROR status;
+		union srvsvc_NetShareInfo info;
+
+		info.info501 = talloc(mem_ctx, struct srvsvc_NetShareInfo501);
+		W_ERROR_HAVE_NO_MEMORY(info.info501);
+
+		status = dcesrv_srvsvc_fiel_ShareInfo(dce_call, mem_ctx, scfg, r->in.level, &info);
+		if (!W_ERROR_IS_OK(status)) {
+			return status;
+		}
+
+		r->out.info->info501 = info.info501;
+		return WERR_OK;
+	}
+	case 502:
+	{
+		WERROR status;
+		union srvsvc_NetShareInfo info;
+
+		SRVSVC_CHECK_ADMIN_ACCESS;
+
+		info.info502 = talloc(mem_ctx, struct srvsvc_NetShareInfo502);
+		W_ERROR_HAVE_NO_MEMORY(info.info502);
+
+		status = dcesrv_srvsvc_fiel_ShareInfo(dce_call, mem_ctx, scfg, r->in.level, &info);
+		if (!W_ERROR_IS_OK(status)) {
+			return status;
+		}
+
+		r->out.info->info502 = info.info502;
+		return WERR_OK;
+	}
+	case 1005:
+	{
+		WERROR status;
+		union srvsvc_NetShareInfo info;
+
+		info.info1005 = talloc(mem_ctx, struct srvsvc_NetShareInfo1005);
+		W_ERROR_HAVE_NO_MEMORY(info.info1005);
+
+		status = dcesrv_srvsvc_fiel_ShareInfo(dce_call, mem_ctx, scfg, r->in.level, &info);
+		if (!W_ERROR_IS_OK(status)) {
+			return status;
+		}
+
+		r->out.info->info1005 = info.info1005;
+		return WERR_OK;
+	}
+	default:
+		return WERR_INVALID_LEVEL;
+	}
+}
+
+static WERROR dcesrv_srvsvc_fill_share_info(struct share_info *info, int *count,
+					const char *share_name, int level,
+					const char *name,
+					const char *path,
+					const char *comment,
+					const char *password,
+					enum srvsvc_ShareType type,
+					int32_t max_users,
+					uint32_t csc_policy,
+					struct security_descriptor *sd)
+{
+	unsigned int i = 0;
+
+	if (level == 501) {
+		info[i].name = SHARE_CSC_POLICY;
+		info[i].type = SHARE_INFO_INT;
+		info[i].value = talloc(info, int);
+		*((int *)info[i].value) = csc_policy;
+		i++;
+	}
+	
+	switch(level) {
+
+	case 502:
+		/* TODO: check if unknown is csc_policy */
+
+		/* TODO: security descriptor */
+
+	case 2:
+		if (path && path[0]) {
+			info[i].name = SHARE_PATH;
+			info[i].type = SHARE_INFO_STRING;
+
+			/* Windows will send a path in a form of C:\example\path */
+			if (path[1] == ':') {
+				info[i].value = talloc_strdup(info, &path[2]);
+			} else {
+				/* very strange let's try to set as is */
+				info[i].value = talloc_strdup(info, path);
+			}
+			W_ERROR_HAVE_NO_MEMORY(info[i].value);
+			all_string_sub((char *)info[i].value, "\\", "/", 0);
+
+			i++;
+		}
+
+		if (password && password[0]) {
+			info[i].name = SHARE_PASSWORD;
+			info[i].type = SHARE_INFO_STRING;
+			info[i].value = talloc_strdup(info, password);
+			W_ERROR_HAVE_NO_MEMORY(info[i].value);
+
+			i++;
+		}
+
+		info[i].name = SHARE_MAX_CONNECTIONS;
+		info[i].type = SHARE_INFO_INT;
+		info[i].value = talloc(info, int);
+		*((int *)info[i].value) = max_users;
+		i++;
+
+		FALL_THROUGH;
+	case 501:
+	case 1:
+		info[i].name = SHARE_TYPE;
+		info[i].type = SHARE_INFO_STRING;
+		switch (type) {
+		case 0x00:
+			info[i].value = talloc_strdup(info, "DISK");
+			break;
+		case 0x01:
+			info[i].value = talloc_strdup(info, "PRINTER");
+			break;
+		case 0x03:
+			info[i].value = talloc_strdup(info, "IPC");
+			break;
+		default:
+			return WERR_INVALID_PARAMETER;
+		}
+		W_ERROR_HAVE_NO_MEMORY(info[i].value);
+		i++;
+
+		FALL_THROUGH;
+	case 1004:
+		if (comment) {
+			info[i].name = SHARE_COMMENT;
+			info[i].type = SHARE_INFO_STRING;
+			info[i].value = talloc_strdup(info, comment);
+			W_ERROR_HAVE_NO_MEMORY(info[i].value);
+
+			i++;
+		}
+
+		FALL_THROUGH;
+	case 0:
+		if (name &&
+		    strcasecmp(share_name, name) != 0) {
+			info[i].name = SHARE_NAME;
+			info[i].type = SHARE_INFO_STRING;
+			info[i].value = talloc_strdup(info, name);
+			W_ERROR_HAVE_NO_MEMORY(info[i].value);
+			i++;
+		}
+
+		break;
+
+	default:
+		return WERR_INVALID_LEVEL;
+	}
+
+	*count = i;
+
+	return WERR_OK;
+}
+
+/* 
+  srvsvc_NetShareSetInfo 
+*/
+static WERROR dcesrv_srvsvc_NetShareSetInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NetShareSetInfo *r)
+{
+	NTSTATUS nterr;
+	WERROR status;
+	struct share_context *sctx = NULL;
+	struct share_info *info;
+	int count;
+
+	/* TODO: - access check
+	 */
+
+	/* there are no more than 10 options in all struct srvsvc_NetShareInfoXXX */
+	info = talloc_array(mem_ctx, struct share_info, 10);
+	W_ERROR_HAVE_NO_MEMORY(info);
+
+	if (strcmp("", r->in.share_name) == 0) {
+		return WERR_INVALID_PARAMETER;
+	}
+
+	nterr = share_get_context(mem_ctx, dce_call->conn->dce_ctx->lp_ctx, &sctx);
+	if (!NT_STATUS_IS_OK(nterr)) {
+		return ntstatus_to_werror(nterr);
+	}
+
+	switch (r->in.level) {
+	case 0:
+	{
+		status = dcesrv_srvsvc_fill_share_info(info, &count,
+					r->in.share_name, r->in.level,
+					r->in.info->info0->name,
+					NULL,
+					NULL,
+					NULL,
+					0,
+					0,
+					0,
+					NULL);
+		if (!W_ERROR_EQUAL(status, WERR_OK)) {
+			return status;
+		}
+		break;
+	}
+	case 1:
+	{
+		status = dcesrv_srvsvc_fill_share_info(info, &count,
+					r->in.share_name, r->in.level,
+					r->in.info->info1->name,
+					NULL,
+					r->in.info->info1->comment,
+					NULL,
+					r->in.info->info1->type,
+					0,
+					0,
+					NULL);
+		if (!W_ERROR_EQUAL(status, WERR_OK)) {
+			return status;
+		}
+		break;
+	}
+	case 2:
+	{
+		status = dcesrv_srvsvc_fill_share_info(info, &count,
+					r->in.share_name, r->in.level,
+					r->in.info->info2->name,
+					r->in.info->info2->path,
+					r->in.info->info2->comment,
+					r->in.info->info2->password,
+					r->in.info->info2->type,
+					r->in.info->info2->max_users,
+					0,
+					NULL);
+		if (!W_ERROR_EQUAL(status, WERR_OK)) {
+			return status;
+		}
+		break;
+	}
+	case 501:
+	{
+		status = dcesrv_srvsvc_fill_share_info(info, &count,
+					r->in.share_name, r->in.level,
+					r->in.info->info501->name,
+					NULL,
+					r->in.info->info501->comment,
+					NULL,
+					r->in.info->info501->type,
+					0,
+					r->in.info->info501->csc_policy,
+					NULL);
+		if (!W_ERROR_EQUAL(status, WERR_OK)) {
+			return status;
+		}
+		break;
+	}
+	case 502:
+	{
+		status = dcesrv_srvsvc_fill_share_info(info, &count,
+					r->in.share_name, r->in.level,
+					r->in.info->info502->name,
+					r->in.info->info502->path,
+					r->in.info->info502->comment,
+					r->in.info->info502->password,
+					r->in.info->info502->type,
+					r->in.info->info502->max_users,
+					0,
+					r->in.info->info502->sd_buf.sd);
+		if (!W_ERROR_EQUAL(status, WERR_OK)) {
+			return status;
+		}
+		break;
+	}
+	case 1004:
+	{
+		status = dcesrv_srvsvc_fill_share_info(info, &count,
+					r->in.share_name, r->in.level,
+					NULL,
+					NULL,
+					r->in.info->info1004->comment,
+					NULL,
+					0,
+					0,
+					0,
+					NULL);
+		if (!W_ERROR_EQUAL(status, WERR_OK)) {
+			return status;
+		}
+		break;
+	}
+	case 1005:
+	{
+		/* r->in.info.dfs_flags; */
+		
+		if (r->in.parm_error) {
+			r->out.parm_error = r->in.parm_error;
+		}
+
+		return WERR_OK;
+	}
+	default:
+		return WERR_INVALID_LEVEL;
+	}
+
+	nterr = share_set(sctx, r->in.share_name, info, count);
+	if (!NT_STATUS_IS_OK(nterr)) {
+		return ntstatus_to_werror(nterr);
+	}
+
+	if (r->in.parm_error) {
+		r->out.parm_error = r->in.parm_error;
+	}
+		
+	return WERR_OK;
+}
+
+
+/* 
+  srvsvc_NetShareDelSticky 
+*/
+static WERROR dcesrv_srvsvc_NetShareDelSticky(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NetShareDelSticky *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  srvsvc_NetShareCheck 
+*/
+static WERROR dcesrv_srvsvc_NetShareCheck(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NetShareCheck *r)
+{
+	NTSTATUS nterr;
+	struct share_context *sctx = NULL;
+	struct share_config *scfg = NULL;
+	char *device;
+	const char **names;
+	int count;
+	int i;
+
+	*r->out.type = 0;
+
+	/* TODO: - access check
+	 */
+
+	if (strcmp("", r->in.device_name) == 0) {
+		*r->out.type = STYPE_IPC;
+		return WERR_OK;
+	}
+
+	/* copy the path skipping C:\ */
+	if (strncasecmp(r->in.device_name, "C:", 2) == 0) {
+		device = talloc_strdup(mem_ctx, &r->in.device_name[2]);
+	} else {
+		/* no chance we have a share that doesn't start with C:\ */
+		return WERR_NERR_DEVICENOTSHARED;
+	}
+	all_string_sub(device, "\\", "/", 0);
+
+	nterr = share_get_context(mem_ctx, dce_call->conn->dce_ctx->lp_ctx, &sctx);
+	if (!NT_STATUS_IS_OK(nterr)) {
+		return ntstatus_to_werror(nterr);
+	}
+
+	nterr = share_list_all(mem_ctx, sctx, &count, &names);
+	if (!NT_STATUS_IS_OK(nterr)) {
+		return ntstatus_to_werror(nterr);
+	}
+
+	for (i = 0; i < count; i++) {
+		const char *path;
+		const char *type;
+
+		nterr = share_get_config(mem_ctx, sctx, names[i], &scfg);
+		if (!NT_STATUS_IS_OK(nterr)) {
+			return ntstatus_to_werror(nterr);
+		}
+		path = share_string_option(mem_ctx, scfg, SHARE_PATH, NULL);
+		if (!path) continue;
+
+		if (strcmp(device, path) == 0) {
+			type = share_string_option(mem_ctx, scfg, SHARE_TYPE, NULL);
+			if (!type) continue;
+
+			if (strcmp(type, "DISK") == 0) {
+				*r->out.type = STYPE_DISKTREE;
+				return WERR_OK;
+			}
+
+			if (strcmp(type, "IPC") == 0) {
+				*r->out.type = STYPE_IPC;
+				return WERR_OK;
+			}
+
+			if (strcmp(type, "PRINTER") == 0) {
+				*r->out.type = STYPE_PRINTQ;
+				return WERR_OK;
+			}
+		}
+	}
+
+	return WERR_NERR_DEVICENOTSHARED;
+}
+
+
+/* 
+  srvsvc_NetSrvGetInfo 
+*/
+static WERROR dcesrv_srvsvc_NetSrvGetInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NetSrvGetInfo *r)
+{
+	struct dcesrv_context *dce_ctx = dce_call->conn->dce_ctx;
+	struct dcerpc_server_info *server_info = lpcfg_dcerpc_server_info(mem_ctx, dce_ctx->lp_ctx);
+	const struct loadparm_substitution *lp_sub =
+		lpcfg_noop_substitution();
+
+	ZERO_STRUCTP(r->out.info);
+
+	switch (r->in.level) {
+	case 100:
+	{
+		struct srvsvc_NetSrvInfo100 *info100;
+
+		info100 = talloc(mem_ctx, struct srvsvc_NetSrvInfo100);
+		W_ERROR_HAVE_NO_MEMORY(info100);
+
+		info100->platform_id	= dcesrv_common_get_platform_id(mem_ctx, dce_ctx);
+		info100->server_name	= dcesrv_common_get_server_name(mem_ctx, dce_ctx, r->in.server_unc);
+		W_ERROR_HAVE_NO_MEMORY(info100->server_name);
+
+		r->out.info->info100 = info100;
+		return WERR_OK;
+	}
+	case 101:
+	{
+		struct srvsvc_NetSrvInfo101 *info101;
+
+		info101 = talloc(mem_ctx, struct srvsvc_NetSrvInfo101);
+		W_ERROR_HAVE_NO_MEMORY(info101);
+
+		info101->platform_id	= dcesrv_common_get_platform_id(mem_ctx, dce_ctx);
+		info101->server_name	= dcesrv_common_get_server_name(mem_ctx, dce_ctx, r->in.server_unc);
+		W_ERROR_HAVE_NO_MEMORY(info101->server_name);
+
+		info101->version_major	= server_info->version_major;
+		info101->version_minor	= server_info->version_minor;
+		info101->server_type	= dcesrv_common_get_server_type(mem_ctx, dce_call->event_ctx, dce_ctx);
+		info101->comment	= lpcfg_server_string(dce_ctx->lp_ctx, lp_sub, mem_ctx);
+		W_ERROR_HAVE_NO_MEMORY(info101->comment);
+
+		r->out.info->info101 = info101;
+		return WERR_OK;
+	}
+	case 102:
+	{
+		struct srvsvc_NetSrvInfo102 *info102;
+
+		info102 = talloc(mem_ctx, struct srvsvc_NetSrvInfo102);
+		W_ERROR_HAVE_NO_MEMORY(info102);
+
+		info102->platform_id	= dcesrv_common_get_platform_id(mem_ctx, dce_ctx);
+		info102->server_name	= dcesrv_common_get_server_name(mem_ctx, dce_ctx, r->in.server_unc);
+		W_ERROR_HAVE_NO_MEMORY(info102->server_name);
+
+		info102->version_major	= server_info->version_major;
+		info102->version_minor	= server_info->version_minor;
+		info102->server_type	= dcesrv_common_get_server_type(mem_ctx, dce_call->event_ctx, dce_ctx);
+		info102->comment	= lpcfg_server_string(dce_ctx->lp_ctx, lp_sub, mem_ctx);
+		W_ERROR_HAVE_NO_MEMORY(info102->comment);
+
+		info102->users		= dcesrv_common_get_users(mem_ctx, dce_ctx);
+		info102->disc		= dcesrv_common_get_disc(mem_ctx, dce_ctx);
+		info102->hidden		= dcesrv_common_get_hidden(mem_ctx, dce_ctx);
+		info102->announce	= dcesrv_common_get_announce(mem_ctx, dce_ctx);
+		info102->anndelta	= dcesrv_common_get_anndelta(mem_ctx, dce_ctx);
+		info102->licenses	= dcesrv_common_get_licenses(mem_ctx, dce_ctx);
+		info102->userpath	= dcesrv_common_get_userpath(mem_ctx, dce_ctx);
+		W_ERROR_HAVE_NO_MEMORY(info102->userpath);
+
+		r->out.info->info102 = info102;
+		return WERR_OK;
+	}
+	default:
+		return WERR_INVALID_LEVEL;
+	}
+}
+
+
+/* 
+  srvsvc_NetSrvSetInfo 
+*/
+static WERROR dcesrv_srvsvc_NetSrvSetInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NetSrvSetInfo *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  srvsvc_NetDiskEnum 
+*/
+static WERROR dcesrv_srvsvc_NetDiskEnum(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NetDiskEnum *r)
+{
+	r->out.info->disks = NULL;
+	r->out.info->count = 0;
+	*r->out.totalentries = 0;
+
+	switch (r->in.level) {
+	case 0:
+	{
+		/* we can safely hardcode the reply and report we have only one disk (C:) */
+		/* for some reason Windows wants 2 entries with the second being empty */
+		r->out.info->disks = talloc_array(mem_ctx, struct srvsvc_NetDiskInfo0, 2);
+		W_ERROR_HAVE_NO_MEMORY(r->out.info->disks);
+		r->out.info->count = 2;
+
+		r->out.info->disks[0].disk = talloc_strdup(mem_ctx, "C:");
+		W_ERROR_HAVE_NO_MEMORY(r->out.info->disks[0].disk);
+
+		r->out.info->disks[1].disk = talloc_strdup(mem_ctx, "");
+		W_ERROR_HAVE_NO_MEMORY(r->out.info->disks[1].disk);
+
+		*r->out.totalentries = 1;
+		r->out.resume_handle = r->in.resume_handle;
+
+		return WERR_OK;
+	}
+	default:
+		return WERR_INVALID_LEVEL;
+	}
+}
+
+
+/* 
+  srvsvc_NetServerStatisticsGet 
+*/
+static WERROR dcesrv_srvsvc_NetServerStatisticsGet(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NetServerStatisticsGet *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  srvsvc_NetTransportAdd 
+*/
+static WERROR dcesrv_srvsvc_NetTransportAdd(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NetTransportAdd *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  srvsvc_NetTransportEnum 
+*/
+static WERROR dcesrv_srvsvc_NetTransportEnum(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NetTransportEnum *r)
+{
+	r->out.transports->level = r->in.transports->level;
+	*r->out.totalentries = 0;
+	if (r->out.resume_handle) {
+		*r->out.resume_handle = 0;
+	}
+
+	switch (r->in.transports->level) {
+	case 0:
+	{
+		r->out.transports->ctr.ctr0 = talloc(mem_ctx, struct srvsvc_NetTransportCtr0);
+		W_ERROR_HAVE_NO_MEMORY(r->out.transports->ctr.ctr0);
+
+		r->out.transports->ctr.ctr0->count = 0;
+		r->out.transports->ctr.ctr0->array = NULL;
+
+		return WERR_NOT_SUPPORTED;
+	}
+	case 1:
+	{
+		r->out.transports->ctr.ctr1 = talloc(mem_ctx, struct srvsvc_NetTransportCtr1);
+		W_ERROR_HAVE_NO_MEMORY(r->out.transports->ctr.ctr1);
+
+		r->out.transports->ctr.ctr1->count = 0;
+		r->out.transports->ctr.ctr1->array = NULL;
+
+		return WERR_NOT_SUPPORTED;
+	}
+	case 2:
+	{
+		r->out.transports->ctr.ctr2 = talloc(mem_ctx, struct srvsvc_NetTransportCtr2);
+		W_ERROR_HAVE_NO_MEMORY(r->out.transports->ctr.ctr2);
+
+		r->out.transports->ctr.ctr2->count = 0;
+		r->out.transports->ctr.ctr2->array = NULL;
+
+		return WERR_NOT_SUPPORTED;
+	}
+	case 3:
+	{
+		r->out.transports->ctr.ctr3 = talloc(mem_ctx, struct srvsvc_NetTransportCtr3);
+		W_ERROR_HAVE_NO_MEMORY(r->out.transports->ctr.ctr3);
+
+		r->out.transports->ctr.ctr3->count = 0;
+		r->out.transports->ctr.ctr3->array = NULL;
+
+		return WERR_NOT_SUPPORTED;
+	}
+	default:
+		return WERR_INVALID_LEVEL;
+	}
+}
+
+/* 
+  srvsvc_NetTransportDel 
+*/
+static WERROR dcesrv_srvsvc_NetTransportDel(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NetTransportDel *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  srvsvc_NetRemoteTOD 
+*/
+static WERROR dcesrv_srvsvc_NetRemoteTOD(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NetRemoteTOD *r)
+{
+	struct timeval tval;
+	time_t t;
+	struct tm tm;
+	struct srvsvc_NetRemoteTODInfo *info;
+
+	info = talloc(mem_ctx, struct srvsvc_NetRemoteTODInfo);
+	W_ERROR_HAVE_NO_MEMORY(info);
+
+	GetTimeOfDay(&tval);
+	t = tval.tv_sec;
+
+	gmtime_r(&t, &tm);
+
+	info->elapsed	= t;
+	/* TODO: fake the uptime: just return the milliseconds till 0:00:00 today */
+	info->msecs	= (tm.tm_hour*60*60*1000)
+			+ (tm.tm_min*60*1000)
+			+ (tm.tm_sec*1000)
+			+ (tval.tv_usec/1000);
+	info->hours	= tm.tm_hour;
+	info->mins	= tm.tm_min;
+	info->secs	= tm.tm_sec;
+	info->hunds	= tval.tv_usec/10000;
+	info->timezone	= get_time_zone(t)/60;
+	info->tinterval	= 310; /* just return the same as windows */
+	info->day	= tm.tm_mday;
+	info->month	= tm.tm_mon + 1;
+	info->year	= tm.tm_year + 1900;
+	info->weekday	= tm.tm_wday;
+
+	*r->out.info = info;
+
+	return WERR_OK;
+}
+
+/* 
+  srvsvc_NetPathType 
+*/
+static WERROR dcesrv_srvsvc_NetPathType(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NetPathType *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  srvsvc_NetPathCanonicalize 
+*/
+static WERROR dcesrv_srvsvc_NetPathCanonicalize(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NetPathCanonicalize *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  srvsvc_NetPathCompare 
+*/
+static WERROR dcesrv_srvsvc_NetPathCompare(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NetPathCompare *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  srvsvc_NetNameValidate 
+*/
+static WERROR dcesrv_srvsvc_NetNameValidate(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NetNameValidate *r)
+{
+	int len;
+
+	if ((r->in.flags != 0x0) && (r->in.flags != 0x80000000)) {
+		return WERR_INVALID_NAME;
+	}
+
+	switch (r->in.name_type) {
+	case 1:
+	case 2:
+	case 3:
+	case 4:
+	case 5:
+	case 6:
+	case 7:
+	case 8:
+		return WERR_NOT_SUPPORTED;
+
+	case 9: /* validate share name */
+
+		len = strlen_m(r->in.name);
+		if ((r->in.flags == 0x0) && (len > 81)) {
+			return WERR_INVALID_NAME;
+		}
+		if ((r->in.flags == 0x80000000) && (len > 13)) {
+			return WERR_INVALID_NAME;
+		}
+		if (! dcesrv_common_validate_share_name(mem_ctx, r->in.name)) {
+			return WERR_INVALID_NAME;
+		}
+		return WERR_OK;
+
+	case 10:
+	case 11:
+	case 12:
+	case 13:
+		return WERR_NOT_SUPPORTED;
+	default:
+		return WERR_INVALID_PARAMETER;
+	}
+}
+
+
+/* 
+  srvsvc_NetPRNameCompare 
+*/
+static WERROR dcesrv_srvsvc_NetPRNameCompare(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NetPRNameCompare *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  srvsvc_NetShareEnum 
+*/
+static WERROR dcesrv_srvsvc_NetShareEnum(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NetShareEnum *r)
+{
+	NTSTATUS nterr;
+	int numshares = 0;
+	const char **snames;
+	struct share_context *sctx;
+	struct share_config *scfg;
+	struct dcesrv_context *dce_ctx = dce_call->conn->dce_ctx;
+
+	*r->out.totalentries = 0;
+
+	/* TODO: - paging of results 
+	 */
+
+	nterr = share_get_context(mem_ctx, dce_call->conn->dce_ctx->lp_ctx, &sctx);
+	if (!NT_STATUS_IS_OK(nterr)) {
+		return ntstatus_to_werror(nterr);
+	}
+
+	nterr = share_list_all(mem_ctx, sctx, &numshares, &snames);
+	if (!NT_STATUS_IS_OK(nterr)) {
+		return ntstatus_to_werror(nterr);
+	}
+
+	switch (r->in.info_ctr->level) {
+	case 0:
+	{
+		unsigned int i, y = 0;
+		unsigned int count;
+		struct srvsvc_NetShareCtr0 *ctr0;
+
+		ctr0 = talloc(mem_ctx, struct srvsvc_NetShareCtr0);
+		W_ERROR_HAVE_NO_MEMORY(ctr0);
+
+		count = numshares;
+		ctr0->count = count;
+		ctr0->array = NULL;
+
+		if (ctr0->count == 0) {
+			r->out.info_ctr->ctr.ctr0	= ctr0;
+			return WERR_OK;
+		}
+
+		ctr0->array = talloc_array(mem_ctx, struct srvsvc_NetShareInfo0, count);
+		W_ERROR_HAVE_NO_MEMORY(ctr0->array);
+
+		for (i=0; i < count; i++) {
+			WERROR status;
+			union srvsvc_NetShareInfo info;
+			enum srvsvc_ShareType type;
+
+			nterr = share_get_config(mem_ctx, sctx, snames[i], &scfg);
+			if (!NT_STATUS_IS_OK(nterr)) {
+				DEBUG(1, ("ERROR: Service [%s] disappeared after enumeration\n", snames[i]));
+				return WERR_GEN_FAILURE;
+			}
+			
+			type = dcesrv_common_get_share_type(mem_ctx, dce_ctx, scfg);
+			if (type & STYPE_HIDDEN) {
+				ctr0->count--;
+				talloc_free(scfg);
+				continue;
+			}
+
+			info.info0 = &ctr0->array[y];
+			status = dcesrv_srvsvc_fiel_ShareInfo(dce_call, mem_ctx, scfg, r->in.info_ctr->level, &info);
+			W_ERROR_NOT_OK_RETURN(status);
+			talloc_free(scfg);
+			y++;
+		}
+		talloc_free(snames);
+
+		r->out.info_ctr->ctr.ctr0	= ctr0;
+		*r->out.totalentries		= r->out.info_ctr->ctr.ctr0->count;
+
+		return WERR_OK;
+	}
+	case 1:
+	{
+		unsigned int i, y = 0;
+		unsigned int count;
+		struct srvsvc_NetShareCtr1 *ctr1;
+
+		ctr1 = talloc(mem_ctx, struct srvsvc_NetShareCtr1);
+		W_ERROR_HAVE_NO_MEMORY(ctr1);
+
+		count = numshares;
+		ctr1->count = count;
+		ctr1->array = NULL;
+
+		if (ctr1->count == 0) {
+			r->out.info_ctr->ctr.ctr1	= ctr1;
+			return WERR_OK;
+		}
+
+		ctr1->array = talloc_array(mem_ctx, struct srvsvc_NetShareInfo1, count);
+		W_ERROR_HAVE_NO_MEMORY(ctr1->array);
+
+		for (i=0; i < count; i++) {
+			WERROR status;
+			union srvsvc_NetShareInfo info;
+			enum srvsvc_ShareType type;
+
+			nterr = share_get_config(mem_ctx, sctx, snames[i], &scfg);
+			if (!NT_STATUS_IS_OK(nterr)) {
+				DEBUG(1, ("ERROR: Service [%s] disappeared after enumeration\n", snames[i]));
+				return WERR_GEN_FAILURE;
+			}
+
+			type = dcesrv_common_get_share_type(mem_ctx, dce_ctx, scfg);
+			if (type & STYPE_HIDDEN) {
+				ctr1->count--;
+				talloc_free(scfg);
+				continue;
+			}
+
+			info.info1 = &ctr1->array[y];
+			status = dcesrv_srvsvc_fiel_ShareInfo(dce_call, mem_ctx, scfg, r->in.info_ctr->level, &info);
+			W_ERROR_NOT_OK_RETURN(status);
+			talloc_free(scfg);
+			y++;
+		}
+		talloc_free(snames);
+
+		r->out.info_ctr->ctr.ctr1	= ctr1;
+		*r->out.totalentries		= r->out.info_ctr->ctr.ctr1->count;
+
+		return WERR_OK;
+	}
+	case 2:
+	{
+		unsigned int i, y = 0;
+		unsigned int count;
+		struct srvsvc_NetShareCtr2 *ctr2;
+
+		SRVSVC_CHECK_ADMIN_ACCESS;
+
+		ctr2 = talloc(mem_ctx, struct srvsvc_NetShareCtr2);
+		W_ERROR_HAVE_NO_MEMORY(ctr2);
+
+		count = numshares;
+		ctr2->count = count;
+		ctr2->array = NULL;
+
+		if (ctr2->count == 0) {
+			r->out.info_ctr->ctr.ctr2	= ctr2;
+			return WERR_OK;
+		}
+
+		ctr2->array = talloc_array(mem_ctx, struct srvsvc_NetShareInfo2, count);
+		W_ERROR_HAVE_NO_MEMORY(ctr2->array);
+
+		for (i=0; i < count; i++) {
+			WERROR status;
+			union srvsvc_NetShareInfo info;
+			enum srvsvc_ShareType type;
+
+			nterr = share_get_config(mem_ctx, sctx, snames[i], &scfg);
+			if (!NT_STATUS_IS_OK(nterr)) {
+				DEBUG(1, ("ERROR: Service [%s] disappeared after enumeration\n", snames[i]));
+				return WERR_GEN_FAILURE;
+			}
+
+			type = dcesrv_common_get_share_type(mem_ctx, dce_ctx, scfg);
+			if (type & STYPE_HIDDEN) {
+				ctr2->count--;
+				talloc_free(scfg);
+				continue;
+			}
+
+			info.info2 = &ctr2->array[y];
+			status = dcesrv_srvsvc_fiel_ShareInfo(dce_call, mem_ctx, scfg, r->in.info_ctr->level, &info);
+			W_ERROR_NOT_OK_RETURN(status);
+			talloc_free(scfg);
+			y++;
+		}
+		talloc_free(snames);
+
+		r->out.info_ctr->ctr.ctr2	= ctr2;
+		*r->out.totalentries		= r->out.info_ctr->ctr.ctr2->count;
+
+		return WERR_OK;
+	}
+	case 502:
+	{
+		unsigned int i, y = 0;
+		unsigned int count;
+		struct srvsvc_NetShareCtr502 *ctr502;
+
+		SRVSVC_CHECK_ADMIN_ACCESS;
+
+		ctr502 = talloc(mem_ctx, struct srvsvc_NetShareCtr502);
+		W_ERROR_HAVE_NO_MEMORY(ctr502);
+
+		count = numshares;
+		ctr502->count = count;
+		ctr502->array = NULL;
+
+		if (ctr502->count == 0) {
+			r->out.info_ctr->ctr.ctr502	= ctr502;
+			return WERR_OK;
+		}
+
+		ctr502->array = talloc_array(mem_ctx, struct srvsvc_NetShareInfo502, count);
+		W_ERROR_HAVE_NO_MEMORY(ctr502->array);
+
+		for (i=0; i < count; i++) {
+			WERROR status;
+			union srvsvc_NetShareInfo info;
+			enum srvsvc_ShareType type;
+
+			nterr = share_get_config(mem_ctx, sctx, snames[i], &scfg);
+			if (!NT_STATUS_IS_OK(nterr)) {
+				DEBUG(1, ("ERROR: Service [%s] disappeared after enumeration\n", snames[i]));
+				return WERR_GEN_FAILURE;
+			}
+
+		       	type = dcesrv_common_get_share_type(mem_ctx, dce_ctx, scfg);
+			if (type & STYPE_HIDDEN) {
+				ctr502->count--;
+				talloc_free(scfg);
+				continue;
+			}
+
+			info.info502 = &ctr502->array[y];
+			status = dcesrv_srvsvc_fiel_ShareInfo(dce_call, mem_ctx, scfg, r->in.info_ctr->level, &info);
+			W_ERROR_NOT_OK_RETURN(status);
+			talloc_free(scfg);
+			y++;
+		}
+		talloc_free(snames);
+
+		r->out.info_ctr->ctr.ctr502	= ctr502;
+		*r->out.totalentries		= r->out.info_ctr->ctr.ctr502->count;
+
+		return WERR_OK;
+	}
+	default:
+		return WERR_INVALID_LEVEL;
+	}
+}
+
+
+/* 
+  srvsvc_NetShareDelStart 
+*/
+static WERROR dcesrv_srvsvc_NetShareDelStart(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NetShareDelStart *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  srvsvc_NetShareDelCommit 
+*/
+static WERROR dcesrv_srvsvc_NetShareDelCommit(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NetShareDelCommit *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  srvsvc_NetGetFileSecurity 
+*/
+static WERROR dcesrv_srvsvc_NetGetFileSecurity(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NetGetFileSecurity *r)
+{
+	struct auth_session_info *session_info =
+		dcesrv_call_session_info(dce_call);
+	struct sec_desc_buf *sd_buf;
+	struct ntvfs_context *ntvfs_ctx = NULL;
+	struct ntvfs_request *ntvfs_req;
+	union smb_fileinfo *io;
+	NTSTATUS nt_status;
+
+	nt_status = srvsvc_create_ntvfs_context(dce_call, mem_ctx, r->in.share, &ntvfs_ctx);
+	if (!NT_STATUS_IS_OK(nt_status)) return ntstatus_to_werror(nt_status);
+
+	ntvfs_req = ntvfs_request_create(ntvfs_ctx, mem_ctx,
+					 session_info,
+					 0,
+					 dce_call->time,
+					 NULL, NULL, 0);
+	W_ERROR_HAVE_NO_MEMORY(ntvfs_req);
+
+	sd_buf = talloc(mem_ctx, struct sec_desc_buf);
+	W_ERROR_HAVE_NO_MEMORY(sd_buf);
+
+	io = talloc(mem_ctx, union smb_fileinfo);
+	W_ERROR_HAVE_NO_MEMORY(io);
+
+	io->query_secdesc.level			= RAW_FILEINFO_SEC_DESC;
+	io->query_secdesc.in.file.path		= r->in.file;
+	io->query_secdesc.in.secinfo_flags	= r->in.securityinformation;
+
+	nt_status = ntvfs_qpathinfo(ntvfs_req, io);
+	if (!NT_STATUS_IS_OK(nt_status)) return ntstatus_to_werror(nt_status);
+
+	sd_buf->sd = io->query_secdesc.out.sd;
+
+	*r->out.sd_buf = sd_buf;
+	return WERR_OK;
+}
+
+
+/* 
+  srvsvc_NetSetFileSecurity 
+*/
+static WERROR dcesrv_srvsvc_NetSetFileSecurity(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NetSetFileSecurity *r)
+{
+	struct auth_session_info *session_info =
+		dcesrv_call_session_info(dce_call);
+	struct ntvfs_context *ntvfs_ctx;
+	struct ntvfs_request *ntvfs_req;
+	union smb_setfileinfo *io;
+	NTSTATUS nt_status;
+
+	nt_status = srvsvc_create_ntvfs_context(dce_call, mem_ctx, r->in.share, &ntvfs_ctx);
+	if (!NT_STATUS_IS_OK(nt_status)) return ntstatus_to_werror(nt_status);
+
+	ntvfs_req = ntvfs_request_create(ntvfs_ctx, mem_ctx,
+					 session_info,
+					 0,
+					 dce_call->time,
+					 NULL, NULL, 0);
+	W_ERROR_HAVE_NO_MEMORY(ntvfs_req);
+
+	io = talloc(mem_ctx, union smb_setfileinfo);
+	W_ERROR_HAVE_NO_MEMORY(io);
+
+	io->set_secdesc.level			= RAW_SFILEINFO_SEC_DESC;
+	io->set_secdesc.in.file.path		= r->in.file;
+	io->set_secdesc.in.secinfo_flags	= r->in.securityinformation;
+	io->set_secdesc.in.sd			= r->in.sd_buf->sd;
+
+	nt_status = ntvfs_setpathinfo(ntvfs_req, io);
+	if (!NT_STATUS_IS_OK(nt_status)) return ntstatus_to_werror(nt_status);
+
+	return WERR_OK;
+}
+
+
+/* 
+  srvsvc_NetServerTransportAddEx 
+*/
+static WERROR dcesrv_srvsvc_NetServerTransportAddEx(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NetServerTransportAddEx *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  srvsvc_NetServerSetServiceBitsEx 
+*/
+static WERROR dcesrv_srvsvc_NetServerSetServiceBitsEx(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NetServerSetServiceBitsEx *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  srvsvc_NETRDFSGETVERSION 
+*/
+static WERROR dcesrv_srvsvc_NETRDFSGETVERSION(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NETRDFSGETVERSION *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  srvsvc_NETRDFSCREATELOCALPARTITION 
+*/
+static WERROR dcesrv_srvsvc_NETRDFSCREATELOCALPARTITION(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NETRDFSCREATELOCALPARTITION *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  srvsvc_NETRDFSDELETELOCALPARTITION 
+*/
+static WERROR dcesrv_srvsvc_NETRDFSDELETELOCALPARTITION(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NETRDFSDELETELOCALPARTITION *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  srvsvc_NETRDFSSETLOCALVOLUMESTATE 
+*/
+static WERROR dcesrv_srvsvc_NETRDFSSETLOCALVOLUMESTATE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NETRDFSSETLOCALVOLUMESTATE *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  srvsvc_NETRDFSSETSERVERINFO 
+*/
+static WERROR dcesrv_srvsvc_NETRDFSSETSERVERINFO(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NETRDFSSETSERVERINFO *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  srvsvc_NETRDFSCREATEEXITPOINT 
+*/
+static WERROR dcesrv_srvsvc_NETRDFSCREATEEXITPOINT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NETRDFSCREATEEXITPOINT *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  srvsvc_NETRDFSDELETEEXITPOINT 
+*/
+static WERROR dcesrv_srvsvc_NETRDFSDELETEEXITPOINT(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NETRDFSDELETEEXITPOINT *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  srvsvc_NETRDFSMODIFYPREFIX 
+*/
+static WERROR dcesrv_srvsvc_NETRDFSMODIFYPREFIX(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NETRDFSMODIFYPREFIX *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  srvsvc_NETRDFSFIXLOCALVOLUME 
+*/
+static WERROR dcesrv_srvsvc_NETRDFSFIXLOCALVOLUME(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NETRDFSFIXLOCALVOLUME *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  srvsvc_NETRDFSMANAGERREPORTSITEINFO 
+*/
+static WERROR dcesrv_srvsvc_NETRDFSMANAGERREPORTSITEINFO(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NETRDFSMANAGERREPORTSITEINFO *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* 
+  srvsvc_NETRSERVERTRANSPORTDELEX 
+*/
+static WERROR dcesrv_srvsvc_NETRSERVERTRANSPORTDELEX(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NETRSERVERTRANSPORTDELEX *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/* 
+  srvsvc_NetShareDel 
+*/
+static WERROR dcesrv_srvsvc_NetShareDel(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NetShareDel *r)
+{
+	NTSTATUS nterr;
+	struct share_context *sctx;
+		
+	nterr = share_get_context(mem_ctx, dce_call->conn->dce_ctx->lp_ctx, &sctx);
+	if (!NT_STATUS_IS_OK(nterr)) {
+		return ntstatus_to_werror(nterr);
+	}
+			
+	nterr = share_remove(sctx, r->in.share_name);
+	if (!NT_STATUS_IS_OK(nterr)) {
+		return ntstatus_to_werror(nterr);
+	}
+
+	return WERR_OK;
+}
+
+/* 
+  srvsvc_NetSetServiceBits 
+*/
+static WERROR dcesrv_srvsvc_NetSetServiceBits(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NetSetServiceBits *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/* 
+  srvsvc_NETRPRNAMECANONICALIZE 
+*/
+static WERROR dcesrv_srvsvc_NETRPRNAMECANONICALIZE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct srvsvc_NETRPRNAMECANONICALIZE *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+/* include the generated boilerplate */
+#include "librpc/gen_ndr/ndr_srvsvc_s.c"
diff --git a/source4/rpc_server/srvsvc/srvsvc_ntvfs.c b/source4/rpc_server/srvsvc/srvsvc_ntvfs.c
new file mode 100644
index 0000000..167e8f1
--- /dev/null
+++ b/source4/rpc_server/srvsvc/srvsvc_ntvfs.c
@@ -0,0 +1,139 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   srvsvc pipe ntvfs helper functions
+
+   Copyright (C) Stefan (metze) Metzmacher 2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+#include "includes.h"
+#include "ntvfs/ntvfs.h"
+#include "rpc_server/dcerpc_server.h"
+#include "param/param.h"
+#include "rpc_server/srvsvc/proto.h"
+
+struct srvsvc_ntvfs_ctx {
+	struct ntvfs_context *ntvfs;
+};
+
+static int srvsvc_ntvfs_ctx_destructor(struct srvsvc_ntvfs_ctx *c)
+{
+	ntvfs_disconnect(c->ntvfs);
+	return 0;
+}
+
+NTSTATUS srvsvc_create_ntvfs_context(struct dcesrv_call_state *dce_call,
+				     TALLOC_CTX *mem_ctx,
+				     const char *share,
+				     struct ntvfs_context **_ntvfs)
+{
+	struct auth_session_info *session_info =
+		dcesrv_call_session_info(dce_call);
+	struct imessaging_context *imsg_ctx =
+		dcesrv_imessaging_context(dce_call->conn);
+	struct server_id server_id = dcesrv_server_id(dce_call->conn);
+	NTSTATUS status;
+	struct srvsvc_ntvfs_ctx	*c;
+	struct ntvfs_request *ntvfs_req;
+	enum ntvfs_type type;
+	struct share_context *sctx;
+	struct share_config *scfg;
+	char *sharetype;
+	union smb_tcon tcon;
+	const struct tsocket_address *local_address;
+	const struct tsocket_address *remote_address;
+
+	status = share_get_context(mem_ctx, dce_call->conn->dce_ctx->lp_ctx, &sctx);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	status = share_get_config(mem_ctx, sctx, share, &scfg);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("srvsvc_create_ntvfs_context: couldn't find service %s\n", share));
+		return status;
+	}
+
+#if 0 /* TODO: fix access checking */
+	if (!socket_check_access(dce_call->connection->socket, 
+				 scfg->name, 
+				 share_string_list_option(scfg, SHARE_HOSTS_ALLOW), 
+				 share_string_list_option(scfg, SHARE_HOSTS_DENY))) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+#endif
+
+	/* work out what sort of connection this is */
+	sharetype = share_string_option(mem_ctx, scfg, SHARE_TYPE, SHARE_TYPE_DEFAULT);
+	if (sharetype && strcmp(sharetype, "IPC") == 0) {
+		type = NTVFS_IPC;
+	} else if (sharetype && strcmp(sharetype, "PRINTER")) {
+		type = NTVFS_PRINT;
+	} else {
+		type = NTVFS_DISK;
+	}
+
+	TALLOC_FREE(sharetype);
+
+	c = talloc(mem_ctx, struct srvsvc_ntvfs_ctx);
+	NT_STATUS_HAVE_NO_MEMORY(c);
+	
+	/* init ntvfs function pointers */
+	status = ntvfs_init_connection(c, scfg, type,
+				       PROTOCOL_NT1,
+				       0,/* ntvfs_client_caps */
+				       dce_call->event_ctx,
+				       imsg_ctx,
+				       dce_call->conn->dce_ctx->lp_ctx,
+				       server_id,
+				       &c->ntvfs);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("srvsvc_create_ntvfs_context: ntvfs_init_connection failed for service %s\n", 
+			  scfg->name));
+		return status;
+	}
+	talloc_set_destructor(c, srvsvc_ntvfs_ctx_destructor);
+
+	/*
+	 * NOTE: we only set the addr callbacks as we're not interested in oplocks or in getting file handles
+	 */
+	local_address = dcesrv_connection_get_local_address(dce_call->conn);
+	remote_address = dcesrv_connection_get_remote_address(dce_call->conn);
+	status = ntvfs_set_addresses(c->ntvfs, local_address, remote_address);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("srvsvc_create_ntvfs_context: NTVFS failed to set the addr callbacks!\n"));
+		return status;
+	}
+
+	ntvfs_req = ntvfs_request_create(c->ntvfs, mem_ctx,
+					 session_info,
+					 0, /* TODO: fill in PID */
+					 dce_call->time,
+					 NULL, NULL, 0);
+	NT_STATUS_HAVE_NO_MEMORY(ntvfs_req);
+
+	/* Invoke NTVFS connection hook */
+	tcon.tcon.level = RAW_TCON_TCON;
+	ZERO_STRUCT(tcon.tcon.in);
+	tcon.tcon.in.service = scfg->name;
+	status = ntvfs_connect(ntvfs_req, &tcon);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("srvsvc_create_ntvfs_context: NTVFS ntvfs_connect() failed!\n"));
+		return status;
+	}
+
+	*_ntvfs = c->ntvfs;
+	return NT_STATUS_OK;
+}
diff --git a/source4/rpc_server/tests/rpc_dns_server_dnsutils_test.c b/source4/rpc_server/tests/rpc_dns_server_dnsutils_test.c
new file mode 100644
index 0000000..cdb245e
--- /dev/null
+++ b/source4/rpc_server/tests/rpc_dns_server_dnsutils_test.c
@@ -0,0 +1,304 @@
+/*
+ * Unit tests for source4/rpc_server/dnsserver/dnsutils.c
+ *
+ *  Copyright (C) Catalyst.NET Ltd 2018
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+/*
+ * from cmocka.c:
+ * These headers or their equivalents should be included prior to
+ * including
+ * this header file.
+ *
+ * #include <stdarg.h>
+ * #include <stddef.h>
+ * #include <setjmp.h>
+ *
+ * This allows test applications to use custom definitions of C standard
+ * library functions and types.
+ *
+ */
+
+#include <stdarg.h>
+#include <stddef.h>
+#include <setjmp.h>
+#include <cmocka.h>
+
+
+#include "../dnsserver/dnsutils.c"
+
+
+/*
+ * Test setting of an empty ZONE_MASTER_SERVERS property
+ */
+static void test_dnsserver_init_zoneinfo_master_servers_empty(void **state)
+{
+	struct dnsserver_zone *zone = NULL;
+	struct dnsserver_serverinfo *serverinfo = NULL;
+	struct dnsserver_zoneinfo *zoneinfo = NULL;
+	struct dnsp_DnsProperty *property = NULL;
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	/*
+	 * Setup the zone data
+	 */
+	zone = talloc_zero(ctx, struct dnsserver_zone);
+	assert_non_null(zone);
+	zone->name = "test";
+
+	/*
+	 * Set up an empty ZONE_MASTER_SERVERS property
+	 */
+	property = talloc_zero_array(ctx, struct dnsp_DnsProperty, 1);
+	assert_non_null(property);
+	property->id = DSPROPERTY_ZONE_MASTER_SERVERS;
+	property->data.master_servers.addrCount = 0;
+	property->data.master_servers.addrArray = NULL;
+
+	zone->tmp_props = property;
+	zone->num_props = 1;
+
+
+	/*
+	 * Setup the server info
+	 */
+	serverinfo = talloc_zero(ctx, struct dnsserver_serverinfo);
+	assert_non_null(serverinfo);
+
+	/*
+	 * call dnsserver_init_zoneinfo
+	 */
+	zoneinfo = dnsserver_init_zoneinfo(zone, serverinfo);
+
+	/*
+	 * Check results
+	 */
+	assert_non_null(zoneinfo);
+	assert_non_null(zoneinfo->aipLocalMasters);
+	assert_int_equal(zoneinfo->aipLocalMasters->AddrCount, 0);
+	assert_null(zoneinfo->aipLocalMasters->AddrArray);
+
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * Test setting of a non empty ZONE_MASTER_SERVERS property
+ */
+static void test_dnsserver_init_zoneinfo_master_servers(void **state)
+{
+	struct dnsserver_zone *zone = NULL;
+	struct dnsserver_serverinfo *serverinfo = NULL;
+	struct dnsserver_zoneinfo *zoneinfo = NULL;
+	struct dnsp_DnsProperty *property = NULL;
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	/*
+	 * Setup the zone data
+	 */
+	zone = talloc_zero(ctx, struct dnsserver_zone);
+	assert_non_null(zone);
+	zone->name = "test";
+
+	/*
+	 * Set up an empty ZONE_MASTER_SERVERS property
+	 */
+	property = talloc_zero_array(ctx, struct dnsp_DnsProperty, 1);
+	assert_non_null(property);
+	property->id = DSPROPERTY_ZONE_MASTER_SERVERS;
+	property->data.master_servers.addrCount = 4;
+	property->data.master_servers.addrArray =
+		talloc_zero_array(ctx, uint32_t, 4);
+	property->data.master_servers.addrArray[0] = 1000;
+	property->data.master_servers.addrArray[1] = 1001;
+	property->data.master_servers.addrArray[2] = 1002;
+	property->data.master_servers.addrArray[3] = 1003;
+
+	zone->tmp_props = property;
+	zone->num_props = 1;
+
+
+	/*
+	 * Setup the server info
+	 */
+	serverinfo = talloc_zero(ctx, struct dnsserver_serverinfo);
+	assert_non_null(serverinfo);
+
+	/*
+	 * call dnsserver_init_zoneinfo
+	 */
+	zoneinfo = dnsserver_init_zoneinfo(zone, serverinfo);
+
+	/*
+	 * Check results
+	 */
+	assert_non_null(zoneinfo);
+	assert_non_null(zoneinfo->aipLocalMasters);
+	assert_int_equal(zoneinfo->aipLocalMasters->AddrCount, 4);
+	assert_non_null(zoneinfo->aipLocalMasters->AddrArray);
+	assert_int_equal(zoneinfo->aipLocalMasters->AddrArray[0], 1000);
+	assert_int_equal(zoneinfo->aipLocalMasters->AddrArray[1], 1001);
+	assert_int_equal(zoneinfo->aipLocalMasters->AddrArray[2], 1002);
+	assert_int_equal(zoneinfo->aipLocalMasters->AddrArray[3], 1003);
+
+	/*
+	 * Ensure that we're working with a copy of the property data
+	 * and not a reference.
+	 * The pointers should be different, and we should be able to change
+	 * the values in the property without affecting the zoneinfo data
+	 */
+	assert_true(zoneinfo->aipLocalMasters->AddrArray !=
+		    property->data.master_servers.addrArray);
+	property->data.master_servers.addrArray[0] = 0;
+	property->data.master_servers.addrArray[1] = 1;
+	property->data.master_servers.addrArray[2] = 2;
+	property->data.master_servers.addrArray[3] = 3;
+	assert_int_equal(zoneinfo->aipLocalMasters->AddrArray[0], 1000);
+	assert_int_equal(zoneinfo->aipLocalMasters->AddrArray[1], 1001);
+	assert_int_equal(zoneinfo->aipLocalMasters->AddrArray[2], 1002);
+	assert_int_equal(zoneinfo->aipLocalMasters->AddrArray[3], 1003);
+
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * Test setting of an empty ZONE_SCAVENGING_SERVERS property
+ */
+static void test_dnsserver_init_zoneinfo_scavenging_servers_empty(void **state)
+{
+	struct dnsserver_zone *zone = NULL;
+	struct dnsserver_serverinfo *serverinfo = NULL;
+	struct dnsserver_zoneinfo *zoneinfo = NULL;
+	struct dnsp_DnsProperty *property = NULL;
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	/*
+	 * Setup the zone data
+	 */
+	zone = talloc_zero(ctx, struct dnsserver_zone);
+	assert_non_null(zone);
+	zone->name = "test";
+
+	property = talloc_zero_array(ctx, struct dnsp_DnsProperty, 1);
+	assert_non_null(property);
+	property->id = DSPROPERTY_ZONE_SCAVENGING_SERVERS;
+	property->data.servers.addrCount = 0;
+	property->data.servers.addrArray = NULL;
+
+	zone->tmp_props = property;
+	zone->num_props = 1;
+
+
+	serverinfo = talloc_zero(ctx, struct dnsserver_serverinfo);
+	assert_non_null(serverinfo);
+
+	zoneinfo = dnsserver_init_zoneinfo(zone, serverinfo);
+
+	assert_non_null(zoneinfo);
+	assert_non_null(zoneinfo->aipScavengeServers);
+	assert_int_equal(zoneinfo->aipScavengeServers->AddrCount, 0);
+	assert_null(zoneinfo->aipScavengeServers->AddrArray);
+
+	TALLOC_FREE(ctx);
+}
+
+/*
+ * Test setting of a non empty ZONE_SCAVENGING_SERVERS property
+ */
+static void test_dnsserver_init_zoneinfo_scavenging_servers(void **state)
+{
+	struct dnsserver_zone *zone = NULL;
+	struct dnsserver_serverinfo *serverinfo = NULL;
+	struct dnsserver_zoneinfo *zoneinfo = NULL;
+	struct dnsp_DnsProperty *property = NULL;
+
+	TALLOC_CTX *ctx = talloc_new(NULL);
+
+	/*
+	 * Setup the zone data
+	 */
+	zone = talloc_zero(ctx, struct dnsserver_zone);
+	assert_non_null(zone);
+	zone->name = "test";
+
+	property = talloc_zero_array(ctx, struct dnsp_DnsProperty, 1);
+	assert_non_null(property);
+	property->id = DSPROPERTY_ZONE_SCAVENGING_SERVERS;
+	property->data.servers.addrCount = 4;
+	property->data.servers.addrArray = talloc_zero_array(ctx, uint32_t, 4);
+	property->data.servers.addrArray[0] = 1000;
+	property->data.servers.addrArray[1] = 1001;
+	property->data.servers.addrArray[2] = 1002;
+	property->data.servers.addrArray[3] = 1003;
+
+	zone->tmp_props = property;
+	zone->num_props = 1;
+
+
+	serverinfo = talloc_zero(ctx, struct dnsserver_serverinfo);
+	assert_non_null(serverinfo);
+
+	zoneinfo = dnsserver_init_zoneinfo(zone, serverinfo);
+
+	assert_non_null(zoneinfo);
+	assert_non_null(zoneinfo->aipScavengeServers);
+	assert_int_equal(zoneinfo->aipScavengeServers->AddrCount, 4);
+	assert_non_null(zoneinfo->aipScavengeServers->AddrArray);
+	assert_non_null(zoneinfo->aipScavengeServers->AddrArray);
+	assert_int_equal(zoneinfo->aipScavengeServers->AddrArray[0], 1000);
+	assert_int_equal(zoneinfo->aipScavengeServers->AddrArray[1], 1001);
+	assert_int_equal(zoneinfo->aipScavengeServers->AddrArray[2], 1002);
+	assert_int_equal(zoneinfo->aipScavengeServers->AddrArray[3], 1003);
+
+	/*
+	 * Ensure that we're working with a copy of the property data
+	 * and not a reference.
+	 * The pointers should be different, and we should be able to change
+	 * the values in the property without affecting the zoneinfo data
+	 */
+	assert_true(zoneinfo->aipScavengeServers->AddrArray !=
+		    property->data.servers.addrArray);
+	property->data.servers.addrArray[0] = 0;
+	property->data.servers.addrArray[1] = 1;
+	property->data.servers.addrArray[2] = 2;
+	property->data.servers.addrArray[3] = 3;
+	assert_int_equal(zoneinfo->aipScavengeServers->AddrArray[0], 1000);
+	assert_int_equal(zoneinfo->aipScavengeServers->AddrArray[1], 1001);
+	assert_int_equal(zoneinfo->aipScavengeServers->AddrArray[2], 1002);
+	assert_int_equal(zoneinfo->aipScavengeServers->AddrArray[3], 1003);
+
+
+	TALLOC_FREE(ctx);
+}
+int main(int argc, const char **argv)
+{
+	const struct CMUnitTest tests[] = {
+		cmocka_unit_test(
+		    test_dnsserver_init_zoneinfo_master_servers_empty),
+		cmocka_unit_test(
+		    test_dnsserver_init_zoneinfo_master_servers),
+		cmocka_unit_test(
+		    test_dnsserver_init_zoneinfo_scavenging_servers_empty),
+		cmocka_unit_test(
+		    test_dnsserver_init_zoneinfo_scavenging_servers),
+	};
+
+	cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
+	return cmocka_run_group_tests(tests, NULL, NULL);
+}
diff --git a/source4/rpc_server/unixinfo/dcesrv_unixinfo.c b/source4/rpc_server/unixinfo/dcesrv_unixinfo.c
new file mode 100644
index 0000000..848c11f
--- /dev/null
+++ b/source4/rpc_server/unixinfo/dcesrv_unixinfo.c
@@ -0,0 +1,191 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   endpoint server for the unixinfo pipe
+
+   Copyright (C) Volker Lendecke 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "rpc_server/dcerpc_server.h"
+#include "librpc/gen_ndr/ndr_unixinfo.h"
+#include "libcli/wbclient/wbclient.h"
+#include "system/passwd.h"
+
+static NTSTATUS dcesrv_unixinfo_SidToUid(struct dcesrv_call_state *dce_call,
+				  TALLOC_CTX *mem_ctx,
+				  struct unixinfo_SidToUid *r)
+{
+	NTSTATUS status;
+	struct id_map *ids;
+
+	DEBUG(5, ("dcesrv_unixinfo_SidToUid called\n"));
+
+	ids = talloc(mem_ctx, struct id_map);
+	NT_STATUS_HAVE_NO_MEMORY(ids);
+
+	ids->sid = &r->in.sid;
+	ids->status = ID_UNKNOWN;
+	ZERO_STRUCT(ids->xid);
+	status = wbc_sids_to_xids(ids, 1);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	if (ids->xid.type == ID_TYPE_BOTH ||
+	    ids->xid.type == ID_TYPE_UID) {
+		*r->out.uid = ids->xid.id;
+		return NT_STATUS_OK;
+	} else {
+		return NT_STATUS_INVALID_SID;
+	}
+}
+
+static NTSTATUS dcesrv_unixinfo_UidToSid(struct dcesrv_call_state *dce_call,
+				  TALLOC_CTX *mem_ctx,
+				  struct unixinfo_UidToSid *r)
+{
+	struct id_map *ids;
+	uint32_t uid;
+	NTSTATUS status;
+
+	DEBUG(5, ("dcesrv_unixinfo_UidToSid called\n"));
+
+	uid = r->in.uid; 	/* This cuts uid to 32 bit */
+	if ((uint64_t)uid != r->in.uid) {
+		DEBUG(10, ("uid out of range\n"));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	ids = talloc(mem_ctx, struct id_map);
+	NT_STATUS_HAVE_NO_MEMORY(ids);
+
+	ids->sid = NULL;
+	ids->status = ID_UNKNOWN;
+
+	ids->xid.id = uid;
+	ids->xid.type = ID_TYPE_UID;
+
+	status = wbc_xids_to_sids(ids, 1);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	r->out.sid = ids->sid;
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS dcesrv_unixinfo_SidToGid(struct dcesrv_call_state *dce_call,
+				  TALLOC_CTX *mem_ctx,
+				  struct unixinfo_SidToGid *r)
+{
+	NTSTATUS status;
+	struct id_map *ids;
+
+	DEBUG(5, ("dcesrv_unixinfo_SidToGid called\n"));
+
+	ids = talloc(mem_ctx, struct id_map);
+	NT_STATUS_HAVE_NO_MEMORY(ids);
+
+	ids->sid = &r->in.sid;
+	ids->status = ID_UNKNOWN;
+	ZERO_STRUCT(ids->xid);
+	status = wbc_sids_to_xids(ids, 1);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	if (ids->xid.type == ID_TYPE_BOTH ||
+	    ids->xid.type == ID_TYPE_GID) {
+		*r->out.gid = ids->xid.id;
+		return NT_STATUS_OK;
+	} else {
+		return NT_STATUS_INVALID_SID;
+	}
+}
+
+static NTSTATUS dcesrv_unixinfo_GidToSid(struct dcesrv_call_state *dce_call,
+				  TALLOC_CTX *mem_ctx,
+				  struct unixinfo_GidToSid *r)
+{
+	struct id_map *ids;
+	uint32_t gid;
+	NTSTATUS status;
+
+	DEBUG(5, ("dcesrv_unixinfo_GidToSid called\n"));
+
+	gid = r->in.gid; 	/* This cuts gid to 32 bit */
+	if ((uint64_t)gid != r->in.gid) {
+		DEBUG(10, ("gid out of range\n"));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	ids = talloc(mem_ctx, struct id_map);
+	NT_STATUS_HAVE_NO_MEMORY(ids);
+
+	ids->sid = NULL;
+	ids->status = ID_UNKNOWN;
+
+	ids->xid.id = gid;
+	ids->xid.type = ID_TYPE_GID;
+
+	status = wbc_xids_to_sids(ids, 1);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	r->out.sid = ids->sid;
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS dcesrv_unixinfo_GetPWUid(struct dcesrv_call_state *dce_call,
+				  TALLOC_CTX *mem_ctx,
+				  struct unixinfo_GetPWUid *r)
+{
+	unsigned int i;
+
+	*r->out.count = 0;
+
+	r->out.infos = talloc_zero_array(mem_ctx, struct unixinfo_GetPWUidInfo,
+					 *r->in.count);
+	NT_STATUS_HAVE_NO_MEMORY(r->out.infos);
+	*r->out.count = *r->in.count;
+
+	for (i=0; i < *r->in.count; i++) {
+		uid_t uid;
+		struct passwd *pwd;
+
+		uid = r->in.uids[i];
+		pwd = getpwuid(uid);
+		if (pwd == NULL) {
+			DEBUG(10, ("uid %d not found\n", uid));
+			r->out.infos[i].homedir = "";
+			r->out.infos[i].shell = "";
+			r->out.infos[i].status = NT_STATUS_NO_SUCH_USER;
+			continue;
+		}
+
+		r->out.infos[i].homedir = talloc_strdup(mem_ctx, pwd->pw_dir);
+		r->out.infos[i].shell = talloc_strdup(mem_ctx, pwd->pw_shell);
+
+		if ((r->out.infos[i].homedir == NULL) ||
+		    (r->out.infos[i].shell == NULL)) {
+			r->out.infos[i].homedir = "";
+			r->out.infos[i].shell = "";
+			r->out.infos[i].status = NT_STATUS_NO_MEMORY;
+			continue;
+		}
+
+		r->out.infos[i].status = NT_STATUS_OK;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/* include the generated boilerplate */
+#include "librpc/gen_ndr/ndr_unixinfo_s.c"
diff --git a/source4/rpc_server/winreg/README b/source4/rpc_server/winreg/README
new file mode 100644
index 0000000..03a81e7
--- /dev/null
+++ b/source4/rpc_server/winreg/README
@@ -0,0 +1,3 @@
+This is the RPC server for the registry for Samba. It is basically a
+front-end for the registry library in lib/registry. See
+lib/registry/README for more details.
diff --git a/source4/rpc_server/winreg/rpc_winreg.c b/source4/rpc_server/winreg/rpc_winreg.c
new file mode 100644
index 0000000..f8bd8c1
--- /dev/null
+++ b/source4/rpc_server/winreg/rpc_winreg.c
@@ -0,0 +1,744 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   endpoint server for the winreg pipe
+
+   Copyright (C) 2004 Jelmer Vernooij, jelmer@samba.org
+   Copyright (C) 2008 Matthias Dieter Wallnöfer, mwallnoefer@yahoo.de
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "rpc_server/dcerpc_server.h"
+#include "lib/registry/registry.h"
+#include "librpc/gen_ndr/ndr_winreg.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "libcli/security/session.h"
+
+enum handle_types { HTYPE_REGVAL, HTYPE_REGKEY };
+
+static WERROR dcesrv_winreg_openhive(struct dcesrv_call_state *dce_call,
+				     TALLOC_CTX *mem_ctx, uint32_t hkey,
+				     struct policy_handle **outh)
+{
+	struct auth_session_info *session_info =
+		dcesrv_call_session_info(dce_call);
+	struct registry_context *ctx = NULL;
+	struct dcesrv_handle *h;
+	WERROR result;
+
+	h = dcesrv_handle_create(dce_call, HTYPE_REGKEY);
+	W_ERROR_HAVE_NO_MEMORY(h);
+
+	result = reg_open_samba(h, &ctx,
+				dce_call->event_ctx,
+				dce_call->conn->dce_ctx->lp_ctx,
+				session_info,
+				NULL);
+	if (!W_ERROR_IS_OK(result)) {
+		DEBUG(0, ("Error opening registry: %s\n", win_errstr(result)));
+		return result;
+	}
+
+	result = reg_get_predefined_key(ctx, hkey,
+				       (struct registry_key **)&h->data);
+	if (!W_ERROR_IS_OK(result)) {
+		return result;
+	}
+	*outh = &h->wire_handle;
+
+	return result;
+}
+
+#define func_winreg_OpenHive(k,n) static WERROR dcesrv_winreg_Open ## k (struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct winreg_Open ## k *r) \
+{ \
+	return dcesrv_winreg_openhive (dce_call, mem_ctx, n, &r->out.handle);\
+}
+
+func_winreg_OpenHive(HKCR,HKEY_CLASSES_ROOT)
+func_winreg_OpenHive(HKCU,HKEY_CURRENT_USER)
+func_winreg_OpenHive(HKLM,HKEY_LOCAL_MACHINE)
+func_winreg_OpenHive(HKPD,HKEY_PERFORMANCE_DATA)
+func_winreg_OpenHive(HKU,HKEY_USERS)
+func_winreg_OpenHive(HKCC,HKEY_CURRENT_CONFIG)
+func_winreg_OpenHive(HKDD,HKEY_DYN_DATA)
+func_winreg_OpenHive(HKPT,HKEY_PERFORMANCE_TEXT)
+func_winreg_OpenHive(HKPN,HKEY_PERFORMANCE_NLSTEXT)
+
+/*
+  winreg_CloseKey
+*/
+static WERROR dcesrv_winreg_CloseKey(struct dcesrv_call_state *dce_call,
+				     TALLOC_CTX *mem_ctx,
+				     struct winreg_CloseKey *r)
+{
+	struct dcesrv_handle *h;
+
+	DCESRV_PULL_HANDLE_FAULT(h, r->in.handle, HTYPE_REGKEY);
+
+	talloc_unlink(dce_call->context, h);
+
+	ZERO_STRUCTP(r->out.handle);
+
+	return WERR_OK;
+}
+
+/*
+  winreg_CreateKey
+*/
+static WERROR dcesrv_winreg_CreateKey(struct dcesrv_call_state *dce_call,
+				      TALLOC_CTX *mem_ctx,
+				      struct winreg_CreateKey *r)
+{
+	struct auth_session_info *session_info =
+		dcesrv_call_session_info(dce_call);
+	struct dcesrv_handle *h, *newh;
+	struct security_descriptor sd;
+	struct registry_key *key;
+	WERROR result;
+
+	DCESRV_PULL_HANDLE_FAULT(h, r->in.handle, HTYPE_REGKEY);
+	key = h->data;
+
+	newh = dcesrv_handle_create(dce_call, HTYPE_REGKEY);
+
+	switch (security_session_user_level(session_info, NULL))
+	{
+	case SECURITY_SYSTEM:
+	case SECURITY_ADMINISTRATOR:
+		/* we support only non volatile keys */
+		if (r->in.options != REG_OPTION_NON_VOLATILE) {
+			return WERR_NOT_SUPPORTED;
+		}
+
+		/* the security descriptor is optional */
+		if (r->in.secdesc != NULL) {
+			DATA_BLOB sdblob;
+			enum ndr_err_code ndr_err;
+			sdblob.data = r->in.secdesc->sd.data;
+			sdblob.length = r->in.secdesc->sd.len;
+			if (sdblob.data == NULL) {
+				return WERR_INVALID_PARAMETER;
+			}
+			ndr_err = ndr_pull_struct_blob_all(&sdblob, mem_ctx, &sd,
+							   (ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
+			if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+				return WERR_INVALID_PARAMETER;
+			}
+		}
+		
+		result = reg_key_add_name(newh, key, r->in.name.name, NULL,
+			r->in.secdesc?&sd:NULL, (struct registry_key **)&newh->data);
+
+		r->out.action_taken = talloc(mem_ctx, enum winreg_CreateAction);
+		if (r->out.action_taken == NULL) {
+			talloc_free(newh);
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+		*r->out.action_taken = REG_ACTION_NONE;
+
+		if (W_ERROR_IS_OK(result)) {
+			r->out.new_handle = &newh->wire_handle;
+			*r->out.action_taken = REG_CREATED_NEW_KEY;
+		} else {
+			talloc_free(newh);
+		}
+
+		return result;
+	default:
+		return WERR_ACCESS_DENIED;
+	}
+}
+
+
+/*
+  winreg_DeleteKey
+*/
+static WERROR dcesrv_winreg_DeleteKey(struct dcesrv_call_state *dce_call,
+				      TALLOC_CTX *mem_ctx,
+				      struct winreg_DeleteKey *r)
+{
+	struct auth_session_info *session_info =
+		dcesrv_call_session_info(dce_call);
+	struct dcesrv_handle *h;
+	struct registry_key *key;
+	WERROR result;
+
+	DCESRV_PULL_HANDLE_FAULT(h, r->in.handle, HTYPE_REGKEY);
+	key = h->data;
+
+	switch (security_session_user_level(session_info, NULL))
+	{
+	case SECURITY_SYSTEM:
+	case SECURITY_ADMINISTRATOR:
+		result = reg_key_del(mem_ctx, key, r->in.key.name);
+		talloc_unlink(dce_call->context, h);
+
+		return result;
+	default:
+		return WERR_ACCESS_DENIED;
+	}
+}
+
+
+/*
+  winreg_DeleteValue
+*/
+static WERROR dcesrv_winreg_DeleteValue(struct dcesrv_call_state *dce_call,
+					TALLOC_CTX *mem_ctx,
+					struct winreg_DeleteValue *r)
+{
+	struct auth_session_info *session_info =
+		dcesrv_call_session_info(dce_call);
+	struct dcesrv_handle *h;
+	struct registry_key *key;
+
+	DCESRV_PULL_HANDLE_FAULT(h, r->in.handle, HTYPE_REGKEY);
+	key = h->data;
+
+	switch (security_session_user_level(session_info, NULL))
+	{
+	case SECURITY_SYSTEM:
+	case SECURITY_ADMINISTRATOR:
+		return reg_del_value(mem_ctx, key, r->in.value.name);
+	default:
+		return WERR_ACCESS_DENIED;
+	}
+}
+
+
+/*
+  winreg_EnumKey
+*/
+static WERROR dcesrv_winreg_EnumKey(struct dcesrv_call_state *dce_call,
+				    TALLOC_CTX *mem_ctx,
+				    struct winreg_EnumKey *r)
+{
+	struct dcesrv_handle *h;
+	struct registry_key *key;
+	const char *name, *classname;
+	NTTIME last_mod;
+	WERROR result;
+
+	DCESRV_PULL_HANDLE_FAULT(h, r->in.handle, HTYPE_REGKEY);
+	key = h->data;
+
+	result = reg_key_get_subkey_by_index(mem_ctx, 
+		key, r->in.enum_index, &name, &classname, &last_mod);
+
+	if (2*strlen_m_term(name) > r->in.name->size) {
+		return WERR_MORE_DATA;
+	}
+
+	if (name != NULL) {
+		r->out.name->name = name;
+		r->out.name->length = 2*strlen_m_term(name);
+	} else {
+		r->out.name->name = r->in.name->name;
+		r->out.name->length = r->in.name->length;
+	}
+	r->out.name->size = r->in.name->size;
+
+	r->out.keyclass = r->in.keyclass;
+	if (classname != NULL) {
+		r->out.keyclass->name = classname;
+		r->out.keyclass->length = 2*strlen_m_term(classname);
+	} else {
+		r->out.keyclass->name = r->in.keyclass->name;
+		r->out.keyclass->length = r->in.keyclass->length;
+	}
+	r->out.keyclass->size = r->in.keyclass->size;
+
+	if (r->in.last_changed_time != NULL)
+		r->out.last_changed_time = &last_mod;
+
+	return result;
+}
+
+
+/*
+  winreg_EnumValue
+*/
+static WERROR dcesrv_winreg_EnumValue(struct dcesrv_call_state *dce_call,
+				      TALLOC_CTX *mem_ctx,
+				      struct winreg_EnumValue *r)
+{
+	struct dcesrv_handle *h;
+	struct registry_key *key;
+	const char *data_name;
+	uint32_t data_type;
+	DATA_BLOB data;
+	WERROR result;
+
+	DCESRV_PULL_HANDLE_FAULT(h, r->in.handle, HTYPE_REGKEY);
+	key = h->data;
+
+	result = reg_key_get_value_by_index(mem_ctx, key,
+		r->in.enum_index, &data_name, &data_type, &data);
+
+	if (!W_ERROR_IS_OK(result)) {
+		/* if the lookup wasn't successful, send client query back */
+		data_name = r->in.name->name;
+		data_type = *r->in.type;
+		data.data = r->in.value;
+		data.length = *r->in.length;
+	}
+
+	/* "data_name" is NULL when we query the default attribute */
+	if (data_name != NULL) {
+		r->out.name->name = data_name;
+		r->out.name->length = 2*strlen_m_term(data_name);
+	} else {
+		r->out.name->name = r->in.name->name;
+		r->out.name->length = r->in.name->length;
+	}
+	r->out.name->size = r->in.name->size;
+
+	r->out.type = talloc(mem_ctx, enum winreg_Type);
+	if (!r->out.type) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+	*r->out.type = (enum winreg_Type) data_type;
+
+	if (r->in.size != NULL) {
+		r->out.size = talloc(mem_ctx, uint32_t);
+		*r->out.size = data.length;
+	}
+	/* check the client has enough room for the value */
+	if (r->in.value != NULL &&
+	    r->in.size != NULL &&
+	    data.length > *r->in.size) {
+		return WERR_MORE_DATA;
+	}
+
+	if (r->in.value != NULL) {
+		r->out.value = data.data;
+	}
+
+	if (r->in.length != NULL) {
+		r->out.length = r->out.size;
+	}
+
+	return result;
+}
+
+
+/*
+  winreg_FlushKey
+*/
+static WERROR dcesrv_winreg_FlushKey(struct dcesrv_call_state *dce_call,
+				     TALLOC_CTX *mem_ctx,
+				     struct winreg_FlushKey *r)
+{
+	struct auth_session_info *session_info =
+		dcesrv_call_session_info(dce_call);
+	struct dcesrv_handle *h;
+	struct registry_key *key;
+
+	DCESRV_PULL_HANDLE_FAULT(h, r->in.handle, HTYPE_REGKEY);
+	key = h->data;
+
+	switch (security_session_user_level(session_info, NULL))
+	{
+	case SECURITY_SYSTEM:
+	case SECURITY_ADMINISTRATOR:
+		return reg_key_flush(key);
+	default:
+		return WERR_ACCESS_DENIED;
+	}
+}
+
+
+/*
+  winreg_GetKeySecurity
+*/
+static WERROR dcesrv_winreg_GetKeySecurity(struct dcesrv_call_state *dce_call,
+					   TALLOC_CTX *mem_ctx,
+					   struct winreg_GetKeySecurity *r)
+{
+	struct dcesrv_handle *h;
+
+	DCESRV_PULL_HANDLE_FAULT(h, r->in.handle, HTYPE_REGKEY);
+
+	return WERR_NOT_SUPPORTED;
+}
+
+
+/*
+  winreg_LoadKey
+*/
+static WERROR dcesrv_winreg_LoadKey(struct dcesrv_call_state *dce_call,
+				    TALLOC_CTX *mem_ctx,
+				    struct winreg_LoadKey *r)
+{
+	return WERR_NOT_SUPPORTED;
+}
+
+
+/*
+  winreg_NotifyChangeKeyValue
+*/
+static WERROR dcesrv_winreg_NotifyChangeKeyValue(struct dcesrv_call_state *dce_call,
+						 TALLOC_CTX *mem_ctx,
+						 struct winreg_NotifyChangeKeyValue *r)
+{
+	return WERR_NOT_SUPPORTED;
+}
+
+
+/*
+  winreg_OpenKey
+*/
+static WERROR dcesrv_winreg_OpenKey(struct dcesrv_call_state *dce_call,
+				    TALLOC_CTX *mem_ctx,
+				    struct winreg_OpenKey *r)
+{
+	struct auth_session_info *session_info =
+		dcesrv_call_session_info(dce_call);
+	struct dcesrv_handle *h, *newh;
+	struct registry_key *key;
+	WERROR result;
+
+	DCESRV_PULL_HANDLE_FAULT(h, r->in.parent_handle, HTYPE_REGKEY);
+	key = h->data;
+
+	switch (security_session_user_level(session_info, NULL))
+	{
+	case SECURITY_SYSTEM:
+	case SECURITY_ADMINISTRATOR:
+	case SECURITY_USER:
+		if (r->in.keyname.name && strcmp(r->in.keyname.name, "") == 0) {
+			newh = talloc_reference(dce_call->context, h);
+			result = WERR_OK;
+		} else {
+			newh = dcesrv_handle_create(dce_call, HTYPE_REGKEY);
+			result = reg_open_key(newh, key, r->in.keyname.name,
+				(struct registry_key **)&newh->data);
+		}
+		
+		if (W_ERROR_IS_OK(result)) {
+			r->out.handle = &newh->wire_handle;
+		} else {
+			talloc_free(newh);
+		}
+		return result;
+	default:
+		return WERR_ACCESS_DENIED;
+	}
+}
+
+
+/*
+  winreg_QueryInfoKey
+*/
+static WERROR dcesrv_winreg_QueryInfoKey(struct dcesrv_call_state *dce_call,
+					 TALLOC_CTX *mem_ctx,
+					 struct winreg_QueryInfoKey *r)
+{
+	struct auth_session_info *session_info =
+		dcesrv_call_session_info(dce_call);
+	struct dcesrv_handle *h;
+	struct registry_key *key;
+	const char *classname = NULL;
+	WERROR result;
+
+	DCESRV_PULL_HANDLE_FAULT(h, r->in.handle, HTYPE_REGKEY);
+	key = h->data;
+
+	switch (security_session_user_level(session_info, NULL))
+	{
+	case SECURITY_SYSTEM:
+	case SECURITY_ADMINISTRATOR:
+	case SECURITY_USER:
+		result = reg_key_get_info(mem_ctx, key, &classname,
+			r->out.num_subkeys, r->out.num_values,
+			r->out.last_changed_time, r->out.max_subkeylen,
+			r->out.max_valnamelen, r->out.max_valbufsize);
+
+		if (r->out.max_subkeylen != NULL) {
+			/* for UTF16 encoding */
+			*r->out.max_subkeylen *= 2;
+		}
+		if (r->out.max_valnamelen != NULL) {
+			/* for UTF16 encoding */
+			*r->out.max_valnamelen *= 2;
+		}
+
+		if (classname != NULL) {
+			r->out.classname->name = classname;
+			r->out.classname->name_len = 2*strlen_m_term(classname);
+		} else {
+			r->out.classname->name = r->in.classname->name;
+			r->out.classname->name_len = r->in.classname->name_len;
+		}
+		r->out.classname->name_size = r->in.classname->name_size;
+
+		return result;
+	default:
+		return WERR_ACCESS_DENIED;
+	}
+}
+
+
+/*
+  winreg_QueryValue
+*/
+static WERROR dcesrv_winreg_QueryValue(struct dcesrv_call_state *dce_call,
+				       TALLOC_CTX *mem_ctx,
+				       struct winreg_QueryValue *r)
+{
+	struct auth_session_info *session_info =
+		dcesrv_call_session_info(dce_call);
+	struct dcesrv_handle *h;
+	struct registry_key *key;
+	uint32_t value_type;
+	DATA_BLOB value_data;
+	WERROR result;
+
+	DCESRV_PULL_HANDLE_FAULT(h, r->in.handle, HTYPE_REGKEY);
+	key = h->data;
+
+	switch (security_session_user_level(session_info, NULL))
+	{
+	case SECURITY_SYSTEM:
+	case SECURITY_ADMINISTRATOR:
+	case SECURITY_USER:
+		if ((r->in.type == NULL) || (r->in.data_length == NULL) ||
+		    (r->in.data_size == NULL)) {
+			return WERR_INVALID_PARAMETER;
+		}
+
+		result = reg_key_get_value_by_name(mem_ctx, key, 
+			 r->in.value_name->name, &value_type, &value_data);
+		
+		if (!W_ERROR_IS_OK(result)) {
+			/* if the lookup wasn't successful, send client query back */
+			value_type = *r->in.type;
+			value_data.data = r->in.data;
+			value_data.length = *r->in.data_length;
+		} else {
+			if ((r->in.data != NULL)
+			    && (*r->in.data_size < value_data.length)) {
+				result = WERR_MORE_DATA;
+			}
+		}
+
+		r->out.type = talloc(mem_ctx, enum winreg_Type);
+		if (!r->out.type) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+		*r->out.type = (enum winreg_Type) value_type;
+		r->out.data_length = talloc(mem_ctx, uint32_t);
+		if (!r->out.data_length) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+		*r->out.data_length = value_data.length;
+		r->out.data_size = talloc(mem_ctx, uint32_t);
+		if (!r->out.data_size) {
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+		*r->out.data_size = value_data.length;
+		r->out.data = value_data.data;
+
+		return result;
+	default:
+		return WERR_ACCESS_DENIED;
+	}
+}
+
+
+/*
+  winreg_ReplaceKey
+*/
+static WERROR dcesrv_winreg_ReplaceKey(struct dcesrv_call_state *dce_call,
+				       TALLOC_CTX *mem_ctx,
+				       struct winreg_ReplaceKey *r)
+{
+	return WERR_NOT_SUPPORTED;
+}
+
+
+/*
+  winreg_RestoreKey
+*/
+static WERROR dcesrv_winreg_RestoreKey(struct dcesrv_call_state *dce_call,
+				       TALLOC_CTX *mem_ctx,
+				       struct winreg_RestoreKey *r)
+{
+	return WERR_NOT_SUPPORTED;
+}
+
+
+/*
+  winreg_SaveKey
+*/
+static WERROR dcesrv_winreg_SaveKey(struct dcesrv_call_state *dce_call,
+				    TALLOC_CTX *mem_ctx,
+				    struct winreg_SaveKey *r)
+{
+	return WERR_NOT_SUPPORTED;
+}
+
+
+/*
+  winreg_SetKeySecurity
+*/
+static WERROR dcesrv_winreg_SetKeySecurity(struct dcesrv_call_state *dce_call,
+					   TALLOC_CTX *mem_ctx,
+					   struct winreg_SetKeySecurity *r)
+{
+	return WERR_NOT_SUPPORTED;
+}
+
+
+/*
+  winreg_SetValue
+*/
+static WERROR dcesrv_winreg_SetValue(struct dcesrv_call_state *dce_call,
+				     TALLOC_CTX *mem_ctx,
+				     struct winreg_SetValue *r)
+{
+	struct auth_session_info *session_info =
+		dcesrv_call_session_info(dce_call);
+	struct dcesrv_handle *h;
+	struct registry_key *key;
+	DATA_BLOB data;
+	WERROR result;
+
+	DCESRV_PULL_HANDLE_FAULT(h, r->in.handle, HTYPE_REGKEY);
+	key = h->data;
+
+	switch (security_session_user_level(session_info, NULL))
+	{
+	case SECURITY_SYSTEM:
+	case SECURITY_ADMINISTRATOR:
+		data.data = r->in.data;
+		data.length = r->in.size;
+		result = reg_val_set(key, r->in.name.name, r->in.type, data);
+		return result;
+	default:
+		return WERR_ACCESS_DENIED;
+	}
+}
+
+
+/*
+  winreg_UnLoadKey
+*/
+static WERROR dcesrv_winreg_UnLoadKey(struct dcesrv_call_state *dce_call,
+				      TALLOC_CTX *mem_ctx,
+				      struct winreg_UnLoadKey *r)
+{
+	return WERR_NOT_SUPPORTED;
+}
+
+
+/*
+  winreg_InitiateSystemShutdown
+*/
+static WERROR dcesrv_winreg_InitiateSystemShutdown(struct dcesrv_call_state *dce_call,
+						   TALLOC_CTX *mem_ctx,
+						   struct winreg_InitiateSystemShutdown *r)
+{
+	return WERR_NOT_SUPPORTED;
+}
+
+
+/*
+  winreg_AbortSystemShutdown
+*/
+static WERROR dcesrv_winreg_AbortSystemShutdown(struct dcesrv_call_state *dce_call,
+						TALLOC_CTX *mem_ctx,
+						struct winreg_AbortSystemShutdown *r)
+{
+	return WERR_NOT_SUPPORTED;
+}
+
+
+/*
+  winreg_GetVersion
+*/
+static WERROR dcesrv_winreg_GetVersion(struct dcesrv_call_state *dce_call,
+				       TALLOC_CTX *mem_ctx,
+				       struct winreg_GetVersion *r)
+{
+	struct dcesrv_handle *h;
+
+	DCESRV_PULL_HANDLE_FAULT(h, r->in.handle, HTYPE_REGKEY);
+
+	r->out.version = talloc(mem_ctx, uint32_t);
+	W_ERROR_HAVE_NO_MEMORY(r->out.version);
+
+	*r->out.version = 5;
+
+	return WERR_OK;
+}
+
+
+/*
+  winreg_QueryMultipleValues
+*/
+static WERROR dcesrv_winreg_QueryMultipleValues(struct dcesrv_call_state *dce_call,
+						TALLOC_CTX *mem_ctx,
+						struct winreg_QueryMultipleValues *r)
+{
+	return WERR_NOT_SUPPORTED;
+}
+
+
+/*
+  winreg_InitiateSystemShutdownEx
+*/
+static WERROR dcesrv_winreg_InitiateSystemShutdownEx(struct dcesrv_call_state *dce_call,
+						     TALLOC_CTX *mem_ctx,
+						     struct winreg_InitiateSystemShutdownEx *r)
+{
+	return WERR_NOT_SUPPORTED;
+}
+
+
+/*
+  winreg_SaveKeyEx
+*/
+static WERROR dcesrv_winreg_SaveKeyEx(struct dcesrv_call_state *dce_call,
+				      TALLOC_CTX *mem_ctx,
+				      struct winreg_SaveKeyEx *r)
+{
+	return WERR_NOT_SUPPORTED;
+}
+
+
+/*
+  winreg_QueryMultipleValues2
+*/
+static WERROR dcesrv_winreg_QueryMultipleValues2(struct dcesrv_call_state *dce_call,
+						 TALLOC_CTX *mem_ctx,
+						 struct winreg_QueryMultipleValues2 *r)
+{
+	return WERR_NOT_SUPPORTED;
+}
+
+/*
+  winreg_DeleteKeyEx
+*/
+static WERROR dcesrv_winreg_DeleteKeyEx(struct dcesrv_call_state *dce_call,
+					TALLOC_CTX *mem_ctx,
+					struct winreg_DeleteKeyEx *r)
+{
+	return WERR_NOT_SUPPORTED;
+}
+
+/* include the generated boilerplate */
+#include "librpc/gen_ndr/ndr_winreg_s.c"
diff --git a/source4/rpc_server/wkssvc/dcesrv_wkssvc.c b/source4/rpc_server/wkssvc/dcesrv_wkssvc.c
new file mode 100644
index 0000000..f638471
--- /dev/null
+++ b/source4/rpc_server/wkssvc/dcesrv_wkssvc.c
@@ -0,0 +1,403 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   endpoint server for the wkssvc pipe
+
+   Copyright (C) Stefan (metze) Metzmacher 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "rpc_server/dcerpc_server.h"
+#include "librpc/gen_ndr/ndr_wkssvc.h"
+#include "librpc/gen_ndr/ndr_srvsvc.h"
+#include "rpc_server/common/common.h"
+#include "param/param.h"
+
+/*
+  wkssvc_NetWkstaGetInfo
+*/
+static WERROR dcesrv_wkssvc_NetWkstaGetInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct wkssvc_NetWkstaGetInfo *r)
+{
+	struct dcesrv_context *dce_ctx = dce_call->conn->dce_ctx;
+	struct dcerpc_server_info *server_info = lpcfg_dcerpc_server_info(mem_ctx, dce_ctx->lp_ctx);
+
+	/* NOTE: win2k3 ignores r->in.server_name completely so we do --metze */
+
+	switch(r->in.level) {
+	case 100:
+	{
+		struct wkssvc_NetWkstaInfo100 *info100;
+
+		info100 = talloc(mem_ctx, struct wkssvc_NetWkstaInfo100);
+		W_ERROR_HAVE_NO_MEMORY(info100);
+
+		info100->platform_id	= dcesrv_common_get_platform_id(mem_ctx, dce_ctx);
+		info100->server_name	= dcesrv_common_get_server_name(mem_ctx, dce_ctx, NULL);
+		W_ERROR_HAVE_NO_MEMORY(info100->server_name);
+		info100->domain_name	= server_info->domain_name;
+		info100->version_major	= server_info->version_major;
+		info100->version_minor	= server_info->version_minor;
+
+		r->out.info->info100 = info100;
+		return WERR_OK;
+	}
+	case 101:
+	{
+		struct wkssvc_NetWkstaInfo101 *info101;
+
+		info101 = talloc(mem_ctx, struct wkssvc_NetWkstaInfo101);
+		W_ERROR_HAVE_NO_MEMORY(info101);
+
+		info101->platform_id	= dcesrv_common_get_platform_id(mem_ctx, dce_ctx);
+		info101->server_name	= dcesrv_common_get_server_name(mem_ctx, dce_ctx, NULL);
+		W_ERROR_HAVE_NO_MEMORY(info101->server_name);
+		info101->domain_name	= server_info->domain_name;
+		info101->version_major	= server_info->version_major;
+		info101->version_minor	= server_info->version_minor;
+		info101->lan_root	= dcesrv_common_get_lan_root(mem_ctx, dce_ctx);
+
+		r->out.info->info101 = info101;
+		return WERR_OK;
+	}
+	case 102:
+	{
+		return WERR_ACCESS_DENIED;
+	}
+	case 502:
+	{
+		return WERR_ACCESS_DENIED;
+	}
+	default:
+		return WERR_INVALID_LEVEL;
+	}
+}
+
+
+/*
+  wkssvc_NetWkstaSetInfo
+*/
+static WERROR dcesrv_wkssvc_NetWkstaSetInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct wkssvc_NetWkstaSetInfo *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  wkssvc_NetWkstaEnumUsers
+*/
+static WERROR dcesrv_wkssvc_NetWkstaEnumUsers(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				       struct wkssvc_NetWkstaEnumUsers *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  wkssvc_NetrWkstaUserGetInfo
+*/
+static WERROR dcesrv_wkssvc_NetrWkstaUserGetInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct wkssvc_NetrWkstaUserGetInfo *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  wkssvc_NetrWkstaUserSetInfo
+*/
+static WERROR dcesrv_wkssvc_NetrWkstaUserSetInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct wkssvc_NetrWkstaUserSetInfo *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  wkssvc_NetWkstaTransportEnum
+*/
+static WERROR dcesrv_wkssvc_NetWkstaTransportEnum(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct wkssvc_NetWkstaTransportEnum *r)
+{
+	switch (r->in.info->level) {
+	case 0:
+		r->out.info->ctr.ctr0 = talloc(mem_ctx, struct wkssvc_NetWkstaTransportCtr0);
+		W_ERROR_HAVE_NO_MEMORY(r->out.info->ctr.ctr0);
+
+		r->out.info->ctr.ctr0->count = 0;
+		r->out.info->ctr.ctr0->array = NULL;
+
+		return WERR_NOT_SUPPORTED;
+
+	default:
+		return WERR_INVALID_LEVEL;
+	}
+}
+
+
+/*
+  wkssvc_NetrWkstaTransportAdd
+*/
+static WERROR dcesrv_wkssvc_NetrWkstaTransportAdd(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct wkssvc_NetrWkstaTransportAdd *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  wkssvc_NetrWkstaTransportDel
+*/
+static WERROR dcesrv_wkssvc_NetrWkstaTransportDel(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct wkssvc_NetrWkstaTransportDel *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  wkssvc_NetrUseAdd
+*/
+static WERROR dcesrv_wkssvc_NetrUseAdd(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct wkssvc_NetrUseAdd *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  wkssvc_NetrUseGetInfo
+*/
+static WERROR dcesrv_wkssvc_NetrUseGetInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct wkssvc_NetrUseGetInfo *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  wkssvc_NetrUseDel
+*/
+static WERROR dcesrv_wkssvc_NetrUseDel(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct wkssvc_NetrUseDel *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  wkssvc_NetrUseEnum
+*/
+static WERROR dcesrv_wkssvc_NetrUseEnum(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct wkssvc_NetrUseEnum *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  wkssvc_NetrMessageBufferSend
+*/
+static WERROR dcesrv_wkssvc_NetrMessageBufferSend(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct wkssvc_NetrMessageBufferSend *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  wkssvc_NetrWorkstationStatisticsGet
+*/
+static WERROR dcesrv_wkssvc_NetrWorkstationStatisticsGet(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct wkssvc_NetrWorkstationStatisticsGet *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  wkssvc_NetrLogonDomainNameAdd
+*/
+static WERROR dcesrv_wkssvc_NetrLogonDomainNameAdd(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct wkssvc_NetrLogonDomainNameAdd *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  wkssvc_NetrLogonDomainNameDel
+*/
+static WERROR dcesrv_wkssvc_NetrLogonDomainNameDel(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct wkssvc_NetrLogonDomainNameDel *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  wkssvc_NetrJoinDomain
+*/
+static WERROR dcesrv_wkssvc_NetrJoinDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct wkssvc_NetrJoinDomain *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  wkssvc_NetrUnjoinDomain
+*/
+static WERROR dcesrv_wkssvc_NetrUnjoinDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct wkssvc_NetrUnjoinDomain *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  wkssvc_NetrRenameMachineInDomain
+*/
+static WERROR dcesrv_wkssvc_NetrRenameMachineInDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct wkssvc_NetrRenameMachineInDomain *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  wkssvc_NetrValidateName
+*/
+static WERROR dcesrv_wkssvc_NetrValidateName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct wkssvc_NetrValidateName *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  wkssvc_NetrGetJoinInformation
+*/
+static WERROR dcesrv_wkssvc_NetrGetJoinInformation(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct wkssvc_NetrGetJoinInformation *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  wkssvc_NetrGetJoinableOus
+*/
+static WERROR dcesrv_wkssvc_NetrGetJoinableOus(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct wkssvc_NetrGetJoinableOus *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  WKSSVC_NETRJOINDOMAIN2
+*/
+static WERROR dcesrv_wkssvc_NetrJoinDomain2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct wkssvc_NetrJoinDomain2 *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  WKSSVC_NETRUNJOINDOMAIN2
+*/
+static WERROR dcesrv_wkssvc_NetrUnjoinDomain2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct wkssvc_NetrUnjoinDomain2 *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  wkssvc_NetrRenameMachineInDomain2
+*/
+static WERROR dcesrv_wkssvc_NetrRenameMachineInDomain2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct wkssvc_NetrRenameMachineInDomain2 *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  wkssvc_NetrValidateName2
+*/
+static WERROR dcesrv_wkssvc_NetrValidateName2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct wkssvc_NetrValidateName2 *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  wkssvc_NetrGetJoinableOus2
+*/
+static WERROR dcesrv_wkssvc_NetrGetJoinableOus2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct wkssvc_NetrGetJoinableOus2 *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  wkssvc_NetrAddAlternateComputername
+*/
+static WERROR dcesrv_wkssvc_NetrAddAlternateComputerName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct wkssvc_NetrAddAlternateComputerName *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  wkssvc_NetrRemoveAlternateComputername
+*/
+static WERROR dcesrv_wkssvc_NetrRemoveAlternateComputerName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct wkssvc_NetrRemoveAlternateComputerName *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  wkssvc_NetrSetPrimaryComputername
+*/
+static WERROR dcesrv_wkssvc_NetrSetPrimaryComputername(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct wkssvc_NetrSetPrimaryComputername *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/*
+  wkssvc_NetrEnumerateComputerNames
+*/
+static WERROR dcesrv_wkssvc_NetrEnumerateComputerNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+		       struct wkssvc_NetrEnumerateComputerNames *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+
+/* include the generated boilerplate */
+#include "librpc/gen_ndr/ndr_wkssvc_s.c"
diff --git a/source4/rpc_server/wscript_build b/source4/rpc_server/wscript_build
new file mode 100644
index 0000000..31ec4f6
--- /dev/null
+++ b/source4/rpc_server/wscript_build
@@ -0,0 +1,221 @@
+#!/usr/bin/env python
+
+bld.SAMBA_SUBSYSTEM('DCERPC_SHARE',
+                    source='common/share_info.c',
+                    autoproto='common/share.h',
+                    deps='ldb share',
+                    enabled=bld.CONFIG_SET('WITH_NTVFS_FILESERVER'),
+                    )
+
+bld.SAMBA_SUBSYSTEM('DCERPC_COMMON',
+                    source='''
+                           common/server_info.c
+                           common/forward.c
+                           common/loadparm.c
+                           ''',
+                    autoproto='common/proto.h',
+                    deps='ldb DCERPC_SHARE',
+                    enabled=bld.AD_DC_BUILD_IS_ENABLED()
+                    )
+
+bld.SAMBA_LIBRARY('dcerpc_server',
+                  source='dcerpc_server.c',
+                  pc_files='dcerpc_server.pc',
+                  deps='LIBCLI_AUTH ndr samba_server_gensec service auth',
+                  public_deps='dcerpc dcerpc-server-core',
+                  autoproto='dcerpc_server_proto.h',
+                  public_headers='dcerpc_server.h',
+                  vnum='0.0.1',
+                  enabled=bld.AD_DC_BUILD_IS_ENABLED()
+                  )
+
+bld.SAMBA_MODULE('dcerpc_rpcecho',
+                 source='echo/rpc_echo.c',
+                 subsystem='dcerpc_server',
+                 init_function='dcerpc_server_rpcecho_init',
+                 deps='ndr-standard events',
+                 enabled=bld.CONFIG_GET('ENABLE_SELFTEST')
+                 )
+
+
+bld.SAMBA_MODULE('dcerpc_epmapper',
+                 source='epmapper/rpc_epmapper.c',
+                 subsystem='dcerpc_server',
+                 init_function='dcerpc_server_epmapper_init',
+                 deps='NDR_EPMAPPER'
+                 )
+
+
+bld.SAMBA_MODULE('dcerpc_remote',
+                 source='remote/dcesrv_remote.c',
+                 subsystem='dcerpc_server',
+                 init_function='dcerpc_server_remote_init',
+                 deps='LIBCLI_SMB ndr-table'
+                 )
+
+
+bld.SAMBA_MODULE('dcerpc_srvsvc',
+                 source='srvsvc/dcesrv_srvsvc.c srvsvc/srvsvc_ntvfs.c',
+                 autoproto='srvsvc/proto.h',
+                 subsystem='dcerpc_server',
+                 init_function='dcerpc_server_srvsvc_init',
+                 deps='DCERPC_COMMON NDR_SRVSVC share ntvfs',
+                 enabled=bld.CONFIG_SET('WITH_NTVFS_FILESERVER')
+                 )
+
+
+bld.SAMBA_MODULE('dcerpc_wkssvc',
+                 source='wkssvc/dcesrv_wkssvc.c',
+                 subsystem='dcerpc_server',
+                 init_function='dcerpc_server_wkssvc_init',
+                 deps='DCERPC_COMMON ndr-standard'
+                 )
+
+
+bld.SAMBA_MODULE('dcerpc_unixinfo',
+                 source='unixinfo/dcesrv_unixinfo.c',
+                 subsystem='dcerpc_server',
+                 init_function='dcerpc_server_unixinfo_init',
+                 deps='DCERPC_COMMON samdb NDR_UNIXINFO LIBWBCLIENT_OLD'
+                 )
+
+
+bld.SAMBA_MODULE('dcesrv_samr',
+                 source='samr/dcesrv_samr.c samr/samr_password.c',
+                 autoproto='samr/proto.h',
+                 subsystem='dcerpc_server',
+                 init_function='dcerpc_server_samr_init',
+                 deps='''
+                      samdb
+                      DCERPC_COMMON
+                      ndr-standard
+                      auth4_sam
+                      GNUTLS_HELPERS
+                      DCERPC_HELPER
+                      '''
+                 )
+
+
+bld.SAMBA_MODULE('dcerpc_winreg',
+                 source='winreg/rpc_winreg.c',
+                 subsystem='dcerpc_server',
+                 init_function='dcerpc_server_winreg_init',
+                 deps='registry ndr-standard',
+                 internal_module=True,
+                 enabled=bld.CONFIG_SET('WITH_NTVFS_FILESERVER')
+                 )
+
+
+bld.SAMBA_MODULE('dcerpc_netlogon',
+                 source='netlogon/dcerpc_netlogon.c',
+                 subsystem='dcerpc_server',
+                 init_function='dcerpc_server_netlogon_init',
+                 deps='''
+                      DCERPC_COMMON
+                      RPC_NDR_IRPC
+                      COMMON_SCHANNEL
+                      ndr-standard
+                      auth4_sam
+                      samba-hostconfig
+                      DSDB_MODULE_HELPERS
+                      util_str_escape
+                      DCERPC_SERVER_NETLOGON
+                      '''
+                 )
+
+bld.SAMBA_MODULE('dcerpc_lsarpc',
+                 source='lsa/dcesrv_lsa.c lsa/lsa_init.c lsa/lsa_lookup.c',
+                 autoproto='lsa/proto.h',
+                 subsystem='dcerpc_server',
+                 init_function='dcerpc_server_lsa_init',
+                 deps='''
+                      samdb
+                      DCERPC_COMMON
+                      ndr-standard
+                      LIBCLI_AUTH
+                      NDR_DSSETUP
+                      com_err
+                      samba-security
+                      UTIL_LSARPC
+                      '''
+                 )
+
+
+bld.SAMBA_MODULE('dcerpc_backupkey',
+                 source='backupkey/dcesrv_backupkey.c ',
+                 autoproto='backupkey/proto.h',
+                 subsystem='dcerpc_server',
+                 init_function='dcerpc_server_backupkey_init',
+                 deps='''
+                      samdb
+                      DCERPC_COMMON
+                      NDR_BACKUPKEY
+                      RPC_NDR_BACKUPKEY
+                      gnutls
+                      GNUTLS_HELPERS
+                      ''',
+                 )
+
+
+bld.SAMBA_MODULE('dcerpc_drsuapi',
+                 source='''
+                        drsuapi/dcesrv_drsuapi.c
+                        drsuapi/updaterefs.c
+                        drsuapi/getncchanges.c
+                        drsuapi/addentry.c
+                        drsuapi/writespn.c
+                        drsuapi/drsutil.c
+                        ''',
+                 subsystem='dcerpc_server',
+                 init_function='dcerpc_server_drsuapi_init',
+                 deps='samdb DCERPC_COMMON NDR_DRSUAPI samba-security'
+                 )
+
+
+bld.SAMBA_MODULE('dcerpc_browser',
+                 source='browser/dcesrv_browser.c',
+                 subsystem='dcerpc_server',
+                 init_function='dcerpc_server_browser_init',
+                 deps='DCERPC_COMMON NDR_BROWSER'
+                 )
+
+bld.SAMBA_MODULE('dcerpc_eventlog',
+                 source='eventlog/dcesrv_eventlog6.c',
+                 subsystem='dcerpc_server',
+                 init_function='dcerpc_server_eventlog6_init',
+                 deps='DCERPC_COMMON'
+                 )
+
+bld.SAMBA_MODULE('dcerpc_dnsserver',
+                 source='''
+                        dnsserver/dcerpc_dnsserver.c
+                        dnsserver/dnsutils.c
+                        dnsserver/dnsdata.c
+                        dnsserver/dnsdb.c
+                        ''',
+                 subsystem='dcerpc_server',
+                 init_function='dcerpc_server_dnsserver_init',
+                 deps='DCERPC_COMMON dnsserver_common netif'
+                 )
+
+
+bld.SAMBA_MODULE('service_dcerpc',
+                 source='service_rpc.c',
+                 autoproto='service_rpc.h',
+                 subsystem='service',
+                 init_function='server_service_rpc_init',
+                 internal_module=False,
+                 deps='dcerpc_server'
+                 )
+
+bld.SAMBA_BINARY('test_rpc_dns_server_dnsutils',
+                 source='tests/rpc_dns_server_dnsutils_test.c',
+                 deps='''
+                      dnsserver_common
+                      dcerpc_server
+                      cmocka
+                      talloc
+                      ''',
+                 for_selftest=True,
+                 enabled=bld.AD_DC_BUILD_IS_ENABLED()
+                 )
diff --git a/source4/samba/process_model.c b/source4/samba/process_model.c
new file mode 100644
index 0000000..754da79
--- /dev/null
+++ b/source4/samba/process_model.c
@@ -0,0 +1,137 @@
+/* 
+   Unix SMB/CIFS implementation.
+   process model manager - main loop
+   Copyright (C) Andrew Tridgell 1992-2003
+   Copyright (C) James J Myers 2003 <myersjj@samba.org>
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "samba/process_model.h"
+#include "param/param.h"
+#include "lib/util/samba_modules.h"
+
+/* the list of currently registered process models */
+static struct process_model {
+	const struct model_ops *ops;
+	bool initialised;
+} *models = NULL;
+static int num_models;
+
+
+/*
+  return the operations structure for a named backend of the specified type
+*/
+static struct process_model *process_model_byname(const char *name)
+{
+	int i;
+
+	for (i=0;i<num_models;i++) {
+		if (strcmp(models[i].ops->name, name) == 0) {
+			return &models[i];
+		}
+	}
+
+	return NULL;
+}
+
+
+/*
+  setup the events for the chosen process model
+*/
+_PUBLIC_ const struct model_ops *process_model_startup(const char *model)
+{
+	struct process_model *m;
+
+	m = process_model_byname(model);
+	if (m == NULL) {
+		DBG_ERR("Unknown process model '%s'\n", model);
+		exit(-1);
+	}
+
+	if (!m->initialised) {
+		m->initialised = true;
+		m->ops->model_init();
+	}
+
+	return m->ops;
+}
+
+/*
+  register a process model. 
+
+  The 'name' can be later used by other backends to find the operations
+  structure for this backend.  
+*/
+_PUBLIC_ NTSTATUS register_process_model(const struct model_ops *ops)
+{
+	if (process_model_byname(ops->name) != NULL) {
+		/* its already registered! */
+		DBG_ERR("PROCESS_MODEL '%s' already registered\n", ops->name);
+		return NT_STATUS_OBJECT_NAME_COLLISION;
+	}
+
+	models = talloc_realloc(NULL, models, struct process_model, num_models+1);
+	if (!models) {
+		smb_panic("out of memory in register_process_model");
+	}
+
+	models[num_models].ops = ops;
+	models[num_models].initialised = false;
+
+	num_models++;
+
+	DBG_NOTICE("PROCESS_MODEL '%s' registered\n", ops->name);
+
+	return NT_STATUS_OK;
+}
+
+_PUBLIC_ NTSTATUS process_model_init(struct loadparm_context *lp_ctx)
+{
+#define _MODULE_PROTO(init) extern NTSTATUS init(TALLOC_CTX *);
+	STATIC_process_model_MODULES_PROTO;
+	init_module_fn static_init[] = { STATIC_process_model_MODULES };
+	init_module_fn *shared_init;
+	static bool initialised;
+
+	if (initialised) {
+		return NT_STATUS_OK;
+	}
+	initialised = true;
+
+	shared_init = load_samba_modules(NULL, "process_model");
+	
+	run_init_functions(NULL, static_init);
+	run_init_functions(NULL, shared_init);
+
+	talloc_free(shared_init);
+
+	return NT_STATUS_OK;
+}
+
+/*
+  return the PROCESS_MODEL module version, and the size of some critical types
+  This can be used by process model modules to either detect compilation errors, or provide
+  multiple implementations for different smbd compilation options in one module
+*/
+const struct process_model_critical_sizes *process_model_version(void)
+{
+	static const struct process_model_critical_sizes critical_sizes = {
+		PROCESS_MODEL_VERSION,
+		sizeof(struct model_ops)
+	};
+
+	return &critical_sizes;
+}
diff --git a/source4/samba/process_model.h b/source4/samba/process_model.h
new file mode 100644
index 0000000..446e0f1
--- /dev/null
+++ b/source4/samba/process_model.h
@@ -0,0 +1,96 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   process model manager - structures
+
+   Copyright (C) Andrew Tridgell 1992-2005
+   Copyright (C) James J Myers 2003 <myersjj@samba.org>
+   Copyright (C) Stefan (metze) Metzmacher 2004-2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __PROCESS_MODEL_H__
+#define __PROCESS_MODEL_H__
+
+#include "lib/socket/socket.h"
+#include "samba/service.h"
+#include "samba/process_model_proto.h"
+
+/* modules can use the following to determine if the interface has changed
+ * please increment the version number after each interface change
+ * with a comment and maybe update struct process_model_critical_sizes.
+ */
+/* version 1 - initial version - metze */
+#define PROCESS_MODEL_VERSION 1
+
+/* the process model operations structure - contains function pointers to 
+   the model-specific implementations of each operation */
+struct model_ops {
+	/* the name of the process_model */
+	const char *name;
+
+	/* called at startup when the model is selected */
+	void (*model_init)(void);
+
+	/* function to accept new connection */
+	void (*accept_connection)(struct tevent_context *, 
+				  struct loadparm_context *,
+				  struct socket_context *, 
+				  void (*)(struct tevent_context *, 
+					   struct loadparm_context *,
+					   struct socket_context *, 
+					   struct server_id , void *, void *),
+				  void *, void *);
+
+	/* function to create a task */
+	void (*new_task)(struct tevent_context *, 
+			 struct loadparm_context *lp_ctx,
+			 const char *service_name,
+			 struct task_server * (*)(struct tevent_context *,
+				  struct loadparm_context *, struct server_id, 
+				  void *, void *),
+			 void *,
+			 const struct service_details*,
+			 const int);
+
+	/* function to terminate a task */
+	void (*terminate_task)(struct tevent_context *,
+			       struct loadparm_context *lp_ctx,
+			       const char *reason,
+			       bool fatal,
+			       void *process_context);
+	/* function to terminate a connection */
+	void (*terminate_connection)(struct tevent_context *,
+				     struct loadparm_context *lp_ctx,
+				     const char *reason,
+				     void *process_context);
+
+	/* function to set a title for the connection or task */
+	void (*set_title)(struct tevent_context *, const char *title);
+};
+
+/* this structure is used by modules to determine the size of some critical types */
+struct process_model_critical_sizes {
+	int interface_version;
+	int sizeof_model_ops;
+};
+
+extern const struct model_ops single_ops;
+
+const struct model_ops *process_model_startup(const char *model);
+NTSTATUS register_process_model(const struct model_ops *ops);
+NTSTATUS process_model_init(struct loadparm_context *lp_ctx);
+
+#endif /* __PROCESS_MODEL_H__ */
diff --git a/source4/samba/process_prefork.c b/source4/samba/process_prefork.c
new file mode 100644
index 0000000..92e145d
--- /dev/null
+++ b/source4/samba/process_prefork.c
@@ -0,0 +1,919 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   process model: prefork (n client connections per process)
+
+   Copyright (C) Andrew Tridgell 1992-2005
+   Copyright (C) James J Myers 2003 <myersjj@samba.org>
+   Copyright (C) Stefan (metze) Metzmacher 2004
+   Copyright (C) Andrew Bartlett 2008 <abartlet@samba.org>
+   Copyright (C) David Disseldorp 2008 <ddiss@sgi.com>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+ * The pre-fork process model distributes the server workload amongst several
+ * designated worker threads (e.g. 'prefork-worker-ldap-0',
+ * 'prefork-worker-ldap-1', etc). The number of worker threads is controlled
+ * by the 'prefork children' conf setting. The worker threads are controlled
+ * by a prefork master process (e.g. 'prefork-master-ldap'). The prefork master
+ * doesn't handle the server workload (i.e. processing messages) itself, but is
+ * responsible for restarting workers if they exit unexpectedly. The top-level
+ * samba process is responsible for restarting the master process if it exits.
+ */
+#include "includes.h"
+#include <unistd.h>
+
+#include "lib/events/events.h"
+#include "lib/messaging/messaging.h"
+#include "lib/socket/socket.h"
+#include "samba/process_model.h"
+#include "cluster/cluster.h"
+#include "param/param.h"
+#include "ldb_wrap.h"
+#include "lib/util/tfork.h"
+#include "lib/messaging/irpc.h"
+#include "lib/util/util_process.h"
+#include "server_util.h"
+
+#define min(a, b) (((a) < (b)) ? (a) : (b))
+
+NTSTATUS process_model_prefork_init(void);
+static void prefork_new_task(
+    struct tevent_context *ev,
+    struct loadparm_context *lp_ctx,
+    const char *service_name,
+    struct task_server *(*new_task_fn)(struct tevent_context *,
+				       struct loadparm_context *lp_ctx,
+				       struct server_id,
+				       void *,
+				       void *),
+    void *private_data,
+    const struct service_details *service_details,
+    int from_parent_fd);
+static void prefork_fork_worker(struct task_server *task,
+				struct tevent_context *ev,
+				struct tevent_context *ev2,
+				struct loadparm_context *lp_ctx,
+				const struct service_details *service_details,
+				const char *service_name,
+				int control_pipe[2],
+				unsigned restart_delay,
+				struct process_details *pd);
+static void prefork_child_pipe_handler(struct tevent_context *ev,
+				       struct tevent_fd *fde,
+				       uint16_t flags,
+				       void *private_data);
+static void setup_handlers(struct tevent_context *ev,
+			   struct loadparm_context *lp_ctx,
+                           int from_parent_fd);
+
+/*
+ * State needed to restart the master process or a worker process if they
+ * terminate early.
+ */
+struct master_restart_context {
+	struct task_server *(*new_task_fn)(struct tevent_context *,
+					   struct loadparm_context *lp_ctx,
+					   struct server_id,
+					   void *,
+					   void *);
+	void *private_data;
+};
+
+struct worker_restart_context {
+	unsigned int instance;
+	struct task_server *task;
+	struct tevent_context *ev2;
+	int control_pipe[2];
+};
+
+struct restart_context {
+	struct loadparm_context *lp_ctx;
+	struct tfork *t;
+	int from_parent_fd;
+	const struct service_details *service_details;
+	const char *service_name;
+	unsigned restart_delay;
+	struct master_restart_context *master;
+	struct worker_restart_context *worker;
+};
+
+static void sighup_signal_handler(struct tevent_context *ev,
+				struct tevent_signal *se,
+				int signum, int count, void *siginfo,
+				void *private_data)
+{
+	reopen_logs_internal();
+}
+
+static void sigterm_signal_handler(struct tevent_context *ev,
+				struct tevent_signal *se,
+				int signum, int count, void *siginfo,
+				void *private_data)
+{
+#ifdef HAVE_GETPGRP
+	if (getpgrp() == getpid()) {
+		/*
+		 * We're the process group leader, send
+		 * SIGTERM to our process group.
+		 */
+		DBG_NOTICE("SIGTERM: killing children\n");
+		kill(-getpgrp(), SIGTERM);
+	}
+#endif
+	DBG_NOTICE("Exiting pid %d on SIGTERM\n", getpid());
+	TALLOC_FREE(ev);
+	exit(127);
+}
+
+/*
+  called when the process model is selected
+*/
+static void prefork_model_init(void)
+{
+}
+
+static void prefork_reload_after_fork(void)
+{
+	NTSTATUS status;
+
+	ldb_wrap_fork_hook();
+	/* Must be done after a fork() to reset messaging contexts. */
+	status = imessaging_reinit_all();
+	if (!NT_STATUS_IS_OK(status)) {
+		smb_panic("Failed to re-initialise imessaging after fork");
+	}
+	force_check_log_size();
+}
+
+/*
+ * clean up any messaging associated with the old process.
+ *
+ */
+static void irpc_cleanup(
+	struct loadparm_context *lp_ctx,
+	struct tevent_context *ev,
+	pid_t pid)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(NULL);
+	struct imessaging_context *msg_ctx = NULL;
+	NTSTATUS status = NT_STATUS_OK;
+
+	if (mem_ctx == NULL) {
+		DBG_ERR("OOM cleaning up irpc\n");
+		return;
+	}
+	msg_ctx = imessaging_client_init(mem_ctx, lp_ctx, ev);
+	if (msg_ctx == NULL) {
+		DBG_ERR("Unable to create imessaging_context\n");
+		TALLOC_FREE(mem_ctx);
+		return;
+	}
+	status = imessaging_process_cleanup(msg_ctx, pid);
+	if (!NT_STATUS_IS_OK(status)) {
+		DBG_ERR("imessaging_process_cleanup returned (%s)\n",
+			nt_errstr(status));
+		TALLOC_FREE(mem_ctx);
+		return;
+	}
+
+	TALLOC_FREE(mem_ctx);
+}
+
+/*
+ * handle EOF on the parent-to-all-children pipe in the child, i.e.
+ * the parent has died and its end of the pipe has been closed.
+ * The child handles this by exiting as well.
+ */
+static void prefork_pipe_handler(struct tevent_context *event_ctx,
+		                 struct tevent_fd *fde, uint16_t flags,
+				 void *private_data)
+{
+	struct loadparm_context *lp_ctx = NULL;
+	pid_t pid;
+
+	/*
+	 * free the fde which removes the event and stops it firing again
+	 */
+	TALLOC_FREE(fde);
+
+	/*
+	 * Clean up any irpc end points this process had.
+	 */
+	pid = getpid();
+	lp_ctx = talloc_get_type_abort(private_data, struct loadparm_context);
+	irpc_cleanup(lp_ctx, event_ctx, pid);
+
+	DBG_NOTICE("Child %d exiting\n", getpid());
+	TALLOC_FREE(event_ctx);
+	exit(0);
+}
+
+
+/*
+ * Called by the top-level samba process to create a new prefork master process
+ */
+static void prefork_fork_master(
+    struct tevent_context *ev,
+    struct loadparm_context *lp_ctx,
+    const char *service_name,
+    struct task_server *(*new_task_fn)(struct tevent_context *,
+				       struct loadparm_context *lp_ctx,
+				       struct server_id,
+				       void *,
+				       void *),
+    void *private_data,
+    const struct service_details *service_details,
+    unsigned restart_delay,
+    int from_parent_fd)
+{
+	pid_t pid;
+	struct tfork* t = NULL;
+	int i, num_children;
+
+	struct tevent_context *ev2;
+	struct task_server *task = NULL;
+	struct process_details pd = initial_process_details;
+	struct samba_tevent_trace_state *samba_tevent_trace_state = NULL;
+	int control_pipe[2];
+
+	t = tfork_create();
+	if (t == NULL) {
+		smb_panic("failure in tfork\n");
+	}
+
+	DBG_NOTICE("Forking [%s] pre-fork master process\n", service_name);
+	pid = tfork_child_pid(t);
+	if (pid != 0) {
+		struct tevent_fd *fde = NULL;
+		int fd = tfork_event_fd(t);
+		struct restart_context *rc = NULL;
+
+		/* Register a pipe handler that gets called when the prefork
+		 * master process terminates.
+		 */
+		rc = talloc_zero(ev, struct restart_context);
+		if (rc == NULL) {
+			smb_panic("OOM allocating restart context\n");
+		}
+		rc->t = t;
+		rc->lp_ctx = lp_ctx;
+		rc->service_name = service_name;
+		rc->service_details = service_details;
+		rc->from_parent_fd = from_parent_fd;
+		rc->restart_delay = restart_delay;
+		rc->master = talloc_zero(rc, struct master_restart_context);
+		if (rc->master == NULL) {
+			smb_panic("OOM allocating master restart context\n");
+		}
+
+		rc->master->new_task_fn = new_task_fn;
+		rc->master->private_data = private_data;
+
+		fde = tevent_add_fd(
+		    ev, ev, fd, TEVENT_FD_READ, prefork_child_pipe_handler, rc);
+		if (fde == NULL) {
+			smb_panic("Failed to add child pipe handler, "
+				  "after fork");
+		}
+		tevent_fd_set_auto_close(fde);
+		return;
+	}
+
+	pid = getpid();
+
+	process_set_title("%s[master]", "task[%s] pre-fork master", service_name);
+
+	/*
+	 * this will free all the listening sockets and all state that
+	 * is not associated with this new connection
+	 */
+	if (tevent_re_initialise(ev) != 0) {
+		smb_panic("Failed to re-initialise tevent after fork");
+	}
+	prefork_reload_after_fork();
+	setup_handlers(ev, lp_ctx, from_parent_fd);
+
+	if (service_details->inhibit_pre_fork) {
+		task = new_task_fn(
+		    ev, lp_ctx, cluster_id(pid, 0), private_data, NULL);
+		/*
+		 * The task does not support pre-fork
+		 */
+		if (task != NULL && service_details->post_fork != NULL) {
+			service_details->post_fork(task, &pd);
+		}
+		if (task != NULL && service_details->before_loop != NULL) {
+			service_details->before_loop(task);
+		}
+		tevent_loop_wait(ev);
+		TALLOC_FREE(ev);
+		exit(0);
+	}
+
+	/*
+	 * This is now the child code. We need a completely new event_context
+	 * to work with
+	 */
+	ev2 = s4_event_context_init(NULL);
+
+	samba_tevent_trace_state = create_samba_tevent_trace_state(ev2);
+	if (samba_tevent_trace_state == NULL) {
+		TALLOC_FREE(ev);
+		TALLOC_FREE(ev2);
+		exit(127);
+	}
+
+	tevent_set_trace_callback(ev2,
+				  samba_tevent_trace_callback,
+				  samba_tevent_trace_state);
+
+	/* setup this new connection: process will bind to it's sockets etc
+	 *
+	 * While we can use ev for the child, which has been re-initialised
+	 * above we must run the new task under ev2 otherwise the children would
+	 * be listening on the sockets.  Also we don't want the top level
+	 * process accepting and handling requests, it's responsible for
+	 * monitoring and controlling the child work processes.
+	 */
+	task = new_task_fn(ev2, lp_ctx, cluster_id(pid, 0), private_data, NULL);
+	if (task == NULL) {
+		TALLOC_FREE(ev);
+		TALLOC_FREE(ev2);
+		exit(127);
+	}
+
+	/*
+	 * Register an irpc name that can be used by the samba-tool processes
+	 * command
+	 */
+	{
+		struct talloc_ctx *ctx = talloc_new(NULL);
+		char *name = NULL;
+		if (ctx == NULL) {
+			DBG_ERR("Out of memory\n");
+			exit(127);
+		}
+		name = talloc_asprintf(ctx, "prefork-master-%s", service_name);
+		irpc_add_name(task->msg_ctx, name);
+		TALLOC_FREE(ctx);
+	}
+
+	{
+		int default_children;
+		default_children = lpcfg_prefork_children(lp_ctx);
+		num_children = lpcfg_parm_int(lp_ctx, NULL, "prefork children",
+			                      service_name, default_children);
+	}
+	if (num_children == 0) {
+		DBG_WARNING("Number of pre-fork children for %s is zero, "
+			    "NO worker processes will be started for %s\n",
+			    service_name, service_name);
+	}
+	DBG_NOTICE("Forking %d %s worker processes\n",
+		   num_children, service_name);
+
+	/*
+	 * the prefork master creates its own control pipe, so the prefork
+	 * workers can detect if the master exits (in which case an EOF gets
+	 * written). (Whereas from_parent_fd is the control pipe from the
+	 * top-level process that the prefork master listens on)
+	 */
+	{
+		int ret;
+		ret = pipe(control_pipe);
+		if (ret != 0) {
+			smb_panic("Unable to create worker control pipe\n");
+		}
+		smb_set_close_on_exec(control_pipe[0]);
+		smb_set_close_on_exec(control_pipe[1]);
+	}
+
+	/*
+	 * Note, we call this before the first
+	 * prefork_fork_worker() in order to have
+	 * a stable order of:
+	 *  task_init(master) -> before_loop(master)
+	 *  -> post_fork(worker) -> before_loop(worker)
+	 *
+	 * Otherwise we would have different behaviors
+	 * between the first prefork_fork_worker() loop
+	 * and restarting of died workers
+	 */
+	if (task != NULL && service_details->before_loop != NULL) {
+		struct task_server *task_copy = NULL;
+
+		/*
+		 * We need to use ev as parent in order to
+		 * keep everything alive during the loop
+		 */
+		task_copy = talloc(ev, struct task_server);
+		if (task_copy == NULL) {
+			TALLOC_FREE(ev);
+			TALLOC_FREE(ev2);
+			exit(127);
+		}
+		*task_copy = *task;
+
+		/*
+		 * In order to allow the before_loop() hook
+		 * to register messages or event handlers,
+		 * we need to fix up task->event_ctx
+		 * and create a new task->msg_ctx
+		 */
+		task_copy->event_ctx = ev;
+		task_copy->msg_ctx = imessaging_init(task_copy,
+						task_copy->lp_ctx,
+						task_copy->server_id,
+						task_copy->event_ctx);
+		if (task_copy->msg_ctx == NULL) {
+			TALLOC_FREE(ev);
+			TALLOC_FREE(ev2);
+			exit(127);
+		}
+		service_details->before_loop(task_copy);
+	}
+
+	/*
+	 * We are now free to spawn some worker processes
+	 */
+	for (i=0; i < num_children; i++) {
+		prefork_fork_worker(task,
+				    ev,
+				    ev2,
+				    lp_ctx,
+				    service_details,
+				    service_name,
+				    control_pipe,
+				    0,
+				    &pd);
+		pd.instances++;
+	}
+
+	/*
+	 * Make sure the messaging context
+	 * used by the workers is no longer
+	 * active on ev2, otherwise we
+	 * would have memory leaks, because
+	 * we queue incoming messages
+	 * and never process them via ev2.
+	 */
+	imessaging_dgm_unref_ev(ev2);
+
+	/* Don't listen on the sockets we just gave to the children */
+	tevent_loop_wait(ev);
+	imessaging_dgm_unref_ev(ev);
+	TALLOC_FREE(ev);
+	/* We need to keep ev2 until we're finished for the messaging to work */
+	TALLOC_FREE(ev2);
+	exit(0);
+}
+
+static void prefork_restart_fn(struct tevent_context *ev,
+			       struct tevent_timer *te,
+			       struct timeval tv,
+			       void *private_data);
+
+/*
+ * Restarts a child process if it exits unexpectedly
+ */
+static bool prefork_restart(struct tevent_context *ev,
+			    struct restart_context *rc)
+{
+	struct tevent_timer *te = NULL;
+
+	if (rc->restart_delay > 0) {
+		DBG_ERR("Restarting [%s] pre-fork %s in (%d) seconds\n",
+			rc->service_name,
+			(rc->master == NULL) ? "worker" : "master",
+			rc->restart_delay);
+	}
+
+	/*
+	 * Always use an async timer event. If
+	 * rc->restart_delay is zero this is the
+	 * same as an immediate event and will be
+	 * called immediately we go back into the
+	 * event loop.
+	 */
+	te = tevent_add_timer(ev,
+			      ev,
+			      tevent_timeval_current_ofs(rc->restart_delay, 0),
+			      prefork_restart_fn,
+			      rc);
+	if (te == NULL) {
+		DBG_ERR("tevent_add_timer fail [%s] pre-fork event %s\n",
+			rc->service_name,
+			(rc->master == NULL) ? "worker" : "master");
+		/* Caller needs to free rc. */
+		return false;
+	}
+	/* Caller must not free rc - it's in use. */
+	return true;
+}
+
+static void prefork_restart_fn(struct tevent_context *ev,
+			       struct tevent_timer *te,
+			       struct timeval tv,
+			       void *private_data)
+{
+	unsigned max_backoff = 0;
+	unsigned backoff = 0;
+	unsigned default_value = 0;
+	struct restart_context *rc = talloc_get_type(private_data,
+					struct restart_context);
+	unsigned restart_delay = rc->restart_delay;
+
+	TALLOC_FREE(te);
+
+	/*
+	 * If the child process is constantly exiting, then restarting it can
+	 * consume a lot of resources. In which case, we want to backoff a bit
+	 * before respawning it
+	 */
+	default_value = lpcfg_prefork_backoff_increment(rc->lp_ctx);
+	backoff = lpcfg_parm_int(rc->lp_ctx,
+				 NULL,
+				 "prefork backoff increment",
+				 rc->service_name,
+				 default_value);
+
+	default_value = lpcfg_prefork_maximum_backoff(rc->lp_ctx);
+	max_backoff = lpcfg_parm_int(rc->lp_ctx,
+				     NULL,
+				     "prefork maximum backoff",
+				     rc->service_name,
+				     default_value);
+
+	restart_delay += backoff;
+	restart_delay = min(restart_delay, max_backoff);
+
+	if (rc->master != NULL) {
+		DBG_ERR("Restarting [%s] pre-fork master\n", rc->service_name);
+		prefork_fork_master(ev,
+				    rc->lp_ctx,
+				    rc->service_name,
+				    rc->master->new_task_fn,
+				    rc->master->private_data,
+				    rc->service_details,
+				    restart_delay,
+				    rc->from_parent_fd);
+	} else if (rc->worker != NULL) {
+		struct process_details pd = initial_process_details;
+		DBG_ERR("Restarting [%s] pre-fork worker(%d)\n",
+			rc->service_name,
+			rc->worker->instance);
+		pd.instances = rc->worker->instance;
+		prefork_fork_worker(rc->worker->task,
+				    ev,
+				    rc->worker->ev2,
+				    rc->lp_ctx,
+				    rc->service_details,
+				    rc->service_name,
+				    rc->worker->control_pipe,
+				    restart_delay,
+				    &pd);
+	}
+	/* tfork allocates tfork structures with malloc */
+	tfork_destroy(&rc->t);
+	free(rc->t);
+	TALLOC_FREE(rc);
+}
+
+/*
+  handle EOF on the child pipe in the parent, so we know when a
+  process terminates without using SIGCHLD or waiting on all possible pids.
+
+  We need to ensure we do not ignore SIGCHLD because we need it to
+  work to get a valid error code from samba_runcmd_*().
+ */
+static void prefork_child_pipe_handler(struct tevent_context *ev,
+				       struct tevent_fd *fde,
+				       uint16_t flags,
+				       void *private_data)
+{
+	struct restart_context *rc = NULL;
+	int status = 0;
+	pid_t pid = 0;
+	bool rc_inuse = false;
+
+	/* free the fde which removes the event and stops it firing again */
+	TALLOC_FREE(fde);
+
+	/* the child has closed the pipe, assume its dead */
+
+	rc = talloc_get_type_abort(private_data, struct restart_context);
+	pid = tfork_child_pid(rc->t);
+	errno = 0;
+
+	irpc_cleanup(rc->lp_ctx, ev, pid);
+	status = tfork_status(&rc->t, false);
+	if (status == -1) {
+		DBG_ERR("Parent %d, Child %d terminated, "
+			"unable to get status code from tfork\n",
+			getpid(), pid);
+		rc_inuse = prefork_restart(ev, rc);
+	} else if (WIFEXITED(status)) {
+		status = WEXITSTATUS(status);
+		DBG_ERR("Parent %d, Child %d exited with status %d\n",
+			 getpid(), pid,  status);
+		if (status != 0) {
+			rc_inuse = prefork_restart(ev, rc);
+		}
+	} else if (WIFSIGNALED(status)) {
+		status = WTERMSIG(status);
+		DBG_ERR("Parent %d, Child %d terminated with signal %d\n",
+			getpid(), pid, status);
+		if (status == SIGABRT || status == SIGBUS || status == SIGFPE ||
+		    status == SIGILL || status == SIGSYS || status == SIGSEGV ||
+		    status == SIGKILL) {
+
+			rc_inuse = prefork_restart(ev, rc);
+		}
+	}
+	if (!rc_inuse) {
+		/* tfork allocates tfork structures with malloc */
+		tfork_destroy(&rc->t);
+		free(rc->t);
+		TALLOC_FREE(rc);
+	}
+	return;
+}
+
+/*
+  called when a listening socket becomes readable.
+*/
+static void prefork_accept_connection(
+	struct tevent_context *ev,
+	struct loadparm_context *lp_ctx,
+	struct socket_context *listen_socket,
+	void (*new_conn)(struct tevent_context *,
+			struct loadparm_context *,
+			struct socket_context *,
+			struct server_id,
+			void *,
+			void *),
+	void *private_data,
+	void *process_context)
+{
+	NTSTATUS status;
+	struct socket_context *connected_socket;
+	pid_t pid = getpid();
+
+	/* accept an incoming connection. */
+	status = socket_accept(listen_socket, &connected_socket);
+	if (!NT_STATUS_IS_OK(status)) {
+		/*
+		 * For prefork we can ignore STATUS_MORE_ENTRIES, as  once a
+		 * connection becomes available all waiting processes are
+		 * woken, but only one gets work to  process.
+		 * AKA the thundering herd.
+		 * In the short term this should not be an issue as the number
+		 * of workers should be a small multiple of the number of cpus
+		 * In the longer term socket_accept needs to implement a
+		 * mutex/semaphore (like apache does) to serialise the accepts
+		 */
+		if (!NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
+			DBG_ERR("Worker process (%d), error in accept [%s]\n",
+				getpid(), nt_errstr(status));
+		}
+		return;
+	}
+
+	talloc_steal(private_data, connected_socket);
+
+	new_conn(ev, lp_ctx, connected_socket,
+		 cluster_id(pid, socket_get_fd(connected_socket)),
+		 private_data, process_context);
+}
+
+static void setup_handlers(
+	struct tevent_context *ev,
+	struct loadparm_context *lp_ctx,
+	int from_parent_fd)
+{
+	struct tevent_fd *fde = NULL;
+	struct tevent_signal *se = NULL;
+
+	fde = tevent_add_fd(ev, ev, from_parent_fd, TEVENT_FD_READ,
+		      prefork_pipe_handler, lp_ctx);
+	if (fde == NULL) {
+		smb_panic("Failed to add fd handler after fork");
+	}
+
+	se = tevent_add_signal(ev,
+			       ev,
+			       SIGHUP,
+			       0,
+			       sighup_signal_handler,
+			       NULL);
+	if (se == NULL) {
+		smb_panic("Failed to add SIGHUP handler after fork");
+	}
+
+	se = tevent_add_signal(ev,
+			       ev,
+			       SIGTERM,
+			       0,
+			       sigterm_signal_handler,
+			       NULL);
+	if (se == NULL) {
+		smb_panic("Failed to add SIGTERM handler after fork");
+	}
+}
+
+/*
+ * Called by the prefork master to create a new prefork worker process
+ */
+static void prefork_fork_worker(struct task_server *task,
+				struct tevent_context *ev,
+				struct tevent_context *ev2,
+				struct loadparm_context *lp_ctx,
+				const struct service_details *service_details,
+				const char *service_name,
+				int control_pipe[2],
+				unsigned restart_delay,
+				struct process_details *pd)
+{
+	struct tfork *w = NULL;
+	pid_t pid;
+
+	w = tfork_create();
+	if (w == NULL) {
+		smb_panic("failure in tfork\n");
+	}
+
+	pid = tfork_child_pid(w);
+	if (pid != 0) {
+		struct tevent_fd *fde = NULL;
+		int fd = tfork_event_fd(w);
+		struct restart_context *rc = NULL;
+
+		/*
+		 * we're the parent (prefork master), so store enough info to
+		 * restart the worker/child if it exits unexpectedly
+		 */
+		rc = talloc_zero(ev, struct restart_context);
+		if (rc == NULL) {
+			smb_panic("OOM allocating restart context\n");
+		}
+		rc->t = w;
+		rc->lp_ctx = lp_ctx;
+		rc->service_name = service_name;
+		rc->service_details = service_details;
+		rc->restart_delay = restart_delay;
+		rc->master = NULL;
+		rc->worker = talloc_zero(rc, struct worker_restart_context);
+		if (rc->worker == NULL) {
+			smb_panic("OOM allocating master restart context\n");
+		}
+		rc->worker->ev2 = ev2;
+		rc->worker->instance = pd->instances;
+		rc->worker->task = task;
+		rc->worker->control_pipe[0] = control_pipe[0];
+		rc->worker->control_pipe[1] = control_pipe[1];
+
+		fde = tevent_add_fd(
+		    ev, ev, fd, TEVENT_FD_READ, prefork_child_pipe_handler, rc);
+		if (fde == NULL) {
+			smb_panic("Failed to add child pipe handler, "
+				  "after fork");
+		}
+		tevent_fd_set_auto_close(fde);
+	} else {
+
+		/*
+		 * we're the child (prefork-worker). We never write to the
+		 * control pipe, but listen on the read end in case our parent
+		 * (the pre-fork master) exits
+		 */
+		close(control_pipe[1]);
+		setup_handlers(ev2, lp_ctx, control_pipe[0]);
+
+		/*
+		 * tfork uses malloc
+		 */
+		free(w);
+
+		imessaging_dgm_unref_ev(ev);
+		TALLOC_FREE(ev);
+
+		process_set_title("%s(%d)",
+				  "task[%s] pre-forked worker(%d)",
+				  service_name,
+				  pd->instances);
+
+		prefork_reload_after_fork();
+		if (service_details->post_fork != NULL) {
+			service_details->post_fork(task, pd);
+		}
+		{
+			struct talloc_ctx *ctx = talloc_new(NULL);
+			char *name = NULL;
+			if (ctx == NULL) {
+				smb_panic("OOM allocating talloc context\n");
+			}
+			name = talloc_asprintf(ctx,
+					       "prefork-worker-%s-%d",
+					       service_name,
+					       pd->instances);
+			irpc_add_name(task->msg_ctx, name);
+			TALLOC_FREE(ctx);
+		}
+		if (service_details->before_loop != NULL) {
+			service_details->before_loop(task);
+		}
+		tevent_loop_wait(ev2);
+		imessaging_dgm_unref_ev(ev2);
+		talloc_free(ev2);
+		exit(0);
+	}
+}
+/*
+ * called to create a new server task
+ */
+static void prefork_new_task(
+	struct tevent_context *ev,
+	struct loadparm_context *lp_ctx,
+	const char *service_name,
+	struct task_server *(*new_task_fn)(struct tevent_context *,
+			    struct loadparm_context *lp_ctx,
+			    struct server_id , void *, void *),
+	void *private_data,
+	const struct service_details *service_details,
+	int from_parent_fd)
+{
+	prefork_fork_master(ev,
+			    lp_ctx,
+			    service_name,
+			    new_task_fn,
+			    private_data,
+			    service_details,
+			    0,
+			    from_parent_fd);
+
+}
+
+/*
+ * called when a task terminates
+ */
+static void prefork_terminate_task(struct tevent_context *ev,
+				   struct loadparm_context *lp_ctx,
+				   const char *reason,
+				   bool fatal,
+				   void *process_context)
+{
+	DBG_DEBUG("called with reason[%s]\n", reason);
+	TALLOC_FREE(ev);
+	if (fatal == true) {
+		exit(127);
+	} else {
+		exit(0);
+	}
+}
+
+/*
+ * called when a connection completes
+ */
+static void prefork_terminate_connection(struct tevent_context *ev,
+					 struct loadparm_context *lp_ctx,
+					 const char *reason,
+					 void *process_context)
+{
+}
+
+/* called to set a title of a task or connection */
+static void prefork_set_title(struct tevent_context *ev, const char *title)
+{
+}
+
+static const struct model_ops prefork_ops = {
+	.name			= "prefork",
+	.model_init		= prefork_model_init,
+	.accept_connection	= prefork_accept_connection,
+	.new_task		= prefork_new_task,
+	.terminate_task		= prefork_terminate_task,
+	.terminate_connection	= prefork_terminate_connection,
+	.set_title		= prefork_set_title,
+};
+
+/*
+ * initialise the prefork process model, registering ourselves with the
+ * process model subsystem
+ */
+NTSTATUS process_model_prefork_init(void)
+{
+	return register_process_model(&prefork_ops);
+}
diff --git a/source4/samba/process_single.c b/source4/samba/process_single.c
new file mode 100644
index 0000000..df817e2
--- /dev/null
+++ b/source4/samba/process_single.c
@@ -0,0 +1,169 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   process model: process (1 process handles all client connections)
+
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) James J Myers 2003 <myersjj@samba.org>
+   Copyright (C) Stefan (metze) Metzmacher 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "samba/process_model.h"
+#include "system/filesys.h"
+#include "cluster/cluster.h"
+
+NTSTATUS process_model_single_init(TALLOC_CTX *);
+
+/*
+  called when the process model is selected
+*/
+static void single_model_init(void)
+{
+}
+
+/*
+  called when a listening socket becomes readable. 
+*/
+static void single_accept_connection(struct tevent_context *ev, 
+				     struct loadparm_context *lp_ctx,
+				     struct socket_context *listen_socket,
+				     void (*new_conn)(struct tevent_context *, 
+						      struct loadparm_context *,
+						      struct socket_context *, 
+						      struct server_id, void *,
+						      void *),
+				     void *private_data,
+				     void *process_context)
+{
+	NTSTATUS status;
+	struct socket_context *connected_socket;
+	pid_t pid = getpid();
+
+	/* accept an incoming connection. */
+	status = socket_accept(listen_socket, &connected_socket);
+	if (!NT_STATUS_IS_OK(status)) {
+		DBG_ERR("single_accept_connection: accept: %s\n",
+			nt_errstr(status));
+		/* this looks strange, but is correct. 
+
+		   We can only be here if woken up from select, due to
+		   an incoming connection.
+
+		   We need to throttle things until the system clears
+		   enough resources to handle this new socket. 
+
+		   If we don't then we will spin filling the log and
+		   causing more problems. We don't panic as this is
+		   probably a temporary resource constraint */
+		sleep(1);
+		return;
+	}
+
+	talloc_steal(private_data, connected_socket);
+
+	/*
+	 * We use the PID so we cannot collide in with cluster ids
+	 * generated in other single mode tasks, and, and won't
+	 * collide with PIDs from process model standard because the
+	 * combination of pid/fd should be unique system-wide
+	 */
+	new_conn(ev, lp_ctx, connected_socket,
+		 cluster_id(pid, socket_get_fd(connected_socket)), private_data,
+			    process_context);
+}
+
+/*
+  called to startup a new task
+*/
+static void single_new_task(struct tevent_context *ev,
+			    struct loadparm_context *lp_ctx,
+			    const char *service_name,
+			    struct task_server *(*new_task)(struct tevent_context *,
+				             struct loadparm_context *,
+					     struct server_id, void *, void *),
+			    void *private_data,
+			    const struct service_details *service_details,
+			    int from_parent_fd)
+{
+	pid_t pid = getpid();
+	/* start our taskids at MAX_INT32, the first 2^31 tasks are is reserved for fd numbers */
+	static uint32_t taskid = INT32_MAX;
+	struct task_server *task = NULL;
+	/*
+	 * We use the PID so we cannot collide in with cluster ids
+	 * generated in other single mode tasks, and, and won't
+	 * collide with PIDs from process model standard because the
+	 * combination of pid/task_id should be unique system-wide
+	 *
+	 * Using the pid unaltered makes debugging of which process
+	 * owns the messaging socket easier.
+	 */
+	task = new_task(ev, lp_ctx, cluster_id(pid, taskid++), private_data, NULL);
+	if (task != NULL && service_details->post_fork != NULL) {
+		struct process_details pd = initial_process_details;
+		service_details->post_fork(task, &pd);
+	}
+	if (task != NULL && service_details->before_loop != NULL) {
+		service_details->before_loop(task);
+	}
+}
+
+/*
+ * Called when a task goes down
+ */
+static void single_terminate_task(struct tevent_context *ev,
+				  struct loadparm_context *lp_ctx,
+				  const char *reason,
+				  bool fatal,
+				  void *process_context)
+{
+	DBG_NOTICE("single_terminate: reason[%s]\n",reason);
+}
+
+/*
+ * Called when a connection has ended
+ */
+static void single_terminate_connection(struct tevent_context *ev,
+					struct loadparm_context *lp_ctx,
+					const char *reason,
+					void *process_context)
+{
+}
+
+/* called to set a title of a task or connection */
+static void single_set_title(struct tevent_context *ev, const char *title) 
+{
+}
+
+const struct model_ops single_ops = {
+	.name			= "single",
+	.model_init		= single_model_init,
+	.new_task		= single_new_task,
+	.accept_connection	= single_accept_connection,
+	.terminate_task		= single_terminate_task,
+	.terminate_connection	= single_terminate_connection,
+	.set_title		= single_set_title,
+};
+
+/*
+  initialise the single process model, registering ourselves with the
+  process model subsystem
+ */
+NTSTATUS process_model_single_init(TALLOC_CTX *ctx)
+{
+	return register_process_model(&single_ops);
+}
diff --git a/source4/samba/process_standard.c b/source4/samba/process_standard.c
new file mode 100644
index 0000000..fba24ff
--- /dev/null
+++ b/source4/samba/process_standard.c
@@ -0,0 +1,626 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   process model: standard (1 process per client connection)
+
+   Copyright (C) Andrew Tridgell 1992-2005
+   Copyright (C) James J Myers 2003 <myersjj@samba.org>
+   Copyright (C) Stefan (metze) Metzmacher 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include "samba/process_model.h"
+#include "system/filesys.h"
+#include "cluster/cluster.h"
+#include "param/param.h"
+#include "ldb_wrap.h"
+#include "lib/messaging/messaging.h"
+#include "lib/util/debug.h"
+#include "lib/messaging/messages_dgm.h"
+#include "lib/util/util_process.h"
+
+static unsigned connections_active = 0;
+static unsigned smbd_max_processes = 0;
+
+struct standard_child_state {
+	const char *name;
+	pid_t pid;
+	int to_parent_fd;
+	int from_child_fd;
+	struct tevent_fd *from_child_fde;
+};
+
+NTSTATUS process_model_standard_init(TALLOC_CTX *);
+struct process_context {
+	char *name;
+	int from_parent_fd;
+	bool inhibit_fork_on_accept;
+	bool forked_on_accept;
+};
+
+/*
+  called when the process model is selected
+*/
+static void standard_model_init(void)
+{
+}
+
+static void sighup_signal_handler(struct tevent_context *ev,
+				struct tevent_signal *se,
+				int signum, int count, void *siginfo,
+				void *private_data)
+{
+	debug_schedule_reopen_logs();
+}
+
+static void sigterm_signal_handler(struct tevent_context *ev,
+				struct tevent_signal *se,
+				int signum, int count, void *siginfo,
+				void *private_data)
+{
+#ifdef HAVE_GETPGRP
+	if (getpgrp() == getpid()) {
+		/*
+		 * We're the process group leader, send
+		 * SIGTERM to our process group.
+		 */
+		DBG_ERR("SIGTERM: killing children\n");
+		kill(-getpgrp(), SIGTERM);
+	}
+#endif
+	DBG_ERR("Exiting pid %u on SIGTERM\n", (unsigned int)getpid());
+	talloc_free(ev);
+	exit(127);
+}
+
+/*
+  handle EOF on the parent-to-all-children pipe in the child
+*/
+static void standard_pipe_handler(struct tevent_context *event_ctx, struct tevent_fd *fde, 
+				  uint16_t flags, void *private_data)
+{
+	DBG_DEBUG("Child %d exiting\n", (int)getpid());
+	talloc_free(event_ctx);
+	exit(0);
+}
+
+/*
+  handle EOF on the child pipe in the parent, so we know when a
+  process terminates without using SIGCHLD or waiting on all possible pids.
+
+  We need to ensure we do not ignore SIGCHLD because we need it to
+  work to get a valid error code from samba_runcmd_*().
+ */
+static void standard_child_pipe_handler(struct tevent_context *ev,
+					struct tevent_fd *fde,
+					uint16_t flags,
+					void *private_data)
+{
+	struct standard_child_state *state
+		= talloc_get_type_abort(private_data, struct standard_child_state);
+	int status = 0;
+	pid_t pid;
+
+	messaging_dgm_cleanup(state->pid);
+
+	/* the child has closed the pipe, assume its dead */
+	errno = 0;
+	pid = waitpid(state->pid, &status, 0);
+
+	if (pid != state->pid) {
+		if (errno == ECHILD) {
+			/*
+			 * this happens when the
+			 * parent has set SIGCHLD to
+			 * SIG_IGN. In that case we
+			 * can only get error
+			 * information for the child
+			 * via its logging. We should
+			 * stop using SIG_IGN on
+			 * SIGCHLD in the standard
+			 * process model.
+			 */
+			DBG_ERR("Error in waitpid() unexpectedly got ECHILD "
+				"for child %d (%s) - %s, someone has set SIGCHLD "
+				"to SIG_IGN!\n",
+				(int)state->pid, state->name,
+				strerror(errno));
+			TALLOC_FREE(state);
+			return;
+		}
+		DBG_ERR("Error in waitpid() for child %d (%s) - %s \n",
+			(int)state->pid, state->name, strerror(errno));
+		if (errno == 0) {
+			errno = ECHILD;
+		}
+		goto done;
+	}
+	if (WIFEXITED(status)) {
+		status = WEXITSTATUS(status);
+		if (status != 0) {
+			DBG_ERR("Child %d (%s) exited with status %d\n",
+				(int)state->pid, state->name, status);
+		}
+	} else if (WIFSIGNALED(status)) {
+		status = WTERMSIG(status);
+		DBG_ERR("Child %d (%s) terminated with signal %d\n",
+			(int)state->pid, state->name, status);
+	}
+done:
+	TALLOC_FREE(state);
+	if (smbd_max_processes > 0) {
+		if (connections_active < 1) {
+			DBG_ERR("Number of active connections "
+				"less than 1 (%d)\n",
+				connections_active);
+			connections_active = 1;
+		}
+		connections_active--;
+	}
+	return;
+}
+
+static struct standard_child_state *setup_standard_child_pipe(struct tevent_context *ev,
+							      const char *name)
+{
+	struct standard_child_state *state;
+	int parent_child_pipe[2];
+	int ret;
+
+	/*
+	 * Prepare a pipe to allow us to know when the child exits,
+	 * because it will trigger a read event on this private
+	 * pipe.
+	 *
+	 * We do all this before the accept and fork(), so we can
+	 * clean up if it fails.
+	 */
+	state = talloc_zero(ev, struct standard_child_state);
+	if (state == NULL) {
+		return NULL;
+	}
+
+	if (name == NULL) {
+		name = "";
+	}
+
+	state->name = talloc_strdup(state, name);
+	if (state->name == NULL) {
+		TALLOC_FREE(state);
+		return NULL;
+	}
+
+	ret = pipe(parent_child_pipe);
+	if (ret == -1) {
+		DBG_ERR("Failed to create parent-child pipe to handle "
+			"SIGCHLD to track new process for socket\n");
+		TALLOC_FREE(state);
+		return NULL;
+	}
+
+	smb_set_close_on_exec(parent_child_pipe[0]);
+	smb_set_close_on_exec(parent_child_pipe[1]);
+
+	state->from_child_fd = parent_child_pipe[0];
+	state->to_parent_fd = parent_child_pipe[1];
+
+	/*
+	 * The basic purpose of calling this handler is to ensure we
+	 * call waitpid() and so avoid zombies (now that we no longer
+	 * user SIGIGN on for SIGCHLD), but it also allows us to clean
+	 * up other resources in the future.
+	 */
+	state->from_child_fde = tevent_add_fd(ev, state,
+					      state->from_child_fd,
+					      TEVENT_FD_READ,
+					      standard_child_pipe_handler,
+					      state);
+	if (state->from_child_fde == NULL) {
+		TALLOC_FREE(state);
+		return NULL;
+	}
+	tevent_fd_set_auto_close(state->from_child_fde);
+
+	return state;
+}
+
+/*
+  called when a listening socket becomes readable. 
+*/
+static void standard_accept_connection(
+		struct tevent_context *ev,
+		struct loadparm_context *lp_ctx,
+		struct socket_context *sock,
+		void (*new_conn)(struct tevent_context *,
+				struct loadparm_context *,
+				struct socket_context *,
+				struct server_id,
+				void *,
+				void *),
+		void *private_data,
+		void *process_context)
+{
+	NTSTATUS status;
+	struct socket_context *sock2;
+	pid_t pid;
+	struct socket_address *c, *s;
+	struct standard_child_state *state;
+	struct tevent_fd *fde = NULL;
+	struct tevent_signal *se = NULL;
+	struct process_context *proc_ctx = NULL;
+
+
+	/* accept an incoming connection. */
+	status = socket_accept(sock, &sock2);
+	if (!NT_STATUS_IS_OK(status)) {
+		DBG_DEBUG("standard_accept_connection: accept: %s\n",
+			  nt_errstr(status));
+		/* this looks strange, but is correct. We need to throttle
+		 * things until the system clears enough resources to handle
+		 * this new socket
+		 */
+		sleep(1);
+		return;
+	}
+
+	proc_ctx = talloc_get_type_abort(process_context,
+					 struct process_context);
+
+	if (proc_ctx->inhibit_fork_on_accept) {
+		pid = getpid();
+		/*
+		 * Service does not support forking a new process on a
+		 * new connection, either it's maintaining shared
+		 * state or the overhead of forking a new process is a
+		 * significant fraction of the response time.
+		 */
+		talloc_steal(private_data, sock2);
+		new_conn(ev, lp_ctx, sock2,
+			 cluster_id(pid, socket_get_fd(sock2)), private_data,
+			 process_context);
+		return;
+	}
+
+	if (smbd_max_processes > 0) {
+		if (connections_active >= smbd_max_processes) {
+			DBG_ERR("(%d) connections already active, "
+				"maximum is (%d). Dropping request\n",
+				connections_active,
+				smbd_max_processes);
+			/*
+			 * Drop the connection as we're overloaded at the moment
+			 */
+			talloc_free(sock2);
+			return;
+		}
+		connections_active++;
+	}
+
+	state = setup_standard_child_pipe(ev, NULL);
+	if (state == NULL) {
+		return;
+	}
+	pid = fork();
+
+	if (pid != 0) {
+		close(state->to_parent_fd);
+		state->to_parent_fd = -1;
+
+		if (pid > 0) {
+			state->pid = pid;
+		} else {
+			TALLOC_FREE(state);
+		}
+
+		/* parent or error code ... */
+		talloc_free(sock2);
+		/* go back to the event loop */
+		return;
+	}
+
+	/* this leaves state->to_parent_fd open */
+	TALLOC_FREE(state);
+
+	/* Now in the child code so indicate that we forked
+	 * so the terminate code knows what to do
+	 */
+	proc_ctx->forked_on_accept = true;
+
+	pid = getpid();
+
+	process_set_title("%s[work]", "task[%s] standard worker", proc_ctx->name);
+
+	/* This is now the child code. We need a completely new event_context to work with */
+
+	if (tevent_re_initialise(ev) != 0) {
+		smb_panic("Failed to re-initialise tevent after fork");
+	}
+
+	/* this will free all the listening sockets and all state that
+	   is not associated with this new connection */
+	talloc_free(sock);
+
+	/* we don't care if the dup fails, as its only a select()
+	   speed optimisation */
+	socket_dup(sock2);
+			
+	/* tdb needs special fork handling */
+	ldb_wrap_fork_hook();
+
+	/* Must be done after a fork() to reset messaging contexts. */
+	status = imessaging_reinit_all();
+	if (!NT_STATUS_IS_OK(status)) {
+		smb_panic("Failed to re-initialise imessaging after fork");
+	}
+
+	fde = tevent_add_fd(ev, ev, proc_ctx->from_parent_fd, TEVENT_FD_READ,
+		      standard_pipe_handler, NULL);
+	if (fde == NULL) {
+		smb_panic("Failed to add fd handler after fork");
+	}
+
+	se = tevent_add_signal(ev,
+				ev,
+				SIGHUP,
+				0,
+				sighup_signal_handler,
+				NULL);
+	if (se == NULL) {
+		smb_panic("Failed to add SIGHUP handler after fork");
+	}
+
+	se = tevent_add_signal(ev,
+				ev,
+				SIGTERM,
+				0,
+				sigterm_signal_handler,
+				NULL);
+	if (se == NULL) {
+		smb_panic("Failed to add SIGTERM handler after fork");
+	}
+
+	/* setup the process title */
+	c = socket_get_peer_addr(sock2, ev);
+	s = socket_get_my_addr(sock2, ev);
+	if (s && c) {
+		setproctitle("conn c[%s:%u] s[%s:%u] server_id[%d]",
+			     c->addr, c->port, s->addr, s->port, (int)pid);
+	}
+	talloc_free(c);
+	talloc_free(s);
+
+	force_check_log_size();
+
+	/* setup this new connection.  Cluster ID is PID based for this process model */
+	new_conn(ev, lp_ctx, sock2, cluster_id(pid, 0), private_data,
+		 process_context);
+
+	/* we can't return to the top level here, as that event context is gone,
+	   so we now process events in the new event context until there are no
+	   more to process */	   
+	tevent_loop_wait(ev);
+
+	talloc_free(ev);
+	exit(0);
+}
+
+/*
+  called to create a new server task
+*/
+static void standard_new_task(struct tevent_context *ev,
+			      struct loadparm_context *lp_ctx,
+			      const char *service_name,
+			      struct task_server *(*new_task)(struct tevent_context *, struct loadparm_context *lp_ctx, struct server_id , void *, void *),
+			      void *private_data,
+			      const struct service_details *service_details,
+			      int from_parent_fd)
+{
+	pid_t pid;
+	NTSTATUS status;
+	struct standard_child_state *state;
+	struct tevent_fd *fde = NULL;
+	struct tevent_signal *se = NULL;
+	struct process_context *proc_ctx = NULL;
+	struct task_server* task = NULL;
+
+	state = setup_standard_child_pipe(ev, service_name);
+	if (state == NULL) {
+		return;
+	}
+
+	pid = fork();
+
+	if (pid != 0) {
+		close(state->to_parent_fd);
+		state->to_parent_fd = -1;
+
+		if (pid > 0) {
+			state->pid = pid;
+		} else {
+			TALLOC_FREE(state);
+		}
+
+		/* parent or error code ... go back to the event loop */
+		return;
+	}
+
+	/* this leaves state->to_parent_fd open */
+	TALLOC_FREE(state);
+
+	pid = getpid();
+
+	/* this will free all the listening sockets and all state that
+	   is not associated with this new connection */
+	if (tevent_re_initialise(ev) != 0) {
+		smb_panic("Failed to re-initialise tevent after fork");
+	}
+
+	/* ldb/tdb need special fork handling */
+	ldb_wrap_fork_hook();
+
+	/* Must be done after a fork() to reset messaging contexts. */
+	status = imessaging_reinit_all();
+	if (!NT_STATUS_IS_OK(status)) {
+		smb_panic("Failed to re-initialise imessaging after fork");
+	}
+
+	fde = tevent_add_fd(ev, ev, from_parent_fd, TEVENT_FD_READ,
+		      standard_pipe_handler, NULL);
+	if (fde == NULL) {
+		smb_panic("Failed to add fd handler after fork");
+	}
+
+	se = tevent_add_signal(ev,
+				ev,
+				SIGHUP,
+				0,
+				sighup_signal_handler,
+				NULL);
+	if (se == NULL) {
+		smb_panic("Failed to add SIGHUP handler after fork");
+	}
+
+	se = tevent_add_signal(ev,
+				ev,
+				SIGTERM,
+				0,
+				sigterm_signal_handler,
+				NULL);
+	if (se == NULL) {
+		smb_panic("Failed to add SIGTERM handler after fork");
+	}
+
+	process_set_title("%s[task]", "task[%s]", service_name);
+
+	force_check_log_size();
+
+	/*
+	 * Set up the process context to be passed through to the terminate
+	 * and accept_connection functions
+	 */
+	proc_ctx = talloc(ev, struct process_context);
+	proc_ctx->name = talloc_strdup(ev, service_name);
+	proc_ctx->from_parent_fd = from_parent_fd;
+	proc_ctx->inhibit_fork_on_accept  =
+		service_details->inhibit_fork_on_accept;
+	proc_ctx->forked_on_accept = false;
+
+	smbd_max_processes = lpcfg_max_smbd_processes(lp_ctx);
+
+	/* setup this new task.  Cluster ID is PID based for this process model */
+	task = new_task(ev, lp_ctx, cluster_id(pid, 0), private_data, proc_ctx);
+	/*
+	 * Currently we don't support the post_fork functionality in the
+	 * standard model, i.e. it is only called here not after a new process
+	 * is forked in standard_accept_connection.
+	 */
+	if (task != NULL && service_details->post_fork != NULL) {
+		struct process_details pd = initial_process_details;
+		service_details->post_fork(task, &pd);
+	}
+
+	if (task != NULL && service_details->before_loop != NULL) {
+		service_details->before_loop(task);
+	}
+
+	/* we can't return to the top level here, as that event context is gone,
+	   so we now process events in the new event context until there are no
+	   more to process */
+	tevent_loop_wait(ev);
+
+	talloc_free(ev);
+	exit(0);
+}
+
+
+/* called when a task goes down */
+static void standard_terminate_task(struct tevent_context *ev,
+				    struct loadparm_context *lp_ctx,
+				    const char *reason,
+				    bool fatal,
+				    void *process_context)
+{
+	if (fatal == true) {
+		exit(127);
+	}
+	exit(0);
+}
+
+/* called when a connection terminates*/
+static void standard_terminate_connection(struct tevent_context *ev,
+					  struct loadparm_context *lp_ctx,
+					  const char *reason,
+					  void *process_context)
+{
+	struct process_context *proc_ctx = NULL;
+
+	DBG_DEBUG("connection terminating reason[%s]\n", reason);
+	if (process_context == NULL) {
+		smb_panic("Panicking process_context is NULL");
+	}
+
+	proc_ctx = talloc_get_type(process_context, struct process_context);
+	if (proc_ctx->forked_on_accept == false) {
+		/*
+		 * The current task was not forked on accept, so it needs to
+		 * keep running and process requests from other connections
+		 */
+		return;
+	}
+	/*
+	 * The current process was forked on accept to handle a single
+	 * connection/request. That request has now finished and the process
+	 * should terminate
+	 */
+
+	/* this reload_charcnv() has the effect of freeing the iconv context memory,
+	   which makes leak checking easier */
+	reload_charcnv(lp_ctx);
+
+	/* Always free event context last before exit. */
+	talloc_free(ev);
+
+	/* terminate this process */
+	exit(0);
+}
+/* called to set a title of a task or connection */
+static void standard_set_title(struct tevent_context *ev, const char *title) 
+{
+	if (title) {
+		setproctitle("%s", title);
+	} else {
+		setproctitle(NULL);
+	}
+}
+
+static const struct model_ops standard_ops = {
+	.name			= "standard",
+	.model_init		= standard_model_init,
+	.accept_connection	= standard_accept_connection,
+	.new_task		= standard_new_task,
+	.terminate_task		= standard_terminate_task,
+	.terminate_connection	= standard_terminate_connection,
+	.set_title		= standard_set_title,
+};
+
+/*
+  initialise the standard process model, registering ourselves with the process model subsystem
+ */
+NTSTATUS process_model_standard_init(TALLOC_CTX *ctx)
+{
+	return register_process_model(&standard_ops);
+}
diff --git a/source4/samba/server.c b/source4/samba/server.c
new file mode 100644
index 0000000..011d9d0
--- /dev/null
+++ b/source4/samba/server.c
@@ -0,0 +1,1000 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Main SMB server routines
+
+   Copyright (C) Andrew Tridgell		1992-2005
+   Copyright (C) Martin Pool			2002
+   Copyright (C) Jelmer Vernooij		2002
+   Copyright (C) James J Myers 			2003 <myersjj@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include "version.h"
+#include "lib/cmdline/cmdline.h"
+#include "system/dir.h"
+#include "system/filesys.h"
+#include "auth/gensec/gensec.h"
+#include "libcli/auth/schannel.h"
+#include "samba/process_model.h"
+#include "param/secrets.h"
+#include "lib/util/pidfile.h"
+#include "param/param.h"
+#include "dsdb/samdb/samdb.h"
+#include "auth/session.h"
+#include "lib/messaging/irpc.h"
+#include "librpc/gen_ndr/ndr_irpc.h"
+#include "cluster/cluster.h"
+#include "dynconfig/dynconfig.h"
+#include "nsswitch/winbind_client.h"
+#include "libds/common/roles.h"
+#include "lib/util/tfork.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+#include "lib/util/server_id.h"
+#include "server_util.h"
+
+#ifdef HAVE_PTHREAD
+#include <pthread.h>
+#endif
+
+struct server_state {
+	struct tevent_context *event_ctx;
+	const char *binary_name;
+};
+
+/*
+  recursively delete a directory tree
+*/
+static void recursive_delete(const char *path)
+{
+	DIR *dir;
+	struct dirent *de;
+
+	dir = opendir(path);
+	if (!dir) {
+		return;
+	}
+
+	for (de=readdir(dir);de;de=readdir(dir)) {
+		char *fname;
+		struct stat st;
+
+		if (ISDOT(de->d_name) || ISDOTDOT(de->d_name)) {
+			continue;
+		}
+
+		fname = talloc_asprintf(path, "%s/%s", path, de->d_name);
+		if (stat(fname, &st) != 0) {
+			continue;
+		}
+		if (S_ISDIR(st.st_mode)) {
+			recursive_delete(fname);
+			talloc_free(fname);
+			continue;
+		}
+		if (unlink(fname) != 0) {
+			DBG_ERR("Unabled to delete '%s' - %s\n",
+				 fname, strerror(errno));
+			smb_panic("unable to cleanup tmp files");
+		}
+		talloc_free(fname);
+	}
+	closedir(dir);
+}
+
+/*
+  cleanup temporary files. This is the new alternative to
+  TDB_CLEAR_IF_FIRST. Unfortunately TDB_CLEAR_IF_FIRST is not
+  efficient on unix systems due to the lack of scaling of the byte
+  range locking system. So instead of putting the burden on tdb to
+  cleanup tmp files, this function deletes them.
+*/
+static void cleanup_tmp_files(struct loadparm_context *lp_ctx)
+{
+	char *path;
+	TALLOC_CTX *mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		exit_daemon("Failed to create memory context",
+			    ENOMEM);
+	}
+
+	path = smbd_tmp_path(mem_ctx, lp_ctx, NULL);
+	if (path == NULL) {
+		exit_daemon("Failed to cleanup temporary files",
+			    EINVAL);
+	}
+
+	recursive_delete(path);
+	talloc_free(mem_ctx);
+}
+
+static void sig_hup(int sig)
+{
+	debug_schedule_reopen_logs();
+}
+
+static void sig_term(int sig)
+{
+#ifdef HAVE_GETPGRP
+	if (getpgrp() == getpid()) {
+		/*
+		 * We're the process group leader, send
+		 * SIGTERM to our process group.
+		 */
+		kill(-getpgrp(), SIGTERM);
+	}
+#endif
+	_exit(127);
+}
+
+static void sigterm_signal_handler(struct tevent_context *ev,
+				struct tevent_signal *se,
+				int signum, int count, void *siginfo,
+				void *private_data)
+{
+	struct server_state *state = talloc_get_type_abort(
+                private_data, struct server_state);
+
+	DBG_DEBUG("Process %s got SIGTERM\n", state->binary_name);
+	TALLOC_FREE(state);
+	sig_term(SIGTERM);
+}
+
+static void sighup_signal_handler(struct tevent_context *ev,
+				  struct tevent_signal *se,
+				  int signum, int count, void *siginfo,
+				  void *private_data)
+{
+	struct server_state *state = talloc_get_type_abort(
+                private_data, struct server_state);
+
+	DBG_DEBUG("Process %s got SIGHUP\n", state->binary_name);
+
+	reopen_logs_internal();
+}
+
+/*
+  setup signal masks
+*/
+static void setup_signals(void)
+{
+	/* we are never interested in SIGPIPE */
+	BlockSignals(true,SIGPIPE);
+
+#if defined(SIGFPE)
+	/* we are never interested in SIGFPE */
+	BlockSignals(true,SIGFPE);
+#endif
+
+	/* We are no longer interested in USR1 */
+	BlockSignals(true, SIGUSR1);
+
+#if defined(SIGUSR2)
+	/* We are no longer interested in USR2 */
+	BlockSignals(true,SIGUSR2);
+#endif
+
+	/* POSIX demands that signals are inherited. If the invoking process has
+	 * these signals masked, we will have problems,
+	 * as we won't receive them. */
+	BlockSignals(false, SIGHUP);
+	BlockSignals(false, SIGTERM);
+
+	CatchSignal(SIGHUP, sig_hup);
+	CatchSignal(SIGTERM, sig_term);
+}
+
+/*
+  handle io on stdin
+*/
+static void server_stdin_handler(struct tevent_context *event_ctx,
+				struct tevent_fd *fde,
+				uint16_t flags,
+				void *private_data)
+{
+	struct server_state *state = talloc_get_type_abort(
+		private_data, struct server_state);
+	uint8_t c;
+	if (read(0, &c, 1) == 0) {
+		DBG_ERR("%s: EOF on stdin - PID %d terminating\n",
+			state->binary_name, (int)getpid());
+#ifdef HAVE_GETPGRP
+		if (getpgrp() == getpid()) {
+			DBG_ERR("Sending SIGTERM from pid %d\n",
+				(int)getpid());
+			kill(-getpgrp(), SIGTERM);
+		}
+#endif
+		TALLOC_FREE(state);
+		exit(0);
+	}
+}
+
+/*
+  die if the user selected maximum runtime is exceeded
+*/
+_NORETURN_ static void max_runtime_handler(struct tevent_context *ev,
+					   struct tevent_timer *te,
+					   struct timeval t, void *private_data)
+{
+	struct server_state *state = talloc_get_type_abort(
+		private_data, struct server_state);
+	DBG_ERR("%s: maximum runtime exceeded - "
+		"terminating PID %d at %llu, current ts: %llu\n",
+		 state->binary_name,
+		(int)getpid(),
+		(unsigned long long)t.tv_sec,
+		(unsigned long long)time(NULL));
+	TALLOC_FREE(state);
+	exit(0);
+}
+
+/*
+ * When doing an in-place upgrade of Samba, the database format may have
+ * changed between versions. E.g. between 4.7 and 4.8 the DB changed from
+ * DN-based indexes to GUID-based indexes, so we have to re-index the DB after
+ * upgrading.
+ * This function handles migrating an older samba DB to a new Samba release.
+ * Note that we have to maintain DB compatibility between *all* older versions
+ * of Samba, not just the ones still under maintenance support.
+ *
+ * Finally, while the transaction is open, check if we support the set
+ * domain functional level, if the DC functional level on our object
+ * is correct and if not to update it (except on the RODC)
+ */
+static int handle_inplace_db_upgrade_check_and_update_fl(struct ldb_context *ldb_ctx,
+							 struct loadparm_context *lp_ctx)
+{
+	int ret;
+
+	/*
+	 * The DSDB stack will handle reindexing the DB (if needed) upon the first
+	 * DB write. Open and close a transaction on the DB now to trigger a
+	 * reindex if required, rather than waiting for the first write.
+	 * We do this here to guarantee that the DB will have been re-indexed by
+	 * the time the main samba code runs.
+	 * Refer to dsdb_schema_set_indices_and_attributes() for the actual reindexing
+	 * code, called from
+	 * source4/dsdb/samdb/ldb_modules/schema_load.c:schema_load_start_transaction()
+	 */
+	ret = ldb_transaction_start(ldb_ctx);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+
+	ret = dsdb_check_and_update_fl(ldb_ctx, lp_ctx);
+	if (ret != LDB_SUCCESS) {
+		ldb_transaction_cancel(ldb_ctx);
+		return ret;
+	}
+
+	ret = ldb_transaction_commit(ldb_ctx);
+	if (ret != LDB_SUCCESS) {
+		return ret;
+	}
+	return LDB_SUCCESS;
+}
+
+/*
+  pre-open the key databases. This saves a lot of time in child
+  processes
+ */
+static int prime_ldb_databases(struct tevent_context *event_ctx, bool *am_backup)
+{
+	struct ldb_result *res = NULL;
+	struct ldb_dn *samba_dsdb_dn = NULL;
+	struct ldb_context *ldb_ctx = NULL;
+	struct ldb_context *pdb = NULL;
+	static const char *attrs[] = { "backupDate", NULL };
+	struct loadparm_context *lp_ctx = samba_cmdline_get_lp_ctx();
+	const char *msg = NULL;
+	int ret;
+	TALLOC_CTX *db_context = talloc_new(event_ctx);
+	if (db_context == NULL) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	*am_backup = false;
+
+	/* note we deliberately leave these open, which allows them to be
+	 * re-used in ldb_wrap_connect() */
+	ldb_ctx = samdb_connect(db_context,
+				event_ctx,
+				lp_ctx,
+				system_session(lp_ctx),
+				NULL,
+				0);
+	if (ldb_ctx == NULL) {
+		talloc_free(db_context);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	ret = handle_inplace_db_upgrade_check_and_update_fl(ldb_ctx,
+							    lp_ctx);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(db_context);
+		return ret;
+	}
+
+	pdb = privilege_connect(db_context, lp_ctx);
+	if (pdb == NULL) {
+		talloc_free(db_context);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	/* check the root DB object to see if it's marked as a backup */
+	samba_dsdb_dn = ldb_dn_new(db_context, ldb_ctx, "@SAMBA_DSDB");
+	if (!samba_dsdb_dn) {
+		talloc_free(db_context);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	ret = dsdb_search_dn(ldb_ctx, db_context, &res, samba_dsdb_dn, attrs,
+			     DSDB_FLAG_AS_SYSTEM);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(db_context);
+		return ret;
+	}
+
+	if (res->count > 0) {
+		msg = ldb_msg_find_attr_as_string(res->msgs[0], "backupDate",
+						  NULL);
+		if (msg != NULL) {
+			*am_backup = true;
+		}
+	}
+	return LDB_SUCCESS;
+}
+
+/*
+  called from 'smbcontrol samba shutdown'
+ */
+static void samba_parent_shutdown(struct imessaging_context *msg,
+				  void *private_data,
+				  uint32_t msg_type,
+				  struct server_id src,
+				  size_t num_fds,
+				  int *fds,
+				  DATA_BLOB *data)
+{
+	struct server_state *state =
+		talloc_get_type_abort(private_data,
+		struct server_state);
+	struct server_id_buf src_buf;
+	struct server_id dst = imessaging_get_server_id(msg);
+	struct server_id_buf dst_buf;
+
+	if (num_fds != 0) {
+		DBG_WARNING("Received %zu fds, ignoring message\n", num_fds);
+		return;
+	}
+
+	DBG_ERR("samba_shutdown of %s %s: from %s\n",
+		state->binary_name,
+		server_id_str_buf(dst, &dst_buf),
+		server_id_str_buf(src, &src_buf));
+
+	TALLOC_FREE(state);
+	exit(0);
+}
+
+/*
+  called when a fatal condition occurs in a child task
+ */
+static NTSTATUS samba_terminate(struct irpc_message *msg,
+				struct samba_terminate *r)
+{
+	struct server_state *state = talloc_get_type(msg->private_data,
+					struct server_state);
+	DBG_ERR("samba_terminate of %s %d: %s\n",
+		state->binary_name, (int)getpid(), r->in.reason);
+	TALLOC_FREE(state);
+	exit(1);
+}
+
+/*
+  setup messaging for the top level samba (parent) task
+ */
+static NTSTATUS setup_parent_messaging(struct server_state *state,
+				       struct loadparm_context *lp_ctx)
+{
+	struct imessaging_context *msg;
+	NTSTATUS status;
+	if (state == NULL) {
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	msg = imessaging_init(state->event_ctx,
+			      lp_ctx,
+			      cluster_id(getpid(), SAMBA_PARENT_TASKID),
+			      state->event_ctx);
+	NT_STATUS_HAVE_NO_MEMORY(msg);
+
+	status = irpc_add_name(msg, "samba");
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	status = imessaging_register(msg, state, MSG_SHUTDOWN,
+				     samba_parent_shutdown);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	status = IRPC_REGISTER(msg, irpc, SAMBA_TERMINATE,
+			       samba_terminate, state);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  show build info
+ */
+static void show_build(void)
+{
+#define CONFIG_OPTION(n) { #n, dyn_ ## n }
+	struct {
+		const char *name;
+		const char *value;
+	} config_options[] = {
+		CONFIG_OPTION(BINDIR),
+		CONFIG_OPTION(SBINDIR),
+		CONFIG_OPTION(CONFIGFILE),
+		CONFIG_OPTION(NCALRPCDIR),
+		CONFIG_OPTION(LOGFILEBASE),
+		CONFIG_OPTION(LMHOSTSFILE),
+		CONFIG_OPTION(DATADIR),
+		CONFIG_OPTION(MODULESDIR),
+		CONFIG_OPTION(LOCKDIR),
+		CONFIG_OPTION(STATEDIR),
+		CONFIG_OPTION(CACHEDIR),
+		CONFIG_OPTION(PIDDIR),
+		CONFIG_OPTION(PRIVATE_DIR),
+		CONFIG_OPTION(CODEPAGEDIR),
+		CONFIG_OPTION(SETUPDIR),
+		CONFIG_OPTION(WINBINDD_SOCKET_DIR),
+		CONFIG_OPTION(NTP_SIGND_SOCKET_DIR),
+		{ NULL, NULL}
+	};
+	int i;
+
+	printf("Samba version: %s\n", SAMBA_VERSION_STRING);
+	printf("Build environment:\n");
+
+	printf("Paths:\n");
+	for (i=0; config_options[i].name; i++) {
+		printf("   %s: %s\n",
+			config_options[i].name,
+			config_options[i].value);
+	}
+
+	exit(0);
+}
+
+static int event_ctx_destructor(struct tevent_context *event_ctx)
+{
+	imessaging_dgm_unref_ev(event_ctx);
+	return 0;
+}
+
+#ifdef HAVE_PTHREAD
+static int to_children_fd = -1;
+static void atfork_prepare(void) {
+}
+static void atfork_parent(void) {
+}
+static void atfork_child(void) {
+	if (to_children_fd != -1) {
+		close(to_children_fd);
+		to_children_fd = -1;
+	}
+}
+#endif
+
+/*
+ main server.
+*/
+static int binary_smbd_main(TALLOC_CTX *mem_ctx,
+			    const char *binary_name,
+			    int argc,
+			    const char *argv[])
+{
+	struct samba_cmdline_daemon_cfg *cmdline_daemon_cfg = NULL;
+	bool db_is_backup = false;
+	int opt;
+	int ret;
+	poptContext pc;
+	uint16_t stdin_event_flags;
+	NTSTATUS status;
+	const char *model = "prefork";
+	int max_runtime = 0;
+	struct stat st;
+	enum {
+		OPT_PROCESS_MODEL = 1000,
+		OPT_SHOW_BUILD,
+	};
+	struct poptOption long_options[] = {
+		POPT_AUTOHELP
+		{
+			.longName   = "model",
+			.shortName  = 'M',
+			.argInfo    = POPT_ARG_STRING,
+			.val        = OPT_PROCESS_MODEL,
+			.descrip    = "Select process model",
+			.argDescrip = "MODEL",
+		},
+		{
+			.longName   = "maximum-runtime",
+			.argInfo    = POPT_ARG_INT,
+			.arg        = &max_runtime,
+			.descrip    = "set maximum runtime of the server process, "
+			              "till autotermination",
+			.argDescrip = "seconds"
+		},
+		{
+			.longName   = "show-build",
+			.shortName  = 'b',
+			.argInfo    = POPT_ARG_NONE,
+			.val        = OPT_SHOW_BUILD,
+			.descrip    = "show build info",
+		},
+		POPT_COMMON_SAMBA
+		POPT_COMMON_DAEMON
+		POPT_COMMON_VERSION
+		POPT_TABLEEND
+	};
+	struct server_state *state = NULL;
+	struct tevent_signal *se = NULL;
+	struct samba_tevent_trace_state *samba_tevent_trace_state = NULL;
+	struct loadparm_context *lp_ctx = NULL;
+	bool ok;
+
+	setproctitle("root process");
+
+	ok = samba_cmdline_init(mem_ctx,
+				SAMBA_CMDLINE_CONFIG_SERVER,
+				true /* require_smbconf */);
+	if (!ok) {
+		DBG_ERR("Failed to init cmdline parser!\n");
+		TALLOC_FREE(mem_ctx);
+		exit(1);
+	}
+
+	cmdline_daemon_cfg = samba_cmdline_get_daemon_cfg();
+
+	pc = samba_popt_get_context(binary_name,
+				    argc,
+				    argv,
+				    long_options,
+				    0);
+	if (pc == NULL) {
+		DBG_ERR("Failed to setup popt context!\n");
+		TALLOC_FREE(mem_ctx);
+		exit(1);
+	}
+
+	while((opt = poptGetNextOpt(pc)) != -1) {
+		switch(opt) {
+		case OPT_PROCESS_MODEL:
+			model = poptGetOptArg(pc);
+			break;
+		case OPT_SHOW_BUILD:
+			show_build();
+			break;
+		default:
+			fprintf(stderr, "\nInvalid option %s: %s\n\n",
+				  poptBadOption(pc, 0), poptStrerror(opt));
+			poptPrintUsage(pc, stderr, 0);
+			return 1;
+		}
+	}
+
+	if (cmdline_daemon_cfg->daemon && cmdline_daemon_cfg->interactive) {
+		fprintf(stderr,"\nERROR: "
+			"Option -i|--interactive is "
+			"not allowed together with -D|--daemon\n\n");
+		poptPrintUsage(pc, stderr, 0);
+		return 1;
+	} else if (!cmdline_daemon_cfg->interactive &&
+		   cmdline_daemon_cfg->fork) {
+		/* default is --daemon */
+		cmdline_daemon_cfg->daemon = true;
+	}
+
+	poptFreeContext(pc);
+
+	lp_ctx = samba_cmdline_get_lp_ctx();
+
+	talloc_enable_null_tracking();
+
+	setup_signals();
+
+	/* we want total control over the permissions on created files,
+	   so set our umask to 0 */
+	umask(0);
+
+	DBG_STARTUP_NOTICE("%s version %s started.\n%s\n",
+			   binary_name,
+			   SAMBA_VERSION_STRING,
+			   SAMBA_COPYRIGHT_STRING);
+
+	if (sizeof(uint16_t) < 2 ||
+			sizeof(uint32_t) < 4 ||
+			sizeof(uint64_t) < 8) {
+		DEBUG(0,("ERROR: Samba is not configured correctly "
+			"for the word size on your machine\n"));
+		DEBUGADD(0,("sizeof(uint16_t) = %u, sizeof(uint32_t) %u, "
+			"sizeof(uint64_t) = %u\n",
+			(unsigned int)sizeof(uint16_t),
+			(unsigned int)sizeof(uint32_t),
+			(unsigned int)sizeof(uint64_t)));
+		return 1;
+	}
+
+	if (cmdline_daemon_cfg->daemon) {
+		DBG_NOTICE("Becoming a daemon.\n");
+		become_daemon(cmdline_daemon_cfg->fork,
+			      cmdline_daemon_cfg->no_process_group,
+			      false);
+	} else if (!cmdline_daemon_cfg->interactive) {
+		daemon_status("samba", "Starting process...");
+	}
+
+	/* Create the memory context to hang everything off. */
+	state = talloc_zero(mem_ctx, struct server_state);
+	if (state == NULL) {
+		exit_daemon("Samba cannot create server state", ENOMEM);
+		/*
+		 * return is never reached but is here to satisfy static
+		 * checkers
+		 */
+		return 1;
+	};
+	state->binary_name = binary_name;
+
+	cleanup_tmp_files(lp_ctx);
+
+	if (!directory_exist(lpcfg_lock_directory(lp_ctx))) {
+		mkdir(lpcfg_lock_directory(lp_ctx), 0755);
+	}
+
+	if (!directory_exist(lpcfg_pid_directory(lp_ctx))) {
+		mkdir(lpcfg_pid_directory(lp_ctx), 0755);
+	}
+
+	pidfile_create(lpcfg_pid_directory(lp_ctx), binary_name);
+
+	if (lpcfg_server_role(lp_ctx) == ROLE_ACTIVE_DIRECTORY_DC) {
+		if (!open_schannel_session_store(state,
+				lp_ctx)) {
+			TALLOC_FREE(state);
+			exit_daemon("Samba cannot open schannel store "
+				"for secured NETLOGON operations.", EACCES);
+			/*
+			 * return is never reached but is here to satisfy static
+			 * checkers
+			 */
+			return 1;
+		}
+	}
+
+	/* make sure we won't go through nss_winbind */
+	if (!winbind_off()) {
+		TALLOC_FREE(state);
+		exit_daemon("Samba failed to disable recursive "
+			"winbindd calls.", EACCES);
+		/*
+		 * return is never reached but is here to satisfy static
+		 * checkers
+		 */
+		return 1;
+	}
+
+	gensec_init(); /* FIXME: */
+
+	process_model_init(lp_ctx);
+
+	samba_service_init();
+
+	/* the event context is the top level structure in smbd. Everything else
+	   should hang off that */
+	state->event_ctx = s4_event_context_init(state);
+
+	if (state->event_ctx == NULL) {
+		TALLOC_FREE(state);
+		exit_daemon("Initializing event context failed", EACCES);
+		/*
+		 * return is never reached but is here to satisfy static
+		 * checkers
+		 */
+		return 1;
+	}
+
+	talloc_set_destructor(state->event_ctx, event_ctx_destructor);
+
+	samba_tevent_trace_state = create_samba_tevent_trace_state(state);
+	if (samba_tevent_trace_state == NULL) {
+		exit_daemon("Samba failed to setup tevent tracing state",
+			    ENOTTY);
+		/*
+		 * return is never reached but is here to satisfy static
+		 * checkers
+		 */
+		return 1;
+	}
+
+	tevent_set_trace_callback(state->event_ctx,
+				  samba_tevent_trace_callback,
+				  samba_tevent_trace_state);
+
+	if (cmdline_daemon_cfg->interactive) {
+		/* terminate when stdin goes away */
+		stdin_event_flags = TEVENT_FD_READ;
+	} else {
+		/* stay alive forever */
+		stdin_event_flags = 0;
+	}
+
+#ifdef HAVE_SETPGID
+	/*
+	 * If we're interactive we want to set our own process group for
+	 * signal management, unless --no-process-group specified.
+	 */
+	if (cmdline_daemon_cfg->interactive &&
+	    !cmdline_daemon_cfg->no_process_group)
+	{
+		setpgid((pid_t)0, (pid_t)0);
+	}
+#endif
+
+	/* catch EOF on stdin */
+#ifdef SIGTTIN
+	signal(SIGTTIN, SIG_IGN);
+#endif
+
+	if (fstat(0, &st) != 0) {
+		TALLOC_FREE(state);
+		exit_daemon("Samba failed to set standard input handler",
+				ENOTTY);
+		/*
+		 * return is never reached but is here to satisfy static
+		 * checkers
+		 */
+		return 1;
+	}
+
+	if (S_ISFIFO(st.st_mode) || S_ISSOCK(st.st_mode)) {
+		struct tevent_fd *fde = tevent_add_fd(state->event_ctx,
+				state->event_ctx,
+				0,
+				stdin_event_flags,
+				server_stdin_handler,
+				state);
+		if (fde == NULL) {
+			TALLOC_FREE(state);
+			exit_daemon("Initializing stdin failed", ENOMEM);
+			/*
+			 * return is never reached but is here to
+			 * satisfy static checkers
+			 */
+			return 1;
+		}
+	}
+
+	if (max_runtime) {
+		struct tevent_timer *te;
+		DBG_NOTICE("%s PID %d was called with maxruntime %d - "
+			"current ts %llu\n",
+			binary_name, (int)getpid(),
+			max_runtime, (unsigned long long) time(NULL));
+		te = tevent_add_timer(state->event_ctx, state->event_ctx,
+				 timeval_current_ofs(max_runtime, 0),
+				 max_runtime_handler,
+				 state);
+		if (te == NULL) {
+			TALLOC_FREE(state);
+			exit_daemon("Maxruntime handler failed", ENOMEM);
+			/*
+			 * return is never reached but is here to
+			 * satisfy static checkers
+			 */
+			return 1;
+		}
+	}
+
+	se = tevent_add_signal(state->event_ctx,
+				state->event_ctx,
+				SIGTERM,
+				0,
+				sigterm_signal_handler,
+				state);
+	if (se == NULL) {
+		TALLOC_FREE(state);
+		exit_daemon("Initialize SIGTERM handler failed", ENOMEM);
+		/*
+		 * return is never reached but is here to satisfy static
+		 * checkers
+		 */
+		return 1;
+	}
+
+	se = tevent_add_signal(state->event_ctx,
+				state->event_ctx,
+				SIGHUP,
+				0,
+				sighup_signal_handler,
+				state);
+	if (se == NULL) {
+		TALLOC_FREE(state);
+		exit_daemon("Initialize SIGHUP handler failed", ENOMEM);
+		/*
+		 * return is never reached but is here to satisfy static
+		 * checkers
+		 */
+		return 1;
+	}
+
+	if (lpcfg_server_role(lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC
+	    && !lpcfg_parm_bool(lp_ctx, NULL,
+			"server role check", "inhibit", false)
+	    && !str_list_check_ci(lpcfg_server_services(lp_ctx), "smb")
+	    && !str_list_check_ci(lpcfg_dcerpc_endpoint_servers(lp_ctx),
+			"remote")
+	    && !str_list_check_ci(lpcfg_dcerpc_endpoint_servers(lp_ctx),
+			"mapiproxy")) {
+		DEBUG(0, ("At this time the 'samba' binary should only be used "
+			"for either:\n"));
+		DEBUGADD(0, ("'server role = active directory domain "
+			"controller' or the rpc proxy "
+			"with 'dcerpc endpoint servers = remote'\n"));
+		DEBUGADD(0, ("You should start smbd/nmbd/winbindd instead for "
+			"domain member and standalone file server tasks\n"));
+		exit_daemon("Samba detected misconfigured 'server role' "
+			"and exited. Check logs for details", EINVAL);
+	};
+
+	ret = prime_ldb_databases(state->event_ctx, &db_is_backup);
+	if (ret != LDB_SUCCESS) {
+		TALLOC_FREE(state);
+		exit_daemon("Samba failed to prime database", EINVAL);
+		/*
+		 * return is never reached but is here to satisfy static
+		 * checkers
+		 */
+		return 1;
+	}
+
+	if (db_is_backup) {
+		TALLOC_FREE(state);
+		exit_daemon("Database is a backup. Please run samba-tool domain"
+			    " backup restore", EINVAL);
+		/*
+		 * return is never reached but is here to satisfy static
+		 * checkers
+		 */
+		return 1;
+	}
+
+	status = setup_parent_messaging(state, lp_ctx);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(state);
+		exit_daemon("Samba failed to setup parent messaging",
+			NT_STATUS_V(status));
+		/*
+		 * return is never reached but is here to satisfy static
+		 * checkers
+		 */
+		return 1;
+	}
+
+	DBG_NOTICE("%s: using '%s' process model\n", binary_name, model);
+
+	{
+		int child_pipe[2];
+		int rc;
+		bool start_services = false;
+
+		rc = pipe(child_pipe);
+		if (rc < 0) {
+			TALLOC_FREE(state);
+			exit_daemon("Samba failed to open process control pipe",
+				    errno);
+			/*
+			 * return is never reached but is here to satisfy static
+			 * checkers
+			 */
+			return 1;
+		}
+		smb_set_close_on_exec(child_pipe[0]);
+		smb_set_close_on_exec(child_pipe[1]);
+
+#ifdef HAVE_PTHREAD
+		to_children_fd = child_pipe[1];
+		pthread_atfork(atfork_prepare, atfork_parent,
+			       atfork_child);
+		start_services = true;
+#else
+		pid_t pid;
+		struct tfork *t = NULL;
+		t = tfork_create();
+		if (t == NULL) {
+			exit_daemon(
+				"Samba unable to fork master process",
+				0);
+		}
+		pid = tfork_child_pid(t);
+		if (pid == 0) {
+			start_services = false;
+		} else {
+			/* In the child process */
+			start_services = true;
+			close(child_pipe[1]);
+		}
+#endif
+		if (start_services) {
+			status = server_service_startup(
+				state->event_ctx, lp_ctx, model,
+				lpcfg_server_services(lp_ctx),
+				child_pipe[0]);
+			if (!NT_STATUS_IS_OK(status)) {
+				TALLOC_FREE(state);
+				exit_daemon("Samba failed to start services",
+				NT_STATUS_V(status));
+				/*
+				 * return is never reached but is here to
+				 * satisfy static checkers
+				 */
+				return 1;
+			}
+		}
+	}
+
+	if (!cmdline_daemon_cfg->interactive) {
+		daemon_ready("samba");
+	}
+
+	/* wait for events - this is where smbd sits for most of its
+	   life */
+	tevent_loop_wait(state->event_ctx);
+
+	/* as everything hangs off this state->event context, freeing state
+	   will initiate a clean shutdown of all services */
+	TALLOC_FREE(state);
+
+	return 0;
+}
+
+int main(int argc, const char *argv[])
+{
+	TALLOC_CTX *mem_ctx = NULL;
+	int rc;
+
+	mem_ctx = talloc_init("samba/server.c#main");
+	if (mem_ctx == NULL) {
+		exit(ENOMEM);
+	}
+
+	setproctitle_init(argc, discard_const(argv), environ);
+
+	rc = binary_smbd_main(mem_ctx, "samba", argc, argv);
+
+	TALLOC_FREE(mem_ctx);
+	return rc;
+}
diff --git a/source4/samba/server_util.c b/source4/samba/server_util.c
new file mode 100644
index 0000000..282ad9b
--- /dev/null
+++ b/source4/samba/server_util.c
@@ -0,0 +1,94 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Utility routines
+
+   Copyright (C) 2020 Ralph Boehme <slow@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/tevent/tevent.h"
+#include "lib/util/unix_privs.h"
+#include "server_util.h"
+
+struct samba_tevent_trace_state {
+	size_t events;
+	time_t last_logsize_check;
+};
+
+struct samba_tevent_trace_state *create_samba_tevent_trace_state(
+	TALLOC_CTX *mem_ctx)
+{
+	return talloc_zero(mem_ctx, struct samba_tevent_trace_state);
+}
+
+void samba_tevent_trace_callback(enum tevent_trace_point point,
+				 void *private_data)
+{
+	struct samba_tevent_trace_state *state =
+		talloc_get_type_abort(private_data,
+				      struct samba_tevent_trace_state);
+	time_t now = time(NULL);
+	bool do_check_logs = false;
+	void *priv = NULL;
+
+	switch (point) {
+	case TEVENT_TRACE_BEFORE_WAIT:
+		break;
+	default:
+		return;
+	}
+
+	state->events++;
+
+	/*
+	 * Throttling by some random numbers. smbd uses a similar logic
+	 * checking every 50 SMB requests. Assuming 4 events per request
+	 * we get to the number of 200.
+	 */
+	if ((state->events % 200) == 0) {
+		do_check_logs = true;
+	}
+	/*
+	 * Throttling by some delay, choosing 29 to avoid lockstep with
+	 * the default tevent tickle timer.
+	 */
+	if ((state->last_logsize_check + 29) < now) {
+		do_check_logs = true;
+	}
+
+	if (!do_check_logs) {
+		return;
+	}
+
+	/*
+	 * need_to_check_log_size() checks both the number of messages
+	 * that have been logged and if the logging backend is actually
+	 * going to file. We want to bypass the "number of messages"
+	 * check, so we have to call force_check_log_size() before.
+	 */
+	force_check_log_size();
+	if (!need_to_check_log_size()) {
+		return;
+	}
+
+	priv = root_privileges();
+	check_log_size();
+	TALLOC_FREE(priv);
+
+	state->last_logsize_check = now;
+	return;
+}
diff --git a/source4/samba/server_util.h b/source4/samba/server_util.h
new file mode 100644
index 0000000..08c09cc
--- /dev/null
+++ b/source4/samba/server_util.h
@@ -0,0 +1,33 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Utility routines
+
+   Copyright (C) 2020 Ralph Boehme <slow@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef SAMBA_SERVER_UTIL_H
+#define SAMBA_SERVER_UTIL_H
+
+struct samba_tevent_trace_state;
+
+struct samba_tevent_trace_state *create_samba_tevent_trace_state(
+	TALLOC_CTX *mem_ctx);
+
+void samba_tevent_trace_callback(enum tevent_trace_point point,
+				 void *private_data);
+
+#endif
diff --git a/source4/samba/service.c b/source4/samba/service.c
new file mode 100644
index 0000000..2ad6c8f
--- /dev/null
+++ b/source4/samba/service.c
@@ -0,0 +1,140 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   SERVER SERVICE code
+
+   Copyright (C) Andrew Tridgell 2003-2005
+   Copyright (C) Stefan (metze) Metzmacher	2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "../lib/util/dlinklist.h"
+#include "samba/process_model.h"
+#include "lib/util/samba_modules.h"
+
+#undef strcasecmp
+
+/*
+  a linked list of registered servers
+*/
+static struct registered_server {
+	struct registered_server *next, *prev;
+	const char *service_name;
+	const struct service_details *service_details;
+} *registered_servers;
+
+/*
+  register a server service. 
+*/
+NTSTATUS register_server_service(TALLOC_CTX *ctx,
+				const char *name,
+				const struct service_details *details)
+{
+	struct registered_server *srv;
+	srv = talloc(ctx, struct registered_server);
+	NT_STATUS_HAVE_NO_MEMORY(srv);
+	srv->service_name = name;
+	srv->service_details =
+		talloc_memdup(ctx, details, sizeof(struct service_details));
+	NT_STATUS_HAVE_NO_MEMORY(srv->service_details);
+	DLIST_ADD_END(registered_servers, srv);
+	return NT_STATUS_OK;
+}
+
+
+/*
+  initialise a server service
+*/
+static NTSTATUS server_service_init(const char *name,
+				    struct tevent_context *event_context,
+				    struct loadparm_context *lp_ctx,
+				    const struct model_ops *model_ops,
+				    int from_parent_fd)
+{
+	struct registered_server *srv;
+	for (srv=registered_servers; srv; srv=srv->next) {
+		if (strcasecmp(name, srv->service_name) == 0) {
+			return task_server_startup(event_context, lp_ctx,
+						   srv->service_name,
+						   model_ops,
+						   srv->service_details,
+						   from_parent_fd);
+		}
+	}
+	return NT_STATUS_INVALID_SYSTEM_SERVICE;
+}
+
+
+/*
+  startup all of our server services
+*/
+NTSTATUS server_service_startup(struct tevent_context *event_ctx,
+				struct loadparm_context *lp_ctx,
+				const char *model, const char **server_services,
+				int from_parent_fd)
+{
+	int i;
+	const struct model_ops *model_ops;
+
+	if (!server_services) {
+		DBG_ERR("server_service_startup: "
+			"no endpoint servers configured\n");
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	model_ops = process_model_startup(model);
+	if (!model_ops) {
+		DBG_ERR("process_model_startup('%s') failed\n", model);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	for (i=0;server_services[i];i++) {
+		NTSTATUS status;
+
+		status = server_service_init(server_services[i], event_ctx,
+					     lp_ctx, model_ops, from_parent_fd);
+		if (!NT_STATUS_IS_OK(status)) {
+			DBG_ERR("Failed to start service '%s' - %s\n",
+				 server_services[i], nt_errstr(status));
+		}
+		NT_STATUS_NOT_OK_RETURN(status);
+	}
+
+	return NT_STATUS_OK;
+}
+
+_PUBLIC_ NTSTATUS samba_service_init(void)
+{
+#define _MODULE_PROTO(init) extern NTSTATUS init(TALLOC_CTX *);
+	STATIC_service_MODULES_PROTO;
+	init_module_fn static_init[] = { STATIC_service_MODULES };
+	init_module_fn *shared_init = NULL;
+	static bool initialised;
+
+	if (initialised) {
+		return NT_STATUS_OK;
+	}
+	initialised = true;
+
+	shared_init = load_samba_modules(NULL, "service");
+
+	run_init_functions(NULL, static_init);
+	run_init_functions(NULL, shared_init);
+
+	TALLOC_FREE(shared_init);
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/samba/service.h b/source4/samba/service.h
new file mode 100644
index 0000000..35e3f51
--- /dev/null
+++ b/source4/samba/service.h
@@ -0,0 +1,111 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   SERVER SERVICE code
+
+   Copyright (C) Andrew Tridgell 2003-2005
+   Copyright (C) Stefan (metze) Metzmacher	2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __SERVICE_H__
+#define __SERVICE_H__
+
+
+#include "samba/service_stream.h"
+#include "samba/service_task.h"
+
+struct process_details {
+	unsigned int instances;
+};
+
+static const struct process_details initial_process_details = {
+	.instances = 0
+};
+
+struct service_details {
+	/*
+	 * Prevent the standard process model from forking a new worker
+	 * process when accepting a new connection.  Do this when the service
+	 * relies on shared state, or the over-head of forking would be a
+	 * significant part of the response time
+	 */
+	bool inhibit_fork_on_accept;
+	/*
+	 * Prevent the pre-fork process model from pre-forking any worker
+	 * processes. In this mode pre-fork is equivalent to standard with
+	 * inhibit_fork_on_accept set.
+	 */
+	bool inhibit_pre_fork;
+	/*
+	 * Initialise the server task.
+	 */
+	NTSTATUS (*task_init) (struct task_server *);
+	/*
+	 * post fork processing this is called:
+	 *   - standard process model
+	 *      immediately after the task_init.
+	 *
+	 *   - single process model
+	 *     immediately after the task_init
+	 *
+	 *   - prefork process model, inhibit_pre_fork = true
+	 *     immediately after the task_init
+	 *
+	 *   - prefork process model, inhibit_pre_fork = false
+	 *     after each service worker has forked. It is not run on the
+	 *      service master process.
+	 *
+	 *   The post fork hook is not called in the standard model if a new
+	 *   process is forked on a new connection. It is instead called
+	 *   immediately after the task_init.
+	 */
+	void (*post_fork) (struct task_server *, struct process_details *);
+	/*
+	 * This is called before entering the tevent_loop_wait():
+	 *
+	 * Note that task_server->msg_ctx, task_server->event_ctx
+	 * and maybe other fields might have changed compared to
+	 * task_init()/post_fork(). The struct task_server pointer
+	 * may also change!
+	 *
+	 * before loop processing this is called in this order:
+	 *   - standard process model
+	 *     task_init() -> post_fork() -> before_loop()
+	 *
+	 *   - single process model
+	 *     task_init() -> post_fork() -> before_loop()
+	 *
+	 *   - prefork process model, inhibit_pre_fork = true
+	 *     task_init() -> post_fork() -> before_loop()
+	 *
+	 *   - prefork process model, inhibit_pre_fork = false
+	 *     In the service master process:
+	 *      task_init(master) -> before_loop(master)
+	 *
+	 *     After each service worker has forked:
+	 *      post_fork(worker) -> before_loop(worker)
+	 *
+	 * This gives the service a chance to register messaging
+	 * and/or event handlers on the correct contexts.
+	 */
+	void (*before_loop) (struct task_server *);
+};
+
+NTSTATUS samba_service_init(void);
+
+#include "samba/service_proto.h"
+
+#endif /* __SERVICE_H__ */
diff --git a/source4/samba/service_named_pipe.c b/source4/samba/service_named_pipe.c
new file mode 100644
index 0000000..bf2350c
--- /dev/null
+++ b/source4/samba/service_named_pipe.c
@@ -0,0 +1,290 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   helper functions for NAMED PIPE servers
+
+   Copyright (C) Stefan (metze) Metzmacher	2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <tevent.h>
+#include "samba/service.h"
+#include "param/param.h"
+#include "auth/auth.h"
+#include "auth/session.h"
+#include "auth/auth_sam_reply.h"
+#include "lib/socket/socket.h"
+#include "lib/tsocket/tsocket.h"
+#include "libcli/util/tstream.h"
+#include "librpc/gen_ndr/ndr_named_pipe_auth.h"
+#include "system/passwd.h"
+#include "system/network.h"
+#include "libcli/raw/smb.h"
+#include "auth/session.h"
+#include "libcli/security/security.h"
+#include "libcli/named_pipe_auth/npa_tstream.h"
+
+struct named_pipe_socket {
+	const char *pipe_name;
+	const char *pipe_path;
+	const struct stream_server_ops *ops;
+	void *private_data;
+};
+
+static void named_pipe_accept_done(struct tevent_req *subreq);
+
+static void named_pipe_accept(struct stream_connection *conn)
+{
+	struct tstream_context *plain_tstream;
+	int fd;
+	struct tevent_req *subreq;
+	int ret;
+
+	/* Let tstream take over fd operations */
+
+	fd = socket_get_fd(conn->socket);
+	socket_set_flags(conn->socket, SOCKET_FLAG_NOCLOSE);
+	TALLOC_FREE(conn->event.fde);
+	TALLOC_FREE(conn->socket);
+
+	ret = tstream_bsd_existing_socket(conn, fd, &plain_tstream);
+	if (ret != 0) {
+		stream_terminate_connection(conn,
+				"named_pipe_accept: out of memory");
+		return;
+	}
+	/* as server we want to fail early */
+	tstream_bsd_fail_readv_first_error(plain_tstream, true);
+
+	subreq = tstream_npa_accept_existing_send(conn, conn->event.ctx,
+						  plain_tstream,
+						  FILE_TYPE_MESSAGE_MODE_PIPE,
+						  0xff | 0x0400 | 0x0100,
+						  4096);
+	if (subreq == NULL) {
+		stream_terminate_connection(conn,
+			"named_pipe_accept: "
+			"no memory for tstream_npa_accept_existing_send");
+		return;
+	}
+	tevent_req_set_callback(subreq, named_pipe_accept_done, conn);
+}
+
+static void named_pipe_accept_done(struct tevent_req *subreq)
+{
+	struct stream_connection *conn = tevent_req_callback_data(subreq,
+						struct stream_connection);
+	struct named_pipe_socket *pipe_sock =
+				talloc_get_type(conn->private_data,
+						struct named_pipe_socket);
+	enum dcerpc_transport_t transport;
+	struct tsocket_address *remote_client_addr;
+	char *remote_client_name;
+	struct tsocket_address *local_server_addr;
+	char *local_server_name;
+	struct auth_session_info_transport *session_info_transport;
+	const char *reason = NULL;
+	TALLOC_CTX *tmp_ctx;
+	int error;
+	int ret;
+
+	tmp_ctx = talloc_new(conn);
+	if (!tmp_ctx) {
+		reason = "Out of memory!\n";
+		goto out;
+	}
+
+	ret = tstream_npa_accept_existing_recv(subreq, &error, tmp_ctx,
+					       &conn->tstream,
+					       NULL,
+					       &transport,
+					       &remote_client_addr,
+					       &remote_client_name,
+					       &local_server_addr,
+					       &local_server_name,
+					       &session_info_transport);
+	TALLOC_FREE(subreq);
+	if (ret != 0) {
+		reason = talloc_asprintf(conn,
+					 "tstream_npa_accept_existing_recv()"
+					 " failed: %s", strerror(error));
+		goto out;
+	}
+
+	conn->local_address = talloc_move(conn, &local_server_addr);
+	conn->remote_address = talloc_move(conn, &remote_client_addr);
+
+	DBG_DEBUG("Accepted npa connection from %s. "
+		  "Client: %s (%s). Server: %s (%s)\n",
+		  tsocket_address_string(conn->remote_address, tmp_ctx),
+		  local_server_name,
+		  tsocket_address_string(local_server_addr, tmp_ctx),
+		  remote_client_name,
+		  tsocket_address_string(remote_client_addr, tmp_ctx));
+
+	conn->session_info = auth_session_info_from_transport(conn, session_info_transport,
+							      conn->lp_ctx,
+							      &reason);
+	if (!conn->session_info) {
+		goto out;
+	}
+
+	if (transport == NCACN_NP) {
+		if (security_token_is_system(conn->session_info->security_token)) {
+			reason = talloc_asprintf(
+				conn,
+				"System token not allowed on transport %d\n",
+				transport);
+			goto out;
+		}
+	} else if (transport == NCALRPC) {
+		/*
+		 * TODO:
+		 * we should somehow remember the given transport on
+		 * the connection, but that's a task for another day
+		 * as it's not trivial to do...
+		 */
+	} else {
+		reason = talloc_asprintf(
+			conn,
+			"Only allow NCACN_NP or NCALRPC transport on named pipes, "
+			"got %d\n",
+			(int)transport);
+		goto out;
+	}
+
+	/*
+	 * hand over to the real pipe implementation,
+	 * now that we have setup the transport session_info
+	 */
+	conn->ops = pipe_sock->ops;
+	conn->private_data = pipe_sock->private_data;
+	conn->ops->accept_connection(conn);
+
+	DBG_DEBUG("named pipe connection [%s] established\n", conn->ops->name);
+
+	talloc_free(tmp_ctx);
+	return;
+
+out:
+	talloc_free(tmp_ctx);
+	if (!reason) {
+		reason = "Internal error";
+	}
+	stream_terminate_connection(conn, reason);
+}
+
+/*
+  called when a pipe socket becomes readable
+*/
+static void named_pipe_recv(struct stream_connection *conn, uint16_t flags)
+{
+	stream_terminate_connection(conn, "named_pipe_recv: called");
+}
+
+/*
+  called when a pipe socket becomes writable
+*/
+static void named_pipe_send(struct stream_connection *conn, uint16_t flags)
+{
+	stream_terminate_connection(conn, "named_pipe_send: called");
+}
+
+static const struct stream_server_ops named_pipe_stream_ops = {
+	.name			= "named_pipe",
+	.accept_connection	= named_pipe_accept,
+	.recv_handler		= named_pipe_recv,
+	.send_handler		= named_pipe_send,
+};
+
+NTSTATUS tstream_setup_named_pipe(TALLOC_CTX *mem_ctx,
+				  struct tevent_context *event_context,
+				  struct loadparm_context *lp_ctx,
+				  const struct model_ops *model_ops,
+				  const struct stream_server_ops *stream_ops,
+				  const char *pipe_name,
+				  void *private_data,
+				  void *process_context)
+{
+	char *dirname;
+	struct named_pipe_socket *pipe_sock;
+	NTSTATUS status = NT_STATUS_NO_MEMORY;;
+
+	pipe_sock = talloc(mem_ctx, struct named_pipe_socket);
+	if (pipe_sock == NULL) {
+		goto fail;
+	}
+
+	/* remember the details about the pipe */
+	pipe_sock->pipe_name	= strlower_talloc(pipe_sock, pipe_name);
+	if (pipe_sock->pipe_name == NULL) {
+		goto fail;
+	}
+
+	if (!directory_create_or_exist(lpcfg_ncalrpc_dir(lp_ctx), 0755)) {
+		status = map_nt_error_from_unix_common(errno);
+		DBG_ERR("Failed to create ncalrpc pipe directory '%s' - %s\n",
+			lpcfg_ncalrpc_dir(lp_ctx), nt_errstr(status));
+		goto fail;
+	}
+
+	dirname = talloc_asprintf(pipe_sock, "%s/np", lpcfg_ncalrpc_dir(lp_ctx));
+	if (dirname == NULL) {
+		goto fail;
+	}
+
+	if (!directory_create_or_exist_strict(dirname, geteuid(), 0700)) {
+		status = map_nt_error_from_unix_common(errno);
+		DBG_ERR("Failed to create stream pipe directory '%s' - %s\n",
+			dirname, nt_errstr(status));
+		goto fail;
+	}
+
+	if (strncmp(pipe_name, "\\pipe\\", 6) == 0) {
+		pipe_name += 6;
+	}
+
+	pipe_sock->pipe_path = talloc_asprintf(pipe_sock, "%s/%s", dirname,
+					       pipe_name);
+	if (pipe_sock->pipe_path == NULL) {
+		goto fail;
+	}
+
+	talloc_free(dirname);
+
+	pipe_sock->ops = stream_ops;
+	pipe_sock->private_data	= private_data;
+
+	status = stream_setup_socket(pipe_sock,
+				     event_context,
+				     lp_ctx,
+				     model_ops,
+				     &named_pipe_stream_ops,
+				     "unix",
+				     pipe_sock->pipe_path,
+				     NULL,
+				     NULL,
+				     pipe_sock,
+				     process_context);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto fail;
+	}
+	return NT_STATUS_OK;
+
+ fail:
+	talloc_free(pipe_sock);
+	return status;
+}
diff --git a/source4/samba/service_stream.c b/source4/samba/service_stream.c
new file mode 100644
index 0000000..458ebcf
--- /dev/null
+++ b/source4/samba/service_stream.c
@@ -0,0 +1,413 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   helper functions for stream based servers
+
+   Copyright (C) Andrew Tridgell 2003-2005
+   Copyright (C) Stefan (metze) Metzmacher	2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <tevent.h>
+#include "process_model.h"
+#include "lib/util/server_id.h"
+#include "lib/messaging/irpc.h"
+#include "cluster/cluster.h"
+#include "param/param.h"
+#include "../lib/tsocket/tsocket.h"
+#include "lib/util/util_net.h"
+
+/* size of listen() backlog in smbd */
+#define SERVER_LISTEN_BACKLOG 10
+
+
+/*
+  private structure for a single listening stream socket
+*/
+struct stream_socket {
+	const struct stream_server_ops *ops;
+	struct loadparm_context *lp_ctx;
+	struct tevent_context *event_ctx;
+	const struct model_ops *model_ops;
+	struct socket_context *sock;
+	void *private_data;
+	void *process_context;
+};
+
+
+/*
+  close the socket and shutdown a stream_connection
+*/
+void stream_terminate_connection(struct stream_connection *srv_conn, const char *reason)
+{
+	struct tevent_context *event_ctx = srv_conn->event.ctx;
+	const struct model_ops *model_ops = srv_conn->model_ops;
+	struct loadparm_context *lp_ctx = srv_conn->lp_ctx;
+	void *process_context = srv_conn->process_context;
+	TALLOC_CTX *frame = NULL;
+
+	if (!reason) reason = "unknown reason";
+
+	if (srv_conn->processing) {
+		DBG_NOTICE("Terminating connection deferred - '%s'\n", reason);
+	} else {
+		DBG_NOTICE("Terminating connection - '%s'\n", reason);
+	}
+
+	srv_conn->terminate = reason;
+
+	if (srv_conn->processing) {
+		/* 
+		 * if we're currently inside the stream_io_handler(),
+		 * defer the termination to the end of stream_io_hendler()
+		 *
+		 * and we don't want to read or write to the connection...
+		 */
+		tevent_fd_set_flags(srv_conn->event.fde, 0);
+		return;
+	}
+
+	frame = talloc_stackframe();
+
+	reason = talloc_strdup(frame, reason);
+	if (reason == NULL) {
+		reason = "OOM - unknown reason";
+	}
+
+	TALLOC_FREE(srv_conn->event.fde);
+	imessaging_cleanup(srv_conn->msg_ctx);
+	TALLOC_FREE(srv_conn);
+	model_ops->terminate_connection(
+	    event_ctx, lp_ctx, reason, process_context);
+	TALLOC_FREE(frame);
+}
+
+/**
+  the select loop has indicated that a stream is ready for IO
+*/
+static void stream_io_handler(struct stream_connection *conn, uint16_t flags)
+{
+	conn->processing++;
+	if (flags & TEVENT_FD_WRITE) {
+		conn->ops->send_handler(conn, flags);
+	} else if (flags & TEVENT_FD_READ) {
+		conn->ops->recv_handler(conn, flags);
+	}
+	conn->processing--;
+
+	if (conn->terminate) {
+		stream_terminate_connection(conn, conn->terminate);
+	}
+}
+
+void stream_io_handler_fde(struct tevent_context *ev, struct tevent_fd *fde,
+				  uint16_t flags, void *private_data)
+{
+	struct stream_connection *conn = talloc_get_type(private_data,
+							 struct stream_connection);
+	stream_io_handler(conn, flags);
+}
+
+void stream_io_handler_callback(void *private_data, uint16_t flags)
+{
+	struct stream_connection *conn = talloc_get_type(private_data,
+							 struct stream_connection);
+	stream_io_handler(conn, flags);
+}
+
+/*
+  this creates a stream_connection from an already existing connection,
+  used for protocols, where a client connection needs to switched into
+  a server connection
+*/
+NTSTATUS stream_new_connection_merge(struct tevent_context *ev,
+				     struct loadparm_context *lp_ctx,
+				     const struct model_ops *model_ops,
+				     const struct stream_server_ops *stream_ops,
+				     struct imessaging_context *msg_ctx,
+				     void *private_data,
+				     struct stream_connection **_srv_conn,
+				     void *process_context)
+{
+	struct stream_connection *srv_conn;
+
+	srv_conn = talloc_zero(ev, struct stream_connection);
+	NT_STATUS_HAVE_NO_MEMORY(srv_conn);
+
+	srv_conn->private_data    = private_data;
+	srv_conn->model_ops       = model_ops;
+	srv_conn->socket	  = NULL;
+	srv_conn->server_id	  = cluster_id(0, 0);
+	srv_conn->ops             = stream_ops;
+	srv_conn->msg_ctx	  = msg_ctx;
+	srv_conn->event.ctx	  = ev;
+	srv_conn->lp_ctx	  = lp_ctx;
+	srv_conn->event.fde	  = NULL;
+	srv_conn->process_context = process_context;
+
+	*_srv_conn = srv_conn;
+	return NT_STATUS_OK;
+}
+
+/*
+  called when a new socket connection has been established. This is called in the process
+  context of the new process (if appropriate)
+*/
+static void stream_new_connection(struct tevent_context *ev,
+				  struct loadparm_context *lp_ctx,
+				  struct socket_context *sock, 
+				  struct server_id server_id,
+				  void *private_data,
+				  void *process_context)
+{
+	struct stream_socket *stream_socket = talloc_get_type(private_data, struct stream_socket);
+	struct stream_connection *srv_conn;
+
+	srv_conn = talloc_zero(ev, struct stream_connection);
+	if (!srv_conn) {
+		DBG_ERR("talloc(mem_ctx, struct stream_connection) failed\n");
+		return;
+	}
+
+	talloc_steal(srv_conn, sock);
+
+	srv_conn->private_data	  = stream_socket->private_data;
+	srv_conn->model_ops       = stream_socket->model_ops;
+	srv_conn->socket	  = sock;
+	srv_conn->server_id	  = server_id;
+	srv_conn->ops             = stream_socket->ops;
+	srv_conn->event.ctx	  = ev;
+	srv_conn->lp_ctx	  = lp_ctx;
+	srv_conn->process_context = process_context;
+
+	if (!socket_check_access(sock, "smbd", lpcfg_hosts_allow(NULL, lpcfg_default_service(lp_ctx)), lpcfg_hosts_deny(NULL, lpcfg_default_service(lp_ctx)))) {
+		stream_terminate_connection(srv_conn, "denied by access rules");
+		return;
+	}
+
+	srv_conn->event.fde	= tevent_add_fd(ev, srv_conn, socket_get_fd(sock),
+						0, stream_io_handler_fde, srv_conn);
+	if (!srv_conn->event.fde) {
+		stream_terminate_connection(srv_conn, "tevent_add_fd() failed");
+		return;
+	}
+
+	/* setup to receive internal messages on this connection */
+	srv_conn->msg_ctx = imessaging_init(srv_conn,
+					    lp_ctx,
+					    srv_conn->server_id, ev);
+	if (!srv_conn->msg_ctx) {
+		stream_terminate_connection(srv_conn, "imessaging_init() failed");
+		return;
+	}
+
+	srv_conn->remote_address = socket_get_remote_addr(srv_conn->socket, srv_conn);
+	if (!srv_conn->remote_address) {
+		stream_terminate_connection(srv_conn, "socket_get_remote_addr() failed");
+		return;
+	}
+
+	srv_conn->local_address = socket_get_local_addr(srv_conn->socket, srv_conn);
+	if (!srv_conn->local_address) {
+		stream_terminate_connection(srv_conn, "socket_get_local_addr() failed");
+		return;
+	}
+
+	{
+		TALLOC_CTX *tmp_ctx;
+		const char *title;
+		struct server_id_buf idbuf;
+
+		tmp_ctx = talloc_new(srv_conn);
+
+		title = talloc_asprintf(tmp_ctx, "conn[%s] c[%s] s[%s] server_id[%s]",
+					stream_socket->ops->name, 
+					tsocket_address_string(srv_conn->remote_address, tmp_ctx),
+					tsocket_address_string(srv_conn->local_address, tmp_ctx),
+					server_id_str_buf(server_id, &idbuf));
+		if (title) {
+			stream_connection_set_title(srv_conn, title);
+		}
+		talloc_free(tmp_ctx);
+	}
+
+	/* we're now ready to start receiving events on this stream */
+	TEVENT_FD_READABLE(srv_conn->event.fde);
+
+	/* call the server specific accept code */
+	stream_socket->ops->accept_connection(srv_conn);
+}
+
+
+/*
+  called when someone opens a connection to one of our listening ports
+*/
+static void stream_accept_handler(struct tevent_context *ev, struct tevent_fd *fde, 
+				  uint16_t flags, void *private_data)
+{
+	struct stream_socket *stream_socket = talloc_get_type(private_data, struct stream_socket);
+
+	/* ask the process model to create us a process for this new
+	   connection.  When done, it calls stream_new_connection()
+	   with the newly created socket */
+	stream_socket->model_ops->accept_connection(
+		ev,
+		stream_socket->lp_ctx,
+		stream_socket->sock,
+		stream_new_connection,
+		stream_socket,
+		stream_socket->process_context);
+}
+
+/*
+  setup a listen stream socket
+  if you pass *port == 0, then a port > 1024 is used
+
+  FIXME: This function is TCP/IP specific - uses an int rather than 
+  	 a string for the port. Should leave allocating a port nr 
+         to the socket implementation - JRV20070903
+ */
+NTSTATUS stream_setup_socket(TALLOC_CTX *mem_ctx,
+			     struct tevent_context *event_context,
+			     struct loadparm_context *lp_ctx,
+			     const struct model_ops *model_ops,
+			     const struct stream_server_ops *stream_ops,
+			     const char *family,
+			     const char *sock_addr,
+			     uint16_t *port,
+			     const char *socket_options,
+			     void *private_data,
+			     void *process_context)
+{
+	NTSTATUS status;
+	struct stream_socket *stream_socket;
+	struct socket_address *socket_address;
+	struct tevent_fd *fde;
+	int i;
+	struct sockaddr_storage ss;
+
+	stream_socket = talloc_zero(mem_ctx, struct stream_socket);
+	NT_STATUS_HAVE_NO_MEMORY(stream_socket);
+
+	if (strcmp(family, "ip") == 0) {
+		/* we will get the real family from the address itself */
+		if (!interpret_string_addr(&ss, sock_addr, 0)) {
+			talloc_free(stream_socket);
+			return NT_STATUS_INVALID_ADDRESS;
+		}
+
+		socket_address = socket_address_from_sockaddr_storage(stream_socket, &ss, port?*port:0);
+		if (socket_address == NULL) {
+			TALLOC_FREE(stream_socket);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		status = socket_create(stream_socket, socket_address->family,
+				       SOCKET_TYPE_STREAM,
+				       &stream_socket->sock, 0);
+		NT_STATUS_NOT_OK_RETURN(status);
+	} else {
+		status = socket_create(stream_socket, family,
+				       SOCKET_TYPE_STREAM,
+				       &stream_socket->sock, 0);
+		NT_STATUS_NOT_OK_RETURN(status);
+
+		/* this is for non-IP sockets, eg. unix domain sockets */
+		socket_address = socket_address_from_strings(stream_socket,
+							     stream_socket->sock->backend_name,
+							     sock_addr, port?*port:0);
+		NT_STATUS_HAVE_NO_MEMORY(socket_address);
+	}
+
+
+	stream_socket->lp_ctx = talloc_reference(stream_socket, lp_ctx);
+
+	/* ready to listen */
+	status = socket_set_option(stream_socket->sock, "SO_KEEPALIVE", NULL);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	if (socket_options != NULL) {
+		status = socket_set_option(stream_socket->sock, socket_options, NULL);
+		NT_STATUS_NOT_OK_RETURN(status);
+	}
+
+	/* TODO: set socket ACL's (host allow etc) here when they're
+	 * implemented */
+
+	/* Some sockets don't have a port, or are just described from
+	 * the string.  We are indicating this by having port == NULL */
+	if (!port) {
+		status = socket_listen(stream_socket->sock, socket_address, SERVER_LISTEN_BACKLOG, 0);
+	} else if (*port == 0) {
+		for (i = lpcfg_rpc_low_port(lp_ctx);
+		     i <= lpcfg_rpc_high_port(lp_ctx);
+		     i++) {
+			socket_address->port = i;
+			status = socket_listen(stream_socket->sock, socket_address, 
+					       SERVER_LISTEN_BACKLOG, 0);
+			if (NT_STATUS_IS_OK(status)) {
+				*port = i;
+				break;
+			}
+		}
+	} else {
+		status = socket_listen(stream_socket->sock, socket_address, SERVER_LISTEN_BACKLOG, 0);
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		DBG_ERR("Failed to listen on %s:%u - %s\n",
+			 sock_addr, port ? (unsigned int)(*port) : 0,
+			 nt_errstr(status));
+		talloc_free(stream_socket);
+		return status;
+	}
+
+	/* Add the FD from the newly created socket into the event
+	 * subsystem.  it will call the accept handler whenever we get
+	 * new connections */
+
+	fde = tevent_add_fd(event_context, stream_socket->sock,
+			    socket_get_fd(stream_socket->sock),
+			    TEVENT_FD_READ,
+			    stream_accept_handler, stream_socket);
+	if (!fde) {
+		DBG_ERR("Failed to setup fd event\n");
+		talloc_free(stream_socket);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* we let events system to the close on the socket. This avoids
+	 * nasty interactions with waiting for talloc to close the socket. */
+	tevent_fd_set_close_fn(fde, socket_tevent_fd_close_fn);
+	socket_set_flags(stream_socket->sock, SOCKET_FLAG_NOCLOSE);
+
+	stream_socket->private_data     = talloc_reference(stream_socket, private_data);
+	stream_socket->ops              = stream_ops;
+	stream_socket->event_ctx	= event_context;
+	stream_socket->model_ops        = model_ops;
+	stream_socket->process_context  = process_context;
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  setup a connection title 
+*/
+void stream_connection_set_title(struct stream_connection *conn, const char *title)
+{
+	conn->model_ops->set_title(conn->event.ctx, title);
+}
diff --git a/source4/samba/service_stream.h b/source4/samba/service_stream.h
new file mode 100644
index 0000000..81bf275
--- /dev/null
+++ b/source4/samba/service_stream.h
@@ -0,0 +1,80 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   structures specific to stream servers
+
+   Copyright (C) Stefan (metze) Metzmacher	2004
+   Copyright (C) Andrew Tridgell        	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __SERVICE_STREAM_H__
+#define __SERVICE_STREAM_H__
+
+#include "librpc/gen_ndr/server_id.h"
+
+/* modules can use the following to determine if the interface has changed
+ * please increment the version number after each interface change
+ * with a comment and maybe update struct stream_connection_critical_sizes.
+ */
+/* version 0 - initial version - metze */
+#define SERVER_SERVICE_VERSION 0
+
+/*
+  top level context for an established stream connection
+*/
+struct stream_connection {
+	const struct stream_server_ops *ops;
+	const struct model_ops *model_ops;
+	struct server_id server_id;
+	void *private_data;
+
+	struct {
+		struct tevent_context *ctx;
+		struct tevent_fd *fde;
+	} event;
+
+	struct socket_context *socket;
+	struct imessaging_context *msg_ctx;
+	struct loadparm_context *lp_ctx;
+
+	struct tstream_context *tstream;
+	struct tsocket_address *local_address;
+	struct tsocket_address *remote_address;
+
+	/*
+	 * this transport layer session info, normally NULL
+	 * which means the same as an anonymous session info
+	 */
+	struct auth_session_info *session_info;
+
+	uint processing;
+	const char *terminate;
+	void *process_context;
+};
+
+
+/* operations passed to the service_stream code */
+struct stream_server_ops {
+	/* the name of the server_service */
+	const char *name;
+	void (*accept_connection)(struct stream_connection *);
+	void (*recv_handler)(struct stream_connection *, uint16_t);
+	void (*send_handler)(struct stream_connection *, uint16_t);
+};
+
+void stream_terminate_connection(struct stream_connection *srv_conn, const char *reason);
+
+#endif /* __SERVICE_STREAM_H__ */
diff --git a/source4/samba/service_task.c b/source4/samba/service_task.c
new file mode 100644
index 0000000..d911027
--- /dev/null
+++ b/source4/samba/service_task.c
@@ -0,0 +1,140 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   helper functions for task based servers (nbtd, winbind etc)
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "process_model.h"
+#include "lib/messaging/irpc.h"
+#include "param/param.h"
+#include "librpc/gen_ndr/ndr_irpc_c.h"
+
+/*
+  terminate a task service
+*/
+void task_server_terminate(struct task_server *task, const char *reason, bool fatal)
+{
+	struct tevent_context *event_ctx = task->event_ctx;
+	const struct model_ops *model_ops = task->model_ops;
+	if (fatal) {
+		DBG_ERR("task_server_terminate: [%s]\n", reason);
+	} else {
+		DBG_NOTICE("task_server_terminate: [%s]\n", reason);
+	}
+
+	if (fatal && task->msg_ctx != NULL) {
+		struct dcerpc_binding_handle *irpc_handle;
+		struct samba_terminate r;
+
+		irpc_handle = irpc_binding_handle_by_name(task, task->msg_ctx,
+							  "samba", &ndr_table_irpc);
+		if (irpc_handle != NULL) {
+			/* Note: this makes use of nested event loops... */
+			dcerpc_binding_handle_set_sync_ev(irpc_handle, event_ctx);
+			r.in.reason = reason;
+			dcerpc_samba_terminate_r(irpc_handle, task, &r);
+		}
+	}
+
+	imessaging_cleanup(task->msg_ctx);
+
+	model_ops->terminate_task(
+	    event_ctx, task->lp_ctx, reason, fatal, task->process_context);
+	/* don't free this above, it might contain the 'reason' being printed */
+	talloc_free(task);
+}
+
+/* used for the callback from the process model code */
+struct task_state {
+	const struct service_details *service_details;
+	const struct model_ops *model_ops;
+};
+
+
+/*
+  called by the process model code when the new task starts up. This then calls
+  the server specific startup code
+*/
+static struct task_server *task_server_callback(struct tevent_context *event_ctx,
+				 struct loadparm_context *lp_ctx,
+				 struct server_id server_id,
+				 void *private_data,
+				 void *context)
+{
+	struct task_server *task;
+	NTSTATUS status = NT_STATUS_OK;
+
+	struct task_state *state = talloc_get_type(private_data, struct task_state);
+	task = talloc(event_ctx, struct task_server);
+	if (task == NULL) return NULL;
+
+	task->event_ctx = event_ctx;
+	task->model_ops = state->model_ops;
+	task->server_id = server_id;
+	task->lp_ctx = lp_ctx;
+	task->process_context = context;
+
+	task->msg_ctx = imessaging_init(task,
+					task->lp_ctx,
+					task->server_id,
+					task->event_ctx);
+	if (!task->msg_ctx) {
+		task_server_terminate(task, "imessaging_init() failed", true);
+		return NULL;
+	}
+
+	status = state->service_details->task_init(task);
+	if (!NT_STATUS_IS_OK(status)) {
+		return NULL;
+	}
+	return task;
+}
+
+/*
+  startup a task based server
+*/
+NTSTATUS task_server_startup(struct tevent_context *event_ctx,
+			     struct loadparm_context *lp_ctx,
+			     const char *service_name,
+			     const struct model_ops *model_ops,
+			     const struct service_details *service_details,
+			     int from_parent_fd)
+{
+	struct task_state *state;
+
+	state = talloc(event_ctx, struct task_state);
+	NT_STATUS_HAVE_NO_MEMORY(state);
+
+	state->service_details = service_details;
+	state->model_ops = model_ops;
+
+	state->model_ops->new_task(event_ctx, lp_ctx, service_name,
+			           task_server_callback, state, service_details,
+				   from_parent_fd);
+
+	return NT_STATUS_OK;
+}
+
+/*
+  setup a task title 
+*/
+void task_server_set_title(struct task_server *task, const char *title)
+{
+	task->model_ops->set_title(task->event_ctx, title);
+}
diff --git a/source4/samba/service_task.h b/source4/samba/service_task.h
new file mode 100644
index 0000000..2499dc1
--- /dev/null
+++ b/source4/samba/service_task.h
@@ -0,0 +1,39 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   structures for task based servers
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __SERVICE_TASK_H__
+#define __SERVICE_TASK_H__ 
+
+#include "librpc/gen_ndr/server_id.h"
+
+struct task_server {
+	struct tevent_context *event_ctx;
+	const struct model_ops *model_ops;
+	struct imessaging_context *msg_ctx;
+	struct loadparm_context *lp_ctx;
+	struct server_id server_id;
+	void *private_data;
+	void *process_context;
+};
+
+
+
+#endif /* __SERVICE_TASK_H__ */
diff --git a/source4/samba/wscript_build b/source4/samba/wscript_build
new file mode 100644
index 0000000..3dab850
--- /dev/null
+++ b/source4/samba/wscript_build
@@ -0,0 +1,58 @@
+#!/usr/bin/env python
+
+bld.SAMBA_LIBRARY('service',
+	source='service.c service_stream.c service_named_pipe.c service_task.c',
+	autoproto='service_proto.h',
+	deps='tevent MESSAGING samba_socket RPC_NDR_IRPC NDR_NAMED_PIPE_AUTH npa_tstream gssapi samba-credentials LIBTSOCKET LIBSAMBA_TSOCKET process_model',
+	private_library=True,
+	enabled=bld.AD_DC_BUILD_IS_ENABLED()
+	)
+
+
+bld.SAMBA_LIBRARY('process_model',
+                  source='process_model.c',
+                  autoproto='process_model_proto.h',
+                  deps='samba-util samba-hostconfig samba-modules',
+                  private_library=True,
+                  enabled=bld.AD_DC_BUILD_IS_ENABLED()
+                  )
+
+bld.SAMBA_SUBSYSTEM('samba_server_util',
+	            source='server_util.c',
+                    deps='samba-util')
+
+bld.SAMBA_BINARY('samba',
+	source='server.c',
+	subsystem_name='service',
+	deps='''events process_model service samba-hostconfig samba-util CMDLINE_S4
+                popt gensec registry ntvfs share cluster COMMON_SCHANNEL SECRETS
+                samba_server_util''',
+	pyembed=True,
+	install_path='${SBINDIR}',
+	enabled=bld.AD_DC_BUILD_IS_ENABLED()
+	)
+
+bld.SAMBA_MODULE('process_model_single',
+                 source='process_single.c',
+                 subsystem='process_model',
+                 init_function='process_model_single_init',
+                 deps='cluster process_model samba-sockets',
+                 internal_module=True
+                 )
+
+
+bld.SAMBA_MODULE('process_model_standard',
+                 source='process_standard.c',
+                 subsystem='process_model',
+                 init_function='process_model_standard_init',
+                 deps='MESSAGING events ldbsamba process_model samba-sockets cluster messages_dgm',
+                 internal_module=False
+                 )
+
+bld.SAMBA_MODULE('process_model_prefork',
+                 source='process_prefork.c',
+                 subsystem='process_model',
+                 init_function='process_model_prefork_init',
+                 deps='MESSAGING events ldbsamba cluster samba-sockets process_model messages_dgm samba_server_util',
+                 internal_module=False
+                 )
diff --git a/source4/script/buildtree.pl b/source4/script/buildtree.pl
new file mode 100755
index 0000000..a40036a
--- /dev/null
+++ b/source4/script/buildtree.pl
@@ -0,0 +1,40 @@
+#! /usr/bin/env perl -w
+    eval 'exec /usr/bin/env perl -S $0 ${1+"$@"}'
+        if 0; #$running_under_some_shell
+
+use strict;
+use File::Find ();
+use File::Path qw(mkpath);
+use Cwd 'abs_path';
+
+# Set the variable $File::Find::dont_use_nlink if you're using AFS,
+# since AFS cheats.
+
+# for the convenience of &wanted calls, including -eval statements:
+use vars qw/*name *dir *prune/;
+*name   = *File::Find::name;
+*dir    = *File::Find::dir;
+*prune  = *File::Find::prune;
+my $builddir = abs_path($ENV{builddir});
+my $srcdir = abs_path($ENV{srcdir});
+sub wanted;
+
+
+
+# Traverse desired filesystems
+File::Find::find({wanted => \&wanted, no_chdir => 1}, $srcdir);
+exit;
+
+
+sub wanted {
+    my ($dev,$ino,$mode,$nlink,$uid,$gid,$newdir);
+
+    if ((($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_)) &&
+	(-d _) && (($newdir = abs_path($_)) !~ /$builddir/)) 
+        { 
+	  $newdir =~ s!$srcdir!$builddir!; 
+	  mkpath($newdir);
+	  print("Creating $newdir\n");
+	}
+}
+
diff --git a/source4/script/depfilter.py b/source4/script/depfilter.py
new file mode 100755
index 0000000..ee2ce9d
--- /dev/null
+++ b/source4/script/depfilter.py
@@ -0,0 +1,53 @@
+#!/usr/bin/env python3
+#
+# Filter out arcs in a dotty graph that are at or below a certain
+# node.  This is useful for visualising parts of the dependency graph.
+#
+
+# Command line stuff
+
+import sys
+import re
+
+if len(sys.argv) != 2:
+    print('Usage: depfilter.py NODE')
+    sys.exit(1)
+
+top = sys.argv[1]
+
+# Read in dot file
+
+lines = sys.stdin.readlines()
+
+graph = {}
+
+for arc in lines[1:-1]:
+    match = re.search('"(.*)" -> "(.*)"', arc)
+    n1, n2 = match.group(1), match.group(2)
+    if n1 not in graph:
+        graph[n1] = []
+    graph[n1].append(n2)
+
+# Create subset of 'graph' rooted at 'top'
+
+subgraph = {}
+
+
+def add_deps(node):
+    if node in graph and node not in subgraph:
+        subgraph[node] = graph[node]
+        for n in graph[node]:
+            add_deps(n)
+
+
+add_deps(top)
+
+# Generate output
+
+print(lines[0], end=' ')
+
+for key, value in subgraph.items():
+    for n in value:
+        print('\t"%s" -> "%s"' % (key, n))
+
+print(lines[-1], end=' ')
diff --git a/source4/script/extract_allparms.sh b/source4/script/extract_allparms.sh
new file mode 100755
index 0000000..f16068b
--- /dev/null
+++ b/source4/script/extract_allparms.sh
@@ -0,0 +1,2 @@
+#!/bin/sh
+grep '{".*P_[GL]' param/loadparm.c | sed -e 's/&.*$//g' -e 's/",.*P_LOCAL.*$/  S/' -e 's/",.*P_GLOBAL.*$/  G/' -e 's/^ .*{"//g' | sort -f
diff --git a/source4/script/find_unused_options.sh b/source4/script/find_unused_options.sh
new file mode 100755
index 0000000..ad56fab
--- /dev/null
+++ b/source4/script/find_unused_options.sh
@@ -0,0 +1,37 @@
+#!/bin/sh
+#
+# this script finds unused lp_*() functions
+#
+# use it like this:
+#
+#   user@host:~/samba/source>./script/find_unused_options.sh
+#
+
+LIST_GLOBAL=$(grep '^FN_GLOBAL' param/loadparm.c | sed -e's/^FN_GLOBAL.*(\(.*\).*,.*\(&Globals\..*\)).*/\1:\2/')
+
+LIST_LOCAL=$(grep '^FN_LOCAL' param/loadparm.c | sed -e's/^FN_LOCAL.*(\(.*\).*,[ ]*\(.*\)).*/\1:\2/')
+
+CFILES=$(find . -name "*.c")
+
+for i in $LIST_GLOBAL; do
+	key=$(echo $i | cut -d ':' -f1)
+	val=$(echo $i | cut -d ':' -f2)
+
+	found=$(grep "${key}[ ]*()" $CFILES)
+	if test -z "$found"; then
+		echo "Not Used Global: $key() -> $val"
+	fi
+done
+
+for i in $LIST_LOCAL; do
+	key=$(echo $i | cut -d ':' -f1)
+	val=$(echo $i | cut -d ':' -f2)
+
+	found=$(grep "${key}[ ]*(" $CFILES)
+
+	if test -z "$found"; then
+		echo "Not Used LOCAL: $key() -> $val"
+	fi
+done
+
+echo "# do a 'make clean;make everything' before removing anything!"
diff --git a/source4/script/minimal_includes.pl b/source4/script/minimal_includes.pl
new file mode 100755
index 0000000..4203d00
--- /dev/null
+++ b/source4/script/minimal_includes.pl
@@ -0,0 +1,171 @@
+#!/usr/bin/perl -w
+# find a list of #include lines in C code that might not be needed
+# usually called with something like this:
+#    minimal_includes.pl `find . -name "*.c"`
+# Andrew Tridgell <tridge@samba.org>
+
+use strict;
+use Data::Dumper;
+use Getopt::Long;
+
+my $opt_help = 0;
+my $opt_remove = 0;
+my $opt_skip_system = 0;
+my $opt_waf = 0;
+
+#####################################################################
+# write a string into a file
+sub FileSave($$)
+{
+    my($filename) = shift;
+    my($v) = shift;
+    local(*FILE);
+    open(FILE, ">$filename") || die "can't open $filename";    
+    print FILE $v;
+    close(FILE);
+}
+
+sub load_lines($)
+{
+	my $fname = shift;
+	my @lines = split(/^/m, `cat $fname`);
+	return @lines;
+}
+
+sub save_lines($$)
+{
+	my $fname = shift;
+	my $lines = shift;
+	my $data = join('', @{$lines});
+	FileSave($fname, $data);
+}
+
+sub test_compile($)
+{
+	my $fname = shift;
+	my $obj;
+	if ($opt_waf) {
+		my $ret = `../buildtools/bin/waf $fname 2>&1`;
+		return $ret
+	}
+	if ($fname =~ s/(.*)\..*$/$1.o/) {
+		$obj = "$1.o";
+	} else {
+		return "NOT A C FILE";
+	}
+	unlink($obj);
+	my $ret = `make $obj 2>&1`;
+	if (!unlink("$obj")) {
+		return "COMPILE FAILED";
+	}
+	return $ret;
+}
+
+sub test_include($$$$)
+{
+	my $fname = shift;
+	my $lines = shift;
+	my $i = shift;
+	my $original = shift;
+	my $line = $lines->[$i];
+	my $testfname;
+
+	$lines->[$i] = "";
+
+	my $mname = $fname . ".misaved";
+
+	unlink($mname);
+	rename($fname, $mname) || die "failed to rename $fname";
+	save_lines($fname, $lines);
+	
+	my $out = test_compile($fname);
+
+	if ($out eq $original) {
+		if ($opt_remove) {
+			if ($opt_skip_system && 
+			    $line =~ /system\//) {
+				print "$fname: not removing system include $line\n";
+			} else {
+				print "$fname: removing $line\n";
+				unlink($mname);
+				return;
+			}
+		} else {
+			print "$fname: might be able to remove $line\n";
+		}
+	}
+
+	$lines->[$i] = $line;
+	rename($mname, $fname) || die "failed to restore $fname";
+}
+
+sub process_file($)
+{
+	my $fname = shift;
+	my @lines = load_lines($fname);
+	my $num_lines = $#lines;
+
+	my $original = test_compile($fname);
+
+	if ($original eq "COMPILE FAILED") {
+		print "Failed to compile $fname\n";
+		return;
+	}
+
+	print "Processing $fname (with $num_lines lines)\n";
+	
+	my $if_level = 0;
+
+	for (my $i=0;$i<=$num_lines;$i++) {
+		my $line = $lines[$i];
+		if ($line =~ /^\#\s*if/) {
+			$if_level++;
+		}
+		if ($line =~ /^\#\s*endif/) {
+			$if_level--;
+		}
+		if ($if_level == 0 &&
+		    $line =~ /^\#\s*include/ && 
+		    !($line =~ /needed/)) {
+			test_include($fname, \@lines, $i, $original);
+		}
+	}
+}
+
+
+#########################################
+# display help text
+sub ShowHelp()
+{
+    print "
+           minimise includes
+           Copyright (C) tridge\@samba.org
+
+	   Usage: minimal_includes.pl [options] <C files....>
+	   
+	   Options:
+                 --help         show help
+                 --remove       remove includes, don't just list them
+                 --skip-system  don't remove system/ includes
+                 --waf          use waf target conventions
+";
+}
+
+
+# main program
+GetOptions (
+	    'h|help|?' => \$opt_help,
+	    'remove' => \$opt_remove,
+	    'skip-system' => \$opt_skip_system,
+	    'waf' => \$opt_waf,
+	    );
+
+if ($opt_help) {
+	ShowHelp();
+	exit(0);
+}
+
+for (my $i=0;$i<=$#ARGV;$i++) {
+	my $fname = $ARGV[$i];
+	process_file($fname);
+}
diff --git a/source4/script/mkproto.pl b/source4/script/mkproto.pl
new file mode 100755
index 0000000..2c3ebac
--- /dev/null
+++ b/source4/script/mkproto.pl
@@ -0,0 +1,252 @@
+#!/usr/bin/perl
+# Simple script for generating prototypes for C functions
+# Written by Jelmer Vernooij
+# based on the original mkproto.sh by Andrew Tridgell
+
+use strict;
+
+# don't use warnings module as it is not portable enough
+# use warnings;
+
+use Getopt::Long;
+use File::Basename;
+use File::Path;
+
+#####################################################################
+# read a file into a string
+
+my $public_file = undef;
+my $private_file = undef;
+my $all_file = undef;
+my $public_define = undef;
+my $private_define = undef;
+my $_public = "";
+my $_private = "";
+my $public_data = \$_public;
+my $private_data = \$_private;
+my $builddir = ".";
+my $srcdir = ".";
+
+sub public($)
+{
+	my ($d) = @_;
+	$$public_data .= $d;
+}
+
+sub private($)
+{
+	my ($d) = @_;
+	$$private_data .= $d;
+}
+
+sub usage()
+{
+	print "Usage: mkproto.pl [options] [c files]\n";
+	print "OPTIONS:\n";
+	print "  --public=FILE          Write prototypes for public functions to FILE\n";
+	print "  --private=FILE         Write prototypes for private functions to FILE\n";
+	print "  --define=DEF           Use DEF to check whether header was already included\n";
+	print "  --public-define=DEF    Same as --define, but just for public header\n";
+	print "  --private-define=DEF   Same as --define, but just for private header\n";
+	print "  --srcdir=path          Read files relative to this directory\n";
+	print "  --builddir=path        Write file relative to this directory\n";
+	print "  --help                 Print this help message\n\n";
+	exit 0;
+}
+
+GetOptions(
+	'public=s' => sub { my ($f,$v) = @_; $public_file = $v; },
+	'all=s' => sub { my ($f,$v) = @_; $public_file = $v; $private_file = $v; },
+	'private=s' => sub { my ($f,$v) = @_; $private_file = $v; },
+	'define=s' => sub { 
+		my ($f,$v) = @_; 
+		$public_define = $v; 
+		$private_define = "$v\_PRIVATE"; 
+	},
+	'public-define=s' => \$public_define,
+	'private-define=s' => \$private_define,
+	'srcdir=s' => sub { my ($f,$v) = @_; $srcdir = $v; },
+	'builddir=s' => sub { my ($f,$v) = @_; $builddir = $v; },
+	'help' => \&usage
+) or exit(1);
+
+sub normalize_define($$)
+{
+	my ($define, $file) = @_;
+
+	if (not defined($define) and defined($file)) {
+		$define = "__" . uc($file) . "__";
+		$define =~ tr{./}{__};
+		$define =~ tr{\-}{_};
+	} elsif (not defined($define)) {
+		$define = '_PROTO_H_';
+	}
+
+	return $define;
+}
+
+$public_define = normalize_define($public_define, $public_file);
+$private_define = normalize_define($private_define, $private_file);
+
+if ((defined($private_file) and defined($public_file) and ($private_file eq $public_file)) or 
+	(not defined($private_file) and not defined($public_file))) {
+	$private_data = $public_data;
+}
+
+sub file_load($)
+{
+    my($filename) = @_;
+    local(*INPUTFILE);
+    open(INPUTFILE, $filename) or return undef;
+    my($saved_delim) = $/;
+    undef $/;
+    my($data) = <INPUTFILE>;
+    close(INPUTFILE);
+    $/ = $saved_delim;
+    return $data;
+}
+
+sub print_header($$)
+{
+	my ($file, $header_name) = @_;
+	$file->("#ifndef $header_name\n");
+	$file->("#define $header_name\n\n");
+	$file->("#undef _PRINTF_ATTRIBUTE\n");
+	$file->("#define _PRINTF_ATTRIBUTE(a1, a2) PRINTF_ATTRIBUTE(a1, a2)\n");
+	$file->("/* This file was automatically generated by mkproto.pl. DO NOT EDIT */\n\n");
+}
+
+sub print_footer($$) 
+{
+	my ($file, $header_name) = @_;
+	$file->("#undef _PRINTF_ATTRIBUTE\n");
+	$file->("#define _PRINTF_ATTRIBUTE(a1, a2)\n");
+	$file->("\n#endif /* $header_name */\n\n");
+}
+
+sub process_file($$$) 
+{
+	my ($public_file, $private_file, $filename) = @_;
+
+	$filename =~ s/\.o$/\.c/g;
+
+	if ($filename =~ /^\//) {
+		open(FH, "<$filename") or die("Failed to open $filename");
+	} elsif (!open(FH, "< $builddir/$filename")) {
+	    open(FH, "< $srcdir/$filename") || die "Failed to open $filename";
+	}
+
+	$private_file->("\n/* The following definitions come from $filename  */\n\n");
+
+	my $comment = undef;
+	my $incomment = 0;
+	while (my $line = <FH>) {	      
+		my $target = \&private;
+		my $is_public = 0;
+
+		if ($line =~ /^\/\*\*/) { 
+			$comment = "";
+			$incomment = 1;
+		}
+
+		if ($incomment) {
+			$comment .= $line;
+			if ($line =~ /\*\//) {
+				$incomment = 0;
+			}
+		} 
+
+		# these are ordered for maximum speed
+		next if ($line =~ /^\s/);
+	      
+		next unless ($line =~ /\(/);
+
+		next if ($line =~ /^\/|[;]/);
+
+		if ($line =~ /^FN_/) {
+			next;
+		}
+
+		if ($line =~ /^_PUBLIC_[\t ]/) {
+			$target = \&public;
+			$is_public = 1;
+		}
+
+		next unless ( $is_public || $line =~ /
+			      ^(_DEPRECATED_ |_NORETURN_ |_WARN_UNUSED_RESULT_ |_PURE_ )*(
+				  void|bool|int|struct|char|const|\w+_[tT]\s|uint|unsigned|long|NTSTATUS|
+				  ADS_STATUS|enum\s.*\(|DATA_BLOB|WERROR|XFILE|FILE|DIR|
+			      double|TDB_CONTEXT|TDB_DATA|TALLOC_CTX|NTTIME|FN_|init_module|
+			      GtkWidget|GType|smb_ucs2_t|krb5_error_code|NET_API_STATUS)
+			      /xo);
+
+		next if ($line =~ /^int\s*main/);
+
+		$target->("\n$comment") if (defined($comment)); $comment = undef;
+
+		if ( $line =~ /\(.*\)\s*$/o ) {
+			chomp $line;
+			$target->("$line;\n");
+			next;
+		}
+
+		$target->($line);
+
+		while ($line = <FH>) {
+			if ($line =~ /\)\s*$/o) {
+				chomp $line;
+				$target->("$line;\n");
+				last;
+			}
+			$target->($line);
+		}
+	}
+
+	close(FH);
+}
+
+
+print_header(\&public, $public_define);
+if (defined($private_file) and defined($public_file) and $public_file ne $private_file) {
+	print_header(\&private, $private_define);
+
+	private("/* this file contains prototypes for functions that " .
+			"are private \n * to this subsystem or library. These functions " .
+			"should not be \n * used outside this particular subsystem! */\n\n");
+
+	public("/* this file contains prototypes for functions that " . 
+			"are part of \n * the public API of this subsystem or library. */\n\n");
+
+}
+
+public("#ifndef _PUBLIC_\n#define _PUBLIC_\n#endif\n\n");
+public("#ifndef _PURE_\n#define _PURE_\n#endif\n\n");
+public("#ifndef _NORETURN_\n#define _NORETURN_\n#endif\n\n");
+public("#ifndef _DEPRECATED_\n#define _DEPRECATED_\n#endif\n\n");
+public("#ifndef _WARN_UNUSED_RESULT_\n#define _WARN_UNUSED_RESULT_\n#endif\n\n");
+
+process_file(\&public, \&private, $_) foreach (@ARGV);
+print_footer(\&public, $public_define);
+if (defined($private_file) and $public_file ne $private_file) {
+	print_footer(\&private, $private_define);
+}
+
+if (not defined($public_file)) {
+	print STDOUT $$public_data;
+}
+
+if (not defined($private_file) and defined($public_file)) {
+	print STDOUT $$private_data;
+}
+
+mkpath(dirname($public_file), 0, 0755);
+open(PUBLIC, ">$public_file") or die("Can't open `$public_file': $!"); 
+print PUBLIC "$$public_data";
+close(PUBLIC);
+
+if (defined($private_file) and $public_file ne $private_file) {
+	mkpath(dirname($private_file), 0, 0755);
+	open(PRIVATE, ">$private_file") or die("Can't open `$private_file': $!"); 
+	print PRIVATE "$$private_data";
+	close(PRIVATE);
+}
diff --git a/source4/script/update-proto.pl b/source4/script/update-proto.pl
new file mode 100755
index 0000000..c130650
--- /dev/null
+++ b/source4/script/update-proto.pl
@@ -0,0 +1,242 @@
+#!/usr/bin/perl
+# Simple script for updating the prototypes in a C header file
+#
+# Copyright (C) 2006 Jelmer Vernooij <jelmer@samba.org>
+# Published under the GNU GPL
+
+use strict;
+use warnings;
+use Getopt::Long;
+
+=head1 NAME
+
+update-proto - automatically update prototypes in header files
+
+=head1 SYNOPSIS
+
+update-proto [OPTIONS] <HEADER> <C-FILE>...
+
+update-proto [OPTIONS] <HEADER> 
+
+=head1 DESCRIPTION
+
+Update-proto makes sure the prototypes in a C header file are current
+by comparing the existing prototypes in a header with the function definition 
+in the source file. It aims to keep the diff between the original header 
+and generated one as small as possible.
+
+New prototypes are inserted before any line that contains the following comment:
+
+/* New prototypes are inserted above this line */
+
+It will automatically parse C files after it encounters a line that contains:
+
+/* The following definitions come from FILE */
+
+When two or more prototypes exist for a function, only the first one 
+will be kept.
+
+=head1 OPTIONS
+
+=over 4
+
+=item I<--verbose|-v>
+
+Increase verbosity. Currently only two levels of verbosity are used.
+
+=item I<--help>
+
+Show list of options
+
+=back
+
+=head1 BUGS
+
+Strange complex functions are not recognized. In particular those 
+created by macros or returning (without typedef) function pointers.
+
+=head1 LICENSE
+
+update-proto is licensed under the GNU General Public License L<http://www.gnu.org/licenses/gpl.html>.
+
+=head1 AUTHOR
+
+update-proto was written by Jelmer Vernooij L<jelmer@samba.org>.
+	
+=cut
+
+sub Usage()
+{
+	print "Usage: update-proto.pl [OPTIONS] <HEADER> <C-FILE>...\n";
+	exit 1;
+}
+
+sub Help()
+{
+	print "Usage: update-proto.pl [OPTIONS] <HEADER> <C-FILE>...\n";
+	print "Options:\n";
+	print "	--help			Show this help message\n";
+	print "	--verbose		Write changes made to standard error\n\n";
+	exit 0;
+}
+
+my %new_protos = ();
+
+my $verbose = 0;
+
+GetOptions(
+	'help|h' => \&Help,
+	'v|verbose' => sub { $verbose += 1; }
+) or Usage();
+
+sub count($$)
+{
+	my ($t, $s) = @_;
+	my $count = 0;
+	while($s =~ s/^(.)//) { $count++ if $1 eq $t; }
+	return $count;
+}
+
+my $header = shift @ARGV;
+
+sub process_file($)
+{
+	my $file = shift;
+	open (IN, "<$file");
+	while (my $line = <IN>) {
+		$_ = $line;
+		next if /^\s/;
+		next unless /\(/;
+		next if /^\/|[;]|^#|}|^\s*static/;
+		s/\/\*(.*?)\*\///g;
+		my $public = s/_PUBLIC_//g;
+		s/_PRINTF_ATTRIBUTE\([^)]+\)//g;
+		next unless /^(struct\s+\w+|union\s+\w+|\w+)\s+\**\s*(\w+)\s*\((.*)$/;
+
+		my $name = $2;
+
+		next if ($name eq "main");
+
+		# Read continuation lines if any
+		my $prn = 1 + count("(", $3) - count(")", $3);
+
+		while ($prn) {
+			my $l = <IN>;
+			$l or die("EOF while parsing function prototype");
+			$line .= $l;
+			$prn += count("(", $l) - count(")", $l);
+		}
+
+		$line =~ s/\n$//;
+
+		# Strip off possible start of function
+		$line =~ s/{\s*$//g;
+		
+		$new_protos{$name} = "$line;";
+	}
+	close(IN);
+}
+
+process_file($_) foreach (@ARGV);
+
+my $added = 0;
+my $modified = 0;
+my $deleted = 0;
+my $kept = 0;
+
+sub insert_new_protos()
+{
+	foreach (keys %new_protos) {
+		print "$new_protos{$_}\n";
+		print STDERR "Inserted prototype for `$_'\n" if ($verbose);
+		$added+=1;
+	}
+	%new_protos = ();
+}
+
+my $blankline_due = 0;
+
+open (HDR, "<$header");
+while (my $line = <HDR>) {
+	if ($line eq "\n") {
+		$blankline_due = 1;
+		$line = <HDR>;
+	}
+
+	# Recognize C files that prototypes came from
+	if ($line =~ /\/\* The following definitions come from (.*) \*\//) {
+		insert_new_protos();
+		if ($blankline_due) {
+			print "\n";
+			$blankline_due = 0;
+		}
+		process_file($1);
+		print "$line";
+		next;
+	}
+
+	if ($blankline_due) {
+		print "\n";
+		$blankline_due = 0;
+	}
+
+	# Insert prototypes that weren't in the header before
+	if ($line =~ /\/\* New prototypes are inserted above this line.*\*\/\s*/) {
+		insert_new_protos();
+		print "$line\n";
+		next;
+	}
+	
+	if ($line =~ /^\s*typedef |^\#|^\s*static/) {
+		print "$line";
+		next;
+	}
+
+	$_ = $line;
+	s/\/\*(.*?)\*\///g;
+	my $public = s/_PUBLIC_//g;
+	s/_PRINTF_ATTRIBUTE\([^)]+\)//g;
+	unless (/^(struct\s+\w+|union\s+\w+|\w+)\s+\**\s*(\w+)\s*\((.*)$/) {
+		print "$line";
+		next;
+	}
+
+	# Read continuation lines if any
+	my $prn = 1 + count("(", $3) - count(")", $3);
+
+	while ($prn) {
+		my $l = <HDR>;
+		$l or die("EOF while parsing function prototype");
+		$line .= $l;
+		$prn += count("(", $l) - count(")", $l);
+	}
+
+	my $name = $2;
+
+	# This prototype is for a function that was removed
+	unless (defined($new_protos{$name})) {
+		$deleted+=1;
+		print STDERR "Removed prototype for `$name'\n" if ($verbose);
+		next;
+	}
+
+	my $nline = $line;
+	chop($nline);
+
+	if ($new_protos{$name} ne $nline) {
+		$modified+=1;
+		print STDERR "Updated prototype for `$name'\n" if ($verbose);
+		print "$new_protos{$name}\n";
+	} else {
+		$kept+=1;
+		print STDERR "Prototype for `$name' didn't change\n" if ($verbose > 1);
+		print "$line";
+	}
+
+	delete $new_protos{$name};
+}
+close(HDR);
+
+print STDERR "$added added, $modified modified, $deleted deleted, $kept unchanged.\n";
+
+1;
diff --git a/source4/scripting/bin/enablerecyclebin b/source4/scripting/bin/enablerecyclebin
new file mode 100755
index 0000000..3477f90
--- /dev/null
+++ b/source4/scripting/bin/enablerecyclebin
@@ -0,0 +1,53 @@
+#!/usr/bin/env python3
+#
+# enabled the Recycle Bin optional feature
+#
+import optparse
+import sys
+
+# Find right directory when running from source tree
+sys.path.insert(0, "bin/python")
+
+import samba
+from samba import getopt as options, Ldb
+from ldb import SCOPE_BASE
+import sys
+import ldb
+from samba.auth import system_session
+
+parser = optparse.OptionParser("enablerecyclebin <URL>")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+parser.add_option_group(options.VersionOptions(parser))
+
+opts, args = parser.parse_args()
+opts.dump_all = True
+
+if len(args) != 1:
+    parser.print_usage()
+    sys.exit(1)
+
+url = args[0]
+
+lp_ctx = sambaopts.get_loadparm()
+
+creds = credopts.get_credentials(lp_ctx)
+sam_ldb = Ldb(url, session_info=system_session(), credentials=creds, lp=lp_ctx)
+
+# get the rootDSE
+res = sam_ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["configurationNamingContext"])
+rootDse = res[0]
+
+configbase=rootDse["configurationNamingContext"]
+
+# enable the feature
+msg = ldb.Message()
+msg.dn = ldb.Dn(sam_ldb, "")
+msg["enableOptionalFeature"] = ldb.MessageElement(
+     "CN=Partitions," +  str(configbase) + ":766ddcd8-acd0-445e-f3b9-a7f9b6744f2a",
+     ldb.FLAG_MOD_ADD, "enableOptionalFeature")
+res = sam_ldb.modify(msg)
+
+print("Recycle Bin feature enabled")
diff --git a/source4/scripting/bin/findprovisionusnranges b/source4/scripting/bin/findprovisionusnranges
new file mode 100755
index 0000000..b05b5ce
--- /dev/null
+++ b/source4/scripting/bin/findprovisionusnranges
@@ -0,0 +1,78 @@
+#!/usr/bin/env python3
+#
+# Helper for determining USN ranges created of modified by provision and
+# upgradeprovision.
+# Copyright (C) Matthieu Patou <mat@matws.net> 2009-2011
+#
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+import sys
+import optparse
+sys.path.insert(0, "bin/python")
+
+from samba.credentials import DONT_USE_KERBEROS
+from samba.auth import system_session
+from samba import Ldb
+import ldb
+                
+import samba.getopt as options
+from samba import param
+from samba.upgradehelpers import get_paths, print_provision_ranges, findprovisionrange
+from samba.ndr import ndr_unpack
+from samba.dcerpc import misc
+
+parser = optparse.OptionParser("findprovisionusnranges [options]")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+parser.add_option("--storedir", type="string", help="Directory where to store result files")
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+opts = parser.parse_args()[0]
+lp = sambaopts.get_loadparm()
+smbconf = lp.configfile
+
+creds = credopts.get_credentials(lp)
+creds.set_kerberos_state(DONT_USE_KERBEROS)
+session = system_session()
+paths = get_paths(param, smbconf=smbconf)
+basedn="DC=" + lp.get("realm").replace(".",",DC=")
+samdb = Ldb(paths.samdb, session_info=session, credentials=creds,lp=lp)
+
+res = samdb.search(base="", scope=ldb.SCOPE_BASE, attrs=["dsServiceName"])
+
+invocation = None
+if res and len(res) == 1 and res[0]["dsServiceName"] != None:
+    dn = ldb.Dn(samdb, str(res[0]["dsServiceName"]))
+    res = samdb.search(base=str(dn), scope=ldb.SCOPE_BASE, attrs=["invocationId"],
+                        controls=["search_options:1:2"])
+
+    if res and len(res) == 1 and res[0]["invocationId"]:
+        invocation = str(ndr_unpack(misc.GUID, res[0]["invocationId"][0]))   
+    else:
+        print("Unable to find invocation ID")
+        sys.exit(1)
+else:
+    print("Unable to find attribute dsServiceName in rootDSE")
+    sys.exit(1)
+
+minobj = 5
+(hash_id, nb_obj) = findprovisionrange(samdb, basedn)
+print("Here is a list of changes that modified more than %d objects in 1 minute." % minobj)
+print("Usually changes made by provision and upgradeprovision are those who affect a couple"
+      " of hundred of objects or more")
+print("Total number of objects: %d\n" % nb_obj)
+
+print_provision_ranges(hash_id, minobj, opts.storedir, str(paths.samdb), invocation)
diff --git a/source4/scripting/bin/gen_error_common.py b/source4/scripting/bin/gen_error_common.py
new file mode 100644
index 0000000..390d1d7
--- /dev/null
+++ b/source4/scripting/bin/gen_error_common.py
@@ -0,0 +1,84 @@
+#!/usr/bin/env python3
+
+#
+# Unix SMB/CIFS implementation.
+#
+# Utility methods for generating error codes from a file.
+#
+# Copyright (C) Noel Power <noel.power@suse.com> 2014
+# Copyright (C) Catalyst IT Ltd. 2017
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+# error data model
+class ErrorDef:
+    def __init__(self):
+        self.err_code = None
+        self.err_define = None
+        self.err_string = ""
+        self.isWinError = False
+        self.linenum = None
+
+def escapeString( input ):
+    output = input.replace('"','\\"')
+    output = output.replace("\\<","\\\\<")
+    output = output.replace('\t',"")
+    return output
+
+# Parse error descriptions from a file which is the content
+# of an HTML table.
+# The file must be formatted as:
+# [error code hex]
+# [error name short]
+# [error description]
+# Blank lines are allowed and errors do not have to have a
+# description.
+# Returns a list of ErrorDef objects.
+def parseErrorDescriptions( file_contents, isWinError, transformErrorFunction ):
+    errors = []
+    count = 0
+    for line in file_contents:
+        if line is None or line == '\t' or line == "" or line == '\n':
+            continue
+        content = line.strip().split(None,1)
+        # start new error definition ?
+        if len(content) == 0:
+            continue
+        if line.startswith("0x"):
+            newError = ErrorDef()
+            newError.err_code = int(content[0],0)
+            # escape the usual suspects
+            if len(content) > 1:
+                newError.err_string = escapeString(content[1])
+            newError.linenum = count
+            newError.isWinError = isWinError
+            errors.append(newError)
+        else:
+            if len(errors) == 0:
+                continue
+            err = errors[-1]
+            if err.err_define is None:
+                err.err_define = transformErrorFunction(content[0])
+            else:
+                if len(content) > 0:
+                    desc =  escapeString(line.strip())
+                    if len(desc):
+                        if err.err_string == "":
+                            err.err_string = desc
+                        else:
+                            err.err_string = err.err_string + " " + desc
+        count = count + 1
+    print("parsed %d lines generated %d error definitions"%(count,len(errors)))
+    return errors
diff --git a/source4/scripting/bin/gen_hresult.py b/source4/scripting/bin/gen_hresult.py
new file mode 100755
index 0000000..3caca25
--- /dev/null
+++ b/source4/scripting/bin/gen_hresult.py
@@ -0,0 +1,205 @@
+#!/usr/bin/env python3
+
+#
+# Unix SMB/CIFS implementation.
+#
+# HRESULT Error definitions
+#
+# Copyright (C) Noel Power <noel.power@suse.com> 2014
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+
+import sys
+from gen_error_common import parseErrorDescriptions
+
+def write_license(out_file):
+    out_file.write("/*\n")
+    out_file.write(" * Unix SMB/CIFS implementation.\n")
+    out_file.write(" *\n")
+    out_file.write(" * HRESULT Error definitions\n")
+    out_file.write(" *\n")
+    out_file.write(" * Copyright (C) Noel Power <noel.power@suse.com> 2014\n")
+    out_file.write(" *\n")
+    out_file.write(" * This program is free software; you can redistribute it and/or modify\n")
+    out_file.write(" * it under the terms of the GNU General Public License as published by\n")
+    out_file.write(" * the Free Software Foundation; either version 3 of the License, or\n")
+    out_file.write(" * (at your option) any later version.\n")
+    out_file.write(" *\n")
+    out_file.write(" * This program is distributed in the hope that it will be useful,\n")
+    out_file.write(" * but WITHOUT ANY WARRANTY; without even the implied warranty of\n")
+    out_file.write(" * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n")
+    out_file.write(" * GNU General Public License for more details.\n")
+    out_file.write(" *\n")
+    out_file.write(" * You should have received a copy of the GNU General Public License\n")
+    out_file.write(" * along with this program.  If not, see <http://www.gnu.org/licenses/>.\n")
+    out_file.write(" */\n")
+    out_file.write("\n")
+
+def generateHeaderFile(out_file, errors):
+    write_license(out_file)
+    out_file.write("#ifndef _HRESULT_H_\n")
+    out_file.write("#define _HRESULT_H_\n\n")
+    macro_magic = "#if defined(HAVE_IMMEDIATE_STRUCTURES)\n"
+    macro_magic += "typedef struct {uint32_t h;} HRESULT;\n"
+    macro_magic += "#define HRES_ERROR(x) ((HRESULT) { x })\n"
+    macro_magic += "#define HRES_ERROR_V(x) ((x).h)\n"
+    macro_magic += "#else\n"
+    macro_magic += "typedef uint32_t HRESULT;\n"
+    macro_magic += "#define HRES_ERROR(x) (x)\n"
+    macro_magic += "#define HRES_ERROR_V(x) (x)\n"
+    macro_magic += "#endif\n"
+    macro_magic += "\n"
+    macro_magic += "#define HRES_IS_OK(x) (HRES_ERROR_V(x) == 0)\n"
+    macro_magic += "#define HRES_IS_EQUAL(x,y) (HRES_ERROR_V(x) == HRES_ERROR_V(y))\n"
+
+    out_file.write(macro_magic)
+    out_file.write("\n\n")
+    out_file.write("/*\n")
+    out_file.write(" * The following error codes are autogenerated from [MS-ERREF]\n")
+    out_file.write(" * see http://msdn.microsoft.com/en-us/library/cc704587.aspx\n")
+    out_file.write(" */\n")
+    out_file.write("\n")
+
+    for err in errors:
+        line = "#define {0:49} HRES_ERROR(0x{1:08X})\n".format(err.err_define ,err.err_code)
+        out_file.write(line)
+    out_file.write("\nconst char *hresult_errstr_const(HRESULT err_code);\n")
+    out_file.write("\nconst char *hresult_errstr(HRESULT err_code);\n")
+    out_file.write("\n#define FACILITY_WIN32 0x0007\n")
+    out_file.write("#define WIN32_FROM_HRESULT(x) (HRES_ERROR_V(x) == 0 ? HRES_ERROR_V(x) : ~((FACILITY_WIN32 << 16) | 0x80000000) & HRES_ERROR_V(x))\n")
+    out_file.write("#define HRESULT_IS_LIKELY_WERR(x) ((HRES_ERROR_V(x) & 0xFFFF0000) == 0x80070000)\n")
+    out_file.write("#define HRESULT_FROM_WERROR(x) (HRES_ERROR(0x80070000 | W_ERROR_V(x)))\n")
+    out_file.write("\n\n\n#endif /*_HRESULT_H_*/")
+
+
+def generateSourceFile(out_file, errors):
+    write_license(out_file)
+    out_file.write("#include \"includes.h\"\n")
+    out_file.write("#include \"hresult.h\"\n")
+    out_file.write("/*\n")
+    out_file.write(" * The following error codes and descriptions are autogenerated from [MS-ERREF]\n")
+    out_file.write(" * see http://msdn.microsoft.com/en-us/library/cc704587.aspx\n")
+    out_file.write(" */\n")
+    out_file.write("\n")
+    out_file.write("const char *hresult_errstr_const(HRESULT err_code)\n")
+    out_file.write("{\n")
+    out_file.write("	const char *result = NULL;\n")
+    out_file.write("\n")
+    out_file.write("	switch (HRES_ERROR_V(err_code)) {\n")
+    for err in errors:
+        out_file.write(f'            case 0x{err.err_code:X}:\n')
+        out_file.write(f'                result = \"{err.err_define}\";\n')
+        out_file.write(f'                break;\n')
+    out_file.write("	}\n")
+    out_file.write("\n")
+    out_file.write("	/* convert & check win32 error space? */\n")
+    out_file.write("	if (result == NULL && HRESULT_IS_LIKELY_WERR(err_code)) {\n")
+    out_file.write("		WERROR wErr = W_ERROR(WIN32_FROM_HRESULT(err_code));\n")
+    out_file.write("		result = get_friendly_werror_msg(wErr);\n")
+    out_file.write("	}\n")
+    out_file.write("	return result;\n")
+    out_file.write("}\n")
+    out_file.write("\n")
+    out_file.write("const char *hresult_errstr(HRESULT err_code)\n")
+    out_file.write("{\n")
+    out_file.write("	static char msg[22];\n")
+    out_file.write("\n")
+    out_file.write("	switch (HRES_ERROR_V(err_code)) {\n")
+    for err in errors:
+        out_file.write(f'            case 0x{err.err_code:X}:\n')
+        out_file.write(f'                return \"{err.err_string}\";\n')
+        out_file.write(f'                break;\n')
+    out_file.write("	}\n")
+    out_file.write("	snprintf(msg, sizeof(msg), \"HRES code 0x%08x\", HRES_ERROR_V(err_code));\n")
+    out_file.write("	return msg;\n")
+    out_file.write("}\n")
+
+def generatePythonFile(out_file, errors):
+    out_file.write("/*\n")
+    out_file.write(" * Errors generated from\n")
+    out_file.write(" * [MS-ERREF] http://msdn.microsoft.com/en-us/library/cc704587.aspx\n")
+    out_file.write(" */\n")
+    out_file.write("#include \"lib/replace/system/python.h\"\n")
+    out_file.write("#include \"python/py3compat.h\"\n")
+    out_file.write("#include \"includes.h\"\n\n")
+    out_file.write("static struct PyModuleDef moduledef = {\n")
+    out_file.write("\tPyModuleDef_HEAD_INIT,\n")
+    out_file.write("\t.m_name = \"hresult\",\n")
+    out_file.write("\t.m_doc = \"HRESULT defines\",\n")
+    out_file.write("\t.m_size = -1,\n")
+    out_file.write("\t};\n\n")
+    out_file.write("MODULE_INIT_FUNC(hresult)\n")
+    out_file.write("{\n")
+    out_file.write("\tPyObject *m = NULL;\n")
+    out_file.write("\tPyObject *py_obj = NULL;\n")
+    out_file.write("\tint ret;\n\n")
+    out_file.write("\tm = PyModule_Create(&moduledef);\n")
+    out_file.write("\tif (m == NULL) {\n")
+    out_file.write("\t\treturn NULL;\n")
+    out_file.write("\t}\n\n")
+    for err in errors:
+        out_file.write(f"\tpy_obj = PyLong_FromUnsignedLongLong(HRES_ERROR_V({err.err_define}));\n")
+        out_file.write(f"\tret = PyModule_AddObject(m, \"{err.err_define}\", py_obj);\n")
+        out_file.write("\tif (ret) {\n")
+        out_file.write("\t\tPy_XDECREF(py_obj);\n")
+        out_file.write("\t\tPy_DECREF(m);\n")
+        out_file.write("\t\treturn NULL;\n")
+        out_file.write("\t}\n")
+    out_file.write("\n")
+    out_file.write("\treturn m;\n")
+    out_file.write("}\n")
+
+def transformErrorName(error_name):
+    return "HRES_" + error_name
+
+# Very simple script to generate files hresult.c & hresult.h
+# This script takes four inputs:
+# [1]: The name of the text file which is the content of an HTML table
+#      (such as that found at https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/705fb797-2175-4a90-b5a3-3918024b10b8)
+#      copied and pasted.
+# [2]: The name of the output generated header file with HResult #defines
+# [3]: The name of the output generated source file with C arrays
+# [4]: The name of the output generated python file
+
+def main ():
+    input_file1 = None
+
+    if len(sys.argv) == 5:
+        input_file1 =  sys.argv[1]
+        gen_headerfile_name = sys.argv[2]
+        gen_sourcefile_name = sys.argv[3]
+        gen_pythonfile_name = sys.argv[4]
+    else:
+        print("usage: %s winerrorfile headerfile sourcefile pythonfile"%(sys.argv[0]))
+        sys.exit()
+
+    # read in the data
+    with open(input_file1) as file_contents:
+        errors = parseErrorDescriptions(file_contents, False, transformErrorName)
+
+    print(f"writing new header file: {gen_headerfile_name}")
+    with open(gen_headerfile_name,"w") as out_file:
+        generateHeaderFile(out_file, errors)
+    print(f"writing new source file: {gen_sourcefile_name}")
+    with open(gen_sourcefile_name,"w") as out_file:
+        generateSourceFile(out_file, errors)
+    print(f"writing new python file: {gen_pythonfile_name}")
+    with open(gen_pythonfile_name,"w") as out_file:
+        generatePythonFile(out_file, errors)
+
+if __name__ == '__main__':
+
+    main()
diff --git a/source4/scripting/bin/gen_ntstatus.py b/source4/scripting/bin/gen_ntstatus.py
new file mode 100755
index 0000000..5e79378
--- /dev/null
+++ b/source4/scripting/bin/gen_ntstatus.py
@@ -0,0 +1,153 @@
+#!/usr/bin/env python3
+
+#
+# Unix SMB/CIFS implementation.
+#
+# HRESULT Error definitions
+#
+# Copyright (C) Noel Power <noel.power@suse.com> 2014
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+import sys, io
+from gen_error_common import ErrorDef, parseErrorDescriptions
+
+def generateHeaderFile(out_file, errors):
+    out_file.write("/*\n")
+    out_file.write(" * Descriptions for errors generated from\n")
+    out_file.write(" * [MS-ERREF] http://msdn.microsoft.com/en-us/library/cc704588.aspx\n")
+    out_file.write(" */\n\n")
+    out_file.write("#ifndef _NTSTATUS_GEN_H\n")
+    out_file.write("#define _NTSTATUS_GEN_H\n")
+    for err in errors:
+        line = "#define %s NT_STATUS(%#x)\n" % (err.err_define, err.err_code)
+        out_file.write(line)
+    out_file.write("\n#endif /* _NTSTATUS_GEN_H */\n")
+
+def generateSourceFile(out_file, errors):
+    out_file.write("/*\n")
+    out_file.write(" * Names for errors generated from\n")
+    out_file.write(" * [MS-ERREF] http://msdn.microsoft.com/en-us/library/cc704588.aspx\n")
+    out_file.write(" */\n")
+
+    out_file.write("static const nt_err_code_struct nt_errs[] = \n")
+    out_file.write("{\n")
+    for err in errors:
+        out_file.write("\t{ \"%s\", %s },\n" % (err.err_define, err.err_define))
+    out_file.write("{ 0, NT_STATUS(0) }\n")
+    out_file.write("};\n")
+
+    out_file.write("\n/*\n")
+    out_file.write(" * Descriptions for errors generated from\n")
+    out_file.write(" * [MS-ERREF] http://msdn.microsoft.com/en-us/library/cc704588.aspx\n")
+    out_file.write(" */\n")
+
+    out_file.write("static const nt_err_code_struct nt_err_desc[] = \n")
+    out_file.write("{\n")
+    for err in errors:
+        # Account for the possibility that some errors may not have descriptions
+        if err.err_string == "":
+            continue
+        out_file.write("\t{ N_(\"%s\"), %s },\n"%(err.err_string, err.err_define))
+    out_file.write("{ 0, NT_STATUS(0) }\n")
+    out_file.write("};")
+
+def generatePythonFile(out_file, errors):
+    out_file.write("/*\n")
+    out_file.write(" * New descriptions for existing errors generated from\n")
+    out_file.write(" * [MS-ERREF] http://msdn.microsoft.com/en-us/library/cc704588.aspx\n")
+    out_file.write(" */\n")
+    out_file.write("#include \"lib/replace/system/python.h\"\n")
+    out_file.write("#include \"python/py3compat.h\"\n")
+    out_file.write("#include \"includes.h\"\n\n")
+    out_file.write("static struct PyModuleDef moduledef = {\n")
+    out_file.write("\tPyModuleDef_HEAD_INIT,\n")
+    out_file.write("\t.m_name = \"ntstatus\",\n")
+    out_file.write("\t.m_doc = \"NTSTATUS error defines\",\n")
+    out_file.write("\t.m_size = -1,\n")
+    out_file.write("};\n\n")
+    out_file.write("MODULE_INIT_FUNC(ntstatus)\n")
+    out_file.write("{\n")
+    out_file.write("\tPyObject *m;\n\n")
+    out_file.write("\tm = PyModule_Create(&moduledef);\n")
+    out_file.write("\tif (m == NULL)\n")
+    out_file.write("\t\treturn NULL;\n\n")
+    for err in errors:
+        line = """\tPyModule_AddObject(m, \"%s\",
+                  \t\tPyLong_FromUnsignedLongLong(NT_STATUS_V(%s)));\n""" % (err.err_define, err.err_define)
+        out_file.write(line)
+    out_file.write("\n")
+    out_file.write("\treturn m;\n")
+    out_file.write("}\n")
+
+def transformErrorName( error_name ):
+    if error_name.startswith("STATUS_"):
+        error_name = error_name.replace("STATUS_", "", 1)
+    elif error_name.startswith("RPC_NT_"):
+        error_name = error_name.replace("RPC_NT_", "RPC_", 1)
+    elif error_name.startswith("EPT_NT_"):
+        error_name = error_name.replace("EPT_NT_", "EPT_", 1)
+    return "NT_STATUS_" + error_name
+
+# Very simple script to generate files nterr_gen.c & ntstatus_gen.h.
+# These files contain generated definitions.
+# This script takes four inputs:
+# [1]: The name of the text file which is the content of an HTML table
+#      (e.g. the one found at http://msdn.microsoft.com/en-us/library/cc231200.aspx)
+#      copied and pasted.
+# [2]: The name of the output generated header file with NTStatus #defines
+# [3]: The name of the output generated source file with C arrays
+# [4]: The name of the output generated python file
+def main ():
+    input_file = None
+
+    if len(sys.argv) == 5:
+        input_file =  sys.argv[1]
+        gen_headerfile_name = sys.argv[2]
+        gen_sourcefile_name = sys.argv[3]
+        gen_pythonfile_name = sys.argv[4]
+    else:
+        print("usage: %s winerrorfile headerfile sourcefile pythonfile" % (sys.argv[0]))
+        sys.exit()
+
+    # read in the data
+    with io.open(input_file, "rt", encoding='utf8') as file_contents:
+        errors = parseErrorDescriptions(file_contents, False, transformErrorName)
+
+    # NT_STATUS_OK is a synonym of NT_STATUS_SUCCESS, and is very widely used
+    # throughout Samba. It must go first in the list to ensure that to ensure
+    # that code that previously found this error code in ‘special_errs’
+    # maintains the same behaviour by falling back to ‘nt_errs’.
+    ok_status = ErrorDef()
+    ok_status.err_code = 0
+    ok_status.err_define = 'NT_STATUS_OK'
+    errors.insert(0, ok_status)
+
+    print("writing new header file: %s" % gen_headerfile_name)
+    out_file = io.open(gen_headerfile_name, "wt", encoding='utf8')
+    generateHeaderFile(out_file, errors)
+    out_file.close()
+    print("writing new source file: %s" % gen_sourcefile_name)
+    out_file = io.open(gen_sourcefile_name, "wt", encoding='utf8')
+    generateSourceFile(out_file, errors)
+    out_file.close()
+    print("writing new python file: %s" % gen_pythonfile_name)
+    out_file = io.open(gen_pythonfile_name, "wt", encoding='utf8')
+    generatePythonFile(out_file, errors)
+    out_file.close()
+
+if __name__ == '__main__':
+
+    main()
diff --git a/source4/scripting/bin/gen_output.py b/source4/scripting/bin/gen_output.py
new file mode 100755
index 0000000..8f5239f
--- /dev/null
+++ b/source4/scripting/bin/gen_output.py
@@ -0,0 +1,53 @@
+#!/usr/bin/env python3
+
+# Copyright (C) Catalyst IT Ltd. 2017
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+"""
+A data generator to help tests.
+
+Generate large output to stdout by repeating input data.
+Usage:
+
+    python gen_output.py --data @ --repeat 1024 --retcode 1
+
+The above command will output @ x 1024 (1K) and exit with 1.
+"""
+
+import sys
+import argparse
+
+parser = argparse.ArgumentParser(description='Generate output data')
+
+parser.add_argument(
+    '--data', type=str, default='$',
+    help='Characters used to generate data by repeating them'
+)
+
+parser.add_argument(
+    '--repeat', type=int, default=1024 * 1024,
+    help='How many times to repeat the data'
+)
+
+parser.add_argument(
+    '--retcode', type=int, default=0,
+    help='Specify the exit code for this script'
+)
+
+args = parser.parse_args()
+
+sys.stdout.write(args.data * args.repeat)
+
+sys.exit(args.retcode)
diff --git a/source4/scripting/bin/gen_werror.py b/source4/scripting/bin/gen_werror.py
new file mode 100755
index 0000000..fd3948b
--- /dev/null
+++ b/source4/scripting/bin/gen_werror.py
@@ -0,0 +1,147 @@
+#!/usr/bin/env python3
+
+#
+# Unix SMB/CIFS implementation.
+#
+# WERROR error definition generation
+#
+# Copyright (C) Catalyst.Net Ltd. 2017
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+import sys, io
+from gen_error_common import parseErrorDescriptions
+
+def generateHeaderFile(out_file, errors):
+    out_file.write("/*\n")
+    out_file.write(" * Descriptions for errors generated from\n")
+    out_file.write(" * [MS-ERREF] https://msdn.microsoft.com/en-us/library/cc231199.aspx\n")
+    out_file.write(" */\n\n")
+    out_file.write("#ifndef _WERR_GEN_H\n")
+    out_file.write("#define _WERR_GEN_H\n")
+    for err in errors:
+        line = "#define %s W_ERROR(%s)\n" % (err.err_define, hex(err.err_code))
+        out_file.write(line)
+    out_file.write("\n#endif /* _WERR_GEN_H */\n")
+
+def generateSourceFile(out_file, errors):
+    out_file.write("/*\n")
+    out_file.write(" * Names for errors generated from\n")
+    out_file.write(" * [MS-ERREF] https://msdn.microsoft.com/en-us/library/cc231199.aspx\n")
+    out_file.write(" */\n")
+
+    for err in errors:
+        if (err.err_define == 'WERR_NERR_SUCCESS'):
+            continue
+        out_file.write(f'\t case {hex(err.err_code)}:\n')
+        out_file.write(f'\t\treturn \"{err.err_define}\";\n')
+        out_file.write(f'\t\tbreak;\n')
+
+def generateFriendlySourceFile(out_file, errors):
+    out_file.write("/*\n")
+    out_file.write(" * Names for errors generated from\n")
+    out_file.write(" * [MS-ERREF] https://msdn.microsoft.com/en-us/library/cc231199.aspx\n")
+    out_file.write(" */\n")
+
+    for err in errors:
+        if (err.err_define == 'WERR_NERR_SUCCESS'):
+            continue
+        out_file.write(f'\tcase {hex(err.err_code)}:\n')
+        out_file.write(f'\t\treturn \"{err.err_string}\";\n')
+        out_file.write('\t\tbreak;\n')
+
+def generatePythonFile(out_file, errors):
+    out_file.write("/*\n")
+    out_file.write(" * Errors generated from\n")
+    out_file.write(" * [MS-ERREF] https://msdn.microsoft.com/en-us/library/cc231199.aspx\n")
+    out_file.write(" */\n")
+    out_file.write("#include \"lib/replace/system/python.h\"\n")
+    out_file.write("#include \"python/py3compat.h\"\n")
+    out_file.write("#include \"includes.h\"\n\n")
+    out_file.write("static struct PyModuleDef moduledef = {\n")
+    out_file.write("\tPyModuleDef_HEAD_INIT,\n")
+    out_file.write("\t.m_name = \"werror\",\n")
+    out_file.write("\t.m_doc = \"WERROR defines\",\n")
+    out_file.write("\t.m_size = -1,\n")
+    out_file.write("};\n\n")
+    out_file.write("MODULE_INIT_FUNC(werror)\n")
+    out_file.write("{\n")
+    out_file.write("\tPyObject *m;\n\n")
+    out_file.write("\tm = PyModule_Create(&moduledef);\n")
+    out_file.write("\tif (m == NULL)\n")
+    out_file.write("\t\treturn NULL;\n\n")
+    for err in errors:
+        line = """\tPyModule_AddObject(m, \"%s\",
+                  \t\tPyLong_FromUnsignedLongLong(W_ERROR_V(%s)));\n""" % (err.err_define, err.err_define)
+        out_file.write(line)
+    out_file.write("\n")
+    out_file.write("\treturn m;\n")
+    out_file.write("}\n")
+
+def transformErrorName( error_name ):
+    if error_name.startswith("WERR_"):
+        error_name = error_name.replace("WERR_", "", 1)
+    elif error_name.startswith("ERROR_"):
+        error_name = error_name.replace("ERROR_", "", 1)
+    return "WERR_" + error_name.upper()
+
+# Script to generate files werror_gen.h, doserr_gen.c and
+# py_werror.c.
+#
+# These files contain generated definitions for WERRs and
+# their descriptions/names.
+#
+# This script takes four inputs:
+# [1]: The name of the text file which is the content of an HTML table
+#      (e.g. the one found at https://msdn.microsoft.com/en-us/library/cc231199.aspx)
+#      copied and pasted.
+# [2]: [[output werror_gen.h]]
+# [3]: [[output doserr_gen.c]]
+# [4]: [[output py_werror.c]]
+def main():
+    if len(sys.argv) == 6:
+        input_file_name = sys.argv[1]
+        gen_headerfile_name = sys.argv[2]
+        gen_sourcefile_name = sys.argv[3]
+        gen_friendlysource_name = sys.argv[4]
+        gen_pythonfile_name = sys.argv[5]
+    else:
+        print("usage: %s winerrorfile headerfile sourcefile pythonfile" % sys.argv[0])
+        sys.exit()
+
+    input_file = io.open(input_file_name, "rt", encoding='utf8')
+    errors = parseErrorDescriptions(input_file, True, transformErrorName)
+    input_file.close()
+
+    print("writing new header file: %s" % gen_headerfile_name)
+    out_file = io.open(gen_headerfile_name, "wt", encoding='utf8')
+    generateHeaderFile(out_file, errors)
+    out_file.close()
+    print("writing new source file: %s" % gen_sourcefile_name)
+    out_file = io.open(gen_sourcefile_name, "wt", encoding='utf8')
+    generateSourceFile(out_file, errors)
+    out_file.close()
+    print("writing new source file: %s" % gen_friendlysource_name)
+    out_file = io.open(gen_friendlysource_name, "wt", encoding='utf8')
+    generateFriendlySourceFile(out_file, errors)
+    out_file.close()
+    print("writing new python file: %s" % gen_pythonfile_name)
+    out_file = io.open(gen_pythonfile_name, "wt", encoding='utf8')
+    generatePythonFile(out_file, errors)
+    out_file.close()
+
+if __name__ == '__main__':
+
+    main()
diff --git a/source4/scripting/bin/gen_wsp_props.py b/source4/scripting/bin/gen_wsp_props.py
new file mode 100755
index 0000000..e33169e
--- /dev/null
+++ b/source4/scripting/bin/gen_wsp_props.py
@@ -0,0 +1,202 @@
+#!/usr/bin/env python
+#
+# Unix SMB/CIFS implementation.
+#
+# WSP property definitions
+#
+# Copyright (C) Noel Power
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+from __future__ import unicode_literals
+import sys, os.path, io, string
+
+# parsed error data
+
+# map of guid to propinfo
+GuidToPropMap = {}
+
+# list of property id to name maps
+GuidToPropMapLocation = {}
+
+props_read = 0
+
+class PropInfo:
+	def __init__(self):
+		self.propName = ""
+		self.propId = 0
+		self.inInvertedIndex = "FALSE"
+		self.isColumn = "TRUE"
+		self.canColumnBeIndexed = "TRUE"
+		self.dataType = None
+		self.maxSize = 0
+		self.isVectorProp = "FALSE"
+		self.description = ""
+		self.hasExtraInfo = False
+
+def parseCSV(fileContents, hasExtraInfo):
+	global props_read
+	lines = 0
+	for line in fileContents:
+		toParse = line.strip()
+		lines = lines + 1
+
+		if toParse[0] == '#':
+			continue
+
+		parsed = toParse.split(',',9)
+		newProp = PropInfo()
+		newProp.hasExtraInfo = hasExtraInfo
+		newProp.propName = parsed[0]
+		guid = parsed[1].upper()
+		newProp.propId = int(parsed[2])
+
+		if len(parsed[3]):
+			newProp.inInvertedIndex = parsed[3]
+		if len(parsed[4]):
+			newProp.isColumn = parsed[4]
+		if len(parsed[5]):
+			newProp.canColumnBeIndexed = parsed[5]
+		if len(parsed[6]):
+			newProp.dataType = parsed[6]
+		if len(parsed[7]):
+			newProp.maxSize = parsed[7]
+		if len(parsed[8]):
+			newProp.isVectorProp = parsed[8]
+		if len(parsed[9]):
+			newProp.description = parsed[9]
+
+		if not guid in GuidToPropMap:
+			GuidToPropMap[guid] = []
+
+		GuidToPropMap[guid].append(newProp)
+
+		props_read = props_read + 1
+
+def parseGuid(guid):
+	noBrackets = guid.split('{')[1].split('}')[0]
+	parts = noBrackets.split('-')
+	result = "{0x" + parts[0] + ", 0x" + parts[1] + ", 0x" + parts[2]
+	result = result + ", {0x" + parts[3][0:2] + ", 0x" + parts[3][2:4] + "}, "
+	result = result + "{0x" + parts[4][0:2] + ", 0x" + parts[4][2:4] + ", "
+	result = result + "0x" + parts[4][4:6] + ", 0x" + parts[4][6:8] + ", "
+	result = result + "0x" + parts[4][8:10] + ", 0x" + parts[4][10:12] + "}"
+	result = result + "}"
+	return result;
+
+def getBoolString(boolString):
+	if boolString  == "TRUE":
+		return "true"
+	else:
+		return "false"
+
+def getVtype(prop):
+	result = "Unknown"
+	if prop.dataType == "GUID":
+		result = "VT_CLSID"
+	if prop.dataType == "String":
+		result = "VT_LPWSTR"
+	if prop.dataType == "BString":
+		result = "VT_BSTR"
+	elif prop.dataType == "Double":
+		result = "VT_R8"
+	elif prop.dataType == "Buffer":
+		result = "VT_BLOB_OBJECT"
+	elif prop.dataType == "Byte":
+		result = "VT_UI1"
+	elif prop.dataType == "UInt64":
+		result = "VT_UI8"
+	elif prop.dataType == "Int64":
+		result = "VT_I8"
+	elif prop.dataType == "UInt32":
+		result = "VT_UI4"
+	elif prop.dataType == "Int32":
+		result = "VT_I4"
+	elif prop.dataType == "UInt16":
+		result = "VT_UI2"
+	elif prop.dataType == "Int16":
+		result = "VT_I2"
+	elif prop.dataType == "DateTime":
+		result = "VT_FILETIME"
+	elif prop.dataType == "Boolean":
+		result = "VT_BOOL"
+	if prop.isVectorProp == "TRUE":
+		result = result + " | VT_VECTOR"
+	return result
+
+def generateSourceCode(propMap, outputFile):
+	source = "#include \"replace.h\"\n"
+	source = source + "#include \"bin/default/librpc/gen_ndr/ndr_wsp.h\"\n"
+	source = source + "#include \"librpc/wsp/wsp_util.h\"\n"
+	count = 0
+	for guid in propMap.keys():
+		varName = "guid_properties_%d"%count
+		GuidToPropMapLocation[guid] = varName
+		count = count + 1
+
+		source = source + "static const struct full_propset_info %s[] = {\n"%varName
+		for props in propMap[guid]:
+			extraInfo = "false"
+			if props.hasExtraInfo:
+				extraInfo = "true"
+			source = source + "\t{0x%x,\"%s\",%s, %s, %s, %s, %s, %s},\n"%(props.propId, props.propName, getVtype(props), extraInfo, getBoolString(props.inInvertedIndex),getBoolString(props.isColumn), getBoolString(props.canColumnBeIndexed), props.maxSize)
+
+		source = source + "\t{0,NULL,0,false,false,false,false,0}\n};\n\n"
+
+	source = source + "\n"
+
+	source = source + "const struct full_guid_propset full_propertyset[] = {\n";
+	for guid in propMap.keys():
+		guidBytes = parseGuid(guid)
+		varName = GuidToPropMapLocation[guid]
+		source = source + "\t{" + guidBytes + "," + varName + "},\n"
+
+	source = source + "\t{{0, 0, 0, {0, 0}, {0, 0, 0, 0, 0, 0}}," + "NULL" + "},\n"
+	source = source + "};\n"
+	outputFile.write(source)
+
+def main ():
+	inputFile = None
+	outputSrcFile = None
+	extraPropsLimitedInfo = None
+	if len(sys.argv) > 3:
+		inputFile =  sys.argv[1]
+		outputFile =  sys.argv[2]
+		# this file contains extra properties (that don't have the full
+		# set of property information
+		if len(sys.argv) > 3:
+			extraPropsLimitedInfo = sys.argv[3]
+	else:
+		print ("usage: %s property-csv outfile optionalLimitedInfoProps"%(sys.argv[0]))
+		sys.exit(0)
+	fileContents = io.open(inputFile,"rt",  encoding='utf8')
+	outputSource = io.open(outputFile,"wt", encoding='utf8')
+	parseCSV(fileContents, True)
+	fileContents.close()
+
+	if extraPropsLimitedInfo != None:
+		fileContents = io.open(extraPropsLimitedInfo,"rt", encoding='utf8')
+		parseCSV(fileContents, False)
+		fileContents.close()
+
+	generateSourceCode(GuidToPropMap, outputSource)
+
+	outputSource.close()
+	print ("ok! parsed %d properties and %d propsets(guid)"%(props_read,len(GuidToPropMap.keys())))
+
+
+if __name__ == '__main__':
+
+    main()
+
diff --git a/source4/scripting/bin/get-descriptors b/source4/scripting/bin/get-descriptors
new file mode 100755
index 0000000..6e69222
--- /dev/null
+++ b/source4/scripting/bin/get-descriptors
@@ -0,0 +1,154 @@
+#!/usr/bin/env python3
+#
+# Unix SMB/CIFS implementation.
+# A script to compare differences of security descriotors between
+# a remote host and the local Ldb
+# Needs the local domain, the remote domain, IP of the remote host
+# Username and password for the remote domain, must be at least
+# Domain Administrator
+#
+# Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2008
+# Copyright (C) Nadezhda Ivanova <nadezhda.ivanova@postpath.com> 2009
+#
+# Based on the original in EJS:
+# Copyright (C) Andrew Tridgell <tridge@samba.org> 2005
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+import optparse
+import sys
+import base64
+
+sys.path.insert(0, "bin/python")
+
+import samba
+from samba.auth import system_session
+import samba.getopt as options
+from samba.ndr import ndr_pack, ndr_unpack
+from samba.dcerpc import security
+from samba import Ldb
+from samba.samdb import SamDB
+from ldb import SCOPE_SUBTREE, SCOPE_BASE
+
+parser = optparse.OptionParser("get-descriptors [options]")
+sambaopts = options.SambaOptions(parser)
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+
+parser.add_option("--local-domain", type="string", metavar="LOCALDOMAIN",
+                  help="set local domain")
+parser.add_option("--remote-domain", type="string", metavar="REMOTEDOMAIN",
+                  help="set remote domain")
+parser.add_option("--host", type="string", metavar="HOST",
+                  help="Ip of the remote host used for comparison")
+parser.add_option("--as-ldif", help="Output in LDIF format", action="store_true")
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+
+opts = parser.parse_args()[0]
+
+if not opts.host or not opts.localdomain or not opts.remote_domain:
+    parser.print_usage()
+    sys.exit(1)
+
+class DescrGetter:
+
+    def __init__(self, localdomain, remotedomain):
+        self.samdb = SamDB(session_info=system_session(), lp=lp, options=["modules:paged_searches"])
+        self.remote_ldb= Ldb("ldap://" + opts.host + ":389", credentials=creds, lp=lp,
+                             options=["modules:paged_searches"])
+        self.local_domain = localdomain.replace(".", ",DC=")
+        self.local_domain = "DC=" + self.local_domain
+        self.remote_domain = remotedomain.replace(".", ",DC=")
+        self.remote_domain = "DC=" + self.remote_domain
+        self.local_map = {}
+        self.remote_map = {}
+
+    def get_domain_local_sid(self):
+        res = self.samdb.search(base=self.local_domain,expression="(objectClass=*)", scope=SCOPE_BASE)
+        self.local_sid = ndr_unpack( security.dom_sid,res[0]["objectSid"][0])
+
+    def get_domain_remote_sid(self):
+        res = self.remote_ldb.search(base=self.remote_domain, expression="(objectClass=*)", scope=SCOPE_BASE)
+        self.remote_sid = ndr_unpack( security.dom_sid,res[0]["objectSid"][0])
+
+    def add_to_ldif(self, dn, descr):
+        ldif_entry = ["dn: " + dn,
+                      "changetype: modify",
+                      "replace: nTSecurityDescriptor",
+                      "nTSecurityDescriptor::  " + base64.b64encode(ndr_pack(descr)).decode('utf8')]
+
+        for line in ldif_entry:
+            length = 79
+            if len(line) <= length + 1:
+                print(line)
+            else:
+                for i in range(len(line) / length + 1):
+                    if i == 0:
+                        l = line[i * length:((i + 1) * length)]
+                    else:
+                        l = " " + line[(i * length):((i + 1) * length)]
+                    print(l)
+        print("\n")
+
+    def write_as_sddl(self, dn, descr):
+        print(dn)
+        print(descr + "\n")
+
+    def read_descr_by_base(self, search_base):
+        res = self.samdb.search(base=search_base + self.local_domain, expression="(objectClass=*)", scope=SCOPE_SUBTREE, attrs=["nTSecurityDescriptor"])
+        for entry in res:
+            dn = entry["dn"].__str__().replace(self.local_domain, "")
+
+            if "nTSecurityDescriptor" in entry:
+                desc_obj = ndr_unpack(security.descriptor, entry["nTSecurityDescriptor"][0])
+                self.local_map[dn] = desc_obj
+
+        res = self.remote_ldb.search(base=search_base + self.remote_domain, expression="(objectClass=*)", scope=SCOPE_SUBTREE, attrs=["nTSecurityDescriptor"])
+        for entry in res:
+            dn = entry["dn"].__str__().replace(self.remote_domain, "")
+
+            if "nTSecurityDescriptor" in entry:
+                desc_obj = ndr_unpack(security.descriptor, entry["nTSecurityDescriptor"][0])
+                self.remote_map[dn] = desc_obj
+
+    def read_desc(self):
+        self.read_descr_by_base("CN=Schema,CN=Configuration,")
+        self.read_descr_by_base("CN=Configuration,")
+        self.read_descr_by_base("")
+
+    def write_desc_to_ldif(self):
+        key_list_local = self.local_map.keys()
+        key_list_remote = self.remote_map.keys()
+        for key in key_list_remote:
+            if key in key_list_local:
+                sddl = self.remote_map[key].as_sddl(self.remote_sid)
+                sddl_local = self.local_map[key].as_sddl(self.local_sid)
+                if sddl != sddl_local:
+                    descr = security.descriptor.from_sddl(sddl, self.local_sid)
+                if opts.as_ldif:
+                    self.add_to_ldif(key + self.local_domain, descr)
+                else:
+                    self.write_as_sddl(key, descr.as_sddl(self.local_sid))
+
+    def run(self):
+        self.get_domain_local_sid()
+        self.get_domain_remote_sid()
+        self.read_desc()
+        self.write_desc_to_ldif()
+
+desc = DescrGetter(opts.local_domain, opts.remote_domain)
+desc.run()
diff --git a/source4/scripting/bin/ktpass.sh b/source4/scripting/bin/ktpass.sh
new file mode 100755
index 0000000..a165816
--- /dev/null
+++ b/source4/scripting/bin/ktpass.sh
@@ -0,0 +1,122 @@
+#!/bin/sh
+# vim: expandtab
+#
+# Copyright (C) Matthieu Patou <mat@matws.net>  2010
+#
+#
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+name="ktpass.sh"
+TEMP=$(getopt -o h --long princ:,pass:,out:,host:,ptype:,enc:,path-to-ldbsearch: \
+	-n "$name" -- "$@")
+eval set -- "$TEMP"
+
+usage()
+{
+	echo -ne "$name --out <keytabfile> --princ <principal> --pass <password>|*\n"
+	echo -ne "      [--host hostname] [--enc <encryption>]\n"
+	echo -ne "      [--ptype <type>] [--path-to-ldbsearch <path>]\n"
+	echo -ne "\nEncoding should be one of:\n"
+	echo -ne " * des-cbc-crc\n"
+	echo -ne " * des-cbc-md5\n"
+	echo -ne " * rc4-hmac (default)\n"
+	echo -ne " * aes128-cts\n"
+	echo -ne " * aes256-cts\n"
+	exit 0
+}
+while true; do
+	case "$1" in
+	--out)
+		outfile=$2
+		shift 2
+		;;
+	--princ)
+		princ=$2
+		shift 2
+		;;
+	--pass)
+		pass=$2
+		shift 2
+		;;
+	--host)
+		host=$2
+		shift 2
+		;;
+	--ptype) shift 2 ;;
+	--enc)
+		enc=$2
+		shift 2
+		;;
+	--path-to-ldbsearch)
+		path="$2/"
+		shift 2
+		;;
+	-h) usage ;;
+	--)
+		shift
+		break
+		;;
+	*)
+		echo "Internal error!"
+		exit 1
+		;;
+	esac
+done
+#RC4-HMAC-NT|AES256-SHA1|AES128-SHA
+if [ -z "$enc" ]; then
+	enc="rc4-hmac"
+fi
+if [ -z "$path" ]; then
+	path=$(dirname $0)/../bin/
+	if [ ! -f ${path}ldbsearch ]; then
+		path=$(dirname $0)/../../bin/
+	fi
+fi
+if [ -z "$outfile" -o -z "$princ" -o -z "$pass" ]; then
+	echo "At least one mandatory parameter (--out, --princ, --pass) was not specified"
+	usage
+fi
+if [ -z $host ]; then
+	host=$(hostname)
+fi
+
+kvno=$(${path}ldbsearch -H ldap://$host "(|(samaccountname=$princ)(serviceprincipalname=$princ)(userprincipalname=$princ))" msds-keyversionnumber -k 1 -N 2>/dev/null | grep -i msds-keyversionnumber)
+if [ x"$kvno" = x"" ]; then
+	echo -ne "Unable to find kvno for principal $princ\n"
+	echo -ne " check that you are authentified with kerberos\n"
+	exit 1
+else
+	kvno=$(echo $kvno | sed 's/^.*: //')
+fi
+
+if [ "$pass" = "*" ]; then
+	echo -n "Enter password for $princ: "
+	stty -echo
+	read pass
+	stty echo
+	echo ""
+fi
+
+ktutil >/dev/null <<EOF
+add_entry -password -p $princ -k $kvno -e $enc
+$pass
+wkt $outfile
+EOF
+
+if [ $? -eq 0 ]; then
+	echo "Keytab file $outfile created with success"
+else
+	echo "Error while creating the keytab file $outfile"
+fi
diff --git a/source4/scripting/bin/machineaccountccache b/source4/scripting/bin/machineaccountccache
new file mode 100755
index 0000000..5e6d3c5
--- /dev/null
+++ b/source4/scripting/bin/machineaccountccache
@@ -0,0 +1,30 @@
+#!/usr/bin/env python3
+import optparse
+import sys
+
+# Find right directory when running from source tree
+sys.path.insert(0, "bin/python")
+
+
+import samba
+from samba import getopt as options
+from samba.credentials import Credentials
+parser = optparse.OptionParser("machineaccountccache <ccache name>")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+opts, args = parser.parse_args()
+
+if len(args) != 1:
+    parser.print_usage()
+    sys.exit(1)
+
+ccachename = args[0]
+
+lp_ctx = sambaopts.get_loadparm()
+
+creds = Credentials()
+
+creds.guess(lp_ctx)
+creds.set_machine_account(lp_ctx)
+creds.get_named_ccache(lp_ctx, ccachename)
diff --git a/source4/scripting/bin/machineaccountpw b/source4/scripting/bin/machineaccountpw
new file mode 100755
index 0000000..eab773e
--- /dev/null
+++ b/source4/scripting/bin/machineaccountpw
@@ -0,0 +1,42 @@
+#!/usr/bin/env python3
+import optparse
+import sys
+
+# Find right directory when running from source tree
+sys.path.insert(0, "bin/python")
+
+
+import samba
+from samba import getopt as options
+from samba import NTSTATUSError
+from samba.credentials import Credentials
+parser = optparse.OptionParser("machineaccountpw")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+opts, args = parser.parse_args()
+
+if len(args) != 0:
+    parser.print_usage()
+    sys.exit(1)
+
+try:
+    lp_ctx = sambaopts.get_loadparm()
+except RuntimeError as error:
+    print("Unable to load smb.conf %s: %s" % (sambaopts.get_loadparm_path(),
+                                              error),
+          file=sys.stderr)
+    sys.exit(1)
+
+creds = Credentials()
+
+creds.guess(lp_ctx)
+try:
+    creds.set_machine_account(lp_ctx)
+except NTSTATUSError as error:
+    print("Failed to find a stored machine account credential on this system: %s" \
+          % error.args[1],
+          file=sys.stderr)
+    sys.exit(1)
+
+print(creds.get_password())
diff --git a/source4/scripting/bin/nsupdate-gss b/source4/scripting/bin/nsupdate-gss
new file mode 100755
index 0000000..509220d
--- /dev/null
+++ b/source4/scripting/bin/nsupdate-gss
@@ -0,0 +1,352 @@
+#!/usr/bin/perl -w
+# update a win2000 DNS server using gss-tsig 
+# tridge@samba.org, October 2002
+
+# jmruiz@animatika.net
+# updated, 2004-Enero
+
+# tridge@samba.org, September 2009
+# added --verbose, --noverify, --ntype and --nameserver
+
+# See draft-ietf-dnsext-gss-tsig-02, RFC2845 and RFC2930
+
+use strict;
+use lib "GSSAPI";
+use Net::DNS;
+use GSSAPI;
+use Getopt::Long;
+
+my $opt_wipe = 0;
+my $opt_add = 0;
+my $opt_noverify = 0;
+my $opt_verbose = 0;
+my $opt_help = 0;
+my $opt_nameserver;
+my $opt_realm;
+my $opt_ntype = "A";
+
+# main program
+GetOptions (
+	    'h|help|?' => \$opt_help,
+	    'wipe' => \$opt_wipe,
+	    'realm=s' => \$opt_realm,
+	    'nameserver=s' => \$opt_nameserver,
+	    'ntype=s' => \$opt_ntype,
+	    'add' => \$opt_add,
+	    'noverify' => \$opt_noverify,
+	    'verbose' => \$opt_verbose
+	    );
+
+#########################################
+# display help text
+sub ShowHelp()
+{
+    print "
+ nsupdate with gssapi
+ Copyright (C) tridge\@samba.org
+
+ Usage: nsupdate-gss [options] HOST DOMAIN TARGET TTL
+
+ Options:
+         --wipe               wipe all records for this name
+         --add                add to any existing records
+         --ntype=TYPE         specify name type (default A)
+         --nameserver=server  specify a specific nameserver
+         --noverify           don't verify the MIC of the reply
+         --verbose            show detailed steps
+           
+";
+    exit(0);
+}
+
+if ($opt_help) {
+	ShowHelp();
+}
+
+if ($#ARGV != 3) {
+	ShowHelp();
+}
+
+
+my $host = $ARGV[0];
+my $domain = $ARGV[1];
+my $target = $ARGV[2];
+my $ttl = $ARGV[3];
+my $alg = "gss.microsoft.com";
+
+
+
+#######################################################################
+# signing callback function for TSIG module
+sub gss_sign($$)
+{
+    my $key = shift;
+    my $data = shift;
+    my $sig;
+    $key->get_mic(0, $data, $sig);
+    return $sig;
+}
+
+
+
+#####################################################################
+# write a string into a file
+sub FileSave($$)
+{
+    my($filename) = shift;
+    my($v) = shift;
+    local(*FILE);
+    open(FILE, ">$filename") || die "can't open $filename";    
+    print FILE $v;
+    close(FILE);
+}
+
+
+#######################################################################
+# verify a TSIG signature from a DNS server reply
+#
+sub sig_verify($$)
+{
+    my $context = shift;
+    my $packet = shift;
+
+    my $tsig = ($packet->additional)[0];
+    $opt_verbose && print "calling sig_data\n";
+    my $sigdata = $tsig->sig_data($packet);
+
+    $opt_verbose && print "sig_data_done\n";
+
+    return $context->verify_mic($sigdata, $tsig->{"mac"}, 0);
+}
+
+
+#######################################################################
+# find the nameserver for the domain
+#
+sub find_nameserver($)
+{
+    my $server_name = shift;
+    return Net::DNS::Resolver->new(
+	    nameservers => [$server_name],
+	    recurse     => 0,
+	    debug       => 0);
+}
+
+
+#######################################################################
+# find a server name for a domain - currently uses the NS record
+sub find_server_name($)
+{
+    my $domain = shift;
+    my $res = Net::DNS::Resolver->new;
+    my $srv_query = $res->query("$domain.", "NS");
+    if (!defined($srv_query)) {
+	return undef;
+    }
+    my $server_name;
+    foreach my $rr (grep { $_->type eq 'NS' } $srv_query->answer) {
+	    $server_name = $rr->nsdname;
+    }
+    return $server_name;
+}
+
+#######################################################################
+# 
+#
+sub negotiate_tkey($$$$)
+{
+
+    my $nameserver = shift;
+    my $domain = shift;
+    my $server_name = shift;
+    my $key_name = shift;
+
+    my $status;
+
+    my $context = GSSAPI::Context->new;
+    my $name = GSSAPI::Name->new;
+
+    # use a principal name of dns/server@REALM
+    $opt_verbose &&
+	print "Using principal dns/" . $server_name . "@" . uc($opt_realm) . "\n";
+    $status = $name->import($name, "dns/" . $server_name . "@" . uc($opt_realm));
+    if (! $status) {
+	    print "import name: $status\n";
+	    return undef;
+    }
+
+    my $flags = 
+	GSS_C_REPLAY_FLAG | GSS_C_MUTUAL_FLAG | 
+	GSS_C_SEQUENCE_FLAG | GSS_C_CONF_FLAG | 
+	GSS_C_INTEG_FLAG;
+
+
+    $status = GSSAPI::Cred::acquire_cred(undef, 120, undef, GSS_C_INITIATE,
+					 my $cred, my $oidset, my $time);
+
+    if (! $status) {
+	print "acquire_cred: $status\n";
+	return undef;
+    }
+
+    $opt_verbose && print "creds acquired\n";
+
+    # call gss_init_sec_context()
+    $status = $context->init($cred, $name, undef, $flags,
+			     0, undef, "", undef, my $tok,
+			     undef, undef);
+    if (! $status) {
+	    print "init_sec_context: $status\n";
+	    return undef;
+    }
+
+    $opt_verbose && print "init done\n";
+
+    my $gss_query = Net::DNS::Packet->new("$key_name", "TKEY", "IN");
+
+    # note that Windows2000 uses a SPNEGO wrapping on GSSAPI data sent to the nameserver.
+    # I tested using the gen_negTokenTarg() call from Samba 3.0 and it does work, but
+    # for this utility it is better to use plain GSSAPI/krb5 data so as to reduce the
+    # dependence on external libraries. If we ever want to sign DNS packets using
+    # NTLMSSP instead of krb5 then the SPNEGO wrapper could be used
+
+    $opt_verbose && print "calling RR new\n";
+
+    $a = Net::DNS::RR->new(
+			   Name    => "$key_name",
+			   Type    => "TKEY",
+			   TTL     => 0,
+			   Class   => "ANY",
+			   mode => 3,
+			   algorithm => $alg,
+			   inception => time,
+			   expiration => time + 24*60*60,
+			   key => $tok,
+			   other_data => "",
+			   );
+
+    $gss_query->push("answer", $a);
+
+    my $reply = $nameserver->send($gss_query);
+
+    if (!defined($reply) || $reply->header->{'rcode'} ne 'NOERROR') {
+	print "failed to send TKEY\n";
+	return undef;
+    }
+
+    my $key2 = ($reply->answer)[0]->{"key"};
+
+    # call gss_init_sec_context() again. Strictly speaking
+    # we should loop until this stops returning CONTINUE
+    # but I'm a lazy bastard
+    $status = $context->init($cred, $name, undef, $flags,
+			     0, undef, $key2, undef, $tok,
+			     undef, undef);
+    if (! $status) {
+	print "init_sec_context step 2: $status\n";
+	return undef;
+    }
+
+    if (!$opt_noverify) {
+	    $opt_verbose && print "verifying\n";
+
+	    # check the signature on the TKEY reply
+	    my $rc = sig_verify($context, $reply);
+	    if (! $rc) {
+		    print "Failed to verify TKEY reply: $rc\n";
+#		return undef;
+	    }
+
+	    $opt_verbose && print "verifying done\n";
+    }
+
+    return $context;
+}
+
+
+#######################################################################
+# MAIN
+#######################################################################
+
+if (!$opt_realm) {
+	$opt_realm = $domain;
+}
+
+# find the name of the DNS server
+if (!$opt_nameserver) {
+	$opt_nameserver = find_server_name($domain);
+	if (!defined($opt_nameserver)) {
+		print "Failed to find a DNS server name for $domain\n";
+		exit 1;
+	}
+}
+$opt_verbose && print "Using DNS server name $opt_nameserver\n";
+
+# connect to the nameserver
+my $nameserver = find_nameserver($opt_nameserver);
+if (!defined($nameserver) || $nameserver->{'errorstring'} ne 'NOERROR') {
+	print "Failed to connect to nameserver for domain $domain\n";
+	exit 1;
+}
+
+
+# use a long random key name
+my $key_name = int(rand 10000000000000);
+
+# negotiate a TKEY key
+my $gss_context = negotiate_tkey($nameserver, $domain, $opt_nameserver, $key_name);
+if (!defined($gss_context)) {
+    print "Failed to negotiate a TKEY\n";
+    exit 1;
+}
+$opt_verbose && print "Negotiated TKEY $key_name\n";
+
+# construct a signed update
+my $update = Net::DNS::Update->new($domain);
+
+$update->push("pre", yxdomain("$domain"));
+if (!$opt_add) {
+	$update->push("update", rr_del("$host.$domain. $opt_ntype"));
+}
+if (!$opt_wipe) {
+	$update->push("update", rr_add("$host.$domain. $ttl $opt_ntype $target"));
+}
+
+my $sig = Net::DNS::RR->new(
+			    Name    => $key_name,
+			    Type    => "TSIG",
+			    TTL     => 0,
+			    Class   => "ANY",
+			    Algorithm => $alg,
+			    Time_Signed => time,
+			    Fudge => 36000,
+			    Mac_Size => 0,
+			    Mac => "",
+			    Key => $gss_context,
+			    Sign_Func => \&gss_sign,
+			    Other_Len => 0,
+			    Other_Data => "",
+			    Error => 0,
+			    mode => 3,
+			    );
+
+$update->push("additional", $sig);
+
+# send the dynamic update
+my $update_reply = $nameserver->send($update);
+
+if (! defined($update_reply)) {
+    print "No reply to dynamic update\n";
+    exit 1;
+}
+
+# make sure it worked
+my $result = $update_reply->header->{"rcode"};
+
+($opt_verbose || $result ne 'NOERROR') && print "Update gave rcode $result\n";
+
+if ($result ne 'NOERROR') {
+    exit 1;
+}
+
+exit 0;
diff --git a/source4/scripting/bin/rebuildextendeddn b/source4/scripting/bin/rebuildextendeddn
new file mode 100755
index 0000000..d5c0ecb
--- /dev/null
+++ b/source4/scripting/bin/rebuildextendeddn
@@ -0,0 +1,135 @@
+#!/usr/bin/env python3
+#
+# Unix SMB/CIFS implementation.
+# Extended attributes (re)building
+# Copyright (C) Matthieu Patou <mat@matws.net> 2009
+#
+# Based on provision a Samba4 server by
+# Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2008
+# Copyright (C) Andrew Bartlett <abartlet@samba.org> 2008
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+import optparse
+import os
+import sys
+# Find right directory when running from source tree
+sys.path.insert(0, "bin/python")
+
+import samba
+from samba.credentials import DONT_USE_KERBEROS
+from samba.auth import system_session
+from samba import Ldb
+from ldb import SCOPE_SUBTREE, SCOPE_BASE
+import ldb
+import samba.getopt as options
+from samba import param
+from samba.provision import ProvisionNames, provision_paths_from_lp
+from samba.schema import get_dnsyntax_attributes, get_linked_attributes
+
+parser = optparse.OptionParser("rebuildextendeddn [options]")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+parser.add_option("--targetdir", type="string", metavar="DIR", 
+                  help="Set target directory")
+
+opts = parser.parse_args()[0]
+
+def message(text):
+    """print a message if quiet is not set."""
+    if not opts.quiet:
+        print(text)
+
+if len(sys.argv) == 1:
+    opts.interactive = True
+
+lp = sambaopts.get_loadparm()
+smbconf = lp.configfile
+
+creds = credopts.get_credentials(lp)
+
+creds.set_kerberos_state(DONT_USE_KERBEROS)
+
+session = system_session()
+
+
+def get_paths(targetdir=None,smbconf=None):
+    if targetdir is not None:
+        if (not os.path.exists(os.path.join(targetdir, "etc"))):
+            os.makedirs(os.path.join(targetdir, "etc"))
+        smbconf = os.path.join(targetdir, "etc", "smb.conf")
+    if smbconf is None:
+            smbconf = param.default_path()
+
+    if not os.path.exists(smbconf):
+        print("Unable to find smb.conf .. "+smbconf, file=sys.stderr)
+        parser.print_usage()
+        sys.exit(1)
+
+    lp = param.LoadParm()
+    lp.load(smbconf)
+    paths = provision_paths_from_lp(lp,"foo")
+    return paths
+
+
+
+def rebuild_en_dn(credentials,session_info,paths):
+    lp = param.LoadParm()
+    lp.load(paths.smbconf)
+    names = ProvisionNames()
+    names.domain = lp.get("workgroup")
+    names.realm = lp.get("realm")
+    names.rootdn = "DC=" + names.realm.replace(".",",DC=")
+
+    attrs = ["dn" ]
+    dn = ""
+    sam_ldb = Ldb(paths.samdb, session_info=session_info, credentials=credentials,lp=lp)
+    attrs2 = ["schemaNamingContext"]
+    res2 = sam_ldb.search(expression="(objectClass=*)",base="", scope=SCOPE_BASE, attrs=attrs2)
+    attrs.extend(get_linked_attributes(ldb.Dn(sam_ldb,str(res2[0]["schemaNamingContext"])),sam_ldb).keys())
+    attrs.extend(get_dnsyntax_attributes(ldb.Dn(sam_ldb,str(res2[0]["schemaNamingContext"])),sam_ldb))
+    sam_ldb.transaction_start()
+    res = sam_ldb.search(expression="(cn=*)", scope=SCOPE_SUBTREE, attrs=attrs,controls=["search_options:1:2"])
+    mod = ""
+    for i in range (0,len(res)):
+        #print >>sys.stderr,res[i].dn
+        dn = res[i].dn
+        for att in res[i]:
+            if ( (att != "dn" and att != "cn") and not (res[i][att] is None) ):
+                m = ldb.Message()
+                m.dn = ldb.Dn(sam_ldb, str(dn))
+                saveatt = []
+                for j in range (0,len( res[i][att])):
+                    mod = mod +att +": "+str(res[i][att][j])+"\n"
+                    saveatt.append(str(res[i][att][j]))
+                m[att] = ldb.MessageElement(saveatt, ldb.FLAG_MOD_REPLACE, att)
+                sam_ldb.modify(m)
+                res3 = sam_ldb.search(expression="(&(distinguishedName=%s)(%s=*))"%(dn,att),scope=SCOPE_SUBTREE, attrs=[att],controls=["search_options:1:2"])
+                if( len(res3) == 0  or (len(res3[0][att])!= len(saveatt))):
+                    print(str(dn) + " has no attr " +att+ " or a wrong value",
+                          file=sys.stderr)
+                    for satt in saveatt:
+                        print("%s    =    %s" % (att, satt),
+                              file=sys.stderr)
+                    sam_ldb.transaction_cancel()
+    sam_ldb.transaction_commit()
+
+
+paths = get_paths(targetdir=opts.targetdir, smbconf=smbconf)
+
+rebuild_en_dn(creds,session,paths)
+
diff --git a/source4/scripting/bin/renamedc b/source4/scripting/bin/renamedc
new file mode 100755
index 0000000..e5e8a2c
--- /dev/null
+++ b/source4/scripting/bin/renamedc
@@ -0,0 +1,191 @@
+#!/usr/bin/env python3
+# vim: expandtab
+#
+# Copyright (C) Matthieu Patou <mat@matws.net> 2011
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+
+import optparse
+import sys
+# Allow to run from s4 source directory (without installing samba)
+sys.path.insert(0, "bin/python")
+
+import ldb
+import samba
+import samba.getopt as options
+import os
+
+from samba.credentials import DONT_USE_KERBEROS
+from samba.auth import system_session
+from samba import param
+from samba.provision import find_provision_key_parameters, secretsdb_self_join
+from samba.upgradehelpers import get_ldbs, get_paths
+
+
+__docformat__ = "restructuredText"
+
+parser = optparse.OptionParser("renamedc [options]")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+parser.add_option("--oldname",
+                  help="Old DC name")
+parser.add_option("--newname",
+                  help="New DC name")
+
+opts = parser.parse_args()[0]
+
+if len(sys.argv) == 1:
+    opts.interactive = True
+lp = sambaopts.get_loadparm()
+smbconf = lp.configfile
+
+creds = credopts.get_credentials(lp)
+creds.set_kerberos_state(DONT_USE_KERBEROS)
+
+
+if __name__ == '__main__':
+    defSDmodified = False
+   # 1) First get files paths
+    paths = get_paths(param, smbconf=smbconf)
+    # Get ldbs with the system session, it is needed for searching
+    # provision parameters
+    session = system_session()
+
+    ldbs = get_ldbs(paths, creds, session, lp)
+    ldbs.sam.transaction_start()
+    ldbs.secrets.transaction_start()
+
+    if opts.oldname is None or opts.newname is None:
+        raise Exception("Option oldname or newname is missing")
+    res = ldbs.sam.search(expression="(&(name=%s)(serverReferenceBL=*))" % opts.oldname)
+    if len(res) != 1:
+        raise Exception("Wrong number of result returned (%d), are you sure of the old name %s" %
+                (len(res), opts.oldname))
+
+    # Ok got it then check that the new name is not used as well
+    res2 = ldbs.sam.search(expression="(&(name=%s)(objectclass=computer))" % opts.newname)
+    if len(res2) != 0:
+        raise Exception("Seems that %s is a name that already exists, pick another one" %
+                        opts.newname)
+
+    names = find_provision_key_parameters(ldbs.sam, ldbs.secrets, ldbs.idmap,
+                                            paths, smbconf, lp)
+
+    # First rename the entry
+    # provision put the name in upper case so let's do it too !
+    newdn = ldb.Dn(ldbs.sam, str(res[0].dn))
+    newdn.set_component(0, "cn", opts.newname.upper())
+    ldbs.sam.rename(res[0].dn, newdn)
+
+    # Then change password and samaccountname and dnshostname
+    msg = ldb.Message(newdn)
+    machinepass = samba.generate_random_machine_password(120, 120)
+    mputf16 = machinepass.encode('utf-16-le')
+
+    account = "%s$" % opts.newname.upper()
+    msg["clearTextPassword"] = ldb.MessageElement(mputf16,
+                                            ldb.FLAG_MOD_REPLACE,
+                                            "clearTextPassword")
+
+    msg["sAMAccountName"] = ldb.MessageElement(account,
+                                            ldb.FLAG_MOD_REPLACE,
+                                            "sAMAccountName")
+
+    msg["dNSHostName"] = ldb.MessageElement("%s.%s" % (opts.newname,
+                                            names.dnsdomain),
+                                            ldb.FLAG_MOD_REPLACE,
+                                            "dNSHostName")
+    ldbs.sam.modify(msg)
+
+    # Do a self join one more time to resync the secrets file
+    res = ldbs.sam.search(base=newdn, scope=ldb.SCOPE_BASE,
+                          attrs=["msDs-keyVersionNumber", "serverReferenceBL"])
+    assert(len(res) == 1)
+    kvno = int(str(res[0]["msDs-keyVersionNumber"]))
+    serverbldn = ldb.Dn(ldbs.sam, str(res[0]["serverReferenceBL"]))
+
+    secrets_msg = ldbs.secrets.search(expression="sAMAccountName=%s$" %
+                                            opts.oldname.upper(),
+                                            attrs=["secureChannelType"])
+
+    secChanType = int(secrets_msg[0]["secureChannelType"][0])
+
+    secretsdb_self_join(ldbs.secrets, domain=names.domain,
+                realm=names.realm,
+                domainsid=names.domainsid,
+                dnsdomain=names.dnsdomain,
+                netbiosname=opts.newname.upper(),
+                machinepass=machinepass,
+                key_version_number=kvno,
+                secure_channel_type=secChanType)
+
+    # Update RID set reference so we don't have to runtime fixup until the next dbcheck as there is no back link.
+
+    res = ldbs.sam.search(expression="(objectClass=rIDSet)", base=newdn, scope=ldb.SCOPE_ONELEVEL, attrs=[])
+    assert(len(res) == 1)
+    newridset = str(res[0].dn)
+    msg = ldb.Message(newdn)
+
+    msg["rIDSetReferences"] = ldb.MessageElement(newridset,
+                                            ldb.FLAG_MOD_REPLACE,
+                                            "rIDSetReferences")
+    ldbs.sam.modify(msg)
+
+    # Update the server's sites configuration
+    newserverrefdn = ldb.Dn(ldbs.sam, str(serverbldn))
+    newserverrefdn.set_component(0, "cn", opts.newname.upper())
+
+    ldbs.sam.rename(serverbldn, newserverrefdn)
+
+    msg = ldb.Message(newserverrefdn)
+    msg["dNSHostName"] = ldb.MessageElement("%s.%s" % (opts.newname,
+                                                       names.dnsdomain),
+                                            ldb.FLAG_MOD_REPLACE,
+                                            "dNSHostName")
+    ldbs.sam.modify(msg)
+
+    try:
+        ldbs.sam.transaction_prepare_commit()
+        ldbs.secrets.transaction_prepare_commit()
+    except Exception:
+        ldbs.sam.rollback()
+        ldbs.secrets.rollback()
+        raise
+
+    try:
+        ldbs.sam.transaction_commit()
+        ldbs.secrets.transaction_commit()
+    except Exception:
+        ldbs.sam.rollback()
+        ldbs.secrets.rollback()
+        raise
+
+    # All good so far
+    #print lp.get("private dir")
+    cf = open(lp.configfile)
+    ncfname = "%s.new" % lp.configfile
+    newconf = open(ncfname, 'w')
+    for l in cf.readlines():
+        if l.find("netbios name") > 0:
+             newconf.write("\tnetbios name = %s\n" % opts.newname.upper())
+        else:
+            newconf.write(l)
+    newconf.close()
+    cf.close()
+    os.rename(ncfname, lp.configfile)
+
diff --git a/source4/scripting/bin/samba-gpupdate b/source4/scripting/bin/samba-gpupdate
new file mode 100755
index 0000000..0f1c9a1
--- /dev/null
+++ b/source4/scripting/bin/samba-gpupdate
@@ -0,0 +1,140 @@
+#!/usr/bin/env python3
+# Copyright Luke Morrison <luc785@.hotmail.com> July 2013
+# Co-Edited by Matthieu Pattou July 2013 from original August 2013
+# Edited by Garming Sam Feb. 2014
+# Edited by Luke Morrison April 2014
+# Edited by David Mulder May 2017
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+'''This script reads a log file of previous GPO, gets all GPO from sysvol
+and sorts them by container. Then, it applies the ones that haven't been
+applied, have changed, or is in the right container'''
+
+import os
+import sys
+
+sys.path.insert(0, "bin/python")
+
+import optparse
+from samba import getopt as options
+from samba.gp.gpclass import apply_gp, unapply_gp, GPOStorage, rsop
+from samba.gp.gp_sec_ext import gp_krb_ext, gp_access_ext
+from samba.gp.gp_ext_loader import get_gp_client_side_extensions
+from samba.gp.gp_scripts_ext import gp_scripts_ext, gp_user_scripts_ext
+from samba.gp.gp_sudoers_ext import gp_sudoers_ext
+from samba.gp.vgp_sudoers_ext import vgp_sudoers_ext
+from samba.gp.gp_smb_conf_ext import gp_smb_conf_ext
+from samba.gp.gp_msgs_ext import gp_msgs_ext
+from samba.gp.vgp_symlink_ext import vgp_symlink_ext
+from samba.gp.vgp_files_ext import vgp_files_ext
+from samba.gp.vgp_openssh_ext import vgp_openssh_ext
+from samba.gp.vgp_motd_ext import vgp_motd_ext
+from samba.gp.vgp_issue_ext import vgp_issue_ext
+from samba.gp.vgp_startup_scripts_ext import vgp_startup_scripts_ext
+from samba.gp.vgp_access_ext import vgp_access_ext
+from samba.gp.gp_gnome_settings_ext import gp_gnome_settings_ext
+from samba.gp.gp_cert_auto_enroll_ext import gp_cert_auto_enroll_ext
+from samba.gp.gp_firefox_ext import gp_firefox_ext
+from samba.gp.gp_chromium_ext import gp_chromium_ext, gp_chrome_ext
+from samba.gp.gp_firewalld_ext import gp_firewalld_ext
+from samba.gp.gp_centrify_sudoers_ext import gp_centrify_sudoers_ext
+from samba.gp.gp_centrify_crontab_ext import gp_centrify_crontab_ext, \
+                                             gp_user_centrify_crontab_ext
+from samba.gp.gp_drive_maps_ext import gp_drive_maps_user_ext
+from samba.credentials import Credentials
+from samba.gp.util.logging import logger_init
+
+if __name__ == "__main__":
+    parser = optparse.OptionParser('samba-gpupdate [options]')
+    sambaopts = options.Samba3Options(parser)
+
+    # Get the command line options
+    parser.add_option_group(sambaopts)
+    parser.add_option_group(options.VersionOptions(parser))
+    credopts = options.CredentialsOptions(parser)
+    parser.add_option('-X', '--unapply', help='Unapply Group Policy',
+                      action='store_true')
+    parser.add_option('--target', default='Computer', help='{Computer | User}',
+                      choices=['Computer', 'User'])
+    parser.add_option('--force', help='Reapplies all policy settings',
+                      action='store_true')
+    parser.add_option('--rsop', help='Print the Resultant Set of Policy',
+                      action='store_true')
+    parser.add_option_group(credopts)
+
+    # Set the options and the arguments
+    (opts, args) = parser.parse_args()
+
+    # Set the loadparm context
+    lp = sambaopts.get_loadparm()
+
+    creds = credopts.get_credentials(lp, fallback_machine=True)
+    # Apply policy to the command line specified user
+    if opts.target == 'Computer':
+        username = creds.get_username()
+    elif opts.target == 'User':
+        username = '%s\\%s' % (creds.get_domain(), creds.get_username())
+    # Always supply the machine creds for fetching the gpo list
+    creds = Credentials()
+    creds.guess(lp)
+    creds.set_machine_account(lp)
+
+    # Set up logging
+    logger_init('samba-gpupdate', lp.log_level())
+
+    cache_dir = lp.get('cache directory')
+    store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
+
+    machine_exts, user_exts = get_gp_client_side_extensions(lp.configfile)
+    gp_extensions = []
+    if opts.target == 'Computer':
+        gp_extensions.append(gp_access_ext)
+        gp_extensions.append(gp_krb_ext)
+        gp_extensions.append(gp_scripts_ext)
+        gp_extensions.append(gp_sudoers_ext)
+        gp_extensions.append(vgp_sudoers_ext)
+        gp_extensions.append(gp_centrify_sudoers_ext)
+        gp_extensions.append(gp_centrify_crontab_ext)
+        gp_extensions.append(gp_smb_conf_ext)
+        gp_extensions.append(gp_msgs_ext)
+        gp_extensions.append(vgp_symlink_ext)
+        gp_extensions.append(vgp_files_ext)
+        gp_extensions.append(vgp_openssh_ext)
+        gp_extensions.append(vgp_motd_ext)
+        gp_extensions.append(vgp_issue_ext)
+        gp_extensions.append(vgp_startup_scripts_ext)
+        gp_extensions.append(vgp_access_ext)
+        gp_extensions.append(gp_gnome_settings_ext)
+        gp_extensions.append(gp_cert_auto_enroll_ext)
+        gp_extensions.append(gp_firefox_ext)
+        gp_extensions.append(gp_chromium_ext)
+        gp_extensions.append(gp_chrome_ext)
+        gp_extensions.append(gp_firewalld_ext)
+        gp_extensions.extend(machine_exts)
+    elif opts.target == 'User':
+        gp_extensions.append(gp_user_scripts_ext)
+        gp_extensions.append(gp_user_centrify_crontab_ext)
+        gp_extensions.append(gp_drive_maps_user_ext)
+        gp_extensions.extend(user_exts)
+
+    if opts.rsop:
+        rsop(lp, creds, store, gp_extensions, username, opts.target)
+    elif not opts.unapply:
+        apply_gp(lp, creds, store, gp_extensions, username,
+                 opts.target, opts.force)
+    else:
+        unapply_gp(lp, creds, store, gp_extensions, username,
+                   opts.target)
+
diff --git a/source4/scripting/bin/samba-tool b/source4/scripting/bin/samba-tool
new file mode 100755
index 0000000..b02ad4d
--- /dev/null
+++ b/source4/scripting/bin/samba-tool
@@ -0,0 +1,36 @@
+#!/usr/bin/env python3
+
+# Unix SMB/CIFS implementation.
+# Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2008-2012
+# Copyright (C) Amitay Isaacs <amitay@gmail.com> 2011
+# Copyright (C) Giampaolo Lauria <lauria2@yahoo.com> 2011
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+import sys
+
+# Find right direction when running from source tree
+sys.path.insert(0, "bin/python")
+
+# make sure the script dies immediately when hitting control-C,
+# rather than raising KeyboardInterrupt. As we do all database
+# operations using transactions, this is safe.
+import signal
+signal.signal(signal.SIGINT, signal.SIG_DFL)
+
+from samba.netcmd.main import samba_tool
+
+retval = samba_tool(*sys.argv[1:])
+sys.exit(retval)
diff --git a/source4/scripting/bin/samba3dump b/source4/scripting/bin/samba3dump
new file mode 100755
index 0000000..1a5d74f
--- /dev/null
+++ b/source4/scripting/bin/samba3dump
@@ -0,0 +1,180 @@
+#!/usr/bin/env python3
+#
+#    Dump Samba3 data
+#    Copyright Jelmer Vernooij 2005-2007
+#    Released under the GNU GPL v3 or later
+#
+
+import optparse
+import os, sys
+
+# Find right directory when running from source tree
+sys.path.insert(0, "bin/python")
+
+import samba
+import samba.samba3
+from samba.samba3 import param as s3param
+from samba.dcerpc import lsa
+
+parser = optparse.OptionParser("samba3dump <libdir> [<smb.conf>]")
+parser.add_option("--format", type="choice", metavar="FORMAT",
+                  choices=["full", "summary"])
+
+opts, args = parser.parse_args()
+
+if opts.format is None:
+    opts.format = "summary"
+
+def print_header(txt):
+    print("\n%s" % txt)
+    print("=" * len(txt))
+
+def print_samba3_policy(pol):
+    print_header("Account Policies")
+    print("Min password length: %d" % pol['min password length'])
+    print("Password history length: %d" % pol['password history'])
+    if pol['user must logon to change password']:
+        print("User must logon to change password: %d" % pol['user must logon to change password'])
+    if pol['maximum password age']:
+        print("Maximum password age: %d" % pol['maximum password age'])
+    if pol['minimum password age']:
+        print("Minimum password age: %d" % pol['minimum password age'])
+    if pol['lockout duration']:
+        print("Lockout duration: %d" % pol['lockout duration'])
+    if pol['reset count minutes']:
+        print("Reset Count Minutes: %d" % pol['reset count minutes'])
+    if pol['bad lockout attempt']:
+        print("Bad Lockout Minutes: %d" % pol['bad lockout attempt'])
+    if pol['disconnect time']:
+        print("Disconnect Time: %d" % pol['disconnect time'])
+    if pol['refuse machine password change']:
+        print("Refuse Machine Password Change: %d" % pol['refuse machine password change'])
+
+def print_samba3_sam(samdb):
+    print_header("SAM Database")
+    for user in samdb.search_users(0):
+        print("%s (%d): %s" % (user['account_name'], user['rid'], user['fullname']))
+
+def print_samba3_shares(lp):
+    print_header("Configured shares")
+    for s in lp.services():
+        print("--- %s ---" % s)
+        for p in ['path']:
+            print("\t%s = %s" % (p, lp.get(p, s)))
+        print("")
+
+def print_samba3_secrets(secrets):
+    print_header("Secrets")
+
+    if secrets.get_auth_user():
+        print("IPC Credentials:")
+        if secrets.get_auth_user():
+            print("    User: %s\n" % secrets.get_auth_user())
+        if secrets.get_auth_password():
+            print("    Password: %s\n" % secrets.get_auth_password())
+        if secrets.get_auth_domain():
+            print("    Domain: %s\n" % secrets.get_auth_domain())
+
+    if len(list(secrets.ldap_dns())) > 0:
+        print("LDAP passwords:")
+        for dn in secrets.ldap_dns():
+            print("\t%s -> %s" % (dn, secrets.get_ldap_bind_pw(dn)))
+        print("")
+
+    print("Domains:")
+    for domain in secrets.domains():
+        print("\t--- %s ---" % domain)
+        print("\tSID: %s" % secrets.get_sid(domain))
+        print("\tGUID: %s" % secrets.get_domain_guid(domain))
+        print("\tPlaintext pwd: %s" % secrets.get_machine_password(domain))
+        if secrets.get_machine_last_change_time(domain):
+            print("\tLast Changed: %lu" % secrets.get_machine_last_change_time(domain))
+        if secrets.get_machine_sec_channel_type(domain):
+            print("\tSecure Channel Type: %d\n" % secrets.get_machine_sec_channel_type(domain))
+
+    print("Trusted domains:")
+    for td in secrets.trusted_domains():
+        print(td)
+
+def print_samba3_regdb(regdb):
+    print_header("Registry")
+    from samba.registry import str_regtype
+
+    for k in regdb.keys():
+        print("[%s]" % k)
+        for (value_name, (type, value))  in regdb.values(k).items():
+            print("\"%s\"=%s:%s" % (value_name, str_regtype(type), value))
+
+def print_samba3_winsdb(winsdb):
+    print_header("WINS Database")
+
+    for name in winsdb:
+        (ttl, ips, nb_flags) = winsdb[name]
+        print("%s, nb_flags: %s, ttl: %lu, %d ips, fst: %s" % (name, nb_flags, ttl, len(ips), ips[0]))
+
+def print_samba3_groupmappings(groupdb):
+    print_header("Group Mappings")
+    
+    for g in groupdb.enum_group_mapping(samba.samba3.passdb.get_global_sam_sid(),
+                                        lsa.SID_NAME_DOM_GRP):
+        print("\t--- Group: %s ---" % g.sid)
+
+def print_samba3_aliases(groupdb):
+    for g in groupdb.enum_group_mapping(samba.samba3.passdb.get_global_sam_sid(),
+                                        lsa.SID_NAME_ALIAS):
+        print("\t--- Alias: %s ---" % g.sid)
+
+def print_samba3_idmapdb(idmapdb):
+    print_header("Winbindd SID<->GID/UID mappings")
+
+    print("User High Water Mark: %d" % idmapdb.get_user_hwm())
+    print("Group High Water Mark: %d\n" % idmapdb.get_group_hwm())
+
+    for uid in idmapdb.uids():
+        print("%s -> UID %d" % (idmapdb.get_user_sid(uid), uid))
+
+    for gid in idmapdb.gids():
+        print("%s -> GID %d" % (idmapdb.get_group_sid(gid), gid))
+
+def print_samba3(samba3):
+    passdb = samba3.get_sam_db()
+    print_samba3_policy(passdb.get_account_policy())
+    print_samba3_winsdb(samba3.get_wins_db())
+    print_samba3_regdb(samba3.get_registry())
+    print_samba3_secrets(samba3.get_secrets_db())
+    print_samba3_idmapdb(samba3.get_idmap_db())
+    print_samba3_sam(passdb)
+    print_samba3_groupmappings(passdb)
+    print_samba3_aliases(passdb)
+    print_samba3_shares(samba3.lp)
+
+def print_samba3_summary(samba3):
+    print("WINS db entries: %d" % len(samba3.get_wins_db()))
+    print("Registry key count: %d" % len(samba3.get_registry()))
+    passdb = samba3.get_sam_db()
+    print("Groupmap count: %d" % len(passdb.enum_group_mapping()))
+    print("Alias count: %d" % len(passdb.search_aliases()))
+    idmapdb = samba3.get_idmap_db()
+    print("Idmap count: %d" % (len(list(idmapdb.uids())) + len(list(idmapdb.gids()))))
+
+if len(args) < 1:
+    parser.print_help()
+    sys.exit(1)
+
+libdir = args[0]
+if len(args) < 1:
+    smbconf = args[1]
+else:
+    smbconf = os.path.join(libdir, "smb.conf")
+
+s3_lp = s3param.get_context()
+s3_lp.set("private dir", libdir)
+s3_lp.set("state directory", libdir)
+s3_lp.set("lock directory", libdir)
+s3_lp.load(smbconf)
+samba3 = samba.samba3.Samba3(smbconf, s3_lp)
+
+if opts.format == "summary":
+    print_samba3_summary(samba3)
+elif opts.format == "full":
+    print_samba3(samba3)
diff --git a/source4/scripting/bin/samba_dnsupdate b/source4/scripting/bin/samba_dnsupdate
new file mode 100755
index 0000000..6d9d5bc
--- /dev/null
+++ b/source4/scripting/bin/samba_dnsupdate
@@ -0,0 +1,965 @@
+#!/usr/bin/env python3
+# vim: expandtab
+#
+# update our DNS names using TSIG-GSS
+#
+# Copyright (C) Andrew Tridgell 2010
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+
+import os
+import fcntl
+import sys
+import tempfile
+import subprocess
+
+# ensure we get messages out immediately, so they get in the samba logs,
+# and don't get swallowed by a timeout
+os.environ['PYTHONUNBUFFERED'] = '1'
+
+# forcing GMT avoids a problem in some timezones with kerberos. Both MIT and
+# heimdal can get mutual authentication errors due to the 24 second difference
+# between UTC and GMT when using some zone files (eg. the PDT zone from
+# the US)
+os.environ["TZ"] = "GMT"
+
+# Find right directory when running from source tree
+sys.path.insert(0, "bin/python")
+
+import samba
+import optparse
+from samba import getopt as options
+from ldb import SCOPE_BASE
+from samba import dsdb
+from samba.auth import system_session
+from samba.samdb import SamDB
+from samba.dcerpc import netlogon, winbind
+from samba.netcmd.dns import cmd_dns
+from samba import gensec
+from samba.kcc import kcc_utils
+from samba.common import get_string
+import ldb
+
+from samba.dnsresolver import DNSResolver
+import dns.resolver
+import dns.exception
+
+default_ttl = 900
+am_rodc = False
+error_count = 0
+
+parser = optparse.OptionParser("samba_dnsupdate [options]")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+parser.add_option("--verbose", action="store_true")
+parser.add_option("--use-samba-tool", action="store_true", help="Use samba-tool to make updates over RPC, rather than over DNS")
+parser.add_option("--use-nsupdate", action="store_true", help="Use nsupdate command to make updates over DNS (default, if kinit successful)")
+parser.add_option("--all-names", action="store_true")
+parser.add_option("--all-interfaces", action="store_true")
+parser.add_option("--current-ip", action="append", help="IP address to update DNS to match (helpful if behind NAT, valid multiple times, defaults to values from interfaces=)")
+parser.add_option("--rpc-server-ip", type="string", help="IP address of server to use with samba-tool (defaults to first --current-ip)")
+parser.add_option("--use-file", type="string", help="Use a file, rather than real DNS calls")
+parser.add_option("--update-list", type="string", help="Add DNS names from the given file")
+parser.add_option("--update-cache", type="string", help="Cache database of already registered records")
+parser.add_option("--fail-immediately", action='store_true', help="Exit on first failure")
+parser.add_option("--no-credentials", dest='nocreds', action='store_true', help="don't try and get credentials")
+parser.add_option("--no-substitutions", dest='nosubs', action='store_true', help="don't try and expands variables in file specified by --update-list")
+
+creds = None
+ccachename = None
+
+opts, args = parser.parse_args()
+
+if len(args) != 0:
+    parser.print_usage()
+    sys.exit(1)
+
+lp = sambaopts.get_loadparm()
+
+domain = lp.get("realm")
+host = lp.get("netbios name")
+all_interfaces = opts.all_interfaces
+
+IPs = opts.current_ip or samba.interface_ips(lp, bool(all_interfaces)) or []
+
+nsupdate_cmd = lp.get('nsupdate command')
+dns_zone_scavenging = lp.get("dns zone scavenging")
+
+if len(IPs) == 0:
+    print("No IP interfaces - skipping DNS updates\n")
+    parser.print_usage()
+    sys.exit(0)
+
+rpc_server_ip = opts.rpc_server_ip or IPs[0]
+
+IP6s = [ip for ip in IPs if ':' in ip]
+IP4s = [ip for ip in IPs if ':' not in ip]
+
+smb_conf = sambaopts.get_loadparm_path()
+
+if opts.verbose:
+    print("IPs: %s" % IPs)
+
+def get_possible_rw_dns_server(creds, domain):
+    """Get a list of possible read-write DNS servers, starting with
+       the SOA.  The SOA is the correct answer, but old Samba domains
+       (4.6 and prior) do not maintain this value, so add NS servers
+       as well"""
+
+    ans_soa = check_one_dns_name(domain, 'SOA')
+    # Actually there is only one
+    hosts_soa = [str(a.mname).rstrip('.') for a in ans_soa]
+
+    # This is not strictly legit, but old Samba domains may have an
+    # unmaintained SOA record, so go for any NS that we can get a
+    # ticket to.
+    ans_ns = check_one_dns_name(domain, 'NS')
+    # Actually there is only one
+    hosts_ns = [str(a.target).rstrip('.') for a in ans_ns]
+
+    return hosts_soa + hosts_ns
+
+def get_krb5_rw_dns_server(creds, domain):
+    """Get a list of read-write DNS servers that we can obtain a ticket
+       to, starting with the SOA.  The SOA is the correct answer, but
+       old Samba domains (4.6 and prior) do not maintain this value,
+       so continue with the NS servers as well until we get one that
+       the KDC will issue a ticket to.
+    """
+
+    rw_dns_servers = get_possible_rw_dns_server(creds, domain)
+    # Actually there is only one
+    for i, target_hostname in enumerate(rw_dns_servers):
+        settings = {}
+        settings["lp_ctx"] = lp
+        settings["target_hostname"] = target_hostname
+
+        gensec_client = gensec.Security.start_client(settings)
+        gensec_client.set_credentials(creds)
+        gensec_client.set_target_service("DNS")
+        gensec_client.set_target_hostname(target_hostname)
+        gensec_client.want_feature(gensec.FEATURE_SEAL)
+        gensec_client.start_mech_by_sasl_name("GSSAPI")
+        server_to_client = b""
+        try:
+            (client_finished, client_to_server) = gensec_client.update(server_to_client)
+            if opts.verbose:
+                print("Successfully obtained Kerberos ticket to DNS/%s as %s" \
+                    % (target_hostname, creds.get_username()))
+            return target_hostname
+        except RuntimeError:
+            # Only raise an exception if they all failed
+            if i == len(rw_dns_servers) - 1:
+                raise
+
+def get_credentials(lp):
+    """# get credentials if we haven't got them already."""
+    from samba import credentials
+    global ccachename
+    creds = credentials.Credentials()
+    creds.guess(lp)
+    creds.set_machine_account(lp)
+    creds.set_krb_forwardable(credentials.NO_KRB_FORWARDABLE)
+    (tmp_fd, ccachename) = tempfile.mkstemp()
+    try:
+        if opts.use_file is not None:
+            return
+
+        creds.get_named_ccache(lp, ccachename)
+
+        # Now confirm we can get a ticket to the DNS server
+        get_krb5_rw_dns_server(creds, sub_vars['DNSDOMAIN'] + '.')
+        return creds
+
+    except RuntimeError as e:
+        os.unlink(ccachename)
+        raise e
+
+
+class dnsobj(object):
+    """an object to hold a parsed DNS line"""
+
+    def __init__(self, string_form):
+        list = string_form.split()
+        if len(list) < 3:
+            raise Exception("Invalid DNS entry %r" % string_form)
+        self.dest = None
+        self.port = None
+        self.ip = None
+        self.existing_port = None
+        self.existing_weight = None
+        self.existing_cname_target = None
+        self.rpc = False
+        self.zone = None
+        if list[0] == "RPC":
+            self.rpc = True
+            self.zone = list[1]
+            list = list[2:]
+        self.type = list[0]
+        self.name = list[1]
+        self.nameservers = []
+        if self.type == 'SRV':
+            if len(list) < 4:
+                raise Exception("Invalid DNS entry %r" % string_form)
+            self.dest = list[2]
+            self.port = list[3]
+        elif self.type in ['A', 'AAAA']:
+            self.ip   = list[2] # usually $IP, which gets replaced
+        elif self.type == 'CNAME':
+            self.dest = list[2]
+        elif self.type == 'NS':
+            self.dest = list[2]
+        else:
+            raise Exception("Received unexpected DNS reply of type %s: %s" % (self.type, string_form))
+
+    def __str__(self):
+        if self.type == "A":
+            return "%s %s %s" % (self.type, self.name, self.ip)
+        if self.type == "AAAA":
+            return "%s %s %s" % (self.type, self.name, self.ip)
+        if self.type == "SRV":
+            return "%s %s %s %s" % (self.type, self.name, self.dest, self.port)
+        if self.type == "CNAME":
+            return "%s %s %s" % (self.type, self.name, self.dest)
+        if self.type == "NS":
+            return "%s %s %s" % (self.type, self.name, self.dest)
+
+
+def parse_dns_line(line, sub_vars):
+    """parse a DNS line from."""
+    if line.startswith("SRV _ldap._tcp.pdc._msdcs.") and not samdb.am_pdc():
+        # We keep this as compat to the dns_update_list of 4.0/4.1
+        if opts.verbose:
+            print("Skipping PDC entry (%s) as we are not a PDC" % line)
+        return None
+    subline = samba.substitute_var(line, sub_vars)
+    if subline == '' or subline[0] == "#":
+        return None
+    return dnsobj(subline)
+
+
+def hostname_match(h1, h2):
+    """see if two hostnames match."""
+    h1 = str(h1)
+    h2 = str(h2)
+    return h1.lower().rstrip('.') == h2.lower().rstrip('.')
+
+def get_resolver(d=None):
+    resolv_conf = os.getenv('RESOLV_CONF', default='/etc/resolv.conf')
+    resolver = DNSResolver(filename=resolv_conf, configure=True)
+
+    if d is not None and d.nameservers != []:
+        resolver.nameservers = d.nameservers
+
+    return resolver
+
+def check_one_dns_name(name, name_type, d=None):
+    resolver = get_resolver(d)
+    if d and not d.nameservers:
+        d.nameservers = resolver.nameservers
+    # dns.resolver.Answer
+    return resolver.resolve(name, name_type)
+
+def check_dns_name(d):
+    """check that a DNS entry exists."""
+    normalised_name = d.name.rstrip('.') + '.'
+    if opts.verbose:
+        print("Looking for DNS entry %s as %s" % (d, normalised_name))
+
+    if opts.use_file is not None:
+        try:
+            dns_file = open(opts.use_file, "r")
+        except IOError:
+            return False
+
+        with dns_file:
+            for line in dns_file:
+                line = line.strip()
+                if line == '' or line[0] == "#":
+                    continue
+                if line.lower() == str(d).lower():
+                    return True
+        return False
+
+    try:
+        ans = check_one_dns_name(normalised_name, d.type, d)
+    except dns.exception.Timeout:
+        raise Exception("Timeout while waiting to contact a working DNS server while looking for %s as %s" % (d, normalised_name))
+    except dns.resolver.NoNameservers:
+        raise Exception("Unable to contact a working DNS server while looking for %s as %s" % (d, normalised_name))
+    except dns.resolver.NXDOMAIN:
+        if opts.verbose:
+            print("The DNS entry %s, queried as %s does not exist" % (d, normalised_name))
+        return False
+    except dns.resolver.NoAnswer:
+        if opts.verbose:
+            print("The DNS entry %s, queried as %s does not hold this record type" % (d, normalised_name))
+        return False
+    except dns.exception.DNSException:
+        raise Exception("Failure while trying to resolve %s as %s" % (d, normalised_name))
+    if d.type in ['A', 'AAAA']:
+        # we need to be sure that our IP is there
+        for rdata in ans:
+            if str(rdata) == str(d.ip):
+                return True
+    elif d.type == 'CNAME':
+        for i in range(len(ans)):
+            if hostname_match(ans[i].target, d.dest):
+                return True
+            else:
+                d.existing_cname_target = str(ans[i].target)
+    elif d.type == 'NS':
+        for i in range(len(ans)):
+            if hostname_match(ans[i].target, d.dest):
+                return True
+    elif d.type == 'SRV':
+        for rdata in ans:
+            if opts.verbose:
+                print("Checking %s against %s" % (rdata, d))
+            if hostname_match(rdata.target, d.dest):
+                if str(rdata.port) == str(d.port):
+                    return True
+                else:
+                    d.existing_port     = str(rdata.port)
+                    d.existing_weight = str(rdata.weight)
+
+    if opts.verbose:
+        print("Lookup of %s succeeded, but we failed to find a matching DNS entry for %s" % (normalised_name, d))
+
+    return False
+
+
+def get_subst_vars(samdb):
+    """get the list of substitution vars."""
+    global lp, am_rodc
+    vars = {}
+
+    vars['DNSDOMAIN'] = samdb.domain_dns_name()
+    vars['DNSFOREST'] = samdb.forest_dns_name()
+    vars['HOSTNAME']  = samdb.host_dns_name()
+    vars['NTDSGUID']  = samdb.get_ntds_GUID()
+    vars['SITE']      = samdb.server_site_name()
+    res = samdb.search(base=samdb.get_default_basedn(), scope=SCOPE_BASE, attrs=["objectGUID"])
+    guid = samdb.schema_format_value("objectGUID", res[0]['objectGUID'][0])
+    vars['DOMAINGUID'] = get_string(guid)
+
+    vars['IF_DC'] = ""
+    vars['IF_RWDC'] = "# "
+    vars['IF_RODC'] = "# "
+    vars['IF_PDC'] = "# "
+    vars['IF_GC'] = "# "
+    vars['IF_RWGC'] = "# "
+    vars['IF_ROGC'] = "# "
+    vars['IF_DNS_DOMAIN'] = "# "
+    vars['IF_RWDNS_DOMAIN'] = "# "
+    vars['IF_RODNS_DOMAIN'] = "# "
+    vars['IF_DNS_FOREST'] = "# "
+    vars['IF_RWDNS_FOREST'] = "# "
+    vars['IF_R0DNS_FOREST'] = "# "
+
+    am_rodc = samdb.am_rodc()
+    if am_rodc:
+        vars['IF_RODC'] = ""
+    else:
+        vars['IF_RWDC'] = ""
+
+    if samdb.am_pdc():
+        vars['IF_PDC'] = ""
+
+    # check if we "are DNS server"
+    res = samdb.search(base=samdb.get_config_basedn(),
+                   expression='(objectguid=%s)' % vars['NTDSGUID'],
+                   attrs=["options", "msDS-hasMasterNCs"])
+
+    if len(res) == 1:
+        if "options" in res[0]:
+            options = int(res[0]["options"][0])
+            if (options & dsdb.DS_NTDSDSA_OPT_IS_GC) != 0:
+                vars['IF_GC'] = ""
+                if am_rodc:
+                    vars['IF_ROGC'] = ""
+                else:
+                    vars['IF_RWGC'] = ""
+
+        basedn = str(samdb.get_default_basedn())
+        forestdn = str(samdb.get_root_basedn())
+
+        if "msDS-hasMasterNCs" in res[0]:
+            for e in res[0]["msDS-hasMasterNCs"]:
+                if str(e) == "DC=DomainDnsZones,%s" % basedn:
+                    vars['IF_DNS_DOMAIN'] = ""
+                    if am_rodc:
+                        vars['IF_RODNS_DOMAIN'] = ""
+                    else:
+                        vars['IF_RWDNS_DOMAIN'] = ""
+                if str(e) == "DC=ForestDnsZones,%s" % forestdn:
+                    vars['IF_DNS_FOREST'] = ""
+                    if am_rodc:
+                        vars['IF_RODNS_FOREST'] = ""
+                    else:
+                        vars['IF_RWDNS_FOREST'] = ""
+
+    return vars
+
+
+def call_nsupdate(d, op="add"):
+    """call nsupdate for an entry."""
+    global ccachename, nsupdate_cmd, krb5conf
+
+    assert(op in ["add", "delete"])
+
+    if opts.use_file is not None:
+        if opts.verbose:
+            print("Use File instead of nsupdate for %s (%s)" % (d, op))
+
+        try:
+            rfile = open(opts.use_file, 'r+')
+        except IOError:
+            # Perhaps create it
+            open(opts.use_file, 'w+').close()
+            # Open it for reading again, in case someone else got to it first
+            rfile = open(opts.use_file, 'r+')
+        fcntl.lockf(rfile, fcntl.LOCK_EX)
+        (file_dir, file_name) = os.path.split(opts.use_file)
+        (tmp_fd, tmpfile) = tempfile.mkstemp(dir=file_dir, prefix=file_name, suffix="XXXXXX")
+        wfile = os.fdopen(tmp_fd, 'a')
+        for line in rfile:
+            if op == "delete":
+                l = parse_dns_line(line, {})
+                if str(l).lower() == str(d).lower():
+                    continue
+            wfile.write(line)
+        if op == "add":
+            wfile.write(str(d)+"\n")
+        rfile.close()
+        wfile.close()
+        os.rename(tmpfile, opts.use_file)
+        return
+
+    if opts.verbose:
+        print("Calling nsupdate for %s (%s)" % (d, op))
+
+    normalised_name = d.name.rstrip('.') + '.'
+
+    (tmp_fd, tmpfile) = tempfile.mkstemp()
+    f = os.fdopen(tmp_fd, 'w')
+
+    resolver = get_resolver(d)
+
+    # Local the zone for this name
+    zone = dns.resolver.zone_for_name(normalised_name,
+                                      resolver=resolver)
+
+    # Now find the SOA, or if we can't get a ticket to the SOA,
+    # any server with an NS record we can get a ticket for.
+    #
+    # Thanks to the Kerberos Credentials cache this is not
+    # expensive inside the loop
+    server = get_krb5_rw_dns_server(creds, zone)
+    f.write('server %s\n' % server)
+
+    if d.type == "A":
+        f.write("update %s %s %u A %s\n" % (op, normalised_name, default_ttl, d.ip))
+    if d.type == "AAAA":
+        f.write("update %s %s %u AAAA %s\n" % (op, normalised_name, default_ttl, d.ip))
+    if d.type == "SRV":
+        if op == "add" and d.existing_port is not None:
+            f.write("update delete %s SRV 0 %s %s %s\n" % (normalised_name, d.existing_weight,
+                                                           d.existing_port, d.dest))
+        f.write("update %s %s %u SRV 0 100 %s %s\n" % (op, normalised_name, default_ttl, d.port, d.dest))
+    if d.type == "CNAME":
+        f.write("update %s %s %u CNAME %s\n" % (op, normalised_name, default_ttl, d.dest))
+    if d.type == "NS":
+        f.write("update %s %s %u NS %s\n" % (op, normalised_name, default_ttl, d.dest))
+    if opts.verbose:
+        f.write("show\n")
+    f.write("send\n")
+    f.close()
+
+    # Set a bigger MTU size to work around a bug in nsupdate's doio_send()
+    os.environ["SOCKET_WRAPPER_MTU"] = "2000"
+
+    global error_count
+    if ccachename:
+        os.environ["KRB5CCNAME"] = ccachename
+    try:
+        cmd = nsupdate_cmd[:]
+        cmd.append(tmpfile)
+        env = os.environ
+        if krb5conf:
+            env["KRB5_CONFIG"] = krb5conf
+        if ccachename:
+            env["KRB5CCNAME"] = ccachename
+        ret = subprocess.call(cmd, shell=False, env=env)
+        if ret != 0:
+            if opts.fail_immediately:
+                if opts.verbose:
+                    print("Failed update with %s" % tmpfile)
+                sys.exit(1)
+            error_count = error_count + 1
+            if opts.verbose:
+                print("Failed nsupdate: %d" % ret)
+    except Exception as estr:
+        if opts.fail_immediately:
+            sys.exit(1)
+        error_count = error_count + 1
+        if opts.verbose:
+            print("Failed nsupdate: %s : %s" % (str(d), estr))
+    os.unlink(tmpfile)
+
+    # Let socket_wrapper set the default MTU size
+    os.environ["SOCKET_WRAPPER_MTU"] = "0"
+
+
+def call_samba_tool(d, op="add", zone=None):
+    """call samba-tool dns to update an entry."""
+
+    assert(op in ["add", "delete"])
+
+    if (sub_vars['DNSFOREST'] != sub_vars['DNSDOMAIN']) and \
+       sub_vars['DNSFOREST'].endswith('.' + sub_vars['DNSDOMAIN']):
+        print("Refusing to use samba-tool when forest %s is under domain %s" \
+            % (sub_vars['DNSFOREST'], sub_vars['DNSDOMAIN']))
+
+    if opts.verbose:
+        print("Calling samba-tool dns for %s (%s)" % (d, op))
+
+    normalised_name = d.name.rstrip('.') + '.'
+    if zone is None:
+        if normalised_name == (sub_vars['DNSDOMAIN'] + '.'):
+            short_name = '@'
+            zone = sub_vars['DNSDOMAIN']
+        elif normalised_name == (sub_vars['DNSFOREST'] + '.'):
+            short_name = '@'
+            zone = sub_vars['DNSFOREST']
+        elif normalised_name == ('_msdcs.' + sub_vars['DNSFOREST'] + '.'):
+            short_name = '@'
+            zone = '_msdcs.' + sub_vars['DNSFOREST']
+        else:
+            if not normalised_name.endswith('.' + sub_vars['DNSDOMAIN'] + '.'):
+                print("Not Calling samba-tool dns for %s (%s), %s not in %s" % (d, op, normalised_name, sub_vars['DNSDOMAIN'] + '.'))
+                return False
+            elif normalised_name.endswith('._msdcs.' + sub_vars['DNSFOREST'] + '.'):
+                zone = '_msdcs.' + sub_vars['DNSFOREST']
+            else:
+                zone = sub_vars['DNSDOMAIN']
+            len_zone = len(zone)+2
+            short_name = normalised_name[:-len_zone]
+    else:
+        len_zone = len(zone)+2
+        short_name = normalised_name[:-len_zone]
+
+    if d.type == "A":
+        args = [rpc_server_ip, zone, short_name, "A", d.ip]
+    if d.type == "AAAA":
+        args = [rpc_server_ip, zone, short_name, "AAAA", d.ip]
+    if d.type == "SRV":
+        if op == "add" and d.existing_port is not None:
+            print("Not handling modify of existing SRV %s using samba-tool" % d)
+            return False
+        args = [rpc_server_ip, zone, short_name, "SRV",
+                "%s %s %s %s" % (d.dest, d.port, "0", "100")]
+    if d.type == "CNAME":
+        if d.existing_cname_target is None:
+            args = [rpc_server_ip, zone, short_name, "CNAME", d.dest]
+        else:
+            op = "update"
+            args = [rpc_server_ip, zone, short_name, "CNAME",
+                    d.existing_cname_target.rstrip('.'), d.dest]
+
+    if d.type == "NS":
+        args = [rpc_server_ip, zone, short_name, "NS", d.dest]
+
+    if smb_conf and args:
+        args += ["--configfile=" + smb_conf]
+
+    global error_count
+    try:
+        cmd = cmd_dns()
+        if opts.verbose:
+            print(f'Calling samba-tool dns {op} --use-kerberos off -P {args}')
+        command, args = cmd._resolve("dns", op, "--use-kerberos", "off", "-P", *args)
+        ret = command._run(*args)
+        if ret == -1:
+            if opts.fail_immediately:
+                sys.exit(1)
+            error_count = error_count + 1
+            if opts.verbose:
+                print("Failed 'samba-tool dns' based update of %s" % (str(d)))
+    except Exception as estr:
+        if opts.fail_immediately:
+            sys.exit(1)
+        error_count = error_count + 1
+        if opts.verbose:
+            print("Failed 'samba-tool dns' based update: %s : %s" % (str(d), estr))
+        raise
+
+irpc_wb = None
+def cached_irpc_wb(lp):
+    global irpc_wb
+    if irpc_wb is not None:
+        return irpc_wb
+    irpc_wb = winbind.winbind("irpc:winbind_server", lp)
+    return irpc_wb
+
+def rodc_dns_update(d, t, op):
+    '''a single DNS update via the RODC netlogon call'''
+    global sub_vars
+
+    assert(op in ["add", "delete"])
+
+    if opts.verbose:
+        print("Calling netlogon RODC update for %s" % d)
+
+    typemap = {
+        netlogon.NlDnsLdapAtSite       : netlogon.NlDnsInfoTypeNone,
+        netlogon.NlDnsGcAtSite         : netlogon.NlDnsDomainNameAlias,
+        netlogon.NlDnsDsaCname         : netlogon.NlDnsDomainNameAlias,
+        netlogon.NlDnsKdcAtSite        : netlogon.NlDnsInfoTypeNone,
+        netlogon.NlDnsDcAtSite         : netlogon.NlDnsInfoTypeNone,
+        netlogon.NlDnsRfc1510KdcAtSite : netlogon.NlDnsInfoTypeNone,
+        netlogon.NlDnsGenericGcAtSite  : netlogon.NlDnsDomainNameAlias
+        }
+
+    w = cached_irpc_wb(lp)
+    dns_names = netlogon.NL_DNS_NAME_INFO_ARRAY()
+    dns_names.count = 1
+    name = netlogon.NL_DNS_NAME_INFO()
+    name.type = t
+    name.dns_domain_info_type = typemap[t]
+    name.priority = 0
+    name.weight   = 0
+    if d.port is not None:
+        name.port = int(d.port)
+    if op == "add":
+        name.dns_register = True
+    else:
+        name.dns_register = False
+    dns_names.names = [ name ]
+    site_name = sub_vars['SITE']
+
+    global error_count
+
+    try:
+        ret_names = w.DsrUpdateReadOnlyServerDnsRecords(site_name, default_ttl, dns_names)
+        if ret_names.names[0].status != 0:
+            print("Failed to set DNS entry: %s (status %u)" % (d, ret_names.names[0].status))
+            error_count = error_count + 1
+    except RuntimeError as reason:
+        print("Error setting DNS entry of type %u: %s: %s" % (t, d, reason))
+        error_count = error_count + 1
+
+    if opts.verbose:
+        print("Called netlogon RODC update for %s" % d)
+
+    if error_count != 0 and opts.fail_immediately:
+        sys.exit(1)
+
+
+def call_rodc_update(d, op="add"):
+    '''RODCs need to use the netlogon API for nsupdate'''
+    global lp, sub_vars
+
+    assert(op in ["add", "delete"])
+
+    # we expect failure for 3268 if we aren't a GC
+    if d.port is not None and int(d.port) == 3268:
+        return
+
+    # map the DNS request to a netlogon update type
+    map = {
+        netlogon.NlDnsLdapAtSite       : '_ldap._tcp.${SITE}._sites.${DNSDOMAIN}',
+        netlogon.NlDnsGcAtSite         : '_ldap._tcp.${SITE}._sites.gc._msdcs.${DNSDOMAIN}',
+        netlogon.NlDnsDsaCname         : '${NTDSGUID}._msdcs.${DNSFOREST}',
+        netlogon.NlDnsKdcAtSite        : '_kerberos._tcp.${SITE}._sites.dc._msdcs.${DNSDOMAIN}',
+        netlogon.NlDnsDcAtSite         : '_ldap._tcp.${SITE}._sites.dc._msdcs.${DNSDOMAIN}',
+        netlogon.NlDnsRfc1510KdcAtSite : '_kerberos._tcp.${SITE}._sites.${DNSDOMAIN}',
+        netlogon.NlDnsGenericGcAtSite  : '_gc._tcp.${SITE}._sites.${DNSFOREST}'
+        }
+
+    for t in map:
+        subname = samba.substitute_var(map[t], sub_vars)
+        if subname.lower() == d.name.lower():
+            # found a match - do the update
+            rodc_dns_update(d, t, op)
+            return
+    if opts.verbose:
+        print("Unable to map to netlogon DNS update: %s" % d)
+
+
+# get the list of DNS entries we should have
+dns_update_list = opts.update_list or lp.private_path('dns_update_list')
+
+dns_update_cache = opts.update_cache or lp.private_path('dns_update_cache')
+
+krb5conf = None
+# only change the krb5.conf if we are not in selftest
+if 'SOCKET_WRAPPER_DIR' not in os.environ:
+    # use our private krb5.conf to avoid problems with the wrong domain
+    # bind9 nsupdate wants the default domain set
+    krb5conf = lp.private_path('krb5.conf')
+    os.environ['KRB5_CONFIG'] = krb5conf
+
+try:
+    file = open(dns_update_list, "r")
+except OSError as e:
+    if opts.update_list:
+        print("The specified update list does not exist")
+    else:
+        print("The server update list was not found, "
+              "and --update-list was not provided.")
+    print(e)
+    print()
+    parser.print_usage()
+    sys.exit(1)
+
+if opts.nosubs:
+    sub_vars = {}
+else:
+    samdb = SamDB(url=lp.samdb_url(), session_info=system_session(), lp=lp)
+
+    # get the substitution dictionary
+    sub_vars = get_subst_vars(samdb)
+
+# build up a list of update commands to pass to nsupdate
+update_list = []
+dns_list = []
+cache_list = []
+delete_list = []
+
+dup_set = set()
+cache_set = set()
+
+rebuild_cache = False
+try:
+    cfile = open(dns_update_cache, 'r+')
+except IOError:
+    # Perhaps create it
+    open(dns_update_cache, 'w+').close()
+    # Open it for reading again, in case someone else got to it first
+    cfile = open(dns_update_cache, 'r+')
+fcntl.lockf(cfile, fcntl.LOCK_EX)
+for line in cfile:
+    line = line.strip()
+    if line == '' or line[0] == "#":
+        continue
+    c = parse_dns_line(line, {})
+    if c is None:
+        continue
+    if str(c) not in cache_set:
+        cache_list.append(c)
+        cache_set.add(str(c))
+
+cfile.close()
+
+site_specific_rec = []
+
+# read each line, and check that the DNS name exists
+for line in file:
+    line = line.strip()
+
+    if '${SITE}' in line:
+        site_specific_rec.append(line)
+
+    if line == '' or line[0] == "#":
+        continue
+    d = parse_dns_line(line, sub_vars)
+    if d is None:
+        continue
+    if d.type == 'A' and len(IP4s) == 0:
+        continue
+    if d.type == 'AAAA' and len(IP6s) == 0:
+        continue
+    if str(d) not in dup_set:
+        dns_list.append(d)
+        dup_set.add(str(d))
+
+file.close()
+
+# Perform automatic site coverage by default
+auto_coverage = True
+
+if not am_rodc and auto_coverage:
+    site_names = kcc_utils.uncovered_sites_to_cover(samdb,
+                                                    samdb.server_site_name())
+
+    # Duplicate all site specific records for the uncovered site
+    for site in site_names:
+        to_add = [samba.substitute_var(line, {'SITE': site})
+                  for line in site_specific_rec]
+
+        for site_line in to_add:
+            d = parse_dns_line(site_line,
+                               sub_vars=sub_vars)
+            if d is not None and str(d) not in dup_set:
+                dns_list.append(d)
+                dup_set.add(str(d))
+
+# now expand the entries, if any are A record with ip set to $IP
+# then replace with multiple entries, one for each interface IP
+for d in dns_list:
+    if d.ip != "$IP":
+        continue
+    if d.type == 'A':
+        d.ip = IP4s[0]
+        for i in range(len(IP4s)-1):
+            d2 = dnsobj(str(d))
+            d2.ip = IP4s[i+1]
+            dns_list.append(d2)
+    if d.type == 'AAAA':
+        d.ip = IP6s[0]
+        for i in range(len(IP6s)-1):
+            d2 = dnsobj(str(d))
+            d2.ip = IP6s[i+1]
+            dns_list.append(d2)
+
+# now check if the entries already exist on the DNS server
+for d in dns_list:
+    found = False
+    for c in cache_list:
+        if str(c).lower() == str(d).lower():
+            found = True
+            break
+    if not found:
+        rebuild_cache = True
+        if opts.verbose:
+            print("need cache add: %s" % d)
+    if dns_zone_scavenging:
+        update_list.append(d)
+        if opts.verbose:
+            print("scavenging requires update: %s" % d)
+    elif opts.all_names:
+        update_list.append(d)
+        if opts.verbose:
+            print("force update: %s" % d)
+    elif not check_dns_name(d):
+        update_list.append(d)
+        if opts.verbose:
+            print("need update: %s" % d)
+
+for c in cache_list:
+    found = False
+    for d in dns_list:
+        if str(c).lower() == str(d).lower():
+            found = True
+            break
+    if found:
+        continue
+    rebuild_cache = True
+    if opts.verbose:
+        print("need cache remove: %s" % c)
+    if not opts.all_names and not check_dns_name(c):
+        continue
+    delete_list.append(c)
+    if opts.verbose:
+        print("need delete: %s" % c)
+
+if len(delete_list) == 0 and len(update_list) == 0 and not rebuild_cache:
+    if opts.verbose:
+        print("No DNS updates needed")
+    sys.exit(0)
+else:
+    if opts.verbose:
+        print("%d DNS updates and %d DNS deletes needed" % (len(update_list), len(delete_list)))
+
+use_samba_tool = opts.use_samba_tool
+use_nsupdate = opts.use_nsupdate
+# get our krb5 creds
+if (delete_list or update_list) and not opts.nocreds:
+    try:
+        creds = get_credentials(lp)
+    except RuntimeError as e:
+        ccachename = None
+
+        if sub_vars['IF_RWDNS_DOMAIN'] == "# ":
+            raise
+
+        if use_nsupdate:
+            raise
+
+        print("Failed to get Kerberos credentials, falling back to samba-tool: %s" % e)
+        use_samba_tool = True
+
+
+# ask nsupdate to delete entries as needed
+for d in delete_list:
+    if d.rpc or (not use_nsupdate and use_samba_tool):
+        if opts.verbose:
+            print("delete (samba-tool): %s" % d)
+        call_samba_tool(d, op="delete", zone=d.zone)
+
+    elif am_rodc:
+        if d.name.lower() == domain.lower():
+            if opts.verbose:
+                print("skip delete (rodc): %s" % d)
+            continue
+        if d.type not in [ 'A', 'AAAA' ]:
+            if opts.verbose:
+                print("delete (rodc): %s" % d)
+            call_rodc_update(d, op="delete")
+        else:
+            if opts.verbose:
+                print("delete (nsupdate): %s" % d)
+            call_nsupdate(d, op="delete")
+    else:
+        if opts.verbose:
+            print("delete (nsupdate): %s" % d)
+        call_nsupdate(d, op="delete")
+
+# ask nsupdate to add entries as needed
+for d in update_list:
+    if d.rpc or (not use_nsupdate and use_samba_tool):
+        if opts.verbose:
+            print("update (samba-tool): %s" % d)
+        call_samba_tool(d, zone=d.zone)
+
+    elif am_rodc:
+        if d.name.lower() == domain.lower():
+            if opts.verbose:
+                print("skip (rodc): %s" % d)
+            continue
+        if d.type not in [ 'A', 'AAAA' ]:
+            if opts.verbose:
+                print("update (rodc): %s" % d)
+            call_rodc_update(d)
+        else:
+            if opts.verbose:
+                print("update (nsupdate): %s" % d)
+            call_nsupdate(d)
+    else:
+        if opts.verbose:
+            print("update(nsupdate): %s" % d)
+        call_nsupdate(d)
+
+if rebuild_cache:
+    print("Rebuilding cache at %s" % dns_update_cache)
+    (file_dir, file_name) = os.path.split(dns_update_cache)
+    (tmp_fd, tmpfile) = tempfile.mkstemp(dir=file_dir, prefix=file_name, suffix="XXXXXX")
+    wfile = os.fdopen(tmp_fd, 'a')
+    for d in dns_list:
+        if opts.verbose:
+            print("Adding %s to %s" % (str(d), file_name))
+        wfile.write(str(d)+"\n")
+    wfile.close()
+    os.rename(tmpfile, dns_update_cache)
+
+# delete the ccache if we created it
+if ccachename is not None:
+    os.unlink(ccachename)
+
+if error_count != 0:
+    print("Failed update of %u entries" % error_count)
+sys.exit(error_count)
diff --git a/source4/scripting/bin/samba_downgrade_db b/source4/scripting/bin/samba_downgrade_db
new file mode 100755
index 0000000..b9a0909
--- /dev/null
+++ b/source4/scripting/bin/samba_downgrade_db
@@ -0,0 +1,135 @@
+#!/usr/bin/python3
+#
+# Unix SMB/CIFS implementation.
+# Copyright (C) Andrew Bartlett <abartlet@samba.org> 2019
+#
+# Downgrade a database from 4.11 format to 4.7 format. 4.7 Format will
+# run on any version of Samba AD, and Samba will repack/reconfigure the
+# database if necessary.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+import optparse
+import sys
+
+# Find right directory when running from source tree
+sys.path.insert(0, "bin/python")
+
+
+import samba
+import ldb
+import urllib
+import os
+from samba import getopt as options
+from samba.samdb import SamDB
+from samba.dbchecker import dbcheck
+from samba.credentials import Credentials
+parser = optparse.OptionParser("samba_downgrade_db")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(options.VersionOptions(parser))
+parser.add_option("-H", "--URL", help="LDB URL for database",
+                  type=str, metavar="URL", dest="H")
+opts, args = parser.parse_args()
+
+if len(args) != 0:
+    parser.print_usage()
+    sys.exit(1)
+
+lp_ctx = sambaopts.get_loadparm()
+
+if opts.H is None:
+    url = lp_ctx.private_path("sam.ldb")
+else:
+    url = opts.H
+
+samdb = ldb.Ldb(url=url,
+                flags=ldb.FLG_DONT_CREATE_DB,
+                options=["modules:"])
+
+partitions = samdb.search(base="@PARTITION",
+                          scope=ldb.SCOPE_BASE,
+                          attrs=["backendStore", "partition"])
+
+backend = str(partitions[0].get('backendStore', 'tdb'))
+
+if backend == "mdb":
+    samdb = None
+    options = ["pack_format_override=%d" % ldb.PACKING_FORMAT]
+    # We can't remove GUID indexes from LMDB in case there are very
+    # long DNs, so we just move down the pack format, which also removes
+    # references to ORDERED_INTEGER in @ATTRIBUTES.
+
+    # Reopen the DB with pack_format_override set
+    samdb = SamDB(url=url,
+                  flags=ldb.FLG_DONT_CREATE_DB,
+                  lp=lp_ctx,
+                  options=options)
+    samdb.transaction_start()
+    samdb.transaction_commit()
+    print("Your database has been downgraded to LDB pack format version %0x (v1)." % ldb.PACKING_FORMAT)
+
+    print("NOTE: Any use of a Samba 4.11 tool that modifies the DB will "
+          "auto-upgrade back to pack format version %0x (v2)" %
+          ldb.PACKING_FORMAT_V2)
+    exit(0);
+
+# This is needed to force the @ATTRIBUTES and @INDEXLIST to be correct
+lp_ctx.set("dsdb:guid index", "false")
+
+modmsg = ldb.Message()
+modmsg.dn = ldb.Dn(samdb, '@INDEXLIST')
+modmsg.add(ldb.MessageElement(
+    elements=[],
+    flags=ldb.FLAG_MOD_REPLACE,
+    name='@IDXGUID'))
+modmsg.add(ldb.MessageElement(
+    elements=[],
+    flags=ldb.FLAG_MOD_REPLACE,
+    name='@IDX_DN_GUID'))
+
+samdb.transaction_start()
+samdb.modify(modmsg)
+
+privatedir = os.path.dirname(url)
+
+dbs = []
+for part in partitions[0]['partition']:
+    dbname = str(part).split(":")[1]
+    dbpath = os.path.join(privatedir, dbname)
+    if os.path.isfile(dbpath):
+        dbpath = "ldb://" + dbpath
+    db = ldb.Ldb(url=dbpath,
+                 options=["modules:"],
+                 flags=ldb.FLG_DONT_CREATE_DB)
+    db.transaction_start()
+    db.modify(modmsg)
+    dbs.append(db)
+
+for db in dbs:
+    db.transaction_commit()
+
+samdb.transaction_commit()
+
+print("Re-opening with the full DB stack")
+samdb = SamDB(url=url,
+              flags=ldb.FLG_DONT_CREATE_DB,
+              lp=lp_ctx)
+print("Re-triggering another re-index")
+chk = dbcheck(samdb)
+
+chk.reindex_database()
+
+print("Your database has been downgraded to DN-based index values.")
+
+print("NOTE: Any use of a Samba 4.8 or later tool including ldbsearch will "
+      "auto-upgrade back to GUID index mode")
diff --git a/source4/scripting/bin/samba_kcc b/source4/scripting/bin/samba_kcc
new file mode 100755
index 0000000..67d801e
--- /dev/null
+++ b/source4/scripting/bin/samba_kcc
@@ -0,0 +1,345 @@
+#!/usr/bin/env python3
+#
+# Compute our KCC topology
+#
+# Copyright (C) Dave Craft 2011
+# Copyright (C) Andrew Bartlett 2015
+#
+# Andrew Bartlett's alleged work performed by his underlings Douglas
+# Bagnall and Garming Sam.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import os
+import sys
+import random
+
+# ensure we get messages out immediately, so they get in the samba logs,
+# and don't get swallowed by a timeout
+os.environ['PYTHONUNBUFFERED'] = '1'
+
+# forcing GMT avoids a problem in some timezones with kerberos. Both MIT
+# heimdal can get mutual authentication errors due to the 24 second difference
+# between UTC and GMT when using some zone files (eg. the PDT zone from
+# the US)
+os.environ["TZ"] = "GMT"
+
+# Find right directory when running from source tree
+sys.path.insert(0, "bin/python")
+
+import optparse
+import time
+
+from samba import getopt as options
+
+from samba.kcc.graph_utils import verify_and_dot, list_verify_tests
+from samba.kcc.graph_utils import GraphError
+
+import logging
+from samba.kcc.debug import logger, DEBUG, DEBUG_FN
+from samba.kcc import KCC
+
+# If DEFAULT_RNG_SEED is None, /dev/urandom or system time is used.
+DEFAULT_RNG_SEED = None
+
+
+def test_all_reps_from(kcc, dburl, lp, creds, unix_now, rng_seed=None,
+                       ldif_file=None):
+    """Run the KCC from all DSAs in read-only mode
+
+    The behaviour depends on the global opts variable which contains
+    command line variables. Usually you will want to run it with
+    opt.dot_file_dir set (via --dot-file-dir) to see the graphs that
+    would be created from each DC.
+
+    :param lp: a loadparm object.
+    :param creds: a Credentials object.
+    :param unix_now: the unix epoch time as an integer
+    :param rng_seed: a seed for the random number generator
+    :return None:
+    """
+    # This implies readonly and attempt_live_connections
+    dsas = kcc.list_dsas()
+    samdb = kcc.samdb
+    needed_parts = {}
+    current_parts = {}
+
+    guid_to_dnstr = {}
+    for site in kcc.site_table.values():
+        guid_to_dnstr.update((str(dsa.dsa_guid), dnstr)
+                             for dnstr, dsa in site.dsa_table.items())
+
+    dot_edges = []
+    dot_vertices = []
+    colours = []
+    vertex_colours = []
+
+    for dsa_dn in dsas:
+        if rng_seed is not None:
+            random.seed(rng_seed)
+        kcc = KCC(unix_now, readonly=True,
+                  verify=opts.verify, debug=opts.debug,
+                  dot_file_dir=opts.dot_file_dir)
+        if ldif_file is not None:
+            try:
+                # The dburl in this case is a temporary database.
+                # Its non-existence is ensured at the script startup.
+                # If it exists, it is from a previous iteration of
+                # this loop -- unless we're in an unfortunate race.
+                # Because this database is temporary, it lacks some
+                # detail and needs to be re-created anew to set the
+                # local dsa.
+                os.unlink(dburl)
+            except OSError:
+                pass
+
+            kcc.import_ldif(dburl, lp, ldif_file, dsa_dn)
+        else:
+            kcc.samdb = samdb
+        kcc.run(dburl, lp, creds, forced_local_dsa=dsa_dn,
+                forget_local_links=opts.forget_local_links,
+                forget_intersite_links=opts.forget_intersite_links,
+                attempt_live_connections=opts.attempt_live_connections)
+
+        current, needed = kcc.my_dsa.get_rep_tables()
+
+        for dsa in kcc.my_site.dsa_table.values():
+            if dsa is kcc.my_dsa:
+                continue
+            kcc.translate_ntdsconn(dsa)
+            c, n = dsa.get_rep_tables()
+            current.update(c)
+            needed.update(n)
+
+        for name, rep_table, rep_parts in (
+                ('needed', needed, needed_parts),
+                ('current', current, current_parts)):
+            for part, nc_rep in rep_table.items():
+                edges = rep_parts.setdefault(part, [])
+                for reps_from in nc_rep.rep_repsFrom:
+                    source = guid_to_dnstr[str(reps_from.source_dsa_obj_guid)]
+                    dest = guid_to_dnstr[str(nc_rep.rep_dsa_guid)]
+                    edges.append((source, dest))
+
+        for site in kcc.site_table.values():
+            for dsa in site.dsa_table.values():
+                if dsa.is_ro():
+                    vertex_colours.append('#cc0000')
+                else:
+                    vertex_colours.append('#0000cc')
+                dot_vertices.append(dsa.dsa_dnstr)
+                if dsa.connect_table:
+                    DEBUG_FN("DSA %s %s connections:\n%s" %
+                             (dsa.dsa_dnstr, len(dsa.connect_table),
+                              [x.from_dnstr for x in
+                               dsa.connect_table.values()]))
+                for con in dsa.connect_table.values():
+                    if con.is_rodc_topology():
+                        colours.append('red')
+                    else:
+                        colours.append('blue')
+                    dot_edges.append((con.from_dnstr, dsa.dsa_dnstr))
+
+    verify_and_dot('all-dsa-connections', dot_edges, vertices=dot_vertices,
+                   label="all dsa NTDSConnections", properties=(),
+                   debug=DEBUG, verify=opts.verify,
+                   dot_file_dir=opts.dot_file_dir,
+                   directed=True, edge_colors=colours,
+                   vertex_colors=vertex_colours)
+
+    for name, rep_parts in (('needed', needed_parts),
+                            ('current', current_parts)):
+        for part, edges in rep_parts.items():
+            verify_and_dot('all-repsFrom_%s__%s' % (name, part), edges,
+                           directed=True, label=part,
+                           properties=(), debug=DEBUG, verify=opts.verify,
+                           dot_file_dir=opts.dot_file_dir)
+
+##################################################
+# samba_kcc entry point
+##################################################
+
+
+parser = optparse.OptionParser("samba_kcc [options]")
+sambaopts = options.SambaOptions(parser)
+credopts = options.CredentialsOptions(parser)
+
+parser.add_option_group(sambaopts)
+parser.add_option_group(credopts)
+parser.add_option_group(options.VersionOptions(parser))
+
+parser.add_option("--readonly", default=False,
+                  help="compute topology but do not update database",
+                  action="store_true")
+
+parser.add_option("--debug",
+                  help="debug output",
+                  action="store_true")
+
+parser.add_option("--verify",
+                  help="verify that assorted invariants are kept",
+                  action="store_true")
+
+parser.add_option("--list-verify-tests",
+                  help=("list what verification actions are available "
+                        "and do nothing else"),
+                  action="store_true")
+
+parser.add_option("--dot-file-dir", default=None,
+                  help="Write Graphviz .dot files to this directory")
+
+parser.add_option("--seed",
+                  help="random number seed",
+                  type=int, default=DEFAULT_RNG_SEED)
+
+parser.add_option("--importldif",
+                  help="import topology ldif file",
+                  type=str, metavar="<file>")
+
+parser.add_option("--exportldif",
+                  help="export topology ldif file",
+                  type=str, metavar="<file>")
+
+parser.add_option("-H", "--URL",
+                  help="LDB URL for database or target server",
+                  type=str, metavar="<URL>", dest="dburl")
+
+parser.add_option("--tmpdb",
+                  help="schemaless database file to create for ldif import",
+                  type=str, metavar="<file>")
+
+parser.add_option("--now",
+                  help=("assume current time is this ('YYYYmmddHHMMSS[tz]',"
+                        " default: system time)"),
+                  type=str, metavar="<date>")
+
+parser.add_option("--forced-local-dsa",
+                  help="run calculations assuming the DSA is this DN",
+                  type=str, metavar="<DSA>")
+
+parser.add_option("--attempt-live-connections", default=False,
+                  help="Attempt to connect to other DSAs to test links",
+                  action="store_true")
+
+parser.add_option("--list-valid-dsas", default=False,
+                  help=("Print a list of DSA dnstrs that could be"
+                        " used in --forced-local-dsa"),
+                  action="store_true")
+
+parser.add_option("--test-all-reps-from", default=False,
+                  help="Create and verify a graph of reps-from for every DSA",
+                  action="store_true")
+
+parser.add_option("--forget-local-links", default=False,
+                  help="pretend not to know the existing local topology",
+                  action="store_true")
+
+parser.add_option("--forget-intersite-links", default=False,
+                  help="pretend not to know the existing intersite topology",
+                  action="store_true")
+
+opts, args = parser.parse_args()
+
+
+if opts.list_verify_tests:
+    list_verify_tests()
+    sys.exit(0)
+
+if opts.test_all_reps_from:
+    opts.readonly = True
+
+if opts.debug:
+    logger.setLevel(logging.DEBUG)
+elif opts.readonly:
+    logger.setLevel(logging.INFO)
+else:
+    logger.setLevel(logging.WARNING)
+
+random.seed(opts.seed)
+
+if opts.now:
+    for timeformat in ("%Y%m%d%H%M%S%Z", "%Y%m%d%H%M%S"):
+        try:
+            now_tuple = time.strptime(opts.now, timeformat)
+            break
+        except ValueError:
+            pass
+    else:
+        # else happens if break doesn't --> no match
+        print("could not parse time '%s'" % (opts.now), file = sys.stderr)
+        sys.exit(1)
+    unix_now = int(time.mktime(now_tuple))
+else:
+    unix_now = int(time.time())
+
+lp = sambaopts.get_loadparm()
+# only log warnings/errors by default, unless the user has specified otherwise
+if opts.debug is None:
+    lp.set('log level', '1')
+
+creds = credopts.get_credentials(lp, fallback_machine=True)
+
+if opts.dburl is None:
+    if opts.importldif:
+        opts.dburl = opts.tmpdb
+    else:
+        opts.dburl = lp.samdb_url()
+elif opts.importldif:
+    logger.error("Don't use -H/--URL with --importldif, use --tmpdb instead")
+    sys.exit(1)
+
+# Instantiate Knowledge Consistency Checker and perform run
+kcc = KCC(unix_now, readonly=opts.readonly, verify=opts.verify,
+          debug=opts.debug, dot_file_dir=opts.dot_file_dir)
+
+if opts.exportldif:
+    rc = kcc.export_ldif(opts.dburl, lp, creds, opts.exportldif)
+    sys.exit(rc)
+
+if opts.importldif:
+    if opts.tmpdb is None or opts.tmpdb.startswith('ldap'):
+        logger.error("Specify a target temp database file with --tmpdb option")
+        sys.exit(1)
+    if os.path.exists(opts.tmpdb):
+        logger.error("The temp database file (%s) specified with --tmpdb "
+                     "already exists. We refuse to clobber it." % opts.tmpdb)
+        sys.exit(1)
+
+    rc = kcc.import_ldif(opts.tmpdb, lp, opts.importldif,
+                         forced_local_dsa=opts.forced_local_dsa)
+    if rc != 0:
+        sys.exit(rc)
+
+
+kcc.load_samdb(opts.dburl, lp, creds, force=False)
+
+if opts.test_all_reps_from:
+    test_all_reps_from(kcc, opts.dburl, lp, creds, unix_now,
+                       rng_seed=opts.seed,
+                       ldif_file=opts.importldif)
+    sys.exit()
+
+if opts.list_valid_dsas:
+    print('\n'.join(kcc.list_dsas()))
+    sys.exit()
+
+try:
+    rc = kcc.run(opts.dburl, lp, creds, opts.forced_local_dsa,
+                 opts.forget_local_links, opts.forget_intersite_links,
+                 attempt_live_connections=opts.attempt_live_connections)
+    sys.exit(rc)
+
+except GraphError as e:
+    print( e)
+    sys.exit(1)
diff --git a/source4/scripting/bin/samba_spnupdate b/source4/scripting/bin/samba_spnupdate
new file mode 100755
index 0000000..b421886
--- /dev/null
+++ b/source4/scripting/bin/samba_spnupdate
@@ -0,0 +1,253 @@
+#!/usr/bin/env python3
+#
+# update our servicePrincipalName names from spn_update_list
+#
+# Copyright (C) Andrew Tridgell 2010
+# Copyright (C) Matthieu Patou <mat@matws.net> 2012
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+
+import os, sys, re
+
+# ensure we get messages out immediately, so they get in the samba logs,
+# and don't get swallowed by a timeout
+os.environ['PYTHONUNBUFFERED'] = '1'
+
+# forcing GMT avoids a problem in some timezones with kerberos. Both MIT
+# heimdal can get mutual authentication errors due to the 24 second difference
+# between UTC and GMT when using some zone files (eg. the PDT zone from
+# the US)
+os.environ["TZ"] = "GMT"
+
+# Find right directory when running from source tree
+sys.path.insert(0, "bin/python")
+
+import samba, ldb
+import optparse
+from samba import Ldb
+from samba import getopt as options
+from samba.auth import system_session
+from samba.samdb import SamDB
+from samba.credentials import Credentials, DONT_USE_KERBEROS
+from samba.common import get_string
+
+parser = optparse.OptionParser("samba_spnupdate")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+parser.add_option("--verbose", action="store_true")
+
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+
+ccachename = None
+
+opts, args = parser.parse_args()
+
+if len(args) != 0:
+    parser.print_usage()
+    sys.exit(1)
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+
+domain = lp.get("realm")
+host = lp.get("netbios name")
+
+
+# get the list of substitution vars
+def get_subst_vars(samdb):
+    global lp
+    vars = {}
+
+    vars['DNSDOMAIN'] = samdb.domain_dns_name()
+    vars['DNSFOREST'] = samdb.forest_dns_name()
+    vars['HOSTNAME']  = samdb.host_dns_name()
+    vars['NETBIOSNAME'] = lp.get('netbios name').upper()
+    vars['WORKGROUP'] = lp.get('workgroup')
+    vars['NTDSGUID']  = samdb.get_ntds_GUID()
+    res = samdb.search(base=samdb.get_default_basedn(), scope=ldb.SCOPE_BASE, attrs=["objectGUID"])
+    guid = samdb.schema_format_value("objectGUID", res[0]['objectGUID'][0])
+    vars['DOMAINGUID'] = get_string(guid)
+    return vars
+
+try:
+    private_dir = lp.get("private dir")
+    secrets_path = os.path.join(private_dir, "secrets.ldb")
+
+    secrets_db = Ldb(url=secrets_path, session_info=system_session(),
+                     credentials=creds, lp=lp)
+    res = secrets_db.search(base=None,
+                            expression="(&(objectclass=ldapSecret)(cn=SAMDB Credentials))",
+                            attrs=["samAccountName", "secret"])
+
+    if len(res) == 1:
+        credentials = Credentials()
+        credentials.set_kerberos_state(DONT_USE_KERBEROS)
+
+        if "samAccountName" in res[0]:
+            credentials.set_username(res[0]["samAccountName"][0])
+
+        if "secret" in res[0]:
+            credentials.set_password(res[0]["secret"][0])
+
+    else:
+        credentials = None
+
+    samdb = SamDB(url=lp.samdb_url(), session_info=system_session(), credentials=credentials, lp=lp)
+except ldb.LdbError as e:
+    (num, msg) = e.args
+    print("Unable to open sam database %s : %s" % (lp.samdb_url(), msg))
+    sys.exit(1)
+
+
+# get the substitution dictionary
+sub_vars = get_subst_vars(samdb)
+
+# get the list of SPN entries we should have
+spn_update_list = lp.private_path('spn_update_list')
+
+spn_list = []
+
+has_forest_dns = False
+has_domain_dns = False
+# check if we "are DNS server"
+res = samdb.search(base=samdb.get_config_basedn(),
+                   expression='(objectguid=%s)' % sub_vars['NTDSGUID'],
+                   attrs=["msDS-hasMasterNCs"])
+
+basedn = str(samdb.get_default_basedn())
+if len(res) == 1:
+    if "msDS-hasMasterNCs" in res[0]:
+        for e in res[0]["msDS-hasMasterNCs"]:
+            if str(e) == "DC=DomainDnsZones,%s" % basedn:
+                has_domain_dns = True
+            if str(e) == "DC=ForestDnsZones,%s" % basedn:
+                has_forest_dns = True
+
+
+# build the spn list
+with open(spn_update_list, "r") as file:
+    for line in file:
+        line = line.strip()
+        if line == '' or line[0] == "#":
+            continue
+        if re.match(r".*/DomainDnsZones\..*", line) and not has_domain_dns:
+            continue
+        if re.match(r".*/ForestDnsZones\..*", line) and not has_forest_dns:
+            continue
+        line = samba.substitute_var(line, sub_vars)
+        spn_list.append(line)
+
+# get the current list of SPNs in our sam
+res = samdb.search(base=samdb.get_default_basedn(),
+                   expression='(&(objectClass=computer)(samaccountname=%s$))' % sub_vars['NETBIOSNAME'],
+                   attrs=["servicePrincipalName"])
+if not res or len(res) != 1:
+    print("Failed to find computer object for %s$" % sub_vars['NETBIOSNAME'])
+    sys.exit(1)
+
+machine_dn = res[0]["dn"]
+
+old_spns = []
+if "servicePrincipalName" in res[0]:
+    for s in res[0]["servicePrincipalName"]:
+        old_spns.append(str(s))
+
+if opts.verbose:
+    print("Existing SPNs: %s" % old_spns)
+
+add_list = []
+
+# work out what needs to be added
+for s in spn_list:
+    in_list = False
+    for s2 in old_spns:
+        if s2.upper() == s.upper():
+            in_list = True
+            break
+    if not in_list:
+        add_list.append(s)
+
+if opts.verbose:
+    print("New SPNs: %s" % add_list)
+
+if add_list == []:
+    if opts.verbose:
+        print("Nothing to add")
+    sys.exit(0)
+
+def local_update(add_list):
+    '''store locally'''
+    global res
+    msg = ldb.Message()
+    msg.dn = res[0]['dn']
+    msg[""] = ldb.MessageElement(add_list,
+                                 ldb.FLAG_MOD_ADD, "servicePrincipalName")
+    res = samdb.modify(msg)
+
+def call_rodc_update(d):
+    '''RODCs need to use the writeSPN DRS call'''
+    global lp, sub_vars
+    from samba import drs_utils
+    from samba.dcerpc import drsuapi, nbt
+    from samba.net import Net
+
+    if opts.verbose:
+        print("Using RODC SPN update")
+
+    creds = credopts.get_credentials(lp)
+    creds.set_machine_account(lp)
+
+    net = Net(creds=creds, lp=lp)
+    try:
+        cldap_ret = net.finddc(domain=domain, flags=nbt.NBT_SERVER_DS | nbt.NBT_SERVER_WRITABLE)
+    except Exception as reason:
+        print("Unable to find writeable DC for domain '%s' to send DRS writeSPN to : %s" % (domain, reason))
+        sys.exit(1)
+    server = cldap_ret.pdc_dns_name
+    try:
+        binding_options = "seal"
+        if lp.log_level() >= 5:
+            binding_options += ",print"
+        drs = drsuapi.drsuapi('ncacn_ip_tcp:%s[%s]' % (server, binding_options), lp, creds)
+        (drs_handle, supported_extensions) = drs_utils.drs_DsBind(drs)
+    except Exception as reason:
+        print("Unable to connect to DC '%s' for domain '%s' : %s" % (server, domain, reason))
+        sys.exit(1)
+    req1 = drsuapi.DsWriteAccountSpnRequest1()
+    req1.operation = drsuapi.DRSUAPI_DS_SPN_OPERATION_ADD
+    req1.object_dn = str(machine_dn)
+    req1.count = 0
+    spn_names = []
+    for n in add_list:
+        if n.find('E3514235-4B06-11D1-AB04-00C04FC2DCD2') != -1:
+            # this one isn't allowed for RODCs, but we don't know why yet
+            continue
+        ns = drsuapi.DsNameString()
+        ns.str = n
+        spn_names.append(ns)
+        req1.count = req1.count + 1
+    if spn_names == []:
+        return
+    req1.spn_names = spn_names
+    (level, res) = drs.DsWriteAccountSpn(drs_handle, 1, req1)
+    if (res.status != (0, 'WERR_OK')):
+        print("WriteAccountSpn has failed with error %s" % str(res.status))
+
+if samdb.am_rodc():
+    call_rodc_update(add_list)
+else:
+    local_update(add_list)
diff --git a/source4/scripting/bin/samba_upgradedns b/source4/scripting/bin/samba_upgradedns
new file mode 100755
index 0000000..afc5807
--- /dev/null
+++ b/source4/scripting/bin/samba_upgradedns
@@ -0,0 +1,589 @@
+#!/usr/bin/env python3
+#
+# Unix SMB/CIFS implementation.
+# Copyright (C) Amitay Isaacs <amitay@gmail.com> 2012
+#
+# Upgrade DNS provision from BIND9_FLATFILE to BIND9_DLZ or SAMBA_INTERNAL
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import sys
+import os
+import errno
+import optparse
+import logging
+import grp
+from base64 import b64encode
+import shlex
+
+sys.path.insert(0, "bin/python")
+
+import ldb
+import samba
+from samba import param
+from samba.auth import system_session
+from samba.ndr import (
+    ndr_pack,
+    ndr_unpack )
+import samba.getopt as options
+from samba.upgradehelpers import (
+    get_paths,
+    get_ldbs )
+from samba.dsdb import DS_DOMAIN_FUNCTION_2003
+from samba.provision import (
+    find_provision_key_parameters,
+    interface_ips_v4,
+    interface_ips_v6 )
+from samba.provision.common import (
+    setup_path,
+    setup_add_ldif,
+    FILL_FULL)
+from samba.provision.sambadns import (
+    ARecord,
+    AAAARecord,
+    CNAMERecord,
+    NSRecord,
+    SOARecord,
+    SRVRecord,
+    TXTRecord,
+    get_dnsadmins_sid,
+    add_dns_accounts,
+    create_dns_partitions,
+    fill_dns_data_partitions,
+    create_dns_dir,
+    secretsdb_setup_dns,
+    create_dns_dir_keytab_link,
+    create_samdb_copy,
+    create_named_conf,
+    create_named_txt )
+from samba.dcerpc import security
+
+import dns.zone, dns.rdatatype
+
+__docformat__ = 'restructuredText'
+
+
+def find_bind_gid():
+    """Find system group id for bind9
+    """
+    for name in ["bind", "named"]:
+        try:
+            return grp.getgrnam(name)[2]
+        except KeyError:
+            pass
+    return None
+
+
+def convert_dns_rdata(rdata, serial=1):
+    """Convert resource records in dnsRecord format
+    """
+    if rdata.rdtype == dns.rdatatype.A:
+        rec = ARecord(rdata.address, serial=serial)
+    elif rdata.rdtype == dns.rdatatype.AAAA:
+        rec = AAAARecord(rdata.address, serial=serial)
+    elif rdata.rdtype == dns.rdatatype.CNAME:
+        rec = CNAMERecord(rdata.target.to_text(), serial=serial)
+    elif rdata.rdtype == dns.rdatatype.NS:
+        rec = NSRecord(rdata.target.to_text(), serial=serial)
+    elif rdata.rdtype == dns.rdatatype.SRV:
+        rec = SRVRecord(rdata.target.to_text(), int(rdata.port),
+                        priority=int(rdata.priority), weight=int(rdata.weight),
+                        serial=serial)
+    elif rdata.rdtype == dns.rdatatype.TXT:
+        slist = shlex.split(rdata.to_text())
+        rec = TXTRecord(slist, serial=serial)
+    elif rdata.rdtype == dns.rdatatype.SOA:
+        rec = SOARecord(rdata.mname.to_text(), rdata.rname.to_text(),
+                        serial=int(rdata.serial),
+                        refresh=int(rdata.refresh), retry=int(rdata.retry),
+                        expire=int(rdata.expire), minimum=int(rdata.minimum))
+    else:
+        rec = None
+    return rec
+
+
+def import_zone_data(samdb, logger, zone, serial, domaindn, forestdn,
+                     dnsdomain, dnsforest):
+    """Insert zone data in DNS partitions
+    """
+    labels = dnsdomain.split('.')
+    labels.append('')
+    domain_root = dns.name.Name(labels)
+    domain_prefix = "DC=%s,CN=MicrosoftDNS,DC=DomainDnsZones,%s" % (dnsdomain,
+                                                                    domaindn)
+
+    tmp = "_msdcs.%s" % dnsforest
+    labels = tmp.split('.')
+    labels.append('')
+    forest_root = dns.name.Name(labels)
+    dnsmsdcs = "_msdcs.%s" % dnsforest
+    forest_prefix = "DC=%s,CN=MicrosoftDNS,DC=ForestDnsZones,%s" % (dnsmsdcs,
+                                                                    forestdn)
+
+    # Extract @ record
+    at_record = zone.get_node(domain_root)
+    zone.delete_node(domain_root)
+
+    # SOA record
+    rdset = at_record.get_rdataset(dns.rdataclass.IN, dns.rdatatype.SOA)
+    soa_rec = ndr_pack(convert_dns_rdata(rdset[0]))
+    at_record.delete_rdataset(dns.rdataclass.IN, dns.rdatatype.SOA)
+
+    # NS record
+    rdset = at_record.get_rdataset(dns.rdataclass.IN, dns.rdatatype.NS)
+    ns_rec = ndr_pack(convert_dns_rdata(rdset[0]))
+    at_record.delete_rdataset(dns.rdataclass.IN, dns.rdatatype.NS)
+
+    # A/AAAA records
+    ip_recs = []
+    for rdset in at_record:
+        for r in rdset:
+            rec = convert_dns_rdata(r)
+            ip_recs.append(ndr_pack(rec))
+
+    # Add @ record for domain
+    dns_rec = [soa_rec, ns_rec] + ip_recs
+    msg = ldb.Message(ldb.Dn(samdb, 'DC=@,%s' % domain_prefix))
+    msg["objectClass"] = ["top", "dnsNode"]
+    msg["dnsRecord"] = ldb.MessageElement(dns_rec, ldb.FLAG_MOD_ADD,
+                                          "dnsRecord")
+    try:
+        samdb.add(msg)
+    except Exception:
+        logger.error("Failed to add @ record for domain")
+        raise
+    logger.debug("Added @ record for domain")
+
+    # Add @ record for forest
+    dns_rec = [soa_rec, ns_rec]
+    msg = ldb.Message(ldb.Dn(samdb, 'DC=@,%s' % forest_prefix))
+    msg["objectClass"] = ["top", "dnsNode"]
+    msg["dnsRecord"] = ldb.MessageElement(dns_rec, ldb.FLAG_MOD_ADD,
+                                          "dnsRecord")
+    try:
+        samdb.add(msg)
+    except Exception:
+        logger.error("Failed to add @ record for forest")
+        raise
+    logger.debug("Added @ record for forest")
+
+    # Add remaining records in domain and forest
+    for node in zone.nodes:
+        name = node.relativize(forest_root).to_text()
+        if name == node.to_text():
+            name = node.relativize(domain_root).to_text()
+            dn = "DC=%s,%s" % (name, domain_prefix)
+            fqdn = "%s.%s" % (name, dnsdomain)
+        else:
+            dn = "DC=%s,%s" % (name, forest_prefix)
+            fqdn = "%s.%s" % (name, dnsmsdcs)
+
+        dns_rec = []
+        for rdataset in zone.nodes[node]:
+            for rdata in rdataset:
+                rec = convert_dns_rdata(rdata, serial)
+                if not rec:
+                    logger.warn("Unsupported record type (%s) for %s, ignoring" %
+                                dns.rdatatype.to_text(rdata.rdatatype), name)
+                else:
+                    dns_rec.append(ndr_pack(rec))
+
+        msg = ldb.Message(ldb.Dn(samdb, dn))
+        msg["objectClass"] = ["top", "dnsNode"]
+        msg["dnsRecord"] = ldb.MessageElement(dns_rec, ldb.FLAG_MOD_ADD,
+                                              "dnsRecord")
+        try:
+            samdb.add(msg)
+        except Exception:
+            logger.error("Failed to add DNS record %s" % (fqdn))
+            raise
+        logger.debug("Added DNS record %s" % (fqdn))
+
+def cleanup_remove_file(file_path):
+    try:
+        os.remove(file_path)
+    except OSError as e:
+        if e.errno not in [errno.EEXIST, errno.ENOENT]:
+            pass
+        else:
+            logger.debug("Could not remove %s: %s" % (file_path, e.strerror))
+
+def cleanup_remove_dir(dir_path):
+    try:
+        for root, dirs, files in os.walk(dir_path, topdown=False):
+            for name in files:
+                os.remove(os.path.join(root, name))
+            for name in dirs:
+                os.rmdir(os.path.join(root, name))
+        os.rmdir(dir_path)
+    except OSError as e:
+        if e.errno not in [errno.EEXIST, errno.ENOENT]:
+            pass
+        else:
+            logger.debug("Could not delete dir %s: %s" % (dir_path, e.strerror))
+
+def cleanup_obsolete_dns_files(paths):
+    cleanup_remove_file(os.path.join(paths.private_dir, "named.conf"))
+    cleanup_remove_file(os.path.join(paths.private_dir, "named.conf.update"))
+    cleanup_remove_file(os.path.join(paths.private_dir, "named.txt"))
+
+    cleanup_remove_dir(os.path.join(paths.private_dir, "dns"))
+
+
+# dnsprovision creates application partitions for AD based DNS mainly if the existing
+# provision was created using earlier snapshots of samba4 which did not have support
+# for DNS partitions
+
+if __name__ == '__main__':
+
+    # Setup command line parser
+    parser = optparse.OptionParser("samba_upgradedns [options]")
+    sambaopts = options.SambaOptions(parser)
+    credopts = options.CredentialsOptions(parser)
+
+    parser.add_option_group(options.VersionOptions(parser))
+    parser.add_option_group(sambaopts)
+    parser.add_option_group(credopts)
+
+    parser.add_option("--dns-backend", type="choice", metavar="<BIND9_DLZ|SAMBA_INTERNAL>",
+                      choices=["SAMBA_INTERNAL", "BIND9_DLZ"], default="SAMBA_INTERNAL",
+                      help="The DNS server backend, default SAMBA_INTERNAL")
+    parser.add_option("--migrate", type="choice", metavar="<yes|no>",
+                      choices=["yes","no"], default="yes",
+                      help="Migrate existing zone data, default yes")
+    parser.add_option("--verbose", help="Be verbose", action="store_true")
+
+    opts = parser.parse_args()[0]
+
+    if opts.dns_backend is None:
+        opts.dns_backend = 'SAMBA_INTERNAL'
+
+    if opts.migrate:
+        autofill = False
+    else:
+        autofill = True
+
+    # Set up logger
+    logger = logging.getLogger("upgradedns")
+    logger.addHandler(logging.StreamHandler(sys.stdout))
+    logger.setLevel(logging.INFO)
+    if opts.verbose:
+        logger.setLevel(logging.DEBUG)
+
+    lp = sambaopts.get_loadparm()
+    lp.load(lp.configfile)
+    creds = credopts.get_credentials(lp)
+
+    logger.info("Reading domain information")
+    paths = get_paths(param, smbconf=lp.configfile)
+    paths.bind_gid = find_bind_gid()
+    ldbs = get_ldbs(paths, creds, system_session(), lp)
+    names = find_provision_key_parameters(ldbs.sam, ldbs.secrets, ldbs.idmap,
+                                           paths, lp.configfile, lp)
+
+    if names.domainlevel < DS_DOMAIN_FUNCTION_2003:
+        logger.error("Cannot create AD based DNS for OS level < 2003")
+        sys.exit(1)
+
+    domaindn = names.domaindn
+    forestdn = names.rootdn
+
+    dnsdomain = names.dnsdomain.lower()
+    dnsforest = dnsdomain
+
+    site = names.sitename
+    hostname = names.hostname
+    dnsname = '%s.%s' % (hostname, dnsdomain)
+
+    domainsid = names.domainsid
+    domainguid = names.domainguid
+    ntdsguid = names.ntdsguid
+
+    # Check for DNS accounts and create them if required
+    try:
+        msg = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT,
+                              expression='(sAMAccountName=DnsAdmins)',
+                              attrs=['objectSid'])
+        dnsadmins_sid = ndr_unpack(security.dom_sid, msg[0]['objectSid'][0])
+    except IndexError:
+        logger.info("Adding DNS accounts")
+        add_dns_accounts(ldbs.sam, domaindn)
+        dnsadmins_sid = get_dnsadmins_sid(ldbs.sam, domaindn)
+    else:
+        logger.info("DNS accounts already exist")
+
+    # Import dns records from zone file
+    if os.path.exists(paths.dns):
+        logger.info("Reading records from zone file %s" % paths.dns)
+        try:
+            zone = dns.zone.from_file(paths.dns, relativize=False)
+            rrset = zone.get_rdataset("%s." % dnsdomain, dns.rdatatype.SOA)
+            serial = int(rrset[0].serial)
+        except Exception as e:
+            logger.warn("Error parsing DNS data from '%s' (%s)" % (paths.dns, str(e)))
+            autofill = True
+    else:
+        logger.info("No zone file %s (normal)" % paths.dns)
+        autofill = True
+
+    # Create DNS partitions if missing and fill DNS information
+    try:
+        expression = '(|(dnsRoot=DomainDnsZones.%s)(dnsRoot=ForestDnsZones.%s))' % \
+                     (dnsdomain, dnsforest)
+        msg = ldbs.sam.search(base=names.configdn, scope=ldb.SCOPE_DEFAULT,
+                              expression=expression, attrs=['nCName'])
+        ncname = msg[0]['nCName'][0]
+    except IndexError:
+        logger.info("Creating DNS partitions")
+
+        logger.info("Looking up IPv4 addresses")
+        hostip = interface_ips_v4(lp)
+        try:
+            hostip.remove('127.0.0.1')
+        except ValueError:
+            pass
+        if not hostip:
+            logger.error("No IPv4 addresses found")
+            sys.exit(1)
+        else:
+            hostip = hostip[0]
+            logger.debug("IPv4 addresses: %s" % hostip)
+
+        logger.info("Looking up IPv6 addresses")
+        hostip6 = interface_ips_v6(lp)
+        if not hostip6:
+            hostip6 = None
+        else:
+            hostip6 = hostip6[0]
+        logger.debug("IPv6 addresses: %s" % hostip6)
+
+        create_dns_partitions(ldbs.sam, domainsid, names, domaindn, forestdn,
+                              dnsadmins_sid, FILL_FULL)
+
+        logger.info("Populating DNS partitions")
+        if autofill:
+            logger.warn("DNS records will be automatically created")
+
+        fill_dns_data_partitions(ldbs.sam, domainsid, site, domaindn, forestdn,
+                             dnsdomain, dnsforest, hostname, hostip, hostip6,
+                             domainguid, ntdsguid, dnsadmins_sid,
+                             autofill=autofill)
+
+        if not autofill:
+            logger.info("Importing records from zone file")
+            import_zone_data(ldbs.sam, logger, zone, serial, domaindn, forestdn,
+                             dnsdomain, dnsforest)
+    else:
+        logger.info("DNS partitions already exist")
+
+    # Mark that we are hosting DNS partitions
+    try:
+        dns_nclist = [ 'DC=DomainDnsZones,%s' % domaindn,
+                       'DC=ForestDnsZones,%s' % forestdn ]
+
+        msgs = ldbs.sam.search(base=names.serverdn, scope=ldb.SCOPE_DEFAULT,
+                               expression='(objectclass=nTDSDSa)',
+                               attrs=['hasPartialReplicaNCs',
+                                      'msDS-hasMasterNCs'])
+        msg = msgs[0]
+
+        master_nclist = []
+        ncs = msg.get("msDS-hasMasterNCs")
+        if ncs:
+            for nc in ncs:
+                master_nclist.append(str(nc))
+
+        partial_nclist = []
+        ncs = msg.get("hasPartialReplicaNCs")
+        if ncs:
+            for nc in ncs:
+                partial_nclist.append(str(nc))
+
+        modified_master = False
+        modified_partial = False
+
+        for nc in dns_nclist:
+            if nc not in master_nclist:
+                master_nclist.append(nc)
+                modified_master = True
+            if nc in partial_nclist:
+                partial_nclist.remove(nc)
+                modified_partial = True
+
+        if modified_master or modified_partial:
+            logger.debug("Updating msDS-hasMasterNCs and hasPartialReplicaNCs attributes")
+            m = ldb.Message()
+            m.dn = msg.dn
+            if modified_master:
+                m["msDS-hasMasterNCs"] = ldb.MessageElement(master_nclist,
+                                                            ldb.FLAG_MOD_REPLACE,
+                                                            "msDS-hasMasterNCs")
+            if modified_partial:
+                if partial_nclist:
+                    m["hasPartialReplicaNCs"] = ldb.MessageElement(partial_nclist,
+                                                                   ldb.FLAG_MOD_REPLACE,
+                                                                   "hasPartialReplicaNCs")
+                else:
+                    m["hasPartialReplicaNCs"] = ldb.MessageElement(ncs,
+                                                                   ldb.FLAG_MOD_DELETE,
+                                                                   "hasPartialReplicaNCs")
+            ldbs.sam.modify(m)
+    except Exception:
+        raise
+
+    # Special stuff for DLZ backend
+    if opts.dns_backend == "BIND9_DLZ":
+        config_migration = False
+
+        if (paths.private_dir != paths.binddns_dir and
+            os.path.isfile(os.path.join(paths.private_dir, "named.conf"))):
+            config_migration = True
+
+        # Check if dns-HOSTNAME account exists and create it if required
+        secrets_msgs = ldbs.secrets.search(expression='(samAccountName=dns-%s)' % hostname, attrs=['secret'])
+        msg = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT,
+                              expression='(sAMAccountName=dns-%s)' % (hostname),
+                              attrs=[])
+
+        if len(secrets_msgs) == 0 or len(msg) == 0:
+            logger.info("Adding dns-%s account" % hostname)
+
+            if len(secrets_msgs) == 1:
+                dn = secrets_msgs[0].dn
+                ldbs.secrets.delete(dn)
+
+            if len(msg) == 1:
+                dn = msg[0].dn
+                ldbs.sam.delete(dn)
+
+            dnspass = samba.generate_random_password(128, 255)
+            setup_add_ldif(ldbs.sam, setup_path("provision_dns_add_samba.ldif"), {
+                    "DNSDOMAIN": dnsdomain,
+                    "DOMAINDN": domaindn,
+                    "DNSPASS_B64": b64encode(dnspass.encode('utf-16-le')).decode('utf8'),
+                    "HOSTNAME" : hostname,
+                    "DNSNAME" : dnsname }
+                           )
+
+            res = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT,
+                                  expression='(sAMAccountName=dns-%s)' % (hostname),
+                                  attrs=["msDS-KeyVersionNumber"])
+            if "msDS-KeyVersionNumber" in res[0]:
+                dns_key_version_number = int(res[0]["msDS-KeyVersionNumber"][0])
+            else:
+                dns_key_version_number = None
+
+            secretsdb_setup_dns(ldbs.secrets, names,
+                                paths.private_dir, paths.binddns_dir, realm=names.realm,
+                                dnsdomain=names.dnsdomain,
+                                dns_keytab_path=paths.dns_keytab, dnspass=dnspass,
+                                key_version_number=dns_key_version_number)
+
+        else:
+            logger.info("dns-%s account already exists" % hostname)
+
+        if not os.path.exists(paths.binddns_dir):
+            # This directory won't exist if we're restoring from an offline backup.
+            os.mkdir(paths.binddns_dir, 0o770)
+
+        create_dns_dir_keytab_link(logger, paths)
+
+        # This forces a re-creation of dns directory and all the files within
+        # It's an overkill, but it's easier to re-create a samdb copy, rather
+        # than trying to fix a broken copy.
+        create_dns_dir(logger, paths)
+
+        # Setup a copy of SAM for BIND9
+        create_samdb_copy(ldbs.sam, logger, paths, names, domainsid,
+                          domainguid)
+
+        create_named_conf(paths, names.realm, dnsdomain, opts.dns_backend, logger)
+
+        create_named_txt(paths.namedtxt, names.realm, dnsdomain, dnsname,
+                         paths.binddns_dir, paths.dns_keytab)
+
+        cleanup_obsolete_dns_files(paths)
+
+        if config_migration:
+            logger.info("ATTENTION: The BIND configuration and keytab has been moved to: %s",
+                        paths.binddns_dir)
+            logger.info("           Please update your BIND configuration accordingly.")
+        else:
+            logger.info("See %s for an example configuration include file for BIND", paths.namedconf)
+            logger.info("and %s for further documentation required for secure DNS "
+                        "updates", paths.namedtxt)
+
+    elif opts.dns_backend == "SAMBA_INTERNAL":
+        # Make sure to remove everything from the bind-dns directory to avoid
+        # possible security issues with the named group having write access
+        # to all AD partitions
+        cleanup_remove_file(os.path.join(paths.binddns_dir, "dns.keytab"))
+        cleanup_remove_file(os.path.join(paths.binddns_dir, "named.conf"))
+        cleanup_remove_file(os.path.join(paths.binddns_dir, "named.conf.update"))
+        cleanup_remove_file(os.path.join(paths.binddns_dir, "named.txt"))
+
+        cleanup_remove_dir(os.path.dirname(paths.dns))
+
+        try:
+            os.chmod(paths.private_dir, 0o700)
+            os.chown(paths.private_dir, -1, 0)
+        except:
+            logger.warn("Failed to restore owner and permissions for %s",
+                        (paths.private_dir))
+
+        # Check if dns-HOSTNAME account exists and delete it if required
+        try:
+            dn_str = 'samAccountName=dns-%s,CN=Principals' % hostname
+            msg = ldbs.secrets.search(expression='(dn=%s)' % dn_str, attrs=[])
+            dn = msg[0].dn
+        except IndexError:
+            dn = None
+
+        if dn is not None:
+            try:
+                ldbs.secrets.delete(dn)
+            except Exception:
+                logger.info("Failed to delete %s from secrets.ldb" % dn)
+
+        try:
+            msg = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT,
+                                  expression='(sAMAccountName=dns-%s)' % (hostname),
+                                  attrs=[])
+            dn = msg[0].dn
+        except IndexError:
+            dn = None
+
+        if dn is not None:
+            try:
+                ldbs.sam.delete(dn)
+            except Exception:
+                logger.info("Failed to delete %s from sam.ldb" % dn)
+
+    logger.info("Finished upgrading DNS")
+
+    services = lp.get("server services")
+    for service in services:
+        if service == "dns":
+            if opts.dns_backend.startswith("BIND"):
+                logger.info("You have switched to using %s as your dns backend,"
+                        " but still have the internal dns starting. Please"
+                        " make sure you add '-dns' to your server services"
+                        " line in your smb.conf." % opts.dns_backend)
+            break
+    else:
+        if opts.dns_backend == "SAMBA_INTERNAL":
+            logger.info("You have switched to using %s as your dns backend,"
+                    " but you still have samba starting looking for a"
+                    " BIND backend. Please remove the -dns from your"
+                    " server services line." % opts.dns_backend)
diff --git a/source4/scripting/bin/samba_upgradeprovision b/source4/scripting/bin/samba_upgradeprovision
new file mode 100755
index 0000000..18aae6d
--- /dev/null
+++ b/source4/scripting/bin/samba_upgradeprovision
@@ -0,0 +1,1848 @@
+#!/usr/bin/env python3
+# vim: expandtab
+#
+# Copyright (C) Matthieu Patou <mat@matws.net> 2009 - 2010
+#
+# Based on provision a Samba4 server by
+# Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2008
+# Copyright (C) Andrew Bartlett <abartlet@samba.org> 2008
+#
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+
+import logging
+import optparse
+import os
+import shutil
+import sys
+import tempfile
+import re
+import traceback
+# Allow to run from s4 source directory (without installing samba)
+sys.path.insert(0, "bin/python")
+
+import ldb
+import samba
+import samba.getopt as options
+from samba.samdb import get_default_backend_store
+
+from base64 import b64encode
+from samba.credentials import DONT_USE_KERBEROS
+from samba.auth import system_session, admin_session
+from samba import tdb_util
+from samba import mdb_util
+from ldb import (SCOPE_SUBTREE, SCOPE_BASE,
+                FLAG_MOD_REPLACE, FLAG_MOD_ADD, FLAG_MOD_DELETE,
+                MessageElement, Message, Dn, LdbError)
+from samba import param, dsdb, Ldb
+from samba.common import confirm
+from samba.descriptor import get_wellknown_sds, get_empty_descriptor, get_diff_sds
+from samba.provision import (find_provision_key_parameters,
+                            ProvisioningError, get_last_provision_usn,
+                            get_max_usn, update_provision_usn, setup_path)
+from samba.schema import get_linked_attributes, Schema, get_schema_descriptor
+from samba.dcerpc import security, drsblobs
+from samba.dcerpc.security import (
+    SECINFO_OWNER, SECINFO_GROUP, SECINFO_DACL, SECINFO_SACL)
+from samba.ndr import ndr_unpack
+from samba.upgradehelpers import (dn_sort, get_paths, newprovision,
+                                 get_ldbs, findprovisionrange,
+                                 usn_in_range, identic_rename,
+                                 update_secrets, CHANGE, ERROR, SIMPLE,
+                                 CHANGEALL, GUESS, CHANGESD, PROVISION,
+                                 updateOEMInfo, getOEMInfo, update_gpo,
+                                 delta_update_basesamdb, update_policyids,
+                                 update_machine_account_password,
+                                 search_constructed_attrs_stored,
+                                 int64range2str, update_dns_account_password,
+                                 increment_calculated_keyversion_number,
+                                 print_provision_ranges)
+from samba.xattr import copytree_with_xattrs
+from functools import cmp_to_key
+
+# make sure the script dies immediately when hitting control-C,
+# rather than raising KeyboardInterrupt. As we do all database
+# operations using transactions, this is safe.
+import signal
+signal.signal(signal.SIGINT, signal.SIG_DFL)
+
+replace=2**FLAG_MOD_REPLACE
+add=2**FLAG_MOD_ADD
+delete=2**FLAG_MOD_DELETE
+never=0
+
+
+# Will be modified during provision to tell if default sd has been modified
+# somehow ...
+
+#Errors are always logged
+
+__docformat__ = "restructuredText"
+
+# Attributes that are never copied from the reference provision (even if they
+# do not exist in the destination object).
+# This is most probably because they are populated automatically when object is
+# created
+# This also apply to imported object from reference provision
+replAttrNotCopied = [   "dn", "whenCreated", "whenChanged", "objectGUID",
+                        "parentGUID", "distinguishedName",
+                        "instanceType", "cn",
+                        "lmPwdHistory", "pwdLastSet", "ntPwdHistory",
+                        "unicodePwd", "dBCSPwd", "supplementalCredentials",
+                        "gPCUserExtensionNames", "gPCMachineExtensionNames",
+                        "maxPwdAge", "secret", "possibleInferiors", "privilege",
+                        "sAMAccountType", "oEMInformation", "creationTime" ]
+
+nonreplAttrNotCopied = ["uSNCreated", "replPropertyMetaData", "uSNChanged",
+                        "nextRid" ,"rIDNextRID", "rIDPreviousAllocationPool"]
+
+nonDSDBAttrNotCopied = ["msDS-KeyVersionNumber", "priorSecret", "priorWhenChanged"]
+
+
+attrNotCopied = replAttrNotCopied
+attrNotCopied.extend(nonreplAttrNotCopied)
+attrNotCopied.extend(nonDSDBAttrNotCopied)
+# Usually for an object that already exists we do not overwrite attributes as
+# they might have been changed for good reasons. Anyway for a few of them it's
+# mandatory to replace them otherwise the provision will be broken somehow.
+# But for attribute that are just missing we do not have to specify them as the default
+# behavior is to add missing attribute
+hashOverwrittenAtt = {  "prefixMap": replace, "systemMayContain": replace,
+                        "systemOnly":replace, "searchFlags":replace,
+                        "mayContain":replace, "systemFlags":replace+add,
+                        "description":replace,
+                        "operatingSystem": replace, "operatingSystemVersion":replace,
+                        "adminPropertyPages":replace, "groupType":replace,
+                        "wellKnownObjects":replace, "privilege":never,
+                        "rIDAvailablePool": never,
+                        "rIDNextRID": add, "rIDUsedPool": never,
+                        "defaultSecurityDescriptor": replace + add,
+                        "isMemberOfPartialAttributeSet": delete,
+                        "attributeDisplayNames": replace + add,
+                        "versionNumber": add}
+
+dnNotToRecalculateFound = False
+dnToRecalculate = []
+backlinked = []
+forwardlinked = set()
+dn_syntax_att = []
+not_replicated = []
+def define_what_to_log(opts):
+    what = 0
+    if opts.debugchange:
+        what = what | CHANGE
+    if opts.debugchangesd:
+        what = what | CHANGESD
+    if opts.debugguess:
+        what = what | GUESS
+    if opts.debugprovision:
+        what = what | PROVISION
+    if opts.debugall:
+        what = what | CHANGEALL
+    return what
+
+
+parser = optparse.OptionParser("samba_upgradeprovision [options]")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+parser.add_option("--setupdir", type="string", metavar="DIR",
+                  help="directory with setup files")
+parser.add_option("--debugprovision", help="Debug provision", action="store_true")
+parser.add_option("--debugguess", action="store_true",
+                  help="Print information on which values are guessed")
+parser.add_option("--debugchange", action="store_true",
+                  help="Print information on what is different but won't be changed")
+parser.add_option("--debugchangesd", action="store_true",
+                  help="Print security descriptor differences")
+parser.add_option("--debugall", action="store_true",
+                  help="Print all available information (very verbose)")
+parser.add_option("--db_backup_only", action="store_true",
+                  help="Do the backup of the database in the provision, skip the sysvol / netlogon shares")
+parser.add_option("--full", action="store_true",
+                  help="Perform full upgrade of the samdb (schema, configuration, new objects, ...")
+parser.add_option("--very-old-pre-alpha9", action="store_true",
+                  help="Perform additional forced SD resets required for a database from before Samba 4.0.0alpha9.")
+
+opts = parser.parse_args()[0]
+
+handler = logging.StreamHandler(sys.stdout)
+upgrade_logger = logging.getLogger("upgradeprovision")
+upgrade_logger.setLevel(logging.INFO)
+
+upgrade_logger.addHandler(handler)
+
+provision_logger = logging.getLogger("provision")
+provision_logger.addHandler(handler)
+
+whatToLog = define_what_to_log(opts)
+
+def message(what, text):
+    """Print a message if this message type has been selected to be printed
+
+    :param what: Category of the message
+    :param text: Message to print """
+    if (whatToLog & what) or what <= 0:
+        upgrade_logger.info("%s", text)
+
+if len(sys.argv) == 1:
+    opts.interactive = True
+lp = sambaopts.get_loadparm()
+smbconf = lp.configfile
+
+creds = credopts.get_credentials(lp)
+creds.set_kerberos_state(DONT_USE_KERBEROS)
+
+
+
+def check_for_DNS(refprivate, private, refbinddns_dir, binddns_dir, dns_backend):
+    """Check if the provision has already the requirement for dynamic dns
+
+    :param refprivate: The path to the private directory of the reference
+                       provision
+    :param private: The path to the private directory of the upgraded
+                    provision"""
+
+    spnfile = "%s/spn_update_list" % private
+    dnsfile = "%s/dns_update_list" % private
+
+    if not os.path.exists(spnfile):
+        shutil.copy("%s/spn_update_list" % refprivate, "%s" % spnfile)
+
+    if not os.path.exists(dnsfile):
+        shutil.copy("%s/dns_update_list" % refprivate, "%s" % dnsfile)
+
+    if not os.path.exists(binddns_dir):
+        os.mkdir(binddns_dir)
+
+    if dns_backend not in ['BIND9_DLZ', 'BIND9_FLATFILE']:
+       return
+
+    namedfile = lp.get("dnsupdate:path")
+    if not namedfile:
+       namedfile = "%s/named.conf.update" % binddns_dir
+    if not os.path.exists(namedfile):
+        destdir = "%s/new_dns" % binddns_dir
+        dnsdir = "%s/dns" % binddns_dir
+
+        if not os.path.exists(destdir):
+            os.mkdir(destdir)
+        if not os.path.exists(dnsdir):
+            os.mkdir(dnsdir)
+        shutil.copy("%s/named.conf" % refbinddns_dir, "%s/named.conf" % destdir)
+        shutil.copy("%s/named.txt" % refbinddns_dir, "%s/named.txt" % destdir)
+        message(SIMPLE, "It seems that your provision did not integrate "
+                "new rules for dynamic dns update of domain related entries")
+        message(SIMPLE, "A copy of the new bind configuration files and "
+                "template has been put in %s, you should read them and "
+                "configure dynamic dns updates" % destdir)
+
+
+def populate_links(samdb, schemadn):
+    """Populate an array with all the back linked attributes
+
+    This attributes that are modified automatically when
+    front attributes are changed
+
+    :param samdb: A LDB object for sam.ldb file
+    :param schemadn: DN of the schema for the partition"""
+    linkedAttHash = get_linked_attributes(Dn(samdb, str(schemadn)), samdb)
+    backlinked.extend(linkedAttHash.values())
+    for t in linkedAttHash.keys():
+        forwardlinked.add(t)
+
+def isReplicated(att):
+    """ Indicate if the attribute is replicated or not
+
+    :param att: Name of the attribute to be tested
+    :return: True is the attribute is replicated, False otherwise
+    """
+
+    return (att not in not_replicated)
+
+def populateNotReplicated(samdb, schemadn):
+    """Populate an array with all the attributes that are not replicated
+
+    :param samdb: A LDB object for sam.ldb file
+    :param schemadn: DN of the schema for the partition"""
+    res = samdb.search(expression="(&(objectclass=attributeSchema)(systemflags:1.2.840.113556.1.4.803:=1))", base=Dn(samdb,
+                        str(schemadn)), scope=SCOPE_SUBTREE,
+                        attrs=["lDAPDisplayName"])
+    for elem in res:
+        not_replicated.append(str(elem["lDAPDisplayName"]))
+
+
+def populate_dnsyntax(samdb, schemadn):
+    """Populate an array with all the attributes that have DN synthax
+       (oid 2.5.5.1)
+
+    :param samdb: A LDB object for sam.ldb file
+    :param schemadn: DN of the schema for the partition"""
+    res = samdb.search(expression="(attributeSyntax=2.5.5.1)", base=Dn(samdb,
+                        str(schemadn)), scope=SCOPE_SUBTREE,
+                        attrs=["lDAPDisplayName"])
+    for elem in res:
+        dn_syntax_att.append(elem["lDAPDisplayName"])
+
+
+def sanitychecks(samdb, names):
+    """Make some checks before trying to update
+
+    :param samdb: An LDB object opened on sam.ldb
+    :param names: list of key provision parameters
+    :return: Status of check (1 for Ok, 0 for not Ok) """
+    res = samdb.search(expression="objectClass=ntdsdsa", base=str(names.configdn),
+                         scope=SCOPE_SUBTREE, attrs=["dn"],
+                         controls=["search_options:1:2"])
+    if len(res) == 0:
+        print("No DC found. Your provision is most probably broken!")
+        return False
+    elif len(res) != 1:
+        print("Found %d domain controllers. For the moment "
+              "upgradeprovision is not able to handle an upgrade on a "
+              "domain with more than one DC. Please demote the other "
+              "DC(s) before upgrading" % len(res))
+        return False
+    else:
+        return True
+
+
+def print_provision_key_parameters(names):
+    """Do a a pretty print of provision parameters
+
+    :param names: list of key provision parameters """
+    message(GUESS, "rootdn      :" + str(names.rootdn))
+    message(GUESS, "configdn    :" + str(names.configdn))
+    message(GUESS, "schemadn    :" + str(names.schemadn))
+    message(GUESS, "serverdn    :" + str(names.serverdn))
+    message(GUESS, "netbiosname :" + names.netbiosname)
+    message(GUESS, "defaultsite :" + names.sitename)
+    message(GUESS, "dnsdomain   :" + names.dnsdomain)
+    message(GUESS, "hostname    :" + names.hostname)
+    message(GUESS, "domain      :" + names.domain)
+    message(GUESS, "realm       :" + names.realm)
+    message(GUESS, "invocationid:" + names.invocation)
+    message(GUESS, "policyguid  :" + names.policyid)
+    message(GUESS, "policyguiddc:" + str(names.policyid_dc))
+    message(GUESS, "domainsid   :" + str(names.domainsid))
+    message(GUESS, "domainguid  :" + names.domainguid)
+    message(GUESS, "ntdsguid    :" + names.ntdsguid)
+    message(GUESS, "domainlevel :" + str(names.domainlevel))
+
+
+def handle_special_case(att, delta, new, old, useReplMetadata, basedn, aldb):
+    """Define more complicate update rules for some attributes
+
+    :param att: The attribute to be updated
+    :param delta: A messageElement object that correspond to the difference
+                  between the updated object and the reference one
+    :param new: The reference object
+    :param old: The Updated object
+    :param useReplMetadata: A boolean that indicate if the update process
+                use replPropertyMetaData to decide what has to be updated.
+    :param basedn: The base DN of the provision
+    :param aldb: An ldb object used to build DN
+    :return: True to indicate that the attribute should be kept, False for
+             discarding it"""
+
+    # We do most of the special case handle if we do not have the
+    # highest usn as otherwise the replPropertyMetaData will guide us more
+    # correctly
+    if not useReplMetadata:
+        flag = delta.get(att).flags()
+        if (att == "sPNMappings" and flag == FLAG_MOD_REPLACE and
+            ldb.Dn(aldb, "CN=Directory Service,CN=Windows NT,"
+                        "CN=Services,CN=Configuration,%s" % basedn)
+                        == old[0].dn):
+            return True
+        if (att == "userAccountControl" and flag == FLAG_MOD_REPLACE and
+            ldb.Dn(aldb, "CN=Administrator,CN=Users,%s" % basedn)
+                        == old[0].dn):
+            message(SIMPLE, "We suggest that you change the userAccountControl"
+                            " for user Administrator from value %d to %d" %
+                            (int(str(old[0][att])), int(str(new[0][att]))))
+            return False
+        if (att == "minPwdAge" and flag == FLAG_MOD_REPLACE):
+            if (int(str(old[0][att])) == 0):
+                delta[att] = MessageElement(new[0][att], FLAG_MOD_REPLACE, att)
+            return True
+
+        if (att == "member" and flag == FLAG_MOD_REPLACE):
+            hash = {}
+            newval = []
+            changeDelta=0
+            for elem in old[0][att]:
+                hash[str(elem).lower()]=1
+                newval.append(str(elem))
+
+            for elem in new[0][att]:
+                if not str(elem).lower() in hash:
+                    changeDelta=1
+                    newval.append(str(elem))
+            if changeDelta == 1:
+                delta[att] = MessageElement(newval, FLAG_MOD_REPLACE, att)
+            else:
+                delta.remove(att)
+            return True
+
+        if (att in ("gPLink", "gPCFileSysPath") and
+            flag == FLAG_MOD_REPLACE and
+            str(new[0].dn).lower() == str(old[0].dn).lower()):
+            delta.remove(att)
+            return True
+
+        if att == "forceLogoff":
+            ref=0x8000000000000000
+            oldval=int(old[0][att][0])
+            newval=int(new[0][att][0])
+            ref == old and ref == abs(new)
+            return True
+
+        if att in ("adminDisplayName", "adminDescription"):
+            return True
+
+        if (str(old[0].dn) == "CN=Samba4-Local-Domain, %s" % (names.schemadn)
+            and att == "defaultObjectCategory" and flag == FLAG_MOD_REPLACE):
+            return True
+
+        if (str(old[0].dn) == "CN=Title, %s" % (str(names.schemadn)) and
+                att == "rangeUpper" and flag == FLAG_MOD_REPLACE):
+            return True
+
+        if (str(old[0].dn) == "%s" % (str(names.rootdn))
+                and att == "subRefs" and flag == FLAG_MOD_REPLACE):
+            return True
+        #Allow to change revision of ForestUpdates objects
+        if (att == "revision" or att == "objectVersion"):
+            if str(delta.dn).lower().find("domainupdates") and str(delta.dn).lower().find("forestupdates") > 0:
+                return True
+        if str(delta.dn).endswith("CN=DisplaySpecifiers, %s" % names.configdn):
+            return True
+
+    # This is a bit of special animal as we might have added
+    # already SPN entries to the list that has to be modified
+    # So we go in detail to try to find out what has to be added ...
+    if (att == "servicePrincipalName" and delta.get(att).flags() == FLAG_MOD_REPLACE):
+        hash = {}
+        newval = []
+        changeDelta = 0
+        for elem in old[0][att]:
+            hash[str(elem)]=1
+            newval.append(str(elem))
+
+        for elem in new[0][att]:
+            if not str(elem) in hash:
+                changeDelta = 1
+                newval.append(str(elem))
+        if changeDelta == 1:
+            delta[att] = MessageElement(newval, FLAG_MOD_REPLACE, att)
+        else:
+            delta.remove(att)
+        return True
+
+    return False
+
+def dump_denied_change(dn, att, flagtxt, current, reference):
+    """Print detailed information about why a change is denied
+
+    :param dn: DN of the object which attribute is denied
+    :param att: Attribute that was supposed to be upgraded
+    :param flagtxt: Type of the update that should be performed
+                    (add, change, remove, ...)
+    :param current: Value(s) of the current attribute
+    :param reference: Value(s) of the reference attribute"""
+
+    message(CHANGE, "dn= " + str(dn)+" " + att+" with flag " + flagtxt
+                + " must not be changed/removed. Discarding the change")
+    if att == "objectSid" :
+        message(CHANGE, "old : %s" % ndr_unpack(security.dom_sid, current[0]))
+        message(CHANGE, "new : %s" % ndr_unpack(security.dom_sid, reference[0]))
+    elif att == "rIDPreviousAllocationPool" or att == "rIDAllocationPool":
+        message(CHANGE, "old : %s" % int64range2str(current[0]))
+        message(CHANGE, "new : %s" % int64range2str(reference[0]))
+    else:
+        i = 0
+        for e in range(0, len(current)):
+            message(CHANGE, "old %d : %s" % (i, str(current[e])))
+            i+=1
+        if reference is not None:
+            i = 0
+            for e in range(0, len(reference)):
+                message(CHANGE, "new %d : %s" % (i, str(reference[e])))
+                i+=1
+
+def handle_special_add(samdb, dn, names):
+    """Handle special operation (like remove) on some object needed during
+    upgrade
+
+    This is mostly due to wrong creation of the object in previous provision.
+    :param samdb: An Ldb object representing the SAM database
+    :param dn: DN of the object to inspect
+    :param names: list of key provision parameters
+    """
+
+    dntoremove = None
+    objDn = Dn(samdb, "CN=IIS_IUSRS, CN=Builtin, %s" % names.rootdn)
+    if dn == objDn :
+        #This entry was misplaced lets remove it if it exists
+        dntoremove = "CN=IIS_IUSRS, CN=Users, %s" % names.rootdn
+
+    objDn = Dn(samdb,
+                "CN=Certificate Service DCOM Access, CN=Builtin, %s" % names.rootdn)
+    if dn == objDn:
+        #This entry was misplaced lets remove it if it exists
+        dntoremove = "CN=Certificate Service DCOM Access,"\
+                     "CN=Users, %s" % names.rootdn
+
+    objDn = Dn(samdb, "CN=Cryptographic Operators, CN=Builtin, %s" % names.rootdn)
+    if dn == objDn:
+        #This entry was misplaced lets remove it if it exists
+        dntoremove = "CN=Cryptographic Operators, CN=Users, %s" % names.rootdn
+
+    objDn = Dn(samdb, "CN=Event Log Readers, CN=Builtin, %s" % names.rootdn)
+    if dn == objDn:
+        #This entry was misplaced lets remove it if it exists
+        dntoremove = "CN=Event Log Readers, CN=Users, %s" % names.rootdn
+
+    objDn = Dn(samdb,"CN=System,CN=WellKnown Security Principals,"
+                     "CN=Configuration,%s" % names.rootdn)
+    if dn == objDn:
+        oldDn = Dn(samdb,"CN=Well-Known-Security-Id-System,"
+                         "CN=WellKnown Security Principals,"
+                         "CN=Configuration,%s" % names.rootdn)
+
+        res = samdb.search(expression="(distinguishedName=%s)" % oldDn,
+                            base=str(names.rootdn),
+                            scope=SCOPE_SUBTREE, attrs=["dn"],
+                            controls=["search_options:1:2"])
+
+        res2 = samdb.search(expression="(distinguishedName=%s)" % dn,
+                            base=str(names.rootdn),
+                            scope=SCOPE_SUBTREE, attrs=["dn"],
+                            controls=["search_options:1:2"])
+
+        if len(res) > 0 and len(res2) == 0:
+            message(CHANGE, "Existing object %s must be replaced by %s. "
+                            "Renaming old object" % (str(oldDn), str(dn)))
+            samdb.rename(oldDn, objDn, ["relax:0", "provision:0"])
+
+        return 0
+
+    if dntoremove is not None:
+        res = samdb.search(expression="(cn=RID Set)",
+                            base=str(names.rootdn),
+                            scope=SCOPE_SUBTREE, attrs=["dn"],
+                            controls=["search_options:1:2"])
+
+        if len(res) == 0:
+            return 2
+        res = samdb.search(expression="(distinguishedName=%s)" % dntoremove,
+                            base=str(names.rootdn),
+                            scope=SCOPE_SUBTREE, attrs=["dn"],
+                            controls=["search_options:1:2"])
+        if len(res) > 0:
+            message(CHANGE, "Existing object %s must be replaced by %s. "
+                            "Removing old object" % (dntoremove, str(dn)))
+            samdb.delete(res[0]["dn"])
+            return 0
+
+    return 1
+
+
+def check_dn_nottobecreated(hash, index, listdn):
+    """Check if one of the DN present in the list has a creation order
+       greater than the current.
+
+    Hash is indexed by dn to be created, with each key
+    is associated the creation order.
+
+    First dn to be created has the creation order 0, second has 1, ...
+    Index contain the current creation order
+
+    :param hash: Hash holding the different DN of the object to be
+                  created as key
+    :param index: Current creation order
+    :param listdn: List of DNs on which the current DN depends on
+    :return: None if the current object do not depend on other
+              object or if all object have been created before."""
+    if listdn is None:
+        return None
+    for dn in listdn:
+        key = str(dn).lower()
+        if key in hash and hash[key] > index:
+            return str(dn)
+    return None
+
+
+
+def add_missing_object(ref_samdb, samdb, dn, names, basedn, hash, index):
+    """Add a new object if the dependencies are satisfied
+
+    The function add the object if the object on which it depends are already
+    created
+
+    :param ref_samdb: Ldb object representing the SAM db of the reference
+                       provision
+    :param samdb: Ldb object representing the SAM db of the upgraded
+                   provision
+    :param dn: DN of the object to be added
+    :param names: List of key provision parameters
+    :param basedn: DN of the partition to be updated
+    :param hash: Hash holding the different DN of the object to be
+                  created as key
+    :param index: Current creation order
+    :return: True if the object was created False otherwise"""
+
+    ret = handle_special_add(samdb, dn, names)
+
+    if ret == 2:
+        return False
+
+    if ret == 0:
+        return True
+
+
+    reference = ref_samdb.search(expression="(distinguishedName=%s)" % (str(dn)),
+                                 base=basedn, scope=SCOPE_SUBTREE,
+                                 controls=["search_options:1:2"])
+    empty = Message()
+    delta = samdb.msg_diff(empty, reference[0])
+    delta.dn
+    skip = False
+    try:
+        if str(reference[0].get("cn"))  == "RID Set":
+            for klass in reference[0].get("objectClass"):
+                if str(klass).lower() == "ridset":
+                    skip = True
+    finally:
+        if delta.get("objectSid"):
+            sid = str(ndr_unpack(security.dom_sid, reference[0]["objectSid"][0]))
+            m = re.match(r".*-(\d+)$", sid)
+            if m and int(m.group(1))>999:
+                delta.remove("objectSid")
+        for att in attrNotCopied:
+            delta.remove(att)
+        for att in backlinked:
+            delta.remove(att)
+        for att in dn_syntax_att:
+            depend_on_yet_tobecreated = check_dn_nottobecreated(hash, index,
+                                                                delta.get(str(att)))
+            if depend_on_yet_tobecreated is not None:
+                message(CHANGE, "Object %s depends on %s in attribute %s. "
+                                "Delaying the creation" % (dn,
+                                          depend_on_yet_tobecreated, att))
+                return False
+
+        delta.dn = dn
+        if not skip:
+            message(CHANGE,"Object %s will be added" % dn)
+            samdb.add(delta, ["relax:0", "provision:0"])
+        else:
+            message(CHANGE,"Object %s was skipped" % dn)
+
+        return True
+
+def gen_dn_index_hash(listMissing):
+    """Generate a hash associating the DN to its creation order
+
+    :param listMissing: List of DN
+    :return: Hash with DN as keys and creation order as values"""
+    hash = {}
+    for i in range(0, len(listMissing)):
+        hash[str(listMissing[i]).lower()] = i
+    return hash
+
+def add_deletedobj_containers(ref_samdb, samdb, names):
+    """Add the object container: CN=Deleted Objects
+
+    This function create the container for each partition that need one and
+    then reference the object into the root of the partition
+
+    :param ref_samdb: Ldb object representing the SAM db of the reference
+                       provision
+    :param samdb: Ldb object representing the SAM db of the upgraded provision
+    :param names: List of key provision parameters"""
+
+
+    wkoPrefix = "B:32:18E2EA80684F11D2B9AA00C04F79F805"
+    partitions = [str(names.rootdn), str(names.configdn)]
+    for part in partitions:
+        ref_delObjCnt = ref_samdb.search(expression="(cn=Deleted Objects)",
+                                            base=part, scope=SCOPE_SUBTREE,
+                                            attrs=["dn"],
+                                            controls=["show_deleted:0",
+                                                      "show_recycled:0"])
+        delObjCnt = samdb.search(expression="(cn=Deleted Objects)",
+                                    base=part, scope=SCOPE_SUBTREE,
+                                    attrs=["dn"],
+                                    controls=["show_deleted:0",
+                                              "show_recycled:0"])
+        if len(ref_delObjCnt) > len(delObjCnt):
+            reference = ref_samdb.search(expression="cn=Deleted Objects",
+                                            base=part, scope=SCOPE_SUBTREE,
+                                            controls=["show_deleted:0",
+                                                      "show_recycled:0"])
+            empty = Message()
+            delta = samdb.msg_diff(empty, reference[0])
+
+            delta.dn = Dn(samdb, str(reference[0]["dn"]))
+            for att in attrNotCopied:
+                delta.remove(att)
+
+            modcontrols = ["relax:0", "provision:0"]
+            samdb.add(delta, modcontrols)
+
+            listwko = []
+            res = samdb.search(expression="(objectClass=*)", base=part,
+                               scope=SCOPE_BASE,
+                               attrs=["dn", "wellKnownObjects"])
+
+            targetWKO = "%s:%s" % (wkoPrefix, str(reference[0]["dn"]))
+            found = False
+
+            if len(res[0]) > 0:
+                wko = res[0]["wellKnownObjects"]
+
+                # The wellKnownObject that we want to add.
+                for o in wko:
+                    if str(o) == targetWKO:
+                        found = True
+                    listwko.append(str(o))
+
+            if not found:
+                listwko.append(targetWKO)
+
+                delta = Message()
+                delta.dn = Dn(samdb, str(res[0]["dn"]))
+                delta["wellKnownObjects"] = MessageElement(listwko,
+                                                FLAG_MOD_REPLACE,
+                                                "wellKnownObjects" )
+                samdb.modify(delta)
+
+def add_missing_entries(ref_samdb, samdb, names, basedn, list):
+    """Add the missing object whose DN is the list
+
+    The function add the object if the objects on which it depends are
+    already created.
+
+    :param ref_samdb: Ldb object representing the SAM db of the reference
+                      provision
+    :param samdb: Ldb object representing the SAM db of the upgraded
+                  provision
+    :param names: List of key provision parameters
+    :param basedn: DN of the partition to be updated
+    :param list: List of DN to be added in the upgraded provision"""
+
+    listMissing = []
+    listDefered = list
+
+    while(len(listDefered) != len(listMissing) and len(listDefered) > 0):
+        index = 0
+        listMissing = listDefered
+        listDefered = []
+        hashMissing = gen_dn_index_hash(listMissing)
+        for dn in listMissing:
+            ret = add_missing_object(ref_samdb, samdb, dn, names, basedn,
+                                        hashMissing, index)
+            index = index + 1
+            if ret == 0:
+                # DN can't be created because it depends on some
+                # other DN in the list
+                listDefered.append(dn)
+
+    if len(listDefered) != 0:
+        raise ProvisioningError("Unable to insert missing elements: "
+                                "circular references")
+
+def handle_links(samdb, att, basedn, dn, value, ref_value, delta):
+    """This function handle updates on links
+
+    :param samdb: An LDB object pointing to the updated provision
+    :param att: Attribute to update
+    :param basedn: The root DN of the provision
+    :param dn: The DN of the inspected object
+    :param value: The value of the attribute
+    :param ref_value: The value of this attribute in the reference provision
+    :param delta: The MessageElement object that will be applied for
+                   transforming the current provision"""
+
+    res = samdb.search(base=dn, controls=["search_options:1:2", "reveal:1"],
+                        attrs=[att])
+
+    blacklist = {}
+    hash = {}
+    newlinklist = []
+    changed = False
+
+    for v in value:
+        newlinklist.append(str(v))
+
+    for e in value:
+        hash[e] = 1
+    # for w2k domain level the reveal won't reveal anything ...
+    # it means that we can readd links that were removed on purpose ...
+    # Also this function in fact just accept add not removal
+
+    for e in res[0][att]:
+        if not e in hash:
+            # We put in the blacklist all the element that are in the "revealed"
+            # result and not in the "standard" result
+            # These elements are links that were removed before. We don't want
+            # to readd them.
+            blacklist[e] = 1
+
+    for e in ref_value:
+        if not e in blacklist and not e in hash:
+            newlinklist.append(str(e))
+            changed = True
+    if changed:
+        delta[att] = MessageElement(newlinklist, FLAG_MOD_REPLACE, att)
+    else:
+        delta.remove(att)
+
+    return delta
+
+
+def checkKeepAttributeWithMetadata(delta, att, message, reference, current,
+                                    hash_attr_usn, basedn, usns, samdb):
+    """ Check if we should keep the attribute modification or not
+
+        :param delta: A message diff object
+        :param att: An attribute
+        :param message: A function to print messages
+        :param reference: A message object for the current entry coming from
+                            the reference provision.
+        :param current: A message object for the current entry commin from
+                            the current provision.
+        :param hash_attr_usn: A dictionary with attribute name as keys,
+                                USN and invocation id as values.
+        :param basedn: The DN of the partition
+        :param usns: A dictionary with invocation ID as keys and USN ranges
+                     as values.
+        :param samdb: A ldb object pointing to the sam DB
+
+        :return: The modified message diff.
+    """
+    global defSDmodified
+    isFirst = True
+    txt = ""
+    dn = current[0].dn
+
+    for att in list(delta):
+        if att in ["dn", "objectSid"]:
+            delta.remove(att)
+            continue
+
+        # We have updated by provision usn information so let's exploit
+        # replMetadataProperties
+        if att in forwardlinked:
+            curval = current[0].get(att, ())
+            refval = reference[0].get(att, ())
+            delta = handle_links(samdb, att, basedn, current[0]["dn"],
+                            curval, refval, delta)
+            continue
+
+
+        if isFirst and len(list(delta)) > 1:
+            isFirst = False
+            txt = "%s\n" % (str(dn))
+
+        if handle_special_case(att, delta, reference, current, True, None, None):
+            # This attribute is "complicated" to handle and handling
+            # was done in handle_special_case
+            continue
+
+        attrUSN = None
+        if hash_attr_usn.get(att):
+            [attrUSN, attInvId] = hash_attr_usn.get(att)
+
+        if attrUSN is None:
+            # If it's a replicated attribute and we don't have any USN
+            # information about it. It means that we never saw it before
+            # so let's add it !
+            # If it is a replicated attribute but we are not master on it
+            # (ie. not initially added in the provision we masterize).
+            # attrUSN will be -1
+            if isReplicated(att):
+                continue
+            else:
+                message(CHANGE, "Non replicated attribute %s changed" % att)
+                continue
+
+        if att == "nTSecurityDescriptor":
+            cursd = ndr_unpack(security.descriptor,
+                current[0]["nTSecurityDescriptor"][0])
+            refsd = ndr_unpack(security.descriptor,
+                reference[0]["nTSecurityDescriptor"][0])
+
+            diff = get_diff_sds(refsd, cursd, names.domainsid)
+            if diff == "":
+                # FIXME find a way to have it only with huge huge verbose mode
+                # message(CHANGE, "%ssd are identical" % txt)
+                # txt = ""
+                delta.remove(att)
+                continue
+            else:
+                delta.remove(att)
+                message(CHANGESD, "%ssd are not identical:\n%s" % (txt, diff))
+                txt = ""
+                if attrUSN == -1:
+                    message(CHANGESD, "But the SD has been changed by someonelse "
+                                    "so it's impossible to know if the difference"
+                                    " cames from the modification or from a previous bug")
+                    global dnNotToRecalculateFound
+                    dnNotToRecalculateFound = True
+                else:
+                    dnToRecalculate.append(dn)
+                continue
+
+        if attrUSN == -1:
+            # This attribute was last modified by another DC forget
+            # about it
+            message(CHANGE, "%sAttribute: %s has been "
+                    "created/modified/deleted by another DC. "
+                    "Doing nothing" % (txt, att))
+            txt = ""
+            delta.remove(att)
+            continue
+        elif not usn_in_range(int(attrUSN), usns.get(attInvId)):
+            message(CHANGE, "%sAttribute: %s was not "
+                            "created/modified/deleted during a "
+                            "provision or upgradeprovision. Current "
+                            "usn: %d. Doing nothing" % (txt, att,
+                                                        attrUSN))
+            txt = ""
+            delta.remove(att)
+            continue
+        else:
+            if att == "defaultSecurityDescriptor":
+                defSDmodified = True
+            if attrUSN:
+                message(CHANGE, "%sAttribute: %s will be modified"
+                                "/deleted it was last modified "
+                                "during a provision. Current usn: "
+                                "%d" % (txt, att, attrUSN))
+                txt = ""
+            else:
+                message(CHANGE, "%sAttribute: %s will be added because "
+                                "it did not exist before" % (txt, att))
+                txt = ""
+            continue
+
+    return delta
+
+def update_present(ref_samdb, samdb, basedn, listPresent, usns):
+    """ This function updates the object that are already present in the
+        provision
+
+    :param ref_samdb: An LDB object pointing to the reference provision
+    :param samdb: An LDB object pointing to the updated provision
+    :param basedn: A string with the value of the base DN for the provision
+                   (ie. DC=foo, DC=bar)
+    :param listPresent: A list of object that is present in the provision
+    :param usns: A list of USN range modified by previous provision and
+                 upgradeprovision grouped by invocation ID
+    """
+
+    # This hash is meant to speedup lookup of attribute name from an oid,
+    # it's for the replPropertyMetaData handling
+    hash_oid_name = {}
+    res = samdb.search(expression="objectClass=attributeSchema", base=basedn,
+                        controls=["search_options:1:2"], attrs=["attributeID",
+                        "lDAPDisplayName"])
+    if len(res) > 0:
+        for e in res:
+            strDisplay = str(e.get("lDAPDisplayName"))
+            hash_oid_name[str(e.get("attributeID"))] = strDisplay
+    else:
+        msg = "Unable to insert missing elements: circular references"
+        raise ProvisioningError(msg)
+
+    changed = 0
+    sd_flags = SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL | SECINFO_SACL
+    controls = ["search_options:1:2", "sd_flags:1:%d" % sd_flags]
+    message(CHANGE, "Using replPropertyMetadata for change selection")
+    for dn in listPresent:
+        reference = ref_samdb.search(expression="(distinguishedName=%s)" % (str(dn)), base=basedn,
+                                        scope=SCOPE_SUBTREE,
+                                        controls=controls)
+        current = samdb.search(expression="(distinguishedName=%s)" % (str(dn)), base=basedn,
+                                scope=SCOPE_SUBTREE, controls=controls)
+
+        if (
+             (str(current[0].dn) != str(reference[0].dn)) and
+             (str(current[0].dn).upper() == str(reference[0].dn).upper())
+           ):
+            message(CHANGE, "Names are the same except for the case. "
+                            "Renaming %s to %s" % (str(current[0].dn),
+                                                   str(reference[0].dn)))
+            identic_rename(samdb, reference[0].dn)
+            current = samdb.search(expression="(distinguishedName=%s)" % (str(dn)), base=basedn,
+                                    scope=SCOPE_SUBTREE,
+                                    controls=controls)
+
+        delta = samdb.msg_diff(current[0], reference[0])
+
+        for att in backlinked:
+            delta.remove(att)
+
+        for att in attrNotCopied:
+            delta.remove(att)
+
+        delta.remove("name")
+
+        nb_items = len(list(delta))
+
+        if nb_items == 1:
+            continue
+
+        if nb_items > 1:
+            # Fetch the replPropertyMetaData
+            res = samdb.search(expression="(distinguishedName=%s)" % (str(dn)), base=basedn,
+                                scope=SCOPE_SUBTREE, controls=controls,
+                                attrs=["replPropertyMetaData"])
+            ctr = ndr_unpack(drsblobs.replPropertyMetaDataBlob,
+                                res[0]["replPropertyMetaData"][0]).ctr
+
+            hash_attr_usn = {}
+            for o in ctr.array:
+                # We put in this hash only modification
+                # made on the current host
+                att = hash_oid_name[samdb.get_oid_from_attid(o.attid)]
+                if str(o.originating_invocation_id) in usns.keys():
+                    hash_attr_usn[att] = [o.originating_usn, str(o.originating_invocation_id)]
+                else:
+                    hash_attr_usn[att] = [-1, None]
+
+        delta = checkKeepAttributeWithMetadata(delta, att, message, reference,
+                                               current, hash_attr_usn,
+                                               basedn, usns, samdb)
+
+        delta.dn = dn
+
+
+        if len(delta) >1:
+            # Skip dn as the value is not really changed ...
+            attributes=", ".join(delta.keys()[1:])
+            modcontrols = []
+            relaxedatt = ['iscriticalsystemobject', 'grouptype']
+            # Let's try to reduce as much as possible the use of relax control
+            for attr in delta.keys():
+                if attr.lower() in relaxedatt:
+                    modcontrols = ["relax:0", "provision:0"]
+            message(CHANGE, "%s is different from the reference one, changed"
+                            " attributes: %s\n" % (dn, attributes))
+            changed += 1
+            samdb.modify(delta, modcontrols)
+    return changed
+
+def reload_full_schema(samdb, names):
+    """Load the updated schema with all the new and existing classes
+       and attributes.
+
+    :param samdb: An LDB object connected to the sam.ldb of the update
+                  provision
+    :param names: List of key provision parameters
+    """
+
+    schemadn = str(names.schemadn)
+    current = samdb.search(expression="objectClass=*", base=schemadn,
+                                scope=SCOPE_SUBTREE)
+
+    schema_ldif = "".join(samdb.write_ldif(ent, ldb.CHANGETYPE_NONE) for ent in current)
+
+    prefixmap_data = b64encode(open(setup_path("prefixMap.txt"), 'rb').read()).decode('utf8')
+
+    # We don't actually add this ldif, just parse it
+    prefixmap_ldif = "dn: %s\nprefixMap:: %s\n\n" % (schemadn, prefixmap_data)
+
+    dsdb._dsdb_set_schema_from_ldif(samdb, prefixmap_ldif, schema_ldif, schemadn)
+
+
+def update_partition(ref_samdb, samdb, basedn, names, schema, provisionUSNs, prereloadfunc):
+    """Check differences between the reference provision and the upgraded one.
+
+    It looks for all objects which base DN is name.
+
+    This function will also add the missing object and update existing object
+    to add or remove attributes that were missing.
+
+    :param ref_samdb: An LDB object connected to the sam.ldb of the
+                       reference provision
+    :param samdb: An LDB object connected to the sam.ldb of the update
+                  provision
+    :param basedn: String value of the DN of the partition
+    :param names: List of key provision parameters
+    :param schema: A Schema object
+    :param provisionUSNs:  A dictionary with range of USN modified during provision
+                            or upgradeprovision. Ranges are grouped by invocationID.
+    :param prereloadfunc: A function that must be executed just before the reload
+                  of the schema
+    """
+
+    hash_new = {}
+    hash = {}
+    listMissing = []
+    listPresent = []
+    reference = []
+    current = []
+
+    # Connect to the reference provision and get all the attribute in the
+    # partition referred by name
+    reference = ref_samdb.search(expression="objectClass=*", base=basedn,
+                                    scope=SCOPE_SUBTREE, attrs=["dn"],
+                                    controls=["search_options:1:2"])
+
+    current = samdb.search(expression="objectClass=*", base=basedn,
+                                scope=SCOPE_SUBTREE, attrs=["dn"],
+                                controls=["search_options:1:2"])
+    # Create a hash for speeding the search of new object
+    for i in range(0, len(reference)):
+        hash_new[str(reference[i]["dn"]).lower()] = reference[i]["dn"]
+
+    # Create a hash for speeding the search of existing object in the
+    # current provision
+    for i in range(0, len(current)):
+        hash[str(current[i]["dn"]).lower()] = current[i]["dn"]
+
+
+    for k in hash_new.keys():
+        if not k in hash:
+            if not str(hash_new[k]) == "CN=Deleted Objects, %s" % names.rootdn:
+                listMissing.append(hash_new[k])
+        else:
+            listPresent.append(hash_new[k])
+
+    # Sort the missing object in order to have object of the lowest level
+    # first (which can be containers for higher level objects)
+    listMissing.sort(key=cmp_to_key(dn_sort))
+    listPresent.sort(key=cmp_to_key(dn_sort))
+
+    # The following lines is to load the up to
+    # date schema into our current LDB
+    # a complete schema is needed as the insertion of attributes
+    # and class is done against it
+    # and the schema is self validated
+    samdb.set_schema(schema)
+    try:
+        message(SIMPLE, "There are %d missing objects" % (len(listMissing)))
+        add_deletedobj_containers(ref_samdb, samdb, names)
+
+        add_missing_entries(ref_samdb, samdb, names, basedn, listMissing)
+
+        prereloadfunc()
+        message(SIMPLE, "Reloading a merged schema, which might trigger "
+                        "reindexing so please be patient")
+        reload_full_schema(samdb, names)
+        message(SIMPLE, "Schema reloaded!")
+
+        changed = update_present(ref_samdb, samdb, basedn, listPresent,
+                                    provisionUSNs)
+        message(SIMPLE, "There are %d changed objects" % (changed))
+        return 1
+
+    except Exception as err:
+        message(ERROR, "Exception during upgrade of samdb:")
+        (typ, val, tb) = sys.exc_info()
+        traceback.print_exception(typ, val, tb)
+        return 0
+
+
+def check_updated_sd(ref_sam, cur_sam, names):
+    """Check if the security descriptor in the upgraded provision are the same
+       as the reference
+
+    :param ref_sam: A LDB object connected to the sam.ldb file used as
+                    the reference provision
+    :param cur_sam: A LDB object connected to the sam.ldb file used as
+                    upgraded provision
+    :param names: List of key provision parameters"""
+    reference = ref_sam.search(expression="objectClass=*", base=str(names.rootdn),
+                                scope=SCOPE_SUBTREE,
+                                attrs=["dn", "nTSecurityDescriptor"],
+                                controls=["search_options:1:2"])
+    current = cur_sam.search(expression="objectClass=*", base=str(names.rootdn),
+                                scope=SCOPE_SUBTREE,
+                                attrs=["dn", "nTSecurityDescriptor"],
+                                controls=["search_options:1:2"])
+    hash = {}
+    for i in range(0, len(reference)):
+        refsd_blob = reference[i]["nTSecurityDescriptor"][0]
+        hash[str(reference[i]["dn"]).lower()] = refsd_blob
+
+
+    for i in range(0, len(current)):
+        key = str(current[i]["dn"]).lower()
+        if key in hash:
+            cursd_blob = current[i]["nTSecurityDescriptor"][0]
+            cursd = ndr_unpack(security.descriptor,
+                               cursd_blob)
+            if cursd_blob != hash[key]:
+                refsd = ndr_unpack(security.descriptor,
+                                   hash[key])
+                txt = get_diff_sds(refsd, cursd, names.domainsid, False)
+                if txt != "":
+                    message(CHANGESD, "On object %s ACL is different"
+                                      " \n%s" % (current[i]["dn"], txt))
+
+
+
+def fix_wellknown_sd(samdb, names):
+    """This function fix the SD for partition/wellknown containers (basedn, configdn, ...)
+    This is needed because some provision use to have broken SD on containers
+
+    :param samdb: An LDB object pointing to the sam of the current provision
+    :param names: A list of key provision parameters
+    """
+
+    list_wellknown_dns = []
+
+    subcontainers = get_wellknown_sds(samdb)
+
+    for [dn, descriptor_fn] in subcontainers:
+        list_wellknown_dns.append(dn)
+        if dn in dnToRecalculate:
+            delta = Message()
+            delta.dn = dn
+            descr = descriptor_fn(names.domainsid, name_map=names.name_map)
+            delta["nTSecurityDescriptor"] = MessageElement(descr, FLAG_MOD_REPLACE,
+                                                            "nTSecurityDescriptor" )
+            samdb.modify(delta)
+            message(CHANGESD, "nTSecurityDescriptor updated on wellknown DN: %s" % delta.dn)
+
+    return list_wellknown_dns
+
+def rebuild_sd(samdb, names):
+    """Rebuild security descriptor of the current provision from scratch
+
+    During the different pre release of samba4 security descriptors
+    (SD) were notarly broken (up to alpha11 included)
+
+    This function allows one to get them back in order, this function works
+    only after the database comparison that --full mode uses and which
+    populates the dnToRecalculate and dnNotToRecalculate lists.
+
+    The idea is that the SD can be safely recalculated from scratch to get it right.
+
+    :param names: List of key provision parameters"""
+
+    listWellknown = fix_wellknown_sd(samdb, names)
+
+    if len(dnToRecalculate) != 0:
+        message(CHANGESD, "%d DNs have been marked as needed to be recalculated"
+                            % (len(dnToRecalculate)))
+
+    for dn in dnToRecalculate:
+        # well known SDs have already been reset
+        if dn in listWellknown:
+            continue
+        delta = Message()
+        delta.dn = dn
+        sd_flags = SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL | SECINFO_SACL
+        try:
+            descr = get_empty_descriptor(names.domainsid)
+            delta["nTSecurityDescriptor"] = MessageElement(descr, FLAG_MOD_REPLACE,
+                                                    "nTSecurityDescriptor")
+            samdb.modify(delta, ["sd_flags:1:%d" % sd_flags,"relax:0","local_oid:%s:0" % dsdb.DSDB_CONTROL_DBCHECK])
+        except LdbError as e:
+            samdb.transaction_cancel()
+            res = samdb.search(expression="objectClass=*", base=str(delta.dn),
+                                scope=SCOPE_BASE,
+                                attrs=["nTSecurityDescriptor"],
+                                controls=["sd_flags:1:%d" % sd_flags])
+            badsd = ndr_unpack(security.descriptor,
+                        res[0]["nTSecurityDescriptor"][0])
+            message(ERROR, "On %s bad stuff %s" % (str(delta.dn),badsd.as_sddl(names.domainsid)))
+            return
+
+def hasATProvision(samdb):
+        entry = samdb.search(expression="(distinguishedName=@PROVISION)", base = "",
+                                scope=SCOPE_BASE,
+                                attrs=["dn"])
+
+        if entry is not None and len(entry) == 1:
+            return True
+        else:
+            return False
+
+def removeProvisionUSN(samdb):
+        attrs = [samba.provision.LAST_PROVISION_USN_ATTRIBUTE, "dn"]
+        entry = samdb.search(expression="(distinguishedName=@PROVISION)", base = "",
+                                scope=SCOPE_BASE,
+                                attrs=attrs)
+        empty = Message()
+        empty.dn = entry[0].dn
+        delta = samdb.msg_diff(entry[0], empty)
+        delta.remove("dn")
+        delta.dn = entry[0].dn
+        samdb.modify(delta)
+
+def remove_stored_generated_attrs(paths, creds, session, lp):
+    """Remove previously stored constructed attributes
+
+    :param paths: List of paths for different provision objects
+                        from the upgraded provision
+    :param creds: A credential object
+    :param session: A session object
+    :param lp: A line parser object
+    :return: An associative array whose key are the different constructed
+             attributes and the value the dn where this attributes were found.
+     """
+
+
+def simple_update_basesamdb(newpaths, paths, names):
+    """Update the provision container db: sam.ldb
+    This function is aimed at very old provision (before alpha9)
+
+    :param newpaths: List of paths for different provision objects
+                        from the reference provision
+    :param paths: List of paths for different provision objects
+                        from the upgraded provision
+    :param names: List of key provision parameters"""
+
+    message(SIMPLE, "Copy samdb")
+    tdb_util.tdb_copy(newpaths.samdb, paths.samdb)
+
+    message(SIMPLE, "Update partitions filename if needed")
+    schemaldb = os.path.join(paths.private_dir, "schema.ldb")
+    configldb = os.path.join(paths.private_dir, "configuration.ldb")
+    usersldb = os.path.join(paths.private_dir, "users.ldb")
+    samldbdir = os.path.join(paths.private_dir, "sam.ldb.d")
+
+    if not os.path.isdir(samldbdir):
+        os.mkdir(samldbdir)
+        os.chmod(samldbdir, 0o700)
+    if os.path.isfile(schemaldb):
+        tdb_util.tdb_copy(schemaldb, os.path.join(samldbdir,
+                                            "%s.ldb"%str(names.schemadn).upper()))
+        os.remove(schemaldb)
+    if os.path.isfile(usersldb):
+        tdb_util.tdb_copy(usersldb, os.path.join(samldbdir,
+                                            "%s.ldb"%str(names.rootdn).upper()))
+        os.remove(usersldb)
+    if os.path.isfile(configldb):
+        tdb_util.tdb_copy(configldb, os.path.join(samldbdir,
+                                            "%s.ldb"%str(names.configdn).upper()))
+        os.remove(configldb)
+
+
+def update_samdb(ref_samdb, samdb, names, provisionUSNs, schema, prereloadfunc):
+    """Upgrade the SAM DB contents for all the provision partitions
+
+    :param ref_samdb: An LDB object connected to the sam.ldb of the reference
+                       provision
+    :param samdb: An LDB object connected to the sam.ldb of the update
+                  provision
+    :param names: List of key provision parameters
+    :param provisionUSNs:  A dictionary with range of USN modified during provision
+                            or upgradeprovision. Ranges are grouped by invocationID.
+    :param schema: A Schema object that represent the schema of the provision
+    :param prereloadfunc: A function that must be executed just before the reload
+                  of the schema
+    """
+
+    message(SIMPLE, "Starting update of samdb")
+    ret = update_partition(ref_samdb, samdb, str(names.rootdn), names,
+                            schema, provisionUSNs, prereloadfunc)
+    if ret:
+        message(SIMPLE, "Update of samdb finished")
+        return 1
+    else:
+        message(SIMPLE, "Update failed")
+        return 0
+
+
+def backup_provision(samdb, paths, dir, only_db):
+    """This function backup the provision files so that a rollback
+    is possible
+
+    :param paths: Paths to different objects
+    :param dir: Directory where to store the backup
+    :param only_db: Skip sysvol for users with big sysvol
+    """
+
+    # Currently we default to tdb for the backend store type
+    #
+    backend_store = "tdb"
+    res = samdb.search(base="@PARTITION",
+                       scope=ldb.SCOPE_BASE,
+                       attrs=["backendStore"])
+    if "backendStore" in res[0]:
+        backend_store = str(res[0]["backendStore"][0])
+
+
+    if paths.sysvol and not only_db:
+        copytree_with_xattrs(paths.sysvol, os.path.join(dir, "sysvol"))
+
+    tdb_util.tdb_copy(paths.samdb, os.path.join(dir, os.path.basename(paths.samdb)))
+    tdb_util.tdb_copy(paths.secrets, os.path.join(dir, os.path.basename(paths.secrets)))
+    tdb_util.tdb_copy(paths.idmapdb, os.path.join(dir, os.path.basename(paths.idmapdb)))
+    tdb_util.tdb_copy(paths.privilege, os.path.join(dir, os.path.basename(paths.privilege)))
+    if os.path.isfile(os.path.join(paths.private_dir,"eadb.tdb")):
+        tdb_util.tdb_copy(os.path.join(paths.private_dir,"eadb.tdb"), os.path.join(dir, "eadb.tdb"))
+    shutil.copy2(paths.smbconf, dir)
+    shutil.copy2(os.path.join(paths.private_dir,"secrets.keytab"), dir)
+
+    samldbdir = os.path.join(paths.private_dir, "sam.ldb.d")
+    if not os.path.isdir(samldbdir):
+        samldbdir = paths.private_dir
+        schemaldb = os.path.join(paths.private_dir, "schema.ldb")
+        configldb = os.path.join(paths.private_dir, "configuration.ldb")
+        usersldb = os.path.join(paths.private_dir, "users.ldb")
+        tdb_util.tdb_copy(schemaldb, os.path.join(dir, "schema.ldb"))
+        tdb_util.tdb_copy(usersldb, os.path.join(dir, "configuration.ldb"))
+        tdb_util.tdb_copy(configldb, os.path.join(dir, "users.ldb"))
+    else:
+        os.mkdir(os.path.join(dir, "sam.ldb.d"), 0o700)
+
+        for ldb_name in os.listdir(samldbdir):
+            if not ldb_name.endswith("-lock"):
+                if backend_store == "mdb" and ldb_name != "metadata.tdb":
+                    mdb_util.mdb_copy(os.path.join(samldbdir, ldb_name),
+                                      os.path.join(dir, "sam.ldb.d", ldb_name))
+                else:
+                    tdb_util.tdb_copy(os.path.join(samldbdir, ldb_name),
+                                      os.path.join(dir, "sam.ldb.d", ldb_name))
+
+
+def sync_calculated_attributes(samdb, names):
+   """Synchronize attributes used for constructed ones, with the
+      old constructed that were stored in the database.
+
+      This apply for instance to msds-keyversionnumber that was
+      stored and that is now constructed from replpropertymetadata.
+
+      :param samdb: An LDB object attached to the currently upgraded samdb
+      :param names: Various key parameter about current provision.
+   """
+   listAttrs = ["msDs-KeyVersionNumber"]
+   hash = search_constructed_attrs_stored(samdb, names.rootdn, listAttrs)
+   if "msDs-KeyVersionNumber" in hash:
+       increment_calculated_keyversion_number(samdb, names.rootdn,
+                                            hash["msDs-KeyVersionNumber"])
+
+# Synopsis for updateprovision
+# 1) get path related to provision to be update (called current)
+# 2) open current provision ldbs
+# 3) fetch the key provision parameter (domain sid, domain guid, invocationid
+#    of the DC ....)
+# 4) research of lastProvisionUSN in order to get ranges of USN modified
+#    by either upgradeprovision or provision
+# 5) creation of a new provision the latest version of provision script
+#    (called reference)
+# 6) get reference provision paths
+# 7) open reference provision ldbs
+# 8) setup helpers data that will help the update process
+# 9) (SKIPPED) we no longer update the privilege ldb by copying the one of reference provision to
+#    the current provision, because a shutil.copy would break the transaction locks both databases are under
+#    and this database has not changed between 2009 and Samba 4.0.3 in Feb 2013 (at least)
+# 10)get the oemInfo field, this field contains information about the different
+#    provision that have been done
+# 11)Depending on if the --very-old-pre-alpha9 flag is set the following things are done
+#    A) When alpha9 or alphaxx not specified (default)
+#       The base sam.ldb file is updated by looking at the difference between
+#       reference one and the current one. Everything is copied with the
+#       exception of lastProvisionUSN attributes.
+#    B) Other case (it reflect that that provision was done before alpha9)
+#       The base sam.ldb of the reference provision is copied over
+#       the current one, if necessary ldb related to partitions are moved
+#       and renamed
+# The highest used USN is fetched so that changed by upgradeprovision
+# usn can be tracked
+# 12)A Schema object is created, it will be used to provide a complete
+#    schema to current provision during update (as the schema of the
+#    current provision might not be complete and so won't allow some
+#    object to be created)
+# 13)Proceed to full update of sam DB (see the separate paragraph about i)
+# 14)The secrets db is updated by pull all the difference from the reference
+#    provision into the current provision
+# 15)As the previous step has most probably modified the password stored in
+#    in secret for the current DC, a new password is generated,
+#    the kvno is bumped and the entry in samdb is also updated
+# 16)For current provision older than alpha9, we must fix the SD a little bit
+#    administrator to update them because SD used to be generated with the
+#    system account before alpha9.
+# 17)The highest usn modified so far is searched in the database it will be
+#    the upper limit for usn modified during provision.
+#    This is done before potential SD recalculation because we do not want
+#    SD modified during recalculation to be marked as modified during provision
+#    (and so possibly remplaced at next upgradeprovision)
+# 18)Rebuilt SD if the flag indicate to do so
+# 19)Check difference between SD of reference provision and those of the
+#    current provision. The check is done by getting the sddl representation
+#    of the SD. Each sddl in chunked into parts (user,group,dacl,sacl)
+#    Each part is verified separately, for dacl and sacl ACL is split into
+#    ACEs and each ACE is verified separately (so that a permutation in ACE
+#    didn't raise as an error).
+# 20)The oemInfo field is updated to add information about the fact that the
+#    provision has been updated by the upgradeprovision version xxx
+#    (the version is the one obtained when starting samba with the --version
+#    parameter)
+# 21)Check if the current provision has all the settings needed for dynamic
+#    DNS update to work (that is to say the provision is newer than
+#    january 2010). If not dns configuration file from reference provision
+#    are copied in a sub folder and the administrator is invited to
+#    do what is needed.
+# 22)If the lastProvisionUSN attribute was present it is updated to add
+#    the range of usns modified by the current upgradeprovision
+
+
+# About updating the sam DB
+# The update takes place in update_partition function
+# This function read both current and reference provision and list all
+# the available DN of objects
+# If the string representation of a DN in reference provision is
+# equal to the string representation of a DN in current provision
+# (without taking care of case) then the object is flagged as being
+# present. If the object is not present in current provision the object
+# is being flagged as missing in current provision. Object present in current
+# provision but not in reference provision are ignored.
+# Once the list of objects present and missing is done, the deleted object
+# containers are created in the different partitions (if missing)
+#
+# Then the function add_missing_entries is called
+# This function will go through the list of missing entries by calling
+# add_missing_object for the given object. If this function returns 0
+# it means that the object needs some other object in order to be created
+# The object is reappended at the end of the list to be created later
+# (and preferably after all the needed object have been created)
+# The function keeps on looping on the list of object to be created until
+# it's empty or that the number of deferred creation is equal to the number
+# of object that still needs to be created.
+
+# The function add_missing_object will first check if the object can be created.
+# That is to say that it didn't depends other not yet created objects
+# If requisite can't be fulfilled it exists with 0
+# Then it will try to create the missing entry by creating doing
+# an ldb_message_diff between the object in the reference provision and
+# an empty object.
+# This resulting object is filtered to remove all the back link attribute
+# (ie. memberOf) as they will be created by the other linked object (ie.
+# the one with the member attribute)
+# All attributes specified in the attrNotCopied array are
+# also removed it's most of the time generated attributes
+
+# After missing entries have been added the update_partition function will
+# take care of object that exist but that need some update.
+# In order to do so the function update_present is called with the list
+# of object that are present in both provision and that might need an update.
+
+# This function handle first case mismatch so that the DN in the current
+# provision have the same case as in reference provision
+
+# It will then construct an associative array consisting of attributes as
+# key and invocationid as value( if the originating invocation id is
+# different from the invocation id of the current DC the value is -1 instead).
+
+# If the range of provision modified attributes is present, the function will
+# use the replMetadataProperty update method which is the following:
+#  Removing attributes that should not be updated: rIDAvailablePool, objectSid,
+#   creationTime, msDs-KeyVersionNumber, oEMInformation
+#  Check for each attribute if its usn is within one of the modified by
+#   provision range and if its originating id is the invocation id of the
+#   current DC, then validate the update from reference to current.
+#   If not or if there is no replMetatdataProperty for this attribute then we
+#   do not update it.
+# Otherwise (case the range of provision modified attribute is not present) it
+# use the following process:
+#  All attributes that need to be added are accepted at the exception of those
+#   listed in hashOverwrittenAtt, in this case the attribute needs to have the
+#   correct flags specified.
+#  For attributes that need to be modified or removed, a check is performed
+#  in OverwrittenAtt, if the attribute is present and the modification flag
+#  (remove, delete) is one of those listed for this attribute then modification
+#  is accepted. For complicated handling of attribute update, the control is passed
+#  to handle_special_case
+
+
+
+if __name__ == '__main__':
+    defSDmodified = False
+
+    # From here start the big steps of the program
+    # 1) First get files paths
+    paths = get_paths(param, smbconf=smbconf)
+    # Get ldbs with the system session, it is needed for searching
+    # provision parameters
+    session = system_session()
+
+    # This variable will hold the last provision USN once if it exists.
+    minUSN = 0
+    # 2)
+    ldbs = get_ldbs(paths, creds, session, lp)
+    backupdir = tempfile.mkdtemp(dir=paths.private_dir,
+                                    prefix="backupprovision")
+    backup_provision(ldbs.sam, paths, backupdir, opts.db_backup_only)
+    try:
+        ldbs.startTransactions()
+
+        # 3) Guess all the needed names (variables in fact) from the current
+        # provision.
+        names = find_provision_key_parameters(ldbs.sam, ldbs.secrets, ldbs.idmap,
+                                                paths, smbconf, lp)
+        # 4)
+        lastProvisionUSNs = get_last_provision_usn(ldbs.sam)
+        if lastProvisionUSNs is not None:
+            v = 0
+            for k in lastProvisionUSNs.keys():
+                for r in lastProvisionUSNs[k]:
+                    v = v + 1
+
+            message(CHANGE,
+                "Find last provision USN, %d invocation(s) for a total of %d ranges" %
+                            (len(lastProvisionUSNs.keys()), v /2 ))
+
+            if lastProvisionUSNs.get("default") is not None:
+                message(CHANGE, "Old style for usn ranges used")
+                lastProvisionUSNs[str(names.invocation)] = lastProvisionUSNs["default"]
+                del lastProvisionUSNs["default"]
+        else:
+            message(SIMPLE, "Your provision lacks provision range information")
+            if confirm("Do you want to run findprovisionusnranges to try to find them ?", False):
+                ldbs.groupedRollback()
+                minobj = 5
+                (hash_id, nb_obj) = findprovisionrange(ldbs.sam, ldb.Dn(ldbs.sam, str(names.rootdn)))
+                message(SIMPLE, "Here is a list of changes that modified more than %d objects in 1 minute." % minobj)
+                message(SIMPLE, "Usually changes made by provision and upgradeprovision are those who affect a couple"
+                        " of hundred of objects or more")
+                message(SIMPLE, "Total number of objects: %d" % nb_obj)
+                message(SIMPLE, "")
+
+                print_provision_ranges(hash_id, minobj, None, str(paths.samdb), str(names.invocation))
+
+                message(SIMPLE, "Once you applied/adapted the change(s) please restart the upgradeprovision script")
+                sys.exit(0)
+
+        # Objects will be created with the admin session
+        # (not anymore system session)
+        adm_session = admin_session(lp, str(names.domainsid))
+        # So we reget handle on objects
+        # ldbs = get_ldbs(paths, creds, adm_session, lp)
+
+        if not sanitychecks(ldbs.sam, names):
+            message(SIMPLE, "Sanity checks for the upgrade have failed. "
+                    "Check the messages and correct the errors "
+                    "before rerunning upgradeprovision")
+            ldbs.groupedRollback()
+            sys.exit(1)
+
+        # Let's see provision parameters
+        print_provision_key_parameters(names)
+
+        # 5) With all this information let's create a fresh new provision used as
+        # reference
+        message(SIMPLE, "Creating a reference provision")
+        provisiondir = tempfile.mkdtemp(dir=paths.private_dir,
+                        prefix="referenceprovision")
+        result = newprovision(names, session, smbconf, provisiondir,
+                provision_logger, base_schema="2008_R2", adprep_level=None)
+        result.report_logger(provision_logger)
+
+        # TODO
+        # 6) and 7)
+        # We need to get a list of object which SD is directly computed from
+        # defaultSecurityDescriptor.
+        # This will allow us to know which object we can rebuild the SD in case
+        # of change of the parent's SD or of the defaultSD.
+        # Get file paths of this new provision
+        newpaths = get_paths(param, targetdir=provisiondir)
+        new_ldbs = get_ldbs(newpaths, creds, session, lp)
+        new_ldbs.startTransactions()
+
+        populateNotReplicated(new_ldbs.sam, names.schemadn)
+        # 8) Populate some associative array to ease the update process
+        # List of attribute which are link and backlink
+        populate_links(new_ldbs.sam, names.schemadn)
+        # List of attribute with ASN DN synthax)
+        populate_dnsyntax(new_ldbs.sam, names.schemadn)
+        # 9) (now skipped, was copy of privileges.ldb)
+        # 10)
+        oem = getOEMInfo(ldbs.sam, str(names.rootdn))
+        # Do some modification on sam.ldb
+        ldbs.groupedCommit()
+        new_ldbs.groupedCommit()
+        deltaattr = None
+    # 11)
+        message(GUESS, oem)
+        if oem is None or hasATProvision(ldbs.sam) or not opts.very_old_pre_alpha9:
+            # 11) A
+            # Starting from alpha9 we can consider that the structure is quite ok
+            # and that we should do only dela
+            deltaattr = delta_update_basesamdb(newpaths.samdb,
+                            paths.samdb,
+                            creds,
+                            session,
+                            lp,
+                            message)
+        else:
+            # 11) B
+            simple_update_basesamdb(newpaths, paths, names)
+            ldbs = get_ldbs(paths, creds, session, lp)
+            removeProvisionUSN(ldbs.sam)
+
+        ldbs.startTransactions()
+        minUSN = int(str(get_max_usn(ldbs.sam, str(names.rootdn)))) + 1
+        new_ldbs.startTransactions()
+
+        # 12)
+        schema = Schema(names.domainsid, schemadn=str(names.schemadn))
+        # We create a closure that will be invoked just before schema reload
+        def schemareloadclosure():
+            basesam = Ldb(paths.samdb, session_info=session, credentials=creds, lp=lp,
+                    options=["modules:"])
+            doit = False
+            if deltaattr is not None and len(deltaattr) > 1:
+                doit = True
+            if doit:
+                deltaattr.remove("dn")
+                for att in deltaattr:
+                    if att.lower() == "dn":
+                        continue
+                    if (deltaattr.get(att) is not None
+                        and deltaattr.get(att).flags() != FLAG_MOD_ADD):
+                        doit = False
+                    elif deltaattr.get(att) is None:
+                        doit = False
+            if doit:
+                message(CHANGE, "Applying delta to @ATTRIBUTES")
+                deltaattr.dn = ldb.Dn(basesam, "@ATTRIBUTES")
+                basesam.modify(deltaattr)
+            else:
+                message(CHANGE, "Not applying delta to @ATTRIBUTES because "
+                    "there is not only add")
+        # 13)
+        if opts.full:
+            if not update_samdb(new_ldbs.sam, ldbs.sam, names, lastProvisionUSNs,
+                    schema, schemareloadclosure):
+                message(SIMPLE, "Rolling back all changes. Check the cause"
+                        " of the problem")
+                message(SIMPLE, "Your system is as it was before the upgrade")
+                ldbs.groupedRollback()
+                new_ldbs.groupedRollback()
+                shutil.rmtree(provisiondir)
+                sys.exit(1)
+        else:
+            # Try to reapply the change also when we do not change the sam
+            # as the delta_upgrade
+            schemareloadclosure()
+            sync_calculated_attributes(ldbs.sam, names)
+            res = ldbs.sam.search(expression="(samaccountname=dns)",
+                    scope=SCOPE_SUBTREE, attrs=["dn"],
+                    controls=["search_options:1:2"])
+            if len(res) > 0:
+                message(SIMPLE, "You still have the old DNS object for managing "
+                        "dynamic DNS, but you didn't supply --full so "
+                        "a correct update can't be done")
+                ldbs.groupedRollback()
+                new_ldbs.groupedRollback()
+                shutil.rmtree(provisiondir)
+                sys.exit(1)
+        # 14)
+        update_secrets(new_ldbs.secrets, ldbs.secrets, message)
+        # 14bis)
+        res = ldbs.sam.search(expression="(samaccountname=dns)",
+                    scope=SCOPE_SUBTREE, attrs=["dn"],
+                    controls=["search_options:1:2"])
+
+        if (len(res) == 1):
+            ldbs.sam.delete(res[0]["dn"])
+            res2 = ldbs.secrets.search(expression="(samaccountname=dns)",
+                    scope=SCOPE_SUBTREE, attrs=["dn"])
+            update_dns_account_password(ldbs.sam, ldbs.secrets, names)
+            message(SIMPLE, "IMPORTANT!!! "
+                    "If you were using Dynamic DNS before you need "
+                    "to update your configuration, so that the "
+                    "tkey-gssapi-credential has the following value: "
+                    "DNS/%s.%s" % (names.netbiosname.lower(),
+                        names.realm.lower()))
+        # 15)
+        message(SIMPLE, "Update machine account")
+        update_machine_account_password(ldbs.sam, ldbs.secrets, names)
+
+        # 16) SD should be created with admin but as some previous acl were so wrong
+        # that admin can't modify them we have first to recreate them with the good
+        # form but with system account and then give the ownership to admin ...
+        if opts.very_old_pre_alpha9:
+            message(SIMPLE, "Fixing very old provision SD")
+            rebuild_sd(ldbs.sam, names)
+
+        # We calculate the max USN before recalculating the SD because we might
+        # touch object that have been modified after a provision and we do not
+        # want that the next upgradeprovision thinks that it has a green light
+        # to modify them
+
+        # 17)
+        maxUSN = get_max_usn(ldbs.sam, str(names.rootdn))
+
+        # 18) We rebuild SD if a we have a list of DN to recalculate or if the
+        # defSDmodified is set.
+        if opts.full and (defSDmodified or len(dnToRecalculate) >0):
+            message(SIMPLE, "Some (default) security descriptors (SDs) have "
+                            "changed, recalculating them")
+            ldbs.sam.set_session_info(adm_session)
+            rebuild_sd(ldbs.sam, names)
+
+        # 19)
+        # Now we are quite confident in the recalculate process of the SD, we make
+        # it optional. And we don't do it if there is DN that we must touch
+        # as we are assured that on this DNs we will have differences !
+        # Also the check must be done in a clever way as for the moment we just
+        # compare SDDL
+        if dnNotToRecalculateFound == False and (opts.debugchangesd or opts.debugall):
+            message(CHANGESD, "Checking recalculated SDs")
+            check_updated_sd(new_ldbs.sam, ldbs.sam, names)
+
+        # 20)
+        updateOEMInfo(ldbs.sam, str(names.rootdn))
+        # 21)
+        check_for_DNS(newpaths.private_dir, paths.private_dir,
+                      newpaths.binddns_dir, paths.binddns_dir,
+                      names.dns_backend)
+        # 22)
+        update_provision_usn(ldbs.sam, minUSN, maxUSN, names.invocation)
+        if opts.full and (names.policyid is None or names.policyid_dc is None):
+            update_policyids(names, ldbs.sam)
+
+        if opts.full:
+            try:
+                update_gpo(paths, names)
+            except ProvisioningError as e:
+                message(ERROR, "The policy for domain controller is missing. "
+                            "You should restart upgradeprovision with --full")
+
+        ldbs.groupedCommit()
+        new_ldbs.groupedCommit()
+        message(SIMPLE, "Upgrade finished!")
+        # remove reference provision now that everything is done !
+        # So we have reindexed first if need when the merged schema was reloaded
+        # (as new attributes could have quick in)
+        # But the second part of the update (when we update existing objects
+        # can also have an influence on indexing as some attribute might have their
+        # searchflag modificated
+        message(SIMPLE, "Reopening samdb to trigger reindexing if needed "
+                "after modification")
+        samdb = Ldb(paths.samdb, session_info=session, credentials=creds, lp=lp)
+        message(SIMPLE, "Reindexing finished")
+
+        shutil.rmtree(provisiondir)
+    except Exception as err:
+        message(ERROR, "A problem occurred while trying to upgrade your "
+                   "provision. A full backup is located at %s" % backupdir)
+        if opts.debugall or opts.debugchange:
+            (typ, val, tb) = sys.exc_info()
+            traceback.print_exception(typ, val, tb)
+        sys.exit(1)
diff --git a/source4/scripting/bin/setup_dns.sh b/source4/scripting/bin/setup_dns.sh
new file mode 100755
index 0000000..143f2c2
--- /dev/null
+++ b/source4/scripting/bin/setup_dns.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+# example script to setup DNS for a vampired domain
+
+[ $# = 3 ] || {
+	echo "Usage: setup_dns.sh HOSTNAME DOMAIN IP"
+	exit 1
+}
+
+HOSTNAME="$(echo $1 | tr '[a-z]' '[A-Z]')"
+DOMAIN="$(echo $2 | tr '[a-z]' '[A-Z]')"
+IP="$3"
+
+RSUFFIX=$(echo $DOMAIN | sed s/[\.]/,DC=/g)
+
+[ -z "$PRIVATEDIR" ] && {
+	PRIVATEDIR=$(bin/samba-tool testparm --section-name=global --parameter-name='private dir' --suppress-prompt 2>/dev/null)
+}
+
+OBJECTGUID=$(bin/ldbsearch --scope=base -H "$PRIVATEDIR/sam.ldb" -b "CN=NTDS Settings,CN=$HOSTNAME,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=$RSUFFIX" objectguid | grep ^objectGUID | cut -d: -f2)
+
+samba4kinit=kinit
+if test -x $BINDIR/samba4kinit; then
+	samba4kinit=bin/samba4kinit
+fi
+
+echo "Found objectGUID $OBJECTGUID"
+
+echo "Running kinit for $HOSTNAME\$@$DOMAIN"
+$samba4kinit -e arcfour-hmac-md5 -k -t "$PRIVATEDIR/secrets.keytab" $HOSTNAME\$@$DOMAIN || exit 1
+echo "Adding $HOSTNAME.$DOMAIN"
+scripting/bin/nsupdate-gss --noverify $HOSTNAME $DOMAIN $IP 300 || {
+	echo "Failed to add A record"
+	exit 1
+}
+echo "Adding $OBJECTGUID._msdcs.$DOMAIN => $HOSTNAME.$DOMAIN"
+scripting/bin/nsupdate-gss --realm=$DOMAIN --noverify --ntype="CNAME" $OBJECTGUID _msdcs.$DOMAIN $HOSTNAME.$DOMAIN 300 || {
+	echo "Failed to add CNAME"
+	exit 1
+}
+echo "Checking"
+rndc flush
+host $HOSTNAME.$DOMAIN
+host $OBJECTGUID._msdcs.$DOMAIN
diff --git a/source4/scripting/bin/subunitrun b/source4/scripting/bin/subunitrun
new file mode 100755
index 0000000..7bfa851
--- /dev/null
+++ b/source4/scripting/bin/subunitrun
@@ -0,0 +1,87 @@
+#!/usr/bin/env python3
+
+# Simple subunit testrunner for python
+
+# NOTE: This is deprecated - Using the standard subunit runner is
+# preferred - e.g. "python -m samba.subunit.run YOURMODULE".
+#
+# This wrapper will be removed once all tests can be run
+# without it. At the moment there are various tests which still
+# get e.g. credentials passed via command-line options to this
+# script.
+
+# Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2014
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+import sys
+
+# make sure the script dies immediately when hitting control-C,
+# rather than raising KeyboardInterrupt. As we do all database
+# operations using transactions, this is safe.
+import signal
+signal.signal(signal.SIGINT, signal.SIG_DFL)
+
+# Find right directory when running from source tree
+sys.path.insert(0, "bin/python")
+
+import optparse
+import samba
+from samba.tests.subunitrun import TestProgram, SubunitOptions
+
+import samba.getopt as options
+import samba.tests
+
+
+usage = 'subunitrun [options] <tests>'
+description = '''
+This runs a Samba python test suite. The tests are typically located in
+python/samba/tests/*.py
+
+To run the tests from one of those modules, specify the test as
+samba.tests.MODULE. For example, to run the tests in common.py:
+
+   subunitrun samba.tests.common
+
+To list the tests in that module, use:
+
+   subunitrun -l samba.tests.common
+
+NOTE: This script is deprecated in favor of "python -m subunit.run". Don't use
+it unless it can be avoided.
+'''
+
+def format_description(formatter):
+    '''hack to prevent textwrap of the description'''
+    return description
+
+parser = optparse.OptionParser(usage=usage, description=description)
+parser.format_description = format_description
+credopts = options.CredentialsOptions(parser)
+sambaopts = options.SambaOptions(parser)
+subunitopts = SubunitOptions(parser)
+parser.add_option_group(credopts)
+parser.add_option_group(sambaopts)
+parser.add_option_group(subunitopts)
+
+opts, args = parser.parse_args()
+
+if not getattr(opts, "listtests", False):
+    lp = sambaopts.get_loadparm()
+    samba.tests.cmdline_credentials = credopts.get_credentials(lp)
+if getattr(opts, 'load_list', None):
+    args.insert(0, "--load-list=%s" % opts.load_list)
+
+TestProgram(module=None, args=args, opts=subunitopts)
diff --git a/source4/scripting/bin/wscript_build b/source4/scripting/bin/wscript_build
new file mode 100644
index 0000000..d31afb2
--- /dev/null
+++ b/source4/scripting/bin/wscript_build
@@ -0,0 +1,14 @@
+#!/usr/bin/env python3
+
+if bld.CONFIG_SET('AD_DC_BUILD_IS_ENABLED'):
+    for script in ['samba_dnsupdate',
+                   'samba_spnupdate',
+                   'samba_kcc',
+                   'samba_upgradeprovision',
+                   'samba_upgradedns',
+                   'gen_output.py',
+                   'samba_downgrade_db']:
+        bld.SAMBA_SCRIPT(script, pattern=script, installdir='.')
+if bld.CONFIG_SET('WITH_ADS'):
+    bld.SAMBA_SCRIPT('samba-tool', pattern='samba-tool', installdir='.')
+bld.SAMBA_SCRIPT('samba-gpupdate', pattern='samba-gpupdate', installdir='.')
diff --git a/source4/scripting/devel/addlotscontacts b/source4/scripting/devel/addlotscontacts
new file mode 100644
index 0000000..9ecd16b
--- /dev/null
+++ b/source4/scripting/devel/addlotscontacts
@@ -0,0 +1,95 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) Matthieu Patou <mat@matws.net>  2010
+#
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+__docformat__ = "restructuredText"
+
+
+import optparse
+import sys
+# Allow to run from s4 source directory (without installing samba)
+sys.path.insert(0, "bin/python")
+
+import samba.getopt as options
+from samba.credentials import DONT_USE_KERBEROS
+from samba.auth import system_session
+from samba import param
+from samba.provision import find_provision_key_parameters
+from samba.upgradehelpers import (get_paths, get_ldbs)
+from ldb import SCOPE_BASE, Message, MessageElement, Dn, FLAG_MOD_ADD
+
+parser = optparse.OptionParser("addlotscontacts [options]")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+
+(opts, args) = parser.parse_args()
+
+lp = sambaopts.get_loadparm()
+smbconf = lp.configfile
+creds = credopts.get_credentials(lp)
+creds.set_kerberos_state(DONT_USE_KERBEROS)
+
+if len(args) > 0:
+    num_contacts = int(args[0])
+else:
+    num_contacts = 10000
+
+if __name__ == '__main__':
+    paths = get_paths(param, smbconf=smbconf)
+    session = system_session()
+
+    ldbs = get_ldbs(paths, creds, session, lp)
+    ldbs.startTransactions()
+
+    names = find_provision_key_parameters(ldbs.sam, ldbs.secrets, ldbs.idmap,
+                                            paths, smbconf, lp)
+
+    contactdn = "OU=Contacts,%s" % str(names.domaindn)
+    res = ldbs.sam.search(expression="(distinguishedName=%s)" % contactdn,
+                    base=str(names.domaindn),
+                    scope=SCOPE_BASE)
+
+    if (len(res) == 0):
+        msg = Message()
+        msg.dn =  Dn(ldbs.sam, contactdn)
+        msg["objectClass"] = MessageElement("organizationalUnit", FLAG_MOD_ADD,
+                                            "objectClass")
+
+        ldbs.sam.add(msg)
+
+    print("Creating %d contacts" % num_contacts)
+    count = 0
+    increment = num_contacts / 10
+    if increment > 5000:
+        increment = 5000
+
+    while (count < num_contacts):
+        msg = Message()
+        msg.dn =  Dn(ldbs.sam, "CN=contact%d,%s" % (count + 1, contactdn))
+        msg["objectClass"] = MessageElement("contact", FLAG_MOD_ADD,
+                                            "objectClass")
+
+        if count !=0 and (count % increment) == 0:
+            print("Added contacts: %d" % count)
+
+        ldbs.sam.add(msg)
+        count += 1
+
+    ldbs.groupedCommit()
diff --git a/source4/scripting/devel/chgkrbtgtpass b/source4/scripting/devel/chgkrbtgtpass
new file mode 100644
index 0000000..2beb2e7
--- /dev/null
+++ b/source4/scripting/devel/chgkrbtgtpass
@@ -0,0 +1,60 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) Matthieu Patou <mat@matws.net>  2010
+# Copyright (C) Andrew Bartlett <abartlet@samba.org>  2015
+#
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+
+__docformat__ = "restructuredText"
+
+
+import optparse
+import sys
+# Allow to run from s4 source directory (without installing samba)
+sys.path.insert(0, "bin/python")
+
+import samba.getopt as options
+from samba.credentials import DONT_USE_KERBEROS
+from samba.auth import system_session
+from samba import param
+from samba.provision import find_provision_key_parameters
+from samba.upgradehelpers import (get_paths,
+                                  get_ldbs,
+                                 update_krbtgt_account_password)
+
+parser = optparse.OptionParser("chgkrbtgtpass [options]")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+
+opts = parser.parse_args()[0]
+
+lp = sambaopts.get_loadparm()
+smbconf = lp.configfile
+creds = credopts.get_credentials(lp)
+creds.set_kerberos_state(DONT_USE_KERBEROS)
+
+
+paths = get_paths(param, smbconf=smbconf)
+session = system_session()
+
+ldbs = get_ldbs(paths, creds, session, lp)
+ldbs.startTransactions()
+
+update_krbtgt_account_password(ldbs.sam)
+ldbs.groupedCommit()
diff --git a/source4/scripting/devel/chgtdcpass b/source4/scripting/devel/chgtdcpass
new file mode 100755
index 0000000..8f2415c
--- /dev/null
+++ b/source4/scripting/devel/chgtdcpass
@@ -0,0 +1,63 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) Matthieu Patou <mat@matws.net>  2010
+#
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+
+__docformat__ = "restructuredText"
+
+
+import optparse
+import sys
+# Allow to run from s4 source directory (without installing samba)
+sys.path.insert(0, "bin/python")
+
+import samba.getopt as options
+from samba.credentials import DONT_USE_KERBEROS
+from samba.auth import system_session
+from samba import param
+from samba.provision import find_provision_key_parameters
+from samba.upgradehelpers import (get_paths,
+                                  get_ldbs,
+                                 update_machine_account_password)
+
+parser = optparse.OptionParser("chgtdcpass [options]")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+
+opts = parser.parse_args()[0]
+
+lp = sambaopts.get_loadparm()
+smbconf = lp.configfile
+creds = credopts.get_credentials(lp)
+creds.set_kerberos_state(DONT_USE_KERBEROS)
+
+
+if __name__ == '__main__':
+    paths = get_paths(param, smbconf=smbconf)
+    session = system_session()
+
+    ldbs = get_ldbs(paths, creds, session, lp)
+    ldbs.startTransactions()
+
+    names = find_provision_key_parameters(ldbs.sam, ldbs.secrets, ldbs.idmap,
+                                            paths, smbconf, lp)
+
+    update_machine_account_password(ldbs.sam, ldbs.secrets, names)
+    ldbs.groupedCommit()
diff --git a/source4/scripting/devel/config_base b/source4/scripting/devel/config_base
new file mode 100755
index 0000000..f593f2f
--- /dev/null
+++ b/source4/scripting/devel/config_base
@@ -0,0 +1,39 @@
+#!/usr/bin/env python3
+
+# this is useful for running samba tools with a different prefix
+
+# for example:
+# samba-tool $(scripting/devel/config_base /tmp/testprefix) join .....
+
+import sys, os
+
+vars = {
+    "ncalrpc dir" : "${PREFIX}/var/ncalrpc",
+    "private dir" : "${PREFIX}/private",
+    "lock dir" : "${PREFIX}/var/locks",
+    "pid directory" : "${PREFIX}/var/run",
+    "winbindd socket directory" : "${PREFIX}/var/run/winbindd",
+    "ntp signd socket directory" : "${PREFIX}/var/run/ntp_signd"
+}
+
+if len(sys.argv) != 2:
+    print("Usage: config_base BASEDIRECTORY")
+    sys.exit(1)
+
+prefix = sys.argv[1]
+
+config_dir  = prefix + "/etc"
+config_file = config_dir + "/smb.conf"
+
+if not os.path.isdir(config_dir):
+    os.makedirs(config_dir, mode=0o755)
+if not os.path.isfile(config_file):
+    open(config_file, mode='w').close()
+
+options = (
+          " --configfile=${PREFIX}/etc/smb.conf"
+          "".join(" --option=%s=%s" % (v.replace(" ",""), vars[v]) for v in vars)
+	  ).replace("${PREFIX}", prefix)
+
+
+print(options)
diff --git a/source4/scripting/devel/crackname b/source4/scripting/devel/crackname
new file mode 100755
index 0000000..021adfa
--- /dev/null
+++ b/source4/scripting/devel/crackname
@@ -0,0 +1,77 @@
+#!/usr/bin/env python3
+
+# Copyright Matthieu Patou <mat@matws.net> 2011
+# script to call a DRSUAPI crackname
+# this is useful for plugfest testing and replication debug
+import sys
+from optparse import OptionParser
+
+sys.path.insert(0, "bin/python")
+
+import samba.getopt as options
+from samba.dcerpc import drsuapi, misc
+
+def do_DsBind(drs):
+    '''make a DsBind call, returning the binding handle'''
+    bind_info = drsuapi.DsBindInfoCtr()
+    bind_info.length = 28
+    bind_info.info = drsuapi.DsBindInfo28()
+    bind_info.info.supported_extensions	= 0
+    (info, handle) = drs.DsBind(misc.GUID(drsuapi.DRSUAPI_DS_BIND_GUID), bind_info)
+    return handle
+
+
+########### main code ###########
+if __name__ == "__main__":
+    parser = OptionParser("crackname server [options]")
+    sambaopts = options.SambaOptions(parser)
+    parser.add_option_group(sambaopts)
+    credopts = options.CredentialsOptionsDouble(parser)
+    parser.add_option_group(credopts)
+
+    parser.add_option("", "--name", type='str',
+                      default='{ED9F5546-9729-4B04-9385-3FCFE2B17BA1}', help="name to crack")
+    parser.add_option("", "--outformat", type='int',
+                      default=drsuapi.DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+                      help='format desired')
+    parser.add_option("", "--informat", type='int',
+                      default=drsuapi.DRSUAPI_DS_NAME_FORMAT_GUID,
+                      help='format offered')
+
+    (opts, args) = parser.parse_args()
+
+    lp = sambaopts.get_loadparm()
+    creds = credopts.get_credentials(lp)
+
+    if len(args) != 1:
+        parser.error("You must supply a server")
+
+    if creds.is_anonymous():
+        parser.error("You must supply credentials")
+
+    server = args[0]
+
+    binding_str = "ncacn_ip_tcp:%s[seal,print]" % server
+
+    drs = drsuapi.drsuapi(binding_str, lp, creds)
+    drs_handle = do_DsBind(drs)
+    print("DRS Handle: %s" % drs_handle)
+
+    req = drsuapi.DsNameRequest1()
+    names = drsuapi.DsNameString()
+    names.str = opts.name
+
+    req.codepage = 1252
+    req.language = 1033
+    req.format_flags = 0
+    req.format_offered = opts.informat
+    req.format_desired = opts.outformat
+    req.count = 1
+    req.names = [names]
+
+    (result, ctr) = drs.DsCrackNames(drs_handle, 1, req)
+    print("# of result = %d" %ctr.count)
+    if ctr.count:
+        print("status = %d" % ctr.array[0].status)
+        print("result name = %s" % ctr.array[0].result_name)
+        print("domain = %s" % ctr.array[0].dns_domain_name)
diff --git a/source4/scripting/devel/demodirsync.py b/source4/scripting/devel/demodirsync.py
new file mode 100755
index 0000000..6be3366
--- /dev/null
+++ b/source4/scripting/devel/demodirsync.py
@@ -0,0 +1,159 @@
+#!/usr/bin/python
+
+import optparse
+import sys
+import base64
+
+sys.path.insert(0, "bin/python")
+
+import samba.getopt as options
+from samba.dcerpc import drsblobs, misc
+from samba.ndr import ndr_pack, ndr_unpack
+from samba import Ldb
+
+parser = optparse.OptionParser("demodirsync [options]")
+sambaopts = options.SambaOptions(parser)
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+
+parser.add_option("-b", type="string", metavar="BASE",
+                  help="set base DN for the search")
+parser.add_option("--host", type="string", metavar="HOST",
+                  help="Ip of the host")
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+
+opts = parser.parse_args()[0]
+
+if opts.host is None:
+    print("Usage: demodirsync.py --host HOST [-b BASE]")
+    sys.exit(1)
+
+def printdirsync(ctl):
+        arr = ctl.split(':')
+        if arr[0] == 'dirsync':
+            print("Need to continue: %s" % arr[1])
+            cookie = ndr_unpack(drsblobs.ldapControlDirSyncCookie, base64.b64decode(arr[3]))
+            print("DC's NTDS guid: %s " % cookie.blob.guid1)
+            print("highest usn %s" % cookie.blob.highwatermark.highest_usn)
+            print("tmp highest usn %s" % cookie.blob.highwatermark.tmp_highest_usn)
+            print("reserved usn %s" % cookie.blob.highwatermark.reserved_usn)
+            if cookie.blob.extra_length > 0:
+                print("highest usn in extra %s" % cookie.blob.extra.ctr.cursors[0].highest_usn)
+        return cookie
+
+
+remote_ldb = Ldb("ldap://" + opts.host + ":389", credentials=creds, lp=lp)
+tab = []
+if opts.b:
+    base = opts.b
+else:
+    base = None
+
+guid = None
+(msgs, ctrls) = remote_ldb.search(expression="(samaccountname=administrator)", base=base, attrs=["objectClass"], controls=["dirsync:1:1:50"])
+if (len(ctrls)):
+    for ctl in ctrls:
+        arr = ctl.split(':')
+        if arr[0] == 'dirsync':
+            cookie = ndr_unpack(drsblobs.ldapControlDirSyncCookie, base64.b64decode(arr[3]))
+            guid = cookie.blob.guid1
+if not guid:
+    print("No dirsync control ... strange")
+    sys.exit(1)
+
+print("")
+print("Getting first guest without any cookie")
+(msgs, ctrls) = remote_ldb.searchex(expression="(samaccountname=guest)", base=base, attrs=["objectClass"], controls=["dirsync:1:1:50"])
+cookie = None
+if (len(ctrls)):
+    for ctl in ctrls:
+        cookie = printdirsync(ctl)
+    print("Returned %d entries" % len(msgs))
+
+savedcookie = cookie
+
+print("")
+print("Getting allusers with cookie")
+controls = ["dirsync:1:1:50:%s" % base64.b64encode(ndr_pack(cookie)).decode('utf8')]
+(msgs, ctrls) = remote_ldb.searchex(expression="(samaccountname=*)", base=base, attrs=["objectClass"], controls=controls)
+if (len(ctrls)):
+    for ctl in ctrls:
+        printdirsync(ctl)
+    print("Returned %d entries" % len(msgs))
+
+cookie = savedcookie
+cookie.blob.guid1 = misc.GUID("128a99bf-e2df-4832-ac0a-1fb625e530db")
+if cookie.blob.extra_length > 0:
+    cookie.blob.extra.ctr.cursors[0].source_dsa_invocation_id = misc.GUID("128a99bf-e2df-4832-ac0a-1fb625e530db")
+
+print("")
+print("Getting all the entries")
+controls = ["dirsync:1:1:50:%s" % base64.b64encode(ndr_pack(cookie)).decode('utf8')]
+(msgs, ctrls) = remote_ldb.searchex(expression="(objectclass=*)", base=base, controls=controls)
+cont = 0
+if (len(ctrls)):
+    for ctl in ctrls:
+        cookie = printdirsync(ctl)
+    if cookie is not None:
+        cont = (ctl.split(':'))[1]
+    print("Returned %d entries" % len(msgs))
+
+usn = cookie.blob.highwatermark.tmp_highest_usn
+if cookie.blob.extra_length > 0:
+    bigusn = cookie.blob.extra.ctr.cursors[0].highest_usn
+else:
+    bigusn  = usn + 1000
+while (cont == "1"):
+    print("")
+    controls = ["dirsync:1:1:50:%s" % base64.b64encode(ndr_pack(cookie)).decode('utf8')]
+    (msgs, ctrls) = remote_ldb.searchex(expression="(objectclass=*)", base=base, controls=controls)
+    if (len(ctrls)):
+        for ctl in ctrls:
+            cookie = printdirsync(ctl)
+        if cookie is not None:
+            cont = (ctl.split(':'))[1]
+        print("Returned %d entries" % len(msgs))
+
+print("")
+print("Getting with cookie but usn changed to %d we should use the one in extra" % (bigusn - 1))
+cookie.blob.highwatermark.highest_usn = 0
+cookie.blob.highwatermark.tmp_highest_usn = usn - 2
+if cookie.blob.extra_length > 0:
+    print("here")
+    cookie.blob.extra.ctr.cursors[0].highest_usn = bigusn - 1
+controls = ["dirsync:1:1:50:%s" % base64.b64encode(ndr_pack(cookie)).decode('utf8')]
+(msgs, ctrls) = remote_ldb.searchex(expression="(objectclass=*)", base=base, controls=controls)
+if (len(ctrls)):
+    for ctl in ctrls:
+        cookie = printdirsync(ctl)
+    print("Returned %d entries" % len(msgs))
+
+print("")
+print("Getting with cookie but usn %d changed and extra/cursor GUID too" % (usn - 2))
+print(" so that it's (tmp)highest_usn that drives the limit")
+cookie.blob.highwatermark.highest_usn = 0
+cookie.blob.highwatermark.tmp_highest_usn = usn - 2
+if cookie.blob.extra_length > 0:
+    cookie.blob.extra.ctr.cursors[0].source_dsa_invocation_id = misc.GUID("128a99bf-e2df-4832-ac0a-1fb625e530db")
+    cookie.blob.extra.ctr.cursors[0].highest_usn = bigusn - 1
+controls = ["dirsync:1:1:50:%s" % base64.b64encode(ndr_pack(cookie)).decode('utf8')]
+(msgs, ctrls) = remote_ldb.searchex(expression="(objectclass=*)", base=base, controls=controls)
+if (len(ctrls)):
+    for ctl in ctrls:
+        cookie = printdirsync(ctl)
+    print("Returned %d entries" % len(msgs))
+
+print("")
+print("Getting with cookie but usn changed to %d" % (usn - 2))
+cookie.blob.highwatermark.highest_usn = 0
+cookie.blob.highwatermark.tmp_highest_usn = (usn - 2)
+if cookie.blob.extra_length > 0:
+    cookie.blob.extra.ctr.cursors[0].highest_usn = (usn - 2)
+controls = ["dirsync:1:1:50:%s" % base64.b64encode(ndr_pack(cookie)).decode('utf8')]
+(msgs, ctrls) = remote_ldb.searchex(expression="(objectclass=*)", base=base, controls=controls)
+if (len(ctrls)):
+    for ctl in ctrls:
+        cookie = printdirsync(ctl)
+    print("Returned %d entries" % len(msgs))
diff --git a/source4/scripting/devel/drs/fsmo.ldif.template b/source4/scripting/devel/drs/fsmo.ldif.template
new file mode 100644
index 0000000..d5b373a
--- /dev/null
+++ b/source4/scripting/devel/drs/fsmo.ldif.template
@@ -0,0 +1,75 @@
+dn: CN=RID Manager$,CN=System,BASEDN
+changetype: modify
+replace: fSMORoleOwner
+fSMORoleOwner: CN=NTDS Settings,CN=MACHINE,CN=Servers,CN=Default-First-Site-Name,C
+ N=Sites,CN=Configuration,BASEDN
+-
+
+dn: BASEDN
+changetype: modify
+replace: fSMORoleOwner
+fSMORoleOwner: CN=NTDS Settings,CN=MACHINE,CN=Servers,CN=Default-First-Site-Name,C
+ N=Sites,CN=Configuration,BASEDN
+-
+
+dn: CN=Infrastructure,BASEDN
+changetype: modify
+replace: fSMORoleOwner
+fSMORoleOwner: CN=NTDS Settings,CN=MACHINE,CN=Servers,CN=Default-First-Site-Name,C
+ N=Sites,CN=Configuration,BASEDN
+-
+
+dn: CN=Partitions,CN=Configuration,BASEDN
+changetype: modify
+replace: fSMORoleOwner
+fSMORoleOwner: CN=NTDS Settings,CN=MACHINE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,BASEDN
+-
+
+dn: CN=Schema,CN=Configuration,BASEDN
+changetype: modify
+replace: fSMORoleOwner
+fSMORoleOwner: CN=NTDS Settings,CN=MACHINE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,BASEDN
+-
+
+dn: CN=NTDS Settings,CN=MACHINE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,BASEDN
+changetype: modify
+replace: options
+options: 1
+-
+
+dn: CN=MACHINE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,BASEDN
+changetype: modify
+replace: dNSHostName
+dNSHostName: MACHINE.DNSDOMAIN
+-
+
+dn: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,BASEDN
+changetype: modify
+replace: interSiteTopologyGenerator
+interSiteTopologyGenerator: CN=NTDS Settings,CN=MACHINE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,BASEDN
+-
+
+dn: CN=MACHINE,OU=Domain Controllers,BASEDN
+changetype: modify
+replace: servicePrincipalName
+servicePrincipalName: GC/MACHINE.DNSDOMAIN/DNSDOMAIN
+servicePrincipalName: HOST/MACHINE/NETBIOSDOMAIN
+servicePrincipalName: ldap/MACHINE/NETBIOSDOMAIN
+servicePrincipalName: ldap/MACHINE.DNSDOMAIN/ForestDnsZones.DNSDOMAIN
+servicePrincipalName: ldap/MACHINE.DNSDOMAIN/DomainDnsZones.DNSDOMAIN
+servicePrincipalName: DNS/MACHINE.DNSDOMAIN
+servicePrincipalName: RestrictedKrbHost/MACHINE.DNSDOMAIN
+servicePrincipalName: RestrictedKrbHost/MACHINE
+servicePrincipalName: HOST/MACHINE.DNSDOMAIN/NETBIOSDOMAIN
+servicePrincipalName: HOST/MACHINE
+servicePrincipalName: HOST/MACHINE.DNSDOMAIN
+servicePrincipalName: HOST/MACHINE.DNSDOMAIN/DNSDOMAIN
+servicePrincipalName: ldap/MACHINE.DNSDOMAIN/NETBIOSDOMAIN
+servicePrincipalName: ldap/MACHINE
+servicePrincipalName: ldap/MACHINE.DNSDOMAIN
+servicePrincipalName: ldap/MACHINE.DNSDOMAIN/DNSDOMAIN
+servicePrincipalName: E3514235-4B06-11D1-AB04-00C04FC2DCD2/NTDSGUID/DNSDOMAIN
+servicePrincipalName: ldap/NTDSGUID._msdcs.DNSDOMAIN
+servicePrincipalName: Dfsr-12F9A27C-BF97-4787-9364-D31B6C55EB04/MACHINE.DNSDOMAIN
+servicePrincipalName: NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/MACHINE.DNSDOMAIN
+-
diff --git a/source4/scripting/devel/drs/named.conf.ad.template b/source4/scripting/devel/drs/named.conf.ad.template
new file mode 100644
index 0000000..071c98c
--- /dev/null
+++ b/source4/scripting/devel/drs/named.conf.ad.template
@@ -0,0 +1,6 @@
+zone "DNSDOMAIN" IN {
+     type forward;
+     forwarders {
+                SERVERIP;
+     };
+};
diff --git a/source4/scripting/devel/drs/revampire_ad.sh b/source4/scripting/devel/drs/revampire_ad.sh
new file mode 100755
index 0000000..cd3164c
--- /dev/null
+++ b/source4/scripting/devel/drs/revampire_ad.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+set -x
+
+. $(dirname $0)/vars
+
+$(dirname $0)/vampire_ad.sh || exit 1
+
+ntds_guid=$(sudo bin/ldbsearch -H $PREFIX/private/sam.ldb -b "CN=NTDS Settings,CN=$machine,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,$dn" objectGUID | grep ^objectGUID | awk '{print $2}')
+
+cp $PREFIX/private/$DNSDOMAIN.zone{.template,}
+sed -i "s/NTDSGUID/$ntds_guid/g" $PREFIX/private/$DNSDOMAIN.zone
+cp $PREFIX/private/named.conf{.local,}
+sudo rndc reconfig
+fsmotmp=$(mktemp fsmo.ldif.XXXXXXXXX)
+cp $(dirname $0)/fsmo.ldif.template $fsmotmp
+sed -i "s/NTDSGUID/$ntds_guid/g" $fsmotmp
+sed -i "s/MACHINE/$machine/g" $fsmotmp
+sed -i "s/DNSDOMAIN/$DNSDOMAIN/g" $fsmotmp
+sed -i "s/BASEDN/$dn/g" $fsmotmp
+sed -i "s/NETBIOSDOMAIN/$workgroup/g" $fsmotmp
+sudo bin/ldbmodify -H $PREFIX/private/sam.ldb $fsmotmp
+rm $fsmotmp
diff --git a/source4/scripting/devel/drs/unvampire_ad.sh b/source4/scripting/devel/drs/unvampire_ad.sh
new file mode 100755
index 0000000..c005374
--- /dev/null
+++ b/source4/scripting/devel/drs/unvampire_ad.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+set -x
+
+. $(dirname $0)/vars
+
+if [ -z "$site" ]; then
+	site="Default-First-Site-Name"
+fi
+
+bin/ldbdel -r -H ldap://$server.$DNSDOMAIN -U$workgroup/administrator%$pass "CN=$machine,CN=Computers,$dn"
+bin/ldbdel -r -H ldap://$server.$DNSDOMAIN -U$workgroup/administrator%$pass "CN=$machine,OU=Domain Controllers,$dn"
+bin/ldbdel -r -H ldap://$server.$DNSDOMAIN -U$workgroup/administrator%$pass "CN=$machine,CN=Servers,CN=$site,CN=Sites,CN=Configuration,$dn"
+rm -f $PREFIX/private/*.ldb
diff --git a/source4/scripting/devel/drs/vampire_ad.sh b/source4/scripting/devel/drs/vampire_ad.sh
new file mode 100755
index 0000000..f3cdc3c
--- /dev/null
+++ b/source4/scripting/devel/drs/vampire_ad.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+set -x
+
+. $(dirname $0)/vars
+
+namedtmp=$(mktemp named.conf.ad.XXXXXXXXX)
+cp $(dirname $0)/named.conf.ad.template $namedtmp
+sed -i "s/DNSDOMAIN/$DNSDOMAIN/g" $namedtmp
+sed -i "s/SERVERIP/$server_ip/g" $namedtmp
+chmod a+r $namedtmp
+mv -f $namedtmp $PREFIX/private/named.conf
+sudo rndc reconfig
+$(dirname $0)/unvampire_ad.sh
+
+cat <<EOF >nsupdate.txt
+update delete $DNSDOMAIN A $machine_ip
+show
+send
+EOF
+echo "$pass" | kinit administrator
+nsupdate -g nsupdate.txt
+
+REALM="$(echo $DNSDOMAIN | tr '[a-z]' '[A-Z]')"
+
+sudo $GDB bin/samba-tool domain join $DNSDOMAIN DC -Uadministrator%$pass -s $PREFIX/etc/smb.conf --option=realm=$REALM --option="ads:dc function level=4" --option="ads:min function level=0" -d2 "$@" || exit 1
+# PRIVATEDIR=$PREFIX/private sudo -E scripting/bin/setup_dns.sh $machine $DNSDOMAIN $machine_ip || exit 1
+#sudo rndc flush
diff --git a/source4/scripting/devel/drs/vars b/source4/scripting/devel/drs/vars
new file mode 100644
index 0000000..b69b9f9
--- /dev/null
+++ b/source4/scripting/devel/drs/vars
@@ -0,0 +1,12 @@
+DNSDOMAIN=ad.samba.example.com
+PREFIX="/data/samba/samba4/prefix.ad"
+export PYTHONPATH=$PYTHONPATH:$PREFIX/lib/python2.6/site-packages
+pass="penguin"
+machine="ruth"
+machine_ip="192.168.122.1"
+workgroup=adruth
+dn="DC=ad,DC=samba,DC=example,DC=com"
+server=win2008-1
+server_ip=192.168.122.53
+site="Default-First-Site-Name"
+
diff --git a/source4/scripting/devel/enumprivs b/source4/scripting/devel/enumprivs
new file mode 100755
index 0000000..389f7d0
--- /dev/null
+++ b/source4/scripting/devel/enumprivs
@@ -0,0 +1,58 @@
+#!/usr/bin/env python3
+
+# script to enumerate LSA privileges on a server
+
+import sys
+from optparse import OptionParser
+
+sys.path.insert(0, "bin/python")
+
+import samba
+import samba.getopt as options
+from samba.dcerpc import lsa, security
+
+def get_display_name(lsaconn, pol_handle, name):
+    '''get the display name for a privilege'''
+    string = lsa.String()
+    string.string = name
+
+    (disp_names, ret_lang) = lsaconn.LookupPrivDisplayName(pol_handle, string, 0x409, 0)
+    return disp_names.string
+
+
+
+
+########### main code ###########
+if __name__ == "__main__":
+    parser = OptionParser("enumprivs [options] server")
+    sambaopts = options.SambaOptions(parser)
+    credopts = options.CredentialsOptionsDouble(parser)
+    parser.add_option_group(credopts)
+
+    (opts, args) = parser.parse_args()
+
+    lp = sambaopts.get_loadparm()
+    creds = credopts.get_credentials(lp)
+
+    if len(args) != 1:
+        parser.error("You must supply a server")
+
+    if not creds.authentication_requested():
+        parser.error("You must supply credentials")
+
+    server = args[0]
+
+    binding_str = "ncacn_np:%s[print]" % server
+
+    lsaconn = lsa.lsarpc(binding_str, lp, creds)
+
+    objectAttr = lsa.ObjectAttribute()
+    objectAttr.sec_qos = lsa.QosInfo()
+
+    pol_handle = lsaconn.OpenPolicy2(''.decode('utf-8'),
+                                     objectAttr, security.SEC_FLAG_MAXIMUM_ALLOWED)
+
+    (handle, privs) = lsaconn.EnumPrivs(pol_handle, 0, 100)
+    for p in privs.privs:
+        disp_name = get_display_name(lsaconn, pol_handle, p.name.string)
+        print("0x%08x %31s \"%s\"" % (p.luid.low, p.name.string, disp_name))
diff --git a/source4/scripting/devel/getncchanges b/source4/scripting/devel/getncchanges
new file mode 100755
index 0000000..a1a4d14
--- /dev/null
+++ b/source4/scripting/devel/getncchanges
@@ -0,0 +1,143 @@
+#!/usr/bin/env python3
+
+# script to call a DRS GetNCChanges from the command line
+# this is useful for plugfest testing
+import sys
+from optparse import OptionParser
+
+sys.path.insert(0, "bin/python")
+
+import samba, ldb
+import samba.getopt as options
+from samba.dcerpc import drsuapi, misc
+from samba.samdb import SamDB
+from samba.auth import system_session
+from samba.ndr import ndr_unpack
+from samba.drs_utils import drs_get_rodc_partial_attribute_set, drs_DsBind
+
+
+########### main code ###########
+if __name__ == "__main__":
+    parser = OptionParser("getncchanges [options] server")
+    sambaopts = options.SambaOptions(parser)
+    parser.add_option_group(sambaopts)
+    credopts = options.CredentialsOptionsDouble(parser)
+    parser.add_option_group(credopts)
+
+    parser.add_option("", "--dn", dest="dn", help="DN to replicate",)
+    parser.add_option("", "--exop", dest="exop", help="extended operation",)
+    parser.add_option("", "--pas", dest="use_pas", action='store_true', default=False,
+                      help="send partial attribute set (for RODC)")
+    parser.add_option("", "--nb-iter", type='int', help="Number of getncchange iterations")
+    parser.add_option("", "--dest-dsa", type='str', help="destination DSA GUID")
+    parser.add_option("", "--rodc", action='store_true', default=False,
+                      help='use RODC replica flags')
+    parser.add_option("", "--partial-rw", action='store_true', default=False,
+                      help='use RW partial replica flags, not be confused with --pas')
+    parser.add_option("", "--replica-flags", type='int',
+                      default=drsuapi.DRSUAPI_DRS_INIT_SYNC |
+                      drsuapi.DRSUAPI_DRS_PER_SYNC |
+                      drsuapi.DRSUAPI_DRS_WRIT_REP |
+                      drsuapi.DRSUAPI_DRS_GET_ANC |
+                      drsuapi.DRSUAPI_DRS_NEVER_SYNCED,
+                      help='replica flags')
+
+    (opts, args) = parser.parse_args()
+    if opts.rodc:
+        opts.replica_flags = drsuapi.DRSUAPI_DRS_INIT_SYNC |\
+                             drsuapi.DRSUAPI_DRS_PER_SYNC |\
+                             drsuapi.DRSUAPI_DRS_GET_ANC |\
+                             drsuapi.DRSUAPI_DRS_NEVER_SYNCED |\
+                             drsuapi.DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING |\
+                             drsuapi.DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP
+
+    if opts.partial_rw:
+        opts.replica_flags = drsuapi.DRSUAPI_DRS_INIT_SYNC |\
+                             drsuapi.DRSUAPI_DRS_PER_SYNC |\
+                             drsuapi.DRSUAPI_DRS_GET_ANC |\
+                             drsuapi.DRSUAPI_DRS_NEVER_SYNCED
+
+    lp = sambaopts.get_loadparm()
+    creds = credopts.get_credentials(lp)
+
+    if len(args) != 1:
+        parser.error("You must supply a server")
+
+    if creds.is_anonymous():
+        parser.error("You must supply credentials")
+
+    if opts.partial_rw and opts.rodc:
+        parser.error("Can't specify --partial-rw and --rodc")
+
+    server = args[0]
+
+    binding_str = "ncacn_ip_tcp:%s[seal,print]" % server
+
+    drs = drsuapi.drsuapi(binding_str, lp, creds)
+    drs_handle, supported_extensions = drs_DsBind(drs)
+    print("DRS Handle: %s" % drs_handle)
+
+    req8 = drsuapi.DsGetNCChangesRequest8()
+
+    samdb = SamDB(url="ldap://%s" % server,
+                  session_info=system_session(),
+                  credentials=creds, lp=lp)
+
+    if opts.use_pas:
+        local_samdb = SamDB(url=None, session_info=system_session(),
+                            credentials=creds, lp=lp)
+
+    if opts.dn is None:
+        opts.dn = str(samdb.get_default_basedn())
+
+    if opts.exop is None:
+        exop = drsuapi.DRSUAPI_EXOP_NONE
+    else:
+        exop = int(opts.exop)
+
+    dest_dsa = opts.dest_dsa
+    if not dest_dsa:
+        print("no dest_dsa specified trying to figure out from ldap")
+        msgs = samdb.search(controls=["search_options:1:2"],
+                           expression='(objectclass=ntdsdsa)')
+        if len(msgs) == 1:
+            dest_dsa = str(ndr_unpack(misc.GUID,  msgs[0]["invocationId"][0]))
+            print("Found this dsa: %s" % dest_dsa)
+        else:
+            # TODO fixme
+            pass
+        if not dest_dsa:
+            print("Unable to find the dest_dsa automatically please specify it")
+            import sys
+            sys.exit(1)
+
+    null_guid = misc.GUID()
+    req8.destination_dsa_guid               = misc.GUID(dest_dsa)
+    req8.source_dsa_invocation_id	    = misc.GUID(samdb.get_invocation_id())
+    req8.naming_context			    = drsuapi.DsReplicaObjectIdentifier()
+    req8.naming_context.dn                  = opts.dn.decode("utf-8")
+    req8.highwatermark                      = drsuapi.DsReplicaHighWaterMark()
+    req8.highwatermark.tmp_highest_usn	    = 0
+    req8.highwatermark.reserved_usn	    = 0
+    req8.highwatermark.highest_usn	    = 0
+    req8.uptodateness_vector		    = None
+    req8.replica_flags			    = opts.replica_flags
+    req8.max_object_count		     = 402
+    req8.max_ndr_size			     = 402116
+    req8.extended_op			     = exop
+    req8.fsmo_info			     = 0
+    if opts.use_pas:
+        req8.partial_attribute_set	     = drs_get_rodc_partial_attribute_set(local_samdb)
+    else:
+        req8.partial_attribute_set	     = None
+    req8.partial_attribute_set_ex	     = None
+    req8.mapping_ctr.num_mappings	     = 0
+    req8.mapping_ctr.mappings		     = None
+
+    nb_iter = 0
+    while True:
+        (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
+        nb_iter += 1
+        if ctr.more_data == 0 or opts.nb_iter == nb_iter:
+            break
+        req8.highwatermark = ctr.new_highwatermark
diff --git a/source4/scripting/devel/nmfind b/source4/scripting/devel/nmfind
new file mode 100755
index 0000000..865c0d7
--- /dev/null
+++ b/source4/scripting/devel/nmfind
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+# find object files containing a symbol
+# for example:
+#   nmfind foo_function $(find bin/default -name '*.o')
+
+TARGET=$1
+shift
+for f in $*; do
+	if nm $f 2>&1 | grep $TARGET >/dev/null; then
+		echo [$f]
+		nm $f | grep $TARGET
+		echo
+	fi
+done
diff --git a/source4/scripting/devel/pfm_verify.py b/source4/scripting/devel/pfm_verify.py
new file mode 100755
index 0000000..f29c1e5
--- /dev/null
+++ b/source4/scripting/devel/pfm_verify.py
@@ -0,0 +1,192 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# script to verify cached prefixMap on remote
+# server against the prefixMap stored in Schema NC
+#
+# Copyright (C) Kamen Mazdrashki <kamenim@samba.org> 2010
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+import os
+import sys
+from optparse import OptionParser
+
+sys.path.insert(0, "bin/python")
+
+import samba
+import samba.getopt as options
+from ldb import SCOPE_BASE, SCOPE_SUBTREE
+from samba.dcerpc import drsuapi, misc, drsblobs
+from samba.drs_utils import drs_DsBind
+from samba.samdb import SamDB
+from samba.auth import system_session
+from samba.ndr import ndr_pack, ndr_unpack
+
+
+def _samdb_fetch_pfm(samdb):
+    """Fetch prefixMap stored in SamDB using LDB connection"""
+    res = samdb.search(base=samdb.get_schema_basedn(), expression="", scope=SCOPE_BASE, attrs=["*"])
+    assert len(res) == 1
+    pfm = ndr_unpack(drsblobs.prefixMapBlob,
+                     str(res[0]['prefixMap']))
+
+    pfm_schi = _samdb_fetch_schi(samdb)
+
+    return (pfm.ctr, pfm_schi)
+
+
+def _samdb_fetch_schi(samdb):
+    """Fetch schemaInfo stored in SamDB using LDB connection"""
+    res = samdb.search(base=samdb.get_schema_basedn(), expression="", scope=SCOPE_BASE, attrs=["*"])
+    assert len(res) == 1
+    if 'schemaInfo' in res[0]:
+        pfm_schi = ndr_unpack(drsblobs.schemaInfoBlob,
+                              str(res[0]['schemaInfo']))
+    else:
+        pfm_schi = drsblobs.schemaInfoBlob()
+        pfm_schi.marker = 0xFF
+    return pfm_schi
+
+
+def _drs_fetch_pfm(server, samdb, creds, lp):
+    """Fetch prefixMap using DRS interface"""
+    binding_str = "ncacn_ip_tcp:%s[print,seal]" % server
+
+    drs = drsuapi.drsuapi(binding_str, lp, creds)
+    (drs_handle, supported_extensions) = drs_DsBind(drs)
+    print("DRS Handle: %s" % drs_handle)
+
+    req8 = drsuapi.DsGetNCChangesRequest8()
+
+    dest_dsa = misc.GUID("9c637462-5b8c-4467-aef2-bdb1f57bc4ef")
+    replica_flags = 0
+
+    req8.destination_dsa_guid = dest_dsa
+    req8.source_dsa_invocation_id = misc.GUID(samdb.get_invocation_id())
+    req8.naming_context = drsuapi.DsReplicaObjectIdentifier()
+    req8.naming_context.dn = samdb.get_schema_basedn()
+    req8.highwatermark = drsuapi.DsReplicaHighWaterMark()
+    req8.highwatermark.tmp_highest_usn = 0
+    req8.highwatermark.reserved_usn = 0
+    req8.highwatermark.highest_usn = 0
+    req8.uptodateness_vector = None
+    req8.replica_flags = replica_flags
+    req8.max_object_count = 0
+    req8.max_ndr_size = 402116
+    req8.extended_op = 0
+    req8.fsmo_info = 0
+    req8.partial_attribute_set = None
+    req8.partial_attribute_set_ex = None
+    req8.mapping_ctr.num_mappings = 0
+    req8.mapping_ctr.mappings = None
+
+    (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
+    pfm = ctr.mapping_ctr
+    # check for schemaInfo element
+    pfm_it = pfm.mappings[-1]
+    assert pfm_it.id_prefix == 0
+    assert pfm_it.oid.length == 21
+    s = "".join(chr(x) for x in pfm_it.oid.binary_oid)
+    pfm_schi = ndr_unpack(drsblobs.schemaInfoBlob, s)
+    assert pfm_schi.marker == 0xFF
+    # remove schemaInfo element
+    pfm.num_mappings -= 1
+    return (pfm, pfm_schi)
+
+
+def _pfm_verify(drs_pfm, ldb_pfm):
+    errors = []
+    if drs_pfm.num_mappings != ldb_pfm.num_mappings:
+        errors.append("Different count of prefixes: drs = %d, ldb = %d"
+                      % (drs_pfm.num_mappings, ldb_pfm.num_mappings))
+    count = min(drs_pfm.num_mappings, ldb_pfm.num_mappings)
+    for i in range(0, count):
+        it_err = []
+        drs_it = drs_pfm.mappings[i]
+        ldb_it = ldb_pfm.mappings[i]
+        if drs_it.id_prefix != ldb_it.id_prefix:
+            it_err.append("id_prefix")
+        if drs_it.oid.length != ldb_it.oid.length:
+            it_err.append("oid.length")
+        if drs_it.oid.binary_oid != ldb_it.oid.binary_oid:
+            it_err.append("oid.binary_oid")
+        if len(it_err):
+            errors.append("[%2d] differences in (%s)" % (i, it_err))
+    return errors
+
+
+def _pfm_schi_verify(drs_schi, ldb_schi):
+    errors = []
+    print(drs_schi.revision)
+    print(drs_schi.invocation_id)
+    if drs_schi.marker != ldb_schi.marker:
+        errors.append("Different marker in schemaInfo: drs = %d, ldb = %d"
+                      % (drs_schi.marker, ldb_schi.marker))
+    if drs_schi.revision != ldb_schi.revision:
+        errors.append("Different revision in schemaInfo: drs = %d, ldb = %d"
+                      % (drs_schi.revision, ldb_schi.revision))
+    if drs_schi.invocation_id != ldb_schi.invocation_id:
+        errors.append("Different invocation_id in schemaInfo: drs = %s, ldb = %s"
+                      % (drs_schi.invocation_id, ldb_schi.invocation_id))
+    return errors
+
+
+########### main code ###########
+if __name__ == "__main__":
+    # command line parsing
+    parser = OptionParser("pfm_verify.py [options] server")
+    sambaopts = options.SambaOptions(parser)
+    parser.add_option_group(sambaopts)
+    credopts = options.CredentialsOptionsDouble(parser)
+    parser.add_option_group(credopts)
+
+    (opts, args) = parser.parse_args()
+
+    lp = sambaopts.get_loadparm()
+    creds = credopts.get_credentials(lp)
+
+    if len(args) != 1:
+        if "DC_SERVER" not in os.environ.keys():
+            parser.error("You must supply a server")
+        args.append(os.environ["DC_SERVER"])
+
+    if creds.is_anonymous():
+        parser.error("You must supply credentials")
+
+    server = args[0]
+
+    samdb = SamDB(url="ldap://%s" % server,
+                  session_info=system_session(lp),
+                  credentials=creds, lp=lp)
+
+    exit_code = 0
+    (drs_pfm, drs_schi) = _drs_fetch_pfm(server, samdb, creds, lp)
+    (ldb_pfm, ldb_schi) = _samdb_fetch_pfm(samdb)
+    # verify prefixMaps
+    errors = _pfm_verify(drs_pfm, ldb_pfm)
+    if len(errors):
+        print("prefixMap verification errors:")
+        print("%s" % errors)
+        exit_code = 1
+    # verify schemaInfos
+    errors = _pfm_schi_verify(drs_schi, ldb_schi)
+    if len(errors):
+        print("schemaInfo verification errors:")
+        print("%s" % errors)
+        exit_code = 2
+
+    if exit_code != 0:
+        sys.exit(exit_code)
diff --git a/source4/scripting/devel/rebuild_zone.sh b/source4/scripting/devel/rebuild_zone.sh
new file mode 100755
index 0000000..94d1f9e
--- /dev/null
+++ b/source4/scripting/devel/rebuild_zone.sh
@@ -0,0 +1,109 @@
+#!/bin/sh
+# rebuild a zone file, adding all DCs
+
+[ $# -eq 2 ] || {
+	echo "rebuild_zone.sh <sam.ldb> <zonefile>"
+	exit 1
+}
+
+LDB="$1"
+ZFILE="$2"
+
+dnshostname=$(bin/ldbsearch -H $LDB --scope=base -b '' dnsHostname | grep ^dns | cut -d' ' -f2)
+host=$(echo $dnshostname | cut -d. -f1)
+realm=$(echo $dnshostname | cut -d. -f2-)
+GUIDs=$(bin/ldbsearch -H $LDB objectclass=ntdsdsa objectguid --cross-ncs | grep ^objectGUID | cut -d' ' -f2)
+DOMAINGUID=$(bin/ldbsearch -H $LDB --scope=base objectguid | grep ^objectGUID | cut -d' ' -f2)
+
+dcname()
+{
+	GUID=$1
+	echo $(bin/ldbsearch -H $LDB objectguid=$GUID dn --cross-ncs | grep CN=NTDS.Settings | cut -d, -f2 | cut -d= -f2)
+}
+
+getip()
+{
+	NAME=$1
+	ret=$(nmblookup $NAME | egrep '^[0-9]' | head -1 | cut -d' ' -f1)
+	test -n "$ret" || {
+		echo "Unable to find IP for $NAME. Using XX.XX.XX.XX. Please edit" 1>&2
+		echo "XX.XX.XX.XX"
+	}
+	echo $ret
+}
+
+echo "Generating header for host $host in realm $realm"
+cat <<EOF >$ZFILE
+; -*- zone -*-
+; generated by rebuild_zone.sh
+\$ORIGIN $realm.
+\$TTL 1W
+@               IN SOA  @   hostmaster (
+                                $(date +%Y%m%d%H)   ; serial
+                                2D              ; refresh
+                                4H              ; retry
+                                6W              ; expiry
+                                1W )            ; minimum
+			IN NS	$host
+
+EOF
+
+for GUID in $GUIDs; do
+	dc=$(dcname $GUID)
+	echo "Generating IP for DC $dc"
+	ip=$(getip $dc)
+	test -n "$ip" || exit 1
+	echo "	IN A $ip" >>$ZFILE
+done
+
+echo "; IP Addresses" >>$ZFILE
+for GUID in $GUIDs; do
+	dc=$(dcname $GUID)
+	ip=$(getip $dc)
+	test -n "$ip" || exit 1
+	echo "$dc	IN A $ip" >>$ZFILE
+done
+
+for GUID in $GUIDs; do
+	dc=$(dcname $GUID)
+	ip=$(getip $dc)
+	test -n "$ip" || exit 1
+	echo "Generating zone body for DC $dc with IP $ip"
+	cat <<EOF >>$ZFILE
+;
+; Entries for $dc
+gc._msdcs		IN A	$ip
+$GUID._msdcs	IN CNAME	$dc
+_gc._tcp		IN SRV 0 100 3268	$dc
+_gc._tcp.Default-First-Site-Name._sites	IN SRV 0 100 3268	$dc
+_ldap._tcp.gc._msdcs	IN SRV 0 100 389	$dc
+_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs	IN SRV 0 100 389 $dc
+_ldap._tcp		IN SRV 0 100 389	$dc
+_ldap._tcp.dc._msdcs	IN SRV 0 100 389	$dc
+_ldap._tcp.pdc._msdcs	IN SRV 0 100 389	$dc
+_ldap._tcp.$DOMAINGUID.domains._msdcs		IN SRV 0 100 389 $dc
+_ldap._tcp.Default-First-Site-Name._sites		IN SRV 0 100 389 $dc
+_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs	IN SRV 0 100 389 $dc
+_kerberos._tcp		IN SRV 0 100 88		$dc
+_kerberos._tcp.dc._msdcs	IN SRV 0 100 88	$dc
+_kerberos._tcp.Default-First-Site-Name._sites	IN SRV 0 100 88	$dc
+_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs	IN SRV 0 100 88 $dc
+_kerberos._udp		IN SRV 0 100 88		$dc
+_kerberos-master._tcp		IN SRV 0 100 88		$dc
+_kerberos-master._udp		IN SRV 0 100 88		$dc
+_kpasswd._tcp		IN SRV 0 100 464	$dc
+_kpasswd._udp		IN SRV 0 100 464 	$dc
+EOF
+done
+
+cat <<EOF >>$ZFILE
+
+; kerberos hack
+_kerberos		IN TXT	$(echo $realm | tr [a-z] [A-Z])
+EOF
+
+echo "Rebuilt zone file $ZFILE OK"
+
+echo "Reloading bind config"
+PATH="/usr/sbin:$PATH" rndc reload
+exit 0
diff --git a/source4/scripting/devel/rodcdns b/source4/scripting/devel/rodcdns
new file mode 100755
index 0000000..6830580
--- /dev/null
+++ b/source4/scripting/devel/rodcdns
@@ -0,0 +1,43 @@
+#!/usr/bin/env python3
+
+# script to call a netlogon RODC DNS update
+
+import sys
+from optparse import OptionParser
+
+sys.path.insert(0, "bin/python")
+
+import samba
+import samba.getopt as options
+from samba.dcerpc import netlogon, winbind
+
+########### main code ###########
+if __name__ == "__main__":
+    parser = OptionParser("rodcdns [options]")
+    sambaopts = options.SambaOptions(parser)
+
+    parser.add_option("", "--weight", dest="weight", help="record weight", default=0, type='int')
+    parser.add_option("", "--priority", dest="priority", help="record priority", default=100, type='int')
+    parser.add_option("", "--port", dest="port", help="port number", default=389, type='int')
+    parser.add_option("", "--type", dest="type", help="record type", default=netlogon.NlDnsLdapAtSite, type='int')
+    parser.add_option("", "--site", dest="site", help="site name", default="Default-First-Site-Name")
+
+    (opts, args) = parser.parse_args()
+
+    lp = sambaopts.get_loadparm()
+
+    w = winbind.winbind("irpc:winbind_server", lp)
+
+    dns_names = netlogon.NL_DNS_NAME_INFO_ARRAY()
+    dns_names.count = 1
+    name = netlogon.NL_DNS_NAME_INFO()
+    name.type = opts.type
+    name.priority = opts.priority
+    name.weight   = opts.weight
+    name.port = opts.port
+    name.dns_register = True
+    dns_names.names = [ name ]
+    site_name = opts.site
+
+    ret_names = w.DsrUpdateReadOnlyServerDnsRecords(site_name, 600, dns_names)
+    print("Status: %u" % ret_names.names[0].status)
diff --git a/source4/scripting/devel/speedtest.py b/source4/scripting/devel/speedtest.py
new file mode 100755
index 0000000..8c044c4
--- /dev/null
+++ b/source4/scripting/devel/speedtest.py
@@ -0,0 +1,235 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# Unix SMB/CIFS implementation.
+# This speed test aims to show difference in execution time for bulk
+# creation of user objects. This will help us compare
+# Samba4 vs MS Active Directory performance.
+
+# Copyright (C) Zahari Zahariev <zahari.zahariev@postpath.com> 2010
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+import optparse
+import sys
+import time
+import base64
+from decimal import Decimal
+
+sys.path.insert(0, "bin/python")
+import samba
+from samba.tests.subunitrun import TestProgram, SubunitOptions
+
+import samba.getopt as options
+
+from ldb import SCOPE_BASE, SCOPE_SUBTREE
+from samba.ndr import ndr_unpack
+from samba.dcerpc import security
+
+from samba.auth import system_session
+from samba import gensec, sd_utils
+from samba.samdb import SamDB
+from samba.credentials import Credentials
+import samba.tests
+from samba.tests import delete_force
+
+parser = optparse.OptionParser("speedtest.py [options] <host>")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+subunitopts = SubunitOptions(parser)
+parser.add_option_group(subunitopts)
+opts, args = parser.parse_args()
+
+if len(args) < 1:
+    parser.print_usage()
+    sys.exit(1)
+
+host = args[0]
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
+
+#
+# Tests start here
+#
+
+
+class SpeedTest(samba.tests.TestCase):
+
+    def find_domain_sid(self, ldb):
+        res = ldb.search(base=self.base_dn, expression="(objectClass=*)", scope=SCOPE_BASE)
+        return ndr_unpack(security.dom_sid, res[0]["objectSid"][0])
+
+    def setUp(self):
+        super(SpeedTest, self).setUp()
+        self.ldb_admin = ldb
+        self.base_dn = ldb.domain_dn()
+        self.domain_sid = security.dom_sid(ldb.get_domain_sid())
+        self.user_pass = "samba123@"
+        print("baseDN: %s" % self.base_dn)
+
+    def create_user(self, user_dn):
+        ldif = """
+dn: """ + user_dn + """
+sAMAccountName: """ + user_dn.split(",")[0][3:] + """
+objectClass: user
+unicodePwd:: """ + base64.b64encode(("\"%s\"" % self.user_pass).encode('utf-16-le')).decode('utf8') + """
+url: www.example.com
+"""
+        self.ldb_admin.add_ldif(ldif)
+
+    def create_group(self, group_dn, desc=None):
+        ldif = """
+dn: """ + group_dn + """
+objectClass: group
+sAMAccountName: """ + group_dn.split(",")[0][3:] + """
+groupType: 4
+url: www.example.com
+"""
+        self.ldb_admin.add_ldif(ldif)
+
+    def create_bundle(self, count):
+        for i in range(count):
+            self.create_user("cn=speedtestuser%d,cn=Users,%s" % (i + 1, self.base_dn))
+
+    def remove_bundle(self, count):
+        for i in range(count):
+            delete_force(self.ldb_admin, "cn=speedtestuser%d,cn=Users,%s" % (i + 1, self.base_dn))
+
+    def remove_test_users(self):
+        res = ldb.search(base="cn=Users,%s" % self.base_dn, expression="(objectClass=user)", scope=SCOPE_SUBTREE)
+        dn_list = [item.dn for item in res if "speedtestuser" in str(item.dn)]
+        for dn in dn_list:
+            delete_force(self.ldb_admin, dn)
+
+
+class SpeedTestAddDel(SpeedTest):
+
+    def setUp(self):
+        super(SpeedTestAddDel, self).setUp()
+
+    def run_bundle(self, num):
+        print("\n=== Test ADD/DEL %s user objects ===\n" % num)
+        avg_add = Decimal("0.0")
+        avg_del = Decimal("0.0")
+        for x in [1, 2, 3]:
+            start = time.time()
+            self.create_bundle(num)
+            res_add = Decimal(str(time.time() - start))
+            avg_add += res_add
+            print("   Attempt %s ADD: %.3fs" % (x, float(res_add)))
+            #
+            start = time.time()
+            self.remove_bundle(num)
+            res_del = Decimal(str(time.time() - start))
+            avg_del += res_del
+            print("   Attempt %s DEL: %.3fs" % (x, float(res_del)))
+        print("Average ADD: %.3fs" % float(Decimal(avg_add) / Decimal("3.0")))
+        print("Average DEL: %.3fs" % float(Decimal(avg_del) / Decimal("3.0")))
+        print("")
+
+    def test_00000(self):
+        """ Remove possibly undeleted test users from previous test
+        """
+        self.remove_test_users()
+
+    def test_00010(self):
+        self.run_bundle(10)
+
+    def test_00100(self):
+        self.run_bundle(100)
+
+    def test_01000(self):
+        self.run_bundle(1000)
+
+    def _test_10000(self):
+        """ This test should be enabled preferably against MS Active Directory.
+            It takes quite the time against Samba4 (1-2 days).
+        """
+        self.run_bundle(10000)
+
+
+class AclSearchSpeedTest(SpeedTest):
+
+    def setUp(self):
+        super(AclSearchSpeedTest, self).setUp()
+        self.ldb_admin.newuser("acltestuser", "samba123@")
+        self.sd_utils = sd_utils.SDUtils(self.ldb_admin)
+        self.ldb_user = self.get_ldb_connection("acltestuser", "samba123@")
+        self.user_sid = self.sd_utils.get_object_sid(self.get_user_dn("acltestuser"))
+
+    def tearDown(self):
+        super(AclSearchSpeedTest, self).tearDown()
+        delete_force(self.ldb_admin, self.get_user_dn("acltestuser"))
+
+    def run_search_bundle(self, num, _ldb):
+        print("\n=== Creating %s user objects ===\n" % num)
+        self.create_bundle(num)
+        mod = "(A;;LC;;;%s)(D;;RP;;;%s)" % (str(self.user_sid), str(self.user_sid))
+        for i in range(num):
+            self.sd_utils.dacl_add_ace("cn=speedtestuser%d,cn=Users,%s" %
+                                       (i + 1, self.base_dn), mod)
+        print("\n=== %s user objects created ===\n" % num)
+        print("\n=== Test search on %s user objects ===\n" % num)
+        avg_search = Decimal("0.0")
+        for x in [1, 2, 3]:
+            start = time.time()
+            res = _ldb.search(base=self.base_dn, expression="(objectClass=*)", scope=SCOPE_SUBTREE)
+            res_search = Decimal(str(time.time() - start))
+            avg_search += res_search
+            print("   Attempt %s SEARCH: %.3fs" % (x, float(res_search)))
+        print("Average Search: %.3fs" % float(Decimal(avg_search) / Decimal("3.0")))
+        self.remove_bundle(num)
+
+    def get_user_dn(self, name):
+        return "CN=%s,CN=Users,%s" % (name, self.base_dn)
+
+    def get_ldb_connection(self, target_username, target_password):
+        creds_tmp = Credentials()
+        creds_tmp.set_username(target_username)
+        creds_tmp.set_password(target_password)
+        creds_tmp.set_domain(creds.get_domain())
+        creds_tmp.set_realm(creds.get_realm())
+        creds_tmp.set_workstation(creds.get_workstation())
+        creds_tmp.set_gensec_features(creds_tmp.get_gensec_features()
+                                      | gensec.FEATURE_SEAL)
+        ldb_target = SamDB(url=host, credentials=creds_tmp, lp=lp)
+        return ldb_target
+
+    def test_search_01000(self):
+        self.run_search_bundle(1000, self.ldb_admin)
+
+    def test_search2_01000(self):
+        # allow the user to see objects but not attributes, all attributes will be filtered out
+        mod = "(A;;LC;;;%s)(D;;RP;;;%s)" % (str(self.user_sid), str(self.user_sid))
+        self.sd_utils.dacl_add_ace("CN=Users,%s" % self.base_dn, mod)
+        self.run_search_bundle(1000, self.ldb_user)
+
+# Important unit running information
+
+
+if "://" not in host:
+    host = "ldap://%s" % host
+
+ldb_options = ["modules:paged_searches"]
+ldb = SamDB(host, credentials=creds, session_info=system_session(), lp=lp, options=ldb_options)
+
+TestProgram(module=__name__, opts=subunitopts)
diff --git a/source4/scripting/devel/tmpfs.sh b/source4/scripting/devel/tmpfs.sh
new file mode 100755
index 0000000..e4798ec
--- /dev/null
+++ b/source4/scripting/devel/tmpfs.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+# This sets up bin/ and st/ as tmpfs filesystems, which saves a lot of
+# time waiting on the disk!
+
+sudo echo "About to (re)mount bin and st as tmpfs"
+rm -rf bin st
+sudo umount bin >/dev/null 2>&1
+sudo umount st >/dev/null 2>&1
+mkdir -p bin st || exit 1
+sudo mount -t tmpfs /dev/null bin || exit 1
+sudo chown $USER bin/. || exit 1
+echo "tmpfs setup for bin/"
+sudo mount -t tmpfs /dev/null st || exit 1
+sudo chown $USER st/. || exit 1
+echo "tmpfs setup for st/"
diff --git a/source4/scripting/devel/watch_servers.sh b/source4/scripting/devel/watch_servers.sh
new file mode 100644
index 0000000..88d66a2
--- /dev/null
+++ b/source4/scripting/devel/watch_servers.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+[ $# -ge 3 ] || {
+	echo "Usage: watch_servers.sh DB1 DB2 PASSWORD SEARCH <attrs>"
+	exit 1
+}
+
+host1="$1"
+host2="$2"
+password="$3"
+search="$4"
+shift 4
+
+watch -n1 "echo '$host1:'; bin/ldbsearch -S -H $host1 -Uadministrator%$password '$search' description $* | egrep -v '^ref|Ref|returned|entries|referrals' | uniq; echo; echo '$host2:'; bin/ldbsearch -S -H $host2 -Uadministrator%$password '$search' description $* | egrep -v '^ref|Ref|returned|entries|referrals' | uniq;"
diff --git a/source4/scripting/man/samba-gpupdate.8.xml b/source4/scripting/man/samba-gpupdate.8.xml
new file mode 100644
index 0000000..c7c9963
--- /dev/null
+++ b/source4/scripting/man/samba-gpupdate.8.xml
@@ -0,0 +1,128 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<refentry id="samba-gpupdate.8">
+<refentryinfo><date>2017-07-11</date></refentryinfo>
+
+<refmeta>
+	<refentrytitle>SAMBA_GPOUPDATE</refentrytitle>
+	<manvolnum>8</manvolnum>
+	<refmiscinfo class="source">Samba</refmiscinfo>
+	<refmiscinfo class="manual">System Administration tools</refmiscinfo>
+	<refmiscinfo class="version">4.8.0</refmiscinfo>
+</refmeta>
+
+<refnamediv>
+	<refname>samba-gpupdate</refname>
+	<refpurpose>apply group policy</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<cmdsynopsis>
+		<command>samba-gpupdate</command>
+	</cmdsynopsis>
+
+	<cmdsynopsis>
+		<command>samba-gpupdate</command>
+		<arg choice="opt">
+		<replaceable>options</replaceable>
+		</arg>
+	</cmdsynopsis>
+
+</refsynopsisdiv>
+
+
+<refsect1>
+	<title>DESCRIPTION</title>
+	<para>This tool is part of the
+	<citerefentry><refentrytitle>samba</refentrytitle>
+	<manvolnum>1</manvolnum></citerefentry> suite.</para>
+
+	<para><command>samba-gpupdate</command> a script for
+	applying and unapplying Group Policy. This applies
+	password policies (minimum/maximum password age,
+	minimum password length, and password complexity),
+	kerberos policies (user/service ticket lifetime and
+	renew lifetime), smb.conf policies,
+	hourly/daily/weekly/monthly cron scripts, Sudo
+	Privileges, Message of the Day and Logon Prompt
+	messages, etc.</para>
+
+</refsect1>
+
+<refsect1>
+	<title>OPTIONS</title>
+
+<para><option>-h</option>, <option>--help</option>
+       show this help message and exit</para>
+
+<para><option>-H </option>URL, <option>--url</option>=<emphasis remap="I">URL</emphasis>
+       URL for the samdb</para>
+
+<para><option>-X</option>, <option>--unapply</option>
+       Unapply Group Policy</para>
+
+<para><option>--target</option>
+       {Computer | User}</para>
+
+<para><option>--force</option>
+       Reapplies all policy settings</para>
+
+<para><option>--rsop</option>
+       Print the Resultant Set of Policy</para>
+
+<para>Samba Common Options:</para>
+
+<para><option>-s </option>FILE, <option>--configfile</option>=<emphasis remap="I">FILE</emphasis>
+       Configuration file</para>
+
+<para><option>-d </option>DEBUGLEVEL, <option>--debuglevel</option>=<emphasis remap="I">DEBUGLEVEL</emphasis>
+       debug level</para>
+
+<para><option>--option</option>=<emphasis remap="I">OPTION</emphasis>
+       set smb.conf option from command line</para>
+
+<para><option>--realm</option>=<emphasis remap="I">REALM</emphasis>
+       set the realm name</para>
+
+<para>Version Options:</para>
+
+<para><option>-V</option>, <option>--version</option>
+       Display version number</para>
+
+<para>Credentials Options:</para>
+
+<para><option>--simple-bind-dn</option>=<emphasis remap="I">DN</emphasis>
+       DN to use for a simple bind</para>
+
+<para><option>--password</option>=<emphasis remap="I">PASSWORD</emphasis>
+       Password</para>
+
+<para><option>-U </option>USERNAME, <option>--username</option>=<emphasis remap="I">USERNAME</emphasis>
+       Username</para>
+
+<para><option>-W </option>WORKGROUP, <option>--workgroup</option>=<emphasis remap="I">WORKGROUP</emphasis>
+       Workgroup</para>
+
+<para><option>-N</option>, <option>--no-pass</option>
+       Don't ask for a password</para>
+
+<para><option>-k </option>KERBEROS, <option>--kerberos</option>=<emphasis remap="I">KERBEROS</emphasis>
+       Use Kerberos</para>
+
+<para><option>--ipaddress</option>=<emphasis remap="I">IPADDRESS</emphasis>
+       IP address of server</para>
+
+<para><option>-P</option>, <option>--machine-pass</option>
+       Use stored machine account password</para>
+
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+	<para>The original Samba software and related utilities were
+	created by Andrew Tridgell. Samba is now developed by the
+	Samba Team as an Open Source project similar to the way the
+	Linux kernel is developed.</para>
+</refsect1>
+
+</refentry>
diff --git a/source4/scripting/wscript_build b/source4/scripting/wscript_build
new file mode 100644
index 0000000..6728dec
--- /dev/null
+++ b/source4/scripting/wscript_build
@@ -0,0 +1,24 @@
+#!/usr/bin/env python
+
+from samba_utils import MODE_755
+
+sbin_files = ''
+if bld.CONFIG_SET('AD_DC_BUILD_IS_ENABLED'):
+    sbin_files = 'bin/samba_downgrade_db bin/samba_dnsupdate bin/samba_spnupdate bin/samba_upgradedns bin/samba_kcc '
+if not bld.env.disable_python:
+    sbin_files += 'bin/samba-gpupdate'
+    man_files = 'man/samba-gpupdate.8'
+
+if sbin_files:
+    bld.INSTALL_FILES('${SBINDIR}',
+                      sbin_files,
+                      chmod=MODE_755, python_fixup=True, flat=True)
+    if 'XSLTPROC_MANPAGES' in bld.env and bld.env['XSLTPROC_MANPAGES']:
+        bld.MANPAGES(man_files, True)
+
+if bld.CONFIG_SET('WITH_ADS'):
+    bld.INSTALL_FILES('${BINDIR}',
+                  'bin/samba-tool',
+                  chmod=MODE_755, python_fixup=True, flat=True)
+
+bld.RECURSE('bin')
diff --git a/source4/selftest/test_samba3dump.sh b/source4/selftest/test_samba3dump.sh
new file mode 100755
index 0000000..f8dc850
--- /dev/null
+++ b/source4/selftest/test_samba3dump.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+# Verify that samba3dump completes.
+
+. testprogs/blackbox/subunit.sh
+
+subunit_start_test samba3dump
+
+SRCDIR=$(dirname $0)/../..
+
+if $PYTHON $SRCDIR/source4/scripting/bin/samba3dump $SRCDIR/testdata/samba3; then
+	subunit_pass_test samba3dump
+else
+	echo | subunit_fail_test samba3dump
+fi
diff --git a/source4/selftest/test_w2k3.sh b/source4/selftest/test_w2k3.sh
new file mode 100755
index 0000000..c2767ce
--- /dev/null
+++ b/source4/selftest/test_w2k3.sh
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+# tests that should pass against a w2k3 DC, as administrator
+
+# add tests to this list as they start passing, so we test
+# that they stay passing
+ncacn_np_tests="RPC-SCHANNEL RPC-DSSETUP RPC-EPMAPPER RPC-SAMR RPC-WKSSVC RPC-SRVSVC RPC-EVENTLOG RPC-NETLOGON RPC-LSA RPC-SAMLOGON RPC-SAMSYNC RPC-MULTIBIND RPC-WINREG RPC-SPOOLSS RPC-SPOOLSS-WIN"
+ncacn_ip_tcp_tests="RPC-SCHANNEL RPC-EPMAPPER RPC-SAMR RPC-NETLOGON RPC-LSA RPC-SAMLOGON RPC-SAMSYNC RPC-MULTIBIND"
+
+if [ $# -lt 4 ]; then
+	cat <<EOF
+Usage: test_w2k3.sh SERVER USERNAME PASSWORD DOMAIN REALM
+EOF
+	exit 1
+fi
+
+server="$1"
+username="$2"
+password="$3"
+domain="$4"
+realm="$5"
+shift 5
+
+incdir=$(dirname $0)
+. $incdir/test_functions.sh
+
+OPTIONS="-U$username%$password -W $domain --option realm=$realm"
+
+name="RPC-SPOOLSS on ncacn_np"
+testit "$name" rpc bin/smbtorture $TORTURE_OPTIONS ncacn_np:"$server" $OPTIONS RPC-SPOOLSS "$*"
+
+for bindoptions in padcheck connect sign seal ntlm,sign ntlm,seal $VALIDATE bigendian; do
+	for transport in ncacn_ip_tcp ncacn_np; do
+		case $transport in
+		ncacn_np) tests=$ncacn_np_tests ;;
+		ncacn_ip_tcp) tests=$ncacn_ip_tcp_tests ;;
+		esac
+		for t in $tests; do
+			name="$t on $transport with $bindoptions"
+			testit "$name" rpc bin/smbtorture $TORTURE_OPTIONS $transport:"${server}[${bindoptions}]" $OPTIONS $t "$*"
+		done
+	done
+done
+
+name="RPC-DRSUAPI on ncacn_ip_tcp with seal"
+testit "$name" rpc bin/smbtorture $TORTURE_OPTIONS ncacn_ip_tcp:"${server}[seal]" $OPTIONS RPC-DRSUAPI "$*"
+name="RPC-DRSUAPI on ncacn_ip_tcp with seal,bigendian"
+testit "$name" rpc bin/smbtorture $TORTURE_OPTIONS ncacn_ip_tcp:"${server}[seal,bigendian]" $OPTIONS RPC-DRSUAPI "$*"
diff --git a/source4/selftest/test_w2k3_file.sh b/source4/selftest/test_w2k3_file.sh
new file mode 100755
index 0000000..b2f8716
--- /dev/null
+++ b/source4/selftest/test_w2k3_file.sh
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+# this runs the file serving tests that are expected to pass with win2003
+
+if [ $# -lt 3 ]; then
+	cat <<EOF
+Usage: test_w2k3_file.sh UNC USERNAME PASSWORD <first> <smbtorture args>
+EOF
+	exit 1
+fi
+
+unc="$1"
+username="$2"
+password="$3"
+start="$4"
+shift 4
+ADDARGS="$*"
+
+incdir=$(dirname $0)
+. $incdir/test_functions.sh
+
+tests="BASE-FDPASS BASE-LOCK "
+tests="$tests BASE-UNLINK BASE-ATTR"
+tests="$tests BASE-DIR1 BASE-DIR2 BASE-VUID"
+tests="$tests BASE-TCON BASE-TCONDEV BASE-RW1"
+tests="$tests BASE-DENY3 BASE-XCOPY BASE-OPEN BASE-DENYDOS"
+tests="$tests BASE-DELETE BASE-PROPERTIES BASE-MANGLE"
+tests="$tests BASE-CHKPATH BASE-SECLEAK BASE-TRANS2"
+tests="$tests BASE-NTDENY1 BASE-NTDENY2  BASE-RENAME BASE-OPENATTR"
+tests="$tests RAW-QFILEINFO RAW-SFILEINFO-BUG RAW-SFILEINFO-BASE"
+tests="$tests RAW-LOCK RAW-MKDIR RAW-SEEK RAW-CONTEXT RAW-MUX RAW-OPEN RAW-WRITE"
+tests="$tests RAW-UNLINK RAW-READ RAW-CLOSE RAW-IOCTL RAW-CHKPATH RAW-RENAME"
+tests="$tests RAW-EAS RAW-STREAMS RAW-OPLOCK RAW-NOTIFY BASE-DELAYWRITE"
+# slowest tests last
+tests="$tests BASE-DENY1 BASE-DENY2"
+
+# these tests are known to fail against windows
+fail="RAW-SEARCH RAW-ACLS RAW-QFSINFO"
+
+echo "Skipping tests expected to fail: $fail"
+
+for t in $tests; do
+	testit "$t" smb $VALGRIND bin/smbtorture $TORTURE_OPTIONS $ADDARGS $unc -U"$username"%"$password" $t
+done
diff --git a/source4/selftest/test_win.sh b/source4/selftest/test_win.sh
new file mode 100755
index 0000000..bf6d2e1
--- /dev/null
+++ b/source4/selftest/test_win.sh
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+# A shell script to connect to a windows host over telnet,
+# setup for a smbtorture test,
+# run the test,
+# and remove the previously configured directory and share.
+# Copyright Brad Henry <brad@samba.org> 2006
+# Released under the GNU GPL version 3 or later.
+
+. selftest/test_functions.sh
+
+export SMBTORTURE_REMOTE_HOST=$(perl -I$WINTEST_DIR $WINTEST_DIR/vm_get_ip.pl VM_CFG_PATH)
+if [ -z $SMBTORTURE_REMOTE_HOST ]; then
+	# Restore snapshot to ensure VM is in a known state, then exit.
+	restore_snapshot "Test failed to get the IP address of the windows host." "$VM_CFG_PATH"
+	exit 1
+fi
+
+name="BASE against Windows 2003"
+testit "$name" smb $WINTEST_DIR/wintest_base.sh $SMBTORTURE_REMOTE_HOST \
+	$SMBTORTURE_USERNAME $SMBTORTURE_PASSWORD $SMBTORTURE_WORKGROUP
+
+name="RAW against Windows 2003"
+testit "$name" smb $WINTEST_DIR/wintest_raw.sh $SMBTORTURE_REMOTE_HOST \
+	$SMBTORTURE_USERNAME $SMBTORTURE_PASSWORD $SMBTORTURE_WORKGROUP
+
+name="RPC against Windows 2003"
+testit "$name" smb $WINTEST_DIR/wintest_rpc.sh $SMBTORTURE_REMOTE_HOST \
+	$SMBTORTURE_USERNAME $SMBTORTURE_PASSWORD $SMBTORTURE_WORKGROUP
+
+name="NET against Windows 2003"
+testit "$name" smb $WINTEST_DIR/wintest_net.sh $SMBTORTURE_REMOTE_HOST \
+	$SMBTORTURE_USERNAME $SMBTORTURE_PASSWORD $SMBTORTURE_WORKGROUP
+
+name="Windows 2003 against samba"
+testit "$name" smb $WINTEST_DIR/wintest_client.sh $SMBTORTURE_REMOTE_HOST
+
+dc_tests="RPC-DRSUAPI ncacn_np ncacn_ip_tcp"
+for name in $dc_tests; do
+	testit "$name against Windows 2003 DC" rpc $WINTEST_DIR/wintest_2k3_dc.sh \
+		"$name"
+done
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
new file mode 100755
index 0000000..d70d7d5
--- /dev/null
+++ b/source4/selftest/tests.py
@@ -0,0 +1,2182 @@
+#!/usr/bin/python
+# This script generates a list of testsuites that should be run as part of
+# the Samba 4 test suite.
+
+# The output of this script is parsed by selftest.pl, which then decides
+# which of the tests to actually run. It will, for example, skip all tests
+# listed in selftest/skip or only run a subset during "make quicktest".
+
+# The idea is that this script outputs all of the tests of Samba 4, not
+# just those that are known to pass, and list those that should be skipped
+# or are known to fail in selftest/skip or selftest/knownfail. This makes it
+# very easy to see what functionality is still missing in Samba 4 and makes
+# it possible to run the testsuite against other servers, such as Samba 3 or
+# Windows that have a different set of features.
+
+# The syntax for a testsuite is "-- TEST --" on a single line, followed
+# by the name of the test, the environment it needs and the command to run, all
+# three separated by newlines. All other lines in the output are considered
+# comments.
+
+import os
+import sys
+sys.path.insert(0, os.path.join(os.path.dirname(__file__), "../../selftest"))
+import selftesthelpers
+from selftesthelpers import bindir, srcdir, binpath, python
+from selftesthelpers import configuration, plantestsuite
+from selftesthelpers import planpythontestsuite, planperltestsuite
+from selftesthelpers import plantestsuite_loadlist
+from selftesthelpers import skiptestsuite, source4dir, valgrindify
+from selftesthelpers import smbtorture4_options, smbtorture4_testsuites
+from selftesthelpers import smbtorture4, samba3srcdir
+
+
+print("OPTIONS %s" % " ".join(smbtorture4_options), file=sys.stderr)
+
+
+def plansmbtorture4testsuite(name, env, options, modname=None, environ=None):
+    if environ is None:
+        environ = {}
+
+    return selftesthelpers.plansmbtorture4testsuite(name,
+                                                    env,
+                                                    options,
+                                                    target='samba4',
+                                                    modname=modname,
+                                                    environ=environ)
+
+
+samba4srcdir = source4dir()
+DSDB_PYTEST_DIR = os.path.join(samba4srcdir, "dsdb/tests/python/")
+subunitrun = valgrindify(python) + " " + os.path.join(samba4srcdir, "scripting/bin/subunitrun")
+
+
+def planoldpythontestsuite(env, module, name=None, extra_path=None, environ=None, extra_args=None):
+    if extra_path is None:
+        extra_path = []
+    if environ is None:
+        environ = {}
+    if extra_args is None:
+        extra_args = []
+    environ = dict(environ)
+    py_path = list(extra_path)
+    if py_path:
+        environ["PYTHONPATH"] = ":".join(["$PYTHONPATH"] + py_path)
+    args = ["%s=%s" % item for item in environ.items()]
+    args += [subunitrun, "$LISTOPT", "$LOADLIST", module]
+    args += extra_args
+    if name is None:
+        name = module
+    plantestsuite_loadlist(name, env, args)
+
+
+samba4bindir = bindir()
+validate = os.getenv("VALIDATE", "")
+if validate:
+    validate_list = [validate]
+else:
+    validate_list = []
+
+nmblookup4 = binpath('nmblookup4')
+smbclient4 = binpath('smbclient4')
+smbclient3 = binpath('smbclient')
+
+bbdir = os.path.join(srcdir(), "testprogs/blackbox")
+
+# alias to highlight what tests we want to run against a DC with SMBv1 disabled
+smbv1_disabled_testenv = "restoredc"
+
+all_fl_envs = ["fl2000dc", "fl2003dc", "fl2008dc", "fl2008r2dc"]
+
+# Simple tests for LDAP and CLDAP
+for auth_type in ['', '-k no', '-k yes']:
+    for auth_level in ['--option=clientldapsaslwrapping=plain', '--client-protection=sign', '--client-protection=encrypt']:
+        creds = '-U"$USERNAME%$PASSWORD"'
+        options = creds + ' ' + auth_type + ' ' + auth_level
+        plantestsuite("samba4.ldb.ldap with options %r(ad_dc_default)" % options, "ad_dc_default", "%s/test_ldb.sh ldap $SERVER %s" % (bbdir, options))
+
+# see if we support ADS on the Samba3 side
+try:
+    config_h = os.environ["CONFIG_H"]
+except KeyError:
+    config_h = os.path.join(samba4bindir, "default/include/config.h")
+
+# check available features
+config_hash = dict()
+f = open(config_h, 'r')
+try:
+    lines = f.readlines()
+    config_hash = dict((x[0], ' '.join(x[1:]))
+                       for x in map(lambda line: line.strip().split(' ')[1:],
+                                    list(filter(lambda line: (line[0:7] == '#define') and (len(line.split(' ')) > 2), lines))))
+finally:
+    f.close()
+
+have_heimdal_support = ("SAMBA4_USES_HEIMDAL" in config_hash)
+have_gnutls_fips_mode_support = ("HAVE_GNUTLS_FIPS_MODE_SUPPORTED" in config_hash)
+have_cluster_support = "CLUSTER_SUPPORT" in config_hash
+
+for options in ['-U"$USERNAME%$PASSWORD"']:
+    plantestsuite("samba4.ldb.ldaps with options %s(ad_dc_ntvfs)" % options, "ad_dc_ntvfs",
+                  "%s/test_ldb.sh ldaps $SERVER_IP %s" % (bbdir, options))
+
+creds_options = [
+    '--simple-bind-dn=$USERNAME@$REALM --password=$PASSWORD',
+]
+peer_options = {
+    'SERVER_IP': '$SERVER_IP',
+    'SERVER_NAME': '$SERVER',
+    'SERVER.REALM': '$SERVER.$REALM',
+}
+tls_verify_options = [
+    '--option="tlsverifypeer=no_check"',
+    '--option="tlsverifypeer=ca_only"',
+    '--option="tlsverifypeer=ca_and_name_if_available"',
+    '--option="tlsverifypeer=ca_and_name"',
+    '--option="tlsverifypeer=as_strict_as_possible"',
+]
+
+# we use :local for fl2008r2dc because of the self-signed certificate
+for env in ["ad_dc_ntvfs", "fl2008r2dc:local"]:
+    for peer_key in peer_options.keys():
+        peer_val = peer_options[peer_key]
+        for creds in creds_options:
+            for tls_verify in tls_verify_options:
+                options = creds + ' ' + tls_verify
+                plantestsuite("samba4.ldb.simple.ldaps with options %s %s(%s)" % (
+                              peer_key, options, env), env,
+                              "%s/test_ldb_simple.sh ldaps %s %s" % (bbdir, peer_val, options))
+
+# test all "ldap server require strong auth" combinations
+for env in ["ad_dc_ntvfs", "fl2008r2dc", "fl2003dc"]:
+    options = '--simple-bind-dn="$USERNAME@$REALM" --password="$PASSWORD"'
+    plantestsuite("samba4.ldb.simple.ldap with SIMPLE-BIND %s(%s)" % (options, env),
+                  env, "%s/test_ldb_simple.sh ldap $SERVER %s" % (bbdir, options))
+    options += ' --option="tlsverifypeer=no_check"'
+    plantestsuite("samba4.ldb.simple.ldaps with SIMPLE-BIND %s(%s)" % (options, env),
+                  env, "%s/test_ldb_simple.sh ldaps $SERVER %s" % (bbdir, options))
+
+    auth_options = [
+        '--option=clientldapsaslwrapping=plain',
+        '--client-protection=sign',
+        '--client-protection=encrypt',
+        '--use-kerberos=required --option=clientldapsaslwrapping=plain',
+        '--use-kerberos=required --client-protection=sign',
+        '--use-kerberos=required --client-protection=encrypt',
+        '--use-kerberos=disabled --option=clientldapsaslwrapping=plain',
+        '--use-kerberos=disabled --client-protection=sign --option=ntlmssp_client:ldap_style_send_seal=no',
+        '--use-kerberos=disabled --client-protection=sign',
+        '--use-kerberos=disabled --client-protection=encrypt',
+    ]
+
+    for auth_option in auth_options:
+        options = '-U"$USERNAME%$PASSWORD"' + ' ' + auth_option
+        plantestsuite("samba4.ldb.simple.ldap with SASL-BIND %s(%s)" % (options, env),
+                      env, "%s/test_ldb_simple.sh ldap $SERVER %s" % (bbdir, options))
+    options = '-U"$USERNAME%$PASSWORD" --option="tlsverifypeer=no_check"'
+    plantestsuite("samba4.ldb.simple.ldaps with SASL-BIND %s(%s)" % (options, env),
+                  env, "%s/test_ldb_simple.sh ldaps $SERVER %s" % (bbdir, options))
+
+envraw = "fl2008r2dc"
+env = "%s:local" % envraw
+plantestsuite("samba4.ldap_tls_reload(%s)" % (env), env,
+              "%s/test_ldap_tls_reload.sh $PREFIX_ABS $PREFIX_ABS/%s/private/tls $SERVER.$REALM" % (bbdir, envraw))
+
+for options in ['-U"$USERNAME%$PASSWORD"']:
+    plantestsuite("samba4.ldb.ldapi with options %s(ad_dc_ntvfs:local)" % options, "ad_dc_ntvfs:local",
+                  "%s/test_ldb.sh ldapi $PREFIX_ABS/ad_dc_ntvfs/private/ldapi %s" % (bbdir, options))
+
+for t in smbtorture4_testsuites("ldap."):
+    if t == "ldap.nested-search":
+        plansmbtorture4testsuite(t, "ad_dc_default_smb1", '-U"$USERNAME%$PASSWORD" //$SERVER_IP/_none_')
+    elif t == "ldap.session-expiry":
+        # This requires kerberos and thus the server name
+        plansmbtorture4testsuite(
+            t, "ad_dc_default", '-U"$USERNAME%$PASSWORD" //$DC_SERVER/_none_')
+    else:
+        plansmbtorture4testsuite(
+            t,
+            "ad_dc_default",
+            '-U"$USERNAME%$PASSWORD" //$SERVER_IP/_none_ -D "$USERNAME"@"$REALM"##"$PASSWORD"')
+
+for t in smbtorture4_testsuites("dsdb."):
+    plansmbtorture4testsuite(t, "ad_dc:local", "localhost")
+
+ldbdir = os.path.join(srcdir(), "lib/ldb")
+# Don't run LDB tests when using system ldb, as we won't have ldbtest installed
+if os.path.exists(os.path.join(samba4bindir, "ldbtest")):
+    plantestsuite("ldb.base", "none", "%s/tests/test-tdb-subunit.sh %s" % (ldbdir, samba4bindir))
+else:
+    skiptestsuite("ldb.base", "Using system LDB, ldbtest not available")
+
+plantestsuite_loadlist("samba4.tests.attr_from_server.python(ad_dc_ntvfs)",
+                       "ad_dc_ntvfs:local",
+                       [python, os.path.join(DSDB_PYTEST_DIR, "attr_from_server.py"),
+                        '$PREFIX_ABS/ad_dc_ntvfs/private/sam.ldb', '$LOADLIST', '$LISTOPT'])
+
+# Tests for RPC
+
+# add tests to this list as they start passing, so we test
+# that they stay passing
+ncacn_np_tests = ["rpc.schannel", "rpc.join", "rpc.lsa", "rpc.dssetup", "rpc.altercontext", "rpc.netlogon", "rpc.netlogon.admin", "rpc.handles", "rpc.samsync", "rpc.samba3-sessionkey", "rpc.samba3-getusername", "rpc.samba3-lsa", "rpc.samba3-bind", "rpc.samba3-netlogon", "rpc.asyncbind", "rpc.lsalookup", "rpc.lsa-getuser", "rpc.schannel2", "rpc.authcontext"]
+ncalrpc_tests = ["rpc.schannel", "rpc.join", "rpc.lsa", "rpc.dssetup", "rpc.altercontext", "rpc.netlogon", "rpc.netlogon.admin", "rpc.netlogon.zerologon", "rpc.asyncbind", "rpc.lsalookup", "rpc.lsa-getuser", "rpc.schannel2", "rpc.authcontext"]
+drs_rpc_tests = smbtorture4_testsuites("drs.rpc")
+ncacn_ip_tcp_tests = ["rpc.schannel", "rpc.join", "rpc.lsa", "rpc.dssetup", "rpc.drsuapi", "rpc.drsuapi_w2k8", "rpc.netlogon", "rpc.netlogon.admin", "rpc.netlogon.zerologon", "rpc.asyncbind", "rpc.lsalookup", "rpc.lsa-getuser", "rpc.schannel2", "rpc.authcontext", "rpc.samr.passwords.validate"] + drs_rpc_tests
+slow_ncacn_np_tests = ["rpc.samlogon",
+                       "rpc.samr",
+                       "rpc.samr.users",
+                       "rpc.samr.large-dc",
+                       "rpc.samr.users.privileges",
+                       "rpc.samr.passwords.default",
+                       "rpc.samr.passwords.pwdlastset",
+                       "rpc.samr.passwords.lockout",
+                       "rpc.samr.passwords.badpwdcount"]
+slow_ncacn_ip_tcp_tests = ["rpc.cracknames"]
+
+all_rpc_tests = ncalrpc_tests + ncacn_np_tests + ncacn_ip_tcp_tests + slow_ncacn_np_tests + slow_ncacn_ip_tcp_tests + ["rpc.lsa.secrets", "rpc.pac", "rpc.samba3-sharesec", "rpc.countcalls"]
+
+# Filter RPC tests that should not run against ad_dc_ntvfs
+rpc_s3only = [
+    "rpc.mdssvc",
+]
+rpc_fipsonly = [
+    "rpc.fips.netlogon.crypto",
+]
+rpc_exclude = rpc_s3only + rpc_fipsonly
+rpc_tests = [x for x in smbtorture4_testsuites("rpc.") if x not in rpc_exclude]
+auto_rpc_tests = list(filter(lambda t: t not in all_rpc_tests, rpc_tests))
+
+for bindoptions in ["seal,padcheck"] + validate_list + ["bigendian"]:
+    for transport in ["ncalrpc", "ncacn_np", "ncacn_ip_tcp"]:
+        env = "ad_dc_default"
+        local = ""
+        if transport == "ncalrpc":
+            tests = ncalrpc_tests
+            local = ":local"
+        elif transport == "ncacn_np":
+            tests = ncacn_np_tests
+        elif transport == "ncacn_ip_tcp":
+            tests = ncacn_ip_tcp_tests
+        else:
+            raise AssertionError("invalid transport %r" % transport)
+        for t in tests:
+            if t == "rpc.netlogon":
+                env = "ad_dc_ntvfs"
+            elif t == "rpc.join":
+                env = "ad_dc_default_smb1"
+            plansmbtorture4testsuite(t, env + local, ["%s:$SERVER[%s]" % (transport, bindoptions), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.%s on %s with %s" % (t, transport, bindoptions))
+        plansmbtorture4testsuite('rpc.samba3-sharesec', env + local, ["%s:$SERVER[%s]" % (transport, bindoptions), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--option=torture:share=tmp'], "samba4.rpc.samba3.sharesec on %s with %s" % (transport, bindoptions))
+
+# Plugin S4 DC tests (confirms named pipe auth forwarding).  This can be expanded once kerberos is supported in the plugin DC
+#
+for bindoptions in ["seal,padcheck"] + validate_list + ["bigendian"]:
+    for t in ncacn_np_tests:
+        env = "ad_dc"
+        transport = "ncacn_np"
+        if t in ["rpc.authcontext", "rpc.join"]:
+            env = "ad_dc_smb1"
+        plansmbtorture4testsuite(t, env, ["%s:$SERVER[%s]" % (transport, bindoptions), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.%s with %s" % (t, bindoptions))
+
+for bindoptions in [""] + validate_list + ["bigendian"]:
+    for t in auto_rpc_tests:
+        env = "ad_dc_default"
+        if t in ["rpc.srvsvc", "rpc.mgmt"]:
+            env = "ad_dc_ntvfs"
+        elif t == "rpc.join":
+            env = "ad_dc_default_smb1"
+        plansmbtorture4testsuite(t, env, ["$SERVER[%s]" % bindoptions, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.%s with %s" % (t, bindoptions))
+
+t = "rpc.countcalls"
+plansmbtorture4testsuite(t, "ad_dc_default:local", ["$SERVER[%s]" % bindoptions, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.%s" % t)
+
+for transport in ["ncacn_np", "ncacn_ip_tcp"]:
+    env = "ad_dc_slowtests"
+    if transport == "ncacn_np":
+        tests = slow_ncacn_np_tests
+    elif transport == "ncacn_ip_tcp":
+        tests = slow_ncacn_ip_tcp_tests
+    else:
+        raise AssertionError("Invalid transport %r" % transport)
+    for t in tests:
+        bindoptions = ''
+        if t == 'rpc.cracknames':
+            bindoptions = 'seal'
+        plansmbtorture4testsuite(t, env, ["%s:$SERVER[%s]" % (transport, bindoptions), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.%s on %s with %s" % (t, transport, bindoptions))
+
+# Tests for the DFS referral calls implementation
+for t in smbtorture4_testsuites("dfs."):
+    plansmbtorture4testsuite(t, "ad_dc_ntvfs", r'//$SERVER/ipc\$ -U$USERNAME%$PASSWORD')
+    plansmbtorture4testsuite(t, "ad_dc_smb1", r'//$SERVER/ipc\$ -U$USERNAME%$PASSWORD')
+
+# Tests for the NET API (net.api.become.dc tested below against all the roles)
+net_tests = list(filter(lambda x: "net.api.become.dc" not in x, smbtorture4_testsuites("net.")))
+for t in net_tests:
+    plansmbtorture4testsuite(t, "ad_dc_default", '$SERVER[%s] -U$USERNAME%%$PASSWORD -W$DOMAIN' % validate)
+
+# Tests for session keys and encryption of RPC pipes
+# FIXME: Integrate these into a single smbtorture test
+
+transport = "ncacn_np"
+for env in ["ad_dc_default", "nt4_dc"]:
+    for ntlmoptions in [
+        "-k no --option=clientusespnego=yes",
+        "-k no --option=clientusespnego=yes --option=ntlmssp_client:128bit=no",
+        "-k no --option=clientusespnego=yes --option=ntlmssp_client:56bit=yes",
+        "-k no --option=clientusespnego=yes --option=ntlmssp_client:56bit=no",
+        "-k no --option=clientusespnego=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes",
+        "-k no --option=clientusespnego=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=no",
+        "-k no --option=clientusespnego=yes --option=clientntlmv2auth=yes",
+        "-k no --option=clientusespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no",
+        "-k no --option=clientusespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes",
+        "-k no --option=clientusespnego=no --option=clientntlmv2auth=yes",
+        "-k no --option=gensec:spnego=no --option=clientntlmv2auth=yes",
+        "-k no --option=clientusespnego=no"]:
+        name = "rpc.lsa.secrets on %s with with %s" % (transport, ntlmoptions)
+        plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[]" % (transport), ntlmoptions, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--option=gensec:target_hostname=$NETBIOSNAME'], "samba4.%s" % name)
+    plantestsuite("samba.blackbox.pdbtest(%s)" % env, "%s:local" % env, [os.path.join(bbdir, "test_pdbtest.sh"), '$SERVER', "$PREFIX", "pdbtest", smbclient3, '$SMB_CONF_PATH', configuration])
+
+gpo = smbtorture4_testsuites("gpo.")
+for t in gpo:
+    plansmbtorture4testsuite(t, 'ad_dc:local', ['//$SERVER/sysvol', '-U$USERNAME%$PASSWORD'])
+
+transports = ["ncacn_np", "ncacn_ip_tcp"]
+
+# Kerberos varies between functional levels, so it is important to check this on all of them
+for env in all_fl_envs:
+    transport = "ncacn_np"
+    plansmbtorture4testsuite('rpc.pac', env, ["%s:$SERVER[]" % (transport, ), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.pac on %s" % (transport,))
+    plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[]" % (transport, ), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--option=gensec:target_hostname=$NETBIOSNAME', 'rpc.lsa.secrets'], "samba4.rpc.lsa.secrets on %s with Kerberos" % (transport,))
+    plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[]" % (transport, ), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', "--option=clientusespnegoprincipal=yes", '--option=gensec:target_hostname=$NETBIOSNAME'], "samba4.rpc.lsa.secrets on %s with Kerberos - use target principal" % (transport,))
+    plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[target_principal=dcom/$NETBIOSNAME]" % (transport, ), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.lsa.secrets on %s with Kerberos - netbios name principal dcom" % (transport,))
+    plansmbtorture4testsuite('rpc.lsa.secrets', env, [r"%s:$SERVER[target_principal=$NETBIOSNAME\$]" % (transport, ), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.lsa.secrets on %s with Kerberos - netbios name principal dollar" % (transport,))
+    plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[target_principal=$NETBIOSNAME]" % (transport, ), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.lsa.secrets on %s with Kerberos - netbios name principal" % (transport,))
+    plansmbtorture4testsuite('rpc.lsa.secrets.none*', env, ["%s:$SERVER" % transport, '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', "--option=gensec:fake_gssapi_krb5=yes", '--option=gensec:gssapi_krb5=no', '--option=gensec:target_hostname=$NETBIOSNAME'], "samba4.rpc.lsa.secrets on %s with Kerberos - use Samba3 style login" % transport)
+    plansmbtorture4testsuite('rpc.lsa.secrets.none*', env, ["%s:$SERVER" % transport, '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', "--option=gensec:fake_gssapi_krb5=yes", '--option=gensec:gssapi_krb5=no', '--option=gensec:target_hostname=$NETBIOSNAME', '--option=gensec_krb5:send_authenticator_checksum=false'], "samba4.rpc.lsa.secrets on %s with Kerberos - use raw-krb5-no-authenticator-checksum style login" % transport)
+    plansmbtorture4testsuite('rpc.lsa.secrets.none*', env, ["%s:$SERVER" % transport, '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', "--option=clientusespnegoprincipal=yes", '--option=gensec:fake_gssapi_krb5=yes', '--option=gensec:gssapi_krb5=no', '--option=gensec:target_hostname=$NETBIOSNAME'], "samba4.rpc.lsa.secrets on %s with Kerberos - use Samba3 style login, use target principal" % transport)
+
+    # Winreg tests test bulk Kerberos encryption of DCE/RPC
+    # We test rpc.winreg here too, because the winreg interface if
+    # handled by the source3/rpc_server code.
+    for bindoptions in ["connect", "packet", "krb5", "krb5,packet", "krb5,sign", "krb5,seal", "spnego", "spnego,packet", "spnego,sign", "spnego,seal"]:
+        plansmbtorture4testsuite('rpc.winreg', env, ["%s:$SERVER[%s]" % (transport, bindoptions), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.winreg on %s with %s" % (transport, bindoptions))
+
+    for transport in transports:
+        plansmbtorture4testsuite('rpc.echo', env, ["%s:$SERVER[]" % (transport,), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.echo on %s" % (transport, ))
+
+        # Echo tests test bulk Kerberos encryption of DCE/RPC
+        for bindoptions in ["connect", "krb5", "krb5,sign", "krb5,seal", "spnego", "spnego,sign", "spnego,seal"] + validate_list + ["padcheck", "bigendian", "bigendian,seal"]:
+            echooptions = "--option=socket:testnonblock=True --option=torture:quick=yes -k yes"
+            plansmbtorture4testsuite('rpc.echo', env, ["%s:$SERVER[%s]" % (transport, bindoptions), echooptions, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.echo on %s with %s and %s" % (transport, bindoptions, echooptions))
+
+for env in ["fl2000dc", "fl2008r2dc"]:
+    plansmbtorture4testsuite("net.api.become.dc", env, '$SERVER[%s] -U$USERNAME%%$PASSWORD -W$DOMAIN' % validate)
+
+for bindoptions in ["sign", "seal"]:
+    plansmbtorture4testsuite('rpc.backupkey', "ad_dc_default", ["ncacn_np:$SERVER[%s]" % (bindoptions), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.backupkey with %s" % (bindoptions))
+
+for transport in transports:
+    for bindoptions in ["sign", "seal"]:
+        for ntlmoptions in [
+            "--option=ntlmssp_client:ntlm2=yes --option=torture:quick=yes",
+            "--option=ntlmssp_client:ntlm2=no --option=torture:quick=yes",
+            "--option=ntlmssp_client:ntlm2=yes --option=ntlmssp_client:128bit=no --option=torture:quick=yes",
+            "--option=ntlmssp_client:ntlm2=no --option=ntlmssp_client:128bit=no --option=torture:quick=yes",
+            "--option=ntlmssp_client:ntlm2=yes --option=ntlmssp_client:keyexchange=no --option=torture:quick=yes",
+            "--option=ntlmssp_client:ntlm2=no --option=ntlmssp_client:keyexchange=no --option=torture:quick=yes",
+            "--option=clientntlmv2auth=yes --option=ntlmssp_client:keyexchange=no --option=torture:quick=yes",
+            "--option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:keyexchange=yes --option=torture:quick=yes",
+            "--option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:keyexchange=no --option=torture:quick=yes"]:
+            if transport == "ncalrpc":
+                env = "ad_dc_default:local"
+            else:
+                env = "ad_dc_default"
+            plansmbtorture4testsuite('rpc.echo', env, ["%s:$SERVER[%s]" % (transport, bindoptions), ntlmoptions, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.echo on %s with %s and %s" % (transport, bindoptions, ntlmoptions))
+
+plansmbtorture4testsuite('rpc.echo', "ad_dc_default", ['ncacn_np:$SERVER[smb2]', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.echo on ncacn_np over smb2")
+for env in ["ad_dc", "nt4_dc"]:
+    plansmbtorture4testsuite('rpc.echo', env, ['60a15ec5-4de8-11d7-a637-005056a20182@ncacn_np:$SERVER[]', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--option=torture:quick=yes'], "samba4.rpc.echo on ncacn_np with object")
+    plansmbtorture4testsuite('rpc.echo', env, ['60a15ec5-4de8-11d7-a637-005056a20182@ncacn_ip_tcp:$SERVER[]', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--option=torture:quick=yes'], "samba4.rpc.echo on ncacn_ip_tcp with object")
+
+plansmbtorture4testsuite('ntp.signd', "ad_dc_default:local", ['ncacn_np:$SERVER', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.ntp.signd")
+
+nbt_tests = smbtorture4_testsuites("nbt.")
+for t in nbt_tests:
+    plansmbtorture4testsuite(t, "ad_dc_ntvfs", "//$SERVER/_none_ -U\"$USERNAME%$PASSWORD\"")
+
+# Tests against the NTVFS POSIX backend
+ntvfsargs = ["--option=torture:sharedelay=100000", "--option=torture:oplocktimeout=3", "--option=torture:writetimeupdatedelay=500000"]
+
+# Filter smb2 tests that should not run against ad_dc_ntvfs
+smb2_s3only = [
+    "smb2.change_notify_disabled",
+    "smb2.dosmode",
+    "smb2.credits",
+    "smb2.kernel-oplocks",
+    "smb2.durable-v2-delay",
+    "smb2.aio_delay",
+    "smb2.fileid",
+    "smb2.timestamps",
+    "smb2.async_dosmode",
+    "smb2.twrp",
+    "smb2.ea",
+    "smb2.create_no_streams",
+]
+smb2 = [x for x in smbtorture4_testsuites("smb2.") if x not in smb2_s3only]
+
+# The QFILEINFO-IPC test needs to be on ipc$
+raw = list(filter(lambda x: "raw.qfileinfo.ipc" not in x, smbtorture4_testsuites("raw.")))
+base = smbtorture4_testsuites("base.")
+
+netapi = smbtorture4_testsuites("netapi.")
+
+for t in base + raw + smb2 + netapi:
+    plansmbtorture4testsuite(t, "ad_dc_ntvfs", ['//$SERVER/tmp', '-U$USERNAME%$PASSWORD'] + ntvfsargs)
+
+libsmbclient = smbtorture4_testsuites("libsmbclient.")
+protocols = [ 'NT1', 'SMB3' ]
+for t in libsmbclient:
+    url = "smb://$USERNAME:$PASSWORD@$SERVER/tmp"
+    if t == "libsmbclient.list_shares":
+        url = "smb://$USERNAME:$PASSWORD@$SERVER"
+    if t == "libsmbclient.utimes":
+        url += "/utimes.txt"
+
+    libsmbclient_testargs = [
+        '//$SERVER/tmp',
+        '-U$USERNAME%$PASSWORD',
+        "--option=torture:smburl=" + url,
+        "--option=torture:replace_smbconf="
+        "%s/testdata/samba3/smb_new.conf" % srcdir()
+        ]
+
+    for proto in protocols:
+        plansmbtorture4testsuite(
+            t,
+            "nt4_dc" if proto == "SMB3" else "nt4_dc_smb1_done",
+            libsmbclient_testargs +
+            [ "--option=torture:clientprotocol=%s" % proto],
+            "samba4.%s.%s" % (t, proto))
+
+url = "smb://baduser:invalidpw@$SERVER/tmpguest"
+t = "libsmbclient.noanon_list"
+libsmbclient_testargs = [
+    '//$SERVER/tmpguest',
+    '-U$USERNAME%$PASSWORD',
+    "--option=torture:smburl=" + url,
+    "--option=torture:replace_smbconf="
+    "%s/testdata/samba3/smb_new.conf" % srcdir()
+    ]
+for proto in protocols:
+    plansmbtorture4testsuite(t,
+        "maptoguest",
+        libsmbclient_testargs +
+        [ "--option=torture:clientprotocol=%s" % proto],
+        "samba4.%s.baduser.%s" % (t, proto))
+
+plansmbtorture4testsuite("raw.qfileinfo.ipc", "ad_dc_ntvfs", r'//$SERVER/ipc\$ -U$USERNAME%$PASSWORD')
+
+for t in smbtorture4_testsuites("rap."):
+    plansmbtorture4testsuite(t, "ad_dc_ntvfs", r'//$SERVER/IPC\$ -U$USERNAME%$PASSWORD')
+
+# Tests against the NTVFS CIFS backend
+for t in base + raw:
+    plansmbtorture4testsuite(t, "ad_dc_ntvfs", ['//$NETBIOSNAME/cifs', '-U$USERNAME%$PASSWORD', '--kerberos=yes'] + ntvfsargs, modname="samba4.ntvfs.cifs.krb5.%s" % t)
+
+# Test NTVFS CIFS backend with S4U2Self and S4U2Proxy
+t = "base.unlink"
+plansmbtorture4testsuite(t, "ad_dc_ntvfs", ['//$NETBIOSNAME/cifs', '-U$USERNAME%$PASSWORD', '--kerberos=no'] + ntvfsargs, "samba4.ntvfs.cifs.ntlm.%s" % t)
+plansmbtorture4testsuite(t, "rpc_proxy", ['//$NETBIOSNAME/cifs_to_dc', '-U$DC_USERNAME%$DC_PASSWORD', '--kerberos=yes'] + ntvfsargs, "samba4.ntvfs.cifs.krb5.%s" % t)
+plansmbtorture4testsuite(t, "rpc_proxy", ['//$NETBIOSNAME/cifs_to_dc', '-U$DC_USERNAME%$DC_PASSWORD', '--kerberos=no'] + ntvfsargs, "samba4.ntvfs.cifs.ntlm.%s" % t)
+
+plansmbtorture4testsuite('echo.udp', 'ad_dc_ntvfs:local', '//$SERVER/whatever')
+
+# Local tests
+for t in smbtorture4_testsuites("local."):
+    # The local.resolve test needs a name to look up using real system (not emulated) name routines
+    plansmbtorture4testsuite(t, "none", "ncalrpc:localhost")
+
+# Confirm these tests with the system iconv too
+for t in ["local.convert_string_handle", "local.convert_string", "local.ndr"]:
+    options = "ncalrpc: --option='iconv:use_builtin_handlers=false'"
+    plansmbtorture4testsuite(t, "none", options,
+                             modname="samba4.%s.system.iconv" % t)
+
+tdbtorture4 = binpath("tdbtorture")
+if os.path.exists(tdbtorture4):
+    plantestsuite("tdb.stress", "none", valgrindify(tdbtorture4))
+else:
+    skiptestsuite("tdb.stress", "Using system TDB, tdbtorture not available")
+
+plansmbtorture4testsuite("drs.unit", "none", "ncalrpc:")
+
+# Pidl tests
+for f in sorted(os.listdir(os.path.join(samba4srcdir, "../pidl/tests"))):
+    if f.endswith(".pl"):
+        planperltestsuite("pidl.%s" % f[:-3], os.path.normpath(os.path.join(samba4srcdir, "../pidl/tests", f)))
+
+# DNS tests
+plantestsuite_loadlist("samba.tests.dns", "fl2003dc:local", [python, os.path.join(srcdir(), "python/samba/tests/dns.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
+plantestsuite_loadlist("samba.tests.dns", "rodc:local", [python, os.path.join(srcdir(), "python/samba/tests/dns.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
+plantestsuite_loadlist("samba.tests.dns", "vampire_dc:local", [python, os.path.join(srcdir(), "python/samba/tests/dns.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
+
+plantestsuite_loadlist("samba.tests.dns_aging", "fl2003dc:local",
+                       [python,
+                        f"{srcdir()}/python/samba/tests/dns_aging.py",
+                        '$SERVER',
+                        '$SERVER_IP',
+                        '--machine-pass',
+                        '-U"$USERNAME%$PASSWORD"',
+                        '--workgroup=$DOMAIN',
+                        '$LOADLIST', '$LISTOPT'])
+
+plantestsuite_loadlist("samba.tests.dns_forwarder", "fl2003dc:local", [python, os.path.join(srcdir(), "python/samba/tests/dns_forwarder.py"), '$SERVER', '$SERVER_IP', '$DNS_FORWARDER1', '$DNS_FORWARDER2', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
+
+plantestsuite_loadlist("samba.tests.dns_tkey", "fl2008r2dc", [python, os.path.join(srcdir(), "python/samba/tests/dns_tkey.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
+plantestsuite_loadlist("samba.tests.dns_wildcard", "ad_dc", [python, os.path.join(srcdir(), "python/samba/tests/dns_wildcard.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
+
+plantestsuite_loadlist("samba.tests.dns_invalid", "ad_dc", [python, os.path.join(srcdir(), "python/samba/tests/dns_invalid.py"), '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
+
+plantestsuite_loadlist("samba.tests.dns_packet",
+                       "ad_dc",
+                       [python,
+                        '-msamba.subunit.run',
+                        '$LOADLIST',
+                        "$LISTOPT"
+                        "samba.tests.dns_packet"
+                       ])
+
+plantestsuite_loadlist("samba.tests.sddl",
+                       "none",
+                       [python,
+                        '-msamba.subunit.run',
+                        '$LOADLIST',
+                        "$LISTOPT"
+                        "samba.tests.sddl"
+                       ])
+
+plantestsuite_loadlist("samba.tests.sddl_conditional_ace",
+                       "none",
+                       [python,
+                        '-msamba.subunit.run',
+                        '$LOADLIST',
+                        "$LISTOPT"
+                        "samba.tests.sddl_conditional_ace"
+                       ])
+
+for t in smbtorture4_testsuites("dns_internal."):
+    plansmbtorture4testsuite(t, "ad_dc_default:local", '//$SERVER/whavever')
+
+# Local tests
+for t in smbtorture4_testsuites("dlz_bind9."):
+    # The dlz_bind9 tests needs to look at the DNS database
+    plansmbtorture4testsuite(t, "chgdcpass:local", ["ncalrpc:$SERVER", '-U$USERNAME%$PASSWORD'])
+
+planpythontestsuite("fileserver_smb1", "samba.tests.libsmb-basic")
+
+planpythontestsuite("ad_member", "samba.tests.smb-notify",
+                    environ={'USERNAME':'$DC_USERNAME',
+                             'PASSWORD':'$DC_PASSWORD',
+                             'USERNAME_UNPRIV':'alice',
+                             'PASSWORD_UNPRIV':'Secret007',
+                             'STRICT_CHECKING':'0',
+                             'NOTIFY_SHARE':'notify_priv'})
+
+# Blackbox Tests:
+# tests that interact directly with the command-line tools rather than using
+# the API. These mainly test that the various command-line options of commands
+# work correctly.
+
+# smbtorture --fullname parameter test
+plantestsuite("samba4.blackbox.smbtorture_subunit_names", "none",
+              [
+                 os.path.join(bbdir, "test_smbtorture_test_names.sh"),
+                 smbtorture4
+              ])
+
+for env in ["ad_member", "ad_dc_ntvfs", "chgdcpass"]:
+    plantestsuite("samba4.blackbox.smbclient(%s:local)" % env, "%s:local" % env, [os.path.join(samba4srcdir, "utils/tests/test_smbclient.sh"), '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$DOMAIN', smbclient4])
+
+plantestsuite("samba4.blackbox.samba_tool(ad_dc_default:local)", "ad_dc_default:local", [os.path.join(samba4srcdir, "utils/tests/test_samba_tool.sh"), '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$DOMAIN', smbclient3])
+plantestsuite("samba4.blackbox.net_rpc_user(ad_dc)", "ad_dc", [os.path.join(bbdir, "test_net_rpc_user.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN'])
+
+plantestsuite("samba4.blackbox.test_primary_group", "ad_dc:local", [os.path.join(bbdir, "test_primary_group.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', '$PREFIX_ABS'])
+
+plantestsuite("samba4.blackbox.test_alias_membership", "ad_member_idmap_rid:local", [os.path.join(bbdir, "test_alias_membership.sh"), '$PREFIX_ABS'])
+
+plantestsuite("samba4.blackbox.test_old_enctypes", "fl2003dc:local", [os.path.join(bbdir, "test_old_enctypes.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$NETBIOSNAME', '$PREFIX_ABS'])
+
+planpythontestsuite("ad_dc_default", "samba.tests.blackbox.claims")
+
+if have_heimdal_support:
+    plantestsuite("samba4.blackbox.kpasswd",
+                  "ad_dc:local",
+                  [
+                      os.path.join(bbdir, "test_kpasswd_heimdal.sh"),
+                      '$SERVER',
+                      '$USERNAME',
+                      '$PASSWORD',
+                      '$REALM',
+                      '$DOMAIN',
+                      "$PREFIX",
+                      configuration
+                  ])
+    plantestsuite("samba4.blackbox.krb5.s4u",
+                  "fl2008r2dc:local",
+                  [
+                      os.path.join(bbdir, "test_s4u_heimdal.sh"),
+                      '$SERVER',
+                      '$USERNAME',
+                      '$PASSWORD',
+                      '$REALM',
+                      '$DOMAIN',
+                      '$TRUST_SERVER',
+                      '$TRUST_USERNAME',
+                      '$TRUST_PASSWORD',
+                      '$TRUST_REALM',
+                      '$TRUST_DOMAIN',
+                      '$PREFIX',
+                      configuration
+                  ])
+else:
+    plantestsuite("samba4.blackbox.kpasswd",
+                  "ad_dc:local",
+                  [
+                      os.path.join(bbdir, "test_kpasswd_mit.sh"),
+                      '$SERVER',
+                      '$USERNAME',
+                      '$PASSWORD',
+                      '$REALM',
+                      '$DOMAIN',
+                      "$PREFIX",
+                      configuration
+                  ])
+
+plantestsuite("samba4.blackbox.kinit_simple",
+              "ad_dc:local",
+              [
+                  os.path.join(bbdir, "test_kinit.sh"),
+                  '$SERVER',
+                  '$USERNAME',
+                  '$PASSWORD',
+                  '$REALM',
+                  '$DOMAIN',
+                  '$PREFIX',
+                  smbclient3,
+                  configuration
+              ])
+plantestsuite("samba4.blackbox.kinit_simple",
+              "fl2000dc:local",
+              [
+                  os.path.join(bbdir, "test_kinit.sh"),
+                  '$SERVER',
+                  '$USERNAME',
+                  '$PASSWORD',
+                  '$REALM',
+                  '$DOMAIN',
+                  '$PREFIX',
+                  smbclient3,
+                  configuration
+              ])
+plantestsuite("samba4.blackbox.kinit_simple",
+              "fl2008r2dc:local",
+              [
+                  os.path.join(bbdir, "test_kinit.sh"),
+                  '$SERVER',
+                  '$USERNAME',
+                  '$PASSWORD',
+                  '$REALM',
+                  '$DOMAIN',
+                  '$PREFIX',
+                  smbclient3,
+                  configuration
+              ])
+
+
+plantestsuite("samba4.blackbox.kinit_trust",
+              "fl2008r2dc:local",
+              [
+                  os.path.join(bbdir, "test_kinit_trusts.sh"),
+                  '$SERVER',
+                  '$USERNAME',
+                  '$PASSWORD',
+                  '$REALM',
+                  '$DOMAIN',
+                  '$TRUST_SERVER',
+                  '$TRUST_USERNAME',
+                  '$TRUST_PASSWORD',
+                  '$TRUST_REALM',
+                  '$TRUST_DOMAIN',
+                  '$PREFIX',
+                  "forest",
+                  configuration
+              ])
+plantestsuite("samba4.blackbox.kinit_trust",
+              "fl2003dc:local",
+              [
+                  os.path.join(bbdir, "test_kinit_trusts.sh"),
+                  '$SERVER',
+                  '$USERNAME',
+                  '$PASSWORD',
+                  '$REALM',
+                  '$DOMAIN',
+                  '$TRUST_SERVER',
+                  '$TRUST_USERNAME',
+                  '$TRUST_PASSWORD',
+                  '$TRUST_REALM',
+                  '$TRUST_DOMAIN',
+                  '$PREFIX',
+                  "external",
+                  configuration
+              ])
+plantestsuite("samba4.blackbox.kinit_trust",
+              "fl2000dc:local",
+              [
+                  os.path.join(bbdir, "test_kinit_trusts.sh"),
+                  '$SERVER',
+                  '$USERNAME',
+                  '$PASSWORD',
+                  '$REALM',
+                  '$DOMAIN',
+                  '$TRUST_SERVER',
+                  '$TRUST_USERNAME',
+                  '$TRUST_PASSWORD',
+                  '$TRUST_REALM',
+                  '$TRUST_DOMAIN',
+                  '$PREFIX',
+                  "external",
+                  configuration
+              ])
+
+plantestsuite("samba4.blackbox.kinit.export.keytab",
+              "ad_dc:local",
+              [
+                  os.path.join(bbdir, "test_kinit_export_keytab.sh"),
+                  '$SERVER',
+                  '$USERNAME',
+                  '$REALM',
+                  '$DOMAIN',
+                  "$PREFIX",
+                  smbclient3,
+                  configuration
+              ])
+
+plantestsuite("samba4.blackbox.pkinit_simple",
+              "ad_dc:local",
+              [os.path.join(bbdir, "test_pkinit_simple.sh"),
+               '$SERVER',
+               'pkinit',
+               '$PASSWORD',
+               '$REALM',
+               '$DOMAIN',
+               '$PREFIX/ad_dc',
+               smbclient3,
+               configuration])
+plantestsuite("samba4.blackbox.pkinit_pac",
+              "ad_dc:local",
+              [os.path.join(bbdir, "test_pkinit_pac.sh"),
+               '$SERVER',
+               '$USERNAME',
+               '$PASSWORD',
+               '$REALM',
+               '$DOMAIN',
+               '$PREFIX/ad_dc',
+               configuration])
+
+plantestsuite("samba.blackbox.client_kerberos", "ad_dc", [os.path.join(bbdir, "test_client_kerberos.sh"), '$DOMAIN', '$REALM', '$USERNAME', '$PASSWORD', '$SERVER', '$PREFIX_ABS', '$SMB_CONF_PATH'])
+
+env="ad_member:local"
+plantestsuite("samba.blackbox.rpcclient_schannel",
+              env,
+              [os.path.join(bbdir, "test_rpcclient_schannel.sh"),
+               '$DOMAIN',
+               '$REALM',
+               '$DC_USERNAME',
+               '$DC_PASSWORD',
+               '$DC_SERVER',
+               '$PREFIX_ABS',
+               '$SMB_CONF_PATH',
+               env])
+env="ad_member_fips:local"
+plantestsuite("samba.blackbox.rpcclient_schannel",
+              env,
+              [os.path.join(bbdir, "test_rpcclient_schannel.sh"),
+               '$DOMAIN',
+               '$REALM',
+               '$DC_USERNAME',
+               '$DC_PASSWORD',
+               '$DC_SERVER',
+               '$PREFIX_ABS',
+               '$SMB_CONF_PATH',
+               env],
+              environ={'GNUTLS_FORCE_FIPS_MODE': '1',
+                       'OPENSSL_FORCE_FIPS_MODE': '1'})
+
+plantestsuite("samba4.blackbox.trust_ntlm", "fl2008r2dc:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', 'forest', 'auto', 'NT_STATUS_LOGON_FAILURE'])
+plantestsuite("samba4.blackbox.trust_ntlm", "fl2003dc:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', 'external', 'auto', 'NT_STATUS_LOGON_FAILURE'])
+plantestsuite("samba4.blackbox.trust_ntlm", "fl2000dc:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', 'external', 'auto', 'NT_STATUS_LOGON_FAILURE'])
+plantestsuite("samba4.blackbox.trust_ntlm", "ad_member:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$SERVER', '$SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$REALM', '$DOMAIN', 'member', 'auto', 'NT_STATUS_LOGON_FAILURE'])
+plantestsuite("samba4.blackbox.trust_ntlm", "nt4_member:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$SERVER', '$SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$DOMAIN', '$DOMAIN', 'member', 'auto', 'NT_STATUS_LOGON_FAILURE'])
+
+plantestsuite("samba4.blackbox.trust_utils(fl2008r2dc:local)", "fl2008r2dc:local", [os.path.join(bbdir, "test_trust_utils.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "forest"])
+plantestsuite("samba4.blackbox.trust_utils(fl2003dc:local)", "fl2003dc:local", [os.path.join(bbdir, "test_trust_utils.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "external"])
+plantestsuite("samba4.blackbox.trust_utils(fl2000dc:local)", "fl2000dc:local", [os.path.join(bbdir, "test_trust_utils.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "external"])
+plantestsuite("samba4.blackbox.trust_token", "fl2008r2dc", [os.path.join(bbdir, "test_trust_token.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$DOMSID', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$TRUST_DOMSID', 'forest'])
+plantestsuite("samba4.blackbox.trust_token", "fl2003dc", [os.path.join(bbdir, "test_trust_token.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$DOMSID', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$TRUST_DOMSID', 'external'])
+plantestsuite("samba4.blackbox.trust_token", "fl2000dc", [os.path.join(bbdir, "test_trust_token.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$DOMSID', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$TRUST_DOMSID', 'external'])
+plantestsuite("samba4.blackbox.ktpass(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(bbdir, "test_ktpass.sh"), '$PREFIX/ad_dc_ntvfs'])
+plantestsuite("samba4.blackbox.password_settings",
+              "ad_dc:local",
+              [
+                  os.path.join(bbdir, "test_password_settings.sh"),
+                  '$SERVER',
+                  '$USERNAME',
+                  '$PASSWORD',
+                  '$REALM',
+                  '$DOMAIN',
+                  "$PREFIX",
+                  configuration
+              ])
+plantestsuite("samba4.blackbox.trust_user_account", "fl2008r2dc:local", [os.path.join(bbdir, "test_trust_user_account.sh"), '$PREFIX', '$REALM', '$DOMAIN', '$TRUST_REALM', '$TRUST_DOMAIN'])
+plantestsuite("samba4.blackbox.cifsdd(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "client/tests/test_cifsdd.sh"), '$SERVER', '$USERNAME', '$PASSWORD', "$DOMAIN"])
+plantestsuite("samba4.blackbox.nmblookup(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "utils/tests/test_nmblookup.sh"), '$NETBIOSNAME', '$NETBIOSALIAS', '$SERVER', '$SERVER_IP', nmblookup4])
+plantestsuite("samba4.blackbox.locktest(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "torture/tests/test_locktest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', '$PREFIX'])
+plantestsuite("samba4.blackbox.masktest", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "torture/tests/test_masktest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', '$PREFIX'])
+plantestsuite("samba4.blackbox.gentest(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.join(samba4srcdir, "torture/tests/test_gentest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', "$PREFIX"])
+plantestsuite("samba4.blackbox.rfc2307_mapping",
+              "ad_dc:local",
+              [
+                  os.path.join(samba4srcdir,
+                               "../nsswitch/tests/test_rfc2307_mapping.sh"),
+                  '$DOMAIN',
+                  '$USERNAME',
+                  '$PASSWORD',
+                  "$SERVER",
+                  "$UID_RFC2307TEST",
+                  "$GID_RFC2307TEST",
+                  configuration
+              ])
+plantestsuite("samba4.blackbox.chgdcpass", "chgdcpass", [os.path.join(bbdir, "test_chgdcpass.sh"), '$SERVER', r"CHGDCPASS\$", '$REALM', '$DOMAIN', '$PREFIX/chgdcpass', "aes256-cts-hmac-sha1-96", '$PREFIX/chgdcpass', smbclient3])
+plantestsuite("samba4.blackbox.samba_upgradedns(chgdcpass:local)", "chgdcpass:local", [os.path.join(bbdir, "test_samba_upgradedns.sh"), '$SERVER', '$REALM', '$PREFIX', '$SELFTEST_PREFIX/chgdcpass'])
+plantestsuite("samba4.blackbox.net_ads", "ad_dc:client", [os.path.join(bbdir, "test_net_ads.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS'])
+plantestsuite("samba4.blackbox.net_offlinejoin", "ad_dc:client", [os.path.join(bbdir, "test_net_offline.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS'])
+plantestsuite("samba4.blackbox.client_etypes_all(ad_dc:client)", "ad_dc:client", [os.path.join(bbdir, "test_client_etypes.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS', 'all', '17_18_23'])
+plantestsuite("samba4.blackbox.client_etypes_legacy(ad_dc:client)", "ad_dc:client", [os.path.join(bbdir, "test_client_etypes.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS', 'legacy', '23'])
+plantestsuite("samba4.blackbox.client_etypes_strong(ad_dc:client)", "ad_dc:client", [os.path.join(bbdir, "test_client_etypes.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS', 'strong', '17_18'])
+plantestsuite("samba4.blackbox.net_ads_dns(ad_member:local)", "ad_member:local", [os.path.join(bbdir, "test_net_ads_dns.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$REALM', '$USERNAME', '$PASSWORD'])
+plantestsuite("samba4.blackbox.samba-tool_ntacl(ad_member:local)", "ad_member:local", [os.path.join(bbdir, "test_samba-tool_ntacl.sh"), '$PREFIX', '$DOMSID', configuration])
+
+env = "ad_member:local"
+plantestsuite("samba4.blackbox.net_ads_search_server_P.primary", env,
+              [os.path.join(bbdir, "test_net_ads_search_server.sh"),
+              '$DC_SERVER', '$REALM'])
+plantestsuite("samba4.blackbox.net_ads_search_server_P.trust_e_both", env,
+              [os.path.join(bbdir, "test_net_ads_search_server.sh"),
+              '$TRUST_E_BOTH_SERVER', '$TRUST_E_BOTH_REALM'])
+plantestsuite("samba4.blackbox.net_ads_search_server_P.trust_f_both", env,
+              [os.path.join(bbdir, "test_net_ads_search_server.sh"),
+              '$TRUST_F_BOTH_SERVER', '$TRUST_F_BOTH_REALM'])
+
+if have_gnutls_fips_mode_support:
+    plantestsuite("samba4.blackbox.weak_crypto.client", "ad_dc", [os.path.join(bbdir, "test_weak_crypto.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', "$PREFIX/ad_dc"])
+    plantestsuite("samba4.blackbox.test_weak_disable_ntlmssp_ldap", "ad_member:local", [os.path.join(bbdir, "test_weak_disable_ntlmssp_ldap.sh"),'$DC_USERNAME', '$DC_PASSWORD'])
+
+    for env in ["ad_dc_fips", "ad_member_fips"]:
+        plantestsuite("samba4.blackbox.weak_crypto.server",
+                      env,
+                      [os.path.join(bbdir, "test_weak_crypto_server.sh"),
+                       '$SERVER',
+                       '$USERNAME',
+                       '$PASSWORD',
+                       '$REALM',
+                       '$DOMAIN',
+                       "$PREFIX/ad_dc_fips",
+                       configuration],
+                      environ={'GNUTLS_FORCE_FIPS_MODE': '1',
+                               'OPENSSL_FORCE_FIPS_MODE': '1'})
+
+    plantestsuite("samba4.blackbox.net_ads_fips",
+                  "ad_dc_fips:client",
+                  [os.path.join(bbdir, "test_net_ads_fips.sh"),
+                   '$DC_SERVER',
+                   '$DC_USERNAME',
+                   '$DC_PASSWORD',
+                   '$PREFIX_ABS'],
+                  environ={'GNUTLS_FORCE_FIPS_MODE': '1',
+                           'OPENSSL_FORCE_FIPS_MODE': '1'})
+
+    t = "--krb5auth=$DOMAIN/$DC_USERNAME%$DC_PASSWORD"
+    plantestsuite("samba3.wbinfo_simple.fips.%s" % t,
+                  "ad_member_fips:local",
+                  [os.path.join(srcdir(), "nsswitch/tests/test_wbinfo_simple.sh"), t],
+                  environ={'GNUTLS_FORCE_FIPS_MODE': '1',
+                           'OPENSSL_FORCE_FIPS_MODE': '1'})
+    plantestsuite("samba4.wbinfo_name_lookup.fips",
+                  "ad_member_fips",
+                  [os.path.join(srcdir(), "nsswitch/tests/test_wbinfo_name_lookup.sh"),
+                   '$DOMAIN',
+                   '$REALM',
+                   '$DC_USERNAME'],
+                  environ={'GNUTLS_FORCE_FIPS_MODE': '1',
+                           'OPENSSL_FORCE_FIPS_MODE': '1'})
+
+    plansmbtorture4testsuite('rpc.fips.netlogon.crypto',
+                             'ad_dc_fips',
+                             ['ncacn_np:$SERVER[krb5]',
+                              '-U$USERNAME%$PASSWORD',
+                              '--workgroup=$DOMAIN',
+                              '--client-protection=encrypt'],
+                             'samba4.rpc.fips.netlogon.crypto',
+                             environ={'GNUTLS_FORCE_FIPS_MODE': '1',
+                                      'OPENSSL_FORCE_FIPS_MODE': '1'})
+
+plansmbtorture4testsuite('rpc.echo', "ad_dc_ntvfs", ['ncacn_np:$NETBIOSALIAS', '-U$DOMAIN/$USERNAME%$PASSWORD'], "samba4.rpc.echo against NetBIOS alias")
+
+# Test wbinfo trust auth
+for env in ["ad_member_oneway:local", "fl2000dc:local", "fl2003dc:local", "fl2008r2dc:local"]:
+    for t in ["--krb5auth=$TRUST_REALM/$TRUST_USERNAME%$TRUST_PASSWORD",
+              "--krb5auth=$TRUST_DOMAIN/$TRUST_USERNAME%$TRUST_PASSWORD",
+              "--authenticate=$TRUST_REALM/$TRUST_USERNAME%$TRUST_PASSWORD",
+              "--authenticate=$TRUST_DOMAIN/$TRUST_USERNAME%$TRUST_PASSWORD"]:
+        plantestsuite("samba3.wbinfo_simple.trust:%s" % t, env, [os.path.join(srcdir(), "nsswitch/tests/test_wbinfo_simple.sh"), t])
+
+# json tests hook into ``chgdcpass'' to make them run in contributor CI on
+# gitlab
+planpythontestsuite("chgdcpass", "samba.tests.blackbox.netads_json")
+
+# Tests using the "Simple" NTVFS backend
+for t in ["base.rw1"]:
+    plansmbtorture4testsuite(t, "ad_dc_ntvfs", ["//$SERVER/simple", '-U$USERNAME%$PASSWORD'], modname="samba4.ntvfs.simple.%s" % t)
+
+# Domain S4member Tests
+plansmbtorture4testsuite('rpc.echo', "s4member", ['ncacn_np:$NETBIOSNAME', '-U$NETBIOSNAME/$USERNAME%$PASSWORD'], "samba4.rpc.echo against s4member server with local creds")
+plansmbtorture4testsuite('rpc.echo', "s4member", ['ncacn_np:$NETBIOSNAME', '-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'], "samba4.rpc.echo against s4member server with domain creds")
+plansmbtorture4testsuite('rpc.samr', "s4member", ['ncacn_np:$NETBIOSNAME', '-U$NETBIOSNAME/$USERNAME%$PASSWORD'], "samba4.rpc.samr against s4member server with local creds")
+plansmbtorture4testsuite('rpc.samr.users', "s4member", ['ncacn_np:$NETBIOSNAME', '-U$NETBIOSNAME/$USERNAME%$PASSWORD'], "samba4.rpc.samr.users against s4member server with local creds",)
+plansmbtorture4testsuite('rpc.samr.passwords.default',
+                         "s4member",
+                         ['ncacn_np:$NETBIOSNAME',
+                          '-U$NETBIOSNAME/$USERNAME%$PASSWORD'],
+                         "samba4.rpc.samr.passwords.default against s4member server with local creds")
+plantestsuite("samba4.blackbox.smbclient against s4member server with local creds", "s4member", [os.path.join(samba4srcdir, "client/tests/test_smbclient.sh"), '$NETBIOSNAME', '$USERNAME', '$PASSWORD', '$NETBIOSNAME', '$PREFIX', smbclient4])
+
+# RPC Proxy
+plansmbtorture4testsuite("rpc.echo", "rpc_proxy", ['ncacn_ip_tcp:$NETBIOSNAME', '-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'], modname="samba4.rpc.echo against rpc proxy with domain creds")
+
+# Tests SMB signing
+for mech in [
+    "-k no",
+    "-k no --option=clientusespnego=no",
+    "-k no --option=gensec:spengo=no",
+    "-k yes",
+    "-k yes --option=gensec:fake_gssapi_krb5=yes --option=gensec:gssapi_krb5=no"]:
+    for signing in ["--option=clientsigning=desired", "--option=clientsigning=required"]:
+        signoptions = "%s %s" % (mech, signing)
+        name = "smb.signing on with %s" % signoptions
+        plansmbtorture4testsuite('base.xcopy', "ad_dc_ntvfs", ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$USERNAME%$PASSWORD'], modname="samba4.%s" % name)
+
+for mech in [
+    "-k no",
+    "-k no --option=clientusespnego=no",
+    "-k no --option=gensec:spengo=no",
+    "-k yes"]:
+    signoptions = "%s --client-protection=off" % mech
+    name = "smb.signing disabled on with %s" % signoptions
+    plansmbtorture4testsuite('base.xcopy', "ad_member", ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$DC_USERNAME%$DC_PASSWORD'], "samba4.%s domain-creds" % name)
+    plansmbtorture4testsuite('base.xcopy', "ad_dc", ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$USERNAME%$PASSWORD'], "samba4.%s" % name)
+    plansmbtorture4testsuite('base.xcopy', "ad_dc",
+                             ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$DC_USERNAME%$DC_PASSWORD'], "samba4.%s administrator" % name)
+
+plantestsuite("samba4.blackbox.bogusdomain", "ad_member", ["testprogs/blackbox/bogus.sh", "$NETBIOSNAME", "xcopy_share", '$USERNAME', '$PASSWORD', '$DC_USERNAME', '$DC_PASSWORD', smbclient3])
+for mech in [
+    "-k no",
+    "-k no --option=clientusespnego=no",
+    "-k no --option=gensec:spengo=no"]:
+    signoptions = "%s --client-protection=off" % mech
+    plansmbtorture4testsuite('base.xcopy', "s4member", ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$NETBIOSNAME/$USERNAME%$PASSWORD'], modname="samba4.smb.signing on with %s local-creds" % signoptions)
+
+plansmbtorture4testsuite('base.xcopy', "ad_dc_ntvfs", ['//$NETBIOSNAME/xcopy_share', '-k', 'no', '--option=clientsigning=desired', '-U%'], modname="samba4.smb.signing --option=clientsigning=desired anon")
+plansmbtorture4testsuite('base.xcopy', "ad_dc_ntvfs", ['//$NETBIOSNAME/xcopy_share', '-k', 'no', '--option=clientsigning=required', '-U%'], modname="samba4.smb.signing --option=clientsigning=required anon")
+plansmbtorture4testsuite('base.xcopy', "s4member", ['//$NETBIOSNAME/xcopy_share', '-k', 'no', '--option=clientsigning=disabled', '-U%'], modname="samba4.smb.signing --option=clientsigning=disabled anon")
+
+# Test SPNEGO without issuing an optimistic token
+opt='--option=spnego:client_no_optimistic=yes'
+plansmbtorture4testsuite('base.xcopy', "ad_dc_smb1", ['//$NETBIOSNAME/xcopy_share', '-U$USERNAME%$PASSWORD', opt, '-k', 'no'], modname="samba4.smb.spnego.ntlmssp.no_optimistic")
+plansmbtorture4testsuite('base.xcopy', "ad_dc_smb1", ['//$NETBIOSNAME/xcopy_share', '-U$USERNAME%$PASSWORD', opt, '-k', 'yes'], modname="samba4.smb.spnego.krb5.no_optimistic")
+
+wb_opts_default = ["--option=\"torture:strict mode=no\"", "--option=\"torture:timelimit=1\"", "--option=\"torture:winbindd_separator=/\"", "--option=\"torture:winbindd_netbios_name=$SERVER\"", "--option=\"torture:winbindd_netbios_domain=$DOMAIN\""]
+
+winbind_ad_client_tests = smbtorture4_testsuites("winbind.struct") + smbtorture4_testsuites("winbind.pac")
+winbind_wbclient_tests = smbtorture4_testsuites("winbind.wbclient")
+for env in ["ad_dc", "ad_member", "nt4_member"]:
+    wb_opts = wb_opts_default[:]
+    if env in ["ad_member"]:
+        wb_opts += ["--option=\"torture:winbindd_domain_without_prefix=$DOMAIN\""]
+    for t in winbind_ad_client_tests:
+        plansmbtorture4testsuite(t, "%s:local" % env, wb_opts + ['//$SERVER/tmp', '--realm=$REALM', '--machine-pass', '--option=torture:addc=$DC_SERVER'])
+
+for env in ["nt4_dc", "fl2003dc"]:
+    for t in winbind_wbclient_tests:
+        plansmbtorture4testsuite(t, "%s:local" % env, '//$SERVER/tmp -U$DC_USERNAME%$DC_PASSWORD')
+
+for env in ["nt4_dc", "nt4_member", "ad_dc", "ad_member", "chgdcpass", "rodc"]:
+    tests = ["--ping", "--separator",
+             "--own-domain",
+             "--all-domains",
+             "--trusted-domains",
+             "--domain-info=BUILTIN",
+             "--domain-info=$DOMAIN",
+             "--online-status",
+             "--online-status --domain=BUILTIN",
+             "--online-status --domain=$DOMAIN",
+             "--check-secret --domain=$DOMAIN",
+             "--change-secret --domain=$DOMAIN",
+             "--check-secret --domain=$DOMAIN",
+             "--online-status --domain=$DOMAIN",
+             "--domain-users",
+             "--domain-groups",
+             "--name-to-sid=$DC_USERNAME",
+             "--name-to-sid=$DOMAIN/$DC_USERNAME",
+             "--user-info=$DOMAIN/$DC_USERNAME",
+             "--user-groups=$DOMAIN/$DC_USERNAME",
+             "--authenticate=$DOMAIN/$DC_USERNAME%$DC_PASSWORD",
+             "--allocate-uid",
+             "--allocate-gid"]
+
+    for t in tests:
+        plantestsuite("samba.wbinfo_simple.%s" % (t.replace(" --", ".").replace("--", "")), "%s:local" % env, [os.path.join(srcdir(), "nsswitch/tests/test_wbinfo_simple.sh"), t])
+
+    plantestsuite(
+        "samba.wbinfo_sids2xids.(%s:local)" % env, "%s:local" % env,
+        [os.path.join(samba3srcdir, "script/tests/test_wbinfo_sids2xids.sh")])
+
+    planpythontestsuite(env + ":local", "samba.tests.ntlm_auth")
+
+plantestsuite(
+    "samba.wbinfo_u_large_ad.(ad_dc:local)",
+    "ad_dc:local",
+    [os.path.join(samba3srcdir, "script/tests/test_wbinfo_u_large_ad.sh")])
+
+for env in ["ktest"]:
+    planpythontestsuite(env + ":local", "samba.tests.ntlm_auth_krb5")
+
+for env in ["s4member_dflt_domain", "s4member"]:
+    for cmd in ["id", "getent"]:
+        users = ["$DC_USERNAME", "$DC_USERNAME@$REALM"]
+        if env == "s4member":
+            users = ["$DOMAIN/$DC_USERNAME", "$DC_USERNAME@$REALM"]
+        for usr in users:
+            plantestsuite("samba4.winbind.dom_name_parse.cmd", env, "%s/dom_parse.sh %s %s" % (bbdir, cmd, usr))
+
+nsstest4 = binpath("nsstest")
+for env in ["ad_dc:local", "s4member:local", "nt4_dc:local", "ad_member:local", "nt4_member:local"]:
+    if os.path.exists(nsstest4):
+        plantestsuite("samba.nss.test using winbind(%s)" % env, env, [os.path.join(bbdir, "nsstest.sh"), nsstest4, os.path.join(samba4bindir, "plugins/libnss_wrapper_winbind.so.2")])
+    else:
+        skiptestsuite("samba.nss.test using winbind(%s)" % env, "nsstest not available")
+
+
+if have_gnutls_fips_mode_support:
+    planoldpythontestsuite("ad_dc",
+                           "samba.tests.dcerpc.createtrustrelax",
+                           environ={'GNUTLS_FORCE_FIPS_MODE': '1',
+                                    'OPENSSL_FORCE_FIPS_MODE': '1'})
+    planoldpythontestsuite("ad_dc_fips",
+                           "samba.tests.dcerpc.createtrustrelax",
+                           environ={'GNUTLS_FORCE_FIPS_MODE': '1',
+                                    'OPENSSL_FORCE_FIPS_MODE': '1'})
+
+# Run complex search expressions test once for each database backend.
+# Right now ad_dc has mdb and ad_dc_ntvfs has tdb
+mdb_testenv = "ad_dc"
+tdb_testenv = "ad_dc_ntvfs"
+for testenv in [mdb_testenv, tdb_testenv]:
+    planoldpythontestsuite(testenv, "samba.tests.complex_expressions", extra_args=['-U"$USERNAME%$PASSWORD"'])
+
+# samba.tests.gensec is only run in ad_dc to ensure it runs with and
+# MIT and Heimdal build, it can run against any environment that
+# supports FAST
+planoldpythontestsuite("ad_dc:local", "samba.tests.gensec", extra_args=['-U"$USERNAME%$PASSWORD"'])
+
+planoldpythontestsuite("none", "simple", extra_path=["%s/lib/tdb/python/tests" % srcdir()], name="tdb.python")
+planpythontestsuite("ad_dc_default:local", "samba.tests.dcerpc.sam")
+planpythontestsuite("ad_dc_default:local", "samba.tests.dsdb")
+planpythontestsuite("none", "samba.tests.samba_startup_fl_change")
+planpythontestsuite("none", "samba.tests.dsdb_lock")
+planpythontestsuite("ad_dc_default:local", "samba.tests.dcerpc.bare")
+planpythontestsuite("ad_dc_default:local", "samba.tests.dcerpc.lsa")
+planpythontestsuite("ad_dc_default:local", "samba.tests.dcerpc.unix")
+planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.dcerpc.srvsvc")
+planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.timecmd")
+planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.join")
+planpythontestsuite("ad_dc_default:local", "samba.tests.ldap_whoami")
+planpythontestsuite("ad_member_s3_join", "samba.tests.samba_tool.join_member")
+planpythontestsuite("ad_dc_default",
+                    "samba.tests.samba_tool.join_lmdb_size")
+planpythontestsuite("ad_dc_default",
+                    "samba.tests.samba_tool.drs_clone_dc_data_lmdb_size")
+planpythontestsuite("ad_dc_default",
+                    "samba.tests.samba_tool.promote_dc_lmdb_size")
+
+planpythontestsuite("none", "samba.tests.samba_tool.visualize")
+
+
+# test fsmo show
+for env in all_fl_envs:
+    planpythontestsuite(env + ":local", "samba.tests.samba_tool.fsmo")
+
+# test getpassword for group managed service accounts
+planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.user_getpassword_gmsa")
+
+# test samba-tool user, group, contact and computer edit command
+for env in all_fl_envs:
+    env += ":local"
+    plantestsuite("samba.tests.samba_tool.user_edit", env, [os.path.join(srcdir(), "python/samba/tests/samba_tool/user_edit.sh"), '$SERVER', '$USERNAME', '$PASSWORD'])
+    plantestsuite("samba.tests.samba_tool.group_edit", env, [os.path.join(srcdir(), "python/samba/tests/samba_tool/group_edit.sh"), '$SERVER', '$USERNAME', '$PASSWORD'])
+    plantestsuite("samba.tests.samba_tool.contact_edit", env, [os.path.join(srcdir(), "python/samba/tests/samba_tool/contact_edit.sh"), '$SERVER', '$USERNAME', '$PASSWORD'])
+    plantestsuite("samba.tests.samba_tool.computer_edit", env, [os.path.join(srcdir(), "python/samba/tests/samba_tool/computer_edit.sh"), '$SERVER', '$USERNAME', '$PASSWORD'])
+
+# We run this test against both AD DC implementations because it is
+# the only test we have of GPO get/set behaviour, and this involves
+# the file server as well as the LDAP server.
+# It's also a good sanity-check that sysvol backup worked correctly.
+for env in ["ad_dc_ntvfs", "ad_dc", "offlinebackupdc", "renamedc",
+            smbv1_disabled_testenv]:
+    planpythontestsuite(env + ":local", "samba.tests.samba_tool.gpo")
+for env in ["ad_dc_ntvfs", "ad_dc"]:
+    planpythontestsuite(env + ":local", "samba.tests.samba_tool.gpo_exts")
+
+planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.processes")
+
+planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.user")
+planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.user_auth_policy")
+planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.user_auth_silo")
+for env in ["ad_dc_default:local", "ad_dc_no_ntlm:local"]:
+    planpythontestsuite(env, "samba.tests.samba_tool.user_wdigest")
+for env, nt_hash in [("ad_dc:local", True),
+                     ("ad_dc_no_ntlm:local", False)]:
+    planpythontestsuite(env, "samba.tests.samba_tool.user",
+                        environ={"EXPECT_NT_HASH": int(nt_hash)})
+    # test get-kerberos-ticket for locally accessible and group managed service accounts
+    planpythontestsuite(env, "samba.tests.samba_tool.user_get_kerberos_ticket")
+    planpythontestsuite(env, "samba.tests.samba_tool.user_virtualCryptSHA_userPassword")
+    planpythontestsuite(env, "samba.tests.samba_tool.user_virtualCryptSHA_gpg")
+planpythontestsuite("chgdcpass:local", "samba.tests.samba_tool.user_check_password_script")
+
+planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.group")
+planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.ou")
+planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.computer")
+planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.contact")
+planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.forest")
+planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.schema")
+planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.domain_claim")
+planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.domain_auth_policy")
+planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.domain_auth_silo")
+planpythontestsuite("ad_dc_default", "samba.tests.samba_tool.domain_models")
+planpythontestsuite("schema_dc:local", "samba.tests.samba_tool.schema")
+planpythontestsuite("ad_dc:local", "samba.tests.samba_tool.ntacl")
+planpythontestsuite("none", "samba.tests.samba_tool.provision_password_check")
+planpythontestsuite("none", "samba.tests.samba_tool.provision_lmdb_size")
+planpythontestsuite("none", "samba.tests.samba_tool.provision_userPassword_crypt")
+planpythontestsuite("none", "samba.tests.samba_tool.help")
+# Make sure samba-tool can execute without import failures when run
+# without the ad-dc built. The fileserver test environment runs against
+# the samba-h5l-build autobuild. This build was chosen because it's
+# configured with --without-ad-dc and does not disable ads, which is
+# required to run some samba-tool commands.
+planpythontestsuite("fileserver", "samba.tests.samba_tool.help")
+
+planpythontestsuite("ad_dc_default:local", "samba.tests.samba_tool.passwordsettings")
+planpythontestsuite("ad_dc:local", "samba.tests.samba_tool.dsacl")
+
+planpythontestsuite("none", "samba.tests.samba_upgradedns_lmdb")
+
+# Run these against chgdcpass to share the runtime load
+planpythontestsuite("chgdcpass:local", "samba.tests.samba_tool.sites")
+planpythontestsuite("chgdcpass:local", "samba.tests.samba_tool.dnscmd")
+
+# Run this against chgdcpass to ensure at least one python3 test
+# against this autobuild target (samba-ad-dc-2)
+planpythontestsuite("chgdcpass:local", "samba.tests.dcerpc.rpcecho")
+
+planoldpythontestsuite("nt4_dc", "samba.tests.netbios", extra_args=['-U"$USERNAME%$PASSWORD"'])
+test_bin = os.path.abspath(os.path.join(os.getenv('BINDIR', './bin'), '../python/samba/tests/bin'))
+planoldpythontestsuite("ad_dc:local", "samba.tests.gpo", extra_args=['-U"$USERNAME%$PASSWORD"'],
+                       environ={'PATH':':'.join([test_bin, os.getenv('PATH', '')])})
+planoldpythontestsuite("ad_member", "samba.tests.gpo_member", extra_args=['-U"$USERNAME%$PASSWORD"'])
+planoldpythontestsuite("ad_dc:local", "samba.tests.dckeytab", extra_args=['-U"$USERNAME%$PASSWORD"'])
+
+planoldpythontestsuite("ad_dc", "samba.tests.sid_strings")
+
+# Run the import test in environments that may not have the ad-dc built
+envs = ['fileserver_smb1', 'nt4_member', 'ktest', 'nt4_dc', 'nt4_dc_smb1_done', 'nt4_dc_smb1', 'simpleserver', 'fileserver_smb1_done', 'fileserver', 'maptoguest', 'nt4_dc_schannel']
+if have_cluster_support:
+    envs.append('clusteredmember')
+for env in envs:
+    planoldpythontestsuite(env, "samba.tests.imports")
+
+have_fast_support = 1
+claims_support = 1
+
+# MIT
+kadmin_is_tgs = int('SAMBA4_USES_HEIMDAL' not in config_hash)
+
+# Heimdal
+compound_id_support = int('SAMBA4_USES_HEIMDAL' in config_hash)
+expect_pac = int('SAMBA4_USES_HEIMDAL' in config_hash)
+extra_pac_buffers = int('SAMBA4_USES_HEIMDAL' in config_hash)
+check_cname = int('SAMBA4_USES_HEIMDAL' in config_hash)
+check_padata = int('SAMBA4_USES_HEIMDAL' in config_hash)
+expect_nt_status = int('SAMBA4_USES_HEIMDAL' in config_hash)
+as_req_logging_support = int('SAMBA4_USES_HEIMDAL' in config_hash)
+tgs_req_logging_support = int('SAMBA4_USES_HEIMDAL' in config_hash)
+
+ca_dir = os.path.join('selftest', 'manage-ca', 'CA-samba.example.com')
+
+# This certificate is currently used just to get the name of the certificate
+# issuer.
+ca_cert_path = os.path.join(ca_dir,
+                            'DCs',
+                            'addc.addom.samba.example.com',
+                            'DC-addc.addom.samba.example.com-cert.pem')
+
+# The private key is used to issue new certificates.
+ca_private_key_path = os.path.join(ca_dir,
+                                   'Private',
+                                   'CA-samba.example.com-private-key.pem')
+ca_pass = '1234'
+
+krb5_environ = {
+    'SERVICE_USERNAME': '$SERVER',
+    'ADMIN_USERNAME': '$DC_USERNAME',
+    'ADMIN_PASSWORD': '$DC_PASSWORD',
+    'ADMIN_KVNO': '1',
+    'FOR_USER': '$DC_USERNAME',
+    'STRICT_CHECKING':'0',
+    'FAST_SUPPORT': have_fast_support,
+    'CLAIMS_SUPPORT': claims_support,
+    'COMPOUND_ID_SUPPORT': compound_id_support,
+    'EXPECT_PAC': expect_pac,
+    'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
+    'CHECK_CNAME': check_cname,
+    'CHECK_PADATA': check_padata,
+    'KADMIN_IS_TGS': kadmin_is_tgs,
+    'EXPECT_NT_STATUS': expect_nt_status,
+    'AS_REQ_LOGGING_SUPPORT': as_req_logging_support,
+    'TGS_REQ_LOGGING_SUPPORT': tgs_req_logging_support,
+    'CA_CERT': ca_cert_path,
+    'CA_PRIVATE_KEY': ca_private_key_path,
+    'CA_PASS': ca_pass,
+}
+planoldpythontestsuite("none", "samba.tests.krb5.kcrypto")
+planoldpythontestsuite("none", "samba.tests.krb5.claims_in_pac")
+planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.simple_tests",
+                       environ=krb5_environ)
+for env, fast_support in [("ad_dc_default:local", True),
+                          ("fl2003dc:local", False)]:
+    planoldpythontestsuite(env, "samba.tests.krb5.s4u_tests",
+                           environ={
+                               **krb5_environ,
+                               'FAST_SUPPORT': int(have_fast_support and fast_support),
+                           })
+planoldpythontestsuite("rodc:local", "samba.tests.krb5.rodc_tests",
+                       environ=krb5_environ)
+
+planoldpythontestsuite("ad_dc_default", "samba.tests.dsdb_dns")
+
+planoldpythontestsuite("fl2008r2dc:local", "samba.tests.krb5.xrealm_tests",
+                       environ=krb5_environ)
+
+planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ccache",
+                       environ=krb5_environ)
+planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ldap",
+                       environ=krb5_environ)
+for env in ['ad_dc_default', 'ad_member']:
+    planoldpythontestsuite(env, "samba.tests.krb5.test_rpc",
+                           environ=krb5_environ)
+planoldpythontestsuite("ad_dc_smb1", "samba.tests.krb5.test_smb",
+                       environ=krb5_environ)
+planoldpythontestsuite("ad_member_idmap_nss:local",
+                       "samba.tests.krb5.test_min_domain_uid",
+                       environ=krb5_environ)
+planoldpythontestsuite("ad_member_idmap_nss:local",
+                       "samba.tests.krb5.test_idmap_nss",
+                       environ={
+                           **krb5_environ,
+                           'MAPPED_USERNAME': 'bob',
+                           'MAPPED_PASSWORD': 'Secret007',
+                           'UNMAPPED_USERNAME': 'jane',
+                           'UNMAPPED_PASSWORD': 'Secret007',
+                           'INVALID_USERNAME': 'joe',
+                           'INVALID_PASSWORD': 'Secret007',
+                       })
+
+for env in ["ad_dc", smbv1_disabled_testenv]:
+    planoldpythontestsuite(env, "samba.tests.smb", extra_args=['-U"$USERNAME%$PASSWORD"'])
+    planoldpythontestsuite(env + ":local", "samba.tests.ntacls_backup",
+        extra_args=['-U"$USERNAME%$PASSWORD"'])
+
+planoldpythontestsuite(
+    "ad_dc_ntvfs:local", "samba.tests.dcerpc.registry",
+    extra_args=['-U"$USERNAME%$PASSWORD"'])
+
+planoldpythontestsuite("ad_dc_ntvfs", "samba.tests.dcerpc.dnsserver", extra_args=['-U"$USERNAME%$PASSWORD"'])
+planoldpythontestsuite("ad_dc", "samba.tests.dcerpc.dnsserver", extra_args=['-U"$USERNAME%$PASSWORD"'])
+
+for env in ["chgdcpass", "ad_member"]:
+    planoldpythontestsuite(env, "samba.tests.dcerpc.raw_protocol",
+                           environ={"MAX_NUM_AUTH": "8",
+                                    "USERNAME": "$DC_USERNAME",
+                                    "PASSWORD": "$DC_PASSWORD"})
+
+if have_heimdal_support:
+    planoldpythontestsuite("ad_dc_smb1:local", "samba.tests.auth_log", extra_args=['-U"$USERNAME%$PASSWORD"'],
+                           environ={'CLIENT_IP': '10.53.57.11',
+                                    'SOCKET_WRAPPER_DEFAULT_IFACE': 11})
+    planoldpythontestsuite("ad_dc_ntvfs:local", "samba.tests.auth_log", extra_args=['-U"$USERNAME%$PASSWORD"'],
+                           environ={'CLIENT_IP': '10.53.57.11',
+                                    'SOCKET_WRAPPER_DEFAULT_IFACE': 11})
+    planoldpythontestsuite("ad_dc_smb1", "samba.tests.auth_log_pass_change",
+                           extra_args=['-U"$USERNAME%$PASSWORD"'])
+    planoldpythontestsuite("ad_dc_ntvfs", "samba.tests.auth_log_pass_change",
+                           extra_args=['-U"$USERNAME%$PASSWORD"'])
+
+    # these tests use a NCA local RPC connection, so always run on the
+    # :local testenv, and so don't need to fake a client connection
+    for env in ["ad_dc_ntvfs:local", "ad_dc:local"]:
+        planoldpythontestsuite(env, "samba.tests.auth_log_ncalrpc", extra_args=['-U"$USERNAME%$PASSWORD"'])
+        planoldpythontestsuite(env, "samba.tests.auth_log_samlogon",
+                               extra_args=['-U"$USERNAME%$PASSWORD"'])
+        planoldpythontestsuite(env, "samba.tests.auth_log_netlogon",
+                               extra_args=['-U"$USERNAME%$PASSWORD"'])
+        planoldpythontestsuite(env, "samba.tests.auth_log_netlogon_bad_creds",
+                               extra_args=['-U"$USERNAME%$PASSWORD"'])
+
+    planoldpythontestsuite("ad_member:local",
+                           "samba.tests.auth_log_winbind",
+                           extra_args=['-U"$DC_USERNAME%$DC_PASSWORD"'])
+    planoldpythontestsuite("ad_dc", "samba.tests.audit_log_pass_change",
+                           extra_args=['-U"$USERNAME%$PASSWORD"'])
+    planoldpythontestsuite("ad_dc", "samba.tests.audit_log_dsdb",
+                           extra_args=['-U"$USERNAME%$PASSWORD"'])
+    planoldpythontestsuite("ad_dc", "samba.tests.group_audit",
+                           extra_args=['-U"$USERNAME%$PASSWORD"'])
+
+planoldpythontestsuite("fl2008r2dc",
+                       "samba.tests.getdcname",
+                       extra_args=['-U"$USERNAME%$PASSWORD"'])
+
+planoldpythontestsuite("ad_dc_smb1",
+                       "samba.tests.net_join_no_spnego",
+                       extra_args=['-U"$USERNAME%$PASSWORD"'])
+planoldpythontestsuite("ad_dc",
+                       "samba.tests.net_join",
+                       extra_args=['-U"$USERNAME%$PASSWORD"'])
+planoldpythontestsuite("ad_dc",
+                       "samba.tests.s3_net_join",
+                       extra_args=['-U"$USERNAME%$PASSWORD"'])
+planoldpythontestsuite("ad_dc",
+                       "samba.tests.segfault",
+                       extra_args=['-U"$USERNAME%$PASSWORD"'])
+# Need to test the password hashing in multiple environments to ensure that
+# all the possible options are covered
+#
+# ad_dc:local functional_level >= 2008, gpg keys available
+planoldpythontestsuite("ad_dc:local",
+                       "samba.tests.password_hash_gpgme",
+                       extra_args=['-U"$USERNAME%$PASSWORD"'])
+# ad_dc_ntvfs:local functional level >= 2008, gpg keys not available
+planoldpythontestsuite("ad_dc_ntvfs:local",
+                       "samba.tests.password_hash_fl2008",
+                       extra_args=['-U"$USERNAME%$PASSWORD"'])
+# fl2003dc:local functional level < 2008, gpg keys not available
+planoldpythontestsuite("fl2003dc:local",
+                       "samba.tests.password_hash_fl2003",
+                       extra_args=['-U"$USERNAME%$PASSWORD"'])
+# ad_dc: wDigest values over ldap
+planoldpythontestsuite("ad_dc",
+                       "samba.tests.password_hash_ldap",
+                       extra_args=['-U"$USERNAME%$PASSWORD"'])
+
+for env in ["ad_dc_backup", smbv1_disabled_testenv]:
+    planoldpythontestsuite(env + ":local", "samba.tests.domain_backup",
+                           extra_args=['-U"$USERNAME%$PASSWORD"'])
+
+planoldpythontestsuite("ad_dc",
+                       "samba.tests.domain_backup_offline")
+# Encrypted secrets
+# ensure default provision (ad_dc) and join (vampire_dc)
+# encrypt secret values on disk.
+planoldpythontestsuite("ad_dc:local",
+                       "samba.tests.encrypted_secrets",
+                       extra_args=['-U"$USERNAME%$PASSWORD"'])
+planoldpythontestsuite("vampire_dc:local",
+                       "samba.tests.encrypted_secrets",
+                       extra_args=['-U"$USERNAME%$PASSWORD"'])
+# The fl2000dc environment is provisioned with the --plaintext_secrets option
+# so this test will fail, which proves the secrets are not being encrypted.
+# There is an entry in known_fail.d.
+planoldpythontestsuite("fl2000dc:local",
+                       "samba.tests.encrypted_secrets",
+                       extra_args=['-U"$USERNAME%$PASSWORD"'])
+
+planpythontestsuite("none",
+                    "samba.tests.lsa_string")
+
+planoldpythontestsuite("ad_dc_ntvfs",
+                       "samba.tests.krb5_credentials",
+                       extra_args=['-U"$USERNAME%$PASSWORD"'])
+
+for env in ["ad_dc_ntvfs", "vampire_dc", "promoted_dc"]:
+    planoldpythontestsuite(env,
+                           "samba.tests.py_credentials",
+                           extra_args=['-U"$USERNAME%$PASSWORD"'])
+planoldpythontestsuite("ad_dc_ntvfs",
+                       "samba.tests.emulate.traffic",
+                       extra_args=['-U"$USERNAME%$PASSWORD"'])
+planoldpythontestsuite("ad_dc_ntvfs",
+                       "samba.tests.emulate.traffic_packet",
+                       extra_args=['-U"$USERNAME%$PASSWORD"'])
+planoldpythontestsuite("ad_dc_ntvfs",
+                       "samba.tests.blackbox.traffic_replay",
+                       extra_args=['-U"$USERNAME%$PASSWORD"'])
+planoldpythontestsuite("ad_dc_ntvfs",
+                       "samba.tests.blackbox.traffic_learner",
+                       extra_args=['-U"$USERNAME%$PASSWORD"'])
+planoldpythontestsuite("ad_dc_ntvfs",
+                       "samba.tests.blackbox.traffic_summary",
+                       extra_args=['-U"$USERNAME%$PASSWORD"'])
+planoldpythontestsuite("none", "samba.tests.loadparm")
+planoldpythontestsuite("fileserver",
+                       "samba.tests.blackbox.mdsearch",
+                       extra_args=['-U"$USERNAME%$PASSWORD"'])
+planoldpythontestsuite("fileserver",
+                       "samba.tests.blackbox.smbcacls_basic")
+planoldpythontestsuite("fileserver",
+                       "samba.tests.blackbox.smbcacls_basic",
+                       "samba.tests.blackbox.smbcacls_basic(DFS)",
+                       environ={'SHARE': 'msdfs-share',
+                                 'TESTDIR': 'smbcacls_sharedir_dfs'})
+# Run smbcacls_propagate_inhertance tests on non msdfs root share
+planoldpythontestsuite("fileserver",
+                       "samba.tests.blackbox.smbcacls_propagate_inhertance")
+planoldpythontestsuite("fileserver",
+                       "samba.tests.blackbox.smbcacls_save_restore")
+planoldpythontestsuite("ad_member",
+                       "samba.tests.blackbox.smbcacls_save_restore",
+                       environ={'USER': '$DC_USERNAME',
+                                'PASSWORD' : '$DC_PASSWORD'}
+                       )
+
+#
+# A) Run the smbcacls_propagate_inhertance tests on a msdfs root share
+#    *without* any nested dfs links
+# B) Run the smbcacls_propagate_inhertance tests on a msdfs root share
+#    *with* a nested dfs link
+#
+planoldpythontestsuite("fileserver",
+                       "samba.tests.blackbox.smbcacls_dfs_propagate_inherit",
+                       "samba.tests.blackbox.smbcacls_dfs_propagate_inherit(DFS-msdfs-root)",
+                       environ={'SHARE': 'smbcacls_share'})
+#
+# Want a selection of environments across the process models
+#
+for env in ["ad_dc_ntvfs:local", "ad_dc:local",
+            "fl2003dc:local", "fl2008r2dc:local",
+            "promoted_dc:local"]:
+    planoldpythontestsuite(env, "samba.tests.blackbox.smbcontrol")
+
+planoldpythontestsuite("none", "samba.tests.blackbox.downgradedatabase")
+
+planpythontestsuite("ad_member:local", "samba.tests.blackbox.netads_dns")
+
+plantestsuite_loadlist("samba4.ldap.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "ldap.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
+
+plantestsuite_loadlist("samba4.ldap_modify_order.python(ad_dc_default)",
+                       "ad_dc_default",
+                       [python, os.path.join(samba4srcdir,
+                                             "dsdb/tests/python/"
+                                             "ldap_modify_order.py"),
+                        # add "-v" here to diagnose
+                        '$SERVER',
+                        '-U"$USERNAME%$PASSWORD"',
+                        '--workgroup=$DOMAIN',
+                        '$LOADLIST',
+                        '$LISTOPT'])
+
+plantestsuite_loadlist("samba4.ldap_modify_order.normal_user.python(ad_dc_default)",
+                       "ad_dc_default",
+                       [python, os.path.join(samba4srcdir,
+                                             "dsdb/tests/python/"
+                                             "ldap_modify_order.py"),
+                        '--normal-user',
+                        # add "-v" here to diagnose
+                        '$SERVER',
+                        '-U"$USERNAME%$PASSWORD"',
+                        '--workgroup=$DOMAIN',
+                        '$LOADLIST',
+                        '$LISTOPT'])
+
+planoldpythontestsuite("ad_dc",
+                       "samba.tests.ldap_raw",
+                       extra_args=['-U"$USERNAME%$PASSWORD"'],
+                       environ={'TEST_ENV': 'ad_dc'})
+
+plantestsuite_loadlist("samba.tests.ldap_spn", "ad_dc",
+                       [python,
+                        f"{srcdir()}/python/samba/tests/ldap_spn.py",
+                        '$SERVER',
+                        '-U"$USERNAME%$PASSWORD"',
+                        '--workgroup=$DOMAIN',
+                        '$LOADLIST', '$LISTOPT'])
+
+plantestsuite_loadlist("samba.tests.ldap_upn_sam_account", "ad_dc_ntvfs",
+                       [python,
+                        f"{srcdir()}/python/samba/tests/ldap_upn_sam_account.py",
+                        '$SERVER',
+                        '-U"$USERNAME%$PASSWORD"',
+                        '--workgroup=$DOMAIN',
+                        '$LOADLIST', '$LISTOPT'])
+
+
+plantestsuite_loadlist("samba4.tokengroups.krb5.python", "ad_dc_default:local", [python, os.path.join(DSDB_PYTEST_DIR, "token_group.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '-k', 'yes', '$LOADLIST', '$LISTOPT'])
+plantestsuite_loadlist("samba4.tokengroups.ntlm.python", "ad_dc_default:local", [python, os.path.join(DSDB_PYTEST_DIR, "token_group.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '-k', 'no', '$LOADLIST', '$LISTOPT'])
+plantestsuite("samba4.sam.python(fl2008r2dc)", "fl2008r2dc", [python, os.path.join(DSDB_PYTEST_DIR, "sam.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
+plantestsuite("samba4.sam.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "sam.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
+plantestsuite("samba4.asq.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "asq.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
+plantestsuite("samba4.user_account_control.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "user_account_control.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
+plantestsuite("samba4.priv_attrs.python(ad_dc_default)", "ad_dc_default", ["STRICT_CHECKING=0", python, os.path.join(DSDB_PYTEST_DIR, "priv_attrs.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
+plantestsuite("samba4.priv_attrs.strict.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "priv_attrs.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
+plantestsuite("samba4.unicodepwd_encrypted(fl2008r2dc)", "fl2008r2dc", [python, os.path.join(DSDB_PYTEST_DIR, "unicodepwd_encrypted.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
+
+for env in ['ad_dc_default:local', 'schema_dc:local']:
+    planoldpythontestsuite(env, "dsdb_schema_info",
+                           extra_path=[os.path.join(samba4srcdir, 'dsdb/tests/python')],
+                           name="samba4.schemaInfo.python(%s)" % (env),
+            extra_args=['-U"$DOMAIN/$DC_USERNAME%$DC_PASSWORD"'])
+
+    planpythontestsuite(env, "samba.tests.dsdb_schema_attributes")
+
+plantestsuite_loadlist("samba4.urgent_replication.python(ad_dc_ntvfs)", "ad_dc_ntvfs:local", [python, os.path.join(DSDB_PYTEST_DIR, "urgent_replication.py"), '$PREFIX_ABS/ad_dc_ntvfs/private/sam.ldb', '$LOADLIST', '$LISTOPT'])
+plantestsuite_loadlist("samba4.ldap.dirsync.python(ad_dc_ntvfs)", "ad_dc_ntvfs", [python, os.path.join(DSDB_PYTEST_DIR, "dirsync.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
+plantestsuite_loadlist("samba4.ldap.match_rules.python", "ad_dc_ntvfs", [python, os.path.join(srcdir(), "lib/ldb-samba/tests/match_rules.py"), '$PREFIX_ABS/ad_dc_ntvfs/private/sam.ldb', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
+plantestsuite_loadlist("samba4.ldap.match_rules.python", "ad_dc_ntvfs", [python, os.path.join(srcdir(), "lib/ldb-samba/tests/match_rules_remote.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
+plantestsuite("samba4.ldap.index.python", "none", [python, os.path.join(srcdir(), "lib/ldb-samba/tests/index.py")])
+plantestsuite_loadlist("samba4.ldap.notification.python(ad_dc_ntvfs)", "ad_dc_ntvfs", [python, os.path.join(DSDB_PYTEST_DIR, "notification.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
+plantestsuite_loadlist("samba4.ldap.sites.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "sites.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
+
+env = 'vampire_dc'
+# Test with LMDB (GSSAPI/SASL bind)
+plantestsuite_loadlist("samba4.ldap.large_ldap.gssapi.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "large_ldap.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--kerberos=yes', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
+
+env = 'ad_dc_default'
+# Test with TDB (NTLMSSP bind)
+plantestsuite_loadlist("samba4.ldap.large_ldap.ntlmssp.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "large_ldap.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--kerberos=no', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
+
+env = 'ad_dc_ntvfs'
+# Test with ldaps://
+plantestsuite_loadlist("samba4.ldap.large_ldap.ldaps.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "large_ldap.py"), 'ldaps://$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
+
+env = 'fl2008r2dc'
+# Test with straight ldap
+plantestsuite_loadlist("samba4.ldap.large_ldap.straight_ldap.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "large_ldap.py"), 'ldap://$SERVER',     '--simple-bind-dn=$USERNAME@$REALM', '--password=$PASSWORD', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
+
+planoldpythontestsuite("ad_dc_default", "sort", environ={'SERVER' : '$SERVER', 'DATA_DIR' : os.path.join(samba4srcdir, 'dsdb/tests/python/testdata/')}, name="samba4.ldap.sort.python", extra_path=[os.path.join(samba4srcdir, 'dsdb/tests/python')], extra_args=['-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
+
+plantestsuite_loadlist("samba4.ldap.linked_attributes.python(ad_dc)", "ad_dc:local", [python, os.path.join(DSDB_PYTEST_DIR, "linked_attributes.py"), '$PREFIX_ABS/ad_dc/private/sam.ldb', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
+
+plantestsuite_loadlist("samba4.ldap.subtree_rename.python(ad_dc_ntvfs)",
+                       "ad_dc_ntvfs:local",
+                       [python, os.path.join(samba4srcdir,
+                                             "dsdb/tests/python/subtree_rename.py"),
+                        '$PREFIX_ABS/ad_dc_ntvfs/private/sam.ldb',
+                        '-U"$USERNAME%$PASSWORD"',
+                        '--workgroup=$DOMAIN',
+                        '$LOADLIST',
+                        '$LISTOPT'])
+
+planoldpythontestsuite(
+    "ad_dc_ntvfs",
+    "samba.tests.ldap_referrals",
+    environ={
+        'SERVER': '$SERVER',
+    },
+    name="samba.ldap.referrals",
+    extra_args=['-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
+
+# These should be the first tests run against testenvs created by backup/restore
+for env in ['offlinebackupdc', 'restoredc', 'renamedc', 'labdc']:
+    # check that a restored DC matches the original DC (backupfromdc)
+    plantestsuite("samba4.blackbox.ldapcmp_restore", env,
+                  ["PYTHON=%s" % python,
+                   os.path.join(bbdir, "ldapcmp_restoredc.sh"),
+                   '$PREFIX_ABS/backupfromdc', '$PREFIX_ABS/%s' % env])
+
+# we also test joining backupfromdc here, as it's a bit special in that it
+# doesn't have Default-First-Site-Name
+for env in ['backupfromdc', 'offlinebackupdc', 'restoredc', 'renamedc',
+            'labdc']:
+    # basic test that we can join the testenv DC
+    plantestsuite("samba4.blackbox.join_ldapcmp", env,
+                  ["PYTHON=%s" % python, os.path.join(bbdir, "join_ldapcmp.sh")])
+
+env = 'backupfromdc'
+planoldpythontestsuite("%s:local" % env, "samba_tool_drs_no_dns",
+                       extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
+                       name="samba4.drs.samba_tool_drs_no_dns.python(%s)" % env,
+                       environ={'DC1': '$DC_SERVER', 'DC2': '$DC_SERVER'},
+                       extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
+
+plantestsuite_loadlist("samba4.ldap.rodc.python(rodc)", "rodc",
+                       [python,
+                        os.path.join(DSDB_PYTEST_DIR, "rodc.py"),
+                        '$SERVER', '-U"$USERNAME%$PASSWORD"',
+                        '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
+
+plantestsuite_loadlist("samba4.ldap.rodc_rwdc.python(rodc)", "rodc:local",
+                       [python,
+                        os.path.join(samba4srcdir,
+                                     "dsdb/tests/python/rodc_rwdc.py"),
+                        '$SERVER', '$DC_SERVER', '-U"$USERNAME%$PASSWORD"',
+                        '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
+
+planoldpythontestsuite("rodc:local", "replica_sync_rodc",
+                       extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
+                       name="samba4.drs.replica_sync_rodc.python(rodc)",
+                       environ={'DC1': '$DC_SERVER', 'DC2': '$SERVER'},
+                       extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
+
+planoldpythontestsuite("ad_dc_default_smb1", "password_settings",
+                       extra_path=[os.path.join(samba4srcdir, 'dsdb/tests/python')],
+                       name="samba4.ldap.passwordsettings.python",
+                       extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
+
+for env in all_fl_envs + ["schema_dc"]:
+    plantestsuite_loadlist("samba4.ldap_schema.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "ldap_schema.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
+    plantestsuite("samba4.ldap.possibleInferiors.python(%s)" % env, env, [python, os.path.join(samba4srcdir, "dsdb/samdb/ldb_modules/tests/possibleinferiors.py"), "ldap://$SERVER", '-U"$USERNAME%$PASSWORD"', "-W$DOMAIN"])
+    plantestsuite_loadlist("samba4.ldap.secdesc.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "sec_descriptor.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
+    plantestsuite_loadlist("samba4.ldap.acl.python(%s)" % env, env, ["STRICT_CHECKING=0", python, os.path.join(DSDB_PYTEST_DIR, "acl.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
+    plantestsuite_loadlist("samba4.ldap.acl_modify.python(%s)" % env, env, ["STRICT_CHECKING=0", python, os.path.join(DSDB_PYTEST_DIR, "acl_modify.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
+
+for env in all_fl_envs + ["schema_dc", "ad_dc_no_ntlm"]:
+    if env != "fl2000dc":
+        # This test makes excessive use of the "userPassword" attribute which
+        # isn't available on DCs with Windows 2000 domain function level -
+        # therefore skip it in that configuration
+        plantestsuite_loadlist("samba4.ldap.passwords.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "passwords.py"), "$SERVER", '-U"$USERNAME%$PASSWORD"', "-W$DOMAIN", '$LOADLIST', '$LISTOPT'])
+
+for env in ["ad_dc_slowtests"]:
+    # This test takes a lot of time, so we run it against a minimum of
+    # environments, please only add new ones if there's really a
+    # difference we need to test
+    plantestsuite_loadlist("samba4.ldap.vlv.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "vlv.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
+    plantestsuite_loadlist("samba4.ldap.confidential_attr.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "confidential_attr.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
+    plantestsuite_loadlist("samba4.ldap.password_lockout.python(%s)" % env, env, [python, os.path.join(DSDB_PYTEST_DIR, "password_lockout.py"), "$SERVER", '-U"$USERNAME%$PASSWORD"', "-W$DOMAIN", "--realm=$REALM", '$LOADLIST', '$LISTOPT'])
+    planoldpythontestsuite(env, "tombstone_reanimation",
+                           name="samba4.tombstone_reanimation.python",
+                           environ={'TEST_SERVER': '$SERVER', 'TEST_USERNAME': '$USERNAME', 'TEST_PASSWORD': '$PASSWORD'},
+                           extra_path=[os.path.join(samba4srcdir, 'dsdb/tests/python')]
+                           )
+    planoldpythontestsuite(env, "samba.tests.join",
+                           name="samba.tests.join.python(%s)" % env,
+                           extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
+
+# this is a basic sanity-check of Kerberos/NTLM user login
+for env in ["offlinebackupdc", "restoredc", "renamedc", "labdc", "ad_dc_no_ntlm"]:
+    plantestsuite_loadlist("samba4.ldap.login_basics.python(%s)" % env, env,
+                           [python, os.path.join(DSDB_PYTEST_DIR, "login_basics.py"),
+                            "$SERVER", '-U"$USERNAME%$PASSWORD"', "-W$DOMAIN", "--realm=$REALM",
+                            '$LOADLIST', '$LISTOPT'])
+
+planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.upgradeprovisionneeddc")
+planpythontestsuite("ad_dc:local", "samba.tests.posixacl")
+planpythontestsuite("ad_dc_no_nss:local", "samba.tests.posixacl")
+plantestsuite_loadlist("samba4.deletetest.python(ad_dc_default)", "ad_dc_default", [python, os.path.join(DSDB_PYTEST_DIR, "deletetest.py"),
+                                                                                '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
+plantestsuite("samba4.blackbox.samba3dump", "none", [os.path.join(samba4srcdir, "selftest/test_samba3dump.sh")])
+plantestsuite("samba4.blackbox.upgrade", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_s3upgrade.sh"), '$PREFIX/provision'])
+plantestsuite("samba4.blackbox.provision.py", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_provision.sh"), '$PREFIX/provision'])
+plantestsuite("samba4.blackbox.provision_fileperms", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/provision_fileperms.sh"), '$PREFIX/provision'])
+plantestsuite("samba4.blackbox.supported_features", "none",
+              ["PYTHON=%s" % python,
+               os.path.join(samba4srcdir,
+                            "setup/tests/blackbox_supported_features.sh"),
+               '$PREFIX/provision'])
+plantestsuite("samba4.blackbox.start_backup", "none",
+              ["PYTHON=%s" % python,
+               os.path.join(samba4srcdir,
+                            "setup/tests/blackbox_start_backup.sh"),
+               '$PREFIX/provision'])
+plantestsuite("samba4.blackbox.upgradeprovision.current", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_upgradeprovision.sh"), '$PREFIX/provision'])
+plantestsuite("samba4.blackbox.setpassword.py", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_setpassword.sh"), '$PREFIX/provision'])
+plantestsuite("samba4.blackbox.newuser.py", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_newuser.sh"), '$PREFIX/provision'])
+plantestsuite("samba4.blackbox.group.py", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_group.sh"), '$PREFIX/provision'])
+plantestsuite("samba4.blackbox.spn.py(ad_dc_ntvfs:local)", "ad_dc_ntvfs:local", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_spn.sh"), '$PREFIX/ad_dc_ntvfs'])
+plantestsuite_loadlist("samba4.ldap.bind(fl2008r2dc)", "fl2008r2dc", [python, os.path.join(srcdir(), "auth/credentials/tests/bind.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '$LOADLIST', '$LISTOPT'])
+
+# This makes sure we test the rid allocation code
+t = "rpc.samr.large-dc"
+plansmbtorture4testsuite(t, "vampire_dc", ['$SERVER', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], modname=("samba4.%s.one" % t))
+plansmbtorture4testsuite(t, "vampire_dc", ['$SERVER', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.%s.two" % t)
+
+# RPC smoke-tests for testenvs of interest (RODC, etc)
+for env in ['rodc', 'offlinebackupdc', 'restoredc', 'renamedc', 'labdc']:
+    plansmbtorture4testsuite('rpc.echo', env, ['ncacn_np:$SERVER', "-k", "yes", '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.rpc.echo")
+    plansmbtorture4testsuite('rpc.echo', "%s:local" % env, ['ncacn_np:$SERVER', "-k", "yes", '-P', '--workgroup=$DOMAIN'], modname="samba4.rpc.echo")
+    plansmbtorture4testsuite('rpc.echo', "%s:local" % env, ['ncacn_np:$SERVER', "-k", "no", r'-Utestallowed\ account%$DC_PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.rpc.echo.testallowed")
+    plansmbtorture4testsuite('rpc.echo', "%s:local" % env, ['ncacn_np:$SERVER', "-k", "no", '-Utestdenied%$DC_PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.rpc.echo.testdenied")
+    plantestsuite("samba4.blackbox.smbclient(%s:local)" % env, "%s:local" % env, [os.path.join(samba4srcdir, "utils/tests/test_smbclient.sh"), '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$DOMAIN', binpath('smbclient')])
+
+planpythontestsuite("rodc:local", "samba.tests.samba_tool.rodc")
+
+plantestsuite("samba.blackbox.rpcclient_samlogon", "rodc:local", [os.path.join(samba3srcdir, "script/tests/test_rpcclient_samlogon.sh"),
+                                                                  "$DC_USERNAME", "$DC_PASSWORD", "ncacn_np:$SERVER", configuration])
+
+plantestsuite("samba.blackbox.rpcclient_samlogon_testallowed", "rodc:local", [os.path.join(samba3srcdir, "script/tests/test_rpcclient_samlogon.sh"),
+                                                                              r"testallowed\ account", "$DC_PASSWORD", "ncacn_np:$SERVER", configuration])
+
+plantestsuite("samba.blackbox.rpcclient_samlogon_testdenied", "rodc:local", [os.path.join(samba3srcdir, "script/tests/test_rpcclient_samlogon.sh"),
+                                                                             "testdenied", "$DC_PASSWORD", "ncacn_np:$SERVER", configuration])
+
+
+# Test renaming the DC
+plantestsuite("samba4.blackbox.renamedc.sh", "none", ["PYTHON=%s" % python, os.path.join(bbdir, "renamedc.sh"), '$PREFIX/provision'])
+
+# DRS python tests
+# Note that $DC_SERVER is the PDC (e.g. ad_dc_ntvfs) and $SERVER is
+# the 2nd DC (e.g. vampire_dc).
+
+env = 'vampire_dc'
+planoldpythontestsuite(env, "ridalloc_exop",
+                       extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
+                       name="samba4.drs.ridalloc_exop.python(%s)" % env,
+                       environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
+                       extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
+
+# This test can pollute the environment a little by creating and
+# deleting DCs which can get into the replication state for a while.
+#
+# The setting of DC1 to $DC_SERVER means that it will join towards and
+# operate on schema_dc.  This matters most when running
+# test_samba_tool_replicate_local as this sets up a full temp DC and
+# does new replication to it, which can show up in the replication
+# topology.
+#
+# That is why this test is run on the isolated environment and not on
+# those connected with ad_dc (vampiredc/promoteddc)
+#
+# The chgdcpass environment is likewise isolated and emulates Samba 4.5
+# with regard to GET_ANC
+
+env = 'schema_pair_dc'
+planoldpythontestsuite("%s:local" % env, "samba_tool_drs",
+                       extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
+                       name="samba4.drs.samba_tool_drs.python(%s)" % env,
+                       environ={'DC1': '$DC_SERVER', 'DC2': '$SERVER'},
+                       extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
+for env in ['chgdcpass', 'schema_pair_dc']:
+    planoldpythontestsuite("%s:local" % env, "samba_tool_drs_critical",
+                           extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
+                           name="samba4.drs.samba_tool_drs_critical.python(%s)" % env,
+                           environ={'DC1': '$DC_SERVER', 'DC2': '$SERVER'},
+                           extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
+
+env = "schema_pair_dc"
+planoldpythontestsuite(env, "getnc_schema",
+                       extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
+                       name="samba4.drs.getnc_schema.python(%s)" % env,
+                       environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER',
+                                "PLEASE_BREAK_MY_WINDOWS": "1"},
+                       extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
+
+# This test can be sensitive to the DC joins and replications done in
+# "samba_tool_drs" so it is run against schema_pair_dc/schema_dc
+# not the set of environments connected with ad_dc.
+
+# This will show the replication state of ad_dc
+env = "schema_pair_dc"
+planoldpythontestsuite("%s:local" % env, "samba_tool_drs_showrepl",
+                       extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
+                       name="samba4.drs.samba_tool_drs_showrepl.python(%s)" % env,
+                       environ={'DC1': '$DC_SERVER', 'DC2': '$SERVER'},
+                       extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
+
+for env in ['vampire_dc', 'promoted_dc']:
+    planoldpythontestsuite("%s:local" % env, "replica_sync",
+                           extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
+                           name="samba4.drs.replica_sync.python(%s)" % env,
+                           environ={'DC1': '$DC_SERVER', 'DC2': '$SERVER'},
+                           extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
+    planoldpythontestsuite(env, "delete_object",
+                           extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
+                           name="samba4.drs.delete_object.python(%s)" % env,
+                           environ={'DC1': '$DC_SERVER', 'DC2': '$SERVER'},
+                           extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
+    planoldpythontestsuite(env, "fsmo",
+                           name="samba4.drs.fsmo.python(%s)" % env,
+                           extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
+                           environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
+                           extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
+    planoldpythontestsuite(env, "repl_secdesc",
+                           name="samba4.drs.repl_secdesc.python(%s)" % env,
+                           extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
+                           environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
+                           extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
+    planoldpythontestsuite(env, "repl_move",
+                           extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
+                           name="samba4.drs.repl_move.python(%s)" % env,
+                           environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
+                           extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
+    planoldpythontestsuite(env, "getnc_unpriv",
+                           extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
+                           name="samba4.drs.getnc_unpriv.python(%s)" % env,
+                           environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
+                           extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
+    planoldpythontestsuite(env, "linked_attributes_drs",
+                           extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
+                           name="samba4.drs.linked_attributes_drs.python(%s)" % env,
+                           environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
+                           extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
+    planoldpythontestsuite(env, "link_conflicts",
+                           extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
+                           name="samba4.drs.link_conflicts.python(%s)" % env,
+                           environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
+                           extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
+
+# Environment chgdcpass has the Samba 4.5 GET_ANC behaviour, which we
+# set a knownfail to expect
+for env in ['vampire_dc', 'promoted_dc', 'chgdcpass']:
+    planoldpythontestsuite(env, "getnc_exop",
+                           extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
+                           name="samba4.drs.getnc_exop.python(%s)" % env,
+                           environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
+                           extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
+
+for env in ['vampire_dc', 'promoted_dc', 'vampire_2000_dc']:
+    planoldpythontestsuite(env, "repl_schema",
+                           extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
+                           name="samba4.drs.repl_schema.python(%s)" % env,
+                           environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
+                           extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
+
+# A side-effect of the getncchanges tests is that they will create hundreds of
+# tombstone objects, so run them last to avoid interfering with (and slowing
+# down) the other DRS tests
+for env in ['vampire_dc', 'promoted_dc']:
+    planoldpythontestsuite(env, "getncchanges",
+                           extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
+                           name="samba4.drs.getncchanges.python(%s)" % env,
+                           environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'},
+                           extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
+
+for env in ['ad_dc_ntvfs']:
+    planoldpythontestsuite(env, "repl_rodc",
+                           extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
+                           name="samba4.drs.repl_rodc.python(%s)" % env,
+                           environ={'DC1': "$DC_SERVER", 'DC2': '$DC_SERVER'},
+                           extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
+    planoldpythontestsuite(env, "cracknames",
+                           extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
+                           name="samba4.drs.cracknames.python(%s)" % env,
+                           environ={'DC1': "$DC_SERVER", 'DC2': '$DC_SERVER'},
+                           extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
+
+planoldpythontestsuite("chgdcpass:local", "samba.tests.blackbox.samba_dnsupdate",
+                       environ={'DNS_SERVER_IP': '$SERVER_IP'})
+
+for env in ["s4member", "rodc", "promoted_dc", "ad_dc", "ad_member"]:
+    plantestsuite("samba.blackbox.wbinfo(%s:local)" % env, "%s:local" % env, [os.path.join(samba4srcdir, "../nsswitch/tests/test_wbinfo.sh"), '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', env])
+
+# Offline logon (ad_member)
+plantestsuite("samba.blackbox.offline_logon",
+              "ad_member_offlogon",
+              [os.path.join(bbdir, "test_offline_logon.sh"),
+               '$DOMAIN',
+               'alice', 'Secret007',
+               'bob', 'Secret007',
+               'jane', 'Secret007',
+               'joe', 'Secret007'])
+
+#
+# KDC Tests
+#
+
+# This test is for users cached at the RODC
+plansmbtorture4testsuite('krb5.kdc', "rodc", ['ncacn_np:$SERVER_IP', "-k", "yes", '-Utestdenied%$PASSWORD',
+                                              '--workgroup=$DOMAIN', '--realm=$REALM',
+                                              '--option=torture:krb5-upn=testdenied_upn@$REALM.upn',
+                                              '--option=torture:expect_rodc=true'],
+                         "samba4.krb5.kdc with account DENIED permission to replicate to an RODC")
+plansmbtorture4testsuite('krb5.kdc', "rodc", ['ncacn_np:$SERVER_IP', "-k", "yes", r'-Utestallowed\ account%$PASSWORD',
+                                              '--workgroup=$DOMAIN', '--realm=$REALM',
+                                              '--option=torture:expect_machine_account=true',
+                                              r'--option=torture:krb5-upn=testallowed\ upn@$REALM',
+                                              '--option=torture:krb5-hostname=testallowed',
+                                              '--option=torture:expect_rodc=true',
+                                              '--option=torture:expect_cached_at_rodc=true'],
+                         "samba4.krb5.kdc with account ALLOWED permission to replicate to an RODC")
+
+# This ensures we have correct behaviour on a server that is not not the PDC emulator
+env = "promoted_dc"
+plansmbtorture4testsuite('krb5.kdc', env, ['ncacn_np:$SERVER_IP', "-k", "yes", '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--realm=$REALM'],
+                         "samba4.krb5.kdc with specified account")
+plansmbtorture4testsuite('krb5.kdc', env, ['ncacn_np:$SERVER_IP', "-k", "yes", '-Utestupnspn%$PASSWORD', '--workgroup=$DOMAIN', '--realm=$REALM',
+                                           '--option=torture:expect_machine_account=true',
+                                           '--option=torture:krb5-upn=http/testupnspn.$DNSNAME@$REALM',
+                                           '--option=torture:krb5-hostname=testupnspn.$DNSNAME',
+                                           '--option=torture:krb5-service=http'],
+                         "samba4.krb5.kdc with account having identical UPN and SPN")
+for env in ["fl2008r2dc", "fl2003dc"]:
+    fast_support = have_fast_support
+    if env in ["fl2003dc"]:
+        fast_support = 0
+    planoldpythontestsuite(env, "samba.tests.krb5.as_req_tests",
+                           environ={
+                               **krb5_environ,
+                               'FAST_SUPPORT': fast_support,
+                           })
+
+planoldpythontestsuite('fl2008r2dc', 'samba.tests.krb5.salt_tests',
+                       environ=krb5_environ)
+
+for env in ["rodc", "promoted_dc", "fl2000dc", "fl2008r2dc"]:
+    if env == "rodc":
+        # The machine account is cached at the RODC, as it is the local account
+        extra_options = ['--option=torture:expect_rodc=true', '--option=torture:expect_cached_at_rodc=true']
+    else:
+        extra_options = []
+
+    plansmbtorture4testsuite('krb5.kdc', "%s:local" % env, ['ncacn_np:$SERVER_IP', "-k", "yes", '-P',
+                                                            '--workgroup=$DOMAIN', '--realm=$REALM',
+                                                            '--option=torture:krb5-hostname=$SERVER',
+                                                            '--option=torture:run_removedollar_test=true',
+                                                            '--option=torture:expect_machine_account=true'] + extra_options,
+                             "samba4.krb5.kdc with machine account")
+
+planpythontestsuite("ad_dc", "samba.tests.krb5.as_canonicalization_tests",
+                    environ=krb5_environ)
+for env, fast_support in [("ad_dc", True),
+                          ("fl2003dc", False)]:
+    planpythontestsuite(env, "samba.tests.krb5.compatability_tests",
+                        environ={
+                            **krb5_environ,
+                            'FAST_SUPPORT': int(have_fast_support and fast_support),
+                        })
+planpythontestsuite("ad_dc", "samba.tests.krb5.kdc_tests",
+                    environ=krb5_environ)
+planpythontestsuite(
+    "ad_dc",
+    "samba.tests.krb5.kdc_tgs_tests",
+    environ=krb5_environ)
+planpythontestsuite(
+    "ad_dc",
+    "samba.tests.krb5.fast_tests",
+    environ=krb5_environ)
+planpythontestsuite(
+    "ad_dc",
+    "samba.tests.krb5.ms_kile_client_principal_lookup_tests",
+    environ=krb5_environ)
+planpythontestsuite(
+    "ad_dc",
+    "samba.tests.krb5.spn_tests",
+    environ=krb5_environ)
+planpythontestsuite(
+    "ad_dc",
+    "samba.tests.krb5.alias_tests",
+    environ=krb5_environ)
+planoldpythontestsuite(
+    'ad_dc',
+    'samba.tests.krb5.pac_align_tests',
+    environ=krb5_environ)
+planoldpythontestsuite(
+    'ad_dc',
+    'samba.tests.krb5.protected_users_tests',
+    environ=krb5_environ)
+for env, nt_hash in [("ad_dc:local", True),
+                     ("ad_dc_no_ntlm:local", False)]:
+    planoldpythontestsuite(
+        env,
+        'samba.tests.krb5.nt_hash_tests',
+        environ={
+            **krb5_environ,
+            'EXPECT_NT_HASH': int(nt_hash),
+    })
+planoldpythontestsuite(
+    'ad_dc',
+    'samba.tests.krb5.kpasswd_tests',
+    environ=krb5_environ)
+planoldpythontestsuite(
+    'ad_dc',
+    'samba.tests.krb5.claims_tests',
+    environ=krb5_environ)
+planoldpythontestsuite(
+    'ad_dc',
+    'samba.tests.krb5.device_tests',
+    environ=krb5_environ)
+planoldpythontestsuite(
+    'ad_dc:local',
+    'samba.tests.krb5.lockout_tests',
+    environ=krb5_environ)
+planoldpythontestsuite(
+    'ad_dc',
+    'samba.tests.krb5.group_tests',
+    environ=krb5_environ)
+for env, forced_rc4 in [('ad_dc', False),
+                        ('promoted_dc', True)]:
+    planoldpythontestsuite(
+        env,
+        'samba.tests.krb5.etype_tests',
+        environ={
+            **krb5_environ,
+            'DC_SERVER': '$SERVER',
+            'DC_SERVER_IP': '$SERVER_IP',
+            'DC_SERVER_IPV6': '$SERVER_IPV6',
+            'FORCED_RC4': int(forced_rc4),
+        })
+planoldpythontestsuite(
+    'ad_dc',
+    'samba.tests.krb5.authn_policy_tests',
+    environ=krb5_environ)
+planoldpythontestsuite(
+    'ad_dc',
+    'samba.tests.krb5.pkinit_tests',
+    environ=krb5_environ)
+planoldpythontestsuite(
+    'ad_dc',
+    'samba.tests.krb5.conditional_ace_tests',
+    environ=krb5_environ)
+planoldpythontestsuite(
+    'ad_dc',
+    'samba.tests.krb5.gkdi_tests',
+    environ=krb5_environ)
+
+for env in [
+        'vampire_dc',
+        'promoted_dc']:
+    planoldpythontestsuite(env, "samba.tests.kcc",
+                           name="samba.tests.kcc",
+                           environ={'TEST_SERVER': '$SERVER', 'TEST_USERNAME': '$USERNAME',
+                                    'TEST_PASSWORD': '$PASSWORD',
+                                    'TEST_ENV': env
+                                    },
+                           extra_path=[os.path.join(srcdir(), "samba/python"), ])
+    planpythontestsuite(env, "samba.tests.samba_tool.visualize_drs")
+
+planpythontestsuite("ad_dc_default:local", "samba.tests.kcc.kcc_utils")
+
+for env in ["simpleserver", "fileserver", "nt4_dc", "ad_dc",
+            "ad_member", "offlinebackupdc", "restoredc", "renamedc", "labdc", 'schema_pair_dc']:
+    planoldpythontestsuite(env, "netlogonsvc",
+                           extra_path=[os.path.join(srcdir(), 'python/samba/tests')],
+                           name="samba.tests.netlogonsvc.python(%s)" % env)
+
+for env in ["ktest", "ad_member", "ad_dc_no_ntlm"]:
+    planoldpythontestsuite(env, "ntlmdisabled",
+                           extra_path=[os.path.join(srcdir(), 'python/samba/tests')],
+                           name="samba.tests.ntlmdisabled.python(%s)" % env)
+
+# Demote the vampire DC, it must be the last test each DC, before the dbcheck
+for env in ['vampire_dc', 'promoted_dc', 'rodc']:
+    planoldpythontestsuite(env, "samba.tests.samba_tool.demote",
+                           name="samba.tests.samba_tool.demote",
+                           environ={
+                               'CONFIGFILE': '$PREFIX/%s/etc/smb.conf' % env
+                           },
+                           extra_args=['-U"$USERNAME%$PASSWORD"'],
+                           extra_path=[os.path.join(srcdir(), "samba/python")]
+                           )
+# TODO: Verifying the databases really should be a part of the
+# environment teardown.
+# check the databases are all OK. PLEASE LEAVE THIS AS THE LAST TEST
+for env in ["ad_dc", "fl2000dc", "fl2003dc", "fl2008r2dc",
+            'vampire_dc', 'promoted_dc', 'backupfromdc', 'restoredc',
+            'renamedc', 'offlinebackupdc', 'labdc']:
+    plantestsuite("samba4.blackbox.dbcheck(%s)" % env, env + ":local", ["PYTHON=%s" % python, os.path.join(bbdir, "dbcheck.sh"), '$PREFIX/provision', configuration])
+
+#
+# Tests to verify bug 13653 https://bugzilla.samba.org/show_bug.cgi?id=13653
+# ad_dc has an lmdb backend, ad_dc_ntvfs has a tdb backend.
+#
+planoldpythontestsuite("ad_dc_ntvfs:local",
+                       "samba.tests.blackbox.bug13653",
+                       extra_args=['-U"$USERNAME%$PASSWORD"'],
+                       environ={'TEST_ENV': 'ad_dc_ntvfs'})
+planoldpythontestsuite("ad_dc:local",
+                       "samba.tests.blackbox.bug13653",
+                       extra_args=['-U"$USERNAME%$PASSWORD"'],
+                       environ={'TEST_ENV': 'ad_dc'})
+# cmocka tests not requiring a specific environment
+#
+plantestsuite("samba4.dsdb.samdb.ldb_modules.unique_object_sids", "none",
+              [os.path.join(bindir(), "test_unique_object_sids")])
+plantestsuite("samba4.dsdb.samdb.ldb_modules.encrypted_secrets.tdb", "none",
+              [os.path.join(bindir(), "test_encrypted_secrets_tdb")])
+plantestsuite("samba4.dsdb.samdb.ldb_modules.encrypted_secrets.mdb", "none",
+              [os.path.join(bindir(), "test_encrypted_secrets_mdb")])
+plantestsuite("lib.audit_logging.audit_logging", "none",
+              [os.path.join(bindir(), "audit_logging_test")])
+plantestsuite("lib.audit_logging.audit_logging.errors", "none",
+              [os.path.join(bindir(), "audit_logging_error_test")])
+plantestsuite("samba4.dsdb.samdb.ldb_modules.audit_util", "none",
+              [os.path.join(bindir(), "test_audit_util")])
+plantestsuite("samba4.dsdb.samdb.ldb_modules.audit_log", "none",
+              [os.path.join(bindir(), "test_audit_log")])
+plantestsuite("samba4.dsdb.samdb.ldb_modules.audit_log.errors", "none",
+              [os.path.join(bindir(), "test_audit_log_errors")])
+plantestsuite("samba4.dsdb.samdb.ldb_modules.group_audit", "none",
+              [os.path.join(bindir(), "test_group_audit")])
+plantestsuite("samba4.dsdb.samdb.ldb_modules.group_audit.errors", "none",
+              [os.path.join(bindir(), "test_group_audit_errors")])
+plantestsuite("samba4.dcerpc.dnsserver.dnsutils", "none",
+              [os.path.join(bindir(), "test_rpc_dns_server_dnsutils")])
+plantestsuite("libcli.drsuapi.repl_decrypt", "none",
+              [os.path.join(bindir(), "test_repl_decrypt")])
+plantestsuite("librpc.ndr.ndr_string", "none",
+              [os.path.join(bindir(), "test_ndr_string")])
+plantestsuite("librpc.ndr.ndr", "none",
+              [os.path.join(bindir(), "test_ndr")])
+plantestsuite("librpc.ndr.ndr_macros", "none",
+              [os.path.join(bindir(), "test_ndr_macros")])
+plantestsuite("librpc.ndr.ndr_dns_nbt", "none",
+              [os.path.join(bindir(), "test_ndr_dns_nbt")])
+plantestsuite("librpc.ndr.test_ndr_gmsa", "none",
+              [os.path.join(bindir(), "test_ndr_gmsa")])
+plantestsuite("libcli.ldap.ldap_message", "none",
+              [os.path.join(bindir(), "test_ldap_message")])
+
+# process restart and limit tests, these break the environment so need to run
+# in their own specific environment
+planoldpythontestsuite("preforkrestartdc:local",
+                       "samba.tests.prefork_restart",
+                       extra_path=[
+                           os.path.join(srcdir(), 'python/samba/tests')],
+                       extra_args=['-U"$USERNAME%$PASSWORD"'],
+                       name="samba.tests.prefork_restart")
+planoldpythontestsuite("preforkrestartdc:local",
+                       "samba.tests.blackbox.smbcontrol_process",
+                       extra_path=[
+                           os.path.join(srcdir(), 'python/samba/tests')],
+                       extra_args=['-U"$USERNAME%$PASSWORD"'],
+                       name="samba.tests.blackbox.smbcontrol_process")
+planoldpythontestsuite("proclimitdc",
+                       "samba.tests.process_limits",
+                       extra_path=[
+                           os.path.join(srcdir(), 'python/samba/tests')],
+                       extra_args=['-U"$USERNAME%$PASSWORD"'],
+                       name="samba.tests.process_limits")
+
+planoldpythontestsuite("none", "samba.tests.usage")
+planpythontestsuite("fileserver", "samba.tests.dcerpc.mdssvc")
+planoldpythontestsuite("none", "samba.tests.compression")
+planpythontestsuite("none", "samba.tests.security_descriptors")
+
+if have_cluster_support:
+    cluster_environ = {
+        "SERVER_HOSTNAME": "$NETBIOSNAME",
+        "INTERFACE_GROUP_NAME": "$NETBIOSNAME",
+        "CLUSTER_SHARE": "registry_share",
+        "USERNAME": "$DC_USERNAME",
+        "PASSWORD": "$DC_PASSWORD",
+    }
+    planpythontestsuite("clusteredmember:local",
+                        "samba.tests.blackbox.rpcd_witness_samba_only",
+                        environ=cluster_environ)
diff --git a/source4/selftest/tests_win.sh b/source4/selftest/tests_win.sh
new file mode 100755
index 0000000..fafaef1
--- /dev/null
+++ b/source4/selftest/tests_win.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+if [ $(whoami) != "root" ]; then
+	echo "Windows tests will not run without root privileges."
+	exit 1
+fi
+
+if [ "$DO_SOCKET_WRAPPER" = SOCKET_WRAPPER ]; then
+	echo "Windows tests will not run with socket wrapper enabled."
+	exit 1
+fi
+
+if [ ! $WINTESTCONF ]; then
+	echo "Environment variable WINTESTCONF has not been defined."
+	echo "Windows tests will not run unconfigured."
+	exit 1
+fi
+
+if [ ! -r $WINTESTCONF ]; then
+	echo "$WINTESTCONF could not be read."
+	exit 1
+fi
+
+export WINTEST_DIR=$SRCDIR/selftest/win
+export TMPDIR=$TMPDIR
+export NETBIOSNAME=$NETBIOSNAME
+
+. $WINTESTCONF
+
+$SRCDIR/selftest/test_win.sh
diff --git a/source4/selftest/tests_win2k3_dc.sh b/source4/selftest/tests_win2k3_dc.sh
new file mode 100755
index 0000000..290a4ef
--- /dev/null
+++ b/source4/selftest/tests_win2k3_dc.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+if [ ! $WINTESTCONF ]; then
+	echo "Environment variable WINTESTCONF has not been defined."
+	echo "Windows tests will not run unconfigured."
+	exit 1
+fi
+
+if [ ! -r $WINTESTCONF ]; then
+	echo "$WINTESTCONF could not be read."
+	exit 1
+fi
+
+. selftest/test_functions.sh
+
+export SRCDIR=$SRCDIR
+
+tests="RPC-DRSUAPI RPC-SPOOLSS ncacn_np ncacn_ip_tcp"
+
+for name in $tests; do
+	testit $name rpc $SRCDIR/selftest/win/wintest_2k3_dc.sh $name
+done
diff --git a/source4/selftest/win/README b/source4/selftest/win/README
new file mode 100644
index 0000000..f6e716c
--- /dev/null
+++ b/source4/selftest/win/README
@@ -0,0 +1,72 @@
+This framework uses a VMware Server hosted Windows guest VM to test the
+behaviour of Windows -> Samba and Samba -> Windows interactions. To setup a
+Windows host for testing, vm_setup.tar.gz contain some scripts which create
+an administrative user account, and enable and start the installed telnet
+service on the Windows host. Optionally, the hostname and workgroup name can
+also be set. vm_setup.tar.gz is currently located in the SOC/bnh branch of
+Samba's SVN repository.
+
+PREREQUISITES
+
+To use these scripts, VMware Server needs to be running with a Windows guest
+VM installed, IP addressed, and VMware tools needs to be installed and running
+on the guest VM. The Windows OS I used to test with was Windows Server 2003,
+but I think this should work with any version of Windows that has the
+Microsoft telnet service installed. The VMware Server versions I used for
+testing was 1.0.0 build-27828, and 1.0.0 build-28343.
+
+PLEASE NOTE: Due to problems with my original revert_snapshot() code, the initial
+setup now requires that the VM configuration setting 'When Powering Off' is
+manually set to 'Revert to snapshot' (snapshot.action="autoRevert" in the
+guest's .vmx file).  This should not be a permanent change, but the original
+revert_snapshot() code I wrote no longer works and i'm not sure why.
+
+On the machine that these scripts are running on (this need not be the same
+machine as the VMware host), the VMware perl scripting api needs to be
+installed, as well as the vix-perl api. These come with the VMware Server
+console package.
+
+After unzipping this file, the libraries are installed by extracting the
+VMware-vix-e.x.p-<revision number>.tar.gz and
+VMware-VmPerlAPI-e.x.p-<revision number>.tar.gz archives, and running the
+vmware-install.pl scripts inside their respective directories.
+
+On Slackware 10.2, I encountered a problem in that when I tried to use the vix
+api libraries, I would get the following error:
+
+SSLLoadSharedLibrary: Failed to load library /<client program directory>/libcrypto.so.0.9.7:/<client program directory>/libcrypto.so.0.9.7: cannot open a shared object file: No such file or directory.
+
+The fix found on the VMware knowledge base (search http://kb.vmware.com for
+Doc ID: 1837104) states that it's a known problem with the scripting libraries,
+and can be resolved by installing VMware Server on the host, which properly
+sets up the SSL module loader. This is what I would suggest if you encounter
+this, as it solved the problem for me (I don't have VMware Server actually
+running on that host though).
+
+INSTALLATION
+
+To use these scripts, modify initial_setup.conf to match your environment. The
+GUEST_HOSTNAME, GUEST_WORKGROUP, HOST_SERVER_NAME, HOST_SERVER_PORT,
+HOST_USERNAME, and HOST_PASSWORD variables are optional, and are commented out
+in this release.
+
+Running initial_setup.sh will:
+*  Get the IP address of the Windows guest VM.
+*  Take a snapshot of the pristine Windows guest.
+*  Copy the windows scripts from the windows-scripts directory on the unix host
+        to the directory on the Windows guest specified by the
+        GUEST_SCRIPT_PATH option. This path will be created on the guest if
+        it does not already exist.
+*  Execute win_setup.wsf on the Windows guest in order to create the
+        administrator account specified by GUEST_USERNAME and GUEST_PASSWORD,
+        enable and start the telnet service, and set the GUEST_HOSTNAME and
+        GUEST_WORKGROUP if configured.
+*  If these operations are successful so far, another snapshot is taken at this
+	point. This is the snapshot which is restored if the tests encounter
+	problems they are unable to recover from.
+
+These operations leave the Windows guest in a state such that it can be
+remotely administered with telnet. Specifically, this will allow us to use
+'make wintest' in Samba 4 to perform smbtorture tests against a Windows host,
+and perform tests from a Windows client to a Samba server.
+
diff --git a/source4/selftest/win/VMHost.pm b/source4/selftest/win/VMHost.pm
new file mode 100644
index 0000000..37d721e
--- /dev/null
+++ b/source4/selftest/win/VMHost.pm
@@ -0,0 +1,359 @@
+#!/usr/bin/perl -w
+
+# A perl object to provide a simple, unified method of handling some
+# VMware Server VM management functions using the perl and VIX API's.
+# Copyright Brad Henry <brad@samba.org> 2006
+# Released under the GNU GPL version 3 or later.
+
+# VMware Perl API
+use VMware::VmPerl;
+use VMware::VmPerl::VM;
+use VMware::VmPerl::ConnectParams;
+
+# VMware C bindings
+use VMware::Vix::Simple;
+use VMware::Vix::API::Constants;
+
+# Create a class to abstract from the Vix and VMPerl APIs.
+{ package VMHost;
+	my $perl_vm = VMware::VmPerl::VM::new();
+	my $perl_vm_credentials;
+	my $vix_vm;
+	my $vix_vm_host;
+
+	my $err_code = 0;
+	my $err_str = "";
+
+	my $hostname;
+	my $port;
+	my $username;
+	my $password;
+	my $vm_cfg_path;
+	my $guest_admin_username;
+	my $guest_admin_password;
+
+	sub error {
+		my $old_err_code = $err_code;
+		my $old_err_str = $err_str;
+		$err_code = 0;
+		$err_str = "";
+		return ($old_err_code, $old_err_str);
+	}
+
+	# Power on the guest if it isn't already running.
+	# Returns 0 when the guest is already running, and
+	# if not, it waits until it is started.
+	sub start_guest {
+		my $vm_power_state = $perl_vm->get_execution_state();
+		if (!defined($vm_power_state)) {
+			($err_code, $err_str) = $perl_vm->get_last_error();
+			return ($err_code);
+		}
+		if ($vm_power_state == VMware::VmPerl::VM_EXECUTION_STATE_OFF
+			|| $vm_power_state ==
+				VMware::VmPerl::VM_EXECUTION_STATE_SUSPENDED)
+		{
+			if (!$perl_vm->start()) {
+				($err_code, $err_str) =
+					$perl_vm->get_last_error();
+				return ($err_code);
+			}
+			while ($perl_vm->get_tools_last_active() == 0) {
+				sleep(60);
+			}
+		}
+		return ($err_code);
+	}
+
+	sub host_connect {
+		# When called as a method, the first parameter passed is the
+		# name of the method. Called locally, this function will lose
+		# the first parameter.
+		shift @_;
+		($hostname, $port, $username, $password, $vm_cfg_path,
+			$guest_admin_username, $guest_admin_password) = @_;
+
+		# Connect to host using vmperl api.
+		$perl_vm_credentials =
+			VMware::VmPerl::ConnectParams::new($hostname, $port,
+				$username, $password);
+		if (!$perl_vm->connect($perl_vm_credentials, $vm_cfg_path)) {
+			($err_code, $err_str) = $perl_vm->get_last_error();
+			undef $perl_vm;
+			return ($err_code);
+		}
+
+		# Connect to host using vix api.
+		($err_code, $vix_vm_host) =
+			VMware::Vix::Simple::HostConnect(
+				VMware::Vix::Simple::VIX_API_VERSION,
+				VMware::Vix::Simple::VIX_SERVICEPROVIDER_VMWARE_SERVER,
+				$hostname, $port, $username, $password,
+				0, VMware::Vix::Simple::VIX_INVALID_HANDLE);
+		if ($err_code != VMware::Vix::Simple::VIX_OK) {
+			$err_str =
+				VMware::Vix::Simple::GetErrorText($err_code);
+			undef $perl_vm;
+			undef $vix_vm;
+			undef $vix_vm_host;
+			return ($err_code);
+		}
+
+		# Power on our guest os if it isn't already running.
+		$err_code = start_guest();
+		if ($err_code != 0) {
+			my $old_err_str = $err_str;
+			$err_str = "Starting guest power after connect " .
+					"failed: " . $old_err_str;
+			undef $perl_vm;
+			undef $vix_vm;
+			undef $vix_vm_host;
+			return ($err_code);
+		}
+
+		# Open VM.
+		($err_code, $vix_vm) =
+			VMware::Vix::Simple::VMOpen($vix_vm_host, $vm_cfg_path);
+		if ($err_code != VMware::Vix::Simple::VIX_OK) {
+			$err_str =
+				VMware::Vix::Simple::GetErrorText($err_code);
+			undef $perl_vm;
+			undef $vix_vm;
+			undef $vix_vm_host;
+			return ($err_code);
+		}
+
+		# Login to $vix_vm guest OS.
+		$err_code = VMware::Vix::Simple::VMLoginInGuest($vix_vm,
+				$guest_admin_username, $guest_admin_password,
+				0);
+		if ($err_code != VMware::Vix::Simple::VIX_OK) {
+			$err_str =
+				VMware::Vix::Simple::GetErrorText($err_code);
+			undef $perl_vm;
+			undef $vix_vm;
+			undef $vix_vm_host;
+			return ($err_code);
+		}
+		return ($err_code);
+	}
+
+	sub host_disconnect {
+		undef $perl_vm;
+
+		$perl_vm = VMware::VmPerl::VM::new();
+		if (!$perl_vm) {
+			$err_code = 1;
+			$err_str = "Error creating new VmPerl object";
+		}
+
+		undef $vix_vm;
+		VMware::Vix::Simple::HostDisconnect($vix_vm_host);
+		VMware::Vix::Simple::ReleaseHandle($vix_vm_host);
+		return ($err_code);
+	}
+
+	sub host_reconnect {
+		$err_code = host_disconnect();
+		if ($err_code != 0) {
+			my $old_err_str = $err_str;
+			$err_str = "Disconnecting from host failed: " .
+					$old_err_str;
+			return ($err_code);
+		}
+
+		$err_code = host_connect(NULL, $hostname, $port, $username,
+				$password, $vm_cfg_path, $guest_admin_username,
+				$guest_admin_password);
+		if ($err_code != 0) {
+			my $old_err_str = $err_str;
+			$err_str = "Re-connecting to host failed: " .
+					$old_err_str;
+			return ($err_code);
+		}
+		return ($err_code);
+	}
+
+	sub create_snapshot {
+		my $snapshot;
+
+		($err_code, $snapshot) =
+			VMware::Vix::Simple::VMCreateSnapshot($vix_vm,
+			"Snapshot", "Created by vm_setup.pl", 0,
+			VMware::Vix::Simple::VIX_INVALID_HANDLE);
+
+		VMware::Vix::Simple::ReleaseHandle($snapshot);
+
+		if ($err_code != VMware::Vix::Simple::VIX_OK) {
+			$err_str =
+				VMware::Vix::Simple::GetErrorText($err_code);
+			return $err_code;
+		}
+
+		$err_code = host_reconnect();
+		if ($err_code != 0) {
+			my $old_err_str = $err_str;
+			$err_str = "Reconnecting to host after creating " .
+					"snapshot: " . $old_err_str;
+			return ($err_code);
+		}
+		return ($err_code);
+	}
+
+	sub revert_snapshot {
+		# Because of problems with VMRevertToSnapshot(), we have to
+		# rely on the guest having set 'Revert to Snapshot' following
+		# a power-off event.
+		$err_code = VMware::Vix::Simple::VMPowerOff($vix_vm, 0);
+		if ($err_code != VMware::Vix::Simple::VIX_OK) {
+			$err_str =
+				VMware::Vix::Simple::GetErrorText($err_code);
+			return $err_code;
+		}
+
+		# host_reconnect() will power-on a guest in a non-running state.
+		$err_code = host_reconnect();
+		if ($err_code != 0) {
+			my $old_err_str = $err_str;
+			$err_str = "Reconnecting to host after reverting " .
+					"snapshot: " . $old_err_str;
+			return ($err_code);
+		}
+		return ($err_code);
+	}
+
+	# $dest_path must exist. It doesn't get created.
+	sub copy_files_to_guest {
+		shift @_;
+		my (%files) = @_;
+
+		my $src_file;
+		my $dest_file;
+
+		foreach $src_file (keys(%files)) {
+			$dest_file = $files{$src_file};
+			$err_code =
+				VMware::Vix::Simple::VMCopyFileFromHostToGuest(
+					$vix_vm, $src_file, $dest_file, 0,
+					VMware::Vix::Simple::VIX_INVALID_HANDLE);
+			if ($err_code != VMware::Vix::Simple::VIX_OK) {
+				$err_str = "Copying $src_file: " .
+					VMware::Vix::Simple::GetErrorText(
+						$err_code);
+				return $err_code;
+			}
+		}
+		return $err_code;
+	}
+
+	sub copy_to_guest {
+		# Read parameters $src_path, $dest_path.
+		shift @_;
+		my ($src_path, $dest_dir) = @_;
+
+		my $len = length($dest_dir);
+		my $idx = rindex($dest_dir, '\\');
+		if ($idx != ($len - 1)) {
+			$err_code = -1;
+			$err_str = "Destination $dest_dir must be a " .
+					"directory path";
+			return ($err_code);
+		}
+
+		# Create the directory $dest_path on the guest VM filesystem.
+		my $cmd = "cmd.exe ";
+		my $cmd_args = "/C MKDIR " . $dest_dir;
+		$err_code = run_on_guest(NULL, $cmd, $cmd_args);
+		if ( $err_code != 0) {
+			my $old_err_str = $err_str;
+			$err_str = "Creating directory $dest_dir on host: " .
+					$old_err_str;
+			return ($err_code);
+		}
+
+		# If $src_filepath specifies a file, create it in $dest_path
+		# and keep the same name.
+		# If $src_path is a directory, create the files it contains in
+		# $dest_path, keeping the same names.
+		$len = length($src_path);
+		my %files;
+		$idx = rindex($src_path, '/');
+		if ($idx == ($len - 1)) {
+			# $src_path is a directory.
+			if (!opendir (DIR_HANDLE, $src_path)) {
+				$err_code = -1;
+				$err_str = "Error opening directory $src_path";
+				return $err_code;
+			}
+
+			foreach $file (readdir DIR_HANDLE) {
+				my $src_file = $src_path . $file;
+
+				if (!opendir(DIR_HANDLE2, $src_file)) {
+					# We aren't interested in subdirs.
+					my $dest_path = $dest_dir . $file;
+					$files{$src_file} = $dest_path;
+				} else {
+					closedir(DIR_HANDLE2);
+				}
+			}
+		} else {
+			# Strip if preceding path from $src_path.
+			my $src_file = substr($src_path, ($idx + 1), $len);
+			my $dest_path = $dest_dir . $src_file;
+
+			# Add $src_path => $dest_path to %files.
+			$files{$src_path} = $dest_path;
+		}
+
+		$err_code = copy_files_to_guest(NULL, %files);
+		if ($err_code != 0) {
+			my $old_err_str = $err_str;
+			$err_str = "Copying files to host after " .
+				"populating %files: " . $old_err_str;
+			return ($err_code);
+		}
+		return ($err_code);
+	}
+
+	sub run_on_guest {
+		# Read parameters $cmd, $cmd_args.
+		shift @_;
+		my ($cmd, $cmd_args) = @_;
+
+		$err_code = VMware::Vix::Simple::VMRunProgramInGuest($vix_vm,
+				$cmd, $cmd_args, 0,
+				VMware::Vix::Simple::VIX_INVALID_HANDLE);
+		if ($err_code != VMware::Vix::Simple::VIX_OK) {
+			$err_str = VMware::Vix::Simple::GetErrorText(
+					$err_code);
+			return ($err_code);
+		}
+
+		return ($err_code);
+	}
+
+	sub get_guest_ip {
+		my $guest_ip = $perl_vm->get_guest_info('ip');
+
+		if (!defined($guest_ip)) {
+			($err_code, $err_str) = $perl_vm->get_last_error();
+			return NULL;
+		}
+
+		if (!($guest_ip)) {
+			$err_code = 1;
+			$err_str = "Guest did not set the 'ip' variable";
+			return NULL;
+		}
+		return $guest_ip;
+	}
+
+	sub DESTROY {
+		host_disconnect();
+		undef $perl_vm;
+		undef $vix_vm_host;
+	}
+}
+
+return TRUE;
diff --git a/source4/selftest/win/common.exp b/source4/selftest/win/common.exp
new file mode 100644
index 0000000..93d24a6
--- /dev/null
+++ b/source4/selftest/win/common.exp
@@ -0,0 +1,521 @@
+# A library of commonly used functions written in expect.
+# Copyright Brad Henry <brad@samba.org> 2006
+# Released under the GNU GPL version 3 or later.
+
+# This function maps a drive letter to a share point.
+proc map_share { remote_prompt share_drive sharepoint username domain password } {
+	set default_err_str "Unknown error in function map_share"
+	set err_str $default_err_str
+
+	set cmd "net use $share_drive $sharepoint $password /USER:$username@$domain\r\n"
+	send $cmd
+
+	expect {
+		"The command completed successfully." {
+			expect_prompt $remote_prompt
+			set err_str "OK"
+		} \
+		"The local device name is already in use." {
+			expect_prompt $remote_prompt
+			set err_str "The device name $share_drive is already in use"
+		} \
+		"The network name cannot be found." {
+			expect_prompt $remote_prompt
+			set err_str "Sharepoint $sharepoint could not be found"
+		} \
+		timeout {
+			set err_str "Function map_share timed out while mapping $share_drive to $sharepoint"
+		}
+	}
+	return $err_str
+}
+
+# This function unmaps a drive letter from a share point.
+proc unmap_share { remote_prompt share_drive } {
+	set default_err_str "Unknown error in function unmap_share"
+	set err_str $default_err_str
+
+	set cmd "net use $share_drive /DELETE\r\n"
+	send $cmd
+
+	expect {
+		"was deleted successfully." {
+			expect_prompt $remote_prompt
+			set err_str "OK"
+		} \
+		"NET HELPMSG 2250" {
+			expect_prompt $remote_prompt
+			set err_str "The network connection could not be found while unmapping $share_drive"
+		} \
+		timeout {
+			set err_str "Function unmap_share timed out while unmapping $share_drive"
+		}
+	}
+	return $err_str
+}
+
+# This function uses xcopy to copy a text file from one location on the
+# remote windows host to another.
+proc xcopy_file { remote_prompt in_filename out_filename xcopy_options } {
+	set default_err_str "Unknown error in function xcopy_file"
+	set err_str $default_err_str
+
+	set cmd "xcopy $in_filename $out_filename $xcopy_options\r\n"
+	send $cmd
+
+	expect {
+		"(F = file, D = directory)? " {
+			set cmd "F\r\n"
+			send $cmd
+			expect {
+				"1 File(s) copied\r\n\r\n" {
+					expect_prompt $remote_prompt
+					set err_str "OK"
+				} \
+				"0 File(s) copied\r\n\r\n" {
+					expect_prompt $remote_prompt
+					set err_str $default_err_str
+				} \
+				timeout {
+					set err_str "Function xcopy_file has timed out while copying $in_filename"
+				}
+			}
+		} \
+		"1 File(s) copied\r\n\r\n" {
+			expect_prompt $remote_prompt
+			set err_str "OK"
+		} \
+		"0 File(s) copied\r\n\r\n" {
+			expect_prompt $remote_prompt
+			set err_str $default_err_str
+		} \
+		timeout {
+			set err_str "Function xcopy_file timed out while copying $in_filename"
+		}
+	}
+	return $err_str
+}
+
+# This function creates a temporary file on the remote windows host.
+# The file contents are populated by a recursive directory listing of 
+# the windows %HOMEDRIVE%.
+proc create_tmp_file { remote_prompt filename } {
+	set default_err_str "Unknown error in function create_tmp_file"
+	set err_str $default_err_str
+
+	set cmd "dir %HOMEDRIVE%\\ /S > $filename\r\n"
+	send $cmd
+	expect {
+		$remote_prompt {
+			set err_str "OK"
+		} \
+		timeout {
+			set err_str "Function create_tmp_file timed out while creating $filename"
+		}
+	}
+	return $err_str
+}
+
+# This function compares two files on the remote windows host.
+proc compare_files { remote_prompt file1 file2 } {
+	set default_err_str "Unknown error in function compare_files"
+	set err_str $default_err_str
+
+	set cmd "fc $file1 $file2\r\n"
+	send $cmd
+	expect {
+		"FC: no differences encountered\r\n\r\n\r\n" {
+			expect_prompt $remote_prompt
+			set err_str "OK"
+		} \
+		"\*\*\*\*\* $file1" {
+			expect_prompt $remote_prompt
+			set err_str "Files $file1 and $file2 differ"
+		} \
+		"\*\*\*\*\* $file2" {
+			expect_prompt $remote_prompt
+			set err_str "Files $file1 and $file2 differ"
+		} \
+		timeout {
+			set err_str "Function compare_files timed out while comparing files $file1 and $file2"
+		}
+	}
+	return $err_str
+}
+
+# This function deletes a file on the remote windows host.
+proc delete_file { remote_prompt filename } {
+	set default_err_str "Unknown error in function delete_file"
+	set err_str $default_err_str
+
+	set cmd "del $filename\r\n"
+	send $cmd
+	expect {
+		"Could Not" {
+			expect_prompt $remote_prompt
+			set err_str $default_err_str
+		} \
+		$remote_prompt {
+			set err_str "OK"
+		} \
+		timeout {
+			set err_str "Function delete_file timed oout while deleting $filename"
+		}
+	}
+	return $err_str
+}
+
+# This function copies a text file over telnet from the local unix host
+# to the remote windows host.
+proc copy_file { remote_prompt in_filename out_filename } {
+	set default_err_str "Unknown error in function copy_file"
+	set err_str $default_err_str
+
+	# The octal ASCII code for Control-Z is 032.
+	set CTRLZ \032
+
+	# Open local file and read contents.
+	set in_file [open $in_filename r]
+	set in_data [read $in_file]
+
+	# Initiate copy on remote host.
+	set cmd "copy con $out_filename\r\n"
+	send $cmd
+
+	# Separate $in_data into lines and send to remote host.
+	set out_data [split $in_data "\n"]
+	foreach out_line $out_data {
+		send $out_line
+		# We might as well do a unix -> windows line conversion.
+		send "\r\n"
+		# Are we overwriting an existing file?
+		# If so, exit so we can handle it.
+		expect {
+			"(Yes/No/All)" {
+				send "NO\r\n"
+				expect_prompt $remote_prompt
+				set err_str "File exists"
+			} \
+			$out_line {
+				set err_str "OK"
+			} \
+			timeout {
+				set err_str "Function copy_file timed out while copying $in_filename"
+			}
+		}
+		if { $err_str != "OK" } {
+			return $err_str
+		} else {
+			set err_str $default_err_str
+		}
+	}
+
+	# ^Z\r to complete the transfer.
+	send $CTRLZ
+	send "\r"
+	expect {
+		"file(s) copied." {
+			set err_str [expect_prompt $remote_prompt]
+		} \
+		$remote_prompt {
+			set err_str $default_err_str
+		} \
+		timeout {
+			expect_prompt $remote_prompt
+			set err_str "Function copy_file timed out while finishing copy of $in_filename"
+		}
+	}
+	return $err_str
+}
+
+# This function waits for the command prompt and reports an error on
+# timeout.
+proc expect_prompt { remote_prompt } {
+	set default_err_str "Unknown error occurred while waiting for the command prompt"
+	set err_str $default_err_str
+
+	expect {
+		$remote_prompt {
+			set err_str "OK"
+		} \
+		timeout {
+			set err_str "Timeout occurred while waiting for the command prompt"
+		}
+	}
+	return $err_str
+}
+
+# This function will create a telnet login shell to $remote_host as $username.
+# If expected dialogue is not received, return with a specific error if one
+# is recognized. Otherwise return a generic error indicating the function
+# name.
+proc telnet_login { remote_prompt remote_host username password } {
+
+	set default_err_str "Unknown error in function telnet_login"
+	set err_str $default_err_str
+
+	set cmd "telnet $remote_host\r"
+	send $cmd
+	expect {
+		"login: " {
+			set err_str "OK"
+		} \
+		"Connection refused" {
+			set err_str "Connection refused"
+		} \
+		"No route to host" {
+			set err_str "No route to host"
+		} \
+		timeout {
+			set err_str "Function telnet_login timed out while waiting for the login prompt"
+		}
+	}
+	if { $err_str != "OK" } {
+		# Return because something unexpected happened.
+		return $err_str
+	} else {
+		# Reset err_str
+		set err_str $default_err_str
+	}
+
+	set cmd "$username\r"
+	send $cmd
+	expect {
+		"password: " {
+			set err_str "OK"
+		} \
+		timeout {
+			set err_str "Function telnet_login timed out while waiting for the password prompt"
+		}
+	}
+	if { $err_str != "OK" } {
+		return $err_str
+	} else {
+		set err_str $default_err_str
+	}
+
+	set cmd "$password\r"
+	send $cmd
+	expect {
+		$remote_prompt {
+			set err_str "OK"
+		} \
+		"Login Failed" {
+			set err_str "Telnet login failed"
+		} \
+		timeout {
+			set err_str "Function telnet_login timed out while waiting for the command prompt"
+		}
+	}
+	return $err_str
+}
+
+proc create_directory { remote_prompt sharepath } {
+
+	set default_err_str "Unknown error in function create_directory"
+	set err_str $default_err_str
+
+	set cmd "mkdir $sharepath\r\n"
+	send $cmd
+	expect  {
+		"already exists" {
+			expect_prompt $remote_prompt
+			set err_str "Directory already exists"
+		} \
+		$remote_prompt {
+			set err_str "OK"
+		} \
+		timeout {
+			expect_prompt $remote_prompt
+			set err_str "Timeout reached starting create_directory."
+		}
+	}
+	return $err_str
+}
+
+proc delete_directory { remote_prompt sharepath } {
+
+	set default_err_str "Unknown error in function delete_directory"
+	set err_str $default_err_str
+
+	set cmd "rmdir /S /Q $sharepath\r\n"
+	send $cmd
+	expect {
+		"Access is denied." {
+			expect_prompt $remote_prompt
+			set err_str "Directory access is denied"
+		} \
+		$remote_prompt {
+			set err_str "OK"
+		} \
+		timeout {
+			expect_prompt $remote_prompt
+			set err_str "Timeout reached in delete_directory"
+		}
+	}
+	return $err_str
+}
+
+proc create_share { remote_prompt username sharepath sharename } {
+
+	set default_err_str "Unknown error in function create_share"
+	set err_str $default_err_str
+
+	set cmd "net share $sharename=$sharepath /GRANT:$username,FULL\r\n"
+	send $cmd
+	expect {
+		"was shared successfully." {
+			set err_str [expect_prompt $remote_prompt]
+		} \
+		"NET HELPMSG 2118." {
+			expect_prompt $remote_prompt
+			set err_str "The name has already been shared"
+		} \
+		$remote_prompt {
+			set err_str $default_err_str
+		} \
+		timeout {
+			expect_prompt $remote_prompt
+			set err_str "Timeout reached in create_share"
+		}
+	}
+	return $err_str
+}
+
+proc delete_share { remote_prompt sharename } {
+
+	set default_err_str "Unknown error in function delete_share"
+	set err_str $default_err_str
+
+	set cmd "net share $sharename /DELETE\r\n"
+	send $cmd
+	expect {
+		"was deleted successfully." {
+			set err_str [expect_prompt $remote_prompt]
+		} \
+		"does not exist." {
+			expect_prompt $remote_prompt
+			set err_str "The share does not exist"
+		} \
+		$remote_prompt {
+			set err_str $default_err_str
+		} \
+		timeout {
+			expect_prompt $remote_prompt
+			set err_str "Timeout reached in delete_share"
+		}
+	}
+	return $err_str
+}
+
+proc delete_hosts_entry { remote_prompt hosts_file_path backup_hosts_filename } {
+
+	set default_err_str "Unknown error in function delete_hosts_entry"
+	set err_str $default_err_str
+
+	set cmd "cd $hosts_file_path\r\n"
+	send $cmd
+	expect {
+		"." {
+			expect_prompt $remote_prompt
+			set err_str $default_err_str
+		} \
+		$remote_prompt {
+			set err_str "OK"
+		} \
+		timeout {
+			expect_prompt $remote_prompt
+			set err_str "Timeout reached in delete_hosts_entry"
+		}
+	}
+	if { $err_str != "OK" } {
+		return $err_str
+	} else {
+		set err_str $default_err_str
+	}
+
+	set cmd "move /Y $backup_hosts_filename hosts\r\n"
+	send $cmd
+	expect {
+		"1 file(s) moved." {
+			set err_str [expect_prompt $remote_prompt]
+		} \
+		"cannot find the file specified." {
+			expect_prompt $remote_prompt
+			set err_str "File not found"
+		} \
+		$remote_prompt {
+			set err_str $default_err_str
+		} \
+		timeout {
+			expect_prompt $remote_prompt
+			set err_str "Function delete_hosts_entry timed out while renaming $backup_hosts_filename"
+		}
+	}
+	return $err_str
+}
+
+proc create_hosts_entry { remote_prompt hosts_file_path hostname ip \
+				backup_hosts_filename } {
+
+	set default_err_str "Unknown error in function create_hosts_entry"
+	set err_str $default_err_str
+
+	set cmd "cd $hosts_file_path\r\n"
+	send $cmd
+	expect	{
+		"." {
+			expect_prompt $remote_prompt
+			set err_str $default_err_str
+		} \
+		$remote_prompt {
+			set err_str "OK"
+		} \
+		timeout {
+			expect_prompt $remote_prompt
+			set err_str "Timeout reached in create_hosts_entry"
+		}
+	}
+	if { $err_str != "OK" } {
+		return $err_str
+	} else {
+		set err_str $default_err_str
+	}
+
+	set cmd "copy /Y hosts $backup_hosts_filename\r\n"
+	send $cmd
+	expect	{
+		"1 file(s) copied." {
+			set err_str [expect_prompt $remote_prompt]
+		} \
+		"cannot find the file specified." {
+			expect_prompt $remote_prompt
+			set err_str "File not found."
+		} \
+		$remote_prompt {
+			set err_str $default_err_str
+		} \
+		timeout {
+			expect_prompt $remote_prompt
+			set err_str "Function create_hosts_entry timed out while copying hosts file"
+		}
+	}
+	if { $err_str != "OK" } {
+		return $err_str
+	} else {
+		set err_str $default_err_str
+	}
+
+	set cmd "echo $ip     $hostname     #smbtorture host. >> hosts\r\n"
+	send $cmd
+	expect	{
+		$remote_prompt {
+			set err_str "OK"
+		} \
+		timeout {
+			expect_prompt $remote_prompt
+			set err_str "Function create_hosts timed out while updating hosts file"
+		}
+	}
+	return $err_str
+}
diff --git a/source4/selftest/win/test_win.conf b/source4/selftest/win/test_win.conf
new file mode 100644
index 0000000..ed52be9
--- /dev/null
+++ b/source4/selftest/win/test_win.conf
@@ -0,0 +1,83 @@
+
+# perl needs to know to look in $WINTEST_DIR for VMHost.pm.
+export PERLLIB=$WINTEST_DIR
+
+# Command prompt that we are expecting on the windows host.
+export SMBTORTURE_REMOTE_PROMPT=">"
+
+##
+## The variables in this section apply to the 'make wintest_dc' set of tests.
+##
+
+# A username and password with admin rights to the DC we're testing against.
+export WIN2K3_DC_USERNAME="tortureuser"
+export WIN2K3_DC_PASSWORD="torturepass"
+
+# The domain and realm that the DC is configured for.
+export WIN2K3_DC_DOMAIN="WINTESTDC"
+export WIN2K3_DC_REALM="wintest.dc"
+
+# The path to the DC vmware image config file, local to the vmware server.
+export WIN2K3_DC_VM_CFG_PATH="/var/lib/vmware/Virtual Machines/Windows Server 2003 DC BuildFarm/Windows 2003 DC BuildFarm.vmx"
+
+##
+## The parameters in this section apply to the 'make wintest' set of tests.
+##
+
+# The username and password we will be testing with.
+# This user will need admin rights on the remote windows host.
+export SMBTORTURE_USERNAME="tortureuser"
+export SMBTORTURE_PASSWORD="torturepass"
+
+# The name of the workgroup we will be using on the remote windows host.
+export SMBTORTURE_WORKGROUP="SMBTEST"
+
+# The name of and path to the windows share we'll be testing against.
+export SMBTORTURE_REMOTE_SHARE_NAME="smbtorture_share"
+export SMBTORTURE_REMOTE_SHARE_PATH="%HOMEDRIVE%\smbtorture_shared_dir"
+
+# Default timeout for the expect scripts to wait for a response from the remote.
+export SMBTORTURE_EXPECT_TIMEOUT=30
+
+# Path to the local smbtorture binary.
+export SMBTORTURE_BIN_PATH="bin/smbtorture"
+
+# Local system hostname and ip address we'll be adding to the remote's
+# hosts file.
+export SMBTORTURE_LOCAL_HOSTNAME=$NETBIOSNAME
+export SMBTORTURE_LOCAL_IP="192.168.100.12"
+
+# Filename of the windows hosts' unedited hosts file.
+export REMOTE_BACKUP_HOSTS_FILENAME="hosts.smbtorture"
+export REMOTE_HOSTS_FILE_PATH="%SYSTEMROOT%\\system32\\drivers\\etc"
+
+# These coincide with the parameters mktestsetup.sh uses to setup smbd.
+export SMBTORTURE_LOCAL_USERNAME="administrator"
+export SMBTORTURE_LOCAL_PASSWORD="penguin"
+export SMBTORTURE_LOCAL_DOMAIN="SAMBADOMAIN"
+
+# This is the name of the samba share the windows vm will connect to.
+export SMBTORTURE_LOCAL_SHARE_NAME="TMP"
+
+# This is the drive letter which will be used to mount a share on the windows vm.
+export SMBTORTURE_REMOTE_DRIVE_LETTER="X:"
+
+# This is the name of the file which will be created on the windows vm
+# and used for samba server tests.
+export SMBTORTURE_TMP_FILENAME="smbtorture.tmp"
+
+# The path to the vmware image config file local to the vmware server.
+export VM_CFG_PATH="/var/lib/vmware/Virtual Machines/Win2k3-BuildFarm/Win2k3-BuildFarm.vmx"
+
+# In order to copy files and execute programs on the guest vm,
+# we need administrator-level credentials to log in with.
+export GUEST_ADMIN_USERNAME="administrator"
+export GUEST_ADMIN_PASSWORD="adminpass"
+
+# These parameters are optional. If not specified, the script tries to access
+# a local vmware server as the executing user.
+# logged-in user running the script are used.
+export HOST_SERVER_NAME="vmhost"
+export HOST_SERVER_PORT=902
+export HOST_USERNAME="vmuser"
+export HOST_PASSWORD="vmpass"
diff --git a/source4/selftest/win/vm_get_ip.pl b/source4/selftest/win/vm_get_ip.pl
new file mode 100644
index 0000000..9657a34
--- /dev/null
+++ b/source4/selftest/win/vm_get_ip.pl
@@ -0,0 +1,48 @@
+#!/usr/bin/perl -w
+
+# A perl script to connect to a VMware server and get the IP address of a VM.
+# Copyright Brad Henry <brad@samba.org> 2006
+# Released under the GNU GPL version 3 or later.
+
+use VMHost;
+
+sub check_error {
+	my $vm = VMHost;
+	my $custom_err_str = "";
+	($vm, $custom_err_str) = @_;
+
+	my ($err_code, $err_str) = $vm->error;
+	if ($err_code != 0) {
+		undef $vm;
+		die $custom_err_str . "Returned $err_code: $err_str.\n";
+	}
+}
+
+# Read in parameters from environment.
+my $vm_cfg_path = $ENV{"$ARGV[0]"};
+my $host_server_name = $ENV{'HOST_SERVER_NAME'};
+my $host_server_port = $ENV{'HOST_SERVER_PORT'};
+if (!defined($host_server_port)) {
+	$host_server_port = 902;
+}
+
+my $host_username = $ENV{'HOST_USERNAME'};
+my $host_password = $ENV{'HOST_PASSWORD'};
+my $guest_admin_username = $ENV{'GUEST_ADMIN_USERNAME'};
+my $guest_admin_password = $ENV{'GUEST_ADMIN_PASSWORD'};
+
+my $vm = VMHost;
+
+$vm->host_connect($host_server_name, $host_server_port, $host_username,
+			$host_password, $vm_cfg_path, $guest_admin_username,
+			$guest_admin_password);
+check_error($vm, "Error in \$vm->host_connect().\n");
+
+my $guest_ip = $vm->get_guest_ip();
+check_error($vm, "Error in \$vm->get_guest_ip().\n");
+
+print $guest_ip;
+
+undef $vm;
+
+exit 0;
diff --git a/source4/selftest/win/vm_load_snapshot.pl b/source4/selftest/win/vm_load_snapshot.pl
new file mode 100644
index 0000000..35e80ba
--- /dev/null
+++ b/source4/selftest/win/vm_load_snapshot.pl
@@ -0,0 +1,46 @@
+#!/usr/bin/perl -w
+
+# A perl script to connect to a VMware server and revert a VM snapshot.
+# Copyright Brad Henry <brad@samba.org> 2006
+# Released under the GNU GPL version 3 or later.
+
+use VMHost;
+
+sub check_error {
+my $vm = VMHost;
+	my $custom_err_str = "";
+	($vm, $custom_err_str) = @_;
+
+	my ($err_code, $err_str) = $vm->error;
+	if ($err_code != 0) {
+		undef $vm;
+		die $custom_err_str . "Returned $err_code: $err_str.\n";
+	}
+}
+
+# Read in parameters from environment.
+my $vm_cfg_path = $ENV{'VM_CFG_PATH'};
+my $host_server_name = $ENV{'HOST_SERVER_NAME'};
+my $host_server_port = $ENV{'HOST_SERVER_PORT'};
+if (!defined($host_server_port)) {
+	$host_server_port = 902;
+}
+
+my $host_username = $ENV{'HOST_USERNAME'};
+my $host_password = $ENV{'HOST_PASSWORD'};
+my $guest_admin_username = $ENV{'GUEST_ADMIN_USERNAME'};
+my $guest_admin_password = $ENV{'GUEST_ADMIN_PASSWORD'};
+
+my $vm = VMHost;
+
+$vm->host_connect($host_server_name, $host_server_port, $host_username,
+			$host_password, $vm_cfg_path, $guest_admin_username,
+			$guest_admin_password);
+check_error($vm, "Error in \$vm->host_connect().\n");
+
+$vm->revert_snapshot();
+check_error($vm, "Error in \$vm->revert_snapshot().\n");
+
+undef $vm;
+
+exit 0;
diff --git a/source4/selftest/win/wintest_2k3_dc.sh b/source4/selftest/win/wintest_2k3_dc.sh
new file mode 100755
index 0000000..e77c2e2
--- /dev/null
+++ b/source4/selftest/win/wintest_2k3_dc.sh
@@ -0,0 +1,120 @@
+#!/bin/sh
+
+if [ $# -lt 1 ]; then
+	cat <<EOF
+Usage: wintest_2k3_dc.sh TESTGROUP
+EOF
+	exit 1
+fi
+
+TESTGROUP=$1
+
+if [ -z $WINTEST_DIR ]; then
+	echo "Environment variable WINTEST_DIR not found."
+	exit 1
+fi
+
+# This variable is defined in the per-hosts .fns file for build-farm hosts that run windows tests.
+if [ -z $WINTESTCONF ]; then
+	echo "Please point environment variable WINTESTCONF to your test_win.conf file."
+	exit 1
+fi
+
+. $WINTESTCONF
+. $WINTEST_DIR/wintest_functions.sh
+
+export WIN2K3_DC_REMOTE_HOST=$(perl -I$WINTEST_DIR $WINTEST_DIR/vm_get_ip.pl WIN2K3_DC_VM_CFG_PATH)
+
+if [ -z $WIN2K3_DC_REMOTE_HOST ]; then
+	# Restore snapshot to ensure VM is in a known state, then exit.
+	restore_snapshot "Test failed to get the IP address of the windows 2003 DC." "$WIN2K3_DC_VM_CFG_PATH"
+	exit 1
+fi
+
+server=$WIN2K3_DC_REMOTE_HOST
+username=$WIN2K3_DC_USERNAME
+password=$WIN2K3_DC_PASSWORD
+domain=$WIN2K3_DC_DOMAIN
+realm=$WIN2K3_DC_REALM
+
+OPTIONS="-U$username%$password -W $domain --option realm=$realm"
+
+all_errs=0
+
+on_error()
+{
+	name=$1
+
+	all_errs=$(expr $all_errs + 1)
+	restore_snapshot "$name test failed." "$WIN2K3_DC_VM_CFG_PATH"
+}
+
+drsuapi_tests()
+{
+
+	name="RPC-DRSUAPI on ncacn_ip_tcp with seal"
+	bin/smbtorture \
+		ncacn_ip_tcp:${server}[seal] $OPTIONS \
+		RPC-DRSUAPI || on_error "$name"
+
+	name="RPC-DRSUAPI on ncacn_ip_tcp with seal,bigendian"
+	bin/smbtorture \
+		ncacn_ip_tcp:${server}[seal,bigendian] $OPTIONS \
+		RPC-DRSUAPI || on_error "$name"
+}
+
+spoolss_tests()
+{
+
+	name="RPC-SPOOLSS on ncacn_np"
+	bin/smbtorture \
+		ncacn_np:$server $OPTIONS \
+		RPC-SPOOLSS || on_error "$name"
+}
+
+ncacn_ip_tcp_tests()
+{
+	bindopt=$1
+	transport="ncacn_ip_tcp"
+	tests="RPC-SCHANNEL RPC-EPMAPPER RPC-SAMR RPC-NETLOGON RPC-LSA RPC-SAMLOGON RPC-SAMSYNC RPC-MULTIBIND"
+
+	for bindoptions in $bindopt; do
+		for t in $tests; do
+			name="$t on $transport with $bindoptions"
+			bin/smbtorture $TORTURE_OPTIONS \
+				$transport:${server}[$bindoptions] \
+				$OPTIONS $t || on_error "$name"
+		done
+	done
+}
+
+ncacn_np_tests()
+{
+	bindopt=$1
+	transport="ncacn_np"
+	tests="RPC-SCHANNEL RPC-DSSETUP RPC-EPMAPPER RPC-SAMR RPC-WKSSVC RPC-SRVSVC RPC-EVENTLOG RPC-NETLOGON RPC-LSA RPC-SAMLOGON RPC-SAMSYNC RPC-MULTIBIND RPC-WINREG"
+
+	for bindoptions in $bindopt; do
+		for t in $tests; do
+			name="$t on $transport with $bindoptions"
+			bin/smbtorture $TORTURE_OPTIONS \
+				$transport:${server}[$bindoptions] \
+				$OPTIONS $t || on_error "$name"
+		done
+	done
+}
+
+bindoptions="padcheck connect sign seal ntlm,sign ntml,seal $VALIDATE bigendian"
+
+case $TESTGROUP in
+RPC-DRSUAPI) drsuapi_tests ;;
+RPC-SPOOLSS) spoolss_tests ;;
+ncacn_ip_tcp) ncacn_ip_tcp_tests $bindoptions ;;
+ncacn_np) ncacn_np_tests $bindoptions ;;
+*)
+	echo "$TESTGROUP is not a known set of tests."
+	exit 1
+	;;
+esac
+
+exit $all_errs
diff --git a/source4/selftest/win/wintest_base.sh b/source4/selftest/win/wintest_base.sh
new file mode 100755
index 0000000..73b0f9c
--- /dev/null
+++ b/source4/selftest/win/wintest_base.sh
@@ -0,0 +1,68 @@
+#!/bin/sh
+
+. selftest/test_functions.sh
+
+. selftest/win/wintest_functions.sh
+
+# This variable is defined in the per-hosts .fns file.
+. $WINTESTCONF
+
+if [ $# -lt 4 ]; then
+	cat <<EOF
+Usage: wintest_base.sh SERVER USERNAME PASSWORD DOMAIN
+EOF
+	exit 1
+fi
+
+server="$1"
+username="$2"
+password="$3"
+domain="$4"
+shift 4
+
+export SMBTORTURE_REMOTE_HOST=$server
+
+base_tests="BASE-UNLINK BASE-ATTR BASE-DELETE BASE-TCON BASE-OPEN BASE-CHKPATH"
+
+all_errs=0
+err=0
+
+on_error()
+{
+	errstr=$1
+
+	all_errs=$(expr $all_errs + 1)
+	restore_snapshot $errstr "$VM_CFG_PATH"
+}
+
+for t in $base_tests; do
+	test_name="$t / WINDOWS SERVER"
+	echo -e "\n$test_name SETUP PHASE"
+
+	setup_share_test
+
+	if [ $err_rtn -ne 0 ]; then
+		# If test setup fails, load VM snapshot and skip test.
+		on_error "\n$test_name setup failed, skipping test."
+	else
+		echo -e "\n$test_name setup completed successfully."
+
+		$SMBTORTURE_BIN_PATH -U $username%$password \
+			-W $domain //$server/$SMBTORTURE_REMOTE_SHARE_NAME \
+			$t || err=1
+		if [ $err -ne 0 ]; then
+			on_error "\n$test_name failed."
+		else
+			echo -e "\n$test_name CLEANUP PHASE"
+			remove_share_test
+			if [ $err_rtn -ne 0 ]; then
+				# If cleanup fails, restore VM snapshot.
+				on_error "\n$test_name removal failed."
+			else
+				echo -e "\n$test_name removal completed successfully."
+			fi
+		fi
+	fi
+done
+
+exit $all_errs
diff --git a/source4/selftest/win/wintest_client.exp b/source4/selftest/win/wintest_client.exp
new file mode 100644
index 0000000..ccf5d06
--- /dev/null
+++ b/source4/selftest/win/wintest_client.exp
@@ -0,0 +1,95 @@
+# An expect script to create a temporary file, map a share, copy the file to the share,
+# and compare the contents of the two files.
+# Copyright Brad Henry <brad@samba.org> 2006
+# Released under the GNU GPL version 3 or later.
+
+proc run_test { remote_prompt tmp_filename share_drive host_drive buildhost_ip buildhost_share username domain password } {
+
+	# Create the temp file on the windows host and connect to the samba share.
+	set host_tmpfile "$host_drive\\$tmp_filename"
+	set err_str [create_tmp_file $remote_prompt $host_tmpfile]
+	if { $err_str != "OK" } {
+		return $err_str
+	}
+
+	set buildhost_sharepoint "\\\\$buildhost_ip\\$buildhost_share"
+	set err_str [map_share $remote_prompt $share_drive $buildhost_sharepoint $username $domain $password]
+	if { $err_str != "OK" } {
+		return $err_str
+	}
+
+	# Copy the temp file to the share and compare its contents with the original.
+	set share_tmpfile "$share_drive\\$tmp_filename"
+	set xcopy_options ""
+	set err_str [xcopy_file $remote_prompt $host_tmpfile $share_tmpfile $xcopy_options]
+	if { $err_str != "OK" } {
+		return $err_str
+	}
+
+	set err_str [compare_files $remote_prompt $host_tmpfile $share_tmpfile]
+	if { $err_str != "OK" } {
+		return $err_str
+	}
+
+	# Remove files and unmap share.
+	set err_str [delete_file $remote_prompt $share_tmpfile]
+	if { $err_str != "OK" } {
+		return $err_str
+	}
+	set err_str [delete_file $remote_prompt $host_tmpfile]
+	if { $err_str != "OK" } {
+		return $err_str
+	}
+
+	set err_str [unmap_share $remote_prompt $share_drive]
+	if {$err_str != "OK" } {
+		return $err_str
+	}
+
+	return $err_str
+}
+
+# Read parameters.
+set remote_prompt $env(SMBTORTURE_REMOTE_PROMPT)
+set remote_host $env(SMBTORTURE_REMOTE_HOST)
+set username $env(SMBTORTURE_USERNAME)
+set password $env(SMBTORTURE_PASSWORD)
+set timeout $env(SMBTORTURE_EXPECT_TIMEOUT)
+
+set tmp_filename $env(SMBTORTURE_TMP_FILENAME)
+
+set share_drive $env(SMBTORTURE_REMOTE_DRIVE_LETTER)
+set host_drive "%HOMEDRIVE%"
+
+set buildhost_ip $env(SMBTORTURE_LOCAL_IP)
+set buildhost_share $env(SMBTORTURE_LOCAL_SHARE_NAME)
+set buildhost_username $env(SMBTORTURE_LOCAL_USERNAME)
+set buildhost_domain $env(SMBTORTURE_LOCAL_DOMAIN)
+set buildhost_password $env(SMBTORTURE_LOCAL_PASSWORD)
+
+set err_val [spawn $env(SHELL)]
+if {$err_val == 0} {
+	puts stderr "Expect failed while spawning a shell process."
+	exit $err_val
+}
+
+set err_str [telnet_login $remote_prompt $remote_host $username $password]
+if {$err_str != "OK"} {
+	puts stderr "\nFunction telnet_login failed during Samba server testing."
+	puts stderr "Error was: $err_str."
+	exit 1
+}
+
+set err_str [run_test $remote_prompt $tmp_filename $share_drive $host_drive $buildhost_ip $buildhost_share $buildhost_username $buildhost_domain $buildhost_password]
+if {$err_str != "OK"} {
+	puts stderr "\nFunction run_test failed during Samba server testing."
+	puts stderr "Error was: $err_str."
+
+	# Log off from the telnet server.
+	send "exit\r\n"
+	exit 1
+}
+
+# Log off from the telnet server.
+send "exit\r\n"
+exit 0
diff --git a/source4/selftest/win/wintest_client.sh b/source4/selftest/win/wintest_client.sh
new file mode 100755
index 0000000..b956c71
--- /dev/null
+++ b/source4/selftest/win/wintest_client.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+. selftest/test_functions.sh
+
+. selftest/win/wintest_functions.sh
+
+# This variable is defined in the per-hosts .fns file.
+. $WINTESTCONF
+
+export SMBTORTURE_REMOTE_HOST=$1
+
+test_name="WINDOWS CLIENT / SAMBA SERVER SHARE"
+
+cat $WINTEST_DIR/common.exp >$TMPDIR/client_test.exp
+cat $WINTEST_DIR/wintest_client.exp >>$TMPDIR/client_test.exp
+
+expect $TMPDIR/client_test.exp || all_errs=$(expr $all_errs + 1)
+
+if [ $all_errs ] >0; then
+	# Restore snapshot to ensure VM is in a known state.
+	restore_snapshot "\n$test_name failed." "$VM_CFG_PATH"
+fi
+
+rm -f $TMPDIR/client_test.exp
+
+exit $all_errs
diff --git a/source4/selftest/win/wintest_functions.sh b/source4/selftest/win/wintest_functions.sh
new file mode 100755
index 0000000..9b6bed9
--- /dev/null
+++ b/source4/selftest/win/wintest_functions.sh
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+# Setup the windows environment.
+# This was the best way I could figure out including library files
+# for the moment.
+# I was finding that "cat common.exp wintest_setup.exp | expect -f -"
+# fails to run, but exits with 0 status something like 1% of the time.
+
+setup_share_test()
+{
+	echo -e "\nSetting up windows environment."
+	cat $WINTEST_DIR/common.exp >$TMPDIR/setup.exp
+	cat $WINTEST_DIR/wintest_setup.exp >>$TMPDIR/setup.exp
+	expect $TMPDIR/setup.exp
+	err_rtn=$?
+	rm -f $TMPDIR/setup.exp
+}
+
+# Clean up the windows environment after the test has run or failed.
+remove_share_test()
+{
+	echo -e "\nCleaning up windows environment."
+	cat $WINTEST_DIR/common.exp >$TMPDIR/remove.exp
+	cat $WINTEST_DIR/wintest_remove.exp >>$TMPDIR/remove.exp
+	expect $TMPDIR/remove.exp
+	err_rtn=$?
+	rm -f $TMPDIR/remove.exp
+}
+
+restore_snapshot()
+{
+	err_str=$1
+	VMX_PATH=$2
+
+	# Display the error that caused us to restore the snapshot.
+	echo -e $err_str
+
+	if [ -z $HOST_SERVER_NAME ]; then
+		# The vmware server is running locally.
+		vmrun revertToSnapshot "$VMX_PATH"
+		err_rtn=$?
+	else
+		vmrun -h $HOST_SERVER_NAME -P $HOST_SERVER_PORT \
+			-u $HOST_USERNAME -p $HOST_PASSWORD \
+			revertToSnapshot "$VMX_PATH"
+		err_rtn=$?
+	fi
+
+	if [ $err_rtn -eq 0 ]; then
+		echo "Snapshot restored."
+	else
+		echo "Error $err_rtn restoring snapshot!"
+	fi
+}
diff --git a/source4/selftest/win/wintest_net.sh b/source4/selftest/win/wintest_net.sh
new file mode 100755
index 0000000..4ade861
--- /dev/null
+++ b/source4/selftest/win/wintest_net.sh
@@ -0,0 +1,63 @@
+#!/bin/sh
+
+. selftest/test_functions.sh
+
+. selftest/win/wintest_functions.sh
+
+# This variable is defined in the per-hosts .fns file.
+. $WINTESTCONF
+
+if [ $# -lt 4 ]; then
+	cat <<EOF
+Usage: wintest_net.sh SERVER USERNAME PASSWORD DOMAIN
+EOF
+	exit 1
+fi
+
+server="$1"
+username="$2"
+password="$3"
+domain="$4"
+shift 4
+
+ncacn_np_tests="NET-API-LOOKUP NET-API-LOOKUPHOST NET-API-RPCCONN-BIND NET-API-RPCCONN-SRV NET-API-RPCCONN-DC NET-API-RPCCONN-DCINFO NET-API-LISTSHARES"
+#These tests fail on ncacn_np: NET-API-LOOKUPPDC NET-API-CREATEUSER NET-API-DELETEUSER
+
+ncalrpc_tests="NET-API-RPCCONN-SRV NET-API-RPCCONN-DC NET-API-RPCCONN-DCINFO NET-API-LISTSHARES"
+#These tests fail on ncalrpc: NET-API-CREATEUSER NET-API-DELETEUSER
+
+ncacn_ip_tcp_tests="NET-API-LOOKUP NET-API-LOOKUPHOST NET-API-RPCCONN-SRV NET-API-RPCCONN-DC NET-API-RPCCONN-DCINFO NET-API-LISTSHARES"
+#These tests fail on ncacn_ip_tcp: NET-API-LOOKUPPDC NET-API-CREATEUSER NET-API-DELETEUSER
+
+bind_options="seal,padcheck bigendian"
+
+test_type="ncalrpc ncacn_np ncacn_ip_tcp"
+
+all_errs=0
+
+on_error()
+{
+	errstr=$1
+
+	all_errs=$(expr $all_errs + 1)
+	restore_snapshot "$errstr" "$VM_CFG_PATH"
+}
+
+for o in $bind_options; do
+	for transport in $test_type; do
+		case $transport in
+		ncalrpc) net_test=$ncalrpc_tests ;;
+		ncacn_np) net_test=$ncacn_np_tests ;;
+		ncacn_ip_tcp) net_test=$ncacn_ip_tcp_tests ;;
+		esac
+
+		for t in $net_test; do
+			test_name="$t on $transport with $o"
+			$SMBTORTURE_BIN_PATH -U $username%$password \
+				-W $domain ${transport}:${server}[$o] \
+				$t || on_error "\n$test_name failed."
+		done
+	done
+done
+
+exit $all_errs
diff --git a/source4/selftest/win/wintest_raw.sh b/source4/selftest/win/wintest_raw.sh
new file mode 100755
index 0000000..d9c97f8
--- /dev/null
+++ b/source4/selftest/win/wintest_raw.sh
@@ -0,0 +1,69 @@
+#!/bin/sh
+
+. selftest/test_functions.sh
+
+. selftest/win/wintest_functions.sh
+
+# This variable is defined in the per-hosts .fns file.
+. $WINTESTCONF
+
+if [ $# -lt 4 ]; then
+	cat <<EOF
+Usage: wintest_raw.sh SERVER USERNAME PASSWORD DOMAIN
+EOF
+	exit 1
+fi
+
+server="$1"
+username="$2"
+password="$3"
+domain="$4"
+shift 4
+
+export SMBTORTURE_REMOTE_HOST=$server
+
+raw_tests="RAW-QFILEINFO RAW-SFILEINFO-BASE RAW-MKDIR RAW-SEEK RAW-OPEN RAW-WRITE RAW-UNLINK RAW-READ RAW-CLOSE RAW-IOCTL RAW-RENAME RAW-EAS RAW-STREAMS"
+# This test fails: RAW-QFSINFO
+
+all_errs=0
+err=0
+
+on_error()
+{
+	errstr=$1
+	all_errs=$(expr $all_errs + 1)
+
+	restore_snapshot "$errstr" "$VM_CFG_PATH"
+}
+
+for t in $raw_tests; do
+	test_name="$t / WINDOWS SERVER"
+	echo -e "\n$test_name SETUP PHASE"
+
+	setup_share_test
+
+	if [ $err_rtn -ne 0 ]; then
+		# If test setup fails, load VM snapshot and skip test.
+		on_error "\n$test_name setup failed, skipping test."
+	else
+		echo -e "\n$test_name setup completed successfully."
+
+		$SMBTORTURE_BIN_PATH -U $username%$password -W $domain \
+			//$server/$SMBTORTURE_REMOTE_SHARE_NAME \
+			$t || err=1
+		if [ $err -ne 0 ]; then
+			on_error "\n$test_name failed."
+		else
+			echo -e "\n$test_name CLEANUP PHASE"
+			remove_share_test
+			if [ $err_rtn -ne 0 ]; then
+				# If cleanup fails, restore VM snapshot.
+				on_error "\n$test_name removal failed."
+			else
+				echo -e "\n$test_name removal completed successfully."
+			fi
+		fi
+	fi
+done
+
+exit $all_errs
diff --git a/source4/selftest/win/wintest_remove.exp b/source4/selftest/win/wintest_remove.exp
new file mode 100644
index 0000000..36dc4a7
--- /dev/null
+++ b/source4/selftest/win/wintest_remove.exp
@@ -0,0 +1,71 @@
+# An expect script to remove a directory and share which was
+# previously setup for an smbtorture test.
+# Copyright Brad Henry <brad@samba.org> 2006
+# Released under the GNU GPL version 3 or later.
+
+proc remove_test { remote_prompt sharepath sharename hosts_file_path \
+			backup_hosts_filename } {
+
+	set err_str [delete_share $remote_prompt $sharename]
+	if { $err_str != "OK" } {
+		puts stderr "Error in function delete_share: $err_str."
+		puts stderr "Function remove_test will continue."
+	}
+
+	set err_str [delete_directory $remote_prompt $sharepath]
+	if { $err_str != "OK" } {
+		puts stderr "Error in function delete_directory: $err_str."
+		puts stderr "Function remove_test will continue."
+	}
+
+	# Overwrite the current hosts file with the backup we made during setup.
+	set err_str [delete_hosts_entry $remote_prompt $hosts_file_path \
+			$backup_hosts_filename]
+	if { $err_str != "OK" } {
+		puts stderr "Error in function delete_hosts_entry: $err_str."
+		puts stderr "Function remove_test will continue."
+	}
+	return $err_str
+}
+
+# read parameters
+set remote_host $env(SMBTORTURE_REMOTE_HOST)
+set remote_prompt $env(SMBTORTURE_REMOTE_PROMPT)
+
+set username $env(SMBTORTURE_USERNAME)
+set password $env(SMBTORTURE_PASSWORD)
+
+set timeout $env(SMBTORTURE_EXPECT_TIMEOUT)
+
+set sharepath $env(SMBTORTURE_REMOTE_SHARE_PATH)
+set sharename $env(SMBTORTURE_REMOTE_SHARE_NAME)
+
+set backup_hosts_filename $env(REMOTE_BACKUP_HOSTS_FILENAME)
+set hosts_file_path $env(REMOTE_HOSTS_FILE_PATH)
+
+set err_val [spawn $env(SHELL)]
+if {$err_val == 0} {
+	puts stderr "Expect failed while spawning a shell process."
+	exit $err_val
+}
+
+set err_str [telnet_login $remote_prompt $remote_host $username $password]
+if {$err_str != "OK"} {
+	puts stderr "\nFunction telnet_login failed during cleanup."
+	puts stderr "Error was: $err_str."
+	exit 1
+}
+
+set err_str [remove_test $remote_prompt $sharepath $sharename \
+		$hosts_file_path $backup_hosts_filename]
+if {$err_str != "OK"} {
+	puts stderr "\nFunction remove_test failed."
+	puts stderr "Error was: $err_str."
+	# Log off from the telnet server.
+	send "exit\r\n"
+	exit 1
+}
+
+# Log off from the telnet server.
+send "exit\r\n"
+exit 0
diff --git a/source4/selftest/win/wintest_rpc.sh b/source4/selftest/win/wintest_rpc.sh
new file mode 100755
index 0000000..8dd127c
--- /dev/null
+++ b/source4/selftest/win/wintest_rpc.sh
@@ -0,0 +1,67 @@
+#!/bin/sh
+
+. selftest/test_functions.sh
+
+. selftest/win/wintest_functions.sh
+
+# This variable is defined in the per-hosts .fns file.
+. $WINTESTCONF
+
+if [ $# -lt 4 ]; then
+	cat <<EOF
+Usage: wintest_rpc.sh SERVER USERNAME PASSWORD DOMAIN
+EOF
+	exit 1
+fi
+
+server="$1"
+username="$2"
+password="$3"
+domain="$4"
+shift 4
+
+ncacn_np_tests="RPC-SRVSVC RPC-UNIXINFO RPC-ECHO RPC-DSSETUP RPC-ALTERCONTEXT RPC-MULTIBIND"
+# These tests fail on ncacn_np: RPC-SPOOLSS RPC-SCHANNEL RPC-JOIN RPC-LSA
+# RPC-NETLOGON
+
+ncalrpc_tests="RPC-UNIXINFO RPC-ECHO"
+# These tests fail on ncalrpc: RPC-SCHANNEL RPC-JOIN RPC-LSA RPC-DSSETUP
+# RPC-ALTERCONTEXT RPC-MULTIBIND RPC-NETLOGON
+
+ncacn_ip_tcp_tests="RPC-UNIXINFO RPC-ECHO"
+# These tests fail on ncacn_ip_tcp: RPC-SCHANNEL RPC-JOIN RPC-LSA RPC-DSSETUP
+# RPC-ALTERCONTEXT RPC-MULTIBIND RPC-NETLOGON
+
+bind_options="seal,padcheck bigendian"
+
+test_type="ncalrpc ncacn_np ncacn_ip_tcp"
+
+all_errs=0
+
+on_error()
+{
+	errstr=$1
+	all_errs=$(expr $all_errs + 1)
+
+	restore_snapshot "$errstr" "$VM_CFG_PATH"
+}
+
+for o in $bind_options; do
+	for transport in $test_type; do
+		case $transport in
+		ncalrpc) rpc_test=$ncalrpc_tests ;;
+		ncacn_np) rpc_test=$ncacn_np_tests ;;
+		ncacn_ip_tcp) rpc_test=$ncacn_ip_tcp_tests ;;
+		esac
+
+		for t in $rpc_test; do
+			test_name="$t on $transport with $o"
+
+			$SMBTORTURE_BIN_PATH -U $username%$password \
+				-W $domain ${transport}:${server}[$o] \
+				$t || on_error "\n$test_name failed."
+		done
+	done
+done
+
+exit $all_errs
diff --git a/source4/selftest/win/wintest_setup.exp b/source4/selftest/win/wintest_setup.exp
new file mode 100644
index 0000000..c48ad14
--- /dev/null
+++ b/source4/selftest/win/wintest_setup.exp
@@ -0,0 +1,104 @@
+# An expect script to setup a directory and share for an smbtorture test.
+# Copyright Brad Henry <brad@samba.org> 2006
+# Released under the GNU GPL version 3 or later.
+
+proc setup_test { remote_prompt sharepath sharename username local_hostname \
+			local_ip hosts_file_path backup_hosts_filename } {
+
+	# If creating the directory fails, remove, then
+	# re-create the directory.
+	set err_str [create_directory $remote_prompt $sharepath]
+	if { $err_str != "OK" } {
+		if { $err_str != "Directory already exists" } {
+			puts stderr "\nUnexpected error occurred in setup_test.\n"
+			puts stderr "Function create_directory returned $err_str."
+		} else {
+			puts stdout "\nDirectory $sharepath exists."
+		}
+		puts stdout "Re-creating directory $sharepath."
+
+		set err_str [delete_directory $remote_prompt $sharepath]
+		if { $err_str != "OK" } {
+			return $err_str
+		}
+		set err_str [create_directory $remote_prompt $sharepath]
+		if { $err_str != "OK" } {
+			return $err_str
+		}
+	}
+
+	# If creating the share fails, remove, then
+	# re-create the share.
+	set err_str [create_share $remote_prompt $username $sharepath \
+			$sharename]
+	if { $err_str != "OK" } {
+		if { $err_str != "The name has already been shared" } {
+			puts stderr "\nUnexpected error occurred in setup_test."
+			puts stderr "Function create_share returned $err_str."
+		} else {
+			puts stdout "\nShare $sharename exists."
+		}
+		puts stdout "Re-creating share $sharename."
+
+		set err_str [delete_share $remote_prompt $sharename]
+		if { $err_str != "OK" } {
+			return $err_str
+		}
+		set err_str [create_share $remote_prompt $username $sharepath \
+			$sharename]
+		if { $err_str != "OK" } {
+			return $err_str
+		}
+	}
+
+	# Add a hosts file entry on the windows machine for the smbtorture host.
+	set err_str [create_hosts_entry $remote_prompt $hosts_file_path \
+			$local_hostname $local_ip $backup_hosts_filename]
+	return $err_str
+}
+
+# Read parameters.
+set remote_host $env(SMBTORTURE_REMOTE_HOST)
+set remote_prompt $env(SMBTORTURE_REMOTE_PROMPT)
+
+set username $env(SMBTORTURE_USERNAME)
+set password $env(SMBTORTURE_PASSWORD)
+
+set timeout $env(SMBTORTURE_EXPECT_TIMEOUT)
+
+set sharepath $env(SMBTORTURE_REMOTE_SHARE_PATH)
+set sharename $env(SMBTORTURE_REMOTE_SHARE_NAME)
+
+set local_hostname $env(SMBTORTURE_LOCAL_HOSTNAME)
+set local_ip $env(SMBTORTURE_LOCAL_IP)
+
+set backup_hosts_filename $env(REMOTE_BACKUP_HOSTS_FILENAME)
+set hosts_file_path $env(REMOTE_HOSTS_FILE_PATH)
+
+set err_val [spawn $env(SHELL)]
+if {$err_val == 0} {
+	puts stderr "Expect failed while spawning a shell process."
+	exit $err_val
+}
+
+set err_str [telnet_login $remote_prompt $remote_host $username $password]
+if {$err_str != "OK"} {
+	puts stderr "\nFunction telnet_login failed during setup."
+	puts stderr "Error was: $err_str."
+	exit 1
+}
+
+set err_str [setup_test $remote_prompt $sharepath $sharename $username \
+		$local_hostname $local_ip $hosts_file_path \
+		$backup_hosts_filename]
+if {$err_str != "OK"} {
+	puts stderr "\nFunction setup_test failed during setup."
+	puts stderr "Error was: $err_str."
+	# Log off from the telnet server.
+	send "exit\r\n"
+	exit 1
+}
+
+# Log off from the telnet server.
+send "exit\r\n"
+exit 0
diff --git a/source4/setup/ad-schema/AD_DS_Attributes_Windows_Server_v1903.ldf b/source4/setup/ad-schema/AD_DS_Attributes_Windows_Server_v1903.ldf
new file mode 100644
index 0000000..9855329
--- /dev/null
+++ b/source4/setup/ad-schema/AD_DS_Attributes_Windows_Server_v1903.ldf
@@ -0,0 +1,30936 @@
+# Intellectual Property Rights Notice for Open Specifications Documentation
+# - Technical Documentation. Microsoft publishes Open Specifications documentation (“this documentation”) for protocols, file formats, data portability, computer languages, and standards support. Additionally, overview documents cover inter-protocol relationships and interactions.
+# - Copyrights. This documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you can make copies of it in order to develop implementations of the technologies that are described in this documentation and can distribute portions of it in your implementations that use these technologies or in your documentation as necessary to properly document the implementation. You can also distribute in your implementation, with or without modification, any schemas, IDLs, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the Open Specifications documentation.
+# - No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation.
+# - Patents. Microsoft has patents that might cover your implementations of the technologies described in the Open Specifications documentation. Neither this notice nor Microsoft's delivery of this documentation grants any licenses under those patents or any other Microsoft patents. However, a given Open Specifications document might be covered by the Microsoft Open Specifications Promise (available here: https://docs.microsoft.com/en-us/openspecs/dev_center/ms-devcentlp/1c24c7c8-28b0-4ce1-a47d-95fe1ff504bc) or the Microsoft Community Promise (available here: https://docs.microsoft.com/en-us/openspecs/dev_center/ms-devcentlp/8b8d1b7a-a10a-4667-9558-6d9c43adf60d). If you would prefer a written license, or if the technologies described in this documentation are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting iplg@microsoft.com.
+# - License Programs. To see all of the protocols in scope under a specific license program and the associated patents, visit the Patent Map (available here: https://docs.microsoft.com/en-us/openspecs/dev_center/ms-devcentlp/13571077-e344-4e6f-a477-369894979798).
+# - Trademarks. The names of companies and products contained in this documentation might be covered by trademarks or similar intellectual property rights. This notice does not grant any licenses under those rights. For a list of Microsoft trademarks, visit https://www.microsoft.com/trademarks.
+# - Fictitious Names. The example companies, organizations, products, domain names, email addresses, logos, people, places, and events that are depicted in this documentation are fictitious. No association with any real company, organization, product, domain name, email address, logo, person, place, or event is intended or should be inferred.
+# Reservation of Rights. All other rights are reserved, and this notice does not grant any rights other than as specifically described above, whether by implication, estoppel, or otherwise.
+# Tools. The Open Specifications documentation does not require the use of Microsoft programming tools or programming environments in order for you to develop an implementation. If you have access to Microsoft programming tools and environments, you are free to take advantage of them. Certain Open Specifications documents are intended for use in conjunction with publicly available standards specifications and network programming art and, as such, assume that the reader either is familiar with the aforementioned material or has immediate access to it.
+# Support. For questions and support, please contact dochelp@microsoft.com.
+
+# The following attribute schema definitions were generated from the Windows Server v1903 version of Active Directory Domain Services (AD DS).
+
+dn: CN=Account-Expires,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Account-Expires
+attributeID: 1.2.840.113556.1.4.159
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Account-Expires
+adminDescription: Account-Expires
+oMSyntax: 65
+searchFlags: 16
+lDAPDisplayName: accountExpires
+schemaFlagsEx: 1
+schemaIDGUID:: FXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Account-Name-History,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Account-Name-History
+attributeID: 1.2.840.113556.1.4.1307
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Account-Name-History
+adminDescription: Account-Name-History
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: accountNameHistory
+schemaIDGUID:: 7FIZA3I70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Aggregate-Token-Rate-Per-User,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Aggregate-Token-Rate-Per-User
+attributeID: 1.2.840.113556.1.4.760
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Aggregate-Token-Rate-Per-User
+adminDescription: ACS-Aggregate-Token-Rate-Per-User
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSAggregateTokenRatePerUser
+schemaIDGUID:: fRJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Allocable-RSVP-Bandwidth,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Allocable-RSVP-Bandwidth
+attributeID: 1.2.840.113556.1.4.766
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Allocable-RSVP-Bandwidth
+adminDescription: ACS-Allocable-RSVP-Bandwidth
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSAllocableRSVPBandwidth
+schemaIDGUID:: gxJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Cache-Timeout,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Cache-Timeout
+attributeID: 1.2.840.113556.1.4.779
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Cache-Timeout
+adminDescription: ACS-Cache-Timeout
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSCacheTimeout
+schemaIDGUID:: oVWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Direction,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Direction
+attributeID: 1.2.840.113556.1.4.757
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Direction
+adminDescription: ACS-Direction
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSDirection
+schemaIDGUID:: ehJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-DSBM-DeadTime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-DSBM-DeadTime
+attributeID: 1.2.840.113556.1.4.778
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-DSBM-DeadTime
+adminDescription: ACS-DSBM-DeadTime
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSDSBMDeadTime
+schemaIDGUID:: oFWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-DSBM-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-DSBM-Priority
+attributeID: 1.2.840.113556.1.4.776
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-DSBM-Priority
+adminDescription: ACS-DSBM-Priority
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSDSBMPriority
+schemaIDGUID:: nlWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-DSBM-Refresh,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-DSBM-Refresh
+attributeID: 1.2.840.113556.1.4.777
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-DSBM-Refresh
+adminDescription: ACS-DSBM-Refresh
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSDSBMRefresh
+schemaIDGUID:: n1WzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Enable-ACS-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Enable-ACS-Service
+attributeID: 1.2.840.113556.1.4.770
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Enable-ACS-Service
+adminDescription: ACS-Enable-ACS-Service
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: aCSEnableACSService
+schemaIDGUID:: hxJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Enable-RSVP-Accounting,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Enable-RSVP-Accounting
+attributeID: 1.2.840.113556.1.4.899
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Enable-RSVP-Accounting
+adminDescription: ACS-Enable-RSVP-Accounting
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: aCSEnableRSVPAccounting
+schemaIDGUID:: DiNy8PWu0RG9zwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Enable-RSVP-Message-Logging,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Enable-RSVP-Message-Logging
+attributeID: 1.2.840.113556.1.4.768
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Enable-RSVP-Message-Logging
+adminDescription: ACS-Enable-RSVP-Message-Logging
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: aCSEnableRSVPMessageLogging
+schemaIDGUID:: hRJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Event-Log-Level,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Event-Log-Level
+attributeID: 1.2.840.113556.1.4.769
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Event-Log-Level
+adminDescription: ACS-Event-Log-Level
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSEventLogLevel
+schemaIDGUID:: hhJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Identity-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Identity-Name
+attributeID: 1.2.840.113556.1.4.784
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Identity-Name
+adminDescription: ACS-Identity-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aCSIdentityName
+schemaIDGUID:: timw2vfd0RGQpQDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Aggregate-Peak-Rate-Per-User,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Aggregate-Peak-Rate-Per-User
+attributeID: 1.2.840.113556.1.4.897
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Aggregate-Peak-Rate-Per-User
+adminDescription: ACS-Max-Aggregate-Peak-Rate-Per-User
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMaxAggregatePeakRatePerUser
+schemaIDGUID:: DCNy8PWu0RG9zwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Duration-Per-Flow,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Duration-Per-Flow
+attributeID: 1.2.840.113556.1.4.761
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Duration-Per-Flow
+adminDescription: ACS-Max-Duration-Per-Flow
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSMaxDurationPerFlow
+schemaIDGUID:: fhJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-No-Of-Account-Files,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-No-Of-Account-Files
+attributeID: 1.2.840.113556.1.4.901
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-No-Of-Account-Files
+adminDescription: ACS-Max-No-Of-Account-Files
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSMaxNoOfAccountFiles
+schemaIDGUID:: ECNy8PWu0RG9zwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-No-Of-Log-Files,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-No-Of-Log-Files
+attributeID: 1.2.840.113556.1.4.774
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-No-Of-Log-Files
+adminDescription: ACS-Max-No-Of-Log-Files
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSMaxNoOfLogFiles
+schemaIDGUID:: nFWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Peak-Bandwidth,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Peak-Bandwidth
+attributeID: 1.2.840.113556.1.4.767
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Peak-Bandwidth
+adminDescription: ACS-Max-Peak-Bandwidth
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMaxPeakBandwidth
+schemaIDGUID:: hBJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Peak-Bandwidth-Per-Flow,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Peak-Bandwidth-Per-Flow
+attributeID: 1.2.840.113556.1.4.759
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Peak-Bandwidth-Per-Flow
+adminDescription: ACS-Max-Peak-Bandwidth-Per-Flow
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMaxPeakBandwidthPerFlow
+schemaIDGUID:: fBJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Size-Of-RSVP-Account-File,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Size-Of-RSVP-Account-File
+attributeID: 1.2.840.113556.1.4.902
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Size-Of-RSVP-Account-File
+adminDescription: ACS-Max-Size-Of-RSVP-Account-File
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSMaxSizeOfRSVPAccountFile
+schemaIDGUID:: ESNy8PWu0RG9zwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Size-Of-RSVP-Log-File,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Size-Of-RSVP-Log-File
+attributeID: 1.2.840.113556.1.4.775
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Size-Of-RSVP-Log-File
+adminDescription: ACS-Max-Size-Of-RSVP-Log-File
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSMaxSizeOfRSVPLogFile
+schemaIDGUID:: nVWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Token-Bucket-Per-Flow,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Token-Bucket-Per-Flow
+attributeID: 1.2.840.113556.1.4.1313
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Token-Bucket-Per-Flow
+adminDescription: ACS-Max-Token-Bucket-Per-Flow
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMaxTokenBucketPerFlow
+schemaIDGUID:: 3+D2gZA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Token-Rate-Per-Flow,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Token-Rate-Per-Flow
+attributeID: 1.2.840.113556.1.4.758
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Token-Rate-Per-Flow
+adminDescription: ACS-Max-Token-Rate-Per-Flow
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMaxTokenRatePerFlow
+schemaIDGUID:: exJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Maximum-SDU-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Maximum-SDU-Size
+attributeID: 1.2.840.113556.1.4.1314
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Maximum-SDU-Size
+adminDescription: ACS-Maximum-SDU-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMaximumSDUSize
+schemaIDGUID:: +diih5A70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Minimum-Delay-Variation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Minimum-Delay-Variation
+attributeID: 1.2.840.113556.1.4.1317
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Minimum-Delay-Variation
+adminDescription: ACS-Minimum-Delay-Variation
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMinimumDelayVariation
+schemaIDGUID:: mzJlnJA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Minimum-Latency,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Minimum-Latency
+attributeID: 1.2.840.113556.1.4.1316
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Minimum-Latency
+adminDescription: ACS-Minimum-Latency
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMinimumLatency
+schemaIDGUID:: +/4XlZA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Minimum-Policed-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Minimum-Policed-Size
+attributeID: 1.2.840.113556.1.4.1315
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Minimum-Policed-Size
+adminDescription: ACS-Minimum-Policed-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMinimumPolicedSize
+schemaIDGUID:: lXEOjZA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Non-Reserved-Max-SDU-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Non-Reserved-Max-SDU-Size
+attributeID: 1.2.840.113556.1.4.1320
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Non-Reserved-Max-SDU-Size
+adminDescription: ACS-Non-Reserved-Max-SDU-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSNonReservedMaxSDUSize
+schemaIDGUID:: 48/CrpA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Non-Reserved-Min-Policed-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Non-Reserved-Min-Policed-Size
+attributeID: 1.2.840.113556.1.4.1321
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Non-Reserved-Min-Policed-Size
+adminDescription: ACS-Non-Reserved-Min-Policed-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSNonReservedMinPolicedSize
+schemaIDGUID:: FzmHtpA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Non-Reserved-Peak-Rate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Non-Reserved-Peak-Rate
+attributeID: 1.2.840.113556.1.4.1318
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Non-Reserved-Peak-Rate
+adminDescription: ACS-Non-Reserved-Peak-Rate
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSNonReservedPeakRate
+schemaIDGUID:: P6cxo5A70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Non-Reserved-Token-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Non-Reserved-Token-Size
+attributeID: 1.2.840.113556.1.4.1319
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Non-Reserved-Token-Size
+adminDescription: ACS-Non-Reserved-Token-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSNonReservedTokenSize
+schemaIDGUID:: ydcWqZA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Non-Reserved-Tx-Limit,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Non-Reserved-Tx-Limit
+attributeID: 1.2.840.113556.1.4.780
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Non-Reserved-Tx-Limit
+adminDescription: ACS-Non-Reserved-Tx-Limit
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSNonReservedTxLimit
+schemaIDGUID:: olWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Non-Reserved-Tx-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Non-Reserved-Tx-Size
+attributeID: 1.2.840.113556.1.4.898
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Non-Reserved-Tx-Size
+adminDescription: ACS-Non-Reserved-Tx-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSNonReservedTxSize
+schemaIDGUID:: DSNy8PWu0RG9zwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Permission-Bits,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Permission-Bits
+attributeID: 1.2.840.113556.1.4.765
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Permission-Bits
+adminDescription: ACS-Permission-Bits
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSPermissionBits
+schemaIDGUID:: ghJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Policy-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Policy-Name
+attributeID: 1.2.840.113556.1.4.772
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Policy-Name
+adminDescription: ACS-Policy-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aCSPolicyName
+schemaIDGUID:: mlWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Priority
+attributeID: 1.2.840.113556.1.4.764
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Priority
+adminDescription: ACS-Priority
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSPriority
+schemaIDGUID:: gRJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-RSVP-Account-Files-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-RSVP-Account-Files-Location
+attributeID: 1.2.840.113556.1.4.900
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-RSVP-Account-Files-Location
+adminDescription: ACS-RSVP-Account-Files-Location
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aCSRSVPAccountFilesLocation
+schemaIDGUID:: DyNy8PWu0RG9zwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-RSVP-Log-Files-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-RSVP-Log-Files-Location
+attributeID: 1.2.840.113556.1.4.773
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-RSVP-Log-Files-Location
+adminDescription: ACS-RSVP-Log-Files-Location
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aCSRSVPLogFilesLocation
+schemaIDGUID:: m1WzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Server-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Server-List
+attributeID: 1.2.840.113556.1.4.1312
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Server-List
+adminDescription: ACS-Server-List
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aCSServerList
+schemaIDGUID:: pVm9fJA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Service-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Service-Type
+attributeID: 1.2.840.113556.1.4.762
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Service-Type
+adminDescription: ACS-Service-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSServiceType
+schemaIDGUID:: fxJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Time-Of-Day,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Time-Of-Day
+attributeID: 1.2.840.113556.1.4.756
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Time-Of-Day
+adminDescription: ACS-Time-Of-Day
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aCSTimeOfDay
+schemaIDGUID:: eRJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Total-No-Of-Flows,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Total-No-Of-Flows
+attributeID: 1.2.840.113556.1.4.763
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Total-No-Of-Flows
+adminDescription: ACS-Total-No-Of-Flows
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSTotalNoOfFlows
+schemaIDGUID:: gBJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Additional-Information,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Additional-Information
+attributeID: 1.2.840.113556.1.4.265
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 32768
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Additional-Information
+adminDescription: Additional-Information
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: notes
+schemaIDGUID:: QfsFbWsk0BGpyACqAGwz7Q==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Additional-Trusted-Service-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Additional-Trusted-Service-Names
+attributeID: 1.2.840.113556.1.4.889
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Additional-Trusted-Service-Names
+adminDescription: Additional-Trusted-Service-Names
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: additionalTrustedServiceNames
+schemaIDGUID:: vmAhAySY0RGuwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address
+attributeID: 1.2.840.113556.1.2.256
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+mAPIID: 14889
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address
+adminDescription: Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: streetAddress
+schemaFlagsEx: 1
+schemaIDGUID:: hP/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Book-Roots,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Book-Roots
+attributeID: 1.2.840.113556.1.4.1244
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Book-Roots
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Address-Book-Roots
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: addressBookRoots
+schemaFlagsEx: 1
+schemaIDGUID:: SG4L9/QG0hGqUwDAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Book-Roots2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Book-Roots2
+attributeID: 1.2.840.113556.1.4.2046
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2122
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Book-Roots2
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Used by Exchange. Exchange configures trees of address book containers to show
+  up in the MAPI address book. This attribute on the Exchange Config object lis
+ ts the roots of the address book container trees.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: addressBookRoots2
+schemaFlagsEx: 1
+schemaIDGUID:: dKOMUBGlTk6fT4VvYaa35A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Entry-Display-Table,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Entry-Display-Table
+attributeID: 1.2.840.113556.1.2.324
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 32791
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Entry-Display-Table
+adminDescription: Address-Entry-Display-Table
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: addressEntryDisplayTable
+schemaFlagsEx: 1
+schemaIDGUID:: YSTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Entry-Display-Table-MSDOS,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Entry-Display-Table-MSDOS
+attributeID: 1.2.840.113556.1.2.400
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 32839
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Entry-Display-Table-MSDOS
+adminDescription: Address-Entry-Display-Table-MSDOS
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: addressEntryDisplayTableMSDOS
+schemaFlagsEx: 1
+schemaIDGUID:: YiTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Home,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Home
+attributeID: 1.2.840.113556.1.2.617
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 4096
+mAPIID: 14941
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Home
+adminDescription: Address-Home
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: homePostalAddress
+schemaIDGUID:: gVd3FvNH0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Syntax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Syntax
+attributeID: 1.2.840.113556.1.2.255
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 4096
+mAPIID: 32792
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Syntax
+adminDescription: Address-Syntax
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: addressSyntax
+schemaFlagsEx: 1
+schemaIDGUID:: YyTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Type
+attributeID: 1.2.840.113556.1.2.350
+attributeSyntax: 2.5.5.4
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32
+mAPIID: 32840
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Type
+adminDescription: Address-Type
+oMSyntax: 20
+searchFlags: 0
+lDAPDisplayName: addressType
+schemaFlagsEx: 1
+schemaIDGUID:: ZCTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Admin-Context-Menu,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Admin-Context-Menu
+attributeID: 1.2.840.113556.1.4.614
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Admin-Context-Menu
+adminDescription: Admin-Context-Menu
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: adminContextMenu
+schemaIDGUID:: ONA/VS7z0BGwvADAT9jcpg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Admin-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Admin-Count
+attributeID: 1.2.840.113556.1.4.150
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Admin-Count
+adminDescription: Admin-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: adminCount
+schemaFlagsEx: 1
+schemaIDGUID:: GHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Admin-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Admin-Description
+attributeID: 1.2.840.113556.1.2.226
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 1024
+mAPIID: 32842
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Admin-Description
+adminDescription: Admin-Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: adminDescription
+schemaIDGUID:: GXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Admin-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Admin-Display-Name
+attributeID: 1.2.840.113556.1.2.194
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+mAPIID: 32843
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Admin-Display-Name
+adminDescription: Admin-Display-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: adminDisplayName
+schemaFlagsEx: 1
+schemaIDGUID:: GnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Admin-Multiselect-Property-Pages,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Admin-Multiselect-Property-Pages
+attributeID: 1.2.840.113556.1.4.1690
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Admin-Multiselect-Property-Pages
+adminDescription: Admin-Multiselect-Property-Pages
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: adminMultiselectPropertyPages
+schemaIDGUID:: fbb5GMZaO0uX29CkBq+3ug==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Admin-Property-Pages,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Admin-Property-Pages
+attributeID: 1.2.840.113556.1.4.562
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Admin-Property-Pages
+adminDescription: Admin-Property-Pages
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: adminPropertyPages
+schemaIDGUID:: OIBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Allowed-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Allowed-Attributes
+attributeID: 1.2.840.113556.1.4.913
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Allowed-Attributes
+adminDescription: Allowed-Attributes
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: allowedAttributes
+schemaFlagsEx: 1
+schemaIDGUID:: QNl6mlPK0RG70ACAx2ZwwA==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Allowed-Attributes-Effective,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Allowed-Attributes-Effective
+attributeID: 1.2.840.113556.1.4.914
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Allowed-Attributes-Effective
+adminDescription: Allowed-Attributes-Effective
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: allowedAttributesEffective
+schemaFlagsEx: 1
+schemaIDGUID:: Qdl6mlPK0RG70ACAx2ZwwA==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Allowed-Child-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Allowed-Child-Classes
+attributeID: 1.2.840.113556.1.4.911
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Allowed-Child-Classes
+adminDescription: Allowed-Child-Classes
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: allowedChildClasses
+schemaFlagsEx: 1
+schemaIDGUID:: Qtl6mlPK0RG70ACAx2ZwwA==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Allowed-Child-Classes-Effective,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Allowed-Child-Classes-Effective
+attributeID: 1.2.840.113556.1.4.912
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Allowed-Child-Classes-Effective
+adminDescription: Allowed-Child-Classes-Effective
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: allowedChildClassesEffective
+schemaFlagsEx: 1
+schemaIDGUID:: Q9l6mlPK0RG70ACAx2ZwwA==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Alt-Security-Identities,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Alt-Security-Identities
+attributeID: 1.2.840.113556.1.4.867
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Alt-Security-Identities
+adminDescription: Alt-Security-Identities
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: altSecurityIdentities
+schemaFlagsEx: 1
+schemaIDGUID:: DPP7AP6R0RGuvAAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ANR,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ANR
+attributeID: 1.2.840.113556.1.4.1208
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ANR
+adminDescription: ANR
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aNR
+schemaFlagsEx: 1
+schemaIDGUID:: ABWwRRnE0RG7yQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=App-Schema-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: App-Schema-Version
+attributeID: 1.2.840.113556.1.4.848
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: App-Schema-Version
+adminDescription: App-Schema-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: appSchemaVersion
+schemaIDGUID:: Zd2nlhiR0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Application-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Application-Name
+attributeID: 1.2.840.113556.1.4.218
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Application-Name
+adminDescription: Application-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: applicationName
+schemaIDGUID:: JiJx3eQQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Applies-To,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Applies-To
+attributeID: 1.2.840.113556.1.4.341
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Applies-To
+adminDescription: Applies-To
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: appliesTo
+schemaIDGUID:: HZOXgtOG0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Asset-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Asset-Number
+attributeID: 1.2.840.113556.1.4.283
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Asset-Number
+adminDescription: Asset-Number
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: assetNumber
+schemaIDGUID:: dV8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Assistant,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Assistant
+attributeID: 1.2.840.113556.1.4.652
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Assistant
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Assistant
+oMSyntax: 127
+searchFlags: 16
+lDAPDisplayName: assistant
+schemaIDGUID:: HMGWAtpA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Assoc-NT-Account,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Assoc-NT-Account
+attributeID: 1.2.840.113556.1.4.1213
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Assoc-NT-Account
+adminDescription: Assoc-NT-Account
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: assocNTAccount
+schemaIDGUID:: wGOPOWDK0RG70QAA+B8QwA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=associatedDomain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: associatedDomain
+attributeID: 0.9.2342.19200300.100.1.37
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: associatedDomain
+adminDescription: 
+ The associatedDomain attribute type specifies a DNS domain which is associated
+  with an object.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: associatedDomain
+schemaIDGUID:: OPwgM3nDF0ylEBvfYTPF2g==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=associatedName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: associatedName
+attributeID: 0.9.2342.19200300.100.1.38
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: associatedName
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ The associatedName attribute type specifies an entry in the organizational DIT
+  associated with a DNS domain.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: associatedName
+schemaIDGUID:: Rfz796uFpEKkNXgOYveFiw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Attribute-Display-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Attribute-Display-Names
+attributeID: 1.2.840.113556.1.4.748
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Attribute-Display-Names
+adminDescription: Attribute-Display-Names
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: attributeDisplayNames
+schemaIDGUID:: gD+Ey9lI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Attribute-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Attribute-ID
+attributeID: 1.2.840.113556.1.2.30
+attributeSyntax: 2.5.5.2
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Attribute-ID
+adminDescription: Attribute-ID
+oMSyntax: 6
+searchFlags: 8
+lDAPDisplayName: attributeID
+schemaFlagsEx: 1
+schemaIDGUID:: InmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Attribute-Security-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Attribute-Security-GUID
+attributeID: 1.2.840.113556.1.4.149
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Attribute-Security-GUID
+adminDescription: Attribute-Security-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: attributeSecurityGUID
+schemaFlagsEx: 1
+schemaIDGUID:: JHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Attribute-Syntax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Attribute-Syntax
+attributeID: 1.2.840.113556.1.2.32
+attributeSyntax: 2.5.5.2
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Attribute-Syntax
+adminDescription: Attribute-Syntax
+oMSyntax: 6
+searchFlags: 8
+lDAPDisplayName: attributeSyntax
+schemaFlagsEx: 1
+schemaIDGUID:: JXmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Attribute-Types,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Attribute-Types
+attributeID: 2.5.21.5
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Attribute-Types
+adminDescription: Attribute-Types
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: attributeTypes
+schemaFlagsEx: 1
+schemaIDGUID:: RNl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=attributeCertificateAttribute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: attributeCertificateAttribute
+attributeID: 2.5.4.58
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: attributeCertificateAttribute
+adminDescription: 
+ A digitally signed or certified identity and set of attributes. Used to bind a
+ uthorization information to an identity. X.509
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: attributeCertificateAttribute
+schemaIDGUID:: u5NG+sJ7uUyBqMmcQ7eQXg==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=audio,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: audio
+attributeID: 0.9.2342.19200300.100.1.55
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 250000
+showInAdvancedViewOnly: FALSE
+adminDisplayName: audio
+adminDescription: 
+ The Audio attribute type allows the storing of sounds in the Directory.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: audio
+schemaIDGUID:: JNLh0KDhzkKi2nk7pSRPNQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Auditing-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Auditing-Policy
+attributeID: 1.2.840.113556.1.4.202
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Auditing-Policy
+adminDescription: Auditing-Policy
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: auditingPolicy
+schemaFlagsEx: 1
+schemaIDGUID:: /qSobVIO0BGihgCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Authentication-Options,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Authentication-Options
+attributeID: 1.2.840.113556.1.4.11
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication-Options
+adminDescription: Authentication-Options
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: authenticationOptions
+schemaFlagsEx: 1
+schemaIDGUID:: KHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Authority-Revocation-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Authority-Revocation-List
+attributeID: 2.5.4.38
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 10485760
+mAPIID: 32806
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authority-Revocation-List
+adminDescription: Authority-Revocation-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: authorityRevocationList
+schemaIDGUID:: jVd3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Auxiliary-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Auxiliary-Class
+attributeID: 1.2.840.113556.1.2.351
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Auxiliary-Class
+adminDescription: Auxiliary-Class
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: auxiliaryClass
+schemaFlagsEx: 1
+schemaIDGUID:: LHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Bad-Password-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Bad-Password-Time
+attributeID: 1.2.840.113556.1.4.49
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Bad-Password-Time
+adminDescription: Bad-Password-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: badPasswordTime
+schemaFlagsEx: 1
+schemaIDGUID:: LXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Bad-Pwd-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Bad-Pwd-Count
+attributeID: 1.2.840.113556.1.4.12
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Bad-Pwd-Count
+adminDescription: Bad-Pwd-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: badPwdCount
+schemaFlagsEx: 1
+schemaIDGUID:: LnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Birth-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Birth-Location
+attributeID: 1.2.840.113556.1.4.332
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 32
+rangeUpper: 32
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Birth-Location
+adminDescription: Birth-Location
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: birthLocation
+schemaIDGUID:: +XUAH0B+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=BootFile,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: BootFile
+attributeID: 1.3.6.1.1.1.1.24
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 10240
+showInAdvancedViewOnly: TRUE
+adminDisplayName: bootFile
+adminDescription: Boot image name
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: bootFile
+schemaIDGUID:: Tsvz4yAP60KXA9L/JuUmZw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=BootParameter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: BootParameter
+attributeID: 1.3.6.1.1.1.1.23
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 10240
+showInAdvancedViewOnly: TRUE
+adminDisplayName: bootParameter
+adminDescription: rpc.bootparamd parameter
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: bootParameter
+schemaIDGUID:: UAcq13yMbkGHFOZfEekIvg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Bridgehead-Server-List-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Bridgehead-Server-List-BL
+attributeID: 1.2.840.113556.1.4.820
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 99
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Bridgehead-Server-List-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Bridgehead-Server-List-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: bridgeheadServerListBL
+schemaFlagsEx: 1
+schemaIDGUID:: 2ywM1VGJ0RGuvAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Bridgehead-Transport-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Bridgehead-Transport-List
+attributeID: 1.2.840.113556.1.4.819
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 98
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Bridgehead-Transport-List
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Bridgehead-Transport-List
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: bridgeheadTransportList
+schemaIDGUID:: 2iwM1VGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=buildingName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: buildingName
+attributeID: 0.9.2342.19200300.100.1.48
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: buildingName
+adminDescription: 
+ The buildingName attribute type specifies the name of the building where an or
+ ganization or organizational unit is based.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: buildingName
+schemaIDGUID:: S6V/+MWy10+IwNrMsh2TxQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Builtin-Creation-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Builtin-Creation-Time
+attributeID: 1.2.840.113556.1.4.13
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Builtin-Creation-Time
+adminDescription: Builtin-Creation-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: builtinCreationTime
+schemaIDGUID:: L3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Builtin-Modified-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Builtin-Modified-Count
+attributeID: 1.2.840.113556.1.4.14
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Builtin-Modified-Count
+adminDescription: Builtin-Modified-Count
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: builtinModifiedCount
+schemaIDGUID:: MHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Business-Category,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Business-Category
+attributeID: 2.5.4.15
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 32855
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Business-Category
+adminDescription: Business-Category
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: businessCategory
+schemaIDGUID:: MXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Bytes-Per-Minute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Bytes-Per-Minute
+attributeID: 1.2.840.113556.1.4.284
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Bytes-Per-Minute
+adminDescription: Bytes-Per-Minute
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: bytesPerMinute
+schemaIDGUID:: dl8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CA-Certificate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CA-Certificate
+attributeID: 2.5.4.37
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 32771
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CA-Certificate
+adminDescription: CA-Certificate
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: cACertificate
+schemaIDGUID:: MnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CA-Certificate-DN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CA-Certificate-DN
+attributeID: 1.2.840.113556.1.4.697
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CA-Certificate-DN
+adminDescription: CA-Certificate-DN
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cACertificateDN
+schemaIDGUID:: QCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CA-Connect,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CA-Connect
+attributeID: 1.2.840.113556.1.4.687
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CA-Connect
+adminDescription: CA-Connect
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cAConnect
+schemaIDGUID:: NSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CA-Usages,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CA-Usages
+attributeID: 1.2.840.113556.1.4.690
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CA-Usages
+adminDescription: CA-Usages
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cAUsages
+schemaIDGUID:: OCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CA-WEB-URL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CA-WEB-URL
+attributeID: 1.2.840.113556.1.4.688
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CA-WEB-URL
+adminDescription: CA-WEB-URL
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cAWEBURL
+schemaIDGUID:: Nic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Can-Upgrade-Script,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Can-Upgrade-Script
+attributeID: 1.2.840.113556.1.4.815
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Can-Upgrade-Script
+adminDescription: Can-Upgrade-Script
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: canUpgradeScript
+schemaIDGUID:: FIPh2TmJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Canonical-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Canonical-Name
+attributeID: 1.2.840.113556.1.4.916
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Canonical-Name
+adminDescription: Canonical-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: canonicalName
+schemaFlagsEx: 1
+schemaIDGUID:: Rdl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=carLicense,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: carLicense
+attributeID: 2.16.840.1.113730.3.1.1
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: carLicense
+adminDescription: Vehicle license or registration plate.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: carLicense
+schemaIDGUID:: kpwV1H2Vh0qKZ40pNOAWSQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Catalogs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Catalogs
+attributeID: 1.2.840.113556.1.4.675
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Catalogs
+adminDescription: Catalogs
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: catalogs
+schemaIDGUID:: gcv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Categories,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Categories
+attributeID: 1.2.840.113556.1.4.672
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Categories
+adminDescription: Categories
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: categories
+schemaIDGUID:: fsv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Category-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Category-Id
+attributeID: 1.2.840.113556.1.4.322
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Category-Id
+adminDescription: Category-Id
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: categoryId
+schemaIDGUID:: lA5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Certificate-Authority-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Certificate-Authority-Object
+attributeID: 1.2.840.113556.1.4.684
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Certificate-Authority-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Certificate-Authority-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: certificateAuthorityObject
+schemaIDGUID:: Mic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Certificate-Revocation-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Certificate-Revocation-List
+attributeID: 2.5.4.39
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 10485760
+mAPIID: 32790
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Certificate-Revocation-List
+adminDescription: Certificate-Revocation-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: certificateRevocationList
+schemaIDGUID:: n1d3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Certificate-Templates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Certificate-Templates
+attributeID: 1.2.840.113556.1.4.823
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Certificate-Templates
+adminDescription: Certificate-Templates
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: certificateTemplates
+schemaIDGUID:: scU5KmCJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Class-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Class-Display-Name
+attributeID: 1.2.840.113556.1.4.610
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Class-Display-Name
+adminDescription: Class-Display-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: classDisplayName
+schemaIDGUID:: IhyOVKbe0BGwEAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Code-Page,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Code-Page
+attributeID: 1.2.840.113556.1.4.16
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Code-Page
+adminDescription: Code-Page
+oMSyntax: 2
+searchFlags: 16
+lDAPDisplayName: codePage
+schemaFlagsEx: 1
+schemaIDGUID:: OHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-ClassID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-ClassID
+attributeID: 1.2.840.113556.1.4.19
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-ClassID
+adminDescription: COM-ClassID
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: cOMClassID
+schemaIDGUID:: O3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-CLSID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-CLSID
+attributeID: 1.2.840.113556.1.4.249
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-CLSID
+adminDescription: COM-CLSID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMCLSID
+schemaIDGUID:: 2RYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-InterfaceID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-InterfaceID
+attributeID: 1.2.840.113556.1.4.20
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-InterfaceID
+adminDescription: COM-InterfaceID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMInterfaceID
+schemaIDGUID:: PHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-Other-Prog-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-Other-Prog-Id
+attributeID: 1.2.840.113556.1.4.253
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-Other-Prog-Id
+adminDescription: COM-Other-Prog-Id
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMOtherProgId
+schemaIDGUID:: 3RYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-ProgID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-ProgID
+attributeID: 1.2.840.113556.1.4.21
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-ProgID
+adminDescription: COM-ProgID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMProgID
+schemaIDGUID:: PXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-Treat-As-Class-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-Treat-As-Class-Id
+attributeID: 1.2.840.113556.1.4.251
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-Treat-As-Class-Id
+adminDescription: COM-Treat-As-Class-Id
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMTreatAsClassId
+schemaIDGUID:: 2xYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-Typelib-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-Typelib-Id
+attributeID: 1.2.840.113556.1.4.254
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-Typelib-Id
+adminDescription: COM-Typelib-Id
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMTypelibId
+schemaIDGUID:: 3hYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-Unique-LIBID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-Unique-LIBID
+attributeID: 1.2.840.113556.1.4.250
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-Unique-LIBID
+adminDescription: COM-Unique-LIBID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMUniqueLIBID
+schemaIDGUID:: 2hYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Comment,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Comment
+attributeID: 1.2.840.113556.1.2.81
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+mAPIID: 12292
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Comment
+adminDescription: Comment
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: info
+schemaIDGUID:: PnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Common-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Common-Name
+attributeID: 2.5.4.3
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14863
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Common-Name
+adminDescription: Common-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: cn
+schemaFlagsEx: 1
+schemaIDGUID:: P3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Company,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Company
+attributeID: 1.2.840.113556.1.2.146
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14870
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Company
+adminDescription: Company
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: company
+schemaIDGUID:: iP/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Content-Indexing-Allowed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Content-Indexing-Allowed
+attributeID: 1.2.840.113556.1.4.24
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Content-Indexing-Allowed
+adminDescription: Content-Indexing-Allowed
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: contentIndexingAllowed
+schemaIDGUID:: Q3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Context-Menu,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Context-Menu
+attributeID: 1.2.840.113556.1.4.499
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Context-Menu
+adminDescription: Context-Menu
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: contextMenu
+schemaIDGUID:: 7gGGTYWs0BGv4wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Control-Access-Rights,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Control-Access-Rights
+attributeID: 1.2.840.113556.1.4.200
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Control-Access-Rights
+adminDescription: Control-Access-Rights
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: controlAccessRights
+schemaIDGUID:: /KSobVIO0BGihgCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Cost,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Cost
+attributeID: 1.2.840.113556.1.2.135
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 32872
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Cost
+adminDescription: Cost
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: cost
+schemaFlagsEx: 1
+schemaIDGUID:: RHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Country-Code,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Country-Code
+attributeID: 1.2.840.113556.1.4.25
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Country-Code
+adminDescription: Country-Code
+oMSyntax: 2
+searchFlags: 16
+lDAPDisplayName: countryCode
+schemaFlagsEx: 1
+schemaIDGUID:: cSTUX2IS0BGgYACqAGwz7Q==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Country-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Country-Name
+attributeID: 2.5.4.6
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 3
+mAPIID: 32873
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Country-Name
+adminDescription: Country-Name
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: c
+schemaFlagsEx: 1
+schemaIDGUID:: RXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Create-Dialog,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Create-Dialog
+attributeID: 1.2.840.113556.1.4.810
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Create-Dialog
+adminDescription: Create-Dialog
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: createDialog
+schemaIDGUID:: ipUJKzGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Create-Time-Stamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Create-Time-Stamp
+attributeID: 2.5.18.1
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Create-Time-Stamp
+adminDescription: Create-Time-Stamp
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: createTimeStamp
+schemaFlagsEx: 1
+schemaIDGUID:: cw35LZ8A0hGqTADAT9fYOg==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Create-Wizard-Ext,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Create-Wizard-Ext
+attributeID: 1.2.840.113556.1.4.812
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Create-Wizard-Ext
+adminDescription: Create-Wizard-Ext
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: createWizardExt
+schemaIDGUID:: i5UJKzGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Creation-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Creation-Time
+attributeID: 1.2.840.113556.1.4.26
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Creation-Time
+adminDescription: Creation-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: creationTime
+schemaFlagsEx: 1
+schemaIDGUID:: RnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Creation-Wizard,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Creation-Wizard
+attributeID: 1.2.840.113556.1.4.498
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Creation-Wizard
+adminDescription: Creation-Wizard
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: creationWizard
+schemaIDGUID:: 7QGGTYWs0BGv4wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Creator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Creator
+attributeID: 1.2.840.113556.1.4.679
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Creator
+adminDescription: Creator
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: creator
+schemaIDGUID:: hcv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CRL-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CRL-Object
+attributeID: 1.2.840.113556.1.4.689
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CRL-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: CRL-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: cRLObject
+schemaIDGUID:: Nyc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CRL-Partitioned-Revocation-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CRL-Partitioned-Revocation-List
+attributeID: 1.2.840.113556.1.4.683
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 10485760
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CRL-Partitioned-Revocation-List
+adminDescription: CRL-Partitioned-Revocation-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: cRLPartitionedRevocationList
+schemaIDGUID:: MSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Cross-Certificate-Pair,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Cross-Certificate-Pair
+attributeID: 2.5.4.40
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 32768
+mAPIID: 32805
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Cross-Certificate-Pair
+adminDescription: Cross-Certificate-Pair
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: crossCertificatePair
+schemaIDGUID:: sld3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Curr-Machine-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Curr-Machine-Id
+attributeID: 1.2.840.113556.1.4.337
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Curr-Machine-Id
+adminDescription: Curr-Machine-Id
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: currMachineId
+schemaIDGUID:: /nUAH0B+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Current-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Current-Location
+attributeID: 1.2.840.113556.1.4.335
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 32
+rangeUpper: 32
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Current-Location
+adminDescription: Current-Location
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: currentLocation
+schemaIDGUID:: /HUAH0B+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Current-Parent-CA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Current-Parent-CA
+attributeID: 1.2.840.113556.1.4.696
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Current-Parent-CA
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Current-Parent-CA
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: currentParentCA
+schemaIDGUID:: Pyc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Current-Value,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Current-Value
+attributeID: 1.2.840.113556.1.4.27
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Current-Value
+adminDescription: Current-Value
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: currentValue
+schemaFlagsEx: 1
+schemaIDGUID:: R3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DBCS-Pwd,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DBCS-Pwd
+attributeID: 1.2.840.113556.1.4.55
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DBCS-Pwd
+adminDescription: DBCS-Pwd
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dBCSPwd
+schemaFlagsEx: 1
+schemaIDGUID:: nHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Class-Store,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Class-Store
+attributeID: 1.2.840.113556.1.4.213
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Class-Store
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Default-Class-Store
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: defaultClassStore
+schemaIDGUID:: SHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Group
+attributeID: 1.2.840.113556.1.4.480
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Group
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Default-Group
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: defaultGroup
+schemaIDGUID:: 4sQLckql0BGv3wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Hiding-Value,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Hiding-Value
+attributeID: 1.2.840.113556.1.4.518
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Hiding-Value
+adminDescription: Default-Hiding-Value
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: defaultHidingValue
+schemaFlagsEx: 1
+schemaIDGUID:: FjGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Local-Policy-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Local-Policy-Object
+attributeID: 1.2.840.113556.1.4.57
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Local-Policy-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Default-Local-Policy-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: defaultLocalPolicyObject
+schemaIDGUID:: n3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Object-Category,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Object-Category
+attributeID: 1.2.840.113556.1.4.783
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Object-Category
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Default-Object-Category
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: defaultObjectCategory
+schemaFlagsEx: 1
+schemaIDGUID:: Z3PZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Priority
+attributeID: 1.2.840.113556.1.4.232
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Priority
+adminDescription: Default-Priority
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: defaultPriority
+schemaIDGUID:: yBYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Security-Descriptor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Security-Descriptor
+attributeID: 1.2.840.113556.1.4.224
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Security-Descriptor
+adminDescription: Default-Security-Descriptor
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: defaultSecurityDescriptor
+schemaFlagsEx: 1
+schemaIDGUID:: MG16gGkW0BGgZACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Delta-Revocation-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Delta-Revocation-List
+attributeID: 2.5.4.53
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 10485760
+mAPIID: 35910
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Delta-Revocation-List
+adminDescription: Delta-Revocation-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: deltaRevocationList
+schemaIDGUID:: tVd3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Department,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Department
+attributeID: 1.2.840.113556.1.2.141
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14872
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Department
+adminDescription: Department
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: department
+schemaIDGUID:: T3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=departmentNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: departmentNumber
+attributeID: 2.16.840.1.113730.3.1.2
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: departmentNumber
+adminDescription: Identifies a department within an organization.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: departmentNumber
+schemaIDGUID:: 7vaevsfLIk+ye5aWfn7lhQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Description
+attributeID: 2.5.4.13
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 1024
+mAPIID: 32879
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Description
+adminDescription: Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: description
+schemaFlagsEx: 1
+schemaIDGUID:: UHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Desktop-Profile,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Desktop-Profile
+attributeID: 1.2.840.113556.1.4.346
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Desktop-Profile
+adminDescription: Desktop-Profile
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: desktopProfile
+schemaIDGUID:: Blmm7saK0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Destination-Indicator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Destination-Indicator
+attributeID: 2.5.4.27
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 32880
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Destination-Indicator
+adminDescription: Destination-Indicator
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: destinationIndicator
+schemaIDGUID:: UXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Classes
+attributeID: 1.2.840.113556.1.4.715
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Classes
+adminDescription: dhcp-Classes
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dhcpClasses
+schemaIDGUID:: UCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Flags
+attributeID: 1.2.840.113556.1.4.700
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Flags
+adminDescription: dhcp-Flags
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: dhcpFlags
+schemaIDGUID:: QSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Identification,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Identification
+attributeID: 1.2.840.113556.1.4.701
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Identification
+adminDescription: dhcp-Identification
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dhcpIdentification
+schemaIDGUID:: Qic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Mask,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Mask
+attributeID: 1.2.840.113556.1.4.706
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Mask
+adminDescription: dhcp-Mask
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: dhcpMask
+schemaIDGUID:: Ryc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-MaxKey,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-MaxKey
+attributeID: 1.2.840.113556.1.4.719
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-MaxKey
+adminDescription: dhcp-MaxKey
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: dhcpMaxKey
+schemaIDGUID:: VCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Obj-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Obj-Description
+attributeID: 1.2.840.113556.1.4.703
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Obj-Description
+adminDescription: dhcp-Obj-Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dhcpObjDescription
+schemaIDGUID:: RCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Obj-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Obj-Name
+attributeID: 1.2.840.113556.1.4.702
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Obj-Name
+adminDescription: dhcp-Obj-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dhcpObjName
+schemaIDGUID:: Qyc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Options,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Options
+attributeID: 1.2.840.113556.1.4.714
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Options
+adminDescription: dhcp-Options
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dhcpOptions
+schemaIDGUID:: Tyc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Properties,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Properties
+attributeID: 1.2.840.113556.1.4.718
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Properties
+adminDescription: dhcp-Properties
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dhcpProperties
+schemaIDGUID:: Uyc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Ranges,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Ranges
+attributeID: 1.2.840.113556.1.4.707
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Ranges
+adminDescription: dhcp-Ranges
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: dhcpRanges
+schemaIDGUID:: SCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Reservations,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Reservations
+attributeID: 1.2.840.113556.1.4.709
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Reservations
+adminDescription: dhcp-Reservations
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: dhcpReservations
+schemaIDGUID:: Sic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Servers
+attributeID: 1.2.840.113556.1.4.704
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Servers
+adminDescription: dhcp-Servers
+oMSyntax: 19
+searchFlags: 0
+extendedCharsAllowed: TRUE
+lDAPDisplayName: dhcpServers
+schemaIDGUID:: RSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Sites,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Sites
+attributeID: 1.2.840.113556.1.4.708
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Sites
+adminDescription: dhcp-Sites
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: dhcpSites
+schemaIDGUID:: SSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-State,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-State
+attributeID: 1.2.840.113556.1.4.717
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-State
+adminDescription: dhcp-State
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: dhcpState
+schemaIDGUID:: Uic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Subnets,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Subnets
+attributeID: 1.2.840.113556.1.4.705
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Subnets
+adminDescription: dhcp-Subnets
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: dhcpSubnets
+schemaIDGUID:: Ric9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Type
+attributeID: 1.2.840.113556.1.4.699
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Type
+adminDescription: dhcp-Type
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: dhcpType
+schemaIDGUID:: Oyc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Unique-Key,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Unique-Key
+attributeID: 1.2.840.113556.1.4.698
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Unique-Key
+adminDescription: dhcp-Unique-Key
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: dhcpUniqueKey
+schemaIDGUID:: Oic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Update-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Update-Time
+attributeID: 1.2.840.113556.1.4.720
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Update-Time
+adminDescription: dhcp-Update-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: dhcpUpdateTime
+schemaIDGUID:: VSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Display-Name
+attributeID: 1.2.840.113556.1.2.13
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Display-Name
+adminDescription: Display-Name
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: displayName
+schemaFlagsEx: 1
+schemaIDGUID:: U3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Display-Name-Printable,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Display-Name-Printable
+attributeID: 1.2.840.113556.1.2.353
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+mAPIID: 14847
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Display-Name-Printable
+adminDescription: Display-Name-Printable
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: displayNamePrintable
+schemaFlagsEx: 1
+schemaIDGUID:: VHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DIT-Content-Rules,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DIT-Content-Rules
+attributeID: 2.5.21.2
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DIT-Content-Rules
+adminDescription: DIT-Content-Rules
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dITContentRules
+schemaFlagsEx: 1
+schemaIDGUID:: Rtl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Division,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Division
+attributeID: 1.2.840.113556.1.4.261
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Division
+adminDescription: Division
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: division
+schemaIDGUID:: oDZh/nMg0BGpwgCqAGwz7Q==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DMD-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DMD-Location
+attributeID: 1.2.840.113556.1.2.36
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DMD-Location
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: DMD-Location
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: dMDLocation
+schemaFlagsEx: 1
+schemaIDGUID:: i//48JER0BGgYACqAGwz7Q==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DMD-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DMD-Name
+attributeID: 1.2.840.113556.1.2.598
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+mAPIID: 35926
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DMD-Name
+adminDescription: DMD-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dmdName
+schemaIDGUID:: uVd3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DN-Reference-Update,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DN-Reference-Update
+attributeID: 1.2.840.113556.1.4.1242
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DN-Reference-Update
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: DN-Reference-Update
+oMSyntax: 127
+searchFlags: 8
+lDAPDisplayName: dNReferenceUpdate
+schemaFlagsEx: 1
+schemaIDGUID:: hg35LZ8A0hGqTADAT9fYOg==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Allow-Dynamic,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dns-Allow-Dynamic
+attributeID: 1.2.840.113556.1.4.378
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Allow-Dynamic
+adminDescription: Dns-Allow-Dynamic
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: dnsAllowDynamic
+schemaIDGUID:: ZR764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Allow-XFR,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dns-Allow-XFR
+attributeID: 1.2.840.113556.1.4.379
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Allow-XFR
+adminDescription: Dns-Allow-XFR
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: dnsAllowXFR
+schemaIDGUID:: Zh764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DNS-Host-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DNS-Host-Name
+attributeID: 1.2.840.113556.1.4.619
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DNS-Host-Name
+adminDescription: DNS-Host-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dNSHostName
+schemaFlagsEx: 1
+schemaIDGUID:: R5Xjchh70RGt7wDAT9jVzQ==
+attributeSecurityGUID:: R5Xjchh70RGt7wDAT9jVzQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Notify-Secondaries,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dns-Notify-Secondaries
+attributeID: 1.2.840.113556.1.4.381
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Notify-Secondaries
+adminDescription: Dns-Notify-Secondaries
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: dnsNotifySecondaries
+schemaIDGUID:: aB764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DNS-Property,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DNS-Property
+attributeID: 1.2.840.113556.1.4.1306
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DNS-Property
+adminDescription: DNS-Property
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dNSProperty
+schemaIDGUID:: /hVaZ3A70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Record,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dns-Record
+attributeID: 1.2.840.113556.1.4.382
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Record
+adminDescription: Dns-Record
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dnsRecord
+schemaIDGUID:: aR764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Root,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dns-Root
+attributeID: 1.2.840.113556.1.4.28
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Root
+adminDescription: Dns-Root
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: dnsRoot
+schemaFlagsEx: 1
+schemaIDGUID:: WXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Secure-Secondaries,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dns-Secure-Secondaries
+attributeID: 1.2.840.113556.1.4.380
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Secure-Secondaries
+adminDescription: Dns-Secure-Secondaries
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: dnsSecureSecondaries
+schemaIDGUID:: Zx764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DNS-Tombstoned,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DNS-Tombstoned
+attributeID: 1.2.840.113556.1.4.1414
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DNS-Tombstoned
+adminDescription: DNS-Tombstoned
+oMSyntax: 1
+searchFlags: 1
+lDAPDisplayName: dNSTombstoned
+schemaIDGUID:: ty7r1U6+O0aiFGNKRNc5Lg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentAuthor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: documentAuthor
+attributeID: 0.9.2342.19200300.100.1.14
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentAuthor
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ The documentAuthor attribute type specifies the distinguished name of the auth
+ or of a document.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: documentAuthor
+schemaIDGUID:: GY6K8V+veESwlm81wn64Pw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentIdentifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: documentIdentifier
+attributeID: 0.9.2342.19200300.100.1.11
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentIdentifier
+adminDescription: 
+ The documentIdentifier attribute type specifies a unique identifier for a docu
+ ment.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: documentIdentifier
+schemaIDGUID:: gs4hC2P/2UaQ+8i58k6XuQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentLocation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: documentLocation
+attributeID: 0.9.2342.19200300.100.1.15
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentLocation
+adminDescription: 
+ The documentLocation attribute type specifies the location of the document ori
+ ginal.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: documentLocation
+schemaIDGUID:: TrFYuW2sxE6Ikr5wtp9ygQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentPublisher,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: documentPublisher
+attributeID: 0.9.2342.19200300.100.1.56
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentPublisher
+adminDescription: 
+ The documentPublisher attribute is the person and/or organization that publish
+ ed a document.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: documentPublisher
+schemaIDGUID:: 1wkPF2nrikSaMPGv7P0y1w==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentTitle,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: documentTitle
+attributeID: 0.9.2342.19200300.100.1.12
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentTitle
+adminDescription: 
+ The documentTitle attribute type specifies the title of a document.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: documentTitle
+schemaIDGUID:: nFom3iz/uUeR3G5v4sQwYg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentVersion,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: documentVersion
+attributeID: 0.9.2342.19200300.100.1.13
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentVersion
+adminDescription: 
+ The documentVersion attribute type specifies the version number of a document.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: documentVersion
+schemaIDGUID:: qaizlBPW7EyarV+8wQRrQw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Certificate-Authorities,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Certificate-Authorities
+attributeID: 1.2.840.113556.1.4.668
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Certificate-Authorities
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Domain-Certificate-Authorities
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: domainCAs
+schemaIDGUID:: esv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Component,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Component
+attributeID: 0.9.2342.19200300.100.1.25
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Component
+adminDescription: Domain-Component
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dc
+schemaFlagsEx: 1
+schemaIDGUID:: VVoZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Cross-Ref,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Cross-Ref
+attributeID: 1.2.840.113556.1.4.472
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Cross-Ref
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Domain-Cross-Ref
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: domainCrossRef
+schemaFlagsEx: 1
+schemaIDGUID:: e+oAsIag0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-ID
+attributeID: 1.2.840.113556.1.4.686
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-ID
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Domain-ID
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: domainID
+schemaIDGUID:: NCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Identifier
+attributeID: 1.2.840.113556.1.4.755
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Identifier
+adminDescription: Domain-Identifier
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: domainIdentifier
+schemaIDGUID:: eBJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Policy-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Policy-Object
+attributeID: 1.2.840.113556.1.4.32
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Policy-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Domain-Policy-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: domainPolicyObject
+schemaIDGUID:: XXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Policy-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Policy-Reference
+attributeID: 1.2.840.113556.1.4.422
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Policy-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Domain-Policy-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: domainPolicyReference
+schemaIDGUID:: Kn6mgCKf0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: /omboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Replica,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Replica
+attributeID: 1.2.840.113556.1.4.158
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Replica
+adminDescription: Domain-Replica
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: domainReplica
+schemaFlagsEx: 1
+schemaIDGUID:: XnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Wide-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Wide-Policy
+attributeID: 1.2.840.113556.1.4.421
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Wide-Policy
+adminDescription: Domain-Wide-Policy
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: domainWidePolicy
+schemaIDGUID:: KX6mgCKf0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: /YmboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=drink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: drink
+attributeID: 0.9.2342.19200300.100.1.5
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: drink
+adminDescription: 
+ The drink (Favourite Drink) attribute type specifies the favorite drink of an 
+ object (or person).
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: drink
+schemaIDGUID:: taUaGi4m9k2vBCz2sNgASA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Driver-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Driver-Name
+attributeID: 1.2.840.113556.1.4.229
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Driver-Name
+adminDescription: Driver-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: driverName
+schemaIDGUID:: xRYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Driver-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Driver-Version
+attributeID: 1.2.840.113556.1.4.276
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Driver-Version
+adminDescription: Driver-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: driverVersion
+schemaIDGUID:: bl8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DS-Core-Propagation-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DS-Core-Propagation-Data
+attributeID: 1.2.840.113556.1.4.1357
+attributeSyntax: 2.5.5.11
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DS-Core-Propagation-Data
+adminDescription: DS-Core-Propagation-Data
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: dSCorePropagationData
+schemaFlagsEx: 1
+schemaIDGUID:: S6pn0QiL0hGZOQAA+HpX1A==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DS-Heuristics,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DS-Heuristics
+attributeID: 1.2.840.113556.1.2.212
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DS-Heuristics
+adminDescription: DS-Heuristics
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dSHeuristics
+schemaFlagsEx: 1
+schemaIDGUID:: hv/48JER0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DS-UI-Admin-Maximum,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DS-UI-Admin-Maximum
+attributeID: 1.2.840.113556.1.4.1344
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DS-UI-Admin-Maximum
+adminDescription: DS-UI-Admin-Maximum
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: dSUIAdminMaximum
+schemaIDGUID:: 4AqN7pFv0hGZBQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DS-UI-Admin-Notification,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DS-UI-Admin-Notification
+attributeID: 1.2.840.113556.1.4.1343
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DS-UI-Admin-Notification
+adminDescription: DS-UI-Admin-Notification
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dSUIAdminNotification
+schemaIDGUID:: lArq9pFv0hGZBQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DS-UI-Shell-Maximum,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DS-UI-Shell-Maximum
+attributeID: 1.2.840.113556.1.4.1345
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DS-UI-Shell-Maximum
+adminDescription: DS-UI-Shell-Maximum
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: dSUIShellMaximum
+schemaIDGUID:: anbK/JFv0hGZBQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DSA-Signature,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DSA-Signature
+attributeID: 1.2.840.113556.1.2.74
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+mAPIID: 32887
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DSA-Signature
+adminDescription: DSA-Signature
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dSASignature
+schemaFlagsEx: 1
+schemaIDGUID:: vFd3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dynamic-LDAP-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dynamic-LDAP-Server
+attributeID: 1.2.840.113556.1.4.537
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dynamic-LDAP-Server
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Dynamic-LDAP-Server
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: dynamicLDAPServer
+schemaIDGUID:: IYBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=E-mail-Addresses,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: E-mail-Addresses
+attributeID: 0.9.2342.19200300.100.1.3
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 256
+mAPIID: 14846
+showInAdvancedViewOnly: TRUE
+adminDisplayName: E-mail-Addresses
+adminDescription: E-mail-Addresses
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: mail
+schemaIDGUID:: YXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=EFSPolicy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: EFSPolicy
+attributeID: 1.2.840.113556.1.4.268
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: EFSPolicy
+adminDescription: EFSPolicy
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: eFSPolicy
+schemaFlagsEx: 1
+schemaIDGUID:: 7LJOjhJH0BGhoADAT9kwyQ==
+attributeSecurityGUID:: /YmboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Employee-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Employee-ID
+attributeID: 1.2.840.113556.1.4.35
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Employee-ID
+adminDescription: Employee-ID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: employeeID
+schemaIDGUID:: YnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Employee-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Employee-Number
+attributeID: 1.2.840.113556.1.2.610
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 512
+mAPIID: 35943
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Employee-Number
+adminDescription: Employee-Number
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: employeeNumber
+schemaIDGUID:: 73PfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Employee-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Employee-Type
+attributeID: 1.2.840.113556.1.2.613
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+mAPIID: 35945
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Employee-Type
+adminDescription: Employee-Type
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: employeeType
+schemaIDGUID:: 8HPfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Enabled
+attributeID: 1.2.840.113556.1.2.557
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+mAPIID: 35873
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Enabled
+adminDescription: Enabled
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: Enabled
+schemaFlagsEx: 1
+schemaIDGUID:: 8nPfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Enabled-Connection,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Enabled-Connection
+attributeID: 1.2.840.113556.1.4.36
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Enabled-Connection
+adminDescription: Enabled-Connection
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: enabledConnection
+schemaFlagsEx: 1
+schemaIDGUID:: Y3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Enrollment-Providers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Enrollment-Providers
+attributeID: 1.2.840.113556.1.4.825
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Enrollment-Providers
+adminDescription: Enrollment-Providers
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: enrollmentProviders
+schemaIDGUID:: s8U5KmCJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Entry-TTL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Entry-TTL
+description: 
+ This operational attribute is present in every dynamic entry and is maintained
+  by the server. The value of this attribute is the time-in-seconds that the en
+ try will continue to exist before disappearing from the directory. In the abse
+ nce of intervening "refresh" operations, the values returned by reading the at
+ tribute in two successive searches are guaranteed to be non-increasing. The sm
+ allest permissible value is 0, indicating that the entry may disappear without
+  warning.
+attributeID: 1.3.6.1.4.1.1466.101.119.3
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 31557600
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Entry-TTL
+adminDescription: Entry-TTL
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: entryTTL
+schemaIDGUID:: zN4T0hrYhEOqwtz8/WMc+A==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Extended-Attribute-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Extended-Attribute-Info
+attributeID: 1.2.840.113556.1.4.909
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Extended-Attribute-Info
+adminDescription: Extended-Attribute-Info
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: extendedAttributeInfo
+schemaFlagsEx: 1
+schemaIDGUID:: R9l6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Extended-Chars-Allowed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Extended-Chars-Allowed
+attributeID: 1.2.840.113556.1.2.380
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+mAPIID: 32935
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Extended-Chars-Allowed
+adminDescription: Extended-Chars-Allowed
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: extendedCharsAllowed
+schemaFlagsEx: 1
+schemaIDGUID:: ZnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Extended-Class-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Extended-Class-Info
+attributeID: 1.2.840.113556.1.4.908
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Extended-Class-Info
+adminDescription: Extended-Class-Info
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: extendedClassInfo
+schemaFlagsEx: 1
+schemaIDGUID:: SNl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Extension-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Extension-Name
+attributeID: 1.2.840.113556.1.2.227
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 255
+mAPIID: 32937
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Extension-Name
+adminDescription: Extension-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: extensionName
+schemaIDGUID:: cnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Extra-Columns,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Extra-Columns
+attributeID: 1.2.840.113556.1.4.1687
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Extra-Columns
+adminDescription: Extra-Columns
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: extraColumns
+schemaIDGUID:: RihO0tkdz0uZ16YifMhtpw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Facsimile-Telephone-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Facsimile-Telephone-Number
+attributeID: 2.5.4.23
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14883
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Facsimile-Telephone-Number
+adminDescription: Facsimile-Telephone-Number
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: facsimileTelephoneNumber
+schemaIDGUID:: dHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=File-Ext-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: File-Ext-Priority
+attributeID: 1.2.840.113556.1.4.816
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: File-Ext-Priority
+adminDescription: File-Ext-Priority
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: fileExtPriority
+schemaIDGUID:: FYPh2TmJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Flags
+attributeID: 1.2.840.113556.1.4.38
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Flags
+adminDescription: Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: flags
+schemaIDGUID:: dnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Flat-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Flat-Name
+attributeID: 1.2.840.113556.1.4.511
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Flat-Name
+adminDescription: Flat-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: flatName
+schemaFlagsEx: 1
+schemaIDGUID:: FzGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Force-Logoff,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Force-Logoff
+attributeID: 1.2.840.113556.1.4.39
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Force-Logoff
+adminDescription: Force-Logoff
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: forceLogoff
+schemaFlagsEx: 1
+schemaIDGUID:: d3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Foreign-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Foreign-Identifier
+attributeID: 1.2.840.113556.1.4.356
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Foreign-Identifier
+adminDescription: Foreign-Identifier
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: foreignIdentifier
+schemaIDGUID:: HomXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Friendly-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Friendly-Names
+attributeID: 1.2.840.113556.1.4.682
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Friendly-Names
+adminDescription: Friendly-Names
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: friendlyNames
+schemaIDGUID:: iMv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=From-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: From-Entry
+attributeID: 1.2.840.113556.1.4.910
+attributeSyntax: 2.5.5.8
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: From-Entry
+adminDescription: From-Entry
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: fromEntry
+schemaFlagsEx: 1
+schemaIDGUID:: Sdl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=From-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: From-Server
+attributeID: 1.2.840.113556.1.4.40
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: From-Server
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: From-Server
+oMSyntax: 127
+searchFlags: 1
+lDAPDisplayName: fromServer
+schemaFlagsEx: 1
+schemaIDGUID:: eXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Frs-Computer-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Frs-Computer-Reference
+attributeID: 1.2.840.113556.1.4.869
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 102
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Frs-Computer-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Frs-Computer-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: frsComputerReference
+schemaIDGUID:: eCUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Frs-Computer-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Frs-Computer-Reference-BL
+attributeID: 1.2.840.113556.1.4.870
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 103
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Frs-Computer-Reference-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Frs-Computer-Reference-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: frsComputerReferenceBL
+schemaIDGUID:: eSUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Control-Data-Creation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Control-Data-Creation
+attributeID: 1.2.840.113556.1.4.871
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Control-Data-Creation
+adminDescription: FRS-Control-Data-Creation
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSControlDataCreation
+schemaIDGUID:: eiUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Control-Inbound-Backlog,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Control-Inbound-Backlog
+attributeID: 1.2.840.113556.1.4.872
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Control-Inbound-Backlog
+adminDescription: FRS-Control-Inbound-Backlog
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSControlInboundBacklog
+schemaIDGUID:: eyUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Control-Outbound-Backlog,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Control-Outbound-Backlog
+attributeID: 1.2.840.113556.1.4.873
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Control-Outbound-Backlog
+adminDescription: FRS-Control-Outbound-Backlog
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSControlOutboundBacklog
+schemaIDGUID:: fCUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Directory-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Directory-Filter
+attributeID: 1.2.840.113556.1.4.484
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Directory-Filter
+adminDescription: FRS-Directory-Filter
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSDirectoryFilter
+schemaIDGUID:: cfHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-DS-Poll,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-DS-Poll
+attributeID: 1.2.840.113556.1.4.490
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-DS-Poll
+adminDescription: FRS-DS-Poll
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: fRSDSPoll
+schemaIDGUID:: d/HoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Extensions,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Extensions
+attributeID: 1.2.840.113556.1.4.536
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Extensions
+adminDescription: FRS-Extensions
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: fRSExtensions
+schemaIDGUID:: IIBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Fault-Condition,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Fault-Condition
+attributeID: 1.2.840.113556.1.4.491
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Fault-Condition
+adminDescription: FRS-Fault-Condition
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSFaultCondition
+schemaIDGUID:: ePHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-File-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-File-Filter
+attributeID: 1.2.840.113556.1.4.483
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-File-Filter
+adminDescription: FRS-File-Filter
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSFileFilter
+schemaIDGUID:: cPHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Flags
+attributeID: 1.2.840.113556.1.4.874
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Flags
+adminDescription: FRS-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: fRSFlags
+schemaIDGUID:: fSUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Level-Limit,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Level-Limit
+attributeID: 1.2.840.113556.1.4.534
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Level-Limit
+adminDescription: FRS-Level-Limit
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: fRSLevelLimit
+schemaIDGUID:: HoBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Member-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Member-Reference
+attributeID: 1.2.840.113556.1.4.875
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 104
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Member-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: FRS-Member-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: fRSMemberReference
+schemaIDGUID:: fiUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Member-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Member-Reference-BL
+attributeID: 1.2.840.113556.1.4.876
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 105
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Member-Reference-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: FRS-Member-Reference-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: fRSMemberReferenceBL
+schemaIDGUID:: fyUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Partner-Auth-Level,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Partner-Auth-Level
+attributeID: 1.2.840.113556.1.4.877
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Partner-Auth-Level
+adminDescription: FRS-Partner-Auth-Level
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: fRSPartnerAuthLevel
+schemaIDGUID:: gCUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Primary-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Primary-Member
+attributeID: 1.2.840.113556.1.4.878
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 106
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Primary-Member
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: FRS-Primary-Member
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: fRSPrimaryMember
+schemaIDGUID:: gSUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Replica-Set-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Replica-Set-GUID
+attributeID: 1.2.840.113556.1.4.533
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Replica-Set-GUID
+adminDescription: FRS-Replica-Set-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: fRSReplicaSetGUID
+schemaIDGUID:: GoBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Replica-Set-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Replica-Set-Type
+attributeID: 1.2.840.113556.1.4.31
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Replica-Set-Type
+adminDescription: FRS-Replica-Set-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: fRSReplicaSetType
+schemaIDGUID:: a3PZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Root-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Root-Path
+attributeID: 1.2.840.113556.1.4.487
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Root-Path
+adminDescription: FRS-Root-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSRootPath
+schemaIDGUID:: dPHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Root-Security,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Root-Security
+attributeID: 1.2.840.113556.1.4.535
+attributeSyntax: 2.5.5.15
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Root-Security
+adminDescription: FRS-Root-Security
+oMSyntax: 66
+searchFlags: 0
+lDAPDisplayName: fRSRootSecurity
+schemaIDGUID:: H4BFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Service-Command,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Service-Command
+attributeID: 1.2.840.113556.1.4.500
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Service-Command
+adminDescription: FRS-Service-Command
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSServiceCommand
+schemaIDGUID:: 7gys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Service-Command-Status,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Service-Command-Status
+attributeID: 1.2.840.113556.1.4.879
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Service-Command-Status
+adminDescription: FRS-Service-Command-Status
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSServiceCommandStatus
+schemaIDGUID:: giUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Staging-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Staging-Path
+attributeID: 1.2.840.113556.1.4.488
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Staging-Path
+adminDescription: FRS-Staging-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSStagingPath
+schemaIDGUID:: dfHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Time-Last-Command,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Time-Last-Command
+attributeID: 1.2.840.113556.1.4.880
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Time-Last-Command
+adminDescription: FRS-Time-Last-Command
+oMSyntax: 23
+searchFlags: 0
+lDAPDisplayName: fRSTimeLastCommand
+schemaIDGUID:: gyUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Time-Last-Config-Change,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Time-Last-Config-Change
+attributeID: 1.2.840.113556.1.4.881
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Time-Last-Config-Change
+adminDescription: FRS-Time-Last-Config-Change
+oMSyntax: 23
+searchFlags: 0
+lDAPDisplayName: fRSTimeLastConfigChange
+schemaIDGUID:: hCUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Update-Timeout,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Update-Timeout
+attributeID: 1.2.840.113556.1.4.485
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Update-Timeout
+adminDescription: FRS-Update-Timeout
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: fRSUpdateTimeout
+schemaIDGUID:: cvHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Version
+attributeID: 1.2.840.113556.1.4.882
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Version
+adminDescription: FRS-Version
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSVersion
+schemaIDGUID:: hSUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Version-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Version-GUID
+attributeID: 1.2.840.113556.1.4.43
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Version-GUID
+adminDescription: FRS-Version-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: fRSVersionGUID
+schemaIDGUID:: bHPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Working-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Working-Path
+attributeID: 1.2.840.113556.1.4.486
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Working-Path
+adminDescription: FRS-Working-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSWorkingPath
+schemaIDGUID:: c/HoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FSMO-Role-Owner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FSMO-Role-Owner
+attributeID: 1.2.840.113556.1.4.369
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FSMO-Role-Owner
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: FSMO-Role-Owner
+oMSyntax: 127
+searchFlags: 1
+lDAPDisplayName: fSMORoleOwner
+schemaFlagsEx: 1
+schemaIDGUID:: hxgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Garbage-Coll-Period,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Garbage-Coll-Period
+attributeID: 1.2.840.113556.1.2.301
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 32943
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Garbage-Coll-Period
+adminDescription: Garbage-Coll-Period
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: garbageCollPeriod
+schemaFlagsEx: 1
+schemaIDGUID:: oSTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Gecos,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Gecos
+attributeID: 1.3.6.1.1.1.1.2
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 10240
+showInAdvancedViewOnly: TRUE
+adminDisplayName: gecos
+adminDescription: The GECOS field; the common name (RFC 2307)
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: gecos
+schemaIDGUID:: Hz/go1UdU0KgrzDCp4Tkbg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Generated-Connection,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Generated-Connection
+attributeID: 1.2.840.113556.1.4.41
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Generated-Connection
+adminDescription: Generated-Connection
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: generatedConnection
+schemaIDGUID:: enmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Generation-Qualifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Generation-Qualifier
+attributeID: 2.5.4.44
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35923
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Generation-Qualifier
+adminDescription: Generation-Qualifier
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: generationQualifier
+schemaIDGUID:: BFh3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GidNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GidNumber
+attributeID: 1.3.6.1.1.1.1.1
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: gidNumber
+adminDescription: 
+ An integer uniquely identifying a group in an administrative domain (RFC 2307)
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: gidNumber
+schemaIDGUID:: DF+5xZ7sxEGEnLRll+1mlg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Given-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Given-Name
+attributeID: 2.5.4.42
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14854
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Given-Name
+adminDescription: Given-Name
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: givenName
+schemaFlagsEx: 1
+schemaIDGUID:: jv/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Global-Address-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Global-Address-List
+attributeID: 1.2.840.113556.1.4.1245
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Global-Address-List
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Global-Address-List
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: globalAddressList
+schemaFlagsEx: 1
+schemaIDGUID:: SMdU9/QG0hGqUwDAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Global-Address-List2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Global-Address-List2
+attributeID: 1.2.840.113556.1.4.2047
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2124
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Global-Address-List2
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute is used on a Microsoft Exchange container to store the distingu
+ ished name of a newly created global address list (GAL). This attribute must h
+ ave an entry before you can enable Messaging Application Programming Interface
+  (MAPI) clients to use a GAL.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: globalAddressList2
+schemaFlagsEx: 1
+schemaIDGUID:: PfaYSBJBfEeIJjygC9gnfQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Governs-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Governs-ID
+attributeID: 1.2.840.113556.1.2.22
+attributeSyntax: 2.5.5.2
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Governs-ID
+adminDescription: Governs-ID
+oMSyntax: 6
+searchFlags: 8
+lDAPDisplayName: governsID
+schemaFlagsEx: 1
+schemaIDGUID:: fXmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GP-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GP-Link
+attributeID: 1.2.840.113556.1.4.891
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GP-Link
+adminDescription: GP-Link
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: gPLink
+schemaIDGUID:: vjsO8/Cf0RG2AwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GP-Options,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GP-Options
+attributeID: 1.2.840.113556.1.4.892
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GP-Options
+adminDescription: GP-Options
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: gPOptions
+schemaIDGUID:: vzsO8/Cf0RG2AwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GPC-File-Sys-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GPC-File-Sys-Path
+attributeID: 1.2.840.113556.1.4.894
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GPC-File-Sys-Path
+adminDescription: GPC-File-Sys-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: gPCFileSysPath
+schemaIDGUID:: wTsO8/Cf0RG2AwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GPC-Functionality-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GPC-Functionality-Version
+attributeID: 1.2.840.113556.1.4.893
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GPC-Functionality-Version
+adminDescription: GPC-Functionality-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: gPCFunctionalityVersion
+schemaIDGUID:: wDsO8/Cf0RG2AwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GPC-Machine-Extension-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GPC-Machine-Extension-Names
+attributeID: 1.2.840.113556.1.4.1348
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GPC-Machine-Extension-Names
+adminDescription: GPC-Machine-Extension-Names
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: gPCMachineExtensionNames
+schemaIDGUID:: zI7/Mj940hGZFgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GPC-User-Extension-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GPC-User-Extension-Names
+attributeID: 1.2.840.113556.1.4.1349
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GPC-User-Extension-Names
+adminDescription: GPC-User-Extension-Names
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: gPCUserExtensionNames
+schemaIDGUID:: xl+nQj940hGZFgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GPC-WQL-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GPC-WQL-Filter
+attributeID: 1.2.840.113556.1.4.1694
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GPC-WQL-Filter
+adminDescription: GPC-WQL-Filter
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: gPCWQLFilter
+schemaIDGUID:: psfUe90aNkSMBDmZqIAVTA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Group-Attributes
+attributeID: 1.2.840.113556.1.4.152
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group-Attributes
+adminDescription: Group-Attributes
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: groupAttributes
+schemaIDGUID:: fnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group-Membership-SAM,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Group-Membership-SAM
+attributeID: 1.2.840.113556.1.4.166
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group-Membership-SAM
+adminDescription: Group-Membership-SAM
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: groupMembershipSAM
+schemaIDGUID:: gHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Group-Priority
+attributeID: 1.2.840.113556.1.4.345
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group-Priority
+adminDescription: Group-Priority
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: groupPriority
+schemaIDGUID:: BVmm7saK0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Group-Type
+attributeID: 1.2.840.113556.1.4.750
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group-Type
+adminDescription: Group-Type
+oMSyntax: 2
+searchFlags: 9
+lDAPDisplayName: groupType
+schemaFlagsEx: 1
+schemaIDGUID:: HgKamltK0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Groups-to-Ignore,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Groups-to-Ignore
+attributeID: 1.2.840.113556.1.4.344
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Groups-to-Ignore
+adminDescription: Groups-to-Ignore
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: groupsToIgnore
+schemaIDGUID:: BFmm7saK0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Has-Master-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Has-Master-NCs
+attributeID: 1.2.840.113556.1.2.14
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 32950
+linkID: 76
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Has-Master-NCs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Has-Master-NCs
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: hasMasterNCs
+schemaFlagsEx: 1
+schemaIDGUID:: gnmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Has-Partial-Replica-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Has-Partial-Replica-NCs
+attributeID: 1.2.840.113556.1.2.15
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 32949
+linkID: 74
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Has-Partial-Replica-NCs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Has-Partial-Replica-NCs
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: hasPartialReplicaNCs
+schemaFlagsEx: 1
+schemaIDGUID:: gXmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Help-Data16,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Help-Data16
+attributeID: 1.2.840.113556.1.2.402
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 32826
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Help-Data16
+adminDescription: Help-Data16
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: helpData16
+schemaFlagsEx: 1
+schemaIDGUID:: pyTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Help-Data32,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Help-Data32
+attributeID: 1.2.840.113556.1.2.9
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 32784
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Help-Data32
+adminDescription: Help-Data32
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: helpData32
+schemaFlagsEx: 1
+schemaIDGUID:: qCTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Help-File-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Help-File-Name
+attributeID: 1.2.840.113556.1.2.327
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 13
+mAPIID: 32827
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Help-File-Name
+adminDescription: Help-File-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: helpFileName
+schemaFlagsEx: 1
+schemaIDGUID:: qSTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Hide-From-AB,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Hide-From-AB
+attributeID: 1.2.840.113556.1.4.1780
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Hide-From-AB
+adminDescription: Hide-From-AB
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: hideFromAB
+schemaIDGUID:: ULcF7Hep/k6OjbpsGm4zqA==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Home-Directory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Home-Directory
+attributeID: 1.2.840.113556.1.4.44
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Home-Directory
+adminDescription: Home-Directory
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: homeDirectory
+schemaFlagsEx: 1
+schemaIDGUID:: hXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Home-Drive,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Home-Drive
+attributeID: 1.2.840.113556.1.4.45
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Home-Drive
+adminDescription: Home-Drive
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: homeDrive
+schemaFlagsEx: 1
+schemaIDGUID:: hnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=host,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: host
+attributeID: 0.9.2342.19200300.100.1.9
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: host
+adminDescription: The host attribute type specifies a host computer.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: host
+schemaIDGUID:: cd9DYEj6z0arfMvVRkSyLQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=houseIdentifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: houseIdentifier
+attributeID: 2.5.4.51
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 32768
+showInAdvancedViewOnly: TRUE
+adminDisplayName: houseIdentifier
+adminDescription: 
+ The houseIdentifier attribute type specifies a linguistic construct used to id
+ entify a particular building, for example a house number or house name relativ
+ e to a street, avenue, town or city, etc.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: houseIdentifier
+schemaIDGUID:: t5hTpErEtk6C0xPBCUbb/g==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Icon-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Icon-Path
+attributeID: 1.2.840.113556.1.4.219
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Icon-Path
+adminDescription: Icon-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: iconPath
+schemaIDGUID:: g//48JER0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Implemented-Categories,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Implemented-Categories
+attributeID: 1.2.840.113556.1.4.320
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Implemented-Categories
+adminDescription: Implemented-Categories
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: implementedCategories
+schemaIDGUID:: kg5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IndexedScopes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IndexedScopes
+attributeID: 1.2.840.113556.1.4.681
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: IndexedScopes
+adminDescription: IndexedScopes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: indexedScopes
+schemaIDGUID:: h8v9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Initial-Auth-Incoming,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Initial-Auth-Incoming
+attributeID: 1.2.840.113556.1.4.539
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Initial-Auth-Incoming
+adminDescription: Initial-Auth-Incoming
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: initialAuthIncoming
+schemaFlagsEx: 1
+schemaIDGUID:: I4BFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Initial-Auth-Outgoing,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Initial-Auth-Outgoing
+attributeID: 1.2.840.113556.1.4.540
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Initial-Auth-Outgoing
+adminDescription: Initial-Auth-Outgoing
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: initialAuthOutgoing
+schemaFlagsEx: 1
+schemaIDGUID:: JIBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Initials,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Initials
+attributeID: 2.5.4.43
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 6
+mAPIID: 14858
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Initials
+adminDescription: Initials
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: initials
+schemaIDGUID:: kP/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Install-Ui-Level,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Install-Ui-Level
+attributeID: 1.2.840.113556.1.4.847
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Install-Ui-Level
+adminDescription: Install-Ui-Level
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: installUiLevel
+schemaIDGUID:: ZN2nlhiR0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Instance-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Instance-Type
+attributeID: 1.2.840.113556.1.2.1
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 32957
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Instance-Type
+adminDescription: Instance-Type
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: instanceType
+schemaFlagsEx: 1
+schemaIDGUID:: jHmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Inter-Site-Topology-Failover,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Inter-Site-Topology-Failover
+attributeID: 1.2.840.113556.1.4.1248
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Inter-Site-Topology-Failover
+adminDescription: Inter-Site-Topology-Failover
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: interSiteTopologyFailover
+schemaFlagsEx: 1
+schemaIDGUID:: YJ7Gt8cs0hGFTgCgyYP2CA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Inter-Site-Topology-Generator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Inter-Site-Topology-Generator
+attributeID: 1.2.840.113556.1.4.1246
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Inter-Site-Topology-Generator
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Inter-Site-Topology-Generator
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: interSiteTopologyGenerator
+schemaFlagsEx: 1
+schemaIDGUID:: Xp7Gt8cs0hGFTgCgyYP2CA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Inter-Site-Topology-Renew,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Inter-Site-Topology-Renew
+attributeID: 1.2.840.113556.1.4.1247
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Inter-Site-Topology-Renew
+adminDescription: Inter-Site-Topology-Renew
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: interSiteTopologyRenew
+schemaFlagsEx: 1
+schemaIDGUID:: X57Gt8cs0hGFTgCgyYP2CA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=International-ISDN-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: International-ISDN-Number
+attributeID: 2.5.4.25
+attributeSyntax: 2.5.5.6
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 16
+mAPIID: 32958
+showInAdvancedViewOnly: TRUE
+adminDisplayName: International-ISDN-Number
+adminDescription: International-ISDN-Number
+oMSyntax: 18
+searchFlags: 0
+lDAPDisplayName: internationalISDNNumber
+schemaIDGUID:: jXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Invocation-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Invocation-Id
+attributeID: 1.2.840.113556.1.2.115
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+mAPIID: 32959
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Invocation-Id
+adminDescription: Invocation-Id
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: invocationId
+schemaFlagsEx: 1
+schemaIDGUID:: jnmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpHostNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IpHostNumber
+attributeID: 1.3.6.1.1.1.1.19
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipHostNumber
+adminDescription: IP address as a dotted decimal omitting leading zeros
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: ipHostNumber
+schemaIDGUID:: IbeL3tyF3k+2h5ZXaI5mfg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpNetmaskNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IpNetmaskNumber
+attributeID: 1.3.6.1.1.1.1.21
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipNetmaskNumber
+adminDescription: IP netmask as a dotted decimal, omitting leading zeros
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: ipNetmaskNumber
+schemaIDGUID:: zU/2by5GYk+0SppTR2WeuQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpNetworkNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IpNetworkNumber
+attributeID: 1.3.6.1.1.1.1.20
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipNetworkNumber
+adminDescription: IP network as a dotted decimal, omitting leading zeros
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: ipNetworkNumber
+schemaIDGUID:: 9FQ4TocwpEKoE7sMUolY0w==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpProtocolNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IpProtocolNumber
+attributeID: 1.3.6.1.1.1.1.17
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipProtocolNumber
+adminDescription: 
+ This is part of the protocols map and stores the unique number that identifies
+  the protocol.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: ipProtocolNumber
+schemaIDGUID:: 68b16y0OFUSWcBCBmTtCEQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Data
+attributeID: 1.2.840.113556.1.4.623
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Data
+adminDescription: Ipsec-Data
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: ipsecData
+schemaIDGUID:: H/gPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Data-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Data-Type
+attributeID: 1.2.840.113556.1.4.622
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Data-Type
+adminDescription: Ipsec-Data-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: ipsecDataType
+schemaIDGUID:: HvgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Filter-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Filter-Reference
+attributeID: 1.2.840.113556.1.4.629
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Filter-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-Filter-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecFilterReference
+schemaIDGUID:: I/gPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-ID
+attributeID: 1.2.840.113556.1.4.621
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-ID
+adminDescription: Ipsec-ID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ipsecID
+schemaIDGUID:: HfgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-ISAKMP-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-ISAKMP-Reference
+attributeID: 1.2.840.113556.1.4.626
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-ISAKMP-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-ISAKMP-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecISAKMPReference
+schemaIDGUID:: IPgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Name
+attributeID: 1.2.840.113556.1.4.620
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Name
+adminDescription: Ipsec-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ipsecName
+schemaIDGUID:: HPgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IPSEC-Negotiation-Policy-Action,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IPSEC-Negotiation-Policy-Action
+attributeID: 1.2.840.113556.1.4.888
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: IPSEC-Negotiation-Policy-Action
+adminDescription: IPSEC-Negotiation-Policy-Action
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: iPSECNegotiationPolicyAction
+schemaIDGUID:: dTA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Negotiation-Policy-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Negotiation-Policy-Reference
+attributeID: 1.2.840.113556.1.4.628
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Negotiation-Policy-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-Negotiation-Policy-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecNegotiationPolicyReference
+schemaIDGUID:: IvgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IPSEC-Negotiation-Policy-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IPSEC-Negotiation-Policy-Type
+attributeID: 1.2.840.113556.1.4.887
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: IPSEC-Negotiation-Policy-Type
+adminDescription: IPSEC-Negotiation-Policy-Type
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: iPSECNegotiationPolicyType
+schemaIDGUID:: dDA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-NFA-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-NFA-Reference
+attributeID: 1.2.840.113556.1.4.627
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-NFA-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-NFA-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecNFAReference
+schemaIDGUID:: IfgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Owners-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Owners-Reference
+attributeID: 1.2.840.113556.1.4.624
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Owners-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-Owners-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecOwnersReference
+schemaIDGUID:: JPgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Policy-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Policy-Reference
+attributeID: 1.2.840.113556.1.4.517
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Policy-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-Policy-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecPolicyReference
+schemaIDGUID:: GDGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpServicePort,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IpServicePort
+attributeID: 1.3.6.1.1.1.1.15
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipServicePort
+adminDescription: 
+ This is a part of the services map and contains the port at which the UNIX ser
+ vice is available.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: ipServicePort
+schemaIDGUID:: v64t/2P0WkmEBT5INkHqog==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpServiceProtocol,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IpServiceProtocol
+attributeID: 1.3.6.1.1.1.1.16
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipServiceProtocol
+adminDescription: 
+ This is a part of the services map and stores the protocol number for a UNIX s
+ ervice.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: ipServiceProtocol
+schemaIDGUID:: C+yWzdYetEOya/FwtkWIPw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Critical-System-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Critical-System-Object
+attributeID: 1.2.840.113556.1.4.868
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Critical-System-Object
+adminDescription: Is-Critical-System-Object
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: isCriticalSystemObject
+schemaFlagsEx: 1
+schemaIDGUID:: DfP7AP6R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Defunct,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Defunct
+attributeID: 1.2.840.113556.1.4.661
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Defunct
+adminDescription: Is-Defunct
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: isDefunct
+schemaFlagsEx: 1
+schemaIDGUID:: vg5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Deleted,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Deleted
+attributeID: 1.2.840.113556.1.2.48
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+mAPIID: 32960
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Deleted
+adminDescription: Is-Deleted
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: isDeleted
+schemaFlagsEx: 1
+schemaIDGUID:: j3mWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Ephemeral,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Ephemeral
+attributeID: 1.2.840.113556.1.4.1212
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Ephemeral
+adminDescription: Is-Ephemeral
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: isEphemeral
+schemaIDGUID:: 8FPE9PHF0RG7ywCAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Member-Of-DL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Member-Of-DL
+attributeID: 1.2.840.113556.1.2.102
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 32776
+linkID: 3
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Member-Of-DL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Is-Member-Of-DL
+oMSyntax: 127
+searchFlags: 16
+lDAPDisplayName: memberOf
+schemaFlagsEx: 1
+schemaIDGUID:: kXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: QMIKvKl50BGQIADAT8LUzw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Member-Of-Partial-Attribute-Set,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Member-Of-Partial-Attribute-Set
+attributeID: 1.2.840.113556.1.4.639
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Member-Of-Partial-Attribute-Set
+adminDescription: Is-Member-Of-Partial-Attribute-Set
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: isMemberOfPartialAttributeSet
+schemaFlagsEx: 1
+schemaIDGUID:: nVtAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Privilege-Holder,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Privilege-Holder
+attributeID: 1.2.840.113556.1.4.638
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 71
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Privilege-Holder
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Is-Privilege-Holder
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: isPrivilegeHolder
+schemaIDGUID:: nFtAGfo80RGpwAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Recycled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Recycled
+attributeID: 1.2.840.113556.1.4.2058
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Recycled
+adminDescription: Is the object recycled.
+oMSyntax: 1
+searchFlags: 8
+lDAPDisplayName: isRecycled
+schemaFlagsEx: 1
+schemaIDGUID:: VpK1j/FVS0Sqy/W0gv40WQ==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Single-Valued,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Single-Valued
+attributeID: 1.2.840.113556.1.2.33
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+mAPIID: 32961
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Single-Valued
+adminDescription: Is-Single-Valued
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: isSingleValued
+schemaFlagsEx: 1
+schemaIDGUID:: knmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=jpegPhoto,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: jpegPhoto
+attributeID: 0.9.2342.19200300.100.1.60
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: jpegPhoto
+adminDescription: 
+ Used to store one or more images of a person using the JPEG File Interchange F
+ ormat [JFIF].
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: jpegPhoto
+schemaIDGUID:: cgXIusQJqU+a5nYo162+Dg==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Keywords,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Keywords
+attributeID: 1.2.840.113556.1.4.48
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Keywords
+adminDescription: Keywords
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: keywords
+schemaFlagsEx: 1
+schemaIDGUID:: k3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Knowledge-Information,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Knowledge-Information
+attributeID: 2.5.4.2
+attributeSyntax: 2.5.5.4
+isSingleValued: FALSE
+mAPIID: 32963
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Knowledge-Information
+adminDescription: Knowledge-Information
+oMSyntax: 20
+searchFlags: 0
+lDAPDisplayName: knowledgeInformation
+schemaIDGUID:: H1h3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=labeledURI,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: labeledURI
+attributeID: 1.3.6.1.4.1.250.1.57
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: labeledURI
+adminDescription: 
+ A Uniform Resource Identifier followed by a label. The label is used to descri
+ be the resource to which the URI points, and is intended as a friendly name fi
+ t for human consumption.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: labeledURI
+schemaIDGUID:: RrtpxYDGvESic+bCJ9cbRQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Backup-Restoration-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Backup-Restoration-Time
+attributeID: 1.2.840.113556.1.4.519
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Backup-Restoration-Time
+adminDescription: Last-Backup-Restoration-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lastBackupRestorationTime
+schemaIDGUID:: 6Au7H2O60BGv7wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Content-Indexed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Content-Indexed
+attributeID: 1.2.840.113556.1.4.50
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Content-Indexed
+adminDescription: Last-Content-Indexed
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lastContentIndexed
+schemaIDGUID:: lXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Known-Parent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Known-Parent
+attributeID: 1.2.840.113556.1.4.781
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Known-Parent
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Last-Known-Parent
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: lastKnownParent
+schemaFlagsEx: 1
+schemaIDGUID:: cIarUglX0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Logoff,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Logoff
+attributeID: 1.2.840.113556.1.4.51
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Logoff
+adminDescription: Last-Logoff
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lastLogoff
+schemaFlagsEx: 1
+schemaIDGUID:: lnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Logon,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Logon
+attributeID: 1.2.840.113556.1.4.52
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Logon
+adminDescription: Last-Logon
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lastLogon
+schemaFlagsEx: 1
+schemaIDGUID:: l3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Logon-Timestamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Logon-Timestamp
+attributeID: 1.2.840.113556.1.4.1696
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Logon-Timestamp
+adminDescription: Last-Logon-Timestamp
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: lastLogonTimestamp
+schemaFlagsEx: 1
+schemaIDGUID:: BAriwFoO80+Ugl7+rs1wYA==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Set-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Set-Time
+attributeID: 1.2.840.113556.1.4.53
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Set-Time
+adminDescription: Last-Set-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lastSetTime
+schemaFlagsEx: 1
+schemaIDGUID:: mHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Update-Sequence,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Update-Sequence
+attributeID: 1.2.840.113556.1.4.330
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Update-Sequence
+adminDescription: Last-Update-Sequence
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: lastUpdateSequence
+schemaIDGUID:: nA5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=LDAP-Admin-Limits,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: LDAP-Admin-Limits
+attributeID: 1.2.840.113556.1.4.843
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: LDAP-Admin-Limits
+adminDescription: LDAP-Admin-Limits
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: lDAPAdminLimits
+schemaFlagsEx: 1
+schemaIDGUID:: UqNZc/eQ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=LDAP-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: LDAP-Display-Name
+attributeID: 1.2.840.113556.1.2.460
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+mAPIID: 33137
+showInAdvancedViewOnly: TRUE
+adminDisplayName: LDAP-Display-Name
+adminDescription: LDAP-Display-Name
+oMSyntax: 64
+searchFlags: 9
+lDAPDisplayName: lDAPDisplayName
+schemaFlagsEx: 1
+schemaIDGUID:: mnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=LDAP-IPDeny-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: LDAP-IPDeny-List
+attributeID: 1.2.840.113556.1.4.844
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: LDAP-IPDeny-List
+adminDescription: LDAP-IPDeny-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: lDAPIPDenyList
+schemaFlagsEx: 1
+schemaIDGUID:: U6NZc/eQ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Legacy-Exchange-DN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Legacy-Exchange-DN
+attributeID: 1.2.840.113556.1.4.655
+attributeSyntax: 2.5.5.4
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Legacy-Exchange-DN
+adminDescription: Legacy-Exchange-DN
+oMSyntax: 20
+searchFlags: 13
+lDAPDisplayName: legacyExchangeDN
+schemaFlagsEx: 1
+schemaIDGUID:: vA5jKNVB0RGpwQAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Link-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Link-ID
+attributeID: 1.2.840.113556.1.2.50
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 32965
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Link-ID
+adminDescription: Link-ID
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: linkID
+schemaFlagsEx: 1
+schemaIDGUID:: m3mWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Link-Track-Secret,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Link-Track-Secret
+attributeID: 1.2.840.113556.1.4.269
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Link-Track-Secret
+adminDescription: Link-Track-Secret
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: linkTrackSecret
+schemaIDGUID:: 4g/oKrRH0BGhpADAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Lm-Pwd-History,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Lm-Pwd-History
+attributeID: 1.2.840.113556.1.4.160
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lm-Pwd-History
+adminDescription: Lm-Pwd-History
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: lmPwdHistory
+schemaFlagsEx: 1
+schemaIDGUID:: nXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Local-Policy-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Local-Policy-Flags
+attributeID: 1.2.840.113556.1.4.56
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Local-Policy-Flags
+adminDescription: Local-Policy-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: localPolicyFlags
+schemaFlagsEx: 1
+schemaIDGUID:: nnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Local-Policy-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Local-Policy-Reference
+attributeID: 1.2.840.113556.1.4.457
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Local-Policy-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Local-Policy-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: localPolicyReference
+schemaIDGUID:: TX6mgCKf0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: AYqboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Locale-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Locale-ID
+attributeID: 1.2.840.113556.1.4.58
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Locale-ID
+adminDescription: Locale-ID
+oMSyntax: 2
+searchFlags: 16
+lDAPDisplayName: localeID
+schemaIDGUID:: oXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Locality-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Locality-Name
+attributeID: 2.5.4.7
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 14887
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Locality-Name
+adminDescription: Locality-Name
+oMSyntax: 64
+searchFlags: 17
+lDAPDisplayName: l
+schemaFlagsEx: 1
+schemaIDGUID:: onmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Localization-Display-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Localization-Display-Id
+attributeID: 1.2.840.113556.1.4.1353
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Localization-Display-Id
+adminDescription: Localization-Display-Id
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: localizationDisplayId
+schemaIDGUID:: 0fBGp9B40hGZFgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Localized-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Localized-Description
+attributeID: 1.2.840.113556.1.4.817
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Localized-Description
+adminDescription: Localized-Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: localizedDescription
+schemaIDGUID:: FoPh2TmJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Location
+attributeID: 1.2.840.113556.1.4.222
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Location
+adminDescription: Location
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: location
+schemaIDGUID:: n7fcCV8W0BGgZACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Lock-Out-Observation-Window,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Lock-Out-Observation-Window
+attributeID: 1.2.840.113556.1.4.61
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lock-Out-Observation-Window
+adminDescription: Lock-Out-Observation-Window
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lockOutObservationWindow
+schemaFlagsEx: 1
+schemaIDGUID:: pHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Lockout-Duration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Lockout-Duration
+attributeID: 1.2.840.113556.1.4.60
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lockout-Duration
+adminDescription: Lockout-Duration
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lockoutDuration
+schemaFlagsEx: 1
+schemaIDGUID:: pXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Lockout-Threshold,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Lockout-Threshold
+attributeID: 1.2.840.113556.1.4.73
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lockout-Threshold
+adminDescription: Lockout-Threshold
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: lockoutThreshold
+schemaFlagsEx: 1
+schemaIDGUID:: pnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Lockout-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Lockout-Time
+attributeID: 1.2.840.113556.1.4.662
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lockout-Time
+adminDescription: Lockout-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lockoutTime
+schemaFlagsEx: 1
+schemaIDGUID:: vw5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=LoginShell,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: LoginShell
+attributeID: 1.3.6.1.1.1.1.4
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: loginShell
+adminDescription: The path to the login shell (RFC 2307)
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: loginShell
+schemaIDGUID:: LNFTpTEyXkyK340YlpdyHg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Logo,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Logo
+attributeID: 2.16.840.1.113730.3.1.36
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Logo
+adminDescription: Logo
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: thumbnailLogo
+schemaFlagsEx: 1
+schemaIDGUID:: qXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Logon-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Logon-Count
+attributeID: 1.2.840.113556.1.4.169
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Logon-Count
+adminDescription: Logon-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: logonCount
+schemaFlagsEx: 1
+schemaIDGUID:: qnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Logon-Hours,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Logon-Hours
+attributeID: 1.2.840.113556.1.4.64
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Logon-Hours
+adminDescription: Logon-Hours
+oMSyntax: 4
+searchFlags: 16
+lDAPDisplayName: logonHours
+schemaFlagsEx: 1
+schemaIDGUID:: q3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Logon-Workstation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Logon-Workstation
+attributeID: 1.2.840.113556.1.4.65
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Logon-Workstation
+adminDescription: Logon-Workstation
+oMSyntax: 4
+searchFlags: 16
+lDAPDisplayName: logonWorkstation
+schemaIDGUID:: rHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=LSA-Creation-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: LSA-Creation-Time
+attributeID: 1.2.840.113556.1.4.66
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: LSA-Creation-Time
+adminDescription: LSA-Creation-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lSACreationTime
+schemaIDGUID:: rXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=LSA-Modified-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: LSA-Modified-Count
+attributeID: 1.2.840.113556.1.4.67
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: LSA-Modified-Count
+adminDescription: LSA-Modified-Count
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lSAModifiedCount
+schemaIDGUID:: rnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MacAddress,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MacAddress
+attributeID: 1.3.6.1.1.1.1.22
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: macAddress
+adminDescription: MAC address in maximal, colon seperated hex notation
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: macAddress
+schemaIDGUID:: 3SKl5nCX4UOJ3h3lBEMo9w==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Machine-Architecture,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Machine-Architecture
+attributeID: 1.2.840.113556.1.4.68
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Machine-Architecture
+adminDescription: Machine-Architecture
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: machineArchitecture
+schemaIDGUID:: r3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Machine-Password-Change-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Machine-Password-Change-Interval
+attributeID: 1.2.840.113556.1.4.520
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Machine-Password-Change-Interval
+adminDescription: Machine-Password-Change-Interval
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: machinePasswordChangeInterval
+schemaIDGUID:: jjW2yTi70BGv7wAA+ANnwQ==
+attributeSecurityGUID:: /omboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Machine-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Machine-Role
+attributeID: 1.2.840.113556.1.4.71
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Machine-Role
+adminDescription: Machine-Role
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: machineRole
+schemaFlagsEx: 1
+schemaIDGUID:: snmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Machine-Wide-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Machine-Wide-Policy
+attributeID: 1.2.840.113556.1.4.459
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Machine-Wide-Policy
+adminDescription: Machine-Wide-Policy
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: machineWidePolicy
+schemaIDGUID:: T36mgCKf0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: AYqboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Managed-By,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Managed-By
+attributeID: 1.2.840.113556.1.4.653
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+mAPIID: 32780
+linkID: 72
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Managed-By
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Managed-By
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: managedBy
+schemaFlagsEx: 1
+schemaIDGUID:: IMGWAtpA0RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Managed-Objects,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Managed-Objects
+attributeID: 1.2.840.113556.1.4.654
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 32804
+linkID: 73
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Managed-Objects
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Managed-Objects
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: managedObjects
+schemaIDGUID:: JMGWAtpA0RGpwAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Manager,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Manager
+attributeID: 0.9.2342.19200300.100.1.10
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+mAPIID: 32773
+linkID: 42
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Manager
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Manager
+oMSyntax: 127
+searchFlags: 16
+lDAPDisplayName: manager
+schemaIDGUID:: tXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MAPI-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MAPI-ID
+attributeID: 1.2.840.113556.1.2.49
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 32974
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MAPI-ID
+adminDescription: MAPI-ID
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mAPIID
+schemaFlagsEx: 1
+schemaIDGUID:: t3mWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Marshalled-Interface,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Marshalled-Interface
+attributeID: 1.2.840.113556.1.4.72
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Marshalled-Interface
+adminDescription: Marshalled-Interface
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: marshalledInterface
+schemaIDGUID:: uXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Mastered-By,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Mastered-By
+attributeID: 1.2.840.113556.1.4.1409
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 77
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Mastered-By
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Mastered-By
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: masteredBy
+schemaFlagsEx: 1
+schemaIDGUID:: 4GSO5MkS0xGRAgDAT9kasQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Max-Pwd-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Max-Pwd-Age
+attributeID: 1.2.840.113556.1.4.74
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Max-Pwd-Age
+adminDescription: Max-Pwd-Age
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: maxPwdAge
+schemaFlagsEx: 1
+schemaIDGUID:: u3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Max-Renew-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Max-Renew-Age
+attributeID: 1.2.840.113556.1.4.75
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Max-Renew-Age
+adminDescription: Max-Renew-Age
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: maxRenewAge
+schemaFlagsEx: 1
+schemaIDGUID:: vHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Max-Storage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Max-Storage
+attributeID: 1.2.840.113556.1.4.76
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Max-Storage
+adminDescription: Max-Storage
+oMSyntax: 65
+searchFlags: 16
+lDAPDisplayName: maxStorage
+schemaIDGUID:: vXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Max-Ticket-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Max-Ticket-Age
+attributeID: 1.2.840.113556.1.4.77
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Max-Ticket-Age
+adminDescription: Max-Ticket-Age
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: maxTicketAge
+schemaFlagsEx: 1
+schemaIDGUID:: vnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=May-Contain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: May-Contain
+attributeID: 1.2.840.113556.1.2.25
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: May-Contain
+adminDescription: May-Contain
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: mayContain
+schemaFlagsEx: 1
+schemaIDGUID:: v3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingAdvertiseScope,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingAdvertiseScope
+attributeID: 1.2.840.113556.1.4.582
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingAdvertiseScope
+adminDescription: meetingAdvertiseScope
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingAdvertiseScope
+schemaIDGUID:: i8y2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingApplication,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingApplication
+attributeID: 1.2.840.113556.1.4.573
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingApplication
+adminDescription: meetingApplication
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingApplication
+schemaIDGUID:: g8y2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingBandwidth,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingBandwidth
+attributeID: 1.2.840.113556.1.4.589
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingBandwidth
+adminDescription: meetingBandwidth
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: meetingBandwidth
+schemaIDGUID:: ksy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingBlob,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingBlob
+attributeID: 1.2.840.113556.1.4.590
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingBlob
+adminDescription: meetingBlob
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: meetingBlob
+schemaIDGUID:: k8y2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingContactInfo,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingContactInfo
+attributeID: 1.2.840.113556.1.4.578
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingContactInfo
+adminDescription: meetingContactInfo
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingContactInfo
+schemaIDGUID:: h8y2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingDescription,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingDescription
+attributeID: 1.2.840.113556.1.4.567
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingDescription
+adminDescription: meetingDescription
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingDescription
+schemaIDGUID:: fsy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingEndTime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingEndTime
+attributeID: 1.2.840.113556.1.4.588
+attributeSyntax: 2.5.5.11
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingEndTime
+adminDescription: meetingEndTime
+oMSyntax: 23
+searchFlags: 0
+lDAPDisplayName: meetingEndTime
+schemaIDGUID:: kcy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingID
+attributeID: 1.2.840.113556.1.4.565
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingID
+adminDescription: meetingID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingID
+schemaIDGUID:: fMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingIP,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingIP
+attributeID: 1.2.840.113556.1.4.580
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingIP
+adminDescription: meetingIP
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingIP
+schemaIDGUID:: icy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingIsEncrypted,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingIsEncrypted
+attributeID: 1.2.840.113556.1.4.585
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingIsEncrypted
+adminDescription: meetingIsEncrypted
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingIsEncrypted
+schemaIDGUID:: jsy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingKeyword,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingKeyword
+attributeID: 1.2.840.113556.1.4.568
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingKeyword
+adminDescription: meetingKeyword
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingKeyword
+schemaIDGUID:: f8y2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingLanguage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingLanguage
+attributeID: 1.2.840.113556.1.4.574
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingLanguage
+adminDescription: meetingLanguage
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingLanguage
+schemaIDGUID:: hMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingLocation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingLocation
+attributeID: 1.2.840.113556.1.4.569
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingLocation
+adminDescription: meetingLocation
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingLocation
+schemaIDGUID:: gMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingMaxParticipants,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingMaxParticipants
+attributeID: 1.2.840.113556.1.4.576
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingMaxParticipants
+adminDescription: meetingMaxParticipants
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: meetingMaxParticipants
+schemaIDGUID:: hcy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingName
+attributeID: 1.2.840.113556.1.4.566
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingName
+adminDescription: meetingName
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingName
+schemaIDGUID:: fcy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingOriginator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingOriginator
+attributeID: 1.2.840.113556.1.4.577
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingOriginator
+adminDescription: meetingOriginator
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingOriginator
+schemaIDGUID:: hsy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingOwner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingOwner
+attributeID: 1.2.840.113556.1.4.579
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingOwner
+adminDescription: meetingOwner
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingOwner
+schemaIDGUID:: iMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingProtocol,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingProtocol
+attributeID: 1.2.840.113556.1.4.570
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingProtocol
+adminDescription: meetingProtocol
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingProtocol
+schemaIDGUID:: gcy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingRating,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingRating
+attributeID: 1.2.840.113556.1.4.584
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingRating
+adminDescription: meetingRating
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingRating
+schemaIDGUID:: jcy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingRecurrence,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingRecurrence
+attributeID: 1.2.840.113556.1.4.586
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingRecurrence
+adminDescription: meetingRecurrence
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingRecurrence
+schemaIDGUID:: j8y2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingScope,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingScope
+attributeID: 1.2.840.113556.1.4.581
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingScope
+adminDescription: meetingScope
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingScope
+schemaIDGUID:: isy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingStartTime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingStartTime
+attributeID: 1.2.840.113556.1.4.587
+attributeSyntax: 2.5.5.11
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingStartTime
+adminDescription: meetingStartTime
+oMSyntax: 23
+searchFlags: 0
+lDAPDisplayName: meetingStartTime
+schemaIDGUID:: kMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingType
+attributeID: 1.2.840.113556.1.4.571
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingType
+adminDescription: meetingType
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingType
+schemaIDGUID:: gsy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingURL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingURL
+attributeID: 1.2.840.113556.1.4.583
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingURL
+adminDescription: meetingURL
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingURL
+schemaIDGUID:: jMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Member
+attributeID: 2.5.4.31
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 32777
+linkID: 2
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Member
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Member
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: member
+schemaFlagsEx: 1
+schemaIDGUID:: wHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: QMIKvKl50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MemberNisNetgroup,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MemberNisNetgroup
+attributeID: 1.3.6.1.1.1.1.13
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 153600
+showInAdvancedViewOnly: TRUE
+adminDisplayName: memberNisNetgroup
+adminDescription: 
+ A multivalued attribute that holds the list of netgroups that are members of t
+ his netgroup.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: memberNisNetgroup
+schemaIDGUID:: 3BdqD+VT6EuUQo884vkBKg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MemberUid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MemberUid
+attributeID: 1.3.6.1.1.1.1.12
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 256000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: memberUid
+adminDescription: 
+ This multivalued attribute holds the login names of the members of a group.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: memberUid
+schemaIDGUID:: NrLaAy5nYU+rZPd9LcL/qw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MHS-OR-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MHS-OR-Address
+attributeID: 1.2.840.113556.1.4.650
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MHS-OR-Address
+adminDescription: MHS-OR-Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mhsORAddress
+schemaIDGUID:: IsGWAtpA0RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Min-Pwd-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Min-Pwd-Age
+attributeID: 1.2.840.113556.1.4.78
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Min-Pwd-Age
+adminDescription: Min-Pwd-Age
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: minPwdAge
+schemaFlagsEx: 1
+schemaIDGUID:: wnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Min-Pwd-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Min-Pwd-Length
+attributeID: 1.2.840.113556.1.4.79
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Min-Pwd-Length
+adminDescription: Min-Pwd-Length
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: minPwdLength
+schemaFlagsEx: 1
+schemaIDGUID:: w3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Min-Ticket-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Min-Ticket-Age
+attributeID: 1.2.840.113556.1.4.80
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Min-Ticket-Age
+adminDescription: Min-Ticket-Age
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: minTicketAge
+schemaFlagsEx: 1
+schemaIDGUID:: xHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Modified-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Modified-Count
+attributeID: 1.2.840.113556.1.4.168
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Modified-Count
+adminDescription: Modified-Count
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: modifiedCount
+schemaFlagsEx: 1
+schemaIDGUID:: xXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Modified-Count-At-Last-Prom,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Modified-Count-At-Last-Prom
+attributeID: 1.2.840.113556.1.4.81
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Modified-Count-At-Last-Prom
+adminDescription: Modified-Count-At-Last-Prom
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: modifiedCountAtLastProm
+schemaFlagsEx: 1
+schemaIDGUID:: xnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Modify-Time-Stamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Modify-Time-Stamp
+attributeID: 2.5.18.2
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Modify-Time-Stamp
+adminDescription: Modify-Time-Stamp
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: modifyTimeStamp
+schemaFlagsEx: 1
+schemaIDGUID:: Stl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Moniker,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Moniker
+attributeID: 1.2.840.113556.1.4.82
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Moniker
+adminDescription: Moniker
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: moniker
+schemaIDGUID:: x3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Moniker-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Moniker-Display-Name
+attributeID: 1.2.840.113556.1.4.83
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Moniker-Display-Name
+adminDescription: Moniker-Display-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: monikerDisplayName
+schemaIDGUID:: yHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Move-Tree-State,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Move-Tree-State
+attributeID: 1.2.840.113556.1.4.1305
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Move-Tree-State
+adminDescription: Move-Tree-State
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: moveTreeState
+schemaIDGUID:: yMIqH3E70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Central-Access-Policy-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Authz-Central-Access-Policy-ID
+attributeID: 1.2.840.113556.1.4.2154
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Central-Access-Policy-ID
+adminDescription: 
+ For a Central Access Policy, this attribute defines a GUID that can be used to
+  identify the set of policies when applied to a resource.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msAuthz-CentralAccessPolicyID
+schemaIDGUID:: YJvyYnS+MEaUVi9mkZk6hg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Effective-Security-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Authz-Effective-Security-Policy
+attributeID: 1.2.840.113556.1.4.2150
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Security-Policy
+adminDescription: 
+ For a central access rule, this attribute defines the permission that is apply
+ ing to the target resources on the central access rule.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msAuthz-EffectiveSecurityPolicy
+schemaIDGUID:: GRmDB5SPtk+KQpFUXcza0w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Last-Effective-Security-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Authz-Last-Effective-Security-Policy
+attributeID: 1.2.840.113556.1.4.2152
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Last-Effective-Security-Policy
+adminDescription: 
+ For a central access rule, this attribute defines the permission that was last
+  applied to the objects the Central Access Rule is applied to.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msAuthz-LastEffectiveSecurityPolicy
+schemaIDGUID:: xoUWji8+okiljVrw6nifoA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Member-Rules-In-Central-Access-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Authz-Member-Rules-In-Central-Access-Policy
+attributeID: 1.2.840.113556.1.4.2155
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2184
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Member-Rules-In-Central-Access-Policy
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a central access policy, this attribute identifies the central access rule
+ s that comprise the policy.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msAuthz-MemberRulesInCentralAccessPolicy
+schemaIDGUID:: ei/yV343w0KYcs7G8h0uPg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Member-Rules-In-Central-Access-Policy-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Authz-Member-Rules-In-Central-Access-Policy-BL
+attributeID: 1.2.840.113556.1.4.2156
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2185
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Member-Rules-In-Central-Access-Policy-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-Authz-Member-Rules-In-Central-Access-Policy. For a central acc
+ ess rule object, this attribute references one or more central access policies
+  that point to it.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msAuthz-MemberRulesInCentralAccessPolicyBL
+schemaIDGUID:: z2duUd3+lES7OrxQapSIkQ==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Proposed-Security-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Authz-Proposed-Security-Policy
+attributeID: 1.2.840.113556.1.4.2151
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Proposed-Security-Policy
+adminDescription: 
+ For a Central Access Policy Entry, defines the proposed security policy of the
+  objects the CAPE is applied to.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msAuthz-ProposedSecurityPolicy
+schemaIDGUID:: zr5GubUJakuyWktjozDoDg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Resource-Condition,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Authz-Resource-Condition
+attributeID: 1.2.840.113556.1.4.2153
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Resource-Condition
+adminDescription: 
+ For a central access rule, this attribute is an expression that identifies the
+  scope of the target resource to which the policy applies.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msAuthz-ResourceCondition
+schemaIDGUID:: d3iZgHT4aEyGTW5QioO9vQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-DefaultPartitionLink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-COM-DefaultPartitionLink
+attributeID: 1.2.840.113556.1.4.1427
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-DefaultPartitionLink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Link to a the default Partition for the PartitionSet. Default = adminDisplayNa
+ me
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msCOM-DefaultPartitionLink
+schemaIDGUID:: 9xCLmRqqZEO4Z3U9GX/mcA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-ObjectId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-COM-ObjectId
+attributeID: 1.2.840.113556.1.4.1428
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-ObjectId
+adminDescription: Object ID that COM+ uses. Default = adminDisplayName
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msCOM-ObjectId
+schemaIDGUID:: i2cPQ5+I8kGYQyA7WmVXLw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-PartitionLink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-COM-PartitionLink
+attributeID: 1.2.840.113556.1.4.1423
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 1040
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-PartitionLink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Link from a PartitionSet to a Partition. Default = adminDisplayName
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msCOM-PartitionLink
+schemaIDGUID:: YqyrCT8EAkesK2yhXu5XVA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-PartitionSetLink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-COM-PartitionSetLink
+attributeID: 1.2.840.113556.1.4.1424
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 1041
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-PartitionSetLink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Link from a Partition to a PartitionSet. Default = adminDisplayName
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msCOM-PartitionSetLink
+schemaIDGUID:: 3CHxZwJ9fUyC9ZrUyVCsNA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-UserLink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-COM-UserLink
+attributeID: 1.2.840.113556.1.4.1425
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 1049
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-UserLink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Link from a PartitionSet to a User. Default = adminDisplayName
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msCOM-UserLink
+schemaIDGUID:: TTpvniwkN0+waDa1f5/IUg==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-UserPartitionSetLink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-COM-UserPartitionSetLink
+attributeID: 1.2.840.113556.1.4.1426
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 1048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-UserPartitionSetLink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Link from a User to a PartitionSet. Default = adminDisplayName
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msCOM-UserPartitionSetLink
+schemaIDGUID:: igyUjnfkZ0Owjf8v+ULc1w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Comment-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Comment-v2
+attributeID: 1.2.840.113556.1.4.2036
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32766
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Comment-v2
+adminDescription: Comment associated with DFS root/link.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFS-Commentv2
+schemaIDGUID:: yc6Gt/1hI0WywVzrOGC7Mg==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Generation-GUID-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Generation-GUID-v2
+attributeID: 1.2.840.113556.1.4.2032
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Generation-GUID-v2
+adminDescription: 
+ To be updated each time the entry containing this attribute is modified.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFS-GenerationGUIDv2
+schemaIDGUID:: 2bO4NY/F1kOTDlBA8vGngQ==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Last-Modified-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Last-Modified-v2
+attributeID: 1.2.840.113556.1.4.2034
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Last-Modified-v2
+adminDescription: 
+ To be updated on each write to the entry containing the attribute.
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: msDFS-LastModifiedv2
+schemaIDGUID:: il4JPE4xW0aD9auCd7zymw==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Link-Identity-GUID-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Link-Identity-GUID-v2
+attributeID: 1.2.840.113556.1.4.2041
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Link-Identity-GUID-v2
+adminDescription: 
+ To be set only when the link is created. Stable across rename/move as long as 
+ link is not replaced by another link having same name.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFS-LinkIdentityGUIDv2
+schemaIDGUID:: 8yew7SZX7k2NTtvwfhrR8Q==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Link-Path-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Link-Path-v2
+attributeID: 1.2.840.113556.1.4.2039
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32766
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Link-Path-v2
+adminDescription: 
+ DFS link path relative to the DFS root target share (i.e. without the server/d
+ omain and DFS namespace name components). Use forward slashes (/) instead of b
+ ackslashes so that LDAP searches can be done without having to use escapes.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFS-LinkPathv2
+schemaIDGUID:: 9iGwhqsQokCiUh3AzDvmqQ==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Link-Security-Descriptor-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Link-Security-Descriptor-v2
+attributeID: 1.2.840.113556.1.4.2040
+attributeSyntax: 2.5.5.15
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Link-Security-Descriptor-v2
+adminDescription: 
+ Security descriptor of the DFS links's reparse point on the filesystem.
+oMSyntax: 66
+searchFlags: 0
+lDAPDisplayName: msDFS-LinkSecurityDescriptorv2
+schemaIDGUID:: 94fPVyY0QUizIgKztunrqA==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Namespace-Identity-GUID-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Namespace-Identity-GUID-v2
+attributeID: 1.2.840.113556.1.4.2033
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Namespace-Identity-GUID-v2
+adminDescription: 
+ To be set only when the namespace is created. Stable across rename/move as lon
+ g as namespace is not replaced by another namespace having same name.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFS-NamespaceIdentityGUIDv2
+schemaIDGUID:: zjIEIF/sMUmlJdf0r+NOaA==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Properties-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Properties-v2
+attributeID: 1.2.840.113556.1.4.2037
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Properties-v2
+adminDescription: Properties associated with DFS root/link.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFS-Propertiesv2
+schemaIDGUID:: xVs+DA7r9UCbUzNOlY3/2w==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Schema-Major-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Schema-Major-Version
+attributeID: 1.2.840.113556.1.4.2030
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 2
+rangeUpper: 2
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Schema-Major-Version
+adminDescription: Major version of schema of DFS metadata.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFS-SchemaMajorVersion
+schemaIDGUID:: VXht7EpwYU+apsSafB1Uxw==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Schema-Minor-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Schema-Minor-Version
+attributeID: 1.2.840.113556.1.4.2031
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Schema-Minor-Version
+adminDescription: Minor version of schema of DFS metadata.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFS-SchemaMinorVersion
+schemaIDGUID:: Jaf5/vHoq0O9hmoBFc6eOA==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Short-Name-Link-Path-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Short-Name-Link-Path-v2
+attributeID: 1.2.840.113556.1.4.2042
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32766
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Short-Name-Link-Path-v2
+adminDescription: 
+ Shortname DFS link path relative to the DFS root target share (i.e. without th
+ e server/domain and DFS namespace name components). Use forward slashes (/) in
+ stead of backslashes so that LDAP searches can be done without having to use e
+ scapes.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFS-ShortNameLinkPathv2
+schemaIDGUID:: 8CZ4LfdM6UKgOREQ4NnKmQ==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Target-List-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Target-List-v2
+attributeID: 1.2.840.113556.1.4.2038
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2097152
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Target-List-v2
+adminDescription: Targets corresponding to DFS root/link.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFS-TargetListv2
+schemaIDGUID:: xiaxakH6NkuAnnypFhDUjw==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Ttl-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Ttl-v2
+attributeID: 1.2.840.113556.1.4.2035
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Ttl-v2
+adminDescription: 
+ TTL associated with DFS root/link. For use at DFS referral time.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFS-Ttlv2
+schemaIDGUID:: MU2U6kqGSUOtpQYuLGFPXg==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-CachePolicy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-CachePolicy
+attributeID: 1.2.840.113556.1.6.13.3.29
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-CachePolicy
+adminDescription: On-demand cache policy options
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-CachePolicy
+schemaIDGUID:: 5wh623b8aUWkX/XstmqItQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-CommonStagingPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-CommonStagingPath
+attributeID: 1.2.840.113556.1.6.13.3.38
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-CommonStagingPath
+adminDescription: Full path of the common staging directory
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-CommonStagingPath
+schemaIDGUID:: Qaxuk1fSuUu9VfMQo88JrQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-CommonStagingSizeInMb,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-CommonStagingSizeInMb
+attributeID: 1.2.840.113556.1.6.13.3.39
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: -1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-CommonStagingSizeInMb
+adminDescription: Size of the common staging directory in MB
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDFSR-CommonStagingSizeInMb
+schemaIDGUID:: DrBeE0ZIi0WOoqN1Wa/UBQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ComputerReference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ComputerReference
+attributeID: 1.2.840.113556.1.6.13.3.101
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2050
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ComputerReference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Forward link to Computer object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDFSR-ComputerReference
+schemaIDGUID:: hVd7bCE9v0GKimJ5QVRNWg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ComputerReferenceBL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ComputerReferenceBL
+attributeID: 1.2.840.113556.1.6.13.3.103
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2051
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ComputerReferenceBL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Backlink attribute for ms-DFSR-ComputerReference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDFSR-ComputerReferenceBL
+schemaIDGUID:: 1ya1XhvXrkSMxpVGAFLmrA==
+systemFlags: 1
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ConflictPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ConflictPath
+attributeID: 1.2.840.113556.1.6.13.3.7
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ConflictPath
+adminDescription: Full path of the conflict directory
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-ConflictPath
+schemaIDGUID:: yLzwXPdg/0u9pq6gNE6xUQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ConflictSizeInMb,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ConflictSizeInMb
+attributeID: 1.2.840.113556.1.6.13.3.8
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: -1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ConflictSizeInMb
+adminDescription: Size of the Conflict directory in MB
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDFSR-ConflictSizeInMb
+schemaIDGUID:: yT/Tms+qmUK7PtH8bqiOSQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ContentSetGuid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ContentSetGuid
+attributeID: 1.2.840.113556.1.6.13.3.18
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ContentSetGuid
+adminDescription: DFSR Content set guid
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFSR-ContentSetGuid
+schemaIDGUID:: 4ag1EKhnIUy3uwMc35nXoA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DefaultCompressionExclusionFilter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DefaultCompressionExclusionFilter
+attributeID: 1.2.840.113556.1.6.13.3.34
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-DefaultCompressionExclusionFilter
+adminDescription: 
+ Filter string containing extensions of file types not to be compressed
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-DefaultCompressionExclusionFilter
+schemaIDGUID:: 1RuBh4vNy0WfXZgPOp4Mlw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DeletedPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DeletedPath
+attributeID: 1.2.840.113556.1.6.13.3.26
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-DeletedPath
+adminDescription: Full path of the Deleted directory
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-DeletedPath
+schemaIDGUID:: uPB8gZXbFEm4M1oHnvZXZA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DeletedSizeInMb,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DeletedSizeInMb
+attributeID: 1.2.840.113556.1.6.13.3.27
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeUpper: -1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-DeletedSizeInMb
+adminDescription: Size of the Deleted directory in MB
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDFSR-DeletedSizeInMb
+schemaIDGUID:: 0ZrtU3WZ9EGD9QwGGhJVOg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DfsLinkTarget,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DfsLinkTarget
+attributeID: 1.2.840.113556.1.6.13.3.24
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-DfsLinkTarget
+adminDescription: Link target used for the subscription
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-DfsLinkTarget
+schemaIDGUID:: qVu49/k7j0KqtC7ubVbwYw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DfsPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DfsPath
+attributeID: 1.2.840.113556.1.6.13.3.21
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-DfsPath
+adminDescription: Full path of associated DFS link
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDFSR-DfsPath
+schemaIDGUID:: 4gPJLIw5O0Sshv9rAerHug==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DirectoryFilter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DirectoryFilter
+attributeID: 1.2.840.113556.1.6.13.3.13
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-DirectoryFilter
+adminDescription: Filter string applied to directories
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-DirectoryFilter
+schemaIDGUID:: d7THky4fQEu3vwB+jQOMzw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DisablePacketPrivacy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DisablePacketPrivacy
+attributeID: 1.2.840.113556.1.6.13.3.32
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-DisablePacketPrivacy
+adminDescription: Disable packet privacy on a connection
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDFSR-DisablePacketPrivacy
+schemaIDGUID:: 5e2Eah50/UOd1qoPYVeGIQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Enabled
+attributeID: 1.2.840.113556.1.6.13.3.9
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Enabled
+adminDescription: Specify if the object enabled
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDFSR-Enabled
+schemaIDGUID:: 52pyA32ORkSKrqkWV8AJkw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Extension,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Extension
+attributeID: 1.2.840.113556.1.6.13.3.2
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Extension
+adminDescription: DFSR Extension attribute
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFSR-Extension
+schemaIDGUID:: 7BHweGanGUutz3uB7XgaTQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-FileFilter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-FileFilter
+attributeID: 1.2.840.113556.1.6.13.3.12
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-FileFilter
+adminDescription: Filter string applied to files
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-FileFilter
+schemaIDGUID:: rHCC1tylQUimrM1ovjjBgQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Flags
+attributeID: 1.2.840.113556.1.6.13.3.16
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Flags
+adminDescription: DFSR Object Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-Flags
+schemaIDGUID:: lVZR/mE/yEWb+hnBSMV7CQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Keywords,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Keywords
+attributeID: 1.2.840.113556.1.6.13.3.15
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Keywords
+adminDescription: User defined keywords
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-Keywords
+schemaIDGUID:: kkaLBCdiZ0ugdMRDcIPhSw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-MaxAgeInCacheInMin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-MaxAgeInCacheInMin
+attributeID: 1.2.840.113556.1.6.13.3.31
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeUpper: 2147483647
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-MaxAgeInCacheInMin
+adminDescription: Maximum time in minutes to keep files in full form
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-MaxAgeInCacheInMin
+schemaIDGUID:: jeSwKk6s/EqD5aNCQNthmA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-MemberReference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-MemberReference
+attributeID: 1.2.840.113556.1.6.13.3.100
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2052
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-MemberReference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Forward link to DFSR-Member object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDFSR-MemberReference
+schemaIDGUID:: qjcTJsPxskS76siNSebwxw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-MemberReferenceBL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-MemberReferenceBL
+attributeID: 1.2.840.113556.1.6.13.3.102
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2053
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-MemberReferenceBL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Backlink attribute for ms-DFSR-MemberReference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDFSR-MemberReferenceBL
+schemaIDGUID:: xmLerYAY7UG9PDC30l4U8A==
+systemFlags: 1
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-MinDurationCacheInMin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-MinDurationCacheInMin
+attributeID: 1.2.840.113556.1.6.13.3.30
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeUpper: 2147483647
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-MinDurationCacheInMin
+adminDescription: Minimum time in minutes before truncating files
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-MinDurationCacheInMin
+schemaIDGUID:: emBdTEnOSkSYYoKpX10fzA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-OnDemandExclusionDirectoryFilter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-OnDemandExclusionDirectoryFilter
+attributeID: 1.2.840.113556.1.6.13.3.36
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-OnDemandExclusionDirectoryFilter
+adminDescription: Filter string applied to on demand replication directories
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-OnDemandExclusionDirectoryFilter
+schemaIDGUID:: /zpSfRKQskmZJfkioAGGVg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-OnDemandExclusionFileFilter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-OnDemandExclusionFileFilter
+attributeID: 1.2.840.113556.1.6.13.3.35
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-OnDemandExclusionFileFilter
+adminDescription: Filter string applied to on demand replication files
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-OnDemandExclusionFileFilter
+schemaIDGUID:: 3FmDpoGl5k6QFVOCxg8PtA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Options,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Options
+attributeID: 1.2.840.113556.1.6.13.3.17
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Options
+adminDescription: DFSR object options
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-Options
+schemaIDGUID:: hHDW1iDHfUGGR7aWI3oRTA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Options2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Options2
+attributeID: 1.2.840.113556.1.6.13.3.37
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-Options2
+adminDescription: Object Options2
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-Options2
+schemaIDGUID:: GEPiEaZMSU+a/uXrGvo0cw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Priority
+attributeID: 1.2.840.113556.1.6.13.3.25
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-Priority
+adminDescription: Priority level
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-Priority
+schemaIDGUID:: 1ucg660y3kKxQRatJjGwGw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-RdcEnabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-RdcEnabled
+attributeID: 1.2.840.113556.1.6.13.3.19
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-RdcEnabled
+adminDescription: Enable and disable RDC
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDFSR-RdcEnabled
+schemaIDGUID:: BU6046f0eECnMPSGcKdD+A==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-RdcMinFileSizeInKb,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-RdcMinFileSizeInKb
+attributeID: 1.2.840.113556.1.6.13.3.20
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: -1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-RdcMinFileSizeInKb
+adminDescription: Minimum file size to apply RDC
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDFSR-RdcMinFileSizeInKb
+schemaIDGUID:: MKMC9OWswU2MyXTZAL+K4A==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ReadOnly,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ReadOnly
+attributeID: 1.2.840.113556.1.6.13.3.28
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-ReadOnly
+adminDescription: Specify whether the content is read-only or read-write
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDFSR-ReadOnly
+schemaIDGUID:: IYDEWkfk50adI5LAxqkN+w==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ReplicationGroupGuid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ReplicationGroupGuid
+attributeID: 1.2.840.113556.1.6.13.3.23
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ReplicationGroupGuid
+adminDescription: Replication group guid
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDFSR-ReplicationGroupGuid
+schemaIDGUID:: loetLRl2+E+Wbgpcxnsofw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ReplicationGroupType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ReplicationGroupType
+attributeID: 1.2.840.113556.1.6.13.3.10
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ReplicationGroupType
+adminDescription: Type of Replication Group
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-ReplicationGroupType
+schemaIDGUID:: yA/t7gEQ7UWAzLv3RJMHIA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-RootFence,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-RootFence
+attributeID: 1.2.840.113556.1.6.13.3.22
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-RootFence
+adminDescription: Root directory fence value
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-RootFence
+schemaIDGUID:: lI6SUdgsvkq1UuUEEkRDcA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-RootPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-RootPath
+attributeID: 1.2.840.113556.1.6.13.3.3
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-RootPath
+adminDescription: Full path of the root directory
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-RootPath
+schemaIDGUID:: wejV1x/mT0afzyC74KLsVA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-RootSizeInMb,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-RootSizeInMb
+attributeID: 1.2.840.113556.1.6.13.3.4
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-RootSizeInMb
+adminDescription: Size of the root directory in MB
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDFSR-RootSizeInMb
+schemaIDGUID:: rGm3kBNEz0OteoZxQudAow==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Schedule,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Schedule
+attributeID: 1.2.840.113556.1.6.13.3.14
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 336
+rangeUpper: 336
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Schedule
+adminDescription: DFSR Replication schedule
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFSR-Schedule
+schemaIDGUID:: X/GZRh+n4kif9ViXwHWSBQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-StagingCleanupTriggerInPercent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-StagingCleanupTriggerInPercent
+attributeID: 1.2.840.113556.1.6.13.3.40
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-StagingCleanupTriggerInPercent
+adminDescription: Staging cleanup trigger in percent of free disk space
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-StagingCleanupTriggerInPercent
+schemaIDGUID:: I5xL1vrhe0azF2lk10TWMw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-StagingPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-StagingPath
+attributeID: 1.2.840.113556.1.6.13.3.5
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-StagingPath
+adminDescription: Full path of the staging directory
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-StagingPath
+schemaIDGUID:: nqa5hqbwXUCZu3fZd5ksKg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-StagingSizeInMb,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-StagingSizeInMb
+attributeID: 1.2.840.113556.1.6.13.3.6
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: -1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-StagingSizeInMb
+adminDescription: Size of the staging directory in MB
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDFSR-StagingSizeInMb
+schemaIDGUID:: II8KJfz2WUWuZeSyTGeuvg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-TombstoneExpiryInMin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-TombstoneExpiryInMin
+attributeID: 1.2.840.113556.1.6.13.3.11
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2147483647
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-TombstoneExpiryInMin
+adminDescription: Tombstone record lifetime in minutes
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-TombstoneExpiryInMin
+schemaIDGUID:: TF3jIyTjYUiiL+GZFA2uAA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Version
+attributeID: 1.2.840.113556.1.6.13.3.1
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Version
+adminDescription: DFSR version number
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-Version
+schemaIDGUID:: CBSGGsM46km6dYVIGnfGVQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-DNSKEY-Record-Set-TTL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-DNSKEY-Record-Set-TTL
+attributeID: 1.2.840.113556.1.4.2139
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2592000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-DNSKEY-Record-Set-TTL
+adminDescription: 
+ An attribute that defines the time-to-live (TTL) value assigned to DNSKEY reco
+ rds when signing the DNS zone.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-DNSKEYRecordSetTTL
+schemaIDGUID:: fzFOj9coLESm3x9JH5ezJg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-DNSKEY-Records,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-DNSKEY-Records
+attributeID: 1.2.840.113556.1.4.2145
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 10000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-DNSKEY-Records
+adminDescription: 
+ An attribute that contains the DNSKEY record set for the root of the DNS zone 
+ and the root key signing key signature records.
+oMSyntax: 4
+searchFlags: 8
+lDAPDisplayName: msDNS-DNSKEYRecords
+schemaIDGUID:: 9VjEKC1gyUqnfLPxvlA6fg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-DS-Record-Algorithms,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-DS-Record-Algorithms
+attributeID: 1.2.840.113556.1.4.2134
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-DS-Record-Algorithms
+adminDescription: 
+ An attribute used to define the algorithms used when writing the dsset file du
+ ring zone signing.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-DSRecordAlgorithms
+schemaIDGUID:: 0npbXPogu0S+szS5wPZVeQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-DS-Record-Set-TTL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-DS-Record-Set-TTL
+attributeID: 1.2.840.113556.1.4.2140
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2592000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-DS-Record-Set-TTL
+adminDescription: 
+ An attribute that defines the time-to-live (TTL) value assigned to DS records 
+ when signing the DNS zone.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-DSRecordSetTTL
+schemaIDGUID:: fJuGKcRk/kKX1fvC+hJBYA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Is-Signed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Is-Signed
+attributeID: 1.2.840.113556.1.4.2130
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Is-Signed
+adminDescription: 
+ An attribute used to define whether or not the DNS zone is signed.
+oMSyntax: 1
+searchFlags: 8
+lDAPDisplayName: msDNS-IsSigned
+schemaIDGUID:: TIUSqvzYXk2RyjaLjYKb7g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Keymaster-Zones,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Keymaster-Zones
+attributeID: 1.2.840.113556.1.4.2128
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Keymaster-Zones
+adminDescription: 
+ A list of Active Directory-integrated zones for which the DNS server is the ke
+ ymaster.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDNS-KeymasterZones
+schemaIDGUID:: O93gCxoEjEGs6S8X0j6dQg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Maintain-Trust-Anchor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Maintain-Trust-Anchor
+attributeID: 1.2.840.113556.1.4.2133
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Maintain-Trust-Anchor
+adminDescription: 
+ An attribute used to define the type of trust anchor to automatically publish 
+ in the forest-wide trust anchor store when the DNS zone is signed.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-MaintainTrustAnchor
+schemaIDGUID:: wWPADdlSVkSeFZwkNKr9lA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-NSEC3-Current-Salt,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-NSEC3-Current-Salt
+attributeID: 1.2.840.113556.1.4.2149
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 510
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-NSEC3-Current-Salt
+adminDescription: 
+ An attribute that defines the current NSEC3 salt string being used to sign the
+  DNS zone.
+oMSyntax: 64
+searchFlags: 8
+lDAPDisplayName: msDNS-NSEC3CurrentSalt
+schemaIDGUID:: MpR9ONGmdESCzQqJquCErg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-NSEC3-Hash-Algorithm,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-NSEC3-Hash-Algorithm
+attributeID: 1.2.840.113556.1.4.2136
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-NSEC3-Hash-Algorithm
+adminDescription: 
+ An attribute that defines the NSEC3 hash algorithm to use when signing the DNS
+  zone.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-NSEC3HashAlgorithm
+schemaIDGUID:: UlWe/7d9OEGIiAXOMgoDIw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-NSEC3-Iterations,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-NSEC3-Iterations
+attributeID: 1.2.840.113556.1.4.2138
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 10000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-NSEC3-Iterations
+adminDescription: 
+ An attribute that defines how many NSEC3 hash iterations to perform when signi
+ ng the DNS zone.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-NSEC3Iterations
+schemaIDGUID:: qwq3gFmJwE6OkxJudt86yg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-NSEC3-OptOut,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-NSEC3-OptOut
+attributeID: 1.2.840.113556.1.4.2132
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-NSEC3-OptOut
+adminDescription: 
+ An attribute used to define whether or not the DNS zone should be signed using
+  NSEC opt-out.
+oMSyntax: 1
+searchFlags: 8
+lDAPDisplayName: msDNS-NSEC3OptOut
+schemaIDGUID:: iCDqe+KMPEKxkWbsUGsVlQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-NSEC3-Random-Salt-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-NSEC3-Random-Salt-Length
+attributeID: 1.2.840.113556.1.4.2137
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-NSEC3-Random-Salt-Length
+adminDescription: 
+ An attribute that defines the length in bytes of the random salt used when sig
+ ning the DNS zone.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-NSEC3RandomSaltLength
+schemaIDGUID:: ZRY2E2yR502lnbHrvQ3hKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-NSEC3-User-Salt,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-NSEC3-User-Salt
+attributeID: 1.2.840.113556.1.4.2148
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 510
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-NSEC3-User-Salt
+adminDescription: 
+ An attribute that defines a user-specified NSEC3 salt string to use when signi
+ ng the DNS zone. If empty, random salt will be used.
+oMSyntax: 64
+searchFlags: 8
+lDAPDisplayName: msDNS-NSEC3UserSalt
+schemaIDGUID:: cGfxryKWvE+hKDCId3YFuQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Parent-Has-Secure-Delegation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Parent-Has-Secure-Delegation
+attributeID: 1.2.840.113556.1.4.2146
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Parent-Has-Secure-Delegation
+adminDescription: 
+ An attribute used to define whether the parental delegation to the DNS zone is
+  secure.
+oMSyntax: 1
+searchFlags: 8
+lDAPDisplayName: msDNS-ParentHasSecureDelegation
+schemaIDGUID:: ZGlcKBrBnkmW2L98daIjxg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Propagation-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Propagation-Time
+attributeID: 1.2.840.113556.1.4.2147
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Propagation-Time
+adminDescription: 
+ An attribute used to define in seconds the expected time required to propagate
+  zone changes through Active Directory.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-PropagationTime
+schemaIDGUID:: Rw00uoEhoEyi9vrkR52rKg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-RFC5011-Key-Rollovers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-RFC5011-Key-Rollovers
+attributeID: 1.2.840.113556.1.4.2135
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-RFC5011-Key-Rollovers
+adminDescription: 
+ An attribute that defines whether or not the DNS zone should be maintained usi
+ ng key rollover procedures defined in RFC 5011.
+oMSyntax: 1
+searchFlags: 8
+lDAPDisplayName: msDNS-RFC5011KeyRollovers
+schemaIDGUID:: QDzZJ1oGwEO92M3yx9Egqg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Secure-Delegation-Polling-Period,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Secure-Delegation-Polling-Period
+attributeID: 1.2.840.113556.1.4.2142
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2592000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Secure-Delegation-Polling-Period
+adminDescription: 
+ An attribute that defines in seconds the time between polling attempts for chi
+ ld zone key rollovers.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-SecureDelegationPollingPeriod
+schemaIDGUID:: vvCw9uSoaESP2cPEe4ci+Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Sign-With-NSEC3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Sign-With-NSEC3
+attributeID: 1.2.840.113556.1.4.2131
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Sign-With-NSEC3
+adminDescription: 
+ An attribute used to define whether or not the DNS zone is signed with NSEC3.
+oMSyntax: 1
+searchFlags: 8
+lDAPDisplayName: msDNS-SignWithNSEC3
+schemaIDGUID:: mSGfx6Ft/0aSPB8/gAxyHg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Signature-Inception-Offset,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Signature-Inception-Offset
+attributeID: 1.2.840.113556.1.4.2141
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2592000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Signature-Inception-Offset
+adminDescription: 
+ An attribute that defines in seconds how far in the past DNSSEC signature vali
+ dity periods should begin when signing the DNS zone.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-SignatureInceptionOffset
+schemaIDGUID:: LsPUAxfiYUqWmXu8RymgJg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Signing-Key-Descriptors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Signing-Key-Descriptors
+attributeID: 1.2.840.113556.1.4.2143
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 10000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Signing-Key-Descriptors
+adminDescription: 
+ An attribute that contains the set of DNSSEC Signing Key Descriptors (SKDs) us
+ ed by the DNS server to generate keys and sign the DNS zone.
+oMSyntax: 4
+searchFlags: 8
+lDAPDisplayName: msDNS-SigningKeyDescriptors
+schemaIDGUID:: zdhDNLblO0+wmGWaAhSgeQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Signing-Keys,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Signing-Keys
+attributeID: 1.2.840.113556.1.4.2144
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 10000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Signing-Keys
+adminDescription: 
+ An attribute that contains the set of encrypted DNSSEC signing keys used by th
+ e DNS server to sign the DNS zone.
+oMSyntax: 4
+searchFlags: 8
+lDAPDisplayName: msDNS-SigningKeys
+schemaIDGUID:: bT5nt9nKnk6zGmPoCY/dYw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DRM-Identity-Certificate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DRM-Identity-Certificate
+attributeID: 1.2.840.113556.1.4.1843
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 10240
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DRM-Identity-Certificate
+adminDescription: 
+ The XrML digital rights management certificates for this user.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDRM-IdentityCertificate
+schemaIDGUID:: BBJe6DQ0rUGbVuKQEij/8A==
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Additional-Dns-Host-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Additional-Dns-Host-Name
+attributeID: 1.2.840.113556.1.4.1717
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Additional-Dns-Host-Name
+adminDescription: ms-DS-Additional-Dns-Host-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AdditionalDnsHostName
+schemaFlagsEx: 1
+schemaIDGUID:: kTeGgOnbuE6Dfn8KtV2axw==
+attributeSecurityGUID:: R5Xjchh70RGt7wDAT9jVzQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Additional-Sam-Account-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Additional-Sam-Account-Name
+attributeID: 1.2.840.113556.1.4.1718
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Additional-Sam-Account-Name
+adminDescription: ms-DS-Additional-Sam-Account-Name
+oMSyntax: 64
+searchFlags: 13
+lDAPDisplayName: msDS-AdditionalSamAccountName
+schemaFlagsEx: 1
+schemaIDGUID:: 33FVl9WkmkKfWc3GWB2R5g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-All-Users-Trust-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-All-Users-Trust-Quota
+attributeID: 1.2.840.113556.1.4.1789
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-All-Users-Trust-Quota
+adminDescription: 
+ Used to enforce a combined users quota on the total number of Trusted-Domain o
+ bjects created by using the control access right, "Create inbound Forest trust
+ ".
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AllUsersTrustQuota
+schemaFlagsEx: 1
+schemaIDGUID:: XEqq0wNOEEiXqisznnpDSw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Allowed-DNS-Suffixes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Allowed-DNS-Suffixes
+attributeID: 1.2.840.113556.1.4.1710
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Allowed-DNS-Suffixes
+adminDescription: Allowed suffixes for dNSHostName on computer
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AllowedDNSSuffixes
+schemaFlagsEx: 1
+schemaIDGUID:: G0RphMSaRU6CBb0hnb9nLQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Allowed-To-Act-On-Behalf-Of-Other-Identity,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Allowed-To-Act-On-Behalf-Of-Other-Identity
+attributeID: 1.2.840.113556.1.4.2182
+attributeSyntax: 2.5.5.15
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Allowed-To-Act-On-Behalf-Of-Other-Identity
+adminDescription: 
+ This attribute is used for access checks to determine if a requestor has permi
+ ssion to act on the behalf of other identities to services running as this acc
+ ount.
+oMSyntax: 66
+searchFlags: 0
+lDAPDisplayName: msDS-AllowedToActOnBehalfOfOtherIdentity
+schemaFlagsEx: 1
+schemaIDGUID:: 5cN4P5r3vUaguJ0YEW3ceQ==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Allowed-To-Delegate-To,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Allowed-To-Delegate-To
+attributeID: 1.2.840.113556.1.4.1787
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Allowed-To-Delegate-To
+adminDescription: 
+ Allowed-To-Delegate-To contains a list of SPNs that are used for Constrained D
+ elegation
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AllowedToDelegateTo
+schemaFlagsEx: 1
+schemaIDGUID:: 15QNgKG3oUKxTXyuFCPQfw==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Applies-To-Resource-Types,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Applies-To-Resource-Types
+attributeID: 1.2.840.113556.1.4.2195
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Applies-To-Resource-Types
+adminDescription: 
+ For a resource property, this attribute indicates what resource types this res
+ ource property applies to.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AppliesToResourceTypes
+schemaFlagsEx: 1
+schemaIDGUID:: BiA/aWRXSj2EOVjwSqtLWQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Approx-Immed-Subordinates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Approx-Immed-Subordinates
+attributeID: 1.2.840.113556.1.4.1669
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Approx-Immed-Subordinates
+adminDescription: ms-DS-Approx-Immed-Subordinates
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-Approx-Immed-Subordinates
+schemaFlagsEx: 1
+schemaIDGUID:: Q9KF4c7220q0lrDABdeCPA==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Approximate-Last-Logon-Time-Stamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Approximate-Last-Logon-Time-Stamp
+attributeID: 1.2.840.113556.1.4.2262
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Approximate-Last-Logon-Time-Stamp
+adminDescription: 
+ The approximate time a user last logged on with from the device.
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: msDS-ApproximateLastLogonTimeStamp
+schemaIDGUID:: O5hPo8aEDE+QUKOhSh01pA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Assigned-AuthN-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Assigned-AuthN-Policy
+attributeID: 1.2.840.113556.1.4.2295
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2212
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Assigned Authentication Policy
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute specifies which AuthNPolicy should be applied to this principal
+ .
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-AssignedAuthNPolicy
+schemaIDGUID:: 2Ap6uPdUwUmEoOZNEoU1iA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Assigned-AuthN-Policy-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Assigned-AuthN-Policy-BL
+attributeID: 1.2.840.113556.1.4.2296
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2213
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Assigned Authentication Policy Backlink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: This attribute is the backlink for msDS-AssignedAuthNPolicy.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-AssignedAuthNPolicyBL
+schemaIDGUID:: PBsTLZ/T7kqBXo20vBznrA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Assigned-AuthN-Policy-Silo,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Assigned-AuthN-Policy-Silo
+attributeID: 1.2.840.113556.1.4.2285
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2202
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Assigned Authentication Policy Silo
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute specifies which AuthNPolicySilo a principal is assigned to.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-AssignedAuthNPolicySilo
+schemaIDGUID:: QcE/svUN6kqzPWz0kwd7Pw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Assigned-AuthN-Policy-Silo-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Assigned-AuthN-Policy-Silo-BL
+attributeID: 1.2.840.113556.1.4.2286
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2203
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Assigned Authentication Policy Silo Backlink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute is the backlink for msDS-AssignedAuthNPolicySilo.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-AssignedAuthNPolicySiloBL
+schemaIDGUID:: FAUUM3r10keOxATEZmYAxw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthenticatedAt-DC,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-AuthenticatedAt-DC
+attributeID: 1.2.840.113556.1.4.1958
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2112
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-AuthenticatedAt-DC
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Forwardlink for ms-DS-AuthenticatedTo-Accountlist; for a User, identifies whic
+ h DC a user has authenticated to
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-AuthenticatedAtDC
+schemaFlagsEx: 1
+schemaIDGUID:: nOkePgRmiUSJ2YR5iolRWg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthenticatedTo-Accountlist,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-AuthenticatedTo-Accountlist
+attributeID: 1.2.840.113556.1.4.1957
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2113
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-AuthenticatedTo-Accountlist
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-DS-AuthenticatedAt-DC; for a Computer, identifies which users 
+ have authenticated to this Computer
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-AuthenticatedToAccountlist
+schemaFlagsEx: 1
+schemaIDGUID:: ccmy6N+mvEeNb2J3DVJ6pQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthN-Policy-Enforced,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-AuthN-Policy-Enforced
+attributeID: 1.2.840.113556.1.4.2297
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication Policy Enforced
+adminDescription: 
+ This attribute specifies whether the authentication policy is enforced.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-AuthNPolicyEnforced
+schemaIDGUID:: wgxWekXsukSy1yEjatWf1Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthN-Policy-Silo-Enforced,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-AuthN-Policy-Silo-Enforced
+attributeID: 1.2.840.113556.1.4.2298
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication Policy Silo Enforced
+adminDescription: 
+ This attribute specifies whether the authentication policy silo is enforced.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-AuthNPolicySiloEnforced
+schemaIDGUID:: AhH18uBrPUmHJhVGzbyHcQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthN-Policy-Silo-Members,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-AuthN-Policy-Silo-Members
+attributeID: 1.2.840.113556.1.4.2287
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2204
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication Policy Silo Members
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute specifies which principals are assigned to the AuthNPolicySilo.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-AuthNPolicySiloMembers
+schemaIDGUID:: BR5NFqZIhkio6XeiAG48dw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthN-Policy-Silo-Members-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-AuthN-Policy-Silo-Members-BL
+attributeID: 1.2.840.113556.1.4.2288
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2205
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication Policy Silo Members Backlink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute is the backlink for msDS-AuthNPolicySiloMembers.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-AuthNPolicySiloMembersBL
+schemaIDGUID:: x8v8EeT7UUm0t63fb579RA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Auxiliary-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Auxiliary-Classes
+attributeID: 1.2.840.113556.1.4.1458
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Auxiliary-Classes
+adminDescription: ms-DS-Auxiliary-Classes
+oMSyntax: 6
+searchFlags: 8
+lDAPDisplayName: msDS-Auxiliary-Classes
+schemaFlagsEx: 1
+schemaIDGUID:: cxCvxFDu4Eu4wImkH+mavg==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Application-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Application-Data
+attributeID: 1.2.840.113556.1.4.1819
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Application-Data
+adminDescription: 
+ A string that is used by individual applications to store whatever information
+  they may need to
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzApplicationData
+schemaIDGUID:: 6MM/UMYcGkaZo57uBPQCpw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Application-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Application-Name
+attributeID: 1.2.840.113556.1.4.1798
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Application-Name
+adminDescription: A string that uniquely identifies an application object
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzApplicationName
+schemaIDGUID:: KAdb2whidkiDt5XT5WlSdQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Application-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Application-Version
+attributeID: 1.2.840.113556.1.4.1817
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Application-Version
+adminDescription: 
+ A version number to indicate that the AzApplication is updated
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzApplicationVersion
+schemaIDGUID:: IKGEccQ6rkeEj/4KsgeE1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Biz-Rule,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Biz-Rule
+attributeID: 1.2.840.113556.1.4.1801
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Biz-Rule
+adminDescription: Text of the script implementing the business rule
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzBizRule
+schemaIDGUID:: qB7UM8nAkkyUlPEEh4QT/Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Biz-Rule-Language,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Biz-Rule-Language
+attributeID: 1.2.840.113556.1.4.1802
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Biz-Rule-Language
+adminDescription: 
+ Language that the business rule script is in (Jscript, VBScript)
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzBizRuleLanguage
+schemaIDGUID:: VkuZUmwOB06qXO+df1oOJQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Class-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Class-ID
+attributeID: 1.2.840.113556.1.4.1816
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 40
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Class-ID
+adminDescription: 
+ A class ID required by the AzRoles UI on the AzApplication object
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzClassId
+schemaIDGUID:: d3I6AS1c70mn3rdls2o/bw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Domain-Timeout,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Domain-Timeout
+attributeID: 1.2.840.113556.1.4.1795
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Domain-Timeout
+adminDescription: 
+ Time (in ms) after a domain is detected to be un-reachable, and before the DC 
+ is tried again
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AzDomainTimeout
+schemaIDGUID:: avVIZHDKLk6wr9IOTOZT0A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Generate-Audits,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Generate-Audits
+attributeID: 1.2.840.113556.1.4.1805
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Generate-Audits
+adminDescription: 
+ A boolean field indicating if runtime audits need to be turned on (include aud
+ its for access checks, etc.)
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-AzGenerateAudits
+schemaIDGUID:: sLoK+WwYGES7hYhEfIciKg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Generic-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Generic-Data
+attributeID: 1.2.840.113556.1.4.1950
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Generic-Data
+adminDescription: AzMan specific generic data
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzGenericData
+schemaIDGUID:: SeP3tVt6fECjNKMcP1OLmA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Last-Imported-Biz-Rule-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Last-Imported-Biz-Rule-Path
+attributeID: 1.2.840.113556.1.4.1803
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Last-Imported-Biz-Rule-Path
+adminDescription: Last imported business rule path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzLastImportedBizRulePath
+schemaIDGUID:: XMtaZpK7vE2MWbNjjqsJsw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-LDAP-Query,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-LDAP-Query
+attributeID: 1.2.840.113556.1.4.1792
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 4096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-LDAP-Query
+adminDescription: ms-DS-Az-LDAP-Query
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzLDAPQuery
+schemaFlagsEx: 1
+schemaIDGUID:: izZTXpT8yEWdfdrzHucRLQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Major-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Major-Version
+attributeID: 1.2.840.113556.1.4.1824
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Major-Version
+adminDescription: Major version number for AzRoles
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AzMajorVersion
+schemaIDGUID:: t625z7fEWUCVaB7Z22tySA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Minor-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Minor-Version
+attributeID: 1.2.840.113556.1.4.1825
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Minor-Version
+adminDescription: Minor version number for AzRoles
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AzMinorVersion
+schemaIDGUID:: k+2F7gmyiEeBZecC9Rv78w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Object-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Object-Guid
+attributeID: 1.2.840.113556.1.4.1949
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Object-Guid
+adminDescription: The unique and portable identifier of AzMan objects
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDS-AzObjectGuid
+schemaIDGUID:: SOWRhDhsZUOnMq8EFWmwLA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Operation-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Operation-ID
+attributeID: 1.2.840.113556.1.4.1800
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Operation-ID
+adminDescription: 
+ Application specific ID that makes the operation unique to the application
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AzOperationID
+schemaIDGUID:: U7XzpXZdvky6P0MSFSyrGA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Scope-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Scope-Name
+attributeID: 1.2.840.113556.1.4.1799
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Scope-Name
+adminDescription: A string that uniquely identifies a scope object
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzScopeName
+schemaIDGUID:: BmtaURcmc0GAmdVgXfBDxg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Script-Engine-Cache-Max,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Script-Engine-Cache-Max
+attributeID: 1.2.840.113556.1.4.1796
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Script-Engine-Cache-Max
+adminDescription: Maximum number of scripts that are cached by the application
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AzScriptEngineCacheMax
+schemaIDGUID:: avYpJpUf80uilo6de54wyA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Script-Timeout,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Script-Timeout
+attributeID: 1.2.840.113556.1.4.1797
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Script-Timeout
+adminDescription: 
+ Maximum time (in ms) to wait for a script to finish auditing a specific policy
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AzScriptTimeout
+schemaIDGUID:: QfvQh4ss9kG5chH9/VDWsA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Task-Is-Role-Definition,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Task-Is-Role-Definition
+attributeID: 1.2.840.113556.1.4.1818
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Task-Is-Role-Definition
+adminDescription: 
+ A Boolean field which indicates whether AzTask is a classic task or a role def
+ inition
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-AzTaskIsRoleDefinition
+schemaIDGUID:: RIUHe4Js6U+HL/9IrSsuJg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Behavior-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Behavior-Version
+attributeID: 1.2.840.113556.1.4.1459
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Behavior-Version
+adminDescription: ms-DS-Behavior-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-Behavior-Version
+schemaFlagsEx: 1
+schemaIDGUID:: V4ca00ckRUWAgTu2EMrL8g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-BridgeHead-Servers-Used,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-BridgeHead-Servers-Used
+attributeID: 1.2.840.113556.1.4.2049
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+linkID: 2160
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-BridgeHead-Servers-Used
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: List of bridge head servers used by KCC in the previous run.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-BridgeHeadServersUsed
+schemaFlagsEx: 1
+schemaIDGUID:: ZRTtPHF7QSWHgB4epiQ6gg==
+systemFlags: 25
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Byte-Array,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Byte-Array
+attributeID: 1.2.840.113556.1.4.1831
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 1000000
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-Byte-Array
+adminDescription: An attribute for storing binary data.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ByteArray
+schemaIDGUID:: LpfY8Fvd5UClHQRMfBfs5w==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Cached-Membership,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Cached-Membership
+attributeID: 1.2.840.113556.1.4.1441
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Cached-Membership
+adminDescription: ms-DS-Cached-Membership
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-Cached-Membership
+schemaFlagsEx: 1
+schemaIDGUID:: CLDKadTNyUu6uA/zfv4bIA==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Cached-Membership-Time-Stamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Cached-Membership-Time-Stamp
+attributeID: 1.2.840.113556.1.4.1442
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Cached-Membership-Time-Stamp
+adminDescription: ms-DS-Cached-Membership-Time-Stamp
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: msDS-Cached-Membership-Time-Stamp
+schemaFlagsEx: 1
+schemaIDGUID:: H79mNe6+y02Kvu+J/P7GwQ==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Attribute-Source,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Attribute-Source
+attributeID: 1.2.840.113556.1.4.2099
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Attribute-Source
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a claim type object, this attribute points to the attribute that will be u
+ sed as the source for the claim type.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimAttributeSource
+schemaIDGUID:: PhK87ua6ZkGeWymISot2sA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Is-Single-Valued,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Is-Single-Valued
+attributeID: 1.2.840.113556.1.4.2160
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Is-Single-Valued
+adminDescription: 
+ For a claim type object, this attribute identifies if the claim type or resour
+ ce property can only contain single value.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimIsSingleValued
+schemaIDGUID:: uZ94zbSWSEaCGco3gWGvOA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Is-Value-Space-Restricted,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Is-Value-Space-Restricted
+attributeID: 1.2.840.113556.1.4.2159
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Is-Value-Space-Restricted
+adminDescription: 
+ For a claim type, this attribute identifies whether a user can input values ot
+ her than those described in the msDS-ClaimPossibleValues in applications.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimIsValueSpaceRestricted
+schemaIDGUID:: x+QsDMPxgkSFeMYNS7dEIg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Possible-Values,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Possible-Values
+attributeID: 1.2.840.113556.1.4.2097
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1048576
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Possible-Values
+adminDescription: 
+ For a claim type or resource property object, this attribute describes the val
+ ues suggested to a user when the he/she use the claim type or resource propert
+ y in applications.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimPossibleValues
+schemaIDGUID:: 7u0oLnztP0Wv5JO9hvIXTw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Shares-Possible-Values-With,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Shares-Possible-Values-With
+attributeID: 1.2.840.113556.1.4.2101
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2178
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Shares-Possible-Values-With
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a resource property object, this attribute indicates that the suggested va
+ lues of the claims issued are defined on the object that this linked attribute
+  points to. Overrides ms-DS-Claim-Possible-Values on itself, if populated.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimSharesPossibleValuesWith
+schemaIDGUID:: OtHIUgvOV0+JKxj1pDokAA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Shares-Possible-Values-With-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Shares-Possible-Values-With-BL
+attributeID: 1.2.840.113556.1.4.2102
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2179
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Shares-Possible-Values-With-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a claim type object, this attribute indicates that the possible values des
+ cribed in ms-DS-Claim-Possible-Values are being referenced by other claim type
+  objects.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimSharesPossibleValuesWithBL
+schemaIDGUID:: 2yLVVJXs9UibvRiA67shgA==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Source,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Source
+attributeID: 1.2.840.113556.1.4.2157
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Source
+adminDescription: 
+ For a claim type, this attribute indicates the source of the claim type. For e
+ xample, the source can be certificate.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimSource
+schemaIDGUID:: pvIy+ovy0Ee/kWY+j5EKcg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Source-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Source-Type
+attributeID: 1.2.840.113556.1.4.2158
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Source-Type
+adminDescription: 
+ For a security principal claim type, lists the type of store the issued claim 
+ is sourced from
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimSourceType
+schemaIDGUID:: BZzxkvqNIkK70SxPAUh3VA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Type-Applies-To-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Type-Applies-To-Class
+attributeID: 1.2.840.113556.1.4.2100
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2176
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Type-Applies-To-Class
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a claim type object, this linked attribute points to the AD security princ
+ ipal classes that for which claims should be issued. (For example, a link to t
+ he user class).
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimTypeAppliesToClass
+schemaIDGUID:: TA77anbYfEOutsPkFFTCcg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Value-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Value-Type
+attributeID: 1.2.840.113556.1.4.2098
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Value-Type
+adminDescription: 
+ For a claim type object, specifies the value type of the claims issued.
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimValueType
+schemaIDGUID:: uRdixo7k90e31WVSuK/WGQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Cloud-Anchor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Cloud-Anchor
+attributeID: 1.2.840.113556.1.4.2273
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Cloud-Anchor
+adminDescription: 
+ This attribute is used by the DirSync engine to indicate the object SOA and to
+  maintain the relationship between the on-premises and cloud object.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-CloudAnchor
+schemaIDGUID:: gF5WeNQD40+vrIw7yi82Uw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Cloud-IsEnabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Cloud-IsEnabled
+attributeID: 1.2.840.113556.1.4.2275
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Cloud-IsEnabled
+adminDescription: 
+ This attribute is used to indicate whether cloud DRS is enabled.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-CloudIsEnabled
+schemaIDGUID:: KIOEiU58b0+gEyjOOtKC3A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Cloud-IsManaged,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Cloud-IsManaged
+attributeID: 1.2.840.113556.1.4.2271
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Cloud-IsManaged
+adminDescription: 
+ This attribute is used to indicate the device is managed by a cloud MDM.
+oMSyntax: 1
+searchFlags: 1
+lDAPDisplayName: msDS-CloudIsManaged
+schemaIDGUID:: jroVU4+VUku9OBNJowTdYw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Cloud-Issuer-Public-Certificates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Cloud-Issuer-Public-Certificates
+attributeID: 1.2.840.113556.1.4.2274
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Cloud-Issuer-Public-Certificates
+adminDescription: 
+ The public keys used by the cloud DRS to sign certificates issued by the Regis
+ tration Service.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-CloudIssuerPublicCertificates
+schemaIDGUID:: T7XoodZL0k+Y4rzukqVUlw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute1,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute1
+attributeID: 1.2.840.113556.1.4.2214
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute1
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute1
+schemaIDGUID:: r+oJl9pJsk2QigRG5eq4RA==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute10,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute10
+attributeID: 1.2.840.113556.1.4.2223
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute10
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute10
+schemaIDGUID:: s/wKZ70T/EeQswpSftgatw==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute11,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute11
+attributeID: 1.2.840.113556.1.4.2224
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute11
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute11
+schemaIDGUID:: yLuenqV9pkKJJSROEqVuJA==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute12,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute12
+attributeID: 1.2.840.113556.1.4.2225
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute12
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute12
+schemaIDGUID:: PcQBPAvhyk+Sskz2FdWwmg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute13,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute13
+attributeID: 1.2.840.113556.1.4.2226
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute13
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute13
+schemaIDGUID:: S0a+KJCreUumsN9DdDHQNg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute14,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute14
+attributeID: 1.2.840.113556.1.4.2227
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute14
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute14
+schemaIDGUID:: ura8zoBuJ0mFYJj+yghqnw==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute15,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute15
+attributeID: 1.2.840.113556.1.4.2228
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute15
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute15
+schemaIDGUID:: N9XkqvCKqk2cxmLq24T/Aw==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute16,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute16
+attributeID: 1.2.840.113556.1.4.2229
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute16
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute16
+schemaIDGUID:: WyGBlZZRU0ChHm/8r8YsTQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute17,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute17
+attributeID: 1.2.840.113556.1.4.2230
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute17
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute17
+schemaIDGUID:: 2m08PehrKUKWfi/1u5O0zg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute18,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute18
+attributeID: 1.2.840.113556.1.4.2231
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute18
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute18
+schemaIDGUID:: NDvniKYKaUSYQm6wGzKltQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute19,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute19
+attributeID: 1.2.840.113556.1.4.2232
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute19
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute19
+schemaIDGUID:: mf51CQeWikaOGMgA0zhzlQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute2
+attributeID: 1.2.840.113556.1.4.2215
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute2
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute2
+schemaIDGUID:: rOBO88HAqUuCyRqQdS8WpQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute20,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute20
+attributeID: 1.2.840.113556.1.4.2233
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute20
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute20
+schemaIDGUID:: KGNE9W6LjUmVqCEXSNWs3A==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute3
+attributeID: 1.2.840.113556.1.4.2216
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute3
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute3
+schemaIDGUID:: Gsj2gtr6DUqw93BtRoOOtQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute4,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute4
+attributeID: 1.2.840.113556.1.4.2217
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute4
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute4
+schemaIDGUID:: NzS/nG5OW0iykSKwJVQnPw==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute5,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute5
+attributeID: 1.2.840.113556.1.4.2218
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute5
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute5
+schemaIDGUID:: W+gVKUfjUkiquyLlplHIZA==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute6,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute6
+attributeID: 1.2.840.113556.1.4.2219
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute6
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute6
+schemaIDGUID:: eSZFYOEo7Eus43EoMzYUVg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute7,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute7
+attributeID: 1.2.840.113556.1.4.2220
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute7
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute7
+schemaIDGUID:: GRN8Sk7jwkCdAGD/eJDyBw==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute8,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute8
+attributeID: 1.2.840.113556.1.4.2221
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute8
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute8
+schemaIDGUID:: FMXRPEmEykSBwAIXgYANKg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute9,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute9
+attributeID: 1.2.840.113556.1.4.2222
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute9
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute9
+schemaIDGUID:: LOFjCkAwQUSuJs2Vrw0kfg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Computer-Allowed-To-Authenticate-To,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Computer-Allowed-To-Authenticate-To
+attributeID: 1.2.840.113556.1.4.2280
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Computer-Allowed-To-Authenticate-To
+adminDescription: 
+ This attribute is used to determine if a computer has permission to authentica
+ te to a service.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ComputerAllowedToAuthenticateTo
+schemaIDGUID:: 6atbEH4Hk0e5dO8EELYlcw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Computer-AuthN-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Computer-AuthN-Policy
+attributeID: 1.2.840.113556.1.4.2291
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2208
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Computer Authentication Policy
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute specifies which AuthNPolicy should be applied to computers assi
+ gned to this silo object.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ComputerAuthNPolicy
+schemaIDGUID:: yWO4r6O+D0Sp82FTzGaJKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Computer-AuthN-Policy-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Computer-AuthN-Policy-BL
+attributeID: 1.2.840.113556.1.4.2292
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2209
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Computer Authentication Policy Backlink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: This attribute is the backlink for msDS-ComputerAuthNPolicy.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ComputerAuthNPolicyBL
+schemaIDGUID:: MmLvK6EwfkWGBHr22/ExuA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Computer-SID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Computer-SID
+attributeID: 1.2.840.113556.1.4.2321
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-ComputerSID
+adminDescription: This attribute identifies a domain-joined computer.
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDS-ComputerSID
+schemaIDGUID:: INf733IILkCZQPzXjbBJug==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Computer-TGT-Lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Computer-TGT-Lifetime
+attributeID: 1.2.840.113556.1.4.2281
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Computer TGT Lifetime
+adminDescription: 
+ This attribute specifies the maximum age of a Kerberos TGT issued to a compute
+ r in units of 10^(-7) seconds.
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-ComputerTGTLifetime
+schemaIDGUID:: JHWTLrnfrEykNqW32mT9Zg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Consistency-Child-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Consistency-Child-Count
+attributeID: 1.2.840.113556.1.4.1361
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Consistency-Child-Count
+adminDescription: MS-DS-Consistency-Child-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mS-DS-ConsistencyChildCount
+schemaIDGUID:: wnuLFzq20hGQ4QDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Consistency-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Consistency-Guid
+attributeID: 1.2.840.113556.1.4.1360
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Consistency-Guid
+adminDescription: MS-DS-Consistency-Guid
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mS-DS-ConsistencyGuid
+schemaIDGUID:: wj13Izq20hGQ4QDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Creator-SID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Creator-SID
+attributeID: 1.2.840.113556.1.4.1410
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Creator-SID
+adminDescription: MS-DS-Creator-SID
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: mS-DS-CreatorSID
+schemaFlagsEx: 1
+schemaIDGUID:: MgHmxYAU0xGRwQAA+HpX1A==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Custom-Key-Information,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Custom-Key-Information
+attributeID: 1.2.840.113556.1.4.2322
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-CustomKeyInformation
+adminDescription: 
+ This attribute contains additional information about the key.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-CustomKeyInformation
+schemaIDGUID:: iOnltuTlhkyirg2suXCg4Q==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Date-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Date-Time
+attributeID: 1.2.840.113556.1.4.1832
+attributeSyntax: 2.5.5.11
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-Date-Time
+adminDescription: An attribute for storing a data and time value.
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: msDS-DateTime
+schemaIDGUID:: 2MtPI1L7CEmjKP2fbljkAw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Default-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Default-Quota
+attributeID: 1.2.840.113556.1.4.1846
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Default-Quota
+adminDescription: 
+ The default quota that will apply to a security principal creating an object i
+ n the NC if no quota specification exists that covers the security principal.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-DefaultQuota
+schemaFlagsEx: 1
+schemaIDGUID:: JvcYaEtnG0SKOvQFljdM6g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Deleted-Object-Lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Deleted-Object-Lifetime
+attributeID: 1.2.840.113556.1.4.2068
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Deleted-Object-Lifetime
+adminDescription: Lifetime of a deleted object.
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: msDS-DeletedObjectLifetime
+schemaFlagsEx: 1
+schemaIDGUID:: toyzqZoY702KcA/PoVgUjg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-DN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Device-DN
+attributeID: 1.2.840.113556.1.4.2320
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-DeviceDN
+adminDescription: 
+ This attribute identifies the registered device from which this key object was
+  provisioned.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-DeviceDN
+schemaIDGUID:: KREsZJk4IUeOIUg545iM5Q==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Device-ID
+attributeID: 1.2.840.113556.1.4.2252
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-ID
+adminDescription: This attribute stores the ID of the device.
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDS-DeviceID
+schemaIDGUID:: x4EBw0Jj+0GyeffFZsvgpw==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Device-Location
+attributeID: 1.2.840.113556.1.4.2261
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-Location
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: The DN under which the device objects will be created.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-DeviceLocation
+schemaIDGUID:: yFb74+hd9UWxsdK2zTHnYg==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-MDMStatus,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Device-MDMStatus
+attributeID: 1.2.840.113556.1.4.2308
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-MDMStatus
+adminDescription: 
+ This attribute is used to manage the mobile device management status of the de
+ vice.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-DeviceMDMStatus
+schemaIDGUID:: lo8K9sRXLEKjrZ4voJzm9w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-Object-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Device-Object-Version
+attributeID: 1.2.840.113556.1.4.2257
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-Object-Version
+adminDescription: 
+ This attribute is used to identify the schema version of the device.
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: msDS-DeviceObjectVersion
+schemaIDGUID:: Wmll73nxak6T3rAeBmgc+w==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-OS-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Device-OS-Type
+attributeID: 1.2.840.113556.1.4.2249
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-OS-Type
+adminDescription: 
+ This attribute is used to track the type of device based on the OS.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-DeviceOSType
+schemaIDGUID:: TUUOELvzy02EX41e3EccWQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-OS-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Device-OS-Version
+attributeID: 1.2.840.113556.1.4.2250
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-OS-Version
+adminDescription: 
+ This attribute is used to track the OS version of the device.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-DeviceOSVersion
+schemaIDGUID:: Y4z7cKtfBEWrnRSzKain+A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-Physical-IDs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Device-Physical-IDs
+attributeID: 1.2.840.113556.1.4.2251
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-Physical-IDs
+adminDescription: 
+ This attribute is used to store identifiers of the physical device.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-DevicePhysicalIDs
+schemaIDGUID:: FFRhkKCiR0Spk1NAlZm3Tg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-Trust-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Device-Trust-Type
+attributeID: 1.2.840.113556.1.4.2325
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-DeviceTrustType
+adminDescription: Represents join type for devices.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-DeviceTrustType
+schemaIDGUID:: B2ikxNxqu0uX3mvtGBob/g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-DnsRootAlias,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-DnsRootAlias
+attributeID: 1.2.840.113556.1.4.1719
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-DnsRootAlias
+adminDescription: ms-DS-DnsRootAlias
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-DnsRootAlias
+schemaFlagsEx: 1
+schemaIDGUID:: yqxDIa3uKU21kYX6Sc6Rcw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Drs-Farm-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Drs-Farm-ID
+attributeID: 1.2.840.113556.1.4.2265
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Drs-Farm-ID
+adminDescription: 
+ This attribute stores the name of the federation service this DRS object is as
+ sociated with.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-DrsFarmID
+schemaIDGUID:: ZvdVYC4gzUmovuUrsVnt+w==
+systemOnly: TRUE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+isDefunct: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Egress-Claims-Transformation-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Egress-Claims-Transformation-Policy
+attributeID: 1.2.840.113556.1.4.2192
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2192
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Egress-Claims-Transformation-Policy
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This is a link to a Claims Transformation Policy Object for the egress claims 
+ (claims leaving this forest) to the Trusted Domain. This is applicable only fo
+ r an incoming or bidirectional Cross-Forest Trust. When this link is not prese
+ nt, all claims are allowed to egress as-is.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-EgressClaimsTransformationPolicy
+schemaFlagsEx: 1
+schemaIDGUID:: fkI3wXOaQLCRkBsJW7QyiA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Enabled-Feature,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Enabled-Feature
+attributeID: 1.2.840.113556.1.4.2061
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2168
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Enabled-Feature
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Enabled optional features.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-EnabledFeature
+schemaFlagsEx: 1
+schemaIDGUID:: r64GV0C5sk+8/FJoaDrZ/g==
+systemOnly: TRUE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Enabled-Feature-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Enabled-Feature-BL
+attributeID: 1.2.840.113556.1.4.2069
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2169
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Enabled-Feature-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Scopes where this optional feature is enabled.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-EnabledFeatureBL
+schemaFlagsEx: 1
+schemaIDGUID:: vAFbzsYXuESdwalmiwCQGw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Entry-Time-To-Die,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Entry-Time-To-Die
+attributeID: 1.2.840.113556.1.4.1622
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Entry-Time-To-Die
+adminDescription: ms-DS-Entry-Time-To-Die
+oMSyntax: 24
+searchFlags: 9
+lDAPDisplayName: msDS-Entry-Time-To-Die
+schemaFlagsEx: 1
+schemaIDGUID:: 17rp4d3GAUGoQ3lM7IWwOA==
+systemOnly: TRUE
+systemFlags: 24
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-ExecuteScriptPassword,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-ExecuteScriptPassword
+attributeID: 1.2.840.113556.1.4.1783
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-ExecuteScriptPassword
+adminDescription: ms-DS-ExecuteScriptPassword
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ExecuteScriptPassword
+schemaFlagsEx: 1
+schemaIDGUID:: WkoFnYfRwUadhULfxEpW3Q==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Expire-Passwords-On-Smart-Card-Only-Accounts,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Expire-Passwords-On-Smart-Card-Only-Accounts
+attributeID: 1.2.840.113556.1.4.2344
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Expire-Passwords-On-Smart-Card-Only-Accounts
+adminDescription: 
+ This attribute controls whether the passwords on smart-card-only accounts expi
+ re in accordance with the password policy.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-ExpirePasswordsOnSmartCardOnlyAccounts
+schemaIDGUID:: SKsXNCTfsU+AsA/LNn4l4w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-External-Directory-Object-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-External-Directory-Object-Id
+attributeID: 1.2.840.113556.1.4.2310
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 256
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-External-Directory-Object-Id
+adminDescription: ms-DS-External-Directory-Object-Id
+oMSyntax: 64
+searchFlags: 9
+lDAPDisplayName: msDS-ExternalDirectoryObjectId
+schemaIDGUID:: kL8pva1m4UCIexDfBwQZpg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-External-Key,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-External-Key
+attributeID: 1.2.840.113556.1.4.1833
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 10000
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-External-Key
+adminDescription: 
+ A string to identifiy an object in an external store such as a record in a dat
+ abase.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ExternalKey
+schemaIDGUID:: KNUvuaw41ECBjQQzOAg3wQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-External-Store,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-External-Store
+attributeID: 1.2.840.113556.1.4.1834
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 10000
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-External-Store
+adminDescription: 
+ A string to identifiy the location of an external store such as a database.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ExternalStore
+schemaIDGUID:: zXdIYNucx0ewPT2q2wRJEA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Failed-Interactive-Logon-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Failed-Interactive-Logon-Count
+attributeID: 1.2.840.113556.1.4.1972
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-FailedInteractiveLogonCount
+adminDescription: 
+ The total number of failed interactive logons since this feature was turned on
+ .
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-FailedInteractiveLogonCount
+schemaFlagsEx: 1
+schemaIDGUID:: b6g83K1wYEmEJaTWMT2T3Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon
+attributeID: 1.2.840.113556.1.4.1973
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: 
+ ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon
+adminDescription: 
+ The total number of failed interactive logons up until the last successful C-A
+ -D logon.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon
+schemaFlagsEx: 1
+schemaIDGUID:: 5TTSxUpkA0SmZeJuCu9emA==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Filter-Containers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Filter-Containers
+attributeID: 1.2.840.113556.1.4.1703
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Filter-Containers
+adminDescription: ms-DS-Filter-Containers
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-FilterContainers
+schemaIDGUID:: 39wA+zesOkicEqxTpmAwMw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Generation-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Generation-Id
+attributeID: 1.2.840.113556.1.4.2166
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Generation-Id
+adminDescription: 
+ For virtual machine snapshot resuming detection. This attribute represents the
+  VM Generation ID.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-GenerationId
+schemaIDGUID:: PTldHreMT0uECpc7NswJww==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-GeoCoordinates-Altitude,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-GeoCoordinates-Altitude
+attributeID: 1.2.840.113556.1.4.2183
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-GeoCoordinates-Altitude
+adminDescription: ms-DS-GeoCoordinates-Altitude
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: msDS-GeoCoordinatesAltitude
+schemaIDGUID:: twMXoUFWnE2GPl+zMl504A==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-GeoCoordinates-Latitude,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-GeoCoordinates-Latitude
+attributeID: 1.2.840.113556.1.4.2184
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-GeoCoordinates-Latitude
+adminDescription: ms-DS-GeoCoordinates-Latitude
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: msDS-GeoCoordinatesLatitude
+schemaIDGUID:: TtRm3EM99UCFxTwS4WmSfg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-GeoCoordinates-Longitude,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-GeoCoordinates-Longitude
+attributeID: 1.2.840.113556.1.4.2185
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-GeoCoordinates-Longitude
+adminDescription: ms-DS-GeoCoordinates-Longitude
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: msDS-GeoCoordinatesLongitude
+schemaIDGUID:: ECHElOS66kyFd6+BOvXaJQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-GroupMSAMembership,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-GroupMSAMembership
+attributeID: 1.2.840.113556.1.4.2200
+attributeSyntax: 2.5.5.15
+isSingleValued: TRUE
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-GroupMSAMembership
+adminDescription: 
+ This attribute is used for access checks to determine if a requestor has permi
+ ssion to retrieve the password for a group MSA.
+oMSyntax: 66
+searchFlags: 0
+lDAPDisplayName: msDS-GroupMSAMembership
+schemaFlagsEx: 1
+schemaIDGUID:: 1u2OiATOQN+0YrilDkG6OA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-HAB-Seniority-Index,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-HAB-Seniority-Index
+attributeID: 1.2.840.113556.1.4.1997
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 36000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-HAB-Seniority-Index
+adminDescription: 
+ Contains the seniority index as applied by the organization where the person w
+ orks.
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: msDS-HABSeniorityIndex
+schemaIDGUID:: 8Un03jv9RUCYz9lljaeItQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Has-Domain-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Has-Domain-NCs
+attributeID: 1.2.840.113556.1.4.1820
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+rangeLower: 4
+rangeUpper: 4
+linkID: 2026
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Has-Domain-NCs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ DS replication information detailing the domain NCs present on a particular se
+ rver.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-HasDomainNCs
+schemaFlagsEx: 1
+schemaIDGUID:: R+MXb0KomES4sxXgB9pP7Q==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Has-Full-Replica-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Has-Full-Replica-NCs
+attributeID: 1.2.840.113556.1.4.1925
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2104
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Has-Full-Replica-NCs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a Directory instance (DSA), identifies the partitions held as full replica
+ s
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-hasFullReplicaNCs
+schemaFlagsEx: 1
+schemaIDGUID:: GC08HdBCaEiZ/g7KHm+p8w==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Has-Instantiated-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Has-Instantiated-NCs
+attributeID: 1.2.840.113556.1.4.1709
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+rangeLower: 4
+rangeUpper: 4
+linkID: 2002
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Has-Instantiated-NCs
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: 
+ DS replication information detailing the state of the NCs present on a particu
+ lar server.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-HasInstantiatedNCs
+schemaFlagsEx: 1
+schemaIDGUID:: vKXpERdFSUCvnFFVT7D8CQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Has-Master-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Has-Master-NCs
+attributeID: 1.2.840.113556.1.4.1836
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2036
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Has-Master-NCs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ A list of the naming contexts contained by a DC. Deprecates hasMasterNCs.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-hasMasterNCs
+schemaFlagsEx: 1
+schemaIDGUID:: 4uAtrtdZR02NR+1N/kNXrQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Host-Service-Account,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Host-Service-Account
+attributeID: 1.2.840.113556.1.4.2056
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2166
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Host-Service-Account
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Service Accounts configured to run on this computer.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-HostServiceAccount
+schemaFlagsEx: 1
+schemaIDGUID:: QxBkgKIV4UCSooyoZvcHdg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Host-Service-Account-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Host-Service-Account-BL
+attributeID: 1.2.840.113556.1.4.2057
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2167
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Host-Service-Account-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Service Accounts Back Link for linking machines associated with the service ac
+ count.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-HostServiceAccountBL
+schemaFlagsEx: 1
+schemaIDGUID:: 6+SrefOI50iJ1vS8fpjDMQ==
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Ingress-Claims-Transformation-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Ingress-Claims-Transformation-Policy
+attributeID: 1.2.840.113556.1.4.2191
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2190
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Ingress-Claims-Transformation-Policy
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This is a link to a Claims Transformation Policy Object for the ingress claims
+  (claims entering this forest) from the Trusted Domain. This is applicable onl
+ y for an outgoing or bidirectional Cross-Forest Trust. If this link is absent,
+  all the ingress claims are dropped.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-IngressClaimsTransformationPolicy
+schemaFlagsEx: 1
+schemaIDGUID:: CEwohm4MQBWLFXUUfSPSDQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Integer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Integer
+attributeID: 1.2.840.113556.1.4.1835
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-Integer
+adminDescription: An attribute for storing an integer.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-Integer
+schemaIDGUID:: 6kzGe07AGEOxAj4HKTcaZQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-IntId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-IntId
+attributeID: 1.2.840.113556.1.4.1716
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-IntId
+adminDescription: ms-DS-IntId
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDS-IntId
+schemaFlagsEx: 1
+schemaIDGUID:: aglgvEcbMEuId2Ask/VlMg==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Compliant,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Compliant
+attributeID: 1.2.840.113556.1.4.2314
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-IsCompliant
+adminDescription: 
+ This attribute is used to determine if the object is compliant with company po
+ licies.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-IsCompliant
+schemaIDGUID:: D31SWcC34kyh3XHO9pYykg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Domain-For,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Domain-For
+attributeID: 1.2.840.113556.1.4.1933
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2027
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-Domain-For
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-DS-Has-Domain-NCs; for a partition root object, identifies whi
+ ch Directory instances (DSA) hold that partition as their primary domain
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-IsDomainFor
+schemaIDGUID:: KloV/+VE4E2DGBOliYjeTw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Enabled
+attributeID: 1.2.840.113556.1.4.2248
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-Enabled
+adminDescription: 
+ This attribute is used to enable or disable the user-device relationship.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-IsEnabled
+schemaIDGUID:: DlypIoMfgkyUzr6miM/IcQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Full-Replica-For,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Full-Replica-For
+attributeID: 1.2.840.113556.1.4.1932
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2105
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-Full-Replica-For
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-Ds-Has-Full-Replica-NCs; for a partition root object, identifi
+ es which Directory instances (DSA) hold that partition as a full replica
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-IsFullReplicaFor
+schemaIDGUID:: 4HK8yLSm8EiUpf12qIyZhw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Member-Of-DL-Transitive,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Member-Of-DL-Transitive
+attributeID: 1.2.840.113556.1.4.2236
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msds-memberOfTransitive
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: msds-memberOfTransitive
+oMSyntax: 127
+searchFlags: 2048
+lDAPDisplayName: msds-memberOfTransitive
+schemaIDGUID:: tmYhhkHJJ0eVZUi//ylB3g==
+systemOnly: TRUE
+systemFlags: 29
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Partial-Replica-For,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Partial-Replica-For
+attributeID: 1.2.840.113556.1.4.1934
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 75
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-Partial-Replica-For
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for has-Partial-Replica-NCs; for a partition root object, identifies 
+ which Directory instances (DSA) hold that partition as a partial replica
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-IsPartialReplicaFor
+schemaIDGUID:: 9k/JN9TGj0my+cb3+GR4CQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Possible-Values-Present,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Possible-Values-Present
+attributeID: 1.2.840.113556.1.4.2186
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-Possible-Values-Present
+adminDescription: 
+ This attribute identifies if ms-DS-Claim-Possible-Values on linked resource pr
+ operty must have value or must not have value.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-IsPossibleValuesPresent
+schemaFlagsEx: 1
+schemaIDGUID:: 2tyrb1OMTyCxpJ3wxnwetA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Primary-Computer-For,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Primary-Computer-For
+attributeID: 1.2.840.113556.1.4.2168
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2187
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-Primary-Computer-For
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Backlink atribute for msDS-IsPrimaryComputer.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-IsPrimaryComputerFor
+schemaIDGUID:: rAaMmYc/TkSl3xGwPcilDA==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Used-As-Resource-Security-Attribute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Used-As-Resource-Security-Attribute
+attributeID: 1.2.840.113556.1.4.2095
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-Used-As-Resource-Security-Attribute
+adminDescription: 
+ For a resource property, this attribute indicates whether it is being used as 
+ a secure attribute.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-IsUsedAsResourceSecurityAttribute
+schemaIDGUID:: nfjJUTBHjUaitR1JMhLRfg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-User-Cachable-At-Rodc,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-User-Cachable-At-Rodc
+attributeID: 1.2.840.113556.1.4.2025
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-User-Cachable-At-Rodc
+adminDescription: 
+ For a Read-Only Directory instance (DSA), Identifies whether the specified use
+ r's secrets are cachable.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-IsUserCachableAtRodc
+schemaFlagsEx: 1
+schemaIDGUID:: WiQB/h80VkWVH0jAM6iQUA==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-isGC,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-isGC
+attributeID: 1.2.840.113556.1.4.1959
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-isGC
+adminDescription: 
+ For a Directory instance (DSA), Identifies the state of the Global Catalog on 
+ the DSA
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-isGC
+schemaFlagsEx: 1
+schemaIDGUID:: M8/1HeUPnkmQ4elLQnGKRg==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-IsManaged,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-IsManaged
+attributeID: 1.2.840.113556.1.4.2270
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-IsManaged
+adminDescription: 
+ This attribute is used to indicate the device is managed by a on-premises MDM.
+oMSyntax: 1
+searchFlags: 1
+lDAPDisplayName: msDS-IsManaged
+schemaIDGUID:: zmpoYCds3kOk5fAML40zCQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-isRODC,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-isRODC
+attributeID: 1.2.840.113556.1.4.1960
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-isRODC
+adminDescription: 
+ For a Directory instance (DSA), Identifies whether the DSA is a Read-Only DSA
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-isRODC
+schemaFlagsEx: 1
+schemaIDGUID:: I6roqGc+8Uqdei8aHWM6yQ==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Issuer-Certificates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Issuer-Certificates
+attributeID: 1.2.840.113556.1.4.2240
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-IssuerCertificates
+adminDescription: 
+ The keys used to sign certificates issued by the Registration Service.
+oMSyntax: 4
+searchFlags: 128
+lDAPDisplayName: msDS-IssuerCertificates
+schemaIDGUID:: 2m89a5MIxEOJ+x+1KmYWqQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Issuer-Public-Certificates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Issuer-Public-Certificates
+attributeID: 1.2.840.113556.1.4.2269
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Issuer-Public-Certificates
+adminDescription: 
+ The public keys  of the keys used to sign certificates issued by the Registrat
+ ion Service.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-IssuerPublicCertificates
+schemaIDGUID:: /u3xtdK0dkCrD2FINCsL9g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Key-Approximate-Last-Logon-Time-Stamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Key-Approximate-Last-Logon-Time-Stamp
+attributeID: 1.2.840.113556.1.4.2323
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-KeyApproximateLastLogonTimeStamp
+adminDescription: 
+ The approximate time this key was last used in a logon operation.
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: msDS-KeyApproximateLastLogonTimeStamp
+schemaIDGUID:: jcmaZJqbQU2va/YW8qYuSg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Key-Credential-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Key-Credential-Link
+attributeID: 1.2.840.113556.1.4.2328
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+linkID: 2220
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Key-Credential-Link
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: Contains key material and usage.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-KeyCredentialLink
+schemaIDGUID:: D9ZHW5BgskCfNypN6I8wYw==
+attributeSecurityGUID:: pm0CmzwNXEaL7lGZ1xZcug==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Key-Credential-Link-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Key-Credential-Link-BL
+attributeID: 1.2.840.113556.1.4.2329
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2221
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Key-Credential-Link-BL
+oMObjectClass:: KwwCh3McAIVK
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-KeyCredentialLink-BL
+schemaIDGUID:: iNeKk18i7k6Tua0koVnh2w==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Key-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Key-Id
+attributeID: 1.2.840.113556.1.4.2315
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-KeyId
+adminDescription: This attribute contains a key identifier.
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDS-KeyId
+schemaIDGUID:: S/iUwq0vcUu+TJ/FcB9gug==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Key-Material,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Key-Material
+attributeID: 1.2.840.113556.1.4.2316
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-KeyMaterial
+adminDescription: This attribute contains key material.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-KeyMaterial
+schemaIDGUID:: nw4uodveMU+PIRMRuVgYLw==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Key-Principal,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Key-Principal
+attributeID: 1.2.840.113556.1.4.2318
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2218
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-KeyPrincipal
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute specifies the principal that a key object applies to.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-KeyPrincipal
+schemaIDGUID:: OyVhvQGUOUGmkzVvxADz6g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Key-Principal-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Key-Principal-BL
+attributeID: 1.2.840.113556.1.4.2319
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2219
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-KeyPrincipalBL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: This attribute is the backlink for msDS-KeyPrincipal.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-KeyPrincipalBL
+schemaIDGUID:: vI8y0XSFUEGIHQsQiIJ4eA==
+systemOnly: TRUE
+systemFlags: 17
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Key-Usage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Key-Usage
+attributeID: 1.2.840.113556.1.4.2317
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-KeyUsage
+adminDescription: This attribute identifies the usage scenario for the key.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-KeyUsage
+schemaIDGUID:: TLRx3ropl0WeysM0is4ZFw==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-KeyVersionNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-KeyVersionNumber
+attributeID: 1.2.840.113556.1.4.1782
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-KeyVersionNumber
+adminDescription: 
+ The Kerberos version number of the current key for this account. This is a con
+ structed attribute.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-KeyVersionNumber
+schemaFlagsEx: 1
+schemaIDGUID:: wOkjxbUzyEqJI7V7kn9C9g==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-KrbTgt-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-KrbTgt-Link
+attributeID: 1.2.840.113556.1.4.1923
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2100
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-KrbTgt-Link
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a computer, Identifies the user object (krbtgt), acting as the domain or s
+ econdary domain master secret. Depends on which domain or secondary domain the
+  computer resides in.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-KrbTgtLink
+schemaFlagsEx: 1
+schemaIDGUID:: yfWPd05vdEuFataDgzE5EA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-KrbTgt-Link-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-KrbTgt-Link-BL
+attributeID: 1.2.840.113556.1.4.1931
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2101
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-KrbTgt-Link-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-DS-KrbTgt-Link; for a user object (krbtgt) acting as a domain 
+ or secondary domain master secret, identifies which computers are in that doma
+ in or secondary domain
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-KrbTgtLinkBl
+schemaFlagsEx: 1
+schemaIDGUID:: QYzWXd+/i0ObXTnZYYvyYA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Last-Failed-Interactive-Logon-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Last-Failed-Interactive-Logon-Time
+attributeID: 1.2.840.113556.1.4.1971
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-LastFailedInteractiveLogonTime
+adminDescription: 
+ The time that an incorrect password was presented during a C-A-D logon.
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-LastFailedInteractiveLogonTime
+schemaFlagsEx: 1
+schemaIDGUID:: +trnx8MQi0uazVTxEGN0Lg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Last-Known-RDN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Last-Known-RDN
+attributeID: 1.2.840.113556.1.4.2067
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Last-Known-RDN
+adminDescription: Holds original RDN of a deleted object.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-LastKnownRDN
+schemaFlagsEx: 1
+schemaIDGUID:: WFixij5obUaHf9ZA4fmmEQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Last-Successful-Interactive-Logon-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Last-Successful-Interactive-Logon-Time
+attributeID: 1.2.840.113556.1.4.1970
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-LastSuccessfulInteractiveLogonTime
+adminDescription: 
+ The time that the correct password was presented during a C-A-D logon.
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-LastSuccessfulInteractiveLogonTime
+schemaFlagsEx: 1
+schemaIDGUID:: 5ikZAV2LWEK2SgCwtJSXRw==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Local-Effective-Deletion-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Local-Effective-Deletion-Time
+attributeID: 1.2.840.113556.1.4.2059
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Local-Effective-Deletion-Time
+adminDescription: Deletion time of the object in the local DIT.
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: msDS-LocalEffectiveDeletionTime
+schemaFlagsEx: 1
+schemaIDGUID:: DIDylB9T60qXXUisOf2MpA==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Local-Effective-Recycle-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Local-Effective-Recycle-Time
+attributeID: 1.2.840.113556.1.4.2060
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Local-Effective-Recycle-Time
+adminDescription: Recycle time of the object in the local DIT.
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: msDS-LocalEffectiveRecycleTime
+schemaFlagsEx: 1
+schemaIDGUID:: awHWStKwm0yTtllksXuWjA==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Lockout-Duration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Lockout-Duration
+attributeID: 1.2.840.113556.1.4.2018
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeUpper: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lockout Duration
+adminDescription: Lockout duration for locked out user accounts
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-LockoutDuration
+schemaFlagsEx: 1
+schemaIDGUID:: mogfQi5H5E+OueHQvGBxsg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Lockout-Observation-Window,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Lockout-Observation-Window
+attributeID: 1.2.840.113556.1.4.2017
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeUpper: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lockout Observation Window
+adminDescription: Observation Window for lockout of user accounts
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-LockoutObservationWindow
+schemaFlagsEx: 1
+schemaIDGUID:: idpbsK92ika4khvlVVjsyA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Lockout-Threshold,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Lockout-Threshold
+attributeID: 1.2.840.113556.1.4.2019
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lockout Threshold
+adminDescription: Lockout threshold for lockout of user accounts
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-LockoutThreshold
+schemaFlagsEx: 1
+schemaIDGUID:: XsPIuBlKlUqZ0Gn+REYobw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Logon-Time-Sync-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Logon-Time-Sync-Interval
+attributeID: 1.2.840.113556.1.4.1784
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Logon-Time-Sync-Interval
+adminDescription: ms-DS-Logon-Time-Sync-Interval
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-LogonTimeSyncInterval
+schemaFlagsEx: 1
+schemaIDGUID:: +EB5rTrkQkqDvNaI5Z6mBQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Machine-Account-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Machine-Account-Quota
+attributeID: 1.2.840.113556.1.4.1411
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Machine-Account-Quota
+adminDescription: MS-DS-Machine-Account-Quota
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: ms-DS-MachineAccountQuota
+schemaFlagsEx: 1
+schemaIDGUID:: aPtk0IAU0xGRwQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-ManagedPassword,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-ManagedPassword
+attributeID: 1.2.840.113556.1.4.2196
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-ManagedPassword
+adminDescription: This attribute is the managed password data for a group MSA.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ManagedPassword
+schemaFlagsEx: 1
+schemaIDGUID:: hu1i4yi3QgiyfS3qep3yGA==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-ManagedPasswordId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-ManagedPasswordId
+attributeID: 1.2.840.113556.1.4.2197
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-ManagedPasswordId
+adminDescription: 
+ This attribute is the identifier for the current managed password data for a g
+ roup MSA.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ManagedPasswordId
+schemaFlagsEx: 1
+schemaIDGUID:: Wil4DtPGQAq0kdYiUf+gpg==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-ManagedPasswordInterval,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-ManagedPasswordInterval
+attributeID: 1.2.840.113556.1.4.2199
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-ManagedPasswordInterval
+adminDescription: 
+ This attribute is used to retrieve the number of days before a managed passwor
+ d is automatically changed for a group MSA.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-ManagedPasswordInterval
+schemaFlagsEx: 1
+schemaIDGUID:: 9451+HasQ4ii7qJrTcr0CQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-ManagedPasswordPreviousId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-ManagedPasswordPreviousId
+attributeID: 1.2.840.113556.1.4.2198
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-ManagedPasswordPreviousId
+adminDescription: 
+ This attribute is the identifier for the previous managed password data for a 
+ group MSA.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ManagedPasswordPreviousId
+schemaFlagsEx: 1
+schemaIDGUID:: MSHW0EotT9CZ2RxjZGIppA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Mastered-By,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Mastered-By
+attributeID: 1.2.840.113556.1.4.1837
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2037
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Mastered-By
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Back link for msDS-hasMasterNCs.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDs-masteredBy
+schemaFlagsEx: 1
+schemaIDGUID:: aUcjYBlIFUahsknS8RmstQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Max-Values,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Max-Values
+attributeID: 1.2.840.113556.1.4.1842
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Max-Values
+adminDescription: Max values allowed.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDs-MaxValues
+schemaIDGUID:: pGnh0enrv0mPy4rvOHRZLQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Maximum-Password-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Maximum-Password-Age
+attributeID: 1.2.840.113556.1.4.2011
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeUpper: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Maximum Password Age
+adminDescription: Maximum Password Age for user accounts
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-MaximumPasswordAge
+schemaFlagsEx: 1
+schemaIDGUID:: 9TfT/ZlJzk+yUo/5ybQ4dQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Maximum-Registration-Inactivity-Period,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Maximum-Registration-Inactivity-Period
+attributeID: 1.2.840.113556.1.4.2242
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Maximum-Registration-Inactivity-Period
+adminDescription: 
+ The maximum ammount of days used to detect inactivty of registration objects.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-MaximumRegistrationInactivityPeriod
+schemaIDGUID:: OapcCuYFykm4CAJbk2YQ5w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Member-Transitive,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Member-Transitive
+attributeID: 1.2.840.113556.1.4.2238
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msds-memberTransitive
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: msds-memberTransitive
+oMSyntax: 127
+searchFlags: 2048
+lDAPDisplayName: msds-memberTransitive
+schemaIDGUID:: WzkV4gSR2US4lDmeyeId/A==
+systemOnly: TRUE
+systemFlags: 29
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Members-For-Az-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Members-For-Az-Role
+attributeID: 1.2.840.113556.1.4.1806
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2016
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Members-For-Az-Role
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: List of member application groups or users linked to Az-Role
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-MembersForAzRole
+schemaFlagsEx: 1
+schemaIDGUID:: zeb3y6SFFEOJOYv+gFl4NQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Members-For-Az-Role-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Members-For-Az-Role-BL
+attributeID: 1.2.840.113556.1.4.1807
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2017
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Members-For-Az-Role-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Back-link from member application group or user to Az-Role object(s) linking t
+ o it
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-MembersForAzRoleBL
+schemaIDGUID:: IM3s7OCniEaczwLs5eKH9Q==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Members-Of-Resource-Property-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Members-Of-Resource-Property-List
+attributeID: 1.2.840.113556.1.4.2103
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2180
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Members-Of-Resource-Property-List
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a resource property list object, this multi-valued link attribute points t
+ o one or more resource property objects.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-MembersOfResourcePropertyList
+schemaIDGUID:: ERw3Ta1MQUyK0rGAqyvRPA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Members-Of-Resource-Property-List-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Members-Of-Resource-Property-List-BL
+attributeID: 1.2.840.113556.1.4.2104
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2181
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Members-Of-Resource-Property-List-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-DS-Members-Of-Resource-Property-List. For a resource property 
+ object, this attribute references the resource property list object that it is
+  a member of.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-MembersOfResourcePropertyListBL
+schemaIDGUID:: BLdpdLDtaEWlpVn0hix1pw==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Minimum-Password-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Minimum-Password-Age
+attributeID: 1.2.840.113556.1.4.2012
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeUpper: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Minimum Password Age
+adminDescription: Minimum Password Age for user accounts
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-MinimumPasswordAge
+schemaFlagsEx: 1
+schemaIDGUID:: ePh0KpxN+UmXs2dn0cvZow==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Minimum-Password-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Minimum-Password-Length
+attributeID: 1.2.840.113556.1.4.2013
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Minimum Password Length
+adminDescription: Minimum Password Length for user accounts
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-MinimumPasswordLength
+schemaFlagsEx: 1
+schemaIDGUID:: OTQbsjpMHES7XwjyDpsxXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-Repl-Cursors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-Repl-Cursors
+description: 
+ A list of past and present replication partners, and how up to date we are wit
+ h each of them.
+attributeID: 1.2.840.113556.1.4.1704
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-Repl-Cursors
+adminDescription: ms-DS-NC-Repl-Cursors
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-NCReplCursors
+schemaFlagsEx: 1
+schemaIDGUID:: 5HwWiuj560eNePf+gKuyzA==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-Repl-Inbound-Neighbors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-Repl-Inbound-Neighbors
+description: 
+ Replication partners for this partition.  This server obtains replication data
+  from these other servers, which act as sources.
+attributeID: 1.2.840.113556.1.4.1705
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-Repl-Inbound-Neighbors
+adminDescription: ms-DS-NC-Repl-Inbound-Neighbors
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-NCReplInboundNeighbors
+schemaFlagsEx: 1
+schemaIDGUID:: Wqjbnp4+G0ObGqW26e2nlg==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-Repl-Outbound-Neighbors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-Repl-Outbound-Neighbors
+description: 
+ Replication partners for this partition.  This server sends replication data t
+ o these other servers, which act as destinations. This server will notify thes
+ e other servers when new data is available.
+attributeID: 1.2.840.113556.1.4.1706
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-Repl-Outbound-Neighbors
+adminDescription: ms-DS-NC-Repl-Outbound-Neighbors
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-NCReplOutboundNeighbors
+schemaFlagsEx: 1
+schemaIDGUID:: 9S5fhcWhxEy6bTJSKEi2Hw==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-Replica-Locations,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-Replica-Locations
+attributeID: 1.2.840.113556.1.4.1661
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 1044
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-Replica-Locations
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This is a list of servers that are the replica set for the corresponding Non-D
+ omain Naming Context.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NC-Replica-Locations
+schemaFlagsEx: 1
+schemaIDGUID:: FZbelze1vEasDxByDzkJ8w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-RO-Replica-Locations,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-RO-Replica-Locations
+attributeID: 1.2.840.113556.1.4.1967
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2114
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-RO-Replica-Locations
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ a linked attribute on a cross ref object for a partition. This attribute lists
+  the DSA instances which should host the partition in a readonly manner.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NC-RO-Replica-Locations
+schemaFlagsEx: 1
+schemaIDGUID:: 35P3PViYF0SnAXNaHs6/dA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-RO-Replica-Locations-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-RO-Replica-Locations-BL
+attributeID: 1.2.840.113556.1.4.1968
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2115
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-RO-Replica-Locations-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: backlink attribute for ms-DS-NC-RO-Replica-Locations.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NC-RO-Replica-Locations-BL
+schemaIDGUID:: HFFH9SpbzESDWJkqiCWBZA==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-Type
+attributeID: 1.2.840.113556.1.4.2024
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-Type
+adminDescription: 
+ A bit field that maintains information about aspects of a NC replica that are 
+ relevant to replication.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-NcType
+schemaFlagsEx: 1
+schemaIDGUID:: 16wuWivMz0idmrbxoAJN6Q==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Never-Reveal-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Never-Reveal-Group
+attributeID: 1.2.840.113556.1.4.1926
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2106
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Never-Reveal-Group
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a Directory instance (DSA), identifies the security group whose users will
+  never have their secrets disclosed to that instance
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NeverRevealGroup
+schemaFlagsEx: 1
+schemaIDGUID:: mVlYFUn9Zk2yXe65arqBdA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Non-Members,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Non-Members
+attributeID: 1.2.840.113556.1.4.1793
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2014
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Non-Members
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: ms-DS-Non-Members
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NonMembers
+schemaFlagsEx: 1
+schemaIDGUID:: 3rH8yjzytUat9x5klXvV2w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Non-Members-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Non-Members-BL
+attributeID: 1.2.840.113556.1.4.1794
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2015
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Non-Members-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MS-DS-Non-Members-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NonMembersBL
+schemaIDGUID:: /GiMKno6h06HIP53xRy+dA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Non-Security-Group-Extra-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Non-Security-Group-Extra-Classes
+attributeID: 1.2.840.113556.1.4.1689
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Non-Security-Group-Extra-Classes
+adminDescription: ms-DS-Non-Security-Group-Extra-Classes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-Non-Security-Group-Extra-Classes
+schemaIDGUID:: /EThLVIfb0i99Bb8wwhOVA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Object-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Object-Reference
+attributeID: 1.2.840.113556.1.4.1840
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2038
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-Object-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ A link to the object that uses the data stored in the object that contains thi
+ s attribute.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ObjectReference
+schemaIDGUID:: 6MKOY+cinECF0hGyG+5y3g==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Object-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Object-Reference-BL
+attributeID: 1.2.840.113556.1.4.1841
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2039
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-Object-Reference-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Back link for ms-DS-Object-Reference.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ObjectReferenceBL
+schemaIDGUID:: FSVwK/fBO0uxSMDkxs7stA==
+systemOnly: TRUE
+systemFlags: 1
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Object-SOA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Object-SOA
+attributeID: 1.2.840.113556.1.4.2353
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Object-SOA
+adminDescription: 
+ This attribute is used to identify the source of authority of the object.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ObjectSoa
+schemaIDGUID:: 9b32NHkuO0yOFD2Tt1qriQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-OIDToGroup-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-OIDToGroup-Link
+attributeID: 1.2.840.113556.1.4.2051
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2164
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-OIDToGroup-Link
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For an OID, identifies the group object corresponding to the issuance policy r
+ epresented by this OID.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-OIDToGroupLink
+schemaFlagsEx: 1
+schemaIDGUID:: fKXJ+UE5jUO+vw7a8qyhhw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-OIDToGroup-Link-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-OIDToGroup-Link-BL
+attributeID: 1.2.840.113556.1.4.2052
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2165
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-OIDToGroup-Link-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-DS-OIDToGroup-Link; identifies the issuance policy, represente
+ d by an OID object, which is mapped to this group.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-OIDToGroupLinkBl
+schemaFlagsEx: 1
+schemaIDGUID:: IA09GkRYmUGtJQ9QOadq2g==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Operations-For-Az-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Operations-For-Az-Role
+attributeID: 1.2.840.113556.1.4.1812
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2022
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Operations-For-Az-Role
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: List of operations linked to Az-Role
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-OperationsForAzRole
+schemaIDGUID:: vgH3k0z6tkO8L02+pxj/qw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Operations-For-Az-Role-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Operations-For-Az-Role-BL
+attributeID: 1.2.840.113556.1.4.1813
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2023
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Operations-For-Az-Role-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Back-link from Az-Operation to Az-Role object(s) linking to it
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-OperationsForAzRoleBL
+schemaIDGUID:: KGJb+DQ3JUW2tz87siCQLA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Operations-For-Az-Task,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Operations-For-Az-Task
+attributeID: 1.2.840.113556.1.4.1808
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2018
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Operations-For-Az-Task
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: List of operations linked to Az-Task
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-OperationsForAzTask
+schemaIDGUID:: NrSsGp0uqUSSmM5N6+tuvw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Operations-For-Az-Task-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Operations-For-Az-Task-BL
+attributeID: 1.2.840.113556.1.4.1809
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2019
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Operations-For-Az-Task-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Back-link from Az-Operation to Az-Task object(s) linking to it
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-OperationsForAzTaskBL
+schemaIDGUID:: EdI3pjlX0U6JsoiXRUi8WQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Optional-Feature-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Optional-Feature-Flags
+attributeID: 1.2.840.113556.1.4.2063
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Optional-Feature-Flags
+adminDescription: 
+ An integer value that contains flags that define behavior of an optional featu
+ re in Active Directory.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-OptionalFeatureFlags
+schemaFlagsEx: 1
+schemaIDGUID:: wWAFirmXEUidt9wGFZiWWw==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Optional-Feature-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Optional-Feature-GUID
+attributeID: 1.2.840.113556.1.4.2062
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Optional-Feature-GUID
+adminDescription: GUID of an optional feature.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-OptionalFeatureGUID
+schemaFlagsEx: 1
+schemaIDGUID:: qL2Im4LdmEmpHV8tK68ZJw==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Other-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Other-Settings
+attributeID: 1.2.840.113556.1.4.1621
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Other-Settings
+adminDescription: ms-DS-Other-Settings
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-Other-Settings
+schemaFlagsEx: 1
+schemaIDGUID:: TPPSeX2du0KDj4ZrPkQA4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Parent-Dist-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Parent-Dist-Name
+attributeID: 1.2.840.113556.1.4.2203
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Parent-Dist-Name
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: ms-DS-Parent-Dist-Name
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-parentdistname
+schemaIDGUID:: ff4YuRqXBPSeIZJhq+yXCw==
+systemOnly: TRUE
+systemFlags: 29
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Password-Complexity-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Password-Complexity-Enabled
+attributeID: 1.2.840.113556.1.4.2015
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Password Complexity Status
+adminDescription: Password complexity status for user accounts
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-PasswordComplexityEnabled
+schemaFlagsEx: 1
+schemaIDGUID:: SwVo28PJ8EuxWw+1JVKmEA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Password-History-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Password-History-Length
+attributeID: 1.2.840.113556.1.4.2014
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Password History Length
+adminDescription: Password History Length for user accounts
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-PasswordHistoryLength
+schemaFlagsEx: 1
+schemaIDGUID:: txvY/ox2L0yWQSJF3jR5TQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Password-Reversible-Encryption-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Password-Reversible-Encryption-Enabled
+attributeID: 1.2.840.113556.1.4.2016
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Password Reversible Encryption Status
+adminDescription: Password reversible encryption status for user accounts
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-PasswordReversibleEncryptionEnabled
+schemaFlagsEx: 1
+schemaIDGUID:: j93MdWyvh0S7S2nk04qVnA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Password-Settings-Precedence,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Password-Settings-Precedence
+attributeID: 1.2.840.113556.1.4.2023
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Password Settings Precedence
+adminDescription: Password Settings Precedence
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-PasswordSettingsPrecedence
+schemaFlagsEx: 1
+schemaIDGUID:: rHRjRQofF0aTz7xVp8nTQQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Per-User-Trust-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Per-User-Trust-Quota
+attributeID: 1.2.840.113556.1.4.1788
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Per-User-Trust-Quota
+adminDescription: 
+ Used to enforce a per-user quota for creating Trusted-Domain objects authorize
+ d by the control access right, "Create inbound Forest trust". This attribute l
+ imits the number of Trusted-Domain objects that can be created by a single non
+ -admin user in the domain.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-PerUserTrustQuota
+schemaFlagsEx: 1
+schemaIDGUID:: 8K1h0STKk0mjqossmBMC6A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Per-User-Trust-Tombstones-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Per-User-Trust-Tombstones-Quota
+attributeID: 1.2.840.113556.1.4.1790
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Per-User-Trust-Tombstones-Quota
+adminDescription: 
+ Used to enforce a per-user quota for deleting Trusted-Domain objects when auth
+ orization is based on matching the user's SID to the value of MS-DS-Creator-SI
+ D on the Trusted-Domain object.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-PerUserTrustTombstonesQuota
+schemaFlagsEx: 1
+schemaIDGUID:: xqZwi/lQo0+nHhzgMEBEmw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Phonetic-Company-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Phonetic-Company-Name
+attributeID: 1.2.840.113556.1.4.1945
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35985
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Phonetic-Company-Name
+adminDescription: Contains the phonetic company name where the person works.
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: msDS-PhoneticCompanyName
+schemaIDGUID:: jSDVW/TlrkalFFQ7ycR2WQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Phonetic-Department,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Phonetic-Department
+attributeID: 1.2.840.113556.1.4.1944
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35984
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Phonetic-Department
+adminDescription: 
+ Contains the phonetic department name where the person works.
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: msDS-PhoneticDepartment
+schemaIDGUID:: rz3VbD4A50mnAm+oluem7w==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Phonetic-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Phonetic-Display-Name
+attributeID: 1.2.840.113556.1.4.1946
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 256
+mAPIID: 35986
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Phonetic-Display-Name
+adminDescription: 
+ The phonetic display name of an object.  In the absence of a phonetic display 
+ name the existing display name is used.
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: msDS-PhoneticDisplayName
+schemaFlagsEx: 1
+schemaIDGUID:: 5JQa4mYt5UyzDQ74endv8A==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Phonetic-First-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Phonetic-First-Name
+attributeID: 1.2.840.113556.1.4.1942
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35982
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Phonetic-First-Name
+adminDescription: 
+ Contains the phonetic given name or first name of the person.
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: msDS-PhoneticFirstName
+schemaIDGUID:: TrocSy8wNEGsfPAfbHl4Qw==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Phonetic-Last-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Phonetic-Last-Name
+attributeID: 1.2.840.113556.1.4.1943
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35983
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Phonetic-Last-Name
+adminDescription: Contains the phonetic last name of the person.
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: msDS-PhoneticLastName
+schemaIDGUID:: 7OQX8jYIkEuIry9dS72ivA==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Preferred-Data-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Preferred-Data-Location
+attributeID: 1.2.840.113556.1.4.2366
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 10
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-Preferred-Data-Location
+adminDescription: ms-DS-Preferred-Data-Location
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-preferredDataLocation
+schemaIDGUID:: 3ooM+pRMEEa6zhgO/e4hQA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Preferred-GC-Site,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Preferred-GC-Site
+attributeID: 1.2.840.113556.1.4.1444
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Preferred-GC-Site
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: ms-DS-Prefered-GC-Site
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-Preferred-GC-Site
+schemaFlagsEx: 1
+schemaIDGUID:: CrUh2bIKzUKH9gnPg6kYVA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Primary-Computer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Primary-Computer
+attributeID: 1.2.840.113556.1.4.2167
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2186
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Primary-Computer
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a user or group object, identifies the primary computers.
+oMSyntax: 127
+searchFlags: 1
+lDAPDisplayName: msDS-PrimaryComputer
+schemaIDGUID:: 4vQ9obDb60yCi4suFD6egQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Principal-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Principal-Name
+attributeID: 1.2.840.113556.1.4.1865
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Principal-Name
+adminDescription: Account name for the security principal (constructed)
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-PrincipalName
+schemaFlagsEx: 1
+schemaIDGUID:: JZNOVlfQQ8GeO0+eXvRvkw==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Promotion-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Promotion-Settings
+attributeID: 1.2.840.113556.1.4.1962
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Promotion-Settings
+adminDescription: 
+ For a Computer, contains a XML string to be used for delegated DSA promotion
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-PromotionSettings
+schemaIDGUID:: 4rSByMBDvk65u1JQqptDTA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-PSO-Applied,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-PSO-Applied
+attributeID: 1.2.840.113556.1.4.2021
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2119
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Password settings object applied
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Password settings object applied to this object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-PSOApplied
+schemaFlagsEx: 1
+schemaIDGUID:: MfBsXqi9yEOspI/uQScAWw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-PSO-Applies-To,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-PSO-Applies-To
+attributeID: 1.2.840.113556.1.4.2020
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2118
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Password settings object applies to
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Links to objects that this password settings object applies to
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-PSOAppliesTo
+schemaIDGUID:: SA/IZNLNgUiobU6XtvVh/A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Quota-Amount,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Quota-Amount
+attributeID: 1.2.840.113556.1.4.1845
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Quota-Amount
+adminDescription: 
+ The assigned quota in terms of number of objects owned in the database.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-QuotaAmount
+schemaFlagsEx: 1
+schemaIDGUID:: DaC5+4w6M0Kc+XGJJkkDoQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Quota-Effective,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Quota-Effective
+attributeID: 1.2.840.113556.1.4.1848
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Quota-Effective
+adminDescription: 
+ The effective quota for a security principal computed from the assigned quotas
+  for a directory partition.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-QuotaEffective
+schemaFlagsEx: 1
+schemaIDGUID:: UrFVZhwQtEizR+H868YBVw==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Quota-Trustee,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Quota-Trustee
+attributeID: 1.2.840.113556.1.4.1844
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 28
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Quota-Trustee
+adminDescription: 
+ The SID of the security principal for which quota is being assigned.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-QuotaTrustee
+schemaFlagsEx: 1
+schemaIDGUID:: Bok3FqVOvkmo0b/UHf9PZQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Quota-Used,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Quota-Used
+attributeID: 1.2.840.113556.1.4.1849
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Quota-Used
+adminDescription: 
+ The current quota consumed by a security principal in the directory database.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-QuotaUsed
+schemaFlagsEx: 1
+schemaIDGUID:: CEOotV1ht0uwXy8XRqpDnw==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Registered-Owner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Registered-Owner
+attributeID: 1.2.840.113556.1.4.2258
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Registered-Owner
+adminDescription: 
+ Single valued binary attribute containing the primary SID referencing the firs
+ t user to register the device. The value is not removed during de-registration
+ , but could be managed by an administrator.
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDS-RegisteredOwner
+schemaIDGUID:: 6SZ2YesBz0KZH85heYIjfg==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Registered-Users,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Registered-Users
+attributeID: 1.2.840.113556.1.4.2263
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Registered-Users
+adminDescription:: 
+ Q29udGFpbnMgdGhlIGxpc3Qgb2YgdXNlcnMgdGhhdCBoYXZlIHJlZ2lzdGVyZWQgdGhlIGRldmljZS
+ 4gIFVzZXJzIGluIHRoaXMgbGlzdCBoYXZlIGFsbCBvZiB0aGUgZmVhdHVyZXMgcHJvdmlkZWQgYnkg
+ dGhlIO+/vUNvbXBhbnkgUG9ydGFs77+9IGFwcC4gIEFuZCB0aGV5IGhhdmUgU1NPIHRvIGNvbXBhbn
+ kgcmVzb3VyY2VzLg==
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDS-RegisteredUsers
+schemaIDGUID:: DBZJBI5ayE+wUgHA9uSPAg==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Registration-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Registration-Quota
+attributeID: 1.2.840.113556.1.4.2241
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Registration-Quota
+adminDescription: 
+ Policy used to limit the number of registrations allowed for a single user.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-RegistrationQuota
+schemaIDGUID:: woYyymQfeUCWvOYrYQ5zDw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Repl-Attribute-Meta-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Repl-Attribute-Meta-Data
+description: 
+ A list of metadata for each replicated attribute. The metadata indicates who c
+ hanged the attribute last.
+attributeID: 1.2.840.113556.1.4.1707
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Repl-Attribute-Meta-Data
+adminDescription: ms-DS-Repl-Attribute-Meta-Data
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ReplAttributeMetaData
+schemaFlagsEx: 1
+schemaIDGUID:: QjLF105yOUydTC34ydZseg==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Repl-Value-Meta-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Repl-Value-Meta-Data
+description: 
+ A list of metadata for each value of an attribute. The metadata indicates who 
+ changed the value last.
+attributeID: 1.2.840.113556.1.4.1708
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Repl-Value-Meta-Data
+adminDescription: ms-DS-Repl-Value-Meta-Data
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ReplValueMetaData
+schemaFlagsEx: 1
+schemaIDGUID:: RYFcL73hC0GJV4v6gdWs/Q==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Repl-Value-Meta-Data-Ext,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Repl-Value-Meta-Data-Ext
+attributeID: 1.2.840.113556.1.4.2235
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Repl-Value-Meta-Data-Ext
+adminDescription: ms-DS-Repl-Value-Meta-Data-Ext
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ReplValueMetaDataExt
+schemaIDGUID:: 79ICHq1EskamfZ/RjXgLyg==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Replicates-NC-Reason,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Replicates-NC-Reason
+attributeID: 1.2.840.113556.1.4.1408
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Replicates-NC-Reason
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: MS-DS-Replicates-NC-Reason
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mS-DS-ReplicatesNCReason
+schemaFlagsEx: 1
+schemaIDGUID:: hCuhDrMI0xGRvAAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Replication-Notify-First-DSA-Delay,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Replication-Notify-First-DSA-Delay
+attributeID: 1.2.840.113556.1.4.1663
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Replication-Notify-First-DSA-Delay
+adminDescription: 
+ This attribute controls the delay between changes to the DS, and notification 
+ of the first replica partner for an NC.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-Replication-Notify-First-DSA-Delay
+schemaFlagsEx: 1
+schemaIDGUID:: 9NSrhYkKSU697G81uyViug==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Replication-Notify-Subsequent-DSA-Delay,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Replication-Notify-Subsequent-DSA-Delay
+attributeID: 1.2.840.113556.1.4.1664
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Replication-Notify-Subsequent-DSA-Delay
+adminDescription: 
+ This attribute controls the delay between notification of each subsequent repl
+ ica partner for an NC.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-Replication-Notify-Subsequent-DSA-Delay
+schemaFlagsEx: 1
+schemaIDGUID:: hbM91pLdUkux2A0+zA6Gtg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-ReplicationEpoch,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-ReplicationEpoch
+attributeID: 1.2.840.113556.1.4.1720
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-ReplicationEpoch
+adminDescription: ms-DS-ReplicationEpoch
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-ReplicationEpoch
+schemaFlagsEx: 1
+schemaIDGUID:: earjCBzrtUWve4+UJGyOQQ==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Required-Domain-Behavior-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Required-Domain-Behavior-Version
+attributeID: 1.2.840.113556.1.4.2066
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Required-Domain-Behavior-Version
+adminDescription: Required domain function level for this feature.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-RequiredDomainBehaviorVersion
+schemaFlagsEx: 1
+schemaIDGUID:: /j3d6g6uwky5uV/ltu0t0g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Required-Forest-Behavior-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Required-Forest-Behavior-Version
+attributeID: 1.2.840.113556.1.4.2079
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Required-Forest-Behavior-Version
+adminDescription: Required forest function level for this feature.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-RequiredForestBehaviorVersion
+schemaFlagsEx: 1
+schemaIDGUID:: 6KLsS1OmskGP7nIVdUdL7A==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Resultant-PSO,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Resultant-PSO
+attributeID: 1.2.840.113556.1.4.2022
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Resultant password settings object applied
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Resultant password settings object applied to this object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ResultantPSO
+schemaFlagsEx: 1
+schemaIDGUID:: k6B+t9CIgEeamJEfjosdyg==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Retired-Repl-NC-Signatures,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Retired-Repl-NC-Signatures
+attributeID: 1.2.840.113556.1.4.1826
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Retired-Repl-NC-Signatures
+adminDescription: 
+ Information about naming contexts that are no longer held on this computer
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-RetiredReplNCSignatures
+schemaFlagsEx: 1
+schemaIDGUID:: BlWz1dYZJk2a+xE1esmbXg==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Reveal-OnDemand-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Reveal-OnDemand-Group
+attributeID: 1.2.840.113556.1.4.1928
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2110
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Reveal-OnDemand-Group
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a Directory instance (DSA), identifies the security group whose users may 
+ have their secrets disclosed to that instance
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-RevealOnDemandGroup
+schemaFlagsEx: 1
+schemaIDGUID:: Sp89MNYdOEuPxTOv6MmIrQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Revealed-DSAs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Revealed-DSAs
+attributeID: 1.2.840.113556.1.4.1930
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2103
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Revealed-DSAs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-DS-Revealed-Users; for a user, identifies which Directory inst
+ ances (DSA) hold that user's secret
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-RevealedDSAs
+schemaFlagsEx: 1
+schemaIDGUID:: rPL2lG3HXku3H/Myw+k8Ig==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Revealed-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Revealed-List
+attributeID: 1.2.840.113556.1.4.1940
+attributeSyntax: 2.5.5.14
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Revealed-List
+oMObjectClass:: KoZIhvcUAQEBDA==
+adminDescription: 
+ For a Directory instance (DSA), Identifies the user objects whose secrets have
+  been disclosed to that instance
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-RevealedList
+schemaFlagsEx: 1
+schemaIDGUID:: HNHay+x/ezhiGToGJ9mvgQ==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Revealed-List-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Revealed-List-BL
+attributeID: 1.2.840.113556.1.4.1975
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Revealed-List-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: backlink attribute for ms-DS-Revealed-List.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-RevealedListBL
+schemaFlagsEx: 1
+schemaIDGUID:: /Ygcqvawn0Kyyp2QImboCA==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Revealed-Users,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Revealed-Users
+attributeID: 1.2.840.113556.1.4.1924
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+linkID: 2102
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Revealed-Users
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: 
+ For a Directory instance (DSA), Identifies the user objects whose secrets have
+  been disclosed to that instance
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-RevealedUsers
+schemaFlagsEx: 1
+schemaIDGUID:: IXhcGEk3OkS9aiiImQca2w==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-RID-Pool-Allocation-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-RID-Pool-Allocation-Enabled
+attributeID: 1.2.840.113556.1.4.2213
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-RID-Pool-Allocation-Enabled
+adminDescription: 
+ This attribute indicates whether RID pool allocation is enabled or not.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-RIDPoolAllocationEnabled
+schemaFlagsEx: 1
+schemaIDGUID:: jHyXJLfBQDO09is3XrcR1w==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-ds-Schema-Extensions,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-ds-Schema-Extensions
+attributeID: 1.2.840.113556.1.4.1440
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-ds-Schema-Extensions
+adminDescription: ms-ds-Schema-Extensions
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDs-Schema-Extensions
+schemaIDGUID:: vmGaswftq0yaSklj7QFB4Q==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-SD-Reference-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-SD-Reference-Domain
+attributeID: 1.2.840.113556.1.4.1711
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-SD-Reference-Domain
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ The domain to be used for default security descriptor translation for a Non-Do
+ main Naming Context.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-SDReferenceDomain
+schemaFlagsEx: 1
+schemaIDGUID:: FuNRTCj2pUOwa/+2lfy08w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Secondary-KrbTgt-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Secondary-KrbTgt-Number
+attributeID: 1.2.840.113556.1.4.1929
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 65536
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Secondary-KrbTgt-Number
+adminDescription: 
+ For a user object (krbtgt), acting as a secondary domain master secret, identi
+ fies the protocol identification number associated with the secondary domain.
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: msDS-SecondaryKrbTgtNumber
+schemaFlagsEx: 1
+schemaIDGUID:: EmYVqpYjfkataijSP9sYZQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Security-Group-Extra-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Security-Group-Extra-Classes
+attributeID: 1.2.840.113556.1.4.1688
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Security-Group-Extra-Classes
+adminDescription: ms-DS-Security-Group-Extra-Classes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-Security-Group-Extra-Classes
+schemaIDGUID:: 6GoUT/6kAUinMfUYSKT05A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Service-Allowed-NTLM-Network-Authentication,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Service-Allowed-NTLM-Network-Authentication
+attributeID: 1.2.840.113556.1.4.2349
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Service-Allowed-NTLM-Network-Authentication
+adminDescription: 
+ This attribute is used to determine if a service is allowed to authenticate us
+ ing NTLM authentication.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-ServiceAllowedNTLMNetworkAuthentication
+schemaIDGUID:: uUeJJyJSXkOWtxUDhYwrSA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Service-Allowed-To-Authenticate-From,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Service-Allowed-To-Authenticate-From
+attributeID: 1.2.840.113556.1.4.2283
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Service-Allowed-To-Authenticate-From
+adminDescription: 
+ This attribute is used to determine if a service has permission to authenticat
+ e from a computer.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ServiceAllowedToAuthenticateFrom
+schemaIDGUID:: mnDalxY3Zkmx0YOLpTw9iQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Service-Allowed-To-Authenticate-To,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Service-Allowed-To-Authenticate-To
+attributeID: 1.2.840.113556.1.4.2282
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Service-Allowed-To-Authenticate-To
+adminDescription: 
+ This attribute is used to determine if a service has permission to authenticat
+ e to a service.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ServiceAllowedToAuthenticateTo
+schemaIDGUID:: MTGX8k2bIEi03gR07zuEnw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Service-AuthN-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Service-AuthN-Policy
+attributeID: 1.2.840.113556.1.4.2293
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2210
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service Authentication Policy
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute specifies which AuthNPolicy should be applied to services assig
+ ned to this silo object.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ServiceAuthNPolicy
+schemaIDGUID:: lW1qKs4o7km7JG0fwB4xEQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Service-AuthN-Policy-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Service-AuthN-Policy-BL
+attributeID: 1.2.840.113556.1.4.2294
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2211
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service Authentication Policy Backlink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: This attribute is the backlink for msDS-ServiceAuthNPolicy.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ServiceAuthNPolicyBL
+schemaIDGUID:: 7CgRLKJao0KzLfCXnKn80g==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Service-TGT-Lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Service-TGT-Lifetime
+attributeID: 1.2.840.113556.1.4.2284
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service TGT Lifetime
+adminDescription: 
+ This attribute specifies the maximum age of a Kerberos TGT issued to a service
+  in units of 10^(-7) seconds.
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-ServiceTGTLifetime
+schemaIDGUID:: IDz+XSnKfUCbq4Qh5V63XA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Settings
+attributeID: 1.2.840.113556.1.4.1697
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 1000000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Settings
+adminDescription: ms-DS-Settings
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-Settings
+schemaIDGUID:: 10cbDqNASEuNG0ysDBzfIQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Shadow-Principal-Sid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Shadow-Principal-Sid
+attributeID: 1.2.840.113556.1.4.2324
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Shadow-Principal-Sid
+adminDescription: Contains the SID of a principal from an external forest.
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDS-ShadowPrincipalSid
+schemaIDGUID:: IgfMHbCq70+Vbydv4Z3hBw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Site-Affinity,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Site-Affinity
+attributeID: 1.2.840.113556.1.4.1443
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Site-Affinity
+adminDescription: ms-DS-Site-Affinity
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDS-Site-Affinity
+schemaFlagsEx: 1
+schemaIDGUID:: AlZ8wbe88EaWVmNwyohLcg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-SiteName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-SiteName
+attributeID: 1.2.840.113556.1.4.1961
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-SiteName
+adminDescription: 
+ For a Directory instance (DSA), Identifies the site name that contains the DSA
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-SiteName
+schemaFlagsEx: 1
+schemaIDGUID:: bfOnmJU1ikSeb2uJZbrtnA==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Source-Anchor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Source-Anchor
+attributeID: 1.2.840.113556.1.4.2352
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Source-Anchor
+adminDescription: 
+ Unique, immutable identifier for the object in the authoritative directory.
+oMSyntax: 64
+searchFlags: 10
+lDAPDisplayName: msDS-SourceAnchor
+schemaIDGUID:: B/QCsEAT60G8oL19k44lqQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Source-Object-DN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Source-Object-DN
+attributeID: 1.2.840.113556.1.4.1879
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 10240
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Source-Object-DN
+adminDescription: 
+ The string representation of the DN of the object in another forest that corre
+ sponds to this object.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-SourceObjectDN
+schemaIDGUID:: r5M+d7TT1Eiz+QZFdgLT0A==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-SPN-Suffixes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-SPN-Suffixes
+attributeID: 1.2.840.113556.1.4.1715
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-SPN-Suffixes
+adminDescription: ms-DS-SPN-Suffixes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-SPNSuffixes
+schemaFlagsEx: 1
+schemaIDGUID:: 6+GeeI6MTE6M7HmzG3YXtQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Strong-NTLM-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Strong-NTLM-Policy
+attributeID: 1.2.840.113556.1.4.2350
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Strong-NTLM-Policy
+adminDescription: 
+ This attribute specifies policy options for NTLM secrets with strong entropy.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-StrongNTLMPolicy
+schemaIDGUID:: cCHNqipIxkS2bkLC9mooXA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Supported-Encryption-Types,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Supported-Encryption-Types
+attributeID: 1.2.840.113556.1.4.1963
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-SupportedEncryptionTypes
+adminDescription: 
+ The encryption algorithms supported by user, computer or trust accounts. The K
+ DC uses this information while generating a service ticket for this account. S
+ ervices/Computers may automatically update this attribute on their respective 
+ accounts in Active Directory, and therefore need write access to this attribut
+ e.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-SupportedEncryptionTypes
+schemaFlagsEx: 1
+schemaIDGUID:: Z5gRIAQdt0qTcc/D1d8K/Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-SyncServerUrl,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-SyncServerUrl
+attributeID: 1.2.840.113556.1.4.2276
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 512
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-SyncServerUrl
+adminDescription: 
+ Use this attribute to store the sync server (Url format) which hosts the user 
+ sync folder
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-SyncServerUrl
+schemaIDGUID:: 0sOst3QqpE+sJeY/6LYSGA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Tasks-For-Az-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Tasks-For-Az-Role
+attributeID: 1.2.840.113556.1.4.1814
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Tasks-For-Az-Role
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: List of tasks for Az-Role
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-TasksForAzRole
+schemaIDGUID:: gpAxNUqMRkaThsKUnUmJTQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Tasks-For-Az-Role-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Tasks-For-Az-Role-BL
+attributeID: 1.2.840.113556.1.4.1815
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2025
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Tasks-For-Az-Role-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Back-link from Az-Task to Az-Role object(s) linking to it
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-TasksForAzRoleBL
+schemaIDGUID:: NtXcoFhR/kKMQMAKetN5WQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Tasks-For-Az-Task,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Tasks-For-Az-Task
+attributeID: 1.2.840.113556.1.4.1810
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2020
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Tasks-For-Az-Task
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: List of tasks linked to Az-Task
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-TasksForAzTask
+schemaIDGUID:: 4o4csc1fp0aV8PODM/CWzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Tasks-For-Az-Task-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Tasks-For-Az-Task-BL
+attributeID: 1.2.840.113556.1.4.1811
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2021
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Tasks-For-Az-Task-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Back-link from Az-Task to the Az-Task object(s) linking to it
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-TasksForAzTaskBL
+schemaIDGUID:: Um5E3/q1okykLxP5ilJsjw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-TDO-Egress-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-TDO-Egress-BL
+attributeID: 1.2.840.113556.1.4.2194
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2193
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-TDO-Egress-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Backlink to TDO Egress rules link on object.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-TDOEgressBL
+schemaFlagsEx: 1
+schemaIDGUID:: KWIA1ROZQiKLF4N2HR4OWw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-TDO-Ingress-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-TDO-Ingress-BL
+attributeID: 1.2.840.113556.1.4.2193
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2191
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-TDO-Ingress-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Backlink to TDO Ingress rules link on object.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-TDOIngressBL
+schemaFlagsEx: 1
+schemaIDGUID:: oWFWWsaXS1SAVuQw/nvFVA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Token-Group-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Token-Group-Names
+attributeID: 1.2.840.113556.1.4.2345
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Token-Group-Names
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ The distinguished names of security groups the principal is directly or indire
+ ctly a member of.
+oMSyntax: 127
+searchFlags: 2048
+lDAPDisplayName: msds-tokenGroupNames
+schemaIDGUID:: dgVlZZlGyU+NGCbgzQE3pg==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: TRUE
+systemFlags: 29
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Token-Group-Names-Global-And-Universal,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Token-Group-Names-Global-And-Universal
+attributeID: 1.2.840.113556.1.4.2346
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Token-Group-Names-Global-And-Universal
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ The distinguished names of global and universal security groups the principal 
+ is directly or indirectly a member of.
+oMSyntax: 127
+searchFlags: 2048
+lDAPDisplayName: msds-tokenGroupNamesGlobalAndUniversal
+schemaIDGUID:: 9NEG+iJ5rUq3nLIgH1RBfA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: TRUE
+systemFlags: 29
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Token-Group-Names-No-GC-Acceptable,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Token-Group-Names-No-GC-Acceptable
+attributeID: 1.2.840.113556.1.4.2347
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Token-Group-Names-No-GC-Acceptable
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ The distinguished names of security groups the principal is directly or indire
+ ctly a member of as reported by the local DC.
+oMSyntax: 127
+searchFlags: 2048
+lDAPDisplayName: msds-tokenGroupNamesNoGCAcceptable
+schemaIDGUID:: yMY/UvSaAkqc1z3qEp7rJw==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: TRUE
+systemFlags: 29
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Tombstone-Quota-Factor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Tombstone-Quota-Factor
+attributeID: 1.2.840.113556.1.4.1847
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 100
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Tombstone-Quota-Factor
+adminDescription: 
+ The percentage factor by which tombstone object count should be reduced for th
+ e purpose of quota accounting.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-TombstoneQuotaFactor
+schemaFlagsEx: 1
+schemaIDGUID:: 10QXRrbzukWHU/uVUqXfMg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Top-Quota-Usage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Top-Quota-Usage
+attributeID: 1.2.840.113556.1.4.1850
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Top-Quota-Usage
+adminDescription: 
+ The list of top quota users ordered by decreasing quota usage currently in the
+  directory database.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-TopQuotaUsage
+schemaFlagsEx: 1
+schemaIDGUID:: T858e/Xxtku36yNQSvGedQ==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Transformation-Rules,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Transformation-Rules
+attributeID: 1.2.840.113556.1.4.2189
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Transformation-Rules
+adminDescription: 
+ Specifies the Transformation Rules for Cross-Forest Claims Transformation.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-TransformationRules
+schemaFlagsEx: 1
+schemaIDGUID:: cSuHVbLESDuuUUCV+R7GAA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Transformation-Rules-Compiled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Transformation-Rules-Compiled
+attributeID: 1.2.840.113556.1.4.2190
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Transformation-Rules-Compiled
+adminDescription: Blob containing compiled transformation rules.
+oMSyntax: 4
+searchFlags: 128
+lDAPDisplayName: msDS-TransformationRulesCompiled
+schemaFlagsEx: 1
+schemaIDGUID:: EJq0C2tTTbyicwurDdS9EA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Trust-Forest-Trust-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Trust-Forest-Trust-Info
+attributeID: 1.2.840.113556.1.4.1702
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Trust-Forest-Trust-Info
+adminDescription: ms-DS-Trust-Forest-Trust-Info
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-TrustForestTrustInfo
+schemaFlagsEx: 1
+schemaIDGUID:: bobMKdNJaUmULh28CSXRgw==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-UpdateScript,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-UpdateScript
+attributeID: 1.2.840.113556.1.4.1721
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-UpdateScript
+adminDescription: ms-DS-UpdateScript
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-UpdateScript
+schemaFlagsEx: 1
+schemaIDGUID:: ObZuFJ+7wU+oJeKeAMd5IA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-User-Account-Control-Computed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-User-Account-Control-Computed
+attributeID: 1.2.840.113556.1.4.1460
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-User-Account-Control-Computed
+adminDescription: ms-DS-User-Account-Control-Computed
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-User-Account-Control-Computed
+schemaFlagsEx: 1
+schemaIDGUID:: NrjELD+2QEmNI+p6zwavVg==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-User-Allowed-NTLM-Network-Authentication,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-User-Allowed-NTLM-Network-Authentication
+attributeID: 1.2.840.113556.1.4.2348
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-User-Allowed-NTLM-Network-Authentication
+adminDescription: 
+ This attribute is used to determine if a user is allowed to authenticate using
+  NTLM authentication.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-UserAllowedNTLMNetworkAuthentication
+schemaIDGUID:: DwTOfieT3Eyq0wN63+YmOQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-User-Allowed-To-Authenticate-From,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-User-Allowed-To-Authenticate-From
+attributeID: 1.2.840.113556.1.4.2278
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-User-Allowed-To-Authenticate-From
+adminDescription: 
+ This attribute is used to determine if a user has permission to authenticate f
+ rom a computer.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-UserAllowedToAuthenticateFrom
+schemaIDGUID:: AJZMLOGwfUSN2nSQIle9tQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-User-Allowed-To-Authenticate-To,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-User-Allowed-To-Authenticate-To
+attributeID: 1.2.840.113556.1.4.2277
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-User-Allowed-To-Authenticate-To
+adminDescription: 
+ This attribute is used to determine if a user has permission to authenticate t
+ o a service.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-UserAllowedToAuthenticateTo
+schemaIDGUID:: f6oM3k5yhkKxeRkmce/GZA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-User-AuthN-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-User-AuthN-Policy
+attributeID: 1.2.840.113556.1.4.2289
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2206
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User Authentication Policy
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute specifies which AuthNPolicy should be applied to users assigned
+  to this silo object.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-UserAuthNPolicy
+schemaIDGUID:: 87kmzRXUKkSPeHxhUj7pWw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-User-AuthN-Policy-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-User-AuthN-Policy-BL
+attributeID: 1.2.840.113556.1.4.2290
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2207
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User Authentication Policy Backlink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: This attribute is the backlink for msDS-UserAuthNPolicy.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-UserAuthNPolicyBL
+schemaIDGUID:: qfoXL0ddH0uXfqpS+r5lyA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-User-Password-Expiry-Time-Computed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-User-Password-Expiry-Time-Computed
+attributeID: 1.2.840.113556.1.4.1996
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-User-Password-Expiry-Time-Computed
+adminDescription: Contains the expiry time for the user's current password
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-UserPasswordExpiryTimeComputed
+schemaFlagsEx: 1
+schemaIDGUID:: EM/VrQl7SUSa5iU0FI+Kcg==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-User-TGT-Lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-User-TGT-Lifetime
+attributeID: 1.2.840.113556.1.4.2279
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User TGT Lifetime
+adminDescription: 
+ This attribute specifies the maximum age of a Kerberos TGT issued to a user in
+  units of 10^(-7) seconds.
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-UserTGTLifetime
+schemaIDGUID:: g8khhZn1D0K5q7EiK9+VwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-USN-Last-Sync-Success,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-USN-Last-Sync-Success
+attributeID: 1.2.840.113556.1.4.2055
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-USN-Last-Sync-Success
+adminDescription: 
+ The USN at which the last successful replication synchronization occurred.
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-USNLastSyncSuccess
+schemaFlagsEx: 1
+schemaIDGUID:: trj3MfjJLU+je1ioIwMDMQ==
+systemOnly: FALSE
+systemFlags: 25
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Value-Type-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Value-Type-Reference
+attributeID: 1.2.840.113556.1.4.2187
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2188
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Value-Type-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute is used to link a resource property object to its value type.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ValueTypeReference
+schemaFlagsEx: 1
+schemaIDGUID:: hF38eNzBSDGJhFj3ktQdPg==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Value-Type-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Value-Type-Reference-BL
+attributeID: 1.2.840.113556.1.4.2188
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2189
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Value-Type-Reference-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This is the back link for ms-DS-Value-Type-Reference. It links a value type ob
+ ject back to resource properties.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ValueTypeReferenceBL
+schemaFlagsEx: 1
+schemaIDGUID:: rUNVq6EjRTu5N5sxPVR0qA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Exch-Assistant-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Exch-Assistant-Name
+attributeID: 1.2.840.113556.1.2.444
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+mAPIID: 14896
+adminDisplayName: ms-Exch-Assistant-Name
+adminDescription: ms-Exch-Assistant-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msExchAssistantName
+schemaIDGUID:: lHPfqOrF0RG7ywCAx2ZwwA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Exch-House-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Exch-House-Identifier
+attributeID: 1.2.840.113556.1.2.596
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 35924
+adminDisplayName: ms-Exch-House-Identifier
+adminDescription: ms-Exch-House-Identifier
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msExchHouseIdentifier
+schemaIDGUID:: B3TfqOrF0RG7ywCAx2ZwwA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Exch-LabeledURI,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Exch-LabeledURI
+attributeID: 1.2.840.113556.1.2.593
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 1024
+mAPIID: 35921
+adminDisplayName: ms-Exch-LabeledURI
+adminDescription: ms-Exch-LabeledURI
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msExchLabeledURI
+schemaIDGUID:: IFh3FvNH0RGpwwAA+ANnwQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Exch-Owner-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Exch-Owner-BL
+attributeID: 1.2.840.113556.1.2.104
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 45
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Exch-Owner-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: ms-Exch-Owner-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ownerBL
+schemaIDGUID:: 9HmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FRS-Hub-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-FRS-Hub-Member
+attributeID: 1.2.840.113556.1.4.1693
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 1046
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-FRS-Hub-Member
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: ms-FRS-Hub-Member
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msFRS-Hub-Member
+schemaIDGUID:: gf9DVrY1qUyVErrwvQoncg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FRS-Topology-Pref,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-FRS-Topology-Pref
+attributeID: 1.2.840.113556.1.4.1692
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-FRS-Topology-Pref
+adminDescription: ms-FRS-Topology-Pref
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msFRS-Topology-Pref
+schemaIDGUID:: 4CeqklBcLUCewe6Efe+XiA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FVE-KeyPackage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-FVE-KeyPackage
+attributeID: 1.2.840.113556.1.4.1999
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 102400
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FVE-KeyPackage
+adminDescription: 
+ This attribute contains a volume's BitLocker encryption key secured by the cor
+ responding recovery password. Full Volume Encryption (FVE) was the pre-release
+  name for BitLocker Drive Encryption.
+oMSyntax: 4
+searchFlags: 664
+lDAPDisplayName: msFVE-KeyPackage
+schemaIDGUID:: qF7VH6eI3EeBKQ2qlxhqVA==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FVE-RecoveryGuid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-FVE-RecoveryGuid
+attributeID: 1.2.840.113556.1.4.1965
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FVE-RecoveryGuid
+adminDescription: 
+ This attribute contains the GUID associated with a BitLocker recovery password
+ . Full Volume Encryption (FVE) was the pre-release name for BitLocker Drive En
+ cryption.
+oMSyntax: 4
+searchFlags: 27
+lDAPDisplayName: msFVE-RecoveryGuid
+schemaIDGUID:: vAlp93jmoEews/hqAETAbQ==
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FVE-RecoveryPassword,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-FVE-RecoveryPassword
+attributeID: 1.2.840.113556.1.4.1964
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FVE-RecoveryPassword
+adminDescription: 
+ This attribute contains a password that can recover a BitLocker-encrypted volu
+ me. Full Volume Encryption (FVE) was the pre-release name for BitLocker Drive 
+ Encryption.
+oMSyntax: 64
+searchFlags: 664
+lDAPDisplayName: msFVE-RecoveryPassword
+schemaIDGUID:: wRoGQ63IzEy3hSv6wg/GCg==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FVE-VolumeGuid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-FVE-VolumeGuid
+attributeID: 1.2.840.113556.1.4.1998
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FVE-VolumeGuid
+adminDescription: 
+ This attribute contains the GUID associated with a BitLocker-supported disk vo
+ lume. Full Volume Encryption (FVE) was the pre-release name for BitLocker Driv
+ e Encryption.
+oMSyntax: 4
+searchFlags: 27
+lDAPDisplayName: msFVE-VolumeGuid
+schemaIDGUID:: z6Xlhe7cdUCc/aydtqLyRQ==
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-ieee-80211-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-ieee-80211-Data
+attributeID: 1.2.840.113556.1.4.1821
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-ieee-80211-Data
+adminDescription: 
+ Stores list of preferred network configurations for Group Policy for Wireless
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msieee80211-Data
+schemaIDGUID:: OAkNDlgmgEWp9noKx7Vmyw==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-ieee-80211-Data-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-ieee-80211-Data-Type
+attributeID: 1.2.840.113556.1.4.1822
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-ieee-80211-Data-Type
+adminDescription: internally used data type for msieee80211-Data blob
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msieee80211-DataType
+schemaIDGUID:: gLFYZdo1/k6+7VIfj0jK+w==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-ieee-80211-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-ieee-80211-ID
+attributeID: 1.2.840.113556.1.4.1823
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-ieee-80211-ID
+adminDescription: an indentifier used for wireless policy object on AD
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msieee80211-ID
+schemaIDGUID:: de9zf8kUI0yB3t0HoG+eiw==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-IIS-FTP-Dir,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-IIS-FTP-Dir
+attributeID: 1.2.840.113556.1.4.1786
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-IIS-FTP-Dir
+adminDescription: Relative user directory on an FTP Root share.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msIIS-FTPDir
+schemaIDGUID:: 6ZlcijAi60a46OWdcS657g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-IIS-FTP-Root,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-IIS-FTP-Root
+attributeID: 1.2.840.113556.1.4.1785
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-IIS-FTP-Root
+adminDescription: Virtual FTP Root where user home directory resides.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msIIS-FTPRoot
+schemaIDGUID:: pCd4KoMUpUmdhFLjgSFWtA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Imaging-Hash-Algorithm,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Imaging-Hash-Algorithm
+attributeID: 1.2.840.113556.1.4.2181
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Imaging-Hash-Algorithm
+adminDescription: 
+ Contains the name of the hash algorithm used to create the Thumbprint Hash for
+  the Scan Repository/Secure Print Device.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msImaging-HashAlgorithm
+schemaIDGUID:: tQ3nigZklkGS/vO7VXUgpw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Imaging-PSP-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Imaging-PSP-Identifier
+attributeID: 1.2.840.113556.1.4.2053
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Imaging-PSP-Identifier
+adminDescription: 
+ Schema Attribute that contains the unique identifier for this PostScan Process
+ .
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msImaging-PSPIdentifier
+schemaIDGUID:: 6TxYUfqUEku5kDBMNbGFlQ==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Imaging-PSP-String,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Imaging-PSP-String
+attributeID: 1.2.840.113556.1.4.2054
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 524288
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Imaging-PSP-String
+adminDescription: 
+ Schema Attribute that contains the XML sequence for this PostScan Process.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msImaging-PSPString
+schemaIDGUID:: rmBne+3WpkS2vp3mLAnsZw==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Imaging-Thumbprint-Hash,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Imaging-Thumbprint-Hash
+attributeID: 1.2.840.113556.1.4.2180
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Imaging-Thumbprint-Hash
+adminDescription: 
+ Contains a hash of the security certificate for the Scan Repository/Secure Pri
+ nt Device.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msImaging-ThumbprintHash
+schemaIDGUID:: xdvfnAQDaUWV9sT2Y/5a5g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-CreateTime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-CreateTime
+attributeID: 1.2.840.113556.1.4.2179
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-CreateTime
+adminDescription: The time when this root key was created.
+oMSyntax: 65
+searchFlags: 640
+lDAPDisplayName: msKds-CreateTime
+schemaIDGUID:: nxEYrpBjRQCzLZfbxwGu9w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-DomainID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-DomainID
+attributeID: 1.2.840.113556.1.4.2177
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-DomainID
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Distinguished name of the Domain Controller which generated this root key.
+oMSyntax: 127
+searchFlags: 640
+lDAPDisplayName: msKds-DomainID
+schemaIDGUID:: ggRAlgfPTOmQ6PLvxPBJXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-KDF-AlgorithmID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-KDF-AlgorithmID
+attributeID: 1.2.840.113556.1.4.2169
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 200
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-KDF-AlgorithmID
+adminDescription: 
+ The algorithm name of the key derivation function used to compute keys.
+oMSyntax: 64
+searchFlags: 640
+lDAPDisplayName: msKds-KDFAlgorithmID
+schemaIDGUID:: skgs203RTuyfWK1XnYtEDg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-KDF-Param,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-KDF-Param
+attributeID: 1.2.840.113556.1.4.2170
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 2000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-KDF-Param
+adminDescription: Parameters for the key derivation algorithm.
+oMSyntax: 4
+searchFlags: 640
+lDAPDisplayName: msKds-KDFParam
+schemaIDGUID:: cgeAirj0TxW0HC5Cce/3pw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-PrivateKey-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-PrivateKey-Length
+attributeID: 1.2.840.113556.1.4.2174
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-PrivateKey-Length
+adminDescription: The length of the secret agreement private key.
+oMSyntax: 2
+searchFlags: 640
+lDAPDisplayName: msKds-PrivateKeyLength
+schemaIDGUID:: oUJfYec3SBGg3TAH4Jz8gQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-PublicKey-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-PublicKey-Length
+attributeID: 1.2.840.113556.1.4.2173
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-PublicKey-Length
+adminDescription: The length of the secret agreement public key.
+oMSyntax: 2
+searchFlags: 640
+lDAPDisplayName: msKds-PublicKeyLength
+schemaIDGUID:: cPQ44805SUWrW/afnlg/4A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-RootKeyData,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-RootKeyData
+attributeID: 1.2.840.113556.1.4.2175
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-RootKeyData
+adminDescription: Root key.
+oMSyntax: 4
+searchFlags: 640
+lDAPDisplayName: msKds-RootKeyData
+schemaIDGUID:: J3xiJqIIQAqhsY3OhbQpkw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-SecretAgreement-AlgorithmID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-SecretAgreement-AlgorithmID
+attributeID: 1.2.840.113556.1.4.2171
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 200
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-SecretAgreement-AlgorithmID
+adminDescription: 
+ The name of the secret agreement algorithm to be used with public keys.
+oMSyntax: 64
+searchFlags: 640
+lDAPDisplayName: msKds-SecretAgreementAlgorithmID
+schemaIDGUID:: XZcCF14iSsuxXQ2uqLXpkA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-SecretAgreement-Param,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-SecretAgreement-Param
+attributeID: 1.2.840.113556.1.4.2172
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 2000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-SecretAgreement-Param
+adminDescription: The parameters for the secret agreement algorithm.
+oMSyntax: 4
+searchFlags: 640
+lDAPDisplayName: msKds-SecretAgreementParam
+schemaIDGUID:: 2ZmwMP7tSXW4B+ukRNp56Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-UseStartTime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-UseStartTime
+attributeID: 1.2.840.113556.1.4.2178
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-UseStartTime
+adminDescription: The time after which this root key may be used.
+oMSyntax: 65
+searchFlags: 640
+lDAPDisplayName: msKds-UseStartTime
+schemaIDGUID:: fwTcbCL1SreanNlayM39og==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-Version
+attributeID: 1.2.840.113556.1.4.2176
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-Version
+adminDescription: Version number of this root key.
+oMSyntax: 2
+searchFlags: 640
+lDAPDisplayName: msKds-Version
+schemaIDGUID:: QHPw1bDmSh6Xvg0zGL2dsQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-80211-GP-PolicyData,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-net-ieee-80211-GP-PolicyData
+attributeID: 1.2.840.113556.1.4.1952
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 4194304
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-80211-GP-PolicyData
+adminDescription: 
+ This attribute contains all of the settings and data which comprise a group po
+ licy configuration for 802.11 wireless networks.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ms-net-ieee-80211-GP-PolicyData
+schemaIDGUID:: pZUUnHZNjkaZHhQzsKZ4VQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-80211-GP-PolicyGUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-net-ieee-80211-GP-PolicyGUID
+attributeID: 1.2.840.113556.1.4.1951
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-80211-GP-PolicyGUID
+adminDescription: 
+ This attribute contains a GUID which identifies a specific 802.11 group policy
+  object on the domain.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ms-net-ieee-80211-GP-PolicyGUID
+schemaIDGUID:: YnBpNa8ei0SsHjiOC+T97g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-80211-GP-PolicyReserved,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-net-ieee-80211-GP-PolicyReserved
+attributeID: 1.2.840.113556.1.4.1953
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 4194304
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-80211-GP-PolicyReserved
+adminDescription: Reserved for future use
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: ms-net-ieee-80211-GP-PolicyReserved
+schemaIDGUID:: LsZpD44I9U+lOukjzsB8Cg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-8023-GP-PolicyData,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-net-ieee-8023-GP-PolicyData
+attributeID: 1.2.840.113556.1.4.1955
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1048576
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-8023-GP-PolicyData
+adminDescription: 
+ This attribute contains all of the settings and data which comprise a group po
+ licy configuration for 802.3 wired networks.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ms-net-ieee-8023-GP-PolicyData
+schemaIDGUID:: i5SYg1d0kU29TY1+1mnJ9w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-8023-GP-PolicyGUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-net-ieee-8023-GP-PolicyGUID
+attributeID: 1.2.840.113556.1.4.1954
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-8023-GP-PolicyGUID
+adminDescription: 
+ This attribute contains a GUID which identifies a specific 802.3 group policy 
+ object on the domain.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ms-net-ieee-8023-GP-PolicyGUID
+schemaIDGUID:: WrCnlLK4WU+cJTnmm6oWhA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-8023-GP-PolicyReserved,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-net-ieee-8023-GP-PolicyReserved
+attributeID: 1.2.840.113556.1.4.1956
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1048576
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-8023-GP-PolicyReserved
+adminDescription: Reserved for future use
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: ms-net-ieee-8023-GP-PolicyReserved
+schemaIDGUID:: xyfF0wYm602M/RhCb+7Izg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-AccountCredentials,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-AccountCredentials
+attributeID: 1.2.840.113556.1.4.1894
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+linkID: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-PKI-AccountCredentials
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: Storage of encrypted user credential token blobs for roaming
+oMSyntax: 127
+searchFlags: 640
+lDAPDisplayName: msPKIAccountCredentials
+schemaIDGUID:: RKffuNwx8U6sfIS69++dpw==
+attributeSecurityGUID:: 3kfmkW/ZcEuVV9Y/9PPM2A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Cert-Template-OID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Cert-Template-OID
+attributeID: 1.2.840.113556.1.4.1436
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Cert-Template-OID
+adminDescription: ms-PKI-Cert-Template-OID
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msPKI-Cert-Template-OID
+schemaIDGUID:: asNkMSa6jEaL2sHlzCVnKA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Certificate-Application-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Certificate-Application-Policy
+attributeID: 1.2.840.113556.1.4.1674
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Certificate-Application-Policy
+adminDescription: ms-PKI-Certificate-Application-Policy
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-Certificate-Application-Policy
+schemaIDGUID:: SAXZ2zeqAkKZZoxTe6XOMg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Certificate-Name-Flag,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Certificate-Name-Flag
+attributeID: 1.2.840.113556.1.4.1432
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Certificate-Name-Flag
+adminDescription: ms-PKI-Certificate-Name-Flag
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-Certificate-Name-Flag
+schemaIDGUID:: xN0d6v9gbkGMwBfO5TS85w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Certificate-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Certificate-Policy
+attributeID: 1.2.840.113556.1.4.1439
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Certificate-Policy
+adminDescription: ms-PKI-Certificate-Policy
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-Certificate-Policy
+schemaIDGUID:: RiOUOFvMS0Kn2G/9EgKcXw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Credential-Roaming-Tokens,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Credential-Roaming-Tokens
+attributeID: 1.2.840.113556.1.4.2050
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+linkID: 2162
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Credential-Roaming-Tokens
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: 
+ Storage of encrypted user credential token blobs for roaming.
+oMSyntax: 127
+searchFlags: 128
+lDAPDisplayName: msPKI-CredentialRoamingTokens
+schemaIDGUID:: OFr/txgIsEKBENPRVMl/JA==
+attributeSecurityGUID:: 3kfmkW/ZcEuVV9Y/9PPM2A==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-DPAPIMasterKeys,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-DPAPIMasterKeys
+attributeID: 1.2.840.113556.1.4.1893
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+linkID: 2046
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-PKI-DPAPIMasterKeys
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: Storage of encrypted DPAPI Master Keys for user
+oMSyntax: 127
+searchFlags: 640
+lDAPDisplayName: msPKIDPAPIMasterKeys
+schemaIDGUID:: IzD5szmSfE+5nGdF2Hrbwg==
+attributeSecurityGUID:: 3kfmkW/ZcEuVV9Y/9PPM2A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Enrollment-Flag,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Enrollment-Flag
+attributeID: 1.2.840.113556.1.4.1430
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Enrollment-Flag
+adminDescription: ms-PKI-Enrollment-Flag
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-Enrollment-Flag
+schemaIDGUID:: 2Pde0Sby20auebNOVgvRLA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Enrollment-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Enrollment-Servers
+attributeID: 1.2.840.113556.1.4.2076
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Enrollment-Servers
+adminDescription: 
+ Priority, authentication type, and URI of each certificate enrollment web serv
+ ice.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-Enrollment-Servers
+schemaIDGUID:: j9Mr8tChMkiLKAMxQ4iGpg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Minimal-Key-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Minimal-Key-Size
+attributeID: 1.2.840.113556.1.4.1433
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Minimal-Key-Size
+adminDescription: ms-PKI-Minimal-Key-Size
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-Minimal-Key-Size
+schemaIDGUID:: 9WNq6X9B00a+Utt3A8UD3w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-OID-Attribute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-OID-Attribute
+attributeID: 1.2.840.113556.1.4.1671
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-OID-Attribute
+adminDescription: ms-PKI-OID-Attribute
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-OID-Attribute
+schemaIDGUID:: iBKejChQT0+nBHbQJvJG7w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-OID-CPS,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-OID-CPS
+attributeID: 1.2.840.113556.1.4.1672
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 32768
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-OID-CPS
+adminDescription: ms-PKI-OID-CPS
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-OID-CPS
+schemaIDGUID:: DpRJX5+nUUq7bz1EalTcaw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-OID-LocalizedName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-OID-LocalizedName
+attributeID: 1.2.840.113556.1.4.1712
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-OID-LocalizedName
+adminDescription: ms-PKI-OID-LocalizedName
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-OIDLocalizedName
+schemaIDGUID:: FqhZfQW7ckqXH1wTMfZ1WQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-OID-User-Notice,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-OID-User-Notice
+attributeID: 1.2.840.113556.1.4.1673
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 32768
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-OID-User-Notice
+adminDescription: ms-PKI-OID-User-Notice
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-OID-User-Notice
+schemaIDGUID:: etrEBBThaU6I3uKT8tOzlQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Private-Key-Flag,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Private-Key-Flag
+attributeID: 1.2.840.113556.1.4.1431
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Private-Key-Flag
+adminDescription: ms-PKI-Private-Key-Flag
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-Private-Key-Flag
+schemaIDGUID:: wkqwujUECUeTByg4DnxwAQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-RA-Application-Policies,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-RA-Application-Policies
+attributeID: 1.2.840.113556.1.4.1675
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-RA-Application-Policies
+adminDescription: ms-PKI-RA-Application-Policies
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-RA-Application-Policies
+schemaIDGUID:: v/uRPHNHzUyoe4XVPnvPag==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-RA-Policies,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-RA-Policies
+attributeID: 1.2.840.113556.1.4.1438
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-RA-Policies
+adminDescription: ms-PKI-RA-Policies
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-RA-Policies
+schemaIDGUID:: Iq5G1VEJR02BfhyflvqtRg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-RA-Signature,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-RA-Signature
+attributeID: 1.2.840.113556.1.4.1429
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-RA-Signature
+adminDescription: MS PKI Number Of RA Signature Required In Request
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-RA-Signature
+schemaIDGUID:: S+AX/n2Tfk+ODpKSyNVoPg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-RoamingTimeStamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-RoamingTimeStamp
+attributeID: 1.2.840.113556.1.4.1892
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-PKI-RoamingTimeStamp
+adminDescription: Time stamp for last change to roaming tokens
+oMSyntax: 4
+searchFlags: 640
+lDAPDisplayName: msPKIRoamingTimeStamp
+schemaIDGUID:: rOQXZvGiq0O2DBH70frPBQ==
+attributeSecurityGUID:: 3kfmkW/ZcEuVV9Y/9PPM2A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Site-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Site-Name
+attributeID: 1.2.840.113556.1.4.2077
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Site-Name
+adminDescription: Active Directory site to which the CA machine belongs.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-Site-Name
+schemaIDGUID:: H3HYDPwKJkmksQmwjT1DbA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Supersede-Templates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Supersede-Templates
+attributeID: 1.2.840.113556.1.4.1437
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Supersede-Templates
+adminDescription: ms-PKI-Supersede-Templates
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-Supersede-Templates
+schemaIDGUID:: fa7onVt6HUK15AYfed/V1w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Template-Minor-Revision,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Template-Minor-Revision
+attributeID: 1.2.840.113556.1.4.1435
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Template-Minor-Revision
+adminDescription: ms-PKI-Template-Minor-Revision
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-Template-Minor-Revision
+schemaIDGUID:: bCP1E4QYsUa10EhOOJkNWA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Template-Schema-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Template-Schema-Version
+attributeID: 1.2.840.113556.1.4.1434
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Template-Schema-Version
+adminDescription: ms-PKI-Template-Schema-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-Template-Schema-Version
+schemaIDGUID:: 9ekVDB1JlEWRjzKBOgkdqQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RADIUS-FramedInterfaceId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RADIUS-FramedInterfaceId
+attributeID: 1.2.840.113556.1.4.1913
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 8
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RADIUS-FramedInterfaceId
+adminDescription: 
+ This Attribute indicates the IPv6 interface identifier to be configured for th
+ e user.
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUS-FramedInterfaceId
+schemaIDGUID:: I0ryplzWZU2mTzX7aHPCuQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RADIUS-FramedIpv6Prefix,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RADIUS-FramedIpv6Prefix
+attributeID: 1.2.840.113556.1.4.1915
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RADIUS-FramedIpv6Prefix
+adminDescription: 
+ This Attribute indicates an IPv6 prefix (and corresponding route) to be config
+ ured for the user.
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUS-FramedIpv6Prefix
+schemaIDGUID:: ENY+9nzWTUmHvs0eJDWaOA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RADIUS-FramedIpv6Route,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RADIUS-FramedIpv6Route
+attributeID: 1.2.840.113556.1.4.1917
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 4096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RADIUS-FramedIpv6Route
+adminDescription: 
+ This Attribute provides routing information to be configured for the user on t
+ he NAS.
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUS-FramedIpv6Route
+schemaIDGUID:: BKhaWoMwY0iU5QGKeaIuwA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RADIUS-SavedFramedInterfaceId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RADIUS-SavedFramedInterfaceId
+attributeID: 1.2.840.113556.1.4.1914
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 8
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RADIUS-SavedFramedInterfaceId
+adminDescription: 
+ This Attribute indicates the IPv6 interface identifier to be configured for th
+ e user.
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUS-SavedFramedInterfaceId
+schemaIDGUID:: iXLapKOS5UK2ttrRbSgKyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RADIUS-SavedFramedIpv6Prefix,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RADIUS-SavedFramedIpv6Prefix
+attributeID: 1.2.840.113556.1.4.1916
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RADIUS-SavedFramedIpv6Prefix
+adminDescription: 
+ This Attribute indicates an IPv6 prefix (and corresponding route) to be config
+ ured for the user.
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUS-SavedFramedIpv6Prefix
+schemaIDGUID:: YqBlCeGxO0C0jVwOsOlSzA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RADIUS-SavedFramedIpv6Route,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RADIUS-SavedFramedIpv6Route
+attributeID: 1.2.840.113556.1.4.1918
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 4096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RADIUS-SavedFramedIpv6Route
+adminDescription: 
+ This Attribute provides routing information to be configured for the user on t
+ he NAS.
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUS-SavedFramedIpv6Route
+schemaIDGUID:: XLtmlp3fQU20Ny7sfifJsw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RRAS-Attribute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RRAS-Attribute
+attributeID: 1.2.840.113556.1.4.884
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RRAS-Attribute
+adminDescription: ms-RRAS-Attribute
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msRRASAttribute
+schemaIDGUID:: rZib842T0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RRAS-Vendor-Attribute-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RRAS-Vendor-Attribute-Entry
+attributeID: 1.2.840.113556.1.4.883
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RRAS-Vendor-Attribute-Entry
+adminDescription: ms-RRAS-Vendor-Attribute-Entry
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msRRASVendorAttributeEntry
+schemaIDGUID:: rJib842T0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Config-License,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-Config-License
+attributeID: 1.2.840.113556.1.4.2087
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 5242880
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-Config-License
+adminDescription: 
+ Product-key configuration license used during online/phone activation of the A
+ ctive Directory forest
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msSPP-ConfigLicense
+schemaIDGUID:: tcRTA5nRsECzxd6zL9nsBg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Confirmation-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-Confirmation-Id
+attributeID: 1.2.840.113556.1.4.2084
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-Confirmation-Id
+adminDescription: 
+ Confirmation ID (CID) used for phone activation of the Active Directory forest
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSPP-ConfirmationId
+schemaIDGUID:: xJeHbtqsSUqHQLC9Bam4MQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-CSVLK-Partial-Product-Key,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-CSVLK-Partial-Product-Key
+attributeID: 1.2.840.113556.1.4.2106
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 5
+rangeUpper: 5
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-CSVLK-Partial-Product-Key
+adminDescription: 
+ Last 5 characters of CSVLK product-key used to create the Activation Object
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSPP-CSVLKPartialProductKey
+schemaIDGUID:: kbABplKGOkWzhoetI5t8CA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-CSVLK-Pid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-CSVLK-Pid
+attributeID: 1.2.840.113556.1.4.2105
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-CSVLK-Pid
+adminDescription: ID of CSVLK product-key used to create the Activation Object
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSPP-CSVLKPid
+schemaIDGUID:: DVF/tFBr4Ue1VncseeT/xA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-CSVLK-Sku-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-CSVLK-Sku-Id
+attributeID: 1.2.840.113556.1.4.2081
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-CSVLK-Sku-Id
+adminDescription: 
+ SKU ID of CSVLK product-key used to create the Activation Object
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msSPP-CSVLKSkuId
+schemaIDGUID:: OfeElnh7bUeNdDGtdpLu9A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Installation-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-Installation-Id
+attributeID: 1.2.840.113556.1.4.2083
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-Installation-Id
+adminDescription: 
+ Installation ID (IID) used for phone activation of the Active Directory forest
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSPP-InstallationId
+schemaIDGUID:: FLG/aXtAOUeiE8ZjgCs+Nw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Issuance-License,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-Issuance-License
+attributeID: 1.2.840.113556.1.4.2088
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 5242880
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-Issuance-License
+adminDescription: 
+ Issuance license used during online/phone activation of the Active Directory f
+ orest
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msSPP-IssuanceLicense
+schemaIDGUID:: obN1EK+70kmujcTyXIIzAw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-KMS-Ids,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-KMS-Ids
+attributeID: 1.2.840.113556.1.4.2082
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-KMS-Ids
+adminDescription: KMS IDs enabled by the Activation Object
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msSPP-KMSIds
+schemaIDGUID:: 2j5mm0I11kad8DFAJa8rrA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Online-License,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-Online-License
+attributeID: 1.2.840.113556.1.4.2085
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 5242880
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-Online-License
+adminDescription: 
+ License used during online activation of the Active Directory forest
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msSPP-OnlineLicense
+schemaIDGUID:: jjaPCRJIzUivt6E2uWgH7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Phone-License,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-Phone-License
+attributeID: 1.2.840.113556.1.4.2086
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 5242880
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-Phone-License
+adminDescription: 
+ License used during phone activation of the Active Directory forest
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msSPP-PhoneLicense
+schemaIDGUID:: EtnkZ2LzUkCMeUL0W6eyIQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Alias,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Alias
+attributeID: 1.2.840.113556.1.4.1395
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Alias
+adminDescription: MS-SQL-Alias
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: mS-SQL-Alias
+schemaIDGUID:: rrrG4O7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-AllowAnonymousSubscription,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-AllowAnonymousSubscription
+attributeID: 1.2.840.113556.1.4.1394
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-AllowAnonymousSubscription
+adminDescription: MS-SQL-AllowAnonymousSubscription
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-AllowAnonymousSubscription
+schemaIDGUID:: Sr532+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-AllowImmediateUpdatingSubscription,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-AllowImmediateUpdatingSubscription
+attributeID: 1.2.840.113556.1.4.1404
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-AllowImmediateUpdatingSubscription
+adminDescription: MS-SQL-AllowImmediateUpdatingSubscription
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-AllowImmediateUpdatingSubscription
+schemaIDGUID:: bmsYxEvT0hGZmgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-AllowKnownPullSubscription,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-AllowKnownPullSubscription
+attributeID: 1.2.840.113556.1.4.1403
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-AllowKnownPullSubscription
+adminDescription: MS-SQL-AllowKnownPullSubscription
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-AllowKnownPullSubscription
+schemaIDGUID:: VHC7w0vT0hGZmgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-AllowQueuedUpdatingSubscription,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-AllowQueuedUpdatingSubscription
+attributeID: 1.2.840.113556.1.4.1405
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-AllowQueuedUpdatingSubscription
+adminDescription: MS-SQL-AllowQueuedUpdatingSubscription
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-AllowQueuedUpdatingSubscription
+schemaIDGUID:: gMpYxEvT0hGZmgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-AllowSnapshotFilesFTPDownloading,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-AllowSnapshotFilesFTPDownloading
+attributeID: 1.2.840.113556.1.4.1406
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-AllowSnapshotFilesFTPDownloading
+adminDescription: MS-SQL-AllowSnapshotFilesFTPDownloading
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-AllowSnapshotFilesFTPDownloading
+schemaIDGUID:: 6IubxEvT0hGZmgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-AppleTalk,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-AppleTalk
+attributeID: 1.2.840.113556.1.4.1378
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-AppleTalk
+adminDescription: MS-SQL-AppleTalk
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-AppleTalk
+schemaIDGUID:: 9Inaj+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Applications,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Applications
+attributeID: 1.2.840.113556.1.4.1400
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Applications
+adminDescription: MS-SQL-Applications
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Applications
+schemaIDGUID:: 6qLN++7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Build,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Build
+attributeID: 1.2.840.113556.1.4.1368
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Build
+adminDescription: MS-SQL-Build
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Build
+schemaIDGUID:: xJQ+YO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-CharacterSet,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-CharacterSet
+attributeID: 1.2.840.113556.1.4.1370
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-CharacterSet
+adminDescription: MS-SQL-CharacterSet
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mS-SQL-CharacterSet
+schemaIDGUID:: pndhae7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Clustered,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Clustered
+attributeID: 1.2.840.113556.1.4.1373
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Clustered
+adminDescription: MS-SQL-Clustered
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Clustered
+schemaIDGUID:: kL14d+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-ConnectionURL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-ConnectionURL
+attributeID: 1.2.840.113556.1.4.1383
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-ConnectionURL
+adminDescription: MS-SQL-ConnectionURL
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-ConnectionURL
+schemaIDGUID:: 2iMtqe7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Contact,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Contact
+attributeID: 1.2.840.113556.1.4.1365
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Contact
+adminDescription: MS-SQL-Contact
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Contact
+schemaIDGUID:: 2L1sT+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-CreationDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-CreationDate
+attributeID: 1.2.840.113556.1.4.1397
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-CreationDate
+adminDescription: MS-SQL-CreationDate
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-CreationDate
+schemaIDGUID:: VEfh7e7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Database,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Database
+attributeID: 1.2.840.113556.1.4.1393
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Database
+adminDescription: MS-SQL-Database
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: mS-SQL-Database
+schemaIDGUID:: 3Nug1e7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Description
+attributeID: 1.2.840.113556.1.4.1390
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Description
+adminDescription: MS-SQL-Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Description
+schemaIDGUID:: PGCGg+/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-GPSHeight,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-GPSHeight
+attributeID: 1.2.840.113556.1.4.1387
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-GPSHeight
+adminDescription: MS-SQL-GPSHeight
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-GPSHeight
+schemaIDGUID:: Dk/dvO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-GPSLatitude,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-GPSLatitude
+attributeID: 1.2.840.113556.1.4.1385
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-GPSLatitude
+adminDescription: MS-SQL-GPSLatitude
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-GPSLatitude
+schemaIDGUID:: Droisu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-GPSLongitude,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-GPSLongitude
+attributeID: 1.2.840.113556.1.4.1386
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-GPSLongitude
+adminDescription: MS-SQL-GPSLongitude
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-GPSLongitude
+schemaIDGUID:: lHxXt+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-InformationDirectory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-InformationDirectory
+attributeID: 1.2.840.113556.1.4.1392
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-InformationDirectory
+adminDescription: MS-SQL-InformationDirectory
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-InformationDirectory
+schemaIDGUID:: Ltuu0O7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-InformationURL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-InformationURL
+attributeID: 1.2.840.113556.1.4.1382
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-InformationURL
+adminDescription: MS-SQL-InformationURL
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-InformationURL
+schemaIDGUID:: ENUspO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Keywords,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Keywords
+attributeID: 1.2.840.113556.1.4.1401
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Keywords
+adminDescription: MS-SQL-Keywords
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Keywords
+schemaIDGUID:: iqnpAe/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Language,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Language
+attributeID: 1.2.840.113556.1.4.1389
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Language
+adminDescription: MS-SQL-Language
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Language
+schemaIDGUID:: 9HJ/xe7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-LastBackupDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-LastBackupDate
+attributeID: 1.2.840.113556.1.4.1398
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-LastBackupDate
+adminDescription: MS-SQL-LastBackupDate
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-LastBackupDate
+schemaIDGUID:: yqu28u7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-LastDiagnosticDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-LastDiagnosticDate
+attributeID: 1.2.840.113556.1.4.1399
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-LastDiagnosticDate
+adminDescription: MS-SQL-LastDiagnosticDate
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-LastDiagnosticDate
+schemaIDGUID:: iN3W9u7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-LastUpdatedDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-LastUpdatedDate
+attributeID: 1.2.840.113556.1.4.1381
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-LastUpdatedDate
+adminDescription: MS-SQL-LastUpdatedDate
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-LastUpdatedDate
+schemaIDGUID:: 1EPMn+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Location
+attributeID: 1.2.840.113556.1.4.1366
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Location
+adminDescription: MS-SQL-Location
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Location
+schemaIDGUID:: RJYcVu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Memory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Memory
+attributeID: 1.2.840.113556.1.4.1367
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Memory
+adminDescription: MS-SQL-Memory
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Memory
+schemaIDGUID:: jERdW+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-MultiProtocol,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-MultiProtocol
+attributeID: 1.2.840.113556.1.4.1375
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-MultiProtocol
+adminDescription: MS-SQL-MultiProtocol
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-MultiProtocol
+schemaIDGUID:: OPpXge7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Name
+attributeID: 1.2.840.113556.1.4.1363
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Name
+adminDescription: MS-SQL-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: mS-SQL-Name
+schemaIDGUID:: 2N8yNe7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-NamedPipe,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-NamedPipe
+attributeID: 1.2.840.113556.1.4.1374
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-NamedPipe
+adminDescription: MS-SQL-NamedPipe
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-NamedPipe
+schemaIDGUID:: QMiRe+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-PublicationURL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-PublicationURL
+attributeID: 1.2.840.113556.1.4.1384
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-PublicationURL
+adminDescription: MS-SQL-PublicationURL
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-PublicationURL
+schemaIDGUID:: uBEMru7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Publisher,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Publisher
+attributeID: 1.2.840.113556.1.4.1402
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Publisher
+adminDescription: MS-SQL-Publisher
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Publisher
+schemaIDGUID:: WGhnwUvT0hGZmgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-RegisteredOwner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-RegisteredOwner
+attributeID: 1.2.840.113556.1.4.1364
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-RegisteredOwner
+adminDescription: MS-SQL-RegisteredOwner
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-RegisteredOwner
+schemaIDGUID:: 6kT9SO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-ServiceAccount,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-ServiceAccount
+attributeID: 1.2.840.113556.1.4.1369
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-ServiceAccount
+adminDescription: MS-SQL-ServiceAccount
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-ServiceAccount
+schemaIDGUID:: PjqTZO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Size
+attributeID: 1.2.840.113556.1.4.1396
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Size
+adminDescription: MS-SQL-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Size
+schemaIDGUID:: hIAJ6e7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-SortOrder,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-SortOrder
+attributeID: 1.2.840.113556.1.4.1371
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-SortOrder
+adminDescription: MS-SQL-SortOrder
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-SortOrder
+schemaIDGUID:: wELcbe7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-SPX,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-SPX
+attributeID: 1.2.840.113556.1.4.1376
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-SPX
+adminDescription: MS-SQL-SPX
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-SPX
+schemaIDGUID:: BICwhu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Status,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Status
+attributeID: 1.2.840.113556.1.4.1380
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Status
+adminDescription: MS-SQL-Status
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Status
+schemaIDGUID:: cEd9mu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-TCPIP,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-TCPIP
+attributeID: 1.2.840.113556.1.4.1377
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-TCPIP
+adminDescription: MS-SQL-TCPIP
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-TCPIP
+schemaIDGUID:: pmPCiu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-ThirdParty,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-ThirdParty
+attributeID: 1.2.840.113556.1.4.1407
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-ThirdParty
+adminDescription: MS-SQL-ThirdParty
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-ThirdParty
+schemaIDGUID:: /BHjxEvT0hGZmgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Type
+attributeID: 1.2.840.113556.1.4.1391
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Type
+adminDescription: MS-SQL-Type
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Type
+schemaIDGUID:: qOtIyu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-UnicodeSortOrder,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-UnicodeSortOrder
+attributeID: 1.2.840.113556.1.4.1372
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-UnicodeSortOrder
+adminDescription: MS-SQL-UnicodeSortOrder
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mS-SQL-UnicodeSortOrder
+schemaIDGUID:: ipHccu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Version
+attributeID: 1.2.840.113556.1.4.1388
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Version
+adminDescription: MS-SQL-Version
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: mS-SQL-Version
+schemaIDGUID:: 0MF8wO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Vines,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Vines
+attributeID: 1.2.840.113556.1.4.1379
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Vines
+adminDescription: MS-SQL-Vines
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Vines
+schemaIDGUID:: lGPFlO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TAPI-Conference-Blob,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TAPI-Conference-Blob
+attributeID: 1.2.840.113556.1.4.1700
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msTAPI-ConferenceBlob
+adminDescription: msTAPI-ConferenceBlob
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msTAPI-ConferenceBlob
+schemaIDGUID:: HmDETAFyQUGryD5SmuiIYw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TAPI-Ip-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TAPI-Ip-Address
+attributeID: 1.2.840.113556.1.4.1701
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msTAPI-IpAddress
+adminDescription: msTAPI-IpAddress
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTAPI-IpAddress
+schemaIDGUID:: 99fX744XZ0eH+viha4QFRA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TAPI-Protocol-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TAPI-Protocol-Id
+attributeID: 1.2.840.113556.1.4.1699
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msTAPI-ProtocolId
+adminDescription: msTAPI-ProtocolId
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTAPI-ProtocolId
+schemaIDGUID:: z+vBiV96/UGZyskAsyKZqw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TAPI-Unique-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TAPI-Unique-Identifier
+attributeID: 1.2.840.113556.1.4.1698
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msTAPI-uid
+adminDescription: msTAPI-uid
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTAPI-uid
+schemaIDGUID:: 6uekcLmzQ0aJGObdJHG/1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TPM-Owner-Information-Temp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TPM-Owner-Information-Temp
+attributeID: 1.2.840.113556.1.4.2108
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: TPM-OwnerInformationTemp
+adminDescription: 
+ This attribute contains temporary owner information for a particular TPM.
+oMSyntax: 64
+searchFlags: 640
+lDAPDisplayName: msTPM-OwnerInformationTemp
+schemaIDGUID:: nYCUyBO1+E+IEfT0P1rHvA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TPM-OwnerInformation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TPM-OwnerInformation
+attributeID: 1.2.840.113556.1.4.1966
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: TPM-OwnerInformation
+adminDescription: 
+ This attribute contains the owner information of a particular TPM.
+oMSyntax: 64
+searchFlags: 664
+lDAPDisplayName: msTPM-OwnerInformation
+schemaIDGUID:: bRpOqg1VBU6MNUr8uRep/g==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TPM-Srk-Pub-Thumbprint,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TPM-Srk-Pub-Thumbprint
+attributeID: 1.2.840.113556.1.4.2107
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 20
+showInAdvancedViewOnly: TRUE
+adminDisplayName: TPM-SrkPubThumbprint
+adminDescription: 
+ This attribute contains the thumbprint of the SrkPub corresponding to a partic
+ ular TPM. This helps to index the TPM devices in the directory.
+oMSyntax: 4
+searchFlags: 11
+lDAPDisplayName: msTPM-SrkPubThumbprint
+schemaIDGUID:: 6wbXGXZNokSF1hw0K+O+Nw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TPM-Tpm-Information-For-Computer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TPM-Tpm-Information-For-Computer
+attributeID: 1.2.840.113556.1.4.2109
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2182
+showInAdvancedViewOnly: TRUE
+adminDisplayName: TPM-TpmInformationForComputer
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: This attribute links a Computer object to a TPM object.
+oMSyntax: 127
+searchFlags: 16
+lDAPDisplayName: msTPM-TpmInformationForComputer
+schemaIDGUID:: k3sb6khe1Ua8bE30/aeKNQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TPM-Tpm-Information-For-Computer-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TPM-Tpm-Information-For-Computer-BL
+attributeID: 1.2.840.113556.1.4.2110
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2183
+showInAdvancedViewOnly: TRUE
+adminDisplayName: TPM-TpmInformationForComputerBL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute links a TPM object to the Computer objects associated with it.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msTPM-TpmInformationForComputerBL
+schemaIDGUID:: yYT6FM2OSEO8kW087Ucqtw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Allow-Logon,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Allow-Logon
+attributeID: 1.2.840.113556.1.4.1979
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Allow-Logon
+adminDescription: 
+ Terminal Services Allow Logon specifies whether the user is allowed to log on 
+ to the Terminal Server. The value is 1 if logon is allowed, and 0 if logon is 
+ not allowed.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msTSAllowLogon
+schemaIDGUID:: ZNQMOlS850CTrqZGpuzEtA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Broken-Connection-Action,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Broken-Connection-Action
+attributeID: 1.2.840.113556.1.4.1985
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Broken-Connection-Action
+adminDescription: 
+ Terminal Services Session Broken Connection Action specifies the action to tak
+ e when a Terminal Services session limit is reached. The value is 1 if the cli
+ ent session should be terminated, and 0 if the client session should be discon
+ nected.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msTSBrokenConnectionAction
+schemaIDGUID:: uhv0HARWPkaU1hoSh7csow==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Connect-Client-Drives,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Connect-Client-Drives
+attributeID: 1.2.840.113556.1.4.1986
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Connect-Client-Drives
+adminDescription: 
+ Terminal Services Session Connect Client Drives At Logon specifies whether to 
+ reconnect to mapped client drives at logon. The value is 1 if reconnection is 
+ enabled, and 0 if reconnection is disabled.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msTSConnectClientDrives
+schemaIDGUID:: rypXI90p6kSw+n6EOLmkow==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Connect-Printer-Drives,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Connect-Printer-Drives
+attributeID: 1.2.840.113556.1.4.1987
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Connect-Printer-Drives
+adminDescription: 
+ Terminal Services Session Connect Printer Drives At Logon specifies whether to
+  reconnect to mapped client printers at logon. The value is 1 if reconnection 
+ is enabled, and 0 if reconnection is disabled.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msTSConnectPrinterDrives
+schemaIDGUID:: N6nmjBuHkkyyhdmdQDZoHA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Default-To-Main-Printer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Default-To-Main-Printer
+attributeID: 1.2.840.113556.1.4.1988
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Default-To-Main-Printer
+adminDescription: 
+ Terminal Services Default To Main Printer specifies whether to print automatic
+ ally to the client's default printer. The value is 1 if printing to the client
+ 's default printer is enabled, and 0 if it is disabled.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msTSDefaultToMainPrinter
+schemaIDGUID:: veL/wM/Kx02I1WHp6Vdm9g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Endpoint-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Endpoint-Data
+attributeID: 1.2.840.113556.1.4.2070
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Endpoint-Data
+adminDescription: 
+ This attribute represents the VM Name for machine in TSV deployment.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSEndpointData
+schemaIDGUID:: B8ThQERD80CrQzYlo0pjog==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Endpoint-Plugin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Endpoint-Plugin
+attributeID: 1.2.840.113556.1.4.2072
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Endpoint-Plugin
+adminDescription: 
+ This attribute represents the name of the plugin which handles the orchestrati
+ on.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSEndpointPlugin
+schemaIDGUID:: abUIPB+AWEGxe+Nj1q5pag==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Endpoint-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Endpoint-Type
+attributeID: 1.2.840.113556.1.4.2071
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Endpoint-Type
+adminDescription: 
+ This attribute defines if the machine is a physical machine or a virtual machi
+ ne.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msTSEndpointType
+schemaIDGUID:: gN56N9jixUabzW2d7JOzXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ExpireDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ExpireDate
+attributeID: 1.2.840.113556.1.4.1993
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ExpireDate
+adminDescription: TS Expiration Date
+oMSyntax: 24
+searchFlags: 1
+lDAPDisplayName: msTSExpireDate
+schemaIDGUID:: 9U4AcMMlakSXyJlq6FZndg==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ExpireDate2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ExpireDate2
+attributeID: 1.2.840.113556.1.4.2000
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ExpireDate2
+adminDescription: Expiration date of the second TS per user CAL.
+oMSyntax: 24
+searchFlags: 1
+lDAPDisplayName: msTSExpireDate2
+schemaIDGUID:: cc/fVD+8C0+dWkskdruJJQ==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ExpireDate3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ExpireDate3
+attributeID: 1.2.840.113556.1.4.2003
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ExpireDate3
+adminDescription: Expiration date of the third TS per user CAL.
+oMSyntax: 24
+searchFlags: 1
+lDAPDisplayName: msTSExpireDate3
+schemaIDGUID:: BH+8QXK+MEm9EB80OUEjhw==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ExpireDate4,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ExpireDate4
+attributeID: 1.2.840.113556.1.4.2006
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ExpireDate4
+adminDescription: Expiration date of the fourth TS per user CAL.
+oMSyntax: 24
+searchFlags: 1
+lDAPDisplayName: msTSExpireDate4
+schemaIDGUID:: Q9wRXkogr0+gCGhjYhxvXw==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Home-Directory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Home-Directory
+attributeID: 1.2.840.113556.1.4.1977
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Home-Directory
+adminDescription: 
+ Terminal Services Home Directory specifies the Home directory for the user. Ea
+ ch user on a Terminal Server has a unique home directory. This ensures that ap
+ plication information is stored separately for each user in a multi-user envir
+ onment. To set a home directory on the local computer, specify a local path; f
+ or example, C:\Path. To set a home directory in a network environment, you mus
+ t first set the TerminalServicesHomeDrive property, and then set this property
+  to a UNC path.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSHomeDirectory
+schemaIDGUID:: 8BA1XefEIkG5H6IK3ZDiRg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Home-Drive,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Home-Drive
+attributeID: 1.2.840.113556.1.4.1978
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Home-Drive
+adminDescription: 
+ Terminal Services Home Drive specifies a Home drive for the user. In a network
+  environment, this property is a string containing a drive specification (a dr
+ ive letter followed by a colon) to which the UNC path specified in the Termina
+ lServicesHomeDirectory property is mapped. To set a home directory in a networ
+ k environment, you must first set this property and then set the TerminalServi
+ cesHomeDirectory property.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSHomeDrive
+schemaIDGUID:: 2SQKX/rf2Uysv6BoDANzHg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Initial-Program,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Initial-Program
+attributeID: 1.2.840.113556.1.4.1990
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Initial-Program
+adminDescription: 
+ Terminal Services Session Initial Program specifies the Path and file name of 
+ the application that the user wants to start automatically when the user logs 
+ on to the Terminal Server. To set an initial application to start when the use
+ r logs on, you must first set this property and then set the TerminalServicesW
+ orkDirectory property. If you set only the TerminalServicesInitialProgram prop
+ erty, the application starts in the user's session in the default user directo
+ ry.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSInitialProgram
+schemaIDGUID:: b6wBkmkd+02ALtlVEBCVmQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-LicenseVersion,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-LicenseVersion
+attributeID: 1.2.840.113556.1.4.1994
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-LicenseVersion
+adminDescription: TS License Version
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSLicenseVersion
+schemaIDGUID:: iUrpCi838k2uisZKK8RyeA==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-LicenseVersion2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-LicenseVersion2
+attributeID: 1.2.840.113556.1.4.2001
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-LicenseVersion2
+adminDescription: Version of the second TS per user CAL.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSLicenseVersion2
+schemaIDGUID:: A/ENS5eN2UWtaYXDCAuk5w==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-LicenseVersion3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-LicenseVersion3
+attributeID: 1.2.840.113556.1.4.2004
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-LicenseVersion3
+adminDescription: Version of the third TS per user CAL.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSLicenseVersion3
+schemaIDGUID:: gY+6+KtMc0mjyDptpipeMQ==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-LicenseVersion4,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-LicenseVersion4
+attributeID: 1.2.840.113556.1.4.2007
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-LicenseVersion4
+adminDescription: Version of the fourth TS per user CAL.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSLicenseVersion4
+schemaIDGUID:: l13KcAQjCkmKJ1JnjI0glQ==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ManagingLS,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ManagingLS
+attributeID: 1.2.840.113556.1.4.1995
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ManagingLS
+adminDescription: TS Managing License Server
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSManagingLS
+schemaIDGUID:: R8W887CFLEOawDBFBr8sgw==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ManagingLS2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ManagingLS2
+attributeID: 1.2.840.113556.1.4.2002
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ManagingLS2
+adminDescription: Issuer name of the second TS per user CAL.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSManagingLS2
+schemaIDGUID:: VwefNL1RyE+dZj7O6oolvg==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ManagingLS3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ManagingLS3
+attributeID: 1.2.840.113556.1.4.2005
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ManagingLS3
+adminDescription: Issuer name of the third TS per user CAL.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSManagingLS3
+schemaIDGUID:: wdzV+jAhh0yhGHUyLNZwUA==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ManagingLS4,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ManagingLS4
+attributeID: 1.2.840.113556.1.4.2008
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ManagingLS4
+adminDescription: Issuer name of the fourth TS per user CAL.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSManagingLS4
+schemaIDGUID:: oLaj9wchQEGzBnXLUhcx5Q==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Max-Connection-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Max-Connection-Time
+attributeID: 1.2.840.113556.1.4.1982
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Max-Connection-Time
+adminDescription: 
+ Terminal Services Session maximum Connection Time is Maximum duration, in minu
+ tes, of the Terminal Services session. After the specified number of minutes h
+ ave elapsed, the session can be disconnected or terminated.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msTSMaxConnectionTime
+schemaIDGUID:: 4g6WHWRklU6ngeO1zV+ViA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Max-Disconnection-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Max-Disconnection-Time
+attributeID: 1.2.840.113556.1.4.1981
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Max-Disconnection-Time
+adminDescription: 
+ Terminal Services Session Maximum Disconnection Time is maximum amount of time
+ , in minutes, that a disconnected Terminal Services session remains active on 
+ the Terminal Server. After the specified number of minutes have elapsed, the s
+ ession is terminated.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msTSMaxDisconnectionTime
+schemaIDGUID:: iXBvMthThEe4FEbYU1EQ0g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Max-Idle-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Max-Idle-Time
+attributeID: 1.2.840.113556.1.4.1983
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Max-Idle-Time
+adminDescription: 
+ Terminal Services Session Maximum Idle Time is maximum amount of time, in minu
+ tes, that the Terminal Services session can remain idle. After the specified n
+ umber of minutes have elapsed, the session can be disconnected or terminated.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msTSMaxIdleTime
+schemaIDGUID:: nJ5z/7drDkayIeJQ894PlQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Primary-Desktop,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Primary-Desktop
+attributeID: 1.2.840.113556.1.4.2073
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2170
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Primary-Desktop
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute represents the forward link to user's primary desktop.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msTSPrimaryDesktop
+schemaIDGUID:: lJYlKeQJN0KfcpMG6+Y6sg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Primary-Desktop-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Primary-Desktop-BL
+attributeID: 1.2.840.113556.1.4.2074
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2171
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Primary-Desktop-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: This attribute represents the backward link to user.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msTSPrimaryDesktopBL
+schemaIDGUID:: GNyqndFA0U6iv2ub9H09qg==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Profile-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Profile-Path
+attributeID: 1.2.840.113556.1.4.1976
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Profile-Path
+adminDescription: 
+ Terminal Services Profile Path specifies a roaming or mandatory profile path t
+ o use when the user logs on to the Terminal Server. The profile path is in the
+  following network path format: \\servername\profiles folder name\username
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSProfilePath
+schemaIDGUID:: 2zBc5mwxYECjoDh7CD8JzQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-Property01,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-Property01
+attributeID: 1.2.840.113556.1.4.1991
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-Property01
+adminDescription: Placeholder Terminal Server Property 01
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSProperty01
+schemaIDGUID:: d6mu+lWW10mFPfJ7t6rKDw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-Property02,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-Property02
+attributeID: 1.2.840.113556.1.4.1992
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-Property02
+adminDescription: Placeholder Terminal Server Property 02
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSProperty02
+schemaIDGUID:: rPaGNbdReEmrQvk2RjGY5w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Reconnection-Action,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Reconnection-Action
+attributeID: 1.2.840.113556.1.4.1984
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Reconnection-Action
+adminDescription: 
+ Terminal Services Session Reconnection Action specifies whether to allow recon
+ nection to a disconnected Terminal Services session from any client computer. 
+ The value is 1 if reconnection is allowed from the original client computer on
+ ly, and 0 if reconnection from any client computer is allowed.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msTSReconnectionAction
+schemaIDGUID:: ytduNhg+f0yrrjUaAeS09w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Remote-Control,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Remote-Control
+attributeID: 1.2.840.113556.1.4.1980
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Remote-Control
+adminDescription: 
+ Terminal Services Remote Control specifies the whether to allow remote observa
+ tion or remote control of the user's Terminal Services session. For a descript
+ ion of these values, see the RemoteControl method of the Win32_TSRemoteControl
+ Setting WMI class. 0 - Disable, 1 - EnableInputNotify, 2 - EnableInputNoNotify
+ , 3 - EnableNoInputNotify and 4 - EnableNoInputNoNotify
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msTSRemoteControl
+schemaIDGUID:: JnIXFUKGi0aMSAPd/QBJgg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Secondary-Desktop-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Secondary-Desktop-BL
+attributeID: 1.2.840.113556.1.4.2078
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2173
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Secondary-Desktop-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: This attribute represents the backward link to user.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msTSSecondaryDesktopBL
+schemaIDGUID:: rwexNAqgWkWxOd0aGxLYrw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Secondary-Desktops,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Secondary-Desktops
+attributeID: 1.2.840.113556.1.4.2075
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2172
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Secondary-Desktops
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute represents the array of forward links to user's secondary deskt
+ ops.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msTSSecondaryDesktops
+schemaIDGUID:: mqI69jG74Ui/qwpsWh05wg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Work-Directory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Work-Directory
+attributeID: 1.2.840.113556.1.4.1989
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Work-Directory
+adminDescription: 
+ Terminal Services Session Work Directory specifies the working directory path 
+ for the user. To set an initial application to start when the user logs on to 
+ the Terminal Server, you must first set the TerminalServicesInitialProgram pro
+ perty, and then set this property.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSWorkDirectory
+schemaIDGUID:: ZvZEpzw9yEyDS51Pb2h7iw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TSLS-Property01,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TSLS-Property01
+attributeID: 1.2.840.113556.1.4.2009
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TSLS-Property01
+adminDescription: Placeholder Terminal Server License Server Property 01
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSLSProperty01
+schemaIDGUID:: kDXlhx2XUkqVW0eU0VqErg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TSLS-Property02,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TSLS-Property02
+attributeID: 1.2.840.113556.1.4.2010
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TSLS-Property02
+adminDescription: Placeholder Terminal Server License Server Property 02
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSLSProperty02
+schemaIDGUID:: sHvHR24xL06X8Q1MSPyp3Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Author,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Author
+attributeID: 1.2.840.113556.1.4.1623
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-Author
+adminDescription: ms-WMI-Author
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Author
+schemaIDGUID:: wcBmY3JpZk6zpR1SrQwFRw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-ChangeDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-ChangeDate
+attributeID: 1.2.840.113556.1.4.1624
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-ChangeDate
+adminDescription: ms-WMI-ChangeDate
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-ChangeDate
+schemaIDGUID:: oPfN+UTsN0mnm82RUis6qA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Class
+attributeID: 1.2.840.113556.1.4.1676
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Class
+adminDescription: ms-WMI-Class
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Class
+schemaIDGUID:: X5LBkCRKB0uyAr4y6zyLdA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-ClassDefinition,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-ClassDefinition
+attributeID: 1.2.840.113556.1.4.1625
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-ClassDefinition
+adminDescription: ms-WMI-ClassDefinition
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-ClassDefinition
+schemaIDGUID:: vA6cK3LCy0WZ0k0OaRYy4A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-CreationDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-CreationDate
+attributeID: 1.2.840.113556.1.4.1626
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-CreationDate
+adminDescription: ms-WMI-CreationDate
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-CreationDate
+schemaIDGUID:: LgqLdFEzP0uxcS8XQU6neQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Genus,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Genus
+attributeID: 1.2.840.113556.1.4.1677
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Genus
+adminDescription: ms-WMI-Genus
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-Genus
+schemaIDGUID:: OmfIUFaPFEaTCJ4TQPua8w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-ID
+attributeID: 1.2.840.113556.1.4.1627
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-ID
+adminDescription: ms-WMI-ID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-ID
+schemaIDGUID:: A6g5k7iU90eRI6hTuf9+RQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-int8Default,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-int8Default
+attributeID: 1.2.840.113556.1.4.1632
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-int8Default
+adminDescription: ms-WMI-int8Default
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msWMI-Int8Default
+schemaIDGUID:: WgjY9FuMhUeVm9xYVWbkRQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-int8Max,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-int8Max
+attributeID: 1.2.840.113556.1.4.1633
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-int8Max
+adminDescription: ms-WMI-int8Max
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msWMI-Int8Max
+schemaIDGUID:: R7XY4z0ARkmjK9x87clrdA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-int8Min,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-int8Min
+attributeID: 1.2.840.113556.1.4.1634
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-int8Min
+adminDescription: ms-WMI-int8Min
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msWMI-Int8Min
+schemaIDGUID:: 0YkU7cxUZkCzaKANqiZk8Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-int8ValidValues,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-int8ValidValues
+attributeID: 1.2.840.113556.1.4.1635
+attributeSyntax: 2.5.5.16
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-int8ValidValues
+adminDescription: ms-WMI-int8ValidValues
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msWMI-Int8ValidValues
+schemaIDGUID:: qRk1EALAG0SYGrCz4BLIAw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intDefault,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intDefault
+attributeID: 1.2.840.113556.1.4.1628
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-intDefault
+adminDescription: ms-WMI-intDefault
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-IntDefault
+schemaIDGUID:: +AcMG912YECh4XAIRhnckA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intFlags1,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intFlags1
+attributeID: 1.2.840.113556.1.4.1678
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-intFlags1
+adminDescription: ms-WMI-intFlags1
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-intFlags1
+schemaIDGUID:: uQbgGEVk40idz7Xs+8Tfjg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intFlags2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intFlags2
+attributeID: 1.2.840.113556.1.4.1679
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-intFlags2
+adminDescription: ms-WMI-intFlags2
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-intFlags2
+schemaIDGUID:: yUJaB1rFsUWsk+sIazH2EA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intFlags3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intFlags3
+attributeID: 1.2.840.113556.1.4.1680
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-intFlags3
+adminDescription: ms-WMI-intFlags3
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-intFlags3
+schemaIDGUID:: Nqef8gne5EuyOuc0wSS6zA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intFlags4,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intFlags4
+attributeID: 1.2.840.113556.1.4.1681
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-intFlags4
+adminDescription: ms-WMI-intFlags4
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-intFlags4
+schemaIDGUID:: rKd0vZPEnEy9+lx7EZymsg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intMax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intMax
+attributeID: 1.2.840.113556.1.4.1629
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-intMax
+adminDescription: ms-WMI-intMax
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-IntMax
+schemaIDGUID:: LAyS+5TyJkSKwdJLQqorzg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intMin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intMin
+attributeID: 1.2.840.113556.1.4.1630
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-intMin
+adminDescription: ms-WMI-intMin
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-IntMin
+schemaIDGUID:: uuPCaDeYcEyY4PDDNpXQIw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intValidValues,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intValidValues
+attributeID: 1.2.840.113556.1.4.1631
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-intValidValues
+adminDescription: ms-WMI-intValidValues
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-IntValidValues
+schemaIDGUID:: 9mX1akmnckuWNDxdR+a04A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Mof,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Mof
+attributeID: 1.2.840.113556.1.4.1638
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-Mof
+adminDescription: ms-WMI-Mof
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Mof
+schemaIDGUID:: n4A2Z2QgPkShRYEmKx8TZg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Name
+attributeID: 1.2.840.113556.1.4.1639
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-Name
+adminDescription: ms-WMI-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Name
+schemaIDGUID:: 5azIxoF+r0KtcndBLFlBxA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-NormalizedClass,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-NormalizedClass
+attributeID: 1.2.840.113556.1.4.1640
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-NormalizedClass
+adminDescription: ms-WMI-NormalizedClass
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-NormalizedClass
+schemaIDGUID:: j2K66o7r6U+D/Gk75pVVmw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Parm1,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Parm1
+attributeID: 1.2.840.113556.1.4.1682
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Parm1
+adminDescription: ms-WMI-Parm1
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Parm1
+schemaIDGUID:: hRToJ7Cxi0q+3c4ZqDfibg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Parm2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Parm2
+attributeID: 1.2.840.113556.1.4.1683
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Parm2
+adminDescription: ms-WMI-Parm2
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Parm2
+schemaIDGUID:: jlADAEKcdkqo9Di/ZLqw3g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Parm3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Parm3
+attributeID: 1.2.840.113556.1.4.1684
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Parm3
+adminDescription: ms-WMI-Parm3
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Parm3
+schemaIDGUID:: to+VRb1Szkifn8JxLZ8r/A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Parm4,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Parm4
+attributeID: 1.2.840.113556.1.4.1685
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Parm4
+adminDescription: ms-WMI-Parm4
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Parm4
+schemaIDGUID:: o9UAOM7xgkulmhUo6nlfWQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-PropertyName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-PropertyName
+attributeID: 1.2.840.113556.1.4.1641
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-PropertyName
+adminDescription: ms-WMI-PropertyName
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-PropertyName
+schemaIDGUID:: gwiSq/jnck20oMBEmJdQnQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Query,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Query
+attributeID: 1.2.840.113556.1.4.1642
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-Query
+adminDescription: ms-WMI-Query
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Query
+schemaIDGUID:: Pvn/ZeM1o0WFrodsZxgpfw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-QueryLanguage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-QueryLanguage
+attributeID: 1.2.840.113556.1.4.1643
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-QueryLanguage
+adminDescription: ms-WMI-QueryLanguage
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-QueryLanguage
+schemaIDGUID:: mPo8fXvBVEKL103puTKjRQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-ScopeGuid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-ScopeGuid
+attributeID: 1.2.840.113556.1.4.1686
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-ScopeGuid
+adminDescription: ms-WMI-ScopeGuid
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-ScopeGuid
+schemaIDGUID:: UY23h19Af0uA7SvSh4b0jQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-SourceOrganization,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-SourceOrganization
+attributeID: 1.2.840.113556.1.4.1644
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-SourceOrganization
+adminDescription: ms-WMI-SourceOrganization
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-SourceOrganization
+schemaIDGUID:: bO33NF1hjUGqAFSafXvgPg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-stringDefault,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-stringDefault
+attributeID: 1.2.840.113556.1.4.1636
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-stringDefault
+adminDescription: ms-WMI-stringDefault
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-StringDefault
+schemaIDGUID:: tkIuFcU3VU+rSBYGOEqa6g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-stringValidValues,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-stringValidValues
+attributeID: 1.2.840.113556.1.4.1637
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-stringValidValues
+adminDescription: ms-WMI-stringValidValues
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-StringValidValues
+schemaIDGUID:: MZ1gN7+iWEuPUytk5XoHbQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-TargetClass,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-TargetClass
+attributeID: 1.2.840.113556.1.4.1645
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-TargetClass
+adminDescription: ms-WMI-TargetClass
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-TargetClass
+schemaIDGUID:: 1ti2lejJYUaivGpcq8BMYg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-TargetNameSpace,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-TargetNameSpace
+attributeID: 1.2.840.113556.1.4.1646
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-TargetNameSpace
+adminDescription: ms-WMI-TargetNameSpace
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-TargetNameSpace
+schemaIDGUID:: H7ZKHCA05USEnYtdv2D+tw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-TargetObject,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-TargetObject
+attributeID: 1.2.840.113556.1.4.1647
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-TargetObject
+adminDescription: ms-WMI-TargetObject
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msWMI-TargetObject
+schemaIDGUID:: pWdPxOV9H0qS2WYrVzZLdw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-TargetPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-TargetPath
+attributeID: 1.2.840.113556.1.4.1648
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-TargetPath
+adminDescription: ms-WMI-TargetPath
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-TargetPath
+schemaIDGUID:: mqcGUP5rYUWfUhPPTdPlYA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-TargetType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-TargetType
+attributeID: 1.2.840.113556.1.4.1649
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-TargetType
+adminDescription: ms-WMI-TargetType
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-TargetType
+schemaIDGUID:: Higqyism90+0GbwSM1Kk6Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Mscope-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Mscope-Id
+attributeID: 1.2.840.113556.1.4.716
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Mscope-Id
+adminDescription: Mscope-Id
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: mscopeId
+schemaIDGUID:: USc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Msi-File-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Msi-File-List
+attributeID: 1.2.840.113556.1.4.671
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Msi-File-List
+adminDescription: Msi-File-List
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msiFileList
+schemaIDGUID:: fcv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Msi-Script,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Msi-Script
+attributeID: 1.2.840.113556.1.4.814
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Msi-Script
+adminDescription: Msi-Script
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msiScript
+schemaIDGUID:: E4Ph2TmJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Msi-Script-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Msi-Script-Name
+attributeID: 1.2.840.113556.1.4.845
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Msi-Script-Name
+adminDescription: Msi-Script-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msiScriptName
+schemaIDGUID:: Yt2nlhiR0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Msi-Script-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Msi-Script-Path
+attributeID: 1.2.840.113556.1.4.15
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Msi-Script-Path
+adminDescription: Msi-Script-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msiScriptPath
+schemaIDGUID:: N3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Msi-Script-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Msi-Script-Size
+attributeID: 1.2.840.113556.1.4.846
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Msi-Script-Size
+adminDescription: Msi-Script-Size
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msiScriptSize
+schemaIDGUID:: Y92nlhiR0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Authenticate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Authenticate
+attributeID: 1.2.840.113556.1.4.923
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Authenticate
+adminDescription: MSMQ-Authenticate
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQAuthenticate
+schemaIDGUID:: JsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Base-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Base-Priority
+attributeID: 1.2.840.113556.1.4.920
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Base-Priority
+adminDescription: MSMQ-Base-Priority
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQBasePriority
+schemaIDGUID:: I8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Computer-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Computer-Type
+attributeID: 1.2.840.113556.1.4.933
+attributeSyntax: 2.5.5.4
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Computer-Type
+adminDescription: MSMQ-Computer-Type
+oMSyntax: 20
+searchFlags: 0
+lDAPDisplayName: mSMQComputerType
+schemaIDGUID:: LsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Computer-Type-Ex,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Computer-Type-Ex
+attributeID: 1.2.840.113556.1.4.1417
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Computer-Type-Ex
+adminDescription: MSMQ-Computer-Type-Ex
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mSMQComputerTypeEx
+schemaIDGUID:: 6A0SGMT0QUO9lTLrW898gA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Cost,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Cost
+attributeID: 1.2.840.113556.1.4.946
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Cost
+adminDescription: MSMQ-Cost
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQCost
+schemaIDGUID:: OsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-CSP-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-CSP-Name
+attributeID: 1.2.840.113556.1.4.940
+attributeSyntax: 2.5.5.4
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-CSP-Name
+adminDescription: MSMQ-CSP-Name
+oMSyntax: 20
+searchFlags: 0
+lDAPDisplayName: mSMQCSPName
+schemaIDGUID:: NMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Dependent-Client-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Dependent-Client-Service
+attributeID: 1.2.840.113556.1.4.1239
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Dependent-Client-Service
+adminDescription: MSMQ-Dependent-Client-Service
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQDependentClientService
+schemaIDGUID:: gw35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Dependent-Client-Services,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Dependent-Client-Services
+attributeID: 1.2.840.113556.1.4.1226
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Dependent-Client-Services
+adminDescription: MSMQ-Dependent-Client-Services
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQDependentClientServices
+schemaIDGUID:: dg35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Digests,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Digests
+attributeID: 1.2.840.113556.1.4.948
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Digests
+adminDescription: MSMQ-Digests
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: mSMQDigests
+schemaIDGUID:: PMMNmgDB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Digests-Mig,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Digests-Mig
+attributeID: 1.2.840.113556.1.4.966
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Digests-Mig
+adminDescription: MSMQ-Digests-Mig
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQDigestsMig
+schemaIDGUID:: 4NhxDzva0RGQpQDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Ds-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Ds-Service
+attributeID: 1.2.840.113556.1.4.1238
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Ds-Service
+adminDescription: MSMQ-Ds-Service
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQDsService
+schemaIDGUID:: gg35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Ds-Services,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Ds-Services
+attributeID: 1.2.840.113556.1.4.1228
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Ds-Services
+adminDescription: MSMQ-Ds-Services
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQDsServices
+schemaIDGUID:: eA35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Encrypt-Key,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Encrypt-Key
+attributeID: 1.2.840.113556.1.4.936
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Encrypt-Key
+adminDescription: MSMQ-Encrypt-Key
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQEncryptKey
+schemaIDGUID:: McMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Foreign,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Foreign
+attributeID: 1.2.840.113556.1.4.934
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Foreign
+adminDescription: MSMQ-Foreign
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQForeign
+schemaIDGUID:: L8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-In-Routing-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-In-Routing-Servers
+attributeID: 1.2.840.113556.1.4.929
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-In-Routing-Servers
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-In-Routing-Servers
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQInRoutingServers
+schemaIDGUID:: LMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Interval1,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Interval1
+attributeID: 1.2.840.113556.1.4.1308
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Interval1
+adminDescription: MSMQ-Interval1
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQInterval1
+schemaIDGUID:: qiWojns70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Interval2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Interval2
+attributeID: 1.2.840.113556.1.4.1309
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Interval2
+adminDescription: MSMQ-Interval2
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQInterval2
+schemaIDGUID:: Uo+4mXs70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Journal,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Journal
+attributeID: 1.2.840.113556.1.4.918
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Journal
+adminDescription: MSMQ-Journal
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQJournal
+schemaIDGUID:: IcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Journal-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Journal-Quota
+attributeID: 1.2.840.113556.1.4.921
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Journal-Quota
+adminDescription: MSMQ-Journal-Quota
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQJournalQuota
+schemaIDGUID:: JMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Label,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Label
+attributeID: 1.2.840.113556.1.4.922
+attributeSyntax: 2.5.5.4
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 124
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Label
+adminDescription: MSMQ-Label
+oMSyntax: 20
+searchFlags: 1
+lDAPDisplayName: mSMQLabel
+schemaIDGUID:: JcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Label-Ex,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Label-Ex
+attributeID: 1.2.840.113556.1.4.1415
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 124
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Label-Ex
+adminDescription: MSMQ-Label-Ex
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: mSMQLabelEx
+schemaIDGUID:: Ja2ARQfU0kitJEPm5WeT1w==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Long-Lived,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Long-Lived
+attributeID: 1.2.840.113556.1.4.941
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Long-Lived
+adminDescription: MSMQ-Long-Lived
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQLongLived
+schemaIDGUID:: NcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Migrated,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Migrated
+attributeID: 1.2.840.113556.1.4.952
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Migrated
+adminDescription: MSMQ-Migrated
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQMigrated
+schemaIDGUID:: P8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Multicast-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Multicast-Address
+attributeID: 1.2.840.113556.1.4.1714
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 9
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Multicast-Address
+adminDescription: MSMQ-Multicast-Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: MSMQ-MulticastAddress
+schemaIDGUID:: EkQvHQ3xN0ObSG5bElzSZQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Name-Style,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Name-Style
+attributeID: 1.2.840.113556.1.4.939
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Name-Style
+adminDescription: MSMQ-Name-Style
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQNameStyle
+schemaIDGUID:: M8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Nt4-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Nt4-Flags
+attributeID: 1.2.840.113556.1.4.964
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Nt4-Flags
+adminDescription: MSMQ-Nt4-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQNt4Flags
+schemaIDGUID:: WKE463/V0RGQogDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Nt4-Stub,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Nt4-Stub
+attributeID: 1.2.840.113556.1.4.960
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Nt4-Stub
+adminDescription: MSMQ-Nt4-Stub
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQNt4Stub
+schemaIDGUID:: 5kuRb37V0RGQogDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-OS-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-OS-Type
+attributeID: 1.2.840.113556.1.4.935
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-OS-Type
+adminDescription: MSMQ-OS-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQOSType
+schemaIDGUID:: MMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Out-Routing-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Out-Routing-Servers
+attributeID: 1.2.840.113556.1.4.928
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Out-Routing-Servers
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-Out-Routing-Servers
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQOutRoutingServers
+schemaIDGUID:: K8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Owner-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Owner-ID
+attributeID: 1.2.840.113556.1.4.925
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Owner-ID
+adminDescription: MSMQ-Owner-ID
+oMSyntax: 4
+searchFlags: 9
+lDAPDisplayName: mSMQOwnerID
+schemaFlagsEx: 1
+schemaIDGUID:: KMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Prev-Site-Gates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Prev-Site-Gates
+attributeID: 1.2.840.113556.1.4.1225
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Prev-Site-Gates
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-Prev-Site-Gates
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQPrevSiteGates
+schemaIDGUID:: dQ35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Privacy-Level,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Privacy-Level
+attributeID: 1.2.840.113556.1.4.924
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Privacy-Level
+adminDescription: MSMQ-Privacy-Level
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: mSMQPrivacyLevel
+schemaIDGUID:: J8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-QM-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-QM-ID
+attributeID: 1.2.840.113556.1.4.951
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-QM-ID
+adminDescription: MSMQ-QM-ID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQQMID
+schemaIDGUID:: PsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Queue-Journal-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Queue-Journal-Quota
+attributeID: 1.2.840.113556.1.4.963
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Queue-Journal-Quota
+adminDescription: MSMQ-Queue-Journal-Quota
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQQueueJournalQuota
+schemaIDGUID:: ZhJEjn/V0RGQogDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Queue-Name-Ext,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Queue-Name-Ext
+attributeID: 1.2.840.113556.1.4.1243
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 92
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Queue-Name-Ext
+adminDescription: MSMQ-Queue-Name-Ext
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mSMQQueueNameExt
+schemaIDGUID:: hw35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Queue-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Queue-Quota
+attributeID: 1.2.840.113556.1.4.962
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Queue-Quota
+adminDescription: MSMQ-Queue-Quota
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQQueueQuota
+schemaIDGUID:: Eo5rP3/V0RGQogDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Queue-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Queue-Type
+attributeID: 1.2.840.113556.1.4.917
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Queue-Type
+adminDescription: MSMQ-Queue-Type
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: mSMQQueueType
+schemaIDGUID:: IMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Quota
+attributeID: 1.2.840.113556.1.4.919
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Quota
+adminDescription: MSMQ-Quota
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQQuota
+schemaIDGUID:: IsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Recipient-FormatName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Recipient-FormatName
+attributeID: 1.2.840.113556.1.4.1695
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Recipient-FormatName
+adminDescription: MSMQ-Recipient-FormatName
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msMQ-Recipient-FormatName
+schemaIDGUID:: SGf+O0S1WkiwZxsxDEM0vw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Routing-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Routing-Service
+attributeID: 1.2.840.113556.1.4.1237
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Routing-Service
+adminDescription: MSMQ-Routing-Service
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQRoutingService
+schemaIDGUID:: gQ35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Routing-Services,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Routing-Services
+attributeID: 1.2.840.113556.1.4.1227
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Routing-Services
+adminDescription: MSMQ-Routing-Services
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQRoutingServices
+schemaIDGUID:: dw35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Secured-Source,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Secured-Source
+attributeID: 1.2.840.113556.1.4.1713
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Secured-Source
+adminDescription: MSMQ-Secured-Source
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: MSMQ-SecuredSource
+schemaIDGUID:: GyLwiwZ6Y02R8BSZlBgT0w==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Service-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Service-Type
+attributeID: 1.2.840.113556.1.4.930
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Service-Type
+adminDescription: MSMQ-Service-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQServiceType
+schemaIDGUID:: LcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Services,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Services
+attributeID: 1.2.840.113556.1.4.950
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Services
+adminDescription: MSMQ-Services
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQServices
+schemaIDGUID:: PcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Sign-Certificates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Sign-Certificates
+attributeID: 1.2.840.113556.1.4.947
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1048576
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Sign-Certificates
+adminDescription: MSMQ-Sign-Certificates
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQSignCertificates
+schemaIDGUID:: O8MNmgDB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Sign-Certificates-Mig,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Sign-Certificates-Mig
+attributeID: 1.2.840.113556.1.4.967
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1048576
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Sign-Certificates-Mig
+adminDescription: MSMQ-Sign-Certificates-Mig
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQSignCertificatesMig
+schemaIDGUID:: 6riBODva0RGQpQDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Sign-Key,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Sign-Key
+attributeID: 1.2.840.113556.1.4.937
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Sign-Key
+adminDescription: MSMQ-Sign-Key
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQSignKey
+schemaIDGUID:: MsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-1,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-1
+attributeID: 1.2.840.113556.1.4.943
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-1
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-Site-1
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQSite1
+schemaIDGUID:: N8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-2
+attributeID: 1.2.840.113556.1.4.944
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-2
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-Site-2
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQSite2
+schemaIDGUID:: OMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-Foreign,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-Foreign
+attributeID: 1.2.840.113556.1.4.961
+attributeSyntax: 2.5.5.8
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-Foreign
+adminDescription: MSMQ-Site-Foreign
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQSiteForeign
+schemaIDGUID:: ip0S/X7V0RGQogDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-Gates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-Gates
+attributeID: 1.2.840.113556.1.4.945
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-Gates
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-Site-Gates
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQSiteGates
+schemaIDGUID:: OcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-Gates-Mig,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-Gates-Mig
+attributeID: 1.2.840.113556.1.4.1310
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-Gates-Mig
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-Site-Gates-Mig
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQSiteGatesMig
+schemaIDGUID:: Ukhw4ns70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-ID
+attributeID: 1.2.840.113556.1.4.953
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-ID
+adminDescription: MSMQ-Site-ID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQSiteID
+schemaIDGUID:: QMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-Name
+attributeID: 1.2.840.113556.1.4.965
+attributeSyntax: 2.5.5.4
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-Name
+adminDescription: MSMQ-Site-Name
+oMSyntax: 20
+searchFlags: 0
+lDAPDisplayName: mSMQSiteName
+schemaIDGUID:: srSt/zne0RGQpQDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-Name-Ex,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-Name-Ex
+attributeID: 1.2.840.113556.1.4.1416
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-Name-Ex
+adminDescription: MSMQ-Site-Name-Ex
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mSMQSiteNameEx
+schemaIDGUID:: +kQhQn/BSUaU1pcx7SeE7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Sites,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Sites
+attributeID: 1.2.840.113556.1.4.927
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Sites
+adminDescription: MSMQ-Sites
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQSites
+schemaIDGUID:: KsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Transactional,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Transactional
+attributeID: 1.2.840.113556.1.4.926
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Transactional
+adminDescription: MSMQ-Transactional
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQTransactional
+schemaIDGUID:: KcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-User-Sid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-User-Sid
+attributeID: 1.2.840.113556.1.4.1337
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-User-Sid
+adminDescription: MSMQ-User-Sid
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQUserSid
+schemaIDGUID:: Mq6KxflW0hGQ0ADAT9kasQ==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Version
+attributeID: 1.2.840.113556.1.4.942
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Version
+adminDescription: MSMQ-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQVersion
+schemaIDGUID:: NsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msNPAllowDialin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msNPAllowDialin
+attributeID: 1.2.840.113556.1.4.1119
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msNPAllowDialin
+adminDescription: msNPAllowDialin
+oMSyntax: 1
+searchFlags: 16
+lDAPDisplayName: msNPAllowDialin
+schemaIDGUID:: hZAM2/LB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msNPCalledStationID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msNPCalledStationID
+attributeID: 1.2.840.113556.1.4.1123
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msNPCalledStationID
+adminDescription: msNPCalledStationID
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: msNPCalledStationID
+schemaIDGUID:: iZAM2/LB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msNPCallingStationID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msNPCallingStationID
+attributeID: 1.2.840.113556.1.4.1124
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msNPCallingStationID
+adminDescription: msNPCallingStationID
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msNPCallingStationID
+schemaIDGUID:: ipAM2/LB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msNPSavedCallingStationID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msNPSavedCallingStationID
+attributeID: 1.2.840.113556.1.4.1130
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msNPSavedCallingStationID
+adminDescription: msNPSavedCallingStationID
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msNPSavedCallingStationID
+schemaIDGUID:: jpAM2/LB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRADIUSCallbackNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRADIUSCallbackNumber
+attributeID: 1.2.840.113556.1.4.1145
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRADIUSCallbackNumber
+adminDescription: msRADIUSCallbackNumber
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUSCallbackNumber
+schemaIDGUID:: nJAM2/LB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRADIUSFramedIPAddress,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRADIUSFramedIPAddress
+attributeID: 1.2.840.113556.1.4.1153
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRADIUSFramedIPAddress
+adminDescription: msRADIUSFramedIPAddress
+oMSyntax: 2
+searchFlags: 16
+lDAPDisplayName: msRADIUSFramedIPAddress
+schemaIDGUID:: pJAM2/LB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRADIUSFramedRoute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRADIUSFramedRoute
+attributeID: 1.2.840.113556.1.4.1158
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRADIUSFramedRoute
+adminDescription: msRADIUSFramedRoute
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUSFramedRoute
+schemaIDGUID:: qZAM2/LB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRADIUSServiceType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRADIUSServiceType
+attributeID: 1.2.840.113556.1.4.1171
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRADIUSServiceType
+adminDescription: msRADIUSServiceType
+oMSyntax: 2
+searchFlags: 16
+lDAPDisplayName: msRADIUSServiceType
+schemaIDGUID:: tpAM2/LB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRASSavedCallbackNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRASSavedCallbackNumber
+attributeID: 1.2.840.113556.1.4.1189
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRASSavedCallbackNumber
+adminDescription: msRASSavedCallbackNumber
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRASSavedCallbackNumber
+schemaIDGUID:: xZAM2/LB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRASSavedFramedIPAddress,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRASSavedFramedIPAddress
+attributeID: 1.2.840.113556.1.4.1190
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRASSavedFramedIPAddress
+adminDescription: msRASSavedFramedIPAddress
+oMSyntax: 2
+searchFlags: 16
+lDAPDisplayName: msRASSavedFramedIPAddress
+schemaIDGUID:: xpAM2/LB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRASSavedFramedRoute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRASSavedFramedRoute
+attributeID: 1.2.840.113556.1.4.1191
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRASSavedFramedRoute
+adminDescription: msRASSavedFramedRoute
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRASSavedFramedRoute
+schemaIDGUID:: x5AM2/LB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Aliases,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Aliases
+attributeID: 1.2.840.113556.1.6.18.1.323
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 153600
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Aliases
+adminDescription: part of the NIS mail map
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: msSFU30Aliases
+schemaIDGUID:: cfHrIJrGMUyyndy4N9iRLQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Crypt-Method,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Crypt-Method
+attributeID: 1.2.840.113556.1.6.18.1.352
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Crypt-Method
+adminDescription: 
+ used to store the method used for encrypting the UNIX passwords, either MD5 or
+  crypt.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: msSFU30CryptMethod
+schemaIDGUID:: o9IDRXA9uEGwd9/xI8FYZQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Domains,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Domains
+attributeID: 1.2.840.113556.1.6.18.1.340
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 256000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Domains
+adminDescription: 
+ stores the list of UNIX NIS domains migrated to the same AD NIS domain
+oMSyntax: 22
+searchFlags: 1
+lDAPDisplayName: msSFU30Domains
+schemaIDGUID:: 014JkzBv3Uu3NGXVafX3yQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Field-Separator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Field-Separator
+attributeID: 1.2.840.113556.1.6.18.1.302
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 50
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Field-Separator
+adminDescription: stores Field Separator for each NIS map
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30FieldSeparator
+schemaIDGUID:: QhrhooHnoUyn+uwwf2K2oQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Intra-Field-Separator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Intra-Field-Separator
+attributeID: 1.2.840.113556.1.6.18.1.303
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 50
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Intra-Field-Separator
+adminDescription: 
+ This attribute stores intra field separators for each NIS map
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30IntraFieldSeparator
+schemaIDGUID:: 8K6yleQnuUyICqLZqeojuA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Is-Valid-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Is-Valid-Container
+attributeID: 1.2.840.113556.1.6.18.1.350
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Is-Valid-Container
+adminDescription: 
+ internal to Server for NIS and stores whether the current search root is valid
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: msSFU30IsValidContainer
+schemaIDGUID:: 9ULqDY0nV0G0p0m1lmSRWw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Key-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Key-Attributes
+attributeID: 1.2.840.113556.1.6.18.1.301
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Key-Attributes
+adminDescription: 
+ stores the names of the attributes which the Server for NIS will use as keys t
+ o search a map
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30KeyAttributes
+schemaIDGUID:: mNbsMp7OlEihNHrXawgugw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Key-Values,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Key-Values
+attributeID: 1.2.840.113556.1.6.18.1.324
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 10240
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Key-Values
+adminDescription: 
+ This attribute is internal to Server for NIS and is used as a scratch pad
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: msSFU30KeyValues
+schemaIDGUID:: NQKDN+nl8kaSK9jUTwPnrg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Map-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Map-Filter
+attributeID: 1.2.840.113556.1.6.18.1.306
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Map-Filter
+adminDescription: 
+ stores a string containing map keys, domain name and so on. The string is used
+  to filter data in a map
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30MapFilter
+schemaIDGUID:: AW6xt08CI06tDXHxpAa2hA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Master-Server-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Master-Server-Name
+attributeID: 1.2.840.113556.1.6.18.1.307
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Master-Server-Name
+adminDescription: 
+ The value in this container is returned when Server for NIS processes a yp_mas
+ ter API call
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msSFU30MasterServerName
+schemaIDGUID:: ogjJTBieDkGEWfF8xCICCg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Max-Gid-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Max-Gid-Number
+attributeID: 1.2.840.113556.1.6.18.1.342
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Max-Gid-Number
+adminDescription: stores the maximum number of groups migrated to a NIS domain
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: msSFU30MaxGidNumber
+schemaIDGUID:: pmruBDv4mka/WjwA02NGaQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Max-Uid-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Max-Uid-Number
+attributeID: 1.2.840.113556.1.6.18.1.343
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Max-Uid-Number
+adminDescription: stores the maximum number of users migrated to a NIS domain
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: msSFU30MaxUidNumber
+schemaIDGUID:: N4SZ7ETZKEqFACF1iK38dQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Name
+attributeID: 1.2.840.113556.1.6.18.1.309
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Name
+adminDescription: stores the name of a map
+oMSyntax: 22
+searchFlags: 1
+lDAPDisplayName: msSFU30Name
+schemaIDGUID:: 09HFFsI1YUCocKXO/agE8A==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Netgroup-Host-At-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Netgroup-Host-At-Domain
+attributeID: 1.2.840.113556.1.6.18.1.348
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Netgroup-Host-At-Domain
+adminDescription: 
+ Part of the netgroup map.This attribute represents computed strings such as ho
+ st@domain
+oMSyntax: 22
+searchFlags: 1
+lDAPDisplayName: msSFU30NetgroupHostAtDomain
+schemaIDGUID:: Zb/Sl2YEUkiiWuwg9X7jbA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Netgroup-User-At-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Netgroup-User-At-Domain
+attributeID: 1.2.840.113556.1.6.18.1.349
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Netgroup-User-At-Domain
+adminDescription: 
+ Part of the netgroup map.This attribute represents computed strings such as us
+ er@domain
+oMSyntax: 22
+searchFlags: 1
+lDAPDisplayName: msSFU30NetgroupUserAtDomain
+schemaIDGUID:: 7U7oqTDmZ0u0s8rSqC00Xg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Nis-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Nis-Domain
+attributeID: 1.2.840.113556.1.6.18.1.339
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Nis-Domain
+adminDescription: This attribute is used to store the NIS domain
+oMSyntax: 22
+searchFlags: 9
+lDAPDisplayName: msSFU30NisDomain
+schemaIDGUID:: 47LjnvPH+EWMnxOCvkmE0g==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-NSMAP-Field-Position,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-NSMAP-Field-Position
+attributeID: 1.2.840.113556.1.6.18.1.345
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-NSMAP-Field-Position
+adminDescription: 
+ This attribute stores the "field position", to extract the key from a non-stan
+ dard map
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: msSFU30NSMAPFieldPosition
+schemaIDGUID:: Xp1cWJn1B0+c+UNzr0uJ0w==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Order-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Order-Number
+attributeID: 1.2.840.113556.1.6.18.1.308
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Order-Number
+adminDescription: 
+ Every time the data stored in the msSFU-30-Domain-Info object is changed, the 
+ value of this attribute is incremented. Server for NIS uses this object to che
+ ck if the map has changed. This number is used to track data changes between y
+ pxfer calls
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msSFU30OrderNumber
+schemaIDGUID:: BV9iAu7Rn0+zZlUma+y5XA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Posix-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Posix-Member
+attributeID: 1.2.840.113556.1.6.18.1.346
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2030
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Posix-Member
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute is used to store the DN display name of users which are a part 
+ of the group
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msSFU30PosixMember
+schemaIDGUID:: Ldh1yEgo7Ey7UDxUhtCdVw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Posix-Member-Of,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Posix-Member-Of
+attributeID: 1.2.840.113556.1.6.18.1.347
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2031
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Posix-Member-Of
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ stores the display names of groups to which this user belongs to
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msSFU30PosixMemberOf
+schemaIDGUID:: kmvXe0QyikOtpiT16jQ4Hg==
+systemOnly: FALSE
+systemFlags: 1
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Result-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Result-Attributes
+attributeID: 1.2.840.113556.1.6.18.1.305
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Result-Attributes
+adminDescription: Server for NIS uses this object as a scratch pad
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30ResultAttributes
+schemaIDGUID:: trBn4UVAM0SsNVP5ctRcug==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Search-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Search-Attributes
+attributeID: 1.2.840.113556.1.6.18.1.304
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Search-Attributes
+adminDescription: 
+ stores the names of the attributes Server for NIS needs while searching a map
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30SearchAttributes
+schemaIDGUID:: 8C2a71cuyEiJUAzGdABHMw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Search-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Search-Container
+attributeID: 1.2.840.113556.1.6.18.1.300
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Search-Container
+adminDescription: 
+ stores the identifier of an object from where each search will begin
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30SearchContainer
+schemaIDGUID:: or/uJ+v7jk+q1sUCR5lCkQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Yp-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Yp-Servers
+attributeID: 1.2.840.113556.1.6.18.1.341
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 20480
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Yp-Servers
+adminDescription: 
+ Stores ypserves list, list of "Servers for NIS" in a NIS domain
+oMSyntax: 22
+searchFlags: 1
+lDAPDisplayName: msSFU30YpServers
+schemaIDGUID:: S5RKCFDh/kuTRUDhrtrrug==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Must-Contain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Must-Contain
+attributeID: 1.2.840.113556.1.2.24
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Must-Contain
+adminDescription: Must-Contain
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: mustContain
+schemaFlagsEx: 1
+schemaIDGUID:: 03mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Name-Service-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Name-Service-Flags
+attributeID: 1.2.840.113556.1.4.753
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Name-Service-Flags
+adminDescription: Name-Service-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: nameServiceFlags
+schemaIDGUID:: QCghgNxL0RGpxAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NC-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NC-Name
+attributeID: 1.2.840.113556.1.2.16
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NC-Name
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: NC-Name
+oMSyntax: 127
+searchFlags: 8
+lDAPDisplayName: nCName
+schemaFlagsEx: 1
+schemaIDGUID:: 1nmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NETBIOS-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NETBIOS-Name
+attributeID: 1.2.840.113556.1.4.87
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NETBIOS-Name
+adminDescription: NETBIOS-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: nETBIOSName
+schemaFlagsEx: 1
+schemaIDGUID:: 2HmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Allow-New-Clients,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Allow-New-Clients
+attributeID: 1.2.840.113556.1.4.849
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Allow-New-Clients
+adminDescription: netboot-Allow-New-Clients
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: netbootAllowNewClients
+schemaIDGUID:: djA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Answer-Only-Valid-Clients,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Answer-Only-Valid-Clients
+attributeID: 1.2.840.113556.1.4.854
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Answer-Only-Valid-Clients
+adminDescription: netboot-Answer-Only-Valid-Clients
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: netbootAnswerOnlyValidClients
+schemaIDGUID:: ezA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Answer-Requests,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Answer-Requests
+attributeID: 1.2.840.113556.1.4.853
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Answer-Requests
+adminDescription: netboot-Answer-Requests
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: netbootAnswerRequests
+schemaIDGUID:: ejA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Current-Client-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Current-Client-Count
+attributeID: 1.2.840.113556.1.4.852
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Current-Client-Count
+adminDescription: netboot-Current-Client-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: netbootCurrentClientCount
+schemaIDGUID:: eTA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Netboot-DUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Netboot-DUID
+attributeID: 1.2.840.113556.1.4.2234
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 2
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Netboot-DUID
+adminDescription: Netboot-DUID
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: netbootDUID
+schemaIDGUID:: vXAlU3c9T0KCLw1jbcbarQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Netboot-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Netboot-GUID
+attributeID: 1.2.840.113556.1.4.359
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Netboot-GUID
+adminDescription: Netboot-GUID
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: netbootGUID
+schemaIDGUID:: IYmXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Netboot-Initialization,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Netboot-Initialization
+attributeID: 1.2.840.113556.1.4.358
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Netboot-Initialization
+adminDescription: Netboot-Initialization
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootInitialization
+schemaIDGUID:: IImXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-IntelliMirror-OSes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-IntelliMirror-OSes
+attributeID: 1.2.840.113556.1.4.857
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-IntelliMirror-OSes
+adminDescription: netboot-IntelliMirror-OSes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootIntelliMirrorOSes
+schemaIDGUID:: fjA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Limit-Clients,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Limit-Clients
+attributeID: 1.2.840.113556.1.4.850
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Limit-Clients
+adminDescription: netboot-Limit-Clients
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: netbootLimitClients
+schemaIDGUID:: dzA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Locally-Installed-OSes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Locally-Installed-OSes
+attributeID: 1.2.840.113556.1.4.859
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Locally-Installed-OSes
+adminDescription: netboot-Locally-Installed-OSes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootLocallyInstalledOSes
+schemaIDGUID:: gDA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Netboot-Machine-File-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Netboot-Machine-File-Path
+attributeID: 1.2.840.113556.1.4.361
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Netboot-Machine-File-Path
+adminDescription: Netboot-Machine-File-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootMachineFilePath
+schemaIDGUID:: I4mXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Max-Clients,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Max-Clients
+attributeID: 1.2.840.113556.1.4.851
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Max-Clients
+adminDescription: netboot-Max-Clients
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: netbootMaxClients
+schemaIDGUID:: eDA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Netboot-Mirror-Data-File,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Netboot-Mirror-Data-File
+attributeID: 1.2.840.113556.1.4.1241
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Netboot-Mirror-Data-File
+adminDescription: Netboot-Mirror-Data-File
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootMirrorDataFile
+schemaIDGUID:: hQ35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-New-Machine-Naming-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-New-Machine-Naming-Policy
+attributeID: 1.2.840.113556.1.4.855
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-New-Machine-Naming-Policy
+adminDescription: netboot-New-Machine-Naming-Policy
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootNewMachineNamingPolicy
+schemaIDGUID:: fDA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-New-Machine-OU,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-New-Machine-OU
+attributeID: 1.2.840.113556.1.4.856
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-New-Machine-OU
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: netboot-New-Machine-OU
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: netbootNewMachineOU
+schemaIDGUID:: fTA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-SCP-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-SCP-BL
+attributeID: 1.2.840.113556.1.4.864
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 101
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-SCP-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: netboot-SCP-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: netbootSCPBL
+schemaIDGUID:: gjA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Server
+attributeID: 1.2.840.113556.1.4.860
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 100
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Server
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: netboot-Server
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: netbootServer
+schemaIDGUID:: gTA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Netboot-SIF-File,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Netboot-SIF-File
+attributeID: 1.2.840.113556.1.4.1240
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Netboot-SIF-File
+adminDescription: Netboot-SIF-File
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootSIFFile
+schemaIDGUID:: hA35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Tools,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Tools
+attributeID: 1.2.840.113556.1.4.858
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Tools
+adminDescription: netboot-Tools
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootTools
+schemaIDGUID:: fzA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Network-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Network-Address
+attributeID: 1.2.840.113556.1.2.459
+attributeSyntax: 2.5.5.4
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 256
+mAPIID: 33136
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Network-Address
+adminDescription: Network-Address
+oMSyntax: 20
+searchFlags: 0
+lDAPDisplayName: networkAddress
+schemaIDGUID:: 2XmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Next-Level-Store,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Next-Level-Store
+attributeID: 1.2.840.113556.1.4.214
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Next-Level-Store
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Next-Level-Store
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: nextLevelStore
+schemaIDGUID:: 2nmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Next-Rid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Next-Rid
+attributeID: 1.2.840.113556.1.4.88
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Next-Rid
+adminDescription: Next-Rid
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: nextRid
+schemaFlagsEx: 1
+schemaIDGUID:: 23mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisMapEntry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NisMapEntry
+attributeID: 1.3.6.1.1.1.1.27
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: nisMapEntry
+adminDescription: This holds one map entry of a non standard map.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: nisMapEntry
+schemaIDGUID:: biGVSsD8LkC1f1lxYmFIqQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisMapName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NisMapName
+attributeID: 1.3.6.1.1.1.1.26
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: nisMapName
+adminDescription: 
+ The attribute contains the name of the map to which the object belongs.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: nisMapName
+schemaIDGUID:: eTydlpoOlU2wrL3ef/jzoQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisNetgroupTriple,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NisNetgroupTriple
+attributeID: 1.3.6.1.1.1.1.14
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 153600
+showInAdvancedViewOnly: TRUE
+adminDisplayName: nisNetgroupTriple
+adminDescription: This attribute represents one entry from a netgroup map.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: nisNetgroupTriple
+schemaIDGUID:: dC4DqO8w9U+v/A/CF3g/7A==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Non-Security-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Non-Security-Member
+attributeID: 1.2.840.113556.1.4.530
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 50
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Non-Security-Member
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Non-Security-Member
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: nonSecurityMember
+schemaIDGUID:: GIBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Non-Security-Member-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Non-Security-Member-BL
+attributeID: 1.2.840.113556.1.4.531
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 51
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Non-Security-Member-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Non-Security-Member-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: nonSecurityMemberBL
+schemaIDGUID:: GYBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Notification-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Notification-List
+attributeID: 1.2.840.113556.1.4.303
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Notification-List
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Notification-List
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: notificationList
+schemaIDGUID:: VloZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NT-Group-Members,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NT-Group-Members
+attributeID: 1.2.840.113556.1.4.89
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NT-Group-Members
+adminDescription: NT-Group-Members
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: nTGroupMembers
+schemaIDGUID:: 33mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NT-Mixed-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NT-Mixed-Domain
+attributeID: 1.2.840.113556.1.4.357
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NT-Mixed-Domain
+adminDescription: NT-Mixed-Domain
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: nTMixedDomain
+schemaFlagsEx: 1
+schemaIDGUID:: H4mXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Nt-Pwd-History,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Nt-Pwd-History
+attributeID: 1.2.840.113556.1.4.94
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Nt-Pwd-History
+adminDescription: Nt-Pwd-History
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: ntPwdHistory
+schemaFlagsEx: 1
+schemaIDGUID:: 4nmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NT-Security-Descriptor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NT-Security-Descriptor
+attributeID: 1.2.840.113556.1.2.281
+attributeSyntax: 2.5.5.15
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+mAPIID: 32787
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NT-Security-Descriptor
+adminDescription: NT-Security-Descriptor
+oMSyntax: 66
+searchFlags: 8
+lDAPDisplayName: nTSecurityDescriptor
+schemaFlagsEx: 1
+schemaIDGUID:: 43mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 26
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Obj-Dist-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Obj-Dist-Name
+attributeID: 2.5.4.49
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+mAPIID: 32828
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Obj-Dist-Name
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Obj-Dist-Name
+oMSyntax: 127
+searchFlags: 8
+lDAPDisplayName: distinguishedName
+schemaFlagsEx: 1
+schemaIDGUID:: 5HmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Category,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Category
+attributeID: 1.2.840.113556.1.4.782
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Category
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Object-Category
+oMSyntax: 127
+searchFlags: 1
+lDAPDisplayName: objectCategory
+schemaFlagsEx: 1
+schemaIDGUID:: aXPZJnBg0RGpxgAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Class
+attributeID: 2.5.4.0
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Class
+adminDescription: Object-Class
+oMSyntax: 6
+searchFlags: 9
+lDAPDisplayName: objectClass
+schemaFlagsEx: 1
+schemaIDGUID:: 5XmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Class-Category,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Class-Category
+attributeID: 1.2.840.113556.1.2.370
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 3
+mAPIID: 33014
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Class-Category
+adminDescription: Object-Class-Category
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: objectClassCategory
+schemaFlagsEx: 1
+schemaIDGUID:: 5nmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Classes
+attributeID: 2.5.21.6
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Classes
+adminDescription: Object-Classes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: objectClasses
+schemaFlagsEx: 1
+schemaIDGUID:: S9l6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Count
+attributeID: 1.2.840.113556.1.4.506
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Count
+adminDescription: Object-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: objectCount
+schemaIDGUID:: FqKqNJm20BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Guid
+attributeID: 1.2.840.113556.1.4.2
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+mAPIID: 35949
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Guid
+adminDescription: Object-Guid
+oMSyntax: 4
+searchFlags: 9
+lDAPDisplayName: objectGUID
+schemaFlagsEx: 1
+schemaIDGUID:: 53mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Sid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Sid
+attributeID: 1.2.840.113556.1.4.146
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 28
+mAPIID: 32807
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Sid
+adminDescription: Object-Sid
+oMSyntax: 4
+searchFlags: 9
+lDAPDisplayName: objectSid
+schemaFlagsEx: 1
+schemaIDGUID:: 6HmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Version
+attributeID: 1.2.840.113556.1.2.76
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 33015
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Version
+adminDescription: Object-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: objectVersion
+schemaFlagsEx: 1
+schemaIDGUID:: SFh3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OEM-Information,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: OEM-Information
+attributeID: 1.2.840.113556.1.4.151
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: OEM-Information
+adminDescription: OEM-Information
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: oEMInformation
+schemaFlagsEx: 1
+schemaIDGUID:: 6nmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OM-Object-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: OM-Object-Class
+attributeID: 1.2.840.113556.1.2.218
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+mAPIID: 33021
+showInAdvancedViewOnly: TRUE
+adminDisplayName: OM-Object-Class
+adminDescription: OM-Object-Class
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: oMObjectClass
+schemaFlagsEx: 1
+schemaIDGUID:: 7HmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OM-Syntax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: OM-Syntax
+attributeID: 1.2.840.113556.1.2.231
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 33022
+showInAdvancedViewOnly: TRUE
+adminDisplayName: OM-Syntax
+adminDescription: OM-Syntax
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: oMSyntax
+schemaFlagsEx: 1
+schemaIDGUID:: 7XmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OMT-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: OMT-Guid
+attributeID: 1.2.840.113556.1.4.505
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: OMT-Guid
+adminDescription: OMT-Guid
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: oMTGuid
+schemaIDGUID:: 8wys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OMT-Indx-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: OMT-Indx-Guid
+attributeID: 1.2.840.113556.1.4.333
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: OMT-Indx-Guid
+adminDescription: OMT-Indx-Guid
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: oMTIndxGuid
+schemaIDGUID:: +nUAH0B+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OncRpcNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: OncRpcNumber
+attributeID: 1.3.6.1.1.1.1.18
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: oncRpcNumber
+adminDescription: 
+ This is a part of the rpc map and stores the RPC number for UNIX RPCs.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: oncRpcNumber
+schemaIDGUID:: 9SVoltkBXEqgEdFa6E76VQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Operating-System,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Operating-System
+attributeID: 1.2.840.113556.1.4.363
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Operating-System
+adminDescription: Operating-System
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: operatingSystem
+schemaFlagsEx: 1
+schemaIDGUID:: JYmXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Operating-System-Hotfix,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Operating-System-Hotfix
+attributeID: 1.2.840.113556.1.4.415
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Operating-System-Hotfix
+adminDescription: Operating-System-Hotfix
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: operatingSystemHotfix
+schemaIDGUID:: PBuVvZac0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Operating-System-Service-Pack,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Operating-System-Service-Pack
+attributeID: 1.2.840.113556.1.4.365
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Operating-System-Service-Pack
+adminDescription: Operating-System-Service-Pack
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: operatingSystemServicePack
+schemaFlagsEx: 1
+schemaIDGUID:: J4mXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Operating-System-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Operating-System-Version
+attributeID: 1.2.840.113556.1.4.364
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Operating-System-Version
+adminDescription: Operating-System-Version
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: operatingSystemVersion
+schemaFlagsEx: 1
+schemaIDGUID:: JomXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Operator-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Operator-Count
+attributeID: 1.2.840.113556.1.4.144
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Operator-Count
+adminDescription: Operator-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: operatorCount
+schemaFlagsEx: 1
+schemaIDGUID:: 7nmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Option-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Option-Description
+attributeID: 1.2.840.113556.1.4.712
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Option-Description
+adminDescription: Option-Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: optionDescription
+schemaIDGUID:: TSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Options,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Options
+attributeID: 1.2.840.113556.1.4.307
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Options
+adminDescription: Options
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: options
+schemaFlagsEx: 1
+schemaIDGUID:: U1oZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Options-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Options-Location
+attributeID: 1.2.840.113556.1.4.713
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Options-Location
+adminDescription: Options-Location
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: optionsLocation
+schemaIDGUID:: Tic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Organization-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Organization-Name
+attributeID: 2.5.4.10
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 33025
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Organization-Name
+adminDescription: Organization-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: o
+schemaFlagsEx: 1
+schemaIDGUID:: 73mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Organizational-Unit-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Organizational-Unit-Name
+attributeID: 2.5.4.11
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 33026
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Organizational-Unit-Name
+adminDescription: Organizational-Unit-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: ou
+schemaFlagsEx: 1
+schemaIDGUID:: 8HmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=organizationalStatus,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: organizationalStatus
+attributeID: 0.9.2342.19200300.100.1.45
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: organizationalStatus
+adminDescription: 
+ The organizationalStatus attribute type specifies a category by which a person
+  is often referred to in an organization.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: organizationalStatus
+schemaIDGUID:: GWBZKElzL02t/1pimWH5Qg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Original-Display-Table,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Original-Display-Table
+attributeID: 1.2.840.113556.1.2.445
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 33027
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Original-Display-Table
+adminDescription: Original-Display-Table
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: originalDisplayTable
+schemaIDGUID:: ziTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Original-Display-Table-MSDOS,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Original-Display-Table-MSDOS
+attributeID: 1.2.840.113556.1.2.214
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 33028
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Original-Display-Table-MSDOS
+adminDescription: Original-Display-Table-MSDOS
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: originalDisplayTableMSDOS
+schemaIDGUID:: zyTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Other-Login-Workstations,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Other-Login-Workstations
+attributeID: 1.2.840.113556.1.4.91
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Other-Login-Workstations
+adminDescription: Other-Login-Workstations
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: otherLoginWorkstations
+schemaIDGUID:: 8XmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Other-Mailbox,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Other-Mailbox
+attributeID: 1.2.840.113556.1.4.651
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Other-Mailbox
+adminDescription: Other-Mailbox
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherMailbox
+schemaIDGUID:: I8GWAtpA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Other-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Other-Name
+attributeID: 2.16.840.1.113730.3.1.34
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Other-Name
+adminDescription: Other-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: middleName
+schemaIDGUID:: 8nmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Other-Well-Known-Objects,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Other-Well-Known-Objects
+attributeID: 1.2.840.113556.1.4.1359
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Other-Well-Known-Objects
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: Other-Well-Known-Objects
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: otherWellKnownObjects
+schemaFlagsEx: 1
+schemaIDGUID:: XU6mHg+s0hGQ3wDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Owner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Owner
+attributeID: 2.5.4.32
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 44
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Owner
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Owner
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: owner
+schemaIDGUID:: 83mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Package-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Package-Flags
+attributeID: 1.2.840.113556.1.4.327
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Package-Flags
+adminDescription: Package-Flags
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: packageFlags
+schemaIDGUID:: mQ5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Package-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Package-Name
+attributeID: 1.2.840.113556.1.4.326
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Package-Name
+adminDescription: Package-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: packageName
+schemaIDGUID:: mA5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Package-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Package-Type
+attributeID: 1.2.840.113556.1.4.324
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Package-Type
+adminDescription: Package-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: packageType
+schemaIDGUID:: lg5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Parent-CA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Parent-CA
+attributeID: 1.2.840.113556.1.4.557
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Parent-CA
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Parent-CA
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: parentCA
+schemaIDGUID:: G4BFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Parent-CA-Certificate-Chain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Parent-CA-Certificate-Chain
+attributeID: 1.2.840.113556.1.4.685
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Parent-CA-Certificate-Chain
+adminDescription: Parent-CA-Certificate-Chain
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: parentCACertificateChain
+schemaIDGUID:: Myc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Parent-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Parent-GUID
+attributeID: 1.2.840.113556.1.4.1224
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Parent-GUID
+adminDescription: Parent-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: parentGUID
+schemaFlagsEx: 1
+schemaIDGUID:: dA35LZ8A0hGqTADAT9fYOg==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Partial-Attribute-Deletion-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Partial-Attribute-Deletion-List
+attributeID: 1.2.840.113556.1.4.663
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Partial-Attribute-Deletion-List
+adminDescription: Partial-Attribute-Deletion-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: partialAttributeDeletionList
+schemaFlagsEx: 1
+schemaIDGUID:: wA5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Partial-Attribute-Set,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Partial-Attribute-Set
+attributeID: 1.2.840.113556.1.4.640
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Partial-Attribute-Set
+adminDescription: Partial-Attribute-Set
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: partialAttributeSet
+schemaFlagsEx: 1
+schemaIDGUID:: nltAGfo80RGpwAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pek-Key-Change-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pek-Key-Change-Interval
+attributeID: 1.2.840.113556.1.4.866
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pek-Key-Change-Interval
+adminDescription: Pek-Key-Change-Interval
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: pekKeyChangeInterval
+schemaIDGUID:: hDA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pek-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pek-List
+attributeID: 1.2.840.113556.1.4.865
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pek-List
+adminDescription: Pek-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pekList
+schemaFlagsEx: 1
+schemaIDGUID:: gzA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pending-CA-Certificates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pending-CA-Certificates
+attributeID: 1.2.840.113556.1.4.693
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pending-CA-Certificates
+adminDescription: Pending-CA-Certificates
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pendingCACertificates
+schemaIDGUID:: PCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pending-Parent-CA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pending-Parent-CA
+attributeID: 1.2.840.113556.1.4.695
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pending-Parent-CA
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Pending-Parent-CA
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: pendingParentCA
+schemaIDGUID:: Pic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Per-Msg-Dialog-Display-Table,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Per-Msg-Dialog-Display-Table
+attributeID: 1.2.840.113556.1.2.325
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 33032
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Per-Msg-Dialog-Display-Table
+adminDescription: Per-Msg-Dialog-Display-Table
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: perMsgDialogDisplayTable
+schemaIDGUID:: 0yTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Per-Recip-Dialog-Display-Table,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Per-Recip-Dialog-Display-Table
+attributeID: 1.2.840.113556.1.2.326
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 33033
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Per-Recip-Dialog-Display-Table
+adminDescription: Per-Recip-Dialog-Display-Table
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: perRecipDialogDisplayTable
+schemaIDGUID:: 1CTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Personal-Title,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Personal-Title
+attributeID: 1.2.840.113556.1.2.615
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35947
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Personal-Title
+adminDescription: Personal-Title
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: personalTitle
+schemaIDGUID:: WFh3FvNH0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Fax-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Fax-Other
+attributeID: 1.2.840.113556.1.4.646
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Fax-Other
+adminDescription: Phone-Fax-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherFacsimileTelephoneNumber
+schemaIDGUID:: HcGWAtpA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Home-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Home-Other
+attributeID: 1.2.840.113556.1.2.277
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14895
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Home-Other
+adminDescription: Phone-Home-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherHomePhone
+schemaIDGUID:: ov/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Home-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Home-Primary
+attributeID: 0.9.2342.19200300.100.1.20
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14857
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Home-Primary
+adminDescription: Phone-Home-Primary
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: homePhone
+schemaIDGUID:: of/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Ip-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Ip-Other
+attributeID: 1.2.840.113556.1.4.722
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Ip-Other
+adminDescription: Phone-Ip-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherIpPhone
+schemaIDGUID:: S24UTdRI0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Ip-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Ip-Primary
+attributeID: 1.2.840.113556.1.4.721
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Ip-Primary
+adminDescription: Phone-Ip-Primary
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ipPhone
+schemaIDGUID:: Sm4UTdRI0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-ISDN-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-ISDN-Primary
+attributeID: 1.2.840.113556.1.4.649
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-ISDN-Primary
+adminDescription: Phone-ISDN-Primary
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: primaryInternationalISDNNumber
+schemaIDGUID:: H8GWAtpA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Mobile-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Mobile-Other
+attributeID: 1.2.840.113556.1.4.647
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Mobile-Other
+adminDescription: Phone-Mobile-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherMobile
+schemaIDGUID:: HsGWAtpA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Mobile-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Mobile-Primary
+attributeID: 0.9.2342.19200300.100.1.41
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14876
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Mobile-Primary
+adminDescription: Phone-Mobile-Primary
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mobile
+schemaIDGUID:: o//48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Office-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Office-Other
+attributeID: 1.2.840.113556.1.2.18
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14875
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Office-Other
+adminDescription: Phone-Office-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherTelephone
+schemaIDGUID:: pf/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Pager-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Pager-Other
+attributeID: 1.2.840.113556.1.2.118
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35950
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Pager-Other
+adminDescription: Phone-Pager-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherPager
+schemaIDGUID:: pP/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Pager-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Pager-Primary
+attributeID: 0.9.2342.19200300.100.1.42
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14881
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Pager-Primary
+adminDescription: Phone-Pager-Primary
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: pager
+schemaIDGUID:: pv/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=photo,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: photo
+attributeID: 0.9.2342.19200300.100.1.7
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: photo
+adminDescription: 
+ An object encoded in G3 fax as explained in recommendation T.4, with an ASN.1 
+ wrapper to make it compatible with an X.400 BodyPart as defined in X.420.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: photo
+schemaIDGUID:: aJeXnBq6CEyWMsalwe1kmg==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Physical-Delivery-Office-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Physical-Delivery-Office-Name
+attributeID: 2.5.4.19
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 14873
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Physical-Delivery-Office-Name
+adminDescription: Physical-Delivery-Office-Name
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: physicalDeliveryOfficeName
+schemaIDGUID:: 93mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Physical-Location-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Physical-Location-Object
+attributeID: 1.2.840.113556.1.4.514
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Physical-Location-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Physical-Location-Object
+oMSyntax: 127
+searchFlags: 1
+lDAPDisplayName: physicalLocationObject
+schemaIDGUID:: GTGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Picture,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Picture
+attributeID: 2.16.840.1.113730.3.1.35
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 102400
+mAPIID: 35998
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Picture
+adminDescription: Picture
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: thumbnailPhoto
+schemaIDGUID:: UMo7jX4d0BGggQCqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Critical-Extensions,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Critical-Extensions
+attributeID: 1.2.840.113556.1.4.1330
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Critical-Extensions
+adminDescription: PKI-Critical-Extensions
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: pKICriticalExtensions
+schemaIDGUID:: BpFa/J070hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Default-CSPs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Default-CSPs
+attributeID: 1.2.840.113556.1.4.1334
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Default-CSPs
+adminDescription: PKI-Default-CSPs
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: pKIDefaultCSPs
+schemaIDGUID:: bjP2Hp470hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Default-Key-Spec,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Default-Key-Spec
+attributeID: 1.2.840.113556.1.4.1327
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Default-Key-Spec
+adminDescription: PKI-Default-Key-Spec
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: pKIDefaultKeySpec
+schemaIDGUID:: bq5sQp070hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Enrollment-Access,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Enrollment-Access
+attributeID: 1.2.840.113556.1.4.1335
+attributeSyntax: 2.5.5.15
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Enrollment-Access
+adminDescription: PKI-Enrollment-Access
+oMSyntax: 66
+searchFlags: 0
+lDAPDisplayName: pKIEnrollmentAccess
+schemaIDGUID:: eOJrkvlW0hGQ0ADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Expiration-Period,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Expiration-Period
+attributeID: 1.2.840.113556.1.4.1331
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Expiration-Period
+adminDescription: PKI-Expiration-Period
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pKIExpirationPeriod
+schemaIDGUID:: 0nAVBJ470hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Extended-Key-Usage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Extended-Key-Usage
+attributeID: 1.2.840.113556.1.4.1333
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Extended-Key-Usage
+adminDescription: PKI-Extended-Key-Usage
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: pKIExtendedKeyUsage
+schemaIDGUID:: 9mqXGJ470hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Key-Usage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Key-Usage
+attributeID: 1.2.840.113556.1.4.1328
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Key-Usage
+adminDescription: PKI-Key-Usage
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pKIKeyUsage
+schemaIDGUID:: fqiw6Z070hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Max-Issuing-Depth,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Max-Issuing-Depth
+attributeID: 1.2.840.113556.1.4.1329
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Max-Issuing-Depth
+adminDescription: PKI-Max-Issuing-Depth
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: pKIMaxIssuingDepth
+schemaIDGUID:: +t6/8J070hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Overlap-Period,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Overlap-Period
+attributeID: 1.2.840.113556.1.4.1332
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Overlap-Period
+adminDescription: PKI-Overlap-Period
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pKIOverlapPeriod
+schemaIDGUID:: 7KMZEp470hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKT,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKT
+attributeID: 1.2.840.113556.1.4.206
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 10485760
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKT
+adminDescription: PKT
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pKT
+schemaIDGUID:: 8flHhCcQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKT-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKT-Guid
+attributeID: 1.2.840.113556.1.4.205
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKT-Guid
+adminDescription: PKT-Guid
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pKTGuid
+schemaIDGUID:: 8PlHhCcQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Policy-Replication-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Policy-Replication-Flags
+attributeID: 1.2.840.113556.1.4.633
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Policy-Replication-Flags
+adminDescription: Policy-Replication-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: policyReplicationFlags
+schemaIDGUID:: lltAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Port-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Port-Name
+attributeID: 1.2.840.113556.1.4.228
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Port-Name
+adminDescription: Port-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: portName
+schemaIDGUID:: xBYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Poss-Superiors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Poss-Superiors
+attributeID: 1.2.840.113556.1.2.8
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Poss-Superiors
+adminDescription: Poss-Superiors
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: possSuperiors
+schemaFlagsEx: 1
+schemaIDGUID:: +nmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Possible-Inferiors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Possible-Inferiors
+attributeID: 1.2.840.113556.1.4.915
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Possible-Inferiors
+adminDescription: Possible-Inferiors
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: possibleInferiors
+schemaFlagsEx: 1
+schemaIDGUID:: TNl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Post-Office-Box,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Post-Office-Box
+attributeID: 2.5.4.18
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 40
+mAPIID: 14891
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Post-Office-Box
+adminDescription: Post-Office-Box
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: postOfficeBox
+schemaIDGUID:: +3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Postal-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Postal-Address
+attributeID: 2.5.4.16
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 4096
+mAPIID: 33036
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Postal-Address
+adminDescription: Postal-Address
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: postalAddress
+schemaIDGUID:: /HmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Postal-Code,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Postal-Code
+attributeID: 2.5.4.17
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 40
+mAPIID: 14890
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Postal-Code
+adminDescription: Postal-Code
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: postalCode
+schemaIDGUID:: /XmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Preferred-Delivery-Method,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Preferred-Delivery-Method
+attributeID: 2.5.4.28
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+mAPIID: 33037
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Preferred-Delivery-Method
+adminDescription: Preferred-Delivery-Method
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: preferredDeliveryMethod
+schemaIDGUID:: /nmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Preferred-OU,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Preferred-OU
+attributeID: 1.2.840.113556.1.4.97
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Preferred-OU
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Preferred-OU
+oMSyntax: 127
+searchFlags: 16
+lDAPDisplayName: preferredOU
+schemaIDGUID:: /3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=preferredLanguage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: preferredLanguage
+attributeID: 2.16.840.1.113730.3.1.39
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: preferredLanguage
+adminDescription: The preferred written or spoken language for a person.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: preferredLanguage
+schemaIDGUID:: 0OBrhecY4UaPX37k2QIODQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Prefix-Map,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Prefix-Map
+attributeID: 1.2.840.113556.1.4.538
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Prefix-Map
+adminDescription: Prefix-Map
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: prefixMap
+schemaFlagsEx: 1
+schemaIDGUID:: IoBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Presentation-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Presentation-Address
+attributeID: 2.5.4.29
+attributeSyntax: 2.5.5.13
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Presentation-Address
+oMObjectClass:: KwwCh3McAIVc
+adminDescription: Presentation-Address
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: presentationAddress
+schemaIDGUID:: S3TfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Previous-CA-Certificates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Previous-CA-Certificates
+attributeID: 1.2.840.113556.1.4.692
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Previous-CA-Certificates
+adminDescription: Previous-CA-Certificates
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: previousCACertificates
+schemaIDGUID:: OSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Previous-Parent-CA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Previous-Parent-CA
+attributeID: 1.2.840.113556.1.4.694
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Previous-Parent-CA
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Previous-Parent-CA
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: previousParentCA
+schemaIDGUID:: PSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Primary-Group-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Primary-Group-ID
+attributeID: 1.2.840.113556.1.4.98
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Primary-Group-ID
+adminDescription: Primary-Group-ID
+oMSyntax: 2
+searchFlags: 17
+lDAPDisplayName: primaryGroupID
+schemaFlagsEx: 1
+schemaIDGUID:: AHqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Primary-Group-Token,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Primary-Group-Token
+attributeID: 1.2.840.113556.1.4.1412
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Primary-Group-Token
+adminDescription: Primary-Group-Token
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: primaryGroupToken
+schemaFlagsEx: 1
+schemaIDGUID:: OIftwP1+gUSE2WbS24vjaQ==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Attributes
+attributeID: 1.2.840.113556.1.4.247
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Attributes
+adminDescription: Print-Attributes
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printAttributes
+schemaIDGUID:: 1xYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Bin-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Bin-Names
+attributeID: 1.2.840.113556.1.4.237
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Bin-Names
+adminDescription: Print-Bin-Names
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printBinNames
+schemaIDGUID:: zRYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Collate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Collate
+attributeID: 1.2.840.113556.1.4.242
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Collate
+adminDescription: Print-Collate
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: printCollate
+schemaIDGUID:: 0hYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Color,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Color
+attributeID: 1.2.840.113556.1.4.243
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Color
+adminDescription: Print-Color
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: printColor
+schemaIDGUID:: 0xYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Duplex-Supported,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Duplex-Supported
+attributeID: 1.2.840.113556.1.4.1311
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Duplex-Supported
+adminDescription: Print-Duplex-Supported
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: printDuplexSupported
+schemaIDGUID:: zBYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-End-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-End-Time
+attributeID: 1.2.840.113556.1.4.234
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-End-Time
+adminDescription: Print-End-Time
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printEndTime
+schemaIDGUID:: yhYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Form-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Form-Name
+attributeID: 1.2.840.113556.1.4.235
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Form-Name
+adminDescription: Print-Form-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printFormName
+schemaIDGUID:: yxYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Keep-Printed-Jobs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Keep-Printed-Jobs
+attributeID: 1.2.840.113556.1.4.275
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Keep-Printed-Jobs
+adminDescription: Print-Keep-Printed-Jobs
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: printKeepPrintedJobs
+schemaIDGUID:: bV8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Language,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Language
+attributeID: 1.2.840.113556.1.4.246
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Language
+adminDescription: Print-Language
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printLanguage
+schemaIDGUID:: 1hYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-MAC-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-MAC-Address
+attributeID: 1.2.840.113556.1.4.288
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-MAC-Address
+adminDescription: Print-MAC-Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printMACAddress
+schemaIDGUID:: el8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Max-Copies,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Max-Copies
+attributeID: 1.2.840.113556.1.4.241
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Max-Copies
+adminDescription: Print-Max-Copies
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMaxCopies
+schemaIDGUID:: 0RYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Max-Resolution-Supported,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Max-Resolution-Supported
+attributeID: 1.2.840.113556.1.4.238
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Max-Resolution-Supported
+adminDescription: Print-Max-Resolution-Supported
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMaxResolutionSupported
+schemaIDGUID:: zxYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Max-X-Extent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Max-X-Extent
+attributeID: 1.2.840.113556.1.4.277
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Max-X-Extent
+adminDescription: Print-Max-X-Extent
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMaxXExtent
+schemaIDGUID:: b18wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Max-Y-Extent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Max-Y-Extent
+attributeID: 1.2.840.113556.1.4.278
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Max-Y-Extent
+adminDescription: Print-Max-Y-Extent
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMaxYExtent
+schemaIDGUID:: cF8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Media-Ready,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Media-Ready
+attributeID: 1.2.840.113556.1.4.289
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Media-Ready
+adminDescription: Print-Media-Ready
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printMediaReady
+schemaIDGUID:: 9fzLOz1N0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Media-Supported,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Media-Supported
+attributeID: 1.2.840.113556.1.4.299
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Media-Supported
+adminDescription: Print-Media-Supported
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printMediaSupported
+schemaIDGUID:: bylLJL1a0BGv0gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Memory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Memory
+attributeID: 1.2.840.113556.1.4.282
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Memory
+adminDescription: Print-Memory
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMemory
+schemaIDGUID:: dF8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Min-X-Extent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Min-X-Extent
+attributeID: 1.2.840.113556.1.4.279
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Min-X-Extent
+adminDescription: Print-Min-X-Extent
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMinXExtent
+schemaIDGUID:: cV8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Min-Y-Extent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Min-Y-Extent
+attributeID: 1.2.840.113556.1.4.280
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Min-Y-Extent
+adminDescription: Print-Min-Y-Extent
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMinYExtent
+schemaIDGUID:: cl8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Network-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Network-Address
+attributeID: 1.2.840.113556.1.4.287
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Network-Address
+adminDescription: Print-Network-Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printNetworkAddress
+schemaIDGUID:: eV8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Notify,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Notify
+attributeID: 1.2.840.113556.1.4.272
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Notify
+adminDescription: Print-Notify
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printNotify
+schemaIDGUID:: al8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Number-Up,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Number-Up
+attributeID: 1.2.840.113556.1.4.290
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Number-Up
+adminDescription: Print-Number-Up
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printNumberUp
+schemaIDGUID:: 9PzLOz1N0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Orientations-Supported,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Orientations-Supported
+attributeID: 1.2.840.113556.1.4.240
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Orientations-Supported
+adminDescription: Print-Orientations-Supported
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printOrientationsSupported
+schemaIDGUID:: 0BYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Owner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Owner
+attributeID: 1.2.840.113556.1.4.271
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Owner
+adminDescription: Print-Owner
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printOwner
+schemaIDGUID:: aV8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Pages-Per-Minute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Pages-Per-Minute
+attributeID: 1.2.840.113556.1.4.631
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Pages-Per-Minute
+adminDescription: Print-Pages-Per-Minute
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printPagesPerMinute
+schemaIDGUID:: l1tAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Rate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Rate
+attributeID: 1.2.840.113556.1.4.285
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Rate
+adminDescription: Print-Rate
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printRate
+schemaIDGUID:: d18wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Rate-Unit,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Rate-Unit
+attributeID: 1.2.840.113556.1.4.286
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Rate-Unit
+adminDescription: Print-Rate-Unit
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printRateUnit
+schemaIDGUID:: eF8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Separator-File,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Separator-File
+attributeID: 1.2.840.113556.1.4.230
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Separator-File
+adminDescription: Print-Separator-File
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printSeparatorFile
+schemaIDGUID:: xhYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Share-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Share-Name
+attributeID: 1.2.840.113556.1.4.270
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Share-Name
+adminDescription: Print-Share-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printShareName
+schemaIDGUID:: aF8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Spooling,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Spooling
+attributeID: 1.2.840.113556.1.4.274
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Spooling
+adminDescription: Print-Spooling
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printSpooling
+schemaIDGUID:: bF8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Stapling-Supported,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Stapling-Supported
+attributeID: 1.2.840.113556.1.4.281
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Stapling-Supported
+adminDescription: Print-Stapling-Supported
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: printStaplingSupported
+schemaIDGUID:: c18wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Start-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Start-Time
+attributeID: 1.2.840.113556.1.4.233
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Start-Time
+adminDescription: Print-Start-Time
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printStartTime
+schemaIDGUID:: yRYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Status,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Status
+attributeID: 1.2.840.113556.1.4.273
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Status
+adminDescription: Print-Status
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printStatus
+schemaIDGUID:: a18wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Printer-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Printer-Name
+attributeID: 1.2.840.113556.1.4.300
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Printer-Name
+adminDescription: Printer-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printerName
+schemaIDGUID:: bilLJL1a0BGv0gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Prior-Set-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Prior-Set-Time
+attributeID: 1.2.840.113556.1.4.99
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Prior-Set-Time
+adminDescription: Prior-Set-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: priorSetTime
+schemaFlagsEx: 1
+schemaIDGUID:: AXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Prior-Value,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Prior-Value
+attributeID: 1.2.840.113556.1.4.100
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Prior-Value
+adminDescription: Prior-Value
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: priorValue
+schemaFlagsEx: 1
+schemaIDGUID:: AnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Priority
+attributeID: 1.2.840.113556.1.4.231
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Priority
+adminDescription: Priority
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: priority
+schemaIDGUID:: xxYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Private-Key,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Private-Key
+attributeID: 1.2.840.113556.1.4.101
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Private-Key
+adminDescription: Private-Key
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: privateKey
+schemaFlagsEx: 1
+schemaIDGUID:: A3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Privilege-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Privilege-Attributes
+attributeID: 1.2.840.113556.1.4.636
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Privilege-Attributes
+adminDescription: Privilege-Attributes
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: privilegeAttributes
+schemaIDGUID:: mltAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Privilege-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Privilege-Display-Name
+attributeID: 1.2.840.113556.1.4.634
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Privilege-Display-Name
+adminDescription: Privilege-Display-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: privilegeDisplayName
+schemaIDGUID:: mFtAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Privilege-Holder,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Privilege-Holder
+attributeID: 1.2.840.113556.1.4.637
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 70
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Privilege-Holder
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Privilege-Holder
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: privilegeHolder
+schemaIDGUID:: m1tAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Privilege-Value,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Privilege-Value
+attributeID: 1.2.840.113556.1.4.635
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Privilege-Value
+adminDescription: Privilege-Value
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: privilegeValue
+schemaIDGUID:: mVtAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Product-Code,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Product-Code
+attributeID: 1.2.840.113556.1.4.818
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Product-Code
+adminDescription: Product-Code
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: productCode
+schemaIDGUID:: F4Ph2TmJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Profile-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Profile-Path
+attributeID: 1.2.840.113556.1.4.139
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Profile-Path
+adminDescription: Profile-Path
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: profilePath
+schemaFlagsEx: 1
+schemaIDGUID:: BXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Proxied-Object-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Proxied-Object-Name
+attributeID: 1.2.840.113556.1.4.1249
+attributeSyntax: 2.5.5.7
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Proxied-Object-Name
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: Proxied-Object-Name
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: proxiedObjectName
+schemaFlagsEx: 1
+schemaIDGUID:: AqSu4VvN0BGv/wAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Proxy-Addresses,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Proxy-Addresses
+attributeID: 1.2.840.113556.1.2.210
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 1123
+mAPIID: 32783
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Proxy-Addresses
+adminDescription: Proxy-Addresses
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: proxyAddresses
+schemaFlagsEx: 1
+schemaIDGUID:: BnqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Proxy-Generation-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Proxy-Generation-Enabled
+attributeID: 1.2.840.113556.1.2.523
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+mAPIID: 33201
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Proxy-Generation-Enabled
+adminDescription: Proxy-Generation-Enabled
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: proxyGenerationEnabled
+schemaIDGUID:: 1iTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Proxy-Lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Proxy-Lifetime
+attributeID: 1.2.840.113556.1.4.103
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Proxy-Lifetime
+adminDescription: Proxy-Lifetime
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: proxyLifetime
+schemaFlagsEx: 1
+schemaIDGUID:: B3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Public-Key-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Public-Key-Policy
+attributeID: 1.2.840.113556.1.4.420
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Public-Key-Policy
+adminDescription: Public-Key-Policy
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: publicKeyPolicy
+schemaIDGUID:: KH6mgCKf0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: /YmboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Purported-Search,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Purported-Search
+attributeID: 1.2.840.113556.1.4.886
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Purported-Search
+adminDescription: Purported-Search
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: purportedSearch
+schemaIDGUID:: UE61tDqU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pwd-History-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pwd-History-Length
+attributeID: 1.2.840.113556.1.4.95
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pwd-History-Length
+adminDescription: Pwd-History-Length
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: pwdHistoryLength
+schemaFlagsEx: 1
+schemaIDGUID:: CXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pwd-Last-Set,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pwd-Last-Set
+attributeID: 1.2.840.113556.1.4.96
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pwd-Last-Set
+adminDescription: Pwd-Last-Set
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: pwdLastSet
+schemaFlagsEx: 1
+schemaIDGUID:: CnqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pwd-Properties,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pwd-Properties
+attributeID: 1.2.840.113556.1.4.93
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pwd-Properties
+adminDescription: Pwd-Properties
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: pwdProperties
+schemaFlagsEx: 1
+schemaIDGUID:: C3qWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Quality-Of-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Quality-Of-Service
+attributeID: 1.2.840.113556.1.4.458
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Quality-Of-Service
+adminDescription: Quality-Of-Service
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: qualityOfService
+schemaIDGUID:: Tn6mgCKf0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: AYqboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Query-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Query-Filter
+attributeID: 1.2.840.113556.1.4.1355
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Query-Filter
+adminDescription: Query-Filter
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: queryFilter
+schemaIDGUID:: Jgr3y3h+0hGZIQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Query-Policy-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Query-Policy-BL
+attributeID: 1.2.840.113556.1.4.608
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 69
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Query-Policy-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Query-Policy-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: queryPolicyBL
+schemaIDGUID:: BKSu4VvN0BGv/wAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Query-Policy-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Query-Policy-Object
+attributeID: 1.2.840.113556.1.4.607
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 68
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Query-Policy-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Query-Policy-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: queryPolicyObject
+schemaFlagsEx: 1
+schemaIDGUID:: A6Su4VvN0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=QueryPoint,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: QueryPoint
+attributeID: 1.2.840.113556.1.4.680
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: QueryPoint
+adminDescription: QueryPoint
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: queryPoint
+schemaIDGUID:: hsv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Range-Lower,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Range-Lower
+attributeID: 1.2.840.113556.1.2.34
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 33043
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Range-Lower
+adminDescription: Range-Lower
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: rangeLower
+schemaFlagsEx: 1
+schemaIDGUID:: DHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Range-Upper,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Range-Upper
+attributeID: 1.2.840.113556.1.2.35
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 33044
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Range-Upper
+adminDescription: Range-Upper
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: rangeUpper
+schemaFlagsEx: 1
+schemaIDGUID:: DXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RDN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RDN
+attributeID: 1.2.840.113556.1.4.1
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 255
+mAPIID: 33282
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RDN
+adminDescription: RDN
+oMSyntax: 64
+searchFlags: 13
+lDAPDisplayName: name
+schemaFlagsEx: 1
+schemaIDGUID:: DnqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RDN-Att-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RDN-Att-ID
+attributeID: 1.2.840.113556.1.2.26
+attributeSyntax: 2.5.5.2
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RDN-Att-ID
+adminDescription: RDN-Att-ID
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: rDNAttID
+schemaFlagsEx: 1
+schemaIDGUID:: D3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Registered-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Registered-Address
+attributeID: 2.5.4.26
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 4096
+mAPIID: 33049
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Registered-Address
+adminDescription: Registered-Address
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: registeredAddress
+schemaIDGUID:: EHqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Server-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Remote-Server-Name
+attributeID: 1.2.840.113556.1.4.105
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Remote-Server-Name
+adminDescription: Remote-Server-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: remoteServerName
+schemaIDGUID:: EnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Source,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Remote-Source
+attributeID: 1.2.840.113556.1.4.107
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Remote-Source
+adminDescription: Remote-Source
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: remoteSource
+schemaIDGUID:: FHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Source-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Remote-Source-Type
+attributeID: 1.2.840.113556.1.4.108
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Remote-Source-Type
+adminDescription: Remote-Source-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: remoteSourceType
+schemaIDGUID:: FXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Storage-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Remote-Storage-GUID
+attributeID: 1.2.840.113556.1.4.809
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Remote-Storage-GUID
+adminDescription: Remote-Storage-GUID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: remoteStorageGUID
+schemaIDGUID:: sMU5KmCJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Repl-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Repl-Interval
+attributeID: 1.2.840.113556.1.4.1336
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Repl-Interval
+adminDescription: Repl-Interval
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: replInterval
+schemaFlagsEx: 1
+schemaIDGUID:: Gp26RfpW0hGQ0ADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Repl-Property-Meta-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Repl-Property-Meta-Data
+attributeID: 1.2.840.113556.1.4.3
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Repl-Property-Meta-Data
+adminDescription: Repl-Property-Meta-Data
+oMSyntax: 4
+searchFlags: 8
+lDAPDisplayName: replPropertyMetaData
+schemaFlagsEx: 1
+schemaIDGUID:: wBYUKGgZ0BGijwCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 27
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Repl-Topology-Stay-Of-Execution,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Repl-Topology-Stay-Of-Execution
+attributeID: 1.2.840.113556.1.4.677
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Repl-Topology-Stay-Of-Execution
+adminDescription: Repl-Topology-Stay-Of-Execution
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: replTopologyStayOfExecution
+schemaFlagsEx: 1
+schemaIDGUID:: g8v9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Repl-UpToDate-Vector,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Repl-UpToDate-Vector
+attributeID: 1.2.840.113556.1.4.4
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Repl-UpToDate-Vector
+adminDescription: Repl-UpToDate-Vector
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: replUpToDateVector
+schemaFlagsEx: 1
+schemaIDGUID:: FnqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Replica-Source,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Replica-Source
+attributeID: 1.2.840.113556.1.4.109
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Replica-Source
+adminDescription: Replica-Source
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: replicaSource
+schemaIDGUID:: GHqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Reports,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Reports
+attributeID: 1.2.840.113556.1.2.436
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 32782
+linkID: 43
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Reports
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Reports
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: directReports
+schemaIDGUID:: HHqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Reps-From,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Reps-From
+attributeID: 1.2.840.113556.1.2.91
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Reps-From
+oMObjectClass:: KoZIhvcUAQEBBg==
+adminDescription: Reps-From
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: repsFrom
+schemaFlagsEx: 1
+schemaIDGUID:: HXqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Reps-To,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Reps-To
+attributeID: 1.2.840.113556.1.2.83
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Reps-To
+oMObjectClass:: KoZIhvcUAQEBBg==
+adminDescription: Reps-To
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: repsTo
+schemaFlagsEx: 1
+schemaIDGUID:: HnqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Required-Categories,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Required-Categories
+attributeID: 1.2.840.113556.1.4.321
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Required-Categories
+adminDescription: Required-Categories
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: requiredCategories
+schemaIDGUID:: kw5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Retired-Repl-DSA-Signatures,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Retired-Repl-DSA-Signatures
+attributeID: 1.2.840.113556.1.4.673
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Retired-Repl-DSA-Signatures
+adminDescription: Retired-Repl-DSA-Signatures
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: retiredReplDSASignatures
+schemaFlagsEx: 1
+schemaIDGUID:: f8v9ewdI0RGpwwAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Revision,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Revision
+attributeID: 1.2.840.113556.1.4.145
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Revision
+adminDescription: Revision
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: revision
+schemaFlagsEx: 1
+schemaIDGUID:: IXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Rid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Rid
+attributeID: 1.2.840.113556.1.4.153
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Rid
+adminDescription: Rid
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: rid
+schemaFlagsEx: 1
+schemaIDGUID:: InqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Allocation-Pool,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Allocation-Pool
+attributeID: 1.2.840.113556.1.4.371
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Allocation-Pool
+adminDescription: RID-Allocation-Pool
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: rIDAllocationPool
+schemaFlagsEx: 1
+schemaIDGUID:: iRgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Available-Pool,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Available-Pool
+attributeID: 1.2.840.113556.1.4.370
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Available-Pool
+adminDescription: RID-Available-Pool
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: rIDAvailablePool
+schemaFlagsEx: 1
+schemaIDGUID:: iBgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Manager-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Manager-Reference
+attributeID: 1.2.840.113556.1.4.368
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Manager-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: RID-Manager-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: rIDManagerReference
+schemaFlagsEx: 1
+schemaIDGUID:: hhgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Next-RID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Next-RID
+attributeID: 1.2.840.113556.1.4.374
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Next-RID
+adminDescription: RID-Next-RID
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: rIDNextRID
+schemaFlagsEx: 1
+schemaIDGUID:: jBgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Previous-Allocation-Pool,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Previous-Allocation-Pool
+attributeID: 1.2.840.113556.1.4.372
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Previous-Allocation-Pool
+adminDescription: RID-Previous-Allocation-Pool
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: rIDPreviousAllocationPool
+schemaFlagsEx: 1
+schemaIDGUID:: ihgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Set-References,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Set-References
+attributeID: 1.2.840.113556.1.4.669
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Set-References
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: RID-Set-References
+oMSyntax: 127
+searchFlags: 8
+lDAPDisplayName: rIDSetReferences
+schemaFlagsEx: 1
+schemaIDGUID:: e8v9ewdI0RGpwwAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Used-Pool,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Used-Pool
+attributeID: 1.2.840.113556.1.4.373
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Used-Pool
+adminDescription: RID-Used-Pool
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: rIDUsedPool
+schemaFlagsEx: 1
+schemaIDGUID:: ixgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Rights-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Rights-Guid
+attributeID: 1.2.840.113556.1.4.340
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Rights-Guid
+adminDescription: Rights-Guid
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: rightsGuid
+schemaFlagsEx: 1
+schemaIDGUID:: HJOXgtOG0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Role-Occupant,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Role-Occupant
+attributeID: 2.5.4.33
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 33061
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Role-Occupant
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Role-Occupant
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: roleOccupant
+schemaIDGUID:: ZXTfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=roomNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: roomNumber
+attributeID: 0.9.2342.19200300.100.1.6
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: roomNumber
+adminDescription: The room number of an object.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: roomNumber
+schemaIDGUID:: wvjXgSfjDUqRxrQtQAkRXw==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Root-Trust,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Root-Trust
+attributeID: 1.2.840.113556.1.4.674
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Root-Trust
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Root-Trust
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: rootTrust
+schemaFlagsEx: 1
+schemaIDGUID:: gMv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Annotation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Annotation
+attributeID: 1.2.840.113556.1.4.366
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Annotation
+adminDescription: rpc-Ns-Annotation
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: rpcNsAnnotation
+schemaIDGUID:: 3hthiPSM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Bindings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Bindings
+attributeID: 1.2.840.113556.1.4.113
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Bindings
+adminDescription: rpc-Ns-Bindings
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: rpcNsBindings
+schemaIDGUID:: I3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Codeset,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Codeset
+attributeID: 1.2.840.113556.1.4.367
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Codeset
+adminDescription: rpc-Ns-Codeset
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: rpcNsCodeset
+schemaIDGUID:: 4KALepiO0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Entry-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Entry-Flags
+attributeID: 1.2.840.113556.1.4.754
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Entry-Flags
+adminDescription: rpc-Ns-Entry-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: rpcNsEntryFlags
+schemaIDGUID:: QSghgNxL0RGpxAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Group
+attributeID: 1.2.840.113556.1.4.114
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Group
+adminDescription: rpc-Ns-Group
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: rpcNsGroup
+schemaIDGUID:: JHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Interface-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Interface-ID
+attributeID: 1.2.840.113556.1.4.115
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Interface-ID
+adminDescription: rpc-Ns-Interface-ID
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: rpcNsInterfaceID
+schemaIDGUID:: JXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Object-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Object-ID
+attributeID: 1.2.840.113556.1.4.312
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Object-ID
+adminDescription: rpc-Ns-Object-ID
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: rpcNsObjectID
+schemaIDGUID:: SBxAKSd60BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Priority
+attributeID: 1.2.840.113556.1.4.117
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Priority
+adminDescription: rpc-Ns-Priority
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: rpcNsPriority
+schemaIDGUID:: J3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Profile-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Profile-Entry
+attributeID: 1.2.840.113556.1.4.118
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Profile-Entry
+adminDescription: rpc-Ns-Profile-Entry
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: rpcNsProfileEntry
+schemaIDGUID:: KHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Transfer-Syntax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Transfer-Syntax
+attributeID: 1.2.840.113556.1.4.314
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Transfer-Syntax
+adminDescription: rpc-Ns-Transfer-Syntax
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: rpcNsTransferSyntax
+schemaIDGUID:: ShxAKSd60BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SAM-Account-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SAM-Account-Name
+attributeID: 1.2.840.113556.1.4.221
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SAM-Account-Name
+adminDescription: SAM-Account-Name
+oMSyntax: 64
+searchFlags: 13
+lDAPDisplayName: sAMAccountName
+schemaFlagsEx: 1
+schemaIDGUID:: 0L8KPmoS0BGgYACqAGwz7Q==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SAM-Account-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SAM-Account-Type
+attributeID: 1.2.840.113556.1.4.302
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SAM-Account-Type
+adminDescription: SAM-Account-Type
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: sAMAccountType
+schemaFlagsEx: 1
+schemaIDGUID:: bGJ7bvJk0BGv0gDAT9kwyQ==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SAM-Domain-Updates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SAM-Domain-Updates
+attributeID: 1.2.840.113556.1.4.1969
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SAM-Domain-Updates
+adminDescription: 
+ Contains a bitmask of performed SAM operations on active directory
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: samDomainUpdates
+schemaFlagsEx: 1
+schemaIDGUID:: FNHSBJn3m0683JDo9bp+vg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Schedule,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Schedule
+attributeID: 1.2.840.113556.1.4.211
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Schedule
+adminDescription: Schedule
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: schedule
+schemaFlagsEx: 1
+schemaIDGUID:: JCJx3eQQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Schema-Flags-Ex,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Schema-Flags-Ex
+attributeID: 1.2.840.113556.1.4.120
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Schema-Flags-Ex
+adminDescription: Schema-Flags-Ex
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: schemaFlagsEx
+schemaFlagsEx: 1
+schemaIDGUID:: K3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Schema-ID-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Schema-ID-GUID
+attributeID: 1.2.840.113556.1.4.148
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Schema-ID-GUID
+adminDescription: Schema-ID-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: schemaIDGUID
+schemaFlagsEx: 1
+schemaIDGUID:: I3mWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Schema-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Schema-Info
+attributeID: 1.2.840.113556.1.4.1358
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Schema-Info
+adminDescription: Schema-Info
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: schemaInfo
+schemaFlagsEx: 1
+schemaIDGUID:: rmT7+bST0hGZRQAA+HpX1A==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Schema-Update,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Schema-Update
+attributeID: 1.2.840.113556.1.4.481
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Schema-Update
+adminDescription: Schema-Update
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: schemaUpdate
+schemaIDGUID:: tAYtHo+s0BGv4wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Schema-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Schema-Version
+attributeID: 1.2.840.113556.1.2.471
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+mAPIID: 33148
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Schema-Version
+adminDescription: Schema-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: schemaVersion
+schemaIDGUID:: LHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Scope-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Scope-Flags
+attributeID: 1.2.840.113556.1.4.1354
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Scope-Flags
+adminDescription: Scope-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: scopeFlags
+schemaIDGUID:: wqTzFnl+0hGZIQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Script-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Script-Path
+attributeID: 1.2.840.113556.1.4.62
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Script-Path
+adminDescription: Script-Path
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: scriptPath
+schemaFlagsEx: 1
+schemaIDGUID:: qHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SD-Rights-Effective,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SD-Rights-Effective
+attributeID: 1.2.840.113556.1.4.1304
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SD-Rights-Effective
+adminDescription: SD-Rights-Effective
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: sDRightsEffective
+schemaFlagsEx: 1
+schemaIDGUID:: pq/bw98z0hGYsgAA+HpX1A==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Search-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Search-Flags
+attributeID: 1.2.840.113556.1.2.334
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+mAPIID: 33069
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Search-Flags
+adminDescription: Search-Flags
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: searchFlags
+schemaFlagsEx: 1
+schemaIDGUID:: LXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Search-Guide,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Search-Guide
+attributeID: 2.5.4.14
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+mAPIID: 33070
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Search-Guide
+adminDescription: Search-Guide
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: searchGuide
+schemaIDGUID:: LnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=secretary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: secretary
+attributeID: 0.9.2342.19200300.100.1.21
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: secretary
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Specifies the secretary of a person.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: secretary
+schemaIDGUID:: mi0HAa2YU0qXROg+KHJ4+w==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Security-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Security-Identifier
+attributeID: 1.2.840.113556.1.4.121
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Security-Identifier
+adminDescription: Security-Identifier
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: securityIdentifier
+schemaFlagsEx: 1
+schemaIDGUID:: L3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=See-Also,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: See-Also
+attributeID: 2.5.4.34
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 33071
+showInAdvancedViewOnly: TRUE
+adminDisplayName: See-Also
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: See-Also
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: seeAlso
+schemaIDGUID:: MXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Seq-Notification,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Seq-Notification
+attributeID: 1.2.840.113556.1.4.504
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Seq-Notification
+adminDescription: Seq-Notification
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: seqNotification
+schemaIDGUID:: 8gys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Serial-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Serial-Number
+attributeID: 2.5.4.5
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 33072
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Serial-Number
+adminDescription: Serial-Number
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: serialNumber
+schemaIDGUID:: MnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Server-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Server-Name
+attributeID: 1.2.840.113556.1.4.223
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Server-Name
+adminDescription: Server-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: serverName
+schemaFlagsEx: 1
+schemaIDGUID:: oLfcCV8W0BGgZACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Server-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Server-Reference
+attributeID: 1.2.840.113556.1.4.515
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 94
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Server-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Server-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: serverReference
+schemaFlagsEx: 1
+schemaIDGUID:: bXPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Server-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Server-Reference-BL
+attributeID: 1.2.840.113556.1.4.516
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 95
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Server-Reference-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Server-Reference-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: serverReferenceBL
+schemaFlagsEx: 1
+schemaIDGUID:: bnPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Server-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Server-Role
+attributeID: 1.2.840.113556.1.4.157
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Server-Role
+adminDescription: Server-Role
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: serverRole
+schemaIDGUID:: M3qWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Server-State,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Server-State
+attributeID: 1.2.840.113556.1.4.154
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Server-State
+adminDescription: Server-State
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: serverState
+schemaFlagsEx: 1
+schemaIDGUID:: NHqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Binding-Information,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-Binding-Information
+attributeID: 1.2.840.113556.1.4.510
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Binding-Information
+adminDescription: Service-Binding-Information
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: serviceBindingInformation
+schemaIDGUID:: HDGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Class-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-Class-ID
+attributeID: 1.2.840.113556.1.4.122
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Class-ID
+adminDescription: Service-Class-ID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: serviceClassID
+schemaIDGUID:: NXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Class-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-Class-Info
+attributeID: 1.2.840.113556.1.4.123
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Class-Info
+adminDescription: Service-Class-Info
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: serviceClassInfo
+schemaIDGUID:: NnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Class-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-Class-Name
+attributeID: 1.2.840.113556.1.4.509
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Class-Name
+adminDescription: Service-Class-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: serviceClassName
+schemaIDGUID:: HTGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-DNS-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-DNS-Name
+attributeID: 1.2.840.113556.1.4.657
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-DNS-Name
+adminDescription: Service-DNS-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: serviceDNSName
+schemaIDGUID:: uA5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-DNS-Name-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-DNS-Name-Type
+attributeID: 1.2.840.113556.1.4.659
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-DNS-Name-Type
+adminDescription: Service-DNS-Name-Type
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: serviceDNSNameType
+schemaIDGUID:: ug5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Instance-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-Instance-Version
+attributeID: 1.2.840.113556.1.4.199
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 8
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Instance-Version
+adminDescription: Service-Instance-Version
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: serviceInstanceVersion
+schemaIDGUID:: N3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Principal-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-Principal-Name
+attributeID: 1.2.840.113556.1.4.771
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Principal-Name
+adminDescription: Service-Principal-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: servicePrincipalName
+schemaFlagsEx: 1
+schemaIDGUID:: iEem8wZT0RGpxQAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Setup-Command,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Setup-Command
+attributeID: 1.2.840.113556.1.4.325
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Setup-Command
+adminDescription: Setup-Command
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: setupCommand
+schemaIDGUID:: lw5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowExpire,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowExpire
+attributeID: 1.3.6.1.1.1.1.10
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowExpire
+adminDescription: Absolute date to expire account
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowExpire
+schemaIDGUID:: AJoVdf8f9EyL/07yaVz2Qw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowFlag,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowFlag
+attributeID: 1.3.6.1.1.1.1.11
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowFlag
+adminDescription: 
+ This is a part of the shadow map used to store the flag value.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowFlag
+schemaIDGUID:: Dbf+jdvFtkaxXqQ4nmzumw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowInactive,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowInactive
+attributeID: 1.3.6.1.1.1.1.9
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowInactive
+adminDescription: Number of days before password expiry to warn user
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowInactive
+schemaIDGUID:: Hx2HhhAzEkOO/a9J3PsmcQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowLastChange,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowLastChange
+attributeID: 1.3.6.1.1.1.1.5
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowLastChange
+adminDescription: Last change of shadow information.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowLastChange
+schemaIDGUID:: nGjy+OgpQ0iBd+i5jhXurA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowMax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowMax
+attributeID: 1.3.6.1.1.1.1.7
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowMax
+adminDescription: Maximum number of days password is valid.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowMax
+schemaIDGUID:: UsmF8t1QnkSRYDuIDZmYjQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowMin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowMin
+attributeID: 1.3.6.1.1.1.1.6
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowMin
+adminDescription: Minimum number of days between shadow changes.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowMin
+schemaIDGUID:: N4drp6HlaEWwV9wS4Evksg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowWarning,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowWarning
+attributeID: 1.3.6.1.1.1.1.8
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowWarning
+adminDescription: Number of days before password expiry to warn user
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowWarning
+schemaIDGUID:: nJzoenYpRkq7ijQPiFYBFw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Shell-Context-Menu,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Shell-Context-Menu
+attributeID: 1.2.840.113556.1.4.615
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Shell-Context-Menu
+adminDescription: Shell-Context-Menu
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: shellContextMenu
+schemaIDGUID:: OdA/VS7z0BGwvADAT9jcpg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Shell-Property-Pages,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Shell-Property-Pages
+attributeID: 1.2.840.113556.1.4.563
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Shell-Property-Pages
+adminDescription: Shell-Property-Pages
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: shellPropertyPages
+schemaIDGUID:: OYBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Short-Server-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Short-Server-Name
+attributeID: 1.2.840.113556.1.4.1209
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Short-Server-Name
+adminDescription: Short-Server-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: shortServerName
+schemaIDGUID:: ARWwRRnE0RG7yQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Show-In-Address-Book,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Show-In-Address-Book
+attributeID: 1.2.840.113556.1.4.644
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Show-In-Address-Book
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Show-In-Address-Book
+oMSyntax: 127
+searchFlags: 16
+lDAPDisplayName: showInAddressBook
+schemaFlagsEx: 1
+schemaIDGUID:: DvZ0PnM+0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Show-In-Advanced-View-Only,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Show-In-Advanced-View-Only
+attributeID: 1.2.840.113556.1.2.169
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Show-In-Advanced-View-Only
+adminDescription: Show-In-Advanced-View-Only
+oMSyntax: 1
+searchFlags: 17
+lDAPDisplayName: showInAdvancedViewOnly
+schemaFlagsEx: 1
+schemaIDGUID:: hHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SID-History,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SID-History
+attributeID: 1.2.840.113556.1.4.609
+attributeSyntax: 2.5.5.17
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SID-History
+adminDescription: SID-History
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: sIDHistory
+schemaFlagsEx: 1
+schemaIDGUID:: eELrF2fR0BGwAgAA+ANnwQ==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Signature-Algorithms,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Signature-Algorithms
+attributeID: 1.2.840.113556.1.4.824
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Signature-Algorithms
+adminDescription: Signature-Algorithms
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: signatureAlgorithms
+schemaIDGUID:: ssU5KmCJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Site-GUID
+attributeID: 1.2.840.113556.1.4.362
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-GUID
+adminDescription: Site-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: siteGUID
+schemaIDGUID:: JImXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Link-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Site-Link-List
+attributeID: 1.2.840.113556.1.4.822
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 142
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-Link-List
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Site-Link-List
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: siteLinkList
+schemaFlagsEx: 1
+schemaIDGUID:: 3SwM1VGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Site-List
+attributeID: 1.2.840.113556.1.4.821
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 144
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-List
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Site-List
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: siteList
+schemaFlagsEx: 1
+schemaIDGUID:: 3CwM1VGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Site-Object
+attributeID: 1.2.840.113556.1.4.512
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 46
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Site-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: siteObject
+schemaFlagsEx: 1
+schemaIDGUID:: TJQQPlTD0BGv+AAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Object-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Site-Object-BL
+attributeID: 1.2.840.113556.1.4.513
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 47
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-Object-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Site-Object-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: siteObjectBL
+schemaIDGUID:: TZQQPlTD0BGv+AAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Site-Server
+attributeID: 1.2.840.113556.1.4.494
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-Server
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Site-Server
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: siteServer
+schemaIDGUID:: fPHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SMTP-Mail-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SMTP-Mail-Address
+attributeID: 1.2.840.113556.1.4.786
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SMTP-Mail-Address
+adminDescription: SMTP-Mail-Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mailAddress
+schemaFlagsEx: 1
+schemaIDGUID:: b3PZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SPN-Mappings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SPN-Mappings
+attributeID: 1.2.840.113556.1.4.1347
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SPN-Mappings
+adminDescription: SPN-Mappings
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: sPNMappings
+schemaFlagsEx: 1
+schemaIDGUID:: bOewKkFw0hGZBQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=State-Or-Province-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: State-Or-Province-Name
+attributeID: 2.5.4.8
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 14888
+showInAdvancedViewOnly: TRUE
+adminDisplayName: State-Or-Province-Name
+adminDescription: State-Or-Province-Name
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: st
+schemaFlagsEx: 1
+schemaIDGUID:: OXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Street-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Street-Address
+attributeID: 2.5.4.9
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+mAPIID: 33082
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Street-Address
+adminDescription: Street-Address
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: street
+schemaFlagsEx: 1
+schemaIDGUID:: OnqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Structural-Object-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Structural-Object-Class
+attributeID: 2.5.21.9
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Structural-Object-Class
+adminDescription: The class hierarchy without auxiliary classes
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: structuralObjectClass
+schemaFlagsEx: 1
+schemaIDGUID:: n5RgOKj2OEuZUIHstrwpgg==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sub-Class-Of,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Sub-Class-Of
+attributeID: 1.2.840.113556.1.2.21
+attributeSyntax: 2.5.5.2
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sub-Class-Of
+adminDescription: Sub-Class-Of
+oMSyntax: 6
+searchFlags: 8
+lDAPDisplayName: subClassOf
+schemaFlagsEx: 1
+schemaIDGUID:: O3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sub-Refs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Sub-Refs
+attributeID: 1.2.840.113556.1.2.7
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 33083
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sub-Refs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Sub-Refs
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: subRefs
+schemaFlagsEx: 1
+schemaIDGUID:: PHqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SubSchemaSubEntry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SubSchemaSubEntry
+attributeID: 2.5.18.10
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SubSchemaSubEntry
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: SubSchemaSubEntry
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: subSchemaSubEntry
+schemaFlagsEx: 1
+schemaIDGUID:: Tdl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Super-Scope-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Super-Scope-Description
+attributeID: 1.2.840.113556.1.4.711
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Super-Scope-Description
+adminDescription: Super-Scope-Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: superScopeDescription
+schemaIDGUID:: TCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Super-Scopes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Super-Scopes
+attributeID: 1.2.840.113556.1.4.710
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Super-Scopes
+adminDescription: Super-Scopes
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: superScopes
+schemaIDGUID:: Syc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Superior-DNS-Root,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Superior-DNS-Root
+attributeID: 1.2.840.113556.1.4.532
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Superior-DNS-Root
+adminDescription: Superior-DNS-Root
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: superiorDNSRoot
+schemaFlagsEx: 1
+schemaIDGUID:: HYBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Supplemental-Credentials,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Supplemental-Credentials
+attributeID: 1.2.840.113556.1.4.125
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Supplemental-Credentials
+adminDescription: Supplemental-Credentials
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: supplementalCredentials
+schemaFlagsEx: 1
+schemaIDGUID:: P3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Supported-Application-Context,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Supported-Application-Context
+attributeID: 2.5.4.30
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+mAPIID: 33085
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Supported-Application-Context
+adminDescription: Supported-Application-Context
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: supportedApplicationContext
+schemaIDGUID:: j1h3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Surname,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Surname
+attributeID: 2.5.4.4
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14865
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Surname
+adminDescription: Surname
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: sn
+schemaFlagsEx: 1
+schemaIDGUID:: QXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sync-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Sync-Attributes
+attributeID: 1.2.840.113556.1.4.666
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sync-Attributes
+adminDescription: Sync-Attributes
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: syncAttributes
+schemaIDGUID:: 5FF2Ax1E0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sync-Membership,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Sync-Membership
+attributeID: 1.2.840.113556.1.4.665
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 78
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sync-Membership
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Sync-Membership
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: syncMembership
+schemaIDGUID:: 41F2Ax1E0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sync-With-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Sync-With-Object
+attributeID: 1.2.840.113556.1.4.664
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sync-With-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Sync-With-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: syncWithObject
+schemaIDGUID:: 4lF2Ax1E0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sync-With-SID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Sync-With-SID
+attributeID: 1.2.840.113556.1.4.667
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sync-With-SID
+adminDescription: Sync-With-SID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: syncWithSID
+schemaIDGUID:: 5VF2Ax1E0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=System-Auxiliary-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: System-Auxiliary-Class
+attributeID: 1.2.840.113556.1.4.198
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: System-Auxiliary-Class
+adminDescription: System-Auxiliary-Class
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: systemAuxiliaryClass
+schemaFlagsEx: 1
+schemaIDGUID:: Q3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=System-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: System-Flags
+attributeID: 1.2.840.113556.1.4.375
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: System-Flags
+adminDescription: System-Flags
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: systemFlags
+schemaFlagsEx: 1
+schemaIDGUID:: Yh764EWb0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=System-May-Contain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: System-May-Contain
+attributeID: 1.2.840.113556.1.4.196
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: System-May-Contain
+adminDescription: System-May-Contain
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: systemMayContain
+schemaFlagsEx: 1
+schemaIDGUID:: RHqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=System-Must-Contain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: System-Must-Contain
+attributeID: 1.2.840.113556.1.4.197
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: System-Must-Contain
+adminDescription: System-Must-Contain
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: systemMustContain
+schemaFlagsEx: 1
+schemaIDGUID:: RXqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=System-Only,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: System-Only
+attributeID: 1.2.840.113556.1.4.170
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: System-Only
+adminDescription: System-Only
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: systemOnly
+schemaFlagsEx: 1
+schemaIDGUID:: RnqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=System-Poss-Superiors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: System-Poss-Superiors
+attributeID: 1.2.840.113556.1.4.195
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: System-Poss-Superiors
+adminDescription: System-Poss-Superiors
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: systemPossSuperiors
+schemaFlagsEx: 1
+schemaIDGUID:: R3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Telephone-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Telephone-Number
+attributeID: 2.5.4.20
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14856
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Telephone-Number
+adminDescription: Telephone-Number
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: telephoneNumber
+schemaIDGUID:: SXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Teletex-Terminal-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Teletex-Terminal-Identifier
+attributeID: 2.5.4.22
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+mAPIID: 33091
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Teletex-Terminal-Identifier
+adminDescription: Teletex-Terminal-Identifier
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: teletexTerminalIdentifier
+schemaIDGUID:: SnqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Telex-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Telex-Number
+attributeID: 2.5.4.21
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 32
+mAPIID: 14892
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Telex-Number
+adminDescription: Telex-Number
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: telexNumber
+schemaIDGUID:: S3qWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Telex-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Telex-Primary
+attributeID: 1.2.840.113556.1.4.648
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Telex-Primary
+adminDescription: Telex-Primary
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: primaryTelexNumber
+schemaIDGUID:: IcGWAtpA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Template-Roots,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Template-Roots
+attributeID: 1.2.840.113556.1.4.1346
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Template-Roots
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Template-Roots
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: templateRoots
+schemaFlagsEx: 1
+schemaIDGUID:: oOmd7UFw0hGZBQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Template-Roots2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Template-Roots2
+attributeID: 1.2.840.113556.1.4.2048
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2126
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Template-Roots2
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute is used on the Exchange config container to indicate where the 
+ template containers are stored. This information is used by the Active Directo
+ ry MAPI provider.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: templateRoots2
+schemaFlagsEx: 1
+schemaIDGUID:: GqnLsYIGYkOmWRU+IB7waQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Terminal-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Terminal-Server
+attributeID: 1.2.840.113556.1.4.885
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 20480
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Terminal-Server
+adminDescription: Terminal-Server
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: terminalServer
+schemaIDGUID:: HJq2bSKU0RGuvQAA+ANnwQ==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Text-Country,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Text-Country
+attributeID: 1.2.840.113556.1.2.131
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 14886
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Text-Country
+adminDescription: Text-Country
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: co
+schemaIDGUID:: p//48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Text-Encoded-OR-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Text-Encoded-OR-Address
+attributeID: 0.9.2342.19200300.100.1.2
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+mAPIID: 35969
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Text-Encoded-OR-Address
+adminDescription: Text-Encoded-OR-Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: textEncodedORAddress
+schemaIDGUID:: iXTfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Time-Refresh,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Time-Refresh
+attributeID: 1.2.840.113556.1.4.503
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Time-Refresh
+adminDescription: Time-Refresh
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: timeRefresh
+schemaIDGUID:: 8Qys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Time-Vol-Change,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Time-Vol-Change
+attributeID: 1.2.840.113556.1.4.502
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Time-Vol-Change
+adminDescription: Time-Vol-Change
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: timeVolChange
+schemaIDGUID:: 8Ays3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Title,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Title
+attributeID: 2.5.4.12
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 14871
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Title
+adminDescription: Title
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: title
+schemaIDGUID:: VXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Token-Groups,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Token-Groups
+attributeID: 1.2.840.113556.1.4.1301
+attributeSyntax: 2.5.5.17
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Token-Groups
+adminDescription: Token-Groups
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: tokenGroups
+schemaFlagsEx: 1
+schemaIDGUID:: bZ7Gt8cs0hGFTgCgyYP2CA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Token-Groups-Global-And-Universal,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Token-Groups-Global-And-Universal
+attributeID: 1.2.840.113556.1.4.1418
+attributeSyntax: 2.5.5.17
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Token-Groups-Global-And-Universal
+adminDescription: Token-Groups-Global-And-Universal
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: tokenGroupsGlobalAndUniversal
+schemaFlagsEx: 1
+schemaIDGUID:: HbGpRq5gWkC36P+KWNRW0g==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Token-Groups-No-GC-Acceptable,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Token-Groups-No-GC-Acceptable
+attributeID: 1.2.840.113556.1.4.1303
+attributeSyntax: 2.5.5.17
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Token-Groups-No-GC-Acceptable
+adminDescription: Token-Groups-No-GC-Acceptable
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: tokenGroupsNoGCAcceptable
+schemaFlagsEx: 1
+schemaIDGUID:: ksMPBN8z0hGYsgAA+HpX1A==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Tombstone-Lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Tombstone-Lifetime
+attributeID: 1.2.840.113556.1.2.54
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 33093
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Tombstone-Lifetime
+adminDescription: Tombstone-Lifetime
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: tombstoneLifetime
+schemaFlagsEx: 1
+schemaIDGUID:: YKjDFnMS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Transport-Address-Attribute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Transport-Address-Attribute
+attributeID: 1.2.840.113556.1.4.895
+attributeSyntax: 2.5.5.2
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Transport-Address-Attribute
+adminDescription: Transport-Address-Attribute
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: transportAddressAttribute
+schemaFlagsEx: 1
+schemaIDGUID:: fIbcwWGi0RG2BgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Transport-DLL-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Transport-DLL-Name
+attributeID: 1.2.840.113556.1.4.789
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Transport-DLL-Name
+adminDescription: Transport-DLL-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: transportDLLName
+schemaFlagsEx: 1
+schemaIDGUID:: cnPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Transport-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Transport-Type
+attributeID: 1.2.840.113556.1.4.791
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Transport-Type
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Transport-Type
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: transportType
+schemaFlagsEx: 1
+schemaIDGUID:: dHPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Treat-As-Leaf,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Treat-As-Leaf
+attributeID: 1.2.840.113556.1.4.806
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Treat-As-Leaf
+adminDescription: Treat-As-Leaf
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: treatAsLeaf
+schemaIDGUID:: 40TQjx930RGurgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Tree-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Tree-Name
+attributeID: 1.2.840.113556.1.4.660
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Tree-Name
+adminDescription: Tree-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: treeName
+schemaIDGUID:: vQ5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Attributes
+attributeID: 1.2.840.113556.1.4.470
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Attributes
+adminDescription: Trust-Attributes
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: trustAttributes
+schemaFlagsEx: 1
+schemaIDGUID:: Wn6mgCKf0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Auth-Incoming,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Auth-Incoming
+attributeID: 1.2.840.113556.1.4.129
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Auth-Incoming
+adminDescription: Trust-Auth-Incoming
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: trustAuthIncoming
+schemaFlagsEx: 1
+schemaIDGUID:: WXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Auth-Outgoing,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Auth-Outgoing
+attributeID: 1.2.840.113556.1.4.135
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Auth-Outgoing
+adminDescription: Trust-Auth-Outgoing
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: trustAuthOutgoing
+schemaFlagsEx: 1
+schemaIDGUID:: X3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Direction,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Direction
+attributeID: 1.2.840.113556.1.4.132
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Direction
+adminDescription: Trust-Direction
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: trustDirection
+schemaFlagsEx: 1
+schemaIDGUID:: XHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Parent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Parent
+attributeID: 1.2.840.113556.1.4.471
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Parent
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Trust-Parent
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: trustParent
+schemaFlagsEx: 1
+schemaIDGUID:: euoAsIag0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Partner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Partner
+attributeID: 1.2.840.113556.1.4.133
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Partner
+adminDescription: Trust-Partner
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: trustPartner
+schemaFlagsEx: 1
+schemaIDGUID:: XXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Posix-Offset,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Posix-Offset
+attributeID: 1.2.840.113556.1.4.134
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Posix-Offset
+adminDescription: Trust-Posix-Offset
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: trustPosixOffset
+schemaFlagsEx: 1
+schemaIDGUID:: XnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Type
+attributeID: 1.2.840.113556.1.4.136
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Type
+adminDescription: Trust-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: trustType
+schemaFlagsEx: 1
+schemaIDGUID:: YHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=UAS-Compat,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: UAS-Compat
+attributeID: 1.2.840.113556.1.4.155
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: UAS-Compat
+adminDescription: UAS-Compat
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: uASCompat
+schemaFlagsEx: 1
+schemaIDGUID:: YXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=uid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: uid
+attributeID: 0.9.2342.19200300.100.1.1
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: uid
+adminDescription: A user ID.
+oMSyntax: 64
+searchFlags: 8
+lDAPDisplayName: uid
+schemaIDGUID:: oPywC4ken0KQGhQTiU2fWQ==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=UidNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: UidNumber
+attributeID: 1.3.6.1.1.1.1.0
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: uidNumber
+adminDescription: 
+ An integer uniquely identifying a user in an administrative domain (RFC 2307)
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: uidNumber
+schemaIDGUID:: j8wPhWuc4Ue2cXxlS+TVsw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=UNC-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: UNC-Name
+attributeID: 1.2.840.113556.1.4.137
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: UNC-Name
+adminDescription: UNC-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: uNCName
+schemaIDGUID:: ZHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Unicode-Pwd,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Unicode-Pwd
+attributeID: 1.2.840.113556.1.4.90
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Unicode-Pwd
+adminDescription: Unicode-Pwd
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: unicodePwd
+schemaFlagsEx: 1
+schemaIDGUID:: 4XmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=uniqueIdentifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: uniqueIdentifier
+attributeID: 0.9.2342.19200300.100.1.44
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: uniqueIdentifier
+adminDescription: 
+ The uniqueIdentifier attribute type specifies a "unique identifier" for an obj
+ ect represented in the Directory.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: uniqueIdentifier
+schemaIDGUID:: x4QBusU47UulJnVCFHBYDA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=uniqueMember,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: uniqueMember
+attributeID: 2.5.4.50
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: uniqueMember
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ The distinguished name for the member of a group. Used by groupOfUniqueNames.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: uniqueMember
+schemaIDGUID:: JoeIjwr410Sx7sud8hOSyA==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=UnixHomeDirectory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: UnixHomeDirectory
+attributeID: 1.3.6.1.1.1.1.3
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: unixHomeDirectory
+adminDescription: The absolute path to the home directory (RFC 2307)
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: unixHomeDirectory
+schemaIDGUID:: ErotvA8ATUa/HQgIRl2IQw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=UnixUserPassword,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: UnixUserPassword
+attributeID: 1.2.840.113556.1.4.1910
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: unixUserPassword
+adminDescription: userPassword compatible with Unix system.
+oMSyntax: 4
+searchFlags: 128
+lDAPDisplayName: unixUserPassword
+schemaIDGUID:: R7csYejAkk+SIf3V8VtVDQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=unstructuredAddress,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: unstructuredAddress
+attributeID: 1.2.840.113549.1.9.8
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: unstructuredAddress
+adminDescription: 
+ The IP address of the router. For example, 100.11.22.33. PKCS #9
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: unstructuredAddress
+schemaIDGUID:: OQiVUEzMkUSGOvz5QtaEtw==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=unstructuredName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: unstructuredName
+attributeID: 1.2.840.113549.1.9.2
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: unstructuredName
+adminDescription: 
+ The DNS name of the router. For example, router1.microsoft.com. PKCS #9
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: unstructuredName
+schemaIDGUID:: d/GOnM9ByUWWc3cWwMiQGw==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Upgrade-Product-Code,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Upgrade-Product-Code
+attributeID: 1.2.840.113556.1.4.813
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Upgrade-Product-Code
+adminDescription: Upgrade-Product-Code
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: upgradeProductCode
+schemaIDGUID:: EoPh2TmJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=UPN-Suffixes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: UPN-Suffixes
+attributeID: 1.2.840.113556.1.4.890
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: UPN-Suffixes
+adminDescription: UPN-Suffixes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: uPNSuffixes
+schemaFlagsEx: 1
+schemaIDGUID:: v2AhAySY0RGuwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Account-Control,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Account-Control
+attributeID: 1.2.840.113556.1.4.8
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Account-Control
+adminDescription: User-Account-Control
+oMSyntax: 2
+searchFlags: 25
+lDAPDisplayName: userAccountControl
+schemaFlagsEx: 1
+schemaIDGUID:: aHqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Cert,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Cert
+attributeID: 1.2.840.113556.1.4.645
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+mAPIID: 14882
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Cert
+adminDescription: User-Cert
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: userCert
+schemaIDGUID:: aXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Comment,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Comment
+attributeID: 1.2.840.113556.1.4.156
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Comment
+adminDescription: User-Comment
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: comment
+schemaFlagsEx: 1
+schemaIDGUID:: anqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Parameters,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Parameters
+attributeID: 1.2.840.113556.1.4.138
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Parameters
+adminDescription: User-Parameters
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: userParameters
+schemaFlagsEx: 1
+schemaIDGUID:: bXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Password,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Password
+attributeID: 2.5.4.35
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 33107
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Password
+adminDescription: User-Password
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: userPassword
+schemaFlagsEx: 1
+schemaIDGUID:: bnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Principal-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Principal-Name
+attributeID: 1.2.840.113556.1.4.656
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Principal-Name
+adminDescription: User-Principal-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: userPrincipalName
+schemaFlagsEx: 1
+schemaIDGUID:: uw5jKNVB0RGpwQAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Shared-Folder,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Shared-Folder
+attributeID: 1.2.840.113556.1.4.751
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Shared-Folder
+adminDescription: User-Shared-Folder
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: userSharedFolder
+schemaIDGUID:: HwKamltK0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Shared-Folder-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Shared-Folder-Other
+attributeID: 1.2.840.113556.1.4.752
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Shared-Folder-Other
+adminDescription: User-Shared-Folder-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: userSharedFolderOther
+schemaIDGUID:: IAKamltK0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-SMIME-Certificate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-SMIME-Certificate
+attributeID: 2.16.840.1.113730.3.140
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 32768
+mAPIID: 14960
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-SMIME-Certificate
+adminDescription: User-SMIME-Certificate
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: userSMIMECertificate
+schemaIDGUID:: sp1q4TxA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Workstations,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Workstations
+attributeID: 1.2.840.113556.1.4.86
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Workstations
+adminDescription: User-Workstations
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: userWorkstations
+schemaFlagsEx: 1
+schemaIDGUID:: 13mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=userClass,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: userClass
+attributeID: 0.9.2342.19200300.100.1.8
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: userClass
+adminDescription: 
+ The userClass attribute type specifies a category of computer user.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: userClass
+schemaIDGUID:: iipzEU3hxUy5L9k/UcbY5A==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=userPKCS12,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: userPKCS12
+attributeID: 2.16.840.1.113730.3.1.216
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: userPKCS12
+adminDescription: 
+ PKCS #12 PFX PDU for exchange of personal identity information.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: userPKCS12
+schemaIDGUID:: tYqZI/hwB0CkwahKODEfmg==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=USN-Changed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: USN-Changed
+attributeID: 1.2.840.113556.1.2.120
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+mAPIID: 32809
+showInAdvancedViewOnly: TRUE
+adminDisplayName: USN-Changed
+adminDescription: USN-Changed
+oMSyntax: 65
+searchFlags: 9
+lDAPDisplayName: uSNChanged
+schemaFlagsEx: 1
+schemaIDGUID:: b3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=USN-Created,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: USN-Created
+attributeID: 1.2.840.113556.1.2.19
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+mAPIID: 33108
+showInAdvancedViewOnly: TRUE
+adminDisplayName: USN-Created
+adminDescription: USN-Created
+oMSyntax: 65
+searchFlags: 9
+lDAPDisplayName: uSNCreated
+schemaFlagsEx: 1
+schemaIDGUID:: cHqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=USN-DSA-Last-Obj-Removed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: USN-DSA-Last-Obj-Removed
+attributeID: 1.2.840.113556.1.2.267
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+mAPIID: 33109
+showInAdvancedViewOnly: TRUE
+adminDisplayName: USN-DSA-Last-Obj-Removed
+adminDescription: USN-DSA-Last-Obj-Removed
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: uSNDSALastObjRemoved
+schemaFlagsEx: 1
+schemaIDGUID:: cXqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=USN-Intersite,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: USN-Intersite
+attributeID: 1.2.840.113556.1.2.469
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 33146
+showInAdvancedViewOnly: TRUE
+adminDisplayName: USN-Intersite
+adminDescription: USN-Intersite
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: USNIntersite
+schemaIDGUID:: mHTfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=USN-Last-Obj-Rem,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: USN-Last-Obj-Rem
+attributeID: 1.2.840.113556.1.2.121
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+mAPIID: 33110
+showInAdvancedViewOnly: TRUE
+adminDisplayName: USN-Last-Obj-Rem
+adminDescription: USN-Last-Obj-Rem
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: uSNLastObjRem
+schemaFlagsEx: 1
+schemaIDGUID:: c3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=USN-Source,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: USN-Source
+attributeID: 1.2.840.113556.1.4.896
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+mAPIID: 33111
+showInAdvancedViewOnly: TRUE
+adminDisplayName: USN-Source
+adminDescription: USN-Source
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: uSNSource
+schemaIDGUID:: rVh3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Valid-Accesses,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Valid-Accesses
+attributeID: 1.2.840.113556.1.4.1356
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Valid-Accesses
+adminDescription: Valid-Accesses
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: validAccesses
+schemaFlagsEx: 1
+schemaIDGUID:: gKMvTVR/0hGZKgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Vendor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Vendor
+attributeID: 1.2.840.113556.1.4.255
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Vendor
+adminDescription: Vendor
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: vendor
+schemaIDGUID:: 3xYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Version-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Version-Number
+attributeID: 1.2.840.113556.1.4.141
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Version-Number
+adminDescription: Version-Number
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: versionNumber
+schemaIDGUID:: dnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Version-Number-Hi,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Version-Number-Hi
+attributeID: 1.2.840.113556.1.4.328
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Version-Number-Hi
+adminDescription: Version-Number-Hi
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: versionNumberHi
+schemaIDGUID:: mg5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Version-Number-Lo,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Version-Number-Lo
+attributeID: 1.2.840.113556.1.4.329
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Version-Number-Lo
+adminDescription: Version-Number-Lo
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: versionNumberLo
+schemaIDGUID:: mw5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Vol-Table-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Vol-Table-GUID
+attributeID: 1.2.840.113556.1.4.336
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Vol-Table-GUID
+adminDescription: Vol-Table-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: volTableGUID
+schemaIDGUID:: /XUAH0B+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Vol-Table-Idx-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Vol-Table-Idx-GUID
+attributeID: 1.2.840.113556.1.4.334
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Vol-Table-Idx-GUID
+adminDescription: Vol-Table-Idx-GUID
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: volTableIdxGUID
+schemaIDGUID:: +3UAH0B+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Volume-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Volume-Count
+attributeID: 1.2.840.113556.1.4.507
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Volume-Count
+adminDescription: Volume-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: volumeCount
+schemaIDGUID:: F6KqNJm20BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Wbem-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Wbem-Path
+attributeID: 1.2.840.113556.1.4.301
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Wbem-Path
+adminDescription: Wbem-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: wbemPath
+schemaIDGUID:: cClLJL1a0BGv0gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Well-Known-Objects,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Well-Known-Objects
+attributeID: 1.2.840.113556.1.4.618
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Well-Known-Objects
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: Well-Known-Objects
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: wellKnownObjects
+schemaFlagsEx: 1
+schemaIDGUID:: g4kwBYh20RGt7QDAT9jVzQ==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=When-Changed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: When-Changed
+attributeID: 1.2.840.113556.1.2.3
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+mAPIID: 12296
+showInAdvancedViewOnly: TRUE
+adminDisplayName: When-Changed
+adminDescription: When-Changed
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: whenChanged
+schemaFlagsEx: 1
+schemaIDGUID:: d3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=When-Created,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: When-Created
+attributeID: 1.2.840.113556.1.2.2
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+mAPIID: 12295
+showInAdvancedViewOnly: TRUE
+adminDisplayName: When-Created
+adminDescription: When-Created
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: whenCreated
+schemaFlagsEx: 1
+schemaIDGUID:: eHqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Winsock-Addresses,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Winsock-Addresses
+attributeID: 1.2.840.113556.1.4.142
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Winsock-Addresses
+adminDescription: Winsock-Addresses
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: winsockAddresses
+schemaIDGUID:: eXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=WWW-Home-Page,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: WWW-Home-Page
+attributeID: 1.2.840.113556.1.2.464
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: WWW-Home-Page
+adminDescription: WWW-Home-Page
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: wWWHomePage
+schemaIDGUID:: enqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: s5VX5FWU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=WWW-Page-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: WWW-Page-Other
+attributeID: 1.2.840.113556.1.4.749
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+mAPIID: 33141
+showInAdvancedViewOnly: TRUE
+adminDisplayName: WWW-Page-Other
+adminDescription: WWW-Page-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: url
+schemaIDGUID:: IQKamltK0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: s5VX5FWU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=X121-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: X121-Address
+attributeID: 2.5.4.24
+attributeSyntax: 2.5.5.6
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 15
+mAPIID: 33112
+showInAdvancedViewOnly: TRUE
+adminDisplayName: X121-Address
+adminDescription: X121-Address
+oMSyntax: 18
+searchFlags: 0
+lDAPDisplayName: x121Address
+schemaIDGUID:: e3qWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=x500uniqueIdentifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: x500uniqueIdentifier
+attributeID: 2.5.4.45
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: x500uniqueIdentifier
+adminDescription: 
+ Used to distinguish between objects when a distinguished name has been reused.
+   This is a different attribute type from both the "uid" and "uniqueIdentifier
+ " types.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: x500uniqueIdentifier
+schemaIDGUID:: H6F90D2KtkKwqnbJYr5xmg==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=X509-Cert,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: X509-Cert
+attributeID: 2.5.4.36
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 32768
+mAPIID: 35946
+showInAdvancedViewOnly: TRUE
+adminDisplayName: X509-Cert
+adminDescription: X509-Cert
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: userCertificate
+schemaIDGUID:: f3qWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
diff --git a/source4/setup/ad-schema/AD_DS_Attributes__Windows_Server_2012_R2.ldf b/source4/setup/ad-schema/AD_DS_Attributes__Windows_Server_2012_R2.ldf
new file mode 100644
index 0000000..ef839bd
--- /dev/null
+++ b/source4/setup/ad-schema/AD_DS_Attributes__Windows_Server_2012_R2.ldf
@@ -0,0 +1,30374 @@
+# Intellectual Property Rights Notice for Open Specifications Documentation
+# - Technical Documentation. Microsoft publishes Open Specifications documentation for protocols, file formats, languages, standards as well as overviews of the interaction among each of these technologies. 
+# - Copyrights. This documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you may make copies of it in order to develop implementations of the technologies described in the Open Specifications and may distribute portions of it in your implementations using these technologies or your documentation as necessary to properly document the implementation. You may also distribute in your implementation, with or without modification, any schema, IDL’s, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the Open Specifications. 
+# - No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation.
+# - Patents. Microsoft has patents that may cover your implementations of the technologies described in the Open Specifications. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, a given Open Specification may be covered by Microsoft's Open Specification Promise (available here: http://www.microsoft.com/openspecifications/en/us/programs/osp/default.aspx) or the Community Promise (available here: http://www.microsoft.com/openspecifications/en/us/programs/community-promise/default.aspx). If you would prefer a written license, or if the technologies described in the Open Specifications are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting iplg@microsoft.com.
+# - Trademarks. The names of companies and products contained in this documentation may be covered by trademarks or similar intellectual property rights. This notice does not grant any licenses under those rights.
+# - Fictitious Names. The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in this documentation are fictitious.  No association with any real company, organization, product, domain name, email address, logo, person, place, or event is intended or should be inferred.
+# Reservation of Rights. All other rights are reserved, and this notice does not grant any rights other than specifically described above, whether by implication, estoppel, or otherwise.
+# Tools. The Open Specifications do not require the use of Microsoft programming tools or programming environments in order for you to develop an implementation. If you have access to Microsoft programming tools and environments you are free to take advantage of them. Certain Open Specifications are intended for use in conjunction with publicly available standard specifications and network programming art, and assumes that the reader either is familiar with the aforementioned material or has immediate access to it.
+
+# The following attribute schema definitions were generated from the Windows Server 2012 R2 version of Active Directory Domain Services (AD DS).   
+
+dn: CN=Account-Expires,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Account-Expires
+attributeID: 1.2.840.113556.1.4.159
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Account-Expires
+adminDescription: Account-Expires
+oMSyntax: 65
+searchFlags: 16
+lDAPDisplayName: accountExpires
+schemaFlagsEx: 1
+schemaIDGUID:: FXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Account-Name-History,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Account-Name-History
+attributeID: 1.2.840.113556.1.4.1307
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Account-Name-History
+adminDescription: Account-Name-History
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: accountNameHistory
+schemaIDGUID:: 7FIZA3I70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Aggregate-Token-Rate-Per-User,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Aggregate-Token-Rate-Per-User
+attributeID: 1.2.840.113556.1.4.760
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Aggregate-Token-Rate-Per-User
+adminDescription: ACS-Aggregate-Token-Rate-Per-User
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSAggregateTokenRatePerUser
+schemaIDGUID:: fRJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Allocable-RSVP-Bandwidth,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Allocable-RSVP-Bandwidth
+attributeID: 1.2.840.113556.1.4.766
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Allocable-RSVP-Bandwidth
+adminDescription: ACS-Allocable-RSVP-Bandwidth
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSAllocableRSVPBandwidth
+schemaIDGUID:: gxJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Cache-Timeout,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Cache-Timeout
+attributeID: 1.2.840.113556.1.4.779
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Cache-Timeout
+adminDescription: ACS-Cache-Timeout
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSCacheTimeout
+schemaIDGUID:: oVWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Direction,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Direction
+attributeID: 1.2.840.113556.1.4.757
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Direction
+adminDescription: ACS-Direction
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSDirection
+schemaIDGUID:: ehJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-DSBM-DeadTime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-DSBM-DeadTime
+attributeID: 1.2.840.113556.1.4.778
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-DSBM-DeadTime
+adminDescription: ACS-DSBM-DeadTime
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSDSBMDeadTime
+schemaIDGUID:: oFWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-DSBM-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-DSBM-Priority
+attributeID: 1.2.840.113556.1.4.776
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-DSBM-Priority
+adminDescription: ACS-DSBM-Priority
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSDSBMPriority
+schemaIDGUID:: nlWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-DSBM-Refresh,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-DSBM-Refresh
+attributeID: 1.2.840.113556.1.4.777
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-DSBM-Refresh
+adminDescription: ACS-DSBM-Refresh
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSDSBMRefresh
+schemaIDGUID:: n1WzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Enable-ACS-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Enable-ACS-Service
+attributeID: 1.2.840.113556.1.4.770
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Enable-ACS-Service
+adminDescription: ACS-Enable-ACS-Service
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: aCSEnableACSService
+schemaIDGUID:: hxJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Enable-RSVP-Accounting,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Enable-RSVP-Accounting
+attributeID: 1.2.840.113556.1.4.899
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Enable-RSVP-Accounting
+adminDescription: ACS-Enable-RSVP-Accounting
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: aCSEnableRSVPAccounting
+schemaIDGUID:: DiNy8PWu0RG9zwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Enable-RSVP-Message-Logging,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Enable-RSVP-Message-Logging
+attributeID: 1.2.840.113556.1.4.768
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Enable-RSVP-Message-Logging
+adminDescription: ACS-Enable-RSVP-Message-Logging
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: aCSEnableRSVPMessageLogging
+schemaIDGUID:: hRJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Event-Log-Level,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Event-Log-Level
+attributeID: 1.2.840.113556.1.4.769
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Event-Log-Level
+adminDescription: ACS-Event-Log-Level
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSEventLogLevel
+schemaIDGUID:: hhJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Identity-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Identity-Name
+attributeID: 1.2.840.113556.1.4.784
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Identity-Name
+adminDescription: ACS-Identity-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aCSIdentityName
+schemaIDGUID:: timw2vfd0RGQpQDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Aggregate-Peak-Rate-Per-User,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Aggregate-Peak-Rate-Per-User
+attributeID: 1.2.840.113556.1.4.897
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Aggregate-Peak-Rate-Per-User
+adminDescription: ACS-Max-Aggregate-Peak-Rate-Per-User
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMaxAggregatePeakRatePerUser
+schemaIDGUID:: DCNy8PWu0RG9zwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Duration-Per-Flow,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Duration-Per-Flow
+attributeID: 1.2.840.113556.1.4.761
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Duration-Per-Flow
+adminDescription: ACS-Max-Duration-Per-Flow
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSMaxDurationPerFlow
+schemaIDGUID:: fhJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-No-Of-Account-Files,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-No-Of-Account-Files
+attributeID: 1.2.840.113556.1.4.901
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-No-Of-Account-Files
+adminDescription: ACS-Max-No-Of-Account-Files
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSMaxNoOfAccountFiles
+schemaIDGUID:: ECNy8PWu0RG9zwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-No-Of-Log-Files,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-No-Of-Log-Files
+attributeID: 1.2.840.113556.1.4.774
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-No-Of-Log-Files
+adminDescription: ACS-Max-No-Of-Log-Files
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSMaxNoOfLogFiles
+schemaIDGUID:: nFWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Peak-Bandwidth,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Peak-Bandwidth
+attributeID: 1.2.840.113556.1.4.767
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Peak-Bandwidth
+adminDescription: ACS-Max-Peak-Bandwidth
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMaxPeakBandwidth
+schemaIDGUID:: hBJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Peak-Bandwidth-Per-Flow,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Peak-Bandwidth-Per-Flow
+attributeID: 1.2.840.113556.1.4.759
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Peak-Bandwidth-Per-Flow
+adminDescription: ACS-Max-Peak-Bandwidth-Per-Flow
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMaxPeakBandwidthPerFlow
+schemaIDGUID:: fBJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Size-Of-RSVP-Account-File,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Size-Of-RSVP-Account-File
+attributeID: 1.2.840.113556.1.4.902
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Size-Of-RSVP-Account-File
+adminDescription: ACS-Max-Size-Of-RSVP-Account-File
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSMaxSizeOfRSVPAccountFile
+schemaIDGUID:: ESNy8PWu0RG9zwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Size-Of-RSVP-Log-File,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Size-Of-RSVP-Log-File
+attributeID: 1.2.840.113556.1.4.775
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Size-Of-RSVP-Log-File
+adminDescription: ACS-Max-Size-Of-RSVP-Log-File
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSMaxSizeOfRSVPLogFile
+schemaIDGUID:: nVWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Token-Bucket-Per-Flow,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Token-Bucket-Per-Flow
+attributeID: 1.2.840.113556.1.4.1313
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Token-Bucket-Per-Flow
+adminDescription: ACS-Max-Token-Bucket-Per-Flow
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMaxTokenBucketPerFlow
+schemaIDGUID:: 3+D2gZA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Token-Rate-Per-Flow,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Token-Rate-Per-Flow
+attributeID: 1.2.840.113556.1.4.758
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Token-Rate-Per-Flow
+adminDescription: ACS-Max-Token-Rate-Per-Flow
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMaxTokenRatePerFlow
+schemaIDGUID:: exJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Maximum-SDU-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Maximum-SDU-Size
+attributeID: 1.2.840.113556.1.4.1314
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Maximum-SDU-Size
+adminDescription: ACS-Maximum-SDU-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMaximumSDUSize
+schemaIDGUID:: +diih5A70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Minimum-Delay-Variation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Minimum-Delay-Variation
+attributeID: 1.2.840.113556.1.4.1317
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Minimum-Delay-Variation
+adminDescription: ACS-Minimum-Delay-Variation
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMinimumDelayVariation
+schemaIDGUID:: mzJlnJA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Minimum-Latency,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Minimum-Latency
+attributeID: 1.2.840.113556.1.4.1316
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Minimum-Latency
+adminDescription: ACS-Minimum-Latency
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMinimumLatency
+schemaIDGUID:: +/4XlZA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Minimum-Policed-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Minimum-Policed-Size
+attributeID: 1.2.840.113556.1.4.1315
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Minimum-Policed-Size
+adminDescription: ACS-Minimum-Policed-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMinimumPolicedSize
+schemaIDGUID:: lXEOjZA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Non-Reserved-Max-SDU-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Non-Reserved-Max-SDU-Size
+attributeID: 1.2.840.113556.1.4.1320
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Non-Reserved-Max-SDU-Size
+adminDescription: ACS-Non-Reserved-Max-SDU-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSNonReservedMaxSDUSize
+schemaIDGUID:: 48/CrpA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Non-Reserved-Min-Policed-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Non-Reserved-Min-Policed-Size
+attributeID: 1.2.840.113556.1.4.1321
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Non-Reserved-Min-Policed-Size
+adminDescription: ACS-Non-Reserved-Min-Policed-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSNonReservedMinPolicedSize
+schemaIDGUID:: FzmHtpA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Non-Reserved-Peak-Rate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Non-Reserved-Peak-Rate
+attributeID: 1.2.840.113556.1.4.1318
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Non-Reserved-Peak-Rate
+adminDescription: ACS-Non-Reserved-Peak-Rate
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSNonReservedPeakRate
+schemaIDGUID:: P6cxo5A70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Non-Reserved-Token-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Non-Reserved-Token-Size
+attributeID: 1.2.840.113556.1.4.1319
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Non-Reserved-Token-Size
+adminDescription: ACS-Non-Reserved-Token-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSNonReservedTokenSize
+schemaIDGUID:: ydcWqZA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Non-Reserved-Tx-Limit,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Non-Reserved-Tx-Limit
+attributeID: 1.2.840.113556.1.4.780
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Non-Reserved-Tx-Limit
+adminDescription: ACS-Non-Reserved-Tx-Limit
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSNonReservedTxLimit
+schemaIDGUID:: olWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Non-Reserved-Tx-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Non-Reserved-Tx-Size
+attributeID: 1.2.840.113556.1.4.898
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Non-Reserved-Tx-Size
+adminDescription: ACS-Non-Reserved-Tx-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSNonReservedTxSize
+schemaIDGUID:: DSNy8PWu0RG9zwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Permission-Bits,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Permission-Bits
+attributeID: 1.2.840.113556.1.4.765
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Permission-Bits
+adminDescription: ACS-Permission-Bits
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSPermissionBits
+schemaIDGUID:: ghJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Policy-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Policy-Name
+attributeID: 1.2.840.113556.1.4.772
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Policy-Name
+adminDescription: ACS-Policy-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aCSPolicyName
+schemaIDGUID:: mlWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Priority
+attributeID: 1.2.840.113556.1.4.764
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Priority
+adminDescription: ACS-Priority
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSPriority
+schemaIDGUID:: gRJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-RSVP-Account-Files-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-RSVP-Account-Files-Location
+attributeID: 1.2.840.113556.1.4.900
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-RSVP-Account-Files-Location
+adminDescription: ACS-RSVP-Account-Files-Location
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aCSRSVPAccountFilesLocation
+schemaIDGUID:: DyNy8PWu0RG9zwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-RSVP-Log-Files-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-RSVP-Log-Files-Location
+attributeID: 1.2.840.113556.1.4.773
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-RSVP-Log-Files-Location
+adminDescription: ACS-RSVP-Log-Files-Location
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aCSRSVPLogFilesLocation
+schemaIDGUID:: m1WzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Server-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Server-List
+attributeID: 1.2.840.113556.1.4.1312
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Server-List
+adminDescription: ACS-Server-List
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aCSServerList
+schemaIDGUID:: pVm9fJA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Service-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Service-Type
+attributeID: 1.2.840.113556.1.4.762
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Service-Type
+adminDescription: ACS-Service-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSServiceType
+schemaIDGUID:: fxJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Time-Of-Day,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Time-Of-Day
+attributeID: 1.2.840.113556.1.4.756
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Time-Of-Day
+adminDescription: ACS-Time-Of-Day
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aCSTimeOfDay
+schemaIDGUID:: eRJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Total-No-Of-Flows,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Total-No-Of-Flows
+attributeID: 1.2.840.113556.1.4.763
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Total-No-Of-Flows
+adminDescription: ACS-Total-No-Of-Flows
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSTotalNoOfFlows
+schemaIDGUID:: gBJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Additional-Information,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Additional-Information
+attributeID: 1.2.840.113556.1.4.265
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 32768
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Additional-Information
+adminDescription: Additional-Information
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: notes
+schemaIDGUID:: QfsFbWsk0BGpyACqAGwz7Q==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Additional-Trusted-Service-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Additional-Trusted-Service-Names
+attributeID: 1.2.840.113556.1.4.889
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Additional-Trusted-Service-Names
+adminDescription: Additional-Trusted-Service-Names
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: additionalTrustedServiceNames
+schemaIDGUID:: vmAhAySY0RGuwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address
+attributeID: 1.2.840.113556.1.2.256
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+mAPIID: 14889
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address
+adminDescription: Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: streetAddress
+schemaFlagsEx: 1
+schemaIDGUID:: hP/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Book-Roots,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Book-Roots
+attributeID: 1.2.840.113556.1.4.1244
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Book-Roots
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Address-Book-Roots
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: addressBookRoots
+schemaFlagsEx: 1
+schemaIDGUID:: SG4L9/QG0hGqUwDAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Book-Roots2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Book-Roots2
+attributeID: 1.2.840.113556.1.4.2046
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2122
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Book-Roots2
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Used by Exchange. Exchange configures trees of address book containers to show
+  up in the MAPI address book. This attribute on the Exchange Config object lis
+ ts the roots of the address book container trees.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: addressBookRoots2
+schemaFlagsEx: 1
+schemaIDGUID:: dKOMUBGlTk6fT4VvYaa35A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Entry-Display-Table,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Entry-Display-Table
+attributeID: 1.2.840.113556.1.2.324
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 32791
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Entry-Display-Table
+adminDescription: Address-Entry-Display-Table
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: addressEntryDisplayTable
+schemaFlagsEx: 1
+schemaIDGUID:: YSTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Entry-Display-Table-MSDOS,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Entry-Display-Table-MSDOS
+attributeID: 1.2.840.113556.1.2.400
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 32839
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Entry-Display-Table-MSDOS
+adminDescription: Address-Entry-Display-Table-MSDOS
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: addressEntryDisplayTableMSDOS
+schemaFlagsEx: 1
+schemaIDGUID:: YiTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Home,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Home
+attributeID: 1.2.840.113556.1.2.617
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 4096
+mAPIID: 14941
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Home
+adminDescription: Address-Home
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: homePostalAddress
+schemaIDGUID:: gVd3FvNH0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Syntax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Syntax
+attributeID: 1.2.840.113556.1.2.255
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 4096
+mAPIID: 32792
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Syntax
+adminDescription: Address-Syntax
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: addressSyntax
+schemaFlagsEx: 1
+schemaIDGUID:: YyTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Type
+attributeID: 1.2.840.113556.1.2.350
+attributeSyntax: 2.5.5.4
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32
+mAPIID: 32840
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Type
+adminDescription: Address-Type
+oMSyntax: 20
+searchFlags: 0
+lDAPDisplayName: addressType
+schemaFlagsEx: 1
+schemaIDGUID:: ZCTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Admin-Context-Menu,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Admin-Context-Menu
+attributeID: 1.2.840.113556.1.4.614
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Admin-Context-Menu
+adminDescription: Admin-Context-Menu
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: adminContextMenu
+schemaIDGUID:: ONA/VS7z0BGwvADAT9jcpg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Admin-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Admin-Count
+attributeID: 1.2.840.113556.1.4.150
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Admin-Count
+adminDescription: Admin-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: adminCount
+schemaFlagsEx: 1
+schemaIDGUID:: GHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Admin-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Admin-Description
+attributeID: 1.2.840.113556.1.2.226
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 1024
+mAPIID: 32842
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Admin-Description
+adminDescription: Admin-Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: adminDescription
+schemaIDGUID:: GXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Admin-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Admin-Display-Name
+attributeID: 1.2.840.113556.1.2.194
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+mAPIID: 32843
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Admin-Display-Name
+adminDescription: Admin-Display-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: adminDisplayName
+schemaFlagsEx: 1
+schemaIDGUID:: GnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Admin-Multiselect-Property-Pages,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Admin-Multiselect-Property-Pages
+attributeID: 1.2.840.113556.1.4.1690
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Admin-Multiselect-Property-Pages
+adminDescription: Admin-Multiselect-Property-Pages
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: adminMultiselectPropertyPages
+schemaIDGUID:: fbb5GMZaO0uX29CkBq+3ug==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Admin-Property-Pages,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Admin-Property-Pages
+attributeID: 1.2.840.113556.1.4.562
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Admin-Property-Pages
+adminDescription: Admin-Property-Pages
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: adminPropertyPages
+schemaIDGUID:: OIBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Allowed-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Allowed-Attributes
+attributeID: 1.2.840.113556.1.4.913
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Allowed-Attributes
+adminDescription: Allowed-Attributes
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: allowedAttributes
+schemaFlagsEx: 1
+schemaIDGUID:: QNl6mlPK0RG70ACAx2ZwwA==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Allowed-Attributes-Effective,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Allowed-Attributes-Effective
+attributeID: 1.2.840.113556.1.4.914
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Allowed-Attributes-Effective
+adminDescription: Allowed-Attributes-Effective
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: allowedAttributesEffective
+schemaFlagsEx: 1
+schemaIDGUID:: Qdl6mlPK0RG70ACAx2ZwwA==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Allowed-Child-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Allowed-Child-Classes
+attributeID: 1.2.840.113556.1.4.911
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Allowed-Child-Classes
+adminDescription: Allowed-Child-Classes
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: allowedChildClasses
+schemaFlagsEx: 1
+schemaIDGUID:: Qtl6mlPK0RG70ACAx2ZwwA==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Allowed-Child-Classes-Effective,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Allowed-Child-Classes-Effective
+attributeID: 1.2.840.113556.1.4.912
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Allowed-Child-Classes-Effective
+adminDescription: Allowed-Child-Classes-Effective
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: allowedChildClassesEffective
+schemaFlagsEx: 1
+schemaIDGUID:: Q9l6mlPK0RG70ACAx2ZwwA==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Alt-Security-Identities,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Alt-Security-Identities
+attributeID: 1.2.840.113556.1.4.867
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Alt-Security-Identities
+adminDescription: Alt-Security-Identities
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: altSecurityIdentities
+schemaFlagsEx: 1
+schemaIDGUID:: DPP7AP6R0RGuvAAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ANR,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ANR
+attributeID: 1.2.840.113556.1.4.1208
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ANR
+adminDescription: ANR
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aNR
+schemaFlagsEx: 1
+schemaIDGUID:: ABWwRRnE0RG7yQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=App-Schema-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: App-Schema-Version
+attributeID: 1.2.840.113556.1.4.848
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: App-Schema-Version
+adminDescription: App-Schema-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: appSchemaVersion
+schemaIDGUID:: Zd2nlhiR0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Application-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Application-Name
+attributeID: 1.2.840.113556.1.4.218
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Application-Name
+adminDescription: Application-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: applicationName
+schemaIDGUID:: JiJx3eQQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Applies-To,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Applies-To
+attributeID: 1.2.840.113556.1.4.341
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Applies-To
+adminDescription: Applies-To
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: appliesTo
+schemaIDGUID:: HZOXgtOG0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Asset-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Asset-Number
+attributeID: 1.2.840.113556.1.4.283
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Asset-Number
+adminDescription: Asset-Number
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: assetNumber
+schemaIDGUID:: dV8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Assistant,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Assistant
+attributeID: 1.2.840.113556.1.4.652
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Assistant
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Assistant
+oMSyntax: 127
+searchFlags: 16
+lDAPDisplayName: assistant
+schemaIDGUID:: HMGWAtpA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Assoc-NT-Account,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Assoc-NT-Account
+attributeID: 1.2.840.113556.1.4.1213
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Assoc-NT-Account
+adminDescription: Assoc-NT-Account
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: assocNTAccount
+schemaIDGUID:: wGOPOWDK0RG70QAA+B8QwA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=associatedDomain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: associatedDomain
+attributeID: 0.9.2342.19200300.100.1.37
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: associatedDomain
+adminDescription: 
+ The associatedDomain attribute type specifies a DNS domain which is associated
+  with an object.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: associatedDomain
+schemaIDGUID:: OPwgM3nDF0ylEBvfYTPF2g==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=associatedName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: associatedName
+attributeID: 0.9.2342.19200300.100.1.38
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: associatedName
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ The associatedName attribute type specifies an entry in the organizational DIT
+  associated with a DNS domain.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: associatedName
+schemaIDGUID:: Rfz796uFpEKkNXgOYveFiw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Attribute-Display-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Attribute-Display-Names
+attributeID: 1.2.840.113556.1.4.748
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Attribute-Display-Names
+adminDescription: Attribute-Display-Names
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: attributeDisplayNames
+schemaIDGUID:: gD+Ey9lI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Attribute-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Attribute-ID
+attributeID: 1.2.840.113556.1.2.30
+attributeSyntax: 2.5.5.2
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Attribute-ID
+adminDescription: Attribute-ID
+oMSyntax: 6
+searchFlags: 8
+lDAPDisplayName: attributeID
+schemaFlagsEx: 1
+schemaIDGUID:: InmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Attribute-Security-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Attribute-Security-GUID
+attributeID: 1.2.840.113556.1.4.149
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Attribute-Security-GUID
+adminDescription: Attribute-Security-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: attributeSecurityGUID
+schemaFlagsEx: 1
+schemaIDGUID:: JHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Attribute-Syntax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Attribute-Syntax
+attributeID: 1.2.840.113556.1.2.32
+attributeSyntax: 2.5.5.2
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Attribute-Syntax
+adminDescription: Attribute-Syntax
+oMSyntax: 6
+searchFlags: 8
+lDAPDisplayName: attributeSyntax
+schemaFlagsEx: 1
+schemaIDGUID:: JXmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Attribute-Types,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Attribute-Types
+attributeID: 2.5.21.5
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Attribute-Types
+adminDescription: Attribute-Types
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: attributeTypes
+schemaFlagsEx: 1
+schemaIDGUID:: RNl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=attributeCertificateAttribute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: attributeCertificateAttribute
+attributeID: 2.5.4.58
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: attributeCertificateAttribute
+adminDescription: 
+ A digitally signed or certified identity and set of attributes. Used to bind a
+ uthorization information to an identity. X.509
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: attributeCertificateAttribute
+schemaIDGUID:: u5NG+sJ7uUyBqMmcQ7eQXg==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=audio,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: audio
+attributeID: 0.9.2342.19200300.100.1.55
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 250000
+showInAdvancedViewOnly: FALSE
+adminDisplayName: audio
+adminDescription: 
+ The Audio attribute type allows the storing of sounds in the Directory.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: audio
+schemaIDGUID:: JNLh0KDhzkKi2nk7pSRPNQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Auditing-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Auditing-Policy
+attributeID: 1.2.840.113556.1.4.202
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Auditing-Policy
+adminDescription: Auditing-Policy
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: auditingPolicy
+schemaFlagsEx: 1
+schemaIDGUID:: /qSobVIO0BGihgCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Authentication-Options,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Authentication-Options
+attributeID: 1.2.840.113556.1.4.11
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication-Options
+adminDescription: Authentication-Options
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: authenticationOptions
+schemaFlagsEx: 1
+schemaIDGUID:: KHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Authority-Revocation-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Authority-Revocation-List
+attributeID: 2.5.4.38
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 10485760
+mAPIID: 32806
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authority-Revocation-List
+adminDescription: Authority-Revocation-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: authorityRevocationList
+schemaIDGUID:: jVd3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Auxiliary-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Auxiliary-Class
+attributeID: 1.2.840.113556.1.2.351
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Auxiliary-Class
+adminDescription: Auxiliary-Class
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: auxiliaryClass
+schemaFlagsEx: 1
+schemaIDGUID:: LHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Bad-Password-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Bad-Password-Time
+attributeID: 1.2.840.113556.1.4.49
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Bad-Password-Time
+adminDescription: Bad-Password-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: badPasswordTime
+schemaFlagsEx: 1
+schemaIDGUID:: LXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Bad-Pwd-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Bad-Pwd-Count
+attributeID: 1.2.840.113556.1.4.12
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Bad-Pwd-Count
+adminDescription: Bad-Pwd-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: badPwdCount
+schemaFlagsEx: 1
+schemaIDGUID:: LnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Birth-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Birth-Location
+attributeID: 1.2.840.113556.1.4.332
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 32
+rangeUpper: 32
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Birth-Location
+adminDescription: Birth-Location
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: birthLocation
+schemaIDGUID:: +XUAH0B+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=BootFile,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: BootFile
+attributeID: 1.3.6.1.1.1.1.24
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 10240
+showInAdvancedViewOnly: TRUE
+adminDisplayName: bootFile
+adminDescription: Boot image name
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: bootFile
+schemaIDGUID:: Tsvz4yAP60KXA9L/JuUmZw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=BootParameter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: BootParameter
+attributeID: 1.3.6.1.1.1.1.23
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 10240
+showInAdvancedViewOnly: TRUE
+adminDisplayName: bootParameter
+adminDescription: rpc.bootparamd parameter
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: bootParameter
+schemaIDGUID:: UAcq13yMbkGHFOZfEekIvg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Bridgehead-Server-List-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Bridgehead-Server-List-BL
+attributeID: 1.2.840.113556.1.4.820
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 99
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Bridgehead-Server-List-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Bridgehead-Server-List-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: bridgeheadServerListBL
+schemaFlagsEx: 1
+schemaIDGUID:: 2ywM1VGJ0RGuvAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Bridgehead-Transport-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Bridgehead-Transport-List
+attributeID: 1.2.840.113556.1.4.819
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 98
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Bridgehead-Transport-List
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Bridgehead-Transport-List
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: bridgeheadTransportList
+schemaIDGUID:: 2iwM1VGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=buildingName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: buildingName
+attributeID: 0.9.2342.19200300.100.1.48
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: buildingName
+adminDescription: 
+ The buildingName attribute type specifies the name of the building where an or
+ ganization or organizational unit is based.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: buildingName
+schemaIDGUID:: S6V/+MWy10+IwNrMsh2TxQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Builtin-Creation-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Builtin-Creation-Time
+attributeID: 1.2.840.113556.1.4.13
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Builtin-Creation-Time
+adminDescription: Builtin-Creation-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: builtinCreationTime
+schemaIDGUID:: L3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Builtin-Modified-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Builtin-Modified-Count
+attributeID: 1.2.840.113556.1.4.14
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Builtin-Modified-Count
+adminDescription: Builtin-Modified-Count
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: builtinModifiedCount
+schemaIDGUID:: MHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Business-Category,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Business-Category
+attributeID: 2.5.4.15
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 32855
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Business-Category
+adminDescription: Business-Category
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: businessCategory
+schemaIDGUID:: MXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Bytes-Per-Minute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Bytes-Per-Minute
+attributeID: 1.2.840.113556.1.4.284
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Bytes-Per-Minute
+adminDescription: Bytes-Per-Minute
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: bytesPerMinute
+schemaIDGUID:: dl8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CA-Certificate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CA-Certificate
+attributeID: 2.5.4.37
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 32771
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CA-Certificate
+adminDescription: CA-Certificate
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: cACertificate
+schemaIDGUID:: MnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CA-Certificate-DN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CA-Certificate-DN
+attributeID: 1.2.840.113556.1.4.697
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CA-Certificate-DN
+adminDescription: CA-Certificate-DN
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cACertificateDN
+schemaIDGUID:: QCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CA-Connect,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CA-Connect
+attributeID: 1.2.840.113556.1.4.687
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CA-Connect
+adminDescription: CA-Connect
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cAConnect
+schemaIDGUID:: NSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CA-Usages,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CA-Usages
+attributeID: 1.2.840.113556.1.4.690
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CA-Usages
+adminDescription: CA-Usages
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cAUsages
+schemaIDGUID:: OCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CA-WEB-URL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CA-WEB-URL
+attributeID: 1.2.840.113556.1.4.688
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CA-WEB-URL
+adminDescription: CA-WEB-URL
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cAWEBURL
+schemaIDGUID:: Nic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Can-Upgrade-Script,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Can-Upgrade-Script
+attributeID: 1.2.840.113556.1.4.815
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Can-Upgrade-Script
+adminDescription: Can-Upgrade-Script
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: canUpgradeScript
+schemaIDGUID:: FIPh2TmJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Canonical-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Canonical-Name
+attributeID: 1.2.840.113556.1.4.916
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Canonical-Name
+adminDescription: Canonical-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: canonicalName
+schemaFlagsEx: 1
+schemaIDGUID:: Rdl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=carLicense,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: carLicense
+attributeID: 2.16.840.1.113730.3.1.1
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: carLicense
+adminDescription: Vehicle license or registration plate.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: carLicense
+schemaIDGUID:: kpwV1H2Vh0qKZ40pNOAWSQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Catalogs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Catalogs
+attributeID: 1.2.840.113556.1.4.675
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Catalogs
+adminDescription: Catalogs
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: catalogs
+schemaIDGUID:: gcv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Categories,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Categories
+attributeID: 1.2.840.113556.1.4.672
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Categories
+adminDescription: Categories
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: categories
+schemaIDGUID:: fsv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Category-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Category-Id
+attributeID: 1.2.840.113556.1.4.322
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Category-Id
+adminDescription: Category-Id
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: categoryId
+schemaIDGUID:: lA5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Certificate-Authority-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Certificate-Authority-Object
+attributeID: 1.2.840.113556.1.4.684
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Certificate-Authority-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Certificate-Authority-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: certificateAuthorityObject
+schemaIDGUID:: Mic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Certificate-Revocation-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Certificate-Revocation-List
+attributeID: 2.5.4.39
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 10485760
+mAPIID: 32790
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Certificate-Revocation-List
+adminDescription: Certificate-Revocation-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: certificateRevocationList
+schemaIDGUID:: n1d3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Certificate-Templates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Certificate-Templates
+attributeID: 1.2.840.113556.1.4.823
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Certificate-Templates
+adminDescription: Certificate-Templates
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: certificateTemplates
+schemaIDGUID:: scU5KmCJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Class-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Class-Display-Name
+attributeID: 1.2.840.113556.1.4.610
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Class-Display-Name
+adminDescription: Class-Display-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: classDisplayName
+schemaIDGUID:: IhyOVKbe0BGwEAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Code-Page,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Code-Page
+attributeID: 1.2.840.113556.1.4.16
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Code-Page
+adminDescription: Code-Page
+oMSyntax: 2
+searchFlags: 16
+lDAPDisplayName: codePage
+schemaFlagsEx: 1
+schemaIDGUID:: OHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-ClassID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-ClassID
+attributeID: 1.2.840.113556.1.4.19
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-ClassID
+adminDescription: COM-ClassID
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: cOMClassID
+schemaIDGUID:: O3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-CLSID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-CLSID
+attributeID: 1.2.840.113556.1.4.249
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-CLSID
+adminDescription: COM-CLSID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMCLSID
+schemaIDGUID:: 2RYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-InterfaceID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-InterfaceID
+attributeID: 1.2.840.113556.1.4.20
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-InterfaceID
+adminDescription: COM-InterfaceID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMInterfaceID
+schemaIDGUID:: PHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-Other-Prog-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-Other-Prog-Id
+attributeID: 1.2.840.113556.1.4.253
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-Other-Prog-Id
+adminDescription: COM-Other-Prog-Id
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMOtherProgId
+schemaIDGUID:: 3RYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-ProgID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-ProgID
+attributeID: 1.2.840.113556.1.4.21
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-ProgID
+adminDescription: COM-ProgID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMProgID
+schemaIDGUID:: PXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-Treat-As-Class-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-Treat-As-Class-Id
+attributeID: 1.2.840.113556.1.4.251
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-Treat-As-Class-Id
+adminDescription: COM-Treat-As-Class-Id
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMTreatAsClassId
+schemaIDGUID:: 2xYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-Typelib-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-Typelib-Id
+attributeID: 1.2.840.113556.1.4.254
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-Typelib-Id
+adminDescription: COM-Typelib-Id
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMTypelibId
+schemaIDGUID:: 3hYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-Unique-LIBID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-Unique-LIBID
+attributeID: 1.2.840.113556.1.4.250
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-Unique-LIBID
+adminDescription: COM-Unique-LIBID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMUniqueLIBID
+schemaIDGUID:: 2hYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Comment,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Comment
+attributeID: 1.2.840.113556.1.2.81
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+mAPIID: 12292
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Comment
+adminDescription: Comment
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: info
+schemaIDGUID:: PnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Common-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Common-Name
+attributeID: 2.5.4.3
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14863
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Common-Name
+adminDescription: Common-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: cn
+schemaFlagsEx: 1
+schemaIDGUID:: P3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Company,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Company
+attributeID: 1.2.840.113556.1.2.146
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14870
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Company
+adminDescription: Company
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: company
+schemaIDGUID:: iP/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Content-Indexing-Allowed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Content-Indexing-Allowed
+attributeID: 1.2.840.113556.1.4.24
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Content-Indexing-Allowed
+adminDescription: Content-Indexing-Allowed
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: contentIndexingAllowed
+schemaIDGUID:: Q3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Context-Menu,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Context-Menu
+attributeID: 1.2.840.113556.1.4.499
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Context-Menu
+adminDescription: Context-Menu
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: contextMenu
+schemaIDGUID:: 7gGGTYWs0BGv4wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Control-Access-Rights,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Control-Access-Rights
+attributeID: 1.2.840.113556.1.4.200
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Control-Access-Rights
+adminDescription: Control-Access-Rights
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: controlAccessRights
+schemaIDGUID:: /KSobVIO0BGihgCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Cost,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Cost
+attributeID: 1.2.840.113556.1.2.135
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 32872
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Cost
+adminDescription: Cost
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: cost
+schemaFlagsEx: 1
+schemaIDGUID:: RHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Country-Code,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Country-Code
+attributeID: 1.2.840.113556.1.4.25
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Country-Code
+adminDescription: Country-Code
+oMSyntax: 2
+searchFlags: 16
+lDAPDisplayName: countryCode
+schemaFlagsEx: 1
+schemaIDGUID:: cSTUX2IS0BGgYACqAGwz7Q==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Country-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Country-Name
+attributeID: 2.5.4.6
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 3
+mAPIID: 32873
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Country-Name
+adminDescription: Country-Name
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: c
+schemaFlagsEx: 1
+schemaIDGUID:: RXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Create-Dialog,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Create-Dialog
+attributeID: 1.2.840.113556.1.4.810
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Create-Dialog
+adminDescription: Create-Dialog
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: createDialog
+schemaIDGUID:: ipUJKzGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Create-Time-Stamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Create-Time-Stamp
+attributeID: 2.5.18.1
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Create-Time-Stamp
+adminDescription: Create-Time-Stamp
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: createTimeStamp
+schemaFlagsEx: 1
+schemaIDGUID:: cw35LZ8A0hGqTADAT9fYOg==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Create-Wizard-Ext,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Create-Wizard-Ext
+attributeID: 1.2.840.113556.1.4.812
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Create-Wizard-Ext
+adminDescription: Create-Wizard-Ext
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: createWizardExt
+schemaIDGUID:: i5UJKzGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Creation-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Creation-Time
+attributeID: 1.2.840.113556.1.4.26
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Creation-Time
+adminDescription: Creation-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: creationTime
+schemaFlagsEx: 1
+schemaIDGUID:: RnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Creation-Wizard,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Creation-Wizard
+attributeID: 1.2.840.113556.1.4.498
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Creation-Wizard
+adminDescription: Creation-Wizard
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: creationWizard
+schemaIDGUID:: 7QGGTYWs0BGv4wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Creator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Creator
+attributeID: 1.2.840.113556.1.4.679
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Creator
+adminDescription: Creator
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: creator
+schemaIDGUID:: hcv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CRL-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CRL-Object
+attributeID: 1.2.840.113556.1.4.689
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CRL-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: CRL-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: cRLObject
+schemaIDGUID:: Nyc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CRL-Partitioned-Revocation-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CRL-Partitioned-Revocation-List
+attributeID: 1.2.840.113556.1.4.683
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 10485760
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CRL-Partitioned-Revocation-List
+adminDescription: CRL-Partitioned-Revocation-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: cRLPartitionedRevocationList
+schemaIDGUID:: MSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Cross-Certificate-Pair,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Cross-Certificate-Pair
+attributeID: 2.5.4.40
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 32768
+mAPIID: 32805
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Cross-Certificate-Pair
+adminDescription: Cross-Certificate-Pair
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: crossCertificatePair
+schemaIDGUID:: sld3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Curr-Machine-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Curr-Machine-Id
+attributeID: 1.2.840.113556.1.4.337
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Curr-Machine-Id
+adminDescription: Curr-Machine-Id
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: currMachineId
+schemaIDGUID:: /nUAH0B+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Current-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Current-Location
+attributeID: 1.2.840.113556.1.4.335
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 32
+rangeUpper: 32
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Current-Location
+adminDescription: Current-Location
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: currentLocation
+schemaIDGUID:: /HUAH0B+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Current-Parent-CA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Current-Parent-CA
+attributeID: 1.2.840.113556.1.4.696
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Current-Parent-CA
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Current-Parent-CA
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: currentParentCA
+schemaIDGUID:: Pyc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Current-Value,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Current-Value
+attributeID: 1.2.840.113556.1.4.27
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Current-Value
+adminDescription: Current-Value
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: currentValue
+schemaFlagsEx: 1
+schemaIDGUID:: R3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DBCS-Pwd,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DBCS-Pwd
+attributeID: 1.2.840.113556.1.4.55
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DBCS-Pwd
+adminDescription: DBCS-Pwd
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dBCSPwd
+schemaFlagsEx: 1
+schemaIDGUID:: nHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Class-Store,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Class-Store
+attributeID: 1.2.840.113556.1.4.213
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Class-Store
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Default-Class-Store
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: defaultClassStore
+schemaIDGUID:: SHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Group
+attributeID: 1.2.840.113556.1.4.480
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Group
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Default-Group
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: defaultGroup
+schemaIDGUID:: 4sQLckql0BGv3wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Hiding-Value,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Hiding-Value
+attributeID: 1.2.840.113556.1.4.518
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Hiding-Value
+adminDescription: Default-Hiding-Value
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: defaultHidingValue
+schemaFlagsEx: 1
+schemaIDGUID:: FjGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Local-Policy-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Local-Policy-Object
+attributeID: 1.2.840.113556.1.4.57
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Local-Policy-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Default-Local-Policy-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: defaultLocalPolicyObject
+schemaIDGUID:: n3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Object-Category,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Object-Category
+attributeID: 1.2.840.113556.1.4.783
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Object-Category
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Default-Object-Category
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: defaultObjectCategory
+schemaFlagsEx: 1
+schemaIDGUID:: Z3PZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Priority
+attributeID: 1.2.840.113556.1.4.232
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Priority
+adminDescription: Default-Priority
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: defaultPriority
+schemaIDGUID:: yBYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Security-Descriptor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Security-Descriptor
+attributeID: 1.2.840.113556.1.4.224
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Security-Descriptor
+adminDescription: Default-Security-Descriptor
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: defaultSecurityDescriptor
+schemaFlagsEx: 1
+schemaIDGUID:: MG16gGkW0BGgZACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Delta-Revocation-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Delta-Revocation-List
+attributeID: 2.5.4.53
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 10485760
+mAPIID: 35910
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Delta-Revocation-List
+adminDescription: Delta-Revocation-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: deltaRevocationList
+schemaIDGUID:: tVd3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Department,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Department
+attributeID: 1.2.840.113556.1.2.141
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14872
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Department
+adminDescription: Department
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: department
+schemaIDGUID:: T3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=departmentNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: departmentNumber
+attributeID: 2.16.840.1.113730.3.1.2
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: departmentNumber
+adminDescription: Identifies a department within an organization.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: departmentNumber
+schemaIDGUID:: 7vaevsfLIk+ye5aWfn7lhQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Description
+attributeID: 2.5.4.13
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 1024
+mAPIID: 32879
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Description
+adminDescription: Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: description
+schemaFlagsEx: 1
+schemaIDGUID:: UHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Desktop-Profile,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Desktop-Profile
+attributeID: 1.2.840.113556.1.4.346
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Desktop-Profile
+adminDescription: Desktop-Profile
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: desktopProfile
+schemaIDGUID:: Blmm7saK0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Destination-Indicator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Destination-Indicator
+attributeID: 2.5.4.27
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 32880
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Destination-Indicator
+adminDescription: Destination-Indicator
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: destinationIndicator
+schemaIDGUID:: UXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Classes
+attributeID: 1.2.840.113556.1.4.715
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Classes
+adminDescription: dhcp-Classes
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dhcpClasses
+schemaIDGUID:: UCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Flags
+attributeID: 1.2.840.113556.1.4.700
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Flags
+adminDescription: dhcp-Flags
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: dhcpFlags
+schemaIDGUID:: QSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Identification,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Identification
+attributeID: 1.2.840.113556.1.4.701
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Identification
+adminDescription: dhcp-Identification
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dhcpIdentification
+schemaIDGUID:: Qic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Mask,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Mask
+attributeID: 1.2.840.113556.1.4.706
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Mask
+adminDescription: dhcp-Mask
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: dhcpMask
+schemaIDGUID:: Ryc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-MaxKey,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-MaxKey
+attributeID: 1.2.840.113556.1.4.719
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-MaxKey
+adminDescription: dhcp-MaxKey
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: dhcpMaxKey
+schemaIDGUID:: VCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Obj-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Obj-Description
+attributeID: 1.2.840.113556.1.4.703
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Obj-Description
+adminDescription: dhcp-Obj-Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dhcpObjDescription
+schemaIDGUID:: RCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Obj-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Obj-Name
+attributeID: 1.2.840.113556.1.4.702
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Obj-Name
+adminDescription: dhcp-Obj-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dhcpObjName
+schemaIDGUID:: Qyc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Options,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Options
+attributeID: 1.2.840.113556.1.4.714
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Options
+adminDescription: dhcp-Options
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dhcpOptions
+schemaIDGUID:: Tyc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Properties,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Properties
+attributeID: 1.2.840.113556.1.4.718
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Properties
+adminDescription: dhcp-Properties
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dhcpProperties
+schemaIDGUID:: Uyc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Ranges,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Ranges
+attributeID: 1.2.840.113556.1.4.707
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Ranges
+adminDescription: dhcp-Ranges
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: dhcpRanges
+schemaIDGUID:: SCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Reservations,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Reservations
+attributeID: 1.2.840.113556.1.4.709
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Reservations
+adminDescription: dhcp-Reservations
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: dhcpReservations
+schemaIDGUID:: Sic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Servers
+attributeID: 1.2.840.113556.1.4.704
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Servers
+adminDescription: dhcp-Servers
+oMSyntax: 19
+searchFlags: 0
+extendedCharsAllowed: TRUE
+lDAPDisplayName: dhcpServers
+schemaIDGUID:: RSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Sites,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Sites
+attributeID: 1.2.840.113556.1.4.708
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Sites
+adminDescription: dhcp-Sites
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: dhcpSites
+schemaIDGUID:: SSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-State,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-State
+attributeID: 1.2.840.113556.1.4.717
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-State
+adminDescription: dhcp-State
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: dhcpState
+schemaIDGUID:: Uic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Subnets,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Subnets
+attributeID: 1.2.840.113556.1.4.705
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Subnets
+adminDescription: dhcp-Subnets
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: dhcpSubnets
+schemaIDGUID:: Ric9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Type
+attributeID: 1.2.840.113556.1.4.699
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Type
+adminDescription: dhcp-Type
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: dhcpType
+schemaIDGUID:: Oyc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Unique-Key,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Unique-Key
+attributeID: 1.2.840.113556.1.4.698
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Unique-Key
+adminDescription: dhcp-Unique-Key
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: dhcpUniqueKey
+schemaIDGUID:: Oic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Update-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Update-Time
+attributeID: 1.2.840.113556.1.4.720
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Update-Time
+adminDescription: dhcp-Update-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: dhcpUpdateTime
+schemaIDGUID:: VSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Display-Name
+attributeID: 1.2.840.113556.1.2.13
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Display-Name
+adminDescription: Display-Name
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: displayName
+schemaFlagsEx: 1
+schemaIDGUID:: U3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Display-Name-Printable,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Display-Name-Printable
+attributeID: 1.2.840.113556.1.2.353
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+mAPIID: 14847
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Display-Name-Printable
+adminDescription: Display-Name-Printable
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: displayNamePrintable
+schemaFlagsEx: 1
+schemaIDGUID:: VHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DIT-Content-Rules,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DIT-Content-Rules
+attributeID: 2.5.21.2
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DIT-Content-Rules
+adminDescription: DIT-Content-Rules
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dITContentRules
+schemaFlagsEx: 1
+schemaIDGUID:: Rtl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Division,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Division
+attributeID: 1.2.840.113556.1.4.261
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Division
+adminDescription: Division
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: division
+schemaIDGUID:: oDZh/nMg0BGpwgCqAGwz7Q==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DMD-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DMD-Location
+attributeID: 1.2.840.113556.1.2.36
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DMD-Location
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: DMD-Location
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: dMDLocation
+schemaFlagsEx: 1
+schemaIDGUID:: i//48JER0BGgYACqAGwz7Q==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DMD-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DMD-Name
+attributeID: 1.2.840.113556.1.2.598
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+mAPIID: 35926
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DMD-Name
+adminDescription: DMD-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dmdName
+schemaIDGUID:: uVd3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DN-Reference-Update,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DN-Reference-Update
+attributeID: 1.2.840.113556.1.4.1242
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DN-Reference-Update
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: DN-Reference-Update
+oMSyntax: 127
+searchFlags: 8
+lDAPDisplayName: dNReferenceUpdate
+schemaFlagsEx: 1
+schemaIDGUID:: hg35LZ8A0hGqTADAT9fYOg==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Allow-Dynamic,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dns-Allow-Dynamic
+attributeID: 1.2.840.113556.1.4.378
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Allow-Dynamic
+adminDescription: Dns-Allow-Dynamic
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: dnsAllowDynamic
+schemaIDGUID:: ZR764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Allow-XFR,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dns-Allow-XFR
+attributeID: 1.2.840.113556.1.4.379
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Allow-XFR
+adminDescription: Dns-Allow-XFR
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: dnsAllowXFR
+schemaIDGUID:: Zh764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DNS-Host-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DNS-Host-Name
+attributeID: 1.2.840.113556.1.4.619
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DNS-Host-Name
+adminDescription: DNS-Host-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dNSHostName
+schemaFlagsEx: 1
+schemaIDGUID:: R5Xjchh70RGt7wDAT9jVzQ==
+attributeSecurityGUID:: R5Xjchh70RGt7wDAT9jVzQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Notify-Secondaries,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dns-Notify-Secondaries
+attributeID: 1.2.840.113556.1.4.381
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Notify-Secondaries
+adminDescription: Dns-Notify-Secondaries
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: dnsNotifySecondaries
+schemaIDGUID:: aB764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DNS-Property,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DNS-Property
+attributeID: 1.2.840.113556.1.4.1306
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DNS-Property
+adminDescription: DNS-Property
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dNSProperty
+schemaIDGUID:: /hVaZ3A70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Record,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dns-Record
+attributeID: 1.2.840.113556.1.4.382
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Record
+adminDescription: Dns-Record
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dnsRecord
+schemaIDGUID:: aR764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Root,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dns-Root
+attributeID: 1.2.840.113556.1.4.28
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Root
+adminDescription: Dns-Root
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: dnsRoot
+schemaFlagsEx: 1
+schemaIDGUID:: WXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Secure-Secondaries,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dns-Secure-Secondaries
+attributeID: 1.2.840.113556.1.4.380
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Secure-Secondaries
+adminDescription: Dns-Secure-Secondaries
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: dnsSecureSecondaries
+schemaIDGUID:: Zx764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DNS-Tombstoned,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DNS-Tombstoned
+attributeID: 1.2.840.113556.1.4.1414
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DNS-Tombstoned
+adminDescription: DNS-Tombstoned
+oMSyntax: 1
+searchFlags: 1
+lDAPDisplayName: dNSTombstoned
+schemaIDGUID:: ty7r1U6+O0aiFGNKRNc5Lg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentAuthor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: documentAuthor
+attributeID: 0.9.2342.19200300.100.1.14
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentAuthor
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ The documentAuthor attribute type specifies the distinguished name of the auth
+ or of a document.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: documentAuthor
+schemaIDGUID:: GY6K8V+veESwlm81wn64Pw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentIdentifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: documentIdentifier
+attributeID: 0.9.2342.19200300.100.1.11
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentIdentifier
+adminDescription: 
+ The documentIdentifier attribute type specifies a unique identifier for a docu
+ ment.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: documentIdentifier
+schemaIDGUID:: gs4hC2P/2UaQ+8i58k6XuQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentLocation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: documentLocation
+attributeID: 0.9.2342.19200300.100.1.15
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentLocation
+adminDescription: 
+ The documentLocation attribute type specifies the location of the document ori
+ ginal.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: documentLocation
+schemaIDGUID:: TrFYuW2sxE6Ikr5wtp9ygQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentPublisher,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: documentPublisher
+attributeID: 0.9.2342.19200300.100.1.56
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentPublisher
+adminDescription: 
+ The documentPublisher attribute is the person and/or organization that publish
+ ed a document.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: documentPublisher
+schemaIDGUID:: 1wkPF2nrikSaMPGv7P0y1w==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentTitle,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: documentTitle
+attributeID: 0.9.2342.19200300.100.1.12
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentTitle
+adminDescription: 
+ The documentTitle attribute type specifies the title of a document.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: documentTitle
+schemaIDGUID:: nFom3iz/uUeR3G5v4sQwYg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentVersion,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: documentVersion
+attributeID: 0.9.2342.19200300.100.1.13
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentVersion
+adminDescription: 
+ The documentVersion attribute type specifies the version number of a document.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: documentVersion
+schemaIDGUID:: qaizlBPW7EyarV+8wQRrQw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Certificate-Authorities,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Certificate-Authorities
+attributeID: 1.2.840.113556.1.4.668
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Certificate-Authorities
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Domain-Certificate-Authorities
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: domainCAs
+schemaIDGUID:: esv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Component,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Component
+attributeID: 0.9.2342.19200300.100.1.25
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Component
+adminDescription: Domain-Component
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dc
+schemaFlagsEx: 1
+schemaIDGUID:: VVoZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Cross-Ref,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Cross-Ref
+attributeID: 1.2.840.113556.1.4.472
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Cross-Ref
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Domain-Cross-Ref
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: domainCrossRef
+schemaFlagsEx: 1
+schemaIDGUID:: e+oAsIag0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-ID
+attributeID: 1.2.840.113556.1.4.686
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-ID
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Domain-ID
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: domainID
+schemaIDGUID:: NCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Identifier
+attributeID: 1.2.840.113556.1.4.755
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Identifier
+adminDescription: Domain-Identifier
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: domainIdentifier
+schemaIDGUID:: eBJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Policy-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Policy-Object
+attributeID: 1.2.840.113556.1.4.32
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Policy-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Domain-Policy-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: domainPolicyObject
+schemaIDGUID:: XXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Policy-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Policy-Reference
+attributeID: 1.2.840.113556.1.4.422
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Policy-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Domain-Policy-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: domainPolicyReference
+schemaIDGUID:: Kn6mgCKf0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: /omboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Replica,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Replica
+attributeID: 1.2.840.113556.1.4.158
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Replica
+adminDescription: Domain-Replica
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: domainReplica
+schemaFlagsEx: 1
+schemaIDGUID:: XnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Wide-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Wide-Policy
+attributeID: 1.2.840.113556.1.4.421
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Wide-Policy
+adminDescription: Domain-Wide-Policy
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: domainWidePolicy
+schemaIDGUID:: KX6mgCKf0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: /YmboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=drink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: drink
+attributeID: 0.9.2342.19200300.100.1.5
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: drink
+adminDescription: 
+ The drink (Favourite Drink) attribute type specifies the favorite drink of an 
+ object (or person).
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: drink
+schemaIDGUID:: taUaGi4m9k2vBCz2sNgASA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Driver-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Driver-Name
+attributeID: 1.2.840.113556.1.4.229
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Driver-Name
+adminDescription: Driver-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: driverName
+schemaIDGUID:: xRYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Driver-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Driver-Version
+attributeID: 1.2.840.113556.1.4.276
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Driver-Version
+adminDescription: Driver-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: driverVersion
+schemaIDGUID:: bl8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DS-Core-Propagation-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DS-Core-Propagation-Data
+attributeID: 1.2.840.113556.1.4.1357
+attributeSyntax: 2.5.5.11
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DS-Core-Propagation-Data
+adminDescription: DS-Core-Propagation-Data
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: dSCorePropagationData
+schemaFlagsEx: 1
+schemaIDGUID:: S6pn0QiL0hGZOQAA+HpX1A==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DS-Heuristics,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DS-Heuristics
+attributeID: 1.2.840.113556.1.2.212
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DS-Heuristics
+adminDescription: DS-Heuristics
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dSHeuristics
+schemaFlagsEx: 1
+schemaIDGUID:: hv/48JER0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DS-UI-Admin-Maximum,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DS-UI-Admin-Maximum
+attributeID: 1.2.840.113556.1.4.1344
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DS-UI-Admin-Maximum
+adminDescription: DS-UI-Admin-Maximum
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: dSUIAdminMaximum
+schemaIDGUID:: 4AqN7pFv0hGZBQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DS-UI-Admin-Notification,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DS-UI-Admin-Notification
+attributeID: 1.2.840.113556.1.4.1343
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DS-UI-Admin-Notification
+adminDescription: DS-UI-Admin-Notification
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dSUIAdminNotification
+schemaIDGUID:: lArq9pFv0hGZBQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DS-UI-Shell-Maximum,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DS-UI-Shell-Maximum
+attributeID: 1.2.840.113556.1.4.1345
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DS-UI-Shell-Maximum
+adminDescription: DS-UI-Shell-Maximum
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: dSUIShellMaximum
+schemaIDGUID:: anbK/JFv0hGZBQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DSA-Signature,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DSA-Signature
+attributeID: 1.2.840.113556.1.2.74
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+mAPIID: 32887
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DSA-Signature
+adminDescription: DSA-Signature
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dSASignature
+schemaFlagsEx: 1
+schemaIDGUID:: vFd3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dynamic-LDAP-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dynamic-LDAP-Server
+attributeID: 1.2.840.113556.1.4.537
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dynamic-LDAP-Server
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Dynamic-LDAP-Server
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: dynamicLDAPServer
+schemaIDGUID:: IYBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=E-mail-Addresses,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: E-mail-Addresses
+attributeID: 0.9.2342.19200300.100.1.3
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 256
+mAPIID: 14846
+showInAdvancedViewOnly: TRUE
+adminDisplayName: E-mail-Addresses
+adminDescription: E-mail-Addresses
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: mail
+schemaIDGUID:: YXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=EFSPolicy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: EFSPolicy
+attributeID: 1.2.840.113556.1.4.268
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: EFSPolicy
+adminDescription: EFSPolicy
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: eFSPolicy
+schemaFlagsEx: 1
+schemaIDGUID:: 7LJOjhJH0BGhoADAT9kwyQ==
+attributeSecurityGUID:: /YmboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Employee-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Employee-ID
+attributeID: 1.2.840.113556.1.4.35
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Employee-ID
+adminDescription: Employee-ID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: employeeID
+schemaIDGUID:: YnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Employee-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Employee-Number
+attributeID: 1.2.840.113556.1.2.610
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 512
+mAPIID: 35943
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Employee-Number
+adminDescription: Employee-Number
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: employeeNumber
+schemaIDGUID:: 73PfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Employee-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Employee-Type
+attributeID: 1.2.840.113556.1.2.613
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+mAPIID: 35945
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Employee-Type
+adminDescription: Employee-Type
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: employeeType
+schemaIDGUID:: 8HPfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Enabled
+attributeID: 1.2.840.113556.1.2.557
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+mAPIID: 35873
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Enabled
+adminDescription: Enabled
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: Enabled
+schemaFlagsEx: 1
+schemaIDGUID:: 8nPfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Enabled-Connection,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Enabled-Connection
+attributeID: 1.2.840.113556.1.4.36
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Enabled-Connection
+adminDescription: Enabled-Connection
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: enabledConnection
+schemaFlagsEx: 1
+schemaIDGUID:: Y3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Enrollment-Providers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Enrollment-Providers
+attributeID: 1.2.840.113556.1.4.825
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Enrollment-Providers
+adminDescription: Enrollment-Providers
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: enrollmentProviders
+schemaIDGUID:: s8U5KmCJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Entry-TTL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Entry-TTL
+description: 
+ This operational attribute is present in every dynamic entry and is maintained
+  by the server. The value of this attribute is the time-in-seconds that the en
+ try will continue to exist before disappearing from the directory. In the abse
+ nce of intervening "refresh" operations, the values returned by reading the at
+ tribute in two successive searches are guaranteed to be non-increasing. The sm
+ allest permissible value is 0, indicating that the entry may disappear without
+  warning.
+attributeID: 1.3.6.1.4.1.1466.101.119.3
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 31557600
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Entry-TTL
+adminDescription: Entry-TTL
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: entryTTL
+schemaIDGUID:: zN4T0hrYhEOqwtz8/WMc+A==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Extended-Attribute-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Extended-Attribute-Info
+attributeID: 1.2.840.113556.1.4.909
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Extended-Attribute-Info
+adminDescription: Extended-Attribute-Info
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: extendedAttributeInfo
+schemaFlagsEx: 1
+schemaIDGUID:: R9l6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Extended-Chars-Allowed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Extended-Chars-Allowed
+attributeID: 1.2.840.113556.1.2.380
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+mAPIID: 32935
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Extended-Chars-Allowed
+adminDescription: Extended-Chars-Allowed
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: extendedCharsAllowed
+schemaFlagsEx: 1
+schemaIDGUID:: ZnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Extended-Class-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Extended-Class-Info
+attributeID: 1.2.840.113556.1.4.908
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Extended-Class-Info
+adminDescription: Extended-Class-Info
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: extendedClassInfo
+schemaFlagsEx: 1
+schemaIDGUID:: SNl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Extension-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Extension-Name
+attributeID: 1.2.840.113556.1.2.227
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 255
+mAPIID: 32937
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Extension-Name
+adminDescription: Extension-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: extensionName
+schemaIDGUID:: cnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Extra-Columns,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Extra-Columns
+attributeID: 1.2.840.113556.1.4.1687
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Extra-Columns
+adminDescription: Extra-Columns
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: extraColumns
+schemaIDGUID:: RihO0tkdz0uZ16YifMhtpw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Facsimile-Telephone-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Facsimile-Telephone-Number
+attributeID: 2.5.4.23
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14883
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Facsimile-Telephone-Number
+adminDescription: Facsimile-Telephone-Number
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: facsimileTelephoneNumber
+schemaIDGUID:: dHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=File-Ext-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: File-Ext-Priority
+attributeID: 1.2.840.113556.1.4.816
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: File-Ext-Priority
+adminDescription: File-Ext-Priority
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: fileExtPriority
+schemaIDGUID:: FYPh2TmJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Flags
+attributeID: 1.2.840.113556.1.4.38
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Flags
+adminDescription: Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: flags
+schemaIDGUID:: dnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Flat-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Flat-Name
+attributeID: 1.2.840.113556.1.4.511
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Flat-Name
+adminDescription: Flat-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: flatName
+schemaFlagsEx: 1
+schemaIDGUID:: FzGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Force-Logoff,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Force-Logoff
+attributeID: 1.2.840.113556.1.4.39
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Force-Logoff
+adminDescription: Force-Logoff
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: forceLogoff
+schemaFlagsEx: 1
+schemaIDGUID:: d3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Foreign-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Foreign-Identifier
+attributeID: 1.2.840.113556.1.4.356
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Foreign-Identifier
+adminDescription: Foreign-Identifier
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: foreignIdentifier
+schemaIDGUID:: HomXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Friendly-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Friendly-Names
+attributeID: 1.2.840.113556.1.4.682
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Friendly-Names
+adminDescription: Friendly-Names
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: friendlyNames
+schemaIDGUID:: iMv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=From-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: From-Entry
+attributeID: 1.2.840.113556.1.4.910
+attributeSyntax: 2.5.5.8
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: From-Entry
+adminDescription: From-Entry
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: fromEntry
+schemaFlagsEx: 1
+schemaIDGUID:: Sdl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=From-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: From-Server
+attributeID: 1.2.840.113556.1.4.40
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: From-Server
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: From-Server
+oMSyntax: 127
+searchFlags: 1
+lDAPDisplayName: fromServer
+schemaFlagsEx: 1
+schemaIDGUID:: eXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Frs-Computer-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Frs-Computer-Reference
+attributeID: 1.2.840.113556.1.4.869
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 102
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Frs-Computer-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Frs-Computer-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: frsComputerReference
+schemaIDGUID:: eCUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Frs-Computer-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Frs-Computer-Reference-BL
+attributeID: 1.2.840.113556.1.4.870
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 103
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Frs-Computer-Reference-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Frs-Computer-Reference-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: frsComputerReferenceBL
+schemaIDGUID:: eSUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Control-Data-Creation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Control-Data-Creation
+attributeID: 1.2.840.113556.1.4.871
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Control-Data-Creation
+adminDescription: FRS-Control-Data-Creation
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSControlDataCreation
+schemaIDGUID:: eiUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Control-Inbound-Backlog,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Control-Inbound-Backlog
+attributeID: 1.2.840.113556.1.4.872
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Control-Inbound-Backlog
+adminDescription: FRS-Control-Inbound-Backlog
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSControlInboundBacklog
+schemaIDGUID:: eyUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Control-Outbound-Backlog,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Control-Outbound-Backlog
+attributeID: 1.2.840.113556.1.4.873
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Control-Outbound-Backlog
+adminDescription: FRS-Control-Outbound-Backlog
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSControlOutboundBacklog
+schemaIDGUID:: fCUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Directory-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Directory-Filter
+attributeID: 1.2.840.113556.1.4.484
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Directory-Filter
+adminDescription: FRS-Directory-Filter
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSDirectoryFilter
+schemaIDGUID:: cfHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-DS-Poll,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-DS-Poll
+attributeID: 1.2.840.113556.1.4.490
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-DS-Poll
+adminDescription: FRS-DS-Poll
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: fRSDSPoll
+schemaIDGUID:: d/HoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Extensions,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Extensions
+attributeID: 1.2.840.113556.1.4.536
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Extensions
+adminDescription: FRS-Extensions
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: fRSExtensions
+schemaIDGUID:: IIBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Fault-Condition,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Fault-Condition
+attributeID: 1.2.840.113556.1.4.491
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Fault-Condition
+adminDescription: FRS-Fault-Condition
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSFaultCondition
+schemaIDGUID:: ePHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-File-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-File-Filter
+attributeID: 1.2.840.113556.1.4.483
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-File-Filter
+adminDescription: FRS-File-Filter
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSFileFilter
+schemaIDGUID:: cPHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Flags
+attributeID: 1.2.840.113556.1.4.874
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Flags
+adminDescription: FRS-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: fRSFlags
+schemaIDGUID:: fSUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Level-Limit,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Level-Limit
+attributeID: 1.2.840.113556.1.4.534
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Level-Limit
+adminDescription: FRS-Level-Limit
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: fRSLevelLimit
+schemaIDGUID:: HoBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Member-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Member-Reference
+attributeID: 1.2.840.113556.1.4.875
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 104
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Member-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: FRS-Member-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: fRSMemberReference
+schemaIDGUID:: fiUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Member-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Member-Reference-BL
+attributeID: 1.2.840.113556.1.4.876
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 105
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Member-Reference-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: FRS-Member-Reference-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: fRSMemberReferenceBL
+schemaIDGUID:: fyUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Partner-Auth-Level,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Partner-Auth-Level
+attributeID: 1.2.840.113556.1.4.877
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Partner-Auth-Level
+adminDescription: FRS-Partner-Auth-Level
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: fRSPartnerAuthLevel
+schemaIDGUID:: gCUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Primary-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Primary-Member
+attributeID: 1.2.840.113556.1.4.878
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 106
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Primary-Member
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: FRS-Primary-Member
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: fRSPrimaryMember
+schemaIDGUID:: gSUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Replica-Set-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Replica-Set-GUID
+attributeID: 1.2.840.113556.1.4.533
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Replica-Set-GUID
+adminDescription: FRS-Replica-Set-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: fRSReplicaSetGUID
+schemaIDGUID:: GoBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Replica-Set-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Replica-Set-Type
+attributeID: 1.2.840.113556.1.4.31
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Replica-Set-Type
+adminDescription: FRS-Replica-Set-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: fRSReplicaSetType
+schemaIDGUID:: a3PZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Root-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Root-Path
+attributeID: 1.2.840.113556.1.4.487
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Root-Path
+adminDescription: FRS-Root-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSRootPath
+schemaIDGUID:: dPHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Root-Security,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Root-Security
+attributeID: 1.2.840.113556.1.4.535
+attributeSyntax: 2.5.5.15
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Root-Security
+adminDescription: FRS-Root-Security
+oMSyntax: 66
+searchFlags: 0
+lDAPDisplayName: fRSRootSecurity
+schemaIDGUID:: H4BFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Service-Command,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Service-Command
+attributeID: 1.2.840.113556.1.4.500
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Service-Command
+adminDescription: FRS-Service-Command
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSServiceCommand
+schemaIDGUID:: 7gys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Service-Command-Status,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Service-Command-Status
+attributeID: 1.2.840.113556.1.4.879
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Service-Command-Status
+adminDescription: FRS-Service-Command-Status
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSServiceCommandStatus
+schemaIDGUID:: giUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Staging-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Staging-Path
+attributeID: 1.2.840.113556.1.4.488
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Staging-Path
+adminDescription: FRS-Staging-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSStagingPath
+schemaIDGUID:: dfHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Time-Last-Command,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Time-Last-Command
+attributeID: 1.2.840.113556.1.4.880
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Time-Last-Command
+adminDescription: FRS-Time-Last-Command
+oMSyntax: 23
+searchFlags: 0
+lDAPDisplayName: fRSTimeLastCommand
+schemaIDGUID:: gyUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Time-Last-Config-Change,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Time-Last-Config-Change
+attributeID: 1.2.840.113556.1.4.881
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Time-Last-Config-Change
+adminDescription: FRS-Time-Last-Config-Change
+oMSyntax: 23
+searchFlags: 0
+lDAPDisplayName: fRSTimeLastConfigChange
+schemaIDGUID:: hCUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Update-Timeout,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Update-Timeout
+attributeID: 1.2.840.113556.1.4.485
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Update-Timeout
+adminDescription: FRS-Update-Timeout
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: fRSUpdateTimeout
+schemaIDGUID:: cvHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Version
+attributeID: 1.2.840.113556.1.4.882
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Version
+adminDescription: FRS-Version
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSVersion
+schemaIDGUID:: hSUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Version-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Version-GUID
+attributeID: 1.2.840.113556.1.4.43
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Version-GUID
+adminDescription: FRS-Version-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: fRSVersionGUID
+schemaIDGUID:: bHPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Working-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Working-Path
+attributeID: 1.2.840.113556.1.4.486
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Working-Path
+adminDescription: FRS-Working-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSWorkingPath
+schemaIDGUID:: c/HoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FSMO-Role-Owner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FSMO-Role-Owner
+attributeID: 1.2.840.113556.1.4.369
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FSMO-Role-Owner
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: FSMO-Role-Owner
+oMSyntax: 127
+searchFlags: 1
+lDAPDisplayName: fSMORoleOwner
+schemaFlagsEx: 1
+schemaIDGUID:: hxgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Garbage-Coll-Period,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Garbage-Coll-Period
+attributeID: 1.2.840.113556.1.2.301
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 32943
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Garbage-Coll-Period
+adminDescription: Garbage-Coll-Period
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: garbageCollPeriod
+schemaFlagsEx: 1
+schemaIDGUID:: oSTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Gecos,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Gecos
+attributeID: 1.3.6.1.1.1.1.2
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 10240
+showInAdvancedViewOnly: TRUE
+adminDisplayName: gecos
+adminDescription: The GECOS field; the common name (RFC 2307)
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: gecos
+schemaIDGUID:: Hz/go1UdU0KgrzDCp4Tkbg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Generated-Connection,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Generated-Connection
+attributeID: 1.2.840.113556.1.4.41
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Generated-Connection
+adminDescription: Generated-Connection
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: generatedConnection
+schemaIDGUID:: enmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Generation-Qualifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Generation-Qualifier
+attributeID: 2.5.4.44
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35923
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Generation-Qualifier
+adminDescription: Generation-Qualifier
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: generationQualifier
+schemaIDGUID:: BFh3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GidNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GidNumber
+attributeID: 1.3.6.1.1.1.1.1
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: gidNumber
+adminDescription: 
+ An integer uniquely identifying a group in an administrative domain (RFC 2307)
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: gidNumber
+schemaIDGUID:: DF+5xZ7sxEGEnLRll+1mlg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Given-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Given-Name
+attributeID: 2.5.4.42
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14854
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Given-Name
+adminDescription: Given-Name
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: givenName
+schemaFlagsEx: 1
+schemaIDGUID:: jv/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Global-Address-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Global-Address-List
+attributeID: 1.2.840.113556.1.4.1245
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Global-Address-List
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Global-Address-List
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: globalAddressList
+schemaFlagsEx: 1
+schemaIDGUID:: SMdU9/QG0hGqUwDAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Global-Address-List2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Global-Address-List2
+attributeID: 1.2.840.113556.1.4.2047
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2124
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Global-Address-List2
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute is used on a Microsoft Exchange container to store the distingu
+ ished name of a newly created global address list (GAL). This attribute must h
+ ave an entry before you can enable Messaging Application Programming Interface
+  (MAPI) clients to use a GAL.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: globalAddressList2
+schemaFlagsEx: 1
+schemaIDGUID:: PfaYSBJBfEeIJjygC9gnfQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Governs-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Governs-ID
+attributeID: 1.2.840.113556.1.2.22
+attributeSyntax: 2.5.5.2
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Governs-ID
+adminDescription: Governs-ID
+oMSyntax: 6
+searchFlags: 8
+lDAPDisplayName: governsID
+schemaFlagsEx: 1
+schemaIDGUID:: fXmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GP-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GP-Link
+attributeID: 1.2.840.113556.1.4.891
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GP-Link
+adminDescription: GP-Link
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: gPLink
+schemaIDGUID:: vjsO8/Cf0RG2AwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GP-Options,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GP-Options
+attributeID: 1.2.840.113556.1.4.892
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GP-Options
+adminDescription: GP-Options
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: gPOptions
+schemaIDGUID:: vzsO8/Cf0RG2AwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GPC-File-Sys-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GPC-File-Sys-Path
+attributeID: 1.2.840.113556.1.4.894
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GPC-File-Sys-Path
+adminDescription: GPC-File-Sys-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: gPCFileSysPath
+schemaIDGUID:: wTsO8/Cf0RG2AwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GPC-Functionality-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GPC-Functionality-Version
+attributeID: 1.2.840.113556.1.4.893
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GPC-Functionality-Version
+adminDescription: GPC-Functionality-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: gPCFunctionalityVersion
+schemaIDGUID:: wDsO8/Cf0RG2AwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GPC-Machine-Extension-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GPC-Machine-Extension-Names
+attributeID: 1.2.840.113556.1.4.1348
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GPC-Machine-Extension-Names
+adminDescription: GPC-Machine-Extension-Names
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: gPCMachineExtensionNames
+schemaIDGUID:: zI7/Mj940hGZFgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GPC-User-Extension-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GPC-User-Extension-Names
+attributeID: 1.2.840.113556.1.4.1349
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GPC-User-Extension-Names
+adminDescription: GPC-User-Extension-Names
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: gPCUserExtensionNames
+schemaIDGUID:: xl+nQj940hGZFgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GPC-WQL-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GPC-WQL-Filter
+attributeID: 1.2.840.113556.1.4.1694
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GPC-WQL-Filter
+adminDescription: GPC-WQL-Filter
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: gPCWQLFilter
+schemaIDGUID:: psfUe90aNkSMBDmZqIAVTA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Group-Attributes
+attributeID: 1.2.840.113556.1.4.152
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group-Attributes
+adminDescription: Group-Attributes
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: groupAttributes
+schemaIDGUID:: fnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group-Membership-SAM,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Group-Membership-SAM
+attributeID: 1.2.840.113556.1.4.166
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group-Membership-SAM
+adminDescription: Group-Membership-SAM
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: groupMembershipSAM
+schemaIDGUID:: gHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Group-Priority
+attributeID: 1.2.840.113556.1.4.345
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group-Priority
+adminDescription: Group-Priority
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: groupPriority
+schemaIDGUID:: BVmm7saK0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Group-Type
+attributeID: 1.2.840.113556.1.4.750
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group-Type
+adminDescription: Group-Type
+oMSyntax: 2
+searchFlags: 9
+lDAPDisplayName: groupType
+schemaFlagsEx: 1
+schemaIDGUID:: HgKamltK0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Groups-to-Ignore,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Groups-to-Ignore
+attributeID: 1.2.840.113556.1.4.344
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Groups-to-Ignore
+adminDescription: Groups-to-Ignore
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: groupsToIgnore
+schemaIDGUID:: BFmm7saK0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Has-Master-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Has-Master-NCs
+attributeID: 1.2.840.113556.1.2.14
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 32950
+linkID: 76
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Has-Master-NCs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Has-Master-NCs
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: hasMasterNCs
+schemaFlagsEx: 1
+schemaIDGUID:: gnmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Has-Partial-Replica-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Has-Partial-Replica-NCs
+attributeID: 1.2.840.113556.1.2.15
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 32949
+linkID: 74
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Has-Partial-Replica-NCs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Has-Partial-Replica-NCs
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: hasPartialReplicaNCs
+schemaFlagsEx: 1
+schemaIDGUID:: gXmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Help-Data16,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Help-Data16
+attributeID: 1.2.840.113556.1.2.402
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 32826
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Help-Data16
+adminDescription: Help-Data16
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: helpData16
+schemaFlagsEx: 1
+schemaIDGUID:: pyTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Help-Data32,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Help-Data32
+attributeID: 1.2.840.113556.1.2.9
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 32784
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Help-Data32
+adminDescription: Help-Data32
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: helpData32
+schemaFlagsEx: 1
+schemaIDGUID:: qCTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Help-File-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Help-File-Name
+attributeID: 1.2.840.113556.1.2.327
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 13
+mAPIID: 32827
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Help-File-Name
+adminDescription: Help-File-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: helpFileName
+schemaFlagsEx: 1
+schemaIDGUID:: qSTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Hide-From-AB,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Hide-From-AB
+attributeID: 1.2.840.113556.1.4.1780
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Hide-From-AB
+adminDescription: Hide-From-AB
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: hideFromAB
+schemaIDGUID:: ULcF7Hep/k6OjbpsGm4zqA==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Home-Directory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Home-Directory
+attributeID: 1.2.840.113556.1.4.44
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Home-Directory
+adminDescription: Home-Directory
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: homeDirectory
+schemaFlagsEx: 1
+schemaIDGUID:: hXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Home-Drive,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Home-Drive
+attributeID: 1.2.840.113556.1.4.45
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Home-Drive
+adminDescription: Home-Drive
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: homeDrive
+schemaFlagsEx: 1
+schemaIDGUID:: hnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=host,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: host
+attributeID: 0.9.2342.19200300.100.1.9
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: host
+adminDescription: The host attribute type specifies a host computer.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: host
+schemaIDGUID:: cd9DYEj6z0arfMvVRkSyLQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=houseIdentifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: houseIdentifier
+attributeID: 2.5.4.51
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 32768
+showInAdvancedViewOnly: TRUE
+adminDisplayName: houseIdentifier
+adminDescription: 
+ The houseIdentifier attribute type specifies a linguistic construct used to id
+ entify a particular building, for example a house number or house name relativ
+ e to a street, avenue, town or city, etc.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: houseIdentifier
+schemaIDGUID:: t5hTpErEtk6C0xPBCUbb/g==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Icon-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Icon-Path
+attributeID: 1.2.840.113556.1.4.219
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Icon-Path
+adminDescription: Icon-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: iconPath
+schemaIDGUID:: g//48JER0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Implemented-Categories,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Implemented-Categories
+attributeID: 1.2.840.113556.1.4.320
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Implemented-Categories
+adminDescription: Implemented-Categories
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: implementedCategories
+schemaIDGUID:: kg5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IndexedScopes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IndexedScopes
+attributeID: 1.2.840.113556.1.4.681
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: IndexedScopes
+adminDescription: IndexedScopes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: indexedScopes
+schemaIDGUID:: h8v9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Initial-Auth-Incoming,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Initial-Auth-Incoming
+attributeID: 1.2.840.113556.1.4.539
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Initial-Auth-Incoming
+adminDescription: Initial-Auth-Incoming
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: initialAuthIncoming
+schemaFlagsEx: 1
+schemaIDGUID:: I4BFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Initial-Auth-Outgoing,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Initial-Auth-Outgoing
+attributeID: 1.2.840.113556.1.4.540
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Initial-Auth-Outgoing
+adminDescription: Initial-Auth-Outgoing
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: initialAuthOutgoing
+schemaFlagsEx: 1
+schemaIDGUID:: JIBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Initials,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Initials
+attributeID: 2.5.4.43
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 6
+mAPIID: 14858
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Initials
+adminDescription: Initials
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: initials
+schemaIDGUID:: kP/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Install-Ui-Level,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Install-Ui-Level
+attributeID: 1.2.840.113556.1.4.847
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Install-Ui-Level
+adminDescription: Install-Ui-Level
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: installUiLevel
+schemaIDGUID:: ZN2nlhiR0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Instance-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Instance-Type
+attributeID: 1.2.840.113556.1.2.1
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 32957
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Instance-Type
+adminDescription: Instance-Type
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: instanceType
+schemaFlagsEx: 1
+schemaIDGUID:: jHmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Inter-Site-Topology-Failover,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Inter-Site-Topology-Failover
+attributeID: 1.2.840.113556.1.4.1248
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Inter-Site-Topology-Failover
+adminDescription: Inter-Site-Topology-Failover
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: interSiteTopologyFailover
+schemaFlagsEx: 1
+schemaIDGUID:: YJ7Gt8cs0hGFTgCgyYP2CA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Inter-Site-Topology-Generator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Inter-Site-Topology-Generator
+attributeID: 1.2.840.113556.1.4.1246
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Inter-Site-Topology-Generator
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Inter-Site-Topology-Generator
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: interSiteTopologyGenerator
+schemaFlagsEx: 1
+schemaIDGUID:: Xp7Gt8cs0hGFTgCgyYP2CA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Inter-Site-Topology-Renew,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Inter-Site-Topology-Renew
+attributeID: 1.2.840.113556.1.4.1247
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Inter-Site-Topology-Renew
+adminDescription: Inter-Site-Topology-Renew
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: interSiteTopologyRenew
+schemaFlagsEx: 1
+schemaIDGUID:: X57Gt8cs0hGFTgCgyYP2CA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=International-ISDN-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: International-ISDN-Number
+attributeID: 2.5.4.25
+attributeSyntax: 2.5.5.6
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 16
+mAPIID: 32958
+showInAdvancedViewOnly: TRUE
+adminDisplayName: International-ISDN-Number
+adminDescription: International-ISDN-Number
+oMSyntax: 18
+searchFlags: 0
+lDAPDisplayName: internationalISDNNumber
+schemaIDGUID:: jXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Invocation-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Invocation-Id
+attributeID: 1.2.840.113556.1.2.115
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+mAPIID: 32959
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Invocation-Id
+adminDescription: Invocation-Id
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: invocationId
+schemaFlagsEx: 1
+schemaIDGUID:: jnmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpHostNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IpHostNumber
+attributeID: 1.3.6.1.1.1.1.19
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipHostNumber
+adminDescription: IP address as a dotted decimal omitting leading zeros
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: ipHostNumber
+schemaIDGUID:: IbeL3tyF3k+2h5ZXaI5mfg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpNetmaskNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IpNetmaskNumber
+attributeID: 1.3.6.1.1.1.1.21
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipNetmaskNumber
+adminDescription: IP netmask as a dotted decimal, omitting leading zeros
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: ipNetmaskNumber
+schemaIDGUID:: zU/2by5GYk+0SppTR2WeuQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpNetworkNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IpNetworkNumber
+attributeID: 1.3.6.1.1.1.1.20
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipNetworkNumber
+adminDescription: IP network as a dotted decimal, omitting leading zeros
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: ipNetworkNumber
+schemaIDGUID:: 9FQ4TocwpEKoE7sMUolY0w==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpProtocolNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IpProtocolNumber
+attributeID: 1.3.6.1.1.1.1.17
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipProtocolNumber
+adminDescription: 
+ This is part of the protocols map and stores the unique number that identifies
+  the protocol.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: ipProtocolNumber
+schemaIDGUID:: 68b16y0OFUSWcBCBmTtCEQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Data
+attributeID: 1.2.840.113556.1.4.623
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Data
+adminDescription: Ipsec-Data
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: ipsecData
+schemaIDGUID:: H/gPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Data-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Data-Type
+attributeID: 1.2.840.113556.1.4.622
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Data-Type
+adminDescription: Ipsec-Data-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: ipsecDataType
+schemaIDGUID:: HvgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Filter-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Filter-Reference
+attributeID: 1.2.840.113556.1.4.629
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Filter-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-Filter-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecFilterReference
+schemaIDGUID:: I/gPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-ID
+attributeID: 1.2.840.113556.1.4.621
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-ID
+adminDescription: Ipsec-ID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ipsecID
+schemaIDGUID:: HfgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-ISAKMP-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-ISAKMP-Reference
+attributeID: 1.2.840.113556.1.4.626
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-ISAKMP-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-ISAKMP-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecISAKMPReference
+schemaIDGUID:: IPgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Name
+attributeID: 1.2.840.113556.1.4.620
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Name
+adminDescription: Ipsec-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ipsecName
+schemaIDGUID:: HPgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IPSEC-Negotiation-Policy-Action,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IPSEC-Negotiation-Policy-Action
+attributeID: 1.2.840.113556.1.4.888
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: IPSEC-Negotiation-Policy-Action
+adminDescription: IPSEC-Negotiation-Policy-Action
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: iPSECNegotiationPolicyAction
+schemaIDGUID:: dTA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Negotiation-Policy-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Negotiation-Policy-Reference
+attributeID: 1.2.840.113556.1.4.628
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Negotiation-Policy-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-Negotiation-Policy-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecNegotiationPolicyReference
+schemaIDGUID:: IvgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IPSEC-Negotiation-Policy-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IPSEC-Negotiation-Policy-Type
+attributeID: 1.2.840.113556.1.4.887
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: IPSEC-Negotiation-Policy-Type
+adminDescription: IPSEC-Negotiation-Policy-Type
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: iPSECNegotiationPolicyType
+schemaIDGUID:: dDA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-NFA-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-NFA-Reference
+attributeID: 1.2.840.113556.1.4.627
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-NFA-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-NFA-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecNFAReference
+schemaIDGUID:: IfgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Owners-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Owners-Reference
+attributeID: 1.2.840.113556.1.4.624
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Owners-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-Owners-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecOwnersReference
+schemaIDGUID:: JPgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Policy-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Policy-Reference
+attributeID: 1.2.840.113556.1.4.517
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Policy-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-Policy-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecPolicyReference
+schemaIDGUID:: GDGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpServicePort,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IpServicePort
+attributeID: 1.3.6.1.1.1.1.15
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipServicePort
+adminDescription: 
+ This is a part of the services map and contains the port at which the UNIX ser
+ vice is available.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: ipServicePort
+schemaIDGUID:: v64t/2P0WkmEBT5INkHqog==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpServiceProtocol,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IpServiceProtocol
+attributeID: 1.3.6.1.1.1.1.16
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipServiceProtocol
+adminDescription: 
+ This is a part of the services map and stores the protocol number for a UNIX s
+ ervice.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: ipServiceProtocol
+schemaIDGUID:: C+yWzdYetEOya/FwtkWIPw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Critical-System-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Critical-System-Object
+attributeID: 1.2.840.113556.1.4.868
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Critical-System-Object
+adminDescription: Is-Critical-System-Object
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: isCriticalSystemObject
+schemaFlagsEx: 1
+schemaIDGUID:: DfP7AP6R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Defunct,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Defunct
+attributeID: 1.2.840.113556.1.4.661
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Defunct
+adminDescription: Is-Defunct
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: isDefunct
+schemaFlagsEx: 1
+schemaIDGUID:: vg5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Deleted,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Deleted
+attributeID: 1.2.840.113556.1.2.48
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+mAPIID: 32960
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Deleted
+adminDescription: Is-Deleted
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: isDeleted
+schemaFlagsEx: 1
+schemaIDGUID:: j3mWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Ephemeral,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Ephemeral
+attributeID: 1.2.840.113556.1.4.1212
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Ephemeral
+adminDescription: Is-Ephemeral
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: isEphemeral
+schemaIDGUID:: 8FPE9PHF0RG7ywCAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Member-Of-DL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Member-Of-DL
+attributeID: 1.2.840.113556.1.2.102
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 32776
+linkID: 3
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Member-Of-DL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Is-Member-Of-DL
+oMSyntax: 127
+searchFlags: 16
+lDAPDisplayName: memberOf
+schemaFlagsEx: 1
+schemaIDGUID:: kXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: QMIKvKl50BGQIADAT8LUzw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Member-Of-Partial-Attribute-Set,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Member-Of-Partial-Attribute-Set
+attributeID: 1.2.840.113556.1.4.639
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Member-Of-Partial-Attribute-Set
+adminDescription: Is-Member-Of-Partial-Attribute-Set
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: isMemberOfPartialAttributeSet
+schemaFlagsEx: 1
+schemaIDGUID:: nVtAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Privilege-Holder,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Privilege-Holder
+attributeID: 1.2.840.113556.1.4.638
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 71
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Privilege-Holder
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Is-Privilege-Holder
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: isPrivilegeHolder
+schemaIDGUID:: nFtAGfo80RGpwAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Recycled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Recycled
+attributeID: 1.2.840.113556.1.4.2058
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Recycled
+adminDescription: Is the object recycled.
+oMSyntax: 1
+searchFlags: 8
+lDAPDisplayName: isRecycled
+schemaFlagsEx: 1
+schemaIDGUID:: VpK1j/FVS0Sqy/W0gv40WQ==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Single-Valued,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Single-Valued
+attributeID: 1.2.840.113556.1.2.33
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+mAPIID: 32961
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Single-Valued
+adminDescription: Is-Single-Valued
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: isSingleValued
+schemaFlagsEx: 1
+schemaIDGUID:: knmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=jpegPhoto,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: jpegPhoto
+attributeID: 0.9.2342.19200300.100.1.60
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: jpegPhoto
+adminDescription: 
+ Used to store one or more images of a person using the JPEG File Interchange F
+ ormat [JFIF].
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: jpegPhoto
+schemaIDGUID:: cgXIusQJqU+a5nYo162+Dg==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Keywords,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Keywords
+attributeID: 1.2.840.113556.1.4.48
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Keywords
+adminDescription: Keywords
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: keywords
+schemaFlagsEx: 1
+schemaIDGUID:: k3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Knowledge-Information,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Knowledge-Information
+attributeID: 2.5.4.2
+attributeSyntax: 2.5.5.4
+isSingleValued: FALSE
+mAPIID: 32963
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Knowledge-Information
+adminDescription: Knowledge-Information
+oMSyntax: 20
+searchFlags: 0
+lDAPDisplayName: knowledgeInformation
+schemaIDGUID:: H1h3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=labeledURI,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: labeledURI
+attributeID: 1.3.6.1.4.1.250.1.57
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: labeledURI
+adminDescription: 
+ A Uniform Resource Identifier followed by a label. The label is used to descri
+ be the resource to which the URI points, and is intended as a friendly name fi
+ t for human consumption.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: labeledURI
+schemaIDGUID:: RrtpxYDGvESic+bCJ9cbRQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Backup-Restoration-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Backup-Restoration-Time
+attributeID: 1.2.840.113556.1.4.519
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Backup-Restoration-Time
+adminDescription: Last-Backup-Restoration-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lastBackupRestorationTime
+schemaIDGUID:: 6Au7H2O60BGv7wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Content-Indexed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Content-Indexed
+attributeID: 1.2.840.113556.1.4.50
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Content-Indexed
+adminDescription: Last-Content-Indexed
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lastContentIndexed
+schemaIDGUID:: lXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Known-Parent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Known-Parent
+attributeID: 1.2.840.113556.1.4.781
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Known-Parent
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Last-Known-Parent
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: lastKnownParent
+schemaFlagsEx: 1
+schemaIDGUID:: cIarUglX0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Logoff,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Logoff
+attributeID: 1.2.840.113556.1.4.51
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Logoff
+adminDescription: Last-Logoff
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lastLogoff
+schemaFlagsEx: 1
+schemaIDGUID:: lnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Logon,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Logon
+attributeID: 1.2.840.113556.1.4.52
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Logon
+adminDescription: Last-Logon
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lastLogon
+schemaFlagsEx: 1
+schemaIDGUID:: l3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Logon-Timestamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Logon-Timestamp
+attributeID: 1.2.840.113556.1.4.1696
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Logon-Timestamp
+adminDescription: Last-Logon-Timestamp
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: lastLogonTimestamp
+schemaFlagsEx: 1
+schemaIDGUID:: BAriwFoO80+Ugl7+rs1wYA==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Set-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Set-Time
+attributeID: 1.2.840.113556.1.4.53
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Set-Time
+adminDescription: Last-Set-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lastSetTime
+schemaFlagsEx: 1
+schemaIDGUID:: mHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Update-Sequence,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Update-Sequence
+attributeID: 1.2.840.113556.1.4.330
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Update-Sequence
+adminDescription: Last-Update-Sequence
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: lastUpdateSequence
+schemaIDGUID:: nA5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=LDAP-Admin-Limits,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: LDAP-Admin-Limits
+attributeID: 1.2.840.113556.1.4.843
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: LDAP-Admin-Limits
+adminDescription: LDAP-Admin-Limits
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: lDAPAdminLimits
+schemaFlagsEx: 1
+schemaIDGUID:: UqNZc/eQ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=LDAP-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: LDAP-Display-Name
+attributeID: 1.2.840.113556.1.2.460
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+mAPIID: 33137
+showInAdvancedViewOnly: TRUE
+adminDisplayName: LDAP-Display-Name
+adminDescription: LDAP-Display-Name
+oMSyntax: 64
+searchFlags: 9
+lDAPDisplayName: lDAPDisplayName
+schemaFlagsEx: 1
+schemaIDGUID:: mnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=LDAP-IPDeny-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: LDAP-IPDeny-List
+attributeID: 1.2.840.113556.1.4.844
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: LDAP-IPDeny-List
+adminDescription: LDAP-IPDeny-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: lDAPIPDenyList
+schemaFlagsEx: 1
+schemaIDGUID:: U6NZc/eQ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Legacy-Exchange-DN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Legacy-Exchange-DN
+attributeID: 1.2.840.113556.1.4.655
+attributeSyntax: 2.5.5.4
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Legacy-Exchange-DN
+adminDescription: Legacy-Exchange-DN
+oMSyntax: 20
+searchFlags: 13
+lDAPDisplayName: legacyExchangeDN
+schemaFlagsEx: 1
+schemaIDGUID:: vA5jKNVB0RGpwQAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Link-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Link-ID
+attributeID: 1.2.840.113556.1.2.50
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 32965
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Link-ID
+adminDescription: Link-ID
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: linkID
+schemaFlagsEx: 1
+schemaIDGUID:: m3mWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Link-Track-Secret,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Link-Track-Secret
+attributeID: 1.2.840.113556.1.4.269
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Link-Track-Secret
+adminDescription: Link-Track-Secret
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: linkTrackSecret
+schemaIDGUID:: 4g/oKrRH0BGhpADAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Lm-Pwd-History,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Lm-Pwd-History
+attributeID: 1.2.840.113556.1.4.160
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lm-Pwd-History
+adminDescription: Lm-Pwd-History
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: lmPwdHistory
+schemaFlagsEx: 1
+schemaIDGUID:: nXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Local-Policy-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Local-Policy-Flags
+attributeID: 1.2.840.113556.1.4.56
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Local-Policy-Flags
+adminDescription: Local-Policy-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: localPolicyFlags
+schemaFlagsEx: 1
+schemaIDGUID:: nnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Local-Policy-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Local-Policy-Reference
+attributeID: 1.2.840.113556.1.4.457
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Local-Policy-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Local-Policy-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: localPolicyReference
+schemaIDGUID:: TX6mgCKf0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: AYqboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Locale-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Locale-ID
+attributeID: 1.2.840.113556.1.4.58
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Locale-ID
+adminDescription: Locale-ID
+oMSyntax: 2
+searchFlags: 16
+lDAPDisplayName: localeID
+schemaIDGUID:: oXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Locality-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Locality-Name
+attributeID: 2.5.4.7
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 14887
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Locality-Name
+adminDescription: Locality-Name
+oMSyntax: 64
+searchFlags: 17
+lDAPDisplayName: l
+schemaFlagsEx: 1
+schemaIDGUID:: onmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Localization-Display-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Localization-Display-Id
+attributeID: 1.2.840.113556.1.4.1353
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Localization-Display-Id
+adminDescription: Localization-Display-Id
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: localizationDisplayId
+schemaIDGUID:: 0fBGp9B40hGZFgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Localized-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Localized-Description
+attributeID: 1.2.840.113556.1.4.817
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Localized-Description
+adminDescription: Localized-Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: localizedDescription
+schemaIDGUID:: FoPh2TmJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Location
+attributeID: 1.2.840.113556.1.4.222
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Location
+adminDescription: Location
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: location
+schemaIDGUID:: n7fcCV8W0BGgZACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Lock-Out-Observation-Window,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Lock-Out-Observation-Window
+attributeID: 1.2.840.113556.1.4.61
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lock-Out-Observation-Window
+adminDescription: Lock-Out-Observation-Window
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lockOutObservationWindow
+schemaFlagsEx: 1
+schemaIDGUID:: pHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Lockout-Duration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Lockout-Duration
+attributeID: 1.2.840.113556.1.4.60
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lockout-Duration
+adminDescription: Lockout-Duration
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lockoutDuration
+schemaFlagsEx: 1
+schemaIDGUID:: pXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Lockout-Threshold,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Lockout-Threshold
+attributeID: 1.2.840.113556.1.4.73
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lockout-Threshold
+adminDescription: Lockout-Threshold
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: lockoutThreshold
+schemaFlagsEx: 1
+schemaIDGUID:: pnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Lockout-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Lockout-Time
+attributeID: 1.2.840.113556.1.4.662
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lockout-Time
+adminDescription: Lockout-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lockoutTime
+schemaFlagsEx: 1
+schemaIDGUID:: vw5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=LoginShell,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: LoginShell
+attributeID: 1.3.6.1.1.1.1.4
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: loginShell
+adminDescription: The path to the login shell (RFC 2307)
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: loginShell
+schemaIDGUID:: LNFTpTEyXkyK340YlpdyHg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Logo,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Logo
+attributeID: 2.16.840.1.113730.3.1.36
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Logo
+adminDescription: Logo
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: thumbnailLogo
+schemaFlagsEx: 1
+schemaIDGUID:: qXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Logon-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Logon-Count
+attributeID: 1.2.840.113556.1.4.169
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Logon-Count
+adminDescription: Logon-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: logonCount
+schemaFlagsEx: 1
+schemaIDGUID:: qnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Logon-Hours,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Logon-Hours
+attributeID: 1.2.840.113556.1.4.64
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Logon-Hours
+adminDescription: Logon-Hours
+oMSyntax: 4
+searchFlags: 16
+lDAPDisplayName: logonHours
+schemaFlagsEx: 1
+schemaIDGUID:: q3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Logon-Workstation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Logon-Workstation
+attributeID: 1.2.840.113556.1.4.65
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Logon-Workstation
+adminDescription: Logon-Workstation
+oMSyntax: 4
+searchFlags: 16
+lDAPDisplayName: logonWorkstation
+schemaIDGUID:: rHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=LSA-Creation-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: LSA-Creation-Time
+attributeID: 1.2.840.113556.1.4.66
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: LSA-Creation-Time
+adminDescription: LSA-Creation-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lSACreationTime
+schemaIDGUID:: rXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=LSA-Modified-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: LSA-Modified-Count
+attributeID: 1.2.840.113556.1.4.67
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: LSA-Modified-Count
+adminDescription: LSA-Modified-Count
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lSAModifiedCount
+schemaIDGUID:: rnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MacAddress,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MacAddress
+attributeID: 1.3.6.1.1.1.1.22
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: macAddress
+adminDescription: MAC address in maximal, colon seperated hex notation
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: macAddress
+schemaIDGUID:: 3SKl5nCX4UOJ3h3lBEMo9w==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Machine-Architecture,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Machine-Architecture
+attributeID: 1.2.840.113556.1.4.68
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Machine-Architecture
+adminDescription: Machine-Architecture
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: machineArchitecture
+schemaIDGUID:: r3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Machine-Password-Change-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Machine-Password-Change-Interval
+attributeID: 1.2.840.113556.1.4.520
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Machine-Password-Change-Interval
+adminDescription: Machine-Password-Change-Interval
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: machinePasswordChangeInterval
+schemaIDGUID:: jjW2yTi70BGv7wAA+ANnwQ==
+attributeSecurityGUID:: /omboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Machine-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Machine-Role
+attributeID: 1.2.840.113556.1.4.71
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Machine-Role
+adminDescription: Machine-Role
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: machineRole
+schemaFlagsEx: 1
+schemaIDGUID:: snmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Machine-Wide-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Machine-Wide-Policy
+attributeID: 1.2.840.113556.1.4.459
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Machine-Wide-Policy
+adminDescription: Machine-Wide-Policy
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: machineWidePolicy
+schemaIDGUID:: T36mgCKf0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: AYqboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Managed-By,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Managed-By
+attributeID: 1.2.840.113556.1.4.653
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+mAPIID: 32780
+linkID: 72
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Managed-By
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Managed-By
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: managedBy
+schemaFlagsEx: 1
+schemaIDGUID:: IMGWAtpA0RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Managed-Objects,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Managed-Objects
+attributeID: 1.2.840.113556.1.4.654
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 32804
+linkID: 73
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Managed-Objects
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Managed-Objects
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: managedObjects
+schemaIDGUID:: JMGWAtpA0RGpwAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Manager,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Manager
+attributeID: 0.9.2342.19200300.100.1.10
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+mAPIID: 32773
+linkID: 42
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Manager
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Manager
+oMSyntax: 127
+searchFlags: 16
+lDAPDisplayName: manager
+schemaIDGUID:: tXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MAPI-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MAPI-ID
+attributeID: 1.2.840.113556.1.2.49
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 32974
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MAPI-ID
+adminDescription: MAPI-ID
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mAPIID
+schemaFlagsEx: 1
+schemaIDGUID:: t3mWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Marshalled-Interface,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Marshalled-Interface
+attributeID: 1.2.840.113556.1.4.72
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Marshalled-Interface
+adminDescription: Marshalled-Interface
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: marshalledInterface
+schemaIDGUID:: uXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Mastered-By,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Mastered-By
+attributeID: 1.2.840.113556.1.4.1409
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 77
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Mastered-By
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Mastered-By
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: masteredBy
+schemaFlagsEx: 1
+schemaIDGUID:: 4GSO5MkS0xGRAgDAT9kasQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Max-Pwd-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Max-Pwd-Age
+attributeID: 1.2.840.113556.1.4.74
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Max-Pwd-Age
+adminDescription: Max-Pwd-Age
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: maxPwdAge
+schemaFlagsEx: 1
+schemaIDGUID:: u3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Max-Renew-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Max-Renew-Age
+attributeID: 1.2.840.113556.1.4.75
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Max-Renew-Age
+adminDescription: Max-Renew-Age
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: maxRenewAge
+schemaFlagsEx: 1
+schemaIDGUID:: vHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Max-Storage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Max-Storage
+attributeID: 1.2.840.113556.1.4.76
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Max-Storage
+adminDescription: Max-Storage
+oMSyntax: 65
+searchFlags: 16
+lDAPDisplayName: maxStorage
+schemaIDGUID:: vXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Max-Ticket-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Max-Ticket-Age
+attributeID: 1.2.840.113556.1.4.77
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Max-Ticket-Age
+adminDescription: Max-Ticket-Age
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: maxTicketAge
+schemaFlagsEx: 1
+schemaIDGUID:: vnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=May-Contain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: May-Contain
+attributeID: 1.2.840.113556.1.2.25
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: May-Contain
+adminDescription: May-Contain
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: mayContain
+schemaFlagsEx: 1
+schemaIDGUID:: v3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingAdvertiseScope,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingAdvertiseScope
+attributeID: 1.2.840.113556.1.4.582
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingAdvertiseScope
+adminDescription: meetingAdvertiseScope
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingAdvertiseScope
+schemaIDGUID:: i8y2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingApplication,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingApplication
+attributeID: 1.2.840.113556.1.4.573
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingApplication
+adminDescription: meetingApplication
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingApplication
+schemaIDGUID:: g8y2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingBandwidth,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingBandwidth
+attributeID: 1.2.840.113556.1.4.589
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingBandwidth
+adminDescription: meetingBandwidth
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: meetingBandwidth
+schemaIDGUID:: ksy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingBlob,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingBlob
+attributeID: 1.2.840.113556.1.4.590
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingBlob
+adminDescription: meetingBlob
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: meetingBlob
+schemaIDGUID:: k8y2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingContactInfo,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingContactInfo
+attributeID: 1.2.840.113556.1.4.578
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingContactInfo
+adminDescription: meetingContactInfo
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingContactInfo
+schemaIDGUID:: h8y2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingDescription,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingDescription
+attributeID: 1.2.840.113556.1.4.567
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingDescription
+adminDescription: meetingDescription
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingDescription
+schemaIDGUID:: fsy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingEndTime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingEndTime
+attributeID: 1.2.840.113556.1.4.588
+attributeSyntax: 2.5.5.11
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingEndTime
+adminDescription: meetingEndTime
+oMSyntax: 23
+searchFlags: 0
+lDAPDisplayName: meetingEndTime
+schemaIDGUID:: kcy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingID
+attributeID: 1.2.840.113556.1.4.565
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingID
+adminDescription: meetingID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingID
+schemaIDGUID:: fMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingIP,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingIP
+attributeID: 1.2.840.113556.1.4.580
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingIP
+adminDescription: meetingIP
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingIP
+schemaIDGUID:: icy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingIsEncrypted,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingIsEncrypted
+attributeID: 1.2.840.113556.1.4.585
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingIsEncrypted
+adminDescription: meetingIsEncrypted
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingIsEncrypted
+schemaIDGUID:: jsy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingKeyword,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingKeyword
+attributeID: 1.2.840.113556.1.4.568
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingKeyword
+adminDescription: meetingKeyword
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingKeyword
+schemaIDGUID:: f8y2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingLanguage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingLanguage
+attributeID: 1.2.840.113556.1.4.574
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingLanguage
+adminDescription: meetingLanguage
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingLanguage
+schemaIDGUID:: hMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingLocation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingLocation
+attributeID: 1.2.840.113556.1.4.569
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingLocation
+adminDescription: meetingLocation
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingLocation
+schemaIDGUID:: gMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingMaxParticipants,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingMaxParticipants
+attributeID: 1.2.840.113556.1.4.576
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingMaxParticipants
+adminDescription: meetingMaxParticipants
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: meetingMaxParticipants
+schemaIDGUID:: hcy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingName
+attributeID: 1.2.840.113556.1.4.566
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingName
+adminDescription: meetingName
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingName
+schemaIDGUID:: fcy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingOriginator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingOriginator
+attributeID: 1.2.840.113556.1.4.577
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingOriginator
+adminDescription: meetingOriginator
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingOriginator
+schemaIDGUID:: hsy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingOwner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingOwner
+attributeID: 1.2.840.113556.1.4.579
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingOwner
+adminDescription: meetingOwner
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingOwner
+schemaIDGUID:: iMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingProtocol,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingProtocol
+attributeID: 1.2.840.113556.1.4.570
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingProtocol
+adminDescription: meetingProtocol
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingProtocol
+schemaIDGUID:: gcy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingRating,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingRating
+attributeID: 1.2.840.113556.1.4.584
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingRating
+adminDescription: meetingRating
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingRating
+schemaIDGUID:: jcy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingRecurrence,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingRecurrence
+attributeID: 1.2.840.113556.1.4.586
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingRecurrence
+adminDescription: meetingRecurrence
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingRecurrence
+schemaIDGUID:: j8y2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingScope,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingScope
+attributeID: 1.2.840.113556.1.4.581
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingScope
+adminDescription: meetingScope
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingScope
+schemaIDGUID:: isy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingStartTime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingStartTime
+attributeID: 1.2.840.113556.1.4.587
+attributeSyntax: 2.5.5.11
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingStartTime
+adminDescription: meetingStartTime
+oMSyntax: 23
+searchFlags: 0
+lDAPDisplayName: meetingStartTime
+schemaIDGUID:: kMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingType
+attributeID: 1.2.840.113556.1.4.571
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingType
+adminDescription: meetingType
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingType
+schemaIDGUID:: gsy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingURL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingURL
+attributeID: 1.2.840.113556.1.4.583
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingURL
+adminDescription: meetingURL
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingURL
+schemaIDGUID:: jMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Member
+attributeID: 2.5.4.31
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 32777
+linkID: 2
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Member
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Member
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: member
+schemaFlagsEx: 1
+schemaIDGUID:: wHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: QMIKvKl50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MemberNisNetgroup,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MemberNisNetgroup
+attributeID: 1.3.6.1.1.1.1.13
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 153600
+showInAdvancedViewOnly: TRUE
+adminDisplayName: memberNisNetgroup
+adminDescription: 
+ A multivalued attribute that holds the list of netgroups that are members of t
+ his netgroup.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: memberNisNetgroup
+schemaIDGUID:: 3BdqD+VT6EuUQo884vkBKg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MemberUid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MemberUid
+attributeID: 1.3.6.1.1.1.1.12
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 256000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: memberUid
+adminDescription: 
+ This multivalued attribute holds the login names of the members of a group.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: memberUid
+schemaIDGUID:: NrLaAy5nYU+rZPd9LcL/qw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MHS-OR-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MHS-OR-Address
+attributeID: 1.2.840.113556.1.4.650
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MHS-OR-Address
+adminDescription: MHS-OR-Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mhsORAddress
+schemaIDGUID:: IsGWAtpA0RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Min-Pwd-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Min-Pwd-Age
+attributeID: 1.2.840.113556.1.4.78
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Min-Pwd-Age
+adminDescription: Min-Pwd-Age
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: minPwdAge
+schemaFlagsEx: 1
+schemaIDGUID:: wnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Min-Pwd-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Min-Pwd-Length
+attributeID: 1.2.840.113556.1.4.79
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Min-Pwd-Length
+adminDescription: Min-Pwd-Length
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: minPwdLength
+schemaFlagsEx: 1
+schemaIDGUID:: w3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Min-Ticket-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Min-Ticket-Age
+attributeID: 1.2.840.113556.1.4.80
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Min-Ticket-Age
+adminDescription: Min-Ticket-Age
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: minTicketAge
+schemaFlagsEx: 1
+schemaIDGUID:: xHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Modified-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Modified-Count
+attributeID: 1.2.840.113556.1.4.168
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Modified-Count
+adminDescription: Modified-Count
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: modifiedCount
+schemaFlagsEx: 1
+schemaIDGUID:: xXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Modified-Count-At-Last-Prom,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Modified-Count-At-Last-Prom
+attributeID: 1.2.840.113556.1.4.81
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Modified-Count-At-Last-Prom
+adminDescription: Modified-Count-At-Last-Prom
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: modifiedCountAtLastProm
+schemaFlagsEx: 1
+schemaIDGUID:: xnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Modify-Time-Stamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Modify-Time-Stamp
+attributeID: 2.5.18.2
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Modify-Time-Stamp
+adminDescription: Modify-Time-Stamp
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: modifyTimeStamp
+schemaFlagsEx: 1
+schemaIDGUID:: Stl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Moniker,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Moniker
+attributeID: 1.2.840.113556.1.4.82
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Moniker
+adminDescription: Moniker
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: moniker
+schemaIDGUID:: x3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Moniker-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Moniker-Display-Name
+attributeID: 1.2.840.113556.1.4.83
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Moniker-Display-Name
+adminDescription: Moniker-Display-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: monikerDisplayName
+schemaIDGUID:: yHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Move-Tree-State,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Move-Tree-State
+attributeID: 1.2.840.113556.1.4.1305
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Move-Tree-State
+adminDescription: Move-Tree-State
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: moveTreeState
+schemaIDGUID:: yMIqH3E70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Central-Access-Policy-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Authz-Central-Access-Policy-ID
+attributeID: 1.2.840.113556.1.4.2154
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Central-Access-Policy-ID
+adminDescription: 
+ For a Central Access Policy, this attribute defines a GUID that can be used to
+  identify the set of policies when applied to a resource.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msAuthz-CentralAccessPolicyID
+schemaIDGUID:: YJvyYnS+MEaUVi9mkZk6hg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Effective-Security-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Authz-Effective-Security-Policy
+attributeID: 1.2.840.113556.1.4.2150
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Security-Policy
+adminDescription: 
+ For a central access rule, this attribute defines the permission that is apply
+ ing to the target resources on the central access rule.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msAuthz-EffectiveSecurityPolicy
+schemaIDGUID:: GRmDB5SPtk+KQpFUXcza0w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Last-Effective-Security-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Authz-Last-Effective-Security-Policy
+attributeID: 1.2.840.113556.1.4.2152
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Last-Effective-Security-Policy
+adminDescription: 
+ For a central access rule, this attribute defines the permission that was last
+  applied to the objects the Central Access Rule is applied to.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msAuthz-LastEffectiveSecurityPolicy
+schemaIDGUID:: xoUWji8+okiljVrw6nifoA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Member-Rules-In-Central-Access-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Authz-Member-Rules-In-Central-Access-Policy
+attributeID: 1.2.840.113556.1.4.2155
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2184
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Member-Rules-In-Central-Access-Policy
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a central access policy, this attribute identifies the central access rule
+ s that comprise the policy.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msAuthz-MemberRulesInCentralAccessPolicy
+schemaIDGUID:: ei/yV343w0KYcs7G8h0uPg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Member-Rules-In-Central-Access-Policy-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Authz-Member-Rules-In-Central-Access-Policy-BL
+attributeID: 1.2.840.113556.1.4.2156
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2185
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Member-Rules-In-Central-Access-Policy-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-Authz-Member-Rules-In-Central-Access-Policy. For a central acc
+ ess rule object, this attribute references one or more central access policies
+  that point to it.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msAuthz-MemberRulesInCentralAccessPolicyBL
+schemaIDGUID:: z2duUd3+lES7OrxQapSIkQ==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Proposed-Security-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Authz-Proposed-Security-Policy
+attributeID: 1.2.840.113556.1.4.2151
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Proposed-Security-Policy
+adminDescription: 
+ For a Central Access Policy Entry, defines the proposed security policy of the
+  objects the CAPE is applied to.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msAuthz-ProposedSecurityPolicy
+schemaIDGUID:: zr5GubUJakuyWktjozDoDg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Resource-Condition,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Authz-Resource-Condition
+attributeID: 1.2.840.113556.1.4.2153
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Resource-Condition
+adminDescription: 
+ For a central access rule, this attribute is an expression that identifies the
+  scope of the target resource to which the policy applies.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msAuthz-ResourceCondition
+schemaIDGUID:: d3iZgHT4aEyGTW5QioO9vQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-DefaultPartitionLink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-COM-DefaultPartitionLink
+attributeID: 1.2.840.113556.1.4.1427
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-DefaultPartitionLink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Link to a the default Partition for the PartitionSet. Default = adminDisplayNa
+ me
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msCOM-DefaultPartitionLink
+schemaIDGUID:: 9xCLmRqqZEO4Z3U9GX/mcA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-ObjectId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-COM-ObjectId
+attributeID: 1.2.840.113556.1.4.1428
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-ObjectId
+adminDescription: Object ID that COM+ uses. Default = adminDisplayName
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msCOM-ObjectId
+schemaIDGUID:: i2cPQ5+I8kGYQyA7WmVXLw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-PartitionLink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-COM-PartitionLink
+attributeID: 1.2.840.113556.1.4.1423
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 1040
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-PartitionLink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Link from a PartitionSet to a Partition. Default = adminDisplayName
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msCOM-PartitionLink
+schemaIDGUID:: YqyrCT8EAkesK2yhXu5XVA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-PartitionSetLink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-COM-PartitionSetLink
+attributeID: 1.2.840.113556.1.4.1424
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 1041
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-PartitionSetLink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Link from a Partition to a PartitionSet. Default = adminDisplayName
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msCOM-PartitionSetLink
+schemaIDGUID:: 3CHxZwJ9fUyC9ZrUyVCsNA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-UserLink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-COM-UserLink
+attributeID: 1.2.840.113556.1.4.1425
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 1049
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-UserLink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Link from a PartitionSet to a User. Default = adminDisplayName
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msCOM-UserLink
+schemaIDGUID:: TTpvniwkN0+waDa1f5/IUg==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-UserPartitionSetLink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-COM-UserPartitionSetLink
+attributeID: 1.2.840.113556.1.4.1426
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 1048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-UserPartitionSetLink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Link from a User to a PartitionSet. Default = adminDisplayName
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msCOM-UserPartitionSetLink
+schemaIDGUID:: igyUjnfkZ0Owjf8v+ULc1w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Comment-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Comment-v2
+attributeID: 1.2.840.113556.1.4.2036
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32766
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Comment-v2
+adminDescription: Comment associated with DFS root/link.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFS-Commentv2
+schemaIDGUID:: yc6Gt/1hI0WywVzrOGC7Mg==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Generation-GUID-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Generation-GUID-v2
+attributeID: 1.2.840.113556.1.4.2032
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Generation-GUID-v2
+adminDescription: 
+ To be updated each time the entry containing this attribute is modified.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFS-GenerationGUIDv2
+schemaIDGUID:: 2bO4NY/F1kOTDlBA8vGngQ==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Last-Modified-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Last-Modified-v2
+attributeID: 1.2.840.113556.1.4.2034
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Last-Modified-v2
+adminDescription: 
+ To be updated on each write to the entry containing the attribute.
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: msDFS-LastModifiedv2
+schemaIDGUID:: il4JPE4xW0aD9auCd7zymw==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Link-Identity-GUID-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Link-Identity-GUID-v2
+attributeID: 1.2.840.113556.1.4.2041
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Link-Identity-GUID-v2
+adminDescription: 
+ To be set only when the link is created. Stable across rename/move as long as 
+ link is not replaced by another link having same name.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFS-LinkIdentityGUIDv2
+schemaIDGUID:: 8yew7SZX7k2NTtvwfhrR8Q==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Link-Path-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Link-Path-v2
+attributeID: 1.2.840.113556.1.4.2039
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32766
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Link-Path-v2
+adminDescription: 
+ DFS link path relative to the DFS root target share (i.e. without the server/d
+ omain and DFS namespace name components). Use forward slashes (/) instead of b
+ ackslashes so that LDAP searches can be done without having to use escapes.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFS-LinkPathv2
+schemaIDGUID:: 9iGwhqsQokCiUh3AzDvmqQ==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Link-Security-Descriptor-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Link-Security-Descriptor-v2
+attributeID: 1.2.840.113556.1.4.2040
+attributeSyntax: 2.5.5.15
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Link-Security-Descriptor-v2
+adminDescription: 
+ Security descriptor of the DFS links's reparse point on the filesystem.
+oMSyntax: 66
+searchFlags: 0
+lDAPDisplayName: msDFS-LinkSecurityDescriptorv2
+schemaIDGUID:: 94fPVyY0QUizIgKztunrqA==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Namespace-Identity-GUID-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Namespace-Identity-GUID-v2
+attributeID: 1.2.840.113556.1.4.2033
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Namespace-Identity-GUID-v2
+adminDescription: 
+ To be set only when the namespace is created. Stable across rename/move as lon
+ g as namespace is not replaced by another namespace having same name.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFS-NamespaceIdentityGUIDv2
+schemaIDGUID:: zjIEIF/sMUmlJdf0r+NOaA==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Properties-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Properties-v2
+attributeID: 1.2.840.113556.1.4.2037
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Properties-v2
+adminDescription: Properties associated with DFS root/link.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFS-Propertiesv2
+schemaIDGUID:: xVs+DA7r9UCbUzNOlY3/2w==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Schema-Major-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Schema-Major-Version
+attributeID: 1.2.840.113556.1.4.2030
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 2
+rangeUpper: 2
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Schema-Major-Version
+adminDescription: Major version of schema of DFS metadata.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFS-SchemaMajorVersion
+schemaIDGUID:: VXht7EpwYU+apsSafB1Uxw==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Schema-Minor-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Schema-Minor-Version
+attributeID: 1.2.840.113556.1.4.2031
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Schema-Minor-Version
+adminDescription: Minor version of schema of DFS metadata.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFS-SchemaMinorVersion
+schemaIDGUID:: Jaf5/vHoq0O9hmoBFc6eOA==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Short-Name-Link-Path-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Short-Name-Link-Path-v2
+attributeID: 1.2.840.113556.1.4.2042
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32766
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Short-Name-Link-Path-v2
+adminDescription: 
+ Shortname DFS link path relative to the DFS root target share (i.e. without th
+ e server/domain and DFS namespace name components). Use forward slashes (/) in
+ stead of backslashes so that LDAP searches can be done without having to use e
+ scapes.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFS-ShortNameLinkPathv2
+schemaIDGUID:: 8CZ4LfdM6UKgOREQ4NnKmQ==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Target-List-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Target-List-v2
+attributeID: 1.2.840.113556.1.4.2038
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2097152
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Target-List-v2
+adminDescription: Targets corresponding to DFS root/link.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFS-TargetListv2
+schemaIDGUID:: xiaxakH6NkuAnnypFhDUjw==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Ttl-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Ttl-v2
+attributeID: 1.2.840.113556.1.4.2035
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Ttl-v2
+adminDescription: 
+ TTL associated with DFS root/link. For use at DFS referral time.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFS-Ttlv2
+schemaIDGUID:: MU2U6kqGSUOtpQYuLGFPXg==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-CachePolicy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-CachePolicy
+attributeID: 1.2.840.113556.1.6.13.3.29
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-CachePolicy
+adminDescription: On-demand cache policy options
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-CachePolicy
+schemaIDGUID:: 5wh623b8aUWkX/XstmqItQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-CommonStagingPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-CommonStagingPath
+attributeID: 1.2.840.113556.1.6.13.3.38
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-CommonStagingPath
+adminDescription: Full path of the common staging directory
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-CommonStagingPath
+schemaIDGUID:: Qaxuk1fSuUu9VfMQo88JrQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-CommonStagingSizeInMb,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-CommonStagingSizeInMb
+attributeID: 1.2.840.113556.1.6.13.3.39
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: -1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-CommonStagingSizeInMb
+adminDescription: Size of the common staging directory in MB
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDFSR-CommonStagingSizeInMb
+schemaIDGUID:: DrBeE0ZIi0WOoqN1Wa/UBQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ComputerReference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ComputerReference
+attributeID: 1.2.840.113556.1.6.13.3.101
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2050
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ComputerReference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Forward link to Computer object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDFSR-ComputerReference
+schemaIDGUID:: hVd7bCE9v0GKimJ5QVRNWg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ComputerReferenceBL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ComputerReferenceBL
+attributeID: 1.2.840.113556.1.6.13.3.103
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2051
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ComputerReferenceBL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Backlink attribute for ms-DFSR-ComputerReference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDFSR-ComputerReferenceBL
+schemaIDGUID:: 1ya1XhvXrkSMxpVGAFLmrA==
+systemFlags: 1
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ConflictPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ConflictPath
+attributeID: 1.2.840.113556.1.6.13.3.7
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ConflictPath
+adminDescription: Full path of the conflict directory
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-ConflictPath
+schemaIDGUID:: yLzwXPdg/0u9pq6gNE6xUQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ConflictSizeInMb,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ConflictSizeInMb
+attributeID: 1.2.840.113556.1.6.13.3.8
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: -1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ConflictSizeInMb
+adminDescription: Size of the Conflict directory in MB
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDFSR-ConflictSizeInMb
+schemaIDGUID:: yT/Tms+qmUK7PtH8bqiOSQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ContentSetGuid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ContentSetGuid
+attributeID: 1.2.840.113556.1.6.13.3.18
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ContentSetGuid
+adminDescription: DFSR Content set guid
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFSR-ContentSetGuid
+schemaIDGUID:: 4ag1EKhnIUy3uwMc35nXoA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DefaultCompressionExclusionFilter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DefaultCompressionExclusionFilter
+attributeID: 1.2.840.113556.1.6.13.3.34
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-DefaultCompressionExclusionFilter
+adminDescription: 
+ Filter string containing extensions of file types not to be compressed
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-DefaultCompressionExclusionFilter
+schemaIDGUID:: 1RuBh4vNy0WfXZgPOp4Mlw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DeletedPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DeletedPath
+attributeID: 1.2.840.113556.1.6.13.3.26
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-DeletedPath
+adminDescription: Full path of the Deleted directory
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-DeletedPath
+schemaIDGUID:: uPB8gZXbFEm4M1oHnvZXZA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DeletedSizeInMb,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DeletedSizeInMb
+attributeID: 1.2.840.113556.1.6.13.3.27
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeUpper: -1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-DeletedSizeInMb
+adminDescription: Size of the Deleted directory in MB
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDFSR-DeletedSizeInMb
+schemaIDGUID:: 0ZrtU3WZ9EGD9QwGGhJVOg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DfsLinkTarget,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DfsLinkTarget
+attributeID: 1.2.840.113556.1.6.13.3.24
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-DfsLinkTarget
+adminDescription: Link target used for the subscription
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-DfsLinkTarget
+schemaIDGUID:: qVu49/k7j0KqtC7ubVbwYw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DfsPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DfsPath
+attributeID: 1.2.840.113556.1.6.13.3.21
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-DfsPath
+adminDescription: Full path of associated DFS link
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDFSR-DfsPath
+schemaIDGUID:: 4gPJLIw5O0Sshv9rAerHug==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DirectoryFilter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DirectoryFilter
+attributeID: 1.2.840.113556.1.6.13.3.13
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-DirectoryFilter
+adminDescription: Filter string applied to directories
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-DirectoryFilter
+schemaIDGUID:: d7THky4fQEu3vwB+jQOMzw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DisablePacketPrivacy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DisablePacketPrivacy
+attributeID: 1.2.840.113556.1.6.13.3.32
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-DisablePacketPrivacy
+adminDescription: Disable packet privacy on a connection
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDFSR-DisablePacketPrivacy
+schemaIDGUID:: 5e2Eah50/UOd1qoPYVeGIQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Enabled
+attributeID: 1.2.840.113556.1.6.13.3.9
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Enabled
+adminDescription: Specify if the object enabled
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDFSR-Enabled
+schemaIDGUID:: 52pyA32ORkSKrqkWV8AJkw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Extension,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Extension
+attributeID: 1.2.840.113556.1.6.13.3.2
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Extension
+adminDescription: DFSR Extension attribute
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFSR-Extension
+schemaIDGUID:: 7BHweGanGUutz3uB7XgaTQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-FileFilter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-FileFilter
+attributeID: 1.2.840.113556.1.6.13.3.12
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-FileFilter
+adminDescription: Filter string applied to files
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-FileFilter
+schemaIDGUID:: rHCC1tylQUimrM1ovjjBgQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Flags
+attributeID: 1.2.840.113556.1.6.13.3.16
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Flags
+adminDescription: DFSR Object Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-Flags
+schemaIDGUID:: lVZR/mE/yEWb+hnBSMV7CQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Keywords,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Keywords
+attributeID: 1.2.840.113556.1.6.13.3.15
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Keywords
+adminDescription: User defined keywords
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-Keywords
+schemaIDGUID:: kkaLBCdiZ0ugdMRDcIPhSw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-MaxAgeInCacheInMin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-MaxAgeInCacheInMin
+attributeID: 1.2.840.113556.1.6.13.3.31
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeUpper: 2147483647
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-MaxAgeInCacheInMin
+adminDescription: Maximum time in minutes to keep files in full form
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-MaxAgeInCacheInMin
+schemaIDGUID:: jeSwKk6s/EqD5aNCQNthmA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-MemberReference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-MemberReference
+attributeID: 1.2.840.113556.1.6.13.3.100
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2052
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-MemberReference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Forward link to DFSR-Member object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDFSR-MemberReference
+schemaIDGUID:: qjcTJsPxskS76siNSebwxw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-MemberReferenceBL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-MemberReferenceBL
+attributeID: 1.2.840.113556.1.6.13.3.102
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2053
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-MemberReferenceBL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Backlink attribute for ms-DFSR-MemberReference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDFSR-MemberReferenceBL
+schemaIDGUID:: xmLerYAY7UG9PDC30l4U8A==
+systemFlags: 1
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-MinDurationCacheInMin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-MinDurationCacheInMin
+attributeID: 1.2.840.113556.1.6.13.3.30
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeUpper: 2147483647
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-MinDurationCacheInMin
+adminDescription: Minimum time in minutes before truncating files
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-MinDurationCacheInMin
+schemaIDGUID:: emBdTEnOSkSYYoKpX10fzA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-OnDemandExclusionDirectoryFilter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-OnDemandExclusionDirectoryFilter
+attributeID: 1.2.840.113556.1.6.13.3.36
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-OnDemandExclusionDirectoryFilter
+adminDescription: Filter string applied to on demand replication directories
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-OnDemandExclusionDirectoryFilter
+schemaIDGUID:: /zpSfRKQskmZJfkioAGGVg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-OnDemandExclusionFileFilter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-OnDemandExclusionFileFilter
+attributeID: 1.2.840.113556.1.6.13.3.35
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-OnDemandExclusionFileFilter
+adminDescription: Filter string applied to on demand replication files
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-OnDemandExclusionFileFilter
+schemaIDGUID:: 3FmDpoGl5k6QFVOCxg8PtA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Options,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Options
+attributeID: 1.2.840.113556.1.6.13.3.17
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Options
+adminDescription: DFSR object options
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-Options
+schemaIDGUID:: hHDW1iDHfUGGR7aWI3oRTA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Options2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Options2
+attributeID: 1.2.840.113556.1.6.13.3.37
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-Options2
+adminDescription: Object Options2
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-Options2
+schemaIDGUID:: GEPiEaZMSU+a/uXrGvo0cw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Priority
+attributeID: 1.2.840.113556.1.6.13.3.25
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-Priority
+adminDescription: Priority level
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-Priority
+schemaIDGUID:: 1ucg660y3kKxQRatJjGwGw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-RdcEnabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-RdcEnabled
+attributeID: 1.2.840.113556.1.6.13.3.19
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-RdcEnabled
+adminDescription: Enable and disable RDC
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDFSR-RdcEnabled
+schemaIDGUID:: BU6046f0eECnMPSGcKdD+A==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-RdcMinFileSizeInKb,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-RdcMinFileSizeInKb
+attributeID: 1.2.840.113556.1.6.13.3.20
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: -1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-RdcMinFileSizeInKb
+adminDescription: Minimum file size to apply RDC
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDFSR-RdcMinFileSizeInKb
+schemaIDGUID:: MKMC9OWswU2MyXTZAL+K4A==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ReadOnly,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ReadOnly
+attributeID: 1.2.840.113556.1.6.13.3.28
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-ReadOnly
+adminDescription: Specify whether the content is read-only or read-write
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDFSR-ReadOnly
+schemaIDGUID:: IYDEWkfk50adI5LAxqkN+w==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ReplicationGroupGuid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ReplicationGroupGuid
+attributeID: 1.2.840.113556.1.6.13.3.23
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ReplicationGroupGuid
+adminDescription: Replication group guid
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDFSR-ReplicationGroupGuid
+schemaIDGUID:: loetLRl2+E+Wbgpcxnsofw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ReplicationGroupType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ReplicationGroupType
+attributeID: 1.2.840.113556.1.6.13.3.10
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ReplicationGroupType
+adminDescription: Type of Replication Group
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-ReplicationGroupType
+schemaIDGUID:: yA/t7gEQ7UWAzLv3RJMHIA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-RootFence,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-RootFence
+attributeID: 1.2.840.113556.1.6.13.3.22
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-RootFence
+adminDescription: Root directory fence value
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-RootFence
+schemaIDGUID:: lI6SUdgsvkq1UuUEEkRDcA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-RootPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-RootPath
+attributeID: 1.2.840.113556.1.6.13.3.3
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-RootPath
+adminDescription: Full path of the root directory
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-RootPath
+schemaIDGUID:: wejV1x/mT0afzyC74KLsVA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-RootSizeInMb,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-RootSizeInMb
+attributeID: 1.2.840.113556.1.6.13.3.4
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-RootSizeInMb
+adminDescription: Size of the root directory in MB
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDFSR-RootSizeInMb
+schemaIDGUID:: rGm3kBNEz0OteoZxQudAow==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Schedule,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Schedule
+attributeID: 1.2.840.113556.1.6.13.3.14
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 336
+rangeUpper: 336
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Schedule
+adminDescription: DFSR Replication schedule
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFSR-Schedule
+schemaIDGUID:: X/GZRh+n4kif9ViXwHWSBQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-StagingCleanupTriggerInPercent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-StagingCleanupTriggerInPercent
+attributeID: 1.2.840.113556.1.6.13.3.40
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-StagingCleanupTriggerInPercent
+adminDescription: Staging cleanup trigger in percent of free disk space
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-StagingCleanupTriggerInPercent
+schemaIDGUID:: I5xL1vrhe0azF2lk10TWMw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-StagingPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-StagingPath
+attributeID: 1.2.840.113556.1.6.13.3.5
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-StagingPath
+adminDescription: Full path of the staging directory
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-StagingPath
+schemaIDGUID:: nqa5hqbwXUCZu3fZd5ksKg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-StagingSizeInMb,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-StagingSizeInMb
+attributeID: 1.2.840.113556.1.6.13.3.6
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: -1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-StagingSizeInMb
+adminDescription: Size of the staging directory in MB
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDFSR-StagingSizeInMb
+schemaIDGUID:: II8KJfz2WUWuZeSyTGeuvg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-TombstoneExpiryInMin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-TombstoneExpiryInMin
+attributeID: 1.2.840.113556.1.6.13.3.11
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2147483647
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-TombstoneExpiryInMin
+adminDescription: Tombstone record lifetime in minutes
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-TombstoneExpiryInMin
+schemaIDGUID:: TF3jIyTjYUiiL+GZFA2uAA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Version
+attributeID: 1.2.840.113556.1.6.13.3.1
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Version
+adminDescription: DFSR version number
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-Version
+schemaIDGUID:: CBSGGsM46km6dYVIGnfGVQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-DNSKEY-Record-Set-TTL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-DNSKEY-Record-Set-TTL
+attributeID: 1.2.840.113556.1.4.2139
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2592000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-DNSKEY-Record-Set-TTL
+adminDescription: 
+ An attribute that defines the time-to-live (TTL) value assigned to DNSKEY reco
+ rds when signing the DNS zone.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-DNSKEYRecordSetTTL
+schemaIDGUID:: fzFOj9coLESm3x9JH5ezJg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-DNSKEY-Records,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-DNSKEY-Records
+attributeID: 1.2.840.113556.1.4.2145
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 10000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-DNSKEY-Records
+adminDescription: 
+ An attribute that contains the DNSKEY record set for the root of the DNS zone 
+ and the root key signing key signature records.
+oMSyntax: 4
+searchFlags: 8
+lDAPDisplayName: msDNS-DNSKEYRecords
+schemaIDGUID:: 9VjEKC1gyUqnfLPxvlA6fg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-DS-Record-Algorithms,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-DS-Record-Algorithms
+attributeID: 1.2.840.113556.1.4.2134
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-DS-Record-Algorithms
+adminDescription: 
+ An attribute used to define the algorithms used when writing the dsset file du
+ ring zone signing.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-DSRecordAlgorithms
+schemaIDGUID:: 0npbXPogu0S+szS5wPZVeQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-DS-Record-Set-TTL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-DS-Record-Set-TTL
+attributeID: 1.2.840.113556.1.4.2140
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2592000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-DS-Record-Set-TTL
+adminDescription: 
+ An attribute that defines the time-to-live (TTL) value assigned to DS records 
+ when signing the DNS zone.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-DSRecordSetTTL
+schemaIDGUID:: fJuGKcRk/kKX1fvC+hJBYA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Is-Signed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Is-Signed
+attributeID: 1.2.840.113556.1.4.2130
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Is-Signed
+adminDescription: 
+ An attribute used to define whether or not the DNS zone is signed.
+oMSyntax: 1
+searchFlags: 8
+lDAPDisplayName: msDNS-IsSigned
+schemaIDGUID:: TIUSqvzYXk2RyjaLjYKb7g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Keymaster-Zones,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Keymaster-Zones
+attributeID: 1.2.840.113556.1.4.2128
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Keymaster-Zones
+adminDescription: 
+ A list of Active Directory-integrated zones for which the DNS server is the ke
+ ymaster.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDNS-KeymasterZones
+schemaIDGUID:: O93gCxoEjEGs6S8X0j6dQg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Maintain-Trust-Anchor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Maintain-Trust-Anchor
+attributeID: 1.2.840.113556.1.4.2133
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Maintain-Trust-Anchor
+adminDescription: 
+ An attribute used to define the type of trust anchor to automatically publish 
+ in the forest-wide trust anchor store when the DNS zone is signed.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-MaintainTrustAnchor
+schemaIDGUID:: wWPADdlSVkSeFZwkNKr9lA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-NSEC3-Current-Salt,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-NSEC3-Current-Salt
+attributeID: 1.2.840.113556.1.4.2149
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 510
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-NSEC3-Current-Salt
+adminDescription: 
+ An attribute that defines the current NSEC3 salt string being used to sign the
+  DNS zone.
+oMSyntax: 64
+searchFlags: 8
+lDAPDisplayName: msDNS-NSEC3CurrentSalt
+schemaIDGUID:: MpR9ONGmdESCzQqJquCErg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-NSEC3-Hash-Algorithm,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-NSEC3-Hash-Algorithm
+attributeID: 1.2.840.113556.1.4.2136
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-NSEC3-Hash-Algorithm
+adminDescription: 
+ An attribute that defines the NSEC3 hash algorithm to use when signing the DNS
+  zone.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-NSEC3HashAlgorithm
+schemaIDGUID:: UlWe/7d9OEGIiAXOMgoDIw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-NSEC3-Iterations,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-NSEC3-Iterations
+attributeID: 1.2.840.113556.1.4.2138
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 10000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-NSEC3-Iterations
+adminDescription: 
+ An attribute that defines how many NSEC3 hash iterations to perform when signi
+ ng the DNS zone.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-NSEC3Iterations
+schemaIDGUID:: qwq3gFmJwE6OkxJudt86yg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-NSEC3-OptOut,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-NSEC3-OptOut
+attributeID: 1.2.840.113556.1.4.2132
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-NSEC3-OptOut
+adminDescription: 
+ An attribute used to define whether or not the DNS zone should be signed using
+  NSEC opt-out.
+oMSyntax: 1
+searchFlags: 8
+lDAPDisplayName: msDNS-NSEC3OptOut
+schemaIDGUID:: iCDqe+KMPEKxkWbsUGsVlQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-NSEC3-Random-Salt-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-NSEC3-Random-Salt-Length
+attributeID: 1.2.840.113556.1.4.2137
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-NSEC3-Random-Salt-Length
+adminDescription: 
+ An attribute that defines the length in bytes of the random salt used when sig
+ ning the DNS zone.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-NSEC3RandomSaltLength
+schemaIDGUID:: ZRY2E2yR502lnbHrvQ3hKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-NSEC3-User-Salt,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-NSEC3-User-Salt
+attributeID: 1.2.840.113556.1.4.2148
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 510
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-NSEC3-User-Salt
+adminDescription: 
+ An attribute that defines a user-specified NSEC3 salt string to use when signi
+ ng the DNS zone. If empty, random salt will be used.
+oMSyntax: 64
+searchFlags: 8
+lDAPDisplayName: msDNS-NSEC3UserSalt
+schemaIDGUID:: cGfxryKWvE+hKDCId3YFuQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Parent-Has-Secure-Delegation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Parent-Has-Secure-Delegation
+attributeID: 1.2.840.113556.1.4.2146
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Parent-Has-Secure-Delegation
+adminDescription: 
+ An attribute used to define whether the parental delegation to the DNS zone is
+  secure.
+oMSyntax: 1
+searchFlags: 8
+lDAPDisplayName: msDNS-ParentHasSecureDelegation
+schemaIDGUID:: ZGlcKBrBnkmW2L98daIjxg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Propagation-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Propagation-Time
+attributeID: 1.2.840.113556.1.4.2147
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Propagation-Time
+adminDescription: 
+ An attribute used to define in seconds the expected time required to propagate
+  zone changes through Active Directory.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-PropagationTime
+schemaIDGUID:: Rw00uoEhoEyi9vrkR52rKg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-RFC5011-Key-Rollovers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-RFC5011-Key-Rollovers
+attributeID: 1.2.840.113556.1.4.2135
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-RFC5011-Key-Rollovers
+adminDescription: 
+ An attribute that defines whether or not the DNS zone should be maintained usi
+ ng key rollover procedures defined in RFC 5011.
+oMSyntax: 1
+searchFlags: 8
+lDAPDisplayName: msDNS-RFC5011KeyRollovers
+schemaIDGUID:: QDzZJ1oGwEO92M3yx9Egqg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Secure-Delegation-Polling-Period,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Secure-Delegation-Polling-Period
+attributeID: 1.2.840.113556.1.4.2142
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2592000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Secure-Delegation-Polling-Period
+adminDescription: 
+ An attribute that defines in seconds the time between polling attempts for chi
+ ld zone key rollovers.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-SecureDelegationPollingPeriod
+schemaIDGUID:: vvCw9uSoaESP2cPEe4ci+Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Sign-With-NSEC3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Sign-With-NSEC3
+attributeID: 1.2.840.113556.1.4.2131
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Sign-With-NSEC3
+adminDescription: 
+ An attribute used to define whether or not the DNS zone is signed with NSEC3.
+oMSyntax: 1
+searchFlags: 8
+lDAPDisplayName: msDNS-SignWithNSEC3
+schemaIDGUID:: mSGfx6Ft/0aSPB8/gAxyHg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Signature-Inception-Offset,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Signature-Inception-Offset
+attributeID: 1.2.840.113556.1.4.2141
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2592000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Signature-Inception-Offset
+adminDescription: 
+ An attribute that defines in seconds how far in the past DNSSEC signature vali
+ dity periods should begin when signing the DNS zone.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-SignatureInceptionOffset
+schemaIDGUID:: LsPUAxfiYUqWmXu8RymgJg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Signing-Key-Descriptors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Signing-Key-Descriptors
+attributeID: 1.2.840.113556.1.4.2143
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 10000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Signing-Key-Descriptors
+adminDescription: 
+ An attribute that contains the set of DNSSEC Signing Key Descriptors (SKDs) us
+ ed by the DNS server to generate keys and sign the DNS zone.
+oMSyntax: 4
+searchFlags: 8
+lDAPDisplayName: msDNS-SigningKeyDescriptors
+schemaIDGUID:: zdhDNLblO0+wmGWaAhSgeQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Signing-Keys,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Signing-Keys
+attributeID: 1.2.840.113556.1.4.2144
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 10000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Signing-Keys
+adminDescription: 
+ An attribute that contains the set of encrypted DNSSEC signing keys used by th
+ e DNS server to sign the DNS zone.
+oMSyntax: 4
+searchFlags: 8
+lDAPDisplayName: msDNS-SigningKeys
+schemaIDGUID:: bT5nt9nKnk6zGmPoCY/dYw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DRM-Identity-Certificate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DRM-Identity-Certificate
+attributeID: 1.2.840.113556.1.4.1843
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 10240
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DRM-Identity-Certificate
+adminDescription: 
+ The XrML digital rights management certificates for this user.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDRM-IdentityCertificate
+schemaIDGUID:: BBJe6DQ0rUGbVuKQEij/8A==
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Additional-Dns-Host-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Additional-Dns-Host-Name
+attributeID: 1.2.840.113556.1.4.1717
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Additional-Dns-Host-Name
+adminDescription: ms-DS-Additional-Dns-Host-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AdditionalDnsHostName
+schemaFlagsEx: 1
+schemaIDGUID:: kTeGgOnbuE6Dfn8KtV2axw==
+attributeSecurityGUID:: R5Xjchh70RGt7wDAT9jVzQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Additional-Sam-Account-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Additional-Sam-Account-Name
+attributeID: 1.2.840.113556.1.4.1718
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Additional-Sam-Account-Name
+adminDescription: ms-DS-Additional-Sam-Account-Name
+oMSyntax: 64
+searchFlags: 13
+lDAPDisplayName: msDS-AdditionalSamAccountName
+schemaFlagsEx: 1
+schemaIDGUID:: 33FVl9WkmkKfWc3GWB2R5g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-All-Users-Trust-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-All-Users-Trust-Quota
+attributeID: 1.2.840.113556.1.4.1789
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-All-Users-Trust-Quota
+adminDescription: 
+ Used to enforce a combined users quota on the total number of Trusted-Domain o
+ bjects created by using the control access right, "Create inbound Forest trust
+ ".
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AllUsersTrustQuota
+schemaFlagsEx: 1
+schemaIDGUID:: XEqq0wNOEEiXqisznnpDSw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Allowed-DNS-Suffixes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Allowed-DNS-Suffixes
+attributeID: 1.2.840.113556.1.4.1710
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Allowed-DNS-Suffixes
+adminDescription: Allowed suffixes for dNSHostName on computer
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AllowedDNSSuffixes
+schemaFlagsEx: 1
+schemaIDGUID:: G0RphMSaRU6CBb0hnb9nLQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Allowed-To-Act-On-Behalf-Of-Other-Identity,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Allowed-To-Act-On-Behalf-Of-Other-Identity
+attributeID: 1.2.840.113556.1.4.2182
+attributeSyntax: 2.5.5.15
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Allowed-To-Act-On-Behalf-Of-Other-Identity
+adminDescription: 
+ This attribute is used for access checks to determine if a requestor has permi
+ ssion to act on the behalf of other identities to services running as this acc
+ ount.
+oMSyntax: 66
+searchFlags: 0
+lDAPDisplayName: msDS-AllowedToActOnBehalfOfOtherIdentity
+schemaFlagsEx: 1
+schemaIDGUID:: 5cN4P5r3vUaguJ0YEW3ceQ==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Allowed-To-Delegate-To,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Allowed-To-Delegate-To
+attributeID: 1.2.840.113556.1.4.1787
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Allowed-To-Delegate-To
+adminDescription: 
+ Allowed-To-Delegate-To contains a list of SPNs that are used for Constrained D
+ elegation
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AllowedToDelegateTo
+schemaFlagsEx: 1
+schemaIDGUID:: 15QNgKG3oUKxTXyuFCPQfw==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Applies-To-Resource-Types,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Applies-To-Resource-Types
+attributeID: 1.2.840.113556.1.4.2195
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Applies-To-Resource-Types
+adminDescription: 
+ For a resource property, this attribute indicates what resource types this res
+ ource property applies to.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AppliesToResourceTypes
+schemaFlagsEx: 1
+schemaIDGUID:: BiA/aWRXSj2EOVjwSqtLWQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Approx-Immed-Subordinates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Approx-Immed-Subordinates
+attributeID: 1.2.840.113556.1.4.1669
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Approx-Immed-Subordinates
+adminDescription: ms-DS-Approx-Immed-Subordinates
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-Approx-Immed-Subordinates
+schemaFlagsEx: 1
+schemaIDGUID:: Q9KF4c7220q0lrDABdeCPA==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Approximate-Last-Logon-Time-Stamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Approximate-Last-Logon-Time-Stamp
+attributeID: 1.2.840.113556.1.4.2262
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Approximate-Last-Logon-Time-Stamp
+adminDescription: 
+ The approximate time a user last logged on with from the device.
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: msDS-ApproximateLastLogonTimeStamp
+schemaIDGUID:: O5hPo8aEDE+QUKOhSh01pA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Assigned-AuthN-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Assigned-AuthN-Policy
+attributeID: 1.2.840.113556.1.4.2295
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2212
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Assigned Authentication Policy
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute specifies which AuthNPolicy should be applied to this principal
+ .
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-AssignedAuthNPolicy
+schemaIDGUID:: 2Ap6uPdUwUmEoOZNEoU1iA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Assigned-AuthN-Policy-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Assigned-AuthN-Policy-BL
+attributeID: 1.2.840.113556.1.4.2296
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2213
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Assigned Authentication Policy Backlink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: This attribute is the backlink for msDS-AssignedAuthNPolicy.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-AssignedAuthNPolicyBL
+schemaIDGUID:: PBsTLZ/T7kqBXo20vBznrA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Assigned-AuthN-Policy-Silo,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Assigned-AuthN-Policy-Silo
+attributeID: 1.2.840.113556.1.4.2285
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2202
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Assigned Authentication Policy Silo
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute specifies which AuthNPolicySilo a principal is assigned to.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-AssignedAuthNPolicySilo
+schemaIDGUID:: QcE/svUN6kqzPWz0kwd7Pw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Assigned-AuthN-Policy-Silo-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Assigned-AuthN-Policy-Silo-BL
+attributeID: 1.2.840.113556.1.4.2286
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2203
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Assigned Authentication Policy Silo Backlink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute is the backlink for msDS-AssignedAuthNPolicySilo.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-AssignedAuthNPolicySiloBL
+schemaIDGUID:: FAUUM3r10keOxATEZmYAxw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthenticatedAt-DC,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-AuthenticatedAt-DC
+attributeID: 1.2.840.113556.1.4.1958
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2112
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-AuthenticatedAt-DC
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Forwardlink for ms-DS-AuthenticatedTo-Accountlist; for a User, identifies whic
+ h DC a user has authenticated to
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-AuthenticatedAtDC
+schemaFlagsEx: 1
+schemaIDGUID:: nOkePgRmiUSJ2YR5iolRWg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthenticatedTo-Accountlist,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-AuthenticatedTo-Accountlist
+attributeID: 1.2.840.113556.1.4.1957
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2113
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-AuthenticatedTo-Accountlist
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-DS-AuthenticatedAt-DC; for a Computer, identifies which users 
+ have authenticated to this Computer
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-AuthenticatedToAccountlist
+schemaFlagsEx: 1
+schemaIDGUID:: ccmy6N+mvEeNb2J3DVJ6pQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthN-Policy-Enforced,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-AuthN-Policy-Enforced
+attributeID: 1.2.840.113556.1.4.2297
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication Policy Enforced
+adminDescription: 
+ This attribute specifies whether the authentication policy is enforced.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-AuthNPolicyEnforced
+schemaIDGUID:: wgxWekXsukSy1yEjatWf1Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthN-Policy-Silo-Enforced,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-AuthN-Policy-Silo-Enforced
+attributeID: 1.2.840.113556.1.4.2298
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication Policy Silo Enforced
+adminDescription: 
+ This attribute specifies whether the authentication policy silo is enforced.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-AuthNPolicySiloEnforced
+schemaIDGUID:: AhH18uBrPUmHJhVGzbyHcQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthN-Policy-Silo-Members,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-AuthN-Policy-Silo-Members
+attributeID: 1.2.840.113556.1.4.2287
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2204
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication Policy Silo Members
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute specifies which principals are assigned to the AuthNPolicySilo.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-AuthNPolicySiloMembers
+schemaIDGUID:: BR5NFqZIhkio6XeiAG48dw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthN-Policy-Silo-Members-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-AuthN-Policy-Silo-Members-BL
+attributeID: 1.2.840.113556.1.4.2288
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2205
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication Policy Silo Members Backlink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute is the backlink for msDS-AuthNPolicySiloMembers.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-AuthNPolicySiloMembersBL
+schemaIDGUID:: x8v8EeT7UUm0t63fb579RA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Auxiliary-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Auxiliary-Classes
+attributeID: 1.2.840.113556.1.4.1458
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Auxiliary-Classes
+adminDescription: ms-DS-Auxiliary-Classes
+oMSyntax: 6
+searchFlags: 8
+lDAPDisplayName: msDS-Auxiliary-Classes
+schemaFlagsEx: 1
+schemaIDGUID:: cxCvxFDu4Eu4wImkH+mavg==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Application-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Application-Data
+attributeID: 1.2.840.113556.1.4.1819
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Application-Data
+adminDescription: 
+ A string that is used by individual applications to store whatever information
+  they may need to
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzApplicationData
+schemaIDGUID:: 6MM/UMYcGkaZo57uBPQCpw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Application-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Application-Name
+attributeID: 1.2.840.113556.1.4.1798
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Application-Name
+adminDescription: A string that uniquely identifies an application object
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzApplicationName
+schemaIDGUID:: KAdb2whidkiDt5XT5WlSdQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Application-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Application-Version
+attributeID: 1.2.840.113556.1.4.1817
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Application-Version
+adminDescription: 
+ A version number to indicate that the AzApplication is updated
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzApplicationVersion
+schemaIDGUID:: IKGEccQ6rkeEj/4KsgeE1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Biz-Rule,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Biz-Rule
+attributeID: 1.2.840.113556.1.4.1801
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Biz-Rule
+adminDescription: Text of the script implementing the business rule
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzBizRule
+schemaIDGUID:: qB7UM8nAkkyUlPEEh4QT/Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Biz-Rule-Language,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Biz-Rule-Language
+attributeID: 1.2.840.113556.1.4.1802
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Biz-Rule-Language
+adminDescription: 
+ Language that the business rule script is in (Jscript, VBScript)
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzBizRuleLanguage
+schemaIDGUID:: VkuZUmwOB06qXO+df1oOJQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Class-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Class-ID
+attributeID: 1.2.840.113556.1.4.1816
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 40
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Class-ID
+adminDescription: 
+ A class ID required by the AzRoles UI on the AzApplication object
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzClassId
+schemaIDGUID:: d3I6AS1c70mn3rdls2o/bw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Domain-Timeout,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Domain-Timeout
+attributeID: 1.2.840.113556.1.4.1795
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Domain-Timeout
+adminDescription: 
+ Time (in ms) after a domain is detected to be un-reachable, and before the DC 
+ is tried again
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AzDomainTimeout
+schemaIDGUID:: avVIZHDKLk6wr9IOTOZT0A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Generate-Audits,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Generate-Audits
+attributeID: 1.2.840.113556.1.4.1805
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Generate-Audits
+adminDescription: 
+ A boolean field indicating if runtime audits need to be turned on (include aud
+ its for access checks, etc.)
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-AzGenerateAudits
+schemaIDGUID:: sLoK+WwYGES7hYhEfIciKg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Generic-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Generic-Data
+attributeID: 1.2.840.113556.1.4.1950
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Generic-Data
+adminDescription: AzMan specific generic data
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzGenericData
+schemaIDGUID:: SeP3tVt6fECjNKMcP1OLmA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Last-Imported-Biz-Rule-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Last-Imported-Biz-Rule-Path
+attributeID: 1.2.840.113556.1.4.1803
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Last-Imported-Biz-Rule-Path
+adminDescription: Last imported business rule path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzLastImportedBizRulePath
+schemaIDGUID:: XMtaZpK7vE2MWbNjjqsJsw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-LDAP-Query,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-LDAP-Query
+attributeID: 1.2.840.113556.1.4.1792
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 4096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-LDAP-Query
+adminDescription: ms-DS-Az-LDAP-Query
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzLDAPQuery
+schemaFlagsEx: 1
+schemaIDGUID:: izZTXpT8yEWdfdrzHucRLQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Major-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Major-Version
+attributeID: 1.2.840.113556.1.4.1824
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Major-Version
+adminDescription: Major version number for AzRoles
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AzMajorVersion
+schemaIDGUID:: t625z7fEWUCVaB7Z22tySA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Minor-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Minor-Version
+attributeID: 1.2.840.113556.1.4.1825
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Minor-Version
+adminDescription: Minor version number for AzRoles
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AzMinorVersion
+schemaIDGUID:: k+2F7gmyiEeBZecC9Rv78w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Object-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Object-Guid
+attributeID: 1.2.840.113556.1.4.1949
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Object-Guid
+adminDescription: The unique and portable identifier of AzMan objects
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDS-AzObjectGuid
+schemaIDGUID:: SOWRhDhsZUOnMq8EFWmwLA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Operation-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Operation-ID
+attributeID: 1.2.840.113556.1.4.1800
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Operation-ID
+adminDescription: 
+ Application specific ID that makes the operation unique to the application
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AzOperationID
+schemaIDGUID:: U7XzpXZdvky6P0MSFSyrGA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Scope-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Scope-Name
+attributeID: 1.2.840.113556.1.4.1799
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Scope-Name
+adminDescription: A string that uniquely identifies a scope object
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzScopeName
+schemaIDGUID:: BmtaURcmc0GAmdVgXfBDxg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Script-Engine-Cache-Max,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Script-Engine-Cache-Max
+attributeID: 1.2.840.113556.1.4.1796
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Script-Engine-Cache-Max
+adminDescription: Maximum number of scripts that are cached by the application
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AzScriptEngineCacheMax
+schemaIDGUID:: avYpJpUf80uilo6de54wyA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Script-Timeout,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Script-Timeout
+attributeID: 1.2.840.113556.1.4.1797
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Script-Timeout
+adminDescription: 
+ Maximum time (in ms) to wait for a script to finish auditing a specific policy
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AzScriptTimeout
+schemaIDGUID:: QfvQh4ss9kG5chH9/VDWsA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Task-Is-Role-Definition,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Task-Is-Role-Definition
+attributeID: 1.2.840.113556.1.4.1818
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Task-Is-Role-Definition
+adminDescription: 
+ A Boolean field which indicates whether AzTask is a classic task or a role def
+ inition
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-AzTaskIsRoleDefinition
+schemaIDGUID:: RIUHe4Js6U+HL/9IrSsuJg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Behavior-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Behavior-Version
+attributeID: 1.2.840.113556.1.4.1459
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Behavior-Version
+adminDescription: ms-DS-Behavior-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-Behavior-Version
+schemaFlagsEx: 1
+schemaIDGUID:: V4ca00ckRUWAgTu2EMrL8g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-BridgeHead-Servers-Used,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-BridgeHead-Servers-Used
+attributeID: 1.2.840.113556.1.4.2049
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+linkID: 2160
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-BridgeHead-Servers-Used
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: List of bridge head servers used by KCC in the previous run.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-BridgeHeadServersUsed
+schemaFlagsEx: 1
+schemaIDGUID:: ZRTtPHF7QSWHgB4epiQ6gg==
+systemFlags: 25
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Byte-Array,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Byte-Array
+attributeID: 1.2.840.113556.1.4.1831
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 1000000
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-Byte-Array
+adminDescription: An attribute for storing binary data.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ByteArray
+schemaIDGUID:: LpfY8Fvd5UClHQRMfBfs5w==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Cached-Membership,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Cached-Membership
+attributeID: 1.2.840.113556.1.4.1441
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Cached-Membership
+adminDescription: ms-DS-Cached-Membership
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-Cached-Membership
+schemaFlagsEx: 1
+schemaIDGUID:: CLDKadTNyUu6uA/zfv4bIA==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Cached-Membership-Time-Stamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Cached-Membership-Time-Stamp
+attributeID: 1.2.840.113556.1.4.1442
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Cached-Membership-Time-Stamp
+adminDescription: ms-DS-Cached-Membership-Time-Stamp
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: msDS-Cached-Membership-Time-Stamp
+schemaFlagsEx: 1
+schemaIDGUID:: H79mNe6+y02Kvu+J/P7GwQ==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Attribute-Source,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Attribute-Source
+attributeID: 1.2.840.113556.1.4.2099
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Attribute-Source
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a claim type object, this attribute points to the attribute that will be u
+ sed as the source for the claim type.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimAttributeSource
+schemaIDGUID:: PhK87ua6ZkGeWymISot2sA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Is-Single-Valued,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Is-Single-Valued
+attributeID: 1.2.840.113556.1.4.2160
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Is-Single-Valued
+adminDescription: 
+ For a claim type object, this attribute identifies if the claim type or resour
+ ce property can only contain single value.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimIsSingleValued
+schemaIDGUID:: uZ94zbSWSEaCGco3gWGvOA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Is-Value-Space-Restricted,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Is-Value-Space-Restricted
+attributeID: 1.2.840.113556.1.4.2159
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Is-Value-Space-Restricted
+adminDescription: 
+ For a claim type, this attribute identifies whether a user can input values ot
+ her than those described in the msDS-ClaimPossibleValues in applications.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimIsValueSpaceRestricted
+schemaIDGUID:: x+QsDMPxgkSFeMYNS7dEIg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Possible-Values,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Possible-Values
+attributeID: 1.2.840.113556.1.4.2097
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1048576
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Possible-Values
+adminDescription: 
+ For a claim type or resource property object, this attribute describes the val
+ ues suggested to a user when the he/she use the claim type or resource propert
+ y in applications.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimPossibleValues
+schemaIDGUID:: 7u0oLnztP0Wv5JO9hvIXTw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Shares-Possible-Values-With,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Shares-Possible-Values-With
+attributeID: 1.2.840.113556.1.4.2101
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2178
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Shares-Possible-Values-With
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a resource property object, this attribute indicates that the suggested va
+ lues of the claims issued are defined on the object that this linked attribute
+  points to. Overrides ms-DS-Claim-Possible-Values on itself, if populated.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimSharesPossibleValuesWith
+schemaIDGUID:: OtHIUgvOV0+JKxj1pDokAA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Shares-Possible-Values-With-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Shares-Possible-Values-With-BL
+attributeID: 1.2.840.113556.1.4.2102
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2179
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Shares-Possible-Values-With-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a claim type object, this attribute indicates that the possible values des
+ cribed in ms-DS-Claim-Possible-Values are being referenced by other claim type
+  objects.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimSharesPossibleValuesWithBL
+schemaIDGUID:: 2yLVVJXs9UibvRiA67shgA==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Source,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Source
+attributeID: 1.2.840.113556.1.4.2157
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Source
+adminDescription: 
+ For a claim type, this attribute indicates the source of the claim type. For e
+ xample, the source can be certificate.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimSource
+schemaIDGUID:: pvIy+ovy0Ee/kWY+j5EKcg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Source-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Source-Type
+attributeID: 1.2.840.113556.1.4.2158
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Source-Type
+adminDescription: 
+ For a security principal claim type, lists the type of store the issued claim 
+ is sourced from
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimSourceType
+schemaIDGUID:: BZzxkvqNIkK70SxPAUh3VA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Type-Applies-To-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Type-Applies-To-Class
+attributeID: 1.2.840.113556.1.4.2100
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2176
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Type-Applies-To-Class
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a claim type object, this linked attribute points to the AD security princ
+ ipal classes that for which claims should be issued. (For example, a link to t
+ he user class).
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimTypeAppliesToClass
+schemaIDGUID:: TA77anbYfEOutsPkFFTCcg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Value-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Value-Type
+attributeID: 1.2.840.113556.1.4.2098
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Value-Type
+adminDescription: 
+ For a claim type object, specifies the value type of the claims issued.
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimValueType
+schemaIDGUID:: uRdixo7k90e31WVSuK/WGQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Cloud-Anchor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Cloud-Anchor
+attributeID: 1.2.840.113556.1.4.2273
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Cloud-Anchor
+adminDescription: 
+ This attribute is used by the DirSync engine to indicate the object SOA and to
+  maintain the relationship between the on-premises and cloud object.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-CloudAnchor
+schemaIDGUID:: gF5WeNQD40+vrIw7yi82Uw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Cloud-IsEnabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Cloud-IsEnabled
+attributeID: 1.2.840.113556.1.4.2275
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Cloud-IsEnabled
+adminDescription: 
+ This attribute is used to indicate whether cloud DRS is enabled.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-CloudIsEnabled
+schemaIDGUID:: KIOEiU58b0+gEyjOOtKC3A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Cloud-IsManaged,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Cloud-IsManaged
+attributeID: 1.2.840.113556.1.4.2271
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Cloud-IsManaged
+adminDescription: 
+ This attribute is used to indicate the device is managed by a cloud MDM.
+oMSyntax: 1
+searchFlags: 1
+lDAPDisplayName: msDS-CloudIsManaged
+schemaIDGUID:: jroVU4+VUku9OBNJowTdYw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Cloud-Issuer-Public-Certificates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Cloud-Issuer-Public-Certificates
+attributeID: 1.2.840.113556.1.4.2274
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Cloud-Issuer-Public-Certificates
+adminDescription: 
+ The public keys used by the cloud DRS to sign certificates issued by the Regis
+ tration Service.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-CloudIssuerPublicCertificates
+schemaIDGUID:: T7XoodZL0k+Y4rzukqVUlw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute1,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute1
+attributeID: 1.2.840.113556.1.4.2214
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute1
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute1
+schemaIDGUID:: r+oJl9pJsk2QigRG5eq4RA==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute10,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute10
+attributeID: 1.2.840.113556.1.4.2223
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute10
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute10
+schemaIDGUID:: s/wKZ70T/EeQswpSftgatw==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute11,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute11
+attributeID: 1.2.840.113556.1.4.2224
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute11
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute11
+schemaIDGUID:: yLuenqV9pkKJJSROEqVuJA==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute12,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute12
+attributeID: 1.2.840.113556.1.4.2225
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute12
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute12
+schemaIDGUID:: PcQBPAvhyk+Sskz2FdWwmg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute13,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute13
+attributeID: 1.2.840.113556.1.4.2226
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute13
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute13
+schemaIDGUID:: S0a+KJCreUumsN9DdDHQNg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute14,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute14
+attributeID: 1.2.840.113556.1.4.2227
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute14
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute14
+schemaIDGUID:: ura8zoBuJ0mFYJj+yghqnw==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute15,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute15
+attributeID: 1.2.840.113556.1.4.2228
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute15
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute15
+schemaIDGUID:: N9XkqvCKqk2cxmLq24T/Aw==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute16,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute16
+attributeID: 1.2.840.113556.1.4.2229
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute16
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute16
+schemaIDGUID:: WyGBlZZRU0ChHm/8r8YsTQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute17,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute17
+attributeID: 1.2.840.113556.1.4.2230
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute17
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute17
+schemaIDGUID:: 2m08PehrKUKWfi/1u5O0zg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute18,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute18
+attributeID: 1.2.840.113556.1.4.2231
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute18
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute18
+schemaIDGUID:: NDvniKYKaUSYQm6wGzKltQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute19,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute19
+attributeID: 1.2.840.113556.1.4.2232
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute19
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute19
+schemaIDGUID:: mf51CQeWikaOGMgA0zhzlQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute2
+attributeID: 1.2.840.113556.1.4.2215
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute2
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute2
+schemaIDGUID:: rOBO88HAqUuCyRqQdS8WpQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute20,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute20
+attributeID: 1.2.840.113556.1.4.2233
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute20
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute20
+schemaIDGUID:: KGNE9W6LjUmVqCEXSNWs3A==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute3
+attributeID: 1.2.840.113556.1.4.2216
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute3
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute3
+schemaIDGUID:: Gsj2gtr6DUqw93BtRoOOtQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute4,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute4
+attributeID: 1.2.840.113556.1.4.2217
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute4
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute4
+schemaIDGUID:: NzS/nG5OW0iykSKwJVQnPw==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute5,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute5
+attributeID: 1.2.840.113556.1.4.2218
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute5
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute5
+schemaIDGUID:: W+gVKUfjUkiquyLlplHIZA==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute6,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute6
+attributeID: 1.2.840.113556.1.4.2219
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute6
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute6
+schemaIDGUID:: eSZFYOEo7Eus43EoMzYUVg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute7,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute7
+attributeID: 1.2.840.113556.1.4.2220
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute7
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute7
+schemaIDGUID:: GRN8Sk7jwkCdAGD/eJDyBw==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute8,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute8
+attributeID: 1.2.840.113556.1.4.2221
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute8
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute8
+schemaIDGUID:: FMXRPEmEykSBwAIXgYANKg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute9,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute9
+attributeID: 1.2.840.113556.1.4.2222
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute9
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute9
+schemaIDGUID:: LOFjCkAwQUSuJs2Vrw0kfg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Computer-Allowed-To-Authenticate-To,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Computer-Allowed-To-Authenticate-To
+attributeID: 1.2.840.113556.1.4.2280
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Computer-Allowed-To-Authenticate-To
+adminDescription: 
+ This attribute is used to determine if a computer has permission to authentica
+ te to a service.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ComputerAllowedToAuthenticateTo
+schemaIDGUID:: 6atbEH4Hk0e5dO8EELYlcw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Computer-AuthN-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Computer-AuthN-Policy
+attributeID: 1.2.840.113556.1.4.2291
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2208
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Computer Authentication Policy
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute specifies which AuthNPolicy should be applied to computers assi
+ gned to this silo object.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ComputerAuthNPolicy
+schemaIDGUID:: yWO4r6O+D0Sp82FTzGaJKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Computer-AuthN-Policy-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Computer-AuthN-Policy-BL
+attributeID: 1.2.840.113556.1.4.2292
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2209
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Computer Authentication Policy Backlink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: This attribute is the backlink for msDS-ComputerAuthNPolicy.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ComputerAuthNPolicyBL
+schemaIDGUID:: MmLvK6EwfkWGBHr22/ExuA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Computer-TGT-Lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Computer-TGT-Lifetime
+attributeID: 1.2.840.113556.1.4.2281
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Computer TGT Lifetime
+adminDescription: 
+ This attribute specifies the maximum age of a Kerberos TGT issued to a compute
+ r in units of 10^(-7) seconds.
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-ComputerTGTLifetime
+schemaIDGUID:: JHWTLrnfrEykNqW32mT9Zg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Consistency-Child-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Consistency-Child-Count
+attributeID: 1.2.840.113556.1.4.1361
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Consistency-Child-Count
+adminDescription: MS-DS-Consistency-Child-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mS-DS-ConsistencyChildCount
+schemaIDGUID:: wnuLFzq20hGQ4QDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Consistency-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Consistency-Guid
+attributeID: 1.2.840.113556.1.4.1360
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Consistency-Guid
+adminDescription: MS-DS-Consistency-Guid
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mS-DS-ConsistencyGuid
+schemaIDGUID:: wj13Izq20hGQ4QDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Creator-SID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Creator-SID
+attributeID: 1.2.840.113556.1.4.1410
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Creator-SID
+adminDescription: MS-DS-Creator-SID
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: mS-DS-CreatorSID
+schemaFlagsEx: 1
+schemaIDGUID:: MgHmxYAU0xGRwQAA+HpX1A==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Date-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Date-Time
+attributeID: 1.2.840.113556.1.4.1832
+attributeSyntax: 2.5.5.11
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-Date-Time
+adminDescription: An attribute for storing a data and time value.
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: msDS-DateTime
+schemaIDGUID:: 2MtPI1L7CEmjKP2fbljkAw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Default-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Default-Quota
+attributeID: 1.2.840.113556.1.4.1846
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Default-Quota
+adminDescription: 
+ The default quota that will apply to a security principal creating an object i
+ n the NC if no quota specification exists that covers the security principal.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-DefaultQuota
+schemaFlagsEx: 1
+schemaIDGUID:: JvcYaEtnG0SKOvQFljdM6g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Deleted-Object-Lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Deleted-Object-Lifetime
+attributeID: 1.2.840.113556.1.4.2068
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Deleted-Object-Lifetime
+adminDescription: Lifetime of a deleted object.
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: msDS-DeletedObjectLifetime
+schemaFlagsEx: 1
+schemaIDGUID:: toyzqZoY702KcA/PoVgUjg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Device-ID
+attributeID: 1.2.840.113556.1.4.2252
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-ID
+adminDescription: This attribute stores the ID of the device.
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDS-DeviceID
+schemaIDGUID:: x4EBw0Jj+0GyeffFZsvgpw==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Device-Location
+attributeID: 1.2.840.113556.1.4.2261
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-Location
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: The DN under which the device objects will be created.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-DeviceLocation
+schemaIDGUID:: yFb74+hd9UWxsdK2zTHnYg==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-Object-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Device-Object-Version
+attributeID: 1.2.840.113556.1.4.2257
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-Object-Version
+adminDescription: 
+ This attribute is used to identify the schema version of the device.
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: msDS-DeviceObjectVersion
+schemaIDGUID:: Wmll73nxak6T3rAeBmgc+w==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-OS-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Device-OS-Type
+attributeID: 1.2.840.113556.1.4.2249
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-OS-Type
+adminDescription: 
+ This attribute is used to track the type of device based on the OS.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-DeviceOSType
+schemaIDGUID:: TUUOELvzy02EX41e3EccWQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-OS-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Device-OS-Version
+attributeID: 1.2.840.113556.1.4.2250
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-OS-Version
+adminDescription: 
+ This attribute is used to track the OS version of the device.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-DeviceOSVersion
+schemaIDGUID:: Y4z7cKtfBEWrnRSzKain+A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-Physical-IDs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Device-Physical-IDs
+attributeID: 1.2.840.113556.1.4.2251
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-Physical-IDs
+adminDescription: 
+ This attribute is used to store identifiers of the physical device.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-DevicePhysicalIDs
+schemaIDGUID:: FFRhkKCiR0Spk1NAlZm3Tg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-DnsRootAlias,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-DnsRootAlias
+attributeID: 1.2.840.113556.1.4.1719
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-DnsRootAlias
+adminDescription: ms-DS-DnsRootAlias
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-DnsRootAlias
+schemaFlagsEx: 1
+schemaIDGUID:: yqxDIa3uKU21kYX6Sc6Rcw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Drs-Farm-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Drs-Farm-ID
+attributeID: 1.2.840.113556.1.4.2265
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Drs-Farm-ID
+adminDescription: 
+ This attribute stores the name of the federation service this DRS object is as
+ sociated with.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-DrsFarmID
+schemaIDGUID:: ZvdVYC4gzUmovuUrsVnt+w==
+systemOnly: TRUE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+isDefunct: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Egress-Claims-Transformation-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Egress-Claims-Transformation-Policy
+attributeID: 1.2.840.113556.1.4.2192
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2192
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Egress-Claims-Transformation-Policy
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This is a link to a Claims Transformation Policy Object for the egress claims 
+ (claims leaving this forest) to the Trusted Domain. This is applicable only fo
+ r an incoming or bidirectional Cross-Forest Trust. When this link is not prese
+ nt, all claims are allowed to egress as-is.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-EgressClaimsTransformationPolicy
+schemaFlagsEx: 1
+schemaIDGUID:: fkI3wXOaQLCRkBsJW7QyiA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Enabled-Feature,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Enabled-Feature
+attributeID: 1.2.840.113556.1.4.2061
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2168
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Enabled-Feature
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Enabled optional features.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-EnabledFeature
+schemaFlagsEx: 1
+schemaIDGUID:: r64GV0C5sk+8/FJoaDrZ/g==
+systemOnly: TRUE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Enabled-Feature-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Enabled-Feature-BL
+attributeID: 1.2.840.113556.1.4.2069
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2169
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Enabled-Feature-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Scopes where this optional feature is enabled.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-EnabledFeatureBL
+schemaFlagsEx: 1
+schemaIDGUID:: vAFbzsYXuESdwalmiwCQGw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Entry-Time-To-Die,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Entry-Time-To-Die
+attributeID: 1.2.840.113556.1.4.1622
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Entry-Time-To-Die
+adminDescription: ms-DS-Entry-Time-To-Die
+oMSyntax: 24
+searchFlags: 9
+lDAPDisplayName: msDS-Entry-Time-To-Die
+schemaFlagsEx: 1
+schemaIDGUID:: 17rp4d3GAUGoQ3lM7IWwOA==
+systemOnly: TRUE
+systemFlags: 24
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-ExecuteScriptPassword,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-ExecuteScriptPassword
+attributeID: 1.2.840.113556.1.4.1783
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-ExecuteScriptPassword
+adminDescription: ms-DS-ExecuteScriptPassword
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ExecuteScriptPassword
+schemaFlagsEx: 1
+schemaIDGUID:: WkoFnYfRwUadhULfxEpW3Q==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-External-Key,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-External-Key
+attributeID: 1.2.840.113556.1.4.1833
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 10000
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-External-Key
+adminDescription: 
+ A string to identifiy an object in an external store such as a record in a dat
+ abase.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ExternalKey
+schemaIDGUID:: KNUvuaw41ECBjQQzOAg3wQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-External-Store,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-External-Store
+attributeID: 1.2.840.113556.1.4.1834
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 10000
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-External-Store
+adminDescription: 
+ A string to identifiy the location of an external store such as a database.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ExternalStore
+schemaIDGUID:: zXdIYNucx0ewPT2q2wRJEA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Failed-Interactive-Logon-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Failed-Interactive-Logon-Count
+attributeID: 1.2.840.113556.1.4.1972
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-FailedInteractiveLogonCount
+adminDescription: 
+ The total number of failed interactive logons since this feature was turned on
+ .
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-FailedInteractiveLogonCount
+schemaFlagsEx: 1
+schemaIDGUID:: b6g83K1wYEmEJaTWMT2T3Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon
+attributeID: 1.2.840.113556.1.4.1973
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: 
+ ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon
+adminDescription: 
+ The total number of failed interactive logons up until the last successful C-A
+ -D logon.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon
+schemaFlagsEx: 1
+schemaIDGUID:: 5TTSxUpkA0SmZeJuCu9emA==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Filter-Containers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Filter-Containers
+attributeID: 1.2.840.113556.1.4.1703
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Filter-Containers
+adminDescription: ms-DS-Filter-Containers
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-FilterContainers
+schemaIDGUID:: 39wA+zesOkicEqxTpmAwMw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Generation-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Generation-Id
+attributeID: 1.2.840.113556.1.4.2166
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Generation-Id
+adminDescription: 
+ For virtual machine snapshot resuming detection. This attribute represents the
+  VM Generation ID.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-GenerationId
+schemaIDGUID:: PTldHreMT0uECpc7NswJww==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-GeoCoordinates-Altitude,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-GeoCoordinates-Altitude
+attributeID: 1.2.840.113556.1.4.2183
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-GeoCoordinates-Altitude
+adminDescription: ms-DS-GeoCoordinates-Altitude
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: msDS-GeoCoordinatesAltitude
+schemaIDGUID:: twMXoUFWnE2GPl+zMl504A==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-GeoCoordinates-Latitude,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-GeoCoordinates-Latitude
+attributeID: 1.2.840.113556.1.4.2184
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-GeoCoordinates-Latitude
+adminDescription: ms-DS-GeoCoordinates-Latitude
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: msDS-GeoCoordinatesLatitude
+schemaIDGUID:: TtRm3EM99UCFxTwS4WmSfg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-GeoCoordinates-Longitude,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-GeoCoordinates-Longitude
+attributeID: 1.2.840.113556.1.4.2185
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-GeoCoordinates-Longitude
+adminDescription: ms-DS-GeoCoordinates-Longitude
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: msDS-GeoCoordinatesLongitude
+schemaIDGUID:: ECHElOS66kyFd6+BOvXaJQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-GroupMSAMembership,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-GroupMSAMembership
+attributeID: 1.2.840.113556.1.4.2200
+attributeSyntax: 2.5.5.15
+isSingleValued: TRUE
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-GroupMSAMembership
+adminDescription: 
+ This attribute is used for access checks to determine if a requestor has permi
+ ssion to retrieve the password for a group MSA.
+oMSyntax: 66
+searchFlags: 0
+lDAPDisplayName: msDS-GroupMSAMembership
+schemaFlagsEx: 1
+schemaIDGUID:: 1u2OiATOQN+0YrilDkG6OA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-HAB-Seniority-Index,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-HAB-Seniority-Index
+attributeID: 1.2.840.113556.1.4.1997
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 36000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-HAB-Seniority-Index
+adminDescription: 
+ Contains the seniority index as applied by the organization where the person w
+ orks.
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: msDS-HABSeniorityIndex
+schemaIDGUID:: 8Un03jv9RUCYz9lljaeItQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Has-Domain-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Has-Domain-NCs
+attributeID: 1.2.840.113556.1.4.1820
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+rangeLower: 4
+rangeUpper: 4
+linkID: 2026
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Has-Domain-NCs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ DS replication information detailing the domain NCs present on a particular se
+ rver.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-HasDomainNCs
+schemaFlagsEx: 1
+schemaIDGUID:: R+MXb0KomES4sxXgB9pP7Q==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Has-Full-Replica-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Has-Full-Replica-NCs
+attributeID: 1.2.840.113556.1.4.1925
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2104
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Has-Full-Replica-NCs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a Directory instance (DSA), identifies the partitions held as full replica
+ s
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-hasFullReplicaNCs
+schemaFlagsEx: 1
+schemaIDGUID:: GC08HdBCaEiZ/g7KHm+p8w==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Has-Instantiated-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Has-Instantiated-NCs
+attributeID: 1.2.840.113556.1.4.1709
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+rangeLower: 4
+rangeUpper: 4
+linkID: 2002
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Has-Instantiated-NCs
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: 
+ DS replication information detailing the state of the NCs present on a particu
+ lar server.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-HasInstantiatedNCs
+schemaFlagsEx: 1
+schemaIDGUID:: vKXpERdFSUCvnFFVT7D8CQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Has-Master-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Has-Master-NCs
+attributeID: 1.2.840.113556.1.4.1836
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2036
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Has-Master-NCs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ A list of the naming contexts contained by a DC. Deprecates hasMasterNCs.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-hasMasterNCs
+schemaFlagsEx: 1
+schemaIDGUID:: 4uAtrtdZR02NR+1N/kNXrQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Host-Service-Account,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Host-Service-Account
+attributeID: 1.2.840.113556.1.4.2056
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2166
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Host-Service-Account
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Service Accounts configured to run on this computer.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-HostServiceAccount
+schemaFlagsEx: 1
+schemaIDGUID:: QxBkgKIV4UCSooyoZvcHdg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Host-Service-Account-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Host-Service-Account-BL
+attributeID: 1.2.840.113556.1.4.2057
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2167
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Host-Service-Account-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Service Accounts Back Link for linking machines associated with the service ac
+ count.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-HostServiceAccountBL
+schemaFlagsEx: 1
+schemaIDGUID:: 6+SrefOI50iJ1vS8fpjDMQ==
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Ingress-Claims-Transformation-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Ingress-Claims-Transformation-Policy
+attributeID: 1.2.840.113556.1.4.2191
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2190
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Ingress-Claims-Transformation-Policy
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This is a link to a Claims Transformation Policy Object for the ingress claims
+  (claims entering this forest) from the Trusted Domain. This is applicable onl
+ y for an outgoing or bidirectional Cross-Forest Trust. If this link is absent,
+  all the ingress claims are dropped.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-IngressClaimsTransformationPolicy
+schemaFlagsEx: 1
+schemaIDGUID:: CEwohm4MQBWLFXUUfSPSDQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Integer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Integer
+attributeID: 1.2.840.113556.1.4.1835
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-Integer
+adminDescription: An attribute for storing an integer.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-Integer
+schemaIDGUID:: 6kzGe07AGEOxAj4HKTcaZQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-IntId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-IntId
+attributeID: 1.2.840.113556.1.4.1716
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-IntId
+adminDescription: ms-DS-IntId
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDS-IntId
+schemaFlagsEx: 1
+schemaIDGUID:: aglgvEcbMEuId2Ask/VlMg==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Domain-For,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Domain-For
+attributeID: 1.2.840.113556.1.4.1933
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2027
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-Domain-For
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-DS-Has-Domain-NCs; for a partition root object, identifies whi
+ ch Directory instances (DSA) hold that partition as their primary domain
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-IsDomainFor
+schemaIDGUID:: KloV/+VE4E2DGBOliYjeTw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Enabled
+attributeID: 1.2.840.113556.1.4.2248
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-Enabled
+adminDescription: 
+ This attribute is used to enable or disable the user-device relationship.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-IsEnabled
+schemaIDGUID:: DlypIoMfgkyUzr6miM/IcQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Full-Replica-For,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Full-Replica-For
+attributeID: 1.2.840.113556.1.4.1932
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2105
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-Full-Replica-For
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-Ds-Has-Full-Replica-NCs; for a partition root object, identifi
+ es which Directory instances (DSA) hold that partition as a full replica
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-IsFullReplicaFor
+schemaIDGUID:: 4HK8yLSm8EiUpf12qIyZhw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Member-Of-DL-Transitive,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Member-Of-DL-Transitive
+attributeID: 1.2.840.113556.1.4.2236
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msds-memberOfTransitive
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: msds-memberOfTransitive
+oMSyntax: 127
+searchFlags: 2048
+lDAPDisplayName: msds-memberOfTransitive
+schemaIDGUID:: tmYhhkHJJ0eVZUi//ylB3g==
+systemOnly: TRUE
+systemFlags: 29
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Partial-Replica-For,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Partial-Replica-For
+attributeID: 1.2.840.113556.1.4.1934
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 75
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-Partial-Replica-For
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for has-Partial-Replica-NCs; for a partition root object, identifies 
+ which Directory instances (DSA) hold that partition as a partial replica
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-IsPartialReplicaFor
+schemaIDGUID:: 9k/JN9TGj0my+cb3+GR4CQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Possible-Values-Present,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Possible-Values-Present
+attributeID: 1.2.840.113556.1.4.2186
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-Possible-Values-Present
+adminDescription: 
+ This attribute identifies if ms-DS-Claim-Possible-Values on linked resource pr
+ operty must have value or must not have value.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-IsPossibleValuesPresent
+schemaFlagsEx: 1
+schemaIDGUID:: 2tyrb1OMTyCxpJ3wxnwetA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Primary-Computer-For,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Primary-Computer-For
+attributeID: 1.2.840.113556.1.4.2168
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2187
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-Primary-Computer-For
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Backlink atribute for msDS-IsPrimaryComputer.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-IsPrimaryComputerFor
+schemaIDGUID:: rAaMmYc/TkSl3xGwPcilDA==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Used-As-Resource-Security-Attribute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Used-As-Resource-Security-Attribute
+attributeID: 1.2.840.113556.1.4.2095
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-Used-As-Resource-Security-Attribute
+adminDescription: 
+ For a resource property, this attribute indicates whether it is being used as 
+ a secure attribute.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-IsUsedAsResourceSecurityAttribute
+schemaIDGUID:: nfjJUTBHjUaitR1JMhLRfg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-User-Cachable-At-Rodc,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-User-Cachable-At-Rodc
+attributeID: 1.2.840.113556.1.4.2025
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-User-Cachable-At-Rodc
+adminDescription: 
+ For a Read-Only Directory instance (DSA), Identifies whether the specified use
+ r's secrets are cachable.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-IsUserCachableAtRodc
+schemaFlagsEx: 1
+schemaIDGUID:: WiQB/h80VkWVH0jAM6iQUA==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-isGC,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-isGC
+attributeID: 1.2.840.113556.1.4.1959
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-isGC
+adminDescription: 
+ For a Directory instance (DSA), Identifies the state of the Global Catalog on 
+ the DSA
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-isGC
+schemaFlagsEx: 1
+schemaIDGUID:: M8/1HeUPnkmQ4elLQnGKRg==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-IsManaged,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-IsManaged
+attributeID: 1.2.840.113556.1.4.2270
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-IsManaged
+adminDescription: 
+ This attribute is used to indicate the device is managed by a on-premises MDM.
+oMSyntax: 1
+searchFlags: 1
+lDAPDisplayName: msDS-IsManaged
+schemaIDGUID:: zmpoYCds3kOk5fAML40zCQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-isRODC,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-isRODC
+attributeID: 1.2.840.113556.1.4.1960
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-isRODC
+adminDescription: 
+ For a Directory instance (DSA), Identifies whether the DSA is a Read-Only DSA
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-isRODC
+schemaFlagsEx: 1
+schemaIDGUID:: I6roqGc+8Uqdei8aHWM6yQ==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Issuer-Certificates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Issuer-Certificates
+attributeID: 1.2.840.113556.1.4.2240
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-IssuerCertificates
+adminDescription: 
+ The keys used to sign certificates issued by the Registration Service.
+oMSyntax: 4
+searchFlags: 128
+lDAPDisplayName: msDS-IssuerCertificates
+schemaIDGUID:: 2m89a5MIxEOJ+x+1KmYWqQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Issuer-Public-Certificates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Issuer-Public-Certificates
+attributeID: 1.2.840.113556.1.4.2269
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Issuer-Public-Certificates
+adminDescription: 
+ The public keys  of the keys used to sign certificates issued by the Registrat
+ ion Service.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-IssuerPublicCertificates
+schemaIDGUID:: /u3xtdK0dkCrD2FINCsL9g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-KeyVersionNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-KeyVersionNumber
+attributeID: 1.2.840.113556.1.4.1782
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-KeyVersionNumber
+adminDescription: 
+ The Kerberos version number of the current key for this account. This is a con
+ structed attribute.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-KeyVersionNumber
+schemaFlagsEx: 1
+schemaIDGUID:: wOkjxbUzyEqJI7V7kn9C9g==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-KrbTgt-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-KrbTgt-Link
+attributeID: 1.2.840.113556.1.4.1923
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2100
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-KrbTgt-Link
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a computer, Identifies the user object (krbtgt), acting as the domain or s
+ econdary domain master secret. Depends on which domain or secondary domain the
+  computer resides in.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-KrbTgtLink
+schemaFlagsEx: 1
+schemaIDGUID:: yfWPd05vdEuFataDgzE5EA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-KrbTgt-Link-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-KrbTgt-Link-BL
+attributeID: 1.2.840.113556.1.4.1931
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2101
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-KrbTgt-Link-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-DS-KrbTgt-Link; for a user object (krbtgt) acting as a domain 
+ or secondary domain master secret, identifies which computers are in that doma
+ in or secondary domain
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-KrbTgtLinkBl
+schemaFlagsEx: 1
+schemaIDGUID:: QYzWXd+/i0ObXTnZYYvyYA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Last-Failed-Interactive-Logon-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Last-Failed-Interactive-Logon-Time
+attributeID: 1.2.840.113556.1.4.1971
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-LastFailedInteractiveLogonTime
+adminDescription: 
+ The time that an incorrect password was presented during a C-A-D logon.
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-LastFailedInteractiveLogonTime
+schemaFlagsEx: 1
+schemaIDGUID:: +trnx8MQi0uazVTxEGN0Lg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Last-Known-RDN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Last-Known-RDN
+attributeID: 1.2.840.113556.1.4.2067
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Last-Known-RDN
+adminDescription: Holds original RDN of a deleted object.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-LastKnownRDN
+schemaFlagsEx: 1
+schemaIDGUID:: WFixij5obUaHf9ZA4fmmEQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Last-Successful-Interactive-Logon-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Last-Successful-Interactive-Logon-Time
+attributeID: 1.2.840.113556.1.4.1970
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-LastSuccessfulInteractiveLogonTime
+adminDescription: 
+ The time that the correct password was presented during a C-A-D logon.
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-LastSuccessfulInteractiveLogonTime
+schemaFlagsEx: 1
+schemaIDGUID:: 5ikZAV2LWEK2SgCwtJSXRw==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Local-Effective-Deletion-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Local-Effective-Deletion-Time
+attributeID: 1.2.840.113556.1.4.2059
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Local-Effective-Deletion-Time
+adminDescription: Deletion time of the object in the local DIT.
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: msDS-LocalEffectiveDeletionTime
+schemaFlagsEx: 1
+schemaIDGUID:: DIDylB9T60qXXUisOf2MpA==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Local-Effective-Recycle-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Local-Effective-Recycle-Time
+attributeID: 1.2.840.113556.1.4.2060
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Local-Effective-Recycle-Time
+adminDescription: Recycle time of the object in the local DIT.
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: msDS-LocalEffectiveRecycleTime
+schemaFlagsEx: 1
+schemaIDGUID:: awHWStKwm0yTtllksXuWjA==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Lockout-Duration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Lockout-Duration
+attributeID: 1.2.840.113556.1.4.2018
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeUpper: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lockout Duration
+adminDescription: Lockout duration for locked out user accounts
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-LockoutDuration
+schemaFlagsEx: 1
+schemaIDGUID:: mogfQi5H5E+OueHQvGBxsg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Lockout-Observation-Window,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Lockout-Observation-Window
+attributeID: 1.2.840.113556.1.4.2017
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeUpper: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lockout Observation Window
+adminDescription: Observation Window for lockout of user accounts
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-LockoutObservationWindow
+schemaFlagsEx: 1
+schemaIDGUID:: idpbsK92ika4khvlVVjsyA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Lockout-Threshold,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Lockout-Threshold
+attributeID: 1.2.840.113556.1.4.2019
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lockout Threshold
+adminDescription: Lockout threshold for lockout of user accounts
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-LockoutThreshold
+schemaFlagsEx: 1
+schemaIDGUID:: XsPIuBlKlUqZ0Gn+REYobw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Logon-Time-Sync-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Logon-Time-Sync-Interval
+attributeID: 1.2.840.113556.1.4.1784
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Logon-Time-Sync-Interval
+adminDescription: ms-DS-Logon-Time-Sync-Interval
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-LogonTimeSyncInterval
+schemaFlagsEx: 1
+schemaIDGUID:: +EB5rTrkQkqDvNaI5Z6mBQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Machine-Account-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Machine-Account-Quota
+attributeID: 1.2.840.113556.1.4.1411
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Machine-Account-Quota
+adminDescription: MS-DS-Machine-Account-Quota
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: ms-DS-MachineAccountQuota
+schemaFlagsEx: 1
+schemaIDGUID:: aPtk0IAU0xGRwQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-ManagedPassword,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-ManagedPassword
+attributeID: 1.2.840.113556.1.4.2196
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-ManagedPassword
+adminDescription: This attribute is the managed password data for a group MSA.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ManagedPassword
+schemaFlagsEx: 1
+schemaIDGUID:: hu1i4yi3QgiyfS3qep3yGA==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-ManagedPasswordId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-ManagedPasswordId
+attributeID: 1.2.840.113556.1.4.2197
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-ManagedPasswordId
+adminDescription: 
+ This attribute is the identifier for the current managed password data for a g
+ roup MSA.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ManagedPasswordId
+schemaFlagsEx: 1
+schemaIDGUID:: Wil4DtPGQAq0kdYiUf+gpg==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-ManagedPasswordInterval,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-ManagedPasswordInterval
+attributeID: 1.2.840.113556.1.4.2199
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-ManagedPasswordInterval
+adminDescription: 
+ This attribute is used to retrieve the number of days before a managed passwor
+ d is automatically changed for a group MSA.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-ManagedPasswordInterval
+schemaFlagsEx: 1
+schemaIDGUID:: 9451+HasQ4ii7qJrTcr0CQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-ManagedPasswordPreviousId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-ManagedPasswordPreviousId
+attributeID: 1.2.840.113556.1.4.2198
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-ManagedPasswordPreviousId
+adminDescription: 
+ This attribute is the identifier for the previous managed password data for a 
+ group MSA.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ManagedPasswordPreviousId
+schemaFlagsEx: 1
+schemaIDGUID:: MSHW0EotT9CZ2RxjZGIppA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Mastered-By,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Mastered-By
+attributeID: 1.2.840.113556.1.4.1837
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2037
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Mastered-By
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Back link for msDS-hasMasterNCs.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDs-masteredBy
+schemaFlagsEx: 1
+schemaIDGUID:: aUcjYBlIFUahsknS8RmstQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Max-Values,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Max-Values
+attributeID: 1.2.840.113556.1.4.1842
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Max-Values
+adminDescription: Max values allowed.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDs-MaxValues
+schemaIDGUID:: pGnh0enrv0mPy4rvOHRZLQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Maximum-Password-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Maximum-Password-Age
+attributeID: 1.2.840.113556.1.4.2011
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeUpper: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Maximum Password Age
+adminDescription: Maximum Password Age for user accounts
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-MaximumPasswordAge
+schemaFlagsEx: 1
+schemaIDGUID:: 9TfT/ZlJzk+yUo/5ybQ4dQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Maximum-Registration-Inactivity-Period,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Maximum-Registration-Inactivity-Period
+attributeID: 1.2.840.113556.1.4.2242
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Maximum-Registration-Inactivity-Period
+adminDescription: 
+ The maximum ammount of days used to detect inactivty of registration objects.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-MaximumRegistrationInactivityPeriod
+schemaIDGUID:: OapcCuYFykm4CAJbk2YQ5w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Member-Transitive,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Member-Transitive
+attributeID: 1.2.840.113556.1.4.2238
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msds-memberTransitive
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: msds-memberTransitive
+oMSyntax: 127
+searchFlags: 2048
+lDAPDisplayName: msds-memberTransitive
+schemaIDGUID:: WzkV4gSR2US4lDmeyeId/A==
+systemOnly: TRUE
+systemFlags: 29
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Members-For-Az-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Members-For-Az-Role
+attributeID: 1.2.840.113556.1.4.1806
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2016
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Members-For-Az-Role
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: List of member application groups or users linked to Az-Role
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-MembersForAzRole
+schemaFlagsEx: 1
+schemaIDGUID:: zeb3y6SFFEOJOYv+gFl4NQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Members-For-Az-Role-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Members-For-Az-Role-BL
+attributeID: 1.2.840.113556.1.4.1807
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2017
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Members-For-Az-Role-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Back-link from member application group or user to Az-Role object(s) linking t
+ o it
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-MembersForAzRoleBL
+schemaIDGUID:: IM3s7OCniEaczwLs5eKH9Q==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Members-Of-Resource-Property-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Members-Of-Resource-Property-List
+attributeID: 1.2.840.113556.1.4.2103
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2180
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Members-Of-Resource-Property-List
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a resource property list object, this multi-valued link attribute points t
+ o one or more resource property objects.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-MembersOfResourcePropertyList
+schemaIDGUID:: ERw3Ta1MQUyK0rGAqyvRPA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Members-Of-Resource-Property-List-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Members-Of-Resource-Property-List-BL
+attributeID: 1.2.840.113556.1.4.2104
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2181
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Members-Of-Resource-Property-List-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-DS-Members-Of-Resource-Property-List. For a resource property 
+ object, this attribute references the resource property list object that it is
+  a member of.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-MembersOfResourcePropertyListBL
+schemaIDGUID:: BLdpdLDtaEWlpVn0hix1pw==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Minimum-Password-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Minimum-Password-Age
+attributeID: 1.2.840.113556.1.4.2012
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeUpper: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Minimum Password Age
+adminDescription: Minimum Password Age for user accounts
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-MinimumPasswordAge
+schemaFlagsEx: 1
+schemaIDGUID:: ePh0KpxN+UmXs2dn0cvZow==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Minimum-Password-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Minimum-Password-Length
+attributeID: 1.2.840.113556.1.4.2013
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Minimum Password Length
+adminDescription: Minimum Password Length for user accounts
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-MinimumPasswordLength
+schemaFlagsEx: 1
+schemaIDGUID:: OTQbsjpMHES7XwjyDpsxXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-Repl-Cursors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-Repl-Cursors
+description: 
+ A list of past and present replication partners, and how up to date we are wit
+ h each of them.
+attributeID: 1.2.840.113556.1.4.1704
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-Repl-Cursors
+adminDescription: ms-DS-NC-Repl-Cursors
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-NCReplCursors
+schemaFlagsEx: 1
+schemaIDGUID:: 5HwWiuj560eNePf+gKuyzA==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-Repl-Inbound-Neighbors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-Repl-Inbound-Neighbors
+description: 
+ Replication partners for this partition.  This server obtains replication data
+  from these other servers, which act as sources.
+attributeID: 1.2.840.113556.1.4.1705
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-Repl-Inbound-Neighbors
+adminDescription: ms-DS-NC-Repl-Inbound-Neighbors
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-NCReplInboundNeighbors
+schemaFlagsEx: 1
+schemaIDGUID:: Wqjbnp4+G0ObGqW26e2nlg==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-Repl-Outbound-Neighbors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-Repl-Outbound-Neighbors
+description: 
+ Replication partners for this partition.  This server sends replication data t
+ o these other servers, which act as destinations. This server will notify thes
+ e other servers when new data is available.
+attributeID: 1.2.840.113556.1.4.1706
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-Repl-Outbound-Neighbors
+adminDescription: ms-DS-NC-Repl-Outbound-Neighbors
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-NCReplOutboundNeighbors
+schemaFlagsEx: 1
+schemaIDGUID:: 9S5fhcWhxEy6bTJSKEi2Hw==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-Replica-Locations,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-Replica-Locations
+attributeID: 1.2.840.113556.1.4.1661
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 1044
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-Replica-Locations
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This is a list of servers that are the replica set for the corresponding Non-D
+ omain Naming Context.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NC-Replica-Locations
+schemaFlagsEx: 1
+schemaIDGUID:: FZbelze1vEasDxByDzkJ8w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-RO-Replica-Locations,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-RO-Replica-Locations
+attributeID: 1.2.840.113556.1.4.1967
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2114
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-RO-Replica-Locations
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ a linked attribute on a cross ref object for a partition. This attribute lists
+  the DSA instances which should host the partition in a readonly manner.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NC-RO-Replica-Locations
+schemaFlagsEx: 1
+schemaIDGUID:: 35P3PViYF0SnAXNaHs6/dA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-RO-Replica-Locations-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-RO-Replica-Locations-BL
+attributeID: 1.2.840.113556.1.4.1968
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2115
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-RO-Replica-Locations-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: backlink attribute for ms-DS-NC-RO-Replica-Locations.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NC-RO-Replica-Locations-BL
+schemaIDGUID:: HFFH9SpbzESDWJkqiCWBZA==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-Type
+attributeID: 1.2.840.113556.1.4.2024
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-Type
+adminDescription: 
+ A bit field that maintains information about aspects of a NC replica that are 
+ relevant to replication.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-NcType
+schemaFlagsEx: 1
+schemaIDGUID:: 16wuWivMz0idmrbxoAJN6Q==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Never-Reveal-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Never-Reveal-Group
+attributeID: 1.2.840.113556.1.4.1926
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2106
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Never-Reveal-Group
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a Directory instance (DSA), identifies the security group whose users will
+  never have their secrets disclosed to that instance
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NeverRevealGroup
+schemaFlagsEx: 1
+schemaIDGUID:: mVlYFUn9Zk2yXe65arqBdA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Non-Members,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Non-Members
+attributeID: 1.2.840.113556.1.4.1793
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2014
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Non-Members
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: ms-DS-Non-Members
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NonMembers
+schemaFlagsEx: 1
+schemaIDGUID:: 3rH8yjzytUat9x5klXvV2w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Non-Members-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Non-Members-BL
+attributeID: 1.2.840.113556.1.4.1794
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2015
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Non-Members-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MS-DS-Non-Members-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NonMembersBL
+schemaIDGUID:: /GiMKno6h06HIP53xRy+dA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Non-Security-Group-Extra-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Non-Security-Group-Extra-Classes
+attributeID: 1.2.840.113556.1.4.1689
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Non-Security-Group-Extra-Classes
+adminDescription: ms-DS-Non-Security-Group-Extra-Classes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-Non-Security-Group-Extra-Classes
+schemaIDGUID:: /EThLVIfb0i99Bb8wwhOVA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Object-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Object-Reference
+attributeID: 1.2.840.113556.1.4.1840
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2038
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-Object-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ A link to the object that uses the data stored in the object that contains thi
+ s attribute.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ObjectReference
+schemaIDGUID:: 6MKOY+cinECF0hGyG+5y3g==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Object-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Object-Reference-BL
+attributeID: 1.2.840.113556.1.4.1841
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2039
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-Object-Reference-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Back link for ms-DS-Object-Reference.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ObjectReferenceBL
+schemaIDGUID:: FSVwK/fBO0uxSMDkxs7stA==
+systemOnly: TRUE
+systemFlags: 1
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-OIDToGroup-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-OIDToGroup-Link
+attributeID: 1.2.840.113556.1.4.2051
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2164
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-OIDToGroup-Link
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For an OID, identifies the group object corresponding to the issuance policy r
+ epresented by this OID.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-OIDToGroupLink
+schemaFlagsEx: 1
+schemaIDGUID:: fKXJ+UE5jUO+vw7a8qyhhw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-OIDToGroup-Link-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-OIDToGroup-Link-BL
+attributeID: 1.2.840.113556.1.4.2052
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2165
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-OIDToGroup-Link-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-DS-OIDToGroup-Link; identifies the issuance policy, represente
+ d by an OID object, which is mapped to this group.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-OIDToGroupLinkBl
+schemaFlagsEx: 1
+schemaIDGUID:: IA09GkRYmUGtJQ9QOadq2g==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Operations-For-Az-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Operations-For-Az-Role
+attributeID: 1.2.840.113556.1.4.1812
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2022
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Operations-For-Az-Role
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: List of operations linked to Az-Role
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-OperationsForAzRole
+schemaIDGUID:: vgH3k0z6tkO8L02+pxj/qw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Operations-For-Az-Role-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Operations-For-Az-Role-BL
+attributeID: 1.2.840.113556.1.4.1813
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2023
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Operations-For-Az-Role-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Back-link from Az-Operation to Az-Role object(s) linking to it
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-OperationsForAzRoleBL
+schemaIDGUID:: KGJb+DQ3JUW2tz87siCQLA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Operations-For-Az-Task,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Operations-For-Az-Task
+attributeID: 1.2.840.113556.1.4.1808
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2018
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Operations-For-Az-Task
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: List of operations linked to Az-Task
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-OperationsForAzTask
+schemaIDGUID:: NrSsGp0uqUSSmM5N6+tuvw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Operations-For-Az-Task-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Operations-For-Az-Task-BL
+attributeID: 1.2.840.113556.1.4.1809
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2019
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Operations-For-Az-Task-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Back-link from Az-Operation to Az-Task object(s) linking to it
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-OperationsForAzTaskBL
+schemaIDGUID:: EdI3pjlX0U6JsoiXRUi8WQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Optional-Feature-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Optional-Feature-Flags
+attributeID: 1.2.840.113556.1.4.2063
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Optional-Feature-Flags
+adminDescription: 
+ An integer value that contains flags that define behavior of an optional featu
+ re in Active Directory.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-OptionalFeatureFlags
+schemaFlagsEx: 1
+schemaIDGUID:: wWAFirmXEUidt9wGFZiWWw==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Optional-Feature-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Optional-Feature-GUID
+attributeID: 1.2.840.113556.1.4.2062
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Optional-Feature-GUID
+adminDescription: GUID of an optional feature.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-OptionalFeatureGUID
+schemaFlagsEx: 1
+schemaIDGUID:: qL2Im4LdmEmpHV8tK68ZJw==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Other-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Other-Settings
+attributeID: 1.2.840.113556.1.4.1621
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Other-Settings
+adminDescription: ms-DS-Other-Settings
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-Other-Settings
+schemaFlagsEx: 1
+schemaIDGUID:: TPPSeX2du0KDj4ZrPkQA4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Parent-Dist-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Parent-Dist-Name
+attributeID: 1.2.840.113556.1.4.2203
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Parent-Dist-Name
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: ms-DS-Parent-Dist-Name
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-parentdistname
+schemaIDGUID:: ff4YuRqXBPSeIZJhq+yXCw==
+systemOnly: TRUE
+systemFlags: 29
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Password-Complexity-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Password-Complexity-Enabled
+attributeID: 1.2.840.113556.1.4.2015
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Password Complexity Status
+adminDescription: Password complexity status for user accounts
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-PasswordComplexityEnabled
+schemaFlagsEx: 1
+schemaIDGUID:: SwVo28PJ8EuxWw+1JVKmEA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Password-History-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Password-History-Length
+attributeID: 1.2.840.113556.1.4.2014
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Password History Length
+adminDescription: Password History Length for user accounts
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-PasswordHistoryLength
+schemaFlagsEx: 1
+schemaIDGUID:: txvY/ox2L0yWQSJF3jR5TQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Password-Reversible-Encryption-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Password-Reversible-Encryption-Enabled
+attributeID: 1.2.840.113556.1.4.2016
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Password Reversible Encryption Status
+adminDescription: Password reversible encryption status for user accounts
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-PasswordReversibleEncryptionEnabled
+schemaFlagsEx: 1
+schemaIDGUID:: j93MdWyvh0S7S2nk04qVnA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Password-Settings-Precedence,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Password-Settings-Precedence
+attributeID: 1.2.840.113556.1.4.2023
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Password Settings Precedence
+adminDescription: Password Settings Precedence
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-PasswordSettingsPrecedence
+schemaFlagsEx: 1
+schemaIDGUID:: rHRjRQofF0aTz7xVp8nTQQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Per-User-Trust-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Per-User-Trust-Quota
+attributeID: 1.2.840.113556.1.4.1788
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Per-User-Trust-Quota
+adminDescription: 
+ Used to enforce a per-user quota for creating Trusted-Domain objects authorize
+ d by the control access right, "Create inbound Forest trust". This attribute l
+ imits the number of Trusted-Domain objects that can be created by a single non
+ -admin user in the domain.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-PerUserTrustQuota
+schemaFlagsEx: 1
+schemaIDGUID:: 8K1h0STKk0mjqossmBMC6A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Per-User-Trust-Tombstones-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Per-User-Trust-Tombstones-Quota
+attributeID: 1.2.840.113556.1.4.1790
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Per-User-Trust-Tombstones-Quota
+adminDescription: 
+ Used to enforce a per-user quota for deleting Trusted-Domain objects when auth
+ orization is based on matching the user's SID to the value of MS-DS-Creator-SI
+ D on the Trusted-Domain object.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-PerUserTrustTombstonesQuota
+schemaFlagsEx: 1
+schemaIDGUID:: xqZwi/lQo0+nHhzgMEBEmw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Phonetic-Company-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Phonetic-Company-Name
+attributeID: 1.2.840.113556.1.4.1945
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35985
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Phonetic-Company-Name
+adminDescription: Contains the phonetic company name where the person works.
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: msDS-PhoneticCompanyName
+schemaIDGUID:: jSDVW/TlrkalFFQ7ycR2WQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Phonetic-Department,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Phonetic-Department
+attributeID: 1.2.840.113556.1.4.1944
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35984
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Phonetic-Department
+adminDescription: 
+ Contains the phonetic department name where the person works.
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: msDS-PhoneticDepartment
+schemaIDGUID:: rz3VbD4A50mnAm+oluem7w==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Phonetic-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Phonetic-Display-Name
+attributeID: 1.2.840.113556.1.4.1946
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 256
+mAPIID: 35986
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Phonetic-Display-Name
+adminDescription: 
+ The phonetic display name of an object.  In the absence of a phonetic display 
+ name the existing display name is used.
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: msDS-PhoneticDisplayName
+schemaFlagsEx: 1
+schemaIDGUID:: 5JQa4mYt5UyzDQ74endv8A==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Phonetic-First-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Phonetic-First-Name
+attributeID: 1.2.840.113556.1.4.1942
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35982
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Phonetic-First-Name
+adminDescription: 
+ Contains the phonetic given name or first name of the person.
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: msDS-PhoneticFirstName
+schemaIDGUID:: TrocSy8wNEGsfPAfbHl4Qw==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Phonetic-Last-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Phonetic-Last-Name
+attributeID: 1.2.840.113556.1.4.1943
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35983
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Phonetic-Last-Name
+adminDescription: Contains the phonetic last name of the person.
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: msDS-PhoneticLastName
+schemaIDGUID:: 7OQX8jYIkEuIry9dS72ivA==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Preferred-GC-Site,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Preferred-GC-Site
+attributeID: 1.2.840.113556.1.4.1444
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Preferred-GC-Site
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: ms-DS-Prefered-GC-Site
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-Preferred-GC-Site
+schemaFlagsEx: 1
+schemaIDGUID:: CrUh2bIKzUKH9gnPg6kYVA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Primary-Computer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Primary-Computer
+attributeID: 1.2.840.113556.1.4.2167
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2186
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Primary-Computer
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a user or group object, identifies the primary computers.
+oMSyntax: 127
+searchFlags: 1
+lDAPDisplayName: msDS-PrimaryComputer
+schemaIDGUID:: 4vQ9obDb60yCi4suFD6egQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Principal-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Principal-Name
+attributeID: 1.2.840.113556.1.4.1865
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Principal-Name
+adminDescription: Account name for the security principal (constructed)
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-PrincipalName
+schemaFlagsEx: 1
+schemaIDGUID:: JZNOVlfQQ8GeO0+eXvRvkw==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Promotion-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Promotion-Settings
+attributeID: 1.2.840.113556.1.4.1962
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Promotion-Settings
+adminDescription: 
+ For a Computer, contains a XML string to be used for delegated DSA promotion
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-PromotionSettings
+schemaIDGUID:: 4rSByMBDvk65u1JQqptDTA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-PSO-Applied,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-PSO-Applied
+attributeID: 1.2.840.113556.1.4.2021
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2119
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Password settings object applied
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Password settings object applied to this object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-PSOApplied
+schemaFlagsEx: 1
+schemaIDGUID:: MfBsXqi9yEOspI/uQScAWw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-PSO-Applies-To,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-PSO-Applies-To
+attributeID: 1.2.840.113556.1.4.2020
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2118
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Password settings object applies to
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Links to objects that this password settings object applies to
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-PSOAppliesTo
+schemaIDGUID:: SA/IZNLNgUiobU6XtvVh/A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Quota-Amount,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Quota-Amount
+attributeID: 1.2.840.113556.1.4.1845
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Quota-Amount
+adminDescription: 
+ The assigned quota in terms of number of objects owned in the database.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-QuotaAmount
+schemaFlagsEx: 1
+schemaIDGUID:: DaC5+4w6M0Kc+XGJJkkDoQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Quota-Effective,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Quota-Effective
+attributeID: 1.2.840.113556.1.4.1848
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Quota-Effective
+adminDescription: 
+ The effective quota for a security principal computed from the assigned quotas
+  for a directory partition.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-QuotaEffective
+schemaFlagsEx: 1
+schemaIDGUID:: UrFVZhwQtEizR+H868YBVw==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Quota-Trustee,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Quota-Trustee
+attributeID: 1.2.840.113556.1.4.1844
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 28
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Quota-Trustee
+adminDescription: 
+ The SID of the security principal for which quota is being assigned.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-QuotaTrustee
+schemaFlagsEx: 1
+schemaIDGUID:: Bok3FqVOvkmo0b/UHf9PZQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Quota-Used,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Quota-Used
+attributeID: 1.2.840.113556.1.4.1849
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Quota-Used
+adminDescription: 
+ The current quota consumed by a security principal in the directory database.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-QuotaUsed
+schemaFlagsEx: 1
+schemaIDGUID:: CEOotV1ht0uwXy8XRqpDnw==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Registered-Owner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Registered-Owner
+attributeID: 1.2.840.113556.1.4.2258
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Registered-Owner
+adminDescription: 
+ Single valued binary attribute containing the primary SID referencing the firs
+ t user to register the device. The value is not removed during de-registration
+ , but could be managed by an administrator.
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDS-RegisteredOwner
+schemaIDGUID:: 6SZ2YesBz0KZH85heYIjfg==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Registered-Users,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Registered-Users
+attributeID: 1.2.840.113556.1.4.2263
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Registered-Users
+adminDescription:: 
+ Q29udGFpbnMgdGhlIGxpc3Qgb2YgdXNlcnMgdGhhdCBoYXZlIHJlZ2lzdGVyZWQgdGhlIGRldmljZS
+ 4gIFVzZXJzIGluIHRoaXMgbGlzdCBoYXZlIGFsbCBvZiB0aGUgZmVhdHVyZXMgcHJvdmlkZWQgYnkg
+ dGhlIO+/vUNvbXBhbnkgUG9ydGFs77+9IGFwcC4gIEFuZCB0aGV5IGhhdmUgU1NPIHRvIGNvbXBhbn
+ kgcmVzb3VyY2VzLg==
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDS-RegisteredUsers
+schemaIDGUID:: DBZJBI5ayE+wUgHA9uSPAg==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Registration-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Registration-Quota
+attributeID: 1.2.840.113556.1.4.2241
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Registration-Quota
+adminDescription: 
+ Policy used to limit the number of registrations allowed for a single user.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-RegistrationQuota
+schemaIDGUID:: woYyymQfeUCWvOYrYQ5zDw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Repl-Attribute-Meta-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Repl-Attribute-Meta-Data
+description: 
+ A list of metadata for each replicated attribute. The metadata indicates who c
+ hanged the attribute last.
+attributeID: 1.2.840.113556.1.4.1707
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Repl-Attribute-Meta-Data
+adminDescription: ms-DS-Repl-Attribute-Meta-Data
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ReplAttributeMetaData
+schemaFlagsEx: 1
+schemaIDGUID:: QjLF105yOUydTC34ydZseg==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Repl-Value-Meta-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Repl-Value-Meta-Data
+description: 
+ A list of metadata for each value of an attribute. The metadata indicates who 
+ changed the value last.
+attributeID: 1.2.840.113556.1.4.1708
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Repl-Value-Meta-Data
+adminDescription: ms-DS-Repl-Value-Meta-Data
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ReplValueMetaData
+schemaFlagsEx: 1
+schemaIDGUID:: RYFcL73hC0GJV4v6gdWs/Q==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Repl-Value-Meta-Data-Ext,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Repl-Value-Meta-Data-Ext
+attributeID: 1.2.840.113556.1.4.2235
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Repl-Value-Meta-Data-Ext
+adminDescription: ms-DS-Repl-Value-Meta-Data-Ext
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ReplValueMetaDataExt
+schemaIDGUID:: 79ICHq1EskamfZ/RjXgLyg==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Replicates-NC-Reason,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Replicates-NC-Reason
+attributeID: 1.2.840.113556.1.4.1408
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Replicates-NC-Reason
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: MS-DS-Replicates-NC-Reason
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mS-DS-ReplicatesNCReason
+schemaFlagsEx: 1
+schemaIDGUID:: hCuhDrMI0xGRvAAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Replication-Notify-First-DSA-Delay,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Replication-Notify-First-DSA-Delay
+attributeID: 1.2.840.113556.1.4.1663
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Replication-Notify-First-DSA-Delay
+adminDescription: 
+ This attribute controls the delay between changes to the DS, and notification 
+ of the first replica partner for an NC.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-Replication-Notify-First-DSA-Delay
+schemaFlagsEx: 1
+schemaIDGUID:: 9NSrhYkKSU697G81uyViug==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Replication-Notify-Subsequent-DSA-Delay,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Replication-Notify-Subsequent-DSA-Delay
+attributeID: 1.2.840.113556.1.4.1664
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Replication-Notify-Subsequent-DSA-Delay
+adminDescription: 
+ This attribute controls the delay between notification of each subsequent repl
+ ica partner for an NC.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-Replication-Notify-Subsequent-DSA-Delay
+schemaFlagsEx: 1
+schemaIDGUID:: hbM91pLdUkux2A0+zA6Gtg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-ReplicationEpoch,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-ReplicationEpoch
+attributeID: 1.2.840.113556.1.4.1720
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-ReplicationEpoch
+adminDescription: ms-DS-ReplicationEpoch
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-ReplicationEpoch
+schemaFlagsEx: 1
+schemaIDGUID:: earjCBzrtUWve4+UJGyOQQ==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Required-Domain-Behavior-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Required-Domain-Behavior-Version
+attributeID: 1.2.840.113556.1.4.2066
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Required-Domain-Behavior-Version
+adminDescription: Required domain function level for this feature.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-RequiredDomainBehaviorVersion
+schemaFlagsEx: 1
+schemaIDGUID:: /j3d6g6uwky5uV/ltu0t0g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Required-Forest-Behavior-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Required-Forest-Behavior-Version
+attributeID: 1.2.840.113556.1.4.2079
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Required-Forest-Behavior-Version
+adminDescription: Required forest function level for this feature.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-RequiredForestBehaviorVersion
+schemaFlagsEx: 1
+schemaIDGUID:: 6KLsS1OmskGP7nIVdUdL7A==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Resultant-PSO,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Resultant-PSO
+attributeID: 1.2.840.113556.1.4.2022
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Resultant password settings object applied
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Resultant password settings object applied to this object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ResultantPSO
+schemaFlagsEx: 1
+schemaIDGUID:: k6B+t9CIgEeamJEfjosdyg==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Retired-Repl-NC-Signatures,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Retired-Repl-NC-Signatures
+attributeID: 1.2.840.113556.1.4.1826
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Retired-Repl-NC-Signatures
+adminDescription: 
+ Information about naming contexts that are no longer held on this computer
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-RetiredReplNCSignatures
+schemaFlagsEx: 1
+schemaIDGUID:: BlWz1dYZJk2a+xE1esmbXg==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Reveal-OnDemand-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Reveal-OnDemand-Group
+attributeID: 1.2.840.113556.1.4.1928
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2110
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Reveal-OnDemand-Group
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a Directory instance (DSA), identifies the security group whose users may 
+ have their secrets disclosed to that instance
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-RevealOnDemandGroup
+schemaFlagsEx: 1
+schemaIDGUID:: Sp89MNYdOEuPxTOv6MmIrQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Revealed-DSAs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Revealed-DSAs
+attributeID: 1.2.840.113556.1.4.1930
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2103
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Revealed-DSAs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-DS-Revealed-Users; for a user, identifies which Directory inst
+ ances (DSA) hold that user's secret
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-RevealedDSAs
+schemaFlagsEx: 1
+schemaIDGUID:: rPL2lG3HXku3H/Myw+k8Ig==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Revealed-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Revealed-List
+attributeID: 1.2.840.113556.1.4.1940
+attributeSyntax: 2.5.5.14
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Revealed-List
+oMObjectClass:: KoZIhvcUAQEBDA==
+adminDescription: 
+ For a Directory instance (DSA), Identifies the user objects whose secrets have
+  been disclosed to that instance
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-RevealedList
+schemaFlagsEx: 1
+schemaIDGUID:: HNHay+x/ezhiGToGJ9mvgQ==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Revealed-List-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Revealed-List-BL
+attributeID: 1.2.840.113556.1.4.1975
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Revealed-List-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: backlink attribute for ms-DS-Revealed-List.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-RevealedListBL
+schemaFlagsEx: 1
+schemaIDGUID:: /Ygcqvawn0Kyyp2QImboCA==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Revealed-Users,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Revealed-Users
+attributeID: 1.2.840.113556.1.4.1924
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+linkID: 2102
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Revealed-Users
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: 
+ For a Directory instance (DSA), Identifies the user objects whose secrets have
+  been disclosed to that instance
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-RevealedUsers
+schemaFlagsEx: 1
+schemaIDGUID:: IXhcGEk3OkS9aiiImQca2w==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-RID-Pool-Allocation-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-RID-Pool-Allocation-Enabled
+attributeID: 1.2.840.113556.1.4.2213
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-RID-Pool-Allocation-Enabled
+adminDescription: 
+ This attribute indicates whether RID pool allocation is enabled or not.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-RIDPoolAllocationEnabled
+schemaFlagsEx: 1
+schemaIDGUID:: jHyXJLfBQDO09is3XrcR1w==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-ds-Schema-Extensions,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-ds-Schema-Extensions
+attributeID: 1.2.840.113556.1.4.1440
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-ds-Schema-Extensions
+adminDescription: ms-ds-Schema-Extensions
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDs-Schema-Extensions
+schemaIDGUID:: vmGaswftq0yaSklj7QFB4Q==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-SD-Reference-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-SD-Reference-Domain
+attributeID: 1.2.840.113556.1.4.1711
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-SD-Reference-Domain
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ The domain to be used for default security descriptor translation for a Non-Do
+ main Naming Context.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-SDReferenceDomain
+schemaFlagsEx: 1
+schemaIDGUID:: FuNRTCj2pUOwa/+2lfy08w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Secondary-KrbTgt-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Secondary-KrbTgt-Number
+attributeID: 1.2.840.113556.1.4.1929
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 65536
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Secondary-KrbTgt-Number
+adminDescription: 
+ For a user object (krbtgt), acting as a secondary domain master secret, identi
+ fies the protocol identification number associated with the secondary domain.
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: msDS-SecondaryKrbTgtNumber
+schemaFlagsEx: 1
+schemaIDGUID:: EmYVqpYjfkataijSP9sYZQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Security-Group-Extra-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Security-Group-Extra-Classes
+attributeID: 1.2.840.113556.1.4.1688
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Security-Group-Extra-Classes
+adminDescription: ms-DS-Security-Group-Extra-Classes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-Security-Group-Extra-Classes
+schemaIDGUID:: 6GoUT/6kAUinMfUYSKT05A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Service-Allowed-To-Authenticate-From,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Service-Allowed-To-Authenticate-From
+attributeID: 1.2.840.113556.1.4.2283
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Service-Allowed-To-Authenticate-From
+adminDescription: 
+ This attribute is used to determine if a service has permission to authenticat
+ e from a computer.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ServiceAllowedToAuthenticateFrom
+schemaIDGUID:: mnDalxY3Zkmx0YOLpTw9iQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Service-Allowed-To-Authenticate-To,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Service-Allowed-To-Authenticate-To
+attributeID: 1.2.840.113556.1.4.2282
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Service-Allowed-To-Authenticate-To
+adminDescription: 
+ This attribute is used to determine if a service has permission to authenticat
+ e to a service.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ServiceAllowedToAuthenticateTo
+schemaIDGUID:: MTGX8k2bIEi03gR07zuEnw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Service-AuthN-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Service-AuthN-Policy
+attributeID: 1.2.840.113556.1.4.2293
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2210
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service Authentication Policy
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute specifies which AuthNPolicy should be applied to services assig
+ ned to this silo object.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ServiceAuthNPolicy
+schemaIDGUID:: lW1qKs4o7km7JG0fwB4xEQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Service-AuthN-Policy-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Service-AuthN-Policy-BL
+attributeID: 1.2.840.113556.1.4.2294
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2211
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service Authentication Policy Backlink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: This attribute is the backlink for msDS-ServiceAuthNPolicy.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ServiceAuthNPolicyBL
+schemaIDGUID:: 7CgRLKJao0KzLfCXnKn80g==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Service-TGT-Lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Service-TGT-Lifetime
+attributeID: 1.2.840.113556.1.4.2284
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service TGT Lifetime
+adminDescription: 
+ This attribute specifies the maximum age of a Kerberos TGT issued to a service
+  in units of 10^(-7) seconds.
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-ServiceTGTLifetime
+schemaIDGUID:: IDz+XSnKfUCbq4Qh5V63XA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Settings
+attributeID: 1.2.840.113556.1.4.1697
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 1000000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Settings
+adminDescription: ms-DS-Settings
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-Settings
+schemaIDGUID:: 10cbDqNASEuNG0ysDBzfIQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Site-Affinity,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Site-Affinity
+attributeID: 1.2.840.113556.1.4.1443
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Site-Affinity
+adminDescription: ms-DS-Site-Affinity
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDS-Site-Affinity
+schemaFlagsEx: 1
+schemaIDGUID:: AlZ8wbe88EaWVmNwyohLcg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-SiteName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-SiteName
+attributeID: 1.2.840.113556.1.4.1961
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-SiteName
+adminDescription: 
+ For a Directory instance (DSA), Identifies the site name that contains the DSA
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-SiteName
+schemaFlagsEx: 1
+schemaIDGUID:: bfOnmJU1ikSeb2uJZbrtnA==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Source-Object-DN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Source-Object-DN
+attributeID: 1.2.840.113556.1.4.1879
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 10240
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Source-Object-DN
+adminDescription: 
+ The string representation of the DN of the object in another forest that corre
+ sponds to this object.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-SourceObjectDN
+schemaIDGUID:: r5M+d7TT1Eiz+QZFdgLT0A==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-SPN-Suffixes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-SPN-Suffixes
+attributeID: 1.2.840.113556.1.4.1715
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-SPN-Suffixes
+adminDescription: ms-DS-SPN-Suffixes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-SPNSuffixes
+schemaFlagsEx: 1
+schemaIDGUID:: 6+GeeI6MTE6M7HmzG3YXtQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Supported-Encryption-Types,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Supported-Encryption-Types
+attributeID: 1.2.840.113556.1.4.1963
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-SupportedEncryptionTypes
+adminDescription: 
+ The encryption algorithms supported by user, computer or trust accounts. The K
+ DC uses this information while generating a service ticket for this account. S
+ ervices/Computers may automatically update this attribute on their respective 
+ accounts in Active Directory, and therefore need write access to this attribut
+ e.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-SupportedEncryptionTypes
+schemaFlagsEx: 1
+schemaIDGUID:: Z5gRIAQdt0qTcc/D1d8K/Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-SyncServerUrl,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-SyncServerUrl
+attributeID: 1.2.840.113556.1.4.2276
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 512
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-SyncServerUrl
+adminDescription: 
+ Use this attribute to store the sync server (Url format) which hosts the user 
+ sync folder
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-SyncServerUrl
+schemaIDGUID:: 0sOst3QqpE+sJeY/6LYSGA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Tasks-For-Az-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Tasks-For-Az-Role
+attributeID: 1.2.840.113556.1.4.1814
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Tasks-For-Az-Role
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: List of tasks for Az-Role
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-TasksForAzRole
+schemaIDGUID:: gpAxNUqMRkaThsKUnUmJTQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Tasks-For-Az-Role-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Tasks-For-Az-Role-BL
+attributeID: 1.2.840.113556.1.4.1815
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2025
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Tasks-For-Az-Role-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Back-link from Az-Task to Az-Role object(s) linking to it
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-TasksForAzRoleBL
+schemaIDGUID:: NtXcoFhR/kKMQMAKetN5WQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Tasks-For-Az-Task,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Tasks-For-Az-Task
+attributeID: 1.2.840.113556.1.4.1810
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2020
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Tasks-For-Az-Task
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: List of tasks linked to Az-Task
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-TasksForAzTask
+schemaIDGUID:: 4o4csc1fp0aV8PODM/CWzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Tasks-For-Az-Task-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Tasks-For-Az-Task-BL
+attributeID: 1.2.840.113556.1.4.1811
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2021
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Tasks-For-Az-Task-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Back-link from Az-Task to the Az-Task object(s) linking to it
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-TasksForAzTaskBL
+schemaIDGUID:: Um5E3/q1okykLxP5ilJsjw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-TDO-Egress-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-TDO-Egress-BL
+attributeID: 1.2.840.113556.1.4.2194
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2193
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-TDO-Egress-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Backlink to TDO Egress rules link on object.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-TDOEgressBL
+schemaFlagsEx: 1
+schemaIDGUID:: KWIA1ROZQiKLF4N2HR4OWw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-TDO-Ingress-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-TDO-Ingress-BL
+attributeID: 1.2.840.113556.1.4.2193
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2191
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-TDO-Ingress-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Backlink to TDO Ingress rules link on object.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-TDOIngressBL
+schemaFlagsEx: 1
+schemaIDGUID:: oWFWWsaXS1SAVuQw/nvFVA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Tombstone-Quota-Factor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Tombstone-Quota-Factor
+attributeID: 1.2.840.113556.1.4.1847
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 100
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Tombstone-Quota-Factor
+adminDescription: 
+ The percentage factor by which tombstone object count should be reduced for th
+ e purpose of quota accounting.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-TombstoneQuotaFactor
+schemaFlagsEx: 1
+schemaIDGUID:: 10QXRrbzukWHU/uVUqXfMg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Top-Quota-Usage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Top-Quota-Usage
+attributeID: 1.2.840.113556.1.4.1850
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Top-Quota-Usage
+adminDescription: 
+ The list of top quota users ordered by decreasing quota usage currently in the
+  directory database.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-TopQuotaUsage
+schemaFlagsEx: 1
+schemaIDGUID:: T858e/Xxtku36yNQSvGedQ==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Transformation-Rules,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Transformation-Rules
+attributeID: 1.2.840.113556.1.4.2189
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Transformation-Rules
+adminDescription: 
+ Specifies the Transformation Rules for Cross-Forest Claims Transformation.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-TransformationRules
+schemaFlagsEx: 1
+schemaIDGUID:: cSuHVbLESDuuUUCV+R7GAA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Transformation-Rules-Compiled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Transformation-Rules-Compiled
+attributeID: 1.2.840.113556.1.4.2190
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Transformation-Rules-Compiled
+adminDescription: Blob containing compiled transformation rules.
+oMSyntax: 4
+searchFlags: 128
+lDAPDisplayName: msDS-TransformationRulesCompiled
+schemaFlagsEx: 1
+schemaIDGUID:: EJq0C2tTTbyicwurDdS9EA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Trust-Forest-Trust-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Trust-Forest-Trust-Info
+attributeID: 1.2.840.113556.1.4.1702
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Trust-Forest-Trust-Info
+adminDescription: ms-DS-Trust-Forest-Trust-Info
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-TrustForestTrustInfo
+schemaFlagsEx: 1
+schemaIDGUID:: bobMKdNJaUmULh28CSXRgw==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-UpdateScript,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-UpdateScript
+attributeID: 1.2.840.113556.1.4.1721
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-UpdateScript
+adminDescription: ms-DS-UpdateScript
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-UpdateScript
+schemaFlagsEx: 1
+schemaIDGUID:: ObZuFJ+7wU+oJeKeAMd5IA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-User-Account-Control-Computed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-User-Account-Control-Computed
+attributeID: 1.2.840.113556.1.4.1460
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-User-Account-Control-Computed
+adminDescription: ms-DS-User-Account-Control-Computed
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-User-Account-Control-Computed
+schemaFlagsEx: 1
+schemaIDGUID:: NrjELD+2QEmNI+p6zwavVg==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-User-Allowed-To-Authenticate-From,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-User-Allowed-To-Authenticate-From
+attributeID: 1.2.840.113556.1.4.2278
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-User-Allowed-To-Authenticate-From
+adminDescription: 
+ This attribute is used to determine if a user has permission to authenticate f
+ rom a computer.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-UserAllowedToAuthenticateFrom
+schemaIDGUID:: AJZMLOGwfUSN2nSQIle9tQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-User-Allowed-To-Authenticate-To,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-User-Allowed-To-Authenticate-To
+attributeID: 1.2.840.113556.1.4.2277
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-User-Allowed-To-Authenticate-To
+adminDescription: 
+ This attribute is used to determine if a user has permission to authenticate t
+ o a service.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-UserAllowedToAuthenticateTo
+schemaIDGUID:: f6oM3k5yhkKxeRkmce/GZA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-User-AuthN-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-User-AuthN-Policy
+attributeID: 1.2.840.113556.1.4.2289
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2206
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User Authentication Policy
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute specifies which AuthNPolicy should be applied to users assigned
+  to this silo object.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-UserAuthNPolicy
+schemaIDGUID:: 87kmzRXUKkSPeHxhUj7pWw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-User-AuthN-Policy-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-User-AuthN-Policy-BL
+attributeID: 1.2.840.113556.1.4.2290
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2207
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User Authentication Policy Backlink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: This attribute is the backlink for msDS-UserAuthNPolicy.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-UserAuthNPolicyBL
+schemaIDGUID:: qfoXL0ddH0uXfqpS+r5lyA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-User-Password-Expiry-Time-Computed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-User-Password-Expiry-Time-Computed
+attributeID: 1.2.840.113556.1.4.1996
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-User-Password-Expiry-Time-Computed
+adminDescription: Contains the expiry time for the user's current password
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-UserPasswordExpiryTimeComputed
+schemaFlagsEx: 1
+schemaIDGUID:: EM/VrQl7SUSa5iU0FI+Kcg==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-User-TGT-Lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-User-TGT-Lifetime
+attributeID: 1.2.840.113556.1.4.2279
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User TGT Lifetime
+adminDescription: 
+ This attribute specifies the maximum age of a Kerberos TGT issued to a user in
+  units of 10^(-7) seconds.
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-UserTGTLifetime
+schemaIDGUID:: g8khhZn1D0K5q7EiK9+VwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-USN-Last-Sync-Success,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-USN-Last-Sync-Success
+attributeID: 1.2.840.113556.1.4.2055
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-USN-Last-Sync-Success
+adminDescription: 
+ The USN at which the last successful replication synchronization occurred.
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-USNLastSyncSuccess
+schemaFlagsEx: 1
+schemaIDGUID:: trj3MfjJLU+je1ioIwMDMQ==
+systemOnly: FALSE
+systemFlags: 25
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Value-Type-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Value-Type-Reference
+attributeID: 1.2.840.113556.1.4.2187
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2188
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Value-Type-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute is used to link a resource property object to its value type.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ValueTypeReference
+schemaFlagsEx: 1
+schemaIDGUID:: hF38eNzBSDGJhFj3ktQdPg==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Value-Type-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Value-Type-Reference-BL
+attributeID: 1.2.840.113556.1.4.2188
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2189
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Value-Type-Reference-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This is the back link for ms-DS-Value-Type-Reference. It links a value type ob
+ ject back to resource properties.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ValueTypeReferenceBL
+schemaFlagsEx: 1
+schemaIDGUID:: rUNVq6EjRTu5N5sxPVR0qA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Exch-Assistant-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Exch-Assistant-Name
+attributeID: 1.2.840.113556.1.2.444
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+mAPIID: 14896
+adminDisplayName: ms-Exch-Assistant-Name
+adminDescription: ms-Exch-Assistant-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msExchAssistantName
+schemaIDGUID:: lHPfqOrF0RG7ywCAx2ZwwA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Exch-House-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Exch-House-Identifier
+attributeID: 1.2.840.113556.1.2.596
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 35924
+adminDisplayName: ms-Exch-House-Identifier
+adminDescription: ms-Exch-House-Identifier
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msExchHouseIdentifier
+schemaIDGUID:: B3TfqOrF0RG7ywCAx2ZwwA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Exch-LabeledURI,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Exch-LabeledURI
+attributeID: 1.2.840.113556.1.2.593
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 1024
+mAPIID: 35921
+adminDisplayName: ms-Exch-LabeledURI
+adminDescription: ms-Exch-LabeledURI
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msExchLabeledURI
+schemaIDGUID:: IFh3FvNH0RGpwwAA+ANnwQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Exch-Owner-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Exch-Owner-BL
+attributeID: 1.2.840.113556.1.2.104
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 45
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Exch-Owner-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: ms-Exch-Owner-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ownerBL
+schemaIDGUID:: 9HmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FRS-Hub-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-FRS-Hub-Member
+attributeID: 1.2.840.113556.1.4.1693
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 1046
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-FRS-Hub-Member
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: ms-FRS-Hub-Member
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msFRS-Hub-Member
+schemaIDGUID:: gf9DVrY1qUyVErrwvQoncg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FRS-Topology-Pref,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-FRS-Topology-Pref
+attributeID: 1.2.840.113556.1.4.1692
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-FRS-Topology-Pref
+adminDescription: ms-FRS-Topology-Pref
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msFRS-Topology-Pref
+schemaIDGUID:: 4CeqklBcLUCewe6Efe+XiA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FVE-KeyPackage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-FVE-KeyPackage
+attributeID: 1.2.840.113556.1.4.1999
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 102400
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FVE-KeyPackage
+adminDescription: 
+ This attribute contains a volume's BitLocker encryption key secured by the cor
+ responding recovery password. Full Volume Encryption (FVE) was the pre-release
+  name for BitLocker Drive Encryption.
+oMSyntax: 4
+searchFlags: 664
+lDAPDisplayName: msFVE-KeyPackage
+schemaIDGUID:: qF7VH6eI3EeBKQ2qlxhqVA==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FVE-RecoveryGuid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-FVE-RecoveryGuid
+attributeID: 1.2.840.113556.1.4.1965
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FVE-RecoveryGuid
+adminDescription: 
+ This attribute contains the GUID associated with a BitLocker recovery password
+ . Full Volume Encryption (FVE) was the pre-release name for BitLocker Drive En
+ cryption.
+oMSyntax: 4
+searchFlags: 27
+lDAPDisplayName: msFVE-RecoveryGuid
+schemaIDGUID:: vAlp93jmoEews/hqAETAbQ==
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FVE-RecoveryPassword,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-FVE-RecoveryPassword
+attributeID: 1.2.840.113556.1.4.1964
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FVE-RecoveryPassword
+adminDescription: 
+ This attribute contains a password that can recover a BitLocker-encrypted volu
+ me. Full Volume Encryption (FVE) was the pre-release name for BitLocker Drive 
+ Encryption.
+oMSyntax: 64
+searchFlags: 664
+lDAPDisplayName: msFVE-RecoveryPassword
+schemaIDGUID:: wRoGQ63IzEy3hSv6wg/GCg==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FVE-VolumeGuid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-FVE-VolumeGuid
+attributeID: 1.2.840.113556.1.4.1998
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FVE-VolumeGuid
+adminDescription: 
+ This attribute contains the GUID associated with a BitLocker-supported disk vo
+ lume. Full Volume Encryption (FVE) was the pre-release name for BitLocker Driv
+ e Encryption.
+oMSyntax: 4
+searchFlags: 27
+lDAPDisplayName: msFVE-VolumeGuid
+schemaIDGUID:: z6Xlhe7cdUCc/aydtqLyRQ==
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-ieee-80211-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-ieee-80211-Data
+attributeID: 1.2.840.113556.1.4.1821
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-ieee-80211-Data
+adminDescription: 
+ Stores list of preferred network configurations for Group Policy for Wireless
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msieee80211-Data
+schemaIDGUID:: OAkNDlgmgEWp9noKx7Vmyw==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-ieee-80211-Data-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-ieee-80211-Data-Type
+attributeID: 1.2.840.113556.1.4.1822
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-ieee-80211-Data-Type
+adminDescription: internally used data type for msieee80211-Data blob
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msieee80211-DataType
+schemaIDGUID:: gLFYZdo1/k6+7VIfj0jK+w==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-ieee-80211-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-ieee-80211-ID
+attributeID: 1.2.840.113556.1.4.1823
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-ieee-80211-ID
+adminDescription: an indentifier used for wireless policy object on AD
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msieee80211-ID
+schemaIDGUID:: de9zf8kUI0yB3t0HoG+eiw==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-IIS-FTP-Dir,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-IIS-FTP-Dir
+attributeID: 1.2.840.113556.1.4.1786
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-IIS-FTP-Dir
+adminDescription: Relative user directory on an FTP Root share.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msIIS-FTPDir
+schemaIDGUID:: 6ZlcijAi60a46OWdcS657g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-IIS-FTP-Root,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-IIS-FTP-Root
+attributeID: 1.2.840.113556.1.4.1785
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-IIS-FTP-Root
+adminDescription: Virtual FTP Root where user home directory resides.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msIIS-FTPRoot
+schemaIDGUID:: pCd4KoMUpUmdhFLjgSFWtA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Imaging-Hash-Algorithm,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Imaging-Hash-Algorithm
+attributeID: 1.2.840.113556.1.4.2181
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Imaging-Hash-Algorithm
+adminDescription: 
+ Contains the name of the hash algorithm used to create the Thumbprint Hash for
+  the Scan Repository/Secure Print Device.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msImaging-HashAlgorithm
+schemaIDGUID:: tQ3nigZklkGS/vO7VXUgpw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Imaging-PSP-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Imaging-PSP-Identifier
+attributeID: 1.2.840.113556.1.4.2053
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Imaging-PSP-Identifier
+adminDescription: 
+ Schema Attribute that contains the unique identifier for this PostScan Process
+ .
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msImaging-PSPIdentifier
+schemaIDGUID:: 6TxYUfqUEku5kDBMNbGFlQ==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Imaging-PSP-String,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Imaging-PSP-String
+attributeID: 1.2.840.113556.1.4.2054
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 524288
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Imaging-PSP-String
+adminDescription: 
+ Schema Attribute that contains the XML sequence for this PostScan Process.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msImaging-PSPString
+schemaIDGUID:: rmBne+3WpkS2vp3mLAnsZw==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Imaging-Thumbprint-Hash,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Imaging-Thumbprint-Hash
+attributeID: 1.2.840.113556.1.4.2180
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Imaging-Thumbprint-Hash
+adminDescription: 
+ Contains a hash of the security certificate for the Scan Repository/Secure Pri
+ nt Device.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msImaging-ThumbprintHash
+schemaIDGUID:: xdvfnAQDaUWV9sT2Y/5a5g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-CreateTime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-CreateTime
+attributeID: 1.2.840.113556.1.4.2179
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-CreateTime
+adminDescription: The time when this root key was created.
+oMSyntax: 65
+searchFlags: 640
+lDAPDisplayName: msKds-CreateTime
+schemaIDGUID:: nxEYrpBjRQCzLZfbxwGu9w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-DomainID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-DomainID
+attributeID: 1.2.840.113556.1.4.2177
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-DomainID
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Distinguished name of the Domain Controller which generated this root key.
+oMSyntax: 127
+searchFlags: 640
+lDAPDisplayName: msKds-DomainID
+schemaIDGUID:: ggRAlgfPTOmQ6PLvxPBJXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-KDF-AlgorithmID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-KDF-AlgorithmID
+attributeID: 1.2.840.113556.1.4.2169
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 200
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-KDF-AlgorithmID
+adminDescription: 
+ The algorithm name of the key derivation function used to compute keys.
+oMSyntax: 64
+searchFlags: 640
+lDAPDisplayName: msKds-KDFAlgorithmID
+schemaIDGUID:: skgs203RTuyfWK1XnYtEDg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-KDF-Param,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-KDF-Param
+attributeID: 1.2.840.113556.1.4.2170
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 2000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-KDF-Param
+adminDescription: Parameters for the key derivation algorithm.
+oMSyntax: 4
+searchFlags: 640
+lDAPDisplayName: msKds-KDFParam
+schemaIDGUID:: cgeAirj0TxW0HC5Cce/3pw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-PrivateKey-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-PrivateKey-Length
+attributeID: 1.2.840.113556.1.4.2174
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-PrivateKey-Length
+adminDescription: The length of the secret agreement private key.
+oMSyntax: 2
+searchFlags: 640
+lDAPDisplayName: msKds-PrivateKeyLength
+schemaIDGUID:: oUJfYec3SBGg3TAH4Jz8gQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-PublicKey-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-PublicKey-Length
+attributeID: 1.2.840.113556.1.4.2173
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-PublicKey-Length
+adminDescription: The length of the secret agreement public key.
+oMSyntax: 2
+searchFlags: 640
+lDAPDisplayName: msKds-PublicKeyLength
+schemaIDGUID:: cPQ44805SUWrW/afnlg/4A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-RootKeyData,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-RootKeyData
+attributeID: 1.2.840.113556.1.4.2175
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-RootKeyData
+adminDescription: Root key.
+oMSyntax: 4
+searchFlags: 640
+lDAPDisplayName: msKds-RootKeyData
+schemaIDGUID:: J3xiJqIIQAqhsY3OhbQpkw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-SecretAgreement-AlgorithmID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-SecretAgreement-AlgorithmID
+attributeID: 1.2.840.113556.1.4.2171
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 200
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-SecretAgreement-AlgorithmID
+adminDescription: 
+ The name of the secret agreement algorithm to be used with public keys.
+oMSyntax: 64
+searchFlags: 640
+lDAPDisplayName: msKds-SecretAgreementAlgorithmID
+schemaIDGUID:: XZcCF14iSsuxXQ2uqLXpkA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-SecretAgreement-Param,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-SecretAgreement-Param
+attributeID: 1.2.840.113556.1.4.2172
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 2000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-SecretAgreement-Param
+adminDescription: The parameters for the secret agreement algorithm.
+oMSyntax: 4
+searchFlags: 640
+lDAPDisplayName: msKds-SecretAgreementParam
+schemaIDGUID:: 2ZmwMP7tSXW4B+ukRNp56Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-UseStartTime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-UseStartTime
+attributeID: 1.2.840.113556.1.4.2178
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-UseStartTime
+adminDescription: The time after which this root key may be used.
+oMSyntax: 65
+searchFlags: 640
+lDAPDisplayName: msKds-UseStartTime
+schemaIDGUID:: fwTcbCL1SreanNlayM39og==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-Version
+attributeID: 1.2.840.113556.1.4.2176
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-Version
+adminDescription: Version number of this root key.
+oMSyntax: 2
+searchFlags: 640
+lDAPDisplayName: msKds-Version
+schemaIDGUID:: QHPw1bDmSh6Xvg0zGL2dsQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-80211-GP-PolicyData,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-net-ieee-80211-GP-PolicyData
+attributeID: 1.2.840.113556.1.4.1952
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 4194304
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-80211-GP-PolicyData
+adminDescription: 
+ This attribute contains all of the settings and data which comprise a group po
+ licy configuration for 802.11 wireless networks.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ms-net-ieee-80211-GP-PolicyData
+schemaIDGUID:: pZUUnHZNjkaZHhQzsKZ4VQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-80211-GP-PolicyGUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-net-ieee-80211-GP-PolicyGUID
+attributeID: 1.2.840.113556.1.4.1951
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-80211-GP-PolicyGUID
+adminDescription: 
+ This attribute contains a GUID which identifies a specific 802.11 group policy
+  object on the domain.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ms-net-ieee-80211-GP-PolicyGUID
+schemaIDGUID:: YnBpNa8ei0SsHjiOC+T97g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-80211-GP-PolicyReserved,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-net-ieee-80211-GP-PolicyReserved
+attributeID: 1.2.840.113556.1.4.1953
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 4194304
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-80211-GP-PolicyReserved
+adminDescription: Reserved for future use
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: ms-net-ieee-80211-GP-PolicyReserved
+schemaIDGUID:: LsZpD44I9U+lOukjzsB8Cg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-8023-GP-PolicyData,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-net-ieee-8023-GP-PolicyData
+attributeID: 1.2.840.113556.1.4.1955
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1048576
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-8023-GP-PolicyData
+adminDescription: 
+ This attribute contains all of the settings and data which comprise a group po
+ licy configuration for 802.3 wired networks.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ms-net-ieee-8023-GP-PolicyData
+schemaIDGUID:: i5SYg1d0kU29TY1+1mnJ9w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-8023-GP-PolicyGUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-net-ieee-8023-GP-PolicyGUID
+attributeID: 1.2.840.113556.1.4.1954
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-8023-GP-PolicyGUID
+adminDescription: 
+ This attribute contains a GUID which identifies a specific 802.3 group policy 
+ object on the domain.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ms-net-ieee-8023-GP-PolicyGUID
+schemaIDGUID:: WrCnlLK4WU+cJTnmm6oWhA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-8023-GP-PolicyReserved,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-net-ieee-8023-GP-PolicyReserved
+attributeID: 1.2.840.113556.1.4.1956
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1048576
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-8023-GP-PolicyReserved
+adminDescription: Reserved for future use
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: ms-net-ieee-8023-GP-PolicyReserved
+schemaIDGUID:: xyfF0wYm602M/RhCb+7Izg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-AccountCredentials,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-AccountCredentials
+attributeID: 1.2.840.113556.1.4.1894
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+linkID: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-PKI-AccountCredentials
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: Storage of encrypted user credential token blobs for roaming
+oMSyntax: 127
+searchFlags: 640
+lDAPDisplayName: msPKIAccountCredentials
+schemaIDGUID:: RKffuNwx8U6sfIS69++dpw==
+attributeSecurityGUID:: 3kfmkW/ZcEuVV9Y/9PPM2A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Cert-Template-OID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Cert-Template-OID
+attributeID: 1.2.840.113556.1.4.1436
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Cert-Template-OID
+adminDescription: ms-PKI-Cert-Template-OID
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msPKI-Cert-Template-OID
+schemaIDGUID:: asNkMSa6jEaL2sHlzCVnKA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Certificate-Application-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Certificate-Application-Policy
+attributeID: 1.2.840.113556.1.4.1674
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Certificate-Application-Policy
+adminDescription: ms-PKI-Certificate-Application-Policy
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-Certificate-Application-Policy
+schemaIDGUID:: SAXZ2zeqAkKZZoxTe6XOMg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Certificate-Name-Flag,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Certificate-Name-Flag
+attributeID: 1.2.840.113556.1.4.1432
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Certificate-Name-Flag
+adminDescription: ms-PKI-Certificate-Name-Flag
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-Certificate-Name-Flag
+schemaIDGUID:: xN0d6v9gbkGMwBfO5TS85w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Certificate-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Certificate-Policy
+attributeID: 1.2.840.113556.1.4.1439
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Certificate-Policy
+adminDescription: ms-PKI-Certificate-Policy
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-Certificate-Policy
+schemaIDGUID:: RiOUOFvMS0Kn2G/9EgKcXw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Credential-Roaming-Tokens,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Credential-Roaming-Tokens
+attributeID: 1.2.840.113556.1.4.2050
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+linkID: 2162
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Credential-Roaming-Tokens
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: 
+ Storage of encrypted user credential token blobs for roaming.
+oMSyntax: 127
+searchFlags: 128
+lDAPDisplayName: msPKI-CredentialRoamingTokens
+schemaIDGUID:: OFr/txgIsEKBENPRVMl/JA==
+attributeSecurityGUID:: 3kfmkW/ZcEuVV9Y/9PPM2A==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-DPAPIMasterKeys,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-DPAPIMasterKeys
+attributeID: 1.2.840.113556.1.4.1893
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+linkID: 2046
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-PKI-DPAPIMasterKeys
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: Storage of encrypted DPAPI Master Keys for user
+oMSyntax: 127
+searchFlags: 640
+lDAPDisplayName: msPKIDPAPIMasterKeys
+schemaIDGUID:: IzD5szmSfE+5nGdF2Hrbwg==
+attributeSecurityGUID:: 3kfmkW/ZcEuVV9Y/9PPM2A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Enrollment-Flag,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Enrollment-Flag
+attributeID: 1.2.840.113556.1.4.1430
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Enrollment-Flag
+adminDescription: ms-PKI-Enrollment-Flag
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-Enrollment-Flag
+schemaIDGUID:: 2Pde0Sby20auebNOVgvRLA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Enrollment-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Enrollment-Servers
+attributeID: 1.2.840.113556.1.4.2076
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Enrollment-Servers
+adminDescription: 
+ Priority, authentication type, and URI of each certificate enrollment web serv
+ ice.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-Enrollment-Servers
+schemaIDGUID:: j9Mr8tChMkiLKAMxQ4iGpg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Minimal-Key-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Minimal-Key-Size
+attributeID: 1.2.840.113556.1.4.1433
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Minimal-Key-Size
+adminDescription: ms-PKI-Minimal-Key-Size
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-Minimal-Key-Size
+schemaIDGUID:: 9WNq6X9B00a+Utt3A8UD3w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-OID-Attribute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-OID-Attribute
+attributeID: 1.2.840.113556.1.4.1671
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-OID-Attribute
+adminDescription: ms-PKI-OID-Attribute
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-OID-Attribute
+schemaIDGUID:: iBKejChQT0+nBHbQJvJG7w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-OID-CPS,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-OID-CPS
+attributeID: 1.2.840.113556.1.4.1672
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 32768
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-OID-CPS
+adminDescription: ms-PKI-OID-CPS
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-OID-CPS
+schemaIDGUID:: DpRJX5+nUUq7bz1EalTcaw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-OID-LocalizedName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-OID-LocalizedName
+attributeID: 1.2.840.113556.1.4.1712
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-OID-LocalizedName
+adminDescription: ms-PKI-OID-LocalizedName
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-OIDLocalizedName
+schemaIDGUID:: FqhZfQW7ckqXH1wTMfZ1WQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-OID-User-Notice,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-OID-User-Notice
+attributeID: 1.2.840.113556.1.4.1673
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 32768
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-OID-User-Notice
+adminDescription: ms-PKI-OID-User-Notice
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-OID-User-Notice
+schemaIDGUID:: etrEBBThaU6I3uKT8tOzlQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Private-Key-Flag,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Private-Key-Flag
+attributeID: 1.2.840.113556.1.4.1431
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Private-Key-Flag
+adminDescription: ms-PKI-Private-Key-Flag
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-Private-Key-Flag
+schemaIDGUID:: wkqwujUECUeTByg4DnxwAQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-RA-Application-Policies,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-RA-Application-Policies
+attributeID: 1.2.840.113556.1.4.1675
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-RA-Application-Policies
+adminDescription: ms-PKI-RA-Application-Policies
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-RA-Application-Policies
+schemaIDGUID:: v/uRPHNHzUyoe4XVPnvPag==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-RA-Policies,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-RA-Policies
+attributeID: 1.2.840.113556.1.4.1438
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-RA-Policies
+adminDescription: ms-PKI-RA-Policies
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-RA-Policies
+schemaIDGUID:: Iq5G1VEJR02BfhyflvqtRg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-RA-Signature,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-RA-Signature
+attributeID: 1.2.840.113556.1.4.1429
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-RA-Signature
+adminDescription: MS PKI Number Of RA Signature Required In Request
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-RA-Signature
+schemaIDGUID:: S+AX/n2Tfk+ODpKSyNVoPg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-RoamingTimeStamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-RoamingTimeStamp
+attributeID: 1.2.840.113556.1.4.1892
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-PKI-RoamingTimeStamp
+adminDescription: Time stamp for last change to roaming tokens
+oMSyntax: 4
+searchFlags: 640
+lDAPDisplayName: msPKIRoamingTimeStamp
+schemaIDGUID:: rOQXZvGiq0O2DBH70frPBQ==
+attributeSecurityGUID:: 3kfmkW/ZcEuVV9Y/9PPM2A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Site-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Site-Name
+attributeID: 1.2.840.113556.1.4.2077
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Site-Name
+adminDescription: Active Directory site to which the CA machine belongs.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-Site-Name
+schemaIDGUID:: H3HYDPwKJkmksQmwjT1DbA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Supersede-Templates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Supersede-Templates
+attributeID: 1.2.840.113556.1.4.1437
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Supersede-Templates
+adminDescription: ms-PKI-Supersede-Templates
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-Supersede-Templates
+schemaIDGUID:: fa7onVt6HUK15AYfed/V1w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Template-Minor-Revision,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Template-Minor-Revision
+attributeID: 1.2.840.113556.1.4.1435
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Template-Minor-Revision
+adminDescription: ms-PKI-Template-Minor-Revision
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-Template-Minor-Revision
+schemaIDGUID:: bCP1E4QYsUa10EhOOJkNWA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Template-Schema-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Template-Schema-Version
+attributeID: 1.2.840.113556.1.4.1434
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Template-Schema-Version
+adminDescription: ms-PKI-Template-Schema-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-Template-Schema-Version
+schemaIDGUID:: 9ekVDB1JlEWRjzKBOgkdqQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RADIUS-FramedInterfaceId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RADIUS-FramedInterfaceId
+attributeID: 1.2.840.113556.1.4.1913
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 8
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RADIUS-FramedInterfaceId
+adminDescription: 
+ This Attribute indicates the IPv6 interface identifier to be configured for th
+ e user.
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUS-FramedInterfaceId
+schemaIDGUID:: I0ryplzWZU2mTzX7aHPCuQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RADIUS-FramedIpv6Prefix,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RADIUS-FramedIpv6Prefix
+attributeID: 1.2.840.113556.1.4.1915
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RADIUS-FramedIpv6Prefix
+adminDescription: 
+ This Attribute indicates an IPv6 prefix (and corresponding route) to be config
+ ured for the user.
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUS-FramedIpv6Prefix
+schemaIDGUID:: ENY+9nzWTUmHvs0eJDWaOA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RADIUS-FramedIpv6Route,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RADIUS-FramedIpv6Route
+attributeID: 1.2.840.113556.1.4.1917
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 4096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RADIUS-FramedIpv6Route
+adminDescription: 
+ This Attribute provides routing information to be configured for the user on t
+ he NAS.
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUS-FramedIpv6Route
+schemaIDGUID:: BKhaWoMwY0iU5QGKeaIuwA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RADIUS-SavedFramedInterfaceId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RADIUS-SavedFramedInterfaceId
+attributeID: 1.2.840.113556.1.4.1914
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 8
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RADIUS-SavedFramedInterfaceId
+adminDescription: 
+ This Attribute indicates the IPv6 interface identifier to be configured for th
+ e user.
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUS-SavedFramedInterfaceId
+schemaIDGUID:: iXLapKOS5UK2ttrRbSgKyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RADIUS-SavedFramedIpv6Prefix,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RADIUS-SavedFramedIpv6Prefix
+attributeID: 1.2.840.113556.1.4.1916
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RADIUS-SavedFramedIpv6Prefix
+adminDescription: 
+ This Attribute indicates an IPv6 prefix (and corresponding route) to be config
+ ured for the user.
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUS-SavedFramedIpv6Prefix
+schemaIDGUID:: YqBlCeGxO0C0jVwOsOlSzA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RADIUS-SavedFramedIpv6Route,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RADIUS-SavedFramedIpv6Route
+attributeID: 1.2.840.113556.1.4.1918
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 4096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RADIUS-SavedFramedIpv6Route
+adminDescription: 
+ This Attribute provides routing information to be configured for the user on t
+ he NAS.
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUS-SavedFramedIpv6Route
+schemaIDGUID:: XLtmlp3fQU20Ny7sfifJsw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RRAS-Attribute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RRAS-Attribute
+attributeID: 1.2.840.113556.1.4.884
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RRAS-Attribute
+adminDescription: ms-RRAS-Attribute
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msRRASAttribute
+schemaIDGUID:: rZib842T0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RRAS-Vendor-Attribute-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RRAS-Vendor-Attribute-Entry
+attributeID: 1.2.840.113556.1.4.883
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RRAS-Vendor-Attribute-Entry
+adminDescription: ms-RRAS-Vendor-Attribute-Entry
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msRRASVendorAttributeEntry
+schemaIDGUID:: rJib842T0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Config-License,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-Config-License
+attributeID: 1.2.840.113556.1.4.2087
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 5242880
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-Config-License
+adminDescription: 
+ Product-key configuration license used during online/phone activation of the A
+ ctive Directory forest
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msSPP-ConfigLicense
+schemaIDGUID:: tcRTA5nRsECzxd6zL9nsBg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Confirmation-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-Confirmation-Id
+attributeID: 1.2.840.113556.1.4.2084
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-Confirmation-Id
+adminDescription: 
+ Confirmation ID (CID) used for phone activation of the Active Directory forest
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSPP-ConfirmationId
+schemaIDGUID:: xJeHbtqsSUqHQLC9Bam4MQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-CSVLK-Partial-Product-Key,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-CSVLK-Partial-Product-Key
+attributeID: 1.2.840.113556.1.4.2106
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 5
+rangeUpper: 5
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-CSVLK-Partial-Product-Key
+adminDescription: 
+ Last 5 characters of CSVLK product-key used to create the Activation Object
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSPP-CSVLKPartialProductKey
+schemaIDGUID:: kbABplKGOkWzhoetI5t8CA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-CSVLK-Pid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-CSVLK-Pid
+attributeID: 1.2.840.113556.1.4.2105
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-CSVLK-Pid
+adminDescription: ID of CSVLK product-key used to create the Activation Object
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSPP-CSVLKPid
+schemaIDGUID:: DVF/tFBr4Ue1VncseeT/xA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-CSVLK-Sku-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-CSVLK-Sku-Id
+attributeID: 1.2.840.113556.1.4.2081
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-CSVLK-Sku-Id
+adminDescription: 
+ SKU ID of CSVLK product-key used to create the Activation Object
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msSPP-CSVLKSkuId
+schemaIDGUID:: OfeElnh7bUeNdDGtdpLu9A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Installation-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-Installation-Id
+attributeID: 1.2.840.113556.1.4.2083
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-Installation-Id
+adminDescription: 
+ Installation ID (IID) used for phone activation of the Active Directory forest
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSPP-InstallationId
+schemaIDGUID:: FLG/aXtAOUeiE8ZjgCs+Nw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Issuance-License,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-Issuance-License
+attributeID: 1.2.840.113556.1.4.2088
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 5242880
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-Issuance-License
+adminDescription: 
+ Issuance license used during online/phone activation of the Active Directory f
+ orest
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msSPP-IssuanceLicense
+schemaIDGUID:: obN1EK+70kmujcTyXIIzAw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-KMS-Ids,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-KMS-Ids
+attributeID: 1.2.840.113556.1.4.2082
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-KMS-Ids
+adminDescription: KMS IDs enabled by the Activation Object
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msSPP-KMSIds
+schemaIDGUID:: 2j5mm0I11kad8DFAJa8rrA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Online-License,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-Online-License
+attributeID: 1.2.840.113556.1.4.2085
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 5242880
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-Online-License
+adminDescription: 
+ License used during online activation of the Active Directory forest
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msSPP-OnlineLicense
+schemaIDGUID:: jjaPCRJIzUivt6E2uWgH7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Phone-License,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-Phone-License
+attributeID: 1.2.840.113556.1.4.2086
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 5242880
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-Phone-License
+adminDescription: 
+ License used during phone activation of the Active Directory forest
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msSPP-PhoneLicense
+schemaIDGUID:: EtnkZ2LzUkCMeUL0W6eyIQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Alias,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Alias
+attributeID: 1.2.840.113556.1.4.1395
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Alias
+adminDescription: MS-SQL-Alias
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: mS-SQL-Alias
+schemaIDGUID:: rrrG4O7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-AllowAnonymousSubscription,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-AllowAnonymousSubscription
+attributeID: 1.2.840.113556.1.4.1394
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-AllowAnonymousSubscription
+adminDescription: MS-SQL-AllowAnonymousSubscription
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-AllowAnonymousSubscription
+schemaIDGUID:: Sr532+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-AllowImmediateUpdatingSubscription,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-AllowImmediateUpdatingSubscription
+attributeID: 1.2.840.113556.1.4.1404
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-AllowImmediateUpdatingSubscription
+adminDescription: MS-SQL-AllowImmediateUpdatingSubscription
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-AllowImmediateUpdatingSubscription
+schemaIDGUID:: bmsYxEvT0hGZmgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-AllowKnownPullSubscription,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-AllowKnownPullSubscription
+attributeID: 1.2.840.113556.1.4.1403
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-AllowKnownPullSubscription
+adminDescription: MS-SQL-AllowKnownPullSubscription
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-AllowKnownPullSubscription
+schemaIDGUID:: VHC7w0vT0hGZmgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-AllowQueuedUpdatingSubscription,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-AllowQueuedUpdatingSubscription
+attributeID: 1.2.840.113556.1.4.1405
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-AllowQueuedUpdatingSubscription
+adminDescription: MS-SQL-AllowQueuedUpdatingSubscription
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-AllowQueuedUpdatingSubscription
+schemaIDGUID:: gMpYxEvT0hGZmgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-AllowSnapshotFilesFTPDownloading,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-AllowSnapshotFilesFTPDownloading
+attributeID: 1.2.840.113556.1.4.1406
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-AllowSnapshotFilesFTPDownloading
+adminDescription: MS-SQL-AllowSnapshotFilesFTPDownloading
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-AllowSnapshotFilesFTPDownloading
+schemaIDGUID:: 6IubxEvT0hGZmgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-AppleTalk,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-AppleTalk
+attributeID: 1.2.840.113556.1.4.1378
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-AppleTalk
+adminDescription: MS-SQL-AppleTalk
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-AppleTalk
+schemaIDGUID:: 9Inaj+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Applications,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Applications
+attributeID: 1.2.840.113556.1.4.1400
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Applications
+adminDescription: MS-SQL-Applications
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Applications
+schemaIDGUID:: 6qLN++7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Build,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Build
+attributeID: 1.2.840.113556.1.4.1368
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Build
+adminDescription: MS-SQL-Build
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Build
+schemaIDGUID:: xJQ+YO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-CharacterSet,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-CharacterSet
+attributeID: 1.2.840.113556.1.4.1370
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-CharacterSet
+adminDescription: MS-SQL-CharacterSet
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mS-SQL-CharacterSet
+schemaIDGUID:: pndhae7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Clustered,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Clustered
+attributeID: 1.2.840.113556.1.4.1373
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Clustered
+adminDescription: MS-SQL-Clustered
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Clustered
+schemaIDGUID:: kL14d+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-ConnectionURL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-ConnectionURL
+attributeID: 1.2.840.113556.1.4.1383
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-ConnectionURL
+adminDescription: MS-SQL-ConnectionURL
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-ConnectionURL
+schemaIDGUID:: 2iMtqe7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Contact,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Contact
+attributeID: 1.2.840.113556.1.4.1365
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Contact
+adminDescription: MS-SQL-Contact
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Contact
+schemaIDGUID:: 2L1sT+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-CreationDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-CreationDate
+attributeID: 1.2.840.113556.1.4.1397
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-CreationDate
+adminDescription: MS-SQL-CreationDate
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-CreationDate
+schemaIDGUID:: VEfh7e7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Database,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Database
+attributeID: 1.2.840.113556.1.4.1393
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Database
+adminDescription: MS-SQL-Database
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: mS-SQL-Database
+schemaIDGUID:: 3Nug1e7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Description
+attributeID: 1.2.840.113556.1.4.1390
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Description
+adminDescription: MS-SQL-Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Description
+schemaIDGUID:: PGCGg+/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-GPSHeight,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-GPSHeight
+attributeID: 1.2.840.113556.1.4.1387
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-GPSHeight
+adminDescription: MS-SQL-GPSHeight
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-GPSHeight
+schemaIDGUID:: Dk/dvO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-GPSLatitude,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-GPSLatitude
+attributeID: 1.2.840.113556.1.4.1385
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-GPSLatitude
+adminDescription: MS-SQL-GPSLatitude
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-GPSLatitude
+schemaIDGUID:: Droisu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-GPSLongitude,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-GPSLongitude
+attributeID: 1.2.840.113556.1.4.1386
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-GPSLongitude
+adminDescription: MS-SQL-GPSLongitude
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-GPSLongitude
+schemaIDGUID:: lHxXt+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-InformationDirectory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-InformationDirectory
+attributeID: 1.2.840.113556.1.4.1392
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-InformationDirectory
+adminDescription: MS-SQL-InformationDirectory
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-InformationDirectory
+schemaIDGUID:: Ltuu0O7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-InformationURL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-InformationURL
+attributeID: 1.2.840.113556.1.4.1382
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-InformationURL
+adminDescription: MS-SQL-InformationURL
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-InformationURL
+schemaIDGUID:: ENUspO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Keywords,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Keywords
+attributeID: 1.2.840.113556.1.4.1401
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Keywords
+adminDescription: MS-SQL-Keywords
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Keywords
+schemaIDGUID:: iqnpAe/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Language,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Language
+attributeID: 1.2.840.113556.1.4.1389
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Language
+adminDescription: MS-SQL-Language
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Language
+schemaIDGUID:: 9HJ/xe7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-LastBackupDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-LastBackupDate
+attributeID: 1.2.840.113556.1.4.1398
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-LastBackupDate
+adminDescription: MS-SQL-LastBackupDate
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-LastBackupDate
+schemaIDGUID:: yqu28u7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-LastDiagnosticDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-LastDiagnosticDate
+attributeID: 1.2.840.113556.1.4.1399
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-LastDiagnosticDate
+adminDescription: MS-SQL-LastDiagnosticDate
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-LastDiagnosticDate
+schemaIDGUID:: iN3W9u7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-LastUpdatedDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-LastUpdatedDate
+attributeID: 1.2.840.113556.1.4.1381
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-LastUpdatedDate
+adminDescription: MS-SQL-LastUpdatedDate
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-LastUpdatedDate
+schemaIDGUID:: 1EPMn+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Location
+attributeID: 1.2.840.113556.1.4.1366
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Location
+adminDescription: MS-SQL-Location
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Location
+schemaIDGUID:: RJYcVu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Memory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Memory
+attributeID: 1.2.840.113556.1.4.1367
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Memory
+adminDescription: MS-SQL-Memory
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Memory
+schemaIDGUID:: jERdW+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-MultiProtocol,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-MultiProtocol
+attributeID: 1.2.840.113556.1.4.1375
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-MultiProtocol
+adminDescription: MS-SQL-MultiProtocol
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-MultiProtocol
+schemaIDGUID:: OPpXge7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Name
+attributeID: 1.2.840.113556.1.4.1363
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Name
+adminDescription: MS-SQL-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: mS-SQL-Name
+schemaIDGUID:: 2N8yNe7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-NamedPipe,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-NamedPipe
+attributeID: 1.2.840.113556.1.4.1374
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-NamedPipe
+adminDescription: MS-SQL-NamedPipe
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-NamedPipe
+schemaIDGUID:: QMiRe+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-PublicationURL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-PublicationURL
+attributeID: 1.2.840.113556.1.4.1384
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-PublicationURL
+adminDescription: MS-SQL-PublicationURL
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-PublicationURL
+schemaIDGUID:: uBEMru7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Publisher,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Publisher
+attributeID: 1.2.840.113556.1.4.1402
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Publisher
+adminDescription: MS-SQL-Publisher
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Publisher
+schemaIDGUID:: WGhnwUvT0hGZmgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-RegisteredOwner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-RegisteredOwner
+attributeID: 1.2.840.113556.1.4.1364
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-RegisteredOwner
+adminDescription: MS-SQL-RegisteredOwner
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-RegisteredOwner
+schemaIDGUID:: 6kT9SO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-ServiceAccount,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-ServiceAccount
+attributeID: 1.2.840.113556.1.4.1369
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-ServiceAccount
+adminDescription: MS-SQL-ServiceAccount
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-ServiceAccount
+schemaIDGUID:: PjqTZO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Size
+attributeID: 1.2.840.113556.1.4.1396
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Size
+adminDescription: MS-SQL-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Size
+schemaIDGUID:: hIAJ6e7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-SortOrder,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-SortOrder
+attributeID: 1.2.840.113556.1.4.1371
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-SortOrder
+adminDescription: MS-SQL-SortOrder
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-SortOrder
+schemaIDGUID:: wELcbe7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-SPX,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-SPX
+attributeID: 1.2.840.113556.1.4.1376
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-SPX
+adminDescription: MS-SQL-SPX
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-SPX
+schemaIDGUID:: BICwhu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Status,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Status
+attributeID: 1.2.840.113556.1.4.1380
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Status
+adminDescription: MS-SQL-Status
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Status
+schemaIDGUID:: cEd9mu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-TCPIP,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-TCPIP
+attributeID: 1.2.840.113556.1.4.1377
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-TCPIP
+adminDescription: MS-SQL-TCPIP
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-TCPIP
+schemaIDGUID:: pmPCiu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-ThirdParty,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-ThirdParty
+attributeID: 1.2.840.113556.1.4.1407
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-ThirdParty
+adminDescription: MS-SQL-ThirdParty
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-ThirdParty
+schemaIDGUID:: /BHjxEvT0hGZmgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Type
+attributeID: 1.2.840.113556.1.4.1391
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Type
+adminDescription: MS-SQL-Type
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Type
+schemaIDGUID:: qOtIyu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-UnicodeSortOrder,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-UnicodeSortOrder
+attributeID: 1.2.840.113556.1.4.1372
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-UnicodeSortOrder
+adminDescription: MS-SQL-UnicodeSortOrder
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mS-SQL-UnicodeSortOrder
+schemaIDGUID:: ipHccu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Version
+attributeID: 1.2.840.113556.1.4.1388
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Version
+adminDescription: MS-SQL-Version
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: mS-SQL-Version
+schemaIDGUID:: 0MF8wO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Vines,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Vines
+attributeID: 1.2.840.113556.1.4.1379
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Vines
+adminDescription: MS-SQL-Vines
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Vines
+schemaIDGUID:: lGPFlO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TAPI-Conference-Blob,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TAPI-Conference-Blob
+attributeID: 1.2.840.113556.1.4.1700
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msTAPI-ConferenceBlob
+adminDescription: msTAPI-ConferenceBlob
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msTAPI-ConferenceBlob
+schemaIDGUID:: HmDETAFyQUGryD5SmuiIYw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TAPI-Ip-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TAPI-Ip-Address
+attributeID: 1.2.840.113556.1.4.1701
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msTAPI-IpAddress
+adminDescription: msTAPI-IpAddress
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTAPI-IpAddress
+schemaIDGUID:: 99fX744XZ0eH+viha4QFRA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TAPI-Protocol-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TAPI-Protocol-Id
+attributeID: 1.2.840.113556.1.4.1699
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msTAPI-ProtocolId
+adminDescription: msTAPI-ProtocolId
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTAPI-ProtocolId
+schemaIDGUID:: z+vBiV96/UGZyskAsyKZqw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TAPI-Unique-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TAPI-Unique-Identifier
+attributeID: 1.2.840.113556.1.4.1698
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msTAPI-uid
+adminDescription: msTAPI-uid
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTAPI-uid
+schemaIDGUID:: 6uekcLmzQ0aJGObdJHG/1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TPM-Owner-Information-Temp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TPM-Owner-Information-Temp
+attributeID: 1.2.840.113556.1.4.2108
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: TPM-OwnerInformationTemp
+adminDescription: 
+ This attribute contains temporary owner information for a particular TPM.
+oMSyntax: 64
+searchFlags: 640
+lDAPDisplayName: msTPM-OwnerInformationTemp
+schemaIDGUID:: nYCUyBO1+E+IEfT0P1rHvA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TPM-OwnerInformation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TPM-OwnerInformation
+attributeID: 1.2.840.113556.1.4.1966
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: TPM-OwnerInformation
+adminDescription: 
+ This attribute contains the owner information of a particular TPM.
+oMSyntax: 64
+searchFlags: 664
+lDAPDisplayName: msTPM-OwnerInformation
+schemaIDGUID:: bRpOqg1VBU6MNUr8uRep/g==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TPM-Srk-Pub-Thumbprint,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TPM-Srk-Pub-Thumbprint
+attributeID: 1.2.840.113556.1.4.2107
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 20
+showInAdvancedViewOnly: TRUE
+adminDisplayName: TPM-SrkPubThumbprint
+adminDescription: 
+ This attribute contains the thumbprint of the SrkPub corresponding to a partic
+ ular TPM. This helps to index the TPM devices in the directory.
+oMSyntax: 4
+searchFlags: 11
+lDAPDisplayName: msTPM-SrkPubThumbprint
+schemaIDGUID:: 6wbXGXZNokSF1hw0K+O+Nw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TPM-Tpm-Information-For-Computer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TPM-Tpm-Information-For-Computer
+attributeID: 1.2.840.113556.1.4.2109
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2182
+showInAdvancedViewOnly: TRUE
+adminDisplayName: TPM-TpmInformationForComputer
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: This attribute links a Computer object to a TPM object.
+oMSyntax: 127
+searchFlags: 16
+lDAPDisplayName: msTPM-TpmInformationForComputer
+schemaIDGUID:: k3sb6khe1Ua8bE30/aeKNQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TPM-Tpm-Information-For-Computer-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TPM-Tpm-Information-For-Computer-BL
+attributeID: 1.2.840.113556.1.4.2110
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2183
+showInAdvancedViewOnly: TRUE
+adminDisplayName: TPM-TpmInformationForComputerBL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute links a TPM object to the Computer objects associated with it.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msTPM-TpmInformationForComputerBL
+schemaIDGUID:: yYT6FM2OSEO8kW087Ucqtw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Allow-Logon,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Allow-Logon
+attributeID: 1.2.840.113556.1.4.1979
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Allow-Logon
+adminDescription: 
+ Terminal Services Allow Logon specifies whether the user is allowed to log on 
+ to the Terminal Server. The value is 1 if logon is allowed, and 0 if logon is 
+ not allowed.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msTSAllowLogon
+schemaIDGUID:: ZNQMOlS850CTrqZGpuzEtA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Broken-Connection-Action,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Broken-Connection-Action
+attributeID: 1.2.840.113556.1.4.1985
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Broken-Connection-Action
+adminDescription: 
+ Terminal Services Session Broken Connection Action specifies the action to tak
+ e when a Terminal Services session limit is reached. The value is 1 if the cli
+ ent session should be terminated, and 0 if the client session should be discon
+ nected.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msTSBrokenConnectionAction
+schemaIDGUID:: uhv0HARWPkaU1hoSh7csow==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Connect-Client-Drives,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Connect-Client-Drives
+attributeID: 1.2.840.113556.1.4.1986
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Connect-Client-Drives
+adminDescription: 
+ Terminal Services Session Connect Client Drives At Logon specifies whether to 
+ reconnect to mapped client drives at logon. The value is 1 if reconnection is 
+ enabled, and 0 if reconnection is disabled.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msTSConnectClientDrives
+schemaIDGUID:: rypXI90p6kSw+n6EOLmkow==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Connect-Printer-Drives,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Connect-Printer-Drives
+attributeID: 1.2.840.113556.1.4.1987
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Connect-Printer-Drives
+adminDescription: 
+ Terminal Services Session Connect Printer Drives At Logon specifies whether to
+  reconnect to mapped client printers at logon. The value is 1 if reconnection 
+ is enabled, and 0 if reconnection is disabled.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msTSConnectPrinterDrives
+schemaIDGUID:: N6nmjBuHkkyyhdmdQDZoHA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Default-To-Main-Printer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Default-To-Main-Printer
+attributeID: 1.2.840.113556.1.4.1988
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Default-To-Main-Printer
+adminDescription: 
+ Terminal Services Default To Main Printer specifies whether to print automatic
+ ally to the client's default printer. The value is 1 if printing to the client
+ 's default printer is enabled, and 0 if it is disabled.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msTSDefaultToMainPrinter
+schemaIDGUID:: veL/wM/Kx02I1WHp6Vdm9g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Endpoint-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Endpoint-Data
+attributeID: 1.2.840.113556.1.4.2070
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Endpoint-Data
+adminDescription: 
+ This attribute represents the VM Name for machine in TSV deployment.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSEndpointData
+schemaIDGUID:: B8ThQERD80CrQzYlo0pjog==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Endpoint-Plugin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Endpoint-Plugin
+attributeID: 1.2.840.113556.1.4.2072
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Endpoint-Plugin
+adminDescription: 
+ This attribute represents the name of the plugin which handles the orchestrati
+ on.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSEndpointPlugin
+schemaIDGUID:: abUIPB+AWEGxe+Nj1q5pag==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Endpoint-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Endpoint-Type
+attributeID: 1.2.840.113556.1.4.2071
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Endpoint-Type
+adminDescription: 
+ This attribute defines if the machine is a physical machine or a virtual machi
+ ne.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msTSEndpointType
+schemaIDGUID:: gN56N9jixUabzW2d7JOzXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ExpireDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ExpireDate
+attributeID: 1.2.840.113556.1.4.1993
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ExpireDate
+adminDescription: TS Expiration Date
+oMSyntax: 24
+searchFlags: 1
+lDAPDisplayName: msTSExpireDate
+schemaIDGUID:: 9U4AcMMlakSXyJlq6FZndg==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ExpireDate2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ExpireDate2
+attributeID: 1.2.840.113556.1.4.2000
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ExpireDate2
+adminDescription: Expiration date of the second TS per user CAL.
+oMSyntax: 24
+searchFlags: 1
+lDAPDisplayName: msTSExpireDate2
+schemaIDGUID:: cc/fVD+8C0+dWkskdruJJQ==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ExpireDate3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ExpireDate3
+attributeID: 1.2.840.113556.1.4.2003
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ExpireDate3
+adminDescription: Expiration date of the third TS per user CAL.
+oMSyntax: 24
+searchFlags: 1
+lDAPDisplayName: msTSExpireDate3
+schemaIDGUID:: BH+8QXK+MEm9EB80OUEjhw==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ExpireDate4,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ExpireDate4
+attributeID: 1.2.840.113556.1.4.2006
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ExpireDate4
+adminDescription: Expiration date of the fourth TS per user CAL.
+oMSyntax: 24
+searchFlags: 1
+lDAPDisplayName: msTSExpireDate4
+schemaIDGUID:: Q9wRXkogr0+gCGhjYhxvXw==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Home-Directory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Home-Directory
+attributeID: 1.2.840.113556.1.4.1977
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Home-Directory
+adminDescription: 
+ Terminal Services Home Directory specifies the Home directory for the user. Ea
+ ch user on a Terminal Server has a unique home directory. This ensures that ap
+ plication information is stored separately for each user in a multi-user envir
+ onment. To set a home directory on the local computer, specify a local path; f
+ or example, C:\Path. To set a home directory in a network environment, you mus
+ t first set the TerminalServicesHomeDrive property, and then set this property
+  to a UNC path.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSHomeDirectory
+schemaIDGUID:: 8BA1XefEIkG5H6IK3ZDiRg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Home-Drive,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Home-Drive
+attributeID: 1.2.840.113556.1.4.1978
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Home-Drive
+adminDescription: 
+ Terminal Services Home Drive specifies a Home drive for the user. In a network
+  environment, this property is a string containing a drive specification (a dr
+ ive letter followed by a colon) to which the UNC path specified in the Termina
+ lServicesHomeDirectory property is mapped. To set a home directory in a networ
+ k environment, you must first set this property and then set the TerminalServi
+ cesHomeDirectory property.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSHomeDrive
+schemaIDGUID:: 2SQKX/rf2Uysv6BoDANzHg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Initial-Program,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Initial-Program
+attributeID: 1.2.840.113556.1.4.1990
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Initial-Program
+adminDescription: 
+ Terminal Services Session Initial Program specifies the Path and file name of 
+ the application that the user wants to start automatically when the user logs 
+ on to the Terminal Server. To set an initial application to start when the use
+ r logs on, you must first set this property and then set the TerminalServicesW
+ orkDirectory property. If you set only the TerminalServicesInitialProgram prop
+ erty, the application starts in the user's session in the default user directo
+ ry.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSInitialProgram
+schemaIDGUID:: b6wBkmkd+02ALtlVEBCVmQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-LicenseVersion,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-LicenseVersion
+attributeID: 1.2.840.113556.1.4.1994
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-LicenseVersion
+adminDescription: TS License Version
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSLicenseVersion
+schemaIDGUID:: iUrpCi838k2uisZKK8RyeA==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-LicenseVersion2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-LicenseVersion2
+attributeID: 1.2.840.113556.1.4.2001
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-LicenseVersion2
+adminDescription: Version of the second TS per user CAL.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSLicenseVersion2
+schemaIDGUID:: A/ENS5eN2UWtaYXDCAuk5w==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-LicenseVersion3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-LicenseVersion3
+attributeID: 1.2.840.113556.1.4.2004
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-LicenseVersion3
+adminDescription: Version of the third TS per user CAL.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSLicenseVersion3
+schemaIDGUID:: gY+6+KtMc0mjyDptpipeMQ==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-LicenseVersion4,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-LicenseVersion4
+attributeID: 1.2.840.113556.1.4.2007
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-LicenseVersion4
+adminDescription: Version of the fourth TS per user CAL.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSLicenseVersion4
+schemaIDGUID:: l13KcAQjCkmKJ1JnjI0glQ==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ManagingLS,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ManagingLS
+attributeID: 1.2.840.113556.1.4.1995
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ManagingLS
+adminDescription: TS Managing License Server
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSManagingLS
+schemaIDGUID:: R8W887CFLEOawDBFBr8sgw==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ManagingLS2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ManagingLS2
+attributeID: 1.2.840.113556.1.4.2002
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ManagingLS2
+adminDescription: Issuer name of the second TS per user CAL.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSManagingLS2
+schemaIDGUID:: VwefNL1RyE+dZj7O6oolvg==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ManagingLS3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ManagingLS3
+attributeID: 1.2.840.113556.1.4.2005
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ManagingLS3
+adminDescription: Issuer name of the third TS per user CAL.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSManagingLS3
+schemaIDGUID:: wdzV+jAhh0yhGHUyLNZwUA==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ManagingLS4,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ManagingLS4
+attributeID: 1.2.840.113556.1.4.2008
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ManagingLS4
+adminDescription: Issuer name of the fourth TS per user CAL.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSManagingLS4
+schemaIDGUID:: oLaj9wchQEGzBnXLUhcx5Q==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Max-Connection-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Max-Connection-Time
+attributeID: 1.2.840.113556.1.4.1982
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Max-Connection-Time
+adminDescription: 
+ Terminal Services Session maximum Connection Time is Maximum duration, in minu
+ tes, of the Terminal Services session. After the specified number of minutes h
+ ave elapsed, the session can be disconnected or terminated.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msTSMaxConnectionTime
+schemaIDGUID:: 4g6WHWRklU6ngeO1zV+ViA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Max-Disconnection-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Max-Disconnection-Time
+attributeID: 1.2.840.113556.1.4.1981
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Max-Disconnection-Time
+adminDescription: 
+ Terminal Services Session Maximum Disconnection Time is maximum amount of time
+ , in minutes, that a disconnected Terminal Services session remains active on 
+ the Terminal Server. After the specified number of minutes have elapsed, the s
+ ession is terminated.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msTSMaxDisconnectionTime
+schemaIDGUID:: iXBvMthThEe4FEbYU1EQ0g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Max-Idle-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Max-Idle-Time
+attributeID: 1.2.840.113556.1.4.1983
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Max-Idle-Time
+adminDescription: 
+ Terminal Services Session Maximum Idle Time is maximum amount of time, in minu
+ tes, that the Terminal Services session can remain idle. After the specified n
+ umber of minutes have elapsed, the session can be disconnected or terminated.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msTSMaxIdleTime
+schemaIDGUID:: nJ5z/7drDkayIeJQ894PlQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Primary-Desktop,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Primary-Desktop
+attributeID: 1.2.840.113556.1.4.2073
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2170
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Primary-Desktop
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute represents the forward link to user's primary desktop.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msTSPrimaryDesktop
+schemaIDGUID:: lJYlKeQJN0KfcpMG6+Y6sg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Primary-Desktop-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Primary-Desktop-BL
+attributeID: 1.2.840.113556.1.4.2074
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2171
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Primary-Desktop-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: This attribute represents the backward link to user.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msTSPrimaryDesktopBL
+schemaIDGUID:: GNyqndFA0U6iv2ub9H09qg==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Profile-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Profile-Path
+attributeID: 1.2.840.113556.1.4.1976
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Profile-Path
+adminDescription: 
+ Terminal Services Profile Path specifies a roaming or mandatory profile path t
+ o use when the user logs on to the Terminal Server. The profile path is in the
+  following network path format: \\servername\profiles folder name\username
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSProfilePath
+schemaIDGUID:: 2zBc5mwxYECjoDh7CD8JzQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-Property01,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-Property01
+attributeID: 1.2.840.113556.1.4.1991
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-Property01
+adminDescription: Placeholder Terminal Server Property 01
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSProperty01
+schemaIDGUID:: d6mu+lWW10mFPfJ7t6rKDw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-Property02,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-Property02
+attributeID: 1.2.840.113556.1.4.1992
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-Property02
+adminDescription: Placeholder Terminal Server Property 02
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSProperty02
+schemaIDGUID:: rPaGNbdReEmrQvk2RjGY5w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Reconnection-Action,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Reconnection-Action
+attributeID: 1.2.840.113556.1.4.1984
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Reconnection-Action
+adminDescription: 
+ Terminal Services Session Reconnection Action specifies whether to allow recon
+ nection to a disconnected Terminal Services session from any client computer. 
+ The value is 1 if reconnection is allowed from the original client computer on
+ ly, and 0 if reconnection from any client computer is allowed.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msTSReconnectionAction
+schemaIDGUID:: ytduNhg+f0yrrjUaAeS09w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Remote-Control,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Remote-Control
+attributeID: 1.2.840.113556.1.4.1980
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Remote-Control
+adminDescription: 
+ Terminal Services Remote Control specifies the whether to allow remote observa
+ tion or remote control of the user's Terminal Services session. For a descript
+ ion of these values, see the RemoteControl method of the Win32_TSRemoteControl
+ Setting WMI class. 0 - Disable, 1 - EnableInputNotify, 2 - EnableInputNoNotify
+ , 3 - EnableNoInputNotify and 4 - EnableNoInputNoNotify
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msTSRemoteControl
+schemaIDGUID:: JnIXFUKGi0aMSAPd/QBJgg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Secondary-Desktop-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Secondary-Desktop-BL
+attributeID: 1.2.840.113556.1.4.2078
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2173
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Secondary-Desktop-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: This attribute represents the backward link to user.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msTSSecondaryDesktopBL
+schemaIDGUID:: rwexNAqgWkWxOd0aGxLYrw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Secondary-Desktops,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Secondary-Desktops
+attributeID: 1.2.840.113556.1.4.2075
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2172
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Secondary-Desktops
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute represents the array of forward links to user's secondary deskt
+ ops.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msTSSecondaryDesktops
+schemaIDGUID:: mqI69jG74Ui/qwpsWh05wg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Work-Directory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Work-Directory
+attributeID: 1.2.840.113556.1.4.1989
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Work-Directory
+adminDescription: 
+ Terminal Services Session Work Directory specifies the working directory path 
+ for the user. To set an initial application to start when the user logs on to 
+ the Terminal Server, you must first set the TerminalServicesInitialProgram pro
+ perty, and then set this property.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSWorkDirectory
+schemaIDGUID:: ZvZEpzw9yEyDS51Pb2h7iw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TSLS-Property01,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TSLS-Property01
+attributeID: 1.2.840.113556.1.4.2009
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TSLS-Property01
+adminDescription: Placeholder Terminal Server License Server Property 01
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSLSProperty01
+schemaIDGUID:: kDXlhx2XUkqVW0eU0VqErg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TSLS-Property02,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TSLS-Property02
+attributeID: 1.2.840.113556.1.4.2010
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TSLS-Property02
+adminDescription: Placeholder Terminal Server License Server Property 02
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSLSProperty02
+schemaIDGUID:: sHvHR24xL06X8Q1MSPyp3Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Author,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Author
+attributeID: 1.2.840.113556.1.4.1623
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-Author
+adminDescription: ms-WMI-Author
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Author
+schemaIDGUID:: wcBmY3JpZk6zpR1SrQwFRw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-ChangeDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-ChangeDate
+attributeID: 1.2.840.113556.1.4.1624
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-ChangeDate
+adminDescription: ms-WMI-ChangeDate
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-ChangeDate
+schemaIDGUID:: oPfN+UTsN0mnm82RUis6qA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Class
+attributeID: 1.2.840.113556.1.4.1676
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Class
+adminDescription: ms-WMI-Class
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Class
+schemaIDGUID:: X5LBkCRKB0uyAr4y6zyLdA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-ClassDefinition,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-ClassDefinition
+attributeID: 1.2.840.113556.1.4.1625
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-ClassDefinition
+adminDescription: ms-WMI-ClassDefinition
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-ClassDefinition
+schemaIDGUID:: vA6cK3LCy0WZ0k0OaRYy4A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-CreationDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-CreationDate
+attributeID: 1.2.840.113556.1.4.1626
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-CreationDate
+adminDescription: ms-WMI-CreationDate
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-CreationDate
+schemaIDGUID:: LgqLdFEzP0uxcS8XQU6neQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Genus,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Genus
+attributeID: 1.2.840.113556.1.4.1677
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Genus
+adminDescription: ms-WMI-Genus
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-Genus
+schemaIDGUID:: OmfIUFaPFEaTCJ4TQPua8w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-ID
+attributeID: 1.2.840.113556.1.4.1627
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-ID
+adminDescription: ms-WMI-ID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-ID
+schemaIDGUID:: A6g5k7iU90eRI6hTuf9+RQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-int8Default,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-int8Default
+attributeID: 1.2.840.113556.1.4.1632
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-int8Default
+adminDescription: ms-WMI-int8Default
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msWMI-Int8Default
+schemaIDGUID:: WgjY9FuMhUeVm9xYVWbkRQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-int8Max,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-int8Max
+attributeID: 1.2.840.113556.1.4.1633
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-int8Max
+adminDescription: ms-WMI-int8Max
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msWMI-Int8Max
+schemaIDGUID:: R7XY4z0ARkmjK9x87clrdA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-int8Min,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-int8Min
+attributeID: 1.2.840.113556.1.4.1634
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-int8Min
+adminDescription: ms-WMI-int8Min
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msWMI-Int8Min
+schemaIDGUID:: 0YkU7cxUZkCzaKANqiZk8Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-int8ValidValues,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-int8ValidValues
+attributeID: 1.2.840.113556.1.4.1635
+attributeSyntax: 2.5.5.16
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-int8ValidValues
+adminDescription: ms-WMI-int8ValidValues
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msWMI-Int8ValidValues
+schemaIDGUID:: qRk1EALAG0SYGrCz4BLIAw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intDefault,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intDefault
+attributeID: 1.2.840.113556.1.4.1628
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-intDefault
+adminDescription: ms-WMI-intDefault
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-IntDefault
+schemaIDGUID:: +AcMG912YECh4XAIRhnckA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intFlags1,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intFlags1
+attributeID: 1.2.840.113556.1.4.1678
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-intFlags1
+adminDescription: ms-WMI-intFlags1
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-intFlags1
+schemaIDGUID:: uQbgGEVk40idz7Xs+8Tfjg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intFlags2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intFlags2
+attributeID: 1.2.840.113556.1.4.1679
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-intFlags2
+adminDescription: ms-WMI-intFlags2
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-intFlags2
+schemaIDGUID:: yUJaB1rFsUWsk+sIazH2EA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intFlags3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intFlags3
+attributeID: 1.2.840.113556.1.4.1680
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-intFlags3
+adminDescription: ms-WMI-intFlags3
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-intFlags3
+schemaIDGUID:: Nqef8gne5EuyOuc0wSS6zA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intFlags4,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intFlags4
+attributeID: 1.2.840.113556.1.4.1681
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-intFlags4
+adminDescription: ms-WMI-intFlags4
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-intFlags4
+schemaIDGUID:: rKd0vZPEnEy9+lx7EZymsg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intMax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intMax
+attributeID: 1.2.840.113556.1.4.1629
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-intMax
+adminDescription: ms-WMI-intMax
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-IntMax
+schemaIDGUID:: LAyS+5TyJkSKwdJLQqorzg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intMin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intMin
+attributeID: 1.2.840.113556.1.4.1630
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-intMin
+adminDescription: ms-WMI-intMin
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-IntMin
+schemaIDGUID:: uuPCaDeYcEyY4PDDNpXQIw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intValidValues,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intValidValues
+attributeID: 1.2.840.113556.1.4.1631
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-intValidValues
+adminDescription: ms-WMI-intValidValues
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-IntValidValues
+schemaIDGUID:: 9mX1akmnckuWNDxdR+a04A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Mof,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Mof
+attributeID: 1.2.840.113556.1.4.1638
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-Mof
+adminDescription: ms-WMI-Mof
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Mof
+schemaIDGUID:: n4A2Z2QgPkShRYEmKx8TZg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Name
+attributeID: 1.2.840.113556.1.4.1639
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-Name
+adminDescription: ms-WMI-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Name
+schemaIDGUID:: 5azIxoF+r0KtcndBLFlBxA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-NormalizedClass,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-NormalizedClass
+attributeID: 1.2.840.113556.1.4.1640
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-NormalizedClass
+adminDescription: ms-WMI-NormalizedClass
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-NormalizedClass
+schemaIDGUID:: j2K66o7r6U+D/Gk75pVVmw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Parm1,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Parm1
+attributeID: 1.2.840.113556.1.4.1682
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Parm1
+adminDescription: ms-WMI-Parm1
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Parm1
+schemaIDGUID:: hRToJ7Cxi0q+3c4ZqDfibg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Parm2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Parm2
+attributeID: 1.2.840.113556.1.4.1683
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Parm2
+adminDescription: ms-WMI-Parm2
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Parm2
+schemaIDGUID:: jlADAEKcdkqo9Di/ZLqw3g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Parm3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Parm3
+attributeID: 1.2.840.113556.1.4.1684
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Parm3
+adminDescription: ms-WMI-Parm3
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Parm3
+schemaIDGUID:: to+VRb1Szkifn8JxLZ8r/A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Parm4,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Parm4
+attributeID: 1.2.840.113556.1.4.1685
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Parm4
+adminDescription: ms-WMI-Parm4
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Parm4
+schemaIDGUID:: o9UAOM7xgkulmhUo6nlfWQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-PropertyName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-PropertyName
+attributeID: 1.2.840.113556.1.4.1641
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-PropertyName
+adminDescription: ms-WMI-PropertyName
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-PropertyName
+schemaIDGUID:: gwiSq/jnck20oMBEmJdQnQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Query,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Query
+attributeID: 1.2.840.113556.1.4.1642
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-Query
+adminDescription: ms-WMI-Query
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Query
+schemaIDGUID:: Pvn/ZeM1o0WFrodsZxgpfw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-QueryLanguage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-QueryLanguage
+attributeID: 1.2.840.113556.1.4.1643
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-QueryLanguage
+adminDescription: ms-WMI-QueryLanguage
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-QueryLanguage
+schemaIDGUID:: mPo8fXvBVEKL103puTKjRQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-ScopeGuid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-ScopeGuid
+attributeID: 1.2.840.113556.1.4.1686
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-ScopeGuid
+adminDescription: ms-WMI-ScopeGuid
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-ScopeGuid
+schemaIDGUID:: UY23h19Af0uA7SvSh4b0jQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-SourceOrganization,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-SourceOrganization
+attributeID: 1.2.840.113556.1.4.1644
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-SourceOrganization
+adminDescription: ms-WMI-SourceOrganization
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-SourceOrganization
+schemaIDGUID:: bO33NF1hjUGqAFSafXvgPg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-stringDefault,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-stringDefault
+attributeID: 1.2.840.113556.1.4.1636
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-stringDefault
+adminDescription: ms-WMI-stringDefault
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-StringDefault
+schemaIDGUID:: tkIuFcU3VU+rSBYGOEqa6g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-stringValidValues,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-stringValidValues
+attributeID: 1.2.840.113556.1.4.1637
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-stringValidValues
+adminDescription: ms-WMI-stringValidValues
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-StringValidValues
+schemaIDGUID:: MZ1gN7+iWEuPUytk5XoHbQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-TargetClass,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-TargetClass
+attributeID: 1.2.840.113556.1.4.1645
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-TargetClass
+adminDescription: ms-WMI-TargetClass
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-TargetClass
+schemaIDGUID:: 1ti2lejJYUaivGpcq8BMYg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-TargetNameSpace,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-TargetNameSpace
+attributeID: 1.2.840.113556.1.4.1646
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-TargetNameSpace
+adminDescription: ms-WMI-TargetNameSpace
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-TargetNameSpace
+schemaIDGUID:: H7ZKHCA05USEnYtdv2D+tw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-TargetObject,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-TargetObject
+attributeID: 1.2.840.113556.1.4.1647
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-TargetObject
+adminDescription: ms-WMI-TargetObject
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msWMI-TargetObject
+schemaIDGUID:: pWdPxOV9H0qS2WYrVzZLdw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-TargetPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-TargetPath
+attributeID: 1.2.840.113556.1.4.1648
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-TargetPath
+adminDescription: ms-WMI-TargetPath
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-TargetPath
+schemaIDGUID:: mqcGUP5rYUWfUhPPTdPlYA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-TargetType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-TargetType
+attributeID: 1.2.840.113556.1.4.1649
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-TargetType
+adminDescription: ms-WMI-TargetType
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-TargetType
+schemaIDGUID:: Higqyism90+0GbwSM1Kk6Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Mscope-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Mscope-Id
+attributeID: 1.2.840.113556.1.4.716
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Mscope-Id
+adminDescription: Mscope-Id
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: mscopeId
+schemaIDGUID:: USc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Msi-File-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Msi-File-List
+attributeID: 1.2.840.113556.1.4.671
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Msi-File-List
+adminDescription: Msi-File-List
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msiFileList
+schemaIDGUID:: fcv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Msi-Script,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Msi-Script
+attributeID: 1.2.840.113556.1.4.814
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Msi-Script
+adminDescription: Msi-Script
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msiScript
+schemaIDGUID:: E4Ph2TmJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Msi-Script-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Msi-Script-Name
+attributeID: 1.2.840.113556.1.4.845
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Msi-Script-Name
+adminDescription: Msi-Script-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msiScriptName
+schemaIDGUID:: Yt2nlhiR0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Msi-Script-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Msi-Script-Path
+attributeID: 1.2.840.113556.1.4.15
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Msi-Script-Path
+adminDescription: Msi-Script-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msiScriptPath
+schemaIDGUID:: N3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Msi-Script-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Msi-Script-Size
+attributeID: 1.2.840.113556.1.4.846
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Msi-Script-Size
+adminDescription: Msi-Script-Size
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msiScriptSize
+schemaIDGUID:: Y92nlhiR0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Authenticate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Authenticate
+attributeID: 1.2.840.113556.1.4.923
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Authenticate
+adminDescription: MSMQ-Authenticate
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQAuthenticate
+schemaIDGUID:: JsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Base-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Base-Priority
+attributeID: 1.2.840.113556.1.4.920
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Base-Priority
+adminDescription: MSMQ-Base-Priority
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQBasePriority
+schemaIDGUID:: I8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Computer-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Computer-Type
+attributeID: 1.2.840.113556.1.4.933
+attributeSyntax: 2.5.5.4
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Computer-Type
+adminDescription: MSMQ-Computer-Type
+oMSyntax: 20
+searchFlags: 0
+lDAPDisplayName: mSMQComputerType
+schemaIDGUID:: LsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Computer-Type-Ex,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Computer-Type-Ex
+attributeID: 1.2.840.113556.1.4.1417
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Computer-Type-Ex
+adminDescription: MSMQ-Computer-Type-Ex
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mSMQComputerTypeEx
+schemaIDGUID:: 6A0SGMT0QUO9lTLrW898gA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Cost,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Cost
+attributeID: 1.2.840.113556.1.4.946
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Cost
+adminDescription: MSMQ-Cost
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQCost
+schemaIDGUID:: OsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-CSP-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-CSP-Name
+attributeID: 1.2.840.113556.1.4.940
+attributeSyntax: 2.5.5.4
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-CSP-Name
+adminDescription: MSMQ-CSP-Name
+oMSyntax: 20
+searchFlags: 0
+lDAPDisplayName: mSMQCSPName
+schemaIDGUID:: NMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Dependent-Client-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Dependent-Client-Service
+attributeID: 1.2.840.113556.1.4.1239
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Dependent-Client-Service
+adminDescription: MSMQ-Dependent-Client-Service
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQDependentClientService
+schemaIDGUID:: gw35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Dependent-Client-Services,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Dependent-Client-Services
+attributeID: 1.2.840.113556.1.4.1226
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Dependent-Client-Services
+adminDescription: MSMQ-Dependent-Client-Services
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQDependentClientServices
+schemaIDGUID:: dg35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Digests,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Digests
+attributeID: 1.2.840.113556.1.4.948
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Digests
+adminDescription: MSMQ-Digests
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: mSMQDigests
+schemaIDGUID:: PMMNmgDB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Digests-Mig,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Digests-Mig
+attributeID: 1.2.840.113556.1.4.966
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Digests-Mig
+adminDescription: MSMQ-Digests-Mig
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQDigestsMig
+schemaIDGUID:: 4NhxDzva0RGQpQDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Ds-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Ds-Service
+attributeID: 1.2.840.113556.1.4.1238
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Ds-Service
+adminDescription: MSMQ-Ds-Service
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQDsService
+schemaIDGUID:: gg35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Ds-Services,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Ds-Services
+attributeID: 1.2.840.113556.1.4.1228
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Ds-Services
+adminDescription: MSMQ-Ds-Services
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQDsServices
+schemaIDGUID:: eA35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Encrypt-Key,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Encrypt-Key
+attributeID: 1.2.840.113556.1.4.936
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Encrypt-Key
+adminDescription: MSMQ-Encrypt-Key
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQEncryptKey
+schemaIDGUID:: McMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Foreign,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Foreign
+attributeID: 1.2.840.113556.1.4.934
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Foreign
+adminDescription: MSMQ-Foreign
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQForeign
+schemaIDGUID:: L8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-In-Routing-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-In-Routing-Servers
+attributeID: 1.2.840.113556.1.4.929
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-In-Routing-Servers
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-In-Routing-Servers
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQInRoutingServers
+schemaIDGUID:: LMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Interval1,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Interval1
+attributeID: 1.2.840.113556.1.4.1308
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Interval1
+adminDescription: MSMQ-Interval1
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQInterval1
+schemaIDGUID:: qiWojns70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Interval2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Interval2
+attributeID: 1.2.840.113556.1.4.1309
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Interval2
+adminDescription: MSMQ-Interval2
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQInterval2
+schemaIDGUID:: Uo+4mXs70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Journal,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Journal
+attributeID: 1.2.840.113556.1.4.918
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Journal
+adminDescription: MSMQ-Journal
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQJournal
+schemaIDGUID:: IcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Journal-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Journal-Quota
+attributeID: 1.2.840.113556.1.4.921
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Journal-Quota
+adminDescription: MSMQ-Journal-Quota
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQJournalQuota
+schemaIDGUID:: JMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Label,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Label
+attributeID: 1.2.840.113556.1.4.922
+attributeSyntax: 2.5.5.4
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 124
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Label
+adminDescription: MSMQ-Label
+oMSyntax: 20
+searchFlags: 1
+lDAPDisplayName: mSMQLabel
+schemaIDGUID:: JcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Label-Ex,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Label-Ex
+attributeID: 1.2.840.113556.1.4.1415
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 124
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Label-Ex
+adminDescription: MSMQ-Label-Ex
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: mSMQLabelEx
+schemaIDGUID:: Ja2ARQfU0kitJEPm5WeT1w==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Long-Lived,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Long-Lived
+attributeID: 1.2.840.113556.1.4.941
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Long-Lived
+adminDescription: MSMQ-Long-Lived
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQLongLived
+schemaIDGUID:: NcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Migrated,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Migrated
+attributeID: 1.2.840.113556.1.4.952
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Migrated
+adminDescription: MSMQ-Migrated
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQMigrated
+schemaIDGUID:: P8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Multicast-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Multicast-Address
+attributeID: 1.2.840.113556.1.4.1714
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 9
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Multicast-Address
+adminDescription: MSMQ-Multicast-Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: MSMQ-MulticastAddress
+schemaIDGUID:: EkQvHQ3xN0ObSG5bElzSZQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Name-Style,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Name-Style
+attributeID: 1.2.840.113556.1.4.939
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Name-Style
+adminDescription: MSMQ-Name-Style
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQNameStyle
+schemaIDGUID:: M8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Nt4-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Nt4-Flags
+attributeID: 1.2.840.113556.1.4.964
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Nt4-Flags
+adminDescription: MSMQ-Nt4-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQNt4Flags
+schemaIDGUID:: WKE463/V0RGQogDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Nt4-Stub,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Nt4-Stub
+attributeID: 1.2.840.113556.1.4.960
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Nt4-Stub
+adminDescription: MSMQ-Nt4-Stub
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQNt4Stub
+schemaIDGUID:: 5kuRb37V0RGQogDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-OS-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-OS-Type
+attributeID: 1.2.840.113556.1.4.935
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-OS-Type
+adminDescription: MSMQ-OS-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQOSType
+schemaIDGUID:: MMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Out-Routing-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Out-Routing-Servers
+attributeID: 1.2.840.113556.1.4.928
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Out-Routing-Servers
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-Out-Routing-Servers
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQOutRoutingServers
+schemaIDGUID:: K8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Owner-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Owner-ID
+attributeID: 1.2.840.113556.1.4.925
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Owner-ID
+adminDescription: MSMQ-Owner-ID
+oMSyntax: 4
+searchFlags: 9
+lDAPDisplayName: mSMQOwnerID
+schemaFlagsEx: 1
+schemaIDGUID:: KMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Prev-Site-Gates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Prev-Site-Gates
+attributeID: 1.2.840.113556.1.4.1225
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Prev-Site-Gates
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-Prev-Site-Gates
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQPrevSiteGates
+schemaIDGUID:: dQ35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Privacy-Level,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Privacy-Level
+attributeID: 1.2.840.113556.1.4.924
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Privacy-Level
+adminDescription: MSMQ-Privacy-Level
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: mSMQPrivacyLevel
+schemaIDGUID:: J8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-QM-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-QM-ID
+attributeID: 1.2.840.113556.1.4.951
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-QM-ID
+adminDescription: MSMQ-QM-ID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQQMID
+schemaIDGUID:: PsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Queue-Journal-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Queue-Journal-Quota
+attributeID: 1.2.840.113556.1.4.963
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Queue-Journal-Quota
+adminDescription: MSMQ-Queue-Journal-Quota
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQQueueJournalQuota
+schemaIDGUID:: ZhJEjn/V0RGQogDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Queue-Name-Ext,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Queue-Name-Ext
+attributeID: 1.2.840.113556.1.4.1243
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 92
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Queue-Name-Ext
+adminDescription: MSMQ-Queue-Name-Ext
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mSMQQueueNameExt
+schemaIDGUID:: hw35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Queue-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Queue-Quota
+attributeID: 1.2.840.113556.1.4.962
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Queue-Quota
+adminDescription: MSMQ-Queue-Quota
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQQueueQuota
+schemaIDGUID:: Eo5rP3/V0RGQogDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Queue-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Queue-Type
+attributeID: 1.2.840.113556.1.4.917
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Queue-Type
+adminDescription: MSMQ-Queue-Type
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: mSMQQueueType
+schemaIDGUID:: IMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Quota
+attributeID: 1.2.840.113556.1.4.919
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Quota
+adminDescription: MSMQ-Quota
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQQuota
+schemaIDGUID:: IsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Recipient-FormatName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Recipient-FormatName
+attributeID: 1.2.840.113556.1.4.1695
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Recipient-FormatName
+adminDescription: MSMQ-Recipient-FormatName
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msMQ-Recipient-FormatName
+schemaIDGUID:: SGf+O0S1WkiwZxsxDEM0vw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Routing-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Routing-Service
+attributeID: 1.2.840.113556.1.4.1237
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Routing-Service
+adminDescription: MSMQ-Routing-Service
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQRoutingService
+schemaIDGUID:: gQ35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Routing-Services,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Routing-Services
+attributeID: 1.2.840.113556.1.4.1227
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Routing-Services
+adminDescription: MSMQ-Routing-Services
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQRoutingServices
+schemaIDGUID:: dw35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Secured-Source,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Secured-Source
+attributeID: 1.2.840.113556.1.4.1713
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Secured-Source
+adminDescription: MSMQ-Secured-Source
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: MSMQ-SecuredSource
+schemaIDGUID:: GyLwiwZ6Y02R8BSZlBgT0w==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Service-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Service-Type
+attributeID: 1.2.840.113556.1.4.930
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Service-Type
+adminDescription: MSMQ-Service-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQServiceType
+schemaIDGUID:: LcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Services,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Services
+attributeID: 1.2.840.113556.1.4.950
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Services
+adminDescription: MSMQ-Services
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQServices
+schemaIDGUID:: PcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Sign-Certificates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Sign-Certificates
+attributeID: 1.2.840.113556.1.4.947
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1048576
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Sign-Certificates
+adminDescription: MSMQ-Sign-Certificates
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQSignCertificates
+schemaIDGUID:: O8MNmgDB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Sign-Certificates-Mig,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Sign-Certificates-Mig
+attributeID: 1.2.840.113556.1.4.967
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1048576
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Sign-Certificates-Mig
+adminDescription: MSMQ-Sign-Certificates-Mig
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQSignCertificatesMig
+schemaIDGUID:: 6riBODva0RGQpQDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Sign-Key,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Sign-Key
+attributeID: 1.2.840.113556.1.4.937
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Sign-Key
+adminDescription: MSMQ-Sign-Key
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQSignKey
+schemaIDGUID:: MsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-1,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-1
+attributeID: 1.2.840.113556.1.4.943
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-1
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-Site-1
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQSite1
+schemaIDGUID:: N8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-2
+attributeID: 1.2.840.113556.1.4.944
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-2
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-Site-2
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQSite2
+schemaIDGUID:: OMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-Foreign,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-Foreign
+attributeID: 1.2.840.113556.1.4.961
+attributeSyntax: 2.5.5.8
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-Foreign
+adminDescription: MSMQ-Site-Foreign
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQSiteForeign
+schemaIDGUID:: ip0S/X7V0RGQogDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-Gates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-Gates
+attributeID: 1.2.840.113556.1.4.945
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-Gates
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-Site-Gates
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQSiteGates
+schemaIDGUID:: OcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-Gates-Mig,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-Gates-Mig
+attributeID: 1.2.840.113556.1.4.1310
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-Gates-Mig
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-Site-Gates-Mig
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQSiteGatesMig
+schemaIDGUID:: Ukhw4ns70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-ID
+attributeID: 1.2.840.113556.1.4.953
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-ID
+adminDescription: MSMQ-Site-ID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQSiteID
+schemaIDGUID:: QMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-Name
+attributeID: 1.2.840.113556.1.4.965
+attributeSyntax: 2.5.5.4
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-Name
+adminDescription: MSMQ-Site-Name
+oMSyntax: 20
+searchFlags: 0
+lDAPDisplayName: mSMQSiteName
+schemaIDGUID:: srSt/zne0RGQpQDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-Name-Ex,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-Name-Ex
+attributeID: 1.2.840.113556.1.4.1416
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-Name-Ex
+adminDescription: MSMQ-Site-Name-Ex
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mSMQSiteNameEx
+schemaIDGUID:: +kQhQn/BSUaU1pcx7SeE7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Sites,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Sites
+attributeID: 1.2.840.113556.1.4.927
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Sites
+adminDescription: MSMQ-Sites
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQSites
+schemaIDGUID:: KsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Transactional,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Transactional
+attributeID: 1.2.840.113556.1.4.926
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Transactional
+adminDescription: MSMQ-Transactional
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQTransactional
+schemaIDGUID:: KcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-User-Sid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-User-Sid
+attributeID: 1.2.840.113556.1.4.1337
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-User-Sid
+adminDescription: MSMQ-User-Sid
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQUserSid
+schemaIDGUID:: Mq6KxflW0hGQ0ADAT9kasQ==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Version
+attributeID: 1.2.840.113556.1.4.942
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Version
+adminDescription: MSMQ-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQVersion
+schemaIDGUID:: NsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msNPAllowDialin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msNPAllowDialin
+attributeID: 1.2.840.113556.1.4.1119
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msNPAllowDialin
+adminDescription: msNPAllowDialin
+oMSyntax: 1
+searchFlags: 16
+lDAPDisplayName: msNPAllowDialin
+schemaIDGUID:: hZAM2/LB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msNPCalledStationID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msNPCalledStationID
+attributeID: 1.2.840.113556.1.4.1123
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msNPCalledStationID
+adminDescription: msNPCalledStationID
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: msNPCalledStationID
+schemaIDGUID:: iZAM2/LB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msNPCallingStationID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msNPCallingStationID
+attributeID: 1.2.840.113556.1.4.1124
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msNPCallingStationID
+adminDescription: msNPCallingStationID
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msNPCallingStationID
+schemaIDGUID:: ipAM2/LB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msNPSavedCallingStationID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msNPSavedCallingStationID
+attributeID: 1.2.840.113556.1.4.1130
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msNPSavedCallingStationID
+adminDescription: msNPSavedCallingStationID
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msNPSavedCallingStationID
+schemaIDGUID:: jpAM2/LB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRADIUSCallbackNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRADIUSCallbackNumber
+attributeID: 1.2.840.113556.1.4.1145
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRADIUSCallbackNumber
+adminDescription: msRADIUSCallbackNumber
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUSCallbackNumber
+schemaIDGUID:: nJAM2/LB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRADIUSFramedIPAddress,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRADIUSFramedIPAddress
+attributeID: 1.2.840.113556.1.4.1153
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRADIUSFramedIPAddress
+adminDescription: msRADIUSFramedIPAddress
+oMSyntax: 2
+searchFlags: 16
+lDAPDisplayName: msRADIUSFramedIPAddress
+schemaIDGUID:: pJAM2/LB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRADIUSFramedRoute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRADIUSFramedRoute
+attributeID: 1.2.840.113556.1.4.1158
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRADIUSFramedRoute
+adminDescription: msRADIUSFramedRoute
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUSFramedRoute
+schemaIDGUID:: qZAM2/LB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRADIUSServiceType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRADIUSServiceType
+attributeID: 1.2.840.113556.1.4.1171
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRADIUSServiceType
+adminDescription: msRADIUSServiceType
+oMSyntax: 2
+searchFlags: 16
+lDAPDisplayName: msRADIUSServiceType
+schemaIDGUID:: tpAM2/LB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRASSavedCallbackNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRASSavedCallbackNumber
+attributeID: 1.2.840.113556.1.4.1189
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRASSavedCallbackNumber
+adminDescription: msRASSavedCallbackNumber
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRASSavedCallbackNumber
+schemaIDGUID:: xZAM2/LB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRASSavedFramedIPAddress,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRASSavedFramedIPAddress
+attributeID: 1.2.840.113556.1.4.1190
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRASSavedFramedIPAddress
+adminDescription: msRASSavedFramedIPAddress
+oMSyntax: 2
+searchFlags: 16
+lDAPDisplayName: msRASSavedFramedIPAddress
+schemaIDGUID:: xpAM2/LB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRASSavedFramedRoute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRASSavedFramedRoute
+attributeID: 1.2.840.113556.1.4.1191
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRASSavedFramedRoute
+adminDescription: msRASSavedFramedRoute
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRASSavedFramedRoute
+schemaIDGUID:: x5AM2/LB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Aliases,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Aliases
+attributeID: 1.2.840.113556.1.6.18.1.323
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 153600
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Aliases
+adminDescription: part of the NIS mail map
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: msSFU30Aliases
+schemaIDGUID:: cfHrIJrGMUyyndy4N9iRLQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Crypt-Method,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Crypt-Method
+attributeID: 1.2.840.113556.1.6.18.1.352
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Crypt-Method
+adminDescription: 
+ used to store the method used for encrypting the UNIX passwords, either MD5 or
+  crypt.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: msSFU30CryptMethod
+schemaIDGUID:: o9IDRXA9uEGwd9/xI8FYZQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Domains,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Domains
+attributeID: 1.2.840.113556.1.6.18.1.340
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 256000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Domains
+adminDescription: 
+ stores the list of UNIX NIS domains migrated to the same AD NIS domain
+oMSyntax: 22
+searchFlags: 1
+lDAPDisplayName: msSFU30Domains
+schemaIDGUID:: 014JkzBv3Uu3NGXVafX3yQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Field-Separator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Field-Separator
+attributeID: 1.2.840.113556.1.6.18.1.302
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 50
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Field-Separator
+adminDescription: stores Field Separator for each NIS map
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30FieldSeparator
+schemaIDGUID:: QhrhooHnoUyn+uwwf2K2oQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Intra-Field-Separator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Intra-Field-Separator
+attributeID: 1.2.840.113556.1.6.18.1.303
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 50
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Intra-Field-Separator
+adminDescription: 
+ This attribute stores intra field separators for each NIS map
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30IntraFieldSeparator
+schemaIDGUID:: 8K6yleQnuUyICqLZqeojuA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Is-Valid-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Is-Valid-Container
+attributeID: 1.2.840.113556.1.6.18.1.350
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Is-Valid-Container
+adminDescription: 
+ internal to Server for NIS and stores whether the current search root is valid
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: msSFU30IsValidContainer
+schemaIDGUID:: 9ULqDY0nV0G0p0m1lmSRWw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Key-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Key-Attributes
+attributeID: 1.2.840.113556.1.6.18.1.301
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Key-Attributes
+adminDescription: 
+ stores the names of the attributes which the Server for NIS will use as keys t
+ o search a map
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30KeyAttributes
+schemaIDGUID:: mNbsMp7OlEihNHrXawgugw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Key-Values,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Key-Values
+attributeID: 1.2.840.113556.1.6.18.1.324
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 10240
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Key-Values
+adminDescription: 
+ This attribute is internal to Server for NIS and is used as a scratch pad
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: msSFU30KeyValues
+schemaIDGUID:: NQKDN+nl8kaSK9jUTwPnrg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Map-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Map-Filter
+attributeID: 1.2.840.113556.1.6.18.1.306
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Map-Filter
+adminDescription: 
+ stores a string containing map keys, domain name and so on. The string is used
+  to filter data in a map
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30MapFilter
+schemaIDGUID:: AW6xt08CI06tDXHxpAa2hA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Master-Server-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Master-Server-Name
+attributeID: 1.2.840.113556.1.6.18.1.307
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Master-Server-Name
+adminDescription: 
+ The value in this container is returned when Server for NIS processes a yp_mas
+ ter API call
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msSFU30MasterServerName
+schemaIDGUID:: ogjJTBieDkGEWfF8xCICCg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Max-Gid-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Max-Gid-Number
+attributeID: 1.2.840.113556.1.6.18.1.342
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Max-Gid-Number
+adminDescription: stores the maximum number of groups migrated to a NIS domain
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: msSFU30MaxGidNumber
+schemaIDGUID:: pmruBDv4mka/WjwA02NGaQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Max-Uid-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Max-Uid-Number
+attributeID: 1.2.840.113556.1.6.18.1.343
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Max-Uid-Number
+adminDescription: stores the maximum number of users migrated to a NIS domain
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: msSFU30MaxUidNumber
+schemaIDGUID:: N4SZ7ETZKEqFACF1iK38dQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Name
+attributeID: 1.2.840.113556.1.6.18.1.309
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Name
+adminDescription: stores the name of a map
+oMSyntax: 22
+searchFlags: 1
+lDAPDisplayName: msSFU30Name
+schemaIDGUID:: 09HFFsI1YUCocKXO/agE8A==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Netgroup-Host-At-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Netgroup-Host-At-Domain
+attributeID: 1.2.840.113556.1.6.18.1.348
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Netgroup-Host-At-Domain
+adminDescription: 
+ Part of the netgroup map.This attribute represents computed strings such as ho
+ st@domain
+oMSyntax: 22
+searchFlags: 1
+lDAPDisplayName: msSFU30NetgroupHostAtDomain
+schemaIDGUID:: Zb/Sl2YEUkiiWuwg9X7jbA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Netgroup-User-At-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Netgroup-User-At-Domain
+attributeID: 1.2.840.113556.1.6.18.1.349
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Netgroup-User-At-Domain
+adminDescription: 
+ Part of the netgroup map.This attribute represents computed strings such as us
+ er@domain
+oMSyntax: 22
+searchFlags: 1
+lDAPDisplayName: msSFU30NetgroupUserAtDomain
+schemaIDGUID:: 7U7oqTDmZ0u0s8rSqC00Xg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Nis-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Nis-Domain
+attributeID: 1.2.840.113556.1.6.18.1.339
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Nis-Domain
+adminDescription: This attribute is used to store the NIS domain
+oMSyntax: 22
+searchFlags: 9
+lDAPDisplayName: msSFU30NisDomain
+schemaIDGUID:: 47LjnvPH+EWMnxOCvkmE0g==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-NSMAP-Field-Position,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-NSMAP-Field-Position
+attributeID: 1.2.840.113556.1.6.18.1.345
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-NSMAP-Field-Position
+adminDescription: 
+ This attribute stores the "field position", to extract the key from a non-stan
+ dard map
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: msSFU30NSMAPFieldPosition
+schemaIDGUID:: Xp1cWJn1B0+c+UNzr0uJ0w==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Order-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Order-Number
+attributeID: 1.2.840.113556.1.6.18.1.308
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Order-Number
+adminDescription: 
+ Every time the data stored in the msSFU-30-Domain-Info object is changed, the 
+ value of this attribute is incremented. Server for NIS uses this object to che
+ ck if the map has changed. This number is used to track data changes between y
+ pxfer calls
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msSFU30OrderNumber
+schemaIDGUID:: BV9iAu7Rn0+zZlUma+y5XA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Posix-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Posix-Member
+attributeID: 1.2.840.113556.1.6.18.1.346
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2030
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Posix-Member
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute is used to store the DN display name of users which are a part 
+ of the group
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msSFU30PosixMember
+schemaIDGUID:: Ldh1yEgo7Ey7UDxUhtCdVw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Posix-Member-Of,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Posix-Member-Of
+attributeID: 1.2.840.113556.1.6.18.1.347
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2031
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Posix-Member-Of
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ stores the display names of groups to which this user belongs to
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msSFU30PosixMemberOf
+schemaIDGUID:: kmvXe0QyikOtpiT16jQ4Hg==
+systemOnly: FALSE
+systemFlags: 1
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Result-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Result-Attributes
+attributeID: 1.2.840.113556.1.6.18.1.305
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Result-Attributes
+adminDescription: Server for NIS uses this object as a scratch pad
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30ResultAttributes
+schemaIDGUID:: trBn4UVAM0SsNVP5ctRcug==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Search-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Search-Attributes
+attributeID: 1.2.840.113556.1.6.18.1.304
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Search-Attributes
+adminDescription: 
+ stores the names of the attributes Server for NIS needs while searching a map
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30SearchAttributes
+schemaIDGUID:: 8C2a71cuyEiJUAzGdABHMw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Search-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Search-Container
+attributeID: 1.2.840.113556.1.6.18.1.300
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Search-Container
+adminDescription: 
+ stores the identifier of an object from where each search will begin
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30SearchContainer
+schemaIDGUID:: or/uJ+v7jk+q1sUCR5lCkQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Yp-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Yp-Servers
+attributeID: 1.2.840.113556.1.6.18.1.341
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 20480
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Yp-Servers
+adminDescription: 
+ Stores ypserves list, list of "Servers for NIS" in a NIS domain
+oMSyntax: 22
+searchFlags: 1
+lDAPDisplayName: msSFU30YpServers
+schemaIDGUID:: S5RKCFDh/kuTRUDhrtrrug==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Must-Contain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Must-Contain
+attributeID: 1.2.840.113556.1.2.24
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Must-Contain
+adminDescription: Must-Contain
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: mustContain
+schemaFlagsEx: 1
+schemaIDGUID:: 03mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Name-Service-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Name-Service-Flags
+attributeID: 1.2.840.113556.1.4.753
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Name-Service-Flags
+adminDescription: Name-Service-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: nameServiceFlags
+schemaIDGUID:: QCghgNxL0RGpxAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NC-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NC-Name
+attributeID: 1.2.840.113556.1.2.16
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NC-Name
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: NC-Name
+oMSyntax: 127
+searchFlags: 8
+lDAPDisplayName: nCName
+schemaFlagsEx: 1
+schemaIDGUID:: 1nmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NETBIOS-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NETBIOS-Name
+attributeID: 1.2.840.113556.1.4.87
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NETBIOS-Name
+adminDescription: NETBIOS-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: nETBIOSName
+schemaFlagsEx: 1
+schemaIDGUID:: 2HmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Allow-New-Clients,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Allow-New-Clients
+attributeID: 1.2.840.113556.1.4.849
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Allow-New-Clients
+adminDescription: netboot-Allow-New-Clients
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: netbootAllowNewClients
+schemaIDGUID:: djA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Answer-Only-Valid-Clients,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Answer-Only-Valid-Clients
+attributeID: 1.2.840.113556.1.4.854
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Answer-Only-Valid-Clients
+adminDescription: netboot-Answer-Only-Valid-Clients
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: netbootAnswerOnlyValidClients
+schemaIDGUID:: ezA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Answer-Requests,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Answer-Requests
+attributeID: 1.2.840.113556.1.4.853
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Answer-Requests
+adminDescription: netboot-Answer-Requests
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: netbootAnswerRequests
+schemaIDGUID:: ejA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Current-Client-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Current-Client-Count
+attributeID: 1.2.840.113556.1.4.852
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Current-Client-Count
+adminDescription: netboot-Current-Client-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: netbootCurrentClientCount
+schemaIDGUID:: eTA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Netboot-DUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Netboot-DUID
+attributeID: 1.2.840.113556.1.4.2234
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 2
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Netboot-DUID
+adminDescription: Netboot-DUID
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: netbootDUID
+schemaIDGUID:: vXAlU3c9T0KCLw1jbcbarQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Netboot-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Netboot-GUID
+attributeID: 1.2.840.113556.1.4.359
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Netboot-GUID
+adminDescription: Netboot-GUID
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: netbootGUID
+schemaIDGUID:: IYmXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Netboot-Initialization,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Netboot-Initialization
+attributeID: 1.2.840.113556.1.4.358
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Netboot-Initialization
+adminDescription: Netboot-Initialization
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootInitialization
+schemaIDGUID:: IImXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-IntelliMirror-OSes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-IntelliMirror-OSes
+attributeID: 1.2.840.113556.1.4.857
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-IntelliMirror-OSes
+adminDescription: netboot-IntelliMirror-OSes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootIntelliMirrorOSes
+schemaIDGUID:: fjA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Limit-Clients,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Limit-Clients
+attributeID: 1.2.840.113556.1.4.850
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Limit-Clients
+adminDescription: netboot-Limit-Clients
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: netbootLimitClients
+schemaIDGUID:: dzA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Locally-Installed-OSes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Locally-Installed-OSes
+attributeID: 1.2.840.113556.1.4.859
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Locally-Installed-OSes
+adminDescription: netboot-Locally-Installed-OSes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootLocallyInstalledOSes
+schemaIDGUID:: gDA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Netboot-Machine-File-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Netboot-Machine-File-Path
+attributeID: 1.2.840.113556.1.4.361
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Netboot-Machine-File-Path
+adminDescription: Netboot-Machine-File-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootMachineFilePath
+schemaIDGUID:: I4mXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Max-Clients,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Max-Clients
+attributeID: 1.2.840.113556.1.4.851
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Max-Clients
+adminDescription: netboot-Max-Clients
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: netbootMaxClients
+schemaIDGUID:: eDA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Netboot-Mirror-Data-File,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Netboot-Mirror-Data-File
+attributeID: 1.2.840.113556.1.4.1241
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Netboot-Mirror-Data-File
+adminDescription: Netboot-Mirror-Data-File
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootMirrorDataFile
+schemaIDGUID:: hQ35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-New-Machine-Naming-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-New-Machine-Naming-Policy
+attributeID: 1.2.840.113556.1.4.855
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-New-Machine-Naming-Policy
+adminDescription: netboot-New-Machine-Naming-Policy
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootNewMachineNamingPolicy
+schemaIDGUID:: fDA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-New-Machine-OU,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-New-Machine-OU
+attributeID: 1.2.840.113556.1.4.856
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-New-Machine-OU
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: netboot-New-Machine-OU
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: netbootNewMachineOU
+schemaIDGUID:: fTA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-SCP-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-SCP-BL
+attributeID: 1.2.840.113556.1.4.864
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 101
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-SCP-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: netboot-SCP-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: netbootSCPBL
+schemaIDGUID:: gjA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Server
+attributeID: 1.2.840.113556.1.4.860
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 100
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Server
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: netboot-Server
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: netbootServer
+schemaIDGUID:: gTA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Netboot-SIF-File,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Netboot-SIF-File
+attributeID: 1.2.840.113556.1.4.1240
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Netboot-SIF-File
+adminDescription: Netboot-SIF-File
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootSIFFile
+schemaIDGUID:: hA35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Tools,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Tools
+attributeID: 1.2.840.113556.1.4.858
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Tools
+adminDescription: netboot-Tools
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootTools
+schemaIDGUID:: fzA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Network-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Network-Address
+attributeID: 1.2.840.113556.1.2.459
+attributeSyntax: 2.5.5.4
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 256
+mAPIID: 33136
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Network-Address
+adminDescription: Network-Address
+oMSyntax: 20
+searchFlags: 0
+lDAPDisplayName: networkAddress
+schemaIDGUID:: 2XmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Next-Level-Store,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Next-Level-Store
+attributeID: 1.2.840.113556.1.4.214
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Next-Level-Store
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Next-Level-Store
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: nextLevelStore
+schemaIDGUID:: 2nmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Next-Rid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Next-Rid
+attributeID: 1.2.840.113556.1.4.88
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Next-Rid
+adminDescription: Next-Rid
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: nextRid
+schemaFlagsEx: 1
+schemaIDGUID:: 23mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisMapEntry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NisMapEntry
+attributeID: 1.3.6.1.1.1.1.27
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: nisMapEntry
+adminDescription: This holds one map entry of a non standard map.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: nisMapEntry
+schemaIDGUID:: biGVSsD8LkC1f1lxYmFIqQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisMapName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NisMapName
+attributeID: 1.3.6.1.1.1.1.26
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: nisMapName
+adminDescription: 
+ The attribute contains the name of the map to which the object belongs.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: nisMapName
+schemaIDGUID:: eTydlpoOlU2wrL3ef/jzoQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisNetgroupTriple,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NisNetgroupTriple
+attributeID: 1.3.6.1.1.1.1.14
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 153600
+showInAdvancedViewOnly: TRUE
+adminDisplayName: nisNetgroupTriple
+adminDescription: This attribute represents one entry from a netgroup map.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: nisNetgroupTriple
+schemaIDGUID:: dC4DqO8w9U+v/A/CF3g/7A==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Non-Security-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Non-Security-Member
+attributeID: 1.2.840.113556.1.4.530
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 50
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Non-Security-Member
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Non-Security-Member
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: nonSecurityMember
+schemaIDGUID:: GIBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Non-Security-Member-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Non-Security-Member-BL
+attributeID: 1.2.840.113556.1.4.531
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 51
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Non-Security-Member-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Non-Security-Member-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: nonSecurityMemberBL
+schemaIDGUID:: GYBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Notification-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Notification-List
+attributeID: 1.2.840.113556.1.4.303
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Notification-List
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Notification-List
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: notificationList
+schemaIDGUID:: VloZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NT-Group-Members,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NT-Group-Members
+attributeID: 1.2.840.113556.1.4.89
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NT-Group-Members
+adminDescription: NT-Group-Members
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: nTGroupMembers
+schemaIDGUID:: 33mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NT-Mixed-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NT-Mixed-Domain
+attributeID: 1.2.840.113556.1.4.357
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NT-Mixed-Domain
+adminDescription: NT-Mixed-Domain
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: nTMixedDomain
+schemaFlagsEx: 1
+schemaIDGUID:: H4mXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Nt-Pwd-History,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Nt-Pwd-History
+attributeID: 1.2.840.113556.1.4.94
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Nt-Pwd-History
+adminDescription: Nt-Pwd-History
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: ntPwdHistory
+schemaFlagsEx: 1
+schemaIDGUID:: 4nmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NT-Security-Descriptor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NT-Security-Descriptor
+attributeID: 1.2.840.113556.1.2.281
+attributeSyntax: 2.5.5.15
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+mAPIID: 32787
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NT-Security-Descriptor
+adminDescription: NT-Security-Descriptor
+oMSyntax: 66
+searchFlags: 8
+lDAPDisplayName: nTSecurityDescriptor
+schemaFlagsEx: 1
+schemaIDGUID:: 43mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 26
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Obj-Dist-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Obj-Dist-Name
+attributeID: 2.5.4.49
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+mAPIID: 32828
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Obj-Dist-Name
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Obj-Dist-Name
+oMSyntax: 127
+searchFlags: 8
+lDAPDisplayName: distinguishedName
+schemaFlagsEx: 1
+schemaIDGUID:: 5HmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Category,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Category
+attributeID: 1.2.840.113556.1.4.782
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Category
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Object-Category
+oMSyntax: 127
+searchFlags: 1
+lDAPDisplayName: objectCategory
+schemaFlagsEx: 1
+schemaIDGUID:: aXPZJnBg0RGpxgAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Class
+attributeID: 2.5.4.0
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Class
+adminDescription: Object-Class
+oMSyntax: 6
+searchFlags: 9
+lDAPDisplayName: objectClass
+schemaFlagsEx: 1
+schemaIDGUID:: 5XmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Class-Category,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Class-Category
+attributeID: 1.2.840.113556.1.2.370
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 3
+mAPIID: 33014
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Class-Category
+adminDescription: Object-Class-Category
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: objectClassCategory
+schemaFlagsEx: 1
+schemaIDGUID:: 5nmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Classes
+attributeID: 2.5.21.6
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Classes
+adminDescription: Object-Classes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: objectClasses
+schemaFlagsEx: 1
+schemaIDGUID:: S9l6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Count
+attributeID: 1.2.840.113556.1.4.506
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Count
+adminDescription: Object-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: objectCount
+schemaIDGUID:: FqKqNJm20BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Guid
+attributeID: 1.2.840.113556.1.4.2
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+mAPIID: 35949
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Guid
+adminDescription: Object-Guid
+oMSyntax: 4
+searchFlags: 9
+lDAPDisplayName: objectGUID
+schemaFlagsEx: 1
+schemaIDGUID:: 53mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Sid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Sid
+attributeID: 1.2.840.113556.1.4.146
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 28
+mAPIID: 32807
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Sid
+adminDescription: Object-Sid
+oMSyntax: 4
+searchFlags: 9
+lDAPDisplayName: objectSid
+schemaFlagsEx: 1
+schemaIDGUID:: 6HmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Version
+attributeID: 1.2.840.113556.1.2.76
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 33015
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Version
+adminDescription: Object-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: objectVersion
+schemaFlagsEx: 1
+schemaIDGUID:: SFh3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OEM-Information,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: OEM-Information
+attributeID: 1.2.840.113556.1.4.151
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: OEM-Information
+adminDescription: OEM-Information
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: oEMInformation
+schemaFlagsEx: 1
+schemaIDGUID:: 6nmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OM-Object-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: OM-Object-Class
+attributeID: 1.2.840.113556.1.2.218
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+mAPIID: 33021
+showInAdvancedViewOnly: TRUE
+adminDisplayName: OM-Object-Class
+adminDescription: OM-Object-Class
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: oMObjectClass
+schemaFlagsEx: 1
+schemaIDGUID:: 7HmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OM-Syntax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: OM-Syntax
+attributeID: 1.2.840.113556.1.2.231
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 33022
+showInAdvancedViewOnly: TRUE
+adminDisplayName: OM-Syntax
+adminDescription: OM-Syntax
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: oMSyntax
+schemaFlagsEx: 1
+schemaIDGUID:: 7XmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OMT-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: OMT-Guid
+attributeID: 1.2.840.113556.1.4.505
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: OMT-Guid
+adminDescription: OMT-Guid
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: oMTGuid
+schemaIDGUID:: 8wys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OMT-Indx-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: OMT-Indx-Guid
+attributeID: 1.2.840.113556.1.4.333
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: OMT-Indx-Guid
+adminDescription: OMT-Indx-Guid
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: oMTIndxGuid
+schemaIDGUID:: +nUAH0B+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OncRpcNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: OncRpcNumber
+attributeID: 1.3.6.1.1.1.1.18
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: oncRpcNumber
+adminDescription: 
+ This is a part of the rpc map and stores the RPC number for UNIX RPCs.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: oncRpcNumber
+schemaIDGUID:: 9SVoltkBXEqgEdFa6E76VQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Operating-System,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Operating-System
+attributeID: 1.2.840.113556.1.4.363
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Operating-System
+adminDescription: Operating-System
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: operatingSystem
+schemaFlagsEx: 1
+schemaIDGUID:: JYmXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Operating-System-Hotfix,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Operating-System-Hotfix
+attributeID: 1.2.840.113556.1.4.415
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Operating-System-Hotfix
+adminDescription: Operating-System-Hotfix
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: operatingSystemHotfix
+schemaIDGUID:: PBuVvZac0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Operating-System-Service-Pack,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Operating-System-Service-Pack
+attributeID: 1.2.840.113556.1.4.365
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Operating-System-Service-Pack
+adminDescription: Operating-System-Service-Pack
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: operatingSystemServicePack
+schemaFlagsEx: 1
+schemaIDGUID:: J4mXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Operating-System-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Operating-System-Version
+attributeID: 1.2.840.113556.1.4.364
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Operating-System-Version
+adminDescription: Operating-System-Version
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: operatingSystemVersion
+schemaFlagsEx: 1
+schemaIDGUID:: JomXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Operator-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Operator-Count
+attributeID: 1.2.840.113556.1.4.144
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Operator-Count
+adminDescription: Operator-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: operatorCount
+schemaFlagsEx: 1
+schemaIDGUID:: 7nmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Option-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Option-Description
+attributeID: 1.2.840.113556.1.4.712
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Option-Description
+adminDescription: Option-Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: optionDescription
+schemaIDGUID:: TSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Options,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Options
+attributeID: 1.2.840.113556.1.4.307
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Options
+adminDescription: Options
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: options
+schemaFlagsEx: 1
+schemaIDGUID:: U1oZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Options-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Options-Location
+attributeID: 1.2.840.113556.1.4.713
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Options-Location
+adminDescription: Options-Location
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: optionsLocation
+schemaIDGUID:: Tic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Organization-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Organization-Name
+attributeID: 2.5.4.10
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 33025
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Organization-Name
+adminDescription: Organization-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: o
+schemaFlagsEx: 1
+schemaIDGUID:: 73mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Organizational-Unit-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Organizational-Unit-Name
+attributeID: 2.5.4.11
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 33026
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Organizational-Unit-Name
+adminDescription: Organizational-Unit-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: ou
+schemaFlagsEx: 1
+schemaIDGUID:: 8HmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=organizationalStatus,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: organizationalStatus
+attributeID: 0.9.2342.19200300.100.1.45
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: organizationalStatus
+adminDescription: 
+ The organizationalStatus attribute type specifies a category by which a person
+  is often referred to in an organization.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: organizationalStatus
+schemaIDGUID:: GWBZKElzL02t/1pimWH5Qg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Original-Display-Table,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Original-Display-Table
+attributeID: 1.2.840.113556.1.2.445
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 33027
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Original-Display-Table
+adminDescription: Original-Display-Table
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: originalDisplayTable
+schemaIDGUID:: ziTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Original-Display-Table-MSDOS,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Original-Display-Table-MSDOS
+attributeID: 1.2.840.113556.1.2.214
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 33028
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Original-Display-Table-MSDOS
+adminDescription: Original-Display-Table-MSDOS
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: originalDisplayTableMSDOS
+schemaIDGUID:: zyTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Other-Login-Workstations,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Other-Login-Workstations
+attributeID: 1.2.840.113556.1.4.91
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Other-Login-Workstations
+adminDescription: Other-Login-Workstations
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: otherLoginWorkstations
+schemaIDGUID:: 8XmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Other-Mailbox,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Other-Mailbox
+attributeID: 1.2.840.113556.1.4.651
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Other-Mailbox
+adminDescription: Other-Mailbox
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherMailbox
+schemaIDGUID:: I8GWAtpA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Other-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Other-Name
+attributeID: 2.16.840.1.113730.3.1.34
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Other-Name
+adminDescription: Other-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: middleName
+schemaIDGUID:: 8nmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Other-Well-Known-Objects,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Other-Well-Known-Objects
+attributeID: 1.2.840.113556.1.4.1359
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Other-Well-Known-Objects
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: Other-Well-Known-Objects
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: otherWellKnownObjects
+schemaFlagsEx: 1
+schemaIDGUID:: XU6mHg+s0hGQ3wDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Owner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Owner
+attributeID: 2.5.4.32
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 44
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Owner
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Owner
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: owner
+schemaIDGUID:: 83mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Package-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Package-Flags
+attributeID: 1.2.840.113556.1.4.327
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Package-Flags
+adminDescription: Package-Flags
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: packageFlags
+schemaIDGUID:: mQ5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Package-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Package-Name
+attributeID: 1.2.840.113556.1.4.326
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Package-Name
+adminDescription: Package-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: packageName
+schemaIDGUID:: mA5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Package-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Package-Type
+attributeID: 1.2.840.113556.1.4.324
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Package-Type
+adminDescription: Package-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: packageType
+schemaIDGUID:: lg5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Parent-CA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Parent-CA
+attributeID: 1.2.840.113556.1.4.557
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Parent-CA
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Parent-CA
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: parentCA
+schemaIDGUID:: G4BFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Parent-CA-Certificate-Chain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Parent-CA-Certificate-Chain
+attributeID: 1.2.840.113556.1.4.685
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Parent-CA-Certificate-Chain
+adminDescription: Parent-CA-Certificate-Chain
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: parentCACertificateChain
+schemaIDGUID:: Myc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Parent-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Parent-GUID
+attributeID: 1.2.840.113556.1.4.1224
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Parent-GUID
+adminDescription: Parent-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: parentGUID
+schemaFlagsEx: 1
+schemaIDGUID:: dA35LZ8A0hGqTADAT9fYOg==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Partial-Attribute-Deletion-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Partial-Attribute-Deletion-List
+attributeID: 1.2.840.113556.1.4.663
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Partial-Attribute-Deletion-List
+adminDescription: Partial-Attribute-Deletion-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: partialAttributeDeletionList
+schemaFlagsEx: 1
+schemaIDGUID:: wA5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Partial-Attribute-Set,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Partial-Attribute-Set
+attributeID: 1.2.840.113556.1.4.640
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Partial-Attribute-Set
+adminDescription: Partial-Attribute-Set
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: partialAttributeSet
+schemaFlagsEx: 1
+schemaIDGUID:: nltAGfo80RGpwAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pek-Key-Change-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pek-Key-Change-Interval
+attributeID: 1.2.840.113556.1.4.866
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pek-Key-Change-Interval
+adminDescription: Pek-Key-Change-Interval
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: pekKeyChangeInterval
+schemaIDGUID:: hDA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pek-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pek-List
+attributeID: 1.2.840.113556.1.4.865
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pek-List
+adminDescription: Pek-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pekList
+schemaFlagsEx: 1
+schemaIDGUID:: gzA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pending-CA-Certificates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pending-CA-Certificates
+attributeID: 1.2.840.113556.1.4.693
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pending-CA-Certificates
+adminDescription: Pending-CA-Certificates
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pendingCACertificates
+schemaIDGUID:: PCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pending-Parent-CA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pending-Parent-CA
+attributeID: 1.2.840.113556.1.4.695
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pending-Parent-CA
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Pending-Parent-CA
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: pendingParentCA
+schemaIDGUID:: Pic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Per-Msg-Dialog-Display-Table,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Per-Msg-Dialog-Display-Table
+attributeID: 1.2.840.113556.1.2.325
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 33032
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Per-Msg-Dialog-Display-Table
+adminDescription: Per-Msg-Dialog-Display-Table
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: perMsgDialogDisplayTable
+schemaIDGUID:: 0yTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Per-Recip-Dialog-Display-Table,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Per-Recip-Dialog-Display-Table
+attributeID: 1.2.840.113556.1.2.326
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 33033
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Per-Recip-Dialog-Display-Table
+adminDescription: Per-Recip-Dialog-Display-Table
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: perRecipDialogDisplayTable
+schemaIDGUID:: 1CTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Personal-Title,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Personal-Title
+attributeID: 1.2.840.113556.1.2.615
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35947
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Personal-Title
+adminDescription: Personal-Title
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: personalTitle
+schemaIDGUID:: WFh3FvNH0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Fax-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Fax-Other
+attributeID: 1.2.840.113556.1.4.646
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Fax-Other
+adminDescription: Phone-Fax-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherFacsimileTelephoneNumber
+schemaIDGUID:: HcGWAtpA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Home-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Home-Other
+attributeID: 1.2.840.113556.1.2.277
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14895
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Home-Other
+adminDescription: Phone-Home-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherHomePhone
+schemaIDGUID:: ov/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Home-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Home-Primary
+attributeID: 0.9.2342.19200300.100.1.20
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14857
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Home-Primary
+adminDescription: Phone-Home-Primary
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: homePhone
+schemaIDGUID:: of/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Ip-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Ip-Other
+attributeID: 1.2.840.113556.1.4.722
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Ip-Other
+adminDescription: Phone-Ip-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherIpPhone
+schemaIDGUID:: S24UTdRI0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Ip-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Ip-Primary
+attributeID: 1.2.840.113556.1.4.721
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Ip-Primary
+adminDescription: Phone-Ip-Primary
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ipPhone
+schemaIDGUID:: Sm4UTdRI0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-ISDN-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-ISDN-Primary
+attributeID: 1.2.840.113556.1.4.649
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-ISDN-Primary
+adminDescription: Phone-ISDN-Primary
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: primaryInternationalISDNNumber
+schemaIDGUID:: H8GWAtpA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Mobile-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Mobile-Other
+attributeID: 1.2.840.113556.1.4.647
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Mobile-Other
+adminDescription: Phone-Mobile-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherMobile
+schemaIDGUID:: HsGWAtpA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Mobile-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Mobile-Primary
+attributeID: 0.9.2342.19200300.100.1.41
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14876
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Mobile-Primary
+adminDescription: Phone-Mobile-Primary
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mobile
+schemaIDGUID:: o//48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Office-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Office-Other
+attributeID: 1.2.840.113556.1.2.18
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14875
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Office-Other
+adminDescription: Phone-Office-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherTelephone
+schemaIDGUID:: pf/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Pager-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Pager-Other
+attributeID: 1.2.840.113556.1.2.118
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35950
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Pager-Other
+adminDescription: Phone-Pager-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherPager
+schemaIDGUID:: pP/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Pager-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Pager-Primary
+attributeID: 0.9.2342.19200300.100.1.42
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14881
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Pager-Primary
+adminDescription: Phone-Pager-Primary
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: pager
+schemaIDGUID:: pv/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=photo,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: photo
+attributeID: 0.9.2342.19200300.100.1.7
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: photo
+adminDescription: 
+ An object encoded in G3 fax as explained in recommendation T.4, with an ASN.1 
+ wrapper to make it compatible with an X.400 BodyPart as defined in X.420.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: photo
+schemaIDGUID:: aJeXnBq6CEyWMsalwe1kmg==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Physical-Delivery-Office-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Physical-Delivery-Office-Name
+attributeID: 2.5.4.19
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 14873
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Physical-Delivery-Office-Name
+adminDescription: Physical-Delivery-Office-Name
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: physicalDeliveryOfficeName
+schemaIDGUID:: 93mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Physical-Location-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Physical-Location-Object
+attributeID: 1.2.840.113556.1.4.514
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Physical-Location-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Physical-Location-Object
+oMSyntax: 127
+searchFlags: 1
+lDAPDisplayName: physicalLocationObject
+schemaIDGUID:: GTGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Picture,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Picture
+attributeID: 2.16.840.1.113730.3.1.35
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 102400
+mAPIID: 35998
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Picture
+adminDescription: Picture
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: thumbnailPhoto
+schemaIDGUID:: UMo7jX4d0BGggQCqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Critical-Extensions,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Critical-Extensions
+attributeID: 1.2.840.113556.1.4.1330
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Critical-Extensions
+adminDescription: PKI-Critical-Extensions
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: pKICriticalExtensions
+schemaIDGUID:: BpFa/J070hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Default-CSPs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Default-CSPs
+attributeID: 1.2.840.113556.1.4.1334
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Default-CSPs
+adminDescription: PKI-Default-CSPs
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: pKIDefaultCSPs
+schemaIDGUID:: bjP2Hp470hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Default-Key-Spec,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Default-Key-Spec
+attributeID: 1.2.840.113556.1.4.1327
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Default-Key-Spec
+adminDescription: PKI-Default-Key-Spec
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: pKIDefaultKeySpec
+schemaIDGUID:: bq5sQp070hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Enrollment-Access,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Enrollment-Access
+attributeID: 1.2.840.113556.1.4.1335
+attributeSyntax: 2.5.5.15
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Enrollment-Access
+adminDescription: PKI-Enrollment-Access
+oMSyntax: 66
+searchFlags: 0
+lDAPDisplayName: pKIEnrollmentAccess
+schemaIDGUID:: eOJrkvlW0hGQ0ADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Expiration-Period,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Expiration-Period
+attributeID: 1.2.840.113556.1.4.1331
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Expiration-Period
+adminDescription: PKI-Expiration-Period
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pKIExpirationPeriod
+schemaIDGUID:: 0nAVBJ470hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Extended-Key-Usage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Extended-Key-Usage
+attributeID: 1.2.840.113556.1.4.1333
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Extended-Key-Usage
+adminDescription: PKI-Extended-Key-Usage
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: pKIExtendedKeyUsage
+schemaIDGUID:: 9mqXGJ470hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Key-Usage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Key-Usage
+attributeID: 1.2.840.113556.1.4.1328
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Key-Usage
+adminDescription: PKI-Key-Usage
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pKIKeyUsage
+schemaIDGUID:: fqiw6Z070hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Max-Issuing-Depth,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Max-Issuing-Depth
+attributeID: 1.2.840.113556.1.4.1329
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Max-Issuing-Depth
+adminDescription: PKI-Max-Issuing-Depth
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: pKIMaxIssuingDepth
+schemaIDGUID:: +t6/8J070hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Overlap-Period,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Overlap-Period
+attributeID: 1.2.840.113556.1.4.1332
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Overlap-Period
+adminDescription: PKI-Overlap-Period
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pKIOverlapPeriod
+schemaIDGUID:: 7KMZEp470hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKT,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKT
+attributeID: 1.2.840.113556.1.4.206
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 10485760
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKT
+adminDescription: PKT
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pKT
+schemaIDGUID:: 8flHhCcQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKT-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKT-Guid
+attributeID: 1.2.840.113556.1.4.205
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKT-Guid
+adminDescription: PKT-Guid
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pKTGuid
+schemaIDGUID:: 8PlHhCcQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Policy-Replication-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Policy-Replication-Flags
+attributeID: 1.2.840.113556.1.4.633
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Policy-Replication-Flags
+adminDescription: Policy-Replication-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: policyReplicationFlags
+schemaIDGUID:: lltAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Port-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Port-Name
+attributeID: 1.2.840.113556.1.4.228
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Port-Name
+adminDescription: Port-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: portName
+schemaIDGUID:: xBYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Poss-Superiors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Poss-Superiors
+attributeID: 1.2.840.113556.1.2.8
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Poss-Superiors
+adminDescription: Poss-Superiors
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: possSuperiors
+schemaFlagsEx: 1
+schemaIDGUID:: +nmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Possible-Inferiors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Possible-Inferiors
+attributeID: 1.2.840.113556.1.4.915
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Possible-Inferiors
+adminDescription: Possible-Inferiors
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: possibleInferiors
+schemaFlagsEx: 1
+schemaIDGUID:: TNl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Post-Office-Box,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Post-Office-Box
+attributeID: 2.5.4.18
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 40
+mAPIID: 14891
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Post-Office-Box
+adminDescription: Post-Office-Box
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: postOfficeBox
+schemaIDGUID:: +3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Postal-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Postal-Address
+attributeID: 2.5.4.16
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 4096
+mAPIID: 33036
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Postal-Address
+adminDescription: Postal-Address
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: postalAddress
+schemaIDGUID:: /HmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Postal-Code,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Postal-Code
+attributeID: 2.5.4.17
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 40
+mAPIID: 14890
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Postal-Code
+adminDescription: Postal-Code
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: postalCode
+schemaIDGUID:: /XmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Preferred-Delivery-Method,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Preferred-Delivery-Method
+attributeID: 2.5.4.28
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+mAPIID: 33037
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Preferred-Delivery-Method
+adminDescription: Preferred-Delivery-Method
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: preferredDeliveryMethod
+schemaIDGUID:: /nmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Preferred-OU,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Preferred-OU
+attributeID: 1.2.840.113556.1.4.97
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Preferred-OU
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Preferred-OU
+oMSyntax: 127
+searchFlags: 16
+lDAPDisplayName: preferredOU
+schemaIDGUID:: /3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=preferredLanguage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: preferredLanguage
+attributeID: 2.16.840.1.113730.3.1.39
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: preferredLanguage
+adminDescription: The preferred written or spoken language for a person.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: preferredLanguage
+schemaIDGUID:: 0OBrhecY4UaPX37k2QIODQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Prefix-Map,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Prefix-Map
+attributeID: 1.2.840.113556.1.4.538
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Prefix-Map
+adminDescription: Prefix-Map
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: prefixMap
+schemaFlagsEx: 1
+schemaIDGUID:: IoBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Presentation-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Presentation-Address
+attributeID: 2.5.4.29
+attributeSyntax: 2.5.5.13
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Presentation-Address
+oMObjectClass:: KwwCh3McAIVc
+adminDescription: Presentation-Address
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: presentationAddress
+schemaIDGUID:: S3TfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Previous-CA-Certificates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Previous-CA-Certificates
+attributeID: 1.2.840.113556.1.4.692
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Previous-CA-Certificates
+adminDescription: Previous-CA-Certificates
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: previousCACertificates
+schemaIDGUID:: OSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Previous-Parent-CA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Previous-Parent-CA
+attributeID: 1.2.840.113556.1.4.694
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Previous-Parent-CA
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Previous-Parent-CA
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: previousParentCA
+schemaIDGUID:: PSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Primary-Group-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Primary-Group-ID
+attributeID: 1.2.840.113556.1.4.98
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Primary-Group-ID
+adminDescription: Primary-Group-ID
+oMSyntax: 2
+searchFlags: 17
+lDAPDisplayName: primaryGroupID
+schemaFlagsEx: 1
+schemaIDGUID:: AHqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Primary-Group-Token,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Primary-Group-Token
+attributeID: 1.2.840.113556.1.4.1412
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Primary-Group-Token
+adminDescription: Primary-Group-Token
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: primaryGroupToken
+schemaFlagsEx: 1
+schemaIDGUID:: OIftwP1+gUSE2WbS24vjaQ==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Attributes
+attributeID: 1.2.840.113556.1.4.247
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Attributes
+adminDescription: Print-Attributes
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printAttributes
+schemaIDGUID:: 1xYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Bin-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Bin-Names
+attributeID: 1.2.840.113556.1.4.237
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Bin-Names
+adminDescription: Print-Bin-Names
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printBinNames
+schemaIDGUID:: zRYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Collate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Collate
+attributeID: 1.2.840.113556.1.4.242
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Collate
+adminDescription: Print-Collate
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: printCollate
+schemaIDGUID:: 0hYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Color,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Color
+attributeID: 1.2.840.113556.1.4.243
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Color
+adminDescription: Print-Color
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: printColor
+schemaIDGUID:: 0xYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Duplex-Supported,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Duplex-Supported
+attributeID: 1.2.840.113556.1.4.1311
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Duplex-Supported
+adminDescription: Print-Duplex-Supported
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: printDuplexSupported
+schemaIDGUID:: zBYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-End-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-End-Time
+attributeID: 1.2.840.113556.1.4.234
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-End-Time
+adminDescription: Print-End-Time
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printEndTime
+schemaIDGUID:: yhYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Form-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Form-Name
+attributeID: 1.2.840.113556.1.4.235
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Form-Name
+adminDescription: Print-Form-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printFormName
+schemaIDGUID:: yxYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Keep-Printed-Jobs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Keep-Printed-Jobs
+attributeID: 1.2.840.113556.1.4.275
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Keep-Printed-Jobs
+adminDescription: Print-Keep-Printed-Jobs
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: printKeepPrintedJobs
+schemaIDGUID:: bV8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Language,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Language
+attributeID: 1.2.840.113556.1.4.246
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Language
+adminDescription: Print-Language
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printLanguage
+schemaIDGUID:: 1hYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-MAC-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-MAC-Address
+attributeID: 1.2.840.113556.1.4.288
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-MAC-Address
+adminDescription: Print-MAC-Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printMACAddress
+schemaIDGUID:: el8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Max-Copies,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Max-Copies
+attributeID: 1.2.840.113556.1.4.241
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Max-Copies
+adminDescription: Print-Max-Copies
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMaxCopies
+schemaIDGUID:: 0RYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Max-Resolution-Supported,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Max-Resolution-Supported
+attributeID: 1.2.840.113556.1.4.238
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Max-Resolution-Supported
+adminDescription: Print-Max-Resolution-Supported
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMaxResolutionSupported
+schemaIDGUID:: zxYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Max-X-Extent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Max-X-Extent
+attributeID: 1.2.840.113556.1.4.277
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Max-X-Extent
+adminDescription: Print-Max-X-Extent
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMaxXExtent
+schemaIDGUID:: b18wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Max-Y-Extent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Max-Y-Extent
+attributeID: 1.2.840.113556.1.4.278
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Max-Y-Extent
+adminDescription: Print-Max-Y-Extent
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMaxYExtent
+schemaIDGUID:: cF8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Media-Ready,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Media-Ready
+attributeID: 1.2.840.113556.1.4.289
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Media-Ready
+adminDescription: Print-Media-Ready
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printMediaReady
+schemaIDGUID:: 9fzLOz1N0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Media-Supported,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Media-Supported
+attributeID: 1.2.840.113556.1.4.299
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Media-Supported
+adminDescription: Print-Media-Supported
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printMediaSupported
+schemaIDGUID:: bylLJL1a0BGv0gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Memory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Memory
+attributeID: 1.2.840.113556.1.4.282
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Memory
+adminDescription: Print-Memory
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMemory
+schemaIDGUID:: dF8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Min-X-Extent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Min-X-Extent
+attributeID: 1.2.840.113556.1.4.279
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Min-X-Extent
+adminDescription: Print-Min-X-Extent
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMinXExtent
+schemaIDGUID:: cV8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Min-Y-Extent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Min-Y-Extent
+attributeID: 1.2.840.113556.1.4.280
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Min-Y-Extent
+adminDescription: Print-Min-Y-Extent
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMinYExtent
+schemaIDGUID:: cl8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Network-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Network-Address
+attributeID: 1.2.840.113556.1.4.287
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Network-Address
+adminDescription: Print-Network-Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printNetworkAddress
+schemaIDGUID:: eV8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Notify,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Notify
+attributeID: 1.2.840.113556.1.4.272
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Notify
+adminDescription: Print-Notify
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printNotify
+schemaIDGUID:: al8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Number-Up,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Number-Up
+attributeID: 1.2.840.113556.1.4.290
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Number-Up
+adminDescription: Print-Number-Up
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printNumberUp
+schemaIDGUID:: 9PzLOz1N0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Orientations-Supported,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Orientations-Supported
+attributeID: 1.2.840.113556.1.4.240
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Orientations-Supported
+adminDescription: Print-Orientations-Supported
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printOrientationsSupported
+schemaIDGUID:: 0BYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Owner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Owner
+attributeID: 1.2.840.113556.1.4.271
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Owner
+adminDescription: Print-Owner
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printOwner
+schemaIDGUID:: aV8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Pages-Per-Minute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Pages-Per-Minute
+attributeID: 1.2.840.113556.1.4.631
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Pages-Per-Minute
+adminDescription: Print-Pages-Per-Minute
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printPagesPerMinute
+schemaIDGUID:: l1tAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Rate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Rate
+attributeID: 1.2.840.113556.1.4.285
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Rate
+adminDescription: Print-Rate
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printRate
+schemaIDGUID:: d18wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Rate-Unit,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Rate-Unit
+attributeID: 1.2.840.113556.1.4.286
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Rate-Unit
+adminDescription: Print-Rate-Unit
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printRateUnit
+schemaIDGUID:: eF8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Separator-File,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Separator-File
+attributeID: 1.2.840.113556.1.4.230
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Separator-File
+adminDescription: Print-Separator-File
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printSeparatorFile
+schemaIDGUID:: xhYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Share-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Share-Name
+attributeID: 1.2.840.113556.1.4.270
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Share-Name
+adminDescription: Print-Share-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printShareName
+schemaIDGUID:: aF8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Spooling,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Spooling
+attributeID: 1.2.840.113556.1.4.274
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Spooling
+adminDescription: Print-Spooling
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printSpooling
+schemaIDGUID:: bF8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Stapling-Supported,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Stapling-Supported
+attributeID: 1.2.840.113556.1.4.281
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Stapling-Supported
+adminDescription: Print-Stapling-Supported
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: printStaplingSupported
+schemaIDGUID:: c18wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Start-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Start-Time
+attributeID: 1.2.840.113556.1.4.233
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Start-Time
+adminDescription: Print-Start-Time
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printStartTime
+schemaIDGUID:: yRYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Status,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Status
+attributeID: 1.2.840.113556.1.4.273
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Status
+adminDescription: Print-Status
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printStatus
+schemaIDGUID:: a18wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Printer-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Printer-Name
+attributeID: 1.2.840.113556.1.4.300
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Printer-Name
+adminDescription: Printer-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printerName
+schemaIDGUID:: bilLJL1a0BGv0gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Prior-Set-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Prior-Set-Time
+attributeID: 1.2.840.113556.1.4.99
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Prior-Set-Time
+adminDescription: Prior-Set-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: priorSetTime
+schemaFlagsEx: 1
+schemaIDGUID:: AXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Prior-Value,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Prior-Value
+attributeID: 1.2.840.113556.1.4.100
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Prior-Value
+adminDescription: Prior-Value
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: priorValue
+schemaFlagsEx: 1
+schemaIDGUID:: AnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Priority
+attributeID: 1.2.840.113556.1.4.231
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Priority
+adminDescription: Priority
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: priority
+schemaIDGUID:: xxYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Private-Key,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Private-Key
+attributeID: 1.2.840.113556.1.4.101
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Private-Key
+adminDescription: Private-Key
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: privateKey
+schemaFlagsEx: 1
+schemaIDGUID:: A3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Privilege-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Privilege-Attributes
+attributeID: 1.2.840.113556.1.4.636
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Privilege-Attributes
+adminDescription: Privilege-Attributes
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: privilegeAttributes
+schemaIDGUID:: mltAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Privilege-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Privilege-Display-Name
+attributeID: 1.2.840.113556.1.4.634
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Privilege-Display-Name
+adminDescription: Privilege-Display-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: privilegeDisplayName
+schemaIDGUID:: mFtAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Privilege-Holder,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Privilege-Holder
+attributeID: 1.2.840.113556.1.4.637
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 70
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Privilege-Holder
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Privilege-Holder
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: privilegeHolder
+schemaIDGUID:: m1tAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Privilege-Value,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Privilege-Value
+attributeID: 1.2.840.113556.1.4.635
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Privilege-Value
+adminDescription: Privilege-Value
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: privilegeValue
+schemaIDGUID:: mVtAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Product-Code,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Product-Code
+attributeID: 1.2.840.113556.1.4.818
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Product-Code
+adminDescription: Product-Code
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: productCode
+schemaIDGUID:: F4Ph2TmJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Profile-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Profile-Path
+attributeID: 1.2.840.113556.1.4.139
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Profile-Path
+adminDescription: Profile-Path
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: profilePath
+schemaFlagsEx: 1
+schemaIDGUID:: BXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Proxied-Object-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Proxied-Object-Name
+attributeID: 1.2.840.113556.1.4.1249
+attributeSyntax: 2.5.5.7
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Proxied-Object-Name
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: Proxied-Object-Name
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: proxiedObjectName
+schemaFlagsEx: 1
+schemaIDGUID:: AqSu4VvN0BGv/wAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Proxy-Addresses,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Proxy-Addresses
+attributeID: 1.2.840.113556.1.2.210
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 1123
+mAPIID: 32783
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Proxy-Addresses
+adminDescription: Proxy-Addresses
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: proxyAddresses
+schemaFlagsEx: 1
+schemaIDGUID:: BnqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Proxy-Generation-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Proxy-Generation-Enabled
+attributeID: 1.2.840.113556.1.2.523
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+mAPIID: 33201
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Proxy-Generation-Enabled
+adminDescription: Proxy-Generation-Enabled
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: proxyGenerationEnabled
+schemaIDGUID:: 1iTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Proxy-Lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Proxy-Lifetime
+attributeID: 1.2.840.113556.1.4.103
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Proxy-Lifetime
+adminDescription: Proxy-Lifetime
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: proxyLifetime
+schemaFlagsEx: 1
+schemaIDGUID:: B3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Public-Key-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Public-Key-Policy
+attributeID: 1.2.840.113556.1.4.420
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Public-Key-Policy
+adminDescription: Public-Key-Policy
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: publicKeyPolicy
+schemaIDGUID:: KH6mgCKf0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: /YmboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Purported-Search,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Purported-Search
+attributeID: 1.2.840.113556.1.4.886
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Purported-Search
+adminDescription: Purported-Search
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: purportedSearch
+schemaIDGUID:: UE61tDqU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pwd-History-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pwd-History-Length
+attributeID: 1.2.840.113556.1.4.95
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pwd-History-Length
+adminDescription: Pwd-History-Length
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: pwdHistoryLength
+schemaFlagsEx: 1
+schemaIDGUID:: CXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pwd-Last-Set,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pwd-Last-Set
+attributeID: 1.2.840.113556.1.4.96
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pwd-Last-Set
+adminDescription: Pwd-Last-Set
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: pwdLastSet
+schemaFlagsEx: 1
+schemaIDGUID:: CnqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pwd-Properties,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pwd-Properties
+attributeID: 1.2.840.113556.1.4.93
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pwd-Properties
+adminDescription: Pwd-Properties
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: pwdProperties
+schemaFlagsEx: 1
+schemaIDGUID:: C3qWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Quality-Of-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Quality-Of-Service
+attributeID: 1.2.840.113556.1.4.458
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Quality-Of-Service
+adminDescription: Quality-Of-Service
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: qualityOfService
+schemaIDGUID:: Tn6mgCKf0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: AYqboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Query-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Query-Filter
+attributeID: 1.2.840.113556.1.4.1355
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Query-Filter
+adminDescription: Query-Filter
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: queryFilter
+schemaIDGUID:: Jgr3y3h+0hGZIQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Query-Policy-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Query-Policy-BL
+attributeID: 1.2.840.113556.1.4.608
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 69
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Query-Policy-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Query-Policy-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: queryPolicyBL
+schemaIDGUID:: BKSu4VvN0BGv/wAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Query-Policy-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Query-Policy-Object
+attributeID: 1.2.840.113556.1.4.607
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 68
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Query-Policy-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Query-Policy-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: queryPolicyObject
+schemaFlagsEx: 1
+schemaIDGUID:: A6Su4VvN0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=QueryPoint,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: QueryPoint
+attributeID: 1.2.840.113556.1.4.680
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: QueryPoint
+adminDescription: QueryPoint
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: queryPoint
+schemaIDGUID:: hsv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Range-Lower,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Range-Lower
+attributeID: 1.2.840.113556.1.2.34
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 33043
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Range-Lower
+adminDescription: Range-Lower
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: rangeLower
+schemaFlagsEx: 1
+schemaIDGUID:: DHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Range-Upper,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Range-Upper
+attributeID: 1.2.840.113556.1.2.35
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 33044
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Range-Upper
+adminDescription: Range-Upper
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: rangeUpper
+schemaFlagsEx: 1
+schemaIDGUID:: DXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RDN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RDN
+attributeID: 1.2.840.113556.1.4.1
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 255
+mAPIID: 33282
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RDN
+adminDescription: RDN
+oMSyntax: 64
+searchFlags: 13
+lDAPDisplayName: name
+schemaFlagsEx: 1
+schemaIDGUID:: DnqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RDN-Att-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RDN-Att-ID
+attributeID: 1.2.840.113556.1.2.26
+attributeSyntax: 2.5.5.2
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RDN-Att-ID
+adminDescription: RDN-Att-ID
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: rDNAttID
+schemaFlagsEx: 1
+schemaIDGUID:: D3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Registered-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Registered-Address
+attributeID: 2.5.4.26
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 4096
+mAPIID: 33049
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Registered-Address
+adminDescription: Registered-Address
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: registeredAddress
+schemaIDGUID:: EHqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Server-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Remote-Server-Name
+attributeID: 1.2.840.113556.1.4.105
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Remote-Server-Name
+adminDescription: Remote-Server-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: remoteServerName
+schemaIDGUID:: EnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Source,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Remote-Source
+attributeID: 1.2.840.113556.1.4.107
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Remote-Source
+adminDescription: Remote-Source
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: remoteSource
+schemaIDGUID:: FHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Source-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Remote-Source-Type
+attributeID: 1.2.840.113556.1.4.108
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Remote-Source-Type
+adminDescription: Remote-Source-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: remoteSourceType
+schemaIDGUID:: FXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Storage-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Remote-Storage-GUID
+attributeID: 1.2.840.113556.1.4.809
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Remote-Storage-GUID
+adminDescription: Remote-Storage-GUID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: remoteStorageGUID
+schemaIDGUID:: sMU5KmCJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Repl-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Repl-Interval
+attributeID: 1.2.840.113556.1.4.1336
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Repl-Interval
+adminDescription: Repl-Interval
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: replInterval
+schemaFlagsEx: 1
+schemaIDGUID:: Gp26RfpW0hGQ0ADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Repl-Property-Meta-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Repl-Property-Meta-Data
+attributeID: 1.2.840.113556.1.4.3
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Repl-Property-Meta-Data
+adminDescription: Repl-Property-Meta-Data
+oMSyntax: 4
+searchFlags: 8
+lDAPDisplayName: replPropertyMetaData
+schemaFlagsEx: 1
+schemaIDGUID:: wBYUKGgZ0BGijwCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 27
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Repl-Topology-Stay-Of-Execution,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Repl-Topology-Stay-Of-Execution
+attributeID: 1.2.840.113556.1.4.677
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Repl-Topology-Stay-Of-Execution
+adminDescription: Repl-Topology-Stay-Of-Execution
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: replTopologyStayOfExecution
+schemaFlagsEx: 1
+schemaIDGUID:: g8v9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Repl-UpToDate-Vector,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Repl-UpToDate-Vector
+attributeID: 1.2.840.113556.1.4.4
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Repl-UpToDate-Vector
+adminDescription: Repl-UpToDate-Vector
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: replUpToDateVector
+schemaFlagsEx: 1
+schemaIDGUID:: FnqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Replica-Source,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Replica-Source
+attributeID: 1.2.840.113556.1.4.109
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Replica-Source
+adminDescription: Replica-Source
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: replicaSource
+schemaIDGUID:: GHqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Reports,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Reports
+attributeID: 1.2.840.113556.1.2.436
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 32782
+linkID: 43
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Reports
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Reports
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: directReports
+schemaIDGUID:: HHqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Reps-From,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Reps-From
+attributeID: 1.2.840.113556.1.2.91
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Reps-From
+oMObjectClass:: KoZIhvcUAQEBBg==
+adminDescription: Reps-From
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: repsFrom
+schemaFlagsEx: 1
+schemaIDGUID:: HXqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Reps-To,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Reps-To
+attributeID: 1.2.840.113556.1.2.83
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Reps-To
+oMObjectClass:: KoZIhvcUAQEBBg==
+adminDescription: Reps-To
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: repsTo
+schemaFlagsEx: 1
+schemaIDGUID:: HnqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Required-Categories,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Required-Categories
+attributeID: 1.2.840.113556.1.4.321
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Required-Categories
+adminDescription: Required-Categories
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: requiredCategories
+schemaIDGUID:: kw5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Retired-Repl-DSA-Signatures,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Retired-Repl-DSA-Signatures
+attributeID: 1.2.840.113556.1.4.673
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Retired-Repl-DSA-Signatures
+adminDescription: Retired-Repl-DSA-Signatures
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: retiredReplDSASignatures
+schemaFlagsEx: 1
+schemaIDGUID:: f8v9ewdI0RGpwwAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Revision,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Revision
+attributeID: 1.2.840.113556.1.4.145
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Revision
+adminDescription: Revision
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: revision
+schemaFlagsEx: 1
+schemaIDGUID:: IXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Rid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Rid
+attributeID: 1.2.840.113556.1.4.153
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Rid
+adminDescription: Rid
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: rid
+schemaFlagsEx: 1
+schemaIDGUID:: InqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Allocation-Pool,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Allocation-Pool
+attributeID: 1.2.840.113556.1.4.371
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Allocation-Pool
+adminDescription: RID-Allocation-Pool
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: rIDAllocationPool
+schemaFlagsEx: 1
+schemaIDGUID:: iRgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Available-Pool,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Available-Pool
+attributeID: 1.2.840.113556.1.4.370
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Available-Pool
+adminDescription: RID-Available-Pool
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: rIDAvailablePool
+schemaFlagsEx: 1
+schemaIDGUID:: iBgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Manager-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Manager-Reference
+attributeID: 1.2.840.113556.1.4.368
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Manager-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: RID-Manager-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: rIDManagerReference
+schemaFlagsEx: 1
+schemaIDGUID:: hhgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Next-RID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Next-RID
+attributeID: 1.2.840.113556.1.4.374
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Next-RID
+adminDescription: RID-Next-RID
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: rIDNextRID
+schemaFlagsEx: 1
+schemaIDGUID:: jBgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Previous-Allocation-Pool,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Previous-Allocation-Pool
+attributeID: 1.2.840.113556.1.4.372
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Previous-Allocation-Pool
+adminDescription: RID-Previous-Allocation-Pool
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: rIDPreviousAllocationPool
+schemaFlagsEx: 1
+schemaIDGUID:: ihgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Set-References,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Set-References
+attributeID: 1.2.840.113556.1.4.669
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Set-References
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: RID-Set-References
+oMSyntax: 127
+searchFlags: 8
+lDAPDisplayName: rIDSetReferences
+schemaFlagsEx: 1
+schemaIDGUID:: e8v9ewdI0RGpwwAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Used-Pool,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Used-Pool
+attributeID: 1.2.840.113556.1.4.373
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Used-Pool
+adminDescription: RID-Used-Pool
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: rIDUsedPool
+schemaFlagsEx: 1
+schemaIDGUID:: ixgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Rights-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Rights-Guid
+attributeID: 1.2.840.113556.1.4.340
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Rights-Guid
+adminDescription: Rights-Guid
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: rightsGuid
+schemaFlagsEx: 1
+schemaIDGUID:: HJOXgtOG0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Role-Occupant,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Role-Occupant
+attributeID: 2.5.4.33
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 33061
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Role-Occupant
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Role-Occupant
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: roleOccupant
+schemaIDGUID:: ZXTfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=roomNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: roomNumber
+attributeID: 0.9.2342.19200300.100.1.6
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: roomNumber
+adminDescription: The room number of an object.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: roomNumber
+schemaIDGUID:: wvjXgSfjDUqRxrQtQAkRXw==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Root-Trust,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Root-Trust
+attributeID: 1.2.840.113556.1.4.674
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Root-Trust
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Root-Trust
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: rootTrust
+schemaFlagsEx: 1
+schemaIDGUID:: gMv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Annotation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Annotation
+attributeID: 1.2.840.113556.1.4.366
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Annotation
+adminDescription: rpc-Ns-Annotation
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: rpcNsAnnotation
+schemaIDGUID:: 3hthiPSM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Bindings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Bindings
+attributeID: 1.2.840.113556.1.4.113
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Bindings
+adminDescription: rpc-Ns-Bindings
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: rpcNsBindings
+schemaIDGUID:: I3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Codeset,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Codeset
+attributeID: 1.2.840.113556.1.4.367
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Codeset
+adminDescription: rpc-Ns-Codeset
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: rpcNsCodeset
+schemaIDGUID:: 4KALepiO0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Entry-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Entry-Flags
+attributeID: 1.2.840.113556.1.4.754
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Entry-Flags
+adminDescription: rpc-Ns-Entry-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: rpcNsEntryFlags
+schemaIDGUID:: QSghgNxL0RGpxAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Group
+attributeID: 1.2.840.113556.1.4.114
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Group
+adminDescription: rpc-Ns-Group
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: rpcNsGroup
+schemaIDGUID:: JHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Interface-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Interface-ID
+attributeID: 1.2.840.113556.1.4.115
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Interface-ID
+adminDescription: rpc-Ns-Interface-ID
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: rpcNsInterfaceID
+schemaIDGUID:: JXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Object-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Object-ID
+attributeID: 1.2.840.113556.1.4.312
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Object-ID
+adminDescription: rpc-Ns-Object-ID
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: rpcNsObjectID
+schemaIDGUID:: SBxAKSd60BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Priority
+attributeID: 1.2.840.113556.1.4.117
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Priority
+adminDescription: rpc-Ns-Priority
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: rpcNsPriority
+schemaIDGUID:: J3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Profile-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Profile-Entry
+attributeID: 1.2.840.113556.1.4.118
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Profile-Entry
+adminDescription: rpc-Ns-Profile-Entry
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: rpcNsProfileEntry
+schemaIDGUID:: KHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Transfer-Syntax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Transfer-Syntax
+attributeID: 1.2.840.113556.1.4.314
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Transfer-Syntax
+adminDescription: rpc-Ns-Transfer-Syntax
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: rpcNsTransferSyntax
+schemaIDGUID:: ShxAKSd60BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SAM-Account-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SAM-Account-Name
+attributeID: 1.2.840.113556.1.4.221
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SAM-Account-Name
+adminDescription: SAM-Account-Name
+oMSyntax: 64
+searchFlags: 13
+lDAPDisplayName: sAMAccountName
+schemaFlagsEx: 1
+schemaIDGUID:: 0L8KPmoS0BGgYACqAGwz7Q==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SAM-Account-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SAM-Account-Type
+attributeID: 1.2.840.113556.1.4.302
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SAM-Account-Type
+adminDescription: SAM-Account-Type
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: sAMAccountType
+schemaFlagsEx: 1
+schemaIDGUID:: bGJ7bvJk0BGv0gDAT9kwyQ==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SAM-Domain-Updates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SAM-Domain-Updates
+attributeID: 1.2.840.113556.1.4.1969
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SAM-Domain-Updates
+adminDescription: 
+ Contains a bitmask of performed SAM operations on active directory
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: samDomainUpdates
+schemaFlagsEx: 1
+schemaIDGUID:: FNHSBJn3m0683JDo9bp+vg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Schedule,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Schedule
+attributeID: 1.2.840.113556.1.4.211
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Schedule
+adminDescription: Schedule
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: schedule
+schemaFlagsEx: 1
+schemaIDGUID:: JCJx3eQQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Schema-Flags-Ex,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Schema-Flags-Ex
+attributeID: 1.2.840.113556.1.4.120
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Schema-Flags-Ex
+adminDescription: Schema-Flags-Ex
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: schemaFlagsEx
+schemaFlagsEx: 1
+schemaIDGUID:: K3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Schema-ID-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Schema-ID-GUID
+attributeID: 1.2.840.113556.1.4.148
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Schema-ID-GUID
+adminDescription: Schema-ID-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: schemaIDGUID
+schemaFlagsEx: 1
+schemaIDGUID:: I3mWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Schema-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Schema-Info
+attributeID: 1.2.840.113556.1.4.1358
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Schema-Info
+adminDescription: Schema-Info
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: schemaInfo
+schemaFlagsEx: 1
+schemaIDGUID:: rmT7+bST0hGZRQAA+HpX1A==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Schema-Update,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Schema-Update
+attributeID: 1.2.840.113556.1.4.481
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Schema-Update
+adminDescription: Schema-Update
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: schemaUpdate
+schemaIDGUID:: tAYtHo+s0BGv4wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Schema-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Schema-Version
+attributeID: 1.2.840.113556.1.2.471
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+mAPIID: 33148
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Schema-Version
+adminDescription: Schema-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: schemaVersion
+schemaIDGUID:: LHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Scope-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Scope-Flags
+attributeID: 1.2.840.113556.1.4.1354
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Scope-Flags
+adminDescription: Scope-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: scopeFlags
+schemaIDGUID:: wqTzFnl+0hGZIQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Script-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Script-Path
+attributeID: 1.2.840.113556.1.4.62
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Script-Path
+adminDescription: Script-Path
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: scriptPath
+schemaFlagsEx: 1
+schemaIDGUID:: qHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SD-Rights-Effective,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SD-Rights-Effective
+attributeID: 1.2.840.113556.1.4.1304
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SD-Rights-Effective
+adminDescription: SD-Rights-Effective
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: sDRightsEffective
+schemaFlagsEx: 1
+schemaIDGUID:: pq/bw98z0hGYsgAA+HpX1A==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Search-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Search-Flags
+attributeID: 1.2.840.113556.1.2.334
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+mAPIID: 33069
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Search-Flags
+adminDescription: Search-Flags
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: searchFlags
+schemaFlagsEx: 1
+schemaIDGUID:: LXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Search-Guide,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Search-Guide
+attributeID: 2.5.4.14
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+mAPIID: 33070
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Search-Guide
+adminDescription: Search-Guide
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: searchGuide
+schemaIDGUID:: LnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=secretary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: secretary
+attributeID: 0.9.2342.19200300.100.1.21
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: secretary
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Specifies the secretary of a person.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: secretary
+schemaIDGUID:: mi0HAa2YU0qXROg+KHJ4+w==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Security-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Security-Identifier
+attributeID: 1.2.840.113556.1.4.121
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Security-Identifier
+adminDescription: Security-Identifier
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: securityIdentifier
+schemaFlagsEx: 1
+schemaIDGUID:: L3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=See-Also,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: See-Also
+attributeID: 2.5.4.34
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 33071
+showInAdvancedViewOnly: TRUE
+adminDisplayName: See-Also
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: See-Also
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: seeAlso
+schemaIDGUID:: MXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Seq-Notification,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Seq-Notification
+attributeID: 1.2.840.113556.1.4.504
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Seq-Notification
+adminDescription: Seq-Notification
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: seqNotification
+schemaIDGUID:: 8gys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Serial-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Serial-Number
+attributeID: 2.5.4.5
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 33072
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Serial-Number
+adminDescription: Serial-Number
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: serialNumber
+schemaIDGUID:: MnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Server-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Server-Name
+attributeID: 1.2.840.113556.1.4.223
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Server-Name
+adminDescription: Server-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: serverName
+schemaFlagsEx: 1
+schemaIDGUID:: oLfcCV8W0BGgZACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Server-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Server-Reference
+attributeID: 1.2.840.113556.1.4.515
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 94
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Server-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Server-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: serverReference
+schemaFlagsEx: 1
+schemaIDGUID:: bXPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Server-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Server-Reference-BL
+attributeID: 1.2.840.113556.1.4.516
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 95
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Server-Reference-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Server-Reference-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: serverReferenceBL
+schemaFlagsEx: 1
+schemaIDGUID:: bnPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Server-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Server-Role
+attributeID: 1.2.840.113556.1.4.157
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Server-Role
+adminDescription: Server-Role
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: serverRole
+schemaIDGUID:: M3qWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Server-State,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Server-State
+attributeID: 1.2.840.113556.1.4.154
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Server-State
+adminDescription: Server-State
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: serverState
+schemaFlagsEx: 1
+schemaIDGUID:: NHqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Binding-Information,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-Binding-Information
+attributeID: 1.2.840.113556.1.4.510
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Binding-Information
+adminDescription: Service-Binding-Information
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: serviceBindingInformation
+schemaIDGUID:: HDGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Class-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-Class-ID
+attributeID: 1.2.840.113556.1.4.122
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Class-ID
+adminDescription: Service-Class-ID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: serviceClassID
+schemaIDGUID:: NXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Class-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-Class-Info
+attributeID: 1.2.840.113556.1.4.123
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Class-Info
+adminDescription: Service-Class-Info
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: serviceClassInfo
+schemaIDGUID:: NnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Class-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-Class-Name
+attributeID: 1.2.840.113556.1.4.509
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Class-Name
+adminDescription: Service-Class-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: serviceClassName
+schemaIDGUID:: HTGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-DNS-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-DNS-Name
+attributeID: 1.2.840.113556.1.4.657
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-DNS-Name
+adminDescription: Service-DNS-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: serviceDNSName
+schemaIDGUID:: uA5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-DNS-Name-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-DNS-Name-Type
+attributeID: 1.2.840.113556.1.4.659
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-DNS-Name-Type
+adminDescription: Service-DNS-Name-Type
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: serviceDNSNameType
+schemaIDGUID:: ug5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Instance-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-Instance-Version
+attributeID: 1.2.840.113556.1.4.199
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 8
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Instance-Version
+adminDescription: Service-Instance-Version
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: serviceInstanceVersion
+schemaIDGUID:: N3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Principal-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-Principal-Name
+attributeID: 1.2.840.113556.1.4.771
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Principal-Name
+adminDescription: Service-Principal-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: servicePrincipalName
+schemaFlagsEx: 1
+schemaIDGUID:: iEem8wZT0RGpxQAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Setup-Command,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Setup-Command
+attributeID: 1.2.840.113556.1.4.325
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Setup-Command
+adminDescription: Setup-Command
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: setupCommand
+schemaIDGUID:: lw5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowExpire,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowExpire
+attributeID: 1.3.6.1.1.1.1.10
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowExpire
+adminDescription: Absolute date to expire account
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowExpire
+schemaIDGUID:: AJoVdf8f9EyL/07yaVz2Qw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowFlag,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowFlag
+attributeID: 1.3.6.1.1.1.1.11
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowFlag
+adminDescription: 
+ This is a part of the shadow map used to store the flag value.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowFlag
+schemaIDGUID:: Dbf+jdvFtkaxXqQ4nmzumw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowInactive,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowInactive
+attributeID: 1.3.6.1.1.1.1.9
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowInactive
+adminDescription: Number of days before password expiry to warn user
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowInactive
+schemaIDGUID:: Hx2HhhAzEkOO/a9J3PsmcQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowLastChange,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowLastChange
+attributeID: 1.3.6.1.1.1.1.5
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowLastChange
+adminDescription: Last change of shadow information.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowLastChange
+schemaIDGUID:: nGjy+OgpQ0iBd+i5jhXurA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowMax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowMax
+attributeID: 1.3.6.1.1.1.1.7
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowMax
+adminDescription: Maximum number of days password is valid.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowMax
+schemaIDGUID:: UsmF8t1QnkSRYDuIDZmYjQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowMin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowMin
+attributeID: 1.3.6.1.1.1.1.6
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowMin
+adminDescription: Minimum number of days between shadow changes.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowMin
+schemaIDGUID:: N4drp6HlaEWwV9wS4Evksg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowWarning,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowWarning
+attributeID: 1.3.6.1.1.1.1.8
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowWarning
+adminDescription: Number of days before password expiry to warn user
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowWarning
+schemaIDGUID:: nJzoenYpRkq7ijQPiFYBFw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Shell-Context-Menu,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Shell-Context-Menu
+attributeID: 1.2.840.113556.1.4.615
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Shell-Context-Menu
+adminDescription: Shell-Context-Menu
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: shellContextMenu
+schemaIDGUID:: OdA/VS7z0BGwvADAT9jcpg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Shell-Property-Pages,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Shell-Property-Pages
+attributeID: 1.2.840.113556.1.4.563
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Shell-Property-Pages
+adminDescription: Shell-Property-Pages
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: shellPropertyPages
+schemaIDGUID:: OYBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Short-Server-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Short-Server-Name
+attributeID: 1.2.840.113556.1.4.1209
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Short-Server-Name
+adminDescription: Short-Server-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: shortServerName
+schemaIDGUID:: ARWwRRnE0RG7yQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Show-In-Address-Book,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Show-In-Address-Book
+attributeID: 1.2.840.113556.1.4.644
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Show-In-Address-Book
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Show-In-Address-Book
+oMSyntax: 127
+searchFlags: 16
+lDAPDisplayName: showInAddressBook
+schemaFlagsEx: 1
+schemaIDGUID:: DvZ0PnM+0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Show-In-Advanced-View-Only,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Show-In-Advanced-View-Only
+attributeID: 1.2.840.113556.1.2.169
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Show-In-Advanced-View-Only
+adminDescription: Show-In-Advanced-View-Only
+oMSyntax: 1
+searchFlags: 17
+lDAPDisplayName: showInAdvancedViewOnly
+schemaFlagsEx: 1
+schemaIDGUID:: hHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SID-History,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SID-History
+attributeID: 1.2.840.113556.1.4.609
+attributeSyntax: 2.5.5.17
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SID-History
+adminDescription: SID-History
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: sIDHistory
+schemaFlagsEx: 1
+schemaIDGUID:: eELrF2fR0BGwAgAA+ANnwQ==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Signature-Algorithms,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Signature-Algorithms
+attributeID: 1.2.840.113556.1.4.824
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Signature-Algorithms
+adminDescription: Signature-Algorithms
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: signatureAlgorithms
+schemaIDGUID:: ssU5KmCJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Site-GUID
+attributeID: 1.2.840.113556.1.4.362
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-GUID
+adminDescription: Site-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: siteGUID
+schemaIDGUID:: JImXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Link-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Site-Link-List
+attributeID: 1.2.840.113556.1.4.822
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 142
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-Link-List
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Site-Link-List
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: siteLinkList
+schemaFlagsEx: 1
+schemaIDGUID:: 3SwM1VGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Site-List
+attributeID: 1.2.840.113556.1.4.821
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 144
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-List
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Site-List
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: siteList
+schemaFlagsEx: 1
+schemaIDGUID:: 3CwM1VGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Site-Object
+attributeID: 1.2.840.113556.1.4.512
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 46
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Site-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: siteObject
+schemaFlagsEx: 1
+schemaIDGUID:: TJQQPlTD0BGv+AAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Object-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Site-Object-BL
+attributeID: 1.2.840.113556.1.4.513
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 47
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-Object-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Site-Object-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: siteObjectBL
+schemaIDGUID:: TZQQPlTD0BGv+AAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Site-Server
+attributeID: 1.2.840.113556.1.4.494
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-Server
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Site-Server
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: siteServer
+schemaIDGUID:: fPHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SMTP-Mail-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SMTP-Mail-Address
+attributeID: 1.2.840.113556.1.4.786
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SMTP-Mail-Address
+adminDescription: SMTP-Mail-Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mailAddress
+schemaFlagsEx: 1
+schemaIDGUID:: b3PZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SPN-Mappings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SPN-Mappings
+attributeID: 1.2.840.113556.1.4.1347
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SPN-Mappings
+adminDescription: SPN-Mappings
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: sPNMappings
+schemaFlagsEx: 1
+schemaIDGUID:: bOewKkFw0hGZBQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=State-Or-Province-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: State-Or-Province-Name
+attributeID: 2.5.4.8
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 14888
+showInAdvancedViewOnly: TRUE
+adminDisplayName: State-Or-Province-Name
+adminDescription: State-Or-Province-Name
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: st
+schemaFlagsEx: 1
+schemaIDGUID:: OXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Street-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Street-Address
+attributeID: 2.5.4.9
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+mAPIID: 33082
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Street-Address
+adminDescription: Street-Address
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: street
+schemaFlagsEx: 1
+schemaIDGUID:: OnqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Structural-Object-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Structural-Object-Class
+attributeID: 2.5.21.9
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Structural-Object-Class
+adminDescription: The class hierarchy without auxiliary classes
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: structuralObjectClass
+schemaFlagsEx: 1
+schemaIDGUID:: n5RgOKj2OEuZUIHstrwpgg==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sub-Class-Of,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Sub-Class-Of
+attributeID: 1.2.840.113556.1.2.21
+attributeSyntax: 2.5.5.2
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sub-Class-Of
+adminDescription: Sub-Class-Of
+oMSyntax: 6
+searchFlags: 8
+lDAPDisplayName: subClassOf
+schemaFlagsEx: 1
+schemaIDGUID:: O3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sub-Refs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Sub-Refs
+attributeID: 1.2.840.113556.1.2.7
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 33083
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sub-Refs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Sub-Refs
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: subRefs
+schemaFlagsEx: 1
+schemaIDGUID:: PHqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SubSchemaSubEntry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SubSchemaSubEntry
+attributeID: 2.5.18.10
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SubSchemaSubEntry
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: SubSchemaSubEntry
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: subSchemaSubEntry
+schemaFlagsEx: 1
+schemaIDGUID:: Tdl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Super-Scope-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Super-Scope-Description
+attributeID: 1.2.840.113556.1.4.711
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Super-Scope-Description
+adminDescription: Super-Scope-Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: superScopeDescription
+schemaIDGUID:: TCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Super-Scopes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Super-Scopes
+attributeID: 1.2.840.113556.1.4.710
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Super-Scopes
+adminDescription: Super-Scopes
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: superScopes
+schemaIDGUID:: Syc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Superior-DNS-Root,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Superior-DNS-Root
+attributeID: 1.2.840.113556.1.4.532
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Superior-DNS-Root
+adminDescription: Superior-DNS-Root
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: superiorDNSRoot
+schemaFlagsEx: 1
+schemaIDGUID:: HYBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Supplemental-Credentials,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Supplemental-Credentials
+attributeID: 1.2.840.113556.1.4.125
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Supplemental-Credentials
+adminDescription: Supplemental-Credentials
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: supplementalCredentials
+schemaFlagsEx: 1
+schemaIDGUID:: P3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Supported-Application-Context,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Supported-Application-Context
+attributeID: 2.5.4.30
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+mAPIID: 33085
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Supported-Application-Context
+adminDescription: Supported-Application-Context
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: supportedApplicationContext
+schemaIDGUID:: j1h3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Surname,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Surname
+attributeID: 2.5.4.4
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14865
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Surname
+adminDescription: Surname
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: sn
+schemaFlagsEx: 1
+schemaIDGUID:: QXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sync-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Sync-Attributes
+attributeID: 1.2.840.113556.1.4.666
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sync-Attributes
+adminDescription: Sync-Attributes
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: syncAttributes
+schemaIDGUID:: 5FF2Ax1E0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sync-Membership,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Sync-Membership
+attributeID: 1.2.840.113556.1.4.665
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 78
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sync-Membership
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Sync-Membership
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: syncMembership
+schemaIDGUID:: 41F2Ax1E0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sync-With-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Sync-With-Object
+attributeID: 1.2.840.113556.1.4.664
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sync-With-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Sync-With-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: syncWithObject
+schemaIDGUID:: 4lF2Ax1E0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sync-With-SID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Sync-With-SID
+attributeID: 1.2.840.113556.1.4.667
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sync-With-SID
+adminDescription: Sync-With-SID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: syncWithSID
+schemaIDGUID:: 5VF2Ax1E0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=System-Auxiliary-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: System-Auxiliary-Class
+attributeID: 1.2.840.113556.1.4.198
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: System-Auxiliary-Class
+adminDescription: System-Auxiliary-Class
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: systemAuxiliaryClass
+schemaFlagsEx: 1
+schemaIDGUID:: Q3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=System-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: System-Flags
+attributeID: 1.2.840.113556.1.4.375
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: System-Flags
+adminDescription: System-Flags
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: systemFlags
+schemaFlagsEx: 1
+schemaIDGUID:: Yh764EWb0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=System-May-Contain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: System-May-Contain
+attributeID: 1.2.840.113556.1.4.196
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: System-May-Contain
+adminDescription: System-May-Contain
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: systemMayContain
+schemaFlagsEx: 1
+schemaIDGUID:: RHqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=System-Must-Contain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: System-Must-Contain
+attributeID: 1.2.840.113556.1.4.197
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: System-Must-Contain
+adminDescription: System-Must-Contain
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: systemMustContain
+schemaFlagsEx: 1
+schemaIDGUID:: RXqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=System-Only,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: System-Only
+attributeID: 1.2.840.113556.1.4.170
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: System-Only
+adminDescription: System-Only
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: systemOnly
+schemaFlagsEx: 1
+schemaIDGUID:: RnqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=System-Poss-Superiors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: System-Poss-Superiors
+attributeID: 1.2.840.113556.1.4.195
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: System-Poss-Superiors
+adminDescription: System-Poss-Superiors
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: systemPossSuperiors
+schemaFlagsEx: 1
+schemaIDGUID:: R3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Telephone-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Telephone-Number
+attributeID: 2.5.4.20
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14856
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Telephone-Number
+adminDescription: Telephone-Number
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: telephoneNumber
+schemaIDGUID:: SXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Teletex-Terminal-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Teletex-Terminal-Identifier
+attributeID: 2.5.4.22
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+mAPIID: 33091
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Teletex-Terminal-Identifier
+adminDescription: Teletex-Terminal-Identifier
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: teletexTerminalIdentifier
+schemaIDGUID:: SnqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Telex-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Telex-Number
+attributeID: 2.5.4.21
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 32
+mAPIID: 14892
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Telex-Number
+adminDescription: Telex-Number
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: telexNumber
+schemaIDGUID:: S3qWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Telex-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Telex-Primary
+attributeID: 1.2.840.113556.1.4.648
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Telex-Primary
+adminDescription: Telex-Primary
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: primaryTelexNumber
+schemaIDGUID:: IcGWAtpA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Template-Roots,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Template-Roots
+attributeID: 1.2.840.113556.1.4.1346
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Template-Roots
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Template-Roots
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: templateRoots
+schemaFlagsEx: 1
+schemaIDGUID:: oOmd7UFw0hGZBQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Template-Roots2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Template-Roots2
+attributeID: 1.2.840.113556.1.4.2048
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2126
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Template-Roots2
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute is used on the Exchange config container to indicate where the 
+ template containers are stored. This information is used by the Active Directo
+ ry MAPI provider.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: templateRoots2
+schemaFlagsEx: 1
+schemaIDGUID:: GqnLsYIGYkOmWRU+IB7waQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Terminal-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Terminal-Server
+attributeID: 1.2.840.113556.1.4.885
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 20480
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Terminal-Server
+adminDescription: Terminal-Server
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: terminalServer
+schemaIDGUID:: HJq2bSKU0RGuvQAA+ANnwQ==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Text-Country,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Text-Country
+attributeID: 1.2.840.113556.1.2.131
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 14886
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Text-Country
+adminDescription: Text-Country
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: co
+schemaIDGUID:: p//48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Text-Encoded-OR-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Text-Encoded-OR-Address
+attributeID: 0.9.2342.19200300.100.1.2
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+mAPIID: 35969
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Text-Encoded-OR-Address
+adminDescription: Text-Encoded-OR-Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: textEncodedORAddress
+schemaIDGUID:: iXTfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Time-Refresh,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Time-Refresh
+attributeID: 1.2.840.113556.1.4.503
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Time-Refresh
+adminDescription: Time-Refresh
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: timeRefresh
+schemaIDGUID:: 8Qys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Time-Vol-Change,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Time-Vol-Change
+attributeID: 1.2.840.113556.1.4.502
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Time-Vol-Change
+adminDescription: Time-Vol-Change
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: timeVolChange
+schemaIDGUID:: 8Ays3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Title,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Title
+attributeID: 2.5.4.12
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 14871
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Title
+adminDescription: Title
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: title
+schemaIDGUID:: VXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Token-Groups,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Token-Groups
+attributeID: 1.2.840.113556.1.4.1301
+attributeSyntax: 2.5.5.17
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Token-Groups
+adminDescription: Token-Groups
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: tokenGroups
+schemaFlagsEx: 1
+schemaIDGUID:: bZ7Gt8cs0hGFTgCgyYP2CA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Token-Groups-Global-And-Universal,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Token-Groups-Global-And-Universal
+attributeID: 1.2.840.113556.1.4.1418
+attributeSyntax: 2.5.5.17
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Token-Groups-Global-And-Universal
+adminDescription: Token-Groups-Global-And-Universal
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: tokenGroupsGlobalAndUniversal
+schemaFlagsEx: 1
+schemaIDGUID:: HbGpRq5gWkC36P+KWNRW0g==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Token-Groups-No-GC-Acceptable,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Token-Groups-No-GC-Acceptable
+attributeID: 1.2.840.113556.1.4.1303
+attributeSyntax: 2.5.5.17
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Token-Groups-No-GC-Acceptable
+adminDescription: Token-Groups-No-GC-Acceptable
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: tokenGroupsNoGCAcceptable
+schemaFlagsEx: 1
+schemaIDGUID:: ksMPBN8z0hGYsgAA+HpX1A==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Tombstone-Lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Tombstone-Lifetime
+attributeID: 1.2.840.113556.1.2.54
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 33093
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Tombstone-Lifetime
+adminDescription: Tombstone-Lifetime
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: tombstoneLifetime
+schemaFlagsEx: 1
+schemaIDGUID:: YKjDFnMS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Transport-Address-Attribute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Transport-Address-Attribute
+attributeID: 1.2.840.113556.1.4.895
+attributeSyntax: 2.5.5.2
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Transport-Address-Attribute
+adminDescription: Transport-Address-Attribute
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: transportAddressAttribute
+schemaFlagsEx: 1
+schemaIDGUID:: fIbcwWGi0RG2BgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Transport-DLL-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Transport-DLL-Name
+attributeID: 1.2.840.113556.1.4.789
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Transport-DLL-Name
+adminDescription: Transport-DLL-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: transportDLLName
+schemaFlagsEx: 1
+schemaIDGUID:: cnPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Transport-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Transport-Type
+attributeID: 1.2.840.113556.1.4.791
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Transport-Type
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Transport-Type
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: transportType
+schemaFlagsEx: 1
+schemaIDGUID:: dHPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Treat-As-Leaf,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Treat-As-Leaf
+attributeID: 1.2.840.113556.1.4.806
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Treat-As-Leaf
+adminDescription: Treat-As-Leaf
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: treatAsLeaf
+schemaIDGUID:: 40TQjx930RGurgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Tree-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Tree-Name
+attributeID: 1.2.840.113556.1.4.660
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Tree-Name
+adminDescription: Tree-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: treeName
+schemaIDGUID:: vQ5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Attributes
+attributeID: 1.2.840.113556.1.4.470
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Attributes
+adminDescription: Trust-Attributes
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: trustAttributes
+schemaFlagsEx: 1
+schemaIDGUID:: Wn6mgCKf0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Auth-Incoming,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Auth-Incoming
+attributeID: 1.2.840.113556.1.4.129
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Auth-Incoming
+adminDescription: Trust-Auth-Incoming
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: trustAuthIncoming
+schemaFlagsEx: 1
+schemaIDGUID:: WXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Auth-Outgoing,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Auth-Outgoing
+attributeID: 1.2.840.113556.1.4.135
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Auth-Outgoing
+adminDescription: Trust-Auth-Outgoing
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: trustAuthOutgoing
+schemaFlagsEx: 1
+schemaIDGUID:: X3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Direction,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Direction
+attributeID: 1.2.840.113556.1.4.132
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Direction
+adminDescription: Trust-Direction
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: trustDirection
+schemaFlagsEx: 1
+schemaIDGUID:: XHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Parent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Parent
+attributeID: 1.2.840.113556.1.4.471
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Parent
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Trust-Parent
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: trustParent
+schemaFlagsEx: 1
+schemaIDGUID:: euoAsIag0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Partner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Partner
+attributeID: 1.2.840.113556.1.4.133
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Partner
+adminDescription: Trust-Partner
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: trustPartner
+schemaFlagsEx: 1
+schemaIDGUID:: XXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Posix-Offset,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Posix-Offset
+attributeID: 1.2.840.113556.1.4.134
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Posix-Offset
+adminDescription: Trust-Posix-Offset
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: trustPosixOffset
+schemaFlagsEx: 1
+schemaIDGUID:: XnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Type
+attributeID: 1.2.840.113556.1.4.136
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Type
+adminDescription: Trust-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: trustType
+schemaFlagsEx: 1
+schemaIDGUID:: YHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=UAS-Compat,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: UAS-Compat
+attributeID: 1.2.840.113556.1.4.155
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: UAS-Compat
+adminDescription: UAS-Compat
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: uASCompat
+schemaFlagsEx: 1
+schemaIDGUID:: YXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=uid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: uid
+attributeID: 0.9.2342.19200300.100.1.1
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: uid
+adminDescription: A user ID.
+oMSyntax: 64
+searchFlags: 8
+lDAPDisplayName: uid
+schemaIDGUID:: oPywC4ken0KQGhQTiU2fWQ==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=UidNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: UidNumber
+attributeID: 1.3.6.1.1.1.1.0
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: uidNumber
+adminDescription: 
+ An integer uniquely identifying a user in an administrative domain (RFC 2307)
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: uidNumber
+schemaIDGUID:: j8wPhWuc4Ue2cXxlS+TVsw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=UNC-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: UNC-Name
+attributeID: 1.2.840.113556.1.4.137
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: UNC-Name
+adminDescription: UNC-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: uNCName
+schemaIDGUID:: ZHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Unicode-Pwd,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Unicode-Pwd
+attributeID: 1.2.840.113556.1.4.90
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Unicode-Pwd
+adminDescription: Unicode-Pwd
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: unicodePwd
+schemaFlagsEx: 1
+schemaIDGUID:: 4XmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=uniqueIdentifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: uniqueIdentifier
+attributeID: 0.9.2342.19200300.100.1.44
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: uniqueIdentifier
+adminDescription: 
+ The uniqueIdentifier attribute type specifies a "unique identifier" for an obj
+ ect represented in the Directory.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: uniqueIdentifier
+schemaIDGUID:: x4QBusU47UulJnVCFHBYDA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=uniqueMember,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: uniqueMember
+attributeID: 2.5.4.50
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: uniqueMember
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ The distinguished name for the member of a group. Used by groupOfUniqueNames.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: uniqueMember
+schemaIDGUID:: JoeIjwr410Sx7sud8hOSyA==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=UnixHomeDirectory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: UnixHomeDirectory
+attributeID: 1.3.6.1.1.1.1.3
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: unixHomeDirectory
+adminDescription: The absolute path to the home directory (RFC 2307)
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: unixHomeDirectory
+schemaIDGUID:: ErotvA8ATUa/HQgIRl2IQw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=UnixUserPassword,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: UnixUserPassword
+attributeID: 1.2.840.113556.1.4.1910
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: unixUserPassword
+adminDescription: userPassword compatible with Unix system.
+oMSyntax: 4
+searchFlags: 128
+lDAPDisplayName: unixUserPassword
+schemaIDGUID:: R7csYejAkk+SIf3V8VtVDQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=unstructuredAddress,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: unstructuredAddress
+attributeID: 1.2.840.113549.1.9.8
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: unstructuredAddress
+adminDescription: 
+ The IP address of the router. For example, 100.11.22.33. PKCS #9
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: unstructuredAddress
+schemaIDGUID:: OQiVUEzMkUSGOvz5QtaEtw==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=unstructuredName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: unstructuredName
+attributeID: 1.2.840.113549.1.9.2
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: unstructuredName
+adminDescription: 
+ The DNS name of the router. For example, router1.microsoft.com. PKCS #9
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: unstructuredName
+schemaIDGUID:: d/GOnM9ByUWWc3cWwMiQGw==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Upgrade-Product-Code,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Upgrade-Product-Code
+attributeID: 1.2.840.113556.1.4.813
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Upgrade-Product-Code
+adminDescription: Upgrade-Product-Code
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: upgradeProductCode
+schemaIDGUID:: EoPh2TmJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=UPN-Suffixes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: UPN-Suffixes
+attributeID: 1.2.840.113556.1.4.890
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: UPN-Suffixes
+adminDescription: UPN-Suffixes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: uPNSuffixes
+schemaFlagsEx: 1
+schemaIDGUID:: v2AhAySY0RGuwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Account-Control,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Account-Control
+attributeID: 1.2.840.113556.1.4.8
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Account-Control
+adminDescription: User-Account-Control
+oMSyntax: 2
+searchFlags: 25
+lDAPDisplayName: userAccountControl
+schemaFlagsEx: 1
+schemaIDGUID:: aHqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Cert,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Cert
+attributeID: 1.2.840.113556.1.4.645
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+mAPIID: 14882
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Cert
+adminDescription: User-Cert
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: userCert
+schemaIDGUID:: aXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Comment,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Comment
+attributeID: 1.2.840.113556.1.4.156
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Comment
+adminDescription: User-Comment
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: comment
+schemaFlagsEx: 1
+schemaIDGUID:: anqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Parameters,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Parameters
+attributeID: 1.2.840.113556.1.4.138
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Parameters
+adminDescription: User-Parameters
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: userParameters
+schemaFlagsEx: 1
+schemaIDGUID:: bXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Password,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Password
+attributeID: 2.5.4.35
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 33107
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Password
+adminDescription: User-Password
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: userPassword
+schemaFlagsEx: 1
+schemaIDGUID:: bnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Principal-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Principal-Name
+attributeID: 1.2.840.113556.1.4.656
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Principal-Name
+adminDescription: User-Principal-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: userPrincipalName
+schemaFlagsEx: 1
+schemaIDGUID:: uw5jKNVB0RGpwQAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Shared-Folder,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Shared-Folder
+attributeID: 1.2.840.113556.1.4.751
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Shared-Folder
+adminDescription: User-Shared-Folder
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: userSharedFolder
+schemaIDGUID:: HwKamltK0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Shared-Folder-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Shared-Folder-Other
+attributeID: 1.2.840.113556.1.4.752
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Shared-Folder-Other
+adminDescription: User-Shared-Folder-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: userSharedFolderOther
+schemaIDGUID:: IAKamltK0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-SMIME-Certificate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-SMIME-Certificate
+attributeID: 2.16.840.1.113730.3.140
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 32768
+mAPIID: 14960
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-SMIME-Certificate
+adminDescription: User-SMIME-Certificate
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: userSMIMECertificate
+schemaIDGUID:: sp1q4TxA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Workstations,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Workstations
+attributeID: 1.2.840.113556.1.4.86
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Workstations
+adminDescription: User-Workstations
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: userWorkstations
+schemaFlagsEx: 1
+schemaIDGUID:: 13mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=userClass,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: userClass
+attributeID: 0.9.2342.19200300.100.1.8
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: userClass
+adminDescription: 
+ The userClass attribute type specifies a category of computer user.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: userClass
+schemaIDGUID:: iipzEU3hxUy5L9k/UcbY5A==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=userPKCS12,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: userPKCS12
+attributeID: 2.16.840.1.113730.3.1.216
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: userPKCS12
+adminDescription: 
+ PKCS #12 PFX PDU for exchange of personal identity information.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: userPKCS12
+schemaIDGUID:: tYqZI/hwB0CkwahKODEfmg==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=USN-Changed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: USN-Changed
+attributeID: 1.2.840.113556.1.2.120
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+mAPIID: 32809
+showInAdvancedViewOnly: TRUE
+adminDisplayName: USN-Changed
+adminDescription: USN-Changed
+oMSyntax: 65
+searchFlags: 9
+lDAPDisplayName: uSNChanged
+schemaFlagsEx: 1
+schemaIDGUID:: b3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=USN-Created,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: USN-Created
+attributeID: 1.2.840.113556.1.2.19
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+mAPIID: 33108
+showInAdvancedViewOnly: TRUE
+adminDisplayName: USN-Created
+adminDescription: USN-Created
+oMSyntax: 65
+searchFlags: 9
+lDAPDisplayName: uSNCreated
+schemaFlagsEx: 1
+schemaIDGUID:: cHqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=USN-DSA-Last-Obj-Removed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: USN-DSA-Last-Obj-Removed
+attributeID: 1.2.840.113556.1.2.267
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+mAPIID: 33109
+showInAdvancedViewOnly: TRUE
+adminDisplayName: USN-DSA-Last-Obj-Removed
+adminDescription: USN-DSA-Last-Obj-Removed
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: uSNDSALastObjRemoved
+schemaFlagsEx: 1
+schemaIDGUID:: cXqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=USN-Intersite,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: USN-Intersite
+attributeID: 1.2.840.113556.1.2.469
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 33146
+showInAdvancedViewOnly: TRUE
+adminDisplayName: USN-Intersite
+adminDescription: USN-Intersite
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: USNIntersite
+schemaIDGUID:: mHTfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=USN-Last-Obj-Rem,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: USN-Last-Obj-Rem
+attributeID: 1.2.840.113556.1.2.121
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+mAPIID: 33110
+showInAdvancedViewOnly: TRUE
+adminDisplayName: USN-Last-Obj-Rem
+adminDescription: USN-Last-Obj-Rem
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: uSNLastObjRem
+schemaFlagsEx: 1
+schemaIDGUID:: c3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=USN-Source,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: USN-Source
+attributeID: 1.2.840.113556.1.4.896
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+mAPIID: 33111
+showInAdvancedViewOnly: TRUE
+adminDisplayName: USN-Source
+adminDescription: USN-Source
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: uSNSource
+schemaIDGUID:: rVh3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Valid-Accesses,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Valid-Accesses
+attributeID: 1.2.840.113556.1.4.1356
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Valid-Accesses
+adminDescription: Valid-Accesses
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: validAccesses
+schemaFlagsEx: 1
+schemaIDGUID:: gKMvTVR/0hGZKgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Vendor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Vendor
+attributeID: 1.2.840.113556.1.4.255
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Vendor
+adminDescription: Vendor
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: vendor
+schemaIDGUID:: 3xYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Version-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Version-Number
+attributeID: 1.2.840.113556.1.4.141
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Version-Number
+adminDescription: Version-Number
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: versionNumber
+schemaIDGUID:: dnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Version-Number-Hi,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Version-Number-Hi
+attributeID: 1.2.840.113556.1.4.328
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Version-Number-Hi
+adminDescription: Version-Number-Hi
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: versionNumberHi
+schemaIDGUID:: mg5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Version-Number-Lo,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Version-Number-Lo
+attributeID: 1.2.840.113556.1.4.329
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Version-Number-Lo
+adminDescription: Version-Number-Lo
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: versionNumberLo
+schemaIDGUID:: mw5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Vol-Table-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Vol-Table-GUID
+attributeID: 1.2.840.113556.1.4.336
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Vol-Table-GUID
+adminDescription: Vol-Table-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: volTableGUID
+schemaIDGUID:: /XUAH0B+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Vol-Table-Idx-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Vol-Table-Idx-GUID
+attributeID: 1.2.840.113556.1.4.334
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Vol-Table-Idx-GUID
+adminDescription: Vol-Table-Idx-GUID
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: volTableIdxGUID
+schemaIDGUID:: +3UAH0B+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Volume-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Volume-Count
+attributeID: 1.2.840.113556.1.4.507
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Volume-Count
+adminDescription: Volume-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: volumeCount
+schemaIDGUID:: F6KqNJm20BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Wbem-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Wbem-Path
+attributeID: 1.2.840.113556.1.4.301
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Wbem-Path
+adminDescription: Wbem-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: wbemPath
+schemaIDGUID:: cClLJL1a0BGv0gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Well-Known-Objects,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Well-Known-Objects
+attributeID: 1.2.840.113556.1.4.618
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Well-Known-Objects
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: Well-Known-Objects
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: wellKnownObjects
+schemaFlagsEx: 1
+schemaIDGUID:: g4kwBYh20RGt7QDAT9jVzQ==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=When-Changed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: When-Changed
+attributeID: 1.2.840.113556.1.2.3
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+mAPIID: 12296
+showInAdvancedViewOnly: TRUE
+adminDisplayName: When-Changed
+adminDescription: When-Changed
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: whenChanged
+schemaFlagsEx: 1
+schemaIDGUID:: d3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=When-Created,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: When-Created
+attributeID: 1.2.840.113556.1.2.2
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+mAPIID: 12295
+showInAdvancedViewOnly: TRUE
+adminDisplayName: When-Created
+adminDescription: When-Created
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: whenCreated
+schemaFlagsEx: 1
+schemaIDGUID:: eHqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Winsock-Addresses,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Winsock-Addresses
+attributeID: 1.2.840.113556.1.4.142
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Winsock-Addresses
+adminDescription: Winsock-Addresses
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: winsockAddresses
+schemaIDGUID:: eXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=WWW-Home-Page,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: WWW-Home-Page
+attributeID: 1.2.840.113556.1.2.464
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: WWW-Home-Page
+adminDescription: WWW-Home-Page
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: wWWHomePage
+schemaIDGUID:: enqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: s5VX5FWU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=WWW-Page-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: WWW-Page-Other
+attributeID: 1.2.840.113556.1.4.749
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+mAPIID: 33141
+showInAdvancedViewOnly: TRUE
+adminDisplayName: WWW-Page-Other
+adminDescription: WWW-Page-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: url
+schemaIDGUID:: IQKamltK0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: s5VX5FWU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=X121-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: X121-Address
+attributeID: 2.5.4.24
+attributeSyntax: 2.5.5.6
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 15
+mAPIID: 33112
+showInAdvancedViewOnly: TRUE
+adminDisplayName: X121-Address
+adminDescription: X121-Address
+oMSyntax: 18
+searchFlags: 0
+lDAPDisplayName: x121Address
+schemaIDGUID:: e3qWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=x500uniqueIdentifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: x500uniqueIdentifier
+attributeID: 2.5.4.45
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: x500uniqueIdentifier
+adminDescription: 
+ Used to distinguish between objects when a distinguished name has been reused.
+   This is a different attribute type from both the "uid" and "uniqueIdentifier
+ " types.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: x500uniqueIdentifier
+schemaIDGUID:: H6F90D2KtkKwqnbJYr5xmg==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=X509-Cert,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: X509-Cert
+attributeID: 2.5.4.36
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 32768
+mAPIID: 35946
+showInAdvancedViewOnly: TRUE
+adminDisplayName: X509-Cert
+adminDescription: X509-Cert
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: userCertificate
+schemaIDGUID:: f3qWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
diff --git a/source4/setup/ad-schema/AD_DS_Attributes__Windows_Server_2016.ldf b/source4/setup/ad-schema/AD_DS_Attributes__Windows_Server_2016.ldf
new file mode 100644
index 0000000..e4c5e60
--- /dev/null
+++ b/source4/setup/ad-schema/AD_DS_Attributes__Windows_Server_2016.ldf
@@ -0,0 +1,30912 @@
+# Intellectual Property Rights Notice for Open Specifications Documentation
+# - Technical Documentation. Microsoft publishes Open Specifications documentation for protocols, file formats, languages, standards as well as overviews of the interaction among each of these technologies. 
+# - Copyrights. This documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you may make copies of it in order to develop implementations of the technologies described in the Open Specifications and may distribute portions of it in your implementations using these technologies or your documentation as necessary to properly document the implementation. You may also distribute in your implementation, with or without modification, any schema, IDL’s, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the Open Specifications. 
+# - No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation.
+# - Patents. Microsoft has patents that may cover your implementations of the protocols. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, the protocols may be covered by Microsoft’s Open Specification Promise (available here: https://msdn.microsoft.com/en-US/openspecifications/dn646765). If you would prefer a written license, or if the protocols are not covered by the Open Specification Promise, patent licenses are available by contacting iplg@microsoft.com.
+# - Trademarks. The names of companies and products contained in this documentation may be covered by trademarks or similar intellectual property rights. This notice does not grant any licenses under those rights.
+# - Fictitious Names. The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in this documentation are fictitious.  No association with any real company, organization, product, domain name, email address, logo, person, place, or event is intended or should be inferred.
+# Reservation of Rights. All other rights are reserved, and this notice does not grant any rights other than specifically described above, whether by implication, estoppel, or otherwise.
+# Tools. The Open Specifications do not require the use of Microsoft programming tools or programming environments in order for you to develop an implementation. If you have access to Microsoft programming tools and environments you are free to take advantage of them. Certain Open Specifications are intended for use in conjunction with publicly available standard specifications and network programming art, and assumes that the reader either is familiar with the aforementioned material or has immediate access to it.
+
+# The following attribute schema definitions were generated from the Windows Server 2016 version of Active Directory Domain Services (AD DS).   
+
+dn: CN=Account-Expires,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Account-Expires
+attributeID: 1.2.840.113556.1.4.159
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Account-Expires
+adminDescription: Account-Expires
+oMSyntax: 65
+searchFlags: 16
+lDAPDisplayName: accountExpires
+schemaFlagsEx: 1
+schemaIDGUID:: FXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Account-Name-History,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Account-Name-History
+attributeID: 1.2.840.113556.1.4.1307
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Account-Name-History
+adminDescription: Account-Name-History
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: accountNameHistory
+schemaIDGUID:: 7FIZA3I70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Aggregate-Token-Rate-Per-User,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Aggregate-Token-Rate-Per-User
+attributeID: 1.2.840.113556.1.4.760
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Aggregate-Token-Rate-Per-User
+adminDescription: ACS-Aggregate-Token-Rate-Per-User
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSAggregateTokenRatePerUser
+schemaIDGUID:: fRJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Allocable-RSVP-Bandwidth,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Allocable-RSVP-Bandwidth
+attributeID: 1.2.840.113556.1.4.766
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Allocable-RSVP-Bandwidth
+adminDescription: ACS-Allocable-RSVP-Bandwidth
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSAllocableRSVPBandwidth
+schemaIDGUID:: gxJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Cache-Timeout,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Cache-Timeout
+attributeID: 1.2.840.113556.1.4.779
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Cache-Timeout
+adminDescription: ACS-Cache-Timeout
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSCacheTimeout
+schemaIDGUID:: oVWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Direction,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Direction
+attributeID: 1.2.840.113556.1.4.757
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Direction
+adminDescription: ACS-Direction
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSDirection
+schemaIDGUID:: ehJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-DSBM-DeadTime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-DSBM-DeadTime
+attributeID: 1.2.840.113556.1.4.778
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-DSBM-DeadTime
+adminDescription: ACS-DSBM-DeadTime
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSDSBMDeadTime
+schemaIDGUID:: oFWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-DSBM-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-DSBM-Priority
+attributeID: 1.2.840.113556.1.4.776
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-DSBM-Priority
+adminDescription: ACS-DSBM-Priority
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSDSBMPriority
+schemaIDGUID:: nlWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-DSBM-Refresh,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-DSBM-Refresh
+attributeID: 1.2.840.113556.1.4.777
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-DSBM-Refresh
+adminDescription: ACS-DSBM-Refresh
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSDSBMRefresh
+schemaIDGUID:: n1WzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Enable-ACS-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Enable-ACS-Service
+attributeID: 1.2.840.113556.1.4.770
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Enable-ACS-Service
+adminDescription: ACS-Enable-ACS-Service
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: aCSEnableACSService
+schemaIDGUID:: hxJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Enable-RSVP-Accounting,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Enable-RSVP-Accounting
+attributeID: 1.2.840.113556.1.4.899
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Enable-RSVP-Accounting
+adminDescription: ACS-Enable-RSVP-Accounting
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: aCSEnableRSVPAccounting
+schemaIDGUID:: DiNy8PWu0RG9zwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Enable-RSVP-Message-Logging,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Enable-RSVP-Message-Logging
+attributeID: 1.2.840.113556.1.4.768
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Enable-RSVP-Message-Logging
+adminDescription: ACS-Enable-RSVP-Message-Logging
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: aCSEnableRSVPMessageLogging
+schemaIDGUID:: hRJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Event-Log-Level,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Event-Log-Level
+attributeID: 1.2.840.113556.1.4.769
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Event-Log-Level
+adminDescription: ACS-Event-Log-Level
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSEventLogLevel
+schemaIDGUID:: hhJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Identity-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Identity-Name
+attributeID: 1.2.840.113556.1.4.784
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Identity-Name
+adminDescription: ACS-Identity-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aCSIdentityName
+schemaIDGUID:: timw2vfd0RGQpQDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Aggregate-Peak-Rate-Per-User,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Aggregate-Peak-Rate-Per-User
+attributeID: 1.2.840.113556.1.4.897
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Aggregate-Peak-Rate-Per-User
+adminDescription: ACS-Max-Aggregate-Peak-Rate-Per-User
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMaxAggregatePeakRatePerUser
+schemaIDGUID:: DCNy8PWu0RG9zwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Duration-Per-Flow,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Duration-Per-Flow
+attributeID: 1.2.840.113556.1.4.761
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Duration-Per-Flow
+adminDescription: ACS-Max-Duration-Per-Flow
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSMaxDurationPerFlow
+schemaIDGUID:: fhJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-No-Of-Account-Files,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-No-Of-Account-Files
+attributeID: 1.2.840.113556.1.4.901
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-No-Of-Account-Files
+adminDescription: ACS-Max-No-Of-Account-Files
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSMaxNoOfAccountFiles
+schemaIDGUID:: ECNy8PWu0RG9zwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-No-Of-Log-Files,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-No-Of-Log-Files
+attributeID: 1.2.840.113556.1.4.774
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-No-Of-Log-Files
+adminDescription: ACS-Max-No-Of-Log-Files
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSMaxNoOfLogFiles
+schemaIDGUID:: nFWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Peak-Bandwidth,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Peak-Bandwidth
+attributeID: 1.2.840.113556.1.4.767
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Peak-Bandwidth
+adminDescription: ACS-Max-Peak-Bandwidth
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMaxPeakBandwidth
+schemaIDGUID:: hBJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Peak-Bandwidth-Per-Flow,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Peak-Bandwidth-Per-Flow
+attributeID: 1.2.840.113556.1.4.759
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Peak-Bandwidth-Per-Flow
+adminDescription: ACS-Max-Peak-Bandwidth-Per-Flow
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMaxPeakBandwidthPerFlow
+schemaIDGUID:: fBJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Size-Of-RSVP-Account-File,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Size-Of-RSVP-Account-File
+attributeID: 1.2.840.113556.1.4.902
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Size-Of-RSVP-Account-File
+adminDescription: ACS-Max-Size-Of-RSVP-Account-File
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSMaxSizeOfRSVPAccountFile
+schemaIDGUID:: ESNy8PWu0RG9zwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Size-Of-RSVP-Log-File,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Size-Of-RSVP-Log-File
+attributeID: 1.2.840.113556.1.4.775
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Size-Of-RSVP-Log-File
+adminDescription: ACS-Max-Size-Of-RSVP-Log-File
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSMaxSizeOfRSVPLogFile
+schemaIDGUID:: nVWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Token-Bucket-Per-Flow,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Token-Bucket-Per-Flow
+attributeID: 1.2.840.113556.1.4.1313
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Token-Bucket-Per-Flow
+adminDescription: ACS-Max-Token-Bucket-Per-Flow
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMaxTokenBucketPerFlow
+schemaIDGUID:: 3+D2gZA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Token-Rate-Per-Flow,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Token-Rate-Per-Flow
+attributeID: 1.2.840.113556.1.4.758
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Token-Rate-Per-Flow
+adminDescription: ACS-Max-Token-Rate-Per-Flow
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMaxTokenRatePerFlow
+schemaIDGUID:: exJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Maximum-SDU-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Maximum-SDU-Size
+attributeID: 1.2.840.113556.1.4.1314
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Maximum-SDU-Size
+adminDescription: ACS-Maximum-SDU-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMaximumSDUSize
+schemaIDGUID:: +diih5A70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Minimum-Delay-Variation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Minimum-Delay-Variation
+attributeID: 1.2.840.113556.1.4.1317
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Minimum-Delay-Variation
+adminDescription: ACS-Minimum-Delay-Variation
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMinimumDelayVariation
+schemaIDGUID:: mzJlnJA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Minimum-Latency,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Minimum-Latency
+attributeID: 1.2.840.113556.1.4.1316
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Minimum-Latency
+adminDescription: ACS-Minimum-Latency
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMinimumLatency
+schemaIDGUID:: +/4XlZA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Minimum-Policed-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Minimum-Policed-Size
+attributeID: 1.2.840.113556.1.4.1315
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Minimum-Policed-Size
+adminDescription: ACS-Minimum-Policed-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMinimumPolicedSize
+schemaIDGUID:: lXEOjZA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Non-Reserved-Max-SDU-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Non-Reserved-Max-SDU-Size
+attributeID: 1.2.840.113556.1.4.1320
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Non-Reserved-Max-SDU-Size
+adminDescription: ACS-Non-Reserved-Max-SDU-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSNonReservedMaxSDUSize
+schemaIDGUID:: 48/CrpA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Non-Reserved-Min-Policed-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Non-Reserved-Min-Policed-Size
+attributeID: 1.2.840.113556.1.4.1321
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Non-Reserved-Min-Policed-Size
+adminDescription: ACS-Non-Reserved-Min-Policed-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSNonReservedMinPolicedSize
+schemaIDGUID:: FzmHtpA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Non-Reserved-Peak-Rate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Non-Reserved-Peak-Rate
+attributeID: 1.2.840.113556.1.4.1318
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Non-Reserved-Peak-Rate
+adminDescription: ACS-Non-Reserved-Peak-Rate
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSNonReservedPeakRate
+schemaIDGUID:: P6cxo5A70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Non-Reserved-Token-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Non-Reserved-Token-Size
+attributeID: 1.2.840.113556.1.4.1319
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Non-Reserved-Token-Size
+adminDescription: ACS-Non-Reserved-Token-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSNonReservedTokenSize
+schemaIDGUID:: ydcWqZA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Non-Reserved-Tx-Limit,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Non-Reserved-Tx-Limit
+attributeID: 1.2.840.113556.1.4.780
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Non-Reserved-Tx-Limit
+adminDescription: ACS-Non-Reserved-Tx-Limit
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSNonReservedTxLimit
+schemaIDGUID:: olWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Non-Reserved-Tx-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Non-Reserved-Tx-Size
+attributeID: 1.2.840.113556.1.4.898
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Non-Reserved-Tx-Size
+adminDescription: ACS-Non-Reserved-Tx-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSNonReservedTxSize
+schemaIDGUID:: DSNy8PWu0RG9zwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Permission-Bits,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Permission-Bits
+attributeID: 1.2.840.113556.1.4.765
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Permission-Bits
+adminDescription: ACS-Permission-Bits
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSPermissionBits
+schemaIDGUID:: ghJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Policy-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Policy-Name
+attributeID: 1.2.840.113556.1.4.772
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Policy-Name
+adminDescription: ACS-Policy-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aCSPolicyName
+schemaIDGUID:: mlWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Priority
+attributeID: 1.2.840.113556.1.4.764
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Priority
+adminDescription: ACS-Priority
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSPriority
+schemaIDGUID:: gRJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-RSVP-Account-Files-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-RSVP-Account-Files-Location
+attributeID: 1.2.840.113556.1.4.900
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-RSVP-Account-Files-Location
+adminDescription: ACS-RSVP-Account-Files-Location
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aCSRSVPAccountFilesLocation
+schemaIDGUID:: DyNy8PWu0RG9zwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-RSVP-Log-Files-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-RSVP-Log-Files-Location
+attributeID: 1.2.840.113556.1.4.773
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-RSVP-Log-Files-Location
+adminDescription: ACS-RSVP-Log-Files-Location
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aCSRSVPLogFilesLocation
+schemaIDGUID:: m1WzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Service-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Service-Type
+attributeID: 1.2.840.113556.1.4.762
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Service-Type
+adminDescription: ACS-Service-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSServiceType
+schemaIDGUID:: fxJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Time-Of-Day,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Time-Of-Day
+attributeID: 1.2.840.113556.1.4.756
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Time-Of-Day
+adminDescription: ACS-Time-Of-Day
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aCSTimeOfDay
+schemaIDGUID:: eRJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Total-No-Of-Flows,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Total-No-Of-Flows
+attributeID: 1.2.840.113556.1.4.763
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Total-No-Of-Flows
+adminDescription: ACS-Total-No-Of-Flows
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSTotalNoOfFlows
+schemaIDGUID:: gBJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Server-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Server-List
+attributeID: 1.2.840.113556.1.4.1312
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Server-List
+adminDescription: ACS-Server-List
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aCSServerList
+schemaIDGUID:: pVm9fJA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Additional-Information,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Additional-Information
+attributeID: 1.2.840.113556.1.4.265
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 32768
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Additional-Information
+adminDescription: Additional-Information
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: notes
+schemaIDGUID:: QfsFbWsk0BGpyACqAGwz7Q==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Additional-Trusted-Service-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Additional-Trusted-Service-Names
+attributeID: 1.2.840.113556.1.4.889
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Additional-Trusted-Service-Names
+adminDescription: Additional-Trusted-Service-Names
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: additionalTrustedServiceNames
+schemaIDGUID:: vmAhAySY0RGuwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address
+attributeID: 1.2.840.113556.1.2.256
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+mAPIID: 14889
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address
+adminDescription: Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: streetAddress
+schemaFlagsEx: 1
+schemaIDGUID:: hP/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Book-Roots,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Book-Roots
+attributeID: 1.2.840.113556.1.4.1244
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Book-Roots
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Address-Book-Roots
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: addressBookRoots
+schemaFlagsEx: 1
+schemaIDGUID:: SG4L9/QG0hGqUwDAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Entry-Display-Table,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Entry-Display-Table
+attributeID: 1.2.840.113556.1.2.324
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 32791
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Entry-Display-Table
+adminDescription: Address-Entry-Display-Table
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: addressEntryDisplayTable
+schemaFlagsEx: 1
+schemaIDGUID:: YSTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Entry-Display-Table-MSDOS,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Entry-Display-Table-MSDOS
+attributeID: 1.2.840.113556.1.2.400
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 32839
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Entry-Display-Table-MSDOS
+adminDescription: Address-Entry-Display-Table-MSDOS
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: addressEntryDisplayTableMSDOS
+schemaFlagsEx: 1
+schemaIDGUID:: YiTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Home,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Home
+attributeID: 1.2.840.113556.1.2.617
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 4096
+mAPIID: 14941
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Home
+adminDescription: Address-Home
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: homePostalAddress
+schemaIDGUID:: gVd3FvNH0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Syntax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Syntax
+attributeID: 1.2.840.113556.1.2.255
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 4096
+mAPIID: 32792
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Syntax
+adminDescription: Address-Syntax
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: addressSyntax
+schemaFlagsEx: 1
+schemaIDGUID:: YyTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Type
+attributeID: 1.2.840.113556.1.2.350
+attributeSyntax: 2.5.5.4
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32
+mAPIID: 32840
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Type
+adminDescription: Address-Type
+oMSyntax: 20
+searchFlags: 0
+lDAPDisplayName: addressType
+schemaFlagsEx: 1
+schemaIDGUID:: ZCTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Admin-Context-Menu,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Admin-Context-Menu
+attributeID: 1.2.840.113556.1.4.614
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Admin-Context-Menu
+adminDescription: Admin-Context-Menu
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: adminContextMenu
+schemaIDGUID:: ONA/VS7z0BGwvADAT9jcpg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Admin-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Admin-Count
+attributeID: 1.2.840.113556.1.4.150
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Admin-Count
+adminDescription: Admin-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: adminCount
+schemaFlagsEx: 1
+schemaIDGUID:: GHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Admin-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Admin-Description
+attributeID: 1.2.840.113556.1.2.226
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 1024
+mAPIID: 32842
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Admin-Description
+adminDescription: Admin-Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: adminDescription
+schemaIDGUID:: GXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Admin-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Admin-Display-Name
+attributeID: 1.2.840.113556.1.2.194
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+mAPIID: 32843
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Admin-Display-Name
+adminDescription: Admin-Display-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: adminDisplayName
+schemaFlagsEx: 1
+schemaIDGUID:: GnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Admin-Multiselect-Property-Pages,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Admin-Multiselect-Property-Pages
+attributeID: 1.2.840.113556.1.4.1690
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Admin-Multiselect-Property-Pages
+adminDescription: Admin-Multiselect-Property-Pages
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: adminMultiselectPropertyPages
+schemaIDGUID:: fbb5GMZaO0uX29CkBq+3ug==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Admin-Property-Pages,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Admin-Property-Pages
+attributeID: 1.2.840.113556.1.4.562
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Admin-Property-Pages
+adminDescription: Admin-Property-Pages
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: adminPropertyPages
+schemaIDGUID:: OIBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Allowed-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Allowed-Attributes
+attributeID: 1.2.840.113556.1.4.913
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Allowed-Attributes
+adminDescription: Allowed-Attributes
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: allowedAttributes
+schemaFlagsEx: 1
+schemaIDGUID:: QNl6mlPK0RG70ACAx2ZwwA==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Allowed-Attributes-Effective,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Allowed-Attributes-Effective
+attributeID: 1.2.840.113556.1.4.914
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Allowed-Attributes-Effective
+adminDescription: Allowed-Attributes-Effective
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: allowedAttributesEffective
+schemaFlagsEx: 1
+schemaIDGUID:: Qdl6mlPK0RG70ACAx2ZwwA==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Allowed-Child-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Allowed-Child-Classes
+attributeID: 1.2.840.113556.1.4.911
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Allowed-Child-Classes
+adminDescription: Allowed-Child-Classes
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: allowedChildClasses
+schemaFlagsEx: 1
+schemaIDGUID:: Qtl6mlPK0RG70ACAx2ZwwA==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Allowed-Child-Classes-Effective,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Allowed-Child-Classes-Effective
+attributeID: 1.2.840.113556.1.4.912
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Allowed-Child-Classes-Effective
+adminDescription: Allowed-Child-Classes-Effective
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: allowedChildClassesEffective
+schemaFlagsEx: 1
+schemaIDGUID:: Q9l6mlPK0RG70ACAx2ZwwA==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Alt-Security-Identities,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Alt-Security-Identities
+attributeID: 1.2.840.113556.1.4.867
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Alt-Security-Identities
+adminDescription: Alt-Security-Identities
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: altSecurityIdentities
+schemaFlagsEx: 1
+schemaIDGUID:: DPP7AP6R0RGuvAAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ANR,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ANR
+attributeID: 1.2.840.113556.1.4.1208
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ANR
+adminDescription: ANR
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aNR
+schemaFlagsEx: 1
+schemaIDGUID:: ABWwRRnE0RG7yQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=App-Schema-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: App-Schema-Version
+attributeID: 1.2.840.113556.1.4.848
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: App-Schema-Version
+adminDescription: App-Schema-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: appSchemaVersion
+schemaIDGUID:: Zd2nlhiR0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Application-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Application-Name
+attributeID: 1.2.840.113556.1.4.218
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Application-Name
+adminDescription: Application-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: applicationName
+schemaIDGUID:: JiJx3eQQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Applies-To,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Applies-To
+attributeID: 1.2.840.113556.1.4.341
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Applies-To
+adminDescription: Applies-To
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: appliesTo
+schemaIDGUID:: HZOXgtOG0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Asset-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Asset-Number
+attributeID: 1.2.840.113556.1.4.283
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Asset-Number
+adminDescription: Asset-Number
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: assetNumber
+schemaIDGUID:: dV8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Assistant,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Assistant
+attributeID: 1.2.840.113556.1.4.652
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Assistant
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Assistant
+oMSyntax: 127
+searchFlags: 16
+lDAPDisplayName: assistant
+schemaIDGUID:: HMGWAtpA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Assoc-NT-Account,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Assoc-NT-Account
+attributeID: 1.2.840.113556.1.4.1213
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Assoc-NT-Account
+adminDescription: Assoc-NT-Account
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: assocNTAccount
+schemaIDGUID:: wGOPOWDK0RG70QAA+B8QwA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=associatedDomain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: associatedDomain
+attributeID: 0.9.2342.19200300.100.1.37
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: associatedDomain
+adminDescription: 
+ The associatedDomain attribute type specifies a DNS domain which is associated
+  with an object.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: associatedDomain
+schemaIDGUID:: OPwgM3nDF0ylEBvfYTPF2g==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=associatedName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: associatedName
+attributeID: 0.9.2342.19200300.100.1.38
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: associatedName
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ The associatedName attribute type specifies an entry in the organizational DIT
+  associated with a DNS domain.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: associatedName
+schemaIDGUID:: Rfz796uFpEKkNXgOYveFiw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=attributeCertificateAttribute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: attributeCertificateAttribute
+attributeID: 2.5.4.58
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: attributeCertificateAttribute
+adminDescription: 
+ A digitally signed or certified identity and set of attributes. Used to bind a
+ uthorization information to an identity. X.509
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: attributeCertificateAttribute
+schemaIDGUID:: u5NG+sJ7uUyBqMmcQ7eQXg==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Attribute-Display-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Attribute-Display-Names
+attributeID: 1.2.840.113556.1.4.748
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Attribute-Display-Names
+adminDescription: Attribute-Display-Names
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: attributeDisplayNames
+schemaIDGUID:: gD+Ey9lI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Attribute-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Attribute-ID
+attributeID: 1.2.840.113556.1.2.30
+attributeSyntax: 2.5.5.2
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Attribute-ID
+adminDescription: Attribute-ID
+oMSyntax: 6
+searchFlags: 8
+lDAPDisplayName: attributeID
+schemaFlagsEx: 1
+schemaIDGUID:: InmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Attribute-Security-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Attribute-Security-GUID
+attributeID: 1.2.840.113556.1.4.149
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Attribute-Security-GUID
+adminDescription: Attribute-Security-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: attributeSecurityGUID
+schemaFlagsEx: 1
+schemaIDGUID:: JHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Attribute-Syntax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Attribute-Syntax
+attributeID: 1.2.840.113556.1.2.32
+attributeSyntax: 2.5.5.2
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Attribute-Syntax
+adminDescription: Attribute-Syntax
+oMSyntax: 6
+searchFlags: 8
+lDAPDisplayName: attributeSyntax
+schemaFlagsEx: 1
+schemaIDGUID:: JXmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Attribute-Types,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Attribute-Types
+attributeID: 2.5.21.5
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Attribute-Types
+adminDescription: Attribute-Types
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: attributeTypes
+schemaFlagsEx: 1
+schemaIDGUID:: RNl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=audio,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: audio
+attributeID: 0.9.2342.19200300.100.1.55
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 250000
+showInAdvancedViewOnly: FALSE
+adminDisplayName: audio
+adminDescription: 
+ The Audio attribute type allows the storing of sounds in the Directory.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: audio
+schemaIDGUID:: JNLh0KDhzkKi2nk7pSRPNQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Auditing-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Auditing-Policy
+attributeID: 1.2.840.113556.1.4.202
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Auditing-Policy
+adminDescription: Auditing-Policy
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: auditingPolicy
+schemaFlagsEx: 1
+schemaIDGUID:: /qSobVIO0BGihgCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Authentication-Options,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Authentication-Options
+attributeID: 1.2.840.113556.1.4.11
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication-Options
+adminDescription: Authentication-Options
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: authenticationOptions
+schemaFlagsEx: 1
+schemaIDGUID:: KHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Authority-Revocation-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Authority-Revocation-List
+attributeID: 2.5.4.38
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 10485760
+mAPIID: 32806
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authority-Revocation-List
+adminDescription: Authority-Revocation-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: authorityRevocationList
+schemaIDGUID:: jVd3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Auxiliary-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Auxiliary-Class
+attributeID: 1.2.840.113556.1.2.351
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Auxiliary-Class
+adminDescription: Auxiliary-Class
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: auxiliaryClass
+schemaFlagsEx: 1
+schemaIDGUID:: LHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Bad-Password-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Bad-Password-Time
+attributeID: 1.2.840.113556.1.4.49
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Bad-Password-Time
+adminDescription: Bad-Password-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: badPasswordTime
+schemaFlagsEx: 1
+schemaIDGUID:: LXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Bad-Pwd-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Bad-Pwd-Count
+attributeID: 1.2.840.113556.1.4.12
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Bad-Pwd-Count
+adminDescription: Bad-Pwd-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: badPwdCount
+schemaFlagsEx: 1
+schemaIDGUID:: LnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Birth-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Birth-Location
+attributeID: 1.2.840.113556.1.4.332
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 32
+rangeUpper: 32
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Birth-Location
+adminDescription: Birth-Location
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: birthLocation
+schemaIDGUID:: +XUAH0B+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Bridgehead-Server-List-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Bridgehead-Server-List-BL
+attributeID: 1.2.840.113556.1.4.820
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 99
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Bridgehead-Server-List-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Bridgehead-Server-List-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: bridgeheadServerListBL
+schemaFlagsEx: 1
+schemaIDGUID:: 2ywM1VGJ0RGuvAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Bridgehead-Transport-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Bridgehead-Transport-List
+attributeID: 1.2.840.113556.1.4.819
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 98
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Bridgehead-Transport-List
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Bridgehead-Transport-List
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: bridgeheadTransportList
+schemaIDGUID:: 2iwM1VGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=buildingName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: buildingName
+attributeID: 0.9.2342.19200300.100.1.48
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: buildingName
+adminDescription: 
+ The buildingName attribute type specifies the name of the building where an or
+ ganization or organizational unit is based.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: buildingName
+schemaIDGUID:: S6V/+MWy10+IwNrMsh2TxQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Builtin-Creation-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Builtin-Creation-Time
+attributeID: 1.2.840.113556.1.4.13
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Builtin-Creation-Time
+adminDescription: Builtin-Creation-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: builtinCreationTime
+schemaIDGUID:: L3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Builtin-Modified-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Builtin-Modified-Count
+attributeID: 1.2.840.113556.1.4.14
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Builtin-Modified-Count
+adminDescription: Builtin-Modified-Count
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: builtinModifiedCount
+schemaIDGUID:: MHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Business-Category,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Business-Category
+attributeID: 2.5.4.15
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 32855
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Business-Category
+adminDescription: Business-Category
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: businessCategory
+schemaIDGUID:: MXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Bytes-Per-Minute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Bytes-Per-Minute
+attributeID: 1.2.840.113556.1.4.284
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Bytes-Per-Minute
+adminDescription: Bytes-Per-Minute
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: bytesPerMinute
+schemaIDGUID:: dl8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CA-Certificate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CA-Certificate
+attributeID: 2.5.4.37
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 32771
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CA-Certificate
+adminDescription: CA-Certificate
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: cACertificate
+schemaIDGUID:: MnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CA-Certificate-DN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CA-Certificate-DN
+attributeID: 1.2.840.113556.1.4.697
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CA-Certificate-DN
+adminDescription: CA-Certificate-DN
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cACertificateDN
+schemaIDGUID:: QCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CA-Connect,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CA-Connect
+attributeID: 1.2.840.113556.1.4.687
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CA-Connect
+adminDescription: CA-Connect
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cAConnect
+schemaIDGUID:: NSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CA-Usages,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CA-Usages
+attributeID: 1.2.840.113556.1.4.690
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CA-Usages
+adminDescription: CA-Usages
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cAUsages
+schemaIDGUID:: OCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CA-WEB-URL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CA-WEB-URL
+attributeID: 1.2.840.113556.1.4.688
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CA-WEB-URL
+adminDescription: CA-WEB-URL
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cAWEBURL
+schemaIDGUID:: Nic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Can-Upgrade-Script,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Can-Upgrade-Script
+attributeID: 1.2.840.113556.1.4.815
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Can-Upgrade-Script
+adminDescription: Can-Upgrade-Script
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: canUpgradeScript
+schemaIDGUID:: FIPh2TmJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Canonical-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Canonical-Name
+attributeID: 1.2.840.113556.1.4.916
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Canonical-Name
+adminDescription: Canonical-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: canonicalName
+schemaFlagsEx: 1
+schemaIDGUID:: Rdl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=carLicense,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: carLicense
+attributeID: 2.16.840.1.113730.3.1.1
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: carLicense
+adminDescription: Vehicle license or registration plate.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: carLicense
+schemaIDGUID:: kpwV1H2Vh0qKZ40pNOAWSQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Catalogs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Catalogs
+attributeID: 1.2.840.113556.1.4.675
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Catalogs
+adminDescription: Catalogs
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: catalogs
+schemaIDGUID:: gcv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Categories,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Categories
+attributeID: 1.2.840.113556.1.4.672
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Categories
+adminDescription: Categories
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: categories
+schemaIDGUID:: fsv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Category-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Category-Id
+attributeID: 1.2.840.113556.1.4.322
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Category-Id
+adminDescription: Category-Id
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: categoryId
+schemaIDGUID:: lA5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Certificate-Authority-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Certificate-Authority-Object
+attributeID: 1.2.840.113556.1.4.684
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Certificate-Authority-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Certificate-Authority-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: certificateAuthorityObject
+schemaIDGUID:: Mic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Certificate-Revocation-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Certificate-Revocation-List
+attributeID: 2.5.4.39
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 10485760
+mAPIID: 32790
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Certificate-Revocation-List
+adminDescription: Certificate-Revocation-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: certificateRevocationList
+schemaIDGUID:: n1d3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Certificate-Templates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Certificate-Templates
+attributeID: 1.2.840.113556.1.4.823
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Certificate-Templates
+adminDescription: Certificate-Templates
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: certificateTemplates
+schemaIDGUID:: scU5KmCJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Class-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Class-Display-Name
+attributeID: 1.2.840.113556.1.4.610
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Class-Display-Name
+adminDescription: Class-Display-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: classDisplayName
+schemaIDGUID:: IhyOVKbe0BGwEAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Code-Page,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Code-Page
+attributeID: 1.2.840.113556.1.4.16
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Code-Page
+adminDescription: Code-Page
+oMSyntax: 2
+searchFlags: 16
+lDAPDisplayName: codePage
+schemaFlagsEx: 1
+schemaIDGUID:: OHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-ClassID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-ClassID
+attributeID: 1.2.840.113556.1.4.19
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-ClassID
+adminDescription: COM-ClassID
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: cOMClassID
+schemaIDGUID:: O3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-CLSID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-CLSID
+attributeID: 1.2.840.113556.1.4.249
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-CLSID
+adminDescription: COM-CLSID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMCLSID
+schemaIDGUID:: 2RYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-InterfaceID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-InterfaceID
+attributeID: 1.2.840.113556.1.4.20
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-InterfaceID
+adminDescription: COM-InterfaceID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMInterfaceID
+schemaIDGUID:: PHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-Other-Prog-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-Other-Prog-Id
+attributeID: 1.2.840.113556.1.4.253
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-Other-Prog-Id
+adminDescription: COM-Other-Prog-Id
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMOtherProgId
+schemaIDGUID:: 3RYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-ProgID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-ProgID
+attributeID: 1.2.840.113556.1.4.21
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-ProgID
+adminDescription: COM-ProgID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMProgID
+schemaIDGUID:: PXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-Treat-As-Class-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-Treat-As-Class-Id
+attributeID: 1.2.840.113556.1.4.251
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-Treat-As-Class-Id
+adminDescription: COM-Treat-As-Class-Id
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMTreatAsClassId
+schemaIDGUID:: 2xYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-Typelib-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-Typelib-Id
+attributeID: 1.2.840.113556.1.4.254
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-Typelib-Id
+adminDescription: COM-Typelib-Id
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMTypelibId
+schemaIDGUID:: 3hYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-Unique-LIBID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-Unique-LIBID
+attributeID: 1.2.840.113556.1.4.250
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-Unique-LIBID
+adminDescription: COM-Unique-LIBID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMUniqueLIBID
+schemaIDGUID:: 2hYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Comment,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Comment
+attributeID: 1.2.840.113556.1.2.81
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+mAPIID: 12292
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Comment
+adminDescription: Comment
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: info
+schemaIDGUID:: PnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Common-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Common-Name
+attributeID: 2.5.4.3
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14863
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Common-Name
+adminDescription: Common-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: cn
+schemaFlagsEx: 1
+schemaIDGUID:: P3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Company,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Company
+attributeID: 1.2.840.113556.1.2.146
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14870
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Company
+adminDescription: Company
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: company
+schemaIDGUID:: iP/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Content-Indexing-Allowed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Content-Indexing-Allowed
+attributeID: 1.2.840.113556.1.4.24
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Content-Indexing-Allowed
+adminDescription: Content-Indexing-Allowed
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: contentIndexingAllowed
+schemaIDGUID:: Q3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Context-Menu,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Context-Menu
+attributeID: 1.2.840.113556.1.4.499
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Context-Menu
+adminDescription: Context-Menu
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: contextMenu
+schemaIDGUID:: 7gGGTYWs0BGv4wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Control-Access-Rights,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Control-Access-Rights
+attributeID: 1.2.840.113556.1.4.200
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Control-Access-Rights
+adminDescription: Control-Access-Rights
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: controlAccessRights
+schemaIDGUID:: /KSobVIO0BGihgCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Cost,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Cost
+attributeID: 1.2.840.113556.1.2.135
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 32872
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Cost
+adminDescription: Cost
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: cost
+schemaFlagsEx: 1
+schemaIDGUID:: RHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Country-Code,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Country-Code
+attributeID: 1.2.840.113556.1.4.25
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Country-Code
+adminDescription: Country-Code
+oMSyntax: 2
+searchFlags: 16
+lDAPDisplayName: countryCode
+schemaFlagsEx: 1
+schemaIDGUID:: cSTUX2IS0BGgYACqAGwz7Q==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Country-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Country-Name
+attributeID: 2.5.4.6
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 3
+mAPIID: 32873
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Country-Name
+adminDescription: Country-Name
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: c
+schemaFlagsEx: 1
+schemaIDGUID:: RXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Create-Dialog,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Create-Dialog
+attributeID: 1.2.840.113556.1.4.810
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Create-Dialog
+adminDescription: Create-Dialog
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: createDialog
+schemaIDGUID:: ipUJKzGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Create-Time-Stamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Create-Time-Stamp
+attributeID: 2.5.18.1
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Create-Time-Stamp
+adminDescription: Create-Time-Stamp
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: createTimeStamp
+schemaFlagsEx: 1
+schemaIDGUID:: cw35LZ8A0hGqTADAT9fYOg==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Create-Wizard-Ext,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Create-Wizard-Ext
+attributeID: 1.2.840.113556.1.4.812
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Create-Wizard-Ext
+adminDescription: Create-Wizard-Ext
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: createWizardExt
+schemaIDGUID:: i5UJKzGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Creation-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Creation-Time
+attributeID: 1.2.840.113556.1.4.26
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Creation-Time
+adminDescription: Creation-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: creationTime
+schemaFlagsEx: 1
+schemaIDGUID:: RnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Creation-Wizard,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Creation-Wizard
+attributeID: 1.2.840.113556.1.4.498
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Creation-Wizard
+adminDescription: Creation-Wizard
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: creationWizard
+schemaIDGUID:: 7QGGTYWs0BGv4wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Creator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Creator
+attributeID: 1.2.840.113556.1.4.679
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Creator
+adminDescription: Creator
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: creator
+schemaIDGUID:: hcv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CRL-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CRL-Object
+attributeID: 1.2.840.113556.1.4.689
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CRL-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: CRL-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: cRLObject
+schemaIDGUID:: Nyc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CRL-Partitioned-Revocation-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CRL-Partitioned-Revocation-List
+attributeID: 1.2.840.113556.1.4.683
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 10485760
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CRL-Partitioned-Revocation-List
+adminDescription: CRL-Partitioned-Revocation-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: cRLPartitionedRevocationList
+schemaIDGUID:: MSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Cross-Certificate-Pair,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Cross-Certificate-Pair
+attributeID: 2.5.4.40
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 32768
+mAPIID: 32805
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Cross-Certificate-Pair
+adminDescription: Cross-Certificate-Pair
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: crossCertificatePair
+schemaIDGUID:: sld3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Curr-Machine-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Curr-Machine-Id
+attributeID: 1.2.840.113556.1.4.337
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Curr-Machine-Id
+adminDescription: Curr-Machine-Id
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: currMachineId
+schemaIDGUID:: /nUAH0B+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Current-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Current-Location
+attributeID: 1.2.840.113556.1.4.335
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 32
+rangeUpper: 32
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Current-Location
+adminDescription: Current-Location
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: currentLocation
+schemaIDGUID:: /HUAH0B+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Current-Parent-CA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Current-Parent-CA
+attributeID: 1.2.840.113556.1.4.696
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Current-Parent-CA
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Current-Parent-CA
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: currentParentCA
+schemaIDGUID:: Pyc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Current-Value,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Current-Value
+attributeID: 1.2.840.113556.1.4.27
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Current-Value
+adminDescription: Current-Value
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: currentValue
+schemaFlagsEx: 1
+schemaIDGUID:: R3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DBCS-Pwd,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DBCS-Pwd
+attributeID: 1.2.840.113556.1.4.55
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DBCS-Pwd
+adminDescription: DBCS-Pwd
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dBCSPwd
+schemaFlagsEx: 1
+schemaIDGUID:: nHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Class-Store,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Class-Store
+attributeID: 1.2.840.113556.1.4.213
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Class-Store
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Default-Class-Store
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: defaultClassStore
+schemaIDGUID:: SHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Group
+attributeID: 1.2.840.113556.1.4.480
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Group
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Default-Group
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: defaultGroup
+schemaIDGUID:: 4sQLckql0BGv3wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Hiding-Value,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Hiding-Value
+attributeID: 1.2.840.113556.1.4.518
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Hiding-Value
+adminDescription: Default-Hiding-Value
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: defaultHidingValue
+schemaFlagsEx: 1
+schemaIDGUID:: FjGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Local-Policy-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Local-Policy-Object
+attributeID: 1.2.840.113556.1.4.57
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Local-Policy-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Default-Local-Policy-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: defaultLocalPolicyObject
+schemaIDGUID:: n3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Object-Category,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Object-Category
+attributeID: 1.2.840.113556.1.4.783
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Object-Category
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Default-Object-Category
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: defaultObjectCategory
+schemaFlagsEx: 1
+schemaIDGUID:: Z3PZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Priority
+attributeID: 1.2.840.113556.1.4.232
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Priority
+adminDescription: Default-Priority
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: defaultPriority
+schemaIDGUID:: yBYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Security-Descriptor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Security-Descriptor
+attributeID: 1.2.840.113556.1.4.224
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Security-Descriptor
+adminDescription: Default-Security-Descriptor
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: defaultSecurityDescriptor
+schemaFlagsEx: 1
+schemaIDGUID:: MG16gGkW0BGgZACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Delta-Revocation-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Delta-Revocation-List
+attributeID: 2.5.4.53
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 10485760
+mAPIID: 35910
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Delta-Revocation-List
+adminDescription: Delta-Revocation-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: deltaRevocationList
+schemaIDGUID:: tVd3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Department,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Department
+attributeID: 1.2.840.113556.1.2.141
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14872
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Department
+adminDescription: Department
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: department
+schemaIDGUID:: T3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=departmentNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: departmentNumber
+attributeID: 2.16.840.1.113730.3.1.2
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: departmentNumber
+adminDescription: Identifies a department within an organization.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: departmentNumber
+schemaIDGUID:: 7vaevsfLIk+ye5aWfn7lhQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Description
+attributeID: 2.5.4.13
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 1024
+mAPIID: 32879
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Description
+adminDescription: Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: description
+schemaFlagsEx: 1
+schemaIDGUID:: UHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Desktop-Profile,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Desktop-Profile
+attributeID: 1.2.840.113556.1.4.346
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Desktop-Profile
+adminDescription: Desktop-Profile
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: desktopProfile
+schemaIDGUID:: Blmm7saK0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Destination-Indicator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Destination-Indicator
+attributeID: 2.5.4.27
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 32880
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Destination-Indicator
+adminDescription: Destination-Indicator
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: destinationIndicator
+schemaIDGUID:: UXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Classes
+attributeID: 1.2.840.113556.1.4.715
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Classes
+adminDescription: dhcp-Classes
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dhcpClasses
+schemaIDGUID:: UCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Flags
+attributeID: 1.2.840.113556.1.4.700
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Flags
+adminDescription: dhcp-Flags
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: dhcpFlags
+schemaIDGUID:: QSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Identification,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Identification
+attributeID: 1.2.840.113556.1.4.701
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Identification
+adminDescription: dhcp-Identification
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dhcpIdentification
+schemaIDGUID:: Qic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Mask,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Mask
+attributeID: 1.2.840.113556.1.4.706
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Mask
+adminDescription: dhcp-Mask
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: dhcpMask
+schemaIDGUID:: Ryc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-MaxKey,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-MaxKey
+attributeID: 1.2.840.113556.1.4.719
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-MaxKey
+adminDescription: dhcp-MaxKey
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: dhcpMaxKey
+schemaIDGUID:: VCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Obj-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Obj-Description
+attributeID: 1.2.840.113556.1.4.703
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Obj-Description
+adminDescription: dhcp-Obj-Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dhcpObjDescription
+schemaIDGUID:: RCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Obj-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Obj-Name
+attributeID: 1.2.840.113556.1.4.702
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Obj-Name
+adminDescription: dhcp-Obj-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dhcpObjName
+schemaIDGUID:: Qyc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Options,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Options
+attributeID: 1.2.840.113556.1.4.714
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Options
+adminDescription: dhcp-Options
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dhcpOptions
+schemaIDGUID:: Tyc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Properties,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Properties
+attributeID: 1.2.840.113556.1.4.718
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Properties
+adminDescription: dhcp-Properties
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dhcpProperties
+schemaIDGUID:: Uyc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Ranges,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Ranges
+attributeID: 1.2.840.113556.1.4.707
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Ranges
+adminDescription: dhcp-Ranges
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: dhcpRanges
+schemaIDGUID:: SCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Reservations,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Reservations
+attributeID: 1.2.840.113556.1.4.709
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Reservations
+adminDescription: dhcp-Reservations
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: dhcpReservations
+schemaIDGUID:: Sic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Servers
+attributeID: 1.2.840.113556.1.4.704
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Servers
+adminDescription: dhcp-Servers
+oMSyntax: 19
+searchFlags: 0
+extendedCharsAllowed: TRUE
+lDAPDisplayName: dhcpServers
+schemaIDGUID:: RSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Sites,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Sites
+attributeID: 1.2.840.113556.1.4.708
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Sites
+adminDescription: dhcp-Sites
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: dhcpSites
+schemaIDGUID:: SSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-State,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-State
+attributeID: 1.2.840.113556.1.4.717
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-State
+adminDescription: dhcp-State
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: dhcpState
+schemaIDGUID:: Uic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Subnets,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Subnets
+attributeID: 1.2.840.113556.1.4.705
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Subnets
+adminDescription: dhcp-Subnets
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: dhcpSubnets
+schemaIDGUID:: Ric9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Type
+attributeID: 1.2.840.113556.1.4.699
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Type
+adminDescription: dhcp-Type
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: dhcpType
+schemaIDGUID:: Oyc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Unique-Key,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Unique-Key
+attributeID: 1.2.840.113556.1.4.698
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Unique-Key
+adminDescription: dhcp-Unique-Key
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: dhcpUniqueKey
+schemaIDGUID:: Oic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Update-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Update-Time
+attributeID: 1.2.840.113556.1.4.720
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Update-Time
+adminDescription: dhcp-Update-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: dhcpUpdateTime
+schemaIDGUID:: VSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Display-Name
+attributeID: 1.2.840.113556.1.2.13
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Display-Name
+adminDescription: Display-Name
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: displayName
+schemaFlagsEx: 1
+schemaIDGUID:: U3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Display-Name-Printable,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Display-Name-Printable
+attributeID: 1.2.840.113556.1.2.353
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+mAPIID: 14847
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Display-Name-Printable
+adminDescription: Display-Name-Printable
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: displayNamePrintable
+schemaFlagsEx: 1
+schemaIDGUID:: VHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DIT-Content-Rules,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DIT-Content-Rules
+attributeID: 2.5.21.2
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DIT-Content-Rules
+adminDescription: DIT-Content-Rules
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dITContentRules
+schemaFlagsEx: 1
+schemaIDGUID:: Rtl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Division,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Division
+attributeID: 1.2.840.113556.1.4.261
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Division
+adminDescription: Division
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: division
+schemaIDGUID:: oDZh/nMg0BGpwgCqAGwz7Q==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DMD-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DMD-Location
+attributeID: 1.2.840.113556.1.2.36
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DMD-Location
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: DMD-Location
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: dMDLocation
+schemaFlagsEx: 1
+schemaIDGUID:: i//48JER0BGgYACqAGwz7Q==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DMD-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DMD-Name
+attributeID: 1.2.840.113556.1.2.598
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+mAPIID: 35926
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DMD-Name
+adminDescription: DMD-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dmdName
+schemaIDGUID:: uVd3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DN-Reference-Update,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DN-Reference-Update
+attributeID: 1.2.840.113556.1.4.1242
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DN-Reference-Update
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: DN-Reference-Update
+oMSyntax: 127
+searchFlags: 8
+lDAPDisplayName: dNReferenceUpdate
+schemaFlagsEx: 1
+schemaIDGUID:: hg35LZ8A0hGqTADAT9fYOg==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Allow-Dynamic,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dns-Allow-Dynamic
+attributeID: 1.2.840.113556.1.4.378
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Allow-Dynamic
+adminDescription: Dns-Allow-Dynamic
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: dnsAllowDynamic
+schemaIDGUID:: ZR764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Allow-XFR,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dns-Allow-XFR
+attributeID: 1.2.840.113556.1.4.379
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Allow-XFR
+adminDescription: Dns-Allow-XFR
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: dnsAllowXFR
+schemaIDGUID:: Zh764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DNS-Host-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DNS-Host-Name
+attributeID: 1.2.840.113556.1.4.619
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DNS-Host-Name
+adminDescription: DNS-Host-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dNSHostName
+schemaFlagsEx: 1
+schemaIDGUID:: R5Xjchh70RGt7wDAT9jVzQ==
+attributeSecurityGUID:: R5Xjchh70RGt7wDAT9jVzQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Notify-Secondaries,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dns-Notify-Secondaries
+attributeID: 1.2.840.113556.1.4.381
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Notify-Secondaries
+adminDescription: Dns-Notify-Secondaries
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: dnsNotifySecondaries
+schemaIDGUID:: aB764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DNS-Property,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DNS-Property
+attributeID: 1.2.840.113556.1.4.1306
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DNS-Property
+adminDescription: DNS-Property
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dNSProperty
+schemaIDGUID:: /hVaZ3A70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Record,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dns-Record
+attributeID: 1.2.840.113556.1.4.382
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Record
+adminDescription: Dns-Record
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dnsRecord
+schemaIDGUID:: aR764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Root,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dns-Root
+attributeID: 1.2.840.113556.1.4.28
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Root
+adminDescription: Dns-Root
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: dnsRoot
+schemaFlagsEx: 1
+schemaIDGUID:: WXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Secure-Secondaries,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dns-Secure-Secondaries
+attributeID: 1.2.840.113556.1.4.380
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Secure-Secondaries
+adminDescription: Dns-Secure-Secondaries
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: dnsSecureSecondaries
+schemaIDGUID:: Zx764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DNS-Tombstoned,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DNS-Tombstoned
+attributeID: 1.2.840.113556.1.4.1414
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DNS-Tombstoned
+adminDescription: DNS-Tombstoned
+oMSyntax: 1
+searchFlags: 1
+lDAPDisplayName: dNSTombstoned
+schemaIDGUID:: ty7r1U6+O0aiFGNKRNc5Lg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentAuthor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: documentAuthor
+attributeID: 0.9.2342.19200300.100.1.14
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentAuthor
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ The documentAuthor attribute type specifies the distinguished name of the auth
+ or of a document.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: documentAuthor
+schemaIDGUID:: GY6K8V+veESwlm81wn64Pw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentIdentifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: documentIdentifier
+attributeID: 0.9.2342.19200300.100.1.11
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentIdentifier
+adminDescription: 
+ The documentIdentifier attribute type specifies a unique identifier for a docu
+ ment.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: documentIdentifier
+schemaIDGUID:: gs4hC2P/2UaQ+8i58k6XuQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentLocation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: documentLocation
+attributeID: 0.9.2342.19200300.100.1.15
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentLocation
+adminDescription: 
+ The documentLocation attribute type specifies the location of the document ori
+ ginal.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: documentLocation
+schemaIDGUID:: TrFYuW2sxE6Ikr5wtp9ygQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentPublisher,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: documentPublisher
+attributeID: 0.9.2342.19200300.100.1.56
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentPublisher
+adminDescription: 
+ The documentPublisher attribute is the person and/or organization that publish
+ ed a document.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: documentPublisher
+schemaIDGUID:: 1wkPF2nrikSaMPGv7P0y1w==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentTitle,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: documentTitle
+attributeID: 0.9.2342.19200300.100.1.12
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentTitle
+adminDescription: 
+ The documentTitle attribute type specifies the title of a document.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: documentTitle
+schemaIDGUID:: nFom3iz/uUeR3G5v4sQwYg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentVersion,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: documentVersion
+attributeID: 0.9.2342.19200300.100.1.13
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentVersion
+adminDescription: 
+ The documentVersion attribute type specifies the version number of a document.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: documentVersion
+schemaIDGUID:: qaizlBPW7EyarV+8wQRrQw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Certificate-Authorities,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Certificate-Authorities
+attributeID: 1.2.840.113556.1.4.668
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Certificate-Authorities
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Domain-Certificate-Authorities
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: domainCAs
+schemaIDGUID:: esv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Component,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Component
+attributeID: 0.9.2342.19200300.100.1.25
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Component
+adminDescription: Domain-Component
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dc
+schemaFlagsEx: 1
+schemaIDGUID:: VVoZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Cross-Ref,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Cross-Ref
+attributeID: 1.2.840.113556.1.4.472
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Cross-Ref
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Domain-Cross-Ref
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: domainCrossRef
+schemaFlagsEx: 1
+schemaIDGUID:: e+oAsIag0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-ID
+attributeID: 1.2.840.113556.1.4.686
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-ID
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Domain-ID
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: domainID
+schemaIDGUID:: NCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Identifier
+attributeID: 1.2.840.113556.1.4.755
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Identifier
+adminDescription: Domain-Identifier
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: domainIdentifier
+schemaIDGUID:: eBJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Policy-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Policy-Object
+attributeID: 1.2.840.113556.1.4.32
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Policy-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Domain-Policy-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: domainPolicyObject
+schemaIDGUID:: XXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Policy-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Policy-Reference
+attributeID: 1.2.840.113556.1.4.422
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Policy-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Domain-Policy-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: domainPolicyReference
+schemaIDGUID:: Kn6mgCKf0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: /omboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Replica,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Replica
+attributeID: 1.2.840.113556.1.4.158
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Replica
+adminDescription: Domain-Replica
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: domainReplica
+schemaFlagsEx: 1
+schemaIDGUID:: XnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Wide-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Wide-Policy
+attributeID: 1.2.840.113556.1.4.421
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Wide-Policy
+adminDescription: Domain-Wide-Policy
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: domainWidePolicy
+schemaIDGUID:: KX6mgCKf0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: /YmboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=drink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: drink
+attributeID: 0.9.2342.19200300.100.1.5
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: drink
+adminDescription: 
+ The drink (Favourite Drink) attribute type specifies the favorite drink of an 
+ object (or person).
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: drink
+schemaIDGUID:: taUaGi4m9k2vBCz2sNgASA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Driver-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Driver-Name
+attributeID: 1.2.840.113556.1.4.229
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Driver-Name
+adminDescription: Driver-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: driverName
+schemaIDGUID:: xRYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Driver-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Driver-Version
+attributeID: 1.2.840.113556.1.4.276
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Driver-Version
+adminDescription: Driver-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: driverVersion
+schemaIDGUID:: bl8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DS-Core-Propagation-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DS-Core-Propagation-Data
+attributeID: 1.2.840.113556.1.4.1357
+attributeSyntax: 2.5.5.11
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DS-Core-Propagation-Data
+adminDescription: DS-Core-Propagation-Data
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: dSCorePropagationData
+schemaFlagsEx: 1
+schemaIDGUID:: S6pn0QiL0hGZOQAA+HpX1A==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DS-Heuristics,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DS-Heuristics
+attributeID: 1.2.840.113556.1.2.212
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DS-Heuristics
+adminDescription: DS-Heuristics
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dSHeuristics
+schemaFlagsEx: 1
+schemaIDGUID:: hv/48JER0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DS-UI-Admin-Maximum,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DS-UI-Admin-Maximum
+attributeID: 1.2.840.113556.1.4.1344
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DS-UI-Admin-Maximum
+adminDescription: DS-UI-Admin-Maximum
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: dSUIAdminMaximum
+schemaIDGUID:: 4AqN7pFv0hGZBQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DS-UI-Admin-Notification,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DS-UI-Admin-Notification
+attributeID: 1.2.840.113556.1.4.1343
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DS-UI-Admin-Notification
+adminDescription: DS-UI-Admin-Notification
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dSUIAdminNotification
+schemaIDGUID:: lArq9pFv0hGZBQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DS-UI-Shell-Maximum,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DS-UI-Shell-Maximum
+attributeID: 1.2.840.113556.1.4.1345
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DS-UI-Shell-Maximum
+adminDescription: DS-UI-Shell-Maximum
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: dSUIShellMaximum
+schemaIDGUID:: anbK/JFv0hGZBQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DSA-Signature,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DSA-Signature
+attributeID: 1.2.840.113556.1.2.74
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+mAPIID: 32887
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DSA-Signature
+adminDescription: DSA-Signature
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dSASignature
+schemaFlagsEx: 1
+schemaIDGUID:: vFd3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dynamic-LDAP-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dynamic-LDAP-Server
+attributeID: 1.2.840.113556.1.4.537
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dynamic-LDAP-Server
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Dynamic-LDAP-Server
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: dynamicLDAPServer
+schemaIDGUID:: IYBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=E-mail-Addresses,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: E-mail-Addresses
+attributeID: 0.9.2342.19200300.100.1.3
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 256
+mAPIID: 14846
+showInAdvancedViewOnly: TRUE
+adminDisplayName: E-mail-Addresses
+adminDescription: E-mail-Addresses
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: mail
+schemaIDGUID:: YXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=EFSPolicy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: EFSPolicy
+attributeID: 1.2.840.113556.1.4.268
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: EFSPolicy
+adminDescription: EFSPolicy
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: eFSPolicy
+schemaFlagsEx: 1
+schemaIDGUID:: 7LJOjhJH0BGhoADAT9kwyQ==
+attributeSecurityGUID:: /YmboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Employee-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Employee-ID
+attributeID: 1.2.840.113556.1.4.35
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Employee-ID
+adminDescription: Employee-ID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: employeeID
+schemaIDGUID:: YnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Employee-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Employee-Number
+attributeID: 1.2.840.113556.1.2.610
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 512
+mAPIID: 35943
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Employee-Number
+adminDescription: Employee-Number
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: employeeNumber
+schemaIDGUID:: 73PfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Employee-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Employee-Type
+attributeID: 1.2.840.113556.1.2.613
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+mAPIID: 35945
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Employee-Type
+adminDescription: Employee-Type
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: employeeType
+schemaIDGUID:: 8HPfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Enabled
+attributeID: 1.2.840.113556.1.2.557
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+mAPIID: 35873
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Enabled
+adminDescription: Enabled
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: Enabled
+schemaFlagsEx: 1
+schemaIDGUID:: 8nPfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Enabled-Connection,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Enabled-Connection
+attributeID: 1.2.840.113556.1.4.36
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Enabled-Connection
+adminDescription: Enabled-Connection
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: enabledConnection
+schemaFlagsEx: 1
+schemaIDGUID:: Y3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Enrollment-Providers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Enrollment-Providers
+attributeID: 1.2.840.113556.1.4.825
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Enrollment-Providers
+adminDescription: Enrollment-Providers
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: enrollmentProviders
+schemaIDGUID:: s8U5KmCJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Entry-TTL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Entry-TTL
+description: 
+ This operational attribute is present in every dynamic entry and is maintained
+  by the server. The value of this attribute is the time-in-seconds that the en
+ try will continue to exist before disappearing from the directory. In the abse
+ nce of intervening "refresh" operations, the values returned by reading the at
+ tribute in two successive searches are guaranteed to be non-increasing. The sm
+ allest permissible value is 0, indicating that the entry may disappear without
+  warning.
+attributeID: 1.3.6.1.4.1.1466.101.119.3
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 31557600
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Entry-TTL
+adminDescription: Entry-TTL
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: entryTTL
+schemaIDGUID:: zN4T0hrYhEOqwtz8/WMc+A==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Extended-Attribute-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Extended-Attribute-Info
+attributeID: 1.2.840.113556.1.4.909
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Extended-Attribute-Info
+adminDescription: Extended-Attribute-Info
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: extendedAttributeInfo
+schemaFlagsEx: 1
+schemaIDGUID:: R9l6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Extended-Chars-Allowed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Extended-Chars-Allowed
+attributeID: 1.2.840.113556.1.2.380
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+mAPIID: 32935
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Extended-Chars-Allowed
+adminDescription: Extended-Chars-Allowed
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: extendedCharsAllowed
+schemaFlagsEx: 1
+schemaIDGUID:: ZnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Extended-Class-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Extended-Class-Info
+attributeID: 1.2.840.113556.1.4.908
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Extended-Class-Info
+adminDescription: Extended-Class-Info
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: extendedClassInfo
+schemaFlagsEx: 1
+schemaIDGUID:: SNl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Extension-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Extension-Name
+attributeID: 1.2.840.113556.1.2.227
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 255
+mAPIID: 32937
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Extension-Name
+adminDescription: Extension-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: extensionName
+schemaIDGUID:: cnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Extra-Columns,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Extra-Columns
+attributeID: 1.2.840.113556.1.4.1687
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Extra-Columns
+adminDescription: Extra-Columns
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: extraColumns
+schemaIDGUID:: RihO0tkdz0uZ16YifMhtpw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Facsimile-Telephone-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Facsimile-Telephone-Number
+attributeID: 2.5.4.23
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14883
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Facsimile-Telephone-Number
+adminDescription: Facsimile-Telephone-Number
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: facsimileTelephoneNumber
+schemaIDGUID:: dHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=File-Ext-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: File-Ext-Priority
+attributeID: 1.2.840.113556.1.4.816
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: File-Ext-Priority
+adminDescription: File-Ext-Priority
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: fileExtPriority
+schemaIDGUID:: FYPh2TmJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Flags
+attributeID: 1.2.840.113556.1.4.38
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Flags
+adminDescription: Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: flags
+schemaIDGUID:: dnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Flat-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Flat-Name
+attributeID: 1.2.840.113556.1.4.511
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Flat-Name
+adminDescription: Flat-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: flatName
+schemaFlagsEx: 1
+schemaIDGUID:: FzGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Force-Logoff,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Force-Logoff
+attributeID: 1.2.840.113556.1.4.39
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Force-Logoff
+adminDescription: Force-Logoff
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: forceLogoff
+schemaFlagsEx: 1
+schemaIDGUID:: d3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Foreign-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Foreign-Identifier
+attributeID: 1.2.840.113556.1.4.356
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Foreign-Identifier
+adminDescription: Foreign-Identifier
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: foreignIdentifier
+schemaIDGUID:: HomXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Friendly-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Friendly-Names
+attributeID: 1.2.840.113556.1.4.682
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Friendly-Names
+adminDescription: Friendly-Names
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: friendlyNames
+schemaIDGUID:: iMv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=From-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: From-Entry
+attributeID: 1.2.840.113556.1.4.910
+attributeSyntax: 2.5.5.8
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: From-Entry
+adminDescription: From-Entry
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: fromEntry
+schemaFlagsEx: 1
+schemaIDGUID:: Sdl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=From-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: From-Server
+attributeID: 1.2.840.113556.1.4.40
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: From-Server
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: From-Server
+oMSyntax: 127
+searchFlags: 1
+lDAPDisplayName: fromServer
+schemaFlagsEx: 1
+schemaIDGUID:: eXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Frs-Computer-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Frs-Computer-Reference
+attributeID: 1.2.840.113556.1.4.869
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 102
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Frs-Computer-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Frs-Computer-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: frsComputerReference
+schemaIDGUID:: eCUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Frs-Computer-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Frs-Computer-Reference-BL
+attributeID: 1.2.840.113556.1.4.870
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 103
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Frs-Computer-Reference-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Frs-Computer-Reference-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: frsComputerReferenceBL
+schemaIDGUID:: eSUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Control-Data-Creation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Control-Data-Creation
+attributeID: 1.2.840.113556.1.4.871
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Control-Data-Creation
+adminDescription: FRS-Control-Data-Creation
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSControlDataCreation
+schemaIDGUID:: eiUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Control-Inbound-Backlog,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Control-Inbound-Backlog
+attributeID: 1.2.840.113556.1.4.872
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Control-Inbound-Backlog
+adminDescription: FRS-Control-Inbound-Backlog
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSControlInboundBacklog
+schemaIDGUID:: eyUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Control-Outbound-Backlog,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Control-Outbound-Backlog
+attributeID: 1.2.840.113556.1.4.873
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Control-Outbound-Backlog
+adminDescription: FRS-Control-Outbound-Backlog
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSControlOutboundBacklog
+schemaIDGUID:: fCUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Directory-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Directory-Filter
+attributeID: 1.2.840.113556.1.4.484
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Directory-Filter
+adminDescription: FRS-Directory-Filter
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSDirectoryFilter
+schemaIDGUID:: cfHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-DS-Poll,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-DS-Poll
+attributeID: 1.2.840.113556.1.4.490
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-DS-Poll
+adminDescription: FRS-DS-Poll
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: fRSDSPoll
+schemaIDGUID:: d/HoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Extensions,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Extensions
+attributeID: 1.2.840.113556.1.4.536
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Extensions
+adminDescription: FRS-Extensions
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: fRSExtensions
+schemaIDGUID:: IIBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Fault-Condition,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Fault-Condition
+attributeID: 1.2.840.113556.1.4.491
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Fault-Condition
+adminDescription: FRS-Fault-Condition
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSFaultCondition
+schemaIDGUID:: ePHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-File-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-File-Filter
+attributeID: 1.2.840.113556.1.4.483
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-File-Filter
+adminDescription: FRS-File-Filter
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSFileFilter
+schemaIDGUID:: cPHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Flags
+attributeID: 1.2.840.113556.1.4.874
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Flags
+adminDescription: FRS-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: fRSFlags
+schemaIDGUID:: fSUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Level-Limit,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Level-Limit
+attributeID: 1.2.840.113556.1.4.534
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Level-Limit
+adminDescription: FRS-Level-Limit
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: fRSLevelLimit
+schemaIDGUID:: HoBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Member-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Member-Reference
+attributeID: 1.2.840.113556.1.4.875
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 104
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Member-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: FRS-Member-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: fRSMemberReference
+schemaIDGUID:: fiUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Member-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Member-Reference-BL
+attributeID: 1.2.840.113556.1.4.876
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 105
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Member-Reference-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: FRS-Member-Reference-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: fRSMemberReferenceBL
+schemaIDGUID:: fyUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Partner-Auth-Level,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Partner-Auth-Level
+attributeID: 1.2.840.113556.1.4.877
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Partner-Auth-Level
+adminDescription: FRS-Partner-Auth-Level
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: fRSPartnerAuthLevel
+schemaIDGUID:: gCUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Primary-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Primary-Member
+attributeID: 1.2.840.113556.1.4.878
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 106
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Primary-Member
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: FRS-Primary-Member
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: fRSPrimaryMember
+schemaIDGUID:: gSUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Replica-Set-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Replica-Set-GUID
+attributeID: 1.2.840.113556.1.4.533
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Replica-Set-GUID
+adminDescription: FRS-Replica-Set-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: fRSReplicaSetGUID
+schemaIDGUID:: GoBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Replica-Set-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Replica-Set-Type
+attributeID: 1.2.840.113556.1.4.31
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Replica-Set-Type
+adminDescription: FRS-Replica-Set-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: fRSReplicaSetType
+schemaIDGUID:: a3PZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Root-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Root-Path
+attributeID: 1.2.840.113556.1.4.487
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Root-Path
+adminDescription: FRS-Root-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSRootPath
+schemaIDGUID:: dPHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Root-Security,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Root-Security
+attributeID: 1.2.840.113556.1.4.535
+attributeSyntax: 2.5.5.15
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Root-Security
+adminDescription: FRS-Root-Security
+oMSyntax: 66
+searchFlags: 0
+lDAPDisplayName: fRSRootSecurity
+schemaIDGUID:: H4BFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Service-Command,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Service-Command
+attributeID: 1.2.840.113556.1.4.500
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Service-Command
+adminDescription: FRS-Service-Command
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSServiceCommand
+schemaIDGUID:: 7gys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Service-Command-Status,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Service-Command-Status
+attributeID: 1.2.840.113556.1.4.879
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Service-Command-Status
+adminDescription: FRS-Service-Command-Status
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSServiceCommandStatus
+schemaIDGUID:: giUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Staging-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Staging-Path
+attributeID: 1.2.840.113556.1.4.488
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Staging-Path
+adminDescription: FRS-Staging-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSStagingPath
+schemaIDGUID:: dfHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Time-Last-Command,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Time-Last-Command
+attributeID: 1.2.840.113556.1.4.880
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Time-Last-Command
+adminDescription: FRS-Time-Last-Command
+oMSyntax: 23
+searchFlags: 0
+lDAPDisplayName: fRSTimeLastCommand
+schemaIDGUID:: gyUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Time-Last-Config-Change,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Time-Last-Config-Change
+attributeID: 1.2.840.113556.1.4.881
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Time-Last-Config-Change
+adminDescription: FRS-Time-Last-Config-Change
+oMSyntax: 23
+searchFlags: 0
+lDAPDisplayName: fRSTimeLastConfigChange
+schemaIDGUID:: hCUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Update-Timeout,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Update-Timeout
+attributeID: 1.2.840.113556.1.4.485
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Update-Timeout
+adminDescription: FRS-Update-Timeout
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: fRSUpdateTimeout
+schemaIDGUID:: cvHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Version
+attributeID: 1.2.840.113556.1.4.882
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Version
+adminDescription: FRS-Version
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSVersion
+schemaIDGUID:: hSUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Version-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Version-GUID
+attributeID: 1.2.840.113556.1.4.43
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Version-GUID
+adminDescription: FRS-Version-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: fRSVersionGUID
+schemaIDGUID:: bHPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Working-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Working-Path
+attributeID: 1.2.840.113556.1.4.486
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Working-Path
+adminDescription: FRS-Working-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSWorkingPath
+schemaIDGUID:: c/HoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FSMO-Role-Owner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FSMO-Role-Owner
+attributeID: 1.2.840.113556.1.4.369
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FSMO-Role-Owner
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: FSMO-Role-Owner
+oMSyntax: 127
+searchFlags: 1
+lDAPDisplayName: fSMORoleOwner
+schemaFlagsEx: 1
+schemaIDGUID:: hxgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Garbage-Coll-Period,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Garbage-Coll-Period
+attributeID: 1.2.840.113556.1.2.301
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 32943
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Garbage-Coll-Period
+adminDescription: Garbage-Coll-Period
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: garbageCollPeriod
+schemaFlagsEx: 1
+schemaIDGUID:: oSTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Generated-Connection,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Generated-Connection
+attributeID: 1.2.840.113556.1.4.41
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Generated-Connection
+adminDescription: Generated-Connection
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: generatedConnection
+schemaIDGUID:: enmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Generation-Qualifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Generation-Qualifier
+attributeID: 2.5.4.44
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35923
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Generation-Qualifier
+adminDescription: Generation-Qualifier
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: generationQualifier
+schemaIDGUID:: BFh3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Given-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Given-Name
+attributeID: 2.5.4.42
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14854
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Given-Name
+adminDescription: Given-Name
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: givenName
+schemaFlagsEx: 1
+schemaIDGUID:: jv/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Global-Address-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Global-Address-List
+attributeID: 1.2.840.113556.1.4.1245
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Global-Address-List
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Global-Address-List
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: globalAddressList
+schemaFlagsEx: 1
+schemaIDGUID:: SMdU9/QG0hGqUwDAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Governs-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Governs-ID
+attributeID: 1.2.840.113556.1.2.22
+attributeSyntax: 2.5.5.2
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Governs-ID
+adminDescription: Governs-ID
+oMSyntax: 6
+searchFlags: 8
+lDAPDisplayName: governsID
+schemaFlagsEx: 1
+schemaIDGUID:: fXmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GP-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GP-Link
+attributeID: 1.2.840.113556.1.4.891
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GP-Link
+adminDescription: GP-Link
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: gPLink
+schemaIDGUID:: vjsO8/Cf0RG2AwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GP-Options,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GP-Options
+attributeID: 1.2.840.113556.1.4.892
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GP-Options
+adminDescription: GP-Options
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: gPOptions
+schemaIDGUID:: vzsO8/Cf0RG2AwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GPC-File-Sys-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GPC-File-Sys-Path
+attributeID: 1.2.840.113556.1.4.894
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GPC-File-Sys-Path
+adminDescription: GPC-File-Sys-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: gPCFileSysPath
+schemaIDGUID:: wTsO8/Cf0RG2AwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GPC-Functionality-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GPC-Functionality-Version
+attributeID: 1.2.840.113556.1.4.893
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GPC-Functionality-Version
+adminDescription: GPC-Functionality-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: gPCFunctionalityVersion
+schemaIDGUID:: wDsO8/Cf0RG2AwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GPC-Machine-Extension-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GPC-Machine-Extension-Names
+attributeID: 1.2.840.113556.1.4.1348
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GPC-Machine-Extension-Names
+adminDescription: GPC-Machine-Extension-Names
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: gPCMachineExtensionNames
+schemaIDGUID:: zI7/Mj940hGZFgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GPC-User-Extension-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GPC-User-Extension-Names
+attributeID: 1.2.840.113556.1.4.1349
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GPC-User-Extension-Names
+adminDescription: GPC-User-Extension-Names
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: gPCUserExtensionNames
+schemaIDGUID:: xl+nQj940hGZFgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GPC-WQL-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GPC-WQL-Filter
+attributeID: 1.2.840.113556.1.4.1694
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GPC-WQL-Filter
+adminDescription: GPC-WQL-Filter
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: gPCWQLFilter
+schemaIDGUID:: psfUe90aNkSMBDmZqIAVTA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Group-Attributes
+attributeID: 1.2.840.113556.1.4.152
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group-Attributes
+adminDescription: Group-Attributes
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: groupAttributes
+schemaIDGUID:: fnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group-Membership-SAM,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Group-Membership-SAM
+attributeID: 1.2.840.113556.1.4.166
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group-Membership-SAM
+adminDescription: Group-Membership-SAM
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: groupMembershipSAM
+schemaIDGUID:: gHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Group-Priority
+attributeID: 1.2.840.113556.1.4.345
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group-Priority
+adminDescription: Group-Priority
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: groupPriority
+schemaIDGUID:: BVmm7saK0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Group-Type
+attributeID: 1.2.840.113556.1.4.750
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group-Type
+adminDescription: Group-Type
+oMSyntax: 2
+searchFlags: 9
+lDAPDisplayName: groupType
+schemaFlagsEx: 1
+schemaIDGUID:: HgKamltK0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Groups-to-Ignore,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Groups-to-Ignore
+attributeID: 1.2.840.113556.1.4.344
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Groups-to-Ignore
+adminDescription: Groups-to-Ignore
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: groupsToIgnore
+schemaIDGUID:: BFmm7saK0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Has-Master-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Has-Master-NCs
+attributeID: 1.2.840.113556.1.2.14
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 32950
+linkID: 76
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Has-Master-NCs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Has-Master-NCs
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: hasMasterNCs
+schemaFlagsEx: 1
+schemaIDGUID:: gnmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Has-Partial-Replica-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Has-Partial-Replica-NCs
+attributeID: 1.2.840.113556.1.2.15
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 32949
+linkID: 74
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Has-Partial-Replica-NCs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Has-Partial-Replica-NCs
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: hasPartialReplicaNCs
+schemaFlagsEx: 1
+schemaIDGUID:: gXmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Help-Data16,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Help-Data16
+attributeID: 1.2.840.113556.1.2.402
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 32826
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Help-Data16
+adminDescription: Help-Data16
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: helpData16
+schemaFlagsEx: 1
+schemaIDGUID:: pyTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Help-Data32,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Help-Data32
+attributeID: 1.2.840.113556.1.2.9
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 32784
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Help-Data32
+adminDescription: Help-Data32
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: helpData32
+schemaFlagsEx: 1
+schemaIDGUID:: qCTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Help-File-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Help-File-Name
+attributeID: 1.2.840.113556.1.2.327
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 13
+mAPIID: 32827
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Help-File-Name
+adminDescription: Help-File-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: helpFileName
+schemaFlagsEx: 1
+schemaIDGUID:: qSTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Hide-From-AB,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Hide-From-AB
+attributeID: 1.2.840.113556.1.4.1780
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Hide-From-AB
+adminDescription: Hide-From-AB
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: hideFromAB
+schemaIDGUID:: ULcF7Hep/k6OjbpsGm4zqA==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Home-Directory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Home-Directory
+attributeID: 1.2.840.113556.1.4.44
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Home-Directory
+adminDescription: Home-Directory
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: homeDirectory
+schemaFlagsEx: 1
+schemaIDGUID:: hXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Home-Drive,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Home-Drive
+attributeID: 1.2.840.113556.1.4.45
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Home-Drive
+adminDescription: Home-Drive
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: homeDrive
+schemaFlagsEx: 1
+schemaIDGUID:: hnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=houseIdentifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: houseIdentifier
+attributeID: 2.5.4.51
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 32768
+showInAdvancedViewOnly: TRUE
+adminDisplayName: houseIdentifier
+adminDescription: 
+ The houseIdentifier attribute type specifies a linguistic construct used to id
+ entify a particular building, for example a house number or house name relativ
+ e to a street, avenue, town or city, etc.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: houseIdentifier
+schemaIDGUID:: t5hTpErEtk6C0xPBCUbb/g==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=host,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: host
+attributeID: 0.9.2342.19200300.100.1.9
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: host
+adminDescription: The host attribute type specifies a host computer.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: host
+schemaIDGUID:: cd9DYEj6z0arfMvVRkSyLQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Icon-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Icon-Path
+attributeID: 1.2.840.113556.1.4.219
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Icon-Path
+adminDescription: Icon-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: iconPath
+schemaIDGUID:: g//48JER0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Implemented-Categories,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Implemented-Categories
+attributeID: 1.2.840.113556.1.4.320
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Implemented-Categories
+adminDescription: Implemented-Categories
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: implementedCategories
+schemaIDGUID:: kg5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IndexedScopes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IndexedScopes
+attributeID: 1.2.840.113556.1.4.681
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: IndexedScopes
+adminDescription: IndexedScopes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: indexedScopes
+schemaIDGUID:: h8v9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Initial-Auth-Incoming,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Initial-Auth-Incoming
+attributeID: 1.2.840.113556.1.4.539
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Initial-Auth-Incoming
+adminDescription: Initial-Auth-Incoming
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: initialAuthIncoming
+schemaFlagsEx: 1
+schemaIDGUID:: I4BFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Initial-Auth-Outgoing,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Initial-Auth-Outgoing
+attributeID: 1.2.840.113556.1.4.540
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Initial-Auth-Outgoing
+adminDescription: Initial-Auth-Outgoing
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: initialAuthOutgoing
+schemaFlagsEx: 1
+schemaIDGUID:: JIBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Initials,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Initials
+attributeID: 2.5.4.43
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 6
+mAPIID: 14858
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Initials
+adminDescription: Initials
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: initials
+schemaIDGUID:: kP/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Install-Ui-Level,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Install-Ui-Level
+attributeID: 1.2.840.113556.1.4.847
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Install-Ui-Level
+adminDescription: Install-Ui-Level
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: installUiLevel
+schemaIDGUID:: ZN2nlhiR0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Instance-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Instance-Type
+attributeID: 1.2.840.113556.1.2.1
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 32957
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Instance-Type
+adminDescription: Instance-Type
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: instanceType
+schemaFlagsEx: 1
+schemaIDGUID:: jHmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Inter-Site-Topology-Failover,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Inter-Site-Topology-Failover
+attributeID: 1.2.840.113556.1.4.1248
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Inter-Site-Topology-Failover
+adminDescription: Inter-Site-Topology-Failover
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: interSiteTopologyFailover
+schemaFlagsEx: 1
+schemaIDGUID:: YJ7Gt8cs0hGFTgCgyYP2CA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Inter-Site-Topology-Generator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Inter-Site-Topology-Generator
+attributeID: 1.2.840.113556.1.4.1246
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Inter-Site-Topology-Generator
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Inter-Site-Topology-Generator
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: interSiteTopologyGenerator
+schemaFlagsEx: 1
+schemaIDGUID:: Xp7Gt8cs0hGFTgCgyYP2CA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Inter-Site-Topology-Renew,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Inter-Site-Topology-Renew
+attributeID: 1.2.840.113556.1.4.1247
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Inter-Site-Topology-Renew
+adminDescription: Inter-Site-Topology-Renew
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: interSiteTopologyRenew
+schemaFlagsEx: 1
+schemaIDGUID:: X57Gt8cs0hGFTgCgyYP2CA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=International-ISDN-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: International-ISDN-Number
+attributeID: 2.5.4.25
+attributeSyntax: 2.5.5.6
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 16
+mAPIID: 32958
+showInAdvancedViewOnly: TRUE
+adminDisplayName: International-ISDN-Number
+adminDescription: International-ISDN-Number
+oMSyntax: 18
+searchFlags: 0
+lDAPDisplayName: internationalISDNNumber
+schemaIDGUID:: jXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Invocation-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Invocation-Id
+attributeID: 1.2.840.113556.1.2.115
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+mAPIID: 32959
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Invocation-Id
+adminDescription: Invocation-Id
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: invocationId
+schemaFlagsEx: 1
+schemaIDGUID:: jnmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Data
+attributeID: 1.2.840.113556.1.4.623
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Data
+adminDescription: Ipsec-Data
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: ipsecData
+schemaIDGUID:: H/gPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Data-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Data-Type
+attributeID: 1.2.840.113556.1.4.622
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Data-Type
+adminDescription: Ipsec-Data-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: ipsecDataType
+schemaIDGUID:: HvgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Filter-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Filter-Reference
+attributeID: 1.2.840.113556.1.4.629
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Filter-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-Filter-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecFilterReference
+schemaIDGUID:: I/gPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-ID
+attributeID: 1.2.840.113556.1.4.621
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-ID
+adminDescription: Ipsec-ID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ipsecID
+schemaIDGUID:: HfgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-ISAKMP-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-ISAKMP-Reference
+attributeID: 1.2.840.113556.1.4.626
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-ISAKMP-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-ISAKMP-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecISAKMPReference
+schemaIDGUID:: IPgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Name
+attributeID: 1.2.840.113556.1.4.620
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Name
+adminDescription: Ipsec-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ipsecName
+schemaIDGUID:: HPgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IPSEC-Negotiation-Policy-Action,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IPSEC-Negotiation-Policy-Action
+attributeID: 1.2.840.113556.1.4.888
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: IPSEC-Negotiation-Policy-Action
+adminDescription: IPSEC-Negotiation-Policy-Action
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: iPSECNegotiationPolicyAction
+schemaIDGUID:: dTA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Negotiation-Policy-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Negotiation-Policy-Reference
+attributeID: 1.2.840.113556.1.4.628
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Negotiation-Policy-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-Negotiation-Policy-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecNegotiationPolicyReference
+schemaIDGUID:: IvgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IPSEC-Negotiation-Policy-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IPSEC-Negotiation-Policy-Type
+attributeID: 1.2.840.113556.1.4.887
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: IPSEC-Negotiation-Policy-Type
+adminDescription: IPSEC-Negotiation-Policy-Type
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: iPSECNegotiationPolicyType
+schemaIDGUID:: dDA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-NFA-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-NFA-Reference
+attributeID: 1.2.840.113556.1.4.627
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-NFA-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-NFA-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecNFAReference
+schemaIDGUID:: IfgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Owners-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Owners-Reference
+attributeID: 1.2.840.113556.1.4.624
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Owners-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-Owners-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecOwnersReference
+schemaIDGUID:: JPgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Policy-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Policy-Reference
+attributeID: 1.2.840.113556.1.4.517
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Policy-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-Policy-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecPolicyReference
+schemaIDGUID:: GDGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Critical-System-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Critical-System-Object
+attributeID: 1.2.840.113556.1.4.868
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Critical-System-Object
+adminDescription: Is-Critical-System-Object
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: isCriticalSystemObject
+schemaFlagsEx: 1
+schemaIDGUID:: DfP7AP6R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Defunct,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Defunct
+attributeID: 1.2.840.113556.1.4.661
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Defunct
+adminDescription: Is-Defunct
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: isDefunct
+schemaFlagsEx: 1
+schemaIDGUID:: vg5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Deleted,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Deleted
+attributeID: 1.2.840.113556.1.2.48
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+mAPIID: 32960
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Deleted
+adminDescription: Is-Deleted
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: isDeleted
+schemaFlagsEx: 1
+schemaIDGUID:: j3mWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Ephemeral,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Ephemeral
+attributeID: 1.2.840.113556.1.4.1212
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Ephemeral
+adminDescription: Is-Ephemeral
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: isEphemeral
+schemaIDGUID:: 8FPE9PHF0RG7ywCAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Member-Of-DL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Member-Of-DL
+attributeID: 1.2.840.113556.1.2.102
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 32776
+linkID: 3
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Member-Of-DL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Is-Member-Of-DL
+oMSyntax: 127
+searchFlags: 16
+lDAPDisplayName: memberOf
+schemaFlagsEx: 1
+schemaIDGUID:: kXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: QMIKvKl50BGQIADAT8LUzw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Member-Of-Partial-Attribute-Set,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Member-Of-Partial-Attribute-Set
+attributeID: 1.2.840.113556.1.4.639
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Member-Of-Partial-Attribute-Set
+adminDescription: Is-Member-Of-Partial-Attribute-Set
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: isMemberOfPartialAttributeSet
+schemaFlagsEx: 1
+schemaIDGUID:: nVtAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Privilege-Holder,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Privilege-Holder
+attributeID: 1.2.840.113556.1.4.638
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 71
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Privilege-Holder
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Is-Privilege-Holder
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: isPrivilegeHolder
+schemaIDGUID:: nFtAGfo80RGpwAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Recycled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Recycled
+attributeID: 1.2.840.113556.1.4.2058
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Recycled
+adminDescription: Is the object recycled.
+oMSyntax: 1
+searchFlags: 8
+lDAPDisplayName: isRecycled
+schemaFlagsEx: 1
+schemaIDGUID:: VpK1j/FVS0Sqy/W0gv40WQ==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Single-Valued,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Single-Valued
+attributeID: 1.2.840.113556.1.2.33
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+mAPIID: 32961
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Single-Valued
+adminDescription: Is-Single-Valued
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: isSingleValued
+schemaFlagsEx: 1
+schemaIDGUID:: knmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=jpegPhoto,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: jpegPhoto
+attributeID: 0.9.2342.19200300.100.1.60
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: jpegPhoto
+adminDescription: 
+ Used to store one or more images of a person using the JPEG File Interchange F
+ ormat [JFIF].
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: jpegPhoto
+schemaIDGUID:: cgXIusQJqU+a5nYo162+Dg==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Keywords,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Keywords
+attributeID: 1.2.840.113556.1.4.48
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Keywords
+adminDescription: Keywords
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: keywords
+schemaFlagsEx: 1
+schemaIDGUID:: k3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Knowledge-Information,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Knowledge-Information
+attributeID: 2.5.4.2
+attributeSyntax: 2.5.5.4
+isSingleValued: FALSE
+mAPIID: 32963
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Knowledge-Information
+adminDescription: Knowledge-Information
+oMSyntax: 20
+searchFlags: 0
+lDAPDisplayName: knowledgeInformation
+schemaIDGUID:: H1h3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=labeledURI,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: labeledURI
+attributeID: 1.3.6.1.4.1.250.1.57
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: labeledURI
+adminDescription: 
+ A Uniform Resource Identifier followed by a label. The label is used to descri
+ be the resource to which the URI points, and is intended as a friendly name fi
+ t for human consumption.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: labeledURI
+schemaIDGUID:: RrtpxYDGvESic+bCJ9cbRQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Backup-Restoration-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Backup-Restoration-Time
+attributeID: 1.2.840.113556.1.4.519
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Backup-Restoration-Time
+adminDescription: Last-Backup-Restoration-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lastBackupRestorationTime
+schemaIDGUID:: 6Au7H2O60BGv7wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Content-Indexed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Content-Indexed
+attributeID: 1.2.840.113556.1.4.50
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Content-Indexed
+adminDescription: Last-Content-Indexed
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lastContentIndexed
+schemaIDGUID:: lXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Known-Parent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Known-Parent
+attributeID: 1.2.840.113556.1.4.781
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Known-Parent
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Last-Known-Parent
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: lastKnownParent
+schemaFlagsEx: 1
+schemaIDGUID:: cIarUglX0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Logoff,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Logoff
+attributeID: 1.2.840.113556.1.4.51
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Logoff
+adminDescription: Last-Logoff
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lastLogoff
+schemaFlagsEx: 1
+schemaIDGUID:: lnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Logon,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Logon
+attributeID: 1.2.840.113556.1.4.52
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Logon
+adminDescription: Last-Logon
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lastLogon
+schemaFlagsEx: 1
+schemaIDGUID:: l3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Logon-Timestamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Logon-Timestamp
+attributeID: 1.2.840.113556.1.4.1696
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Logon-Timestamp
+adminDescription: Last-Logon-Timestamp
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: lastLogonTimestamp
+schemaFlagsEx: 1
+schemaIDGUID:: BAriwFoO80+Ugl7+rs1wYA==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Set-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Set-Time
+attributeID: 1.2.840.113556.1.4.53
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Set-Time
+adminDescription: Last-Set-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lastSetTime
+schemaFlagsEx: 1
+schemaIDGUID:: mHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Update-Sequence,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Update-Sequence
+attributeID: 1.2.840.113556.1.4.330
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Update-Sequence
+adminDescription: Last-Update-Sequence
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: lastUpdateSequence
+schemaIDGUID:: nA5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=LDAP-Admin-Limits,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: LDAP-Admin-Limits
+attributeID: 1.2.840.113556.1.4.843
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: LDAP-Admin-Limits
+adminDescription: LDAP-Admin-Limits
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: lDAPAdminLimits
+schemaFlagsEx: 1
+schemaIDGUID:: UqNZc/eQ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=LDAP-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: LDAP-Display-Name
+attributeID: 1.2.840.113556.1.2.460
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+mAPIID: 33137
+showInAdvancedViewOnly: TRUE
+adminDisplayName: LDAP-Display-Name
+adminDescription: LDAP-Display-Name
+oMSyntax: 64
+searchFlags: 9
+lDAPDisplayName: lDAPDisplayName
+schemaFlagsEx: 1
+schemaIDGUID:: mnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=LDAP-IPDeny-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: LDAP-IPDeny-List
+attributeID: 1.2.840.113556.1.4.844
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: LDAP-IPDeny-List
+adminDescription: LDAP-IPDeny-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: lDAPIPDenyList
+schemaFlagsEx: 1
+schemaIDGUID:: U6NZc/eQ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Legacy-Exchange-DN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Legacy-Exchange-DN
+attributeID: 1.2.840.113556.1.4.655
+attributeSyntax: 2.5.5.4
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Legacy-Exchange-DN
+adminDescription: Legacy-Exchange-DN
+oMSyntax: 20
+searchFlags: 13
+lDAPDisplayName: legacyExchangeDN
+schemaFlagsEx: 1
+schemaIDGUID:: vA5jKNVB0RGpwQAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Link-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Link-ID
+attributeID: 1.2.840.113556.1.2.50
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 32965
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Link-ID
+adminDescription: Link-ID
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: linkID
+schemaFlagsEx: 1
+schemaIDGUID:: m3mWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Link-Track-Secret,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Link-Track-Secret
+attributeID: 1.2.840.113556.1.4.269
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Link-Track-Secret
+adminDescription: Link-Track-Secret
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: linkTrackSecret
+schemaIDGUID:: 4g/oKrRH0BGhpADAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Lm-Pwd-History,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Lm-Pwd-History
+attributeID: 1.2.840.113556.1.4.160
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lm-Pwd-History
+adminDescription: Lm-Pwd-History
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: lmPwdHistory
+schemaFlagsEx: 1
+schemaIDGUID:: nXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Local-Policy-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Local-Policy-Flags
+attributeID: 1.2.840.113556.1.4.56
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Local-Policy-Flags
+adminDescription: Local-Policy-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: localPolicyFlags
+schemaFlagsEx: 1
+schemaIDGUID:: nnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Local-Policy-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Local-Policy-Reference
+attributeID: 1.2.840.113556.1.4.457
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Local-Policy-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Local-Policy-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: localPolicyReference
+schemaIDGUID:: TX6mgCKf0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: AYqboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Locale-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Locale-ID
+attributeID: 1.2.840.113556.1.4.58
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Locale-ID
+adminDescription: Locale-ID
+oMSyntax: 2
+searchFlags: 16
+lDAPDisplayName: localeID
+schemaIDGUID:: oXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Locality-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Locality-Name
+attributeID: 2.5.4.7
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 14887
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Locality-Name
+adminDescription: Locality-Name
+oMSyntax: 64
+searchFlags: 17
+lDAPDisplayName: l
+schemaFlagsEx: 1
+schemaIDGUID:: onmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Localized-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Localized-Description
+attributeID: 1.2.840.113556.1.4.817
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Localized-Description
+adminDescription: Localized-Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: localizedDescription
+schemaIDGUID:: FoPh2TmJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Localization-Display-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Localization-Display-Id
+attributeID: 1.2.840.113556.1.4.1353
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Localization-Display-Id
+adminDescription: Localization-Display-Id
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: localizationDisplayId
+schemaIDGUID:: 0fBGp9B40hGZFgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Location
+attributeID: 1.2.840.113556.1.4.222
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Location
+adminDescription: Location
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: location
+schemaIDGUID:: n7fcCV8W0BGgZACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Lock-Out-Observation-Window,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Lock-Out-Observation-Window
+attributeID: 1.2.840.113556.1.4.61
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lock-Out-Observation-Window
+adminDescription: Lock-Out-Observation-Window
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lockOutObservationWindow
+schemaFlagsEx: 1
+schemaIDGUID:: pHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Lockout-Duration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Lockout-Duration
+attributeID: 1.2.840.113556.1.4.60
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lockout-Duration
+adminDescription: Lockout-Duration
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lockoutDuration
+schemaFlagsEx: 1
+schemaIDGUID:: pXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Lockout-Threshold,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Lockout-Threshold
+attributeID: 1.2.840.113556.1.4.73
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lockout-Threshold
+adminDescription: Lockout-Threshold
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: lockoutThreshold
+schemaFlagsEx: 1
+schemaIDGUID:: pnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Lockout-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Lockout-Time
+attributeID: 1.2.840.113556.1.4.662
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lockout-Time
+adminDescription: Lockout-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lockoutTime
+schemaFlagsEx: 1
+schemaIDGUID:: vw5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Logo,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Logo
+attributeID: 2.16.840.1.113730.3.1.36
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Logo
+adminDescription: Logo
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: thumbnailLogo
+schemaFlagsEx: 1
+schemaIDGUID:: qXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Logon-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Logon-Count
+attributeID: 1.2.840.113556.1.4.169
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Logon-Count
+adminDescription: Logon-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: logonCount
+schemaFlagsEx: 1
+schemaIDGUID:: qnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Logon-Hours,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Logon-Hours
+attributeID: 1.2.840.113556.1.4.64
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Logon-Hours
+adminDescription: Logon-Hours
+oMSyntax: 4
+searchFlags: 16
+lDAPDisplayName: logonHours
+schemaFlagsEx: 1
+schemaIDGUID:: q3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Logon-Workstation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Logon-Workstation
+attributeID: 1.2.840.113556.1.4.65
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Logon-Workstation
+adminDescription: Logon-Workstation
+oMSyntax: 4
+searchFlags: 16
+lDAPDisplayName: logonWorkstation
+schemaIDGUID:: rHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=LSA-Creation-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: LSA-Creation-Time
+attributeID: 1.2.840.113556.1.4.66
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: LSA-Creation-Time
+adminDescription: LSA-Creation-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lSACreationTime
+schemaIDGUID:: rXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=LSA-Modified-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: LSA-Modified-Count
+attributeID: 1.2.840.113556.1.4.67
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: LSA-Modified-Count
+adminDescription: LSA-Modified-Count
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lSAModifiedCount
+schemaIDGUID:: rnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Machine-Architecture,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Machine-Architecture
+attributeID: 1.2.840.113556.1.4.68
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Machine-Architecture
+adminDescription: Machine-Architecture
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: machineArchitecture
+schemaIDGUID:: r3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Machine-Password-Change-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Machine-Password-Change-Interval
+attributeID: 1.2.840.113556.1.4.520
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Machine-Password-Change-Interval
+adminDescription: Machine-Password-Change-Interval
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: machinePasswordChangeInterval
+schemaIDGUID:: jjW2yTi70BGv7wAA+ANnwQ==
+attributeSecurityGUID:: /omboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Machine-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Machine-Role
+attributeID: 1.2.840.113556.1.4.71
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Machine-Role
+adminDescription: Machine-Role
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: machineRole
+schemaFlagsEx: 1
+schemaIDGUID:: snmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Machine-Wide-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Machine-Wide-Policy
+attributeID: 1.2.840.113556.1.4.459
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Machine-Wide-Policy
+adminDescription: Machine-Wide-Policy
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: machineWidePolicy
+schemaIDGUID:: T36mgCKf0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: AYqboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Managed-By,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Managed-By
+attributeID: 1.2.840.113556.1.4.653
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+mAPIID: 32780
+linkID: 72
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Managed-By
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Managed-By
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: managedBy
+schemaFlagsEx: 1
+schemaIDGUID:: IMGWAtpA0RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Managed-Objects,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Managed-Objects
+attributeID: 1.2.840.113556.1.4.654
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 32804
+linkID: 73
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Managed-Objects
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Managed-Objects
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: managedObjects
+schemaIDGUID:: JMGWAtpA0RGpwAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Manager,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Manager
+attributeID: 0.9.2342.19200300.100.1.10
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+mAPIID: 32773
+linkID: 42
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Manager
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Manager
+oMSyntax: 127
+searchFlags: 16
+lDAPDisplayName: manager
+schemaIDGUID:: tXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MAPI-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MAPI-ID
+attributeID: 1.2.840.113556.1.2.49
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 32974
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MAPI-ID
+adminDescription: MAPI-ID
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mAPIID
+schemaFlagsEx: 1
+schemaIDGUID:: t3mWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Marshalled-Interface,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Marshalled-Interface
+attributeID: 1.2.840.113556.1.4.72
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Marshalled-Interface
+adminDescription: Marshalled-Interface
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: marshalledInterface
+schemaIDGUID:: uXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Mastered-By,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Mastered-By
+attributeID: 1.2.840.113556.1.4.1409
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 77
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Mastered-By
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Mastered-By
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: masteredBy
+schemaFlagsEx: 1
+schemaIDGUID:: 4GSO5MkS0xGRAgDAT9kasQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Max-Pwd-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Max-Pwd-Age
+attributeID: 1.2.840.113556.1.4.74
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Max-Pwd-Age
+adminDescription: Max-Pwd-Age
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: maxPwdAge
+schemaFlagsEx: 1
+schemaIDGUID:: u3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Max-Renew-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Max-Renew-Age
+attributeID: 1.2.840.113556.1.4.75
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Max-Renew-Age
+adminDescription: Max-Renew-Age
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: maxRenewAge
+schemaFlagsEx: 1
+schemaIDGUID:: vHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Max-Storage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Max-Storage
+attributeID: 1.2.840.113556.1.4.76
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Max-Storage
+adminDescription: Max-Storage
+oMSyntax: 65
+searchFlags: 16
+lDAPDisplayName: maxStorage
+schemaIDGUID:: vXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Max-Ticket-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Max-Ticket-Age
+attributeID: 1.2.840.113556.1.4.77
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Max-Ticket-Age
+adminDescription: Max-Ticket-Age
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: maxTicketAge
+schemaFlagsEx: 1
+schemaIDGUID:: vnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=May-Contain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: May-Contain
+attributeID: 1.2.840.113556.1.2.25
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: May-Contain
+adminDescription: May-Contain
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: mayContain
+schemaFlagsEx: 1
+schemaIDGUID:: v3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingAdvertiseScope,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingAdvertiseScope
+attributeID: 1.2.840.113556.1.4.582
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingAdvertiseScope
+adminDescription: meetingAdvertiseScope
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingAdvertiseScope
+schemaIDGUID:: i8y2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingApplication,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingApplication
+attributeID: 1.2.840.113556.1.4.573
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingApplication
+adminDescription: meetingApplication
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingApplication
+schemaIDGUID:: g8y2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingBandwidth,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingBandwidth
+attributeID: 1.2.840.113556.1.4.589
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingBandwidth
+adminDescription: meetingBandwidth
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: meetingBandwidth
+schemaIDGUID:: ksy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingBlob,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingBlob
+attributeID: 1.2.840.113556.1.4.590
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingBlob
+adminDescription: meetingBlob
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: meetingBlob
+schemaIDGUID:: k8y2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingContactInfo,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingContactInfo
+attributeID: 1.2.840.113556.1.4.578
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingContactInfo
+adminDescription: meetingContactInfo
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingContactInfo
+schemaIDGUID:: h8y2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingDescription,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingDescription
+attributeID: 1.2.840.113556.1.4.567
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingDescription
+adminDescription: meetingDescription
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingDescription
+schemaIDGUID:: fsy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingEndTime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingEndTime
+attributeID: 1.2.840.113556.1.4.588
+attributeSyntax: 2.5.5.11
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingEndTime
+adminDescription: meetingEndTime
+oMSyntax: 23
+searchFlags: 0
+lDAPDisplayName: meetingEndTime
+schemaIDGUID:: kcy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingID
+attributeID: 1.2.840.113556.1.4.565
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingID
+adminDescription: meetingID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingID
+schemaIDGUID:: fMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingIP,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingIP
+attributeID: 1.2.840.113556.1.4.580
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingIP
+adminDescription: meetingIP
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingIP
+schemaIDGUID:: icy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingIsEncrypted,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingIsEncrypted
+attributeID: 1.2.840.113556.1.4.585
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingIsEncrypted
+adminDescription: meetingIsEncrypted
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingIsEncrypted
+schemaIDGUID:: jsy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingKeyword,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingKeyword
+attributeID: 1.2.840.113556.1.4.568
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingKeyword
+adminDescription: meetingKeyword
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingKeyword
+schemaIDGUID:: f8y2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingLanguage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingLanguage
+attributeID: 1.2.840.113556.1.4.574
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingLanguage
+adminDescription: meetingLanguage
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingLanguage
+schemaIDGUID:: hMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingLocation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingLocation
+attributeID: 1.2.840.113556.1.4.569
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingLocation
+adminDescription: meetingLocation
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingLocation
+schemaIDGUID:: gMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingMaxParticipants,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingMaxParticipants
+attributeID: 1.2.840.113556.1.4.576
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingMaxParticipants
+adminDescription: meetingMaxParticipants
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: meetingMaxParticipants
+schemaIDGUID:: hcy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingName
+attributeID: 1.2.840.113556.1.4.566
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingName
+adminDescription: meetingName
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingName
+schemaIDGUID:: fcy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingOriginator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingOriginator
+attributeID: 1.2.840.113556.1.4.577
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingOriginator
+adminDescription: meetingOriginator
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingOriginator
+schemaIDGUID:: hsy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingOwner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingOwner
+attributeID: 1.2.840.113556.1.4.579
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingOwner
+adminDescription: meetingOwner
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingOwner
+schemaIDGUID:: iMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingProtocol,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingProtocol
+attributeID: 1.2.840.113556.1.4.570
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingProtocol
+adminDescription: meetingProtocol
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingProtocol
+schemaIDGUID:: gcy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingRating,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingRating
+attributeID: 1.2.840.113556.1.4.584
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingRating
+adminDescription: meetingRating
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingRating
+schemaIDGUID:: jcy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingRecurrence,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingRecurrence
+attributeID: 1.2.840.113556.1.4.586
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingRecurrence
+adminDescription: meetingRecurrence
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingRecurrence
+schemaIDGUID:: j8y2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingScope,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingScope
+attributeID: 1.2.840.113556.1.4.581
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingScope
+adminDescription: meetingScope
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingScope
+schemaIDGUID:: isy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingStartTime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingStartTime
+attributeID: 1.2.840.113556.1.4.587
+attributeSyntax: 2.5.5.11
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingStartTime
+adminDescription: meetingStartTime
+oMSyntax: 23
+searchFlags: 0
+lDAPDisplayName: meetingStartTime
+schemaIDGUID:: kMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingType
+attributeID: 1.2.840.113556.1.4.571
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingType
+adminDescription: meetingType
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingType
+schemaIDGUID:: gsy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingURL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingURL
+attributeID: 1.2.840.113556.1.4.583
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingURL
+adminDescription: meetingURL
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingURL
+schemaIDGUID:: jMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Member
+attributeID: 2.5.4.31
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 32777
+linkID: 2
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Member
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Member
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: member
+schemaFlagsEx: 1
+schemaIDGUID:: wHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: QMIKvKl50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MHS-OR-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MHS-OR-Address
+attributeID: 1.2.840.113556.1.4.650
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MHS-OR-Address
+adminDescription: MHS-OR-Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mhsORAddress
+schemaIDGUID:: IsGWAtpA0RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Min-Pwd-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Min-Pwd-Age
+attributeID: 1.2.840.113556.1.4.78
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Min-Pwd-Age
+adminDescription: Min-Pwd-Age
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: minPwdAge
+schemaFlagsEx: 1
+schemaIDGUID:: wnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Min-Pwd-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Min-Pwd-Length
+attributeID: 1.2.840.113556.1.4.79
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Min-Pwd-Length
+adminDescription: Min-Pwd-Length
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: minPwdLength
+schemaFlagsEx: 1
+schemaIDGUID:: w3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Min-Ticket-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Min-Ticket-Age
+attributeID: 1.2.840.113556.1.4.80
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Min-Ticket-Age
+adminDescription: Min-Ticket-Age
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: minTicketAge
+schemaFlagsEx: 1
+schemaIDGUID:: xHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Modified-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Modified-Count
+attributeID: 1.2.840.113556.1.4.168
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Modified-Count
+adminDescription: Modified-Count
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: modifiedCount
+schemaFlagsEx: 1
+schemaIDGUID:: xXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Modified-Count-At-Last-Prom,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Modified-Count-At-Last-Prom
+attributeID: 1.2.840.113556.1.4.81
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Modified-Count-At-Last-Prom
+adminDescription: Modified-Count-At-Last-Prom
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: modifiedCountAtLastProm
+schemaFlagsEx: 1
+schemaIDGUID:: xnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Modify-Time-Stamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Modify-Time-Stamp
+attributeID: 2.5.18.2
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Modify-Time-Stamp
+adminDescription: Modify-Time-Stamp
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: modifyTimeStamp
+schemaFlagsEx: 1
+schemaIDGUID:: Stl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Moniker,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Moniker
+attributeID: 1.2.840.113556.1.4.82
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Moniker
+adminDescription: Moniker
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: moniker
+schemaIDGUID:: x3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Moniker-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Moniker-Display-Name
+attributeID: 1.2.840.113556.1.4.83
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Moniker-Display-Name
+adminDescription: Moniker-Display-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: monikerDisplayName
+schemaIDGUID:: yHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Move-Tree-State,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Move-Tree-State
+attributeID: 1.2.840.113556.1.4.1305
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Move-Tree-State
+adminDescription: Move-Tree-State
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: moveTreeState
+schemaIDGUID:: yMIqH3E70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-DefaultPartitionLink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-COM-DefaultPartitionLink
+attributeID: 1.2.840.113556.1.4.1427
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-DefaultPartitionLink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Link to a the default Partition for the PartitionSet. Default = adminDisplayNa
+ me
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msCOM-DefaultPartitionLink
+schemaIDGUID:: 9xCLmRqqZEO4Z3U9GX/mcA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-ObjectId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-COM-ObjectId
+attributeID: 1.2.840.113556.1.4.1428
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-ObjectId
+adminDescription: Object ID that COM+ uses. Default = adminDisplayName
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msCOM-ObjectId
+schemaIDGUID:: i2cPQ5+I8kGYQyA7WmVXLw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-PartitionLink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-COM-PartitionLink
+attributeID: 1.2.840.113556.1.4.1423
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 1040
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-PartitionLink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Link from a PartitionSet to a Partition. Default = adminDisplayName
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msCOM-PartitionLink
+schemaIDGUID:: YqyrCT8EAkesK2yhXu5XVA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-PartitionSetLink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-COM-PartitionSetLink
+attributeID: 1.2.840.113556.1.4.1424
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 1041
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-PartitionSetLink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Link from a Partition to a PartitionSet. Default = adminDisplayName
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msCOM-PartitionSetLink
+schemaIDGUID:: 3CHxZwJ9fUyC9ZrUyVCsNA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-UserLink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-COM-UserLink
+attributeID: 1.2.840.113556.1.4.1425
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 1049
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-UserLink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Link from a PartitionSet to a User. Default = adminDisplayName
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msCOM-UserLink
+schemaIDGUID:: TTpvniwkN0+waDa1f5/IUg==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-UserPartitionSetLink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-COM-UserPartitionSetLink
+attributeID: 1.2.840.113556.1.4.1426
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 1048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-UserPartitionSetLink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Link from a User to a PartitionSet. Default = adminDisplayName
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msCOM-UserPartitionSetLink
+schemaIDGUID:: igyUjnfkZ0Owjf8v+ULc1w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DRM-Identity-Certificate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DRM-Identity-Certificate
+attributeID: 1.2.840.113556.1.4.1843
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 10240
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DRM-Identity-Certificate
+adminDescription: 
+ The XrML digital rights management certificates for this user.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDRM-IdentityCertificate
+schemaIDGUID:: BBJe6DQ0rUGbVuKQEij/8A==
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Additional-Dns-Host-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Additional-Dns-Host-Name
+attributeID: 1.2.840.113556.1.4.1717
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Additional-Dns-Host-Name
+adminDescription: ms-DS-Additional-Dns-Host-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AdditionalDnsHostName
+schemaFlagsEx: 1
+schemaIDGUID:: kTeGgOnbuE6Dfn8KtV2axw==
+attributeSecurityGUID:: R5Xjchh70RGt7wDAT9jVzQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Additional-Sam-Account-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Additional-Sam-Account-Name
+attributeID: 1.2.840.113556.1.4.1718
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Additional-Sam-Account-Name
+adminDescription: ms-DS-Additional-Sam-Account-Name
+oMSyntax: 64
+searchFlags: 13
+lDAPDisplayName: msDS-AdditionalSamAccountName
+schemaFlagsEx: 1
+schemaIDGUID:: 33FVl9WkmkKfWc3GWB2R5g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-All-Users-Trust-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-All-Users-Trust-Quota
+attributeID: 1.2.840.113556.1.4.1789
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-All-Users-Trust-Quota
+adminDescription: 
+ Used to enforce a combined users quota on the total number of Trusted-Domain o
+ bjects created by using the control access right, "Create inbound Forest trust
+ ".
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AllUsersTrustQuota
+schemaFlagsEx: 1
+schemaIDGUID:: XEqq0wNOEEiXqisznnpDSw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Allowed-DNS-Suffixes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Allowed-DNS-Suffixes
+attributeID: 1.2.840.113556.1.4.1710
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Allowed-DNS-Suffixes
+adminDescription: Allowed suffixes for dNSHostName on computer
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AllowedDNSSuffixes
+schemaFlagsEx: 1
+schemaIDGUID:: G0RphMSaRU6CBb0hnb9nLQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Allowed-To-Delegate-To,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Allowed-To-Delegate-To
+attributeID: 1.2.840.113556.1.4.1787
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Allowed-To-Delegate-To
+adminDescription: 
+ Allowed-To-Delegate-To contains a list of SPNs that are used for Constrained D
+ elegation
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AllowedToDelegateTo
+schemaFlagsEx: 1
+schemaIDGUID:: 15QNgKG3oUKxTXyuFCPQfw==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Auxiliary-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Auxiliary-Classes
+attributeID: 1.2.840.113556.1.4.1458
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Auxiliary-Classes
+adminDescription: ms-DS-Auxiliary-Classes
+oMSyntax: 6
+searchFlags: 8
+lDAPDisplayName: msDS-Auxiliary-Classes
+schemaFlagsEx: 1
+schemaIDGUID:: cxCvxFDu4Eu4wImkH+mavg==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Approx-Immed-Subordinates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Approx-Immed-Subordinates
+attributeID: 1.2.840.113556.1.4.1669
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Approx-Immed-Subordinates
+adminDescription: ms-DS-Approx-Immed-Subordinates
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-Approx-Immed-Subordinates
+schemaFlagsEx: 1
+schemaIDGUID:: Q9KF4c7220q0lrDABdeCPA==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthenticatedAt-DC,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-AuthenticatedAt-DC
+attributeID: 1.2.840.113556.1.4.1958
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2112
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-AuthenticatedAt-DC
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Forwardlink for ms-DS-AuthenticatedTo-Accountlist; for a User, identifies whic
+ h DC a user has authenticated to
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-AuthenticatedAtDC
+schemaFlagsEx: 1
+schemaIDGUID:: nOkePgRmiUSJ2YR5iolRWg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthenticatedTo-Accountlist,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-AuthenticatedTo-Accountlist
+attributeID: 1.2.840.113556.1.4.1957
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2113
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-AuthenticatedTo-Accountlist
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-DS-AuthenticatedAt-DC; for a Computer, identifies which users 
+ have authenticated to this Computer
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-AuthenticatedToAccountlist
+schemaFlagsEx: 1
+schemaIDGUID:: ccmy6N+mvEeNb2J3DVJ6pQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Application-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Application-Data
+attributeID: 1.2.840.113556.1.4.1819
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Application-Data
+adminDescription: 
+ A string that is used by individual applications to store whatever information
+  they may need to
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzApplicationData
+schemaIDGUID:: 6MM/UMYcGkaZo57uBPQCpw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Application-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Application-Name
+attributeID: 1.2.840.113556.1.4.1798
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Application-Name
+adminDescription: A string that uniquely identifies an application object
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzApplicationName
+schemaIDGUID:: KAdb2whidkiDt5XT5WlSdQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Application-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Application-Version
+attributeID: 1.2.840.113556.1.4.1817
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Application-Version
+adminDescription: 
+ A version number to indicate that the AzApplication is updated
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzApplicationVersion
+schemaIDGUID:: IKGEccQ6rkeEj/4KsgeE1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Biz-Rule,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Biz-Rule
+attributeID: 1.2.840.113556.1.4.1801
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Biz-Rule
+adminDescription: Text of the script implementing the business rule
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzBizRule
+schemaIDGUID:: qB7UM8nAkkyUlPEEh4QT/Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Biz-Rule-Language,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Biz-Rule-Language
+attributeID: 1.2.840.113556.1.4.1802
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Biz-Rule-Language
+adminDescription: 
+ Language that the business rule script is in (Jscript, VBScript)
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzBizRuleLanguage
+schemaIDGUID:: VkuZUmwOB06qXO+df1oOJQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Class-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Class-ID
+attributeID: 1.2.840.113556.1.4.1816
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 40
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Class-ID
+adminDescription: 
+ A class ID required by the AzRoles UI on the AzApplication object
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzClassId
+schemaIDGUID:: d3I6AS1c70mn3rdls2o/bw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Domain-Timeout,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Domain-Timeout
+attributeID: 1.2.840.113556.1.4.1795
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Domain-Timeout
+adminDescription: 
+ Time (in ms) after a domain is detected to be un-reachable, and before the DC 
+ is tried again
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AzDomainTimeout
+schemaIDGUID:: avVIZHDKLk6wr9IOTOZT0A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Generate-Audits,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Generate-Audits
+attributeID: 1.2.840.113556.1.4.1805
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Generate-Audits
+adminDescription: 
+ A boolean field indicating if runtime audits need to be turned on (include aud
+ its for access checks, etc.)
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-AzGenerateAudits
+schemaIDGUID:: sLoK+WwYGES7hYhEfIciKg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Last-Imported-Biz-Rule-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Last-Imported-Biz-Rule-Path
+attributeID: 1.2.840.113556.1.4.1803
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Last-Imported-Biz-Rule-Path
+adminDescription: Last imported business rule path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzLastImportedBizRulePath
+schemaIDGUID:: XMtaZpK7vE2MWbNjjqsJsw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-LDAP-Query,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-LDAP-Query
+attributeID: 1.2.840.113556.1.4.1792
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 4096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-LDAP-Query
+adminDescription: ms-DS-Az-LDAP-Query
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzLDAPQuery
+schemaFlagsEx: 1
+schemaIDGUID:: izZTXpT8yEWdfdrzHucRLQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Major-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Major-Version
+attributeID: 1.2.840.113556.1.4.1824
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Major-Version
+adminDescription: Major version number for AzRoles
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AzMajorVersion
+schemaIDGUID:: t625z7fEWUCVaB7Z22tySA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Minor-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Minor-Version
+attributeID: 1.2.840.113556.1.4.1825
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Minor-Version
+adminDescription: Minor version number for AzRoles
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AzMinorVersion
+schemaIDGUID:: k+2F7gmyiEeBZecC9Rv78w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Operation-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Operation-ID
+attributeID: 1.2.840.113556.1.4.1800
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Operation-ID
+adminDescription: 
+ Application specific ID that makes the operation unique to the application
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AzOperationID
+schemaIDGUID:: U7XzpXZdvky6P0MSFSyrGA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Scope-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Scope-Name
+attributeID: 1.2.840.113556.1.4.1799
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Scope-Name
+adminDescription: A string that uniquely identifies a scope object
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzScopeName
+schemaIDGUID:: BmtaURcmc0GAmdVgXfBDxg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Script-Engine-Cache-Max,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Script-Engine-Cache-Max
+attributeID: 1.2.840.113556.1.4.1796
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Script-Engine-Cache-Max
+adminDescription: Maximum number of scripts that are cached by the application
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AzScriptEngineCacheMax
+schemaIDGUID:: avYpJpUf80uilo6de54wyA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Script-Timeout,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Script-Timeout
+attributeID: 1.2.840.113556.1.4.1797
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Script-Timeout
+adminDescription: 
+ Maximum time (in ms) to wait for a script to finish auditing a specific policy
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AzScriptTimeout
+schemaIDGUID:: QfvQh4ss9kG5chH9/VDWsA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Task-Is-Role-Definition,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Task-Is-Role-Definition
+attributeID: 1.2.840.113556.1.4.1818
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Task-Is-Role-Definition
+adminDescription: 
+ A Boolean field which indicates whether AzTask is a classic task or a role def
+ inition
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-AzTaskIsRoleDefinition
+schemaIDGUID:: RIUHe4Js6U+HL/9IrSsuJg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Object-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Object-Guid
+attributeID: 1.2.840.113556.1.4.1949
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Object-Guid
+adminDescription: The unique and portable identifier of AzMan objects
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDS-AzObjectGuid
+schemaIDGUID:: SOWRhDhsZUOnMq8EFWmwLA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Generic-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Generic-Data
+attributeID: 1.2.840.113556.1.4.1950
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Generic-Data
+adminDescription: AzMan specific generic data
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzGenericData
+schemaIDGUID:: SeP3tVt6fECjNKMcP1OLmA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Behavior-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Behavior-Version
+attributeID: 1.2.840.113556.1.4.1459
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Behavior-Version
+adminDescription: ms-DS-Behavior-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-Behavior-Version
+schemaFlagsEx: 1
+schemaIDGUID:: V4ca00ckRUWAgTu2EMrL8g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Byte-Array,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Byte-Array
+attributeID: 1.2.840.113556.1.4.1831
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 1000000
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-Byte-Array
+adminDescription: An attribute for storing binary data.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ByteArray
+schemaIDGUID:: LpfY8Fvd5UClHQRMfBfs5w==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Cached-Membership,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Cached-Membership
+attributeID: 1.2.840.113556.1.4.1441
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Cached-Membership
+adminDescription: ms-DS-Cached-Membership
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-Cached-Membership
+schemaFlagsEx: 1
+schemaIDGUID:: CLDKadTNyUu6uA/zfv4bIA==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Cached-Membership-Time-Stamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Cached-Membership-Time-Stamp
+attributeID: 1.2.840.113556.1.4.1442
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Cached-Membership-Time-Stamp
+adminDescription: ms-DS-Cached-Membership-Time-Stamp
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: msDS-Cached-Membership-Time-Stamp
+schemaFlagsEx: 1
+schemaIDGUID:: H79mNe6+y02Kvu+J/P7GwQ==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Consistency-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Consistency-Guid
+attributeID: 1.2.840.113556.1.4.1360
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Consistency-Guid
+adminDescription: MS-DS-Consistency-Guid
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mS-DS-ConsistencyGuid
+schemaIDGUID:: wj13Izq20hGQ4QDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Consistency-Child-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Consistency-Child-Count
+attributeID: 1.2.840.113556.1.4.1361
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Consistency-Child-Count
+adminDescription: MS-DS-Consistency-Child-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mS-DS-ConsistencyChildCount
+schemaIDGUID:: wnuLFzq20hGQ4QDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Creator-SID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Creator-SID
+attributeID: 1.2.840.113556.1.4.1410
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Creator-SID
+adminDescription: MS-DS-Creator-SID
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: mS-DS-CreatorSID
+schemaFlagsEx: 1
+schemaIDGUID:: MgHmxYAU0xGRwQAA+HpX1A==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Date-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Date-Time
+attributeID: 1.2.840.113556.1.4.1832
+attributeSyntax: 2.5.5.11
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-Date-Time
+adminDescription: An attribute for storing a data and time value.
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: msDS-DateTime
+schemaIDGUID:: 2MtPI1L7CEmjKP2fbljkAw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Default-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Default-Quota
+attributeID: 1.2.840.113556.1.4.1846
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Default-Quota
+adminDescription: 
+ The default quota that will apply to a security principal creating an object i
+ n the NC if no quota specification exists that covers the security principal.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-DefaultQuota
+schemaFlagsEx: 1
+schemaIDGUID:: JvcYaEtnG0SKOvQFljdM6g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Deleted-Object-Lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Deleted-Object-Lifetime
+attributeID: 1.2.840.113556.1.4.2068
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Deleted-Object-Lifetime
+adminDescription: Lifetime of a deleted object.
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: msDS-DeletedObjectLifetime
+schemaFlagsEx: 1
+schemaIDGUID:: toyzqZoY702KcA/PoVgUjg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-DnsRootAlias,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-DnsRootAlias
+attributeID: 1.2.840.113556.1.4.1719
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-DnsRootAlias
+adminDescription: ms-DS-DnsRootAlias
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-DnsRootAlias
+schemaFlagsEx: 1
+schemaIDGUID:: yqxDIa3uKU21kYX6Sc6Rcw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Enabled-Feature,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Enabled-Feature
+attributeID: 1.2.840.113556.1.4.2061
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2168
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Enabled-Feature
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Enabled optional features.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-EnabledFeature
+schemaFlagsEx: 1
+schemaIDGUID:: r64GV0C5sk+8/FJoaDrZ/g==
+systemOnly: TRUE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Enabled-Feature-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Enabled-Feature-BL
+attributeID: 1.2.840.113556.1.4.2069
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2169
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Enabled-Feature-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Scopes where this optional feature is enabled.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-EnabledFeatureBL
+schemaFlagsEx: 1
+schemaIDGUID:: vAFbzsYXuESdwalmiwCQGw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Entry-Time-To-Die,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Entry-Time-To-Die
+attributeID: 1.2.840.113556.1.4.1622
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Entry-Time-To-Die
+adminDescription: ms-DS-Entry-Time-To-Die
+oMSyntax: 24
+searchFlags: 9
+lDAPDisplayName: msDS-Entry-Time-To-Die
+schemaFlagsEx: 1
+schemaIDGUID:: 17rp4d3GAUGoQ3lM7IWwOA==
+systemOnly: TRUE
+systemFlags: 24
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-ExecuteScriptPassword,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-ExecuteScriptPassword
+attributeID: 1.2.840.113556.1.4.1783
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-ExecuteScriptPassword
+adminDescription: ms-DS-ExecuteScriptPassword
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ExecuteScriptPassword
+schemaFlagsEx: 1
+schemaIDGUID:: WkoFnYfRwUadhULfxEpW3Q==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-External-Key,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-External-Key
+attributeID: 1.2.840.113556.1.4.1833
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 10000
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-External-Key
+adminDescription: 
+ A string to identifiy an object in an external store such as a record in a dat
+ abase.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ExternalKey
+schemaIDGUID:: KNUvuaw41ECBjQQzOAg3wQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-External-Store,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-External-Store
+attributeID: 1.2.840.113556.1.4.1834
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 10000
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-External-Store
+adminDescription: 
+ A string to identifiy the location of an external store such as a database.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ExternalStore
+schemaIDGUID:: zXdIYNucx0ewPT2q2wRJEA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Optional-Feature-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Optional-Feature-GUID
+attributeID: 1.2.840.113556.1.4.2062
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Optional-Feature-GUID
+adminDescription: GUID of an optional feature.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-OptionalFeatureGUID
+schemaFlagsEx: 1
+schemaIDGUID:: qL2Im4LdmEmpHV8tK68ZJw==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Filter-Containers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Filter-Containers
+attributeID: 1.2.840.113556.1.4.1703
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Filter-Containers
+adminDescription: ms-DS-Filter-Containers
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-FilterContainers
+schemaIDGUID:: 39wA+zesOkicEqxTpmAwMw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Has-Instantiated-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Has-Instantiated-NCs
+attributeID: 1.2.840.113556.1.4.1709
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+rangeLower: 4
+rangeUpper: 4
+linkID: 2002
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Has-Instantiated-NCs
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: 
+ DS replication information detailing the state of the NCs present on a particu
+ lar server.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-HasInstantiatedNCs
+schemaFlagsEx: 1
+schemaIDGUID:: vKXpERdFSUCvnFFVT7D8CQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Has-Domain-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Has-Domain-NCs
+attributeID: 1.2.840.113556.1.4.1820
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+rangeLower: 4
+rangeUpper: 4
+linkID: 2026
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Has-Domain-NCs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ DS replication information detailing the domain NCs present on a particular se
+ rver.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-HasDomainNCs
+schemaFlagsEx: 1
+schemaIDGUID:: R+MXb0KomES4sxXgB9pP7Q==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Has-Master-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Has-Master-NCs
+attributeID: 1.2.840.113556.1.4.1836
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2036
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Has-Master-NCs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ A list of the naming contexts contained by a DC. Deprecates hasMasterNCs.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-hasMasterNCs
+schemaFlagsEx: 1
+schemaIDGUID:: 4uAtrtdZR02NR+1N/kNXrQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Host-Service-Account,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Host-Service-Account
+attributeID: 1.2.840.113556.1.4.2056
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2166
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Host-Service-Account
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Service Accounts configured to run on this computer.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-HostServiceAccount
+schemaFlagsEx: 1
+schemaIDGUID:: QxBkgKIV4UCSooyoZvcHdg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Host-Service-Account-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Host-Service-Account-BL
+attributeID: 1.2.840.113556.1.4.2057
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2167
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Host-Service-Account-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Service Accounts Back Link for linking machines associated with the service ac
+ count.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-HostServiceAccountBL
+schemaFlagsEx: 1
+schemaIDGUID:: 6+SrefOI50iJ1vS8fpjDMQ==
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Integer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Integer
+attributeID: 1.2.840.113556.1.4.1835
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-Integer
+adminDescription: An attribute for storing an integer.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-Integer
+schemaIDGUID:: 6kzGe07AGEOxAj4HKTcaZQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-IntId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-IntId
+attributeID: 1.2.840.113556.1.4.1716
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-IntId
+adminDescription: ms-DS-IntId
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDS-IntId
+schemaFlagsEx: 1
+schemaIDGUID:: aglgvEcbMEuId2Ask/VlMg==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Possible-Values-Present,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Possible-Values-Present
+attributeID: 1.2.840.113556.1.4.2186
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-Possible-Values-Present
+adminDescription: 
+ This attribute identifies if ms-DS-Claim-Possible-Values on linked resource pr
+ operty must have value or must not have value.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-IsPossibleValuesPresent
+schemaFlagsEx: 1
+schemaIDGUID:: 2tyrb1OMTyCxpJ3wxnwetA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-isGC,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-isGC
+attributeID: 1.2.840.113556.1.4.1959
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-isGC
+adminDescription: 
+ For a Directory instance (DSA), Identifies the state of the Global Catalog on 
+ the DSA
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-isGC
+schemaFlagsEx: 1
+schemaIDGUID:: M8/1HeUPnkmQ4elLQnGKRg==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-isRODC,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-isRODC
+attributeID: 1.2.840.113556.1.4.1960
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-isRODC
+adminDescription: 
+ For a Directory instance (DSA), Identifies whether the DSA is a Read-Only DSA
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-isRODC
+schemaFlagsEx: 1
+schemaIDGUID:: I6roqGc+8Uqdei8aHWM6yQ==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Last-Known-RDN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Last-Known-RDN
+attributeID: 1.2.840.113556.1.4.2067
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Last-Known-RDN
+adminDescription: Holds original RDN of a deleted object.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-LastKnownRDN
+schemaFlagsEx: 1
+schemaIDGUID:: WFixij5obUaHf9ZA4fmmEQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-KeyVersionNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-KeyVersionNumber
+attributeID: 1.2.840.113556.1.4.1782
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-KeyVersionNumber
+adminDescription: 
+ The Kerberos version number of the current key for this account. This is a con
+ structed attribute.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-KeyVersionNumber
+schemaFlagsEx: 1
+schemaIDGUID:: wOkjxbUzyEqJI7V7kn9C9g==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Logon-Time-Sync-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Logon-Time-Sync-Interval
+attributeID: 1.2.840.113556.1.4.1784
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Logon-Time-Sync-Interval
+adminDescription: ms-DS-Logon-Time-Sync-Interval
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-LogonTimeSyncInterval
+schemaFlagsEx: 1
+schemaIDGUID:: +EB5rTrkQkqDvNaI5Z6mBQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Mastered-By,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Mastered-By
+attributeID: 1.2.840.113556.1.4.1837
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2037
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Mastered-By
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Back link for msDS-hasMasterNCs.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDs-masteredBy
+schemaFlagsEx: 1
+schemaIDGUID:: aUcjYBlIFUahsknS8RmstQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Maximum-Password-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Maximum-Password-Age
+attributeID: 1.2.840.113556.1.4.2011
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeUpper: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Maximum Password Age
+adminDescription: Maximum Password Age for user accounts
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-MaximumPasswordAge
+schemaFlagsEx: 1
+schemaIDGUID:: 9TfT/ZlJzk+yUo/5ybQ4dQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Minimum-Password-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Minimum-Password-Age
+attributeID: 1.2.840.113556.1.4.2012
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeUpper: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Minimum Password Age
+adminDescription: Minimum Password Age for user accounts
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-MinimumPasswordAge
+schemaFlagsEx: 1
+schemaIDGUID:: ePh0KpxN+UmXs2dn0cvZow==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Minimum-Password-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Minimum-Password-Length
+attributeID: 1.2.840.113556.1.4.2013
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Minimum Password Length
+adminDescription: Minimum Password Length for user accounts
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-MinimumPasswordLength
+schemaFlagsEx: 1
+schemaIDGUID:: OTQbsjpMHES7XwjyDpsxXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-OIDToGroup-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-OIDToGroup-Link
+attributeID: 1.2.840.113556.1.4.2051
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2164
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-OIDToGroup-Link
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For an OID, identifies the group object corresponding to the issuance policy r
+ epresented by this OID.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-OIDToGroupLink
+schemaFlagsEx: 1
+schemaIDGUID:: fKXJ+UE5jUO+vw7a8qyhhw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-OIDToGroup-Link-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-OIDToGroup-Link-BL
+attributeID: 1.2.840.113556.1.4.2052
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2165
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-OIDToGroup-Link-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-DS-OIDToGroup-Link; identifies the issuance policy, represente
+ d by an OID object, which is mapped to this group.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-OIDToGroupLinkBl
+schemaFlagsEx: 1
+schemaIDGUID:: IA09GkRYmUGtJQ9QOadq2g==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Password-History-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Password-History-Length
+attributeID: 1.2.840.113556.1.4.2014
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Password History Length
+adminDescription: Password History Length for user accounts
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-PasswordHistoryLength
+schemaFlagsEx: 1
+schemaIDGUID:: txvY/ox2L0yWQSJF3jR5TQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Password-Complexity-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Password-Complexity-Enabled
+attributeID: 1.2.840.113556.1.4.2015
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Password Complexity Status
+adminDescription: Password complexity status for user accounts
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-PasswordComplexityEnabled
+schemaFlagsEx: 1
+schemaIDGUID:: SwVo28PJ8EuxWw+1JVKmEA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Password-Reversible-Encryption-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Password-Reversible-Encryption-Enabled
+attributeID: 1.2.840.113556.1.4.2016
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Password Reversible Encryption Status
+adminDescription: Password reversible encryption status for user accounts
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-PasswordReversibleEncryptionEnabled
+schemaFlagsEx: 1
+schemaIDGUID:: j93MdWyvh0S7S2nk04qVnA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Local-Effective-Deletion-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Local-Effective-Deletion-Time
+attributeID: 1.2.840.113556.1.4.2059
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Local-Effective-Deletion-Time
+adminDescription: Deletion time of the object in the local DIT.
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: msDS-LocalEffectiveDeletionTime
+schemaFlagsEx: 1
+schemaIDGUID:: DIDylB9T60qXXUisOf2MpA==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Local-Effective-Recycle-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Local-Effective-Recycle-Time
+attributeID: 1.2.840.113556.1.4.2060
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Local-Effective-Recycle-Time
+adminDescription: Recycle time of the object in the local DIT.
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: msDS-LocalEffectiveRecycleTime
+schemaFlagsEx: 1
+schemaIDGUID:: awHWStKwm0yTtllksXuWjA==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Lockout-Observation-Window,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Lockout-Observation-Window
+attributeID: 1.2.840.113556.1.4.2017
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeUpper: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lockout Observation Window
+adminDescription: Observation Window for lockout of user accounts
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-LockoutObservationWindow
+schemaFlagsEx: 1
+schemaIDGUID:: idpbsK92ika4khvlVVjsyA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Lockout-Duration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Lockout-Duration
+attributeID: 1.2.840.113556.1.4.2018
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeUpper: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lockout Duration
+adminDescription: Lockout duration for locked out user accounts
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-LockoutDuration
+schemaFlagsEx: 1
+schemaIDGUID:: mogfQi5H5E+OueHQvGBxsg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Lockout-Threshold,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Lockout-Threshold
+attributeID: 1.2.840.113556.1.4.2019
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lockout Threshold
+adminDescription: Lockout threshold for lockout of user accounts
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-LockoutThreshold
+schemaFlagsEx: 1
+schemaIDGUID:: XsPIuBlKlUqZ0Gn+REYobw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-PSO-Applies-To,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-PSO-Applies-To
+attributeID: 1.2.840.113556.1.4.2020
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2118
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Password settings object applies to
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Links to objects that this password settings object applies to
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-PSOAppliesTo
+schemaIDGUID:: SA/IZNLNgUiobU6XtvVh/A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-PSO-Applied,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-PSO-Applied
+attributeID: 1.2.840.113556.1.4.2021
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2119
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Password settings object applied
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Password settings object applied to this object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-PSOApplied
+schemaFlagsEx: 1
+schemaIDGUID:: MfBsXqi9yEOspI/uQScAWw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Required-Domain-Behavior-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Required-Domain-Behavior-Version
+attributeID: 1.2.840.113556.1.4.2066
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Required-Domain-Behavior-Version
+adminDescription: Required domain function level for this feature.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-RequiredDomainBehaviorVersion
+schemaFlagsEx: 1
+schemaIDGUID:: /j3d6g6uwky5uV/ltu0t0g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Required-Forest-Behavior-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Required-Forest-Behavior-Version
+attributeID: 1.2.840.113556.1.4.2079
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Required-Forest-Behavior-Version
+adminDescription: Required forest function level for this feature.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-RequiredForestBehaviorVersion
+schemaFlagsEx: 1
+schemaIDGUID:: 6KLsS1OmskGP7nIVdUdL7A==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Resultant-PSO,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Resultant-PSO
+attributeID: 1.2.840.113556.1.4.2022
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Resultant password settings object applied
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Resultant password settings object applied to this object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ResultantPSO
+schemaFlagsEx: 1
+schemaIDGUID:: k6B+t9CIgEeamJEfjosdyg==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Password-Settings-Precedence,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Password-Settings-Precedence
+attributeID: 1.2.840.113556.1.4.2023
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Password Settings Precedence
+adminDescription: Password Settings Precedence
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-PasswordSettingsPrecedence
+schemaFlagsEx: 1
+schemaIDGUID:: rHRjRQofF0aTz7xVp8nTQQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Max-Values,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Max-Values
+attributeID: 1.2.840.113556.1.4.1842
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Max-Values
+adminDescription: Max values allowed.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDs-MaxValues
+schemaIDGUID:: pGnh0enrv0mPy4rvOHRZLQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Members-For-Az-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Members-For-Az-Role
+attributeID: 1.2.840.113556.1.4.1806
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2016
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Members-For-Az-Role
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: List of member application groups or users linked to Az-Role
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-MembersForAzRole
+schemaFlagsEx: 1
+schemaIDGUID:: zeb3y6SFFEOJOYv+gFl4NQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Members-For-Az-Role-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Members-For-Az-Role-BL
+attributeID: 1.2.840.113556.1.4.1807
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2017
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Members-For-Az-Role-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Back-link from member application group or user to Az-Role object(s) linking t
+ o it
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-MembersForAzRoleBL
+schemaIDGUID:: IM3s7OCniEaczwLs5eKH9Q==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-Type
+attributeID: 1.2.840.113556.1.4.2024
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-Type
+adminDescription: 
+ A bit field that maintains information about aspects of a NC replica that are 
+ relevant to replication.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-NcType
+schemaFlagsEx: 1
+schemaIDGUID:: 16wuWivMz0idmrbxoAJN6Q==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Non-Members,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Non-Members
+attributeID: 1.2.840.113556.1.4.1793
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2014
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Non-Members
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: ms-DS-Non-Members
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NonMembers
+schemaFlagsEx: 1
+schemaIDGUID:: 3rH8yjzytUat9x5klXvV2w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Non-Members-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Non-Members-BL
+attributeID: 1.2.840.113556.1.4.1794
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2015
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Non-Members-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MS-DS-Non-Members-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NonMembersBL
+schemaIDGUID:: /GiMKno6h06HIP53xRy+dA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Phonetic-First-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Phonetic-First-Name
+attributeID: 1.2.840.113556.1.4.1942
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35982
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Phonetic-First-Name
+adminDescription: 
+ Contains the phonetic given name or first name of the person.
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: msDS-PhoneticFirstName
+schemaIDGUID:: TrocSy8wNEGsfPAfbHl4Qw==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Phonetic-Last-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Phonetic-Last-Name
+attributeID: 1.2.840.113556.1.4.1943
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35983
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Phonetic-Last-Name
+adminDescription: Contains the phonetic last name of the person.
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: msDS-PhoneticLastName
+schemaIDGUID:: 7OQX8jYIkEuIry9dS72ivA==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Phonetic-Department,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Phonetic-Department
+attributeID: 1.2.840.113556.1.4.1944
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35984
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Phonetic-Department
+adminDescription: 
+ Contains the phonetic department name where the person works.
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: msDS-PhoneticDepartment
+schemaIDGUID:: rz3VbD4A50mnAm+oluem7w==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Phonetic-Company-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Phonetic-Company-Name
+attributeID: 1.2.840.113556.1.4.1945
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35985
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Phonetic-Company-Name
+adminDescription: Contains the phonetic company name where the person works.
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: msDS-PhoneticCompanyName
+schemaIDGUID:: jSDVW/TlrkalFFQ7ycR2WQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Phonetic-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Phonetic-Display-Name
+attributeID: 1.2.840.113556.1.4.1946
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 256
+mAPIID: 35986
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Phonetic-Display-Name
+adminDescription: 
+ The phonetic display name of an object.  In the absence of a phonetic display 
+ name the existing display name is used.
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: msDS-PhoneticDisplayName
+schemaFlagsEx: 1
+schemaIDGUID:: 5JQa4mYt5UyzDQ74endv8A==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-HAB-Seniority-Index,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-HAB-Seniority-Index
+attributeID: 1.2.840.113556.1.4.1997
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 36000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-HAB-Seniority-Index
+adminDescription: 
+ Contains the seniority index as applied by the organization where the person w
+ orks.
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: msDS-HABSeniorityIndex
+schemaIDGUID:: 8Un03jv9RUCYz9lljaeItQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Promotion-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Promotion-Settings
+attributeID: 1.2.840.113556.1.4.1962
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Promotion-Settings
+adminDescription: 
+ For a Computer, contains a XML string to be used for delegated DSA promotion
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-PromotionSettings
+schemaIDGUID:: 4rSByMBDvk65u1JQqptDTA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-SiteName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-SiteName
+attributeID: 1.2.840.113556.1.4.1961
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-SiteName
+adminDescription: 
+ For a Directory instance (DSA), Identifies the site name that contains the DSA
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-SiteName
+schemaFlagsEx: 1
+schemaIDGUID:: bfOnmJU1ikSeb2uJZbrtnA==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Supported-Encryption-Types,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Supported-Encryption-Types
+attributeID: 1.2.840.113556.1.4.1963
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-SupportedEncryptionTypes
+adminDescription: 
+ The encryption algorithms supported by user, computer or trust accounts. The K
+ DC uses this information while generating a service ticket for this account. S
+ ervices/Computers may automatically update this attribute on their respective 
+ accounts in Active Directory, and therefore need write access to this attribut
+ e.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-SupportedEncryptionTypes
+schemaFlagsEx: 1
+schemaIDGUID:: Z5gRIAQdt0qTcc/D1d8K/Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Trust-Forest-Trust-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Trust-Forest-Trust-Info
+attributeID: 1.2.840.113556.1.4.1702
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Trust-Forest-Trust-Info
+adminDescription: ms-DS-Trust-Forest-Trust-Info
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-TrustForestTrustInfo
+schemaFlagsEx: 1
+schemaIDGUID:: bobMKdNJaUmULh28CSXRgw==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Tombstone-Quota-Factor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Tombstone-Quota-Factor
+attributeID: 1.2.840.113556.1.4.1847
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 100
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Tombstone-Quota-Factor
+adminDescription: 
+ The percentage factor by which tombstone object count should be reduced for th
+ e purpose of quota accounting.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-TombstoneQuotaFactor
+schemaFlagsEx: 1
+schemaIDGUID:: 10QXRrbzukWHU/uVUqXfMg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Top-Quota-Usage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Top-Quota-Usage
+attributeID: 1.2.840.113556.1.4.1850
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Top-Quota-Usage
+adminDescription: 
+ The list of top quota users ordered by decreasing quota usage currently in the
+  directory database.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-TopQuotaUsage
+schemaFlagsEx: 1
+schemaIDGUID:: T858e/Xxtku36yNQSvGedQ==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Machine-Account-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Machine-Account-Quota
+attributeID: 1.2.840.113556.1.4.1411
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Machine-Account-Quota
+adminDescription: MS-DS-Machine-Account-Quota
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: ms-DS-MachineAccountQuota
+schemaFlagsEx: 1
+schemaIDGUID:: aPtk0IAU0xGRwQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Object-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Object-Reference
+attributeID: 1.2.840.113556.1.4.1840
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2038
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-Object-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ A link to the object that uses the data stored in the object that contains thi
+ s attribute.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ObjectReference
+schemaIDGUID:: 6MKOY+cinECF0hGyG+5y3g==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Object-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Object-Reference-BL
+attributeID: 1.2.840.113556.1.4.1841
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2039
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-Object-Reference-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Back link for ms-DS-Object-Reference.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ObjectReferenceBL
+schemaIDGUID:: FSVwK/fBO0uxSMDkxs7stA==
+systemOnly: TRUE
+systemFlags: 1
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Operations-For-Az-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Operations-For-Az-Role
+attributeID: 1.2.840.113556.1.4.1812
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2022
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Operations-For-Az-Role
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: List of operations linked to Az-Role
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-OperationsForAzRole
+schemaIDGUID:: vgH3k0z6tkO8L02+pxj/qw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Operations-For-Az-Role-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Operations-For-Az-Role-BL
+attributeID: 1.2.840.113556.1.4.1813
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2023
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Operations-For-Az-Role-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Back-link from Az-Operation to Az-Role object(s) linking to it
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-OperationsForAzRoleBL
+schemaIDGUID:: KGJb+DQ3JUW2tz87siCQLA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Operations-For-Az-Task,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Operations-For-Az-Task
+attributeID: 1.2.840.113556.1.4.1808
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2018
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Operations-For-Az-Task
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: List of operations linked to Az-Task
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-OperationsForAzTask
+schemaIDGUID:: NrSsGp0uqUSSmM5N6+tuvw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Operations-For-Az-Task-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Operations-For-Az-Task-BL
+attributeID: 1.2.840.113556.1.4.1809
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2019
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Operations-For-Az-Task-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Back-link from Az-Operation to Az-Task object(s) linking to it
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-OperationsForAzTaskBL
+schemaIDGUID:: EdI3pjlX0U6JsoiXRUi8WQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Other-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Other-Settings
+attributeID: 1.2.840.113556.1.4.1621
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Other-Settings
+adminDescription: ms-DS-Other-Settings
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-Other-Settings
+schemaFlagsEx: 1
+schemaIDGUID:: TPPSeX2du0KDj4ZrPkQA4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Principal-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Principal-Name
+attributeID: 1.2.840.113556.1.4.1865
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Principal-Name
+adminDescription: Account name for the security principal (constructed)
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-PrincipalName
+schemaFlagsEx: 1
+schemaIDGUID:: JZNOVlfQQ8GeO0+eXvRvkw==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Quota-Amount,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Quota-Amount
+attributeID: 1.2.840.113556.1.4.1845
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Quota-Amount
+adminDescription: 
+ The assigned quota in terms of number of objects owned in the database.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-QuotaAmount
+schemaFlagsEx: 1
+schemaIDGUID:: DaC5+4w6M0Kc+XGJJkkDoQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Quota-Effective,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Quota-Effective
+attributeID: 1.2.840.113556.1.4.1848
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Quota-Effective
+adminDescription: 
+ The effective quota for a security principal computed from the assigned quotas
+  for a directory partition.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-QuotaEffective
+schemaFlagsEx: 1
+schemaIDGUID:: UrFVZhwQtEizR+H868YBVw==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Quota-Trustee,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Quota-Trustee
+attributeID: 1.2.840.113556.1.4.1844
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 28
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Quota-Trustee
+adminDescription: 
+ The SID of the security principal for which quota is being assigned.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-QuotaTrustee
+schemaFlagsEx: 1
+schemaIDGUID:: Bok3FqVOvkmo0b/UHf9PZQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Quota-Used,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Quota-Used
+attributeID: 1.2.840.113556.1.4.1849
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Quota-Used
+adminDescription: 
+ The current quota consumed by a security principal in the directory database.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-QuotaUsed
+schemaFlagsEx: 1
+schemaIDGUID:: CEOotV1ht0uwXy8XRqpDnw==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-Repl-Cursors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-Repl-Cursors
+description: 
+ A list of past and present replication partners, and how up to date we are wit
+ h each of them.
+attributeID: 1.2.840.113556.1.4.1704
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-Repl-Cursors
+adminDescription: ms-DS-NC-Repl-Cursors
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-NCReplCursors
+schemaFlagsEx: 1
+schemaIDGUID:: 5HwWiuj560eNePf+gKuyzA==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-Repl-Inbound-Neighbors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-Repl-Inbound-Neighbors
+description: 
+ Replication partners for this partition.  This server obtains replication data
+  from these other servers, which act as sources.
+attributeID: 1.2.840.113556.1.4.1705
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-Repl-Inbound-Neighbors
+adminDescription: ms-DS-NC-Repl-Inbound-Neighbors
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-NCReplInboundNeighbors
+schemaFlagsEx: 1
+schemaIDGUID:: Wqjbnp4+G0ObGqW26e2nlg==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-Repl-Outbound-Neighbors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-Repl-Outbound-Neighbors
+description: 
+ Replication partners for this partition.  This server sends replication data t
+ o these other servers, which act as destinations. This server will notify thes
+ e other servers when new data is available.
+attributeID: 1.2.840.113556.1.4.1706
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-Repl-Outbound-Neighbors
+adminDescription: ms-DS-NC-Repl-Outbound-Neighbors
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-NCReplOutboundNeighbors
+schemaFlagsEx: 1
+schemaIDGUID:: 9S5fhcWhxEy6bTJSKEi2Hw==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-Replica-Locations,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-Replica-Locations
+attributeID: 1.2.840.113556.1.4.1661
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 1044
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-Replica-Locations
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This is a list of servers that are the replica set for the corresponding Non-D
+ omain Naming Context.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NC-Replica-Locations
+schemaFlagsEx: 1
+schemaIDGUID:: FZbelze1vEasDxByDzkJ8w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-RO-Replica-Locations,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-RO-Replica-Locations
+attributeID: 1.2.840.113556.1.4.1967
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2114
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-RO-Replica-Locations
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ a linked attribute on a cross ref object for a partition. This attribute lists
+  the DSA instances which should host the partition in a readonly manner.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NC-RO-Replica-Locations
+schemaFlagsEx: 1
+schemaIDGUID:: 35P3PViYF0SnAXNaHs6/dA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-RO-Replica-Locations-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-RO-Replica-Locations-BL
+attributeID: 1.2.840.113556.1.4.1968
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2115
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-RO-Replica-Locations-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: backlink attribute for ms-DS-NC-RO-Replica-Locations.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NC-RO-Replica-Locations-BL
+schemaIDGUID:: HFFH9SpbzESDWJkqiCWBZA==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Non-Security-Group-Extra-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Non-Security-Group-Extra-Classes
+attributeID: 1.2.840.113556.1.4.1689
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Non-Security-Group-Extra-Classes
+adminDescription: ms-DS-Non-Security-Group-Extra-Classes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-Non-Security-Group-Extra-Classes
+schemaIDGUID:: /EThLVIfb0i99Bb8wwhOVA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Per-User-Trust-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Per-User-Trust-Quota
+attributeID: 1.2.840.113556.1.4.1788
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Per-User-Trust-Quota
+adminDescription: 
+ Used to enforce a per-user quota for creating Trusted-Domain objects authorize
+ d by the control access right, "Create inbound Forest trust". This attribute l
+ imits the number of Trusted-Domain objects that can be created by a single non
+ -admin user in the domain.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-PerUserTrustQuota
+schemaFlagsEx: 1
+schemaIDGUID:: 8K1h0STKk0mjqossmBMC6A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Per-User-Trust-Tombstones-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Per-User-Trust-Tombstones-Quota
+attributeID: 1.2.840.113556.1.4.1790
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Per-User-Trust-Tombstones-Quota
+adminDescription: 
+ Used to enforce a per-user quota for deleting Trusted-Domain objects when auth
+ orization is based on matching the user's SID to the value of MS-DS-Creator-SI
+ D on the Trusted-Domain object.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-PerUserTrustTombstonesQuota
+schemaFlagsEx: 1
+schemaIDGUID:: xqZwi/lQo0+nHhzgMEBEmw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Preferred-GC-Site,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Preferred-GC-Site
+attributeID: 1.2.840.113556.1.4.1444
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Preferred-GC-Site
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: ms-DS-Prefered-GC-Site
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-Preferred-GC-Site
+schemaFlagsEx: 1
+schemaIDGUID:: CrUh2bIKzUKH9gnPg6kYVA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Repl-Attribute-Meta-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Repl-Attribute-Meta-Data
+description: 
+ A list of metadata for each replicated attribute. The metadata indicates who c
+ hanged the attribute last.
+attributeID: 1.2.840.113556.1.4.1707
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Repl-Attribute-Meta-Data
+adminDescription: ms-DS-Repl-Attribute-Meta-Data
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ReplAttributeMetaData
+schemaFlagsEx: 1
+schemaIDGUID:: QjLF105yOUydTC34ydZseg==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Repl-Value-Meta-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Repl-Value-Meta-Data
+description: 
+ A list of metadata for each value of an attribute. The metadata indicates who 
+ changed the value last.
+attributeID: 1.2.840.113556.1.4.1708
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Repl-Value-Meta-Data
+adminDescription: ms-DS-Repl-Value-Meta-Data
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ReplValueMetaData
+schemaFlagsEx: 1
+schemaIDGUID:: RYFcL73hC0GJV4v6gdWs/Q==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Replicates-NC-Reason,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Replicates-NC-Reason
+attributeID: 1.2.840.113556.1.4.1408
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Replicates-NC-Reason
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: MS-DS-Replicates-NC-Reason
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mS-DS-ReplicatesNCReason
+schemaFlagsEx: 1
+schemaIDGUID:: hCuhDrMI0xGRvAAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Replication-Notify-First-DSA-Delay,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Replication-Notify-First-DSA-Delay
+attributeID: 1.2.840.113556.1.4.1663
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Replication-Notify-First-DSA-Delay
+adminDescription: 
+ This attribute controls the delay between changes to the DS, and notification 
+ of the first replica partner for an NC.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-Replication-Notify-First-DSA-Delay
+schemaFlagsEx: 1
+schemaIDGUID:: 9NSrhYkKSU697G81uyViug==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Replication-Notify-Subsequent-DSA-Delay,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Replication-Notify-Subsequent-DSA-Delay
+attributeID: 1.2.840.113556.1.4.1664
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Replication-Notify-Subsequent-DSA-Delay
+adminDescription: 
+ This attribute controls the delay between notification of each subsequent repl
+ ica partner for an NC.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-Replication-Notify-Subsequent-DSA-Delay
+schemaFlagsEx: 1
+schemaIDGUID:: hbM91pLdUkux2A0+zA6Gtg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-ReplicationEpoch,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-ReplicationEpoch
+attributeID: 1.2.840.113556.1.4.1720
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-ReplicationEpoch
+adminDescription: ms-DS-ReplicationEpoch
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-ReplicationEpoch
+schemaFlagsEx: 1
+schemaIDGUID:: earjCBzrtUWve4+UJGyOQQ==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Retired-Repl-NC-Signatures,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Retired-Repl-NC-Signatures
+attributeID: 1.2.840.113556.1.4.1826
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Retired-Repl-NC-Signatures
+adminDescription: 
+ Information about naming contexts that are no longer held on this computer
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-RetiredReplNCSignatures
+schemaFlagsEx: 1
+schemaIDGUID:: BlWz1dYZJk2a+xE1esmbXg==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-ds-Schema-Extensions,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-ds-Schema-Extensions
+attributeID: 1.2.840.113556.1.4.1440
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-ds-Schema-Extensions
+adminDescription: ms-ds-Schema-Extensions
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDs-Schema-Extensions
+schemaIDGUID:: vmGaswftq0yaSklj7QFB4Q==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-SD-Reference-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-SD-Reference-Domain
+attributeID: 1.2.840.113556.1.4.1711
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-SD-Reference-Domain
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ The domain to be used for default security descriptor translation for a Non-Do
+ main Naming Context.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-SDReferenceDomain
+schemaFlagsEx: 1
+schemaIDGUID:: FuNRTCj2pUOwa/+2lfy08w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Security-Group-Extra-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Security-Group-Extra-Classes
+attributeID: 1.2.840.113556.1.4.1688
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Security-Group-Extra-Classes
+adminDescription: ms-DS-Security-Group-Extra-Classes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-Security-Group-Extra-Classes
+schemaIDGUID:: 6GoUT/6kAUinMfUYSKT05A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Settings
+attributeID: 1.2.840.113556.1.4.1697
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 1000000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Settings
+adminDescription: ms-DS-Settings
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-Settings
+schemaIDGUID:: 10cbDqNASEuNG0ysDBzfIQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Site-Affinity,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Site-Affinity
+attributeID: 1.2.840.113556.1.4.1443
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Site-Affinity
+adminDescription: ms-DS-Site-Affinity
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDS-Site-Affinity
+schemaFlagsEx: 1
+schemaIDGUID:: AlZ8wbe88EaWVmNwyohLcg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-SPN-Suffixes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-SPN-Suffixes
+attributeID: 1.2.840.113556.1.4.1715
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-SPN-Suffixes
+adminDescription: ms-DS-SPN-Suffixes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-SPNSuffixes
+schemaFlagsEx: 1
+schemaIDGUID:: 6+GeeI6MTE6M7HmzG3YXtQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Tasks-For-Az-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Tasks-For-Az-Role
+attributeID: 1.2.840.113556.1.4.1814
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Tasks-For-Az-Role
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: List of tasks for Az-Role
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-TasksForAzRole
+schemaIDGUID:: gpAxNUqMRkaThsKUnUmJTQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Tasks-For-Az-Role-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Tasks-For-Az-Role-BL
+attributeID: 1.2.840.113556.1.4.1815
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2025
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Tasks-For-Az-Role-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Back-link from Az-Task to Az-Role object(s) linking to it
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-TasksForAzRoleBL
+schemaIDGUID:: NtXcoFhR/kKMQMAKetN5WQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Tasks-For-Az-Task,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Tasks-For-Az-Task
+attributeID: 1.2.840.113556.1.4.1810
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2020
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Tasks-For-Az-Task
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: List of tasks linked to Az-Task
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-TasksForAzTask
+schemaIDGUID:: 4o4csc1fp0aV8PODM/CWzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Tasks-For-Az-Task-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Tasks-For-Az-Task-BL
+attributeID: 1.2.840.113556.1.4.1811
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2021
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Tasks-For-Az-Task-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Back-link from Az-Task to the Az-Task object(s) linking to it
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-TasksForAzTaskBL
+schemaIDGUID:: Um5E3/q1okykLxP5ilJsjw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-User-Account-Control-Computed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-User-Account-Control-Computed
+attributeID: 1.2.840.113556.1.4.1460
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-User-Account-Control-Computed
+adminDescription: ms-DS-User-Account-Control-Computed
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-User-Account-Control-Computed
+schemaFlagsEx: 1
+schemaIDGUID:: NrjELD+2QEmNI+p6zwavVg==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-User-Password-Expiry-Time-Computed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-User-Password-Expiry-Time-Computed
+attributeID: 1.2.840.113556.1.4.1996
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-User-Password-Expiry-Time-Computed
+adminDescription: Contains the expiry time for the user's current password
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-UserPasswordExpiryTimeComputed
+schemaFlagsEx: 1
+schemaIDGUID:: EM/VrQl7SUSa5iU0FI+Kcg==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-UpdateScript,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-UpdateScript
+attributeID: 1.2.840.113556.1.4.1721
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-UpdateScript
+adminDescription: ms-DS-UpdateScript
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-UpdateScript
+schemaFlagsEx: 1
+schemaIDGUID:: ObZuFJ+7wU+oJeKeAMd5IA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Source-Object-DN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Source-Object-DN
+attributeID: 1.2.840.113556.1.4.1879
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 10240
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Source-Object-DN
+adminDescription: 
+ The string representation of the DN of the object in another forest that corre
+ sponds to this object.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-SourceObjectDN
+schemaIDGUID:: r5M+d7TT1Eiz+QZFdgLT0A==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-KrbTgt-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-KrbTgt-Link
+attributeID: 1.2.840.113556.1.4.1923
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2100
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-KrbTgt-Link
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a computer, Identifies the user object (krbtgt), acting as the domain or s
+ econdary domain master secret. Depends on which domain or secondary domain the
+  computer resides in.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-KrbTgtLink
+schemaFlagsEx: 1
+schemaIDGUID:: yfWPd05vdEuFataDgzE5EA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Revealed-Users,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Revealed-Users
+attributeID: 1.2.840.113556.1.4.1924
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+linkID: 2102
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Revealed-Users
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: 
+ For a Directory instance (DSA), Identifies the user objects whose secrets have
+  been disclosed to that instance
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-RevealedUsers
+schemaFlagsEx: 1
+schemaIDGUID:: IXhcGEk3OkS9aiiImQca2w==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Has-Full-Replica-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Has-Full-Replica-NCs
+attributeID: 1.2.840.113556.1.4.1925
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2104
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Has-Full-Replica-NCs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a Directory instance (DSA), identifies the partitions held as full replica
+ s
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-hasFullReplicaNCs
+schemaFlagsEx: 1
+schemaIDGUID:: GC08HdBCaEiZ/g7KHm+p8w==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Never-Reveal-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Never-Reveal-Group
+attributeID: 1.2.840.113556.1.4.1926
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2106
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Never-Reveal-Group
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a Directory instance (DSA), identifies the security group whose users will
+  never have their secrets disclosed to that instance
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NeverRevealGroup
+schemaFlagsEx: 1
+schemaIDGUID:: mVlYFUn9Zk2yXe65arqBdA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Reveal-OnDemand-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Reveal-OnDemand-Group
+attributeID: 1.2.840.113556.1.4.1928
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2110
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Reveal-OnDemand-Group
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a Directory instance (DSA), identifies the security group whose users may 
+ have their secrets disclosed to that instance
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-RevealOnDemandGroup
+schemaFlagsEx: 1
+schemaIDGUID:: Sp89MNYdOEuPxTOv6MmIrQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Secondary-KrbTgt-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Secondary-KrbTgt-Number
+attributeID: 1.2.840.113556.1.4.1929
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 65536
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Secondary-KrbTgt-Number
+adminDescription: 
+ For a user object (krbtgt), acting as a secondary domain master secret, identi
+ fies the protocol identification number associated with the secondary domain.
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: msDS-SecondaryKrbTgtNumber
+schemaFlagsEx: 1
+schemaIDGUID:: EmYVqpYjfkataijSP9sYZQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Revealed-DSAs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Revealed-DSAs
+attributeID: 1.2.840.113556.1.4.1930
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2103
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Revealed-DSAs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-DS-Revealed-Users; for a user, identifies which Directory inst
+ ances (DSA) hold that user's secret
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-RevealedDSAs
+schemaFlagsEx: 1
+schemaIDGUID:: rPL2lG3HXku3H/Myw+k8Ig==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-KrbTgt-Link-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-KrbTgt-Link-BL
+attributeID: 1.2.840.113556.1.4.1931
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2101
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-KrbTgt-Link-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-DS-KrbTgt-Link; for a user object (krbtgt) acting as a domain 
+ or secondary domain master secret, identifies which computers are in that doma
+ in or secondary domain
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-KrbTgtLinkBl
+schemaFlagsEx: 1
+schemaIDGUID:: QYzWXd+/i0ObXTnZYYvyYA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Full-Replica-For,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Full-Replica-For
+attributeID: 1.2.840.113556.1.4.1932
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2105
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-Full-Replica-For
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-Ds-Has-Full-Replica-NCs; for a partition root object, identifi
+ es which Directory instances (DSA) hold that partition as a full replica
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-IsFullReplicaFor
+schemaIDGUID:: 4HK8yLSm8EiUpf12qIyZhw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Domain-For,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Domain-For
+attributeID: 1.2.840.113556.1.4.1933
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2027
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-Domain-For
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-DS-Has-Domain-NCs; for a partition root object, identifies whi
+ ch Directory instances (DSA) hold that partition as their primary domain
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-IsDomainFor
+schemaIDGUID:: KloV/+VE4E2DGBOliYjeTw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Partial-Replica-For,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Partial-Replica-For
+attributeID: 1.2.840.113556.1.4.1934
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 75
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-Partial-Replica-For
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for has-Partial-Replica-NCs; for a partition root object, identifies 
+ which Directory instances (DSA) hold that partition as a partial replica
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-IsPartialReplicaFor
+schemaIDGUID:: 9k/JN9TGj0my+cb3+GR4CQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-User-Cachable-At-Rodc,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-User-Cachable-At-Rodc
+attributeID: 1.2.840.113556.1.4.2025
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-User-Cachable-At-Rodc
+adminDescription: 
+ For a Read-Only Directory instance (DSA), Identifies whether the specified use
+ r's secrets are cachable.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-IsUserCachableAtRodc
+schemaFlagsEx: 1
+schemaIDGUID:: WiQB/h80VkWVH0jAM6iQUA==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Revealed-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Revealed-List
+attributeID: 1.2.840.113556.1.4.1940
+attributeSyntax: 2.5.5.14
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Revealed-List
+oMObjectClass:: KoZIhvcUAQEBDA==
+adminDescription: 
+ For a Directory instance (DSA), Identifies the user objects whose secrets have
+  been disclosed to that instance
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-RevealedList
+schemaFlagsEx: 1
+schemaIDGUID:: HNHay+x/ezhiGToGJ9mvgQ==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Revealed-List-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Revealed-List-BL
+attributeID: 1.2.840.113556.1.4.1975
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Revealed-List-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: backlink attribute for ms-DS-Revealed-List.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-RevealedListBL
+schemaFlagsEx: 1
+schemaIDGUID:: /Ygcqvawn0Kyyp2QImboCA==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Last-Successful-Interactive-Logon-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Last-Successful-Interactive-Logon-Time
+attributeID: 1.2.840.113556.1.4.1970
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-LastSuccessfulInteractiveLogonTime
+adminDescription: 
+ The time that the correct password was presented during a C-A-D logon.
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-LastSuccessfulInteractiveLogonTime
+schemaFlagsEx: 1
+schemaIDGUID:: 5ikZAV2LWEK2SgCwtJSXRw==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Last-Failed-Interactive-Logon-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Last-Failed-Interactive-Logon-Time
+attributeID: 1.2.840.113556.1.4.1971
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-LastFailedInteractiveLogonTime
+adminDescription: 
+ The time that an incorrect password was presented during a C-A-D logon.
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-LastFailedInteractiveLogonTime
+schemaFlagsEx: 1
+schemaIDGUID:: +trnx8MQi0uazVTxEGN0Lg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Failed-Interactive-Logon-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Failed-Interactive-Logon-Count
+attributeID: 1.2.840.113556.1.4.1972
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-FailedInteractiveLogonCount
+adminDescription: 
+ The total number of failed interactive logons since this feature was turned on
+ .
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-FailedInteractiveLogonCount
+schemaFlagsEx: 1
+schemaIDGUID:: b6g83K1wYEmEJaTWMT2T3Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon
+attributeID: 1.2.840.113556.1.4.1973
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: 
+ ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon
+adminDescription: 
+ The total number of failed interactive logons up until the last successful C-A
+ -D logon.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon
+schemaFlagsEx: 1
+schemaIDGUID:: 5TTSxUpkA0SmZeJuCu9emA==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-USN-Last-Sync-Success,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-USN-Last-Sync-Success
+attributeID: 1.2.840.113556.1.4.2055
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-USN-Last-Sync-Success
+adminDescription: 
+ The USN at which the last successful replication synchronization occurred.
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-USNLastSyncSuccess
+schemaFlagsEx: 1
+schemaIDGUID:: trj3MfjJLU+je1ioIwMDMQ==
+systemOnly: FALSE
+systemFlags: 25
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Value-Type-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Value-Type-Reference
+attributeID: 1.2.840.113556.1.4.2187
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2188
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Value-Type-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute is used to link a resource property object to its value type.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ValueTypeReference
+schemaFlagsEx: 1
+schemaIDGUID:: hF38eNzBSDGJhFj3ktQdPg==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Value-Type-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Value-Type-Reference-BL
+attributeID: 1.2.840.113556.1.4.2188
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2189
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Value-Type-Reference-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This is the back link for ms-DS-Value-Type-Reference. It links a value type ob
+ ject back to resource properties.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ValueTypeReferenceBL
+schemaFlagsEx: 1
+schemaIDGUID:: rUNVq6EjRTu5N5sxPVR0qA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Optional-Feature-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Optional-Feature-Flags
+attributeID: 1.2.840.113556.1.4.2063
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Optional-Feature-Flags
+adminDescription: 
+ An integer value that contains flags that define behavior of an optional featu
+ re in Active Directory.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-OptionalFeatureFlags
+schemaFlagsEx: 1
+schemaIDGUID:: wWAFirmXEUidt9wGFZiWWw==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Token-Group-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Token-Group-Names
+attributeID: 1.2.840.113556.1.4.2345
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Token-Group-Names
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ The distinguished names of security groups the principal is directly or indire
+ ctly a member of.
+oMSyntax: 127
+searchFlags: 2048
+lDAPDisplayName: msds-tokenGroupNames
+schemaIDGUID:: dgVlZZlGyU+NGCbgzQE3pg==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: TRUE
+systemFlags: 29
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Token-Group-Names-Global-And-Universal,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Token-Group-Names-Global-And-Universal
+attributeID: 1.2.840.113556.1.4.2346
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Token-Group-Names-Global-And-Universal
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ The distinguished names of global and universal security groups the principal 
+ is directly or indirectly a member of.
+oMSyntax: 127
+searchFlags: 2048
+lDAPDisplayName: msds-tokenGroupNamesGlobalAndUniversal
+schemaIDGUID:: 9NEG+iJ5rUq3nLIgH1RBfA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: TRUE
+systemFlags: 29
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Token-Group-Names-No-GC-Acceptable,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Token-Group-Names-No-GC-Acceptable
+attributeID: 1.2.840.113556.1.4.2347
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Token-Group-Names-No-GC-Acceptable
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ The distinguished names of security groups the principal is directly or indire
+ ctly a member of as reported by the local DC.
+oMSyntax: 127
+searchFlags: 2048
+lDAPDisplayName: msds-tokenGroupNamesNoGCAcceptable
+schemaIDGUID:: yMY/UvSaAkqc1z3qEp7rJw==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: TRUE
+systemFlags: 29
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Exch-Assistant-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Exch-Assistant-Name
+attributeID: 1.2.840.113556.1.2.444
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+mAPIID: 14896
+adminDisplayName: ms-Exch-Assistant-Name
+adminDescription: ms-Exch-Assistant-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msExchAssistantName
+schemaIDGUID:: lHPfqOrF0RG7ywCAx2ZwwA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Exch-House-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Exch-House-Identifier
+attributeID: 1.2.840.113556.1.2.596
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 35924
+adminDisplayName: ms-Exch-House-Identifier
+adminDescription: ms-Exch-House-Identifier
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msExchHouseIdentifier
+schemaIDGUID:: B3TfqOrF0RG7ywCAx2ZwwA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Exch-LabeledURI,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Exch-LabeledURI
+attributeID: 1.2.840.113556.1.2.593
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 1024
+mAPIID: 35921
+adminDisplayName: ms-Exch-LabeledURI
+adminDescription: ms-Exch-LabeledURI
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msExchLabeledURI
+schemaIDGUID:: IFh3FvNH0RGpwwAA+ANnwQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Exch-Owner-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Exch-Owner-BL
+attributeID: 1.2.840.113556.1.2.104
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 45
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Exch-Owner-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: ms-Exch-Owner-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ownerBL
+schemaIDGUID:: 9HmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FRS-Hub-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-FRS-Hub-Member
+attributeID: 1.2.840.113556.1.4.1693
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 1046
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-FRS-Hub-Member
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: ms-FRS-Hub-Member
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msFRS-Hub-Member
+schemaIDGUID:: gf9DVrY1qUyVErrwvQoncg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FRS-Topology-Pref,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-FRS-Topology-Pref
+attributeID: 1.2.840.113556.1.4.1692
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-FRS-Topology-Pref
+adminDescription: ms-FRS-Topology-Pref
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msFRS-Topology-Pref
+schemaIDGUID:: 4CeqklBcLUCewe6Efe+XiA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Version
+attributeID: 1.2.840.113556.1.6.13.3.1
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Version
+adminDescription: DFSR version number
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-Version
+schemaIDGUID:: CBSGGsM46km6dYVIGnfGVQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Extension,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Extension
+attributeID: 1.2.840.113556.1.6.13.3.2
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Extension
+adminDescription: DFSR Extension attribute
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFSR-Extension
+schemaIDGUID:: 7BHweGanGUutz3uB7XgaTQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-RootPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-RootPath
+attributeID: 1.2.840.113556.1.6.13.3.3
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-RootPath
+adminDescription: Full path of the root directory
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-RootPath
+schemaIDGUID:: wejV1x/mT0afzyC74KLsVA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-RootSizeInMb,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-RootSizeInMb
+attributeID: 1.2.840.113556.1.6.13.3.4
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-RootSizeInMb
+adminDescription: Size of the root directory in MB
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDFSR-RootSizeInMb
+schemaIDGUID:: rGm3kBNEz0OteoZxQudAow==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-StagingPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-StagingPath
+attributeID: 1.2.840.113556.1.6.13.3.5
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-StagingPath
+adminDescription: Full path of the staging directory
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-StagingPath
+schemaIDGUID:: nqa5hqbwXUCZu3fZd5ksKg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-StagingSizeInMb,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-StagingSizeInMb
+attributeID: 1.2.840.113556.1.6.13.3.6
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: -1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-StagingSizeInMb
+adminDescription: Size of the staging directory in MB
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDFSR-StagingSizeInMb
+schemaIDGUID:: II8KJfz2WUWuZeSyTGeuvg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ConflictPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ConflictPath
+attributeID: 1.2.840.113556.1.6.13.3.7
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ConflictPath
+adminDescription: Full path of the conflict directory
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-ConflictPath
+schemaIDGUID:: yLzwXPdg/0u9pq6gNE6xUQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ConflictSizeInMb,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ConflictSizeInMb
+attributeID: 1.2.840.113556.1.6.13.3.8
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: -1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ConflictSizeInMb
+adminDescription: Size of the Conflict directory in MB
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDFSR-ConflictSizeInMb
+schemaIDGUID:: yT/Tms+qmUK7PtH8bqiOSQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Enabled
+attributeID: 1.2.840.113556.1.6.13.3.9
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Enabled
+adminDescription: Specify if the object enabled
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDFSR-Enabled
+schemaIDGUID:: 52pyA32ORkSKrqkWV8AJkw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ReplicationGroupType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ReplicationGroupType
+attributeID: 1.2.840.113556.1.6.13.3.10
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ReplicationGroupType
+adminDescription: Type of Replication Group
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-ReplicationGroupType
+schemaIDGUID:: yA/t7gEQ7UWAzLv3RJMHIA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-TombstoneExpiryInMin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-TombstoneExpiryInMin
+attributeID: 1.2.840.113556.1.6.13.3.11
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2147483647
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-TombstoneExpiryInMin
+adminDescription: Tombstone record lifetime in minutes
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-TombstoneExpiryInMin
+schemaIDGUID:: TF3jIyTjYUiiL+GZFA2uAA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-FileFilter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-FileFilter
+attributeID: 1.2.840.113556.1.6.13.3.12
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-FileFilter
+adminDescription: Filter string applied to files
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-FileFilter
+schemaIDGUID:: rHCC1tylQUimrM1ovjjBgQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DirectoryFilter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DirectoryFilter
+attributeID: 1.2.840.113556.1.6.13.3.13
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-DirectoryFilter
+adminDescription: Filter string applied to directories
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-DirectoryFilter
+schemaIDGUID:: d7THky4fQEu3vwB+jQOMzw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Schedule,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Schedule
+attributeID: 1.2.840.113556.1.6.13.3.14
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 336
+rangeUpper: 336
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Schedule
+adminDescription: DFSR Replication schedule
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFSR-Schedule
+schemaIDGUID:: X/GZRh+n4kif9ViXwHWSBQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Keywords,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Keywords
+attributeID: 1.2.840.113556.1.6.13.3.15
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Keywords
+adminDescription: User defined keywords
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-Keywords
+schemaIDGUID:: kkaLBCdiZ0ugdMRDcIPhSw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Flags
+attributeID: 1.2.840.113556.1.6.13.3.16
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Flags
+adminDescription: DFSR Object Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-Flags
+schemaIDGUID:: lVZR/mE/yEWb+hnBSMV7CQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Options,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Options
+attributeID: 1.2.840.113556.1.6.13.3.17
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Options
+adminDescription: DFSR object options
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-Options
+schemaIDGUID:: hHDW1iDHfUGGR7aWI3oRTA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ContentSetGuid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ContentSetGuid
+attributeID: 1.2.840.113556.1.6.13.3.18
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ContentSetGuid
+adminDescription: DFSR Content set guid
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFSR-ContentSetGuid
+schemaIDGUID:: 4ag1EKhnIUy3uwMc35nXoA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-RdcEnabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-RdcEnabled
+attributeID: 1.2.840.113556.1.6.13.3.19
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-RdcEnabled
+adminDescription: Enable and disable RDC
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDFSR-RdcEnabled
+schemaIDGUID:: BU6046f0eECnMPSGcKdD+A==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-RdcMinFileSizeInKb,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-RdcMinFileSizeInKb
+attributeID: 1.2.840.113556.1.6.13.3.20
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: -1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-RdcMinFileSizeInKb
+adminDescription: Minimum file size to apply RDC
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDFSR-RdcMinFileSizeInKb
+schemaIDGUID:: MKMC9OWswU2MyXTZAL+K4A==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DfsPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DfsPath
+attributeID: 1.2.840.113556.1.6.13.3.21
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-DfsPath
+adminDescription: Full path of associated DFS link
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDFSR-DfsPath
+schemaIDGUID:: 4gPJLIw5O0Sshv9rAerHug==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-RootFence,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-RootFence
+attributeID: 1.2.840.113556.1.6.13.3.22
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-RootFence
+adminDescription: Root directory fence value
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-RootFence
+schemaIDGUID:: lI6SUdgsvkq1UuUEEkRDcA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ReplicationGroupGuid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ReplicationGroupGuid
+attributeID: 1.2.840.113556.1.6.13.3.23
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ReplicationGroupGuid
+adminDescription: Replication group guid
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDFSR-ReplicationGroupGuid
+schemaIDGUID:: loetLRl2+E+Wbgpcxnsofw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DfsLinkTarget,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DfsLinkTarget
+attributeID: 1.2.840.113556.1.6.13.3.24
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-DfsLinkTarget
+adminDescription: Link target used for the subscription
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-DfsLinkTarget
+schemaIDGUID:: qVu49/k7j0KqtC7ubVbwYw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-MemberReference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-MemberReference
+attributeID: 1.2.840.113556.1.6.13.3.100
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2052
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-MemberReference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Forward link to DFSR-Member object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDFSR-MemberReference
+schemaIDGUID:: qjcTJsPxskS76siNSebwxw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ComputerReference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ComputerReference
+attributeID: 1.2.840.113556.1.6.13.3.101
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2050
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ComputerReference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Forward link to Computer object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDFSR-ComputerReference
+schemaIDGUID:: hVd7bCE9v0GKimJ5QVRNWg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-MemberReferenceBL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-MemberReferenceBL
+attributeID: 1.2.840.113556.1.6.13.3.102
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2053
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-MemberReferenceBL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Backlink attribute for ms-DFSR-MemberReference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDFSR-MemberReferenceBL
+schemaIDGUID:: xmLerYAY7UG9PDC30l4U8A==
+systemFlags: 1
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ComputerReferenceBL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ComputerReferenceBL
+attributeID: 1.2.840.113556.1.6.13.3.103
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2051
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ComputerReferenceBL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Backlink attribute for ms-DFSR-ComputerReference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDFSR-ComputerReferenceBL
+schemaIDGUID:: 1ya1XhvXrkSMxpVGAFLmrA==
+systemFlags: 1
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Priority
+attributeID: 1.2.840.113556.1.6.13.3.25
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-Priority
+adminDescription: Priority level
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-Priority
+schemaIDGUID:: 1ucg660y3kKxQRatJjGwGw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DeletedPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DeletedPath
+attributeID: 1.2.840.113556.1.6.13.3.26
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-DeletedPath
+adminDescription: Full path of the Deleted directory
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-DeletedPath
+schemaIDGUID:: uPB8gZXbFEm4M1oHnvZXZA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DeletedSizeInMb,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DeletedSizeInMb
+attributeID: 1.2.840.113556.1.6.13.3.27
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeUpper: -1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-DeletedSizeInMb
+adminDescription: Size of the Deleted directory in MB
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDFSR-DeletedSizeInMb
+schemaIDGUID:: 0ZrtU3WZ9EGD9QwGGhJVOg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ReadOnly,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ReadOnly
+attributeID: 1.2.840.113556.1.6.13.3.28
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-ReadOnly
+adminDescription: Specify whether the content is read-only or read-write
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDFSR-ReadOnly
+schemaIDGUID:: IYDEWkfk50adI5LAxqkN+w==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-CachePolicy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-CachePolicy
+attributeID: 1.2.840.113556.1.6.13.3.29
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-CachePolicy
+adminDescription: On-demand cache policy options
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-CachePolicy
+schemaIDGUID:: 5wh623b8aUWkX/XstmqItQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-MinDurationCacheInMin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-MinDurationCacheInMin
+attributeID: 1.2.840.113556.1.6.13.3.30
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeUpper: 2147483647
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-MinDurationCacheInMin
+adminDescription: Minimum time in minutes before truncating files
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-MinDurationCacheInMin
+schemaIDGUID:: emBdTEnOSkSYYoKpX10fzA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-MaxAgeInCacheInMin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-MaxAgeInCacheInMin
+attributeID: 1.2.840.113556.1.6.13.3.31
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeUpper: 2147483647
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-MaxAgeInCacheInMin
+adminDescription: Maximum time in minutes to keep files in full form
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-MaxAgeInCacheInMin
+schemaIDGUID:: jeSwKk6s/EqD5aNCQNthmA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FVE-RecoveryPassword,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-FVE-RecoveryPassword
+attributeID: 1.2.840.113556.1.4.1964
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FVE-RecoveryPassword
+adminDescription: 
+ This attribute contains a password that can recover a BitLocker-encrypted volu
+ me. Full Volume Encryption (FVE) was the pre-release name for BitLocker Drive 
+ Encryption.
+oMSyntax: 64
+searchFlags: 664
+lDAPDisplayName: msFVE-RecoveryPassword
+schemaIDGUID:: wRoGQ63IzEy3hSv6wg/GCg==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FVE-VolumeGuid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-FVE-VolumeGuid
+attributeID: 1.2.840.113556.1.4.1998
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FVE-VolumeGuid
+adminDescription: 
+ This attribute contains the GUID associated with a BitLocker-supported disk vo
+ lume. Full Volume Encryption (FVE) was the pre-release name for BitLocker Driv
+ e Encryption.
+oMSyntax: 4
+searchFlags: 27
+lDAPDisplayName: msFVE-VolumeGuid
+schemaIDGUID:: z6Xlhe7cdUCc/aydtqLyRQ==
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FVE-KeyPackage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-FVE-KeyPackage
+attributeID: 1.2.840.113556.1.4.1999
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 102400
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FVE-KeyPackage
+adminDescription: 
+ This attribute contains a volume's BitLocker encryption key secured by the cor
+ responding recovery password. Full Volume Encryption (FVE) was the pre-release
+  name for BitLocker Drive Encryption.
+oMSyntax: 4
+searchFlags: 664
+lDAPDisplayName: msFVE-KeyPackage
+schemaIDGUID:: qF7VH6eI3EeBKQ2qlxhqVA==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FVE-RecoveryGuid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-FVE-RecoveryGuid
+attributeID: 1.2.840.113556.1.4.1965
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FVE-RecoveryGuid
+adminDescription: 
+ This attribute contains the GUID associated with a BitLocker recovery password
+ . Full Volume Encryption (FVE) was the pre-release name for BitLocker Drive En
+ cryption.
+oMSyntax: 4
+searchFlags: 27
+lDAPDisplayName: msFVE-RecoveryGuid
+schemaIDGUID:: vAlp93jmoEews/hqAETAbQ==
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TPM-OwnerInformation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TPM-OwnerInformation
+attributeID: 1.2.840.113556.1.4.1966
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: TPM-OwnerInformation
+adminDescription: 
+ This attribute contains the owner information of a particular TPM.
+oMSyntax: 64
+searchFlags: 664
+lDAPDisplayName: msTPM-OwnerInformation
+schemaIDGUID:: bRpOqg1VBU6MNUr8uRep/g==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-ieee-80211-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-ieee-80211-Data
+attributeID: 1.2.840.113556.1.4.1821
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-ieee-80211-Data
+adminDescription: 
+ Stores list of preferred network configurations for Group Policy for Wireless
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msieee80211-Data
+schemaIDGUID:: OAkNDlgmgEWp9noKx7Vmyw==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-ieee-80211-Data-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-ieee-80211-Data-Type
+attributeID: 1.2.840.113556.1.4.1822
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-ieee-80211-Data-Type
+adminDescription: internally used data type for msieee80211-Data blob
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msieee80211-DataType
+schemaIDGUID:: gLFYZdo1/k6+7VIfj0jK+w==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-ieee-80211-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-ieee-80211-ID
+attributeID: 1.2.840.113556.1.4.1823
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-ieee-80211-ID
+adminDescription: an indentifier used for wireless policy object on AD
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msieee80211-ID
+schemaIDGUID:: de9zf8kUI0yB3t0HoG+eiw==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-IIS-FTP-Dir,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-IIS-FTP-Dir
+attributeID: 1.2.840.113556.1.4.1786
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-IIS-FTP-Dir
+adminDescription: Relative user directory on an FTP Root share.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msIIS-FTPDir
+schemaIDGUID:: 6ZlcijAi60a46OWdcS657g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-IIS-FTP-Root,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-IIS-FTP-Root
+attributeID: 1.2.840.113556.1.4.1785
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-IIS-FTP-Root
+adminDescription: Virtual FTP Root where user home directory resides.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msIIS-FTPRoot
+schemaIDGUID:: pCd4KoMUpUmdhFLjgSFWtA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Imaging-PSP-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Imaging-PSP-Identifier
+attributeID: 1.2.840.113556.1.4.2053
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Imaging-PSP-Identifier
+adminDescription: 
+ Schema Attribute that contains the unique identifier for this PostScan Process
+ .
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msImaging-PSPIdentifier
+schemaIDGUID:: 6TxYUfqUEku5kDBMNbGFlQ==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Imaging-PSP-String,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Imaging-PSP-String
+attributeID: 1.2.840.113556.1.4.2054
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 524288
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Imaging-PSP-String
+adminDescription: 
+ Schema Attribute that contains the XML sequence for this PostScan Process.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msImaging-PSPString
+schemaIDGUID:: rmBne+3WpkS2vp3mLAnsZw==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-80211-GP-PolicyGUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-net-ieee-80211-GP-PolicyGUID
+attributeID: 1.2.840.113556.1.4.1951
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-80211-GP-PolicyGUID
+adminDescription: 
+ This attribute contains a GUID which identifies a specific 802.11 group policy
+  object on the domain.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ms-net-ieee-80211-GP-PolicyGUID
+schemaIDGUID:: YnBpNa8ei0SsHjiOC+T97g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-80211-GP-PolicyData,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-net-ieee-80211-GP-PolicyData
+attributeID: 1.2.840.113556.1.4.1952
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 4194304
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-80211-GP-PolicyData
+adminDescription: 
+ This attribute contains all of the settings and data which comprise a group po
+ licy configuration for 802.11 wireless networks.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ms-net-ieee-80211-GP-PolicyData
+schemaIDGUID:: pZUUnHZNjkaZHhQzsKZ4VQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-80211-GP-PolicyReserved,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-net-ieee-80211-GP-PolicyReserved
+attributeID: 1.2.840.113556.1.4.1953
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 4194304
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-80211-GP-PolicyReserved
+adminDescription: Reserved for future use
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: ms-net-ieee-80211-GP-PolicyReserved
+schemaIDGUID:: LsZpD44I9U+lOukjzsB8Cg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-8023-GP-PolicyGUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-net-ieee-8023-GP-PolicyGUID
+attributeID: 1.2.840.113556.1.4.1954
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-8023-GP-PolicyGUID
+adminDescription: 
+ This attribute contains a GUID which identifies a specific 802.3 group policy 
+ object on the domain.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ms-net-ieee-8023-GP-PolicyGUID
+schemaIDGUID:: WrCnlLK4WU+cJTnmm6oWhA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-8023-GP-PolicyData,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-net-ieee-8023-GP-PolicyData
+attributeID: 1.2.840.113556.1.4.1955
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1048576
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-8023-GP-PolicyData
+adminDescription: 
+ This attribute contains all of the settings and data which comprise a group po
+ licy configuration for 802.3 wired networks.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ms-net-ieee-8023-GP-PolicyData
+schemaIDGUID:: i5SYg1d0kU29TY1+1mnJ9w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-8023-GP-PolicyReserved,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-net-ieee-8023-GP-PolicyReserved
+attributeID: 1.2.840.113556.1.4.1956
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1048576
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-8023-GP-PolicyReserved
+adminDescription: Reserved for future use
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: ms-net-ieee-8023-GP-PolicyReserved
+schemaIDGUID:: xyfF0wYm602M/RhCb+7Izg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Cert-Template-OID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Cert-Template-OID
+attributeID: 1.2.840.113556.1.4.1436
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Cert-Template-OID
+adminDescription: ms-PKI-Cert-Template-OID
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msPKI-Cert-Template-OID
+schemaIDGUID:: asNkMSa6jEaL2sHlzCVnKA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Certificate-Application-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Certificate-Application-Policy
+attributeID: 1.2.840.113556.1.4.1674
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Certificate-Application-Policy
+adminDescription: ms-PKI-Certificate-Application-Policy
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-Certificate-Application-Policy
+schemaIDGUID:: SAXZ2zeqAkKZZoxTe6XOMg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Certificate-Name-Flag,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Certificate-Name-Flag
+attributeID: 1.2.840.113556.1.4.1432
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Certificate-Name-Flag
+adminDescription: ms-PKI-Certificate-Name-Flag
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-Certificate-Name-Flag
+schemaIDGUID:: xN0d6v9gbkGMwBfO5TS85w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Certificate-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Certificate-Policy
+attributeID: 1.2.840.113556.1.4.1439
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Certificate-Policy
+adminDescription: ms-PKI-Certificate-Policy
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-Certificate-Policy
+schemaIDGUID:: RiOUOFvMS0Kn2G/9EgKcXw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Credential-Roaming-Tokens,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Credential-Roaming-Tokens
+attributeID: 1.2.840.113556.1.4.2050
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+linkID: 2162
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Credential-Roaming-Tokens
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: 
+ Storage of encrypted user credential token blobs for roaming.
+oMSyntax: 127
+searchFlags: 128
+lDAPDisplayName: msPKI-CredentialRoamingTokens
+schemaIDGUID:: OFr/txgIsEKBENPRVMl/JA==
+attributeSecurityGUID:: 3kfmkW/ZcEuVV9Y/9PPM2A==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Enrollment-Flag,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Enrollment-Flag
+attributeID: 1.2.840.113556.1.4.1430
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Enrollment-Flag
+adminDescription: ms-PKI-Enrollment-Flag
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-Enrollment-Flag
+schemaIDGUID:: 2Pde0Sby20auebNOVgvRLA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Enrollment-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Enrollment-Servers
+attributeID: 1.2.840.113556.1.4.2076
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Enrollment-Servers
+adminDescription: 
+ Priority, authentication type, and URI of each certificate enrollment web serv
+ ice.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-Enrollment-Servers
+schemaIDGUID:: j9Mr8tChMkiLKAMxQ4iGpg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Minimal-Key-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Minimal-Key-Size
+attributeID: 1.2.840.113556.1.4.1433
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Minimal-Key-Size
+adminDescription: ms-PKI-Minimal-Key-Size
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-Minimal-Key-Size
+schemaIDGUID:: 9WNq6X9B00a+Utt3A8UD3w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-OID-Attribute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-OID-Attribute
+attributeID: 1.2.840.113556.1.4.1671
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-OID-Attribute
+adminDescription: ms-PKI-OID-Attribute
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-OID-Attribute
+schemaIDGUID:: iBKejChQT0+nBHbQJvJG7w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-OID-CPS,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-OID-CPS
+attributeID: 1.2.840.113556.1.4.1672
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 32768
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-OID-CPS
+adminDescription: ms-PKI-OID-CPS
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-OID-CPS
+schemaIDGUID:: DpRJX5+nUUq7bz1EalTcaw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-OID-LocalizedName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-OID-LocalizedName
+attributeID: 1.2.840.113556.1.4.1712
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-OID-LocalizedName
+adminDescription: ms-PKI-OID-LocalizedName
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-OIDLocalizedName
+schemaIDGUID:: FqhZfQW7ckqXH1wTMfZ1WQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-OID-User-Notice,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-OID-User-Notice
+attributeID: 1.2.840.113556.1.4.1673
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 32768
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-OID-User-Notice
+adminDescription: ms-PKI-OID-User-Notice
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-OID-User-Notice
+schemaIDGUID:: etrEBBThaU6I3uKT8tOzlQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Private-Key-Flag,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Private-Key-Flag
+attributeID: 1.2.840.113556.1.4.1431
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Private-Key-Flag
+adminDescription: ms-PKI-Private-Key-Flag
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-Private-Key-Flag
+schemaIDGUID:: wkqwujUECUeTByg4DnxwAQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Site-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Site-Name
+attributeID: 1.2.840.113556.1.4.2077
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Site-Name
+adminDescription: Active Directory site to which the CA machine belongs.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-Site-Name
+schemaIDGUID:: H3HYDPwKJkmksQmwjT1DbA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Supersede-Templates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Supersede-Templates
+attributeID: 1.2.840.113556.1.4.1437
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Supersede-Templates
+adminDescription: ms-PKI-Supersede-Templates
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-Supersede-Templates
+schemaIDGUID:: fa7onVt6HUK15AYfed/V1w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Template-Minor-Revision,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Template-Minor-Revision
+attributeID: 1.2.840.113556.1.4.1435
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Template-Minor-Revision
+adminDescription: ms-PKI-Template-Minor-Revision
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-Template-Minor-Revision
+schemaIDGUID:: bCP1E4QYsUa10EhOOJkNWA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Template-Schema-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Template-Schema-Version
+attributeID: 1.2.840.113556.1.4.1434
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Template-Schema-Version
+adminDescription: ms-PKI-Template-Schema-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-Template-Schema-Version
+schemaIDGUID:: 9ekVDB1JlEWRjzKBOgkdqQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-RA-Application-Policies,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-RA-Application-Policies
+attributeID: 1.2.840.113556.1.4.1675
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-RA-Application-Policies
+adminDescription: ms-PKI-RA-Application-Policies
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-RA-Application-Policies
+schemaIDGUID:: v/uRPHNHzUyoe4XVPnvPag==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-RA-Policies,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-RA-Policies
+attributeID: 1.2.840.113556.1.4.1438
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-RA-Policies
+adminDescription: ms-PKI-RA-Policies
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-RA-Policies
+schemaIDGUID:: Iq5G1VEJR02BfhyflvqtRg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-RA-Signature,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-RA-Signature
+attributeID: 1.2.840.113556.1.4.1429
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-RA-Signature
+adminDescription: MS PKI Number Of RA Signature Required In Request
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-RA-Signature
+schemaIDGUID:: S+AX/n2Tfk+ODpKSyNVoPg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-RoamingTimeStamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-RoamingTimeStamp
+attributeID: 1.2.840.113556.1.4.1892
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-PKI-RoamingTimeStamp
+adminDescription: Time stamp for last change to roaming tokens
+oMSyntax: 4
+searchFlags: 640
+lDAPDisplayName: msPKIRoamingTimeStamp
+schemaIDGUID:: rOQXZvGiq0O2DBH70frPBQ==
+attributeSecurityGUID:: 3kfmkW/ZcEuVV9Y/9PPM2A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-DPAPIMasterKeys,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-DPAPIMasterKeys
+attributeID: 1.2.840.113556.1.4.1893
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+linkID: 2046
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-PKI-DPAPIMasterKeys
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: Storage of encrypted DPAPI Master Keys for user
+oMSyntax: 127
+searchFlags: 640
+lDAPDisplayName: msPKIDPAPIMasterKeys
+schemaIDGUID:: IzD5szmSfE+5nGdF2Hrbwg==
+attributeSecurityGUID:: 3kfmkW/ZcEuVV9Y/9PPM2A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-AccountCredentials,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-AccountCredentials
+attributeID: 1.2.840.113556.1.4.1894
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+linkID: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-PKI-AccountCredentials
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: Storage of encrypted user credential token blobs for roaming
+oMSyntax: 127
+searchFlags: 640
+lDAPDisplayName: msPKIAccountCredentials
+schemaIDGUID:: RKffuNwx8U6sfIS69++dpw==
+attributeSecurityGUID:: 3kfmkW/ZcEuVV9Y/9PPM2A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RRAS-Attribute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RRAS-Attribute
+attributeID: 1.2.840.113556.1.4.884
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RRAS-Attribute
+adminDescription: ms-RRAS-Attribute
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msRRASAttribute
+schemaIDGUID:: rZib842T0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RRAS-Vendor-Attribute-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RRAS-Vendor-Attribute-Entry
+attributeID: 1.2.840.113556.1.4.883
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RRAS-Vendor-Attribute-Entry
+adminDescription: ms-RRAS-Vendor-Attribute-Entry
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msRRASVendorAttributeEntry
+schemaIDGUID:: rJib842T0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RADIUS-FramedInterfaceId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RADIUS-FramedInterfaceId
+attributeID: 1.2.840.113556.1.4.1913
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 8
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RADIUS-FramedInterfaceId
+adminDescription: 
+ This Attribute indicates the IPv6 interface identifier to be configured for th
+ e user.
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUS-FramedInterfaceId
+schemaIDGUID:: I0ryplzWZU2mTzX7aHPCuQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RADIUS-SavedFramedInterfaceId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RADIUS-SavedFramedInterfaceId
+attributeID: 1.2.840.113556.1.4.1914
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 8
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RADIUS-SavedFramedInterfaceId
+adminDescription: 
+ This Attribute indicates the IPv6 interface identifier to be configured for th
+ e user.
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUS-SavedFramedInterfaceId
+schemaIDGUID:: iXLapKOS5UK2ttrRbSgKyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RADIUS-FramedIpv6Prefix,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RADIUS-FramedIpv6Prefix
+attributeID: 1.2.840.113556.1.4.1915
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RADIUS-FramedIpv6Prefix
+adminDescription: 
+ This Attribute indicates an IPv6 prefix (and corresponding route) to be config
+ ured for the user.
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUS-FramedIpv6Prefix
+schemaIDGUID:: ENY+9nzWTUmHvs0eJDWaOA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RADIUS-SavedFramedIpv6Prefix,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RADIUS-SavedFramedIpv6Prefix
+attributeID: 1.2.840.113556.1.4.1916
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RADIUS-SavedFramedIpv6Prefix
+adminDescription: 
+ This Attribute indicates an IPv6 prefix (and corresponding route) to be config
+ ured for the user.
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUS-SavedFramedIpv6Prefix
+schemaIDGUID:: YqBlCeGxO0C0jVwOsOlSzA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RADIUS-FramedIpv6Route,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RADIUS-FramedIpv6Route
+attributeID: 1.2.840.113556.1.4.1917
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 4096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RADIUS-FramedIpv6Route
+adminDescription: 
+ This Attribute provides routing information to be configured for the user on t
+ he NAS.
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUS-FramedIpv6Route
+schemaIDGUID:: BKhaWoMwY0iU5QGKeaIuwA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RADIUS-SavedFramedIpv6Route,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RADIUS-SavedFramedIpv6Route
+attributeID: 1.2.840.113556.1.4.1918
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 4096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RADIUS-SavedFramedIpv6Route
+adminDescription: 
+ This Attribute provides routing information to be configured for the user on t
+ he NAS.
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUS-SavedFramedIpv6Route
+schemaIDGUID:: XLtmlp3fQU20Ny7sfifJsw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Name
+attributeID: 1.2.840.113556.1.4.1363
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Name
+adminDescription: MS-SQL-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: mS-SQL-Name
+schemaIDGUID:: 2N8yNe7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-RegisteredOwner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-RegisteredOwner
+attributeID: 1.2.840.113556.1.4.1364
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-RegisteredOwner
+adminDescription: MS-SQL-RegisteredOwner
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-RegisteredOwner
+schemaIDGUID:: 6kT9SO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Contact,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Contact
+attributeID: 1.2.840.113556.1.4.1365
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Contact
+adminDescription: MS-SQL-Contact
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Contact
+schemaIDGUID:: 2L1sT+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Location
+attributeID: 1.2.840.113556.1.4.1366
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Location
+adminDescription: MS-SQL-Location
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Location
+schemaIDGUID:: RJYcVu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Memory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Memory
+attributeID: 1.2.840.113556.1.4.1367
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Memory
+adminDescription: MS-SQL-Memory
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Memory
+schemaIDGUID:: jERdW+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Build,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Build
+attributeID: 1.2.840.113556.1.4.1368
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Build
+adminDescription: MS-SQL-Build
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Build
+schemaIDGUID:: xJQ+YO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-ServiceAccount,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-ServiceAccount
+attributeID: 1.2.840.113556.1.4.1369
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-ServiceAccount
+adminDescription: MS-SQL-ServiceAccount
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-ServiceAccount
+schemaIDGUID:: PjqTZO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-CharacterSet,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-CharacterSet
+attributeID: 1.2.840.113556.1.4.1370
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-CharacterSet
+adminDescription: MS-SQL-CharacterSet
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mS-SQL-CharacterSet
+schemaIDGUID:: pndhae7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-SortOrder,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-SortOrder
+attributeID: 1.2.840.113556.1.4.1371
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-SortOrder
+adminDescription: MS-SQL-SortOrder
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-SortOrder
+schemaIDGUID:: wELcbe7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-UnicodeSortOrder,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-UnicodeSortOrder
+attributeID: 1.2.840.113556.1.4.1372
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-UnicodeSortOrder
+adminDescription: MS-SQL-UnicodeSortOrder
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mS-SQL-UnicodeSortOrder
+schemaIDGUID:: ipHccu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Clustered,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Clustered
+attributeID: 1.2.840.113556.1.4.1373
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Clustered
+adminDescription: MS-SQL-Clustered
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Clustered
+schemaIDGUID:: kL14d+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-NamedPipe,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-NamedPipe
+attributeID: 1.2.840.113556.1.4.1374
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-NamedPipe
+adminDescription: MS-SQL-NamedPipe
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-NamedPipe
+schemaIDGUID:: QMiRe+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-MultiProtocol,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-MultiProtocol
+attributeID: 1.2.840.113556.1.4.1375
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-MultiProtocol
+adminDescription: MS-SQL-MultiProtocol
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-MultiProtocol
+schemaIDGUID:: OPpXge7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-SPX,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-SPX
+attributeID: 1.2.840.113556.1.4.1376
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-SPX
+adminDescription: MS-SQL-SPX
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-SPX
+schemaIDGUID:: BICwhu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-TCPIP,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-TCPIP
+attributeID: 1.2.840.113556.1.4.1377
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-TCPIP
+adminDescription: MS-SQL-TCPIP
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-TCPIP
+schemaIDGUID:: pmPCiu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-AppleTalk,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-AppleTalk
+attributeID: 1.2.840.113556.1.4.1378
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-AppleTalk
+adminDescription: MS-SQL-AppleTalk
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-AppleTalk
+schemaIDGUID:: 9Inaj+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Vines,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Vines
+attributeID: 1.2.840.113556.1.4.1379
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Vines
+adminDescription: MS-SQL-Vines
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Vines
+schemaIDGUID:: lGPFlO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Status,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Status
+attributeID: 1.2.840.113556.1.4.1380
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Status
+adminDescription: MS-SQL-Status
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Status
+schemaIDGUID:: cEd9mu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-LastUpdatedDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-LastUpdatedDate
+attributeID: 1.2.840.113556.1.4.1381
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-LastUpdatedDate
+adminDescription: MS-SQL-LastUpdatedDate
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-LastUpdatedDate
+schemaIDGUID:: 1EPMn+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-InformationURL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-InformationURL
+attributeID: 1.2.840.113556.1.4.1382
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-InformationURL
+adminDescription: MS-SQL-InformationURL
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-InformationURL
+schemaIDGUID:: ENUspO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-ConnectionURL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-ConnectionURL
+attributeID: 1.2.840.113556.1.4.1383
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-ConnectionURL
+adminDescription: MS-SQL-ConnectionURL
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-ConnectionURL
+schemaIDGUID:: 2iMtqe7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-PublicationURL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-PublicationURL
+attributeID: 1.2.840.113556.1.4.1384
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-PublicationURL
+adminDescription: MS-SQL-PublicationURL
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-PublicationURL
+schemaIDGUID:: uBEMru7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-GPSLatitude,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-GPSLatitude
+attributeID: 1.2.840.113556.1.4.1385
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-GPSLatitude
+adminDescription: MS-SQL-GPSLatitude
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-GPSLatitude
+schemaIDGUID:: Droisu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-GPSLongitude,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-GPSLongitude
+attributeID: 1.2.840.113556.1.4.1386
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-GPSLongitude
+adminDescription: MS-SQL-GPSLongitude
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-GPSLongitude
+schemaIDGUID:: lHxXt+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-GPSHeight,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-GPSHeight
+attributeID: 1.2.840.113556.1.4.1387
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-GPSHeight
+adminDescription: MS-SQL-GPSHeight
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-GPSHeight
+schemaIDGUID:: Dk/dvO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Version
+attributeID: 1.2.840.113556.1.4.1388
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Version
+adminDescription: MS-SQL-Version
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: mS-SQL-Version
+schemaIDGUID:: 0MF8wO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Language,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Language
+attributeID: 1.2.840.113556.1.4.1389
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Language
+adminDescription: MS-SQL-Language
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Language
+schemaIDGUID:: 9HJ/xe7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Description
+attributeID: 1.2.840.113556.1.4.1390
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Description
+adminDescription: MS-SQL-Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Description
+schemaIDGUID:: PGCGg+/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Type
+attributeID: 1.2.840.113556.1.4.1391
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Type
+adminDescription: MS-SQL-Type
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Type
+schemaIDGUID:: qOtIyu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-InformationDirectory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-InformationDirectory
+attributeID: 1.2.840.113556.1.4.1392
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-InformationDirectory
+adminDescription: MS-SQL-InformationDirectory
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-InformationDirectory
+schemaIDGUID:: Ltuu0O7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Database,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Database
+attributeID: 1.2.840.113556.1.4.1393
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Database
+adminDescription: MS-SQL-Database
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: mS-SQL-Database
+schemaIDGUID:: 3Nug1e7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-AllowAnonymousSubscription,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-AllowAnonymousSubscription
+attributeID: 1.2.840.113556.1.4.1394
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-AllowAnonymousSubscription
+adminDescription: MS-SQL-AllowAnonymousSubscription
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-AllowAnonymousSubscription
+schemaIDGUID:: Sr532+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Alias,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Alias
+attributeID: 1.2.840.113556.1.4.1395
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Alias
+adminDescription: MS-SQL-Alias
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: mS-SQL-Alias
+schemaIDGUID:: rrrG4O7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Size
+attributeID: 1.2.840.113556.1.4.1396
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Size
+adminDescription: MS-SQL-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Size
+schemaIDGUID:: hIAJ6e7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-CreationDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-CreationDate
+attributeID: 1.2.840.113556.1.4.1397
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-CreationDate
+adminDescription: MS-SQL-CreationDate
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-CreationDate
+schemaIDGUID:: VEfh7e7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-LastBackupDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-LastBackupDate
+attributeID: 1.2.840.113556.1.4.1398
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-LastBackupDate
+adminDescription: MS-SQL-LastBackupDate
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-LastBackupDate
+schemaIDGUID:: yqu28u7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-LastDiagnosticDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-LastDiagnosticDate
+attributeID: 1.2.840.113556.1.4.1399
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-LastDiagnosticDate
+adminDescription: MS-SQL-LastDiagnosticDate
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-LastDiagnosticDate
+schemaIDGUID:: iN3W9u7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Applications,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Applications
+attributeID: 1.2.840.113556.1.4.1400
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Applications
+adminDescription: MS-SQL-Applications
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Applications
+schemaIDGUID:: 6qLN++7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Keywords,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Keywords
+attributeID: 1.2.840.113556.1.4.1401
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Keywords
+adminDescription: MS-SQL-Keywords
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Keywords
+schemaIDGUID:: iqnpAe/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Publisher,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Publisher
+attributeID: 1.2.840.113556.1.4.1402
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Publisher
+adminDescription: MS-SQL-Publisher
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Publisher
+schemaIDGUID:: WGhnwUvT0hGZmgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-AllowKnownPullSubscription,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-AllowKnownPullSubscription
+attributeID: 1.2.840.113556.1.4.1403
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-AllowKnownPullSubscription
+adminDescription: MS-SQL-AllowKnownPullSubscription
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-AllowKnownPullSubscription
+schemaIDGUID:: VHC7w0vT0hGZmgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-AllowImmediateUpdatingSubscription,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-AllowImmediateUpdatingSubscription
+attributeID: 1.2.840.113556.1.4.1404
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-AllowImmediateUpdatingSubscription
+adminDescription: MS-SQL-AllowImmediateUpdatingSubscription
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-AllowImmediateUpdatingSubscription
+schemaIDGUID:: bmsYxEvT0hGZmgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-AllowQueuedUpdatingSubscription,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-AllowQueuedUpdatingSubscription
+attributeID: 1.2.840.113556.1.4.1405
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-AllowQueuedUpdatingSubscription
+adminDescription: MS-SQL-AllowQueuedUpdatingSubscription
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-AllowQueuedUpdatingSubscription
+schemaIDGUID:: gMpYxEvT0hGZmgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-AllowSnapshotFilesFTPDownloading,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-AllowSnapshotFilesFTPDownloading
+attributeID: 1.2.840.113556.1.4.1406
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-AllowSnapshotFilesFTPDownloading
+adminDescription: MS-SQL-AllowSnapshotFilesFTPDownloading
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-AllowSnapshotFilesFTPDownloading
+schemaIDGUID:: 6IubxEvT0hGZmgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-ThirdParty,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-ThirdParty
+attributeID: 1.2.840.113556.1.4.1407
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-ThirdParty
+adminDescription: MS-SQL-ThirdParty
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-ThirdParty
+schemaIDGUID:: /BHjxEvT0hGZmgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TAPI-Conference-Blob,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TAPI-Conference-Blob
+attributeID: 1.2.840.113556.1.4.1700
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msTAPI-ConferenceBlob
+adminDescription: msTAPI-ConferenceBlob
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msTAPI-ConferenceBlob
+schemaIDGUID:: HmDETAFyQUGryD5SmuiIYw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TAPI-Ip-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TAPI-Ip-Address
+attributeID: 1.2.840.113556.1.4.1701
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msTAPI-IpAddress
+adminDescription: msTAPI-IpAddress
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTAPI-IpAddress
+schemaIDGUID:: 99fX744XZ0eH+viha4QFRA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TAPI-Protocol-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TAPI-Protocol-Id
+attributeID: 1.2.840.113556.1.4.1699
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msTAPI-ProtocolId
+adminDescription: msTAPI-ProtocolId
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTAPI-ProtocolId
+schemaIDGUID:: z+vBiV96/UGZyskAsyKZqw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TAPI-Unique-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TAPI-Unique-Identifier
+attributeID: 1.2.840.113556.1.4.1698
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msTAPI-uid
+adminDescription: msTAPI-uid
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTAPI-uid
+schemaIDGUID:: 6uekcLmzQ0aJGObdJHG/1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Author,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Author
+attributeID: 1.2.840.113556.1.4.1623
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-Author
+adminDescription: ms-WMI-Author
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Author
+schemaIDGUID:: wcBmY3JpZk6zpR1SrQwFRw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-ChangeDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-ChangeDate
+attributeID: 1.2.840.113556.1.4.1624
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-ChangeDate
+adminDescription: ms-WMI-ChangeDate
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-ChangeDate
+schemaIDGUID:: oPfN+UTsN0mnm82RUis6qA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Class
+attributeID: 1.2.840.113556.1.4.1676
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Class
+adminDescription: ms-WMI-Class
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Class
+schemaIDGUID:: X5LBkCRKB0uyAr4y6zyLdA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-ClassDefinition,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-ClassDefinition
+attributeID: 1.2.840.113556.1.4.1625
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-ClassDefinition
+adminDescription: ms-WMI-ClassDefinition
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-ClassDefinition
+schemaIDGUID:: vA6cK3LCy0WZ0k0OaRYy4A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-CreationDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-CreationDate
+attributeID: 1.2.840.113556.1.4.1626
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-CreationDate
+adminDescription: ms-WMI-CreationDate
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-CreationDate
+schemaIDGUID:: LgqLdFEzP0uxcS8XQU6neQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Genus,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Genus
+attributeID: 1.2.840.113556.1.4.1677
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Genus
+adminDescription: ms-WMI-Genus
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-Genus
+schemaIDGUID:: OmfIUFaPFEaTCJ4TQPua8w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-ID
+attributeID: 1.2.840.113556.1.4.1627
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-ID
+adminDescription: ms-WMI-ID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-ID
+schemaIDGUID:: A6g5k7iU90eRI6hTuf9+RQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intDefault,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intDefault
+attributeID: 1.2.840.113556.1.4.1628
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-intDefault
+adminDescription: ms-WMI-intDefault
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-IntDefault
+schemaIDGUID:: +AcMG912YECh4XAIRhnckA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intFlags1,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intFlags1
+attributeID: 1.2.840.113556.1.4.1678
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-intFlags1
+adminDescription: ms-WMI-intFlags1
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-intFlags1
+schemaIDGUID:: uQbgGEVk40idz7Xs+8Tfjg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intFlags2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intFlags2
+attributeID: 1.2.840.113556.1.4.1679
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-intFlags2
+adminDescription: ms-WMI-intFlags2
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-intFlags2
+schemaIDGUID:: yUJaB1rFsUWsk+sIazH2EA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intFlags3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intFlags3
+attributeID: 1.2.840.113556.1.4.1680
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-intFlags3
+adminDescription: ms-WMI-intFlags3
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-intFlags3
+schemaIDGUID:: Nqef8gne5EuyOuc0wSS6zA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intFlags4,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intFlags4
+attributeID: 1.2.840.113556.1.4.1681
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-intFlags4
+adminDescription: ms-WMI-intFlags4
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-intFlags4
+schemaIDGUID:: rKd0vZPEnEy9+lx7EZymsg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intMax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intMax
+attributeID: 1.2.840.113556.1.4.1629
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-intMax
+adminDescription: ms-WMI-intMax
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-IntMax
+schemaIDGUID:: LAyS+5TyJkSKwdJLQqorzg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intMin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intMin
+attributeID: 1.2.840.113556.1.4.1630
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-intMin
+adminDescription: ms-WMI-intMin
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-IntMin
+schemaIDGUID:: uuPCaDeYcEyY4PDDNpXQIw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intValidValues,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intValidValues
+attributeID: 1.2.840.113556.1.4.1631
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-intValidValues
+adminDescription: ms-WMI-intValidValues
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-IntValidValues
+schemaIDGUID:: 9mX1akmnckuWNDxdR+a04A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-int8Default,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-int8Default
+attributeID: 1.2.840.113556.1.4.1632
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-int8Default
+adminDescription: ms-WMI-int8Default
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msWMI-Int8Default
+schemaIDGUID:: WgjY9FuMhUeVm9xYVWbkRQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-int8Max,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-int8Max
+attributeID: 1.2.840.113556.1.4.1633
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-int8Max
+adminDescription: ms-WMI-int8Max
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msWMI-Int8Max
+schemaIDGUID:: R7XY4z0ARkmjK9x87clrdA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-int8Min,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-int8Min
+attributeID: 1.2.840.113556.1.4.1634
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-int8Min
+adminDescription: ms-WMI-int8Min
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msWMI-Int8Min
+schemaIDGUID:: 0YkU7cxUZkCzaKANqiZk8Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-int8ValidValues,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-int8ValidValues
+attributeID: 1.2.840.113556.1.4.1635
+attributeSyntax: 2.5.5.16
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-int8ValidValues
+adminDescription: ms-WMI-int8ValidValues
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msWMI-Int8ValidValues
+schemaIDGUID:: qRk1EALAG0SYGrCz4BLIAw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Mof,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Mof
+attributeID: 1.2.840.113556.1.4.1638
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-Mof
+adminDescription: ms-WMI-Mof
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Mof
+schemaIDGUID:: n4A2Z2QgPkShRYEmKx8TZg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Name
+attributeID: 1.2.840.113556.1.4.1639
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-Name
+adminDescription: ms-WMI-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Name
+schemaIDGUID:: 5azIxoF+r0KtcndBLFlBxA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-NormalizedClass,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-NormalizedClass
+attributeID: 1.2.840.113556.1.4.1640
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-NormalizedClass
+adminDescription: ms-WMI-NormalizedClass
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-NormalizedClass
+schemaIDGUID:: j2K66o7r6U+D/Gk75pVVmw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Parm1,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Parm1
+attributeID: 1.2.840.113556.1.4.1682
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Parm1
+adminDescription: ms-WMI-Parm1
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Parm1
+schemaIDGUID:: hRToJ7Cxi0q+3c4ZqDfibg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Parm2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Parm2
+attributeID: 1.2.840.113556.1.4.1683
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Parm2
+adminDescription: ms-WMI-Parm2
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Parm2
+schemaIDGUID:: jlADAEKcdkqo9Di/ZLqw3g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Parm3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Parm3
+attributeID: 1.2.840.113556.1.4.1684
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Parm3
+adminDescription: ms-WMI-Parm3
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Parm3
+schemaIDGUID:: to+VRb1Szkifn8JxLZ8r/A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Parm4,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Parm4
+attributeID: 1.2.840.113556.1.4.1685
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Parm4
+adminDescription: ms-WMI-Parm4
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Parm4
+schemaIDGUID:: o9UAOM7xgkulmhUo6nlfWQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-PropertyName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-PropertyName
+attributeID: 1.2.840.113556.1.4.1641
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-PropertyName
+adminDescription: ms-WMI-PropertyName
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-PropertyName
+schemaIDGUID:: gwiSq/jnck20oMBEmJdQnQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Query,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Query
+attributeID: 1.2.840.113556.1.4.1642
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-Query
+adminDescription: ms-WMI-Query
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Query
+schemaIDGUID:: Pvn/ZeM1o0WFrodsZxgpfw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-QueryLanguage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-QueryLanguage
+attributeID: 1.2.840.113556.1.4.1643
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-QueryLanguage
+adminDescription: ms-WMI-QueryLanguage
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-QueryLanguage
+schemaIDGUID:: mPo8fXvBVEKL103puTKjRQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-ScopeGuid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-ScopeGuid
+attributeID: 1.2.840.113556.1.4.1686
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-ScopeGuid
+adminDescription: ms-WMI-ScopeGuid
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-ScopeGuid
+schemaIDGUID:: UY23h19Af0uA7SvSh4b0jQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-SourceOrganization,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-SourceOrganization
+attributeID: 1.2.840.113556.1.4.1644
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-SourceOrganization
+adminDescription: ms-WMI-SourceOrganization
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-SourceOrganization
+schemaIDGUID:: bO33NF1hjUGqAFSafXvgPg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-stringDefault,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-stringDefault
+attributeID: 1.2.840.113556.1.4.1636
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-stringDefault
+adminDescription: ms-WMI-stringDefault
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-StringDefault
+schemaIDGUID:: tkIuFcU3VU+rSBYGOEqa6g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-stringValidValues,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-stringValidValues
+attributeID: 1.2.840.113556.1.4.1637
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-stringValidValues
+adminDescription: ms-WMI-stringValidValues
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-StringValidValues
+schemaIDGUID:: MZ1gN7+iWEuPUytk5XoHbQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-TargetClass,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-TargetClass
+attributeID: 1.2.840.113556.1.4.1645
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-TargetClass
+adminDescription: ms-WMI-TargetClass
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-TargetClass
+schemaIDGUID:: 1ti2lejJYUaivGpcq8BMYg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-TargetNameSpace,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-TargetNameSpace
+attributeID: 1.2.840.113556.1.4.1646
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-TargetNameSpace
+adminDescription: ms-WMI-TargetNameSpace
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-TargetNameSpace
+schemaIDGUID:: H7ZKHCA05USEnYtdv2D+tw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-TargetObject,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-TargetObject
+attributeID: 1.2.840.113556.1.4.1647
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-TargetObject
+adminDescription: ms-WMI-TargetObject
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msWMI-TargetObject
+schemaIDGUID:: pWdPxOV9H0qS2WYrVzZLdw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-TargetPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-TargetPath
+attributeID: 1.2.840.113556.1.4.1648
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-TargetPath
+adminDescription: ms-WMI-TargetPath
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-TargetPath
+schemaIDGUID:: mqcGUP5rYUWfUhPPTdPlYA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-TargetType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-TargetType
+attributeID: 1.2.840.113556.1.4.1649
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-TargetType
+adminDescription: ms-WMI-TargetType
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-TargetType
+schemaIDGUID:: Higqyism90+0GbwSM1Kk6Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Mscope-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Mscope-Id
+attributeID: 1.2.840.113556.1.4.716
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Mscope-Id
+adminDescription: Mscope-Id
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: mscopeId
+schemaIDGUID:: USc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Msi-File-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Msi-File-List
+attributeID: 1.2.840.113556.1.4.671
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Msi-File-List
+adminDescription: Msi-File-List
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msiFileList
+schemaIDGUID:: fcv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Msi-Script,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Msi-Script
+attributeID: 1.2.840.113556.1.4.814
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Msi-Script
+adminDescription: Msi-Script
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msiScript
+schemaIDGUID:: E4Ph2TmJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Msi-Script-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Msi-Script-Name
+attributeID: 1.2.840.113556.1.4.845
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Msi-Script-Name
+adminDescription: Msi-Script-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msiScriptName
+schemaIDGUID:: Yt2nlhiR0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Msi-Script-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Msi-Script-Path
+attributeID: 1.2.840.113556.1.4.15
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Msi-Script-Path
+adminDescription: Msi-Script-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msiScriptPath
+schemaIDGUID:: N3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Msi-Script-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Msi-Script-Size
+attributeID: 1.2.840.113556.1.4.846
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Msi-Script-Size
+adminDescription: Msi-Script-Size
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msiScriptSize
+schemaIDGUID:: Y92nlhiR0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Authenticate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Authenticate
+attributeID: 1.2.840.113556.1.4.923
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Authenticate
+adminDescription: MSMQ-Authenticate
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQAuthenticate
+schemaIDGUID:: JsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Base-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Base-Priority
+attributeID: 1.2.840.113556.1.4.920
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Base-Priority
+adminDescription: MSMQ-Base-Priority
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQBasePriority
+schemaIDGUID:: I8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Computer-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Computer-Type
+attributeID: 1.2.840.113556.1.4.933
+attributeSyntax: 2.5.5.4
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Computer-Type
+adminDescription: MSMQ-Computer-Type
+oMSyntax: 20
+searchFlags: 0
+lDAPDisplayName: mSMQComputerType
+schemaIDGUID:: LsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Computer-Type-Ex,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Computer-Type-Ex
+attributeID: 1.2.840.113556.1.4.1417
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Computer-Type-Ex
+adminDescription: MSMQ-Computer-Type-Ex
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mSMQComputerTypeEx
+schemaIDGUID:: 6A0SGMT0QUO9lTLrW898gA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Cost,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Cost
+attributeID: 1.2.840.113556.1.4.946
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Cost
+adminDescription: MSMQ-Cost
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQCost
+schemaIDGUID:: OsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-CSP-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-CSP-Name
+attributeID: 1.2.840.113556.1.4.940
+attributeSyntax: 2.5.5.4
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-CSP-Name
+adminDescription: MSMQ-CSP-Name
+oMSyntax: 20
+searchFlags: 0
+lDAPDisplayName: mSMQCSPName
+schemaIDGUID:: NMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Dependent-Client-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Dependent-Client-Service
+attributeID: 1.2.840.113556.1.4.1239
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Dependent-Client-Service
+adminDescription: MSMQ-Dependent-Client-Service
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQDependentClientService
+schemaIDGUID:: gw35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Dependent-Client-Services,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Dependent-Client-Services
+attributeID: 1.2.840.113556.1.4.1226
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Dependent-Client-Services
+adminDescription: MSMQ-Dependent-Client-Services
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQDependentClientServices
+schemaIDGUID:: dg35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Digests,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Digests
+attributeID: 1.2.840.113556.1.4.948
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Digests
+adminDescription: MSMQ-Digests
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: mSMQDigests
+schemaIDGUID:: PMMNmgDB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Digests-Mig,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Digests-Mig
+attributeID: 1.2.840.113556.1.4.966
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Digests-Mig
+adminDescription: MSMQ-Digests-Mig
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQDigestsMig
+schemaIDGUID:: 4NhxDzva0RGQpQDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Ds-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Ds-Service
+attributeID: 1.2.840.113556.1.4.1238
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Ds-Service
+adminDescription: MSMQ-Ds-Service
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQDsService
+schemaIDGUID:: gg35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Ds-Services,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Ds-Services
+attributeID: 1.2.840.113556.1.4.1228
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Ds-Services
+adminDescription: MSMQ-Ds-Services
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQDsServices
+schemaIDGUID:: eA35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Encrypt-Key,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Encrypt-Key
+attributeID: 1.2.840.113556.1.4.936
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Encrypt-Key
+adminDescription: MSMQ-Encrypt-Key
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQEncryptKey
+schemaIDGUID:: McMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Foreign,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Foreign
+attributeID: 1.2.840.113556.1.4.934
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Foreign
+adminDescription: MSMQ-Foreign
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQForeign
+schemaIDGUID:: L8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-In-Routing-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-In-Routing-Servers
+attributeID: 1.2.840.113556.1.4.929
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-In-Routing-Servers
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-In-Routing-Servers
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQInRoutingServers
+schemaIDGUID:: LMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Interval1,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Interval1
+attributeID: 1.2.840.113556.1.4.1308
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Interval1
+adminDescription: MSMQ-Interval1
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQInterval1
+schemaIDGUID:: qiWojns70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Interval2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Interval2
+attributeID: 1.2.840.113556.1.4.1309
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Interval2
+adminDescription: MSMQ-Interval2
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQInterval2
+schemaIDGUID:: Uo+4mXs70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Journal,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Journal
+attributeID: 1.2.840.113556.1.4.918
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Journal
+adminDescription: MSMQ-Journal
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQJournal
+schemaIDGUID:: IcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Journal-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Journal-Quota
+attributeID: 1.2.840.113556.1.4.921
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Journal-Quota
+adminDescription: MSMQ-Journal-Quota
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQJournalQuota
+schemaIDGUID:: JMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Label,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Label
+attributeID: 1.2.840.113556.1.4.922
+attributeSyntax: 2.5.5.4
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 124
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Label
+adminDescription: MSMQ-Label
+oMSyntax: 20
+searchFlags: 1
+lDAPDisplayName: mSMQLabel
+schemaIDGUID:: JcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Label-Ex,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Label-Ex
+attributeID: 1.2.840.113556.1.4.1415
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 124
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Label-Ex
+adminDescription: MSMQ-Label-Ex
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: mSMQLabelEx
+schemaIDGUID:: Ja2ARQfU0kitJEPm5WeT1w==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Long-Lived,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Long-Lived
+attributeID: 1.2.840.113556.1.4.941
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Long-Lived
+adminDescription: MSMQ-Long-Lived
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQLongLived
+schemaIDGUID:: NcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Migrated,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Migrated
+attributeID: 1.2.840.113556.1.4.952
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Migrated
+adminDescription: MSMQ-Migrated
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQMigrated
+schemaIDGUID:: P8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Multicast-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Multicast-Address
+attributeID: 1.2.840.113556.1.4.1714
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 9
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Multicast-Address
+adminDescription: MSMQ-Multicast-Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: MSMQ-MulticastAddress
+schemaIDGUID:: EkQvHQ3xN0ObSG5bElzSZQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Name-Style,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Name-Style
+attributeID: 1.2.840.113556.1.4.939
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Name-Style
+adminDescription: MSMQ-Name-Style
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQNameStyle
+schemaIDGUID:: M8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Nt4-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Nt4-Flags
+attributeID: 1.2.840.113556.1.4.964
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Nt4-Flags
+adminDescription: MSMQ-Nt4-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQNt4Flags
+schemaIDGUID:: WKE463/V0RGQogDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Nt4-Stub,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Nt4-Stub
+attributeID: 1.2.840.113556.1.4.960
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Nt4-Stub
+adminDescription: MSMQ-Nt4-Stub
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQNt4Stub
+schemaIDGUID:: 5kuRb37V0RGQogDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-OS-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-OS-Type
+attributeID: 1.2.840.113556.1.4.935
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-OS-Type
+adminDescription: MSMQ-OS-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQOSType
+schemaIDGUID:: MMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Out-Routing-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Out-Routing-Servers
+attributeID: 1.2.840.113556.1.4.928
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Out-Routing-Servers
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-Out-Routing-Servers
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQOutRoutingServers
+schemaIDGUID:: K8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Owner-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Owner-ID
+attributeID: 1.2.840.113556.1.4.925
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Owner-ID
+adminDescription: MSMQ-Owner-ID
+oMSyntax: 4
+searchFlags: 9
+lDAPDisplayName: mSMQOwnerID
+schemaFlagsEx: 1
+schemaIDGUID:: KMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Prev-Site-Gates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Prev-Site-Gates
+attributeID: 1.2.840.113556.1.4.1225
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Prev-Site-Gates
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-Prev-Site-Gates
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQPrevSiteGates
+schemaIDGUID:: dQ35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Privacy-Level,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Privacy-Level
+attributeID: 1.2.840.113556.1.4.924
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Privacy-Level
+adminDescription: MSMQ-Privacy-Level
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: mSMQPrivacyLevel
+schemaIDGUID:: J8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-QM-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-QM-ID
+attributeID: 1.2.840.113556.1.4.951
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-QM-ID
+adminDescription: MSMQ-QM-ID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQQMID
+schemaIDGUID:: PsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Queue-Journal-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Queue-Journal-Quota
+attributeID: 1.2.840.113556.1.4.963
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Queue-Journal-Quota
+adminDescription: MSMQ-Queue-Journal-Quota
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQQueueJournalQuota
+schemaIDGUID:: ZhJEjn/V0RGQogDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Queue-Name-Ext,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Queue-Name-Ext
+attributeID: 1.2.840.113556.1.4.1243
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 92
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Queue-Name-Ext
+adminDescription: MSMQ-Queue-Name-Ext
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mSMQQueueNameExt
+schemaIDGUID:: hw35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Queue-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Queue-Quota
+attributeID: 1.2.840.113556.1.4.962
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Queue-Quota
+adminDescription: MSMQ-Queue-Quota
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQQueueQuota
+schemaIDGUID:: Eo5rP3/V0RGQogDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Queue-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Queue-Type
+attributeID: 1.2.840.113556.1.4.917
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Queue-Type
+adminDescription: MSMQ-Queue-Type
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: mSMQQueueType
+schemaIDGUID:: IMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Quota
+attributeID: 1.2.840.113556.1.4.919
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Quota
+adminDescription: MSMQ-Quota
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQQuota
+schemaIDGUID:: IsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Recipient-FormatName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Recipient-FormatName
+attributeID: 1.2.840.113556.1.4.1695
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Recipient-FormatName
+adminDescription: MSMQ-Recipient-FormatName
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msMQ-Recipient-FormatName
+schemaIDGUID:: SGf+O0S1WkiwZxsxDEM0vw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Routing-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Routing-Service
+attributeID: 1.2.840.113556.1.4.1237
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Routing-Service
+adminDescription: MSMQ-Routing-Service
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQRoutingService
+schemaIDGUID:: gQ35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Routing-Services,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Routing-Services
+attributeID: 1.2.840.113556.1.4.1227
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Routing-Services
+adminDescription: MSMQ-Routing-Services
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQRoutingServices
+schemaIDGUID:: dw35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Secured-Source,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Secured-Source
+attributeID: 1.2.840.113556.1.4.1713
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Secured-Source
+adminDescription: MSMQ-Secured-Source
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: MSMQ-SecuredSource
+schemaIDGUID:: GyLwiwZ6Y02R8BSZlBgT0w==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Service-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Service-Type
+attributeID: 1.2.840.113556.1.4.930
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Service-Type
+adminDescription: MSMQ-Service-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQServiceType
+schemaIDGUID:: LcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Services,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Services
+attributeID: 1.2.840.113556.1.4.950
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Services
+adminDescription: MSMQ-Services
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQServices
+schemaIDGUID:: PcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Sign-Certificates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Sign-Certificates
+attributeID: 1.2.840.113556.1.4.947
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1048576
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Sign-Certificates
+adminDescription: MSMQ-Sign-Certificates
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQSignCertificates
+schemaIDGUID:: O8MNmgDB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Sign-Certificates-Mig,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Sign-Certificates-Mig
+attributeID: 1.2.840.113556.1.4.967
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1048576
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Sign-Certificates-Mig
+adminDescription: MSMQ-Sign-Certificates-Mig
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQSignCertificatesMig
+schemaIDGUID:: 6riBODva0RGQpQDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Sign-Key,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Sign-Key
+attributeID: 1.2.840.113556.1.4.937
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Sign-Key
+adminDescription: MSMQ-Sign-Key
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQSignKey
+schemaIDGUID:: MsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-1,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-1
+attributeID: 1.2.840.113556.1.4.943
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-1
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-Site-1
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQSite1
+schemaIDGUID:: N8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-2
+attributeID: 1.2.840.113556.1.4.944
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-2
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-Site-2
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQSite2
+schemaIDGUID:: OMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-Foreign,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-Foreign
+attributeID: 1.2.840.113556.1.4.961
+attributeSyntax: 2.5.5.8
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-Foreign
+adminDescription: MSMQ-Site-Foreign
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQSiteForeign
+schemaIDGUID:: ip0S/X7V0RGQogDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-Gates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-Gates
+attributeID: 1.2.840.113556.1.4.945
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-Gates
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-Site-Gates
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQSiteGates
+schemaIDGUID:: OcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-Gates-Mig,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-Gates-Mig
+attributeID: 1.2.840.113556.1.4.1310
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-Gates-Mig
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-Site-Gates-Mig
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQSiteGatesMig
+schemaIDGUID:: Ukhw4ns70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-ID
+attributeID: 1.2.840.113556.1.4.953
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-ID
+adminDescription: MSMQ-Site-ID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQSiteID
+schemaIDGUID:: QMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-Name
+attributeID: 1.2.840.113556.1.4.965
+attributeSyntax: 2.5.5.4
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-Name
+adminDescription: MSMQ-Site-Name
+oMSyntax: 20
+searchFlags: 0
+lDAPDisplayName: mSMQSiteName
+schemaIDGUID:: srSt/zne0RGQpQDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-Name-Ex,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-Name-Ex
+attributeID: 1.2.840.113556.1.4.1416
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-Name-Ex
+adminDescription: MSMQ-Site-Name-Ex
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mSMQSiteNameEx
+schemaIDGUID:: +kQhQn/BSUaU1pcx7SeE7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Sites,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Sites
+attributeID: 1.2.840.113556.1.4.927
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Sites
+adminDescription: MSMQ-Sites
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQSites
+schemaIDGUID:: KsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Transactional,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Transactional
+attributeID: 1.2.840.113556.1.4.926
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Transactional
+adminDescription: MSMQ-Transactional
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQTransactional
+schemaIDGUID:: KcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-User-Sid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-User-Sid
+attributeID: 1.2.840.113556.1.4.1337
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-User-Sid
+adminDescription: MSMQ-User-Sid
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQUserSid
+schemaIDGUID:: Mq6KxflW0hGQ0ADAT9kasQ==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Version
+attributeID: 1.2.840.113556.1.4.942
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Version
+adminDescription: MSMQ-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQVersion
+schemaIDGUID:: NsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msNPAllowDialin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msNPAllowDialin
+attributeID: 1.2.840.113556.1.4.1119
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msNPAllowDialin
+adminDescription: msNPAllowDialin
+oMSyntax: 1
+searchFlags: 16
+lDAPDisplayName: msNPAllowDialin
+schemaIDGUID:: hZAM2/LB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msNPCalledStationID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msNPCalledStationID
+attributeID: 1.2.840.113556.1.4.1123
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msNPCalledStationID
+adminDescription: msNPCalledStationID
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: msNPCalledStationID
+schemaIDGUID:: iZAM2/LB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msNPCallingStationID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msNPCallingStationID
+attributeID: 1.2.840.113556.1.4.1124
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msNPCallingStationID
+adminDescription: msNPCallingStationID
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msNPCallingStationID
+schemaIDGUID:: ipAM2/LB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msNPSavedCallingStationID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msNPSavedCallingStationID
+attributeID: 1.2.840.113556.1.4.1130
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msNPSavedCallingStationID
+adminDescription: msNPSavedCallingStationID
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msNPSavedCallingStationID
+schemaIDGUID:: jpAM2/LB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRADIUSCallbackNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRADIUSCallbackNumber
+attributeID: 1.2.840.113556.1.4.1145
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRADIUSCallbackNumber
+adminDescription: msRADIUSCallbackNumber
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUSCallbackNumber
+schemaIDGUID:: nJAM2/LB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRADIUSFramedIPAddress,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRADIUSFramedIPAddress
+attributeID: 1.2.840.113556.1.4.1153
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRADIUSFramedIPAddress
+adminDescription: msRADIUSFramedIPAddress
+oMSyntax: 2
+searchFlags: 16
+lDAPDisplayName: msRADIUSFramedIPAddress
+schemaIDGUID:: pJAM2/LB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRADIUSFramedRoute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRADIUSFramedRoute
+attributeID: 1.2.840.113556.1.4.1158
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRADIUSFramedRoute
+adminDescription: msRADIUSFramedRoute
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUSFramedRoute
+schemaIDGUID:: qZAM2/LB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRADIUSServiceType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRADIUSServiceType
+attributeID: 1.2.840.113556.1.4.1171
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRADIUSServiceType
+adminDescription: msRADIUSServiceType
+oMSyntax: 2
+searchFlags: 16
+lDAPDisplayName: msRADIUSServiceType
+schemaIDGUID:: tpAM2/LB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRASSavedCallbackNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRASSavedCallbackNumber
+attributeID: 1.2.840.113556.1.4.1189
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRASSavedCallbackNumber
+adminDescription: msRASSavedCallbackNumber
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRASSavedCallbackNumber
+schemaIDGUID:: xZAM2/LB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRASSavedFramedIPAddress,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRASSavedFramedIPAddress
+attributeID: 1.2.840.113556.1.4.1190
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRASSavedFramedIPAddress
+adminDescription: msRASSavedFramedIPAddress
+oMSyntax: 2
+searchFlags: 16
+lDAPDisplayName: msRASSavedFramedIPAddress
+schemaIDGUID:: xpAM2/LB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRASSavedFramedRoute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRASSavedFramedRoute
+attributeID: 1.2.840.113556.1.4.1191
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRASSavedFramedRoute
+adminDescription: msRASSavedFramedRoute
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRASSavedFramedRoute
+schemaIDGUID:: x5AM2/LB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Must-Contain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Must-Contain
+attributeID: 1.2.840.113556.1.2.24
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Must-Contain
+adminDescription: Must-Contain
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: mustContain
+schemaFlagsEx: 1
+schemaIDGUID:: 03mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Name-Service-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Name-Service-Flags
+attributeID: 1.2.840.113556.1.4.753
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Name-Service-Flags
+adminDescription: Name-Service-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: nameServiceFlags
+schemaIDGUID:: QCghgNxL0RGpxAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NC-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NC-Name
+attributeID: 1.2.840.113556.1.2.16
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NC-Name
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: NC-Name
+oMSyntax: 127
+searchFlags: 8
+lDAPDisplayName: nCName
+schemaFlagsEx: 1
+schemaIDGUID:: 1nmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NETBIOS-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NETBIOS-Name
+attributeID: 1.2.840.113556.1.4.87
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NETBIOS-Name
+adminDescription: NETBIOS-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: nETBIOSName
+schemaFlagsEx: 1
+schemaIDGUID:: 2HmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Allow-New-Clients,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Allow-New-Clients
+attributeID: 1.2.840.113556.1.4.849
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Allow-New-Clients
+adminDescription: netboot-Allow-New-Clients
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: netbootAllowNewClients
+schemaIDGUID:: djA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Answer-Only-Valid-Clients,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Answer-Only-Valid-Clients
+attributeID: 1.2.840.113556.1.4.854
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Answer-Only-Valid-Clients
+adminDescription: netboot-Answer-Only-Valid-Clients
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: netbootAnswerOnlyValidClients
+schemaIDGUID:: ezA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Answer-Requests,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Answer-Requests
+attributeID: 1.2.840.113556.1.4.853
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Answer-Requests
+adminDescription: netboot-Answer-Requests
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: netbootAnswerRequests
+schemaIDGUID:: ejA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Current-Client-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Current-Client-Count
+attributeID: 1.2.840.113556.1.4.852
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Current-Client-Count
+adminDescription: netboot-Current-Client-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: netbootCurrentClientCount
+schemaIDGUID:: eTA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Netboot-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Netboot-GUID
+attributeID: 1.2.840.113556.1.4.359
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Netboot-GUID
+adminDescription: Netboot-GUID
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: netbootGUID
+schemaIDGUID:: IYmXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Netboot-DUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Netboot-DUID
+attributeID: 1.2.840.113556.1.4.2234
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 2
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Netboot-DUID
+adminDescription: Netboot-DUID
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: netbootDUID
+schemaIDGUID:: vXAlU3c9T0KCLw1jbcbarQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Netboot-Initialization,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Netboot-Initialization
+attributeID: 1.2.840.113556.1.4.358
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Netboot-Initialization
+adminDescription: Netboot-Initialization
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootInitialization
+schemaIDGUID:: IImXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-IntelliMirror-OSes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-IntelliMirror-OSes
+attributeID: 1.2.840.113556.1.4.857
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-IntelliMirror-OSes
+adminDescription: netboot-IntelliMirror-OSes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootIntelliMirrorOSes
+schemaIDGUID:: fjA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Limit-Clients,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Limit-Clients
+attributeID: 1.2.840.113556.1.4.850
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Limit-Clients
+adminDescription: netboot-Limit-Clients
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: netbootLimitClients
+schemaIDGUID:: dzA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Locally-Installed-OSes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Locally-Installed-OSes
+attributeID: 1.2.840.113556.1.4.859
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Locally-Installed-OSes
+adminDescription: netboot-Locally-Installed-OSes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootLocallyInstalledOSes
+schemaIDGUID:: gDA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Netboot-Machine-File-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Netboot-Machine-File-Path
+attributeID: 1.2.840.113556.1.4.361
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Netboot-Machine-File-Path
+adminDescription: Netboot-Machine-File-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootMachineFilePath
+schemaIDGUID:: I4mXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Max-Clients,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Max-Clients
+attributeID: 1.2.840.113556.1.4.851
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Max-Clients
+adminDescription: netboot-Max-Clients
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: netbootMaxClients
+schemaIDGUID:: eDA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Netboot-Mirror-Data-File,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Netboot-Mirror-Data-File
+attributeID: 1.2.840.113556.1.4.1241
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Netboot-Mirror-Data-File
+adminDescription: Netboot-Mirror-Data-File
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootMirrorDataFile
+schemaIDGUID:: hQ35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-New-Machine-Naming-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-New-Machine-Naming-Policy
+attributeID: 1.2.840.113556.1.4.855
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-New-Machine-Naming-Policy
+adminDescription: netboot-New-Machine-Naming-Policy
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootNewMachineNamingPolicy
+schemaIDGUID:: fDA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-New-Machine-OU,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-New-Machine-OU
+attributeID: 1.2.840.113556.1.4.856
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-New-Machine-OU
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: netboot-New-Machine-OU
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: netbootNewMachineOU
+schemaIDGUID:: fTA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-SCP-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-SCP-BL
+attributeID: 1.2.840.113556.1.4.864
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 101
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-SCP-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: netboot-SCP-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: netbootSCPBL
+schemaIDGUID:: gjA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Server
+attributeID: 1.2.840.113556.1.4.860
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 100
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Server
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: netboot-Server
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: netbootServer
+schemaIDGUID:: gTA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Netboot-SIF-File,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Netboot-SIF-File
+attributeID: 1.2.840.113556.1.4.1240
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Netboot-SIF-File
+adminDescription: Netboot-SIF-File
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootSIFFile
+schemaIDGUID:: hA35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Tools,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Tools
+attributeID: 1.2.840.113556.1.4.858
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Tools
+adminDescription: netboot-Tools
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootTools
+schemaIDGUID:: fzA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Network-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Network-Address
+attributeID: 1.2.840.113556.1.2.459
+attributeSyntax: 2.5.5.4
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 256
+mAPIID: 33136
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Network-Address
+adminDescription: Network-Address
+oMSyntax: 20
+searchFlags: 0
+lDAPDisplayName: networkAddress
+schemaIDGUID:: 2XmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Next-Level-Store,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Next-Level-Store
+attributeID: 1.2.840.113556.1.4.214
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Next-Level-Store
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Next-Level-Store
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: nextLevelStore
+schemaIDGUID:: 2nmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Next-Rid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Next-Rid
+attributeID: 1.2.840.113556.1.4.88
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Next-Rid
+adminDescription: Next-Rid
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: nextRid
+schemaFlagsEx: 1
+schemaIDGUID:: 23mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Non-Security-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Non-Security-Member
+attributeID: 1.2.840.113556.1.4.530
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 50
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Non-Security-Member
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Non-Security-Member
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: nonSecurityMember
+schemaIDGUID:: GIBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Non-Security-Member-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Non-Security-Member-BL
+attributeID: 1.2.840.113556.1.4.531
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 51
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Non-Security-Member-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Non-Security-Member-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: nonSecurityMemberBL
+schemaIDGUID:: GYBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Notification-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Notification-List
+attributeID: 1.2.840.113556.1.4.303
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Notification-List
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Notification-List
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: notificationList
+schemaIDGUID:: VloZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NT-Group-Members,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NT-Group-Members
+attributeID: 1.2.840.113556.1.4.89
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NT-Group-Members
+adminDescription: NT-Group-Members
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: nTGroupMembers
+schemaIDGUID:: 33mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NT-Mixed-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NT-Mixed-Domain
+attributeID: 1.2.840.113556.1.4.357
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NT-Mixed-Domain
+adminDescription: NT-Mixed-Domain
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: nTMixedDomain
+schemaFlagsEx: 1
+schemaIDGUID:: H4mXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Nt-Pwd-History,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Nt-Pwd-History
+attributeID: 1.2.840.113556.1.4.94
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Nt-Pwd-History
+adminDescription: Nt-Pwd-History
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: ntPwdHistory
+schemaFlagsEx: 1
+schemaIDGUID:: 4nmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NT-Security-Descriptor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NT-Security-Descriptor
+attributeID: 1.2.840.113556.1.2.281
+attributeSyntax: 2.5.5.15
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+mAPIID: 32787
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NT-Security-Descriptor
+adminDescription: NT-Security-Descriptor
+oMSyntax: 66
+searchFlags: 8
+lDAPDisplayName: nTSecurityDescriptor
+schemaFlagsEx: 1
+schemaIDGUID:: 43mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 26
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Obj-Dist-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Obj-Dist-Name
+attributeID: 2.5.4.49
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+mAPIID: 32828
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Obj-Dist-Name
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Obj-Dist-Name
+oMSyntax: 127
+searchFlags: 8
+lDAPDisplayName: distinguishedName
+schemaFlagsEx: 1
+schemaIDGUID:: 5HmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Category,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Category
+attributeID: 1.2.840.113556.1.4.782
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Category
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Object-Category
+oMSyntax: 127
+searchFlags: 1
+lDAPDisplayName: objectCategory
+schemaFlagsEx: 1
+schemaIDGUID:: aXPZJnBg0RGpxgAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Class
+attributeID: 2.5.4.0
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Class
+adminDescription: Object-Class
+oMSyntax: 6
+searchFlags: 9
+lDAPDisplayName: objectClass
+schemaFlagsEx: 1
+schemaIDGUID:: 5XmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Class-Category,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Class-Category
+attributeID: 1.2.840.113556.1.2.370
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 3
+mAPIID: 33014
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Class-Category
+adminDescription: Object-Class-Category
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: objectClassCategory
+schemaFlagsEx: 1
+schemaIDGUID:: 5nmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Classes
+attributeID: 2.5.21.6
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Classes
+adminDescription: Object-Classes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: objectClasses
+schemaFlagsEx: 1
+schemaIDGUID:: S9l6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Count
+attributeID: 1.2.840.113556.1.4.506
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Count
+adminDescription: Object-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: objectCount
+schemaIDGUID:: FqKqNJm20BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Guid
+attributeID: 1.2.840.113556.1.4.2
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+mAPIID: 35949
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Guid
+adminDescription: Object-Guid
+oMSyntax: 4
+searchFlags: 9
+lDAPDisplayName: objectGUID
+schemaFlagsEx: 1
+schemaIDGUID:: 53mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Sid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Sid
+attributeID: 1.2.840.113556.1.4.146
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 28
+mAPIID: 32807
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Sid
+adminDescription: Object-Sid
+oMSyntax: 4
+searchFlags: 9
+lDAPDisplayName: objectSid
+schemaFlagsEx: 1
+schemaIDGUID:: 6HmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Version
+attributeID: 1.2.840.113556.1.2.76
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 33015
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Version
+adminDescription: Object-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: objectVersion
+schemaFlagsEx: 1
+schemaIDGUID:: SFh3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OEM-Information,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: OEM-Information
+attributeID: 1.2.840.113556.1.4.151
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: OEM-Information
+adminDescription: OEM-Information
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: oEMInformation
+schemaFlagsEx: 1
+schemaIDGUID:: 6nmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OM-Object-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: OM-Object-Class
+attributeID: 1.2.840.113556.1.2.218
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+mAPIID: 33021
+showInAdvancedViewOnly: TRUE
+adminDisplayName: OM-Object-Class
+adminDescription: OM-Object-Class
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: oMObjectClass
+schemaFlagsEx: 1
+schemaIDGUID:: 7HmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OM-Syntax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: OM-Syntax
+attributeID: 1.2.840.113556.1.2.231
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 33022
+showInAdvancedViewOnly: TRUE
+adminDisplayName: OM-Syntax
+adminDescription: OM-Syntax
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: oMSyntax
+schemaFlagsEx: 1
+schemaIDGUID:: 7XmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OMT-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: OMT-Guid
+attributeID: 1.2.840.113556.1.4.505
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: OMT-Guid
+adminDescription: OMT-Guid
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: oMTGuid
+schemaIDGUID:: 8wys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OMT-Indx-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: OMT-Indx-Guid
+attributeID: 1.2.840.113556.1.4.333
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: OMT-Indx-Guid
+adminDescription: OMT-Indx-Guid
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: oMTIndxGuid
+schemaIDGUID:: +nUAH0B+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Operating-System,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Operating-System
+attributeID: 1.2.840.113556.1.4.363
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Operating-System
+adminDescription: Operating-System
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: operatingSystem
+schemaFlagsEx: 1
+schemaIDGUID:: JYmXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Operating-System-Hotfix,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Operating-System-Hotfix
+attributeID: 1.2.840.113556.1.4.415
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Operating-System-Hotfix
+adminDescription: Operating-System-Hotfix
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: operatingSystemHotfix
+schemaIDGUID:: PBuVvZac0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Operating-System-Service-Pack,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Operating-System-Service-Pack
+attributeID: 1.2.840.113556.1.4.365
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Operating-System-Service-Pack
+adminDescription: Operating-System-Service-Pack
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: operatingSystemServicePack
+schemaFlagsEx: 1
+schemaIDGUID:: J4mXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Operating-System-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Operating-System-Version
+attributeID: 1.2.840.113556.1.4.364
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Operating-System-Version
+adminDescription: Operating-System-Version
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: operatingSystemVersion
+schemaFlagsEx: 1
+schemaIDGUID:: JomXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Operator-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Operator-Count
+attributeID: 1.2.840.113556.1.4.144
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Operator-Count
+adminDescription: Operator-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: operatorCount
+schemaFlagsEx: 1
+schemaIDGUID:: 7nmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Option-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Option-Description
+attributeID: 1.2.840.113556.1.4.712
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Option-Description
+adminDescription: Option-Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: optionDescription
+schemaIDGUID:: TSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Options,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Options
+attributeID: 1.2.840.113556.1.4.307
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Options
+adminDescription: Options
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: options
+schemaFlagsEx: 1
+schemaIDGUID:: U1oZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Options-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Options-Location
+attributeID: 1.2.840.113556.1.4.713
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Options-Location
+adminDescription: Options-Location
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: optionsLocation
+schemaIDGUID:: Tic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Organization-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Organization-Name
+attributeID: 2.5.4.10
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 33025
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Organization-Name
+adminDescription: Organization-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: o
+schemaFlagsEx: 1
+schemaIDGUID:: 73mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Organizational-Unit-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Organizational-Unit-Name
+attributeID: 2.5.4.11
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 33026
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Organizational-Unit-Name
+adminDescription: Organizational-Unit-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: ou
+schemaFlagsEx: 1
+schemaIDGUID:: 8HmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=organizationalStatus,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: organizationalStatus
+attributeID: 0.9.2342.19200300.100.1.45
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: organizationalStatus
+adminDescription: 
+ The organizationalStatus attribute type specifies a category by which a person
+  is often referred to in an organization.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: organizationalStatus
+schemaIDGUID:: GWBZKElzL02t/1pimWH5Qg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Original-Display-Table,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Original-Display-Table
+attributeID: 1.2.840.113556.1.2.445
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 33027
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Original-Display-Table
+adminDescription: Original-Display-Table
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: originalDisplayTable
+schemaIDGUID:: ziTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Original-Display-Table-MSDOS,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Original-Display-Table-MSDOS
+attributeID: 1.2.840.113556.1.2.214
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 33028
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Original-Display-Table-MSDOS
+adminDescription: Original-Display-Table-MSDOS
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: originalDisplayTableMSDOS
+schemaIDGUID:: zyTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Other-Login-Workstations,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Other-Login-Workstations
+attributeID: 1.2.840.113556.1.4.91
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Other-Login-Workstations
+adminDescription: Other-Login-Workstations
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: otherLoginWorkstations
+schemaIDGUID:: 8XmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Other-Mailbox,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Other-Mailbox
+attributeID: 1.2.840.113556.1.4.651
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Other-Mailbox
+adminDescription: Other-Mailbox
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherMailbox
+schemaIDGUID:: I8GWAtpA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Other-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Other-Name
+attributeID: 2.16.840.1.113730.3.1.34
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Other-Name
+adminDescription: Other-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: middleName
+schemaIDGUID:: 8nmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Other-Well-Known-Objects,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Other-Well-Known-Objects
+attributeID: 1.2.840.113556.1.4.1359
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Other-Well-Known-Objects
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: Other-Well-Known-Objects
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: otherWellKnownObjects
+schemaFlagsEx: 1
+schemaIDGUID:: XU6mHg+s0hGQ3wDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Owner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Owner
+attributeID: 2.5.4.32
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 44
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Owner
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Owner
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: owner
+schemaIDGUID:: 83mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Package-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Package-Flags
+attributeID: 1.2.840.113556.1.4.327
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Package-Flags
+adminDescription: Package-Flags
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: packageFlags
+schemaIDGUID:: mQ5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Package-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Package-Name
+attributeID: 1.2.840.113556.1.4.326
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Package-Name
+adminDescription: Package-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: packageName
+schemaIDGUID:: mA5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Package-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Package-Type
+attributeID: 1.2.840.113556.1.4.324
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Package-Type
+adminDescription: Package-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: packageType
+schemaIDGUID:: lg5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Parent-CA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Parent-CA
+attributeID: 1.2.840.113556.1.4.557
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Parent-CA
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Parent-CA
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: parentCA
+schemaIDGUID:: G4BFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Parent-CA-Certificate-Chain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Parent-CA-Certificate-Chain
+attributeID: 1.2.840.113556.1.4.685
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Parent-CA-Certificate-Chain
+adminDescription: Parent-CA-Certificate-Chain
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: parentCACertificateChain
+schemaIDGUID:: Myc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Parent-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Parent-GUID
+attributeID: 1.2.840.113556.1.4.1224
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Parent-GUID
+adminDescription: Parent-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: parentGUID
+schemaFlagsEx: 1
+schemaIDGUID:: dA35LZ8A0hGqTADAT9fYOg==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Partial-Attribute-Deletion-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Partial-Attribute-Deletion-List
+attributeID: 1.2.840.113556.1.4.663
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Partial-Attribute-Deletion-List
+adminDescription: Partial-Attribute-Deletion-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: partialAttributeDeletionList
+schemaFlagsEx: 1
+schemaIDGUID:: wA5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Partial-Attribute-Set,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Partial-Attribute-Set
+attributeID: 1.2.840.113556.1.4.640
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Partial-Attribute-Set
+adminDescription: Partial-Attribute-Set
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: partialAttributeSet
+schemaFlagsEx: 1
+schemaIDGUID:: nltAGfo80RGpwAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pek-Key-Change-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pek-Key-Change-Interval
+attributeID: 1.2.840.113556.1.4.866
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pek-Key-Change-Interval
+adminDescription: Pek-Key-Change-Interval
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: pekKeyChangeInterval
+schemaIDGUID:: hDA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pek-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pek-List
+attributeID: 1.2.840.113556.1.4.865
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pek-List
+adminDescription: Pek-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pekList
+schemaFlagsEx: 1
+schemaIDGUID:: gzA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pending-CA-Certificates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pending-CA-Certificates
+attributeID: 1.2.840.113556.1.4.693
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pending-CA-Certificates
+adminDescription: Pending-CA-Certificates
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pendingCACertificates
+schemaIDGUID:: PCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pending-Parent-CA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pending-Parent-CA
+attributeID: 1.2.840.113556.1.4.695
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pending-Parent-CA
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Pending-Parent-CA
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: pendingParentCA
+schemaIDGUID:: Pic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Per-Msg-Dialog-Display-Table,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Per-Msg-Dialog-Display-Table
+attributeID: 1.2.840.113556.1.2.325
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 33032
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Per-Msg-Dialog-Display-Table
+adminDescription: Per-Msg-Dialog-Display-Table
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: perMsgDialogDisplayTable
+schemaIDGUID:: 0yTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Per-Recip-Dialog-Display-Table,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Per-Recip-Dialog-Display-Table
+attributeID: 1.2.840.113556.1.2.326
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 33033
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Per-Recip-Dialog-Display-Table
+adminDescription: Per-Recip-Dialog-Display-Table
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: perRecipDialogDisplayTable
+schemaIDGUID:: 1CTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Personal-Title,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Personal-Title
+attributeID: 1.2.840.113556.1.2.615
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35947
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Personal-Title
+adminDescription: Personal-Title
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: personalTitle
+schemaIDGUID:: WFh3FvNH0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Fax-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Fax-Other
+attributeID: 1.2.840.113556.1.4.646
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Fax-Other
+adminDescription: Phone-Fax-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherFacsimileTelephoneNumber
+schemaIDGUID:: HcGWAtpA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Home-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Home-Other
+attributeID: 1.2.840.113556.1.2.277
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14895
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Home-Other
+adminDescription: Phone-Home-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherHomePhone
+schemaIDGUID:: ov/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Home-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Home-Primary
+attributeID: 0.9.2342.19200300.100.1.20
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14857
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Home-Primary
+adminDescription: Phone-Home-Primary
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: homePhone
+schemaIDGUID:: of/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Ip-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Ip-Other
+attributeID: 1.2.840.113556.1.4.722
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Ip-Other
+adminDescription: Phone-Ip-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherIpPhone
+schemaIDGUID:: S24UTdRI0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Ip-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Ip-Primary
+attributeID: 1.2.840.113556.1.4.721
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Ip-Primary
+adminDescription: Phone-Ip-Primary
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ipPhone
+schemaIDGUID:: Sm4UTdRI0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-ISDN-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-ISDN-Primary
+attributeID: 1.2.840.113556.1.4.649
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-ISDN-Primary
+adminDescription: Phone-ISDN-Primary
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: primaryInternationalISDNNumber
+schemaIDGUID:: H8GWAtpA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Mobile-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Mobile-Other
+attributeID: 1.2.840.113556.1.4.647
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Mobile-Other
+adminDescription: Phone-Mobile-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherMobile
+schemaIDGUID:: HsGWAtpA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Mobile-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Mobile-Primary
+attributeID: 0.9.2342.19200300.100.1.41
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14876
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Mobile-Primary
+adminDescription: Phone-Mobile-Primary
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mobile
+schemaIDGUID:: o//48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Office-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Office-Other
+attributeID: 1.2.840.113556.1.2.18
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14875
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Office-Other
+adminDescription: Phone-Office-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherTelephone
+schemaIDGUID:: pf/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Pager-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Pager-Other
+attributeID: 1.2.840.113556.1.2.118
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35950
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Pager-Other
+adminDescription: Phone-Pager-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherPager
+schemaIDGUID:: pP/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Pager-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Pager-Primary
+attributeID: 0.9.2342.19200300.100.1.42
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14881
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Pager-Primary
+adminDescription: Phone-Pager-Primary
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: pager
+schemaIDGUID:: pv/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=photo,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: photo
+attributeID: 0.9.2342.19200300.100.1.7
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: photo
+adminDescription: 
+ An object encoded in G3 fax as explained in recommendation T.4, with an ASN.1 
+ wrapper to make it compatible with an X.400 BodyPart as defined in X.420.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: photo
+schemaIDGUID:: aJeXnBq6CEyWMsalwe1kmg==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Physical-Delivery-Office-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Physical-Delivery-Office-Name
+attributeID: 2.5.4.19
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 14873
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Physical-Delivery-Office-Name
+adminDescription: Physical-Delivery-Office-Name
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: physicalDeliveryOfficeName
+schemaIDGUID:: 93mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Physical-Location-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Physical-Location-Object
+attributeID: 1.2.840.113556.1.4.514
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Physical-Location-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Physical-Location-Object
+oMSyntax: 127
+searchFlags: 1
+lDAPDisplayName: physicalLocationObject
+schemaIDGUID:: GTGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Picture,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Picture
+attributeID: 2.16.840.1.113730.3.1.35
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 102400
+mAPIID: 35998
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Picture
+adminDescription: Picture
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: thumbnailPhoto
+schemaIDGUID:: UMo7jX4d0BGggQCqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Critical-Extensions,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Critical-Extensions
+attributeID: 1.2.840.113556.1.4.1330
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Critical-Extensions
+adminDescription: PKI-Critical-Extensions
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: pKICriticalExtensions
+schemaIDGUID:: BpFa/J070hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Default-CSPs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Default-CSPs
+attributeID: 1.2.840.113556.1.4.1334
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Default-CSPs
+adminDescription: PKI-Default-CSPs
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: pKIDefaultCSPs
+schemaIDGUID:: bjP2Hp470hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Default-Key-Spec,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Default-Key-Spec
+attributeID: 1.2.840.113556.1.4.1327
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Default-Key-Spec
+adminDescription: PKI-Default-Key-Spec
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: pKIDefaultKeySpec
+schemaIDGUID:: bq5sQp070hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Enrollment-Access,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Enrollment-Access
+attributeID: 1.2.840.113556.1.4.1335
+attributeSyntax: 2.5.5.15
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Enrollment-Access
+adminDescription: PKI-Enrollment-Access
+oMSyntax: 66
+searchFlags: 0
+lDAPDisplayName: pKIEnrollmentAccess
+schemaIDGUID:: eOJrkvlW0hGQ0ADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Expiration-Period,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Expiration-Period
+attributeID: 1.2.840.113556.1.4.1331
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Expiration-Period
+adminDescription: PKI-Expiration-Period
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pKIExpirationPeriod
+schemaIDGUID:: 0nAVBJ470hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Extended-Key-Usage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Extended-Key-Usage
+attributeID: 1.2.840.113556.1.4.1333
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Extended-Key-Usage
+adminDescription: PKI-Extended-Key-Usage
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: pKIExtendedKeyUsage
+schemaIDGUID:: 9mqXGJ470hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Key-Usage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Key-Usage
+attributeID: 1.2.840.113556.1.4.1328
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Key-Usage
+adminDescription: PKI-Key-Usage
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pKIKeyUsage
+schemaIDGUID:: fqiw6Z070hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Max-Issuing-Depth,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Max-Issuing-Depth
+attributeID: 1.2.840.113556.1.4.1329
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Max-Issuing-Depth
+adminDescription: PKI-Max-Issuing-Depth
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: pKIMaxIssuingDepth
+schemaIDGUID:: +t6/8J070hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Overlap-Period,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Overlap-Period
+attributeID: 1.2.840.113556.1.4.1332
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Overlap-Period
+adminDescription: PKI-Overlap-Period
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pKIOverlapPeriod
+schemaIDGUID:: 7KMZEp470hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKT,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKT
+attributeID: 1.2.840.113556.1.4.206
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 10485760
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKT
+adminDescription: PKT
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pKT
+schemaIDGUID:: 8flHhCcQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKT-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKT-Guid
+attributeID: 1.2.840.113556.1.4.205
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKT-Guid
+adminDescription: PKT-Guid
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pKTGuid
+schemaIDGUID:: 8PlHhCcQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Policy-Replication-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Policy-Replication-Flags
+attributeID: 1.2.840.113556.1.4.633
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Policy-Replication-Flags
+adminDescription: Policy-Replication-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: policyReplicationFlags
+schemaIDGUID:: lltAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Port-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Port-Name
+attributeID: 1.2.840.113556.1.4.228
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Port-Name
+adminDescription: Port-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: portName
+schemaIDGUID:: xBYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Poss-Superiors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Poss-Superiors
+attributeID: 1.2.840.113556.1.2.8
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Poss-Superiors
+adminDescription: Poss-Superiors
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: possSuperiors
+schemaFlagsEx: 1
+schemaIDGUID:: +nmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Possible-Inferiors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Possible-Inferiors
+attributeID: 1.2.840.113556.1.4.915
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Possible-Inferiors
+adminDescription: Possible-Inferiors
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: possibleInferiors
+schemaFlagsEx: 1
+schemaIDGUID:: TNl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Post-Office-Box,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Post-Office-Box
+attributeID: 2.5.4.18
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 40
+mAPIID: 14891
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Post-Office-Box
+adminDescription: Post-Office-Box
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: postOfficeBox
+schemaIDGUID:: +3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Postal-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Postal-Address
+attributeID: 2.5.4.16
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 4096
+mAPIID: 33036
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Postal-Address
+adminDescription: Postal-Address
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: postalAddress
+schemaIDGUID:: /HmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Postal-Code,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Postal-Code
+attributeID: 2.5.4.17
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 40
+mAPIID: 14890
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Postal-Code
+adminDescription: Postal-Code
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: postalCode
+schemaIDGUID:: /XmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Preferred-Delivery-Method,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Preferred-Delivery-Method
+attributeID: 2.5.4.28
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+mAPIID: 33037
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Preferred-Delivery-Method
+adminDescription: Preferred-Delivery-Method
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: preferredDeliveryMethod
+schemaIDGUID:: /nmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=preferredLanguage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: preferredLanguage
+attributeID: 2.16.840.1.113730.3.1.39
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: preferredLanguage
+adminDescription: The preferred written or spoken language for a person.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: preferredLanguage
+schemaIDGUID:: 0OBrhecY4UaPX37k2QIODQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Preferred-OU,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Preferred-OU
+attributeID: 1.2.840.113556.1.4.97
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Preferred-OU
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Preferred-OU
+oMSyntax: 127
+searchFlags: 16
+lDAPDisplayName: preferredOU
+schemaIDGUID:: /3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Prefix-Map,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Prefix-Map
+attributeID: 1.2.840.113556.1.4.538
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Prefix-Map
+adminDescription: Prefix-Map
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: prefixMap
+schemaFlagsEx: 1
+schemaIDGUID:: IoBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Presentation-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Presentation-Address
+attributeID: 2.5.4.29
+attributeSyntax: 2.5.5.13
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Presentation-Address
+oMObjectClass:: KwwCh3McAIVc
+adminDescription: Presentation-Address
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: presentationAddress
+schemaIDGUID:: S3TfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Previous-CA-Certificates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Previous-CA-Certificates
+attributeID: 1.2.840.113556.1.4.692
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Previous-CA-Certificates
+adminDescription: Previous-CA-Certificates
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: previousCACertificates
+schemaIDGUID:: OSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Previous-Parent-CA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Previous-Parent-CA
+attributeID: 1.2.840.113556.1.4.694
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Previous-Parent-CA
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Previous-Parent-CA
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: previousParentCA
+schemaIDGUID:: PSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Primary-Group-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Primary-Group-ID
+attributeID: 1.2.840.113556.1.4.98
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Primary-Group-ID
+adminDescription: Primary-Group-ID
+oMSyntax: 2
+searchFlags: 17
+lDAPDisplayName: primaryGroupID
+schemaFlagsEx: 1
+schemaIDGUID:: AHqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Primary-Group-Token,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Primary-Group-Token
+attributeID: 1.2.840.113556.1.4.1412
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Primary-Group-Token
+adminDescription: Primary-Group-Token
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: primaryGroupToken
+schemaFlagsEx: 1
+schemaIDGUID:: OIftwP1+gUSE2WbS24vjaQ==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Attributes
+attributeID: 1.2.840.113556.1.4.247
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Attributes
+adminDescription: Print-Attributes
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printAttributes
+schemaIDGUID:: 1xYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Bin-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Bin-Names
+attributeID: 1.2.840.113556.1.4.237
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Bin-Names
+adminDescription: Print-Bin-Names
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printBinNames
+schemaIDGUID:: zRYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Collate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Collate
+attributeID: 1.2.840.113556.1.4.242
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Collate
+adminDescription: Print-Collate
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: printCollate
+schemaIDGUID:: 0hYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Color,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Color
+attributeID: 1.2.840.113556.1.4.243
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Color
+adminDescription: Print-Color
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: printColor
+schemaIDGUID:: 0xYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Duplex-Supported,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Duplex-Supported
+attributeID: 1.2.840.113556.1.4.1311
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Duplex-Supported
+adminDescription: Print-Duplex-Supported
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: printDuplexSupported
+schemaIDGUID:: zBYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-End-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-End-Time
+attributeID: 1.2.840.113556.1.4.234
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-End-Time
+adminDescription: Print-End-Time
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printEndTime
+schemaIDGUID:: yhYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Form-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Form-Name
+attributeID: 1.2.840.113556.1.4.235
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Form-Name
+adminDescription: Print-Form-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printFormName
+schemaIDGUID:: yxYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Keep-Printed-Jobs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Keep-Printed-Jobs
+attributeID: 1.2.840.113556.1.4.275
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Keep-Printed-Jobs
+adminDescription: Print-Keep-Printed-Jobs
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: printKeepPrintedJobs
+schemaIDGUID:: bV8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Language,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Language
+attributeID: 1.2.840.113556.1.4.246
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Language
+adminDescription: Print-Language
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printLanguage
+schemaIDGUID:: 1hYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-MAC-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-MAC-Address
+attributeID: 1.2.840.113556.1.4.288
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-MAC-Address
+adminDescription: Print-MAC-Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printMACAddress
+schemaIDGUID:: el8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Max-Copies,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Max-Copies
+attributeID: 1.2.840.113556.1.4.241
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Max-Copies
+adminDescription: Print-Max-Copies
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMaxCopies
+schemaIDGUID:: 0RYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Max-Resolution-Supported,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Max-Resolution-Supported
+attributeID: 1.2.840.113556.1.4.238
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Max-Resolution-Supported
+adminDescription: Print-Max-Resolution-Supported
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMaxResolutionSupported
+schemaIDGUID:: zxYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Max-X-Extent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Max-X-Extent
+attributeID: 1.2.840.113556.1.4.277
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Max-X-Extent
+adminDescription: Print-Max-X-Extent
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMaxXExtent
+schemaIDGUID:: b18wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Max-Y-Extent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Max-Y-Extent
+attributeID: 1.2.840.113556.1.4.278
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Max-Y-Extent
+adminDescription: Print-Max-Y-Extent
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMaxYExtent
+schemaIDGUID:: cF8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Media-Ready,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Media-Ready
+attributeID: 1.2.840.113556.1.4.289
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Media-Ready
+adminDescription: Print-Media-Ready
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printMediaReady
+schemaIDGUID:: 9fzLOz1N0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Media-Supported,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Media-Supported
+attributeID: 1.2.840.113556.1.4.299
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Media-Supported
+adminDescription: Print-Media-Supported
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printMediaSupported
+schemaIDGUID:: bylLJL1a0BGv0gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Memory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Memory
+attributeID: 1.2.840.113556.1.4.282
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Memory
+adminDescription: Print-Memory
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMemory
+schemaIDGUID:: dF8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Min-X-Extent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Min-X-Extent
+attributeID: 1.2.840.113556.1.4.279
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Min-X-Extent
+adminDescription: Print-Min-X-Extent
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMinXExtent
+schemaIDGUID:: cV8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Min-Y-Extent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Min-Y-Extent
+attributeID: 1.2.840.113556.1.4.280
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Min-Y-Extent
+adminDescription: Print-Min-Y-Extent
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMinYExtent
+schemaIDGUID:: cl8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Network-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Network-Address
+attributeID: 1.2.840.113556.1.4.287
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Network-Address
+adminDescription: Print-Network-Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printNetworkAddress
+schemaIDGUID:: eV8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Notify,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Notify
+attributeID: 1.2.840.113556.1.4.272
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Notify
+adminDescription: Print-Notify
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printNotify
+schemaIDGUID:: al8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Number-Up,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Number-Up
+attributeID: 1.2.840.113556.1.4.290
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Number-Up
+adminDescription: Print-Number-Up
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printNumberUp
+schemaIDGUID:: 9PzLOz1N0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Orientations-Supported,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Orientations-Supported
+attributeID: 1.2.840.113556.1.4.240
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Orientations-Supported
+adminDescription: Print-Orientations-Supported
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printOrientationsSupported
+schemaIDGUID:: 0BYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Owner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Owner
+attributeID: 1.2.840.113556.1.4.271
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Owner
+adminDescription: Print-Owner
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printOwner
+schemaIDGUID:: aV8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Pages-Per-Minute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Pages-Per-Minute
+attributeID: 1.2.840.113556.1.4.631
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Pages-Per-Minute
+adminDescription: Print-Pages-Per-Minute
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printPagesPerMinute
+schemaIDGUID:: l1tAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Rate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Rate
+attributeID: 1.2.840.113556.1.4.285
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Rate
+adminDescription: Print-Rate
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printRate
+schemaIDGUID:: d18wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Rate-Unit,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Rate-Unit
+attributeID: 1.2.840.113556.1.4.286
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Rate-Unit
+adminDescription: Print-Rate-Unit
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printRateUnit
+schemaIDGUID:: eF8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Separator-File,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Separator-File
+attributeID: 1.2.840.113556.1.4.230
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Separator-File
+adminDescription: Print-Separator-File
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printSeparatorFile
+schemaIDGUID:: xhYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Share-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Share-Name
+attributeID: 1.2.840.113556.1.4.270
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Share-Name
+adminDescription: Print-Share-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printShareName
+schemaIDGUID:: aF8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Spooling,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Spooling
+attributeID: 1.2.840.113556.1.4.274
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Spooling
+adminDescription: Print-Spooling
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printSpooling
+schemaIDGUID:: bF8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Stapling-Supported,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Stapling-Supported
+attributeID: 1.2.840.113556.1.4.281
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Stapling-Supported
+adminDescription: Print-Stapling-Supported
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: printStaplingSupported
+schemaIDGUID:: c18wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Start-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Start-Time
+attributeID: 1.2.840.113556.1.4.233
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Start-Time
+adminDescription: Print-Start-Time
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printStartTime
+schemaIDGUID:: yRYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Status,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Status
+attributeID: 1.2.840.113556.1.4.273
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Status
+adminDescription: Print-Status
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printStatus
+schemaIDGUID:: a18wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Printer-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Printer-Name
+attributeID: 1.2.840.113556.1.4.300
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Printer-Name
+adminDescription: Printer-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printerName
+schemaIDGUID:: bilLJL1a0BGv0gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Prior-Set-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Prior-Set-Time
+attributeID: 1.2.840.113556.1.4.99
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Prior-Set-Time
+adminDescription: Prior-Set-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: priorSetTime
+schemaFlagsEx: 1
+schemaIDGUID:: AXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Prior-Value,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Prior-Value
+attributeID: 1.2.840.113556.1.4.100
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Prior-Value
+adminDescription: Prior-Value
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: priorValue
+schemaFlagsEx: 1
+schemaIDGUID:: AnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Priority
+attributeID: 1.2.840.113556.1.4.231
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Priority
+adminDescription: Priority
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: priority
+schemaIDGUID:: xxYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Private-Key,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Private-Key
+attributeID: 1.2.840.113556.1.4.101
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Private-Key
+adminDescription: Private-Key
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: privateKey
+schemaFlagsEx: 1
+schemaIDGUID:: A3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Privilege-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Privilege-Attributes
+attributeID: 1.2.840.113556.1.4.636
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Privilege-Attributes
+adminDescription: Privilege-Attributes
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: privilegeAttributes
+schemaIDGUID:: mltAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Privilege-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Privilege-Display-Name
+attributeID: 1.2.840.113556.1.4.634
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Privilege-Display-Name
+adminDescription: Privilege-Display-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: privilegeDisplayName
+schemaIDGUID:: mFtAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Privilege-Holder,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Privilege-Holder
+attributeID: 1.2.840.113556.1.4.637
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 70
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Privilege-Holder
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Privilege-Holder
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: privilegeHolder
+schemaIDGUID:: m1tAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Privilege-Value,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Privilege-Value
+attributeID: 1.2.840.113556.1.4.635
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Privilege-Value
+adminDescription: Privilege-Value
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: privilegeValue
+schemaIDGUID:: mVtAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Product-Code,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Product-Code
+attributeID: 1.2.840.113556.1.4.818
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Product-Code
+adminDescription: Product-Code
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: productCode
+schemaIDGUID:: F4Ph2TmJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Profile-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Profile-Path
+attributeID: 1.2.840.113556.1.4.139
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Profile-Path
+adminDescription: Profile-Path
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: profilePath
+schemaFlagsEx: 1
+schemaIDGUID:: BXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Proxied-Object-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Proxied-Object-Name
+attributeID: 1.2.840.113556.1.4.1249
+attributeSyntax: 2.5.5.7
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Proxied-Object-Name
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: Proxied-Object-Name
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: proxiedObjectName
+schemaFlagsEx: 1
+schemaIDGUID:: AqSu4VvN0BGv/wAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Proxy-Addresses,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Proxy-Addresses
+attributeID: 1.2.840.113556.1.2.210
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 1123
+mAPIID: 32783
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Proxy-Addresses
+adminDescription: Proxy-Addresses
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: proxyAddresses
+schemaFlagsEx: 1
+schemaIDGUID:: BnqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Proxy-Generation-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Proxy-Generation-Enabled
+attributeID: 1.2.840.113556.1.2.523
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+mAPIID: 33201
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Proxy-Generation-Enabled
+adminDescription: Proxy-Generation-Enabled
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: proxyGenerationEnabled
+schemaIDGUID:: 1iTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Proxy-Lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Proxy-Lifetime
+attributeID: 1.2.840.113556.1.4.103
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Proxy-Lifetime
+adminDescription: Proxy-Lifetime
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: proxyLifetime
+schemaFlagsEx: 1
+schemaIDGUID:: B3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Public-Key-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Public-Key-Policy
+attributeID: 1.2.840.113556.1.4.420
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Public-Key-Policy
+adminDescription: Public-Key-Policy
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: publicKeyPolicy
+schemaIDGUID:: KH6mgCKf0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: /YmboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Purported-Search,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Purported-Search
+attributeID: 1.2.840.113556.1.4.886
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Purported-Search
+adminDescription: Purported-Search
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: purportedSearch
+schemaIDGUID:: UE61tDqU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pwd-History-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pwd-History-Length
+attributeID: 1.2.840.113556.1.4.95
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pwd-History-Length
+adminDescription: Pwd-History-Length
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: pwdHistoryLength
+schemaFlagsEx: 1
+schemaIDGUID:: CXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pwd-Last-Set,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pwd-Last-Set
+attributeID: 1.2.840.113556.1.4.96
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pwd-Last-Set
+adminDescription: Pwd-Last-Set
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: pwdLastSet
+schemaFlagsEx: 1
+schemaIDGUID:: CnqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pwd-Properties,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pwd-Properties
+attributeID: 1.2.840.113556.1.4.93
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pwd-Properties
+adminDescription: Pwd-Properties
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: pwdProperties
+schemaFlagsEx: 1
+schemaIDGUID:: C3qWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Quality-Of-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Quality-Of-Service
+attributeID: 1.2.840.113556.1.4.458
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Quality-Of-Service
+adminDescription: Quality-Of-Service
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: qualityOfService
+schemaIDGUID:: Tn6mgCKf0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: AYqboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Query-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Query-Filter
+attributeID: 1.2.840.113556.1.4.1355
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Query-Filter
+adminDescription: Query-Filter
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: queryFilter
+schemaIDGUID:: Jgr3y3h+0hGZIQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Query-Policy-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Query-Policy-BL
+attributeID: 1.2.840.113556.1.4.608
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 69
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Query-Policy-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Query-Policy-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: queryPolicyBL
+schemaIDGUID:: BKSu4VvN0BGv/wAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Query-Policy-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Query-Policy-Object
+attributeID: 1.2.840.113556.1.4.607
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 68
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Query-Policy-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Query-Policy-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: queryPolicyObject
+schemaFlagsEx: 1
+schemaIDGUID:: A6Su4VvN0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=QueryPoint,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: QueryPoint
+attributeID: 1.2.840.113556.1.4.680
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: QueryPoint
+adminDescription: QueryPoint
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: queryPoint
+schemaIDGUID:: hsv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Range-Lower,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Range-Lower
+attributeID: 1.2.840.113556.1.2.34
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 33043
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Range-Lower
+adminDescription: Range-Lower
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: rangeLower
+schemaFlagsEx: 1
+schemaIDGUID:: DHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Range-Upper,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Range-Upper
+attributeID: 1.2.840.113556.1.2.35
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 33044
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Range-Upper
+adminDescription: Range-Upper
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: rangeUpper
+schemaFlagsEx: 1
+schemaIDGUID:: DXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RDN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RDN
+attributeID: 1.2.840.113556.1.4.1
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 255
+mAPIID: 33282
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RDN
+adminDescription: RDN
+oMSyntax: 64
+searchFlags: 13
+lDAPDisplayName: name
+schemaFlagsEx: 1
+schemaIDGUID:: DnqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RDN-Att-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RDN-Att-ID
+attributeID: 1.2.840.113556.1.2.26
+attributeSyntax: 2.5.5.2
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RDN-Att-ID
+adminDescription: RDN-Att-ID
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: rDNAttID
+schemaFlagsEx: 1
+schemaIDGUID:: D3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Registered-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Registered-Address
+attributeID: 2.5.4.26
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 4096
+mAPIID: 33049
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Registered-Address
+adminDescription: Registered-Address
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: registeredAddress
+schemaIDGUID:: EHqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Server-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Remote-Server-Name
+attributeID: 1.2.840.113556.1.4.105
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Remote-Server-Name
+adminDescription: Remote-Server-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: remoteServerName
+schemaIDGUID:: EnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Source,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Remote-Source
+attributeID: 1.2.840.113556.1.4.107
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Remote-Source
+adminDescription: Remote-Source
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: remoteSource
+schemaIDGUID:: FHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Source-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Remote-Source-Type
+attributeID: 1.2.840.113556.1.4.108
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Remote-Source-Type
+adminDescription: Remote-Source-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: remoteSourceType
+schemaIDGUID:: FXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Storage-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Remote-Storage-GUID
+attributeID: 1.2.840.113556.1.4.809
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Remote-Storage-GUID
+adminDescription: Remote-Storage-GUID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: remoteStorageGUID
+schemaIDGUID:: sMU5KmCJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Repl-Property-Meta-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Repl-Property-Meta-Data
+attributeID: 1.2.840.113556.1.4.3
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Repl-Property-Meta-Data
+adminDescription: Repl-Property-Meta-Data
+oMSyntax: 4
+searchFlags: 8
+lDAPDisplayName: replPropertyMetaData
+schemaFlagsEx: 1
+schemaIDGUID:: wBYUKGgZ0BGijwCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 27
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Repl-Topology-Stay-Of-Execution,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Repl-Topology-Stay-Of-Execution
+attributeID: 1.2.840.113556.1.4.677
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Repl-Topology-Stay-Of-Execution
+adminDescription: Repl-Topology-Stay-Of-Execution
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: replTopologyStayOfExecution
+schemaFlagsEx: 1
+schemaIDGUID:: g8v9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Repl-UpToDate-Vector,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Repl-UpToDate-Vector
+attributeID: 1.2.840.113556.1.4.4
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Repl-UpToDate-Vector
+adminDescription: Repl-UpToDate-Vector
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: replUpToDateVector
+schemaFlagsEx: 1
+schemaIDGUID:: FnqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Replica-Source,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Replica-Source
+attributeID: 1.2.840.113556.1.4.109
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Replica-Source
+adminDescription: Replica-Source
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: replicaSource
+schemaIDGUID:: GHqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Reports,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Reports
+attributeID: 1.2.840.113556.1.2.436
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 32782
+linkID: 43
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Reports
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Reports
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: directReports
+schemaIDGUID:: HHqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Repl-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Repl-Interval
+attributeID: 1.2.840.113556.1.4.1336
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Repl-Interval
+adminDescription: Repl-Interval
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: replInterval
+schemaFlagsEx: 1
+schemaIDGUID:: Gp26RfpW0hGQ0ADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Reps-From,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Reps-From
+attributeID: 1.2.840.113556.1.2.91
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Reps-From
+oMObjectClass:: KoZIhvcUAQEBBg==
+adminDescription: Reps-From
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: repsFrom
+schemaFlagsEx: 1
+schemaIDGUID:: HXqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Reps-To,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Reps-To
+attributeID: 1.2.840.113556.1.2.83
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Reps-To
+oMObjectClass:: KoZIhvcUAQEBBg==
+adminDescription: Reps-To
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: repsTo
+schemaFlagsEx: 1
+schemaIDGUID:: HnqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Required-Categories,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Required-Categories
+attributeID: 1.2.840.113556.1.4.321
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Required-Categories
+adminDescription: Required-Categories
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: requiredCategories
+schemaIDGUID:: kw5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Retired-Repl-DSA-Signatures,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Retired-Repl-DSA-Signatures
+attributeID: 1.2.840.113556.1.4.673
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Retired-Repl-DSA-Signatures
+adminDescription: Retired-Repl-DSA-Signatures
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: retiredReplDSASignatures
+schemaFlagsEx: 1
+schemaIDGUID:: f8v9ewdI0RGpwwAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Token-Groups,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Token-Groups
+attributeID: 1.2.840.113556.1.4.1301
+attributeSyntax: 2.5.5.17
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Token-Groups
+adminDescription: Token-Groups
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: tokenGroups
+schemaFlagsEx: 1
+schemaIDGUID:: bZ7Gt8cs0hGFTgCgyYP2CA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Token-Groups-Global-And-Universal,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Token-Groups-Global-And-Universal
+attributeID: 1.2.840.113556.1.4.1418
+attributeSyntax: 2.5.5.17
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Token-Groups-Global-And-Universal
+adminDescription: Token-Groups-Global-And-Universal
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: tokenGroupsGlobalAndUniversal
+schemaFlagsEx: 1
+schemaIDGUID:: HbGpRq5gWkC36P+KWNRW0g==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Token-Groups-No-GC-Acceptable,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Token-Groups-No-GC-Acceptable
+attributeID: 1.2.840.113556.1.4.1303
+attributeSyntax: 2.5.5.17
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Token-Groups-No-GC-Acceptable
+adminDescription: Token-Groups-No-GC-Acceptable
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: tokenGroupsNoGCAcceptable
+schemaFlagsEx: 1
+schemaIDGUID:: ksMPBN8z0hGYsgAA+HpX1A==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Revision,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Revision
+attributeID: 1.2.840.113556.1.4.145
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Revision
+adminDescription: Revision
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: revision
+schemaFlagsEx: 1
+schemaIDGUID:: IXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Rid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Rid
+attributeID: 1.2.840.113556.1.4.153
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Rid
+adminDescription: Rid
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: rid
+schemaFlagsEx: 1
+schemaIDGUID:: InqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Allocation-Pool,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Allocation-Pool
+attributeID: 1.2.840.113556.1.4.371
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Allocation-Pool
+adminDescription: RID-Allocation-Pool
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: rIDAllocationPool
+schemaFlagsEx: 1
+schemaIDGUID:: iRgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Available-Pool,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Available-Pool
+attributeID: 1.2.840.113556.1.4.370
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Available-Pool
+adminDescription: RID-Available-Pool
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: rIDAvailablePool
+schemaFlagsEx: 1
+schemaIDGUID:: iBgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Manager-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Manager-Reference
+attributeID: 1.2.840.113556.1.4.368
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Manager-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: RID-Manager-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: rIDManagerReference
+schemaFlagsEx: 1
+schemaIDGUID:: hhgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Next-RID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Next-RID
+attributeID: 1.2.840.113556.1.4.374
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Next-RID
+adminDescription: RID-Next-RID
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: rIDNextRID
+schemaFlagsEx: 1
+schemaIDGUID:: jBgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Previous-Allocation-Pool,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Previous-Allocation-Pool
+attributeID: 1.2.840.113556.1.4.372
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Previous-Allocation-Pool
+adminDescription: RID-Previous-Allocation-Pool
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: rIDPreviousAllocationPool
+schemaFlagsEx: 1
+schemaIDGUID:: ihgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Set-References,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Set-References
+attributeID: 1.2.840.113556.1.4.669
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Set-References
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: RID-Set-References
+oMSyntax: 127
+searchFlags: 8
+lDAPDisplayName: rIDSetReferences
+schemaFlagsEx: 1
+schemaIDGUID:: e8v9ewdI0RGpwwAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Used-Pool,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Used-Pool
+attributeID: 1.2.840.113556.1.4.373
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Used-Pool
+adminDescription: RID-Used-Pool
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: rIDUsedPool
+schemaFlagsEx: 1
+schemaIDGUID:: ixgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Rights-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Rights-Guid
+attributeID: 1.2.840.113556.1.4.340
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Rights-Guid
+adminDescription: Rights-Guid
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: rightsGuid
+schemaFlagsEx: 1
+schemaIDGUID:: HJOXgtOG0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Role-Occupant,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Role-Occupant
+attributeID: 2.5.4.33
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 33061
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Role-Occupant
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Role-Occupant
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: roleOccupant
+schemaIDGUID:: ZXTfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=roomNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: roomNumber
+attributeID: 0.9.2342.19200300.100.1.6
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: roomNumber
+adminDescription: The room number of an object.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: roomNumber
+schemaIDGUID:: wvjXgSfjDUqRxrQtQAkRXw==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Root-Trust,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Root-Trust
+attributeID: 1.2.840.113556.1.4.674
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Root-Trust
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Root-Trust
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: rootTrust
+schemaFlagsEx: 1
+schemaIDGUID:: gMv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Annotation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Annotation
+attributeID: 1.2.840.113556.1.4.366
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Annotation
+adminDescription: rpc-Ns-Annotation
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: rpcNsAnnotation
+schemaIDGUID:: 3hthiPSM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Bindings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Bindings
+attributeID: 1.2.840.113556.1.4.113
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Bindings
+adminDescription: rpc-Ns-Bindings
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: rpcNsBindings
+schemaIDGUID:: I3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Codeset,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Codeset
+attributeID: 1.2.840.113556.1.4.367
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Codeset
+adminDescription: rpc-Ns-Codeset
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: rpcNsCodeset
+schemaIDGUID:: 4KALepiO0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Entry-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Entry-Flags
+attributeID: 1.2.840.113556.1.4.754
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Entry-Flags
+adminDescription: rpc-Ns-Entry-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: rpcNsEntryFlags
+schemaIDGUID:: QSghgNxL0RGpxAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Group
+attributeID: 1.2.840.113556.1.4.114
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Group
+adminDescription: rpc-Ns-Group
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: rpcNsGroup
+schemaIDGUID:: JHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Interface-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Interface-ID
+attributeID: 1.2.840.113556.1.4.115
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Interface-ID
+adminDescription: rpc-Ns-Interface-ID
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: rpcNsInterfaceID
+schemaIDGUID:: JXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Object-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Object-ID
+attributeID: 1.2.840.113556.1.4.312
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Object-ID
+adminDescription: rpc-Ns-Object-ID
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: rpcNsObjectID
+schemaIDGUID:: SBxAKSd60BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Priority
+attributeID: 1.2.840.113556.1.4.117
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Priority
+adminDescription: rpc-Ns-Priority
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: rpcNsPriority
+schemaIDGUID:: J3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Profile-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Profile-Entry
+attributeID: 1.2.840.113556.1.4.118
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Profile-Entry
+adminDescription: rpc-Ns-Profile-Entry
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: rpcNsProfileEntry
+schemaIDGUID:: KHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Transfer-Syntax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Transfer-Syntax
+attributeID: 1.2.840.113556.1.4.314
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Transfer-Syntax
+adminDescription: rpc-Ns-Transfer-Syntax
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: rpcNsTransferSyntax
+schemaIDGUID:: ShxAKSd60BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SAM-Account-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SAM-Account-Name
+attributeID: 1.2.840.113556.1.4.221
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SAM-Account-Name
+adminDescription: SAM-Account-Name
+oMSyntax: 64
+searchFlags: 13
+lDAPDisplayName: sAMAccountName
+schemaFlagsEx: 1
+schemaIDGUID:: 0L8KPmoS0BGgYACqAGwz7Q==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SAM-Account-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SAM-Account-Type
+attributeID: 1.2.840.113556.1.4.302
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SAM-Account-Type
+adminDescription: SAM-Account-Type
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: sAMAccountType
+schemaFlagsEx: 1
+schemaIDGUID:: bGJ7bvJk0BGv0gDAT9kwyQ==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SAM-Domain-Updates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SAM-Domain-Updates
+attributeID: 1.2.840.113556.1.4.1969
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SAM-Domain-Updates
+adminDescription: 
+ Contains a bitmask of performed SAM operations on active directory
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: samDomainUpdates
+schemaFlagsEx: 1
+schemaIDGUID:: FNHSBJn3m0683JDo9bp+vg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Schedule,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Schedule
+attributeID: 1.2.840.113556.1.4.211
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Schedule
+adminDescription: Schedule
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: schedule
+schemaFlagsEx: 1
+schemaIDGUID:: JCJx3eQQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Schema-Flags-Ex,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Schema-Flags-Ex
+attributeID: 1.2.840.113556.1.4.120
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Schema-Flags-Ex
+adminDescription: Schema-Flags-Ex
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: schemaFlagsEx
+schemaFlagsEx: 1
+schemaIDGUID:: K3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Schema-ID-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Schema-ID-GUID
+attributeID: 1.2.840.113556.1.4.148
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Schema-ID-GUID
+adminDescription: Schema-ID-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: schemaIDGUID
+schemaFlagsEx: 1
+schemaIDGUID:: I3mWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Schema-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Schema-Info
+attributeID: 1.2.840.113556.1.4.1358
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Schema-Info
+adminDescription: Schema-Info
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: schemaInfo
+schemaFlagsEx: 1
+schemaIDGUID:: rmT7+bST0hGZRQAA+HpX1A==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Schema-Update,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Schema-Update
+attributeID: 1.2.840.113556.1.4.481
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Schema-Update
+adminDescription: Schema-Update
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: schemaUpdate
+schemaIDGUID:: tAYtHo+s0BGv4wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Schema-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Schema-Version
+attributeID: 1.2.840.113556.1.2.471
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+mAPIID: 33148
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Schema-Version
+adminDescription: Schema-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: schemaVersion
+schemaIDGUID:: LHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Scope-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Scope-Flags
+attributeID: 1.2.840.113556.1.4.1354
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Scope-Flags
+adminDescription: Scope-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: scopeFlags
+schemaIDGUID:: wqTzFnl+0hGZIQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Script-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Script-Path
+attributeID: 1.2.840.113556.1.4.62
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Script-Path
+adminDescription: Script-Path
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: scriptPath
+schemaFlagsEx: 1
+schemaIDGUID:: qHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SD-Rights-Effective,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SD-Rights-Effective
+attributeID: 1.2.840.113556.1.4.1304
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SD-Rights-Effective
+adminDescription: SD-Rights-Effective
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: sDRightsEffective
+schemaFlagsEx: 1
+schemaIDGUID:: pq/bw98z0hGYsgAA+HpX1A==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Search-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Search-Flags
+attributeID: 1.2.840.113556.1.2.334
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+mAPIID: 33069
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Search-Flags
+adminDescription: Search-Flags
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: searchFlags
+schemaFlagsEx: 1
+schemaIDGUID:: LXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Search-Guide,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Search-Guide
+attributeID: 2.5.4.14
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+mAPIID: 33070
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Search-Guide
+adminDescription: Search-Guide
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: searchGuide
+schemaIDGUID:: LnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=secretary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: secretary
+attributeID: 0.9.2342.19200300.100.1.21
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: secretary
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Specifies the secretary of a person.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: secretary
+schemaIDGUID:: mi0HAa2YU0qXROg+KHJ4+w==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Security-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Security-Identifier
+attributeID: 1.2.840.113556.1.4.121
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Security-Identifier
+adminDescription: Security-Identifier
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: securityIdentifier
+schemaFlagsEx: 1
+schemaIDGUID:: L3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=See-Also,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: See-Also
+attributeID: 2.5.4.34
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 33071
+showInAdvancedViewOnly: TRUE
+adminDisplayName: See-Also
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: See-Also
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: seeAlso
+schemaIDGUID:: MXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Seq-Notification,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Seq-Notification
+attributeID: 1.2.840.113556.1.4.504
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Seq-Notification
+adminDescription: Seq-Notification
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: seqNotification
+schemaIDGUID:: 8gys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Serial-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Serial-Number
+attributeID: 2.5.4.5
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 33072
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Serial-Number
+adminDescription: Serial-Number
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: serialNumber
+schemaIDGUID:: MnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Server-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Server-Name
+attributeID: 1.2.840.113556.1.4.223
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Server-Name
+adminDescription: Server-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: serverName
+schemaFlagsEx: 1
+schemaIDGUID:: oLfcCV8W0BGgZACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Server-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Server-Reference
+attributeID: 1.2.840.113556.1.4.515
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 94
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Server-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Server-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: serverReference
+schemaFlagsEx: 1
+schemaIDGUID:: bXPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Server-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Server-Reference-BL
+attributeID: 1.2.840.113556.1.4.516
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 95
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Server-Reference-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Server-Reference-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: serverReferenceBL
+schemaFlagsEx: 1
+schemaIDGUID:: bnPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Server-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Server-Role
+attributeID: 1.2.840.113556.1.4.157
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Server-Role
+adminDescription: Server-Role
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: serverRole
+schemaIDGUID:: M3qWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Server-State,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Server-State
+attributeID: 1.2.840.113556.1.4.154
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Server-State
+adminDescription: Server-State
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: serverState
+schemaFlagsEx: 1
+schemaIDGUID:: NHqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Binding-Information,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-Binding-Information
+attributeID: 1.2.840.113556.1.4.510
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Binding-Information
+adminDescription: Service-Binding-Information
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: serviceBindingInformation
+schemaIDGUID:: HDGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Class-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-Class-ID
+attributeID: 1.2.840.113556.1.4.122
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Class-ID
+adminDescription: Service-Class-ID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: serviceClassID
+schemaIDGUID:: NXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Class-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-Class-Info
+attributeID: 1.2.840.113556.1.4.123
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Class-Info
+adminDescription: Service-Class-Info
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: serviceClassInfo
+schemaIDGUID:: NnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Class-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-Class-Name
+attributeID: 1.2.840.113556.1.4.509
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Class-Name
+adminDescription: Service-Class-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: serviceClassName
+schemaIDGUID:: HTGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-DNS-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-DNS-Name
+attributeID: 1.2.840.113556.1.4.657
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-DNS-Name
+adminDescription: Service-DNS-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: serviceDNSName
+schemaIDGUID:: uA5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-DNS-Name-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-DNS-Name-Type
+attributeID: 1.2.840.113556.1.4.659
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-DNS-Name-Type
+adminDescription: Service-DNS-Name-Type
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: serviceDNSNameType
+schemaIDGUID:: ug5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Instance-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-Instance-Version
+attributeID: 1.2.840.113556.1.4.199
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 8
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Instance-Version
+adminDescription: Service-Instance-Version
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: serviceInstanceVersion
+schemaIDGUID:: N3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Principal-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-Principal-Name
+attributeID: 1.2.840.113556.1.4.771
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Principal-Name
+adminDescription: Service-Principal-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: servicePrincipalName
+schemaFlagsEx: 1
+schemaIDGUID:: iEem8wZT0RGpxQAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Setup-Command,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Setup-Command
+attributeID: 1.2.840.113556.1.4.325
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Setup-Command
+adminDescription: Setup-Command
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: setupCommand
+schemaIDGUID:: lw5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Shell-Context-Menu,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Shell-Context-Menu
+attributeID: 1.2.840.113556.1.4.615
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Shell-Context-Menu
+adminDescription: Shell-Context-Menu
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: shellContextMenu
+schemaIDGUID:: OdA/VS7z0BGwvADAT9jcpg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Shell-Property-Pages,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Shell-Property-Pages
+attributeID: 1.2.840.113556.1.4.563
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Shell-Property-Pages
+adminDescription: Shell-Property-Pages
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: shellPropertyPages
+schemaIDGUID:: OYBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Short-Server-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Short-Server-Name
+attributeID: 1.2.840.113556.1.4.1209
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Short-Server-Name
+adminDescription: Short-Server-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: shortServerName
+schemaIDGUID:: ARWwRRnE0RG7yQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Show-In-Address-Book,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Show-In-Address-Book
+attributeID: 1.2.840.113556.1.4.644
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Show-In-Address-Book
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Show-In-Address-Book
+oMSyntax: 127
+searchFlags: 16
+lDAPDisplayName: showInAddressBook
+schemaFlagsEx: 1
+schemaIDGUID:: DvZ0PnM+0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Show-In-Advanced-View-Only,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Show-In-Advanced-View-Only
+attributeID: 1.2.840.113556.1.2.169
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Show-In-Advanced-View-Only
+adminDescription: Show-In-Advanced-View-Only
+oMSyntax: 1
+searchFlags: 17
+lDAPDisplayName: showInAdvancedViewOnly
+schemaFlagsEx: 1
+schemaIDGUID:: hHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SID-History,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SID-History
+attributeID: 1.2.840.113556.1.4.609
+attributeSyntax: 2.5.5.17
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SID-History
+adminDescription: SID-History
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: sIDHistory
+schemaFlagsEx: 1
+schemaIDGUID:: eELrF2fR0BGwAgAA+ANnwQ==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Signature-Algorithms,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Signature-Algorithms
+attributeID: 1.2.840.113556.1.4.824
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Signature-Algorithms
+adminDescription: Signature-Algorithms
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: signatureAlgorithms
+schemaIDGUID:: ssU5KmCJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Site-GUID
+attributeID: 1.2.840.113556.1.4.362
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-GUID
+adminDescription: Site-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: siteGUID
+schemaIDGUID:: JImXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Link-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Site-Link-List
+attributeID: 1.2.840.113556.1.4.822
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 142
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-Link-List
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Site-Link-List
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: siteLinkList
+schemaFlagsEx: 1
+schemaIDGUID:: 3SwM1VGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Site-List
+attributeID: 1.2.840.113556.1.4.821
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 144
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-List
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Site-List
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: siteList
+schemaFlagsEx: 1
+schemaIDGUID:: 3CwM1VGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Site-Object
+attributeID: 1.2.840.113556.1.4.512
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 46
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Site-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: siteObject
+schemaFlagsEx: 1
+schemaIDGUID:: TJQQPlTD0BGv+AAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Object-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Site-Object-BL
+attributeID: 1.2.840.113556.1.4.513
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 47
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-Object-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Site-Object-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: siteObjectBL
+schemaIDGUID:: TZQQPlTD0BGv+AAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Site-Server
+attributeID: 1.2.840.113556.1.4.494
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-Server
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Site-Server
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: siteServer
+schemaIDGUID:: fPHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SMTP-Mail-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SMTP-Mail-Address
+attributeID: 1.2.840.113556.1.4.786
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SMTP-Mail-Address
+adminDescription: SMTP-Mail-Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mailAddress
+schemaFlagsEx: 1
+schemaIDGUID:: b3PZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SPN-Mappings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SPN-Mappings
+attributeID: 1.2.840.113556.1.4.1347
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SPN-Mappings
+adminDescription: SPN-Mappings
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: sPNMappings
+schemaFlagsEx: 1
+schemaIDGUID:: bOewKkFw0hGZBQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=State-Or-Province-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: State-Or-Province-Name
+attributeID: 2.5.4.8
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 14888
+showInAdvancedViewOnly: TRUE
+adminDisplayName: State-Or-Province-Name
+adminDescription: State-Or-Province-Name
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: st
+schemaFlagsEx: 1
+schemaIDGUID:: OXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Street-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Street-Address
+attributeID: 2.5.4.9
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+mAPIID: 33082
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Street-Address
+adminDescription: Street-Address
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: street
+schemaFlagsEx: 1
+schemaIDGUID:: OnqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Structural-Object-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Structural-Object-Class
+attributeID: 2.5.21.9
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Structural-Object-Class
+adminDescription: The class hierarchy without auxiliary classes
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: structuralObjectClass
+schemaFlagsEx: 1
+schemaIDGUID:: n5RgOKj2OEuZUIHstrwpgg==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sub-Class-Of,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Sub-Class-Of
+attributeID: 1.2.840.113556.1.2.21
+attributeSyntax: 2.5.5.2
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sub-Class-Of
+adminDescription: Sub-Class-Of
+oMSyntax: 6
+searchFlags: 8
+lDAPDisplayName: subClassOf
+schemaFlagsEx: 1
+schemaIDGUID:: O3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sub-Refs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Sub-Refs
+attributeID: 1.2.840.113556.1.2.7
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 33083
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sub-Refs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Sub-Refs
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: subRefs
+schemaFlagsEx: 1
+schemaIDGUID:: PHqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SubSchemaSubEntry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SubSchemaSubEntry
+attributeID: 2.5.18.10
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SubSchemaSubEntry
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: SubSchemaSubEntry
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: subSchemaSubEntry
+schemaFlagsEx: 1
+schemaIDGUID:: Tdl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Super-Scope-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Super-Scope-Description
+attributeID: 1.2.840.113556.1.4.711
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Super-Scope-Description
+adminDescription: Super-Scope-Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: superScopeDescription
+schemaIDGUID:: TCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Super-Scopes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Super-Scopes
+attributeID: 1.2.840.113556.1.4.710
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Super-Scopes
+adminDescription: Super-Scopes
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: superScopes
+schemaIDGUID:: Syc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Superior-DNS-Root,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Superior-DNS-Root
+attributeID: 1.2.840.113556.1.4.532
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Superior-DNS-Root
+adminDescription: Superior-DNS-Root
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: superiorDNSRoot
+schemaFlagsEx: 1
+schemaIDGUID:: HYBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Supplemental-Credentials,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Supplemental-Credentials
+attributeID: 1.2.840.113556.1.4.125
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Supplemental-Credentials
+adminDescription: Supplemental-Credentials
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: supplementalCredentials
+schemaFlagsEx: 1
+schemaIDGUID:: P3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Supported-Application-Context,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Supported-Application-Context
+attributeID: 2.5.4.30
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+mAPIID: 33085
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Supported-Application-Context
+adminDescription: Supported-Application-Context
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: supportedApplicationContext
+schemaIDGUID:: j1h3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Surname,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Surname
+attributeID: 2.5.4.4
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14865
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Surname
+adminDescription: Surname
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: sn
+schemaFlagsEx: 1
+schemaIDGUID:: QXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sync-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Sync-Attributes
+attributeID: 1.2.840.113556.1.4.666
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sync-Attributes
+adminDescription: Sync-Attributes
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: syncAttributes
+schemaIDGUID:: 5FF2Ax1E0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sync-Membership,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Sync-Membership
+attributeID: 1.2.840.113556.1.4.665
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 78
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sync-Membership
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Sync-Membership
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: syncMembership
+schemaIDGUID:: 41F2Ax1E0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sync-With-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Sync-With-Object
+attributeID: 1.2.840.113556.1.4.664
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sync-With-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Sync-With-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: syncWithObject
+schemaIDGUID:: 4lF2Ax1E0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sync-With-SID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Sync-With-SID
+attributeID: 1.2.840.113556.1.4.667
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sync-With-SID
+adminDescription: Sync-With-SID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: syncWithSID
+schemaIDGUID:: 5VF2Ax1E0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=System-Auxiliary-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: System-Auxiliary-Class
+attributeID: 1.2.840.113556.1.4.198
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: System-Auxiliary-Class
+adminDescription: System-Auxiliary-Class
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: systemAuxiliaryClass
+schemaFlagsEx: 1
+schemaIDGUID:: Q3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=System-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: System-Flags
+attributeID: 1.2.840.113556.1.4.375
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: System-Flags
+adminDescription: System-Flags
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: systemFlags
+schemaFlagsEx: 1
+schemaIDGUID:: Yh764EWb0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=System-May-Contain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: System-May-Contain
+attributeID: 1.2.840.113556.1.4.196
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: System-May-Contain
+adminDescription: System-May-Contain
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: systemMayContain
+schemaFlagsEx: 1
+schemaIDGUID:: RHqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=System-Must-Contain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: System-Must-Contain
+attributeID: 1.2.840.113556.1.4.197
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: System-Must-Contain
+adminDescription: System-Must-Contain
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: systemMustContain
+schemaFlagsEx: 1
+schemaIDGUID:: RXqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=System-Only,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: System-Only
+attributeID: 1.2.840.113556.1.4.170
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: System-Only
+adminDescription: System-Only
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: systemOnly
+schemaFlagsEx: 1
+schemaIDGUID:: RnqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=System-Poss-Superiors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: System-Poss-Superiors
+attributeID: 1.2.840.113556.1.4.195
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: System-Poss-Superiors
+adminDescription: System-Poss-Superiors
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: systemPossSuperiors
+schemaFlagsEx: 1
+schemaIDGUID:: R3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Telephone-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Telephone-Number
+attributeID: 2.5.4.20
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14856
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Telephone-Number
+adminDescription: Telephone-Number
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: telephoneNumber
+schemaIDGUID:: SXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Teletex-Terminal-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Teletex-Terminal-Identifier
+attributeID: 2.5.4.22
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+mAPIID: 33091
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Teletex-Terminal-Identifier
+adminDescription: Teletex-Terminal-Identifier
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: teletexTerminalIdentifier
+schemaIDGUID:: SnqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Telex-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Telex-Number
+attributeID: 2.5.4.21
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 32
+mAPIID: 14892
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Telex-Number
+adminDescription: Telex-Number
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: telexNumber
+schemaIDGUID:: S3qWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Telex-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Telex-Primary
+attributeID: 1.2.840.113556.1.4.648
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Telex-Primary
+adminDescription: Telex-Primary
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: primaryTelexNumber
+schemaIDGUID:: IcGWAtpA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Template-Roots,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Template-Roots
+attributeID: 1.2.840.113556.1.4.1346
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Template-Roots
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Template-Roots
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: templateRoots
+schemaFlagsEx: 1
+schemaIDGUID:: oOmd7UFw0hGZBQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Terminal-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Terminal-Server
+attributeID: 1.2.840.113556.1.4.885
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 20480
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Terminal-Server
+adminDescription: Terminal-Server
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: terminalServer
+schemaIDGUID:: HJq2bSKU0RGuvQAA+ANnwQ==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Text-Country,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Text-Country
+attributeID: 1.2.840.113556.1.2.131
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 14886
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Text-Country
+adminDescription: Text-Country
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: co
+schemaIDGUID:: p//48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Text-Encoded-OR-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Text-Encoded-OR-Address
+attributeID: 0.9.2342.19200300.100.1.2
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+mAPIID: 35969
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Text-Encoded-OR-Address
+adminDescription: Text-Encoded-OR-Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: textEncodedORAddress
+schemaIDGUID:: iXTfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Time-Refresh,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Time-Refresh
+attributeID: 1.2.840.113556.1.4.503
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Time-Refresh
+adminDescription: Time-Refresh
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: timeRefresh
+schemaIDGUID:: 8Qys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Time-Vol-Change,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Time-Vol-Change
+attributeID: 1.2.840.113556.1.4.502
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Time-Vol-Change
+adminDescription: Time-Vol-Change
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: timeVolChange
+schemaIDGUID:: 8Ays3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Title,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Title
+attributeID: 2.5.4.12
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 14871
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Title
+adminDescription: Title
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: title
+schemaIDGUID:: VXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Tombstone-Lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Tombstone-Lifetime
+attributeID: 1.2.840.113556.1.2.54
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 33093
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Tombstone-Lifetime
+adminDescription: Tombstone-Lifetime
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: tombstoneLifetime
+schemaFlagsEx: 1
+schemaIDGUID:: YKjDFnMS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Transport-Address-Attribute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Transport-Address-Attribute
+attributeID: 1.2.840.113556.1.4.895
+attributeSyntax: 2.5.5.2
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Transport-Address-Attribute
+adminDescription: Transport-Address-Attribute
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: transportAddressAttribute
+schemaFlagsEx: 1
+schemaIDGUID:: fIbcwWGi0RG2BgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Transport-DLL-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Transport-DLL-Name
+attributeID: 1.2.840.113556.1.4.789
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Transport-DLL-Name
+adminDescription: Transport-DLL-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: transportDLLName
+schemaFlagsEx: 1
+schemaIDGUID:: cnPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Transport-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Transport-Type
+attributeID: 1.2.840.113556.1.4.791
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Transport-Type
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Transport-Type
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: transportType
+schemaFlagsEx: 1
+schemaIDGUID:: dHPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Treat-As-Leaf,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Treat-As-Leaf
+attributeID: 1.2.840.113556.1.4.806
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Treat-As-Leaf
+adminDescription: Treat-As-Leaf
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: treatAsLeaf
+schemaIDGUID:: 40TQjx930RGurgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Tree-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Tree-Name
+attributeID: 1.2.840.113556.1.4.660
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Tree-Name
+adminDescription: Tree-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: treeName
+schemaIDGUID:: vQ5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Attributes
+attributeID: 1.2.840.113556.1.4.470
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Attributes
+adminDescription: Trust-Attributes
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: trustAttributes
+schemaFlagsEx: 1
+schemaIDGUID:: Wn6mgCKf0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Auth-Incoming,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Auth-Incoming
+attributeID: 1.2.840.113556.1.4.129
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Auth-Incoming
+adminDescription: Trust-Auth-Incoming
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: trustAuthIncoming
+schemaFlagsEx: 1
+schemaIDGUID:: WXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Auth-Outgoing,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Auth-Outgoing
+attributeID: 1.2.840.113556.1.4.135
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Auth-Outgoing
+adminDescription: Trust-Auth-Outgoing
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: trustAuthOutgoing
+schemaFlagsEx: 1
+schemaIDGUID:: X3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Direction,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Direction
+attributeID: 1.2.840.113556.1.4.132
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Direction
+adminDescription: Trust-Direction
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: trustDirection
+schemaFlagsEx: 1
+schemaIDGUID:: XHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Parent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Parent
+attributeID: 1.2.840.113556.1.4.471
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Parent
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Trust-Parent
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: trustParent
+schemaFlagsEx: 1
+schemaIDGUID:: euoAsIag0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Partner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Partner
+attributeID: 1.2.840.113556.1.4.133
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Partner
+adminDescription: Trust-Partner
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: trustPartner
+schemaFlagsEx: 1
+schemaIDGUID:: XXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Posix-Offset,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Posix-Offset
+attributeID: 1.2.840.113556.1.4.134
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Posix-Offset
+adminDescription: Trust-Posix-Offset
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: trustPosixOffset
+schemaFlagsEx: 1
+schemaIDGUID:: XnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Type
+attributeID: 1.2.840.113556.1.4.136
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Type
+adminDescription: Trust-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: trustType
+schemaFlagsEx: 1
+schemaIDGUID:: YHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=UAS-Compat,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: UAS-Compat
+attributeID: 1.2.840.113556.1.4.155
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: UAS-Compat
+adminDescription: UAS-Compat
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: uASCompat
+schemaFlagsEx: 1
+schemaIDGUID:: YXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=uid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: uid
+attributeID: 0.9.2342.19200300.100.1.1
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: uid
+adminDescription: A user ID.
+oMSyntax: 64
+searchFlags: 8
+lDAPDisplayName: uid
+schemaIDGUID:: oPywC4ken0KQGhQTiU2fWQ==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=UNC-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: UNC-Name
+attributeID: 1.2.840.113556.1.4.137
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: UNC-Name
+adminDescription: UNC-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: uNCName
+schemaIDGUID:: ZHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Unicode-Pwd,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Unicode-Pwd
+attributeID: 1.2.840.113556.1.4.90
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Unicode-Pwd
+adminDescription: Unicode-Pwd
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: unicodePwd
+schemaFlagsEx: 1
+schemaIDGUID:: 4XmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=uniqueIdentifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: uniqueIdentifier
+attributeID: 0.9.2342.19200300.100.1.44
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: uniqueIdentifier
+adminDescription: 
+ The uniqueIdentifier attribute type specifies a "unique identifier" for an obj
+ ect represented in the Directory.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: uniqueIdentifier
+schemaIDGUID:: x4QBusU47UulJnVCFHBYDA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=uniqueMember,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: uniqueMember
+attributeID: 2.5.4.50
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: uniqueMember
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ The distinguished name for the member of a group. Used by groupOfUniqueNames.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: uniqueMember
+schemaIDGUID:: JoeIjwr410Sx7sud8hOSyA==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=unstructuredAddress,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: unstructuredAddress
+attributeID: 1.2.840.113549.1.9.8
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: unstructuredAddress
+adminDescription: 
+ The IP address of the router. For example, 100.11.22.33. PKCS #9
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: unstructuredAddress
+schemaIDGUID:: OQiVUEzMkUSGOvz5QtaEtw==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=unstructuredName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: unstructuredName
+attributeID: 1.2.840.113549.1.9.2
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: unstructuredName
+adminDescription: 
+ The DNS name of the router. For example, router1.microsoft.com. PKCS #9
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: unstructuredName
+schemaIDGUID:: d/GOnM9ByUWWc3cWwMiQGw==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Upgrade-Product-Code,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Upgrade-Product-Code
+attributeID: 1.2.840.113556.1.4.813
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Upgrade-Product-Code
+adminDescription: Upgrade-Product-Code
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: upgradeProductCode
+schemaIDGUID:: EoPh2TmJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=UPN-Suffixes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: UPN-Suffixes
+attributeID: 1.2.840.113556.1.4.890
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: UPN-Suffixes
+adminDescription: UPN-Suffixes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: uPNSuffixes
+schemaFlagsEx: 1
+schemaIDGUID:: v2AhAySY0RGuwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Account-Control,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Account-Control
+attributeID: 1.2.840.113556.1.4.8
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Account-Control
+adminDescription: User-Account-Control
+oMSyntax: 2
+searchFlags: 25
+lDAPDisplayName: userAccountControl
+schemaFlagsEx: 1
+schemaIDGUID:: aHqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Cert,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Cert
+attributeID: 1.2.840.113556.1.4.645
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+mAPIID: 14882
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Cert
+adminDescription: User-Cert
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: userCert
+schemaIDGUID:: aXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Comment,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Comment
+attributeID: 1.2.840.113556.1.4.156
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Comment
+adminDescription: User-Comment
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: comment
+schemaFlagsEx: 1
+schemaIDGUID:: anqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Parameters,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Parameters
+attributeID: 1.2.840.113556.1.4.138
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Parameters
+adminDescription: User-Parameters
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: userParameters
+schemaFlagsEx: 1
+schemaIDGUID:: bXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Password,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Password
+attributeID: 2.5.4.35
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 33107
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Password
+adminDescription: User-Password
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: userPassword
+schemaFlagsEx: 1
+schemaIDGUID:: bnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=userClass,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: userClass
+attributeID: 0.9.2342.19200300.100.1.8
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: userClass
+adminDescription: 
+ The userClass attribute type specifies a category of computer user.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: userClass
+schemaIDGUID:: iipzEU3hxUy5L9k/UcbY5A==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=userPKCS12,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: userPKCS12
+attributeID: 2.16.840.1.113730.3.1.216
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: userPKCS12
+adminDescription: 
+ PKCS #12 PFX PDU for exchange of personal identity information.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: userPKCS12
+schemaIDGUID:: tYqZI/hwB0CkwahKODEfmg==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Principal-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Principal-Name
+attributeID: 1.2.840.113556.1.4.656
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Principal-Name
+adminDescription: User-Principal-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: userPrincipalName
+schemaFlagsEx: 1
+schemaIDGUID:: uw5jKNVB0RGpwQAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Shared-Folder,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Shared-Folder
+attributeID: 1.2.840.113556.1.4.751
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Shared-Folder
+adminDescription: User-Shared-Folder
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: userSharedFolder
+schemaIDGUID:: HwKamltK0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Shared-Folder-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Shared-Folder-Other
+attributeID: 1.2.840.113556.1.4.752
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Shared-Folder-Other
+adminDescription: User-Shared-Folder-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: userSharedFolderOther
+schemaIDGUID:: IAKamltK0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-SMIME-Certificate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-SMIME-Certificate
+attributeID: 2.16.840.1.113730.3.140
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 32768
+mAPIID: 14960
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-SMIME-Certificate
+adminDescription: User-SMIME-Certificate
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: userSMIMECertificate
+schemaIDGUID:: sp1q4TxA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Workstations,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Workstations
+attributeID: 1.2.840.113556.1.4.86
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Workstations
+adminDescription: User-Workstations
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: userWorkstations
+schemaFlagsEx: 1
+schemaIDGUID:: 13mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=USN-Changed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: USN-Changed
+attributeID: 1.2.840.113556.1.2.120
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+mAPIID: 32809
+showInAdvancedViewOnly: TRUE
+adminDisplayName: USN-Changed
+adminDescription: USN-Changed
+oMSyntax: 65
+searchFlags: 9
+lDAPDisplayName: uSNChanged
+schemaFlagsEx: 1
+schemaIDGUID:: b3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=USN-Created,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: USN-Created
+attributeID: 1.2.840.113556.1.2.19
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+mAPIID: 33108
+showInAdvancedViewOnly: TRUE
+adminDisplayName: USN-Created
+adminDescription: USN-Created
+oMSyntax: 65
+searchFlags: 9
+lDAPDisplayName: uSNCreated
+schemaFlagsEx: 1
+schemaIDGUID:: cHqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=USN-DSA-Last-Obj-Removed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: USN-DSA-Last-Obj-Removed
+attributeID: 1.2.840.113556.1.2.267
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+mAPIID: 33109
+showInAdvancedViewOnly: TRUE
+adminDisplayName: USN-DSA-Last-Obj-Removed
+adminDescription: USN-DSA-Last-Obj-Removed
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: uSNDSALastObjRemoved
+schemaFlagsEx: 1
+schemaIDGUID:: cXqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=USN-Intersite,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: USN-Intersite
+attributeID: 1.2.840.113556.1.2.469
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 33146
+showInAdvancedViewOnly: TRUE
+adminDisplayName: USN-Intersite
+adminDescription: USN-Intersite
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: USNIntersite
+schemaIDGUID:: mHTfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=USN-Last-Obj-Rem,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: USN-Last-Obj-Rem
+attributeID: 1.2.840.113556.1.2.121
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+mAPIID: 33110
+showInAdvancedViewOnly: TRUE
+adminDisplayName: USN-Last-Obj-Rem
+adminDescription: USN-Last-Obj-Rem
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: uSNLastObjRem
+schemaFlagsEx: 1
+schemaIDGUID:: c3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=USN-Source,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: USN-Source
+attributeID: 1.2.840.113556.1.4.896
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+mAPIID: 33111
+showInAdvancedViewOnly: TRUE
+adminDisplayName: USN-Source
+adminDescription: USN-Source
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: uSNSource
+schemaIDGUID:: rVh3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Valid-Accesses,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Valid-Accesses
+attributeID: 1.2.840.113556.1.4.1356
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Valid-Accesses
+adminDescription: Valid-Accesses
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: validAccesses
+schemaFlagsEx: 1
+schemaIDGUID:: gKMvTVR/0hGZKgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Vendor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Vendor
+attributeID: 1.2.840.113556.1.4.255
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Vendor
+adminDescription: Vendor
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: vendor
+schemaIDGUID:: 3xYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Version-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Version-Number
+attributeID: 1.2.840.113556.1.4.141
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Version-Number
+adminDescription: Version-Number
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: versionNumber
+schemaIDGUID:: dnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Version-Number-Hi,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Version-Number-Hi
+attributeID: 1.2.840.113556.1.4.328
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Version-Number-Hi
+adminDescription: Version-Number-Hi
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: versionNumberHi
+schemaIDGUID:: mg5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Version-Number-Lo,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Version-Number-Lo
+attributeID: 1.2.840.113556.1.4.329
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Version-Number-Lo
+adminDescription: Version-Number-Lo
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: versionNumberLo
+schemaIDGUID:: mw5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Vol-Table-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Vol-Table-GUID
+attributeID: 1.2.840.113556.1.4.336
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Vol-Table-GUID
+adminDescription: Vol-Table-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: volTableGUID
+schemaIDGUID:: /XUAH0B+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Vol-Table-Idx-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Vol-Table-Idx-GUID
+attributeID: 1.2.840.113556.1.4.334
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Vol-Table-Idx-GUID
+adminDescription: Vol-Table-Idx-GUID
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: volTableIdxGUID
+schemaIDGUID:: +3UAH0B+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Volume-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Volume-Count
+attributeID: 1.2.840.113556.1.4.507
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Volume-Count
+adminDescription: Volume-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: volumeCount
+schemaIDGUID:: F6KqNJm20BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Wbem-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Wbem-Path
+attributeID: 1.2.840.113556.1.4.301
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Wbem-Path
+adminDescription: Wbem-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: wbemPath
+schemaIDGUID:: cClLJL1a0BGv0gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Well-Known-Objects,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Well-Known-Objects
+attributeID: 1.2.840.113556.1.4.618
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Well-Known-Objects
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: Well-Known-Objects
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: wellKnownObjects
+schemaFlagsEx: 1
+schemaIDGUID:: g4kwBYh20RGt7QDAT9jVzQ==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=When-Changed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: When-Changed
+attributeID: 1.2.840.113556.1.2.3
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+mAPIID: 12296
+showInAdvancedViewOnly: TRUE
+adminDisplayName: When-Changed
+adminDescription: When-Changed
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: whenChanged
+schemaFlagsEx: 1
+schemaIDGUID:: d3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=When-Created,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: When-Created
+attributeID: 1.2.840.113556.1.2.2
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+mAPIID: 12295
+showInAdvancedViewOnly: TRUE
+adminDisplayName: When-Created
+adminDescription: When-Created
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: whenCreated
+schemaFlagsEx: 1
+schemaIDGUID:: eHqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Winsock-Addresses,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Winsock-Addresses
+attributeID: 1.2.840.113556.1.4.142
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Winsock-Addresses
+adminDescription: Winsock-Addresses
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: winsockAddresses
+schemaIDGUID:: eXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=WWW-Home-Page,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: WWW-Home-Page
+attributeID: 1.2.840.113556.1.2.464
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: WWW-Home-Page
+adminDescription: WWW-Home-Page
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: wWWHomePage
+schemaIDGUID:: enqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: s5VX5FWU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=WWW-Page-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: WWW-Page-Other
+attributeID: 1.2.840.113556.1.4.749
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+mAPIID: 33141
+showInAdvancedViewOnly: TRUE
+adminDisplayName: WWW-Page-Other
+adminDescription: WWW-Page-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: url
+schemaIDGUID:: IQKamltK0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: s5VX5FWU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=X121-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: X121-Address
+attributeID: 2.5.4.24
+attributeSyntax: 2.5.5.6
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 15
+mAPIID: 33112
+showInAdvancedViewOnly: TRUE
+adminDisplayName: X121-Address
+adminDescription: X121-Address
+oMSyntax: 18
+searchFlags: 0
+lDAPDisplayName: x121Address
+schemaIDGUID:: e3qWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=x500uniqueIdentifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: x500uniqueIdentifier
+attributeID: 2.5.4.45
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: x500uniqueIdentifier
+adminDescription: 
+ Used to distinguish between objects when a distinguished name has been reused.
+   This is a different attribute type from both the "uid" and "uniqueIdentifier
+ " types.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: x500uniqueIdentifier
+schemaIDGUID:: H6F90D2KtkKwqnbJYr5xmg==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=X509-Cert,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: X509-Cert
+attributeID: 2.5.4.36
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 32768
+mAPIID: 35946
+showInAdvancedViewOnly: TRUE
+adminDisplayName: X509-Cert
+adminDescription: X509-Cert
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: userCertificate
+schemaIDGUID:: f3qWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=UnixUserPassword,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: UnixUserPassword
+attributeID: 1.2.840.113556.1.4.1910
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: unixUserPassword
+adminDescription: userPassword compatible with Unix system.
+oMSyntax: 4
+searchFlags: 128
+lDAPDisplayName: unixUserPassword
+schemaIDGUID:: R7csYejAkk+SIf3V8VtVDQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=UidNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: UidNumber
+attributeID: 1.3.6.1.1.1.1.0
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: uidNumber
+adminDescription: 
+ An integer uniquely identifying a user in an administrative domain (RFC 2307)
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: uidNumber
+schemaIDGUID:: j8wPhWuc4Ue2cXxlS+TVsw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GidNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GidNumber
+attributeID: 1.3.6.1.1.1.1.1
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: gidNumber
+adminDescription: 
+ An integer uniquely identifying a group in an administrative domain (RFC 2307)
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: gidNumber
+schemaIDGUID:: DF+5xZ7sxEGEnLRll+1mlg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Gecos,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Gecos
+attributeID: 1.3.6.1.1.1.1.2
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 10240
+showInAdvancedViewOnly: TRUE
+adminDisplayName: gecos
+adminDescription: The GECOS field; the common name (RFC 2307)
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: gecos
+schemaIDGUID:: Hz/go1UdU0KgrzDCp4Tkbg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=UnixHomeDirectory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: UnixHomeDirectory
+attributeID: 1.3.6.1.1.1.1.3
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: unixHomeDirectory
+adminDescription: The absolute path to the home directory (RFC 2307)
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: unixHomeDirectory
+schemaIDGUID:: ErotvA8ATUa/HQgIRl2IQw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=LoginShell,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: LoginShell
+attributeID: 1.3.6.1.1.1.1.4
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: loginShell
+adminDescription: The path to the login shell (RFC 2307)
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: loginShell
+schemaIDGUID:: LNFTpTEyXkyK340YlpdyHg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowLastChange,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowLastChange
+attributeID: 1.3.6.1.1.1.1.5
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowLastChange
+adminDescription: Last change of shadow information.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowLastChange
+schemaIDGUID:: nGjy+OgpQ0iBd+i5jhXurA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowMin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowMin
+attributeID: 1.3.6.1.1.1.1.6
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowMin
+adminDescription: Minimum number of days between shadow changes.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowMin
+schemaIDGUID:: N4drp6HlaEWwV9wS4Evksg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowMax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowMax
+attributeID: 1.3.6.1.1.1.1.7
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowMax
+adminDescription: Maximum number of days password is valid.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowMax
+schemaIDGUID:: UsmF8t1QnkSRYDuIDZmYjQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowWarning,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowWarning
+attributeID: 1.3.6.1.1.1.1.8
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowWarning
+adminDescription: Number of days before password expiry to warn user
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowWarning
+schemaIDGUID:: nJzoenYpRkq7ijQPiFYBFw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowInactive,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowInactive
+attributeID: 1.3.6.1.1.1.1.9
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowInactive
+adminDescription: Number of days before password expiry to warn user
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowInactive
+schemaIDGUID:: Hx2HhhAzEkOO/a9J3PsmcQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowExpire,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowExpire
+attributeID: 1.3.6.1.1.1.1.10
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowExpire
+adminDescription: Absolute date to expire account
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowExpire
+schemaIDGUID:: AJoVdf8f9EyL/07yaVz2Qw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowFlag,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowFlag
+attributeID: 1.3.6.1.1.1.1.11
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowFlag
+adminDescription: 
+ This is a part of the shadow map used to store the flag value.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowFlag
+schemaIDGUID:: Dbf+jdvFtkaxXqQ4nmzumw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MemberUid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MemberUid
+attributeID: 1.3.6.1.1.1.1.12
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 256000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: memberUid
+adminDescription: 
+ This multivalued attribute holds the login names of the members of a group.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: memberUid
+schemaIDGUID:: NrLaAy5nYU+rZPd9LcL/qw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MemberNisNetgroup,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MemberNisNetgroup
+attributeID: 1.3.6.1.1.1.1.13
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 153600
+showInAdvancedViewOnly: TRUE
+adminDisplayName: memberNisNetgroup
+adminDescription: 
+ A multivalued attribute that holds the list of netgroups that are members of t
+ his netgroup.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: memberNisNetgroup
+schemaIDGUID:: 3BdqD+VT6EuUQo884vkBKg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisNetgroupTriple,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NisNetgroupTriple
+attributeID: 1.3.6.1.1.1.1.14
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 153600
+showInAdvancedViewOnly: TRUE
+adminDisplayName: nisNetgroupTriple
+adminDescription: This attribute represents one entry from a netgroup map.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: nisNetgroupTriple
+schemaIDGUID:: dC4DqO8w9U+v/A/CF3g/7A==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpServicePort,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IpServicePort
+attributeID: 1.3.6.1.1.1.1.15
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipServicePort
+adminDescription: 
+ This is a part of the services map and contains the port at which the UNIX ser
+ vice is available.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: ipServicePort
+schemaIDGUID:: v64t/2P0WkmEBT5INkHqog==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpServiceProtocol,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IpServiceProtocol
+attributeID: 1.3.6.1.1.1.1.16
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipServiceProtocol
+adminDescription: 
+ This is a part of the services map and stores the protocol number for a UNIX s
+ ervice.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: ipServiceProtocol
+schemaIDGUID:: C+yWzdYetEOya/FwtkWIPw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpProtocolNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IpProtocolNumber
+attributeID: 1.3.6.1.1.1.1.17
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipProtocolNumber
+adminDescription: 
+ This is part of the protocols map and stores the unique number that identifies
+  the protocol.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: ipProtocolNumber
+schemaIDGUID:: 68b16y0OFUSWcBCBmTtCEQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OncRpcNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: OncRpcNumber
+attributeID: 1.3.6.1.1.1.1.18
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: oncRpcNumber
+adminDescription: 
+ This is a part of the rpc map and stores the RPC number for UNIX RPCs.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: oncRpcNumber
+schemaIDGUID:: 9SVoltkBXEqgEdFa6E76VQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpHostNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IpHostNumber
+attributeID: 1.3.6.1.1.1.1.19
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipHostNumber
+adminDescription: IP address as a dotted decimal omitting leading zeros
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: ipHostNumber
+schemaIDGUID:: IbeL3tyF3k+2h5ZXaI5mfg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpNetworkNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IpNetworkNumber
+attributeID: 1.3.6.1.1.1.1.20
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipNetworkNumber
+adminDescription: IP network as a dotted decimal, omitting leading zeros
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: ipNetworkNumber
+schemaIDGUID:: 9FQ4TocwpEKoE7sMUolY0w==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpNetmaskNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IpNetmaskNumber
+attributeID: 1.3.6.1.1.1.1.21
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipNetmaskNumber
+adminDescription: IP netmask as a dotted decimal, omitting leading zeros
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: ipNetmaskNumber
+schemaIDGUID:: zU/2by5GYk+0SppTR2WeuQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MacAddress,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MacAddress
+attributeID: 1.3.6.1.1.1.1.22
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: macAddress
+adminDescription: MAC address in maximal, colon seperated hex notation
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: macAddress
+schemaIDGUID:: 3SKl5nCX4UOJ3h3lBEMo9w==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=BootParameter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: BootParameter
+attributeID: 1.3.6.1.1.1.1.23
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 10240
+showInAdvancedViewOnly: TRUE
+adminDisplayName: bootParameter
+adminDescription: rpc.bootparamd parameter
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: bootParameter
+schemaIDGUID:: UAcq13yMbkGHFOZfEekIvg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=BootFile,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: BootFile
+attributeID: 1.3.6.1.1.1.1.24
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 10240
+showInAdvancedViewOnly: TRUE
+adminDisplayName: bootFile
+adminDescription: Boot image name
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: bootFile
+schemaIDGUID:: Tsvz4yAP60KXA9L/JuUmZw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisMapName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NisMapName
+attributeID: 1.3.6.1.1.1.1.26
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: nisMapName
+adminDescription: 
+ The attribute contains the name of the map to which the object belongs.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: nisMapName
+schemaIDGUID:: eTydlpoOlU2wrL3ef/jzoQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisMapEntry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NisMapEntry
+attributeID: 1.3.6.1.1.1.1.27
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: nisMapEntry
+adminDescription: This holds one map entry of a non standard map.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: nisMapEntry
+schemaIDGUID:: biGVSsD8LkC1f1lxYmFIqQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Search-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Search-Container
+attributeID: 1.2.840.113556.1.6.18.1.300
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Search-Container
+adminDescription: 
+ stores the identifier of an object from where each search will begin
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30SearchContainer
+schemaIDGUID:: or/uJ+v7jk+q1sUCR5lCkQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Key-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Key-Attributes
+attributeID: 1.2.840.113556.1.6.18.1.301
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Key-Attributes
+adminDescription: 
+ stores the names of the attributes which the Server for NIS will use as keys t
+ o search a map
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30KeyAttributes
+schemaIDGUID:: mNbsMp7OlEihNHrXawgugw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Field-Separator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Field-Separator
+attributeID: 1.2.840.113556.1.6.18.1.302
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 50
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Field-Separator
+adminDescription: stores Field Separator for each NIS map
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30FieldSeparator
+schemaIDGUID:: QhrhooHnoUyn+uwwf2K2oQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Intra-Field-Separator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Intra-Field-Separator
+attributeID: 1.2.840.113556.1.6.18.1.303
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 50
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Intra-Field-Separator
+adminDescription: 
+ This attribute stores intra field separators for each NIS map
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30IntraFieldSeparator
+schemaIDGUID:: 8K6yleQnuUyICqLZqeojuA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Search-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Search-Attributes
+attributeID: 1.2.840.113556.1.6.18.1.304
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Search-Attributes
+adminDescription: 
+ stores the names of the attributes Server for NIS needs while searching a map
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30SearchAttributes
+schemaIDGUID:: 8C2a71cuyEiJUAzGdABHMw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Result-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Result-Attributes
+attributeID: 1.2.840.113556.1.6.18.1.305
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Result-Attributes
+adminDescription: Server for NIS uses this object as a scratch pad
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30ResultAttributes
+schemaIDGUID:: trBn4UVAM0SsNVP5ctRcug==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Map-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Map-Filter
+attributeID: 1.2.840.113556.1.6.18.1.306
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Map-Filter
+adminDescription: 
+ stores a string containing map keys, domain name and so on. The string is used
+  to filter data in a map
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30MapFilter
+schemaIDGUID:: AW6xt08CI06tDXHxpAa2hA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Master-Server-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Master-Server-Name
+attributeID: 1.2.840.113556.1.6.18.1.307
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Master-Server-Name
+adminDescription: 
+ The value in this container is returned when Server for NIS processes a yp_mas
+ ter API call
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msSFU30MasterServerName
+schemaIDGUID:: ogjJTBieDkGEWfF8xCICCg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Order-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Order-Number
+attributeID: 1.2.840.113556.1.6.18.1.308
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Order-Number
+adminDescription: 
+ Every time the data stored in the msSFU-30-Domain-Info object is changed, the 
+ value of this attribute is incremented. Server for NIS uses this object to che
+ ck if the map has changed. This number is used to track data changes between y
+ pxfer calls
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msSFU30OrderNumber
+schemaIDGUID:: BV9iAu7Rn0+zZlUma+y5XA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Name
+attributeID: 1.2.840.113556.1.6.18.1.309
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Name
+adminDescription: stores the name of a map
+oMSyntax: 22
+searchFlags: 1
+lDAPDisplayName: msSFU30Name
+schemaIDGUID:: 09HFFsI1YUCocKXO/agE8A==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Aliases,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Aliases
+attributeID: 1.2.840.113556.1.6.18.1.323
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 153600
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Aliases
+adminDescription: part of the NIS mail map
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: msSFU30Aliases
+schemaIDGUID:: cfHrIJrGMUyyndy4N9iRLQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Key-Values,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Key-Values
+attributeID: 1.2.840.113556.1.6.18.1.324
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 10240
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Key-Values
+adminDescription: 
+ This attribute is internal to Server for NIS and is used as a scratch pad
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: msSFU30KeyValues
+schemaIDGUID:: NQKDN+nl8kaSK9jUTwPnrg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Nis-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Nis-Domain
+attributeID: 1.2.840.113556.1.6.18.1.339
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Nis-Domain
+adminDescription: This attribute is used to store the NIS domain
+oMSyntax: 22
+searchFlags: 9
+lDAPDisplayName: msSFU30NisDomain
+schemaIDGUID:: 47LjnvPH+EWMnxOCvkmE0g==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Domains,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Domains
+attributeID: 1.2.840.113556.1.6.18.1.340
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 256000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Domains
+adminDescription: 
+ stores the list of UNIX NIS domains migrated to the same AD NIS domain
+oMSyntax: 22
+searchFlags: 1
+lDAPDisplayName: msSFU30Domains
+schemaIDGUID:: 014JkzBv3Uu3NGXVafX3yQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Yp-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Yp-Servers
+attributeID: 1.2.840.113556.1.6.18.1.341
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 20480
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Yp-Servers
+adminDescription: 
+ Stores ypserves list, list of "Servers for NIS" in a NIS domain
+oMSyntax: 22
+searchFlags: 1
+lDAPDisplayName: msSFU30YpServers
+schemaIDGUID:: S5RKCFDh/kuTRUDhrtrrug==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Max-Gid-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Max-Gid-Number
+attributeID: 1.2.840.113556.1.6.18.1.342
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Max-Gid-Number
+adminDescription: stores the maximum number of groups migrated to a NIS domain
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: msSFU30MaxGidNumber
+schemaIDGUID:: pmruBDv4mka/WjwA02NGaQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Max-Uid-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Max-Uid-Number
+attributeID: 1.2.840.113556.1.6.18.1.343
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Max-Uid-Number
+adminDescription: stores the maximum number of users migrated to a NIS domain
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: msSFU30MaxUidNumber
+schemaIDGUID:: N4SZ7ETZKEqFACF1iK38dQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-NSMAP-Field-Position,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-NSMAP-Field-Position
+attributeID: 1.2.840.113556.1.6.18.1.345
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-NSMAP-Field-Position
+adminDescription: 
+ This attribute stores the "field position", to extract the key from a non-stan
+ dard map
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: msSFU30NSMAPFieldPosition
+schemaIDGUID:: Xp1cWJn1B0+c+UNzr0uJ0w==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Posix-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Posix-Member
+attributeID: 1.2.840.113556.1.6.18.1.346
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2030
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Posix-Member
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute is used to store the DN display name of users which are a part 
+ of the group
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msSFU30PosixMember
+schemaIDGUID:: Ldh1yEgo7Ey7UDxUhtCdVw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Posix-Member-Of,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Posix-Member-Of
+attributeID: 1.2.840.113556.1.6.18.1.347
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2031
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Posix-Member-Of
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ stores the display names of groups to which this user belongs to
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msSFU30PosixMemberOf
+schemaIDGUID:: kmvXe0QyikOtpiT16jQ4Hg==
+systemOnly: FALSE
+systemFlags: 1
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Netgroup-Host-At-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Netgroup-Host-At-Domain
+attributeID: 1.2.840.113556.1.6.18.1.348
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Netgroup-Host-At-Domain
+adminDescription: 
+ Part of the netgroup map.This attribute represents computed strings such as ho
+ st@domain
+oMSyntax: 22
+searchFlags: 1
+lDAPDisplayName: msSFU30NetgroupHostAtDomain
+schemaIDGUID:: Zb/Sl2YEUkiiWuwg9X7jbA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Netgroup-User-At-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Netgroup-User-At-Domain
+attributeID: 1.2.840.113556.1.6.18.1.349
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Netgroup-User-At-Domain
+adminDescription: 
+ Part of the netgroup map.This attribute represents computed strings such as us
+ er@domain
+oMSyntax: 22
+searchFlags: 1
+lDAPDisplayName: msSFU30NetgroupUserAtDomain
+schemaIDGUID:: 7U7oqTDmZ0u0s8rSqC00Xg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Is-Valid-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Is-Valid-Container
+attributeID: 1.2.840.113556.1.6.18.1.350
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Is-Valid-Container
+adminDescription: 
+ internal to Server for NIS and stores whether the current search root is valid
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: msSFU30IsValidContainer
+schemaIDGUID:: 9ULqDY0nV0G0p0m1lmSRWw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Crypt-Method,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Crypt-Method
+attributeID: 1.2.840.113556.1.6.18.1.352
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Crypt-Method
+adminDescription: 
+ used to store the method used for encrypting the UNIX passwords, either MD5 or
+  crypt.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: msSFU30CryptMethod
+schemaIDGUID:: o9IDRXA9uEGwd9/xI8FYZQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Profile-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Profile-Path
+attributeID: 1.2.840.113556.1.4.1976
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Profile-Path
+adminDescription: 
+ Terminal Services Profile Path specifies a roaming or mandatory profile path t
+ o use when the user logs on to the Terminal Server. The profile path is in the
+  following network path format: \\servername\profiles folder name\username
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSProfilePath
+schemaIDGUID:: 2zBc5mwxYECjoDh7CD8JzQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Home-Directory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Home-Directory
+attributeID: 1.2.840.113556.1.4.1977
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Home-Directory
+adminDescription: 
+ Terminal Services Home Directory specifies the Home directory for the user. Ea
+ ch user on a Terminal Server has a unique home directory. This ensures that ap
+ plication information is stored separately for each user in a multi-user envir
+ onment. To set a home directory on the local computer, specify a local path; f
+ or example, C:\Path. To set a home directory in a network environment, you mus
+ t first set the TerminalServicesHomeDrive property, and then set this property
+  to a UNC path.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSHomeDirectory
+schemaIDGUID:: 8BA1XefEIkG5H6IK3ZDiRg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Home-Drive,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Home-Drive
+attributeID: 1.2.840.113556.1.4.1978
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Home-Drive
+adminDescription: 
+ Terminal Services Home Drive specifies a Home drive for the user. In a network
+  environment, this property is a string containing a drive specification (a dr
+ ive letter followed by a colon) to which the UNC path specified in the Termina
+ lServicesHomeDirectory property is mapped. To set a home directory in a networ
+ k environment, you must first set this property and then set the TerminalServi
+ cesHomeDirectory property.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSHomeDrive
+schemaIDGUID:: 2SQKX/rf2Uysv6BoDANzHg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Allow-Logon,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Allow-Logon
+attributeID: 1.2.840.113556.1.4.1979
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Allow-Logon
+adminDescription: 
+ Terminal Services Allow Logon specifies whether the user is allowed to log on 
+ to the Terminal Server. The value is 1 if logon is allowed, and 0 if logon is 
+ not allowed.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msTSAllowLogon
+schemaIDGUID:: ZNQMOlS850CTrqZGpuzEtA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Remote-Control,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Remote-Control
+attributeID: 1.2.840.113556.1.4.1980
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Remote-Control
+adminDescription: 
+ Terminal Services Remote Control specifies the whether to allow remote observa
+ tion or remote control of the user's Terminal Services session. For a descript
+ ion of these values, see the RemoteControl method of the Win32_TSRemoteControl
+ Setting WMI class. 0 - Disable, 1 - EnableInputNotify, 2 - EnableInputNoNotify
+ , 3 - EnableNoInputNotify and 4 - EnableNoInputNoNotify
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msTSRemoteControl
+schemaIDGUID:: JnIXFUKGi0aMSAPd/QBJgg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Max-Disconnection-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Max-Disconnection-Time
+attributeID: 1.2.840.113556.1.4.1981
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Max-Disconnection-Time
+adminDescription: 
+ Terminal Services Session Maximum Disconnection Time is maximum amount of time
+ , in minutes, that a disconnected Terminal Services session remains active on 
+ the Terminal Server. After the specified number of minutes have elapsed, the s
+ ession is terminated.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msTSMaxDisconnectionTime
+schemaIDGUID:: iXBvMthThEe4FEbYU1EQ0g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Max-Connection-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Max-Connection-Time
+attributeID: 1.2.840.113556.1.4.1982
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Max-Connection-Time
+adminDescription: 
+ Terminal Services Session maximum Connection Time is Maximum duration, in minu
+ tes, of the Terminal Services session. After the specified number of minutes h
+ ave elapsed, the session can be disconnected or terminated.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msTSMaxConnectionTime
+schemaIDGUID:: 4g6WHWRklU6ngeO1zV+ViA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Max-Idle-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Max-Idle-Time
+attributeID: 1.2.840.113556.1.4.1983
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Max-Idle-Time
+adminDescription: 
+ Terminal Services Session Maximum Idle Time is maximum amount of time, in minu
+ tes, that the Terminal Services session can remain idle. After the specified n
+ umber of minutes have elapsed, the session can be disconnected or terminated.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msTSMaxIdleTime
+schemaIDGUID:: nJ5z/7drDkayIeJQ894PlQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Reconnection-Action,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Reconnection-Action
+attributeID: 1.2.840.113556.1.4.1984
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Reconnection-Action
+adminDescription: 
+ Terminal Services Session Reconnection Action specifies whether to allow recon
+ nection to a disconnected Terminal Services session from any client computer. 
+ The value is 1 if reconnection is allowed from the original client computer on
+ ly, and 0 if reconnection from any client computer is allowed.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msTSReconnectionAction
+schemaIDGUID:: ytduNhg+f0yrrjUaAeS09w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Broken-Connection-Action,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Broken-Connection-Action
+attributeID: 1.2.840.113556.1.4.1985
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Broken-Connection-Action
+adminDescription: 
+ Terminal Services Session Broken Connection Action specifies the action to tak
+ e when a Terminal Services session limit is reached. The value is 1 if the cli
+ ent session should be terminated, and 0 if the client session should be discon
+ nected.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msTSBrokenConnectionAction
+schemaIDGUID:: uhv0HARWPkaU1hoSh7csow==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Connect-Client-Drives,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Connect-Client-Drives
+attributeID: 1.2.840.113556.1.4.1986
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Connect-Client-Drives
+adminDescription: 
+ Terminal Services Session Connect Client Drives At Logon specifies whether to 
+ reconnect to mapped client drives at logon. The value is 1 if reconnection is 
+ enabled, and 0 if reconnection is disabled.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msTSConnectClientDrives
+schemaIDGUID:: rypXI90p6kSw+n6EOLmkow==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Connect-Printer-Drives,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Connect-Printer-Drives
+attributeID: 1.2.840.113556.1.4.1987
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Connect-Printer-Drives
+adminDescription: 
+ Terminal Services Session Connect Printer Drives At Logon specifies whether to
+  reconnect to mapped client printers at logon. The value is 1 if reconnection 
+ is enabled, and 0 if reconnection is disabled.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msTSConnectPrinterDrives
+schemaIDGUID:: N6nmjBuHkkyyhdmdQDZoHA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Default-To-Main-Printer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Default-To-Main-Printer
+attributeID: 1.2.840.113556.1.4.1988
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Default-To-Main-Printer
+adminDescription: 
+ Terminal Services Default To Main Printer specifies whether to print automatic
+ ally to the client's default printer. The value is 1 if printing to the client
+ 's default printer is enabled, and 0 if it is disabled.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msTSDefaultToMainPrinter
+schemaIDGUID:: veL/wM/Kx02I1WHp6Vdm9g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Work-Directory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Work-Directory
+attributeID: 1.2.840.113556.1.4.1989
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Work-Directory
+adminDescription: 
+ Terminal Services Session Work Directory specifies the working directory path 
+ for the user. To set an initial application to start when the user logs on to 
+ the Terminal Server, you must first set the TerminalServicesInitialProgram pro
+ perty, and then set this property.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSWorkDirectory
+schemaIDGUID:: ZvZEpzw9yEyDS51Pb2h7iw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Initial-Program,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Initial-Program
+attributeID: 1.2.840.113556.1.4.1990
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Initial-Program
+adminDescription: 
+ Terminal Services Session Initial Program specifies the Path and file name of 
+ the application that the user wants to start automatically when the user logs 
+ on to the Terminal Server. To set an initial application to start when the use
+ r logs on, you must first set this property and then set the TerminalServicesW
+ orkDirectory property. If you set only the TerminalServicesInitialProgram prop
+ erty, the application starts in the user's session in the default user directo
+ ry.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSInitialProgram
+schemaIDGUID:: b6wBkmkd+02ALtlVEBCVmQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Endpoint-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Endpoint-Data
+attributeID: 1.2.840.113556.1.4.2070
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Endpoint-Data
+adminDescription: 
+ This attribute represents the VM Name for machine in TSV deployment.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSEndpointData
+schemaIDGUID:: B8ThQERD80CrQzYlo0pjog==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Endpoint-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Endpoint-Type
+attributeID: 1.2.840.113556.1.4.2071
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Endpoint-Type
+adminDescription: 
+ This attribute defines if the machine is a physical machine or a virtual machi
+ ne.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msTSEndpointType
+schemaIDGUID:: gN56N9jixUabzW2d7JOzXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Endpoint-Plugin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Endpoint-Plugin
+attributeID: 1.2.840.113556.1.4.2072
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Endpoint-Plugin
+adminDescription: 
+ This attribute represents the name of the plugin which handles the orchestrati
+ on.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSEndpointPlugin
+schemaIDGUID:: abUIPB+AWEGxe+Nj1q5pag==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Primary-Desktop,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Primary-Desktop
+attributeID: 1.2.840.113556.1.4.2073
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2170
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Primary-Desktop
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute represents the forward link to user's primary desktop.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msTSPrimaryDesktop
+schemaIDGUID:: lJYlKeQJN0KfcpMG6+Y6sg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Secondary-Desktops,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Secondary-Desktops
+attributeID: 1.2.840.113556.1.4.2075
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2172
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Secondary-Desktops
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute represents the array of forward links to user's secondary deskt
+ ops.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msTSSecondaryDesktops
+schemaIDGUID:: mqI69jG74Ui/qwpsWh05wg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Primary-Desktop-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Primary-Desktop-BL
+attributeID: 1.2.840.113556.1.4.2074
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2171
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Primary-Desktop-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: This attribute represents the backward link to user.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msTSPrimaryDesktopBL
+schemaIDGUID:: GNyqndFA0U6iv2ub9H09qg==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Secondary-Desktop-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Secondary-Desktop-BL
+attributeID: 1.2.840.113556.1.4.2078
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2173
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Secondary-Desktop-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: This attribute represents the backward link to user.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msTSSecondaryDesktopBL
+schemaIDGUID:: rwexNAqgWkWxOd0aGxLYrw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-Property01,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-Property01
+attributeID: 1.2.840.113556.1.4.1991
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-Property01
+adminDescription: Placeholder Terminal Server Property 01
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSProperty01
+schemaIDGUID:: d6mu+lWW10mFPfJ7t6rKDw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-Property02,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-Property02
+attributeID: 1.2.840.113556.1.4.1992
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-Property02
+adminDescription: Placeholder Terminal Server Property 02
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSProperty02
+schemaIDGUID:: rPaGNbdReEmrQvk2RjGY5w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ExpireDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ExpireDate
+attributeID: 1.2.840.113556.1.4.1993
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ExpireDate
+adminDescription: TS Expiration Date
+oMSyntax: 24
+searchFlags: 1
+lDAPDisplayName: msTSExpireDate
+schemaIDGUID:: 9U4AcMMlakSXyJlq6FZndg==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ExpireDate2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ExpireDate2
+attributeID: 1.2.840.113556.1.4.2000
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ExpireDate2
+adminDescription: Expiration date of the second TS per user CAL.
+oMSyntax: 24
+searchFlags: 1
+lDAPDisplayName: msTSExpireDate2
+schemaIDGUID:: cc/fVD+8C0+dWkskdruJJQ==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ExpireDate3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ExpireDate3
+attributeID: 1.2.840.113556.1.4.2003
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ExpireDate3
+adminDescription: Expiration date of the third TS per user CAL.
+oMSyntax: 24
+searchFlags: 1
+lDAPDisplayName: msTSExpireDate3
+schemaIDGUID:: BH+8QXK+MEm9EB80OUEjhw==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ExpireDate4,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ExpireDate4
+attributeID: 1.2.840.113556.1.4.2006
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ExpireDate4
+adminDescription: Expiration date of the fourth TS per user CAL.
+oMSyntax: 24
+searchFlags: 1
+lDAPDisplayName: msTSExpireDate4
+schemaIDGUID:: Q9wRXkogr0+gCGhjYhxvXw==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-LicenseVersion,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-LicenseVersion
+attributeID: 1.2.840.113556.1.4.1994
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-LicenseVersion
+adminDescription: TS License Version
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSLicenseVersion
+schemaIDGUID:: iUrpCi838k2uisZKK8RyeA==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-LicenseVersion2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-LicenseVersion2
+attributeID: 1.2.840.113556.1.4.2001
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-LicenseVersion2
+adminDescription: Version of the second TS per user CAL.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSLicenseVersion2
+schemaIDGUID:: A/ENS5eN2UWtaYXDCAuk5w==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-LicenseVersion3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-LicenseVersion3
+attributeID: 1.2.840.113556.1.4.2004
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-LicenseVersion3
+adminDescription: Version of the third TS per user CAL.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSLicenseVersion3
+schemaIDGUID:: gY+6+KtMc0mjyDptpipeMQ==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-LicenseVersion4,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-LicenseVersion4
+attributeID: 1.2.840.113556.1.4.2007
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-LicenseVersion4
+adminDescription: Version of the fourth TS per user CAL.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSLicenseVersion4
+schemaIDGUID:: l13KcAQjCkmKJ1JnjI0glQ==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ManagingLS,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ManagingLS
+attributeID: 1.2.840.113556.1.4.1995
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ManagingLS
+adminDescription: TS Managing License Server
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSManagingLS
+schemaIDGUID:: R8W887CFLEOawDBFBr8sgw==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ManagingLS2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ManagingLS2
+attributeID: 1.2.840.113556.1.4.2002
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ManagingLS2
+adminDescription: Issuer name of the second TS per user CAL.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSManagingLS2
+schemaIDGUID:: VwefNL1RyE+dZj7O6oolvg==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ManagingLS3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ManagingLS3
+attributeID: 1.2.840.113556.1.4.2005
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ManagingLS3
+adminDescription: Issuer name of the third TS per user CAL.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSManagingLS3
+schemaIDGUID:: wdzV+jAhh0yhGHUyLNZwUA==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ManagingLS4,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ManagingLS4
+attributeID: 1.2.840.113556.1.4.2008
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ManagingLS4
+adminDescription: Issuer name of the fourth TS per user CAL.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSManagingLS4
+schemaIDGUID:: oLaj9wchQEGzBnXLUhcx5Q==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TSLS-Property01,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TSLS-Property01
+attributeID: 1.2.840.113556.1.4.2009
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TSLS-Property01
+adminDescription: Placeholder Terminal Server License Server Property 01
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSLSProperty01
+schemaIDGUID:: kDXlhx2XUkqVW0eU0VqErg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TSLS-Property02,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TSLS-Property02
+attributeID: 1.2.840.113556.1.4.2010
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TSLS-Property02
+adminDescription: Placeholder Terminal Server License Server Property 02
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSLSProperty02
+schemaIDGUID:: sHvHR24xL06X8Q1MSPyp3Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DisablePacketPrivacy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DisablePacketPrivacy
+attributeID: 1.2.840.113556.1.6.13.3.32
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-DisablePacketPrivacy
+adminDescription: Disable packet privacy on a connection
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDFSR-DisablePacketPrivacy
+schemaIDGUID:: 5e2Eah50/UOd1qoPYVeGIQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DefaultCompressionExclusionFilter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DefaultCompressionExclusionFilter
+attributeID: 1.2.840.113556.1.6.13.3.34
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-DefaultCompressionExclusionFilter
+adminDescription: 
+ Filter string containing extensions of file types not to be compressed
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-DefaultCompressionExclusionFilter
+schemaIDGUID:: 1RuBh4vNy0WfXZgPOp4Mlw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-OnDemandExclusionFileFilter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-OnDemandExclusionFileFilter
+attributeID: 1.2.840.113556.1.6.13.3.35
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-OnDemandExclusionFileFilter
+adminDescription: Filter string applied to on demand replication files
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-OnDemandExclusionFileFilter
+schemaIDGUID:: 3FmDpoGl5k6QFVOCxg8PtA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-OnDemandExclusionDirectoryFilter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-OnDemandExclusionDirectoryFilter
+attributeID: 1.2.840.113556.1.6.13.3.36
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-OnDemandExclusionDirectoryFilter
+adminDescription: Filter string applied to on demand replication directories
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-OnDemandExclusionDirectoryFilter
+schemaIDGUID:: /zpSfRKQskmZJfkioAGGVg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Options2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Options2
+attributeID: 1.2.840.113556.1.6.13.3.37
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-Options2
+adminDescription: Object Options2
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-Options2
+schemaIDGUID:: GEPiEaZMSU+a/uXrGvo0cw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-CommonStagingPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-CommonStagingPath
+attributeID: 1.2.840.113556.1.6.13.3.38
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-CommonStagingPath
+adminDescription: Full path of the common staging directory
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-CommonStagingPath
+schemaIDGUID:: Qaxuk1fSuUu9VfMQo88JrQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-CommonStagingSizeInMb,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-CommonStagingSizeInMb
+attributeID: 1.2.840.113556.1.6.13.3.39
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: -1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-CommonStagingSizeInMb
+adminDescription: Size of the common staging directory in MB
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDFSR-CommonStagingSizeInMb
+schemaIDGUID:: DrBeE0ZIi0WOoqN1Wa/UBQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-StagingCleanupTriggerInPercent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-StagingCleanupTriggerInPercent
+attributeID: 1.2.840.113556.1.6.13.3.40
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-StagingCleanupTriggerInPercent
+adminDescription: Staging cleanup trigger in percent of free disk space
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-StagingCleanupTriggerInPercent
+schemaIDGUID:: I5xL1vrhe0azF2lk10TWMw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Comment-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Comment-v2
+attributeID: 1.2.840.113556.1.4.2036
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32766
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Comment-v2
+adminDescription: Comment associated with DFS root/link.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFS-Commentv2
+schemaIDGUID:: yc6Gt/1hI0WywVzrOGC7Mg==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Generation-GUID-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Generation-GUID-v2
+attributeID: 1.2.840.113556.1.4.2032
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Generation-GUID-v2
+adminDescription: 
+ To be updated each time the entry containing this attribute is modified.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFS-GenerationGUIDv2
+schemaIDGUID:: 2bO4NY/F1kOTDlBA8vGngQ==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Last-Modified-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Last-Modified-v2
+attributeID: 1.2.840.113556.1.4.2034
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Last-Modified-v2
+adminDescription: 
+ To be updated on each write to the entry containing the attribute.
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: msDFS-LastModifiedv2
+schemaIDGUID:: il4JPE4xW0aD9auCd7zymw==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Link-Identity-GUID-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Link-Identity-GUID-v2
+attributeID: 1.2.840.113556.1.4.2041
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Link-Identity-GUID-v2
+adminDescription: 
+ To be set only when the link is created. Stable across rename/move as long as 
+ link is not replaced by another link having same name.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFS-LinkIdentityGUIDv2
+schemaIDGUID:: 8yew7SZX7k2NTtvwfhrR8Q==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Link-Path-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Link-Path-v2
+attributeID: 1.2.840.113556.1.4.2039
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32766
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Link-Path-v2
+adminDescription: 
+ DFS link path relative to the DFS root target share (i.e. without the server/d
+ omain and DFS namespace name components). Use forward slashes (/) instead of b
+ ackslashes so that LDAP searches can be done without having to use escapes.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFS-LinkPathv2
+schemaIDGUID:: 9iGwhqsQokCiUh3AzDvmqQ==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Link-Security-Descriptor-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Link-Security-Descriptor-v2
+attributeID: 1.2.840.113556.1.4.2040
+attributeSyntax: 2.5.5.15
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Link-Security-Descriptor-v2
+adminDescription: 
+ Security descriptor of the DFS links's reparse point on the filesystem.
+oMSyntax: 66
+searchFlags: 0
+lDAPDisplayName: msDFS-LinkSecurityDescriptorv2
+schemaIDGUID:: 94fPVyY0QUizIgKztunrqA==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Namespace-Identity-GUID-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Namespace-Identity-GUID-v2
+attributeID: 1.2.840.113556.1.4.2033
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Namespace-Identity-GUID-v2
+adminDescription: 
+ To be set only when the namespace is created. Stable across rename/move as lon
+ g as namespace is not replaced by another namespace having same name.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFS-NamespaceIdentityGUIDv2
+schemaIDGUID:: zjIEIF/sMUmlJdf0r+NOaA==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Properties-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Properties-v2
+attributeID: 1.2.840.113556.1.4.2037
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Properties-v2
+adminDescription: Properties associated with DFS root/link.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFS-Propertiesv2
+schemaIDGUID:: xVs+DA7r9UCbUzNOlY3/2w==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Schema-Major-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Schema-Major-Version
+attributeID: 1.2.840.113556.1.4.2030
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 2
+rangeUpper: 2
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Schema-Major-Version
+adminDescription: Major version of schema of DFS metadata.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFS-SchemaMajorVersion
+schemaIDGUID:: VXht7EpwYU+apsSafB1Uxw==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Schema-Minor-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Schema-Minor-Version
+attributeID: 1.2.840.113556.1.4.2031
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Schema-Minor-Version
+adminDescription: Minor version of schema of DFS metadata.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFS-SchemaMinorVersion
+schemaIDGUID:: Jaf5/vHoq0O9hmoBFc6eOA==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Short-Name-Link-Path-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Short-Name-Link-Path-v2
+attributeID: 1.2.840.113556.1.4.2042
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32766
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Short-Name-Link-Path-v2
+adminDescription: 
+ Shortname DFS link path relative to the DFS root target share (i.e. without th
+ e server/domain and DFS namespace name components). Use forward slashes (/) in
+ stead of backslashes so that LDAP searches can be done without having to use e
+ scapes.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFS-ShortNameLinkPathv2
+schemaIDGUID:: 8CZ4LfdM6UKgOREQ4NnKmQ==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Target-List-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Target-List-v2
+attributeID: 1.2.840.113556.1.4.2038
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2097152
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Target-List-v2
+adminDescription: Targets corresponding to DFS root/link.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFS-TargetListv2
+schemaIDGUID:: xiaxakH6NkuAnnypFhDUjw==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Ttl-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Ttl-v2
+attributeID: 1.2.840.113556.1.4.2035
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Ttl-v2
+adminDescription: 
+ TTL associated with DFS root/link. For use at DFS referral time.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFS-Ttlv2
+schemaIDGUID:: MU2U6kqGSUOtpQYuLGFPXg==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-BridgeHead-Servers-Used,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-BridgeHead-Servers-Used
+attributeID: 1.2.840.113556.1.4.2049
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+linkID: 2160
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-BridgeHead-Servers-Used
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: List of bridge head servers used by KCC in the previous run.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-BridgeHeadServersUsed
+schemaFlagsEx: 1
+schemaIDGUID:: ZRTtPHF7QSWHgB4epiQ6gg==
+systemFlags: 25
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Used-As-Resource-Security-Attribute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Used-As-Resource-Security-Attribute
+attributeID: 1.2.840.113556.1.4.2095
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-Used-As-Resource-Security-Attribute
+adminDescription: 
+ For a resource property, this attribute indicates whether it is being used as 
+ a secure attribute.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-IsUsedAsResourceSecurityAttribute
+schemaIDGUID:: nfjJUTBHjUaitR1JMhLRfg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Possible-Values,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Possible-Values
+attributeID: 1.2.840.113556.1.4.2097
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1048576
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Possible-Values
+adminDescription: 
+ For a claim type or resource property object, this attribute describes the val
+ ues suggested to a user when the he/she use the claim type or resource propert
+ y in applications.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimPossibleValues
+schemaIDGUID:: 7u0oLnztP0Wv5JO9hvIXTw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Value-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Value-Type
+attributeID: 1.2.840.113556.1.4.2098
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Value-Type
+adminDescription: 
+ For a claim type object, specifies the value type of the claims issued.
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimValueType
+schemaIDGUID:: uRdixo7k90e31WVSuK/WGQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Attribute-Source,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Attribute-Source
+attributeID: 1.2.840.113556.1.4.2099
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Attribute-Source
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a claim type object, this attribute points to the attribute that will be u
+ sed as the source for the claim type.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimAttributeSource
+schemaIDGUID:: PhK87ua6ZkGeWymISot2sA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Type-Applies-To-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Type-Applies-To-Class
+attributeID: 1.2.840.113556.1.4.2100
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2176
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Type-Applies-To-Class
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a claim type object, this linked attribute points to the AD security princ
+ ipal classes that for which claims should be issued. (For example, a link to t
+ he user class).
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimTypeAppliesToClass
+schemaIDGUID:: TA77anbYfEOutsPkFFTCcg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Shares-Possible-Values-With,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Shares-Possible-Values-With
+attributeID: 1.2.840.113556.1.4.2101
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2178
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Shares-Possible-Values-With
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a resource property object, this attribute indicates that the suggested va
+ lues of the claims issued are defined on the object that this linked attribute
+  points to. Overrides ms-DS-Claim-Possible-Values on itself, if populated.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimSharesPossibleValuesWith
+schemaIDGUID:: OtHIUgvOV0+JKxj1pDokAA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Shares-Possible-Values-With-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Shares-Possible-Values-With-BL
+attributeID: 1.2.840.113556.1.4.2102
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2179
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Shares-Possible-Values-With-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a claim type object, this attribute indicates that the possible values des
+ cribed in ms-DS-Claim-Possible-Values are being referenced by other claim type
+  objects.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimSharesPossibleValuesWithBL
+schemaIDGUID:: 2yLVVJXs9UibvRiA67shgA==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Members-Of-Resource-Property-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Members-Of-Resource-Property-List
+attributeID: 1.2.840.113556.1.4.2103
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2180
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Members-Of-Resource-Property-List
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a resource property list object, this multi-valued link attribute points t
+ o one or more resource property objects.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-MembersOfResourcePropertyList
+schemaIDGUID:: ERw3Ta1MQUyK0rGAqyvRPA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Members-Of-Resource-Property-List-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Members-Of-Resource-Property-List-BL
+attributeID: 1.2.840.113556.1.4.2104
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2181
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Members-Of-Resource-Property-List-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-DS-Members-Of-Resource-Property-List. For a resource property 
+ object, this attribute references the resource property list object that it is
+  a member of.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-MembersOfResourcePropertyListBL
+schemaIDGUID:: BLdpdLDtaEWlpVn0hix1pw==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-CSVLK-Pid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-CSVLK-Pid
+attributeID: 1.2.840.113556.1.4.2105
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-CSVLK-Pid
+adminDescription: ID of CSVLK product-key used to create the Activation Object
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSPP-CSVLKPid
+schemaIDGUID:: DVF/tFBr4Ue1VncseeT/xA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-CSVLK-Partial-Product-Key,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-CSVLK-Partial-Product-Key
+attributeID: 1.2.840.113556.1.4.2106
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 5
+rangeUpper: 5
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-CSVLK-Partial-Product-Key
+adminDescription: 
+ Last 5 characters of CSVLK product-key used to create the Activation Object
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSPP-CSVLKPartialProductKey
+schemaIDGUID:: kbABplKGOkWzhoetI5t8CA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-CSVLK-Sku-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-CSVLK-Sku-Id
+attributeID: 1.2.840.113556.1.4.2081
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-CSVLK-Sku-Id
+adminDescription: 
+ SKU ID of CSVLK product-key used to create the Activation Object
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msSPP-CSVLKSkuId
+schemaIDGUID:: OfeElnh7bUeNdDGtdpLu9A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-KMS-Ids,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-KMS-Ids
+attributeID: 1.2.840.113556.1.4.2082
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-KMS-Ids
+adminDescription: KMS IDs enabled by the Activation Object
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msSPP-KMSIds
+schemaIDGUID:: 2j5mm0I11kad8DFAJa8rrA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Installation-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-Installation-Id
+attributeID: 1.2.840.113556.1.4.2083
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-Installation-Id
+adminDescription: 
+ Installation ID (IID) used for phone activation of the Active Directory forest
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSPP-InstallationId
+schemaIDGUID:: FLG/aXtAOUeiE8ZjgCs+Nw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Confirmation-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-Confirmation-Id
+attributeID: 1.2.840.113556.1.4.2084
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-Confirmation-Id
+adminDescription: 
+ Confirmation ID (CID) used for phone activation of the Active Directory forest
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSPP-ConfirmationId
+schemaIDGUID:: xJeHbtqsSUqHQLC9Bam4MQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Online-License,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-Online-License
+attributeID: 1.2.840.113556.1.4.2085
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 5242880
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-Online-License
+adminDescription: 
+ License used during online activation of the Active Directory forest
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msSPP-OnlineLicense
+schemaIDGUID:: jjaPCRJIzUivt6E2uWgH7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Phone-License,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-Phone-License
+attributeID: 1.2.840.113556.1.4.2086
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 5242880
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-Phone-License
+adminDescription: 
+ License used during phone activation of the Active Directory forest
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msSPP-PhoneLicense
+schemaIDGUID:: EtnkZ2LzUkCMeUL0W6eyIQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Config-License,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-Config-License
+attributeID: 1.2.840.113556.1.4.2087
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 5242880
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-Config-License
+adminDescription: 
+ Product-key configuration license used during online/phone activation of the A
+ ctive Directory forest
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msSPP-ConfigLicense
+schemaIDGUID:: tcRTA5nRsECzxd6zL9nsBg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Issuance-License,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-Issuance-License
+attributeID: 1.2.840.113556.1.4.2088
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 5242880
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-Issuance-License
+adminDescription: 
+ Issuance license used during online/phone activation of the Active Directory f
+ orest
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msSPP-IssuanceLicense
+schemaIDGUID:: obN1EK+70kmujcTyXIIzAw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TPM-Srk-Pub-Thumbprint,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TPM-Srk-Pub-Thumbprint
+attributeID: 1.2.840.113556.1.4.2107
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 20
+showInAdvancedViewOnly: TRUE
+adminDisplayName: TPM-SrkPubThumbprint
+adminDescription: 
+ This attribute contains the thumbprint of the SrkPub corresponding to a partic
+ ular TPM. This helps to index the TPM devices in the directory.
+oMSyntax: 4
+searchFlags: 11
+lDAPDisplayName: msTPM-SrkPubThumbprint
+schemaIDGUID:: 6wbXGXZNokSF1hw0K+O+Nw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TPM-Owner-Information-Temp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TPM-Owner-Information-Temp
+attributeID: 1.2.840.113556.1.4.2108
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: TPM-OwnerInformationTemp
+adminDescription: 
+ This attribute contains temporary owner information for a particular TPM.
+oMSyntax: 64
+searchFlags: 640
+lDAPDisplayName: msTPM-OwnerInformationTemp
+schemaIDGUID:: nYCUyBO1+E+IEfT0P1rHvA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TPM-Tpm-Information-For-Computer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TPM-Tpm-Information-For-Computer
+attributeID: 1.2.840.113556.1.4.2109
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2182
+showInAdvancedViewOnly: TRUE
+adminDisplayName: TPM-TpmInformationForComputer
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: This attribute links a Computer object to a TPM object.
+oMSyntax: 127
+searchFlags: 16
+lDAPDisplayName: msTPM-TpmInformationForComputer
+schemaIDGUID:: k3sb6khe1Ua8bE30/aeKNQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TPM-Tpm-Information-For-Computer-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TPM-Tpm-Information-For-Computer-BL
+attributeID: 1.2.840.113556.1.4.2110
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2183
+showInAdvancedViewOnly: TRUE
+adminDisplayName: TPM-TpmInformationForComputerBL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute links a TPM object to the Computer objects associated with it.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msTPM-TpmInformationForComputerBL
+schemaIDGUID:: yYT6FM2OSEO8kW087Ucqtw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Keymaster-Zones,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Keymaster-Zones
+attributeID: 1.2.840.113556.1.4.2128
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Keymaster-Zones
+adminDescription: 
+ A list of Active Directory-integrated zones for which the DNS server is the ke
+ ymaster.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDNS-KeymasterZones
+schemaIDGUID:: O93gCxoEjEGs6S8X0j6dQg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Is-Signed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Is-Signed
+attributeID: 1.2.840.113556.1.4.2130
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Is-Signed
+adminDescription: 
+ An attribute used to define whether or not the DNS zone is signed.
+oMSyntax: 1
+searchFlags: 8
+lDAPDisplayName: msDNS-IsSigned
+schemaIDGUID:: TIUSqvzYXk2RyjaLjYKb7g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Sign-With-NSEC3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Sign-With-NSEC3
+attributeID: 1.2.840.113556.1.4.2131
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Sign-With-NSEC3
+adminDescription: 
+ An attribute used to define whether or not the DNS zone is signed with NSEC3.
+oMSyntax: 1
+searchFlags: 8
+lDAPDisplayName: msDNS-SignWithNSEC3
+schemaIDGUID:: mSGfx6Ft/0aSPB8/gAxyHg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-NSEC3-OptOut,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-NSEC3-OptOut
+attributeID: 1.2.840.113556.1.4.2132
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-NSEC3-OptOut
+adminDescription: 
+ An attribute used to define whether or not the DNS zone should be signed using
+  NSEC opt-out.
+oMSyntax: 1
+searchFlags: 8
+lDAPDisplayName: msDNS-NSEC3OptOut
+schemaIDGUID:: iCDqe+KMPEKxkWbsUGsVlQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Maintain-Trust-Anchor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Maintain-Trust-Anchor
+attributeID: 1.2.840.113556.1.4.2133
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Maintain-Trust-Anchor
+adminDescription: 
+ An attribute used to define the type of trust anchor to automatically publish 
+ in the forest-wide trust anchor store when the DNS zone is signed.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-MaintainTrustAnchor
+schemaIDGUID:: wWPADdlSVkSeFZwkNKr9lA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-DS-Record-Algorithms,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-DS-Record-Algorithms
+attributeID: 1.2.840.113556.1.4.2134
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-DS-Record-Algorithms
+adminDescription: 
+ An attribute used to define the algorithms used when writing the dsset file du
+ ring zone signing.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-DSRecordAlgorithms
+schemaIDGUID:: 0npbXPogu0S+szS5wPZVeQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-RFC5011-Key-Rollovers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-RFC5011-Key-Rollovers
+attributeID: 1.2.840.113556.1.4.2135
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-RFC5011-Key-Rollovers
+adminDescription: 
+ An attribute that defines whether or not the DNS zone should be maintained usi
+ ng key rollover procedures defined in RFC 5011.
+oMSyntax: 1
+searchFlags: 8
+lDAPDisplayName: msDNS-RFC5011KeyRollovers
+schemaIDGUID:: QDzZJ1oGwEO92M3yx9Egqg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-NSEC3-Hash-Algorithm,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-NSEC3-Hash-Algorithm
+attributeID: 1.2.840.113556.1.4.2136
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-NSEC3-Hash-Algorithm
+adminDescription: 
+ An attribute that defines the NSEC3 hash algorithm to use when signing the DNS
+  zone.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-NSEC3HashAlgorithm
+schemaIDGUID:: UlWe/7d9OEGIiAXOMgoDIw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-NSEC3-Random-Salt-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-NSEC3-Random-Salt-Length
+attributeID: 1.2.840.113556.1.4.2137
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-NSEC3-Random-Salt-Length
+adminDescription: 
+ An attribute that defines the length in bytes of the random salt used when sig
+ ning the DNS zone.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-NSEC3RandomSaltLength
+schemaIDGUID:: ZRY2E2yR502lnbHrvQ3hKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-NSEC3-Iterations,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-NSEC3-Iterations
+attributeID: 1.2.840.113556.1.4.2138
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 10000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-NSEC3-Iterations
+adminDescription: 
+ An attribute that defines how many NSEC3 hash iterations to perform when signi
+ ng the DNS zone.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-NSEC3Iterations
+schemaIDGUID:: qwq3gFmJwE6OkxJudt86yg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-DNSKEY-Record-Set-TTL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-DNSKEY-Record-Set-TTL
+attributeID: 1.2.840.113556.1.4.2139
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2592000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-DNSKEY-Record-Set-TTL
+adminDescription: 
+ An attribute that defines the time-to-live (TTL) value assigned to DNSKEY reco
+ rds when signing the DNS zone.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-DNSKEYRecordSetTTL
+schemaIDGUID:: fzFOj9coLESm3x9JH5ezJg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-DS-Record-Set-TTL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-DS-Record-Set-TTL
+attributeID: 1.2.840.113556.1.4.2140
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2592000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-DS-Record-Set-TTL
+adminDescription: 
+ An attribute that defines the time-to-live (TTL) value assigned to DS records 
+ when signing the DNS zone.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-DSRecordSetTTL
+schemaIDGUID:: fJuGKcRk/kKX1fvC+hJBYA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Signature-Inception-Offset,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Signature-Inception-Offset
+attributeID: 1.2.840.113556.1.4.2141
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2592000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Signature-Inception-Offset
+adminDescription: 
+ An attribute that defines in seconds how far in the past DNSSEC signature vali
+ dity periods should begin when signing the DNS zone.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-SignatureInceptionOffset
+schemaIDGUID:: LsPUAxfiYUqWmXu8RymgJg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Secure-Delegation-Polling-Period,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Secure-Delegation-Polling-Period
+attributeID: 1.2.840.113556.1.4.2142
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2592000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Secure-Delegation-Polling-Period
+adminDescription: 
+ An attribute that defines in seconds the time between polling attempts for chi
+ ld zone key rollovers.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-SecureDelegationPollingPeriod
+schemaIDGUID:: vvCw9uSoaESP2cPEe4ci+Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Signing-Key-Descriptors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Signing-Key-Descriptors
+attributeID: 1.2.840.113556.1.4.2143
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 10000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Signing-Key-Descriptors
+adminDescription: 
+ An attribute that contains the set of DNSSEC Signing Key Descriptors (SKDs) us
+ ed by the DNS server to generate keys and sign the DNS zone.
+oMSyntax: 4
+searchFlags: 8
+lDAPDisplayName: msDNS-SigningKeyDescriptors
+schemaIDGUID:: zdhDNLblO0+wmGWaAhSgeQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Signing-Keys,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Signing-Keys
+attributeID: 1.2.840.113556.1.4.2144
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 10000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Signing-Keys
+adminDescription: 
+ An attribute that contains the set of encrypted DNSSEC signing keys used by th
+ e DNS server to sign the DNS zone.
+oMSyntax: 4
+searchFlags: 8
+lDAPDisplayName: msDNS-SigningKeys
+schemaIDGUID:: bT5nt9nKnk6zGmPoCY/dYw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-DNSKEY-Records,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-DNSKEY-Records
+attributeID: 1.2.840.113556.1.4.2145
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 10000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-DNSKEY-Records
+adminDescription: 
+ An attribute that contains the DNSKEY record set for the root of the DNS zone 
+ and the root key signing key signature records.
+oMSyntax: 4
+searchFlags: 8
+lDAPDisplayName: msDNS-DNSKEYRecords
+schemaIDGUID:: 9VjEKC1gyUqnfLPxvlA6fg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Parent-Has-Secure-Delegation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Parent-Has-Secure-Delegation
+attributeID: 1.2.840.113556.1.4.2146
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Parent-Has-Secure-Delegation
+adminDescription: 
+ An attribute used to define whether the parental delegation to the DNS zone is
+  secure.
+oMSyntax: 1
+searchFlags: 8
+lDAPDisplayName: msDNS-ParentHasSecureDelegation
+schemaIDGUID:: ZGlcKBrBnkmW2L98daIjxg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Propagation-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Propagation-Time
+attributeID: 1.2.840.113556.1.4.2147
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Propagation-Time
+adminDescription: 
+ An attribute used to define in seconds the expected time required to propagate
+  zone changes through Active Directory.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-PropagationTime
+schemaIDGUID:: Rw00uoEhoEyi9vrkR52rKg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-NSEC3-User-Salt,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-NSEC3-User-Salt
+attributeID: 1.2.840.113556.1.4.2148
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 510
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-NSEC3-User-Salt
+adminDescription: 
+ An attribute that defines a user-specified NSEC3 salt string to use when signi
+ ng the DNS zone. If empty, random salt will be used.
+oMSyntax: 64
+searchFlags: 8
+lDAPDisplayName: msDNS-NSEC3UserSalt
+schemaIDGUID:: cGfxryKWvE+hKDCId3YFuQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-NSEC3-Current-Salt,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-NSEC3-Current-Salt
+attributeID: 1.2.840.113556.1.4.2149
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 510
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-NSEC3-Current-Salt
+adminDescription: 
+ An attribute that defines the current NSEC3 salt string being used to sign the
+  DNS zone.
+oMSyntax: 64
+searchFlags: 8
+lDAPDisplayName: msDNS-NSEC3CurrentSalt
+schemaIDGUID:: MpR9ONGmdESCzQqJquCErg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Effective-Security-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Authz-Effective-Security-Policy
+attributeID: 1.2.840.113556.1.4.2150
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Security-Policy
+adminDescription: 
+ For a central access rule, this attribute defines the permission that is apply
+ ing to the target resources on the central access rule.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msAuthz-EffectiveSecurityPolicy
+schemaIDGUID:: GRmDB5SPtk+KQpFUXcza0w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Proposed-Security-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Authz-Proposed-Security-Policy
+attributeID: 1.2.840.113556.1.4.2151
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Proposed-Security-Policy
+adminDescription: 
+ For a Central Access Policy Entry, defines the proposed security policy of the
+  objects the CAPE is applied to.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msAuthz-ProposedSecurityPolicy
+schemaIDGUID:: zr5GubUJakuyWktjozDoDg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Last-Effective-Security-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Authz-Last-Effective-Security-Policy
+attributeID: 1.2.840.113556.1.4.2152
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Last-Effective-Security-Policy
+adminDescription: 
+ For a central access rule, this attribute defines the permission that was last
+  applied to the objects the Central Access Rule is applied to.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msAuthz-LastEffectiveSecurityPolicy
+schemaIDGUID:: xoUWji8+okiljVrw6nifoA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Resource-Condition,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Authz-Resource-Condition
+attributeID: 1.2.840.113556.1.4.2153
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Resource-Condition
+adminDescription: 
+ For a central access rule, this attribute is an expression that identifies the
+  scope of the target resource to which the policy applies.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msAuthz-ResourceCondition
+schemaIDGUID:: d3iZgHT4aEyGTW5QioO9vQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Central-Access-Policy-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Authz-Central-Access-Policy-ID
+attributeID: 1.2.840.113556.1.4.2154
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Central-Access-Policy-ID
+adminDescription: 
+ For a Central Access Policy, this attribute defines a GUID that can be used to
+  identify the set of policies when applied to a resource.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msAuthz-CentralAccessPolicyID
+schemaIDGUID:: YJvyYnS+MEaUVi9mkZk6hg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Member-Rules-In-Central-Access-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Authz-Member-Rules-In-Central-Access-Policy
+attributeID: 1.2.840.113556.1.4.2155
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2184
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Member-Rules-In-Central-Access-Policy
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a central access policy, this attribute identifies the central access rule
+ s that comprise the policy.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msAuthz-MemberRulesInCentralAccessPolicy
+schemaIDGUID:: ei/yV343w0KYcs7G8h0uPg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Member-Rules-In-Central-Access-Policy-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Authz-Member-Rules-In-Central-Access-Policy-BL
+attributeID: 1.2.840.113556.1.4.2156
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2185
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Member-Rules-In-Central-Access-Policy-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-Authz-Member-Rules-In-Central-Access-Policy. For a central acc
+ ess rule object, this attribute references one or more central access policies
+  that point to it.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msAuthz-MemberRulesInCentralAccessPolicyBL
+schemaIDGUID:: z2duUd3+lES7OrxQapSIkQ==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Source,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Source
+attributeID: 1.2.840.113556.1.4.2157
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Source
+adminDescription: 
+ For a claim type, this attribute indicates the source of the claim type. For e
+ xample, the source can be certificate.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimSource
+schemaIDGUID:: pvIy+ovy0Ee/kWY+j5EKcg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Source-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Source-Type
+attributeID: 1.2.840.113556.1.4.2158
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Source-Type
+adminDescription: 
+ For a security principal claim type, lists the type of store the issued claim 
+ is sourced from
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimSourceType
+schemaIDGUID:: BZzxkvqNIkK70SxPAUh3VA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Is-Value-Space-Restricted,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Is-Value-Space-Restricted
+attributeID: 1.2.840.113556.1.4.2159
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Is-Value-Space-Restricted
+adminDescription: 
+ For a claim type, this attribute identifies whether a user can input values ot
+ her than those described in the msDS-ClaimPossibleValues in applications.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimIsValueSpaceRestricted
+schemaIDGUID:: x+QsDMPxgkSFeMYNS7dEIg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Is-Single-Valued,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Is-Single-Valued
+attributeID: 1.2.840.113556.1.4.2160
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Is-Single-Valued
+adminDescription: 
+ For a claim type object, this attribute identifies if the claim type or resour
+ ce property can only contain single value.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimIsSingleValued
+schemaIDGUID:: uZ94zbSWSEaCGco3gWGvOA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Generation-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Generation-Id
+attributeID: 1.2.840.113556.1.4.2166
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Generation-Id
+adminDescription: 
+ For virtual machine snapshot resuming detection. This attribute represents the
+  VM Generation ID.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-GenerationId
+schemaIDGUID:: PTldHreMT0uECpc7NswJww==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Primary-Computer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Primary-Computer
+attributeID: 1.2.840.113556.1.4.2167
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2186
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Primary-Computer
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a user or group object, identifies the primary computers.
+oMSyntax: 127
+searchFlags: 1
+lDAPDisplayName: msDS-PrimaryComputer
+schemaIDGUID:: 4vQ9obDb60yCi4suFD6egQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Primary-Computer-For,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Primary-Computer-For
+attributeID: 1.2.840.113556.1.4.2168
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2187
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-Primary-Computer-For
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Backlink atribute for msDS-IsPrimaryComputer.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-IsPrimaryComputerFor
+schemaIDGUID:: rAaMmYc/TkSl3xGwPcilDA==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-KDF-AlgorithmID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-KDF-AlgorithmID
+attributeID: 1.2.840.113556.1.4.2169
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 200
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-KDF-AlgorithmID
+adminDescription: 
+ The algorithm name of the key derivation function used to compute keys.
+oMSyntax: 64
+searchFlags: 640
+lDAPDisplayName: msKds-KDFAlgorithmID
+schemaIDGUID:: skgs203RTuyfWK1XnYtEDg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-KDF-Param,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-KDF-Param
+attributeID: 1.2.840.113556.1.4.2170
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 2000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-KDF-Param
+adminDescription: Parameters for the key derivation algorithm.
+oMSyntax: 4
+searchFlags: 640
+lDAPDisplayName: msKds-KDFParam
+schemaIDGUID:: cgeAirj0TxW0HC5Cce/3pw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-SecretAgreement-AlgorithmID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-SecretAgreement-AlgorithmID
+attributeID: 1.2.840.113556.1.4.2171
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 200
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-SecretAgreement-AlgorithmID
+adminDescription: 
+ The name of the secret agreement algorithm to be used with public keys.
+oMSyntax: 64
+searchFlags: 640
+lDAPDisplayName: msKds-SecretAgreementAlgorithmID
+schemaIDGUID:: XZcCF14iSsuxXQ2uqLXpkA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-SecretAgreement-Param,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-SecretAgreement-Param
+attributeID: 1.2.840.113556.1.4.2172
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 2000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-SecretAgreement-Param
+adminDescription: The parameters for the secret agreement algorithm.
+oMSyntax: 4
+searchFlags: 640
+lDAPDisplayName: msKds-SecretAgreementParam
+schemaIDGUID:: 2ZmwMP7tSXW4B+ukRNp56Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-PublicKey-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-PublicKey-Length
+attributeID: 1.2.840.113556.1.4.2173
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-PublicKey-Length
+adminDescription: The length of the secret agreement public key.
+oMSyntax: 2
+searchFlags: 640
+lDAPDisplayName: msKds-PublicKeyLength
+schemaIDGUID:: cPQ44805SUWrW/afnlg/4A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-PrivateKey-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-PrivateKey-Length
+attributeID: 1.2.840.113556.1.4.2174
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-PrivateKey-Length
+adminDescription: The length of the secret agreement private key.
+oMSyntax: 2
+searchFlags: 640
+lDAPDisplayName: msKds-PrivateKeyLength
+schemaIDGUID:: oUJfYec3SBGg3TAH4Jz8gQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-RootKeyData,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-RootKeyData
+attributeID: 1.2.840.113556.1.4.2175
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-RootKeyData
+adminDescription: Root key.
+oMSyntax: 4
+searchFlags: 640
+lDAPDisplayName: msKds-RootKeyData
+schemaIDGUID:: J3xiJqIIQAqhsY3OhbQpkw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-Version
+attributeID: 1.2.840.113556.1.4.2176
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-Version
+adminDescription: Version number of this root key.
+oMSyntax: 2
+searchFlags: 640
+lDAPDisplayName: msKds-Version
+schemaIDGUID:: QHPw1bDmSh6Xvg0zGL2dsQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-DomainID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-DomainID
+attributeID: 1.2.840.113556.1.4.2177
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-DomainID
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Distinguished name of the Domain Controller which generated this root key.
+oMSyntax: 127
+searchFlags: 640
+lDAPDisplayName: msKds-DomainID
+schemaIDGUID:: ggRAlgfPTOmQ6PLvxPBJXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-UseStartTime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-UseStartTime
+attributeID: 1.2.840.113556.1.4.2178
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-UseStartTime
+adminDescription: The time after which this root key may be used.
+oMSyntax: 65
+searchFlags: 640
+lDAPDisplayName: msKds-UseStartTime
+schemaIDGUID:: fwTcbCL1SreanNlayM39og==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-CreateTime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-CreateTime
+attributeID: 1.2.840.113556.1.4.2179
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-CreateTime
+adminDescription: The time when this root key was created.
+oMSyntax: 65
+searchFlags: 640
+lDAPDisplayName: msKds-CreateTime
+schemaIDGUID:: nxEYrpBjRQCzLZfbxwGu9w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Imaging-Thumbprint-Hash,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Imaging-Thumbprint-Hash
+attributeID: 1.2.840.113556.1.4.2180
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Imaging-Thumbprint-Hash
+adminDescription: 
+ Contains a hash of the security certificate for the Scan Repository/Secure Pri
+ nt Device.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msImaging-ThumbprintHash
+schemaIDGUID:: xdvfnAQDaUWV9sT2Y/5a5g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Imaging-Hash-Algorithm,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Imaging-Hash-Algorithm
+attributeID: 1.2.840.113556.1.4.2181
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Imaging-Hash-Algorithm
+adminDescription: 
+ Contains the name of the hash algorithm used to create the Thumbprint Hash for
+  the Scan Repository/Secure Print Device.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msImaging-HashAlgorithm
+schemaIDGUID:: tQ3nigZklkGS/vO7VXUgpw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Allowed-To-Act-On-Behalf-Of-Other-Identity,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Allowed-To-Act-On-Behalf-Of-Other-Identity
+attributeID: 1.2.840.113556.1.4.2182
+attributeSyntax: 2.5.5.15
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Allowed-To-Act-On-Behalf-Of-Other-Identity
+adminDescription: 
+ This attribute is used for access checks to determine if a requestor has permi
+ ssion to act on the behalf of other identities to services running as this acc
+ ount.
+oMSyntax: 66
+searchFlags: 0
+lDAPDisplayName: msDS-AllowedToActOnBehalfOfOtherIdentity
+schemaFlagsEx: 1
+schemaIDGUID:: 5cN4P5r3vUaguJ0YEW3ceQ==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-ManagedPassword,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-ManagedPassword
+attributeID: 1.2.840.113556.1.4.2196
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-ManagedPassword
+adminDescription: This attribute is the managed password data for a group MSA.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ManagedPassword
+schemaFlagsEx: 1
+schemaIDGUID:: hu1i4yi3QgiyfS3qep3yGA==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-ManagedPasswordId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-ManagedPasswordId
+attributeID: 1.2.840.113556.1.4.2197
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-ManagedPasswordId
+adminDescription: 
+ This attribute is the identifier for the current managed password data for a g
+ roup MSA.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ManagedPasswordId
+schemaFlagsEx: 1
+schemaIDGUID:: Wil4DtPGQAq0kdYiUf+gpg==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-ManagedPasswordPreviousId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-ManagedPasswordPreviousId
+attributeID: 1.2.840.113556.1.4.2198
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-ManagedPasswordPreviousId
+adminDescription: 
+ This attribute is the identifier for the previous managed password data for a 
+ group MSA.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ManagedPasswordPreviousId
+schemaFlagsEx: 1
+schemaIDGUID:: MSHW0EotT9CZ2RxjZGIppA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-ManagedPasswordInterval,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-ManagedPasswordInterval
+attributeID: 1.2.840.113556.1.4.2199
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-ManagedPasswordInterval
+adminDescription: 
+ This attribute is used to retrieve the number of days before a managed passwor
+ d is automatically changed for a group MSA.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-ManagedPasswordInterval
+schemaFlagsEx: 1
+schemaIDGUID:: 9451+HasQ4ii7qJrTcr0CQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-GroupMSAMembership,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-GroupMSAMembership
+attributeID: 1.2.840.113556.1.4.2200
+attributeSyntax: 2.5.5.15
+isSingleValued: TRUE
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-GroupMSAMembership
+adminDescription: 
+ This attribute is used for access checks to determine if a requestor has permi
+ ssion to retrieve the password for a group MSA.
+oMSyntax: 66
+searchFlags: 0
+lDAPDisplayName: msDS-GroupMSAMembership
+schemaFlagsEx: 1
+schemaIDGUID:: 1u2OiATOQN+0YrilDkG6OA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-GeoCoordinates-Altitude,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-GeoCoordinates-Altitude
+attributeID: 1.2.840.113556.1.4.2183
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-GeoCoordinates-Altitude
+adminDescription: ms-DS-GeoCoordinates-Altitude
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: msDS-GeoCoordinatesAltitude
+schemaIDGUID:: twMXoUFWnE2GPl+zMl504A==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-GeoCoordinates-Latitude,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-GeoCoordinates-Latitude
+attributeID: 1.2.840.113556.1.4.2184
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-GeoCoordinates-Latitude
+adminDescription: ms-DS-GeoCoordinates-Latitude
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: msDS-GeoCoordinatesLatitude
+schemaIDGUID:: TtRm3EM99UCFxTwS4WmSfg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-GeoCoordinates-Longitude,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-GeoCoordinates-Longitude
+attributeID: 1.2.840.113556.1.4.2185
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-GeoCoordinates-Longitude
+adminDescription: ms-DS-GeoCoordinates-Longitude
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: msDS-GeoCoordinatesLongitude
+schemaIDGUID:: ECHElOS66kyFd6+BOvXaJQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Transformation-Rules,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Transformation-Rules
+attributeID: 1.2.840.113556.1.4.2189
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Transformation-Rules
+adminDescription: 
+ Specifies the Transformation Rules for Cross-Forest Claims Transformation.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-TransformationRules
+schemaFlagsEx: 1
+schemaIDGUID:: cSuHVbLESDuuUUCV+R7GAA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Ingress-Claims-Transformation-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Ingress-Claims-Transformation-Policy
+attributeID: 1.2.840.113556.1.4.2191
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2190
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Ingress-Claims-Transformation-Policy
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This is a link to a Claims Transformation Policy Object for the ingress claims
+  (claims entering this forest) from the Trusted Domain. This is applicable onl
+ y for an outgoing or bidirectional Cross-Forest Trust. If this link is absent,
+  all the ingress claims are dropped.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-IngressClaimsTransformationPolicy
+schemaFlagsEx: 1
+schemaIDGUID:: CEwohm4MQBWLFXUUfSPSDQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Egress-Claims-Transformation-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Egress-Claims-Transformation-Policy
+attributeID: 1.2.840.113556.1.4.2192
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2192
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Egress-Claims-Transformation-Policy
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This is a link to a Claims Transformation Policy Object for the egress claims 
+ (claims leaving this forest) to the Trusted Domain. This is applicable only fo
+ r an incoming or bidirectional Cross-Forest Trust. When this link is not prese
+ nt, all claims are allowed to egress as-is.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-EgressClaimsTransformationPolicy
+schemaFlagsEx: 1
+schemaIDGUID:: fkI3wXOaQLCRkBsJW7QyiA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-TDO-Egress-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-TDO-Egress-BL
+attributeID: 1.2.840.113556.1.4.2194
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2193
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-TDO-Egress-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Backlink to TDO Egress rules link on object.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-TDOEgressBL
+schemaFlagsEx: 1
+schemaIDGUID:: KWIA1ROZQiKLF4N2HR4OWw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-TDO-Ingress-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-TDO-Ingress-BL
+attributeID: 1.2.840.113556.1.4.2193
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2191
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-TDO-Ingress-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Backlink to TDO Ingress rules link on object.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-TDOIngressBL
+schemaFlagsEx: 1
+schemaIDGUID:: oWFWWsaXS1SAVuQw/nvFVA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Transformation-Rules-Compiled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Transformation-Rules-Compiled
+attributeID: 1.2.840.113556.1.4.2190
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Transformation-Rules-Compiled
+adminDescription: Blob containing compiled transformation rules.
+oMSyntax: 4
+searchFlags: 128
+lDAPDisplayName: msDS-TransformationRulesCompiled
+schemaFlagsEx: 1
+schemaIDGUID:: EJq0C2tTTbyicwurDdS9EA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Applies-To-Resource-Types,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Applies-To-Resource-Types
+attributeID: 1.2.840.113556.1.4.2195
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Applies-To-Resource-Types
+adminDescription: 
+ For a resource property, this attribute indicates what resource types this res
+ ource property applies to.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AppliesToResourceTypes
+schemaFlagsEx: 1
+schemaIDGUID:: BiA/aWRXSj2EOVjwSqtLWQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-RID-Pool-Allocation-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-RID-Pool-Allocation-Enabled
+attributeID: 1.2.840.113556.1.4.2213
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-RID-Pool-Allocation-Enabled
+adminDescription: 
+ This attribute indicates whether RID pool allocation is enabled or not.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-RIDPoolAllocationEnabled
+schemaFlagsEx: 1
+schemaIDGUID:: jHyXJLfBQDO09is3XrcR1w==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute1,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute1
+attributeID: 1.2.840.113556.1.4.2214
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute1
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute1
+schemaIDGUID:: r+oJl9pJsk2QigRG5eq4RA==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute2
+attributeID: 1.2.840.113556.1.4.2215
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute2
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute2
+schemaIDGUID:: rOBO88HAqUuCyRqQdS8WpQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute3
+attributeID: 1.2.840.113556.1.4.2216
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute3
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute3
+schemaIDGUID:: Gsj2gtr6DUqw93BtRoOOtQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute4,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute4
+attributeID: 1.2.840.113556.1.4.2217
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute4
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute4
+schemaIDGUID:: NzS/nG5OW0iykSKwJVQnPw==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute5,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute5
+attributeID: 1.2.840.113556.1.4.2218
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute5
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute5
+schemaIDGUID:: W+gVKUfjUkiquyLlplHIZA==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute6,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute6
+attributeID: 1.2.840.113556.1.4.2219
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute6
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute6
+schemaIDGUID:: eSZFYOEo7Eus43EoMzYUVg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute7,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute7
+attributeID: 1.2.840.113556.1.4.2220
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute7
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute7
+schemaIDGUID:: GRN8Sk7jwkCdAGD/eJDyBw==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute8,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute8
+attributeID: 1.2.840.113556.1.4.2221
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute8
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute8
+schemaIDGUID:: FMXRPEmEykSBwAIXgYANKg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute9,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute9
+attributeID: 1.2.840.113556.1.4.2222
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute9
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute9
+schemaIDGUID:: LOFjCkAwQUSuJs2Vrw0kfg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute10,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute10
+attributeID: 1.2.840.113556.1.4.2223
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute10
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute10
+schemaIDGUID:: s/wKZ70T/EeQswpSftgatw==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute11,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute11
+attributeID: 1.2.840.113556.1.4.2224
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute11
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute11
+schemaIDGUID:: yLuenqV9pkKJJSROEqVuJA==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute12,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute12
+attributeID: 1.2.840.113556.1.4.2225
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute12
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute12
+schemaIDGUID:: PcQBPAvhyk+Sskz2FdWwmg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute13,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute13
+attributeID: 1.2.840.113556.1.4.2226
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute13
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute13
+schemaIDGUID:: S0a+KJCreUumsN9DdDHQNg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute14,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute14
+attributeID: 1.2.840.113556.1.4.2227
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute14
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute14
+schemaIDGUID:: ura8zoBuJ0mFYJj+yghqnw==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute15,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute15
+attributeID: 1.2.840.113556.1.4.2228
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute15
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute15
+schemaIDGUID:: N9XkqvCKqk2cxmLq24T/Aw==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute16,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute16
+attributeID: 1.2.840.113556.1.4.2229
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute16
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute16
+schemaIDGUID:: WyGBlZZRU0ChHm/8r8YsTQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute17,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute17
+attributeID: 1.2.840.113556.1.4.2230
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute17
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute17
+schemaIDGUID:: 2m08PehrKUKWfi/1u5O0zg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute18,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute18
+attributeID: 1.2.840.113556.1.4.2231
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute18
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute18
+schemaIDGUID:: NDvniKYKaUSYQm6wGzKltQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute19,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute19
+attributeID: 1.2.840.113556.1.4.2232
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute19
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute19
+schemaIDGUID:: mf51CQeWikaOGMgA0zhzlQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute20,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute20
+attributeID: 1.2.840.113556.1.4.2233
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute20
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute20
+schemaIDGUID:: KGNE9W6LjUmVqCEXSNWs3A==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Issuer-Certificates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Issuer-Certificates
+attributeID: 1.2.840.113556.1.4.2240
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-IssuerCertificates
+adminDescription: 
+ The keys used to sign certificates issued by the Registration Service.
+oMSyntax: 4
+searchFlags: 128
+lDAPDisplayName: msDS-IssuerCertificates
+schemaIDGUID:: 2m89a5MIxEOJ+x+1KmYWqQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Registration-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Registration-Quota
+attributeID: 1.2.840.113556.1.4.2241
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Registration-Quota
+adminDescription: 
+ Policy used to limit the number of registrations allowed for a single user.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-RegistrationQuota
+schemaIDGUID:: woYyymQfeUCWvOYrYQ5zDw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Maximum-Registration-Inactivity-Period,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Maximum-Registration-Inactivity-Period
+attributeID: 1.2.840.113556.1.4.2242
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Maximum-Registration-Inactivity-Period
+adminDescription: 
+ The maximum ammount of days used to detect inactivty of registration objects.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-MaximumRegistrationInactivityPeriod
+schemaIDGUID:: OapcCuYFykm4CAJbk2YQ5w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Device-Location
+attributeID: 1.2.840.113556.1.4.2261
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-Location
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: The DN under which the device objects will be created.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-DeviceLocation
+schemaIDGUID:: yFb74+hd9UWxsdK2zTHnYg==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Registered-Owner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Registered-Owner
+attributeID: 1.2.840.113556.1.4.2258
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Registered-Owner
+adminDescription: 
+ Single valued binary attribute containing the primary SID referencing the firs
+ t user to register the device. The value is not removed during de-registration
+ , but could be managed by an administrator.
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDS-RegisteredOwner
+schemaIDGUID:: 6SZ2YesBz0KZH85heYIjfg==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Registered-Users,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Registered-Users
+attributeID: 1.2.840.113556.1.4.2263
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Registered-Users
+adminDescription:: 
+ Q29udGFpbnMgdGhlIGxpc3Qgb2YgdXNlcnMgdGhhdCBoYXZlIHJlZ2lzdGVyZWQgdGhlIGRldmljZS
+ 4gIFVzZXJzIGluIHRoaXMgbGlzdCBoYXZlIGFsbCBvZiB0aGUgZmVhdHVyZXMgcHJvdmlkZWQgYnkg
+ dGhlIO+/vUNvbXBhbnkgUG9ydGFs77+9IGFwcC4gIEFuZCB0aGV5IGhhdmUgU1NPIHRvIGNvbXBhbn
+ kgcmVzb3VyY2VzLg==
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDS-RegisteredUsers
+schemaIDGUID:: DBZJBI5ayE+wUgHA9uSPAg==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Approximate-Last-Logon-Time-Stamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Approximate-Last-Logon-Time-Stamp
+attributeID: 1.2.840.113556.1.4.2262
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Approximate-Last-Logon-Time-Stamp
+adminDescription: 
+ The approximate time a user last logged on with from the device.
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: msDS-ApproximateLastLogonTimeStamp
+schemaIDGUID:: O5hPo8aEDE+QUKOhSh01pA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Enabled
+attributeID: 1.2.840.113556.1.4.2248
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-Enabled
+adminDescription: 
+ This attribute is used to enable or disable the user-device relationship.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-IsEnabled
+schemaIDGUID:: DlypIoMfgkyUzr6miM/IcQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-OS-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Device-OS-Type
+attributeID: 1.2.840.113556.1.4.2249
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-OS-Type
+adminDescription: 
+ This attribute is used to track the type of device based on the OS.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-DeviceOSType
+schemaIDGUID:: TUUOELvzy02EX41e3EccWQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-OS-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Device-OS-Version
+attributeID: 1.2.840.113556.1.4.2250
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-OS-Version
+adminDescription: 
+ This attribute is used to track the OS version of the device.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-DeviceOSVersion
+schemaIDGUID:: Y4z7cKtfBEWrnRSzKain+A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-Physical-IDs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Device-Physical-IDs
+attributeID: 1.2.840.113556.1.4.2251
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-Physical-IDs
+adminDescription: 
+ This attribute is used to store identifiers of the physical device.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-DevicePhysicalIDs
+schemaIDGUID:: FFRhkKCiR0Spk1NAlZm3Tg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Device-ID
+attributeID: 1.2.840.113556.1.4.2252
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-ID
+adminDescription: This attribute stores the ID of the device.
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDS-DeviceID
+schemaIDGUID:: x4EBw0Jj+0GyeffFZsvgpw==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-Object-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Device-Object-Version
+attributeID: 1.2.840.113556.1.4.2257
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-Object-Version
+adminDescription: 
+ This attribute is used to identify the schema version of the device.
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: msDS-DeviceObjectVersion
+schemaIDGUID:: Wmll73nxak6T3rAeBmgc+w==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Member-Of-DL-Transitive,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Member-Of-DL-Transitive
+attributeID: 1.2.840.113556.1.4.2236
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msds-memberOfTransitive
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: msds-memberOfTransitive
+oMSyntax: 127
+searchFlags: 2048
+lDAPDisplayName: msds-memberOfTransitive
+schemaIDGUID:: tmYhhkHJJ0eVZUi//ylB3g==
+systemOnly: TRUE
+systemFlags: 29
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Member-Transitive,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Member-Transitive
+attributeID: 1.2.840.113556.1.4.2238
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msds-memberTransitive
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: msds-memberTransitive
+oMSyntax: 127
+searchFlags: 2048
+lDAPDisplayName: msds-memberTransitive
+schemaIDGUID:: WzkV4gSR2US4lDmeyeId/A==
+systemOnly: TRUE
+systemFlags: 29
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Parent-Dist-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Parent-Dist-Name
+attributeID: 1.2.840.113556.1.4.2203
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Parent-Dist-Name
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: ms-DS-Parent-Dist-Name
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-parentdistname
+schemaIDGUID:: ff4YuRqXBPSeIZJhq+yXCw==
+systemOnly: TRUE
+systemFlags: 29
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Repl-Value-Meta-Data-Ext,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Repl-Value-Meta-Data-Ext
+attributeID: 1.2.840.113556.1.4.2235
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Repl-Value-Meta-Data-Ext
+adminDescription: ms-DS-Repl-Value-Meta-Data-Ext
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ReplValueMetaDataExt
+schemaIDGUID:: 79ICHq1EskamfZ/RjXgLyg==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Drs-Farm-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Drs-Farm-ID
+attributeID: 1.2.840.113556.1.4.2265
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Drs-Farm-ID
+adminDescription: 
+ This attribute stores the name of the federation service this DRS object is as
+ sociated with.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-DrsFarmID
+schemaIDGUID:: ZvdVYC4gzUmovuUrsVnt+w==
+systemOnly: TRUE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+isDefunct: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Issuer-Public-Certificates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Issuer-Public-Certificates
+attributeID: 1.2.840.113556.1.4.2269
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Issuer-Public-Certificates
+adminDescription: 
+ The public keys  of the keys used to sign certificates issued by the Registrat
+ ion Service.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-IssuerPublicCertificates
+schemaIDGUID:: /u3xtdK0dkCrD2FINCsL9g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-IsManaged,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-IsManaged
+attributeID: 1.2.840.113556.1.4.2270
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-IsManaged
+adminDescription: 
+ This attribute is used to indicate the device is managed by a on-premises MDM.
+oMSyntax: 1
+searchFlags: 1
+lDAPDisplayName: msDS-IsManaged
+schemaIDGUID:: zmpoYCds3kOk5fAML40zCQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Cloud-IsManaged,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Cloud-IsManaged
+attributeID: 1.2.840.113556.1.4.2271
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Cloud-IsManaged
+adminDescription: 
+ This attribute is used to indicate the device is managed by a cloud MDM.
+oMSyntax: 1
+searchFlags: 1
+lDAPDisplayName: msDS-CloudIsManaged
+schemaIDGUID:: jroVU4+VUku9OBNJowTdYw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Cloud-Anchor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Cloud-Anchor
+attributeID: 1.2.840.113556.1.4.2273
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Cloud-Anchor
+adminDescription: 
+ This attribute is used by the DirSync engine to indicate the object SOA and to
+  maintain the relationship between the on-premises and cloud object.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-CloudAnchor
+schemaIDGUID:: gF5WeNQD40+vrIw7yi82Uw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Cloud-Issuer-Public-Certificates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Cloud-Issuer-Public-Certificates
+attributeID: 1.2.840.113556.1.4.2274
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Cloud-Issuer-Public-Certificates
+adminDescription: 
+ The public keys used by the cloud DRS to sign certificates issued by the Regis
+ tration Service.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-CloudIssuerPublicCertificates
+schemaIDGUID:: T7XoodZL0k+Y4rzukqVUlw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Cloud-IsEnabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Cloud-IsEnabled
+attributeID: 1.2.840.113556.1.4.2275
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Cloud-IsEnabled
+adminDescription: 
+ This attribute is used to indicate whether cloud DRS is enabled.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-CloudIsEnabled
+schemaIDGUID:: KIOEiU58b0+gEyjOOtKC3A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-SyncServerUrl,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-SyncServerUrl
+attributeID: 1.2.840.113556.1.4.2276
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 512
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-SyncServerUrl
+adminDescription: 
+ Use this attribute to store the sync server (Url format) which hosts the user 
+ sync folder
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-SyncServerUrl
+schemaIDGUID:: 0sOst3QqpE+sJeY/6LYSGA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-User-Allowed-To-Authenticate-To,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-User-Allowed-To-Authenticate-To
+attributeID: 1.2.840.113556.1.4.2277
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-User-Allowed-To-Authenticate-To
+adminDescription: 
+ This attribute is used to determine if a user has permission to authenticate t
+ o a service.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-UserAllowedToAuthenticateTo
+schemaIDGUID:: f6oM3k5yhkKxeRkmce/GZA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-User-Allowed-To-Authenticate-From,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-User-Allowed-To-Authenticate-From
+attributeID: 1.2.840.113556.1.4.2278
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-User-Allowed-To-Authenticate-From
+adminDescription: 
+ This attribute is used to determine if a user has permission to authenticate f
+ rom a computer.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-UserAllowedToAuthenticateFrom
+schemaIDGUID:: AJZMLOGwfUSN2nSQIle9tQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-User-TGT-Lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-User-TGT-Lifetime
+attributeID: 1.2.840.113556.1.4.2279
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User TGT Lifetime
+adminDescription: 
+ This attribute specifies the maximum age of a Kerberos TGT issued to a user in
+  units of 10^(-7) seconds.
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-UserTGTLifetime
+schemaIDGUID:: g8khhZn1D0K5q7EiK9+VwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Computer-Allowed-To-Authenticate-To,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Computer-Allowed-To-Authenticate-To
+attributeID: 1.2.840.113556.1.4.2280
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Computer-Allowed-To-Authenticate-To
+adminDescription: 
+ This attribute is used to determine if a computer has permission to authentica
+ te to a service.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ComputerAllowedToAuthenticateTo
+schemaIDGUID:: 6atbEH4Hk0e5dO8EELYlcw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Computer-TGT-Lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Computer-TGT-Lifetime
+attributeID: 1.2.840.113556.1.4.2281
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Computer TGT Lifetime
+adminDescription: 
+ This attribute specifies the maximum age of a Kerberos TGT issued to a compute
+ r in units of 10^(-7) seconds.
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-ComputerTGTLifetime
+schemaIDGUID:: JHWTLrnfrEykNqW32mT9Zg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Service-Allowed-To-Authenticate-To,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Service-Allowed-To-Authenticate-To
+attributeID: 1.2.840.113556.1.4.2282
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Service-Allowed-To-Authenticate-To
+adminDescription: 
+ This attribute is used to determine if a service has permission to authenticat
+ e to a service.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ServiceAllowedToAuthenticateTo
+schemaIDGUID:: MTGX8k2bIEi03gR07zuEnw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Service-Allowed-To-Authenticate-From,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Service-Allowed-To-Authenticate-From
+attributeID: 1.2.840.113556.1.4.2283
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Service-Allowed-To-Authenticate-From
+adminDescription: 
+ This attribute is used to determine if a service has permission to authenticat
+ e from a computer.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ServiceAllowedToAuthenticateFrom
+schemaIDGUID:: mnDalxY3Zkmx0YOLpTw9iQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Service-TGT-Lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Service-TGT-Lifetime
+attributeID: 1.2.840.113556.1.4.2284
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service TGT Lifetime
+adminDescription: 
+ This attribute specifies the maximum age of a Kerberos TGT issued to a service
+  in units of 10^(-7) seconds.
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-ServiceTGTLifetime
+schemaIDGUID:: IDz+XSnKfUCbq4Qh5V63XA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Assigned-AuthN-Policy-Silo,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Assigned-AuthN-Policy-Silo
+attributeID: 1.2.840.113556.1.4.2285
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2202
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Assigned Authentication Policy Silo
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute specifies which AuthNPolicySilo a principal is assigned to.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-AssignedAuthNPolicySilo
+schemaIDGUID:: QcE/svUN6kqzPWz0kwd7Pw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Assigned-AuthN-Policy-Silo-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Assigned-AuthN-Policy-Silo-BL
+attributeID: 1.2.840.113556.1.4.2286
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2203
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Assigned Authentication Policy Silo Backlink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute is the backlink for msDS-AssignedAuthNPolicySilo.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-AssignedAuthNPolicySiloBL
+schemaIDGUID:: FAUUM3r10keOxATEZmYAxw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthN-Policy-Silo-Members,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-AuthN-Policy-Silo-Members
+attributeID: 1.2.840.113556.1.4.2287
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2204
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication Policy Silo Members
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute specifies which principals are assigned to the AuthNPolicySilo.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-AuthNPolicySiloMembers
+schemaIDGUID:: BR5NFqZIhkio6XeiAG48dw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthN-Policy-Silo-Members-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-AuthN-Policy-Silo-Members-BL
+attributeID: 1.2.840.113556.1.4.2288
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2205
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication Policy Silo Members Backlink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute is the backlink for msDS-AuthNPolicySiloMembers.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-AuthNPolicySiloMembersBL
+schemaIDGUID:: x8v8EeT7UUm0t63fb579RA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-User-AuthN-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-User-AuthN-Policy
+attributeID: 1.2.840.113556.1.4.2289
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2206
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User Authentication Policy
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute specifies which AuthNPolicy should be applied to users assigned
+  to this silo object.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-UserAuthNPolicy
+schemaIDGUID:: 87kmzRXUKkSPeHxhUj7pWw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-User-AuthN-Policy-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-User-AuthN-Policy-BL
+attributeID: 1.2.840.113556.1.4.2290
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2207
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User Authentication Policy Backlink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: This attribute is the backlink for msDS-UserAuthNPolicy.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-UserAuthNPolicyBL
+schemaIDGUID:: qfoXL0ddH0uXfqpS+r5lyA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Computer-AuthN-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Computer-AuthN-Policy
+attributeID: 1.2.840.113556.1.4.2291
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2208
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Computer Authentication Policy
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute specifies which AuthNPolicy should be applied to computers assi
+ gned to this silo object.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ComputerAuthNPolicy
+schemaIDGUID:: yWO4r6O+D0Sp82FTzGaJKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Computer-AuthN-Policy-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Computer-AuthN-Policy-BL
+attributeID: 1.2.840.113556.1.4.2292
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2209
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Computer Authentication Policy Backlink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: This attribute is the backlink for msDS-ComputerAuthNPolicy.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ComputerAuthNPolicyBL
+schemaIDGUID:: MmLvK6EwfkWGBHr22/ExuA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Service-AuthN-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Service-AuthN-Policy
+attributeID: 1.2.840.113556.1.4.2293
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2210
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service Authentication Policy
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute specifies which AuthNPolicy should be applied to services assig
+ ned to this silo object.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ServiceAuthNPolicy
+schemaIDGUID:: lW1qKs4o7km7JG0fwB4xEQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Service-AuthN-Policy-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Service-AuthN-Policy-BL
+attributeID: 1.2.840.113556.1.4.2294
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2211
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service Authentication Policy Backlink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: This attribute is the backlink for msDS-ServiceAuthNPolicy.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ServiceAuthNPolicyBL
+schemaIDGUID:: 7CgRLKJao0KzLfCXnKn80g==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Assigned-AuthN-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Assigned-AuthN-Policy
+attributeID: 1.2.840.113556.1.4.2295
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2212
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Assigned Authentication Policy
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute specifies which AuthNPolicy should be applied to this principal
+ .
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-AssignedAuthNPolicy
+schemaIDGUID:: 2Ap6uPdUwUmEoOZNEoU1iA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Assigned-AuthN-Policy-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Assigned-AuthN-Policy-BL
+attributeID: 1.2.840.113556.1.4.2296
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2213
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Assigned Authentication Policy Backlink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: This attribute is the backlink for msDS-AssignedAuthNPolicy.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-AssignedAuthNPolicyBL
+schemaIDGUID:: PBsTLZ/T7kqBXo20vBznrA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthN-Policy-Enforced,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-AuthN-Policy-Enforced
+attributeID: 1.2.840.113556.1.4.2297
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication Policy Enforced
+adminDescription: 
+ This attribute specifies whether the authentication policy is enforced.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-AuthNPolicyEnforced
+schemaIDGUID:: wgxWekXsukSy1yEjatWf1Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthN-Policy-Silo-Enforced,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-AuthN-Policy-Silo-Enforced
+attributeID: 1.2.840.113556.1.4.2298
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication Policy Silo Enforced
+adminDescription: 
+ This attribute specifies whether the authentication policy silo is enforced.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-AuthNPolicySiloEnforced
+schemaIDGUID:: AhH18uBrPUmHJhVGzbyHcQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-MDMStatus,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Device-MDMStatus
+attributeID: 1.2.840.113556.1.4.2308
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-MDMStatus
+adminDescription: 
+ This attribute is used to manage the mobile device management status of the de
+ vice.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-DeviceMDMStatus
+schemaIDGUID:: lo8K9sRXLEKjrZ4voJzm9w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-External-Directory-Object-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-External-Directory-Object-Id
+attributeID: 1.2.840.113556.1.4.2310
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 256
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-External-Directory-Object-Id
+adminDescription: ms-DS-External-Directory-Object-Id
+oMSyntax: 64
+searchFlags: 9
+lDAPDisplayName: msDS-ExternalDirectoryObjectId
+schemaIDGUID:: kL8pva1m4UCIexDfBwQZpg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Compliant,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Compliant
+attributeID: 1.2.840.113556.1.4.2314
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-IsCompliant
+adminDescription: 
+ This attribute is used to determine if the object is compliant with company po
+ licies.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-IsCompliant
+schemaIDGUID:: D31SWcC34kyh3XHO9pYykg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Key-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Key-Id
+attributeID: 1.2.840.113556.1.4.2315
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-KeyId
+adminDescription: This attribute contains a key identifier.
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDS-KeyId
+schemaIDGUID:: S/iUwq0vcUu+TJ/FcB9gug==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Key-Material,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Key-Material
+attributeID: 1.2.840.113556.1.4.2316
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-KeyMaterial
+adminDescription: This attribute contains key material.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-KeyMaterial
+schemaIDGUID:: nw4uodveMU+PIRMRuVgYLw==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Key-Usage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Key-Usage
+attributeID: 1.2.840.113556.1.4.2317
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-KeyUsage
+adminDescription: This attribute identifies the usage scenario for the key.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-KeyUsage
+schemaIDGUID:: TLRx3ropl0WeysM0is4ZFw==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Key-Principal,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Key-Principal
+attributeID: 1.2.840.113556.1.4.2318
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2218
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-KeyPrincipal
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute specifies the principal that a key object applies to.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-KeyPrincipal
+schemaIDGUID:: OyVhvQGUOUGmkzVvxADz6g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Key-Principal-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Key-Principal-BL
+attributeID: 1.2.840.113556.1.4.2319
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2219
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-KeyPrincipalBL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: This attribute is the backlink for msDS-KeyPrincipal.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-KeyPrincipalBL
+schemaIDGUID:: vI8y0XSFUEGIHQsQiIJ4eA==
+systemOnly: TRUE
+systemFlags: 17
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-DN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Device-DN
+attributeID: 1.2.840.113556.1.4.2320
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-DeviceDN
+adminDescription: 
+ This attribute identifies the registered device from which this key object was
+  provisioned.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-DeviceDN
+schemaIDGUID:: KREsZJk4IUeOIUg545iM5Q==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Computer-SID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Computer-SID
+attributeID: 1.2.840.113556.1.4.2321
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-ComputerSID
+adminDescription: This attribute identifies a domain-joined computer.
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDS-ComputerSID
+schemaIDGUID:: INf733IILkCZQPzXjbBJug==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Custom-Key-Information,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Custom-Key-Information
+attributeID: 1.2.840.113556.1.4.2322
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-CustomKeyInformation
+adminDescription: 
+ This attribute contains additional information about the key.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-CustomKeyInformation
+schemaIDGUID:: iOnltuTlhkyirg2suXCg4Q==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Key-Approximate-Last-Logon-Time-Stamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Key-Approximate-Last-Logon-Time-Stamp
+attributeID: 1.2.840.113556.1.4.2323
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-KeyApproximateLastLogonTimeStamp
+adminDescription: 
+ The approximate time this key was last used in a logon operation.
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: msDS-KeyApproximateLastLogonTimeStamp
+schemaIDGUID:: jcmaZJqbQU2va/YW8qYuSg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-Trust-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Device-Trust-Type
+attributeID: 1.2.840.113556.1.4.2325
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-DeviceTrustType
+adminDescription: Represents join type for devices.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-DeviceTrustType
+schemaIDGUID:: B2ikxNxqu0uX3mvtGBob/g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Shadow-Principal-Sid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Shadow-Principal-Sid
+attributeID: 1.2.840.113556.1.4.2324
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Shadow-Principal-Sid
+adminDescription: Contains the SID of a principal from an external forest.
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDS-ShadowPrincipalSid
+schemaIDGUID:: IgfMHbCq70+Vbydv4Z3hBw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Key-Credential-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Key-Credential-Link
+attributeID: 1.2.840.113556.1.4.2328
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+linkID: 2220
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Key-Credential-Link
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: Contains key material and usage.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-KeyCredentialLink
+schemaIDGUID:: D9ZHW5BgskCfNypN6I8wYw==
+attributeSecurityGUID:: pm0CmzwNXEaL7lGZ1xZcug==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Key-Credential-Link-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Key-Credential-Link-BL
+attributeID: 1.2.840.113556.1.4.2329
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2221
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Key-Credential-Link-BL
+oMObjectClass:: KwwCh3McAIVK
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-KeyCredentialLink-BL
+schemaIDGUID:: iNeKk18i7k6Tua0koVnh2w==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Expire-Passwords-On-Smart-Card-Only-Accounts,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Expire-Passwords-On-Smart-Card-Only-Accounts
+attributeID: 1.2.840.113556.1.4.2344
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Expire-Passwords-On-Smart-Card-Only-Accounts
+adminDescription: 
+ This attribute controls whether the passwords on smart-card-only accounts expi
+ re in accordance with the password policy.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-ExpirePasswordsOnSmartCardOnlyAccounts
+schemaIDGUID:: SKsXNCTfsU+AsA/LNn4l4w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-User-Allowed-NTLM-Network-Authentication,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-User-Allowed-NTLM-Network-Authentication
+attributeID: 1.2.840.113556.1.4.2348
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-User-Allowed-NTLM-Network-Authentication
+adminDescription: 
+ This attribute is used to determine if a user is allowed to authenticate using
+  NTLM authentication.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-UserAllowedNTLMNetworkAuthentication
+schemaIDGUID:: DwTOfieT3Eyq0wN63+YmOQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Service-Allowed-NTLM-Network-Authentication,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Service-Allowed-NTLM-Network-Authentication
+attributeID: 1.2.840.113556.1.4.2349
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Service-Allowed-NTLM-Network-Authentication
+adminDescription: 
+ This attribute is used to determine if a service is allowed to authenticate us
+ ing NTLM authentication.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-ServiceAllowedNTLMNetworkAuthentication
+schemaIDGUID:: uUeJJyJSXkOWtxUDhYwrSA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Strong-NTLM-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Strong-NTLM-Policy
+attributeID: 1.2.840.113556.1.4.2350
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Strong-NTLM-Policy
+adminDescription: 
+ This attribute specifies policy options for NTLM secrets with strong entropy.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-StrongNTLMPolicy
+schemaIDGUID:: cCHNqipIxkS2bkLC9mooXA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Source-Anchor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Source-Anchor
+attributeID: 1.2.840.113556.1.4.2352
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Source-Anchor
+adminDescription: 
+ Unique, immutable identifier for the object in the authoritative directory.
+oMSyntax: 64
+searchFlags: 10
+lDAPDisplayName: msDS-SourceAnchor
+schemaIDGUID:: B/QCsEAT60G8oL19k44lqQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Object-SOA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Object-SOA
+attributeID: 1.2.840.113556.1.4.2353
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Object-SOA
+adminDescription: 
+ This attribute is used to identify the source of authority of the object.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ObjectSoa
+schemaIDGUID:: 9b32NHkuO0yOFD2Tt1qriQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Book-Roots2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Book-Roots2
+attributeID: 1.2.840.113556.1.4.2046
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2122
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Book-Roots2
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Used by Exchange. Exchange configures trees of address book containers to show
+  up in the MAPI address book. This attribute on the Exchange Config object lis
+ ts the roots of the address book container trees.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: addressBookRoots2
+schemaFlagsEx: 1
+schemaIDGUID:: dKOMUBGlTk6fT4VvYaa35A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Global-Address-List2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Global-Address-List2
+attributeID: 1.2.840.113556.1.4.2047
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2124
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Global-Address-List2
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute is used on a Microsoft Exchange container to store the distingu
+ ished name of a newly created global address list (GAL). This attribute must h
+ ave an entry before you can enable Messaging Application Programming Interface
+  (MAPI) clients to use a GAL.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: globalAddressList2
+schemaFlagsEx: 1
+schemaIDGUID:: PfaYSBJBfEeIJjygC9gnfQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Template-Roots2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Template-Roots2
+attributeID: 1.2.840.113556.1.4.2048
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2126
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Template-Roots2
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute is used on the Exchange config container to indicate where the 
+ template containers are stored. This information is used by the Active Directo
+ ry MAPI provider.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: templateRoots2
+schemaFlagsEx: 1
+schemaIDGUID:: GqnLsYIGYkOmWRU+IB7waQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
diff --git a/source4/setup/ad-schema/AD_DS_Attributes__Windows_Server_v1803.ldf b/source4/setup/ad-schema/AD_DS_Attributes__Windows_Server_v1803.ldf
new file mode 100644
index 0000000..929f9dd
--- /dev/null
+++ b/source4/setup/ad-schema/AD_DS_Attributes__Windows_Server_v1803.ldf
@@ -0,0 +1,30936 @@
+# Intellectual Property Rights Notice for Open Specifications Documentation
+# - Technical Documentation. Microsoft publishes Open Specifications documentation (“this documentation”) for protocols, file formats, data portability, computer languages, and standards support. Additionally, overview documents cover inter-protocol relationships and interactions.
+# - Copyrights. This documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you can make copies of it in order to develop implementations of the technologies that are described in this documentation and can distribute portions of it in your implementations that use these technologies or in your documentation as necessary to properly document the implementation. You can also distribute in your implementation, with or without modification, any schemas, IDLs, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the Open Specifications documentation.
+# - No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation.
+# - Patents. Microsoft has patents that might cover your implementations of the technologies described in the Open Specifications documentation. Neither this notice nor Microsoft's delivery of this documentation grants any licenses under those patents or any other Microsoft patents. However, a given Open Specifications document might be covered by the Microsoft Open Specifications Promise (available here: https://msdn.microsoft.com/en-US/openspecifications/dn646765) or the Microsoft Community Promise (available here: https://msdn.microsoft.com/en-US/openspecifications/dn646766). If you would prefer a written license, or if the technologies described in this documentation are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting iplg@microsoft.com.
+# - License Programs. To see all of the protocols in scope under a specific license program and the associated patents, visit the Patent Map (available here: https://msdn.microsoft.com/en-us/openspecifications/dn750984).
+# - Trademarks. The names of companies and products contained in this documentation might be covered by trademarks or similar intellectual property rights. This notice does not grant any licenses under those rights. For a list of Microsoft trademarks, visit www.microsoft.com/trademarks.
+# - Fictitious Names. The example companies, organizations, products, domain names, email addresses, logos, people, places, and events that are depicted in this documentation are fictitious. No association with any real company, organization, product, domain name, email address, logo, person, place, or event is intended or should be inferred.
+# Reservation of Rights. All other rights are reserved, and this notice does not grant any rights other than as specifically described above, whether by implication, estoppel, or otherwise.
+# Tools. The Open Specifications documentation does not require the use of Microsoft programming tools or programming environments in order for you to develop an implementation. If you have access to Microsoft programming tools and environments, you are free to take advantage of them. Certain Open Specifications documents are intended for use in conjunction with publicly available standards specifications and network programming art and, as such, assume that the reader either is familiar with the aforementioned material or has immediate access to it.
+# Support. For questions and support, please contact dochelp@microsoft.com.
+
+# The following attribute schema definitions were generated from the Windows Server v1803 version of Active Directory Domain Services (AD DS).   
+
+dn: CN=Account-Expires,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Account-Expires
+attributeID: 1.2.840.113556.1.4.159
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Account-Expires
+adminDescription: Account-Expires
+oMSyntax: 65
+searchFlags: 16
+lDAPDisplayName: accountExpires
+schemaFlagsEx: 1
+schemaIDGUID:: FXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Account-Name-History,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Account-Name-History
+attributeID: 1.2.840.113556.1.4.1307
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Account-Name-History
+adminDescription: Account-Name-History
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: accountNameHistory
+schemaIDGUID:: 7FIZA3I70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Aggregate-Token-Rate-Per-User,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Aggregate-Token-Rate-Per-User
+attributeID: 1.2.840.113556.1.4.760
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Aggregate-Token-Rate-Per-User
+adminDescription: ACS-Aggregate-Token-Rate-Per-User
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSAggregateTokenRatePerUser
+schemaIDGUID:: fRJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Allocable-RSVP-Bandwidth,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Allocable-RSVP-Bandwidth
+attributeID: 1.2.840.113556.1.4.766
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Allocable-RSVP-Bandwidth
+adminDescription: ACS-Allocable-RSVP-Bandwidth
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSAllocableRSVPBandwidth
+schemaIDGUID:: gxJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Cache-Timeout,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Cache-Timeout
+attributeID: 1.2.840.113556.1.4.779
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Cache-Timeout
+adminDescription: ACS-Cache-Timeout
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSCacheTimeout
+schemaIDGUID:: oVWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Direction,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Direction
+attributeID: 1.2.840.113556.1.4.757
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Direction
+adminDescription: ACS-Direction
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSDirection
+schemaIDGUID:: ehJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-DSBM-DeadTime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-DSBM-DeadTime
+attributeID: 1.2.840.113556.1.4.778
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-DSBM-DeadTime
+adminDescription: ACS-DSBM-DeadTime
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSDSBMDeadTime
+schemaIDGUID:: oFWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-DSBM-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-DSBM-Priority
+attributeID: 1.2.840.113556.1.4.776
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-DSBM-Priority
+adminDescription: ACS-DSBM-Priority
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSDSBMPriority
+schemaIDGUID:: nlWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-DSBM-Refresh,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-DSBM-Refresh
+attributeID: 1.2.840.113556.1.4.777
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-DSBM-Refresh
+adminDescription: ACS-DSBM-Refresh
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSDSBMRefresh
+schemaIDGUID:: n1WzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Enable-ACS-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Enable-ACS-Service
+attributeID: 1.2.840.113556.1.4.770
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Enable-ACS-Service
+adminDescription: ACS-Enable-ACS-Service
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: aCSEnableACSService
+schemaIDGUID:: hxJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Enable-RSVP-Accounting,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Enable-RSVP-Accounting
+attributeID: 1.2.840.113556.1.4.899
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Enable-RSVP-Accounting
+adminDescription: ACS-Enable-RSVP-Accounting
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: aCSEnableRSVPAccounting
+schemaIDGUID:: DiNy8PWu0RG9zwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Enable-RSVP-Message-Logging,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Enable-RSVP-Message-Logging
+attributeID: 1.2.840.113556.1.4.768
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Enable-RSVP-Message-Logging
+adminDescription: ACS-Enable-RSVP-Message-Logging
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: aCSEnableRSVPMessageLogging
+schemaIDGUID:: hRJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Event-Log-Level,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Event-Log-Level
+attributeID: 1.2.840.113556.1.4.769
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Event-Log-Level
+adminDescription: ACS-Event-Log-Level
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSEventLogLevel
+schemaIDGUID:: hhJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Identity-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Identity-Name
+attributeID: 1.2.840.113556.1.4.784
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Identity-Name
+adminDescription: ACS-Identity-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aCSIdentityName
+schemaIDGUID:: timw2vfd0RGQpQDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Aggregate-Peak-Rate-Per-User,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Aggregate-Peak-Rate-Per-User
+attributeID: 1.2.840.113556.1.4.897
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Aggregate-Peak-Rate-Per-User
+adminDescription: ACS-Max-Aggregate-Peak-Rate-Per-User
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMaxAggregatePeakRatePerUser
+schemaIDGUID:: DCNy8PWu0RG9zwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Duration-Per-Flow,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Duration-Per-Flow
+attributeID: 1.2.840.113556.1.4.761
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Duration-Per-Flow
+adminDescription: ACS-Max-Duration-Per-Flow
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSMaxDurationPerFlow
+schemaIDGUID:: fhJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-No-Of-Account-Files,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-No-Of-Account-Files
+attributeID: 1.2.840.113556.1.4.901
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-No-Of-Account-Files
+adminDescription: ACS-Max-No-Of-Account-Files
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSMaxNoOfAccountFiles
+schemaIDGUID:: ECNy8PWu0RG9zwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-No-Of-Log-Files,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-No-Of-Log-Files
+attributeID: 1.2.840.113556.1.4.774
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-No-Of-Log-Files
+adminDescription: ACS-Max-No-Of-Log-Files
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSMaxNoOfLogFiles
+schemaIDGUID:: nFWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Peak-Bandwidth,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Peak-Bandwidth
+attributeID: 1.2.840.113556.1.4.767
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Peak-Bandwidth
+adminDescription: ACS-Max-Peak-Bandwidth
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMaxPeakBandwidth
+schemaIDGUID:: hBJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Peak-Bandwidth-Per-Flow,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Peak-Bandwidth-Per-Flow
+attributeID: 1.2.840.113556.1.4.759
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Peak-Bandwidth-Per-Flow
+adminDescription: ACS-Max-Peak-Bandwidth-Per-Flow
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMaxPeakBandwidthPerFlow
+schemaIDGUID:: fBJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Size-Of-RSVP-Account-File,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Size-Of-RSVP-Account-File
+attributeID: 1.2.840.113556.1.4.902
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Size-Of-RSVP-Account-File
+adminDescription: ACS-Max-Size-Of-RSVP-Account-File
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSMaxSizeOfRSVPAccountFile
+schemaIDGUID:: ESNy8PWu0RG9zwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Size-Of-RSVP-Log-File,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Size-Of-RSVP-Log-File
+attributeID: 1.2.840.113556.1.4.775
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Size-Of-RSVP-Log-File
+adminDescription: ACS-Max-Size-Of-RSVP-Log-File
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSMaxSizeOfRSVPLogFile
+schemaIDGUID:: nVWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Token-Bucket-Per-Flow,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Token-Bucket-Per-Flow
+attributeID: 1.2.840.113556.1.4.1313
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Token-Bucket-Per-Flow
+adminDescription: ACS-Max-Token-Bucket-Per-Flow
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMaxTokenBucketPerFlow
+schemaIDGUID:: 3+D2gZA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Token-Rate-Per-Flow,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Token-Rate-Per-Flow
+attributeID: 1.2.840.113556.1.4.758
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Token-Rate-Per-Flow
+adminDescription: ACS-Max-Token-Rate-Per-Flow
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMaxTokenRatePerFlow
+schemaIDGUID:: exJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Maximum-SDU-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Maximum-SDU-Size
+attributeID: 1.2.840.113556.1.4.1314
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Maximum-SDU-Size
+adminDescription: ACS-Maximum-SDU-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMaximumSDUSize
+schemaIDGUID:: +diih5A70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Minimum-Delay-Variation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Minimum-Delay-Variation
+attributeID: 1.2.840.113556.1.4.1317
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Minimum-Delay-Variation
+adminDescription: ACS-Minimum-Delay-Variation
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMinimumDelayVariation
+schemaIDGUID:: mzJlnJA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Minimum-Latency,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Minimum-Latency
+attributeID: 1.2.840.113556.1.4.1316
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Minimum-Latency
+adminDescription: ACS-Minimum-Latency
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMinimumLatency
+schemaIDGUID:: +/4XlZA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Minimum-Policed-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Minimum-Policed-Size
+attributeID: 1.2.840.113556.1.4.1315
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Minimum-Policed-Size
+adminDescription: ACS-Minimum-Policed-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMinimumPolicedSize
+schemaIDGUID:: lXEOjZA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Non-Reserved-Max-SDU-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Non-Reserved-Max-SDU-Size
+attributeID: 1.2.840.113556.1.4.1320
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Non-Reserved-Max-SDU-Size
+adminDescription: ACS-Non-Reserved-Max-SDU-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSNonReservedMaxSDUSize
+schemaIDGUID:: 48/CrpA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Non-Reserved-Min-Policed-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Non-Reserved-Min-Policed-Size
+attributeID: 1.2.840.113556.1.4.1321
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Non-Reserved-Min-Policed-Size
+adminDescription: ACS-Non-Reserved-Min-Policed-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSNonReservedMinPolicedSize
+schemaIDGUID:: FzmHtpA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Non-Reserved-Peak-Rate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Non-Reserved-Peak-Rate
+attributeID: 1.2.840.113556.1.4.1318
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Non-Reserved-Peak-Rate
+adminDescription: ACS-Non-Reserved-Peak-Rate
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSNonReservedPeakRate
+schemaIDGUID:: P6cxo5A70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Non-Reserved-Token-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Non-Reserved-Token-Size
+attributeID: 1.2.840.113556.1.4.1319
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Non-Reserved-Token-Size
+adminDescription: ACS-Non-Reserved-Token-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSNonReservedTokenSize
+schemaIDGUID:: ydcWqZA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Non-Reserved-Tx-Limit,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Non-Reserved-Tx-Limit
+attributeID: 1.2.840.113556.1.4.780
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Non-Reserved-Tx-Limit
+adminDescription: ACS-Non-Reserved-Tx-Limit
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSNonReservedTxLimit
+schemaIDGUID:: olWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Non-Reserved-Tx-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Non-Reserved-Tx-Size
+attributeID: 1.2.840.113556.1.4.898
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Non-Reserved-Tx-Size
+adminDescription: ACS-Non-Reserved-Tx-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSNonReservedTxSize
+schemaIDGUID:: DSNy8PWu0RG9zwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Permission-Bits,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Permission-Bits
+attributeID: 1.2.840.113556.1.4.765
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Permission-Bits
+adminDescription: ACS-Permission-Bits
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSPermissionBits
+schemaIDGUID:: ghJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Policy-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Policy-Name
+attributeID: 1.2.840.113556.1.4.772
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Policy-Name
+adminDescription: ACS-Policy-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aCSPolicyName
+schemaIDGUID:: mlWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Priority
+attributeID: 1.2.840.113556.1.4.764
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Priority
+adminDescription: ACS-Priority
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSPriority
+schemaIDGUID:: gRJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-RSVP-Account-Files-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-RSVP-Account-Files-Location
+attributeID: 1.2.840.113556.1.4.900
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-RSVP-Account-Files-Location
+adminDescription: ACS-RSVP-Account-Files-Location
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aCSRSVPAccountFilesLocation
+schemaIDGUID:: DyNy8PWu0RG9zwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-RSVP-Log-Files-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-RSVP-Log-Files-Location
+attributeID: 1.2.840.113556.1.4.773
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-RSVP-Log-Files-Location
+adminDescription: ACS-RSVP-Log-Files-Location
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aCSRSVPLogFilesLocation
+schemaIDGUID:: m1WzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Server-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Server-List
+attributeID: 1.2.840.113556.1.4.1312
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Server-List
+adminDescription: ACS-Server-List
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aCSServerList
+schemaIDGUID:: pVm9fJA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Service-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Service-Type
+attributeID: 1.2.840.113556.1.4.762
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Service-Type
+adminDescription: ACS-Service-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSServiceType
+schemaIDGUID:: fxJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Time-Of-Day,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Time-Of-Day
+attributeID: 1.2.840.113556.1.4.756
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Time-Of-Day
+adminDescription: ACS-Time-Of-Day
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aCSTimeOfDay
+schemaIDGUID:: eRJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Total-No-Of-Flows,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Total-No-Of-Flows
+attributeID: 1.2.840.113556.1.4.763
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Total-No-Of-Flows
+adminDescription: ACS-Total-No-Of-Flows
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSTotalNoOfFlows
+schemaIDGUID:: gBJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Additional-Information,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Additional-Information
+attributeID: 1.2.840.113556.1.4.265
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 32768
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Additional-Information
+adminDescription: Additional-Information
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: notes
+schemaIDGUID:: QfsFbWsk0BGpyACqAGwz7Q==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Additional-Trusted-Service-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Additional-Trusted-Service-Names
+attributeID: 1.2.840.113556.1.4.889
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Additional-Trusted-Service-Names
+adminDescription: Additional-Trusted-Service-Names
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: additionalTrustedServiceNames
+schemaIDGUID:: vmAhAySY0RGuwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address
+attributeID: 1.2.840.113556.1.2.256
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+mAPIID: 14889
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address
+adminDescription: Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: streetAddress
+schemaFlagsEx: 1
+schemaIDGUID:: hP/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Book-Roots,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Book-Roots
+attributeID: 1.2.840.113556.1.4.1244
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Book-Roots
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Address-Book-Roots
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: addressBookRoots
+schemaFlagsEx: 1
+schemaIDGUID:: SG4L9/QG0hGqUwDAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Book-Roots2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Book-Roots2
+attributeID: 1.2.840.113556.1.4.2046
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2122
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Book-Roots2
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Used by Exchange. Exchange configures trees of address book containers to show
+  up in the MAPI address book. This attribute on the Exchange Config object lis
+ ts the roots of the address book container trees.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: addressBookRoots2
+schemaFlagsEx: 1
+schemaIDGUID:: dKOMUBGlTk6fT4VvYaa35A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Entry-Display-Table,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Entry-Display-Table
+attributeID: 1.2.840.113556.1.2.324
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 32791
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Entry-Display-Table
+adminDescription: Address-Entry-Display-Table
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: addressEntryDisplayTable
+schemaFlagsEx: 1
+schemaIDGUID:: YSTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Entry-Display-Table-MSDOS,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Entry-Display-Table-MSDOS
+attributeID: 1.2.840.113556.1.2.400
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 32839
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Entry-Display-Table-MSDOS
+adminDescription: Address-Entry-Display-Table-MSDOS
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: addressEntryDisplayTableMSDOS
+schemaFlagsEx: 1
+schemaIDGUID:: YiTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Home,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Home
+attributeID: 1.2.840.113556.1.2.617
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 4096
+mAPIID: 14941
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Home
+adminDescription: Address-Home
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: homePostalAddress
+schemaIDGUID:: gVd3FvNH0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Syntax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Syntax
+attributeID: 1.2.840.113556.1.2.255
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 4096
+mAPIID: 32792
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Syntax
+adminDescription: Address-Syntax
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: addressSyntax
+schemaFlagsEx: 1
+schemaIDGUID:: YyTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Type
+attributeID: 1.2.840.113556.1.2.350
+attributeSyntax: 2.5.5.4
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32
+mAPIID: 32840
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Type
+adminDescription: Address-Type
+oMSyntax: 20
+searchFlags: 0
+lDAPDisplayName: addressType
+schemaFlagsEx: 1
+schemaIDGUID:: ZCTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Admin-Context-Menu,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Admin-Context-Menu
+attributeID: 1.2.840.113556.1.4.614
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Admin-Context-Menu
+adminDescription: Admin-Context-Menu
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: adminContextMenu
+schemaIDGUID:: ONA/VS7z0BGwvADAT9jcpg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Admin-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Admin-Count
+attributeID: 1.2.840.113556.1.4.150
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Admin-Count
+adminDescription: Admin-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: adminCount
+schemaFlagsEx: 1
+schemaIDGUID:: GHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Admin-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Admin-Description
+attributeID: 1.2.840.113556.1.2.226
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 1024
+mAPIID: 32842
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Admin-Description
+adminDescription: Admin-Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: adminDescription
+schemaIDGUID:: GXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Admin-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Admin-Display-Name
+attributeID: 1.2.840.113556.1.2.194
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+mAPIID: 32843
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Admin-Display-Name
+adminDescription: Admin-Display-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: adminDisplayName
+schemaFlagsEx: 1
+schemaIDGUID:: GnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Admin-Multiselect-Property-Pages,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Admin-Multiselect-Property-Pages
+attributeID: 1.2.840.113556.1.4.1690
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Admin-Multiselect-Property-Pages
+adminDescription: Admin-Multiselect-Property-Pages
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: adminMultiselectPropertyPages
+schemaIDGUID:: fbb5GMZaO0uX29CkBq+3ug==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Admin-Property-Pages,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Admin-Property-Pages
+attributeID: 1.2.840.113556.1.4.562
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Admin-Property-Pages
+adminDescription: Admin-Property-Pages
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: adminPropertyPages
+schemaIDGUID:: OIBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Allowed-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Allowed-Attributes
+attributeID: 1.2.840.113556.1.4.913
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Allowed-Attributes
+adminDescription: Allowed-Attributes
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: allowedAttributes
+schemaFlagsEx: 1
+schemaIDGUID:: QNl6mlPK0RG70ACAx2ZwwA==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Allowed-Attributes-Effective,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Allowed-Attributes-Effective
+attributeID: 1.2.840.113556.1.4.914
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Allowed-Attributes-Effective
+adminDescription: Allowed-Attributes-Effective
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: allowedAttributesEffective
+schemaFlagsEx: 1
+schemaIDGUID:: Qdl6mlPK0RG70ACAx2ZwwA==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Allowed-Child-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Allowed-Child-Classes
+attributeID: 1.2.840.113556.1.4.911
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Allowed-Child-Classes
+adminDescription: Allowed-Child-Classes
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: allowedChildClasses
+schemaFlagsEx: 1
+schemaIDGUID:: Qtl6mlPK0RG70ACAx2ZwwA==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Allowed-Child-Classes-Effective,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Allowed-Child-Classes-Effective
+attributeID: 1.2.840.113556.1.4.912
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Allowed-Child-Classes-Effective
+adminDescription: Allowed-Child-Classes-Effective
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: allowedChildClassesEffective
+schemaFlagsEx: 1
+schemaIDGUID:: Q9l6mlPK0RG70ACAx2ZwwA==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Alt-Security-Identities,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Alt-Security-Identities
+attributeID: 1.2.840.113556.1.4.867
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Alt-Security-Identities
+adminDescription: Alt-Security-Identities
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: altSecurityIdentities
+schemaFlagsEx: 1
+schemaIDGUID:: DPP7AP6R0RGuvAAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ANR,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ANR
+attributeID: 1.2.840.113556.1.4.1208
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ANR
+adminDescription: ANR
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aNR
+schemaFlagsEx: 1
+schemaIDGUID:: ABWwRRnE0RG7yQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=App-Schema-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: App-Schema-Version
+attributeID: 1.2.840.113556.1.4.848
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: App-Schema-Version
+adminDescription: App-Schema-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: appSchemaVersion
+schemaIDGUID:: Zd2nlhiR0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Application-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Application-Name
+attributeID: 1.2.840.113556.1.4.218
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Application-Name
+adminDescription: Application-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: applicationName
+schemaIDGUID:: JiJx3eQQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Applies-To,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Applies-To
+attributeID: 1.2.840.113556.1.4.341
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Applies-To
+adminDescription: Applies-To
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: appliesTo
+schemaIDGUID:: HZOXgtOG0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Asset-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Asset-Number
+attributeID: 1.2.840.113556.1.4.283
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Asset-Number
+adminDescription: Asset-Number
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: assetNumber
+schemaIDGUID:: dV8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Assistant,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Assistant
+attributeID: 1.2.840.113556.1.4.652
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Assistant
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Assistant
+oMSyntax: 127
+searchFlags: 16
+lDAPDisplayName: assistant
+schemaIDGUID:: HMGWAtpA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Assoc-NT-Account,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Assoc-NT-Account
+attributeID: 1.2.840.113556.1.4.1213
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Assoc-NT-Account
+adminDescription: Assoc-NT-Account
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: assocNTAccount
+schemaIDGUID:: wGOPOWDK0RG70QAA+B8QwA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=associatedDomain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: associatedDomain
+attributeID: 0.9.2342.19200300.100.1.37
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: associatedDomain
+adminDescription: 
+ The associatedDomain attribute type specifies a DNS domain which is associated
+  with an object.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: associatedDomain
+schemaIDGUID:: OPwgM3nDF0ylEBvfYTPF2g==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=associatedName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: associatedName
+attributeID: 0.9.2342.19200300.100.1.38
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: associatedName
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ The associatedName attribute type specifies an entry in the organizational DIT
+  associated with a DNS domain.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: associatedName
+schemaIDGUID:: Rfz796uFpEKkNXgOYveFiw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Attribute-Display-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Attribute-Display-Names
+attributeID: 1.2.840.113556.1.4.748
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Attribute-Display-Names
+adminDescription: Attribute-Display-Names
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: attributeDisplayNames
+schemaIDGUID:: gD+Ey9lI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Attribute-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Attribute-ID
+attributeID: 1.2.840.113556.1.2.30
+attributeSyntax: 2.5.5.2
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Attribute-ID
+adminDescription: Attribute-ID
+oMSyntax: 6
+searchFlags: 8
+lDAPDisplayName: attributeID
+schemaFlagsEx: 1
+schemaIDGUID:: InmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Attribute-Security-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Attribute-Security-GUID
+attributeID: 1.2.840.113556.1.4.149
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Attribute-Security-GUID
+adminDescription: Attribute-Security-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: attributeSecurityGUID
+schemaFlagsEx: 1
+schemaIDGUID:: JHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Attribute-Syntax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Attribute-Syntax
+attributeID: 1.2.840.113556.1.2.32
+attributeSyntax: 2.5.5.2
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Attribute-Syntax
+adminDescription: Attribute-Syntax
+oMSyntax: 6
+searchFlags: 8
+lDAPDisplayName: attributeSyntax
+schemaFlagsEx: 1
+schemaIDGUID:: JXmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Attribute-Types,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Attribute-Types
+attributeID: 2.5.21.5
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Attribute-Types
+adminDescription: Attribute-Types
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: attributeTypes
+schemaFlagsEx: 1
+schemaIDGUID:: RNl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=attributeCertificateAttribute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: attributeCertificateAttribute
+attributeID: 2.5.4.58
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: attributeCertificateAttribute
+adminDescription: 
+ A digitally signed or certified identity and set of attributes. Used to bind a
+ uthorization information to an identity. X.509
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: attributeCertificateAttribute
+schemaIDGUID:: u5NG+sJ7uUyBqMmcQ7eQXg==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=audio,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: audio
+attributeID: 0.9.2342.19200300.100.1.55
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 250000
+showInAdvancedViewOnly: FALSE
+adminDisplayName: audio
+adminDescription: 
+ The Audio attribute type allows the storing of sounds in the Directory.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: audio
+schemaIDGUID:: JNLh0KDhzkKi2nk7pSRPNQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Auditing-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Auditing-Policy
+attributeID: 1.2.840.113556.1.4.202
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Auditing-Policy
+adminDescription: Auditing-Policy
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: auditingPolicy
+schemaFlagsEx: 1
+schemaIDGUID:: /qSobVIO0BGihgCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Authentication-Options,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Authentication-Options
+attributeID: 1.2.840.113556.1.4.11
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication-Options
+adminDescription: Authentication-Options
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: authenticationOptions
+schemaFlagsEx: 1
+schemaIDGUID:: KHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Authority-Revocation-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Authority-Revocation-List
+attributeID: 2.5.4.38
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 10485760
+mAPIID: 32806
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authority-Revocation-List
+adminDescription: Authority-Revocation-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: authorityRevocationList
+schemaIDGUID:: jVd3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Auxiliary-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Auxiliary-Class
+attributeID: 1.2.840.113556.1.2.351
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Auxiliary-Class
+adminDescription: Auxiliary-Class
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: auxiliaryClass
+schemaFlagsEx: 1
+schemaIDGUID:: LHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Bad-Password-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Bad-Password-Time
+attributeID: 1.2.840.113556.1.4.49
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Bad-Password-Time
+adminDescription: Bad-Password-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: badPasswordTime
+schemaFlagsEx: 1
+schemaIDGUID:: LXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Bad-Pwd-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Bad-Pwd-Count
+attributeID: 1.2.840.113556.1.4.12
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Bad-Pwd-Count
+adminDescription: Bad-Pwd-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: badPwdCount
+schemaFlagsEx: 1
+schemaIDGUID:: LnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Birth-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Birth-Location
+attributeID: 1.2.840.113556.1.4.332
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 32
+rangeUpper: 32
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Birth-Location
+adminDescription: Birth-Location
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: birthLocation
+schemaIDGUID:: +XUAH0B+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=BootFile,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: BootFile
+attributeID: 1.3.6.1.1.1.1.24
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 10240
+showInAdvancedViewOnly: TRUE
+adminDisplayName: bootFile
+adminDescription: Boot image name
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: bootFile
+schemaIDGUID:: Tsvz4yAP60KXA9L/JuUmZw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=BootParameter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: BootParameter
+attributeID: 1.3.6.1.1.1.1.23
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 10240
+showInAdvancedViewOnly: TRUE
+adminDisplayName: bootParameter
+adminDescription: rpc.bootparamd parameter
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: bootParameter
+schemaIDGUID:: UAcq13yMbkGHFOZfEekIvg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Bridgehead-Server-List-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Bridgehead-Server-List-BL
+attributeID: 1.2.840.113556.1.4.820
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 99
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Bridgehead-Server-List-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Bridgehead-Server-List-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: bridgeheadServerListBL
+schemaFlagsEx: 1
+schemaIDGUID:: 2ywM1VGJ0RGuvAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Bridgehead-Transport-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Bridgehead-Transport-List
+attributeID: 1.2.840.113556.1.4.819
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 98
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Bridgehead-Transport-List
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Bridgehead-Transport-List
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: bridgeheadTransportList
+schemaIDGUID:: 2iwM1VGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=buildingName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: buildingName
+attributeID: 0.9.2342.19200300.100.1.48
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: buildingName
+adminDescription: 
+ The buildingName attribute type specifies the name of the building where an or
+ ganization or organizational unit is based.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: buildingName
+schemaIDGUID:: S6V/+MWy10+IwNrMsh2TxQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Builtin-Creation-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Builtin-Creation-Time
+attributeID: 1.2.840.113556.1.4.13
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Builtin-Creation-Time
+adminDescription: Builtin-Creation-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: builtinCreationTime
+schemaIDGUID:: L3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Builtin-Modified-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Builtin-Modified-Count
+attributeID: 1.2.840.113556.1.4.14
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Builtin-Modified-Count
+adminDescription: Builtin-Modified-Count
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: builtinModifiedCount
+schemaIDGUID:: MHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Business-Category,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Business-Category
+attributeID: 2.5.4.15
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 32855
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Business-Category
+adminDescription: Business-Category
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: businessCategory
+schemaIDGUID:: MXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Bytes-Per-Minute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Bytes-Per-Minute
+attributeID: 1.2.840.113556.1.4.284
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Bytes-Per-Minute
+adminDescription: Bytes-Per-Minute
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: bytesPerMinute
+schemaIDGUID:: dl8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CA-Certificate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CA-Certificate
+attributeID: 2.5.4.37
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 32771
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CA-Certificate
+adminDescription: CA-Certificate
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: cACertificate
+schemaIDGUID:: MnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CA-Certificate-DN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CA-Certificate-DN
+attributeID: 1.2.840.113556.1.4.697
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CA-Certificate-DN
+adminDescription: CA-Certificate-DN
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cACertificateDN
+schemaIDGUID:: QCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CA-Connect,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CA-Connect
+attributeID: 1.2.840.113556.1.4.687
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CA-Connect
+adminDescription: CA-Connect
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cAConnect
+schemaIDGUID:: NSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CA-Usages,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CA-Usages
+attributeID: 1.2.840.113556.1.4.690
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CA-Usages
+adminDescription: CA-Usages
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cAUsages
+schemaIDGUID:: OCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CA-WEB-URL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CA-WEB-URL
+attributeID: 1.2.840.113556.1.4.688
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CA-WEB-URL
+adminDescription: CA-WEB-URL
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cAWEBURL
+schemaIDGUID:: Nic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Can-Upgrade-Script,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Can-Upgrade-Script
+attributeID: 1.2.840.113556.1.4.815
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Can-Upgrade-Script
+adminDescription: Can-Upgrade-Script
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: canUpgradeScript
+schemaIDGUID:: FIPh2TmJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Canonical-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Canonical-Name
+attributeID: 1.2.840.113556.1.4.916
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Canonical-Name
+adminDescription: Canonical-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: canonicalName
+schemaFlagsEx: 1
+schemaIDGUID:: Rdl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=carLicense,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: carLicense
+attributeID: 2.16.840.1.113730.3.1.1
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: carLicense
+adminDescription: Vehicle license or registration plate.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: carLicense
+schemaIDGUID:: kpwV1H2Vh0qKZ40pNOAWSQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Catalogs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Catalogs
+attributeID: 1.2.840.113556.1.4.675
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Catalogs
+adminDescription: Catalogs
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: catalogs
+schemaIDGUID:: gcv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Categories,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Categories
+attributeID: 1.2.840.113556.1.4.672
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Categories
+adminDescription: Categories
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: categories
+schemaIDGUID:: fsv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Category-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Category-Id
+attributeID: 1.2.840.113556.1.4.322
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Category-Id
+adminDescription: Category-Id
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: categoryId
+schemaIDGUID:: lA5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Certificate-Authority-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Certificate-Authority-Object
+attributeID: 1.2.840.113556.1.4.684
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Certificate-Authority-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Certificate-Authority-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: certificateAuthorityObject
+schemaIDGUID:: Mic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Certificate-Revocation-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Certificate-Revocation-List
+attributeID: 2.5.4.39
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 10485760
+mAPIID: 32790
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Certificate-Revocation-List
+adminDescription: Certificate-Revocation-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: certificateRevocationList
+schemaIDGUID:: n1d3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Certificate-Templates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Certificate-Templates
+attributeID: 1.2.840.113556.1.4.823
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Certificate-Templates
+adminDescription: Certificate-Templates
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: certificateTemplates
+schemaIDGUID:: scU5KmCJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Class-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Class-Display-Name
+attributeID: 1.2.840.113556.1.4.610
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Class-Display-Name
+adminDescription: Class-Display-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: classDisplayName
+schemaIDGUID:: IhyOVKbe0BGwEAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Code-Page,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Code-Page
+attributeID: 1.2.840.113556.1.4.16
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Code-Page
+adminDescription: Code-Page
+oMSyntax: 2
+searchFlags: 16
+lDAPDisplayName: codePage
+schemaFlagsEx: 1
+schemaIDGUID:: OHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-ClassID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-ClassID
+attributeID: 1.2.840.113556.1.4.19
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-ClassID
+adminDescription: COM-ClassID
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: cOMClassID
+schemaIDGUID:: O3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-CLSID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-CLSID
+attributeID: 1.2.840.113556.1.4.249
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-CLSID
+adminDescription: COM-CLSID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMCLSID
+schemaIDGUID:: 2RYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-InterfaceID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-InterfaceID
+attributeID: 1.2.840.113556.1.4.20
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-InterfaceID
+adminDescription: COM-InterfaceID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMInterfaceID
+schemaIDGUID:: PHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-Other-Prog-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-Other-Prog-Id
+attributeID: 1.2.840.113556.1.4.253
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-Other-Prog-Id
+adminDescription: COM-Other-Prog-Id
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMOtherProgId
+schemaIDGUID:: 3RYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-ProgID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-ProgID
+attributeID: 1.2.840.113556.1.4.21
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-ProgID
+adminDescription: COM-ProgID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMProgID
+schemaIDGUID:: PXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-Treat-As-Class-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-Treat-As-Class-Id
+attributeID: 1.2.840.113556.1.4.251
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-Treat-As-Class-Id
+adminDescription: COM-Treat-As-Class-Id
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMTreatAsClassId
+schemaIDGUID:: 2xYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-Typelib-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-Typelib-Id
+attributeID: 1.2.840.113556.1.4.254
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-Typelib-Id
+adminDescription: COM-Typelib-Id
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMTypelibId
+schemaIDGUID:: 3hYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-Unique-LIBID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-Unique-LIBID
+attributeID: 1.2.840.113556.1.4.250
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-Unique-LIBID
+adminDescription: COM-Unique-LIBID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMUniqueLIBID
+schemaIDGUID:: 2hYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Comment,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Comment
+attributeID: 1.2.840.113556.1.2.81
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+mAPIID: 12292
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Comment
+adminDescription: Comment
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: info
+schemaIDGUID:: PnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Common-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Common-Name
+attributeID: 2.5.4.3
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14863
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Common-Name
+adminDescription: Common-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: cn
+schemaFlagsEx: 1
+schemaIDGUID:: P3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Company,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Company
+attributeID: 1.2.840.113556.1.2.146
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14870
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Company
+adminDescription: Company
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: company
+schemaIDGUID:: iP/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Content-Indexing-Allowed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Content-Indexing-Allowed
+attributeID: 1.2.840.113556.1.4.24
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Content-Indexing-Allowed
+adminDescription: Content-Indexing-Allowed
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: contentIndexingAllowed
+schemaIDGUID:: Q3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Context-Menu,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Context-Menu
+attributeID: 1.2.840.113556.1.4.499
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Context-Menu
+adminDescription: Context-Menu
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: contextMenu
+schemaIDGUID:: 7gGGTYWs0BGv4wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Control-Access-Rights,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Control-Access-Rights
+attributeID: 1.2.840.113556.1.4.200
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Control-Access-Rights
+adminDescription: Control-Access-Rights
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: controlAccessRights
+schemaIDGUID:: /KSobVIO0BGihgCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Cost,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Cost
+attributeID: 1.2.840.113556.1.2.135
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 32872
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Cost
+adminDescription: Cost
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: cost
+schemaFlagsEx: 1
+schemaIDGUID:: RHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Country-Code,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Country-Code
+attributeID: 1.2.840.113556.1.4.25
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Country-Code
+adminDescription: Country-Code
+oMSyntax: 2
+searchFlags: 16
+lDAPDisplayName: countryCode
+schemaFlagsEx: 1
+schemaIDGUID:: cSTUX2IS0BGgYACqAGwz7Q==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Country-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Country-Name
+attributeID: 2.5.4.6
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 3
+mAPIID: 32873
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Country-Name
+adminDescription: Country-Name
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: c
+schemaFlagsEx: 1
+schemaIDGUID:: RXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Create-Dialog,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Create-Dialog
+attributeID: 1.2.840.113556.1.4.810
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Create-Dialog
+adminDescription: Create-Dialog
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: createDialog
+schemaIDGUID:: ipUJKzGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Create-Time-Stamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Create-Time-Stamp
+attributeID: 2.5.18.1
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Create-Time-Stamp
+adminDescription: Create-Time-Stamp
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: createTimeStamp
+schemaFlagsEx: 1
+schemaIDGUID:: cw35LZ8A0hGqTADAT9fYOg==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Create-Wizard-Ext,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Create-Wizard-Ext
+attributeID: 1.2.840.113556.1.4.812
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Create-Wizard-Ext
+adminDescription: Create-Wizard-Ext
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: createWizardExt
+schemaIDGUID:: i5UJKzGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Creation-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Creation-Time
+attributeID: 1.2.840.113556.1.4.26
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Creation-Time
+adminDescription: Creation-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: creationTime
+schemaFlagsEx: 1
+schemaIDGUID:: RnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Creation-Wizard,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Creation-Wizard
+attributeID: 1.2.840.113556.1.4.498
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Creation-Wizard
+adminDescription: Creation-Wizard
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: creationWizard
+schemaIDGUID:: 7QGGTYWs0BGv4wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Creator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Creator
+attributeID: 1.2.840.113556.1.4.679
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Creator
+adminDescription: Creator
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: creator
+schemaIDGUID:: hcv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CRL-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CRL-Object
+attributeID: 1.2.840.113556.1.4.689
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CRL-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: CRL-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: cRLObject
+schemaIDGUID:: Nyc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CRL-Partitioned-Revocation-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CRL-Partitioned-Revocation-List
+attributeID: 1.2.840.113556.1.4.683
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 10485760
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CRL-Partitioned-Revocation-List
+adminDescription: CRL-Partitioned-Revocation-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: cRLPartitionedRevocationList
+schemaIDGUID:: MSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Cross-Certificate-Pair,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Cross-Certificate-Pair
+attributeID: 2.5.4.40
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 32768
+mAPIID: 32805
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Cross-Certificate-Pair
+adminDescription: Cross-Certificate-Pair
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: crossCertificatePair
+schemaIDGUID:: sld3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Curr-Machine-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Curr-Machine-Id
+attributeID: 1.2.840.113556.1.4.337
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Curr-Machine-Id
+adminDescription: Curr-Machine-Id
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: currMachineId
+schemaIDGUID:: /nUAH0B+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Current-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Current-Location
+attributeID: 1.2.840.113556.1.4.335
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 32
+rangeUpper: 32
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Current-Location
+adminDescription: Current-Location
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: currentLocation
+schemaIDGUID:: /HUAH0B+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Current-Parent-CA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Current-Parent-CA
+attributeID: 1.2.840.113556.1.4.696
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Current-Parent-CA
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Current-Parent-CA
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: currentParentCA
+schemaIDGUID:: Pyc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Current-Value,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Current-Value
+attributeID: 1.2.840.113556.1.4.27
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Current-Value
+adminDescription: Current-Value
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: currentValue
+schemaFlagsEx: 1
+schemaIDGUID:: R3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DBCS-Pwd,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DBCS-Pwd
+attributeID: 1.2.840.113556.1.4.55
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DBCS-Pwd
+adminDescription: DBCS-Pwd
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dBCSPwd
+schemaFlagsEx: 1
+schemaIDGUID:: nHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Class-Store,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Class-Store
+attributeID: 1.2.840.113556.1.4.213
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Class-Store
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Default-Class-Store
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: defaultClassStore
+schemaIDGUID:: SHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Group
+attributeID: 1.2.840.113556.1.4.480
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Group
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Default-Group
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: defaultGroup
+schemaIDGUID:: 4sQLckql0BGv3wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Hiding-Value,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Hiding-Value
+attributeID: 1.2.840.113556.1.4.518
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Hiding-Value
+adminDescription: Default-Hiding-Value
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: defaultHidingValue
+schemaFlagsEx: 1
+schemaIDGUID:: FjGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Local-Policy-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Local-Policy-Object
+attributeID: 1.2.840.113556.1.4.57
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Local-Policy-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Default-Local-Policy-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: defaultLocalPolicyObject
+schemaIDGUID:: n3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Object-Category,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Object-Category
+attributeID: 1.2.840.113556.1.4.783
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Object-Category
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Default-Object-Category
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: defaultObjectCategory
+schemaFlagsEx: 1
+schemaIDGUID:: Z3PZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Priority
+attributeID: 1.2.840.113556.1.4.232
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Priority
+adminDescription: Default-Priority
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: defaultPriority
+schemaIDGUID:: yBYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Security-Descriptor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Security-Descriptor
+attributeID: 1.2.840.113556.1.4.224
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Security-Descriptor
+adminDescription: Default-Security-Descriptor
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: defaultSecurityDescriptor
+schemaFlagsEx: 1
+schemaIDGUID:: MG16gGkW0BGgZACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Delta-Revocation-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Delta-Revocation-List
+attributeID: 2.5.4.53
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 10485760
+mAPIID: 35910
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Delta-Revocation-List
+adminDescription: Delta-Revocation-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: deltaRevocationList
+schemaIDGUID:: tVd3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Department,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Department
+attributeID: 1.2.840.113556.1.2.141
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14872
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Department
+adminDescription: Department
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: department
+schemaIDGUID:: T3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=departmentNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: departmentNumber
+attributeID: 2.16.840.1.113730.3.1.2
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: departmentNumber
+adminDescription: Identifies a department within an organization.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: departmentNumber
+schemaIDGUID:: 7vaevsfLIk+ye5aWfn7lhQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Description
+attributeID: 2.5.4.13
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 1024
+mAPIID: 32879
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Description
+adminDescription: Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: description
+schemaFlagsEx: 1
+schemaIDGUID:: UHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Desktop-Profile,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Desktop-Profile
+attributeID: 1.2.840.113556.1.4.346
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Desktop-Profile
+adminDescription: Desktop-Profile
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: desktopProfile
+schemaIDGUID:: Blmm7saK0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Destination-Indicator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Destination-Indicator
+attributeID: 2.5.4.27
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 32880
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Destination-Indicator
+adminDescription: Destination-Indicator
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: destinationIndicator
+schemaIDGUID:: UXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Classes
+attributeID: 1.2.840.113556.1.4.715
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Classes
+adminDescription: dhcp-Classes
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dhcpClasses
+schemaIDGUID:: UCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Flags
+attributeID: 1.2.840.113556.1.4.700
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Flags
+adminDescription: dhcp-Flags
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: dhcpFlags
+schemaIDGUID:: QSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Identification,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Identification
+attributeID: 1.2.840.113556.1.4.701
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Identification
+adminDescription: dhcp-Identification
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dhcpIdentification
+schemaIDGUID:: Qic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Mask,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Mask
+attributeID: 1.2.840.113556.1.4.706
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Mask
+adminDescription: dhcp-Mask
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: dhcpMask
+schemaIDGUID:: Ryc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-MaxKey,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-MaxKey
+attributeID: 1.2.840.113556.1.4.719
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-MaxKey
+adminDescription: dhcp-MaxKey
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: dhcpMaxKey
+schemaIDGUID:: VCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Obj-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Obj-Description
+attributeID: 1.2.840.113556.1.4.703
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Obj-Description
+adminDescription: dhcp-Obj-Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dhcpObjDescription
+schemaIDGUID:: RCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Obj-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Obj-Name
+attributeID: 1.2.840.113556.1.4.702
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Obj-Name
+adminDescription: dhcp-Obj-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dhcpObjName
+schemaIDGUID:: Qyc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Options,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Options
+attributeID: 1.2.840.113556.1.4.714
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Options
+adminDescription: dhcp-Options
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dhcpOptions
+schemaIDGUID:: Tyc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Properties,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Properties
+attributeID: 1.2.840.113556.1.4.718
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Properties
+adminDescription: dhcp-Properties
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dhcpProperties
+schemaIDGUID:: Uyc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Ranges,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Ranges
+attributeID: 1.2.840.113556.1.4.707
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Ranges
+adminDescription: dhcp-Ranges
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: dhcpRanges
+schemaIDGUID:: SCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Reservations,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Reservations
+attributeID: 1.2.840.113556.1.4.709
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Reservations
+adminDescription: dhcp-Reservations
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: dhcpReservations
+schemaIDGUID:: Sic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Servers
+attributeID: 1.2.840.113556.1.4.704
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Servers
+adminDescription: dhcp-Servers
+oMSyntax: 19
+searchFlags: 0
+extendedCharsAllowed: TRUE
+lDAPDisplayName: dhcpServers
+schemaIDGUID:: RSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Sites,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Sites
+attributeID: 1.2.840.113556.1.4.708
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Sites
+adminDescription: dhcp-Sites
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: dhcpSites
+schemaIDGUID:: SSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-State,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-State
+attributeID: 1.2.840.113556.1.4.717
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-State
+adminDescription: dhcp-State
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: dhcpState
+schemaIDGUID:: Uic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Subnets,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Subnets
+attributeID: 1.2.840.113556.1.4.705
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Subnets
+adminDescription: dhcp-Subnets
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: dhcpSubnets
+schemaIDGUID:: Ric9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Type
+attributeID: 1.2.840.113556.1.4.699
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Type
+adminDescription: dhcp-Type
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: dhcpType
+schemaIDGUID:: Oyc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Unique-Key,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Unique-Key
+attributeID: 1.2.840.113556.1.4.698
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Unique-Key
+adminDescription: dhcp-Unique-Key
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: dhcpUniqueKey
+schemaIDGUID:: Oic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Update-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Update-Time
+attributeID: 1.2.840.113556.1.4.720
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Update-Time
+adminDescription: dhcp-Update-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: dhcpUpdateTime
+schemaIDGUID:: VSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Display-Name
+attributeID: 1.2.840.113556.1.2.13
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Display-Name
+adminDescription: Display-Name
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: displayName
+schemaFlagsEx: 1
+schemaIDGUID:: U3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Display-Name-Printable,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Display-Name-Printable
+attributeID: 1.2.840.113556.1.2.353
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+mAPIID: 14847
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Display-Name-Printable
+adminDescription: Display-Name-Printable
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: displayNamePrintable
+schemaFlagsEx: 1
+schemaIDGUID:: VHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DIT-Content-Rules,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DIT-Content-Rules
+attributeID: 2.5.21.2
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DIT-Content-Rules
+adminDescription: DIT-Content-Rules
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dITContentRules
+schemaFlagsEx: 1
+schemaIDGUID:: Rtl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Division,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Division
+attributeID: 1.2.840.113556.1.4.261
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Division
+adminDescription: Division
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: division
+schemaIDGUID:: oDZh/nMg0BGpwgCqAGwz7Q==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DMD-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DMD-Location
+attributeID: 1.2.840.113556.1.2.36
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DMD-Location
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: DMD-Location
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: dMDLocation
+schemaFlagsEx: 1
+schemaIDGUID:: i//48JER0BGgYACqAGwz7Q==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DMD-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DMD-Name
+attributeID: 1.2.840.113556.1.2.598
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+mAPIID: 35926
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DMD-Name
+adminDescription: DMD-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dmdName
+schemaIDGUID:: uVd3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DN-Reference-Update,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DN-Reference-Update
+attributeID: 1.2.840.113556.1.4.1242
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DN-Reference-Update
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: DN-Reference-Update
+oMSyntax: 127
+searchFlags: 8
+lDAPDisplayName: dNReferenceUpdate
+schemaFlagsEx: 1
+schemaIDGUID:: hg35LZ8A0hGqTADAT9fYOg==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Allow-Dynamic,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dns-Allow-Dynamic
+attributeID: 1.2.840.113556.1.4.378
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Allow-Dynamic
+adminDescription: Dns-Allow-Dynamic
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: dnsAllowDynamic
+schemaIDGUID:: ZR764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Allow-XFR,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dns-Allow-XFR
+attributeID: 1.2.840.113556.1.4.379
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Allow-XFR
+adminDescription: Dns-Allow-XFR
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: dnsAllowXFR
+schemaIDGUID:: Zh764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DNS-Host-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DNS-Host-Name
+attributeID: 1.2.840.113556.1.4.619
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DNS-Host-Name
+adminDescription: DNS-Host-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dNSHostName
+schemaFlagsEx: 1
+schemaIDGUID:: R5Xjchh70RGt7wDAT9jVzQ==
+attributeSecurityGUID:: R5Xjchh70RGt7wDAT9jVzQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Notify-Secondaries,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dns-Notify-Secondaries
+attributeID: 1.2.840.113556.1.4.381
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Notify-Secondaries
+adminDescription: Dns-Notify-Secondaries
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: dnsNotifySecondaries
+schemaIDGUID:: aB764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DNS-Property,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DNS-Property
+attributeID: 1.2.840.113556.1.4.1306
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DNS-Property
+adminDescription: DNS-Property
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dNSProperty
+schemaIDGUID:: /hVaZ3A70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Record,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dns-Record
+attributeID: 1.2.840.113556.1.4.382
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Record
+adminDescription: Dns-Record
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dnsRecord
+schemaIDGUID:: aR764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Root,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dns-Root
+attributeID: 1.2.840.113556.1.4.28
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Root
+adminDescription: Dns-Root
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: dnsRoot
+schemaFlagsEx: 1
+schemaIDGUID:: WXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Secure-Secondaries,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dns-Secure-Secondaries
+attributeID: 1.2.840.113556.1.4.380
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Secure-Secondaries
+adminDescription: Dns-Secure-Secondaries
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: dnsSecureSecondaries
+schemaIDGUID:: Zx764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DNS-Tombstoned,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DNS-Tombstoned
+attributeID: 1.2.840.113556.1.4.1414
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DNS-Tombstoned
+adminDescription: DNS-Tombstoned
+oMSyntax: 1
+searchFlags: 1
+lDAPDisplayName: dNSTombstoned
+schemaIDGUID:: ty7r1U6+O0aiFGNKRNc5Lg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentAuthor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: documentAuthor
+attributeID: 0.9.2342.19200300.100.1.14
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentAuthor
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ The documentAuthor attribute type specifies the distinguished name of the auth
+ or of a document.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: documentAuthor
+schemaIDGUID:: GY6K8V+veESwlm81wn64Pw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentIdentifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: documentIdentifier
+attributeID: 0.9.2342.19200300.100.1.11
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentIdentifier
+adminDescription: 
+ The documentIdentifier attribute type specifies a unique identifier for a docu
+ ment.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: documentIdentifier
+schemaIDGUID:: gs4hC2P/2UaQ+8i58k6XuQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentLocation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: documentLocation
+attributeID: 0.9.2342.19200300.100.1.15
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentLocation
+adminDescription: 
+ The documentLocation attribute type specifies the location of the document ori
+ ginal.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: documentLocation
+schemaIDGUID:: TrFYuW2sxE6Ikr5wtp9ygQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentPublisher,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: documentPublisher
+attributeID: 0.9.2342.19200300.100.1.56
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentPublisher
+adminDescription: 
+ The documentPublisher attribute is the person and/or organization that publish
+ ed a document.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: documentPublisher
+schemaIDGUID:: 1wkPF2nrikSaMPGv7P0y1w==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentTitle,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: documentTitle
+attributeID: 0.9.2342.19200300.100.1.12
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentTitle
+adminDescription: 
+ The documentTitle attribute type specifies the title of a document.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: documentTitle
+schemaIDGUID:: nFom3iz/uUeR3G5v4sQwYg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentVersion,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: documentVersion
+attributeID: 0.9.2342.19200300.100.1.13
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentVersion
+adminDescription: 
+ The documentVersion attribute type specifies the version number of a document.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: documentVersion
+schemaIDGUID:: qaizlBPW7EyarV+8wQRrQw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Certificate-Authorities,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Certificate-Authorities
+attributeID: 1.2.840.113556.1.4.668
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Certificate-Authorities
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Domain-Certificate-Authorities
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: domainCAs
+schemaIDGUID:: esv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Component,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Component
+attributeID: 0.9.2342.19200300.100.1.25
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Component
+adminDescription: Domain-Component
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dc
+schemaFlagsEx: 1
+schemaIDGUID:: VVoZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Cross-Ref,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Cross-Ref
+attributeID: 1.2.840.113556.1.4.472
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Cross-Ref
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Domain-Cross-Ref
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: domainCrossRef
+schemaFlagsEx: 1
+schemaIDGUID:: e+oAsIag0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-ID
+attributeID: 1.2.840.113556.1.4.686
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-ID
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Domain-ID
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: domainID
+schemaIDGUID:: NCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Identifier
+attributeID: 1.2.840.113556.1.4.755
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Identifier
+adminDescription: Domain-Identifier
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: domainIdentifier
+schemaIDGUID:: eBJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Policy-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Policy-Object
+attributeID: 1.2.840.113556.1.4.32
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Policy-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Domain-Policy-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: domainPolicyObject
+schemaIDGUID:: XXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Policy-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Policy-Reference
+attributeID: 1.2.840.113556.1.4.422
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Policy-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Domain-Policy-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: domainPolicyReference
+schemaIDGUID:: Kn6mgCKf0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: /omboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Replica,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Replica
+attributeID: 1.2.840.113556.1.4.158
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Replica
+adminDescription: Domain-Replica
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: domainReplica
+schemaFlagsEx: 1
+schemaIDGUID:: XnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Wide-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Wide-Policy
+attributeID: 1.2.840.113556.1.4.421
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Wide-Policy
+adminDescription: Domain-Wide-Policy
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: domainWidePolicy
+schemaIDGUID:: KX6mgCKf0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: /YmboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=drink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: drink
+attributeID: 0.9.2342.19200300.100.1.5
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: drink
+adminDescription: 
+ The drink (Favourite Drink) attribute type specifies the favorite drink of an 
+ object (or person).
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: drink
+schemaIDGUID:: taUaGi4m9k2vBCz2sNgASA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Driver-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Driver-Name
+attributeID: 1.2.840.113556.1.4.229
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Driver-Name
+adminDescription: Driver-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: driverName
+schemaIDGUID:: xRYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Driver-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Driver-Version
+attributeID: 1.2.840.113556.1.4.276
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Driver-Version
+adminDescription: Driver-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: driverVersion
+schemaIDGUID:: bl8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DS-Core-Propagation-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DS-Core-Propagation-Data
+attributeID: 1.2.840.113556.1.4.1357
+attributeSyntax: 2.5.5.11
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DS-Core-Propagation-Data
+adminDescription: DS-Core-Propagation-Data
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: dSCorePropagationData
+schemaFlagsEx: 1
+schemaIDGUID:: S6pn0QiL0hGZOQAA+HpX1A==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DS-Heuristics,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DS-Heuristics
+attributeID: 1.2.840.113556.1.2.212
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DS-Heuristics
+adminDescription: DS-Heuristics
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dSHeuristics
+schemaFlagsEx: 1
+schemaIDGUID:: hv/48JER0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DS-UI-Admin-Maximum,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DS-UI-Admin-Maximum
+attributeID: 1.2.840.113556.1.4.1344
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DS-UI-Admin-Maximum
+adminDescription: DS-UI-Admin-Maximum
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: dSUIAdminMaximum
+schemaIDGUID:: 4AqN7pFv0hGZBQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DS-UI-Admin-Notification,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DS-UI-Admin-Notification
+attributeID: 1.2.840.113556.1.4.1343
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DS-UI-Admin-Notification
+adminDescription: DS-UI-Admin-Notification
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dSUIAdminNotification
+schemaIDGUID:: lArq9pFv0hGZBQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DS-UI-Shell-Maximum,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DS-UI-Shell-Maximum
+attributeID: 1.2.840.113556.1.4.1345
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DS-UI-Shell-Maximum
+adminDescription: DS-UI-Shell-Maximum
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: dSUIShellMaximum
+schemaIDGUID:: anbK/JFv0hGZBQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DSA-Signature,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DSA-Signature
+attributeID: 1.2.840.113556.1.2.74
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+mAPIID: 32887
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DSA-Signature
+adminDescription: DSA-Signature
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dSASignature
+schemaFlagsEx: 1
+schemaIDGUID:: vFd3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dynamic-LDAP-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dynamic-LDAP-Server
+attributeID: 1.2.840.113556.1.4.537
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dynamic-LDAP-Server
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Dynamic-LDAP-Server
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: dynamicLDAPServer
+schemaIDGUID:: IYBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=E-mail-Addresses,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: E-mail-Addresses
+attributeID: 0.9.2342.19200300.100.1.3
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 256
+mAPIID: 14846
+showInAdvancedViewOnly: TRUE
+adminDisplayName: E-mail-Addresses
+adminDescription: E-mail-Addresses
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: mail
+schemaIDGUID:: YXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=EFSPolicy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: EFSPolicy
+attributeID: 1.2.840.113556.1.4.268
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: EFSPolicy
+adminDescription: EFSPolicy
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: eFSPolicy
+schemaFlagsEx: 1
+schemaIDGUID:: 7LJOjhJH0BGhoADAT9kwyQ==
+attributeSecurityGUID:: /YmboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Employee-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Employee-ID
+attributeID: 1.2.840.113556.1.4.35
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Employee-ID
+adminDescription: Employee-ID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: employeeID
+schemaIDGUID:: YnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Employee-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Employee-Number
+attributeID: 1.2.840.113556.1.2.610
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 512
+mAPIID: 35943
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Employee-Number
+adminDescription: Employee-Number
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: employeeNumber
+schemaIDGUID:: 73PfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Employee-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Employee-Type
+attributeID: 1.2.840.113556.1.2.613
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+mAPIID: 35945
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Employee-Type
+adminDescription: Employee-Type
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: employeeType
+schemaIDGUID:: 8HPfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Enabled
+attributeID: 1.2.840.113556.1.2.557
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+mAPIID: 35873
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Enabled
+adminDescription: Enabled
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: Enabled
+schemaFlagsEx: 1
+schemaIDGUID:: 8nPfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Enabled-Connection,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Enabled-Connection
+attributeID: 1.2.840.113556.1.4.36
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Enabled-Connection
+adminDescription: Enabled-Connection
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: enabledConnection
+schemaFlagsEx: 1
+schemaIDGUID:: Y3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Enrollment-Providers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Enrollment-Providers
+attributeID: 1.2.840.113556.1.4.825
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Enrollment-Providers
+adminDescription: Enrollment-Providers
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: enrollmentProviders
+schemaIDGUID:: s8U5KmCJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Entry-TTL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Entry-TTL
+description: 
+ This operational attribute is present in every dynamic entry and is maintained
+  by the server. The value of this attribute is the time-in-seconds that the en
+ try will continue to exist before disappearing from the directory. In the abse
+ nce of intervening "refresh" operations, the values returned by reading the at
+ tribute in two successive searches are guaranteed to be non-increasing. The sm
+ allest permissible value is 0, indicating that the entry may disappear without
+  warning.
+attributeID: 1.3.6.1.4.1.1466.101.119.3
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 31557600
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Entry-TTL
+adminDescription: Entry-TTL
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: entryTTL
+schemaIDGUID:: zN4T0hrYhEOqwtz8/WMc+A==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Extended-Attribute-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Extended-Attribute-Info
+attributeID: 1.2.840.113556.1.4.909
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Extended-Attribute-Info
+adminDescription: Extended-Attribute-Info
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: extendedAttributeInfo
+schemaFlagsEx: 1
+schemaIDGUID:: R9l6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Extended-Chars-Allowed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Extended-Chars-Allowed
+attributeID: 1.2.840.113556.1.2.380
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+mAPIID: 32935
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Extended-Chars-Allowed
+adminDescription: Extended-Chars-Allowed
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: extendedCharsAllowed
+schemaFlagsEx: 1
+schemaIDGUID:: ZnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Extended-Class-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Extended-Class-Info
+attributeID: 1.2.840.113556.1.4.908
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Extended-Class-Info
+adminDescription: Extended-Class-Info
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: extendedClassInfo
+schemaFlagsEx: 1
+schemaIDGUID:: SNl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Extension-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Extension-Name
+attributeID: 1.2.840.113556.1.2.227
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 255
+mAPIID: 32937
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Extension-Name
+adminDescription: Extension-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: extensionName
+schemaIDGUID:: cnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Extra-Columns,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Extra-Columns
+attributeID: 1.2.840.113556.1.4.1687
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Extra-Columns
+adminDescription: Extra-Columns
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: extraColumns
+schemaIDGUID:: RihO0tkdz0uZ16YifMhtpw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Facsimile-Telephone-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Facsimile-Telephone-Number
+attributeID: 2.5.4.23
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14883
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Facsimile-Telephone-Number
+adminDescription: Facsimile-Telephone-Number
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: facsimileTelephoneNumber
+schemaIDGUID:: dHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=File-Ext-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: File-Ext-Priority
+attributeID: 1.2.840.113556.1.4.816
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: File-Ext-Priority
+adminDescription: File-Ext-Priority
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: fileExtPriority
+schemaIDGUID:: FYPh2TmJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Flags
+attributeID: 1.2.840.113556.1.4.38
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Flags
+adminDescription: Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: flags
+schemaIDGUID:: dnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Flat-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Flat-Name
+attributeID: 1.2.840.113556.1.4.511
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Flat-Name
+adminDescription: Flat-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: flatName
+schemaFlagsEx: 1
+schemaIDGUID:: FzGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Force-Logoff,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Force-Logoff
+attributeID: 1.2.840.113556.1.4.39
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Force-Logoff
+adminDescription: Force-Logoff
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: forceLogoff
+schemaFlagsEx: 1
+schemaIDGUID:: d3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Foreign-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Foreign-Identifier
+attributeID: 1.2.840.113556.1.4.356
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Foreign-Identifier
+adminDescription: Foreign-Identifier
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: foreignIdentifier
+schemaIDGUID:: HomXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Friendly-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Friendly-Names
+attributeID: 1.2.840.113556.1.4.682
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Friendly-Names
+adminDescription: Friendly-Names
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: friendlyNames
+schemaIDGUID:: iMv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=From-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: From-Entry
+attributeID: 1.2.840.113556.1.4.910
+attributeSyntax: 2.5.5.8
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: From-Entry
+adminDescription: From-Entry
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: fromEntry
+schemaFlagsEx: 1
+schemaIDGUID:: Sdl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=From-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: From-Server
+attributeID: 1.2.840.113556.1.4.40
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: From-Server
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: From-Server
+oMSyntax: 127
+searchFlags: 1
+lDAPDisplayName: fromServer
+schemaFlagsEx: 1
+schemaIDGUID:: eXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Frs-Computer-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Frs-Computer-Reference
+attributeID: 1.2.840.113556.1.4.869
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 102
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Frs-Computer-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Frs-Computer-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: frsComputerReference
+schemaIDGUID:: eCUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Frs-Computer-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Frs-Computer-Reference-BL
+attributeID: 1.2.840.113556.1.4.870
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 103
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Frs-Computer-Reference-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Frs-Computer-Reference-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: frsComputerReferenceBL
+schemaIDGUID:: eSUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Control-Data-Creation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Control-Data-Creation
+attributeID: 1.2.840.113556.1.4.871
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Control-Data-Creation
+adminDescription: FRS-Control-Data-Creation
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSControlDataCreation
+schemaIDGUID:: eiUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Control-Inbound-Backlog,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Control-Inbound-Backlog
+attributeID: 1.2.840.113556.1.4.872
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Control-Inbound-Backlog
+adminDescription: FRS-Control-Inbound-Backlog
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSControlInboundBacklog
+schemaIDGUID:: eyUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Control-Outbound-Backlog,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Control-Outbound-Backlog
+attributeID: 1.2.840.113556.1.4.873
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Control-Outbound-Backlog
+adminDescription: FRS-Control-Outbound-Backlog
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSControlOutboundBacklog
+schemaIDGUID:: fCUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Directory-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Directory-Filter
+attributeID: 1.2.840.113556.1.4.484
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Directory-Filter
+adminDescription: FRS-Directory-Filter
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSDirectoryFilter
+schemaIDGUID:: cfHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-DS-Poll,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-DS-Poll
+attributeID: 1.2.840.113556.1.4.490
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-DS-Poll
+adminDescription: FRS-DS-Poll
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: fRSDSPoll
+schemaIDGUID:: d/HoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Extensions,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Extensions
+attributeID: 1.2.840.113556.1.4.536
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Extensions
+adminDescription: FRS-Extensions
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: fRSExtensions
+schemaIDGUID:: IIBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Fault-Condition,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Fault-Condition
+attributeID: 1.2.840.113556.1.4.491
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Fault-Condition
+adminDescription: FRS-Fault-Condition
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSFaultCondition
+schemaIDGUID:: ePHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-File-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-File-Filter
+attributeID: 1.2.840.113556.1.4.483
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-File-Filter
+adminDescription: FRS-File-Filter
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSFileFilter
+schemaIDGUID:: cPHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Flags
+attributeID: 1.2.840.113556.1.4.874
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Flags
+adminDescription: FRS-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: fRSFlags
+schemaIDGUID:: fSUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Level-Limit,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Level-Limit
+attributeID: 1.2.840.113556.1.4.534
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Level-Limit
+adminDescription: FRS-Level-Limit
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: fRSLevelLimit
+schemaIDGUID:: HoBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Member-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Member-Reference
+attributeID: 1.2.840.113556.1.4.875
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 104
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Member-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: FRS-Member-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: fRSMemberReference
+schemaIDGUID:: fiUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Member-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Member-Reference-BL
+attributeID: 1.2.840.113556.1.4.876
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 105
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Member-Reference-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: FRS-Member-Reference-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: fRSMemberReferenceBL
+schemaIDGUID:: fyUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Partner-Auth-Level,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Partner-Auth-Level
+attributeID: 1.2.840.113556.1.4.877
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Partner-Auth-Level
+adminDescription: FRS-Partner-Auth-Level
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: fRSPartnerAuthLevel
+schemaIDGUID:: gCUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Primary-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Primary-Member
+attributeID: 1.2.840.113556.1.4.878
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 106
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Primary-Member
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: FRS-Primary-Member
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: fRSPrimaryMember
+schemaIDGUID:: gSUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Replica-Set-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Replica-Set-GUID
+attributeID: 1.2.840.113556.1.4.533
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Replica-Set-GUID
+adminDescription: FRS-Replica-Set-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: fRSReplicaSetGUID
+schemaIDGUID:: GoBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Replica-Set-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Replica-Set-Type
+attributeID: 1.2.840.113556.1.4.31
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Replica-Set-Type
+adminDescription: FRS-Replica-Set-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: fRSReplicaSetType
+schemaIDGUID:: a3PZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Root-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Root-Path
+attributeID: 1.2.840.113556.1.4.487
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Root-Path
+adminDescription: FRS-Root-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSRootPath
+schemaIDGUID:: dPHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Root-Security,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Root-Security
+attributeID: 1.2.840.113556.1.4.535
+attributeSyntax: 2.5.5.15
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Root-Security
+adminDescription: FRS-Root-Security
+oMSyntax: 66
+searchFlags: 0
+lDAPDisplayName: fRSRootSecurity
+schemaIDGUID:: H4BFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Service-Command,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Service-Command
+attributeID: 1.2.840.113556.1.4.500
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Service-Command
+adminDescription: FRS-Service-Command
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSServiceCommand
+schemaIDGUID:: 7gys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Service-Command-Status,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Service-Command-Status
+attributeID: 1.2.840.113556.1.4.879
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Service-Command-Status
+adminDescription: FRS-Service-Command-Status
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSServiceCommandStatus
+schemaIDGUID:: giUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Staging-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Staging-Path
+attributeID: 1.2.840.113556.1.4.488
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Staging-Path
+adminDescription: FRS-Staging-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSStagingPath
+schemaIDGUID:: dfHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Time-Last-Command,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Time-Last-Command
+attributeID: 1.2.840.113556.1.4.880
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Time-Last-Command
+adminDescription: FRS-Time-Last-Command
+oMSyntax: 23
+searchFlags: 0
+lDAPDisplayName: fRSTimeLastCommand
+schemaIDGUID:: gyUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Time-Last-Config-Change,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Time-Last-Config-Change
+attributeID: 1.2.840.113556.1.4.881
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Time-Last-Config-Change
+adminDescription: FRS-Time-Last-Config-Change
+oMSyntax: 23
+searchFlags: 0
+lDAPDisplayName: fRSTimeLastConfigChange
+schemaIDGUID:: hCUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Update-Timeout,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Update-Timeout
+attributeID: 1.2.840.113556.1.4.485
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Update-Timeout
+adminDescription: FRS-Update-Timeout
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: fRSUpdateTimeout
+schemaIDGUID:: cvHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Version
+attributeID: 1.2.840.113556.1.4.882
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Version
+adminDescription: FRS-Version
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSVersion
+schemaIDGUID:: hSUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Version-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Version-GUID
+attributeID: 1.2.840.113556.1.4.43
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Version-GUID
+adminDescription: FRS-Version-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: fRSVersionGUID
+schemaIDGUID:: bHPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Working-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Working-Path
+attributeID: 1.2.840.113556.1.4.486
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Working-Path
+adminDescription: FRS-Working-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSWorkingPath
+schemaIDGUID:: c/HoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FSMO-Role-Owner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FSMO-Role-Owner
+attributeID: 1.2.840.113556.1.4.369
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FSMO-Role-Owner
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: FSMO-Role-Owner
+oMSyntax: 127
+searchFlags: 1
+lDAPDisplayName: fSMORoleOwner
+schemaFlagsEx: 1
+schemaIDGUID:: hxgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Garbage-Coll-Period,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Garbage-Coll-Period
+attributeID: 1.2.840.113556.1.2.301
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 32943
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Garbage-Coll-Period
+adminDescription: Garbage-Coll-Period
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: garbageCollPeriod
+schemaFlagsEx: 1
+schemaIDGUID:: oSTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Gecos,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Gecos
+attributeID: 1.3.6.1.1.1.1.2
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 10240
+showInAdvancedViewOnly: TRUE
+adminDisplayName: gecos
+adminDescription: The GECOS field; the common name (RFC 2307)
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: gecos
+schemaIDGUID:: Hz/go1UdU0KgrzDCp4Tkbg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Generated-Connection,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Generated-Connection
+attributeID: 1.2.840.113556.1.4.41
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Generated-Connection
+adminDescription: Generated-Connection
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: generatedConnection
+schemaIDGUID:: enmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Generation-Qualifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Generation-Qualifier
+attributeID: 2.5.4.44
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35923
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Generation-Qualifier
+adminDescription: Generation-Qualifier
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: generationQualifier
+schemaIDGUID:: BFh3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GidNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GidNumber
+attributeID: 1.3.6.1.1.1.1.1
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: gidNumber
+adminDescription: 
+ An integer uniquely identifying a group in an administrative domain (RFC 2307)
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: gidNumber
+schemaIDGUID:: DF+5xZ7sxEGEnLRll+1mlg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Given-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Given-Name
+attributeID: 2.5.4.42
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14854
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Given-Name
+adminDescription: Given-Name
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: givenName
+schemaFlagsEx: 1
+schemaIDGUID:: jv/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Global-Address-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Global-Address-List
+attributeID: 1.2.840.113556.1.4.1245
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Global-Address-List
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Global-Address-List
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: globalAddressList
+schemaFlagsEx: 1
+schemaIDGUID:: SMdU9/QG0hGqUwDAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Global-Address-List2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Global-Address-List2
+attributeID: 1.2.840.113556.1.4.2047
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2124
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Global-Address-List2
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute is used on a Microsoft Exchange container to store the distingu
+ ished name of a newly created global address list (GAL). This attribute must h
+ ave an entry before you can enable Messaging Application Programming Interface
+  (MAPI) clients to use a GAL.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: globalAddressList2
+schemaFlagsEx: 1
+schemaIDGUID:: PfaYSBJBfEeIJjygC9gnfQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Governs-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Governs-ID
+attributeID: 1.2.840.113556.1.2.22
+attributeSyntax: 2.5.5.2
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Governs-ID
+adminDescription: Governs-ID
+oMSyntax: 6
+searchFlags: 8
+lDAPDisplayName: governsID
+schemaFlagsEx: 1
+schemaIDGUID:: fXmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GP-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GP-Link
+attributeID: 1.2.840.113556.1.4.891
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GP-Link
+adminDescription: GP-Link
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: gPLink
+schemaIDGUID:: vjsO8/Cf0RG2AwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GP-Options,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GP-Options
+attributeID: 1.2.840.113556.1.4.892
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GP-Options
+adminDescription: GP-Options
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: gPOptions
+schemaIDGUID:: vzsO8/Cf0RG2AwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GPC-File-Sys-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GPC-File-Sys-Path
+attributeID: 1.2.840.113556.1.4.894
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GPC-File-Sys-Path
+adminDescription: GPC-File-Sys-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: gPCFileSysPath
+schemaIDGUID:: wTsO8/Cf0RG2AwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GPC-Functionality-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GPC-Functionality-Version
+attributeID: 1.2.840.113556.1.4.893
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GPC-Functionality-Version
+adminDescription: GPC-Functionality-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: gPCFunctionalityVersion
+schemaIDGUID:: wDsO8/Cf0RG2AwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GPC-Machine-Extension-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GPC-Machine-Extension-Names
+attributeID: 1.2.840.113556.1.4.1348
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GPC-Machine-Extension-Names
+adminDescription: GPC-Machine-Extension-Names
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: gPCMachineExtensionNames
+schemaIDGUID:: zI7/Mj940hGZFgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GPC-User-Extension-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GPC-User-Extension-Names
+attributeID: 1.2.840.113556.1.4.1349
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GPC-User-Extension-Names
+adminDescription: GPC-User-Extension-Names
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: gPCUserExtensionNames
+schemaIDGUID:: xl+nQj940hGZFgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GPC-WQL-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GPC-WQL-Filter
+attributeID: 1.2.840.113556.1.4.1694
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GPC-WQL-Filter
+adminDescription: GPC-WQL-Filter
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: gPCWQLFilter
+schemaIDGUID:: psfUe90aNkSMBDmZqIAVTA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Group-Attributes
+attributeID: 1.2.840.113556.1.4.152
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group-Attributes
+adminDescription: Group-Attributes
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: groupAttributes
+schemaIDGUID:: fnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group-Membership-SAM,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Group-Membership-SAM
+attributeID: 1.2.840.113556.1.4.166
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group-Membership-SAM
+adminDescription: Group-Membership-SAM
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: groupMembershipSAM
+schemaIDGUID:: gHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Group-Priority
+attributeID: 1.2.840.113556.1.4.345
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group-Priority
+adminDescription: Group-Priority
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: groupPriority
+schemaIDGUID:: BVmm7saK0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Group-Type
+attributeID: 1.2.840.113556.1.4.750
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group-Type
+adminDescription: Group-Type
+oMSyntax: 2
+searchFlags: 9
+lDAPDisplayName: groupType
+schemaFlagsEx: 1
+schemaIDGUID:: HgKamltK0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Groups-to-Ignore,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Groups-to-Ignore
+attributeID: 1.2.840.113556.1.4.344
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Groups-to-Ignore
+adminDescription: Groups-to-Ignore
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: groupsToIgnore
+schemaIDGUID:: BFmm7saK0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Has-Master-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Has-Master-NCs
+attributeID: 1.2.840.113556.1.2.14
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 32950
+linkID: 76
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Has-Master-NCs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Has-Master-NCs
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: hasMasterNCs
+schemaFlagsEx: 1
+schemaIDGUID:: gnmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Has-Partial-Replica-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Has-Partial-Replica-NCs
+attributeID: 1.2.840.113556.1.2.15
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 32949
+linkID: 74
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Has-Partial-Replica-NCs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Has-Partial-Replica-NCs
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: hasPartialReplicaNCs
+schemaFlagsEx: 1
+schemaIDGUID:: gXmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Help-Data16,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Help-Data16
+attributeID: 1.2.840.113556.1.2.402
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 32826
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Help-Data16
+adminDescription: Help-Data16
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: helpData16
+schemaFlagsEx: 1
+schemaIDGUID:: pyTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Help-Data32,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Help-Data32
+attributeID: 1.2.840.113556.1.2.9
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 32784
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Help-Data32
+adminDescription: Help-Data32
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: helpData32
+schemaFlagsEx: 1
+schemaIDGUID:: qCTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Help-File-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Help-File-Name
+attributeID: 1.2.840.113556.1.2.327
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 13
+mAPIID: 32827
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Help-File-Name
+adminDescription: Help-File-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: helpFileName
+schemaFlagsEx: 1
+schemaIDGUID:: qSTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Hide-From-AB,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Hide-From-AB
+attributeID: 1.2.840.113556.1.4.1780
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Hide-From-AB
+adminDescription: Hide-From-AB
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: hideFromAB
+schemaIDGUID:: ULcF7Hep/k6OjbpsGm4zqA==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Home-Directory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Home-Directory
+attributeID: 1.2.840.113556.1.4.44
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Home-Directory
+adminDescription: Home-Directory
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: homeDirectory
+schemaFlagsEx: 1
+schemaIDGUID:: hXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Home-Drive,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Home-Drive
+attributeID: 1.2.840.113556.1.4.45
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Home-Drive
+adminDescription: Home-Drive
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: homeDrive
+schemaFlagsEx: 1
+schemaIDGUID:: hnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=host,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: host
+attributeID: 0.9.2342.19200300.100.1.9
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: host
+adminDescription: The host attribute type specifies a host computer.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: host
+schemaIDGUID:: cd9DYEj6z0arfMvVRkSyLQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=houseIdentifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: houseIdentifier
+attributeID: 2.5.4.51
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 32768
+showInAdvancedViewOnly: TRUE
+adminDisplayName: houseIdentifier
+adminDescription: 
+ The houseIdentifier attribute type specifies a linguistic construct used to id
+ entify a particular building, for example a house number or house name relativ
+ e to a street, avenue, town or city, etc.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: houseIdentifier
+schemaIDGUID:: t5hTpErEtk6C0xPBCUbb/g==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Icon-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Icon-Path
+attributeID: 1.2.840.113556.1.4.219
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Icon-Path
+adminDescription: Icon-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: iconPath
+schemaIDGUID:: g//48JER0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Implemented-Categories,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Implemented-Categories
+attributeID: 1.2.840.113556.1.4.320
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Implemented-Categories
+adminDescription: Implemented-Categories
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: implementedCategories
+schemaIDGUID:: kg5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IndexedScopes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IndexedScopes
+attributeID: 1.2.840.113556.1.4.681
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: IndexedScopes
+adminDescription: IndexedScopes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: indexedScopes
+schemaIDGUID:: h8v9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Initial-Auth-Incoming,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Initial-Auth-Incoming
+attributeID: 1.2.840.113556.1.4.539
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Initial-Auth-Incoming
+adminDescription: Initial-Auth-Incoming
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: initialAuthIncoming
+schemaFlagsEx: 1
+schemaIDGUID:: I4BFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Initial-Auth-Outgoing,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Initial-Auth-Outgoing
+attributeID: 1.2.840.113556.1.4.540
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Initial-Auth-Outgoing
+adminDescription: Initial-Auth-Outgoing
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: initialAuthOutgoing
+schemaFlagsEx: 1
+schemaIDGUID:: JIBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Initials,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Initials
+attributeID: 2.5.4.43
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 6
+mAPIID: 14858
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Initials
+adminDescription: Initials
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: initials
+schemaIDGUID:: kP/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Install-Ui-Level,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Install-Ui-Level
+attributeID: 1.2.840.113556.1.4.847
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Install-Ui-Level
+adminDescription: Install-Ui-Level
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: installUiLevel
+schemaIDGUID:: ZN2nlhiR0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Instance-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Instance-Type
+attributeID: 1.2.840.113556.1.2.1
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 32957
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Instance-Type
+adminDescription: Instance-Type
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: instanceType
+schemaFlagsEx: 1
+schemaIDGUID:: jHmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Inter-Site-Topology-Failover,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Inter-Site-Topology-Failover
+attributeID: 1.2.840.113556.1.4.1248
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Inter-Site-Topology-Failover
+adminDescription: Inter-Site-Topology-Failover
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: interSiteTopologyFailover
+schemaFlagsEx: 1
+schemaIDGUID:: YJ7Gt8cs0hGFTgCgyYP2CA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Inter-Site-Topology-Generator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Inter-Site-Topology-Generator
+attributeID: 1.2.840.113556.1.4.1246
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Inter-Site-Topology-Generator
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Inter-Site-Topology-Generator
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: interSiteTopologyGenerator
+schemaFlagsEx: 1
+schemaIDGUID:: Xp7Gt8cs0hGFTgCgyYP2CA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Inter-Site-Topology-Renew,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Inter-Site-Topology-Renew
+attributeID: 1.2.840.113556.1.4.1247
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Inter-Site-Topology-Renew
+adminDescription: Inter-Site-Topology-Renew
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: interSiteTopologyRenew
+schemaFlagsEx: 1
+schemaIDGUID:: X57Gt8cs0hGFTgCgyYP2CA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=International-ISDN-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: International-ISDN-Number
+attributeID: 2.5.4.25
+attributeSyntax: 2.5.5.6
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 16
+mAPIID: 32958
+showInAdvancedViewOnly: TRUE
+adminDisplayName: International-ISDN-Number
+adminDescription: International-ISDN-Number
+oMSyntax: 18
+searchFlags: 0
+lDAPDisplayName: internationalISDNNumber
+schemaIDGUID:: jXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Invocation-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Invocation-Id
+attributeID: 1.2.840.113556.1.2.115
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+mAPIID: 32959
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Invocation-Id
+adminDescription: Invocation-Id
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: invocationId
+schemaFlagsEx: 1
+schemaIDGUID:: jnmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpHostNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IpHostNumber
+attributeID: 1.3.6.1.1.1.1.19
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipHostNumber
+adminDescription: IP address as a dotted decimal omitting leading zeros
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: ipHostNumber
+schemaIDGUID:: IbeL3tyF3k+2h5ZXaI5mfg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpNetmaskNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IpNetmaskNumber
+attributeID: 1.3.6.1.1.1.1.21
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipNetmaskNumber
+adminDescription: IP netmask as a dotted decimal, omitting leading zeros
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: ipNetmaskNumber
+schemaIDGUID:: zU/2by5GYk+0SppTR2WeuQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpNetworkNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IpNetworkNumber
+attributeID: 1.3.6.1.1.1.1.20
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipNetworkNumber
+adminDescription: IP network as a dotted decimal, omitting leading zeros
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: ipNetworkNumber
+schemaIDGUID:: 9FQ4TocwpEKoE7sMUolY0w==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpProtocolNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IpProtocolNumber
+attributeID: 1.3.6.1.1.1.1.17
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipProtocolNumber
+adminDescription: 
+ This is part of the protocols map and stores the unique number that identifies
+  the protocol.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: ipProtocolNumber
+schemaIDGUID:: 68b16y0OFUSWcBCBmTtCEQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Data
+attributeID: 1.2.840.113556.1.4.623
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Data
+adminDescription: Ipsec-Data
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: ipsecData
+schemaIDGUID:: H/gPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Data-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Data-Type
+attributeID: 1.2.840.113556.1.4.622
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Data-Type
+adminDescription: Ipsec-Data-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: ipsecDataType
+schemaIDGUID:: HvgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Filter-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Filter-Reference
+attributeID: 1.2.840.113556.1.4.629
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Filter-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-Filter-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecFilterReference
+schemaIDGUID:: I/gPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-ID
+attributeID: 1.2.840.113556.1.4.621
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-ID
+adminDescription: Ipsec-ID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ipsecID
+schemaIDGUID:: HfgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-ISAKMP-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-ISAKMP-Reference
+attributeID: 1.2.840.113556.1.4.626
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-ISAKMP-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-ISAKMP-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecISAKMPReference
+schemaIDGUID:: IPgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Name
+attributeID: 1.2.840.113556.1.4.620
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Name
+adminDescription: Ipsec-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ipsecName
+schemaIDGUID:: HPgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IPSEC-Negotiation-Policy-Action,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IPSEC-Negotiation-Policy-Action
+attributeID: 1.2.840.113556.1.4.888
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: IPSEC-Negotiation-Policy-Action
+adminDescription: IPSEC-Negotiation-Policy-Action
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: iPSECNegotiationPolicyAction
+schemaIDGUID:: dTA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Negotiation-Policy-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Negotiation-Policy-Reference
+attributeID: 1.2.840.113556.1.4.628
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Negotiation-Policy-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-Negotiation-Policy-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecNegotiationPolicyReference
+schemaIDGUID:: IvgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IPSEC-Negotiation-Policy-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IPSEC-Negotiation-Policy-Type
+attributeID: 1.2.840.113556.1.4.887
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: IPSEC-Negotiation-Policy-Type
+adminDescription: IPSEC-Negotiation-Policy-Type
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: iPSECNegotiationPolicyType
+schemaIDGUID:: dDA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-NFA-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-NFA-Reference
+attributeID: 1.2.840.113556.1.4.627
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-NFA-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-NFA-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecNFAReference
+schemaIDGUID:: IfgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Owners-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Owners-Reference
+attributeID: 1.2.840.113556.1.4.624
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Owners-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-Owners-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecOwnersReference
+schemaIDGUID:: JPgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Policy-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Policy-Reference
+attributeID: 1.2.840.113556.1.4.517
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Policy-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-Policy-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecPolicyReference
+schemaIDGUID:: GDGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpServicePort,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IpServicePort
+attributeID: 1.3.6.1.1.1.1.15
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipServicePort
+adminDescription: 
+ This is a part of the services map and contains the port at which the UNIX ser
+ vice is available.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: ipServicePort
+schemaIDGUID:: v64t/2P0WkmEBT5INkHqog==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpServiceProtocol,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IpServiceProtocol
+attributeID: 1.3.6.1.1.1.1.16
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipServiceProtocol
+adminDescription: 
+ This is a part of the services map and stores the protocol number for a UNIX s
+ ervice.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: ipServiceProtocol
+schemaIDGUID:: C+yWzdYetEOya/FwtkWIPw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Critical-System-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Critical-System-Object
+attributeID: 1.2.840.113556.1.4.868
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Critical-System-Object
+adminDescription: Is-Critical-System-Object
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: isCriticalSystemObject
+schemaFlagsEx: 1
+schemaIDGUID:: DfP7AP6R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Defunct,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Defunct
+attributeID: 1.2.840.113556.1.4.661
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Defunct
+adminDescription: Is-Defunct
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: isDefunct
+schemaFlagsEx: 1
+schemaIDGUID:: vg5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Deleted,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Deleted
+attributeID: 1.2.840.113556.1.2.48
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+mAPIID: 32960
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Deleted
+adminDescription: Is-Deleted
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: isDeleted
+schemaFlagsEx: 1
+schemaIDGUID:: j3mWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Ephemeral,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Ephemeral
+attributeID: 1.2.840.113556.1.4.1212
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Ephemeral
+adminDescription: Is-Ephemeral
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: isEphemeral
+schemaIDGUID:: 8FPE9PHF0RG7ywCAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Member-Of-DL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Member-Of-DL
+attributeID: 1.2.840.113556.1.2.102
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 32776
+linkID: 3
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Member-Of-DL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Is-Member-Of-DL
+oMSyntax: 127
+searchFlags: 16
+lDAPDisplayName: memberOf
+schemaFlagsEx: 1
+schemaIDGUID:: kXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: QMIKvKl50BGQIADAT8LUzw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Member-Of-Partial-Attribute-Set,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Member-Of-Partial-Attribute-Set
+attributeID: 1.2.840.113556.1.4.639
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Member-Of-Partial-Attribute-Set
+adminDescription: Is-Member-Of-Partial-Attribute-Set
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: isMemberOfPartialAttributeSet
+schemaFlagsEx: 1
+schemaIDGUID:: nVtAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Privilege-Holder,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Privilege-Holder
+attributeID: 1.2.840.113556.1.4.638
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 71
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Privilege-Holder
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Is-Privilege-Holder
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: isPrivilegeHolder
+schemaIDGUID:: nFtAGfo80RGpwAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Recycled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Recycled
+attributeID: 1.2.840.113556.1.4.2058
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Recycled
+adminDescription: Is the object recycled.
+oMSyntax: 1
+searchFlags: 8
+lDAPDisplayName: isRecycled
+schemaFlagsEx: 1
+schemaIDGUID:: VpK1j/FVS0Sqy/W0gv40WQ==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Single-Valued,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Single-Valued
+attributeID: 1.2.840.113556.1.2.33
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+mAPIID: 32961
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Single-Valued
+adminDescription: Is-Single-Valued
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: isSingleValued
+schemaFlagsEx: 1
+schemaIDGUID:: knmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=jpegPhoto,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: jpegPhoto
+attributeID: 0.9.2342.19200300.100.1.60
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: jpegPhoto
+adminDescription: 
+ Used to store one or more images of a person using the JPEG File Interchange F
+ ormat [JFIF].
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: jpegPhoto
+schemaIDGUID:: cgXIusQJqU+a5nYo162+Dg==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Keywords,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Keywords
+attributeID: 1.2.840.113556.1.4.48
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Keywords
+adminDescription: Keywords
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: keywords
+schemaFlagsEx: 1
+schemaIDGUID:: k3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Knowledge-Information,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Knowledge-Information
+attributeID: 2.5.4.2
+attributeSyntax: 2.5.5.4
+isSingleValued: FALSE
+mAPIID: 32963
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Knowledge-Information
+adminDescription: Knowledge-Information
+oMSyntax: 20
+searchFlags: 0
+lDAPDisplayName: knowledgeInformation
+schemaIDGUID:: H1h3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=labeledURI,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: labeledURI
+attributeID: 1.3.6.1.4.1.250.1.57
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: labeledURI
+adminDescription: 
+ A Uniform Resource Identifier followed by a label. The label is used to descri
+ be the resource to which the URI points, and is intended as a friendly name fi
+ t for human consumption.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: labeledURI
+schemaIDGUID:: RrtpxYDGvESic+bCJ9cbRQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Backup-Restoration-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Backup-Restoration-Time
+attributeID: 1.2.840.113556.1.4.519
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Backup-Restoration-Time
+adminDescription: Last-Backup-Restoration-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lastBackupRestorationTime
+schemaIDGUID:: 6Au7H2O60BGv7wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Content-Indexed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Content-Indexed
+attributeID: 1.2.840.113556.1.4.50
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Content-Indexed
+adminDescription: Last-Content-Indexed
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lastContentIndexed
+schemaIDGUID:: lXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Known-Parent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Known-Parent
+attributeID: 1.2.840.113556.1.4.781
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Known-Parent
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Last-Known-Parent
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: lastKnownParent
+schemaFlagsEx: 1
+schemaIDGUID:: cIarUglX0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Logoff,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Logoff
+attributeID: 1.2.840.113556.1.4.51
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Logoff
+adminDescription: Last-Logoff
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lastLogoff
+schemaFlagsEx: 1
+schemaIDGUID:: lnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Logon,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Logon
+attributeID: 1.2.840.113556.1.4.52
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Logon
+adminDescription: Last-Logon
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lastLogon
+schemaFlagsEx: 1
+schemaIDGUID:: l3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Logon-Timestamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Logon-Timestamp
+attributeID: 1.2.840.113556.1.4.1696
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Logon-Timestamp
+adminDescription: Last-Logon-Timestamp
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: lastLogonTimestamp
+schemaFlagsEx: 1
+schemaIDGUID:: BAriwFoO80+Ugl7+rs1wYA==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Set-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Set-Time
+attributeID: 1.2.840.113556.1.4.53
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Set-Time
+adminDescription: Last-Set-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lastSetTime
+schemaFlagsEx: 1
+schemaIDGUID:: mHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Update-Sequence,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Update-Sequence
+attributeID: 1.2.840.113556.1.4.330
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Update-Sequence
+adminDescription: Last-Update-Sequence
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: lastUpdateSequence
+schemaIDGUID:: nA5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=LDAP-Admin-Limits,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: LDAP-Admin-Limits
+attributeID: 1.2.840.113556.1.4.843
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: LDAP-Admin-Limits
+adminDescription: LDAP-Admin-Limits
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: lDAPAdminLimits
+schemaFlagsEx: 1
+schemaIDGUID:: UqNZc/eQ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=LDAP-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: LDAP-Display-Name
+attributeID: 1.2.840.113556.1.2.460
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+mAPIID: 33137
+showInAdvancedViewOnly: TRUE
+adminDisplayName: LDAP-Display-Name
+adminDescription: LDAP-Display-Name
+oMSyntax: 64
+searchFlags: 9
+lDAPDisplayName: lDAPDisplayName
+schemaFlagsEx: 1
+schemaIDGUID:: mnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=LDAP-IPDeny-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: LDAP-IPDeny-List
+attributeID: 1.2.840.113556.1.4.844
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: LDAP-IPDeny-List
+adminDescription: LDAP-IPDeny-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: lDAPIPDenyList
+schemaFlagsEx: 1
+schemaIDGUID:: U6NZc/eQ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Legacy-Exchange-DN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Legacy-Exchange-DN
+attributeID: 1.2.840.113556.1.4.655
+attributeSyntax: 2.5.5.4
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Legacy-Exchange-DN
+adminDescription: Legacy-Exchange-DN
+oMSyntax: 20
+searchFlags: 13
+lDAPDisplayName: legacyExchangeDN
+schemaFlagsEx: 1
+schemaIDGUID:: vA5jKNVB0RGpwQAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Link-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Link-ID
+attributeID: 1.2.840.113556.1.2.50
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 32965
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Link-ID
+adminDescription: Link-ID
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: linkID
+schemaFlagsEx: 1
+schemaIDGUID:: m3mWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Link-Track-Secret,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Link-Track-Secret
+attributeID: 1.2.840.113556.1.4.269
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Link-Track-Secret
+adminDescription: Link-Track-Secret
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: linkTrackSecret
+schemaIDGUID:: 4g/oKrRH0BGhpADAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Lm-Pwd-History,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Lm-Pwd-History
+attributeID: 1.2.840.113556.1.4.160
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lm-Pwd-History
+adminDescription: Lm-Pwd-History
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: lmPwdHistory
+schemaFlagsEx: 1
+schemaIDGUID:: nXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Local-Policy-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Local-Policy-Flags
+attributeID: 1.2.840.113556.1.4.56
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Local-Policy-Flags
+adminDescription: Local-Policy-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: localPolicyFlags
+schemaFlagsEx: 1
+schemaIDGUID:: nnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Local-Policy-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Local-Policy-Reference
+attributeID: 1.2.840.113556.1.4.457
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Local-Policy-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Local-Policy-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: localPolicyReference
+schemaIDGUID:: TX6mgCKf0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: AYqboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Locale-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Locale-ID
+attributeID: 1.2.840.113556.1.4.58
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Locale-ID
+adminDescription: Locale-ID
+oMSyntax: 2
+searchFlags: 16
+lDAPDisplayName: localeID
+schemaIDGUID:: oXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Locality-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Locality-Name
+attributeID: 2.5.4.7
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 14887
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Locality-Name
+adminDescription: Locality-Name
+oMSyntax: 64
+searchFlags: 17
+lDAPDisplayName: l
+schemaFlagsEx: 1
+schemaIDGUID:: onmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Localization-Display-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Localization-Display-Id
+attributeID: 1.2.840.113556.1.4.1353
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Localization-Display-Id
+adminDescription: Localization-Display-Id
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: localizationDisplayId
+schemaIDGUID:: 0fBGp9B40hGZFgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Localized-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Localized-Description
+attributeID: 1.2.840.113556.1.4.817
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Localized-Description
+adminDescription: Localized-Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: localizedDescription
+schemaIDGUID:: FoPh2TmJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Location
+attributeID: 1.2.840.113556.1.4.222
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Location
+adminDescription: Location
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: location
+schemaIDGUID:: n7fcCV8W0BGgZACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Lock-Out-Observation-Window,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Lock-Out-Observation-Window
+attributeID: 1.2.840.113556.1.4.61
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lock-Out-Observation-Window
+adminDescription: Lock-Out-Observation-Window
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lockOutObservationWindow
+schemaFlagsEx: 1
+schemaIDGUID:: pHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Lockout-Duration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Lockout-Duration
+attributeID: 1.2.840.113556.1.4.60
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lockout-Duration
+adminDescription: Lockout-Duration
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lockoutDuration
+schemaFlagsEx: 1
+schemaIDGUID:: pXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Lockout-Threshold,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Lockout-Threshold
+attributeID: 1.2.840.113556.1.4.73
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lockout-Threshold
+adminDescription: Lockout-Threshold
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: lockoutThreshold
+schemaFlagsEx: 1
+schemaIDGUID:: pnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Lockout-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Lockout-Time
+attributeID: 1.2.840.113556.1.4.662
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lockout-Time
+adminDescription: Lockout-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lockoutTime
+schemaFlagsEx: 1
+schemaIDGUID:: vw5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=LoginShell,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: LoginShell
+attributeID: 1.3.6.1.1.1.1.4
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: loginShell
+adminDescription: The path to the login shell (RFC 2307)
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: loginShell
+schemaIDGUID:: LNFTpTEyXkyK340YlpdyHg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Logo,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Logo
+attributeID: 2.16.840.1.113730.3.1.36
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Logo
+adminDescription: Logo
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: thumbnailLogo
+schemaFlagsEx: 1
+schemaIDGUID:: qXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Logon-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Logon-Count
+attributeID: 1.2.840.113556.1.4.169
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Logon-Count
+adminDescription: Logon-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: logonCount
+schemaFlagsEx: 1
+schemaIDGUID:: qnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Logon-Hours,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Logon-Hours
+attributeID: 1.2.840.113556.1.4.64
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Logon-Hours
+adminDescription: Logon-Hours
+oMSyntax: 4
+searchFlags: 16
+lDAPDisplayName: logonHours
+schemaFlagsEx: 1
+schemaIDGUID:: q3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Logon-Workstation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Logon-Workstation
+attributeID: 1.2.840.113556.1.4.65
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Logon-Workstation
+adminDescription: Logon-Workstation
+oMSyntax: 4
+searchFlags: 16
+lDAPDisplayName: logonWorkstation
+schemaIDGUID:: rHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=LSA-Creation-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: LSA-Creation-Time
+attributeID: 1.2.840.113556.1.4.66
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: LSA-Creation-Time
+adminDescription: LSA-Creation-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lSACreationTime
+schemaIDGUID:: rXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=LSA-Modified-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: LSA-Modified-Count
+attributeID: 1.2.840.113556.1.4.67
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: LSA-Modified-Count
+adminDescription: LSA-Modified-Count
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lSAModifiedCount
+schemaIDGUID:: rnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MacAddress,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MacAddress
+attributeID: 1.3.6.1.1.1.1.22
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: macAddress
+adminDescription: MAC address in maximal, colon seperated hex notation
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: macAddress
+schemaIDGUID:: 3SKl5nCX4UOJ3h3lBEMo9w==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Machine-Architecture,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Machine-Architecture
+attributeID: 1.2.840.113556.1.4.68
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Machine-Architecture
+adminDescription: Machine-Architecture
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: machineArchitecture
+schemaIDGUID:: r3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Machine-Password-Change-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Machine-Password-Change-Interval
+attributeID: 1.2.840.113556.1.4.520
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Machine-Password-Change-Interval
+adminDescription: Machine-Password-Change-Interval
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: machinePasswordChangeInterval
+schemaIDGUID:: jjW2yTi70BGv7wAA+ANnwQ==
+attributeSecurityGUID:: /omboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Machine-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Machine-Role
+attributeID: 1.2.840.113556.1.4.71
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Machine-Role
+adminDescription: Machine-Role
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: machineRole
+schemaFlagsEx: 1
+schemaIDGUID:: snmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Machine-Wide-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Machine-Wide-Policy
+attributeID: 1.2.840.113556.1.4.459
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Machine-Wide-Policy
+adminDescription: Machine-Wide-Policy
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: machineWidePolicy
+schemaIDGUID:: T36mgCKf0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: AYqboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Managed-By,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Managed-By
+attributeID: 1.2.840.113556.1.4.653
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+mAPIID: 32780
+linkID: 72
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Managed-By
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Managed-By
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: managedBy
+schemaFlagsEx: 1
+schemaIDGUID:: IMGWAtpA0RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Managed-Objects,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Managed-Objects
+attributeID: 1.2.840.113556.1.4.654
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 32804
+linkID: 73
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Managed-Objects
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Managed-Objects
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: managedObjects
+schemaIDGUID:: JMGWAtpA0RGpwAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Manager,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Manager
+attributeID: 0.9.2342.19200300.100.1.10
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+mAPIID: 32773
+linkID: 42
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Manager
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Manager
+oMSyntax: 127
+searchFlags: 16
+lDAPDisplayName: manager
+schemaIDGUID:: tXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MAPI-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MAPI-ID
+attributeID: 1.2.840.113556.1.2.49
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 32974
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MAPI-ID
+adminDescription: MAPI-ID
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mAPIID
+schemaFlagsEx: 1
+schemaIDGUID:: t3mWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Marshalled-Interface,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Marshalled-Interface
+attributeID: 1.2.840.113556.1.4.72
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Marshalled-Interface
+adminDescription: Marshalled-Interface
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: marshalledInterface
+schemaIDGUID:: uXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Mastered-By,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Mastered-By
+attributeID: 1.2.840.113556.1.4.1409
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 77
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Mastered-By
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Mastered-By
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: masteredBy
+schemaFlagsEx: 1
+schemaIDGUID:: 4GSO5MkS0xGRAgDAT9kasQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Max-Pwd-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Max-Pwd-Age
+attributeID: 1.2.840.113556.1.4.74
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Max-Pwd-Age
+adminDescription: Max-Pwd-Age
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: maxPwdAge
+schemaFlagsEx: 1
+schemaIDGUID:: u3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Max-Renew-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Max-Renew-Age
+attributeID: 1.2.840.113556.1.4.75
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Max-Renew-Age
+adminDescription: Max-Renew-Age
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: maxRenewAge
+schemaFlagsEx: 1
+schemaIDGUID:: vHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Max-Storage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Max-Storage
+attributeID: 1.2.840.113556.1.4.76
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Max-Storage
+adminDescription: Max-Storage
+oMSyntax: 65
+searchFlags: 16
+lDAPDisplayName: maxStorage
+schemaIDGUID:: vXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Max-Ticket-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Max-Ticket-Age
+attributeID: 1.2.840.113556.1.4.77
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Max-Ticket-Age
+adminDescription: Max-Ticket-Age
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: maxTicketAge
+schemaFlagsEx: 1
+schemaIDGUID:: vnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=May-Contain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: May-Contain
+attributeID: 1.2.840.113556.1.2.25
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: May-Contain
+adminDescription: May-Contain
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: mayContain
+schemaFlagsEx: 1
+schemaIDGUID:: v3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingAdvertiseScope,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingAdvertiseScope
+attributeID: 1.2.840.113556.1.4.582
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingAdvertiseScope
+adminDescription: meetingAdvertiseScope
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingAdvertiseScope
+schemaIDGUID:: i8y2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingApplication,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingApplication
+attributeID: 1.2.840.113556.1.4.573
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingApplication
+adminDescription: meetingApplication
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingApplication
+schemaIDGUID:: g8y2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingBandwidth,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingBandwidth
+attributeID: 1.2.840.113556.1.4.589
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingBandwidth
+adminDescription: meetingBandwidth
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: meetingBandwidth
+schemaIDGUID:: ksy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingBlob,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingBlob
+attributeID: 1.2.840.113556.1.4.590
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingBlob
+adminDescription: meetingBlob
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: meetingBlob
+schemaIDGUID:: k8y2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingContactInfo,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingContactInfo
+attributeID: 1.2.840.113556.1.4.578
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingContactInfo
+adminDescription: meetingContactInfo
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingContactInfo
+schemaIDGUID:: h8y2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingDescription,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingDescription
+attributeID: 1.2.840.113556.1.4.567
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingDescription
+adminDescription: meetingDescription
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingDescription
+schemaIDGUID:: fsy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingEndTime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingEndTime
+attributeID: 1.2.840.113556.1.4.588
+attributeSyntax: 2.5.5.11
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingEndTime
+adminDescription: meetingEndTime
+oMSyntax: 23
+searchFlags: 0
+lDAPDisplayName: meetingEndTime
+schemaIDGUID:: kcy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingID
+attributeID: 1.2.840.113556.1.4.565
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingID
+adminDescription: meetingID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingID
+schemaIDGUID:: fMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingIP,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingIP
+attributeID: 1.2.840.113556.1.4.580
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingIP
+adminDescription: meetingIP
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingIP
+schemaIDGUID:: icy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingIsEncrypted,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingIsEncrypted
+attributeID: 1.2.840.113556.1.4.585
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingIsEncrypted
+adminDescription: meetingIsEncrypted
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingIsEncrypted
+schemaIDGUID:: jsy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingKeyword,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingKeyword
+attributeID: 1.2.840.113556.1.4.568
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingKeyword
+adminDescription: meetingKeyword
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingKeyword
+schemaIDGUID:: f8y2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingLanguage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingLanguage
+attributeID: 1.2.840.113556.1.4.574
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingLanguage
+adminDescription: meetingLanguage
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingLanguage
+schemaIDGUID:: hMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingLocation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingLocation
+attributeID: 1.2.840.113556.1.4.569
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingLocation
+adminDescription: meetingLocation
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingLocation
+schemaIDGUID:: gMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingMaxParticipants,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingMaxParticipants
+attributeID: 1.2.840.113556.1.4.576
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingMaxParticipants
+adminDescription: meetingMaxParticipants
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: meetingMaxParticipants
+schemaIDGUID:: hcy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingName
+attributeID: 1.2.840.113556.1.4.566
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingName
+adminDescription: meetingName
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingName
+schemaIDGUID:: fcy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingOriginator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingOriginator
+attributeID: 1.2.840.113556.1.4.577
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingOriginator
+adminDescription: meetingOriginator
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingOriginator
+schemaIDGUID:: hsy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingOwner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingOwner
+attributeID: 1.2.840.113556.1.4.579
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingOwner
+adminDescription: meetingOwner
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingOwner
+schemaIDGUID:: iMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingProtocol,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingProtocol
+attributeID: 1.2.840.113556.1.4.570
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingProtocol
+adminDescription: meetingProtocol
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingProtocol
+schemaIDGUID:: gcy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingRating,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingRating
+attributeID: 1.2.840.113556.1.4.584
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingRating
+adminDescription: meetingRating
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingRating
+schemaIDGUID:: jcy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingRecurrence,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingRecurrence
+attributeID: 1.2.840.113556.1.4.586
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingRecurrence
+adminDescription: meetingRecurrence
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingRecurrence
+schemaIDGUID:: j8y2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingScope,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingScope
+attributeID: 1.2.840.113556.1.4.581
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingScope
+adminDescription: meetingScope
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingScope
+schemaIDGUID:: isy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingStartTime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingStartTime
+attributeID: 1.2.840.113556.1.4.587
+attributeSyntax: 2.5.5.11
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingStartTime
+adminDescription: meetingStartTime
+oMSyntax: 23
+searchFlags: 0
+lDAPDisplayName: meetingStartTime
+schemaIDGUID:: kMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingType
+attributeID: 1.2.840.113556.1.4.571
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingType
+adminDescription: meetingType
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingType
+schemaIDGUID:: gsy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingURL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingURL
+attributeID: 1.2.840.113556.1.4.583
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingURL
+adminDescription: meetingURL
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingURL
+schemaIDGUID:: jMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Member
+attributeID: 2.5.4.31
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 32777
+linkID: 2
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Member
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Member
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: member
+schemaFlagsEx: 1
+schemaIDGUID:: wHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: QMIKvKl50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MemberNisNetgroup,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MemberNisNetgroup
+attributeID: 1.3.6.1.1.1.1.13
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 153600
+showInAdvancedViewOnly: TRUE
+adminDisplayName: memberNisNetgroup
+adminDescription: 
+ A multivalued attribute that holds the list of netgroups that are members of t
+ his netgroup.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: memberNisNetgroup
+schemaIDGUID:: 3BdqD+VT6EuUQo884vkBKg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MemberUid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MemberUid
+attributeID: 1.3.6.1.1.1.1.12
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 256000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: memberUid
+adminDescription: 
+ This multivalued attribute holds the login names of the members of a group.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: memberUid
+schemaIDGUID:: NrLaAy5nYU+rZPd9LcL/qw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MHS-OR-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MHS-OR-Address
+attributeID: 1.2.840.113556.1.4.650
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MHS-OR-Address
+adminDescription: MHS-OR-Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mhsORAddress
+schemaIDGUID:: IsGWAtpA0RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Min-Pwd-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Min-Pwd-Age
+attributeID: 1.2.840.113556.1.4.78
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Min-Pwd-Age
+adminDescription: Min-Pwd-Age
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: minPwdAge
+schemaFlagsEx: 1
+schemaIDGUID:: wnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Min-Pwd-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Min-Pwd-Length
+attributeID: 1.2.840.113556.1.4.79
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Min-Pwd-Length
+adminDescription: Min-Pwd-Length
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: minPwdLength
+schemaFlagsEx: 1
+schemaIDGUID:: w3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Min-Ticket-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Min-Ticket-Age
+attributeID: 1.2.840.113556.1.4.80
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Min-Ticket-Age
+adminDescription: Min-Ticket-Age
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: minTicketAge
+schemaFlagsEx: 1
+schemaIDGUID:: xHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Modified-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Modified-Count
+attributeID: 1.2.840.113556.1.4.168
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Modified-Count
+adminDescription: Modified-Count
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: modifiedCount
+schemaFlagsEx: 1
+schemaIDGUID:: xXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Modified-Count-At-Last-Prom,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Modified-Count-At-Last-Prom
+attributeID: 1.2.840.113556.1.4.81
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Modified-Count-At-Last-Prom
+adminDescription: Modified-Count-At-Last-Prom
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: modifiedCountAtLastProm
+schemaFlagsEx: 1
+schemaIDGUID:: xnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Modify-Time-Stamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Modify-Time-Stamp
+attributeID: 2.5.18.2
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Modify-Time-Stamp
+adminDescription: Modify-Time-Stamp
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: modifyTimeStamp
+schemaFlagsEx: 1
+schemaIDGUID:: Stl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Moniker,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Moniker
+attributeID: 1.2.840.113556.1.4.82
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Moniker
+adminDescription: Moniker
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: moniker
+schemaIDGUID:: x3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Moniker-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Moniker-Display-Name
+attributeID: 1.2.840.113556.1.4.83
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Moniker-Display-Name
+adminDescription: Moniker-Display-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: monikerDisplayName
+schemaIDGUID:: yHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Move-Tree-State,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Move-Tree-State
+attributeID: 1.2.840.113556.1.4.1305
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Move-Tree-State
+adminDescription: Move-Tree-State
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: moveTreeState
+schemaIDGUID:: yMIqH3E70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Central-Access-Policy-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Authz-Central-Access-Policy-ID
+attributeID: 1.2.840.113556.1.4.2154
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Central-Access-Policy-ID
+adminDescription: 
+ For a Central Access Policy, this attribute defines a GUID that can be used to
+  identify the set of policies when applied to a resource.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msAuthz-CentralAccessPolicyID
+schemaIDGUID:: YJvyYnS+MEaUVi9mkZk6hg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Effective-Security-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Authz-Effective-Security-Policy
+attributeID: 1.2.840.113556.1.4.2150
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Security-Policy
+adminDescription: 
+ For a central access rule, this attribute defines the permission that is apply
+ ing to the target resources on the central access rule.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msAuthz-EffectiveSecurityPolicy
+schemaIDGUID:: GRmDB5SPtk+KQpFUXcza0w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Last-Effective-Security-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Authz-Last-Effective-Security-Policy
+attributeID: 1.2.840.113556.1.4.2152
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Last-Effective-Security-Policy
+adminDescription: 
+ For a central access rule, this attribute defines the permission that was last
+  applied to the objects the Central Access Rule is applied to.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msAuthz-LastEffectiveSecurityPolicy
+schemaIDGUID:: xoUWji8+okiljVrw6nifoA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Member-Rules-In-Central-Access-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Authz-Member-Rules-In-Central-Access-Policy
+attributeID: 1.2.840.113556.1.4.2155
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2184
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Member-Rules-In-Central-Access-Policy
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a central access policy, this attribute identifies the central access rule
+ s that comprise the policy.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msAuthz-MemberRulesInCentralAccessPolicy
+schemaIDGUID:: ei/yV343w0KYcs7G8h0uPg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Member-Rules-In-Central-Access-Policy-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Authz-Member-Rules-In-Central-Access-Policy-BL
+attributeID: 1.2.840.113556.1.4.2156
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2185
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Member-Rules-In-Central-Access-Policy-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-Authz-Member-Rules-In-Central-Access-Policy. For a central acc
+ ess rule object, this attribute references one or more central access policies
+  that point to it.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msAuthz-MemberRulesInCentralAccessPolicyBL
+schemaIDGUID:: z2duUd3+lES7OrxQapSIkQ==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Proposed-Security-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Authz-Proposed-Security-Policy
+attributeID: 1.2.840.113556.1.4.2151
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Proposed-Security-Policy
+adminDescription: 
+ For a Central Access Policy Entry, defines the proposed security policy of the
+  objects the CAPE is applied to.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msAuthz-ProposedSecurityPolicy
+schemaIDGUID:: zr5GubUJakuyWktjozDoDg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Resource-Condition,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Authz-Resource-Condition
+attributeID: 1.2.840.113556.1.4.2153
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Resource-Condition
+adminDescription: 
+ For a central access rule, this attribute is an expression that identifies the
+  scope of the target resource to which the policy applies.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msAuthz-ResourceCondition
+schemaIDGUID:: d3iZgHT4aEyGTW5QioO9vQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-DefaultPartitionLink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-COM-DefaultPartitionLink
+attributeID: 1.2.840.113556.1.4.1427
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-DefaultPartitionLink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Link to a the default Partition for the PartitionSet. Default = adminDisplayNa
+ me
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msCOM-DefaultPartitionLink
+schemaIDGUID:: 9xCLmRqqZEO4Z3U9GX/mcA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-ObjectId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-COM-ObjectId
+attributeID: 1.2.840.113556.1.4.1428
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-ObjectId
+adminDescription: Object ID that COM+ uses. Default = adminDisplayName
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msCOM-ObjectId
+schemaIDGUID:: i2cPQ5+I8kGYQyA7WmVXLw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-PartitionLink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-COM-PartitionLink
+attributeID: 1.2.840.113556.1.4.1423
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 1040
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-PartitionLink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Link from a PartitionSet to a Partition. Default = adminDisplayName
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msCOM-PartitionLink
+schemaIDGUID:: YqyrCT8EAkesK2yhXu5XVA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-PartitionSetLink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-COM-PartitionSetLink
+attributeID: 1.2.840.113556.1.4.1424
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 1041
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-PartitionSetLink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Link from a Partition to a PartitionSet. Default = adminDisplayName
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msCOM-PartitionSetLink
+schemaIDGUID:: 3CHxZwJ9fUyC9ZrUyVCsNA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-UserLink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-COM-UserLink
+attributeID: 1.2.840.113556.1.4.1425
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 1049
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-UserLink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Link from a PartitionSet to a User. Default = adminDisplayName
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msCOM-UserLink
+schemaIDGUID:: TTpvniwkN0+waDa1f5/IUg==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-UserPartitionSetLink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-COM-UserPartitionSetLink
+attributeID: 1.2.840.113556.1.4.1426
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 1048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-UserPartitionSetLink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Link from a User to a PartitionSet. Default = adminDisplayName
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msCOM-UserPartitionSetLink
+schemaIDGUID:: igyUjnfkZ0Owjf8v+ULc1w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Comment-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Comment-v2
+attributeID: 1.2.840.113556.1.4.2036
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32766
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Comment-v2
+adminDescription: Comment associated with DFS root/link.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFS-Commentv2
+schemaIDGUID:: yc6Gt/1hI0WywVzrOGC7Mg==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Generation-GUID-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Generation-GUID-v2
+attributeID: 1.2.840.113556.1.4.2032
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Generation-GUID-v2
+adminDescription: 
+ To be updated each time the entry containing this attribute is modified.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFS-GenerationGUIDv2
+schemaIDGUID:: 2bO4NY/F1kOTDlBA8vGngQ==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Last-Modified-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Last-Modified-v2
+attributeID: 1.2.840.113556.1.4.2034
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Last-Modified-v2
+adminDescription: 
+ To be updated on each write to the entry containing the attribute.
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: msDFS-LastModifiedv2
+schemaIDGUID:: il4JPE4xW0aD9auCd7zymw==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Link-Identity-GUID-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Link-Identity-GUID-v2
+attributeID: 1.2.840.113556.1.4.2041
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Link-Identity-GUID-v2
+adminDescription: 
+ To be set only when the link is created. Stable across rename/move as long as 
+ link is not replaced by another link having same name.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFS-LinkIdentityGUIDv2
+schemaIDGUID:: 8yew7SZX7k2NTtvwfhrR8Q==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Link-Path-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Link-Path-v2
+attributeID: 1.2.840.113556.1.4.2039
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32766
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Link-Path-v2
+adminDescription: 
+ DFS link path relative to the DFS root target share (i.e. without the server/d
+ omain and DFS namespace name components). Use forward slashes (/) instead of b
+ ackslashes so that LDAP searches can be done without having to use escapes.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFS-LinkPathv2
+schemaIDGUID:: 9iGwhqsQokCiUh3AzDvmqQ==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Link-Security-Descriptor-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Link-Security-Descriptor-v2
+attributeID: 1.2.840.113556.1.4.2040
+attributeSyntax: 2.5.5.15
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Link-Security-Descriptor-v2
+adminDescription: 
+ Security descriptor of the DFS links's reparse point on the filesystem.
+oMSyntax: 66
+searchFlags: 0
+lDAPDisplayName: msDFS-LinkSecurityDescriptorv2
+schemaIDGUID:: 94fPVyY0QUizIgKztunrqA==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Namespace-Identity-GUID-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Namespace-Identity-GUID-v2
+attributeID: 1.2.840.113556.1.4.2033
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Namespace-Identity-GUID-v2
+adminDescription: 
+ To be set only when the namespace is created. Stable across rename/move as lon
+ g as namespace is not replaced by another namespace having same name.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFS-NamespaceIdentityGUIDv2
+schemaIDGUID:: zjIEIF/sMUmlJdf0r+NOaA==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Properties-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Properties-v2
+attributeID: 1.2.840.113556.1.4.2037
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Properties-v2
+adminDescription: Properties associated with DFS root/link.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFS-Propertiesv2
+schemaIDGUID:: xVs+DA7r9UCbUzNOlY3/2w==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Schema-Major-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Schema-Major-Version
+attributeID: 1.2.840.113556.1.4.2030
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 2
+rangeUpper: 2
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Schema-Major-Version
+adminDescription: Major version of schema of DFS metadata.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFS-SchemaMajorVersion
+schemaIDGUID:: VXht7EpwYU+apsSafB1Uxw==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Schema-Minor-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Schema-Minor-Version
+attributeID: 1.2.840.113556.1.4.2031
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Schema-Minor-Version
+adminDescription: Minor version of schema of DFS metadata.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFS-SchemaMinorVersion
+schemaIDGUID:: Jaf5/vHoq0O9hmoBFc6eOA==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Short-Name-Link-Path-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Short-Name-Link-Path-v2
+attributeID: 1.2.840.113556.1.4.2042
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32766
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Short-Name-Link-Path-v2
+adminDescription: 
+ Shortname DFS link path relative to the DFS root target share (i.e. without th
+ e server/domain and DFS namespace name components). Use forward slashes (/) in
+ stead of backslashes so that LDAP searches can be done without having to use e
+ scapes.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFS-ShortNameLinkPathv2
+schemaIDGUID:: 8CZ4LfdM6UKgOREQ4NnKmQ==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Target-List-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Target-List-v2
+attributeID: 1.2.840.113556.1.4.2038
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2097152
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Target-List-v2
+adminDescription: Targets corresponding to DFS root/link.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFS-TargetListv2
+schemaIDGUID:: xiaxakH6NkuAnnypFhDUjw==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Ttl-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Ttl-v2
+attributeID: 1.2.840.113556.1.4.2035
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Ttl-v2
+adminDescription: 
+ TTL associated with DFS root/link. For use at DFS referral time.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFS-Ttlv2
+schemaIDGUID:: MU2U6kqGSUOtpQYuLGFPXg==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-CachePolicy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-CachePolicy
+attributeID: 1.2.840.113556.1.6.13.3.29
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-CachePolicy
+adminDescription: On-demand cache policy options
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-CachePolicy
+schemaIDGUID:: 5wh623b8aUWkX/XstmqItQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-CommonStagingPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-CommonStagingPath
+attributeID: 1.2.840.113556.1.6.13.3.38
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-CommonStagingPath
+adminDescription: Full path of the common staging directory
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-CommonStagingPath
+schemaIDGUID:: Qaxuk1fSuUu9VfMQo88JrQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-CommonStagingSizeInMb,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-CommonStagingSizeInMb
+attributeID: 1.2.840.113556.1.6.13.3.39
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: -1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-CommonStagingSizeInMb
+adminDescription: Size of the common staging directory in MB
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDFSR-CommonStagingSizeInMb
+schemaIDGUID:: DrBeE0ZIi0WOoqN1Wa/UBQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ComputerReference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ComputerReference
+attributeID: 1.2.840.113556.1.6.13.3.101
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2050
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ComputerReference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Forward link to Computer object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDFSR-ComputerReference
+schemaIDGUID:: hVd7bCE9v0GKimJ5QVRNWg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ComputerReferenceBL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ComputerReferenceBL
+attributeID: 1.2.840.113556.1.6.13.3.103
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2051
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ComputerReferenceBL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Backlink attribute for ms-DFSR-ComputerReference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDFSR-ComputerReferenceBL
+schemaIDGUID:: 1ya1XhvXrkSMxpVGAFLmrA==
+systemFlags: 1
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ConflictPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ConflictPath
+attributeID: 1.2.840.113556.1.6.13.3.7
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ConflictPath
+adminDescription: Full path of the conflict directory
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-ConflictPath
+schemaIDGUID:: yLzwXPdg/0u9pq6gNE6xUQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ConflictSizeInMb,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ConflictSizeInMb
+attributeID: 1.2.840.113556.1.6.13.3.8
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: -1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ConflictSizeInMb
+adminDescription: Size of the Conflict directory in MB
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDFSR-ConflictSizeInMb
+schemaIDGUID:: yT/Tms+qmUK7PtH8bqiOSQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ContentSetGuid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ContentSetGuid
+attributeID: 1.2.840.113556.1.6.13.3.18
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ContentSetGuid
+adminDescription: DFSR Content set guid
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFSR-ContentSetGuid
+schemaIDGUID:: 4ag1EKhnIUy3uwMc35nXoA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DefaultCompressionExclusionFilter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DefaultCompressionExclusionFilter
+attributeID: 1.2.840.113556.1.6.13.3.34
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-DefaultCompressionExclusionFilter
+adminDescription: 
+ Filter string containing extensions of file types not to be compressed
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-DefaultCompressionExclusionFilter
+schemaIDGUID:: 1RuBh4vNy0WfXZgPOp4Mlw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DeletedPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DeletedPath
+attributeID: 1.2.840.113556.1.6.13.3.26
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-DeletedPath
+adminDescription: Full path of the Deleted directory
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-DeletedPath
+schemaIDGUID:: uPB8gZXbFEm4M1oHnvZXZA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DeletedSizeInMb,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DeletedSizeInMb
+attributeID: 1.2.840.113556.1.6.13.3.27
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeUpper: -1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-DeletedSizeInMb
+adminDescription: Size of the Deleted directory in MB
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDFSR-DeletedSizeInMb
+schemaIDGUID:: 0ZrtU3WZ9EGD9QwGGhJVOg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DfsLinkTarget,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DfsLinkTarget
+attributeID: 1.2.840.113556.1.6.13.3.24
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-DfsLinkTarget
+adminDescription: Link target used for the subscription
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-DfsLinkTarget
+schemaIDGUID:: qVu49/k7j0KqtC7ubVbwYw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DfsPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DfsPath
+attributeID: 1.2.840.113556.1.6.13.3.21
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-DfsPath
+adminDescription: Full path of associated DFS link
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDFSR-DfsPath
+schemaIDGUID:: 4gPJLIw5O0Sshv9rAerHug==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DirectoryFilter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DirectoryFilter
+attributeID: 1.2.840.113556.1.6.13.3.13
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-DirectoryFilter
+adminDescription: Filter string applied to directories
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-DirectoryFilter
+schemaIDGUID:: d7THky4fQEu3vwB+jQOMzw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DisablePacketPrivacy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DisablePacketPrivacy
+attributeID: 1.2.840.113556.1.6.13.3.32
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-DisablePacketPrivacy
+adminDescription: Disable packet privacy on a connection
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDFSR-DisablePacketPrivacy
+schemaIDGUID:: 5e2Eah50/UOd1qoPYVeGIQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Enabled
+attributeID: 1.2.840.113556.1.6.13.3.9
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Enabled
+adminDescription: Specify if the object enabled
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDFSR-Enabled
+schemaIDGUID:: 52pyA32ORkSKrqkWV8AJkw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Extension,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Extension
+attributeID: 1.2.840.113556.1.6.13.3.2
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Extension
+adminDescription: DFSR Extension attribute
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFSR-Extension
+schemaIDGUID:: 7BHweGanGUutz3uB7XgaTQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-FileFilter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-FileFilter
+attributeID: 1.2.840.113556.1.6.13.3.12
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-FileFilter
+adminDescription: Filter string applied to files
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-FileFilter
+schemaIDGUID:: rHCC1tylQUimrM1ovjjBgQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Flags
+attributeID: 1.2.840.113556.1.6.13.3.16
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Flags
+adminDescription: DFSR Object Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-Flags
+schemaIDGUID:: lVZR/mE/yEWb+hnBSMV7CQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Keywords,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Keywords
+attributeID: 1.2.840.113556.1.6.13.3.15
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Keywords
+adminDescription: User defined keywords
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-Keywords
+schemaIDGUID:: kkaLBCdiZ0ugdMRDcIPhSw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-MaxAgeInCacheInMin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-MaxAgeInCacheInMin
+attributeID: 1.2.840.113556.1.6.13.3.31
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeUpper: 2147483647
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-MaxAgeInCacheInMin
+adminDescription: Maximum time in minutes to keep files in full form
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-MaxAgeInCacheInMin
+schemaIDGUID:: jeSwKk6s/EqD5aNCQNthmA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-MemberReference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-MemberReference
+attributeID: 1.2.840.113556.1.6.13.3.100
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2052
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-MemberReference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Forward link to DFSR-Member object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDFSR-MemberReference
+schemaIDGUID:: qjcTJsPxskS76siNSebwxw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-MemberReferenceBL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-MemberReferenceBL
+attributeID: 1.2.840.113556.1.6.13.3.102
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2053
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-MemberReferenceBL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Backlink attribute for ms-DFSR-MemberReference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDFSR-MemberReferenceBL
+schemaIDGUID:: xmLerYAY7UG9PDC30l4U8A==
+systemFlags: 1
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-MinDurationCacheInMin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-MinDurationCacheInMin
+attributeID: 1.2.840.113556.1.6.13.3.30
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeUpper: 2147483647
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-MinDurationCacheInMin
+adminDescription: Minimum time in minutes before truncating files
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-MinDurationCacheInMin
+schemaIDGUID:: emBdTEnOSkSYYoKpX10fzA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-OnDemandExclusionDirectoryFilter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-OnDemandExclusionDirectoryFilter
+attributeID: 1.2.840.113556.1.6.13.3.36
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-OnDemandExclusionDirectoryFilter
+adminDescription: Filter string applied to on demand replication directories
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-OnDemandExclusionDirectoryFilter
+schemaIDGUID:: /zpSfRKQskmZJfkioAGGVg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-OnDemandExclusionFileFilter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-OnDemandExclusionFileFilter
+attributeID: 1.2.840.113556.1.6.13.3.35
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-OnDemandExclusionFileFilter
+adminDescription: Filter string applied to on demand replication files
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-OnDemandExclusionFileFilter
+schemaIDGUID:: 3FmDpoGl5k6QFVOCxg8PtA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Options,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Options
+attributeID: 1.2.840.113556.1.6.13.3.17
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Options
+adminDescription: DFSR object options
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-Options
+schemaIDGUID:: hHDW1iDHfUGGR7aWI3oRTA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Options2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Options2
+attributeID: 1.2.840.113556.1.6.13.3.37
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-Options2
+adminDescription: Object Options2
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-Options2
+schemaIDGUID:: GEPiEaZMSU+a/uXrGvo0cw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Priority
+attributeID: 1.2.840.113556.1.6.13.3.25
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-Priority
+adminDescription: Priority level
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-Priority
+schemaIDGUID:: 1ucg660y3kKxQRatJjGwGw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-RdcEnabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-RdcEnabled
+attributeID: 1.2.840.113556.1.6.13.3.19
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-RdcEnabled
+adminDescription: Enable and disable RDC
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDFSR-RdcEnabled
+schemaIDGUID:: BU6046f0eECnMPSGcKdD+A==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-RdcMinFileSizeInKb,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-RdcMinFileSizeInKb
+attributeID: 1.2.840.113556.1.6.13.3.20
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: -1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-RdcMinFileSizeInKb
+adminDescription: Minimum file size to apply RDC
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDFSR-RdcMinFileSizeInKb
+schemaIDGUID:: MKMC9OWswU2MyXTZAL+K4A==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ReadOnly,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ReadOnly
+attributeID: 1.2.840.113556.1.6.13.3.28
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-ReadOnly
+adminDescription: Specify whether the content is read-only or read-write
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDFSR-ReadOnly
+schemaIDGUID:: IYDEWkfk50adI5LAxqkN+w==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ReplicationGroupGuid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ReplicationGroupGuid
+attributeID: 1.2.840.113556.1.6.13.3.23
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ReplicationGroupGuid
+adminDescription: Replication group guid
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDFSR-ReplicationGroupGuid
+schemaIDGUID:: loetLRl2+E+Wbgpcxnsofw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ReplicationGroupType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ReplicationGroupType
+attributeID: 1.2.840.113556.1.6.13.3.10
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ReplicationGroupType
+adminDescription: Type of Replication Group
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-ReplicationGroupType
+schemaIDGUID:: yA/t7gEQ7UWAzLv3RJMHIA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-RootFence,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-RootFence
+attributeID: 1.2.840.113556.1.6.13.3.22
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-RootFence
+adminDescription: Root directory fence value
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-RootFence
+schemaIDGUID:: lI6SUdgsvkq1UuUEEkRDcA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-RootPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-RootPath
+attributeID: 1.2.840.113556.1.6.13.3.3
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-RootPath
+adminDescription: Full path of the root directory
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-RootPath
+schemaIDGUID:: wejV1x/mT0afzyC74KLsVA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-RootSizeInMb,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-RootSizeInMb
+attributeID: 1.2.840.113556.1.6.13.3.4
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-RootSizeInMb
+adminDescription: Size of the root directory in MB
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDFSR-RootSizeInMb
+schemaIDGUID:: rGm3kBNEz0OteoZxQudAow==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Schedule,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Schedule
+attributeID: 1.2.840.113556.1.6.13.3.14
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 336
+rangeUpper: 336
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Schedule
+adminDescription: DFSR Replication schedule
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFSR-Schedule
+schemaIDGUID:: X/GZRh+n4kif9ViXwHWSBQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-StagingCleanupTriggerInPercent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-StagingCleanupTriggerInPercent
+attributeID: 1.2.840.113556.1.6.13.3.40
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-StagingCleanupTriggerInPercent
+adminDescription: Staging cleanup trigger in percent of free disk space
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-StagingCleanupTriggerInPercent
+schemaIDGUID:: I5xL1vrhe0azF2lk10TWMw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-StagingPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-StagingPath
+attributeID: 1.2.840.113556.1.6.13.3.5
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-StagingPath
+adminDescription: Full path of the staging directory
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-StagingPath
+schemaIDGUID:: nqa5hqbwXUCZu3fZd5ksKg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-StagingSizeInMb,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-StagingSizeInMb
+attributeID: 1.2.840.113556.1.6.13.3.6
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: -1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-StagingSizeInMb
+adminDescription: Size of the staging directory in MB
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDFSR-StagingSizeInMb
+schemaIDGUID:: II8KJfz2WUWuZeSyTGeuvg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-TombstoneExpiryInMin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-TombstoneExpiryInMin
+attributeID: 1.2.840.113556.1.6.13.3.11
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2147483647
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-TombstoneExpiryInMin
+adminDescription: Tombstone record lifetime in minutes
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-TombstoneExpiryInMin
+schemaIDGUID:: TF3jIyTjYUiiL+GZFA2uAA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Version
+attributeID: 1.2.840.113556.1.6.13.3.1
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Version
+adminDescription: DFSR version number
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-Version
+schemaIDGUID:: CBSGGsM46km6dYVIGnfGVQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-DNSKEY-Record-Set-TTL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-DNSKEY-Record-Set-TTL
+attributeID: 1.2.840.113556.1.4.2139
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2592000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-DNSKEY-Record-Set-TTL
+adminDescription: 
+ An attribute that defines the time-to-live (TTL) value assigned to DNSKEY reco
+ rds when signing the DNS zone.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-DNSKEYRecordSetTTL
+schemaIDGUID:: fzFOj9coLESm3x9JH5ezJg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-DNSKEY-Records,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-DNSKEY-Records
+attributeID: 1.2.840.113556.1.4.2145
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 10000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-DNSKEY-Records
+adminDescription: 
+ An attribute that contains the DNSKEY record set for the root of the DNS zone 
+ and the root key signing key signature records.
+oMSyntax: 4
+searchFlags: 8
+lDAPDisplayName: msDNS-DNSKEYRecords
+schemaIDGUID:: 9VjEKC1gyUqnfLPxvlA6fg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-DS-Record-Algorithms,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-DS-Record-Algorithms
+attributeID: 1.2.840.113556.1.4.2134
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-DS-Record-Algorithms
+adminDescription: 
+ An attribute used to define the algorithms used when writing the dsset file du
+ ring zone signing.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-DSRecordAlgorithms
+schemaIDGUID:: 0npbXPogu0S+szS5wPZVeQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-DS-Record-Set-TTL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-DS-Record-Set-TTL
+attributeID: 1.2.840.113556.1.4.2140
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2592000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-DS-Record-Set-TTL
+adminDescription: 
+ An attribute that defines the time-to-live (TTL) value assigned to DS records 
+ when signing the DNS zone.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-DSRecordSetTTL
+schemaIDGUID:: fJuGKcRk/kKX1fvC+hJBYA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Is-Signed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Is-Signed
+attributeID: 1.2.840.113556.1.4.2130
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Is-Signed
+adminDescription: 
+ An attribute used to define whether or not the DNS zone is signed.
+oMSyntax: 1
+searchFlags: 8
+lDAPDisplayName: msDNS-IsSigned
+schemaIDGUID:: TIUSqvzYXk2RyjaLjYKb7g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Keymaster-Zones,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Keymaster-Zones
+attributeID: 1.2.840.113556.1.4.2128
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Keymaster-Zones
+adminDescription: 
+ A list of Active Directory-integrated zones for which the DNS server is the ke
+ ymaster.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDNS-KeymasterZones
+schemaIDGUID:: O93gCxoEjEGs6S8X0j6dQg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Maintain-Trust-Anchor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Maintain-Trust-Anchor
+attributeID: 1.2.840.113556.1.4.2133
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Maintain-Trust-Anchor
+adminDescription: 
+ An attribute used to define the type of trust anchor to automatically publish 
+ in the forest-wide trust anchor store when the DNS zone is signed.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-MaintainTrustAnchor
+schemaIDGUID:: wWPADdlSVkSeFZwkNKr9lA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-NSEC3-Current-Salt,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-NSEC3-Current-Salt
+attributeID: 1.2.840.113556.1.4.2149
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 510
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-NSEC3-Current-Salt
+adminDescription: 
+ An attribute that defines the current NSEC3 salt string being used to sign the
+  DNS zone.
+oMSyntax: 64
+searchFlags: 8
+lDAPDisplayName: msDNS-NSEC3CurrentSalt
+schemaIDGUID:: MpR9ONGmdESCzQqJquCErg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-NSEC3-Hash-Algorithm,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-NSEC3-Hash-Algorithm
+attributeID: 1.2.840.113556.1.4.2136
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-NSEC3-Hash-Algorithm
+adminDescription: 
+ An attribute that defines the NSEC3 hash algorithm to use when signing the DNS
+  zone.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-NSEC3HashAlgorithm
+schemaIDGUID:: UlWe/7d9OEGIiAXOMgoDIw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-NSEC3-Iterations,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-NSEC3-Iterations
+attributeID: 1.2.840.113556.1.4.2138
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 10000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-NSEC3-Iterations
+adminDescription: 
+ An attribute that defines how many NSEC3 hash iterations to perform when signi
+ ng the DNS zone.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-NSEC3Iterations
+schemaIDGUID:: qwq3gFmJwE6OkxJudt86yg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-NSEC3-OptOut,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-NSEC3-OptOut
+attributeID: 1.2.840.113556.1.4.2132
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-NSEC3-OptOut
+adminDescription: 
+ An attribute used to define whether or not the DNS zone should be signed using
+  NSEC opt-out.
+oMSyntax: 1
+searchFlags: 8
+lDAPDisplayName: msDNS-NSEC3OptOut
+schemaIDGUID:: iCDqe+KMPEKxkWbsUGsVlQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-NSEC3-Random-Salt-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-NSEC3-Random-Salt-Length
+attributeID: 1.2.840.113556.1.4.2137
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-NSEC3-Random-Salt-Length
+adminDescription: 
+ An attribute that defines the length in bytes of the random salt used when sig
+ ning the DNS zone.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-NSEC3RandomSaltLength
+schemaIDGUID:: ZRY2E2yR502lnbHrvQ3hKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-NSEC3-User-Salt,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-NSEC3-User-Salt
+attributeID: 1.2.840.113556.1.4.2148
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 510
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-NSEC3-User-Salt
+adminDescription: 
+ An attribute that defines a user-specified NSEC3 salt string to use when signi
+ ng the DNS zone. If empty, random salt will be used.
+oMSyntax: 64
+searchFlags: 8
+lDAPDisplayName: msDNS-NSEC3UserSalt
+schemaIDGUID:: cGfxryKWvE+hKDCId3YFuQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Parent-Has-Secure-Delegation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Parent-Has-Secure-Delegation
+attributeID: 1.2.840.113556.1.4.2146
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Parent-Has-Secure-Delegation
+adminDescription: 
+ An attribute used to define whether the parental delegation to the DNS zone is
+  secure.
+oMSyntax: 1
+searchFlags: 8
+lDAPDisplayName: msDNS-ParentHasSecureDelegation
+schemaIDGUID:: ZGlcKBrBnkmW2L98daIjxg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Propagation-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Propagation-Time
+attributeID: 1.2.840.113556.1.4.2147
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Propagation-Time
+adminDescription: 
+ An attribute used to define in seconds the expected time required to propagate
+  zone changes through Active Directory.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-PropagationTime
+schemaIDGUID:: Rw00uoEhoEyi9vrkR52rKg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-RFC5011-Key-Rollovers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-RFC5011-Key-Rollovers
+attributeID: 1.2.840.113556.1.4.2135
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-RFC5011-Key-Rollovers
+adminDescription: 
+ An attribute that defines whether or not the DNS zone should be maintained usi
+ ng key rollover procedures defined in RFC 5011.
+oMSyntax: 1
+searchFlags: 8
+lDAPDisplayName: msDNS-RFC5011KeyRollovers
+schemaIDGUID:: QDzZJ1oGwEO92M3yx9Egqg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Secure-Delegation-Polling-Period,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Secure-Delegation-Polling-Period
+attributeID: 1.2.840.113556.1.4.2142
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2592000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Secure-Delegation-Polling-Period
+adminDescription: 
+ An attribute that defines in seconds the time between polling attempts for chi
+ ld zone key rollovers.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-SecureDelegationPollingPeriod
+schemaIDGUID:: vvCw9uSoaESP2cPEe4ci+Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Sign-With-NSEC3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Sign-With-NSEC3
+attributeID: 1.2.840.113556.1.4.2131
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Sign-With-NSEC3
+adminDescription: 
+ An attribute used to define whether or not the DNS zone is signed with NSEC3.
+oMSyntax: 1
+searchFlags: 8
+lDAPDisplayName: msDNS-SignWithNSEC3
+schemaIDGUID:: mSGfx6Ft/0aSPB8/gAxyHg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Signature-Inception-Offset,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Signature-Inception-Offset
+attributeID: 1.2.840.113556.1.4.2141
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2592000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Signature-Inception-Offset
+adminDescription: 
+ An attribute that defines in seconds how far in the past DNSSEC signature vali
+ dity periods should begin when signing the DNS zone.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-SignatureInceptionOffset
+schemaIDGUID:: LsPUAxfiYUqWmXu8RymgJg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Signing-Key-Descriptors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Signing-Key-Descriptors
+attributeID: 1.2.840.113556.1.4.2143
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 10000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Signing-Key-Descriptors
+adminDescription: 
+ An attribute that contains the set of DNSSEC Signing Key Descriptors (SKDs) us
+ ed by the DNS server to generate keys and sign the DNS zone.
+oMSyntax: 4
+searchFlags: 8
+lDAPDisplayName: msDNS-SigningKeyDescriptors
+schemaIDGUID:: zdhDNLblO0+wmGWaAhSgeQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Signing-Keys,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Signing-Keys
+attributeID: 1.2.840.113556.1.4.2144
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 10000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Signing-Keys
+adminDescription: 
+ An attribute that contains the set of encrypted DNSSEC signing keys used by th
+ e DNS server to sign the DNS zone.
+oMSyntax: 4
+searchFlags: 8
+lDAPDisplayName: msDNS-SigningKeys
+schemaIDGUID:: bT5nt9nKnk6zGmPoCY/dYw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DRM-Identity-Certificate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DRM-Identity-Certificate
+attributeID: 1.2.840.113556.1.4.1843
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 10240
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DRM-Identity-Certificate
+adminDescription: 
+ The XrML digital rights management certificates for this user.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDRM-IdentityCertificate
+schemaIDGUID:: BBJe6DQ0rUGbVuKQEij/8A==
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Additional-Dns-Host-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Additional-Dns-Host-Name
+attributeID: 1.2.840.113556.1.4.1717
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Additional-Dns-Host-Name
+adminDescription: ms-DS-Additional-Dns-Host-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AdditionalDnsHostName
+schemaFlagsEx: 1
+schemaIDGUID:: kTeGgOnbuE6Dfn8KtV2axw==
+attributeSecurityGUID:: R5Xjchh70RGt7wDAT9jVzQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Additional-Sam-Account-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Additional-Sam-Account-Name
+attributeID: 1.2.840.113556.1.4.1718
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Additional-Sam-Account-Name
+adminDescription: ms-DS-Additional-Sam-Account-Name
+oMSyntax: 64
+searchFlags: 13
+lDAPDisplayName: msDS-AdditionalSamAccountName
+schemaFlagsEx: 1
+schemaIDGUID:: 33FVl9WkmkKfWc3GWB2R5g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-All-Users-Trust-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-All-Users-Trust-Quota
+attributeID: 1.2.840.113556.1.4.1789
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-All-Users-Trust-Quota
+adminDescription: 
+ Used to enforce a combined users quota on the total number of Trusted-Domain o
+ bjects created by using the control access right, "Create inbound Forest trust
+ ".
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AllUsersTrustQuota
+schemaFlagsEx: 1
+schemaIDGUID:: XEqq0wNOEEiXqisznnpDSw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Allowed-DNS-Suffixes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Allowed-DNS-Suffixes
+attributeID: 1.2.840.113556.1.4.1710
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Allowed-DNS-Suffixes
+adminDescription: Allowed suffixes for dNSHostName on computer
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AllowedDNSSuffixes
+schemaFlagsEx: 1
+schemaIDGUID:: G0RphMSaRU6CBb0hnb9nLQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Allowed-To-Act-On-Behalf-Of-Other-Identity,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Allowed-To-Act-On-Behalf-Of-Other-Identity
+attributeID: 1.2.840.113556.1.4.2182
+attributeSyntax: 2.5.5.15
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Allowed-To-Act-On-Behalf-Of-Other-Identity
+adminDescription: 
+ This attribute is used for access checks to determine if a requestor has permi
+ ssion to act on the behalf of other identities to services running as this acc
+ ount.
+oMSyntax: 66
+searchFlags: 0
+lDAPDisplayName: msDS-AllowedToActOnBehalfOfOtherIdentity
+schemaFlagsEx: 1
+schemaIDGUID:: 5cN4P5r3vUaguJ0YEW3ceQ==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Allowed-To-Delegate-To,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Allowed-To-Delegate-To
+attributeID: 1.2.840.113556.1.4.1787
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Allowed-To-Delegate-To
+adminDescription: 
+ Allowed-To-Delegate-To contains a list of SPNs that are used for Constrained D
+ elegation
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AllowedToDelegateTo
+schemaFlagsEx: 1
+schemaIDGUID:: 15QNgKG3oUKxTXyuFCPQfw==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Applies-To-Resource-Types,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Applies-To-Resource-Types
+attributeID: 1.2.840.113556.1.4.2195
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Applies-To-Resource-Types
+adminDescription: 
+ For a resource property, this attribute indicates what resource types this res
+ ource property applies to.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AppliesToResourceTypes
+schemaFlagsEx: 1
+schemaIDGUID:: BiA/aWRXSj2EOVjwSqtLWQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Approx-Immed-Subordinates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Approx-Immed-Subordinates
+attributeID: 1.2.840.113556.1.4.1669
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Approx-Immed-Subordinates
+adminDescription: ms-DS-Approx-Immed-Subordinates
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-Approx-Immed-Subordinates
+schemaFlagsEx: 1
+schemaIDGUID:: Q9KF4c7220q0lrDABdeCPA==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Approximate-Last-Logon-Time-Stamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Approximate-Last-Logon-Time-Stamp
+attributeID: 1.2.840.113556.1.4.2262
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Approximate-Last-Logon-Time-Stamp
+adminDescription: 
+ The approximate time a user last logged on with from the device.
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: msDS-ApproximateLastLogonTimeStamp
+schemaIDGUID:: O5hPo8aEDE+QUKOhSh01pA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Assigned-AuthN-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Assigned-AuthN-Policy
+attributeID: 1.2.840.113556.1.4.2295
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2212
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Assigned Authentication Policy
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute specifies which AuthNPolicy should be applied to this principal
+ .
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-AssignedAuthNPolicy
+schemaIDGUID:: 2Ap6uPdUwUmEoOZNEoU1iA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Assigned-AuthN-Policy-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Assigned-AuthN-Policy-BL
+attributeID: 1.2.840.113556.1.4.2296
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2213
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Assigned Authentication Policy Backlink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: This attribute is the backlink for msDS-AssignedAuthNPolicy.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-AssignedAuthNPolicyBL
+schemaIDGUID:: PBsTLZ/T7kqBXo20vBznrA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Assigned-AuthN-Policy-Silo,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Assigned-AuthN-Policy-Silo
+attributeID: 1.2.840.113556.1.4.2285
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2202
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Assigned Authentication Policy Silo
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute specifies which AuthNPolicySilo a principal is assigned to.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-AssignedAuthNPolicySilo
+schemaIDGUID:: QcE/svUN6kqzPWz0kwd7Pw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Assigned-AuthN-Policy-Silo-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Assigned-AuthN-Policy-Silo-BL
+attributeID: 1.2.840.113556.1.4.2286
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2203
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Assigned Authentication Policy Silo Backlink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute is the backlink for msDS-AssignedAuthNPolicySilo.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-AssignedAuthNPolicySiloBL
+schemaIDGUID:: FAUUM3r10keOxATEZmYAxw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthenticatedAt-DC,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-AuthenticatedAt-DC
+attributeID: 1.2.840.113556.1.4.1958
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2112
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-AuthenticatedAt-DC
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Forwardlink for ms-DS-AuthenticatedTo-Accountlist; for a User, identifies whic
+ h DC a user has authenticated to
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-AuthenticatedAtDC
+schemaFlagsEx: 1
+schemaIDGUID:: nOkePgRmiUSJ2YR5iolRWg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthenticatedTo-Accountlist,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-AuthenticatedTo-Accountlist
+attributeID: 1.2.840.113556.1.4.1957
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2113
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-AuthenticatedTo-Accountlist
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-DS-AuthenticatedAt-DC; for a Computer, identifies which users 
+ have authenticated to this Computer
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-AuthenticatedToAccountlist
+schemaFlagsEx: 1
+schemaIDGUID:: ccmy6N+mvEeNb2J3DVJ6pQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthN-Policy-Enforced,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-AuthN-Policy-Enforced
+attributeID: 1.2.840.113556.1.4.2297
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication Policy Enforced
+adminDescription: 
+ This attribute specifies whether the authentication policy is enforced.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-AuthNPolicyEnforced
+schemaIDGUID:: wgxWekXsukSy1yEjatWf1Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthN-Policy-Silo-Enforced,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-AuthN-Policy-Silo-Enforced
+attributeID: 1.2.840.113556.1.4.2298
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication Policy Silo Enforced
+adminDescription: 
+ This attribute specifies whether the authentication policy silo is enforced.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-AuthNPolicySiloEnforced
+schemaIDGUID:: AhH18uBrPUmHJhVGzbyHcQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthN-Policy-Silo-Members,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-AuthN-Policy-Silo-Members
+attributeID: 1.2.840.113556.1.4.2287
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2204
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication Policy Silo Members
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute specifies which principals are assigned to the AuthNPolicySilo.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-AuthNPolicySiloMembers
+schemaIDGUID:: BR5NFqZIhkio6XeiAG48dw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthN-Policy-Silo-Members-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-AuthN-Policy-Silo-Members-BL
+attributeID: 1.2.840.113556.1.4.2288
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2205
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication Policy Silo Members Backlink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute is the backlink for msDS-AuthNPolicySiloMembers.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-AuthNPolicySiloMembersBL
+schemaIDGUID:: x8v8EeT7UUm0t63fb579RA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Auxiliary-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Auxiliary-Classes
+attributeID: 1.2.840.113556.1.4.1458
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Auxiliary-Classes
+adminDescription: ms-DS-Auxiliary-Classes
+oMSyntax: 6
+searchFlags: 8
+lDAPDisplayName: msDS-Auxiliary-Classes
+schemaFlagsEx: 1
+schemaIDGUID:: cxCvxFDu4Eu4wImkH+mavg==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Application-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Application-Data
+attributeID: 1.2.840.113556.1.4.1819
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Application-Data
+adminDescription: 
+ A string that is used by individual applications to store whatever information
+  they may need to
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzApplicationData
+schemaIDGUID:: 6MM/UMYcGkaZo57uBPQCpw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Application-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Application-Name
+attributeID: 1.2.840.113556.1.4.1798
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Application-Name
+adminDescription: A string that uniquely identifies an application object
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzApplicationName
+schemaIDGUID:: KAdb2whidkiDt5XT5WlSdQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Application-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Application-Version
+attributeID: 1.2.840.113556.1.4.1817
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Application-Version
+adminDescription: 
+ A version number to indicate that the AzApplication is updated
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzApplicationVersion
+schemaIDGUID:: IKGEccQ6rkeEj/4KsgeE1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Biz-Rule,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Biz-Rule
+attributeID: 1.2.840.113556.1.4.1801
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Biz-Rule
+adminDescription: Text of the script implementing the business rule
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzBizRule
+schemaIDGUID:: qB7UM8nAkkyUlPEEh4QT/Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Biz-Rule-Language,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Biz-Rule-Language
+attributeID: 1.2.840.113556.1.4.1802
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Biz-Rule-Language
+adminDescription: 
+ Language that the business rule script is in (Jscript, VBScript)
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzBizRuleLanguage
+schemaIDGUID:: VkuZUmwOB06qXO+df1oOJQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Class-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Class-ID
+attributeID: 1.2.840.113556.1.4.1816
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 40
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Class-ID
+adminDescription: 
+ A class ID required by the AzRoles UI on the AzApplication object
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzClassId
+schemaIDGUID:: d3I6AS1c70mn3rdls2o/bw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Domain-Timeout,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Domain-Timeout
+attributeID: 1.2.840.113556.1.4.1795
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Domain-Timeout
+adminDescription: 
+ Time (in ms) after a domain is detected to be un-reachable, and before the DC 
+ is tried again
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AzDomainTimeout
+schemaIDGUID:: avVIZHDKLk6wr9IOTOZT0A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Generate-Audits,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Generate-Audits
+attributeID: 1.2.840.113556.1.4.1805
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Generate-Audits
+adminDescription: 
+ A boolean field indicating if runtime audits need to be turned on (include aud
+ its for access checks, etc.)
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-AzGenerateAudits
+schemaIDGUID:: sLoK+WwYGES7hYhEfIciKg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Generic-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Generic-Data
+attributeID: 1.2.840.113556.1.4.1950
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Generic-Data
+adminDescription: AzMan specific generic data
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzGenericData
+schemaIDGUID:: SeP3tVt6fECjNKMcP1OLmA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Last-Imported-Biz-Rule-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Last-Imported-Biz-Rule-Path
+attributeID: 1.2.840.113556.1.4.1803
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Last-Imported-Biz-Rule-Path
+adminDescription: Last imported business rule path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzLastImportedBizRulePath
+schemaIDGUID:: XMtaZpK7vE2MWbNjjqsJsw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-LDAP-Query,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-LDAP-Query
+attributeID: 1.2.840.113556.1.4.1792
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 4096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-LDAP-Query
+adminDescription: ms-DS-Az-LDAP-Query
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzLDAPQuery
+schemaFlagsEx: 1
+schemaIDGUID:: izZTXpT8yEWdfdrzHucRLQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Major-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Major-Version
+attributeID: 1.2.840.113556.1.4.1824
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Major-Version
+adminDescription: Major version number for AzRoles
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AzMajorVersion
+schemaIDGUID:: t625z7fEWUCVaB7Z22tySA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Minor-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Minor-Version
+attributeID: 1.2.840.113556.1.4.1825
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Minor-Version
+adminDescription: Minor version number for AzRoles
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AzMinorVersion
+schemaIDGUID:: k+2F7gmyiEeBZecC9Rv78w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Object-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Object-Guid
+attributeID: 1.2.840.113556.1.4.1949
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Object-Guid
+adminDescription: The unique and portable identifier of AzMan objects
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDS-AzObjectGuid
+schemaIDGUID:: SOWRhDhsZUOnMq8EFWmwLA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Operation-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Operation-ID
+attributeID: 1.2.840.113556.1.4.1800
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Operation-ID
+adminDescription: 
+ Application specific ID that makes the operation unique to the application
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AzOperationID
+schemaIDGUID:: U7XzpXZdvky6P0MSFSyrGA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Scope-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Scope-Name
+attributeID: 1.2.840.113556.1.4.1799
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Scope-Name
+adminDescription: A string that uniquely identifies a scope object
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzScopeName
+schemaIDGUID:: BmtaURcmc0GAmdVgXfBDxg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Script-Engine-Cache-Max,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Script-Engine-Cache-Max
+attributeID: 1.2.840.113556.1.4.1796
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Script-Engine-Cache-Max
+adminDescription: Maximum number of scripts that are cached by the application
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AzScriptEngineCacheMax
+schemaIDGUID:: avYpJpUf80uilo6de54wyA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Script-Timeout,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Script-Timeout
+attributeID: 1.2.840.113556.1.4.1797
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Script-Timeout
+adminDescription: 
+ Maximum time (in ms) to wait for a script to finish auditing a specific policy
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AzScriptTimeout
+schemaIDGUID:: QfvQh4ss9kG5chH9/VDWsA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Task-Is-Role-Definition,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Task-Is-Role-Definition
+attributeID: 1.2.840.113556.1.4.1818
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Task-Is-Role-Definition
+adminDescription: 
+ A Boolean field which indicates whether AzTask is a classic task or a role def
+ inition
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-AzTaskIsRoleDefinition
+schemaIDGUID:: RIUHe4Js6U+HL/9IrSsuJg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Behavior-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Behavior-Version
+attributeID: 1.2.840.113556.1.4.1459
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Behavior-Version
+adminDescription: ms-DS-Behavior-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-Behavior-Version
+schemaFlagsEx: 1
+schemaIDGUID:: V4ca00ckRUWAgTu2EMrL8g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-BridgeHead-Servers-Used,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-BridgeHead-Servers-Used
+attributeID: 1.2.840.113556.1.4.2049
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+linkID: 2160
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-BridgeHead-Servers-Used
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: List of bridge head servers used by KCC in the previous run.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-BridgeHeadServersUsed
+schemaFlagsEx: 1
+schemaIDGUID:: ZRTtPHF7QSWHgB4epiQ6gg==
+systemFlags: 25
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Byte-Array,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Byte-Array
+attributeID: 1.2.840.113556.1.4.1831
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 1000000
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-Byte-Array
+adminDescription: An attribute for storing binary data.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ByteArray
+schemaIDGUID:: LpfY8Fvd5UClHQRMfBfs5w==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Cached-Membership,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Cached-Membership
+attributeID: 1.2.840.113556.1.4.1441
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Cached-Membership
+adminDescription: ms-DS-Cached-Membership
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-Cached-Membership
+schemaFlagsEx: 1
+schemaIDGUID:: CLDKadTNyUu6uA/zfv4bIA==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Cached-Membership-Time-Stamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Cached-Membership-Time-Stamp
+attributeID: 1.2.840.113556.1.4.1442
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Cached-Membership-Time-Stamp
+adminDescription: ms-DS-Cached-Membership-Time-Stamp
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: msDS-Cached-Membership-Time-Stamp
+schemaFlagsEx: 1
+schemaIDGUID:: H79mNe6+y02Kvu+J/P7GwQ==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Attribute-Source,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Attribute-Source
+attributeID: 1.2.840.113556.1.4.2099
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Attribute-Source
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a claim type object, this attribute points to the attribute that will be u
+ sed as the source for the claim type.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimAttributeSource
+schemaIDGUID:: PhK87ua6ZkGeWymISot2sA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Is-Single-Valued,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Is-Single-Valued
+attributeID: 1.2.840.113556.1.4.2160
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Is-Single-Valued
+adminDescription: 
+ For a claim type object, this attribute identifies if the claim type or resour
+ ce property can only contain single value.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimIsSingleValued
+schemaIDGUID:: uZ94zbSWSEaCGco3gWGvOA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Is-Value-Space-Restricted,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Is-Value-Space-Restricted
+attributeID: 1.2.840.113556.1.4.2159
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Is-Value-Space-Restricted
+adminDescription: 
+ For a claim type, this attribute identifies whether a user can input values ot
+ her than those described in the msDS-ClaimPossibleValues in applications.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimIsValueSpaceRestricted
+schemaIDGUID:: x+QsDMPxgkSFeMYNS7dEIg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Possible-Values,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Possible-Values
+attributeID: 1.2.840.113556.1.4.2097
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1048576
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Possible-Values
+adminDescription: 
+ For a claim type or resource property object, this attribute describes the val
+ ues suggested to a user when the he/she use the claim type or resource propert
+ y in applications.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimPossibleValues
+schemaIDGUID:: 7u0oLnztP0Wv5JO9hvIXTw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Shares-Possible-Values-With,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Shares-Possible-Values-With
+attributeID: 1.2.840.113556.1.4.2101
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2178
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Shares-Possible-Values-With
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a resource property object, this attribute indicates that the suggested va
+ lues of the claims issued are defined on the object that this linked attribute
+  points to. Overrides ms-DS-Claim-Possible-Values on itself, if populated.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimSharesPossibleValuesWith
+schemaIDGUID:: OtHIUgvOV0+JKxj1pDokAA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Shares-Possible-Values-With-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Shares-Possible-Values-With-BL
+attributeID: 1.2.840.113556.1.4.2102
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2179
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Shares-Possible-Values-With-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a claim type object, this attribute indicates that the possible values des
+ cribed in ms-DS-Claim-Possible-Values are being referenced by other claim type
+  objects.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimSharesPossibleValuesWithBL
+schemaIDGUID:: 2yLVVJXs9UibvRiA67shgA==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Source,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Source
+attributeID: 1.2.840.113556.1.4.2157
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Source
+adminDescription: 
+ For a claim type, this attribute indicates the source of the claim type. For e
+ xample, the source can be certificate.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimSource
+schemaIDGUID:: pvIy+ovy0Ee/kWY+j5EKcg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Source-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Source-Type
+attributeID: 1.2.840.113556.1.4.2158
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Source-Type
+adminDescription: 
+ For a security principal claim type, lists the type of store the issued claim 
+ is sourced from
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimSourceType
+schemaIDGUID:: BZzxkvqNIkK70SxPAUh3VA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Type-Applies-To-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Type-Applies-To-Class
+attributeID: 1.2.840.113556.1.4.2100
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2176
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Type-Applies-To-Class
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a claim type object, this linked attribute points to the AD security princ
+ ipal classes that for which claims should be issued. (For example, a link to t
+ he user class).
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimTypeAppliesToClass
+schemaIDGUID:: TA77anbYfEOutsPkFFTCcg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Value-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Value-Type
+attributeID: 1.2.840.113556.1.4.2098
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Value-Type
+adminDescription: 
+ For a claim type object, specifies the value type of the claims issued.
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimValueType
+schemaIDGUID:: uRdixo7k90e31WVSuK/WGQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Cloud-Anchor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Cloud-Anchor
+attributeID: 1.2.840.113556.1.4.2273
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Cloud-Anchor
+adminDescription: 
+ This attribute is used by the DirSync engine to indicate the object SOA and to
+  maintain the relationship between the on-premises and cloud object.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-CloudAnchor
+schemaIDGUID:: gF5WeNQD40+vrIw7yi82Uw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Cloud-IsEnabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Cloud-IsEnabled
+attributeID: 1.2.840.113556.1.4.2275
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Cloud-IsEnabled
+adminDescription: 
+ This attribute is used to indicate whether cloud DRS is enabled.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-CloudIsEnabled
+schemaIDGUID:: KIOEiU58b0+gEyjOOtKC3A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Cloud-IsManaged,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Cloud-IsManaged
+attributeID: 1.2.840.113556.1.4.2271
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Cloud-IsManaged
+adminDescription: 
+ This attribute is used to indicate the device is managed by a cloud MDM.
+oMSyntax: 1
+searchFlags: 1
+lDAPDisplayName: msDS-CloudIsManaged
+schemaIDGUID:: jroVU4+VUku9OBNJowTdYw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Cloud-Issuer-Public-Certificates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Cloud-Issuer-Public-Certificates
+attributeID: 1.2.840.113556.1.4.2274
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Cloud-Issuer-Public-Certificates
+adminDescription: 
+ The public keys used by the cloud DRS to sign certificates issued by the Regis
+ tration Service.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-CloudIssuerPublicCertificates
+schemaIDGUID:: T7XoodZL0k+Y4rzukqVUlw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute1,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute1
+attributeID: 1.2.840.113556.1.4.2214
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute1
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute1
+schemaIDGUID:: r+oJl9pJsk2QigRG5eq4RA==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute10,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute10
+attributeID: 1.2.840.113556.1.4.2223
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute10
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute10
+schemaIDGUID:: s/wKZ70T/EeQswpSftgatw==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute11,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute11
+attributeID: 1.2.840.113556.1.4.2224
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute11
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute11
+schemaIDGUID:: yLuenqV9pkKJJSROEqVuJA==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute12,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute12
+attributeID: 1.2.840.113556.1.4.2225
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute12
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute12
+schemaIDGUID:: PcQBPAvhyk+Sskz2FdWwmg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute13,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute13
+attributeID: 1.2.840.113556.1.4.2226
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute13
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute13
+schemaIDGUID:: S0a+KJCreUumsN9DdDHQNg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute14,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute14
+attributeID: 1.2.840.113556.1.4.2227
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute14
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute14
+schemaIDGUID:: ura8zoBuJ0mFYJj+yghqnw==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute15,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute15
+attributeID: 1.2.840.113556.1.4.2228
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute15
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute15
+schemaIDGUID:: N9XkqvCKqk2cxmLq24T/Aw==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute16,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute16
+attributeID: 1.2.840.113556.1.4.2229
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute16
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute16
+schemaIDGUID:: WyGBlZZRU0ChHm/8r8YsTQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute17,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute17
+attributeID: 1.2.840.113556.1.4.2230
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute17
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute17
+schemaIDGUID:: 2m08PehrKUKWfi/1u5O0zg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute18,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute18
+attributeID: 1.2.840.113556.1.4.2231
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute18
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute18
+schemaIDGUID:: NDvniKYKaUSYQm6wGzKltQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute19,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute19
+attributeID: 1.2.840.113556.1.4.2232
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute19
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute19
+schemaIDGUID:: mf51CQeWikaOGMgA0zhzlQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute2
+attributeID: 1.2.840.113556.1.4.2215
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute2
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute2
+schemaIDGUID:: rOBO88HAqUuCyRqQdS8WpQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute20,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute20
+attributeID: 1.2.840.113556.1.4.2233
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute20
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute20
+schemaIDGUID:: KGNE9W6LjUmVqCEXSNWs3A==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute3
+attributeID: 1.2.840.113556.1.4.2216
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute3
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute3
+schemaIDGUID:: Gsj2gtr6DUqw93BtRoOOtQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute4,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute4
+attributeID: 1.2.840.113556.1.4.2217
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute4
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute4
+schemaIDGUID:: NzS/nG5OW0iykSKwJVQnPw==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute5,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute5
+attributeID: 1.2.840.113556.1.4.2218
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute5
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute5
+schemaIDGUID:: W+gVKUfjUkiquyLlplHIZA==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute6,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute6
+attributeID: 1.2.840.113556.1.4.2219
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute6
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute6
+schemaIDGUID:: eSZFYOEo7Eus43EoMzYUVg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute7,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute7
+attributeID: 1.2.840.113556.1.4.2220
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute7
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute7
+schemaIDGUID:: GRN8Sk7jwkCdAGD/eJDyBw==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute8,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute8
+attributeID: 1.2.840.113556.1.4.2221
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute8
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute8
+schemaIDGUID:: FMXRPEmEykSBwAIXgYANKg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute9,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute9
+attributeID: 1.2.840.113556.1.4.2222
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute9
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute9
+schemaIDGUID:: LOFjCkAwQUSuJs2Vrw0kfg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Computer-Allowed-To-Authenticate-To,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Computer-Allowed-To-Authenticate-To
+attributeID: 1.2.840.113556.1.4.2280
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Computer-Allowed-To-Authenticate-To
+adminDescription: 
+ This attribute is used to determine if a computer has permission to authentica
+ te to a service.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ComputerAllowedToAuthenticateTo
+schemaIDGUID:: 6atbEH4Hk0e5dO8EELYlcw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Computer-AuthN-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Computer-AuthN-Policy
+attributeID: 1.2.840.113556.1.4.2291
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2208
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Computer Authentication Policy
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute specifies which AuthNPolicy should be applied to computers assi
+ gned to this silo object.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ComputerAuthNPolicy
+schemaIDGUID:: yWO4r6O+D0Sp82FTzGaJKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Computer-AuthN-Policy-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Computer-AuthN-Policy-BL
+attributeID: 1.2.840.113556.1.4.2292
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2209
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Computer Authentication Policy Backlink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: This attribute is the backlink for msDS-ComputerAuthNPolicy.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ComputerAuthNPolicyBL
+schemaIDGUID:: MmLvK6EwfkWGBHr22/ExuA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Computer-SID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Computer-SID
+attributeID: 1.2.840.113556.1.4.2321
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-ComputerSID
+adminDescription: This attribute identifies a domain-joined computer.
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDS-ComputerSID
+schemaIDGUID:: INf733IILkCZQPzXjbBJug==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Computer-TGT-Lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Computer-TGT-Lifetime
+attributeID: 1.2.840.113556.1.4.2281
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Computer TGT Lifetime
+adminDescription: 
+ This attribute specifies the maximum age of a Kerberos TGT issued to a compute
+ r in units of 10^(-7) seconds.
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-ComputerTGTLifetime
+schemaIDGUID:: JHWTLrnfrEykNqW32mT9Zg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Consistency-Child-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Consistency-Child-Count
+attributeID: 1.2.840.113556.1.4.1361
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Consistency-Child-Count
+adminDescription: MS-DS-Consistency-Child-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mS-DS-ConsistencyChildCount
+schemaIDGUID:: wnuLFzq20hGQ4QDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Consistency-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Consistency-Guid
+attributeID: 1.2.840.113556.1.4.1360
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Consistency-Guid
+adminDescription: MS-DS-Consistency-Guid
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mS-DS-ConsistencyGuid
+schemaIDGUID:: wj13Izq20hGQ4QDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Creator-SID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Creator-SID
+attributeID: 1.2.840.113556.1.4.1410
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Creator-SID
+adminDescription: MS-DS-Creator-SID
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: mS-DS-CreatorSID
+schemaFlagsEx: 1
+schemaIDGUID:: MgHmxYAU0xGRwQAA+HpX1A==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Custom-Key-Information,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Custom-Key-Information
+attributeID: 1.2.840.113556.1.4.2322
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-CustomKeyInformation
+adminDescription: 
+ This attribute contains additional information about the key.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-CustomKeyInformation
+schemaIDGUID:: iOnltuTlhkyirg2suXCg4Q==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Date-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Date-Time
+attributeID: 1.2.840.113556.1.4.1832
+attributeSyntax: 2.5.5.11
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-Date-Time
+adminDescription: An attribute for storing a data and time value.
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: msDS-DateTime
+schemaIDGUID:: 2MtPI1L7CEmjKP2fbljkAw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Default-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Default-Quota
+attributeID: 1.2.840.113556.1.4.1846
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Default-Quota
+adminDescription: 
+ The default quota that will apply to a security principal creating an object i
+ n the NC if no quota specification exists that covers the security principal.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-DefaultQuota
+schemaFlagsEx: 1
+schemaIDGUID:: JvcYaEtnG0SKOvQFljdM6g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Deleted-Object-Lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Deleted-Object-Lifetime
+attributeID: 1.2.840.113556.1.4.2068
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Deleted-Object-Lifetime
+adminDescription: Lifetime of a deleted object.
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: msDS-DeletedObjectLifetime
+schemaFlagsEx: 1
+schemaIDGUID:: toyzqZoY702KcA/PoVgUjg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-DN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Device-DN
+attributeID: 1.2.840.113556.1.4.2320
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-DeviceDN
+adminDescription: 
+ This attribute identifies the registered device from which this key object was
+  provisioned.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-DeviceDN
+schemaIDGUID:: KREsZJk4IUeOIUg545iM5Q==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Device-ID
+attributeID: 1.2.840.113556.1.4.2252
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-ID
+adminDescription: This attribute stores the ID of the device.
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDS-DeviceID
+schemaIDGUID:: x4EBw0Jj+0GyeffFZsvgpw==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Device-Location
+attributeID: 1.2.840.113556.1.4.2261
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-Location
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: The DN under which the device objects will be created.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-DeviceLocation
+schemaIDGUID:: yFb74+hd9UWxsdK2zTHnYg==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-MDMStatus,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Device-MDMStatus
+attributeID: 1.2.840.113556.1.4.2308
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-MDMStatus
+adminDescription: 
+ This attribute is used to manage the mobile device management status of the de
+ vice.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-DeviceMDMStatus
+schemaIDGUID:: lo8K9sRXLEKjrZ4voJzm9w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-Object-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Device-Object-Version
+attributeID: 1.2.840.113556.1.4.2257
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-Object-Version
+adminDescription: 
+ This attribute is used to identify the schema version of the device.
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: msDS-DeviceObjectVersion
+schemaIDGUID:: Wmll73nxak6T3rAeBmgc+w==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-OS-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Device-OS-Type
+attributeID: 1.2.840.113556.1.4.2249
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-OS-Type
+adminDescription: 
+ This attribute is used to track the type of device based on the OS.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-DeviceOSType
+schemaIDGUID:: TUUOELvzy02EX41e3EccWQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-OS-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Device-OS-Version
+attributeID: 1.2.840.113556.1.4.2250
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-OS-Version
+adminDescription: 
+ This attribute is used to track the OS version of the device.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-DeviceOSVersion
+schemaIDGUID:: Y4z7cKtfBEWrnRSzKain+A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-Physical-IDs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Device-Physical-IDs
+attributeID: 1.2.840.113556.1.4.2251
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-Physical-IDs
+adminDescription: 
+ This attribute is used to store identifiers of the physical device.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-DevicePhysicalIDs
+schemaIDGUID:: FFRhkKCiR0Spk1NAlZm3Tg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-Trust-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Device-Trust-Type
+attributeID: 1.2.840.113556.1.4.2325
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-DeviceTrustType
+adminDescription: Represents join type for devices.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-DeviceTrustType
+schemaIDGUID:: B2ikxNxqu0uX3mvtGBob/g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-DnsRootAlias,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-DnsRootAlias
+attributeID: 1.2.840.113556.1.4.1719
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-DnsRootAlias
+adminDescription: ms-DS-DnsRootAlias
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-DnsRootAlias
+schemaFlagsEx: 1
+schemaIDGUID:: yqxDIa3uKU21kYX6Sc6Rcw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Drs-Farm-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Drs-Farm-ID
+attributeID: 1.2.840.113556.1.4.2265
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Drs-Farm-ID
+adminDescription: 
+ This attribute stores the name of the federation service this DRS object is as
+ sociated with.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-DrsFarmID
+schemaIDGUID:: ZvdVYC4gzUmovuUrsVnt+w==
+systemOnly: TRUE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+isDefunct: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Egress-Claims-Transformation-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Egress-Claims-Transformation-Policy
+attributeID: 1.2.840.113556.1.4.2192
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2192
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Egress-Claims-Transformation-Policy
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This is a link to a Claims Transformation Policy Object for the egress claims 
+ (claims leaving this forest) to the Trusted Domain. This is applicable only fo
+ r an incoming or bidirectional Cross-Forest Trust. When this link is not prese
+ nt, all claims are allowed to egress as-is.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-EgressClaimsTransformationPolicy
+schemaFlagsEx: 1
+schemaIDGUID:: fkI3wXOaQLCRkBsJW7QyiA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Enabled-Feature,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Enabled-Feature
+attributeID: 1.2.840.113556.1.4.2061
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2168
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Enabled-Feature
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Enabled optional features.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-EnabledFeature
+schemaFlagsEx: 1
+schemaIDGUID:: r64GV0C5sk+8/FJoaDrZ/g==
+systemOnly: TRUE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Enabled-Feature-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Enabled-Feature-BL
+attributeID: 1.2.840.113556.1.4.2069
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2169
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Enabled-Feature-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Scopes where this optional feature is enabled.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-EnabledFeatureBL
+schemaFlagsEx: 1
+schemaIDGUID:: vAFbzsYXuESdwalmiwCQGw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Entry-Time-To-Die,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Entry-Time-To-Die
+attributeID: 1.2.840.113556.1.4.1622
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Entry-Time-To-Die
+adminDescription: ms-DS-Entry-Time-To-Die
+oMSyntax: 24
+searchFlags: 9
+lDAPDisplayName: msDS-Entry-Time-To-Die
+schemaFlagsEx: 1
+schemaIDGUID:: 17rp4d3GAUGoQ3lM7IWwOA==
+systemOnly: TRUE
+systemFlags: 24
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-ExecuteScriptPassword,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-ExecuteScriptPassword
+attributeID: 1.2.840.113556.1.4.1783
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-ExecuteScriptPassword
+adminDescription: ms-DS-ExecuteScriptPassword
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ExecuteScriptPassword
+schemaFlagsEx: 1
+schemaIDGUID:: WkoFnYfRwUadhULfxEpW3Q==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Expire-Passwords-On-Smart-Card-Only-Accounts,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Expire-Passwords-On-Smart-Card-Only-Accounts
+attributeID: 1.2.840.113556.1.4.2344
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Expire-Passwords-On-Smart-Card-Only-Accounts
+adminDescription: 
+ This attribute controls whether the passwords on smart-card-only accounts expi
+ re in accordance with the password policy.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-ExpirePasswordsOnSmartCardOnlyAccounts
+schemaIDGUID:: SKsXNCTfsU+AsA/LNn4l4w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-External-Directory-Object-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-External-Directory-Object-Id
+attributeID: 1.2.840.113556.1.4.2310
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 256
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-External-Directory-Object-Id
+adminDescription: ms-DS-External-Directory-Object-Id
+oMSyntax: 64
+searchFlags: 9
+lDAPDisplayName: msDS-ExternalDirectoryObjectId
+schemaIDGUID:: kL8pva1m4UCIexDfBwQZpg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-External-Key,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-External-Key
+attributeID: 1.2.840.113556.1.4.1833
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 10000
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-External-Key
+adminDescription: 
+ A string to identifiy an object in an external store such as a record in a dat
+ abase.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ExternalKey
+schemaIDGUID:: KNUvuaw41ECBjQQzOAg3wQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-External-Store,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-External-Store
+attributeID: 1.2.840.113556.1.4.1834
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 10000
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-External-Store
+adminDescription: 
+ A string to identifiy the location of an external store such as a database.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ExternalStore
+schemaIDGUID:: zXdIYNucx0ewPT2q2wRJEA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Failed-Interactive-Logon-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Failed-Interactive-Logon-Count
+attributeID: 1.2.840.113556.1.4.1972
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-FailedInteractiveLogonCount
+adminDescription: 
+ The total number of failed interactive logons since this feature was turned on
+ .
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-FailedInteractiveLogonCount
+schemaFlagsEx: 1
+schemaIDGUID:: b6g83K1wYEmEJaTWMT2T3Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon
+attributeID: 1.2.840.113556.1.4.1973
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: 
+ ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon
+adminDescription: 
+ The total number of failed interactive logons up until the last successful C-A
+ -D logon.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon
+schemaFlagsEx: 1
+schemaIDGUID:: 5TTSxUpkA0SmZeJuCu9emA==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Filter-Containers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Filter-Containers
+attributeID: 1.2.840.113556.1.4.1703
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Filter-Containers
+adminDescription: ms-DS-Filter-Containers
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-FilterContainers
+schemaIDGUID:: 39wA+zesOkicEqxTpmAwMw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Generation-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Generation-Id
+attributeID: 1.2.840.113556.1.4.2166
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Generation-Id
+adminDescription: 
+ For virtual machine snapshot resuming detection. This attribute represents the
+  VM Generation ID.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-GenerationId
+schemaIDGUID:: PTldHreMT0uECpc7NswJww==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-GeoCoordinates-Altitude,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-GeoCoordinates-Altitude
+attributeID: 1.2.840.113556.1.4.2183
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-GeoCoordinates-Altitude
+adminDescription: ms-DS-GeoCoordinates-Altitude
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: msDS-GeoCoordinatesAltitude
+schemaIDGUID:: twMXoUFWnE2GPl+zMl504A==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-GeoCoordinates-Latitude,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-GeoCoordinates-Latitude
+attributeID: 1.2.840.113556.1.4.2184
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-GeoCoordinates-Latitude
+adminDescription: ms-DS-GeoCoordinates-Latitude
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: msDS-GeoCoordinatesLatitude
+schemaIDGUID:: TtRm3EM99UCFxTwS4WmSfg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-GeoCoordinates-Longitude,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-GeoCoordinates-Longitude
+attributeID: 1.2.840.113556.1.4.2185
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-GeoCoordinates-Longitude
+adminDescription: ms-DS-GeoCoordinates-Longitude
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: msDS-GeoCoordinatesLongitude
+schemaIDGUID:: ECHElOS66kyFd6+BOvXaJQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-GroupMSAMembership,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-GroupMSAMembership
+attributeID: 1.2.840.113556.1.4.2200
+attributeSyntax: 2.5.5.15
+isSingleValued: TRUE
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-GroupMSAMembership
+adminDescription: 
+ This attribute is used for access checks to determine if a requestor has permi
+ ssion to retrieve the password for a group MSA.
+oMSyntax: 66
+searchFlags: 0
+lDAPDisplayName: msDS-GroupMSAMembership
+schemaFlagsEx: 1
+schemaIDGUID:: 1u2OiATOQN+0YrilDkG6OA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-HAB-Seniority-Index,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-HAB-Seniority-Index
+attributeID: 1.2.840.113556.1.4.1997
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 36000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-HAB-Seniority-Index
+adminDescription: 
+ Contains the seniority index as applied by the organization where the person w
+ orks.
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: msDS-HABSeniorityIndex
+schemaIDGUID:: 8Un03jv9RUCYz9lljaeItQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Has-Domain-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Has-Domain-NCs
+attributeID: 1.2.840.113556.1.4.1820
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+rangeLower: 4
+rangeUpper: 4
+linkID: 2026
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Has-Domain-NCs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ DS replication information detailing the domain NCs present on a particular se
+ rver.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-HasDomainNCs
+schemaFlagsEx: 1
+schemaIDGUID:: R+MXb0KomES4sxXgB9pP7Q==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Has-Full-Replica-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Has-Full-Replica-NCs
+attributeID: 1.2.840.113556.1.4.1925
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2104
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Has-Full-Replica-NCs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a Directory instance (DSA), identifies the partitions held as full replica
+ s
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-hasFullReplicaNCs
+schemaFlagsEx: 1
+schemaIDGUID:: GC08HdBCaEiZ/g7KHm+p8w==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Has-Instantiated-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Has-Instantiated-NCs
+attributeID: 1.2.840.113556.1.4.1709
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+rangeLower: 4
+rangeUpper: 4
+linkID: 2002
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Has-Instantiated-NCs
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: 
+ DS replication information detailing the state of the NCs present on a particu
+ lar server.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-HasInstantiatedNCs
+schemaFlagsEx: 1
+schemaIDGUID:: vKXpERdFSUCvnFFVT7D8CQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Has-Master-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Has-Master-NCs
+attributeID: 1.2.840.113556.1.4.1836
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2036
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Has-Master-NCs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ A list of the naming contexts contained by a DC. Deprecates hasMasterNCs.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-hasMasterNCs
+schemaFlagsEx: 1
+schemaIDGUID:: 4uAtrtdZR02NR+1N/kNXrQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Host-Service-Account,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Host-Service-Account
+attributeID: 1.2.840.113556.1.4.2056
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2166
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Host-Service-Account
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Service Accounts configured to run on this computer.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-HostServiceAccount
+schemaFlagsEx: 1
+schemaIDGUID:: QxBkgKIV4UCSooyoZvcHdg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Host-Service-Account-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Host-Service-Account-BL
+attributeID: 1.2.840.113556.1.4.2057
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2167
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Host-Service-Account-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Service Accounts Back Link for linking machines associated with the service ac
+ count.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-HostServiceAccountBL
+schemaFlagsEx: 1
+schemaIDGUID:: 6+SrefOI50iJ1vS8fpjDMQ==
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Ingress-Claims-Transformation-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Ingress-Claims-Transformation-Policy
+attributeID: 1.2.840.113556.1.4.2191
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2190
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Ingress-Claims-Transformation-Policy
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This is a link to a Claims Transformation Policy Object for the ingress claims
+  (claims entering this forest) from the Trusted Domain. This is applicable onl
+ y for an outgoing or bidirectional Cross-Forest Trust. If this link is absent,
+  all the ingress claims are dropped.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-IngressClaimsTransformationPolicy
+schemaFlagsEx: 1
+schemaIDGUID:: CEwohm4MQBWLFXUUfSPSDQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Integer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Integer
+attributeID: 1.2.840.113556.1.4.1835
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-Integer
+adminDescription: An attribute for storing an integer.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-Integer
+schemaIDGUID:: 6kzGe07AGEOxAj4HKTcaZQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-IntId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-IntId
+attributeID: 1.2.840.113556.1.4.1716
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-IntId
+adminDescription: ms-DS-IntId
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDS-IntId
+schemaFlagsEx: 1
+schemaIDGUID:: aglgvEcbMEuId2Ask/VlMg==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Compliant,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Compliant
+attributeID: 1.2.840.113556.1.4.2314
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-IsCompliant
+adminDescription: 
+ This attribute is used to determine if the object is compliant with company po
+ licies.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-IsCompliant
+schemaIDGUID:: D31SWcC34kyh3XHO9pYykg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Domain-For,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Domain-For
+attributeID: 1.2.840.113556.1.4.1933
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2027
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-Domain-For
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-DS-Has-Domain-NCs; for a partition root object, identifies whi
+ ch Directory instances (DSA) hold that partition as their primary domain
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-IsDomainFor
+schemaIDGUID:: KloV/+VE4E2DGBOliYjeTw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Enabled
+attributeID: 1.2.840.113556.1.4.2248
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-Enabled
+adminDescription: 
+ This attribute is used to enable or disable the user-device relationship.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-IsEnabled
+schemaIDGUID:: DlypIoMfgkyUzr6miM/IcQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Full-Replica-For,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Full-Replica-For
+attributeID: 1.2.840.113556.1.4.1932
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2105
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-Full-Replica-For
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-Ds-Has-Full-Replica-NCs; for a partition root object, identifi
+ es which Directory instances (DSA) hold that partition as a full replica
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-IsFullReplicaFor
+schemaIDGUID:: 4HK8yLSm8EiUpf12qIyZhw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Member-Of-DL-Transitive,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Member-Of-DL-Transitive
+attributeID: 1.2.840.113556.1.4.2236
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msds-memberOfTransitive
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: msds-memberOfTransitive
+oMSyntax: 127
+searchFlags: 2048
+lDAPDisplayName: msds-memberOfTransitive
+schemaIDGUID:: tmYhhkHJJ0eVZUi//ylB3g==
+systemOnly: TRUE
+systemFlags: 29
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Partial-Replica-For,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Partial-Replica-For
+attributeID: 1.2.840.113556.1.4.1934
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 75
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-Partial-Replica-For
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for has-Partial-Replica-NCs; for a partition root object, identifies 
+ which Directory instances (DSA) hold that partition as a partial replica
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-IsPartialReplicaFor
+schemaIDGUID:: 9k/JN9TGj0my+cb3+GR4CQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Possible-Values-Present,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Possible-Values-Present
+attributeID: 1.2.840.113556.1.4.2186
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-Possible-Values-Present
+adminDescription: 
+ This attribute identifies if ms-DS-Claim-Possible-Values on linked resource pr
+ operty must have value or must not have value.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-IsPossibleValuesPresent
+schemaFlagsEx: 1
+schemaIDGUID:: 2tyrb1OMTyCxpJ3wxnwetA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Primary-Computer-For,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Primary-Computer-For
+attributeID: 1.2.840.113556.1.4.2168
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2187
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-Primary-Computer-For
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Backlink atribute for msDS-IsPrimaryComputer.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-IsPrimaryComputerFor
+schemaIDGUID:: rAaMmYc/TkSl3xGwPcilDA==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Used-As-Resource-Security-Attribute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Used-As-Resource-Security-Attribute
+attributeID: 1.2.840.113556.1.4.2095
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-Used-As-Resource-Security-Attribute
+adminDescription: 
+ For a resource property, this attribute indicates whether it is being used as 
+ a secure attribute.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-IsUsedAsResourceSecurityAttribute
+schemaIDGUID:: nfjJUTBHjUaitR1JMhLRfg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-User-Cachable-At-Rodc,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-User-Cachable-At-Rodc
+attributeID: 1.2.840.113556.1.4.2025
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-User-Cachable-At-Rodc
+adminDescription: 
+ For a Read-Only Directory instance (DSA), Identifies whether the specified use
+ r's secrets are cachable.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-IsUserCachableAtRodc
+schemaFlagsEx: 1
+schemaIDGUID:: WiQB/h80VkWVH0jAM6iQUA==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-isGC,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-isGC
+attributeID: 1.2.840.113556.1.4.1959
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-isGC
+adminDescription: 
+ For a Directory instance (DSA), Identifies the state of the Global Catalog on 
+ the DSA
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-isGC
+schemaFlagsEx: 1
+schemaIDGUID:: M8/1HeUPnkmQ4elLQnGKRg==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-IsManaged,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-IsManaged
+attributeID: 1.2.840.113556.1.4.2270
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-IsManaged
+adminDescription: 
+ This attribute is used to indicate the device is managed by a on-premises MDM.
+oMSyntax: 1
+searchFlags: 1
+lDAPDisplayName: msDS-IsManaged
+schemaIDGUID:: zmpoYCds3kOk5fAML40zCQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-isRODC,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-isRODC
+attributeID: 1.2.840.113556.1.4.1960
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-isRODC
+adminDescription: 
+ For a Directory instance (DSA), Identifies whether the DSA is a Read-Only DSA
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-isRODC
+schemaFlagsEx: 1
+schemaIDGUID:: I6roqGc+8Uqdei8aHWM6yQ==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Issuer-Certificates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Issuer-Certificates
+attributeID: 1.2.840.113556.1.4.2240
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-IssuerCertificates
+adminDescription: 
+ The keys used to sign certificates issued by the Registration Service.
+oMSyntax: 4
+searchFlags: 128
+lDAPDisplayName: msDS-IssuerCertificates
+schemaIDGUID:: 2m89a5MIxEOJ+x+1KmYWqQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Issuer-Public-Certificates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Issuer-Public-Certificates
+attributeID: 1.2.840.113556.1.4.2269
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Issuer-Public-Certificates
+adminDescription: 
+ The public keys  of the keys used to sign certificates issued by the Registrat
+ ion Service.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-IssuerPublicCertificates
+schemaIDGUID:: /u3xtdK0dkCrD2FINCsL9g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Key-Approximate-Last-Logon-Time-Stamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Key-Approximate-Last-Logon-Time-Stamp
+attributeID: 1.2.840.113556.1.4.2323
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-KeyApproximateLastLogonTimeStamp
+adminDescription: 
+ The approximate time this key was last used in a logon operation.
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: msDS-KeyApproximateLastLogonTimeStamp
+schemaIDGUID:: jcmaZJqbQU2va/YW8qYuSg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Key-Credential-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Key-Credential-Link
+attributeID: 1.2.840.113556.1.4.2328
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+linkID: 2220
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Key-Credential-Link
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: Contains key material and usage.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-KeyCredentialLink
+schemaIDGUID:: D9ZHW5BgskCfNypN6I8wYw==
+attributeSecurityGUID:: pm0CmzwNXEaL7lGZ1xZcug==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Key-Credential-Link-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Key-Credential-Link-BL
+attributeID: 1.2.840.113556.1.4.2329
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2221
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Key-Credential-Link-BL
+oMObjectClass:: KwwCh3McAIVK
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-KeyCredentialLink-BL
+schemaIDGUID:: iNeKk18i7k6Tua0koVnh2w==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Key-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Key-Id
+attributeID: 1.2.840.113556.1.4.2315
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-KeyId
+adminDescription: This attribute contains a key identifier.
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDS-KeyId
+schemaIDGUID:: S/iUwq0vcUu+TJ/FcB9gug==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Key-Material,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Key-Material
+attributeID: 1.2.840.113556.1.4.2316
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-KeyMaterial
+adminDescription: This attribute contains key material.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-KeyMaterial
+schemaIDGUID:: nw4uodveMU+PIRMRuVgYLw==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Key-Principal,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Key-Principal
+attributeID: 1.2.840.113556.1.4.2318
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2218
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-KeyPrincipal
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute specifies the principal that a key object applies to.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-KeyPrincipal
+schemaIDGUID:: OyVhvQGUOUGmkzVvxADz6g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Key-Principal-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Key-Principal-BL
+attributeID: 1.2.840.113556.1.4.2319
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2219
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-KeyPrincipalBL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: This attribute is the backlink for msDS-KeyPrincipal.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-KeyPrincipalBL
+schemaIDGUID:: vI8y0XSFUEGIHQsQiIJ4eA==
+systemOnly: TRUE
+systemFlags: 17
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Key-Usage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Key-Usage
+attributeID: 1.2.840.113556.1.4.2317
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-KeyUsage
+adminDescription: This attribute identifies the usage scenario for the key.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-KeyUsage
+schemaIDGUID:: TLRx3ropl0WeysM0is4ZFw==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-KeyVersionNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-KeyVersionNumber
+attributeID: 1.2.840.113556.1.4.1782
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-KeyVersionNumber
+adminDescription: 
+ The Kerberos version number of the current key for this account. This is a con
+ structed attribute.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-KeyVersionNumber
+schemaFlagsEx: 1
+schemaIDGUID:: wOkjxbUzyEqJI7V7kn9C9g==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-KrbTgt-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-KrbTgt-Link
+attributeID: 1.2.840.113556.1.4.1923
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2100
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-KrbTgt-Link
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a computer, Identifies the user object (krbtgt), acting as the domain or s
+ econdary domain master secret. Depends on which domain or secondary domain the
+  computer resides in.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-KrbTgtLink
+schemaFlagsEx: 1
+schemaIDGUID:: yfWPd05vdEuFataDgzE5EA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-KrbTgt-Link-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-KrbTgt-Link-BL
+attributeID: 1.2.840.113556.1.4.1931
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2101
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-KrbTgt-Link-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-DS-KrbTgt-Link; for a user object (krbtgt) acting as a domain 
+ or secondary domain master secret, identifies which computers are in that doma
+ in or secondary domain
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-KrbTgtLinkBl
+schemaFlagsEx: 1
+schemaIDGUID:: QYzWXd+/i0ObXTnZYYvyYA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Last-Failed-Interactive-Logon-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Last-Failed-Interactive-Logon-Time
+attributeID: 1.2.840.113556.1.4.1971
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-LastFailedInteractiveLogonTime
+adminDescription: 
+ The time that an incorrect password was presented during a C-A-D logon.
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-LastFailedInteractiveLogonTime
+schemaFlagsEx: 1
+schemaIDGUID:: +trnx8MQi0uazVTxEGN0Lg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Last-Known-RDN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Last-Known-RDN
+attributeID: 1.2.840.113556.1.4.2067
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Last-Known-RDN
+adminDescription: Holds original RDN of a deleted object.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-LastKnownRDN
+schemaFlagsEx: 1
+schemaIDGUID:: WFixij5obUaHf9ZA4fmmEQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Last-Successful-Interactive-Logon-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Last-Successful-Interactive-Logon-Time
+attributeID: 1.2.840.113556.1.4.1970
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-LastSuccessfulInteractiveLogonTime
+adminDescription: 
+ The time that the correct password was presented during a C-A-D logon.
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-LastSuccessfulInteractiveLogonTime
+schemaFlagsEx: 1
+schemaIDGUID:: 5ikZAV2LWEK2SgCwtJSXRw==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Local-Effective-Deletion-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Local-Effective-Deletion-Time
+attributeID: 1.2.840.113556.1.4.2059
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Local-Effective-Deletion-Time
+adminDescription: Deletion time of the object in the local DIT.
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: msDS-LocalEffectiveDeletionTime
+schemaFlagsEx: 1
+schemaIDGUID:: DIDylB9T60qXXUisOf2MpA==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Local-Effective-Recycle-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Local-Effective-Recycle-Time
+attributeID: 1.2.840.113556.1.4.2060
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Local-Effective-Recycle-Time
+adminDescription: Recycle time of the object in the local DIT.
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: msDS-LocalEffectiveRecycleTime
+schemaFlagsEx: 1
+schemaIDGUID:: awHWStKwm0yTtllksXuWjA==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Lockout-Duration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Lockout-Duration
+attributeID: 1.2.840.113556.1.4.2018
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeUpper: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lockout Duration
+adminDescription: Lockout duration for locked out user accounts
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-LockoutDuration
+schemaFlagsEx: 1
+schemaIDGUID:: mogfQi5H5E+OueHQvGBxsg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Lockout-Observation-Window,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Lockout-Observation-Window
+attributeID: 1.2.840.113556.1.4.2017
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeUpper: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lockout Observation Window
+adminDescription: Observation Window for lockout of user accounts
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-LockoutObservationWindow
+schemaFlagsEx: 1
+schemaIDGUID:: idpbsK92ika4khvlVVjsyA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Lockout-Threshold,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Lockout-Threshold
+attributeID: 1.2.840.113556.1.4.2019
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lockout Threshold
+adminDescription: Lockout threshold for lockout of user accounts
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-LockoutThreshold
+schemaFlagsEx: 1
+schemaIDGUID:: XsPIuBlKlUqZ0Gn+REYobw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Logon-Time-Sync-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Logon-Time-Sync-Interval
+attributeID: 1.2.840.113556.1.4.1784
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Logon-Time-Sync-Interval
+adminDescription: ms-DS-Logon-Time-Sync-Interval
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-LogonTimeSyncInterval
+schemaFlagsEx: 1
+schemaIDGUID:: +EB5rTrkQkqDvNaI5Z6mBQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Machine-Account-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Machine-Account-Quota
+attributeID: 1.2.840.113556.1.4.1411
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Machine-Account-Quota
+adminDescription: MS-DS-Machine-Account-Quota
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: ms-DS-MachineAccountQuota
+schemaFlagsEx: 1
+schemaIDGUID:: aPtk0IAU0xGRwQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-ManagedPassword,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-ManagedPassword
+attributeID: 1.2.840.113556.1.4.2196
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-ManagedPassword
+adminDescription: This attribute is the managed password data for a group MSA.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ManagedPassword
+schemaFlagsEx: 1
+schemaIDGUID:: hu1i4yi3QgiyfS3qep3yGA==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-ManagedPasswordId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-ManagedPasswordId
+attributeID: 1.2.840.113556.1.4.2197
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-ManagedPasswordId
+adminDescription: 
+ This attribute is the identifier for the current managed password data for a g
+ roup MSA.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ManagedPasswordId
+schemaFlagsEx: 1
+schemaIDGUID:: Wil4DtPGQAq0kdYiUf+gpg==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-ManagedPasswordInterval,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-ManagedPasswordInterval
+attributeID: 1.2.840.113556.1.4.2199
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-ManagedPasswordInterval
+adminDescription: 
+ This attribute is used to retrieve the number of days before a managed passwor
+ d is automatically changed for a group MSA.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-ManagedPasswordInterval
+schemaFlagsEx: 1
+schemaIDGUID:: 9451+HasQ4ii7qJrTcr0CQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-ManagedPasswordPreviousId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-ManagedPasswordPreviousId
+attributeID: 1.2.840.113556.1.4.2198
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-ManagedPasswordPreviousId
+adminDescription: 
+ This attribute is the identifier for the previous managed password data for a 
+ group MSA.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ManagedPasswordPreviousId
+schemaFlagsEx: 1
+schemaIDGUID:: MSHW0EotT9CZ2RxjZGIppA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Mastered-By,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Mastered-By
+attributeID: 1.2.840.113556.1.4.1837
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2037
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Mastered-By
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Back link for msDS-hasMasterNCs.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDs-masteredBy
+schemaFlagsEx: 1
+schemaIDGUID:: aUcjYBlIFUahsknS8RmstQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Max-Values,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Max-Values
+attributeID: 1.2.840.113556.1.4.1842
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Max-Values
+adminDescription: Max values allowed.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDs-MaxValues
+schemaIDGUID:: pGnh0enrv0mPy4rvOHRZLQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Maximum-Password-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Maximum-Password-Age
+attributeID: 1.2.840.113556.1.4.2011
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeUpper: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Maximum Password Age
+adminDescription: Maximum Password Age for user accounts
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-MaximumPasswordAge
+schemaFlagsEx: 1
+schemaIDGUID:: 9TfT/ZlJzk+yUo/5ybQ4dQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Maximum-Registration-Inactivity-Period,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Maximum-Registration-Inactivity-Period
+attributeID: 1.2.840.113556.1.4.2242
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Maximum-Registration-Inactivity-Period
+adminDescription: 
+ The maximum ammount of days used to detect inactivty of registration objects.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-MaximumRegistrationInactivityPeriod
+schemaIDGUID:: OapcCuYFykm4CAJbk2YQ5w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Member-Transitive,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Member-Transitive
+attributeID: 1.2.840.113556.1.4.2238
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msds-memberTransitive
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: msds-memberTransitive
+oMSyntax: 127
+searchFlags: 2048
+lDAPDisplayName: msds-memberTransitive
+schemaIDGUID:: WzkV4gSR2US4lDmeyeId/A==
+systemOnly: TRUE
+systemFlags: 29
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Members-For-Az-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Members-For-Az-Role
+attributeID: 1.2.840.113556.1.4.1806
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2016
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Members-For-Az-Role
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: List of member application groups or users linked to Az-Role
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-MembersForAzRole
+schemaFlagsEx: 1
+schemaIDGUID:: zeb3y6SFFEOJOYv+gFl4NQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Members-For-Az-Role-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Members-For-Az-Role-BL
+attributeID: 1.2.840.113556.1.4.1807
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2017
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Members-For-Az-Role-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Back-link from member application group or user to Az-Role object(s) linking t
+ o it
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-MembersForAzRoleBL
+schemaIDGUID:: IM3s7OCniEaczwLs5eKH9Q==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Members-Of-Resource-Property-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Members-Of-Resource-Property-List
+attributeID: 1.2.840.113556.1.4.2103
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2180
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Members-Of-Resource-Property-List
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a resource property list object, this multi-valued link attribute points t
+ o one or more resource property objects.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-MembersOfResourcePropertyList
+schemaIDGUID:: ERw3Ta1MQUyK0rGAqyvRPA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Members-Of-Resource-Property-List-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Members-Of-Resource-Property-List-BL
+attributeID: 1.2.840.113556.1.4.2104
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2181
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Members-Of-Resource-Property-List-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-DS-Members-Of-Resource-Property-List. For a resource property 
+ object, this attribute references the resource property list object that it is
+  a member of.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-MembersOfResourcePropertyListBL
+schemaIDGUID:: BLdpdLDtaEWlpVn0hix1pw==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Minimum-Password-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Minimum-Password-Age
+attributeID: 1.2.840.113556.1.4.2012
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeUpper: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Minimum Password Age
+adminDescription: Minimum Password Age for user accounts
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-MinimumPasswordAge
+schemaFlagsEx: 1
+schemaIDGUID:: ePh0KpxN+UmXs2dn0cvZow==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Minimum-Password-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Minimum-Password-Length
+attributeID: 1.2.840.113556.1.4.2013
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Minimum Password Length
+adminDescription: Minimum Password Length for user accounts
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-MinimumPasswordLength
+schemaFlagsEx: 1
+schemaIDGUID:: OTQbsjpMHES7XwjyDpsxXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-Repl-Cursors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-Repl-Cursors
+description: 
+ A list of past and present replication partners, and how up to date we are wit
+ h each of them.
+attributeID: 1.2.840.113556.1.4.1704
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-Repl-Cursors
+adminDescription: ms-DS-NC-Repl-Cursors
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-NCReplCursors
+schemaFlagsEx: 1
+schemaIDGUID:: 5HwWiuj560eNePf+gKuyzA==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-Repl-Inbound-Neighbors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-Repl-Inbound-Neighbors
+description: 
+ Replication partners for this partition.  This server obtains replication data
+  from these other servers, which act as sources.
+attributeID: 1.2.840.113556.1.4.1705
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-Repl-Inbound-Neighbors
+adminDescription: ms-DS-NC-Repl-Inbound-Neighbors
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-NCReplInboundNeighbors
+schemaFlagsEx: 1
+schemaIDGUID:: Wqjbnp4+G0ObGqW26e2nlg==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-Repl-Outbound-Neighbors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-Repl-Outbound-Neighbors
+description: 
+ Replication partners for this partition.  This server sends replication data t
+ o these other servers, which act as destinations. This server will notify thes
+ e other servers when new data is available.
+attributeID: 1.2.840.113556.1.4.1706
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-Repl-Outbound-Neighbors
+adminDescription: ms-DS-NC-Repl-Outbound-Neighbors
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-NCReplOutboundNeighbors
+schemaFlagsEx: 1
+schemaIDGUID:: 9S5fhcWhxEy6bTJSKEi2Hw==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-Replica-Locations,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-Replica-Locations
+attributeID: 1.2.840.113556.1.4.1661
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 1044
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-Replica-Locations
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This is a list of servers that are the replica set for the corresponding Non-D
+ omain Naming Context.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NC-Replica-Locations
+schemaFlagsEx: 1
+schemaIDGUID:: FZbelze1vEasDxByDzkJ8w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-RO-Replica-Locations,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-RO-Replica-Locations
+attributeID: 1.2.840.113556.1.4.1967
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2114
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-RO-Replica-Locations
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ a linked attribute on a cross ref object for a partition. This attribute lists
+  the DSA instances which should host the partition in a readonly manner.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NC-RO-Replica-Locations
+schemaFlagsEx: 1
+schemaIDGUID:: 35P3PViYF0SnAXNaHs6/dA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-RO-Replica-Locations-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-RO-Replica-Locations-BL
+attributeID: 1.2.840.113556.1.4.1968
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2115
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-RO-Replica-Locations-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: backlink attribute for ms-DS-NC-RO-Replica-Locations.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NC-RO-Replica-Locations-BL
+schemaIDGUID:: HFFH9SpbzESDWJkqiCWBZA==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-Type
+attributeID: 1.2.840.113556.1.4.2024
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-Type
+adminDescription: 
+ A bit field that maintains information about aspects of a NC replica that are 
+ relevant to replication.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-NcType
+schemaFlagsEx: 1
+schemaIDGUID:: 16wuWivMz0idmrbxoAJN6Q==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Never-Reveal-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Never-Reveal-Group
+attributeID: 1.2.840.113556.1.4.1926
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2106
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Never-Reveal-Group
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a Directory instance (DSA), identifies the security group whose users will
+  never have their secrets disclosed to that instance
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NeverRevealGroup
+schemaFlagsEx: 1
+schemaIDGUID:: mVlYFUn9Zk2yXe65arqBdA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Non-Members,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Non-Members
+attributeID: 1.2.840.113556.1.4.1793
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2014
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Non-Members
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: ms-DS-Non-Members
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NonMembers
+schemaFlagsEx: 1
+schemaIDGUID:: 3rH8yjzytUat9x5klXvV2w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Non-Members-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Non-Members-BL
+attributeID: 1.2.840.113556.1.4.1794
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2015
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Non-Members-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MS-DS-Non-Members-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NonMembersBL
+schemaIDGUID:: /GiMKno6h06HIP53xRy+dA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Non-Security-Group-Extra-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Non-Security-Group-Extra-Classes
+attributeID: 1.2.840.113556.1.4.1689
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Non-Security-Group-Extra-Classes
+adminDescription: ms-DS-Non-Security-Group-Extra-Classes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-Non-Security-Group-Extra-Classes
+schemaIDGUID:: /EThLVIfb0i99Bb8wwhOVA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Object-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Object-Reference
+attributeID: 1.2.840.113556.1.4.1840
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2038
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-Object-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ A link to the object that uses the data stored in the object that contains thi
+ s attribute.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ObjectReference
+schemaIDGUID:: 6MKOY+cinECF0hGyG+5y3g==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Object-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Object-Reference-BL
+attributeID: 1.2.840.113556.1.4.1841
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2039
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-Object-Reference-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Back link for ms-DS-Object-Reference.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ObjectReferenceBL
+schemaIDGUID:: FSVwK/fBO0uxSMDkxs7stA==
+systemOnly: TRUE
+systemFlags: 1
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Object-SOA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Object-SOA
+attributeID: 1.2.840.113556.1.4.2353
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Object-SOA
+adminDescription: 
+ This attribute is used to identify the source of authority of the object.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ObjectSoa
+schemaIDGUID:: 9b32NHkuO0yOFD2Tt1qriQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-OIDToGroup-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-OIDToGroup-Link
+attributeID: 1.2.840.113556.1.4.2051
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2164
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-OIDToGroup-Link
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For an OID, identifies the group object corresponding to the issuance policy r
+ epresented by this OID.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-OIDToGroupLink
+schemaFlagsEx: 1
+schemaIDGUID:: fKXJ+UE5jUO+vw7a8qyhhw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-OIDToGroup-Link-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-OIDToGroup-Link-BL
+attributeID: 1.2.840.113556.1.4.2052
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2165
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-OIDToGroup-Link-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-DS-OIDToGroup-Link; identifies the issuance policy, represente
+ d by an OID object, which is mapped to this group.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-OIDToGroupLinkBl
+schemaFlagsEx: 1
+schemaIDGUID:: IA09GkRYmUGtJQ9QOadq2g==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Operations-For-Az-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Operations-For-Az-Role
+attributeID: 1.2.840.113556.1.4.1812
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2022
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Operations-For-Az-Role
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: List of operations linked to Az-Role
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-OperationsForAzRole
+schemaIDGUID:: vgH3k0z6tkO8L02+pxj/qw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Operations-For-Az-Role-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Operations-For-Az-Role-BL
+attributeID: 1.2.840.113556.1.4.1813
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2023
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Operations-For-Az-Role-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Back-link from Az-Operation to Az-Role object(s) linking to it
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-OperationsForAzRoleBL
+schemaIDGUID:: KGJb+DQ3JUW2tz87siCQLA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Operations-For-Az-Task,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Operations-For-Az-Task
+attributeID: 1.2.840.113556.1.4.1808
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2018
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Operations-For-Az-Task
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: List of operations linked to Az-Task
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-OperationsForAzTask
+schemaIDGUID:: NrSsGp0uqUSSmM5N6+tuvw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Operations-For-Az-Task-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Operations-For-Az-Task-BL
+attributeID: 1.2.840.113556.1.4.1809
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2019
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Operations-For-Az-Task-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Back-link from Az-Operation to Az-Task object(s) linking to it
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-OperationsForAzTaskBL
+schemaIDGUID:: EdI3pjlX0U6JsoiXRUi8WQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Optional-Feature-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Optional-Feature-Flags
+attributeID: 1.2.840.113556.1.4.2063
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Optional-Feature-Flags
+adminDescription: 
+ An integer value that contains flags that define behavior of an optional featu
+ re in Active Directory.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-OptionalFeatureFlags
+schemaFlagsEx: 1
+schemaIDGUID:: wWAFirmXEUidt9wGFZiWWw==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Optional-Feature-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Optional-Feature-GUID
+attributeID: 1.2.840.113556.1.4.2062
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Optional-Feature-GUID
+adminDescription: GUID of an optional feature.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-OptionalFeatureGUID
+schemaFlagsEx: 1
+schemaIDGUID:: qL2Im4LdmEmpHV8tK68ZJw==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Other-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Other-Settings
+attributeID: 1.2.840.113556.1.4.1621
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Other-Settings
+adminDescription: ms-DS-Other-Settings
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-Other-Settings
+schemaFlagsEx: 1
+schemaIDGUID:: TPPSeX2du0KDj4ZrPkQA4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Parent-Dist-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Parent-Dist-Name
+attributeID: 1.2.840.113556.1.4.2203
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Parent-Dist-Name
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: ms-DS-Parent-Dist-Name
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-parentdistname
+schemaIDGUID:: ff4YuRqXBPSeIZJhq+yXCw==
+systemOnly: TRUE
+systemFlags: 29
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Password-Complexity-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Password-Complexity-Enabled
+attributeID: 1.2.840.113556.1.4.2015
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Password Complexity Status
+adminDescription: Password complexity status for user accounts
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-PasswordComplexityEnabled
+schemaFlagsEx: 1
+schemaIDGUID:: SwVo28PJ8EuxWw+1JVKmEA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Password-History-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Password-History-Length
+attributeID: 1.2.840.113556.1.4.2014
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Password History Length
+adminDescription: Password History Length for user accounts
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-PasswordHistoryLength
+schemaFlagsEx: 1
+schemaIDGUID:: txvY/ox2L0yWQSJF3jR5TQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Password-Reversible-Encryption-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Password-Reversible-Encryption-Enabled
+attributeID: 1.2.840.113556.1.4.2016
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Password Reversible Encryption Status
+adminDescription: Password reversible encryption status for user accounts
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-PasswordReversibleEncryptionEnabled
+schemaFlagsEx: 1
+schemaIDGUID:: j93MdWyvh0S7S2nk04qVnA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Password-Settings-Precedence,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Password-Settings-Precedence
+attributeID: 1.2.840.113556.1.4.2023
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Password Settings Precedence
+adminDescription: Password Settings Precedence
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-PasswordSettingsPrecedence
+schemaFlagsEx: 1
+schemaIDGUID:: rHRjRQofF0aTz7xVp8nTQQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Per-User-Trust-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Per-User-Trust-Quota
+attributeID: 1.2.840.113556.1.4.1788
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Per-User-Trust-Quota
+adminDescription: 
+ Used to enforce a per-user quota for creating Trusted-Domain objects authorize
+ d by the control access right, "Create inbound Forest trust". This attribute l
+ imits the number of Trusted-Domain objects that can be created by a single non
+ -admin user in the domain.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-PerUserTrustQuota
+schemaFlagsEx: 1
+schemaIDGUID:: 8K1h0STKk0mjqossmBMC6A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Per-User-Trust-Tombstones-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Per-User-Trust-Tombstones-Quota
+attributeID: 1.2.840.113556.1.4.1790
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Per-User-Trust-Tombstones-Quota
+adminDescription: 
+ Used to enforce a per-user quota for deleting Trusted-Domain objects when auth
+ orization is based on matching the user's SID to the value of MS-DS-Creator-SI
+ D on the Trusted-Domain object.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-PerUserTrustTombstonesQuota
+schemaFlagsEx: 1
+schemaIDGUID:: xqZwi/lQo0+nHhzgMEBEmw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Phonetic-Company-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Phonetic-Company-Name
+attributeID: 1.2.840.113556.1.4.1945
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35985
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Phonetic-Company-Name
+adminDescription: Contains the phonetic company name where the person works.
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: msDS-PhoneticCompanyName
+schemaIDGUID:: jSDVW/TlrkalFFQ7ycR2WQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Phonetic-Department,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Phonetic-Department
+attributeID: 1.2.840.113556.1.4.1944
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35984
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Phonetic-Department
+adminDescription: 
+ Contains the phonetic department name where the person works.
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: msDS-PhoneticDepartment
+schemaIDGUID:: rz3VbD4A50mnAm+oluem7w==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Phonetic-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Phonetic-Display-Name
+attributeID: 1.2.840.113556.1.4.1946
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 256
+mAPIID: 35986
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Phonetic-Display-Name
+adminDescription: 
+ The phonetic display name of an object.  In the absence of a phonetic display 
+ name the existing display name is used.
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: msDS-PhoneticDisplayName
+schemaFlagsEx: 1
+schemaIDGUID:: 5JQa4mYt5UyzDQ74endv8A==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Phonetic-First-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Phonetic-First-Name
+attributeID: 1.2.840.113556.1.4.1942
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35982
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Phonetic-First-Name
+adminDescription: 
+ Contains the phonetic given name or first name of the person.
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: msDS-PhoneticFirstName
+schemaIDGUID:: TrocSy8wNEGsfPAfbHl4Qw==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Phonetic-Last-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Phonetic-Last-Name
+attributeID: 1.2.840.113556.1.4.1943
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35983
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Phonetic-Last-Name
+adminDescription: Contains the phonetic last name of the person.
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: msDS-PhoneticLastName
+schemaIDGUID:: 7OQX8jYIkEuIry9dS72ivA==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Preferred-Data-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Preferred-Data-Location
+attributeID: 1.2.840.113556.1.4.2366
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 10
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-Preferred-Data-Location
+adminDescription: ms-DS-Preferred-Data-Location
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-preferredDataLocation
+schemaIDGUID:: 3ooM+pRMEEa6zhgO/e4hQA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Preferred-GC-Site,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Preferred-GC-Site
+attributeID: 1.2.840.113556.1.4.1444
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Preferred-GC-Site
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: ms-DS-Prefered-GC-Site
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-Preferred-GC-Site
+schemaFlagsEx: 1
+schemaIDGUID:: CrUh2bIKzUKH9gnPg6kYVA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Primary-Computer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Primary-Computer
+attributeID: 1.2.840.113556.1.4.2167
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2186
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Primary-Computer
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a user or group object, identifies the primary computers.
+oMSyntax: 127
+searchFlags: 1
+lDAPDisplayName: msDS-PrimaryComputer
+schemaIDGUID:: 4vQ9obDb60yCi4suFD6egQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Principal-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Principal-Name
+attributeID: 1.2.840.113556.1.4.1865
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Principal-Name
+adminDescription: Account name for the security principal (constructed)
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-PrincipalName
+schemaFlagsEx: 1
+schemaIDGUID:: JZNOVlfQQ8GeO0+eXvRvkw==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Promotion-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Promotion-Settings
+attributeID: 1.2.840.113556.1.4.1962
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Promotion-Settings
+adminDescription: 
+ For a Computer, contains a XML string to be used for delegated DSA promotion
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-PromotionSettings
+schemaIDGUID:: 4rSByMBDvk65u1JQqptDTA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-PSO-Applied,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-PSO-Applied
+attributeID: 1.2.840.113556.1.4.2021
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2119
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Password settings object applied
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Password settings object applied to this object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-PSOApplied
+schemaFlagsEx: 1
+schemaIDGUID:: MfBsXqi9yEOspI/uQScAWw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-PSO-Applies-To,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-PSO-Applies-To
+attributeID: 1.2.840.113556.1.4.2020
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2118
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Password settings object applies to
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Links to objects that this password settings object applies to
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-PSOAppliesTo
+schemaIDGUID:: SA/IZNLNgUiobU6XtvVh/A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Quota-Amount,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Quota-Amount
+attributeID: 1.2.840.113556.1.4.1845
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Quota-Amount
+adminDescription: 
+ The assigned quota in terms of number of objects owned in the database.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-QuotaAmount
+schemaFlagsEx: 1
+schemaIDGUID:: DaC5+4w6M0Kc+XGJJkkDoQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Quota-Effective,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Quota-Effective
+attributeID: 1.2.840.113556.1.4.1848
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Quota-Effective
+adminDescription: 
+ The effective quota for a security principal computed from the assigned quotas
+  for a directory partition.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-QuotaEffective
+schemaFlagsEx: 1
+schemaIDGUID:: UrFVZhwQtEizR+H868YBVw==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Quota-Trustee,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Quota-Trustee
+attributeID: 1.2.840.113556.1.4.1844
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 28
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Quota-Trustee
+adminDescription: 
+ The SID of the security principal for which quota is being assigned.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-QuotaTrustee
+schemaFlagsEx: 1
+schemaIDGUID:: Bok3FqVOvkmo0b/UHf9PZQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Quota-Used,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Quota-Used
+attributeID: 1.2.840.113556.1.4.1849
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Quota-Used
+adminDescription: 
+ The current quota consumed by a security principal in the directory database.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-QuotaUsed
+schemaFlagsEx: 1
+schemaIDGUID:: CEOotV1ht0uwXy8XRqpDnw==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Registered-Owner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Registered-Owner
+attributeID: 1.2.840.113556.1.4.2258
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Registered-Owner
+adminDescription: 
+ Single valued binary attribute containing the primary SID referencing the firs
+ t user to register the device. The value is not removed during de-registration
+ , but could be managed by an administrator.
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDS-RegisteredOwner
+schemaIDGUID:: 6SZ2YesBz0KZH85heYIjfg==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Registered-Users,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Registered-Users
+attributeID: 1.2.840.113556.1.4.2263
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Registered-Users
+adminDescription:: 
+ Q29udGFpbnMgdGhlIGxpc3Qgb2YgdXNlcnMgdGhhdCBoYXZlIHJlZ2lzdGVyZWQgdGhlIGRldmljZS
+ 4gIFVzZXJzIGluIHRoaXMgbGlzdCBoYXZlIGFsbCBvZiB0aGUgZmVhdHVyZXMgcHJvdmlkZWQgYnkg
+ dGhlIO+/vUNvbXBhbnkgUG9ydGFs77+9IGFwcC4gIEFuZCB0aGV5IGhhdmUgU1NPIHRvIGNvbXBhbn
+ kgcmVzb3VyY2VzLg==
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDS-RegisteredUsers
+schemaIDGUID:: DBZJBI5ayE+wUgHA9uSPAg==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Registration-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Registration-Quota
+attributeID: 1.2.840.113556.1.4.2241
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Registration-Quota
+adminDescription: 
+ Policy used to limit the number of registrations allowed for a single user.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-RegistrationQuota
+schemaIDGUID:: woYyymQfeUCWvOYrYQ5zDw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Repl-Attribute-Meta-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Repl-Attribute-Meta-Data
+description: 
+ A list of metadata for each replicated attribute. The metadata indicates who c
+ hanged the attribute last.
+attributeID: 1.2.840.113556.1.4.1707
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Repl-Attribute-Meta-Data
+adminDescription: ms-DS-Repl-Attribute-Meta-Data
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ReplAttributeMetaData
+schemaFlagsEx: 1
+schemaIDGUID:: QjLF105yOUydTC34ydZseg==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Repl-Value-Meta-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Repl-Value-Meta-Data
+description: 
+ A list of metadata for each value of an attribute. The metadata indicates who 
+ changed the value last.
+attributeID: 1.2.840.113556.1.4.1708
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Repl-Value-Meta-Data
+adminDescription: ms-DS-Repl-Value-Meta-Data
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ReplValueMetaData
+schemaFlagsEx: 1
+schemaIDGUID:: RYFcL73hC0GJV4v6gdWs/Q==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Repl-Value-Meta-Data-Ext,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Repl-Value-Meta-Data-Ext
+attributeID: 1.2.840.113556.1.4.2235
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Repl-Value-Meta-Data-Ext
+adminDescription: ms-DS-Repl-Value-Meta-Data-Ext
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ReplValueMetaDataExt
+schemaIDGUID:: 79ICHq1EskamfZ/RjXgLyg==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Replicates-NC-Reason,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Replicates-NC-Reason
+attributeID: 1.2.840.113556.1.4.1408
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Replicates-NC-Reason
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: MS-DS-Replicates-NC-Reason
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mS-DS-ReplicatesNCReason
+schemaFlagsEx: 1
+schemaIDGUID:: hCuhDrMI0xGRvAAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Replication-Notify-First-DSA-Delay,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Replication-Notify-First-DSA-Delay
+attributeID: 1.2.840.113556.1.4.1663
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Replication-Notify-First-DSA-Delay
+adminDescription: 
+ This attribute controls the delay between changes to the DS, and notification 
+ of the first replica partner for an NC.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-Replication-Notify-First-DSA-Delay
+schemaFlagsEx: 1
+schemaIDGUID:: 9NSrhYkKSU697G81uyViug==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Replication-Notify-Subsequent-DSA-Delay,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Replication-Notify-Subsequent-DSA-Delay
+attributeID: 1.2.840.113556.1.4.1664
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Replication-Notify-Subsequent-DSA-Delay
+adminDescription: 
+ This attribute controls the delay between notification of each subsequent repl
+ ica partner for an NC.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-Replication-Notify-Subsequent-DSA-Delay
+schemaFlagsEx: 1
+schemaIDGUID:: hbM91pLdUkux2A0+zA6Gtg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-ReplicationEpoch,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-ReplicationEpoch
+attributeID: 1.2.840.113556.1.4.1720
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-ReplicationEpoch
+adminDescription: ms-DS-ReplicationEpoch
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-ReplicationEpoch
+schemaFlagsEx: 1
+schemaIDGUID:: earjCBzrtUWve4+UJGyOQQ==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Required-Domain-Behavior-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Required-Domain-Behavior-Version
+attributeID: 1.2.840.113556.1.4.2066
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Required-Domain-Behavior-Version
+adminDescription: Required domain function level for this feature.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-RequiredDomainBehaviorVersion
+schemaFlagsEx: 1
+schemaIDGUID:: /j3d6g6uwky5uV/ltu0t0g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Required-Forest-Behavior-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Required-Forest-Behavior-Version
+attributeID: 1.2.840.113556.1.4.2079
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Required-Forest-Behavior-Version
+adminDescription: Required forest function level for this feature.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-RequiredForestBehaviorVersion
+schemaFlagsEx: 1
+schemaIDGUID:: 6KLsS1OmskGP7nIVdUdL7A==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Resultant-PSO,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Resultant-PSO
+attributeID: 1.2.840.113556.1.4.2022
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Resultant password settings object applied
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Resultant password settings object applied to this object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ResultantPSO
+schemaFlagsEx: 1
+schemaIDGUID:: k6B+t9CIgEeamJEfjosdyg==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Retired-Repl-NC-Signatures,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Retired-Repl-NC-Signatures
+attributeID: 1.2.840.113556.1.4.1826
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Retired-Repl-NC-Signatures
+adminDescription: 
+ Information about naming contexts that are no longer held on this computer
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-RetiredReplNCSignatures
+schemaFlagsEx: 1
+schemaIDGUID:: BlWz1dYZJk2a+xE1esmbXg==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Reveal-OnDemand-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Reveal-OnDemand-Group
+attributeID: 1.2.840.113556.1.4.1928
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2110
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Reveal-OnDemand-Group
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a Directory instance (DSA), identifies the security group whose users may 
+ have their secrets disclosed to that instance
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-RevealOnDemandGroup
+schemaFlagsEx: 1
+schemaIDGUID:: Sp89MNYdOEuPxTOv6MmIrQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Revealed-DSAs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Revealed-DSAs
+attributeID: 1.2.840.113556.1.4.1930
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2103
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Revealed-DSAs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-DS-Revealed-Users; for a user, identifies which Directory inst
+ ances (DSA) hold that user's secret
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-RevealedDSAs
+schemaFlagsEx: 1
+schemaIDGUID:: rPL2lG3HXku3H/Myw+k8Ig==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Revealed-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Revealed-List
+attributeID: 1.2.840.113556.1.4.1940
+attributeSyntax: 2.5.5.14
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Revealed-List
+oMObjectClass:: KoZIhvcUAQEBDA==
+adminDescription: 
+ For a Directory instance (DSA), Identifies the user objects whose secrets have
+  been disclosed to that instance
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-RevealedList
+schemaFlagsEx: 1
+schemaIDGUID:: HNHay+x/ezhiGToGJ9mvgQ==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Revealed-List-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Revealed-List-BL
+attributeID: 1.2.840.113556.1.4.1975
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Revealed-List-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: backlink attribute for ms-DS-Revealed-List.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-RevealedListBL
+schemaFlagsEx: 1
+schemaIDGUID:: /Ygcqvawn0Kyyp2QImboCA==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Revealed-Users,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Revealed-Users
+attributeID: 1.2.840.113556.1.4.1924
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+linkID: 2102
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Revealed-Users
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: 
+ For a Directory instance (DSA), Identifies the user objects whose secrets have
+  been disclosed to that instance
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-RevealedUsers
+schemaFlagsEx: 1
+schemaIDGUID:: IXhcGEk3OkS9aiiImQca2w==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-RID-Pool-Allocation-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-RID-Pool-Allocation-Enabled
+attributeID: 1.2.840.113556.1.4.2213
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-RID-Pool-Allocation-Enabled
+adminDescription: 
+ This attribute indicates whether RID pool allocation is enabled or not.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-RIDPoolAllocationEnabled
+schemaFlagsEx: 1
+schemaIDGUID:: jHyXJLfBQDO09is3XrcR1w==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-ds-Schema-Extensions,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-ds-Schema-Extensions
+attributeID: 1.2.840.113556.1.4.1440
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-ds-Schema-Extensions
+adminDescription: ms-ds-Schema-Extensions
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDs-Schema-Extensions
+schemaIDGUID:: vmGaswftq0yaSklj7QFB4Q==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-SD-Reference-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-SD-Reference-Domain
+attributeID: 1.2.840.113556.1.4.1711
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-SD-Reference-Domain
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ The domain to be used for default security descriptor translation for a Non-Do
+ main Naming Context.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-SDReferenceDomain
+schemaFlagsEx: 1
+schemaIDGUID:: FuNRTCj2pUOwa/+2lfy08w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Secondary-KrbTgt-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Secondary-KrbTgt-Number
+attributeID: 1.2.840.113556.1.4.1929
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 65536
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Secondary-KrbTgt-Number
+adminDescription: 
+ For a user object (krbtgt), acting as a secondary domain master secret, identi
+ fies the protocol identification number associated with the secondary domain.
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: msDS-SecondaryKrbTgtNumber
+schemaFlagsEx: 1
+schemaIDGUID:: EmYVqpYjfkataijSP9sYZQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Security-Group-Extra-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Security-Group-Extra-Classes
+attributeID: 1.2.840.113556.1.4.1688
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Security-Group-Extra-Classes
+adminDescription: ms-DS-Security-Group-Extra-Classes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-Security-Group-Extra-Classes
+schemaIDGUID:: 6GoUT/6kAUinMfUYSKT05A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Service-Allowed-NTLM-Network-Authentication,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Service-Allowed-NTLM-Network-Authentication
+attributeID: 1.2.840.113556.1.4.2349
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Service-Allowed-NTLM-Network-Authentication
+adminDescription: 
+ This attribute is used to determine if a service is allowed to authenticate us
+ ing NTLM authentication.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-ServiceAllowedNTLMNetworkAuthentication
+schemaIDGUID:: uUeJJyJSXkOWtxUDhYwrSA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Service-Allowed-To-Authenticate-From,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Service-Allowed-To-Authenticate-From
+attributeID: 1.2.840.113556.1.4.2283
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Service-Allowed-To-Authenticate-From
+adminDescription: 
+ This attribute is used to determine if a service has permission to authenticat
+ e from a computer.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ServiceAllowedToAuthenticateFrom
+schemaIDGUID:: mnDalxY3Zkmx0YOLpTw9iQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Service-Allowed-To-Authenticate-To,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Service-Allowed-To-Authenticate-To
+attributeID: 1.2.840.113556.1.4.2282
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Service-Allowed-To-Authenticate-To
+adminDescription: 
+ This attribute is used to determine if a service has permission to authenticat
+ e to a service.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ServiceAllowedToAuthenticateTo
+schemaIDGUID:: MTGX8k2bIEi03gR07zuEnw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Service-AuthN-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Service-AuthN-Policy
+attributeID: 1.2.840.113556.1.4.2293
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2210
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service Authentication Policy
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute specifies which AuthNPolicy should be applied to services assig
+ ned to this silo object.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ServiceAuthNPolicy
+schemaIDGUID:: lW1qKs4o7km7JG0fwB4xEQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Service-AuthN-Policy-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Service-AuthN-Policy-BL
+attributeID: 1.2.840.113556.1.4.2294
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2211
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service Authentication Policy Backlink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: This attribute is the backlink for msDS-ServiceAuthNPolicy.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ServiceAuthNPolicyBL
+schemaIDGUID:: 7CgRLKJao0KzLfCXnKn80g==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Service-TGT-Lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Service-TGT-Lifetime
+attributeID: 1.2.840.113556.1.4.2284
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service TGT Lifetime
+adminDescription: 
+ This attribute specifies the maximum age of a Kerberos TGT issued to a service
+  in units of 10^(-7) seconds.
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-ServiceTGTLifetime
+schemaIDGUID:: IDz+XSnKfUCbq4Qh5V63XA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Settings
+attributeID: 1.2.840.113556.1.4.1697
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 1000000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Settings
+adminDescription: ms-DS-Settings
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-Settings
+schemaIDGUID:: 10cbDqNASEuNG0ysDBzfIQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Shadow-Principal-Sid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Shadow-Principal-Sid
+attributeID: 1.2.840.113556.1.4.2324
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Shadow-Principal-Sid
+adminDescription: Contains the SID of a principal from an external forest.
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDS-ShadowPrincipalSid
+schemaIDGUID:: IgfMHbCq70+Vbydv4Z3hBw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Site-Affinity,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Site-Affinity
+attributeID: 1.2.840.113556.1.4.1443
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Site-Affinity
+adminDescription: ms-DS-Site-Affinity
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDS-Site-Affinity
+schemaFlagsEx: 1
+schemaIDGUID:: AlZ8wbe88EaWVmNwyohLcg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-SiteName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-SiteName
+attributeID: 1.2.840.113556.1.4.1961
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-SiteName
+adminDescription: 
+ For a Directory instance (DSA), Identifies the site name that contains the DSA
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-SiteName
+schemaFlagsEx: 1
+schemaIDGUID:: bfOnmJU1ikSeb2uJZbrtnA==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Source-Anchor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Source-Anchor
+attributeID: 1.2.840.113556.1.4.2352
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Source-Anchor
+adminDescription: 
+ Unique, immutable identifier for the object in the authoritative directory.
+oMSyntax: 64
+searchFlags: 10
+lDAPDisplayName: msDS-SourceAnchor
+schemaIDGUID:: B/QCsEAT60G8oL19k44lqQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Source-Object-DN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Source-Object-DN
+attributeID: 1.2.840.113556.1.4.1879
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 10240
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Source-Object-DN
+adminDescription: 
+ The string representation of the DN of the object in another forest that corre
+ sponds to this object.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-SourceObjectDN
+schemaIDGUID:: r5M+d7TT1Eiz+QZFdgLT0A==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-SPN-Suffixes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-SPN-Suffixes
+attributeID: 1.2.840.113556.1.4.1715
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-SPN-Suffixes
+adminDescription: ms-DS-SPN-Suffixes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-SPNSuffixes
+schemaFlagsEx: 1
+schemaIDGUID:: 6+GeeI6MTE6M7HmzG3YXtQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Strong-NTLM-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Strong-NTLM-Policy
+attributeID: 1.2.840.113556.1.4.2350
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Strong-NTLM-Policy
+adminDescription: 
+ This attribute specifies policy options for NTLM secrets with strong entropy.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-StrongNTLMPolicy
+schemaIDGUID:: cCHNqipIxkS2bkLC9mooXA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Supported-Encryption-Types,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Supported-Encryption-Types
+attributeID: 1.2.840.113556.1.4.1963
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-SupportedEncryptionTypes
+adminDescription: 
+ The encryption algorithms supported by user, computer or trust accounts. The K
+ DC uses this information while generating a service ticket for this account. S
+ ervices/Computers may automatically update this attribute on their respective 
+ accounts in Active Directory, and therefore need write access to this attribut
+ e.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-SupportedEncryptionTypes
+schemaFlagsEx: 1
+schemaIDGUID:: Z5gRIAQdt0qTcc/D1d8K/Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-SyncServerUrl,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-SyncServerUrl
+attributeID: 1.2.840.113556.1.4.2276
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 512
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-SyncServerUrl
+adminDescription: 
+ Use this attribute to store the sync server (Url format) which hosts the user 
+ sync folder
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-SyncServerUrl
+schemaIDGUID:: 0sOst3QqpE+sJeY/6LYSGA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Tasks-For-Az-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Tasks-For-Az-Role
+attributeID: 1.2.840.113556.1.4.1814
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Tasks-For-Az-Role
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: List of tasks for Az-Role
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-TasksForAzRole
+schemaIDGUID:: gpAxNUqMRkaThsKUnUmJTQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Tasks-For-Az-Role-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Tasks-For-Az-Role-BL
+attributeID: 1.2.840.113556.1.4.1815
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2025
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Tasks-For-Az-Role-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Back-link from Az-Task to Az-Role object(s) linking to it
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-TasksForAzRoleBL
+schemaIDGUID:: NtXcoFhR/kKMQMAKetN5WQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Tasks-For-Az-Task,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Tasks-For-Az-Task
+attributeID: 1.2.840.113556.1.4.1810
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2020
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Tasks-For-Az-Task
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: List of tasks linked to Az-Task
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-TasksForAzTask
+schemaIDGUID:: 4o4csc1fp0aV8PODM/CWzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Tasks-For-Az-Task-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Tasks-For-Az-Task-BL
+attributeID: 1.2.840.113556.1.4.1811
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2021
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Tasks-For-Az-Task-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Back-link from Az-Task to the Az-Task object(s) linking to it
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-TasksForAzTaskBL
+schemaIDGUID:: Um5E3/q1okykLxP5ilJsjw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-TDO-Egress-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-TDO-Egress-BL
+attributeID: 1.2.840.113556.1.4.2194
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2193
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-TDO-Egress-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Backlink to TDO Egress rules link on object.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-TDOEgressBL
+schemaFlagsEx: 1
+schemaIDGUID:: KWIA1ROZQiKLF4N2HR4OWw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-TDO-Ingress-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-TDO-Ingress-BL
+attributeID: 1.2.840.113556.1.4.2193
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2191
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-TDO-Ingress-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Backlink to TDO Ingress rules link on object.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-TDOIngressBL
+schemaFlagsEx: 1
+schemaIDGUID:: oWFWWsaXS1SAVuQw/nvFVA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Token-Group-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Token-Group-Names
+attributeID: 1.2.840.113556.1.4.2345
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Token-Group-Names
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ The distinguished names of security groups the principal is directly or indire
+ ctly a member of.
+oMSyntax: 127
+searchFlags: 2048
+lDAPDisplayName: msds-tokenGroupNames
+schemaIDGUID:: dgVlZZlGyU+NGCbgzQE3pg==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: TRUE
+systemFlags: 29
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Token-Group-Names-Global-And-Universal,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Token-Group-Names-Global-And-Universal
+attributeID: 1.2.840.113556.1.4.2346
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Token-Group-Names-Global-And-Universal
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ The distinguished names of global and universal security groups the principal 
+ is directly or indirectly a member of.
+oMSyntax: 127
+searchFlags: 2048
+lDAPDisplayName: msds-tokenGroupNamesGlobalAndUniversal
+schemaIDGUID:: 9NEG+iJ5rUq3nLIgH1RBfA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: TRUE
+systemFlags: 29
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Token-Group-Names-No-GC-Acceptable,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Token-Group-Names-No-GC-Acceptable
+attributeID: 1.2.840.113556.1.4.2347
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Token-Group-Names-No-GC-Acceptable
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ The distinguished names of security groups the principal is directly or indire
+ ctly a member of as reported by the local DC.
+oMSyntax: 127
+searchFlags: 2048
+lDAPDisplayName: msds-tokenGroupNamesNoGCAcceptable
+schemaIDGUID:: yMY/UvSaAkqc1z3qEp7rJw==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: TRUE
+systemFlags: 29
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Tombstone-Quota-Factor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Tombstone-Quota-Factor
+attributeID: 1.2.840.113556.1.4.1847
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 100
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Tombstone-Quota-Factor
+adminDescription: 
+ The percentage factor by which tombstone object count should be reduced for th
+ e purpose of quota accounting.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-TombstoneQuotaFactor
+schemaFlagsEx: 1
+schemaIDGUID:: 10QXRrbzukWHU/uVUqXfMg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Top-Quota-Usage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Top-Quota-Usage
+attributeID: 1.2.840.113556.1.4.1850
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Top-Quota-Usage
+adminDescription: 
+ The list of top quota users ordered by decreasing quota usage currently in the
+  directory database.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-TopQuotaUsage
+schemaFlagsEx: 1
+schemaIDGUID:: T858e/Xxtku36yNQSvGedQ==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Transformation-Rules,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Transformation-Rules
+attributeID: 1.2.840.113556.1.4.2189
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Transformation-Rules
+adminDescription: 
+ Specifies the Transformation Rules for Cross-Forest Claims Transformation.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-TransformationRules
+schemaFlagsEx: 1
+schemaIDGUID:: cSuHVbLESDuuUUCV+R7GAA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Transformation-Rules-Compiled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Transformation-Rules-Compiled
+attributeID: 1.2.840.113556.1.4.2190
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Transformation-Rules-Compiled
+adminDescription: Blob containing compiled transformation rules.
+oMSyntax: 4
+searchFlags: 128
+lDAPDisplayName: msDS-TransformationRulesCompiled
+schemaFlagsEx: 1
+schemaIDGUID:: EJq0C2tTTbyicwurDdS9EA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Trust-Forest-Trust-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Trust-Forest-Trust-Info
+attributeID: 1.2.840.113556.1.4.1702
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Trust-Forest-Trust-Info
+adminDescription: ms-DS-Trust-Forest-Trust-Info
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-TrustForestTrustInfo
+schemaFlagsEx: 1
+schemaIDGUID:: bobMKdNJaUmULh28CSXRgw==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-UpdateScript,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-UpdateScript
+attributeID: 1.2.840.113556.1.4.1721
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-UpdateScript
+adminDescription: ms-DS-UpdateScript
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-UpdateScript
+schemaFlagsEx: 1
+schemaIDGUID:: ObZuFJ+7wU+oJeKeAMd5IA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-User-Account-Control-Computed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-User-Account-Control-Computed
+attributeID: 1.2.840.113556.1.4.1460
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-User-Account-Control-Computed
+adminDescription: ms-DS-User-Account-Control-Computed
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-User-Account-Control-Computed
+schemaFlagsEx: 1
+schemaIDGUID:: NrjELD+2QEmNI+p6zwavVg==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-User-Allowed-NTLM-Network-Authentication,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-User-Allowed-NTLM-Network-Authentication
+attributeID: 1.2.840.113556.1.4.2348
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-User-Allowed-NTLM-Network-Authentication
+adminDescription: 
+ This attribute is used to determine if a user is allowed to authenticate using
+  NTLM authentication.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-UserAllowedNTLMNetworkAuthentication
+schemaIDGUID:: DwTOfieT3Eyq0wN63+YmOQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-User-Allowed-To-Authenticate-From,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-User-Allowed-To-Authenticate-From
+attributeID: 1.2.840.113556.1.4.2278
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-User-Allowed-To-Authenticate-From
+adminDescription: 
+ This attribute is used to determine if a user has permission to authenticate f
+ rom a computer.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-UserAllowedToAuthenticateFrom
+schemaIDGUID:: AJZMLOGwfUSN2nSQIle9tQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-User-Allowed-To-Authenticate-To,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-User-Allowed-To-Authenticate-To
+attributeID: 1.2.840.113556.1.4.2277
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-User-Allowed-To-Authenticate-To
+adminDescription: 
+ This attribute is used to determine if a user has permission to authenticate t
+ o a service.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-UserAllowedToAuthenticateTo
+schemaIDGUID:: f6oM3k5yhkKxeRkmce/GZA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-User-AuthN-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-User-AuthN-Policy
+attributeID: 1.2.840.113556.1.4.2289
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2206
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User Authentication Policy
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute specifies which AuthNPolicy should be applied to users assigned
+  to this silo object.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-UserAuthNPolicy
+schemaIDGUID:: 87kmzRXUKkSPeHxhUj7pWw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-User-AuthN-Policy-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-User-AuthN-Policy-BL
+attributeID: 1.2.840.113556.1.4.2290
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2207
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User Authentication Policy Backlink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: This attribute is the backlink for msDS-UserAuthNPolicy.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-UserAuthNPolicyBL
+schemaIDGUID:: qfoXL0ddH0uXfqpS+r5lyA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-User-Password-Expiry-Time-Computed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-User-Password-Expiry-Time-Computed
+attributeID: 1.2.840.113556.1.4.1996
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-User-Password-Expiry-Time-Computed
+adminDescription: Contains the expiry time for the user's current password
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-UserPasswordExpiryTimeComputed
+schemaFlagsEx: 1
+schemaIDGUID:: EM/VrQl7SUSa5iU0FI+Kcg==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-User-TGT-Lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-User-TGT-Lifetime
+attributeID: 1.2.840.113556.1.4.2279
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User TGT Lifetime
+adminDescription: 
+ This attribute specifies the maximum age of a Kerberos TGT issued to a user in
+  units of 10^(-7) seconds.
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-UserTGTLifetime
+schemaIDGUID:: g8khhZn1D0K5q7EiK9+VwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-USN-Last-Sync-Success,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-USN-Last-Sync-Success
+attributeID: 1.2.840.113556.1.4.2055
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-USN-Last-Sync-Success
+adminDescription: 
+ The USN at which the last successful replication synchronization occurred.
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-USNLastSyncSuccess
+schemaFlagsEx: 1
+schemaIDGUID:: trj3MfjJLU+je1ioIwMDMQ==
+systemOnly: FALSE
+systemFlags: 25
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Value-Type-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Value-Type-Reference
+attributeID: 1.2.840.113556.1.4.2187
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2188
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Value-Type-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute is used to link a resource property object to its value type.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ValueTypeReference
+schemaFlagsEx: 1
+schemaIDGUID:: hF38eNzBSDGJhFj3ktQdPg==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Value-Type-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Value-Type-Reference-BL
+attributeID: 1.2.840.113556.1.4.2188
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2189
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Value-Type-Reference-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This is the back link for ms-DS-Value-Type-Reference. It links a value type ob
+ ject back to resource properties.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ValueTypeReferenceBL
+schemaFlagsEx: 1
+schemaIDGUID:: rUNVq6EjRTu5N5sxPVR0qA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Exch-Assistant-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Exch-Assistant-Name
+attributeID: 1.2.840.113556.1.2.444
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+mAPIID: 14896
+adminDisplayName: ms-Exch-Assistant-Name
+adminDescription: ms-Exch-Assistant-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msExchAssistantName
+schemaIDGUID:: lHPfqOrF0RG7ywCAx2ZwwA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Exch-House-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Exch-House-Identifier
+attributeID: 1.2.840.113556.1.2.596
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 35924
+adminDisplayName: ms-Exch-House-Identifier
+adminDescription: ms-Exch-House-Identifier
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msExchHouseIdentifier
+schemaIDGUID:: B3TfqOrF0RG7ywCAx2ZwwA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Exch-LabeledURI,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Exch-LabeledURI
+attributeID: 1.2.840.113556.1.2.593
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 1024
+mAPIID: 35921
+adminDisplayName: ms-Exch-LabeledURI
+adminDescription: ms-Exch-LabeledURI
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msExchLabeledURI
+schemaIDGUID:: IFh3FvNH0RGpwwAA+ANnwQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Exch-Owner-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Exch-Owner-BL
+attributeID: 1.2.840.113556.1.2.104
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 45
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Exch-Owner-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: ms-Exch-Owner-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ownerBL
+schemaIDGUID:: 9HmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FRS-Hub-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-FRS-Hub-Member
+attributeID: 1.2.840.113556.1.4.1693
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 1046
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-FRS-Hub-Member
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: ms-FRS-Hub-Member
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msFRS-Hub-Member
+schemaIDGUID:: gf9DVrY1qUyVErrwvQoncg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FRS-Topology-Pref,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-FRS-Topology-Pref
+attributeID: 1.2.840.113556.1.4.1692
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-FRS-Topology-Pref
+adminDescription: ms-FRS-Topology-Pref
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msFRS-Topology-Pref
+schemaIDGUID:: 4CeqklBcLUCewe6Efe+XiA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FVE-KeyPackage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-FVE-KeyPackage
+attributeID: 1.2.840.113556.1.4.1999
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 102400
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FVE-KeyPackage
+adminDescription: 
+ This attribute contains a volume's BitLocker encryption key secured by the cor
+ responding recovery password. Full Volume Encryption (FVE) was the pre-release
+  name for BitLocker Drive Encryption.
+oMSyntax: 4
+searchFlags: 664
+lDAPDisplayName: msFVE-KeyPackage
+schemaIDGUID:: qF7VH6eI3EeBKQ2qlxhqVA==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FVE-RecoveryGuid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-FVE-RecoveryGuid
+attributeID: 1.2.840.113556.1.4.1965
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FVE-RecoveryGuid
+adminDescription: 
+ This attribute contains the GUID associated with a BitLocker recovery password
+ . Full Volume Encryption (FVE) was the pre-release name for BitLocker Drive En
+ cryption.
+oMSyntax: 4
+searchFlags: 27
+lDAPDisplayName: msFVE-RecoveryGuid
+schemaIDGUID:: vAlp93jmoEews/hqAETAbQ==
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FVE-RecoveryPassword,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-FVE-RecoveryPassword
+attributeID: 1.2.840.113556.1.4.1964
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FVE-RecoveryPassword
+adminDescription: 
+ This attribute contains a password that can recover a BitLocker-encrypted volu
+ me. Full Volume Encryption (FVE) was the pre-release name for BitLocker Drive 
+ Encryption.
+oMSyntax: 64
+searchFlags: 664
+lDAPDisplayName: msFVE-RecoveryPassword
+schemaIDGUID:: wRoGQ63IzEy3hSv6wg/GCg==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FVE-VolumeGuid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-FVE-VolumeGuid
+attributeID: 1.2.840.113556.1.4.1998
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FVE-VolumeGuid
+adminDescription: 
+ This attribute contains the GUID associated with a BitLocker-supported disk vo
+ lume. Full Volume Encryption (FVE) was the pre-release name for BitLocker Driv
+ e Encryption.
+oMSyntax: 4
+searchFlags: 27
+lDAPDisplayName: msFVE-VolumeGuid
+schemaIDGUID:: z6Xlhe7cdUCc/aydtqLyRQ==
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-ieee-80211-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-ieee-80211-Data
+attributeID: 1.2.840.113556.1.4.1821
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-ieee-80211-Data
+adminDescription: 
+ Stores list of preferred network configurations for Group Policy for Wireless
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msieee80211-Data
+schemaIDGUID:: OAkNDlgmgEWp9noKx7Vmyw==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-ieee-80211-Data-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-ieee-80211-Data-Type
+attributeID: 1.2.840.113556.1.4.1822
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-ieee-80211-Data-Type
+adminDescription: internally used data type for msieee80211-Data blob
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msieee80211-DataType
+schemaIDGUID:: gLFYZdo1/k6+7VIfj0jK+w==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-ieee-80211-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-ieee-80211-ID
+attributeID: 1.2.840.113556.1.4.1823
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-ieee-80211-ID
+adminDescription: an indentifier used for wireless policy object on AD
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msieee80211-ID
+schemaIDGUID:: de9zf8kUI0yB3t0HoG+eiw==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-IIS-FTP-Dir,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-IIS-FTP-Dir
+attributeID: 1.2.840.113556.1.4.1786
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-IIS-FTP-Dir
+adminDescription: Relative user directory on an FTP Root share.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msIIS-FTPDir
+schemaIDGUID:: 6ZlcijAi60a46OWdcS657g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-IIS-FTP-Root,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-IIS-FTP-Root
+attributeID: 1.2.840.113556.1.4.1785
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-IIS-FTP-Root
+adminDescription: Virtual FTP Root where user home directory resides.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msIIS-FTPRoot
+schemaIDGUID:: pCd4KoMUpUmdhFLjgSFWtA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Imaging-Hash-Algorithm,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Imaging-Hash-Algorithm
+attributeID: 1.2.840.113556.1.4.2181
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Imaging-Hash-Algorithm
+adminDescription: 
+ Contains the name of the hash algorithm used to create the Thumbprint Hash for
+  the Scan Repository/Secure Print Device.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msImaging-HashAlgorithm
+schemaIDGUID:: tQ3nigZklkGS/vO7VXUgpw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Imaging-PSP-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Imaging-PSP-Identifier
+attributeID: 1.2.840.113556.1.4.2053
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Imaging-PSP-Identifier
+adminDescription: 
+ Schema Attribute that contains the unique identifier for this PostScan Process
+ .
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msImaging-PSPIdentifier
+schemaIDGUID:: 6TxYUfqUEku5kDBMNbGFlQ==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Imaging-PSP-String,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Imaging-PSP-String
+attributeID: 1.2.840.113556.1.4.2054
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 524288
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Imaging-PSP-String
+adminDescription: 
+ Schema Attribute that contains the XML sequence for this PostScan Process.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msImaging-PSPString
+schemaIDGUID:: rmBne+3WpkS2vp3mLAnsZw==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Imaging-Thumbprint-Hash,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Imaging-Thumbprint-Hash
+attributeID: 1.2.840.113556.1.4.2180
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Imaging-Thumbprint-Hash
+adminDescription: 
+ Contains a hash of the security certificate for the Scan Repository/Secure Pri
+ nt Device.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msImaging-ThumbprintHash
+schemaIDGUID:: xdvfnAQDaUWV9sT2Y/5a5g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-CreateTime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-CreateTime
+attributeID: 1.2.840.113556.1.4.2179
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-CreateTime
+adminDescription: The time when this root key was created.
+oMSyntax: 65
+searchFlags: 640
+lDAPDisplayName: msKds-CreateTime
+schemaIDGUID:: nxEYrpBjRQCzLZfbxwGu9w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-DomainID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-DomainID
+attributeID: 1.2.840.113556.1.4.2177
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-DomainID
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Distinguished name of the Domain Controller which generated this root key.
+oMSyntax: 127
+searchFlags: 640
+lDAPDisplayName: msKds-DomainID
+schemaIDGUID:: ggRAlgfPTOmQ6PLvxPBJXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-KDF-AlgorithmID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-KDF-AlgorithmID
+attributeID: 1.2.840.113556.1.4.2169
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 200
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-KDF-AlgorithmID
+adminDescription: 
+ The algorithm name of the key derivation function used to compute keys.
+oMSyntax: 64
+searchFlags: 640
+lDAPDisplayName: msKds-KDFAlgorithmID
+schemaIDGUID:: skgs203RTuyfWK1XnYtEDg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-KDF-Param,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-KDF-Param
+attributeID: 1.2.840.113556.1.4.2170
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 2000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-KDF-Param
+adminDescription: Parameters for the key derivation algorithm.
+oMSyntax: 4
+searchFlags: 640
+lDAPDisplayName: msKds-KDFParam
+schemaIDGUID:: cgeAirj0TxW0HC5Cce/3pw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-PrivateKey-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-PrivateKey-Length
+attributeID: 1.2.840.113556.1.4.2174
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-PrivateKey-Length
+adminDescription: The length of the secret agreement private key.
+oMSyntax: 2
+searchFlags: 640
+lDAPDisplayName: msKds-PrivateKeyLength
+schemaIDGUID:: oUJfYec3SBGg3TAH4Jz8gQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-PublicKey-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-PublicKey-Length
+attributeID: 1.2.840.113556.1.4.2173
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-PublicKey-Length
+adminDescription: The length of the secret agreement public key.
+oMSyntax: 2
+searchFlags: 640
+lDAPDisplayName: msKds-PublicKeyLength
+schemaIDGUID:: cPQ44805SUWrW/afnlg/4A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-RootKeyData,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-RootKeyData
+attributeID: 1.2.840.113556.1.4.2175
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-RootKeyData
+adminDescription: Root key.
+oMSyntax: 4
+searchFlags: 640
+lDAPDisplayName: msKds-RootKeyData
+schemaIDGUID:: J3xiJqIIQAqhsY3OhbQpkw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-SecretAgreement-AlgorithmID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-SecretAgreement-AlgorithmID
+attributeID: 1.2.840.113556.1.4.2171
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 200
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-SecretAgreement-AlgorithmID
+adminDescription: 
+ The name of the secret agreement algorithm to be used with public keys.
+oMSyntax: 64
+searchFlags: 640
+lDAPDisplayName: msKds-SecretAgreementAlgorithmID
+schemaIDGUID:: XZcCF14iSsuxXQ2uqLXpkA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-SecretAgreement-Param,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-SecretAgreement-Param
+attributeID: 1.2.840.113556.1.4.2172
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 2000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-SecretAgreement-Param
+adminDescription: The parameters for the secret agreement algorithm.
+oMSyntax: 4
+searchFlags: 640
+lDAPDisplayName: msKds-SecretAgreementParam
+schemaIDGUID:: 2ZmwMP7tSXW4B+ukRNp56Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-UseStartTime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-UseStartTime
+attributeID: 1.2.840.113556.1.4.2178
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-UseStartTime
+adminDescription: The time after which this root key may be used.
+oMSyntax: 65
+searchFlags: 640
+lDAPDisplayName: msKds-UseStartTime
+schemaIDGUID:: fwTcbCL1SreanNlayM39og==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-Version
+attributeID: 1.2.840.113556.1.4.2176
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-Version
+adminDescription: Version number of this root key.
+oMSyntax: 2
+searchFlags: 640
+lDAPDisplayName: msKds-Version
+schemaIDGUID:: QHPw1bDmSh6Xvg0zGL2dsQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-80211-GP-PolicyData,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-net-ieee-80211-GP-PolicyData
+attributeID: 1.2.840.113556.1.4.1952
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 4194304
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-80211-GP-PolicyData
+adminDescription: 
+ This attribute contains all of the settings and data which comprise a group po
+ licy configuration for 802.11 wireless networks.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ms-net-ieee-80211-GP-PolicyData
+schemaIDGUID:: pZUUnHZNjkaZHhQzsKZ4VQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-80211-GP-PolicyGUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-net-ieee-80211-GP-PolicyGUID
+attributeID: 1.2.840.113556.1.4.1951
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-80211-GP-PolicyGUID
+adminDescription: 
+ This attribute contains a GUID which identifies a specific 802.11 group policy
+  object on the domain.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ms-net-ieee-80211-GP-PolicyGUID
+schemaIDGUID:: YnBpNa8ei0SsHjiOC+T97g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-80211-GP-PolicyReserved,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-net-ieee-80211-GP-PolicyReserved
+attributeID: 1.2.840.113556.1.4.1953
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 4194304
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-80211-GP-PolicyReserved
+adminDescription: Reserved for future use
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: ms-net-ieee-80211-GP-PolicyReserved
+schemaIDGUID:: LsZpD44I9U+lOukjzsB8Cg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-8023-GP-PolicyData,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-net-ieee-8023-GP-PolicyData
+attributeID: 1.2.840.113556.1.4.1955
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1048576
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-8023-GP-PolicyData
+adminDescription: 
+ This attribute contains all of the settings and data which comprise a group po
+ licy configuration for 802.3 wired networks.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ms-net-ieee-8023-GP-PolicyData
+schemaIDGUID:: i5SYg1d0kU29TY1+1mnJ9w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-8023-GP-PolicyGUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-net-ieee-8023-GP-PolicyGUID
+attributeID: 1.2.840.113556.1.4.1954
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-8023-GP-PolicyGUID
+adminDescription: 
+ This attribute contains a GUID which identifies a specific 802.3 group policy 
+ object on the domain.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ms-net-ieee-8023-GP-PolicyGUID
+schemaIDGUID:: WrCnlLK4WU+cJTnmm6oWhA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-8023-GP-PolicyReserved,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-net-ieee-8023-GP-PolicyReserved
+attributeID: 1.2.840.113556.1.4.1956
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1048576
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-8023-GP-PolicyReserved
+adminDescription: Reserved for future use
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: ms-net-ieee-8023-GP-PolicyReserved
+schemaIDGUID:: xyfF0wYm602M/RhCb+7Izg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-AccountCredentials,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-AccountCredentials
+attributeID: 1.2.840.113556.1.4.1894
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+linkID: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-PKI-AccountCredentials
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: Storage of encrypted user credential token blobs for roaming
+oMSyntax: 127
+searchFlags: 640
+lDAPDisplayName: msPKIAccountCredentials
+schemaIDGUID:: RKffuNwx8U6sfIS69++dpw==
+attributeSecurityGUID:: 3kfmkW/ZcEuVV9Y/9PPM2A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Cert-Template-OID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Cert-Template-OID
+attributeID: 1.2.840.113556.1.4.1436
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Cert-Template-OID
+adminDescription: ms-PKI-Cert-Template-OID
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msPKI-Cert-Template-OID
+schemaIDGUID:: asNkMSa6jEaL2sHlzCVnKA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Certificate-Application-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Certificate-Application-Policy
+attributeID: 1.2.840.113556.1.4.1674
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Certificate-Application-Policy
+adminDescription: ms-PKI-Certificate-Application-Policy
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-Certificate-Application-Policy
+schemaIDGUID:: SAXZ2zeqAkKZZoxTe6XOMg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Certificate-Name-Flag,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Certificate-Name-Flag
+attributeID: 1.2.840.113556.1.4.1432
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Certificate-Name-Flag
+adminDescription: ms-PKI-Certificate-Name-Flag
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-Certificate-Name-Flag
+schemaIDGUID:: xN0d6v9gbkGMwBfO5TS85w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Certificate-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Certificate-Policy
+attributeID: 1.2.840.113556.1.4.1439
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Certificate-Policy
+adminDescription: ms-PKI-Certificate-Policy
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-Certificate-Policy
+schemaIDGUID:: RiOUOFvMS0Kn2G/9EgKcXw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Credential-Roaming-Tokens,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Credential-Roaming-Tokens
+attributeID: 1.2.840.113556.1.4.2050
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+linkID: 2162
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Credential-Roaming-Tokens
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: 
+ Storage of encrypted user credential token blobs for roaming.
+oMSyntax: 127
+searchFlags: 128
+lDAPDisplayName: msPKI-CredentialRoamingTokens
+schemaIDGUID:: OFr/txgIsEKBENPRVMl/JA==
+attributeSecurityGUID:: 3kfmkW/ZcEuVV9Y/9PPM2A==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-DPAPIMasterKeys,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-DPAPIMasterKeys
+attributeID: 1.2.840.113556.1.4.1893
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+linkID: 2046
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-PKI-DPAPIMasterKeys
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: Storage of encrypted DPAPI Master Keys for user
+oMSyntax: 127
+searchFlags: 640
+lDAPDisplayName: msPKIDPAPIMasterKeys
+schemaIDGUID:: IzD5szmSfE+5nGdF2Hrbwg==
+attributeSecurityGUID:: 3kfmkW/ZcEuVV9Y/9PPM2A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Enrollment-Flag,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Enrollment-Flag
+attributeID: 1.2.840.113556.1.4.1430
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Enrollment-Flag
+adminDescription: ms-PKI-Enrollment-Flag
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-Enrollment-Flag
+schemaIDGUID:: 2Pde0Sby20auebNOVgvRLA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Enrollment-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Enrollment-Servers
+attributeID: 1.2.840.113556.1.4.2076
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Enrollment-Servers
+adminDescription: 
+ Priority, authentication type, and URI of each certificate enrollment web serv
+ ice.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-Enrollment-Servers
+schemaIDGUID:: j9Mr8tChMkiLKAMxQ4iGpg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Minimal-Key-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Minimal-Key-Size
+attributeID: 1.2.840.113556.1.4.1433
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Minimal-Key-Size
+adminDescription: ms-PKI-Minimal-Key-Size
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-Minimal-Key-Size
+schemaIDGUID:: 9WNq6X9B00a+Utt3A8UD3w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-OID-Attribute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-OID-Attribute
+attributeID: 1.2.840.113556.1.4.1671
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-OID-Attribute
+adminDescription: ms-PKI-OID-Attribute
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-OID-Attribute
+schemaIDGUID:: iBKejChQT0+nBHbQJvJG7w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-OID-CPS,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-OID-CPS
+attributeID: 1.2.840.113556.1.4.1672
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 32768
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-OID-CPS
+adminDescription: ms-PKI-OID-CPS
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-OID-CPS
+schemaIDGUID:: DpRJX5+nUUq7bz1EalTcaw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-OID-LocalizedName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-OID-LocalizedName
+attributeID: 1.2.840.113556.1.4.1712
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-OID-LocalizedName
+adminDescription: ms-PKI-OID-LocalizedName
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-OIDLocalizedName
+schemaIDGUID:: FqhZfQW7ckqXH1wTMfZ1WQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-OID-User-Notice,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-OID-User-Notice
+attributeID: 1.2.840.113556.1.4.1673
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 32768
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-OID-User-Notice
+adminDescription: ms-PKI-OID-User-Notice
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-OID-User-Notice
+schemaIDGUID:: etrEBBThaU6I3uKT8tOzlQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Private-Key-Flag,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Private-Key-Flag
+attributeID: 1.2.840.113556.1.4.1431
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Private-Key-Flag
+adminDescription: ms-PKI-Private-Key-Flag
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-Private-Key-Flag
+schemaIDGUID:: wkqwujUECUeTByg4DnxwAQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-RA-Application-Policies,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-RA-Application-Policies
+attributeID: 1.2.840.113556.1.4.1675
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-RA-Application-Policies
+adminDescription: ms-PKI-RA-Application-Policies
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-RA-Application-Policies
+schemaIDGUID:: v/uRPHNHzUyoe4XVPnvPag==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-RA-Policies,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-RA-Policies
+attributeID: 1.2.840.113556.1.4.1438
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-RA-Policies
+adminDescription: ms-PKI-RA-Policies
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-RA-Policies
+schemaIDGUID:: Iq5G1VEJR02BfhyflvqtRg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-RA-Signature,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-RA-Signature
+attributeID: 1.2.840.113556.1.4.1429
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-RA-Signature
+adminDescription: MS PKI Number Of RA Signature Required In Request
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-RA-Signature
+schemaIDGUID:: S+AX/n2Tfk+ODpKSyNVoPg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-RoamingTimeStamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-RoamingTimeStamp
+attributeID: 1.2.840.113556.1.4.1892
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-PKI-RoamingTimeStamp
+adminDescription: Time stamp for last change to roaming tokens
+oMSyntax: 4
+searchFlags: 640
+lDAPDisplayName: msPKIRoamingTimeStamp
+schemaIDGUID:: rOQXZvGiq0O2DBH70frPBQ==
+attributeSecurityGUID:: 3kfmkW/ZcEuVV9Y/9PPM2A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Site-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Site-Name
+attributeID: 1.2.840.113556.1.4.2077
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Site-Name
+adminDescription: Active Directory site to which the CA machine belongs.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-Site-Name
+schemaIDGUID:: H3HYDPwKJkmksQmwjT1DbA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Supersede-Templates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Supersede-Templates
+attributeID: 1.2.840.113556.1.4.1437
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Supersede-Templates
+adminDescription: ms-PKI-Supersede-Templates
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-Supersede-Templates
+schemaIDGUID:: fa7onVt6HUK15AYfed/V1w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Template-Minor-Revision,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Template-Minor-Revision
+attributeID: 1.2.840.113556.1.4.1435
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Template-Minor-Revision
+adminDescription: ms-PKI-Template-Minor-Revision
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-Template-Minor-Revision
+schemaIDGUID:: bCP1E4QYsUa10EhOOJkNWA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Template-Schema-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Template-Schema-Version
+attributeID: 1.2.840.113556.1.4.1434
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Template-Schema-Version
+adminDescription: ms-PKI-Template-Schema-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-Template-Schema-Version
+schemaIDGUID:: 9ekVDB1JlEWRjzKBOgkdqQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RADIUS-FramedInterfaceId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RADIUS-FramedInterfaceId
+attributeID: 1.2.840.113556.1.4.1913
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 8
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RADIUS-FramedInterfaceId
+adminDescription: 
+ This Attribute indicates the IPv6 interface identifier to be configured for th
+ e user.
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUS-FramedInterfaceId
+schemaIDGUID:: I0ryplzWZU2mTzX7aHPCuQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RADIUS-FramedIpv6Prefix,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RADIUS-FramedIpv6Prefix
+attributeID: 1.2.840.113556.1.4.1915
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RADIUS-FramedIpv6Prefix
+adminDescription: 
+ This Attribute indicates an IPv6 prefix (and corresponding route) to be config
+ ured for the user.
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUS-FramedIpv6Prefix
+schemaIDGUID:: ENY+9nzWTUmHvs0eJDWaOA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RADIUS-FramedIpv6Route,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RADIUS-FramedIpv6Route
+attributeID: 1.2.840.113556.1.4.1917
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 4096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RADIUS-FramedIpv6Route
+adminDescription: 
+ This Attribute provides routing information to be configured for the user on t
+ he NAS.
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUS-FramedIpv6Route
+schemaIDGUID:: BKhaWoMwY0iU5QGKeaIuwA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RADIUS-SavedFramedInterfaceId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RADIUS-SavedFramedInterfaceId
+attributeID: 1.2.840.113556.1.4.1914
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 8
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RADIUS-SavedFramedInterfaceId
+adminDescription: 
+ This Attribute indicates the IPv6 interface identifier to be configured for th
+ e user.
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUS-SavedFramedInterfaceId
+schemaIDGUID:: iXLapKOS5UK2ttrRbSgKyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RADIUS-SavedFramedIpv6Prefix,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RADIUS-SavedFramedIpv6Prefix
+attributeID: 1.2.840.113556.1.4.1916
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RADIUS-SavedFramedIpv6Prefix
+adminDescription: 
+ This Attribute indicates an IPv6 prefix (and corresponding route) to be config
+ ured for the user.
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUS-SavedFramedIpv6Prefix
+schemaIDGUID:: YqBlCeGxO0C0jVwOsOlSzA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RADIUS-SavedFramedIpv6Route,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RADIUS-SavedFramedIpv6Route
+attributeID: 1.2.840.113556.1.4.1918
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 4096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RADIUS-SavedFramedIpv6Route
+adminDescription: 
+ This Attribute provides routing information to be configured for the user on t
+ he NAS.
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUS-SavedFramedIpv6Route
+schemaIDGUID:: XLtmlp3fQU20Ny7sfifJsw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RRAS-Attribute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RRAS-Attribute
+attributeID: 1.2.840.113556.1.4.884
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RRAS-Attribute
+adminDescription: ms-RRAS-Attribute
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msRRASAttribute
+schemaIDGUID:: rZib842T0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RRAS-Vendor-Attribute-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RRAS-Vendor-Attribute-Entry
+attributeID: 1.2.840.113556.1.4.883
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RRAS-Vendor-Attribute-Entry
+adminDescription: ms-RRAS-Vendor-Attribute-Entry
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msRRASVendorAttributeEntry
+schemaIDGUID:: rJib842T0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Config-License,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-Config-License
+attributeID: 1.2.840.113556.1.4.2087
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 5242880
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-Config-License
+adminDescription: 
+ Product-key configuration license used during online/phone activation of the A
+ ctive Directory forest
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msSPP-ConfigLicense
+schemaIDGUID:: tcRTA5nRsECzxd6zL9nsBg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Confirmation-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-Confirmation-Id
+attributeID: 1.2.840.113556.1.4.2084
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-Confirmation-Id
+adminDescription: 
+ Confirmation ID (CID) used for phone activation of the Active Directory forest
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSPP-ConfirmationId
+schemaIDGUID:: xJeHbtqsSUqHQLC9Bam4MQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-CSVLK-Partial-Product-Key,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-CSVLK-Partial-Product-Key
+attributeID: 1.2.840.113556.1.4.2106
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 5
+rangeUpper: 5
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-CSVLK-Partial-Product-Key
+adminDescription: 
+ Last 5 characters of CSVLK product-key used to create the Activation Object
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSPP-CSVLKPartialProductKey
+schemaIDGUID:: kbABplKGOkWzhoetI5t8CA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-CSVLK-Pid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-CSVLK-Pid
+attributeID: 1.2.840.113556.1.4.2105
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-CSVLK-Pid
+adminDescription: ID of CSVLK product-key used to create the Activation Object
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSPP-CSVLKPid
+schemaIDGUID:: DVF/tFBr4Ue1VncseeT/xA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-CSVLK-Sku-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-CSVLK-Sku-Id
+attributeID: 1.2.840.113556.1.4.2081
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-CSVLK-Sku-Id
+adminDescription: 
+ SKU ID of CSVLK product-key used to create the Activation Object
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msSPP-CSVLKSkuId
+schemaIDGUID:: OfeElnh7bUeNdDGtdpLu9A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Installation-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-Installation-Id
+attributeID: 1.2.840.113556.1.4.2083
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-Installation-Id
+adminDescription: 
+ Installation ID (IID) used for phone activation of the Active Directory forest
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSPP-InstallationId
+schemaIDGUID:: FLG/aXtAOUeiE8ZjgCs+Nw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Issuance-License,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-Issuance-License
+attributeID: 1.2.840.113556.1.4.2088
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 5242880
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-Issuance-License
+adminDescription: 
+ Issuance license used during online/phone activation of the Active Directory f
+ orest
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msSPP-IssuanceLicense
+schemaIDGUID:: obN1EK+70kmujcTyXIIzAw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-KMS-Ids,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-KMS-Ids
+attributeID: 1.2.840.113556.1.4.2082
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-KMS-Ids
+adminDescription: KMS IDs enabled by the Activation Object
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msSPP-KMSIds
+schemaIDGUID:: 2j5mm0I11kad8DFAJa8rrA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Online-License,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-Online-License
+attributeID: 1.2.840.113556.1.4.2085
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 5242880
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-Online-License
+adminDescription: 
+ License used during online activation of the Active Directory forest
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msSPP-OnlineLicense
+schemaIDGUID:: jjaPCRJIzUivt6E2uWgH7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Phone-License,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-Phone-License
+attributeID: 1.2.840.113556.1.4.2086
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 5242880
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-Phone-License
+adminDescription: 
+ License used during phone activation of the Active Directory forest
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msSPP-PhoneLicense
+schemaIDGUID:: EtnkZ2LzUkCMeUL0W6eyIQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Alias,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Alias
+attributeID: 1.2.840.113556.1.4.1395
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Alias
+adminDescription: MS-SQL-Alias
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: mS-SQL-Alias
+schemaIDGUID:: rrrG4O7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-AllowAnonymousSubscription,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-AllowAnonymousSubscription
+attributeID: 1.2.840.113556.1.4.1394
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-AllowAnonymousSubscription
+adminDescription: MS-SQL-AllowAnonymousSubscription
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-AllowAnonymousSubscription
+schemaIDGUID:: Sr532+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-AllowImmediateUpdatingSubscription,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-AllowImmediateUpdatingSubscription
+attributeID: 1.2.840.113556.1.4.1404
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-AllowImmediateUpdatingSubscription
+adminDescription: MS-SQL-AllowImmediateUpdatingSubscription
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-AllowImmediateUpdatingSubscription
+schemaIDGUID:: bmsYxEvT0hGZmgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-AllowKnownPullSubscription,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-AllowKnownPullSubscription
+attributeID: 1.2.840.113556.1.4.1403
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-AllowKnownPullSubscription
+adminDescription: MS-SQL-AllowKnownPullSubscription
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-AllowKnownPullSubscription
+schemaIDGUID:: VHC7w0vT0hGZmgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-AllowQueuedUpdatingSubscription,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-AllowQueuedUpdatingSubscription
+attributeID: 1.2.840.113556.1.4.1405
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-AllowQueuedUpdatingSubscription
+adminDescription: MS-SQL-AllowQueuedUpdatingSubscription
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-AllowQueuedUpdatingSubscription
+schemaIDGUID:: gMpYxEvT0hGZmgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-AllowSnapshotFilesFTPDownloading,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-AllowSnapshotFilesFTPDownloading
+attributeID: 1.2.840.113556.1.4.1406
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-AllowSnapshotFilesFTPDownloading
+adminDescription: MS-SQL-AllowSnapshotFilesFTPDownloading
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-AllowSnapshotFilesFTPDownloading
+schemaIDGUID:: 6IubxEvT0hGZmgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-AppleTalk,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-AppleTalk
+attributeID: 1.2.840.113556.1.4.1378
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-AppleTalk
+adminDescription: MS-SQL-AppleTalk
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-AppleTalk
+schemaIDGUID:: 9Inaj+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Applications,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Applications
+attributeID: 1.2.840.113556.1.4.1400
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Applications
+adminDescription: MS-SQL-Applications
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Applications
+schemaIDGUID:: 6qLN++7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Build,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Build
+attributeID: 1.2.840.113556.1.4.1368
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Build
+adminDescription: MS-SQL-Build
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Build
+schemaIDGUID:: xJQ+YO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-CharacterSet,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-CharacterSet
+attributeID: 1.2.840.113556.1.4.1370
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-CharacterSet
+adminDescription: MS-SQL-CharacterSet
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mS-SQL-CharacterSet
+schemaIDGUID:: pndhae7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Clustered,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Clustered
+attributeID: 1.2.840.113556.1.4.1373
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Clustered
+adminDescription: MS-SQL-Clustered
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Clustered
+schemaIDGUID:: kL14d+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-ConnectionURL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-ConnectionURL
+attributeID: 1.2.840.113556.1.4.1383
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-ConnectionURL
+adminDescription: MS-SQL-ConnectionURL
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-ConnectionURL
+schemaIDGUID:: 2iMtqe7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Contact,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Contact
+attributeID: 1.2.840.113556.1.4.1365
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Contact
+adminDescription: MS-SQL-Contact
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Contact
+schemaIDGUID:: 2L1sT+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-CreationDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-CreationDate
+attributeID: 1.2.840.113556.1.4.1397
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-CreationDate
+adminDescription: MS-SQL-CreationDate
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-CreationDate
+schemaIDGUID:: VEfh7e7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Database,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Database
+attributeID: 1.2.840.113556.1.4.1393
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Database
+adminDescription: MS-SQL-Database
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: mS-SQL-Database
+schemaIDGUID:: 3Nug1e7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Description
+attributeID: 1.2.840.113556.1.4.1390
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Description
+adminDescription: MS-SQL-Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Description
+schemaIDGUID:: PGCGg+/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-GPSHeight,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-GPSHeight
+attributeID: 1.2.840.113556.1.4.1387
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-GPSHeight
+adminDescription: MS-SQL-GPSHeight
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-GPSHeight
+schemaIDGUID:: Dk/dvO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-GPSLatitude,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-GPSLatitude
+attributeID: 1.2.840.113556.1.4.1385
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-GPSLatitude
+adminDescription: MS-SQL-GPSLatitude
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-GPSLatitude
+schemaIDGUID:: Droisu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-GPSLongitude,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-GPSLongitude
+attributeID: 1.2.840.113556.1.4.1386
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-GPSLongitude
+adminDescription: MS-SQL-GPSLongitude
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-GPSLongitude
+schemaIDGUID:: lHxXt+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-InformationDirectory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-InformationDirectory
+attributeID: 1.2.840.113556.1.4.1392
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-InformationDirectory
+adminDescription: MS-SQL-InformationDirectory
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-InformationDirectory
+schemaIDGUID:: Ltuu0O7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-InformationURL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-InformationURL
+attributeID: 1.2.840.113556.1.4.1382
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-InformationURL
+adminDescription: MS-SQL-InformationURL
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-InformationURL
+schemaIDGUID:: ENUspO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Keywords,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Keywords
+attributeID: 1.2.840.113556.1.4.1401
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Keywords
+adminDescription: MS-SQL-Keywords
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Keywords
+schemaIDGUID:: iqnpAe/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Language,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Language
+attributeID: 1.2.840.113556.1.4.1389
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Language
+adminDescription: MS-SQL-Language
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Language
+schemaIDGUID:: 9HJ/xe7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-LastBackupDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-LastBackupDate
+attributeID: 1.2.840.113556.1.4.1398
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-LastBackupDate
+adminDescription: MS-SQL-LastBackupDate
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-LastBackupDate
+schemaIDGUID:: yqu28u7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-LastDiagnosticDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-LastDiagnosticDate
+attributeID: 1.2.840.113556.1.4.1399
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-LastDiagnosticDate
+adminDescription: MS-SQL-LastDiagnosticDate
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-LastDiagnosticDate
+schemaIDGUID:: iN3W9u7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-LastUpdatedDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-LastUpdatedDate
+attributeID: 1.2.840.113556.1.4.1381
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-LastUpdatedDate
+adminDescription: MS-SQL-LastUpdatedDate
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-LastUpdatedDate
+schemaIDGUID:: 1EPMn+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Location
+attributeID: 1.2.840.113556.1.4.1366
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Location
+adminDescription: MS-SQL-Location
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Location
+schemaIDGUID:: RJYcVu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Memory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Memory
+attributeID: 1.2.840.113556.1.4.1367
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Memory
+adminDescription: MS-SQL-Memory
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Memory
+schemaIDGUID:: jERdW+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-MultiProtocol,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-MultiProtocol
+attributeID: 1.2.840.113556.1.4.1375
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-MultiProtocol
+adminDescription: MS-SQL-MultiProtocol
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-MultiProtocol
+schemaIDGUID:: OPpXge7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Name
+attributeID: 1.2.840.113556.1.4.1363
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Name
+adminDescription: MS-SQL-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: mS-SQL-Name
+schemaIDGUID:: 2N8yNe7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-NamedPipe,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-NamedPipe
+attributeID: 1.2.840.113556.1.4.1374
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-NamedPipe
+adminDescription: MS-SQL-NamedPipe
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-NamedPipe
+schemaIDGUID:: QMiRe+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-PublicationURL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-PublicationURL
+attributeID: 1.2.840.113556.1.4.1384
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-PublicationURL
+adminDescription: MS-SQL-PublicationURL
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-PublicationURL
+schemaIDGUID:: uBEMru7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Publisher,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Publisher
+attributeID: 1.2.840.113556.1.4.1402
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Publisher
+adminDescription: MS-SQL-Publisher
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Publisher
+schemaIDGUID:: WGhnwUvT0hGZmgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-RegisteredOwner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-RegisteredOwner
+attributeID: 1.2.840.113556.1.4.1364
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-RegisteredOwner
+adminDescription: MS-SQL-RegisteredOwner
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-RegisteredOwner
+schemaIDGUID:: 6kT9SO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-ServiceAccount,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-ServiceAccount
+attributeID: 1.2.840.113556.1.4.1369
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-ServiceAccount
+adminDescription: MS-SQL-ServiceAccount
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-ServiceAccount
+schemaIDGUID:: PjqTZO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Size
+attributeID: 1.2.840.113556.1.4.1396
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Size
+adminDescription: MS-SQL-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Size
+schemaIDGUID:: hIAJ6e7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-SortOrder,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-SortOrder
+attributeID: 1.2.840.113556.1.4.1371
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-SortOrder
+adminDescription: MS-SQL-SortOrder
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-SortOrder
+schemaIDGUID:: wELcbe7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-SPX,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-SPX
+attributeID: 1.2.840.113556.1.4.1376
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-SPX
+adminDescription: MS-SQL-SPX
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-SPX
+schemaIDGUID:: BICwhu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Status,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Status
+attributeID: 1.2.840.113556.1.4.1380
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Status
+adminDescription: MS-SQL-Status
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Status
+schemaIDGUID:: cEd9mu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-TCPIP,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-TCPIP
+attributeID: 1.2.840.113556.1.4.1377
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-TCPIP
+adminDescription: MS-SQL-TCPIP
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-TCPIP
+schemaIDGUID:: pmPCiu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-ThirdParty,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-ThirdParty
+attributeID: 1.2.840.113556.1.4.1407
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-ThirdParty
+adminDescription: MS-SQL-ThirdParty
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-ThirdParty
+schemaIDGUID:: /BHjxEvT0hGZmgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Type
+attributeID: 1.2.840.113556.1.4.1391
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Type
+adminDescription: MS-SQL-Type
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Type
+schemaIDGUID:: qOtIyu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-UnicodeSortOrder,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-UnicodeSortOrder
+attributeID: 1.2.840.113556.1.4.1372
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-UnicodeSortOrder
+adminDescription: MS-SQL-UnicodeSortOrder
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mS-SQL-UnicodeSortOrder
+schemaIDGUID:: ipHccu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Version
+attributeID: 1.2.840.113556.1.4.1388
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Version
+adminDescription: MS-SQL-Version
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: mS-SQL-Version
+schemaIDGUID:: 0MF8wO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Vines,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Vines
+attributeID: 1.2.840.113556.1.4.1379
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Vines
+adminDescription: MS-SQL-Vines
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Vines
+schemaIDGUID:: lGPFlO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TAPI-Conference-Blob,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TAPI-Conference-Blob
+attributeID: 1.2.840.113556.1.4.1700
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msTAPI-ConferenceBlob
+adminDescription: msTAPI-ConferenceBlob
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msTAPI-ConferenceBlob
+schemaIDGUID:: HmDETAFyQUGryD5SmuiIYw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TAPI-Ip-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TAPI-Ip-Address
+attributeID: 1.2.840.113556.1.4.1701
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msTAPI-IpAddress
+adminDescription: msTAPI-IpAddress
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTAPI-IpAddress
+schemaIDGUID:: 99fX744XZ0eH+viha4QFRA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TAPI-Protocol-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TAPI-Protocol-Id
+attributeID: 1.2.840.113556.1.4.1699
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msTAPI-ProtocolId
+adminDescription: msTAPI-ProtocolId
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTAPI-ProtocolId
+schemaIDGUID:: z+vBiV96/UGZyskAsyKZqw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TAPI-Unique-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TAPI-Unique-Identifier
+attributeID: 1.2.840.113556.1.4.1698
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msTAPI-uid
+adminDescription: msTAPI-uid
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTAPI-uid
+schemaIDGUID:: 6uekcLmzQ0aJGObdJHG/1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TPM-Owner-Information-Temp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TPM-Owner-Information-Temp
+attributeID: 1.2.840.113556.1.4.2108
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: TPM-OwnerInformationTemp
+adminDescription: 
+ This attribute contains temporary owner information for a particular TPM.
+oMSyntax: 64
+searchFlags: 640
+lDAPDisplayName: msTPM-OwnerInformationTemp
+schemaIDGUID:: nYCUyBO1+E+IEfT0P1rHvA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TPM-OwnerInformation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TPM-OwnerInformation
+attributeID: 1.2.840.113556.1.4.1966
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: TPM-OwnerInformation
+adminDescription: 
+ This attribute contains the owner information of a particular TPM.
+oMSyntax: 64
+searchFlags: 664
+lDAPDisplayName: msTPM-OwnerInformation
+schemaIDGUID:: bRpOqg1VBU6MNUr8uRep/g==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TPM-Srk-Pub-Thumbprint,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TPM-Srk-Pub-Thumbprint
+attributeID: 1.2.840.113556.1.4.2107
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 20
+showInAdvancedViewOnly: TRUE
+adminDisplayName: TPM-SrkPubThumbprint
+adminDescription: 
+ This attribute contains the thumbprint of the SrkPub corresponding to a partic
+ ular TPM. This helps to index the TPM devices in the directory.
+oMSyntax: 4
+searchFlags: 11
+lDAPDisplayName: msTPM-SrkPubThumbprint
+schemaIDGUID:: 6wbXGXZNokSF1hw0K+O+Nw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TPM-Tpm-Information-For-Computer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TPM-Tpm-Information-For-Computer
+attributeID: 1.2.840.113556.1.4.2109
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2182
+showInAdvancedViewOnly: TRUE
+adminDisplayName: TPM-TpmInformationForComputer
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: This attribute links a Computer object to a TPM object.
+oMSyntax: 127
+searchFlags: 16
+lDAPDisplayName: msTPM-TpmInformationForComputer
+schemaIDGUID:: k3sb6khe1Ua8bE30/aeKNQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TPM-Tpm-Information-For-Computer-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TPM-Tpm-Information-For-Computer-BL
+attributeID: 1.2.840.113556.1.4.2110
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2183
+showInAdvancedViewOnly: TRUE
+adminDisplayName: TPM-TpmInformationForComputerBL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute links a TPM object to the Computer objects associated with it.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msTPM-TpmInformationForComputerBL
+schemaIDGUID:: yYT6FM2OSEO8kW087Ucqtw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Allow-Logon,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Allow-Logon
+attributeID: 1.2.840.113556.1.4.1979
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Allow-Logon
+adminDescription: 
+ Terminal Services Allow Logon specifies whether the user is allowed to log on 
+ to the Terminal Server. The value is 1 if logon is allowed, and 0 if logon is 
+ not allowed.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msTSAllowLogon
+schemaIDGUID:: ZNQMOlS850CTrqZGpuzEtA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Broken-Connection-Action,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Broken-Connection-Action
+attributeID: 1.2.840.113556.1.4.1985
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Broken-Connection-Action
+adminDescription: 
+ Terminal Services Session Broken Connection Action specifies the action to tak
+ e when a Terminal Services session limit is reached. The value is 1 if the cli
+ ent session should be terminated, and 0 if the client session should be discon
+ nected.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msTSBrokenConnectionAction
+schemaIDGUID:: uhv0HARWPkaU1hoSh7csow==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Connect-Client-Drives,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Connect-Client-Drives
+attributeID: 1.2.840.113556.1.4.1986
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Connect-Client-Drives
+adminDescription: 
+ Terminal Services Session Connect Client Drives At Logon specifies whether to 
+ reconnect to mapped client drives at logon. The value is 1 if reconnection is 
+ enabled, and 0 if reconnection is disabled.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msTSConnectClientDrives
+schemaIDGUID:: rypXI90p6kSw+n6EOLmkow==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Connect-Printer-Drives,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Connect-Printer-Drives
+attributeID: 1.2.840.113556.1.4.1987
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Connect-Printer-Drives
+adminDescription: 
+ Terminal Services Session Connect Printer Drives At Logon specifies whether to
+  reconnect to mapped client printers at logon. The value is 1 if reconnection 
+ is enabled, and 0 if reconnection is disabled.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msTSConnectPrinterDrives
+schemaIDGUID:: N6nmjBuHkkyyhdmdQDZoHA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Default-To-Main-Printer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Default-To-Main-Printer
+attributeID: 1.2.840.113556.1.4.1988
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Default-To-Main-Printer
+adminDescription: 
+ Terminal Services Default To Main Printer specifies whether to print automatic
+ ally to the client's default printer. The value is 1 if printing to the client
+ 's default printer is enabled, and 0 if it is disabled.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msTSDefaultToMainPrinter
+schemaIDGUID:: veL/wM/Kx02I1WHp6Vdm9g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Endpoint-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Endpoint-Data
+attributeID: 1.2.840.113556.1.4.2070
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Endpoint-Data
+adminDescription: 
+ This attribute represents the VM Name for machine in TSV deployment.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSEndpointData
+schemaIDGUID:: B8ThQERD80CrQzYlo0pjog==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Endpoint-Plugin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Endpoint-Plugin
+attributeID: 1.2.840.113556.1.4.2072
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Endpoint-Plugin
+adminDescription: 
+ This attribute represents the name of the plugin which handles the orchestrati
+ on.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSEndpointPlugin
+schemaIDGUID:: abUIPB+AWEGxe+Nj1q5pag==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Endpoint-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Endpoint-Type
+attributeID: 1.2.840.113556.1.4.2071
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Endpoint-Type
+adminDescription: 
+ This attribute defines if the machine is a physical machine or a virtual machi
+ ne.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msTSEndpointType
+schemaIDGUID:: gN56N9jixUabzW2d7JOzXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ExpireDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ExpireDate
+attributeID: 1.2.840.113556.1.4.1993
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ExpireDate
+adminDescription: TS Expiration Date
+oMSyntax: 24
+searchFlags: 1
+lDAPDisplayName: msTSExpireDate
+schemaIDGUID:: 9U4AcMMlakSXyJlq6FZndg==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ExpireDate2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ExpireDate2
+attributeID: 1.2.840.113556.1.4.2000
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ExpireDate2
+adminDescription: Expiration date of the second TS per user CAL.
+oMSyntax: 24
+searchFlags: 1
+lDAPDisplayName: msTSExpireDate2
+schemaIDGUID:: cc/fVD+8C0+dWkskdruJJQ==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ExpireDate3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ExpireDate3
+attributeID: 1.2.840.113556.1.4.2003
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ExpireDate3
+adminDescription: Expiration date of the third TS per user CAL.
+oMSyntax: 24
+searchFlags: 1
+lDAPDisplayName: msTSExpireDate3
+schemaIDGUID:: BH+8QXK+MEm9EB80OUEjhw==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ExpireDate4,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ExpireDate4
+attributeID: 1.2.840.113556.1.4.2006
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ExpireDate4
+adminDescription: Expiration date of the fourth TS per user CAL.
+oMSyntax: 24
+searchFlags: 1
+lDAPDisplayName: msTSExpireDate4
+schemaIDGUID:: Q9wRXkogr0+gCGhjYhxvXw==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Home-Directory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Home-Directory
+attributeID: 1.2.840.113556.1.4.1977
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Home-Directory
+adminDescription: 
+ Terminal Services Home Directory specifies the Home directory for the user. Ea
+ ch user on a Terminal Server has a unique home directory. This ensures that ap
+ plication information is stored separately for each user in a multi-user envir
+ onment. To set a home directory on the local computer, specify a local path; f
+ or example, C:\Path. To set a home directory in a network environment, you mus
+ t first set the TerminalServicesHomeDrive property, and then set this property
+  to a UNC path.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSHomeDirectory
+schemaIDGUID:: 8BA1XefEIkG5H6IK3ZDiRg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Home-Drive,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Home-Drive
+attributeID: 1.2.840.113556.1.4.1978
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Home-Drive
+adminDescription: 
+ Terminal Services Home Drive specifies a Home drive for the user. In a network
+  environment, this property is a string containing a drive specification (a dr
+ ive letter followed by a colon) to which the UNC path specified in the Termina
+ lServicesHomeDirectory property is mapped. To set a home directory in a networ
+ k environment, you must first set this property and then set the TerminalServi
+ cesHomeDirectory property.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSHomeDrive
+schemaIDGUID:: 2SQKX/rf2Uysv6BoDANzHg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Initial-Program,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Initial-Program
+attributeID: 1.2.840.113556.1.4.1990
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Initial-Program
+adminDescription: 
+ Terminal Services Session Initial Program specifies the Path and file name of 
+ the application that the user wants to start automatically when the user logs 
+ on to the Terminal Server. To set an initial application to start when the use
+ r logs on, you must first set this property and then set the TerminalServicesW
+ orkDirectory property. If you set only the TerminalServicesInitialProgram prop
+ erty, the application starts in the user's session in the default user directo
+ ry.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSInitialProgram
+schemaIDGUID:: b6wBkmkd+02ALtlVEBCVmQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-LicenseVersion,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-LicenseVersion
+attributeID: 1.2.840.113556.1.4.1994
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-LicenseVersion
+adminDescription: TS License Version
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSLicenseVersion
+schemaIDGUID:: iUrpCi838k2uisZKK8RyeA==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-LicenseVersion2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-LicenseVersion2
+attributeID: 1.2.840.113556.1.4.2001
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-LicenseVersion2
+adminDescription: Version of the second TS per user CAL.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSLicenseVersion2
+schemaIDGUID:: A/ENS5eN2UWtaYXDCAuk5w==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-LicenseVersion3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-LicenseVersion3
+attributeID: 1.2.840.113556.1.4.2004
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-LicenseVersion3
+adminDescription: Version of the third TS per user CAL.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSLicenseVersion3
+schemaIDGUID:: gY+6+KtMc0mjyDptpipeMQ==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-LicenseVersion4,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-LicenseVersion4
+attributeID: 1.2.840.113556.1.4.2007
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-LicenseVersion4
+adminDescription: Version of the fourth TS per user CAL.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSLicenseVersion4
+schemaIDGUID:: l13KcAQjCkmKJ1JnjI0glQ==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ManagingLS,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ManagingLS
+attributeID: 1.2.840.113556.1.4.1995
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ManagingLS
+adminDescription: TS Managing License Server
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSManagingLS
+schemaIDGUID:: R8W887CFLEOawDBFBr8sgw==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ManagingLS2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ManagingLS2
+attributeID: 1.2.840.113556.1.4.2002
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ManagingLS2
+adminDescription: Issuer name of the second TS per user CAL.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSManagingLS2
+schemaIDGUID:: VwefNL1RyE+dZj7O6oolvg==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ManagingLS3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ManagingLS3
+attributeID: 1.2.840.113556.1.4.2005
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ManagingLS3
+adminDescription: Issuer name of the third TS per user CAL.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSManagingLS3
+schemaIDGUID:: wdzV+jAhh0yhGHUyLNZwUA==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ManagingLS4,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ManagingLS4
+attributeID: 1.2.840.113556.1.4.2008
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ManagingLS4
+adminDescription: Issuer name of the fourth TS per user CAL.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSManagingLS4
+schemaIDGUID:: oLaj9wchQEGzBnXLUhcx5Q==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Max-Connection-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Max-Connection-Time
+attributeID: 1.2.840.113556.1.4.1982
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Max-Connection-Time
+adminDescription: 
+ Terminal Services Session maximum Connection Time is Maximum duration, in minu
+ tes, of the Terminal Services session. After the specified number of minutes h
+ ave elapsed, the session can be disconnected or terminated.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msTSMaxConnectionTime
+schemaIDGUID:: 4g6WHWRklU6ngeO1zV+ViA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Max-Disconnection-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Max-Disconnection-Time
+attributeID: 1.2.840.113556.1.4.1981
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Max-Disconnection-Time
+adminDescription: 
+ Terminal Services Session Maximum Disconnection Time is maximum amount of time
+ , in minutes, that a disconnected Terminal Services session remains active on 
+ the Terminal Server. After the specified number of minutes have elapsed, the s
+ ession is terminated.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msTSMaxDisconnectionTime
+schemaIDGUID:: iXBvMthThEe4FEbYU1EQ0g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Max-Idle-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Max-Idle-Time
+attributeID: 1.2.840.113556.1.4.1983
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Max-Idle-Time
+adminDescription: 
+ Terminal Services Session Maximum Idle Time is maximum amount of time, in minu
+ tes, that the Terminal Services session can remain idle. After the specified n
+ umber of minutes have elapsed, the session can be disconnected or terminated.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msTSMaxIdleTime
+schemaIDGUID:: nJ5z/7drDkayIeJQ894PlQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Primary-Desktop,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Primary-Desktop
+attributeID: 1.2.840.113556.1.4.2073
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2170
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Primary-Desktop
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute represents the forward link to user's primary desktop.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msTSPrimaryDesktop
+schemaIDGUID:: lJYlKeQJN0KfcpMG6+Y6sg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Primary-Desktop-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Primary-Desktop-BL
+attributeID: 1.2.840.113556.1.4.2074
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2171
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Primary-Desktop-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: This attribute represents the backward link to user.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msTSPrimaryDesktopBL
+schemaIDGUID:: GNyqndFA0U6iv2ub9H09qg==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Profile-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Profile-Path
+attributeID: 1.2.840.113556.1.4.1976
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Profile-Path
+adminDescription: 
+ Terminal Services Profile Path specifies a roaming or mandatory profile path t
+ o use when the user logs on to the Terminal Server. The profile path is in the
+  following network path format: \\servername\profiles folder name\username
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSProfilePath
+schemaIDGUID:: 2zBc5mwxYECjoDh7CD8JzQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-Property01,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-Property01
+attributeID: 1.2.840.113556.1.4.1991
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-Property01
+adminDescription: Placeholder Terminal Server Property 01
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSProperty01
+schemaIDGUID:: d6mu+lWW10mFPfJ7t6rKDw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-Property02,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-Property02
+attributeID: 1.2.840.113556.1.4.1992
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-Property02
+adminDescription: Placeholder Terminal Server Property 02
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSProperty02
+schemaIDGUID:: rPaGNbdReEmrQvk2RjGY5w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Reconnection-Action,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Reconnection-Action
+attributeID: 1.2.840.113556.1.4.1984
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Reconnection-Action
+adminDescription: 
+ Terminal Services Session Reconnection Action specifies whether to allow recon
+ nection to a disconnected Terminal Services session from any client computer. 
+ The value is 1 if reconnection is allowed from the original client computer on
+ ly, and 0 if reconnection from any client computer is allowed.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msTSReconnectionAction
+schemaIDGUID:: ytduNhg+f0yrrjUaAeS09w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Remote-Control,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Remote-Control
+attributeID: 1.2.840.113556.1.4.1980
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Remote-Control
+adminDescription: 
+ Terminal Services Remote Control specifies the whether to allow remote observa
+ tion or remote control of the user's Terminal Services session. For a descript
+ ion of these values, see the RemoteControl method of the Win32_TSRemoteControl
+ Setting WMI class. 0 - Disable, 1 - EnableInputNotify, 2 - EnableInputNoNotify
+ , 3 - EnableNoInputNotify and 4 - EnableNoInputNoNotify
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msTSRemoteControl
+schemaIDGUID:: JnIXFUKGi0aMSAPd/QBJgg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Secondary-Desktop-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Secondary-Desktop-BL
+attributeID: 1.2.840.113556.1.4.2078
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2173
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Secondary-Desktop-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: This attribute represents the backward link to user.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msTSSecondaryDesktopBL
+schemaIDGUID:: rwexNAqgWkWxOd0aGxLYrw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Secondary-Desktops,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Secondary-Desktops
+attributeID: 1.2.840.113556.1.4.2075
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2172
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Secondary-Desktops
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute represents the array of forward links to user's secondary deskt
+ ops.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msTSSecondaryDesktops
+schemaIDGUID:: mqI69jG74Ui/qwpsWh05wg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Work-Directory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Work-Directory
+attributeID: 1.2.840.113556.1.4.1989
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Work-Directory
+adminDescription: 
+ Terminal Services Session Work Directory specifies the working directory path 
+ for the user. To set an initial application to start when the user logs on to 
+ the Terminal Server, you must first set the TerminalServicesInitialProgram pro
+ perty, and then set this property.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSWorkDirectory
+schemaIDGUID:: ZvZEpzw9yEyDS51Pb2h7iw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TSLS-Property01,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TSLS-Property01
+attributeID: 1.2.840.113556.1.4.2009
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TSLS-Property01
+adminDescription: Placeholder Terminal Server License Server Property 01
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSLSProperty01
+schemaIDGUID:: kDXlhx2XUkqVW0eU0VqErg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TSLS-Property02,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TSLS-Property02
+attributeID: 1.2.840.113556.1.4.2010
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TSLS-Property02
+adminDescription: Placeholder Terminal Server License Server Property 02
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSLSProperty02
+schemaIDGUID:: sHvHR24xL06X8Q1MSPyp3Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Author,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Author
+attributeID: 1.2.840.113556.1.4.1623
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-Author
+adminDescription: ms-WMI-Author
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Author
+schemaIDGUID:: wcBmY3JpZk6zpR1SrQwFRw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-ChangeDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-ChangeDate
+attributeID: 1.2.840.113556.1.4.1624
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-ChangeDate
+adminDescription: ms-WMI-ChangeDate
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-ChangeDate
+schemaIDGUID:: oPfN+UTsN0mnm82RUis6qA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Class
+attributeID: 1.2.840.113556.1.4.1676
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Class
+adminDescription: ms-WMI-Class
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Class
+schemaIDGUID:: X5LBkCRKB0uyAr4y6zyLdA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-ClassDefinition,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-ClassDefinition
+attributeID: 1.2.840.113556.1.4.1625
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-ClassDefinition
+adminDescription: ms-WMI-ClassDefinition
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-ClassDefinition
+schemaIDGUID:: vA6cK3LCy0WZ0k0OaRYy4A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-CreationDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-CreationDate
+attributeID: 1.2.840.113556.1.4.1626
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-CreationDate
+adminDescription: ms-WMI-CreationDate
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-CreationDate
+schemaIDGUID:: LgqLdFEzP0uxcS8XQU6neQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Genus,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Genus
+attributeID: 1.2.840.113556.1.4.1677
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Genus
+adminDescription: ms-WMI-Genus
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-Genus
+schemaIDGUID:: OmfIUFaPFEaTCJ4TQPua8w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-ID
+attributeID: 1.2.840.113556.1.4.1627
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-ID
+adminDescription: ms-WMI-ID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-ID
+schemaIDGUID:: A6g5k7iU90eRI6hTuf9+RQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-int8Default,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-int8Default
+attributeID: 1.2.840.113556.1.4.1632
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-int8Default
+adminDescription: ms-WMI-int8Default
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msWMI-Int8Default
+schemaIDGUID:: WgjY9FuMhUeVm9xYVWbkRQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-int8Max,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-int8Max
+attributeID: 1.2.840.113556.1.4.1633
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-int8Max
+adminDescription: ms-WMI-int8Max
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msWMI-Int8Max
+schemaIDGUID:: R7XY4z0ARkmjK9x87clrdA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-int8Min,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-int8Min
+attributeID: 1.2.840.113556.1.4.1634
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-int8Min
+adminDescription: ms-WMI-int8Min
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msWMI-Int8Min
+schemaIDGUID:: 0YkU7cxUZkCzaKANqiZk8Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-int8ValidValues,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-int8ValidValues
+attributeID: 1.2.840.113556.1.4.1635
+attributeSyntax: 2.5.5.16
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-int8ValidValues
+adminDescription: ms-WMI-int8ValidValues
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msWMI-Int8ValidValues
+schemaIDGUID:: qRk1EALAG0SYGrCz4BLIAw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intDefault,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intDefault
+attributeID: 1.2.840.113556.1.4.1628
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-intDefault
+adminDescription: ms-WMI-intDefault
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-IntDefault
+schemaIDGUID:: +AcMG912YECh4XAIRhnckA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intFlags1,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intFlags1
+attributeID: 1.2.840.113556.1.4.1678
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-intFlags1
+adminDescription: ms-WMI-intFlags1
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-intFlags1
+schemaIDGUID:: uQbgGEVk40idz7Xs+8Tfjg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intFlags2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intFlags2
+attributeID: 1.2.840.113556.1.4.1679
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-intFlags2
+adminDescription: ms-WMI-intFlags2
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-intFlags2
+schemaIDGUID:: yUJaB1rFsUWsk+sIazH2EA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intFlags3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intFlags3
+attributeID: 1.2.840.113556.1.4.1680
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-intFlags3
+adminDescription: ms-WMI-intFlags3
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-intFlags3
+schemaIDGUID:: Nqef8gne5EuyOuc0wSS6zA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intFlags4,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intFlags4
+attributeID: 1.2.840.113556.1.4.1681
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-intFlags4
+adminDescription: ms-WMI-intFlags4
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-intFlags4
+schemaIDGUID:: rKd0vZPEnEy9+lx7EZymsg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intMax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intMax
+attributeID: 1.2.840.113556.1.4.1629
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-intMax
+adminDescription: ms-WMI-intMax
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-IntMax
+schemaIDGUID:: LAyS+5TyJkSKwdJLQqorzg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intMin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intMin
+attributeID: 1.2.840.113556.1.4.1630
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-intMin
+adminDescription: ms-WMI-intMin
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-IntMin
+schemaIDGUID:: uuPCaDeYcEyY4PDDNpXQIw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intValidValues,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intValidValues
+attributeID: 1.2.840.113556.1.4.1631
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-intValidValues
+adminDescription: ms-WMI-intValidValues
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-IntValidValues
+schemaIDGUID:: 9mX1akmnckuWNDxdR+a04A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Mof,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Mof
+attributeID: 1.2.840.113556.1.4.1638
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-Mof
+adminDescription: ms-WMI-Mof
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Mof
+schemaIDGUID:: n4A2Z2QgPkShRYEmKx8TZg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Name
+attributeID: 1.2.840.113556.1.4.1639
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-Name
+adminDescription: ms-WMI-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Name
+schemaIDGUID:: 5azIxoF+r0KtcndBLFlBxA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-NormalizedClass,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-NormalizedClass
+attributeID: 1.2.840.113556.1.4.1640
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-NormalizedClass
+adminDescription: ms-WMI-NormalizedClass
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-NormalizedClass
+schemaIDGUID:: j2K66o7r6U+D/Gk75pVVmw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Parm1,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Parm1
+attributeID: 1.2.840.113556.1.4.1682
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Parm1
+adminDescription: ms-WMI-Parm1
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Parm1
+schemaIDGUID:: hRToJ7Cxi0q+3c4ZqDfibg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Parm2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Parm2
+attributeID: 1.2.840.113556.1.4.1683
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Parm2
+adminDescription: ms-WMI-Parm2
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Parm2
+schemaIDGUID:: jlADAEKcdkqo9Di/ZLqw3g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Parm3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Parm3
+attributeID: 1.2.840.113556.1.4.1684
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Parm3
+adminDescription: ms-WMI-Parm3
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Parm3
+schemaIDGUID:: to+VRb1Szkifn8JxLZ8r/A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Parm4,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Parm4
+attributeID: 1.2.840.113556.1.4.1685
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Parm4
+adminDescription: ms-WMI-Parm4
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Parm4
+schemaIDGUID:: o9UAOM7xgkulmhUo6nlfWQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-PropertyName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-PropertyName
+attributeID: 1.2.840.113556.1.4.1641
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-PropertyName
+adminDescription: ms-WMI-PropertyName
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-PropertyName
+schemaIDGUID:: gwiSq/jnck20oMBEmJdQnQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Query,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Query
+attributeID: 1.2.840.113556.1.4.1642
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-Query
+adminDescription: ms-WMI-Query
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Query
+schemaIDGUID:: Pvn/ZeM1o0WFrodsZxgpfw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-QueryLanguage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-QueryLanguage
+attributeID: 1.2.840.113556.1.4.1643
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-QueryLanguage
+adminDescription: ms-WMI-QueryLanguage
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-QueryLanguage
+schemaIDGUID:: mPo8fXvBVEKL103puTKjRQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-ScopeGuid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-ScopeGuid
+attributeID: 1.2.840.113556.1.4.1686
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-ScopeGuid
+adminDescription: ms-WMI-ScopeGuid
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-ScopeGuid
+schemaIDGUID:: UY23h19Af0uA7SvSh4b0jQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-SourceOrganization,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-SourceOrganization
+attributeID: 1.2.840.113556.1.4.1644
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-SourceOrganization
+adminDescription: ms-WMI-SourceOrganization
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-SourceOrganization
+schemaIDGUID:: bO33NF1hjUGqAFSafXvgPg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-stringDefault,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-stringDefault
+attributeID: 1.2.840.113556.1.4.1636
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-stringDefault
+adminDescription: ms-WMI-stringDefault
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-StringDefault
+schemaIDGUID:: tkIuFcU3VU+rSBYGOEqa6g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-stringValidValues,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-stringValidValues
+attributeID: 1.2.840.113556.1.4.1637
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-stringValidValues
+adminDescription: ms-WMI-stringValidValues
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-StringValidValues
+schemaIDGUID:: MZ1gN7+iWEuPUytk5XoHbQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-TargetClass,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-TargetClass
+attributeID: 1.2.840.113556.1.4.1645
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-TargetClass
+adminDescription: ms-WMI-TargetClass
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-TargetClass
+schemaIDGUID:: 1ti2lejJYUaivGpcq8BMYg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-TargetNameSpace,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-TargetNameSpace
+attributeID: 1.2.840.113556.1.4.1646
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-TargetNameSpace
+adminDescription: ms-WMI-TargetNameSpace
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-TargetNameSpace
+schemaIDGUID:: H7ZKHCA05USEnYtdv2D+tw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-TargetObject,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-TargetObject
+attributeID: 1.2.840.113556.1.4.1647
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-TargetObject
+adminDescription: ms-WMI-TargetObject
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msWMI-TargetObject
+schemaIDGUID:: pWdPxOV9H0qS2WYrVzZLdw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-TargetPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-TargetPath
+attributeID: 1.2.840.113556.1.4.1648
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-TargetPath
+adminDescription: ms-WMI-TargetPath
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-TargetPath
+schemaIDGUID:: mqcGUP5rYUWfUhPPTdPlYA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-TargetType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-TargetType
+attributeID: 1.2.840.113556.1.4.1649
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-TargetType
+adminDescription: ms-WMI-TargetType
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-TargetType
+schemaIDGUID:: Higqyism90+0GbwSM1Kk6Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Mscope-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Mscope-Id
+attributeID: 1.2.840.113556.1.4.716
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Mscope-Id
+adminDescription: Mscope-Id
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: mscopeId
+schemaIDGUID:: USc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Msi-File-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Msi-File-List
+attributeID: 1.2.840.113556.1.4.671
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Msi-File-List
+adminDescription: Msi-File-List
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msiFileList
+schemaIDGUID:: fcv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Msi-Script,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Msi-Script
+attributeID: 1.2.840.113556.1.4.814
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Msi-Script
+adminDescription: Msi-Script
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msiScript
+schemaIDGUID:: E4Ph2TmJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Msi-Script-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Msi-Script-Name
+attributeID: 1.2.840.113556.1.4.845
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Msi-Script-Name
+adminDescription: Msi-Script-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msiScriptName
+schemaIDGUID:: Yt2nlhiR0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Msi-Script-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Msi-Script-Path
+attributeID: 1.2.840.113556.1.4.15
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Msi-Script-Path
+adminDescription: Msi-Script-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msiScriptPath
+schemaIDGUID:: N3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Msi-Script-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Msi-Script-Size
+attributeID: 1.2.840.113556.1.4.846
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Msi-Script-Size
+adminDescription: Msi-Script-Size
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msiScriptSize
+schemaIDGUID:: Y92nlhiR0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Authenticate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Authenticate
+attributeID: 1.2.840.113556.1.4.923
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Authenticate
+adminDescription: MSMQ-Authenticate
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQAuthenticate
+schemaIDGUID:: JsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Base-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Base-Priority
+attributeID: 1.2.840.113556.1.4.920
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Base-Priority
+adminDescription: MSMQ-Base-Priority
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQBasePriority
+schemaIDGUID:: I8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Computer-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Computer-Type
+attributeID: 1.2.840.113556.1.4.933
+attributeSyntax: 2.5.5.4
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Computer-Type
+adminDescription: MSMQ-Computer-Type
+oMSyntax: 20
+searchFlags: 0
+lDAPDisplayName: mSMQComputerType
+schemaIDGUID:: LsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Computer-Type-Ex,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Computer-Type-Ex
+attributeID: 1.2.840.113556.1.4.1417
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Computer-Type-Ex
+adminDescription: MSMQ-Computer-Type-Ex
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mSMQComputerTypeEx
+schemaIDGUID:: 6A0SGMT0QUO9lTLrW898gA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Cost,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Cost
+attributeID: 1.2.840.113556.1.4.946
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Cost
+adminDescription: MSMQ-Cost
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQCost
+schemaIDGUID:: OsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-CSP-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-CSP-Name
+attributeID: 1.2.840.113556.1.4.940
+attributeSyntax: 2.5.5.4
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-CSP-Name
+adminDescription: MSMQ-CSP-Name
+oMSyntax: 20
+searchFlags: 0
+lDAPDisplayName: mSMQCSPName
+schemaIDGUID:: NMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Dependent-Client-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Dependent-Client-Service
+attributeID: 1.2.840.113556.1.4.1239
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Dependent-Client-Service
+adminDescription: MSMQ-Dependent-Client-Service
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQDependentClientService
+schemaIDGUID:: gw35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Dependent-Client-Services,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Dependent-Client-Services
+attributeID: 1.2.840.113556.1.4.1226
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Dependent-Client-Services
+adminDescription: MSMQ-Dependent-Client-Services
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQDependentClientServices
+schemaIDGUID:: dg35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Digests,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Digests
+attributeID: 1.2.840.113556.1.4.948
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Digests
+adminDescription: MSMQ-Digests
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: mSMQDigests
+schemaIDGUID:: PMMNmgDB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Digests-Mig,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Digests-Mig
+attributeID: 1.2.840.113556.1.4.966
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Digests-Mig
+adminDescription: MSMQ-Digests-Mig
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQDigestsMig
+schemaIDGUID:: 4NhxDzva0RGQpQDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Ds-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Ds-Service
+attributeID: 1.2.840.113556.1.4.1238
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Ds-Service
+adminDescription: MSMQ-Ds-Service
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQDsService
+schemaIDGUID:: gg35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Ds-Services,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Ds-Services
+attributeID: 1.2.840.113556.1.4.1228
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Ds-Services
+adminDescription: MSMQ-Ds-Services
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQDsServices
+schemaIDGUID:: eA35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Encrypt-Key,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Encrypt-Key
+attributeID: 1.2.840.113556.1.4.936
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Encrypt-Key
+adminDescription: MSMQ-Encrypt-Key
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQEncryptKey
+schemaIDGUID:: McMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Foreign,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Foreign
+attributeID: 1.2.840.113556.1.4.934
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Foreign
+adminDescription: MSMQ-Foreign
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQForeign
+schemaIDGUID:: L8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-In-Routing-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-In-Routing-Servers
+attributeID: 1.2.840.113556.1.4.929
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-In-Routing-Servers
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-In-Routing-Servers
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQInRoutingServers
+schemaIDGUID:: LMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Interval1,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Interval1
+attributeID: 1.2.840.113556.1.4.1308
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Interval1
+adminDescription: MSMQ-Interval1
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQInterval1
+schemaIDGUID:: qiWojns70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Interval2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Interval2
+attributeID: 1.2.840.113556.1.4.1309
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Interval2
+adminDescription: MSMQ-Interval2
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQInterval2
+schemaIDGUID:: Uo+4mXs70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Journal,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Journal
+attributeID: 1.2.840.113556.1.4.918
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Journal
+adminDescription: MSMQ-Journal
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQJournal
+schemaIDGUID:: IcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Journal-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Journal-Quota
+attributeID: 1.2.840.113556.1.4.921
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Journal-Quota
+adminDescription: MSMQ-Journal-Quota
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQJournalQuota
+schemaIDGUID:: JMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Label,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Label
+attributeID: 1.2.840.113556.1.4.922
+attributeSyntax: 2.5.5.4
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 124
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Label
+adminDescription: MSMQ-Label
+oMSyntax: 20
+searchFlags: 1
+lDAPDisplayName: mSMQLabel
+schemaIDGUID:: JcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Label-Ex,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Label-Ex
+attributeID: 1.2.840.113556.1.4.1415
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 124
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Label-Ex
+adminDescription: MSMQ-Label-Ex
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: mSMQLabelEx
+schemaIDGUID:: Ja2ARQfU0kitJEPm5WeT1w==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Long-Lived,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Long-Lived
+attributeID: 1.2.840.113556.1.4.941
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Long-Lived
+adminDescription: MSMQ-Long-Lived
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQLongLived
+schemaIDGUID:: NcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Migrated,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Migrated
+attributeID: 1.2.840.113556.1.4.952
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Migrated
+adminDescription: MSMQ-Migrated
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQMigrated
+schemaIDGUID:: P8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Multicast-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Multicast-Address
+attributeID: 1.2.840.113556.1.4.1714
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 9
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Multicast-Address
+adminDescription: MSMQ-Multicast-Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: MSMQ-MulticastAddress
+schemaIDGUID:: EkQvHQ3xN0ObSG5bElzSZQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Name-Style,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Name-Style
+attributeID: 1.2.840.113556.1.4.939
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Name-Style
+adminDescription: MSMQ-Name-Style
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQNameStyle
+schemaIDGUID:: M8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Nt4-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Nt4-Flags
+attributeID: 1.2.840.113556.1.4.964
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Nt4-Flags
+adminDescription: MSMQ-Nt4-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQNt4Flags
+schemaIDGUID:: WKE463/V0RGQogDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Nt4-Stub,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Nt4-Stub
+attributeID: 1.2.840.113556.1.4.960
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Nt4-Stub
+adminDescription: MSMQ-Nt4-Stub
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQNt4Stub
+schemaIDGUID:: 5kuRb37V0RGQogDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-OS-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-OS-Type
+attributeID: 1.2.840.113556.1.4.935
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-OS-Type
+adminDescription: MSMQ-OS-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQOSType
+schemaIDGUID:: MMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Out-Routing-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Out-Routing-Servers
+attributeID: 1.2.840.113556.1.4.928
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Out-Routing-Servers
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-Out-Routing-Servers
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQOutRoutingServers
+schemaIDGUID:: K8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Owner-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Owner-ID
+attributeID: 1.2.840.113556.1.4.925
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Owner-ID
+adminDescription: MSMQ-Owner-ID
+oMSyntax: 4
+searchFlags: 9
+lDAPDisplayName: mSMQOwnerID
+schemaFlagsEx: 1
+schemaIDGUID:: KMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Prev-Site-Gates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Prev-Site-Gates
+attributeID: 1.2.840.113556.1.4.1225
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Prev-Site-Gates
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-Prev-Site-Gates
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQPrevSiteGates
+schemaIDGUID:: dQ35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Privacy-Level,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Privacy-Level
+attributeID: 1.2.840.113556.1.4.924
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Privacy-Level
+adminDescription: MSMQ-Privacy-Level
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: mSMQPrivacyLevel
+schemaIDGUID:: J8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-QM-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-QM-ID
+attributeID: 1.2.840.113556.1.4.951
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-QM-ID
+adminDescription: MSMQ-QM-ID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQQMID
+schemaIDGUID:: PsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Queue-Journal-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Queue-Journal-Quota
+attributeID: 1.2.840.113556.1.4.963
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Queue-Journal-Quota
+adminDescription: MSMQ-Queue-Journal-Quota
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQQueueJournalQuota
+schemaIDGUID:: ZhJEjn/V0RGQogDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Queue-Name-Ext,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Queue-Name-Ext
+attributeID: 1.2.840.113556.1.4.1243
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 92
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Queue-Name-Ext
+adminDescription: MSMQ-Queue-Name-Ext
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mSMQQueueNameExt
+schemaIDGUID:: hw35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Queue-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Queue-Quota
+attributeID: 1.2.840.113556.1.4.962
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Queue-Quota
+adminDescription: MSMQ-Queue-Quota
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQQueueQuota
+schemaIDGUID:: Eo5rP3/V0RGQogDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Queue-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Queue-Type
+attributeID: 1.2.840.113556.1.4.917
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Queue-Type
+adminDescription: MSMQ-Queue-Type
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: mSMQQueueType
+schemaIDGUID:: IMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Quota
+attributeID: 1.2.840.113556.1.4.919
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Quota
+adminDescription: MSMQ-Quota
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQQuota
+schemaIDGUID:: IsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Recipient-FormatName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Recipient-FormatName
+attributeID: 1.2.840.113556.1.4.1695
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Recipient-FormatName
+adminDescription: MSMQ-Recipient-FormatName
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msMQ-Recipient-FormatName
+schemaIDGUID:: SGf+O0S1WkiwZxsxDEM0vw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Routing-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Routing-Service
+attributeID: 1.2.840.113556.1.4.1237
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Routing-Service
+adminDescription: MSMQ-Routing-Service
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQRoutingService
+schemaIDGUID:: gQ35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Routing-Services,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Routing-Services
+attributeID: 1.2.840.113556.1.4.1227
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Routing-Services
+adminDescription: MSMQ-Routing-Services
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQRoutingServices
+schemaIDGUID:: dw35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Secured-Source,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Secured-Source
+attributeID: 1.2.840.113556.1.4.1713
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Secured-Source
+adminDescription: MSMQ-Secured-Source
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: MSMQ-SecuredSource
+schemaIDGUID:: GyLwiwZ6Y02R8BSZlBgT0w==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Service-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Service-Type
+attributeID: 1.2.840.113556.1.4.930
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Service-Type
+adminDescription: MSMQ-Service-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQServiceType
+schemaIDGUID:: LcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Services,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Services
+attributeID: 1.2.840.113556.1.4.950
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Services
+adminDescription: MSMQ-Services
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQServices
+schemaIDGUID:: PcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Sign-Certificates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Sign-Certificates
+attributeID: 1.2.840.113556.1.4.947
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1048576
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Sign-Certificates
+adminDescription: MSMQ-Sign-Certificates
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQSignCertificates
+schemaIDGUID:: O8MNmgDB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Sign-Certificates-Mig,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Sign-Certificates-Mig
+attributeID: 1.2.840.113556.1.4.967
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1048576
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Sign-Certificates-Mig
+adminDescription: MSMQ-Sign-Certificates-Mig
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQSignCertificatesMig
+schemaIDGUID:: 6riBODva0RGQpQDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Sign-Key,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Sign-Key
+attributeID: 1.2.840.113556.1.4.937
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Sign-Key
+adminDescription: MSMQ-Sign-Key
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQSignKey
+schemaIDGUID:: MsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-1,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-1
+attributeID: 1.2.840.113556.1.4.943
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-1
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-Site-1
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQSite1
+schemaIDGUID:: N8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-2
+attributeID: 1.2.840.113556.1.4.944
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-2
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-Site-2
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQSite2
+schemaIDGUID:: OMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-Foreign,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-Foreign
+attributeID: 1.2.840.113556.1.4.961
+attributeSyntax: 2.5.5.8
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-Foreign
+adminDescription: MSMQ-Site-Foreign
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQSiteForeign
+schemaIDGUID:: ip0S/X7V0RGQogDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-Gates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-Gates
+attributeID: 1.2.840.113556.1.4.945
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-Gates
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-Site-Gates
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQSiteGates
+schemaIDGUID:: OcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-Gates-Mig,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-Gates-Mig
+attributeID: 1.2.840.113556.1.4.1310
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-Gates-Mig
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-Site-Gates-Mig
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQSiteGatesMig
+schemaIDGUID:: Ukhw4ns70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-ID
+attributeID: 1.2.840.113556.1.4.953
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-ID
+adminDescription: MSMQ-Site-ID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQSiteID
+schemaIDGUID:: QMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-Name
+attributeID: 1.2.840.113556.1.4.965
+attributeSyntax: 2.5.5.4
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-Name
+adminDescription: MSMQ-Site-Name
+oMSyntax: 20
+searchFlags: 0
+lDAPDisplayName: mSMQSiteName
+schemaIDGUID:: srSt/zne0RGQpQDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-Name-Ex,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-Name-Ex
+attributeID: 1.2.840.113556.1.4.1416
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-Name-Ex
+adminDescription: MSMQ-Site-Name-Ex
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mSMQSiteNameEx
+schemaIDGUID:: +kQhQn/BSUaU1pcx7SeE7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Sites,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Sites
+attributeID: 1.2.840.113556.1.4.927
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Sites
+adminDescription: MSMQ-Sites
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQSites
+schemaIDGUID:: KsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Transactional,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Transactional
+attributeID: 1.2.840.113556.1.4.926
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Transactional
+adminDescription: MSMQ-Transactional
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQTransactional
+schemaIDGUID:: KcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-User-Sid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-User-Sid
+attributeID: 1.2.840.113556.1.4.1337
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-User-Sid
+adminDescription: MSMQ-User-Sid
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQUserSid
+schemaIDGUID:: Mq6KxflW0hGQ0ADAT9kasQ==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Version
+attributeID: 1.2.840.113556.1.4.942
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Version
+adminDescription: MSMQ-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQVersion
+schemaIDGUID:: NsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msNPAllowDialin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msNPAllowDialin
+attributeID: 1.2.840.113556.1.4.1119
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msNPAllowDialin
+adminDescription: msNPAllowDialin
+oMSyntax: 1
+searchFlags: 16
+lDAPDisplayName: msNPAllowDialin
+schemaIDGUID:: hZAM2/LB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msNPCalledStationID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msNPCalledStationID
+attributeID: 1.2.840.113556.1.4.1123
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msNPCalledStationID
+adminDescription: msNPCalledStationID
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: msNPCalledStationID
+schemaIDGUID:: iZAM2/LB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msNPCallingStationID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msNPCallingStationID
+attributeID: 1.2.840.113556.1.4.1124
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msNPCallingStationID
+adminDescription: msNPCallingStationID
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msNPCallingStationID
+schemaIDGUID:: ipAM2/LB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msNPSavedCallingStationID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msNPSavedCallingStationID
+attributeID: 1.2.840.113556.1.4.1130
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msNPSavedCallingStationID
+adminDescription: msNPSavedCallingStationID
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msNPSavedCallingStationID
+schemaIDGUID:: jpAM2/LB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRADIUSCallbackNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRADIUSCallbackNumber
+attributeID: 1.2.840.113556.1.4.1145
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRADIUSCallbackNumber
+adminDescription: msRADIUSCallbackNumber
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUSCallbackNumber
+schemaIDGUID:: nJAM2/LB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRADIUSFramedIPAddress,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRADIUSFramedIPAddress
+attributeID: 1.2.840.113556.1.4.1153
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRADIUSFramedIPAddress
+adminDescription: msRADIUSFramedIPAddress
+oMSyntax: 2
+searchFlags: 16
+lDAPDisplayName: msRADIUSFramedIPAddress
+schemaIDGUID:: pJAM2/LB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRADIUSFramedRoute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRADIUSFramedRoute
+attributeID: 1.2.840.113556.1.4.1158
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRADIUSFramedRoute
+adminDescription: msRADIUSFramedRoute
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUSFramedRoute
+schemaIDGUID:: qZAM2/LB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRADIUSServiceType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRADIUSServiceType
+attributeID: 1.2.840.113556.1.4.1171
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRADIUSServiceType
+adminDescription: msRADIUSServiceType
+oMSyntax: 2
+searchFlags: 16
+lDAPDisplayName: msRADIUSServiceType
+schemaIDGUID:: tpAM2/LB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRASSavedCallbackNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRASSavedCallbackNumber
+attributeID: 1.2.840.113556.1.4.1189
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRASSavedCallbackNumber
+adminDescription: msRASSavedCallbackNumber
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRASSavedCallbackNumber
+schemaIDGUID:: xZAM2/LB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRASSavedFramedIPAddress,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRASSavedFramedIPAddress
+attributeID: 1.2.840.113556.1.4.1190
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRASSavedFramedIPAddress
+adminDescription: msRASSavedFramedIPAddress
+oMSyntax: 2
+searchFlags: 16
+lDAPDisplayName: msRASSavedFramedIPAddress
+schemaIDGUID:: xpAM2/LB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRASSavedFramedRoute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRASSavedFramedRoute
+attributeID: 1.2.840.113556.1.4.1191
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRASSavedFramedRoute
+adminDescription: msRASSavedFramedRoute
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRASSavedFramedRoute
+schemaIDGUID:: x5AM2/LB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Aliases,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Aliases
+attributeID: 1.2.840.113556.1.6.18.1.323
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 153600
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Aliases
+adminDescription: part of the NIS mail map
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: msSFU30Aliases
+schemaIDGUID:: cfHrIJrGMUyyndy4N9iRLQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Crypt-Method,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Crypt-Method
+attributeID: 1.2.840.113556.1.6.18.1.352
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Crypt-Method
+adminDescription: 
+ used to store the method used for encrypting the UNIX passwords, either MD5 or
+  crypt.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: msSFU30CryptMethod
+schemaIDGUID:: o9IDRXA9uEGwd9/xI8FYZQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Domains,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Domains
+attributeID: 1.2.840.113556.1.6.18.1.340
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 256000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Domains
+adminDescription: 
+ stores the list of UNIX NIS domains migrated to the same AD NIS domain
+oMSyntax: 22
+searchFlags: 1
+lDAPDisplayName: msSFU30Domains
+schemaIDGUID:: 014JkzBv3Uu3NGXVafX3yQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Field-Separator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Field-Separator
+attributeID: 1.2.840.113556.1.6.18.1.302
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 50
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Field-Separator
+adminDescription: stores Field Separator for each NIS map
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30FieldSeparator
+schemaIDGUID:: QhrhooHnoUyn+uwwf2K2oQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Intra-Field-Separator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Intra-Field-Separator
+attributeID: 1.2.840.113556.1.6.18.1.303
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 50
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Intra-Field-Separator
+adminDescription: 
+ This attribute stores intra field separators for each NIS map
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30IntraFieldSeparator
+schemaIDGUID:: 8K6yleQnuUyICqLZqeojuA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Is-Valid-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Is-Valid-Container
+attributeID: 1.2.840.113556.1.6.18.1.350
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Is-Valid-Container
+adminDescription: 
+ internal to Server for NIS and stores whether the current search root is valid
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: msSFU30IsValidContainer
+schemaIDGUID:: 9ULqDY0nV0G0p0m1lmSRWw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Key-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Key-Attributes
+attributeID: 1.2.840.113556.1.6.18.1.301
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Key-Attributes
+adminDescription: 
+ stores the names of the attributes which the Server for NIS will use as keys t
+ o search a map
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30KeyAttributes
+schemaIDGUID:: mNbsMp7OlEihNHrXawgugw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Key-Values,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Key-Values
+attributeID: 1.2.840.113556.1.6.18.1.324
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 10240
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Key-Values
+adminDescription: 
+ This attribute is internal to Server for NIS and is used as a scratch pad
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: msSFU30KeyValues
+schemaIDGUID:: NQKDN+nl8kaSK9jUTwPnrg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Map-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Map-Filter
+attributeID: 1.2.840.113556.1.6.18.1.306
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Map-Filter
+adminDescription: 
+ stores a string containing map keys, domain name and so on. The string is used
+  to filter data in a map
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30MapFilter
+schemaIDGUID:: AW6xt08CI06tDXHxpAa2hA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Master-Server-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Master-Server-Name
+attributeID: 1.2.840.113556.1.6.18.1.307
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Master-Server-Name
+adminDescription: 
+ The value in this container is returned when Server for NIS processes a yp_mas
+ ter API call
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msSFU30MasterServerName
+schemaIDGUID:: ogjJTBieDkGEWfF8xCICCg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Max-Gid-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Max-Gid-Number
+attributeID: 1.2.840.113556.1.6.18.1.342
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Max-Gid-Number
+adminDescription: stores the maximum number of groups migrated to a NIS domain
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: msSFU30MaxGidNumber
+schemaIDGUID:: pmruBDv4mka/WjwA02NGaQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Max-Uid-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Max-Uid-Number
+attributeID: 1.2.840.113556.1.6.18.1.343
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Max-Uid-Number
+adminDescription: stores the maximum number of users migrated to a NIS domain
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: msSFU30MaxUidNumber
+schemaIDGUID:: N4SZ7ETZKEqFACF1iK38dQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Name
+attributeID: 1.2.840.113556.1.6.18.1.309
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Name
+adminDescription: stores the name of a map
+oMSyntax: 22
+searchFlags: 1
+lDAPDisplayName: msSFU30Name
+schemaIDGUID:: 09HFFsI1YUCocKXO/agE8A==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Netgroup-Host-At-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Netgroup-Host-At-Domain
+attributeID: 1.2.840.113556.1.6.18.1.348
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Netgroup-Host-At-Domain
+adminDescription: 
+ Part of the netgroup map.This attribute represents computed strings such as ho
+ st@domain
+oMSyntax: 22
+searchFlags: 1
+lDAPDisplayName: msSFU30NetgroupHostAtDomain
+schemaIDGUID:: Zb/Sl2YEUkiiWuwg9X7jbA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Netgroup-User-At-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Netgroup-User-At-Domain
+attributeID: 1.2.840.113556.1.6.18.1.349
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Netgroup-User-At-Domain
+adminDescription: 
+ Part of the netgroup map.This attribute represents computed strings such as us
+ er@domain
+oMSyntax: 22
+searchFlags: 1
+lDAPDisplayName: msSFU30NetgroupUserAtDomain
+schemaIDGUID:: 7U7oqTDmZ0u0s8rSqC00Xg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Nis-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Nis-Domain
+attributeID: 1.2.840.113556.1.6.18.1.339
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Nis-Domain
+adminDescription: This attribute is used to store the NIS domain
+oMSyntax: 22
+searchFlags: 9
+lDAPDisplayName: msSFU30NisDomain
+schemaIDGUID:: 47LjnvPH+EWMnxOCvkmE0g==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-NSMAP-Field-Position,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-NSMAP-Field-Position
+attributeID: 1.2.840.113556.1.6.18.1.345
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-NSMAP-Field-Position
+adminDescription: 
+ This attribute stores the "field position", to extract the key from a non-stan
+ dard map
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: msSFU30NSMAPFieldPosition
+schemaIDGUID:: Xp1cWJn1B0+c+UNzr0uJ0w==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Order-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Order-Number
+attributeID: 1.2.840.113556.1.6.18.1.308
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Order-Number
+adminDescription: 
+ Every time the data stored in the msSFU-30-Domain-Info object is changed, the 
+ value of this attribute is incremented. Server for NIS uses this object to che
+ ck if the map has changed. This number is used to track data changes between y
+ pxfer calls
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msSFU30OrderNumber
+schemaIDGUID:: BV9iAu7Rn0+zZlUma+y5XA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Posix-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Posix-Member
+attributeID: 1.2.840.113556.1.6.18.1.346
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2030
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Posix-Member
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute is used to store the DN display name of users which are a part 
+ of the group
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msSFU30PosixMember
+schemaIDGUID:: Ldh1yEgo7Ey7UDxUhtCdVw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Posix-Member-Of,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Posix-Member-Of
+attributeID: 1.2.840.113556.1.6.18.1.347
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2031
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Posix-Member-Of
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ stores the display names of groups to which this user belongs to
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msSFU30PosixMemberOf
+schemaIDGUID:: kmvXe0QyikOtpiT16jQ4Hg==
+systemOnly: FALSE
+systemFlags: 1
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Result-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Result-Attributes
+attributeID: 1.2.840.113556.1.6.18.1.305
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Result-Attributes
+adminDescription: Server for NIS uses this object as a scratch pad
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30ResultAttributes
+schemaIDGUID:: trBn4UVAM0SsNVP5ctRcug==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Search-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Search-Attributes
+attributeID: 1.2.840.113556.1.6.18.1.304
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Search-Attributes
+adminDescription: 
+ stores the names of the attributes Server for NIS needs while searching a map
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30SearchAttributes
+schemaIDGUID:: 8C2a71cuyEiJUAzGdABHMw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Search-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Search-Container
+attributeID: 1.2.840.113556.1.6.18.1.300
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Search-Container
+adminDescription: 
+ stores the identifier of an object from where each search will begin
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30SearchContainer
+schemaIDGUID:: or/uJ+v7jk+q1sUCR5lCkQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Yp-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Yp-Servers
+attributeID: 1.2.840.113556.1.6.18.1.341
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 20480
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Yp-Servers
+adminDescription: 
+ Stores ypserves list, list of "Servers for NIS" in a NIS domain
+oMSyntax: 22
+searchFlags: 1
+lDAPDisplayName: msSFU30YpServers
+schemaIDGUID:: S5RKCFDh/kuTRUDhrtrrug==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Must-Contain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Must-Contain
+attributeID: 1.2.840.113556.1.2.24
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Must-Contain
+adminDescription: Must-Contain
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: mustContain
+schemaFlagsEx: 1
+schemaIDGUID:: 03mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Name-Service-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Name-Service-Flags
+attributeID: 1.2.840.113556.1.4.753
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Name-Service-Flags
+adminDescription: Name-Service-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: nameServiceFlags
+schemaIDGUID:: QCghgNxL0RGpxAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NC-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NC-Name
+attributeID: 1.2.840.113556.1.2.16
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NC-Name
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: NC-Name
+oMSyntax: 127
+searchFlags: 8
+lDAPDisplayName: nCName
+schemaFlagsEx: 1
+schemaIDGUID:: 1nmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NETBIOS-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NETBIOS-Name
+attributeID: 1.2.840.113556.1.4.87
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NETBIOS-Name
+adminDescription: NETBIOS-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: nETBIOSName
+schemaFlagsEx: 1
+schemaIDGUID:: 2HmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Allow-New-Clients,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Allow-New-Clients
+attributeID: 1.2.840.113556.1.4.849
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Allow-New-Clients
+adminDescription: netboot-Allow-New-Clients
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: netbootAllowNewClients
+schemaIDGUID:: djA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Answer-Only-Valid-Clients,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Answer-Only-Valid-Clients
+attributeID: 1.2.840.113556.1.4.854
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Answer-Only-Valid-Clients
+adminDescription: netboot-Answer-Only-Valid-Clients
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: netbootAnswerOnlyValidClients
+schemaIDGUID:: ezA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Answer-Requests,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Answer-Requests
+attributeID: 1.2.840.113556.1.4.853
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Answer-Requests
+adminDescription: netboot-Answer-Requests
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: netbootAnswerRequests
+schemaIDGUID:: ejA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Current-Client-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Current-Client-Count
+attributeID: 1.2.840.113556.1.4.852
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Current-Client-Count
+adminDescription: netboot-Current-Client-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: netbootCurrentClientCount
+schemaIDGUID:: eTA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Netboot-DUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Netboot-DUID
+attributeID: 1.2.840.113556.1.4.2234
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 2
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Netboot-DUID
+adminDescription: Netboot-DUID
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: netbootDUID
+schemaIDGUID:: vXAlU3c9T0KCLw1jbcbarQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Netboot-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Netboot-GUID
+attributeID: 1.2.840.113556.1.4.359
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Netboot-GUID
+adminDescription: Netboot-GUID
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: netbootGUID
+schemaIDGUID:: IYmXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Netboot-Initialization,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Netboot-Initialization
+attributeID: 1.2.840.113556.1.4.358
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Netboot-Initialization
+adminDescription: Netboot-Initialization
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootInitialization
+schemaIDGUID:: IImXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-IntelliMirror-OSes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-IntelliMirror-OSes
+attributeID: 1.2.840.113556.1.4.857
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-IntelliMirror-OSes
+adminDescription: netboot-IntelliMirror-OSes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootIntelliMirrorOSes
+schemaIDGUID:: fjA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Limit-Clients,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Limit-Clients
+attributeID: 1.2.840.113556.1.4.850
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Limit-Clients
+adminDescription: netboot-Limit-Clients
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: netbootLimitClients
+schemaIDGUID:: dzA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Locally-Installed-OSes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Locally-Installed-OSes
+attributeID: 1.2.840.113556.1.4.859
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Locally-Installed-OSes
+adminDescription: netboot-Locally-Installed-OSes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootLocallyInstalledOSes
+schemaIDGUID:: gDA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Netboot-Machine-File-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Netboot-Machine-File-Path
+attributeID: 1.2.840.113556.1.4.361
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Netboot-Machine-File-Path
+adminDescription: Netboot-Machine-File-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootMachineFilePath
+schemaIDGUID:: I4mXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Max-Clients,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Max-Clients
+attributeID: 1.2.840.113556.1.4.851
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Max-Clients
+adminDescription: netboot-Max-Clients
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: netbootMaxClients
+schemaIDGUID:: eDA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Netboot-Mirror-Data-File,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Netboot-Mirror-Data-File
+attributeID: 1.2.840.113556.1.4.1241
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Netboot-Mirror-Data-File
+adminDescription: Netboot-Mirror-Data-File
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootMirrorDataFile
+schemaIDGUID:: hQ35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-New-Machine-Naming-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-New-Machine-Naming-Policy
+attributeID: 1.2.840.113556.1.4.855
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-New-Machine-Naming-Policy
+adminDescription: netboot-New-Machine-Naming-Policy
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootNewMachineNamingPolicy
+schemaIDGUID:: fDA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-New-Machine-OU,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-New-Machine-OU
+attributeID: 1.2.840.113556.1.4.856
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-New-Machine-OU
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: netboot-New-Machine-OU
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: netbootNewMachineOU
+schemaIDGUID:: fTA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-SCP-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-SCP-BL
+attributeID: 1.2.840.113556.1.4.864
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 101
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-SCP-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: netboot-SCP-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: netbootSCPBL
+schemaIDGUID:: gjA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Server
+attributeID: 1.2.840.113556.1.4.860
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 100
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Server
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: netboot-Server
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: netbootServer
+schemaIDGUID:: gTA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Netboot-SIF-File,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Netboot-SIF-File
+attributeID: 1.2.840.113556.1.4.1240
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Netboot-SIF-File
+adminDescription: Netboot-SIF-File
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootSIFFile
+schemaIDGUID:: hA35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Tools,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Tools
+attributeID: 1.2.840.113556.1.4.858
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Tools
+adminDescription: netboot-Tools
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootTools
+schemaIDGUID:: fzA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Network-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Network-Address
+attributeID: 1.2.840.113556.1.2.459
+attributeSyntax: 2.5.5.4
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 256
+mAPIID: 33136
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Network-Address
+adminDescription: Network-Address
+oMSyntax: 20
+searchFlags: 0
+lDAPDisplayName: networkAddress
+schemaIDGUID:: 2XmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Next-Level-Store,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Next-Level-Store
+attributeID: 1.2.840.113556.1.4.214
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Next-Level-Store
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Next-Level-Store
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: nextLevelStore
+schemaIDGUID:: 2nmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Next-Rid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Next-Rid
+attributeID: 1.2.840.113556.1.4.88
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Next-Rid
+adminDescription: Next-Rid
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: nextRid
+schemaFlagsEx: 1
+schemaIDGUID:: 23mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisMapEntry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NisMapEntry
+attributeID: 1.3.6.1.1.1.1.27
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: nisMapEntry
+adminDescription: This holds one map entry of a non standard map.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: nisMapEntry
+schemaIDGUID:: biGVSsD8LkC1f1lxYmFIqQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisMapName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NisMapName
+attributeID: 1.3.6.1.1.1.1.26
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: nisMapName
+adminDescription: 
+ The attribute contains the name of the map to which the object belongs.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: nisMapName
+schemaIDGUID:: eTydlpoOlU2wrL3ef/jzoQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisNetgroupTriple,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NisNetgroupTriple
+attributeID: 1.3.6.1.1.1.1.14
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 153600
+showInAdvancedViewOnly: TRUE
+adminDisplayName: nisNetgroupTriple
+adminDescription: This attribute represents one entry from a netgroup map.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: nisNetgroupTriple
+schemaIDGUID:: dC4DqO8w9U+v/A/CF3g/7A==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Non-Security-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Non-Security-Member
+attributeID: 1.2.840.113556.1.4.530
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 50
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Non-Security-Member
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Non-Security-Member
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: nonSecurityMember
+schemaIDGUID:: GIBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Non-Security-Member-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Non-Security-Member-BL
+attributeID: 1.2.840.113556.1.4.531
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 51
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Non-Security-Member-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Non-Security-Member-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: nonSecurityMemberBL
+schemaIDGUID:: GYBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Notification-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Notification-List
+attributeID: 1.2.840.113556.1.4.303
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Notification-List
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Notification-List
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: notificationList
+schemaIDGUID:: VloZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NT-Group-Members,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NT-Group-Members
+attributeID: 1.2.840.113556.1.4.89
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NT-Group-Members
+adminDescription: NT-Group-Members
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: nTGroupMembers
+schemaIDGUID:: 33mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NT-Mixed-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NT-Mixed-Domain
+attributeID: 1.2.840.113556.1.4.357
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NT-Mixed-Domain
+adminDescription: NT-Mixed-Domain
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: nTMixedDomain
+schemaFlagsEx: 1
+schemaIDGUID:: H4mXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Nt-Pwd-History,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Nt-Pwd-History
+attributeID: 1.2.840.113556.1.4.94
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Nt-Pwd-History
+adminDescription: Nt-Pwd-History
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: ntPwdHistory
+schemaFlagsEx: 1
+schemaIDGUID:: 4nmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NT-Security-Descriptor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NT-Security-Descriptor
+attributeID: 1.2.840.113556.1.2.281
+attributeSyntax: 2.5.5.15
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+mAPIID: 32787
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NT-Security-Descriptor
+adminDescription: NT-Security-Descriptor
+oMSyntax: 66
+searchFlags: 8
+lDAPDisplayName: nTSecurityDescriptor
+schemaFlagsEx: 1
+schemaIDGUID:: 43mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 26
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Obj-Dist-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Obj-Dist-Name
+attributeID: 2.5.4.49
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+mAPIID: 32828
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Obj-Dist-Name
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Obj-Dist-Name
+oMSyntax: 127
+searchFlags: 8
+lDAPDisplayName: distinguishedName
+schemaFlagsEx: 1
+schemaIDGUID:: 5HmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Category,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Category
+attributeID: 1.2.840.113556.1.4.782
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Category
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Object-Category
+oMSyntax: 127
+searchFlags: 1
+lDAPDisplayName: objectCategory
+schemaFlagsEx: 1
+schemaIDGUID:: aXPZJnBg0RGpxgAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Class
+attributeID: 2.5.4.0
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Class
+adminDescription: Object-Class
+oMSyntax: 6
+searchFlags: 9
+lDAPDisplayName: objectClass
+schemaFlagsEx: 1
+schemaIDGUID:: 5XmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Class-Category,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Class-Category
+attributeID: 1.2.840.113556.1.2.370
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 3
+mAPIID: 33014
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Class-Category
+adminDescription: Object-Class-Category
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: objectClassCategory
+schemaFlagsEx: 1
+schemaIDGUID:: 5nmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Classes
+attributeID: 2.5.21.6
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Classes
+adminDescription: Object-Classes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: objectClasses
+schemaFlagsEx: 1
+schemaIDGUID:: S9l6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Count
+attributeID: 1.2.840.113556.1.4.506
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Count
+adminDescription: Object-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: objectCount
+schemaIDGUID:: FqKqNJm20BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Guid
+attributeID: 1.2.840.113556.1.4.2
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+mAPIID: 35949
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Guid
+adminDescription: Object-Guid
+oMSyntax: 4
+searchFlags: 9
+lDAPDisplayName: objectGUID
+schemaFlagsEx: 1
+schemaIDGUID:: 53mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Sid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Sid
+attributeID: 1.2.840.113556.1.4.146
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 28
+mAPIID: 32807
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Sid
+adminDescription: Object-Sid
+oMSyntax: 4
+searchFlags: 9
+lDAPDisplayName: objectSid
+schemaFlagsEx: 1
+schemaIDGUID:: 6HmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Version
+attributeID: 1.2.840.113556.1.2.76
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 33015
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Version
+adminDescription: Object-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: objectVersion
+schemaFlagsEx: 1
+schemaIDGUID:: SFh3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OEM-Information,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: OEM-Information
+attributeID: 1.2.840.113556.1.4.151
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: OEM-Information
+adminDescription: OEM-Information
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: oEMInformation
+schemaFlagsEx: 1
+schemaIDGUID:: 6nmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OM-Object-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: OM-Object-Class
+attributeID: 1.2.840.113556.1.2.218
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+mAPIID: 33021
+showInAdvancedViewOnly: TRUE
+adminDisplayName: OM-Object-Class
+adminDescription: OM-Object-Class
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: oMObjectClass
+schemaFlagsEx: 1
+schemaIDGUID:: 7HmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OM-Syntax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: OM-Syntax
+attributeID: 1.2.840.113556.1.2.231
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 33022
+showInAdvancedViewOnly: TRUE
+adminDisplayName: OM-Syntax
+adminDescription: OM-Syntax
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: oMSyntax
+schemaFlagsEx: 1
+schemaIDGUID:: 7XmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OMT-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: OMT-Guid
+attributeID: 1.2.840.113556.1.4.505
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: OMT-Guid
+adminDescription: OMT-Guid
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: oMTGuid
+schemaIDGUID:: 8wys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OMT-Indx-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: OMT-Indx-Guid
+attributeID: 1.2.840.113556.1.4.333
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: OMT-Indx-Guid
+adminDescription: OMT-Indx-Guid
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: oMTIndxGuid
+schemaIDGUID:: +nUAH0B+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OncRpcNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: OncRpcNumber
+attributeID: 1.3.6.1.1.1.1.18
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: oncRpcNumber
+adminDescription: 
+ This is a part of the rpc map and stores the RPC number for UNIX RPCs.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: oncRpcNumber
+schemaIDGUID:: 9SVoltkBXEqgEdFa6E76VQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Operating-System,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Operating-System
+attributeID: 1.2.840.113556.1.4.363
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Operating-System
+adminDescription: Operating-System
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: operatingSystem
+schemaFlagsEx: 1
+schemaIDGUID:: JYmXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Operating-System-Hotfix,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Operating-System-Hotfix
+attributeID: 1.2.840.113556.1.4.415
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Operating-System-Hotfix
+adminDescription: Operating-System-Hotfix
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: operatingSystemHotfix
+schemaIDGUID:: PBuVvZac0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Operating-System-Service-Pack,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Operating-System-Service-Pack
+attributeID: 1.2.840.113556.1.4.365
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Operating-System-Service-Pack
+adminDescription: Operating-System-Service-Pack
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: operatingSystemServicePack
+schemaFlagsEx: 1
+schemaIDGUID:: J4mXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Operating-System-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Operating-System-Version
+attributeID: 1.2.840.113556.1.4.364
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Operating-System-Version
+adminDescription: Operating-System-Version
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: operatingSystemVersion
+schemaFlagsEx: 1
+schemaIDGUID:: JomXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Operator-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Operator-Count
+attributeID: 1.2.840.113556.1.4.144
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Operator-Count
+adminDescription: Operator-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: operatorCount
+schemaFlagsEx: 1
+schemaIDGUID:: 7nmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Option-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Option-Description
+attributeID: 1.2.840.113556.1.4.712
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Option-Description
+adminDescription: Option-Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: optionDescription
+schemaIDGUID:: TSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Options,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Options
+attributeID: 1.2.840.113556.1.4.307
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Options
+adminDescription: Options
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: options
+schemaFlagsEx: 1
+schemaIDGUID:: U1oZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Options-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Options-Location
+attributeID: 1.2.840.113556.1.4.713
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Options-Location
+adminDescription: Options-Location
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: optionsLocation
+schemaIDGUID:: Tic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Organization-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Organization-Name
+attributeID: 2.5.4.10
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 33025
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Organization-Name
+adminDescription: Organization-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: o
+schemaFlagsEx: 1
+schemaIDGUID:: 73mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Organizational-Unit-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Organizational-Unit-Name
+attributeID: 2.5.4.11
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 33026
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Organizational-Unit-Name
+adminDescription: Organizational-Unit-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: ou
+schemaFlagsEx: 1
+schemaIDGUID:: 8HmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=organizationalStatus,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: organizationalStatus
+attributeID: 0.9.2342.19200300.100.1.45
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: organizationalStatus
+adminDescription: 
+ The organizationalStatus attribute type specifies a category by which a person
+  is often referred to in an organization.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: organizationalStatus
+schemaIDGUID:: GWBZKElzL02t/1pimWH5Qg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Original-Display-Table,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Original-Display-Table
+attributeID: 1.2.840.113556.1.2.445
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 33027
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Original-Display-Table
+adminDescription: Original-Display-Table
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: originalDisplayTable
+schemaIDGUID:: ziTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Original-Display-Table-MSDOS,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Original-Display-Table-MSDOS
+attributeID: 1.2.840.113556.1.2.214
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 33028
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Original-Display-Table-MSDOS
+adminDescription: Original-Display-Table-MSDOS
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: originalDisplayTableMSDOS
+schemaIDGUID:: zyTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Other-Login-Workstations,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Other-Login-Workstations
+attributeID: 1.2.840.113556.1.4.91
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Other-Login-Workstations
+adminDescription: Other-Login-Workstations
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: otherLoginWorkstations
+schemaIDGUID:: 8XmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Other-Mailbox,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Other-Mailbox
+attributeID: 1.2.840.113556.1.4.651
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Other-Mailbox
+adminDescription: Other-Mailbox
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherMailbox
+schemaIDGUID:: I8GWAtpA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Other-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Other-Name
+attributeID: 2.16.840.1.113730.3.1.34
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Other-Name
+adminDescription: Other-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: middleName
+schemaIDGUID:: 8nmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Other-Well-Known-Objects,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Other-Well-Known-Objects
+attributeID: 1.2.840.113556.1.4.1359
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Other-Well-Known-Objects
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: Other-Well-Known-Objects
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: otherWellKnownObjects
+schemaFlagsEx: 1
+schemaIDGUID:: XU6mHg+s0hGQ3wDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Owner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Owner
+attributeID: 2.5.4.32
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 44
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Owner
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Owner
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: owner
+schemaIDGUID:: 83mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Package-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Package-Flags
+attributeID: 1.2.840.113556.1.4.327
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Package-Flags
+adminDescription: Package-Flags
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: packageFlags
+schemaIDGUID:: mQ5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Package-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Package-Name
+attributeID: 1.2.840.113556.1.4.326
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Package-Name
+adminDescription: Package-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: packageName
+schemaIDGUID:: mA5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Package-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Package-Type
+attributeID: 1.2.840.113556.1.4.324
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Package-Type
+adminDescription: Package-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: packageType
+schemaIDGUID:: lg5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Parent-CA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Parent-CA
+attributeID: 1.2.840.113556.1.4.557
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Parent-CA
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Parent-CA
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: parentCA
+schemaIDGUID:: G4BFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Parent-CA-Certificate-Chain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Parent-CA-Certificate-Chain
+attributeID: 1.2.840.113556.1.4.685
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Parent-CA-Certificate-Chain
+adminDescription: Parent-CA-Certificate-Chain
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: parentCACertificateChain
+schemaIDGUID:: Myc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Parent-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Parent-GUID
+attributeID: 1.2.840.113556.1.4.1224
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Parent-GUID
+adminDescription: Parent-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: parentGUID
+schemaFlagsEx: 1
+schemaIDGUID:: dA35LZ8A0hGqTADAT9fYOg==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Partial-Attribute-Deletion-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Partial-Attribute-Deletion-List
+attributeID: 1.2.840.113556.1.4.663
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Partial-Attribute-Deletion-List
+adminDescription: Partial-Attribute-Deletion-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: partialAttributeDeletionList
+schemaFlagsEx: 1
+schemaIDGUID:: wA5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Partial-Attribute-Set,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Partial-Attribute-Set
+attributeID: 1.2.840.113556.1.4.640
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Partial-Attribute-Set
+adminDescription: Partial-Attribute-Set
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: partialAttributeSet
+schemaFlagsEx: 1
+schemaIDGUID:: nltAGfo80RGpwAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pek-Key-Change-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pek-Key-Change-Interval
+attributeID: 1.2.840.113556.1.4.866
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pek-Key-Change-Interval
+adminDescription: Pek-Key-Change-Interval
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: pekKeyChangeInterval
+schemaIDGUID:: hDA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pek-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pek-List
+attributeID: 1.2.840.113556.1.4.865
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pek-List
+adminDescription: Pek-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pekList
+schemaFlagsEx: 1
+schemaIDGUID:: gzA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pending-CA-Certificates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pending-CA-Certificates
+attributeID: 1.2.840.113556.1.4.693
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pending-CA-Certificates
+adminDescription: Pending-CA-Certificates
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pendingCACertificates
+schemaIDGUID:: PCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pending-Parent-CA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pending-Parent-CA
+attributeID: 1.2.840.113556.1.4.695
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pending-Parent-CA
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Pending-Parent-CA
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: pendingParentCA
+schemaIDGUID:: Pic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Per-Msg-Dialog-Display-Table,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Per-Msg-Dialog-Display-Table
+attributeID: 1.2.840.113556.1.2.325
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 33032
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Per-Msg-Dialog-Display-Table
+adminDescription: Per-Msg-Dialog-Display-Table
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: perMsgDialogDisplayTable
+schemaIDGUID:: 0yTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Per-Recip-Dialog-Display-Table,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Per-Recip-Dialog-Display-Table
+attributeID: 1.2.840.113556.1.2.326
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 33033
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Per-Recip-Dialog-Display-Table
+adminDescription: Per-Recip-Dialog-Display-Table
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: perRecipDialogDisplayTable
+schemaIDGUID:: 1CTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Personal-Title,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Personal-Title
+attributeID: 1.2.840.113556.1.2.615
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35947
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Personal-Title
+adminDescription: Personal-Title
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: personalTitle
+schemaIDGUID:: WFh3FvNH0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Fax-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Fax-Other
+attributeID: 1.2.840.113556.1.4.646
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Fax-Other
+adminDescription: Phone-Fax-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherFacsimileTelephoneNumber
+schemaIDGUID:: HcGWAtpA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Home-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Home-Other
+attributeID: 1.2.840.113556.1.2.277
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14895
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Home-Other
+adminDescription: Phone-Home-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherHomePhone
+schemaIDGUID:: ov/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Home-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Home-Primary
+attributeID: 0.9.2342.19200300.100.1.20
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14857
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Home-Primary
+adminDescription: Phone-Home-Primary
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: homePhone
+schemaIDGUID:: of/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Ip-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Ip-Other
+attributeID: 1.2.840.113556.1.4.722
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Ip-Other
+adminDescription: Phone-Ip-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherIpPhone
+schemaIDGUID:: S24UTdRI0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Ip-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Ip-Primary
+attributeID: 1.2.840.113556.1.4.721
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Ip-Primary
+adminDescription: Phone-Ip-Primary
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ipPhone
+schemaIDGUID:: Sm4UTdRI0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-ISDN-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-ISDN-Primary
+attributeID: 1.2.840.113556.1.4.649
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-ISDN-Primary
+adminDescription: Phone-ISDN-Primary
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: primaryInternationalISDNNumber
+schemaIDGUID:: H8GWAtpA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Mobile-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Mobile-Other
+attributeID: 1.2.840.113556.1.4.647
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Mobile-Other
+adminDescription: Phone-Mobile-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherMobile
+schemaIDGUID:: HsGWAtpA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Mobile-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Mobile-Primary
+attributeID: 0.9.2342.19200300.100.1.41
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14876
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Mobile-Primary
+adminDescription: Phone-Mobile-Primary
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mobile
+schemaIDGUID:: o//48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Office-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Office-Other
+attributeID: 1.2.840.113556.1.2.18
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14875
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Office-Other
+adminDescription: Phone-Office-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherTelephone
+schemaIDGUID:: pf/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Pager-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Pager-Other
+attributeID: 1.2.840.113556.1.2.118
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35950
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Pager-Other
+adminDescription: Phone-Pager-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherPager
+schemaIDGUID:: pP/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Pager-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Pager-Primary
+attributeID: 0.9.2342.19200300.100.1.42
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14881
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Pager-Primary
+adminDescription: Phone-Pager-Primary
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: pager
+schemaIDGUID:: pv/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=photo,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: photo
+attributeID: 0.9.2342.19200300.100.1.7
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: photo
+adminDescription: 
+ An object encoded in G3 fax as explained in recommendation T.4, with an ASN.1 
+ wrapper to make it compatible with an X.400 BodyPart as defined in X.420.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: photo
+schemaIDGUID:: aJeXnBq6CEyWMsalwe1kmg==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Physical-Delivery-Office-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Physical-Delivery-Office-Name
+attributeID: 2.5.4.19
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 14873
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Physical-Delivery-Office-Name
+adminDescription: Physical-Delivery-Office-Name
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: physicalDeliveryOfficeName
+schemaIDGUID:: 93mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Physical-Location-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Physical-Location-Object
+attributeID: 1.2.840.113556.1.4.514
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Physical-Location-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Physical-Location-Object
+oMSyntax: 127
+searchFlags: 1
+lDAPDisplayName: physicalLocationObject
+schemaIDGUID:: GTGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Picture,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Picture
+attributeID: 2.16.840.1.113730.3.1.35
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 102400
+mAPIID: 35998
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Picture
+adminDescription: Picture
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: thumbnailPhoto
+schemaIDGUID:: UMo7jX4d0BGggQCqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Critical-Extensions,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Critical-Extensions
+attributeID: 1.2.840.113556.1.4.1330
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Critical-Extensions
+adminDescription: PKI-Critical-Extensions
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: pKICriticalExtensions
+schemaIDGUID:: BpFa/J070hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Default-CSPs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Default-CSPs
+attributeID: 1.2.840.113556.1.4.1334
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Default-CSPs
+adminDescription: PKI-Default-CSPs
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: pKIDefaultCSPs
+schemaIDGUID:: bjP2Hp470hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Default-Key-Spec,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Default-Key-Spec
+attributeID: 1.2.840.113556.1.4.1327
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Default-Key-Spec
+adminDescription: PKI-Default-Key-Spec
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: pKIDefaultKeySpec
+schemaIDGUID:: bq5sQp070hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Enrollment-Access,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Enrollment-Access
+attributeID: 1.2.840.113556.1.4.1335
+attributeSyntax: 2.5.5.15
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Enrollment-Access
+adminDescription: PKI-Enrollment-Access
+oMSyntax: 66
+searchFlags: 0
+lDAPDisplayName: pKIEnrollmentAccess
+schemaIDGUID:: eOJrkvlW0hGQ0ADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Expiration-Period,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Expiration-Period
+attributeID: 1.2.840.113556.1.4.1331
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Expiration-Period
+adminDescription: PKI-Expiration-Period
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pKIExpirationPeriod
+schemaIDGUID:: 0nAVBJ470hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Extended-Key-Usage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Extended-Key-Usage
+attributeID: 1.2.840.113556.1.4.1333
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Extended-Key-Usage
+adminDescription: PKI-Extended-Key-Usage
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: pKIExtendedKeyUsage
+schemaIDGUID:: 9mqXGJ470hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Key-Usage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Key-Usage
+attributeID: 1.2.840.113556.1.4.1328
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Key-Usage
+adminDescription: PKI-Key-Usage
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pKIKeyUsage
+schemaIDGUID:: fqiw6Z070hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Max-Issuing-Depth,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Max-Issuing-Depth
+attributeID: 1.2.840.113556.1.4.1329
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Max-Issuing-Depth
+adminDescription: PKI-Max-Issuing-Depth
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: pKIMaxIssuingDepth
+schemaIDGUID:: +t6/8J070hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Overlap-Period,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Overlap-Period
+attributeID: 1.2.840.113556.1.4.1332
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Overlap-Period
+adminDescription: PKI-Overlap-Period
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pKIOverlapPeriod
+schemaIDGUID:: 7KMZEp470hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKT,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKT
+attributeID: 1.2.840.113556.1.4.206
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 10485760
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKT
+adminDescription: PKT
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pKT
+schemaIDGUID:: 8flHhCcQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKT-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKT-Guid
+attributeID: 1.2.840.113556.1.4.205
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKT-Guid
+adminDescription: PKT-Guid
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pKTGuid
+schemaIDGUID:: 8PlHhCcQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Policy-Replication-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Policy-Replication-Flags
+attributeID: 1.2.840.113556.1.4.633
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Policy-Replication-Flags
+adminDescription: Policy-Replication-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: policyReplicationFlags
+schemaIDGUID:: lltAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Port-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Port-Name
+attributeID: 1.2.840.113556.1.4.228
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Port-Name
+adminDescription: Port-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: portName
+schemaIDGUID:: xBYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Poss-Superiors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Poss-Superiors
+attributeID: 1.2.840.113556.1.2.8
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Poss-Superiors
+adminDescription: Poss-Superiors
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: possSuperiors
+schemaFlagsEx: 1
+schemaIDGUID:: +nmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Possible-Inferiors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Possible-Inferiors
+attributeID: 1.2.840.113556.1.4.915
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Possible-Inferiors
+adminDescription: Possible-Inferiors
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: possibleInferiors
+schemaFlagsEx: 1
+schemaIDGUID:: TNl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Post-Office-Box,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Post-Office-Box
+attributeID: 2.5.4.18
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 40
+mAPIID: 14891
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Post-Office-Box
+adminDescription: Post-Office-Box
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: postOfficeBox
+schemaIDGUID:: +3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Postal-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Postal-Address
+attributeID: 2.5.4.16
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 4096
+mAPIID: 33036
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Postal-Address
+adminDescription: Postal-Address
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: postalAddress
+schemaIDGUID:: /HmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Postal-Code,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Postal-Code
+attributeID: 2.5.4.17
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 40
+mAPIID: 14890
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Postal-Code
+adminDescription: Postal-Code
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: postalCode
+schemaIDGUID:: /XmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Preferred-Delivery-Method,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Preferred-Delivery-Method
+attributeID: 2.5.4.28
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+mAPIID: 33037
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Preferred-Delivery-Method
+adminDescription: Preferred-Delivery-Method
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: preferredDeliveryMethod
+schemaIDGUID:: /nmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Preferred-OU,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Preferred-OU
+attributeID: 1.2.840.113556.1.4.97
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Preferred-OU
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Preferred-OU
+oMSyntax: 127
+searchFlags: 16
+lDAPDisplayName: preferredOU
+schemaIDGUID:: /3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=preferredLanguage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: preferredLanguage
+attributeID: 2.16.840.1.113730.3.1.39
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: preferredLanguage
+adminDescription: The preferred written or spoken language for a person.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: preferredLanguage
+schemaIDGUID:: 0OBrhecY4UaPX37k2QIODQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Prefix-Map,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Prefix-Map
+attributeID: 1.2.840.113556.1.4.538
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Prefix-Map
+adminDescription: Prefix-Map
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: prefixMap
+schemaFlagsEx: 1
+schemaIDGUID:: IoBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Presentation-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Presentation-Address
+attributeID: 2.5.4.29
+attributeSyntax: 2.5.5.13
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Presentation-Address
+oMObjectClass:: KwwCh3McAIVc
+adminDescription: Presentation-Address
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: presentationAddress
+schemaIDGUID:: S3TfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Previous-CA-Certificates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Previous-CA-Certificates
+attributeID: 1.2.840.113556.1.4.692
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Previous-CA-Certificates
+adminDescription: Previous-CA-Certificates
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: previousCACertificates
+schemaIDGUID:: OSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Previous-Parent-CA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Previous-Parent-CA
+attributeID: 1.2.840.113556.1.4.694
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Previous-Parent-CA
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Previous-Parent-CA
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: previousParentCA
+schemaIDGUID:: PSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Primary-Group-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Primary-Group-ID
+attributeID: 1.2.840.113556.1.4.98
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Primary-Group-ID
+adminDescription: Primary-Group-ID
+oMSyntax: 2
+searchFlags: 17
+lDAPDisplayName: primaryGroupID
+schemaFlagsEx: 1
+schemaIDGUID:: AHqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Primary-Group-Token,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Primary-Group-Token
+attributeID: 1.2.840.113556.1.4.1412
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Primary-Group-Token
+adminDescription: Primary-Group-Token
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: primaryGroupToken
+schemaFlagsEx: 1
+schemaIDGUID:: OIftwP1+gUSE2WbS24vjaQ==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Attributes
+attributeID: 1.2.840.113556.1.4.247
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Attributes
+adminDescription: Print-Attributes
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printAttributes
+schemaIDGUID:: 1xYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Bin-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Bin-Names
+attributeID: 1.2.840.113556.1.4.237
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Bin-Names
+adminDescription: Print-Bin-Names
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printBinNames
+schemaIDGUID:: zRYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Collate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Collate
+attributeID: 1.2.840.113556.1.4.242
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Collate
+adminDescription: Print-Collate
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: printCollate
+schemaIDGUID:: 0hYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Color,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Color
+attributeID: 1.2.840.113556.1.4.243
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Color
+adminDescription: Print-Color
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: printColor
+schemaIDGUID:: 0xYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Duplex-Supported,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Duplex-Supported
+attributeID: 1.2.840.113556.1.4.1311
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Duplex-Supported
+adminDescription: Print-Duplex-Supported
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: printDuplexSupported
+schemaIDGUID:: zBYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-End-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-End-Time
+attributeID: 1.2.840.113556.1.4.234
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-End-Time
+adminDescription: Print-End-Time
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printEndTime
+schemaIDGUID:: yhYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Form-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Form-Name
+attributeID: 1.2.840.113556.1.4.235
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Form-Name
+adminDescription: Print-Form-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printFormName
+schemaIDGUID:: yxYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Keep-Printed-Jobs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Keep-Printed-Jobs
+attributeID: 1.2.840.113556.1.4.275
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Keep-Printed-Jobs
+adminDescription: Print-Keep-Printed-Jobs
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: printKeepPrintedJobs
+schemaIDGUID:: bV8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Language,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Language
+attributeID: 1.2.840.113556.1.4.246
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Language
+adminDescription: Print-Language
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printLanguage
+schemaIDGUID:: 1hYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-MAC-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-MAC-Address
+attributeID: 1.2.840.113556.1.4.288
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-MAC-Address
+adminDescription: Print-MAC-Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printMACAddress
+schemaIDGUID:: el8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Max-Copies,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Max-Copies
+attributeID: 1.2.840.113556.1.4.241
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Max-Copies
+adminDescription: Print-Max-Copies
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMaxCopies
+schemaIDGUID:: 0RYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Max-Resolution-Supported,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Max-Resolution-Supported
+attributeID: 1.2.840.113556.1.4.238
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Max-Resolution-Supported
+adminDescription: Print-Max-Resolution-Supported
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMaxResolutionSupported
+schemaIDGUID:: zxYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Max-X-Extent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Max-X-Extent
+attributeID: 1.2.840.113556.1.4.277
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Max-X-Extent
+adminDescription: Print-Max-X-Extent
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMaxXExtent
+schemaIDGUID:: b18wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Max-Y-Extent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Max-Y-Extent
+attributeID: 1.2.840.113556.1.4.278
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Max-Y-Extent
+adminDescription: Print-Max-Y-Extent
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMaxYExtent
+schemaIDGUID:: cF8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Media-Ready,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Media-Ready
+attributeID: 1.2.840.113556.1.4.289
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Media-Ready
+adminDescription: Print-Media-Ready
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printMediaReady
+schemaIDGUID:: 9fzLOz1N0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Media-Supported,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Media-Supported
+attributeID: 1.2.840.113556.1.4.299
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Media-Supported
+adminDescription: Print-Media-Supported
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printMediaSupported
+schemaIDGUID:: bylLJL1a0BGv0gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Memory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Memory
+attributeID: 1.2.840.113556.1.4.282
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Memory
+adminDescription: Print-Memory
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMemory
+schemaIDGUID:: dF8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Min-X-Extent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Min-X-Extent
+attributeID: 1.2.840.113556.1.4.279
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Min-X-Extent
+adminDescription: Print-Min-X-Extent
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMinXExtent
+schemaIDGUID:: cV8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Min-Y-Extent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Min-Y-Extent
+attributeID: 1.2.840.113556.1.4.280
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Min-Y-Extent
+adminDescription: Print-Min-Y-Extent
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMinYExtent
+schemaIDGUID:: cl8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Network-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Network-Address
+attributeID: 1.2.840.113556.1.4.287
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Network-Address
+adminDescription: Print-Network-Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printNetworkAddress
+schemaIDGUID:: eV8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Notify,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Notify
+attributeID: 1.2.840.113556.1.4.272
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Notify
+adminDescription: Print-Notify
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printNotify
+schemaIDGUID:: al8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Number-Up,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Number-Up
+attributeID: 1.2.840.113556.1.4.290
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Number-Up
+adminDescription: Print-Number-Up
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printNumberUp
+schemaIDGUID:: 9PzLOz1N0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Orientations-Supported,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Orientations-Supported
+attributeID: 1.2.840.113556.1.4.240
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Orientations-Supported
+adminDescription: Print-Orientations-Supported
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printOrientationsSupported
+schemaIDGUID:: 0BYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Owner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Owner
+attributeID: 1.2.840.113556.1.4.271
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Owner
+adminDescription: Print-Owner
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printOwner
+schemaIDGUID:: aV8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Pages-Per-Minute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Pages-Per-Minute
+attributeID: 1.2.840.113556.1.4.631
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Pages-Per-Minute
+adminDescription: Print-Pages-Per-Minute
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printPagesPerMinute
+schemaIDGUID:: l1tAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Rate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Rate
+attributeID: 1.2.840.113556.1.4.285
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Rate
+adminDescription: Print-Rate
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printRate
+schemaIDGUID:: d18wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Rate-Unit,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Rate-Unit
+attributeID: 1.2.840.113556.1.4.286
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Rate-Unit
+adminDescription: Print-Rate-Unit
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printRateUnit
+schemaIDGUID:: eF8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Separator-File,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Separator-File
+attributeID: 1.2.840.113556.1.4.230
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Separator-File
+adminDescription: Print-Separator-File
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printSeparatorFile
+schemaIDGUID:: xhYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Share-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Share-Name
+attributeID: 1.2.840.113556.1.4.270
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Share-Name
+adminDescription: Print-Share-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printShareName
+schemaIDGUID:: aF8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Spooling,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Spooling
+attributeID: 1.2.840.113556.1.4.274
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Spooling
+adminDescription: Print-Spooling
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printSpooling
+schemaIDGUID:: bF8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Stapling-Supported,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Stapling-Supported
+attributeID: 1.2.840.113556.1.4.281
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Stapling-Supported
+adminDescription: Print-Stapling-Supported
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: printStaplingSupported
+schemaIDGUID:: c18wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Start-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Start-Time
+attributeID: 1.2.840.113556.1.4.233
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Start-Time
+adminDescription: Print-Start-Time
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printStartTime
+schemaIDGUID:: yRYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Status,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Status
+attributeID: 1.2.840.113556.1.4.273
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Status
+adminDescription: Print-Status
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printStatus
+schemaIDGUID:: a18wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Printer-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Printer-Name
+attributeID: 1.2.840.113556.1.4.300
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Printer-Name
+adminDescription: Printer-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printerName
+schemaIDGUID:: bilLJL1a0BGv0gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Prior-Set-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Prior-Set-Time
+attributeID: 1.2.840.113556.1.4.99
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Prior-Set-Time
+adminDescription: Prior-Set-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: priorSetTime
+schemaFlagsEx: 1
+schemaIDGUID:: AXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Prior-Value,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Prior-Value
+attributeID: 1.2.840.113556.1.4.100
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Prior-Value
+adminDescription: Prior-Value
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: priorValue
+schemaFlagsEx: 1
+schemaIDGUID:: AnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Priority
+attributeID: 1.2.840.113556.1.4.231
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Priority
+adminDescription: Priority
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: priority
+schemaIDGUID:: xxYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Private-Key,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Private-Key
+attributeID: 1.2.840.113556.1.4.101
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Private-Key
+adminDescription: Private-Key
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: privateKey
+schemaFlagsEx: 1
+schemaIDGUID:: A3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Privilege-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Privilege-Attributes
+attributeID: 1.2.840.113556.1.4.636
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Privilege-Attributes
+adminDescription: Privilege-Attributes
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: privilegeAttributes
+schemaIDGUID:: mltAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Privilege-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Privilege-Display-Name
+attributeID: 1.2.840.113556.1.4.634
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Privilege-Display-Name
+adminDescription: Privilege-Display-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: privilegeDisplayName
+schemaIDGUID:: mFtAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Privilege-Holder,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Privilege-Holder
+attributeID: 1.2.840.113556.1.4.637
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 70
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Privilege-Holder
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Privilege-Holder
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: privilegeHolder
+schemaIDGUID:: m1tAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Privilege-Value,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Privilege-Value
+attributeID: 1.2.840.113556.1.4.635
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Privilege-Value
+adminDescription: Privilege-Value
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: privilegeValue
+schemaIDGUID:: mVtAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Product-Code,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Product-Code
+attributeID: 1.2.840.113556.1.4.818
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Product-Code
+adminDescription: Product-Code
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: productCode
+schemaIDGUID:: F4Ph2TmJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Profile-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Profile-Path
+attributeID: 1.2.840.113556.1.4.139
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Profile-Path
+adminDescription: Profile-Path
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: profilePath
+schemaFlagsEx: 1
+schemaIDGUID:: BXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Proxied-Object-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Proxied-Object-Name
+attributeID: 1.2.840.113556.1.4.1249
+attributeSyntax: 2.5.5.7
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Proxied-Object-Name
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: Proxied-Object-Name
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: proxiedObjectName
+schemaFlagsEx: 1
+schemaIDGUID:: AqSu4VvN0BGv/wAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Proxy-Addresses,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Proxy-Addresses
+attributeID: 1.2.840.113556.1.2.210
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 1123
+mAPIID: 32783
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Proxy-Addresses
+adminDescription: Proxy-Addresses
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: proxyAddresses
+schemaFlagsEx: 1
+schemaIDGUID:: BnqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Proxy-Generation-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Proxy-Generation-Enabled
+attributeID: 1.2.840.113556.1.2.523
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+mAPIID: 33201
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Proxy-Generation-Enabled
+adminDescription: Proxy-Generation-Enabled
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: proxyGenerationEnabled
+schemaIDGUID:: 1iTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Proxy-Lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Proxy-Lifetime
+attributeID: 1.2.840.113556.1.4.103
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Proxy-Lifetime
+adminDescription: Proxy-Lifetime
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: proxyLifetime
+schemaFlagsEx: 1
+schemaIDGUID:: B3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Public-Key-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Public-Key-Policy
+attributeID: 1.2.840.113556.1.4.420
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Public-Key-Policy
+adminDescription: Public-Key-Policy
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: publicKeyPolicy
+schemaIDGUID:: KH6mgCKf0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: /YmboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Purported-Search,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Purported-Search
+attributeID: 1.2.840.113556.1.4.886
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Purported-Search
+adminDescription: Purported-Search
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: purportedSearch
+schemaIDGUID:: UE61tDqU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pwd-History-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pwd-History-Length
+attributeID: 1.2.840.113556.1.4.95
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pwd-History-Length
+adminDescription: Pwd-History-Length
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: pwdHistoryLength
+schemaFlagsEx: 1
+schemaIDGUID:: CXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pwd-Last-Set,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pwd-Last-Set
+attributeID: 1.2.840.113556.1.4.96
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pwd-Last-Set
+adminDescription: Pwd-Last-Set
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: pwdLastSet
+schemaFlagsEx: 1
+schemaIDGUID:: CnqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pwd-Properties,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pwd-Properties
+attributeID: 1.2.840.113556.1.4.93
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pwd-Properties
+adminDescription: Pwd-Properties
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: pwdProperties
+schemaFlagsEx: 1
+schemaIDGUID:: C3qWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Quality-Of-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Quality-Of-Service
+attributeID: 1.2.840.113556.1.4.458
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Quality-Of-Service
+adminDescription: Quality-Of-Service
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: qualityOfService
+schemaIDGUID:: Tn6mgCKf0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: AYqboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Query-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Query-Filter
+attributeID: 1.2.840.113556.1.4.1355
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Query-Filter
+adminDescription: Query-Filter
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: queryFilter
+schemaIDGUID:: Jgr3y3h+0hGZIQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Query-Policy-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Query-Policy-BL
+attributeID: 1.2.840.113556.1.4.608
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 69
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Query-Policy-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Query-Policy-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: queryPolicyBL
+schemaIDGUID:: BKSu4VvN0BGv/wAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Query-Policy-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Query-Policy-Object
+attributeID: 1.2.840.113556.1.4.607
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 68
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Query-Policy-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Query-Policy-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: queryPolicyObject
+schemaFlagsEx: 1
+schemaIDGUID:: A6Su4VvN0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=QueryPoint,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: QueryPoint
+attributeID: 1.2.840.113556.1.4.680
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: QueryPoint
+adminDescription: QueryPoint
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: queryPoint
+schemaIDGUID:: hsv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Range-Lower,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Range-Lower
+attributeID: 1.2.840.113556.1.2.34
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 33043
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Range-Lower
+adminDescription: Range-Lower
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: rangeLower
+schemaFlagsEx: 1
+schemaIDGUID:: DHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Range-Upper,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Range-Upper
+attributeID: 1.2.840.113556.1.2.35
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 33044
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Range-Upper
+adminDescription: Range-Upper
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: rangeUpper
+schemaFlagsEx: 1
+schemaIDGUID:: DXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RDN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RDN
+attributeID: 1.2.840.113556.1.4.1
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 255
+mAPIID: 33282
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RDN
+adminDescription: RDN
+oMSyntax: 64
+searchFlags: 13
+lDAPDisplayName: name
+schemaFlagsEx: 1
+schemaIDGUID:: DnqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RDN-Att-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RDN-Att-ID
+attributeID: 1.2.840.113556.1.2.26
+attributeSyntax: 2.5.5.2
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RDN-Att-ID
+adminDescription: RDN-Att-ID
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: rDNAttID
+schemaFlagsEx: 1
+schemaIDGUID:: D3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Registered-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Registered-Address
+attributeID: 2.5.4.26
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 4096
+mAPIID: 33049
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Registered-Address
+adminDescription: Registered-Address
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: registeredAddress
+schemaIDGUID:: EHqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Server-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Remote-Server-Name
+attributeID: 1.2.840.113556.1.4.105
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Remote-Server-Name
+adminDescription: Remote-Server-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: remoteServerName
+schemaIDGUID:: EnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Source,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Remote-Source
+attributeID: 1.2.840.113556.1.4.107
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Remote-Source
+adminDescription: Remote-Source
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: remoteSource
+schemaIDGUID:: FHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Source-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Remote-Source-Type
+attributeID: 1.2.840.113556.1.4.108
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Remote-Source-Type
+adminDescription: Remote-Source-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: remoteSourceType
+schemaIDGUID:: FXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Storage-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Remote-Storage-GUID
+attributeID: 1.2.840.113556.1.4.809
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Remote-Storage-GUID
+adminDescription: Remote-Storage-GUID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: remoteStorageGUID
+schemaIDGUID:: sMU5KmCJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Repl-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Repl-Interval
+attributeID: 1.2.840.113556.1.4.1336
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Repl-Interval
+adminDescription: Repl-Interval
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: replInterval
+schemaFlagsEx: 1
+schemaIDGUID:: Gp26RfpW0hGQ0ADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Repl-Property-Meta-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Repl-Property-Meta-Data
+attributeID: 1.2.840.113556.1.4.3
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Repl-Property-Meta-Data
+adminDescription: Repl-Property-Meta-Data
+oMSyntax: 4
+searchFlags: 8
+lDAPDisplayName: replPropertyMetaData
+schemaFlagsEx: 1
+schemaIDGUID:: wBYUKGgZ0BGijwCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 27
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Repl-Topology-Stay-Of-Execution,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Repl-Topology-Stay-Of-Execution
+attributeID: 1.2.840.113556.1.4.677
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Repl-Topology-Stay-Of-Execution
+adminDescription: Repl-Topology-Stay-Of-Execution
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: replTopologyStayOfExecution
+schemaFlagsEx: 1
+schemaIDGUID:: g8v9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Repl-UpToDate-Vector,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Repl-UpToDate-Vector
+attributeID: 1.2.840.113556.1.4.4
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Repl-UpToDate-Vector
+adminDescription: Repl-UpToDate-Vector
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: replUpToDateVector
+schemaFlagsEx: 1
+schemaIDGUID:: FnqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Replica-Source,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Replica-Source
+attributeID: 1.2.840.113556.1.4.109
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Replica-Source
+adminDescription: Replica-Source
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: replicaSource
+schemaIDGUID:: GHqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Reports,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Reports
+attributeID: 1.2.840.113556.1.2.436
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 32782
+linkID: 43
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Reports
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Reports
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: directReports
+schemaIDGUID:: HHqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Reps-From,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Reps-From
+attributeID: 1.2.840.113556.1.2.91
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Reps-From
+oMObjectClass:: KoZIhvcUAQEBBg==
+adminDescription: Reps-From
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: repsFrom
+schemaFlagsEx: 1
+schemaIDGUID:: HXqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Reps-To,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Reps-To
+attributeID: 1.2.840.113556.1.2.83
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Reps-To
+oMObjectClass:: KoZIhvcUAQEBBg==
+adminDescription: Reps-To
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: repsTo
+schemaFlagsEx: 1
+schemaIDGUID:: HnqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Required-Categories,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Required-Categories
+attributeID: 1.2.840.113556.1.4.321
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Required-Categories
+adminDescription: Required-Categories
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: requiredCategories
+schemaIDGUID:: kw5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Retired-Repl-DSA-Signatures,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Retired-Repl-DSA-Signatures
+attributeID: 1.2.840.113556.1.4.673
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Retired-Repl-DSA-Signatures
+adminDescription: Retired-Repl-DSA-Signatures
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: retiredReplDSASignatures
+schemaFlagsEx: 1
+schemaIDGUID:: f8v9ewdI0RGpwwAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Revision,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Revision
+attributeID: 1.2.840.113556.1.4.145
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Revision
+adminDescription: Revision
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: revision
+schemaFlagsEx: 1
+schemaIDGUID:: IXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Rid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Rid
+attributeID: 1.2.840.113556.1.4.153
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Rid
+adminDescription: Rid
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: rid
+schemaFlagsEx: 1
+schemaIDGUID:: InqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Allocation-Pool,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Allocation-Pool
+attributeID: 1.2.840.113556.1.4.371
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Allocation-Pool
+adminDescription: RID-Allocation-Pool
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: rIDAllocationPool
+schemaFlagsEx: 1
+schemaIDGUID:: iRgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Available-Pool,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Available-Pool
+attributeID: 1.2.840.113556.1.4.370
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Available-Pool
+adminDescription: RID-Available-Pool
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: rIDAvailablePool
+schemaFlagsEx: 1
+schemaIDGUID:: iBgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Manager-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Manager-Reference
+attributeID: 1.2.840.113556.1.4.368
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Manager-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: RID-Manager-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: rIDManagerReference
+schemaFlagsEx: 1
+schemaIDGUID:: hhgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Next-RID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Next-RID
+attributeID: 1.2.840.113556.1.4.374
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Next-RID
+adminDescription: RID-Next-RID
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: rIDNextRID
+schemaFlagsEx: 1
+schemaIDGUID:: jBgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Previous-Allocation-Pool,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Previous-Allocation-Pool
+attributeID: 1.2.840.113556.1.4.372
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Previous-Allocation-Pool
+adminDescription: RID-Previous-Allocation-Pool
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: rIDPreviousAllocationPool
+schemaFlagsEx: 1
+schemaIDGUID:: ihgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Set-References,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Set-References
+attributeID: 1.2.840.113556.1.4.669
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Set-References
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: RID-Set-References
+oMSyntax: 127
+searchFlags: 8
+lDAPDisplayName: rIDSetReferences
+schemaFlagsEx: 1
+schemaIDGUID:: e8v9ewdI0RGpwwAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Used-Pool,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Used-Pool
+attributeID: 1.2.840.113556.1.4.373
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Used-Pool
+adminDescription: RID-Used-Pool
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: rIDUsedPool
+schemaFlagsEx: 1
+schemaIDGUID:: ixgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Rights-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Rights-Guid
+attributeID: 1.2.840.113556.1.4.340
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Rights-Guid
+adminDescription: Rights-Guid
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: rightsGuid
+schemaFlagsEx: 1
+schemaIDGUID:: HJOXgtOG0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Role-Occupant,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Role-Occupant
+attributeID: 2.5.4.33
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 33061
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Role-Occupant
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Role-Occupant
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: roleOccupant
+schemaIDGUID:: ZXTfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=roomNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: roomNumber
+attributeID: 0.9.2342.19200300.100.1.6
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: roomNumber
+adminDescription: The room number of an object.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: roomNumber
+schemaIDGUID:: wvjXgSfjDUqRxrQtQAkRXw==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Root-Trust,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Root-Trust
+attributeID: 1.2.840.113556.1.4.674
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Root-Trust
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Root-Trust
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: rootTrust
+schemaFlagsEx: 1
+schemaIDGUID:: gMv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Annotation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Annotation
+attributeID: 1.2.840.113556.1.4.366
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Annotation
+adminDescription: rpc-Ns-Annotation
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: rpcNsAnnotation
+schemaIDGUID:: 3hthiPSM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Bindings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Bindings
+attributeID: 1.2.840.113556.1.4.113
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Bindings
+adminDescription: rpc-Ns-Bindings
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: rpcNsBindings
+schemaIDGUID:: I3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Codeset,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Codeset
+attributeID: 1.2.840.113556.1.4.367
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Codeset
+adminDescription: rpc-Ns-Codeset
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: rpcNsCodeset
+schemaIDGUID:: 4KALepiO0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Entry-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Entry-Flags
+attributeID: 1.2.840.113556.1.4.754
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Entry-Flags
+adminDescription: rpc-Ns-Entry-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: rpcNsEntryFlags
+schemaIDGUID:: QSghgNxL0RGpxAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Group
+attributeID: 1.2.840.113556.1.4.114
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Group
+adminDescription: rpc-Ns-Group
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: rpcNsGroup
+schemaIDGUID:: JHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Interface-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Interface-ID
+attributeID: 1.2.840.113556.1.4.115
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Interface-ID
+adminDescription: rpc-Ns-Interface-ID
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: rpcNsInterfaceID
+schemaIDGUID:: JXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Object-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Object-ID
+attributeID: 1.2.840.113556.1.4.312
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Object-ID
+adminDescription: rpc-Ns-Object-ID
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: rpcNsObjectID
+schemaIDGUID:: SBxAKSd60BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Priority
+attributeID: 1.2.840.113556.1.4.117
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Priority
+adminDescription: rpc-Ns-Priority
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: rpcNsPriority
+schemaIDGUID:: J3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Profile-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Profile-Entry
+attributeID: 1.2.840.113556.1.4.118
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Profile-Entry
+adminDescription: rpc-Ns-Profile-Entry
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: rpcNsProfileEntry
+schemaIDGUID:: KHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Transfer-Syntax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Transfer-Syntax
+attributeID: 1.2.840.113556.1.4.314
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Transfer-Syntax
+adminDescription: rpc-Ns-Transfer-Syntax
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: rpcNsTransferSyntax
+schemaIDGUID:: ShxAKSd60BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SAM-Account-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SAM-Account-Name
+attributeID: 1.2.840.113556.1.4.221
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SAM-Account-Name
+adminDescription: SAM-Account-Name
+oMSyntax: 64
+searchFlags: 13
+lDAPDisplayName: sAMAccountName
+schemaFlagsEx: 1
+schemaIDGUID:: 0L8KPmoS0BGgYACqAGwz7Q==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SAM-Account-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SAM-Account-Type
+attributeID: 1.2.840.113556.1.4.302
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SAM-Account-Type
+adminDescription: SAM-Account-Type
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: sAMAccountType
+schemaFlagsEx: 1
+schemaIDGUID:: bGJ7bvJk0BGv0gDAT9kwyQ==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SAM-Domain-Updates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SAM-Domain-Updates
+attributeID: 1.2.840.113556.1.4.1969
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SAM-Domain-Updates
+adminDescription: 
+ Contains a bitmask of performed SAM operations on active directory
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: samDomainUpdates
+schemaFlagsEx: 1
+schemaIDGUID:: FNHSBJn3m0683JDo9bp+vg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Schedule,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Schedule
+attributeID: 1.2.840.113556.1.4.211
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Schedule
+adminDescription: Schedule
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: schedule
+schemaFlagsEx: 1
+schemaIDGUID:: JCJx3eQQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Schema-Flags-Ex,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Schema-Flags-Ex
+attributeID: 1.2.840.113556.1.4.120
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Schema-Flags-Ex
+adminDescription: Schema-Flags-Ex
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: schemaFlagsEx
+schemaFlagsEx: 1
+schemaIDGUID:: K3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Schema-ID-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Schema-ID-GUID
+attributeID: 1.2.840.113556.1.4.148
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Schema-ID-GUID
+adminDescription: Schema-ID-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: schemaIDGUID
+schemaFlagsEx: 1
+schemaIDGUID:: I3mWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Schema-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Schema-Info
+attributeID: 1.2.840.113556.1.4.1358
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Schema-Info
+adminDescription: Schema-Info
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: schemaInfo
+schemaFlagsEx: 1
+schemaIDGUID:: rmT7+bST0hGZRQAA+HpX1A==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Schema-Update,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Schema-Update
+attributeID: 1.2.840.113556.1.4.481
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Schema-Update
+adminDescription: Schema-Update
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: schemaUpdate
+schemaIDGUID:: tAYtHo+s0BGv4wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Schema-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Schema-Version
+attributeID: 1.2.840.113556.1.2.471
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+mAPIID: 33148
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Schema-Version
+adminDescription: Schema-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: schemaVersion
+schemaIDGUID:: LHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Scope-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Scope-Flags
+attributeID: 1.2.840.113556.1.4.1354
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Scope-Flags
+adminDescription: Scope-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: scopeFlags
+schemaIDGUID:: wqTzFnl+0hGZIQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Script-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Script-Path
+attributeID: 1.2.840.113556.1.4.62
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Script-Path
+adminDescription: Script-Path
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: scriptPath
+schemaFlagsEx: 1
+schemaIDGUID:: qHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SD-Rights-Effective,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SD-Rights-Effective
+attributeID: 1.2.840.113556.1.4.1304
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SD-Rights-Effective
+adminDescription: SD-Rights-Effective
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: sDRightsEffective
+schemaFlagsEx: 1
+schemaIDGUID:: pq/bw98z0hGYsgAA+HpX1A==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Search-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Search-Flags
+attributeID: 1.2.840.113556.1.2.334
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+mAPIID: 33069
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Search-Flags
+adminDescription: Search-Flags
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: searchFlags
+schemaFlagsEx: 1
+schemaIDGUID:: LXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Search-Guide,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Search-Guide
+attributeID: 2.5.4.14
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+mAPIID: 33070
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Search-Guide
+adminDescription: Search-Guide
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: searchGuide
+schemaIDGUID:: LnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=secretary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: secretary
+attributeID: 0.9.2342.19200300.100.1.21
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: secretary
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Specifies the secretary of a person.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: secretary
+schemaIDGUID:: mi0HAa2YU0qXROg+KHJ4+w==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Security-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Security-Identifier
+attributeID: 1.2.840.113556.1.4.121
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Security-Identifier
+adminDescription: Security-Identifier
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: securityIdentifier
+schemaFlagsEx: 1
+schemaIDGUID:: L3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=See-Also,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: See-Also
+attributeID: 2.5.4.34
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 33071
+showInAdvancedViewOnly: TRUE
+adminDisplayName: See-Also
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: See-Also
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: seeAlso
+schemaIDGUID:: MXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Seq-Notification,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Seq-Notification
+attributeID: 1.2.840.113556.1.4.504
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Seq-Notification
+adminDescription: Seq-Notification
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: seqNotification
+schemaIDGUID:: 8gys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Serial-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Serial-Number
+attributeID: 2.5.4.5
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 33072
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Serial-Number
+adminDescription: Serial-Number
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: serialNumber
+schemaIDGUID:: MnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Server-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Server-Name
+attributeID: 1.2.840.113556.1.4.223
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Server-Name
+adminDescription: Server-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: serverName
+schemaFlagsEx: 1
+schemaIDGUID:: oLfcCV8W0BGgZACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Server-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Server-Reference
+attributeID: 1.2.840.113556.1.4.515
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 94
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Server-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Server-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: serverReference
+schemaFlagsEx: 1
+schemaIDGUID:: bXPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Server-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Server-Reference-BL
+attributeID: 1.2.840.113556.1.4.516
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 95
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Server-Reference-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Server-Reference-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: serverReferenceBL
+schemaFlagsEx: 1
+schemaIDGUID:: bnPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Server-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Server-Role
+attributeID: 1.2.840.113556.1.4.157
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Server-Role
+adminDescription: Server-Role
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: serverRole
+schemaIDGUID:: M3qWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Server-State,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Server-State
+attributeID: 1.2.840.113556.1.4.154
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Server-State
+adminDescription: Server-State
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: serverState
+schemaFlagsEx: 1
+schemaIDGUID:: NHqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Binding-Information,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-Binding-Information
+attributeID: 1.2.840.113556.1.4.510
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Binding-Information
+adminDescription: Service-Binding-Information
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: serviceBindingInformation
+schemaIDGUID:: HDGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Class-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-Class-ID
+attributeID: 1.2.840.113556.1.4.122
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Class-ID
+adminDescription: Service-Class-ID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: serviceClassID
+schemaIDGUID:: NXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Class-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-Class-Info
+attributeID: 1.2.840.113556.1.4.123
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Class-Info
+adminDescription: Service-Class-Info
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: serviceClassInfo
+schemaIDGUID:: NnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Class-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-Class-Name
+attributeID: 1.2.840.113556.1.4.509
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Class-Name
+adminDescription: Service-Class-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: serviceClassName
+schemaIDGUID:: HTGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-DNS-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-DNS-Name
+attributeID: 1.2.840.113556.1.4.657
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-DNS-Name
+adminDescription: Service-DNS-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: serviceDNSName
+schemaIDGUID:: uA5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-DNS-Name-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-DNS-Name-Type
+attributeID: 1.2.840.113556.1.4.659
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-DNS-Name-Type
+adminDescription: Service-DNS-Name-Type
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: serviceDNSNameType
+schemaIDGUID:: ug5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Instance-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-Instance-Version
+attributeID: 1.2.840.113556.1.4.199
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 8
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Instance-Version
+adminDescription: Service-Instance-Version
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: serviceInstanceVersion
+schemaIDGUID:: N3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Principal-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-Principal-Name
+attributeID: 1.2.840.113556.1.4.771
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Principal-Name
+adminDescription: Service-Principal-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: servicePrincipalName
+schemaFlagsEx: 1
+schemaIDGUID:: iEem8wZT0RGpxQAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Setup-Command,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Setup-Command
+attributeID: 1.2.840.113556.1.4.325
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Setup-Command
+adminDescription: Setup-Command
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: setupCommand
+schemaIDGUID:: lw5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowExpire,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowExpire
+attributeID: 1.3.6.1.1.1.1.10
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowExpire
+adminDescription: Absolute date to expire account
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowExpire
+schemaIDGUID:: AJoVdf8f9EyL/07yaVz2Qw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowFlag,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowFlag
+attributeID: 1.3.6.1.1.1.1.11
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowFlag
+adminDescription: 
+ This is a part of the shadow map used to store the flag value.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowFlag
+schemaIDGUID:: Dbf+jdvFtkaxXqQ4nmzumw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowInactive,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowInactive
+attributeID: 1.3.6.1.1.1.1.9
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowInactive
+adminDescription: Number of days before password expiry to warn user
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowInactive
+schemaIDGUID:: Hx2HhhAzEkOO/a9J3PsmcQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowLastChange,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowLastChange
+attributeID: 1.3.6.1.1.1.1.5
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowLastChange
+adminDescription: Last change of shadow information.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowLastChange
+schemaIDGUID:: nGjy+OgpQ0iBd+i5jhXurA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowMax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowMax
+attributeID: 1.3.6.1.1.1.1.7
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowMax
+adminDescription: Maximum number of days password is valid.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowMax
+schemaIDGUID:: UsmF8t1QnkSRYDuIDZmYjQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowMin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowMin
+attributeID: 1.3.6.1.1.1.1.6
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowMin
+adminDescription: Minimum number of days between shadow changes.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowMin
+schemaIDGUID:: N4drp6HlaEWwV9wS4Evksg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowWarning,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowWarning
+attributeID: 1.3.6.1.1.1.1.8
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowWarning
+adminDescription: Number of days before password expiry to warn user
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowWarning
+schemaIDGUID:: nJzoenYpRkq7ijQPiFYBFw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Shell-Context-Menu,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Shell-Context-Menu
+attributeID: 1.2.840.113556.1.4.615
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Shell-Context-Menu
+adminDescription: Shell-Context-Menu
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: shellContextMenu
+schemaIDGUID:: OdA/VS7z0BGwvADAT9jcpg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Shell-Property-Pages,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Shell-Property-Pages
+attributeID: 1.2.840.113556.1.4.563
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Shell-Property-Pages
+adminDescription: Shell-Property-Pages
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: shellPropertyPages
+schemaIDGUID:: OYBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Short-Server-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Short-Server-Name
+attributeID: 1.2.840.113556.1.4.1209
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Short-Server-Name
+adminDescription: Short-Server-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: shortServerName
+schemaIDGUID:: ARWwRRnE0RG7yQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Show-In-Address-Book,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Show-In-Address-Book
+attributeID: 1.2.840.113556.1.4.644
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Show-In-Address-Book
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Show-In-Address-Book
+oMSyntax: 127
+searchFlags: 16
+lDAPDisplayName: showInAddressBook
+schemaFlagsEx: 1
+schemaIDGUID:: DvZ0PnM+0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Show-In-Advanced-View-Only,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Show-In-Advanced-View-Only
+attributeID: 1.2.840.113556.1.2.169
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Show-In-Advanced-View-Only
+adminDescription: Show-In-Advanced-View-Only
+oMSyntax: 1
+searchFlags: 17
+lDAPDisplayName: showInAdvancedViewOnly
+schemaFlagsEx: 1
+schemaIDGUID:: hHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SID-History,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SID-History
+attributeID: 1.2.840.113556.1.4.609
+attributeSyntax: 2.5.5.17
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SID-History
+adminDescription: SID-History
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: sIDHistory
+schemaFlagsEx: 1
+schemaIDGUID:: eELrF2fR0BGwAgAA+ANnwQ==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Signature-Algorithms,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Signature-Algorithms
+attributeID: 1.2.840.113556.1.4.824
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Signature-Algorithms
+adminDescription: Signature-Algorithms
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: signatureAlgorithms
+schemaIDGUID:: ssU5KmCJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Site-GUID
+attributeID: 1.2.840.113556.1.4.362
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-GUID
+adminDescription: Site-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: siteGUID
+schemaIDGUID:: JImXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Link-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Site-Link-List
+attributeID: 1.2.840.113556.1.4.822
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 142
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-Link-List
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Site-Link-List
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: siteLinkList
+schemaFlagsEx: 1
+schemaIDGUID:: 3SwM1VGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Site-List
+attributeID: 1.2.840.113556.1.4.821
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 144
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-List
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Site-List
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: siteList
+schemaFlagsEx: 1
+schemaIDGUID:: 3CwM1VGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Site-Object
+attributeID: 1.2.840.113556.1.4.512
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 46
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Site-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: siteObject
+schemaFlagsEx: 1
+schemaIDGUID:: TJQQPlTD0BGv+AAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Object-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Site-Object-BL
+attributeID: 1.2.840.113556.1.4.513
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 47
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-Object-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Site-Object-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: siteObjectBL
+schemaIDGUID:: TZQQPlTD0BGv+AAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Site-Server
+attributeID: 1.2.840.113556.1.4.494
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-Server
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Site-Server
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: siteServer
+schemaIDGUID:: fPHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SMTP-Mail-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SMTP-Mail-Address
+attributeID: 1.2.840.113556.1.4.786
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SMTP-Mail-Address
+adminDescription: SMTP-Mail-Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mailAddress
+schemaFlagsEx: 1
+schemaIDGUID:: b3PZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SPN-Mappings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SPN-Mappings
+attributeID: 1.2.840.113556.1.4.1347
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SPN-Mappings
+adminDescription: SPN-Mappings
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: sPNMappings
+schemaFlagsEx: 1
+schemaIDGUID:: bOewKkFw0hGZBQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=State-Or-Province-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: State-Or-Province-Name
+attributeID: 2.5.4.8
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 14888
+showInAdvancedViewOnly: TRUE
+adminDisplayName: State-Or-Province-Name
+adminDescription: State-Or-Province-Name
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: st
+schemaFlagsEx: 1
+schemaIDGUID:: OXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Street-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Street-Address
+attributeID: 2.5.4.9
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+mAPIID: 33082
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Street-Address
+adminDescription: Street-Address
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: street
+schemaFlagsEx: 1
+schemaIDGUID:: OnqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Structural-Object-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Structural-Object-Class
+attributeID: 2.5.21.9
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Structural-Object-Class
+adminDescription: The class hierarchy without auxiliary classes
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: structuralObjectClass
+schemaFlagsEx: 1
+schemaIDGUID:: n5RgOKj2OEuZUIHstrwpgg==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sub-Class-Of,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Sub-Class-Of
+attributeID: 1.2.840.113556.1.2.21
+attributeSyntax: 2.5.5.2
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sub-Class-Of
+adminDescription: Sub-Class-Of
+oMSyntax: 6
+searchFlags: 8
+lDAPDisplayName: subClassOf
+schemaFlagsEx: 1
+schemaIDGUID:: O3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sub-Refs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Sub-Refs
+attributeID: 1.2.840.113556.1.2.7
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 33083
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sub-Refs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Sub-Refs
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: subRefs
+schemaFlagsEx: 1
+schemaIDGUID:: PHqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SubSchemaSubEntry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SubSchemaSubEntry
+attributeID: 2.5.18.10
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SubSchemaSubEntry
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: SubSchemaSubEntry
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: subSchemaSubEntry
+schemaFlagsEx: 1
+schemaIDGUID:: Tdl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Super-Scope-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Super-Scope-Description
+attributeID: 1.2.840.113556.1.4.711
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Super-Scope-Description
+adminDescription: Super-Scope-Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: superScopeDescription
+schemaIDGUID:: TCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Super-Scopes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Super-Scopes
+attributeID: 1.2.840.113556.1.4.710
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Super-Scopes
+adminDescription: Super-Scopes
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: superScopes
+schemaIDGUID:: Syc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Superior-DNS-Root,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Superior-DNS-Root
+attributeID: 1.2.840.113556.1.4.532
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Superior-DNS-Root
+adminDescription: Superior-DNS-Root
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: superiorDNSRoot
+schemaFlagsEx: 1
+schemaIDGUID:: HYBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Supplemental-Credentials,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Supplemental-Credentials
+attributeID: 1.2.840.113556.1.4.125
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Supplemental-Credentials
+adminDescription: Supplemental-Credentials
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: supplementalCredentials
+schemaFlagsEx: 1
+schemaIDGUID:: P3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Supported-Application-Context,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Supported-Application-Context
+attributeID: 2.5.4.30
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+mAPIID: 33085
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Supported-Application-Context
+adminDescription: Supported-Application-Context
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: supportedApplicationContext
+schemaIDGUID:: j1h3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Surname,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Surname
+attributeID: 2.5.4.4
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14865
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Surname
+adminDescription: Surname
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: sn
+schemaFlagsEx: 1
+schemaIDGUID:: QXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sync-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Sync-Attributes
+attributeID: 1.2.840.113556.1.4.666
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sync-Attributes
+adminDescription: Sync-Attributes
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: syncAttributes
+schemaIDGUID:: 5FF2Ax1E0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sync-Membership,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Sync-Membership
+attributeID: 1.2.840.113556.1.4.665
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 78
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sync-Membership
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Sync-Membership
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: syncMembership
+schemaIDGUID:: 41F2Ax1E0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sync-With-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Sync-With-Object
+attributeID: 1.2.840.113556.1.4.664
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sync-With-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Sync-With-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: syncWithObject
+schemaIDGUID:: 4lF2Ax1E0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sync-With-SID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Sync-With-SID
+attributeID: 1.2.840.113556.1.4.667
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sync-With-SID
+adminDescription: Sync-With-SID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: syncWithSID
+schemaIDGUID:: 5VF2Ax1E0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=System-Auxiliary-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: System-Auxiliary-Class
+attributeID: 1.2.840.113556.1.4.198
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: System-Auxiliary-Class
+adminDescription: System-Auxiliary-Class
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: systemAuxiliaryClass
+schemaFlagsEx: 1
+schemaIDGUID:: Q3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=System-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: System-Flags
+attributeID: 1.2.840.113556.1.4.375
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: System-Flags
+adminDescription: System-Flags
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: systemFlags
+schemaFlagsEx: 1
+schemaIDGUID:: Yh764EWb0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=System-May-Contain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: System-May-Contain
+attributeID: 1.2.840.113556.1.4.196
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: System-May-Contain
+adminDescription: System-May-Contain
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: systemMayContain
+schemaFlagsEx: 1
+schemaIDGUID:: RHqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=System-Must-Contain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: System-Must-Contain
+attributeID: 1.2.840.113556.1.4.197
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: System-Must-Contain
+adminDescription: System-Must-Contain
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: systemMustContain
+schemaFlagsEx: 1
+schemaIDGUID:: RXqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=System-Only,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: System-Only
+attributeID: 1.2.840.113556.1.4.170
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: System-Only
+adminDescription: System-Only
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: systemOnly
+schemaFlagsEx: 1
+schemaIDGUID:: RnqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=System-Poss-Superiors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: System-Poss-Superiors
+attributeID: 1.2.840.113556.1.4.195
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: System-Poss-Superiors
+adminDescription: System-Poss-Superiors
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: systemPossSuperiors
+schemaFlagsEx: 1
+schemaIDGUID:: R3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Telephone-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Telephone-Number
+attributeID: 2.5.4.20
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14856
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Telephone-Number
+adminDescription: Telephone-Number
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: telephoneNumber
+schemaIDGUID:: SXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Teletex-Terminal-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Teletex-Terminal-Identifier
+attributeID: 2.5.4.22
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+mAPIID: 33091
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Teletex-Terminal-Identifier
+adminDescription: Teletex-Terminal-Identifier
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: teletexTerminalIdentifier
+schemaIDGUID:: SnqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Telex-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Telex-Number
+attributeID: 2.5.4.21
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 32
+mAPIID: 14892
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Telex-Number
+adminDescription: Telex-Number
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: telexNumber
+schemaIDGUID:: S3qWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Telex-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Telex-Primary
+attributeID: 1.2.840.113556.1.4.648
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Telex-Primary
+adminDescription: Telex-Primary
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: primaryTelexNumber
+schemaIDGUID:: IcGWAtpA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Template-Roots,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Template-Roots
+attributeID: 1.2.840.113556.1.4.1346
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Template-Roots
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Template-Roots
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: templateRoots
+schemaFlagsEx: 1
+schemaIDGUID:: oOmd7UFw0hGZBQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Template-Roots2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Template-Roots2
+attributeID: 1.2.840.113556.1.4.2048
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2126
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Template-Roots2
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute is used on the Exchange config container to indicate where the 
+ template containers are stored. This information is used by the Active Directo
+ ry MAPI provider.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: templateRoots2
+schemaFlagsEx: 1
+schemaIDGUID:: GqnLsYIGYkOmWRU+IB7waQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Terminal-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Terminal-Server
+attributeID: 1.2.840.113556.1.4.885
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 20480
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Terminal-Server
+adminDescription: Terminal-Server
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: terminalServer
+schemaIDGUID:: HJq2bSKU0RGuvQAA+ANnwQ==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Text-Country,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Text-Country
+attributeID: 1.2.840.113556.1.2.131
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 14886
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Text-Country
+adminDescription: Text-Country
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: co
+schemaIDGUID:: p//48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Text-Encoded-OR-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Text-Encoded-OR-Address
+attributeID: 0.9.2342.19200300.100.1.2
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+mAPIID: 35969
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Text-Encoded-OR-Address
+adminDescription: Text-Encoded-OR-Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: textEncodedORAddress
+schemaIDGUID:: iXTfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Time-Refresh,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Time-Refresh
+attributeID: 1.2.840.113556.1.4.503
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Time-Refresh
+adminDescription: Time-Refresh
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: timeRefresh
+schemaIDGUID:: 8Qys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Time-Vol-Change,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Time-Vol-Change
+attributeID: 1.2.840.113556.1.4.502
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Time-Vol-Change
+adminDescription: Time-Vol-Change
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: timeVolChange
+schemaIDGUID:: 8Ays3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Title,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Title
+attributeID: 2.5.4.12
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 14871
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Title
+adminDescription: Title
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: title
+schemaIDGUID:: VXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Token-Groups,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Token-Groups
+attributeID: 1.2.840.113556.1.4.1301
+attributeSyntax: 2.5.5.17
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Token-Groups
+adminDescription: Token-Groups
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: tokenGroups
+schemaFlagsEx: 1
+schemaIDGUID:: bZ7Gt8cs0hGFTgCgyYP2CA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Token-Groups-Global-And-Universal,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Token-Groups-Global-And-Universal
+attributeID: 1.2.840.113556.1.4.1418
+attributeSyntax: 2.5.5.17
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Token-Groups-Global-And-Universal
+adminDescription: Token-Groups-Global-And-Universal
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: tokenGroupsGlobalAndUniversal
+schemaFlagsEx: 1
+schemaIDGUID:: HbGpRq5gWkC36P+KWNRW0g==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Token-Groups-No-GC-Acceptable,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Token-Groups-No-GC-Acceptable
+attributeID: 1.2.840.113556.1.4.1303
+attributeSyntax: 2.5.5.17
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Token-Groups-No-GC-Acceptable
+adminDescription: Token-Groups-No-GC-Acceptable
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: tokenGroupsNoGCAcceptable
+schemaFlagsEx: 1
+schemaIDGUID:: ksMPBN8z0hGYsgAA+HpX1A==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Tombstone-Lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Tombstone-Lifetime
+attributeID: 1.2.840.113556.1.2.54
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 33093
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Tombstone-Lifetime
+adminDescription: Tombstone-Lifetime
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: tombstoneLifetime
+schemaFlagsEx: 1
+schemaIDGUID:: YKjDFnMS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Transport-Address-Attribute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Transport-Address-Attribute
+attributeID: 1.2.840.113556.1.4.895
+attributeSyntax: 2.5.5.2
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Transport-Address-Attribute
+adminDescription: Transport-Address-Attribute
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: transportAddressAttribute
+schemaFlagsEx: 1
+schemaIDGUID:: fIbcwWGi0RG2BgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Transport-DLL-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Transport-DLL-Name
+attributeID: 1.2.840.113556.1.4.789
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Transport-DLL-Name
+adminDescription: Transport-DLL-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: transportDLLName
+schemaFlagsEx: 1
+schemaIDGUID:: cnPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Transport-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Transport-Type
+attributeID: 1.2.840.113556.1.4.791
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Transport-Type
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Transport-Type
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: transportType
+schemaFlagsEx: 1
+schemaIDGUID:: dHPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Treat-As-Leaf,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Treat-As-Leaf
+attributeID: 1.2.840.113556.1.4.806
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Treat-As-Leaf
+adminDescription: Treat-As-Leaf
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: treatAsLeaf
+schemaIDGUID:: 40TQjx930RGurgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Tree-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Tree-Name
+attributeID: 1.2.840.113556.1.4.660
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Tree-Name
+adminDescription: Tree-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: treeName
+schemaIDGUID:: vQ5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Attributes
+attributeID: 1.2.840.113556.1.4.470
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Attributes
+adminDescription: Trust-Attributes
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: trustAttributes
+schemaFlagsEx: 1
+schemaIDGUID:: Wn6mgCKf0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Auth-Incoming,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Auth-Incoming
+attributeID: 1.2.840.113556.1.4.129
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Auth-Incoming
+adminDescription: Trust-Auth-Incoming
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: trustAuthIncoming
+schemaFlagsEx: 1
+schemaIDGUID:: WXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Auth-Outgoing,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Auth-Outgoing
+attributeID: 1.2.840.113556.1.4.135
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Auth-Outgoing
+adminDescription: Trust-Auth-Outgoing
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: trustAuthOutgoing
+schemaFlagsEx: 1
+schemaIDGUID:: X3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Direction,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Direction
+attributeID: 1.2.840.113556.1.4.132
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Direction
+adminDescription: Trust-Direction
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: trustDirection
+schemaFlagsEx: 1
+schemaIDGUID:: XHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Parent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Parent
+attributeID: 1.2.840.113556.1.4.471
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Parent
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Trust-Parent
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: trustParent
+schemaFlagsEx: 1
+schemaIDGUID:: euoAsIag0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Partner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Partner
+attributeID: 1.2.840.113556.1.4.133
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Partner
+adminDescription: Trust-Partner
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: trustPartner
+schemaFlagsEx: 1
+schemaIDGUID:: XXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Posix-Offset,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Posix-Offset
+attributeID: 1.2.840.113556.1.4.134
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Posix-Offset
+adminDescription: Trust-Posix-Offset
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: trustPosixOffset
+schemaFlagsEx: 1
+schemaIDGUID:: XnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Type
+attributeID: 1.2.840.113556.1.4.136
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Type
+adminDescription: Trust-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: trustType
+schemaFlagsEx: 1
+schemaIDGUID:: YHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=UAS-Compat,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: UAS-Compat
+attributeID: 1.2.840.113556.1.4.155
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: UAS-Compat
+adminDescription: UAS-Compat
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: uASCompat
+schemaFlagsEx: 1
+schemaIDGUID:: YXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=uid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: uid
+attributeID: 0.9.2342.19200300.100.1.1
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: uid
+adminDescription: A user ID.
+oMSyntax: 64
+searchFlags: 8
+lDAPDisplayName: uid
+schemaIDGUID:: oPywC4ken0KQGhQTiU2fWQ==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=UidNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: UidNumber
+attributeID: 1.3.6.1.1.1.1.0
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: uidNumber
+adminDescription: 
+ An integer uniquely identifying a user in an administrative domain (RFC 2307)
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: uidNumber
+schemaIDGUID:: j8wPhWuc4Ue2cXxlS+TVsw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=UNC-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: UNC-Name
+attributeID: 1.2.840.113556.1.4.137
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: UNC-Name
+adminDescription: UNC-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: uNCName
+schemaIDGUID:: ZHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Unicode-Pwd,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Unicode-Pwd
+attributeID: 1.2.840.113556.1.4.90
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Unicode-Pwd
+adminDescription: Unicode-Pwd
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: unicodePwd
+schemaFlagsEx: 1
+schemaIDGUID:: 4XmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=uniqueIdentifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: uniqueIdentifier
+attributeID: 0.9.2342.19200300.100.1.44
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: uniqueIdentifier
+adminDescription: 
+ The uniqueIdentifier attribute type specifies a "unique identifier" for an obj
+ ect represented in the Directory.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: uniqueIdentifier
+schemaIDGUID:: x4QBusU47UulJnVCFHBYDA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=uniqueMember,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: uniqueMember
+attributeID: 2.5.4.50
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: uniqueMember
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ The distinguished name for the member of a group. Used by groupOfUniqueNames.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: uniqueMember
+schemaIDGUID:: JoeIjwr410Sx7sud8hOSyA==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=UnixHomeDirectory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: UnixHomeDirectory
+attributeID: 1.3.6.1.1.1.1.3
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: unixHomeDirectory
+adminDescription: The absolute path to the home directory (RFC 2307)
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: unixHomeDirectory
+schemaIDGUID:: ErotvA8ATUa/HQgIRl2IQw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=UnixUserPassword,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: UnixUserPassword
+attributeID: 1.2.840.113556.1.4.1910
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: unixUserPassword
+adminDescription: userPassword compatible with Unix system.
+oMSyntax: 4
+searchFlags: 128
+lDAPDisplayName: unixUserPassword
+schemaIDGUID:: R7csYejAkk+SIf3V8VtVDQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=unstructuredAddress,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: unstructuredAddress
+attributeID: 1.2.840.113549.1.9.8
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: unstructuredAddress
+adminDescription: 
+ The IP address of the router. For example, 100.11.22.33. PKCS #9
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: unstructuredAddress
+schemaIDGUID:: OQiVUEzMkUSGOvz5QtaEtw==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=unstructuredName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: unstructuredName
+attributeID: 1.2.840.113549.1.9.2
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: unstructuredName
+adminDescription: 
+ The DNS name of the router. For example, router1.microsoft.com. PKCS #9
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: unstructuredName
+schemaIDGUID:: d/GOnM9ByUWWc3cWwMiQGw==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Upgrade-Product-Code,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Upgrade-Product-Code
+attributeID: 1.2.840.113556.1.4.813
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Upgrade-Product-Code
+adminDescription: Upgrade-Product-Code
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: upgradeProductCode
+schemaIDGUID:: EoPh2TmJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=UPN-Suffixes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: UPN-Suffixes
+attributeID: 1.2.840.113556.1.4.890
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: UPN-Suffixes
+adminDescription: UPN-Suffixes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: uPNSuffixes
+schemaFlagsEx: 1
+schemaIDGUID:: v2AhAySY0RGuwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Account-Control,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Account-Control
+attributeID: 1.2.840.113556.1.4.8
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Account-Control
+adminDescription: User-Account-Control
+oMSyntax: 2
+searchFlags: 25
+lDAPDisplayName: userAccountControl
+schemaFlagsEx: 1
+schemaIDGUID:: aHqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Cert,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Cert
+attributeID: 1.2.840.113556.1.4.645
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+mAPIID: 14882
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Cert
+adminDescription: User-Cert
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: userCert
+schemaIDGUID:: aXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Comment,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Comment
+attributeID: 1.2.840.113556.1.4.156
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Comment
+adminDescription: User-Comment
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: comment
+schemaFlagsEx: 1
+schemaIDGUID:: anqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Parameters,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Parameters
+attributeID: 1.2.840.113556.1.4.138
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Parameters
+adminDescription: User-Parameters
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: userParameters
+schemaFlagsEx: 1
+schemaIDGUID:: bXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Password,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Password
+attributeID: 2.5.4.35
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 33107
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Password
+adminDescription: User-Password
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: userPassword
+schemaFlagsEx: 1
+schemaIDGUID:: bnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Principal-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Principal-Name
+attributeID: 1.2.840.113556.1.4.656
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Principal-Name
+adminDescription: User-Principal-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: userPrincipalName
+schemaFlagsEx: 1
+schemaIDGUID:: uw5jKNVB0RGpwQAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Shared-Folder,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Shared-Folder
+attributeID: 1.2.840.113556.1.4.751
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Shared-Folder
+adminDescription: User-Shared-Folder
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: userSharedFolder
+schemaIDGUID:: HwKamltK0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Shared-Folder-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Shared-Folder-Other
+attributeID: 1.2.840.113556.1.4.752
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Shared-Folder-Other
+adminDescription: User-Shared-Folder-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: userSharedFolderOther
+schemaIDGUID:: IAKamltK0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-SMIME-Certificate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-SMIME-Certificate
+attributeID: 2.16.840.1.113730.3.140
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 32768
+mAPIID: 14960
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-SMIME-Certificate
+adminDescription: User-SMIME-Certificate
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: userSMIMECertificate
+schemaIDGUID:: sp1q4TxA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Workstations,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Workstations
+attributeID: 1.2.840.113556.1.4.86
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Workstations
+adminDescription: User-Workstations
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: userWorkstations
+schemaFlagsEx: 1
+schemaIDGUID:: 13mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=userClass,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: userClass
+attributeID: 0.9.2342.19200300.100.1.8
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: userClass
+adminDescription: 
+ The userClass attribute type specifies a category of computer user.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: userClass
+schemaIDGUID:: iipzEU3hxUy5L9k/UcbY5A==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=userPKCS12,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: userPKCS12
+attributeID: 2.16.840.1.113730.3.1.216
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: userPKCS12
+adminDescription: 
+ PKCS #12 PFX PDU for exchange of personal identity information.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: userPKCS12
+schemaIDGUID:: tYqZI/hwB0CkwahKODEfmg==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=USN-Changed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: USN-Changed
+attributeID: 1.2.840.113556.1.2.120
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+mAPIID: 32809
+showInAdvancedViewOnly: TRUE
+adminDisplayName: USN-Changed
+adminDescription: USN-Changed
+oMSyntax: 65
+searchFlags: 9
+lDAPDisplayName: uSNChanged
+schemaFlagsEx: 1
+schemaIDGUID:: b3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=USN-Created,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: USN-Created
+attributeID: 1.2.840.113556.1.2.19
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+mAPIID: 33108
+showInAdvancedViewOnly: TRUE
+adminDisplayName: USN-Created
+adminDescription: USN-Created
+oMSyntax: 65
+searchFlags: 9
+lDAPDisplayName: uSNCreated
+schemaFlagsEx: 1
+schemaIDGUID:: cHqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=USN-DSA-Last-Obj-Removed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: USN-DSA-Last-Obj-Removed
+attributeID: 1.2.840.113556.1.2.267
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+mAPIID: 33109
+showInAdvancedViewOnly: TRUE
+adminDisplayName: USN-DSA-Last-Obj-Removed
+adminDescription: USN-DSA-Last-Obj-Removed
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: uSNDSALastObjRemoved
+schemaFlagsEx: 1
+schemaIDGUID:: cXqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=USN-Intersite,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: USN-Intersite
+attributeID: 1.2.840.113556.1.2.469
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 33146
+showInAdvancedViewOnly: TRUE
+adminDisplayName: USN-Intersite
+adminDescription: USN-Intersite
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: USNIntersite
+schemaIDGUID:: mHTfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=USN-Last-Obj-Rem,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: USN-Last-Obj-Rem
+attributeID: 1.2.840.113556.1.2.121
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+mAPIID: 33110
+showInAdvancedViewOnly: TRUE
+adminDisplayName: USN-Last-Obj-Rem
+adminDescription: USN-Last-Obj-Rem
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: uSNLastObjRem
+schemaFlagsEx: 1
+schemaIDGUID:: c3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=USN-Source,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: USN-Source
+attributeID: 1.2.840.113556.1.4.896
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+mAPIID: 33111
+showInAdvancedViewOnly: TRUE
+adminDisplayName: USN-Source
+adminDescription: USN-Source
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: uSNSource
+schemaIDGUID:: rVh3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Valid-Accesses,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Valid-Accesses
+attributeID: 1.2.840.113556.1.4.1356
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Valid-Accesses
+adminDescription: Valid-Accesses
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: validAccesses
+schemaFlagsEx: 1
+schemaIDGUID:: gKMvTVR/0hGZKgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Vendor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Vendor
+attributeID: 1.2.840.113556.1.4.255
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Vendor
+adminDescription: Vendor
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: vendor
+schemaIDGUID:: 3xYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Version-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Version-Number
+attributeID: 1.2.840.113556.1.4.141
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Version-Number
+adminDescription: Version-Number
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: versionNumber
+schemaIDGUID:: dnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Version-Number-Hi,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Version-Number-Hi
+attributeID: 1.2.840.113556.1.4.328
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Version-Number-Hi
+adminDescription: Version-Number-Hi
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: versionNumberHi
+schemaIDGUID:: mg5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Version-Number-Lo,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Version-Number-Lo
+attributeID: 1.2.840.113556.1.4.329
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Version-Number-Lo
+adminDescription: Version-Number-Lo
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: versionNumberLo
+schemaIDGUID:: mw5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Vol-Table-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Vol-Table-GUID
+attributeID: 1.2.840.113556.1.4.336
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Vol-Table-GUID
+adminDescription: Vol-Table-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: volTableGUID
+schemaIDGUID:: /XUAH0B+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Vol-Table-Idx-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Vol-Table-Idx-GUID
+attributeID: 1.2.840.113556.1.4.334
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Vol-Table-Idx-GUID
+adminDescription: Vol-Table-Idx-GUID
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: volTableIdxGUID
+schemaIDGUID:: +3UAH0B+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Volume-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Volume-Count
+attributeID: 1.2.840.113556.1.4.507
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Volume-Count
+adminDescription: Volume-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: volumeCount
+schemaIDGUID:: F6KqNJm20BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Wbem-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Wbem-Path
+attributeID: 1.2.840.113556.1.4.301
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Wbem-Path
+adminDescription: Wbem-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: wbemPath
+schemaIDGUID:: cClLJL1a0BGv0gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Well-Known-Objects,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Well-Known-Objects
+attributeID: 1.2.840.113556.1.4.618
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Well-Known-Objects
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: Well-Known-Objects
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: wellKnownObjects
+schemaFlagsEx: 1
+schemaIDGUID:: g4kwBYh20RGt7QDAT9jVzQ==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=When-Changed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: When-Changed
+attributeID: 1.2.840.113556.1.2.3
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+mAPIID: 12296
+showInAdvancedViewOnly: TRUE
+adminDisplayName: When-Changed
+adminDescription: When-Changed
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: whenChanged
+schemaFlagsEx: 1
+schemaIDGUID:: d3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=When-Created,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: When-Created
+attributeID: 1.2.840.113556.1.2.2
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+mAPIID: 12295
+showInAdvancedViewOnly: TRUE
+adminDisplayName: When-Created
+adminDescription: When-Created
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: whenCreated
+schemaFlagsEx: 1
+schemaIDGUID:: eHqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Winsock-Addresses,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Winsock-Addresses
+attributeID: 1.2.840.113556.1.4.142
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Winsock-Addresses
+adminDescription: Winsock-Addresses
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: winsockAddresses
+schemaIDGUID:: eXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=WWW-Home-Page,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: WWW-Home-Page
+attributeID: 1.2.840.113556.1.2.464
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: WWW-Home-Page
+adminDescription: WWW-Home-Page
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: wWWHomePage
+schemaIDGUID:: enqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: s5VX5FWU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=WWW-Page-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: WWW-Page-Other
+attributeID: 1.2.840.113556.1.4.749
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+mAPIID: 33141
+showInAdvancedViewOnly: TRUE
+adminDisplayName: WWW-Page-Other
+adminDescription: WWW-Page-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: url
+schemaIDGUID:: IQKamltK0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: s5VX5FWU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=X121-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: X121-Address
+attributeID: 2.5.4.24
+attributeSyntax: 2.5.5.6
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 15
+mAPIID: 33112
+showInAdvancedViewOnly: TRUE
+adminDisplayName: X121-Address
+adminDescription: X121-Address
+oMSyntax: 18
+searchFlags: 0
+lDAPDisplayName: x121Address
+schemaIDGUID:: e3qWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=x500uniqueIdentifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: x500uniqueIdentifier
+attributeID: 2.5.4.45
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: x500uniqueIdentifier
+adminDescription: 
+ Used to distinguish between objects when a distinguished name has been reused.
+   This is a different attribute type from both the "uid" and "uniqueIdentifier
+ " types.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: x500uniqueIdentifier
+schemaIDGUID:: H6F90D2KtkKwqnbJYr5xmg==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=X509-Cert,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: X509-Cert
+attributeID: 2.5.4.36
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 32768
+mAPIID: 35946
+showInAdvancedViewOnly: TRUE
+adminDisplayName: X509-Cert
+adminDescription: X509-Cert
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: userCertificate
+schemaIDGUID:: f3qWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
diff --git a/source4/setup/ad-schema/AD_DS_Classes_Windows_Server_v1903.ldf b/source4/setup/ad-schema/AD_DS_Classes_Windows_Server_v1903.ldf
new file mode 100644
index 0000000..ca8d010
--- /dev/null
+++ b/source4/setup/ad-schema/AD_DS_Classes_Windows_Server_v1903.ldf
@@ -0,0 +1,8469 @@
+# Intellectual Property Rights Notice for Open Specifications Documentation
+# - Technical Documentation. Microsoft publishes Open Specifications documentation (“this documentation”) for protocols, file formats, data portability, computer languages, and standards support. Additionally, overview documents cover inter-protocol relationships and interactions.
+# - Copyrights. This documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you can make copies of it in order to develop implementations of the technologies that are described in this documentation and can distribute portions of it in your implementations that use these technologies or in your documentation as necessary to properly document the implementation. You can also distribute in your implementation, with or without modification, any schemas, IDLs, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the Open Specifications documentation.
+# - No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation.
+# - Patents. Microsoft has patents that might cover your implementations of the technologies described in the Open Specifications documentation. Neither this notice nor Microsoft's delivery of this documentation grants any licenses under those patents or any other Microsoft patents. However, a given Open Specifications document might be covered by the Microsoft Open Specifications Promise (available here: https://docs.microsoft.com/en-us/openspecs/dev_center/ms-devcentlp/1c24c7c8-28b0-4ce1-a47d-95fe1ff504bc) or the Microsoft Community Promise (available here: https://docs.microsoft.com/en-us/openspecs/dev_center/ms-devcentlp/8b8d1b7a-a10a-4667-9558-6d9c43adf60d). If you would prefer a written license, or if the technologies described in this documentation are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting iplg@microsoft.com.
+# - License Programs. To see all of the protocols in scope under a specific license program and the associated patents, visit the Patent Map (available here: https://docs.microsoft.com/en-us/openspecs/dev_center/ms-devcentlp/13571077-e344-4e6f-a477-369894979798).
+# - Trademarks. The names of companies and products contained in this documentation might be covered by trademarks or similar intellectual property rights. This notice does not grant any licenses under those rights. For a list of Microsoft trademarks, visit https://www.microsoft.com/trademarks.
+# - Fictitious Names. The example companies, organizations, products, domain names, email addresses, logos, people, places, and events that are depicted in this documentation are fictitious. No association with any real company, organization, product, domain name, email address, logo, person, place, or event is intended or should be inferred.
+# Reservation of Rights. All other rights are reserved, and this notice does not grant any rights other than as specifically described above, whether by implication, estoppel, or otherwise.
+# Tools. The Open Specifications documentation does not require the use of Microsoft programming tools or programming environments in order for you to develop an implementation. If you have access to Microsoft programming tools and environments, you are free to take advantage of them. Certain Open Specifications documents are intended for use in conjunction with publicly available standards specifications and network programming art and, as such, assume that the reader either is familiar with the aforementioned material or has immediate access to it.
+# Support. For questions and support, please contact dochelp@microsoft.com.
+
+# The following class schema definitions were generated from the Windows Server v1903 version of Active Directory Domain Services (AD DS).
+
+dn: CN=Organization,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Organization
+subClassOf: top
+governsID: 2.5.6.4
+rDNAttID: o
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Organization
+adminDescription: Organization
+objectClassCategory: 1
+lDAPDisplayName: organization
+schemaIDGUID:: o3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: locality
+systemPossSuperiors: country
+systemPossSuperiors: domainDNS
+systemMayContain: x121Address
+systemMayContain: userPassword
+systemMayContain: telexNumber
+systemMayContain: teletexTerminalIdentifier
+systemMayContain: telephoneNumber
+systemMayContain: street
+systemMayContain: st
+systemMayContain: seeAlso
+systemMayContain: searchGuide
+systemMayContain: registeredAddress
+systemMayContain: preferredDeliveryMethod
+systemMayContain: postalCode
+systemMayContain: postalAddress
+systemMayContain: postOfficeBox
+systemMayContain: physicalDeliveryOfficeName
+systemMayContain: l
+systemMayContain: internationalISDNNumber
+systemMayContain: facsimileTelephoneNumber
+systemMayContain: destinationIndicator
+systemMayContain: businessCategory
+systemMustContain: o
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Organization,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTDS-DSA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTDS-DSA
+subClassOf: applicationSettings
+governsID: 1.2.840.113556.1.5.7000.47
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTDS-DSA
+adminDescription: NTDS-DSA
+objectClassCategory: 1
+lDAPDisplayName: nTDSDSA
+schemaIDGUID:: q//48JER0BGgYACqAGwz7Q==
+systemOnly: TRUE
+systemPossSuperiors: organization
+systemPossSuperiors: server
+systemMayContain: msDS-EnabledFeature
+systemMayContain: msDS-IsUserCachableAtRodc
+systemMayContain: msDS-SiteName
+systemMayContain: msDS-isRODC
+systemMayContain: msDS-isGC
+systemMayContain: msDS-RevealedUsers
+systemMayContain: msDS-RevealOnDemandGroup
+systemMayContain: msDS-NeverRevealGroup
+systemMayContain: msDS-hasFullReplicaNCs
+systemMayContain: serverReference
+systemMayContain: msDS-RetiredReplNCSignatures
+systemMayContain: retiredReplDSASignatures
+systemMayContain: queryPolicyObject
+systemMayContain: options
+systemMayContain: networkAddress
+systemMayContain: msDS-ReplicationEpoch
+systemMayContain: msDS-HasInstantiatedNCs
+systemMayContain: msDS-hasMasterNCs
+systemMayContain: msDS-HasDomainNCs
+systemMayContain: msDS-Behavior-Version
+systemMayContain: managedBy
+systemMayContain: lastBackupRestorationTime
+systemMayContain: invocationId
+systemMayContain: hasPartialReplicaNCs
+systemMayContain: hasMasterNCs
+systemMayContain: fRSRootPath
+systemMayContain: dMDLocation
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTDS-DSA,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DMD,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: DMD
+subClassOf: top
+governsID: 1.2.840.113556.1.3.9
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DMD
+adminDescription: DMD
+objectClassCategory: 1
+lDAPDisplayName: dMD
+schemaIDGUID:: j3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemPossSuperiors: configuration
+systemMayContain: msDS-USNLastSyncSuccess
+systemMayContain: schemaUpdate
+systemMayContain: schemaInfo
+systemMayContain: prefixMap
+systemMayContain: msDs-Schema-Extensions
+systemMayContain: msDS-IntId
+systemMayContain: dmdName
+systemMustContain: cn
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=DMD,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SubSchema,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: SubSchema
+subClassOf: top
+governsID: 2.5.20.1
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SubSchema
+adminDescription: SubSchema
+objectClassCategory: 1
+lDAPDisplayName: subSchema
+schemaIDGUID:: YTKLWo3D0RG7yQCAx2ZwwA==
+systemOnly: TRUE
+systemPossSuperiors: dMD
+systemMayContain: objectClasses
+systemMayContain: modifyTimeStamp
+systemMayContain: extendedClassInfo
+systemMayContain: extendedAttributeInfo
+systemMayContain: dITContentRules
+systemMayContain: attributeTypes
+defaultSecurityDescriptor: D:S:
+systemFlags: 134217744
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=SubSchema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Attribute-Schema
+subClassOf: top
+governsID: 1.2.840.113556.1.3.14
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Attribute-Schema
+adminDescription: Attribute-Schema
+objectClassCategory: 1
+lDAPDisplayName: attributeSchema
+schemaIDGUID:: gHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: dMD
+systemMayContain: systemOnly
+systemMayContain: searchFlags
+systemMayContain: schemaFlagsEx
+systemMayContain: rangeUpper
+systemMayContain: rangeLower
+systemMayContain: oMObjectClass
+systemMayContain: msDs-Schema-Extensions
+systemMayContain: msDS-IntId
+systemMayContain: mAPIID
+systemMayContain: linkID
+systemMayContain: isMemberOfPartialAttributeSet
+systemMayContain: isEphemeral
+systemMayContain: isDefunct
+systemMayContain: extendedCharsAllowed
+systemMayContain: classDisplayName
+systemMayContain: attributeSecurityGUID
+systemMustContain: schemaIDGUID
+systemMustContain: oMSyntax
+systemMustContain: lDAPDisplayName
+systemMustContain: isSingleValued
+systemMustContain: cn
+systemMustContain: attributeSyntax
+systemMustContain: attributeID
+defaultSecurityDescriptor: D:S:
+systemFlags: 134217744
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=account,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: account
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 0.9.2342.19200300.100.4.5
+mayContain: uid
+mayContain: host
+mayContain: ou
+mayContain: o
+mayContain: l
+mayContain: seeAlso
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: account
+adminDescription: 
+The account object class is used to define entries representing computer accounts.
+objectClassCategory: 1
+lDAPDisplayName: account
+schemaIDGUID:: aqQoJq2m4Eq4VCsS2f5vng==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=account,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Class-Schema
+subClassOf: top
+governsID: 1.2.840.113556.1.3.13
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Class-Schema
+adminDescription: Class-Schema
+objectClassCategory: 1
+lDAPDisplayName: classSchema
+schemaIDGUID:: g3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: dMD
+systemMayContain: systemPossSuperiors
+systemMayContain: systemOnly
+systemMayContain: systemMustContain
+systemMayContain: systemMayContain
+systemMayContain: systemAuxiliaryClass
+systemMayContain: schemaFlagsEx
+systemMayContain: rDNAttID
+systemMayContain: possSuperiors
+systemMayContain: mustContain
+systemMayContain: msDs-Schema-Extensions
+systemMayContain: msDS-IntId
+systemMayContain: mayContain
+systemMayContain: lDAPDisplayName
+systemMayContain: isDefunct
+systemMayContain: defaultSecurityDescriptor
+systemMayContain: defaultHidingValue
+systemMayContain: classDisplayName
+systemMayContain: auxiliaryClass
+systemMustContain: subClassOf
+systemMustContain: schemaIDGUID
+systemMustContain: objectClassCategory
+systemMustContain: governsID
+systemMustContain: defaultObjectCategory
+systemMustContain: cn
+defaultSecurityDescriptor: D:S:
+systemFlags: 134217744
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ACS-Policy
+subClassOf: top
+governsID: 1.2.840.113556.1.5.137
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Policy
+adminDescription: ACS-Policy
+objectClassCategory: 1
+lDAPDisplayName: aCSPolicy
+schemaIDGUID:: iBJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: aCSTotalNoOfFlows
+systemMayContain: aCSTimeOfDay
+systemMayContain: aCSServiceType
+systemMayContain: aCSPriority
+systemMayContain: aCSPermissionBits
+systemMayContain: aCSMinimumDelayVariation
+systemMayContain: aCSMinimumLatency
+systemMayContain: aCSMaximumSDUSize
+systemMayContain: aCSMinimumPolicedSize
+systemMayContain: aCSMaxTokenRatePerFlow
+systemMayContain: aCSMaxTokenBucketPerFlow
+systemMayContain: aCSMaxPeakBandwidthPerFlow
+systemMayContain: aCSMaxDurationPerFlow
+systemMayContain: aCSMaxAggregatePeakRatePerUser
+systemMayContain: aCSIdentityName
+systemMayContain: aCSDirection
+systemMayContain: aCSAggregateTokenRatePerUser
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ACS-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Resource-Limits,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ACS-Resource-Limits
+subClassOf: top
+governsID: 1.2.840.113556.1.5.191
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Resource-Limits
+adminDescription: ACS-Resource-Limits
+objectClassCategory: 1
+lDAPDisplayName: aCSResourceLimits
+schemaIDGUID:: BJuJLjQo0xGR1AAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: aCSMaxTokenRatePerFlow
+systemMayContain: aCSServiceType
+systemMayContain: aCSMaxPeakBandwidthPerFlow
+systemMayContain: aCSMaxPeakBandwidth
+systemMayContain: aCSAllocableRSVPBandwidth
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ACS-Resource-Limits,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Subnet,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ACS-Subnet
+subClassOf: top
+governsID: 1.2.840.113556.1.5.138
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Subnet
+adminDescription: ACS-Subnet
+objectClassCategory: 1
+lDAPDisplayName: aCSSubnet
+schemaIDGUID:: iRJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: aCSServerList
+systemMayContain: aCSRSVPLogFilesLocation
+systemMayContain: aCSRSVPAccountFilesLocation
+systemMayContain: aCSNonReservedTxSize
+systemMayContain: aCSNonReservedTxLimit
+systemMayContain: aCSNonReservedTokenSize
+systemMayContain: aCSNonReservedPeakRate
+systemMayContain: aCSNonReservedMinPolicedSize
+systemMayContain: aCSNonReservedMaxSDUSize
+systemMayContain: aCSMaxTokenRatePerFlow
+systemMayContain: aCSMaxSizeOfRSVPLogFile
+systemMayContain: aCSMaxSizeOfRSVPAccountFile
+systemMayContain: aCSMaxPeakBandwidthPerFlow
+systemMayContain: aCSMaxPeakBandwidth
+systemMayContain: aCSMaxNoOfLogFiles
+systemMayContain: aCSMaxNoOfAccountFiles
+systemMayContain: aCSMaxDurationPerFlow
+systemMayContain: aCSEventLogLevel
+systemMayContain: aCSEnableRSVPMessageLogging
+systemMayContain: aCSEnableRSVPAccounting
+systemMayContain: aCSEnableACSService
+systemMayContain: aCSDSBMRefresh
+systemMayContain: aCSDSBMPriority
+systemMayContain: aCSDSBMDeadTime
+systemMayContain: aCSCacheTimeout
+systemMayContain: aCSAllocableRSVPBandwidth
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ACS-Subnet,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Book-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Address-Book-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.125
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Book-Container
+adminDescription: Address-Book-Container
+objectClassCategory: 1
+lDAPDisplayName: addressBookContainer
+schemaIDGUID:: D/Z0PnM+0RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: addressBookContainer
+systemPossSuperiors: configuration
+systemMayContain: purportedSearch
+systemMustContain: displayName
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(OA;;CR;a1990816-4298-11d1-ade2-00c04fd8d5cd;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Address-Book-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Template,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Address-Template
+subClassOf: displayTemplate
+governsID: 1.2.840.113556.1.3.58
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Template
+adminDescription: Address-Template
+objectClassCategory: 1
+lDAPDisplayName: addressTemplate
+schemaIDGUID:: CiXUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: proxyGenerationEnabled
+systemMayContain: perRecipDialogDisplayTable
+systemMayContain: perMsgDialogDisplayTable
+systemMayContain: addressType
+systemMayContain: addressSyntax
+systemMustContain: displayName
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Address-Template,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Application-Entity,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Application-Entity
+subClassOf: top
+governsID: 2.5.6.12
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Application-Entity
+adminDescription: Application-Entity
+objectClassCategory: 1
+lDAPDisplayName: applicationEntity
+schemaIDGUID:: T+7fP/RH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: applicationProcess
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: supportedApplicationContext
+systemMayContain: seeAlso
+systemMayContain: ou
+systemMayContain: o
+systemMayContain: l
+systemMustContain: presentationAddress
+systemMustContain: cn
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Application-Entity,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Application-Process,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Application-Process
+subClassOf: top
+governsID: 2.5.6.11
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Application-Process
+adminDescription: Application-Process
+objectClassCategory: 1
+lDAPDisplayName: applicationProcess
+schemaIDGUID:: CyXUX2IS0BGgYACqAGwz7Q==
+systemOnly: TRUE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: organization
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemMayContain: seeAlso
+systemMayContain: ou
+systemMayContain: l
+systemMustContain: cn
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Application-Process,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Application-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Application-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.5.7000.49
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Application-Settings
+adminDescription: Application-Settings
+objectClassCategory: 2
+lDAPDisplayName: applicationSettings
+schemaIDGUID:: wayA9/BW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: server
+systemMayContain: notificationList
+systemMayContain: msDS-Settings
+systemMayContain: applicationName
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Application-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Application-Site-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Application-Site-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.5.68
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Application-Site-Settings
+adminDescription: Application-Site-Settings
+objectClassCategory: 2
+lDAPDisplayName: applicationSiteSettings
+schemaIDGUID:: XFoZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: site
+systemMayContain: notificationList
+systemMayContain: applicationName
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Application-Site-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Application-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Application-Version
+possSuperiors: organizationalUnit
+possSuperiors: computer
+possSuperiors: container
+subClassOf: applicationSettings
+governsID: 1.2.840.113556.1.5.216
+mayContain: owner
+mayContain: managedBy
+mayContain: keywords
+mayContain: versionNumberLo
+mayContain: versionNumberHi
+mayContain: versionNumber
+mayContain: vendor
+mayContain: appSchemaVersion
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Application-Version
+adminDescription: 
+ Stores versioning information for an application and its schema.
+objectClassCategory: 1
+lDAPDisplayName: applicationVersion
+schemaIDGUID:: rJDH3U2vKkSPD6HUyqfdkg==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 0
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Application-Version,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Builtin-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Builtin-Domain
+subClassOf: top
+governsID: 1.2.840.113556.1.5.4
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Builtin-Domain
+adminDescription: Builtin-Domain
+objectClassCategory: 1
+lDAPDisplayName: builtinDomain
+schemaIDGUID:: gXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemAuxiliaryClass: samDomainBase
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Builtin-Domain,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Category-Registration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Category-Registration
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.74
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Category-Registration
+adminDescription: Category-Registration
+objectClassCategory: 1
+lDAPDisplayName: categoryRegistration
+schemaIDGUID:: nQ5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: classStore
+systemMayContain: managedBy
+systemMayContain: localizedDescription
+systemMayContain: localeID
+systemMayContain: categoryId
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Category-Registration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Certification-Authority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Certification-Authority
+subClassOf: top
+governsID: 2.5.6.16
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Certification-Authority
+adminDescription: Certification-Authority
+objectClassCategory: 0
+lDAPDisplayName: certificationAuthority
+schemaIDGUID:: UO7fP/RH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: teletexTerminalIdentifier
+systemMayContain: supportedApplicationContext
+systemMayContain: signatureAlgorithms
+systemMayContain: searchGuide
+systemMayContain: previousParentCA
+systemMayContain: previousCACertificates
+systemMayContain: pendingParentCA
+systemMayContain: pendingCACertificates
+systemMayContain: parentCACertificateChain
+systemMayContain: parentCA
+systemMayContain: enrollmentProviders
+systemMayContain: domainPolicyObject
+systemMayContain: domainID
+systemMayContain: dNSHostName
+systemMayContain: deltaRevocationList
+systemMayContain: currentParentCA
+systemMayContain: crossCertificatePair
+systemMayContain: cRLObject
+systemMayContain: certificateTemplates
+systemMayContain: cAWEBURL
+systemMayContain: cAUsages
+systemMayContain: cAConnect
+systemMayContain: cACertificateDN
+systemMustContain: cn
+systemMustContain: certificateRevocationList
+systemMustContain: cACertificate
+systemMustContain: authorityRevocationList
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Certification-Authority,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Class-Registration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Class-Registration
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.10
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Class-Registration
+adminDescription: Class-Registration
+objectClassCategory: 1
+lDAPDisplayName: classRegistration
+schemaIDGUID:: gnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: classStore
+systemMayContain: requiredCategories
+systemMayContain: managedBy
+systemMayContain: implementedCategories
+systemMayContain: cOMTreatAsClassId
+systemMayContain: cOMProgID
+systemMayContain: cOMOtherProgId
+systemMayContain: cOMInterfaceID
+systemMayContain: cOMCLSID
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Class-Registration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Class-Store,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Class-Store
+subClassOf: top
+governsID: 1.2.840.113556.1.5.44
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Class-Store
+adminDescription: Class-Store
+objectClassCategory: 1
+lDAPDisplayName: classStore
+schemaIDGUID:: hHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: domainPolicy
+systemPossSuperiors: computer
+systemPossSuperiors: group
+systemPossSuperiors: user
+systemPossSuperiors: classStore
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemPossSuperiors: container
+systemMayContain: versionNumber
+systemMayContain: nextLevelStore
+systemMayContain: lastUpdateSequence
+systemMayContain: appSchemaVersion
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Class-Store,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Com-Connection-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Com-Connection-Point
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.11
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Com-Connection-Point
+adminDescription: Com-Connection-Point
+objectClassCategory: 1
+lDAPDisplayName: comConnectionPoint
+schemaIDGUID:: hXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: monikerDisplayName
+systemMayContain: moniker
+systemMayContain: marshalledInterface
+systemMustContain: cn
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Com-Connection-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Computer
+subClassOf: user
+governsID: 1.2.840.113556.1.3.30
+mayContain: msSFU30Name
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Aliases
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Computer
+adminDescription: Computer
+auxiliaryClass: ipHost
+objectClassCategory: 1
+lDAPDisplayName: computer
+schemaIDGUID:: hnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: msImaging-HashAlgorithm
+systemMayContain: msImaging-ThumbprintHash
+systemMayContain: msDS-GenerationId
+systemMayContain: msTPM-TpmInformationForComputer
+systemMayContain: msTSSecondaryDesktopBL
+systemMayContain: msTSPrimaryDesktopBL
+systemMayContain: msTSEndpointPlugin
+systemMayContain: msTSEndpointType
+systemMayContain: msTSEndpointData
+systemMayContain: msDS-HostServiceAccount
+systemMayContain: msDS-IsUserCachableAtRodc
+systemMayContain: msTSProperty02
+systemMayContain: msTSProperty01
+systemMayContain: msTPM-OwnerInformation
+systemMayContain: msDS-RevealOnDemandGroup
+systemMayContain: msDS-NeverRevealGroup
+systemMayContain: msDS-PromotionSettings
+systemMayContain: msDS-SiteName
+systemMayContain: msDS-isRODC
+systemMayContain: msDS-isGC
+systemMayContain: msDS-AuthenticatedAtDC
+systemMayContain: msDS-ExecuteScriptPassword
+systemMayContain: msDS-RevealedList
+systemMayContain: msDS-RevealedUsers
+systemMayContain: msDS-KrbTgtLink
+systemMayContain: volumeCount
+systemMayContain: siteGUID
+systemMayContain: rIDSetReferences
+systemMayContain: policyReplicationFlags
+systemMayContain: physicalLocationObject
+systemMayContain: operatingSystemVersion
+systemMayContain: operatingSystemServicePack
+systemMayContain: operatingSystemHotfix
+systemMayContain: operatingSystem
+systemMayContain: networkAddress
+systemMayContain: netbootSIFFile
+systemMayContain: netbootMirrorDataFile
+systemMayContain: netbootMachineFilePath
+systemMayContain: netbootInitialization
+systemMayContain: netbootDUID
+systemMayContain: netbootGUID
+systemMayContain: msDS-AdditionalSamAccountName
+systemMayContain: msDS-AdditionalDnsHostName
+systemMayContain: managedBy
+systemMayContain: machineRole
+systemMayContain: location
+systemMayContain: localPolicyFlags
+systemMayContain: dNSHostName
+systemMayContain: defaultLocalPolicyObject
+systemMayContain: cn
+systemMayContain: catalogs
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCRLCLORCSDDT;;;CO)(OA;;WP;4c164200-20c0-11d0-a768-00aa006e0529;;CO)(A;;RPLCLORC;;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(A;;CCDC;;;PS)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO)(OA;;WP;3e0abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967950-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Configuration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Configuration
+subClassOf: top
+governsID: 1.2.840.113556.1.5.12
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Configuration
+adminDescription: Configuration
+objectClassCategory: 1
+lDAPDisplayName: configuration
+schemaIDGUID:: h3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemPossSuperiors: domainDNS
+systemMayContain: msDS-USNLastSyncSuccess
+systemMayContain: gPOptions
+systemMayContain: gPLink
+systemMustContain: cn
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Configuration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Connection-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Connection-Point
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.14
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Connection-Point
+adminDescription: Connection-Point
+objectClassCategory: 2
+lDAPDisplayName: connectionPoint
+schemaIDGUID:: zx60XEwO0BGihgCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemMayContain: msDS-Settings
+systemMayContain: managedBy
+systemMayContain: keywords
+systemMustContain: cn
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Connection-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Contact,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Contact
+subClassOf: organizationalPerson
+governsID: 1.2.840.113556.1.5.15
+mayContain: msDS-SourceObjectDN
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Contact
+adminDescription: Contact
+objectClassCategory: 1
+lDAPDisplayName: contact
+schemaIDGUID:: 0B60XEwO0BGihgCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: msDS-preferredDataLocation
+systemMayContain: notes
+systemMustContain: cn
+systemAuxiliaryClass: mailRecipient
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Person,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Person
+subClassOf: top
+governsID: 2.5.6.6
+mayContain: attributeCertificateAttribute
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Person
+adminDescription: Person
+objectClassCategory: 0
+lDAPDisplayName: person
+schemaIDGUID:: p3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: userPassword
+systemMayContain: telephoneNumber
+systemMayContain: sn
+systemMayContain: serialNumber
+systemMayContain: seeAlso
+systemMustContain: cn
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Container
+subClassOf: top
+governsID: 1.2.840.113556.1.3.23
+mayContain: msDS-ObjectReference
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Container
+adminDescription: Container
+objectClassCategory: 1
+lDAPDisplayName: container
+schemaIDGUID:: i3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: msDS-AzScope
+systemPossSuperiors: msDS-AzApplication
+systemPossSuperiors: msDS-AzAdminManager
+systemPossSuperiors: subnet
+systemPossSuperiors: server
+systemPossSuperiors: nTDSService
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organization
+systemPossSuperiors: configuration
+systemPossSuperiors: container
+systemPossSuperiors: organizationalUnit
+systemMayContain: schemaVersion
+systemMayContain: defaultClassStore
+systemMustContain: cn
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Control-Access-Right,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Control-Access-Right
+subClassOf: top
+governsID: 1.2.840.113556.1.5.77
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Control-Access-Right
+adminDescription: Control-Access-Right
+objectClassCategory: 1
+lDAPDisplayName: controlAccessRight
+schemaIDGUID:: HpOXgtOG0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: validAccesses
+systemMayContain: rightsGuid
+systemMayContain: localizationDisplayId
+systemMayContain: appliesTo
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Control-Access-Right,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Country,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Country
+subClassOf: top
+governsID: 2.5.6.2
+rDNAttID: c
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Country
+adminDescription: Country
+objectClassCategory: 0
+lDAPDisplayName: country
+schemaIDGUID:: jHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organization
+systemMayContain: co
+systemMayContain: searchGuide
+systemMustContain: c
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Country,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CRL-Distribution-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: CRL-Distribution-Point
+subClassOf: top
+governsID: 2.5.6.19
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CRL-Distribution-Point
+adminDescription: CRL-Distribution-Point
+objectClassCategory: 1
+lDAPDisplayName: cRLDistributionPoint
+schemaIDGUID:: ylh3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: deltaRevocationList
+systemMayContain: cRLPartitionedRevocationList
+systemMayContain: certificateRevocationList
+systemMayContain: certificateAuthorityObject
+systemMayContain: authorityRevocationList
+systemMustContain: cn
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=CRL-Distribution-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Cross-Ref,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Cross-Ref
+subClassOf: top
+governsID: 1.2.840.113556.1.3.11
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Cross-Ref
+adminDescription: Cross-Ref
+objectClassCategory: 1
+lDAPDisplayName: crossRef
+schemaIDGUID:: jXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: crossRefContainer
+systemMayContain: trustParent
+systemMayContain: superiorDNSRoot
+systemMayContain: rootTrust
+systemMayContain: nTMixedDomain
+systemMayContain: nETBIOSName
+systemMayContain: Enabled
+systemMayContain: msDS-SDReferenceDomain
+systemMayContain: msDS-Replication-Notify-Subsequent-DSA-Delay
+systemMayContain: msDS-Replication-Notify-First-DSA-Delay
+systemMayContain: msDS-NC-RO-Replica-Locations
+systemMayContain: msDS-NC-Replica-Locations
+systemMayContain: msDS-DnsRootAlias
+systemMayContain: msDS-Behavior-Version
+systemMustContain: nCName
+systemMustContain: dnsRoot
+systemMustContain: cn
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Cross-Ref-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.7000.53
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Cross-Ref-Container
+adminDescription: Cross-Ref-Container
+objectClassCategory: 1
+lDAPDisplayName: crossRefContainer
+schemaIDGUID:: 4GCe7/dW0RGpxgAA+ANnwQ==
+systemOnly: TRUE
+systemPossSuperiors: configuration
+systemMayContain: msDS-EnabledFeature
+systemMayContain: msDS-SPNSuffixes
+systemMayContain: uPNSuffixes
+systemMayContain: msDS-UpdateScript
+systemMayContain: msDS-ExecuteScriptPassword
+systemMayContain: msDS-Behavior-Version
+defaultSecurityDescriptor: D:(A;;GA;;;SY)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Device,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Device
+subClassOf: top
+governsID: 2.5.6.14
+mayContain: msSFU30Aliases
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Device
+adminDescription: Device
+auxiliaryClass: ipHost
+auxiliaryClass: ieee802Device
+auxiliaryClass: bootableDevice
+objectClassCategory: 0
+lDAPDisplayName: device
+schemaIDGUID:: jnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: organization
+systemPossSuperiors: container
+systemMayContain: serialNumber
+systemMayContain: seeAlso
+systemMayContain: owner
+systemMayContain: ou
+systemMayContain: o
+systemMayContain: l
+systemMustContain: cn
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Device,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dfs-Configuration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Dfs-Configuration
+subClassOf: top
+governsID: 1.2.840.113556.1.5.42
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dfs-Configuration
+adminDescription: Dfs-Configuration
+objectClassCategory: 1
+lDAPDisplayName: dfsConfiguration
+schemaIDGUID:: 8vlHhCcQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: domainDNS
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Dfs-Configuration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DHCP-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: DHCP-Class
+subClassOf: top
+governsID: 1.2.840.113556.1.5.132
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DHCP-Class
+adminDescription: DHCP-Class
+objectClassCategory: 1
+lDAPDisplayName: dHCPClass
+schemaIDGUID:: Vic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: superScopes
+systemMayContain: superScopeDescription
+systemMayContain: optionsLocation
+systemMayContain: optionDescription
+systemMayContain: networkAddress
+systemMayContain: mscopeId
+systemMayContain: dhcpUpdateTime
+systemMayContain: dhcpSubnets
+systemMayContain: dhcpState
+systemMayContain: dhcpSites
+systemMayContain: dhcpServers
+systemMayContain: dhcpReservations
+systemMayContain: dhcpRanges
+systemMayContain: dhcpProperties
+systemMayContain: dhcpOptions
+systemMayContain: dhcpObjName
+systemMayContain: dhcpObjDescription
+systemMayContain: dhcpMaxKey
+systemMayContain: dhcpMask
+systemMayContain: dhcpClasses
+systemMustContain: dhcpUniqueKey
+systemMustContain: dhcpType
+systemMustContain: dhcpIdentification
+systemMustContain: dhcpFlags
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=DHCP-Class,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Display-Specifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Display-Specifier
+subClassOf: top
+governsID: 1.2.840.113556.1.5.84
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Display-Specifier
+adminDescription: Display-Specifier
+objectClassCategory: 1
+lDAPDisplayName: displaySpecifier
+schemaIDGUID:: ih764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: treatAsLeaf
+systemMayContain: shellPropertyPages
+systemMayContain: shellContextMenu
+systemMayContain: scopeFlags
+systemMayContain: queryFilter
+systemMayContain: iconPath
+systemMayContain: extraColumns
+systemMayContain: creationWizard
+systemMayContain: createWizardExt
+systemMayContain: createDialog
+systemMayContain: contextMenu
+systemMayContain: classDisplayName
+systemMayContain: attributeDisplayNames
+systemMayContain: adminPropertyPages
+systemMayContain: adminMultiselectPropertyPages
+systemMayContain: adminContextMenu
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Display-Specifier,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Display-Template,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Display-Template
+subClassOf: top
+governsID: 1.2.840.113556.1.3.59
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Display-Template
+adminDescription: Display-Template
+objectClassCategory: 1
+lDAPDisplayName: displayTemplate
+schemaIDGUID:: DCXUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: originalDisplayTableMSDOS
+systemMayContain: originalDisplayTable
+systemMayContain: helpFileName
+systemMayContain: helpData32
+systemMayContain: helpData16
+systemMayContain: addressEntryDisplayTableMSDOS
+systemMayContain: addressEntryDisplayTable
+systemMustContain: cn
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Display-Template,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Node,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Dns-Node
+subClassOf: top
+governsID: 1.2.840.113556.1.5.86
+rDNAttID: dc
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Node
+adminDescription: Dns-Node
+objectClassCategory: 1
+lDAPDisplayName: dnsNode
+schemaIDGUID:: jB764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: dnsZoneScope
+systemPossSuperiors: dnsZone
+systemMayContain: dNSTombstoned
+systemMayContain: dnsRecord
+systemMayContain: dNSProperty
+systemMustContain: dc
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;ED)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLORC;;;WD)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Zone,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Dns-Zone
+subClassOf: top
+governsID: 1.2.840.113556.1.5.85
+rDNAttID: dc
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Zone
+adminDescription: Dns-Zone
+objectClassCategory: 1
+lDAPDisplayName: dnsZone
+schemaIDGUID:: ix764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msDNS-NSEC3CurrentSalt
+systemMayContain: msDNS-NSEC3UserSalt
+systemMayContain: msDNS-PropagationTime
+systemMayContain: msDNS-ParentHasSecureDelegation
+systemMayContain: msDNS-DNSKEYRecords
+systemMayContain: msDNS-SigningKeys
+systemMayContain: msDNS-SigningKeyDescriptors
+systemMayContain: msDNS-SecureDelegationPollingPeriod
+systemMayContain: msDNS-SignatureInceptionOffset
+systemMayContain: msDNS-DSRecordSetTTL
+systemMayContain: msDNS-DNSKEYRecordSetTTL
+systemMayContain: msDNS-NSEC3Iterations
+systemMayContain: msDNS-NSEC3RandomSaltLength
+systemMayContain: msDNS-NSEC3HashAlgorithm
+systemMayContain: msDNS-RFC5011KeyRollovers
+systemMayContain: msDNS-DSRecordAlgorithms
+systemMayContain: msDNS-MaintainTrustAnchor
+systemMayContain: msDNS-NSEC3OptOut
+systemMayContain: msDNS-SignWithNSEC3
+systemMayContain: msDNS-IsSigned
+systemMayContain: managedBy
+systemMayContain: dnsSecureSecondaries
+systemMayContain: dNSProperty
+systemMayContain: dnsNotifySecondaries
+systemMayContain: dnsAllowXFR
+systemMayContain: dnsAllowDynamic
+systemMustContain: dc
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;ED)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;CC;;;AU)(A;;RPLCLORC;;;WD)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Dns-Zone,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=document,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: document
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 0.9.2342.19200300.100.4.6
+mayContain: documentIdentifier
+mayContain: documentPublisher
+mayContain: documentLocation
+mayContain: documentAuthor
+mayContain: documentVersion
+mayContain: documentTitle
+mayContain: ou
+mayContain: o
+mayContain: l
+mayContain: seeAlso
+mayContain: description
+mayContain: cn
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: document
+adminDescription: 
+ The document object class is used to define entries which represent documents.
+objectClassCategory: 1
+lDAPDisplayName: document
+schemaIDGUID:: bdm6OdbCr0uIq35CB2ABFw==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=document,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentSeries,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: documentSeries
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 0.9.2342.19200300.100.4.9
+mustContain: cn
+mayContain: telephoneNumber
+mayContain: ou
+mayContain: o
+mayContain: l
+mayContain: seeAlso
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentSeries
+adminDescription: 
+ The documentSeries object class is used to define an entry which represents a 
+ series of documents.
+objectClassCategory: 1
+lDAPDisplayName: documentSeries
+schemaIDGUID:: fOArei8wlku8kAeV1miF+A==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=documentSeries,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Domain
+subClassOf: top
+governsID: 1.2.840.113556.1.5.66
+rDNAttID: dc
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain
+adminDescription: Domain
+objectClassCategory: 2
+lDAPDisplayName: domain
+schemaIDGUID:: WloZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: domain
+systemPossSuperiors: organization
+systemMustContain: dc
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-DNS,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Domain-DNS
+subClassOf: domain
+governsID: 1.2.840.113556.1.5.67
+rDNAttID: dc
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-DNS
+adminDescription: Domain-DNS
+objectClassCategory: 1
+lDAPDisplayName: domainDNS
+schemaIDGUID:: W1oZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemMayContain: msDS-ExpirePasswordsOnSmartCardOnlyAccounts
+systemMayContain: msDS-EnabledFeature
+systemMayContain: msDS-USNLastSyncSuccess
+systemMayContain: msDS-Behavior-Version
+systemMayContain: msDS-AllowedDNSSuffixes
+systemMayContain: managedBy
+systemAuxiliaryClass: samDomain
+defaultSecurityDescriptor: 
+D:(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;S-1-5-21-3516728528-1120570704
+-3572002616-498)(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(
+OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79
+f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;11
+31f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc
+2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRC
+WDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSD
+DTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967
+aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc
+2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9
+020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-
+20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;R
+P;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU
+)(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-
+0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-
+11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b42
+2-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79
+a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;
+bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(
+OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F01
+5E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-
+9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;R
+U)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-
+ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967ab
+a-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f
+608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854
+e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;WP;ea1b7b93-5e
+48-46d5-bc6c-4df4fda78a35;bf967a86-0de6-11d0-a285-00aa003049e2;PS)(OA;;CR;1131
+f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda6
+40c;;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;89e95b76-444d
+-4c62-991a-0facbeda640c;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-
+5-32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6a
+d-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)
+(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ae-9c07-11d1-f7
+9f-00c04fc2dcd2;;BA)(OA;CIIO;CRRPWP;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)(
+OA;CIOI;RPWP;3f78c3e5-f79a-46bd-a0b8-9d18116ddc79;;PS)(OA;CIIO;SW;9b026da6-0d3
+c-465c-8bee-5199d7165cba;bf967a86-0de6-11d0-a285-00aa003049e2;PS)(OA;CIIO;SW;9
+b026da6-0d3c-465c-8bee-5199d7165cba;bf967a86-0de6-11d0-a285-00aa003049e2;CO)S:
+(AU;SA;WDWOWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d
+1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3b
+bf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Domain-Policy
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.18
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Policy
+adminDescription: Domain-Policy
+objectClassCategory: 1
+lDAPDisplayName: domainPolicy
+schemaIDGUID:: mXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemPossSuperiors: container
+systemMayContain: qualityOfService
+systemMayContain: pwdProperties
+systemMayContain: pwdHistoryLength
+systemMayContain: publicKeyPolicy
+systemMayContain: proxyLifetime
+systemMayContain: minTicketAge
+systemMayContain: minPwdLength
+systemMayContain: minPwdAge
+systemMayContain: maxTicketAge
+systemMayContain: maxRenewAge
+systemMayContain: maxPwdAge
+systemMayContain: managedBy
+systemMayContain: lockoutThreshold
+systemMayContain: lockoutDuration
+systemMayContain: lockOutObservationWindow
+systemMayContain: ipsecPolicyReference
+systemMayContain: forceLogoff
+systemMayContain: eFSPolicy
+systemMayContain: domainWidePolicy
+systemMayContain: domainPolicyReference
+systemMayContain: domainCAs
+systemMayContain: defaultLocalPolicyObject
+systemMayContain: authenticationOptions
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Domain-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=domainRelatedObject,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: domainRelatedObject
+subClassOf: top
+governsID: 0.9.2342.19200300.100.4.17
+mayContain: associatedDomain
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: domainRelatedObject
+adminDescription: 
+ The domainRelatedObject object class is used to define an entry which represen
+ ts a series of documents.
+objectClassCategory: 3
+lDAPDisplayName: domainRelatedObject
+schemaIDGUID:: PS39i9rvSUWFLPheE3rtxg==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=domainRelatedObject,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DS-UI-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: DS-UI-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.5.183
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DS-UI-Settings
+adminDescription: DS-UI-Settings
+objectClassCategory: 1
+lDAPDisplayName: dSUISettings
+schemaIDGUID:: FA+xCZNv0hGZBQAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msDS-Non-Security-Group-Extra-Classes
+systemMayContain: msDS-Security-Group-Extra-Classes
+systemMayContain: msDS-FilterContainers
+systemMayContain: dSUIShellMaximum
+systemMayContain: dSUIAdminNotification
+systemMayContain: dSUIAdminMaximum
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=DS-UI-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DSA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: DSA
+subClassOf: applicationEntity
+governsID: 2.5.6.13
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DSA
+adminDescription: DSA
+objectClassCategory: 1
+lDAPDisplayName: dSA
+schemaIDGUID:: Uu7fP/RH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: server
+systemPossSuperiors: computer
+systemMayContain: knowledgeInformation
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=DSA,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dynamic-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Dynamic-Object
+description: 
+ This class, if present in an entry, indicates that this entry has a limited li
+ fetime and may disappear automatically when its time-to-live has reached 0. If
+  the client has not supplied a value for the entryTtl attribute, the server wi
+ ll provide one.
+subClassOf: top
+governsID: 1.3.6.1.4.1.1466.101.119.2
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dynamic-Object
+adminDescription: Dynamic-Object
+objectClassCategory: 3
+lDAPDisplayName: dynamicObject
+schemaIDGUID:: SRLVZlUzH0yyToHyUqyiOw==
+systemOnly: FALSE
+systemMayContain: msDS-Entry-Time-To-Die
+systemMayContain: entryTTL
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Dynamic-Object,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=File-Link-Tracking,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: File-Link-Tracking
+subClassOf: top
+governsID: 1.2.840.113556.1.5.52
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: File-Link-Tracking
+adminDescription: File-Link-Tracking
+objectClassCategory: 1
+lDAPDisplayName: fileLinkTracking
+schemaIDGUID:: KSJx3eQQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=File-Link-Tracking,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=File-Link-Tracking-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: File-Link-Tracking-Entry
+subClassOf: top
+governsID: 1.2.840.113556.1.5.59
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: File-Link-Tracking-Entry
+adminDescription: File-Link-Tracking-Entry
+objectClassCategory: 1
+lDAPDisplayName: fileLinkTrackingEntry
+schemaIDGUID:: 7bJOjhJH0BGhoADAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: fileLinkTracking
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=File-Link-Tracking-Entry,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Foreign-Security-Principal
+subClassOf: top
+governsID: 1.2.840.113556.1.5.76
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Foreign-Security-Principal
+adminDescription: Foreign-Security-Principal
+objectClassCategory: 1
+lDAPDisplayName: foreignSecurityPrincipal
+schemaIDGUID:: EhzjiTCF0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: foreignIdentifier
+systemMustContain: objectSid
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=friendlyCountry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: friendlyCountry
+subClassOf: country
+governsID: 0.9.2342.19200300.100.4.18
+mustContain: co
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: friendlyCountry
+adminDescription: 
+ The friendlyCountry object class is used to define country entries in the DIT.
+objectClassCategory: 1
+lDAPDisplayName: friendlyCountry
+schemaIDGUID:: UvGYxGvcSkefUnzbo9fTUQ==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=friendlyCountry,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FT-Dfs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: FT-Dfs
+subClassOf: top
+governsID: 1.2.840.113556.1.5.43
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FT-Dfs
+adminDescription: FT-Dfs
+objectClassCategory: 1
+lDAPDisplayName: fTDfs
+schemaIDGUID:: 8/lHhCcQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemPossSuperiors: dfsConfiguration
+systemMayContain: uNCName
+systemMayContain: managedBy
+systemMayContain: keywords
+systemMustContain: remoteServerName
+systemMustContain: pKTGuid
+systemMustContain: pKT
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=FT-Dfs,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Group
+subClassOf: top
+governsID: 1.2.840.113556.1.5.8
+mayContain: msSFU30PosixMember
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group
+adminDescription: Group
+auxiliaryClass: posixGroup
+objectClassCategory: 1
+lDAPDisplayName: group
+schemaIDGUID:: nHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: msDS-AzScope
+systemPossSuperiors: msDS-AzApplication
+systemPossSuperiors: msDS-AzAdminManager
+systemPossSuperiors: container
+systemPossSuperiors: builtinDomain
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: msDS-PrimaryComputer
+systemMayContain: msDS-preferredDataLocation
+systemMayContain: msDS-AzApplicationData
+systemMayContain: msDS-AzLastImportedBizRulePath
+systemMayContain: msDS-AzBizRuleLanguage
+systemMayContain: msDS-AzBizRule
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: primaryGroupToken
+systemMayContain: operatorCount
+systemMayContain: nTGroupMembers
+systemMayContain: nonSecurityMember
+systemMayContain: msDS-NonMembers
+systemMayContain: msDS-AzLDAPQuery
+systemMayContain: member
+systemMayContain: managedBy
+systemMayContain: groupMembershipSAM
+systemMayContain: groupAttributes
+systemMayContain: mail
+systemMayContain: desktopProfile
+systemMayContain: controlAccessRights
+systemMayContain: adminCount
+systemMustContain: groupType
+systemAuxiliaryClass: mailRecipient
+systemAuxiliaryClass: securityPrincipal
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Group,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group-Of-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Group-Of-Names
+subClassOf: top
+governsID: 2.5.6.9
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group-Of-Names
+adminDescription: Group-Of-Names
+objectClassCategory: 0
+lDAPDisplayName: groupOfNames
+schemaIDGUID:: nXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: locality
+systemPossSuperiors: organization
+systemPossSuperiors: container
+systemMayContain: seeAlso
+systemMayContain: owner
+systemMayContain: ou
+systemMayContain: o
+systemMayContain: businessCategory
+systemMustContain: member
+systemMustContain: cn
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Group-Of-Names,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=groupOfUniqueNames,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: groupOfUniqueNames
+possSuperiors: domainDNS
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 2.5.6.17
+mustContain: uniqueMember
+mustContain: cn
+mayContain: seeAlso
+mayContain: owner
+mayContain: ou
+mayContain: o
+mayContain: description
+mayContain: businessCategory
+rDNAttID: cn
+showInAdvancedViewOnly: FALSE
+adminDisplayName: groupOfUniqueNames
+adminDescription: Defines the entries for a group of unique names.
+objectClassCategory: 1
+lDAPDisplayName: groupOfUniqueNames
+schemaIDGUID:: EakQA6OTIU6no1XYWrLEiw==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)
+systemFlags: 0
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=groupOfUniqueNames,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group-Policy-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Group-Policy-Container
+subClassOf: container
+governsID: 1.2.840.113556.1.5.157
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group-Policy-Container
+adminDescription: Group-Policy-Container
+objectClassCategory: 1
+lDAPDisplayName: groupPolicyContainer
+schemaIDGUID:: wjsO8/Cf0RG2AwAA+ANnwQ==
+systemOnly: FALSE
+systemMayContain: versionNumber
+systemMayContain: gPCWQLFilter
+systemMayContain: gPCUserExtensionNames
+systemMayContain: gPCMachineExtensionNames
+systemMayContain: gPCFunctionalityVersion
+systemMayContain: gPCFileSysPath
+systemMayContain: flags
+defaultSecurityDescriptor: D:P(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;DA)(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;EA)(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;CO)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;LCRPLORC;;;ED)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Group-Policy-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Index-Server-Catalog,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Index-Server-Catalog
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.130
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Index-Server-Catalog
+adminDescription: Index-Server-Catalog
+objectClassCategory: 1
+lDAPDisplayName: indexServerCatalog
+schemaIDGUID:: isv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: uNCName
+systemMayContain: queryPoint
+systemMayContain: indexedScopes
+systemMayContain: friendlyNames
+systemMustContain: creator
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Index-Server-Catalog,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=inetOrgPerson,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: inetOrgPerson
+possSuperiors: domainDNS
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: user
+governsID: 2.16.840.1.113730.3.2.2
+mayContain: x500uniqueIdentifier
+mayContain: userSMIMECertificate
+mayContain: userPKCS12
+mayContain: userCertificate
+mayContain: uid
+mayContain: secretary
+mayContain: roomNumber
+mayContain: preferredLanguage
+mayContain: photo
+mayContain: pager
+mayContain: o
+mayContain: mobile
+mayContain: manager
+mayContain: mail
+mayContain: labeledURI
+mayContain: jpegPhoto
+mayContain: initials
+mayContain: homePostalAddress
+mayContain: homePhone
+mayContain: givenName
+mayContain: employeeType
+mayContain: employeeNumber
+mayContain: displayName
+mayContain: departmentNumber
+mayContain: carLicense
+mayContain: businessCategory
+mayContain: audio
+rDNAttID: cn
+showInAdvancedViewOnly: FALSE
+adminDisplayName: inetOrgPerson
+adminDescription: 
+ Represents people who are associated with an organization in some way.
+objectClassCategory: 1
+lDAPDisplayName: inetOrgPerson
+schemaIDGUID:: FMwoSDcUvEWbB61vAV5fKA==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422-11d1-aebd-0000f80367c1;;S-1-5-32-561)(OA;;WPRP;5805bc62-bdc9-4428-a5e2-856a0f4c185e;;S-1-5-32-561)
+systemFlags: 0
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Infrastructure-Update,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Infrastructure-Update
+subClassOf: top
+governsID: 1.2.840.113556.1.5.175
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Infrastructure-Update
+adminDescription: Infrastructure-Update
+objectClassCategory: 1
+lDAPDisplayName: infrastructureUpdate
+schemaIDGUID:: iQ35LZ8A0hGqTADAT9fYOg==
+systemOnly: TRUE
+systemPossSuperiors: infrastructureUpdate
+systemPossSuperiors: domain
+systemMayContain: dNReferenceUpdate
+defaultSecurityDescriptor: D:(A;;GA;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Intellimirror-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Intellimirror-Group
+subClassOf: top
+governsID: 1.2.840.113556.1.5.152
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Intellimirror-Group
+adminDescription: Intellimirror-Group
+objectClassCategory: 1
+lDAPDisplayName: intellimirrorGroup
+schemaIDGUID:: hjA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;CCDC;;;CO)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Intellimirror-Group,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Intellimirror-SCP,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Intellimirror-SCP
+subClassOf: serviceAdministrationPoint
+governsID: 1.2.840.113556.1.5.151
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Intellimirror-SCP
+adminDescription: Intellimirror-SCP
+objectClassCategory: 1
+lDAPDisplayName: intellimirrorSCP
+schemaIDGUID:: hTA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemPossSuperiors: intellimirrorGroup
+systemMayContain: netbootTools
+systemMayContain: netbootServer
+systemMayContain: netbootNewMachineOU
+systemMayContain: netbootNewMachineNamingPolicy
+systemMayContain: netbootMaxClients
+systemMayContain: netbootMachineFilePath
+systemMayContain: netbootLocallyInstalledOSes
+systemMayContain: netbootLimitClients
+systemMayContain: netbootIntelliMirrorOSes
+systemMayContain: netbootCurrentClientCount
+systemMayContain: netbootAnswerRequests
+systemMayContain: netbootAnswerOnlyValidClients
+systemMayContain: netbootAllowNewClients
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Intellimirror-SCP,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Inter-Site-Transport,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Inter-Site-Transport
+subClassOf: top
+governsID: 1.2.840.113556.1.5.141
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Inter-Site-Transport
+adminDescription: Inter-Site-Transport
+objectClassCategory: 1
+lDAPDisplayName: interSiteTransport
+schemaIDGUID:: dnPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: interSiteTransportContainer
+systemMayContain: replInterval
+systemMayContain: options
+systemMustContain: transportDLLName
+systemMustContain: transportAddressAttribute
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Inter-Site-Transport,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Inter-Site-Transport-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Inter-Site-Transport-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.140
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Inter-Site-Transport-Container
+adminDescription: Inter-Site-Transport-Container
+objectClassCategory: 1
+lDAPDisplayName: interSiteTransportContainer
+schemaIDGUID:: dXPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: sitesContainer
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Inter-Site-Transport-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Base,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Ipsec-Base
+subClassOf: top
+governsID: 1.2.840.113556.1.5.7000.56
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Base
+adminDescription: Ipsec-Base
+objectClassCategory: 2
+lDAPDisplayName: ipsecBase
+schemaIDGUID:: JfgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemMayContain: ipsecOwnersReference
+systemMayContain: ipsecName
+systemMayContain: ipsecID
+systemMayContain: ipsecDataType
+systemMayContain: ipsecData
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Ipsec-Base,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Ipsec-Filter
+subClassOf: ipsecBase
+governsID: 1.2.840.113556.1.5.118
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Filter
+adminDescription: Ipsec-Filter
+objectClassCategory: 1
+lDAPDisplayName: ipsecFilter
+schemaIDGUID:: JvgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: computer
+systemPossSuperiors: container
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Ipsec-Filter,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-ISAKMP-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Ipsec-ISAKMP-Policy
+subClassOf: ipsecBase
+governsID: 1.2.840.113556.1.5.120
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-ISAKMP-Policy
+adminDescription: Ipsec-ISAKMP-Policy
+objectClassCategory: 1
+lDAPDisplayName: ipsecISAKMPPolicy
+schemaIDGUID:: KPgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemPossSuperiors: organizationalUnit
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Ipsec-ISAKMP-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Negotiation-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Ipsec-Negotiation-Policy
+subClassOf: ipsecBase
+governsID: 1.2.840.113556.1.5.119
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Negotiation-Policy
+adminDescription: Ipsec-Negotiation-Policy
+objectClassCategory: 1
+lDAPDisplayName: ipsecNegotiationPolicy
+schemaIDGUID:: J/gPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: computer
+systemPossSuperiors: container
+systemMayContain: iPSECNegotiationPolicyType
+systemMayContain: iPSECNegotiationPolicyAction
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Ipsec-Negotiation-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-NFA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Ipsec-NFA
+subClassOf: ipsecBase
+governsID: 1.2.840.113556.1.5.121
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-NFA
+adminDescription: Ipsec-NFA
+objectClassCategory: 1
+lDAPDisplayName: ipsecNFA
+schemaIDGUID:: KfgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemPossSuperiors: organizationalUnit
+systemMayContain: ipsecNegotiationPolicyReference
+systemMayContain: ipsecFilterReference
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Ipsec-NFA,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Ipsec-Policy
+subClassOf: ipsecBase
+governsID: 1.2.840.113556.1.5.98
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Policy
+adminDescription: Ipsec-Policy
+objectClassCategory: 1
+lDAPDisplayName: ipsecPolicy
+schemaIDGUID:: ITGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: computer
+systemPossSuperiors: container
+systemMayContain: ipsecNFAReference
+systemMayContain: ipsecISAKMPReference
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Ipsec-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Leaf,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Leaf
+subClassOf: top
+governsID: 1.2.840.113556.1.5.20
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Leaf
+adminDescription: Leaf
+objectClassCategory: 2
+lDAPDisplayName: leaf
+schemaIDGUID:: nnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Leaf,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Licensing-Site-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Licensing-Site-Settings
+subClassOf: applicationSiteSettings
+governsID: 1.2.840.113556.1.5.78
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Licensing-Site-Settings
+adminDescription: Licensing-Site-Settings
+objectClassCategory: 1
+lDAPDisplayName: licensingSiteSettings
+schemaIDGUID:: ffHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: site
+systemMayContain: siteServer
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Licensing-Site-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Link-Track-Object-Move-Table,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Link-Track-Object-Move-Table
+subClassOf: fileLinkTracking
+governsID: 1.2.840.113556.1.5.91
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Link-Track-Object-Move-Table
+adminDescription: Link-Track-Object-Move-Table
+objectClassCategory: 1
+lDAPDisplayName: linkTrackObjectMoveTable
+schemaIDGUID:: 9Qys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: fileLinkTracking
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Link-Track-Object-Move-Table,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Link-Track-OMT-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Link-Track-OMT-Entry
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.93
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Link-Track-OMT-Entry
+adminDescription: Link-Track-OMT-Entry
+objectClassCategory: 1
+lDAPDisplayName: linkTrackOMTEntry
+schemaIDGUID:: 9wys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: linkTrackObjectMoveTable
+systemMayContain: timeRefresh
+systemMayContain: oMTIndxGuid
+systemMayContain: oMTGuid
+systemMayContain: currentLocation
+systemMayContain: birthLocation
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Link-Track-OMT-Entry,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Link-Track-Vol-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Link-Track-Vol-Entry
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.92
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Link-Track-Vol-Entry
+adminDescription: Link-Track-Vol-Entry
+objectClassCategory: 1
+lDAPDisplayName: linkTrackVolEntry
+schemaIDGUID:: 9gys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: linkTrackVolumeTable
+systemMayContain: volTableIdxGUID
+systemMayContain: volTableGUID
+systemMayContain: timeVolChange
+systemMayContain: timeRefresh
+systemMayContain: seqNotification
+systemMayContain: objectCount
+systemMayContain: linkTrackSecret
+systemMayContain: currMachineId
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Link-Track-Vol-Entry,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Link-Track-Volume-Table,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Link-Track-Volume-Table
+subClassOf: fileLinkTracking
+governsID: 1.2.840.113556.1.5.90
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Link-Track-Volume-Table
+adminDescription: Link-Track-Volume-Table
+objectClassCategory: 1
+lDAPDisplayName: linkTrackVolumeTable
+schemaIDGUID:: 9Ays3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: fileLinkTracking
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Link-Track-Volume-Table,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Locality,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Locality
+subClassOf: top
+governsID: 2.5.6.3
+rDNAttID: l
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Locality
+adminDescription: Locality
+objectClassCategory: 1
+lDAPDisplayName: locality
+schemaIDGUID:: oHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: country
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: organization
+systemPossSuperiors: locality
+systemMayContain: street
+systemMayContain: st
+systemMayContain: seeAlso
+systemMayContain: searchGuide
+systemMustContain: l
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Locality,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Lost-And-Found,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Lost-And-Found
+subClassOf: top
+governsID: 1.2.840.113556.1.5.139
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lost-And-Found
+adminDescription: Lost-And-Found
+objectClassCategory: 1
+lDAPDisplayName: lostAndFound
+schemaIDGUID:: cYarUglX0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: configuration
+systemPossSuperiors: domainDNS
+systemPossSuperiors: dMD
+systemMayContain: moveTreeState
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Lost-And-Found,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Mail-Recipient,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Mail-Recipient
+subClassOf: top
+governsID: 1.2.840.113556.1.3.46
+mayContain: msDS-ExternalDirectoryObjectId
+mayContain: msDS-GeoCoordinatesLongitude
+mayContain: msDS-GeoCoordinatesLatitude
+mayContain: msDS-GeoCoordinatesAltitude
+mayContain: msDS-PhoneticDisplayName
+mayContain: userSMIMECertificate
+mayContain: secretary
+mayContain: msExchLabeledURI
+mayContain: msExchAssistantName
+mayContain: labeledURI
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Mail-Recipient
+adminDescription: Mail-Recipient
+objectClassCategory: 3
+lDAPDisplayName: mailRecipient
+schemaIDGUID:: oXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: userCertificate
+systemMayContain: userCert
+systemMayContain: textEncodedORAddress
+systemMayContain: telephoneNumber
+systemMayContain: showInAddressBook
+systemMayContain: legacyExchangeDN
+systemMayContain: garbageCollPeriod
+systemMayContain: info
+systemMustContain: cn
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Mail-Recipient,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Meeting,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Meeting
+subClassOf: top
+governsID: 1.2.840.113556.1.5.104
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Meeting
+adminDescription: Meeting
+objectClassCategory: 1
+lDAPDisplayName: meeting
+schemaIDGUID:: lMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: meetingURL
+systemMayContain: meetingType
+systemMayContain: meetingStartTime
+systemMayContain: meetingScope
+systemMayContain: meetingRecurrence
+systemMayContain: meetingRating
+systemMayContain: meetingProtocol
+systemMayContain: meetingOwner
+systemMayContain: meetingOriginator
+systemMayContain: meetingMaxParticipants
+systemMayContain: meetingLocation
+systemMayContain: meetingLanguage
+systemMayContain: meetingKeyword
+systemMayContain: meetingIsEncrypted
+systemMayContain: meetingIP
+systemMayContain: meetingID
+systemMayContain: meetingEndTime
+systemMayContain: meetingDescription
+systemMayContain: meetingContactInfo
+systemMayContain: meetingBlob
+systemMayContain: meetingBandwidth
+systemMayContain: meetingApplication
+systemMayContain: meetingAdvertiseScope
+systemMustContain: meetingName
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Meeting,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-Partition,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-COM-Partition
+subClassOf: top
+governsID: 1.2.840.113556.1.5.193
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-Partition
+adminDescription: Partition class. Default = adminDisplayName
+objectClassCategory: 1
+lDAPDisplayName: msCOM-Partition
+schemaIDGUID:: dA4ByVhO90mKiV4+I0D8+A==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: msCOM-ObjectId
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-COM-Partition,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-PartitionSet,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-COM-PartitionSet
+subClassOf: top
+governsID: 1.2.840.113556.1.5.194
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-PartitionSet
+adminDescription: PartitionSet class. Default = adminDisplayName
+objectClassCategory: 1
+lDAPDisplayName: msCOM-PartitionSet
+schemaIDGUID:: q2QEJRfEekmXWp4NRZp8oQ==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: msCOM-PartitionLink
+systemMayContain: msCOM-DefaultPartitionLink
+systemMayContain: msCOM-ObjectId
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-COM-PartitionSet,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-App-Configuration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-App-Configuration
+possSuperiors: organizationalUnit
+possSuperiors: computer
+possSuperiors: container
+subClassOf: applicationSettings
+governsID: 1.2.840.113556.1.5.220
+mayContain: owner
+mayContain: msDS-ObjectReference
+mayContain: msDS-Integer
+mayContain: msDS-DateTime
+mayContain: msDS-ByteArray
+mayContain: managedBy
+mayContain: keywords
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-App-Configuration
+adminDescription: Stores configuration parameters for an application.
+objectClassCategory: 1
+lDAPDisplayName: msDS-App-Configuration
+schemaIDGUID:: PjzfkFQYVUSl18rUDVZleg==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 0
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-App-Configuration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-App-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-App-Data
+possSuperiors: organizationalUnit
+possSuperiors: computer
+possSuperiors: container
+subClassOf: applicationSettings
+governsID: 1.2.840.113556.1.5.241
+mayContain: owner
+mayContain: msDS-ObjectReference
+mayContain: msDS-Integer
+mayContain: msDS-DateTime
+mayContain: msDS-ByteArray
+mayContain: managedBy
+mayContain: keywords
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-App-Data
+adminDescription: 
+ Stores data that is to be used by an object. For example, profile information 
+ for a user object.
+objectClassCategory: 1
+lDAPDisplayName: msDS-AppData
+schemaIDGUID:: YddnnifjVU28lWgvh14vjg==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 0
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-App-Data,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Admin-Manager,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Az-Admin-Manager
+subClassOf: top
+governsID: 1.2.840.113556.1.5.234
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Admin-Manager
+adminDescription: Root of Authorization Policy store instance
+objectClassCategory: 1
+lDAPDisplayName: msDS-AzAdminManager
+schemaIDGUID:: URDuzyhfrkuoY10MwYqO0Q==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: msDS-AzMinorVersion
+systemMayContain: msDS-AzMajorVersion
+systemMayContain: msDS-AzApplicationData
+systemMayContain: msDS-AzGenerateAudits
+systemMayContain: msDS-AzScriptTimeout
+systemMayContain: msDS-AzScriptEngineCacheMax
+systemMayContain: msDS-AzDomainTimeout
+systemMayContain: description
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Az-Admin-Manager,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Application,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Az-Application
+subClassOf: top
+governsID: 1.2.840.113556.1.5.235
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Application
+adminDescription: 
+ Defines an installed instance of an application bound to a particular policy s
+ tore.
+objectClassCategory: 1
+lDAPDisplayName: msDS-AzApplication
+schemaIDGUID:: m9743aXLEk6ELijYtm917A==
+systemOnly: FALSE
+systemPossSuperiors: msDS-AzAdminManager
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: msDS-AzApplicationData
+systemMayContain: msDS-AzGenerateAudits
+systemMayContain: msDS-AzApplicationVersion
+systemMayContain: msDS-AzClassId
+systemMayContain: msDS-AzApplicationName
+systemMayContain: description
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Az-Application,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Operation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Az-Operation
+subClassOf: top
+governsID: 1.2.840.113556.1.5.236
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Operation
+adminDescription: Describes a particular operation supported by an application
+objectClassCategory: 1
+lDAPDisplayName: msDS-AzOperation
+schemaIDGUID:: N74KhpuapE+z0ris5d+exQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: msDS-AzApplication
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: msDS-AzApplicationData
+systemMayContain: description
+systemMustContain: msDS-AzOperationID
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Az-Operation,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Az-Role
+subClassOf: top
+governsID: 1.2.840.113556.1.5.239
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Role
+adminDescription: 
+ Defines a set of operations that can be performed by a particular set of users
+  within a particular scope
+objectClassCategory: 1
+lDAPDisplayName: msDS-AzRole
+schemaIDGUID:: yeoTglWd3ESSXOmlK5J2RA==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: msDS-AzScope
+systemPossSuperiors: msDS-AzApplication
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: msDS-AzApplicationData
+systemMayContain: msDS-TasksForAzRole
+systemMayContain: msDS-OperationsForAzRole
+systemMayContain: msDS-MembersForAzRole
+systemMayContain: description
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Az-Role,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Scope,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Az-Scope
+subClassOf: top
+governsID: 1.2.840.113556.1.5.237
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Scope
+adminDescription: Describes a set of objects managed by an application
+objectClassCategory: 1
+lDAPDisplayName: msDS-AzScope
+schemaIDGUID:: VODqT1XOu0eGDlsSBjpR3g==
+systemOnly: FALSE
+systemPossSuperiors: msDS-AzApplication
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: msDS-AzApplicationData
+systemMayContain: description
+systemMustContain: msDS-AzScopeName
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Az-Scope,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Task,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Az-Task
+subClassOf: top
+governsID: 1.2.840.113556.1.5.238
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Task
+adminDescription: Describes a set of operations
+objectClassCategory: 1
+lDAPDisplayName: msDS-AzTask
+schemaIDGUID:: c6TTHhubikG/oDo3uVpTBg==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: msDS-AzScope
+systemPossSuperiors: msDS-AzApplication
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: msDS-TasksForAzTask
+systemMayContain: msDS-OperationsForAzTask
+systemMayContain: msDS-AzApplicationData
+systemMayContain: msDS-AzTaskIsRoleDefinition
+systemMayContain: msDS-AzLastImportedBizRulePath
+systemMayContain: msDS-AzBizRuleLanguage
+systemMayContain: msDS-AzBizRule
+systemMayContain: description
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Az-Task,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Optional-Feature,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Optional-Feature
+subClassOf: top
+governsID: 1.2.840.113556.1.5.265
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Optional-Feature
+adminDescription: Configuration for an optional DS feature.
+objectClassCategory: 1
+lDAPDisplayName: msDS-OptionalFeature
+schemaIDGUID:: QQDwRK81i0ayCmzoc3xYCw==
+systemOnly: TRUE
+systemPossSuperiors: container
+systemMayContain: msDS-RequiredForestBehaviorVersion
+systemMayContain: msDS-RequiredDomainBehaviorVersion
+systemMustContain: msDS-OptionalFeatureFlags
+systemMustContain: msDS-OptionalFeatureGUID
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Optional-Feature,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Password-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Password-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.5.255
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Password-Settings
+adminDescription: Password settings object for accounts
+objectClassCategory: 1
+lDAPDisplayName: msDS-PasswordSettings
+schemaIDGUID:: uJ3NO0v4HEWVL2xSuB+exg==
+systemOnly: FALSE
+systemPossSuperiors: msDS-PasswordSettingsContainer
+systemMayContain: msDS-PSOAppliesTo
+systemMustContain: msDS-PasswordHistoryLength
+systemMustContain: msDS-PasswordSettingsPrecedence
+systemMustContain: msDS-PasswordReversibleEncryptionEnabled
+systemMustContain: msDS-LockoutThreshold
+systemMustContain: msDS-LockoutDuration
+systemMustContain: msDS-LockoutObservationWindow
+systemMustContain: msDS-PasswordComplexityEnabled
+systemMustContain: msDS-MinimumPasswordLength
+systemMustContain: msDS-MinimumPasswordAge
+systemMustContain: msDS-MaximumPasswordAge
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Password-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Password-Settings-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Password-Settings-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.256
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Password-Settings-Container
+adminDescription: Container for password settings objects
+objectClassCategory: 1
+lDAPDisplayName: msDS-PasswordSettingsContainer
+schemaIDGUID:: arAGW/NMwES9FkO8EKmH2g==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Password-Settings-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Quota-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Quota-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.242
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Quota-Container
+adminDescription: 
+ A special container that holds all quota specifications for the directory data
+ base.
+objectClassCategory: 1
+lDAPDisplayName: msDS-QuotaContainer
+schemaIDGUID:: T/yD2m8H6kq03I9Nq5tZkw==
+systemOnly: FALSE
+systemPossSuperiors: configuration
+systemPossSuperiors: domainDNS
+systemMayContain: msDS-TopQuotaUsage
+systemMayContain: msDS-QuotaUsed
+systemMayContain: msDS-QuotaEffective
+systemMayContain: msDS-TombstoneQuotaFactor
+systemMayContain: msDS-DefaultQuota
+systemMustContain: cn
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;BA)(OA;;CR;4ecc03fe-ffc0-4947-b630-eb672a8a9dbc;;WD)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Quota-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Quota-Control,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Quota-Control
+subClassOf: top
+governsID: 1.2.840.113556.1.5.243
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Quota-Control
+adminDescription: 
+ A class used to represent quota specifications for the directory database.
+objectClassCategory: 1
+lDAPDisplayName: msDS-QuotaControl
+schemaIDGUID:: JvyR3gK9UkuuJnlZmelvxw==
+systemOnly: FALSE
+systemPossSuperiors: msDS-QuotaContainer
+systemMustContain: msDS-QuotaAmount
+systemMustContain: msDS-QuotaTrustee
+systemMustContain: cn
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;BA)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Quota-Control,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Managed-Service-Account,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Managed-Service-Account
+subClassOf: computer
+governsID: 1.2.840.113556.1.5.264
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Managed-Service-Account
+adminDescription: 
+ Service account class is used to create accounts that are used for running Win
+ dows services.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ManagedServiceAccount
+schemaIDGUID:: RGIgzidYhkq6HBwMOGwbZA==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCRLCLORCSDDT;;;CO)(OA;;WP;4c164200-20c0-11d0-a768-00aa006e0529;;CO)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO)(OA;;WP;3e0abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967950-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)(A;;RPLCLORC;;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;;ED)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Managed-Service-Account,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Exch-Configuration-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Exch-Configuration-Container
+subClassOf: container
+governsID: 1.2.840.113556.1.5.176
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Exch-Configuration-Container
+adminDescription: ms-Exch-Configuration-Container
+objectClassCategory: 1
+lDAPDisplayName: msExchConfigurationContainer
+schemaIDGUID:: WGg90PQG0hGqUwDAT9fYOg==
+systemOnly: FALSE
+systemMayContain: templateRoots2
+systemMayContain: templateRoots
+systemMayContain: addressBookRoots2
+systemMayContain: addressBookRoots
+systemMayContain: globalAddressList2
+systemMayContain: globalAddressList
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Exch-Configuration-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-LocalSettings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-LocalSettings
+possSuperiors: computer
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.1
+mayContain: msDFSR-StagingCleanupTriggerInPercent
+mayContain: msDFSR-CommonStagingSizeInMb
+mayContain: msDFSR-CommonStagingPath
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+mayContain: msDFSR-Version
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-LocalSettings
+adminDescription: DFSR settings applicable to local computer
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-LocalSettings
+schemaIDGUID:: kcWF+n8ZfkeDvepaQ98iOQ==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-LocalSettings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Subscriber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-Subscriber
+possSuperiors: msDFSR-LocalSettings
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.2
+mustContain: msDFSR-ReplicationGroupGuid
+mustContain: msDFSR-MemberReference
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Subscriber
+adminDescription: Represents local computer membership of a replication group
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-Subscriber
+schemaIDGUID:: 1wUV4cSS50O/XClYMv/Ilg==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-Subscriber,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Subscription,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-Subscription
+possSuperiors: msDFSR-Subscriber
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.3
+mustContain: msDFSR-ReplicationGroupGuid
+mustContain: msDFSR-ContentSetGuid
+mayContain: msDFSR-OnDemandExclusionDirectoryFilter
+mayContain: msDFSR-OnDemandExclusionFileFilter
+mayContain: msDFSR-StagingCleanupTriggerInPercent
+mayContain: msDFSR-Options2
+mayContain: msDFSR-MaxAgeInCacheInMin
+mayContain: msDFSR-MinDurationCacheInMin
+mayContain: msDFSR-CachePolicy
+mayContain: msDFSR-ReadOnly
+mayContain: msDFSR-DeletedSizeInMb
+mayContain: msDFSR-DeletedPath
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+mayContain: msDFSR-DfsLinkTarget
+mayContain: msDFSR-RootFence
+mayContain: msDFSR-Enabled
+mayContain: msDFSR-ConflictSizeInMb
+mayContain: msDFSR-ConflictPath
+mayContain: msDFSR-StagingSizeInMb
+mayContain: msDFSR-StagingPath
+mayContain: msDFSR-RootSizeInMb
+mayContain: msDFSR-RootPath
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Subscription
+adminDescription: Represents local computer participation of a content set
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-Subscription
+schemaIDGUID:: FCQhZ8x7CUaH4AiNrYq97g==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-Subscription,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-GlobalSettings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-GlobalSettings
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.4
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-GlobalSettings
+adminDescription: Global settings applicable to all replication group members
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-GlobalSettings
+schemaIDGUID:: rds1e+yzakiq1C/snW6m9g==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-GlobalSettings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ReplicationGroup,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-ReplicationGroup
+possSuperiors: msDFSR-GlobalSettings
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.5
+mustContain: msDFSR-ReplicationGroupType
+mayContain: msDFSR-OnDemandExclusionDirectoryFilter
+mayContain: msDFSR-OnDemandExclusionFileFilter
+mayContain: msDFSR-DefaultCompressionExclusionFilter
+mayContain: msDFSR-Options2
+mayContain: msDFSR-DeletedSizeInMb
+mayContain: msDFSR-ConflictSizeInMb
+mayContain: msDFSR-StagingSizeInMb
+mayContain: msDFSR-RootSizeInMb
+mayContain: msDFSR-DirectoryFilter
+mayContain: msDFSR-FileFilter
+mayContain: msDFSR-Version
+mayContain: msDFSR-Schedule
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+mayContain: msDFSR-TombstoneExpiryInMin
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ReplicationGroup
+adminDescription: Replication Group container
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-ReplicationGroup
+schemaIDGUID:: 4C8zHCoMMk+vyiPF5Fqedw==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-ReplicationGroup,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Content,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-Content
+possSuperiors: msDFSR-ReplicationGroup
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.6
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Content
+adminDescription: Container for DFSR-ContentSet objects
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-Content
+schemaIDGUID:: NZt1ZKHT5EK18aPeFiEJsw==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-Content,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ContentSet,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-ContentSet
+possSuperiors: msDFSR-Content
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.7
+mayContain: msDFSR-OnDemandExclusionDirectoryFilter
+mayContain: msDFSR-OnDemandExclusionFileFilter
+mayContain: msDFSR-DefaultCompressionExclusionFilter
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Priority
+mayContain: msDFSR-DeletedSizeInMb
+mayContain: msDFSR-ConflictSizeInMb
+mayContain: msDFSR-StagingSizeInMb
+mayContain: msDFSR-RootSizeInMb
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+mayContain: msDFSR-DirectoryFilter
+mayContain: msDFSR-FileFilter
+mayContain: msDFSR-DfsPath
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ContentSet
+adminDescription: DFSR Content Set
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-ContentSet
+schemaIDGUID:: DfQ3SdymSE2Xygbl+/0/Fg==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-ContentSet,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Topology,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-Topology
+possSuperiors: msDFSR-ReplicationGroup
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.8
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Topology
+adminDescription: Container for objects that form the replication topology
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-Topology
+schemaIDGUID:: qYqCBEJugE65YuL+AHVNFw==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-Topology,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-Member
+possSuperiors: msDFSR-Topology
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.9
+mustContain: msDFSR-ComputerReference
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+mayContain: msDFSR-Keywords
+mayContain: serverReference
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Member
+adminDescription: Replication group member
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-Member
+schemaIDGUID:: l8gpQhHCfEOlrtv3BbaW5Q==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-Member,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Connection,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-Connection
+possSuperiors: msDFSR-Member
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.10
+mustContain: fromServer
+mayContain: msDFSR-DisablePacketPrivacy
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Priority
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+mayContain: msDFSR-Schedule
+mayContain: msDFSR-Keywords
+mayContain: msDFSR-RdcMinFileSizeInKb
+mayContain: msDFSR-RdcEnabled
+mayContain: msDFSR-Enabled
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Connection
+adminDescription: Directional connection between two members
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-Connection
+schemaIDGUID:: LpeP5bVk70aNi7vD4Yl+qw==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-Connection,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-ieee-80211-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-ieee-80211-Policy
+subClassOf: top
+governsID: 1.2.840.113556.1.5.240
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-ieee-80211-Policy
+adminDescription: class to store Wireless Network Policy Object
+objectClassCategory: 1
+lDAPDisplayName: msieee80211-Policy
+schemaIDGUID:: ki2ae+u3gkOXcsPg+bqvlA==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemMayContain: msieee80211-ID
+systemMayContain: msieee80211-DataType
+systemMayContain: msieee80211-Data
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-ieee-80211-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Imaging-PSPs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Imaging-PSPs
+subClassOf: container
+governsID: 1.2.840.113556.1.5.262
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Imaging-PSPs
+adminDescription: Container for all Enterprise Scan Post Scan Process objects.
+objectClassCategory: 1
+lDAPDisplayName: msImaging-PSPs
+schemaIDGUID:: wSrtoAyXd0eEjuxjoOxE/A==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Imaging-PSPs,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Imaging-PostScanProcess,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Imaging-PostScanProcess
+subClassOf: top
+governsID: 1.2.840.113556.1.5.263
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Imaging-PostScanProcess
+adminDescription: Enterprise Scan Post Scan Process object.
+objectClassCategory: 1
+lDAPDisplayName: msImaging-PostScanProcess
+schemaIDGUID:: fCV8H6O4JUWC+BHMx77jbg==
+systemOnly: FALSE
+systemPossSuperiors: msImaging-PSPs
+systemMayContain: msImaging-PSPString
+systemMayContain: serverName
+systemMustContain: displayName
+systemMustContain: msImaging-PSPIdentifier
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Imaging-PostScanProcess,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Print-ConnectionPolicy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Print-ConnectionPolicy
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.23.2
+mustContain: cn
+mayContain: uNCName
+mayContain: serverName
+mayContain: printAttributes
+mayContain: printerName
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Print-ConnectionPolicy
+adminDescription: Pushed Printer Connection Policy1
+objectClassCategory: 1
+lDAPDisplayName: msPrint-ConnectionPolicy
+schemaIDGUID:: xzNvodZ/KEiTZENROP2gjQ==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Print-ConnectionPolicy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Enterprise-Oid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-PKI-Enterprise-Oid
+subClassOf: top
+governsID: 1.2.840.113556.1.5.196
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Enterprise-Oid
+adminDescription: ms-PKI-Enterprise-Oid
+objectClassCategory: 1
+lDAPDisplayName: msPKI-Enterprise-Oid
+schemaIDGUID:: XNjPNxln2EqPnoZ4umJ1Yw==
+systemOnly: FALSE
+systemPossSuperiors: msPKI-Enterprise-Oid
+systemPossSuperiors: container
+systemMayContain: msDS-OIDToGroupLink
+systemMayContain: msPKI-OID-User-Notice
+systemMayContain: msPKI-OIDLocalizedName
+systemMayContain: msPKI-OID-CPS
+systemMayContain: msPKI-OID-Attribute
+systemMayContain: msPKI-Cert-Template-OID
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-PKI-Enterprise-Oid,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Key-Recovery-Agent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-PKI-Key-Recovery-Agent
+subClassOf: user
+governsID: 1.2.840.113556.1.5.195
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Key-Recovery-Agent
+adminDescription: ms-PKI-Key-Recovery-Agent
+objectClassCategory: 1
+lDAPDisplayName: msPKI-Key-Recovery-Agent
+schemaIDGUID:: OPLMJo6ghkuagqjJrH7lyw==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-PKI-Key-Recovery-Agent,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-SQLServer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-SQLServer
+subClassOf: serviceConnectionPoint
+governsID: 1.2.840.113556.1.5.184
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-SQLServer
+adminDescription: MS-SQL-SQLServer
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-SQLServer
+schemaIDGUID:: eMj2Be/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: serviceConnectionPoint
+systemMayContain: mS-SQL-Keywords
+systemMayContain: mS-SQL-GPSHeight
+systemMayContain: mS-SQL-GPSLongitude
+systemMayContain: mS-SQL-GPSLatitude
+systemMayContain: mS-SQL-InformationURL
+systemMayContain: mS-SQL-LastUpdatedDate
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-Vines
+systemMayContain: mS-SQL-AppleTalk
+systemMayContain: mS-SQL-TCPIP
+systemMayContain: mS-SQL-SPX
+systemMayContain: mS-SQL-MultiProtocol
+systemMayContain: mS-SQL-NamedPipe
+systemMayContain: mS-SQL-Clustered
+systemMayContain: mS-SQL-UnicodeSortOrder
+systemMayContain: mS-SQL-SortOrder
+systemMayContain: mS-SQL-CharacterSet
+systemMayContain: mS-SQL-ServiceAccount
+systemMayContain: mS-SQL-Build
+systemMayContain: mS-SQL-Memory
+systemMayContain: mS-SQL-Location
+systemMayContain: mS-SQL-Contact
+systemMayContain: mS-SQL-RegisteredOwner
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-SQLServer,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-OLAPServer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-OLAPServer
+subClassOf: serviceConnectionPoint
+governsID: 1.2.840.113556.1.5.185
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-OLAPServer
+adminDescription: MS-SQL-OLAPServer
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-OLAPServer
+schemaIDGUID:: 6hh+DO/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: serviceConnectionPoint
+systemMayContain: mS-SQL-Keywords
+systemMayContain: mS-SQL-PublicationURL
+systemMayContain: mS-SQL-InformationURL
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-Language
+systemMayContain: mS-SQL-ServiceAccount
+systemMayContain: mS-SQL-Contact
+systemMayContain: mS-SQL-RegisteredOwner
+systemMayContain: mS-SQL-Build
+systemMayContain: mS-SQL-Version
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-OLAPServer,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-SQLRepository,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-SQLRepository
+subClassOf: top
+governsID: 1.2.840.113556.1.5.186
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-SQLRepository
+adminDescription: MS-SQL-SQLRepository
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-SQLRepository
+schemaIDGUID:: XDzUEe/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: mS-SQL-SQLServer
+systemMayContain: mS-SQL-InformationDirectory
+systemMayContain: mS-SQL-Version
+systemMayContain: mS-SQL-Description
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-Build
+systemMayContain: mS-SQL-Contact
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-SQLRepository,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-SQLPublication,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-SQLPublication
+subClassOf: top
+governsID: 1.2.840.113556.1.5.187
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-SQLPublication
+adminDescription: MS-SQL-SQLPublication
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-SQLPublication
+schemaIDGUID:: TvbCF+/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: mS-SQL-SQLServer
+systemMayContain: mS-SQL-ThirdParty
+systemMayContain: mS-SQL-AllowSnapshotFilesFTPDownloading
+systemMayContain: mS-SQL-AllowQueuedUpdatingSubscription
+systemMayContain: mS-SQL-AllowImmediateUpdatingSubscription
+systemMayContain: mS-SQL-AllowKnownPullSubscription
+systemMayContain: mS-SQL-Publisher
+systemMayContain: mS-SQL-AllowAnonymousSubscription
+systemMayContain: mS-SQL-Database
+systemMayContain: mS-SQL-Type
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-Description
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-SQLPublication,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-SQLDatabase,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-SQLDatabase
+subClassOf: top
+governsID: 1.2.840.113556.1.5.188
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-SQLDatabase
+adminDescription: MS-SQL-SQLDatabase
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-SQLDatabase
+schemaIDGUID:: SmkIHe/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: mS-SQL-SQLServer
+systemMayContain: mS-SQL-Keywords
+systemMayContain: mS-SQL-InformationURL
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-Applications
+systemMayContain: mS-SQL-LastDiagnosticDate
+systemMayContain: mS-SQL-LastBackupDate
+systemMayContain: mS-SQL-CreationDate
+systemMayContain: mS-SQL-Size
+systemMayContain: mS-SQL-Contact
+systemMayContain: mS-SQL-Alias
+systemMayContain: mS-SQL-Description
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-SQLDatabase,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-OLAPDatabase,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-OLAPDatabase
+subClassOf: top
+governsID: 1.2.840.113556.1.5.189
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-OLAPDatabase
+adminDescription: MS-SQL-OLAPDatabase
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-OLAPDatabase
+schemaIDGUID:: GgOvIO/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: mS-SQL-OLAPServer
+systemMayContain: mS-SQL-Keywords
+systemMayContain: mS-SQL-PublicationURL
+systemMayContain: mS-SQL-ConnectionURL
+systemMayContain: mS-SQL-InformationURL
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-Applications
+systemMayContain: mS-SQL-LastBackupDate
+systemMayContain: mS-SQL-LastUpdatedDate
+systemMayContain: mS-SQL-Size
+systemMayContain: mS-SQL-Type
+systemMayContain: mS-SQL-Description
+systemMayContain: mS-SQL-Contact
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-OLAPDatabase,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-OLAPCube,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-OLAPCube
+subClassOf: top
+governsID: 1.2.840.113556.1.5.190
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-OLAPCube
+adminDescription: MS-SQL-OLAPCube
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-OLAPCube
+schemaIDGUID:: alDwCSjN0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: mS-SQL-OLAPDatabase
+systemMayContain: mS-SQL-Keywords
+systemMayContain: mS-SQL-PublicationURL
+systemMayContain: mS-SQL-InformationURL
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-LastUpdatedDate
+systemMayContain: mS-SQL-Size
+systemMayContain: mS-SQL-Description
+systemMayContain: mS-SQL-Contact
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-OLAPCube,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TAPI-Rt-Conference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-TAPI-Rt-Conference
+subClassOf: top
+governsID: 1.2.840.113556.1.5.221
+rDNAttID: msTAPI-uid
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msTAPI-RtConference
+adminDescription: msTAPI-RtConference
+objectClassCategory: 1
+lDAPDisplayName: msTAPI-RtConference
+schemaIDGUID:: NZd7yipLSU6Jw5kCUzTclA==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemMayContain: msTAPI-ConferenceBlob
+systemMayContain: msTAPI-ProtocolId
+systemMustContain: msTAPI-uid
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-TAPI-Rt-Conference,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TAPI-Rt-Person,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-TAPI-Rt-Person
+subClassOf: top
+governsID: 1.2.840.113556.1.5.222
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msTAPI-RtPerson
+adminDescription: msTAPI-RtPerson
+objectClassCategory: 1
+lDAPDisplayName: msTAPI-RtPerson
+schemaIDGUID:: tRzqUwS3+U2Bj1y07IbKwQ==
+systemOnly: FALSE
+systemPossSuperiors: organization
+systemPossSuperiors: organizationalUnit
+systemMayContain: msTAPI-uid
+systemMayContain: msTAPI-IpAddress
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-TAPI-Rt-Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-IntRangeParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-IntRangeParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.205
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-IntRangeParam
+adminDescription: ms-WMI-IntRangeParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-IntRangeParam
+schemaIDGUID:: fV3KUItc806531tm1JHlJg==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMayContain: msWMI-IntMax
+systemMayContain: msWMI-IntMin
+systemMustContain: msWMI-IntDefault
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-IntRangeParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-IntSetParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-IntSetParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.206
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-IntSetParam
+adminDescription: ms-WMI-IntSetParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-IntSetParam
+schemaIDGUID:: mg0vKXbPsEKEH7ZQ8zHfYg==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMayContain: msWMI-IntValidValues
+systemMustContain: msWMI-IntDefault
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-IntSetParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-MergeablePolicyTemplate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-MergeablePolicyTemplate
+subClassOf: msWMI-PolicyTemplate
+governsID: 1.2.840.113556.1.5.202
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-MergeablePolicyTemplate
+adminDescription: ms-WMI-MergeablePolicyTemplate
+objectClassCategory: 1
+lDAPDisplayName: msWMI-MergeablePolicyTemplate
+schemaIDGUID:: FCRQB8r9UUiwShNkWxHSJg==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-MergeablePolicyTemplate,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-ObjectEncoding,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-ObjectEncoding
+subClassOf: top
+governsID: 1.2.840.113556.1.5.217
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-ObjectEncoding
+adminDescription: ms-WMI-ObjectEncoding
+objectClassCategory: 1
+lDAPDisplayName: msWMI-ObjectEncoding
+schemaIDGUID:: yYHdVRLD+UGoTcatvfHo4Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMustContain: msWMI-Class
+systemMustContain: msWMI-ScopeGuid
+systemMustContain: msWMI-Parm1
+systemMustContain: msWMI-Parm2
+systemMustContain: msWMI-Parm3
+systemMustContain: msWMI-Parm4
+systemMustContain: msWMI-Genus
+systemMustContain: msWMI-intFlags1
+systemMustContain: msWMI-intFlags2
+systemMustContain: msWMI-intFlags3
+systemMustContain: msWMI-intFlags4
+systemMustContain: msWMI-ID
+systemMustContain: msWMI-TargetObject
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-ObjectEncoding,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-PolicyTemplate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-PolicyTemplate
+subClassOf: top
+governsID: 1.2.840.113556.1.5.200
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-PolicyTemplate
+adminDescription: ms-WMI-PolicyTemplate
+objectClassCategory: 1
+lDAPDisplayName: msWMI-PolicyTemplate
+schemaIDGUID:: 8YC84kokWU2sxspcT4Lm4Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msWMI-TargetType
+systemMayContain: msWMI-SourceOrganization
+systemMayContain: msWMI-Parm4
+systemMayContain: msWMI-Parm3
+systemMayContain: msWMI-Parm2
+systemMayContain: msWMI-Parm1
+systemMayContain: msWMI-intFlags4
+systemMayContain: msWMI-intFlags3
+systemMayContain: msWMI-intFlags2
+systemMayContain: msWMI-intFlags1
+systemMayContain: msWMI-CreationDate
+systemMayContain: msWMI-ChangeDate
+systemMayContain: msWMI-Author
+systemMustContain: msWMI-NormalizedClass
+systemMustContain: msWMI-TargetPath
+systemMustContain: msWMI-TargetClass
+systemMustContain: msWMI-TargetNameSpace
+systemMustContain: msWMI-Name
+systemMustContain: msWMI-ID
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-PolicyTemplate,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-PolicyType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-PolicyType
+subClassOf: top
+governsID: 1.2.840.113556.1.5.211
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-PolicyType
+adminDescription: ms-WMI-PolicyType
+objectClassCategory: 1
+lDAPDisplayName: msWMI-PolicyType
+schemaIDGUID:: EyZbWQlBd06QE6O7TvJ3xw==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msWMI-SourceOrganization
+systemMayContain: msWMI-Parm4
+systemMayContain: msWMI-Parm3
+systemMayContain: msWMI-Parm2
+systemMayContain: msWMI-Parm1
+systemMayContain: msWMI-intFlags4
+systemMayContain: msWMI-intFlags3
+systemMayContain: msWMI-intFlags2
+systemMayContain: msWMI-intFlags1
+systemMayContain: msWMI-CreationDate
+systemMayContain: msWMI-ChangeDate
+systemMayContain: msWMI-Author
+systemMustContain: msWMI-TargetObject
+systemMustContain: msWMI-ID
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-PolicyType,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-RangeParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-RangeParam
+subClassOf: top
+governsID: 1.2.840.113556.1.5.203
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-RangeParam
+adminDescription: ms-WMI-RangeParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-RangeParam
+schemaIDGUID:: V1r7RRhQD02QVpl8jJEi2Q==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMustContain: msWMI-TargetType
+systemMustContain: msWMI-TargetClass
+systemMustContain: msWMI-PropertyName
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-RangeParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-RealRangeParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-RealRangeParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.209
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-RealRangeParam
+adminDescription: ms-WMI-RealRangeParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-RealRangeParam
+schemaIDGUID:: 4o/+arxwzkyxZqlvc1nFFA==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMayContain: msWMI-Int8Max
+systemMayContain: msWMI-Int8Min
+systemMustContain: msWMI-Int8Default
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-RealRangeParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Rule,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-Rule
+subClassOf: top
+governsID: 1.2.840.113556.1.5.214
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Rule
+adminDescription: ms-WMI-Rule
+objectClassCategory: 1
+lDAPDisplayName: msWMI-Rule
+schemaIDGUID:: g29+PA7dG0igwnTNlu8qZg==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-Som
+systemPossSuperiors: container
+systemMustContain: msWMI-QueryLanguage
+systemMustContain: msWMI-TargetNameSpace
+systemMustContain: msWMI-Query
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-Rule,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-ShadowObject,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-ShadowObject
+subClassOf: top
+governsID: 1.2.840.113556.1.5.212
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-ShadowObject
+adminDescription: ms-WMI-ShadowObject
+objectClassCategory: 1
+lDAPDisplayName: msWMI-ShadowObject
+schemaIDGUID:: 30vk8dONNUKchvkfMfW1aQ==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-PolicyType
+systemMustContain: msWMI-TargetObject
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-ShadowObject,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-SimplePolicyTemplate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-SimplePolicyTemplate
+subClassOf: msWMI-PolicyTemplate
+governsID: 1.2.840.113556.1.5.201
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-SimplePolicyTemplate
+adminDescription: ms-WMI-SimplePolicyTemplate
+objectClassCategory: 1
+lDAPDisplayName: msWMI-SimplePolicyTemplate
+schemaIDGUID:: tbLIbN8S9kSDB+dPXN7jaQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMustContain: msWMI-TargetObject
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-SimplePolicyTemplate,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Som,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-Som
+subClassOf: top
+governsID: 1.2.840.113556.1.5.213
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Som
+adminDescription: ms-WMI-Som
+objectClassCategory: 1
+lDAPDisplayName: msWMI-Som
+schemaIDGUID:: eHCFq0IBBkSUWzTJtrEzcg==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msWMI-SourceOrganization
+systemMayContain: msWMI-Parm4
+systemMayContain: msWMI-Parm3
+systemMayContain: msWMI-Parm2
+systemMayContain: msWMI-Parm1
+systemMayContain: msWMI-intFlags4
+systemMayContain: msWMI-intFlags3
+systemMayContain: msWMI-intFlags2
+systemMayContain: msWMI-intFlags1
+systemMayContain: msWMI-CreationDate
+systemMayContain: msWMI-ChangeDate
+systemMayContain: msWMI-Author
+systemMustContain: msWMI-Name
+systemMustContain: msWMI-ID
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-Som,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-StringSetParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-StringSetParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.210
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-StringSetParam
+adminDescription: ms-WMI-StringSetParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-StringSetParam
+schemaIDGUID:: onnFC6cd6ky2mYB/O51jpA==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMayContain: msWMI-StringValidValues
+systemMustContain: msWMI-StringDefault
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-StringSetParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-UintRangeParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-UintRangeParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.207
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-UintRangeParam
+adminDescription: ms-WMI-UintRangeParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-UintRangeParam
+schemaIDGUID:: spmn2fPOs0i1rfuF+N0yFA==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMayContain: msWMI-IntMax
+systemMayContain: msWMI-IntMin
+systemMustContain: msWMI-IntDefault
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-UintRangeParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-UintSetParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-UintSetParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.208
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-UintSetParam
+adminDescription: ms-WMI-UintSetParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-UintSetParam
+schemaIDGUID:: MetLjxlO9UaTLl+gPDObHQ==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMayContain: msWMI-IntValidValues
+systemMustContain: msWMI-IntDefault
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-UintSetParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-UnknownRangeParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-UnknownRangeParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.204
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-UnknownRangeParam
+adminDescription: ms-WMI-UnknownRangeParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-UnknownRangeParam
+schemaIDGUID:: a8IquNvGmECSxknBijM24Q==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMustContain: msWMI-TargetObject
+systemMustContain: msWMI-NormalizedClass
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-UnknownRangeParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-WMIGPO,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-WMIGPO
+subClassOf: top
+governsID: 1.2.840.113556.1.5.215
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-WMIGPO
+adminDescription: ms-WMI-WMIGPO
+objectClassCategory: 1
+lDAPDisplayName: msWMI-WMIGPO
+schemaIDGUID:: AABjBSc53k6/J8qR8nXCbw==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msWMI-Parm4
+systemMayContain: msWMI-Parm3
+systemMayContain: msWMI-Parm2
+systemMayContain: msWMI-Parm1
+systemMayContain: msWMI-intFlags4
+systemMayContain: msWMI-intFlags3
+systemMayContain: msWMI-intFlags2
+systemMayContain: msWMI-intFlags1
+systemMustContain: msWMI-TargetClass
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-WMIGPO,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Configuration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Configuration
+subClassOf: top
+governsID: 1.2.840.113556.1.5.162
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Configuration
+adminDescription: MSMQ-Configuration
+objectClassCategory: 1
+lDAPDisplayName: mSMQConfiguration
+schemaIDGUID:: RMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemMayContain: mSMQSites
+systemMayContain: mSMQSignKey
+systemMayContain: mSMQServiceType
+systemMayContain: mSMQRoutingServices
+systemMayContain: mSMQQuota
+systemMayContain: mSMQOwnerID
+systemMayContain: mSMQOutRoutingServers
+systemMayContain: mSMQOSType
+systemMayContain: mSMQJournalQuota
+systemMayContain: mSMQInRoutingServers
+systemMayContain: mSMQForeign
+systemMayContain: mSMQEncryptKey
+systemMayContain: mSMQDsServices
+systemMayContain: mSMQDependentClientServices
+systemMayContain: mSMQComputerTypeEx
+systemMayContain: mSMQComputerType
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Configuration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Custom-Recipient,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Custom-Recipient
+subClassOf: top
+governsID: 1.2.840.113556.1.5.218
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Custom-Recipient
+adminDescription: MSMQ-Custom-Recipient
+objectClassCategory: 1
+lDAPDisplayName: msMQ-Custom-Recipient
+schemaIDGUID:: F2hth8w1bEOs6l73F03Zvg==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemPossSuperiors: container
+systemMayContain: msMQ-Recipient-FormatName
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Custom-Recipient,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Enterprise-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Enterprise-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.5.163
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Enterprise-Settings
+adminDescription: MSMQ-Enterprise-Settings
+objectClassCategory: 1
+lDAPDisplayName: mSMQEnterpriseSettings
+schemaIDGUID:: RcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: mSMQVersion
+systemMayContain: mSMQNameStyle
+systemMayContain: mSMQLongLived
+systemMayContain: mSMQInterval2
+systemMayContain: mSMQInterval1
+systemMayContain: mSMQCSPName
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Enterprise-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Group
+subClassOf: top
+governsID: 1.2.840.113556.1.5.219
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Group
+adminDescription: MSMQ-Group
+objectClassCategory: 1
+lDAPDisplayName: msMQ-Group
+schemaIDGUID:: rHqyRvqq+0+3c+W/Yh7oew==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemMustContain: member
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Group,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Migrated-User,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Migrated-User
+subClassOf: top
+governsID: 1.2.840.113556.1.5.179
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Migrated-User
+adminDescription: MSMQ-Migrated-User
+objectClassCategory: 1
+lDAPDisplayName: mSMQMigratedUser
+schemaIDGUID:: l2l3UD080hGQzADAT9kasQ==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemPossSuperiors: builtinDomain
+systemMayContain: mSMQUserSid
+systemMayContain: mSMQSignCertificatesMig
+systemMayContain: mSMQSignCertificates
+systemMayContain: mSMQDigestsMig
+systemMayContain: mSMQDigests
+systemMayContain: objectSid
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Migrated-User,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Queue,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Queue
+subClassOf: top
+governsID: 1.2.840.113556.1.5.161
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Queue
+adminDescription: MSMQ-Queue
+objectClassCategory: 1
+lDAPDisplayName: mSMQQueue
+schemaIDGUID:: Q8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: mSMQConfiguration
+systemMayContain: mSMQTransactional
+systemMayContain: MSMQ-SecuredSource
+systemMayContain: mSMQQueueType
+systemMayContain: mSMQQueueQuota
+systemMayContain: mSMQQueueNameExt
+systemMayContain: mSMQQueueJournalQuota
+systemMayContain: mSMQPrivacyLevel
+systemMayContain: mSMQOwnerID
+systemMayContain: MSMQ-MulticastAddress
+systemMayContain: mSMQLabelEx
+systemMayContain: mSMQLabel
+systemMayContain: mSMQJournal
+systemMayContain: mSMQBasePriority
+systemMayContain: mSMQAuthenticate
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Queue,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.5.165
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Settings
+adminDescription: MSMQ-Settings
+objectClassCategory: 1
+lDAPDisplayName: mSMQSettings
+schemaIDGUID:: R8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: server
+systemMayContain: mSMQSiteNameEx
+systemMayContain: mSMQSiteName
+systemMayContain: mSMQServices
+systemMayContain: mSMQRoutingService
+systemMayContain: mSMQQMID
+systemMayContain: mSMQOwnerID
+systemMayContain: mSMQNt4Flags
+systemMayContain: mSMQMigrated
+systemMayContain: mSMQDsService
+systemMayContain: mSMQDependentClientService
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Site-Link
+subClassOf: top
+governsID: 1.2.840.113556.1.5.164
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-Link
+adminDescription: MSMQ-Site-Link
+objectClassCategory: 1
+lDAPDisplayName: mSMQSiteLink
+schemaIDGUID:: RsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: mSMQEnterpriseSettings
+systemMayContain: mSMQSiteGatesMig
+systemMayContain: mSMQSiteGates
+systemMustContain: mSMQSite2
+systemMustContain: mSMQSite1
+systemMustContain: mSMQCost
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Site-Link,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTDS-Connection,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTDS-Connection
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.71
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTDS-Connection
+adminDescription: NTDS-Connection
+objectClassCategory: 1
+lDAPDisplayName: nTDSConnection
+schemaIDGUID:: YFoZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: nTFRSMember
+systemPossSuperiors: nTFRSReplicaSet
+systemPossSuperiors: nTDSDSA
+systemMayContain: transportType
+systemMayContain: schedule
+systemMayContain: mS-DS-ReplicatesNCReason
+systemMayContain: generatedConnection
+systemMustContain: options
+systemMustContain: fromServer
+systemMustContain: enabledConnection
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTDS-Connection,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTDS-DSA-RO,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTDS-DSA-RO
+subClassOf: nTDSDSA
+governsID: 1.2.840.113556.1.5.254
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTDS-DSA-RO
+adminDescription: 
+ A subclass of Directory Service Agent which is distinguished by its reduced pr
+ ivilege level.
+objectClassCategory: 1
+lDAPDisplayName: nTDSDSARO
+schemaIDGUID:: wW7RhZEHyEuKs3CYBgL/jA==
+systemOnly: TRUE
+systemPossSuperiors: organization
+systemPossSuperiors: server
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTDS-DSA-RO,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTDS-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTDS-Service
+subClassOf: top
+governsID: 1.2.840.113556.1.5.72
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTDS-Service
+adminDescription: NTDS-Service
+objectClassCategory: 1
+lDAPDisplayName: nTDSService
+schemaIDGUID:: X1oZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msDS-DeletedObjectLifetime
+systemMayContain: tombstoneLifetime
+systemMayContain: sPNMappings
+systemMayContain: replTopologyStayOfExecution
+systemMayContain: msDS-Other-Settings
+systemMayContain: garbageCollPeriod
+systemMayContain: dSHeuristics
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTDS-Site-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTDS-Site-Settings
+subClassOf: applicationSiteSettings
+governsID: 1.2.840.113556.1.5.69
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTDS-Site-Settings
+adminDescription: NTDS-Site-Settings
+objectClassCategory: 1
+lDAPDisplayName: nTDSSiteSettings
+schemaIDGUID:: XVoZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: site
+systemMayContain: schedule
+systemMayContain: queryPolicyObject
+systemMayContain: options
+systemMayContain: msDS-Preferred-GC-Site
+systemMayContain: managedBy
+systemMayContain: interSiteTopologyRenew
+systemMayContain: interSiteTopologyGenerator
+systemMayContain: interSiteTopologyFailover
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTDS-Site-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTFRS-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTFRS-Member
+subClassOf: top
+governsID: 1.2.840.113556.1.5.153
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTFRS-Member
+adminDescription: NTFRS-Member
+objectClassCategory: 1
+lDAPDisplayName: nTFRSMember
+schemaIDGUID:: hiUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: nTFRSReplicaSet
+systemMayContain: serverReference
+systemMayContain: fRSUpdateTimeout
+systemMayContain: fRSServiceCommand
+systemMayContain: fRSRootSecurity
+systemMayContain: fRSPartnerAuthLevel
+systemMayContain: fRSFlags
+systemMayContain: fRSExtensions
+systemMayContain: fRSControlOutboundBacklog
+systemMayContain: fRSControlInboundBacklog
+systemMayContain: fRSControlDataCreation
+systemMayContain: frsComputerReference
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTFRS-Member,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTFRS-Replica-Set,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTFRS-Replica-Set
+subClassOf: top
+governsID: 1.2.840.113556.1.5.102
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTFRS-Replica-Set
+adminDescription: NTFRS-Replica-Set
+objectClassCategory: 1
+lDAPDisplayName: nTFRSReplicaSet
+schemaIDGUID:: OoBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: nTFRSSettings
+systemMayContain: schedule
+systemMayContain: msFRS-Topology-Pref
+systemMayContain: msFRS-Hub-Member
+systemMayContain: managedBy
+systemMayContain: fRSVersionGUID
+systemMayContain: fRSServiceCommand
+systemMayContain: fRSRootSecurity
+systemMayContain: fRSReplicaSetType
+systemMayContain: fRSReplicaSetGUID
+systemMayContain: fRSPrimaryMember
+systemMayContain: fRSPartnerAuthLevel
+systemMayContain: fRSLevelLimit
+systemMayContain: fRSFlags
+systemMayContain: fRSFileFilter
+systemMayContain: fRSExtensions
+systemMayContain: fRSDSPoll
+systemMayContain: fRSDirectoryFilter
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(OA;;CCDC;2a132586-9373-11d1-aebc-0000f80367c1;;ED)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTFRS-Replica-Set,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTFRS-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTFRS-Settings
+subClassOf: applicationSettings
+governsID: 1.2.840.113556.1.5.89
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTFRS-Settings
+adminDescription: NTFRS-Settings
+objectClassCategory: 1
+lDAPDisplayName: nTFRSSettings
+schemaIDGUID:: wqyA9/BW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: nTFRSSettings
+systemPossSuperiors: container
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: organization
+systemMayContain: managedBy
+systemMayContain: fRSExtensions
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTFRS-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTFRS-Subscriber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTFRS-Subscriber
+subClassOf: top
+governsID: 1.2.840.113556.1.5.155
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTFRS-Subscriber
+adminDescription: NTFRS-Subscriber
+objectClassCategory: 1
+lDAPDisplayName: nTFRSSubscriber
+schemaIDGUID:: iCUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: nTFRSSubscriptions
+systemMayContain: schedule
+systemMayContain: fRSUpdateTimeout
+systemMayContain: fRSTimeLastConfigChange
+systemMayContain: fRSTimeLastCommand
+systemMayContain: fRSServiceCommandStatus
+systemMayContain: fRSServiceCommand
+systemMayContain: fRSMemberReference
+systemMayContain: fRSFlags
+systemMayContain: fRSFaultCondition
+systemMayContain: fRSExtensions
+systemMustContain: fRSStagingPath
+systemMustContain: fRSRootPath
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTFRS-Subscriber,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTFRS-Subscriptions,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTFRS-Subscriptions
+subClassOf: top
+governsID: 1.2.840.113556.1.5.154
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTFRS-Subscriptions
+adminDescription: NTFRS-Subscriptions
+objectClassCategory: 1
+lDAPDisplayName: nTFRSSubscriptions
+schemaIDGUID:: hyUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: user
+systemPossSuperiors: computer
+systemPossSuperiors: nTFRSSubscriptions
+systemMayContain: fRSWorkingPath
+systemMayContain: fRSVersion
+systemMayContain: fRSExtensions
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTFRS-Subscriptions,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Organizational-Person,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Organizational-Person
+subClassOf: person
+governsID: 2.5.6.7
+mayContain: msDS-HABSeniorityIndex
+mayContain: msDS-PhoneticDisplayName
+mayContain: msDS-PhoneticCompanyName
+mayContain: msDS-PhoneticDepartment
+mayContain: msDS-PhoneticLastName
+mayContain: msDS-PhoneticFirstName
+mayContain: houseIdentifier
+mayContain: msExchHouseIdentifier
+mayContain: homePostalAddress
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Organizational-Person
+adminDescription: Organizational-Person
+objectClassCategory: 0
+lDAPDisplayName: organizationalPerson
+schemaIDGUID:: pHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: organization
+systemPossSuperiors: container
+systemMayContain: msDS-AllowedToActOnBehalfOfOtherIdentity
+systemMayContain: x121Address
+systemMayContain: comment
+systemMayContain: title
+systemMayContain: co
+systemMayContain: primaryTelexNumber
+systemMayContain: telexNumber
+systemMayContain: teletexTerminalIdentifier
+systemMayContain: street
+systemMayContain: st
+systemMayContain: registeredAddress
+systemMayContain: preferredDeliveryMethod
+systemMayContain: postalCode
+systemMayContain: postalAddress
+systemMayContain: postOfficeBox
+systemMayContain: thumbnailPhoto
+systemMayContain: physicalDeliveryOfficeName
+systemMayContain: pager
+systemMayContain: otherPager
+systemMayContain: otherTelephone
+systemMayContain: mobile
+systemMayContain: otherMobile
+systemMayContain: primaryInternationalISDNNumber
+systemMayContain: ipPhone
+systemMayContain: otherIpPhone
+systemMayContain: otherHomePhone
+systemMayContain: homePhone
+systemMayContain: otherFacsimileTelephoneNumber
+systemMayContain: personalTitle
+systemMayContain: middleName
+systemMayContain: otherMailbox
+systemMayContain: ou
+systemMayContain: o
+systemMayContain: mhsORAddress
+systemMayContain: msDS-AllowedToDelegateTo
+systemMayContain: manager
+systemMayContain: thumbnailLogo
+systemMayContain: l
+systemMayContain: internationalISDNNumber
+systemMayContain: initials
+systemMayContain: givenName
+systemMayContain: generationQualifier
+systemMayContain: facsimileTelephoneNumber
+systemMayContain: employeeID
+systemMayContain: mail
+systemMayContain: division
+systemMayContain: destinationIndicator
+systemMayContain: department
+systemMayContain: c
+systemMayContain: countryCode
+systemMayContain: company
+systemMayContain: assistant
+systemMayContain: streetAddress
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Organizational-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Organizational-Role
+subClassOf: top
+governsID: 2.5.6.8
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Organizational-Role
+adminDescription: Organizational-Role
+objectClassCategory: 1
+lDAPDisplayName: organizationalRole
+schemaIDGUID:: v3TfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: organization
+systemPossSuperiors: container
+systemMayContain: x121Address
+systemMayContain: telexNumber
+systemMayContain: teletexTerminalIdentifier
+systemMayContain: telephoneNumber
+systemMayContain: street
+systemMayContain: st
+systemMayContain: seeAlso
+systemMayContain: roleOccupant
+systemMayContain: registeredAddress
+systemMayContain: preferredDeliveryMethod
+systemMayContain: postalCode
+systemMayContain: postalAddress
+systemMayContain: postOfficeBox
+systemMayContain: physicalDeliveryOfficeName
+systemMayContain: ou
+systemMayContain: l
+systemMayContain: internationalISDNNumber
+systemMayContain: facsimileTelephoneNumber
+systemMayContain: destinationIndicator
+systemMustContain: cn
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Organizational-Role,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Organizational-Unit
+subClassOf: top
+governsID: 2.5.6.5
+rDNAttID: ou
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Organizational-Unit
+adminDescription: Organizational-Unit
+objectClassCategory: 1
+lDAPDisplayName: organizationalUnit
+schemaIDGUID:: pXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: country
+systemPossSuperiors: organization
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: x121Address
+systemMayContain: userPassword
+systemMayContain: uPNSuffixes
+systemMayContain: co
+systemMayContain: telexNumber
+systemMayContain: teletexTerminalIdentifier
+systemMayContain: telephoneNumber
+systemMayContain: street
+systemMayContain: st
+systemMayContain: seeAlso
+systemMayContain: searchGuide
+systemMayContain: registeredAddress
+systemMayContain: preferredDeliveryMethod
+systemMayContain: postalCode
+systemMayContain: postalAddress
+systemMayContain: postOfficeBox
+systemMayContain: physicalDeliveryOfficeName
+systemMayContain: msCOM-UserPartitionSetLink
+systemMayContain: managedBy
+systemMayContain: thumbnailLogo
+systemMayContain: l
+systemMayContain: internationalISDNNumber
+systemMayContain: gPOptions
+systemMayContain: gPLink
+systemMayContain: facsimileTelephoneNumber
+systemMayContain: destinationIndicator
+systemMayContain: desktopProfile
+systemMayContain: defaultGroup
+systemMayContain: countryCode
+systemMayContain: c
+systemMayContain: businessCategory
+systemMustContain: ou
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(OA;;CCDC;bf967a86-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aba-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967a9c-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;ED)(OA;;CCDC;4828CC14-1437-45bc-9B07-AD6F015E5F28;;AO)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Package-Registration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Package-Registration
+subClassOf: top
+governsID: 1.2.840.113556.1.5.49
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Package-Registration
+adminDescription: Package-Registration
+objectClassCategory: 1
+lDAPDisplayName: packageRegistration
+schemaIDGUID:: pnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: classStore
+systemMayContain: versionNumberLo
+systemMayContain: versionNumberHi
+systemMayContain: vendor
+systemMayContain: upgradeProductCode
+systemMayContain: setupCommand
+systemMayContain: productCode
+systemMayContain: packageType
+systemMayContain: packageName
+systemMayContain: packageFlags
+systemMayContain: msiScriptSize
+systemMayContain: msiScriptPath
+systemMayContain: msiScriptName
+systemMayContain: msiScript
+systemMayContain: msiFileList
+systemMayContain: managedBy
+systemMayContain: machineArchitecture
+systemMayContain: localeID
+systemMayContain: lastUpdateSequence
+systemMayContain: installUiLevel
+systemMayContain: iconPath
+systemMayContain: fileExtPriority
+systemMayContain: cOMTypelibId
+systemMayContain: cOMProgID
+systemMayContain: cOMInterfaceID
+systemMayContain: cOMClassID
+systemMayContain: categories
+systemMayContain: canUpgradeScript
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Package-Registration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Physical-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Physical-Location
+subClassOf: locality
+governsID: 1.2.840.113556.1.5.97
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Physical-Location
+adminDescription: Physical-Location
+objectClassCategory: 1
+lDAPDisplayName: physicalLocation
+schemaIDGUID:: IjGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: physicalLocation
+systemPossSuperiors: configuration
+systemMayContain: managedBy
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Physical-Location,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Certificate-Template,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: PKI-Certificate-Template
+subClassOf: top
+governsID: 1.2.840.113556.1.5.177
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Certificate-Template
+adminDescription: PKI-Certificate-Template
+objectClassCategory: 1
+lDAPDisplayName: pKICertificateTemplate
+schemaIDGUID:: opwg5bo70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: pKIOverlapPeriod
+systemMayContain: pKIMaxIssuingDepth
+systemMayContain: pKIKeyUsage
+systemMayContain: pKIExtendedKeyUsage
+systemMayContain: pKIExpirationPeriod
+systemMayContain: pKIEnrollmentAccess
+systemMayContain: pKIDefaultCSPs
+systemMayContain: pKIDefaultKeySpec
+systemMayContain: pKICriticalExtensions
+systemMayContain: msPKI-RA-Signature
+systemMayContain: msPKI-RA-Policies
+systemMayContain: msPKI-RA-Application-Policies
+systemMayContain: msPKI-Template-Schema-Version
+systemMayContain: msPKI-Template-Minor-Revision
+systemMayContain: msPKI-Supersede-Templates
+systemMayContain: msPKI-Private-Key-Flag
+systemMayContain: msPKI-Minimal-Key-Size
+systemMayContain: msPKI-Enrollment-Flag
+systemMayContain: msPKI-Certificate-Policy
+systemMayContain: msPKI-Certificate-Name-Flag
+systemMayContain: msPKI-Certificate-Application-Policy
+systemMayContain: msPKI-Cert-Template-OID
+systemMayContain: flags
+systemMayContain: displayName
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=PKI-Certificate-Template,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Enrollment-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: PKI-Enrollment-Service
+subClassOf: top
+governsID: 1.2.840.113556.1.5.178
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Enrollment-Service
+adminDescription: PKI-Enrollment-Service
+objectClassCategory: 1
+lDAPDisplayName: pKIEnrollmentService
+schemaIDGUID:: kqZK7ro70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msPKI-Site-Name
+systemMayContain: msPKI-Enrollment-Servers
+systemMayContain: signatureAlgorithms
+systemMayContain: enrollmentProviders
+systemMayContain: dNSHostName
+systemMayContain: certificateTemplates
+systemMayContain: cACertificateDN
+systemMayContain: cACertificate
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=PKI-Enrollment-Service,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Private-Key-Recovery-Agent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-PKI-Private-Key-Recovery-Agent
+subClassOf: top
+governsID: 1.2.840.113556.1.5.223
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Private-Key-Recovery-Agent
+adminDescription: ms-PKI-Private-Key-Recovery-Agent
+objectClassCategory: 1
+lDAPDisplayName: msPKI-PrivateKeyRecoveryAgent
+schemaIDGUID:: MqZiFblEfkqi0+QmyWo6zA==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMustContain: userCertificate
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-PKI-Private-Key-Recovery-Agent,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Queue,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Print-Queue
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.23
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Queue
+adminDescription: Print-Queue
+objectClassCategory: 1
+lDAPDisplayName: printQueue
+schemaIDGUID:: qHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemMayContain: priority
+systemMayContain: printStatus
+systemMayContain: printStartTime
+systemMayContain: printStaplingSupported
+systemMayContain: printSpooling
+systemMayContain: printShareName
+systemMayContain: printSeparatorFile
+systemMayContain: printRateUnit
+systemMayContain: printRate
+systemMayContain: printPagesPerMinute
+systemMayContain: printOwner
+systemMayContain: printOrientationsSupported
+systemMayContain: printNumberUp
+systemMayContain: printNotify
+systemMayContain: printNetworkAddress
+systemMayContain: printMinYExtent
+systemMayContain: printMinXExtent
+systemMayContain: printMemory
+systemMayContain: printMediaSupported
+systemMayContain: printMediaReady
+systemMayContain: printMaxYExtent
+systemMayContain: printMaxXExtent
+systemMayContain: printMaxResolutionSupported
+systemMayContain: printMaxCopies
+systemMayContain: printMACAddress
+systemMayContain: printLanguage
+systemMayContain: printKeepPrintedJobs
+systemMayContain: printFormName
+systemMayContain: printEndTime
+systemMayContain: printDuplexSupported
+systemMayContain: printColor
+systemMayContain: printCollate
+systemMayContain: printBinNames
+systemMayContain: printAttributes
+systemMayContain: portName
+systemMayContain: physicalLocationObject
+systemMayContain: operatingSystemVersion
+systemMayContain: operatingSystemServicePack
+systemMayContain: operatingSystemHotfix
+systemMayContain: operatingSystem
+systemMayContain: location
+systemMayContain: driverVersion
+systemMayContain: driverName
+systemMayContain: defaultPriority
+systemMayContain: bytesPerMinute
+systemMayContain: assetNumber
+systemMustContain: versionNumber
+systemMustContain: uNCName
+systemMustContain: shortServerName
+systemMustContain: serverName
+systemMustContain: printerName
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;PO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Print-Queue,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Query-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Query-Policy
+subClassOf: top
+governsID: 1.2.840.113556.1.5.106
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Query-Policy
+adminDescription: Query-Policy
+objectClassCategory: 1
+lDAPDisplayName: queryPolicy
+schemaIDGUID:: dXDMg6fM0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: lDAPIPDenyList
+systemMayContain: lDAPAdminLimits
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Query-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Mail-Recipient,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Remote-Mail-Recipient
+subClassOf: top
+governsID: 1.2.840.113556.1.5.24
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Remote-Mail-Recipient
+adminDescription: Remote-Mail-Recipient
+objectClassCategory: 1
+lDAPDisplayName: remoteMailRecipient
+schemaIDGUID:: qXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: remoteSourceType
+systemMayContain: remoteSource
+systemMayContain: managedBy
+systemAuxiliaryClass: mailRecipient
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(OA;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Remote-Mail-Recipient,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Storage-Service-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Remote-Storage-Service-Point
+subClassOf: serviceAdministrationPoint
+governsID: 1.2.840.113556.1.5.146
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Remote-Storage-Service-Point
+adminDescription: Remote-Storage-Service-Point
+objectClassCategory: 1
+lDAPDisplayName: remoteStorageServicePoint
+schemaIDGUID:: vcU5KmCJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemMayContain: remoteStorageGUID
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Remote-Storage-Service-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Residential-Person,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Residential-Person
+subClassOf: person
+governsID: 2.5.6.10
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Residential-Person
+adminDescription: Residential-Person
+objectClassCategory: 1
+lDAPDisplayName: residentialPerson
+schemaIDGUID:: 1nTfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: locality
+systemPossSuperiors: container
+systemMayContain: x121Address
+systemMayContain: title
+systemMayContain: telexNumber
+systemMayContain: teletexTerminalIdentifier
+systemMayContain: street
+systemMayContain: st
+systemMayContain: registeredAddress
+systemMayContain: preferredDeliveryMethod
+systemMayContain: postalCode
+systemMayContain: postalAddress
+systemMayContain: postOfficeBox
+systemMayContain: physicalDeliveryOfficeName
+systemMayContain: ou
+systemMayContain: l
+systemMayContain: internationalISDNNumber
+systemMayContain: facsimileTelephoneNumber
+systemMayContain: destinationIndicator
+systemMayContain: businessCategory
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Residential-Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rFC822LocalPart,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rFC822LocalPart
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: domain
+governsID: 0.9.2342.19200300.100.4.14
+mayContain: x121Address
+mayContain: telexNumber
+mayContain: teletexTerminalIdentifier
+mayContain: telephoneNumber
+mayContain: street
+mayContain: sn
+mayContain: seeAlso
+mayContain: registeredAddress
+mayContain: preferredDeliveryMethod
+mayContain: postOfficeBox
+mayContain: postalCode
+mayContain: postalAddress
+mayContain: physicalDeliveryOfficeName
+mayContain: internationalISDNNumber
+mayContain: facsimileTelephoneNumber
+mayContain: destinationIndicator
+mayContain: description
+mayContain: cn
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rFC822LocalPart
+adminDescription: 
+ The rFC822LocalPart object class is used to define entries which represent the
+  local part of mail addresses.
+objectClassCategory: 1
+lDAPDisplayName: rFC822LocalPart
+schemaIDGUID:: eDo+ua7LXkige170rlBWhg==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rFC822LocalPart,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Manager,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: RID-Manager
+subClassOf: top
+governsID: 1.2.840.113556.1.5.83
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Manager
+adminDescription: RID-Manager
+objectClassCategory: 1
+lDAPDisplayName: rIDManager
+schemaIDGUID:: jRgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: TRUE
+systemPossSuperiors: container
+systemMayContain: msDS-RIDPoolAllocationEnabled
+systemMustContain: rIDAvailablePool
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)S:(AU;SA;CRWP;;;WD)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=RID-Manager,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Set,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: RID-Set
+subClassOf: top
+governsID: 1.2.840.113556.1.5.129
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Set
+adminDescription: RID-Set
+objectClassCategory: 1
+lDAPDisplayName: rIDSet
+schemaIDGUID:: icv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: TRUE
+systemPossSuperiors: user
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemMustContain: rIDUsedPool
+systemMustContain: rIDPreviousAllocationPool
+systemMustContain: rIDNextRID
+systemMustContain: rIDAllocationPool
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=RID-Set,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=room,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: room
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 0.9.2342.19200300.100.4.7
+mustContain: cn
+mayContain: location
+mayContain: telephoneNumber
+mayContain: seeAlso
+mayContain: description
+mayContain: roomNumber
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: room
+adminDescription: 
+ The room object class is used to define entries representing rooms.
+objectClassCategory: 1
+lDAPDisplayName: room
+schemaIDGUID:: 0uVgeLDIu0y9RdlFW+uSBg==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=room,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Rpc-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Rpc-Container
+subClassOf: container
+governsID: 1.2.840.113556.1.5.136
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Rpc-Container
+adminDescription: Rpc-Container
+objectClassCategory: 1
+lDAPDisplayName: rpcContainer
+schemaIDGUID:: QighgNxL0RGpxAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: nameServiceFlags
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Rpc-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rpc-Entry
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.27
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Entry
+adminDescription: rpc-Entry
+objectClassCategory: 2
+lDAPDisplayName: rpcEntry
+schemaIDGUID:: rHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rpc-Entry,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rpc-Group
+subClassOf: rpcEntry
+governsID: 1.2.840.113556.1.5.80
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Group
+adminDescription: rpc-Group
+objectClassCategory: 1
+lDAPDisplayName: rpcGroup
+schemaIDGUID:: 3xthiPSM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: rpcNsObjectID
+systemMayContain: rpcNsGroup
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rpc-Group,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Profile,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rpc-Profile
+subClassOf: rpcEntry
+governsID: 1.2.840.113556.1.5.82
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Profile
+adminDescription: rpc-Profile
+objectClassCategory: 1
+lDAPDisplayName: rpcProfile
+schemaIDGUID:: 4RthiPSM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rpc-Profile,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Profile-Element,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rpc-Profile-Element
+subClassOf: rpcEntry
+governsID: 1.2.840.113556.1.5.26
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Profile-Element
+adminDescription: rpc-Profile-Element
+objectClassCategory: 1
+lDAPDisplayName: rpcProfileElement
+schemaIDGUID:: z1OW8tB60BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: rpcProfile
+systemMayContain: rpcNsProfileEntry
+systemMayContain: rpcNsAnnotation
+systemMustContain: rpcNsPriority
+systemMustContain: rpcNsInterfaceID
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rpc-Profile-Element,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rpc-Server
+subClassOf: rpcEntry
+governsID: 1.2.840.113556.1.5.81
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Server
+adminDescription: rpc-Server
+objectClassCategory: 1
+lDAPDisplayName: rpcServer
+schemaIDGUID:: 4BthiPSM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: rpcNsObjectID
+systemMayContain: rpcNsEntryFlags
+systemMayContain: rpcNsCodeset
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rpc-Server,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Server-Element,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rpc-Server-Element
+subClassOf: rpcEntry
+governsID: 1.2.840.113556.1.5.73
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Server-Element
+adminDescription: rpc-Server-Element
+objectClassCategory: 1
+lDAPDisplayName: rpcServerElement
+schemaIDGUID:: 0FOW8tB60BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: rpcServer
+systemMustContain: rpcNsTransferSyntax
+systemMustContain: rpcNsInterfaceID
+systemMustContain: rpcNsBindings
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rpc-Server-Element,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RRAS-Administration-Connection-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: RRAS-Administration-Connection-Point
+subClassOf: serviceAdministrationPoint
+governsID: 1.2.840.113556.1.5.150
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RRAS-Administration-Connection-Point
+adminDescription: RRAS-Administration-Connection-Point
+objectClassCategory: 1
+lDAPDisplayName: rRASAdministrationConnectionPoint
+schemaIDGUID:: vsU5KmCJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemMayContain: msRRASAttribute
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=RRAS-Administration-Connection-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RRAS-Administration-Dictionary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: RRAS-Administration-Dictionary
+subClassOf: top
+governsID: 1.2.840.113556.1.5.156
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RRAS-Administration-Dictionary
+adminDescription: RRAS-Administration-Dictionary
+objectClassCategory: 1
+lDAPDisplayName: rRASAdministrationDictionary
+schemaIDGUID:: rpib842T0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msRRASVendorAttributeEntry
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=RRAS-Administration-Dictionary,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sam-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Sam-Domain
+subClassOf: top
+governsID: 1.2.840.113556.1.5.3
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sam-Domain
+adminDescription: Sam-Domain
+objectClassCategory: 3
+lDAPDisplayName: samDomain
+schemaIDGUID:: kHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemMayContain: treeName
+systemMayContain: rIDManagerReference
+systemMayContain: replicaSource
+systemMayContain: pwdProperties
+systemMayContain: pwdHistoryLength
+systemMayContain: privateKey
+systemMayContain: pekList
+systemMayContain: pekKeyChangeInterval
+systemMayContain: nTMixedDomain
+systemMayContain: nextRid
+systemMayContain: nETBIOSName
+systemMayContain: msDS-PerUserTrustTombstonesQuota
+systemMayContain: msDS-PerUserTrustQuota
+systemMayContain: ms-DS-MachineAccountQuota
+systemMayContain: msDS-LogonTimeSyncInterval
+systemMayContain: msDS-AllUsersTrustQuota
+systemMayContain: modifiedCountAtLastProm
+systemMayContain: minPwdLength
+systemMayContain: minPwdAge
+systemMayContain: maxPwdAge
+systemMayContain: lSAModifiedCount
+systemMayContain: lSACreationTime
+systemMayContain: lockoutThreshold
+systemMayContain: lockoutDuration
+systemMayContain: lockOutObservationWindow
+systemMayContain: gPOptions
+systemMayContain: gPLink
+systemMayContain: eFSPolicy
+systemMayContain: domainPolicyObject
+systemMayContain: desktopProfile
+systemMayContain: description
+systemMayContain: defaultLocalPolicyObject
+systemMayContain: creationTime
+systemMayContain: controlAccessRights
+systemMayContain: cACertificate
+systemMayContain: builtinModifiedCount
+systemMayContain: builtinCreationTime
+systemMayContain: auditingPolicy
+systemAuxiliaryClass: samDomainBase
+defaultSecurityDescriptor: 
+ D:(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;S-1-5-21-3516728528-1120570704
+ -3572002616-498)(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(
+ OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79
+ f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;11
+ 31f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc
+ 2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRC
+ WDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSD
+ DTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967
+ aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc
+ 2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9
+ 020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-
+ 20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;R
+ P;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU
+ )(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-
+ 0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-
+ 11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b42
+ 2-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79
+ a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;
+ bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(
+ OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F01
+ 5E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-
+ 9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;R
+ U)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-
+ ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967ab
+ a-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f
+ 608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854
+ e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;WP;ea1b7b93-5e
+ 48-46d5-bc6c-4df4fda78a35;bf967a86-0de6-11d0-a285-00aa003049e2;PS)(OA;;CR;1131
+ f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda6
+ 40c;;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;89e95b76-444d
+ -4c62-991a-0facbeda640c;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-
+ 5-32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6a
+ d-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)
+ (OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ae-9c07-11d1-f7
+ 9f-00c04fc2dcd2;;BA)(OA;CIIO;CRRPWP;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)(
+ OA;CIOI;RPWP;3f78c3e5-f79a-46bd-a0b8-9d18116ddc79;;PS)(OA;CIIO;SW;9b026da6-0d3
+ c-465c-8bee-5199d7165cba;bf967a86-0de6-11d0-a285-00aa003049e2;PS)(OA;CIIO;SW;9
+ b026da6-0d3c-465c-8bee-5199d7165cba;bf967a86-0de6-11d0-a285-00aa003049e2;CO)S:
+ (AU;SA;WDWOWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d
+ 1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3b
+ bf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Sam-Domain,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sam-Domain-Base,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Sam-Domain-Base
+subClassOf: top
+governsID: 1.2.840.113556.1.5.2
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sam-Domain-Base
+adminDescription: Sam-Domain-Base
+objectClassCategory: 3
+lDAPDisplayName: samDomainBase
+schemaIDGUID:: kXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemMayContain: uASCompat
+systemMayContain: serverState
+systemMayContain: serverRole
+systemMayContain: revision
+systemMayContain: pwdProperties
+systemMayContain: pwdHistoryLength
+systemMayContain: oEMInformation
+systemMayContain: objectSid
+systemMayContain: nTSecurityDescriptor
+systemMayContain: nextRid
+systemMayContain: modifiedCountAtLastProm
+systemMayContain: modifiedCount
+systemMayContain: minPwdLength
+systemMayContain: minPwdAge
+systemMayContain: maxPwdAge
+systemMayContain: lockoutThreshold
+systemMayContain: lockoutDuration
+systemMayContain: lockOutObservationWindow
+systemMayContain: forceLogoff
+systemMayContain: domainReplica
+systemMayContain: creationTime
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Sam-Domain-Base,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sam-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Sam-Server
+subClassOf: securityObject
+governsID: 1.2.840.113556.1.5.5
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sam-Server
+adminDescription: Sam-Server
+objectClassCategory: 1
+lDAPDisplayName: samServer
+schemaIDGUID:: rXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemMayContain: samDomainUpdates
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPLCLORC;;;RU)(OA;;CR;91d67418-0135-4acc-8d79-c08e857cfbec;;AU)(OA;;CR;91d67418-0135-4acc-8d79-c08e857cfbec;;RU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Sam-Server,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Secret,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Secret
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.28
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Secret
+adminDescription: Secret
+objectClassCategory: 1
+lDAPDisplayName: secret
+schemaIDGUID:: rnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: priorValue
+systemMayContain: priorSetTime
+systemMayContain: lastSetTime
+systemMayContain: currentValue
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Secret,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Security-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Security-Object
+subClassOf: top
+governsID: 1.2.840.113556.1.5.1
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Security-Object
+adminDescription: Security-Object
+objectClassCategory: 2
+lDAPDisplayName: securityObject
+schemaIDGUID:: r3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMustContain: cn
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Security-Object,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Security-Principal,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Security-Principal
+subClassOf: top
+governsID: 1.2.840.113556.1.5.6
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Security-Principal
+adminDescription: Security-Principal
+objectClassCategory: 3
+lDAPDisplayName: securityPrincipal
+schemaIDGUID:: sHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemMayContain: supplementalCredentials
+systemMayContain: sIDHistory
+systemMayContain: securityIdentifier
+systemMayContain: sAMAccountType
+systemMayContain: rid
+systemMayContain: msds-tokenGroupNamesNoGCAcceptable
+systemMayContain: msds-tokenGroupNamesGlobalAndUniversal
+systemMayContain: msds-tokenGroupNames
+systemMayContain: tokenGroupsNoGCAcceptable
+systemMayContain: tokenGroupsGlobalAndUniversal
+systemMayContain: tokenGroups
+systemMayContain: nTSecurityDescriptor
+systemMayContain: msDS-KeyVersionNumber
+systemMayContain: altSecurityIdentities
+systemMayContain: accountNameHistory
+systemMustContain: sAMAccountName
+systemMustContain: objectSid
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Security-Principal,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Server
+subClassOf: top
+governsID: 1.2.840.113556.1.5.17
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Server
+adminDescription: Server
+objectClassCategory: 1
+lDAPDisplayName: server
+schemaIDGUID:: knqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: serversContainer
+systemMayContain: msDS-IsUserCachableAtRodc
+systemMayContain: msDS-SiteName
+systemMayContain: msDS-isRODC
+systemMayContain: msDS-isGC
+systemMayContain: mailAddress
+systemMayContain: serverReference
+systemMayContain: serialNumber
+systemMayContain: managedBy
+systemMayContain: dNSHostName
+systemMayContain: bridgeheadTransportList
+defaultSecurityDescriptor: D:(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Server,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Servers-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Servers-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.7000.48
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Servers-Container
+adminDescription: Servers-Container
+objectClassCategory: 1
+lDAPDisplayName: serversContainer
+schemaIDGUID:: wKyA9/BW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: site
+defaultSecurityDescriptor: D:(A;;CC;;;BA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Servers-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Administration-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Service-Administration-Point
+subClassOf: serviceConnectionPoint
+governsID: 1.2.840.113556.1.5.94
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Administration-Point
+adminDescription: Service-Administration-Point
+objectClassCategory: 1
+lDAPDisplayName: serviceAdministrationPoint
+schemaIDGUID:: IzGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: computer
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Service-Administration-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Service-Class
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.29
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Class
+adminDescription: Service-Class
+objectClassCategory: 1
+lDAPDisplayName: serviceClass
+schemaIDGUID:: sXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: serviceClassInfo
+systemMustContain: serviceClassID
+systemMustContain: displayName
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Service-Class,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Connection-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Service-Connection-Point
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.126
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Connection-Point
+adminDescription: Service-Connection-Point
+objectClassCategory: 1
+lDAPDisplayName: serviceConnectionPoint
+schemaIDGUID:: wQ5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemMayContain: versionNumberLo
+systemMayContain: versionNumberHi
+systemMayContain: versionNumber
+systemMayContain: vendor
+systemMayContain: serviceDNSNameType
+systemMayContain: serviceDNSName
+systemMayContain: serviceClassName
+systemMayContain: serviceBindingInformation
+systemMayContain: appSchemaVersion
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Service-Connection-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Instance,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Service-Instance
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.30
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Instance
+adminDescription: Service-Instance
+objectClassCategory: 1
+lDAPDisplayName: serviceInstance
+schemaIDGUID:: snqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: winsockAddresses
+systemMayContain: serviceInstanceVersion
+systemMustContain: serviceClassID
+systemMustContain: displayName
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Service-Instance,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=simpleSecurityObject,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: simpleSecurityObject
+subClassOf: top
+governsID: 0.9.2342.19200300.100.4.19
+mayContain: userPassword
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: simpleSecurityObject
+adminDescription: 
+ The simpleSecurityObject object class is used to allow an entry to have a user
+ Password attribute when an entry's principal object classes do not allow userP
+ assword as an attribute type.
+objectClassCategory: 3
+lDAPDisplayName: simpleSecurityObject
+schemaIDGUID:: C5vmX0bhFU+wq8Hl1IjglA==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=simpleSecurityObject,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Site
+subClassOf: top
+governsID: 1.2.840.113556.1.5.31
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site
+adminDescription: Site
+objectClassCategory: 1
+lDAPDisplayName: site
+schemaIDGUID:: s3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: sitesContainer
+systemMayContain: msDS-BridgeHeadServersUsed
+systemMayContain: notificationList
+systemMayContain: mSMQSiteID
+systemMayContain: mSMQSiteForeign
+systemMayContain: mSMQNt4Stub
+systemMayContain: mSMQInterval2
+systemMayContain: mSMQInterval1
+systemMayContain: managedBy
+systemMayContain: location
+systemMayContain: gPOptions
+systemMayContain: gPLink
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;ED)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Site,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Site-Link
+subClassOf: top
+governsID: 1.2.840.113556.1.5.147
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-Link
+adminDescription: Site-Link
+objectClassCategory: 1
+lDAPDisplayName: siteLink
+schemaIDGUID:: 3iwM1VGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: interSiteTransport
+systemMayContain: schedule
+systemMayContain: replInterval
+systemMayContain: options
+systemMayContain: cost
+systemMustContain: siteList
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Site-Link,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Link-Bridge,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Site-Link-Bridge
+subClassOf: top
+governsID: 1.2.840.113556.1.5.148
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-Link-Bridge
+adminDescription: Site-Link-Bridge
+objectClassCategory: 1
+lDAPDisplayName: siteLinkBridge
+schemaIDGUID:: 3ywM1VGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: interSiteTransport
+systemMustContain: siteLinkList
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Site-Link-Bridge,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sites-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Sites-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.107
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sites-Container
+adminDescription: Sites-Container
+objectClassCategory: 1
+lDAPDisplayName: sitesContainer
+schemaIDGUID:: 2hdBemfN0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: configuration
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Storage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Storage
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.33
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Storage
+adminDescription: Storage
+objectClassCategory: 1
+lDAPDisplayName: storage
+schemaIDGUID:: tXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: monikerDisplayName
+systemMayContain: moniker
+systemMayContain: iconPath
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Storage,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Subnet,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Subnet
+subClassOf: top
+governsID: 1.2.840.113556.1.5.96
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Subnet
+adminDescription: Subnet
+objectClassCategory: 1
+lDAPDisplayName: subnet
+schemaIDGUID:: JDGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: subnetContainer
+systemMayContain: siteObject
+systemMayContain: physicalLocationObject
+systemMayContain: location
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Subnet,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Subnet-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Subnet-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.95
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Subnet-Container
+adminDescription: Subnet-Container
+objectClassCategory: 1
+lDAPDisplayName: subnetContainer
+schemaIDGUID:: JTGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: sitesContainer
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Subnet-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Top
+subClassOf: top
+governsID: 2.5.6.0
+mayContain: msSFU30PosixMemberOf
+mayContain: msDFSR-ComputerReferenceBL
+mayContain: msDFSR-MemberReferenceBL
+mayContain: msDS-ObjectReferenceBL
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Top
+adminDescription: Top
+objectClassCategory: 2
+lDAPDisplayName: top
+schemaIDGUID:: t3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemPossSuperiors: lostAndFound
+systemMayContain: msDS-ObjectSoa
+systemMayContain: msDS-SourceAnchor
+systemMayContain: msDS-CloudAnchor
+systemMayContain: msDS-ReplValueMetaDataExt
+systemMayContain: msDS-parentdistname
+systemMayContain: msds-memberTransitive
+systemMayContain: msds-memberOfTransitive
+systemMayContain: msDS-TDOEgressBL
+systemMayContain: msDS-TDOIngressBL
+systemMayContain: msDS-ValueTypeReferenceBL
+systemMayContain: msDS-IsPrimaryComputerFor
+systemMayContain: msDS-ClaimSharesPossibleValuesWithBL
+systemMayContain: msDS-MembersOfResourcePropertyListBL
+systemMayContain: msDS-EnabledFeatureBL
+systemMayContain: msDS-LastKnownRDN
+systemMayContain: msDS-HostServiceAccountBL
+systemMayContain: msDS-OIDToGroupLinkBl
+systemMayContain: msDS-LocalEffectiveRecycleTime
+systemMayContain: msDS-LocalEffectiveDeletionTime
+systemMayContain: msDS-PSOApplied
+systemMayContain: msDS-NcType
+systemMayContain: msDS-PrincipalName
+systemMayContain: msDS-RevealedListBL
+systemMayContain: msDS-NC-RO-Replica-Locations-BL
+systemMayContain: msDS-AuthenticatedToAccountlist
+systemMayContain: msDS-IsPartialReplicaFor
+systemMayContain: msDS-IsDomainFor
+systemMayContain: msDS-IsFullReplicaFor
+systemMayContain: msDS-RevealedDSAs
+systemMayContain: msDS-KrbTgtLinkBl
+systemMayContain: url
+systemMayContain: wWWHomePage
+systemMayContain: whenCreated
+systemMayContain: whenChanged
+systemMayContain: wellKnownObjects
+systemMayContain: wbemPath
+systemMayContain: uSNSource
+systemMayContain: uSNLastObjRem
+systemMayContain: USNIntersite
+systemMayContain: uSNDSALastObjRemoved
+systemMayContain: uSNCreated
+systemMayContain: uSNChanged
+systemMayContain: systemFlags
+systemMayContain: subSchemaSubEntry
+systemMayContain: subRefs
+systemMayContain: structuralObjectClass
+systemMayContain: siteObjectBL
+systemMayContain: serverReferenceBL
+systemMayContain: sDRightsEffective
+systemMayContain: revision
+systemMayContain: repsTo
+systemMayContain: repsFrom
+systemMayContain: directReports
+systemMayContain: replUpToDateVector
+systemMayContain: replPropertyMetaData
+systemMayContain: name
+systemMayContain: queryPolicyBL
+systemMayContain: proxyAddresses
+systemMayContain: proxiedObjectName
+systemMayContain: possibleInferiors
+systemMayContain: partialAttributeSet
+systemMayContain: partialAttributeDeletionList
+systemMayContain: otherWellKnownObjects
+systemMayContain: objectVersion
+systemMayContain: objectGUID
+systemMayContain: distinguishedName
+systemMayContain: nonSecurityMemberBL
+systemMayContain: netbootSCPBL
+systemMayContain: ownerBL
+systemMayContain: msDS-ReplValueMetaData
+systemMayContain: msDS-ReplAttributeMetaData
+systemMayContain: msDS-NonMembersBL
+systemMayContain: msDS-NCReplOutboundNeighbors
+systemMayContain: msDS-NCReplInboundNeighbors
+systemMayContain: msDS-NCReplCursors
+systemMayContain: msDS-TasksForAzRoleBL
+systemMayContain: msDS-TasksForAzTaskBL
+systemMayContain: msDS-OperationsForAzRoleBL
+systemMayContain: msDS-OperationsForAzTaskBL
+systemMayContain: msDS-MembersForAzRoleBL
+systemMayContain: msDs-masteredBy
+systemMayContain: mS-DS-ConsistencyGuid
+systemMayContain: mS-DS-ConsistencyChildCount
+systemMayContain: msDS-Approx-Immed-Subordinates
+systemMayContain: msCOM-PartitionSetLink
+systemMayContain: msCOM-UserLink
+systemMayContain: modifyTimeStamp
+systemMayContain: masteredBy
+systemMayContain: managedObjects
+systemMayContain: lastKnownParent
+systemMayContain: isPrivilegeHolder
+systemMayContain: memberOf
+systemMayContain: isRecycled
+systemMayContain: isDeleted
+systemMayContain: isCriticalSystemObject
+systemMayContain: showInAdvancedViewOnly
+systemMayContain: fSMORoleOwner
+systemMayContain: fRSMemberReferenceBL
+systemMayContain: frsComputerReferenceBL
+systemMayContain: fromEntry
+systemMayContain: flags
+systemMayContain: extensionName
+systemMayContain: dSASignature
+systemMayContain: dSCorePropagationData
+systemMayContain: displayNamePrintable
+systemMayContain: displayName
+systemMayContain: description
+systemMayContain: createTimeStamp
+systemMayContain: cn
+systemMayContain: canonicalName
+systemMayContain: bridgeheadServerListBL
+systemMayContain: allowedChildClassesEffective
+systemMayContain: allowedChildClasses
+systemMayContain: allowedAttributesEffective
+systemMayContain: allowedAttributes
+systemMayContain: adminDisplayName
+systemMayContain: adminDescription
+systemMustContain: objectClass
+systemMustContain: objectCategory
+systemMustContain: nTSecurityDescriptor
+systemMustContain: instanceType
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Top,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trusted-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Trusted-Domain
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.34
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trusted-Domain
+adminDescription: Trusted-Domain
+objectClassCategory: 1
+lDAPDisplayName: trustedDomain
+schemaIDGUID:: uHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msDS-EgressClaimsTransformationPolicy
+systemMayContain: msDS-IngressClaimsTransformationPolicy
+systemMayContain: trustType
+systemMayContain: trustPosixOffset
+systemMayContain: trustPartner
+systemMayContain: trustDirection
+systemMayContain: trustAuthOutgoing
+systemMayContain: trustAuthIncoming
+systemMayContain: trustAttributes
+systemMayContain: securityIdentifier
+systemMayContain: msDS-SupportedEncryptionTypes
+systemMayContain: msDS-TrustForestTrustInfo
+systemMayContain: mS-DS-CreatorSID
+systemMayContain: initialAuthOutgoing
+systemMayContain: initialAuthIncoming
+systemMayContain: flatName
+systemMayContain: domainIdentifier
+systemMayContain: domainCrossRef
+systemMayContain: additionalTrustedServiceNames
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(OA;;WP;736e4812-af31-11d2-b7df-00805f48caeb;bf967ab8-0de6-11d0-a285-00aa003049e2;CO)(A;;SD;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Trusted-Domain,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Type-Library,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Type-Library
+subClassOf: top
+governsID: 1.2.840.113556.1.5.53
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Type-Library
+adminDescription: Type-Library
+objectClassCategory: 1
+lDAPDisplayName: typeLibrary
+schemaIDGUID:: 4hYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: classStore
+systemMayContain: cOMUniqueLIBID
+systemMayContain: cOMInterfaceID
+systemMayContain: cOMClassID
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Type-Library,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: User
+subClassOf: organizationalPerson
+governsID: 1.2.840.113556.1.5.9
+mayContain: msDS-SourceObjectDN
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: x500uniqueIdentifier
+mayContain: userSMIMECertificate
+mayContain: userPKCS12
+mayContain: uid
+mayContain: secretary
+mayContain: roomNumber
+mayContain: preferredLanguage
+mayContain: photo
+mayContain: labeledURI
+mayContain: jpegPhoto
+mayContain: homePostalAddress
+mayContain: givenName
+mayContain: employeeType
+mayContain: employeeNumber
+mayContain: displayName
+mayContain: departmentNumber
+mayContain: carLicense
+mayContain: audio
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User
+adminDescription: User
+auxiliaryClass: shadowAccount
+auxiliaryClass: posixAccount
+objectClassCategory: 1
+lDAPDisplayName: user
+schemaIDGUID:: unqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: builtinDomain
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: msDS-KeyCredentialLink
+systemMayContain: msDS-KeyPrincipalBL
+systemMayContain: msDS-AuthNPolicySiloMembersBL
+systemMayContain: msDS-AssignedAuthNPolicySilo
+systemMayContain: msDS-AssignedAuthNPolicy
+systemMayContain: msDS-SyncServerUrl
+systemMayContain: msDS-PrimaryComputer
+systemMayContain: msTSSecondaryDesktops
+systemMayContain: msTSPrimaryDesktop
+systemMayContain: msPKI-CredentialRoamingTokens
+systemMayContain: msDS-ResultantPSO
+systemMayContain: msDS-AuthenticatedAtDC
+systemMayContain: msTSInitialProgram
+systemMayContain: msTSWorkDirectory
+systemMayContain: msTSDefaultToMainPrinter
+systemMayContain: msTSConnectPrinterDrives
+systemMayContain: msTSConnectClientDrives
+systemMayContain: msTSBrokenConnectionAction
+systemMayContain: msTSReconnectionAction
+systemMayContain: msTSMaxIdleTime
+systemMayContain: msTSMaxConnectionTime
+systemMayContain: msTSMaxDisconnectionTime
+systemMayContain: msTSRemoteControl
+systemMayContain: msTSAllowLogon
+systemMayContain: msTSHomeDrive
+systemMayContain: msTSHomeDirectory
+systemMayContain: msTSProfilePath
+systemMayContain: msTSLSProperty02
+systemMayContain: msTSLSProperty01
+systemMayContain: msTSProperty02
+systemMayContain: msTSProperty01
+systemMayContain: msTSManagingLS4
+systemMayContain: msTSManagingLS3
+systemMayContain: msTSManagingLS2
+systemMayContain: msTSManagingLS
+systemMayContain: msTSLicenseVersion4
+systemMayContain: msTSLicenseVersion3
+systemMayContain: msTSLicenseVersion2
+systemMayContain: msTSLicenseVersion
+systemMayContain: msTSExpireDate4
+systemMayContain: msTSExpireDate3
+systemMayContain: msTSExpireDate2
+systemMayContain: msTSExpireDate
+systemMayContain: msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon
+systemMayContain: msDS-FailedInteractiveLogonCount
+systemMayContain: msDS-LastFailedInteractiveLogonTime
+systemMayContain: msDS-LastSuccessfulInteractiveLogonTime
+systemMayContain: msRADIUS-SavedFramedIpv6Route
+systemMayContain: msRADIUS-FramedIpv6Route
+systemMayContain: msRADIUS-SavedFramedIpv6Prefix
+systemMayContain: msRADIUS-FramedIpv6Prefix
+systemMayContain: msRADIUS-SavedFramedInterfaceId
+systemMayContain: msRADIUS-FramedInterfaceId
+systemMayContain: msPKIAccountCredentials
+systemMayContain: msPKIDPAPIMasterKeys
+systemMayContain: msPKIRoamingTimeStamp
+systemMayContain: msDS-SupportedEncryptionTypes
+systemMayContain: msDS-SecondaryKrbTgtNumber
+systemMayContain: pager
+systemMayContain: o
+systemMayContain: mobile
+systemMayContain: manager
+systemMayContain: mail
+systemMayContain: initials
+systemMayContain: homePhone
+systemMayContain: businessCategory
+systemMayContain: userCertificate
+systemMayContain: userWorkstations
+systemMayContain: userSharedFolderOther
+systemMayContain: userSharedFolder
+systemMayContain: userPrincipalName
+systemMayContain: userParameters
+systemMayContain: userAccountControl
+systemMayContain: unicodePwd
+systemMayContain: terminalServer
+systemMayContain: servicePrincipalName
+systemMayContain: scriptPath
+systemMayContain: pwdLastSet
+systemMayContain: profilePath
+systemMayContain: primaryGroupID
+systemMayContain: preferredOU
+systemMayContain: otherLoginWorkstations
+systemMayContain: operatorCount
+systemMayContain: ntPwdHistory
+systemMayContain: networkAddress
+systemMayContain: msRASSavedFramedRoute
+systemMayContain: msRASSavedFramedIPAddress
+systemMayContain: msRASSavedCallbackNumber
+systemMayContain: msRADIUSServiceType
+systemMayContain: msRADIUSFramedRoute
+systemMayContain: msRADIUSFramedIPAddress
+systemMayContain: msRADIUSCallbackNumber
+systemMayContain: msNPSavedCallingStationID
+systemMayContain: msNPCallingStationID
+systemMayContain: msNPAllowDialin
+systemMayContain: mSMQSignCertificatesMig
+systemMayContain: mSMQSignCertificates
+systemMayContain: mSMQDigestsMig
+systemMayContain: mSMQDigests
+systemMayContain: msIIS-FTPRoot
+systemMayContain: msIIS-FTPDir
+systemMayContain: msDS-UserPasswordExpiryTimeComputed
+systemMayContain: msDS-User-Account-Control-Computed
+systemMayContain: msDS-preferredDataLocation
+systemMayContain: msDS-Site-Affinity
+systemMayContain: mS-DS-CreatorSID
+systemMayContain: msDS-Cached-Membership-Time-Stamp
+systemMayContain: msDS-Cached-Membership
+systemMayContain: msDRM-IdentityCertificate
+systemMayContain: msCOM-UserPartitionSetLink
+systemMayContain: maxStorage
+systemMayContain: logonWorkstation
+systemMayContain: logonHours
+systemMayContain: logonCount
+systemMayContain: lockoutTime
+systemMayContain: localeID
+systemMayContain: lmPwdHistory
+systemMayContain: lastLogonTimestamp
+systemMayContain: lastLogon
+systemMayContain: lastLogoff
+systemMayContain: homeDrive
+systemMayContain: homeDirectory
+systemMayContain: groupsToIgnore
+systemMayContain: groupPriority
+systemMayContain: groupMembershipSAM
+systemMayContain: dynamicLDAPServer
+systemMayContain: desktopProfile
+systemMayContain: defaultClassStore
+systemMayContain: dBCSPwd
+systemMayContain: controlAccessRights
+systemMayContain: codePage
+systemMayContain: badPwdCount
+systemMayContain: badPasswordTime
+systemMayContain: adminCount
+systemMayContain: aCSPolicyName
+systemMayContain: accountExpires
+systemAuxiliaryClass: msDS-CloudExtensions
+systemAuxiliaryClass: securityPrincipal
+systemAuxiliaryClass: mailRecipient
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422-11d1-aebd-0000f80367c1;;S-1-5-32-561)(OA;;WPRP;5805bc62-bdc9-4428-a5e2-856a0f4c185e;;S-1-5-32-561)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Volume,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Volume
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.36
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Volume
+adminDescription: Volume
+objectClassCategory: 1
+lDAPDisplayName: volume
+schemaIDGUID:: u3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: lastContentIndexed
+systemMayContain: contentIndexingAllowed
+systemMustContain: uNCName
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Volume,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PosixAccount,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: PosixAccount
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.0
+mayContain: description
+mayContain: gecos
+mayContain: loginShell
+mayContain: unixUserPassword
+mayContain: userPassword
+mayContain: homeDirectory
+mayContain: unixHomeDirectory
+mayContain: gidNumber
+mayContain: uidNumber
+mayContain: cn
+mayContain: uid
+rDNAttID: uid
+showInAdvancedViewOnly: TRUE
+adminDisplayName: posixAccount
+adminDescription: Abstraction of an account with posix attributes
+objectClassCategory: 3
+lDAPDisplayName: posixAccount
+schemaIDGUID:: QbtErdVniE21dXsgZ0522A==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=PosixAccount,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowAccount,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ShadowAccount
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.1
+mayContain: shadowFlag
+mayContain: shadowExpire
+mayContain: shadowInactive
+mayContain: shadowWarning
+mayContain: shadowMax
+mayContain: shadowMin
+mayContain: shadowLastChange
+mayContain: description
+mayContain: userPassword
+mayContain: uid
+rDNAttID: uid
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowAccount
+adminDescription: Additional attributes for shadow passwords
+objectClassCategory: 3
+lDAPDisplayName: shadowAccount
+schemaIDGUID:: Z4RtWxgadEGzUJzG57SsjQ==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ShadowAccount,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PosixGroup,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: PosixGroup
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.2
+mayContain: memberUid
+mayContain: gidNumber
+mayContain: description
+mayContain: unixUserPassword
+mayContain: userPassword
+mayContain: cn
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: posixGroup
+adminDescription: Abstraction of a group of acconts
+objectClassCategory: 3
+lDAPDisplayName: posixGroup
+schemaIDGUID:: uFCTKiwG0E6ZA93hDQbeug==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=PosixGroup,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpService,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: IpService
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.3
+mustContain: ipServiceProtocol
+mustContain: ipServicePort
+mustContain: cn
+mayContain: nisMapName
+mayContain: msSFU30Aliases
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipService
+adminDescription: Abstraction of an Internet Protocol service.
+objectClassCategory: 1
+lDAPDisplayName: ipService
+schemaIDGUID:: 3/oXJZf6rUid5nmsVyH4ZA==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=IpService,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpProtocol,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: IpProtocol
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.4
+mustContain: ipProtocolNumber
+mustContain: cn
+mayContain: msSFU30Aliases
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipProtocol
+adminDescription: Abstraction of an IP protocol
+objectClassCategory: 1
+lDAPDisplayName: ipProtocol
+schemaIDGUID:: 0sstnPD7x02s4INW3NDwEw==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=IpProtocol,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OncRpc,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: OncRpc
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.5
+mustContain: oncRpcNumber
+mustContain: cn
+mayContain: msSFU30Aliases
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: oncRpc
+adminDescription: 
+ Abstraction of an Open Network Computing (ONC) [RFC1057] Remote Procedure Call
+  (RPC) binding
+objectClassCategory: 1
+lDAPDisplayName: oncRpc
+schemaIDGUID:: Xh7dyvz+P0+1qXDplCBDAw==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=OncRpc,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpHost,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: IpHost
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.6
+mayContain: manager
+mayContain: l
+mayContain: uid
+mayContain: ipHostNumber
+mayContain: description
+mayContain: cn
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipHost
+adminDescription: Abstraction of a host, an IP device.
+objectClassCategory: 3
+lDAPDisplayName: ipHost
+schemaIDGUID:: RhaRqyeIlU+HgFqPAI62jw==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=IpHost,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpNetwork,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: IpNetwork
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.7
+mustContain: ipNetworkNumber
+mustContain: cn
+mayContain: msSFU30Aliases
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: manager
+mayContain: l
+mayContain: uid
+mayContain: ipNetmaskNumber
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipNetwork
+adminDescription: 
+ Abstraction of a network. The distinguished value of the cn attribute denotes 
+ the network's cannonical name
+objectClassCategory: 1
+lDAPDisplayName: ipNetwork
+schemaIDGUID:: wzZY2T4U+0OZKrBX8eyt+Q==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=IpNetwork,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisNetgroup,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NisNetgroup
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.8
+mustContain: cn
+mayContain: msSFU30NetgroupUserAtDomain
+mayContain: msSFU30NetgroupHostAtDomain
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: nisNetgroupTriple
+mayContain: memberNisNetgroup
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: nisNetgroup
+adminDescription: Abstraction of a netgroup. May refer to other netgroups
+objectClassCategory: 1
+lDAPDisplayName: nisNetgroup
+schemaIDGUID:: hL/vcntuXEqo24p1p8rSVA==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NisNetgroup,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisMap,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NisMap
+possSuperiors: domainDNS
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.9
+mustContain: nisMapName
+mustContain: cn
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: nisMap
+adminDescription: A generic abstraction of a nis map
+objectClassCategory: 1
+lDAPDisplayName: nisMap
+schemaIDGUID:: bGZydsECM0+ez/ZJwd2bfA==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NisMap,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisObject,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NisObject
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.10
+mustContain: nisMapEntry
+mustContain: nisMapName
+mustContain: cn
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: nisObject
+adminDescription: An entry in a NIS map
+objectClassCategory: 1
+lDAPDisplayName: nisObject
+schemaIDGUID:: k4pPkFRJX0yx4VPAl6MeEw==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NisObject,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IEEE802Device,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: IEEE802Device
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.11
+mayContain: macAddress
+mayContain: cn
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ieee802Device
+adminDescription: A device with a MAC address
+objectClassCategory: 3
+lDAPDisplayName: ieee802Device
+schemaIDGUID:: KeWZpjemfUug+13EZqC4pw==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=IEEE802Device,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=BootableDevice,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: BootableDevice
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.12
+mayContain: bootFile
+mayContain: bootParameter
+mayContain: cn
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: bootableDevice
+adminDescription: A device with boot parameters
+objectClassCategory: 3
+lDAPDisplayName: bootableDevice
+schemaIDGUID:: dyTLS7NLRUWp/Ptm4Ta0NQ==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=BootableDevice,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Mail-Aliases,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: msSFU-30-Mail-Aliases
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.18.2.211
+mayContain: nisMapName
+mayContain: msSFU30Aliases
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Mail-Aliases
+adminDescription: represents UNIX mail file data
+objectClassCategory: 1
+lDAPDisplayName: msSFU30MailAliases
+schemaIDGUID:: hQdx1v+Gt0SFtfH4aJUizg==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=msSFU-30-Mail-Aliases,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Net-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: msSFU-30-Net-Id
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.18.2.212
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: msSFU30KeyValues
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Net-Id
+adminDescription: stores the netword ID
+objectClassCategory: 1
+lDAPDisplayName: msSFU30NetId
+schemaIDGUID:: LBlj4gIq30iXkpTyMoeBoA==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=msSFU-30-Net-Id,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Domain-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: msSFU-30-Domain-Info
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.18.2.215
+mayContain: msSFU30CryptMethod
+mayContain: msSFU30MaxUidNumber
+mayContain: msSFU30MaxGidNumber
+mayContain: msSFU30OrderNumber
+mayContain: msSFU30MasterServerName
+mayContain: msSFU30IsValidContainer
+mayContain: msSFU30SearchContainer
+mayContain: msSFU30YpServers
+mayContain: msSFU30Domains
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Domain-Info
+adminDescription: 
+ Represents an internal data structure used by Server for NIS.
+objectClassCategory: 1
+lDAPDisplayName: msSFU30DomainInfo
+schemaIDGUID:: zn0pNmtlI0SrZdq7J3CBng==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=msSFU-30-Domain-Info,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Network-User,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: msSFU-30-Network-User
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.18.2.216
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: msSFU30KeyValues
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Network-User
+adminDescription: represents network file data
+objectClassCategory: 1
+lDAPDisplayName: msSFU30NetworkUser
+schemaIDGUID:: ozRT4fALJ0S2chH12ErMkg==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=msSFU-30-Network-User,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-NIS-Map-Config,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: msSFU-30-NIS-Map-Config
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.18.2.217
+mayContain: msSFU30MapFilter
+mayContain: msSFU30ResultAttributes
+mayContain: msSFU30SearchAttributes
+mayContain: msSFU30IntraFieldSeparator
+mayContain: msSFU30NSMAPFieldPosition
+mayContain: msSFU30FieldSeparator
+mayContain: msSFU30KeyAttributes
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-NIS-Map-Config
+adminDescription: represents an internal Data Structure used by Server for NIS
+objectClassCategory: 1
+lDAPDisplayName: msSFU30NISMapConfig
+schemaIDGUID:: 0DP3+uv4z02NdfF1OvalCw==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=msSFU-30-NIS-Map-Config,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-80211-GroupPolicy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-net-ieee-80211-GroupPolicy
+subClassOf: top
+governsID: 1.2.840.113556.1.5.251
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-80211-GroupPolicy
+adminDescription: 
+ This class represents an 802.11 wireless network group policy object.  This cl
+ ass contains identifiers and configuration data relevant to an 802.11 wireless
+  network.
+objectClassCategory: 1
+lDAPDisplayName: ms-net-ieee-80211-GroupPolicy
+schemaIDGUID:: Yxi4HCK4eUOeol/3vcY4bQ==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemPossSuperiors: container
+systemPossSuperiors: person
+systemMayContain: ms-net-ieee-80211-GP-PolicyReserved
+systemMayContain: ms-net-ieee-80211-GP-PolicyData
+systemMayContain: ms-net-ieee-80211-GP-PolicyGUID
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-net-ieee-80211-GroupPolicy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-8023-GroupPolicy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-net-ieee-8023-GroupPolicy
+subClassOf: top
+governsID: 1.2.840.113556.1.5.252
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-8023-GroupPolicy
+adminDescription: 
+ This class represents an 802.3 wired network group policy object.  This class 
+ contains identifiers and configuration data relevant to an 802.3 wired network
+ .
+objectClassCategory: 1
+lDAPDisplayName: ms-net-ieee-8023-GroupPolicy
+schemaIDGUID:: ajqgmRmrRkSTUAy4eO0tmw==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemPossSuperiors: container
+systemPossSuperiors: person
+systemMayContain: ms-net-ieee-8023-GP-PolicyReserved
+systemMayContain: ms-net-ieee-8023-GP-PolicyData
+systemMayContain: ms-net-ieee-8023-GP-PolicyGUID
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-net-ieee-8023-GroupPolicy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FVE-RecoveryInformation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-FVE-RecoveryInformation
+subClassOf: top
+governsID: 1.2.840.113556.1.5.253
+mayContain: msFVE-VolumeGuid
+mayContain: msFVE-KeyPackage
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FVE-RecoveryInformation
+adminDescription: 
+ This class contains BitLocker recovery information including GUIDs, recovery p
+ asswords, and keys. Full Volume Encryption (FVE) was the pre-release name for 
+ BitLocker Drive Encryption.
+objectClassCategory: 1
+lDAPDisplayName: msFVE-RecoveryInformation
+schemaIDGUID:: MF1x6lOP0EC9HmEJGG14LA==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemMustContain: msFVE-RecoveryGuid
+systemMustContain: msFVE-RecoveryPassword
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-FVE-RecoveryInformation,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Deleted-Link-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFS-Deleted-Link-v2
+subClassOf: top
+governsID: 1.2.840.113556.1.5.260
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Deleted-Link-v2
+adminDescription: Deleted DFS Link in DFS namespace
+objectClassCategory: 1
+lDAPDisplayName: msDFS-DeletedLinkv2
+schemaIDGUID:: CDQXJcoE6ECGXj+c6b8b0w==
+systemOnly: FALSE
+systemPossSuperiors: msDFS-Namespacev2
+systemMayContain: msDFS-ShortNameLinkPathv2
+systemMayContain: msDFS-Commentv2
+systemMustContain: msDFS-LinkPathv2
+systemMustContain: msDFS-LastModifiedv2
+systemMustContain: msDFS-LinkIdentityGUIDv2
+systemMustContain: msDFS-NamespaceIdentityGUIDv2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFS-Deleted-Link-v2,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Link-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFS-Link-v2
+subClassOf: top
+governsID: 1.2.840.113556.1.5.259
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Link-v2
+adminDescription: DFS Link in DFS namespace
+objectClassCategory: 1
+lDAPDisplayName: msDFS-Linkv2
+schemaIDGUID:: evtpd1kRlk6czWi8SHBz6w==
+systemOnly: FALSE
+systemPossSuperiors: msDFS-Namespacev2
+systemMayContain: msDFS-ShortNameLinkPathv2
+systemMayContain: msDFS-LinkSecurityDescriptorv2
+systemMayContain: msDFS-Commentv2
+systemMustContain: msDFS-LinkPathv2
+systemMustContain: msDFS-Propertiesv2
+systemMustContain: msDFS-TargetListv2
+systemMustContain: msDFS-Ttlv2
+systemMustContain: msDFS-LastModifiedv2
+systemMustContain: msDFS-LinkIdentityGUIDv2
+systemMustContain: msDFS-NamespaceIdentityGUIDv2
+systemMustContain: msDFS-GenerationGUIDv2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFS-Link-v2,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Namespace-Anchor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFS-Namespace-Anchor
+subClassOf: top
+governsID: 1.2.840.113556.1.5.257
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Namespace-Anchor
+adminDescription: DFS namespace anchor
+objectClassCategory: 1
+lDAPDisplayName: msDFS-NamespaceAnchor
+schemaIDGUID:: haBz2mRuYU2wZAFdBBZHlQ==
+systemOnly: FALSE
+systemPossSuperiors: dfsConfiguration
+systemMustContain: msDFS-SchemaMajorVersion
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFS-Namespace-Anchor,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Namespace-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFS-Namespace-v2
+subClassOf: top
+governsID: 1.2.840.113556.1.5.258
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Namespace-v2
+adminDescription: DFS namespace
+objectClassCategory: 1
+lDAPDisplayName: msDFS-Namespacev2
+schemaIDGUID:: KIbLIcPzv0u/9gYLLY8pmg==
+systemOnly: FALSE
+systemPossSuperiors: msDFS-NamespaceAnchor
+systemMayContain: msDFS-Commentv2
+systemMustContain: msDFS-Propertiesv2
+systemMustContain: msDFS-TargetListv2
+systemMustContain: msDFS-Ttlv2
+systemMustContain: msDFS-LastModifiedv2
+systemMustContain: msDFS-NamespaceIdentityGUIDv2
+systemMustContain: msDFS-GenerationGUIDv2
+systemMustContain: msDFS-SchemaMinorVersion
+systemMustContain: msDFS-SchemaMajorVersion
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFS-Namespace-v2,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Type-Property-Base,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Claim-Type-Property-Base
+subClassOf: top
+governsID: 1.2.840.113556.1.5.269
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Type-Property-Base
+adminDescription: 
+ An abstract class that defines the base class for claim type or resource prope
+ rty classes.
+objectClassCategory: 2
+lDAPDisplayName: msDS-ClaimTypePropertyBase
+schemaIDGUID:: WC9EuJDEh0SKndgLiDJxrQ==
+systemOnly: FALSE
+systemMayContain: msDS-ClaimSharesPossibleValuesWith
+systemMayContain: Enabled
+systemMayContain: msDS-ClaimPossibleValues
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Claim-Type-Property-Base,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Types,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Claim-Types
+subClassOf: top
+governsID: 1.2.840.113556.1.5.270
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Types
+adminDescription: A container of this class can contain claim type objects.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ClaimTypes
+schemaIDGUID:: NTIJNhXHIUirarVvsoBaWA==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Claim-Types,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Resource-Properties,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Resource-Properties
+subClassOf: top
+governsID: 1.2.840.113556.1.5.271
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Resource-Properties
+adminDescription: A container of this class can contain resource properties.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ResourceProperties
+schemaIDGUID:: hEVKelCzj0es1rS4UtgswA==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Resource-Properties,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Claim-Type
+subClassOf: msDS-ClaimTypePropertyBase
+governsID: 1.2.840.113556.1.5.272
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Type
+adminDescription: 
+ An instance of this class holds the definition of a claim type that can be def
+ ined on security principals.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ClaimType
+schemaIDGUID:: fIWjgWlUj02q5sJ2mXYmBA==
+systemOnly: FALSE
+systemPossSuperiors: msDS-ClaimTypes
+systemMayContain: msDS-ClaimIsSingleValued
+systemMayContain: msDS-ClaimIsValueSpaceRestricted
+systemMayContain: msDS-ClaimValueType
+systemMayContain: msDS-ClaimSourceType
+systemMayContain: msDS-ClaimSource
+systemMayContain: msDS-ClaimTypeAppliesToClass
+systemMayContain: msDS-ClaimAttributeSource
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Claim-Type,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Resource-Property,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Resource-Property
+subClassOf: msDS-ClaimTypePropertyBase
+governsID: 1.2.840.113556.1.5.273
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Resource-Property
+adminDescription: 
+ An instance of this class holds the definition of a property on resources.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ResourceProperty
+schemaIDGUID:: Xj0oWwSElUGTOYRQGIxQGg==
+systemOnly: FALSE
+systemPossSuperiors: msDS-ResourceProperties
+systemMayContain: msDS-AppliesToResourceTypes
+systemMayContain: msDS-IsUsedAsResourceSecurityAttribute
+systemMustContain: msDS-ValueTypeReference
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Resource-Property,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Resource-Property-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Resource-Property-List
+subClassOf: top
+governsID: 1.2.840.113556.1.5.274
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Resource-Property-List
+adminDescription: 
+ An object of this class contains a list of resource properties.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ResourcePropertyList
+schemaIDGUID:: etTjckKzRU2PVrr/gDyr+Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msDS-MembersOfResourcePropertyList
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Resource-Property-List,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Activation-Objects-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-SPP-Activation-Objects-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.266
+rDNAttID: cn
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-SPP-Activation-Objects-Container
+adminDescription: 
+ Container for Activation Objects used by Active Directory based activation
+objectClassCategory: 1
+lDAPDisplayName: msSPP-ActivationObjectsContainer
+schemaIDGUID:: K4YvtyW7XU2qUWLFm9+Qrg==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: O:BAG:BAD: (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-SPP-Activation-Objects-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Activation-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-SPP-Activation-Object
+subClassOf: top
+governsID: 1.2.840.113556.1.5.267
+rDNAttID: cn
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-SPP-Activation-Object
+adminDescription: Activation Object used in Active Directory based activation
+objectClassCategory: 1
+lDAPDisplayName: msSPP-ActivationObject
+schemaIDGUID:: jOagUcUNykOTXcHJEb8u5Q==
+systemOnly: FALSE
+systemPossSuperiors: msSPP-ActivationObjectsContainer
+systemMayContain: msSPP-IssuanceLicense
+systemMayContain: msSPP-ConfigLicense
+systemMayContain: msSPP-PhoneLicense
+systemMayContain: msSPP-OnlineLicense
+systemMayContain: msSPP-ConfirmationId
+systemMayContain: msSPP-InstallationId
+systemMustContain: msSPP-KMSIds
+systemMustContain: msSPP-CSVLKSkuId
+systemMustContain: msSPP-CSVLKPartialProductKey
+systemMustContain: msSPP-CSVLKPid
+defaultSecurityDescriptor: O:BAG:BAD: (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-SPP-Activation-Object,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TPM-Information-Objects-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-TPM-Information-Objects-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.276
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: TPM-InformationObjectsContainer
+adminDescription: Container for TPM objects.
+objectClassCategory: 1
+lDAPDisplayName: msTPM-InformationObjectsContainer
+schemaIDGUID:: vagn4FZk3kWQozhZOHfudA==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: domain
+systemMustContain: cn
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;LOLCCCRP;;;DC)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-TPM-Information-Objects-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TPM-Information-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-TPM-Information-Object
+subClassOf: top
+governsID: 1.2.840.113556.1.5.275
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: TPM-InformationObject
+adminDescription: 
+ This class contains recovery information for a Trusted Platform Module (TPM) d
+ evice.
+objectClassCategory: 1
+lDAPDisplayName: msTPM-InformationObject
+schemaIDGUID:: alsEhaZHQ0KnzGiQcB9mLA==
+systemOnly: FALSE
+systemPossSuperiors: msTPM-InformationObjectsContainer
+systemMayContain: msTPM-OwnerInformationTemp
+systemMayContain: msTPM-SrkPubThumbprint
+systemMustContain: msTPM-OwnerInformation
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLO;;;DC)(A;;WP;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-TPM-Information-Object,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Server-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DNS-Server-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.4.2129
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Server-Settings
+adminDescription: A container for storing DNS server settings.
+objectClassCategory: 1
+lDAPDisplayName: msDNS-ServerSettings
+schemaIDGUID:: 7cMv7xhuW0GZ5DEUqMsSSw==
+systemOnly: FALSE
+systemPossSuperiors: server
+systemMayContain: msDNS-KeymasterZones
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DNS-Server-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Central-Access-Policies,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Authz-Central-Access-Policies
+subClassOf: top
+governsID: 1.2.840.113556.1.4.2161
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Central-Access-Policies
+adminDescription: 
+ A container of this class can contain Central Access Policy objects.
+objectClassCategory: 1
+lDAPDisplayName: msAuthz-CentralAccessPolicies
+schemaIDGUID:: wyFcVTahWkWTl3lrvTWOJQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Authz-Central-Access-Policies,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Central-Access-Rules,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Authz-Central-Access-Rules
+subClassOf: top
+governsID: 1.2.840.113556.1.4.2162
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Central-Access-Rules
+adminDescription: 
+ A container of this class can contain Central Access Policy Entry objects.
+objectClassCategory: 1
+lDAPDisplayName: msAuthz-CentralAccessRules
+schemaIDGUID:: ehu7mW1gi0+ADuFb5VTKjQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Authz-Central-Access-Rules,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Central-Access-Rule,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Authz-Central-Access-Rule
+subClassOf: top
+governsID: 1.2.840.113556.1.4.2163
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Central-Access-Rule
+adminDescription: 
+ A class that defines Central Access Rules used to construct a central access p
+ olicy.
+objectClassCategory: 1
+lDAPDisplayName: msAuthz-CentralAccessRule
+schemaIDGUID:: 3AZKWxwl206IEwvdcTJyJg==
+systemOnly: FALSE
+systemPossSuperiors: msAuthz-CentralAccessRules
+systemMayContain: msAuthz-MemberRulesInCentralAccessPolicyBL
+systemMayContain: msAuthz-ResourceCondition
+systemMayContain: msAuthz-LastEffectiveSecurityPolicy
+systemMayContain: msAuthz-ProposedSecurityPolicy
+systemMayContain: msAuthz-EffectiveSecurityPolicy
+systemMayContain: Enabled
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Authz-Central-Access-Rule,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Central-Access-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Authz-Central-Access-Policy
+subClassOf: top
+governsID: 1.2.840.113556.1.4.2164
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Central-Access-Policy
+adminDescription: A class that defines Central Access Policy objects.
+objectClassCategory: 1
+lDAPDisplayName: msAuthz-CentralAccessPolicy
+schemaIDGUID:: sJxnpZ1vLEOLdR4+g08Cqg==
+systemOnly: FALSE
+systemPossSuperiors: msAuthz-CentralAccessPolicies
+systemMayContain: msAuthz-MemberRulesInCentralAccessPolicy
+systemMayContain: msAuthz-CentralAccessPolicyID
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Authz-Central-Access-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-Prov-ServerConfiguration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Kds-Prov-ServerConfiguration
+subClassOf: top
+governsID: 1.2.840.113556.1.5.277
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-Prov-ServerConfiguration
+adminDescription: Configuration for the Group Key Distribution Service.
+objectClassCategory: 1
+lDAPDisplayName: msKds-ProvServerConfiguration
+schemaIDGUID:: qEPyXiUqpkWLcwinGuZ3zg==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msKds-PrivateKeyLength
+systemMayContain: msKds-PublicKeyLength
+systemMayContain: msKds-SecretAgreementParam
+systemMayContain: msKds-SecretAgreementAlgorithmID
+systemMayContain: msKds-KDFParam
+systemMayContain: msKds-KDFAlgorithmID
+systemMustContain: msKds-Version
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Kds-Prov-ServerConfiguration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-Prov-RootKey,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Kds-Prov-RootKey
+subClassOf: top
+governsID: 1.2.840.113556.1.5.278
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-Prov-RootKey
+adminDescription: Root keys for the Group Key Distribution Service.
+objectClassCategory: 1
+lDAPDisplayName: msKds-ProvRootKey
+schemaIDGUID:: Qf0CquAXGE+Gh7Ijlklzaw==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msKds-SecretAgreementParam
+systemMayContain: msKds-KDFParam
+systemMustContain: msKds-CreateTime
+systemMustContain: msKds-RootKeyData
+systemMustContain: msKds-PrivateKeyLength
+systemMustContain: msKds-PublicKeyLength
+systemMustContain: msKds-SecretAgreementAlgorithmID
+systemMustContain: msKds-KDFAlgorithmID
+systemMustContain: msKds-UseStartTime
+systemMustContain: msKds-DomainID
+systemMustContain: msKds-Version
+systemMustContain: cn
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Kds-Prov-RootKey,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Group-Managed-Service-Account,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Group-Managed-Service-Account
+subClassOf: computer
+governsID: 1.2.840.113556.1.5.282
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-Group-Managed-Service-Account
+adminDescription: 
+ The group managed service account class is used to create an account which can
+  be shared by different computers to run Windows services.
+objectClassCategory: 1
+lDAPDisplayName: msDS-GroupManagedServiceAccount
+schemaIDGUID:: ilWLe6WT90qtysAX5n8QVw==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemPossSuperiors: container
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: msDS-GroupMSAMembership
+systemMayContain: msDS-ManagedPasswordPreviousId
+systemMayContain: msDS-ManagedPasswordId
+systemMayContain: msDS-ManagedPassword
+systemMustContain: msDS-ManagedPasswordInterval
+defaultSecurityDescriptor: D:(OD;;CR;00299570-246d-11d0-a768-00aa006e0529;;WD)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCRLCLORCSDDT;;;CO)(OA;;WP;4c164200-20c0-11d0-a768-00aa006e0529;;CO)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO)(OA;;WP;3e0abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967950-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)(A;;RPLCLORC;;;AU)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;RP;e362ed86-b728-0842-b27d-2dea7a9df218;;WD)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Group-Managed-Service-Account,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Value-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Value-Type
+subClassOf: top
+governsID: 1.2.840.113556.1.5.279
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Value-Type
+adminDescription: 
+ An value type object holds value type information for a resource property.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ValueType
+schemaIDGUID:: 33/C4x2wTk+H5wVu7w65Ig==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMustContain: msDS-IsPossibleValuesPresent
+systemMustContain: msDS-ClaimIsSingleValued
+systemMustContain: msDS-ClaimIsValueSpaceRestricted
+systemMustContain: msDS-ClaimValueType
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Value-Type,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claims-Transformation-Policy-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Claims-Transformation-Policy-Type
+subClassOf: top
+governsID: 1.2.840.113556.1.5.280
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claims-Transformation-Policy-Type
+adminDescription: 
+ An object of this class holds the one set of Claims Transformation Policy for 
+ Cross-Forest Claims Transformation.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ClaimsTransformationPolicyType
+schemaIDGUID:: s2LrLnMTRf6BATh/Fnbtxw==
+systemOnly: FALSE
+systemPossSuperiors: msDS-ClaimsTransformationPolicies
+systemMayContain: msDS-TransformationRulesCompiled
+systemMayContain: msDS-TransformationRules
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Claims-Transformation-Policy-Type,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claims-Transformation-Policies,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Claims-Transformation-Policies
+subClassOf: top
+governsID: 1.2.840.113556.1.5.281
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claims-Transformation-Policies
+adminDescription: 
+ An object of this class holds the one set of Claims Transformation Policy for 
+ Cross-Forest Claims Transformation.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ClaimsTransformationPolicies
+schemaIDGUID:: san8yIh9T7uCekSJJ3EHYg==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Claims-Transformation-Policies,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Cloud-Extensions,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Cloud-Extensions
+subClassOf: top
+governsID: 1.2.840.113556.1.5.283
+mayContain: msDS-cloudExtensionAttribute20
+mayContain: msDS-cloudExtensionAttribute19
+mayContain: msDS-cloudExtensionAttribute18
+mayContain: msDS-cloudExtensionAttribute17
+mayContain: msDS-cloudExtensionAttribute16
+mayContain: msDS-cloudExtensionAttribute15
+mayContain: msDS-cloudExtensionAttribute14
+mayContain: msDS-cloudExtensionAttribute13
+mayContain: msDS-cloudExtensionAttribute12
+mayContain: msDS-cloudExtensionAttribute11
+mayContain: msDS-cloudExtensionAttribute10
+mayContain: msDS-cloudExtensionAttribute9
+mayContain: msDS-cloudExtensionAttribute8
+mayContain: msDS-cloudExtensionAttribute7
+mayContain: msDS-cloudExtensionAttribute6
+mayContain: msDS-cloudExtensionAttribute5
+mayContain: msDS-cloudExtensionAttribute4
+mayContain: msDS-cloudExtensionAttribute3
+mayContain: msDS-cloudExtensionAttribute2
+mayContain: msDS-cloudExtensionAttribute1
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Cloud-Extensions
+adminDescription: 
+ A collection of attributes used to house arbitrary cloud-relevant strings.
+objectClassCategory: 3
+lDAPDisplayName: msDS-CloudExtensions
+schemaIDGUID:: pIceZCaDcUe6LccG3zXjWg==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Cloud-Extensions,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-Registration-Service-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Device-Registration-Service-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.287
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-Registration-Service-Container
+adminDescription: 
+ A class for the container used to house all enrollment services used for devic
+ e registrations.
+objectClassCategory: 1
+lDAPDisplayName: msDS-DeviceRegistrationServiceContainer
+schemaIDGUID:: zlULMc09kkOpbcnjU5fCTw==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Device-Registration-Service-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-Registration-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Device-Registration-Service
+subClassOf: top
+governsID: 1.2.840.113556.1.5.284
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-Registration-Service
+adminDescription: 
+ An object of this class holds the registration service configuration used for 
+ devices.
+objectClassCategory: 1
+lDAPDisplayName: msDS-DeviceRegistrationService
+schemaIDGUID:: Gjq8ltLj00mvEXsN951n9Q==
+systemOnly: FALSE
+systemPossSuperiors: msDS-DeviceRegistrationServiceContainer
+systemMayContain: msDS-CloudIsEnabled
+systemMayContain: msDS-CloudIssuerPublicCertificates
+systemMayContain: msDS-IssuerPublicCertificates
+systemMayContain: msDS-MaximumRegistrationInactivityPeriod
+systemMayContain: msDS-RegistrationQuota
+systemMayContain: msDS-IssuerCertificates
+systemMustContain: msDS-DeviceLocation
+systemMustContain: msDS-IsEnabled
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Device-Registration-Service,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Device-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.289
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-Container
+adminDescription: A class for the container used to hold device objects.
+objectClassCategory: 1
+lDAPDisplayName: msDS-DeviceContainer
+schemaIDGUID:: WIyefBuQqE627E656fwOEQ==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Device-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Device
+subClassOf: top
+governsID: 1.2.840.113556.1.5.286
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device
+adminDescription: An object of this type represents a registered device.
+objectClassCategory: 1
+lDAPDisplayName: msDS-Device
+schemaIDGUID:: c7byXUFtdEez6NUujun/mQ==
+systemOnly: FALSE
+systemPossSuperiors: msDS-DeviceContainer
+systemMayContain: msDS-KeyCredentialLink
+systemMayContain: msDS-ComputerSID
+systemMayContain: msDS-DeviceTrustType
+systemMayContain: msDS-IsCompliant
+systemMayContain: msDS-DeviceMDMStatus
+systemMayContain: msDS-CloudAnchor
+systemMayContain: msDS-CloudIsManaged
+systemMayContain: msDS-IsManaged
+systemMayContain: msDS-DeviceObjectVersion
+systemMayContain: msDS-RegisteredOwner
+systemMayContain: msDS-RegisteredUsers
+systemMayContain: msDS-DevicePhysicalIDs
+systemMayContain: msDS-DeviceOSVersion
+systemMayContain: msDS-DeviceOSType
+systemMayContain: msDS-ApproximateLastLogonTimeStamp
+systemMustContain: msDS-DeviceID
+systemMustContain: msDS-IsEnabled
+systemMustContain: altSecurityIdentities
+systemMustContain: displayName
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Device,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthN-Policy-Silos,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-AuthN-Policy-Silos
+subClassOf: top
+governsID: 1.2.840.113556.1.5.291
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication Policy Silos
+adminDescription: 
+ A container of this class can contain authentication policy silo objects.
+objectClassCategory: 1
+lDAPDisplayName: msDS-AuthNPolicySilos
+schemaIDGUID:: Ckex0oSPHkmnUrQB7gD+XA==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-AuthN-Policy-Silos,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthN-Policies,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-AuthN-Policies
+subClassOf: top
+governsID: 1.2.840.113556.1.5.293
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication Policies
+adminDescription: 
+ A container of this class can contain authentication policy objects.
+objectClassCategory: 1
+lDAPDisplayName: msDS-AuthNPolicies
+schemaIDGUID:: Xd+aOpd7fk+rtOW1XBwGtA==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-AuthN-Policies,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthN-Policy-Silo,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-AuthN-Policy-Silo
+subClassOf: top
+governsID: 1.2.840.113556.1.5.292
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication Policy Silo
+adminDescription: 
+ An instance of this class defines authentication policies and related behavior
+ s for assigned users, computers, and services.
+objectClassCategory: 1
+lDAPDisplayName: msDS-AuthNPolicySilo
+schemaIDGUID:: Hkbw+X1piUaSmTfmHWF7DQ==
+systemOnly: FALSE
+systemPossSuperiors: msDS-AuthNPolicySilos
+systemMayContain: msDS-AuthNPolicySiloEnforced
+systemMayContain: msDS-AssignedAuthNPolicySiloBL
+systemMayContain: msDS-ServiceAuthNPolicy
+systemMayContain: msDS-ComputerAuthNPolicy
+systemMayContain: msDS-UserAuthNPolicy
+systemMayContain: msDS-AuthNPolicySiloMembers
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-AuthN-Policy-Silo,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthN-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-AuthN-Policy
+subClassOf: top
+governsID: 1.2.840.113556.1.5.294
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication Policy
+adminDescription: 
+ An instance of this class defines authentication policy behaviors for assigned
+  principals.
+objectClassCategory: 1
+lDAPDisplayName: msDS-AuthNPolicy
+schemaIDGUID:: VhFqq8dN9UCRgI5M5C/lzQ==
+systemOnly: FALSE
+systemPossSuperiors: msDS-AuthNPolicies
+systemMayContain: msDS-StrongNTLMPolicy
+systemMayContain: msDS-ServiceAllowedNTLMNetworkAuthentication
+systemMayContain: msDS-UserAllowedNTLMNetworkAuthentication
+systemMayContain: msDS-AuthNPolicyEnforced
+systemMayContain: msDS-AssignedAuthNPolicyBL
+systemMayContain: msDS-ServiceAuthNPolicyBL
+systemMayContain: msDS-ComputerAuthNPolicyBL
+systemMayContain: msDS-UserAuthNPolicyBL
+systemMayContain: msDS-ServiceTGTLifetime
+systemMayContain: msDS-ServiceAllowedToAuthenticateFrom
+systemMayContain: msDS-ServiceAllowedToAuthenticateTo
+systemMayContain: msDS-ComputerTGTLifetime
+systemMayContain: msDS-ComputerAllowedToAuthenticateTo
+systemMayContain: msDS-UserTGTLifetime
+systemMayContain: msDS-UserAllowedToAuthenticateFrom
+systemMayContain: msDS-UserAllowedToAuthenticateTo
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-AuthN-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Key-Credential,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Key-Credential
+subClassOf: top
+governsID: 1.2.840.113556.1.5.297
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-KeyCredential
+adminDescription: An instance of this class contains key material.
+objectClassCategory: 1
+lDAPDisplayName: msDS-KeyCredential
+schemaIDGUID:: Q1Uf7i58akeLP+EfSvbEmA==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msDS-DeviceID
+systemMayContain: msDS-KeyApproximateLastLogonTimeStamp
+systemMayContain: msDS-CustomKeyInformation
+systemMayContain: msDS-ComputerSID
+systemMayContain: msDS-DeviceDN
+systemMayContain: msDS-KeyPrincipal
+systemMayContain: msDS-KeyUsage
+systemMayContain: msDS-KeyMaterial
+systemMustContain: msDS-KeyId
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Key-Credential,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Shadow-Principal-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Shadow-Principal-Container
+subClassOf: container
+governsID: 1.2.840.113556.1.5.298
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Shadow-Principal-Container
+adminDescription: Dedicated container for msDS-ShadowPrincipal objects.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ShadowPrincipalContainer
+schemaIDGUID:: RVX5ERLXUEy4R9J4FTfGMw==
+systemOnly: FALSE
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Shadow-Principal-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Shadow-Principal,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Shadow-Principal
+subClassOf: top
+governsID: 1.2.840.113556.1.5.299
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Shadow-Principal
+adminDescription: Represents a principal from an external forest.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ShadowPrincipal
+schemaIDGUID:: s0wPd0MWnEa3Zu3XeqdeFA==
+systemOnly: FALSE
+systemPossSuperiors: msDS-ShadowPrincipalContainer
+systemMayContain: member
+systemMustContain: msDS-ShadowPrincipalSid
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Shadow-Principal,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Zone-Scope-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Dns-Zone-Scope-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.300
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Zone-Scope-Container
+adminDescription: Container for Dns Zone Scope objects.
+objectClassCategory: 1
+lDAPDisplayName: dnsZoneScopeContainer
+schemaIDGUID:: k5Bp8lryIEKd6wPfTMSpxQ==
+systemOnly: FALSE
+systemPossSuperiors: dnsZone
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;ED)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;CC;;;AU)(A;;RPLCLORC;;;WD)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Dns-Zone-Scope-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Zone-Scope,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Dns-Zone-Scope
+subClassOf: top
+governsID: 1.2.840.113556.1.5.301
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Zone-Scope
+adminDescription: 
+ A zonescope of a zone is another copy of the zone contained in the zone with d
+ ifferent set of resource records.
+objectClassCategory: 1
+lDAPDisplayName: dnsZoneScope
+schemaIDGUID:: YYpvaT8tzkCks+J138xJxQ==
+systemOnly: FALSE
+systemPossSuperiors: dnsZoneScopeContainer
+systemMayContain: managedBy
+systemMayContain: dNSProperty
+systemMustContain: dc
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;ED)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;CC;;;AU)(A;;RPLCLORC;;;WD)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Dns-Zone-Scope,CN=Schema,CN=Configuration,DC=X
+
diff --git a/source4/setup/ad-schema/AD_DS_Classes__Windows_Server_2012_R2.ldf b/source4/setup/ad-schema/AD_DS_Classes__Windows_Server_2012_R2.ldf
new file mode 100644
index 0000000..1ac0a1b
--- /dev/null
+++ b/source4/setup/ad-schema/AD_DS_Classes__Windows_Server_2012_R2.ldf
@@ -0,0 +1,8875 @@
+# Intellectual Property Rights Notice for Open Specifications Documentation
+# - Technical Documentation. Microsoft publishes Open Specifications documentation for protocols, file formats, languages, standards as well as overviews of the interaction among each of these technologies. 
+# - Copyrights. This documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you may make copies of it in order to develop implementations of the technologies described in the Open Specifications and may distribute portions of it in your implementations using these technologies or your documentation as necessary to properly document the implementation. You may also distribute in your implementation, with or without modification, any schema, IDL’s, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the Open Specifications. 
+# - No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation.
+# - Patents. Microsoft has patents that may cover your implementations of the technologies described in the Open Specifications. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, a given Open Specification may be covered by Microsoft's Open Specification Promise (available here: http://www.microsoft.com/openspecifications/en/us/programs/osp/default.aspx) or the Community Promise (available here: http://www.microsoft.com/openspecifications/en/us/programs/community-promise/default.aspx). If you would prefer a written license, or if the technologies described in the Open Specifications are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting iplg@microsoft.com.
+# - Trademarks. The names of companies and products contained in this documentation may be covered by trademarks or similar intellectual property rights. This notice does not grant any licenses under those rights.
+# - Fictitious Names. The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in this documentation are fictitious.  No association with any real company, organization, product, domain name, email address, logo, person, place, or event is intended or should be inferred.
+# Reservation of Rights. All other rights are reserved, and this notice does not grant any rights other than specifically described above, whether by implication, estoppel, or otherwise.
+# Tools. The Open Specifications do not require the use of Microsoft programming tools or programming environments in order for you to develop an implementation. If you have access to Microsoft programming tools and environments you are free to take advantage of them. Certain Open Specifications are intended for use in conjunction with publicly available standard specifications and network programming art, and assumes that the reader either is familiar with the aforementioned material or has immediate access to it.
+
+# The following class schema definitions were generated from the Windows Server 2012 R2 version of Active Directory Domain Services (AD DS). 
+
+dn: CN=Organization,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Organization
+subClassOf: top
+governsID: 2.5.6.4
+rDNAttID: o
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Organization
+adminDescription: Organization
+objectClassCategory: 1
+lDAPDisplayName: organization
+schemaIDGUID:: o3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: locality
+systemPossSuperiors: country
+systemPossSuperiors: domainDNS
+systemMayContain: x121Address
+systemMayContain: userPassword
+systemMayContain: telexNumber
+systemMayContain: teletexTerminalIdentifier
+systemMayContain: telephoneNumber
+systemMayContain: street
+systemMayContain: st
+systemMayContain: seeAlso
+systemMayContain: searchGuide
+systemMayContain: registeredAddress
+systemMayContain: preferredDeliveryMethod
+systemMayContain: postalCode
+systemMayContain: postalAddress
+systemMayContain: postOfficeBox
+systemMayContain: physicalDeliveryOfficeName
+systemMayContain: l
+systemMayContain: internationalISDNNumber
+systemMayContain: facsimileTelephoneNumber
+systemMayContain: destinationIndicator
+systemMayContain: businessCategory
+systemMustContain: o
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Organization,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTDS-DSA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTDS-DSA
+subClassOf: applicationSettings
+governsID: 1.2.840.113556.1.5.7000.47
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTDS-DSA
+adminDescription: NTDS-DSA
+objectClassCategory: 1
+lDAPDisplayName: nTDSDSA
+schemaIDGUID:: q//48JER0BGgYACqAGwz7Q==
+systemOnly: TRUE
+systemPossSuperiors: organization
+systemPossSuperiors: server
+systemMayContain: msDS-EnabledFeature
+systemMayContain: msDS-IsUserCachableAtRodc
+systemMayContain: msDS-SiteName
+systemMayContain: msDS-isRODC
+systemMayContain: msDS-isGC
+systemMayContain: msDS-RevealedUsers
+systemMayContain: msDS-RevealOnDemandGroup
+systemMayContain: msDS-NeverRevealGroup
+systemMayContain: msDS-hasFullReplicaNCs
+systemMayContain: serverReference
+systemMayContain: msDS-RetiredReplNCSignatures
+systemMayContain: retiredReplDSASignatures
+systemMayContain: queryPolicyObject
+systemMayContain: options
+systemMayContain: networkAddress
+systemMayContain: msDS-ReplicationEpoch
+systemMayContain: msDS-HasInstantiatedNCs
+systemMayContain: msDS-hasMasterNCs
+systemMayContain: msDS-HasDomainNCs
+systemMayContain: msDS-Behavior-Version
+systemMayContain: managedBy
+systemMayContain: lastBackupRestorationTime
+systemMayContain: invocationId
+systemMayContain: hasPartialReplicaNCs
+systemMayContain: hasMasterNCs
+systemMayContain: fRSRootPath
+systemMayContain: dMDLocation
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTDS-DSA,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DMD,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: DMD
+subClassOf: top
+governsID: 1.2.840.113556.1.3.9
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DMD
+adminDescription: DMD
+objectClassCategory: 1
+lDAPDisplayName: dMD
+schemaIDGUID:: j3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemPossSuperiors: configuration
+systemMayContain: msDS-USNLastSyncSuccess
+systemMayContain: schemaUpdate
+systemMayContain: schemaInfo
+systemMayContain: prefixMap
+systemMayContain: msDs-Schema-Extensions
+systemMayContain: msDS-IntId
+systemMayContain: dmdName
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=DMD,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SubSchema,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: SubSchema
+subClassOf: top
+governsID: 2.5.20.1
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SubSchema
+adminDescription: SubSchema
+objectClassCategory: 1
+lDAPDisplayName: subSchema
+schemaIDGUID:: YTKLWo3D0RG7yQCAx2ZwwA==
+systemOnly: TRUE
+systemPossSuperiors: dMD
+systemMayContain: objectClasses
+systemMayContain: modifyTimeStamp
+systemMayContain: extendedClassInfo
+systemMayContain: extendedAttributeInfo
+systemMayContain: dITContentRules
+systemMayContain: attributeTypes
+defaultSecurityDescriptor: D:S:
+systemFlags: 134217744
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=SubSchema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Attribute-Schema
+subClassOf: top
+governsID: 1.2.840.113556.1.3.14
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Attribute-Schema
+adminDescription: Attribute-Schema
+objectClassCategory: 1
+lDAPDisplayName: attributeSchema
+schemaIDGUID:: gHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: dMD
+systemMayContain: systemOnly
+systemMayContain: searchFlags
+systemMayContain: schemaFlagsEx
+systemMayContain: rangeUpper
+systemMayContain: rangeLower
+systemMayContain: oMObjectClass
+systemMayContain: msDs-Schema-Extensions
+systemMayContain: msDS-IntId
+systemMayContain: mAPIID
+systemMayContain: linkID
+systemMayContain: isMemberOfPartialAttributeSet
+systemMayContain: isEphemeral
+systemMayContain: isDefunct
+systemMayContain: extendedCharsAllowed
+systemMayContain: classDisplayName
+systemMayContain: attributeSecurityGUID
+systemMustContain: schemaIDGUID
+systemMustContain: oMSyntax
+systemMustContain: lDAPDisplayName
+systemMustContain: isSingleValued
+systemMustContain: cn
+systemMustContain: attributeSyntax
+systemMustContain: attributeID
+defaultSecurityDescriptor: D:S:
+systemFlags: 134217744
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=account,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: account
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 0.9.2342.19200300.100.4.5
+mayContain: uid
+mayContain: host
+mayContain: ou
+mayContain: o
+mayContain: l
+mayContain: seeAlso
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: account
+adminDescription: 
+ The account object class is used to define entries representing computer accou
+ nts.
+objectClassCategory: 1
+lDAPDisplayName: account
+schemaIDGUID:: aqQoJq2m4Eq4VCsS2f5vng==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=account,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Class-Schema
+subClassOf: top
+governsID: 1.2.840.113556.1.3.13
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Class-Schema
+adminDescription: Class-Schema
+objectClassCategory: 1
+lDAPDisplayName: classSchema
+schemaIDGUID:: g3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: dMD
+systemMayContain: systemPossSuperiors
+systemMayContain: systemOnly
+systemMayContain: systemMustContain
+systemMayContain: systemMayContain
+systemMayContain: systemAuxiliaryClass
+systemMayContain: schemaFlagsEx
+systemMayContain: rDNAttID
+systemMayContain: possSuperiors
+systemMayContain: mustContain
+systemMayContain: msDs-Schema-Extensions
+systemMayContain: msDS-IntId
+systemMayContain: mayContain
+systemMayContain: lDAPDisplayName
+systemMayContain: isDefunct
+systemMayContain: defaultSecurityDescriptor
+systemMayContain: defaultHidingValue
+systemMayContain: classDisplayName
+systemMayContain: auxiliaryClass
+systemMustContain: subClassOf
+systemMustContain: schemaIDGUID
+systemMustContain: objectClassCategory
+systemMustContain: governsID
+systemMustContain: defaultObjectCategory
+systemMustContain: cn
+defaultSecurityDescriptor: D:S:
+systemFlags: 134217744
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ACS-Policy
+subClassOf: top
+governsID: 1.2.840.113556.1.5.137
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Policy
+adminDescription: ACS-Policy
+objectClassCategory: 1
+lDAPDisplayName: aCSPolicy
+schemaIDGUID:: iBJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: aCSTotalNoOfFlows
+systemMayContain: aCSTimeOfDay
+systemMayContain: aCSServiceType
+systemMayContain: aCSPriority
+systemMayContain: aCSPermissionBits
+systemMayContain: aCSMinimumDelayVariation
+systemMayContain: aCSMinimumLatency
+systemMayContain: aCSMaximumSDUSize
+systemMayContain: aCSMinimumPolicedSize
+systemMayContain: aCSMaxTokenRatePerFlow
+systemMayContain: aCSMaxTokenBucketPerFlow
+systemMayContain: aCSMaxPeakBandwidthPerFlow
+systemMayContain: aCSMaxDurationPerFlow
+systemMayContain: aCSMaxAggregatePeakRatePerUser
+systemMayContain: aCSIdentityName
+systemMayContain: aCSDirection
+systemMayContain: aCSAggregateTokenRatePerUser
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ACS-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Resource-Limits,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ACS-Resource-Limits
+subClassOf: top
+governsID: 1.2.840.113556.1.5.191
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Resource-Limits
+adminDescription: ACS-Resource-Limits
+objectClassCategory: 1
+lDAPDisplayName: aCSResourceLimits
+schemaIDGUID:: BJuJLjQo0xGR1AAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: aCSMaxTokenRatePerFlow
+systemMayContain: aCSServiceType
+systemMayContain: aCSMaxPeakBandwidthPerFlow
+systemMayContain: aCSMaxPeakBandwidth
+systemMayContain: aCSAllocableRSVPBandwidth
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ACS-Resource-Limits,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Subnet,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ACS-Subnet
+subClassOf: top
+governsID: 1.2.840.113556.1.5.138
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Subnet
+adminDescription: ACS-Subnet
+objectClassCategory: 1
+lDAPDisplayName: aCSSubnet
+schemaIDGUID:: iRJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: aCSServerList
+systemMayContain: aCSRSVPLogFilesLocation
+systemMayContain: aCSRSVPAccountFilesLocation
+systemMayContain: aCSNonReservedTxSize
+systemMayContain: aCSNonReservedTxLimit
+systemMayContain: aCSNonReservedTokenSize
+systemMayContain: aCSNonReservedPeakRate
+systemMayContain: aCSNonReservedMinPolicedSize
+systemMayContain: aCSNonReservedMaxSDUSize
+systemMayContain: aCSMaxTokenRatePerFlow
+systemMayContain: aCSMaxSizeOfRSVPLogFile
+systemMayContain: aCSMaxSizeOfRSVPAccountFile
+systemMayContain: aCSMaxPeakBandwidthPerFlow
+systemMayContain: aCSMaxPeakBandwidth
+systemMayContain: aCSMaxNoOfLogFiles
+systemMayContain: aCSMaxNoOfAccountFiles
+systemMayContain: aCSMaxDurationPerFlow
+systemMayContain: aCSEventLogLevel
+systemMayContain: aCSEnableRSVPMessageLogging
+systemMayContain: aCSEnableRSVPAccounting
+systemMayContain: aCSEnableACSService
+systemMayContain: aCSDSBMRefresh
+systemMayContain: aCSDSBMPriority
+systemMayContain: aCSDSBMDeadTime
+systemMayContain: aCSCacheTimeout
+systemMayContain: aCSAllocableRSVPBandwidth
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ACS-Subnet,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Book-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Address-Book-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.125
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Book-Container
+adminDescription: Address-Book-Container
+objectClassCategory: 1
+lDAPDisplayName: addressBookContainer
+schemaIDGUID:: D/Z0PnM+0RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: addressBookContainer
+systemPossSuperiors: configuration
+systemMayContain: purportedSearch
+systemMustContain: displayName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(OA;;CR;a1990816-4298-11d1-ade2-00c04fd8d5cd;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Address-Book-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Template,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Address-Template
+subClassOf: displayTemplate
+governsID: 1.2.840.113556.1.3.58
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Template
+adminDescription: Address-Template
+objectClassCategory: 1
+lDAPDisplayName: addressTemplate
+schemaIDGUID:: CiXUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: proxyGenerationEnabled
+systemMayContain: perRecipDialogDisplayTable
+systemMayContain: perMsgDialogDisplayTable
+systemMayContain: addressType
+systemMayContain: addressSyntax
+systemMustContain: displayName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Address-Template,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Application-Entity,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Application-Entity
+subClassOf: top
+governsID: 2.5.6.12
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Application-Entity
+adminDescription: Application-Entity
+objectClassCategory: 1
+lDAPDisplayName: applicationEntity
+schemaIDGUID:: T+7fP/RH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: applicationProcess
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: supportedApplicationContext
+systemMayContain: seeAlso
+systemMayContain: ou
+systemMayContain: o
+systemMayContain: l
+systemMustContain: presentationAddress
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Application-Entity,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Application-Process,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Application-Process
+subClassOf: top
+governsID: 2.5.6.11
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Application-Process
+adminDescription: Application-Process
+objectClassCategory: 1
+lDAPDisplayName: applicationProcess
+schemaIDGUID:: CyXUX2IS0BGgYACqAGwz7Q==
+systemOnly: TRUE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: organization
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemMayContain: seeAlso
+systemMayContain: ou
+systemMayContain: l
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Application-Process,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Application-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Application-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.5.7000.49
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Application-Settings
+adminDescription: Application-Settings
+objectClassCategory: 2
+lDAPDisplayName: applicationSettings
+schemaIDGUID:: wayA9/BW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: server
+systemMayContain: notificationList
+systemMayContain: msDS-Settings
+systemMayContain: applicationName
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Application-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Application-Site-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Application-Site-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.5.68
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Application-Site-Settings
+adminDescription: Application-Site-Settings
+objectClassCategory: 2
+lDAPDisplayName: applicationSiteSettings
+schemaIDGUID:: XFoZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: site
+systemMayContain: notificationList
+systemMayContain: applicationName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Application-Site-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Application-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Application-Version
+possSuperiors: organizationalUnit
+possSuperiors: computer
+possSuperiors: container
+subClassOf: applicationSettings
+governsID: 1.2.840.113556.1.5.216
+mayContain: owner
+mayContain: managedBy
+mayContain: keywords
+mayContain: versionNumberLo
+mayContain: versionNumberHi
+mayContain: versionNumber
+mayContain: vendor
+mayContain: appSchemaVersion
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Application-Version
+adminDescription: 
+ Stores versioning information for an application and its schema.
+objectClassCategory: 1
+lDAPDisplayName: applicationVersion
+schemaIDGUID:: rJDH3U2vKkSPD6HUyqfdkg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 0
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Application-Version,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Builtin-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Builtin-Domain
+subClassOf: top
+governsID: 1.2.840.113556.1.5.4
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Builtin-Domain
+adminDescription: Builtin-Domain
+objectClassCategory: 1
+lDAPDisplayName: builtinDomain
+schemaIDGUID:: gXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemAuxiliaryClass: samDomainBase
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Builtin-Domain,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Category-Registration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Category-Registration
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.74
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Category-Registration
+adminDescription: Category-Registration
+objectClassCategory: 1
+lDAPDisplayName: categoryRegistration
+schemaIDGUID:: nQ5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: classStore
+systemMayContain: managedBy
+systemMayContain: localizedDescription
+systemMayContain: localeID
+systemMayContain: categoryId
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Category-Registration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Certification-Authority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Certification-Authority
+subClassOf: top
+governsID: 2.5.6.16
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Certification-Authority
+adminDescription: Certification-Authority
+objectClassCategory: 0
+lDAPDisplayName: certificationAuthority
+schemaIDGUID:: UO7fP/RH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: teletexTerminalIdentifier
+systemMayContain: supportedApplicationContext
+systemMayContain: signatureAlgorithms
+systemMayContain: searchGuide
+systemMayContain: previousParentCA
+systemMayContain: previousCACertificates
+systemMayContain: pendingParentCA
+systemMayContain: pendingCACertificates
+systemMayContain: parentCACertificateChain
+systemMayContain: parentCA
+systemMayContain: enrollmentProviders
+systemMayContain: domainPolicyObject
+systemMayContain: domainID
+systemMayContain: dNSHostName
+systemMayContain: deltaRevocationList
+systemMayContain: currentParentCA
+systemMayContain: crossCertificatePair
+systemMayContain: cRLObject
+systemMayContain: certificateTemplates
+systemMayContain: cAWEBURL
+systemMayContain: cAUsages
+systemMayContain: cAConnect
+systemMayContain: cACertificateDN
+systemMustContain: cn
+systemMustContain: certificateRevocationList
+systemMustContain: cACertificate
+systemMustContain: authorityRevocationList
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Certification-Authority,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Class-Registration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Class-Registration
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.10
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Class-Registration
+adminDescription: Class-Registration
+objectClassCategory: 1
+lDAPDisplayName: classRegistration
+schemaIDGUID:: gnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: classStore
+systemMayContain: requiredCategories
+systemMayContain: managedBy
+systemMayContain: implementedCategories
+systemMayContain: cOMTreatAsClassId
+systemMayContain: cOMProgID
+systemMayContain: cOMOtherProgId
+systemMayContain: cOMInterfaceID
+systemMayContain: cOMCLSID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Class-Registration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Class-Store,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Class-Store
+subClassOf: top
+governsID: 1.2.840.113556.1.5.44
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Class-Store
+adminDescription: Class-Store
+objectClassCategory: 1
+lDAPDisplayName: classStore
+schemaIDGUID:: hHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: domainPolicy
+systemPossSuperiors: computer
+systemPossSuperiors: group
+systemPossSuperiors: user
+systemPossSuperiors: classStore
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemPossSuperiors: container
+systemMayContain: versionNumber
+systemMayContain: nextLevelStore
+systemMayContain: lastUpdateSequence
+systemMayContain: appSchemaVersion
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Class-Store,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Com-Connection-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Com-Connection-Point
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.11
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Com-Connection-Point
+adminDescription: Com-Connection-Point
+objectClassCategory: 1
+lDAPDisplayName: comConnectionPoint
+schemaIDGUID:: hXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: monikerDisplayName
+systemMayContain: moniker
+systemMayContain: marshalledInterface
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Com-Connection-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Computer
+subClassOf: user
+governsID: 1.2.840.113556.1.3.30
+mayContain: msSFU30Name
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Aliases
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Computer
+adminDescription: Computer
+auxiliaryClass: ipHost
+objectClassCategory: 1
+lDAPDisplayName: computer
+schemaIDGUID:: hnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: msImaging-HashAlgorithm
+systemMayContain: msImaging-ThumbprintHash
+systemMayContain: msDS-GenerationId
+systemMayContain: msTPM-TpmInformationForComputer
+systemMayContain: msTSSecondaryDesktopBL
+systemMayContain: msTSPrimaryDesktopBL
+systemMayContain: msTSEndpointPlugin
+systemMayContain: msTSEndpointType
+systemMayContain: msTSEndpointData
+systemMayContain: msDS-HostServiceAccount
+systemMayContain: msDS-IsUserCachableAtRodc
+systemMayContain: msTSProperty02
+systemMayContain: msTSProperty01
+systemMayContain: msTPM-OwnerInformation
+systemMayContain: msDS-RevealOnDemandGroup
+systemMayContain: msDS-NeverRevealGroup
+systemMayContain: msDS-PromotionSettings
+systemMayContain: msDS-SiteName
+systemMayContain: msDS-isRODC
+systemMayContain: msDS-isGC
+systemMayContain: msDS-AuthenticatedAtDC
+systemMayContain: msDS-ExecuteScriptPassword
+systemMayContain: msDS-RevealedList
+systemMayContain: msDS-RevealedUsers
+systemMayContain: msDS-KrbTgtLink
+systemMayContain: volumeCount
+systemMayContain: siteGUID
+systemMayContain: rIDSetReferences
+systemMayContain: policyReplicationFlags
+systemMayContain: physicalLocationObject
+systemMayContain: operatingSystemVersion
+systemMayContain: operatingSystemServicePack
+systemMayContain: operatingSystemHotfix
+systemMayContain: operatingSystem
+systemMayContain: networkAddress
+systemMayContain: netbootSIFFile
+systemMayContain: netbootMirrorDataFile
+systemMayContain: netbootMachineFilePath
+systemMayContain: netbootInitialization
+systemMayContain: netbootDUID
+systemMayContain: netbootGUID
+systemMayContain: msDS-AdditionalSamAccountName
+systemMayContain: msDS-AdditionalDnsHostName
+systemMayContain: managedBy
+systemMayContain: machineRole
+systemMayContain: location
+systemMayContain: localPolicyFlags
+systemMayContain: dNSHostName
+systemMayContain: defaultLocalPolicyObject
+systemMayContain: cn
+systemMayContain: catalogs
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCRLCLORCSDDT;;;CO)(OA;;WP;4c164200-20c0-
+ 11d0-a768-00aa006e0529;;CO)(A;;RPLCLORC;;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-0
+ 0aa0040529b;;WD)(A;;CCDC;;;PS)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;
+ PO)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;SW;f3a64788-5306-11
+ d1-a9c5-0000f80367c1;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(O
+ A;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)(OA;;SW;72e39547-7b18-11d1-adef
+ -00c04fd8d5cd;;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO)(OA;;WP;3e0
+ abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;
+ ;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00aa003049e2;
+ CO)(OA;;WP;bf967950-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa00
+ 3049e2;CO)(OA;;WP;bf967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285
+ -00aa003049e2;CO)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Configuration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Configuration
+subClassOf: top
+governsID: 1.2.840.113556.1.5.12
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Configuration
+adminDescription: Configuration
+objectClassCategory: 1
+lDAPDisplayName: configuration
+schemaIDGUID:: h3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemPossSuperiors: domainDNS
+systemMayContain: msDS-USNLastSyncSuccess
+systemMayContain: gPOptions
+systemMayContain: gPLink
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLC
+ LORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Configuration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Connection-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Connection-Point
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.14
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Connection-Point
+adminDescription: Connection-Point
+objectClassCategory: 2
+lDAPDisplayName: connectionPoint
+schemaIDGUID:: zx60XEwO0BGihgCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemMayContain: msDS-Settings
+systemMayContain: managedBy
+systemMayContain: keywords
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Connection-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Contact,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Contact
+subClassOf: organizationalPerson
+governsID: 1.2.840.113556.1.5.15
+mayContain: msDS-SourceObjectDN
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Contact
+adminDescription: Contact
+objectClassCategory: 1
+lDAPDisplayName: contact
+schemaIDGUID:: 0B60XEwO0BGihgCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: notes
+systemMustContain: cn
+systemAuxiliaryClass: mailRecipient
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Person,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Person
+subClassOf: top
+governsID: 2.5.6.6
+mayContain: attributeCertificateAttribute
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Person
+adminDescription: Person
+objectClassCategory: 0
+lDAPDisplayName: person
+schemaIDGUID:: p3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: userPassword
+systemMayContain: telephoneNumber
+systemMayContain: sn
+systemMayContain: serialNumber
+systemMayContain: seeAlso
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Container
+subClassOf: top
+governsID: 1.2.840.113556.1.3.23
+mayContain: msDS-ObjectReference
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Container
+adminDescription: Container
+objectClassCategory: 1
+lDAPDisplayName: container
+schemaIDGUID:: i3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: msDS-AzScope
+systemPossSuperiors: msDS-AzApplication
+systemPossSuperiors: msDS-AzAdminManager
+systemPossSuperiors: subnet
+systemPossSuperiors: server
+systemPossSuperiors: nTDSService
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organization
+systemPossSuperiors: configuration
+systemPossSuperiors: container
+systemPossSuperiors: organizationalUnit
+systemMayContain: schemaVersion
+systemMayContain: defaultClassStore
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Control-Access-Right,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Control-Access-Right
+subClassOf: top
+governsID: 1.2.840.113556.1.5.77
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Control-Access-Right
+adminDescription: Control-Access-Right
+objectClassCategory: 1
+lDAPDisplayName: controlAccessRight
+schemaIDGUID:: HpOXgtOG0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: validAccesses
+systemMayContain: rightsGuid
+systemMayContain: localizationDisplayId
+systemMayContain: appliesTo
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Control-Access-Right,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Country,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Country
+subClassOf: top
+governsID: 2.5.6.2
+rDNAttID: c
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Country
+adminDescription: Country
+objectClassCategory: 0
+lDAPDisplayName: country
+schemaIDGUID:: jHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organization
+systemMayContain: co
+systemMayContain: searchGuide
+systemMustContain: c
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Country,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CRL-Distribution-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: CRL-Distribution-Point
+subClassOf: top
+governsID: 2.5.6.19
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CRL-Distribution-Point
+adminDescription: CRL-Distribution-Point
+objectClassCategory: 1
+lDAPDisplayName: cRLDistributionPoint
+schemaIDGUID:: ylh3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: deltaRevocationList
+systemMayContain: cRLPartitionedRevocationList
+systemMayContain: certificateRevocationList
+systemMayContain: certificateAuthorityObject
+systemMayContain: authorityRevocationList
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=CRL-Distribution-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Cross-Ref,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Cross-Ref
+subClassOf: top
+governsID: 1.2.840.113556.1.3.11
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Cross-Ref
+adminDescription: Cross-Ref
+objectClassCategory: 1
+lDAPDisplayName: crossRef
+schemaIDGUID:: jXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: crossRefContainer
+systemMayContain: trustParent
+systemMayContain: superiorDNSRoot
+systemMayContain: rootTrust
+systemMayContain: nTMixedDomain
+systemMayContain: nETBIOSName
+systemMayContain: Enabled
+systemMayContain: msDS-SDReferenceDomain
+systemMayContain: msDS-Replication-Notify-Subsequent-DSA-Delay
+systemMayContain: msDS-Replication-Notify-First-DSA-Delay
+systemMayContain: msDS-NC-RO-Replica-Locations
+systemMayContain: msDS-NC-Replica-Locations
+systemMayContain: msDS-DnsRootAlias
+systemMayContain: msDS-Behavior-Version
+systemMustContain: nCName
+systemMustContain: dnsRoot
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Cross-Ref-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.7000.53
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Cross-Ref-Container
+adminDescription: Cross-Ref-Container
+objectClassCategory: 1
+lDAPDisplayName: crossRefContainer
+schemaIDGUID:: 4GCe7/dW0RGpxgAA+ANnwQ==
+systemOnly: TRUE
+systemPossSuperiors: configuration
+systemMayContain: msDS-EnabledFeature
+systemMayContain: msDS-SPNSuffixes
+systemMayContain: uPNSuffixes
+systemMayContain: msDS-UpdateScript
+systemMayContain: msDS-ExecuteScriptPassword
+systemMayContain: msDS-Behavior-Version
+defaultSecurityDescriptor: D:(A;;GA;;;SY)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Device,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Device
+subClassOf: top
+governsID: 2.5.6.14
+mayContain: msSFU30Aliases
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Device
+adminDescription: Device
+auxiliaryClass: ipHost
+auxiliaryClass: ieee802Device
+auxiliaryClass: bootableDevice
+objectClassCategory: 0
+lDAPDisplayName: device
+schemaIDGUID:: jnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: organization
+systemPossSuperiors: container
+systemMayContain: serialNumber
+systemMayContain: seeAlso
+systemMayContain: owner
+systemMayContain: ou
+systemMayContain: o
+systemMayContain: l
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Device,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dfs-Configuration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Dfs-Configuration
+subClassOf: top
+governsID: 1.2.840.113556.1.5.42
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dfs-Configuration
+adminDescription: Dfs-Configuration
+objectClassCategory: 1
+lDAPDisplayName: dfsConfiguration
+schemaIDGUID:: 8vlHhCcQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: domainDNS
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Dfs-Configuration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DHCP-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: DHCP-Class
+subClassOf: top
+governsID: 1.2.840.113556.1.5.132
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DHCP-Class
+adminDescription: DHCP-Class
+objectClassCategory: 1
+lDAPDisplayName: dHCPClass
+schemaIDGUID:: Vic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: superScopes
+systemMayContain: superScopeDescription
+systemMayContain: optionsLocation
+systemMayContain: optionDescription
+systemMayContain: networkAddress
+systemMayContain: mscopeId
+systemMayContain: dhcpUpdateTime
+systemMayContain: dhcpSubnets
+systemMayContain: dhcpState
+systemMayContain: dhcpSites
+systemMayContain: dhcpServers
+systemMayContain: dhcpReservations
+systemMayContain: dhcpRanges
+systemMayContain: dhcpProperties
+systemMayContain: dhcpOptions
+systemMayContain: dhcpObjName
+systemMayContain: dhcpObjDescription
+systemMayContain: dhcpMaxKey
+systemMayContain: dhcpMask
+systemMayContain: dhcpClasses
+systemMustContain: dhcpUniqueKey
+systemMustContain: dhcpType
+systemMustContain: dhcpIdentification
+systemMustContain: dhcpFlags
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=DHCP-Class,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Display-Specifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Display-Specifier
+subClassOf: top
+governsID: 1.2.840.113556.1.5.84
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Display-Specifier
+adminDescription: Display-Specifier
+objectClassCategory: 1
+lDAPDisplayName: displaySpecifier
+schemaIDGUID:: ih764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: treatAsLeaf
+systemMayContain: shellPropertyPages
+systemMayContain: shellContextMenu
+systemMayContain: scopeFlags
+systemMayContain: queryFilter
+systemMayContain: iconPath
+systemMayContain: extraColumns
+systemMayContain: creationWizard
+systemMayContain: createWizardExt
+systemMayContain: createDialog
+systemMayContain: contextMenu
+systemMayContain: classDisplayName
+systemMayContain: attributeDisplayNames
+systemMayContain: adminPropertyPages
+systemMayContain: adminMultiselectPropertyPages
+systemMayContain: adminContextMenu
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Display-Specifier,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Display-Template,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Display-Template
+subClassOf: top
+governsID: 1.2.840.113556.1.3.59
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Display-Template
+adminDescription: Display-Template
+objectClassCategory: 1
+lDAPDisplayName: displayTemplate
+schemaIDGUID:: DCXUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: originalDisplayTableMSDOS
+systemMayContain: originalDisplayTable
+systemMayContain: helpFileName
+systemMayContain: helpData32
+systemMayContain: helpData16
+systemMayContain: addressEntryDisplayTableMSDOS
+systemMayContain: addressEntryDisplayTable
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Display-Template,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Node,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Dns-Node
+subClassOf: top
+governsID: 1.2.840.113556.1.5.86
+rDNAttID: dc
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Node
+adminDescription: Dns-Node
+objectClassCategory: 1
+lDAPDisplayName: dnsNode
+schemaIDGUID:: jB764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: dnsZone
+systemMayContain: dNSTombstoned
+systemMayContain: dnsRecord
+systemMayContain: dNSProperty
+systemMustContain: dc
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;ED)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLO
+ RC;;;WD)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Zone,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Dns-Zone
+subClassOf: top
+governsID: 1.2.840.113556.1.5.85
+rDNAttID: dc
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Zone
+adminDescription: Dns-Zone
+objectClassCategory: 1
+lDAPDisplayName: dnsZone
+schemaIDGUID:: ix764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msDNS-NSEC3CurrentSalt
+systemMayContain: msDNS-NSEC3UserSalt
+systemMayContain: msDNS-PropagationTime
+systemMayContain: msDNS-ParentHasSecureDelegation
+systemMayContain: msDNS-DNSKEYRecords
+systemMayContain: msDNS-SigningKeys
+systemMayContain: msDNS-SigningKeyDescriptors
+systemMayContain: msDNS-SecureDelegationPollingPeriod
+systemMayContain: msDNS-SignatureInceptionOffset
+systemMayContain: msDNS-DSRecordSetTTL
+systemMayContain: msDNS-DNSKEYRecordSetTTL
+systemMayContain: msDNS-NSEC3Iterations
+systemMayContain: msDNS-NSEC3RandomSaltLength
+systemMayContain: msDNS-NSEC3HashAlgorithm
+systemMayContain: msDNS-RFC5011KeyRollovers
+systemMayContain: msDNS-DSRecordAlgorithms
+systemMayContain: msDNS-MaintainTrustAnchor
+systemMayContain: msDNS-NSEC3OptOut
+systemMayContain: msDNS-SignWithNSEC3
+systemMayContain: msDNS-IsSigned
+systemMayContain: managedBy
+systemMayContain: dnsSecureSecondaries
+systemMayContain: dNSProperty
+systemMayContain: dnsNotifySecondaries
+systemMayContain: dnsAllowXFR
+systemMayContain: dnsAllowDynamic
+systemMustContain: dc
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;ED)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;CC;;;AU)(A;;RPLCLORC;;;WD)(A;;RPWPCRCCDCLC
+ LORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Dns-Zone,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=document,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: document
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 0.9.2342.19200300.100.4.6
+mayContain: documentIdentifier
+mayContain: documentPublisher
+mayContain: documentLocation
+mayContain: documentAuthor
+mayContain: documentVersion
+mayContain: documentTitle
+mayContain: ou
+mayContain: o
+mayContain: l
+mayContain: seeAlso
+mayContain: description
+mayContain: cn
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: document
+adminDescription: 
+ The document object class is used to define entries which represent documents.
+objectClassCategory: 1
+lDAPDisplayName: document
+schemaIDGUID:: bdm6OdbCr0uIq35CB2ABFw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=document,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentSeries,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: documentSeries
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 0.9.2342.19200300.100.4.9
+mustContain: cn
+mayContain: telephoneNumber
+mayContain: ou
+mayContain: o
+mayContain: l
+mayContain: seeAlso
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentSeries
+adminDescription: 
+ The documentSeries object class is used to define an entry which represents a 
+ series of documents.
+objectClassCategory: 1
+lDAPDisplayName: documentSeries
+schemaIDGUID:: fOArei8wlku8kAeV1miF+A==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=documentSeries,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Domain
+subClassOf: top
+governsID: 1.2.840.113556.1.5.66
+rDNAttID: dc
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain
+adminDescription: Domain
+objectClassCategory: 2
+lDAPDisplayName: domain
+schemaIDGUID:: WloZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: domain
+systemPossSuperiors: organization
+systemMustContain: dc
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-DNS,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Domain-DNS
+subClassOf: domain
+governsID: 1.2.840.113556.1.5.67
+rDNAttID: dc
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-DNS
+adminDescription: Domain-DNS
+objectClassCategory: 1
+lDAPDisplayName: domainDNS
+schemaIDGUID:: W1oZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemMayContain: msDS-EnabledFeature
+systemMayContain: msDS-USNLastSyncSuccess
+systemMayContain: msDS-Behavior-Version
+systemMayContain: msDS-AllowedDNSSuffixes
+systemMayContain: managedBy
+systemAuxiliaryClass: samDomain
+defaultSecurityDescriptor: 
+ D:(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;S-1-5-21-1419929373-1327843497
+ -4227689449-498)(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(
+ OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79
+ f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;11
+ 31f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc
+ 2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRC
+ WDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSD
+ DTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967
+ aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc
+ 2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9
+ 020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-
+ 20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;R
+ P;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU
+ )(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-
+ 0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-
+ 11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b42
+ 2-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79
+ a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;
+ bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(
+ OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F01
+ 5E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-
+ 9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;R
+ U)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-
+ ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967ab
+ a-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f
+ 608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854
+ e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;WP;ea1b7b93-5e
+ 48-46d5-bc6c-4df4fda78a35;bf967a86-0de6-11d0-a285-00aa003049e2;PS)(OA;;CR;1131
+ f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda6
+ 40c;;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;89e95b76-444d
+ -4c62-991a-0facbeda640c;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-
+ 5-32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6a
+ d-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)
+ (OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ae-9c07-11d1-f7
+ 9f-00c04fc2dcd2;;BA)(OA;CIIO;CRRPWP;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)(
+ OA;CIOI;RPWP;3f78c3e5-f79a-46bd-a0b8-9d18116ddc79;;PS)S:(AU;SA;WDWOWP;;;WD)(AU
+ ;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf
+ 967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000
+ f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Domain-Policy
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.18
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Policy
+adminDescription: Domain-Policy
+objectClassCategory: 1
+lDAPDisplayName: domainPolicy
+schemaIDGUID:: mXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemPossSuperiors: container
+systemMayContain: qualityOfService
+systemMayContain: pwdProperties
+systemMayContain: pwdHistoryLength
+systemMayContain: publicKeyPolicy
+systemMayContain: proxyLifetime
+systemMayContain: minTicketAge
+systemMayContain: minPwdLength
+systemMayContain: minPwdAge
+systemMayContain: maxTicketAge
+systemMayContain: maxRenewAge
+systemMayContain: maxPwdAge
+systemMayContain: managedBy
+systemMayContain: lockoutThreshold
+systemMayContain: lockoutDuration
+systemMayContain: lockOutObservationWindow
+systemMayContain: ipsecPolicyReference
+systemMayContain: forceLogoff
+systemMayContain: eFSPolicy
+systemMayContain: domainWidePolicy
+systemMayContain: domainPolicyReference
+systemMayContain: domainCAs
+systemMayContain: defaultLocalPolicyObject
+systemMayContain: authenticationOptions
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Domain-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=domainRelatedObject,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: domainRelatedObject
+subClassOf: top
+governsID: 0.9.2342.19200300.100.4.17
+mayContain: associatedDomain
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: domainRelatedObject
+adminDescription: 
+ The domainRelatedObject object class is used to define an entry which represen
+ ts a series of documents.
+objectClassCategory: 3
+lDAPDisplayName: domainRelatedObject
+schemaIDGUID:: PS39i9rvSUWFLPheE3rtxg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=domainRelatedObject,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DS-UI-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: DS-UI-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.5.183
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DS-UI-Settings
+adminDescription: DS-UI-Settings
+objectClassCategory: 1
+lDAPDisplayName: dSUISettings
+schemaIDGUID:: FA+xCZNv0hGZBQAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msDS-Non-Security-Group-Extra-Classes
+systemMayContain: msDS-Security-Group-Extra-Classes
+systemMayContain: msDS-FilterContainers
+systemMayContain: dSUIShellMaximum
+systemMayContain: dSUIAdminNotification
+systemMayContain: dSUIAdminMaximum
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=DS-UI-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DSA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: DSA
+subClassOf: applicationEntity
+governsID: 2.5.6.13
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DSA
+adminDescription: DSA
+objectClassCategory: 1
+lDAPDisplayName: dSA
+schemaIDGUID:: Uu7fP/RH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: server
+systemPossSuperiors: computer
+systemMayContain: knowledgeInformation
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=DSA,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dynamic-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Dynamic-Object
+description: 
+ This class, if present in an entry, indicates that this entry has a limited li
+ fetime and may disappear automatically when its time-to-live has reached 0. If
+  the client has not supplied a value for the entryTtl attribute, the server wi
+ ll provide one.
+subClassOf: top
+governsID: 1.3.6.1.4.1.1466.101.119.2
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dynamic-Object
+adminDescription: Dynamic-Object
+objectClassCategory: 3
+lDAPDisplayName: dynamicObject
+schemaIDGUID:: SRLVZlUzH0yyToHyUqyiOw==
+systemOnly: FALSE
+systemMayContain: msDS-Entry-Time-To-Die
+systemMayContain: entryTTL
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Dynamic-Object,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=File-Link-Tracking,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: File-Link-Tracking
+subClassOf: top
+governsID: 1.2.840.113556.1.5.52
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: File-Link-Tracking
+adminDescription: File-Link-Tracking
+objectClassCategory: 1
+lDAPDisplayName: fileLinkTracking
+schemaIDGUID:: KSJx3eQQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=File-Link-Tracking,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=File-Link-Tracking-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: File-Link-Tracking-Entry
+subClassOf: top
+governsID: 1.2.840.113556.1.5.59
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: File-Link-Tracking-Entry
+adminDescription: File-Link-Tracking-Entry
+objectClassCategory: 1
+lDAPDisplayName: fileLinkTrackingEntry
+schemaIDGUID:: 7bJOjhJH0BGhoADAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: fileLinkTracking
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=File-Link-Tracking-Entry,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Foreign-Security-Principal
+subClassOf: top
+governsID: 1.2.840.113556.1.5.76
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Foreign-Security-Principal
+adminDescription: Foreign-Security-Principal
+objectClassCategory: 1
+lDAPDisplayName: foreignSecurityPrincipal
+schemaIDGUID:: EhzjiTCF0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: foreignIdentifier
+systemMustContain: objectSid
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9
+ 819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;
+ ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-000
+ 0F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45
+ 795B3-9455-11d1-AEBD-0000F80367C1;;PS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9
+ 020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;
+ E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04
+ fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=friendlyCountry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: friendlyCountry
+subClassOf: country
+governsID: 0.9.2342.19200300.100.4.18
+mustContain: co
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: friendlyCountry
+adminDescription: 
+ The friendlyCountry object class is used to define country entries in the DIT.
+objectClassCategory: 1
+lDAPDisplayName: friendlyCountry
+schemaIDGUID:: UvGYxGvcSkefUnzbo9fTUQ==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=friendlyCountry,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FT-Dfs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: FT-Dfs
+subClassOf: top
+governsID: 1.2.840.113556.1.5.43
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FT-Dfs
+adminDescription: FT-Dfs
+objectClassCategory: 1
+lDAPDisplayName: fTDfs
+schemaIDGUID:: 8/lHhCcQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemPossSuperiors: dfsConfiguration
+systemMayContain: uNCName
+systemMayContain: managedBy
+systemMayContain: keywords
+systemMustContain: remoteServerName
+systemMustContain: pKTGuid
+systemMustContain: pKT
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=FT-Dfs,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Group
+subClassOf: top
+governsID: 1.2.840.113556.1.5.8
+mayContain: msSFU30PosixMember
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group
+adminDescription: Group
+auxiliaryClass: posixGroup
+objectClassCategory: 1
+lDAPDisplayName: group
+schemaIDGUID:: nHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: msDS-AzScope
+systemPossSuperiors: msDS-AzApplication
+systemPossSuperiors: msDS-AzAdminManager
+systemPossSuperiors: container
+systemPossSuperiors: builtinDomain
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: msDS-PrimaryComputer
+systemMayContain: msDS-AzApplicationData
+systemMayContain: msDS-AzLastImportedBizRulePath
+systemMayContain: msDS-AzBizRuleLanguage
+systemMayContain: msDS-AzBizRule
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: primaryGroupToken
+systemMayContain: operatorCount
+systemMayContain: nTGroupMembers
+systemMayContain: nonSecurityMember
+systemMayContain: msDS-NonMembers
+systemMayContain: msDS-AzLDAPQuery
+systemMayContain: member
+systemMayContain: managedBy
+systemMayContain: groupMembershipSAM
+systemMayContain: groupAttributes
+systemMayContain: mail
+systemMayContain: desktopProfile
+systemMayContain: controlAccessRights
+systemMayContain: adminCount
+systemMustContain: groupType
+systemAuxiliaryClass: mailRecipient
+systemAuxiliaryClass: securityPrincipal
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab
+ 721a55-1e2f-11d0-9819-00aa0040529b;;AU)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d
+ 456d2;;S-1-5-32-560)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Group,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group-Of-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Group-Of-Names
+subClassOf: top
+governsID: 2.5.6.9
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group-Of-Names
+adminDescription: Group-Of-Names
+objectClassCategory: 0
+lDAPDisplayName: groupOfNames
+schemaIDGUID:: nXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: locality
+systemPossSuperiors: organization
+systemPossSuperiors: container
+systemMayContain: seeAlso
+systemMayContain: owner
+systemMayContain: ou
+systemMayContain: o
+systemMayContain: businessCategory
+systemMustContain: member
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Group-Of-Names,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=groupOfUniqueNames,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: groupOfUniqueNames
+possSuperiors: domainDNS
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 2.5.6.17
+mustContain: uniqueMember
+mustContain: cn
+mayContain: seeAlso
+mayContain: owner
+mayContain: ou
+mayContain: o
+mayContain: description
+mayContain: businessCategory
+rDNAttID: cn
+showInAdvancedViewOnly: FALSE
+adminDisplayName: groupOfUniqueNames
+adminDescription: Defines the entries for a group of unique names.
+objectClassCategory: 1
+lDAPDisplayName: groupOfUniqueNames
+schemaIDGUID:: EakQA6OTIU6no1XYWrLEiw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)
+systemFlags: 0
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=groupOfUniqueNames,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group-Policy-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Group-Policy-Container
+subClassOf: container
+governsID: 1.2.840.113556.1.5.157
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group-Policy-Container
+adminDescription: Group-Policy-Container
+objectClassCategory: 1
+lDAPDisplayName: groupPolicyContainer
+schemaIDGUID:: wjsO8/Cf0RG2AwAA+ANnwQ==
+systemOnly: FALSE
+systemMayContain: versionNumber
+systemMayContain: gPCWQLFilter
+systemMayContain: gPCUserExtensionNames
+systemMayContain: gPCMachineExtensionNames
+systemMayContain: gPCFunctionalityVersion
+systemMayContain: gPCFileSysPath
+systemMayContain: flags
+defaultSecurityDescriptor: 
+ D:P(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;DA)(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;EA
+ )(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;CO)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;
+ CI;RPLCLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;LCRP
+ LORC;;;ED)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Group-Policy-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Index-Server-Catalog,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Index-Server-Catalog
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.130
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Index-Server-Catalog
+adminDescription: Index-Server-Catalog
+objectClassCategory: 1
+lDAPDisplayName: indexServerCatalog
+schemaIDGUID:: isv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: uNCName
+systemMayContain: queryPoint
+systemMayContain: indexedScopes
+systemMayContain: friendlyNames
+systemMustContain: creator
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Index-Server-Catalog,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=inetOrgPerson,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: inetOrgPerson
+possSuperiors: domainDNS
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: user
+governsID: 2.16.840.1.113730.3.2.2
+mayContain: x500uniqueIdentifier
+mayContain: userSMIMECertificate
+mayContain: userPKCS12
+mayContain: userCertificate
+mayContain: uid
+mayContain: secretary
+mayContain: roomNumber
+mayContain: preferredLanguage
+mayContain: photo
+mayContain: pager
+mayContain: o
+mayContain: mobile
+mayContain: manager
+mayContain: mail
+mayContain: labeledURI
+mayContain: jpegPhoto
+mayContain: initials
+mayContain: homePostalAddress
+mayContain: homePhone
+mayContain: givenName
+mayContain: employeeType
+mayContain: employeeNumber
+mayContain: displayName
+mayContain: departmentNumber
+mayContain: carLicense
+mayContain: businessCategory
+mayContain: audio
+rDNAttID: cn
+showInAdvancedViewOnly: FALSE
+adminDisplayName: inetOrgPerson
+adminDescription: 
+ Represents people who are associated with an organization in some way.
+objectClassCategory: 1
+lDAPDisplayName: inetOrgPerson
+schemaIDGUID:: FMwoSDcUvEWbB61vAV5fKA==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9
+ 819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;
+ ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-000
+ 0F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45
+ 795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968
+ f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a
+ 9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04
+ fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-
+ 9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;
+ AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0
+ -9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;
+ ;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422
+ -11d1-aebd-0000f80367c1;;S-1-5-32-561)(OA;;WPRP;5805bc62-bdc9-4428-a5e2-856a0f
+ 4c185e;;S-1-5-32-561)
+systemFlags: 0
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Infrastructure-Update,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Infrastructure-Update
+subClassOf: top
+governsID: 1.2.840.113556.1.5.175
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Infrastructure-Update
+adminDescription: Infrastructure-Update
+objectClassCategory: 1
+lDAPDisplayName: infrastructureUpdate
+schemaIDGUID:: iQ35LZ8A0hGqTADAT9fYOg==
+systemOnly: TRUE
+systemPossSuperiors: infrastructureUpdate
+systemPossSuperiors: domain
+systemMayContain: dNReferenceUpdate
+defaultSecurityDescriptor: D:(A;;GA;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Intellimirror-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Intellimirror-Group
+subClassOf: top
+governsID: 1.2.840.113556.1.5.152
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Intellimirror-Group
+adminDescription: Intellimirror-Group
+objectClassCategory: 1
+lDAPDisplayName: intellimirrorGroup
+schemaIDGUID:: hjA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;
+ CCDC;;;CO)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Intellimirror-Group,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Intellimirror-SCP,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Intellimirror-SCP
+subClassOf: serviceAdministrationPoint
+governsID: 1.2.840.113556.1.5.151
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Intellimirror-SCP
+adminDescription: Intellimirror-SCP
+objectClassCategory: 1
+lDAPDisplayName: intellimirrorSCP
+schemaIDGUID:: hTA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemPossSuperiors: intellimirrorGroup
+systemMayContain: netbootTools
+systemMayContain: netbootServer
+systemMayContain: netbootNewMachineOU
+systemMayContain: netbootNewMachineNamingPolicy
+systemMayContain: netbootMaxClients
+systemMayContain: netbootMachineFilePath
+systemMayContain: netbootLocallyInstalledOSes
+systemMayContain: netbootLimitClients
+systemMayContain: netbootIntelliMirrorOSes
+systemMayContain: netbootCurrentClientCount
+systemMayContain: netbootAnswerRequests
+systemMayContain: netbootAnswerOnlyValidClients
+systemMayContain: netbootAllowNewClients
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Intellimirror-SCP,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Inter-Site-Transport,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Inter-Site-Transport
+subClassOf: top
+governsID: 1.2.840.113556.1.5.141
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Inter-Site-Transport
+adminDescription: Inter-Site-Transport
+objectClassCategory: 1
+lDAPDisplayName: interSiteTransport
+schemaIDGUID:: dnPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: interSiteTransportContainer
+systemMayContain: replInterval
+systemMayContain: options
+systemMustContain: transportDLLName
+systemMustContain: transportAddressAttribute
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Inter-Site-Transport,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Inter-Site-Transport-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Inter-Site-Transport-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.140
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Inter-Site-Transport-Container
+adminDescription: Inter-Site-Transport-Container
+objectClassCategory: 1
+lDAPDisplayName: interSiteTransportContainer
+schemaIDGUID:: dXPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: sitesContainer
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Inter-Site-Transport-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Base,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Ipsec-Base
+subClassOf: top
+governsID: 1.2.840.113556.1.5.7000.56
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Base
+adminDescription: Ipsec-Base
+objectClassCategory: 2
+lDAPDisplayName: ipsecBase
+schemaIDGUID:: JfgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemMayContain: ipsecOwnersReference
+systemMayContain: ipsecName
+systemMayContain: ipsecID
+systemMayContain: ipsecDataType
+systemMayContain: ipsecData
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Ipsec-Base,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Ipsec-Filter
+subClassOf: ipsecBase
+governsID: 1.2.840.113556.1.5.118
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Filter
+adminDescription: Ipsec-Filter
+objectClassCategory: 1
+lDAPDisplayName: ipsecFilter
+schemaIDGUID:: JvgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: computer
+systemPossSuperiors: container
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Ipsec-Filter,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-ISAKMP-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Ipsec-ISAKMP-Policy
+subClassOf: ipsecBase
+governsID: 1.2.840.113556.1.5.120
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-ISAKMP-Policy
+adminDescription: Ipsec-ISAKMP-Policy
+objectClassCategory: 1
+lDAPDisplayName: ipsecISAKMPPolicy
+schemaIDGUID:: KPgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemPossSuperiors: organizationalUnit
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Ipsec-ISAKMP-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Negotiation-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Ipsec-Negotiation-Policy
+subClassOf: ipsecBase
+governsID: 1.2.840.113556.1.5.119
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Negotiation-Policy
+adminDescription: Ipsec-Negotiation-Policy
+objectClassCategory: 1
+lDAPDisplayName: ipsecNegotiationPolicy
+schemaIDGUID:: J/gPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: computer
+systemPossSuperiors: container
+systemMayContain: iPSECNegotiationPolicyType
+systemMayContain: iPSECNegotiationPolicyAction
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Ipsec-Negotiation-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-NFA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Ipsec-NFA
+subClassOf: ipsecBase
+governsID: 1.2.840.113556.1.5.121
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-NFA
+adminDescription: Ipsec-NFA
+objectClassCategory: 1
+lDAPDisplayName: ipsecNFA
+schemaIDGUID:: KfgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemPossSuperiors: organizationalUnit
+systemMayContain: ipsecNegotiationPolicyReference
+systemMayContain: ipsecFilterReference
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Ipsec-NFA,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Ipsec-Policy
+subClassOf: ipsecBase
+governsID: 1.2.840.113556.1.5.98
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Policy
+adminDescription: Ipsec-Policy
+objectClassCategory: 1
+lDAPDisplayName: ipsecPolicy
+schemaIDGUID:: ITGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: computer
+systemPossSuperiors: container
+systemMayContain: ipsecNFAReference
+systemMayContain: ipsecISAKMPReference
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Ipsec-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Leaf,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Leaf
+subClassOf: top
+governsID: 1.2.840.113556.1.5.20
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Leaf
+adminDescription: Leaf
+objectClassCategory: 2
+lDAPDisplayName: leaf
+schemaIDGUID:: nnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Leaf,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Licensing-Site-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Licensing-Site-Settings
+subClassOf: applicationSiteSettings
+governsID: 1.2.840.113556.1.5.78
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Licensing-Site-Settings
+adminDescription: Licensing-Site-Settings
+objectClassCategory: 1
+lDAPDisplayName: licensingSiteSettings
+schemaIDGUID:: ffHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: site
+systemMayContain: siteServer
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Licensing-Site-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Link-Track-Object-Move-Table,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Link-Track-Object-Move-Table
+subClassOf: fileLinkTracking
+governsID: 1.2.840.113556.1.5.91
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Link-Track-Object-Move-Table
+adminDescription: Link-Track-Object-Move-Table
+objectClassCategory: 1
+lDAPDisplayName: linkTrackObjectMoveTable
+schemaIDGUID:: 9Qys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: fileLinkTracking
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Link-Track-Object-Move-Table,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Link-Track-OMT-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Link-Track-OMT-Entry
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.93
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Link-Track-OMT-Entry
+adminDescription: Link-Track-OMT-Entry
+objectClassCategory: 1
+lDAPDisplayName: linkTrackOMTEntry
+schemaIDGUID:: 9wys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: linkTrackObjectMoveTable
+systemMayContain: timeRefresh
+systemMayContain: oMTIndxGuid
+systemMayContain: oMTGuid
+systemMayContain: currentLocation
+systemMayContain: birthLocation
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Link-Track-OMT-Entry,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Link-Track-Vol-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Link-Track-Vol-Entry
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.92
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Link-Track-Vol-Entry
+adminDescription: Link-Track-Vol-Entry
+objectClassCategory: 1
+lDAPDisplayName: linkTrackVolEntry
+schemaIDGUID:: 9gys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: linkTrackVolumeTable
+systemMayContain: volTableIdxGUID
+systemMayContain: volTableGUID
+systemMayContain: timeVolChange
+systemMayContain: timeRefresh
+systemMayContain: seqNotification
+systemMayContain: objectCount
+systemMayContain: linkTrackSecret
+systemMayContain: currMachineId
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Link-Track-Vol-Entry,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Link-Track-Volume-Table,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Link-Track-Volume-Table
+subClassOf: fileLinkTracking
+governsID: 1.2.840.113556.1.5.90
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Link-Track-Volume-Table
+adminDescription: Link-Track-Volume-Table
+objectClassCategory: 1
+lDAPDisplayName: linkTrackVolumeTable
+schemaIDGUID:: 9Ays3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: fileLinkTracking
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Link-Track-Volume-Table,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Locality,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Locality
+subClassOf: top
+governsID: 2.5.6.3
+rDNAttID: l
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Locality
+adminDescription: Locality
+objectClassCategory: 1
+lDAPDisplayName: locality
+schemaIDGUID:: oHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: country
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: organization
+systemPossSuperiors: locality
+systemMayContain: street
+systemMayContain: st
+systemMayContain: seeAlso
+systemMayContain: searchGuide
+systemMustContain: l
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Locality,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Lost-And-Found,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Lost-And-Found
+subClassOf: top
+governsID: 1.2.840.113556.1.5.139
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lost-And-Found
+adminDescription: Lost-And-Found
+objectClassCategory: 1
+lDAPDisplayName: lostAndFound
+schemaIDGUID:: cYarUglX0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: configuration
+systemPossSuperiors: domainDNS
+systemPossSuperiors: dMD
+systemMayContain: moveTreeState
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Lost-And-Found,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Mail-Recipient,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Mail-Recipient
+subClassOf: top
+governsID: 1.2.840.113556.1.3.46
+mayContain: msDS-GeoCoordinatesLongitude
+mayContain: msDS-GeoCoordinatesLatitude
+mayContain: msDS-GeoCoordinatesAltitude
+mayContain: msDS-PhoneticDisplayName
+mayContain: userSMIMECertificate
+mayContain: secretary
+mayContain: msExchLabeledURI
+mayContain: msExchAssistantName
+mayContain: labeledURI
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Mail-Recipient
+adminDescription: Mail-Recipient
+objectClassCategory: 3
+lDAPDisplayName: mailRecipient
+schemaIDGUID:: oXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: userCertificate
+systemMayContain: userCert
+systemMayContain: textEncodedORAddress
+systemMayContain: telephoneNumber
+systemMayContain: showInAddressBook
+systemMayContain: legacyExchangeDN
+systemMayContain: garbageCollPeriod
+systemMayContain: info
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Mail-Recipient,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Meeting,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Meeting
+subClassOf: top
+governsID: 1.2.840.113556.1.5.104
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Meeting
+adminDescription: Meeting
+objectClassCategory: 1
+lDAPDisplayName: meeting
+schemaIDGUID:: lMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: meetingURL
+systemMayContain: meetingType
+systemMayContain: meetingStartTime
+systemMayContain: meetingScope
+systemMayContain: meetingRecurrence
+systemMayContain: meetingRating
+systemMayContain: meetingProtocol
+systemMayContain: meetingOwner
+systemMayContain: meetingOriginator
+systemMayContain: meetingMaxParticipants
+systemMayContain: meetingLocation
+systemMayContain: meetingLanguage
+systemMayContain: meetingKeyword
+systemMayContain: meetingIsEncrypted
+systemMayContain: meetingIP
+systemMayContain: meetingID
+systemMayContain: meetingEndTime
+systemMayContain: meetingDescription
+systemMayContain: meetingContactInfo
+systemMayContain: meetingBlob
+systemMayContain: meetingBandwidth
+systemMayContain: meetingApplication
+systemMayContain: meetingAdvertiseScope
+systemMustContain: meetingName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Meeting,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-Partition,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-COM-Partition
+subClassOf: top
+governsID: 1.2.840.113556.1.5.193
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-Partition
+adminDescription: Partition class. Default = adminDisplayName
+objectClassCategory: 1
+lDAPDisplayName: msCOM-Partition
+schemaIDGUID:: dA4ByVhO90mKiV4+I0D8+A==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: msCOM-ObjectId
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-COM-Partition,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-PartitionSet,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-COM-PartitionSet
+subClassOf: top
+governsID: 1.2.840.113556.1.5.194
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-PartitionSet
+adminDescription: PartitionSet class. Default = adminDisplayName
+objectClassCategory: 1
+lDAPDisplayName: msCOM-PartitionSet
+schemaIDGUID:: q2QEJRfEekmXWp4NRZp8oQ==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: msCOM-PartitionLink
+systemMayContain: msCOM-DefaultPartitionLink
+systemMayContain: msCOM-ObjectId
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-COM-PartitionSet,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-App-Configuration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-App-Configuration
+possSuperiors: organizationalUnit
+possSuperiors: computer
+possSuperiors: container
+subClassOf: applicationSettings
+governsID: 1.2.840.113556.1.5.220
+mayContain: owner
+mayContain: msDS-ObjectReference
+mayContain: msDS-Integer
+mayContain: msDS-DateTime
+mayContain: msDS-ByteArray
+mayContain: managedBy
+mayContain: keywords
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-App-Configuration
+adminDescription: Stores configuration parameters for an application.
+objectClassCategory: 1
+lDAPDisplayName: msDS-App-Configuration
+schemaIDGUID:: PjzfkFQYVUSl18rUDVZleg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 0
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-App-Configuration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-App-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-App-Data
+possSuperiors: organizationalUnit
+possSuperiors: computer
+possSuperiors: container
+subClassOf: applicationSettings
+governsID: 1.2.840.113556.1.5.241
+mayContain: owner
+mayContain: msDS-ObjectReference
+mayContain: msDS-Integer
+mayContain: msDS-DateTime
+mayContain: msDS-ByteArray
+mayContain: managedBy
+mayContain: keywords
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-App-Data
+adminDescription: 
+ Stores data that is to be used by an object. For example, profile information 
+ for a user object.
+objectClassCategory: 1
+lDAPDisplayName: msDS-AppData
+schemaIDGUID:: YddnnifjVU28lWgvh14vjg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 0
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-App-Data,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Admin-Manager,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Az-Admin-Manager
+subClassOf: top
+governsID: 1.2.840.113556.1.5.234
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Admin-Manager
+adminDescription: Root of Authorization Policy store instance
+objectClassCategory: 1
+lDAPDisplayName: msDS-AzAdminManager
+schemaIDGUID:: URDuzyhfrkuoY10MwYqO0Q==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: msDS-AzMinorVersion
+systemMayContain: msDS-AzMajorVersion
+systemMayContain: msDS-AzApplicationData
+systemMayContain: msDS-AzGenerateAudits
+systemMayContain: msDS-AzScriptTimeout
+systemMayContain: msDS-AzScriptEngineCacheMax
+systemMayContain: msDS-AzDomainTimeout
+systemMayContain: description
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Az-Admin-Manager,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Application,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Az-Application
+subClassOf: top
+governsID: 1.2.840.113556.1.5.235
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Application
+adminDescription: 
+ Defines an installed instance of an application bound to a particular policy s
+ tore.
+objectClassCategory: 1
+lDAPDisplayName: msDS-AzApplication
+schemaIDGUID:: m9743aXLEk6ELijYtm917A==
+systemOnly: FALSE
+systemPossSuperiors: msDS-AzAdminManager
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: msDS-AzApplicationData
+systemMayContain: msDS-AzGenerateAudits
+systemMayContain: msDS-AzApplicationVersion
+systemMayContain: msDS-AzClassId
+systemMayContain: msDS-AzApplicationName
+systemMayContain: description
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Az-Application,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Operation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Az-Operation
+subClassOf: top
+governsID: 1.2.840.113556.1.5.236
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Operation
+adminDescription: Describes a particular operation supported by an application
+objectClassCategory: 1
+lDAPDisplayName: msDS-AzOperation
+schemaIDGUID:: N74KhpuapE+z0ris5d+exQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: msDS-AzApplication
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: msDS-AzApplicationData
+systemMayContain: description
+systemMustContain: msDS-AzOperationID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Az-Operation,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Az-Role
+subClassOf: top
+governsID: 1.2.840.113556.1.5.239
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Role
+adminDescription: 
+ Defines a set of operations that can be performed by a particular set of users
+  within a particular scope
+objectClassCategory: 1
+lDAPDisplayName: msDS-AzRole
+schemaIDGUID:: yeoTglWd3ESSXOmlK5J2RA==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: msDS-AzScope
+systemPossSuperiors: msDS-AzApplication
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: msDS-AzApplicationData
+systemMayContain: msDS-TasksForAzRole
+systemMayContain: msDS-OperationsForAzRole
+systemMayContain: msDS-MembersForAzRole
+systemMayContain: description
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Az-Role,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Scope,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Az-Scope
+subClassOf: top
+governsID: 1.2.840.113556.1.5.237
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Scope
+adminDescription: Describes a set of objects managed by an application
+objectClassCategory: 1
+lDAPDisplayName: msDS-AzScope
+schemaIDGUID:: VODqT1XOu0eGDlsSBjpR3g==
+systemOnly: FALSE
+systemPossSuperiors: msDS-AzApplication
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: msDS-AzApplicationData
+systemMayContain: description
+systemMustContain: msDS-AzScopeName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Az-Scope,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Task,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Az-Task
+subClassOf: top
+governsID: 1.2.840.113556.1.5.238
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Task
+adminDescription: Describes a set of operations
+objectClassCategory: 1
+lDAPDisplayName: msDS-AzTask
+schemaIDGUID:: c6TTHhubikG/oDo3uVpTBg==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: msDS-AzScope
+systemPossSuperiors: msDS-AzApplication
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: msDS-TasksForAzTask
+systemMayContain: msDS-OperationsForAzTask
+systemMayContain: msDS-AzApplicationData
+systemMayContain: msDS-AzTaskIsRoleDefinition
+systemMayContain: msDS-AzLastImportedBizRulePath
+systemMayContain: msDS-AzBizRuleLanguage
+systemMayContain: msDS-AzBizRule
+systemMayContain: description
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Az-Task,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Optional-Feature,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Optional-Feature
+subClassOf: top
+governsID: 1.2.840.113556.1.5.265
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Optional-Feature
+adminDescription: Configuration for an optional DS feature.
+objectClassCategory: 1
+lDAPDisplayName: msDS-OptionalFeature
+schemaIDGUID:: QQDwRK81i0ayCmzoc3xYCw==
+systemOnly: TRUE
+systemPossSuperiors: container
+systemMayContain: msDS-RequiredForestBehaviorVersion
+systemMayContain: msDS-RequiredDomainBehaviorVersion
+systemMustContain: msDS-OptionalFeatureFlags
+systemMustContain: msDS-OptionalFeatureGUID
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Optional-Feature,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Password-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Password-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.5.255
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Password-Settings
+adminDescription: Password settings object for accounts
+objectClassCategory: 1
+lDAPDisplayName: msDS-PasswordSettings
+schemaIDGUID:: uJ3NO0v4HEWVL2xSuB+exg==
+systemOnly: FALSE
+systemPossSuperiors: msDS-PasswordSettingsContainer
+systemMayContain: msDS-PSOAppliesTo
+systemMustContain: msDS-PasswordHistoryLength
+systemMustContain: msDS-PasswordSettingsPrecedence
+systemMustContain: msDS-PasswordReversibleEncryptionEnabled
+systemMustContain: msDS-LockoutThreshold
+systemMustContain: msDS-LockoutDuration
+systemMustContain: msDS-LockoutObservationWindow
+systemMustContain: msDS-PasswordComplexityEnabled
+systemMustContain: msDS-MinimumPasswordLength
+systemMustContain: msDS-MinimumPasswordAge
+systemMustContain: msDS-MaximumPasswordAge
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Password-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Password-Settings-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Password-Settings-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.256
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Password-Settings-Container
+adminDescription: Container for password settings objects
+objectClassCategory: 1
+lDAPDisplayName: msDS-PasswordSettingsContainer
+schemaIDGUID:: arAGW/NMwES9FkO8EKmH2g==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Password-Settings-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Quota-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Quota-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.242
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Quota-Container
+adminDescription: 
+ A special container that holds all quota specifications for the directory data
+ base.
+objectClassCategory: 1
+lDAPDisplayName: msDS-QuotaContainer
+schemaIDGUID:: T/yD2m8H6kq03I9Nq5tZkw==
+systemOnly: FALSE
+systemPossSuperiors: configuration
+systemPossSuperiors: domainDNS
+systemMayContain: msDS-TopQuotaUsage
+systemMayContain: msDS-QuotaUsed
+systemMayContain: msDS-QuotaEffective
+systemMayContain: msDS-TombstoneQuotaFactor
+systemMayContain: msDS-DefaultQuota
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;BA)(OA;;CR;4ecc03fe-ffc0-
+ 4947-b630-eb672a8a9dbc;;WD)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Quota-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Quota-Control,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Quota-Control
+subClassOf: top
+governsID: 1.2.840.113556.1.5.243
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Quota-Control
+adminDescription: 
+ A class used to represent quota specifications for the directory database.
+objectClassCategory: 1
+lDAPDisplayName: msDS-QuotaControl
+schemaIDGUID:: JvyR3gK9UkuuJnlZmelvxw==
+systemOnly: FALSE
+systemPossSuperiors: msDS-QuotaContainer
+systemMustContain: msDS-QuotaAmount
+systemMustContain: msDS-QuotaTrustee
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;BA)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Quota-Control,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Managed-Service-Account,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Managed-Service-Account
+subClassOf: computer
+governsID: 1.2.840.113556.1.5.264
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Managed-Service-Account
+adminDescription: 
+ Service account class is used to create accounts that are used for running Win
+ dows services.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ManagedServiceAccount
+schemaIDGUID:: RGIgzidYhkq6HBwMOGwbZA==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCRLCLORCSDDT;;;CO)(OA;;WP;4c164200-20c0-
+ 11d0-a768-00aa006e0529;;CO)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO)(O
+ A;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO)(OA;;WP;3e0abfd0-126a-11d0-a060
+ -00aa006c33ed;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;5f202010-79a5-11
+ d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967950-
+ 0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf
+ 967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA
+ ;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEB
+ D-0000F80367C1;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)(A;;RPLCLO
+ RC;;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RPWP;bf967a7f-0d
+ e6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-
+ 1-5-32-560)(OA;;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;;ED)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Managed-Service-Account,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Exch-Configuration-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Exch-Configuration-Container
+subClassOf: container
+governsID: 1.2.840.113556.1.5.176
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Exch-Configuration-Container
+adminDescription: ms-Exch-Configuration-Container
+objectClassCategory: 1
+lDAPDisplayName: msExchConfigurationContainer
+schemaIDGUID:: WGg90PQG0hGqUwDAT9fYOg==
+systemOnly: FALSE
+systemMayContain: templateRoots2
+systemMayContain: templateRoots
+systemMayContain: addressBookRoots2
+systemMayContain: addressBookRoots
+systemMayContain: globalAddressList2
+systemMayContain: globalAddressList
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Exch-Configuration-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-LocalSettings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-LocalSettings
+possSuperiors: computer
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.1
+mayContain: msDFSR-StagingCleanupTriggerInPercent
+mayContain: msDFSR-CommonStagingSizeInMb
+mayContain: msDFSR-CommonStagingPath
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+mayContain: msDFSR-Version
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-LocalSettings
+adminDescription: DFSR settings applicable to local computer
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-LocalSettings
+schemaIDGUID:: kcWF+n8ZfkeDvepaQ98iOQ==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-LocalSettings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Subscriber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-Subscriber
+possSuperiors: msDFSR-LocalSettings
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.2
+mustContain: msDFSR-ReplicationGroupGuid
+mustContain: msDFSR-MemberReference
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Subscriber
+adminDescription: Represents local computer membership of a replication group
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-Subscriber
+schemaIDGUID:: 1wUV4cSS50O/XClYMv/Ilg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-Subscriber,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Subscription,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-Subscription
+possSuperiors: msDFSR-Subscriber
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.3
+mustContain: msDFSR-ReplicationGroupGuid
+mustContain: msDFSR-ContentSetGuid
+mayContain: msDFSR-OnDemandExclusionDirectoryFilter
+mayContain: msDFSR-OnDemandExclusionFileFilter
+mayContain: msDFSR-StagingCleanupTriggerInPercent
+mayContain: msDFSR-Options2
+mayContain: msDFSR-MaxAgeInCacheInMin
+mayContain: msDFSR-MinDurationCacheInMin
+mayContain: msDFSR-CachePolicy
+mayContain: msDFSR-ReadOnly
+mayContain: msDFSR-DeletedSizeInMb
+mayContain: msDFSR-DeletedPath
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+mayContain: msDFSR-DfsLinkTarget
+mayContain: msDFSR-RootFence
+mayContain: msDFSR-Enabled
+mayContain: msDFSR-ConflictSizeInMb
+mayContain: msDFSR-ConflictPath
+mayContain: msDFSR-StagingSizeInMb
+mayContain: msDFSR-StagingPath
+mayContain: msDFSR-RootSizeInMb
+mayContain: msDFSR-RootPath
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Subscription
+adminDescription: Represents local computer participation of a content set
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-Subscription
+schemaIDGUID:: FCQhZ8x7CUaH4AiNrYq97g==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-Subscription,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-GlobalSettings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-GlobalSettings
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.4
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-GlobalSettings
+adminDescription: Global settings applicable to all replication group members
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-GlobalSettings
+schemaIDGUID:: rds1e+yzakiq1C/snW6m9g==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-GlobalSettings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ReplicationGroup,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-ReplicationGroup
+possSuperiors: msDFSR-GlobalSettings
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.5
+mustContain: msDFSR-ReplicationGroupType
+mayContain: msDFSR-OnDemandExclusionDirectoryFilter
+mayContain: msDFSR-OnDemandExclusionFileFilter
+mayContain: msDFSR-DefaultCompressionExclusionFilter
+mayContain: msDFSR-Options2
+mayContain: msDFSR-DeletedSizeInMb
+mayContain: msDFSR-ConflictSizeInMb
+mayContain: msDFSR-StagingSizeInMb
+mayContain: msDFSR-RootSizeInMb
+mayContain: msDFSR-DirectoryFilter
+mayContain: msDFSR-FileFilter
+mayContain: msDFSR-Version
+mayContain: msDFSR-Schedule
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+mayContain: msDFSR-TombstoneExpiryInMin
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ReplicationGroup
+adminDescription: Replication Group container
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-ReplicationGroup
+schemaIDGUID:: 4C8zHCoMMk+vyiPF5Fqedw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-ReplicationGroup,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Content,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-Content
+possSuperiors: msDFSR-ReplicationGroup
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.6
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Content
+adminDescription: Container for DFSR-ContentSet objects
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-Content
+schemaIDGUID:: NZt1ZKHT5EK18aPeFiEJsw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-Content,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ContentSet,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-ContentSet
+possSuperiors: msDFSR-Content
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.7
+mayContain: msDFSR-OnDemandExclusionDirectoryFilter
+mayContain: msDFSR-OnDemandExclusionFileFilter
+mayContain: msDFSR-DefaultCompressionExclusionFilter
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Priority
+mayContain: msDFSR-DeletedSizeInMb
+mayContain: msDFSR-ConflictSizeInMb
+mayContain: msDFSR-StagingSizeInMb
+mayContain: msDFSR-RootSizeInMb
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+mayContain: msDFSR-DirectoryFilter
+mayContain: msDFSR-FileFilter
+mayContain: msDFSR-DfsPath
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ContentSet
+adminDescription: DFSR Content Set
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-ContentSet
+schemaIDGUID:: DfQ3SdymSE2Xygbl+/0/Fg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-ContentSet,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Topology,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-Topology
+possSuperiors: msDFSR-ReplicationGroup
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.8
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Topology
+adminDescription: Container for objects that form the replication topology
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-Topology
+schemaIDGUID:: qYqCBEJugE65YuL+AHVNFw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-Topology,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-Member
+possSuperiors: msDFSR-Topology
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.9
+mustContain: msDFSR-ComputerReference
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+mayContain: msDFSR-Keywords
+mayContain: serverReference
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Member
+adminDescription: Replication group member
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-Member
+schemaIDGUID:: l8gpQhHCfEOlrtv3BbaW5Q==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-Member,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Connection,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-Connection
+possSuperiors: msDFSR-Member
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.10
+mustContain: fromServer
+mayContain: msDFSR-DisablePacketPrivacy
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Priority
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+mayContain: msDFSR-Schedule
+mayContain: msDFSR-Keywords
+mayContain: msDFSR-RdcMinFileSizeInKb
+mayContain: msDFSR-RdcEnabled
+mayContain: msDFSR-Enabled
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Connection
+adminDescription: Directional connection between two members
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-Connection
+schemaIDGUID:: LpeP5bVk70aNi7vD4Yl+qw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-Connection,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-ieee-80211-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-ieee-80211-Policy
+subClassOf: top
+governsID: 1.2.840.113556.1.5.240
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-ieee-80211-Policy
+adminDescription: class to store Wireless Network Policy Object
+objectClassCategory: 1
+lDAPDisplayName: msieee80211-Policy
+schemaIDGUID:: ki2ae+u3gkOXcsPg+bqvlA==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemMayContain: msieee80211-ID
+systemMayContain: msieee80211-DataType
+systemMayContain: msieee80211-Data
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-ieee-80211-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Imaging-PSPs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Imaging-PSPs
+subClassOf: container
+governsID: 1.2.840.113556.1.5.262
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Imaging-PSPs
+adminDescription: Container for all Enterprise Scan Post Scan Process objects.
+objectClassCategory: 1
+lDAPDisplayName: msImaging-PSPs
+schemaIDGUID:: wSrtoAyXd0eEjuxjoOxE/A==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Imaging-PSPs,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Imaging-PostScanProcess,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Imaging-PostScanProcess
+subClassOf: top
+governsID: 1.2.840.113556.1.5.263
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Imaging-PostScanProcess
+adminDescription: Enterprise Scan Post Scan Process object.
+objectClassCategory: 1
+lDAPDisplayName: msImaging-PostScanProcess
+schemaIDGUID:: fCV8H6O4JUWC+BHMx77jbg==
+systemOnly: FALSE
+systemPossSuperiors: msImaging-PSPs
+systemMayContain: msImaging-PSPString
+systemMayContain: serverName
+systemMustContain: displayName
+systemMustContain: msImaging-PSPIdentifier
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Imaging-PostScanProcess,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Print-ConnectionPolicy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Print-ConnectionPolicy
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.23.2
+mustContain: cn
+mayContain: uNCName
+mayContain: serverName
+mayContain: printAttributes
+mayContain: printerName
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Print-ConnectionPolicy
+adminDescription: Pushed Printer Connection Policy1
+objectClassCategory: 1
+lDAPDisplayName: msPrint-ConnectionPolicy
+schemaIDGUID:: xzNvodZ/KEiTZENROP2gjQ==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Print-ConnectionPolicy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Enterprise-Oid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-PKI-Enterprise-Oid
+subClassOf: top
+governsID: 1.2.840.113556.1.5.196
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Enterprise-Oid
+adminDescription: ms-PKI-Enterprise-Oid
+objectClassCategory: 1
+lDAPDisplayName: msPKI-Enterprise-Oid
+schemaIDGUID:: XNjPNxln2EqPnoZ4umJ1Yw==
+systemOnly: FALSE
+systemPossSuperiors: msPKI-Enterprise-Oid
+systemPossSuperiors: container
+systemMayContain: msDS-OIDToGroupLink
+systemMayContain: msPKI-OID-User-Notice
+systemMayContain: msPKI-OIDLocalizedName
+systemMayContain: msPKI-OID-CPS
+systemMayContain: msPKI-OID-Attribute
+systemMayContain: msPKI-Cert-Template-OID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-PKI-Enterprise-Oid,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Key-Recovery-Agent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-PKI-Key-Recovery-Agent
+subClassOf: user
+governsID: 1.2.840.113556.1.5.195
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Key-Recovery-Agent
+adminDescription: ms-PKI-Key-Recovery-Agent
+objectClassCategory: 1
+lDAPDisplayName: msPKI-Key-Recovery-Agent
+schemaIDGUID:: OPLMJo6ghkuagqjJrH7lyw==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-PKI-Key-Recovery-Agent,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-SQLServer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-SQLServer
+subClassOf: serviceConnectionPoint
+governsID: 1.2.840.113556.1.5.184
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-SQLServer
+adminDescription: MS-SQL-SQLServer
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-SQLServer
+schemaIDGUID:: eMj2Be/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: serviceConnectionPoint
+systemMayContain: mS-SQL-Keywords
+systemMayContain: mS-SQL-GPSHeight
+systemMayContain: mS-SQL-GPSLongitude
+systemMayContain: mS-SQL-GPSLatitude
+systemMayContain: mS-SQL-InformationURL
+systemMayContain: mS-SQL-LastUpdatedDate
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-Vines
+systemMayContain: mS-SQL-AppleTalk
+systemMayContain: mS-SQL-TCPIP
+systemMayContain: mS-SQL-SPX
+systemMayContain: mS-SQL-MultiProtocol
+systemMayContain: mS-SQL-NamedPipe
+systemMayContain: mS-SQL-Clustered
+systemMayContain: mS-SQL-UnicodeSortOrder
+systemMayContain: mS-SQL-SortOrder
+systemMayContain: mS-SQL-CharacterSet
+systemMayContain: mS-SQL-ServiceAccount
+systemMayContain: mS-SQL-Build
+systemMayContain: mS-SQL-Memory
+systemMayContain: mS-SQL-Location
+systemMayContain: mS-SQL-Contact
+systemMayContain: mS-SQL-RegisteredOwner
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-SQLServer,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-OLAPServer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-OLAPServer
+subClassOf: serviceConnectionPoint
+governsID: 1.2.840.113556.1.5.185
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-OLAPServer
+adminDescription: MS-SQL-OLAPServer
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-OLAPServer
+schemaIDGUID:: 6hh+DO/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: serviceConnectionPoint
+systemMayContain: mS-SQL-Keywords
+systemMayContain: mS-SQL-PublicationURL
+systemMayContain: mS-SQL-InformationURL
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-Language
+systemMayContain: mS-SQL-ServiceAccount
+systemMayContain: mS-SQL-Contact
+systemMayContain: mS-SQL-RegisteredOwner
+systemMayContain: mS-SQL-Build
+systemMayContain: mS-SQL-Version
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-OLAPServer,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-SQLRepository,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-SQLRepository
+subClassOf: top
+governsID: 1.2.840.113556.1.5.186
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-SQLRepository
+adminDescription: MS-SQL-SQLRepository
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-SQLRepository
+schemaIDGUID:: XDzUEe/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: mS-SQL-SQLServer
+systemMayContain: mS-SQL-InformationDirectory
+systemMayContain: mS-SQL-Version
+systemMayContain: mS-SQL-Description
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-Build
+systemMayContain: mS-SQL-Contact
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-SQLRepository,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-SQLPublication,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-SQLPublication
+subClassOf: top
+governsID: 1.2.840.113556.1.5.187
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-SQLPublication
+adminDescription: MS-SQL-SQLPublication
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-SQLPublication
+schemaIDGUID:: TvbCF+/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: mS-SQL-SQLServer
+systemMayContain: mS-SQL-ThirdParty
+systemMayContain: mS-SQL-AllowSnapshotFilesFTPDownloading
+systemMayContain: mS-SQL-AllowQueuedUpdatingSubscription
+systemMayContain: mS-SQL-AllowImmediateUpdatingSubscription
+systemMayContain: mS-SQL-AllowKnownPullSubscription
+systemMayContain: mS-SQL-Publisher
+systemMayContain: mS-SQL-AllowAnonymousSubscription
+systemMayContain: mS-SQL-Database
+systemMayContain: mS-SQL-Type
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-Description
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-SQLPublication,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-SQLDatabase,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-SQLDatabase
+subClassOf: top
+governsID: 1.2.840.113556.1.5.188
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-SQLDatabase
+adminDescription: MS-SQL-SQLDatabase
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-SQLDatabase
+schemaIDGUID:: SmkIHe/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: mS-SQL-SQLServer
+systemMayContain: mS-SQL-Keywords
+systemMayContain: mS-SQL-InformationURL
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-Applications
+systemMayContain: mS-SQL-LastDiagnosticDate
+systemMayContain: mS-SQL-LastBackupDate
+systemMayContain: mS-SQL-CreationDate
+systemMayContain: mS-SQL-Size
+systemMayContain: mS-SQL-Contact
+systemMayContain: mS-SQL-Alias
+systemMayContain: mS-SQL-Description
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-SQLDatabase,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-OLAPDatabase,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-OLAPDatabase
+subClassOf: top
+governsID: 1.2.840.113556.1.5.189
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-OLAPDatabase
+adminDescription: MS-SQL-OLAPDatabase
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-OLAPDatabase
+schemaIDGUID:: GgOvIO/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: mS-SQL-OLAPServer
+systemMayContain: mS-SQL-Keywords
+systemMayContain: mS-SQL-PublicationURL
+systemMayContain: mS-SQL-ConnectionURL
+systemMayContain: mS-SQL-InformationURL
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-Applications
+systemMayContain: mS-SQL-LastBackupDate
+systemMayContain: mS-SQL-LastUpdatedDate
+systemMayContain: mS-SQL-Size
+systemMayContain: mS-SQL-Type
+systemMayContain: mS-SQL-Description
+systemMayContain: mS-SQL-Contact
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-OLAPDatabase,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-OLAPCube,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-OLAPCube
+subClassOf: top
+governsID: 1.2.840.113556.1.5.190
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-OLAPCube
+adminDescription: MS-SQL-OLAPCube
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-OLAPCube
+schemaIDGUID:: alDwCSjN0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: mS-SQL-OLAPDatabase
+systemMayContain: mS-SQL-Keywords
+systemMayContain: mS-SQL-PublicationURL
+systemMayContain: mS-SQL-InformationURL
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-LastUpdatedDate
+systemMayContain: mS-SQL-Size
+systemMayContain: mS-SQL-Description
+systemMayContain: mS-SQL-Contact
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-OLAPCube,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TAPI-Rt-Conference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-TAPI-Rt-Conference
+subClassOf: top
+governsID: 1.2.840.113556.1.5.221
+rDNAttID: msTAPI-uid
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msTAPI-RtConference
+adminDescription: msTAPI-RtConference
+objectClassCategory: 1
+lDAPDisplayName: msTAPI-RtConference
+schemaIDGUID:: NZd7yipLSU6Jw5kCUzTclA==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemMayContain: msTAPI-ConferenceBlob
+systemMayContain: msTAPI-ProtocolId
+systemMustContain: msTAPI-uid
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-TAPI-Rt-Conference,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TAPI-Rt-Person,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-TAPI-Rt-Person
+subClassOf: top
+governsID: 1.2.840.113556.1.5.222
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msTAPI-RtPerson
+adminDescription: msTAPI-RtPerson
+objectClassCategory: 1
+lDAPDisplayName: msTAPI-RtPerson
+schemaIDGUID:: tRzqUwS3+U2Bj1y07IbKwQ==
+systemOnly: FALSE
+systemPossSuperiors: organization
+systemPossSuperiors: organizationalUnit
+systemMayContain: msTAPI-uid
+systemMayContain: msTAPI-IpAddress
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-TAPI-Rt-Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-IntRangeParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-IntRangeParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.205
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-IntRangeParam
+adminDescription: ms-WMI-IntRangeParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-IntRangeParam
+schemaIDGUID:: fV3KUItc806531tm1JHlJg==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMayContain: msWMI-IntMax
+systemMayContain: msWMI-IntMin
+systemMustContain: msWMI-IntDefault
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-IntRangeParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-IntSetParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-IntSetParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.206
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-IntSetParam
+adminDescription: ms-WMI-IntSetParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-IntSetParam
+schemaIDGUID:: mg0vKXbPsEKEH7ZQ8zHfYg==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMayContain: msWMI-IntValidValues
+systemMustContain: msWMI-IntDefault
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPCCDCLCLODTRC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-IntSetParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-MergeablePolicyTemplate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-MergeablePolicyTemplate
+subClassOf: msWMI-PolicyTemplate
+governsID: 1.2.840.113556.1.5.202
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-MergeablePolicyTemplate
+adminDescription: ms-WMI-MergeablePolicyTemplate
+objectClassCategory: 1
+lDAPDisplayName: msWMI-MergeablePolicyTemplate
+schemaIDGUID:: FCRQB8r9UUiwShNkWxHSJg==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPCCDCLCLODTRC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-MergeablePolicyTemplate,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-ObjectEncoding,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-ObjectEncoding
+subClassOf: top
+governsID: 1.2.840.113556.1.5.217
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-ObjectEncoding
+adminDescription: ms-WMI-ObjectEncoding
+objectClassCategory: 1
+lDAPDisplayName: msWMI-ObjectEncoding
+schemaIDGUID:: yYHdVRLD+UGoTcatvfHo4Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMustContain: msWMI-Class
+systemMustContain: msWMI-ScopeGuid
+systemMustContain: msWMI-Parm1
+systemMustContain: msWMI-Parm2
+systemMustContain: msWMI-Parm3
+systemMustContain: msWMI-Parm4
+systemMustContain: msWMI-Genus
+systemMustContain: msWMI-intFlags1
+systemMustContain: msWMI-intFlags2
+systemMustContain: msWMI-intFlags3
+systemMustContain: msWMI-intFlags4
+systemMustContain: msWMI-ID
+systemMustContain: msWMI-TargetObject
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-ObjectEncoding,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-PolicyTemplate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-PolicyTemplate
+subClassOf: top
+governsID: 1.2.840.113556.1.5.200
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-PolicyTemplate
+adminDescription: ms-WMI-PolicyTemplate
+objectClassCategory: 1
+lDAPDisplayName: msWMI-PolicyTemplate
+schemaIDGUID:: 8YC84kokWU2sxspcT4Lm4Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msWMI-TargetType
+systemMayContain: msWMI-SourceOrganization
+systemMayContain: msWMI-Parm4
+systemMayContain: msWMI-Parm3
+systemMayContain: msWMI-Parm2
+systemMayContain: msWMI-Parm1
+systemMayContain: msWMI-intFlags4
+systemMayContain: msWMI-intFlags3
+systemMayContain: msWMI-intFlags2
+systemMayContain: msWMI-intFlags1
+systemMayContain: msWMI-CreationDate
+systemMayContain: msWMI-ChangeDate
+systemMayContain: msWMI-Author
+systemMustContain: msWMI-NormalizedClass
+systemMustContain: msWMI-TargetPath
+systemMustContain: msWMI-TargetClass
+systemMustContain: msWMI-TargetNameSpace
+systemMustContain: msWMI-Name
+systemMustContain: msWMI-ID
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLO
+ CCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-PolicyTemplate,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-PolicyType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-PolicyType
+subClassOf: top
+governsID: 1.2.840.113556.1.5.211
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-PolicyType
+adminDescription: ms-WMI-PolicyType
+objectClassCategory: 1
+lDAPDisplayName: msWMI-PolicyType
+schemaIDGUID:: EyZbWQlBd06QE6O7TvJ3xw==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msWMI-SourceOrganization
+systemMayContain: msWMI-Parm4
+systemMayContain: msWMI-Parm3
+systemMayContain: msWMI-Parm2
+systemMayContain: msWMI-Parm1
+systemMayContain: msWMI-intFlags4
+systemMayContain: msWMI-intFlags3
+systemMayContain: msWMI-intFlags2
+systemMayContain: msWMI-intFlags1
+systemMayContain: msWMI-CreationDate
+systemMayContain: msWMI-ChangeDate
+systemMayContain: msWMI-Author
+systemMustContain: msWMI-TargetObject
+systemMustContain: msWMI-ID
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLO
+ CCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-PolicyType,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-RangeParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-RangeParam
+subClassOf: top
+governsID: 1.2.840.113556.1.5.203
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-RangeParam
+adminDescription: ms-WMI-RangeParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-RangeParam
+schemaIDGUID:: V1r7RRhQD02QVpl8jJEi2Q==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMustContain: msWMI-TargetType
+systemMustContain: msWMI-TargetClass
+systemMustContain: msWMI-PropertyName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPCCDCLCLODTRC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-RangeParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-RealRangeParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-RealRangeParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.209
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-RealRangeParam
+adminDescription: ms-WMI-RealRangeParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-RealRangeParam
+schemaIDGUID:: 4o/+arxwzkyxZqlvc1nFFA==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMayContain: msWMI-Int8Max
+systemMayContain: msWMI-Int8Min
+systemMustContain: msWMI-Int8Default
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-RealRangeParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Rule,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-Rule
+subClassOf: top
+governsID: 1.2.840.113556.1.5.214
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Rule
+adminDescription: ms-WMI-Rule
+objectClassCategory: 1
+lDAPDisplayName: msWMI-Rule
+schemaIDGUID:: g29+PA7dG0igwnTNlu8qZg==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-Som
+systemPossSuperiors: container
+systemMustContain: msWMI-QueryLanguage
+systemMustContain: msWMI-TargetNameSpace
+systemMustContain: msWMI-Query
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-Rule,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-ShadowObject,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-ShadowObject
+subClassOf: top
+governsID: 1.2.840.113556.1.5.212
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-ShadowObject
+adminDescription: ms-WMI-ShadowObject
+objectClassCategory: 1
+lDAPDisplayName: msWMI-ShadowObject
+schemaIDGUID:: 30vk8dONNUKchvkfMfW1aQ==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-PolicyType
+systemMustContain: msWMI-TargetObject
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-ShadowObject,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-SimplePolicyTemplate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-SimplePolicyTemplate
+subClassOf: msWMI-PolicyTemplate
+governsID: 1.2.840.113556.1.5.201
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-SimplePolicyTemplate
+adminDescription: ms-WMI-SimplePolicyTemplate
+objectClassCategory: 1
+lDAPDisplayName: msWMI-SimplePolicyTemplate
+schemaIDGUID:: tbLIbN8S9kSDB+dPXN7jaQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMustContain: msWMI-TargetObject
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPCCDCLCLODTRC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-SimplePolicyTemplate,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Som,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-Som
+subClassOf: top
+governsID: 1.2.840.113556.1.5.213
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Som
+adminDescription: ms-WMI-Som
+objectClassCategory: 1
+lDAPDisplayName: msWMI-Som
+schemaIDGUID:: eHCFq0IBBkSUWzTJtrEzcg==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msWMI-SourceOrganization
+systemMayContain: msWMI-Parm4
+systemMayContain: msWMI-Parm3
+systemMayContain: msWMI-Parm2
+systemMayContain: msWMI-Parm1
+systemMayContain: msWMI-intFlags4
+systemMayContain: msWMI-intFlags3
+systemMayContain: msWMI-intFlags2
+systemMayContain: msWMI-intFlags1
+systemMayContain: msWMI-CreationDate
+systemMayContain: msWMI-ChangeDate
+systemMayContain: msWMI-Author
+systemMustContain: msWMI-Name
+systemMustContain: msWMI-ID
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLO
+ CCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-Som,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-StringSetParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-StringSetParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.210
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-StringSetParam
+adminDescription: ms-WMI-StringSetParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-StringSetParam
+schemaIDGUID:: onnFC6cd6ky2mYB/O51jpA==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMayContain: msWMI-StringValidValues
+systemMustContain: msWMI-StringDefault
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPCCDCLCLODTRC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-StringSetParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-UintRangeParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-UintRangeParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.207
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-UintRangeParam
+adminDescription: ms-WMI-UintRangeParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-UintRangeParam
+schemaIDGUID:: spmn2fPOs0i1rfuF+N0yFA==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMayContain: msWMI-IntMax
+systemMayContain: msWMI-IntMin
+systemMustContain: msWMI-IntDefault
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-UintRangeParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-UintSetParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-UintSetParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.208
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-UintSetParam
+adminDescription: ms-WMI-UintSetParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-UintSetParam
+schemaIDGUID:: MetLjxlO9UaTLl+gPDObHQ==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMayContain: msWMI-IntValidValues
+systemMustContain: msWMI-IntDefault
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPCCDCLCLODTRC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-UintSetParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-UnknownRangeParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-UnknownRangeParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.204
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-UnknownRangeParam
+adminDescription: ms-WMI-UnknownRangeParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-UnknownRangeParam
+schemaIDGUID:: a8IquNvGmECSxknBijM24Q==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMustContain: msWMI-TargetObject
+systemMustContain: msWMI-NormalizedClass
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-UnknownRangeParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-WMIGPO,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-WMIGPO
+subClassOf: top
+governsID: 1.2.840.113556.1.5.215
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-WMIGPO
+adminDescription: ms-WMI-WMIGPO
+objectClassCategory: 1
+lDAPDisplayName: msWMI-WMIGPO
+schemaIDGUID:: AABjBSc53k6/J8qR8nXCbw==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msWMI-Parm4
+systemMayContain: msWMI-Parm3
+systemMayContain: msWMI-Parm2
+systemMayContain: msWMI-Parm1
+systemMayContain: msWMI-intFlags4
+systemMayContain: msWMI-intFlags3
+systemMayContain: msWMI-intFlags2
+systemMayContain: msWMI-intFlags1
+systemMustContain: msWMI-TargetClass
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLO
+ CCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-WMIGPO,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Configuration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Configuration
+subClassOf: top
+governsID: 1.2.840.113556.1.5.162
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Configuration
+adminDescription: MSMQ-Configuration
+objectClassCategory: 1
+lDAPDisplayName: mSMQConfiguration
+schemaIDGUID:: RMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemMayContain: mSMQSites
+systemMayContain: mSMQSignKey
+systemMayContain: mSMQServiceType
+systemMayContain: mSMQRoutingServices
+systemMayContain: mSMQQuota
+systemMayContain: mSMQOwnerID
+systemMayContain: mSMQOutRoutingServers
+systemMayContain: mSMQOSType
+systemMayContain: mSMQJournalQuota
+systemMayContain: mSMQInRoutingServers
+systemMayContain: mSMQForeign
+systemMayContain: mSMQEncryptKey
+systemMayContain: mSMQDsServices
+systemMayContain: mSMQDependentClientServices
+systemMayContain: mSMQComputerTypeEx
+systemMayContain: mSMQComputerType
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Configuration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Custom-Recipient,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Custom-Recipient
+subClassOf: top
+governsID: 1.2.840.113556.1.5.218
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Custom-Recipient
+adminDescription: MSMQ-Custom-Recipient
+objectClassCategory: 1
+lDAPDisplayName: msMQ-Custom-Recipient
+schemaIDGUID:: F2hth8w1bEOs6l73F03Zvg==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemPossSuperiors: container
+systemMayContain: msMQ-Recipient-FormatName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Custom-Recipient,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Enterprise-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Enterprise-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.5.163
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Enterprise-Settings
+adminDescription: MSMQ-Enterprise-Settings
+objectClassCategory: 1
+lDAPDisplayName: mSMQEnterpriseSettings
+schemaIDGUID:: RcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: mSMQVersion
+systemMayContain: mSMQNameStyle
+systemMayContain: mSMQLongLived
+systemMayContain: mSMQInterval2
+systemMayContain: mSMQInterval1
+systemMayContain: mSMQCSPName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Enterprise-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Group
+subClassOf: top
+governsID: 1.2.840.113556.1.5.219
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Group
+adminDescription: MSMQ-Group
+objectClassCategory: 1
+lDAPDisplayName: msMQ-Group
+schemaIDGUID:: rHqyRvqq+0+3c+W/Yh7oew==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemMustContain: member
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Group,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Migrated-User,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Migrated-User
+subClassOf: top
+governsID: 1.2.840.113556.1.5.179
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Migrated-User
+adminDescription: MSMQ-Migrated-User
+objectClassCategory: 1
+lDAPDisplayName: mSMQMigratedUser
+schemaIDGUID:: l2l3UD080hGQzADAT9kasQ==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemPossSuperiors: builtinDomain
+systemMayContain: mSMQUserSid
+systemMayContain: mSMQSignCertificatesMig
+systemMayContain: mSMQSignCertificates
+systemMayContain: mSMQDigestsMig
+systemMayContain: mSMQDigests
+systemMayContain: objectSid
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Migrated-User,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Queue,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Queue
+subClassOf: top
+governsID: 1.2.840.113556.1.5.161
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Queue
+adminDescription: MSMQ-Queue
+objectClassCategory: 1
+lDAPDisplayName: mSMQQueue
+schemaIDGUID:: Q8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: mSMQConfiguration
+systemMayContain: mSMQTransactional
+systemMayContain: MSMQ-SecuredSource
+systemMayContain: mSMQQueueType
+systemMayContain: mSMQQueueQuota
+systemMayContain: mSMQQueueNameExt
+systemMayContain: mSMQQueueJournalQuota
+systemMayContain: mSMQPrivacyLevel
+systemMayContain: mSMQOwnerID
+systemMayContain: MSMQ-MulticastAddress
+systemMayContain: mSMQLabelEx
+systemMayContain: mSMQLabel
+systemMayContain: mSMQJournal
+systemMayContain: mSMQBasePriority
+systemMayContain: mSMQAuthenticate
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Queue,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.5.165
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Settings
+adminDescription: MSMQ-Settings
+objectClassCategory: 1
+lDAPDisplayName: mSMQSettings
+schemaIDGUID:: R8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: server
+systemMayContain: mSMQSiteNameEx
+systemMayContain: mSMQSiteName
+systemMayContain: mSMQServices
+systemMayContain: mSMQRoutingService
+systemMayContain: mSMQQMID
+systemMayContain: mSMQOwnerID
+systemMayContain: mSMQNt4Flags
+systemMayContain: mSMQMigrated
+systemMayContain: mSMQDsService
+systemMayContain: mSMQDependentClientService
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Site-Link
+subClassOf: top
+governsID: 1.2.840.113556.1.5.164
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-Link
+adminDescription: MSMQ-Site-Link
+objectClassCategory: 1
+lDAPDisplayName: mSMQSiteLink
+schemaIDGUID:: RsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: mSMQEnterpriseSettings
+systemMayContain: mSMQSiteGatesMig
+systemMayContain: mSMQSiteGates
+systemMustContain: mSMQSite2
+systemMustContain: mSMQSite1
+systemMustContain: mSMQCost
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Site-Link,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTDS-Connection,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTDS-Connection
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.71
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTDS-Connection
+adminDescription: NTDS-Connection
+objectClassCategory: 1
+lDAPDisplayName: nTDSConnection
+schemaIDGUID:: YFoZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: nTFRSMember
+systemPossSuperiors: nTFRSReplicaSet
+systemPossSuperiors: nTDSDSA
+systemMayContain: transportType
+systemMayContain: schedule
+systemMayContain: mS-DS-ReplicatesNCReason
+systemMayContain: generatedConnection
+systemMustContain: options
+systemMustContain: fromServer
+systemMustContain: enabledConnection
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTDS-Connection,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTDS-DSA-RO,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTDS-DSA-RO
+subClassOf: nTDSDSA
+governsID: 1.2.840.113556.1.5.254
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTDS-DSA-RO
+adminDescription: 
+ A subclass of Directory Service Agent which is distinguished by its reduced pr
+ ivilege level.
+objectClassCategory: 1
+lDAPDisplayName: nTDSDSARO
+schemaIDGUID:: wW7RhZEHyEuKs3CYBgL/jA==
+systemOnly: TRUE
+systemPossSuperiors: organization
+systemPossSuperiors: server
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTDS-DSA-RO,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTDS-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTDS-Service
+subClassOf: top
+governsID: 1.2.840.113556.1.5.72
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTDS-Service
+adminDescription: NTDS-Service
+objectClassCategory: 1
+lDAPDisplayName: nTDSService
+schemaIDGUID:: X1oZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msDS-DeletedObjectLifetime
+systemMayContain: tombstoneLifetime
+systemMayContain: sPNMappings
+systemMayContain: replTopologyStayOfExecution
+systemMayContain: msDS-Other-Settings
+systemMayContain: garbageCollPeriod
+systemMayContain: dSHeuristics
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTDS-Site-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTDS-Site-Settings
+subClassOf: applicationSiteSettings
+governsID: 1.2.840.113556.1.5.69
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTDS-Site-Settings
+adminDescription: NTDS-Site-Settings
+objectClassCategory: 1
+lDAPDisplayName: nTDSSiteSettings
+schemaIDGUID:: XVoZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: site
+systemMayContain: schedule
+systemMayContain: queryPolicyObject
+systemMayContain: options
+systemMayContain: msDS-Preferred-GC-Site
+systemMayContain: managedBy
+systemMayContain: interSiteTopologyRenew
+systemMayContain: interSiteTopologyGenerator
+systemMayContain: interSiteTopologyFailover
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTDS-Site-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTFRS-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTFRS-Member
+subClassOf: top
+governsID: 1.2.840.113556.1.5.153
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTFRS-Member
+adminDescription: NTFRS-Member
+objectClassCategory: 1
+lDAPDisplayName: nTFRSMember
+schemaIDGUID:: hiUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: nTFRSReplicaSet
+systemMayContain: serverReference
+systemMayContain: fRSUpdateTimeout
+systemMayContain: fRSServiceCommand
+systemMayContain: fRSRootSecurity
+systemMayContain: fRSPartnerAuthLevel
+systemMayContain: fRSFlags
+systemMayContain: fRSExtensions
+systemMayContain: fRSControlOutboundBacklog
+systemMayContain: fRSControlInboundBacklog
+systemMayContain: fRSControlDataCreation
+systemMayContain: frsComputerReference
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTFRS-Member,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTFRS-Replica-Set,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTFRS-Replica-Set
+subClassOf: top
+governsID: 1.2.840.113556.1.5.102
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTFRS-Replica-Set
+adminDescription: NTFRS-Replica-Set
+objectClassCategory: 1
+lDAPDisplayName: nTFRSReplicaSet
+schemaIDGUID:: OoBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: nTFRSSettings
+systemMayContain: schedule
+systemMayContain: msFRS-Topology-Pref
+systemMayContain: msFRS-Hub-Member
+systemMayContain: managedBy
+systemMayContain: fRSVersionGUID
+systemMayContain: fRSServiceCommand
+systemMayContain: fRSRootSecurity
+systemMayContain: fRSReplicaSetType
+systemMayContain: fRSReplicaSetGUID
+systemMayContain: fRSPrimaryMember
+systemMayContain: fRSPartnerAuthLevel
+systemMayContain: fRSLevelLimit
+systemMayContain: fRSFlags
+systemMayContain: fRSFileFilter
+systemMayContain: fRSExtensions
+systemMayContain: fRSDSPoll
+systemMayContain: fRSDirectoryFilter
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(OA;;CCDC;2a132586-9373-11d1
+ -aebc-0000f80367c1;;ED)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTFRS-Replica-Set,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTFRS-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTFRS-Settings
+subClassOf: applicationSettings
+governsID: 1.2.840.113556.1.5.89
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTFRS-Settings
+adminDescription: NTFRS-Settings
+objectClassCategory: 1
+lDAPDisplayName: nTFRSSettings
+schemaIDGUID:: wqyA9/BW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: nTFRSSettings
+systemPossSuperiors: container
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: organization
+systemMayContain: managedBy
+systemMayContain: fRSExtensions
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTFRS-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTFRS-Subscriber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTFRS-Subscriber
+subClassOf: top
+governsID: 1.2.840.113556.1.5.155
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTFRS-Subscriber
+adminDescription: NTFRS-Subscriber
+objectClassCategory: 1
+lDAPDisplayName: nTFRSSubscriber
+schemaIDGUID:: iCUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: nTFRSSubscriptions
+systemMayContain: schedule
+systemMayContain: fRSUpdateTimeout
+systemMayContain: fRSTimeLastConfigChange
+systemMayContain: fRSTimeLastCommand
+systemMayContain: fRSServiceCommandStatus
+systemMayContain: fRSServiceCommand
+systemMayContain: fRSMemberReference
+systemMayContain: fRSFlags
+systemMayContain: fRSFaultCondition
+systemMayContain: fRSExtensions
+systemMustContain: fRSStagingPath
+systemMustContain: fRSRootPath
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWO
+ WDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTFRS-Subscriber,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTFRS-Subscriptions,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTFRS-Subscriptions
+subClassOf: top
+governsID: 1.2.840.113556.1.5.154
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTFRS-Subscriptions
+adminDescription: NTFRS-Subscriptions
+objectClassCategory: 1
+lDAPDisplayName: nTFRSSubscriptions
+schemaIDGUID:: hyUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: user
+systemPossSuperiors: computer
+systemPossSuperiors: nTFRSSubscriptions
+systemMayContain: fRSWorkingPath
+systemMayContain: fRSVersion
+systemMayContain: fRSExtensions
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWO
+ WDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTFRS-Subscriptions,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Organizational-Person,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Organizational-Person
+subClassOf: person
+governsID: 2.5.6.7
+mayContain: msDS-HABSeniorityIndex
+mayContain: msDS-PhoneticDisplayName
+mayContain: msDS-PhoneticCompanyName
+mayContain: msDS-PhoneticDepartment
+mayContain: msDS-PhoneticLastName
+mayContain: msDS-PhoneticFirstName
+mayContain: houseIdentifier
+mayContain: msExchHouseIdentifier
+mayContain: homePostalAddress
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Organizational-Person
+adminDescription: Organizational-Person
+objectClassCategory: 0
+lDAPDisplayName: organizationalPerson
+schemaIDGUID:: pHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: organization
+systemPossSuperiors: container
+systemMayContain: msDS-AllowedToActOnBehalfOfOtherIdentity
+systemMayContain: x121Address
+systemMayContain: comment
+systemMayContain: title
+systemMayContain: co
+systemMayContain: primaryTelexNumber
+systemMayContain: telexNumber
+systemMayContain: teletexTerminalIdentifier
+systemMayContain: street
+systemMayContain: st
+systemMayContain: registeredAddress
+systemMayContain: preferredDeliveryMethod
+systemMayContain: postalCode
+systemMayContain: postalAddress
+systemMayContain: postOfficeBox
+systemMayContain: thumbnailPhoto
+systemMayContain: physicalDeliveryOfficeName
+systemMayContain: pager
+systemMayContain: otherPager
+systemMayContain: otherTelephone
+systemMayContain: mobile
+systemMayContain: otherMobile
+systemMayContain: primaryInternationalISDNNumber
+systemMayContain: ipPhone
+systemMayContain: otherIpPhone
+systemMayContain: otherHomePhone
+systemMayContain: homePhone
+systemMayContain: otherFacsimileTelephoneNumber
+systemMayContain: personalTitle
+systemMayContain: middleName
+systemMayContain: otherMailbox
+systemMayContain: ou
+systemMayContain: o
+systemMayContain: mhsORAddress
+systemMayContain: msDS-AllowedToDelegateTo
+systemMayContain: manager
+systemMayContain: thumbnailLogo
+systemMayContain: l
+systemMayContain: internationalISDNNumber
+systemMayContain: initials
+systemMayContain: givenName
+systemMayContain: generationQualifier
+systemMayContain: facsimileTelephoneNumber
+systemMayContain: employeeID
+systemMayContain: mail
+systemMayContain: division
+systemMayContain: destinationIndicator
+systemMayContain: department
+systemMayContain: c
+systemMayContain: countryCode
+systemMayContain: company
+systemMayContain: assistant
+systemMayContain: streetAddress
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Organizational-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Organizational-Role
+subClassOf: top
+governsID: 2.5.6.8
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Organizational-Role
+adminDescription: Organizational-Role
+objectClassCategory: 1
+lDAPDisplayName: organizationalRole
+schemaIDGUID:: v3TfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: organization
+systemPossSuperiors: container
+systemMayContain: x121Address
+systemMayContain: telexNumber
+systemMayContain: teletexTerminalIdentifier
+systemMayContain: telephoneNumber
+systemMayContain: street
+systemMayContain: st
+systemMayContain: seeAlso
+systemMayContain: roleOccupant
+systemMayContain: registeredAddress
+systemMayContain: preferredDeliveryMethod
+systemMayContain: postalCode
+systemMayContain: postalAddress
+systemMayContain: postOfficeBox
+systemMayContain: physicalDeliveryOfficeName
+systemMayContain: ou
+systemMayContain: l
+systemMayContain: internationalISDNNumber
+systemMayContain: facsimileTelephoneNumber
+systemMayContain: destinationIndicator
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Organizational-Role,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Organizational-Unit
+subClassOf: top
+governsID: 2.5.6.5
+rDNAttID: ou
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Organizational-Unit
+adminDescription: Organizational-Unit
+objectClassCategory: 1
+lDAPDisplayName: organizationalUnit
+schemaIDGUID:: pXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: country
+systemPossSuperiors: organization
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: x121Address
+systemMayContain: userPassword
+systemMayContain: uPNSuffixes
+systemMayContain: co
+systemMayContain: telexNumber
+systemMayContain: teletexTerminalIdentifier
+systemMayContain: telephoneNumber
+systemMayContain: street
+systemMayContain: st
+systemMayContain: seeAlso
+systemMayContain: searchGuide
+systemMayContain: registeredAddress
+systemMayContain: preferredDeliveryMethod
+systemMayContain: postalCode
+systemMayContain: postalAddress
+systemMayContain: postOfficeBox
+systemMayContain: physicalDeliveryOfficeName
+systemMayContain: msCOM-UserPartitionSetLink
+systemMayContain: managedBy
+systemMayContain: thumbnailLogo
+systemMayContain: l
+systemMayContain: internationalISDNNumber
+systemMayContain: gPOptions
+systemMayContain: gPLink
+systemMayContain: facsimileTelephoneNumber
+systemMayContain: destinationIndicator
+systemMayContain: desktopProfile
+systemMayContain: defaultGroup
+systemMayContain: countryCode
+systemMayContain: c
+systemMayContain: businessCategory
+systemMustContain: ou
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(OA;
+ ;CCDC;bf967a86-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aba-0de6-11d0-a2
+ 85-00aa003049e2;;AO)(OA;;CCDC;bf967a9c-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CC
+ DC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;E
+ D)(OA;;CCDC;4828CC14-1437-45bc-9B07-AD6F015E5F28;;AO)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Package-Registration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Package-Registration
+subClassOf: top
+governsID: 1.2.840.113556.1.5.49
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Package-Registration
+adminDescription: Package-Registration
+objectClassCategory: 1
+lDAPDisplayName: packageRegistration
+schemaIDGUID:: pnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: classStore
+systemMayContain: versionNumberLo
+systemMayContain: versionNumberHi
+systemMayContain: vendor
+systemMayContain: upgradeProductCode
+systemMayContain: setupCommand
+systemMayContain: productCode
+systemMayContain: packageType
+systemMayContain: packageName
+systemMayContain: packageFlags
+systemMayContain: msiScriptSize
+systemMayContain: msiScriptPath
+systemMayContain: msiScriptName
+systemMayContain: msiScript
+systemMayContain: msiFileList
+systemMayContain: managedBy
+systemMayContain: machineArchitecture
+systemMayContain: localeID
+systemMayContain: lastUpdateSequence
+systemMayContain: installUiLevel
+systemMayContain: iconPath
+systemMayContain: fileExtPriority
+systemMayContain: cOMTypelibId
+systemMayContain: cOMProgID
+systemMayContain: cOMInterfaceID
+systemMayContain: cOMClassID
+systemMayContain: categories
+systemMayContain: canUpgradeScript
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Package-Registration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Physical-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Physical-Location
+subClassOf: locality
+governsID: 1.2.840.113556.1.5.97
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Physical-Location
+adminDescription: Physical-Location
+objectClassCategory: 1
+lDAPDisplayName: physicalLocation
+schemaIDGUID:: IjGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: physicalLocation
+systemPossSuperiors: configuration
+systemMayContain: managedBy
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Physical-Location,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Certificate-Template,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: PKI-Certificate-Template
+subClassOf: top
+governsID: 1.2.840.113556.1.5.177
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Certificate-Template
+adminDescription: PKI-Certificate-Template
+objectClassCategory: 1
+lDAPDisplayName: pKICertificateTemplate
+schemaIDGUID:: opwg5bo70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: pKIOverlapPeriod
+systemMayContain: pKIMaxIssuingDepth
+systemMayContain: pKIKeyUsage
+systemMayContain: pKIExtendedKeyUsage
+systemMayContain: pKIExpirationPeriod
+systemMayContain: pKIEnrollmentAccess
+systemMayContain: pKIDefaultCSPs
+systemMayContain: pKIDefaultKeySpec
+systemMayContain: pKICriticalExtensions
+systemMayContain: msPKI-RA-Signature
+systemMayContain: msPKI-RA-Policies
+systemMayContain: msPKI-RA-Application-Policies
+systemMayContain: msPKI-Template-Schema-Version
+systemMayContain: msPKI-Template-Minor-Revision
+systemMayContain: msPKI-Supersede-Templates
+systemMayContain: msPKI-Private-Key-Flag
+systemMayContain: msPKI-Minimal-Key-Size
+systemMayContain: msPKI-Enrollment-Flag
+systemMayContain: msPKI-Certificate-Policy
+systemMayContain: msPKI-Certificate-Name-Flag
+systemMayContain: msPKI-Certificate-Application-Policy
+systemMayContain: msPKI-Cert-Template-OID
+systemMayContain: flags
+systemMayContain: displayName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=PKI-Certificate-Template,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Enrollment-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: PKI-Enrollment-Service
+subClassOf: top
+governsID: 1.2.840.113556.1.5.178
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Enrollment-Service
+adminDescription: PKI-Enrollment-Service
+objectClassCategory: 1
+lDAPDisplayName: pKIEnrollmentService
+schemaIDGUID:: kqZK7ro70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msPKI-Site-Name
+systemMayContain: msPKI-Enrollment-Servers
+systemMayContain: signatureAlgorithms
+systemMayContain: enrollmentProviders
+systemMayContain: dNSHostName
+systemMayContain: certificateTemplates
+systemMayContain: cACertificateDN
+systemMayContain: cACertificate
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=PKI-Enrollment-Service,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Private-Key-Recovery-Agent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-PKI-Private-Key-Recovery-Agent
+subClassOf: top
+governsID: 1.2.840.113556.1.5.223
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Private-Key-Recovery-Agent
+adminDescription: ms-PKI-Private-Key-Recovery-Agent
+objectClassCategory: 1
+lDAPDisplayName: msPKI-PrivateKeyRecoveryAgent
+schemaIDGUID:: MqZiFblEfkqi0+QmyWo6zA==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMustContain: userCertificate
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-PKI-Private-Key-Recovery-Agent,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Queue,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Print-Queue
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.23
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Queue
+adminDescription: Print-Queue
+objectClassCategory: 1
+lDAPDisplayName: printQueue
+schemaIDGUID:: qHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemMayContain: priority
+systemMayContain: printStatus
+systemMayContain: printStartTime
+systemMayContain: printStaplingSupported
+systemMayContain: printSpooling
+systemMayContain: printShareName
+systemMayContain: printSeparatorFile
+systemMayContain: printRateUnit
+systemMayContain: printRate
+systemMayContain: printPagesPerMinute
+systemMayContain: printOwner
+systemMayContain: printOrientationsSupported
+systemMayContain: printNumberUp
+systemMayContain: printNotify
+systemMayContain: printNetworkAddress
+systemMayContain: printMinYExtent
+systemMayContain: printMinXExtent
+systemMayContain: printMemory
+systemMayContain: printMediaSupported
+systemMayContain: printMediaReady
+systemMayContain: printMaxYExtent
+systemMayContain: printMaxXExtent
+systemMayContain: printMaxResolutionSupported
+systemMayContain: printMaxCopies
+systemMayContain: printMACAddress
+systemMayContain: printLanguage
+systemMayContain: printKeepPrintedJobs
+systemMayContain: printFormName
+systemMayContain: printEndTime
+systemMayContain: printDuplexSupported
+systemMayContain: printColor
+systemMayContain: printCollate
+systemMayContain: printBinNames
+systemMayContain: printAttributes
+systemMayContain: portName
+systemMayContain: physicalLocationObject
+systemMayContain: operatingSystemVersion
+systemMayContain: operatingSystemServicePack
+systemMayContain: operatingSystemHotfix
+systemMayContain: operatingSystem
+systemMayContain: location
+systemMayContain: driverVersion
+systemMayContain: driverName
+systemMayContain: defaultPriority
+systemMayContain: bytesPerMinute
+systemMayContain: assetNumber
+systemMustContain: versionNumber
+systemMustContain: uNCName
+systemMustContain: shortServerName
+systemMustContain: serverName
+systemMustContain: printerName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;PO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLO
+ RC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Print-Queue,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Query-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Query-Policy
+subClassOf: top
+governsID: 1.2.840.113556.1.5.106
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Query-Policy
+adminDescription: Query-Policy
+objectClassCategory: 1
+lDAPDisplayName: queryPolicy
+schemaIDGUID:: dXDMg6fM0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: lDAPIPDenyList
+systemMayContain: lDAPAdminLimits
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Query-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Mail-Recipient,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Remote-Mail-Recipient
+subClassOf: top
+governsID: 1.2.840.113556.1.5.24
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Remote-Mail-Recipient
+adminDescription: Remote-Mail-Recipient
+objectClassCategory: 1
+lDAPDisplayName: remoteMailRecipient
+schemaIDGUID:: qXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: remoteSourceType
+systemMayContain: remoteSource
+systemMayContain: managedBy
+systemAuxiliaryClass: mailRecipient
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(OA;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Remote-Mail-Recipient,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Storage-Service-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Remote-Storage-Service-Point
+subClassOf: serviceAdministrationPoint
+governsID: 1.2.840.113556.1.5.146
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Remote-Storage-Service-Point
+adminDescription: Remote-Storage-Service-Point
+objectClassCategory: 1
+lDAPDisplayName: remoteStorageServicePoint
+schemaIDGUID:: vcU5KmCJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemMayContain: remoteStorageGUID
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Remote-Storage-Service-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Residential-Person,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Residential-Person
+subClassOf: person
+governsID: 2.5.6.10
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Residential-Person
+adminDescription: Residential-Person
+objectClassCategory: 1
+lDAPDisplayName: residentialPerson
+schemaIDGUID:: 1nTfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: locality
+systemPossSuperiors: container
+systemMayContain: x121Address
+systemMayContain: title
+systemMayContain: telexNumber
+systemMayContain: teletexTerminalIdentifier
+systemMayContain: street
+systemMayContain: st
+systemMayContain: registeredAddress
+systemMayContain: preferredDeliveryMethod
+systemMayContain: postalCode
+systemMayContain: postalAddress
+systemMayContain: postOfficeBox
+systemMayContain: physicalDeliveryOfficeName
+systemMayContain: ou
+systemMayContain: l
+systemMayContain: internationalISDNNumber
+systemMayContain: facsimileTelephoneNumber
+systemMayContain: destinationIndicator
+systemMayContain: businessCategory
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Residential-Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rFC822LocalPart,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rFC822LocalPart
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: domain
+governsID: 0.9.2342.19200300.100.4.14
+mayContain: x121Address
+mayContain: telexNumber
+mayContain: teletexTerminalIdentifier
+mayContain: telephoneNumber
+mayContain: street
+mayContain: sn
+mayContain: seeAlso
+mayContain: registeredAddress
+mayContain: preferredDeliveryMethod
+mayContain: postOfficeBox
+mayContain: postalCode
+mayContain: postalAddress
+mayContain: physicalDeliveryOfficeName
+mayContain: internationalISDNNumber
+mayContain: facsimileTelephoneNumber
+mayContain: destinationIndicator
+mayContain: description
+mayContain: cn
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rFC822LocalPart
+adminDescription: 
+ The rFC822LocalPart object class is used to define entries which represent the
+  local part of mail addresses.
+objectClassCategory: 1
+lDAPDisplayName: rFC822LocalPart
+schemaIDGUID:: eDo+ua7LXkige170rlBWhg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rFC822LocalPart,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Manager,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: RID-Manager
+subClassOf: top
+governsID: 1.2.840.113556.1.5.83
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Manager
+adminDescription: RID-Manager
+objectClassCategory: 1
+lDAPDisplayName: rIDManager
+schemaIDGUID:: jRgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: TRUE
+systemPossSuperiors: container
+systemMayContain: msDS-RIDPoolAllocationEnabled
+systemMustContain: rIDAvailablePool
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)S:(AU;SA;CRWP;;;WD)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=RID-Manager,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Set,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: RID-Set
+subClassOf: top
+governsID: 1.2.840.113556.1.5.129
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Set
+adminDescription: RID-Set
+objectClassCategory: 1
+lDAPDisplayName: rIDSet
+schemaIDGUID:: icv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: TRUE
+systemPossSuperiors: user
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemMustContain: rIDUsedPool
+systemMustContain: rIDPreviousAllocationPool
+systemMustContain: rIDNextRID
+systemMustContain: rIDAllocationPool
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=RID-Set,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=room,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: room
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 0.9.2342.19200300.100.4.7
+mustContain: cn
+mayContain: location
+mayContain: telephoneNumber
+mayContain: seeAlso
+mayContain: description
+mayContain: roomNumber
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: room
+adminDescription: 
+ The room object class is used to define entries representing rooms.
+objectClassCategory: 1
+lDAPDisplayName: room
+schemaIDGUID:: 0uVgeLDIu0y9RdlFW+uSBg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=room,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Rpc-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Rpc-Container
+subClassOf: container
+governsID: 1.2.840.113556.1.5.136
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Rpc-Container
+adminDescription: Rpc-Container
+objectClassCategory: 1
+lDAPDisplayName: rpcContainer
+schemaIDGUID:: QighgNxL0RGpxAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: nameServiceFlags
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Rpc-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rpc-Entry
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.27
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Entry
+adminDescription: rpc-Entry
+objectClassCategory: 2
+lDAPDisplayName: rpcEntry
+schemaIDGUID:: rHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rpc-Entry,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rpc-Group
+subClassOf: rpcEntry
+governsID: 1.2.840.113556.1.5.80
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Group
+adminDescription: rpc-Group
+objectClassCategory: 1
+lDAPDisplayName: rpcGroup
+schemaIDGUID:: 3xthiPSM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: rpcNsObjectID
+systemMayContain: rpcNsGroup
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rpc-Group,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Profile,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rpc-Profile
+subClassOf: rpcEntry
+governsID: 1.2.840.113556.1.5.82
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Profile
+adminDescription: rpc-Profile
+objectClassCategory: 1
+lDAPDisplayName: rpcProfile
+schemaIDGUID:: 4RthiPSM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rpc-Profile,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Profile-Element,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rpc-Profile-Element
+subClassOf: rpcEntry
+governsID: 1.2.840.113556.1.5.26
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Profile-Element
+adminDescription: rpc-Profile-Element
+objectClassCategory: 1
+lDAPDisplayName: rpcProfileElement
+schemaIDGUID:: z1OW8tB60BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: rpcProfile
+systemMayContain: rpcNsProfileEntry
+systemMayContain: rpcNsAnnotation
+systemMustContain: rpcNsPriority
+systemMustContain: rpcNsInterfaceID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rpc-Profile-Element,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rpc-Server
+subClassOf: rpcEntry
+governsID: 1.2.840.113556.1.5.81
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Server
+adminDescription: rpc-Server
+objectClassCategory: 1
+lDAPDisplayName: rpcServer
+schemaIDGUID:: 4BthiPSM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: rpcNsObjectID
+systemMayContain: rpcNsEntryFlags
+systemMayContain: rpcNsCodeset
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rpc-Server,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Server-Element,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rpc-Server-Element
+subClassOf: rpcEntry
+governsID: 1.2.840.113556.1.5.73
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Server-Element
+adminDescription: rpc-Server-Element
+objectClassCategory: 1
+lDAPDisplayName: rpcServerElement
+schemaIDGUID:: 0FOW8tB60BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: rpcServer
+systemMustContain: rpcNsTransferSyntax
+systemMustContain: rpcNsInterfaceID
+systemMustContain: rpcNsBindings
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rpc-Server-Element,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RRAS-Administration-Connection-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: RRAS-Administration-Connection-Point
+subClassOf: serviceAdministrationPoint
+governsID: 1.2.840.113556.1.5.150
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RRAS-Administration-Connection-Point
+adminDescription: RRAS-Administration-Connection-Point
+objectClassCategory: 1
+lDAPDisplayName: rRASAdministrationConnectionPoint
+schemaIDGUID:: vsU5KmCJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemMayContain: msRRASAttribute
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=RRAS-Administration-Connection-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RRAS-Administration-Dictionary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: RRAS-Administration-Dictionary
+subClassOf: top
+governsID: 1.2.840.113556.1.5.156
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RRAS-Administration-Dictionary
+adminDescription: RRAS-Administration-Dictionary
+objectClassCategory: 1
+lDAPDisplayName: rRASAdministrationDictionary
+schemaIDGUID:: rpib842T0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msRRASVendorAttributeEntry
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWO
+ WDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=RRAS-Administration-Dictionary,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sam-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Sam-Domain
+subClassOf: top
+governsID: 1.2.840.113556.1.5.3
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sam-Domain
+adminDescription: Sam-Domain
+objectClassCategory: 3
+lDAPDisplayName: samDomain
+schemaIDGUID:: kHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemMayContain: treeName
+systemMayContain: rIDManagerReference
+systemMayContain: replicaSource
+systemMayContain: pwdProperties
+systemMayContain: pwdHistoryLength
+systemMayContain: privateKey
+systemMayContain: pekList
+systemMayContain: pekKeyChangeInterval
+systemMayContain: nTMixedDomain
+systemMayContain: nextRid
+systemMayContain: nETBIOSName
+systemMayContain: msDS-PerUserTrustTombstonesQuota
+systemMayContain: msDS-PerUserTrustQuota
+systemMayContain: ms-DS-MachineAccountQuota
+systemMayContain: msDS-LogonTimeSyncInterval
+systemMayContain: msDS-AllUsersTrustQuota
+systemMayContain: modifiedCountAtLastProm
+systemMayContain: minPwdLength
+systemMayContain: minPwdAge
+systemMayContain: maxPwdAge
+systemMayContain: lSAModifiedCount
+systemMayContain: lSACreationTime
+systemMayContain: lockoutThreshold
+systemMayContain: lockoutDuration
+systemMayContain: lockOutObservationWindow
+systemMayContain: gPOptions
+systemMayContain: gPLink
+systemMayContain: eFSPolicy
+systemMayContain: domainPolicyObject
+systemMayContain: desktopProfile
+systemMayContain: description
+systemMayContain: defaultLocalPolicyObject
+systemMayContain: creationTime
+systemMayContain: controlAccessRights
+systemMayContain: cACertificate
+systemMayContain: builtinModifiedCount
+systemMayContain: builtinCreationTime
+systemMayContain: auditingPolicy
+systemAuxiliaryClass: samDomainBase
+defaultSecurityDescriptor: 
+ D:(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;S-1-5-21-1419929373-1327843497
+ -4227689449-498)(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(
+ OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79
+ f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;11
+ 31f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc
+ 2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRC
+ WDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSD
+ DTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967
+ aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc
+ 2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9
+ 020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-
+ 20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;R
+ P;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU
+ )(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-
+ 0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-
+ 11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b42
+ 2-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79
+ a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;
+ bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(
+ OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F01
+ 5E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-
+ 9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;R
+ U)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-
+ ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967ab
+ a-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f
+ 608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854
+ e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;WP;ea1b7b93-5e
+ 48-46d5-bc6c-4df4fda78a35;bf967a86-0de6-11d0-a285-00aa003049e2;PS)(OA;;CR;1131
+ f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda6
+ 40c;;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;89e95b76-444d
+ -4c62-991a-0facbeda640c;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-
+ 5-32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6a
+ d-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)
+ (OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ae-9c07-11d1-f7
+ 9f-00c04fc2dcd2;;BA)(OA;CIIO;CRRPWP;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)(
+ OA;CIOI;RPWP;3f78c3e5-f79a-46bd-a0b8-9d18116ddc79;;PS)S:(AU;SA;WDWOWP;;;WD)(AU
+ ;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf
+ 967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000
+ f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Sam-Domain,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sam-Domain-Base,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Sam-Domain-Base
+subClassOf: top
+governsID: 1.2.840.113556.1.5.2
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sam-Domain-Base
+adminDescription: Sam-Domain-Base
+objectClassCategory: 3
+lDAPDisplayName: samDomainBase
+schemaIDGUID:: kXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemMayContain: uASCompat
+systemMayContain: serverState
+systemMayContain: serverRole
+systemMayContain: revision
+systemMayContain: pwdProperties
+systemMayContain: pwdHistoryLength
+systemMayContain: oEMInformation
+systemMayContain: objectSid
+systemMayContain: nTSecurityDescriptor
+systemMayContain: nextRid
+systemMayContain: modifiedCountAtLastProm
+systemMayContain: modifiedCount
+systemMayContain: minPwdLength
+systemMayContain: minPwdAge
+systemMayContain: maxPwdAge
+systemMayContain: lockoutThreshold
+systemMayContain: lockoutDuration
+systemMayContain: lockOutObservationWindow
+systemMayContain: forceLogoff
+systemMayContain: domainReplica
+systemMayContain: creationTime
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Sam-Domain-Base,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sam-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Sam-Server
+subClassOf: securityObject
+governsID: 1.2.840.113556.1.5.5
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sam-Server
+adminDescription: Sam-Server
+objectClassCategory: 1
+lDAPDisplayName: samServer
+schemaIDGUID:: rXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemMayContain: samDomainUpdates
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPLCLORC;;;RU)(OA;;CR;91d67418-0135-4acc-8d79-c08e857cfbec;;
+ AU)(OA;;CR;91d67418-0135-4acc-8d79-c08e857cfbec;;RU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Sam-Server,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Secret,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Secret
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.28
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Secret
+adminDescription: Secret
+objectClassCategory: 1
+lDAPDisplayName: secret
+schemaIDGUID:: rnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: priorValue
+systemMayContain: priorSetTime
+systemMayContain: lastSetTime
+systemMayContain: currentValue
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Secret,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Security-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Security-Object
+subClassOf: top
+governsID: 1.2.840.113556.1.5.1
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Security-Object
+adminDescription: Security-Object
+objectClassCategory: 2
+lDAPDisplayName: securityObject
+schemaIDGUID:: r3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Security-Object,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Security-Principal,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Security-Principal
+subClassOf: top
+governsID: 1.2.840.113556.1.5.6
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Security-Principal
+adminDescription: Security-Principal
+objectClassCategory: 3
+lDAPDisplayName: securityPrincipal
+schemaIDGUID:: sHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemMayContain: supplementalCredentials
+systemMayContain: sIDHistory
+systemMayContain: securityIdentifier
+systemMayContain: sAMAccountType
+systemMayContain: rid
+systemMayContain: tokenGroupsNoGCAcceptable
+systemMayContain: tokenGroupsGlobalAndUniversal
+systemMayContain: tokenGroups
+systemMayContain: nTSecurityDescriptor
+systemMayContain: msDS-KeyVersionNumber
+systemMayContain: altSecurityIdentities
+systemMayContain: accountNameHistory
+systemMustContain: sAMAccountName
+systemMustContain: objectSid
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Security-Principal,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Server
+subClassOf: top
+governsID: 1.2.840.113556.1.5.17
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Server
+adminDescription: Server
+objectClassCategory: 1
+lDAPDisplayName: server
+schemaIDGUID:: knqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: serversContainer
+systemMayContain: msDS-IsUserCachableAtRodc
+systemMayContain: msDS-SiteName
+systemMayContain: msDS-isRODC
+systemMayContain: msDS-isGC
+systemMayContain: mailAddress
+systemMayContain: serverReference
+systemMayContain: serialNumber
+systemMayContain: managedBy
+systemMayContain: dNSHostName
+systemMayContain: bridgeheadTransportList
+defaultSecurityDescriptor: 
+ D:(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A
+ ;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Server,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Servers-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Servers-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.7000.48
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Servers-Container
+adminDescription: Servers-Container
+objectClassCategory: 1
+lDAPDisplayName: serversContainer
+schemaIDGUID:: wKyA9/BW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: site
+defaultSecurityDescriptor: 
+ D:(A;;CC;;;BA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Servers-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Administration-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Service-Administration-Point
+subClassOf: serviceConnectionPoint
+governsID: 1.2.840.113556.1.5.94
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Administration-Point
+adminDescription: Service-Administration-Point
+objectClassCategory: 1
+lDAPDisplayName: serviceAdministrationPoint
+schemaIDGUID:: IzGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: computer
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Service-Administration-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Service-Class
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.29
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Class
+adminDescription: Service-Class
+objectClassCategory: 1
+lDAPDisplayName: serviceClass
+schemaIDGUID:: sXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: serviceClassInfo
+systemMustContain: serviceClassID
+systemMustContain: displayName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Service-Class,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Connection-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Service-Connection-Point
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.126
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Connection-Point
+adminDescription: Service-Connection-Point
+objectClassCategory: 1
+lDAPDisplayName: serviceConnectionPoint
+schemaIDGUID:: wQ5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemMayContain: versionNumberLo
+systemMayContain: versionNumberHi
+systemMayContain: versionNumber
+systemMayContain: vendor
+systemMayContain: serviceDNSNameType
+systemMayContain: serviceDNSName
+systemMayContain: serviceClassName
+systemMayContain: serviceBindingInformation
+systemMayContain: appSchemaVersion
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Service-Connection-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Instance,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Service-Instance
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.30
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Instance
+adminDescription: Service-Instance
+objectClassCategory: 1
+lDAPDisplayName: serviceInstance
+schemaIDGUID:: snqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: winsockAddresses
+systemMayContain: serviceInstanceVersion
+systemMustContain: serviceClassID
+systemMustContain: displayName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Service-Instance,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=simpleSecurityObject,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: simpleSecurityObject
+subClassOf: top
+governsID: 0.9.2342.19200300.100.4.19
+mayContain: userPassword
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: simpleSecurityObject
+adminDescription: 
+ The simpleSecurityObject object class is used to allow an entry to have a user
+ Password attribute when an entry's principal object classes do not allow userP
+ assword as an attribute type.
+objectClassCategory: 3
+lDAPDisplayName: simpleSecurityObject
+schemaIDGUID:: C5vmX0bhFU+wq8Hl1IjglA==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=simpleSecurityObject,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Site
+subClassOf: top
+governsID: 1.2.840.113556.1.5.31
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site
+adminDescription: Site
+objectClassCategory: 1
+lDAPDisplayName: site
+schemaIDGUID:: s3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: sitesContainer
+systemMayContain: msDS-BridgeHeadServersUsed
+systemMayContain: notificationList
+systemMayContain: mSMQSiteID
+systemMayContain: mSMQSiteForeign
+systemMayContain: mSMQNt4Stub
+systemMayContain: mSMQInterval2
+systemMayContain: mSMQInterval1
+systemMayContain: managedBy
+systemMayContain: location
+systemMayContain: gPOptions
+systemMayContain: gPLink
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;ED)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Site,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Site-Link
+subClassOf: top
+governsID: 1.2.840.113556.1.5.147
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-Link
+adminDescription: Site-Link
+objectClassCategory: 1
+lDAPDisplayName: siteLink
+schemaIDGUID:: 3iwM1VGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: interSiteTransport
+systemMayContain: schedule
+systemMayContain: replInterval
+systemMayContain: options
+systemMayContain: cost
+systemMustContain: siteList
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Site-Link,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Link-Bridge,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Site-Link-Bridge
+subClassOf: top
+governsID: 1.2.840.113556.1.5.148
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-Link-Bridge
+adminDescription: Site-Link-Bridge
+objectClassCategory: 1
+lDAPDisplayName: siteLinkBridge
+schemaIDGUID:: 3ywM1VGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: interSiteTransport
+systemMustContain: siteLinkList
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Site-Link-Bridge,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sites-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Sites-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.107
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sites-Container
+adminDescription: Sites-Container
+objectClassCategory: 1
+lDAPDisplayName: sitesContainer
+schemaIDGUID:: 2hdBemfN0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: configuration
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Storage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Storage
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.33
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Storage
+adminDescription: Storage
+objectClassCategory: 1
+lDAPDisplayName: storage
+schemaIDGUID:: tXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: monikerDisplayName
+systemMayContain: moniker
+systemMayContain: iconPath
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Storage,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Subnet,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Subnet
+subClassOf: top
+governsID: 1.2.840.113556.1.5.96
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Subnet
+adminDescription: Subnet
+objectClassCategory: 1
+lDAPDisplayName: subnet
+schemaIDGUID:: JDGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: subnetContainer
+systemMayContain: siteObject
+systemMayContain: physicalLocationObject
+systemMayContain: location
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Subnet,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Subnet-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Subnet-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.95
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Subnet-Container
+adminDescription: Subnet-Container
+objectClassCategory: 1
+lDAPDisplayName: subnetContainer
+schemaIDGUID:: JTGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: sitesContainer
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLC
+ LORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Subnet-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Top
+subClassOf: top
+governsID: 2.5.6.0
+mayContain: msSFU30PosixMemberOf
+mayContain: msDFSR-ComputerReferenceBL
+mayContain: msDFSR-MemberReferenceBL
+mayContain: msDS-ObjectReferenceBL
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Top
+adminDescription: Top
+objectClassCategory: 2
+lDAPDisplayName: top
+schemaIDGUID:: t3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemPossSuperiors: lostAndFound
+systemMayContain: msDS-ReplValueMetaDataExt
+systemMayContain: msDS-parentdistname
+systemMayContain: msds-memberTransitive
+systemMayContain: msds-memberOfTransitive
+systemMayContain: msDS-TDOEgressBL
+systemMayContain: msDS-TDOIngressBL
+systemMayContain: msDS-ValueTypeReferenceBL
+systemMayContain: msDS-IsPrimaryComputerFor
+systemMayContain: msDS-ClaimSharesPossibleValuesWithBL
+systemMayContain: msDS-MembersOfResourcePropertyListBL
+systemMayContain: msDS-EnabledFeatureBL
+systemMayContain: msDS-LastKnownRDN
+systemMayContain: msDS-HostServiceAccountBL
+systemMayContain: msDS-OIDToGroupLinkBl
+systemMayContain: msDS-LocalEffectiveRecycleTime
+systemMayContain: msDS-LocalEffectiveDeletionTime
+systemMayContain: msDS-PSOApplied
+systemMayContain: msDS-NcType
+systemMayContain: msDS-PrincipalName
+systemMayContain: msDS-RevealedListBL
+systemMayContain: msDS-NC-RO-Replica-Locations-BL
+systemMayContain: msDS-AuthenticatedToAccountlist
+systemMayContain: msDS-IsPartialReplicaFor
+systemMayContain: msDS-IsDomainFor
+systemMayContain: msDS-IsFullReplicaFor
+systemMayContain: msDS-RevealedDSAs
+systemMayContain: msDS-KrbTgtLinkBl
+systemMayContain: url
+systemMayContain: wWWHomePage
+systemMayContain: whenCreated
+systemMayContain: whenChanged
+systemMayContain: wellKnownObjects
+systemMayContain: wbemPath
+systemMayContain: uSNSource
+systemMayContain: uSNLastObjRem
+systemMayContain: USNIntersite
+systemMayContain: uSNDSALastObjRemoved
+systemMayContain: uSNCreated
+systemMayContain: uSNChanged
+systemMayContain: systemFlags
+systemMayContain: subSchemaSubEntry
+systemMayContain: subRefs
+systemMayContain: structuralObjectClass
+systemMayContain: siteObjectBL
+systemMayContain: serverReferenceBL
+systemMayContain: sDRightsEffective
+systemMayContain: revision
+systemMayContain: repsTo
+systemMayContain: repsFrom
+systemMayContain: directReports
+systemMayContain: replUpToDateVector
+systemMayContain: replPropertyMetaData
+systemMayContain: name
+systemMayContain: queryPolicyBL
+systemMayContain: proxyAddresses
+systemMayContain: proxiedObjectName
+systemMayContain: possibleInferiors
+systemMayContain: partialAttributeSet
+systemMayContain: partialAttributeDeletionList
+systemMayContain: otherWellKnownObjects
+systemMayContain: objectVersion
+systemMayContain: objectGUID
+systemMayContain: distinguishedName
+systemMayContain: nonSecurityMemberBL
+systemMayContain: netbootSCPBL
+systemMayContain: ownerBL
+systemMayContain: msDS-ReplValueMetaData
+systemMayContain: msDS-ReplAttributeMetaData
+systemMayContain: msDS-NonMembersBL
+systemMayContain: msDS-NCReplOutboundNeighbors
+systemMayContain: msDS-NCReplInboundNeighbors
+systemMayContain: msDS-NCReplCursors
+systemMayContain: msDS-TasksForAzRoleBL
+systemMayContain: msDS-TasksForAzTaskBL
+systemMayContain: msDS-OperationsForAzRoleBL
+systemMayContain: msDS-OperationsForAzTaskBL
+systemMayContain: msDS-MembersForAzRoleBL
+systemMayContain: msDs-masteredBy
+systemMayContain: mS-DS-ConsistencyGuid
+systemMayContain: mS-DS-ConsistencyChildCount
+systemMayContain: msDS-Approx-Immed-Subordinates
+systemMayContain: msCOM-PartitionSetLink
+systemMayContain: msCOM-UserLink
+systemMayContain: modifyTimeStamp
+systemMayContain: masteredBy
+systemMayContain: managedObjects
+systemMayContain: lastKnownParent
+systemMayContain: isPrivilegeHolder
+systemMayContain: memberOf
+systemMayContain: isRecycled
+systemMayContain: isDeleted
+systemMayContain: isCriticalSystemObject
+systemMayContain: showInAdvancedViewOnly
+systemMayContain: fSMORoleOwner
+systemMayContain: fRSMemberReferenceBL
+systemMayContain: frsComputerReferenceBL
+systemMayContain: fromEntry
+systemMayContain: flags
+systemMayContain: extensionName
+systemMayContain: dSASignature
+systemMayContain: dSCorePropagationData
+systemMayContain: displayNamePrintable
+systemMayContain: displayName
+systemMayContain: description
+systemMayContain: createTimeStamp
+systemMayContain: cn
+systemMayContain: canonicalName
+systemMayContain: bridgeheadServerListBL
+systemMayContain: allowedChildClassesEffective
+systemMayContain: allowedChildClasses
+systemMayContain: allowedAttributesEffective
+systemMayContain: allowedAttributes
+systemMayContain: adminDisplayName
+systemMayContain: adminDescription
+systemMustContain: objectClass
+systemMustContain: objectCategory
+systemMustContain: nTSecurityDescriptor
+systemMustContain: instanceType
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Top,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trusted-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Trusted-Domain
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.34
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trusted-Domain
+adminDescription: Trusted-Domain
+objectClassCategory: 1
+lDAPDisplayName: trustedDomain
+schemaIDGUID:: uHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msDS-EgressClaimsTransformationPolicy
+systemMayContain: msDS-IngressClaimsTransformationPolicy
+systemMayContain: trustType
+systemMayContain: trustPosixOffset
+systemMayContain: trustPartner
+systemMayContain: trustDirection
+systemMayContain: trustAuthOutgoing
+systemMayContain: trustAuthIncoming
+systemMayContain: trustAttributes
+systemMayContain: securityIdentifier
+systemMayContain: msDS-SupportedEncryptionTypes
+systemMayContain: msDS-TrustForestTrustInfo
+systemMayContain: mS-DS-CreatorSID
+systemMayContain: initialAuthOutgoing
+systemMayContain: initialAuthIncoming
+systemMayContain: flatName
+systemMayContain: domainIdentifier
+systemMayContain: domainCrossRef
+systemMayContain: additionalTrustedServiceNames
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(OA;;WP;736e4812-af31-11d2-b7df-00805f48caeb;bf967ab8-0de6-11d0-
+ a285-00aa003049e2;CO)(A;;SD;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Trusted-Domain,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Type-Library,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Type-Library
+subClassOf: top
+governsID: 1.2.840.113556.1.5.53
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Type-Library
+adminDescription: Type-Library
+objectClassCategory: 1
+lDAPDisplayName: typeLibrary
+schemaIDGUID:: 4hYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: classStore
+systemMayContain: cOMUniqueLIBID
+systemMayContain: cOMInterfaceID
+systemMayContain: cOMClassID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Type-Library,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: User
+subClassOf: organizationalPerson
+governsID: 1.2.840.113556.1.5.9
+mayContain: msDS-SourceObjectDN
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: x500uniqueIdentifier
+mayContain: userSMIMECertificate
+mayContain: userPKCS12
+mayContain: uid
+mayContain: secretary
+mayContain: roomNumber
+mayContain: preferredLanguage
+mayContain: photo
+mayContain: labeledURI
+mayContain: jpegPhoto
+mayContain: homePostalAddress
+mayContain: givenName
+mayContain: employeeType
+mayContain: employeeNumber
+mayContain: displayName
+mayContain: departmentNumber
+mayContain: carLicense
+mayContain: audio
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User
+adminDescription: User
+auxiliaryClass: shadowAccount
+auxiliaryClass: posixAccount
+objectClassCategory: 1
+lDAPDisplayName: user
+schemaIDGUID:: unqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: builtinDomain
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: msDS-AuthNPolicySiloMembersBL
+systemMayContain: msDS-AssignedAuthNPolicySilo
+systemMayContain: msDS-AssignedAuthNPolicy
+systemMayContain: msDS-SyncServerUrl
+systemMayContain: msDS-PrimaryComputer
+systemMayContain: msTSSecondaryDesktops
+systemMayContain: msTSPrimaryDesktop
+systemMayContain: msPKI-CredentialRoamingTokens
+systemMayContain: msDS-ResultantPSO
+systemMayContain: msDS-AuthenticatedAtDC
+systemMayContain: msTSInitialProgram
+systemMayContain: msTSWorkDirectory
+systemMayContain: msTSDefaultToMainPrinter
+systemMayContain: msTSConnectPrinterDrives
+systemMayContain: msTSConnectClientDrives
+systemMayContain: msTSBrokenConnectionAction
+systemMayContain: msTSReconnectionAction
+systemMayContain: msTSMaxIdleTime
+systemMayContain: msTSMaxConnectionTime
+systemMayContain: msTSMaxDisconnectionTime
+systemMayContain: msTSRemoteControl
+systemMayContain: msTSAllowLogon
+systemMayContain: msTSHomeDrive
+systemMayContain: msTSHomeDirectory
+systemMayContain: msTSProfilePath
+systemMayContain: msTSLSProperty02
+systemMayContain: msTSLSProperty01
+systemMayContain: msTSProperty02
+systemMayContain: msTSProperty01
+systemMayContain: msTSManagingLS4
+systemMayContain: msTSManagingLS3
+systemMayContain: msTSManagingLS2
+systemMayContain: msTSManagingLS
+systemMayContain: msTSLicenseVersion4
+systemMayContain: msTSLicenseVersion3
+systemMayContain: msTSLicenseVersion2
+systemMayContain: msTSLicenseVersion
+systemMayContain: msTSExpireDate4
+systemMayContain: msTSExpireDate3
+systemMayContain: msTSExpireDate2
+systemMayContain: msTSExpireDate
+systemMayContain: msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon
+systemMayContain: msDS-FailedInteractiveLogonCount
+systemMayContain: msDS-LastFailedInteractiveLogonTime
+systemMayContain: msDS-LastSuccessfulInteractiveLogonTime
+systemMayContain: msRADIUS-SavedFramedIpv6Route
+systemMayContain: msRADIUS-FramedIpv6Route
+systemMayContain: msRADIUS-SavedFramedIpv6Prefix
+systemMayContain: msRADIUS-FramedIpv6Prefix
+systemMayContain: msRADIUS-SavedFramedInterfaceId
+systemMayContain: msRADIUS-FramedInterfaceId
+systemMayContain: msPKIAccountCredentials
+systemMayContain: msPKIDPAPIMasterKeys
+systemMayContain: msPKIRoamingTimeStamp
+systemMayContain: msDS-SupportedEncryptionTypes
+systemMayContain: msDS-SecondaryKrbTgtNumber
+systemMayContain: pager
+systemMayContain: o
+systemMayContain: mobile
+systemMayContain: manager
+systemMayContain: mail
+systemMayContain: initials
+systemMayContain: homePhone
+systemMayContain: businessCategory
+systemMayContain: userCertificate
+systemMayContain: userWorkstations
+systemMayContain: userSharedFolderOther
+systemMayContain: userSharedFolder
+systemMayContain: userPrincipalName
+systemMayContain: userParameters
+systemMayContain: userAccountControl
+systemMayContain: unicodePwd
+systemMayContain: terminalServer
+systemMayContain: servicePrincipalName
+systemMayContain: scriptPath
+systemMayContain: pwdLastSet
+systemMayContain: profilePath
+systemMayContain: primaryGroupID
+systemMayContain: preferredOU
+systemMayContain: otherLoginWorkstations
+systemMayContain: operatorCount
+systemMayContain: ntPwdHistory
+systemMayContain: networkAddress
+systemMayContain: msRASSavedFramedRoute
+systemMayContain: msRASSavedFramedIPAddress
+systemMayContain: msRASSavedCallbackNumber
+systemMayContain: msRADIUSServiceType
+systemMayContain: msRADIUSFramedRoute
+systemMayContain: msRADIUSFramedIPAddress
+systemMayContain: msRADIUSCallbackNumber
+systemMayContain: msNPSavedCallingStationID
+systemMayContain: msNPCallingStationID
+systemMayContain: msNPAllowDialin
+systemMayContain: mSMQSignCertificatesMig
+systemMayContain: mSMQSignCertificates
+systemMayContain: mSMQDigestsMig
+systemMayContain: mSMQDigests
+systemMayContain: msIIS-FTPRoot
+systemMayContain: msIIS-FTPDir
+systemMayContain: msDS-UserPasswordExpiryTimeComputed
+systemMayContain: msDS-User-Account-Control-Computed
+systemMayContain: msDS-Site-Affinity
+systemMayContain: mS-DS-CreatorSID
+systemMayContain: msDS-Cached-Membership-Time-Stamp
+systemMayContain: msDS-Cached-Membership
+systemMayContain: msDRM-IdentityCertificate
+systemMayContain: msCOM-UserPartitionSetLink
+systemMayContain: maxStorage
+systemMayContain: logonWorkstation
+systemMayContain: logonHours
+systemMayContain: logonCount
+systemMayContain: lockoutTime
+systemMayContain: localeID
+systemMayContain: lmPwdHistory
+systemMayContain: lastLogonTimestamp
+systemMayContain: lastLogon
+systemMayContain: lastLogoff
+systemMayContain: homeDrive
+systemMayContain: homeDirectory
+systemMayContain: groupsToIgnore
+systemMayContain: groupPriority
+systemMayContain: groupMembershipSAM
+systemMayContain: dynamicLDAPServer
+systemMayContain: desktopProfile
+systemMayContain: defaultClassStore
+systemMayContain: dBCSPwd
+systemMayContain: controlAccessRights
+systemMayContain: codePage
+systemMayContain: badPwdCount
+systemMayContain: badPasswordTime
+systemMayContain: adminCount
+systemMayContain: aCSPolicyName
+systemMayContain: accountExpires
+systemAuxiliaryClass: msDS-CloudExtensions
+systemAuxiliaryClass: securityPrincipal
+systemAuxiliaryClass: mailRecipient
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9
+ 819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;
+ ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-000
+ 0F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45
+ 795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968
+ f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a
+ 9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04
+ fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-
+ 9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;
+ AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0
+ -9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;
+ ;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422
+ -11d1-aebd-0000f80367c1;;S-1-5-32-561)(OA;;WPRP;5805bc62-bdc9-4428-a5e2-856a0f
+ 4c185e;;S-1-5-32-561)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Volume,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Volume
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.36
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Volume
+adminDescription: Volume
+objectClassCategory: 1
+lDAPDisplayName: volume
+schemaIDGUID:: u3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: lastContentIndexed
+systemMayContain: contentIndexingAllowed
+systemMustContain: uNCName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Volume,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PosixAccount,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: PosixAccount
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.0
+mayContain: description
+mayContain: gecos
+mayContain: loginShell
+mayContain: unixUserPassword
+mayContain: userPassword
+mayContain: homeDirectory
+mayContain: unixHomeDirectory
+mayContain: gidNumber
+mayContain: uidNumber
+mayContain: cn
+mayContain: uid
+rDNAttID: uid
+showInAdvancedViewOnly: TRUE
+adminDisplayName: posixAccount
+adminDescription: Abstraction of an account with posix attributes
+objectClassCategory: 3
+lDAPDisplayName: posixAccount
+schemaIDGUID:: QbtErdVniE21dXsgZ0522A==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=PosixAccount,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowAccount,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ShadowAccount
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.1
+mayContain: shadowFlag
+mayContain: shadowExpire
+mayContain: shadowInactive
+mayContain: shadowWarning
+mayContain: shadowMax
+mayContain: shadowMin
+mayContain: shadowLastChange
+mayContain: description
+mayContain: userPassword
+mayContain: uid
+rDNAttID: uid
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowAccount
+adminDescription: Additional attributes for shadow passwords
+objectClassCategory: 3
+lDAPDisplayName: shadowAccount
+schemaIDGUID:: Z4RtWxgadEGzUJzG57SsjQ==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ShadowAccount,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PosixGroup,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: PosixGroup
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.2
+mayContain: memberUid
+mayContain: gidNumber
+mayContain: description
+mayContain: unixUserPassword
+mayContain: userPassword
+mayContain: cn
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: posixGroup
+adminDescription: Abstraction of a group of acconts
+objectClassCategory: 3
+lDAPDisplayName: posixGroup
+schemaIDGUID:: uFCTKiwG0E6ZA93hDQbeug==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=PosixGroup,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpService,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: IpService
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.3
+mustContain: ipServiceProtocol
+mustContain: ipServicePort
+mustContain: cn
+mayContain: nisMapName
+mayContain: msSFU30Aliases
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipService
+adminDescription: Abstraction of an Internet Protocol service.
+objectClassCategory: 1
+lDAPDisplayName: ipService
+schemaIDGUID:: 3/oXJZf6rUid5nmsVyH4ZA==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=IpService,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpProtocol,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: IpProtocol
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.4
+mustContain: ipProtocolNumber
+mustContain: cn
+mayContain: msSFU30Aliases
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipProtocol
+adminDescription: Abstraction of an IP protocol
+objectClassCategory: 1
+lDAPDisplayName: ipProtocol
+schemaIDGUID:: 0sstnPD7x02s4INW3NDwEw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=IpProtocol,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OncRpc,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: OncRpc
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.5
+mustContain: oncRpcNumber
+mustContain: cn
+mayContain: msSFU30Aliases
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: oncRpc
+adminDescription: 
+ Abstraction of an Open Network Computing (ONC) [RFC1057] Remote Procedure Call
+  (RPC) binding
+objectClassCategory: 1
+lDAPDisplayName: oncRpc
+schemaIDGUID:: Xh7dyvz+P0+1qXDplCBDAw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=OncRpc,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpHost,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: IpHost
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.6
+mayContain: manager
+mayContain: l
+mayContain: uid
+mayContain: ipHostNumber
+mayContain: description
+mayContain: cn
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipHost
+adminDescription: Abstraction of a host, an IP device.
+objectClassCategory: 3
+lDAPDisplayName: ipHost
+schemaIDGUID:: RhaRqyeIlU+HgFqPAI62jw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=IpHost,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpNetwork,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: IpNetwork
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.7
+mustContain: ipNetworkNumber
+mustContain: cn
+mayContain: msSFU30Aliases
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: manager
+mayContain: l
+mayContain: uid
+mayContain: ipNetmaskNumber
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipNetwork
+adminDescription: 
+ Abstraction of a network. The distinguished value of the cn attribute denotes 
+ the network's cannonical name
+objectClassCategory: 1
+lDAPDisplayName: ipNetwork
+schemaIDGUID:: wzZY2T4U+0OZKrBX8eyt+Q==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=IpNetwork,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisNetgroup,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NisNetgroup
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.8
+mustContain: cn
+mayContain: msSFU30NetgroupUserAtDomain
+mayContain: msSFU30NetgroupHostAtDomain
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: nisNetgroupTriple
+mayContain: memberNisNetgroup
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: nisNetgroup
+adminDescription: Abstraction of a netgroup. May refer to other netgroups
+objectClassCategory: 1
+lDAPDisplayName: nisNetgroup
+schemaIDGUID:: hL/vcntuXEqo24p1p8rSVA==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NisNetgroup,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisMap,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NisMap
+possSuperiors: domainDNS
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.9
+mustContain: nisMapName
+mustContain: cn
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: nisMap
+adminDescription: A generic abstraction of a nis map
+objectClassCategory: 1
+lDAPDisplayName: nisMap
+schemaIDGUID:: bGZydsECM0+ez/ZJwd2bfA==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NisMap,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisObject,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NisObject
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.10
+mustContain: nisMapEntry
+mustContain: nisMapName
+mustContain: cn
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: nisObject
+adminDescription: An entry in a NIS map
+objectClassCategory: 1
+lDAPDisplayName: nisObject
+schemaIDGUID:: k4pPkFRJX0yx4VPAl6MeEw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NisObject,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IEEE802Device,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: IEEE802Device
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.11
+mayContain: macAddress
+mayContain: cn
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ieee802Device
+adminDescription: A device with a MAC address
+objectClassCategory: 3
+lDAPDisplayName: ieee802Device
+schemaIDGUID:: KeWZpjemfUug+13EZqC4pw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=IEEE802Device,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=BootableDevice,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: BootableDevice
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.12
+mayContain: bootFile
+mayContain: bootParameter
+mayContain: cn
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: bootableDevice
+adminDescription: A device with boot parameters
+objectClassCategory: 3
+lDAPDisplayName: bootableDevice
+schemaIDGUID:: dyTLS7NLRUWp/Ptm4Ta0NQ==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=BootableDevice,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Mail-Aliases,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: msSFU-30-Mail-Aliases
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.18.2.211
+mayContain: nisMapName
+mayContain: msSFU30Aliases
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Mail-Aliases
+adminDescription: represents UNIX mail file data
+objectClassCategory: 1
+lDAPDisplayName: msSFU30MailAliases
+schemaIDGUID:: hQdx1v+Gt0SFtfH4aJUizg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=msSFU-30-Mail-Aliases,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Net-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: msSFU-30-Net-Id
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.18.2.212
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: msSFU30KeyValues
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Net-Id
+adminDescription: stores the netword ID
+objectClassCategory: 1
+lDAPDisplayName: msSFU30NetId
+schemaIDGUID:: LBlj4gIq30iXkpTyMoeBoA==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=msSFU-30-Net-Id,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Domain-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: msSFU-30-Domain-Info
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.18.2.215
+mayContain: msSFU30CryptMethod
+mayContain: msSFU30MaxUidNumber
+mayContain: msSFU30MaxGidNumber
+mayContain: msSFU30OrderNumber
+mayContain: msSFU30MasterServerName
+mayContain: msSFU30IsValidContainer
+mayContain: msSFU30SearchContainer
+mayContain: msSFU30YpServers
+mayContain: msSFU30Domains
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Domain-Info
+adminDescription: 
+ Represents an internal data structure used by Server for NIS.
+objectClassCategory: 1
+lDAPDisplayName: msSFU30DomainInfo
+schemaIDGUID:: zn0pNmtlI0SrZdq7J3CBng==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=msSFU-30-Domain-Info,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Network-User,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: msSFU-30-Network-User
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.18.2.216
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: msSFU30KeyValues
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Network-User
+adminDescription: represents network file data
+objectClassCategory: 1
+lDAPDisplayName: msSFU30NetworkUser
+schemaIDGUID:: ozRT4fALJ0S2chH12ErMkg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=msSFU-30-Network-User,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-NIS-Map-Config,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: msSFU-30-NIS-Map-Config
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.18.2.217
+mayContain: msSFU30MapFilter
+mayContain: msSFU30ResultAttributes
+mayContain: msSFU30SearchAttributes
+mayContain: msSFU30IntraFieldSeparator
+mayContain: msSFU30NSMAPFieldPosition
+mayContain: msSFU30FieldSeparator
+mayContain: msSFU30KeyAttributes
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-NIS-Map-Config
+adminDescription: represents an internal Data Structure used by Server for NIS
+objectClassCategory: 1
+lDAPDisplayName: msSFU30NISMapConfig
+schemaIDGUID:: 0DP3+uv4z02NdfF1OvalCw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=msSFU-30-NIS-Map-Config,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-80211-GroupPolicy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-net-ieee-80211-GroupPolicy
+subClassOf: top
+governsID: 1.2.840.113556.1.5.251
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-80211-GroupPolicy
+adminDescription: 
+ This class represents an 802.11 wireless network group policy object.  This cl
+ ass contains identifiers and configuration data relevant to an 802.11 wireless
+  network.
+objectClassCategory: 1
+lDAPDisplayName: ms-net-ieee-80211-GroupPolicy
+schemaIDGUID:: Yxi4HCK4eUOeol/3vcY4bQ==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemPossSuperiors: container
+systemPossSuperiors: person
+systemMayContain: ms-net-ieee-80211-GP-PolicyReserved
+systemMayContain: ms-net-ieee-80211-GP-PolicyData
+systemMayContain: ms-net-ieee-80211-GP-PolicyGUID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-net-ieee-80211-GroupPolicy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-8023-GroupPolicy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-net-ieee-8023-GroupPolicy
+subClassOf: top
+governsID: 1.2.840.113556.1.5.252
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-8023-GroupPolicy
+adminDescription: 
+ This class represents an 802.3 wired network group policy object.  This class 
+ contains identifiers and configuration data relevant to an 802.3 wired network
+ .
+objectClassCategory: 1
+lDAPDisplayName: ms-net-ieee-8023-GroupPolicy
+schemaIDGUID:: ajqgmRmrRkSTUAy4eO0tmw==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemPossSuperiors: container
+systemPossSuperiors: person
+systemMayContain: ms-net-ieee-8023-GP-PolicyReserved
+systemMayContain: ms-net-ieee-8023-GP-PolicyData
+systemMayContain: ms-net-ieee-8023-GP-PolicyGUID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-net-ieee-8023-GroupPolicy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FVE-RecoveryInformation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-FVE-RecoveryInformation
+subClassOf: top
+governsID: 1.2.840.113556.1.5.253
+mayContain: msFVE-VolumeGuid
+mayContain: msFVE-KeyPackage
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FVE-RecoveryInformation
+adminDescription: 
+ This class contains BitLocker recovery information including GUIDs, recovery p
+ asswords, and keys. Full Volume Encryption (FVE) was the pre-release name for 
+ BitLocker Drive Encryption.
+objectClassCategory: 1
+lDAPDisplayName: msFVE-RecoveryInformation
+schemaIDGUID:: MF1x6lOP0EC9HmEJGG14LA==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemMustContain: msFVE-RecoveryGuid
+systemMustContain: msFVE-RecoveryPassword
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-FVE-RecoveryInformation,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Deleted-Link-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFS-Deleted-Link-v2
+subClassOf: top
+governsID: 1.2.840.113556.1.5.260
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Deleted-Link-v2
+adminDescription: Deleted DFS Link in DFS namespace
+objectClassCategory: 1
+lDAPDisplayName: msDFS-DeletedLinkv2
+schemaIDGUID:: CDQXJcoE6ECGXj+c6b8b0w==
+systemOnly: FALSE
+systemPossSuperiors: msDFS-Namespacev2
+systemMayContain: msDFS-ShortNameLinkPathv2
+systemMayContain: msDFS-Commentv2
+systemMustContain: msDFS-LinkPathv2
+systemMustContain: msDFS-LastModifiedv2
+systemMustContain: msDFS-LinkIdentityGUIDv2
+systemMustContain: msDFS-NamespaceIdentityGUIDv2
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFS-Deleted-Link-v2,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Link-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFS-Link-v2
+subClassOf: top
+governsID: 1.2.840.113556.1.5.259
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Link-v2
+adminDescription: DFS Link in DFS namespace
+objectClassCategory: 1
+lDAPDisplayName: msDFS-Linkv2
+schemaIDGUID:: evtpd1kRlk6czWi8SHBz6w==
+systemOnly: FALSE
+systemPossSuperiors: msDFS-Namespacev2
+systemMayContain: msDFS-ShortNameLinkPathv2
+systemMayContain: msDFS-LinkSecurityDescriptorv2
+systemMayContain: msDFS-Commentv2
+systemMustContain: msDFS-LinkPathv2
+systemMustContain: msDFS-Propertiesv2
+systemMustContain: msDFS-TargetListv2
+systemMustContain: msDFS-Ttlv2
+systemMustContain: msDFS-LastModifiedv2
+systemMustContain: msDFS-LinkIdentityGUIDv2
+systemMustContain: msDFS-NamespaceIdentityGUIDv2
+systemMustContain: msDFS-GenerationGUIDv2
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFS-Link-v2,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Namespace-Anchor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFS-Namespace-Anchor
+subClassOf: top
+governsID: 1.2.840.113556.1.5.257
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Namespace-Anchor
+adminDescription: DFS namespace anchor
+objectClassCategory: 1
+lDAPDisplayName: msDFS-NamespaceAnchor
+schemaIDGUID:: haBz2mRuYU2wZAFdBBZHlQ==
+systemOnly: FALSE
+systemPossSuperiors: dfsConfiguration
+systemMustContain: msDFS-SchemaMajorVersion
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFS-Namespace-Anchor,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Namespace-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFS-Namespace-v2
+subClassOf: top
+governsID: 1.2.840.113556.1.5.258
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Namespace-v2
+adminDescription: DFS namespace
+objectClassCategory: 1
+lDAPDisplayName: msDFS-Namespacev2
+schemaIDGUID:: KIbLIcPzv0u/9gYLLY8pmg==
+systemOnly: FALSE
+systemPossSuperiors: msDFS-NamespaceAnchor
+systemMayContain: msDFS-Commentv2
+systemMustContain: msDFS-Propertiesv2
+systemMustContain: msDFS-TargetListv2
+systemMustContain: msDFS-Ttlv2
+systemMustContain: msDFS-LastModifiedv2
+systemMustContain: msDFS-NamespaceIdentityGUIDv2
+systemMustContain: msDFS-GenerationGUIDv2
+systemMustContain: msDFS-SchemaMinorVersion
+systemMustContain: msDFS-SchemaMajorVersion
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFS-Namespace-v2,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Type-Property-Base,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Claim-Type-Property-Base
+subClassOf: top
+governsID: 1.2.840.113556.1.5.269
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Type-Property-Base
+adminDescription: 
+ An abstract class that defines the base class for claim type or resource prope
+ rty classes.
+objectClassCategory: 2
+lDAPDisplayName: msDS-ClaimTypePropertyBase
+schemaIDGUID:: WC9EuJDEh0SKndgLiDJxrQ==
+systemOnly: FALSE
+systemMayContain: msDS-ClaimSharesPossibleValuesWith
+systemMayContain: Enabled
+systemMayContain: msDS-ClaimPossibleValues
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Claim-Type-Property-Base,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Types,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Claim-Types
+subClassOf: top
+governsID: 1.2.840.113556.1.5.270
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Types
+adminDescription: A container of this class can contain claim type objects.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ClaimTypes
+schemaIDGUID:: NTIJNhXHIUirarVvsoBaWA==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Claim-Types,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Resource-Properties,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Resource-Properties
+subClassOf: top
+governsID: 1.2.840.113556.1.5.271
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Resource-Properties
+adminDescription: A container of this class can contain resource properties.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ResourceProperties
+schemaIDGUID:: hEVKelCzj0es1rS4UtgswA==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Resource-Properties,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Claim-Type
+subClassOf: msDS-ClaimTypePropertyBase
+governsID: 1.2.840.113556.1.5.272
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Type
+adminDescription: 
+ An instance of this class holds the definition of a claim type that can be def
+ ined on security principals.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ClaimType
+schemaIDGUID:: fIWjgWlUj02q5sJ2mXYmBA==
+systemOnly: FALSE
+systemPossSuperiors: msDS-ClaimTypes
+systemMayContain: msDS-ClaimIsSingleValued
+systemMayContain: msDS-ClaimIsValueSpaceRestricted
+systemMayContain: msDS-ClaimValueType
+systemMayContain: msDS-ClaimSourceType
+systemMayContain: msDS-ClaimSource
+systemMayContain: msDS-ClaimTypeAppliesToClass
+systemMayContain: msDS-ClaimAttributeSource
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Claim-Type,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Resource-Property,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Resource-Property
+subClassOf: msDS-ClaimTypePropertyBase
+governsID: 1.2.840.113556.1.5.273
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Resource-Property
+adminDescription: 
+ An instance of this class holds the definition of a property on resources.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ResourceProperty
+schemaIDGUID:: Xj0oWwSElUGTOYRQGIxQGg==
+systemOnly: FALSE
+systemPossSuperiors: msDS-ResourceProperties
+systemMayContain: msDS-AppliesToResourceTypes
+systemMayContain: msDS-IsUsedAsResourceSecurityAttribute
+systemMustContain: msDS-ValueTypeReference
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Resource-Property,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Resource-Property-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Resource-Property-List
+subClassOf: top
+governsID: 1.2.840.113556.1.5.274
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Resource-Property-List
+adminDescription: 
+ An object of this class contains a list of resource properties.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ResourcePropertyList
+schemaIDGUID:: etTjckKzRU2PVrr/gDyr+Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msDS-MembersOfResourcePropertyList
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Resource-Property-List,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Activation-Objects-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-SPP-Activation-Objects-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.266
+rDNAttID: cn
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-SPP-Activation-Objects-Container
+adminDescription: 
+ Container for Activation Objects used by Active Directory based activation
+objectClassCategory: 1
+lDAPDisplayName: msSPP-ActivationObjectsContainer
+schemaIDGUID:: K4YvtyW7XU2qUWLFm9+Qrg==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ O:BAG:BAD: (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-SPP-Activation-Objects-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Activation-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-SPP-Activation-Object
+subClassOf: top
+governsID: 1.2.840.113556.1.5.267
+rDNAttID: cn
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-SPP-Activation-Object
+adminDescription: Activation Object used in Active Directory based activation
+objectClassCategory: 1
+lDAPDisplayName: msSPP-ActivationObject
+schemaIDGUID:: jOagUcUNykOTXcHJEb8u5Q==
+systemOnly: FALSE
+systemPossSuperiors: msSPP-ActivationObjectsContainer
+systemMayContain: msSPP-IssuanceLicense
+systemMayContain: msSPP-ConfigLicense
+systemMayContain: msSPP-PhoneLicense
+systemMayContain: msSPP-OnlineLicense
+systemMayContain: msSPP-ConfirmationId
+systemMayContain: msSPP-InstallationId
+systemMustContain: msSPP-KMSIds
+systemMustContain: msSPP-CSVLKSkuId
+systemMustContain: msSPP-CSVLKPartialProductKey
+systemMustContain: msSPP-CSVLKPid
+defaultSecurityDescriptor: 
+ O:BAG:BAD: (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-SPP-Activation-Object,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TPM-Information-Objects-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-TPM-Information-Objects-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.276
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: TPM-InformationObjectsContainer
+adminDescription: Container for TPM objects.
+objectClassCategory: 1
+lDAPDisplayName: msTPM-InformationObjectsContainer
+schemaIDGUID:: vagn4FZk3kWQozhZOHfudA==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: domain
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ LOLCCCRP;;;DC)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-TPM-Information-Objects-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TPM-Information-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-TPM-Information-Object
+subClassOf: top
+governsID: 1.2.840.113556.1.5.275
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: TPM-InformationObject
+adminDescription: 
+ This class contains recovery information for a Trusted Platform Module (TPM) d
+ evice.
+objectClassCategory: 1
+lDAPDisplayName: msTPM-InformationObject
+schemaIDGUID:: alsEhaZHQ0KnzGiQcB9mLA==
+systemOnly: FALSE
+systemPossSuperiors: msTPM-InformationObjectsContainer
+systemMayContain: msTPM-OwnerInformationTemp
+systemMayContain: msTPM-SrkPubThumbprint
+systemMustContain: msTPM-OwnerInformation
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLO;;;DC)(A;;WP;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-TPM-Information-Object,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Server-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DNS-Server-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.4.2129
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Server-Settings
+adminDescription: A container for storing DNS server settings.
+objectClassCategory: 1
+lDAPDisplayName: msDNS-ServerSettings
+schemaIDGUID:: 7cMv7xhuW0GZ5DEUqMsSSw==
+systemOnly: FALSE
+systemPossSuperiors: server
+systemMayContain: msDNS-KeymasterZones
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DNS-Server-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Central-Access-Policies,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Authz-Central-Access-Policies
+subClassOf: top
+governsID: 1.2.840.113556.1.4.2161
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Central-Access-Policies
+adminDescription: 
+ A container of this class can contain Central Access Policy objects.
+objectClassCategory: 1
+lDAPDisplayName: msAuthz-CentralAccessPolicies
+schemaIDGUID:: wyFcVTahWkWTl3lrvTWOJQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Authz-Central-Access-Policies,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Central-Access-Rules,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Authz-Central-Access-Rules
+subClassOf: top
+governsID: 1.2.840.113556.1.4.2162
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Central-Access-Rules
+adminDescription: 
+ A container of this class can contain Central Access Policy Entry objects.
+objectClassCategory: 1
+lDAPDisplayName: msAuthz-CentralAccessRules
+schemaIDGUID:: ehu7mW1gi0+ADuFb5VTKjQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Authz-Central-Access-Rules,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Central-Access-Rule,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Authz-Central-Access-Rule
+subClassOf: top
+governsID: 1.2.840.113556.1.4.2163
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Central-Access-Rule
+adminDescription: 
+ A class that defines Central Access Rules used to construct a central access p
+ olicy.
+objectClassCategory: 1
+lDAPDisplayName: msAuthz-CentralAccessRule
+schemaIDGUID:: 3AZKWxwl206IEwvdcTJyJg==
+systemOnly: FALSE
+systemPossSuperiors: msAuthz-CentralAccessRules
+systemMayContain: msAuthz-MemberRulesInCentralAccessPolicyBL
+systemMayContain: msAuthz-ResourceCondition
+systemMayContain: msAuthz-LastEffectiveSecurityPolicy
+systemMayContain: msAuthz-ProposedSecurityPolicy
+systemMayContain: msAuthz-EffectiveSecurityPolicy
+systemMayContain: Enabled
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Authz-Central-Access-Rule,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Central-Access-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Authz-Central-Access-Policy
+subClassOf: top
+governsID: 1.2.840.113556.1.4.2164
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Central-Access-Policy
+adminDescription: A class that defines Central Access Policy objects.
+objectClassCategory: 1
+lDAPDisplayName: msAuthz-CentralAccessPolicy
+schemaIDGUID:: sJxnpZ1vLEOLdR4+g08Cqg==
+systemOnly: FALSE
+systemPossSuperiors: msAuthz-CentralAccessPolicies
+systemMayContain: msAuthz-MemberRulesInCentralAccessPolicy
+systemMayContain: msAuthz-CentralAccessPolicyID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Authz-Central-Access-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-Prov-ServerConfiguration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Kds-Prov-ServerConfiguration
+subClassOf: top
+governsID: 1.2.840.113556.1.5.277
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-Prov-ServerConfiguration
+adminDescription: Configuration for the Group Key Distribution Service.
+objectClassCategory: 1
+lDAPDisplayName: msKds-ProvServerConfiguration
+schemaIDGUID:: qEPyXiUqpkWLcwinGuZ3zg==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msKds-PrivateKeyLength
+systemMayContain: msKds-PublicKeyLength
+systemMayContain: msKds-SecretAgreementParam
+systemMayContain: msKds-SecretAgreementAlgorithmID
+systemMayContain: msKds-KDFParam
+systemMayContain: msKds-KDFAlgorithmID
+systemMustContain: msKds-Version
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Kds-Prov-ServerConfiguration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-Prov-RootKey,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Kds-Prov-RootKey
+subClassOf: top
+governsID: 1.2.840.113556.1.5.278
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-Prov-RootKey
+adminDescription: Root keys for the Group Key Distribution Service.
+objectClassCategory: 1
+lDAPDisplayName: msKds-ProvRootKey
+schemaIDGUID:: Qf0CquAXGE+Gh7Ijlklzaw==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msKds-SecretAgreementParam
+systemMayContain: msKds-KDFParam
+systemMustContain: msKds-CreateTime
+systemMustContain: msKds-RootKeyData
+systemMustContain: msKds-PrivateKeyLength
+systemMustContain: msKds-PublicKeyLength
+systemMustContain: msKds-SecretAgreementAlgorithmID
+systemMustContain: msKds-KDFAlgorithmID
+systemMustContain: msKds-UseStartTime
+systemMustContain: msKds-DomainID
+systemMustContain: msKds-Version
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Kds-Prov-RootKey,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Group-Managed-Service-Account,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Group-Managed-Service-Account
+subClassOf: computer
+governsID: 1.2.840.113556.1.5.282
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-Group-Managed-Service-Account
+adminDescription: 
+ The group managed service account class is used to create an account which can
+  be shared by different computers to run Windows services.
+objectClassCategory: 1
+lDAPDisplayName: msDS-GroupManagedServiceAccount
+schemaIDGUID:: ilWLe6WT90qtysAX5n8QVw==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemPossSuperiors: container
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: msDS-GroupMSAMembership
+systemMayContain: msDS-ManagedPasswordPreviousId
+systemMayContain: msDS-ManagedPasswordId
+systemMayContain: msDS-ManagedPassword
+systemMustContain: msDS-ManagedPasswordInterval
+defaultSecurityDescriptor: 
+ D:(OD;;CR;00299570-246d-11d0-a768-00aa006e0529;;WD)(A;;RPWPCRCCDCLCLORCWOWDSDD
+ TSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;
+ SY)(A;;RPCRLCLORCSDDT;;;CO)(OA;;WP;4c164200-20c0-11d0-a768-00aa006e0529;;CO)(O
+ A;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO)(OA;;SW;f3a64788-5306-11d1-a9c5
+ -0000f80367c1;;CO)(OA;;WP;3e0abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-1
+ 1d0-a285-00aa003049e2;CO)(OA;;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86
+ -0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967950-0de6-11d0-a285-00aa003049e2;b
+ f967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967953-0de6-11d0-a285-00aa003
+ 049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-
+ 0000f80367c1;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;SW;72
+ e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)(A;;RPLCLORC;;;AU)(OA;;RPWP;bf967a7f-0d
+ e6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-
+ 1-5-32-560)(OA;;RP;e362ed86-b728-0842-b27d-2dea7a9df218;;WD)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Group-Managed-Service-Account,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Value-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Value-Type
+subClassOf: top
+governsID: 1.2.840.113556.1.5.279
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Value-Type
+adminDescription: 
+ An value type object holds value type information for a resource property.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ValueType
+schemaIDGUID:: 33/C4x2wTk+H5wVu7w65Ig==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMustContain: msDS-IsPossibleValuesPresent
+systemMustContain: msDS-ClaimIsSingleValued
+systemMustContain: msDS-ClaimIsValueSpaceRestricted
+systemMustContain: msDS-ClaimValueType
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Value-Type,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claims-Transformation-Policy-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Claims-Transformation-Policy-Type
+subClassOf: top
+governsID: 1.2.840.113556.1.5.280
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claims-Transformation-Policy-Type
+adminDescription: 
+ An object of this class holds the one set of Claims Transformation Policy for 
+ Cross-Forest Claims Transformation.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ClaimsTransformationPolicyType
+schemaIDGUID:: s2LrLnMTRf6BATh/Fnbtxw==
+systemOnly: FALSE
+systemPossSuperiors: msDS-ClaimsTransformationPolicies
+systemMayContain: msDS-TransformationRulesCompiled
+systemMayContain: msDS-TransformationRules
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Claims-Transformation-Policy-Type,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claims-Transformation-Policies,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Claims-Transformation-Policies
+subClassOf: top
+governsID: 1.2.840.113556.1.5.281
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claims-Transformation-Policies
+adminDescription: 
+ An object of this class holds the one set of Claims Transformation Policy for 
+ Cross-Forest Claims Transformation.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ClaimsTransformationPolicies
+schemaIDGUID:: san8yIh9T7uCekSJJ3EHYg==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Claims-Transformation-Policies,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Cloud-Extensions,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Cloud-Extensions
+subClassOf: top
+governsID: 1.2.840.113556.1.5.283
+mayContain: msDS-cloudExtensionAttribute20
+mayContain: msDS-cloudExtensionAttribute19
+mayContain: msDS-cloudExtensionAttribute18
+mayContain: msDS-cloudExtensionAttribute17
+mayContain: msDS-cloudExtensionAttribute16
+mayContain: msDS-cloudExtensionAttribute15
+mayContain: msDS-cloudExtensionAttribute14
+mayContain: msDS-cloudExtensionAttribute13
+mayContain: msDS-cloudExtensionAttribute12
+mayContain: msDS-cloudExtensionAttribute11
+mayContain: msDS-cloudExtensionAttribute10
+mayContain: msDS-cloudExtensionAttribute9
+mayContain: msDS-cloudExtensionAttribute8
+mayContain: msDS-cloudExtensionAttribute7
+mayContain: msDS-cloudExtensionAttribute6
+mayContain: msDS-cloudExtensionAttribute5
+mayContain: msDS-cloudExtensionAttribute4
+mayContain: msDS-cloudExtensionAttribute3
+mayContain: msDS-cloudExtensionAttribute2
+mayContain: msDS-cloudExtensionAttribute1
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Cloud-Extensions
+adminDescription: 
+ A collection of attributes used to house arbitrary cloud-relevant strings.
+objectClassCategory: 3
+lDAPDisplayName: msDS-CloudExtensions
+schemaIDGUID:: pIceZCaDcUe6LccG3zXjWg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Cloud-Extensions,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-Registration-Service-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Device-Registration-Service-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.287
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-Registration-Service-Container
+adminDescription: 
+ A class for the container used to house all enrollment services used for devic
+ e registrations.
+objectClassCategory: 1
+lDAPDisplayName: msDS-DeviceRegistrationServiceContainer
+schemaIDGUID:: zlULMc09kkOpbcnjU5fCTw==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWO
+ WDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Device-Registration-Service-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-Registration-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Device-Registration-Service
+subClassOf: top
+governsID: 1.2.840.113556.1.5.284
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-Registration-Service
+adminDescription: 
+ An object of this class holds the registration service configuration used for 
+ devices.
+objectClassCategory: 1
+lDAPDisplayName: msDS-DeviceRegistrationService
+schemaIDGUID:: Gjq8ltLj00mvEXsN951n9Q==
+systemOnly: FALSE
+systemPossSuperiors: msDS-DeviceRegistrationServiceContainer
+systemMayContain: msDS-CloudIsEnabled
+systemMayContain: msDS-CloudIssuerPublicCertificates
+systemMayContain: msDS-IssuerPublicCertificates
+systemMayContain: msDS-MaximumRegistrationInactivityPeriod
+systemMayContain: msDS-RegistrationQuota
+systemMayContain: msDS-IssuerCertificates
+systemMustContain: msDS-DeviceLocation
+systemMustContain: msDS-IsEnabled
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWO
+ WDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Device-Registration-Service,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Device-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.289
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-Container
+adminDescription: A class for the container used to hold device objects.
+objectClassCategory: 1
+lDAPDisplayName: msDS-DeviceContainer
+schemaIDGUID:: WIyefBuQqE627E656fwOEQ==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWO
+ WDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Device-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Device
+subClassOf: top
+governsID: 1.2.840.113556.1.5.286
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device
+adminDescription: An object of this type represents a registered device.
+objectClassCategory: 1
+lDAPDisplayName: msDS-Device
+schemaIDGUID:: c7byXUFtdEez6NUujun/mQ==
+systemOnly: FALSE
+systemPossSuperiors: msDS-DeviceContainer
+systemMayContain: msDS-CloudAnchor
+systemMayContain: msDS-CloudIsManaged
+systemMayContain: msDS-IsManaged
+systemMayContain: msDS-DeviceObjectVersion
+systemMayContain: msDS-RegisteredOwner
+systemMayContain: msDS-RegisteredUsers
+systemMayContain: msDS-DevicePhysicalIDs
+systemMayContain: msDS-DeviceOSVersion
+systemMayContain: msDS-DeviceOSType
+systemMayContain: msDS-ApproximateLastLogonTimeStamp
+systemMustContain: msDS-DeviceID
+systemMustContain: msDS-IsEnabled
+systemMustContain: altSecurityIdentities
+systemMustContain: displayName
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWO
+ WDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Device,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthN-Policy-Silos,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-AuthN-Policy-Silos
+subClassOf: top
+governsID: 1.2.840.113556.1.5.291
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication Policy Silos
+adminDescription: 
+ A container of this class can contain authentication policy silo objects.
+objectClassCategory: 1
+lDAPDisplayName: msDS-AuthNPolicySilos
+schemaIDGUID:: Ckex0oSPHkmnUrQB7gD+XA==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-AuthN-Policy-Silos,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthN-Policies,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-AuthN-Policies
+subClassOf: top
+governsID: 1.2.840.113556.1.5.293
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication Policies
+adminDescription: 
+ A container of this class can contain authentication policy objects.
+objectClassCategory: 1
+lDAPDisplayName: msDS-AuthNPolicies
+schemaIDGUID:: Xd+aOpd7fk+rtOW1XBwGtA==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-AuthN-Policies,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthN-Policy-Silo,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-AuthN-Policy-Silo
+subClassOf: top
+governsID: 1.2.840.113556.1.5.292
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication Policy Silo
+adminDescription: 
+ An instance of this class defines authentication policies and related behavior
+ s for assigned users, computers, and services.
+objectClassCategory: 1
+lDAPDisplayName: msDS-AuthNPolicySilo
+schemaIDGUID:: Hkbw+X1piUaSmTfmHWF7DQ==
+systemOnly: FALSE
+systemPossSuperiors: msDS-AuthNPolicySilos
+systemMayContain: msDS-AuthNPolicySiloEnforced
+systemMayContain: msDS-AssignedAuthNPolicySiloBL
+systemMayContain: msDS-ServiceAuthNPolicy
+systemMayContain: msDS-ComputerAuthNPolicy
+systemMayContain: msDS-UserAuthNPolicy
+systemMayContain: msDS-AuthNPolicySiloMembers
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-AuthN-Policy-Silo,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthN-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-AuthN-Policy
+subClassOf: top
+governsID: 1.2.840.113556.1.5.294
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication Policy
+adminDescription: 
+ An instance of this class defines authentication policy behaviors for assigned
+  principals.
+objectClassCategory: 1
+lDAPDisplayName: msDS-AuthNPolicy
+schemaIDGUID:: VhFqq8dN9UCRgI5M5C/lzQ==
+systemOnly: FALSE
+systemPossSuperiors: msDS-AuthNPolicies
+systemMayContain: msDS-AuthNPolicyEnforced
+systemMayContain: msDS-AssignedAuthNPolicyBL
+systemMayContain: msDS-ServiceAuthNPolicyBL
+systemMayContain: msDS-ComputerAuthNPolicyBL
+systemMayContain: msDS-UserAuthNPolicyBL
+systemMayContain: msDS-ServiceTGTLifetime
+systemMayContain: msDS-ServiceAllowedToAuthenticateFrom
+systemMayContain: msDS-ServiceAllowedToAuthenticateTo
+systemMayContain: msDS-ComputerTGTLifetime
+systemMayContain: msDS-ComputerAllowedToAuthenticateTo
+systemMayContain: msDS-UserTGTLifetime
+systemMayContain: msDS-UserAllowedToAuthenticateFrom
+systemMayContain: msDS-UserAllowedToAuthenticateTo
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-AuthN-Policy,CN=Schema,CN=Configuration,DC=X
+
diff --git a/source4/setup/ad-schema/AD_DS_Classes__Windows_Server_2016.ldf b/source4/setup/ad-schema/AD_DS_Classes__Windows_Server_2016.ldf
new file mode 100644
index 0000000..fc7b161
--- /dev/null
+++ b/source4/setup/ad-schema/AD_DS_Classes__Windows_Server_2016.ldf
@@ -0,0 +1,9031 @@
+# Intellectual Property Rights Notice for Open Specifications Documentation
+# - Technical Documentation. Microsoft publishes Open Specifications documentation for protocols, file formats, languages, standards as well as overviews of the interaction among each of these technologies. 
+# - Copyrights. This documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you may make copies of it in order to develop implementations of the technologies described in the Open Specifications and may distribute portions of it in your implementations using these technologies or your documentation as necessary to properly document the implementation. You may also distribute in your implementation, with or without modification, any schema, IDL’s, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the Open Specifications. 
+# - No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation.
+# - Patents. Microsoft has patents that may cover your implementations of the protocols. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, the protocols may be covered by Microsoft’s Open Specification Promise (available here: https://msdn.microsoft.com/en-US/openspecifications/dn646765). If you would prefer a written license, or if the protocols are not covered by the Open Specification Promise, patent licenses are available by contacting iplg@microsoft.com.
+# - Trademarks. The names of companies and products contained in this documentation may be covered by trademarks or similar intellectual property rights. This notice does not grant any licenses under those rights.
+# - Fictitious Names. The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in this documentation are fictitious.  No association with any real company, organization, product, domain name, email address, logo, person, place, or event is intended or should be inferred.
+# Reservation of Rights. All other rights are reserved, and this notice does not grant any rights other than specifically described above, whether by implication, estoppel, or otherwise.
+# Tools. The Open Specifications do not require the use of Microsoft programming tools or programming environments in order for you to develop an implementation. If you have access to Microsoft programming tools and environments you are free to take advantage of them. Certain Open Specifications are intended for use in conjunction with publicly available standard specifications and network programming art, and assumes that the reader either is familiar with the aforementioned material or has immediate access to it.
+
+# The following class schema definitions were generated from the Windows Server 2016 version of Active Directory Domain Services (AD DS). 
+
+dn: CN=Organization,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Organization
+subClassOf: top
+governsID: 2.5.6.4
+rDNAttID: o
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Organization
+adminDescription: Organization
+objectClassCategory: 1
+lDAPDisplayName: organization
+schemaIDGUID:: o3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: locality
+systemPossSuperiors: country
+systemPossSuperiors: domainDNS
+systemMayContain: x121Address
+systemMayContain: userPassword
+systemMayContain: telexNumber
+systemMayContain: teletexTerminalIdentifier
+systemMayContain: telephoneNumber
+systemMayContain: street
+systemMayContain: st
+systemMayContain: seeAlso
+systemMayContain: searchGuide
+systemMayContain: registeredAddress
+systemMayContain: preferredDeliveryMethod
+systemMayContain: postalCode
+systemMayContain: postalAddress
+systemMayContain: postOfficeBox
+systemMayContain: physicalDeliveryOfficeName
+systemMayContain: l
+systemMayContain: internationalISDNNumber
+systemMayContain: facsimileTelephoneNumber
+systemMayContain: destinationIndicator
+systemMayContain: businessCategory
+systemMustContain: o
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Organization,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTDS-DSA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTDS-DSA
+subClassOf: applicationSettings
+governsID: 1.2.840.113556.1.5.7000.47
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTDS-DSA
+adminDescription: NTDS-DSA
+objectClassCategory: 1
+lDAPDisplayName: nTDSDSA
+schemaIDGUID:: q//48JER0BGgYACqAGwz7Q==
+systemOnly: TRUE
+systemPossSuperiors: organization
+systemPossSuperiors: server
+systemMayContain: msDS-EnabledFeature
+systemMayContain: msDS-IsUserCachableAtRodc
+systemMayContain: msDS-SiteName
+systemMayContain: msDS-isRODC
+systemMayContain: msDS-isGC
+systemMayContain: msDS-RevealedUsers
+systemMayContain: msDS-RevealOnDemandGroup
+systemMayContain: msDS-NeverRevealGroup
+systemMayContain: msDS-hasFullReplicaNCs
+systemMayContain: serverReference
+systemMayContain: msDS-RetiredReplNCSignatures
+systemMayContain: retiredReplDSASignatures
+systemMayContain: queryPolicyObject
+systemMayContain: options
+systemMayContain: networkAddress
+systemMayContain: msDS-ReplicationEpoch
+systemMayContain: msDS-HasInstantiatedNCs
+systemMayContain: msDS-hasMasterNCs
+systemMayContain: msDS-HasDomainNCs
+systemMayContain: msDS-Behavior-Version
+systemMayContain: managedBy
+systemMayContain: lastBackupRestorationTime
+systemMayContain: invocationId
+systemMayContain: hasPartialReplicaNCs
+systemMayContain: hasMasterNCs
+systemMayContain: fRSRootPath
+systemMayContain: dMDLocation
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTDS-DSA,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DMD,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: DMD
+subClassOf: top
+governsID: 1.2.840.113556.1.3.9
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DMD
+adminDescription: DMD
+objectClassCategory: 1
+lDAPDisplayName: dMD
+schemaIDGUID:: j3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemPossSuperiors: configuration
+systemMayContain: msDS-USNLastSyncSuccess
+systemMayContain: schemaUpdate
+systemMayContain: schemaInfo
+systemMayContain: prefixMap
+systemMayContain: msDs-Schema-Extensions
+systemMayContain: msDS-IntId
+systemMayContain: dmdName
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=DMD,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SubSchema,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: SubSchema
+subClassOf: top
+governsID: 2.5.20.1
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SubSchema
+adminDescription: SubSchema
+objectClassCategory: 1
+lDAPDisplayName: subSchema
+schemaIDGUID:: YTKLWo3D0RG7yQCAx2ZwwA==
+systemOnly: TRUE
+systemPossSuperiors: dMD
+systemMayContain: objectClasses
+systemMayContain: modifyTimeStamp
+systemMayContain: extendedClassInfo
+systemMayContain: extendedAttributeInfo
+systemMayContain: dITContentRules
+systemMayContain: attributeTypes
+defaultSecurityDescriptor: D:S:
+systemFlags: 134217744
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=SubSchema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Attribute-Schema
+subClassOf: top
+governsID: 1.2.840.113556.1.3.14
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Attribute-Schema
+adminDescription: Attribute-Schema
+objectClassCategory: 1
+lDAPDisplayName: attributeSchema
+schemaIDGUID:: gHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: dMD
+systemMayContain: systemOnly
+systemMayContain: searchFlags
+systemMayContain: schemaFlagsEx
+systemMayContain: rangeUpper
+systemMayContain: rangeLower
+systemMayContain: oMObjectClass
+systemMayContain: msDs-Schema-Extensions
+systemMayContain: msDS-IntId
+systemMayContain: mAPIID
+systemMayContain: linkID
+systemMayContain: isMemberOfPartialAttributeSet
+systemMayContain: isEphemeral
+systemMayContain: isDefunct
+systemMayContain: extendedCharsAllowed
+systemMayContain: classDisplayName
+systemMayContain: attributeSecurityGUID
+systemMustContain: schemaIDGUID
+systemMustContain: oMSyntax
+systemMustContain: lDAPDisplayName
+systemMustContain: isSingleValued
+systemMustContain: cn
+systemMustContain: attributeSyntax
+systemMustContain: attributeID
+defaultSecurityDescriptor: D:S:
+systemFlags: 134217744
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=account,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: account
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 0.9.2342.19200300.100.4.5
+mayContain: uid
+mayContain: host
+mayContain: ou
+mayContain: o
+mayContain: l
+mayContain: seeAlso
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: account
+adminDescription: 
+ The account object class is used to define entries representing computer accou
+ nts.
+objectClassCategory: 1
+lDAPDisplayName: account
+schemaIDGUID:: aqQoJq2m4Eq4VCsS2f5vng==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=account,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Class-Schema
+subClassOf: top
+governsID: 1.2.840.113556.1.3.13
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Class-Schema
+adminDescription: Class-Schema
+objectClassCategory: 1
+lDAPDisplayName: classSchema
+schemaIDGUID:: g3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: dMD
+systemMayContain: systemPossSuperiors
+systemMayContain: systemOnly
+systemMayContain: systemMustContain
+systemMayContain: systemMayContain
+systemMayContain: systemAuxiliaryClass
+systemMayContain: schemaFlagsEx
+systemMayContain: rDNAttID
+systemMayContain: possSuperiors
+systemMayContain: mustContain
+systemMayContain: msDs-Schema-Extensions
+systemMayContain: msDS-IntId
+systemMayContain: mayContain
+systemMayContain: lDAPDisplayName
+systemMayContain: isDefunct
+systemMayContain: defaultSecurityDescriptor
+systemMayContain: defaultHidingValue
+systemMayContain: classDisplayName
+systemMayContain: auxiliaryClass
+systemMustContain: subClassOf
+systemMustContain: schemaIDGUID
+systemMustContain: objectClassCategory
+systemMustContain: governsID
+systemMustContain: defaultObjectCategory
+systemMustContain: cn
+defaultSecurityDescriptor: D:S:
+systemFlags: 134217744
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ACS-Policy
+subClassOf: top
+governsID: 1.2.840.113556.1.5.137
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Policy
+adminDescription: ACS-Policy
+objectClassCategory: 1
+lDAPDisplayName: aCSPolicy
+schemaIDGUID:: iBJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: aCSTotalNoOfFlows
+systemMayContain: aCSTimeOfDay
+systemMayContain: aCSServiceType
+systemMayContain: aCSPriority
+systemMayContain: aCSPermissionBits
+systemMayContain: aCSMinimumDelayVariation
+systemMayContain: aCSMinimumLatency
+systemMayContain: aCSMaximumSDUSize
+systemMayContain: aCSMinimumPolicedSize
+systemMayContain: aCSMaxTokenRatePerFlow
+systemMayContain: aCSMaxTokenBucketPerFlow
+systemMayContain: aCSMaxPeakBandwidthPerFlow
+systemMayContain: aCSMaxDurationPerFlow
+systemMayContain: aCSMaxAggregatePeakRatePerUser
+systemMayContain: aCSIdentityName
+systemMayContain: aCSDirection
+systemMayContain: aCSAggregateTokenRatePerUser
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ACS-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Resource-Limits,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ACS-Resource-Limits
+subClassOf: top
+governsID: 1.2.840.113556.1.5.191
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Resource-Limits
+adminDescription: ACS-Resource-Limits
+objectClassCategory: 1
+lDAPDisplayName: aCSResourceLimits
+schemaIDGUID:: BJuJLjQo0xGR1AAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: aCSMaxTokenRatePerFlow
+systemMayContain: aCSServiceType
+systemMayContain: aCSMaxPeakBandwidthPerFlow
+systemMayContain: aCSMaxPeakBandwidth
+systemMayContain: aCSAllocableRSVPBandwidth
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ACS-Resource-Limits,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Subnet,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ACS-Subnet
+subClassOf: top
+governsID: 1.2.840.113556.1.5.138
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Subnet
+adminDescription: ACS-Subnet
+objectClassCategory: 1
+lDAPDisplayName: aCSSubnet
+schemaIDGUID:: iRJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: aCSServerList
+systemMayContain: aCSRSVPLogFilesLocation
+systemMayContain: aCSRSVPAccountFilesLocation
+systemMayContain: aCSNonReservedTxSize
+systemMayContain: aCSNonReservedTxLimit
+systemMayContain: aCSNonReservedTokenSize
+systemMayContain: aCSNonReservedPeakRate
+systemMayContain: aCSNonReservedMinPolicedSize
+systemMayContain: aCSNonReservedMaxSDUSize
+systemMayContain: aCSMaxTokenRatePerFlow
+systemMayContain: aCSMaxSizeOfRSVPLogFile
+systemMayContain: aCSMaxSizeOfRSVPAccountFile
+systemMayContain: aCSMaxPeakBandwidthPerFlow
+systemMayContain: aCSMaxPeakBandwidth
+systemMayContain: aCSMaxNoOfLogFiles
+systemMayContain: aCSMaxNoOfAccountFiles
+systemMayContain: aCSMaxDurationPerFlow
+systemMayContain: aCSEventLogLevel
+systemMayContain: aCSEnableRSVPMessageLogging
+systemMayContain: aCSEnableRSVPAccounting
+systemMayContain: aCSEnableACSService
+systemMayContain: aCSDSBMRefresh
+systemMayContain: aCSDSBMPriority
+systemMayContain: aCSDSBMDeadTime
+systemMayContain: aCSCacheTimeout
+systemMayContain: aCSAllocableRSVPBandwidth
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ACS-Subnet,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Book-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Address-Book-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.125
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Book-Container
+adminDescription: Address-Book-Container
+objectClassCategory: 1
+lDAPDisplayName: addressBookContainer
+schemaIDGUID:: D/Z0PnM+0RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: addressBookContainer
+systemPossSuperiors: configuration
+systemMayContain: purportedSearch
+systemMustContain: displayName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(OA;;CR;a1990816-4298-11d1-ade2-00c04fd8d5cd;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Address-Book-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Template,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Address-Template
+subClassOf: displayTemplate
+governsID: 1.2.840.113556.1.3.58
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Template
+adminDescription: Address-Template
+objectClassCategory: 1
+lDAPDisplayName: addressTemplate
+schemaIDGUID:: CiXUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: proxyGenerationEnabled
+systemMayContain: perRecipDialogDisplayTable
+systemMayContain: perMsgDialogDisplayTable
+systemMayContain: addressType
+systemMayContain: addressSyntax
+systemMustContain: displayName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Address-Template,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Application-Entity,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Application-Entity
+subClassOf: top
+governsID: 2.5.6.12
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Application-Entity
+adminDescription: Application-Entity
+objectClassCategory: 1
+lDAPDisplayName: applicationEntity
+schemaIDGUID:: T+7fP/RH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: applicationProcess
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: supportedApplicationContext
+systemMayContain: seeAlso
+systemMayContain: ou
+systemMayContain: o
+systemMayContain: l
+systemMustContain: presentationAddress
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Application-Entity,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Application-Process,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Application-Process
+subClassOf: top
+governsID: 2.5.6.11
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Application-Process
+adminDescription: Application-Process
+objectClassCategory: 1
+lDAPDisplayName: applicationProcess
+schemaIDGUID:: CyXUX2IS0BGgYACqAGwz7Q==
+systemOnly: TRUE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: organization
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemMayContain: seeAlso
+systemMayContain: ou
+systemMayContain: l
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Application-Process,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Application-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Application-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.5.7000.49
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Application-Settings
+adminDescription: Application-Settings
+objectClassCategory: 2
+lDAPDisplayName: applicationSettings
+schemaIDGUID:: wayA9/BW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: server
+systemMayContain: notificationList
+systemMayContain: msDS-Settings
+systemMayContain: applicationName
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Application-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Application-Site-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Application-Site-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.5.68
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Application-Site-Settings
+adminDescription: Application-Site-Settings
+objectClassCategory: 2
+lDAPDisplayName: applicationSiteSettings
+schemaIDGUID:: XFoZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: site
+systemMayContain: notificationList
+systemMayContain: applicationName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Application-Site-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Application-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Application-Version
+possSuperiors: organizationalUnit
+possSuperiors: computer
+possSuperiors: container
+subClassOf: applicationSettings
+governsID: 1.2.840.113556.1.5.216
+mayContain: owner
+mayContain: managedBy
+mayContain: keywords
+mayContain: versionNumberLo
+mayContain: versionNumberHi
+mayContain: versionNumber
+mayContain: vendor
+mayContain: appSchemaVersion
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Application-Version
+adminDescription: 
+ Stores versioning information for an application and its schema.
+objectClassCategory: 1
+lDAPDisplayName: applicationVersion
+schemaIDGUID:: rJDH3U2vKkSPD6HUyqfdkg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 0
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Application-Version,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Builtin-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Builtin-Domain
+subClassOf: top
+governsID: 1.2.840.113556.1.5.4
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Builtin-Domain
+adminDescription: Builtin-Domain
+objectClassCategory: 1
+lDAPDisplayName: builtinDomain
+schemaIDGUID:: gXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemAuxiliaryClass: samDomainBase
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Builtin-Domain,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Category-Registration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Category-Registration
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.74
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Category-Registration
+adminDescription: Category-Registration
+objectClassCategory: 1
+lDAPDisplayName: categoryRegistration
+schemaIDGUID:: nQ5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: classStore
+systemMayContain: managedBy
+systemMayContain: localizedDescription
+systemMayContain: localeID
+systemMayContain: categoryId
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Category-Registration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Certification-Authority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Certification-Authority
+subClassOf: top
+governsID: 2.5.6.16
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Certification-Authority
+adminDescription: Certification-Authority
+objectClassCategory: 0
+lDAPDisplayName: certificationAuthority
+schemaIDGUID:: UO7fP/RH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: teletexTerminalIdentifier
+systemMayContain: supportedApplicationContext
+systemMayContain: signatureAlgorithms
+systemMayContain: searchGuide
+systemMayContain: previousParentCA
+systemMayContain: previousCACertificates
+systemMayContain: pendingParentCA
+systemMayContain: pendingCACertificates
+systemMayContain: parentCACertificateChain
+systemMayContain: parentCA
+systemMayContain: enrollmentProviders
+systemMayContain: domainPolicyObject
+systemMayContain: domainID
+systemMayContain: dNSHostName
+systemMayContain: deltaRevocationList
+systemMayContain: currentParentCA
+systemMayContain: crossCertificatePair
+systemMayContain: cRLObject
+systemMayContain: certificateTemplates
+systemMayContain: cAWEBURL
+systemMayContain: cAUsages
+systemMayContain: cAConnect
+systemMayContain: cACertificateDN
+systemMustContain: cn
+systemMustContain: certificateRevocationList
+systemMustContain: cACertificate
+systemMustContain: authorityRevocationList
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Certification-Authority,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Class-Registration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Class-Registration
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.10
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Class-Registration
+adminDescription: Class-Registration
+objectClassCategory: 1
+lDAPDisplayName: classRegistration
+schemaIDGUID:: gnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: classStore
+systemMayContain: requiredCategories
+systemMayContain: managedBy
+systemMayContain: implementedCategories
+systemMayContain: cOMTreatAsClassId
+systemMayContain: cOMProgID
+systemMayContain: cOMOtherProgId
+systemMayContain: cOMInterfaceID
+systemMayContain: cOMCLSID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Class-Registration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Class-Store,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Class-Store
+subClassOf: top
+governsID: 1.2.840.113556.1.5.44
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Class-Store
+adminDescription: Class-Store
+objectClassCategory: 1
+lDAPDisplayName: classStore
+schemaIDGUID:: hHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: domainPolicy
+systemPossSuperiors: computer
+systemPossSuperiors: group
+systemPossSuperiors: user
+systemPossSuperiors: classStore
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemPossSuperiors: container
+systemMayContain: versionNumber
+systemMayContain: nextLevelStore
+systemMayContain: lastUpdateSequence
+systemMayContain: appSchemaVersion
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Class-Store,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Com-Connection-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Com-Connection-Point
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.11
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Com-Connection-Point
+adminDescription: Com-Connection-Point
+objectClassCategory: 1
+lDAPDisplayName: comConnectionPoint
+schemaIDGUID:: hXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: monikerDisplayName
+systemMayContain: moniker
+systemMayContain: marshalledInterface
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Com-Connection-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Computer
+subClassOf: user
+governsID: 1.2.840.113556.1.3.30
+mayContain: msSFU30Name
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Aliases
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Computer
+adminDescription: Computer
+auxiliaryClass: ipHost
+objectClassCategory: 1
+lDAPDisplayName: computer
+schemaIDGUID:: hnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: msImaging-HashAlgorithm
+systemMayContain: msImaging-ThumbprintHash
+systemMayContain: msDS-GenerationId
+systemMayContain: msTPM-TpmInformationForComputer
+systemMayContain: msTSSecondaryDesktopBL
+systemMayContain: msTSPrimaryDesktopBL
+systemMayContain: msTSEndpointPlugin
+systemMayContain: msTSEndpointType
+systemMayContain: msTSEndpointData
+systemMayContain: msDS-HostServiceAccount
+systemMayContain: msDS-IsUserCachableAtRodc
+systemMayContain: msTSProperty02
+systemMayContain: msTSProperty01
+systemMayContain: msTPM-OwnerInformation
+systemMayContain: msDS-RevealOnDemandGroup
+systemMayContain: msDS-NeverRevealGroup
+systemMayContain: msDS-PromotionSettings
+systemMayContain: msDS-SiteName
+systemMayContain: msDS-isRODC
+systemMayContain: msDS-isGC
+systemMayContain: msDS-AuthenticatedAtDC
+systemMayContain: msDS-ExecuteScriptPassword
+systemMayContain: msDS-RevealedList
+systemMayContain: msDS-RevealedUsers
+systemMayContain: msDS-KrbTgtLink
+systemMayContain: volumeCount
+systemMayContain: siteGUID
+systemMayContain: rIDSetReferences
+systemMayContain: policyReplicationFlags
+systemMayContain: physicalLocationObject
+systemMayContain: operatingSystemVersion
+systemMayContain: operatingSystemServicePack
+systemMayContain: operatingSystemHotfix
+systemMayContain: operatingSystem
+systemMayContain: networkAddress
+systemMayContain: netbootSIFFile
+systemMayContain: netbootMirrorDataFile
+systemMayContain: netbootMachineFilePath
+systemMayContain: netbootInitialization
+systemMayContain: netbootDUID
+systemMayContain: netbootGUID
+systemMayContain: msDS-AdditionalSamAccountName
+systemMayContain: msDS-AdditionalDnsHostName
+systemMayContain: managedBy
+systemMayContain: machineRole
+systemMayContain: location
+systemMayContain: localPolicyFlags
+systemMayContain: dNSHostName
+systemMayContain: defaultLocalPolicyObject
+systemMayContain: cn
+systemMayContain: catalogs
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCRLCLORCSDDT;;;CO)(OA;;WP;4c164200-20c0-
+ 11d0-a768-00aa006e0529;;CO)(A;;RPLCLORC;;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-0
+ 0aa0040529b;;WD)(A;;CCDC;;;PS)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;
+ PO)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;SW;f3a64788-5306-11
+ d1-a9c5-0000f80367c1;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(O
+ A;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)(OA;;SW;72e39547-7b18-11d1-adef
+ -00c04fd8d5cd;;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO)(OA;;WP;3e0
+ abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;
+ ;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00aa003049e2;
+ CO)(OA;;WP;bf967950-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa00
+ 3049e2;CO)(OA;;WP;bf967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285
+ -00aa003049e2;CO)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Configuration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Configuration
+subClassOf: top
+governsID: 1.2.840.113556.1.5.12
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Configuration
+adminDescription: Configuration
+objectClassCategory: 1
+lDAPDisplayName: configuration
+schemaIDGUID:: h3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemPossSuperiors: domainDNS
+systemMayContain: msDS-USNLastSyncSuccess
+systemMayContain: gPOptions
+systemMayContain: gPLink
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLC
+ LORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Configuration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Connection-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Connection-Point
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.14
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Connection-Point
+adminDescription: Connection-Point
+objectClassCategory: 2
+lDAPDisplayName: connectionPoint
+schemaIDGUID:: zx60XEwO0BGihgCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemMayContain: msDS-Settings
+systemMayContain: managedBy
+systemMayContain: keywords
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Connection-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Contact,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Contact
+subClassOf: organizationalPerson
+governsID: 1.2.840.113556.1.5.15
+mayContain: msDS-SourceObjectDN
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Contact
+adminDescription: Contact
+objectClassCategory: 1
+lDAPDisplayName: contact
+schemaIDGUID:: 0B60XEwO0BGihgCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: notes
+systemMustContain: cn
+systemAuxiliaryClass: mailRecipient
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Person,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Person
+subClassOf: top
+governsID: 2.5.6.6
+mayContain: attributeCertificateAttribute
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Person
+adminDescription: Person
+objectClassCategory: 0
+lDAPDisplayName: person
+schemaIDGUID:: p3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: userPassword
+systemMayContain: telephoneNumber
+systemMayContain: sn
+systemMayContain: serialNumber
+systemMayContain: seeAlso
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Container
+subClassOf: top
+governsID: 1.2.840.113556.1.3.23
+mayContain: msDS-ObjectReference
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Container
+adminDescription: Container
+objectClassCategory: 1
+lDAPDisplayName: container
+schemaIDGUID:: i3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: msDS-AzScope
+systemPossSuperiors: msDS-AzApplication
+systemPossSuperiors: msDS-AzAdminManager
+systemPossSuperiors: subnet
+systemPossSuperiors: server
+systemPossSuperiors: nTDSService
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organization
+systemPossSuperiors: configuration
+systemPossSuperiors: container
+systemPossSuperiors: organizationalUnit
+systemMayContain: schemaVersion
+systemMayContain: defaultClassStore
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Control-Access-Right,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Control-Access-Right
+subClassOf: top
+governsID: 1.2.840.113556.1.5.77
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Control-Access-Right
+adminDescription: Control-Access-Right
+objectClassCategory: 1
+lDAPDisplayName: controlAccessRight
+schemaIDGUID:: HpOXgtOG0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: validAccesses
+systemMayContain: rightsGuid
+systemMayContain: localizationDisplayId
+systemMayContain: appliesTo
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Control-Access-Right,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Country,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Country
+subClassOf: top
+governsID: 2.5.6.2
+rDNAttID: c
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Country
+adminDescription: Country
+objectClassCategory: 0
+lDAPDisplayName: country
+schemaIDGUID:: jHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organization
+systemMayContain: co
+systemMayContain: searchGuide
+systemMustContain: c
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Country,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CRL-Distribution-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: CRL-Distribution-Point
+subClassOf: top
+governsID: 2.5.6.19
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CRL-Distribution-Point
+adminDescription: CRL-Distribution-Point
+objectClassCategory: 1
+lDAPDisplayName: cRLDistributionPoint
+schemaIDGUID:: ylh3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: deltaRevocationList
+systemMayContain: cRLPartitionedRevocationList
+systemMayContain: certificateRevocationList
+systemMayContain: certificateAuthorityObject
+systemMayContain: authorityRevocationList
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=CRL-Distribution-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Cross-Ref,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Cross-Ref
+subClassOf: top
+governsID: 1.2.840.113556.1.3.11
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Cross-Ref
+adminDescription: Cross-Ref
+objectClassCategory: 1
+lDAPDisplayName: crossRef
+schemaIDGUID:: jXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: crossRefContainer
+systemMayContain: trustParent
+systemMayContain: superiorDNSRoot
+systemMayContain: rootTrust
+systemMayContain: nTMixedDomain
+systemMayContain: nETBIOSName
+systemMayContain: Enabled
+systemMayContain: msDS-SDReferenceDomain
+systemMayContain: msDS-Replication-Notify-Subsequent-DSA-Delay
+systemMayContain: msDS-Replication-Notify-First-DSA-Delay
+systemMayContain: msDS-NC-RO-Replica-Locations
+systemMayContain: msDS-NC-Replica-Locations
+systemMayContain: msDS-DnsRootAlias
+systemMayContain: msDS-Behavior-Version
+systemMustContain: nCName
+systemMustContain: dnsRoot
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Cross-Ref-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.7000.53
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Cross-Ref-Container
+adminDescription: Cross-Ref-Container
+objectClassCategory: 1
+lDAPDisplayName: crossRefContainer
+schemaIDGUID:: 4GCe7/dW0RGpxgAA+ANnwQ==
+systemOnly: TRUE
+systemPossSuperiors: configuration
+systemMayContain: msDS-EnabledFeature
+systemMayContain: msDS-SPNSuffixes
+systemMayContain: uPNSuffixes
+systemMayContain: msDS-UpdateScript
+systemMayContain: msDS-ExecuteScriptPassword
+systemMayContain: msDS-Behavior-Version
+defaultSecurityDescriptor: D:(A;;GA;;;SY)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Device,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Device
+subClassOf: top
+governsID: 2.5.6.14
+mayContain: msSFU30Aliases
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Device
+adminDescription: Device
+auxiliaryClass: ipHost
+auxiliaryClass: ieee802Device
+auxiliaryClass: bootableDevice
+objectClassCategory: 0
+lDAPDisplayName: device
+schemaIDGUID:: jnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: organization
+systemPossSuperiors: container
+systemMayContain: serialNumber
+systemMayContain: seeAlso
+systemMayContain: owner
+systemMayContain: ou
+systemMayContain: o
+systemMayContain: l
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Device,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dfs-Configuration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Dfs-Configuration
+subClassOf: top
+governsID: 1.2.840.113556.1.5.42
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dfs-Configuration
+adminDescription: Dfs-Configuration
+objectClassCategory: 1
+lDAPDisplayName: dfsConfiguration
+schemaIDGUID:: 8vlHhCcQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: domainDNS
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Dfs-Configuration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DHCP-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: DHCP-Class
+subClassOf: top
+governsID: 1.2.840.113556.1.5.132
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DHCP-Class
+adminDescription: DHCP-Class
+objectClassCategory: 1
+lDAPDisplayName: dHCPClass
+schemaIDGUID:: Vic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: superScopes
+systemMayContain: superScopeDescription
+systemMayContain: optionsLocation
+systemMayContain: optionDescription
+systemMayContain: networkAddress
+systemMayContain: mscopeId
+systemMayContain: dhcpUpdateTime
+systemMayContain: dhcpSubnets
+systemMayContain: dhcpState
+systemMayContain: dhcpSites
+systemMayContain: dhcpServers
+systemMayContain: dhcpReservations
+systemMayContain: dhcpRanges
+systemMayContain: dhcpProperties
+systemMayContain: dhcpOptions
+systemMayContain: dhcpObjName
+systemMayContain: dhcpObjDescription
+systemMayContain: dhcpMaxKey
+systemMayContain: dhcpMask
+systemMayContain: dhcpClasses
+systemMustContain: dhcpUniqueKey
+systemMustContain: dhcpType
+systemMustContain: dhcpIdentification
+systemMustContain: dhcpFlags
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=DHCP-Class,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Display-Specifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Display-Specifier
+subClassOf: top
+governsID: 1.2.840.113556.1.5.84
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Display-Specifier
+adminDescription: Display-Specifier
+objectClassCategory: 1
+lDAPDisplayName: displaySpecifier
+schemaIDGUID:: ih764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: treatAsLeaf
+systemMayContain: shellPropertyPages
+systemMayContain: shellContextMenu
+systemMayContain: scopeFlags
+systemMayContain: queryFilter
+systemMayContain: iconPath
+systemMayContain: extraColumns
+systemMayContain: creationWizard
+systemMayContain: createWizardExt
+systemMayContain: createDialog
+systemMayContain: contextMenu
+systemMayContain: classDisplayName
+systemMayContain: attributeDisplayNames
+systemMayContain: adminPropertyPages
+systemMayContain: adminMultiselectPropertyPages
+systemMayContain: adminContextMenu
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Display-Specifier,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Display-Template,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Display-Template
+subClassOf: top
+governsID: 1.2.840.113556.1.3.59
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Display-Template
+adminDescription: Display-Template
+objectClassCategory: 1
+lDAPDisplayName: displayTemplate
+schemaIDGUID:: DCXUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: originalDisplayTableMSDOS
+systemMayContain: originalDisplayTable
+systemMayContain: helpFileName
+systemMayContain: helpData32
+systemMayContain: helpData16
+systemMayContain: addressEntryDisplayTableMSDOS
+systemMayContain: addressEntryDisplayTable
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Display-Template,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Node,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Dns-Node
+subClassOf: top
+governsID: 1.2.840.113556.1.5.86
+rDNAttID: dc
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Node
+adminDescription: Dns-Node
+objectClassCategory: 1
+lDAPDisplayName: dnsNode
+schemaIDGUID:: jB764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: dnsZoneScope
+systemPossSuperiors: dnsZone
+systemMayContain: dNSTombstoned
+systemMayContain: dnsRecord
+systemMayContain: dNSProperty
+systemMustContain: dc
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;ED)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLO
+ RC;;;WD)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Zone,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Dns-Zone
+subClassOf: top
+governsID: 1.2.840.113556.1.5.85
+rDNAttID: dc
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Zone
+adminDescription: Dns-Zone
+objectClassCategory: 1
+lDAPDisplayName: dnsZone
+schemaIDGUID:: ix764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msDNS-NSEC3CurrentSalt
+systemMayContain: msDNS-NSEC3UserSalt
+systemMayContain: msDNS-PropagationTime
+systemMayContain: msDNS-ParentHasSecureDelegation
+systemMayContain: msDNS-DNSKEYRecords
+systemMayContain: msDNS-SigningKeys
+systemMayContain: msDNS-SigningKeyDescriptors
+systemMayContain: msDNS-SecureDelegationPollingPeriod
+systemMayContain: msDNS-SignatureInceptionOffset
+systemMayContain: msDNS-DSRecordSetTTL
+systemMayContain: msDNS-DNSKEYRecordSetTTL
+systemMayContain: msDNS-NSEC3Iterations
+systemMayContain: msDNS-NSEC3RandomSaltLength
+systemMayContain: msDNS-NSEC3HashAlgorithm
+systemMayContain: msDNS-RFC5011KeyRollovers
+systemMayContain: msDNS-DSRecordAlgorithms
+systemMayContain: msDNS-MaintainTrustAnchor
+systemMayContain: msDNS-NSEC3OptOut
+systemMayContain: msDNS-SignWithNSEC3
+systemMayContain: msDNS-IsSigned
+systemMayContain: managedBy
+systemMayContain: dnsSecureSecondaries
+systemMayContain: dNSProperty
+systemMayContain: dnsNotifySecondaries
+systemMayContain: dnsAllowXFR
+systemMayContain: dnsAllowDynamic
+systemMustContain: dc
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;ED)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;CC;;;AU)(A;;RPLCLORC;;;WD)(A;;RPWPCRCCDCLC
+ LORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Dns-Zone,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=document,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: document
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 0.9.2342.19200300.100.4.6
+mayContain: documentIdentifier
+mayContain: documentPublisher
+mayContain: documentLocation
+mayContain: documentAuthor
+mayContain: documentVersion
+mayContain: documentTitle
+mayContain: ou
+mayContain: o
+mayContain: l
+mayContain: seeAlso
+mayContain: description
+mayContain: cn
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: document
+adminDescription: 
+ The document object class is used to define entries which represent documents.
+objectClassCategory: 1
+lDAPDisplayName: document
+schemaIDGUID:: bdm6OdbCr0uIq35CB2ABFw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=document,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentSeries,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: documentSeries
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 0.9.2342.19200300.100.4.9
+mustContain: cn
+mayContain: telephoneNumber
+mayContain: ou
+mayContain: o
+mayContain: l
+mayContain: seeAlso
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentSeries
+adminDescription: 
+ The documentSeries object class is used to define an entry which represents a 
+ series of documents.
+objectClassCategory: 1
+lDAPDisplayName: documentSeries
+schemaIDGUID:: fOArei8wlku8kAeV1miF+A==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=documentSeries,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Domain
+subClassOf: top
+governsID: 1.2.840.113556.1.5.66
+rDNAttID: dc
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain
+adminDescription: Domain
+objectClassCategory: 2
+lDAPDisplayName: domain
+schemaIDGUID:: WloZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: domain
+systemPossSuperiors: organization
+systemMustContain: dc
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-DNS,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Domain-DNS
+subClassOf: domain
+governsID: 1.2.840.113556.1.5.67
+rDNAttID: dc
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-DNS
+adminDescription: Domain-DNS
+objectClassCategory: 1
+lDAPDisplayName: domainDNS
+schemaIDGUID:: W1oZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemMayContain: msDS-ExpirePasswordsOnSmartCardOnlyAccounts
+systemMayContain: msDS-EnabledFeature
+systemMayContain: msDS-USNLastSyncSuccess
+systemMayContain: msDS-Behavior-Version
+systemMayContain: msDS-AllowedDNSSuffixes
+systemMayContain: managedBy
+systemAuxiliaryClass: samDomain
+defaultSecurityDescriptor: 
+ D:(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;S-1-5-21-2063560558-3296776465
+ -833389195-498)(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(O
+ A;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f
+ -00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;113
+ 1f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2
+ dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCW
+ DWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDD
+ TSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967a
+ ba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2
+ d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-90
+ 20-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-2
+ 0c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP
+ ;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)
+ (OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0
+ de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-1
+ 1d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b422
+ -00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79a
+ 2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;b
+ c0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(O
+ A;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015
+ E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9
+ B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU
+ )(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-a
+ b7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba
+ -0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f6
+ 08;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e
+ -00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;WP;ea1b7b93-5e4
+ 8-46d5-bc6c-4df4fda78a35;bf967a86-0de6-11d0-a285-00aa003049e2;PS)(OA;;CR;1131f
+ 6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda64
+ 0c;;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;89e95b76-444d-
+ 4c62-991a-0facbeda640c;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5
+ -32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad
+ -4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)(
+ OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ae-9c07-11d1-f79
+ f-00c04fc2dcd2;;BA)(OA;CIIO;CRRPWP;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)(O
+ A;CIOI;RPWP;3f78c3e5-f79a-46bd-a0b8-9d18116ddc79;;PS)(OA;CIIO;SW;9b026da6-0d3c
+ -465c-8bee-5199d7165cba;bf967a86-0de6-11d0-a285-00aa003049e2;PS)(OA;CIIO;SW;9b
+ 026da6-0d3c-465c-8bee-5199d7165cba;bf967a86-0de6-11d0-a285-00aa003049e2;CO)S:(
+ AU;SA;WDWOWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1
+ -b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bb
+ f-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Domain-Policy
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.18
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Policy
+adminDescription: Domain-Policy
+objectClassCategory: 1
+lDAPDisplayName: domainPolicy
+schemaIDGUID:: mXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemPossSuperiors: container
+systemMayContain: qualityOfService
+systemMayContain: pwdProperties
+systemMayContain: pwdHistoryLength
+systemMayContain: publicKeyPolicy
+systemMayContain: proxyLifetime
+systemMayContain: minTicketAge
+systemMayContain: minPwdLength
+systemMayContain: minPwdAge
+systemMayContain: maxTicketAge
+systemMayContain: maxRenewAge
+systemMayContain: maxPwdAge
+systemMayContain: managedBy
+systemMayContain: lockoutThreshold
+systemMayContain: lockoutDuration
+systemMayContain: lockOutObservationWindow
+systemMayContain: ipsecPolicyReference
+systemMayContain: forceLogoff
+systemMayContain: eFSPolicy
+systemMayContain: domainWidePolicy
+systemMayContain: domainPolicyReference
+systemMayContain: domainCAs
+systemMayContain: defaultLocalPolicyObject
+systemMayContain: authenticationOptions
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Domain-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=domainRelatedObject,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: domainRelatedObject
+subClassOf: top
+governsID: 0.9.2342.19200300.100.4.17
+mayContain: associatedDomain
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: domainRelatedObject
+adminDescription: 
+ The domainRelatedObject object class is used to define an entry which represen
+ ts a series of documents.
+objectClassCategory: 3
+lDAPDisplayName: domainRelatedObject
+schemaIDGUID:: PS39i9rvSUWFLPheE3rtxg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=domainRelatedObject,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DS-UI-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: DS-UI-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.5.183
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DS-UI-Settings
+adminDescription: DS-UI-Settings
+objectClassCategory: 1
+lDAPDisplayName: dSUISettings
+schemaIDGUID:: FA+xCZNv0hGZBQAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msDS-Non-Security-Group-Extra-Classes
+systemMayContain: msDS-Security-Group-Extra-Classes
+systemMayContain: msDS-FilterContainers
+systemMayContain: dSUIShellMaximum
+systemMayContain: dSUIAdminNotification
+systemMayContain: dSUIAdminMaximum
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=DS-UI-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DSA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: DSA
+subClassOf: applicationEntity
+governsID: 2.5.6.13
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DSA
+adminDescription: DSA
+objectClassCategory: 1
+lDAPDisplayName: dSA
+schemaIDGUID:: Uu7fP/RH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: server
+systemPossSuperiors: computer
+systemMayContain: knowledgeInformation
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=DSA,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dynamic-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Dynamic-Object
+description: 
+ This class, if present in an entry, indicates that this entry has a limited li
+ fetime and may disappear automatically when its time-to-live has reached 0. If
+  the client has not supplied a value for the entryTtl attribute, the server wi
+ ll provide one.
+subClassOf: top
+governsID: 1.3.6.1.4.1.1466.101.119.2
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dynamic-Object
+adminDescription: Dynamic-Object
+objectClassCategory: 3
+lDAPDisplayName: dynamicObject
+schemaIDGUID:: SRLVZlUzH0yyToHyUqyiOw==
+systemOnly: FALSE
+systemMayContain: msDS-Entry-Time-To-Die
+systemMayContain: entryTTL
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Dynamic-Object,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=File-Link-Tracking,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: File-Link-Tracking
+subClassOf: top
+governsID: 1.2.840.113556.1.5.52
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: File-Link-Tracking
+adminDescription: File-Link-Tracking
+objectClassCategory: 1
+lDAPDisplayName: fileLinkTracking
+schemaIDGUID:: KSJx3eQQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=File-Link-Tracking,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=File-Link-Tracking-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: File-Link-Tracking-Entry
+subClassOf: top
+governsID: 1.2.840.113556.1.5.59
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: File-Link-Tracking-Entry
+adminDescription: File-Link-Tracking-Entry
+objectClassCategory: 1
+lDAPDisplayName: fileLinkTrackingEntry
+schemaIDGUID:: 7bJOjhJH0BGhoADAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: fileLinkTracking
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=File-Link-Tracking-Entry,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Foreign-Security-Principal
+subClassOf: top
+governsID: 1.2.840.113556.1.5.76
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Foreign-Security-Principal
+adminDescription: Foreign-Security-Principal
+objectClassCategory: 1
+lDAPDisplayName: foreignSecurityPrincipal
+schemaIDGUID:: EhzjiTCF0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: foreignIdentifier
+systemMustContain: objectSid
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9
+ 819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;
+ ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-000
+ 0F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45
+ 795B3-9455-11d1-AEBD-0000F80367C1;;PS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9
+ 020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;
+ E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04
+ fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=friendlyCountry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: friendlyCountry
+subClassOf: country
+governsID: 0.9.2342.19200300.100.4.18
+mustContain: co
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: friendlyCountry
+adminDescription: 
+ The friendlyCountry object class is used to define country entries in the DIT.
+objectClassCategory: 1
+lDAPDisplayName: friendlyCountry
+schemaIDGUID:: UvGYxGvcSkefUnzbo9fTUQ==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=friendlyCountry,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FT-Dfs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: FT-Dfs
+subClassOf: top
+governsID: 1.2.840.113556.1.5.43
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FT-Dfs
+adminDescription: FT-Dfs
+objectClassCategory: 1
+lDAPDisplayName: fTDfs
+schemaIDGUID:: 8/lHhCcQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemPossSuperiors: dfsConfiguration
+systemMayContain: uNCName
+systemMayContain: managedBy
+systemMayContain: keywords
+systemMustContain: remoteServerName
+systemMustContain: pKTGuid
+systemMustContain: pKT
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=FT-Dfs,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Group
+subClassOf: top
+governsID: 1.2.840.113556.1.5.8
+mayContain: msSFU30PosixMember
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group
+adminDescription: Group
+auxiliaryClass: posixGroup
+objectClassCategory: 1
+lDAPDisplayName: group
+schemaIDGUID:: nHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: msDS-AzScope
+systemPossSuperiors: msDS-AzApplication
+systemPossSuperiors: msDS-AzAdminManager
+systemPossSuperiors: container
+systemPossSuperiors: builtinDomain
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: msDS-PrimaryComputer
+systemMayContain: msDS-AzApplicationData
+systemMayContain: msDS-AzLastImportedBizRulePath
+systemMayContain: msDS-AzBizRuleLanguage
+systemMayContain: msDS-AzBizRule
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: primaryGroupToken
+systemMayContain: operatorCount
+systemMayContain: nTGroupMembers
+systemMayContain: nonSecurityMember
+systemMayContain: msDS-NonMembers
+systemMayContain: msDS-AzLDAPQuery
+systemMayContain: member
+systemMayContain: managedBy
+systemMayContain: groupMembershipSAM
+systemMayContain: groupAttributes
+systemMayContain: mail
+systemMayContain: desktopProfile
+systemMayContain: controlAccessRights
+systemMayContain: adminCount
+systemMustContain: groupType
+systemAuxiliaryClass: mailRecipient
+systemAuxiliaryClass: securityPrincipal
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab
+ 721a55-1e2f-11d0-9819-00aa0040529b;;AU)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d
+ 456d2;;S-1-5-32-560)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Group,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group-Of-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Group-Of-Names
+subClassOf: top
+governsID: 2.5.6.9
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group-Of-Names
+adminDescription: Group-Of-Names
+objectClassCategory: 0
+lDAPDisplayName: groupOfNames
+schemaIDGUID:: nXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: locality
+systemPossSuperiors: organization
+systemPossSuperiors: container
+systemMayContain: seeAlso
+systemMayContain: owner
+systemMayContain: ou
+systemMayContain: o
+systemMayContain: businessCategory
+systemMustContain: member
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Group-Of-Names,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=groupOfUniqueNames,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: groupOfUniqueNames
+possSuperiors: domainDNS
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 2.5.6.17
+mustContain: uniqueMember
+mustContain: cn
+mayContain: seeAlso
+mayContain: owner
+mayContain: ou
+mayContain: o
+mayContain: description
+mayContain: businessCategory
+rDNAttID: cn
+showInAdvancedViewOnly: FALSE
+adminDisplayName: groupOfUniqueNames
+adminDescription: Defines the entries for a group of unique names.
+objectClassCategory: 1
+lDAPDisplayName: groupOfUniqueNames
+schemaIDGUID:: EakQA6OTIU6no1XYWrLEiw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)
+systemFlags: 0
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=groupOfUniqueNames,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group-Policy-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Group-Policy-Container
+subClassOf: container
+governsID: 1.2.840.113556.1.5.157
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group-Policy-Container
+adminDescription: Group-Policy-Container
+objectClassCategory: 1
+lDAPDisplayName: groupPolicyContainer
+schemaIDGUID:: wjsO8/Cf0RG2AwAA+ANnwQ==
+systemOnly: FALSE
+systemMayContain: versionNumber
+systemMayContain: gPCWQLFilter
+systemMayContain: gPCUserExtensionNames
+systemMayContain: gPCMachineExtensionNames
+systemMayContain: gPCFunctionalityVersion
+systemMayContain: gPCFileSysPath
+systemMayContain: flags
+defaultSecurityDescriptor: 
+ D:P(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;DA)(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;EA
+ )(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;CO)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;
+ CI;RPLCLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;LCRP
+ LORC;;;ED)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Group-Policy-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Index-Server-Catalog,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Index-Server-Catalog
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.130
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Index-Server-Catalog
+adminDescription: Index-Server-Catalog
+objectClassCategory: 1
+lDAPDisplayName: indexServerCatalog
+schemaIDGUID:: isv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: uNCName
+systemMayContain: queryPoint
+systemMayContain: indexedScopes
+systemMayContain: friendlyNames
+systemMustContain: creator
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Index-Server-Catalog,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=inetOrgPerson,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: inetOrgPerson
+possSuperiors: domainDNS
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: user
+governsID: 2.16.840.1.113730.3.2.2
+mayContain: x500uniqueIdentifier
+mayContain: userSMIMECertificate
+mayContain: userPKCS12
+mayContain: userCertificate
+mayContain: uid
+mayContain: secretary
+mayContain: roomNumber
+mayContain: preferredLanguage
+mayContain: photo
+mayContain: pager
+mayContain: o
+mayContain: mobile
+mayContain: manager
+mayContain: mail
+mayContain: labeledURI
+mayContain: jpegPhoto
+mayContain: initials
+mayContain: homePostalAddress
+mayContain: homePhone
+mayContain: givenName
+mayContain: employeeType
+mayContain: employeeNumber
+mayContain: displayName
+mayContain: departmentNumber
+mayContain: carLicense
+mayContain: businessCategory
+mayContain: audio
+rDNAttID: cn
+showInAdvancedViewOnly: FALSE
+adminDisplayName: inetOrgPerson
+adminDescription: 
+ Represents people who are associated with an organization in some way.
+objectClassCategory: 1
+lDAPDisplayName: inetOrgPerson
+schemaIDGUID:: FMwoSDcUvEWbB61vAV5fKA==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9
+ 819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;
+ ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-000
+ 0F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45
+ 795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968
+ f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a
+ 9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04
+ fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-
+ 9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;
+ AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0
+ -9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;
+ ;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422
+ -11d1-aebd-0000f80367c1;;S-1-5-32-561)(OA;;WPRP;5805bc62-bdc9-4428-a5e2-856a0f
+ 4c185e;;S-1-5-32-561)
+systemFlags: 0
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Infrastructure-Update,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Infrastructure-Update
+subClassOf: top
+governsID: 1.2.840.113556.1.5.175
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Infrastructure-Update
+adminDescription: Infrastructure-Update
+objectClassCategory: 1
+lDAPDisplayName: infrastructureUpdate
+schemaIDGUID:: iQ35LZ8A0hGqTADAT9fYOg==
+systemOnly: TRUE
+systemPossSuperiors: infrastructureUpdate
+systemPossSuperiors: domain
+systemMayContain: dNReferenceUpdate
+defaultSecurityDescriptor: D:(A;;GA;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Intellimirror-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Intellimirror-Group
+subClassOf: top
+governsID: 1.2.840.113556.1.5.152
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Intellimirror-Group
+adminDescription: Intellimirror-Group
+objectClassCategory: 1
+lDAPDisplayName: intellimirrorGroup
+schemaIDGUID:: hjA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;
+ CCDC;;;CO)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Intellimirror-Group,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Intellimirror-SCP,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Intellimirror-SCP
+subClassOf: serviceAdministrationPoint
+governsID: 1.2.840.113556.1.5.151
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Intellimirror-SCP
+adminDescription: Intellimirror-SCP
+objectClassCategory: 1
+lDAPDisplayName: intellimirrorSCP
+schemaIDGUID:: hTA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemPossSuperiors: intellimirrorGroup
+systemMayContain: netbootTools
+systemMayContain: netbootServer
+systemMayContain: netbootNewMachineOU
+systemMayContain: netbootNewMachineNamingPolicy
+systemMayContain: netbootMaxClients
+systemMayContain: netbootMachineFilePath
+systemMayContain: netbootLocallyInstalledOSes
+systemMayContain: netbootLimitClients
+systemMayContain: netbootIntelliMirrorOSes
+systemMayContain: netbootCurrentClientCount
+systemMayContain: netbootAnswerRequests
+systemMayContain: netbootAnswerOnlyValidClients
+systemMayContain: netbootAllowNewClients
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Intellimirror-SCP,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Inter-Site-Transport,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Inter-Site-Transport
+subClassOf: top
+governsID: 1.2.840.113556.1.5.141
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Inter-Site-Transport
+adminDescription: Inter-Site-Transport
+objectClassCategory: 1
+lDAPDisplayName: interSiteTransport
+schemaIDGUID:: dnPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: interSiteTransportContainer
+systemMayContain: replInterval
+systemMayContain: options
+systemMustContain: transportDLLName
+systemMustContain: transportAddressAttribute
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Inter-Site-Transport,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Inter-Site-Transport-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Inter-Site-Transport-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.140
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Inter-Site-Transport-Container
+adminDescription: Inter-Site-Transport-Container
+objectClassCategory: 1
+lDAPDisplayName: interSiteTransportContainer
+schemaIDGUID:: dXPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: sitesContainer
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Inter-Site-Transport-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Base,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Ipsec-Base
+subClassOf: top
+governsID: 1.2.840.113556.1.5.7000.56
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Base
+adminDescription: Ipsec-Base
+objectClassCategory: 2
+lDAPDisplayName: ipsecBase
+schemaIDGUID:: JfgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemMayContain: ipsecOwnersReference
+systemMayContain: ipsecName
+systemMayContain: ipsecID
+systemMayContain: ipsecDataType
+systemMayContain: ipsecData
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Ipsec-Base,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Ipsec-Filter
+subClassOf: ipsecBase
+governsID: 1.2.840.113556.1.5.118
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Filter
+adminDescription: Ipsec-Filter
+objectClassCategory: 1
+lDAPDisplayName: ipsecFilter
+schemaIDGUID:: JvgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: computer
+systemPossSuperiors: container
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Ipsec-Filter,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-ISAKMP-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Ipsec-ISAKMP-Policy
+subClassOf: ipsecBase
+governsID: 1.2.840.113556.1.5.120
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-ISAKMP-Policy
+adminDescription: Ipsec-ISAKMP-Policy
+objectClassCategory: 1
+lDAPDisplayName: ipsecISAKMPPolicy
+schemaIDGUID:: KPgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemPossSuperiors: organizationalUnit
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Ipsec-ISAKMP-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Negotiation-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Ipsec-Negotiation-Policy
+subClassOf: ipsecBase
+governsID: 1.2.840.113556.1.5.119
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Negotiation-Policy
+adminDescription: Ipsec-Negotiation-Policy
+objectClassCategory: 1
+lDAPDisplayName: ipsecNegotiationPolicy
+schemaIDGUID:: J/gPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: computer
+systemPossSuperiors: container
+systemMayContain: iPSECNegotiationPolicyType
+systemMayContain: iPSECNegotiationPolicyAction
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Ipsec-Negotiation-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-NFA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Ipsec-NFA
+subClassOf: ipsecBase
+governsID: 1.2.840.113556.1.5.121
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-NFA
+adminDescription: Ipsec-NFA
+objectClassCategory: 1
+lDAPDisplayName: ipsecNFA
+schemaIDGUID:: KfgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemPossSuperiors: organizationalUnit
+systemMayContain: ipsecNegotiationPolicyReference
+systemMayContain: ipsecFilterReference
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Ipsec-NFA,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Ipsec-Policy
+subClassOf: ipsecBase
+governsID: 1.2.840.113556.1.5.98
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Policy
+adminDescription: Ipsec-Policy
+objectClassCategory: 1
+lDAPDisplayName: ipsecPolicy
+schemaIDGUID:: ITGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: computer
+systemPossSuperiors: container
+systemMayContain: ipsecNFAReference
+systemMayContain: ipsecISAKMPReference
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Ipsec-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Leaf,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Leaf
+subClassOf: top
+governsID: 1.2.840.113556.1.5.20
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Leaf
+adminDescription: Leaf
+objectClassCategory: 2
+lDAPDisplayName: leaf
+schemaIDGUID:: nnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Leaf,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Licensing-Site-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Licensing-Site-Settings
+subClassOf: applicationSiteSettings
+governsID: 1.2.840.113556.1.5.78
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Licensing-Site-Settings
+adminDescription: Licensing-Site-Settings
+objectClassCategory: 1
+lDAPDisplayName: licensingSiteSettings
+schemaIDGUID:: ffHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: site
+systemMayContain: siteServer
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Licensing-Site-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Link-Track-Object-Move-Table,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Link-Track-Object-Move-Table
+subClassOf: fileLinkTracking
+governsID: 1.2.840.113556.1.5.91
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Link-Track-Object-Move-Table
+adminDescription: Link-Track-Object-Move-Table
+objectClassCategory: 1
+lDAPDisplayName: linkTrackObjectMoveTable
+schemaIDGUID:: 9Qys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: fileLinkTracking
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Link-Track-Object-Move-Table,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Link-Track-OMT-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Link-Track-OMT-Entry
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.93
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Link-Track-OMT-Entry
+adminDescription: Link-Track-OMT-Entry
+objectClassCategory: 1
+lDAPDisplayName: linkTrackOMTEntry
+schemaIDGUID:: 9wys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: linkTrackObjectMoveTable
+systemMayContain: timeRefresh
+systemMayContain: oMTIndxGuid
+systemMayContain: oMTGuid
+systemMayContain: currentLocation
+systemMayContain: birthLocation
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Link-Track-OMT-Entry,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Link-Track-Vol-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Link-Track-Vol-Entry
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.92
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Link-Track-Vol-Entry
+adminDescription: Link-Track-Vol-Entry
+objectClassCategory: 1
+lDAPDisplayName: linkTrackVolEntry
+schemaIDGUID:: 9gys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: linkTrackVolumeTable
+systemMayContain: volTableIdxGUID
+systemMayContain: volTableGUID
+systemMayContain: timeVolChange
+systemMayContain: timeRefresh
+systemMayContain: seqNotification
+systemMayContain: objectCount
+systemMayContain: linkTrackSecret
+systemMayContain: currMachineId
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Link-Track-Vol-Entry,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Link-Track-Volume-Table,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Link-Track-Volume-Table
+subClassOf: fileLinkTracking
+governsID: 1.2.840.113556.1.5.90
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Link-Track-Volume-Table
+adminDescription: Link-Track-Volume-Table
+objectClassCategory: 1
+lDAPDisplayName: linkTrackVolumeTable
+schemaIDGUID:: 9Ays3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: fileLinkTracking
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Link-Track-Volume-Table,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Locality,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Locality
+subClassOf: top
+governsID: 2.5.6.3
+rDNAttID: l
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Locality
+adminDescription: Locality
+objectClassCategory: 1
+lDAPDisplayName: locality
+schemaIDGUID:: oHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: country
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: organization
+systemPossSuperiors: locality
+systemMayContain: street
+systemMayContain: st
+systemMayContain: seeAlso
+systemMayContain: searchGuide
+systemMustContain: l
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Locality,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Lost-And-Found,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Lost-And-Found
+subClassOf: top
+governsID: 1.2.840.113556.1.5.139
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lost-And-Found
+adminDescription: Lost-And-Found
+objectClassCategory: 1
+lDAPDisplayName: lostAndFound
+schemaIDGUID:: cYarUglX0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: configuration
+systemPossSuperiors: domainDNS
+systemPossSuperiors: dMD
+systemMayContain: moveTreeState
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Lost-And-Found,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Mail-Recipient,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Mail-Recipient
+subClassOf: top
+governsID: 1.2.840.113556.1.3.46
+mayContain: msDS-ExternalDirectoryObjectId
+mayContain: msDS-GeoCoordinatesLongitude
+mayContain: msDS-GeoCoordinatesLatitude
+mayContain: msDS-GeoCoordinatesAltitude
+mayContain: msDS-PhoneticDisplayName
+mayContain: userSMIMECertificate
+mayContain: secretary
+mayContain: msExchLabeledURI
+mayContain: msExchAssistantName
+mayContain: labeledURI
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Mail-Recipient
+adminDescription: Mail-Recipient
+objectClassCategory: 3
+lDAPDisplayName: mailRecipient
+schemaIDGUID:: oXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: userCertificate
+systemMayContain: userCert
+systemMayContain: textEncodedORAddress
+systemMayContain: telephoneNumber
+systemMayContain: showInAddressBook
+systemMayContain: legacyExchangeDN
+systemMayContain: garbageCollPeriod
+systemMayContain: info
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Mail-Recipient,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Meeting,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Meeting
+subClassOf: top
+governsID: 1.2.840.113556.1.5.104
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Meeting
+adminDescription: Meeting
+objectClassCategory: 1
+lDAPDisplayName: meeting
+schemaIDGUID:: lMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: meetingURL
+systemMayContain: meetingType
+systemMayContain: meetingStartTime
+systemMayContain: meetingScope
+systemMayContain: meetingRecurrence
+systemMayContain: meetingRating
+systemMayContain: meetingProtocol
+systemMayContain: meetingOwner
+systemMayContain: meetingOriginator
+systemMayContain: meetingMaxParticipants
+systemMayContain: meetingLocation
+systemMayContain: meetingLanguage
+systemMayContain: meetingKeyword
+systemMayContain: meetingIsEncrypted
+systemMayContain: meetingIP
+systemMayContain: meetingID
+systemMayContain: meetingEndTime
+systemMayContain: meetingDescription
+systemMayContain: meetingContactInfo
+systemMayContain: meetingBlob
+systemMayContain: meetingBandwidth
+systemMayContain: meetingApplication
+systemMayContain: meetingAdvertiseScope
+systemMustContain: meetingName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Meeting,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-Partition,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-COM-Partition
+subClassOf: top
+governsID: 1.2.840.113556.1.5.193
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-Partition
+adminDescription: Partition class. Default = adminDisplayName
+objectClassCategory: 1
+lDAPDisplayName: msCOM-Partition
+schemaIDGUID:: dA4ByVhO90mKiV4+I0D8+A==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: msCOM-ObjectId
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-COM-Partition,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-PartitionSet,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-COM-PartitionSet
+subClassOf: top
+governsID: 1.2.840.113556.1.5.194
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-PartitionSet
+adminDescription: PartitionSet class. Default = adminDisplayName
+objectClassCategory: 1
+lDAPDisplayName: msCOM-PartitionSet
+schemaIDGUID:: q2QEJRfEekmXWp4NRZp8oQ==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: msCOM-PartitionLink
+systemMayContain: msCOM-DefaultPartitionLink
+systemMayContain: msCOM-ObjectId
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-COM-PartitionSet,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-App-Configuration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-App-Configuration
+possSuperiors: organizationalUnit
+possSuperiors: computer
+possSuperiors: container
+subClassOf: applicationSettings
+governsID: 1.2.840.113556.1.5.220
+mayContain: owner
+mayContain: msDS-ObjectReference
+mayContain: msDS-Integer
+mayContain: msDS-DateTime
+mayContain: msDS-ByteArray
+mayContain: managedBy
+mayContain: keywords
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-App-Configuration
+adminDescription: Stores configuration parameters for an application.
+objectClassCategory: 1
+lDAPDisplayName: msDS-App-Configuration
+schemaIDGUID:: PjzfkFQYVUSl18rUDVZleg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 0
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-App-Configuration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-App-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-App-Data
+possSuperiors: organizationalUnit
+possSuperiors: computer
+possSuperiors: container
+subClassOf: applicationSettings
+governsID: 1.2.840.113556.1.5.241
+mayContain: owner
+mayContain: msDS-ObjectReference
+mayContain: msDS-Integer
+mayContain: msDS-DateTime
+mayContain: msDS-ByteArray
+mayContain: managedBy
+mayContain: keywords
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-App-Data
+adminDescription: 
+ Stores data that is to be used by an object. For example, profile information 
+ for a user object.
+objectClassCategory: 1
+lDAPDisplayName: msDS-AppData
+schemaIDGUID:: YddnnifjVU28lWgvh14vjg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 0
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-App-Data,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Admin-Manager,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Az-Admin-Manager
+subClassOf: top
+governsID: 1.2.840.113556.1.5.234
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Admin-Manager
+adminDescription: Root of Authorization Policy store instance
+objectClassCategory: 1
+lDAPDisplayName: msDS-AzAdminManager
+schemaIDGUID:: URDuzyhfrkuoY10MwYqO0Q==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: msDS-AzMinorVersion
+systemMayContain: msDS-AzMajorVersion
+systemMayContain: msDS-AzApplicationData
+systemMayContain: msDS-AzGenerateAudits
+systemMayContain: msDS-AzScriptTimeout
+systemMayContain: msDS-AzScriptEngineCacheMax
+systemMayContain: msDS-AzDomainTimeout
+systemMayContain: description
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Az-Admin-Manager,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Application,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Az-Application
+subClassOf: top
+governsID: 1.2.840.113556.1.5.235
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Application
+adminDescription: 
+ Defines an installed instance of an application bound to a particular policy s
+ tore.
+objectClassCategory: 1
+lDAPDisplayName: msDS-AzApplication
+schemaIDGUID:: m9743aXLEk6ELijYtm917A==
+systemOnly: FALSE
+systemPossSuperiors: msDS-AzAdminManager
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: msDS-AzApplicationData
+systemMayContain: msDS-AzGenerateAudits
+systemMayContain: msDS-AzApplicationVersion
+systemMayContain: msDS-AzClassId
+systemMayContain: msDS-AzApplicationName
+systemMayContain: description
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Az-Application,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Operation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Az-Operation
+subClassOf: top
+governsID: 1.2.840.113556.1.5.236
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Operation
+adminDescription: Describes a particular operation supported by an application
+objectClassCategory: 1
+lDAPDisplayName: msDS-AzOperation
+schemaIDGUID:: N74KhpuapE+z0ris5d+exQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: msDS-AzApplication
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: msDS-AzApplicationData
+systemMayContain: description
+systemMustContain: msDS-AzOperationID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Az-Operation,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Az-Role
+subClassOf: top
+governsID: 1.2.840.113556.1.5.239
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Role
+adminDescription: 
+ Defines a set of operations that can be performed by a particular set of users
+  within a particular scope
+objectClassCategory: 1
+lDAPDisplayName: msDS-AzRole
+schemaIDGUID:: yeoTglWd3ESSXOmlK5J2RA==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: msDS-AzScope
+systemPossSuperiors: msDS-AzApplication
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: msDS-AzApplicationData
+systemMayContain: msDS-TasksForAzRole
+systemMayContain: msDS-OperationsForAzRole
+systemMayContain: msDS-MembersForAzRole
+systemMayContain: description
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Az-Role,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Scope,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Az-Scope
+subClassOf: top
+governsID: 1.2.840.113556.1.5.237
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Scope
+adminDescription: Describes a set of objects managed by an application
+objectClassCategory: 1
+lDAPDisplayName: msDS-AzScope
+schemaIDGUID:: VODqT1XOu0eGDlsSBjpR3g==
+systemOnly: FALSE
+systemPossSuperiors: msDS-AzApplication
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: msDS-AzApplicationData
+systemMayContain: description
+systemMustContain: msDS-AzScopeName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Az-Scope,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Task,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Az-Task
+subClassOf: top
+governsID: 1.2.840.113556.1.5.238
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Task
+adminDescription: Describes a set of operations
+objectClassCategory: 1
+lDAPDisplayName: msDS-AzTask
+schemaIDGUID:: c6TTHhubikG/oDo3uVpTBg==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: msDS-AzScope
+systemPossSuperiors: msDS-AzApplication
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: msDS-TasksForAzTask
+systemMayContain: msDS-OperationsForAzTask
+systemMayContain: msDS-AzApplicationData
+systemMayContain: msDS-AzTaskIsRoleDefinition
+systemMayContain: msDS-AzLastImportedBizRulePath
+systemMayContain: msDS-AzBizRuleLanguage
+systemMayContain: msDS-AzBizRule
+systemMayContain: description
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Az-Task,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Optional-Feature,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Optional-Feature
+subClassOf: top
+governsID: 1.2.840.113556.1.5.265
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Optional-Feature
+adminDescription: Configuration for an optional DS feature.
+objectClassCategory: 1
+lDAPDisplayName: msDS-OptionalFeature
+schemaIDGUID:: QQDwRK81i0ayCmzoc3xYCw==
+systemOnly: TRUE
+systemPossSuperiors: container
+systemMayContain: msDS-RequiredForestBehaviorVersion
+systemMayContain: msDS-RequiredDomainBehaviorVersion
+systemMustContain: msDS-OptionalFeatureFlags
+systemMustContain: msDS-OptionalFeatureGUID
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Optional-Feature,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Password-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Password-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.5.255
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Password-Settings
+adminDescription: Password settings object for accounts
+objectClassCategory: 1
+lDAPDisplayName: msDS-PasswordSettings
+schemaIDGUID:: uJ3NO0v4HEWVL2xSuB+exg==
+systemOnly: FALSE
+systemPossSuperiors: msDS-PasswordSettingsContainer
+systemMayContain: msDS-PSOAppliesTo
+systemMustContain: msDS-PasswordHistoryLength
+systemMustContain: msDS-PasswordSettingsPrecedence
+systemMustContain: msDS-PasswordReversibleEncryptionEnabled
+systemMustContain: msDS-LockoutThreshold
+systemMustContain: msDS-LockoutDuration
+systemMustContain: msDS-LockoutObservationWindow
+systemMustContain: msDS-PasswordComplexityEnabled
+systemMustContain: msDS-MinimumPasswordLength
+systemMustContain: msDS-MinimumPasswordAge
+systemMustContain: msDS-MaximumPasswordAge
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Password-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Password-Settings-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Password-Settings-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.256
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Password-Settings-Container
+adminDescription: Container for password settings objects
+objectClassCategory: 1
+lDAPDisplayName: msDS-PasswordSettingsContainer
+schemaIDGUID:: arAGW/NMwES9FkO8EKmH2g==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Password-Settings-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Quota-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Quota-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.242
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Quota-Container
+adminDescription: 
+ A special container that holds all quota specifications for the directory data
+ base.
+objectClassCategory: 1
+lDAPDisplayName: msDS-QuotaContainer
+schemaIDGUID:: T/yD2m8H6kq03I9Nq5tZkw==
+systemOnly: FALSE
+systemPossSuperiors: configuration
+systemPossSuperiors: domainDNS
+systemMayContain: msDS-TopQuotaUsage
+systemMayContain: msDS-QuotaUsed
+systemMayContain: msDS-QuotaEffective
+systemMayContain: msDS-TombstoneQuotaFactor
+systemMayContain: msDS-DefaultQuota
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;BA)(OA;;CR;4ecc03fe-ffc0-
+ 4947-b630-eb672a8a9dbc;;WD)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Quota-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Quota-Control,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Quota-Control
+subClassOf: top
+governsID: 1.2.840.113556.1.5.243
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Quota-Control
+adminDescription: 
+ A class used to represent quota specifications for the directory database.
+objectClassCategory: 1
+lDAPDisplayName: msDS-QuotaControl
+schemaIDGUID:: JvyR3gK9UkuuJnlZmelvxw==
+systemOnly: FALSE
+systemPossSuperiors: msDS-QuotaContainer
+systemMustContain: msDS-QuotaAmount
+systemMustContain: msDS-QuotaTrustee
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;BA)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Quota-Control,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Managed-Service-Account,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Managed-Service-Account
+subClassOf: computer
+governsID: 1.2.840.113556.1.5.264
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Managed-Service-Account
+adminDescription: 
+ Service account class is used to create accounts that are used for running Win
+ dows services.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ManagedServiceAccount
+schemaIDGUID:: RGIgzidYhkq6HBwMOGwbZA==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCRLCLORCSDDT;;;CO)(OA;;WP;4c164200-20c0-
+ 11d0-a768-00aa006e0529;;CO)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO)(O
+ A;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO)(OA;;WP;3e0abfd0-126a-11d0-a060
+ -00aa006c33ed;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;5f202010-79a5-11
+ d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967950-
+ 0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf
+ 967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA
+ ;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEB
+ D-0000F80367C1;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)(A;;RPLCLO
+ RC;;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RPWP;bf967a7f-0d
+ e6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-
+ 1-5-32-560)(OA;;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;;ED)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Managed-Service-Account,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Exch-Configuration-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Exch-Configuration-Container
+subClassOf: container
+governsID: 1.2.840.113556.1.5.176
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Exch-Configuration-Container
+adminDescription: ms-Exch-Configuration-Container
+objectClassCategory: 1
+lDAPDisplayName: msExchConfigurationContainer
+schemaIDGUID:: WGg90PQG0hGqUwDAT9fYOg==
+systemOnly: FALSE
+systemMayContain: templateRoots2
+systemMayContain: templateRoots
+systemMayContain: addressBookRoots2
+systemMayContain: addressBookRoots
+systemMayContain: globalAddressList2
+systemMayContain: globalAddressList
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Exch-Configuration-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-LocalSettings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-LocalSettings
+possSuperiors: computer
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.1
+mayContain: msDFSR-StagingCleanupTriggerInPercent
+mayContain: msDFSR-CommonStagingSizeInMb
+mayContain: msDFSR-CommonStagingPath
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+mayContain: msDFSR-Version
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-LocalSettings
+adminDescription: DFSR settings applicable to local computer
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-LocalSettings
+schemaIDGUID:: kcWF+n8ZfkeDvepaQ98iOQ==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-LocalSettings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Subscriber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-Subscriber
+possSuperiors: msDFSR-LocalSettings
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.2
+mustContain: msDFSR-ReplicationGroupGuid
+mustContain: msDFSR-MemberReference
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Subscriber
+adminDescription: Represents local computer membership of a replication group
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-Subscriber
+schemaIDGUID:: 1wUV4cSS50O/XClYMv/Ilg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-Subscriber,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Subscription,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-Subscription
+possSuperiors: msDFSR-Subscriber
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.3
+mustContain: msDFSR-ReplicationGroupGuid
+mustContain: msDFSR-ContentSetGuid
+mayContain: msDFSR-OnDemandExclusionDirectoryFilter
+mayContain: msDFSR-OnDemandExclusionFileFilter
+mayContain: msDFSR-StagingCleanupTriggerInPercent
+mayContain: msDFSR-Options2
+mayContain: msDFSR-MaxAgeInCacheInMin
+mayContain: msDFSR-MinDurationCacheInMin
+mayContain: msDFSR-CachePolicy
+mayContain: msDFSR-ReadOnly
+mayContain: msDFSR-DeletedSizeInMb
+mayContain: msDFSR-DeletedPath
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+mayContain: msDFSR-DfsLinkTarget
+mayContain: msDFSR-RootFence
+mayContain: msDFSR-Enabled
+mayContain: msDFSR-ConflictSizeInMb
+mayContain: msDFSR-ConflictPath
+mayContain: msDFSR-StagingSizeInMb
+mayContain: msDFSR-StagingPath
+mayContain: msDFSR-RootSizeInMb
+mayContain: msDFSR-RootPath
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Subscription
+adminDescription: Represents local computer participation of a content set
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-Subscription
+schemaIDGUID:: FCQhZ8x7CUaH4AiNrYq97g==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-Subscription,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-GlobalSettings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-GlobalSettings
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.4
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-GlobalSettings
+adminDescription: Global settings applicable to all replication group members
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-GlobalSettings
+schemaIDGUID:: rds1e+yzakiq1C/snW6m9g==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-GlobalSettings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ReplicationGroup,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-ReplicationGroup
+possSuperiors: msDFSR-GlobalSettings
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.5
+mustContain: msDFSR-ReplicationGroupType
+mayContain: msDFSR-OnDemandExclusionDirectoryFilter
+mayContain: msDFSR-OnDemandExclusionFileFilter
+mayContain: msDFSR-DefaultCompressionExclusionFilter
+mayContain: msDFSR-Options2
+mayContain: msDFSR-DeletedSizeInMb
+mayContain: msDFSR-ConflictSizeInMb
+mayContain: msDFSR-StagingSizeInMb
+mayContain: msDFSR-RootSizeInMb
+mayContain: msDFSR-DirectoryFilter
+mayContain: msDFSR-FileFilter
+mayContain: msDFSR-Version
+mayContain: msDFSR-Schedule
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+mayContain: msDFSR-TombstoneExpiryInMin
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ReplicationGroup
+adminDescription: Replication Group container
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-ReplicationGroup
+schemaIDGUID:: 4C8zHCoMMk+vyiPF5Fqedw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-ReplicationGroup,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Content,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-Content
+possSuperiors: msDFSR-ReplicationGroup
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.6
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Content
+adminDescription: Container for DFSR-ContentSet objects
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-Content
+schemaIDGUID:: NZt1ZKHT5EK18aPeFiEJsw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-Content,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ContentSet,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-ContentSet
+possSuperiors: msDFSR-Content
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.7
+mayContain: msDFSR-OnDemandExclusionDirectoryFilter
+mayContain: msDFSR-OnDemandExclusionFileFilter
+mayContain: msDFSR-DefaultCompressionExclusionFilter
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Priority
+mayContain: msDFSR-DeletedSizeInMb
+mayContain: msDFSR-ConflictSizeInMb
+mayContain: msDFSR-StagingSizeInMb
+mayContain: msDFSR-RootSizeInMb
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+mayContain: msDFSR-DirectoryFilter
+mayContain: msDFSR-FileFilter
+mayContain: msDFSR-DfsPath
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ContentSet
+adminDescription: DFSR Content Set
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-ContentSet
+schemaIDGUID:: DfQ3SdymSE2Xygbl+/0/Fg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-ContentSet,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Topology,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-Topology
+possSuperiors: msDFSR-ReplicationGroup
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.8
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Topology
+adminDescription: Container for objects that form the replication topology
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-Topology
+schemaIDGUID:: qYqCBEJugE65YuL+AHVNFw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-Topology,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-Member
+possSuperiors: msDFSR-Topology
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.9
+mustContain: msDFSR-ComputerReference
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+mayContain: msDFSR-Keywords
+mayContain: serverReference
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Member
+adminDescription: Replication group member
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-Member
+schemaIDGUID:: l8gpQhHCfEOlrtv3BbaW5Q==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-Member,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Connection,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-Connection
+possSuperiors: msDFSR-Member
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.10
+mustContain: fromServer
+mayContain: msDFSR-DisablePacketPrivacy
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Priority
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+mayContain: msDFSR-Schedule
+mayContain: msDFSR-Keywords
+mayContain: msDFSR-RdcMinFileSizeInKb
+mayContain: msDFSR-RdcEnabled
+mayContain: msDFSR-Enabled
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Connection
+adminDescription: Directional connection between two members
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-Connection
+schemaIDGUID:: LpeP5bVk70aNi7vD4Yl+qw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-Connection,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-ieee-80211-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-ieee-80211-Policy
+subClassOf: top
+governsID: 1.2.840.113556.1.5.240
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-ieee-80211-Policy
+adminDescription: class to store Wireless Network Policy Object
+objectClassCategory: 1
+lDAPDisplayName: msieee80211-Policy
+schemaIDGUID:: ki2ae+u3gkOXcsPg+bqvlA==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemMayContain: msieee80211-ID
+systemMayContain: msieee80211-DataType
+systemMayContain: msieee80211-Data
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-ieee-80211-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Imaging-PSPs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Imaging-PSPs
+subClassOf: container
+governsID: 1.2.840.113556.1.5.262
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Imaging-PSPs
+adminDescription: Container for all Enterprise Scan Post Scan Process objects.
+objectClassCategory: 1
+lDAPDisplayName: msImaging-PSPs
+schemaIDGUID:: wSrtoAyXd0eEjuxjoOxE/A==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Imaging-PSPs,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Imaging-PostScanProcess,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Imaging-PostScanProcess
+subClassOf: top
+governsID: 1.2.840.113556.1.5.263
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Imaging-PostScanProcess
+adminDescription: Enterprise Scan Post Scan Process object.
+objectClassCategory: 1
+lDAPDisplayName: msImaging-PostScanProcess
+schemaIDGUID:: fCV8H6O4JUWC+BHMx77jbg==
+systemOnly: FALSE
+systemPossSuperiors: msImaging-PSPs
+systemMayContain: msImaging-PSPString
+systemMayContain: serverName
+systemMustContain: displayName
+systemMustContain: msImaging-PSPIdentifier
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Imaging-PostScanProcess,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Print-ConnectionPolicy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Print-ConnectionPolicy
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.23.2
+mustContain: cn
+mayContain: uNCName
+mayContain: serverName
+mayContain: printAttributes
+mayContain: printerName
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Print-ConnectionPolicy
+adminDescription: Pushed Printer Connection Policy1
+objectClassCategory: 1
+lDAPDisplayName: msPrint-ConnectionPolicy
+schemaIDGUID:: xzNvodZ/KEiTZENROP2gjQ==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Print-ConnectionPolicy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Enterprise-Oid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-PKI-Enterprise-Oid
+subClassOf: top
+governsID: 1.2.840.113556.1.5.196
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Enterprise-Oid
+adminDescription: ms-PKI-Enterprise-Oid
+objectClassCategory: 1
+lDAPDisplayName: msPKI-Enterprise-Oid
+schemaIDGUID:: XNjPNxln2EqPnoZ4umJ1Yw==
+systemOnly: FALSE
+systemPossSuperiors: msPKI-Enterprise-Oid
+systemPossSuperiors: container
+systemMayContain: msDS-OIDToGroupLink
+systemMayContain: msPKI-OID-User-Notice
+systemMayContain: msPKI-OIDLocalizedName
+systemMayContain: msPKI-OID-CPS
+systemMayContain: msPKI-OID-Attribute
+systemMayContain: msPKI-Cert-Template-OID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-PKI-Enterprise-Oid,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Key-Recovery-Agent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-PKI-Key-Recovery-Agent
+subClassOf: user
+governsID: 1.2.840.113556.1.5.195
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Key-Recovery-Agent
+adminDescription: ms-PKI-Key-Recovery-Agent
+objectClassCategory: 1
+lDAPDisplayName: msPKI-Key-Recovery-Agent
+schemaIDGUID:: OPLMJo6ghkuagqjJrH7lyw==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-PKI-Key-Recovery-Agent,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-SQLServer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-SQLServer
+subClassOf: serviceConnectionPoint
+governsID: 1.2.840.113556.1.5.184
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-SQLServer
+adminDescription: MS-SQL-SQLServer
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-SQLServer
+schemaIDGUID:: eMj2Be/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: serviceConnectionPoint
+systemMayContain: mS-SQL-Keywords
+systemMayContain: mS-SQL-GPSHeight
+systemMayContain: mS-SQL-GPSLongitude
+systemMayContain: mS-SQL-GPSLatitude
+systemMayContain: mS-SQL-InformationURL
+systemMayContain: mS-SQL-LastUpdatedDate
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-Vines
+systemMayContain: mS-SQL-AppleTalk
+systemMayContain: mS-SQL-TCPIP
+systemMayContain: mS-SQL-SPX
+systemMayContain: mS-SQL-MultiProtocol
+systemMayContain: mS-SQL-NamedPipe
+systemMayContain: mS-SQL-Clustered
+systemMayContain: mS-SQL-UnicodeSortOrder
+systemMayContain: mS-SQL-SortOrder
+systemMayContain: mS-SQL-CharacterSet
+systemMayContain: mS-SQL-ServiceAccount
+systemMayContain: mS-SQL-Build
+systemMayContain: mS-SQL-Memory
+systemMayContain: mS-SQL-Location
+systemMayContain: mS-SQL-Contact
+systemMayContain: mS-SQL-RegisteredOwner
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-SQLServer,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-OLAPServer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-OLAPServer
+subClassOf: serviceConnectionPoint
+governsID: 1.2.840.113556.1.5.185
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-OLAPServer
+adminDescription: MS-SQL-OLAPServer
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-OLAPServer
+schemaIDGUID:: 6hh+DO/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: serviceConnectionPoint
+systemMayContain: mS-SQL-Keywords
+systemMayContain: mS-SQL-PublicationURL
+systemMayContain: mS-SQL-InformationURL
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-Language
+systemMayContain: mS-SQL-ServiceAccount
+systemMayContain: mS-SQL-Contact
+systemMayContain: mS-SQL-RegisteredOwner
+systemMayContain: mS-SQL-Build
+systemMayContain: mS-SQL-Version
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-OLAPServer,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-SQLRepository,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-SQLRepository
+subClassOf: top
+governsID: 1.2.840.113556.1.5.186
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-SQLRepository
+adminDescription: MS-SQL-SQLRepository
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-SQLRepository
+schemaIDGUID:: XDzUEe/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: mS-SQL-SQLServer
+systemMayContain: mS-SQL-InformationDirectory
+systemMayContain: mS-SQL-Version
+systemMayContain: mS-SQL-Description
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-Build
+systemMayContain: mS-SQL-Contact
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-SQLRepository,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-SQLPublication,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-SQLPublication
+subClassOf: top
+governsID: 1.2.840.113556.1.5.187
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-SQLPublication
+adminDescription: MS-SQL-SQLPublication
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-SQLPublication
+schemaIDGUID:: TvbCF+/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: mS-SQL-SQLServer
+systemMayContain: mS-SQL-ThirdParty
+systemMayContain: mS-SQL-AllowSnapshotFilesFTPDownloading
+systemMayContain: mS-SQL-AllowQueuedUpdatingSubscription
+systemMayContain: mS-SQL-AllowImmediateUpdatingSubscription
+systemMayContain: mS-SQL-AllowKnownPullSubscription
+systemMayContain: mS-SQL-Publisher
+systemMayContain: mS-SQL-AllowAnonymousSubscription
+systemMayContain: mS-SQL-Database
+systemMayContain: mS-SQL-Type
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-Description
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-SQLPublication,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-SQLDatabase,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-SQLDatabase
+subClassOf: top
+governsID: 1.2.840.113556.1.5.188
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-SQLDatabase
+adminDescription: MS-SQL-SQLDatabase
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-SQLDatabase
+schemaIDGUID:: SmkIHe/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: mS-SQL-SQLServer
+systemMayContain: mS-SQL-Keywords
+systemMayContain: mS-SQL-InformationURL
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-Applications
+systemMayContain: mS-SQL-LastDiagnosticDate
+systemMayContain: mS-SQL-LastBackupDate
+systemMayContain: mS-SQL-CreationDate
+systemMayContain: mS-SQL-Size
+systemMayContain: mS-SQL-Contact
+systemMayContain: mS-SQL-Alias
+systemMayContain: mS-SQL-Description
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-SQLDatabase,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-OLAPDatabase,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-OLAPDatabase
+subClassOf: top
+governsID: 1.2.840.113556.1.5.189
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-OLAPDatabase
+adminDescription: MS-SQL-OLAPDatabase
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-OLAPDatabase
+schemaIDGUID:: GgOvIO/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: mS-SQL-OLAPServer
+systemMayContain: mS-SQL-Keywords
+systemMayContain: mS-SQL-PublicationURL
+systemMayContain: mS-SQL-ConnectionURL
+systemMayContain: mS-SQL-InformationURL
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-Applications
+systemMayContain: mS-SQL-LastBackupDate
+systemMayContain: mS-SQL-LastUpdatedDate
+systemMayContain: mS-SQL-Size
+systemMayContain: mS-SQL-Type
+systemMayContain: mS-SQL-Description
+systemMayContain: mS-SQL-Contact
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-OLAPDatabase,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-OLAPCube,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-OLAPCube
+subClassOf: top
+governsID: 1.2.840.113556.1.5.190
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-OLAPCube
+adminDescription: MS-SQL-OLAPCube
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-OLAPCube
+schemaIDGUID:: alDwCSjN0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: mS-SQL-OLAPDatabase
+systemMayContain: mS-SQL-Keywords
+systemMayContain: mS-SQL-PublicationURL
+systemMayContain: mS-SQL-InformationURL
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-LastUpdatedDate
+systemMayContain: mS-SQL-Size
+systemMayContain: mS-SQL-Description
+systemMayContain: mS-SQL-Contact
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-OLAPCube,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TAPI-Rt-Conference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-TAPI-Rt-Conference
+subClassOf: top
+governsID: 1.2.840.113556.1.5.221
+rDNAttID: msTAPI-uid
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msTAPI-RtConference
+adminDescription: msTAPI-RtConference
+objectClassCategory: 1
+lDAPDisplayName: msTAPI-RtConference
+schemaIDGUID:: NZd7yipLSU6Jw5kCUzTclA==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemMayContain: msTAPI-ConferenceBlob
+systemMayContain: msTAPI-ProtocolId
+systemMustContain: msTAPI-uid
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-TAPI-Rt-Conference,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TAPI-Rt-Person,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-TAPI-Rt-Person
+subClassOf: top
+governsID: 1.2.840.113556.1.5.222
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msTAPI-RtPerson
+adminDescription: msTAPI-RtPerson
+objectClassCategory: 1
+lDAPDisplayName: msTAPI-RtPerson
+schemaIDGUID:: tRzqUwS3+U2Bj1y07IbKwQ==
+systemOnly: FALSE
+systemPossSuperiors: organization
+systemPossSuperiors: organizationalUnit
+systemMayContain: msTAPI-uid
+systemMayContain: msTAPI-IpAddress
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-TAPI-Rt-Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-IntRangeParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-IntRangeParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.205
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-IntRangeParam
+adminDescription: ms-WMI-IntRangeParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-IntRangeParam
+schemaIDGUID:: fV3KUItc806531tm1JHlJg==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMayContain: msWMI-IntMax
+systemMayContain: msWMI-IntMin
+systemMustContain: msWMI-IntDefault
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-IntRangeParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-IntSetParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-IntSetParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.206
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-IntSetParam
+adminDescription: ms-WMI-IntSetParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-IntSetParam
+schemaIDGUID:: mg0vKXbPsEKEH7ZQ8zHfYg==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMayContain: msWMI-IntValidValues
+systemMustContain: msWMI-IntDefault
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPCCDCLCLODTRC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-IntSetParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-MergeablePolicyTemplate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-MergeablePolicyTemplate
+subClassOf: msWMI-PolicyTemplate
+governsID: 1.2.840.113556.1.5.202
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-MergeablePolicyTemplate
+adminDescription: ms-WMI-MergeablePolicyTemplate
+objectClassCategory: 1
+lDAPDisplayName: msWMI-MergeablePolicyTemplate
+schemaIDGUID:: FCRQB8r9UUiwShNkWxHSJg==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPCCDCLCLODTRC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-MergeablePolicyTemplate,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-ObjectEncoding,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-ObjectEncoding
+subClassOf: top
+governsID: 1.2.840.113556.1.5.217
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-ObjectEncoding
+adminDescription: ms-WMI-ObjectEncoding
+objectClassCategory: 1
+lDAPDisplayName: msWMI-ObjectEncoding
+schemaIDGUID:: yYHdVRLD+UGoTcatvfHo4Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMustContain: msWMI-Class
+systemMustContain: msWMI-ScopeGuid
+systemMustContain: msWMI-Parm1
+systemMustContain: msWMI-Parm2
+systemMustContain: msWMI-Parm3
+systemMustContain: msWMI-Parm4
+systemMustContain: msWMI-Genus
+systemMustContain: msWMI-intFlags1
+systemMustContain: msWMI-intFlags2
+systemMustContain: msWMI-intFlags3
+systemMustContain: msWMI-intFlags4
+systemMustContain: msWMI-ID
+systemMustContain: msWMI-TargetObject
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-ObjectEncoding,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-PolicyTemplate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-PolicyTemplate
+subClassOf: top
+governsID: 1.2.840.113556.1.5.200
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-PolicyTemplate
+adminDescription: ms-WMI-PolicyTemplate
+objectClassCategory: 1
+lDAPDisplayName: msWMI-PolicyTemplate
+schemaIDGUID:: 8YC84kokWU2sxspcT4Lm4Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msWMI-TargetType
+systemMayContain: msWMI-SourceOrganization
+systemMayContain: msWMI-Parm4
+systemMayContain: msWMI-Parm3
+systemMayContain: msWMI-Parm2
+systemMayContain: msWMI-Parm1
+systemMayContain: msWMI-intFlags4
+systemMayContain: msWMI-intFlags3
+systemMayContain: msWMI-intFlags2
+systemMayContain: msWMI-intFlags1
+systemMayContain: msWMI-CreationDate
+systemMayContain: msWMI-ChangeDate
+systemMayContain: msWMI-Author
+systemMustContain: msWMI-NormalizedClass
+systemMustContain: msWMI-TargetPath
+systemMustContain: msWMI-TargetClass
+systemMustContain: msWMI-TargetNameSpace
+systemMustContain: msWMI-Name
+systemMustContain: msWMI-ID
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLO
+ CCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-PolicyTemplate,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-PolicyType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-PolicyType
+subClassOf: top
+governsID: 1.2.840.113556.1.5.211
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-PolicyType
+adminDescription: ms-WMI-PolicyType
+objectClassCategory: 1
+lDAPDisplayName: msWMI-PolicyType
+schemaIDGUID:: EyZbWQlBd06QE6O7TvJ3xw==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msWMI-SourceOrganization
+systemMayContain: msWMI-Parm4
+systemMayContain: msWMI-Parm3
+systemMayContain: msWMI-Parm2
+systemMayContain: msWMI-Parm1
+systemMayContain: msWMI-intFlags4
+systemMayContain: msWMI-intFlags3
+systemMayContain: msWMI-intFlags2
+systemMayContain: msWMI-intFlags1
+systemMayContain: msWMI-CreationDate
+systemMayContain: msWMI-ChangeDate
+systemMayContain: msWMI-Author
+systemMustContain: msWMI-TargetObject
+systemMustContain: msWMI-ID
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLO
+ CCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-PolicyType,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-RangeParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-RangeParam
+subClassOf: top
+governsID: 1.2.840.113556.1.5.203
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-RangeParam
+adminDescription: ms-WMI-RangeParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-RangeParam
+schemaIDGUID:: V1r7RRhQD02QVpl8jJEi2Q==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMustContain: msWMI-TargetType
+systemMustContain: msWMI-TargetClass
+systemMustContain: msWMI-PropertyName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPCCDCLCLODTRC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-RangeParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-RealRangeParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-RealRangeParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.209
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-RealRangeParam
+adminDescription: ms-WMI-RealRangeParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-RealRangeParam
+schemaIDGUID:: 4o/+arxwzkyxZqlvc1nFFA==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMayContain: msWMI-Int8Max
+systemMayContain: msWMI-Int8Min
+systemMustContain: msWMI-Int8Default
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-RealRangeParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Rule,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-Rule
+subClassOf: top
+governsID: 1.2.840.113556.1.5.214
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Rule
+adminDescription: ms-WMI-Rule
+objectClassCategory: 1
+lDAPDisplayName: msWMI-Rule
+schemaIDGUID:: g29+PA7dG0igwnTNlu8qZg==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-Som
+systemPossSuperiors: container
+systemMustContain: msWMI-QueryLanguage
+systemMustContain: msWMI-TargetNameSpace
+systemMustContain: msWMI-Query
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-Rule,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-ShadowObject,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-ShadowObject
+subClassOf: top
+governsID: 1.2.840.113556.1.5.212
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-ShadowObject
+adminDescription: ms-WMI-ShadowObject
+objectClassCategory: 1
+lDAPDisplayName: msWMI-ShadowObject
+schemaIDGUID:: 30vk8dONNUKchvkfMfW1aQ==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-PolicyType
+systemMustContain: msWMI-TargetObject
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-ShadowObject,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-SimplePolicyTemplate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-SimplePolicyTemplate
+subClassOf: msWMI-PolicyTemplate
+governsID: 1.2.840.113556.1.5.201
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-SimplePolicyTemplate
+adminDescription: ms-WMI-SimplePolicyTemplate
+objectClassCategory: 1
+lDAPDisplayName: msWMI-SimplePolicyTemplate
+schemaIDGUID:: tbLIbN8S9kSDB+dPXN7jaQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMustContain: msWMI-TargetObject
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPCCDCLCLODTRC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-SimplePolicyTemplate,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Som,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-Som
+subClassOf: top
+governsID: 1.2.840.113556.1.5.213
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Som
+adminDescription: ms-WMI-Som
+objectClassCategory: 1
+lDAPDisplayName: msWMI-Som
+schemaIDGUID:: eHCFq0IBBkSUWzTJtrEzcg==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msWMI-SourceOrganization
+systemMayContain: msWMI-Parm4
+systemMayContain: msWMI-Parm3
+systemMayContain: msWMI-Parm2
+systemMayContain: msWMI-Parm1
+systemMayContain: msWMI-intFlags4
+systemMayContain: msWMI-intFlags3
+systemMayContain: msWMI-intFlags2
+systemMayContain: msWMI-intFlags1
+systemMayContain: msWMI-CreationDate
+systemMayContain: msWMI-ChangeDate
+systemMayContain: msWMI-Author
+systemMustContain: msWMI-Name
+systemMustContain: msWMI-ID
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLO
+ CCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-Som,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-StringSetParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-StringSetParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.210
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-StringSetParam
+adminDescription: ms-WMI-StringSetParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-StringSetParam
+schemaIDGUID:: onnFC6cd6ky2mYB/O51jpA==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMayContain: msWMI-StringValidValues
+systemMustContain: msWMI-StringDefault
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPCCDCLCLODTRC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-StringSetParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-UintRangeParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-UintRangeParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.207
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-UintRangeParam
+adminDescription: ms-WMI-UintRangeParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-UintRangeParam
+schemaIDGUID:: spmn2fPOs0i1rfuF+N0yFA==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMayContain: msWMI-IntMax
+systemMayContain: msWMI-IntMin
+systemMustContain: msWMI-IntDefault
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-UintRangeParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-UintSetParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-UintSetParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.208
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-UintSetParam
+adminDescription: ms-WMI-UintSetParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-UintSetParam
+schemaIDGUID:: MetLjxlO9UaTLl+gPDObHQ==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMayContain: msWMI-IntValidValues
+systemMustContain: msWMI-IntDefault
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPCCDCLCLODTRC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-UintSetParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-UnknownRangeParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-UnknownRangeParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.204
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-UnknownRangeParam
+adminDescription: ms-WMI-UnknownRangeParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-UnknownRangeParam
+schemaIDGUID:: a8IquNvGmECSxknBijM24Q==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMustContain: msWMI-TargetObject
+systemMustContain: msWMI-NormalizedClass
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-UnknownRangeParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-WMIGPO,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-WMIGPO
+subClassOf: top
+governsID: 1.2.840.113556.1.5.215
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-WMIGPO
+adminDescription: ms-WMI-WMIGPO
+objectClassCategory: 1
+lDAPDisplayName: msWMI-WMIGPO
+schemaIDGUID:: AABjBSc53k6/J8qR8nXCbw==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msWMI-Parm4
+systemMayContain: msWMI-Parm3
+systemMayContain: msWMI-Parm2
+systemMayContain: msWMI-Parm1
+systemMayContain: msWMI-intFlags4
+systemMayContain: msWMI-intFlags3
+systemMayContain: msWMI-intFlags2
+systemMayContain: msWMI-intFlags1
+systemMustContain: msWMI-TargetClass
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLO
+ CCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-WMIGPO,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Configuration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Configuration
+subClassOf: top
+governsID: 1.2.840.113556.1.5.162
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Configuration
+adminDescription: MSMQ-Configuration
+objectClassCategory: 1
+lDAPDisplayName: mSMQConfiguration
+schemaIDGUID:: RMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemMayContain: mSMQSites
+systemMayContain: mSMQSignKey
+systemMayContain: mSMQServiceType
+systemMayContain: mSMQRoutingServices
+systemMayContain: mSMQQuota
+systemMayContain: mSMQOwnerID
+systemMayContain: mSMQOutRoutingServers
+systemMayContain: mSMQOSType
+systemMayContain: mSMQJournalQuota
+systemMayContain: mSMQInRoutingServers
+systemMayContain: mSMQForeign
+systemMayContain: mSMQEncryptKey
+systemMayContain: mSMQDsServices
+systemMayContain: mSMQDependentClientServices
+systemMayContain: mSMQComputerTypeEx
+systemMayContain: mSMQComputerType
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Configuration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Custom-Recipient,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Custom-Recipient
+subClassOf: top
+governsID: 1.2.840.113556.1.5.218
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Custom-Recipient
+adminDescription: MSMQ-Custom-Recipient
+objectClassCategory: 1
+lDAPDisplayName: msMQ-Custom-Recipient
+schemaIDGUID:: F2hth8w1bEOs6l73F03Zvg==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemPossSuperiors: container
+systemMayContain: msMQ-Recipient-FormatName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Custom-Recipient,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Enterprise-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Enterprise-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.5.163
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Enterprise-Settings
+adminDescription: MSMQ-Enterprise-Settings
+objectClassCategory: 1
+lDAPDisplayName: mSMQEnterpriseSettings
+schemaIDGUID:: RcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: mSMQVersion
+systemMayContain: mSMQNameStyle
+systemMayContain: mSMQLongLived
+systemMayContain: mSMQInterval2
+systemMayContain: mSMQInterval1
+systemMayContain: mSMQCSPName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Enterprise-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Group
+subClassOf: top
+governsID: 1.2.840.113556.1.5.219
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Group
+adminDescription: MSMQ-Group
+objectClassCategory: 1
+lDAPDisplayName: msMQ-Group
+schemaIDGUID:: rHqyRvqq+0+3c+W/Yh7oew==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemMustContain: member
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Group,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Migrated-User,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Migrated-User
+subClassOf: top
+governsID: 1.2.840.113556.1.5.179
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Migrated-User
+adminDescription: MSMQ-Migrated-User
+objectClassCategory: 1
+lDAPDisplayName: mSMQMigratedUser
+schemaIDGUID:: l2l3UD080hGQzADAT9kasQ==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemPossSuperiors: builtinDomain
+systemMayContain: mSMQUserSid
+systemMayContain: mSMQSignCertificatesMig
+systemMayContain: mSMQSignCertificates
+systemMayContain: mSMQDigestsMig
+systemMayContain: mSMQDigests
+systemMayContain: objectSid
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Migrated-User,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Queue,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Queue
+subClassOf: top
+governsID: 1.2.840.113556.1.5.161
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Queue
+adminDescription: MSMQ-Queue
+objectClassCategory: 1
+lDAPDisplayName: mSMQQueue
+schemaIDGUID:: Q8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: mSMQConfiguration
+systemMayContain: mSMQTransactional
+systemMayContain: MSMQ-SecuredSource
+systemMayContain: mSMQQueueType
+systemMayContain: mSMQQueueQuota
+systemMayContain: mSMQQueueNameExt
+systemMayContain: mSMQQueueJournalQuota
+systemMayContain: mSMQPrivacyLevel
+systemMayContain: mSMQOwnerID
+systemMayContain: MSMQ-MulticastAddress
+systemMayContain: mSMQLabelEx
+systemMayContain: mSMQLabel
+systemMayContain: mSMQJournal
+systemMayContain: mSMQBasePriority
+systemMayContain: mSMQAuthenticate
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Queue,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.5.165
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Settings
+adminDescription: MSMQ-Settings
+objectClassCategory: 1
+lDAPDisplayName: mSMQSettings
+schemaIDGUID:: R8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: server
+systemMayContain: mSMQSiteNameEx
+systemMayContain: mSMQSiteName
+systemMayContain: mSMQServices
+systemMayContain: mSMQRoutingService
+systemMayContain: mSMQQMID
+systemMayContain: mSMQOwnerID
+systemMayContain: mSMQNt4Flags
+systemMayContain: mSMQMigrated
+systemMayContain: mSMQDsService
+systemMayContain: mSMQDependentClientService
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Site-Link
+subClassOf: top
+governsID: 1.2.840.113556.1.5.164
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-Link
+adminDescription: MSMQ-Site-Link
+objectClassCategory: 1
+lDAPDisplayName: mSMQSiteLink
+schemaIDGUID:: RsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: mSMQEnterpriseSettings
+systemMayContain: mSMQSiteGatesMig
+systemMayContain: mSMQSiteGates
+systemMustContain: mSMQSite2
+systemMustContain: mSMQSite1
+systemMustContain: mSMQCost
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Site-Link,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTDS-Connection,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTDS-Connection
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.71
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTDS-Connection
+adminDescription: NTDS-Connection
+objectClassCategory: 1
+lDAPDisplayName: nTDSConnection
+schemaIDGUID:: YFoZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: nTFRSMember
+systemPossSuperiors: nTFRSReplicaSet
+systemPossSuperiors: nTDSDSA
+systemMayContain: transportType
+systemMayContain: schedule
+systemMayContain: mS-DS-ReplicatesNCReason
+systemMayContain: generatedConnection
+systemMustContain: options
+systemMustContain: fromServer
+systemMustContain: enabledConnection
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTDS-Connection,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTDS-DSA-RO,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTDS-DSA-RO
+subClassOf: nTDSDSA
+governsID: 1.2.840.113556.1.5.254
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTDS-DSA-RO
+adminDescription: 
+ A subclass of Directory Service Agent which is distinguished by its reduced pr
+ ivilege level.
+objectClassCategory: 1
+lDAPDisplayName: nTDSDSARO
+schemaIDGUID:: wW7RhZEHyEuKs3CYBgL/jA==
+systemOnly: TRUE
+systemPossSuperiors: organization
+systemPossSuperiors: server
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTDS-DSA-RO,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTDS-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTDS-Service
+subClassOf: top
+governsID: 1.2.840.113556.1.5.72
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTDS-Service
+adminDescription: NTDS-Service
+objectClassCategory: 1
+lDAPDisplayName: nTDSService
+schemaIDGUID:: X1oZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msDS-DeletedObjectLifetime
+systemMayContain: tombstoneLifetime
+systemMayContain: sPNMappings
+systemMayContain: replTopologyStayOfExecution
+systemMayContain: msDS-Other-Settings
+systemMayContain: garbageCollPeriod
+systemMayContain: dSHeuristics
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTDS-Site-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTDS-Site-Settings
+subClassOf: applicationSiteSettings
+governsID: 1.2.840.113556.1.5.69
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTDS-Site-Settings
+adminDescription: NTDS-Site-Settings
+objectClassCategory: 1
+lDAPDisplayName: nTDSSiteSettings
+schemaIDGUID:: XVoZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: site
+systemMayContain: schedule
+systemMayContain: queryPolicyObject
+systemMayContain: options
+systemMayContain: msDS-Preferred-GC-Site
+systemMayContain: managedBy
+systemMayContain: interSiteTopologyRenew
+systemMayContain: interSiteTopologyGenerator
+systemMayContain: interSiteTopologyFailover
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTDS-Site-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTFRS-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTFRS-Member
+subClassOf: top
+governsID: 1.2.840.113556.1.5.153
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTFRS-Member
+adminDescription: NTFRS-Member
+objectClassCategory: 1
+lDAPDisplayName: nTFRSMember
+schemaIDGUID:: hiUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: nTFRSReplicaSet
+systemMayContain: serverReference
+systemMayContain: fRSUpdateTimeout
+systemMayContain: fRSServiceCommand
+systemMayContain: fRSRootSecurity
+systemMayContain: fRSPartnerAuthLevel
+systemMayContain: fRSFlags
+systemMayContain: fRSExtensions
+systemMayContain: fRSControlOutboundBacklog
+systemMayContain: fRSControlInboundBacklog
+systemMayContain: fRSControlDataCreation
+systemMayContain: frsComputerReference
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTFRS-Member,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTFRS-Replica-Set,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTFRS-Replica-Set
+subClassOf: top
+governsID: 1.2.840.113556.1.5.102
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTFRS-Replica-Set
+adminDescription: NTFRS-Replica-Set
+objectClassCategory: 1
+lDAPDisplayName: nTFRSReplicaSet
+schemaIDGUID:: OoBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: nTFRSSettings
+systemMayContain: schedule
+systemMayContain: msFRS-Topology-Pref
+systemMayContain: msFRS-Hub-Member
+systemMayContain: managedBy
+systemMayContain: fRSVersionGUID
+systemMayContain: fRSServiceCommand
+systemMayContain: fRSRootSecurity
+systemMayContain: fRSReplicaSetType
+systemMayContain: fRSReplicaSetGUID
+systemMayContain: fRSPrimaryMember
+systemMayContain: fRSPartnerAuthLevel
+systemMayContain: fRSLevelLimit
+systemMayContain: fRSFlags
+systemMayContain: fRSFileFilter
+systemMayContain: fRSExtensions
+systemMayContain: fRSDSPoll
+systemMayContain: fRSDirectoryFilter
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(OA;;CCDC;2a132586-9373-11d1
+ -aebc-0000f80367c1;;ED)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTFRS-Replica-Set,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTFRS-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTFRS-Settings
+subClassOf: applicationSettings
+governsID: 1.2.840.113556.1.5.89
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTFRS-Settings
+adminDescription: NTFRS-Settings
+objectClassCategory: 1
+lDAPDisplayName: nTFRSSettings
+schemaIDGUID:: wqyA9/BW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: nTFRSSettings
+systemPossSuperiors: container
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: organization
+systemMayContain: managedBy
+systemMayContain: fRSExtensions
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTFRS-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTFRS-Subscriber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTFRS-Subscriber
+subClassOf: top
+governsID: 1.2.840.113556.1.5.155
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTFRS-Subscriber
+adminDescription: NTFRS-Subscriber
+objectClassCategory: 1
+lDAPDisplayName: nTFRSSubscriber
+schemaIDGUID:: iCUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: nTFRSSubscriptions
+systemMayContain: schedule
+systemMayContain: fRSUpdateTimeout
+systemMayContain: fRSTimeLastConfigChange
+systemMayContain: fRSTimeLastCommand
+systemMayContain: fRSServiceCommandStatus
+systemMayContain: fRSServiceCommand
+systemMayContain: fRSMemberReference
+systemMayContain: fRSFlags
+systemMayContain: fRSFaultCondition
+systemMayContain: fRSExtensions
+systemMustContain: fRSStagingPath
+systemMustContain: fRSRootPath
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWO
+ WDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTFRS-Subscriber,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTFRS-Subscriptions,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTFRS-Subscriptions
+subClassOf: top
+governsID: 1.2.840.113556.1.5.154
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTFRS-Subscriptions
+adminDescription: NTFRS-Subscriptions
+objectClassCategory: 1
+lDAPDisplayName: nTFRSSubscriptions
+schemaIDGUID:: hyUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: user
+systemPossSuperiors: computer
+systemPossSuperiors: nTFRSSubscriptions
+systemMayContain: fRSWorkingPath
+systemMayContain: fRSVersion
+systemMayContain: fRSExtensions
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWO
+ WDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTFRS-Subscriptions,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Organizational-Person,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Organizational-Person
+subClassOf: person
+governsID: 2.5.6.7
+mayContain: msDS-HABSeniorityIndex
+mayContain: msDS-PhoneticDisplayName
+mayContain: msDS-PhoneticCompanyName
+mayContain: msDS-PhoneticDepartment
+mayContain: msDS-PhoneticLastName
+mayContain: msDS-PhoneticFirstName
+mayContain: houseIdentifier
+mayContain: msExchHouseIdentifier
+mayContain: homePostalAddress
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Organizational-Person
+adminDescription: Organizational-Person
+objectClassCategory: 0
+lDAPDisplayName: organizationalPerson
+schemaIDGUID:: pHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: organization
+systemPossSuperiors: container
+systemMayContain: msDS-AllowedToActOnBehalfOfOtherIdentity
+systemMayContain: x121Address
+systemMayContain: comment
+systemMayContain: title
+systemMayContain: co
+systemMayContain: primaryTelexNumber
+systemMayContain: telexNumber
+systemMayContain: teletexTerminalIdentifier
+systemMayContain: street
+systemMayContain: st
+systemMayContain: registeredAddress
+systemMayContain: preferredDeliveryMethod
+systemMayContain: postalCode
+systemMayContain: postalAddress
+systemMayContain: postOfficeBox
+systemMayContain: thumbnailPhoto
+systemMayContain: physicalDeliveryOfficeName
+systemMayContain: pager
+systemMayContain: otherPager
+systemMayContain: otherTelephone
+systemMayContain: mobile
+systemMayContain: otherMobile
+systemMayContain: primaryInternationalISDNNumber
+systemMayContain: ipPhone
+systemMayContain: otherIpPhone
+systemMayContain: otherHomePhone
+systemMayContain: homePhone
+systemMayContain: otherFacsimileTelephoneNumber
+systemMayContain: personalTitle
+systemMayContain: middleName
+systemMayContain: otherMailbox
+systemMayContain: ou
+systemMayContain: o
+systemMayContain: mhsORAddress
+systemMayContain: msDS-AllowedToDelegateTo
+systemMayContain: manager
+systemMayContain: thumbnailLogo
+systemMayContain: l
+systemMayContain: internationalISDNNumber
+systemMayContain: initials
+systemMayContain: givenName
+systemMayContain: generationQualifier
+systemMayContain: facsimileTelephoneNumber
+systemMayContain: employeeID
+systemMayContain: mail
+systemMayContain: division
+systemMayContain: destinationIndicator
+systemMayContain: department
+systemMayContain: c
+systemMayContain: countryCode
+systemMayContain: company
+systemMayContain: assistant
+systemMayContain: streetAddress
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Organizational-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Organizational-Role
+subClassOf: top
+governsID: 2.5.6.8
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Organizational-Role
+adminDescription: Organizational-Role
+objectClassCategory: 1
+lDAPDisplayName: organizationalRole
+schemaIDGUID:: v3TfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: organization
+systemPossSuperiors: container
+systemMayContain: x121Address
+systemMayContain: telexNumber
+systemMayContain: teletexTerminalIdentifier
+systemMayContain: telephoneNumber
+systemMayContain: street
+systemMayContain: st
+systemMayContain: seeAlso
+systemMayContain: roleOccupant
+systemMayContain: registeredAddress
+systemMayContain: preferredDeliveryMethod
+systemMayContain: postalCode
+systemMayContain: postalAddress
+systemMayContain: postOfficeBox
+systemMayContain: physicalDeliveryOfficeName
+systemMayContain: ou
+systemMayContain: l
+systemMayContain: internationalISDNNumber
+systemMayContain: facsimileTelephoneNumber
+systemMayContain: destinationIndicator
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Organizational-Role,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Organizational-Unit
+subClassOf: top
+governsID: 2.5.6.5
+rDNAttID: ou
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Organizational-Unit
+adminDescription: Organizational-Unit
+objectClassCategory: 1
+lDAPDisplayName: organizationalUnit
+schemaIDGUID:: pXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: country
+systemPossSuperiors: organization
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: x121Address
+systemMayContain: userPassword
+systemMayContain: uPNSuffixes
+systemMayContain: co
+systemMayContain: telexNumber
+systemMayContain: teletexTerminalIdentifier
+systemMayContain: telephoneNumber
+systemMayContain: street
+systemMayContain: st
+systemMayContain: seeAlso
+systemMayContain: searchGuide
+systemMayContain: registeredAddress
+systemMayContain: preferredDeliveryMethod
+systemMayContain: postalCode
+systemMayContain: postalAddress
+systemMayContain: postOfficeBox
+systemMayContain: physicalDeliveryOfficeName
+systemMayContain: msCOM-UserPartitionSetLink
+systemMayContain: managedBy
+systemMayContain: thumbnailLogo
+systemMayContain: l
+systemMayContain: internationalISDNNumber
+systemMayContain: gPOptions
+systemMayContain: gPLink
+systemMayContain: facsimileTelephoneNumber
+systemMayContain: destinationIndicator
+systemMayContain: desktopProfile
+systemMayContain: defaultGroup
+systemMayContain: countryCode
+systemMayContain: c
+systemMayContain: businessCategory
+systemMustContain: ou
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(OA;
+ ;CCDC;bf967a86-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aba-0de6-11d0-a2
+ 85-00aa003049e2;;AO)(OA;;CCDC;bf967a9c-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CC
+ DC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;E
+ D)(OA;;CCDC;4828CC14-1437-45bc-9B07-AD6F015E5F28;;AO)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Package-Registration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Package-Registration
+subClassOf: top
+governsID: 1.2.840.113556.1.5.49
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Package-Registration
+adminDescription: Package-Registration
+objectClassCategory: 1
+lDAPDisplayName: packageRegistration
+schemaIDGUID:: pnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: classStore
+systemMayContain: versionNumberLo
+systemMayContain: versionNumberHi
+systemMayContain: vendor
+systemMayContain: upgradeProductCode
+systemMayContain: setupCommand
+systemMayContain: productCode
+systemMayContain: packageType
+systemMayContain: packageName
+systemMayContain: packageFlags
+systemMayContain: msiScriptSize
+systemMayContain: msiScriptPath
+systemMayContain: msiScriptName
+systemMayContain: msiScript
+systemMayContain: msiFileList
+systemMayContain: managedBy
+systemMayContain: machineArchitecture
+systemMayContain: localeID
+systemMayContain: lastUpdateSequence
+systemMayContain: installUiLevel
+systemMayContain: iconPath
+systemMayContain: fileExtPriority
+systemMayContain: cOMTypelibId
+systemMayContain: cOMProgID
+systemMayContain: cOMInterfaceID
+systemMayContain: cOMClassID
+systemMayContain: categories
+systemMayContain: canUpgradeScript
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Package-Registration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Physical-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Physical-Location
+subClassOf: locality
+governsID: 1.2.840.113556.1.5.97
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Physical-Location
+adminDescription: Physical-Location
+objectClassCategory: 1
+lDAPDisplayName: physicalLocation
+schemaIDGUID:: IjGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: physicalLocation
+systemPossSuperiors: configuration
+systemMayContain: managedBy
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Physical-Location,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Certificate-Template,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: PKI-Certificate-Template
+subClassOf: top
+governsID: 1.2.840.113556.1.5.177
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Certificate-Template
+adminDescription: PKI-Certificate-Template
+objectClassCategory: 1
+lDAPDisplayName: pKICertificateTemplate
+schemaIDGUID:: opwg5bo70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: pKIOverlapPeriod
+systemMayContain: pKIMaxIssuingDepth
+systemMayContain: pKIKeyUsage
+systemMayContain: pKIExtendedKeyUsage
+systemMayContain: pKIExpirationPeriod
+systemMayContain: pKIEnrollmentAccess
+systemMayContain: pKIDefaultCSPs
+systemMayContain: pKIDefaultKeySpec
+systemMayContain: pKICriticalExtensions
+systemMayContain: msPKI-RA-Signature
+systemMayContain: msPKI-RA-Policies
+systemMayContain: msPKI-RA-Application-Policies
+systemMayContain: msPKI-Template-Schema-Version
+systemMayContain: msPKI-Template-Minor-Revision
+systemMayContain: msPKI-Supersede-Templates
+systemMayContain: msPKI-Private-Key-Flag
+systemMayContain: msPKI-Minimal-Key-Size
+systemMayContain: msPKI-Enrollment-Flag
+systemMayContain: msPKI-Certificate-Policy
+systemMayContain: msPKI-Certificate-Name-Flag
+systemMayContain: msPKI-Certificate-Application-Policy
+systemMayContain: msPKI-Cert-Template-OID
+systemMayContain: flags
+systemMayContain: displayName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=PKI-Certificate-Template,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Enrollment-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: PKI-Enrollment-Service
+subClassOf: top
+governsID: 1.2.840.113556.1.5.178
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Enrollment-Service
+adminDescription: PKI-Enrollment-Service
+objectClassCategory: 1
+lDAPDisplayName: pKIEnrollmentService
+schemaIDGUID:: kqZK7ro70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msPKI-Site-Name
+systemMayContain: msPKI-Enrollment-Servers
+systemMayContain: signatureAlgorithms
+systemMayContain: enrollmentProviders
+systemMayContain: dNSHostName
+systemMayContain: certificateTemplates
+systemMayContain: cACertificateDN
+systemMayContain: cACertificate
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=PKI-Enrollment-Service,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Private-Key-Recovery-Agent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-PKI-Private-Key-Recovery-Agent
+subClassOf: top
+governsID: 1.2.840.113556.1.5.223
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Private-Key-Recovery-Agent
+adminDescription: ms-PKI-Private-Key-Recovery-Agent
+objectClassCategory: 1
+lDAPDisplayName: msPKI-PrivateKeyRecoveryAgent
+schemaIDGUID:: MqZiFblEfkqi0+QmyWo6zA==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMustContain: userCertificate
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-PKI-Private-Key-Recovery-Agent,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Queue,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Print-Queue
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.23
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Queue
+adminDescription: Print-Queue
+objectClassCategory: 1
+lDAPDisplayName: printQueue
+schemaIDGUID:: qHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemMayContain: priority
+systemMayContain: printStatus
+systemMayContain: printStartTime
+systemMayContain: printStaplingSupported
+systemMayContain: printSpooling
+systemMayContain: printShareName
+systemMayContain: printSeparatorFile
+systemMayContain: printRateUnit
+systemMayContain: printRate
+systemMayContain: printPagesPerMinute
+systemMayContain: printOwner
+systemMayContain: printOrientationsSupported
+systemMayContain: printNumberUp
+systemMayContain: printNotify
+systemMayContain: printNetworkAddress
+systemMayContain: printMinYExtent
+systemMayContain: printMinXExtent
+systemMayContain: printMemory
+systemMayContain: printMediaSupported
+systemMayContain: printMediaReady
+systemMayContain: printMaxYExtent
+systemMayContain: printMaxXExtent
+systemMayContain: printMaxResolutionSupported
+systemMayContain: printMaxCopies
+systemMayContain: printMACAddress
+systemMayContain: printLanguage
+systemMayContain: printKeepPrintedJobs
+systemMayContain: printFormName
+systemMayContain: printEndTime
+systemMayContain: printDuplexSupported
+systemMayContain: printColor
+systemMayContain: printCollate
+systemMayContain: printBinNames
+systemMayContain: printAttributes
+systemMayContain: portName
+systemMayContain: physicalLocationObject
+systemMayContain: operatingSystemVersion
+systemMayContain: operatingSystemServicePack
+systemMayContain: operatingSystemHotfix
+systemMayContain: operatingSystem
+systemMayContain: location
+systemMayContain: driverVersion
+systemMayContain: driverName
+systemMayContain: defaultPriority
+systemMayContain: bytesPerMinute
+systemMayContain: assetNumber
+systemMustContain: versionNumber
+systemMustContain: uNCName
+systemMustContain: shortServerName
+systemMustContain: serverName
+systemMustContain: printerName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;PO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLO
+ RC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Print-Queue,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Query-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Query-Policy
+subClassOf: top
+governsID: 1.2.840.113556.1.5.106
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Query-Policy
+adminDescription: Query-Policy
+objectClassCategory: 1
+lDAPDisplayName: queryPolicy
+schemaIDGUID:: dXDMg6fM0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: lDAPIPDenyList
+systemMayContain: lDAPAdminLimits
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Query-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Mail-Recipient,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Remote-Mail-Recipient
+subClassOf: top
+governsID: 1.2.840.113556.1.5.24
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Remote-Mail-Recipient
+adminDescription: Remote-Mail-Recipient
+objectClassCategory: 1
+lDAPDisplayName: remoteMailRecipient
+schemaIDGUID:: qXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: remoteSourceType
+systemMayContain: remoteSource
+systemMayContain: managedBy
+systemAuxiliaryClass: mailRecipient
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(OA;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Remote-Mail-Recipient,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Storage-Service-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Remote-Storage-Service-Point
+subClassOf: serviceAdministrationPoint
+governsID: 1.2.840.113556.1.5.146
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Remote-Storage-Service-Point
+adminDescription: Remote-Storage-Service-Point
+objectClassCategory: 1
+lDAPDisplayName: remoteStorageServicePoint
+schemaIDGUID:: vcU5KmCJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemMayContain: remoteStorageGUID
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Remote-Storage-Service-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Residential-Person,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Residential-Person
+subClassOf: person
+governsID: 2.5.6.10
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Residential-Person
+adminDescription: Residential-Person
+objectClassCategory: 1
+lDAPDisplayName: residentialPerson
+schemaIDGUID:: 1nTfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: locality
+systemPossSuperiors: container
+systemMayContain: x121Address
+systemMayContain: title
+systemMayContain: telexNumber
+systemMayContain: teletexTerminalIdentifier
+systemMayContain: street
+systemMayContain: st
+systemMayContain: registeredAddress
+systemMayContain: preferredDeliveryMethod
+systemMayContain: postalCode
+systemMayContain: postalAddress
+systemMayContain: postOfficeBox
+systemMayContain: physicalDeliveryOfficeName
+systemMayContain: ou
+systemMayContain: l
+systemMayContain: internationalISDNNumber
+systemMayContain: facsimileTelephoneNumber
+systemMayContain: destinationIndicator
+systemMayContain: businessCategory
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Residential-Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rFC822LocalPart,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rFC822LocalPart
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: domain
+governsID: 0.9.2342.19200300.100.4.14
+mayContain: x121Address
+mayContain: telexNumber
+mayContain: teletexTerminalIdentifier
+mayContain: telephoneNumber
+mayContain: street
+mayContain: sn
+mayContain: seeAlso
+mayContain: registeredAddress
+mayContain: preferredDeliveryMethod
+mayContain: postOfficeBox
+mayContain: postalCode
+mayContain: postalAddress
+mayContain: physicalDeliveryOfficeName
+mayContain: internationalISDNNumber
+mayContain: facsimileTelephoneNumber
+mayContain: destinationIndicator
+mayContain: description
+mayContain: cn
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rFC822LocalPart
+adminDescription: 
+ The rFC822LocalPart object class is used to define entries which represent the
+  local part of mail addresses.
+objectClassCategory: 1
+lDAPDisplayName: rFC822LocalPart
+schemaIDGUID:: eDo+ua7LXkige170rlBWhg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rFC822LocalPart,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Manager,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: RID-Manager
+subClassOf: top
+governsID: 1.2.840.113556.1.5.83
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Manager
+adminDescription: RID-Manager
+objectClassCategory: 1
+lDAPDisplayName: rIDManager
+schemaIDGUID:: jRgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: TRUE
+systemPossSuperiors: container
+systemMayContain: msDS-RIDPoolAllocationEnabled
+systemMustContain: rIDAvailablePool
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)S:(AU;SA;CRWP;;;WD)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=RID-Manager,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Set,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: RID-Set
+subClassOf: top
+governsID: 1.2.840.113556.1.5.129
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Set
+adminDescription: RID-Set
+objectClassCategory: 1
+lDAPDisplayName: rIDSet
+schemaIDGUID:: icv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: TRUE
+systemPossSuperiors: user
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemMustContain: rIDUsedPool
+systemMustContain: rIDPreviousAllocationPool
+systemMustContain: rIDNextRID
+systemMustContain: rIDAllocationPool
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=RID-Set,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=room,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: room
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 0.9.2342.19200300.100.4.7
+mustContain: cn
+mayContain: location
+mayContain: telephoneNumber
+mayContain: seeAlso
+mayContain: description
+mayContain: roomNumber
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: room
+adminDescription: 
+ The room object class is used to define entries representing rooms.
+objectClassCategory: 1
+lDAPDisplayName: room
+schemaIDGUID:: 0uVgeLDIu0y9RdlFW+uSBg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=room,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Rpc-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Rpc-Container
+subClassOf: container
+governsID: 1.2.840.113556.1.5.136
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Rpc-Container
+adminDescription: Rpc-Container
+objectClassCategory: 1
+lDAPDisplayName: rpcContainer
+schemaIDGUID:: QighgNxL0RGpxAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: nameServiceFlags
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Rpc-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rpc-Entry
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.27
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Entry
+adminDescription: rpc-Entry
+objectClassCategory: 2
+lDAPDisplayName: rpcEntry
+schemaIDGUID:: rHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rpc-Entry,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rpc-Group
+subClassOf: rpcEntry
+governsID: 1.2.840.113556.1.5.80
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Group
+adminDescription: rpc-Group
+objectClassCategory: 1
+lDAPDisplayName: rpcGroup
+schemaIDGUID:: 3xthiPSM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: rpcNsObjectID
+systemMayContain: rpcNsGroup
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rpc-Group,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Profile,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rpc-Profile
+subClassOf: rpcEntry
+governsID: 1.2.840.113556.1.5.82
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Profile
+adminDescription: rpc-Profile
+objectClassCategory: 1
+lDAPDisplayName: rpcProfile
+schemaIDGUID:: 4RthiPSM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rpc-Profile,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Profile-Element,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rpc-Profile-Element
+subClassOf: rpcEntry
+governsID: 1.2.840.113556.1.5.26
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Profile-Element
+adminDescription: rpc-Profile-Element
+objectClassCategory: 1
+lDAPDisplayName: rpcProfileElement
+schemaIDGUID:: z1OW8tB60BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: rpcProfile
+systemMayContain: rpcNsProfileEntry
+systemMayContain: rpcNsAnnotation
+systemMustContain: rpcNsPriority
+systemMustContain: rpcNsInterfaceID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rpc-Profile-Element,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rpc-Server
+subClassOf: rpcEntry
+governsID: 1.2.840.113556.1.5.81
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Server
+adminDescription: rpc-Server
+objectClassCategory: 1
+lDAPDisplayName: rpcServer
+schemaIDGUID:: 4BthiPSM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: rpcNsObjectID
+systemMayContain: rpcNsEntryFlags
+systemMayContain: rpcNsCodeset
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rpc-Server,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Server-Element,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rpc-Server-Element
+subClassOf: rpcEntry
+governsID: 1.2.840.113556.1.5.73
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Server-Element
+adminDescription: rpc-Server-Element
+objectClassCategory: 1
+lDAPDisplayName: rpcServerElement
+schemaIDGUID:: 0FOW8tB60BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: rpcServer
+systemMustContain: rpcNsTransferSyntax
+systemMustContain: rpcNsInterfaceID
+systemMustContain: rpcNsBindings
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rpc-Server-Element,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RRAS-Administration-Connection-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: RRAS-Administration-Connection-Point
+subClassOf: serviceAdministrationPoint
+governsID: 1.2.840.113556.1.5.150
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RRAS-Administration-Connection-Point
+adminDescription: RRAS-Administration-Connection-Point
+objectClassCategory: 1
+lDAPDisplayName: rRASAdministrationConnectionPoint
+schemaIDGUID:: vsU5KmCJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemMayContain: msRRASAttribute
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=RRAS-Administration-Connection-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RRAS-Administration-Dictionary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: RRAS-Administration-Dictionary
+subClassOf: top
+governsID: 1.2.840.113556.1.5.156
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RRAS-Administration-Dictionary
+adminDescription: RRAS-Administration-Dictionary
+objectClassCategory: 1
+lDAPDisplayName: rRASAdministrationDictionary
+schemaIDGUID:: rpib842T0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msRRASVendorAttributeEntry
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWO
+ WDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=RRAS-Administration-Dictionary,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sam-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Sam-Domain
+subClassOf: top
+governsID: 1.2.840.113556.1.5.3
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sam-Domain
+adminDescription: Sam-Domain
+objectClassCategory: 3
+lDAPDisplayName: samDomain
+schemaIDGUID:: kHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemMayContain: treeName
+systemMayContain: rIDManagerReference
+systemMayContain: replicaSource
+systemMayContain: pwdProperties
+systemMayContain: pwdHistoryLength
+systemMayContain: privateKey
+systemMayContain: pekList
+systemMayContain: pekKeyChangeInterval
+systemMayContain: nTMixedDomain
+systemMayContain: nextRid
+systemMayContain: nETBIOSName
+systemMayContain: msDS-PerUserTrustTombstonesQuota
+systemMayContain: msDS-PerUserTrustQuota
+systemMayContain: ms-DS-MachineAccountQuota
+systemMayContain: msDS-LogonTimeSyncInterval
+systemMayContain: msDS-AllUsersTrustQuota
+systemMayContain: modifiedCountAtLastProm
+systemMayContain: minPwdLength
+systemMayContain: minPwdAge
+systemMayContain: maxPwdAge
+systemMayContain: lSAModifiedCount
+systemMayContain: lSACreationTime
+systemMayContain: lockoutThreshold
+systemMayContain: lockoutDuration
+systemMayContain: lockOutObservationWindow
+systemMayContain: gPOptions
+systemMayContain: gPLink
+systemMayContain: eFSPolicy
+systemMayContain: domainPolicyObject
+systemMayContain: desktopProfile
+systemMayContain: description
+systemMayContain: defaultLocalPolicyObject
+systemMayContain: creationTime
+systemMayContain: controlAccessRights
+systemMayContain: cACertificate
+systemMayContain: builtinModifiedCount
+systemMayContain: builtinCreationTime
+systemMayContain: auditingPolicy
+systemAuxiliaryClass: samDomainBase
+defaultSecurityDescriptor: 
+ D:(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;S-1-5-21-2063560558-3296776465
+ -833389195-498)(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(O
+ A;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f
+ -00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;113
+ 1f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2
+ dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCW
+ DWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDD
+ TSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967a
+ ba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2
+ d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-90
+ 20-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-2
+ 0c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP
+ ;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)
+ (OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0
+ de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-1
+ 1d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b422
+ -00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79a
+ 2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;b
+ c0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(O
+ A;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015
+ E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9
+ B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU
+ )(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-a
+ b7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba
+ -0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f6
+ 08;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e
+ -00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;WP;ea1b7b93-5e4
+ 8-46d5-bc6c-4df4fda78a35;bf967a86-0de6-11d0-a285-00aa003049e2;PS)(OA;;CR;1131f
+ 6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda64
+ 0c;;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;89e95b76-444d-
+ 4c62-991a-0facbeda640c;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5
+ -32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad
+ -4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)(
+ OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ae-9c07-11d1-f79
+ f-00c04fc2dcd2;;BA)(OA;CIIO;CRRPWP;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)(O
+ A;CIOI;RPWP;3f78c3e5-f79a-46bd-a0b8-9d18116ddc79;;PS)(OA;CIIO;SW;9b026da6-0d3c
+ -465c-8bee-5199d7165cba;bf967a86-0de6-11d0-a285-00aa003049e2;PS)(OA;CIIO;SW;9b
+ 026da6-0d3c-465c-8bee-5199d7165cba;bf967a86-0de6-11d0-a285-00aa003049e2;CO)S:(
+ AU;SA;WDWOWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1
+ -b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bb
+ f-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Sam-Domain,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sam-Domain-Base,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Sam-Domain-Base
+subClassOf: top
+governsID: 1.2.840.113556.1.5.2
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sam-Domain-Base
+adminDescription: Sam-Domain-Base
+objectClassCategory: 3
+lDAPDisplayName: samDomainBase
+schemaIDGUID:: kXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemMayContain: uASCompat
+systemMayContain: serverState
+systemMayContain: serverRole
+systemMayContain: revision
+systemMayContain: pwdProperties
+systemMayContain: pwdHistoryLength
+systemMayContain: oEMInformation
+systemMayContain: objectSid
+systemMayContain: nTSecurityDescriptor
+systemMayContain: nextRid
+systemMayContain: modifiedCountAtLastProm
+systemMayContain: modifiedCount
+systemMayContain: minPwdLength
+systemMayContain: minPwdAge
+systemMayContain: maxPwdAge
+systemMayContain: lockoutThreshold
+systemMayContain: lockoutDuration
+systemMayContain: lockOutObservationWindow
+systemMayContain: forceLogoff
+systemMayContain: domainReplica
+systemMayContain: creationTime
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Sam-Domain-Base,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sam-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Sam-Server
+subClassOf: securityObject
+governsID: 1.2.840.113556.1.5.5
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sam-Server
+adminDescription: Sam-Server
+objectClassCategory: 1
+lDAPDisplayName: samServer
+schemaIDGUID:: rXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemMayContain: samDomainUpdates
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPLCLORC;;;RU)(OA;;CR;91d67418-0135-4acc-8d79-c08e857cfbec;;
+ AU)(OA;;CR;91d67418-0135-4acc-8d79-c08e857cfbec;;RU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Sam-Server,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Secret,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Secret
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.28
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Secret
+adminDescription: Secret
+objectClassCategory: 1
+lDAPDisplayName: secret
+schemaIDGUID:: rnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: priorValue
+systemMayContain: priorSetTime
+systemMayContain: lastSetTime
+systemMayContain: currentValue
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Secret,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Security-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Security-Object
+subClassOf: top
+governsID: 1.2.840.113556.1.5.1
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Security-Object
+adminDescription: Security-Object
+objectClassCategory: 2
+lDAPDisplayName: securityObject
+schemaIDGUID:: r3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Security-Object,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Security-Principal,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Security-Principal
+subClassOf: top
+governsID: 1.2.840.113556.1.5.6
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Security-Principal
+adminDescription: Security-Principal
+objectClassCategory: 3
+lDAPDisplayName: securityPrincipal
+schemaIDGUID:: sHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemMayContain: supplementalCredentials
+systemMayContain: sIDHistory
+systemMayContain: securityIdentifier
+systemMayContain: sAMAccountType
+systemMayContain: rid
+systemMayContain: msds-tokenGroupNamesNoGCAcceptable
+systemMayContain: msds-tokenGroupNamesGlobalAndUniversal
+systemMayContain: msds-tokenGroupNames
+systemMayContain: tokenGroupsNoGCAcceptable
+systemMayContain: tokenGroupsGlobalAndUniversal
+systemMayContain: tokenGroups
+systemMayContain: nTSecurityDescriptor
+systemMayContain: msDS-KeyVersionNumber
+systemMayContain: altSecurityIdentities
+systemMayContain: accountNameHistory
+systemMustContain: sAMAccountName
+systemMustContain: objectSid
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Security-Principal,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Server
+subClassOf: top
+governsID: 1.2.840.113556.1.5.17
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Server
+adminDescription: Server
+objectClassCategory: 1
+lDAPDisplayName: server
+schemaIDGUID:: knqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: serversContainer
+systemMayContain: msDS-IsUserCachableAtRodc
+systemMayContain: msDS-SiteName
+systemMayContain: msDS-isRODC
+systemMayContain: msDS-isGC
+systemMayContain: mailAddress
+systemMayContain: serverReference
+systemMayContain: serialNumber
+systemMayContain: managedBy
+systemMayContain: dNSHostName
+systemMayContain: bridgeheadTransportList
+defaultSecurityDescriptor: 
+ D:(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A
+ ;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Server,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Servers-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Servers-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.7000.48
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Servers-Container
+adminDescription: Servers-Container
+objectClassCategory: 1
+lDAPDisplayName: serversContainer
+schemaIDGUID:: wKyA9/BW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: site
+defaultSecurityDescriptor: 
+ D:(A;;CC;;;BA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Servers-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Administration-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Service-Administration-Point
+subClassOf: serviceConnectionPoint
+governsID: 1.2.840.113556.1.5.94
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Administration-Point
+adminDescription: Service-Administration-Point
+objectClassCategory: 1
+lDAPDisplayName: serviceAdministrationPoint
+schemaIDGUID:: IzGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: computer
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Service-Administration-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Service-Class
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.29
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Class
+adminDescription: Service-Class
+objectClassCategory: 1
+lDAPDisplayName: serviceClass
+schemaIDGUID:: sXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: serviceClassInfo
+systemMustContain: serviceClassID
+systemMustContain: displayName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Service-Class,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Connection-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Service-Connection-Point
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.126
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Connection-Point
+adminDescription: Service-Connection-Point
+objectClassCategory: 1
+lDAPDisplayName: serviceConnectionPoint
+schemaIDGUID:: wQ5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemMayContain: versionNumberLo
+systemMayContain: versionNumberHi
+systemMayContain: versionNumber
+systemMayContain: vendor
+systemMayContain: serviceDNSNameType
+systemMayContain: serviceDNSName
+systemMayContain: serviceClassName
+systemMayContain: serviceBindingInformation
+systemMayContain: appSchemaVersion
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Service-Connection-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Instance,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Service-Instance
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.30
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Instance
+adminDescription: Service-Instance
+objectClassCategory: 1
+lDAPDisplayName: serviceInstance
+schemaIDGUID:: snqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: winsockAddresses
+systemMayContain: serviceInstanceVersion
+systemMustContain: serviceClassID
+systemMustContain: displayName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Service-Instance,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=simpleSecurityObject,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: simpleSecurityObject
+subClassOf: top
+governsID: 0.9.2342.19200300.100.4.19
+mayContain: userPassword
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: simpleSecurityObject
+adminDescription: 
+ The simpleSecurityObject object class is used to allow an entry to have a user
+ Password attribute when an entry's principal object classes do not allow userP
+ assword as an attribute type.
+objectClassCategory: 3
+lDAPDisplayName: simpleSecurityObject
+schemaIDGUID:: C5vmX0bhFU+wq8Hl1IjglA==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=simpleSecurityObject,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Site
+subClassOf: top
+governsID: 1.2.840.113556.1.5.31
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site
+adminDescription: Site
+objectClassCategory: 1
+lDAPDisplayName: site
+schemaIDGUID:: s3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: sitesContainer
+systemMayContain: msDS-BridgeHeadServersUsed
+systemMayContain: notificationList
+systemMayContain: mSMQSiteID
+systemMayContain: mSMQSiteForeign
+systemMayContain: mSMQNt4Stub
+systemMayContain: mSMQInterval2
+systemMayContain: mSMQInterval1
+systemMayContain: managedBy
+systemMayContain: location
+systemMayContain: gPOptions
+systemMayContain: gPLink
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;ED)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Site,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Site-Link
+subClassOf: top
+governsID: 1.2.840.113556.1.5.147
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-Link
+adminDescription: Site-Link
+objectClassCategory: 1
+lDAPDisplayName: siteLink
+schemaIDGUID:: 3iwM1VGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: interSiteTransport
+systemMayContain: schedule
+systemMayContain: replInterval
+systemMayContain: options
+systemMayContain: cost
+systemMustContain: siteList
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Site-Link,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Link-Bridge,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Site-Link-Bridge
+subClassOf: top
+governsID: 1.2.840.113556.1.5.148
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-Link-Bridge
+adminDescription: Site-Link-Bridge
+objectClassCategory: 1
+lDAPDisplayName: siteLinkBridge
+schemaIDGUID:: 3ywM1VGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: interSiteTransport
+systemMustContain: siteLinkList
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Site-Link-Bridge,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sites-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Sites-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.107
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sites-Container
+adminDescription: Sites-Container
+objectClassCategory: 1
+lDAPDisplayName: sitesContainer
+schemaIDGUID:: 2hdBemfN0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: configuration
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Storage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Storage
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.33
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Storage
+adminDescription: Storage
+objectClassCategory: 1
+lDAPDisplayName: storage
+schemaIDGUID:: tXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: monikerDisplayName
+systemMayContain: moniker
+systemMayContain: iconPath
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Storage,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Subnet,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Subnet
+subClassOf: top
+governsID: 1.2.840.113556.1.5.96
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Subnet
+adminDescription: Subnet
+objectClassCategory: 1
+lDAPDisplayName: subnet
+schemaIDGUID:: JDGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: subnetContainer
+systemMayContain: siteObject
+systemMayContain: physicalLocationObject
+systemMayContain: location
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Subnet,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Subnet-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Subnet-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.95
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Subnet-Container
+adminDescription: Subnet-Container
+objectClassCategory: 1
+lDAPDisplayName: subnetContainer
+schemaIDGUID:: JTGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: sitesContainer
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLC
+ LORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Subnet-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Top
+subClassOf: top
+governsID: 2.5.6.0
+mayContain: msSFU30PosixMemberOf
+mayContain: msDFSR-ComputerReferenceBL
+mayContain: msDFSR-MemberReferenceBL
+mayContain: msDS-ObjectReferenceBL
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Top
+adminDescription: Top
+objectClassCategory: 2
+lDAPDisplayName: top
+schemaIDGUID:: t3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemPossSuperiors: lostAndFound
+systemMayContain: msDS-ObjectSoa
+systemMayContain: msDS-SourceAnchor
+systemMayContain: msDS-CloudAnchor
+systemMayContain: msDS-ReplValueMetaDataExt
+systemMayContain: msDS-parentdistname
+systemMayContain: msds-memberTransitive
+systemMayContain: msds-memberOfTransitive
+systemMayContain: msDS-TDOEgressBL
+systemMayContain: msDS-TDOIngressBL
+systemMayContain: msDS-ValueTypeReferenceBL
+systemMayContain: msDS-IsPrimaryComputerFor
+systemMayContain: msDS-ClaimSharesPossibleValuesWithBL
+systemMayContain: msDS-MembersOfResourcePropertyListBL
+systemMayContain: msDS-EnabledFeatureBL
+systemMayContain: msDS-LastKnownRDN
+systemMayContain: msDS-HostServiceAccountBL
+systemMayContain: msDS-OIDToGroupLinkBl
+systemMayContain: msDS-LocalEffectiveRecycleTime
+systemMayContain: msDS-LocalEffectiveDeletionTime
+systemMayContain: msDS-PSOApplied
+systemMayContain: msDS-NcType
+systemMayContain: msDS-PrincipalName
+systemMayContain: msDS-RevealedListBL
+systemMayContain: msDS-NC-RO-Replica-Locations-BL
+systemMayContain: msDS-AuthenticatedToAccountlist
+systemMayContain: msDS-IsPartialReplicaFor
+systemMayContain: msDS-IsDomainFor
+systemMayContain: msDS-IsFullReplicaFor
+systemMayContain: msDS-RevealedDSAs
+systemMayContain: msDS-KrbTgtLinkBl
+systemMayContain: url
+systemMayContain: wWWHomePage
+systemMayContain: whenCreated
+systemMayContain: whenChanged
+systemMayContain: wellKnownObjects
+systemMayContain: wbemPath
+systemMayContain: uSNSource
+systemMayContain: uSNLastObjRem
+systemMayContain: USNIntersite
+systemMayContain: uSNDSALastObjRemoved
+systemMayContain: uSNCreated
+systemMayContain: uSNChanged
+systemMayContain: systemFlags
+systemMayContain: subSchemaSubEntry
+systemMayContain: subRefs
+systemMayContain: structuralObjectClass
+systemMayContain: siteObjectBL
+systemMayContain: serverReferenceBL
+systemMayContain: sDRightsEffective
+systemMayContain: revision
+systemMayContain: repsTo
+systemMayContain: repsFrom
+systemMayContain: directReports
+systemMayContain: replUpToDateVector
+systemMayContain: replPropertyMetaData
+systemMayContain: name
+systemMayContain: queryPolicyBL
+systemMayContain: proxyAddresses
+systemMayContain: proxiedObjectName
+systemMayContain: possibleInferiors
+systemMayContain: partialAttributeSet
+systemMayContain: partialAttributeDeletionList
+systemMayContain: otherWellKnownObjects
+systemMayContain: objectVersion
+systemMayContain: objectGUID
+systemMayContain: distinguishedName
+systemMayContain: nonSecurityMemberBL
+systemMayContain: netbootSCPBL
+systemMayContain: ownerBL
+systemMayContain: msDS-ReplValueMetaData
+systemMayContain: msDS-ReplAttributeMetaData
+systemMayContain: msDS-NonMembersBL
+systemMayContain: msDS-NCReplOutboundNeighbors
+systemMayContain: msDS-NCReplInboundNeighbors
+systemMayContain: msDS-NCReplCursors
+systemMayContain: msDS-TasksForAzRoleBL
+systemMayContain: msDS-TasksForAzTaskBL
+systemMayContain: msDS-OperationsForAzRoleBL
+systemMayContain: msDS-OperationsForAzTaskBL
+systemMayContain: msDS-MembersForAzRoleBL
+systemMayContain: msDs-masteredBy
+systemMayContain: mS-DS-ConsistencyGuid
+systemMayContain: mS-DS-ConsistencyChildCount
+systemMayContain: msDS-Approx-Immed-Subordinates
+systemMayContain: msCOM-PartitionSetLink
+systemMayContain: msCOM-UserLink
+systemMayContain: modifyTimeStamp
+systemMayContain: masteredBy
+systemMayContain: managedObjects
+systemMayContain: lastKnownParent
+systemMayContain: isPrivilegeHolder
+systemMayContain: memberOf
+systemMayContain: isRecycled
+systemMayContain: isDeleted
+systemMayContain: isCriticalSystemObject
+systemMayContain: showInAdvancedViewOnly
+systemMayContain: fSMORoleOwner
+systemMayContain: fRSMemberReferenceBL
+systemMayContain: frsComputerReferenceBL
+systemMayContain: fromEntry
+systemMayContain: flags
+systemMayContain: extensionName
+systemMayContain: dSASignature
+systemMayContain: dSCorePropagationData
+systemMayContain: displayNamePrintable
+systemMayContain: displayName
+systemMayContain: description
+systemMayContain: createTimeStamp
+systemMayContain: cn
+systemMayContain: canonicalName
+systemMayContain: bridgeheadServerListBL
+systemMayContain: allowedChildClassesEffective
+systemMayContain: allowedChildClasses
+systemMayContain: allowedAttributesEffective
+systemMayContain: allowedAttributes
+systemMayContain: adminDisplayName
+systemMayContain: adminDescription
+systemMustContain: objectClass
+systemMustContain: objectCategory
+systemMustContain: nTSecurityDescriptor
+systemMustContain: instanceType
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Top,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trusted-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Trusted-Domain
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.34
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trusted-Domain
+adminDescription: Trusted-Domain
+objectClassCategory: 1
+lDAPDisplayName: trustedDomain
+schemaIDGUID:: uHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msDS-EgressClaimsTransformationPolicy
+systemMayContain: msDS-IngressClaimsTransformationPolicy
+systemMayContain: trustType
+systemMayContain: trustPosixOffset
+systemMayContain: trustPartner
+systemMayContain: trustDirection
+systemMayContain: trustAuthOutgoing
+systemMayContain: trustAuthIncoming
+systemMayContain: trustAttributes
+systemMayContain: securityIdentifier
+systemMayContain: msDS-SupportedEncryptionTypes
+systemMayContain: msDS-TrustForestTrustInfo
+systemMayContain: mS-DS-CreatorSID
+systemMayContain: initialAuthOutgoing
+systemMayContain: initialAuthIncoming
+systemMayContain: flatName
+systemMayContain: domainIdentifier
+systemMayContain: domainCrossRef
+systemMayContain: additionalTrustedServiceNames
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(OA;;WP;736e4812-af31-11d2-b7df-00805f48caeb;bf967ab8-0de6-11d0-
+ a285-00aa003049e2;CO)(A;;SD;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Trusted-Domain,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Type-Library,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Type-Library
+subClassOf: top
+governsID: 1.2.840.113556.1.5.53
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Type-Library
+adminDescription: Type-Library
+objectClassCategory: 1
+lDAPDisplayName: typeLibrary
+schemaIDGUID:: 4hYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: classStore
+systemMayContain: cOMUniqueLIBID
+systemMayContain: cOMInterfaceID
+systemMayContain: cOMClassID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Type-Library,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: User
+subClassOf: organizationalPerson
+governsID: 1.2.840.113556.1.5.9
+mayContain: msDS-SourceObjectDN
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: x500uniqueIdentifier
+mayContain: userSMIMECertificate
+mayContain: userPKCS12
+mayContain: uid
+mayContain: secretary
+mayContain: roomNumber
+mayContain: preferredLanguage
+mayContain: photo
+mayContain: labeledURI
+mayContain: jpegPhoto
+mayContain: homePostalAddress
+mayContain: givenName
+mayContain: employeeType
+mayContain: employeeNumber
+mayContain: displayName
+mayContain: departmentNumber
+mayContain: carLicense
+mayContain: audio
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User
+adminDescription: User
+auxiliaryClass: shadowAccount
+auxiliaryClass: posixAccount
+objectClassCategory: 1
+lDAPDisplayName: user
+schemaIDGUID:: unqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: builtinDomain
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: msDS-KeyCredentialLink
+systemMayContain: msDS-KeyPrincipalBL
+systemMayContain: msDS-AuthNPolicySiloMembersBL
+systemMayContain: msDS-AssignedAuthNPolicySilo
+systemMayContain: msDS-AssignedAuthNPolicy
+systemMayContain: msDS-SyncServerUrl
+systemMayContain: msDS-PrimaryComputer
+systemMayContain: msTSSecondaryDesktops
+systemMayContain: msTSPrimaryDesktop
+systemMayContain: msPKI-CredentialRoamingTokens
+systemMayContain: msDS-ResultantPSO
+systemMayContain: msDS-AuthenticatedAtDC
+systemMayContain: msTSInitialProgram
+systemMayContain: msTSWorkDirectory
+systemMayContain: msTSDefaultToMainPrinter
+systemMayContain: msTSConnectPrinterDrives
+systemMayContain: msTSConnectClientDrives
+systemMayContain: msTSBrokenConnectionAction
+systemMayContain: msTSReconnectionAction
+systemMayContain: msTSMaxIdleTime
+systemMayContain: msTSMaxConnectionTime
+systemMayContain: msTSMaxDisconnectionTime
+systemMayContain: msTSRemoteControl
+systemMayContain: msTSAllowLogon
+systemMayContain: msTSHomeDrive
+systemMayContain: msTSHomeDirectory
+systemMayContain: msTSProfilePath
+systemMayContain: msTSLSProperty02
+systemMayContain: msTSLSProperty01
+systemMayContain: msTSProperty02
+systemMayContain: msTSProperty01
+systemMayContain: msTSManagingLS4
+systemMayContain: msTSManagingLS3
+systemMayContain: msTSManagingLS2
+systemMayContain: msTSManagingLS
+systemMayContain: msTSLicenseVersion4
+systemMayContain: msTSLicenseVersion3
+systemMayContain: msTSLicenseVersion2
+systemMayContain: msTSLicenseVersion
+systemMayContain: msTSExpireDate4
+systemMayContain: msTSExpireDate3
+systemMayContain: msTSExpireDate2
+systemMayContain: msTSExpireDate
+systemMayContain: msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon
+systemMayContain: msDS-FailedInteractiveLogonCount
+systemMayContain: msDS-LastFailedInteractiveLogonTime
+systemMayContain: msDS-LastSuccessfulInteractiveLogonTime
+systemMayContain: msRADIUS-SavedFramedIpv6Route
+systemMayContain: msRADIUS-FramedIpv6Route
+systemMayContain: msRADIUS-SavedFramedIpv6Prefix
+systemMayContain: msRADIUS-FramedIpv6Prefix
+systemMayContain: msRADIUS-SavedFramedInterfaceId
+systemMayContain: msRADIUS-FramedInterfaceId
+systemMayContain: msPKIAccountCredentials
+systemMayContain: msPKIDPAPIMasterKeys
+systemMayContain: msPKIRoamingTimeStamp
+systemMayContain: msDS-SupportedEncryptionTypes
+systemMayContain: msDS-SecondaryKrbTgtNumber
+systemMayContain: pager
+systemMayContain: o
+systemMayContain: mobile
+systemMayContain: manager
+systemMayContain: mail
+systemMayContain: initials
+systemMayContain: homePhone
+systemMayContain: businessCategory
+systemMayContain: userCertificate
+systemMayContain: userWorkstations
+systemMayContain: userSharedFolderOther
+systemMayContain: userSharedFolder
+systemMayContain: userPrincipalName
+systemMayContain: userParameters
+systemMayContain: userAccountControl
+systemMayContain: unicodePwd
+systemMayContain: terminalServer
+systemMayContain: servicePrincipalName
+systemMayContain: scriptPath
+systemMayContain: pwdLastSet
+systemMayContain: profilePath
+systemMayContain: primaryGroupID
+systemMayContain: preferredOU
+systemMayContain: otherLoginWorkstations
+systemMayContain: operatorCount
+systemMayContain: ntPwdHistory
+systemMayContain: networkAddress
+systemMayContain: msRASSavedFramedRoute
+systemMayContain: msRASSavedFramedIPAddress
+systemMayContain: msRASSavedCallbackNumber
+systemMayContain: msRADIUSServiceType
+systemMayContain: msRADIUSFramedRoute
+systemMayContain: msRADIUSFramedIPAddress
+systemMayContain: msRADIUSCallbackNumber
+systemMayContain: msNPSavedCallingStationID
+systemMayContain: msNPCallingStationID
+systemMayContain: msNPAllowDialin
+systemMayContain: mSMQSignCertificatesMig
+systemMayContain: mSMQSignCertificates
+systemMayContain: mSMQDigestsMig
+systemMayContain: mSMQDigests
+systemMayContain: msIIS-FTPRoot
+systemMayContain: msIIS-FTPDir
+systemMayContain: msDS-UserPasswordExpiryTimeComputed
+systemMayContain: msDS-User-Account-Control-Computed
+systemMayContain: msDS-Site-Affinity
+systemMayContain: mS-DS-CreatorSID
+systemMayContain: msDS-Cached-Membership-Time-Stamp
+systemMayContain: msDS-Cached-Membership
+systemMayContain: msDRM-IdentityCertificate
+systemMayContain: msCOM-UserPartitionSetLink
+systemMayContain: maxStorage
+systemMayContain: logonWorkstation
+systemMayContain: logonHours
+systemMayContain: logonCount
+systemMayContain: lockoutTime
+systemMayContain: localeID
+systemMayContain: lmPwdHistory
+systemMayContain: lastLogonTimestamp
+systemMayContain: lastLogon
+systemMayContain: lastLogoff
+systemMayContain: homeDrive
+systemMayContain: homeDirectory
+systemMayContain: groupsToIgnore
+systemMayContain: groupPriority
+systemMayContain: groupMembershipSAM
+systemMayContain: dynamicLDAPServer
+systemMayContain: desktopProfile
+systemMayContain: defaultClassStore
+systemMayContain: dBCSPwd
+systemMayContain: controlAccessRights
+systemMayContain: codePage
+systemMayContain: badPwdCount
+systemMayContain: badPasswordTime
+systemMayContain: adminCount
+systemMayContain: aCSPolicyName
+systemMayContain: accountExpires
+systemAuxiliaryClass: msDS-CloudExtensions
+systemAuxiliaryClass: securityPrincipal
+systemAuxiliaryClass: mailRecipient
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9
+ 819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;
+ ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-000
+ 0F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45
+ 795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968
+ f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a
+ 9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04
+ fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-
+ 9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;
+ AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0
+ -9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;
+ ;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422
+ -11d1-aebd-0000f80367c1;;S-1-5-32-561)(OA;;WPRP;5805bc62-bdc9-4428-a5e2-856a0f
+ 4c185e;;S-1-5-32-561)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Volume,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Volume
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.36
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Volume
+adminDescription: Volume
+objectClassCategory: 1
+lDAPDisplayName: volume
+schemaIDGUID:: u3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: lastContentIndexed
+systemMayContain: contentIndexingAllowed
+systemMustContain: uNCName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Volume,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PosixAccount,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: PosixAccount
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.0
+mayContain: description
+mayContain: gecos
+mayContain: loginShell
+mayContain: unixUserPassword
+mayContain: userPassword
+mayContain: homeDirectory
+mayContain: unixHomeDirectory
+mayContain: gidNumber
+mayContain: uidNumber
+mayContain: cn
+mayContain: uid
+rDNAttID: uid
+showInAdvancedViewOnly: TRUE
+adminDisplayName: posixAccount
+adminDescription: Abstraction of an account with posix attributes
+objectClassCategory: 3
+lDAPDisplayName: posixAccount
+schemaIDGUID:: QbtErdVniE21dXsgZ0522A==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=PosixAccount,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowAccount,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ShadowAccount
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.1
+mayContain: shadowFlag
+mayContain: shadowExpire
+mayContain: shadowInactive
+mayContain: shadowWarning
+mayContain: shadowMax
+mayContain: shadowMin
+mayContain: shadowLastChange
+mayContain: description
+mayContain: userPassword
+mayContain: uid
+rDNAttID: uid
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowAccount
+adminDescription: Additional attributes for shadow passwords
+objectClassCategory: 3
+lDAPDisplayName: shadowAccount
+schemaIDGUID:: Z4RtWxgadEGzUJzG57SsjQ==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ShadowAccount,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PosixGroup,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: PosixGroup
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.2
+mayContain: memberUid
+mayContain: gidNumber
+mayContain: description
+mayContain: unixUserPassword
+mayContain: userPassword
+mayContain: cn
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: posixGroup
+adminDescription: Abstraction of a group of acconts
+objectClassCategory: 3
+lDAPDisplayName: posixGroup
+schemaIDGUID:: uFCTKiwG0E6ZA93hDQbeug==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=PosixGroup,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpService,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: IpService
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.3
+mustContain: ipServiceProtocol
+mustContain: ipServicePort
+mustContain: cn
+mayContain: nisMapName
+mayContain: msSFU30Aliases
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipService
+adminDescription: Abstraction of an Internet Protocol service.
+objectClassCategory: 1
+lDAPDisplayName: ipService
+schemaIDGUID:: 3/oXJZf6rUid5nmsVyH4ZA==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=IpService,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpProtocol,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: IpProtocol
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.4
+mustContain: ipProtocolNumber
+mustContain: cn
+mayContain: msSFU30Aliases
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipProtocol
+adminDescription: Abstraction of an IP protocol
+objectClassCategory: 1
+lDAPDisplayName: ipProtocol
+schemaIDGUID:: 0sstnPD7x02s4INW3NDwEw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=IpProtocol,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OncRpc,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: OncRpc
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.5
+mustContain: oncRpcNumber
+mustContain: cn
+mayContain: msSFU30Aliases
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: oncRpc
+adminDescription: 
+ Abstraction of an Open Network Computing (ONC) [RFC1057] Remote Procedure Call
+  (RPC) binding
+objectClassCategory: 1
+lDAPDisplayName: oncRpc
+schemaIDGUID:: Xh7dyvz+P0+1qXDplCBDAw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=OncRpc,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpHost,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: IpHost
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.6
+mayContain: manager
+mayContain: l
+mayContain: uid
+mayContain: ipHostNumber
+mayContain: description
+mayContain: cn
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipHost
+adminDescription: Abstraction of a host, an IP device.
+objectClassCategory: 3
+lDAPDisplayName: ipHost
+schemaIDGUID:: RhaRqyeIlU+HgFqPAI62jw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=IpHost,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpNetwork,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: IpNetwork
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.7
+mustContain: ipNetworkNumber
+mustContain: cn
+mayContain: msSFU30Aliases
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: manager
+mayContain: l
+mayContain: uid
+mayContain: ipNetmaskNumber
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipNetwork
+adminDescription: 
+ Abstraction of a network. The distinguished value of the cn attribute denotes 
+ the network's cannonical name
+objectClassCategory: 1
+lDAPDisplayName: ipNetwork
+schemaIDGUID:: wzZY2T4U+0OZKrBX8eyt+Q==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=IpNetwork,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisNetgroup,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NisNetgroup
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.8
+mustContain: cn
+mayContain: msSFU30NetgroupUserAtDomain
+mayContain: msSFU30NetgroupHostAtDomain
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: nisNetgroupTriple
+mayContain: memberNisNetgroup
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: nisNetgroup
+adminDescription: Abstraction of a netgroup. May refer to other netgroups
+objectClassCategory: 1
+lDAPDisplayName: nisNetgroup
+schemaIDGUID:: hL/vcntuXEqo24p1p8rSVA==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NisNetgroup,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisMap,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NisMap
+possSuperiors: domainDNS
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.9
+mustContain: nisMapName
+mustContain: cn
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: nisMap
+adminDescription: A generic abstraction of a nis map
+objectClassCategory: 1
+lDAPDisplayName: nisMap
+schemaIDGUID:: bGZydsECM0+ez/ZJwd2bfA==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NisMap,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisObject,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NisObject
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.10
+mustContain: nisMapEntry
+mustContain: nisMapName
+mustContain: cn
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: nisObject
+adminDescription: An entry in a NIS map
+objectClassCategory: 1
+lDAPDisplayName: nisObject
+schemaIDGUID:: k4pPkFRJX0yx4VPAl6MeEw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NisObject,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IEEE802Device,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: IEEE802Device
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.11
+mayContain: macAddress
+mayContain: cn
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ieee802Device
+adminDescription: A device with a MAC address
+objectClassCategory: 3
+lDAPDisplayName: ieee802Device
+schemaIDGUID:: KeWZpjemfUug+13EZqC4pw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=IEEE802Device,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=BootableDevice,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: BootableDevice
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.12
+mayContain: bootFile
+mayContain: bootParameter
+mayContain: cn
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: bootableDevice
+adminDescription: A device with boot parameters
+objectClassCategory: 3
+lDAPDisplayName: bootableDevice
+schemaIDGUID:: dyTLS7NLRUWp/Ptm4Ta0NQ==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=BootableDevice,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Mail-Aliases,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: msSFU-30-Mail-Aliases
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.18.2.211
+mayContain: nisMapName
+mayContain: msSFU30Aliases
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Mail-Aliases
+adminDescription: represents UNIX mail file data
+objectClassCategory: 1
+lDAPDisplayName: msSFU30MailAliases
+schemaIDGUID:: hQdx1v+Gt0SFtfH4aJUizg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=msSFU-30-Mail-Aliases,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Net-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: msSFU-30-Net-Id
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.18.2.212
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: msSFU30KeyValues
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Net-Id
+adminDescription: stores the netword ID
+objectClassCategory: 1
+lDAPDisplayName: msSFU30NetId
+schemaIDGUID:: LBlj4gIq30iXkpTyMoeBoA==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=msSFU-30-Net-Id,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Domain-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: msSFU-30-Domain-Info
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.18.2.215
+mayContain: msSFU30CryptMethod
+mayContain: msSFU30MaxUidNumber
+mayContain: msSFU30MaxGidNumber
+mayContain: msSFU30OrderNumber
+mayContain: msSFU30MasterServerName
+mayContain: msSFU30IsValidContainer
+mayContain: msSFU30SearchContainer
+mayContain: msSFU30YpServers
+mayContain: msSFU30Domains
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Domain-Info
+adminDescription: 
+ Represents an internal data structure used by Server for NIS.
+objectClassCategory: 1
+lDAPDisplayName: msSFU30DomainInfo
+schemaIDGUID:: zn0pNmtlI0SrZdq7J3CBng==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=msSFU-30-Domain-Info,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Network-User,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: msSFU-30-Network-User
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.18.2.216
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: msSFU30KeyValues
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Network-User
+adminDescription: represents network file data
+objectClassCategory: 1
+lDAPDisplayName: msSFU30NetworkUser
+schemaIDGUID:: ozRT4fALJ0S2chH12ErMkg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=msSFU-30-Network-User,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-NIS-Map-Config,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: msSFU-30-NIS-Map-Config
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.18.2.217
+mayContain: msSFU30MapFilter
+mayContain: msSFU30ResultAttributes
+mayContain: msSFU30SearchAttributes
+mayContain: msSFU30IntraFieldSeparator
+mayContain: msSFU30NSMAPFieldPosition
+mayContain: msSFU30FieldSeparator
+mayContain: msSFU30KeyAttributes
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-NIS-Map-Config
+adminDescription: represents an internal Data Structure used by Server for NIS
+objectClassCategory: 1
+lDAPDisplayName: msSFU30NISMapConfig
+schemaIDGUID:: 0DP3+uv4z02NdfF1OvalCw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=msSFU-30-NIS-Map-Config,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-80211-GroupPolicy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-net-ieee-80211-GroupPolicy
+subClassOf: top
+governsID: 1.2.840.113556.1.5.251
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-80211-GroupPolicy
+adminDescription: 
+ This class represents an 802.11 wireless network group policy object.  This cl
+ ass contains identifiers and configuration data relevant to an 802.11 wireless
+  network.
+objectClassCategory: 1
+lDAPDisplayName: ms-net-ieee-80211-GroupPolicy
+schemaIDGUID:: Yxi4HCK4eUOeol/3vcY4bQ==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemPossSuperiors: container
+systemPossSuperiors: person
+systemMayContain: ms-net-ieee-80211-GP-PolicyReserved
+systemMayContain: ms-net-ieee-80211-GP-PolicyData
+systemMayContain: ms-net-ieee-80211-GP-PolicyGUID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-net-ieee-80211-GroupPolicy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-8023-GroupPolicy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-net-ieee-8023-GroupPolicy
+subClassOf: top
+governsID: 1.2.840.113556.1.5.252
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-8023-GroupPolicy
+adminDescription: 
+ This class represents an 802.3 wired network group policy object.  This class 
+ contains identifiers and configuration data relevant to an 802.3 wired network
+ .
+objectClassCategory: 1
+lDAPDisplayName: ms-net-ieee-8023-GroupPolicy
+schemaIDGUID:: ajqgmRmrRkSTUAy4eO0tmw==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemPossSuperiors: container
+systemPossSuperiors: person
+systemMayContain: ms-net-ieee-8023-GP-PolicyReserved
+systemMayContain: ms-net-ieee-8023-GP-PolicyData
+systemMayContain: ms-net-ieee-8023-GP-PolicyGUID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-net-ieee-8023-GroupPolicy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FVE-RecoveryInformation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-FVE-RecoveryInformation
+subClassOf: top
+governsID: 1.2.840.113556.1.5.253
+mayContain: msFVE-VolumeGuid
+mayContain: msFVE-KeyPackage
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FVE-RecoveryInformation
+adminDescription: 
+ This class contains BitLocker recovery information including GUIDs, recovery p
+ asswords, and keys. Full Volume Encryption (FVE) was the pre-release name for 
+ BitLocker Drive Encryption.
+objectClassCategory: 1
+lDAPDisplayName: msFVE-RecoveryInformation
+schemaIDGUID:: MF1x6lOP0EC9HmEJGG14LA==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemMustContain: msFVE-RecoveryGuid
+systemMustContain: msFVE-RecoveryPassword
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-FVE-RecoveryInformation,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Deleted-Link-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFS-Deleted-Link-v2
+subClassOf: top
+governsID: 1.2.840.113556.1.5.260
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Deleted-Link-v2
+adminDescription: Deleted DFS Link in DFS namespace
+objectClassCategory: 1
+lDAPDisplayName: msDFS-DeletedLinkv2
+schemaIDGUID:: CDQXJcoE6ECGXj+c6b8b0w==
+systemOnly: FALSE
+systemPossSuperiors: msDFS-Namespacev2
+systemMayContain: msDFS-ShortNameLinkPathv2
+systemMayContain: msDFS-Commentv2
+systemMustContain: msDFS-LinkPathv2
+systemMustContain: msDFS-LastModifiedv2
+systemMustContain: msDFS-LinkIdentityGUIDv2
+systemMustContain: msDFS-NamespaceIdentityGUIDv2
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFS-Deleted-Link-v2,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Link-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFS-Link-v2
+subClassOf: top
+governsID: 1.2.840.113556.1.5.259
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Link-v2
+adminDescription: DFS Link in DFS namespace
+objectClassCategory: 1
+lDAPDisplayName: msDFS-Linkv2
+schemaIDGUID:: evtpd1kRlk6czWi8SHBz6w==
+systemOnly: FALSE
+systemPossSuperiors: msDFS-Namespacev2
+systemMayContain: msDFS-ShortNameLinkPathv2
+systemMayContain: msDFS-LinkSecurityDescriptorv2
+systemMayContain: msDFS-Commentv2
+systemMustContain: msDFS-LinkPathv2
+systemMustContain: msDFS-Propertiesv2
+systemMustContain: msDFS-TargetListv2
+systemMustContain: msDFS-Ttlv2
+systemMustContain: msDFS-LastModifiedv2
+systemMustContain: msDFS-LinkIdentityGUIDv2
+systemMustContain: msDFS-NamespaceIdentityGUIDv2
+systemMustContain: msDFS-GenerationGUIDv2
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFS-Link-v2,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Namespace-Anchor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFS-Namespace-Anchor
+subClassOf: top
+governsID: 1.2.840.113556.1.5.257
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Namespace-Anchor
+adminDescription: DFS namespace anchor
+objectClassCategory: 1
+lDAPDisplayName: msDFS-NamespaceAnchor
+schemaIDGUID:: haBz2mRuYU2wZAFdBBZHlQ==
+systemOnly: FALSE
+systemPossSuperiors: dfsConfiguration
+systemMustContain: msDFS-SchemaMajorVersion
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFS-Namespace-Anchor,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Namespace-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFS-Namespace-v2
+subClassOf: top
+governsID: 1.2.840.113556.1.5.258
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Namespace-v2
+adminDescription: DFS namespace
+objectClassCategory: 1
+lDAPDisplayName: msDFS-Namespacev2
+schemaIDGUID:: KIbLIcPzv0u/9gYLLY8pmg==
+systemOnly: FALSE
+systemPossSuperiors: msDFS-NamespaceAnchor
+systemMayContain: msDFS-Commentv2
+systemMustContain: msDFS-Propertiesv2
+systemMustContain: msDFS-TargetListv2
+systemMustContain: msDFS-Ttlv2
+systemMustContain: msDFS-LastModifiedv2
+systemMustContain: msDFS-NamespaceIdentityGUIDv2
+systemMustContain: msDFS-GenerationGUIDv2
+systemMustContain: msDFS-SchemaMinorVersion
+systemMustContain: msDFS-SchemaMajorVersion
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFS-Namespace-v2,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Type-Property-Base,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Claim-Type-Property-Base
+subClassOf: top
+governsID: 1.2.840.113556.1.5.269
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Type-Property-Base
+adminDescription: 
+ An abstract class that defines the base class for claim type or resource prope
+ rty classes.
+objectClassCategory: 2
+lDAPDisplayName: msDS-ClaimTypePropertyBase
+schemaIDGUID:: WC9EuJDEh0SKndgLiDJxrQ==
+systemOnly: FALSE
+systemMayContain: msDS-ClaimSharesPossibleValuesWith
+systemMayContain: Enabled
+systemMayContain: msDS-ClaimPossibleValues
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Claim-Type-Property-Base,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Types,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Claim-Types
+subClassOf: top
+governsID: 1.2.840.113556.1.5.270
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Types
+adminDescription: A container of this class can contain claim type objects.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ClaimTypes
+schemaIDGUID:: NTIJNhXHIUirarVvsoBaWA==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Claim-Types,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Resource-Properties,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Resource-Properties
+subClassOf: top
+governsID: 1.2.840.113556.1.5.271
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Resource-Properties
+adminDescription: A container of this class can contain resource properties.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ResourceProperties
+schemaIDGUID:: hEVKelCzj0es1rS4UtgswA==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Resource-Properties,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Claim-Type
+subClassOf: msDS-ClaimTypePropertyBase
+governsID: 1.2.840.113556.1.5.272
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Type
+adminDescription: 
+ An instance of this class holds the definition of a claim type that can be def
+ ined on security principals.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ClaimType
+schemaIDGUID:: fIWjgWlUj02q5sJ2mXYmBA==
+systemOnly: FALSE
+systemPossSuperiors: msDS-ClaimTypes
+systemMayContain: msDS-ClaimIsSingleValued
+systemMayContain: msDS-ClaimIsValueSpaceRestricted
+systemMayContain: msDS-ClaimValueType
+systemMayContain: msDS-ClaimSourceType
+systemMayContain: msDS-ClaimSource
+systemMayContain: msDS-ClaimTypeAppliesToClass
+systemMayContain: msDS-ClaimAttributeSource
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Claim-Type,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Resource-Property,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Resource-Property
+subClassOf: msDS-ClaimTypePropertyBase
+governsID: 1.2.840.113556.1.5.273
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Resource-Property
+adminDescription: 
+ An instance of this class holds the definition of a property on resources.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ResourceProperty
+schemaIDGUID:: Xj0oWwSElUGTOYRQGIxQGg==
+systemOnly: FALSE
+systemPossSuperiors: msDS-ResourceProperties
+systemMayContain: msDS-AppliesToResourceTypes
+systemMayContain: msDS-IsUsedAsResourceSecurityAttribute
+systemMustContain: msDS-ValueTypeReference
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Resource-Property,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Resource-Property-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Resource-Property-List
+subClassOf: top
+governsID: 1.2.840.113556.1.5.274
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Resource-Property-List
+adminDescription: 
+ An object of this class contains a list of resource properties.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ResourcePropertyList
+schemaIDGUID:: etTjckKzRU2PVrr/gDyr+Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msDS-MembersOfResourcePropertyList
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Resource-Property-List,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Activation-Objects-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-SPP-Activation-Objects-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.266
+rDNAttID: cn
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-SPP-Activation-Objects-Container
+adminDescription: 
+ Container for Activation Objects used by Active Directory based activation
+objectClassCategory: 1
+lDAPDisplayName: msSPP-ActivationObjectsContainer
+schemaIDGUID:: K4YvtyW7XU2qUWLFm9+Qrg==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ O:BAG:BAD: (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-SPP-Activation-Objects-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Activation-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-SPP-Activation-Object
+subClassOf: top
+governsID: 1.2.840.113556.1.5.267
+rDNAttID: cn
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-SPP-Activation-Object
+adminDescription: Activation Object used in Active Directory based activation
+objectClassCategory: 1
+lDAPDisplayName: msSPP-ActivationObject
+schemaIDGUID:: jOagUcUNykOTXcHJEb8u5Q==
+systemOnly: FALSE
+systemPossSuperiors: msSPP-ActivationObjectsContainer
+systemMayContain: msSPP-IssuanceLicense
+systemMayContain: msSPP-ConfigLicense
+systemMayContain: msSPP-PhoneLicense
+systemMayContain: msSPP-OnlineLicense
+systemMayContain: msSPP-ConfirmationId
+systemMayContain: msSPP-InstallationId
+systemMustContain: msSPP-KMSIds
+systemMustContain: msSPP-CSVLKSkuId
+systemMustContain: msSPP-CSVLKPartialProductKey
+systemMustContain: msSPP-CSVLKPid
+defaultSecurityDescriptor: 
+ O:BAG:BAD: (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-SPP-Activation-Object,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TPM-Information-Objects-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-TPM-Information-Objects-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.276
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: TPM-InformationObjectsContainer
+adminDescription: Container for TPM objects.
+objectClassCategory: 1
+lDAPDisplayName: msTPM-InformationObjectsContainer
+schemaIDGUID:: vagn4FZk3kWQozhZOHfudA==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: domain
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ LOLCCCRP;;;DC)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-TPM-Information-Objects-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TPM-Information-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-TPM-Information-Object
+subClassOf: top
+governsID: 1.2.840.113556.1.5.275
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: TPM-InformationObject
+adminDescription: 
+ This class contains recovery information for a Trusted Platform Module (TPM) d
+ evice.
+objectClassCategory: 1
+lDAPDisplayName: msTPM-InformationObject
+schemaIDGUID:: alsEhaZHQ0KnzGiQcB9mLA==
+systemOnly: FALSE
+systemPossSuperiors: msTPM-InformationObjectsContainer
+systemMayContain: msTPM-OwnerInformationTemp
+systemMayContain: msTPM-SrkPubThumbprint
+systemMustContain: msTPM-OwnerInformation
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLO;;;DC)(A;;WP;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-TPM-Information-Object,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Server-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DNS-Server-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.4.2129
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Server-Settings
+adminDescription: A container for storing DNS server settings.
+objectClassCategory: 1
+lDAPDisplayName: msDNS-ServerSettings
+schemaIDGUID:: 7cMv7xhuW0GZ5DEUqMsSSw==
+systemOnly: FALSE
+systemPossSuperiors: server
+systemMayContain: msDNS-KeymasterZones
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DNS-Server-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Central-Access-Policies,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Authz-Central-Access-Policies
+subClassOf: top
+governsID: 1.2.840.113556.1.4.2161
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Central-Access-Policies
+adminDescription: 
+ A container of this class can contain Central Access Policy objects.
+objectClassCategory: 1
+lDAPDisplayName: msAuthz-CentralAccessPolicies
+schemaIDGUID:: wyFcVTahWkWTl3lrvTWOJQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Authz-Central-Access-Policies,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Central-Access-Rules,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Authz-Central-Access-Rules
+subClassOf: top
+governsID: 1.2.840.113556.1.4.2162
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Central-Access-Rules
+adminDescription: 
+ A container of this class can contain Central Access Policy Entry objects.
+objectClassCategory: 1
+lDAPDisplayName: msAuthz-CentralAccessRules
+schemaIDGUID:: ehu7mW1gi0+ADuFb5VTKjQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Authz-Central-Access-Rules,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Central-Access-Rule,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Authz-Central-Access-Rule
+subClassOf: top
+governsID: 1.2.840.113556.1.4.2163
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Central-Access-Rule
+adminDescription: 
+ A class that defines Central Access Rules used to construct a central access p
+ olicy.
+objectClassCategory: 1
+lDAPDisplayName: msAuthz-CentralAccessRule
+schemaIDGUID:: 3AZKWxwl206IEwvdcTJyJg==
+systemOnly: FALSE
+systemPossSuperiors: msAuthz-CentralAccessRules
+systemMayContain: msAuthz-MemberRulesInCentralAccessPolicyBL
+systemMayContain: msAuthz-ResourceCondition
+systemMayContain: msAuthz-LastEffectiveSecurityPolicy
+systemMayContain: msAuthz-ProposedSecurityPolicy
+systemMayContain: msAuthz-EffectiveSecurityPolicy
+systemMayContain: Enabled
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Authz-Central-Access-Rule,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Central-Access-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Authz-Central-Access-Policy
+subClassOf: top
+governsID: 1.2.840.113556.1.4.2164
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Central-Access-Policy
+adminDescription: A class that defines Central Access Policy objects.
+objectClassCategory: 1
+lDAPDisplayName: msAuthz-CentralAccessPolicy
+schemaIDGUID:: sJxnpZ1vLEOLdR4+g08Cqg==
+systemOnly: FALSE
+systemPossSuperiors: msAuthz-CentralAccessPolicies
+systemMayContain: msAuthz-MemberRulesInCentralAccessPolicy
+systemMayContain: msAuthz-CentralAccessPolicyID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Authz-Central-Access-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-Prov-ServerConfiguration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Kds-Prov-ServerConfiguration
+subClassOf: top
+governsID: 1.2.840.113556.1.5.277
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-Prov-ServerConfiguration
+adminDescription: Configuration for the Group Key Distribution Service.
+objectClassCategory: 1
+lDAPDisplayName: msKds-ProvServerConfiguration
+schemaIDGUID:: qEPyXiUqpkWLcwinGuZ3zg==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msKds-PrivateKeyLength
+systemMayContain: msKds-PublicKeyLength
+systemMayContain: msKds-SecretAgreementParam
+systemMayContain: msKds-SecretAgreementAlgorithmID
+systemMayContain: msKds-KDFParam
+systemMayContain: msKds-KDFAlgorithmID
+systemMustContain: msKds-Version
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Kds-Prov-ServerConfiguration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-Prov-RootKey,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Kds-Prov-RootKey
+subClassOf: top
+governsID: 1.2.840.113556.1.5.278
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-Prov-RootKey
+adminDescription: Root keys for the Group Key Distribution Service.
+objectClassCategory: 1
+lDAPDisplayName: msKds-ProvRootKey
+schemaIDGUID:: Qf0CquAXGE+Gh7Ijlklzaw==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msKds-SecretAgreementParam
+systemMayContain: msKds-KDFParam
+systemMustContain: msKds-CreateTime
+systemMustContain: msKds-RootKeyData
+systemMustContain: msKds-PrivateKeyLength
+systemMustContain: msKds-PublicKeyLength
+systemMustContain: msKds-SecretAgreementAlgorithmID
+systemMustContain: msKds-KDFAlgorithmID
+systemMustContain: msKds-UseStartTime
+systemMustContain: msKds-DomainID
+systemMustContain: msKds-Version
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Kds-Prov-RootKey,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Group-Managed-Service-Account,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Group-Managed-Service-Account
+subClassOf: computer
+governsID: 1.2.840.113556.1.5.282
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-Group-Managed-Service-Account
+adminDescription: 
+ The group managed service account class is used to create an account which can
+  be shared by different computers to run Windows services.
+objectClassCategory: 1
+lDAPDisplayName: msDS-GroupManagedServiceAccount
+schemaIDGUID:: ilWLe6WT90qtysAX5n8QVw==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemPossSuperiors: container
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: msDS-GroupMSAMembership
+systemMayContain: msDS-ManagedPasswordPreviousId
+systemMayContain: msDS-ManagedPasswordId
+systemMayContain: msDS-ManagedPassword
+systemMustContain: msDS-ManagedPasswordInterval
+defaultSecurityDescriptor: 
+ D:(OD;;CR;00299570-246d-11d0-a768-00aa006e0529;;WD)(A;;RPWPCRCCDCLCLORCWOWDSDD
+ TSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;
+ SY)(A;;RPCRLCLORCSDDT;;;CO)(OA;;WP;4c164200-20c0-11d0-a768-00aa006e0529;;CO)(O
+ A;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO)(OA;;SW;f3a64788-5306-11d1-a9c5
+ -0000f80367c1;;CO)(OA;;WP;3e0abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-1
+ 1d0-a285-00aa003049e2;CO)(OA;;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86
+ -0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967950-0de6-11d0-a285-00aa003049e2;b
+ f967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967953-0de6-11d0-a285-00aa003
+ 049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-
+ 0000f80367c1;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;SW;72
+ e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)(A;;RPLCLORC;;;AU)(OA;;RPWP;bf967a7f-0d
+ e6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-
+ 1-5-32-560)(OA;;RP;e362ed86-b728-0842-b27d-2dea7a9df218;;WD)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Group-Managed-Service-Account,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Value-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Value-Type
+subClassOf: top
+governsID: 1.2.840.113556.1.5.279
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Value-Type
+adminDescription: 
+ An value type object holds value type information for a resource property.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ValueType
+schemaIDGUID:: 33/C4x2wTk+H5wVu7w65Ig==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMustContain: msDS-IsPossibleValuesPresent
+systemMustContain: msDS-ClaimIsSingleValued
+systemMustContain: msDS-ClaimIsValueSpaceRestricted
+systemMustContain: msDS-ClaimValueType
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Value-Type,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claims-Transformation-Policy-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Claims-Transformation-Policy-Type
+subClassOf: top
+governsID: 1.2.840.113556.1.5.280
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claims-Transformation-Policy-Type
+adminDescription: 
+ An object of this class holds the one set of Claims Transformation Policy for 
+ Cross-Forest Claims Transformation.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ClaimsTransformationPolicyType
+schemaIDGUID:: s2LrLnMTRf6BATh/Fnbtxw==
+systemOnly: FALSE
+systemPossSuperiors: msDS-ClaimsTransformationPolicies
+systemMayContain: msDS-TransformationRulesCompiled
+systemMayContain: msDS-TransformationRules
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Claims-Transformation-Policy-Type,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claims-Transformation-Policies,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Claims-Transformation-Policies
+subClassOf: top
+governsID: 1.2.840.113556.1.5.281
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claims-Transformation-Policies
+adminDescription: 
+ An object of this class holds the one set of Claims Transformation Policy for 
+ Cross-Forest Claims Transformation.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ClaimsTransformationPolicies
+schemaIDGUID:: san8yIh9T7uCekSJJ3EHYg==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Claims-Transformation-Policies,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Cloud-Extensions,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Cloud-Extensions
+subClassOf: top
+governsID: 1.2.840.113556.1.5.283
+mayContain: msDS-cloudExtensionAttribute20
+mayContain: msDS-cloudExtensionAttribute19
+mayContain: msDS-cloudExtensionAttribute18
+mayContain: msDS-cloudExtensionAttribute17
+mayContain: msDS-cloudExtensionAttribute16
+mayContain: msDS-cloudExtensionAttribute15
+mayContain: msDS-cloudExtensionAttribute14
+mayContain: msDS-cloudExtensionAttribute13
+mayContain: msDS-cloudExtensionAttribute12
+mayContain: msDS-cloudExtensionAttribute11
+mayContain: msDS-cloudExtensionAttribute10
+mayContain: msDS-cloudExtensionAttribute9
+mayContain: msDS-cloudExtensionAttribute8
+mayContain: msDS-cloudExtensionAttribute7
+mayContain: msDS-cloudExtensionAttribute6
+mayContain: msDS-cloudExtensionAttribute5
+mayContain: msDS-cloudExtensionAttribute4
+mayContain: msDS-cloudExtensionAttribute3
+mayContain: msDS-cloudExtensionAttribute2
+mayContain: msDS-cloudExtensionAttribute1
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Cloud-Extensions
+adminDescription: 
+ A collection of attributes used to house arbitrary cloud-relevant strings.
+objectClassCategory: 3
+lDAPDisplayName: msDS-CloudExtensions
+schemaIDGUID:: pIceZCaDcUe6LccG3zXjWg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Cloud-Extensions,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-Registration-Service-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Device-Registration-Service-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.287
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-Registration-Service-Container
+adminDescription: 
+ A class for the container used to house all enrollment services used for devic
+ e registrations.
+objectClassCategory: 1
+lDAPDisplayName: msDS-DeviceRegistrationServiceContainer
+schemaIDGUID:: zlULMc09kkOpbcnjU5fCTw==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWO
+ WDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Device-Registration-Service-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-Registration-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Device-Registration-Service
+subClassOf: top
+governsID: 1.2.840.113556.1.5.284
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-Registration-Service
+adminDescription: 
+ An object of this class holds the registration service configuration used for 
+ devices.
+objectClassCategory: 1
+lDAPDisplayName: msDS-DeviceRegistrationService
+schemaIDGUID:: Gjq8ltLj00mvEXsN951n9Q==
+systemOnly: FALSE
+systemPossSuperiors: msDS-DeviceRegistrationServiceContainer
+systemMayContain: msDS-CloudIsEnabled
+systemMayContain: msDS-CloudIssuerPublicCertificates
+systemMayContain: msDS-IssuerPublicCertificates
+systemMayContain: msDS-MaximumRegistrationInactivityPeriod
+systemMayContain: msDS-RegistrationQuota
+systemMayContain: msDS-IssuerCertificates
+systemMustContain: msDS-DeviceLocation
+systemMustContain: msDS-IsEnabled
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWO
+ WDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Device-Registration-Service,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Device-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.289
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-Container
+adminDescription: A class for the container used to hold device objects.
+objectClassCategory: 1
+lDAPDisplayName: msDS-DeviceContainer
+schemaIDGUID:: WIyefBuQqE627E656fwOEQ==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWO
+ WDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Device-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Device
+subClassOf: top
+governsID: 1.2.840.113556.1.5.286
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device
+adminDescription: An object of this type represents a registered device.
+objectClassCategory: 1
+lDAPDisplayName: msDS-Device
+schemaIDGUID:: c7byXUFtdEez6NUujun/mQ==
+systemOnly: FALSE
+systemPossSuperiors: msDS-DeviceContainer
+systemMayContain: msDS-KeyCredentialLink
+systemMayContain: msDS-ComputerSID
+systemMayContain: msDS-DeviceTrustType
+systemMayContain: msDS-IsCompliant
+systemMayContain: msDS-DeviceMDMStatus
+systemMayContain: msDS-CloudAnchor
+systemMayContain: msDS-CloudIsManaged
+systemMayContain: msDS-IsManaged
+systemMayContain: msDS-DeviceObjectVersion
+systemMayContain: msDS-RegisteredOwner
+systemMayContain: msDS-RegisteredUsers
+systemMayContain: msDS-DevicePhysicalIDs
+systemMayContain: msDS-DeviceOSVersion
+systemMayContain: msDS-DeviceOSType
+systemMayContain: msDS-ApproximateLastLogonTimeStamp
+systemMustContain: msDS-DeviceID
+systemMustContain: msDS-IsEnabled
+systemMustContain: altSecurityIdentities
+systemMustContain: displayName
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWO
+ WDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Device,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthN-Policy-Silos,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-AuthN-Policy-Silos
+subClassOf: top
+governsID: 1.2.840.113556.1.5.291
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication Policy Silos
+adminDescription: 
+ A container of this class can contain authentication policy silo objects.
+objectClassCategory: 1
+lDAPDisplayName: msDS-AuthNPolicySilos
+schemaIDGUID:: Ckex0oSPHkmnUrQB7gD+XA==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-AuthN-Policy-Silos,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthN-Policies,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-AuthN-Policies
+subClassOf: top
+governsID: 1.2.840.113556.1.5.293
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication Policies
+adminDescription: 
+ A container of this class can contain authentication policy objects.
+objectClassCategory: 1
+lDAPDisplayName: msDS-AuthNPolicies
+schemaIDGUID:: Xd+aOpd7fk+rtOW1XBwGtA==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-AuthN-Policies,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthN-Policy-Silo,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-AuthN-Policy-Silo
+subClassOf: top
+governsID: 1.2.840.113556.1.5.292
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication Policy Silo
+adminDescription: 
+ An instance of this class defines authentication policies and related behavior
+ s for assigned users, computers, and services.
+objectClassCategory: 1
+lDAPDisplayName: msDS-AuthNPolicySilo
+schemaIDGUID:: Hkbw+X1piUaSmTfmHWF7DQ==
+systemOnly: FALSE
+systemPossSuperiors: msDS-AuthNPolicySilos
+systemMayContain: msDS-AuthNPolicySiloEnforced
+systemMayContain: msDS-AssignedAuthNPolicySiloBL
+systemMayContain: msDS-ServiceAuthNPolicy
+systemMayContain: msDS-ComputerAuthNPolicy
+systemMayContain: msDS-UserAuthNPolicy
+systemMayContain: msDS-AuthNPolicySiloMembers
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-AuthN-Policy-Silo,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthN-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-AuthN-Policy
+subClassOf: top
+governsID: 1.2.840.113556.1.5.294
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication Policy
+adminDescription: 
+ An instance of this class defines authentication policy behaviors for assigned
+  principals.
+objectClassCategory: 1
+lDAPDisplayName: msDS-AuthNPolicy
+schemaIDGUID:: VhFqq8dN9UCRgI5M5C/lzQ==
+systemOnly: FALSE
+systemPossSuperiors: msDS-AuthNPolicies
+systemMayContain: msDS-StrongNTLMPolicy
+systemMayContain: msDS-ServiceAllowedNTLMNetworkAuthentication
+systemMayContain: msDS-UserAllowedNTLMNetworkAuthentication
+systemMayContain: msDS-AuthNPolicyEnforced
+systemMayContain: msDS-AssignedAuthNPolicyBL
+systemMayContain: msDS-ServiceAuthNPolicyBL
+systemMayContain: msDS-ComputerAuthNPolicyBL
+systemMayContain: msDS-UserAuthNPolicyBL
+systemMayContain: msDS-ServiceTGTLifetime
+systemMayContain: msDS-ServiceAllowedToAuthenticateFrom
+systemMayContain: msDS-ServiceAllowedToAuthenticateTo
+systemMayContain: msDS-ComputerTGTLifetime
+systemMayContain: msDS-ComputerAllowedToAuthenticateTo
+systemMayContain: msDS-UserTGTLifetime
+systemMayContain: msDS-UserAllowedToAuthenticateFrom
+systemMayContain: msDS-UserAllowedToAuthenticateTo
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-AuthN-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Key-Credential,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Key-Credential
+subClassOf: top
+governsID: 1.2.840.113556.1.5.297
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-KeyCredential
+adminDescription: An instance of this class contains key material.
+objectClassCategory: 1
+lDAPDisplayName: msDS-KeyCredential
+schemaIDGUID:: Q1Uf7i58akeLP+EfSvbEmA==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msDS-DeviceID
+systemMayContain: msDS-KeyApproximateLastLogonTimeStamp
+systemMayContain: msDS-CustomKeyInformation
+systemMayContain: msDS-ComputerSID
+systemMayContain: msDS-DeviceDN
+systemMayContain: msDS-KeyPrincipal
+systemMayContain: msDS-KeyUsage
+systemMayContain: msDS-KeyMaterial
+systemMustContain: msDS-KeyId
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Key-Credential,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Shadow-Principal-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Shadow-Principal-Container
+subClassOf: container
+governsID: 1.2.840.113556.1.5.298
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Shadow-Principal-Container
+adminDescription: Dedicated container for msDS-ShadowPrincipal objects.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ShadowPrincipalContainer
+schemaIDGUID:: RVX5ERLXUEy4R9J4FTfGMw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Shadow-Principal-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Shadow-Principal,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Shadow-Principal
+subClassOf: top
+governsID: 1.2.840.113556.1.5.299
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Shadow-Principal
+adminDescription: Represents a principal from an external forest.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ShadowPrincipal
+schemaIDGUID:: s0wPd0MWnEa3Zu3XeqdeFA==
+systemOnly: FALSE
+systemPossSuperiors: msDS-ShadowPrincipalContainer
+systemMayContain: member
+systemMustContain: msDS-ShadowPrincipalSid
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Shadow-Principal,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Zone-Scope-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Dns-Zone-Scope-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.300
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Zone-Scope-Container
+adminDescription: Container for Dns Zone Scope objects.
+objectClassCategory: 1
+lDAPDisplayName: dnsZoneScopeContainer
+schemaIDGUID:: k5Bp8lryIEKd6wPfTMSpxQ==
+systemOnly: FALSE
+systemPossSuperiors: dnsZone
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;ED)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;CC;;;AU)(A;;RPLCLORC;;;WD)(A;;RPWPCRCCDCLC
+ LORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Dns-Zone-Scope-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Zone-Scope,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Dns-Zone-Scope
+subClassOf: top
+governsID: 1.2.840.113556.1.5.301
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Zone-Scope
+adminDescription: 
+ A zonescope of a zone is another copy of the zone contained in the zone with d
+ ifferent set of resource records.
+objectClassCategory: 1
+lDAPDisplayName: dnsZoneScope
+schemaIDGUID:: YYpvaT8tzkCks+J138xJxQ==
+systemOnly: FALSE
+systemPossSuperiors: dnsZoneScopeContainer
+systemMayContain: managedBy
+systemMayContain: dNSProperty
+systemMustContain: dc
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;ED)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;CC;;;AU)(A;;RPLCLORC;;;WD)(A;;RPWPCRCCDCLC
+ LORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Dns-Zone-Scope,CN=Schema,CN=Configuration,DC=X
+
diff --git a/source4/setup/ad-schema/AD_DS_Classes__Windows_Server_v1803.ldf b/source4/setup/ad-schema/AD_DS_Classes__Windows_Server_v1803.ldf
new file mode 100644
index 0000000..b761cc7
--- /dev/null
+++ b/source4/setup/ad-schema/AD_DS_Classes__Windows_Server_v1803.ldf
@@ -0,0 +1,9036 @@
+# Intellectual Property Rights Notice for Open Specifications Documentation
+# - Technical Documentation. Microsoft publishes Open Specifications documentation (“this documentation”) for protocols, file formats, data portability, computer languages, and standards support. Additionally, overview documents cover inter-protocol relationships and interactions.
+# - Copyrights. This documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you can make copies of it in order to develop implementations of the technologies that are described in this documentation and can distribute portions of it in your implementations that use these technologies or in your documentation as necessary to properly document the implementation. You can also distribute in your implementation, with or without modification, any schemas, IDLs, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the Open Specifications documentation.
+# - No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation.
+# - Patents. Microsoft has patents that might cover your implementations of the technologies described in the Open Specifications documentation. Neither this notice nor Microsoft's delivery of this documentation grants any licenses under those patents or any other Microsoft patents. However, a given Open Specifications document might be covered by the Microsoft Open Specifications Promise (available here: https://msdn.microsoft.com/en-US/openspecifications/dn646765) or the Microsoft Community Promise (available here: https://msdn.microsoft.com/en-US/openspecifications/dn646766). If you would prefer a written license, or if the technologies described in this documentation are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting iplg@microsoft.com.
+# - License Programs. To see all of the protocols in scope under a specific license program and the associated patents, visit the Patent Map (available here: https://msdn.microsoft.com/en-us/openspecifications/dn750984).
+# - Trademarks. The names of companies and products contained in this documentation might be covered by trademarks or similar intellectual property rights. This notice does not grant any licenses under those rights. For a list of Microsoft trademarks, visit www.microsoft.com/trademarks.
+# - Fictitious Names. The example companies, organizations, products, domain names, email addresses, logos, people, places, and events that are depicted in this documentation are fictitious. No association with any real company, organization, product, domain name, email address, logo, person, place, or event is intended or should be inferred.
+# Reservation of Rights. All other rights are reserved, and this notice does not grant any rights other than as specifically described above, whether by implication, estoppel, or otherwise.
+# Tools. The Open Specifications documentation does not require the use of Microsoft programming tools or programming environments in order for you to develop an implementation. If you have access to Microsoft programming tools and environments, you are free to take advantage of them. Certain Open Specifications documents are intended for use in conjunction with publicly available standards specifications and network programming art and, as such, assume that the reader either is familiar with the aforementioned material or has immediate access to it.
+# Support. For questions and support, please contact dochelp@microsoft.com.
+
+# The following class schema definitions were generated from the Windows Server v1803 version of Active Directory Domain Services (AD DS).   
+
+dn: CN=Organization,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Organization
+subClassOf: top
+governsID: 2.5.6.4
+rDNAttID: o
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Organization
+adminDescription: Organization
+objectClassCategory: 1
+lDAPDisplayName: organization
+schemaIDGUID:: o3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: locality
+systemPossSuperiors: country
+systemPossSuperiors: domainDNS
+systemMayContain: x121Address
+systemMayContain: userPassword
+systemMayContain: telexNumber
+systemMayContain: teletexTerminalIdentifier
+systemMayContain: telephoneNumber
+systemMayContain: street
+systemMayContain: st
+systemMayContain: seeAlso
+systemMayContain: searchGuide
+systemMayContain: registeredAddress
+systemMayContain: preferredDeliveryMethod
+systemMayContain: postalCode
+systemMayContain: postalAddress
+systemMayContain: postOfficeBox
+systemMayContain: physicalDeliveryOfficeName
+systemMayContain: l
+systemMayContain: internationalISDNNumber
+systemMayContain: facsimileTelephoneNumber
+systemMayContain: destinationIndicator
+systemMayContain: businessCategory
+systemMustContain: o
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Organization,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTDS-DSA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTDS-DSA
+subClassOf: applicationSettings
+governsID: 1.2.840.113556.1.5.7000.47
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTDS-DSA
+adminDescription: NTDS-DSA
+objectClassCategory: 1
+lDAPDisplayName: nTDSDSA
+schemaIDGUID:: q//48JER0BGgYACqAGwz7Q==
+systemOnly: TRUE
+systemPossSuperiors: organization
+systemPossSuperiors: server
+systemMayContain: msDS-EnabledFeature
+systemMayContain: msDS-IsUserCachableAtRodc
+systemMayContain: msDS-SiteName
+systemMayContain: msDS-isRODC
+systemMayContain: msDS-isGC
+systemMayContain: msDS-RevealedUsers
+systemMayContain: msDS-RevealOnDemandGroup
+systemMayContain: msDS-NeverRevealGroup
+systemMayContain: msDS-hasFullReplicaNCs
+systemMayContain: serverReference
+systemMayContain: msDS-RetiredReplNCSignatures
+systemMayContain: retiredReplDSASignatures
+systemMayContain: queryPolicyObject
+systemMayContain: options
+systemMayContain: networkAddress
+systemMayContain: msDS-ReplicationEpoch
+systemMayContain: msDS-HasInstantiatedNCs
+systemMayContain: msDS-hasMasterNCs
+systemMayContain: msDS-HasDomainNCs
+systemMayContain: msDS-Behavior-Version
+systemMayContain: managedBy
+systemMayContain: lastBackupRestorationTime
+systemMayContain: invocationId
+systemMayContain: hasPartialReplicaNCs
+systemMayContain: hasMasterNCs
+systemMayContain: fRSRootPath
+systemMayContain: dMDLocation
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTDS-DSA,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DMD,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: DMD
+subClassOf: top
+governsID: 1.2.840.113556.1.3.9
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DMD
+adminDescription: DMD
+objectClassCategory: 1
+lDAPDisplayName: dMD
+schemaIDGUID:: j3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemPossSuperiors: configuration
+systemMayContain: msDS-USNLastSyncSuccess
+systemMayContain: schemaUpdate
+systemMayContain: schemaInfo
+systemMayContain: prefixMap
+systemMayContain: msDs-Schema-Extensions
+systemMayContain: msDS-IntId
+systemMayContain: dmdName
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=DMD,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SubSchema,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: SubSchema
+subClassOf: top
+governsID: 2.5.20.1
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SubSchema
+adminDescription: SubSchema
+objectClassCategory: 1
+lDAPDisplayName: subSchema
+schemaIDGUID:: YTKLWo3D0RG7yQCAx2ZwwA==
+systemOnly: TRUE
+systemPossSuperiors: dMD
+systemMayContain: objectClasses
+systemMayContain: modifyTimeStamp
+systemMayContain: extendedClassInfo
+systemMayContain: extendedAttributeInfo
+systemMayContain: dITContentRules
+systemMayContain: attributeTypes
+defaultSecurityDescriptor: D:S:
+systemFlags: 134217744
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=SubSchema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Attribute-Schema
+subClassOf: top
+governsID: 1.2.840.113556.1.3.14
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Attribute-Schema
+adminDescription: Attribute-Schema
+objectClassCategory: 1
+lDAPDisplayName: attributeSchema
+schemaIDGUID:: gHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: dMD
+systemMayContain: systemOnly
+systemMayContain: searchFlags
+systemMayContain: schemaFlagsEx
+systemMayContain: rangeUpper
+systemMayContain: rangeLower
+systemMayContain: oMObjectClass
+systemMayContain: msDs-Schema-Extensions
+systemMayContain: msDS-IntId
+systemMayContain: mAPIID
+systemMayContain: linkID
+systemMayContain: isMemberOfPartialAttributeSet
+systemMayContain: isEphemeral
+systemMayContain: isDefunct
+systemMayContain: extendedCharsAllowed
+systemMayContain: classDisplayName
+systemMayContain: attributeSecurityGUID
+systemMustContain: schemaIDGUID
+systemMustContain: oMSyntax
+systemMustContain: lDAPDisplayName
+systemMustContain: isSingleValued
+systemMustContain: cn
+systemMustContain: attributeSyntax
+systemMustContain: attributeID
+defaultSecurityDescriptor: D:S:
+systemFlags: 134217744
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=account,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: account
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 0.9.2342.19200300.100.4.5
+mayContain: uid
+mayContain: host
+mayContain: ou
+mayContain: o
+mayContain: l
+mayContain: seeAlso
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: account
+adminDescription: 
+ The account object class is used to define entries representing computer accou
+ nts.
+objectClassCategory: 1
+lDAPDisplayName: account
+schemaIDGUID:: aqQoJq2m4Eq4VCsS2f5vng==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=account,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Class-Schema
+subClassOf: top
+governsID: 1.2.840.113556.1.3.13
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Class-Schema
+adminDescription: Class-Schema
+objectClassCategory: 1
+lDAPDisplayName: classSchema
+schemaIDGUID:: g3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: dMD
+systemMayContain: systemPossSuperiors
+systemMayContain: systemOnly
+systemMayContain: systemMustContain
+systemMayContain: systemMayContain
+systemMayContain: systemAuxiliaryClass
+systemMayContain: schemaFlagsEx
+systemMayContain: rDNAttID
+systemMayContain: possSuperiors
+systemMayContain: mustContain
+systemMayContain: msDs-Schema-Extensions
+systemMayContain: msDS-IntId
+systemMayContain: mayContain
+systemMayContain: lDAPDisplayName
+systemMayContain: isDefunct
+systemMayContain: defaultSecurityDescriptor
+systemMayContain: defaultHidingValue
+systemMayContain: classDisplayName
+systemMayContain: auxiliaryClass
+systemMustContain: subClassOf
+systemMustContain: schemaIDGUID
+systemMustContain: objectClassCategory
+systemMustContain: governsID
+systemMustContain: defaultObjectCategory
+systemMustContain: cn
+defaultSecurityDescriptor: D:S:
+systemFlags: 134217744
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ACS-Policy
+subClassOf: top
+governsID: 1.2.840.113556.1.5.137
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Policy
+adminDescription: ACS-Policy
+objectClassCategory: 1
+lDAPDisplayName: aCSPolicy
+schemaIDGUID:: iBJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: aCSTotalNoOfFlows
+systemMayContain: aCSTimeOfDay
+systemMayContain: aCSServiceType
+systemMayContain: aCSPriority
+systemMayContain: aCSPermissionBits
+systemMayContain: aCSMinimumDelayVariation
+systemMayContain: aCSMinimumLatency
+systemMayContain: aCSMaximumSDUSize
+systemMayContain: aCSMinimumPolicedSize
+systemMayContain: aCSMaxTokenRatePerFlow
+systemMayContain: aCSMaxTokenBucketPerFlow
+systemMayContain: aCSMaxPeakBandwidthPerFlow
+systemMayContain: aCSMaxDurationPerFlow
+systemMayContain: aCSMaxAggregatePeakRatePerUser
+systemMayContain: aCSIdentityName
+systemMayContain: aCSDirection
+systemMayContain: aCSAggregateTokenRatePerUser
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ACS-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Resource-Limits,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ACS-Resource-Limits
+subClassOf: top
+governsID: 1.2.840.113556.1.5.191
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Resource-Limits
+adminDescription: ACS-Resource-Limits
+objectClassCategory: 1
+lDAPDisplayName: aCSResourceLimits
+schemaIDGUID:: BJuJLjQo0xGR1AAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: aCSMaxTokenRatePerFlow
+systemMayContain: aCSServiceType
+systemMayContain: aCSMaxPeakBandwidthPerFlow
+systemMayContain: aCSMaxPeakBandwidth
+systemMayContain: aCSAllocableRSVPBandwidth
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ACS-Resource-Limits,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Subnet,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ACS-Subnet
+subClassOf: top
+governsID: 1.2.840.113556.1.5.138
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Subnet
+adminDescription: ACS-Subnet
+objectClassCategory: 1
+lDAPDisplayName: aCSSubnet
+schemaIDGUID:: iRJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: aCSServerList
+systemMayContain: aCSRSVPLogFilesLocation
+systemMayContain: aCSRSVPAccountFilesLocation
+systemMayContain: aCSNonReservedTxSize
+systemMayContain: aCSNonReservedTxLimit
+systemMayContain: aCSNonReservedTokenSize
+systemMayContain: aCSNonReservedPeakRate
+systemMayContain: aCSNonReservedMinPolicedSize
+systemMayContain: aCSNonReservedMaxSDUSize
+systemMayContain: aCSMaxTokenRatePerFlow
+systemMayContain: aCSMaxSizeOfRSVPLogFile
+systemMayContain: aCSMaxSizeOfRSVPAccountFile
+systemMayContain: aCSMaxPeakBandwidthPerFlow
+systemMayContain: aCSMaxPeakBandwidth
+systemMayContain: aCSMaxNoOfLogFiles
+systemMayContain: aCSMaxNoOfAccountFiles
+systemMayContain: aCSMaxDurationPerFlow
+systemMayContain: aCSEventLogLevel
+systemMayContain: aCSEnableRSVPMessageLogging
+systemMayContain: aCSEnableRSVPAccounting
+systemMayContain: aCSEnableACSService
+systemMayContain: aCSDSBMRefresh
+systemMayContain: aCSDSBMPriority
+systemMayContain: aCSDSBMDeadTime
+systemMayContain: aCSCacheTimeout
+systemMayContain: aCSAllocableRSVPBandwidth
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ACS-Subnet,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Book-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Address-Book-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.125
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Book-Container
+adminDescription: Address-Book-Container
+objectClassCategory: 1
+lDAPDisplayName: addressBookContainer
+schemaIDGUID:: D/Z0PnM+0RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: addressBookContainer
+systemPossSuperiors: configuration
+systemMayContain: purportedSearch
+systemMustContain: displayName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(OA;;CR;a1990816-4298-11d1-ade2-00c04fd8d5cd;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Address-Book-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Template,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Address-Template
+subClassOf: displayTemplate
+governsID: 1.2.840.113556.1.3.58
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Template
+adminDescription: Address-Template
+objectClassCategory: 1
+lDAPDisplayName: addressTemplate
+schemaIDGUID:: CiXUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: proxyGenerationEnabled
+systemMayContain: perRecipDialogDisplayTable
+systemMayContain: perMsgDialogDisplayTable
+systemMayContain: addressType
+systemMayContain: addressSyntax
+systemMustContain: displayName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Address-Template,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Application-Entity,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Application-Entity
+subClassOf: top
+governsID: 2.5.6.12
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Application-Entity
+adminDescription: Application-Entity
+objectClassCategory: 1
+lDAPDisplayName: applicationEntity
+schemaIDGUID:: T+7fP/RH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: applicationProcess
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: supportedApplicationContext
+systemMayContain: seeAlso
+systemMayContain: ou
+systemMayContain: o
+systemMayContain: l
+systemMustContain: presentationAddress
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Application-Entity,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Application-Process,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Application-Process
+subClassOf: top
+governsID: 2.5.6.11
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Application-Process
+adminDescription: Application-Process
+objectClassCategory: 1
+lDAPDisplayName: applicationProcess
+schemaIDGUID:: CyXUX2IS0BGgYACqAGwz7Q==
+systemOnly: TRUE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: organization
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemMayContain: seeAlso
+systemMayContain: ou
+systemMayContain: l
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Application-Process,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Application-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Application-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.5.7000.49
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Application-Settings
+adminDescription: Application-Settings
+objectClassCategory: 2
+lDAPDisplayName: applicationSettings
+schemaIDGUID:: wayA9/BW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: server
+systemMayContain: notificationList
+systemMayContain: msDS-Settings
+systemMayContain: applicationName
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Application-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Application-Site-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Application-Site-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.5.68
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Application-Site-Settings
+adminDescription: Application-Site-Settings
+objectClassCategory: 2
+lDAPDisplayName: applicationSiteSettings
+schemaIDGUID:: XFoZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: site
+systemMayContain: notificationList
+systemMayContain: applicationName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Application-Site-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Application-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Application-Version
+possSuperiors: organizationalUnit
+possSuperiors: computer
+possSuperiors: container
+subClassOf: applicationSettings
+governsID: 1.2.840.113556.1.5.216
+mayContain: owner
+mayContain: managedBy
+mayContain: keywords
+mayContain: versionNumberLo
+mayContain: versionNumberHi
+mayContain: versionNumber
+mayContain: vendor
+mayContain: appSchemaVersion
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Application-Version
+adminDescription: 
+ Stores versioning information for an application and its schema.
+objectClassCategory: 1
+lDAPDisplayName: applicationVersion
+schemaIDGUID:: rJDH3U2vKkSPD6HUyqfdkg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 0
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Application-Version,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Builtin-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Builtin-Domain
+subClassOf: top
+governsID: 1.2.840.113556.1.5.4
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Builtin-Domain
+adminDescription: Builtin-Domain
+objectClassCategory: 1
+lDAPDisplayName: builtinDomain
+schemaIDGUID:: gXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemAuxiliaryClass: samDomainBase
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Builtin-Domain,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Category-Registration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Category-Registration
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.74
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Category-Registration
+adminDescription: Category-Registration
+objectClassCategory: 1
+lDAPDisplayName: categoryRegistration
+schemaIDGUID:: nQ5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: classStore
+systemMayContain: managedBy
+systemMayContain: localizedDescription
+systemMayContain: localeID
+systemMayContain: categoryId
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Category-Registration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Certification-Authority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Certification-Authority
+subClassOf: top
+governsID: 2.5.6.16
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Certification-Authority
+adminDescription: Certification-Authority
+objectClassCategory: 0
+lDAPDisplayName: certificationAuthority
+schemaIDGUID:: UO7fP/RH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: teletexTerminalIdentifier
+systemMayContain: supportedApplicationContext
+systemMayContain: signatureAlgorithms
+systemMayContain: searchGuide
+systemMayContain: previousParentCA
+systemMayContain: previousCACertificates
+systemMayContain: pendingParentCA
+systemMayContain: pendingCACertificates
+systemMayContain: parentCACertificateChain
+systemMayContain: parentCA
+systemMayContain: enrollmentProviders
+systemMayContain: domainPolicyObject
+systemMayContain: domainID
+systemMayContain: dNSHostName
+systemMayContain: deltaRevocationList
+systemMayContain: currentParentCA
+systemMayContain: crossCertificatePair
+systemMayContain: cRLObject
+systemMayContain: certificateTemplates
+systemMayContain: cAWEBURL
+systemMayContain: cAUsages
+systemMayContain: cAConnect
+systemMayContain: cACertificateDN
+systemMustContain: cn
+systemMustContain: certificateRevocationList
+systemMustContain: cACertificate
+systemMustContain: authorityRevocationList
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Certification-Authority,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Class-Registration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Class-Registration
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.10
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Class-Registration
+adminDescription: Class-Registration
+objectClassCategory: 1
+lDAPDisplayName: classRegistration
+schemaIDGUID:: gnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: classStore
+systemMayContain: requiredCategories
+systemMayContain: managedBy
+systemMayContain: implementedCategories
+systemMayContain: cOMTreatAsClassId
+systemMayContain: cOMProgID
+systemMayContain: cOMOtherProgId
+systemMayContain: cOMInterfaceID
+systemMayContain: cOMCLSID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Class-Registration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Class-Store,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Class-Store
+subClassOf: top
+governsID: 1.2.840.113556.1.5.44
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Class-Store
+adminDescription: Class-Store
+objectClassCategory: 1
+lDAPDisplayName: classStore
+schemaIDGUID:: hHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: domainPolicy
+systemPossSuperiors: computer
+systemPossSuperiors: group
+systemPossSuperiors: user
+systemPossSuperiors: classStore
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemPossSuperiors: container
+systemMayContain: versionNumber
+systemMayContain: nextLevelStore
+systemMayContain: lastUpdateSequence
+systemMayContain: appSchemaVersion
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Class-Store,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Com-Connection-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Com-Connection-Point
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.11
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Com-Connection-Point
+adminDescription: Com-Connection-Point
+objectClassCategory: 1
+lDAPDisplayName: comConnectionPoint
+schemaIDGUID:: hXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: monikerDisplayName
+systemMayContain: moniker
+systemMayContain: marshalledInterface
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Com-Connection-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Computer
+subClassOf: user
+governsID: 1.2.840.113556.1.3.30
+mayContain: msSFU30Name
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Aliases
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Computer
+adminDescription: Computer
+auxiliaryClass: ipHost
+objectClassCategory: 1
+lDAPDisplayName: computer
+schemaIDGUID:: hnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: msImaging-HashAlgorithm
+systemMayContain: msImaging-ThumbprintHash
+systemMayContain: msDS-GenerationId
+systemMayContain: msTPM-TpmInformationForComputer
+systemMayContain: msTSSecondaryDesktopBL
+systemMayContain: msTSPrimaryDesktopBL
+systemMayContain: msTSEndpointPlugin
+systemMayContain: msTSEndpointType
+systemMayContain: msTSEndpointData
+systemMayContain: msDS-HostServiceAccount
+systemMayContain: msDS-IsUserCachableAtRodc
+systemMayContain: msTSProperty02
+systemMayContain: msTSProperty01
+systemMayContain: msTPM-OwnerInformation
+systemMayContain: msDS-RevealOnDemandGroup
+systemMayContain: msDS-NeverRevealGroup
+systemMayContain: msDS-PromotionSettings
+systemMayContain: msDS-SiteName
+systemMayContain: msDS-isRODC
+systemMayContain: msDS-isGC
+systemMayContain: msDS-AuthenticatedAtDC
+systemMayContain: msDS-ExecuteScriptPassword
+systemMayContain: msDS-RevealedList
+systemMayContain: msDS-RevealedUsers
+systemMayContain: msDS-KrbTgtLink
+systemMayContain: volumeCount
+systemMayContain: siteGUID
+systemMayContain: rIDSetReferences
+systemMayContain: policyReplicationFlags
+systemMayContain: physicalLocationObject
+systemMayContain: operatingSystemVersion
+systemMayContain: operatingSystemServicePack
+systemMayContain: operatingSystemHotfix
+systemMayContain: operatingSystem
+systemMayContain: networkAddress
+systemMayContain: netbootSIFFile
+systemMayContain: netbootMirrorDataFile
+systemMayContain: netbootMachineFilePath
+systemMayContain: netbootInitialization
+systemMayContain: netbootDUID
+systemMayContain: netbootGUID
+systemMayContain: msDS-AdditionalSamAccountName
+systemMayContain: msDS-AdditionalDnsHostName
+systemMayContain: managedBy
+systemMayContain: machineRole
+systemMayContain: location
+systemMayContain: localPolicyFlags
+systemMayContain: dNSHostName
+systemMayContain: defaultLocalPolicyObject
+systemMayContain: cn
+systemMayContain: catalogs
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCRLCLORCSDDT;;;CO)(OA;;WP;4c164200-20c0-
+ 11d0-a768-00aa006e0529;;CO)(A;;RPLCLORC;;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-0
+ 0aa0040529b;;WD)(A;;CCDC;;;PS)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;
+ PO)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;SW;f3a64788-5306-11
+ d1-a9c5-0000f80367c1;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(O
+ A;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)(OA;;SW;72e39547-7b18-11d1-adef
+ -00c04fd8d5cd;;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO)(OA;;WP;3e0
+ abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;
+ ;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00aa003049e2;
+ CO)(OA;;WP;bf967950-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa00
+ 3049e2;CO)(OA;;WP;bf967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285
+ -00aa003049e2;CO)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Configuration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Configuration
+subClassOf: top
+governsID: 1.2.840.113556.1.5.12
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Configuration
+adminDescription: Configuration
+objectClassCategory: 1
+lDAPDisplayName: configuration
+schemaIDGUID:: h3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemPossSuperiors: domainDNS
+systemMayContain: msDS-USNLastSyncSuccess
+systemMayContain: gPOptions
+systemMayContain: gPLink
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLC
+ LORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Configuration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Connection-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Connection-Point
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.14
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Connection-Point
+adminDescription: Connection-Point
+objectClassCategory: 2
+lDAPDisplayName: connectionPoint
+schemaIDGUID:: zx60XEwO0BGihgCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemMayContain: msDS-Settings
+systemMayContain: managedBy
+systemMayContain: keywords
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Connection-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Contact,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Contact
+subClassOf: organizationalPerson
+governsID: 1.2.840.113556.1.5.15
+mayContain: msDS-SourceObjectDN
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Contact
+adminDescription: Contact
+objectClassCategory: 1
+lDAPDisplayName: contact
+schemaIDGUID:: 0B60XEwO0BGihgCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: msDS-preferredDataLocation
+systemMayContain: notes
+systemMustContain: cn
+systemAuxiliaryClass: mailRecipient
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Person,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Person
+subClassOf: top
+governsID: 2.5.6.6
+mayContain: attributeCertificateAttribute
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Person
+adminDescription: Person
+objectClassCategory: 0
+lDAPDisplayName: person
+schemaIDGUID:: p3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: userPassword
+systemMayContain: telephoneNumber
+systemMayContain: sn
+systemMayContain: serialNumber
+systemMayContain: seeAlso
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Container
+subClassOf: top
+governsID: 1.2.840.113556.1.3.23
+mayContain: msDS-ObjectReference
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Container
+adminDescription: Container
+objectClassCategory: 1
+lDAPDisplayName: container
+schemaIDGUID:: i3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: msDS-AzScope
+systemPossSuperiors: msDS-AzApplication
+systemPossSuperiors: msDS-AzAdminManager
+systemPossSuperiors: subnet
+systemPossSuperiors: server
+systemPossSuperiors: nTDSService
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organization
+systemPossSuperiors: configuration
+systemPossSuperiors: container
+systemPossSuperiors: organizationalUnit
+systemMayContain: schemaVersion
+systemMayContain: defaultClassStore
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Control-Access-Right,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Control-Access-Right
+subClassOf: top
+governsID: 1.2.840.113556.1.5.77
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Control-Access-Right
+adminDescription: Control-Access-Right
+objectClassCategory: 1
+lDAPDisplayName: controlAccessRight
+schemaIDGUID:: HpOXgtOG0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: validAccesses
+systemMayContain: rightsGuid
+systemMayContain: localizationDisplayId
+systemMayContain: appliesTo
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Control-Access-Right,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Country,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Country
+subClassOf: top
+governsID: 2.5.6.2
+rDNAttID: c
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Country
+adminDescription: Country
+objectClassCategory: 0
+lDAPDisplayName: country
+schemaIDGUID:: jHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organization
+systemMayContain: co
+systemMayContain: searchGuide
+systemMustContain: c
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Country,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CRL-Distribution-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: CRL-Distribution-Point
+subClassOf: top
+governsID: 2.5.6.19
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CRL-Distribution-Point
+adminDescription: CRL-Distribution-Point
+objectClassCategory: 1
+lDAPDisplayName: cRLDistributionPoint
+schemaIDGUID:: ylh3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: deltaRevocationList
+systemMayContain: cRLPartitionedRevocationList
+systemMayContain: certificateRevocationList
+systemMayContain: certificateAuthorityObject
+systemMayContain: authorityRevocationList
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=CRL-Distribution-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Cross-Ref,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Cross-Ref
+subClassOf: top
+governsID: 1.2.840.113556.1.3.11
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Cross-Ref
+adminDescription: Cross-Ref
+objectClassCategory: 1
+lDAPDisplayName: crossRef
+schemaIDGUID:: jXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: crossRefContainer
+systemMayContain: trustParent
+systemMayContain: superiorDNSRoot
+systemMayContain: rootTrust
+systemMayContain: nTMixedDomain
+systemMayContain: nETBIOSName
+systemMayContain: Enabled
+systemMayContain: msDS-SDReferenceDomain
+systemMayContain: msDS-Replication-Notify-Subsequent-DSA-Delay
+systemMayContain: msDS-Replication-Notify-First-DSA-Delay
+systemMayContain: msDS-NC-RO-Replica-Locations
+systemMayContain: msDS-NC-Replica-Locations
+systemMayContain: msDS-DnsRootAlias
+systemMayContain: msDS-Behavior-Version
+systemMustContain: nCName
+systemMustContain: dnsRoot
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Cross-Ref-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.7000.53
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Cross-Ref-Container
+adminDescription: Cross-Ref-Container
+objectClassCategory: 1
+lDAPDisplayName: crossRefContainer
+schemaIDGUID:: 4GCe7/dW0RGpxgAA+ANnwQ==
+systemOnly: TRUE
+systemPossSuperiors: configuration
+systemMayContain: msDS-EnabledFeature
+systemMayContain: msDS-SPNSuffixes
+systemMayContain: uPNSuffixes
+systemMayContain: msDS-UpdateScript
+systemMayContain: msDS-ExecuteScriptPassword
+systemMayContain: msDS-Behavior-Version
+defaultSecurityDescriptor: D:(A;;GA;;;SY)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Device,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Device
+subClassOf: top
+governsID: 2.5.6.14
+mayContain: msSFU30Aliases
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Device
+adminDescription: Device
+auxiliaryClass: ipHost
+auxiliaryClass: ieee802Device
+auxiliaryClass: bootableDevice
+objectClassCategory: 0
+lDAPDisplayName: device
+schemaIDGUID:: jnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: organization
+systemPossSuperiors: container
+systemMayContain: serialNumber
+systemMayContain: seeAlso
+systemMayContain: owner
+systemMayContain: ou
+systemMayContain: o
+systemMayContain: l
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Device,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dfs-Configuration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Dfs-Configuration
+subClassOf: top
+governsID: 1.2.840.113556.1.5.42
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dfs-Configuration
+adminDescription: Dfs-Configuration
+objectClassCategory: 1
+lDAPDisplayName: dfsConfiguration
+schemaIDGUID:: 8vlHhCcQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: domainDNS
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Dfs-Configuration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DHCP-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: DHCP-Class
+subClassOf: top
+governsID: 1.2.840.113556.1.5.132
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DHCP-Class
+adminDescription: DHCP-Class
+objectClassCategory: 1
+lDAPDisplayName: dHCPClass
+schemaIDGUID:: Vic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: superScopes
+systemMayContain: superScopeDescription
+systemMayContain: optionsLocation
+systemMayContain: optionDescription
+systemMayContain: networkAddress
+systemMayContain: mscopeId
+systemMayContain: dhcpUpdateTime
+systemMayContain: dhcpSubnets
+systemMayContain: dhcpState
+systemMayContain: dhcpSites
+systemMayContain: dhcpServers
+systemMayContain: dhcpReservations
+systemMayContain: dhcpRanges
+systemMayContain: dhcpProperties
+systemMayContain: dhcpOptions
+systemMayContain: dhcpObjName
+systemMayContain: dhcpObjDescription
+systemMayContain: dhcpMaxKey
+systemMayContain: dhcpMask
+systemMayContain: dhcpClasses
+systemMustContain: dhcpUniqueKey
+systemMustContain: dhcpType
+systemMustContain: dhcpIdentification
+systemMustContain: dhcpFlags
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=DHCP-Class,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Display-Specifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Display-Specifier
+subClassOf: top
+governsID: 1.2.840.113556.1.5.84
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Display-Specifier
+adminDescription: Display-Specifier
+objectClassCategory: 1
+lDAPDisplayName: displaySpecifier
+schemaIDGUID:: ih764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: treatAsLeaf
+systemMayContain: shellPropertyPages
+systemMayContain: shellContextMenu
+systemMayContain: scopeFlags
+systemMayContain: queryFilter
+systemMayContain: iconPath
+systemMayContain: extraColumns
+systemMayContain: creationWizard
+systemMayContain: createWizardExt
+systemMayContain: createDialog
+systemMayContain: contextMenu
+systemMayContain: classDisplayName
+systemMayContain: attributeDisplayNames
+systemMayContain: adminPropertyPages
+systemMayContain: adminMultiselectPropertyPages
+systemMayContain: adminContextMenu
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Display-Specifier,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Display-Template,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Display-Template
+subClassOf: top
+governsID: 1.2.840.113556.1.3.59
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Display-Template
+adminDescription: Display-Template
+objectClassCategory: 1
+lDAPDisplayName: displayTemplate
+schemaIDGUID:: DCXUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: originalDisplayTableMSDOS
+systemMayContain: originalDisplayTable
+systemMayContain: helpFileName
+systemMayContain: helpData32
+systemMayContain: helpData16
+systemMayContain: addressEntryDisplayTableMSDOS
+systemMayContain: addressEntryDisplayTable
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Display-Template,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Node,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Dns-Node
+subClassOf: top
+governsID: 1.2.840.113556.1.5.86
+rDNAttID: dc
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Node
+adminDescription: Dns-Node
+objectClassCategory: 1
+lDAPDisplayName: dnsNode
+schemaIDGUID:: jB764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: dnsZoneScope
+systemPossSuperiors: dnsZone
+systemMayContain: dNSTombstoned
+systemMayContain: dnsRecord
+systemMayContain: dNSProperty
+systemMustContain: dc
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;ED)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLO
+ RC;;;WD)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Zone,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Dns-Zone
+subClassOf: top
+governsID: 1.2.840.113556.1.5.85
+rDNAttID: dc
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Zone
+adminDescription: Dns-Zone
+objectClassCategory: 1
+lDAPDisplayName: dnsZone
+schemaIDGUID:: ix764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msDNS-NSEC3CurrentSalt
+systemMayContain: msDNS-NSEC3UserSalt
+systemMayContain: msDNS-PropagationTime
+systemMayContain: msDNS-ParentHasSecureDelegation
+systemMayContain: msDNS-DNSKEYRecords
+systemMayContain: msDNS-SigningKeys
+systemMayContain: msDNS-SigningKeyDescriptors
+systemMayContain: msDNS-SecureDelegationPollingPeriod
+systemMayContain: msDNS-SignatureInceptionOffset
+systemMayContain: msDNS-DSRecordSetTTL
+systemMayContain: msDNS-DNSKEYRecordSetTTL
+systemMayContain: msDNS-NSEC3Iterations
+systemMayContain: msDNS-NSEC3RandomSaltLength
+systemMayContain: msDNS-NSEC3HashAlgorithm
+systemMayContain: msDNS-RFC5011KeyRollovers
+systemMayContain: msDNS-DSRecordAlgorithms
+systemMayContain: msDNS-MaintainTrustAnchor
+systemMayContain: msDNS-NSEC3OptOut
+systemMayContain: msDNS-SignWithNSEC3
+systemMayContain: msDNS-IsSigned
+systemMayContain: managedBy
+systemMayContain: dnsSecureSecondaries
+systemMayContain: dNSProperty
+systemMayContain: dnsNotifySecondaries
+systemMayContain: dnsAllowXFR
+systemMayContain: dnsAllowDynamic
+systemMustContain: dc
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;ED)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;CC;;;AU)(A;;RPLCLORC;;;WD)(A;;RPWPCRCCDCLC
+ LORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Dns-Zone,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=document,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: document
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 0.9.2342.19200300.100.4.6
+mayContain: documentIdentifier
+mayContain: documentPublisher
+mayContain: documentLocation
+mayContain: documentAuthor
+mayContain: documentVersion
+mayContain: documentTitle
+mayContain: ou
+mayContain: o
+mayContain: l
+mayContain: seeAlso
+mayContain: description
+mayContain: cn
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: document
+adminDescription: 
+ The document object class is used to define entries which represent documents.
+objectClassCategory: 1
+lDAPDisplayName: document
+schemaIDGUID:: bdm6OdbCr0uIq35CB2ABFw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=document,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentSeries,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: documentSeries
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 0.9.2342.19200300.100.4.9
+mustContain: cn
+mayContain: telephoneNumber
+mayContain: ou
+mayContain: o
+mayContain: l
+mayContain: seeAlso
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentSeries
+adminDescription: 
+ The documentSeries object class is used to define an entry which represents a 
+ series of documents.
+objectClassCategory: 1
+lDAPDisplayName: documentSeries
+schemaIDGUID:: fOArei8wlku8kAeV1miF+A==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=documentSeries,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Domain
+subClassOf: top
+governsID: 1.2.840.113556.1.5.66
+rDNAttID: dc
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain
+adminDescription: Domain
+objectClassCategory: 2
+lDAPDisplayName: domain
+schemaIDGUID:: WloZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: domain
+systemPossSuperiors: organization
+systemMustContain: dc
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-DNS,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Domain-DNS
+subClassOf: domain
+governsID: 1.2.840.113556.1.5.67
+rDNAttID: dc
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-DNS
+adminDescription: Domain-DNS
+objectClassCategory: 1
+lDAPDisplayName: domainDNS
+schemaIDGUID:: W1oZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemMayContain: msDS-ExpirePasswordsOnSmartCardOnlyAccounts
+systemMayContain: msDS-EnabledFeature
+systemMayContain: msDS-USNLastSyncSuccess
+systemMayContain: msDS-Behavior-Version
+systemMayContain: msDS-AllowedDNSSuffixes
+systemMayContain: managedBy
+systemAuxiliaryClass: samDomain
+defaultSecurityDescriptor: 
+ D:(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;S-1-5-21-2159567482-1874458502
+ -4201521111-498)(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(
+ OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79
+ f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;11
+ 31f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc
+ 2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRC
+ WDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSD
+ DTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967
+ aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc
+ 2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9
+ 020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-
+ 20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;R
+ P;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU
+ )(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-
+ 0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-
+ 11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b42
+ 2-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79
+ a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;
+ bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(
+ OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F01
+ 5E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-
+ 9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;R
+ U)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-
+ ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967ab
+ a-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f
+ 608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854
+ e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;WP;ea1b7b93-5e
+ 48-46d5-bc6c-4df4fda78a35;bf967a86-0de6-11d0-a285-00aa003049e2;PS)(OA;;CR;1131
+ f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda6
+ 40c;;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;89e95b76-444d
+ -4c62-991a-0facbeda640c;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-
+ 5-32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6a
+ d-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)
+ (OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ae-9c07-11d1-f7
+ 9f-00c04fc2dcd2;;BA)(OA;CIIO;CRRPWP;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)(
+ OA;CIOI;RPWP;3f78c3e5-f79a-46bd-a0b8-9d18116ddc79;;PS)(OA;CIIO;SW;9b026da6-0d3
+ c-465c-8bee-5199d7165cba;bf967a86-0de6-11d0-a285-00aa003049e2;PS)(OA;CIIO;SW;9
+ b026da6-0d3c-465c-8bee-5199d7165cba;bf967a86-0de6-11d0-a285-00aa003049e2;CO)S:
+ (AU;SA;WDWOWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d
+ 1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3b
+ bf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Domain-Policy
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.18
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Policy
+adminDescription: Domain-Policy
+objectClassCategory: 1
+lDAPDisplayName: domainPolicy
+schemaIDGUID:: mXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemPossSuperiors: container
+systemMayContain: qualityOfService
+systemMayContain: pwdProperties
+systemMayContain: pwdHistoryLength
+systemMayContain: publicKeyPolicy
+systemMayContain: proxyLifetime
+systemMayContain: minTicketAge
+systemMayContain: minPwdLength
+systemMayContain: minPwdAge
+systemMayContain: maxTicketAge
+systemMayContain: maxRenewAge
+systemMayContain: maxPwdAge
+systemMayContain: managedBy
+systemMayContain: lockoutThreshold
+systemMayContain: lockoutDuration
+systemMayContain: lockOutObservationWindow
+systemMayContain: ipsecPolicyReference
+systemMayContain: forceLogoff
+systemMayContain: eFSPolicy
+systemMayContain: domainWidePolicy
+systemMayContain: domainPolicyReference
+systemMayContain: domainCAs
+systemMayContain: defaultLocalPolicyObject
+systemMayContain: authenticationOptions
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Domain-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=domainRelatedObject,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: domainRelatedObject
+subClassOf: top
+governsID: 0.9.2342.19200300.100.4.17
+mayContain: associatedDomain
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: domainRelatedObject
+adminDescription: 
+ The domainRelatedObject object class is used to define an entry which represen
+ ts a series of documents.
+objectClassCategory: 3
+lDAPDisplayName: domainRelatedObject
+schemaIDGUID:: PS39i9rvSUWFLPheE3rtxg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=domainRelatedObject,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DS-UI-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: DS-UI-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.5.183
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DS-UI-Settings
+adminDescription: DS-UI-Settings
+objectClassCategory: 1
+lDAPDisplayName: dSUISettings
+schemaIDGUID:: FA+xCZNv0hGZBQAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msDS-Non-Security-Group-Extra-Classes
+systemMayContain: msDS-Security-Group-Extra-Classes
+systemMayContain: msDS-FilterContainers
+systemMayContain: dSUIShellMaximum
+systemMayContain: dSUIAdminNotification
+systemMayContain: dSUIAdminMaximum
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=DS-UI-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DSA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: DSA
+subClassOf: applicationEntity
+governsID: 2.5.6.13
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DSA
+adminDescription: DSA
+objectClassCategory: 1
+lDAPDisplayName: dSA
+schemaIDGUID:: Uu7fP/RH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: server
+systemPossSuperiors: computer
+systemMayContain: knowledgeInformation
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=DSA,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dynamic-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Dynamic-Object
+description: 
+ This class, if present in an entry, indicates that this entry has a limited li
+ fetime and may disappear automatically when its time-to-live has reached 0. If
+  the client has not supplied a value for the entryTtl attribute, the server wi
+ ll provide one.
+subClassOf: top
+governsID: 1.3.6.1.4.1.1466.101.119.2
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dynamic-Object
+adminDescription: Dynamic-Object
+objectClassCategory: 3
+lDAPDisplayName: dynamicObject
+schemaIDGUID:: SRLVZlUzH0yyToHyUqyiOw==
+systemOnly: FALSE
+systemMayContain: msDS-Entry-Time-To-Die
+systemMayContain: entryTTL
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Dynamic-Object,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=File-Link-Tracking,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: File-Link-Tracking
+subClassOf: top
+governsID: 1.2.840.113556.1.5.52
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: File-Link-Tracking
+adminDescription: File-Link-Tracking
+objectClassCategory: 1
+lDAPDisplayName: fileLinkTracking
+schemaIDGUID:: KSJx3eQQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=File-Link-Tracking,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=File-Link-Tracking-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: File-Link-Tracking-Entry
+subClassOf: top
+governsID: 1.2.840.113556.1.5.59
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: File-Link-Tracking-Entry
+adminDescription: File-Link-Tracking-Entry
+objectClassCategory: 1
+lDAPDisplayName: fileLinkTrackingEntry
+schemaIDGUID:: 7bJOjhJH0BGhoADAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: fileLinkTracking
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=File-Link-Tracking-Entry,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Foreign-Security-Principal
+subClassOf: top
+governsID: 1.2.840.113556.1.5.76
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Foreign-Security-Principal
+adminDescription: Foreign-Security-Principal
+objectClassCategory: 1
+lDAPDisplayName: foreignSecurityPrincipal
+schemaIDGUID:: EhzjiTCF0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: foreignIdentifier
+systemMustContain: objectSid
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9
+ 819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;
+ ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-000
+ 0F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45
+ 795B3-9455-11d1-AEBD-0000F80367C1;;PS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9
+ 020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;
+ E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04
+ fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=friendlyCountry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: friendlyCountry
+subClassOf: country
+governsID: 0.9.2342.19200300.100.4.18
+mustContain: co
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: friendlyCountry
+adminDescription: 
+ The friendlyCountry object class is used to define country entries in the DIT.
+objectClassCategory: 1
+lDAPDisplayName: friendlyCountry
+schemaIDGUID:: UvGYxGvcSkefUnzbo9fTUQ==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=friendlyCountry,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FT-Dfs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: FT-Dfs
+subClassOf: top
+governsID: 1.2.840.113556.1.5.43
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FT-Dfs
+adminDescription: FT-Dfs
+objectClassCategory: 1
+lDAPDisplayName: fTDfs
+schemaIDGUID:: 8/lHhCcQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemPossSuperiors: dfsConfiguration
+systemMayContain: uNCName
+systemMayContain: managedBy
+systemMayContain: keywords
+systemMustContain: remoteServerName
+systemMustContain: pKTGuid
+systemMustContain: pKT
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=FT-Dfs,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Group
+subClassOf: top
+governsID: 1.2.840.113556.1.5.8
+mayContain: msSFU30PosixMember
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group
+adminDescription: Group
+auxiliaryClass: posixGroup
+objectClassCategory: 1
+lDAPDisplayName: group
+schemaIDGUID:: nHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: msDS-AzScope
+systemPossSuperiors: msDS-AzApplication
+systemPossSuperiors: msDS-AzAdminManager
+systemPossSuperiors: container
+systemPossSuperiors: builtinDomain
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: msDS-PrimaryComputer
+systemMayContain: msDS-preferredDataLocation
+systemMayContain: msDS-AzApplicationData
+systemMayContain: msDS-AzLastImportedBizRulePath
+systemMayContain: msDS-AzBizRuleLanguage
+systemMayContain: msDS-AzBizRule
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: primaryGroupToken
+systemMayContain: operatorCount
+systemMayContain: nTGroupMembers
+systemMayContain: nonSecurityMember
+systemMayContain: msDS-NonMembers
+systemMayContain: msDS-AzLDAPQuery
+systemMayContain: member
+systemMayContain: managedBy
+systemMayContain: groupMembershipSAM
+systemMayContain: groupAttributes
+systemMayContain: mail
+systemMayContain: desktopProfile
+systemMayContain: controlAccessRights
+systemMayContain: adminCount
+systemMustContain: groupType
+systemAuxiliaryClass: mailRecipient
+systemAuxiliaryClass: securityPrincipal
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab
+ 721a55-1e2f-11d0-9819-00aa0040529b;;AU)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d
+ 456d2;;S-1-5-32-560)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Group,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group-Of-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Group-Of-Names
+subClassOf: top
+governsID: 2.5.6.9
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group-Of-Names
+adminDescription: Group-Of-Names
+objectClassCategory: 0
+lDAPDisplayName: groupOfNames
+schemaIDGUID:: nXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: locality
+systemPossSuperiors: organization
+systemPossSuperiors: container
+systemMayContain: seeAlso
+systemMayContain: owner
+systemMayContain: ou
+systemMayContain: o
+systemMayContain: businessCategory
+systemMustContain: member
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Group-Of-Names,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=groupOfUniqueNames,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: groupOfUniqueNames
+possSuperiors: domainDNS
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 2.5.6.17
+mustContain: uniqueMember
+mustContain: cn
+mayContain: seeAlso
+mayContain: owner
+mayContain: ou
+mayContain: o
+mayContain: description
+mayContain: businessCategory
+rDNAttID: cn
+showInAdvancedViewOnly: FALSE
+adminDisplayName: groupOfUniqueNames
+adminDescription: Defines the entries for a group of unique names.
+objectClassCategory: 1
+lDAPDisplayName: groupOfUniqueNames
+schemaIDGUID:: EakQA6OTIU6no1XYWrLEiw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)
+systemFlags: 0
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=groupOfUniqueNames,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group-Policy-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Group-Policy-Container
+subClassOf: container
+governsID: 1.2.840.113556.1.5.157
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group-Policy-Container
+adminDescription: Group-Policy-Container
+objectClassCategory: 1
+lDAPDisplayName: groupPolicyContainer
+schemaIDGUID:: wjsO8/Cf0RG2AwAA+ANnwQ==
+systemOnly: FALSE
+systemMayContain: versionNumber
+systemMayContain: gPCWQLFilter
+systemMayContain: gPCUserExtensionNames
+systemMayContain: gPCMachineExtensionNames
+systemMayContain: gPCFunctionalityVersion
+systemMayContain: gPCFileSysPath
+systemMayContain: flags
+defaultSecurityDescriptor: 
+ D:P(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;DA)(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;EA
+ )(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;CO)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;
+ CI;RPLCLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;LCRP
+ LORC;;;ED)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Group-Policy-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Index-Server-Catalog,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Index-Server-Catalog
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.130
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Index-Server-Catalog
+adminDescription: Index-Server-Catalog
+objectClassCategory: 1
+lDAPDisplayName: indexServerCatalog
+schemaIDGUID:: isv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: uNCName
+systemMayContain: queryPoint
+systemMayContain: indexedScopes
+systemMayContain: friendlyNames
+systemMustContain: creator
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Index-Server-Catalog,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=inetOrgPerson,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: inetOrgPerson
+possSuperiors: domainDNS
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: user
+governsID: 2.16.840.1.113730.3.2.2
+mayContain: x500uniqueIdentifier
+mayContain: userSMIMECertificate
+mayContain: userPKCS12
+mayContain: userCertificate
+mayContain: uid
+mayContain: secretary
+mayContain: roomNumber
+mayContain: preferredLanguage
+mayContain: photo
+mayContain: pager
+mayContain: o
+mayContain: mobile
+mayContain: manager
+mayContain: mail
+mayContain: labeledURI
+mayContain: jpegPhoto
+mayContain: initials
+mayContain: homePostalAddress
+mayContain: homePhone
+mayContain: givenName
+mayContain: employeeType
+mayContain: employeeNumber
+mayContain: displayName
+mayContain: departmentNumber
+mayContain: carLicense
+mayContain: businessCategory
+mayContain: audio
+rDNAttID: cn
+showInAdvancedViewOnly: FALSE
+adminDisplayName: inetOrgPerson
+adminDescription: 
+ Represents people who are associated with an organization in some way.
+objectClassCategory: 1
+lDAPDisplayName: inetOrgPerson
+schemaIDGUID:: FMwoSDcUvEWbB61vAV5fKA==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9
+ 819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;
+ ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-000
+ 0F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45
+ 795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968
+ f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a
+ 9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04
+ fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-
+ 9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;
+ AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0
+ -9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;
+ ;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422
+ -11d1-aebd-0000f80367c1;;S-1-5-32-561)(OA;;WPRP;5805bc62-bdc9-4428-a5e2-856a0f
+ 4c185e;;S-1-5-32-561)
+systemFlags: 0
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Infrastructure-Update,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Infrastructure-Update
+subClassOf: top
+governsID: 1.2.840.113556.1.5.175
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Infrastructure-Update
+adminDescription: Infrastructure-Update
+objectClassCategory: 1
+lDAPDisplayName: infrastructureUpdate
+schemaIDGUID:: iQ35LZ8A0hGqTADAT9fYOg==
+systemOnly: TRUE
+systemPossSuperiors: infrastructureUpdate
+systemPossSuperiors: domain
+systemMayContain: dNReferenceUpdate
+defaultSecurityDescriptor: D:(A;;GA;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Intellimirror-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Intellimirror-Group
+subClassOf: top
+governsID: 1.2.840.113556.1.5.152
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Intellimirror-Group
+adminDescription: Intellimirror-Group
+objectClassCategory: 1
+lDAPDisplayName: intellimirrorGroup
+schemaIDGUID:: hjA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;
+ CCDC;;;CO)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Intellimirror-Group,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Intellimirror-SCP,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Intellimirror-SCP
+subClassOf: serviceAdministrationPoint
+governsID: 1.2.840.113556.1.5.151
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Intellimirror-SCP
+adminDescription: Intellimirror-SCP
+objectClassCategory: 1
+lDAPDisplayName: intellimirrorSCP
+schemaIDGUID:: hTA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemPossSuperiors: intellimirrorGroup
+systemMayContain: netbootTools
+systemMayContain: netbootServer
+systemMayContain: netbootNewMachineOU
+systemMayContain: netbootNewMachineNamingPolicy
+systemMayContain: netbootMaxClients
+systemMayContain: netbootMachineFilePath
+systemMayContain: netbootLocallyInstalledOSes
+systemMayContain: netbootLimitClients
+systemMayContain: netbootIntelliMirrorOSes
+systemMayContain: netbootCurrentClientCount
+systemMayContain: netbootAnswerRequests
+systemMayContain: netbootAnswerOnlyValidClients
+systemMayContain: netbootAllowNewClients
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Intellimirror-SCP,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Inter-Site-Transport,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Inter-Site-Transport
+subClassOf: top
+governsID: 1.2.840.113556.1.5.141
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Inter-Site-Transport
+adminDescription: Inter-Site-Transport
+objectClassCategory: 1
+lDAPDisplayName: interSiteTransport
+schemaIDGUID:: dnPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: interSiteTransportContainer
+systemMayContain: replInterval
+systemMayContain: options
+systemMustContain: transportDLLName
+systemMustContain: transportAddressAttribute
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Inter-Site-Transport,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Inter-Site-Transport-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Inter-Site-Transport-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.140
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Inter-Site-Transport-Container
+adminDescription: Inter-Site-Transport-Container
+objectClassCategory: 1
+lDAPDisplayName: interSiteTransportContainer
+schemaIDGUID:: dXPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: sitesContainer
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Inter-Site-Transport-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Base,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Ipsec-Base
+subClassOf: top
+governsID: 1.2.840.113556.1.5.7000.56
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Base
+adminDescription: Ipsec-Base
+objectClassCategory: 2
+lDAPDisplayName: ipsecBase
+schemaIDGUID:: JfgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemMayContain: ipsecOwnersReference
+systemMayContain: ipsecName
+systemMayContain: ipsecID
+systemMayContain: ipsecDataType
+systemMayContain: ipsecData
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Ipsec-Base,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Ipsec-Filter
+subClassOf: ipsecBase
+governsID: 1.2.840.113556.1.5.118
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Filter
+adminDescription: Ipsec-Filter
+objectClassCategory: 1
+lDAPDisplayName: ipsecFilter
+schemaIDGUID:: JvgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: computer
+systemPossSuperiors: container
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Ipsec-Filter,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-ISAKMP-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Ipsec-ISAKMP-Policy
+subClassOf: ipsecBase
+governsID: 1.2.840.113556.1.5.120
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-ISAKMP-Policy
+adminDescription: Ipsec-ISAKMP-Policy
+objectClassCategory: 1
+lDAPDisplayName: ipsecISAKMPPolicy
+schemaIDGUID:: KPgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemPossSuperiors: organizationalUnit
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Ipsec-ISAKMP-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Negotiation-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Ipsec-Negotiation-Policy
+subClassOf: ipsecBase
+governsID: 1.2.840.113556.1.5.119
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Negotiation-Policy
+adminDescription: Ipsec-Negotiation-Policy
+objectClassCategory: 1
+lDAPDisplayName: ipsecNegotiationPolicy
+schemaIDGUID:: J/gPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: computer
+systemPossSuperiors: container
+systemMayContain: iPSECNegotiationPolicyType
+systemMayContain: iPSECNegotiationPolicyAction
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Ipsec-Negotiation-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-NFA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Ipsec-NFA
+subClassOf: ipsecBase
+governsID: 1.2.840.113556.1.5.121
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-NFA
+adminDescription: Ipsec-NFA
+objectClassCategory: 1
+lDAPDisplayName: ipsecNFA
+schemaIDGUID:: KfgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemPossSuperiors: organizationalUnit
+systemMayContain: ipsecNegotiationPolicyReference
+systemMayContain: ipsecFilterReference
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Ipsec-NFA,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Ipsec-Policy
+subClassOf: ipsecBase
+governsID: 1.2.840.113556.1.5.98
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Policy
+adminDescription: Ipsec-Policy
+objectClassCategory: 1
+lDAPDisplayName: ipsecPolicy
+schemaIDGUID:: ITGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: computer
+systemPossSuperiors: container
+systemMayContain: ipsecNFAReference
+systemMayContain: ipsecISAKMPReference
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Ipsec-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Leaf,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Leaf
+subClassOf: top
+governsID: 1.2.840.113556.1.5.20
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Leaf
+adminDescription: Leaf
+objectClassCategory: 2
+lDAPDisplayName: leaf
+schemaIDGUID:: nnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Leaf,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Licensing-Site-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Licensing-Site-Settings
+subClassOf: applicationSiteSettings
+governsID: 1.2.840.113556.1.5.78
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Licensing-Site-Settings
+adminDescription: Licensing-Site-Settings
+objectClassCategory: 1
+lDAPDisplayName: licensingSiteSettings
+schemaIDGUID:: ffHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: site
+systemMayContain: siteServer
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Licensing-Site-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Link-Track-Object-Move-Table,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Link-Track-Object-Move-Table
+subClassOf: fileLinkTracking
+governsID: 1.2.840.113556.1.5.91
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Link-Track-Object-Move-Table
+adminDescription: Link-Track-Object-Move-Table
+objectClassCategory: 1
+lDAPDisplayName: linkTrackObjectMoveTable
+schemaIDGUID:: 9Qys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: fileLinkTracking
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Link-Track-Object-Move-Table,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Link-Track-OMT-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Link-Track-OMT-Entry
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.93
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Link-Track-OMT-Entry
+adminDescription: Link-Track-OMT-Entry
+objectClassCategory: 1
+lDAPDisplayName: linkTrackOMTEntry
+schemaIDGUID:: 9wys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: linkTrackObjectMoveTable
+systemMayContain: timeRefresh
+systemMayContain: oMTIndxGuid
+systemMayContain: oMTGuid
+systemMayContain: currentLocation
+systemMayContain: birthLocation
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Link-Track-OMT-Entry,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Link-Track-Vol-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Link-Track-Vol-Entry
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.92
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Link-Track-Vol-Entry
+adminDescription: Link-Track-Vol-Entry
+objectClassCategory: 1
+lDAPDisplayName: linkTrackVolEntry
+schemaIDGUID:: 9gys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: linkTrackVolumeTable
+systemMayContain: volTableIdxGUID
+systemMayContain: volTableGUID
+systemMayContain: timeVolChange
+systemMayContain: timeRefresh
+systemMayContain: seqNotification
+systemMayContain: objectCount
+systemMayContain: linkTrackSecret
+systemMayContain: currMachineId
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Link-Track-Vol-Entry,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Link-Track-Volume-Table,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Link-Track-Volume-Table
+subClassOf: fileLinkTracking
+governsID: 1.2.840.113556.1.5.90
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Link-Track-Volume-Table
+adminDescription: Link-Track-Volume-Table
+objectClassCategory: 1
+lDAPDisplayName: linkTrackVolumeTable
+schemaIDGUID:: 9Ays3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: fileLinkTracking
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Link-Track-Volume-Table,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Locality,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Locality
+subClassOf: top
+governsID: 2.5.6.3
+rDNAttID: l
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Locality
+adminDescription: Locality
+objectClassCategory: 1
+lDAPDisplayName: locality
+schemaIDGUID:: oHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: country
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: organization
+systemPossSuperiors: locality
+systemMayContain: street
+systemMayContain: st
+systemMayContain: seeAlso
+systemMayContain: searchGuide
+systemMustContain: l
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Locality,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Lost-And-Found,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Lost-And-Found
+subClassOf: top
+governsID: 1.2.840.113556.1.5.139
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lost-And-Found
+adminDescription: Lost-And-Found
+objectClassCategory: 1
+lDAPDisplayName: lostAndFound
+schemaIDGUID:: cYarUglX0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: configuration
+systemPossSuperiors: domainDNS
+systemPossSuperiors: dMD
+systemMayContain: moveTreeState
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Lost-And-Found,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Mail-Recipient,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Mail-Recipient
+subClassOf: top
+governsID: 1.2.840.113556.1.3.46
+mayContain: msDS-ExternalDirectoryObjectId
+mayContain: msDS-GeoCoordinatesLongitude
+mayContain: msDS-GeoCoordinatesLatitude
+mayContain: msDS-GeoCoordinatesAltitude
+mayContain: msDS-PhoneticDisplayName
+mayContain: userSMIMECertificate
+mayContain: secretary
+mayContain: msExchLabeledURI
+mayContain: msExchAssistantName
+mayContain: labeledURI
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Mail-Recipient
+adminDescription: Mail-Recipient
+objectClassCategory: 3
+lDAPDisplayName: mailRecipient
+schemaIDGUID:: oXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: userCertificate
+systemMayContain: userCert
+systemMayContain: textEncodedORAddress
+systemMayContain: telephoneNumber
+systemMayContain: showInAddressBook
+systemMayContain: legacyExchangeDN
+systemMayContain: garbageCollPeriod
+systemMayContain: info
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Mail-Recipient,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Meeting,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Meeting
+subClassOf: top
+governsID: 1.2.840.113556.1.5.104
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Meeting
+adminDescription: Meeting
+objectClassCategory: 1
+lDAPDisplayName: meeting
+schemaIDGUID:: lMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: meetingURL
+systemMayContain: meetingType
+systemMayContain: meetingStartTime
+systemMayContain: meetingScope
+systemMayContain: meetingRecurrence
+systemMayContain: meetingRating
+systemMayContain: meetingProtocol
+systemMayContain: meetingOwner
+systemMayContain: meetingOriginator
+systemMayContain: meetingMaxParticipants
+systemMayContain: meetingLocation
+systemMayContain: meetingLanguage
+systemMayContain: meetingKeyword
+systemMayContain: meetingIsEncrypted
+systemMayContain: meetingIP
+systemMayContain: meetingID
+systemMayContain: meetingEndTime
+systemMayContain: meetingDescription
+systemMayContain: meetingContactInfo
+systemMayContain: meetingBlob
+systemMayContain: meetingBandwidth
+systemMayContain: meetingApplication
+systemMayContain: meetingAdvertiseScope
+systemMustContain: meetingName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Meeting,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-Partition,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-COM-Partition
+subClassOf: top
+governsID: 1.2.840.113556.1.5.193
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-Partition
+adminDescription: Partition class. Default = adminDisplayName
+objectClassCategory: 1
+lDAPDisplayName: msCOM-Partition
+schemaIDGUID:: dA4ByVhO90mKiV4+I0D8+A==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: msCOM-ObjectId
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-COM-Partition,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-PartitionSet,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-COM-PartitionSet
+subClassOf: top
+governsID: 1.2.840.113556.1.5.194
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-PartitionSet
+adminDescription: PartitionSet class. Default = adminDisplayName
+objectClassCategory: 1
+lDAPDisplayName: msCOM-PartitionSet
+schemaIDGUID:: q2QEJRfEekmXWp4NRZp8oQ==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: msCOM-PartitionLink
+systemMayContain: msCOM-DefaultPartitionLink
+systemMayContain: msCOM-ObjectId
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-COM-PartitionSet,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-App-Configuration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-App-Configuration
+possSuperiors: organizationalUnit
+possSuperiors: computer
+possSuperiors: container
+subClassOf: applicationSettings
+governsID: 1.2.840.113556.1.5.220
+mayContain: owner
+mayContain: msDS-ObjectReference
+mayContain: msDS-Integer
+mayContain: msDS-DateTime
+mayContain: msDS-ByteArray
+mayContain: managedBy
+mayContain: keywords
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-App-Configuration
+adminDescription: Stores configuration parameters for an application.
+objectClassCategory: 1
+lDAPDisplayName: msDS-App-Configuration
+schemaIDGUID:: PjzfkFQYVUSl18rUDVZleg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 0
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-App-Configuration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-App-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-App-Data
+possSuperiors: organizationalUnit
+possSuperiors: computer
+possSuperiors: container
+subClassOf: applicationSettings
+governsID: 1.2.840.113556.1.5.241
+mayContain: owner
+mayContain: msDS-ObjectReference
+mayContain: msDS-Integer
+mayContain: msDS-DateTime
+mayContain: msDS-ByteArray
+mayContain: managedBy
+mayContain: keywords
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-App-Data
+adminDescription: 
+ Stores data that is to be used by an object. For example, profile information 
+ for a user object.
+objectClassCategory: 1
+lDAPDisplayName: msDS-AppData
+schemaIDGUID:: YddnnifjVU28lWgvh14vjg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 0
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-App-Data,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Admin-Manager,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Az-Admin-Manager
+subClassOf: top
+governsID: 1.2.840.113556.1.5.234
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Admin-Manager
+adminDescription: Root of Authorization Policy store instance
+objectClassCategory: 1
+lDAPDisplayName: msDS-AzAdminManager
+schemaIDGUID:: URDuzyhfrkuoY10MwYqO0Q==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: msDS-AzMinorVersion
+systemMayContain: msDS-AzMajorVersion
+systemMayContain: msDS-AzApplicationData
+systemMayContain: msDS-AzGenerateAudits
+systemMayContain: msDS-AzScriptTimeout
+systemMayContain: msDS-AzScriptEngineCacheMax
+systemMayContain: msDS-AzDomainTimeout
+systemMayContain: description
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Az-Admin-Manager,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Application,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Az-Application
+subClassOf: top
+governsID: 1.2.840.113556.1.5.235
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Application
+adminDescription: 
+ Defines an installed instance of an application bound to a particular policy s
+ tore.
+objectClassCategory: 1
+lDAPDisplayName: msDS-AzApplication
+schemaIDGUID:: m9743aXLEk6ELijYtm917A==
+systemOnly: FALSE
+systemPossSuperiors: msDS-AzAdminManager
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: msDS-AzApplicationData
+systemMayContain: msDS-AzGenerateAudits
+systemMayContain: msDS-AzApplicationVersion
+systemMayContain: msDS-AzClassId
+systemMayContain: msDS-AzApplicationName
+systemMayContain: description
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Az-Application,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Operation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Az-Operation
+subClassOf: top
+governsID: 1.2.840.113556.1.5.236
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Operation
+adminDescription: Describes a particular operation supported by an application
+objectClassCategory: 1
+lDAPDisplayName: msDS-AzOperation
+schemaIDGUID:: N74KhpuapE+z0ris5d+exQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: msDS-AzApplication
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: msDS-AzApplicationData
+systemMayContain: description
+systemMustContain: msDS-AzOperationID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Az-Operation,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Az-Role
+subClassOf: top
+governsID: 1.2.840.113556.1.5.239
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Role
+adminDescription: 
+ Defines a set of operations that can be performed by a particular set of users
+  within a particular scope
+objectClassCategory: 1
+lDAPDisplayName: msDS-AzRole
+schemaIDGUID:: yeoTglWd3ESSXOmlK5J2RA==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: msDS-AzScope
+systemPossSuperiors: msDS-AzApplication
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: msDS-AzApplicationData
+systemMayContain: msDS-TasksForAzRole
+systemMayContain: msDS-OperationsForAzRole
+systemMayContain: msDS-MembersForAzRole
+systemMayContain: description
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Az-Role,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Scope,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Az-Scope
+subClassOf: top
+governsID: 1.2.840.113556.1.5.237
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Scope
+adminDescription: Describes a set of objects managed by an application
+objectClassCategory: 1
+lDAPDisplayName: msDS-AzScope
+schemaIDGUID:: VODqT1XOu0eGDlsSBjpR3g==
+systemOnly: FALSE
+systemPossSuperiors: msDS-AzApplication
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: msDS-AzApplicationData
+systemMayContain: description
+systemMustContain: msDS-AzScopeName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Az-Scope,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Task,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Az-Task
+subClassOf: top
+governsID: 1.2.840.113556.1.5.238
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Task
+adminDescription: Describes a set of operations
+objectClassCategory: 1
+lDAPDisplayName: msDS-AzTask
+schemaIDGUID:: c6TTHhubikG/oDo3uVpTBg==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: msDS-AzScope
+systemPossSuperiors: msDS-AzApplication
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: msDS-TasksForAzTask
+systemMayContain: msDS-OperationsForAzTask
+systemMayContain: msDS-AzApplicationData
+systemMayContain: msDS-AzTaskIsRoleDefinition
+systemMayContain: msDS-AzLastImportedBizRulePath
+systemMayContain: msDS-AzBizRuleLanguage
+systemMayContain: msDS-AzBizRule
+systemMayContain: description
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Az-Task,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Optional-Feature,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Optional-Feature
+subClassOf: top
+governsID: 1.2.840.113556.1.5.265
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Optional-Feature
+adminDescription: Configuration for an optional DS feature.
+objectClassCategory: 1
+lDAPDisplayName: msDS-OptionalFeature
+schemaIDGUID:: QQDwRK81i0ayCmzoc3xYCw==
+systemOnly: TRUE
+systemPossSuperiors: container
+systemMayContain: msDS-RequiredForestBehaviorVersion
+systemMayContain: msDS-RequiredDomainBehaviorVersion
+systemMustContain: msDS-OptionalFeatureFlags
+systemMustContain: msDS-OptionalFeatureGUID
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Optional-Feature,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Password-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Password-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.5.255
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Password-Settings
+adminDescription: Password settings object for accounts
+objectClassCategory: 1
+lDAPDisplayName: msDS-PasswordSettings
+schemaIDGUID:: uJ3NO0v4HEWVL2xSuB+exg==
+systemOnly: FALSE
+systemPossSuperiors: msDS-PasswordSettingsContainer
+systemMayContain: msDS-PSOAppliesTo
+systemMustContain: msDS-PasswordHistoryLength
+systemMustContain: msDS-PasswordSettingsPrecedence
+systemMustContain: msDS-PasswordReversibleEncryptionEnabled
+systemMustContain: msDS-LockoutThreshold
+systemMustContain: msDS-LockoutDuration
+systemMustContain: msDS-LockoutObservationWindow
+systemMustContain: msDS-PasswordComplexityEnabled
+systemMustContain: msDS-MinimumPasswordLength
+systemMustContain: msDS-MinimumPasswordAge
+systemMustContain: msDS-MaximumPasswordAge
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Password-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Password-Settings-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Password-Settings-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.256
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Password-Settings-Container
+adminDescription: Container for password settings objects
+objectClassCategory: 1
+lDAPDisplayName: msDS-PasswordSettingsContainer
+schemaIDGUID:: arAGW/NMwES9FkO8EKmH2g==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Password-Settings-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Quota-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Quota-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.242
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Quota-Container
+adminDescription: 
+ A special container that holds all quota specifications for the directory data
+ base.
+objectClassCategory: 1
+lDAPDisplayName: msDS-QuotaContainer
+schemaIDGUID:: T/yD2m8H6kq03I9Nq5tZkw==
+systemOnly: FALSE
+systemPossSuperiors: configuration
+systemPossSuperiors: domainDNS
+systemMayContain: msDS-TopQuotaUsage
+systemMayContain: msDS-QuotaUsed
+systemMayContain: msDS-QuotaEffective
+systemMayContain: msDS-TombstoneQuotaFactor
+systemMayContain: msDS-DefaultQuota
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;BA)(OA;;CR;4ecc03fe-ffc0-
+ 4947-b630-eb672a8a9dbc;;WD)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Quota-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Quota-Control,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Quota-Control
+subClassOf: top
+governsID: 1.2.840.113556.1.5.243
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Quota-Control
+adminDescription: 
+ A class used to represent quota specifications for the directory database.
+objectClassCategory: 1
+lDAPDisplayName: msDS-QuotaControl
+schemaIDGUID:: JvyR3gK9UkuuJnlZmelvxw==
+systemOnly: FALSE
+systemPossSuperiors: msDS-QuotaContainer
+systemMustContain: msDS-QuotaAmount
+systemMustContain: msDS-QuotaTrustee
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;BA)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Quota-Control,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Managed-Service-Account,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Managed-Service-Account
+subClassOf: computer
+governsID: 1.2.840.113556.1.5.264
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Managed-Service-Account
+adminDescription: 
+ Service account class is used to create accounts that are used for running Win
+ dows services.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ManagedServiceAccount
+schemaIDGUID:: RGIgzidYhkq6HBwMOGwbZA==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCRLCLORCSDDT;;;CO)(OA;;WP;4c164200-20c0-
+ 11d0-a768-00aa006e0529;;CO)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO)(O
+ A;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO)(OA;;WP;3e0abfd0-126a-11d0-a060
+ -00aa006c33ed;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;5f202010-79a5-11
+ d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967950-
+ 0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf
+ 967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA
+ ;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEB
+ D-0000F80367C1;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)(A;;RPLCLO
+ RC;;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RPWP;bf967a7f-0d
+ e6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-
+ 1-5-32-560)(OA;;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;;ED)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Managed-Service-Account,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Exch-Configuration-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Exch-Configuration-Container
+subClassOf: container
+governsID: 1.2.840.113556.1.5.176
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Exch-Configuration-Container
+adminDescription: ms-Exch-Configuration-Container
+objectClassCategory: 1
+lDAPDisplayName: msExchConfigurationContainer
+schemaIDGUID:: WGg90PQG0hGqUwDAT9fYOg==
+systemOnly: FALSE
+systemMayContain: templateRoots2
+systemMayContain: templateRoots
+systemMayContain: addressBookRoots2
+systemMayContain: addressBookRoots
+systemMayContain: globalAddressList2
+systemMayContain: globalAddressList
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Exch-Configuration-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-LocalSettings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-LocalSettings
+possSuperiors: computer
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.1
+mayContain: msDFSR-StagingCleanupTriggerInPercent
+mayContain: msDFSR-CommonStagingSizeInMb
+mayContain: msDFSR-CommonStagingPath
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+mayContain: msDFSR-Version
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-LocalSettings
+adminDescription: DFSR settings applicable to local computer
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-LocalSettings
+schemaIDGUID:: kcWF+n8ZfkeDvepaQ98iOQ==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-LocalSettings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Subscriber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-Subscriber
+possSuperiors: msDFSR-LocalSettings
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.2
+mustContain: msDFSR-ReplicationGroupGuid
+mustContain: msDFSR-MemberReference
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Subscriber
+adminDescription: Represents local computer membership of a replication group
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-Subscriber
+schemaIDGUID:: 1wUV4cSS50O/XClYMv/Ilg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-Subscriber,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Subscription,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-Subscription
+possSuperiors: msDFSR-Subscriber
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.3
+mustContain: msDFSR-ReplicationGroupGuid
+mustContain: msDFSR-ContentSetGuid
+mayContain: msDFSR-OnDemandExclusionDirectoryFilter
+mayContain: msDFSR-OnDemandExclusionFileFilter
+mayContain: msDFSR-StagingCleanupTriggerInPercent
+mayContain: msDFSR-Options2
+mayContain: msDFSR-MaxAgeInCacheInMin
+mayContain: msDFSR-MinDurationCacheInMin
+mayContain: msDFSR-CachePolicy
+mayContain: msDFSR-ReadOnly
+mayContain: msDFSR-DeletedSizeInMb
+mayContain: msDFSR-DeletedPath
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+mayContain: msDFSR-DfsLinkTarget
+mayContain: msDFSR-RootFence
+mayContain: msDFSR-Enabled
+mayContain: msDFSR-ConflictSizeInMb
+mayContain: msDFSR-ConflictPath
+mayContain: msDFSR-StagingSizeInMb
+mayContain: msDFSR-StagingPath
+mayContain: msDFSR-RootSizeInMb
+mayContain: msDFSR-RootPath
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Subscription
+adminDescription: Represents local computer participation of a content set
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-Subscription
+schemaIDGUID:: FCQhZ8x7CUaH4AiNrYq97g==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-Subscription,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-GlobalSettings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-GlobalSettings
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.4
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-GlobalSettings
+adminDescription: Global settings applicable to all replication group members
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-GlobalSettings
+schemaIDGUID:: rds1e+yzakiq1C/snW6m9g==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-GlobalSettings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ReplicationGroup,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-ReplicationGroup
+possSuperiors: msDFSR-GlobalSettings
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.5
+mustContain: msDFSR-ReplicationGroupType
+mayContain: msDFSR-OnDemandExclusionDirectoryFilter
+mayContain: msDFSR-OnDemandExclusionFileFilter
+mayContain: msDFSR-DefaultCompressionExclusionFilter
+mayContain: msDFSR-Options2
+mayContain: msDFSR-DeletedSizeInMb
+mayContain: msDFSR-ConflictSizeInMb
+mayContain: msDFSR-StagingSizeInMb
+mayContain: msDFSR-RootSizeInMb
+mayContain: msDFSR-DirectoryFilter
+mayContain: msDFSR-FileFilter
+mayContain: msDFSR-Version
+mayContain: msDFSR-Schedule
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+mayContain: msDFSR-TombstoneExpiryInMin
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ReplicationGroup
+adminDescription: Replication Group container
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-ReplicationGroup
+schemaIDGUID:: 4C8zHCoMMk+vyiPF5Fqedw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-ReplicationGroup,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Content,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-Content
+possSuperiors: msDFSR-ReplicationGroup
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.6
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Content
+adminDescription: Container for DFSR-ContentSet objects
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-Content
+schemaIDGUID:: NZt1ZKHT5EK18aPeFiEJsw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-Content,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ContentSet,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-ContentSet
+possSuperiors: msDFSR-Content
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.7
+mayContain: msDFSR-OnDemandExclusionDirectoryFilter
+mayContain: msDFSR-OnDemandExclusionFileFilter
+mayContain: msDFSR-DefaultCompressionExclusionFilter
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Priority
+mayContain: msDFSR-DeletedSizeInMb
+mayContain: msDFSR-ConflictSizeInMb
+mayContain: msDFSR-StagingSizeInMb
+mayContain: msDFSR-RootSizeInMb
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+mayContain: msDFSR-DirectoryFilter
+mayContain: msDFSR-FileFilter
+mayContain: msDFSR-DfsPath
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ContentSet
+adminDescription: DFSR Content Set
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-ContentSet
+schemaIDGUID:: DfQ3SdymSE2Xygbl+/0/Fg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-ContentSet,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Topology,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-Topology
+possSuperiors: msDFSR-ReplicationGroup
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.8
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Topology
+adminDescription: Container for objects that form the replication topology
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-Topology
+schemaIDGUID:: qYqCBEJugE65YuL+AHVNFw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-Topology,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-Member
+possSuperiors: msDFSR-Topology
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.9
+mustContain: msDFSR-ComputerReference
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+mayContain: msDFSR-Keywords
+mayContain: serverReference
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Member
+adminDescription: Replication group member
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-Member
+schemaIDGUID:: l8gpQhHCfEOlrtv3BbaW5Q==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-Member,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Connection,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-Connection
+possSuperiors: msDFSR-Member
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.10
+mustContain: fromServer
+mayContain: msDFSR-DisablePacketPrivacy
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Priority
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+mayContain: msDFSR-Schedule
+mayContain: msDFSR-Keywords
+mayContain: msDFSR-RdcMinFileSizeInKb
+mayContain: msDFSR-RdcEnabled
+mayContain: msDFSR-Enabled
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Connection
+adminDescription: Directional connection between two members
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-Connection
+schemaIDGUID:: LpeP5bVk70aNi7vD4Yl+qw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-Connection,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-ieee-80211-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-ieee-80211-Policy
+subClassOf: top
+governsID: 1.2.840.113556.1.5.240
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-ieee-80211-Policy
+adminDescription: class to store Wireless Network Policy Object
+objectClassCategory: 1
+lDAPDisplayName: msieee80211-Policy
+schemaIDGUID:: ki2ae+u3gkOXcsPg+bqvlA==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemMayContain: msieee80211-ID
+systemMayContain: msieee80211-DataType
+systemMayContain: msieee80211-Data
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-ieee-80211-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Imaging-PSPs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Imaging-PSPs
+subClassOf: container
+governsID: 1.2.840.113556.1.5.262
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Imaging-PSPs
+adminDescription: Container for all Enterprise Scan Post Scan Process objects.
+objectClassCategory: 1
+lDAPDisplayName: msImaging-PSPs
+schemaIDGUID:: wSrtoAyXd0eEjuxjoOxE/A==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Imaging-PSPs,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Imaging-PostScanProcess,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Imaging-PostScanProcess
+subClassOf: top
+governsID: 1.2.840.113556.1.5.263
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Imaging-PostScanProcess
+adminDescription: Enterprise Scan Post Scan Process object.
+objectClassCategory: 1
+lDAPDisplayName: msImaging-PostScanProcess
+schemaIDGUID:: fCV8H6O4JUWC+BHMx77jbg==
+systemOnly: FALSE
+systemPossSuperiors: msImaging-PSPs
+systemMayContain: msImaging-PSPString
+systemMayContain: serverName
+systemMustContain: displayName
+systemMustContain: msImaging-PSPIdentifier
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Imaging-PostScanProcess,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Print-ConnectionPolicy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Print-ConnectionPolicy
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.23.2
+mustContain: cn
+mayContain: uNCName
+mayContain: serverName
+mayContain: printAttributes
+mayContain: printerName
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Print-ConnectionPolicy
+adminDescription: Pushed Printer Connection Policy1
+objectClassCategory: 1
+lDAPDisplayName: msPrint-ConnectionPolicy
+schemaIDGUID:: xzNvodZ/KEiTZENROP2gjQ==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Print-ConnectionPolicy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Enterprise-Oid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-PKI-Enterprise-Oid
+subClassOf: top
+governsID: 1.2.840.113556.1.5.196
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Enterprise-Oid
+adminDescription: ms-PKI-Enterprise-Oid
+objectClassCategory: 1
+lDAPDisplayName: msPKI-Enterprise-Oid
+schemaIDGUID:: XNjPNxln2EqPnoZ4umJ1Yw==
+systemOnly: FALSE
+systemPossSuperiors: msPKI-Enterprise-Oid
+systemPossSuperiors: container
+systemMayContain: msDS-OIDToGroupLink
+systemMayContain: msPKI-OID-User-Notice
+systemMayContain: msPKI-OIDLocalizedName
+systemMayContain: msPKI-OID-CPS
+systemMayContain: msPKI-OID-Attribute
+systemMayContain: msPKI-Cert-Template-OID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-PKI-Enterprise-Oid,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Key-Recovery-Agent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-PKI-Key-Recovery-Agent
+subClassOf: user
+governsID: 1.2.840.113556.1.5.195
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Key-Recovery-Agent
+adminDescription: ms-PKI-Key-Recovery-Agent
+objectClassCategory: 1
+lDAPDisplayName: msPKI-Key-Recovery-Agent
+schemaIDGUID:: OPLMJo6ghkuagqjJrH7lyw==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-PKI-Key-Recovery-Agent,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-SQLServer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-SQLServer
+subClassOf: serviceConnectionPoint
+governsID: 1.2.840.113556.1.5.184
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-SQLServer
+adminDescription: MS-SQL-SQLServer
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-SQLServer
+schemaIDGUID:: eMj2Be/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: serviceConnectionPoint
+systemMayContain: mS-SQL-Keywords
+systemMayContain: mS-SQL-GPSHeight
+systemMayContain: mS-SQL-GPSLongitude
+systemMayContain: mS-SQL-GPSLatitude
+systemMayContain: mS-SQL-InformationURL
+systemMayContain: mS-SQL-LastUpdatedDate
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-Vines
+systemMayContain: mS-SQL-AppleTalk
+systemMayContain: mS-SQL-TCPIP
+systemMayContain: mS-SQL-SPX
+systemMayContain: mS-SQL-MultiProtocol
+systemMayContain: mS-SQL-NamedPipe
+systemMayContain: mS-SQL-Clustered
+systemMayContain: mS-SQL-UnicodeSortOrder
+systemMayContain: mS-SQL-SortOrder
+systemMayContain: mS-SQL-CharacterSet
+systemMayContain: mS-SQL-ServiceAccount
+systemMayContain: mS-SQL-Build
+systemMayContain: mS-SQL-Memory
+systemMayContain: mS-SQL-Location
+systemMayContain: mS-SQL-Contact
+systemMayContain: mS-SQL-RegisteredOwner
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-SQLServer,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-OLAPServer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-OLAPServer
+subClassOf: serviceConnectionPoint
+governsID: 1.2.840.113556.1.5.185
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-OLAPServer
+adminDescription: MS-SQL-OLAPServer
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-OLAPServer
+schemaIDGUID:: 6hh+DO/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: serviceConnectionPoint
+systemMayContain: mS-SQL-Keywords
+systemMayContain: mS-SQL-PublicationURL
+systemMayContain: mS-SQL-InformationURL
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-Language
+systemMayContain: mS-SQL-ServiceAccount
+systemMayContain: mS-SQL-Contact
+systemMayContain: mS-SQL-RegisteredOwner
+systemMayContain: mS-SQL-Build
+systemMayContain: mS-SQL-Version
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-OLAPServer,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-SQLRepository,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-SQLRepository
+subClassOf: top
+governsID: 1.2.840.113556.1.5.186
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-SQLRepository
+adminDescription: MS-SQL-SQLRepository
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-SQLRepository
+schemaIDGUID:: XDzUEe/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: mS-SQL-SQLServer
+systemMayContain: mS-SQL-InformationDirectory
+systemMayContain: mS-SQL-Version
+systemMayContain: mS-SQL-Description
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-Build
+systemMayContain: mS-SQL-Contact
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-SQLRepository,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-SQLPublication,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-SQLPublication
+subClassOf: top
+governsID: 1.2.840.113556.1.5.187
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-SQLPublication
+adminDescription: MS-SQL-SQLPublication
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-SQLPublication
+schemaIDGUID:: TvbCF+/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: mS-SQL-SQLServer
+systemMayContain: mS-SQL-ThirdParty
+systemMayContain: mS-SQL-AllowSnapshotFilesFTPDownloading
+systemMayContain: mS-SQL-AllowQueuedUpdatingSubscription
+systemMayContain: mS-SQL-AllowImmediateUpdatingSubscription
+systemMayContain: mS-SQL-AllowKnownPullSubscription
+systemMayContain: mS-SQL-Publisher
+systemMayContain: mS-SQL-AllowAnonymousSubscription
+systemMayContain: mS-SQL-Database
+systemMayContain: mS-SQL-Type
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-Description
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-SQLPublication,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-SQLDatabase,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-SQLDatabase
+subClassOf: top
+governsID: 1.2.840.113556.1.5.188
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-SQLDatabase
+adminDescription: MS-SQL-SQLDatabase
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-SQLDatabase
+schemaIDGUID:: SmkIHe/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: mS-SQL-SQLServer
+systemMayContain: mS-SQL-Keywords
+systemMayContain: mS-SQL-InformationURL
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-Applications
+systemMayContain: mS-SQL-LastDiagnosticDate
+systemMayContain: mS-SQL-LastBackupDate
+systemMayContain: mS-SQL-CreationDate
+systemMayContain: mS-SQL-Size
+systemMayContain: mS-SQL-Contact
+systemMayContain: mS-SQL-Alias
+systemMayContain: mS-SQL-Description
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-SQLDatabase,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-OLAPDatabase,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-OLAPDatabase
+subClassOf: top
+governsID: 1.2.840.113556.1.5.189
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-OLAPDatabase
+adminDescription: MS-SQL-OLAPDatabase
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-OLAPDatabase
+schemaIDGUID:: GgOvIO/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: mS-SQL-OLAPServer
+systemMayContain: mS-SQL-Keywords
+systemMayContain: mS-SQL-PublicationURL
+systemMayContain: mS-SQL-ConnectionURL
+systemMayContain: mS-SQL-InformationURL
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-Applications
+systemMayContain: mS-SQL-LastBackupDate
+systemMayContain: mS-SQL-LastUpdatedDate
+systemMayContain: mS-SQL-Size
+systemMayContain: mS-SQL-Type
+systemMayContain: mS-SQL-Description
+systemMayContain: mS-SQL-Contact
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-OLAPDatabase,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-OLAPCube,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-OLAPCube
+subClassOf: top
+governsID: 1.2.840.113556.1.5.190
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-OLAPCube
+adminDescription: MS-SQL-OLAPCube
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-OLAPCube
+schemaIDGUID:: alDwCSjN0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: mS-SQL-OLAPDatabase
+systemMayContain: mS-SQL-Keywords
+systemMayContain: mS-SQL-PublicationURL
+systemMayContain: mS-SQL-InformationURL
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-LastUpdatedDate
+systemMayContain: mS-SQL-Size
+systemMayContain: mS-SQL-Description
+systemMayContain: mS-SQL-Contact
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-OLAPCube,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TAPI-Rt-Conference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-TAPI-Rt-Conference
+subClassOf: top
+governsID: 1.2.840.113556.1.5.221
+rDNAttID: msTAPI-uid
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msTAPI-RtConference
+adminDescription: msTAPI-RtConference
+objectClassCategory: 1
+lDAPDisplayName: msTAPI-RtConference
+schemaIDGUID:: NZd7yipLSU6Jw5kCUzTclA==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemMayContain: msTAPI-ConferenceBlob
+systemMayContain: msTAPI-ProtocolId
+systemMustContain: msTAPI-uid
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-TAPI-Rt-Conference,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TAPI-Rt-Person,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-TAPI-Rt-Person
+subClassOf: top
+governsID: 1.2.840.113556.1.5.222
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msTAPI-RtPerson
+adminDescription: msTAPI-RtPerson
+objectClassCategory: 1
+lDAPDisplayName: msTAPI-RtPerson
+schemaIDGUID:: tRzqUwS3+U2Bj1y07IbKwQ==
+systemOnly: FALSE
+systemPossSuperiors: organization
+systemPossSuperiors: organizationalUnit
+systemMayContain: msTAPI-uid
+systemMayContain: msTAPI-IpAddress
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-TAPI-Rt-Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-IntRangeParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-IntRangeParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.205
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-IntRangeParam
+adminDescription: ms-WMI-IntRangeParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-IntRangeParam
+schemaIDGUID:: fV3KUItc806531tm1JHlJg==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMayContain: msWMI-IntMax
+systemMayContain: msWMI-IntMin
+systemMustContain: msWMI-IntDefault
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-IntRangeParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-IntSetParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-IntSetParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.206
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-IntSetParam
+adminDescription: ms-WMI-IntSetParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-IntSetParam
+schemaIDGUID:: mg0vKXbPsEKEH7ZQ8zHfYg==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMayContain: msWMI-IntValidValues
+systemMustContain: msWMI-IntDefault
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPCCDCLCLODTRC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-IntSetParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-MergeablePolicyTemplate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-MergeablePolicyTemplate
+subClassOf: msWMI-PolicyTemplate
+governsID: 1.2.840.113556.1.5.202
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-MergeablePolicyTemplate
+adminDescription: ms-WMI-MergeablePolicyTemplate
+objectClassCategory: 1
+lDAPDisplayName: msWMI-MergeablePolicyTemplate
+schemaIDGUID:: FCRQB8r9UUiwShNkWxHSJg==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPCCDCLCLODTRC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-MergeablePolicyTemplate,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-ObjectEncoding,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-ObjectEncoding
+subClassOf: top
+governsID: 1.2.840.113556.1.5.217
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-ObjectEncoding
+adminDescription: ms-WMI-ObjectEncoding
+objectClassCategory: 1
+lDAPDisplayName: msWMI-ObjectEncoding
+schemaIDGUID:: yYHdVRLD+UGoTcatvfHo4Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMustContain: msWMI-Class
+systemMustContain: msWMI-ScopeGuid
+systemMustContain: msWMI-Parm1
+systemMustContain: msWMI-Parm2
+systemMustContain: msWMI-Parm3
+systemMustContain: msWMI-Parm4
+systemMustContain: msWMI-Genus
+systemMustContain: msWMI-intFlags1
+systemMustContain: msWMI-intFlags2
+systemMustContain: msWMI-intFlags3
+systemMustContain: msWMI-intFlags4
+systemMustContain: msWMI-ID
+systemMustContain: msWMI-TargetObject
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-ObjectEncoding,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-PolicyTemplate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-PolicyTemplate
+subClassOf: top
+governsID: 1.2.840.113556.1.5.200
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-PolicyTemplate
+adminDescription: ms-WMI-PolicyTemplate
+objectClassCategory: 1
+lDAPDisplayName: msWMI-PolicyTemplate
+schemaIDGUID:: 8YC84kokWU2sxspcT4Lm4Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msWMI-TargetType
+systemMayContain: msWMI-SourceOrganization
+systemMayContain: msWMI-Parm4
+systemMayContain: msWMI-Parm3
+systemMayContain: msWMI-Parm2
+systemMayContain: msWMI-Parm1
+systemMayContain: msWMI-intFlags4
+systemMayContain: msWMI-intFlags3
+systemMayContain: msWMI-intFlags2
+systemMayContain: msWMI-intFlags1
+systemMayContain: msWMI-CreationDate
+systemMayContain: msWMI-ChangeDate
+systemMayContain: msWMI-Author
+systemMustContain: msWMI-NormalizedClass
+systemMustContain: msWMI-TargetPath
+systemMustContain: msWMI-TargetClass
+systemMustContain: msWMI-TargetNameSpace
+systemMustContain: msWMI-Name
+systemMustContain: msWMI-ID
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLO
+ CCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-PolicyTemplate,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-PolicyType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-PolicyType
+subClassOf: top
+governsID: 1.2.840.113556.1.5.211
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-PolicyType
+adminDescription: ms-WMI-PolicyType
+objectClassCategory: 1
+lDAPDisplayName: msWMI-PolicyType
+schemaIDGUID:: EyZbWQlBd06QE6O7TvJ3xw==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msWMI-SourceOrganization
+systemMayContain: msWMI-Parm4
+systemMayContain: msWMI-Parm3
+systemMayContain: msWMI-Parm2
+systemMayContain: msWMI-Parm1
+systemMayContain: msWMI-intFlags4
+systemMayContain: msWMI-intFlags3
+systemMayContain: msWMI-intFlags2
+systemMayContain: msWMI-intFlags1
+systemMayContain: msWMI-CreationDate
+systemMayContain: msWMI-ChangeDate
+systemMayContain: msWMI-Author
+systemMustContain: msWMI-TargetObject
+systemMustContain: msWMI-ID
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLO
+ CCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-PolicyType,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-RangeParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-RangeParam
+subClassOf: top
+governsID: 1.2.840.113556.1.5.203
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-RangeParam
+adminDescription: ms-WMI-RangeParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-RangeParam
+schemaIDGUID:: V1r7RRhQD02QVpl8jJEi2Q==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMustContain: msWMI-TargetType
+systemMustContain: msWMI-TargetClass
+systemMustContain: msWMI-PropertyName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPCCDCLCLODTRC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-RangeParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-RealRangeParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-RealRangeParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.209
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-RealRangeParam
+adminDescription: ms-WMI-RealRangeParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-RealRangeParam
+schemaIDGUID:: 4o/+arxwzkyxZqlvc1nFFA==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMayContain: msWMI-Int8Max
+systemMayContain: msWMI-Int8Min
+systemMustContain: msWMI-Int8Default
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-RealRangeParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Rule,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-Rule
+subClassOf: top
+governsID: 1.2.840.113556.1.5.214
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Rule
+adminDescription: ms-WMI-Rule
+objectClassCategory: 1
+lDAPDisplayName: msWMI-Rule
+schemaIDGUID:: g29+PA7dG0igwnTNlu8qZg==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-Som
+systemPossSuperiors: container
+systemMustContain: msWMI-QueryLanguage
+systemMustContain: msWMI-TargetNameSpace
+systemMustContain: msWMI-Query
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-Rule,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-ShadowObject,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-ShadowObject
+subClassOf: top
+governsID: 1.2.840.113556.1.5.212
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-ShadowObject
+adminDescription: ms-WMI-ShadowObject
+objectClassCategory: 1
+lDAPDisplayName: msWMI-ShadowObject
+schemaIDGUID:: 30vk8dONNUKchvkfMfW1aQ==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-PolicyType
+systemMustContain: msWMI-TargetObject
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-ShadowObject,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-SimplePolicyTemplate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-SimplePolicyTemplate
+subClassOf: msWMI-PolicyTemplate
+governsID: 1.2.840.113556.1.5.201
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-SimplePolicyTemplate
+adminDescription: ms-WMI-SimplePolicyTemplate
+objectClassCategory: 1
+lDAPDisplayName: msWMI-SimplePolicyTemplate
+schemaIDGUID:: tbLIbN8S9kSDB+dPXN7jaQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMustContain: msWMI-TargetObject
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPCCDCLCLODTRC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-SimplePolicyTemplate,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Som,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-Som
+subClassOf: top
+governsID: 1.2.840.113556.1.5.213
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Som
+adminDescription: ms-WMI-Som
+objectClassCategory: 1
+lDAPDisplayName: msWMI-Som
+schemaIDGUID:: eHCFq0IBBkSUWzTJtrEzcg==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msWMI-SourceOrganization
+systemMayContain: msWMI-Parm4
+systemMayContain: msWMI-Parm3
+systemMayContain: msWMI-Parm2
+systemMayContain: msWMI-Parm1
+systemMayContain: msWMI-intFlags4
+systemMayContain: msWMI-intFlags3
+systemMayContain: msWMI-intFlags2
+systemMayContain: msWMI-intFlags1
+systemMayContain: msWMI-CreationDate
+systemMayContain: msWMI-ChangeDate
+systemMayContain: msWMI-Author
+systemMustContain: msWMI-Name
+systemMustContain: msWMI-ID
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLO
+ CCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-Som,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-StringSetParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-StringSetParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.210
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-StringSetParam
+adminDescription: ms-WMI-StringSetParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-StringSetParam
+schemaIDGUID:: onnFC6cd6ky2mYB/O51jpA==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMayContain: msWMI-StringValidValues
+systemMustContain: msWMI-StringDefault
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPCCDCLCLODTRC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-StringSetParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-UintRangeParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-UintRangeParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.207
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-UintRangeParam
+adminDescription: ms-WMI-UintRangeParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-UintRangeParam
+schemaIDGUID:: spmn2fPOs0i1rfuF+N0yFA==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMayContain: msWMI-IntMax
+systemMayContain: msWMI-IntMin
+systemMustContain: msWMI-IntDefault
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-UintRangeParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-UintSetParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-UintSetParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.208
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-UintSetParam
+adminDescription: ms-WMI-UintSetParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-UintSetParam
+schemaIDGUID:: MetLjxlO9UaTLl+gPDObHQ==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMayContain: msWMI-IntValidValues
+systemMustContain: msWMI-IntDefault
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPCCDCLCLODTRC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-UintSetParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-UnknownRangeParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-UnknownRangeParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.204
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-UnknownRangeParam
+adminDescription: ms-WMI-UnknownRangeParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-UnknownRangeParam
+schemaIDGUID:: a8IquNvGmECSxknBijM24Q==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMustContain: msWMI-TargetObject
+systemMustContain: msWMI-NormalizedClass
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-UnknownRangeParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-WMIGPO,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-WMIGPO
+subClassOf: top
+governsID: 1.2.840.113556.1.5.215
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-WMIGPO
+adminDescription: ms-WMI-WMIGPO
+objectClassCategory: 1
+lDAPDisplayName: msWMI-WMIGPO
+schemaIDGUID:: AABjBSc53k6/J8qR8nXCbw==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msWMI-Parm4
+systemMayContain: msWMI-Parm3
+systemMayContain: msWMI-Parm2
+systemMayContain: msWMI-Parm1
+systemMayContain: msWMI-intFlags4
+systemMayContain: msWMI-intFlags3
+systemMayContain: msWMI-intFlags2
+systemMayContain: msWMI-intFlags1
+systemMustContain: msWMI-TargetClass
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLO
+ CCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-WMIGPO,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Configuration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Configuration
+subClassOf: top
+governsID: 1.2.840.113556.1.5.162
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Configuration
+adminDescription: MSMQ-Configuration
+objectClassCategory: 1
+lDAPDisplayName: mSMQConfiguration
+schemaIDGUID:: RMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemMayContain: mSMQSites
+systemMayContain: mSMQSignKey
+systemMayContain: mSMQServiceType
+systemMayContain: mSMQRoutingServices
+systemMayContain: mSMQQuota
+systemMayContain: mSMQOwnerID
+systemMayContain: mSMQOutRoutingServers
+systemMayContain: mSMQOSType
+systemMayContain: mSMQJournalQuota
+systemMayContain: mSMQInRoutingServers
+systemMayContain: mSMQForeign
+systemMayContain: mSMQEncryptKey
+systemMayContain: mSMQDsServices
+systemMayContain: mSMQDependentClientServices
+systemMayContain: mSMQComputerTypeEx
+systemMayContain: mSMQComputerType
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Configuration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Custom-Recipient,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Custom-Recipient
+subClassOf: top
+governsID: 1.2.840.113556.1.5.218
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Custom-Recipient
+adminDescription: MSMQ-Custom-Recipient
+objectClassCategory: 1
+lDAPDisplayName: msMQ-Custom-Recipient
+schemaIDGUID:: F2hth8w1bEOs6l73F03Zvg==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemPossSuperiors: container
+systemMayContain: msMQ-Recipient-FormatName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Custom-Recipient,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Enterprise-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Enterprise-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.5.163
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Enterprise-Settings
+adminDescription: MSMQ-Enterprise-Settings
+objectClassCategory: 1
+lDAPDisplayName: mSMQEnterpriseSettings
+schemaIDGUID:: RcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: mSMQVersion
+systemMayContain: mSMQNameStyle
+systemMayContain: mSMQLongLived
+systemMayContain: mSMQInterval2
+systemMayContain: mSMQInterval1
+systemMayContain: mSMQCSPName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Enterprise-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Group
+subClassOf: top
+governsID: 1.2.840.113556.1.5.219
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Group
+adminDescription: MSMQ-Group
+objectClassCategory: 1
+lDAPDisplayName: msMQ-Group
+schemaIDGUID:: rHqyRvqq+0+3c+W/Yh7oew==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemMustContain: member
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Group,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Migrated-User,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Migrated-User
+subClassOf: top
+governsID: 1.2.840.113556.1.5.179
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Migrated-User
+adminDescription: MSMQ-Migrated-User
+objectClassCategory: 1
+lDAPDisplayName: mSMQMigratedUser
+schemaIDGUID:: l2l3UD080hGQzADAT9kasQ==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemPossSuperiors: builtinDomain
+systemMayContain: mSMQUserSid
+systemMayContain: mSMQSignCertificatesMig
+systemMayContain: mSMQSignCertificates
+systemMayContain: mSMQDigestsMig
+systemMayContain: mSMQDigests
+systemMayContain: objectSid
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Migrated-User,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Queue,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Queue
+subClassOf: top
+governsID: 1.2.840.113556.1.5.161
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Queue
+adminDescription: MSMQ-Queue
+objectClassCategory: 1
+lDAPDisplayName: mSMQQueue
+schemaIDGUID:: Q8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: mSMQConfiguration
+systemMayContain: mSMQTransactional
+systemMayContain: MSMQ-SecuredSource
+systemMayContain: mSMQQueueType
+systemMayContain: mSMQQueueQuota
+systemMayContain: mSMQQueueNameExt
+systemMayContain: mSMQQueueJournalQuota
+systemMayContain: mSMQPrivacyLevel
+systemMayContain: mSMQOwnerID
+systemMayContain: MSMQ-MulticastAddress
+systemMayContain: mSMQLabelEx
+systemMayContain: mSMQLabel
+systemMayContain: mSMQJournal
+systemMayContain: mSMQBasePriority
+systemMayContain: mSMQAuthenticate
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Queue,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.5.165
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Settings
+adminDescription: MSMQ-Settings
+objectClassCategory: 1
+lDAPDisplayName: mSMQSettings
+schemaIDGUID:: R8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: server
+systemMayContain: mSMQSiteNameEx
+systemMayContain: mSMQSiteName
+systemMayContain: mSMQServices
+systemMayContain: mSMQRoutingService
+systemMayContain: mSMQQMID
+systemMayContain: mSMQOwnerID
+systemMayContain: mSMQNt4Flags
+systemMayContain: mSMQMigrated
+systemMayContain: mSMQDsService
+systemMayContain: mSMQDependentClientService
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Site-Link
+subClassOf: top
+governsID: 1.2.840.113556.1.5.164
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-Link
+adminDescription: MSMQ-Site-Link
+objectClassCategory: 1
+lDAPDisplayName: mSMQSiteLink
+schemaIDGUID:: RsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: mSMQEnterpriseSettings
+systemMayContain: mSMQSiteGatesMig
+systemMayContain: mSMQSiteGates
+systemMustContain: mSMQSite2
+systemMustContain: mSMQSite1
+systemMustContain: mSMQCost
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Site-Link,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTDS-Connection,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTDS-Connection
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.71
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTDS-Connection
+adminDescription: NTDS-Connection
+objectClassCategory: 1
+lDAPDisplayName: nTDSConnection
+schemaIDGUID:: YFoZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: nTFRSMember
+systemPossSuperiors: nTFRSReplicaSet
+systemPossSuperiors: nTDSDSA
+systemMayContain: transportType
+systemMayContain: schedule
+systemMayContain: mS-DS-ReplicatesNCReason
+systemMayContain: generatedConnection
+systemMustContain: options
+systemMustContain: fromServer
+systemMustContain: enabledConnection
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTDS-Connection,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTDS-DSA-RO,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTDS-DSA-RO
+subClassOf: nTDSDSA
+governsID: 1.2.840.113556.1.5.254
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTDS-DSA-RO
+adminDescription: 
+ A subclass of Directory Service Agent which is distinguished by its reduced pr
+ ivilege level.
+objectClassCategory: 1
+lDAPDisplayName: nTDSDSARO
+schemaIDGUID:: wW7RhZEHyEuKs3CYBgL/jA==
+systemOnly: TRUE
+systemPossSuperiors: organization
+systemPossSuperiors: server
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTDS-DSA-RO,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTDS-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTDS-Service
+subClassOf: top
+governsID: 1.2.840.113556.1.5.72
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTDS-Service
+adminDescription: NTDS-Service
+objectClassCategory: 1
+lDAPDisplayName: nTDSService
+schemaIDGUID:: X1oZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msDS-DeletedObjectLifetime
+systemMayContain: tombstoneLifetime
+systemMayContain: sPNMappings
+systemMayContain: replTopologyStayOfExecution
+systemMayContain: msDS-Other-Settings
+systemMayContain: garbageCollPeriod
+systemMayContain: dSHeuristics
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTDS-Site-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTDS-Site-Settings
+subClassOf: applicationSiteSettings
+governsID: 1.2.840.113556.1.5.69
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTDS-Site-Settings
+adminDescription: NTDS-Site-Settings
+objectClassCategory: 1
+lDAPDisplayName: nTDSSiteSettings
+schemaIDGUID:: XVoZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: site
+systemMayContain: schedule
+systemMayContain: queryPolicyObject
+systemMayContain: options
+systemMayContain: msDS-Preferred-GC-Site
+systemMayContain: managedBy
+systemMayContain: interSiteTopologyRenew
+systemMayContain: interSiteTopologyGenerator
+systemMayContain: interSiteTopologyFailover
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTDS-Site-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTFRS-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTFRS-Member
+subClassOf: top
+governsID: 1.2.840.113556.1.5.153
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTFRS-Member
+adminDescription: NTFRS-Member
+objectClassCategory: 1
+lDAPDisplayName: nTFRSMember
+schemaIDGUID:: hiUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: nTFRSReplicaSet
+systemMayContain: serverReference
+systemMayContain: fRSUpdateTimeout
+systemMayContain: fRSServiceCommand
+systemMayContain: fRSRootSecurity
+systemMayContain: fRSPartnerAuthLevel
+systemMayContain: fRSFlags
+systemMayContain: fRSExtensions
+systemMayContain: fRSControlOutboundBacklog
+systemMayContain: fRSControlInboundBacklog
+systemMayContain: fRSControlDataCreation
+systemMayContain: frsComputerReference
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTFRS-Member,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTFRS-Replica-Set,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTFRS-Replica-Set
+subClassOf: top
+governsID: 1.2.840.113556.1.5.102
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTFRS-Replica-Set
+adminDescription: NTFRS-Replica-Set
+objectClassCategory: 1
+lDAPDisplayName: nTFRSReplicaSet
+schemaIDGUID:: OoBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: nTFRSSettings
+systemMayContain: schedule
+systemMayContain: msFRS-Topology-Pref
+systemMayContain: msFRS-Hub-Member
+systemMayContain: managedBy
+systemMayContain: fRSVersionGUID
+systemMayContain: fRSServiceCommand
+systemMayContain: fRSRootSecurity
+systemMayContain: fRSReplicaSetType
+systemMayContain: fRSReplicaSetGUID
+systemMayContain: fRSPrimaryMember
+systemMayContain: fRSPartnerAuthLevel
+systemMayContain: fRSLevelLimit
+systemMayContain: fRSFlags
+systemMayContain: fRSFileFilter
+systemMayContain: fRSExtensions
+systemMayContain: fRSDSPoll
+systemMayContain: fRSDirectoryFilter
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(OA;;CCDC;2a132586-9373-11d1
+ -aebc-0000f80367c1;;ED)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTFRS-Replica-Set,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTFRS-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTFRS-Settings
+subClassOf: applicationSettings
+governsID: 1.2.840.113556.1.5.89
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTFRS-Settings
+adminDescription: NTFRS-Settings
+objectClassCategory: 1
+lDAPDisplayName: nTFRSSettings
+schemaIDGUID:: wqyA9/BW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: nTFRSSettings
+systemPossSuperiors: container
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: organization
+systemMayContain: managedBy
+systemMayContain: fRSExtensions
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTFRS-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTFRS-Subscriber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTFRS-Subscriber
+subClassOf: top
+governsID: 1.2.840.113556.1.5.155
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTFRS-Subscriber
+adminDescription: NTFRS-Subscriber
+objectClassCategory: 1
+lDAPDisplayName: nTFRSSubscriber
+schemaIDGUID:: iCUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: nTFRSSubscriptions
+systemMayContain: schedule
+systemMayContain: fRSUpdateTimeout
+systemMayContain: fRSTimeLastConfigChange
+systemMayContain: fRSTimeLastCommand
+systemMayContain: fRSServiceCommandStatus
+systemMayContain: fRSServiceCommand
+systemMayContain: fRSMemberReference
+systemMayContain: fRSFlags
+systemMayContain: fRSFaultCondition
+systemMayContain: fRSExtensions
+systemMustContain: fRSStagingPath
+systemMustContain: fRSRootPath
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWO
+ WDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTFRS-Subscriber,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTFRS-Subscriptions,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTFRS-Subscriptions
+subClassOf: top
+governsID: 1.2.840.113556.1.5.154
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTFRS-Subscriptions
+adminDescription: NTFRS-Subscriptions
+objectClassCategory: 1
+lDAPDisplayName: nTFRSSubscriptions
+schemaIDGUID:: hyUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: user
+systemPossSuperiors: computer
+systemPossSuperiors: nTFRSSubscriptions
+systemMayContain: fRSWorkingPath
+systemMayContain: fRSVersion
+systemMayContain: fRSExtensions
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWO
+ WDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTFRS-Subscriptions,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Organizational-Person,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Organizational-Person
+subClassOf: person
+governsID: 2.5.6.7
+mayContain: msDS-HABSeniorityIndex
+mayContain: msDS-PhoneticDisplayName
+mayContain: msDS-PhoneticCompanyName
+mayContain: msDS-PhoneticDepartment
+mayContain: msDS-PhoneticLastName
+mayContain: msDS-PhoneticFirstName
+mayContain: houseIdentifier
+mayContain: msExchHouseIdentifier
+mayContain: homePostalAddress
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Organizational-Person
+adminDescription: Organizational-Person
+objectClassCategory: 0
+lDAPDisplayName: organizationalPerson
+schemaIDGUID:: pHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: organization
+systemPossSuperiors: container
+systemMayContain: msDS-AllowedToActOnBehalfOfOtherIdentity
+systemMayContain: x121Address
+systemMayContain: comment
+systemMayContain: title
+systemMayContain: co
+systemMayContain: primaryTelexNumber
+systemMayContain: telexNumber
+systemMayContain: teletexTerminalIdentifier
+systemMayContain: street
+systemMayContain: st
+systemMayContain: registeredAddress
+systemMayContain: preferredDeliveryMethod
+systemMayContain: postalCode
+systemMayContain: postalAddress
+systemMayContain: postOfficeBox
+systemMayContain: thumbnailPhoto
+systemMayContain: physicalDeliveryOfficeName
+systemMayContain: pager
+systemMayContain: otherPager
+systemMayContain: otherTelephone
+systemMayContain: mobile
+systemMayContain: otherMobile
+systemMayContain: primaryInternationalISDNNumber
+systemMayContain: ipPhone
+systemMayContain: otherIpPhone
+systemMayContain: otherHomePhone
+systemMayContain: homePhone
+systemMayContain: otherFacsimileTelephoneNumber
+systemMayContain: personalTitle
+systemMayContain: middleName
+systemMayContain: otherMailbox
+systemMayContain: ou
+systemMayContain: o
+systemMayContain: mhsORAddress
+systemMayContain: msDS-AllowedToDelegateTo
+systemMayContain: manager
+systemMayContain: thumbnailLogo
+systemMayContain: l
+systemMayContain: internationalISDNNumber
+systemMayContain: initials
+systemMayContain: givenName
+systemMayContain: generationQualifier
+systemMayContain: facsimileTelephoneNumber
+systemMayContain: employeeID
+systemMayContain: mail
+systemMayContain: division
+systemMayContain: destinationIndicator
+systemMayContain: department
+systemMayContain: c
+systemMayContain: countryCode
+systemMayContain: company
+systemMayContain: assistant
+systemMayContain: streetAddress
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Organizational-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Organizational-Role
+subClassOf: top
+governsID: 2.5.6.8
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Organizational-Role
+adminDescription: Organizational-Role
+objectClassCategory: 1
+lDAPDisplayName: organizationalRole
+schemaIDGUID:: v3TfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: organization
+systemPossSuperiors: container
+systemMayContain: x121Address
+systemMayContain: telexNumber
+systemMayContain: teletexTerminalIdentifier
+systemMayContain: telephoneNumber
+systemMayContain: street
+systemMayContain: st
+systemMayContain: seeAlso
+systemMayContain: roleOccupant
+systemMayContain: registeredAddress
+systemMayContain: preferredDeliveryMethod
+systemMayContain: postalCode
+systemMayContain: postalAddress
+systemMayContain: postOfficeBox
+systemMayContain: physicalDeliveryOfficeName
+systemMayContain: ou
+systemMayContain: l
+systemMayContain: internationalISDNNumber
+systemMayContain: facsimileTelephoneNumber
+systemMayContain: destinationIndicator
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Organizational-Role,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Organizational-Unit
+subClassOf: top
+governsID: 2.5.6.5
+rDNAttID: ou
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Organizational-Unit
+adminDescription: Organizational-Unit
+objectClassCategory: 1
+lDAPDisplayName: organizationalUnit
+schemaIDGUID:: pXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: country
+systemPossSuperiors: organization
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: x121Address
+systemMayContain: userPassword
+systemMayContain: uPNSuffixes
+systemMayContain: co
+systemMayContain: telexNumber
+systemMayContain: teletexTerminalIdentifier
+systemMayContain: telephoneNumber
+systemMayContain: street
+systemMayContain: st
+systemMayContain: seeAlso
+systemMayContain: searchGuide
+systemMayContain: registeredAddress
+systemMayContain: preferredDeliveryMethod
+systemMayContain: postalCode
+systemMayContain: postalAddress
+systemMayContain: postOfficeBox
+systemMayContain: physicalDeliveryOfficeName
+systemMayContain: msCOM-UserPartitionSetLink
+systemMayContain: managedBy
+systemMayContain: thumbnailLogo
+systemMayContain: l
+systemMayContain: internationalISDNNumber
+systemMayContain: gPOptions
+systemMayContain: gPLink
+systemMayContain: facsimileTelephoneNumber
+systemMayContain: destinationIndicator
+systemMayContain: desktopProfile
+systemMayContain: defaultGroup
+systemMayContain: countryCode
+systemMayContain: c
+systemMayContain: businessCategory
+systemMustContain: ou
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(OA;
+ ;CCDC;bf967a86-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aba-0de6-11d0-a2
+ 85-00aa003049e2;;AO)(OA;;CCDC;bf967a9c-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CC
+ DC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;E
+ D)(OA;;CCDC;4828CC14-1437-45bc-9B07-AD6F015E5F28;;AO)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Package-Registration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Package-Registration
+subClassOf: top
+governsID: 1.2.840.113556.1.5.49
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Package-Registration
+adminDescription: Package-Registration
+objectClassCategory: 1
+lDAPDisplayName: packageRegistration
+schemaIDGUID:: pnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: classStore
+systemMayContain: versionNumberLo
+systemMayContain: versionNumberHi
+systemMayContain: vendor
+systemMayContain: upgradeProductCode
+systemMayContain: setupCommand
+systemMayContain: productCode
+systemMayContain: packageType
+systemMayContain: packageName
+systemMayContain: packageFlags
+systemMayContain: msiScriptSize
+systemMayContain: msiScriptPath
+systemMayContain: msiScriptName
+systemMayContain: msiScript
+systemMayContain: msiFileList
+systemMayContain: managedBy
+systemMayContain: machineArchitecture
+systemMayContain: localeID
+systemMayContain: lastUpdateSequence
+systemMayContain: installUiLevel
+systemMayContain: iconPath
+systemMayContain: fileExtPriority
+systemMayContain: cOMTypelibId
+systemMayContain: cOMProgID
+systemMayContain: cOMInterfaceID
+systemMayContain: cOMClassID
+systemMayContain: categories
+systemMayContain: canUpgradeScript
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Package-Registration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Physical-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Physical-Location
+subClassOf: locality
+governsID: 1.2.840.113556.1.5.97
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Physical-Location
+adminDescription: Physical-Location
+objectClassCategory: 1
+lDAPDisplayName: physicalLocation
+schemaIDGUID:: IjGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: physicalLocation
+systemPossSuperiors: configuration
+systemMayContain: managedBy
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Physical-Location,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Certificate-Template,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: PKI-Certificate-Template
+subClassOf: top
+governsID: 1.2.840.113556.1.5.177
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Certificate-Template
+adminDescription: PKI-Certificate-Template
+objectClassCategory: 1
+lDAPDisplayName: pKICertificateTemplate
+schemaIDGUID:: opwg5bo70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: pKIOverlapPeriod
+systemMayContain: pKIMaxIssuingDepth
+systemMayContain: pKIKeyUsage
+systemMayContain: pKIExtendedKeyUsage
+systemMayContain: pKIExpirationPeriod
+systemMayContain: pKIEnrollmentAccess
+systemMayContain: pKIDefaultCSPs
+systemMayContain: pKIDefaultKeySpec
+systemMayContain: pKICriticalExtensions
+systemMayContain: msPKI-RA-Signature
+systemMayContain: msPKI-RA-Policies
+systemMayContain: msPKI-RA-Application-Policies
+systemMayContain: msPKI-Template-Schema-Version
+systemMayContain: msPKI-Template-Minor-Revision
+systemMayContain: msPKI-Supersede-Templates
+systemMayContain: msPKI-Private-Key-Flag
+systemMayContain: msPKI-Minimal-Key-Size
+systemMayContain: msPKI-Enrollment-Flag
+systemMayContain: msPKI-Certificate-Policy
+systemMayContain: msPKI-Certificate-Name-Flag
+systemMayContain: msPKI-Certificate-Application-Policy
+systemMayContain: msPKI-Cert-Template-OID
+systemMayContain: flags
+systemMayContain: displayName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=PKI-Certificate-Template,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Enrollment-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: PKI-Enrollment-Service
+subClassOf: top
+governsID: 1.2.840.113556.1.5.178
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Enrollment-Service
+adminDescription: PKI-Enrollment-Service
+objectClassCategory: 1
+lDAPDisplayName: pKIEnrollmentService
+schemaIDGUID:: kqZK7ro70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msPKI-Site-Name
+systemMayContain: msPKI-Enrollment-Servers
+systemMayContain: signatureAlgorithms
+systemMayContain: enrollmentProviders
+systemMayContain: dNSHostName
+systemMayContain: certificateTemplates
+systemMayContain: cACertificateDN
+systemMayContain: cACertificate
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=PKI-Enrollment-Service,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Private-Key-Recovery-Agent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-PKI-Private-Key-Recovery-Agent
+subClassOf: top
+governsID: 1.2.840.113556.1.5.223
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Private-Key-Recovery-Agent
+adminDescription: ms-PKI-Private-Key-Recovery-Agent
+objectClassCategory: 1
+lDAPDisplayName: msPKI-PrivateKeyRecoveryAgent
+schemaIDGUID:: MqZiFblEfkqi0+QmyWo6zA==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMustContain: userCertificate
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-PKI-Private-Key-Recovery-Agent,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Queue,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Print-Queue
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.23
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Queue
+adminDescription: Print-Queue
+objectClassCategory: 1
+lDAPDisplayName: printQueue
+schemaIDGUID:: qHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemMayContain: priority
+systemMayContain: printStatus
+systemMayContain: printStartTime
+systemMayContain: printStaplingSupported
+systemMayContain: printSpooling
+systemMayContain: printShareName
+systemMayContain: printSeparatorFile
+systemMayContain: printRateUnit
+systemMayContain: printRate
+systemMayContain: printPagesPerMinute
+systemMayContain: printOwner
+systemMayContain: printOrientationsSupported
+systemMayContain: printNumberUp
+systemMayContain: printNotify
+systemMayContain: printNetworkAddress
+systemMayContain: printMinYExtent
+systemMayContain: printMinXExtent
+systemMayContain: printMemory
+systemMayContain: printMediaSupported
+systemMayContain: printMediaReady
+systemMayContain: printMaxYExtent
+systemMayContain: printMaxXExtent
+systemMayContain: printMaxResolutionSupported
+systemMayContain: printMaxCopies
+systemMayContain: printMACAddress
+systemMayContain: printLanguage
+systemMayContain: printKeepPrintedJobs
+systemMayContain: printFormName
+systemMayContain: printEndTime
+systemMayContain: printDuplexSupported
+systemMayContain: printColor
+systemMayContain: printCollate
+systemMayContain: printBinNames
+systemMayContain: printAttributes
+systemMayContain: portName
+systemMayContain: physicalLocationObject
+systemMayContain: operatingSystemVersion
+systemMayContain: operatingSystemServicePack
+systemMayContain: operatingSystemHotfix
+systemMayContain: operatingSystem
+systemMayContain: location
+systemMayContain: driverVersion
+systemMayContain: driverName
+systemMayContain: defaultPriority
+systemMayContain: bytesPerMinute
+systemMayContain: assetNumber
+systemMustContain: versionNumber
+systemMustContain: uNCName
+systemMustContain: shortServerName
+systemMustContain: serverName
+systemMustContain: printerName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;PO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLO
+ RC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Print-Queue,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Query-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Query-Policy
+subClassOf: top
+governsID: 1.2.840.113556.1.5.106
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Query-Policy
+adminDescription: Query-Policy
+objectClassCategory: 1
+lDAPDisplayName: queryPolicy
+schemaIDGUID:: dXDMg6fM0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: lDAPIPDenyList
+systemMayContain: lDAPAdminLimits
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Query-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Mail-Recipient,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Remote-Mail-Recipient
+subClassOf: top
+governsID: 1.2.840.113556.1.5.24
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Remote-Mail-Recipient
+adminDescription: Remote-Mail-Recipient
+objectClassCategory: 1
+lDAPDisplayName: remoteMailRecipient
+schemaIDGUID:: qXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: remoteSourceType
+systemMayContain: remoteSource
+systemMayContain: managedBy
+systemAuxiliaryClass: mailRecipient
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(OA;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Remote-Mail-Recipient,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Storage-Service-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Remote-Storage-Service-Point
+subClassOf: serviceAdministrationPoint
+governsID: 1.2.840.113556.1.5.146
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Remote-Storage-Service-Point
+adminDescription: Remote-Storage-Service-Point
+objectClassCategory: 1
+lDAPDisplayName: remoteStorageServicePoint
+schemaIDGUID:: vcU5KmCJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemMayContain: remoteStorageGUID
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Remote-Storage-Service-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Residential-Person,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Residential-Person
+subClassOf: person
+governsID: 2.5.6.10
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Residential-Person
+adminDescription: Residential-Person
+objectClassCategory: 1
+lDAPDisplayName: residentialPerson
+schemaIDGUID:: 1nTfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: locality
+systemPossSuperiors: container
+systemMayContain: x121Address
+systemMayContain: title
+systemMayContain: telexNumber
+systemMayContain: teletexTerminalIdentifier
+systemMayContain: street
+systemMayContain: st
+systemMayContain: registeredAddress
+systemMayContain: preferredDeliveryMethod
+systemMayContain: postalCode
+systemMayContain: postalAddress
+systemMayContain: postOfficeBox
+systemMayContain: physicalDeliveryOfficeName
+systemMayContain: ou
+systemMayContain: l
+systemMayContain: internationalISDNNumber
+systemMayContain: facsimileTelephoneNumber
+systemMayContain: destinationIndicator
+systemMayContain: businessCategory
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Residential-Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rFC822LocalPart,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rFC822LocalPart
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: domain
+governsID: 0.9.2342.19200300.100.4.14
+mayContain: x121Address
+mayContain: telexNumber
+mayContain: teletexTerminalIdentifier
+mayContain: telephoneNumber
+mayContain: street
+mayContain: sn
+mayContain: seeAlso
+mayContain: registeredAddress
+mayContain: preferredDeliveryMethod
+mayContain: postOfficeBox
+mayContain: postalCode
+mayContain: postalAddress
+mayContain: physicalDeliveryOfficeName
+mayContain: internationalISDNNumber
+mayContain: facsimileTelephoneNumber
+mayContain: destinationIndicator
+mayContain: description
+mayContain: cn
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rFC822LocalPart
+adminDescription: 
+ The rFC822LocalPart object class is used to define entries which represent the
+  local part of mail addresses.
+objectClassCategory: 1
+lDAPDisplayName: rFC822LocalPart
+schemaIDGUID:: eDo+ua7LXkige170rlBWhg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rFC822LocalPart,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Manager,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: RID-Manager
+subClassOf: top
+governsID: 1.2.840.113556.1.5.83
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Manager
+adminDescription: RID-Manager
+objectClassCategory: 1
+lDAPDisplayName: rIDManager
+schemaIDGUID:: jRgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: TRUE
+systemPossSuperiors: container
+systemMayContain: msDS-RIDPoolAllocationEnabled
+systemMustContain: rIDAvailablePool
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)S:(AU;SA;CRWP;;;WD)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=RID-Manager,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Set,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: RID-Set
+subClassOf: top
+governsID: 1.2.840.113556.1.5.129
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Set
+adminDescription: RID-Set
+objectClassCategory: 1
+lDAPDisplayName: rIDSet
+schemaIDGUID:: icv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: TRUE
+systemPossSuperiors: user
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemMustContain: rIDUsedPool
+systemMustContain: rIDPreviousAllocationPool
+systemMustContain: rIDNextRID
+systemMustContain: rIDAllocationPool
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=RID-Set,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=room,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: room
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 0.9.2342.19200300.100.4.7
+mustContain: cn
+mayContain: location
+mayContain: telephoneNumber
+mayContain: seeAlso
+mayContain: description
+mayContain: roomNumber
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: room
+adminDescription: 
+ The room object class is used to define entries representing rooms.
+objectClassCategory: 1
+lDAPDisplayName: room
+schemaIDGUID:: 0uVgeLDIu0y9RdlFW+uSBg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=room,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Rpc-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Rpc-Container
+subClassOf: container
+governsID: 1.2.840.113556.1.5.136
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Rpc-Container
+adminDescription: Rpc-Container
+objectClassCategory: 1
+lDAPDisplayName: rpcContainer
+schemaIDGUID:: QighgNxL0RGpxAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: nameServiceFlags
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Rpc-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rpc-Entry
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.27
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Entry
+adminDescription: rpc-Entry
+objectClassCategory: 2
+lDAPDisplayName: rpcEntry
+schemaIDGUID:: rHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rpc-Entry,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rpc-Group
+subClassOf: rpcEntry
+governsID: 1.2.840.113556.1.5.80
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Group
+adminDescription: rpc-Group
+objectClassCategory: 1
+lDAPDisplayName: rpcGroup
+schemaIDGUID:: 3xthiPSM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: rpcNsObjectID
+systemMayContain: rpcNsGroup
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rpc-Group,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Profile,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rpc-Profile
+subClassOf: rpcEntry
+governsID: 1.2.840.113556.1.5.82
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Profile
+adminDescription: rpc-Profile
+objectClassCategory: 1
+lDAPDisplayName: rpcProfile
+schemaIDGUID:: 4RthiPSM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rpc-Profile,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Profile-Element,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rpc-Profile-Element
+subClassOf: rpcEntry
+governsID: 1.2.840.113556.1.5.26
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Profile-Element
+adminDescription: rpc-Profile-Element
+objectClassCategory: 1
+lDAPDisplayName: rpcProfileElement
+schemaIDGUID:: z1OW8tB60BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: rpcProfile
+systemMayContain: rpcNsProfileEntry
+systemMayContain: rpcNsAnnotation
+systemMustContain: rpcNsPriority
+systemMustContain: rpcNsInterfaceID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rpc-Profile-Element,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rpc-Server
+subClassOf: rpcEntry
+governsID: 1.2.840.113556.1.5.81
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Server
+adminDescription: rpc-Server
+objectClassCategory: 1
+lDAPDisplayName: rpcServer
+schemaIDGUID:: 4BthiPSM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: rpcNsObjectID
+systemMayContain: rpcNsEntryFlags
+systemMayContain: rpcNsCodeset
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rpc-Server,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Server-Element,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rpc-Server-Element
+subClassOf: rpcEntry
+governsID: 1.2.840.113556.1.5.73
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Server-Element
+adminDescription: rpc-Server-Element
+objectClassCategory: 1
+lDAPDisplayName: rpcServerElement
+schemaIDGUID:: 0FOW8tB60BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: rpcServer
+systemMustContain: rpcNsTransferSyntax
+systemMustContain: rpcNsInterfaceID
+systemMustContain: rpcNsBindings
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rpc-Server-Element,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RRAS-Administration-Connection-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: RRAS-Administration-Connection-Point
+subClassOf: serviceAdministrationPoint
+governsID: 1.2.840.113556.1.5.150
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RRAS-Administration-Connection-Point
+adminDescription: RRAS-Administration-Connection-Point
+objectClassCategory: 1
+lDAPDisplayName: rRASAdministrationConnectionPoint
+schemaIDGUID:: vsU5KmCJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemMayContain: msRRASAttribute
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=RRAS-Administration-Connection-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RRAS-Administration-Dictionary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: RRAS-Administration-Dictionary
+subClassOf: top
+governsID: 1.2.840.113556.1.5.156
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RRAS-Administration-Dictionary
+adminDescription: RRAS-Administration-Dictionary
+objectClassCategory: 1
+lDAPDisplayName: rRASAdministrationDictionary
+schemaIDGUID:: rpib842T0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msRRASVendorAttributeEntry
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWO
+ WDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=RRAS-Administration-Dictionary,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sam-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Sam-Domain
+subClassOf: top
+governsID: 1.2.840.113556.1.5.3
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sam-Domain
+adminDescription: Sam-Domain
+objectClassCategory: 3
+lDAPDisplayName: samDomain
+schemaIDGUID:: kHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemMayContain: treeName
+systemMayContain: rIDManagerReference
+systemMayContain: replicaSource
+systemMayContain: pwdProperties
+systemMayContain: pwdHistoryLength
+systemMayContain: privateKey
+systemMayContain: pekList
+systemMayContain: pekKeyChangeInterval
+systemMayContain: nTMixedDomain
+systemMayContain: nextRid
+systemMayContain: nETBIOSName
+systemMayContain: msDS-PerUserTrustTombstonesQuota
+systemMayContain: msDS-PerUserTrustQuota
+systemMayContain: ms-DS-MachineAccountQuota
+systemMayContain: msDS-LogonTimeSyncInterval
+systemMayContain: msDS-AllUsersTrustQuota
+systemMayContain: modifiedCountAtLastProm
+systemMayContain: minPwdLength
+systemMayContain: minPwdAge
+systemMayContain: maxPwdAge
+systemMayContain: lSAModifiedCount
+systemMayContain: lSACreationTime
+systemMayContain: lockoutThreshold
+systemMayContain: lockoutDuration
+systemMayContain: lockOutObservationWindow
+systemMayContain: gPOptions
+systemMayContain: gPLink
+systemMayContain: eFSPolicy
+systemMayContain: domainPolicyObject
+systemMayContain: desktopProfile
+systemMayContain: description
+systemMayContain: defaultLocalPolicyObject
+systemMayContain: creationTime
+systemMayContain: controlAccessRights
+systemMayContain: cACertificate
+systemMayContain: builtinModifiedCount
+systemMayContain: builtinCreationTime
+systemMayContain: auditingPolicy
+systemAuxiliaryClass: samDomainBase
+defaultSecurityDescriptor: 
+ D:(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;S-1-5-21-2159567482-1874458502
+ -4201521111-498)(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(
+ OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79
+ f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;11
+ 31f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc
+ 2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRC
+ WDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSD
+ DTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967
+ aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc
+ 2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9
+ 020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-
+ 20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;R
+ P;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU
+ )(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-
+ 0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-
+ 11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b42
+ 2-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79
+ a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;
+ bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(
+ OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F01
+ 5E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-
+ 9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;R
+ U)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-
+ ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967ab
+ a-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f
+ 608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854
+ e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;WP;ea1b7b93-5e
+ 48-46d5-bc6c-4df4fda78a35;bf967a86-0de6-11d0-a285-00aa003049e2;PS)(OA;;CR;1131
+ f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda6
+ 40c;;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;89e95b76-444d
+ -4c62-991a-0facbeda640c;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-
+ 5-32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6a
+ d-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)
+ (OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ae-9c07-11d1-f7
+ 9f-00c04fc2dcd2;;BA)(OA;CIIO;CRRPWP;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)(
+ OA;CIOI;RPWP;3f78c3e5-f79a-46bd-a0b8-9d18116ddc79;;PS)(OA;CIIO;SW;9b026da6-0d3
+ c-465c-8bee-5199d7165cba;bf967a86-0de6-11d0-a285-00aa003049e2;PS)(OA;CIIO;SW;9
+ b026da6-0d3c-465c-8bee-5199d7165cba;bf967a86-0de6-11d0-a285-00aa003049e2;CO)S:
+ (AU;SA;WDWOWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d
+ 1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3b
+ bf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Sam-Domain,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sam-Domain-Base,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Sam-Domain-Base
+subClassOf: top
+governsID: 1.2.840.113556.1.5.2
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sam-Domain-Base
+adminDescription: Sam-Domain-Base
+objectClassCategory: 3
+lDAPDisplayName: samDomainBase
+schemaIDGUID:: kXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemMayContain: uASCompat
+systemMayContain: serverState
+systemMayContain: serverRole
+systemMayContain: revision
+systemMayContain: pwdProperties
+systemMayContain: pwdHistoryLength
+systemMayContain: oEMInformation
+systemMayContain: objectSid
+systemMayContain: nTSecurityDescriptor
+systemMayContain: nextRid
+systemMayContain: modifiedCountAtLastProm
+systemMayContain: modifiedCount
+systemMayContain: minPwdLength
+systemMayContain: minPwdAge
+systemMayContain: maxPwdAge
+systemMayContain: lockoutThreshold
+systemMayContain: lockoutDuration
+systemMayContain: lockOutObservationWindow
+systemMayContain: forceLogoff
+systemMayContain: domainReplica
+systemMayContain: creationTime
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Sam-Domain-Base,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sam-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Sam-Server
+subClassOf: securityObject
+governsID: 1.2.840.113556.1.5.5
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sam-Server
+adminDescription: Sam-Server
+objectClassCategory: 1
+lDAPDisplayName: samServer
+schemaIDGUID:: rXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemMayContain: samDomainUpdates
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPLCLORC;;;RU)(OA;;CR;91d67418-0135-4acc-8d79-c08e857cfbec;;
+ AU)(OA;;CR;91d67418-0135-4acc-8d79-c08e857cfbec;;RU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Sam-Server,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Secret,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Secret
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.28
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Secret
+adminDescription: Secret
+objectClassCategory: 1
+lDAPDisplayName: secret
+schemaIDGUID:: rnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: priorValue
+systemMayContain: priorSetTime
+systemMayContain: lastSetTime
+systemMayContain: currentValue
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Secret,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Security-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Security-Object
+subClassOf: top
+governsID: 1.2.840.113556.1.5.1
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Security-Object
+adminDescription: Security-Object
+objectClassCategory: 2
+lDAPDisplayName: securityObject
+schemaIDGUID:: r3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Security-Object,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Security-Principal,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Security-Principal
+subClassOf: top
+governsID: 1.2.840.113556.1.5.6
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Security-Principal
+adminDescription: Security-Principal
+objectClassCategory: 3
+lDAPDisplayName: securityPrincipal
+schemaIDGUID:: sHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemMayContain: supplementalCredentials
+systemMayContain: sIDHistory
+systemMayContain: securityIdentifier
+systemMayContain: sAMAccountType
+systemMayContain: rid
+systemMayContain: msds-tokenGroupNamesNoGCAcceptable
+systemMayContain: msds-tokenGroupNamesGlobalAndUniversal
+systemMayContain: msds-tokenGroupNames
+systemMayContain: tokenGroupsNoGCAcceptable
+systemMayContain: tokenGroupsGlobalAndUniversal
+systemMayContain: tokenGroups
+systemMayContain: nTSecurityDescriptor
+systemMayContain: msDS-KeyVersionNumber
+systemMayContain: altSecurityIdentities
+systemMayContain: accountNameHistory
+systemMustContain: sAMAccountName
+systemMustContain: objectSid
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Security-Principal,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Server
+subClassOf: top
+governsID: 1.2.840.113556.1.5.17
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Server
+adminDescription: Server
+objectClassCategory: 1
+lDAPDisplayName: server
+schemaIDGUID:: knqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: serversContainer
+systemMayContain: msDS-IsUserCachableAtRodc
+systemMayContain: msDS-SiteName
+systemMayContain: msDS-isRODC
+systemMayContain: msDS-isGC
+systemMayContain: mailAddress
+systemMayContain: serverReference
+systemMayContain: serialNumber
+systemMayContain: managedBy
+systemMayContain: dNSHostName
+systemMayContain: bridgeheadTransportList
+defaultSecurityDescriptor: 
+ D:(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A
+ ;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Server,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Servers-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Servers-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.7000.48
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Servers-Container
+adminDescription: Servers-Container
+objectClassCategory: 1
+lDAPDisplayName: serversContainer
+schemaIDGUID:: wKyA9/BW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: site
+defaultSecurityDescriptor: 
+ D:(A;;CC;;;BA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Servers-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Administration-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Service-Administration-Point
+subClassOf: serviceConnectionPoint
+governsID: 1.2.840.113556.1.5.94
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Administration-Point
+adminDescription: Service-Administration-Point
+objectClassCategory: 1
+lDAPDisplayName: serviceAdministrationPoint
+schemaIDGUID:: IzGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: computer
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Service-Administration-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Service-Class
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.29
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Class
+adminDescription: Service-Class
+objectClassCategory: 1
+lDAPDisplayName: serviceClass
+schemaIDGUID:: sXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: serviceClassInfo
+systemMustContain: serviceClassID
+systemMustContain: displayName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Service-Class,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Connection-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Service-Connection-Point
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.126
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Connection-Point
+adminDescription: Service-Connection-Point
+objectClassCategory: 1
+lDAPDisplayName: serviceConnectionPoint
+schemaIDGUID:: wQ5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemMayContain: versionNumberLo
+systemMayContain: versionNumberHi
+systemMayContain: versionNumber
+systemMayContain: vendor
+systemMayContain: serviceDNSNameType
+systemMayContain: serviceDNSName
+systemMayContain: serviceClassName
+systemMayContain: serviceBindingInformation
+systemMayContain: appSchemaVersion
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Service-Connection-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Instance,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Service-Instance
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.30
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Instance
+adminDescription: Service-Instance
+objectClassCategory: 1
+lDAPDisplayName: serviceInstance
+schemaIDGUID:: snqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: winsockAddresses
+systemMayContain: serviceInstanceVersion
+systemMustContain: serviceClassID
+systemMustContain: displayName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Service-Instance,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=simpleSecurityObject,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: simpleSecurityObject
+subClassOf: top
+governsID: 0.9.2342.19200300.100.4.19
+mayContain: userPassword
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: simpleSecurityObject
+adminDescription: 
+ The simpleSecurityObject object class is used to allow an entry to have a user
+ Password attribute when an entry's principal object classes do not allow userP
+ assword as an attribute type.
+objectClassCategory: 3
+lDAPDisplayName: simpleSecurityObject
+schemaIDGUID:: C5vmX0bhFU+wq8Hl1IjglA==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=simpleSecurityObject,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Site
+subClassOf: top
+governsID: 1.2.840.113556.1.5.31
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site
+adminDescription: Site
+objectClassCategory: 1
+lDAPDisplayName: site
+schemaIDGUID:: s3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: sitesContainer
+systemMayContain: msDS-BridgeHeadServersUsed
+systemMayContain: notificationList
+systemMayContain: mSMQSiteID
+systemMayContain: mSMQSiteForeign
+systemMayContain: mSMQNt4Stub
+systemMayContain: mSMQInterval2
+systemMayContain: mSMQInterval1
+systemMayContain: managedBy
+systemMayContain: location
+systemMayContain: gPOptions
+systemMayContain: gPLink
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;ED)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Site,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Site-Link
+subClassOf: top
+governsID: 1.2.840.113556.1.5.147
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-Link
+adminDescription: Site-Link
+objectClassCategory: 1
+lDAPDisplayName: siteLink
+schemaIDGUID:: 3iwM1VGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: interSiteTransport
+systemMayContain: schedule
+systemMayContain: replInterval
+systemMayContain: options
+systemMayContain: cost
+systemMustContain: siteList
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Site-Link,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Link-Bridge,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Site-Link-Bridge
+subClassOf: top
+governsID: 1.2.840.113556.1.5.148
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-Link-Bridge
+adminDescription: Site-Link-Bridge
+objectClassCategory: 1
+lDAPDisplayName: siteLinkBridge
+schemaIDGUID:: 3ywM1VGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: interSiteTransport
+systemMustContain: siteLinkList
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Site-Link-Bridge,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sites-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Sites-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.107
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sites-Container
+adminDescription: Sites-Container
+objectClassCategory: 1
+lDAPDisplayName: sitesContainer
+schemaIDGUID:: 2hdBemfN0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: configuration
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Storage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Storage
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.33
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Storage
+adminDescription: Storage
+objectClassCategory: 1
+lDAPDisplayName: storage
+schemaIDGUID:: tXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: monikerDisplayName
+systemMayContain: moniker
+systemMayContain: iconPath
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Storage,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Subnet,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Subnet
+subClassOf: top
+governsID: 1.2.840.113556.1.5.96
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Subnet
+adminDescription: Subnet
+objectClassCategory: 1
+lDAPDisplayName: subnet
+schemaIDGUID:: JDGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: subnetContainer
+systemMayContain: siteObject
+systemMayContain: physicalLocationObject
+systemMayContain: location
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Subnet,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Subnet-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Subnet-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.95
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Subnet-Container
+adminDescription: Subnet-Container
+objectClassCategory: 1
+lDAPDisplayName: subnetContainer
+schemaIDGUID:: JTGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: sitesContainer
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLC
+ LORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Subnet-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Top
+subClassOf: top
+governsID: 2.5.6.0
+mayContain: msSFU30PosixMemberOf
+mayContain: msDFSR-ComputerReferenceBL
+mayContain: msDFSR-MemberReferenceBL
+mayContain: msDS-ObjectReferenceBL
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Top
+adminDescription: Top
+objectClassCategory: 2
+lDAPDisplayName: top
+schemaIDGUID:: t3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemPossSuperiors: lostAndFound
+systemMayContain: msDS-ObjectSoa
+systemMayContain: msDS-SourceAnchor
+systemMayContain: msDS-CloudAnchor
+systemMayContain: msDS-ReplValueMetaDataExt
+systemMayContain: msDS-parentdistname
+systemMayContain: msds-memberTransitive
+systemMayContain: msds-memberOfTransitive
+systemMayContain: msDS-TDOEgressBL
+systemMayContain: msDS-TDOIngressBL
+systemMayContain: msDS-ValueTypeReferenceBL
+systemMayContain: msDS-IsPrimaryComputerFor
+systemMayContain: msDS-ClaimSharesPossibleValuesWithBL
+systemMayContain: msDS-MembersOfResourcePropertyListBL
+systemMayContain: msDS-EnabledFeatureBL
+systemMayContain: msDS-LastKnownRDN
+systemMayContain: msDS-HostServiceAccountBL
+systemMayContain: msDS-OIDToGroupLinkBl
+systemMayContain: msDS-LocalEffectiveRecycleTime
+systemMayContain: msDS-LocalEffectiveDeletionTime
+systemMayContain: msDS-PSOApplied
+systemMayContain: msDS-NcType
+systemMayContain: msDS-PrincipalName
+systemMayContain: msDS-RevealedListBL
+systemMayContain: msDS-NC-RO-Replica-Locations-BL
+systemMayContain: msDS-AuthenticatedToAccountlist
+systemMayContain: msDS-IsPartialReplicaFor
+systemMayContain: msDS-IsDomainFor
+systemMayContain: msDS-IsFullReplicaFor
+systemMayContain: msDS-RevealedDSAs
+systemMayContain: msDS-KrbTgtLinkBl
+systemMayContain: url
+systemMayContain: wWWHomePage
+systemMayContain: whenCreated
+systemMayContain: whenChanged
+systemMayContain: wellKnownObjects
+systemMayContain: wbemPath
+systemMayContain: uSNSource
+systemMayContain: uSNLastObjRem
+systemMayContain: USNIntersite
+systemMayContain: uSNDSALastObjRemoved
+systemMayContain: uSNCreated
+systemMayContain: uSNChanged
+systemMayContain: systemFlags
+systemMayContain: subSchemaSubEntry
+systemMayContain: subRefs
+systemMayContain: structuralObjectClass
+systemMayContain: siteObjectBL
+systemMayContain: serverReferenceBL
+systemMayContain: sDRightsEffective
+systemMayContain: revision
+systemMayContain: repsTo
+systemMayContain: repsFrom
+systemMayContain: directReports
+systemMayContain: replUpToDateVector
+systemMayContain: replPropertyMetaData
+systemMayContain: name
+systemMayContain: queryPolicyBL
+systemMayContain: proxyAddresses
+systemMayContain: proxiedObjectName
+systemMayContain: possibleInferiors
+systemMayContain: partialAttributeSet
+systemMayContain: partialAttributeDeletionList
+systemMayContain: otherWellKnownObjects
+systemMayContain: objectVersion
+systemMayContain: objectGUID
+systemMayContain: distinguishedName
+systemMayContain: nonSecurityMemberBL
+systemMayContain: netbootSCPBL
+systemMayContain: ownerBL
+systemMayContain: msDS-ReplValueMetaData
+systemMayContain: msDS-ReplAttributeMetaData
+systemMayContain: msDS-NonMembersBL
+systemMayContain: msDS-NCReplOutboundNeighbors
+systemMayContain: msDS-NCReplInboundNeighbors
+systemMayContain: msDS-NCReplCursors
+systemMayContain: msDS-TasksForAzRoleBL
+systemMayContain: msDS-TasksForAzTaskBL
+systemMayContain: msDS-OperationsForAzRoleBL
+systemMayContain: msDS-OperationsForAzTaskBL
+systemMayContain: msDS-MembersForAzRoleBL
+systemMayContain: msDs-masteredBy
+systemMayContain: mS-DS-ConsistencyGuid
+systemMayContain: mS-DS-ConsistencyChildCount
+systemMayContain: msDS-Approx-Immed-Subordinates
+systemMayContain: msCOM-PartitionSetLink
+systemMayContain: msCOM-UserLink
+systemMayContain: modifyTimeStamp
+systemMayContain: masteredBy
+systemMayContain: managedObjects
+systemMayContain: lastKnownParent
+systemMayContain: isPrivilegeHolder
+systemMayContain: memberOf
+systemMayContain: isRecycled
+systemMayContain: isDeleted
+systemMayContain: isCriticalSystemObject
+systemMayContain: showInAdvancedViewOnly
+systemMayContain: fSMORoleOwner
+systemMayContain: fRSMemberReferenceBL
+systemMayContain: frsComputerReferenceBL
+systemMayContain: fromEntry
+systemMayContain: flags
+systemMayContain: extensionName
+systemMayContain: dSASignature
+systemMayContain: dSCorePropagationData
+systemMayContain: displayNamePrintable
+systemMayContain: displayName
+systemMayContain: description
+systemMayContain: createTimeStamp
+systemMayContain: cn
+systemMayContain: canonicalName
+systemMayContain: bridgeheadServerListBL
+systemMayContain: allowedChildClassesEffective
+systemMayContain: allowedChildClasses
+systemMayContain: allowedAttributesEffective
+systemMayContain: allowedAttributes
+systemMayContain: adminDisplayName
+systemMayContain: adminDescription
+systemMustContain: objectClass
+systemMustContain: objectCategory
+systemMustContain: nTSecurityDescriptor
+systemMustContain: instanceType
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Top,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trusted-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Trusted-Domain
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.34
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trusted-Domain
+adminDescription: Trusted-Domain
+objectClassCategory: 1
+lDAPDisplayName: trustedDomain
+schemaIDGUID:: uHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msDS-EgressClaimsTransformationPolicy
+systemMayContain: msDS-IngressClaimsTransformationPolicy
+systemMayContain: trustType
+systemMayContain: trustPosixOffset
+systemMayContain: trustPartner
+systemMayContain: trustDirection
+systemMayContain: trustAuthOutgoing
+systemMayContain: trustAuthIncoming
+systemMayContain: trustAttributes
+systemMayContain: securityIdentifier
+systemMayContain: msDS-SupportedEncryptionTypes
+systemMayContain: msDS-TrustForestTrustInfo
+systemMayContain: mS-DS-CreatorSID
+systemMayContain: initialAuthOutgoing
+systemMayContain: initialAuthIncoming
+systemMayContain: flatName
+systemMayContain: domainIdentifier
+systemMayContain: domainCrossRef
+systemMayContain: additionalTrustedServiceNames
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(OA;;WP;736e4812-af31-11d2-b7df-00805f48caeb;bf967ab8-0de6-11d0-
+ a285-00aa003049e2;CO)(A;;SD;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Trusted-Domain,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Type-Library,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Type-Library
+subClassOf: top
+governsID: 1.2.840.113556.1.5.53
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Type-Library
+adminDescription: Type-Library
+objectClassCategory: 1
+lDAPDisplayName: typeLibrary
+schemaIDGUID:: 4hYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: classStore
+systemMayContain: cOMUniqueLIBID
+systemMayContain: cOMInterfaceID
+systemMayContain: cOMClassID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Type-Library,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: User
+subClassOf: organizationalPerson
+governsID: 1.2.840.113556.1.5.9
+mayContain: msDS-SourceObjectDN
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: x500uniqueIdentifier
+mayContain: userSMIMECertificate
+mayContain: userPKCS12
+mayContain: uid
+mayContain: secretary
+mayContain: roomNumber
+mayContain: preferredLanguage
+mayContain: photo
+mayContain: labeledURI
+mayContain: jpegPhoto
+mayContain: homePostalAddress
+mayContain: givenName
+mayContain: employeeType
+mayContain: employeeNumber
+mayContain: displayName
+mayContain: departmentNumber
+mayContain: carLicense
+mayContain: audio
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User
+adminDescription: User
+auxiliaryClass: shadowAccount
+auxiliaryClass: posixAccount
+objectClassCategory: 1
+lDAPDisplayName: user
+schemaIDGUID:: unqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: builtinDomain
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: msDS-KeyCredentialLink
+systemMayContain: msDS-KeyPrincipalBL
+systemMayContain: msDS-AuthNPolicySiloMembersBL
+systemMayContain: msDS-AssignedAuthNPolicySilo
+systemMayContain: msDS-AssignedAuthNPolicy
+systemMayContain: msDS-SyncServerUrl
+systemMayContain: msDS-PrimaryComputer
+systemMayContain: msTSSecondaryDesktops
+systemMayContain: msTSPrimaryDesktop
+systemMayContain: msPKI-CredentialRoamingTokens
+systemMayContain: msDS-ResultantPSO
+systemMayContain: msDS-AuthenticatedAtDC
+systemMayContain: msTSInitialProgram
+systemMayContain: msTSWorkDirectory
+systemMayContain: msTSDefaultToMainPrinter
+systemMayContain: msTSConnectPrinterDrives
+systemMayContain: msTSConnectClientDrives
+systemMayContain: msTSBrokenConnectionAction
+systemMayContain: msTSReconnectionAction
+systemMayContain: msTSMaxIdleTime
+systemMayContain: msTSMaxConnectionTime
+systemMayContain: msTSMaxDisconnectionTime
+systemMayContain: msTSRemoteControl
+systemMayContain: msTSAllowLogon
+systemMayContain: msTSHomeDrive
+systemMayContain: msTSHomeDirectory
+systemMayContain: msTSProfilePath
+systemMayContain: msTSLSProperty02
+systemMayContain: msTSLSProperty01
+systemMayContain: msTSProperty02
+systemMayContain: msTSProperty01
+systemMayContain: msTSManagingLS4
+systemMayContain: msTSManagingLS3
+systemMayContain: msTSManagingLS2
+systemMayContain: msTSManagingLS
+systemMayContain: msTSLicenseVersion4
+systemMayContain: msTSLicenseVersion3
+systemMayContain: msTSLicenseVersion2
+systemMayContain: msTSLicenseVersion
+systemMayContain: msTSExpireDate4
+systemMayContain: msTSExpireDate3
+systemMayContain: msTSExpireDate2
+systemMayContain: msTSExpireDate
+systemMayContain: msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon
+systemMayContain: msDS-FailedInteractiveLogonCount
+systemMayContain: msDS-LastFailedInteractiveLogonTime
+systemMayContain: msDS-LastSuccessfulInteractiveLogonTime
+systemMayContain: msRADIUS-SavedFramedIpv6Route
+systemMayContain: msRADIUS-FramedIpv6Route
+systemMayContain: msRADIUS-SavedFramedIpv6Prefix
+systemMayContain: msRADIUS-FramedIpv6Prefix
+systemMayContain: msRADIUS-SavedFramedInterfaceId
+systemMayContain: msRADIUS-FramedInterfaceId
+systemMayContain: msPKIAccountCredentials
+systemMayContain: msPKIDPAPIMasterKeys
+systemMayContain: msPKIRoamingTimeStamp
+systemMayContain: msDS-SupportedEncryptionTypes
+systemMayContain: msDS-SecondaryKrbTgtNumber
+systemMayContain: pager
+systemMayContain: o
+systemMayContain: mobile
+systemMayContain: manager
+systemMayContain: mail
+systemMayContain: initials
+systemMayContain: homePhone
+systemMayContain: businessCategory
+systemMayContain: userCertificate
+systemMayContain: userWorkstations
+systemMayContain: userSharedFolderOther
+systemMayContain: userSharedFolder
+systemMayContain: userPrincipalName
+systemMayContain: userParameters
+systemMayContain: userAccountControl
+systemMayContain: unicodePwd
+systemMayContain: terminalServer
+systemMayContain: servicePrincipalName
+systemMayContain: scriptPath
+systemMayContain: pwdLastSet
+systemMayContain: profilePath
+systemMayContain: primaryGroupID
+systemMayContain: preferredOU
+systemMayContain: otherLoginWorkstations
+systemMayContain: operatorCount
+systemMayContain: ntPwdHistory
+systemMayContain: networkAddress
+systemMayContain: msRASSavedFramedRoute
+systemMayContain: msRASSavedFramedIPAddress
+systemMayContain: msRASSavedCallbackNumber
+systemMayContain: msRADIUSServiceType
+systemMayContain: msRADIUSFramedRoute
+systemMayContain: msRADIUSFramedIPAddress
+systemMayContain: msRADIUSCallbackNumber
+systemMayContain: msNPSavedCallingStationID
+systemMayContain: msNPCallingStationID
+systemMayContain: msNPAllowDialin
+systemMayContain: mSMQSignCertificatesMig
+systemMayContain: mSMQSignCertificates
+systemMayContain: mSMQDigestsMig
+systemMayContain: mSMQDigests
+systemMayContain: msIIS-FTPRoot
+systemMayContain: msIIS-FTPDir
+systemMayContain: msDS-UserPasswordExpiryTimeComputed
+systemMayContain: msDS-User-Account-Control-Computed
+systemMayContain: msDS-preferredDataLocation
+systemMayContain: msDS-Site-Affinity
+systemMayContain: mS-DS-CreatorSID
+systemMayContain: msDS-Cached-Membership-Time-Stamp
+systemMayContain: msDS-Cached-Membership
+systemMayContain: msDRM-IdentityCertificate
+systemMayContain: msCOM-UserPartitionSetLink
+systemMayContain: maxStorage
+systemMayContain: logonWorkstation
+systemMayContain: logonHours
+systemMayContain: logonCount
+systemMayContain: lockoutTime
+systemMayContain: localeID
+systemMayContain: lmPwdHistory
+systemMayContain: lastLogonTimestamp
+systemMayContain: lastLogon
+systemMayContain: lastLogoff
+systemMayContain: homeDrive
+systemMayContain: homeDirectory
+systemMayContain: groupsToIgnore
+systemMayContain: groupPriority
+systemMayContain: groupMembershipSAM
+systemMayContain: dynamicLDAPServer
+systemMayContain: desktopProfile
+systemMayContain: defaultClassStore
+systemMayContain: dBCSPwd
+systemMayContain: controlAccessRights
+systemMayContain: codePage
+systemMayContain: badPwdCount
+systemMayContain: badPasswordTime
+systemMayContain: adminCount
+systemMayContain: aCSPolicyName
+systemMayContain: accountExpires
+systemAuxiliaryClass: msDS-CloudExtensions
+systemAuxiliaryClass: securityPrincipal
+systemAuxiliaryClass: mailRecipient
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9
+ 819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;
+ ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-000
+ 0F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45
+ 795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968
+ f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a
+ 9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04
+ fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-
+ 9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;
+ AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0
+ -9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;
+ ;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422
+ -11d1-aebd-0000f80367c1;;S-1-5-32-561)(OA;;WPRP;5805bc62-bdc9-4428-a5e2-856a0f
+ 4c185e;;S-1-5-32-561)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Volume,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Volume
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.36
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Volume
+adminDescription: Volume
+objectClassCategory: 1
+lDAPDisplayName: volume
+schemaIDGUID:: u3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: lastContentIndexed
+systemMayContain: contentIndexingAllowed
+systemMustContain: uNCName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Volume,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PosixAccount,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: PosixAccount
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.0
+mayContain: description
+mayContain: gecos
+mayContain: loginShell
+mayContain: unixUserPassword
+mayContain: userPassword
+mayContain: homeDirectory
+mayContain: unixHomeDirectory
+mayContain: gidNumber
+mayContain: uidNumber
+mayContain: cn
+mayContain: uid
+rDNAttID: uid
+showInAdvancedViewOnly: TRUE
+adminDisplayName: posixAccount
+adminDescription: Abstraction of an account with posix attributes
+objectClassCategory: 3
+lDAPDisplayName: posixAccount
+schemaIDGUID:: QbtErdVniE21dXsgZ0522A==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=PosixAccount,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowAccount,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ShadowAccount
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.1
+mayContain: shadowFlag
+mayContain: shadowExpire
+mayContain: shadowInactive
+mayContain: shadowWarning
+mayContain: shadowMax
+mayContain: shadowMin
+mayContain: shadowLastChange
+mayContain: description
+mayContain: userPassword
+mayContain: uid
+rDNAttID: uid
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowAccount
+adminDescription: Additional attributes for shadow passwords
+objectClassCategory: 3
+lDAPDisplayName: shadowAccount
+schemaIDGUID:: Z4RtWxgadEGzUJzG57SsjQ==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ShadowAccount,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PosixGroup,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: PosixGroup
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.2
+mayContain: memberUid
+mayContain: gidNumber
+mayContain: description
+mayContain: unixUserPassword
+mayContain: userPassword
+mayContain: cn
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: posixGroup
+adminDescription: Abstraction of a group of acconts
+objectClassCategory: 3
+lDAPDisplayName: posixGroup
+schemaIDGUID:: uFCTKiwG0E6ZA93hDQbeug==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=PosixGroup,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpService,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: IpService
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.3
+mustContain: ipServiceProtocol
+mustContain: ipServicePort
+mustContain: cn
+mayContain: nisMapName
+mayContain: msSFU30Aliases
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipService
+adminDescription: Abstraction of an Internet Protocol service.
+objectClassCategory: 1
+lDAPDisplayName: ipService
+schemaIDGUID:: 3/oXJZf6rUid5nmsVyH4ZA==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=IpService,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpProtocol,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: IpProtocol
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.4
+mustContain: ipProtocolNumber
+mustContain: cn
+mayContain: msSFU30Aliases
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipProtocol
+adminDescription: Abstraction of an IP protocol
+objectClassCategory: 1
+lDAPDisplayName: ipProtocol
+schemaIDGUID:: 0sstnPD7x02s4INW3NDwEw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=IpProtocol,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OncRpc,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: OncRpc
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.5
+mustContain: oncRpcNumber
+mustContain: cn
+mayContain: msSFU30Aliases
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: oncRpc
+adminDescription: 
+ Abstraction of an Open Network Computing (ONC) [RFC1057] Remote Procedure Call
+  (RPC) binding
+objectClassCategory: 1
+lDAPDisplayName: oncRpc
+schemaIDGUID:: Xh7dyvz+P0+1qXDplCBDAw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=OncRpc,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpHost,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: IpHost
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.6
+mayContain: manager
+mayContain: l
+mayContain: uid
+mayContain: ipHostNumber
+mayContain: description
+mayContain: cn
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipHost
+adminDescription: Abstraction of a host, an IP device.
+objectClassCategory: 3
+lDAPDisplayName: ipHost
+schemaIDGUID:: RhaRqyeIlU+HgFqPAI62jw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=IpHost,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpNetwork,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: IpNetwork
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.7
+mustContain: ipNetworkNumber
+mustContain: cn
+mayContain: msSFU30Aliases
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: manager
+mayContain: l
+mayContain: uid
+mayContain: ipNetmaskNumber
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipNetwork
+adminDescription: 
+ Abstraction of a network. The distinguished value of the cn attribute denotes 
+ the network's cannonical name
+objectClassCategory: 1
+lDAPDisplayName: ipNetwork
+schemaIDGUID:: wzZY2T4U+0OZKrBX8eyt+Q==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=IpNetwork,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisNetgroup,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NisNetgroup
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.8
+mustContain: cn
+mayContain: msSFU30NetgroupUserAtDomain
+mayContain: msSFU30NetgroupHostAtDomain
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: nisNetgroupTriple
+mayContain: memberNisNetgroup
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: nisNetgroup
+adminDescription: Abstraction of a netgroup. May refer to other netgroups
+objectClassCategory: 1
+lDAPDisplayName: nisNetgroup
+schemaIDGUID:: hL/vcntuXEqo24p1p8rSVA==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NisNetgroup,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisMap,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NisMap
+possSuperiors: domainDNS
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.9
+mustContain: nisMapName
+mustContain: cn
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: nisMap
+adminDescription: A generic abstraction of a nis map
+objectClassCategory: 1
+lDAPDisplayName: nisMap
+schemaIDGUID:: bGZydsECM0+ez/ZJwd2bfA==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NisMap,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisObject,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NisObject
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.10
+mustContain: nisMapEntry
+mustContain: nisMapName
+mustContain: cn
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: nisObject
+adminDescription: An entry in a NIS map
+objectClassCategory: 1
+lDAPDisplayName: nisObject
+schemaIDGUID:: k4pPkFRJX0yx4VPAl6MeEw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NisObject,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IEEE802Device,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: IEEE802Device
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.11
+mayContain: macAddress
+mayContain: cn
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ieee802Device
+adminDescription: A device with a MAC address
+objectClassCategory: 3
+lDAPDisplayName: ieee802Device
+schemaIDGUID:: KeWZpjemfUug+13EZqC4pw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=IEEE802Device,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=BootableDevice,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: BootableDevice
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.12
+mayContain: bootFile
+mayContain: bootParameter
+mayContain: cn
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: bootableDevice
+adminDescription: A device with boot parameters
+objectClassCategory: 3
+lDAPDisplayName: bootableDevice
+schemaIDGUID:: dyTLS7NLRUWp/Ptm4Ta0NQ==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=BootableDevice,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Mail-Aliases,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: msSFU-30-Mail-Aliases
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.18.2.211
+mayContain: nisMapName
+mayContain: msSFU30Aliases
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Mail-Aliases
+adminDescription: represents UNIX mail file data
+objectClassCategory: 1
+lDAPDisplayName: msSFU30MailAliases
+schemaIDGUID:: hQdx1v+Gt0SFtfH4aJUizg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=msSFU-30-Mail-Aliases,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Net-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: msSFU-30-Net-Id
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.18.2.212
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: msSFU30KeyValues
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Net-Id
+adminDescription: stores the netword ID
+objectClassCategory: 1
+lDAPDisplayName: msSFU30NetId
+schemaIDGUID:: LBlj4gIq30iXkpTyMoeBoA==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=msSFU-30-Net-Id,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Domain-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: msSFU-30-Domain-Info
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.18.2.215
+mayContain: msSFU30CryptMethod
+mayContain: msSFU30MaxUidNumber
+mayContain: msSFU30MaxGidNumber
+mayContain: msSFU30OrderNumber
+mayContain: msSFU30MasterServerName
+mayContain: msSFU30IsValidContainer
+mayContain: msSFU30SearchContainer
+mayContain: msSFU30YpServers
+mayContain: msSFU30Domains
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Domain-Info
+adminDescription: 
+ Represents an internal data structure used by Server for NIS.
+objectClassCategory: 1
+lDAPDisplayName: msSFU30DomainInfo
+schemaIDGUID:: zn0pNmtlI0SrZdq7J3CBng==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=msSFU-30-Domain-Info,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Network-User,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: msSFU-30-Network-User
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.18.2.216
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: msSFU30KeyValues
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Network-User
+adminDescription: represents network file data
+objectClassCategory: 1
+lDAPDisplayName: msSFU30NetworkUser
+schemaIDGUID:: ozRT4fALJ0S2chH12ErMkg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=msSFU-30-Network-User,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-NIS-Map-Config,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: msSFU-30-NIS-Map-Config
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.18.2.217
+mayContain: msSFU30MapFilter
+mayContain: msSFU30ResultAttributes
+mayContain: msSFU30SearchAttributes
+mayContain: msSFU30IntraFieldSeparator
+mayContain: msSFU30NSMAPFieldPosition
+mayContain: msSFU30FieldSeparator
+mayContain: msSFU30KeyAttributes
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-NIS-Map-Config
+adminDescription: represents an internal Data Structure used by Server for NIS
+objectClassCategory: 1
+lDAPDisplayName: msSFU30NISMapConfig
+schemaIDGUID:: 0DP3+uv4z02NdfF1OvalCw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=msSFU-30-NIS-Map-Config,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-80211-GroupPolicy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-net-ieee-80211-GroupPolicy
+subClassOf: top
+governsID: 1.2.840.113556.1.5.251
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-80211-GroupPolicy
+adminDescription: 
+ This class represents an 802.11 wireless network group policy object.  This cl
+ ass contains identifiers and configuration data relevant to an 802.11 wireless
+  network.
+objectClassCategory: 1
+lDAPDisplayName: ms-net-ieee-80211-GroupPolicy
+schemaIDGUID:: Yxi4HCK4eUOeol/3vcY4bQ==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemPossSuperiors: container
+systemPossSuperiors: person
+systemMayContain: ms-net-ieee-80211-GP-PolicyReserved
+systemMayContain: ms-net-ieee-80211-GP-PolicyData
+systemMayContain: ms-net-ieee-80211-GP-PolicyGUID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-net-ieee-80211-GroupPolicy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-8023-GroupPolicy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-net-ieee-8023-GroupPolicy
+subClassOf: top
+governsID: 1.2.840.113556.1.5.252
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-8023-GroupPolicy
+adminDescription: 
+ This class represents an 802.3 wired network group policy object.  This class 
+ contains identifiers and configuration data relevant to an 802.3 wired network
+ .
+objectClassCategory: 1
+lDAPDisplayName: ms-net-ieee-8023-GroupPolicy
+schemaIDGUID:: ajqgmRmrRkSTUAy4eO0tmw==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemPossSuperiors: container
+systemPossSuperiors: person
+systemMayContain: ms-net-ieee-8023-GP-PolicyReserved
+systemMayContain: ms-net-ieee-8023-GP-PolicyData
+systemMayContain: ms-net-ieee-8023-GP-PolicyGUID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-net-ieee-8023-GroupPolicy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FVE-RecoveryInformation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-FVE-RecoveryInformation
+subClassOf: top
+governsID: 1.2.840.113556.1.5.253
+mayContain: msFVE-VolumeGuid
+mayContain: msFVE-KeyPackage
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FVE-RecoveryInformation
+adminDescription: 
+ This class contains BitLocker recovery information including GUIDs, recovery p
+ asswords, and keys. Full Volume Encryption (FVE) was the pre-release name for 
+ BitLocker Drive Encryption.
+objectClassCategory: 1
+lDAPDisplayName: msFVE-RecoveryInformation
+schemaIDGUID:: MF1x6lOP0EC9HmEJGG14LA==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemMustContain: msFVE-RecoveryGuid
+systemMustContain: msFVE-RecoveryPassword
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-FVE-RecoveryInformation,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Deleted-Link-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFS-Deleted-Link-v2
+subClassOf: top
+governsID: 1.2.840.113556.1.5.260
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Deleted-Link-v2
+adminDescription: Deleted DFS Link in DFS namespace
+objectClassCategory: 1
+lDAPDisplayName: msDFS-DeletedLinkv2
+schemaIDGUID:: CDQXJcoE6ECGXj+c6b8b0w==
+systemOnly: FALSE
+systemPossSuperiors: msDFS-Namespacev2
+systemMayContain: msDFS-ShortNameLinkPathv2
+systemMayContain: msDFS-Commentv2
+systemMustContain: msDFS-LinkPathv2
+systemMustContain: msDFS-LastModifiedv2
+systemMustContain: msDFS-LinkIdentityGUIDv2
+systemMustContain: msDFS-NamespaceIdentityGUIDv2
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFS-Deleted-Link-v2,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Link-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFS-Link-v2
+subClassOf: top
+governsID: 1.2.840.113556.1.5.259
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Link-v2
+adminDescription: DFS Link in DFS namespace
+objectClassCategory: 1
+lDAPDisplayName: msDFS-Linkv2
+schemaIDGUID:: evtpd1kRlk6czWi8SHBz6w==
+systemOnly: FALSE
+systemPossSuperiors: msDFS-Namespacev2
+systemMayContain: msDFS-ShortNameLinkPathv2
+systemMayContain: msDFS-LinkSecurityDescriptorv2
+systemMayContain: msDFS-Commentv2
+systemMustContain: msDFS-LinkPathv2
+systemMustContain: msDFS-Propertiesv2
+systemMustContain: msDFS-TargetListv2
+systemMustContain: msDFS-Ttlv2
+systemMustContain: msDFS-LastModifiedv2
+systemMustContain: msDFS-LinkIdentityGUIDv2
+systemMustContain: msDFS-NamespaceIdentityGUIDv2
+systemMustContain: msDFS-GenerationGUIDv2
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFS-Link-v2,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Namespace-Anchor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFS-Namespace-Anchor
+subClassOf: top
+governsID: 1.2.840.113556.1.5.257
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Namespace-Anchor
+adminDescription: DFS namespace anchor
+objectClassCategory: 1
+lDAPDisplayName: msDFS-NamespaceAnchor
+schemaIDGUID:: haBz2mRuYU2wZAFdBBZHlQ==
+systemOnly: FALSE
+systemPossSuperiors: dfsConfiguration
+systemMustContain: msDFS-SchemaMajorVersion
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFS-Namespace-Anchor,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Namespace-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFS-Namespace-v2
+subClassOf: top
+governsID: 1.2.840.113556.1.5.258
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Namespace-v2
+adminDescription: DFS namespace
+objectClassCategory: 1
+lDAPDisplayName: msDFS-Namespacev2
+schemaIDGUID:: KIbLIcPzv0u/9gYLLY8pmg==
+systemOnly: FALSE
+systemPossSuperiors: msDFS-NamespaceAnchor
+systemMayContain: msDFS-Commentv2
+systemMustContain: msDFS-Propertiesv2
+systemMustContain: msDFS-TargetListv2
+systemMustContain: msDFS-Ttlv2
+systemMustContain: msDFS-LastModifiedv2
+systemMustContain: msDFS-NamespaceIdentityGUIDv2
+systemMustContain: msDFS-GenerationGUIDv2
+systemMustContain: msDFS-SchemaMinorVersion
+systemMustContain: msDFS-SchemaMajorVersion
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFS-Namespace-v2,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Type-Property-Base,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Claim-Type-Property-Base
+subClassOf: top
+governsID: 1.2.840.113556.1.5.269
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Type-Property-Base
+adminDescription: 
+ An abstract class that defines the base class for claim type or resource prope
+ rty classes.
+objectClassCategory: 2
+lDAPDisplayName: msDS-ClaimTypePropertyBase
+schemaIDGUID:: WC9EuJDEh0SKndgLiDJxrQ==
+systemOnly: FALSE
+systemMayContain: msDS-ClaimSharesPossibleValuesWith
+systemMayContain: Enabled
+systemMayContain: msDS-ClaimPossibleValues
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Claim-Type-Property-Base,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Types,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Claim-Types
+subClassOf: top
+governsID: 1.2.840.113556.1.5.270
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Types
+adminDescription: A container of this class can contain claim type objects.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ClaimTypes
+schemaIDGUID:: NTIJNhXHIUirarVvsoBaWA==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Claim-Types,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Resource-Properties,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Resource-Properties
+subClassOf: top
+governsID: 1.2.840.113556.1.5.271
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Resource-Properties
+adminDescription: A container of this class can contain resource properties.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ResourceProperties
+schemaIDGUID:: hEVKelCzj0es1rS4UtgswA==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Resource-Properties,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Claim-Type
+subClassOf: msDS-ClaimTypePropertyBase
+governsID: 1.2.840.113556.1.5.272
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Type
+adminDescription: 
+ An instance of this class holds the definition of a claim type that can be def
+ ined on security principals.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ClaimType
+schemaIDGUID:: fIWjgWlUj02q5sJ2mXYmBA==
+systemOnly: FALSE
+systemPossSuperiors: msDS-ClaimTypes
+systemMayContain: msDS-ClaimIsSingleValued
+systemMayContain: msDS-ClaimIsValueSpaceRestricted
+systemMayContain: msDS-ClaimValueType
+systemMayContain: msDS-ClaimSourceType
+systemMayContain: msDS-ClaimSource
+systemMayContain: msDS-ClaimTypeAppliesToClass
+systemMayContain: msDS-ClaimAttributeSource
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Claim-Type,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Resource-Property,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Resource-Property
+subClassOf: msDS-ClaimTypePropertyBase
+governsID: 1.2.840.113556.1.5.273
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Resource-Property
+adminDescription: 
+ An instance of this class holds the definition of a property on resources.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ResourceProperty
+schemaIDGUID:: Xj0oWwSElUGTOYRQGIxQGg==
+systemOnly: FALSE
+systemPossSuperiors: msDS-ResourceProperties
+systemMayContain: msDS-AppliesToResourceTypes
+systemMayContain: msDS-IsUsedAsResourceSecurityAttribute
+systemMustContain: msDS-ValueTypeReference
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Resource-Property,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Resource-Property-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Resource-Property-List
+subClassOf: top
+governsID: 1.2.840.113556.1.5.274
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Resource-Property-List
+adminDescription: 
+ An object of this class contains a list of resource properties.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ResourcePropertyList
+schemaIDGUID:: etTjckKzRU2PVrr/gDyr+Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msDS-MembersOfResourcePropertyList
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Resource-Property-List,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Activation-Objects-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-SPP-Activation-Objects-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.266
+rDNAttID: cn
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-SPP-Activation-Objects-Container
+adminDescription: 
+ Container for Activation Objects used by Active Directory based activation
+objectClassCategory: 1
+lDAPDisplayName: msSPP-ActivationObjectsContainer
+schemaIDGUID:: K4YvtyW7XU2qUWLFm9+Qrg==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ O:BAG:BAD: (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-SPP-Activation-Objects-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Activation-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-SPP-Activation-Object
+subClassOf: top
+governsID: 1.2.840.113556.1.5.267
+rDNAttID: cn
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-SPP-Activation-Object
+adminDescription: Activation Object used in Active Directory based activation
+objectClassCategory: 1
+lDAPDisplayName: msSPP-ActivationObject
+schemaIDGUID:: jOagUcUNykOTXcHJEb8u5Q==
+systemOnly: FALSE
+systemPossSuperiors: msSPP-ActivationObjectsContainer
+systemMayContain: msSPP-IssuanceLicense
+systemMayContain: msSPP-ConfigLicense
+systemMayContain: msSPP-PhoneLicense
+systemMayContain: msSPP-OnlineLicense
+systemMayContain: msSPP-ConfirmationId
+systemMayContain: msSPP-InstallationId
+systemMustContain: msSPP-KMSIds
+systemMustContain: msSPP-CSVLKSkuId
+systemMustContain: msSPP-CSVLKPartialProductKey
+systemMustContain: msSPP-CSVLKPid
+defaultSecurityDescriptor: 
+ O:BAG:BAD: (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-SPP-Activation-Object,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TPM-Information-Objects-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-TPM-Information-Objects-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.276
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: TPM-InformationObjectsContainer
+adminDescription: Container for TPM objects.
+objectClassCategory: 1
+lDAPDisplayName: msTPM-InformationObjectsContainer
+schemaIDGUID:: vagn4FZk3kWQozhZOHfudA==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: domain
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ LOLCCCRP;;;DC)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-TPM-Information-Objects-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TPM-Information-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-TPM-Information-Object
+subClassOf: top
+governsID: 1.2.840.113556.1.5.275
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: TPM-InformationObject
+adminDescription: 
+ This class contains recovery information for a Trusted Platform Module (TPM) d
+ evice.
+objectClassCategory: 1
+lDAPDisplayName: msTPM-InformationObject
+schemaIDGUID:: alsEhaZHQ0KnzGiQcB9mLA==
+systemOnly: FALSE
+systemPossSuperiors: msTPM-InformationObjectsContainer
+systemMayContain: msTPM-OwnerInformationTemp
+systemMayContain: msTPM-SrkPubThumbprint
+systemMustContain: msTPM-OwnerInformation
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLO;;;DC)(A;;WP;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-TPM-Information-Object,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Server-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DNS-Server-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.4.2129
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Server-Settings
+adminDescription: A container for storing DNS server settings.
+objectClassCategory: 1
+lDAPDisplayName: msDNS-ServerSettings
+schemaIDGUID:: 7cMv7xhuW0GZ5DEUqMsSSw==
+systemOnly: FALSE
+systemPossSuperiors: server
+systemMayContain: msDNS-KeymasterZones
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DNS-Server-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Central-Access-Policies,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Authz-Central-Access-Policies
+subClassOf: top
+governsID: 1.2.840.113556.1.4.2161
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Central-Access-Policies
+adminDescription: 
+ A container of this class can contain Central Access Policy objects.
+objectClassCategory: 1
+lDAPDisplayName: msAuthz-CentralAccessPolicies
+schemaIDGUID:: wyFcVTahWkWTl3lrvTWOJQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Authz-Central-Access-Policies,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Central-Access-Rules,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Authz-Central-Access-Rules
+subClassOf: top
+governsID: 1.2.840.113556.1.4.2162
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Central-Access-Rules
+adminDescription: 
+ A container of this class can contain Central Access Policy Entry objects.
+objectClassCategory: 1
+lDAPDisplayName: msAuthz-CentralAccessRules
+schemaIDGUID:: ehu7mW1gi0+ADuFb5VTKjQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Authz-Central-Access-Rules,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Central-Access-Rule,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Authz-Central-Access-Rule
+subClassOf: top
+governsID: 1.2.840.113556.1.4.2163
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Central-Access-Rule
+adminDescription: 
+ A class that defines Central Access Rules used to construct a central access p
+ olicy.
+objectClassCategory: 1
+lDAPDisplayName: msAuthz-CentralAccessRule
+schemaIDGUID:: 3AZKWxwl206IEwvdcTJyJg==
+systemOnly: FALSE
+systemPossSuperiors: msAuthz-CentralAccessRules
+systemMayContain: msAuthz-MemberRulesInCentralAccessPolicyBL
+systemMayContain: msAuthz-ResourceCondition
+systemMayContain: msAuthz-LastEffectiveSecurityPolicy
+systemMayContain: msAuthz-ProposedSecurityPolicy
+systemMayContain: msAuthz-EffectiveSecurityPolicy
+systemMayContain: Enabled
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Authz-Central-Access-Rule,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Central-Access-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Authz-Central-Access-Policy
+subClassOf: top
+governsID: 1.2.840.113556.1.4.2164
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Central-Access-Policy
+adminDescription: A class that defines Central Access Policy objects.
+objectClassCategory: 1
+lDAPDisplayName: msAuthz-CentralAccessPolicy
+schemaIDGUID:: sJxnpZ1vLEOLdR4+g08Cqg==
+systemOnly: FALSE
+systemPossSuperiors: msAuthz-CentralAccessPolicies
+systemMayContain: msAuthz-MemberRulesInCentralAccessPolicy
+systemMayContain: msAuthz-CentralAccessPolicyID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Authz-Central-Access-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-Prov-ServerConfiguration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Kds-Prov-ServerConfiguration
+subClassOf: top
+governsID: 1.2.840.113556.1.5.277
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-Prov-ServerConfiguration
+adminDescription: Configuration for the Group Key Distribution Service.
+objectClassCategory: 1
+lDAPDisplayName: msKds-ProvServerConfiguration
+schemaIDGUID:: qEPyXiUqpkWLcwinGuZ3zg==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msKds-PrivateKeyLength
+systemMayContain: msKds-PublicKeyLength
+systemMayContain: msKds-SecretAgreementParam
+systemMayContain: msKds-SecretAgreementAlgorithmID
+systemMayContain: msKds-KDFParam
+systemMayContain: msKds-KDFAlgorithmID
+systemMustContain: msKds-Version
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Kds-Prov-ServerConfiguration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-Prov-RootKey,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Kds-Prov-RootKey
+subClassOf: top
+governsID: 1.2.840.113556.1.5.278
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-Prov-RootKey
+adminDescription: Root keys for the Group Key Distribution Service.
+objectClassCategory: 1
+lDAPDisplayName: msKds-ProvRootKey
+schemaIDGUID:: Qf0CquAXGE+Gh7Ijlklzaw==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msKds-SecretAgreementParam
+systemMayContain: msKds-KDFParam
+systemMustContain: msKds-CreateTime
+systemMustContain: msKds-RootKeyData
+systemMustContain: msKds-PrivateKeyLength
+systemMustContain: msKds-PublicKeyLength
+systemMustContain: msKds-SecretAgreementAlgorithmID
+systemMustContain: msKds-KDFAlgorithmID
+systemMustContain: msKds-UseStartTime
+systemMustContain: msKds-DomainID
+systemMustContain: msKds-Version
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Kds-Prov-RootKey,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Group-Managed-Service-Account,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Group-Managed-Service-Account
+subClassOf: computer
+governsID: 1.2.840.113556.1.5.282
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-Group-Managed-Service-Account
+adminDescription: 
+ The group managed service account class is used to create an account which can
+  be shared by different computers to run Windows services.
+objectClassCategory: 1
+lDAPDisplayName: msDS-GroupManagedServiceAccount
+schemaIDGUID:: ilWLe6WT90qtysAX5n8QVw==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemPossSuperiors: container
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: msDS-GroupMSAMembership
+systemMayContain: msDS-ManagedPasswordPreviousId
+systemMayContain: msDS-ManagedPasswordId
+systemMayContain: msDS-ManagedPassword
+systemMustContain: msDS-ManagedPasswordInterval
+defaultSecurityDescriptor: 
+ D:(OD;;CR;00299570-246d-11d0-a768-00aa006e0529;;WD)(A;;RPWPCRCCDCLCLORCWOWDSDD
+ TSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;
+ SY)(A;;RPCRLCLORCSDDT;;;CO)(OA;;WP;4c164200-20c0-11d0-a768-00aa006e0529;;CO)(O
+ A;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO)(OA;;SW;f3a64788-5306-11d1-a9c5
+ -0000f80367c1;;CO)(OA;;WP;3e0abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-1
+ 1d0-a285-00aa003049e2;CO)(OA;;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86
+ -0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967950-0de6-11d0-a285-00aa003049e2;b
+ f967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967953-0de6-11d0-a285-00aa003
+ 049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-
+ 0000f80367c1;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;SW;72
+ e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)(A;;RPLCLORC;;;AU)(OA;;RPWP;bf967a7f-0d
+ e6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-
+ 1-5-32-560)(OA;;RP;e362ed86-b728-0842-b27d-2dea7a9df218;;WD)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Group-Managed-Service-Account,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Value-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Value-Type
+subClassOf: top
+governsID: 1.2.840.113556.1.5.279
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Value-Type
+adminDescription: 
+ An value type object holds value type information for a resource property.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ValueType
+schemaIDGUID:: 33/C4x2wTk+H5wVu7w65Ig==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMustContain: msDS-IsPossibleValuesPresent
+systemMustContain: msDS-ClaimIsSingleValued
+systemMustContain: msDS-ClaimIsValueSpaceRestricted
+systemMustContain: msDS-ClaimValueType
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Value-Type,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claims-Transformation-Policy-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Claims-Transformation-Policy-Type
+subClassOf: top
+governsID: 1.2.840.113556.1.5.280
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claims-Transformation-Policy-Type
+adminDescription: 
+ An object of this class holds the one set of Claims Transformation Policy for 
+ Cross-Forest Claims Transformation.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ClaimsTransformationPolicyType
+schemaIDGUID:: s2LrLnMTRf6BATh/Fnbtxw==
+systemOnly: FALSE
+systemPossSuperiors: msDS-ClaimsTransformationPolicies
+systemMayContain: msDS-TransformationRulesCompiled
+systemMayContain: msDS-TransformationRules
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Claims-Transformation-Policy-Type,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claims-Transformation-Policies,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Claims-Transformation-Policies
+subClassOf: top
+governsID: 1.2.840.113556.1.5.281
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claims-Transformation-Policies
+adminDescription: 
+ An object of this class holds the one set of Claims Transformation Policy for 
+ Cross-Forest Claims Transformation.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ClaimsTransformationPolicies
+schemaIDGUID:: san8yIh9T7uCekSJJ3EHYg==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Claims-Transformation-Policies,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Cloud-Extensions,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Cloud-Extensions
+subClassOf: top
+governsID: 1.2.840.113556.1.5.283
+mayContain: msDS-cloudExtensionAttribute20
+mayContain: msDS-cloudExtensionAttribute19
+mayContain: msDS-cloudExtensionAttribute18
+mayContain: msDS-cloudExtensionAttribute17
+mayContain: msDS-cloudExtensionAttribute16
+mayContain: msDS-cloudExtensionAttribute15
+mayContain: msDS-cloudExtensionAttribute14
+mayContain: msDS-cloudExtensionAttribute13
+mayContain: msDS-cloudExtensionAttribute12
+mayContain: msDS-cloudExtensionAttribute11
+mayContain: msDS-cloudExtensionAttribute10
+mayContain: msDS-cloudExtensionAttribute9
+mayContain: msDS-cloudExtensionAttribute8
+mayContain: msDS-cloudExtensionAttribute7
+mayContain: msDS-cloudExtensionAttribute6
+mayContain: msDS-cloudExtensionAttribute5
+mayContain: msDS-cloudExtensionAttribute4
+mayContain: msDS-cloudExtensionAttribute3
+mayContain: msDS-cloudExtensionAttribute2
+mayContain: msDS-cloudExtensionAttribute1
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Cloud-Extensions
+adminDescription: 
+ A collection of attributes used to house arbitrary cloud-relevant strings.
+objectClassCategory: 3
+lDAPDisplayName: msDS-CloudExtensions
+schemaIDGUID:: pIceZCaDcUe6LccG3zXjWg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Cloud-Extensions,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-Registration-Service-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Device-Registration-Service-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.287
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-Registration-Service-Container
+adminDescription: 
+ A class for the container used to house all enrollment services used for devic
+ e registrations.
+objectClassCategory: 1
+lDAPDisplayName: msDS-DeviceRegistrationServiceContainer
+schemaIDGUID:: zlULMc09kkOpbcnjU5fCTw==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWO
+ WDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Device-Registration-Service-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-Registration-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Device-Registration-Service
+subClassOf: top
+governsID: 1.2.840.113556.1.5.284
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-Registration-Service
+adminDescription: 
+ An object of this class holds the registration service configuration used for 
+ devices.
+objectClassCategory: 1
+lDAPDisplayName: msDS-DeviceRegistrationService
+schemaIDGUID:: Gjq8ltLj00mvEXsN951n9Q==
+systemOnly: FALSE
+systemPossSuperiors: msDS-DeviceRegistrationServiceContainer
+systemMayContain: msDS-CloudIsEnabled
+systemMayContain: msDS-CloudIssuerPublicCertificates
+systemMayContain: msDS-IssuerPublicCertificates
+systemMayContain: msDS-MaximumRegistrationInactivityPeriod
+systemMayContain: msDS-RegistrationQuota
+systemMayContain: msDS-IssuerCertificates
+systemMustContain: msDS-DeviceLocation
+systemMustContain: msDS-IsEnabled
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWO
+ WDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Device-Registration-Service,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Device-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.289
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device-Container
+adminDescription: A class for the container used to hold device objects.
+objectClassCategory: 1
+lDAPDisplayName: msDS-DeviceContainer
+schemaIDGUID:: WIyefBuQqE627E656fwOEQ==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWO
+ WDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Device-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Device,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Device
+subClassOf: top
+governsID: 1.2.840.113556.1.5.286
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Device
+adminDescription: An object of this type represents a registered device.
+objectClassCategory: 1
+lDAPDisplayName: msDS-Device
+schemaIDGUID:: c7byXUFtdEez6NUujun/mQ==
+systemOnly: FALSE
+systemPossSuperiors: msDS-DeviceContainer
+systemMayContain: msDS-KeyCredentialLink
+systemMayContain: msDS-ComputerSID
+systemMayContain: msDS-DeviceTrustType
+systemMayContain: msDS-IsCompliant
+systemMayContain: msDS-DeviceMDMStatus
+systemMayContain: msDS-CloudAnchor
+systemMayContain: msDS-CloudIsManaged
+systemMayContain: msDS-IsManaged
+systemMayContain: msDS-DeviceObjectVersion
+systemMayContain: msDS-RegisteredOwner
+systemMayContain: msDS-RegisteredUsers
+systemMayContain: msDS-DevicePhysicalIDs
+systemMayContain: msDS-DeviceOSVersion
+systemMayContain: msDS-DeviceOSType
+systemMayContain: msDS-ApproximateLastLogonTimeStamp
+systemMustContain: msDS-DeviceID
+systemMustContain: msDS-IsEnabled
+systemMustContain: altSecurityIdentities
+systemMustContain: displayName
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWO
+ WDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Device,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthN-Policy-Silos,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-AuthN-Policy-Silos
+subClassOf: top
+governsID: 1.2.840.113556.1.5.291
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication Policy Silos
+adminDescription: 
+ A container of this class can contain authentication policy silo objects.
+objectClassCategory: 1
+lDAPDisplayName: msDS-AuthNPolicySilos
+schemaIDGUID:: Ckex0oSPHkmnUrQB7gD+XA==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-AuthN-Policy-Silos,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthN-Policies,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-AuthN-Policies
+subClassOf: top
+governsID: 1.2.840.113556.1.5.293
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication Policies
+adminDescription: 
+ A container of this class can contain authentication policy objects.
+objectClassCategory: 1
+lDAPDisplayName: msDS-AuthNPolicies
+schemaIDGUID:: Xd+aOpd7fk+rtOW1XBwGtA==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-AuthN-Policies,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthN-Policy-Silo,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-AuthN-Policy-Silo
+subClassOf: top
+governsID: 1.2.840.113556.1.5.292
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication Policy Silo
+adminDescription: 
+ An instance of this class defines authentication policies and related behavior
+ s for assigned users, computers, and services.
+objectClassCategory: 1
+lDAPDisplayName: msDS-AuthNPolicySilo
+schemaIDGUID:: Hkbw+X1piUaSmTfmHWF7DQ==
+systemOnly: FALSE
+systemPossSuperiors: msDS-AuthNPolicySilos
+systemMayContain: msDS-AuthNPolicySiloEnforced
+systemMayContain: msDS-AssignedAuthNPolicySiloBL
+systemMayContain: msDS-ServiceAuthNPolicy
+systemMayContain: msDS-ComputerAuthNPolicy
+systemMayContain: msDS-UserAuthNPolicy
+systemMayContain: msDS-AuthNPolicySiloMembers
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-AuthN-Policy-Silo,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthN-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-AuthN-Policy
+subClassOf: top
+governsID: 1.2.840.113556.1.5.294
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication Policy
+adminDescription: 
+ An instance of this class defines authentication policy behaviors for assigned
+  principals.
+objectClassCategory: 1
+lDAPDisplayName: msDS-AuthNPolicy
+schemaIDGUID:: VhFqq8dN9UCRgI5M5C/lzQ==
+systemOnly: FALSE
+systemPossSuperiors: msDS-AuthNPolicies
+systemMayContain: msDS-StrongNTLMPolicy
+systemMayContain: msDS-ServiceAllowedNTLMNetworkAuthentication
+systemMayContain: msDS-UserAllowedNTLMNetworkAuthentication
+systemMayContain: msDS-AuthNPolicyEnforced
+systemMayContain: msDS-AssignedAuthNPolicyBL
+systemMayContain: msDS-ServiceAuthNPolicyBL
+systemMayContain: msDS-ComputerAuthNPolicyBL
+systemMayContain: msDS-UserAuthNPolicyBL
+systemMayContain: msDS-ServiceTGTLifetime
+systemMayContain: msDS-ServiceAllowedToAuthenticateFrom
+systemMayContain: msDS-ServiceAllowedToAuthenticateTo
+systemMayContain: msDS-ComputerTGTLifetime
+systemMayContain: msDS-ComputerAllowedToAuthenticateTo
+systemMayContain: msDS-UserTGTLifetime
+systemMayContain: msDS-UserAllowedToAuthenticateFrom
+systemMayContain: msDS-UserAllowedToAuthenticateTo
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-AuthN-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Key-Credential,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Key-Credential
+subClassOf: top
+governsID: 1.2.840.113556.1.5.297
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-KeyCredential
+adminDescription: An instance of this class contains key material.
+objectClassCategory: 1
+lDAPDisplayName: msDS-KeyCredential
+schemaIDGUID:: Q1Uf7i58akeLP+EfSvbEmA==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msDS-DeviceID
+systemMayContain: msDS-KeyApproximateLastLogonTimeStamp
+systemMayContain: msDS-CustomKeyInformation
+systemMayContain: msDS-ComputerSID
+systemMayContain: msDS-DeviceDN
+systemMayContain: msDS-KeyPrincipal
+systemMayContain: msDS-KeyUsage
+systemMayContain: msDS-KeyMaterial
+systemMustContain: msDS-KeyId
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Key-Credential,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Shadow-Principal-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Shadow-Principal-Container
+subClassOf: container
+governsID: 1.2.840.113556.1.5.298
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Shadow-Principal-Container
+adminDescription: Dedicated container for msDS-ShadowPrincipal objects.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ShadowPrincipalContainer
+schemaIDGUID:: RVX5ERLXUEy4R9J4FTfGMw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Shadow-Principal-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Shadow-Principal,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Shadow-Principal
+subClassOf: top
+governsID: 1.2.840.113556.1.5.299
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Shadow-Principal
+adminDescription: Represents a principal from an external forest.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ShadowPrincipal
+schemaIDGUID:: s0wPd0MWnEa3Zu3XeqdeFA==
+systemOnly: FALSE
+systemPossSuperiors: msDS-ShadowPrincipalContainer
+systemMayContain: member
+systemMustContain: msDS-ShadowPrincipalSid
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Shadow-Principal,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Zone-Scope-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Dns-Zone-Scope-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.300
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Zone-Scope-Container
+adminDescription: Container for Dns Zone Scope objects.
+objectClassCategory: 1
+lDAPDisplayName: dnsZoneScopeContainer
+schemaIDGUID:: k5Bp8lryIEKd6wPfTMSpxQ==
+systemOnly: FALSE
+systemPossSuperiors: dnsZone
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;ED)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;CC;;;AU)(A;;RPLCLORC;;;WD)(A;;RPWPCRCCDCLC
+ LORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Dns-Zone-Scope-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Zone-Scope,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Dns-Zone-Scope
+subClassOf: top
+governsID: 1.2.840.113556.1.5.301
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Zone-Scope
+adminDescription: 
+ A zonescope of a zone is another copy of the zone contained in the zone with d
+ ifferent set of resource records.
+objectClassCategory: 1
+lDAPDisplayName: dnsZoneScope
+schemaIDGUID:: YYpvaT8tzkCks+J138xJxQ==
+systemOnly: FALSE
+systemPossSuperiors: dnsZoneScopeContainer
+systemMayContain: managedBy
+systemMayContain: dNSProperty
+systemMustContain: dc
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;ED)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;CC;;;AU)(A;;RPLCLORC;;;WD)(A;;RPWPCRCCDCLC
+ LORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Dns-Zone-Scope,CN=Schema,CN=Configuration,DC=X
+
diff --git a/source4/setup/ad-schema/Attributes_for_AD_DS__Windows_Server_2008_R2.ldf b/source4/setup/ad-schema/Attributes_for_AD_DS__Windows_Server_2008_R2.ldf
new file mode 100644
index 0000000..97e70e0
--- /dev/null
+++ b/source4/setup/ad-schema/Attributes_for_AD_DS__Windows_Server_2008_R2.ldf
@@ -0,0 +1,26925 @@
+# Intellectual Property Rights Notice for Open Specifications Documentation
+# •	Technical Documentation. Microsoft publishes Open Specifications documentation for protocols, file formats, languages, standards as well as overviews of the interaction among each of these technologies. 
+# •	Copyrights. This documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you may make copies of it in order to develop implementations of the technologies described in the Open Specifications and may distribute portions of it in your implementations using these technologies or your documentation as necessary to properly document the implementation. You may also distribute in your implementation, with or without modification, any schema, IDL’s, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the Open Specifications. 
+# •	No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation.
+# •	Patents. Microsoft has patents that may cover your implementations of the technologies described in the Open Specifications. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, a given Open Specification may be covered by Microsoft's Open Specification Promise (available here:  http://www.microsoft.com/interop/osp) or the Community Promise (available here: http://www.microsoft.com/interop/cp/default.mspx). If you would prefer a written license, or if the technologies described in the Open Specifications are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting iplg@microsoft.com.
+# •	Trademarks. The names of companies and products contained in this documentation may be covered by trademarks or similar intellectual property rights. This notice does not grant any licenses under those rights.
+# •	Fictitious Names. The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in this documentation are fictitious.  No association with any real company, organization, product, domain name, email address, logo, person, place, or event is intended or should be inferred.
+# Reservation of Rights. All other rights are reserved, and this notice does not grant any rights other than specifically described above, whether by implication, estoppel, or otherwise.
+# Tools. The Open Specifications do not require the use of Microsoft programming tools or programming environments in order for you to develop an implementation. If you have access to Microsoft programming tools and environments you are free to take advantage of them. Certain Open Specifications are intended for use in conjunction with publicly available standard specifications and network programming art, and assumes that the reader either is familiar with the aforementioned material or has immediate access to it.
+
+# The following attribute schema definitions were generated from the Windows Server 2008 R2 version of Active Directory Domain Services (AD DS).   
+
+dn: CN=Account-Expires,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Account-Expires
+attributeID: 1.2.840.113556.1.4.159
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Account-Expires
+adminDescription: Account-Expires
+oMSyntax: 65
+searchFlags: 16
+lDAPDisplayName: accountExpires
+schemaFlagsEx: 1
+schemaIDGUID:: FXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Account-Name-History,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Account-Name-History
+attributeID: 1.2.840.113556.1.4.1307
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Account-Name-History
+adminDescription: Account-Name-History
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: accountNameHistory
+schemaIDGUID:: 7FIZA3I70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Aggregate-Token-Rate-Per-User,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Aggregate-Token-Rate-Per-User
+attributeID: 1.2.840.113556.1.4.760
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Aggregate-Token-Rate-Per-User
+adminDescription: ACS-Aggregate-Token-Rate-Per-User
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSAggregateTokenRatePerUser
+schemaIDGUID:: fRJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Allocable-RSVP-Bandwidth,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Allocable-RSVP-Bandwidth
+attributeID: 1.2.840.113556.1.4.766
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Allocable-RSVP-Bandwidth
+adminDescription: ACS-Allocable-RSVP-Bandwidth
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSAllocableRSVPBandwidth
+schemaIDGUID:: gxJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Cache-Timeout,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Cache-Timeout
+attributeID: 1.2.840.113556.1.4.779
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Cache-Timeout
+adminDescription: ACS-Cache-Timeout
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSCacheTimeout
+schemaIDGUID:: oVWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Direction,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Direction
+attributeID: 1.2.840.113556.1.4.757
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Direction
+adminDescription: ACS-Direction
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSDirection
+schemaIDGUID:: ehJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-DSBM-DeadTime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-DSBM-DeadTime
+attributeID: 1.2.840.113556.1.4.778
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-DSBM-DeadTime
+adminDescription: ACS-DSBM-DeadTime
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSDSBMDeadTime
+schemaIDGUID:: oFWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-DSBM-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-DSBM-Priority
+attributeID: 1.2.840.113556.1.4.776
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-DSBM-Priority
+adminDescription: ACS-DSBM-Priority
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSDSBMPriority
+schemaIDGUID:: nlWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-DSBM-Refresh,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-DSBM-Refresh
+attributeID: 1.2.840.113556.1.4.777
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-DSBM-Refresh
+adminDescription: ACS-DSBM-Refresh
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSDSBMRefresh
+schemaIDGUID:: n1WzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Enable-ACS-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Enable-ACS-Service
+attributeID: 1.2.840.113556.1.4.770
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Enable-ACS-Service
+adminDescription: ACS-Enable-ACS-Service
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: aCSEnableACSService
+schemaIDGUID:: hxJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Enable-RSVP-Accounting,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Enable-RSVP-Accounting
+attributeID: 1.2.840.113556.1.4.899
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Enable-RSVP-Accounting
+adminDescription: ACS-Enable-RSVP-Accounting
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: aCSEnableRSVPAccounting
+schemaIDGUID:: DiNy8PWu0RG9zwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Enable-RSVP-Message-Logging,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Enable-RSVP-Message-Logging
+attributeID: 1.2.840.113556.1.4.768
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Enable-RSVP-Message-Logging
+adminDescription: ACS-Enable-RSVP-Message-Logging
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: aCSEnableRSVPMessageLogging
+schemaIDGUID:: hRJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Event-Log-Level,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Event-Log-Level
+attributeID: 1.2.840.113556.1.4.769
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Event-Log-Level
+adminDescription: ACS-Event-Log-Level
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSEventLogLevel
+schemaIDGUID:: hhJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Identity-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Identity-Name
+attributeID: 1.2.840.113556.1.4.784
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Identity-Name
+adminDescription: ACS-Identity-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aCSIdentityName
+schemaIDGUID:: timw2vfd0RGQpQDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Aggregate-Peak-Rate-Per-User,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Aggregate-Peak-Rate-Per-User
+attributeID: 1.2.840.113556.1.4.897
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Aggregate-Peak-Rate-Per-User
+adminDescription: ACS-Max-Aggregate-Peak-Rate-Per-User
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMaxAggregatePeakRatePerUser
+schemaIDGUID:: DCNy8PWu0RG9zwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Duration-Per-Flow,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Duration-Per-Flow
+attributeID: 1.2.840.113556.1.4.761
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Duration-Per-Flow
+adminDescription: ACS-Max-Duration-Per-Flow
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSMaxDurationPerFlow
+schemaIDGUID:: fhJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-No-Of-Account-Files,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-No-Of-Account-Files
+attributeID: 1.2.840.113556.1.4.901
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-No-Of-Account-Files
+adminDescription: ACS-Max-No-Of-Account-Files
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSMaxNoOfAccountFiles
+schemaIDGUID:: ECNy8PWu0RG9zwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-No-Of-Log-Files,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-No-Of-Log-Files
+attributeID: 1.2.840.113556.1.4.774
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-No-Of-Log-Files
+adminDescription: ACS-Max-No-Of-Log-Files
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSMaxNoOfLogFiles
+schemaIDGUID:: nFWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Peak-Bandwidth,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Peak-Bandwidth
+attributeID: 1.2.840.113556.1.4.767
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Peak-Bandwidth
+adminDescription: ACS-Max-Peak-Bandwidth
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMaxPeakBandwidth
+schemaIDGUID:: hBJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Peak-Bandwidth-Per-Flow,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Peak-Bandwidth-Per-Flow
+attributeID: 1.2.840.113556.1.4.759
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Peak-Bandwidth-Per-Flow
+adminDescription: ACS-Max-Peak-Bandwidth-Per-Flow
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMaxPeakBandwidthPerFlow
+schemaIDGUID:: fBJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Size-Of-RSVP-Account-File,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Size-Of-RSVP-Account-File
+attributeID: 1.2.840.113556.1.4.902
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Size-Of-RSVP-Account-File
+adminDescription: ACS-Max-Size-Of-RSVP-Account-File
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSMaxSizeOfRSVPAccountFile
+schemaIDGUID:: ESNy8PWu0RG9zwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Size-Of-RSVP-Log-File,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Size-Of-RSVP-Log-File
+attributeID: 1.2.840.113556.1.4.775
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Size-Of-RSVP-Log-File
+adminDescription: ACS-Max-Size-Of-RSVP-Log-File
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSMaxSizeOfRSVPLogFile
+schemaIDGUID:: nVWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Token-Bucket-Per-Flow,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Token-Bucket-Per-Flow
+attributeID: 1.2.840.113556.1.4.1313
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Token-Bucket-Per-Flow
+adminDescription: ACS-Max-Token-Bucket-Per-Flow
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMaxTokenBucketPerFlow
+schemaIDGUID:: 3+D2gZA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Token-Rate-Per-Flow,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Token-Rate-Per-Flow
+attributeID: 1.2.840.113556.1.4.758
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Token-Rate-Per-Flow
+adminDescription: ACS-Max-Token-Rate-Per-Flow
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMaxTokenRatePerFlow
+schemaIDGUID:: exJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Maximum-SDU-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Maximum-SDU-Size
+attributeID: 1.2.840.113556.1.4.1314
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Maximum-SDU-Size
+adminDescription: ACS-Maximum-SDU-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMaximumSDUSize
+schemaIDGUID:: +diih5A70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Minimum-Delay-Variation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Minimum-Delay-Variation
+attributeID: 1.2.840.113556.1.4.1317
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Minimum-Delay-Variation
+adminDescription: ACS-Minimum-Delay-Variation
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMinimumDelayVariation
+schemaIDGUID:: mzJlnJA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Minimum-Latency,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Minimum-Latency
+attributeID: 1.2.840.113556.1.4.1316
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Minimum-Latency
+adminDescription: ACS-Minimum-Latency
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMinimumLatency
+schemaIDGUID:: +/4XlZA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Minimum-Policed-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Minimum-Policed-Size
+attributeID: 1.2.840.113556.1.4.1315
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Minimum-Policed-Size
+adminDescription: ACS-Minimum-Policed-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMinimumPolicedSize
+schemaIDGUID:: lXEOjZA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Non-Reserved-Max-SDU-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Non-Reserved-Max-SDU-Size
+attributeID: 1.2.840.113556.1.4.1320
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Non-Reserved-Max-SDU-Size
+adminDescription: ACS-Non-Reserved-Max-SDU-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSNonReservedMaxSDUSize
+schemaIDGUID:: 48/CrpA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Non-Reserved-Min-Policed-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Non-Reserved-Min-Policed-Size
+attributeID: 1.2.840.113556.1.4.1321
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Non-Reserved-Min-Policed-Size
+adminDescription: ACS-Non-Reserved-Min-Policed-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSNonReservedMinPolicedSize
+schemaIDGUID:: FzmHtpA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Non-Reserved-Peak-Rate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Non-Reserved-Peak-Rate
+attributeID: 1.2.840.113556.1.4.1318
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Non-Reserved-Peak-Rate
+adminDescription: ACS-Non-Reserved-Peak-Rate
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSNonReservedPeakRate
+schemaIDGUID:: P6cxo5A70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Non-Reserved-Token-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Non-Reserved-Token-Size
+attributeID: 1.2.840.113556.1.4.1319
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Non-Reserved-Token-Size
+adminDescription: ACS-Non-Reserved-Token-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSNonReservedTokenSize
+schemaIDGUID:: ydcWqZA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Non-Reserved-Tx-Limit,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Non-Reserved-Tx-Limit
+attributeID: 1.2.840.113556.1.4.780
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Non-Reserved-Tx-Limit
+adminDescription: ACS-Non-Reserved-Tx-Limit
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSNonReservedTxLimit
+schemaIDGUID:: olWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Non-Reserved-Tx-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Non-Reserved-Tx-Size
+attributeID: 1.2.840.113556.1.4.898
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Non-Reserved-Tx-Size
+adminDescription: ACS-Non-Reserved-Tx-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSNonReservedTxSize
+schemaIDGUID:: DSNy8PWu0RG9zwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Permission-Bits,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Permission-Bits
+attributeID: 1.2.840.113556.1.4.765
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Permission-Bits
+adminDescription: ACS-Permission-Bits
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSPermissionBits
+schemaIDGUID:: ghJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Policy-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Policy-Name
+attributeID: 1.2.840.113556.1.4.772
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Policy-Name
+adminDescription: ACS-Policy-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aCSPolicyName
+schemaIDGUID:: mlWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Priority
+attributeID: 1.2.840.113556.1.4.764
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Priority
+adminDescription: ACS-Priority
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSPriority
+schemaIDGUID:: gRJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-RSVP-Account-Files-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-RSVP-Account-Files-Location
+attributeID: 1.2.840.113556.1.4.900
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-RSVP-Account-Files-Location
+adminDescription: ACS-RSVP-Account-Files-Location
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aCSRSVPAccountFilesLocation
+schemaIDGUID:: DyNy8PWu0RG9zwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-RSVP-Log-Files-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-RSVP-Log-Files-Location
+attributeID: 1.2.840.113556.1.4.773
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-RSVP-Log-Files-Location
+adminDescription: ACS-RSVP-Log-Files-Location
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aCSRSVPLogFilesLocation
+schemaIDGUID:: m1WzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Server-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Server-List
+attributeID: 1.2.840.113556.1.4.1312
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Server-List
+adminDescription: ACS-Server-List
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aCSServerList
+schemaIDGUID:: pVm9fJA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Service-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Service-Type
+attributeID: 1.2.840.113556.1.4.762
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Service-Type
+adminDescription: ACS-Service-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSServiceType
+schemaIDGUID:: fxJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Time-Of-Day,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Time-Of-Day
+attributeID: 1.2.840.113556.1.4.756
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Time-Of-Day
+adminDescription: ACS-Time-Of-Day
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aCSTimeOfDay
+schemaIDGUID:: eRJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Total-No-Of-Flows,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Total-No-Of-Flows
+attributeID: 1.2.840.113556.1.4.763
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Total-No-Of-Flows
+adminDescription: ACS-Total-No-Of-Flows
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSTotalNoOfFlows
+schemaIDGUID:: gBJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Additional-Information,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Additional-Information
+attributeID: 1.2.840.113556.1.4.265
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 32768
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Additional-Information
+adminDescription: Additional-Information
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: notes
+schemaIDGUID:: QfsFbWsk0BGpyACqAGwz7Q==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Additional-Trusted-Service-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Additional-Trusted-Service-Names
+attributeID: 1.2.840.113556.1.4.889
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Additional-Trusted-Service-Names
+adminDescription: Additional-Trusted-Service-Names
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: additionalTrustedServiceNames
+schemaIDGUID:: vmAhAySY0RGuwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address
+attributeID: 1.2.840.113556.1.2.256
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+mAPIID: 14889
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address
+adminDescription: Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: streetAddress
+schemaFlagsEx: 1
+schemaIDGUID:: hP/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Book-Roots,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Book-Roots
+attributeID: 1.2.840.113556.1.4.1244
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Book-Roots
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Address-Book-Roots
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: addressBookRoots
+schemaFlagsEx: 1
+schemaIDGUID:: SG4L9/QG0hGqUwDAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Book-Roots2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Book-Roots2
+attributeID: 1.2.840.113556.1.4.2046
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2122
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Book-Roots2
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Used by Exchange. Exchange configures trees of address book containers to show
+  up in the MAPI address book. This attribute on the Exchange Config object lis
+ ts the roots of the address book container trees.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: addressBookRoots2
+schemaFlagsEx: 1
+schemaIDGUID:: dKOMUBGlTk6fT4VvYaa35A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Entry-Display-Table,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Entry-Display-Table
+attributeID: 1.2.840.113556.1.2.324
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 32791
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Entry-Display-Table
+adminDescription: Address-Entry-Display-Table
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: addressEntryDisplayTable
+schemaFlagsEx: 1
+schemaIDGUID:: YSTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Entry-Display-Table-MSDOS,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Entry-Display-Table-MSDOS
+attributeID: 1.2.840.113556.1.2.400
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 32839
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Entry-Display-Table-MSDOS
+adminDescription: Address-Entry-Display-Table-MSDOS
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: addressEntryDisplayTableMSDOS
+schemaFlagsEx: 1
+schemaIDGUID:: YiTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Home,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Home
+attributeID: 1.2.840.113556.1.2.617
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 4096
+mAPIID: 14941
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Home
+adminDescription: Address-Home
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: homePostalAddress
+schemaIDGUID:: gVd3FvNH0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Syntax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Syntax
+attributeID: 1.2.840.113556.1.2.255
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 4096
+mAPIID: 32792
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Syntax
+adminDescription: Address-Syntax
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: addressSyntax
+schemaFlagsEx: 1
+schemaIDGUID:: YyTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Type
+attributeID: 1.2.840.113556.1.2.350
+attributeSyntax: 2.5.5.4
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32
+mAPIID: 32840
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Type
+adminDescription: Address-Type
+oMSyntax: 20
+searchFlags: 0
+lDAPDisplayName: addressType
+schemaFlagsEx: 1
+schemaIDGUID:: ZCTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Admin-Context-Menu,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Admin-Context-Menu
+attributeID: 1.2.840.113556.1.4.614
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Admin-Context-Menu
+adminDescription: Admin-Context-Menu
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: adminContextMenu
+schemaIDGUID:: ONA/VS7z0BGwvADAT9jcpg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Admin-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Admin-Count
+attributeID: 1.2.840.113556.1.4.150
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Admin-Count
+adminDescription: Admin-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: adminCount
+schemaFlagsEx: 1
+schemaIDGUID:: GHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Admin-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Admin-Description
+attributeID: 1.2.840.113556.1.2.226
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 1024
+mAPIID: 32842
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Admin-Description
+adminDescription: Admin-Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: adminDescription
+schemaIDGUID:: GXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Admin-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Admin-Display-Name
+attributeID: 1.2.840.113556.1.2.194
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+mAPIID: 32843
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Admin-Display-Name
+adminDescription: Admin-Display-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: adminDisplayName
+schemaFlagsEx: 1
+schemaIDGUID:: GnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Admin-Multiselect-Property-Pages,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Admin-Multiselect-Property-Pages
+attributeID: 1.2.840.113556.1.4.1690
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Admin-Multiselect-Property-Pages
+adminDescription: Admin-Multiselect-Property-Pages
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: adminMultiselectPropertyPages
+schemaIDGUID:: fbb5GMZaO0uX29CkBq+3ug==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Admin-Property-Pages,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Admin-Property-Pages
+attributeID: 1.2.840.113556.1.4.562
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Admin-Property-Pages
+adminDescription: Admin-Property-Pages
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: adminPropertyPages
+schemaIDGUID:: OIBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Allowed-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Allowed-Attributes
+attributeID: 1.2.840.113556.1.4.913
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Allowed-Attributes
+adminDescription: Allowed-Attributes
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: allowedAttributes
+schemaFlagsEx: 1
+schemaIDGUID:: QNl6mlPK0RG70ACAx2ZwwA==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Allowed-Attributes-Effective,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Allowed-Attributes-Effective
+attributeID: 1.2.840.113556.1.4.914
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Allowed-Attributes-Effective
+adminDescription: Allowed-Attributes-Effective
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: allowedAttributesEffective
+schemaFlagsEx: 1
+schemaIDGUID:: Qdl6mlPK0RG70ACAx2ZwwA==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Allowed-Child-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Allowed-Child-Classes
+attributeID: 1.2.840.113556.1.4.911
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Allowed-Child-Classes
+adminDescription: Allowed-Child-Classes
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: allowedChildClasses
+schemaFlagsEx: 1
+schemaIDGUID:: Qtl6mlPK0RG70ACAx2ZwwA==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Allowed-Child-Classes-Effective,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Allowed-Child-Classes-Effective
+attributeID: 1.2.840.113556.1.4.912
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Allowed-Child-Classes-Effective
+adminDescription: Allowed-Child-Classes-Effective
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: allowedChildClassesEffective
+schemaFlagsEx: 1
+schemaIDGUID:: Q9l6mlPK0RG70ACAx2ZwwA==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Alt-Security-Identities,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Alt-Security-Identities
+attributeID: 1.2.840.113556.1.4.867
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Alt-Security-Identities
+adminDescription: Alt-Security-Identities
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: altSecurityIdentities
+schemaFlagsEx: 1
+schemaIDGUID:: DPP7AP6R0RGuvAAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ANR,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ANR
+attributeID: 1.2.840.113556.1.4.1208
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ANR
+adminDescription: ANR
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aNR
+schemaFlagsEx: 1
+schemaIDGUID:: ABWwRRnE0RG7yQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=App-Schema-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: App-Schema-Version
+attributeID: 1.2.840.113556.1.4.848
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: App-Schema-Version
+adminDescription: App-Schema-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: appSchemaVersion
+schemaIDGUID:: Zd2nlhiR0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Application-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Application-Name
+attributeID: 1.2.840.113556.1.4.218
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Application-Name
+adminDescription: Application-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: applicationName
+schemaIDGUID:: JiJx3eQQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Applies-To,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Applies-To
+attributeID: 1.2.840.113556.1.4.341
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Applies-To
+adminDescription: Applies-To
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: appliesTo
+schemaIDGUID:: HZOXgtOG0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Asset-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Asset-Number
+attributeID: 1.2.840.113556.1.4.283
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Asset-Number
+adminDescription: Asset-Number
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: assetNumber
+schemaIDGUID:: dV8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Assistant,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Assistant
+attributeID: 1.2.840.113556.1.4.652
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Assistant
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Assistant
+oMSyntax: 127
+searchFlags: 16
+lDAPDisplayName: assistant
+schemaIDGUID:: HMGWAtpA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Assoc-NT-Account,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Assoc-NT-Account
+attributeID: 1.2.840.113556.1.4.1213
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Assoc-NT-Account
+adminDescription: Assoc-NT-Account
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: assocNTAccount
+schemaIDGUID:: wGOPOWDK0RG70QAA+B8QwA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=associatedDomain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: associatedDomain
+attributeID: 0.9.2342.19200300.100.1.37
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: associatedDomain
+adminDescription: 
+ The associatedDomain attribute type specifies a DNS domain which is associated
+  with an object.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: associatedDomain
+schemaIDGUID:: OPwgM3nDF0ylEBvfYTPF2g==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=associatedName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: associatedName
+attributeID: 0.9.2342.19200300.100.1.38
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: associatedName
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ The associatedName attribute type specifies an entry in the organizational DIT
+  associated with a DNS domain.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: associatedName
+schemaIDGUID:: Rfz796uFpEKkNXgOYveFiw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Attribute-Display-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Attribute-Display-Names
+attributeID: 1.2.840.113556.1.4.748
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Attribute-Display-Names
+adminDescription: Attribute-Display-Names
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: attributeDisplayNames
+schemaIDGUID:: gD+Ey9lI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Attribute-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Attribute-ID
+attributeID: 1.2.840.113556.1.2.30
+attributeSyntax: 2.5.5.2
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Attribute-ID
+adminDescription: Attribute-ID
+oMSyntax: 6
+searchFlags: 8
+lDAPDisplayName: attributeID
+schemaFlagsEx: 1
+schemaIDGUID:: InmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Attribute-Security-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Attribute-Security-GUID
+attributeID: 1.2.840.113556.1.4.149
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Attribute-Security-GUID
+adminDescription: Attribute-Security-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: attributeSecurityGUID
+schemaFlagsEx: 1
+schemaIDGUID:: JHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Attribute-Syntax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Attribute-Syntax
+attributeID: 1.2.840.113556.1.2.32
+attributeSyntax: 2.5.5.2
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Attribute-Syntax
+adminDescription: Attribute-Syntax
+oMSyntax: 6
+searchFlags: 8
+lDAPDisplayName: attributeSyntax
+schemaFlagsEx: 1
+schemaIDGUID:: JXmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Attribute-Types,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Attribute-Types
+attributeID: 2.5.21.5
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Attribute-Types
+adminDescription: Attribute-Types
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: attributeTypes
+schemaFlagsEx: 1
+schemaIDGUID:: RNl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=attributeCertificateAttribute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: attributeCertificateAttribute
+attributeID: 2.5.4.58
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: attributeCertificateAttribute
+adminDescription: 
+ A digitally signed or certified identity and set of attributes. Used to bind a
+ uthorization information to an identity. X.509
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: attributeCertificateAttribute
+schemaIDGUID:: u5NG+sJ7uUyBqMmcQ7eQXg==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=audio,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: audio
+attributeID: 0.9.2342.19200300.100.1.55
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 250000
+showInAdvancedViewOnly: FALSE
+adminDisplayName: audio
+adminDescription: 
+ The Audio attribute type allows the storing of sounds in the Directory.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: audio
+schemaIDGUID:: JNLh0KDhzkKi2nk7pSRPNQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Auditing-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Auditing-Policy
+attributeID: 1.2.840.113556.1.4.202
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Auditing-Policy
+adminDescription: Auditing-Policy
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: auditingPolicy
+schemaFlagsEx: 1
+schemaIDGUID:: /qSobVIO0BGihgCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Authentication-Options,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Authentication-Options
+attributeID: 1.2.840.113556.1.4.11
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication-Options
+adminDescription: Authentication-Options
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: authenticationOptions
+schemaFlagsEx: 1
+schemaIDGUID:: KHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Authority-Revocation-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Authority-Revocation-List
+attributeID: 2.5.4.38
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 10485760
+mAPIID: 32806
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authority-Revocation-List
+adminDescription: Authority-Revocation-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: authorityRevocationList
+schemaIDGUID:: jVd3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Auxiliary-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Auxiliary-Class
+attributeID: 1.2.840.113556.1.2.351
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Auxiliary-Class
+adminDescription: Auxiliary-Class
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: auxiliaryClass
+schemaFlagsEx: 1
+schemaIDGUID:: LHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Bad-Password-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Bad-Password-Time
+attributeID: 1.2.840.113556.1.4.49
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Bad-Password-Time
+adminDescription: Bad-Password-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: badPasswordTime
+schemaFlagsEx: 1
+schemaIDGUID:: LXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Bad-Pwd-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Bad-Pwd-Count
+attributeID: 1.2.840.113556.1.4.12
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Bad-Pwd-Count
+adminDescription: Bad-Pwd-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: badPwdCount
+schemaFlagsEx: 1
+schemaIDGUID:: LnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Birth-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Birth-Location
+attributeID: 1.2.840.113556.1.4.332
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 32
+rangeUpper: 32
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Birth-Location
+adminDescription: Birth-Location
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: birthLocation
+schemaIDGUID:: +XUAH0B+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=BootFile,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: BootFile
+attributeID: 1.3.6.1.1.1.1.24
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 10240
+showInAdvancedViewOnly: TRUE
+adminDisplayName: bootFile
+adminDescription: Boot image name
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: bootFile
+schemaIDGUID:: Tsvz4yAP60KXA9L/JuUmZw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=BootParameter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: BootParameter
+attributeID: 1.3.6.1.1.1.1.23
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 10240
+showInAdvancedViewOnly: TRUE
+adminDisplayName: bootParameter
+adminDescription: rpc.bootparamd parameter
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: bootParameter
+schemaIDGUID:: UAcq13yMbkGHFOZfEekIvg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Bridgehead-Server-List-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Bridgehead-Server-List-BL
+attributeID: 1.2.840.113556.1.4.820
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 99
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Bridgehead-Server-List-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Bridgehead-Server-List-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: bridgeheadServerListBL
+schemaFlagsEx: 1
+schemaIDGUID:: 2ywM1VGJ0RGuvAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Bridgehead-Transport-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Bridgehead-Transport-List
+attributeID: 1.2.840.113556.1.4.819
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 98
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Bridgehead-Transport-List
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Bridgehead-Transport-List
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: bridgeheadTransportList
+schemaIDGUID:: 2iwM1VGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=buildingName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: buildingName
+attributeID: 0.9.2342.19200300.100.1.48
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: buildingName
+adminDescription: 
+ The buildingName attribute type specifies the name of the building where an or
+ ganization or organizational unit is based.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: buildingName
+schemaIDGUID:: S6V/+MWy10+IwNrMsh2TxQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Builtin-Creation-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Builtin-Creation-Time
+attributeID: 1.2.840.113556.1.4.13
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Builtin-Creation-Time
+adminDescription: Builtin-Creation-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: builtinCreationTime
+schemaIDGUID:: L3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Builtin-Modified-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Builtin-Modified-Count
+attributeID: 1.2.840.113556.1.4.14
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Builtin-Modified-Count
+adminDescription: Builtin-Modified-Count
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: builtinModifiedCount
+schemaIDGUID:: MHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Business-Category,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Business-Category
+attributeID: 2.5.4.15
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 32855
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Business-Category
+adminDescription: Business-Category
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: businessCategory
+schemaIDGUID:: MXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Bytes-Per-Minute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Bytes-Per-Minute
+attributeID: 1.2.840.113556.1.4.284
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Bytes-Per-Minute
+adminDescription: Bytes-Per-Minute
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: bytesPerMinute
+schemaIDGUID:: dl8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CA-Certificate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CA-Certificate
+attributeID: 2.5.4.37
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 32771
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CA-Certificate
+adminDescription: CA-Certificate
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: cACertificate
+schemaIDGUID:: MnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CA-Certificate-DN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CA-Certificate-DN
+attributeID: 1.2.840.113556.1.4.697
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CA-Certificate-DN
+adminDescription: CA-Certificate-DN
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cACertificateDN
+schemaIDGUID:: QCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CA-Connect,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CA-Connect
+attributeID: 1.2.840.113556.1.4.687
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CA-Connect
+adminDescription: CA-Connect
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cAConnect
+schemaIDGUID:: NSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CA-Usages,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CA-Usages
+attributeID: 1.2.840.113556.1.4.690
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CA-Usages
+adminDescription: CA-Usages
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cAUsages
+schemaIDGUID:: OCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CA-WEB-URL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CA-WEB-URL
+attributeID: 1.2.840.113556.1.4.688
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CA-WEB-URL
+adminDescription: CA-WEB-URL
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cAWEBURL
+schemaIDGUID:: Nic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Can-Upgrade-Script,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Can-Upgrade-Script
+attributeID: 1.2.840.113556.1.4.815
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Can-Upgrade-Script
+adminDescription: Can-Upgrade-Script
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: canUpgradeScript
+schemaIDGUID:: FIPh2TmJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Canonical-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Canonical-Name
+attributeID: 1.2.840.113556.1.4.916
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Canonical-Name
+adminDescription: Canonical-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: canonicalName
+schemaFlagsEx: 1
+schemaIDGUID:: Rdl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=carLicense,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: carLicense
+attributeID: 2.16.840.1.113730.3.1.1
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: carLicense
+adminDescription: Vehicle license or registration plate.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: carLicense
+schemaIDGUID:: kpwV1H2Vh0qKZ40pNOAWSQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Catalogs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Catalogs
+attributeID: 1.2.840.113556.1.4.675
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Catalogs
+adminDescription: Catalogs
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: catalogs
+schemaIDGUID:: gcv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Categories,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Categories
+attributeID: 1.2.840.113556.1.4.672
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Categories
+adminDescription: Categories
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: categories
+schemaIDGUID:: fsv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Category-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Category-Id
+attributeID: 1.2.840.113556.1.4.322
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Category-Id
+adminDescription: Category-Id
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: categoryId
+schemaIDGUID:: lA5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Certificate-Authority-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Certificate-Authority-Object
+attributeID: 1.2.840.113556.1.4.684
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Certificate-Authority-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Certificate-Authority-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: certificateAuthorityObject
+schemaIDGUID:: Mic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Certificate-Revocation-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Certificate-Revocation-List
+attributeID: 2.5.4.39
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 10485760
+mAPIID: 32790
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Certificate-Revocation-List
+adminDescription: Certificate-Revocation-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: certificateRevocationList
+schemaIDGUID:: n1d3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Certificate-Templates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Certificate-Templates
+attributeID: 1.2.840.113556.1.4.823
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Certificate-Templates
+adminDescription: Certificate-Templates
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: certificateTemplates
+schemaIDGUID:: scU5KmCJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Class-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Class-Display-Name
+attributeID: 1.2.840.113556.1.4.610
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Class-Display-Name
+adminDescription: Class-Display-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: classDisplayName
+schemaIDGUID:: IhyOVKbe0BGwEAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Code-Page,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Code-Page
+attributeID: 1.2.840.113556.1.4.16
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Code-Page
+adminDescription: Code-Page
+oMSyntax: 2
+searchFlags: 16
+lDAPDisplayName: codePage
+schemaFlagsEx: 1
+schemaIDGUID:: OHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-ClassID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-ClassID
+attributeID: 1.2.840.113556.1.4.19
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-ClassID
+adminDescription: COM-ClassID
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: cOMClassID
+schemaIDGUID:: O3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-CLSID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-CLSID
+attributeID: 1.2.840.113556.1.4.249
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-CLSID
+adminDescription: COM-CLSID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMCLSID
+schemaIDGUID:: 2RYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-InterfaceID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-InterfaceID
+attributeID: 1.2.840.113556.1.4.20
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-InterfaceID
+adminDescription: COM-InterfaceID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMInterfaceID
+schemaIDGUID:: PHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-Other-Prog-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-Other-Prog-Id
+attributeID: 1.2.840.113556.1.4.253
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-Other-Prog-Id
+adminDescription: COM-Other-Prog-Id
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMOtherProgId
+schemaIDGUID:: 3RYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-ProgID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-ProgID
+attributeID: 1.2.840.113556.1.4.21
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-ProgID
+adminDescription: COM-ProgID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMProgID
+schemaIDGUID:: PXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-Treat-As-Class-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-Treat-As-Class-Id
+attributeID: 1.2.840.113556.1.4.251
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-Treat-As-Class-Id
+adminDescription: COM-Treat-As-Class-Id
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMTreatAsClassId
+schemaIDGUID:: 2xYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-Typelib-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-Typelib-Id
+attributeID: 1.2.840.113556.1.4.254
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-Typelib-Id
+adminDescription: COM-Typelib-Id
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMTypelibId
+schemaIDGUID:: 3hYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-Unique-LIBID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-Unique-LIBID
+attributeID: 1.2.840.113556.1.4.250
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-Unique-LIBID
+adminDescription: COM-Unique-LIBID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMUniqueLIBID
+schemaIDGUID:: 2hYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Comment,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Comment
+attributeID: 1.2.840.113556.1.2.81
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+mAPIID: 12292
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Comment
+adminDescription: Comment
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: info
+schemaIDGUID:: PnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Common-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Common-Name
+attributeID: 2.5.4.3
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14863
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Common-Name
+adminDescription: Common-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: cn
+schemaFlagsEx: 1
+schemaIDGUID:: P3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Company,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Company
+attributeID: 1.2.840.113556.1.2.146
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14870
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Company
+adminDescription: Company
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: company
+schemaIDGUID:: iP/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Content-Indexing-Allowed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Content-Indexing-Allowed
+attributeID: 1.2.840.113556.1.4.24
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Content-Indexing-Allowed
+adminDescription: Content-Indexing-Allowed
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: contentIndexingAllowed
+schemaIDGUID:: Q3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Context-Menu,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Context-Menu
+attributeID: 1.2.840.113556.1.4.499
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Context-Menu
+adminDescription: Context-Menu
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: contextMenu
+schemaIDGUID:: 7gGGTYWs0BGv4wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Control-Access-Rights,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Control-Access-Rights
+attributeID: 1.2.840.113556.1.4.200
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Control-Access-Rights
+adminDescription: Control-Access-Rights
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: controlAccessRights
+schemaIDGUID:: /KSobVIO0BGihgCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Cost,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Cost
+attributeID: 1.2.840.113556.1.2.135
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 32872
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Cost
+adminDescription: Cost
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: cost
+schemaFlagsEx: 1
+schemaIDGUID:: RHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Country-Code,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Country-Code
+attributeID: 1.2.840.113556.1.4.25
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Country-Code
+adminDescription: Country-Code
+oMSyntax: 2
+searchFlags: 16
+lDAPDisplayName: countryCode
+schemaFlagsEx: 1
+schemaIDGUID:: cSTUX2IS0BGgYACqAGwz7Q==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Country-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Country-Name
+attributeID: 2.5.4.6
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 3
+mAPIID: 32873
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Country-Name
+adminDescription: Country-Name
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: c
+schemaFlagsEx: 1
+schemaIDGUID:: RXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Create-Dialog,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Create-Dialog
+attributeID: 1.2.840.113556.1.4.810
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Create-Dialog
+adminDescription: Create-Dialog
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: createDialog
+schemaIDGUID:: ipUJKzGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Create-Time-Stamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Create-Time-Stamp
+attributeID: 2.5.18.1
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Create-Time-Stamp
+adminDescription: Create-Time-Stamp
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: createTimeStamp
+schemaFlagsEx: 1
+schemaIDGUID:: cw35LZ8A0hGqTADAT9fYOg==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Create-Wizard-Ext,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Create-Wizard-Ext
+attributeID: 1.2.840.113556.1.4.812
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Create-Wizard-Ext
+adminDescription: Create-Wizard-Ext
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: createWizardExt
+schemaIDGUID:: i5UJKzGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Creation-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Creation-Time
+attributeID: 1.2.840.113556.1.4.26
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Creation-Time
+adminDescription: Creation-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: creationTime
+schemaFlagsEx: 1
+schemaIDGUID:: RnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Creation-Wizard,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Creation-Wizard
+attributeID: 1.2.840.113556.1.4.498
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Creation-Wizard
+adminDescription: Creation-Wizard
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: creationWizard
+schemaIDGUID:: 7QGGTYWs0BGv4wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Creator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Creator
+attributeID: 1.2.840.113556.1.4.679
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Creator
+adminDescription: Creator
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: creator
+schemaIDGUID:: hcv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CRL-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CRL-Object
+attributeID: 1.2.840.113556.1.4.689
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CRL-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: CRL-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: cRLObject
+schemaIDGUID:: Nyc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CRL-Partitioned-Revocation-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CRL-Partitioned-Revocation-List
+attributeID: 1.2.840.113556.1.4.683
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 10485760
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CRL-Partitioned-Revocation-List
+adminDescription: CRL-Partitioned-Revocation-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: cRLPartitionedRevocationList
+schemaIDGUID:: MSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Cross-Certificate-Pair,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Cross-Certificate-Pair
+attributeID: 2.5.4.40
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 32768
+mAPIID: 32805
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Cross-Certificate-Pair
+adminDescription: Cross-Certificate-Pair
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: crossCertificatePair
+schemaIDGUID:: sld3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Curr-Machine-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Curr-Machine-Id
+attributeID: 1.2.840.113556.1.4.337
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Curr-Machine-Id
+adminDescription: Curr-Machine-Id
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: currMachineId
+schemaIDGUID:: /nUAH0B+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Current-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Current-Location
+attributeID: 1.2.840.113556.1.4.335
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 32
+rangeUpper: 32
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Current-Location
+adminDescription: Current-Location
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: currentLocation
+schemaIDGUID:: /HUAH0B+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Current-Parent-CA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Current-Parent-CA
+attributeID: 1.2.840.113556.1.4.696
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Current-Parent-CA
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Current-Parent-CA
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: currentParentCA
+schemaIDGUID:: Pyc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Current-Value,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Current-Value
+attributeID: 1.2.840.113556.1.4.27
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Current-Value
+adminDescription: Current-Value
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: currentValue
+schemaFlagsEx: 1
+schemaIDGUID:: R3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DBCS-Pwd,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DBCS-Pwd
+attributeID: 1.2.840.113556.1.4.55
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DBCS-Pwd
+adminDescription: DBCS-Pwd
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dBCSPwd
+schemaFlagsEx: 1
+schemaIDGUID:: nHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Class-Store,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Class-Store
+attributeID: 1.2.840.113556.1.4.213
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Class-Store
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Default-Class-Store
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: defaultClassStore
+schemaIDGUID:: SHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Group
+attributeID: 1.2.840.113556.1.4.480
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Group
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Default-Group
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: defaultGroup
+schemaIDGUID:: 4sQLckql0BGv3wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Hiding-Value,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Hiding-Value
+attributeID: 1.2.840.113556.1.4.518
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Hiding-Value
+adminDescription: Default-Hiding-Value
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: defaultHidingValue
+schemaFlagsEx: 1
+schemaIDGUID:: FjGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Local-Policy-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Local-Policy-Object
+attributeID: 1.2.840.113556.1.4.57
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Local-Policy-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Default-Local-Policy-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: defaultLocalPolicyObject
+schemaIDGUID:: n3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Object-Category,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Object-Category
+attributeID: 1.2.840.113556.1.4.783
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Object-Category
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Default-Object-Category
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: defaultObjectCategory
+schemaFlagsEx: 1
+schemaIDGUID:: Z3PZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Priority
+attributeID: 1.2.840.113556.1.4.232
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Priority
+adminDescription: Default-Priority
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: defaultPriority
+schemaIDGUID:: yBYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Security-Descriptor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Security-Descriptor
+attributeID: 1.2.840.113556.1.4.224
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Security-Descriptor
+adminDescription: Default-Security-Descriptor
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: defaultSecurityDescriptor
+schemaFlagsEx: 1
+schemaIDGUID:: MG16gGkW0BGgZACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Delta-Revocation-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Delta-Revocation-List
+attributeID: 2.5.4.53
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 10485760
+mAPIID: 35910
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Delta-Revocation-List
+adminDescription: Delta-Revocation-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: deltaRevocationList
+schemaIDGUID:: tVd3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Department,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Department
+attributeID: 1.2.840.113556.1.2.141
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14872
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Department
+adminDescription: Department
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: department
+schemaIDGUID:: T3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=departmentNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: departmentNumber
+attributeID: 2.16.840.1.113730.3.1.2
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: departmentNumber
+adminDescription: Identifies a department within an organization.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: departmentNumber
+schemaIDGUID:: 7vaevsfLIk+ye5aWfn7lhQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Description
+attributeID: 2.5.4.13
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 1024
+mAPIID: 32879
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Description
+adminDescription: Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: description
+schemaFlagsEx: 1
+schemaIDGUID:: UHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Desktop-Profile,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Desktop-Profile
+attributeID: 1.2.840.113556.1.4.346
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Desktop-Profile
+adminDescription: Desktop-Profile
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: desktopProfile
+schemaIDGUID:: Blmm7saK0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Destination-Indicator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Destination-Indicator
+attributeID: 2.5.4.27
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 32880
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Destination-Indicator
+adminDescription: Destination-Indicator
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: destinationIndicator
+schemaIDGUID:: UXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Classes
+attributeID: 1.2.840.113556.1.4.715
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Classes
+adminDescription: dhcp-Classes
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dhcpClasses
+schemaIDGUID:: UCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Flags
+attributeID: 1.2.840.113556.1.4.700
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Flags
+adminDescription: dhcp-Flags
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: dhcpFlags
+schemaIDGUID:: QSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Identification,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Identification
+attributeID: 1.2.840.113556.1.4.701
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Identification
+adminDescription: dhcp-Identification
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dhcpIdentification
+schemaIDGUID:: Qic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Mask,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Mask
+attributeID: 1.2.840.113556.1.4.706
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Mask
+adminDescription: dhcp-Mask
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: dhcpMask
+schemaIDGUID:: Ryc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-MaxKey,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-MaxKey
+attributeID: 1.2.840.113556.1.4.719
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-MaxKey
+adminDescription: dhcp-MaxKey
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: dhcpMaxKey
+schemaIDGUID:: VCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Obj-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Obj-Description
+attributeID: 1.2.840.113556.1.4.703
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Obj-Description
+adminDescription: dhcp-Obj-Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dhcpObjDescription
+schemaIDGUID:: RCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Obj-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Obj-Name
+attributeID: 1.2.840.113556.1.4.702
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Obj-Name
+adminDescription: dhcp-Obj-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dhcpObjName
+schemaIDGUID:: Qyc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Options,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Options
+attributeID: 1.2.840.113556.1.4.714
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Options
+adminDescription: dhcp-Options
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dhcpOptions
+schemaIDGUID:: Tyc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Properties,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Properties
+attributeID: 1.2.840.113556.1.4.718
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Properties
+adminDescription: dhcp-Properties
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dhcpProperties
+schemaIDGUID:: Uyc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Ranges,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Ranges
+attributeID: 1.2.840.113556.1.4.707
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Ranges
+adminDescription: dhcp-Ranges
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: dhcpRanges
+schemaIDGUID:: SCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Reservations,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Reservations
+attributeID: 1.2.840.113556.1.4.709
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Reservations
+adminDescription: dhcp-Reservations
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: dhcpReservations
+schemaIDGUID:: Sic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Servers
+attributeID: 1.2.840.113556.1.4.704
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Servers
+adminDescription: dhcp-Servers
+oMSyntax: 19
+searchFlags: 0
+extendedCharsAllowed: TRUE
+lDAPDisplayName: dhcpServers
+schemaIDGUID:: RSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Sites,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Sites
+attributeID: 1.2.840.113556.1.4.708
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Sites
+adminDescription: dhcp-Sites
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: dhcpSites
+schemaIDGUID:: SSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-State,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-State
+attributeID: 1.2.840.113556.1.4.717
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-State
+adminDescription: dhcp-State
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: dhcpState
+schemaIDGUID:: Uic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Subnets,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Subnets
+attributeID: 1.2.840.113556.1.4.705
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Subnets
+adminDescription: dhcp-Subnets
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: dhcpSubnets
+schemaIDGUID:: Ric9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Type
+attributeID: 1.2.840.113556.1.4.699
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Type
+adminDescription: dhcp-Type
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: dhcpType
+schemaIDGUID:: Oyc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Unique-Key,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Unique-Key
+attributeID: 1.2.840.113556.1.4.698
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Unique-Key
+adminDescription: dhcp-Unique-Key
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: dhcpUniqueKey
+schemaIDGUID:: Oic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Update-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Update-Time
+attributeID: 1.2.840.113556.1.4.720
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Update-Time
+adminDescription: dhcp-Update-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: dhcpUpdateTime
+schemaIDGUID:: VSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Display-Name
+attributeID: 1.2.840.113556.1.2.13
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Display-Name
+adminDescription: Display-Name
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: displayName
+schemaFlagsEx: 1
+schemaIDGUID:: U3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Display-Name-Printable,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Display-Name-Printable
+attributeID: 1.2.840.113556.1.2.353
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+mAPIID: 14847
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Display-Name-Printable
+adminDescription: Display-Name-Printable
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: displayNamePrintable
+schemaFlagsEx: 1
+schemaIDGUID:: VHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DIT-Content-Rules,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DIT-Content-Rules
+attributeID: 2.5.21.2
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DIT-Content-Rules
+adminDescription: DIT-Content-Rules
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dITContentRules
+schemaFlagsEx: 1
+schemaIDGUID:: Rtl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Division,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Division
+attributeID: 1.2.840.113556.1.4.261
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Division
+adminDescription: Division
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: division
+schemaIDGUID:: oDZh/nMg0BGpwgCqAGwz7Q==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DMD-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DMD-Location
+attributeID: 1.2.840.113556.1.2.36
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DMD-Location
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: DMD-Location
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: dMDLocation
+schemaFlagsEx: 1
+schemaIDGUID:: i//48JER0BGgYACqAGwz7Q==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DMD-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DMD-Name
+attributeID: 1.2.840.113556.1.2.598
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+mAPIID: 35926
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DMD-Name
+adminDescription: DMD-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dmdName
+schemaIDGUID:: uVd3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DN-Reference-Update,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DN-Reference-Update
+attributeID: 1.2.840.113556.1.4.1242
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DN-Reference-Update
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: DN-Reference-Update
+oMSyntax: 127
+searchFlags: 8
+lDAPDisplayName: dNReferenceUpdate
+schemaFlagsEx: 1
+schemaIDGUID:: hg35LZ8A0hGqTADAT9fYOg==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Allow-Dynamic,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dns-Allow-Dynamic
+attributeID: 1.2.840.113556.1.4.378
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Allow-Dynamic
+adminDescription: Dns-Allow-Dynamic
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: dnsAllowDynamic
+schemaIDGUID:: ZR764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Allow-XFR,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dns-Allow-XFR
+attributeID: 1.2.840.113556.1.4.379
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Allow-XFR
+adminDescription: Dns-Allow-XFR
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: dnsAllowXFR
+schemaIDGUID:: Zh764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DNS-Host-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DNS-Host-Name
+attributeID: 1.2.840.113556.1.4.619
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DNS-Host-Name
+adminDescription: DNS-Host-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dNSHostName
+schemaFlagsEx: 1
+schemaIDGUID:: R5Xjchh70RGt7wDAT9jVzQ==
+attributeSecurityGUID:: R5Xjchh70RGt7wDAT9jVzQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Notify-Secondaries,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dns-Notify-Secondaries
+attributeID: 1.2.840.113556.1.4.381
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Notify-Secondaries
+adminDescription: Dns-Notify-Secondaries
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: dnsNotifySecondaries
+schemaIDGUID:: aB764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DNS-Property,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DNS-Property
+attributeID: 1.2.840.113556.1.4.1306
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DNS-Property
+adminDescription: DNS-Property
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dNSProperty
+schemaIDGUID:: /hVaZ3A70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Record,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dns-Record
+attributeID: 1.2.840.113556.1.4.382
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Record
+adminDescription: Dns-Record
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dnsRecord
+schemaIDGUID:: aR764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Root,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dns-Root
+attributeID: 1.2.840.113556.1.4.28
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Root
+adminDescription: Dns-Root
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: dnsRoot
+schemaFlagsEx: 1
+schemaIDGUID:: WXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Secure-Secondaries,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dns-Secure-Secondaries
+attributeID: 1.2.840.113556.1.4.380
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Secure-Secondaries
+adminDescription: Dns-Secure-Secondaries
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: dnsSecureSecondaries
+schemaIDGUID:: Zx764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DNS-Tombstoned,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DNS-Tombstoned
+attributeID: 1.2.840.113556.1.4.1414
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DNS-Tombstoned
+adminDescription: DNS-Tombstoned
+oMSyntax: 1
+searchFlags: 1
+lDAPDisplayName: dNSTombstoned
+schemaIDGUID:: ty7r1U6+O0aiFGNKRNc5Lg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentAuthor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: documentAuthor
+attributeID: 0.9.2342.19200300.100.1.14
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentAuthor
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ The documentAuthor attribute type specifies the distinguished name of the auth
+ or of a document.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: documentAuthor
+schemaIDGUID:: GY6K8V+veESwlm81wn64Pw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentIdentifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: documentIdentifier
+attributeID: 0.9.2342.19200300.100.1.11
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentIdentifier
+adminDescription: 
+ The documentIdentifier attribute type specifies a unique identifier for a docu
+ ment.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: documentIdentifier
+schemaIDGUID:: gs4hC2P/2UaQ+8i58k6XuQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentLocation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: documentLocation
+attributeID: 0.9.2342.19200300.100.1.15
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentLocation
+adminDescription: 
+ The documentLocation attribute type specifies the location of the document ori
+ ginal.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: documentLocation
+schemaIDGUID:: TrFYuW2sxE6Ikr5wtp9ygQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentPublisher,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: documentPublisher
+attributeID: 0.9.2342.19200300.100.1.56
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentPublisher
+adminDescription: 
+ The documentPublisher attribute is the person and/or organization that publish
+ ed a document.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: documentPublisher
+schemaIDGUID:: 1wkPF2nrikSaMPGv7P0y1w==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentTitle,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: documentTitle
+attributeID: 0.9.2342.19200300.100.1.12
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentTitle
+adminDescription: 
+ The documentTitle attribute type specifies the title of a document.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: documentTitle
+schemaIDGUID:: nFom3iz/uUeR3G5v4sQwYg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentVersion,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: documentVersion
+attributeID: 0.9.2342.19200300.100.1.13
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentVersion
+adminDescription: 
+ The documentVersion attribute type specifies the version number of a document.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: documentVersion
+schemaIDGUID:: qaizlBPW7EyarV+8wQRrQw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Certificate-Authorities,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Certificate-Authorities
+attributeID: 1.2.840.113556.1.4.668
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Certificate-Authorities
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Domain-Certificate-Authorities
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: domainCAs
+schemaIDGUID:: esv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Component,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Component
+attributeID: 0.9.2342.19200300.100.1.25
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Component
+adminDescription: Domain-Component
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dc
+schemaFlagsEx: 1
+schemaIDGUID:: VVoZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Cross-Ref,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Cross-Ref
+attributeID: 1.2.840.113556.1.4.472
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Cross-Ref
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Domain-Cross-Ref
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: domainCrossRef
+schemaFlagsEx: 1
+schemaIDGUID:: e+oAsIag0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-ID
+attributeID: 1.2.840.113556.1.4.686
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-ID
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Domain-ID
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: domainID
+schemaIDGUID:: NCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Identifier
+attributeID: 1.2.840.113556.1.4.755
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Identifier
+adminDescription: Domain-Identifier
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: domainIdentifier
+schemaIDGUID:: eBJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Policy-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Policy-Object
+attributeID: 1.2.840.113556.1.4.32
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Policy-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Domain-Policy-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: domainPolicyObject
+schemaIDGUID:: XXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Policy-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Policy-Reference
+attributeID: 1.2.840.113556.1.4.422
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Policy-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Domain-Policy-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: domainPolicyReference
+schemaIDGUID:: Kn6mgCKf0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: /omboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Replica,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Replica
+attributeID: 1.2.840.113556.1.4.158
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Replica
+adminDescription: Domain-Replica
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: domainReplica
+schemaFlagsEx: 1
+schemaIDGUID:: XnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Wide-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Wide-Policy
+attributeID: 1.2.840.113556.1.4.421
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Wide-Policy
+adminDescription: Domain-Wide-Policy
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: domainWidePolicy
+schemaIDGUID:: KX6mgCKf0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: /YmboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=drink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: drink
+attributeID: 0.9.2342.19200300.100.1.5
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: drink
+adminDescription: 
+ The drink (Favourite Drink) attribute type specifies the favorite drink of an 
+ object (or person).
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: drink
+schemaIDGUID:: taUaGi4m9k2vBCz2sNgASA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Driver-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Driver-Name
+attributeID: 1.2.840.113556.1.4.229
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Driver-Name
+adminDescription: Driver-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: driverName
+schemaIDGUID:: xRYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Driver-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Driver-Version
+attributeID: 1.2.840.113556.1.4.276
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Driver-Version
+adminDescription: Driver-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: driverVersion
+schemaIDGUID:: bl8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DS-Core-Propagation-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DS-Core-Propagation-Data
+attributeID: 1.2.840.113556.1.4.1357
+attributeSyntax: 2.5.5.11
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DS-Core-Propagation-Data
+adminDescription: DS-Core-Propagation-Data
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: dSCorePropagationData
+schemaFlagsEx: 1
+schemaIDGUID:: S6pn0QiL0hGZOQAA+HpX1A==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DS-Heuristics,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DS-Heuristics
+attributeID: 1.2.840.113556.1.2.212
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DS-Heuristics
+adminDescription: DS-Heuristics
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dSHeuristics
+schemaFlagsEx: 1
+schemaIDGUID:: hv/48JER0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DS-UI-Admin-Maximum,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DS-UI-Admin-Maximum
+attributeID: 1.2.840.113556.1.4.1344
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DS-UI-Admin-Maximum
+adminDescription: DS-UI-Admin-Maximum
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: dSUIAdminMaximum
+schemaIDGUID:: 4AqN7pFv0hGZBQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DS-UI-Admin-Notification,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DS-UI-Admin-Notification
+attributeID: 1.2.840.113556.1.4.1343
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DS-UI-Admin-Notification
+adminDescription: DS-UI-Admin-Notification
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dSUIAdminNotification
+schemaIDGUID:: lArq9pFv0hGZBQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DS-UI-Shell-Maximum,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DS-UI-Shell-Maximum
+attributeID: 1.2.840.113556.1.4.1345
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DS-UI-Shell-Maximum
+adminDescription: DS-UI-Shell-Maximum
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: dSUIShellMaximum
+schemaIDGUID:: anbK/JFv0hGZBQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DSA-Signature,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DSA-Signature
+attributeID: 1.2.840.113556.1.2.74
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+mAPIID: 32887
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DSA-Signature
+adminDescription: DSA-Signature
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dSASignature
+schemaFlagsEx: 1
+schemaIDGUID:: vFd3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dynamic-LDAP-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dynamic-LDAP-Server
+attributeID: 1.2.840.113556.1.4.537
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dynamic-LDAP-Server
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Dynamic-LDAP-Server
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: dynamicLDAPServer
+schemaIDGUID:: IYBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=E-mail-Addresses,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: E-mail-Addresses
+attributeID: 0.9.2342.19200300.100.1.3
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 256
+mAPIID: 14846
+showInAdvancedViewOnly: TRUE
+adminDisplayName: E-mail-Addresses
+adminDescription: E-mail-Addresses
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: mail
+schemaIDGUID:: YXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=EFSPolicy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: EFSPolicy
+attributeID: 1.2.840.113556.1.4.268
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: EFSPolicy
+adminDescription: EFSPolicy
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: eFSPolicy
+schemaFlagsEx: 1
+schemaIDGUID:: 7LJOjhJH0BGhoADAT9kwyQ==
+attributeSecurityGUID:: /YmboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Employee-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Employee-ID
+attributeID: 1.2.840.113556.1.4.35
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Employee-ID
+adminDescription: Employee-ID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: employeeID
+schemaIDGUID:: YnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Employee-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Employee-Number
+attributeID: 1.2.840.113556.1.2.610
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 512
+mAPIID: 35943
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Employee-Number
+adminDescription: Employee-Number
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: employeeNumber
+schemaIDGUID:: 73PfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Employee-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Employee-Type
+attributeID: 1.2.840.113556.1.2.613
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+mAPIID: 35945
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Employee-Type
+adminDescription: Employee-Type
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: employeeType
+schemaIDGUID:: 8HPfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Enabled
+attributeID: 1.2.840.113556.1.2.557
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+mAPIID: 35873
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Enabled
+adminDescription: Enabled
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: Enabled
+schemaFlagsEx: 1
+schemaIDGUID:: 8nPfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Enabled-Connection,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Enabled-Connection
+attributeID: 1.2.840.113556.1.4.36
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Enabled-Connection
+adminDescription: Enabled-Connection
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: enabledConnection
+schemaFlagsEx: 1
+schemaIDGUID:: Y3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Enrollment-Providers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Enrollment-Providers
+attributeID: 1.2.840.113556.1.4.825
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Enrollment-Providers
+adminDescription: Enrollment-Providers
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: enrollmentProviders
+schemaIDGUID:: s8U5KmCJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Entry-TTL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Entry-TTL
+description: 
+ This operational attribute is present in every dynamic entry and is maintained
+  by the server. The value of this attribute is the time-in-seconds that the en
+ try will continue to exist before disappearing from the directory. In the abse
+ nce of intervening "refresh" operations, the values returned by reading the at
+ tribute in two successive searches are guaranteed to be non-increasing. The sm
+ allest permissible value is 0, indicating that the entry may disappear without
+  warning.
+attributeID: 1.3.6.1.4.1.1466.101.119.3
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 31557600
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Entry-TTL
+adminDescription: Entry-TTL
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: entryTTL
+schemaIDGUID:: zN4T0hrYhEOqwtz8/WMc+A==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Extended-Attribute-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Extended-Attribute-Info
+attributeID: 1.2.840.113556.1.4.909
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Extended-Attribute-Info
+adminDescription: Extended-Attribute-Info
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: extendedAttributeInfo
+schemaFlagsEx: 1
+schemaIDGUID:: R9l6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Extended-Chars-Allowed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Extended-Chars-Allowed
+attributeID: 1.2.840.113556.1.2.380
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+mAPIID: 32935
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Extended-Chars-Allowed
+adminDescription: Extended-Chars-Allowed
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: extendedCharsAllowed
+schemaFlagsEx: 1
+schemaIDGUID:: ZnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Extended-Class-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Extended-Class-Info
+attributeID: 1.2.840.113556.1.4.908
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Extended-Class-Info
+adminDescription: Extended-Class-Info
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: extendedClassInfo
+schemaFlagsEx: 1
+schemaIDGUID:: SNl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Extension-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Extension-Name
+attributeID: 1.2.840.113556.1.2.227
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 255
+mAPIID: 32937
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Extension-Name
+adminDescription: Extension-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: extensionName
+schemaIDGUID:: cnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Extra-Columns,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Extra-Columns
+attributeID: 1.2.840.113556.1.4.1687
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Extra-Columns
+adminDescription: Extra-Columns
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: extraColumns
+schemaIDGUID:: RihO0tkdz0uZ16YifMhtpw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Facsimile-Telephone-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Facsimile-Telephone-Number
+attributeID: 2.5.4.23
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14883
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Facsimile-Telephone-Number
+adminDescription: Facsimile-Telephone-Number
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: facsimileTelephoneNumber
+schemaIDGUID:: dHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=File-Ext-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: File-Ext-Priority
+attributeID: 1.2.840.113556.1.4.816
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: File-Ext-Priority
+adminDescription: File-Ext-Priority
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: fileExtPriority
+schemaIDGUID:: FYPh2TmJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Flags
+attributeID: 1.2.840.113556.1.4.38
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Flags
+adminDescription: Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: flags
+schemaIDGUID:: dnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Flat-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Flat-Name
+attributeID: 1.2.840.113556.1.4.511
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Flat-Name
+adminDescription: Flat-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: flatName
+schemaFlagsEx: 1
+schemaIDGUID:: FzGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Force-Logoff,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Force-Logoff
+attributeID: 1.2.840.113556.1.4.39
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Force-Logoff
+adminDescription: Force-Logoff
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: forceLogoff
+schemaFlagsEx: 1
+schemaIDGUID:: d3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Foreign-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Foreign-Identifier
+attributeID: 1.2.840.113556.1.4.356
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Foreign-Identifier
+adminDescription: Foreign-Identifier
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: foreignIdentifier
+schemaIDGUID:: HomXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Friendly-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Friendly-Names
+attributeID: 1.2.840.113556.1.4.682
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Friendly-Names
+adminDescription: Friendly-Names
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: friendlyNames
+schemaIDGUID:: iMv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=From-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: From-Entry
+attributeID: 1.2.840.113556.1.4.910
+attributeSyntax: 2.5.5.8
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: From-Entry
+adminDescription: From-Entry
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: fromEntry
+schemaFlagsEx: 1
+schemaIDGUID:: Sdl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=From-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: From-Server
+attributeID: 1.2.840.113556.1.4.40
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: From-Server
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: From-Server
+oMSyntax: 127
+searchFlags: 1
+lDAPDisplayName: fromServer
+schemaFlagsEx: 1
+schemaIDGUID:: eXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Frs-Computer-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Frs-Computer-Reference
+attributeID: 1.2.840.113556.1.4.869
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 102
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Frs-Computer-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Frs-Computer-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: frsComputerReference
+schemaIDGUID:: eCUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Frs-Computer-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Frs-Computer-Reference-BL
+attributeID: 1.2.840.113556.1.4.870
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 103
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Frs-Computer-Reference-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Frs-Computer-Reference-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: frsComputerReferenceBL
+schemaIDGUID:: eSUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Control-Data-Creation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Control-Data-Creation
+attributeID: 1.2.840.113556.1.4.871
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Control-Data-Creation
+adminDescription: FRS-Control-Data-Creation
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSControlDataCreation
+schemaIDGUID:: eiUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Control-Inbound-Backlog,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Control-Inbound-Backlog
+attributeID: 1.2.840.113556.1.4.872
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Control-Inbound-Backlog
+adminDescription: FRS-Control-Inbound-Backlog
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSControlInboundBacklog
+schemaIDGUID:: eyUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Control-Outbound-Backlog,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Control-Outbound-Backlog
+attributeID: 1.2.840.113556.1.4.873
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Control-Outbound-Backlog
+adminDescription: FRS-Control-Outbound-Backlog
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSControlOutboundBacklog
+schemaIDGUID:: fCUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Directory-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Directory-Filter
+attributeID: 1.2.840.113556.1.4.484
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Directory-Filter
+adminDescription: FRS-Directory-Filter
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSDirectoryFilter
+schemaIDGUID:: cfHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-DS-Poll,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-DS-Poll
+attributeID: 1.2.840.113556.1.4.490
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-DS-Poll
+adminDescription: FRS-DS-Poll
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: fRSDSPoll
+schemaIDGUID:: d/HoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Extensions,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Extensions
+attributeID: 1.2.840.113556.1.4.536
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Extensions
+adminDescription: FRS-Extensions
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: fRSExtensions
+schemaIDGUID:: IIBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Fault-Condition,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Fault-Condition
+attributeID: 1.2.840.113556.1.4.491
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Fault-Condition
+adminDescription: FRS-Fault-Condition
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSFaultCondition
+schemaIDGUID:: ePHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-File-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-File-Filter
+attributeID: 1.2.840.113556.1.4.483
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-File-Filter
+adminDescription: FRS-File-Filter
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSFileFilter
+schemaIDGUID:: cPHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Flags
+attributeID: 1.2.840.113556.1.4.874
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Flags
+adminDescription: FRS-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: fRSFlags
+schemaIDGUID:: fSUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Level-Limit,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Level-Limit
+attributeID: 1.2.840.113556.1.4.534
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Level-Limit
+adminDescription: FRS-Level-Limit
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: fRSLevelLimit
+schemaIDGUID:: HoBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Member-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Member-Reference
+attributeID: 1.2.840.113556.1.4.875
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 104
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Member-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: FRS-Member-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: fRSMemberReference
+schemaIDGUID:: fiUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Member-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Member-Reference-BL
+attributeID: 1.2.840.113556.1.4.876
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 105
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Member-Reference-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: FRS-Member-Reference-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: fRSMemberReferenceBL
+schemaIDGUID:: fyUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Partner-Auth-Level,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Partner-Auth-Level
+attributeID: 1.2.840.113556.1.4.877
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Partner-Auth-Level
+adminDescription: FRS-Partner-Auth-Level
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: fRSPartnerAuthLevel
+schemaIDGUID:: gCUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Primary-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Primary-Member
+attributeID: 1.2.840.113556.1.4.878
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 106
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Primary-Member
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: FRS-Primary-Member
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: fRSPrimaryMember
+schemaIDGUID:: gSUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Replica-Set-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Replica-Set-GUID
+attributeID: 1.2.840.113556.1.4.533
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Replica-Set-GUID
+adminDescription: FRS-Replica-Set-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: fRSReplicaSetGUID
+schemaIDGUID:: GoBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Replica-Set-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Replica-Set-Type
+attributeID: 1.2.840.113556.1.4.31
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Replica-Set-Type
+adminDescription: FRS-Replica-Set-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: fRSReplicaSetType
+schemaIDGUID:: a3PZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Root-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Root-Path
+attributeID: 1.2.840.113556.1.4.487
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Root-Path
+adminDescription: FRS-Root-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSRootPath
+schemaIDGUID:: dPHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Root-Security,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Root-Security
+attributeID: 1.2.840.113556.1.4.535
+attributeSyntax: 2.5.5.15
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Root-Security
+adminDescription: FRS-Root-Security
+oMSyntax: 66
+searchFlags: 0
+lDAPDisplayName: fRSRootSecurity
+schemaIDGUID:: H4BFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Service-Command,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Service-Command
+attributeID: 1.2.840.113556.1.4.500
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Service-Command
+adminDescription: FRS-Service-Command
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSServiceCommand
+schemaIDGUID:: 7gys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Service-Command-Status,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Service-Command-Status
+attributeID: 1.2.840.113556.1.4.879
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Service-Command-Status
+adminDescription: FRS-Service-Command-Status
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSServiceCommandStatus
+schemaIDGUID:: giUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Staging-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Staging-Path
+attributeID: 1.2.840.113556.1.4.488
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Staging-Path
+adminDescription: FRS-Staging-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSStagingPath
+schemaIDGUID:: dfHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Time-Last-Command,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Time-Last-Command
+attributeID: 1.2.840.113556.1.4.880
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Time-Last-Command
+adminDescription: FRS-Time-Last-Command
+oMSyntax: 23
+searchFlags: 0
+lDAPDisplayName: fRSTimeLastCommand
+schemaIDGUID:: gyUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Time-Last-Config-Change,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Time-Last-Config-Change
+attributeID: 1.2.840.113556.1.4.881
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Time-Last-Config-Change
+adminDescription: FRS-Time-Last-Config-Change
+oMSyntax: 23
+searchFlags: 0
+lDAPDisplayName: fRSTimeLastConfigChange
+schemaIDGUID:: hCUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Update-Timeout,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Update-Timeout
+attributeID: 1.2.840.113556.1.4.485
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Update-Timeout
+adminDescription: FRS-Update-Timeout
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: fRSUpdateTimeout
+schemaIDGUID:: cvHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Version
+attributeID: 1.2.840.113556.1.4.882
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Version
+adminDescription: FRS-Version
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSVersion
+schemaIDGUID:: hSUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Version-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Version-GUID
+attributeID: 1.2.840.113556.1.4.43
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Version-GUID
+adminDescription: FRS-Version-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: fRSVersionGUID
+schemaIDGUID:: bHPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Working-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Working-Path
+attributeID: 1.2.840.113556.1.4.486
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Working-Path
+adminDescription: FRS-Working-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSWorkingPath
+schemaIDGUID:: c/HoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FSMO-Role-Owner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FSMO-Role-Owner
+attributeID: 1.2.840.113556.1.4.369
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FSMO-Role-Owner
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: FSMO-Role-Owner
+oMSyntax: 127
+searchFlags: 1
+lDAPDisplayName: fSMORoleOwner
+schemaFlagsEx: 1
+schemaIDGUID:: hxgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Garbage-Coll-Period,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Garbage-Coll-Period
+attributeID: 1.2.840.113556.1.2.301
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 32943
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Garbage-Coll-Period
+adminDescription: Garbage-Coll-Period
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: garbageCollPeriod
+schemaFlagsEx: 1
+schemaIDGUID:: oSTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Gecos,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Gecos
+attributeID: 1.3.6.1.1.1.1.2
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 10240
+showInAdvancedViewOnly: TRUE
+adminDisplayName: gecos
+adminDescription: The GECOS field; the common name (RFC 2307)
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: gecos
+schemaIDGUID:: Hz/go1UdU0KgrzDCp4Tkbg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Generated-Connection,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Generated-Connection
+attributeID: 1.2.840.113556.1.4.41
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Generated-Connection
+adminDescription: Generated-Connection
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: generatedConnection
+schemaIDGUID:: enmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Generation-Qualifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Generation-Qualifier
+attributeID: 2.5.4.44
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35923
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Generation-Qualifier
+adminDescription: Generation-Qualifier
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: generationQualifier
+schemaIDGUID:: BFh3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GidNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GidNumber
+attributeID: 1.3.6.1.1.1.1.1
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: gidNumber
+adminDescription: 
+ An integer uniquely identifying a group in an administrative domain (RFC 2307)
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: gidNumber
+schemaIDGUID:: DF+5xZ7sxEGEnLRll+1mlg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Given-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Given-Name
+attributeID: 2.5.4.42
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14854
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Given-Name
+adminDescription: Given-Name
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: givenName
+schemaFlagsEx: 1
+schemaIDGUID:: jv/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Global-Address-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Global-Address-List
+attributeID: 1.2.840.113556.1.4.1245
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Global-Address-List
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Global-Address-List
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: globalAddressList
+schemaFlagsEx: 1
+schemaIDGUID:: SMdU9/QG0hGqUwDAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Global-Address-List2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Global-Address-List2
+attributeID: 1.2.840.113556.1.4.2047
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2124
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Global-Address-List2
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute is used on a Microsoft Exchange container to store the distingu
+ ished name of a newly created global address list (GAL). This attribute must h
+ ave an entry before you can enable Messaging Application Programming Interface
+  (MAPI) clients to use a GAL.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: globalAddressList2
+schemaFlagsEx: 1
+schemaIDGUID:: PfaYSBJBfEeIJjygC9gnfQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Governs-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Governs-ID
+attributeID: 1.2.840.113556.1.2.22
+attributeSyntax: 2.5.5.2
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Governs-ID
+adminDescription: Governs-ID
+oMSyntax: 6
+searchFlags: 8
+lDAPDisplayName: governsID
+schemaFlagsEx: 1
+schemaIDGUID:: fXmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GP-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GP-Link
+attributeID: 1.2.840.113556.1.4.891
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GP-Link
+adminDescription: GP-Link
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: gPLink
+schemaIDGUID:: vjsO8/Cf0RG2AwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GP-Options,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GP-Options
+attributeID: 1.2.840.113556.1.4.892
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GP-Options
+adminDescription: GP-Options
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: gPOptions
+schemaIDGUID:: vzsO8/Cf0RG2AwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GPC-File-Sys-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GPC-File-Sys-Path
+attributeID: 1.2.840.113556.1.4.894
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GPC-File-Sys-Path
+adminDescription: GPC-File-Sys-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: gPCFileSysPath
+schemaIDGUID:: wTsO8/Cf0RG2AwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GPC-Functionality-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GPC-Functionality-Version
+attributeID: 1.2.840.113556.1.4.893
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GPC-Functionality-Version
+adminDescription: GPC-Functionality-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: gPCFunctionalityVersion
+schemaIDGUID:: wDsO8/Cf0RG2AwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GPC-Machine-Extension-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GPC-Machine-Extension-Names
+attributeID: 1.2.840.113556.1.4.1348
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GPC-Machine-Extension-Names
+adminDescription: GPC-Machine-Extension-Names
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: gPCMachineExtensionNames
+schemaIDGUID:: zI7/Mj940hGZFgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GPC-User-Extension-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GPC-User-Extension-Names
+attributeID: 1.2.840.113556.1.4.1349
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GPC-User-Extension-Names
+adminDescription: GPC-User-Extension-Names
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: gPCUserExtensionNames
+schemaIDGUID:: xl+nQj940hGZFgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GPC-WQL-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GPC-WQL-Filter
+attributeID: 1.2.840.113556.1.4.1694
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GPC-WQL-Filter
+adminDescription: GPC-WQL-Filter
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: gPCWQLFilter
+schemaIDGUID:: psfUe90aNkSMBDmZqIAVTA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Group-Attributes
+attributeID: 1.2.840.113556.1.4.152
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group-Attributes
+adminDescription: Group-Attributes
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: groupAttributes
+schemaIDGUID:: fnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group-Membership-SAM,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Group-Membership-SAM
+attributeID: 1.2.840.113556.1.4.166
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group-Membership-SAM
+adminDescription: Group-Membership-SAM
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: groupMembershipSAM
+schemaIDGUID:: gHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Group-Priority
+attributeID: 1.2.840.113556.1.4.345
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group-Priority
+adminDescription: Group-Priority
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: groupPriority
+schemaIDGUID:: BVmm7saK0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Group-Type
+attributeID: 1.2.840.113556.1.4.750
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group-Type
+adminDescription: Group-Type
+oMSyntax: 2
+searchFlags: 9
+lDAPDisplayName: groupType
+schemaFlagsEx: 1
+schemaIDGUID:: HgKamltK0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Groups-to-Ignore,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Groups-to-Ignore
+attributeID: 1.2.840.113556.1.4.344
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Groups-to-Ignore
+adminDescription: Groups-to-Ignore
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: groupsToIgnore
+schemaIDGUID:: BFmm7saK0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Has-Master-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Has-Master-NCs
+attributeID: 1.2.840.113556.1.2.14
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 32950
+linkID: 76
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Has-Master-NCs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Has-Master-NCs
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: hasMasterNCs
+schemaFlagsEx: 1
+schemaIDGUID:: gnmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Has-Partial-Replica-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Has-Partial-Replica-NCs
+attributeID: 1.2.840.113556.1.2.15
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 32949
+linkID: 74
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Has-Partial-Replica-NCs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Has-Partial-Replica-NCs
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: hasPartialReplicaNCs
+schemaFlagsEx: 1
+schemaIDGUID:: gXmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Help-Data16,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Help-Data16
+attributeID: 1.2.840.113556.1.2.402
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 32826
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Help-Data16
+adminDescription: Help-Data16
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: helpData16
+schemaFlagsEx: 1
+schemaIDGUID:: pyTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Help-Data32,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Help-Data32
+attributeID: 1.2.840.113556.1.2.9
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 32784
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Help-Data32
+adminDescription: Help-Data32
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: helpData32
+schemaFlagsEx: 1
+schemaIDGUID:: qCTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Help-File-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Help-File-Name
+attributeID: 1.2.840.113556.1.2.327
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 13
+mAPIID: 32827
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Help-File-Name
+adminDescription: Help-File-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: helpFileName
+schemaFlagsEx: 1
+schemaIDGUID:: qSTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Hide-From-AB,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Hide-From-AB
+attributeID: 1.2.840.113556.1.4.1780
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Hide-From-AB
+adminDescription: Hide-From-AB
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: hideFromAB
+schemaIDGUID:: ULcF7Hep/k6OjbpsGm4zqA==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Home-Directory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Home-Directory
+attributeID: 1.2.840.113556.1.4.44
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Home-Directory
+adminDescription: Home-Directory
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: homeDirectory
+schemaFlagsEx: 1
+schemaIDGUID:: hXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Home-Drive,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Home-Drive
+attributeID: 1.2.840.113556.1.4.45
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Home-Drive
+adminDescription: Home-Drive
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: homeDrive
+schemaFlagsEx: 1
+schemaIDGUID:: hnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=host,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: host
+attributeID: 0.9.2342.19200300.100.1.9
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: host
+adminDescription: The host attribute type specifies a host computer.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: host
+schemaIDGUID:: cd9DYEj6z0arfMvVRkSyLQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=houseIdentifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: houseIdentifier
+attributeID: 2.5.4.51
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 32768
+showInAdvancedViewOnly: TRUE
+adminDisplayName: houseIdentifier
+adminDescription: 
+ The houseIdentifier attribute type specifies a linguistic construct used to id
+ entify a particular building, for example a house number or house name relativ
+ e to a street, avenue, town or city, etc.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: houseIdentifier
+schemaIDGUID:: t5hTpErEtk6C0xPBCUbb/g==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Icon-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Icon-Path
+attributeID: 1.2.840.113556.1.4.219
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Icon-Path
+adminDescription: Icon-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: iconPath
+schemaIDGUID:: g//48JER0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Implemented-Categories,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Implemented-Categories
+attributeID: 1.2.840.113556.1.4.320
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Implemented-Categories
+adminDescription: Implemented-Categories
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: implementedCategories
+schemaIDGUID:: kg5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IndexedScopes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IndexedScopes
+attributeID: 1.2.840.113556.1.4.681
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: IndexedScopes
+adminDescription: IndexedScopes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: indexedScopes
+schemaIDGUID:: h8v9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Initial-Auth-Incoming,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Initial-Auth-Incoming
+attributeID: 1.2.840.113556.1.4.539
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Initial-Auth-Incoming
+adminDescription: Initial-Auth-Incoming
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: initialAuthIncoming
+schemaFlagsEx: 1
+schemaIDGUID:: I4BFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Initial-Auth-Outgoing,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Initial-Auth-Outgoing
+attributeID: 1.2.840.113556.1.4.540
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Initial-Auth-Outgoing
+adminDescription: Initial-Auth-Outgoing
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: initialAuthOutgoing
+schemaFlagsEx: 1
+schemaIDGUID:: JIBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Initials,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Initials
+attributeID: 2.5.4.43
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 6
+mAPIID: 14858
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Initials
+adminDescription: Initials
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: initials
+schemaIDGUID:: kP/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Install-Ui-Level,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Install-Ui-Level
+attributeID: 1.2.840.113556.1.4.847
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Install-Ui-Level
+adminDescription: Install-Ui-Level
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: installUiLevel
+schemaIDGUID:: ZN2nlhiR0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Instance-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Instance-Type
+attributeID: 1.2.840.113556.1.2.1
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 32957
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Instance-Type
+adminDescription: Instance-Type
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: instanceType
+schemaFlagsEx: 1
+schemaIDGUID:: jHmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Inter-Site-Topology-Failover,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Inter-Site-Topology-Failover
+attributeID: 1.2.840.113556.1.4.1248
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Inter-Site-Topology-Failover
+adminDescription: Inter-Site-Topology-Failover
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: interSiteTopologyFailover
+schemaFlagsEx: 1
+schemaIDGUID:: YJ7Gt8cs0hGFTgCgyYP2CA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Inter-Site-Topology-Generator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Inter-Site-Topology-Generator
+attributeID: 1.2.840.113556.1.4.1246
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Inter-Site-Topology-Generator
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Inter-Site-Topology-Generator
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: interSiteTopologyGenerator
+schemaFlagsEx: 1
+schemaIDGUID:: Xp7Gt8cs0hGFTgCgyYP2CA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Inter-Site-Topology-Renew,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Inter-Site-Topology-Renew
+attributeID: 1.2.840.113556.1.4.1247
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Inter-Site-Topology-Renew
+adminDescription: Inter-Site-Topology-Renew
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: interSiteTopologyRenew
+schemaFlagsEx: 1
+schemaIDGUID:: X57Gt8cs0hGFTgCgyYP2CA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=International-ISDN-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: International-ISDN-Number
+attributeID: 2.5.4.25
+attributeSyntax: 2.5.5.6
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 16
+mAPIID: 32958
+showInAdvancedViewOnly: TRUE
+adminDisplayName: International-ISDN-Number
+adminDescription: International-ISDN-Number
+oMSyntax: 18
+searchFlags: 0
+lDAPDisplayName: internationalISDNNumber
+schemaIDGUID:: jXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Invocation-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Invocation-Id
+attributeID: 1.2.840.113556.1.2.115
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+mAPIID: 32959
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Invocation-Id
+adminDescription: Invocation-Id
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: invocationId
+schemaFlagsEx: 1
+schemaIDGUID:: jnmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpHostNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IpHostNumber
+attributeID: 1.3.6.1.1.1.1.19
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipHostNumber
+adminDescription: IP address as a dotted decimal omitting leading zeros
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: ipHostNumber
+schemaIDGUID:: IbeL3tyF3k+2h5ZXaI5mfg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpNetmaskNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IpNetmaskNumber
+attributeID: 1.3.6.1.1.1.1.21
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipNetmaskNumber
+adminDescription: IP netmask as a dotted decimal, omitting leading zeros
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: ipNetmaskNumber
+schemaIDGUID:: zU/2by5GYk+0SppTR2WeuQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpNetworkNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IpNetworkNumber
+attributeID: 1.3.6.1.1.1.1.20
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipNetworkNumber
+adminDescription: IP network as a dotted decimal, omitting leading zeros
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: ipNetworkNumber
+schemaIDGUID:: 9FQ4TocwpEKoE7sMUolY0w==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpProtocolNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IpProtocolNumber
+attributeID: 1.3.6.1.1.1.1.17
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipProtocolNumber
+adminDescription: 
+ This is part of the protocols map and stores the unique number that identifies
+  the protocol.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: ipProtocolNumber
+schemaIDGUID:: 68b16y0OFUSWcBCBmTtCEQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Data
+attributeID: 1.2.840.113556.1.4.623
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Data
+adminDescription: Ipsec-Data
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: ipsecData
+schemaIDGUID:: H/gPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Data-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Data-Type
+attributeID: 1.2.840.113556.1.4.622
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Data-Type
+adminDescription: Ipsec-Data-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: ipsecDataType
+schemaIDGUID:: HvgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Filter-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Filter-Reference
+attributeID: 1.2.840.113556.1.4.629
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Filter-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-Filter-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecFilterReference
+schemaIDGUID:: I/gPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-ID
+attributeID: 1.2.840.113556.1.4.621
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-ID
+adminDescription: Ipsec-ID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ipsecID
+schemaIDGUID:: HfgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-ISAKMP-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-ISAKMP-Reference
+attributeID: 1.2.840.113556.1.4.626
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-ISAKMP-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-ISAKMP-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecISAKMPReference
+schemaIDGUID:: IPgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Name
+attributeID: 1.2.840.113556.1.4.620
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Name
+adminDescription: Ipsec-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ipsecName
+schemaIDGUID:: HPgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IPSEC-Negotiation-Policy-Action,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IPSEC-Negotiation-Policy-Action
+attributeID: 1.2.840.113556.1.4.888
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: IPSEC-Negotiation-Policy-Action
+adminDescription: IPSEC-Negotiation-Policy-Action
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: iPSECNegotiationPolicyAction
+schemaIDGUID:: dTA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Negotiation-Policy-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Negotiation-Policy-Reference
+attributeID: 1.2.840.113556.1.4.628
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Negotiation-Policy-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-Negotiation-Policy-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecNegotiationPolicyReference
+schemaIDGUID:: IvgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IPSEC-Negotiation-Policy-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IPSEC-Negotiation-Policy-Type
+attributeID: 1.2.840.113556.1.4.887
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: IPSEC-Negotiation-Policy-Type
+adminDescription: IPSEC-Negotiation-Policy-Type
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: iPSECNegotiationPolicyType
+schemaIDGUID:: dDA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-NFA-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-NFA-Reference
+attributeID: 1.2.840.113556.1.4.627
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-NFA-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-NFA-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecNFAReference
+schemaIDGUID:: IfgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Owners-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Owners-Reference
+attributeID: 1.2.840.113556.1.4.624
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Owners-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-Owners-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecOwnersReference
+schemaIDGUID:: JPgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Policy-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Policy-Reference
+attributeID: 1.2.840.113556.1.4.517
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Policy-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-Policy-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecPolicyReference
+schemaIDGUID:: GDGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpServicePort,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IpServicePort
+attributeID: 1.3.6.1.1.1.1.15
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipServicePort
+adminDescription: 
+ This is a part of the services map and contains the port at which the UNIX ser
+ vice is available.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: ipServicePort
+schemaIDGUID:: v64t/2P0WkmEBT5INkHqog==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpServiceProtocol,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IpServiceProtocol
+attributeID: 1.3.6.1.1.1.1.16
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipServiceProtocol
+adminDescription: 
+ This is a part of the services map and stores the protocol number for a UNIX s
+ ervice.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: ipServiceProtocol
+schemaIDGUID:: C+yWzdYetEOya/FwtkWIPw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Critical-System-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Critical-System-Object
+attributeID: 1.2.840.113556.1.4.868
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Critical-System-Object
+adminDescription: Is-Critical-System-Object
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: isCriticalSystemObject
+schemaFlagsEx: 1
+schemaIDGUID:: DfP7AP6R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Defunct,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Defunct
+attributeID: 1.2.840.113556.1.4.661
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Defunct
+adminDescription: Is-Defunct
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: isDefunct
+schemaFlagsEx: 1
+schemaIDGUID:: vg5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Deleted,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Deleted
+attributeID: 1.2.840.113556.1.2.48
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+mAPIID: 32960
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Deleted
+adminDescription: Is-Deleted
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: isDeleted
+schemaFlagsEx: 1
+schemaIDGUID:: j3mWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Ephemeral,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Ephemeral
+attributeID: 1.2.840.113556.1.4.1212
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Ephemeral
+adminDescription: Is-Ephemeral
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: isEphemeral
+schemaIDGUID:: 8FPE9PHF0RG7ywCAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Member-Of-DL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Member-Of-DL
+attributeID: 1.2.840.113556.1.2.102
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 32776
+linkID: 3
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Member-Of-DL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Is-Member-Of-DL
+oMSyntax: 127
+searchFlags: 16
+lDAPDisplayName: memberOf
+schemaFlagsEx: 1
+schemaIDGUID:: kXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: QMIKvKl50BGQIADAT8LUzw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Member-Of-Partial-Attribute-Set,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Member-Of-Partial-Attribute-Set
+attributeID: 1.2.840.113556.1.4.639
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Member-Of-Partial-Attribute-Set
+adminDescription: Is-Member-Of-Partial-Attribute-Set
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: isMemberOfPartialAttributeSet
+schemaFlagsEx: 1
+schemaIDGUID:: nVtAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Privilege-Holder,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Privilege-Holder
+attributeID: 1.2.840.113556.1.4.638
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 71
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Privilege-Holder
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Is-Privilege-Holder
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: isPrivilegeHolder
+schemaIDGUID:: nFtAGfo80RGpwAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Recycled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Recycled
+attributeID: 1.2.840.113556.1.4.2058
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Recycled
+adminDescription: Is the object recycled.
+oMSyntax: 1
+searchFlags: 8
+lDAPDisplayName: isRecycled
+schemaFlagsEx: 1
+schemaIDGUID:: VpK1j/FVS0Sqy/W0gv40WQ==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Single-Valued,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Single-Valued
+attributeID: 1.2.840.113556.1.2.33
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+mAPIID: 32961
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Single-Valued
+adminDescription: Is-Single-Valued
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: isSingleValued
+schemaFlagsEx: 1
+schemaIDGUID:: knmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=jpegPhoto,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: jpegPhoto
+attributeID: 0.9.2342.19200300.100.1.60
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: jpegPhoto
+adminDescription: 
+ Used to store one or more images of a person using the JPEG File Interchange F
+ ormat [JFIF].
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: jpegPhoto
+schemaIDGUID:: cgXIusQJqU+a5nYo162+Dg==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Keywords,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Keywords
+attributeID: 1.2.840.113556.1.4.48
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Keywords
+adminDescription: Keywords
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: keywords
+schemaFlagsEx: 1
+schemaIDGUID:: k3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Knowledge-Information,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Knowledge-Information
+attributeID: 2.5.4.2
+attributeSyntax: 2.5.5.4
+isSingleValued: FALSE
+mAPIID: 32963
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Knowledge-Information
+adminDescription: Knowledge-Information
+oMSyntax: 20
+searchFlags: 0
+lDAPDisplayName: knowledgeInformation
+schemaIDGUID:: H1h3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=labeledURI,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: labeledURI
+attributeID: 1.3.6.1.4.1.250.1.57
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: labeledURI
+adminDescription: 
+ A Uniform Resource Identifier followed by a label. The label is used to descri
+ be the resource to which the URI points, and is intended as a friendly name fi
+ t for human consumption.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: labeledURI
+schemaIDGUID:: RrtpxYDGvESic+bCJ9cbRQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Backup-Restoration-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Backup-Restoration-Time
+attributeID: 1.2.840.113556.1.4.519
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Backup-Restoration-Time
+adminDescription: Last-Backup-Restoration-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lastBackupRestorationTime
+schemaIDGUID:: 6Au7H2O60BGv7wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Content-Indexed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Content-Indexed
+attributeID: 1.2.840.113556.1.4.50
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Content-Indexed
+adminDescription: Last-Content-Indexed
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lastContentIndexed
+schemaIDGUID:: lXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Known-Parent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Known-Parent
+attributeID: 1.2.840.113556.1.4.781
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Known-Parent
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Last-Known-Parent
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: lastKnownParent
+schemaFlagsEx: 1
+schemaIDGUID:: cIarUglX0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Logoff,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Logoff
+attributeID: 1.2.840.113556.1.4.51
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Logoff
+adminDescription: Last-Logoff
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lastLogoff
+schemaFlagsEx: 1
+schemaIDGUID:: lnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Logon,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Logon
+attributeID: 1.2.840.113556.1.4.52
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Logon
+adminDescription: Last-Logon
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lastLogon
+schemaFlagsEx: 1
+schemaIDGUID:: l3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Logon-Timestamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Logon-Timestamp
+attributeID: 1.2.840.113556.1.4.1696
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Logon-Timestamp
+adminDescription: Last-Logon-Timestamp
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: lastLogonTimestamp
+schemaFlagsEx: 1
+schemaIDGUID:: BAriwFoO80+Ugl7+rs1wYA==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Set-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Set-Time
+attributeID: 1.2.840.113556.1.4.53
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Set-Time
+adminDescription: Last-Set-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lastSetTime
+schemaFlagsEx: 1
+schemaIDGUID:: mHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Update-Sequence,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Update-Sequence
+attributeID: 1.2.840.113556.1.4.330
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Update-Sequence
+adminDescription: Last-Update-Sequence
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: lastUpdateSequence
+schemaIDGUID:: nA5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=LDAP-Admin-Limits,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: LDAP-Admin-Limits
+attributeID: 1.2.840.113556.1.4.843
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: LDAP-Admin-Limits
+adminDescription: LDAP-Admin-Limits
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: lDAPAdminLimits
+schemaFlagsEx: 1
+schemaIDGUID:: UqNZc/eQ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=LDAP-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: LDAP-Display-Name
+attributeID: 1.2.840.113556.1.2.460
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+mAPIID: 33137
+showInAdvancedViewOnly: TRUE
+adminDisplayName: LDAP-Display-Name
+adminDescription: LDAP-Display-Name
+oMSyntax: 64
+searchFlags: 9
+lDAPDisplayName: lDAPDisplayName
+schemaFlagsEx: 1
+schemaIDGUID:: mnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=LDAP-IPDeny-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: LDAP-IPDeny-List
+attributeID: 1.2.840.113556.1.4.844
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: LDAP-IPDeny-List
+adminDescription: LDAP-IPDeny-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: lDAPIPDenyList
+schemaFlagsEx: 1
+schemaIDGUID:: U6NZc/eQ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Legacy-Exchange-DN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Legacy-Exchange-DN
+attributeID: 1.2.840.113556.1.4.655
+attributeSyntax: 2.5.5.4
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Legacy-Exchange-DN
+adminDescription: Legacy-Exchange-DN
+oMSyntax: 20
+searchFlags: 13
+lDAPDisplayName: legacyExchangeDN
+schemaFlagsEx: 1
+schemaIDGUID:: vA5jKNVB0RGpwQAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Link-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Link-ID
+attributeID: 1.2.840.113556.1.2.50
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 32965
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Link-ID
+adminDescription: Link-ID
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: linkID
+schemaFlagsEx: 1
+schemaIDGUID:: m3mWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Link-Track-Secret,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Link-Track-Secret
+attributeID: 1.2.840.113556.1.4.269
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Link-Track-Secret
+adminDescription: Link-Track-Secret
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: linkTrackSecret
+schemaIDGUID:: 4g/oKrRH0BGhpADAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Lm-Pwd-History,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Lm-Pwd-History
+attributeID: 1.2.840.113556.1.4.160
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lm-Pwd-History
+adminDescription: Lm-Pwd-History
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: lmPwdHistory
+schemaFlagsEx: 1
+schemaIDGUID:: nXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Local-Policy-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Local-Policy-Flags
+attributeID: 1.2.840.113556.1.4.56
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Local-Policy-Flags
+adminDescription: Local-Policy-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: localPolicyFlags
+schemaFlagsEx: 1
+schemaIDGUID:: nnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Local-Policy-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Local-Policy-Reference
+attributeID: 1.2.840.113556.1.4.457
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Local-Policy-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Local-Policy-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: localPolicyReference
+schemaIDGUID:: TX6mgCKf0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: AYqboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Locale-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Locale-ID
+attributeID: 1.2.840.113556.1.4.58
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Locale-ID
+adminDescription: Locale-ID
+oMSyntax: 2
+searchFlags: 16
+lDAPDisplayName: localeID
+schemaIDGUID:: oXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Locality-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Locality-Name
+attributeID: 2.5.4.7
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 14887
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Locality-Name
+adminDescription: Locality-Name
+oMSyntax: 64
+searchFlags: 17
+lDAPDisplayName: l
+schemaFlagsEx: 1
+schemaIDGUID:: onmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Localization-Display-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Localization-Display-Id
+attributeID: 1.2.840.113556.1.4.1353
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Localization-Display-Id
+adminDescription: Localization-Display-Id
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: localizationDisplayId
+schemaIDGUID:: 0fBGp9B40hGZFgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Localized-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Localized-Description
+attributeID: 1.2.840.113556.1.4.817
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Localized-Description
+adminDescription: Localized-Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: localizedDescription
+schemaIDGUID:: FoPh2TmJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Location
+attributeID: 1.2.840.113556.1.4.222
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Location
+adminDescription: Location
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: location
+schemaIDGUID:: n7fcCV8W0BGgZACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Lock-Out-Observation-Window,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Lock-Out-Observation-Window
+attributeID: 1.2.840.113556.1.4.61
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lock-Out-Observation-Window
+adminDescription: Lock-Out-Observation-Window
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lockOutObservationWindow
+schemaFlagsEx: 1
+schemaIDGUID:: pHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Lockout-Duration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Lockout-Duration
+attributeID: 1.2.840.113556.1.4.60
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lockout-Duration
+adminDescription: Lockout-Duration
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lockoutDuration
+schemaFlagsEx: 1
+schemaIDGUID:: pXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Lockout-Threshold,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Lockout-Threshold
+attributeID: 1.2.840.113556.1.4.73
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lockout-Threshold
+adminDescription: Lockout-Threshold
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: lockoutThreshold
+schemaFlagsEx: 1
+schemaIDGUID:: pnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Lockout-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Lockout-Time
+attributeID: 1.2.840.113556.1.4.662
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lockout-Time
+adminDescription: Lockout-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lockoutTime
+schemaFlagsEx: 1
+schemaIDGUID:: vw5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=LoginShell,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: LoginShell
+attributeID: 1.3.6.1.1.1.1.4
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: loginShell
+adminDescription: The path to the login shell (RFC 2307)
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: loginShell
+schemaIDGUID:: LNFTpTEyXkyK340YlpdyHg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Logo,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Logo
+attributeID: 2.16.840.1.113730.3.1.36
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Logo
+adminDescription: Logo
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: thumbnailLogo
+schemaFlagsEx: 1
+schemaIDGUID:: qXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Logon-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Logon-Count
+attributeID: 1.2.840.113556.1.4.169
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Logon-Count
+adminDescription: Logon-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: logonCount
+schemaFlagsEx: 1
+schemaIDGUID:: qnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Logon-Hours,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Logon-Hours
+attributeID: 1.2.840.113556.1.4.64
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Logon-Hours
+adminDescription: Logon-Hours
+oMSyntax: 4
+searchFlags: 16
+lDAPDisplayName: logonHours
+schemaFlagsEx: 1
+schemaIDGUID:: q3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Logon-Workstation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Logon-Workstation
+attributeID: 1.2.840.113556.1.4.65
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Logon-Workstation
+adminDescription: Logon-Workstation
+oMSyntax: 4
+searchFlags: 16
+lDAPDisplayName: logonWorkstation
+schemaIDGUID:: rHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=LSA-Creation-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: LSA-Creation-Time
+attributeID: 1.2.840.113556.1.4.66
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: LSA-Creation-Time
+adminDescription: LSA-Creation-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lSACreationTime
+schemaIDGUID:: rXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=LSA-Modified-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: LSA-Modified-Count
+attributeID: 1.2.840.113556.1.4.67
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: LSA-Modified-Count
+adminDescription: LSA-Modified-Count
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lSAModifiedCount
+schemaIDGUID:: rnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MacAddress,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MacAddress
+attributeID: 1.3.6.1.1.1.1.22
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: macAddress
+adminDescription: MAC address in maximal, colon seperated hex notation
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: macAddress
+schemaIDGUID:: 3SKl5nCX4UOJ3h3lBEMo9w==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Machine-Architecture,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Machine-Architecture
+attributeID: 1.2.840.113556.1.4.68
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Machine-Architecture
+adminDescription: Machine-Architecture
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: machineArchitecture
+schemaIDGUID:: r3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Machine-Password-Change-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Machine-Password-Change-Interval
+attributeID: 1.2.840.113556.1.4.520
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Machine-Password-Change-Interval
+adminDescription: Machine-Password-Change-Interval
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: machinePasswordChangeInterval
+schemaIDGUID:: jjW2yTi70BGv7wAA+ANnwQ==
+attributeSecurityGUID:: /omboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Machine-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Machine-Role
+attributeID: 1.2.840.113556.1.4.71
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Machine-Role
+adminDescription: Machine-Role
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: machineRole
+schemaFlagsEx: 1
+schemaIDGUID:: snmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Machine-Wide-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Machine-Wide-Policy
+attributeID: 1.2.840.113556.1.4.459
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Machine-Wide-Policy
+adminDescription: Machine-Wide-Policy
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: machineWidePolicy
+schemaIDGUID:: T36mgCKf0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: AYqboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Managed-By,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Managed-By
+attributeID: 1.2.840.113556.1.4.653
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+mAPIID: 32780
+linkID: 72
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Managed-By
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Managed-By
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: managedBy
+schemaFlagsEx: 1
+schemaIDGUID:: IMGWAtpA0RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Managed-Objects,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Managed-Objects
+attributeID: 1.2.840.113556.1.4.654
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 32804
+linkID: 73
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Managed-Objects
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Managed-Objects
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: managedObjects
+schemaIDGUID:: JMGWAtpA0RGpwAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Manager,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Manager
+attributeID: 0.9.2342.19200300.100.1.10
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+mAPIID: 32773
+linkID: 42
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Manager
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Manager
+oMSyntax: 127
+searchFlags: 16
+lDAPDisplayName: manager
+schemaIDGUID:: tXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MAPI-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MAPI-ID
+attributeID: 1.2.840.113556.1.2.49
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 32974
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MAPI-ID
+adminDescription: MAPI-ID
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mAPIID
+schemaFlagsEx: 1
+schemaIDGUID:: t3mWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Marshalled-Interface,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Marshalled-Interface
+attributeID: 1.2.840.113556.1.4.72
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Marshalled-Interface
+adminDescription: Marshalled-Interface
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: marshalledInterface
+schemaIDGUID:: uXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Mastered-By,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Mastered-By
+attributeID: 1.2.840.113556.1.4.1409
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 77
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Mastered-By
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Mastered-By
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: masteredBy
+schemaFlagsEx: 1
+schemaIDGUID:: 4GSO5MkS0xGRAgDAT9kasQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Max-Pwd-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Max-Pwd-Age
+attributeID: 1.2.840.113556.1.4.74
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Max-Pwd-Age
+adminDescription: Max-Pwd-Age
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: maxPwdAge
+schemaFlagsEx: 1
+schemaIDGUID:: u3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Max-Renew-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Max-Renew-Age
+attributeID: 1.2.840.113556.1.4.75
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Max-Renew-Age
+adminDescription: Max-Renew-Age
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: maxRenewAge
+schemaFlagsEx: 1
+schemaIDGUID:: vHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Max-Storage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Max-Storage
+attributeID: 1.2.840.113556.1.4.76
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Max-Storage
+adminDescription: Max-Storage
+oMSyntax: 65
+searchFlags: 16
+lDAPDisplayName: maxStorage
+schemaIDGUID:: vXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Max-Ticket-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Max-Ticket-Age
+attributeID: 1.2.840.113556.1.4.77
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Max-Ticket-Age
+adminDescription: Max-Ticket-Age
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: maxTicketAge
+schemaFlagsEx: 1
+schemaIDGUID:: vnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=May-Contain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: May-Contain
+attributeID: 1.2.840.113556.1.2.25
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: May-Contain
+adminDescription: May-Contain
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: mayContain
+schemaFlagsEx: 1
+schemaIDGUID:: v3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingAdvertiseScope,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingAdvertiseScope
+attributeID: 1.2.840.113556.1.4.582
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingAdvertiseScope
+adminDescription: meetingAdvertiseScope
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingAdvertiseScope
+schemaIDGUID:: i8y2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingApplication,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingApplication
+attributeID: 1.2.840.113556.1.4.573
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingApplication
+adminDescription: meetingApplication
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingApplication
+schemaIDGUID:: g8y2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingBandwidth,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingBandwidth
+attributeID: 1.2.840.113556.1.4.589
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingBandwidth
+adminDescription: meetingBandwidth
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: meetingBandwidth
+schemaIDGUID:: ksy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingBlob,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingBlob
+attributeID: 1.2.840.113556.1.4.590
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingBlob
+adminDescription: meetingBlob
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: meetingBlob
+schemaIDGUID:: k8y2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingContactInfo,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingContactInfo
+attributeID: 1.2.840.113556.1.4.578
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingContactInfo
+adminDescription: meetingContactInfo
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingContactInfo
+schemaIDGUID:: h8y2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingDescription,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingDescription
+attributeID: 1.2.840.113556.1.4.567
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingDescription
+adminDescription: meetingDescription
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingDescription
+schemaIDGUID:: fsy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingEndTime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingEndTime
+attributeID: 1.2.840.113556.1.4.588
+attributeSyntax: 2.5.5.11
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingEndTime
+adminDescription: meetingEndTime
+oMSyntax: 23
+searchFlags: 0
+lDAPDisplayName: meetingEndTime
+schemaIDGUID:: kcy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingID
+attributeID: 1.2.840.113556.1.4.565
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingID
+adminDescription: meetingID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingID
+schemaIDGUID:: fMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingIP,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingIP
+attributeID: 1.2.840.113556.1.4.580
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingIP
+adminDescription: meetingIP
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingIP
+schemaIDGUID:: icy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingIsEncrypted,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingIsEncrypted
+attributeID: 1.2.840.113556.1.4.585
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingIsEncrypted
+adminDescription: meetingIsEncrypted
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingIsEncrypted
+schemaIDGUID:: jsy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingKeyword,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingKeyword
+attributeID: 1.2.840.113556.1.4.568
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingKeyword
+adminDescription: meetingKeyword
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingKeyword
+schemaIDGUID:: f8y2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingLanguage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingLanguage
+attributeID: 1.2.840.113556.1.4.574
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingLanguage
+adminDescription: meetingLanguage
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingLanguage
+schemaIDGUID:: hMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingLocation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingLocation
+attributeID: 1.2.840.113556.1.4.569
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingLocation
+adminDescription: meetingLocation
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingLocation
+schemaIDGUID:: gMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingMaxParticipants,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingMaxParticipants
+attributeID: 1.2.840.113556.1.4.576
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingMaxParticipants
+adminDescription: meetingMaxParticipants
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: meetingMaxParticipants
+schemaIDGUID:: hcy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingName
+attributeID: 1.2.840.113556.1.4.566
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingName
+adminDescription: meetingName
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingName
+schemaIDGUID:: fcy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingOriginator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingOriginator
+attributeID: 1.2.840.113556.1.4.577
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingOriginator
+adminDescription: meetingOriginator
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingOriginator
+schemaIDGUID:: hsy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingOwner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingOwner
+attributeID: 1.2.840.113556.1.4.579
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingOwner
+adminDescription: meetingOwner
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingOwner
+schemaIDGUID:: iMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingProtocol,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingProtocol
+attributeID: 1.2.840.113556.1.4.570
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingProtocol
+adminDescription: meetingProtocol
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingProtocol
+schemaIDGUID:: gcy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingRating,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingRating
+attributeID: 1.2.840.113556.1.4.584
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingRating
+adminDescription: meetingRating
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingRating
+schemaIDGUID:: jcy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingRecurrence,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingRecurrence
+attributeID: 1.2.840.113556.1.4.586
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingRecurrence
+adminDescription: meetingRecurrence
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingRecurrence
+schemaIDGUID:: j8y2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingScope,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingScope
+attributeID: 1.2.840.113556.1.4.581
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingScope
+adminDescription: meetingScope
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingScope
+schemaIDGUID:: isy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingStartTime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingStartTime
+attributeID: 1.2.840.113556.1.4.587
+attributeSyntax: 2.5.5.11
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingStartTime
+adminDescription: meetingStartTime
+oMSyntax: 23
+searchFlags: 0
+lDAPDisplayName: meetingStartTime
+schemaIDGUID:: kMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingType
+attributeID: 1.2.840.113556.1.4.571
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingType
+adminDescription: meetingType
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingType
+schemaIDGUID:: gsy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingURL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingURL
+attributeID: 1.2.840.113556.1.4.583
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingURL
+adminDescription: meetingURL
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingURL
+schemaIDGUID:: jMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Member
+attributeID: 2.5.4.31
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 32777
+linkID: 2
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Member
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Member
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: member
+schemaFlagsEx: 1
+schemaIDGUID:: wHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: QMIKvKl50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MemberNisNetgroup,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MemberNisNetgroup
+attributeID: 1.3.6.1.1.1.1.13
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 153600
+showInAdvancedViewOnly: TRUE
+adminDisplayName: memberNisNetgroup
+adminDescription: 
+ A multivalued attribute that holds the list of netgroups that are members of t
+ his netgroup.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: memberNisNetgroup
+schemaIDGUID:: 3BdqD+VT6EuUQo884vkBKg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MemberUid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MemberUid
+attributeID: 1.3.6.1.1.1.1.12
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 256000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: memberUid
+adminDescription: 
+ This multivalued attribute holds the login names of the members of a group.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: memberUid
+schemaIDGUID:: NrLaAy5nYU+rZPd9LcL/qw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MHS-OR-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MHS-OR-Address
+attributeID: 1.2.840.113556.1.4.650
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MHS-OR-Address
+adminDescription: MHS-OR-Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mhsORAddress
+schemaIDGUID:: IsGWAtpA0RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Min-Pwd-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Min-Pwd-Age
+attributeID: 1.2.840.113556.1.4.78
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Min-Pwd-Age
+adminDescription: Min-Pwd-Age
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: minPwdAge
+schemaFlagsEx: 1
+schemaIDGUID:: wnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Min-Pwd-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Min-Pwd-Length
+attributeID: 1.2.840.113556.1.4.79
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Min-Pwd-Length
+adminDescription: Min-Pwd-Length
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: minPwdLength
+schemaFlagsEx: 1
+schemaIDGUID:: w3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Min-Ticket-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Min-Ticket-Age
+attributeID: 1.2.840.113556.1.4.80
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Min-Ticket-Age
+adminDescription: Min-Ticket-Age
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: minTicketAge
+schemaFlagsEx: 1
+schemaIDGUID:: xHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Modified-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Modified-Count
+attributeID: 1.2.840.113556.1.4.168
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Modified-Count
+adminDescription: Modified-Count
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: modifiedCount
+schemaFlagsEx: 1
+schemaIDGUID:: xXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Modified-Count-At-Last-Prom,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Modified-Count-At-Last-Prom
+attributeID: 1.2.840.113556.1.4.81
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Modified-Count-At-Last-Prom
+adminDescription: Modified-Count-At-Last-Prom
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: modifiedCountAtLastProm
+schemaFlagsEx: 1
+schemaIDGUID:: xnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Modify-Time-Stamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Modify-Time-Stamp
+attributeID: 2.5.18.2
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Modify-Time-Stamp
+adminDescription: Modify-Time-Stamp
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: modifyTimeStamp
+schemaFlagsEx: 1
+schemaIDGUID:: Stl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Moniker,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Moniker
+attributeID: 1.2.840.113556.1.4.82
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Moniker
+adminDescription: Moniker
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: moniker
+schemaIDGUID:: x3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Moniker-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Moniker-Display-Name
+attributeID: 1.2.840.113556.1.4.83
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Moniker-Display-Name
+adminDescription: Moniker-Display-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: monikerDisplayName
+schemaIDGUID:: yHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Move-Tree-State,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Move-Tree-State
+attributeID: 1.2.840.113556.1.4.1305
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Move-Tree-State
+adminDescription: Move-Tree-State
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: moveTreeState
+schemaIDGUID:: yMIqH3E70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-DefaultPartitionLink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-COM-DefaultPartitionLink
+attributeID: 1.2.840.113556.1.4.1427
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-DefaultPartitionLink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Link to a the default Partition for the PartitionSet. Default = adminDisplayNa
+ me
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msCOM-DefaultPartitionLink
+schemaIDGUID:: 9xCLmRqqZEO4Z3U9GX/mcA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-ObjectId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-COM-ObjectId
+attributeID: 1.2.840.113556.1.4.1428
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-ObjectId
+adminDescription: Object ID that COM+ uses. Default = adminDisplayName
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msCOM-ObjectId
+schemaIDGUID:: i2cPQ5+I8kGYQyA7WmVXLw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-PartitionLink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-COM-PartitionLink
+attributeID: 1.2.840.113556.1.4.1423
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 1040
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-PartitionLink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Link from a PartitionSet to a Partition. Default = adminDisplayName
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msCOM-PartitionLink
+schemaIDGUID:: YqyrCT8EAkesK2yhXu5XVA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-PartitionSetLink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-COM-PartitionSetLink
+attributeID: 1.2.840.113556.1.4.1424
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 1041
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-PartitionSetLink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Link from a Partition to a PartitionSet. Default = adminDisplayName
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msCOM-PartitionSetLink
+schemaIDGUID:: 3CHxZwJ9fUyC9ZrUyVCsNA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-UserLink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-COM-UserLink
+attributeID: 1.2.840.113556.1.4.1425
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 1049
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-UserLink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Link from a PartitionSet to a User. Default = adminDisplayName
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msCOM-UserLink
+schemaIDGUID:: TTpvniwkN0+waDa1f5/IUg==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-UserPartitionSetLink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-COM-UserPartitionSetLink
+attributeID: 1.2.840.113556.1.4.1426
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 1048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-UserPartitionSetLink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Link from a User to a PartitionSet. Default = adminDisplayName
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msCOM-UserPartitionSetLink
+schemaIDGUID:: igyUjnfkZ0Owjf8v+ULc1w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Comment-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Comment-v2
+attributeID: 1.2.840.113556.1.4.2036
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32766
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Comment-v2
+adminDescription: Comment associated with DFS root/link.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFS-Commentv2
+schemaIDGUID:: yc6Gt/1hI0WywVzrOGC7Mg==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Generation-GUID-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Generation-GUID-v2
+attributeID: 1.2.840.113556.1.4.2032
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Generation-GUID-v2
+adminDescription: 
+ To be updated each time the entry containing this attribute is modified.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFS-GenerationGUIDv2
+schemaIDGUID:: 2bO4NY/F1kOTDlBA8vGngQ==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Last-Modified-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Last-Modified-v2
+attributeID: 1.2.840.113556.1.4.2034
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Last-Modified-v2
+adminDescription: 
+ To be updated on each write to the entry containing the attribute.
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: msDFS-LastModifiedv2
+schemaIDGUID:: il4JPE4xW0aD9auCd7zymw==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Link-Identity-GUID-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Link-Identity-GUID-v2
+attributeID: 1.2.840.113556.1.4.2041
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Link-Identity-GUID-v2
+adminDescription: 
+ To be set only when the link is created. Stable across rename/move as long as 
+ link is not replaced by another link having same name.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFS-LinkIdentityGUIDv2
+schemaIDGUID:: 8yew7SZX7k2NTtvwfhrR8Q==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Link-Path-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Link-Path-v2
+attributeID: 1.2.840.113556.1.4.2039
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32766
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Link-Path-v2
+adminDescription: 
+ DFS link path relative to the DFS root target share (i.e. without the server/d
+ omain and DFS namespace name components). Use forward slashes (/) instead of b
+ ackslashes so that LDAP searches can be done without having to use escapes.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFS-LinkPathv2
+schemaIDGUID:: 9iGwhqsQokCiUh3AzDvmqQ==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Link-Security-Descriptor-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Link-Security-Descriptor-v2
+attributeID: 1.2.840.113556.1.4.2040
+attributeSyntax: 2.5.5.15
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Link-Security-Descriptor-v2
+adminDescription: 
+ Security descriptor of the DFS links's reparse point on the filesystem.
+oMSyntax: 66
+searchFlags: 0
+lDAPDisplayName: msDFS-LinkSecurityDescriptorv2
+schemaIDGUID:: 94fPVyY0QUizIgKztunrqA==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Namespace-Identity-GUID-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Namespace-Identity-GUID-v2
+attributeID: 1.2.840.113556.1.4.2033
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Namespace-Identity-GUID-v2
+adminDescription: 
+ To be set only when the namespace is created. Stable across rename/move as lon
+ g as namespace is not replaced by another namespace having same name.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFS-NamespaceIdentityGUIDv2
+schemaIDGUID:: zjIEIF/sMUmlJdf0r+NOaA==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Properties-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Properties-v2
+attributeID: 1.2.840.113556.1.4.2037
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Properties-v2
+adminDescription: Properties associated with DFS root/link.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFS-Propertiesv2
+schemaIDGUID:: xVs+DA7r9UCbUzNOlY3/2w==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Schema-Major-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Schema-Major-Version
+attributeID: 1.2.840.113556.1.4.2030
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 2
+rangeUpper: 2
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Schema-Major-Version
+adminDescription: Major version of schema of DFS metadata.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFS-SchemaMajorVersion
+schemaIDGUID:: VXht7EpwYU+apsSafB1Uxw==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Schema-Minor-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Schema-Minor-Version
+attributeID: 1.2.840.113556.1.4.2031
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Schema-Minor-Version
+adminDescription: Minor version of schema of DFS metadata.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFS-SchemaMinorVersion
+schemaIDGUID:: Jaf5/vHoq0O9hmoBFc6eOA==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Short-Name-Link-Path-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Short-Name-Link-Path-v2
+attributeID: 1.2.840.113556.1.4.2042
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32766
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Short-Name-Link-Path-v2
+adminDescription: 
+ Shortname DFS link path relative to the DFS root target share (i.e. without th
+ e server/domain and DFS namespace name components). Use forward slashes (/) in
+ stead of backslashes so that LDAP searches can be done without having to use e
+ scapes.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFS-ShortNameLinkPathv2
+schemaIDGUID:: 8CZ4LfdM6UKgOREQ4NnKmQ==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Target-List-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Target-List-v2
+attributeID: 1.2.840.113556.1.4.2038
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2097152
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Target-List-v2
+adminDescription: Targets corresponding to DFS root/link.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFS-TargetListv2
+schemaIDGUID:: xiaxakH6NkuAnnypFhDUjw==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Ttl-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Ttl-v2
+attributeID: 1.2.840.113556.1.4.2035
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Ttl-v2
+adminDescription: 
+ TTL associated with DFS root/link. For use at DFS referral time.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFS-Ttlv2
+schemaIDGUID:: MU2U6kqGSUOtpQYuLGFPXg==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-CachePolicy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-CachePolicy
+attributeID: 1.2.840.113556.1.6.13.3.29
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-CachePolicy
+adminDescription: On-demand cache policy options
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-CachePolicy
+schemaIDGUID:: 5wh623b8aUWkX/XstmqItQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-CommonStagingPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-CommonStagingPath
+attributeID: 1.2.840.113556.1.6.13.3.38
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-CommonStagingPath
+adminDescription: Full path of the common staging directory
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-CommonStagingPath
+schemaIDGUID:: Qaxuk1fSuUu9VfMQo88JrQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-CommonStagingSizeInMb,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-CommonStagingSizeInMb
+attributeID: 1.2.840.113556.1.6.13.3.39
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: -1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-CommonStagingSizeInMb
+adminDescription: Size of the common staging directory in MB
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDFSR-CommonStagingSizeInMb
+schemaIDGUID:: DrBeE0ZIi0WOoqN1Wa/UBQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ComputerReference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ComputerReference
+attributeID: 1.2.840.113556.1.6.13.3.101
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2050
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ComputerReference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Forward link to Computer object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDFSR-ComputerReference
+schemaIDGUID:: hVd7bCE9v0GKimJ5QVRNWg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ComputerReferenceBL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ComputerReferenceBL
+attributeID: 1.2.840.113556.1.6.13.3.103
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2051
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ComputerReferenceBL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Backlink attribute for ms-DFSR-ComputerReference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDFSR-ComputerReferenceBL
+schemaIDGUID:: 1ya1XhvXrkSMxpVGAFLmrA==
+systemFlags: 1
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ConflictPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ConflictPath
+attributeID: 1.2.840.113556.1.6.13.3.7
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ConflictPath
+adminDescription: Full path of the conflict directory
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-ConflictPath
+schemaIDGUID:: yLzwXPdg/0u9pq6gNE6xUQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ConflictSizeInMb,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ConflictSizeInMb
+attributeID: 1.2.840.113556.1.6.13.3.8
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: -1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ConflictSizeInMb
+adminDescription: Size of the Conflict directory in MB
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDFSR-ConflictSizeInMb
+schemaIDGUID:: yT/Tms+qmUK7PtH8bqiOSQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ContentSetGuid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ContentSetGuid
+attributeID: 1.2.840.113556.1.6.13.3.18
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ContentSetGuid
+adminDescription: DFSR Content set guid
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFSR-ContentSetGuid
+schemaIDGUID:: 4ag1EKhnIUy3uwMc35nXoA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DefaultCompressionExclusionFilter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DefaultCompressionExclusionFilter
+attributeID: 1.2.840.113556.1.6.13.3.34
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-DefaultCompressionExclusionFilter
+adminDescription: 
+ Filter string containing extensions of file types not to be compressed
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-DefaultCompressionExclusionFilter
+schemaIDGUID:: 1RuBh4vNy0WfXZgPOp4Mlw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DeletedPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DeletedPath
+attributeID: 1.2.840.113556.1.6.13.3.26
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-DeletedPath
+adminDescription: Full path of the Deleted directory
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-DeletedPath
+schemaIDGUID:: uPB8gZXbFEm4M1oHnvZXZA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DeletedSizeInMb,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DeletedSizeInMb
+attributeID: 1.2.840.113556.1.6.13.3.27
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeUpper: -1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-DeletedSizeInMb
+adminDescription: Size of the Deleted directory in MB
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDFSR-DeletedSizeInMb
+schemaIDGUID:: 0ZrtU3WZ9EGD9QwGGhJVOg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DfsLinkTarget,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DfsLinkTarget
+attributeID: 1.2.840.113556.1.6.13.3.24
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-DfsLinkTarget
+adminDescription: Link target used for the subscription
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-DfsLinkTarget
+schemaIDGUID:: qVu49/k7j0KqtC7ubVbwYw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DfsPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DfsPath
+attributeID: 1.2.840.113556.1.6.13.3.21
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-DfsPath
+adminDescription: Full path of associated DFS link
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDFSR-DfsPath
+schemaIDGUID:: 4gPJLIw5O0Sshv9rAerHug==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DirectoryFilter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DirectoryFilter
+attributeID: 1.2.840.113556.1.6.13.3.13
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-DirectoryFilter
+adminDescription: Filter string applied to directories
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-DirectoryFilter
+schemaIDGUID:: d7THky4fQEu3vwB+jQOMzw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DisablePacketPrivacy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DisablePacketPrivacy
+attributeID: 1.2.840.113556.1.6.13.3.32
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-DisablePacketPrivacy
+adminDescription: Disable packet privacy on a connection
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDFSR-DisablePacketPrivacy
+schemaIDGUID:: 5e2Eah50/UOd1qoPYVeGIQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Enabled
+attributeID: 1.2.840.113556.1.6.13.3.9
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Enabled
+adminDescription: Specify if the object enabled
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDFSR-Enabled
+schemaIDGUID:: 52pyA32ORkSKrqkWV8AJkw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Extension,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Extension
+attributeID: 1.2.840.113556.1.6.13.3.2
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Extension
+adminDescription: DFSR Extension attribute
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFSR-Extension
+schemaIDGUID:: 7BHweGanGUutz3uB7XgaTQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-FileFilter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-FileFilter
+attributeID: 1.2.840.113556.1.6.13.3.12
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-FileFilter
+adminDescription: Filter string applied to files
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-FileFilter
+schemaIDGUID:: rHCC1tylQUimrM1ovjjBgQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Flags
+attributeID: 1.2.840.113556.1.6.13.3.16
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Flags
+adminDescription: DFSR Object Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-Flags
+schemaIDGUID:: lVZR/mE/yEWb+hnBSMV7CQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Keywords,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Keywords
+attributeID: 1.2.840.113556.1.6.13.3.15
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Keywords
+adminDescription: User defined keywords
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-Keywords
+schemaIDGUID:: kkaLBCdiZ0ugdMRDcIPhSw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-MaxAgeInCacheInMin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-MaxAgeInCacheInMin
+attributeID: 1.2.840.113556.1.6.13.3.31
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeUpper: 2147483647
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-MaxAgeInCacheInMin
+adminDescription: Maximum time in minutes to keep files in full form
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-MaxAgeInCacheInMin
+schemaIDGUID:: jeSwKk6s/EqD5aNCQNthmA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-MemberReference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-MemberReference
+attributeID: 1.2.840.113556.1.6.13.3.100
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2052
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-MemberReference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Forward link to DFSR-Member object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDFSR-MemberReference
+schemaIDGUID:: qjcTJsPxskS76siNSebwxw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-MemberReferenceBL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-MemberReferenceBL
+attributeID: 1.2.840.113556.1.6.13.3.102
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2053
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-MemberReferenceBL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Backlink attribute for ms-DFSR-MemberReference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDFSR-MemberReferenceBL
+schemaIDGUID:: xmLerYAY7UG9PDC30l4U8A==
+systemFlags: 1
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-MinDurationCacheInMin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-MinDurationCacheInMin
+attributeID: 1.2.840.113556.1.6.13.3.30
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeUpper: 2147483647
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-MinDurationCacheInMin
+adminDescription: Minimum time in minutes before truncating files
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-MinDurationCacheInMin
+schemaIDGUID:: emBdTEnOSkSYYoKpX10fzA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-OnDemandExclusionDirectoryFilter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-OnDemandExclusionDirectoryFilter
+attributeID: 1.2.840.113556.1.6.13.3.36
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-OnDemandExclusionDirectoryFilter
+adminDescription: Filter string applied to on demand replication directories
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-OnDemandExclusionDirectoryFilter
+schemaIDGUID:: /zpSfRKQskmZJfkioAGGVg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-OnDemandExclusionFileFilter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-OnDemandExclusionFileFilter
+attributeID: 1.2.840.113556.1.6.13.3.35
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-OnDemandExclusionFileFilter
+adminDescription: Filter string applied to on demand replication files
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-OnDemandExclusionFileFilter
+schemaIDGUID:: 3FmDpoGl5k6QFVOCxg8PtA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Options,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Options
+attributeID: 1.2.840.113556.1.6.13.3.17
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Options
+adminDescription: DFSR object options
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-Options
+schemaIDGUID:: hHDW1iDHfUGGR7aWI3oRTA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Options2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Options2
+attributeID: 1.2.840.113556.1.6.13.3.37
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-Options2
+adminDescription: Object Options2
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-Options2
+schemaIDGUID:: GEPiEaZMSU+a/uXrGvo0cw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Priority
+attributeID: 1.2.840.113556.1.6.13.3.25
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-Priority
+adminDescription: Priority level
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-Priority
+schemaIDGUID:: 1ucg660y3kKxQRatJjGwGw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-RdcEnabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-RdcEnabled
+attributeID: 1.2.840.113556.1.6.13.3.19
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-RdcEnabled
+adminDescription: Enable and disable RDC
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDFSR-RdcEnabled
+schemaIDGUID:: BU6046f0eECnMPSGcKdD+A==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-RdcMinFileSizeInKb,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-RdcMinFileSizeInKb
+attributeID: 1.2.840.113556.1.6.13.3.20
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: -1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-RdcMinFileSizeInKb
+adminDescription: Minimum file size to apply RDC
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDFSR-RdcMinFileSizeInKb
+schemaIDGUID:: MKMC9OWswU2MyXTZAL+K4A==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ReadOnly,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ReadOnly
+attributeID: 1.2.840.113556.1.6.13.3.28
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-ReadOnly
+adminDescription: Specify whether the content is read-only or read-write
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDFSR-ReadOnly
+schemaIDGUID:: IYDEWkfk50adI5LAxqkN+w==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ReplicationGroupGuid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ReplicationGroupGuid
+attributeID: 1.2.840.113556.1.6.13.3.23
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ReplicationGroupGuid
+adminDescription: Replication group guid
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDFSR-ReplicationGroupGuid
+schemaIDGUID:: loetLRl2+E+Wbgpcxnsofw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ReplicationGroupType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ReplicationGroupType
+attributeID: 1.2.840.113556.1.6.13.3.10
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ReplicationGroupType
+adminDescription: Type of Replication Group
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-ReplicationGroupType
+schemaIDGUID:: yA/t7gEQ7UWAzLv3RJMHIA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-RootFence,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-RootFence
+attributeID: 1.2.840.113556.1.6.13.3.22
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-RootFence
+adminDescription: Root directory fence value
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-RootFence
+schemaIDGUID:: lI6SUdgsvkq1UuUEEkRDcA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-RootPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-RootPath
+attributeID: 1.2.840.113556.1.6.13.3.3
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-RootPath
+adminDescription: Full path of the root directory
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-RootPath
+schemaIDGUID:: wejV1x/mT0afzyC74KLsVA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-RootSizeInMb,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-RootSizeInMb
+attributeID: 1.2.840.113556.1.6.13.3.4
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-RootSizeInMb
+adminDescription: Size of the root directory in MB
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDFSR-RootSizeInMb
+schemaIDGUID:: rGm3kBNEz0OteoZxQudAow==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Schedule,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Schedule
+attributeID: 1.2.840.113556.1.6.13.3.14
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 336
+rangeUpper: 336
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Schedule
+adminDescription: DFSR Replication schedule
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFSR-Schedule
+schemaIDGUID:: X/GZRh+n4kif9ViXwHWSBQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-StagingCleanupTriggerInPercent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-StagingCleanupTriggerInPercent
+attributeID: 1.2.840.113556.1.6.13.3.40
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-StagingCleanupTriggerInPercent
+adminDescription: Staging cleanup trigger in percent of free disk space
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-StagingCleanupTriggerInPercent
+schemaIDGUID:: I5xL1vrhe0azF2lk10TWMw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-StagingPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-StagingPath
+attributeID: 1.2.840.113556.1.6.13.3.5
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-StagingPath
+adminDescription: Full path of the staging directory
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-StagingPath
+schemaIDGUID:: nqa5hqbwXUCZu3fZd5ksKg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-StagingSizeInMb,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-StagingSizeInMb
+attributeID: 1.2.840.113556.1.6.13.3.6
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: -1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-StagingSizeInMb
+adminDescription: Size of the staging directory in MB
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDFSR-StagingSizeInMb
+schemaIDGUID:: II8KJfz2WUWuZeSyTGeuvg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-TombstoneExpiryInMin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-TombstoneExpiryInMin
+attributeID: 1.2.840.113556.1.6.13.3.11
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2147483647
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-TombstoneExpiryInMin
+adminDescription: Tombstone record lifetime in minutes
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-TombstoneExpiryInMin
+schemaIDGUID:: TF3jIyTjYUiiL+GZFA2uAA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Version
+attributeID: 1.2.840.113556.1.6.13.3.1
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Version
+adminDescription: DFSR version number
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-Version
+schemaIDGUID:: CBSGGsM46km6dYVIGnfGVQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DRM-Identity-Certificate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DRM-Identity-Certificate
+attributeID: 1.2.840.113556.1.4.1843
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 10240
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DRM-Identity-Certificate
+adminDescription: 
+ The XrML digital rights management certificates for this user.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDRM-IdentityCertificate
+schemaIDGUID:: BBJe6DQ0rUGbVuKQEij/8A==
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Additional-Dns-Host-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Additional-Dns-Host-Name
+attributeID: 1.2.840.113556.1.4.1717
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Additional-Dns-Host-Name
+adminDescription: ms-DS-Additional-Dns-Host-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AdditionalDnsHostName
+schemaFlagsEx: 1
+schemaIDGUID:: kTeGgOnbuE6Dfn8KtV2axw==
+attributeSecurityGUID:: R5Xjchh70RGt7wDAT9jVzQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Additional-Sam-Account-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Additional-Sam-Account-Name
+attributeID: 1.2.840.113556.1.4.1718
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Additional-Sam-Account-Name
+adminDescription: ms-DS-Additional-Sam-Account-Name
+oMSyntax: 64
+searchFlags: 13
+lDAPDisplayName: msDS-AdditionalSamAccountName
+schemaFlagsEx: 1
+schemaIDGUID:: 33FVl9WkmkKfWc3GWB2R5g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-All-Users-Trust-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-All-Users-Trust-Quota
+attributeID: 1.2.840.113556.1.4.1789
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-All-Users-Trust-Quota
+adminDescription: 
+ Used to enforce a combined users quota on the total number of Trusted-Domain o
+ bjects created by using the control access right, "Create inbound Forest trust
+ ".
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AllUsersTrustQuota
+schemaFlagsEx: 1
+schemaIDGUID:: XEqq0wNOEEiXqisznnpDSw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Allowed-DNS-Suffixes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Allowed-DNS-Suffixes
+attributeID: 1.2.840.113556.1.4.1710
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Allowed-DNS-Suffixes
+adminDescription: Allowed suffixes for dNSHostName on computer
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AllowedDNSSuffixes
+schemaFlagsEx: 1
+schemaIDGUID:: G0RphMSaRU6CBb0hnb9nLQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Allowed-To-Delegate-To,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Allowed-To-Delegate-To
+attributeID: 1.2.840.113556.1.4.1787
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Allowed-To-Delegate-To
+adminDescription: 
+ Allowed-To-Delegate-To contains a list of SPNs that are used for Constrained D
+ elegation
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AllowedToDelegateTo
+schemaFlagsEx: 1
+schemaIDGUID:: 15QNgKG3oUKxTXyuFCPQfw==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Approx-Immed-Subordinates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Approx-Immed-Subordinates
+attributeID: 1.2.840.113556.1.4.1669
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Approx-Immed-Subordinates
+adminDescription: ms-DS-Approx-Immed-Subordinates
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-Approx-Immed-Subordinates
+schemaFlagsEx: 1
+schemaIDGUID:: Q9KF4c7220q0lrDABdeCPA==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthenticatedAt-DC,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-AuthenticatedAt-DC
+attributeID: 1.2.840.113556.1.4.1958
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2112
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-AuthenticatedAt-DC
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Forwardlink for ms-DS-AuthenticatedTo-Accountlist; for a User, identifies whic
+ h DC a user has authenticated to
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-AuthenticatedAtDC
+schemaFlagsEx: 1
+schemaIDGUID:: nOkePgRmiUSJ2YR5iolRWg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthenticatedTo-Accountlist,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-AuthenticatedTo-Accountlist
+attributeID: 1.2.840.113556.1.4.1957
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2113
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-AuthenticatedTo-Accountlist
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-DS-AuthenticatedAt-DC; for a Computer, identifies which users 
+ have authenticated to this Computer
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-AuthenticatedToAccountlist
+schemaFlagsEx: 1
+schemaIDGUID:: ccmy6N+mvEeNb2J3DVJ6pQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Auxiliary-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Auxiliary-Classes
+attributeID: 1.2.840.113556.1.4.1458
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Auxiliary-Classes
+adminDescription: ms-DS-Auxiliary-Classes
+oMSyntax: 6
+searchFlags: 8
+lDAPDisplayName: msDS-Auxiliary-Classes
+schemaFlagsEx: 1
+schemaIDGUID:: cxCvxFDu4Eu4wImkH+mavg==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Application-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Application-Data
+attributeID: 1.2.840.113556.1.4.1819
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Application-Data
+adminDescription: 
+ A string that is used by individual applications to store whatever information
+  they may need to
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzApplicationData
+schemaIDGUID:: 6MM/UMYcGkaZo57uBPQCpw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Application-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Application-Name
+attributeID: 1.2.840.113556.1.4.1798
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Application-Name
+adminDescription: A string that uniquely identifies an application object
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzApplicationName
+schemaIDGUID:: KAdb2whidkiDt5XT5WlSdQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Application-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Application-Version
+attributeID: 1.2.840.113556.1.4.1817
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Application-Version
+adminDescription: 
+ A version number to indicate that the AzApplication is updated
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzApplicationVersion
+schemaIDGUID:: IKGEccQ6rkeEj/4KsgeE1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Biz-Rule,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Biz-Rule
+attributeID: 1.2.840.113556.1.4.1801
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Biz-Rule
+adminDescription: Text of the script implementing the business rule
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzBizRule
+schemaIDGUID:: qB7UM8nAkkyUlPEEh4QT/Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Biz-Rule-Language,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Biz-Rule-Language
+attributeID: 1.2.840.113556.1.4.1802
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Biz-Rule-Language
+adminDescription: 
+ Language that the business rule script is in (Jscript, VBScript)
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzBizRuleLanguage
+schemaIDGUID:: VkuZUmwOB06qXO+df1oOJQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Class-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Class-ID
+attributeID: 1.2.840.113556.1.4.1816
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 40
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Class-ID
+adminDescription: 
+ A class ID required by the AzRoles UI on the AzApplication object
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzClassId
+schemaIDGUID:: d3I6AS1c70mn3rdls2o/bw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Domain-Timeout,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Domain-Timeout
+attributeID: 1.2.840.113556.1.4.1795
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Domain-Timeout
+adminDescription: 
+ Time (in ms) after a domain is detected to be un-reachable, and before the DC 
+ is tried again
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AzDomainTimeout
+schemaIDGUID:: avVIZHDKLk6wr9IOTOZT0A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Generate-Audits,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Generate-Audits
+attributeID: 1.2.840.113556.1.4.1805
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Generate-Audits
+adminDescription: 
+ A boolean field indicating if runtime audits need to be turned on (include aud
+ its for access checks, etc.)
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-AzGenerateAudits
+schemaIDGUID:: sLoK+WwYGES7hYhEfIciKg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Generic-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Generic-Data
+attributeID: 1.2.840.113556.1.4.1950
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Generic-Data
+adminDescription: AzMan specific generic data
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzGenericData
+schemaIDGUID:: SeP3tVt6fECjNKMcP1OLmA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Last-Imported-Biz-Rule-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Last-Imported-Biz-Rule-Path
+attributeID: 1.2.840.113556.1.4.1803
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Last-Imported-Biz-Rule-Path
+adminDescription: Last imported business rule path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzLastImportedBizRulePath
+schemaIDGUID:: XMtaZpK7vE2MWbNjjqsJsw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-LDAP-Query,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-LDAP-Query
+attributeID: 1.2.840.113556.1.4.1792
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 4096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-LDAP-Query
+adminDescription: ms-DS-Az-LDAP-Query
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzLDAPQuery
+schemaFlagsEx: 1
+schemaIDGUID:: izZTXpT8yEWdfdrzHucRLQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Major-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Major-Version
+attributeID: 1.2.840.113556.1.4.1824
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Major-Version
+adminDescription: Major version number for AzRoles
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AzMajorVersion
+schemaIDGUID:: t625z7fEWUCVaB7Z22tySA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Minor-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Minor-Version
+attributeID: 1.2.840.113556.1.4.1825
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Minor-Version
+adminDescription: Minor version number for AzRoles
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AzMinorVersion
+schemaIDGUID:: k+2F7gmyiEeBZecC9Rv78w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Object-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Object-Guid
+attributeID: 1.2.840.113556.1.4.1949
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Object-Guid
+adminDescription: The unique and portable identifier of AzMan objects
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDS-AzObjectGuid
+schemaIDGUID:: SOWRhDhsZUOnMq8EFWmwLA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Operation-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Operation-ID
+attributeID: 1.2.840.113556.1.4.1800
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Operation-ID
+adminDescription: 
+ Application specific ID that makes the operation unique to the application
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AzOperationID
+schemaIDGUID:: U7XzpXZdvky6P0MSFSyrGA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Scope-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Scope-Name
+attributeID: 1.2.840.113556.1.4.1799
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Scope-Name
+adminDescription: A string that uniquely identifies a scope object
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzScopeName
+schemaIDGUID:: BmtaURcmc0GAmdVgXfBDxg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Script-Engine-Cache-Max,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Script-Engine-Cache-Max
+attributeID: 1.2.840.113556.1.4.1796
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Script-Engine-Cache-Max
+adminDescription: Maximum number of scripts that are cached by the application
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AzScriptEngineCacheMax
+schemaIDGUID:: avYpJpUf80uilo6de54wyA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Script-Timeout,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Script-Timeout
+attributeID: 1.2.840.113556.1.4.1797
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Script-Timeout
+adminDescription: 
+ Maximum time (in ms) to wait for a script to finish auditing a specific policy
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AzScriptTimeout
+schemaIDGUID:: QfvQh4ss9kG5chH9/VDWsA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Task-Is-Role-Definition,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Task-Is-Role-Definition
+attributeID: 1.2.840.113556.1.4.1818
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Task-Is-Role-Definition
+adminDescription: 
+ A Boolean field which indicates whether AzTask is a classic task or a role def
+ inition
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-AzTaskIsRoleDefinition
+schemaIDGUID:: RIUHe4Js6U+HL/9IrSsuJg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Behavior-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Behavior-Version
+attributeID: 1.2.840.113556.1.4.1459
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Behavior-Version
+adminDescription: ms-DS-Behavior-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-Behavior-Version
+schemaFlagsEx: 1
+schemaIDGUID:: V4ca00ckRUWAgTu2EMrL8g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-BridgeHead-Servers-Used,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-BridgeHead-Servers-Used
+attributeID: 1.2.840.113556.1.4.2049
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+linkID: 2160
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-BridgeHead-Servers-Used
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: List of bridge head servers used by KCC in the previous run.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-BridgeHeadServersUsed
+schemaFlagsEx: 1
+schemaIDGUID:: ZRTtPHF7QSWHgB4epiQ6gg==
+systemFlags: 25
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Byte-Array,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Byte-Array
+attributeID: 1.2.840.113556.1.4.1831
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 1000000
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-Byte-Array
+adminDescription: An attribute for storing binary data.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ByteArray
+schemaIDGUID:: LpfY8Fvd5UClHQRMfBfs5w==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Cached-Membership,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Cached-Membership
+attributeID: 1.2.840.113556.1.4.1441
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Cached-Membership
+adminDescription: ms-DS-Cached-Membership
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-Cached-Membership
+schemaFlagsEx: 1
+schemaIDGUID:: CLDKadTNyUu6uA/zfv4bIA==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Cached-Membership-Time-Stamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Cached-Membership-Time-Stamp
+attributeID: 1.2.840.113556.1.4.1442
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Cached-Membership-Time-Stamp
+adminDescription: ms-DS-Cached-Membership-Time-Stamp
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: msDS-Cached-Membership-Time-Stamp
+schemaFlagsEx: 1
+schemaIDGUID:: H79mNe6+y02Kvu+J/P7GwQ==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Consistency-Child-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Consistency-Child-Count
+attributeID: 1.2.840.113556.1.4.1361
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Consistency-Child-Count
+adminDescription: MS-DS-Consistency-Child-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mS-DS-ConsistencyChildCount
+schemaIDGUID:: wnuLFzq20hGQ4QDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Consistency-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Consistency-Guid
+attributeID: 1.2.840.113556.1.4.1360
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Consistency-Guid
+adminDescription: MS-DS-Consistency-Guid
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mS-DS-ConsistencyGuid
+schemaIDGUID:: wj13Izq20hGQ4QDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Creator-SID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Creator-SID
+attributeID: 1.2.840.113556.1.4.1410
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Creator-SID
+adminDescription: MS-DS-Creator-SID
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: mS-DS-CreatorSID
+schemaFlagsEx: 1
+schemaIDGUID:: MgHmxYAU0xGRwQAA+HpX1A==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Date-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Date-Time
+attributeID: 1.2.840.113556.1.4.1832
+attributeSyntax: 2.5.5.11
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-Date-Time
+adminDescription: An attribute for storing a data and time value.
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: msDS-DateTime
+schemaIDGUID:: 2MtPI1L7CEmjKP2fbljkAw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Default-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Default-Quota
+attributeID: 1.2.840.113556.1.4.1846
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Default-Quota
+adminDescription: 
+ The default quota that will apply to a security principal creating an object i
+ n the NC if no quota specification exists that covers the security principal.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-DefaultQuota
+schemaFlagsEx: 1
+schemaIDGUID:: JvcYaEtnG0SKOvQFljdM6g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Deleted-Object-Lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Deleted-Object-Lifetime
+attributeID: 1.2.840.113556.1.4.2068
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Deleted-Object-Lifetime
+adminDescription: Lifetime of a deleted object.
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: msDS-DeletedObjectLifetime
+schemaFlagsEx: 1
+schemaIDGUID:: toyzqZoY702KcA/PoVgUjg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-DnsRootAlias,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-DnsRootAlias
+attributeID: 1.2.840.113556.1.4.1719
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-DnsRootAlias
+adminDescription: ms-DS-DnsRootAlias
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-DnsRootAlias
+schemaFlagsEx: 1
+schemaIDGUID:: yqxDIa3uKU21kYX6Sc6Rcw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Enabled-Feature,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Enabled-Feature
+attributeID: 1.2.840.113556.1.4.2061
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2168
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Enabled-Feature
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Enabled optional features.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-EnabledFeature
+schemaFlagsEx: 1
+schemaIDGUID:: r64GV0C5sk+8/FJoaDrZ/g==
+systemOnly: TRUE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Enabled-Feature-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Enabled-Feature-BL
+attributeID: 1.2.840.113556.1.4.2069
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2169
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Enabled-Feature-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Scopes where this optional feature is enabled.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-EnabledFeatureBL
+schemaFlagsEx: 1
+schemaIDGUID:: vAFbzsYXuESdwalmiwCQGw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Entry-Time-To-Die,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Entry-Time-To-Die
+attributeID: 1.2.840.113556.1.4.1622
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Entry-Time-To-Die
+adminDescription: ms-DS-Entry-Time-To-Die
+oMSyntax: 24
+searchFlags: 9
+lDAPDisplayName: msDS-Entry-Time-To-Die
+schemaFlagsEx: 1
+schemaIDGUID:: 17rp4d3GAUGoQ3lM7IWwOA==
+systemOnly: TRUE
+systemFlags: 24
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-ExecuteScriptPassword,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-ExecuteScriptPassword
+attributeID: 1.2.840.113556.1.4.1783
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-ExecuteScriptPassword
+adminDescription: ms-DS-ExecuteScriptPassword
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ExecuteScriptPassword
+schemaFlagsEx: 1
+schemaIDGUID:: WkoFnYfRwUadhULfxEpW3Q==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-External-Key,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-External-Key
+attributeID: 1.2.840.113556.1.4.1833
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 10000
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-External-Key
+adminDescription: 
+ A string to identifiy an object in an external store such as a record in a dat
+ abase.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ExternalKey
+schemaIDGUID:: KNUvuaw41ECBjQQzOAg3wQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-External-Store,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-External-Store
+attributeID: 1.2.840.113556.1.4.1834
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 10000
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-External-Store
+adminDescription: 
+ A string to identifiy the location of an external store such as a database.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ExternalStore
+schemaIDGUID:: zXdIYNucx0ewPT2q2wRJEA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Failed-Interactive-Logon-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Failed-Interactive-Logon-Count
+attributeID: 1.2.840.113556.1.4.1972
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-FailedInteractiveLogonCount
+adminDescription: 
+ The total number of failed interactive logons since this feature was turned on
+ .
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-FailedInteractiveLogonCount
+schemaFlagsEx: 1
+schemaIDGUID:: b6g83K1wYEmEJaTWMT2T3Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon
+attributeID: 1.2.840.113556.1.4.1973
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: 
+ ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon
+adminDescription: 
+ The total number of failed interactive logons up until the last successful C-A
+ -D logon.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon
+schemaFlagsEx: 1
+schemaIDGUID:: 5TTSxUpkA0SmZeJuCu9emA==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Filter-Containers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Filter-Containers
+attributeID: 1.2.840.113556.1.4.1703
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Filter-Containers
+adminDescription: ms-DS-Filter-Containers
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-FilterContainers
+schemaIDGUID:: 39wA+zesOkicEqxTpmAwMw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-HAB-Seniority-Index,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-HAB-Seniority-Index
+attributeID: 1.2.840.113556.1.4.1997
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 36000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-HAB-Seniority-Index
+adminDescription: 
+ Contains the seniority index as applied by the organization where the person w
+ orks.
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: msDS-HABSeniorityIndex
+schemaIDGUID:: 8Un03jv9RUCYz9lljaeItQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Has-Domain-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Has-Domain-NCs
+attributeID: 1.2.840.113556.1.4.1820
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+rangeLower: 4
+rangeUpper: 4
+linkID: 2026
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Has-Domain-NCs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ DS replication information detailing the domain NCs present on a particular se
+ rver.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-HasDomainNCs
+schemaFlagsEx: 1
+schemaIDGUID:: R+MXb0KomES4sxXgB9pP7Q==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Has-Full-Replica-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Has-Full-Replica-NCs
+attributeID: 1.2.840.113556.1.4.1925
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2104
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Has-Full-Replica-NCs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a Directory instance (DSA), identifies the partitions held as full replica
+ s
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-hasFullReplicaNCs
+schemaFlagsEx: 1
+schemaIDGUID:: GC08HdBCaEiZ/g7KHm+p8w==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Has-Instantiated-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Has-Instantiated-NCs
+attributeID: 1.2.840.113556.1.4.1709
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+rangeLower: 4
+rangeUpper: 4
+linkID: 2002
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Has-Instantiated-NCs
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: 
+ DS replication information detailing the state of the NCs present on a particu
+ lar server.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-HasInstantiatedNCs
+schemaFlagsEx: 1
+schemaIDGUID:: vKXpERdFSUCvnFFVT7D8CQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Has-Master-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Has-Master-NCs
+attributeID: 1.2.840.113556.1.4.1836
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2036
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Has-Master-NCs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ A list of the naming contexts contained by a DC. Deprecates hasMasterNCs.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-hasMasterNCs
+schemaFlagsEx: 1
+schemaIDGUID:: 4uAtrtdZR02NR+1N/kNXrQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Host-Service-Account,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Host-Service-Account
+attributeID: 1.2.840.113556.1.4.2056
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2166
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Host-Service-Account
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Service Accounts configured to run on this computer.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-HostServiceAccount
+schemaFlagsEx: 1
+schemaIDGUID:: QxBkgKIV4UCSooyoZvcHdg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Host-Service-Account-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Host-Service-Account-BL
+attributeID: 1.2.840.113556.1.4.2057
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2167
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Host-Service-Account-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Service Accounts Back Link for linking machines associated with the service ac
+ count.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-HostServiceAccountBL
+schemaFlagsEx: 1
+schemaIDGUID:: 6+SrefOI50iJ1vS8fpjDMQ==
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Integer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Integer
+attributeID: 1.2.840.113556.1.4.1835
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-Integer
+adminDescription: An attribute for storing an integer.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-Integer
+schemaIDGUID:: 6kzGe07AGEOxAj4HKTcaZQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-IntId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-IntId
+attributeID: 1.2.840.113556.1.4.1716
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-IntId
+adminDescription: ms-DS-IntId
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDS-IntId
+schemaFlagsEx: 1
+schemaIDGUID:: aglgvEcbMEuId2Ask/VlMg==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Domain-For,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Domain-For
+attributeID: 1.2.840.113556.1.4.1933
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2027
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-Domain-For
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-DS-Has-Domain-NCs; for a partition root object, identifies whi
+ ch Directory instances (DSA) hold that partition as their primary domain
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-IsDomainFor
+schemaIDGUID:: KloV/+VE4E2DGBOliYjeTw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Full-Replica-For,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Full-Replica-For
+attributeID: 1.2.840.113556.1.4.1932
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2105
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-Full-Replica-For
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-Ds-Has-Full-Replica-NCs; for a partition root object, identifi
+ es which Directory instances (DSA) hold that partition as a full replica
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-IsFullReplicaFor
+schemaIDGUID:: 4HK8yLSm8EiUpf12qIyZhw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Partial-Replica-For,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Partial-Replica-For
+attributeID: 1.2.840.113556.1.4.1934
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 75
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-Partial-Replica-For
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for has-Partial-Replica-NCs; for a partition root object, identifies 
+ which Directory instances (DSA) hold that partition as a partial replica
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-IsPartialReplicaFor
+schemaIDGUID:: 9k/JN9TGj0my+cb3+GR4CQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-User-Cachable-At-Rodc,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-User-Cachable-At-Rodc
+attributeID: 1.2.840.113556.1.4.2025
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-User-Cachable-At-Rodc
+adminDescription: 
+ For a Read-Only Directory instance (DSA), Identifies whether the specified use
+ r's secrets are cachable.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-IsUserCachableAtRodc
+schemaFlagsEx: 1
+schemaIDGUID:: WiQB/h80VkWVH0jAM6iQUA==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-isGC,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-isGC
+attributeID: 1.2.840.113556.1.4.1959
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-isGC
+adminDescription: 
+ For a Directory instance (DSA), Identifies the state of the Global Catalog on 
+ the DSA
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-isGC
+schemaFlagsEx: 1
+schemaIDGUID:: M8/1HeUPnkmQ4elLQnGKRg==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-isRODC,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-isRODC
+attributeID: 1.2.840.113556.1.4.1960
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-isRODC
+adminDescription: 
+ For a Directory instance (DSA), Identifies whether the DSA is a Read-Only DSA
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-isRODC
+schemaFlagsEx: 1
+schemaIDGUID:: I6roqGc+8Uqdei8aHWM6yQ==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-KeyVersionNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-KeyVersionNumber
+attributeID: 1.2.840.113556.1.4.1782
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-KeyVersionNumber
+adminDescription: 
+ The Kerberos version number of the current key for this account. This is a con
+ structed attribute.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-KeyVersionNumber
+schemaFlagsEx: 1
+schemaIDGUID:: wOkjxbUzyEqJI7V7kn9C9g==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-KrbTgt-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-KrbTgt-Link
+attributeID: 1.2.840.113556.1.4.1923
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2100
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-KrbTgt-Link
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a computer, Identifies the user object (krbtgt), acting as the domain or s
+ econdary domain master secret. Depends on which domain or secondary domain the
+  computer resides in.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-KrbTgtLink
+schemaFlagsEx: 1
+schemaIDGUID:: yfWPd05vdEuFataDgzE5EA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-KrbTgt-Link-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-KrbTgt-Link-BL
+attributeID: 1.2.840.113556.1.4.1931
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2101
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-KrbTgt-Link-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-DS-KrbTgt-Link; for a user object (krbtgt) acting as a domain 
+ or secondary domain master secret, identifies which computers are in that doma
+ in or secondary domain
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-KrbTgtLinkBl
+schemaFlagsEx: 1
+schemaIDGUID:: QYzWXd+/i0ObXTnZYYvyYA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Last-Failed-Interactive-Logon-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Last-Failed-Interactive-Logon-Time
+attributeID: 1.2.840.113556.1.4.1971
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-LastFailedInteractiveLogonTime
+adminDescription: 
+ The time that an incorrect password was presented during a C-A-D logon.
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-LastFailedInteractiveLogonTime
+schemaFlagsEx: 1
+schemaIDGUID:: +trnx8MQi0uazVTxEGN0Lg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Last-Known-RDN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Last-Known-RDN
+attributeID: 1.2.840.113556.1.4.2067
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Last-Known-RDN
+adminDescription: Holds original RDN of a deleted object.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-LastKnownRDN
+schemaFlagsEx: 1
+schemaIDGUID:: WFixij5obUaHf9ZA4fmmEQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Last-Successful-Interactive-Logon-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Last-Successful-Interactive-Logon-Time
+attributeID: 1.2.840.113556.1.4.1970
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-LastSuccessfulInteractiveLogonTime
+adminDescription: 
+ The time that the correct password was presented during a C-A-D logon.
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-LastSuccessfulInteractiveLogonTime
+schemaFlagsEx: 1
+schemaIDGUID:: 5ikZAV2LWEK2SgCwtJSXRw==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Local-Effective-Deletion-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Local-Effective-Deletion-Time
+attributeID: 1.2.840.113556.1.4.2059
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Local-Effective-Deletion-Time
+adminDescription: Deletion time of the object in the local DIT.
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: msDS-LocalEffectiveDeletionTime
+schemaFlagsEx: 1
+schemaIDGUID:: DIDylB9T60qXXUisOf2MpA==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Local-Effective-Recycle-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Local-Effective-Recycle-Time
+attributeID: 1.2.840.113556.1.4.2060
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Local-Effective-Recycle-Time
+adminDescription: Recycle time of the object in the local DIT.
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: msDS-LocalEffectiveRecycleTime
+schemaFlagsEx: 1
+schemaIDGUID:: awHWStKwm0yTtllksXuWjA==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Lockout-Duration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Lockout-Duration
+attributeID: 1.2.840.113556.1.4.2018
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeUpper: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lockout Duration
+adminDescription: Lockout duration for locked out user accounts
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-LockoutDuration
+schemaFlagsEx: 1
+schemaIDGUID:: mogfQi5H5E+OueHQvGBxsg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Lockout-Observation-Window,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Lockout-Observation-Window
+attributeID: 1.2.840.113556.1.4.2017
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeUpper: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lockout Observation Window
+adminDescription: Observation Window for lockout of user accounts
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-LockoutObservationWindow
+schemaFlagsEx: 1
+schemaIDGUID:: idpbsK92ika4khvlVVjsyA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Lockout-Threshold,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Lockout-Threshold
+attributeID: 1.2.840.113556.1.4.2019
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lockout Threshold
+adminDescription: Lockout threshold for lockout of user accounts
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-LockoutThreshold
+schemaFlagsEx: 1
+schemaIDGUID:: XsPIuBlKlUqZ0Gn+REYobw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Logon-Time-Sync-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Logon-Time-Sync-Interval
+attributeID: 1.2.840.113556.1.4.1784
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Logon-Time-Sync-Interval
+adminDescription: ms-DS-Logon-Time-Sync-Interval
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-LogonTimeSyncInterval
+schemaFlagsEx: 1
+schemaIDGUID:: +EB5rTrkQkqDvNaI5Z6mBQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Machine-Account-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Machine-Account-Quota
+attributeID: 1.2.840.113556.1.4.1411
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Machine-Account-Quota
+adminDescription: MS-DS-Machine-Account-Quota
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: ms-DS-MachineAccountQuota
+schemaFlagsEx: 1
+schemaIDGUID:: aPtk0IAU0xGRwQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Mastered-By,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Mastered-By
+attributeID: 1.2.840.113556.1.4.1837
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2037
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Mastered-By
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Back link for msDS-hasMasterNCs.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDs-masteredBy
+schemaFlagsEx: 1
+schemaIDGUID:: aUcjYBlIFUahsknS8RmstQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Max-Values,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Max-Values
+attributeID: 1.2.840.113556.1.4.1842
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Max-Values
+adminDescription: Max values allowed.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDs-MaxValues
+schemaIDGUID:: pGnh0enrv0mPy4rvOHRZLQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Maximum-Password-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Maximum-Password-Age
+attributeID: 1.2.840.113556.1.4.2011
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeUpper: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Maximum Password Age
+adminDescription: Maximum Password Age for user accounts
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-MaximumPasswordAge
+schemaFlagsEx: 1
+schemaIDGUID:: 9TfT/ZlJzk+yUo/5ybQ4dQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Members-For-Az-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Members-For-Az-Role
+attributeID: 1.2.840.113556.1.4.1806
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2016
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Members-For-Az-Role
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: List of member application groups or users linked to Az-Role
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-MembersForAzRole
+schemaFlagsEx: 1
+schemaIDGUID:: zeb3y6SFFEOJOYv+gFl4NQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Members-For-Az-Role-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Members-For-Az-Role-BL
+attributeID: 1.2.840.113556.1.4.1807
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2017
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Members-For-Az-Role-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Back-link from member application group or user to Az-Role object(s) linking t
+ o it
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-MembersForAzRoleBL
+schemaIDGUID:: IM3s7OCniEaczwLs5eKH9Q==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Minimum-Password-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Minimum-Password-Age
+attributeID: 1.2.840.113556.1.4.2012
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeUpper: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Minimum Password Age
+adminDescription: Minimum Password Age for user accounts
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-MinimumPasswordAge
+schemaFlagsEx: 1
+schemaIDGUID:: ePh0KpxN+UmXs2dn0cvZow==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Minimum-Password-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Minimum-Password-Length
+attributeID: 1.2.840.113556.1.4.2013
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Minimum Password Length
+adminDescription: Minimum Password Length for user accounts
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-MinimumPasswordLength
+schemaFlagsEx: 1
+schemaIDGUID:: OTQbsjpMHES7XwjyDpsxXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-Repl-Cursors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-Repl-Cursors
+description: 
+ A list of past and present replication partners, and how up to date we are wit
+ h each of them.
+attributeID: 1.2.840.113556.1.4.1704
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-Repl-Cursors
+adminDescription: ms-DS-NC-Repl-Cursors
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-NCReplCursors
+schemaFlagsEx: 1
+schemaIDGUID:: 5HwWiuj560eNePf+gKuyzA==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-Repl-Inbound-Neighbors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-Repl-Inbound-Neighbors
+description: 
+ Replication partners for this partition.  This server obtains replication data
+  from these other servers, which act as sources.
+attributeID: 1.2.840.113556.1.4.1705
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-Repl-Inbound-Neighbors
+adminDescription: ms-DS-NC-Repl-Inbound-Neighbors
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-NCReplInboundNeighbors
+schemaFlagsEx: 1
+schemaIDGUID:: Wqjbnp4+G0ObGqW26e2nlg==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-Repl-Outbound-Neighbors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-Repl-Outbound-Neighbors
+description: 
+ Replication partners for this partition.  This server sends replication data t
+ o these other servers, which act as destinations. This server will notify thes
+ e other servers when new data is available.
+attributeID: 1.2.840.113556.1.4.1706
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-Repl-Outbound-Neighbors
+adminDescription: ms-DS-NC-Repl-Outbound-Neighbors
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-NCReplOutboundNeighbors
+schemaFlagsEx: 1
+schemaIDGUID:: 9S5fhcWhxEy6bTJSKEi2Hw==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-Replica-Locations,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-Replica-Locations
+attributeID: 1.2.840.113556.1.4.1661
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 1044
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-Replica-Locations
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This is a list of servers that are the replica set for the corresponding Non-D
+ omain Naming Context.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NC-Replica-Locations
+schemaFlagsEx: 1
+schemaIDGUID:: FZbelze1vEasDxByDzkJ8w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-RO-Replica-Locations,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-RO-Replica-Locations
+attributeID: 1.2.840.113556.1.4.1967
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2114
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-RO-Replica-Locations
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ a linked attribute on a cross ref object for a partition. This attribute lists
+  the DSA instances which should host the partition in a readonly manner.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NC-RO-Replica-Locations
+schemaFlagsEx: 1
+schemaIDGUID:: 35P3PViYF0SnAXNaHs6/dA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-RO-Replica-Locations-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-RO-Replica-Locations-BL
+attributeID: 1.2.840.113556.1.4.1968
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2115
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-RO-Replica-Locations-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: backlink attribute for ms-DS-NC-RO-Replica-Locations.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NC-RO-Replica-Locations-BL
+schemaIDGUID:: HFFH9SpbzESDWJkqiCWBZA==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-Type
+attributeID: 1.2.840.113556.1.4.2024
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-Type
+adminDescription: 
+ A bit field that maintains information about aspects of a NC replica that are 
+ relevant to replication.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-NcType
+schemaFlagsEx: 1
+schemaIDGUID:: 16wuWivMz0idmrbxoAJN6Q==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Never-Reveal-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Never-Reveal-Group
+attributeID: 1.2.840.113556.1.4.1926
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2106
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Never-Reveal-Group
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a Directory instance (DSA), identifies the security group whose users will
+  never have their secrets disclosed to that instance
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NeverRevealGroup
+schemaFlagsEx: 1
+schemaIDGUID:: mVlYFUn9Zk2yXe65arqBdA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Non-Members,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Non-Members
+attributeID: 1.2.840.113556.1.4.1793
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2014
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Non-Members
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: ms-DS-Non-Members
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NonMembers
+schemaFlagsEx: 1
+schemaIDGUID:: 3rH8yjzytUat9x5klXvV2w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Non-Members-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Non-Members-BL
+attributeID: 1.2.840.113556.1.4.1794
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2015
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Non-Members-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MS-DS-Non-Members-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NonMembersBL
+schemaIDGUID:: /GiMKno6h06HIP53xRy+dA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Non-Security-Group-Extra-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Non-Security-Group-Extra-Classes
+attributeID: 1.2.840.113556.1.4.1689
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Non-Security-Group-Extra-Classes
+adminDescription: ms-DS-Non-Security-Group-Extra-Classes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-Non-Security-Group-Extra-Classes
+schemaIDGUID:: /EThLVIfb0i99Bb8wwhOVA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Object-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Object-Reference
+attributeID: 1.2.840.113556.1.4.1840
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2038
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-Object-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ A link to the object that uses the data stored in the object that contains thi
+ s attribute.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ObjectReference
+schemaIDGUID:: 6MKOY+cinECF0hGyG+5y3g==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Object-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Object-Reference-BL
+attributeID: 1.2.840.113556.1.4.1841
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2039
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-Object-Reference-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Back link for ms-DS-Object-Reference.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ObjectReferenceBL
+schemaIDGUID:: FSVwK/fBO0uxSMDkxs7stA==
+systemOnly: TRUE
+systemFlags: 1
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-OIDToGroup-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-OIDToGroup-Link
+attributeID: 1.2.840.113556.1.4.2051
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2164
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-OIDToGroup-Link
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For an OID, identifies the group object corresponding to the issuance policy r
+ epresented by this OID.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-OIDToGroupLink
+schemaFlagsEx: 1
+schemaIDGUID:: fKXJ+UE5jUO+vw7a8qyhhw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-OIDToGroup-Link-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-OIDToGroup-Link-BL
+attributeID: 1.2.840.113556.1.4.2052
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2165
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-OIDToGroup-Link-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-DS-OIDToGroup-Link; identifies the issuance policy, represente
+ d by an OID object, which is mapped to this group.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-OIDToGroupLinkBl
+schemaFlagsEx: 1
+schemaIDGUID:: IA09GkRYmUGtJQ9QOadq2g==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Operations-For-Az-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Operations-For-Az-Role
+attributeID: 1.2.840.113556.1.4.1812
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2022
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Operations-For-Az-Role
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: List of operations linked to Az-Role
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-OperationsForAzRole
+schemaIDGUID:: vgH3k0z6tkO8L02+pxj/qw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Operations-For-Az-Role-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Operations-For-Az-Role-BL
+attributeID: 1.2.840.113556.1.4.1813
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2023
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Operations-For-Az-Role-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Back-link from Az-Operation to Az-Role object(s) linking to it
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-OperationsForAzRoleBL
+schemaIDGUID:: KGJb+DQ3JUW2tz87siCQLA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Operations-For-Az-Task,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Operations-For-Az-Task
+attributeID: 1.2.840.113556.1.4.1808
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2018
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Operations-For-Az-Task
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: List of operations linked to Az-Task
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-OperationsForAzTask
+schemaIDGUID:: NrSsGp0uqUSSmM5N6+tuvw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Operations-For-Az-Task-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Operations-For-Az-Task-BL
+attributeID: 1.2.840.113556.1.4.1809
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2019
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Operations-For-Az-Task-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Back-link from Az-Operation to Az-Task object(s) linking to it
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-OperationsForAzTaskBL
+schemaIDGUID:: EdI3pjlX0U6JsoiXRUi8WQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Optional-Feature-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Optional-Feature-Flags
+attributeID: 1.2.840.113556.1.4.2063
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Optional-Feature-Flags
+adminDescription: 
+ An integer value that contains flags that define behavior of an optional featu
+ re in Active Directory.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-OptionalFeatureFlags
+schemaFlagsEx: 1
+schemaIDGUID:: wWAFirmXEUidt9wGFZiWWw==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Optional-Feature-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Optional-Feature-GUID
+attributeID: 1.2.840.113556.1.4.2062
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Optional-Feature-GUID
+adminDescription: GUID of an optional feature.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-OptionalFeatureGUID
+schemaFlagsEx: 1
+schemaIDGUID:: qL2Im4LdmEmpHV8tK68ZJw==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Other-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Other-Settings
+attributeID: 1.2.840.113556.1.4.1621
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Other-Settings
+adminDescription: ms-DS-Other-Settings
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-Other-Settings
+schemaFlagsEx: 1
+schemaIDGUID:: TPPSeX2du0KDj4ZrPkQA4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Password-Complexity-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Password-Complexity-Enabled
+attributeID: 1.2.840.113556.1.4.2015
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Password Complexity Status
+adminDescription: Password complexity status for user accounts
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-PasswordComplexityEnabled
+schemaFlagsEx: 1
+schemaIDGUID:: SwVo28PJ8EuxWw+1JVKmEA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Password-History-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Password-History-Length
+attributeID: 1.2.840.113556.1.4.2014
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Password History Length
+adminDescription: Password History Length for user accounts
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-PasswordHistoryLength
+schemaFlagsEx: 1
+schemaIDGUID:: txvY/ox2L0yWQSJF3jR5TQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Password-Reversible-Encryption-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Password-Reversible-Encryption-Enabled
+attributeID: 1.2.840.113556.1.4.2016
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Password Reversible Encryption Status
+adminDescription: Password reversible encryption status for user accounts
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-PasswordReversibleEncryptionEnabled
+schemaFlagsEx: 1
+schemaIDGUID:: j93MdWyvh0S7S2nk04qVnA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Password-Settings-Precedence,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Password-Settings-Precedence
+attributeID: 1.2.840.113556.1.4.2023
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Password Settings Precedence
+adminDescription: Password Settings Precedence
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-PasswordSettingsPrecedence
+schemaFlagsEx: 1
+schemaIDGUID:: rHRjRQofF0aTz7xVp8nTQQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Per-User-Trust-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Per-User-Trust-Quota
+attributeID: 1.2.840.113556.1.4.1788
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Per-User-Trust-Quota
+adminDescription: 
+ Used to enforce a per-user quota for creating Trusted-Domain objects authorize
+ d by the control access right, "Create inbound Forest trust". This attribute l
+ imits the number of Trusted-Domain objects that can be created by a single non
+ -admin user in the domain.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-PerUserTrustQuota
+schemaFlagsEx: 1
+schemaIDGUID:: 8K1h0STKk0mjqossmBMC6A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Per-User-Trust-Tombstones-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Per-User-Trust-Tombstones-Quota
+attributeID: 1.2.840.113556.1.4.1790
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Per-User-Trust-Tombstones-Quota
+adminDescription: 
+ Used to enforce a per-user quota for deleting Trusted-Domain objects when auth
+ orization is based on matching the user's SID to the value of MS-DS-Creator-SI
+ D on the Trusted-Domain object.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-PerUserTrustTombstonesQuota
+schemaFlagsEx: 1
+schemaIDGUID:: xqZwi/lQo0+nHhzgMEBEmw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Phonetic-Company-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Phonetic-Company-Name
+attributeID: 1.2.840.113556.1.4.1945
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35985
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Phonetic-Company-Name
+adminDescription: Contains the phonetic company name where the person works.
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: msDS-PhoneticCompanyName
+schemaIDGUID:: jSDVW/TlrkalFFQ7ycR2WQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Phonetic-Department,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Phonetic-Department
+attributeID: 1.2.840.113556.1.4.1944
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35984
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Phonetic-Department
+adminDescription: 
+ Contains the phonetic department name where the person works.
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: msDS-PhoneticDepartment
+schemaIDGUID:: rz3VbD4A50mnAm+oluem7w==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Phonetic-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Phonetic-Display-Name
+attributeID: 1.2.840.113556.1.4.1946
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 256
+mAPIID: 35986
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Phonetic-Display-Name
+adminDescription: 
+ The phonetic display name of an object.  In the absence of a phonetic display 
+ name the existing display name is used.
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: msDS-PhoneticDisplayName
+schemaFlagsEx: 1
+schemaIDGUID:: 5JQa4mYt5UyzDQ74endv8A==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Phonetic-First-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Phonetic-First-Name
+attributeID: 1.2.840.113556.1.4.1942
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35982
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Phonetic-First-Name
+adminDescription: 
+ Contains the phonetic given name or first name of the person.
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: msDS-PhoneticFirstName
+schemaIDGUID:: TrocSy8wNEGsfPAfbHl4Qw==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Phonetic-Last-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Phonetic-Last-Name
+attributeID: 1.2.840.113556.1.4.1943
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35983
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Phonetic-Last-Name
+adminDescription: Contains the phonetic last name of the person.
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: msDS-PhoneticLastName
+schemaIDGUID:: 7OQX8jYIkEuIry9dS72ivA==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Preferred-GC-Site,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Preferred-GC-Site
+attributeID: 1.2.840.113556.1.4.1444
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Preferred-GC-Site
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: ms-DS-Prefered-GC-Site
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-Preferred-GC-Site
+schemaFlagsEx: 1
+schemaIDGUID:: CrUh2bIKzUKH9gnPg6kYVA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Principal-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Principal-Name
+attributeID: 1.2.840.113556.1.4.1865
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Principal-Name
+adminDescription: Account name for the security principal (constructed)
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-PrincipalName
+schemaFlagsEx: 1
+schemaIDGUID:: JZNOVlfQQ8GeO0+eXvRvkw==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Promotion-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Promotion-Settings
+attributeID: 1.2.840.113556.1.4.1962
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Promotion-Settings
+adminDescription: 
+ For a Computer, contains a XML string to be used for delegated DSA promotion
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-PromotionSettings
+schemaIDGUID:: 4rSByMBDvk65u1JQqptDTA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-PSO-Applied,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-PSO-Applied
+attributeID: 1.2.840.113556.1.4.2021
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2119
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Password settings object applied
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Password settings object applied to this object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-PSOApplied
+schemaFlagsEx: 1
+schemaIDGUID:: MfBsXqi9yEOspI/uQScAWw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-PSO-Applies-To,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-PSO-Applies-To
+attributeID: 1.2.840.113556.1.4.2020
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2118
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Password settings object applies to
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Links to objects that this password settings object applies to
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-PSOAppliesTo
+schemaIDGUID:: SA/IZNLNgUiobU6XtvVh/A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Quota-Amount,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Quota-Amount
+attributeID: 1.2.840.113556.1.4.1845
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Quota-Amount
+adminDescription: 
+ The assigned quota in terms of number of objects owned in the database.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-QuotaAmount
+schemaFlagsEx: 1
+schemaIDGUID:: DaC5+4w6M0Kc+XGJJkkDoQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Quota-Effective,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Quota-Effective
+attributeID: 1.2.840.113556.1.4.1848
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Quota-Effective
+adminDescription: 
+ The effective quota for a security principal computed from the assigned quotas
+  for a directory partition.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-QuotaEffective
+schemaFlagsEx: 1
+schemaIDGUID:: UrFVZhwQtEizR+H868YBVw==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Quota-Trustee,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Quota-Trustee
+attributeID: 1.2.840.113556.1.4.1844
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 28
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Quota-Trustee
+adminDescription: 
+ The SID of the security principal for which quota is being assigned.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-QuotaTrustee
+schemaFlagsEx: 1
+schemaIDGUID:: Bok3FqVOvkmo0b/UHf9PZQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Quota-Used,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Quota-Used
+attributeID: 1.2.840.113556.1.4.1849
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Quota-Used
+adminDescription: 
+ The current quota consumed by a security principal in the directory database.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-QuotaUsed
+schemaFlagsEx: 1
+schemaIDGUID:: CEOotV1ht0uwXy8XRqpDnw==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Repl-Attribute-Meta-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Repl-Attribute-Meta-Data
+description: 
+ A list of metadata for each replicated attribute. The metadata indicates who c
+ hanged the attribute last.
+attributeID: 1.2.840.113556.1.4.1707
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Repl-Attribute-Meta-Data
+adminDescription: ms-DS-Repl-Attribute-Meta-Data
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ReplAttributeMetaData
+schemaFlagsEx: 1
+schemaIDGUID:: QjLF105yOUydTC34ydZseg==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Repl-Value-Meta-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Repl-Value-Meta-Data
+description: 
+ A list of metadata for each value of an attribute. The metadata indicates who 
+ changed the value last.
+attributeID: 1.2.840.113556.1.4.1708
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Repl-Value-Meta-Data
+adminDescription: ms-DS-Repl-Value-Meta-Data
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ReplValueMetaData
+schemaFlagsEx: 1
+schemaIDGUID:: RYFcL73hC0GJV4v6gdWs/Q==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Replicates-NC-Reason,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Replicates-NC-Reason
+attributeID: 1.2.840.113556.1.4.1408
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Replicates-NC-Reason
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: MS-DS-Replicates-NC-Reason
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mS-DS-ReplicatesNCReason
+schemaFlagsEx: 1
+schemaIDGUID:: hCuhDrMI0xGRvAAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Replication-Notify-First-DSA-Delay,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Replication-Notify-First-DSA-Delay
+attributeID: 1.2.840.113556.1.4.1663
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Replication-Notify-First-DSA-Delay
+adminDescription: 
+ This attribute controls the delay between changes to the DS, and notification 
+ of the first replica partner for an NC.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-Replication-Notify-First-DSA-Delay
+schemaFlagsEx: 1
+schemaIDGUID:: 9NSrhYkKSU697G81uyViug==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Replication-Notify-Subsequent-DSA-Delay,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Replication-Notify-Subsequent-DSA-Delay
+attributeID: 1.2.840.113556.1.4.1664
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Replication-Notify-Subsequent-DSA-Delay
+adminDescription: 
+ This attribute controls the delay between notification of each subsequent repl
+ ica partner for an NC.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-Replication-Notify-Subsequent-DSA-Delay
+schemaFlagsEx: 1
+schemaIDGUID:: hbM91pLdUkux2A0+zA6Gtg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-ReplicationEpoch,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-ReplicationEpoch
+attributeID: 1.2.840.113556.1.4.1720
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-ReplicationEpoch
+adminDescription: ms-DS-ReplicationEpoch
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-ReplicationEpoch
+schemaFlagsEx: 1
+schemaIDGUID:: earjCBzrtUWve4+UJGyOQQ==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Required-Domain-Behavior-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Required-Domain-Behavior-Version
+attributeID: 1.2.840.113556.1.4.2066
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Required-Domain-Behavior-Version
+adminDescription: Required domain function level for this feature.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-RequiredDomainBehaviorVersion
+schemaFlagsEx: 1
+schemaIDGUID:: /j3d6g6uwky5uV/ltu0t0g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Required-Forest-Behavior-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Required-Forest-Behavior-Version
+attributeID: 1.2.840.113556.1.4.2079
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Required-Forest-Behavior-Version
+adminDescription: Required forest function level for this feature.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-RequiredForestBehaviorVersion
+schemaFlagsEx: 1
+schemaIDGUID:: 6KLsS1OmskGP7nIVdUdL7A==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Resultant-PSO,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Resultant-PSO
+attributeID: 1.2.840.113556.1.4.2022
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Resultant password settings object applied
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Resultant password settings object applied to this object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ResultantPSO
+schemaFlagsEx: 1
+schemaIDGUID:: k6B+t9CIgEeamJEfjosdyg==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Retired-Repl-NC-Signatures,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Retired-Repl-NC-Signatures
+attributeID: 1.2.840.113556.1.4.1826
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Retired-Repl-NC-Signatures
+adminDescription: 
+ Information about naming contexts that are no longer held on this computer
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-RetiredReplNCSignatures
+schemaFlagsEx: 1
+schemaIDGUID:: BlWz1dYZJk2a+xE1esmbXg==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Reveal-OnDemand-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Reveal-OnDemand-Group
+attributeID: 1.2.840.113556.1.4.1928
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2110
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Reveal-OnDemand-Group
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a Directory instance (DSA), identifies the security group whose users may 
+ have their secrets disclosed to that instance
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-RevealOnDemandGroup
+schemaFlagsEx: 1
+schemaIDGUID:: Sp89MNYdOEuPxTOv6MmIrQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Revealed-DSAs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Revealed-DSAs
+attributeID: 1.2.840.113556.1.4.1930
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2103
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Revealed-DSAs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-DS-Revealed-Users; for a user, identifies which Directory inst
+ ances (DSA) hold that user's secret
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-RevealedDSAs
+schemaFlagsEx: 1
+schemaIDGUID:: rPL2lG3HXku3H/Myw+k8Ig==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Revealed-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Revealed-List
+attributeID: 1.2.840.113556.1.4.1940
+attributeSyntax: 2.5.5.14
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Revealed-List
+oMObjectClass:: KoZIhvcUAQEBDA==
+adminDescription: 
+ For a Directory instance (DSA), Identifies the user objects whose secrets have
+  been disclosed to that instance
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-RevealedList
+schemaFlagsEx: 1
+schemaIDGUID:: HNHay+x/ezhiGToGJ9mvgQ==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Revealed-List-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Revealed-List-BL
+attributeID: 1.2.840.113556.1.4.1975
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Revealed-List-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: backlink attribute for ms-DS-Revealed-List.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-RevealedListBL
+schemaFlagsEx: 1
+schemaIDGUID:: /Ygcqvawn0Kyyp2QImboCA==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Revealed-Users,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Revealed-Users
+attributeID: 1.2.840.113556.1.4.1924
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+linkID: 2102
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Revealed-Users
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: 
+ For a Directory instance (DSA), Identifies the user objects whose secrets have
+  been disclosed to that instance
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-RevealedUsers
+schemaFlagsEx: 1
+schemaIDGUID:: IXhcGEk3OkS9aiiImQca2w==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-ds-Schema-Extensions,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-ds-Schema-Extensions
+attributeID: 1.2.840.113556.1.4.1440
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-ds-Schema-Extensions
+adminDescription: ms-ds-Schema-Extensions
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDs-Schema-Extensions
+schemaIDGUID:: vmGaswftq0yaSklj7QFB4Q==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-SD-Reference-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-SD-Reference-Domain
+attributeID: 1.2.840.113556.1.4.1711
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-SD-Reference-Domain
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ The domain to be used for default security descriptor translation for a Non-Do
+ main Naming Context.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-SDReferenceDomain
+schemaFlagsEx: 1
+schemaIDGUID:: FuNRTCj2pUOwa/+2lfy08w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Secondary-KrbTgt-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Secondary-KrbTgt-Number
+attributeID: 1.2.840.113556.1.4.1929
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 65536
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Secondary-KrbTgt-Number
+adminDescription: 
+ For a user object (krbtgt), acting as a secondary domain master secret, identi
+ fies the protocol identification number associated with the secondary domain.
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: msDS-SecondaryKrbTgtNumber
+schemaFlagsEx: 1
+schemaIDGUID:: EmYVqpYjfkataijSP9sYZQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Security-Group-Extra-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Security-Group-Extra-Classes
+attributeID: 1.2.840.113556.1.4.1688
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Security-Group-Extra-Classes
+adminDescription: ms-DS-Security-Group-Extra-Classes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-Security-Group-Extra-Classes
+schemaIDGUID:: 6GoUT/6kAUinMfUYSKT05A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Settings
+attributeID: 1.2.840.113556.1.4.1697
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 1000000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Settings
+adminDescription: ms-DS-Settings
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-Settings
+schemaIDGUID:: 10cbDqNASEuNG0ysDBzfIQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Site-Affinity,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Site-Affinity
+attributeID: 1.2.840.113556.1.4.1443
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Site-Affinity
+adminDescription: ms-DS-Site-Affinity
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDS-Site-Affinity
+schemaFlagsEx: 1
+schemaIDGUID:: AlZ8wbe88EaWVmNwyohLcg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-SiteName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-SiteName
+attributeID: 1.2.840.113556.1.4.1961
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-SiteName
+adminDescription: 
+ For a Directory instance (DSA), Identifies the site name that contains the DSA
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-SiteName
+schemaFlagsEx: 1
+schemaIDGUID:: bfOnmJU1ikSeb2uJZbrtnA==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Source-Object-DN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Source-Object-DN
+attributeID: 1.2.840.113556.1.4.1879
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 10240
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Source-Object-DN
+adminDescription: 
+ The string representation of the DN of the object in another forest that corre
+ sponds to this object.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-SourceObjectDN
+schemaIDGUID:: r5M+d7TT1Eiz+QZFdgLT0A==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-SPN-Suffixes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-SPN-Suffixes
+attributeID: 1.2.840.113556.1.4.1715
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-SPN-Suffixes
+adminDescription: ms-DS-SPN-Suffixes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-SPNSuffixes
+schemaFlagsEx: 1
+schemaIDGUID:: 6+GeeI6MTE6M7HmzG3YXtQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Supported-Encryption-Types,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Supported-Encryption-Types
+attributeID: 1.2.840.113556.1.4.1963
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-SupportedEncryptionTypes
+adminDescription: 
+ The encryption algorithms supported by user, computer or trust accounts. The K
+ DC uses this information while generating a service ticket for this account. S
+ ervices/Computers may automatically update this attribute on their respective 
+ accounts in Active Directory, and therefore need write access to this attribut
+ e.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-SupportedEncryptionTypes
+schemaFlagsEx: 1
+schemaIDGUID:: Z5gRIAQdt0qTcc/D1d8K/Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Tasks-For-Az-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Tasks-For-Az-Role
+attributeID: 1.2.840.113556.1.4.1814
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Tasks-For-Az-Role
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: List of tasks for Az-Role
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-TasksForAzRole
+schemaIDGUID:: gpAxNUqMRkaThsKUnUmJTQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Tasks-For-Az-Role-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Tasks-For-Az-Role-BL
+attributeID: 1.2.840.113556.1.4.1815
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2025
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Tasks-For-Az-Role-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Back-link from Az-Task to Az-Role object(s) linking to it
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-TasksForAzRoleBL
+schemaIDGUID:: NtXcoFhR/kKMQMAKetN5WQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Tasks-For-Az-Task,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Tasks-For-Az-Task
+attributeID: 1.2.840.113556.1.4.1810
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2020
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Tasks-For-Az-Task
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: List of tasks linked to Az-Task
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-TasksForAzTask
+schemaIDGUID:: 4o4csc1fp0aV8PODM/CWzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Tasks-For-Az-Task-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Tasks-For-Az-Task-BL
+attributeID: 1.2.840.113556.1.4.1811
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2021
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Tasks-For-Az-Task-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Back-link from Az-Task to the Az-Task object(s) linking to it
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-TasksForAzTaskBL
+schemaIDGUID:: Um5E3/q1okykLxP5ilJsjw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Tombstone-Quota-Factor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Tombstone-Quota-Factor
+attributeID: 1.2.840.113556.1.4.1847
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 100
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Tombstone-Quota-Factor
+adminDescription: 
+ The percentage factor by which tombstone object count should be reduced for th
+ e purpose of quota accounting.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-TombstoneQuotaFactor
+schemaFlagsEx: 1
+schemaIDGUID:: 10QXRrbzukWHU/uVUqXfMg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Top-Quota-Usage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Top-Quota-Usage
+attributeID: 1.2.840.113556.1.4.1850
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Top-Quota-Usage
+adminDescription: 
+ The list of top quota users ordered by decreasing quota usage currently in the
+  directory database.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-TopQuotaUsage
+schemaFlagsEx: 1
+schemaIDGUID:: T858e/Xxtku36yNQSvGedQ==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Trust-Forest-Trust-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Trust-Forest-Trust-Info
+attributeID: 1.2.840.113556.1.4.1702
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Trust-Forest-Trust-Info
+adminDescription: ms-DS-Trust-Forest-Trust-Info
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-TrustForestTrustInfo
+schemaFlagsEx: 1
+schemaIDGUID:: bobMKdNJaUmULh28CSXRgw==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-UpdateScript,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-UpdateScript
+attributeID: 1.2.840.113556.1.4.1721
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-UpdateScript
+adminDescription: ms-DS-UpdateScript
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-UpdateScript
+schemaFlagsEx: 1
+schemaIDGUID:: ObZuFJ+7wU+oJeKeAMd5IA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-User-Account-Control-Computed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-User-Account-Control-Computed
+attributeID: 1.2.840.113556.1.4.1460
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-User-Account-Control-Computed
+adminDescription: ms-DS-User-Account-Control-Computed
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-User-Account-Control-Computed
+schemaFlagsEx: 1
+schemaIDGUID:: NrjELD+2QEmNI+p6zwavVg==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-User-Password-Expiry-Time-Computed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-User-Password-Expiry-Time-Computed
+attributeID: 1.2.840.113556.1.4.1996
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-User-Password-Expiry-Time-Computed
+adminDescription: Contains the expiry time for the user's current password
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-UserPasswordExpiryTimeComputed
+schemaFlagsEx: 1
+schemaIDGUID:: EM/VrQl7SUSa5iU0FI+Kcg==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-USN-Last-Sync-Success,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-USN-Last-Sync-Success
+attributeID: 1.2.840.113556.1.4.2055
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-USN-Last-Sync-Success
+adminDescription: 
+ The USN at which the last successful replication synchronization occurred.
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-USNLastSyncSuccess
+schemaFlagsEx: 1
+schemaIDGUID:: trj3MfjJLU+je1ioIwMDMQ==
+systemOnly: FALSE
+systemFlags: 25
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Exch-Assistant-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Exch-Assistant-Name
+attributeID: 1.2.840.113556.1.2.444
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+mAPIID: 14896
+adminDisplayName: ms-Exch-Assistant-Name
+adminDescription: ms-Exch-Assistant-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msExchAssistantName
+schemaIDGUID:: lHPfqOrF0RG7ywCAx2ZwwA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Exch-House-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Exch-House-Identifier
+attributeID: 1.2.840.113556.1.2.596
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 35924
+adminDisplayName: ms-Exch-House-Identifier
+adminDescription: ms-Exch-House-Identifier
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msExchHouseIdentifier
+schemaIDGUID:: B3TfqOrF0RG7ywCAx2ZwwA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Exch-LabeledURI,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Exch-LabeledURI
+attributeID: 1.2.840.113556.1.2.593
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 1024
+mAPIID: 35921
+adminDisplayName: ms-Exch-LabeledURI
+adminDescription: ms-Exch-LabeledURI
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msExchLabeledURI
+schemaIDGUID:: IFh3FvNH0RGpwwAA+ANnwQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Exch-Owner-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Exch-Owner-BL
+attributeID: 1.2.840.113556.1.2.104
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 45
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Exch-Owner-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: ms-Exch-Owner-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ownerBL
+schemaIDGUID:: 9HmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FRS-Hub-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-FRS-Hub-Member
+attributeID: 1.2.840.113556.1.4.1693
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 1046
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-FRS-Hub-Member
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: ms-FRS-Hub-Member
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msFRS-Hub-Member
+schemaIDGUID:: gf9DVrY1qUyVErrwvQoncg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FRS-Topology-Pref,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-FRS-Topology-Pref
+attributeID: 1.2.840.113556.1.4.1692
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-FRS-Topology-Pref
+adminDescription: ms-FRS-Topology-Pref
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msFRS-Topology-Pref
+schemaIDGUID:: 4CeqklBcLUCewe6Efe+XiA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FVE-KeyPackage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-FVE-KeyPackage
+attributeID: 1.2.840.113556.1.4.1999
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 102400
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FVE-KeyPackage
+adminDescription: 
+ This attribute contains a volume's BitLocker encryption key secured by the cor
+ responding recovery password. Full Volume Encryption (FVE) was the pre-release
+  name for BitLocker Drive Encryption.
+oMSyntax: 4
+searchFlags: 664
+lDAPDisplayName: msFVE-KeyPackage
+schemaIDGUID:: qF7VH6eI3EeBKQ2qlxhqVA==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FVE-RecoveryGuid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-FVE-RecoveryGuid
+attributeID: 1.2.840.113556.1.4.1965
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FVE-RecoveryGuid
+adminDescription: 
+ This attribute contains the GUID associated with a BitLocker recovery password
+ . Full Volume Encryption (FVE) was the pre-release name for BitLocker Drive En
+ cryption.
+oMSyntax: 4
+searchFlags: 27
+lDAPDisplayName: msFVE-RecoveryGuid
+schemaIDGUID:: vAlp93jmoEews/hqAETAbQ==
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FVE-RecoveryPassword,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-FVE-RecoveryPassword
+attributeID: 1.2.840.113556.1.4.1964
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FVE-RecoveryPassword
+adminDescription: 
+ This attribute contains a password that can recover a BitLocker-encrypted volu
+ me. Full Volume Encryption (FVE) was the pre-release name for BitLocker Drive 
+ Encryption.
+oMSyntax: 64
+searchFlags: 664
+lDAPDisplayName: msFVE-RecoveryPassword
+schemaIDGUID:: wRoGQ63IzEy3hSv6wg/GCg==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FVE-VolumeGuid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-FVE-VolumeGuid
+attributeID: 1.2.840.113556.1.4.1998
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FVE-VolumeGuid
+adminDescription: 
+ This attribute contains the GUID associated with a BitLocker-supported disk vo
+ lume. Full Volume Encryption (FVE) was the pre-release name for BitLocker Driv
+ e Encryption.
+oMSyntax: 4
+searchFlags: 27
+lDAPDisplayName: msFVE-VolumeGuid
+schemaIDGUID:: z6Xlhe7cdUCc/aydtqLyRQ==
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-ieee-80211-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-ieee-80211-Data
+attributeID: 1.2.840.113556.1.4.1821
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-ieee-80211-Data
+adminDescription: 
+ Stores list of preferred network configurations for Group Policy for Wireless
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msieee80211-Data
+schemaIDGUID:: OAkNDlgmgEWp9noKx7Vmyw==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-ieee-80211-Data-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-ieee-80211-Data-Type
+attributeID: 1.2.840.113556.1.4.1822
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-ieee-80211-Data-Type
+adminDescription: internally used data type for msieee80211-Data blob
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msieee80211-DataType
+schemaIDGUID:: gLFYZdo1/k6+7VIfj0jK+w==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-ieee-80211-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-ieee-80211-ID
+attributeID: 1.2.840.113556.1.4.1823
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-ieee-80211-ID
+adminDescription: an indentifier used for wireless policy object on AD
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msieee80211-ID
+schemaIDGUID:: de9zf8kUI0yB3t0HoG+eiw==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-IIS-FTP-Dir,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-IIS-FTP-Dir
+attributeID: 1.2.840.113556.1.4.1786
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-IIS-FTP-Dir
+adminDescription: Relative user directory on an FTP Root share.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msIIS-FTPDir
+schemaIDGUID:: 6ZlcijAi60a46OWdcS657g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-IIS-FTP-Root,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-IIS-FTP-Root
+attributeID: 1.2.840.113556.1.4.1785
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-IIS-FTP-Root
+adminDescription: Virtual FTP Root where user home directory resides.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msIIS-FTPRoot
+schemaIDGUID:: pCd4KoMUpUmdhFLjgSFWtA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Imaging-PSP-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Imaging-PSP-Identifier
+attributeID: 1.2.840.113556.1.4.2053
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Imaging-PSP-Identifier
+adminDescription: 
+ Schema Attribute that contains the unique identifier for this PostScan Process
+ .
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msImaging-PSPIdentifier
+schemaIDGUID:: 6TxYUfqUEku5kDBMNbGFlQ==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Imaging-PSP-String,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Imaging-PSP-String
+attributeID: 1.2.840.113556.1.4.2054
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 524288
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Imaging-PSP-String
+adminDescription: 
+ Schema Attribute that contains the XML sequence for this PostScan Process.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msImaging-PSPString
+schemaIDGUID:: rmBne+3WpkS2vp3mLAnsZw==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-80211-GP-PolicyData,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-net-ieee-80211-GP-PolicyData
+attributeID: 1.2.840.113556.1.4.1952
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 4194304
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-80211-GP-PolicyData
+adminDescription: 
+ This attribute contains all of the settings and data which comprise a group po
+ licy configuration for 802.11 wireless networks.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ms-net-ieee-80211-GP-PolicyData
+schemaIDGUID:: pZUUnHZNjkaZHhQzsKZ4VQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-80211-GP-PolicyGUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-net-ieee-80211-GP-PolicyGUID
+attributeID: 1.2.840.113556.1.4.1951
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-80211-GP-PolicyGUID
+adminDescription: 
+ This attribute contains a GUID which identifies a specific 802.11 group policy
+  object on the domain.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ms-net-ieee-80211-GP-PolicyGUID
+schemaIDGUID:: YnBpNa8ei0SsHjiOC+T97g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-80211-GP-PolicyReserved,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-net-ieee-80211-GP-PolicyReserved
+attributeID: 1.2.840.113556.1.4.1953
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 4194304
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-80211-GP-PolicyReserved
+adminDescription: Reserved for future use
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: ms-net-ieee-80211-GP-PolicyReserved
+schemaIDGUID:: LsZpD44I9U+lOukjzsB8Cg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-8023-GP-PolicyData,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-net-ieee-8023-GP-PolicyData
+attributeID: 1.2.840.113556.1.4.1955
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1048576
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-8023-GP-PolicyData
+adminDescription: 
+ This attribute contains all of the settings and data which comprise a group po
+ licy configuration for 802.3 wired networks.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ms-net-ieee-8023-GP-PolicyData
+schemaIDGUID:: i5SYg1d0kU29TY1+1mnJ9w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-8023-GP-PolicyGUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-net-ieee-8023-GP-PolicyGUID
+attributeID: 1.2.840.113556.1.4.1954
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-8023-GP-PolicyGUID
+adminDescription: 
+ This attribute contains a GUID which identifies a specific 802.3 group policy 
+ object on the domain.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ms-net-ieee-8023-GP-PolicyGUID
+schemaIDGUID:: WrCnlLK4WU+cJTnmm6oWhA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-8023-GP-PolicyReserved,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-net-ieee-8023-GP-PolicyReserved
+attributeID: 1.2.840.113556.1.4.1956
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1048576
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-8023-GP-PolicyReserved
+adminDescription: Reserved for future use
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: ms-net-ieee-8023-GP-PolicyReserved
+schemaIDGUID:: xyfF0wYm602M/RhCb+7Izg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-AccountCredentials,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-AccountCredentials
+attributeID: 1.2.840.113556.1.4.1894
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+linkID: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-PKI-AccountCredentials
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: Storage of encrypted user credential token blobs for roaming
+oMSyntax: 127
+searchFlags: 640
+lDAPDisplayName: msPKIAccountCredentials
+schemaIDGUID:: RKffuNwx8U6sfIS69++dpw==
+attributeSecurityGUID:: 3kfmkW/ZcEuVV9Y/9PPM2A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Cert-Template-OID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Cert-Template-OID
+attributeID: 1.2.840.113556.1.4.1436
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Cert-Template-OID
+adminDescription: ms-PKI-Cert-Template-OID
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msPKI-Cert-Template-OID
+schemaIDGUID:: asNkMSa6jEaL2sHlzCVnKA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Certificate-Application-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Certificate-Application-Policy
+attributeID: 1.2.840.113556.1.4.1674
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Certificate-Application-Policy
+adminDescription: ms-PKI-Certificate-Application-Policy
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-Certificate-Application-Policy
+schemaIDGUID:: SAXZ2zeqAkKZZoxTe6XOMg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Certificate-Name-Flag,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Certificate-Name-Flag
+attributeID: 1.2.840.113556.1.4.1432
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Certificate-Name-Flag
+adminDescription: ms-PKI-Certificate-Name-Flag
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-Certificate-Name-Flag
+schemaIDGUID:: xN0d6v9gbkGMwBfO5TS85w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Certificate-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Certificate-Policy
+attributeID: 1.2.840.113556.1.4.1439
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Certificate-Policy
+adminDescription: ms-PKI-Certificate-Policy
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-Certificate-Policy
+schemaIDGUID:: RiOUOFvMS0Kn2G/9EgKcXw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Credential-Roaming-Tokens,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Credential-Roaming-Tokens
+attributeID: 1.2.840.113556.1.4.2050
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+linkID: 2162
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Credential-Roaming-Tokens
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: 
+ Storage of encrypted user credential token blobs for roaming.
+oMSyntax: 127
+searchFlags: 128
+lDAPDisplayName: msPKI-CredentialRoamingTokens
+schemaIDGUID:: OFr/txgIsEKBENPRVMl/JA==
+attributeSecurityGUID:: 3kfmkW/ZcEuVV9Y/9PPM2A==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-DPAPIMasterKeys,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-DPAPIMasterKeys
+attributeID: 1.2.840.113556.1.4.1893
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+linkID: 2046
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-PKI-DPAPIMasterKeys
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: Storage of encrypted DPAPI Master Keys for user
+oMSyntax: 127
+searchFlags: 640
+lDAPDisplayName: msPKIDPAPIMasterKeys
+schemaIDGUID:: IzD5szmSfE+5nGdF2Hrbwg==
+attributeSecurityGUID:: 3kfmkW/ZcEuVV9Y/9PPM2A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Enrollment-Flag,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Enrollment-Flag
+attributeID: 1.2.840.113556.1.4.1430
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Enrollment-Flag
+adminDescription: ms-PKI-Enrollment-Flag
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-Enrollment-Flag
+schemaIDGUID:: 2Pde0Sby20auebNOVgvRLA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Enrollment-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Enrollment-Servers
+attributeID: 1.2.840.113556.1.4.2076
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Enrollment-Servers
+adminDescription: 
+ Priority, authentication type, and URI of each certificate enrollment web serv
+ ice.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-Enrollment-Servers
+schemaIDGUID:: j9Mr8tChMkiLKAMxQ4iGpg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Minimal-Key-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Minimal-Key-Size
+attributeID: 1.2.840.113556.1.4.1433
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Minimal-Key-Size
+adminDescription: ms-PKI-Minimal-Key-Size
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-Minimal-Key-Size
+schemaIDGUID:: 9WNq6X9B00a+Utt3A8UD3w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-OID-Attribute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-OID-Attribute
+attributeID: 1.2.840.113556.1.4.1671
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-OID-Attribute
+adminDescription: ms-PKI-OID-Attribute
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-OID-Attribute
+schemaIDGUID:: iBKejChQT0+nBHbQJvJG7w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-OID-CPS,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-OID-CPS
+attributeID: 1.2.840.113556.1.4.1672
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 32768
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-OID-CPS
+adminDescription: ms-PKI-OID-CPS
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-OID-CPS
+schemaIDGUID:: DpRJX5+nUUq7bz1EalTcaw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-OID-LocalizedName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-OID-LocalizedName
+attributeID: 1.2.840.113556.1.4.1712
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-OID-LocalizedName
+adminDescription: ms-PKI-OID-LocalizedName
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-OIDLocalizedName
+schemaIDGUID:: FqhZfQW7ckqXH1wTMfZ1WQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-OID-User-Notice,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-OID-User-Notice
+attributeID: 1.2.840.113556.1.4.1673
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 32768
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-OID-User-Notice
+adminDescription: ms-PKI-OID-User-Notice
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-OID-User-Notice
+schemaIDGUID:: etrEBBThaU6I3uKT8tOzlQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Private-Key-Flag,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Private-Key-Flag
+attributeID: 1.2.840.113556.1.4.1431
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Private-Key-Flag
+adminDescription: ms-PKI-Private-Key-Flag
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-Private-Key-Flag
+schemaIDGUID:: wkqwujUECUeTByg4DnxwAQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-RA-Application-Policies,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-RA-Application-Policies
+attributeID: 1.2.840.113556.1.4.1675
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-RA-Application-Policies
+adminDescription: ms-PKI-RA-Application-Policies
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-RA-Application-Policies
+schemaIDGUID:: v/uRPHNHzUyoe4XVPnvPag==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-RA-Policies,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-RA-Policies
+attributeID: 1.2.840.113556.1.4.1438
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-RA-Policies
+adminDescription: ms-PKI-RA-Policies
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-RA-Policies
+schemaIDGUID:: Iq5G1VEJR02BfhyflvqtRg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-RA-Signature,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-RA-Signature
+attributeID: 1.2.840.113556.1.4.1429
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-RA-Signature
+adminDescription: MS PKI Number Of RA Signature Required In Request
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-RA-Signature
+schemaIDGUID:: S+AX/n2Tfk+ODpKSyNVoPg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-RoamingTimeStamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-RoamingTimeStamp
+attributeID: 1.2.840.113556.1.4.1892
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-PKI-RoamingTimeStamp
+adminDescription: Time stamp for last change to roaming tokens
+oMSyntax: 4
+searchFlags: 640
+lDAPDisplayName: msPKIRoamingTimeStamp
+schemaIDGUID:: rOQXZvGiq0O2DBH70frPBQ==
+attributeSecurityGUID:: 3kfmkW/ZcEuVV9Y/9PPM2A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Site-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Site-Name
+attributeID: 1.2.840.113556.1.4.2077
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Site-Name
+adminDescription: Active Directory site to which the CA machine belongs.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-Site-Name
+schemaIDGUID:: H3HYDPwKJkmksQmwjT1DbA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Supersede-Templates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Supersede-Templates
+attributeID: 1.2.840.113556.1.4.1437
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Supersede-Templates
+adminDescription: ms-PKI-Supersede-Templates
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-Supersede-Templates
+schemaIDGUID:: fa7onVt6HUK15AYfed/V1w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Template-Minor-Revision,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Template-Minor-Revision
+attributeID: 1.2.840.113556.1.4.1435
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Template-Minor-Revision
+adminDescription: ms-PKI-Template-Minor-Revision
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-Template-Minor-Revision
+schemaIDGUID:: bCP1E4QYsUa10EhOOJkNWA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Template-Schema-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Template-Schema-Version
+attributeID: 1.2.840.113556.1.4.1434
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Template-Schema-Version
+adminDescription: ms-PKI-Template-Schema-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-Template-Schema-Version
+schemaIDGUID:: 9ekVDB1JlEWRjzKBOgkdqQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RADIUS-FramedInterfaceId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RADIUS-FramedInterfaceId
+attributeID: 1.2.840.113556.1.4.1913
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 8
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RADIUS-FramedInterfaceId
+adminDescription: 
+ This Attribute indicates the IPv6 interface identifier to be configured for th
+ e user.
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUS-FramedInterfaceId
+schemaIDGUID:: I0ryplzWZU2mTzX7aHPCuQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RADIUS-FramedIpv6Prefix,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RADIUS-FramedIpv6Prefix
+attributeID: 1.2.840.113556.1.4.1915
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RADIUS-FramedIpv6Prefix
+adminDescription: 
+ This Attribute indicates an IPv6 prefix (and corresponding route) to be config
+ ured for the user.
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUS-FramedIpv6Prefix
+schemaIDGUID:: ENY+9nzWTUmHvs0eJDWaOA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RADIUS-FramedIpv6Route,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RADIUS-FramedIpv6Route
+attributeID: 1.2.840.113556.1.4.1917
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 4096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RADIUS-FramedIpv6Route
+adminDescription: 
+ This Attribute provides routing information to be configured for the user on t
+ he NAS.
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUS-FramedIpv6Route
+schemaIDGUID:: BKhaWoMwY0iU5QGKeaIuwA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RADIUS-SavedFramedInterfaceId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RADIUS-SavedFramedInterfaceId
+attributeID: 1.2.840.113556.1.4.1914
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 8
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RADIUS-SavedFramedInterfaceId
+adminDescription: 
+ This Attribute indicates the IPv6 interface identifier to be configured for th
+ e user.
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUS-SavedFramedInterfaceId
+schemaIDGUID:: iXLapKOS5UK2ttrRbSgKyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RADIUS-SavedFramedIpv6Prefix,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RADIUS-SavedFramedIpv6Prefix
+attributeID: 1.2.840.113556.1.4.1916
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RADIUS-SavedFramedIpv6Prefix
+adminDescription: 
+ This Attribute indicates an IPv6 prefix (and corresponding route) to be config
+ ured for the user.
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUS-SavedFramedIpv6Prefix
+schemaIDGUID:: YqBlCeGxO0C0jVwOsOlSzA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RADIUS-SavedFramedIpv6Route,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RADIUS-SavedFramedIpv6Route
+attributeID: 1.2.840.113556.1.4.1918
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 4096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RADIUS-SavedFramedIpv6Route
+adminDescription: 
+ This Attribute provides routing information to be configured for the user on t
+ he NAS.
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUS-SavedFramedIpv6Route
+schemaIDGUID:: XLtmlp3fQU20Ny7sfifJsw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RRAS-Attribute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RRAS-Attribute
+attributeID: 1.2.840.113556.1.4.884
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RRAS-Attribute
+adminDescription: ms-RRAS-Attribute
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msRRASAttribute
+schemaIDGUID:: rZib842T0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RRAS-Vendor-Attribute-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RRAS-Vendor-Attribute-Entry
+attributeID: 1.2.840.113556.1.4.883
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RRAS-Vendor-Attribute-Entry
+adminDescription: ms-RRAS-Vendor-Attribute-Entry
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msRRASVendorAttributeEntry
+schemaIDGUID:: rJib842T0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Alias,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Alias
+attributeID: 1.2.840.113556.1.4.1395
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Alias
+adminDescription: MS-SQL-Alias
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: mS-SQL-Alias
+schemaIDGUID:: rrrG4O7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-AllowAnonymousSubscription,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-AllowAnonymousSubscription
+attributeID: 1.2.840.113556.1.4.1394
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-AllowAnonymousSubscription
+adminDescription: MS-SQL-AllowAnonymousSubscription
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-AllowAnonymousSubscription
+schemaIDGUID:: Sr532+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-AllowImmediateUpdatingSubscription,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-AllowImmediateUpdatingSubscription
+attributeID: 1.2.840.113556.1.4.1404
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-AllowImmediateUpdatingSubscription
+adminDescription: MS-SQL-AllowImmediateUpdatingSubscription
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-AllowImmediateUpdatingSubscription
+schemaIDGUID:: bmsYxEvT0hGZmgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-AllowKnownPullSubscription,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-AllowKnownPullSubscription
+attributeID: 1.2.840.113556.1.4.1403
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-AllowKnownPullSubscription
+adminDescription: MS-SQL-AllowKnownPullSubscription
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-AllowKnownPullSubscription
+schemaIDGUID:: VHC7w0vT0hGZmgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-AllowQueuedUpdatingSubscription,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-AllowQueuedUpdatingSubscription
+attributeID: 1.2.840.113556.1.4.1405
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-AllowQueuedUpdatingSubscription
+adminDescription: MS-SQL-AllowQueuedUpdatingSubscription
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-AllowQueuedUpdatingSubscription
+schemaIDGUID:: gMpYxEvT0hGZmgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-AllowSnapshotFilesFTPDownloading,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-AllowSnapshotFilesFTPDownloading
+attributeID: 1.2.840.113556.1.4.1406
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-AllowSnapshotFilesFTPDownloading
+adminDescription: MS-SQL-AllowSnapshotFilesFTPDownloading
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-AllowSnapshotFilesFTPDownloading
+schemaIDGUID:: 6IubxEvT0hGZmgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-AppleTalk,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-AppleTalk
+attributeID: 1.2.840.113556.1.4.1378
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-AppleTalk
+adminDescription: MS-SQL-AppleTalk
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-AppleTalk
+schemaIDGUID:: 9Inaj+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Applications,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Applications
+attributeID: 1.2.840.113556.1.4.1400
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Applications
+adminDescription: MS-SQL-Applications
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Applications
+schemaIDGUID:: 6qLN++7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Build,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Build
+attributeID: 1.2.840.113556.1.4.1368
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Build
+adminDescription: MS-SQL-Build
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Build
+schemaIDGUID:: xJQ+YO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-CharacterSet,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-CharacterSet
+attributeID: 1.2.840.113556.1.4.1370
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-CharacterSet
+adminDescription: MS-SQL-CharacterSet
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mS-SQL-CharacterSet
+schemaIDGUID:: pndhae7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Clustered,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Clustered
+attributeID: 1.2.840.113556.1.4.1373
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Clustered
+adminDescription: MS-SQL-Clustered
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Clustered
+schemaIDGUID:: kL14d+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-ConnectionURL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-ConnectionURL
+attributeID: 1.2.840.113556.1.4.1383
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-ConnectionURL
+adminDescription: MS-SQL-ConnectionURL
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-ConnectionURL
+schemaIDGUID:: 2iMtqe7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Contact,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Contact
+attributeID: 1.2.840.113556.1.4.1365
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Contact
+adminDescription: MS-SQL-Contact
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Contact
+schemaIDGUID:: 2L1sT+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-CreationDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-CreationDate
+attributeID: 1.2.840.113556.1.4.1397
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-CreationDate
+adminDescription: MS-SQL-CreationDate
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-CreationDate
+schemaIDGUID:: VEfh7e7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Database,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Database
+attributeID: 1.2.840.113556.1.4.1393
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Database
+adminDescription: MS-SQL-Database
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: mS-SQL-Database
+schemaIDGUID:: 3Nug1e7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Description
+attributeID: 1.2.840.113556.1.4.1390
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Description
+adminDescription: MS-SQL-Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Description
+schemaIDGUID:: PGCGg+/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-GPSHeight,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-GPSHeight
+attributeID: 1.2.840.113556.1.4.1387
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-GPSHeight
+adminDescription: MS-SQL-GPSHeight
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-GPSHeight
+schemaIDGUID:: Dk/dvO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-GPSLatitude,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-GPSLatitude
+attributeID: 1.2.840.113556.1.4.1385
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-GPSLatitude
+adminDescription: MS-SQL-GPSLatitude
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-GPSLatitude
+schemaIDGUID:: Droisu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-GPSLongitude,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-GPSLongitude
+attributeID: 1.2.840.113556.1.4.1386
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-GPSLongitude
+adminDescription: MS-SQL-GPSLongitude
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-GPSLongitude
+schemaIDGUID:: lHxXt+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-InformationDirectory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-InformationDirectory
+attributeID: 1.2.840.113556.1.4.1392
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-InformationDirectory
+adminDescription: MS-SQL-InformationDirectory
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-InformationDirectory
+schemaIDGUID:: Ltuu0O7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-InformationURL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-InformationURL
+attributeID: 1.2.840.113556.1.4.1382
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-InformationURL
+adminDescription: MS-SQL-InformationURL
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-InformationURL
+schemaIDGUID:: ENUspO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Keywords,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Keywords
+attributeID: 1.2.840.113556.1.4.1401
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Keywords
+adminDescription: MS-SQL-Keywords
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Keywords
+schemaIDGUID:: iqnpAe/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Language,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Language
+attributeID: 1.2.840.113556.1.4.1389
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Language
+adminDescription: MS-SQL-Language
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Language
+schemaIDGUID:: 9HJ/xe7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-LastBackupDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-LastBackupDate
+attributeID: 1.2.840.113556.1.4.1398
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-LastBackupDate
+adminDescription: MS-SQL-LastBackupDate
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-LastBackupDate
+schemaIDGUID:: yqu28u7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-LastDiagnosticDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-LastDiagnosticDate
+attributeID: 1.2.840.113556.1.4.1399
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-LastDiagnosticDate
+adminDescription: MS-SQL-LastDiagnosticDate
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-LastDiagnosticDate
+schemaIDGUID:: iN3W9u7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-LastUpdatedDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-LastUpdatedDate
+attributeID: 1.2.840.113556.1.4.1381
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-LastUpdatedDate
+adminDescription: MS-SQL-LastUpdatedDate
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-LastUpdatedDate
+schemaIDGUID:: 1EPMn+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Location
+attributeID: 1.2.840.113556.1.4.1366
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Location
+adminDescription: MS-SQL-Location
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Location
+schemaIDGUID:: RJYcVu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Memory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Memory
+attributeID: 1.2.840.113556.1.4.1367
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Memory
+adminDescription: MS-SQL-Memory
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Memory
+schemaIDGUID:: jERdW+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-MultiProtocol,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-MultiProtocol
+attributeID: 1.2.840.113556.1.4.1375
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-MultiProtocol
+adminDescription: MS-SQL-MultiProtocol
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-MultiProtocol
+schemaIDGUID:: OPpXge7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Name
+attributeID: 1.2.840.113556.1.4.1363
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Name
+adminDescription: MS-SQL-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: mS-SQL-Name
+schemaIDGUID:: 2N8yNe7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-NamedPipe,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-NamedPipe
+attributeID: 1.2.840.113556.1.4.1374
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-NamedPipe
+adminDescription: MS-SQL-NamedPipe
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-NamedPipe
+schemaIDGUID:: QMiRe+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-PublicationURL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-PublicationURL
+attributeID: 1.2.840.113556.1.4.1384
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-PublicationURL
+adminDescription: MS-SQL-PublicationURL
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-PublicationURL
+schemaIDGUID:: uBEMru7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Publisher,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Publisher
+attributeID: 1.2.840.113556.1.4.1402
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Publisher
+adminDescription: MS-SQL-Publisher
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Publisher
+schemaIDGUID:: WGhnwUvT0hGZmgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-RegisteredOwner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-RegisteredOwner
+attributeID: 1.2.840.113556.1.4.1364
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-RegisteredOwner
+adminDescription: MS-SQL-RegisteredOwner
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-RegisteredOwner
+schemaIDGUID:: 6kT9SO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-ServiceAccount,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-ServiceAccount
+attributeID: 1.2.840.113556.1.4.1369
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-ServiceAccount
+adminDescription: MS-SQL-ServiceAccount
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-ServiceAccount
+schemaIDGUID:: PjqTZO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Size
+attributeID: 1.2.840.113556.1.4.1396
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Size
+adminDescription: MS-SQL-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Size
+schemaIDGUID:: hIAJ6e7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-SortOrder,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-SortOrder
+attributeID: 1.2.840.113556.1.4.1371
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-SortOrder
+adminDescription: MS-SQL-SortOrder
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-SortOrder
+schemaIDGUID:: wELcbe7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-SPX,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-SPX
+attributeID: 1.2.840.113556.1.4.1376
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-SPX
+adminDescription: MS-SQL-SPX
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-SPX
+schemaIDGUID:: BICwhu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Status,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Status
+attributeID: 1.2.840.113556.1.4.1380
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Status
+adminDescription: MS-SQL-Status
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Status
+schemaIDGUID:: cEd9mu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-TCPIP,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-TCPIP
+attributeID: 1.2.840.113556.1.4.1377
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-TCPIP
+adminDescription: MS-SQL-TCPIP
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-TCPIP
+schemaIDGUID:: pmPCiu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-ThirdParty,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-ThirdParty
+attributeID: 1.2.840.113556.1.4.1407
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-ThirdParty
+adminDescription: MS-SQL-ThirdParty
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-ThirdParty
+schemaIDGUID:: /BHjxEvT0hGZmgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Type
+attributeID: 1.2.840.113556.1.4.1391
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Type
+adminDescription: MS-SQL-Type
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Type
+schemaIDGUID:: qOtIyu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-UnicodeSortOrder,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-UnicodeSortOrder
+attributeID: 1.2.840.113556.1.4.1372
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-UnicodeSortOrder
+adminDescription: MS-SQL-UnicodeSortOrder
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mS-SQL-UnicodeSortOrder
+schemaIDGUID:: ipHccu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Version
+attributeID: 1.2.840.113556.1.4.1388
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Version
+adminDescription: MS-SQL-Version
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: mS-SQL-Version
+schemaIDGUID:: 0MF8wO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Vines,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Vines
+attributeID: 1.2.840.113556.1.4.1379
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Vines
+adminDescription: MS-SQL-Vines
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Vines
+schemaIDGUID:: lGPFlO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TAPI-Conference-Blob,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TAPI-Conference-Blob
+attributeID: 1.2.840.113556.1.4.1700
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msTAPI-ConferenceBlob
+adminDescription: msTAPI-ConferenceBlob
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msTAPI-ConferenceBlob
+schemaIDGUID:: HmDETAFyQUGryD5SmuiIYw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TAPI-Ip-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TAPI-Ip-Address
+attributeID: 1.2.840.113556.1.4.1701
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msTAPI-IpAddress
+adminDescription: msTAPI-IpAddress
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTAPI-IpAddress
+schemaIDGUID:: 99fX744XZ0eH+viha4QFRA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TAPI-Protocol-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TAPI-Protocol-Id
+attributeID: 1.2.840.113556.1.4.1699
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msTAPI-ProtocolId
+adminDescription: msTAPI-ProtocolId
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTAPI-ProtocolId
+schemaIDGUID:: z+vBiV96/UGZyskAsyKZqw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TAPI-Unique-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TAPI-Unique-Identifier
+attributeID: 1.2.840.113556.1.4.1698
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msTAPI-uid
+adminDescription: msTAPI-uid
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTAPI-uid
+schemaIDGUID:: 6uekcLmzQ0aJGObdJHG/1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TPM-OwnerInformation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TPM-OwnerInformation
+attributeID: 1.2.840.113556.1.4.1966
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: TPM-OwnerInformation
+adminDescription: 
+ This attribute contains the owner information of a particular TPM.
+oMSyntax: 64
+searchFlags: 664
+lDAPDisplayName: msTPM-OwnerInformation
+schemaIDGUID:: bRpOqg1VBU6MNUr8uRep/g==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Allow-Logon,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Allow-Logon
+attributeID: 1.2.840.113556.1.4.1979
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Allow-Logon
+adminDescription: 
+ Terminal Services Allow Logon specifies whether the user is allowed to log on 
+ to the Terminal Server. The value is 1 if logon is allowed, and 0 if logon is 
+ not allowed.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msTSAllowLogon
+schemaIDGUID:: ZNQMOlS850CTrqZGpuzEtA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Broken-Connection-Action,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Broken-Connection-Action
+attributeID: 1.2.840.113556.1.4.1985
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Broken-Connection-Action
+adminDescription: 
+ Terminal Services Session Broken Connection Action specifies the action to tak
+ e when a Terminal Services session limit is reached. The value is 1 if the cli
+ ent session should be terminated, and 0 if the client session should be discon
+ nected.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msTSBrokenConnectionAction
+schemaIDGUID:: uhv0HARWPkaU1hoSh7csow==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Connect-Client-Drives,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Connect-Client-Drives
+attributeID: 1.2.840.113556.1.4.1986
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Connect-Client-Drives
+adminDescription: 
+ Terminal Services Session Connect Client Drives At Logon specifies whether to 
+ reconnect to mapped client drives at logon. The value is 1 if reconnection is 
+ enabled, and 0 if reconnection is disabled.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msTSConnectClientDrives
+schemaIDGUID:: rypXI90p6kSw+n6EOLmkow==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Connect-Printer-Drives,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Connect-Printer-Drives
+attributeID: 1.2.840.113556.1.4.1987
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Connect-Printer-Drives
+adminDescription: 
+ Terminal Services Session Connect Printer Drives At Logon specifies whether to
+  reconnect to mapped client printers at logon. The value is 1 if reconnection 
+ is enabled, and 0 if reconnection is disabled.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msTSConnectPrinterDrives
+schemaIDGUID:: N6nmjBuHkkyyhdmdQDZoHA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Default-To-Main-Printer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Default-To-Main-Printer
+attributeID: 1.2.840.113556.1.4.1988
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Default-To-Main-Printer
+adminDescription: 
+ Terminal Services Default To Main Printer specifies whether to print automatic
+ ally to the client's default printer. The value is 1 if printing to the client
+ 's default printer is enabled, and 0 if it is disabled.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msTSDefaultToMainPrinter
+schemaIDGUID:: veL/wM/Kx02I1WHp6Vdm9g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Endpoint-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Endpoint-Data
+attributeID: 1.2.840.113556.1.4.2070
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Endpoint-Data
+adminDescription: 
+ This attribute represents the VM Name for machine in TSV deployment.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSEndpointData
+schemaIDGUID:: B8ThQERD80CrQzYlo0pjog==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Endpoint-Plugin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Endpoint-Plugin
+attributeID: 1.2.840.113556.1.4.2072
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Endpoint-Plugin
+adminDescription: 
+ This attribute represents the name of the plugin which handles the orchestrati
+ on.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSEndpointPlugin
+schemaIDGUID:: abUIPB+AWEGxe+Nj1q5pag==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Endpoint-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Endpoint-Type
+attributeID: 1.2.840.113556.1.4.2071
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Endpoint-Type
+adminDescription: 
+ This attribute defines if the machine is a physical machine or a virtual machi
+ ne.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msTSEndpointType
+schemaIDGUID:: gN56N9jixUabzW2d7JOzXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ExpireDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ExpireDate
+attributeID: 1.2.840.113556.1.4.1993
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ExpireDate
+adminDescription: TS Expiration Date
+oMSyntax: 24
+searchFlags: 1
+lDAPDisplayName: msTSExpireDate
+schemaIDGUID:: 9U4AcMMlakSXyJlq6FZndg==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ExpireDate2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ExpireDate2
+attributeID: 1.2.840.113556.1.4.2000
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ExpireDate2
+adminDescription: Expiration date of the second TS per user CAL.
+oMSyntax: 24
+searchFlags: 1
+lDAPDisplayName: msTSExpireDate2
+schemaIDGUID:: cc/fVD+8C0+dWkskdruJJQ==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ExpireDate3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ExpireDate3
+attributeID: 1.2.840.113556.1.4.2003
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ExpireDate3
+adminDescription: Expiration date of the third TS per user CAL.
+oMSyntax: 24
+searchFlags: 1
+lDAPDisplayName: msTSExpireDate3
+schemaIDGUID:: BH+8QXK+MEm9EB80OUEjhw==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ExpireDate4,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ExpireDate4
+attributeID: 1.2.840.113556.1.4.2006
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ExpireDate4
+adminDescription: Expiration date of the fourth TS per user CAL.
+oMSyntax: 24
+searchFlags: 1
+lDAPDisplayName: msTSExpireDate4
+schemaIDGUID:: Q9wRXkogr0+gCGhjYhxvXw==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Home-Directory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Home-Directory
+attributeID: 1.2.840.113556.1.4.1977
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Home-Directory
+adminDescription: 
+ Terminal Services Home Directory specifies the Home directory for the user. Ea
+ ch user on a Terminal Server has a unique home directory. This ensures that ap
+ plication information is stored separately for each user in a multi-user envir
+ onment. To set a home directory on the local computer, specify a local path; f
+ or example, C:\Path. To set a home directory in a network environment, you mus
+ t first set the TerminalServicesHomeDrive property, and then set this property
+  to a UNC path.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSHomeDirectory
+schemaIDGUID:: 8BA1XefEIkG5H6IK3ZDiRg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Home-Drive,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Home-Drive
+attributeID: 1.2.840.113556.1.4.1978
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Home-Drive
+adminDescription: 
+ Terminal Services Home Drive specifies a Home drive for the user. In a network
+  environment, this property is a string containing a drive specification (a dr
+ ive letter followed by a colon) to which the UNC path specified in the Termina
+ lServicesHomeDirectory property is mapped. To set a home directory in a networ
+ k environment, you must first set this property and then set the TerminalServi
+ cesHomeDirectory property.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSHomeDrive
+schemaIDGUID:: 2SQKX/rf2Uysv6BoDANzHg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Initial-Program,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Initial-Program
+attributeID: 1.2.840.113556.1.4.1990
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Initial-Program
+adminDescription: 
+ Terminal Services Session Initial Program specifies the Path and file name of 
+ the application that the user wants to start automatically when the user logs 
+ on to the Terminal Server. To set an initial application to start when the use
+ r logs on, you must first set this property and then set the TerminalServicesW
+ orkDirectory property. If you set only the TerminalServicesInitialProgram prop
+ erty, the application starts in the user's session in the default user directo
+ ry.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSInitialProgram
+schemaIDGUID:: b6wBkmkd+02ALtlVEBCVmQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-LicenseVersion,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-LicenseVersion
+attributeID: 1.2.840.113556.1.4.1994
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-LicenseVersion
+adminDescription: TS License Version
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSLicenseVersion
+schemaIDGUID:: iUrpCi838k2uisZKK8RyeA==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-LicenseVersion2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-LicenseVersion2
+attributeID: 1.2.840.113556.1.4.2001
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-LicenseVersion2
+adminDescription: Version of the second TS per user CAL.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSLicenseVersion2
+schemaIDGUID:: A/ENS5eN2UWtaYXDCAuk5w==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-LicenseVersion3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-LicenseVersion3
+attributeID: 1.2.840.113556.1.4.2004
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-LicenseVersion3
+adminDescription: Version of the third TS per user CAL.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSLicenseVersion3
+schemaIDGUID:: gY+6+KtMc0mjyDptpipeMQ==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-LicenseVersion4,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-LicenseVersion4
+attributeID: 1.2.840.113556.1.4.2007
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-LicenseVersion4
+adminDescription: Version of the fourth TS per user CAL.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSLicenseVersion4
+schemaIDGUID:: l13KcAQjCkmKJ1JnjI0glQ==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ManagingLS,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ManagingLS
+attributeID: 1.2.840.113556.1.4.1995
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ManagingLS
+adminDescription: TS Managing License Server
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSManagingLS
+schemaIDGUID:: R8W887CFLEOawDBFBr8sgw==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ManagingLS2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ManagingLS2
+attributeID: 1.2.840.113556.1.4.2002
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ManagingLS2
+adminDescription: Issuer name of the second TS per user CAL.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSManagingLS2
+schemaIDGUID:: VwefNL1RyE+dZj7O6oolvg==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ManagingLS3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ManagingLS3
+attributeID: 1.2.840.113556.1.4.2005
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ManagingLS3
+adminDescription: Issuer name of the third TS per user CAL.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSManagingLS3
+schemaIDGUID:: wdzV+jAhh0yhGHUyLNZwUA==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ManagingLS4,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ManagingLS4
+attributeID: 1.2.840.113556.1.4.2008
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ManagingLS4
+adminDescription: Issuer name of the fourth TS per user CAL.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSManagingLS4
+schemaIDGUID:: oLaj9wchQEGzBnXLUhcx5Q==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Max-Connection-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Max-Connection-Time
+attributeID: 1.2.840.113556.1.4.1982
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Max-Connection-Time
+adminDescription: 
+ Terminal Services Session maximum Connection Time is Maximum duration, in minu
+ tes, of the Terminal Services session. After the specified number of minutes h
+ ave elapsed, the session can be disconnected or terminated.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msTSMaxConnectionTime
+schemaIDGUID:: 4g6WHWRklU6ngeO1zV+ViA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Max-Disconnection-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Max-Disconnection-Time
+attributeID: 1.2.840.113556.1.4.1981
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Max-Disconnection-Time
+adminDescription: 
+ Terminal Services Session Maximum Disconnection Time is maximum amount of time
+ , in minutes, that a disconnected Terminal Services session remains active on 
+ the Terminal Server. After the specified number of minutes have elapsed, the s
+ ession is terminated.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msTSMaxDisconnectionTime
+schemaIDGUID:: iXBvMthThEe4FEbYU1EQ0g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Max-Idle-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Max-Idle-Time
+attributeID: 1.2.840.113556.1.4.1983
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Max-Idle-Time
+adminDescription: 
+ Terminal Services Session Maximum Idle Time is maximum amount of time, in minu
+ tes, that the Terminal Services session can remain idle. After the specified n
+ umber of minutes have elapsed, the session can be disconnected or terminated.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msTSMaxIdleTime
+schemaIDGUID:: nJ5z/7drDkayIeJQ894PlQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Primary-Desktop,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Primary-Desktop
+attributeID: 1.2.840.113556.1.4.2073
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2170
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Primary-Desktop
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute represents the forward link to user's primary desktop.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msTSPrimaryDesktop
+schemaIDGUID:: lJYlKeQJN0KfcpMG6+Y6sg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Primary-Desktop-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Primary-Desktop-BL
+attributeID: 1.2.840.113556.1.4.2074
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2171
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Primary-Desktop-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: This attribute represents the backward link to user.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msTSPrimaryDesktopBL
+schemaIDGUID:: GNyqndFA0U6iv2ub9H09qg==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Profile-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Profile-Path
+attributeID: 1.2.840.113556.1.4.1976
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Profile-Path
+adminDescription: 
+ Terminal Services Profile Path specifies a roaming or mandatory profile path t
+ o use when the user logs on to the Terminal Server. The profile path is in the
+  following network path format: \\servername\profiles folder name\username
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSProfilePath
+schemaIDGUID:: 2zBc5mwxYECjoDh7CD8JzQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-Property01,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-Property01
+attributeID: 1.2.840.113556.1.4.1991
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-Property01
+adminDescription: Placeholder Terminal Server Property 01
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSProperty01
+schemaIDGUID:: d6mu+lWW10mFPfJ7t6rKDw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-Property02,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-Property02
+attributeID: 1.2.840.113556.1.4.1992
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-Property02
+adminDescription: Placeholder Terminal Server Property 02
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSProperty02
+schemaIDGUID:: rPaGNbdReEmrQvk2RjGY5w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Reconnection-Action,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Reconnection-Action
+attributeID: 1.2.840.113556.1.4.1984
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Reconnection-Action
+adminDescription: 
+ Terminal Services Session Reconnection Action specifies whether to allow recon
+ nection to a disconnected Terminal Services session from any client computer. 
+ The value is 1 if reconnection is allowed from the original client computer on
+ ly, and 0 if reconnection from any client computer is allowed.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msTSReconnectionAction
+schemaIDGUID:: ytduNhg+f0yrrjUaAeS09w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Remote-Control,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Remote-Control
+attributeID: 1.2.840.113556.1.4.1980
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Remote-Control
+adminDescription: 
+ Terminal Services Remote Control specifies the whether to allow remote observa
+ tion or remote control of the user's Terminal Services session. For a descript
+ ion of these values, see the RemoteControl method of the Win32_TSRemoteControl
+ Setting WMI class. 0 - Disable, 1 - EnableInputNotify, 2 - EnableInputNoNotify
+ , 3 - EnableNoInputNotify and 4 - EnableNoInputNoNotify
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msTSRemoteControl
+schemaIDGUID:: JnIXFUKGi0aMSAPd/QBJgg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Secondary-Desktop-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Secondary-Desktop-BL
+attributeID: 1.2.840.113556.1.4.2078
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2173
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Secondary-Desktop-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: This attribute represents the backward link to user.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msTSSecondaryDesktopBL
+schemaIDGUID:: rwexNAqgWkWxOd0aGxLYrw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Secondary-Desktops,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Secondary-Desktops
+attributeID: 1.2.840.113556.1.4.2075
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2172
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Secondary-Desktops
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute represents the array of forward links to user's secondary deskt
+ ops.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msTSSecondaryDesktops
+schemaIDGUID:: mqI69jG74Ui/qwpsWh05wg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Work-Directory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Work-Directory
+attributeID: 1.2.840.113556.1.4.1989
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Work-Directory
+adminDescription: 
+ Terminal Services Session Work Directory specifies the working directory path 
+ for the user. To set an initial application to start when the user logs on to 
+ the Terminal Server, you must first set the TerminalServicesInitialProgram pro
+ perty, and then set this property.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSWorkDirectory
+schemaIDGUID:: ZvZEpzw9yEyDS51Pb2h7iw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TSLS-Property01,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TSLS-Property01
+attributeID: 1.2.840.113556.1.4.2009
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TSLS-Property01
+adminDescription: Placeholder Terminal Server License Server Property 01
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSLSProperty01
+schemaIDGUID:: kDXlhx2XUkqVW0eU0VqErg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TSLS-Property02,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TSLS-Property02
+attributeID: 1.2.840.113556.1.4.2010
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TSLS-Property02
+adminDescription: Placeholder Terminal Server License Server Property 02
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSLSProperty02
+schemaIDGUID:: sHvHR24xL06X8Q1MSPyp3Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Author,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Author
+attributeID: 1.2.840.113556.1.4.1623
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-Author
+adminDescription: ms-WMI-Author
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Author
+schemaIDGUID:: wcBmY3JpZk6zpR1SrQwFRw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-ChangeDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-ChangeDate
+attributeID: 1.2.840.113556.1.4.1624
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-ChangeDate
+adminDescription: ms-WMI-ChangeDate
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-ChangeDate
+schemaIDGUID:: oPfN+UTsN0mnm82RUis6qA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Class
+attributeID: 1.2.840.113556.1.4.1676
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Class
+adminDescription: ms-WMI-Class
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Class
+schemaIDGUID:: X5LBkCRKB0uyAr4y6zyLdA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-ClassDefinition,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-ClassDefinition
+attributeID: 1.2.840.113556.1.4.1625
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-ClassDefinition
+adminDescription: ms-WMI-ClassDefinition
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-ClassDefinition
+schemaIDGUID:: vA6cK3LCy0WZ0k0OaRYy4A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-CreationDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-CreationDate
+attributeID: 1.2.840.113556.1.4.1626
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-CreationDate
+adminDescription: ms-WMI-CreationDate
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-CreationDate
+schemaIDGUID:: LgqLdFEzP0uxcS8XQU6neQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Genus,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Genus
+attributeID: 1.2.840.113556.1.4.1677
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Genus
+adminDescription: ms-WMI-Genus
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-Genus
+schemaIDGUID:: OmfIUFaPFEaTCJ4TQPua8w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-ID
+attributeID: 1.2.840.113556.1.4.1627
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-ID
+adminDescription: ms-WMI-ID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-ID
+schemaIDGUID:: A6g5k7iU90eRI6hTuf9+RQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-int8Default,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-int8Default
+attributeID: 1.2.840.113556.1.4.1632
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-int8Default
+adminDescription: ms-WMI-int8Default
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msWMI-Int8Default
+schemaIDGUID:: WgjY9FuMhUeVm9xYVWbkRQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-int8Max,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-int8Max
+attributeID: 1.2.840.113556.1.4.1633
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-int8Max
+adminDescription: ms-WMI-int8Max
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msWMI-Int8Max
+schemaIDGUID:: R7XY4z0ARkmjK9x87clrdA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-int8Min,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-int8Min
+attributeID: 1.2.840.113556.1.4.1634
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-int8Min
+adminDescription: ms-WMI-int8Min
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msWMI-Int8Min
+schemaIDGUID:: 0YkU7cxUZkCzaKANqiZk8Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-int8ValidValues,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-int8ValidValues
+attributeID: 1.2.840.113556.1.4.1635
+attributeSyntax: 2.5.5.16
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-int8ValidValues
+adminDescription: ms-WMI-int8ValidValues
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msWMI-Int8ValidValues
+schemaIDGUID:: qRk1EALAG0SYGrCz4BLIAw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intDefault,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intDefault
+attributeID: 1.2.840.113556.1.4.1628
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-intDefault
+adminDescription: ms-WMI-intDefault
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-IntDefault
+schemaIDGUID:: +AcMG912YECh4XAIRhnckA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intFlags1,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intFlags1
+attributeID: 1.2.840.113556.1.4.1678
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-intFlags1
+adminDescription: ms-WMI-intFlags1
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-intFlags1
+schemaIDGUID:: uQbgGEVk40idz7Xs+8Tfjg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intFlags2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intFlags2
+attributeID: 1.2.840.113556.1.4.1679
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-intFlags2
+adminDescription: ms-WMI-intFlags2
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-intFlags2
+schemaIDGUID:: yUJaB1rFsUWsk+sIazH2EA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intFlags3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intFlags3
+attributeID: 1.2.840.113556.1.4.1680
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-intFlags3
+adminDescription: ms-WMI-intFlags3
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-intFlags3
+schemaIDGUID:: Nqef8gne5EuyOuc0wSS6zA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intFlags4,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intFlags4
+attributeID: 1.2.840.113556.1.4.1681
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-intFlags4
+adminDescription: ms-WMI-intFlags4
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-intFlags4
+schemaIDGUID:: rKd0vZPEnEy9+lx7EZymsg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intMax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intMax
+attributeID: 1.2.840.113556.1.4.1629
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-intMax
+adminDescription: ms-WMI-intMax
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-IntMax
+schemaIDGUID:: LAyS+5TyJkSKwdJLQqorzg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intMin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intMin
+attributeID: 1.2.840.113556.1.4.1630
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-intMin
+adminDescription: ms-WMI-intMin
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-IntMin
+schemaIDGUID:: uuPCaDeYcEyY4PDDNpXQIw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intValidValues,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intValidValues
+attributeID: 1.2.840.113556.1.4.1631
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-intValidValues
+adminDescription: ms-WMI-intValidValues
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-IntValidValues
+schemaIDGUID:: 9mX1akmnckuWNDxdR+a04A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Mof,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Mof
+attributeID: 1.2.840.113556.1.4.1638
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-Mof
+adminDescription: ms-WMI-Mof
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Mof
+schemaIDGUID:: n4A2Z2QgPkShRYEmKx8TZg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Name
+attributeID: 1.2.840.113556.1.4.1639
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-Name
+adminDescription: ms-WMI-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Name
+schemaIDGUID:: 5azIxoF+r0KtcndBLFlBxA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-NormalizedClass,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-NormalizedClass
+attributeID: 1.2.840.113556.1.4.1640
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-NormalizedClass
+adminDescription: ms-WMI-NormalizedClass
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-NormalizedClass
+schemaIDGUID:: j2K66o7r6U+D/Gk75pVVmw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Parm1,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Parm1
+attributeID: 1.2.840.113556.1.4.1682
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Parm1
+adminDescription: ms-WMI-Parm1
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Parm1
+schemaIDGUID:: hRToJ7Cxi0q+3c4ZqDfibg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Parm2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Parm2
+attributeID: 1.2.840.113556.1.4.1683
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Parm2
+adminDescription: ms-WMI-Parm2
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Parm2
+schemaIDGUID:: jlADAEKcdkqo9Di/ZLqw3g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Parm3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Parm3
+attributeID: 1.2.840.113556.1.4.1684
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Parm3
+adminDescription: ms-WMI-Parm3
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Parm3
+schemaIDGUID:: to+VRb1Szkifn8JxLZ8r/A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Parm4,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Parm4
+attributeID: 1.2.840.113556.1.4.1685
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Parm4
+adminDescription: ms-WMI-Parm4
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Parm4
+schemaIDGUID:: o9UAOM7xgkulmhUo6nlfWQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-PropertyName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-PropertyName
+attributeID: 1.2.840.113556.1.4.1641
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-PropertyName
+adminDescription: ms-WMI-PropertyName
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-PropertyName
+schemaIDGUID:: gwiSq/jnck20oMBEmJdQnQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Query,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Query
+attributeID: 1.2.840.113556.1.4.1642
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-Query
+adminDescription: ms-WMI-Query
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Query
+schemaIDGUID:: Pvn/ZeM1o0WFrodsZxgpfw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-QueryLanguage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-QueryLanguage
+attributeID: 1.2.840.113556.1.4.1643
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-QueryLanguage
+adminDescription: ms-WMI-QueryLanguage
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-QueryLanguage
+schemaIDGUID:: mPo8fXvBVEKL103puTKjRQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-ScopeGuid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-ScopeGuid
+attributeID: 1.2.840.113556.1.4.1686
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-ScopeGuid
+adminDescription: ms-WMI-ScopeGuid
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-ScopeGuid
+schemaIDGUID:: UY23h19Af0uA7SvSh4b0jQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-SourceOrganization,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-SourceOrganization
+attributeID: 1.2.840.113556.1.4.1644
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-SourceOrganization
+adminDescription: ms-WMI-SourceOrganization
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-SourceOrganization
+schemaIDGUID:: bO33NF1hjUGqAFSafXvgPg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-stringDefault,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-stringDefault
+attributeID: 1.2.840.113556.1.4.1636
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-stringDefault
+adminDescription: ms-WMI-stringDefault
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-StringDefault
+schemaIDGUID:: tkIuFcU3VU+rSBYGOEqa6g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-stringValidValues,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-stringValidValues
+attributeID: 1.2.840.113556.1.4.1637
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-stringValidValues
+adminDescription: ms-WMI-stringValidValues
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-StringValidValues
+schemaIDGUID:: MZ1gN7+iWEuPUytk5XoHbQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-TargetClass,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-TargetClass
+attributeID: 1.2.840.113556.1.4.1645
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-TargetClass
+adminDescription: ms-WMI-TargetClass
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-TargetClass
+schemaIDGUID:: 1ti2lejJYUaivGpcq8BMYg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-TargetNameSpace,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-TargetNameSpace
+attributeID: 1.2.840.113556.1.4.1646
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-TargetNameSpace
+adminDescription: ms-WMI-TargetNameSpace
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-TargetNameSpace
+schemaIDGUID:: H7ZKHCA05USEnYtdv2D+tw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-TargetObject,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-TargetObject
+attributeID: 1.2.840.113556.1.4.1647
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-TargetObject
+adminDescription: ms-WMI-TargetObject
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msWMI-TargetObject
+schemaIDGUID:: pWdPxOV9H0qS2WYrVzZLdw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-TargetPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-TargetPath
+attributeID: 1.2.840.113556.1.4.1648
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-TargetPath
+adminDescription: ms-WMI-TargetPath
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-TargetPath
+schemaIDGUID:: mqcGUP5rYUWfUhPPTdPlYA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-TargetType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-TargetType
+attributeID: 1.2.840.113556.1.4.1649
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-TargetType
+adminDescription: ms-WMI-TargetType
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-TargetType
+schemaIDGUID:: Higqyism90+0GbwSM1Kk6Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Mscope-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Mscope-Id
+attributeID: 1.2.840.113556.1.4.716
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Mscope-Id
+adminDescription: Mscope-Id
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: mscopeId
+schemaIDGUID:: USc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Msi-File-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Msi-File-List
+attributeID: 1.2.840.113556.1.4.671
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Msi-File-List
+adminDescription: Msi-File-List
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msiFileList
+schemaIDGUID:: fcv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Msi-Script,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Msi-Script
+attributeID: 1.2.840.113556.1.4.814
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Msi-Script
+adminDescription: Msi-Script
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msiScript
+schemaIDGUID:: E4Ph2TmJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Msi-Script-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Msi-Script-Name
+attributeID: 1.2.840.113556.1.4.845
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Msi-Script-Name
+adminDescription: Msi-Script-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msiScriptName
+schemaIDGUID:: Yt2nlhiR0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Msi-Script-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Msi-Script-Path
+attributeID: 1.2.840.113556.1.4.15
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Msi-Script-Path
+adminDescription: Msi-Script-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msiScriptPath
+schemaIDGUID:: N3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Msi-Script-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Msi-Script-Size
+attributeID: 1.2.840.113556.1.4.846
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Msi-Script-Size
+adminDescription: Msi-Script-Size
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msiScriptSize
+schemaIDGUID:: Y92nlhiR0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Authenticate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Authenticate
+attributeID: 1.2.840.113556.1.4.923
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Authenticate
+adminDescription: MSMQ-Authenticate
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQAuthenticate
+schemaIDGUID:: JsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Base-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Base-Priority
+attributeID: 1.2.840.113556.1.4.920
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Base-Priority
+adminDescription: MSMQ-Base-Priority
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQBasePriority
+schemaIDGUID:: I8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Computer-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Computer-Type
+attributeID: 1.2.840.113556.1.4.933
+attributeSyntax: 2.5.5.4
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Computer-Type
+adminDescription: MSMQ-Computer-Type
+oMSyntax: 20
+searchFlags: 0
+lDAPDisplayName: mSMQComputerType
+schemaIDGUID:: LsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Computer-Type-Ex,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Computer-Type-Ex
+attributeID: 1.2.840.113556.1.4.1417
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Computer-Type-Ex
+adminDescription: MSMQ-Computer-Type-Ex
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mSMQComputerTypeEx
+schemaIDGUID:: 6A0SGMT0QUO9lTLrW898gA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Cost,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Cost
+attributeID: 1.2.840.113556.1.4.946
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Cost
+adminDescription: MSMQ-Cost
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQCost
+schemaIDGUID:: OsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-CSP-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-CSP-Name
+attributeID: 1.2.840.113556.1.4.940
+attributeSyntax: 2.5.5.4
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-CSP-Name
+adminDescription: MSMQ-CSP-Name
+oMSyntax: 20
+searchFlags: 0
+lDAPDisplayName: mSMQCSPName
+schemaIDGUID:: NMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Dependent-Client-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Dependent-Client-Service
+attributeID: 1.2.840.113556.1.4.1239
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Dependent-Client-Service
+adminDescription: MSMQ-Dependent-Client-Service
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQDependentClientService
+schemaIDGUID:: gw35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Dependent-Client-Services,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Dependent-Client-Services
+attributeID: 1.2.840.113556.1.4.1226
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Dependent-Client-Services
+adminDescription: MSMQ-Dependent-Client-Services
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQDependentClientServices
+schemaIDGUID:: dg35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Digests,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Digests
+attributeID: 1.2.840.113556.1.4.948
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Digests
+adminDescription: MSMQ-Digests
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: mSMQDigests
+schemaIDGUID:: PMMNmgDB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Digests-Mig,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Digests-Mig
+attributeID: 1.2.840.113556.1.4.966
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Digests-Mig
+adminDescription: MSMQ-Digests-Mig
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQDigestsMig
+schemaIDGUID:: 4NhxDzva0RGQpQDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Ds-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Ds-Service
+attributeID: 1.2.840.113556.1.4.1238
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Ds-Service
+adminDescription: MSMQ-Ds-Service
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQDsService
+schemaIDGUID:: gg35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Ds-Services,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Ds-Services
+attributeID: 1.2.840.113556.1.4.1228
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Ds-Services
+adminDescription: MSMQ-Ds-Services
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQDsServices
+schemaIDGUID:: eA35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Encrypt-Key,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Encrypt-Key
+attributeID: 1.2.840.113556.1.4.936
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Encrypt-Key
+adminDescription: MSMQ-Encrypt-Key
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQEncryptKey
+schemaIDGUID:: McMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Foreign,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Foreign
+attributeID: 1.2.840.113556.1.4.934
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Foreign
+adminDescription: MSMQ-Foreign
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQForeign
+schemaIDGUID:: L8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-In-Routing-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-In-Routing-Servers
+attributeID: 1.2.840.113556.1.4.929
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-In-Routing-Servers
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-In-Routing-Servers
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQInRoutingServers
+schemaIDGUID:: LMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Interval1,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Interval1
+attributeID: 1.2.840.113556.1.4.1308
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Interval1
+adminDescription: MSMQ-Interval1
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQInterval1
+schemaIDGUID:: qiWojns70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Interval2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Interval2
+attributeID: 1.2.840.113556.1.4.1309
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Interval2
+adminDescription: MSMQ-Interval2
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQInterval2
+schemaIDGUID:: Uo+4mXs70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Journal,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Journal
+attributeID: 1.2.840.113556.1.4.918
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Journal
+adminDescription: MSMQ-Journal
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQJournal
+schemaIDGUID:: IcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Journal-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Journal-Quota
+attributeID: 1.2.840.113556.1.4.921
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Journal-Quota
+adminDescription: MSMQ-Journal-Quota
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQJournalQuota
+schemaIDGUID:: JMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Label,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Label
+attributeID: 1.2.840.113556.1.4.922
+attributeSyntax: 2.5.5.4
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 124
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Label
+adminDescription: MSMQ-Label
+oMSyntax: 20
+searchFlags: 1
+lDAPDisplayName: mSMQLabel
+schemaIDGUID:: JcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Label-Ex,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Label-Ex
+attributeID: 1.2.840.113556.1.4.1415
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 124
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Label-Ex
+adminDescription: MSMQ-Label-Ex
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: mSMQLabelEx
+schemaIDGUID:: Ja2ARQfU0kitJEPm5WeT1w==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Long-Lived,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Long-Lived
+attributeID: 1.2.840.113556.1.4.941
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Long-Lived
+adminDescription: MSMQ-Long-Lived
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQLongLived
+schemaIDGUID:: NcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Migrated,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Migrated
+attributeID: 1.2.840.113556.1.4.952
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Migrated
+adminDescription: MSMQ-Migrated
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQMigrated
+schemaIDGUID:: P8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Multicast-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Multicast-Address
+attributeID: 1.2.840.113556.1.4.1714
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 9
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Multicast-Address
+adminDescription: MSMQ-Multicast-Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: MSMQ-MulticastAddress
+schemaIDGUID:: EkQvHQ3xN0ObSG5bElzSZQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Name-Style,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Name-Style
+attributeID: 1.2.840.113556.1.4.939
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Name-Style
+adminDescription: MSMQ-Name-Style
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQNameStyle
+schemaIDGUID:: M8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Nt4-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Nt4-Flags
+attributeID: 1.2.840.113556.1.4.964
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Nt4-Flags
+adminDescription: MSMQ-Nt4-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQNt4Flags
+schemaIDGUID:: WKE463/V0RGQogDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Nt4-Stub,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Nt4-Stub
+attributeID: 1.2.840.113556.1.4.960
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Nt4-Stub
+adminDescription: MSMQ-Nt4-Stub
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQNt4Stub
+schemaIDGUID:: 5kuRb37V0RGQogDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-OS-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-OS-Type
+attributeID: 1.2.840.113556.1.4.935
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-OS-Type
+adminDescription: MSMQ-OS-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQOSType
+schemaIDGUID:: MMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Out-Routing-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Out-Routing-Servers
+attributeID: 1.2.840.113556.1.4.928
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Out-Routing-Servers
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-Out-Routing-Servers
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQOutRoutingServers
+schemaIDGUID:: K8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Owner-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Owner-ID
+attributeID: 1.2.840.113556.1.4.925
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Owner-ID
+adminDescription: MSMQ-Owner-ID
+oMSyntax: 4
+searchFlags: 9
+lDAPDisplayName: mSMQOwnerID
+schemaFlagsEx: 1
+schemaIDGUID:: KMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Prev-Site-Gates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Prev-Site-Gates
+attributeID: 1.2.840.113556.1.4.1225
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Prev-Site-Gates
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-Prev-Site-Gates
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQPrevSiteGates
+schemaIDGUID:: dQ35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Privacy-Level,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Privacy-Level
+attributeID: 1.2.840.113556.1.4.924
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Privacy-Level
+adminDescription: MSMQ-Privacy-Level
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: mSMQPrivacyLevel
+schemaIDGUID:: J8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-QM-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-QM-ID
+attributeID: 1.2.840.113556.1.4.951
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-QM-ID
+adminDescription: MSMQ-QM-ID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQQMID
+schemaIDGUID:: PsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Queue-Journal-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Queue-Journal-Quota
+attributeID: 1.2.840.113556.1.4.963
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Queue-Journal-Quota
+adminDescription: MSMQ-Queue-Journal-Quota
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQQueueJournalQuota
+schemaIDGUID:: ZhJEjn/V0RGQogDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Queue-Name-Ext,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Queue-Name-Ext
+attributeID: 1.2.840.113556.1.4.1243
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 92
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Queue-Name-Ext
+adminDescription: MSMQ-Queue-Name-Ext
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mSMQQueueNameExt
+schemaIDGUID:: hw35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Queue-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Queue-Quota
+attributeID: 1.2.840.113556.1.4.962
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Queue-Quota
+adminDescription: MSMQ-Queue-Quota
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQQueueQuota
+schemaIDGUID:: Eo5rP3/V0RGQogDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Queue-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Queue-Type
+attributeID: 1.2.840.113556.1.4.917
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Queue-Type
+adminDescription: MSMQ-Queue-Type
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: mSMQQueueType
+schemaIDGUID:: IMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Quota
+attributeID: 1.2.840.113556.1.4.919
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Quota
+adminDescription: MSMQ-Quota
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQQuota
+schemaIDGUID:: IsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Recipient-FormatName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Recipient-FormatName
+attributeID: 1.2.840.113556.1.4.1695
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Recipient-FormatName
+adminDescription: MSMQ-Recipient-FormatName
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msMQ-Recipient-FormatName
+schemaIDGUID:: SGf+O0S1WkiwZxsxDEM0vw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Routing-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Routing-Service
+attributeID: 1.2.840.113556.1.4.1237
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Routing-Service
+adminDescription: MSMQ-Routing-Service
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQRoutingService
+schemaIDGUID:: gQ35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Routing-Services,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Routing-Services
+attributeID: 1.2.840.113556.1.4.1227
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Routing-Services
+adminDescription: MSMQ-Routing-Services
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQRoutingServices
+schemaIDGUID:: dw35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Secured-Source,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Secured-Source
+attributeID: 1.2.840.113556.1.4.1713
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Secured-Source
+adminDescription: MSMQ-Secured-Source
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: MSMQ-SecuredSource
+schemaIDGUID:: GyLwiwZ6Y02R8BSZlBgT0w==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Service-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Service-Type
+attributeID: 1.2.840.113556.1.4.930
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Service-Type
+adminDescription: MSMQ-Service-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQServiceType
+schemaIDGUID:: LcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Services,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Services
+attributeID: 1.2.840.113556.1.4.950
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Services
+adminDescription: MSMQ-Services
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQServices
+schemaIDGUID:: PcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Sign-Certificates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Sign-Certificates
+attributeID: 1.2.840.113556.1.4.947
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1048576
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Sign-Certificates
+adminDescription: MSMQ-Sign-Certificates
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQSignCertificates
+schemaIDGUID:: O8MNmgDB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Sign-Certificates-Mig,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Sign-Certificates-Mig
+attributeID: 1.2.840.113556.1.4.967
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1048576
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Sign-Certificates-Mig
+adminDescription: MSMQ-Sign-Certificates-Mig
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQSignCertificatesMig
+schemaIDGUID:: 6riBODva0RGQpQDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Sign-Key,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Sign-Key
+attributeID: 1.2.840.113556.1.4.937
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Sign-Key
+adminDescription: MSMQ-Sign-Key
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQSignKey
+schemaIDGUID:: MsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-1,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-1
+attributeID: 1.2.840.113556.1.4.943
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-1
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-Site-1
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQSite1
+schemaIDGUID:: N8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-2
+attributeID: 1.2.840.113556.1.4.944
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-2
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-Site-2
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQSite2
+schemaIDGUID:: OMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-Foreign,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-Foreign
+attributeID: 1.2.840.113556.1.4.961
+attributeSyntax: 2.5.5.8
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-Foreign
+adminDescription: MSMQ-Site-Foreign
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQSiteForeign
+schemaIDGUID:: ip0S/X7V0RGQogDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-Gates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-Gates
+attributeID: 1.2.840.113556.1.4.945
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-Gates
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-Site-Gates
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQSiteGates
+schemaIDGUID:: OcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-Gates-Mig,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-Gates-Mig
+attributeID: 1.2.840.113556.1.4.1310
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-Gates-Mig
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-Site-Gates-Mig
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQSiteGatesMig
+schemaIDGUID:: Ukhw4ns70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-ID
+attributeID: 1.2.840.113556.1.4.953
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-ID
+adminDescription: MSMQ-Site-ID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQSiteID
+schemaIDGUID:: QMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-Name
+attributeID: 1.2.840.113556.1.4.965
+attributeSyntax: 2.5.5.4
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-Name
+adminDescription: MSMQ-Site-Name
+oMSyntax: 20
+searchFlags: 0
+lDAPDisplayName: mSMQSiteName
+schemaIDGUID:: srSt/zne0RGQpQDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-Name-Ex,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-Name-Ex
+attributeID: 1.2.840.113556.1.4.1416
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-Name-Ex
+adminDescription: MSMQ-Site-Name-Ex
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mSMQSiteNameEx
+schemaIDGUID:: +kQhQn/BSUaU1pcx7SeE7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Sites,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Sites
+attributeID: 1.2.840.113556.1.4.927
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Sites
+adminDescription: MSMQ-Sites
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQSites
+schemaIDGUID:: KsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Transactional,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Transactional
+attributeID: 1.2.840.113556.1.4.926
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Transactional
+adminDescription: MSMQ-Transactional
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQTransactional
+schemaIDGUID:: KcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-User-Sid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-User-Sid
+attributeID: 1.2.840.113556.1.4.1337
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-User-Sid
+adminDescription: MSMQ-User-Sid
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQUserSid
+schemaIDGUID:: Mq6KxflW0hGQ0ADAT9kasQ==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Version
+attributeID: 1.2.840.113556.1.4.942
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Version
+adminDescription: MSMQ-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQVersion
+schemaIDGUID:: NsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msNPAllowDialin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msNPAllowDialin
+attributeID: 1.2.840.113556.1.4.1119
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msNPAllowDialin
+adminDescription: msNPAllowDialin
+oMSyntax: 1
+searchFlags: 16
+lDAPDisplayName: msNPAllowDialin
+schemaIDGUID:: hZAM2/LB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msNPCalledStationID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msNPCalledStationID
+attributeID: 1.2.840.113556.1.4.1123
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msNPCalledStationID
+adminDescription: msNPCalledStationID
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: msNPCalledStationID
+schemaIDGUID:: iZAM2/LB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msNPCallingStationID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msNPCallingStationID
+attributeID: 1.2.840.113556.1.4.1124
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msNPCallingStationID
+adminDescription: msNPCallingStationID
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msNPCallingStationID
+schemaIDGUID:: ipAM2/LB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msNPSavedCallingStationID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msNPSavedCallingStationID
+attributeID: 1.2.840.113556.1.4.1130
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msNPSavedCallingStationID
+adminDescription: msNPSavedCallingStationID
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msNPSavedCallingStationID
+schemaIDGUID:: jpAM2/LB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRADIUSCallbackNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRADIUSCallbackNumber
+attributeID: 1.2.840.113556.1.4.1145
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRADIUSCallbackNumber
+adminDescription: msRADIUSCallbackNumber
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUSCallbackNumber
+schemaIDGUID:: nJAM2/LB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRADIUSFramedIPAddress,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRADIUSFramedIPAddress
+attributeID: 1.2.840.113556.1.4.1153
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRADIUSFramedIPAddress
+adminDescription: msRADIUSFramedIPAddress
+oMSyntax: 2
+searchFlags: 16
+lDAPDisplayName: msRADIUSFramedIPAddress
+schemaIDGUID:: pJAM2/LB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRADIUSFramedRoute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRADIUSFramedRoute
+attributeID: 1.2.840.113556.1.4.1158
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRADIUSFramedRoute
+adminDescription: msRADIUSFramedRoute
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUSFramedRoute
+schemaIDGUID:: qZAM2/LB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRADIUSServiceType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRADIUSServiceType
+attributeID: 1.2.840.113556.1.4.1171
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRADIUSServiceType
+adminDescription: msRADIUSServiceType
+oMSyntax: 2
+searchFlags: 16
+lDAPDisplayName: msRADIUSServiceType
+schemaIDGUID:: tpAM2/LB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRASSavedCallbackNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRASSavedCallbackNumber
+attributeID: 1.2.840.113556.1.4.1189
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRASSavedCallbackNumber
+adminDescription: msRASSavedCallbackNumber
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRASSavedCallbackNumber
+schemaIDGUID:: xZAM2/LB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRASSavedFramedIPAddress,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRASSavedFramedIPAddress
+attributeID: 1.2.840.113556.1.4.1190
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRASSavedFramedIPAddress
+adminDescription: msRASSavedFramedIPAddress
+oMSyntax: 2
+searchFlags: 16
+lDAPDisplayName: msRASSavedFramedIPAddress
+schemaIDGUID:: xpAM2/LB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRASSavedFramedRoute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRASSavedFramedRoute
+attributeID: 1.2.840.113556.1.4.1191
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRASSavedFramedRoute
+adminDescription: msRASSavedFramedRoute
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRASSavedFramedRoute
+schemaIDGUID:: x5AM2/LB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Aliases,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Aliases
+attributeID: 1.2.840.113556.1.6.18.1.323
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 153600
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Aliases
+adminDescription: part of the NIS mail map
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: msSFU30Aliases
+schemaIDGUID:: cfHrIJrGMUyyndy4N9iRLQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Crypt-Method,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Crypt-Method
+attributeID: 1.2.840.113556.1.6.18.1.352
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Crypt-Method
+adminDescription: 
+ used to store the method used for encrypting the UNIX passwords, either MD5 or
+  crypt.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: msSFU30CryptMethod
+schemaIDGUID:: o9IDRXA9uEGwd9/xI8FYZQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Domains,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Domains
+attributeID: 1.2.840.113556.1.6.18.1.340
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 256000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Domains
+adminDescription: 
+ stores the list of UNIX NIS domains migrated to the same AD NIS domain
+oMSyntax: 22
+searchFlags: 1
+lDAPDisplayName: msSFU30Domains
+schemaIDGUID:: 014JkzBv3Uu3NGXVafX3yQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Field-Separator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Field-Separator
+attributeID: 1.2.840.113556.1.6.18.1.302
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 50
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Field-Separator
+adminDescription: stores Field Separator for each NIS map
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30FieldSeparator
+schemaIDGUID:: QhrhooHnoUyn+uwwf2K2oQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Intra-Field-Separator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Intra-Field-Separator
+attributeID: 1.2.840.113556.1.6.18.1.303
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 50
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Intra-Field-Separator
+adminDescription: 
+ This attribute stores intra field separators for each NIS map
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30IntraFieldSeparator
+schemaIDGUID:: 8K6yleQnuUyICqLZqeojuA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Is-Valid-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Is-Valid-Container
+attributeID: 1.2.840.113556.1.6.18.1.350
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Is-Valid-Container
+adminDescription: 
+ internal to Server for NIS and stores whether the current search root is valid
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: msSFU30IsValidContainer
+schemaIDGUID:: 9ULqDY0nV0G0p0m1lmSRWw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Key-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Key-Attributes
+attributeID: 1.2.840.113556.1.6.18.1.301
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Key-Attributes
+adminDescription: 
+ stores the names of the attributes which the Server for NIS will use as keys t
+ o search a map
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30KeyAttributes
+schemaIDGUID:: mNbsMp7OlEihNHrXawgugw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Key-Values,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Key-Values
+attributeID: 1.2.840.113556.1.6.18.1.324
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 10240
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Key-Values
+adminDescription: 
+ This attribute is internal to Server for NIS and is used as a scratch pad
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: msSFU30KeyValues
+schemaIDGUID:: NQKDN+nl8kaSK9jUTwPnrg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Map-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Map-Filter
+attributeID: 1.2.840.113556.1.6.18.1.306
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Map-Filter
+adminDescription: 
+ stores a string containing map keys, domain name and so on. The string is used
+  to filter data in a map
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30MapFilter
+schemaIDGUID:: AW6xt08CI06tDXHxpAa2hA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Master-Server-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Master-Server-Name
+attributeID: 1.2.840.113556.1.6.18.1.307
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Master-Server-Name
+adminDescription: 
+ The value in this container is returned when Server for NIS processes a yp_mas
+ ter API call
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msSFU30MasterServerName
+schemaIDGUID:: ogjJTBieDkGEWfF8xCICCg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Max-Gid-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Max-Gid-Number
+attributeID: 1.2.840.113556.1.6.18.1.342
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Max-Gid-Number
+adminDescription: stores the maximum number of groups migrated to a NIS domain
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: msSFU30MaxGidNumber
+schemaIDGUID:: pmruBDv4mka/WjwA02NGaQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Max-Uid-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Max-Uid-Number
+attributeID: 1.2.840.113556.1.6.18.1.343
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Max-Uid-Number
+adminDescription: stores the maximum number of users migrated to a NIS domain
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: msSFU30MaxUidNumber
+schemaIDGUID:: N4SZ7ETZKEqFACF1iK38dQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Name
+attributeID: 1.2.840.113556.1.6.18.1.309
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Name
+adminDescription: stores the name of a map
+oMSyntax: 22
+searchFlags: 1
+lDAPDisplayName: msSFU30Name
+schemaIDGUID:: 09HFFsI1YUCocKXO/agE8A==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Netgroup-Host-At-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Netgroup-Host-At-Domain
+attributeID: 1.2.840.113556.1.6.18.1.348
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Netgroup-Host-At-Domain
+adminDescription: 
+ Part of the netgroup map.This attribute represents computed strings such as ho
+ st@domain
+oMSyntax: 22
+searchFlags: 1
+lDAPDisplayName: msSFU30NetgroupHostAtDomain
+schemaIDGUID:: Zb/Sl2YEUkiiWuwg9X7jbA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Netgroup-User-At-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Netgroup-User-At-Domain
+attributeID: 1.2.840.113556.1.6.18.1.349
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Netgroup-User-At-Domain
+adminDescription: 
+ Part of the netgroup map.This attribute represents computed strings such as us
+ er@domain
+oMSyntax: 22
+searchFlags: 1
+lDAPDisplayName: msSFU30NetgroupUserAtDomain
+schemaIDGUID:: 7U7oqTDmZ0u0s8rSqC00Xg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Nis-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Nis-Domain
+attributeID: 1.2.840.113556.1.6.18.1.339
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Nis-Domain
+adminDescription: This attribute is used to store the NIS domain
+oMSyntax: 22
+searchFlags: 9
+lDAPDisplayName: msSFU30NisDomain
+schemaIDGUID:: 47LjnvPH+EWMnxOCvkmE0g==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-NSMAP-Field-Position,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-NSMAP-Field-Position
+attributeID: 1.2.840.113556.1.6.18.1.345
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-NSMAP-Field-Position
+adminDescription: 
+ This attribute stores the "field position", to extract the key from a non-stan
+ dard map
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: msSFU30NSMAPFieldPosition
+schemaIDGUID:: Xp1cWJn1B0+c+UNzr0uJ0w==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Order-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Order-Number
+attributeID: 1.2.840.113556.1.6.18.1.308
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Order-Number
+adminDescription: 
+ Every time the data stored in the msSFU-30-Domain-Info object is changed, the 
+ value of this attribute is incremented. Server for NIS uses this object to che
+ ck if the map has changed. This number is used to track data changes between y
+ pxfer calls
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msSFU30OrderNumber
+schemaIDGUID:: BV9iAu7Rn0+zZlUma+y5XA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Posix-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Posix-Member
+attributeID: 1.2.840.113556.1.6.18.1.346
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2030
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Posix-Member
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute is used to store the DN display name of users which are a part 
+ of the group
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msSFU30PosixMember
+schemaIDGUID:: Ldh1yEgo7Ey7UDxUhtCdVw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Posix-Member-Of,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Posix-Member-Of
+attributeID: 1.2.840.113556.1.6.18.1.347
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2031
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Posix-Member-Of
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ stores the display names of groups to which this user belongs to
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msSFU30PosixMemberOf
+schemaIDGUID:: kmvXe0QyikOtpiT16jQ4Hg==
+systemOnly: FALSE
+systemFlags: 1
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Result-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Result-Attributes
+attributeID: 1.2.840.113556.1.6.18.1.305
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Result-Attributes
+adminDescription: Server for NIS uses this object as a scratch pad
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30ResultAttributes
+schemaIDGUID:: trBn4UVAM0SsNVP5ctRcug==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Search-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Search-Attributes
+attributeID: 1.2.840.113556.1.6.18.1.304
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Search-Attributes
+adminDescription: 
+ stores the names of the attributes Server for NIS needs while searching a map
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30SearchAttributes
+schemaIDGUID:: 8C2a71cuyEiJUAzGdABHMw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Search-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Search-Container
+attributeID: 1.2.840.113556.1.6.18.1.300
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Search-Container
+adminDescription: 
+ stores the identifier of an object from where each search will begin
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30SearchContainer
+schemaIDGUID:: or/uJ+v7jk+q1sUCR5lCkQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Yp-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Yp-Servers
+attributeID: 1.2.840.113556.1.6.18.1.341
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 20480
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Yp-Servers
+adminDescription: 
+ Stores ypserves list, list of "Servers for NIS" in a NIS domain
+oMSyntax: 22
+searchFlags: 1
+lDAPDisplayName: msSFU30YpServers
+schemaIDGUID:: S5RKCFDh/kuTRUDhrtrrug==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Must-Contain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Must-Contain
+attributeID: 1.2.840.113556.1.2.24
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Must-Contain
+adminDescription: Must-Contain
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: mustContain
+schemaFlagsEx: 1
+schemaIDGUID:: 03mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Name-Service-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Name-Service-Flags
+attributeID: 1.2.840.113556.1.4.753
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Name-Service-Flags
+adminDescription: Name-Service-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: nameServiceFlags
+schemaIDGUID:: QCghgNxL0RGpxAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NC-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NC-Name
+attributeID: 1.2.840.113556.1.2.16
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NC-Name
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: NC-Name
+oMSyntax: 127
+searchFlags: 8
+lDAPDisplayName: nCName
+schemaFlagsEx: 1
+schemaIDGUID:: 1nmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NETBIOS-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NETBIOS-Name
+attributeID: 1.2.840.113556.1.4.87
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NETBIOS-Name
+adminDescription: NETBIOS-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: nETBIOSName
+schemaFlagsEx: 1
+schemaIDGUID:: 2HmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Allow-New-Clients,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Allow-New-Clients
+attributeID: 1.2.840.113556.1.4.849
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Allow-New-Clients
+adminDescription: netboot-Allow-New-Clients
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: netbootAllowNewClients
+schemaIDGUID:: djA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Answer-Only-Valid-Clients,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Answer-Only-Valid-Clients
+attributeID: 1.2.840.113556.1.4.854
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Answer-Only-Valid-Clients
+adminDescription: netboot-Answer-Only-Valid-Clients
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: netbootAnswerOnlyValidClients
+schemaIDGUID:: ezA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Answer-Requests,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Answer-Requests
+attributeID: 1.2.840.113556.1.4.853
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Answer-Requests
+adminDescription: netboot-Answer-Requests
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: netbootAnswerRequests
+schemaIDGUID:: ejA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Current-Client-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Current-Client-Count
+attributeID: 1.2.840.113556.1.4.852
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Current-Client-Count
+adminDescription: netboot-Current-Client-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: netbootCurrentClientCount
+schemaIDGUID:: eTA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Netboot-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Netboot-GUID
+attributeID: 1.2.840.113556.1.4.359
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Netboot-GUID
+adminDescription: Netboot-GUID
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: netbootGUID
+schemaIDGUID:: IYmXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Netboot-Initialization,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Netboot-Initialization
+attributeID: 1.2.840.113556.1.4.358
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Netboot-Initialization
+adminDescription: Netboot-Initialization
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootInitialization
+schemaIDGUID:: IImXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-IntelliMirror-OSes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-IntelliMirror-OSes
+attributeID: 1.2.840.113556.1.4.857
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-IntelliMirror-OSes
+adminDescription: netboot-IntelliMirror-OSes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootIntelliMirrorOSes
+schemaIDGUID:: fjA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Limit-Clients,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Limit-Clients
+attributeID: 1.2.840.113556.1.4.850
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Limit-Clients
+adminDescription: netboot-Limit-Clients
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: netbootLimitClients
+schemaIDGUID:: dzA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Locally-Installed-OSes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Locally-Installed-OSes
+attributeID: 1.2.840.113556.1.4.859
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Locally-Installed-OSes
+adminDescription: netboot-Locally-Installed-OSes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootLocallyInstalledOSes
+schemaIDGUID:: gDA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Netboot-Machine-File-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Netboot-Machine-File-Path
+attributeID: 1.2.840.113556.1.4.361
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Netboot-Machine-File-Path
+adminDescription: Netboot-Machine-File-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootMachineFilePath
+schemaIDGUID:: I4mXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Max-Clients,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Max-Clients
+attributeID: 1.2.840.113556.1.4.851
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Max-Clients
+adminDescription: netboot-Max-Clients
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: netbootMaxClients
+schemaIDGUID:: eDA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Netboot-Mirror-Data-File,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Netboot-Mirror-Data-File
+attributeID: 1.2.840.113556.1.4.1241
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Netboot-Mirror-Data-File
+adminDescription: Netboot-Mirror-Data-File
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootMirrorDataFile
+schemaIDGUID:: hQ35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-New-Machine-Naming-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-New-Machine-Naming-Policy
+attributeID: 1.2.840.113556.1.4.855
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-New-Machine-Naming-Policy
+adminDescription: netboot-New-Machine-Naming-Policy
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootNewMachineNamingPolicy
+schemaIDGUID:: fDA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-New-Machine-OU,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-New-Machine-OU
+attributeID: 1.2.840.113556.1.4.856
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-New-Machine-OU
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: netboot-New-Machine-OU
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: netbootNewMachineOU
+schemaIDGUID:: fTA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-SCP-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-SCP-BL
+attributeID: 1.2.840.113556.1.4.864
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 101
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-SCP-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: netboot-SCP-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: netbootSCPBL
+schemaIDGUID:: gjA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Server
+attributeID: 1.2.840.113556.1.4.860
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 100
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Server
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: netboot-Server
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: netbootServer
+schemaIDGUID:: gTA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Netboot-SIF-File,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Netboot-SIF-File
+attributeID: 1.2.840.113556.1.4.1240
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Netboot-SIF-File
+adminDescription: Netboot-SIF-File
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootSIFFile
+schemaIDGUID:: hA35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Tools,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Tools
+attributeID: 1.2.840.113556.1.4.858
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Tools
+adminDescription: netboot-Tools
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootTools
+schemaIDGUID:: fzA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Network-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Network-Address
+attributeID: 1.2.840.113556.1.2.459
+attributeSyntax: 2.5.5.4
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 256
+mAPIID: 33136
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Network-Address
+adminDescription: Network-Address
+oMSyntax: 20
+searchFlags: 0
+lDAPDisplayName: networkAddress
+schemaIDGUID:: 2XmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Next-Level-Store,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Next-Level-Store
+attributeID: 1.2.840.113556.1.4.214
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Next-Level-Store
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Next-Level-Store
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: nextLevelStore
+schemaIDGUID:: 2nmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Next-Rid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Next-Rid
+attributeID: 1.2.840.113556.1.4.88
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Next-Rid
+adminDescription: Next-Rid
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: nextRid
+schemaFlagsEx: 1
+schemaIDGUID:: 23mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisMapEntry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NisMapEntry
+attributeID: 1.3.6.1.1.1.1.27
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: nisMapEntry
+adminDescription: This holds one map entry of a non standard map.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: nisMapEntry
+schemaIDGUID:: biGVSsD8LkC1f1lxYmFIqQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisMapName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NisMapName
+attributeID: 1.3.6.1.1.1.1.26
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: nisMapName
+adminDescription: 
+ The attribute contains the name of the map to which the object belongs.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: nisMapName
+schemaIDGUID:: eTydlpoOlU2wrL3ef/jzoQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisNetgroupTriple,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NisNetgroupTriple
+attributeID: 1.3.6.1.1.1.1.14
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 153600
+showInAdvancedViewOnly: TRUE
+adminDisplayName: nisNetgroupTriple
+adminDescription: This attribute represents one entry from a netgroup map.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: nisNetgroupTriple
+schemaIDGUID:: dC4DqO8w9U+v/A/CF3g/7A==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Non-Security-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Non-Security-Member
+attributeID: 1.2.840.113556.1.4.530
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 50
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Non-Security-Member
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Non-Security-Member
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: nonSecurityMember
+schemaIDGUID:: GIBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Non-Security-Member-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Non-Security-Member-BL
+attributeID: 1.2.840.113556.1.4.531
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 51
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Non-Security-Member-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Non-Security-Member-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: nonSecurityMemberBL
+schemaIDGUID:: GYBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Notification-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Notification-List
+attributeID: 1.2.840.113556.1.4.303
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Notification-List
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Notification-List
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: notificationList
+schemaIDGUID:: VloZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NT-Group-Members,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NT-Group-Members
+attributeID: 1.2.840.113556.1.4.89
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NT-Group-Members
+adminDescription: NT-Group-Members
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: nTGroupMembers
+schemaIDGUID:: 33mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NT-Mixed-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NT-Mixed-Domain
+attributeID: 1.2.840.113556.1.4.357
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NT-Mixed-Domain
+adminDescription: NT-Mixed-Domain
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: nTMixedDomain
+schemaFlagsEx: 1
+schemaIDGUID:: H4mXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Nt-Pwd-History,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Nt-Pwd-History
+attributeID: 1.2.840.113556.1.4.94
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Nt-Pwd-History
+adminDescription: Nt-Pwd-History
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: ntPwdHistory
+schemaFlagsEx: 1
+schemaIDGUID:: 4nmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NT-Security-Descriptor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NT-Security-Descriptor
+attributeID: 1.2.840.113556.1.2.281
+attributeSyntax: 2.5.5.15
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+mAPIID: 32787
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NT-Security-Descriptor
+adminDescription: NT-Security-Descriptor
+oMSyntax: 66
+searchFlags: 8
+lDAPDisplayName: nTSecurityDescriptor
+schemaFlagsEx: 1
+schemaIDGUID:: 43mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 26
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Obj-Dist-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Obj-Dist-Name
+attributeID: 2.5.4.49
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+mAPIID: 32828
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Obj-Dist-Name
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Obj-Dist-Name
+oMSyntax: 127
+searchFlags: 8
+lDAPDisplayName: distinguishedName
+schemaFlagsEx: 1
+schemaIDGUID:: 5HmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Category,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Category
+attributeID: 1.2.840.113556.1.4.782
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Category
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Object-Category
+oMSyntax: 127
+searchFlags: 1
+lDAPDisplayName: objectCategory
+schemaFlagsEx: 1
+schemaIDGUID:: aXPZJnBg0RGpxgAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Class
+attributeID: 2.5.4.0
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Class
+adminDescription: Object-Class
+oMSyntax: 6
+searchFlags: 9
+lDAPDisplayName: objectClass
+schemaFlagsEx: 1
+schemaIDGUID:: 5XmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Class-Category,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Class-Category
+attributeID: 1.2.840.113556.1.2.370
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 3
+mAPIID: 33014
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Class-Category
+adminDescription: Object-Class-Category
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: objectClassCategory
+schemaFlagsEx: 1
+schemaIDGUID:: 5nmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Classes
+attributeID: 2.5.21.6
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Classes
+adminDescription: Object-Classes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: objectClasses
+schemaFlagsEx: 1
+schemaIDGUID:: S9l6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Count
+attributeID: 1.2.840.113556.1.4.506
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Count
+adminDescription: Object-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: objectCount
+schemaIDGUID:: FqKqNJm20BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Guid
+attributeID: 1.2.840.113556.1.4.2
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+mAPIID: 35949
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Guid
+adminDescription: Object-Guid
+oMSyntax: 4
+searchFlags: 9
+lDAPDisplayName: objectGUID
+schemaFlagsEx: 1
+schemaIDGUID:: 53mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Sid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Sid
+attributeID: 1.2.840.113556.1.4.146
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 28
+mAPIID: 32807
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Sid
+adminDescription: Object-Sid
+oMSyntax: 4
+searchFlags: 9
+lDAPDisplayName: objectSid
+schemaFlagsEx: 1
+schemaIDGUID:: 6HmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Version
+attributeID: 1.2.840.113556.1.2.76
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 33015
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Version
+adminDescription: Object-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: objectVersion
+schemaFlagsEx: 1
+schemaIDGUID:: SFh3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OEM-Information,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: OEM-Information
+attributeID: 1.2.840.113556.1.4.151
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: OEM-Information
+adminDescription: OEM-Information
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: oEMInformation
+schemaFlagsEx: 1
+schemaIDGUID:: 6nmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OM-Object-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: OM-Object-Class
+attributeID: 1.2.840.113556.1.2.218
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+mAPIID: 33021
+showInAdvancedViewOnly: TRUE
+adminDisplayName: OM-Object-Class
+adminDescription: OM-Object-Class
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: oMObjectClass
+schemaFlagsEx: 1
+schemaIDGUID:: 7HmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OM-Syntax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: OM-Syntax
+attributeID: 1.2.840.113556.1.2.231
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 33022
+showInAdvancedViewOnly: TRUE
+adminDisplayName: OM-Syntax
+adminDescription: OM-Syntax
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: oMSyntax
+schemaFlagsEx: 1
+schemaIDGUID:: 7XmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OMT-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: OMT-Guid
+attributeID: 1.2.840.113556.1.4.505
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: OMT-Guid
+adminDescription: OMT-Guid
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: oMTGuid
+schemaIDGUID:: 8wys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OMT-Indx-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: OMT-Indx-Guid
+attributeID: 1.2.840.113556.1.4.333
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: OMT-Indx-Guid
+adminDescription: OMT-Indx-Guid
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: oMTIndxGuid
+schemaIDGUID:: +nUAH0B+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OncRpcNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: OncRpcNumber
+attributeID: 1.3.6.1.1.1.1.18
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: oncRpcNumber
+adminDescription: 
+ This is a part of the rpc map and stores the RPC number for UNIX RPCs.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: oncRpcNumber
+schemaIDGUID:: 9SVoltkBXEqgEdFa6E76VQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Operating-System,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Operating-System
+attributeID: 1.2.840.113556.1.4.363
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Operating-System
+adminDescription: Operating-System
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: operatingSystem
+schemaFlagsEx: 1
+schemaIDGUID:: JYmXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Operating-System-Hotfix,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Operating-System-Hotfix
+attributeID: 1.2.840.113556.1.4.415
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Operating-System-Hotfix
+adminDescription: Operating-System-Hotfix
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: operatingSystemHotfix
+schemaIDGUID:: PBuVvZac0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Operating-System-Service-Pack,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Operating-System-Service-Pack
+attributeID: 1.2.840.113556.1.4.365
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Operating-System-Service-Pack
+adminDescription: Operating-System-Service-Pack
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: operatingSystemServicePack
+schemaFlagsEx: 1
+schemaIDGUID:: J4mXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Operating-System-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Operating-System-Version
+attributeID: 1.2.840.113556.1.4.364
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Operating-System-Version
+adminDescription: Operating-System-Version
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: operatingSystemVersion
+schemaFlagsEx: 1
+schemaIDGUID:: JomXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Operator-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Operator-Count
+attributeID: 1.2.840.113556.1.4.144
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Operator-Count
+adminDescription: Operator-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: operatorCount
+schemaFlagsEx: 1
+schemaIDGUID:: 7nmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Option-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Option-Description
+attributeID: 1.2.840.113556.1.4.712
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Option-Description
+adminDescription: Option-Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: optionDescription
+schemaIDGUID:: TSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Options,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Options
+attributeID: 1.2.840.113556.1.4.307
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Options
+adminDescription: Options
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: options
+schemaFlagsEx: 1
+schemaIDGUID:: U1oZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Options-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Options-Location
+attributeID: 1.2.840.113556.1.4.713
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Options-Location
+adminDescription: Options-Location
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: optionsLocation
+schemaIDGUID:: Tic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Organization-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Organization-Name
+attributeID: 2.5.4.10
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 33025
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Organization-Name
+adminDescription: Organization-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: o
+schemaFlagsEx: 1
+schemaIDGUID:: 73mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Organizational-Unit-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Organizational-Unit-Name
+attributeID: 2.5.4.11
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 33026
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Organizational-Unit-Name
+adminDescription: Organizational-Unit-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: ou
+schemaFlagsEx: 1
+schemaIDGUID:: 8HmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=organizationalStatus,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: organizationalStatus
+attributeID: 0.9.2342.19200300.100.1.45
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: organizationalStatus
+adminDescription: 
+ The organizationalStatus attribute type specifies a category by which a person
+  is often referred to in an organization.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: organizationalStatus
+schemaIDGUID:: GWBZKElzL02t/1pimWH5Qg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Original-Display-Table,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Original-Display-Table
+attributeID: 1.2.840.113556.1.2.445
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 33027
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Original-Display-Table
+adminDescription: Original-Display-Table
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: originalDisplayTable
+schemaIDGUID:: ziTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Original-Display-Table-MSDOS,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Original-Display-Table-MSDOS
+attributeID: 1.2.840.113556.1.2.214
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 33028
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Original-Display-Table-MSDOS
+adminDescription: Original-Display-Table-MSDOS
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: originalDisplayTableMSDOS
+schemaIDGUID:: zyTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Other-Login-Workstations,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Other-Login-Workstations
+attributeID: 1.2.840.113556.1.4.91
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Other-Login-Workstations
+adminDescription: Other-Login-Workstations
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: otherLoginWorkstations
+schemaIDGUID:: 8XmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Other-Mailbox,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Other-Mailbox
+attributeID: 1.2.840.113556.1.4.651
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Other-Mailbox
+adminDescription: Other-Mailbox
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherMailbox
+schemaIDGUID:: I8GWAtpA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Other-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Other-Name
+attributeID: 2.16.840.1.113730.3.1.34
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Other-Name
+adminDescription: Other-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: middleName
+schemaIDGUID:: 8nmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Other-Well-Known-Objects,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Other-Well-Known-Objects
+attributeID: 1.2.840.113556.1.4.1359
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Other-Well-Known-Objects
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: Other-Well-Known-Objects
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: otherWellKnownObjects
+schemaFlagsEx: 1
+schemaIDGUID:: XU6mHg+s0hGQ3wDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Owner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Owner
+attributeID: 2.5.4.32
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 44
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Owner
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Owner
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: owner
+schemaIDGUID:: 83mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Package-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Package-Flags
+attributeID: 1.2.840.113556.1.4.327
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Package-Flags
+adminDescription: Package-Flags
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: packageFlags
+schemaIDGUID:: mQ5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Package-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Package-Name
+attributeID: 1.2.840.113556.1.4.326
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Package-Name
+adminDescription: Package-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: packageName
+schemaIDGUID:: mA5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Package-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Package-Type
+attributeID: 1.2.840.113556.1.4.324
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Package-Type
+adminDescription: Package-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: packageType
+schemaIDGUID:: lg5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Parent-CA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Parent-CA
+attributeID: 1.2.840.113556.1.4.557
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Parent-CA
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Parent-CA
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: parentCA
+schemaIDGUID:: G4BFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Parent-CA-Certificate-Chain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Parent-CA-Certificate-Chain
+attributeID: 1.2.840.113556.1.4.685
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Parent-CA-Certificate-Chain
+adminDescription: Parent-CA-Certificate-Chain
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: parentCACertificateChain
+schemaIDGUID:: Myc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Parent-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Parent-GUID
+attributeID: 1.2.840.113556.1.4.1224
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Parent-GUID
+adminDescription: Parent-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: parentGUID
+schemaFlagsEx: 1
+schemaIDGUID:: dA35LZ8A0hGqTADAT9fYOg==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Partial-Attribute-Deletion-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Partial-Attribute-Deletion-List
+attributeID: 1.2.840.113556.1.4.663
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Partial-Attribute-Deletion-List
+adminDescription: Partial-Attribute-Deletion-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: partialAttributeDeletionList
+schemaFlagsEx: 1
+schemaIDGUID:: wA5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Partial-Attribute-Set,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Partial-Attribute-Set
+attributeID: 1.2.840.113556.1.4.640
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Partial-Attribute-Set
+adminDescription: Partial-Attribute-Set
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: partialAttributeSet
+schemaFlagsEx: 1
+schemaIDGUID:: nltAGfo80RGpwAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pek-Key-Change-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pek-Key-Change-Interval
+attributeID: 1.2.840.113556.1.4.866
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pek-Key-Change-Interval
+adminDescription: Pek-Key-Change-Interval
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: pekKeyChangeInterval
+schemaIDGUID:: hDA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pek-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pek-List
+attributeID: 1.2.840.113556.1.4.865
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pek-List
+adminDescription: Pek-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pekList
+schemaFlagsEx: 1
+schemaIDGUID:: gzA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pending-CA-Certificates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pending-CA-Certificates
+attributeID: 1.2.840.113556.1.4.693
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pending-CA-Certificates
+adminDescription: Pending-CA-Certificates
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pendingCACertificates
+schemaIDGUID:: PCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pending-Parent-CA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pending-Parent-CA
+attributeID: 1.2.840.113556.1.4.695
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pending-Parent-CA
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Pending-Parent-CA
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: pendingParentCA
+schemaIDGUID:: Pic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Per-Msg-Dialog-Display-Table,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Per-Msg-Dialog-Display-Table
+attributeID: 1.2.840.113556.1.2.325
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 33032
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Per-Msg-Dialog-Display-Table
+adminDescription: Per-Msg-Dialog-Display-Table
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: perMsgDialogDisplayTable
+schemaIDGUID:: 0yTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Per-Recip-Dialog-Display-Table,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Per-Recip-Dialog-Display-Table
+attributeID: 1.2.840.113556.1.2.326
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 33033
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Per-Recip-Dialog-Display-Table
+adminDescription: Per-Recip-Dialog-Display-Table
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: perRecipDialogDisplayTable
+schemaIDGUID:: 1CTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Personal-Title,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Personal-Title
+attributeID: 1.2.840.113556.1.2.615
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35947
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Personal-Title
+adminDescription: Personal-Title
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: personalTitle
+schemaIDGUID:: WFh3FvNH0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Fax-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Fax-Other
+attributeID: 1.2.840.113556.1.4.646
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Fax-Other
+adminDescription: Phone-Fax-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherFacsimileTelephoneNumber
+schemaIDGUID:: HcGWAtpA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Home-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Home-Other
+attributeID: 1.2.840.113556.1.2.277
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14895
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Home-Other
+adminDescription: Phone-Home-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherHomePhone
+schemaIDGUID:: ov/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Home-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Home-Primary
+attributeID: 0.9.2342.19200300.100.1.20
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14857
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Home-Primary
+adminDescription: Phone-Home-Primary
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: homePhone
+schemaIDGUID:: of/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Ip-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Ip-Other
+attributeID: 1.2.840.113556.1.4.722
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Ip-Other
+adminDescription: Phone-Ip-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherIpPhone
+schemaIDGUID:: S24UTdRI0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Ip-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Ip-Primary
+attributeID: 1.2.840.113556.1.4.721
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Ip-Primary
+adminDescription: Phone-Ip-Primary
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ipPhone
+schemaIDGUID:: Sm4UTdRI0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-ISDN-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-ISDN-Primary
+attributeID: 1.2.840.113556.1.4.649
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-ISDN-Primary
+adminDescription: Phone-ISDN-Primary
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: primaryInternationalISDNNumber
+schemaIDGUID:: H8GWAtpA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Mobile-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Mobile-Other
+attributeID: 1.2.840.113556.1.4.647
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Mobile-Other
+adminDescription: Phone-Mobile-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherMobile
+schemaIDGUID:: HsGWAtpA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Mobile-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Mobile-Primary
+attributeID: 0.9.2342.19200300.100.1.41
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14876
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Mobile-Primary
+adminDescription: Phone-Mobile-Primary
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mobile
+schemaIDGUID:: o//48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Office-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Office-Other
+attributeID: 1.2.840.113556.1.2.18
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14875
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Office-Other
+adminDescription: Phone-Office-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherTelephone
+schemaIDGUID:: pf/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Pager-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Pager-Other
+attributeID: 1.2.840.113556.1.2.118
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35950
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Pager-Other
+adminDescription: Phone-Pager-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherPager
+schemaIDGUID:: pP/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Pager-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Pager-Primary
+attributeID: 0.9.2342.19200300.100.1.42
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14881
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Pager-Primary
+adminDescription: Phone-Pager-Primary
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: pager
+schemaIDGUID:: pv/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=photo,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: photo
+attributeID: 0.9.2342.19200300.100.1.7
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: photo
+adminDescription: 
+ An object encoded in G3 fax as explained in recommendation T.4, with an ASN.1 
+ wrapper to make it compatible with an X.400 BodyPart as defined in X.420.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: photo
+schemaIDGUID:: aJeXnBq6CEyWMsalwe1kmg==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Physical-Delivery-Office-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Physical-Delivery-Office-Name
+attributeID: 2.5.4.19
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 14873
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Physical-Delivery-Office-Name
+adminDescription: Physical-Delivery-Office-Name
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: physicalDeliveryOfficeName
+schemaIDGUID:: 93mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Physical-Location-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Physical-Location-Object
+attributeID: 1.2.840.113556.1.4.514
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Physical-Location-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Physical-Location-Object
+oMSyntax: 127
+searchFlags: 1
+lDAPDisplayName: physicalLocationObject
+schemaIDGUID:: GTGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Picture,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Picture
+attributeID: 2.16.840.1.113730.3.1.35
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 102400
+mAPIID: 35998
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Picture
+adminDescription: Picture
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: thumbnailPhoto
+schemaIDGUID:: UMo7jX4d0BGggQCqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Critical-Extensions,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Critical-Extensions
+attributeID: 1.2.840.113556.1.4.1330
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Critical-Extensions
+adminDescription: PKI-Critical-Extensions
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: pKICriticalExtensions
+schemaIDGUID:: BpFa/J070hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Default-CSPs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Default-CSPs
+attributeID: 1.2.840.113556.1.4.1334
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Default-CSPs
+adminDescription: PKI-Default-CSPs
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: pKIDefaultCSPs
+schemaIDGUID:: bjP2Hp470hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Default-Key-Spec,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Default-Key-Spec
+attributeID: 1.2.840.113556.1.4.1327
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Default-Key-Spec
+adminDescription: PKI-Default-Key-Spec
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: pKIDefaultKeySpec
+schemaIDGUID:: bq5sQp070hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Enrollment-Access,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Enrollment-Access
+attributeID: 1.2.840.113556.1.4.1335
+attributeSyntax: 2.5.5.15
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Enrollment-Access
+adminDescription: PKI-Enrollment-Access
+oMSyntax: 66
+searchFlags: 0
+lDAPDisplayName: pKIEnrollmentAccess
+schemaIDGUID:: eOJrkvlW0hGQ0ADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Expiration-Period,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Expiration-Period
+attributeID: 1.2.840.113556.1.4.1331
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Expiration-Period
+adminDescription: PKI-Expiration-Period
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pKIExpirationPeriod
+schemaIDGUID:: 0nAVBJ470hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Extended-Key-Usage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Extended-Key-Usage
+attributeID: 1.2.840.113556.1.4.1333
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Extended-Key-Usage
+adminDescription: PKI-Extended-Key-Usage
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: pKIExtendedKeyUsage
+schemaIDGUID:: 9mqXGJ470hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Key-Usage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Key-Usage
+attributeID: 1.2.840.113556.1.4.1328
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Key-Usage
+adminDescription: PKI-Key-Usage
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pKIKeyUsage
+schemaIDGUID:: fqiw6Z070hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Max-Issuing-Depth,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Max-Issuing-Depth
+attributeID: 1.2.840.113556.1.4.1329
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Max-Issuing-Depth
+adminDescription: PKI-Max-Issuing-Depth
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: pKIMaxIssuingDepth
+schemaIDGUID:: +t6/8J070hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Overlap-Period,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Overlap-Period
+attributeID: 1.2.840.113556.1.4.1332
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Overlap-Period
+adminDescription: PKI-Overlap-Period
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pKIOverlapPeriod
+schemaIDGUID:: 7KMZEp470hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKT,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKT
+attributeID: 1.2.840.113556.1.4.206
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 10485760
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKT
+adminDescription: PKT
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pKT
+schemaIDGUID:: 8flHhCcQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKT-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKT-Guid
+attributeID: 1.2.840.113556.1.4.205
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKT-Guid
+adminDescription: PKT-Guid
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pKTGuid
+schemaIDGUID:: 8PlHhCcQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Policy-Replication-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Policy-Replication-Flags
+attributeID: 1.2.840.113556.1.4.633
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Policy-Replication-Flags
+adminDescription: Policy-Replication-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: policyReplicationFlags
+schemaIDGUID:: lltAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Port-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Port-Name
+attributeID: 1.2.840.113556.1.4.228
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Port-Name
+adminDescription: Port-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: portName
+schemaIDGUID:: xBYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Poss-Superiors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Poss-Superiors
+attributeID: 1.2.840.113556.1.2.8
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Poss-Superiors
+adminDescription: Poss-Superiors
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: possSuperiors
+schemaFlagsEx: 1
+schemaIDGUID:: +nmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Possible-Inferiors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Possible-Inferiors
+attributeID: 1.2.840.113556.1.4.915
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Possible-Inferiors
+adminDescription: Possible-Inferiors
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: possibleInferiors
+schemaFlagsEx: 1
+schemaIDGUID:: TNl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Post-Office-Box,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Post-Office-Box
+attributeID: 2.5.4.18
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 40
+mAPIID: 14891
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Post-Office-Box
+adminDescription: Post-Office-Box
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: postOfficeBox
+schemaIDGUID:: +3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Postal-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Postal-Address
+attributeID: 2.5.4.16
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 4096
+mAPIID: 33036
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Postal-Address
+adminDescription: Postal-Address
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: postalAddress
+schemaIDGUID:: /HmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Postal-Code,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Postal-Code
+attributeID: 2.5.4.17
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 40
+mAPIID: 14890
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Postal-Code
+adminDescription: Postal-Code
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: postalCode
+schemaIDGUID:: /XmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Preferred-Delivery-Method,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Preferred-Delivery-Method
+attributeID: 2.5.4.28
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+mAPIID: 33037
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Preferred-Delivery-Method
+adminDescription: Preferred-Delivery-Method
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: preferredDeliveryMethod
+schemaIDGUID:: /nmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Preferred-OU,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Preferred-OU
+attributeID: 1.2.840.113556.1.4.97
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Preferred-OU
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Preferred-OU
+oMSyntax: 127
+searchFlags: 16
+lDAPDisplayName: preferredOU
+schemaIDGUID:: /3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=preferredLanguage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: preferredLanguage
+attributeID: 2.16.840.1.113730.3.1.39
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: preferredLanguage
+adminDescription: The preferred written or spoken language for a person.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: preferredLanguage
+schemaIDGUID:: 0OBrhecY4UaPX37k2QIODQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Prefix-Map,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Prefix-Map
+attributeID: 1.2.840.113556.1.4.538
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Prefix-Map
+adminDescription: Prefix-Map
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: prefixMap
+schemaFlagsEx: 1
+schemaIDGUID:: IoBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Presentation-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Presentation-Address
+attributeID: 2.5.4.29
+attributeSyntax: 2.5.5.13
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Presentation-Address
+oMObjectClass:: KwwCh3McAIVc
+adminDescription: Presentation-Address
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: presentationAddress
+schemaIDGUID:: S3TfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Previous-CA-Certificates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Previous-CA-Certificates
+attributeID: 1.2.840.113556.1.4.692
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Previous-CA-Certificates
+adminDescription: Previous-CA-Certificates
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: previousCACertificates
+schemaIDGUID:: OSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Previous-Parent-CA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Previous-Parent-CA
+attributeID: 1.2.840.113556.1.4.694
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Previous-Parent-CA
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Previous-Parent-CA
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: previousParentCA
+schemaIDGUID:: PSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Primary-Group-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Primary-Group-ID
+attributeID: 1.2.840.113556.1.4.98
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Primary-Group-ID
+adminDescription: Primary-Group-ID
+oMSyntax: 2
+searchFlags: 17
+lDAPDisplayName: primaryGroupID
+schemaFlagsEx: 1
+schemaIDGUID:: AHqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Primary-Group-Token,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Primary-Group-Token
+attributeID: 1.2.840.113556.1.4.1412
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Primary-Group-Token
+adminDescription: Primary-Group-Token
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: primaryGroupToken
+schemaFlagsEx: 1
+schemaIDGUID:: OIftwP1+gUSE2WbS24vjaQ==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Attributes
+attributeID: 1.2.840.113556.1.4.247
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Attributes
+adminDescription: Print-Attributes
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printAttributes
+schemaIDGUID:: 1xYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Bin-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Bin-Names
+attributeID: 1.2.840.113556.1.4.237
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Bin-Names
+adminDescription: Print-Bin-Names
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printBinNames
+schemaIDGUID:: zRYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Collate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Collate
+attributeID: 1.2.840.113556.1.4.242
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Collate
+adminDescription: Print-Collate
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: printCollate
+schemaIDGUID:: 0hYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Color,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Color
+attributeID: 1.2.840.113556.1.4.243
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Color
+adminDescription: Print-Color
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: printColor
+schemaIDGUID:: 0xYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Duplex-Supported,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Duplex-Supported
+attributeID: 1.2.840.113556.1.4.1311
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Duplex-Supported
+adminDescription: Print-Duplex-Supported
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: printDuplexSupported
+schemaIDGUID:: zBYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-End-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-End-Time
+attributeID: 1.2.840.113556.1.4.234
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-End-Time
+adminDescription: Print-End-Time
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printEndTime
+schemaIDGUID:: yhYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Form-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Form-Name
+attributeID: 1.2.840.113556.1.4.235
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Form-Name
+adminDescription: Print-Form-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printFormName
+schemaIDGUID:: yxYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Keep-Printed-Jobs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Keep-Printed-Jobs
+attributeID: 1.2.840.113556.1.4.275
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Keep-Printed-Jobs
+adminDescription: Print-Keep-Printed-Jobs
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: printKeepPrintedJobs
+schemaIDGUID:: bV8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Language,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Language
+attributeID: 1.2.840.113556.1.4.246
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Language
+adminDescription: Print-Language
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printLanguage
+schemaIDGUID:: 1hYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-MAC-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-MAC-Address
+attributeID: 1.2.840.113556.1.4.288
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-MAC-Address
+adminDescription: Print-MAC-Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printMACAddress
+schemaIDGUID:: el8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Max-Copies,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Max-Copies
+attributeID: 1.2.840.113556.1.4.241
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Max-Copies
+adminDescription: Print-Max-Copies
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMaxCopies
+schemaIDGUID:: 0RYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Max-Resolution-Supported,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Max-Resolution-Supported
+attributeID: 1.2.840.113556.1.4.238
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Max-Resolution-Supported
+adminDescription: Print-Max-Resolution-Supported
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMaxResolutionSupported
+schemaIDGUID:: zxYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Max-X-Extent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Max-X-Extent
+attributeID: 1.2.840.113556.1.4.277
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Max-X-Extent
+adminDescription: Print-Max-X-Extent
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMaxXExtent
+schemaIDGUID:: b18wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Max-Y-Extent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Max-Y-Extent
+attributeID: 1.2.840.113556.1.4.278
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Max-Y-Extent
+adminDescription: Print-Max-Y-Extent
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMaxYExtent
+schemaIDGUID:: cF8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Media-Ready,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Media-Ready
+attributeID: 1.2.840.113556.1.4.289
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Media-Ready
+adminDescription: Print-Media-Ready
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printMediaReady
+schemaIDGUID:: 9fzLOz1N0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Media-Supported,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Media-Supported
+attributeID: 1.2.840.113556.1.4.299
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Media-Supported
+adminDescription: Print-Media-Supported
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printMediaSupported
+schemaIDGUID:: bylLJL1a0BGv0gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Memory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Memory
+attributeID: 1.2.840.113556.1.4.282
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Memory
+adminDescription: Print-Memory
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMemory
+schemaIDGUID:: dF8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Min-X-Extent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Min-X-Extent
+attributeID: 1.2.840.113556.1.4.279
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Min-X-Extent
+adminDescription: Print-Min-X-Extent
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMinXExtent
+schemaIDGUID:: cV8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Min-Y-Extent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Min-Y-Extent
+attributeID: 1.2.840.113556.1.4.280
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Min-Y-Extent
+adminDescription: Print-Min-Y-Extent
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMinYExtent
+schemaIDGUID:: cl8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Network-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Network-Address
+attributeID: 1.2.840.113556.1.4.287
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Network-Address
+adminDescription: Print-Network-Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printNetworkAddress
+schemaIDGUID:: eV8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Notify,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Notify
+attributeID: 1.2.840.113556.1.4.272
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Notify
+adminDescription: Print-Notify
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printNotify
+schemaIDGUID:: al8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Number-Up,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Number-Up
+attributeID: 1.2.840.113556.1.4.290
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Number-Up
+adminDescription: Print-Number-Up
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printNumberUp
+schemaIDGUID:: 9PzLOz1N0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Orientations-Supported,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Orientations-Supported
+attributeID: 1.2.840.113556.1.4.240
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Orientations-Supported
+adminDescription: Print-Orientations-Supported
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printOrientationsSupported
+schemaIDGUID:: 0BYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Owner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Owner
+attributeID: 1.2.840.113556.1.4.271
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Owner
+adminDescription: Print-Owner
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printOwner
+schemaIDGUID:: aV8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Pages-Per-Minute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Pages-Per-Minute
+attributeID: 1.2.840.113556.1.4.631
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Pages-Per-Minute
+adminDescription: Print-Pages-Per-Minute
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printPagesPerMinute
+schemaIDGUID:: l1tAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Rate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Rate
+attributeID: 1.2.840.113556.1.4.285
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Rate
+adminDescription: Print-Rate
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printRate
+schemaIDGUID:: d18wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Rate-Unit,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Rate-Unit
+attributeID: 1.2.840.113556.1.4.286
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Rate-Unit
+adminDescription: Print-Rate-Unit
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printRateUnit
+schemaIDGUID:: eF8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Separator-File,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Separator-File
+attributeID: 1.2.840.113556.1.4.230
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Separator-File
+adminDescription: Print-Separator-File
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printSeparatorFile
+schemaIDGUID:: xhYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Share-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Share-Name
+attributeID: 1.2.840.113556.1.4.270
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Share-Name
+adminDescription: Print-Share-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printShareName
+schemaIDGUID:: aF8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Spooling,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Spooling
+attributeID: 1.2.840.113556.1.4.274
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Spooling
+adminDescription: Print-Spooling
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printSpooling
+schemaIDGUID:: bF8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Stapling-Supported,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Stapling-Supported
+attributeID: 1.2.840.113556.1.4.281
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Stapling-Supported
+adminDescription: Print-Stapling-Supported
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: printStaplingSupported
+schemaIDGUID:: c18wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Start-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Start-Time
+attributeID: 1.2.840.113556.1.4.233
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Start-Time
+adminDescription: Print-Start-Time
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printStartTime
+schemaIDGUID:: yRYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Status,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Status
+attributeID: 1.2.840.113556.1.4.273
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Status
+adminDescription: Print-Status
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printStatus
+schemaIDGUID:: a18wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Printer-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Printer-Name
+attributeID: 1.2.840.113556.1.4.300
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Printer-Name
+adminDescription: Printer-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printerName
+schemaIDGUID:: bilLJL1a0BGv0gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Prior-Set-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Prior-Set-Time
+attributeID: 1.2.840.113556.1.4.99
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Prior-Set-Time
+adminDescription: Prior-Set-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: priorSetTime
+schemaFlagsEx: 1
+schemaIDGUID:: AXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Prior-Value,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Prior-Value
+attributeID: 1.2.840.113556.1.4.100
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Prior-Value
+adminDescription: Prior-Value
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: priorValue
+schemaFlagsEx: 1
+schemaIDGUID:: AnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Priority
+attributeID: 1.2.840.113556.1.4.231
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Priority
+adminDescription: Priority
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: priority
+schemaIDGUID:: xxYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Private-Key,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Private-Key
+attributeID: 1.2.840.113556.1.4.101
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Private-Key
+adminDescription: Private-Key
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: privateKey
+schemaFlagsEx: 1
+schemaIDGUID:: A3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Privilege-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Privilege-Attributes
+attributeID: 1.2.840.113556.1.4.636
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Privilege-Attributes
+adminDescription: Privilege-Attributes
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: privilegeAttributes
+schemaIDGUID:: mltAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Privilege-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Privilege-Display-Name
+attributeID: 1.2.840.113556.1.4.634
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Privilege-Display-Name
+adminDescription: Privilege-Display-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: privilegeDisplayName
+schemaIDGUID:: mFtAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Privilege-Holder,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Privilege-Holder
+attributeID: 1.2.840.113556.1.4.637
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 70
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Privilege-Holder
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Privilege-Holder
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: privilegeHolder
+schemaIDGUID:: m1tAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Privilege-Value,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Privilege-Value
+attributeID: 1.2.840.113556.1.4.635
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Privilege-Value
+adminDescription: Privilege-Value
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: privilegeValue
+schemaIDGUID:: mVtAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Product-Code,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Product-Code
+attributeID: 1.2.840.113556.1.4.818
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Product-Code
+adminDescription: Product-Code
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: productCode
+schemaIDGUID:: F4Ph2TmJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Profile-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Profile-Path
+attributeID: 1.2.840.113556.1.4.139
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Profile-Path
+adminDescription: Profile-Path
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: profilePath
+schemaFlagsEx: 1
+schemaIDGUID:: BXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Proxied-Object-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Proxied-Object-Name
+attributeID: 1.2.840.113556.1.4.1249
+attributeSyntax: 2.5.5.7
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Proxied-Object-Name
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: Proxied-Object-Name
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: proxiedObjectName
+schemaFlagsEx: 1
+schemaIDGUID:: AqSu4VvN0BGv/wAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Proxy-Addresses,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Proxy-Addresses
+attributeID: 1.2.840.113556.1.2.210
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 1123
+mAPIID: 32783
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Proxy-Addresses
+adminDescription: Proxy-Addresses
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: proxyAddresses
+schemaFlagsEx: 1
+schemaIDGUID:: BnqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Proxy-Generation-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Proxy-Generation-Enabled
+attributeID: 1.2.840.113556.1.2.523
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+mAPIID: 33201
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Proxy-Generation-Enabled
+adminDescription: Proxy-Generation-Enabled
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: proxyGenerationEnabled
+schemaIDGUID:: 1iTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Proxy-Lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Proxy-Lifetime
+attributeID: 1.2.840.113556.1.4.103
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Proxy-Lifetime
+adminDescription: Proxy-Lifetime
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: proxyLifetime
+schemaFlagsEx: 1
+schemaIDGUID:: B3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Public-Key-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Public-Key-Policy
+attributeID: 1.2.840.113556.1.4.420
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Public-Key-Policy
+adminDescription: Public-Key-Policy
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: publicKeyPolicy
+schemaIDGUID:: KH6mgCKf0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: /YmboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Purported-Search,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Purported-Search
+attributeID: 1.2.840.113556.1.4.886
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Purported-Search
+adminDescription: Purported-Search
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: purportedSearch
+schemaIDGUID:: UE61tDqU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pwd-History-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pwd-History-Length
+attributeID: 1.2.840.113556.1.4.95
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pwd-History-Length
+adminDescription: Pwd-History-Length
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: pwdHistoryLength
+schemaFlagsEx: 1
+schemaIDGUID:: CXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pwd-Last-Set,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pwd-Last-Set
+attributeID: 1.2.840.113556.1.4.96
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pwd-Last-Set
+adminDescription: Pwd-Last-Set
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: pwdLastSet
+schemaFlagsEx: 1
+schemaIDGUID:: CnqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pwd-Properties,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pwd-Properties
+attributeID: 1.2.840.113556.1.4.93
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pwd-Properties
+adminDescription: Pwd-Properties
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: pwdProperties
+schemaFlagsEx: 1
+schemaIDGUID:: C3qWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Quality-Of-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Quality-Of-Service
+attributeID: 1.2.840.113556.1.4.458
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Quality-Of-Service
+adminDescription: Quality-Of-Service
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: qualityOfService
+schemaIDGUID:: Tn6mgCKf0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: AYqboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Query-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Query-Filter
+attributeID: 1.2.840.113556.1.4.1355
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Query-Filter
+adminDescription: Query-Filter
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: queryFilter
+schemaIDGUID:: Jgr3y3h+0hGZIQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Query-Policy-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Query-Policy-BL
+attributeID: 1.2.840.113556.1.4.608
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 69
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Query-Policy-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Query-Policy-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: queryPolicyBL
+schemaIDGUID:: BKSu4VvN0BGv/wAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Query-Policy-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Query-Policy-Object
+attributeID: 1.2.840.113556.1.4.607
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 68
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Query-Policy-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Query-Policy-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: queryPolicyObject
+schemaFlagsEx: 1
+schemaIDGUID:: A6Su4VvN0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=QueryPoint,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: QueryPoint
+attributeID: 1.2.840.113556.1.4.680
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: QueryPoint
+adminDescription: QueryPoint
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: queryPoint
+schemaIDGUID:: hsv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Range-Lower,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Range-Lower
+attributeID: 1.2.840.113556.1.2.34
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 33043
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Range-Lower
+adminDescription: Range-Lower
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: rangeLower
+schemaFlagsEx: 1
+schemaIDGUID:: DHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Range-Upper,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Range-Upper
+attributeID: 1.2.840.113556.1.2.35
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 33044
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Range-Upper
+adminDescription: Range-Upper
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: rangeUpper
+schemaFlagsEx: 1
+schemaIDGUID:: DXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RDN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RDN
+attributeID: 1.2.840.113556.1.4.1
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 255
+mAPIID: 33282
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RDN
+adminDescription: RDN
+oMSyntax: 64
+searchFlags: 13
+lDAPDisplayName: name
+schemaFlagsEx: 1
+schemaIDGUID:: DnqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RDN-Att-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RDN-Att-ID
+attributeID: 1.2.840.113556.1.2.26
+attributeSyntax: 2.5.5.2
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RDN-Att-ID
+adminDescription: RDN-Att-ID
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: rDNAttID
+schemaFlagsEx: 1
+schemaIDGUID:: D3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Registered-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Registered-Address
+attributeID: 2.5.4.26
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 4096
+mAPIID: 33049
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Registered-Address
+adminDescription: Registered-Address
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: registeredAddress
+schemaIDGUID:: EHqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Server-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Remote-Server-Name
+attributeID: 1.2.840.113556.1.4.105
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Remote-Server-Name
+adminDescription: Remote-Server-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: remoteServerName
+schemaIDGUID:: EnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Source,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Remote-Source
+attributeID: 1.2.840.113556.1.4.107
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Remote-Source
+adminDescription: Remote-Source
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: remoteSource
+schemaIDGUID:: FHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Source-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Remote-Source-Type
+attributeID: 1.2.840.113556.1.4.108
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Remote-Source-Type
+adminDescription: Remote-Source-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: remoteSourceType
+schemaIDGUID:: FXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Storage-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Remote-Storage-GUID
+attributeID: 1.2.840.113556.1.4.809
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Remote-Storage-GUID
+adminDescription: Remote-Storage-GUID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: remoteStorageGUID
+schemaIDGUID:: sMU5KmCJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Repl-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Repl-Interval
+attributeID: 1.2.840.113556.1.4.1336
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Repl-Interval
+adminDescription: Repl-Interval
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: replInterval
+schemaFlagsEx: 1
+schemaIDGUID:: Gp26RfpW0hGQ0ADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Repl-Property-Meta-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Repl-Property-Meta-Data
+attributeID: 1.2.840.113556.1.4.3
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Repl-Property-Meta-Data
+adminDescription: Repl-Property-Meta-Data
+oMSyntax: 4
+searchFlags: 8
+lDAPDisplayName: replPropertyMetaData
+schemaFlagsEx: 1
+schemaIDGUID:: wBYUKGgZ0BGijwCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 27
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Repl-Topology-Stay-Of-Execution,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Repl-Topology-Stay-Of-Execution
+attributeID: 1.2.840.113556.1.4.677
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Repl-Topology-Stay-Of-Execution
+adminDescription: Repl-Topology-Stay-Of-Execution
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: replTopologyStayOfExecution
+schemaFlagsEx: 1
+schemaIDGUID:: g8v9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Repl-UpToDate-Vector,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Repl-UpToDate-Vector
+attributeID: 1.2.840.113556.1.4.4
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Repl-UpToDate-Vector
+adminDescription: Repl-UpToDate-Vector
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: replUpToDateVector
+schemaFlagsEx: 1
+schemaIDGUID:: FnqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Replica-Source,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Replica-Source
+attributeID: 1.2.840.113556.1.4.109
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Replica-Source
+adminDescription: Replica-Source
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: replicaSource
+schemaIDGUID:: GHqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Reports,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Reports
+attributeID: 1.2.840.113556.1.2.436
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 32782
+linkID: 43
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Reports
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Reports
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: directReports
+schemaIDGUID:: HHqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Reps-From,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Reps-From
+attributeID: 1.2.840.113556.1.2.91
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Reps-From
+oMObjectClass:: KoZIhvcUAQEBBg==
+adminDescription: Reps-From
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: repsFrom
+schemaFlagsEx: 1
+schemaIDGUID:: HXqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Reps-To,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Reps-To
+attributeID: 1.2.840.113556.1.2.83
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Reps-To
+oMObjectClass:: KoZIhvcUAQEBBg==
+adminDescription: Reps-To
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: repsTo
+schemaFlagsEx: 1
+schemaIDGUID:: HnqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Required-Categories,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Required-Categories
+attributeID: 1.2.840.113556.1.4.321
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Required-Categories
+adminDescription: Required-Categories
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: requiredCategories
+schemaIDGUID:: kw5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Retired-Repl-DSA-Signatures,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Retired-Repl-DSA-Signatures
+attributeID: 1.2.840.113556.1.4.673
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Retired-Repl-DSA-Signatures
+adminDescription: Retired-Repl-DSA-Signatures
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: retiredReplDSASignatures
+schemaFlagsEx: 1
+schemaIDGUID:: f8v9ewdI0RGpwwAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Revision,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Revision
+attributeID: 1.2.840.113556.1.4.145
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Revision
+adminDescription: Revision
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: revision
+schemaFlagsEx: 1
+schemaIDGUID:: IXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Rid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Rid
+attributeID: 1.2.840.113556.1.4.153
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Rid
+adminDescription: Rid
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: rid
+schemaFlagsEx: 1
+schemaIDGUID:: InqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Allocation-Pool,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Allocation-Pool
+attributeID: 1.2.840.113556.1.4.371
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Allocation-Pool
+adminDescription: RID-Allocation-Pool
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: rIDAllocationPool
+schemaFlagsEx: 1
+schemaIDGUID:: iRgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Available-Pool,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Available-Pool
+attributeID: 1.2.840.113556.1.4.370
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Available-Pool
+adminDescription: RID-Available-Pool
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: rIDAvailablePool
+schemaFlagsEx: 1
+schemaIDGUID:: iBgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Manager-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Manager-Reference
+attributeID: 1.2.840.113556.1.4.368
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Manager-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: RID-Manager-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: rIDManagerReference
+schemaFlagsEx: 1
+schemaIDGUID:: hhgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Next-RID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Next-RID
+attributeID: 1.2.840.113556.1.4.374
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Next-RID
+adminDescription: RID-Next-RID
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: rIDNextRID
+schemaFlagsEx: 1
+schemaIDGUID:: jBgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Previous-Allocation-Pool,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Previous-Allocation-Pool
+attributeID: 1.2.840.113556.1.4.372
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Previous-Allocation-Pool
+adminDescription: RID-Previous-Allocation-Pool
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: rIDPreviousAllocationPool
+schemaFlagsEx: 1
+schemaIDGUID:: ihgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Set-References,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Set-References
+attributeID: 1.2.840.113556.1.4.669
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Set-References
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: RID-Set-References
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: rIDSetReferences
+schemaFlagsEx: 1
+schemaIDGUID:: e8v9ewdI0RGpwwAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Used-Pool,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Used-Pool
+attributeID: 1.2.840.113556.1.4.373
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Used-Pool
+adminDescription: RID-Used-Pool
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: rIDUsedPool
+schemaFlagsEx: 1
+schemaIDGUID:: ixgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Rights-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Rights-Guid
+attributeID: 1.2.840.113556.1.4.340
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Rights-Guid
+adminDescription: Rights-Guid
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: rightsGuid
+schemaFlagsEx: 1
+schemaIDGUID:: HJOXgtOG0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Role-Occupant,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Role-Occupant
+attributeID: 2.5.4.33
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 33061
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Role-Occupant
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Role-Occupant
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: roleOccupant
+schemaIDGUID:: ZXTfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=roomNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: roomNumber
+attributeID: 0.9.2342.19200300.100.1.6
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: roomNumber
+adminDescription: The room number of an object.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: roomNumber
+schemaIDGUID:: wvjXgSfjDUqRxrQtQAkRXw==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Root-Trust,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Root-Trust
+attributeID: 1.2.840.113556.1.4.674
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Root-Trust
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Root-Trust
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: rootTrust
+schemaFlagsEx: 1
+schemaIDGUID:: gMv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Annotation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Annotation
+attributeID: 1.2.840.113556.1.4.366
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Annotation
+adminDescription: rpc-Ns-Annotation
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: rpcNsAnnotation
+schemaIDGUID:: 3hthiPSM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Bindings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Bindings
+attributeID: 1.2.840.113556.1.4.113
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Bindings
+adminDescription: rpc-Ns-Bindings
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: rpcNsBindings
+schemaIDGUID:: I3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Codeset,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Codeset
+attributeID: 1.2.840.113556.1.4.367
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Codeset
+adminDescription: rpc-Ns-Codeset
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: rpcNsCodeset
+schemaIDGUID:: 4KALepiO0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Entry-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Entry-Flags
+attributeID: 1.2.840.113556.1.4.754
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Entry-Flags
+adminDescription: rpc-Ns-Entry-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: rpcNsEntryFlags
+schemaIDGUID:: QSghgNxL0RGpxAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Group
+attributeID: 1.2.840.113556.1.4.114
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Group
+adminDescription: rpc-Ns-Group
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: rpcNsGroup
+schemaIDGUID:: JHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Interface-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Interface-ID
+attributeID: 1.2.840.113556.1.4.115
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Interface-ID
+adminDescription: rpc-Ns-Interface-ID
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: rpcNsInterfaceID
+schemaIDGUID:: JXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Object-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Object-ID
+attributeID: 1.2.840.113556.1.4.312
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Object-ID
+adminDescription: rpc-Ns-Object-ID
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: rpcNsObjectID
+schemaIDGUID:: SBxAKSd60BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Priority
+attributeID: 1.2.840.113556.1.4.117
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Priority
+adminDescription: rpc-Ns-Priority
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: rpcNsPriority
+schemaIDGUID:: J3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Profile-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Profile-Entry
+attributeID: 1.2.840.113556.1.4.118
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Profile-Entry
+adminDescription: rpc-Ns-Profile-Entry
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: rpcNsProfileEntry
+schemaIDGUID:: KHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Transfer-Syntax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Transfer-Syntax
+attributeID: 1.2.840.113556.1.4.314
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Transfer-Syntax
+adminDescription: rpc-Ns-Transfer-Syntax
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: rpcNsTransferSyntax
+schemaIDGUID:: ShxAKSd60BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SAM-Account-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SAM-Account-Name
+attributeID: 1.2.840.113556.1.4.221
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SAM-Account-Name
+adminDescription: SAM-Account-Name
+oMSyntax: 64
+searchFlags: 13
+lDAPDisplayName: sAMAccountName
+schemaFlagsEx: 1
+schemaIDGUID:: 0L8KPmoS0BGgYACqAGwz7Q==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SAM-Account-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SAM-Account-Type
+attributeID: 1.2.840.113556.1.4.302
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SAM-Account-Type
+adminDescription: SAM-Account-Type
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: sAMAccountType
+schemaFlagsEx: 1
+schemaIDGUID:: bGJ7bvJk0BGv0gDAT9kwyQ==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SAM-Domain-Updates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SAM-Domain-Updates
+attributeID: 1.2.840.113556.1.4.1969
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SAM-Domain-Updates
+adminDescription: 
+ Contains a bitmask of performed SAM operations on active directory
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: samDomainUpdates
+schemaFlagsEx: 1
+schemaIDGUID:: FNHSBJn3m0683JDo9bp+vg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Schedule,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Schedule
+attributeID: 1.2.840.113556.1.4.211
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Schedule
+adminDescription: Schedule
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: schedule
+schemaFlagsEx: 1
+schemaIDGUID:: JCJx3eQQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Schema-Flags-Ex,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Schema-Flags-Ex
+attributeID: 1.2.840.113556.1.4.120
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Schema-Flags-Ex
+adminDescription: Schema-Flags-Ex
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: schemaFlagsEx
+schemaFlagsEx: 1
+schemaIDGUID:: K3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Schema-ID-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Schema-ID-GUID
+attributeID: 1.2.840.113556.1.4.148
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Schema-ID-GUID
+adminDescription: Schema-ID-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: schemaIDGUID
+schemaFlagsEx: 1
+schemaIDGUID:: I3mWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Schema-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Schema-Info
+attributeID: 1.2.840.113556.1.4.1358
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Schema-Info
+adminDescription: Schema-Info
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: schemaInfo
+schemaFlagsEx: 1
+schemaIDGUID:: rmT7+bST0hGZRQAA+HpX1A==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Schema-Update,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Schema-Update
+attributeID: 1.2.840.113556.1.4.481
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Schema-Update
+adminDescription: Schema-Update
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: schemaUpdate
+schemaIDGUID:: tAYtHo+s0BGv4wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Schema-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Schema-Version
+attributeID: 1.2.840.113556.1.2.471
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+mAPIID: 33148
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Schema-Version
+adminDescription: Schema-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: schemaVersion
+schemaIDGUID:: LHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Scope-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Scope-Flags
+attributeID: 1.2.840.113556.1.4.1354
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Scope-Flags
+adminDescription: Scope-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: scopeFlags
+schemaIDGUID:: wqTzFnl+0hGZIQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Script-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Script-Path
+attributeID: 1.2.840.113556.1.4.62
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Script-Path
+adminDescription: Script-Path
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: scriptPath
+schemaFlagsEx: 1
+schemaIDGUID:: qHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SD-Rights-Effective,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SD-Rights-Effective
+attributeID: 1.2.840.113556.1.4.1304
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SD-Rights-Effective
+adminDescription: SD-Rights-Effective
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: sDRightsEffective
+schemaFlagsEx: 1
+schemaIDGUID:: pq/bw98z0hGYsgAA+HpX1A==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Search-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Search-Flags
+attributeID: 1.2.840.113556.1.2.334
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+mAPIID: 33069
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Search-Flags
+adminDescription: Search-Flags
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: searchFlags
+schemaFlagsEx: 1
+schemaIDGUID:: LXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Search-Guide,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Search-Guide
+attributeID: 2.5.4.14
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+mAPIID: 33070
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Search-Guide
+adminDescription: Search-Guide
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: searchGuide
+schemaIDGUID:: LnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=secretary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: secretary
+attributeID: 0.9.2342.19200300.100.1.21
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: secretary
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Specifies the secretary of a person.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: secretary
+schemaIDGUID:: mi0HAa2YU0qXROg+KHJ4+w==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Security-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Security-Identifier
+attributeID: 1.2.840.113556.1.4.121
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Security-Identifier
+adminDescription: Security-Identifier
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: securityIdentifier
+schemaFlagsEx: 1
+schemaIDGUID:: L3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=See-Also,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: See-Also
+attributeID: 2.5.4.34
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 33071
+showInAdvancedViewOnly: TRUE
+adminDisplayName: See-Also
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: See-Also
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: seeAlso
+schemaIDGUID:: MXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Seq-Notification,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Seq-Notification
+attributeID: 1.2.840.113556.1.4.504
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Seq-Notification
+adminDescription: Seq-Notification
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: seqNotification
+schemaIDGUID:: 8gys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Serial-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Serial-Number
+attributeID: 2.5.4.5
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 33072
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Serial-Number
+adminDescription: Serial-Number
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: serialNumber
+schemaIDGUID:: MnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Server-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Server-Name
+attributeID: 1.2.840.113556.1.4.223
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Server-Name
+adminDescription: Server-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: serverName
+schemaFlagsEx: 1
+schemaIDGUID:: oLfcCV8W0BGgZACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Server-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Server-Reference
+attributeID: 1.2.840.113556.1.4.515
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 94
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Server-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Server-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: serverReference
+schemaFlagsEx: 1
+schemaIDGUID:: bXPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Server-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Server-Reference-BL
+attributeID: 1.2.840.113556.1.4.516
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 95
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Server-Reference-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Server-Reference-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: serverReferenceBL
+schemaFlagsEx: 1
+schemaIDGUID:: bnPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Server-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Server-Role
+attributeID: 1.2.840.113556.1.4.157
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Server-Role
+adminDescription: Server-Role
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: serverRole
+schemaIDGUID:: M3qWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Server-State,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Server-State
+attributeID: 1.2.840.113556.1.4.154
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Server-State
+adminDescription: Server-State
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: serverState
+schemaFlagsEx: 1
+schemaIDGUID:: NHqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Binding-Information,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-Binding-Information
+attributeID: 1.2.840.113556.1.4.510
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Binding-Information
+adminDescription: Service-Binding-Information
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: serviceBindingInformation
+schemaIDGUID:: HDGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Class-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-Class-ID
+attributeID: 1.2.840.113556.1.4.122
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Class-ID
+adminDescription: Service-Class-ID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: serviceClassID
+schemaIDGUID:: NXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Class-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-Class-Info
+attributeID: 1.2.840.113556.1.4.123
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Class-Info
+adminDescription: Service-Class-Info
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: serviceClassInfo
+schemaIDGUID:: NnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Class-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-Class-Name
+attributeID: 1.2.840.113556.1.4.509
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Class-Name
+adminDescription: Service-Class-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: serviceClassName
+schemaIDGUID:: HTGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-DNS-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-DNS-Name
+attributeID: 1.2.840.113556.1.4.657
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-DNS-Name
+adminDescription: Service-DNS-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: serviceDNSName
+schemaIDGUID:: uA5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-DNS-Name-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-DNS-Name-Type
+attributeID: 1.2.840.113556.1.4.659
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-DNS-Name-Type
+adminDescription: Service-DNS-Name-Type
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: serviceDNSNameType
+schemaIDGUID:: ug5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Instance-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-Instance-Version
+attributeID: 1.2.840.113556.1.4.199
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 8
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Instance-Version
+adminDescription: Service-Instance-Version
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: serviceInstanceVersion
+schemaIDGUID:: N3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Principal-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-Principal-Name
+attributeID: 1.2.840.113556.1.4.771
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Principal-Name
+adminDescription: Service-Principal-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: servicePrincipalName
+schemaFlagsEx: 1
+schemaIDGUID:: iEem8wZT0RGpxQAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Setup-Command,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Setup-Command
+attributeID: 1.2.840.113556.1.4.325
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Setup-Command
+adminDescription: Setup-Command
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: setupCommand
+schemaIDGUID:: lw5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowExpire,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowExpire
+attributeID: 1.3.6.1.1.1.1.10
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowExpire
+adminDescription: Absolute date to expire account
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowExpire
+schemaIDGUID:: AJoVdf8f9EyL/07yaVz2Qw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowFlag,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowFlag
+attributeID: 1.3.6.1.1.1.1.11
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowFlag
+adminDescription: 
+ This is a part of the shadow map used to store the flag value.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowFlag
+schemaIDGUID:: Dbf+jdvFtkaxXqQ4nmzumw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowInactive,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowInactive
+attributeID: 1.3.6.1.1.1.1.9
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowInactive
+adminDescription: Number of days before password expiry to warn user
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowInactive
+schemaIDGUID:: Hx2HhhAzEkOO/a9J3PsmcQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowLastChange,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowLastChange
+attributeID: 1.3.6.1.1.1.1.5
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowLastChange
+adminDescription: Last change of shadow information.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowLastChange
+schemaIDGUID:: nGjy+OgpQ0iBd+i5jhXurA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowMax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowMax
+attributeID: 1.3.6.1.1.1.1.7
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowMax
+adminDescription: Maximum number of days password is valid.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowMax
+schemaIDGUID:: UsmF8t1QnkSRYDuIDZmYjQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowMin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowMin
+attributeID: 1.3.6.1.1.1.1.6
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowMin
+adminDescription: Minimum number of days between shadow changes.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowMin
+schemaIDGUID:: N4drp6HlaEWwV9wS4Evksg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowWarning,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowWarning
+attributeID: 1.3.6.1.1.1.1.8
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowWarning
+adminDescription: Number of days before password expiry to warn user
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowWarning
+schemaIDGUID:: nJzoenYpRkq7ijQPiFYBFw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Shell-Context-Menu,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Shell-Context-Menu
+attributeID: 1.2.840.113556.1.4.615
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Shell-Context-Menu
+adminDescription: Shell-Context-Menu
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: shellContextMenu
+schemaIDGUID:: OdA/VS7z0BGwvADAT9jcpg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Shell-Property-Pages,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Shell-Property-Pages
+attributeID: 1.2.840.113556.1.4.563
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Shell-Property-Pages
+adminDescription: Shell-Property-Pages
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: shellPropertyPages
+schemaIDGUID:: OYBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Short-Server-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Short-Server-Name
+attributeID: 1.2.840.113556.1.4.1209
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Short-Server-Name
+adminDescription: Short-Server-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: shortServerName
+schemaIDGUID:: ARWwRRnE0RG7yQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Show-In-Address-Book,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Show-In-Address-Book
+attributeID: 1.2.840.113556.1.4.644
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Show-In-Address-Book
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Show-In-Address-Book
+oMSyntax: 127
+searchFlags: 16
+lDAPDisplayName: showInAddressBook
+schemaFlagsEx: 1
+schemaIDGUID:: DvZ0PnM+0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Show-In-Advanced-View-Only,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Show-In-Advanced-View-Only
+attributeID: 1.2.840.113556.1.2.169
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Show-In-Advanced-View-Only
+adminDescription: Show-In-Advanced-View-Only
+oMSyntax: 1
+searchFlags: 17
+lDAPDisplayName: showInAdvancedViewOnly
+schemaFlagsEx: 1
+schemaIDGUID:: hHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SID-History,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SID-History
+attributeID: 1.2.840.113556.1.4.609
+attributeSyntax: 2.5.5.17
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SID-History
+adminDescription: SID-History
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: sIDHistory
+schemaFlagsEx: 1
+schemaIDGUID:: eELrF2fR0BGwAgAA+ANnwQ==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Signature-Algorithms,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Signature-Algorithms
+attributeID: 1.2.840.113556.1.4.824
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Signature-Algorithms
+adminDescription: Signature-Algorithms
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: signatureAlgorithms
+schemaIDGUID:: ssU5KmCJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Site-GUID
+attributeID: 1.2.840.113556.1.4.362
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-GUID
+adminDescription: Site-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: siteGUID
+schemaIDGUID:: JImXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Link-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Site-Link-List
+attributeID: 1.2.840.113556.1.4.822
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 142
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-Link-List
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Site-Link-List
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: siteLinkList
+schemaFlagsEx: 1
+schemaIDGUID:: 3SwM1VGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Site-List
+attributeID: 1.2.840.113556.1.4.821
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 144
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-List
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Site-List
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: siteList
+schemaFlagsEx: 1
+schemaIDGUID:: 3CwM1VGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Site-Object
+attributeID: 1.2.840.113556.1.4.512
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 46
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Site-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: siteObject
+schemaFlagsEx: 1
+schemaIDGUID:: TJQQPlTD0BGv+AAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Object-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Site-Object-BL
+attributeID: 1.2.840.113556.1.4.513
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 47
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-Object-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Site-Object-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: siteObjectBL
+schemaIDGUID:: TZQQPlTD0BGv+AAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Site-Server
+attributeID: 1.2.840.113556.1.4.494
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-Server
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Site-Server
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: siteServer
+schemaIDGUID:: fPHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SMTP-Mail-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SMTP-Mail-Address
+attributeID: 1.2.840.113556.1.4.786
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SMTP-Mail-Address
+adminDescription: SMTP-Mail-Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mailAddress
+schemaFlagsEx: 1
+schemaIDGUID:: b3PZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SPN-Mappings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SPN-Mappings
+attributeID: 1.2.840.113556.1.4.1347
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SPN-Mappings
+adminDescription: SPN-Mappings
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: sPNMappings
+schemaFlagsEx: 1
+schemaIDGUID:: bOewKkFw0hGZBQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=State-Or-Province-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: State-Or-Province-Name
+attributeID: 2.5.4.8
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 14888
+showInAdvancedViewOnly: TRUE
+adminDisplayName: State-Or-Province-Name
+adminDescription: State-Or-Province-Name
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: st
+schemaFlagsEx: 1
+schemaIDGUID:: OXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Street-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Street-Address
+attributeID: 2.5.4.9
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+mAPIID: 33082
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Street-Address
+adminDescription: Street-Address
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: street
+schemaFlagsEx: 1
+schemaIDGUID:: OnqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Structural-Object-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Structural-Object-Class
+attributeID: 2.5.21.9
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Structural-Object-Class
+adminDescription: The class hierarchy without auxiliary classes
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: structuralObjectClass
+schemaFlagsEx: 1
+schemaIDGUID:: n5RgOKj2OEuZUIHstrwpgg==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sub-Class-Of,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Sub-Class-Of
+attributeID: 1.2.840.113556.1.2.21
+attributeSyntax: 2.5.5.2
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sub-Class-Of
+adminDescription: Sub-Class-Of
+oMSyntax: 6
+searchFlags: 8
+lDAPDisplayName: subClassOf
+schemaFlagsEx: 1
+schemaIDGUID:: O3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sub-Refs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Sub-Refs
+attributeID: 1.2.840.113556.1.2.7
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 33083
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sub-Refs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Sub-Refs
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: subRefs
+schemaFlagsEx: 1
+schemaIDGUID:: PHqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SubSchemaSubEntry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SubSchemaSubEntry
+attributeID: 2.5.18.10
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SubSchemaSubEntry
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: SubSchemaSubEntry
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: subSchemaSubEntry
+schemaFlagsEx: 1
+schemaIDGUID:: Tdl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Super-Scope-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Super-Scope-Description
+attributeID: 1.2.840.113556.1.4.711
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Super-Scope-Description
+adminDescription: Super-Scope-Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: superScopeDescription
+schemaIDGUID:: TCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Super-Scopes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Super-Scopes
+attributeID: 1.2.840.113556.1.4.710
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Super-Scopes
+adminDescription: Super-Scopes
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: superScopes
+schemaIDGUID:: Syc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Superior-DNS-Root,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Superior-DNS-Root
+attributeID: 1.2.840.113556.1.4.532
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Superior-DNS-Root
+adminDescription: Superior-DNS-Root
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: superiorDNSRoot
+schemaFlagsEx: 1
+schemaIDGUID:: HYBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Supplemental-Credentials,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Supplemental-Credentials
+attributeID: 1.2.840.113556.1.4.125
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Supplemental-Credentials
+adminDescription: Supplemental-Credentials
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: supplementalCredentials
+schemaFlagsEx: 1
+schemaIDGUID:: P3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Supported-Application-Context,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Supported-Application-Context
+attributeID: 2.5.4.30
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+mAPIID: 33085
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Supported-Application-Context
+adminDescription: Supported-Application-Context
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: supportedApplicationContext
+schemaIDGUID:: j1h3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Surname,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Surname
+attributeID: 2.5.4.4
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14865
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Surname
+adminDescription: Surname
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: sn
+schemaFlagsEx: 1
+schemaIDGUID:: QXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sync-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Sync-Attributes
+attributeID: 1.2.840.113556.1.4.666
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sync-Attributes
+adminDescription: Sync-Attributes
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: syncAttributes
+schemaIDGUID:: 5FF2Ax1E0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sync-Membership,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Sync-Membership
+attributeID: 1.2.840.113556.1.4.665
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 78
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sync-Membership
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Sync-Membership
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: syncMembership
+schemaIDGUID:: 41F2Ax1E0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sync-With-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Sync-With-Object
+attributeID: 1.2.840.113556.1.4.664
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sync-With-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Sync-With-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: syncWithObject
+schemaIDGUID:: 4lF2Ax1E0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sync-With-SID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Sync-With-SID
+attributeID: 1.2.840.113556.1.4.667
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sync-With-SID
+adminDescription: Sync-With-SID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: syncWithSID
+schemaIDGUID:: 5VF2Ax1E0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=System-Auxiliary-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: System-Auxiliary-Class
+attributeID: 1.2.840.113556.1.4.198
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: System-Auxiliary-Class
+adminDescription: System-Auxiliary-Class
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: systemAuxiliaryClass
+schemaFlagsEx: 1
+schemaIDGUID:: Q3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=System-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: System-Flags
+attributeID: 1.2.840.113556.1.4.375
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: System-Flags
+adminDescription: System-Flags
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: systemFlags
+schemaFlagsEx: 1
+schemaIDGUID:: Yh764EWb0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=System-May-Contain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: System-May-Contain
+attributeID: 1.2.840.113556.1.4.196
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: System-May-Contain
+adminDescription: System-May-Contain
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: systemMayContain
+schemaFlagsEx: 1
+schemaIDGUID:: RHqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=System-Must-Contain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: System-Must-Contain
+attributeID: 1.2.840.113556.1.4.197
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: System-Must-Contain
+adminDescription: System-Must-Contain
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: systemMustContain
+schemaFlagsEx: 1
+schemaIDGUID:: RXqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=System-Only,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: System-Only
+attributeID: 1.2.840.113556.1.4.170
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: System-Only
+adminDescription: System-Only
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: systemOnly
+schemaFlagsEx: 1
+schemaIDGUID:: RnqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=System-Poss-Superiors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: System-Poss-Superiors
+attributeID: 1.2.840.113556.1.4.195
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: System-Poss-Superiors
+adminDescription: System-Poss-Superiors
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: systemPossSuperiors
+schemaFlagsEx: 1
+schemaIDGUID:: R3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Telephone-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Telephone-Number
+attributeID: 2.5.4.20
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14856
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Telephone-Number
+adminDescription: Telephone-Number
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: telephoneNumber
+schemaIDGUID:: SXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Teletex-Terminal-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Teletex-Terminal-Identifier
+attributeID: 2.5.4.22
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+mAPIID: 33091
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Teletex-Terminal-Identifier
+adminDescription: Teletex-Terminal-Identifier
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: teletexTerminalIdentifier
+schemaIDGUID:: SnqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Telex-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Telex-Number
+attributeID: 2.5.4.21
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 32
+mAPIID: 14892
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Telex-Number
+adminDescription: Telex-Number
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: telexNumber
+schemaIDGUID:: S3qWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Telex-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Telex-Primary
+attributeID: 1.2.840.113556.1.4.648
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Telex-Primary
+adminDescription: Telex-Primary
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: primaryTelexNumber
+schemaIDGUID:: IcGWAtpA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Template-Roots,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Template-Roots
+attributeID: 1.2.840.113556.1.4.1346
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Template-Roots
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Template-Roots
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: templateRoots
+schemaFlagsEx: 1
+schemaIDGUID:: oOmd7UFw0hGZBQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Template-Roots2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Template-Roots2
+attributeID: 1.2.840.113556.1.4.2048
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2126
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Template-Roots2
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute is used on the Exchange config container to indicate where the 
+ template containers are stored. This information is used by the Active Directo
+ ry MAPI provider.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: templateRoots2
+schemaFlagsEx: 1
+schemaIDGUID:: GqnLsYIGYkOmWRU+IB7waQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Terminal-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Terminal-Server
+attributeID: 1.2.840.113556.1.4.885
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 20480
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Terminal-Server
+adminDescription: Terminal-Server
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: terminalServer
+schemaIDGUID:: HJq2bSKU0RGuvQAA+ANnwQ==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Text-Country,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Text-Country
+attributeID: 1.2.840.113556.1.2.131
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 14886
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Text-Country
+adminDescription: Text-Country
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: co
+schemaIDGUID:: p//48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Text-Encoded-OR-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Text-Encoded-OR-Address
+attributeID: 0.9.2342.19200300.100.1.2
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+mAPIID: 35969
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Text-Encoded-OR-Address
+adminDescription: Text-Encoded-OR-Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: textEncodedORAddress
+schemaIDGUID:: iXTfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Time-Refresh,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Time-Refresh
+attributeID: 1.2.840.113556.1.4.503
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Time-Refresh
+adminDescription: Time-Refresh
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: timeRefresh
+schemaIDGUID:: 8Qys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Time-Vol-Change,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Time-Vol-Change
+attributeID: 1.2.840.113556.1.4.502
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Time-Vol-Change
+adminDescription: Time-Vol-Change
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: timeVolChange
+schemaIDGUID:: 8Ays3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Title,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Title
+attributeID: 2.5.4.12
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 14871
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Title
+adminDescription: Title
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: title
+schemaIDGUID:: VXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Token-Groups,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Token-Groups
+attributeID: 1.2.840.113556.1.4.1301
+attributeSyntax: 2.5.5.17
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Token-Groups
+adminDescription: Token-Groups
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: tokenGroups
+schemaFlagsEx: 1
+schemaIDGUID:: bZ7Gt8cs0hGFTgCgyYP2CA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Token-Groups-Global-And-Universal,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Token-Groups-Global-And-Universal
+attributeID: 1.2.840.113556.1.4.1418
+attributeSyntax: 2.5.5.17
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Token-Groups-Global-And-Universal
+adminDescription: Token-Groups-Global-And-Universal
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: tokenGroupsGlobalAndUniversal
+schemaFlagsEx: 1
+schemaIDGUID:: HbGpRq5gWkC36P+KWNRW0g==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Token-Groups-No-GC-Acceptable,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Token-Groups-No-GC-Acceptable
+attributeID: 1.2.840.113556.1.4.1303
+attributeSyntax: 2.5.5.17
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Token-Groups-No-GC-Acceptable
+adminDescription: Token-Groups-No-GC-Acceptable
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: tokenGroupsNoGCAcceptable
+schemaFlagsEx: 1
+schemaIDGUID:: ksMPBN8z0hGYsgAA+HpX1A==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Tombstone-Lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Tombstone-Lifetime
+attributeID: 1.2.840.113556.1.2.54
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 33093
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Tombstone-Lifetime
+adminDescription: Tombstone-Lifetime
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: tombstoneLifetime
+schemaFlagsEx: 1
+schemaIDGUID:: YKjDFnMS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Transport-Address-Attribute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Transport-Address-Attribute
+attributeID: 1.2.840.113556.1.4.895
+attributeSyntax: 2.5.5.2
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Transport-Address-Attribute
+adminDescription: Transport-Address-Attribute
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: transportAddressAttribute
+schemaFlagsEx: 1
+schemaIDGUID:: fIbcwWGi0RG2BgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Transport-DLL-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Transport-DLL-Name
+attributeID: 1.2.840.113556.1.4.789
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Transport-DLL-Name
+adminDescription: Transport-DLL-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: transportDLLName
+schemaFlagsEx: 1
+schemaIDGUID:: cnPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Transport-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Transport-Type
+attributeID: 1.2.840.113556.1.4.791
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Transport-Type
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Transport-Type
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: transportType
+schemaFlagsEx: 1
+schemaIDGUID:: dHPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Treat-As-Leaf,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Treat-As-Leaf
+attributeID: 1.2.840.113556.1.4.806
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Treat-As-Leaf
+adminDescription: Treat-As-Leaf
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: treatAsLeaf
+schemaIDGUID:: 40TQjx930RGurgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Tree-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Tree-Name
+attributeID: 1.2.840.113556.1.4.660
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Tree-Name
+adminDescription: Tree-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: treeName
+schemaIDGUID:: vQ5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Attributes
+attributeID: 1.2.840.113556.1.4.470
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Attributes
+adminDescription: Trust-Attributes
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: trustAttributes
+schemaFlagsEx: 1
+schemaIDGUID:: Wn6mgCKf0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Auth-Incoming,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Auth-Incoming
+attributeID: 1.2.840.113556.1.4.129
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Auth-Incoming
+adminDescription: Trust-Auth-Incoming
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: trustAuthIncoming
+schemaFlagsEx: 1
+schemaIDGUID:: WXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Auth-Outgoing,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Auth-Outgoing
+attributeID: 1.2.840.113556.1.4.135
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Auth-Outgoing
+adminDescription: Trust-Auth-Outgoing
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: trustAuthOutgoing
+schemaFlagsEx: 1
+schemaIDGUID:: X3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Direction,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Direction
+attributeID: 1.2.840.113556.1.4.132
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Direction
+adminDescription: Trust-Direction
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: trustDirection
+schemaFlagsEx: 1
+schemaIDGUID:: XHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Parent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Parent
+attributeID: 1.2.840.113556.1.4.471
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Parent
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Trust-Parent
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: trustParent
+schemaFlagsEx: 1
+schemaIDGUID:: euoAsIag0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Partner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Partner
+attributeID: 1.2.840.113556.1.4.133
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Partner
+adminDescription: Trust-Partner
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: trustPartner
+schemaFlagsEx: 1
+schemaIDGUID:: XXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Posix-Offset,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Posix-Offset
+attributeID: 1.2.840.113556.1.4.134
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Posix-Offset
+adminDescription: Trust-Posix-Offset
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: trustPosixOffset
+schemaFlagsEx: 1
+schemaIDGUID:: XnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Type
+attributeID: 1.2.840.113556.1.4.136
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Type
+adminDescription: Trust-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: trustType
+schemaFlagsEx: 1
+schemaIDGUID:: YHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=UAS-Compat,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: UAS-Compat
+attributeID: 1.2.840.113556.1.4.155
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: UAS-Compat
+adminDescription: UAS-Compat
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: uASCompat
+schemaFlagsEx: 1
+schemaIDGUID:: YXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=uid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: uid
+attributeID: 0.9.2342.19200300.100.1.1
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: uid
+adminDescription: A user ID.
+oMSyntax: 64
+searchFlags: 8
+lDAPDisplayName: uid
+schemaIDGUID:: oPywC4ken0KQGhQTiU2fWQ==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=UidNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: UidNumber
+attributeID: 1.3.6.1.1.1.1.0
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: uidNumber
+adminDescription: 
+ An integer uniquely identifying a user in an administrative domain (RFC 2307)
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: uidNumber
+schemaIDGUID:: j8wPhWuc4Ue2cXxlS+TVsw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=UNC-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: UNC-Name
+attributeID: 1.2.840.113556.1.4.137
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: UNC-Name
+adminDescription: UNC-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: uNCName
+schemaIDGUID:: ZHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Unicode-Pwd,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Unicode-Pwd
+attributeID: 1.2.840.113556.1.4.90
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Unicode-Pwd
+adminDescription: Unicode-Pwd
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: unicodePwd
+schemaFlagsEx: 1
+schemaIDGUID:: 4XmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=uniqueIdentifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: uniqueIdentifier
+attributeID: 0.9.2342.19200300.100.1.44
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: uniqueIdentifier
+adminDescription: 
+ The uniqueIdentifier attribute type specifies a "unique identifier" for an obj
+ ect represented in the Directory.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: uniqueIdentifier
+schemaIDGUID:: x4QBusU47UulJnVCFHBYDA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=uniqueMember,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: uniqueMember
+attributeID: 2.5.4.50
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: uniqueMember
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ The distinguished name for the member of a group. Used by groupOfUniqueNames.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: uniqueMember
+schemaIDGUID:: JoeIjwr410Sx7sud8hOSyA==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=UnixHomeDirectory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: UnixHomeDirectory
+attributeID: 1.3.6.1.1.1.1.3
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: unixHomeDirectory
+adminDescription: The absolute path to the home directory (RFC 2307)
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: unixHomeDirectory
+schemaIDGUID:: ErotvA8ATUa/HQgIRl2IQw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=UnixUserPassword,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: UnixUserPassword
+attributeID: 1.2.840.113556.1.4.1910
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: unixUserPassword
+adminDescription: userPassword compatible with Unix system.
+oMSyntax: 4
+searchFlags: 128
+lDAPDisplayName: unixUserPassword
+schemaIDGUID:: R7csYejAkk+SIf3V8VtVDQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=unstructuredAddress,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: unstructuredAddress
+attributeID: 1.2.840.113549.1.9.8
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: unstructuredAddress
+adminDescription: 
+ The IP address of the router. For example, 100.11.22.33. PKCS #9
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: unstructuredAddress
+schemaIDGUID:: OQiVUEzMkUSGOvz5QtaEtw==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=unstructuredName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: unstructuredName
+attributeID: 1.2.840.113549.1.9.2
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: unstructuredName
+adminDescription: 
+ The DNS name of the router. For example, router1.microsoft.com. PKCS #9
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: unstructuredName
+schemaIDGUID:: d/GOnM9ByUWWc3cWwMiQGw==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Upgrade-Product-Code,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Upgrade-Product-Code
+attributeID: 1.2.840.113556.1.4.813
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Upgrade-Product-Code
+adminDescription: Upgrade-Product-Code
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: upgradeProductCode
+schemaIDGUID:: EoPh2TmJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=UPN-Suffixes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: UPN-Suffixes
+attributeID: 1.2.840.113556.1.4.890
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: UPN-Suffixes
+adminDescription: UPN-Suffixes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: uPNSuffixes
+schemaFlagsEx: 1
+schemaIDGUID:: v2AhAySY0RGuwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Account-Control,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Account-Control
+attributeID: 1.2.840.113556.1.4.8
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Account-Control
+adminDescription: User-Account-Control
+oMSyntax: 2
+searchFlags: 25
+lDAPDisplayName: userAccountControl
+schemaFlagsEx: 1
+schemaIDGUID:: aHqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Cert,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Cert
+attributeID: 1.2.840.113556.1.4.645
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+mAPIID: 14882
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Cert
+adminDescription: User-Cert
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: userCert
+schemaIDGUID:: aXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Comment,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Comment
+attributeID: 1.2.840.113556.1.4.156
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Comment
+adminDescription: User-Comment
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: comment
+schemaFlagsEx: 1
+schemaIDGUID:: anqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Parameters,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Parameters
+attributeID: 1.2.840.113556.1.4.138
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Parameters
+adminDescription: User-Parameters
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: userParameters
+schemaFlagsEx: 1
+schemaIDGUID:: bXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Password,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Password
+attributeID: 2.5.4.35
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 33107
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Password
+adminDescription: User-Password
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: userPassword
+schemaFlagsEx: 1
+schemaIDGUID:: bnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Principal-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Principal-Name
+attributeID: 1.2.840.113556.1.4.656
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Principal-Name
+adminDescription: User-Principal-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: userPrincipalName
+schemaFlagsEx: 1
+schemaIDGUID:: uw5jKNVB0RGpwQAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Shared-Folder,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Shared-Folder
+attributeID: 1.2.840.113556.1.4.751
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Shared-Folder
+adminDescription: User-Shared-Folder
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: userSharedFolder
+schemaIDGUID:: HwKamltK0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Shared-Folder-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Shared-Folder-Other
+attributeID: 1.2.840.113556.1.4.752
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Shared-Folder-Other
+adminDescription: User-Shared-Folder-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: userSharedFolderOther
+schemaIDGUID:: IAKamltK0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-SMIME-Certificate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-SMIME-Certificate
+attributeID: 2.16.840.1.113730.3.140
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 32768
+mAPIID: 14960
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-SMIME-Certificate
+adminDescription: User-SMIME-Certificate
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: userSMIMECertificate
+schemaIDGUID:: sp1q4TxA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Workstations,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Workstations
+attributeID: 1.2.840.113556.1.4.86
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Workstations
+adminDescription: User-Workstations
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: userWorkstations
+schemaFlagsEx: 1
+schemaIDGUID:: 13mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=userClass,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: userClass
+attributeID: 0.9.2342.19200300.100.1.8
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: userClass
+adminDescription: 
+ The userClass attribute type specifies a category of computer user.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: userClass
+schemaIDGUID:: iipzEU3hxUy5L9k/UcbY5A==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=userPKCS12,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: userPKCS12
+attributeID: 2.16.840.1.113730.3.1.216
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: userPKCS12
+adminDescription: 
+ PKCS #12 PFX PDU for exchange of personal identity information.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: userPKCS12
+schemaIDGUID:: tYqZI/hwB0CkwahKODEfmg==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=USN-Changed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: USN-Changed
+attributeID: 1.2.840.113556.1.2.120
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+mAPIID: 32809
+showInAdvancedViewOnly: TRUE
+adminDisplayName: USN-Changed
+adminDescription: USN-Changed
+oMSyntax: 65
+searchFlags: 9
+lDAPDisplayName: uSNChanged
+schemaFlagsEx: 1
+schemaIDGUID:: b3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=USN-Created,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: USN-Created
+attributeID: 1.2.840.113556.1.2.19
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+mAPIID: 33108
+showInAdvancedViewOnly: TRUE
+adminDisplayName: USN-Created
+adminDescription: USN-Created
+oMSyntax: 65
+searchFlags: 9
+lDAPDisplayName: uSNCreated
+schemaFlagsEx: 1
+schemaIDGUID:: cHqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=USN-DSA-Last-Obj-Removed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: USN-DSA-Last-Obj-Removed
+attributeID: 1.2.840.113556.1.2.267
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+mAPIID: 33109
+showInAdvancedViewOnly: TRUE
+adminDisplayName: USN-DSA-Last-Obj-Removed
+adminDescription: USN-DSA-Last-Obj-Removed
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: uSNDSALastObjRemoved
+schemaFlagsEx: 1
+schemaIDGUID:: cXqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=USN-Intersite,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: USN-Intersite
+attributeID: 1.2.840.113556.1.2.469
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 33146
+showInAdvancedViewOnly: TRUE
+adminDisplayName: USN-Intersite
+adminDescription: USN-Intersite
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: USNIntersite
+schemaIDGUID:: mHTfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=USN-Last-Obj-Rem,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: USN-Last-Obj-Rem
+attributeID: 1.2.840.113556.1.2.121
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+mAPIID: 33110
+showInAdvancedViewOnly: TRUE
+adminDisplayName: USN-Last-Obj-Rem
+adminDescription: USN-Last-Obj-Rem
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: uSNLastObjRem
+schemaFlagsEx: 1
+schemaIDGUID:: c3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=USN-Source,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: USN-Source
+attributeID: 1.2.840.113556.1.4.896
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+mAPIID: 33111
+showInAdvancedViewOnly: TRUE
+adminDisplayName: USN-Source
+adminDescription: USN-Source
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: uSNSource
+schemaIDGUID:: rVh3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Valid-Accesses,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Valid-Accesses
+attributeID: 1.2.840.113556.1.4.1356
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Valid-Accesses
+adminDescription: Valid-Accesses
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: validAccesses
+schemaFlagsEx: 1
+schemaIDGUID:: gKMvTVR/0hGZKgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Vendor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Vendor
+attributeID: 1.2.840.113556.1.4.255
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Vendor
+adminDescription: Vendor
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: vendor
+schemaIDGUID:: 3xYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Version-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Version-Number
+attributeID: 1.2.840.113556.1.4.141
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Version-Number
+adminDescription: Version-Number
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: versionNumber
+schemaIDGUID:: dnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Version-Number-Hi,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Version-Number-Hi
+attributeID: 1.2.840.113556.1.4.328
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Version-Number-Hi
+adminDescription: Version-Number-Hi
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: versionNumberHi
+schemaIDGUID:: mg5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Version-Number-Lo,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Version-Number-Lo
+attributeID: 1.2.840.113556.1.4.329
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Version-Number-Lo
+adminDescription: Version-Number-Lo
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: versionNumberLo
+schemaIDGUID:: mw5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Vol-Table-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Vol-Table-GUID
+attributeID: 1.2.840.113556.1.4.336
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Vol-Table-GUID
+adminDescription: Vol-Table-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: volTableGUID
+schemaIDGUID:: /XUAH0B+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Vol-Table-Idx-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Vol-Table-Idx-GUID
+attributeID: 1.2.840.113556.1.4.334
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Vol-Table-Idx-GUID
+adminDescription: Vol-Table-Idx-GUID
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: volTableIdxGUID
+schemaIDGUID:: +3UAH0B+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Volume-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Volume-Count
+attributeID: 1.2.840.113556.1.4.507
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Volume-Count
+adminDescription: Volume-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: volumeCount
+schemaIDGUID:: F6KqNJm20BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Wbem-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Wbem-Path
+attributeID: 1.2.840.113556.1.4.301
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Wbem-Path
+adminDescription: Wbem-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: wbemPath
+schemaIDGUID:: cClLJL1a0BGv0gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Well-Known-Objects,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Well-Known-Objects
+attributeID: 1.2.840.113556.1.4.618
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Well-Known-Objects
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: Well-Known-Objects
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: wellKnownObjects
+schemaFlagsEx: 1
+schemaIDGUID:: g4kwBYh20RGt7QDAT9jVzQ==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=When-Changed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: When-Changed
+attributeID: 1.2.840.113556.1.2.3
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+mAPIID: 12296
+showInAdvancedViewOnly: TRUE
+adminDisplayName: When-Changed
+adminDescription: When-Changed
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: whenChanged
+schemaFlagsEx: 1
+schemaIDGUID:: d3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=When-Created,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: When-Created
+attributeID: 1.2.840.113556.1.2.2
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+mAPIID: 12295
+showInAdvancedViewOnly: TRUE
+adminDisplayName: When-Created
+adminDescription: When-Created
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: whenCreated
+schemaFlagsEx: 1
+schemaIDGUID:: eHqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Winsock-Addresses,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Winsock-Addresses
+attributeID: 1.2.840.113556.1.4.142
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Winsock-Addresses
+adminDescription: Winsock-Addresses
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: winsockAddresses
+schemaIDGUID:: eXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=WWW-Home-Page,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: WWW-Home-Page
+attributeID: 1.2.840.113556.1.2.464
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: WWW-Home-Page
+adminDescription: WWW-Home-Page
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: wWWHomePage
+schemaIDGUID:: enqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: s5VX5FWU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=WWW-Page-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: WWW-Page-Other
+attributeID: 1.2.840.113556.1.4.749
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+mAPIID: 33141
+showInAdvancedViewOnly: TRUE
+adminDisplayName: WWW-Page-Other
+adminDescription: WWW-Page-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: url
+schemaIDGUID:: IQKamltK0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: s5VX5FWU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=X121-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: X121-Address
+attributeID: 2.5.4.24
+attributeSyntax: 2.5.5.6
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 15
+mAPIID: 33112
+showInAdvancedViewOnly: TRUE
+adminDisplayName: X121-Address
+adminDescription: X121-Address
+oMSyntax: 18
+searchFlags: 0
+lDAPDisplayName: x121Address
+schemaIDGUID:: e3qWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=x500uniqueIdentifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: x500uniqueIdentifier
+attributeID: 2.5.4.45
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: x500uniqueIdentifier
+adminDescription: 
+ Used to distinguish between objects when a distinguished name has been reused.
+   This is a different attribute type from both the "uid" and "uniqueIdentifier
+ " types.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: x500uniqueIdentifier
+schemaIDGUID:: H6F90D2KtkKwqnbJYr5xmg==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=X509-Cert,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: X509-Cert
+attributeID: 2.5.4.36
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 32768
+mAPIID: 35946
+showInAdvancedViewOnly: TRUE
+adminDisplayName: X509-Cert
+adminDescription: X509-Cert
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: userCertificate
+schemaIDGUID:: f3qWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
diff --git a/source4/setup/ad-schema/Attributes_for_AD_DS__Windows_Server_2012.ldf b/source4/setup/ad-schema/Attributes_for_AD_DS__Windows_Server_2012.ldf
new file mode 100644
index 0000000..4395cad
--- /dev/null
+++ b/source4/setup/ad-schema/Attributes_for_AD_DS__Windows_Server_2012.ldf
@@ -0,0 +1,29357 @@
+# Intellectual Property Rights Notice for Open Specifications Documentation
+# •	Technical Documentation. Microsoft publishes Open Specifications documentation for protocols, file formats, languages, standards as well as overviews of the interaction among each of these technologies. 
+# •	Copyrights. This documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you may make copies of it in order to develop implementations of the technologies described in the Open Specifications and may distribute portions of it in your implementations using these technologies or your documentation as necessary to properly document the implementation. You may also distribute in your implementation, with or without modification, any schema, IDL’s, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the Open Specifications. 
+# •	No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation.
+# •	Patents. Microsoft has patents that may cover your implementations of the technologies described in the Open Specifications. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, a given Open Specification may be covered by Microsoft's Open Specification Promise (available here:  http://www.microsoft.com/interop/osp) or the Community Promise (available here: http://www.microsoft.com/interop/cp/default.mspx). If you would prefer a written license, or if the technologies described in the Open Specifications are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting iplg@microsoft.com.
+# •	Trademarks. The names of companies and products contained in this documentation may be covered by trademarks or similar intellectual property rights. This notice does not grant any licenses under those rights.
+# •	Fictitious Names. The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in this documentation are fictitious.  No association with any real company, organization, product, domain name, email address, logo, person, place, or event is intended or should be inferred.
+# Reservation of Rights. All other rights are reserved, and this notice does not grant any rights other than specifically described above, whether by implication, estoppel, or otherwise.
+# Tools. The Open Specifications do not require the use of Microsoft programming tools or programming environments in order for you to develop an implementation. If you have access to Microsoft programming tools and environments you are free to take advantage of them. Certain Open Specifications are intended for use in conjunction with publicly available standard specifications and network programming art, and assumes that the reader either is familiar with the aforementioned material or has immediate access to it.
+
+# The following attribute schema definitions were generated from the Windows Server 2012 version of Active Directory Domain Services (AD DS).   
+
+dn: CN=Account-Expires,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Account-Expires
+attributeID: 1.2.840.113556.1.4.159
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Account-Expires
+adminDescription: Account-Expires
+oMSyntax: 65
+searchFlags: 16
+lDAPDisplayName: accountExpires
+schemaFlagsEx: 1
+schemaIDGUID:: FXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Account-Name-History,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Account-Name-History
+attributeID: 1.2.840.113556.1.4.1307
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Account-Name-History
+adminDescription: Account-Name-History
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: accountNameHistory
+schemaIDGUID:: 7FIZA3I70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Aggregate-Token-Rate-Per-User,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Aggregate-Token-Rate-Per-User
+attributeID: 1.2.840.113556.1.4.760
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Aggregate-Token-Rate-Per-User
+adminDescription: ACS-Aggregate-Token-Rate-Per-User
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSAggregateTokenRatePerUser
+schemaIDGUID:: fRJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Allocable-RSVP-Bandwidth,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Allocable-RSVP-Bandwidth
+attributeID: 1.2.840.113556.1.4.766
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Allocable-RSVP-Bandwidth
+adminDescription: ACS-Allocable-RSVP-Bandwidth
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSAllocableRSVPBandwidth
+schemaIDGUID:: gxJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Cache-Timeout,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Cache-Timeout
+attributeID: 1.2.840.113556.1.4.779
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Cache-Timeout
+adminDescription: ACS-Cache-Timeout
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSCacheTimeout
+schemaIDGUID:: oVWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Direction,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Direction
+attributeID: 1.2.840.113556.1.4.757
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Direction
+adminDescription: ACS-Direction
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSDirection
+schemaIDGUID:: ehJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-DSBM-DeadTime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-DSBM-DeadTime
+attributeID: 1.2.840.113556.1.4.778
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-DSBM-DeadTime
+adminDescription: ACS-DSBM-DeadTime
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSDSBMDeadTime
+schemaIDGUID:: oFWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-DSBM-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-DSBM-Priority
+attributeID: 1.2.840.113556.1.4.776
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-DSBM-Priority
+adminDescription: ACS-DSBM-Priority
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSDSBMPriority
+schemaIDGUID:: nlWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-DSBM-Refresh,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-DSBM-Refresh
+attributeID: 1.2.840.113556.1.4.777
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-DSBM-Refresh
+adminDescription: ACS-DSBM-Refresh
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSDSBMRefresh
+schemaIDGUID:: n1WzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Enable-ACS-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Enable-ACS-Service
+attributeID: 1.2.840.113556.1.4.770
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Enable-ACS-Service
+adminDescription: ACS-Enable-ACS-Service
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: aCSEnableACSService
+schemaIDGUID:: hxJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Enable-RSVP-Accounting,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Enable-RSVP-Accounting
+attributeID: 1.2.840.113556.1.4.899
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Enable-RSVP-Accounting
+adminDescription: ACS-Enable-RSVP-Accounting
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: aCSEnableRSVPAccounting
+schemaIDGUID:: DiNy8PWu0RG9zwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Enable-RSVP-Message-Logging,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Enable-RSVP-Message-Logging
+attributeID: 1.2.840.113556.1.4.768
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Enable-RSVP-Message-Logging
+adminDescription: ACS-Enable-RSVP-Message-Logging
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: aCSEnableRSVPMessageLogging
+schemaIDGUID:: hRJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Event-Log-Level,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Event-Log-Level
+attributeID: 1.2.840.113556.1.4.769
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Event-Log-Level
+adminDescription: ACS-Event-Log-Level
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSEventLogLevel
+schemaIDGUID:: hhJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Identity-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Identity-Name
+attributeID: 1.2.840.113556.1.4.784
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Identity-Name
+adminDescription: ACS-Identity-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aCSIdentityName
+schemaIDGUID:: timw2vfd0RGQpQDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Aggregate-Peak-Rate-Per-User,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Aggregate-Peak-Rate-Per-User
+attributeID: 1.2.840.113556.1.4.897
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Aggregate-Peak-Rate-Per-User
+adminDescription: ACS-Max-Aggregate-Peak-Rate-Per-User
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMaxAggregatePeakRatePerUser
+schemaIDGUID:: DCNy8PWu0RG9zwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Duration-Per-Flow,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Duration-Per-Flow
+attributeID: 1.2.840.113556.1.4.761
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Duration-Per-Flow
+adminDescription: ACS-Max-Duration-Per-Flow
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSMaxDurationPerFlow
+schemaIDGUID:: fhJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-No-Of-Account-Files,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-No-Of-Account-Files
+attributeID: 1.2.840.113556.1.4.901
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-No-Of-Account-Files
+adminDescription: ACS-Max-No-Of-Account-Files
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSMaxNoOfAccountFiles
+schemaIDGUID:: ECNy8PWu0RG9zwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-No-Of-Log-Files,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-No-Of-Log-Files
+attributeID: 1.2.840.113556.1.4.774
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-No-Of-Log-Files
+adminDescription: ACS-Max-No-Of-Log-Files
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSMaxNoOfLogFiles
+schemaIDGUID:: nFWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Peak-Bandwidth,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Peak-Bandwidth
+attributeID: 1.2.840.113556.1.4.767
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Peak-Bandwidth
+adminDescription: ACS-Max-Peak-Bandwidth
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMaxPeakBandwidth
+schemaIDGUID:: hBJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Peak-Bandwidth-Per-Flow,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Peak-Bandwidth-Per-Flow
+attributeID: 1.2.840.113556.1.4.759
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Peak-Bandwidth-Per-Flow
+adminDescription: ACS-Max-Peak-Bandwidth-Per-Flow
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMaxPeakBandwidthPerFlow
+schemaIDGUID:: fBJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Size-Of-RSVP-Account-File,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Size-Of-RSVP-Account-File
+attributeID: 1.2.840.113556.1.4.902
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Size-Of-RSVP-Account-File
+adminDescription: ACS-Max-Size-Of-RSVP-Account-File
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSMaxSizeOfRSVPAccountFile
+schemaIDGUID:: ESNy8PWu0RG9zwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Size-Of-RSVP-Log-File,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Size-Of-RSVP-Log-File
+attributeID: 1.2.840.113556.1.4.775
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Size-Of-RSVP-Log-File
+adminDescription: ACS-Max-Size-Of-RSVP-Log-File
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSMaxSizeOfRSVPLogFile
+schemaIDGUID:: nVWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Token-Bucket-Per-Flow,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Token-Bucket-Per-Flow
+attributeID: 1.2.840.113556.1.4.1313
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Token-Bucket-Per-Flow
+adminDescription: ACS-Max-Token-Bucket-Per-Flow
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMaxTokenBucketPerFlow
+schemaIDGUID:: 3+D2gZA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Max-Token-Rate-Per-Flow,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Max-Token-Rate-Per-Flow
+attributeID: 1.2.840.113556.1.4.758
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Max-Token-Rate-Per-Flow
+adminDescription: ACS-Max-Token-Rate-Per-Flow
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMaxTokenRatePerFlow
+schemaIDGUID:: exJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Maximum-SDU-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Maximum-SDU-Size
+attributeID: 1.2.840.113556.1.4.1314
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Maximum-SDU-Size
+adminDescription: ACS-Maximum-SDU-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMaximumSDUSize
+schemaIDGUID:: +diih5A70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Minimum-Delay-Variation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Minimum-Delay-Variation
+attributeID: 1.2.840.113556.1.4.1317
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Minimum-Delay-Variation
+adminDescription: ACS-Minimum-Delay-Variation
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMinimumDelayVariation
+schemaIDGUID:: mzJlnJA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Minimum-Latency,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Minimum-Latency
+attributeID: 1.2.840.113556.1.4.1316
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Minimum-Latency
+adminDescription: ACS-Minimum-Latency
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMinimumLatency
+schemaIDGUID:: +/4XlZA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Minimum-Policed-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Minimum-Policed-Size
+attributeID: 1.2.840.113556.1.4.1315
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Minimum-Policed-Size
+adminDescription: ACS-Minimum-Policed-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSMinimumPolicedSize
+schemaIDGUID:: lXEOjZA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Non-Reserved-Max-SDU-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Non-Reserved-Max-SDU-Size
+attributeID: 1.2.840.113556.1.4.1320
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Non-Reserved-Max-SDU-Size
+adminDescription: ACS-Non-Reserved-Max-SDU-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSNonReservedMaxSDUSize
+schemaIDGUID:: 48/CrpA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Non-Reserved-Min-Policed-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Non-Reserved-Min-Policed-Size
+attributeID: 1.2.840.113556.1.4.1321
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Non-Reserved-Min-Policed-Size
+adminDescription: ACS-Non-Reserved-Min-Policed-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSNonReservedMinPolicedSize
+schemaIDGUID:: FzmHtpA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Non-Reserved-Peak-Rate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Non-Reserved-Peak-Rate
+attributeID: 1.2.840.113556.1.4.1318
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Non-Reserved-Peak-Rate
+adminDescription: ACS-Non-Reserved-Peak-Rate
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSNonReservedPeakRate
+schemaIDGUID:: P6cxo5A70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Non-Reserved-Token-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Non-Reserved-Token-Size
+attributeID: 1.2.840.113556.1.4.1319
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Non-Reserved-Token-Size
+adminDescription: ACS-Non-Reserved-Token-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSNonReservedTokenSize
+schemaIDGUID:: ydcWqZA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Non-Reserved-Tx-Limit,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Non-Reserved-Tx-Limit
+attributeID: 1.2.840.113556.1.4.780
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Non-Reserved-Tx-Limit
+adminDescription: ACS-Non-Reserved-Tx-Limit
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSNonReservedTxLimit
+schemaIDGUID:: olWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Non-Reserved-Tx-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Non-Reserved-Tx-Size
+attributeID: 1.2.840.113556.1.4.898
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Non-Reserved-Tx-Size
+adminDescription: ACS-Non-Reserved-Tx-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSNonReservedTxSize
+schemaIDGUID:: DSNy8PWu0RG9zwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Permission-Bits,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Permission-Bits
+attributeID: 1.2.840.113556.1.4.765
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Permission-Bits
+adminDescription: ACS-Permission-Bits
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: aCSPermissionBits
+schemaIDGUID:: ghJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Policy-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Policy-Name
+attributeID: 1.2.840.113556.1.4.772
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Policy-Name
+adminDescription: ACS-Policy-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aCSPolicyName
+schemaIDGUID:: mlWzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Priority
+attributeID: 1.2.840.113556.1.4.764
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Priority
+adminDescription: ACS-Priority
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSPriority
+schemaIDGUID:: gRJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-RSVP-Account-Files-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-RSVP-Account-Files-Location
+attributeID: 1.2.840.113556.1.4.900
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-RSVP-Account-Files-Location
+adminDescription: ACS-RSVP-Account-Files-Location
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aCSRSVPAccountFilesLocation
+schemaIDGUID:: DyNy8PWu0RG9zwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-RSVP-Log-Files-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-RSVP-Log-Files-Location
+attributeID: 1.2.840.113556.1.4.773
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-RSVP-Log-Files-Location
+adminDescription: ACS-RSVP-Log-Files-Location
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aCSRSVPLogFilesLocation
+schemaIDGUID:: m1WzHNBW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Server-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Server-List
+attributeID: 1.2.840.113556.1.4.1312
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Server-List
+adminDescription: ACS-Server-List
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aCSServerList
+schemaIDGUID:: pVm9fJA70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Service-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Service-Type
+attributeID: 1.2.840.113556.1.4.762
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Service-Type
+adminDescription: ACS-Service-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSServiceType
+schemaIDGUID:: fxJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Time-Of-Day,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Time-Of-Day
+attributeID: 1.2.840.113556.1.4.756
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Time-Of-Day
+adminDescription: ACS-Time-Of-Day
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aCSTimeOfDay
+schemaIDGUID:: eRJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Total-No-Of-Flows,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ACS-Total-No-Of-Flows
+attributeID: 1.2.840.113556.1.4.763
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Total-No-Of-Flows
+adminDescription: ACS-Total-No-Of-Flows
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: aCSTotalNoOfFlows
+schemaIDGUID:: gBJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Additional-Information,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Additional-Information
+attributeID: 1.2.840.113556.1.4.265
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 32768
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Additional-Information
+adminDescription: Additional-Information
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: notes
+schemaIDGUID:: QfsFbWsk0BGpyACqAGwz7Q==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Additional-Trusted-Service-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Additional-Trusted-Service-Names
+attributeID: 1.2.840.113556.1.4.889
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Additional-Trusted-Service-Names
+adminDescription: Additional-Trusted-Service-Names
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: additionalTrustedServiceNames
+schemaIDGUID:: vmAhAySY0RGuwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address
+attributeID: 1.2.840.113556.1.2.256
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+mAPIID: 14889
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address
+adminDescription: Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: streetAddress
+schemaFlagsEx: 1
+schemaIDGUID:: hP/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Book-Roots,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Book-Roots
+attributeID: 1.2.840.113556.1.4.1244
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Book-Roots
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Address-Book-Roots
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: addressBookRoots
+schemaFlagsEx: 1
+schemaIDGUID:: SG4L9/QG0hGqUwDAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Book-Roots2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Book-Roots2
+attributeID: 1.2.840.113556.1.4.2046
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2122
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Book-Roots2
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Used by Exchange. Exchange configures trees of address book containers to show
+  up in the MAPI address book. This attribute on the Exchange Config object lis
+ ts the roots of the address book container trees.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: addressBookRoots2
+schemaFlagsEx: 1
+schemaIDGUID:: dKOMUBGlTk6fT4VvYaa35A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Entry-Display-Table,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Entry-Display-Table
+attributeID: 1.2.840.113556.1.2.324
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 32791
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Entry-Display-Table
+adminDescription: Address-Entry-Display-Table
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: addressEntryDisplayTable
+schemaFlagsEx: 1
+schemaIDGUID:: YSTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Entry-Display-Table-MSDOS,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Entry-Display-Table-MSDOS
+attributeID: 1.2.840.113556.1.2.400
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 32839
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Entry-Display-Table-MSDOS
+adminDescription: Address-Entry-Display-Table-MSDOS
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: addressEntryDisplayTableMSDOS
+schemaFlagsEx: 1
+schemaIDGUID:: YiTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Home,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Home
+attributeID: 1.2.840.113556.1.2.617
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 4096
+mAPIID: 14941
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Home
+adminDescription: Address-Home
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: homePostalAddress
+schemaIDGUID:: gVd3FvNH0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Syntax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Syntax
+attributeID: 1.2.840.113556.1.2.255
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 4096
+mAPIID: 32792
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Syntax
+adminDescription: Address-Syntax
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: addressSyntax
+schemaFlagsEx: 1
+schemaIDGUID:: YyTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Address-Type
+attributeID: 1.2.840.113556.1.2.350
+attributeSyntax: 2.5.5.4
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32
+mAPIID: 32840
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Type
+adminDescription: Address-Type
+oMSyntax: 20
+searchFlags: 0
+lDAPDisplayName: addressType
+schemaFlagsEx: 1
+schemaIDGUID:: ZCTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Admin-Context-Menu,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Admin-Context-Menu
+attributeID: 1.2.840.113556.1.4.614
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Admin-Context-Menu
+adminDescription: Admin-Context-Menu
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: adminContextMenu
+schemaIDGUID:: ONA/VS7z0BGwvADAT9jcpg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Admin-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Admin-Count
+attributeID: 1.2.840.113556.1.4.150
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Admin-Count
+adminDescription: Admin-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: adminCount
+schemaFlagsEx: 1
+schemaIDGUID:: GHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Admin-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Admin-Description
+attributeID: 1.2.840.113556.1.2.226
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 1024
+mAPIID: 32842
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Admin-Description
+adminDescription: Admin-Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: adminDescription
+schemaIDGUID:: GXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Admin-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Admin-Display-Name
+attributeID: 1.2.840.113556.1.2.194
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+mAPIID: 32843
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Admin-Display-Name
+adminDescription: Admin-Display-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: adminDisplayName
+schemaFlagsEx: 1
+schemaIDGUID:: GnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Admin-Multiselect-Property-Pages,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Admin-Multiselect-Property-Pages
+attributeID: 1.2.840.113556.1.4.1690
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Admin-Multiselect-Property-Pages
+adminDescription: Admin-Multiselect-Property-Pages
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: adminMultiselectPropertyPages
+schemaIDGUID:: fbb5GMZaO0uX29CkBq+3ug==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Admin-Property-Pages,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Admin-Property-Pages
+attributeID: 1.2.840.113556.1.4.562
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Admin-Property-Pages
+adminDescription: Admin-Property-Pages
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: adminPropertyPages
+schemaIDGUID:: OIBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Allowed-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Allowed-Attributes
+attributeID: 1.2.840.113556.1.4.913
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Allowed-Attributes
+adminDescription: Allowed-Attributes
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: allowedAttributes
+schemaFlagsEx: 1
+schemaIDGUID:: QNl6mlPK0RG70ACAx2ZwwA==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Allowed-Attributes-Effective,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Allowed-Attributes-Effective
+attributeID: 1.2.840.113556.1.4.914
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Allowed-Attributes-Effective
+adminDescription: Allowed-Attributes-Effective
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: allowedAttributesEffective
+schemaFlagsEx: 1
+schemaIDGUID:: Qdl6mlPK0RG70ACAx2ZwwA==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Allowed-Child-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Allowed-Child-Classes
+attributeID: 1.2.840.113556.1.4.911
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Allowed-Child-Classes
+adminDescription: Allowed-Child-Classes
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: allowedChildClasses
+schemaFlagsEx: 1
+schemaIDGUID:: Qtl6mlPK0RG70ACAx2ZwwA==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Allowed-Child-Classes-Effective,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Allowed-Child-Classes-Effective
+attributeID: 1.2.840.113556.1.4.912
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Allowed-Child-Classes-Effective
+adminDescription: Allowed-Child-Classes-Effective
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: allowedChildClassesEffective
+schemaFlagsEx: 1
+schemaIDGUID:: Q9l6mlPK0RG70ACAx2ZwwA==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Alt-Security-Identities,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Alt-Security-Identities
+attributeID: 1.2.840.113556.1.4.867
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Alt-Security-Identities
+adminDescription: Alt-Security-Identities
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: altSecurityIdentities
+schemaFlagsEx: 1
+schemaIDGUID:: DPP7AP6R0RGuvAAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ANR,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ANR
+attributeID: 1.2.840.113556.1.4.1208
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ANR
+adminDescription: ANR
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: aNR
+schemaFlagsEx: 1
+schemaIDGUID:: ABWwRRnE0RG7yQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=App-Schema-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: App-Schema-Version
+attributeID: 1.2.840.113556.1.4.848
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: App-Schema-Version
+adminDescription: App-Schema-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: appSchemaVersion
+schemaIDGUID:: Zd2nlhiR0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Application-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Application-Name
+attributeID: 1.2.840.113556.1.4.218
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Application-Name
+adminDescription: Application-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: applicationName
+schemaIDGUID:: JiJx3eQQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Applies-To,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Applies-To
+attributeID: 1.2.840.113556.1.4.341
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Applies-To
+adminDescription: Applies-To
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: appliesTo
+schemaIDGUID:: HZOXgtOG0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Asset-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Asset-Number
+attributeID: 1.2.840.113556.1.4.283
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Asset-Number
+adminDescription: Asset-Number
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: assetNumber
+schemaIDGUID:: dV8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Assistant,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Assistant
+attributeID: 1.2.840.113556.1.4.652
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Assistant
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Assistant
+oMSyntax: 127
+searchFlags: 16
+lDAPDisplayName: assistant
+schemaIDGUID:: HMGWAtpA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Assoc-NT-Account,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Assoc-NT-Account
+attributeID: 1.2.840.113556.1.4.1213
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Assoc-NT-Account
+adminDescription: Assoc-NT-Account
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: assocNTAccount
+schemaIDGUID:: wGOPOWDK0RG70QAA+B8QwA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=associatedDomain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: associatedDomain
+attributeID: 0.9.2342.19200300.100.1.37
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: associatedDomain
+adminDescription: 
+ The associatedDomain attribute type specifies a DNS domain which is associated
+  with an object.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: associatedDomain
+schemaIDGUID:: OPwgM3nDF0ylEBvfYTPF2g==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=associatedName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: associatedName
+attributeID: 0.9.2342.19200300.100.1.38
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: associatedName
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ The associatedName attribute type specifies an entry in the organizational DIT
+  associated with a DNS domain.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: associatedName
+schemaIDGUID:: Rfz796uFpEKkNXgOYveFiw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Attribute-Display-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Attribute-Display-Names
+attributeID: 1.2.840.113556.1.4.748
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Attribute-Display-Names
+adminDescription: Attribute-Display-Names
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: attributeDisplayNames
+schemaIDGUID:: gD+Ey9lI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Attribute-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Attribute-ID
+attributeID: 1.2.840.113556.1.2.30
+attributeSyntax: 2.5.5.2
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Attribute-ID
+adminDescription: Attribute-ID
+oMSyntax: 6
+searchFlags: 8
+lDAPDisplayName: attributeID
+schemaFlagsEx: 1
+schemaIDGUID:: InmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Attribute-Security-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Attribute-Security-GUID
+attributeID: 1.2.840.113556.1.4.149
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Attribute-Security-GUID
+adminDescription: Attribute-Security-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: attributeSecurityGUID
+schemaFlagsEx: 1
+schemaIDGUID:: JHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Attribute-Syntax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Attribute-Syntax
+attributeID: 1.2.840.113556.1.2.32
+attributeSyntax: 2.5.5.2
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Attribute-Syntax
+adminDescription: Attribute-Syntax
+oMSyntax: 6
+searchFlags: 8
+lDAPDisplayName: attributeSyntax
+schemaFlagsEx: 1
+schemaIDGUID:: JXmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Attribute-Types,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Attribute-Types
+attributeID: 2.5.21.5
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Attribute-Types
+adminDescription: Attribute-Types
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: attributeTypes
+schemaFlagsEx: 1
+schemaIDGUID:: RNl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=attributeCertificateAttribute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: attributeCertificateAttribute
+attributeID: 2.5.4.58
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: attributeCertificateAttribute
+adminDescription: 
+ A digitally signed or certified identity and set of attributes. Used to bind a
+ uthorization information to an identity. X.509
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: attributeCertificateAttribute
+schemaIDGUID:: u5NG+sJ7uUyBqMmcQ7eQXg==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=audio,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: audio
+attributeID: 0.9.2342.19200300.100.1.55
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 250000
+showInAdvancedViewOnly: FALSE
+adminDisplayName: audio
+adminDescription: 
+ The Audio attribute type allows the storing of sounds in the Directory.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: audio
+schemaIDGUID:: JNLh0KDhzkKi2nk7pSRPNQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Auditing-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Auditing-Policy
+attributeID: 1.2.840.113556.1.4.202
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Auditing-Policy
+adminDescription: Auditing-Policy
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: auditingPolicy
+schemaFlagsEx: 1
+schemaIDGUID:: /qSobVIO0BGihgCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Authentication-Options,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Authentication-Options
+attributeID: 1.2.840.113556.1.4.11
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authentication-Options
+adminDescription: Authentication-Options
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: authenticationOptions
+schemaFlagsEx: 1
+schemaIDGUID:: KHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Authority-Revocation-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Authority-Revocation-List
+attributeID: 2.5.4.38
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 10485760
+mAPIID: 32806
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Authority-Revocation-List
+adminDescription: Authority-Revocation-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: authorityRevocationList
+schemaIDGUID:: jVd3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Auxiliary-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Auxiliary-Class
+attributeID: 1.2.840.113556.1.2.351
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Auxiliary-Class
+adminDescription: Auxiliary-Class
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: auxiliaryClass
+schemaFlagsEx: 1
+schemaIDGUID:: LHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Bad-Password-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Bad-Password-Time
+attributeID: 1.2.840.113556.1.4.49
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Bad-Password-Time
+adminDescription: Bad-Password-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: badPasswordTime
+schemaFlagsEx: 1
+schemaIDGUID:: LXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Bad-Pwd-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Bad-Pwd-Count
+attributeID: 1.2.840.113556.1.4.12
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Bad-Pwd-Count
+adminDescription: Bad-Pwd-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: badPwdCount
+schemaFlagsEx: 1
+schemaIDGUID:: LnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Birth-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Birth-Location
+attributeID: 1.2.840.113556.1.4.332
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 32
+rangeUpper: 32
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Birth-Location
+adminDescription: Birth-Location
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: birthLocation
+schemaIDGUID:: +XUAH0B+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=BootFile,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: BootFile
+attributeID: 1.3.6.1.1.1.1.24
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 10240
+showInAdvancedViewOnly: TRUE
+adminDisplayName: bootFile
+adminDescription: Boot image name
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: bootFile
+schemaIDGUID:: Tsvz4yAP60KXA9L/JuUmZw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=BootParameter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: BootParameter
+attributeID: 1.3.6.1.1.1.1.23
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 10240
+showInAdvancedViewOnly: TRUE
+adminDisplayName: bootParameter
+adminDescription: rpc.bootparamd parameter
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: bootParameter
+schemaIDGUID:: UAcq13yMbkGHFOZfEekIvg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Bridgehead-Server-List-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Bridgehead-Server-List-BL
+attributeID: 1.2.840.113556.1.4.820
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 99
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Bridgehead-Server-List-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Bridgehead-Server-List-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: bridgeheadServerListBL
+schemaFlagsEx: 1
+schemaIDGUID:: 2ywM1VGJ0RGuvAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Bridgehead-Transport-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Bridgehead-Transport-List
+attributeID: 1.2.840.113556.1.4.819
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 98
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Bridgehead-Transport-List
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Bridgehead-Transport-List
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: bridgeheadTransportList
+schemaIDGUID:: 2iwM1VGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=buildingName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: buildingName
+attributeID: 0.9.2342.19200300.100.1.48
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: buildingName
+adminDescription: 
+ The buildingName attribute type specifies the name of the building where an or
+ ganization or organizational unit is based.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: buildingName
+schemaIDGUID:: S6V/+MWy10+IwNrMsh2TxQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Builtin-Creation-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Builtin-Creation-Time
+attributeID: 1.2.840.113556.1.4.13
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Builtin-Creation-Time
+adminDescription: Builtin-Creation-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: builtinCreationTime
+schemaIDGUID:: L3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Builtin-Modified-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Builtin-Modified-Count
+attributeID: 1.2.840.113556.1.4.14
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Builtin-Modified-Count
+adminDescription: Builtin-Modified-Count
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: builtinModifiedCount
+schemaIDGUID:: MHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Business-Category,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Business-Category
+attributeID: 2.5.4.15
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 32855
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Business-Category
+adminDescription: Business-Category
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: businessCategory
+schemaIDGUID:: MXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Bytes-Per-Minute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Bytes-Per-Minute
+attributeID: 1.2.840.113556.1.4.284
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Bytes-Per-Minute
+adminDescription: Bytes-Per-Minute
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: bytesPerMinute
+schemaIDGUID:: dl8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CA-Certificate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CA-Certificate
+attributeID: 2.5.4.37
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 32771
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CA-Certificate
+adminDescription: CA-Certificate
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: cACertificate
+schemaIDGUID:: MnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CA-Certificate-DN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CA-Certificate-DN
+attributeID: 1.2.840.113556.1.4.697
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CA-Certificate-DN
+adminDescription: CA-Certificate-DN
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cACertificateDN
+schemaIDGUID:: QCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CA-Connect,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CA-Connect
+attributeID: 1.2.840.113556.1.4.687
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CA-Connect
+adminDescription: CA-Connect
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cAConnect
+schemaIDGUID:: NSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CA-Usages,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CA-Usages
+attributeID: 1.2.840.113556.1.4.690
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CA-Usages
+adminDescription: CA-Usages
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cAUsages
+schemaIDGUID:: OCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CA-WEB-URL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CA-WEB-URL
+attributeID: 1.2.840.113556.1.4.688
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CA-WEB-URL
+adminDescription: CA-WEB-URL
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cAWEBURL
+schemaIDGUID:: Nic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Can-Upgrade-Script,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Can-Upgrade-Script
+attributeID: 1.2.840.113556.1.4.815
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Can-Upgrade-Script
+adminDescription: Can-Upgrade-Script
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: canUpgradeScript
+schemaIDGUID:: FIPh2TmJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Canonical-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Canonical-Name
+attributeID: 1.2.840.113556.1.4.916
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Canonical-Name
+adminDescription: Canonical-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: canonicalName
+schemaFlagsEx: 1
+schemaIDGUID:: Rdl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=carLicense,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: carLicense
+attributeID: 2.16.840.1.113730.3.1.1
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: carLicense
+adminDescription: Vehicle license or registration plate.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: carLicense
+schemaIDGUID:: kpwV1H2Vh0qKZ40pNOAWSQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Catalogs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Catalogs
+attributeID: 1.2.840.113556.1.4.675
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Catalogs
+adminDescription: Catalogs
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: catalogs
+schemaIDGUID:: gcv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Categories,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Categories
+attributeID: 1.2.840.113556.1.4.672
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Categories
+adminDescription: Categories
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: categories
+schemaIDGUID:: fsv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Category-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Category-Id
+attributeID: 1.2.840.113556.1.4.322
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Category-Id
+adminDescription: Category-Id
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: categoryId
+schemaIDGUID:: lA5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Certificate-Authority-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Certificate-Authority-Object
+attributeID: 1.2.840.113556.1.4.684
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Certificate-Authority-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Certificate-Authority-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: certificateAuthorityObject
+schemaIDGUID:: Mic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Certificate-Revocation-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Certificate-Revocation-List
+attributeID: 2.5.4.39
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 10485760
+mAPIID: 32790
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Certificate-Revocation-List
+adminDescription: Certificate-Revocation-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: certificateRevocationList
+schemaIDGUID:: n1d3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Certificate-Templates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Certificate-Templates
+attributeID: 1.2.840.113556.1.4.823
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Certificate-Templates
+adminDescription: Certificate-Templates
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: certificateTemplates
+schemaIDGUID:: scU5KmCJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Class-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Class-Display-Name
+attributeID: 1.2.840.113556.1.4.610
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Class-Display-Name
+adminDescription: Class-Display-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: classDisplayName
+schemaIDGUID:: IhyOVKbe0BGwEAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Code-Page,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Code-Page
+attributeID: 1.2.840.113556.1.4.16
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Code-Page
+adminDescription: Code-Page
+oMSyntax: 2
+searchFlags: 16
+lDAPDisplayName: codePage
+schemaFlagsEx: 1
+schemaIDGUID:: OHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-ClassID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-ClassID
+attributeID: 1.2.840.113556.1.4.19
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-ClassID
+adminDescription: COM-ClassID
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: cOMClassID
+schemaIDGUID:: O3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-CLSID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-CLSID
+attributeID: 1.2.840.113556.1.4.249
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-CLSID
+adminDescription: COM-CLSID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMCLSID
+schemaIDGUID:: 2RYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-InterfaceID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-InterfaceID
+attributeID: 1.2.840.113556.1.4.20
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-InterfaceID
+adminDescription: COM-InterfaceID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMInterfaceID
+schemaIDGUID:: PHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-Other-Prog-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-Other-Prog-Id
+attributeID: 1.2.840.113556.1.4.253
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-Other-Prog-Id
+adminDescription: COM-Other-Prog-Id
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMOtherProgId
+schemaIDGUID:: 3RYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-ProgID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-ProgID
+attributeID: 1.2.840.113556.1.4.21
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-ProgID
+adminDescription: COM-ProgID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMProgID
+schemaIDGUID:: PXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-Treat-As-Class-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-Treat-As-Class-Id
+attributeID: 1.2.840.113556.1.4.251
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-Treat-As-Class-Id
+adminDescription: COM-Treat-As-Class-Id
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMTreatAsClassId
+schemaIDGUID:: 2xYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-Typelib-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-Typelib-Id
+attributeID: 1.2.840.113556.1.4.254
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-Typelib-Id
+adminDescription: COM-Typelib-Id
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMTypelibId
+schemaIDGUID:: 3hYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=COM-Unique-LIBID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: COM-Unique-LIBID
+attributeID: 1.2.840.113556.1.4.250
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: COM-Unique-LIBID
+adminDescription: COM-Unique-LIBID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: cOMUniqueLIBID
+schemaIDGUID:: 2hYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Comment,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Comment
+attributeID: 1.2.840.113556.1.2.81
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+mAPIID: 12292
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Comment
+adminDescription: Comment
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: info
+schemaIDGUID:: PnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Common-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Common-Name
+attributeID: 2.5.4.3
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14863
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Common-Name
+adminDescription: Common-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: cn
+schemaFlagsEx: 1
+schemaIDGUID:: P3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Company,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Company
+attributeID: 1.2.840.113556.1.2.146
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14870
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Company
+adminDescription: Company
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: company
+schemaIDGUID:: iP/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Content-Indexing-Allowed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Content-Indexing-Allowed
+attributeID: 1.2.840.113556.1.4.24
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Content-Indexing-Allowed
+adminDescription: Content-Indexing-Allowed
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: contentIndexingAllowed
+schemaIDGUID:: Q3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Context-Menu,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Context-Menu
+attributeID: 1.2.840.113556.1.4.499
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Context-Menu
+adminDescription: Context-Menu
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: contextMenu
+schemaIDGUID:: 7gGGTYWs0BGv4wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Control-Access-Rights,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Control-Access-Rights
+attributeID: 1.2.840.113556.1.4.200
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Control-Access-Rights
+adminDescription: Control-Access-Rights
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: controlAccessRights
+schemaIDGUID:: /KSobVIO0BGihgCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Cost,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Cost
+attributeID: 1.2.840.113556.1.2.135
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 32872
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Cost
+adminDescription: Cost
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: cost
+schemaFlagsEx: 1
+schemaIDGUID:: RHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Country-Code,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Country-Code
+attributeID: 1.2.840.113556.1.4.25
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Country-Code
+adminDescription: Country-Code
+oMSyntax: 2
+searchFlags: 16
+lDAPDisplayName: countryCode
+schemaFlagsEx: 1
+schemaIDGUID:: cSTUX2IS0BGgYACqAGwz7Q==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Country-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Country-Name
+attributeID: 2.5.4.6
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 3
+mAPIID: 32873
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Country-Name
+adminDescription: Country-Name
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: c
+schemaFlagsEx: 1
+schemaIDGUID:: RXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Create-Dialog,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Create-Dialog
+attributeID: 1.2.840.113556.1.4.810
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Create-Dialog
+adminDescription: Create-Dialog
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: createDialog
+schemaIDGUID:: ipUJKzGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Create-Time-Stamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Create-Time-Stamp
+attributeID: 2.5.18.1
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Create-Time-Stamp
+adminDescription: Create-Time-Stamp
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: createTimeStamp
+schemaFlagsEx: 1
+schemaIDGUID:: cw35LZ8A0hGqTADAT9fYOg==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Create-Wizard-Ext,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Create-Wizard-Ext
+attributeID: 1.2.840.113556.1.4.812
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Create-Wizard-Ext
+adminDescription: Create-Wizard-Ext
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: createWizardExt
+schemaIDGUID:: i5UJKzGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Creation-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Creation-Time
+attributeID: 1.2.840.113556.1.4.26
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Creation-Time
+adminDescription: Creation-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: creationTime
+schemaFlagsEx: 1
+schemaIDGUID:: RnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Creation-Wizard,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Creation-Wizard
+attributeID: 1.2.840.113556.1.4.498
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Creation-Wizard
+adminDescription: Creation-Wizard
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: creationWizard
+schemaIDGUID:: 7QGGTYWs0BGv4wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Creator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Creator
+attributeID: 1.2.840.113556.1.4.679
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Creator
+adminDescription: Creator
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: creator
+schemaIDGUID:: hcv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CRL-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CRL-Object
+attributeID: 1.2.840.113556.1.4.689
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CRL-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: CRL-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: cRLObject
+schemaIDGUID:: Nyc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CRL-Partitioned-Revocation-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: CRL-Partitioned-Revocation-List
+attributeID: 1.2.840.113556.1.4.683
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 10485760
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CRL-Partitioned-Revocation-List
+adminDescription: CRL-Partitioned-Revocation-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: cRLPartitionedRevocationList
+schemaIDGUID:: MSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Cross-Certificate-Pair,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Cross-Certificate-Pair
+attributeID: 2.5.4.40
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 32768
+mAPIID: 32805
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Cross-Certificate-Pair
+adminDescription: Cross-Certificate-Pair
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: crossCertificatePair
+schemaIDGUID:: sld3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Curr-Machine-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Curr-Machine-Id
+attributeID: 1.2.840.113556.1.4.337
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Curr-Machine-Id
+adminDescription: Curr-Machine-Id
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: currMachineId
+schemaIDGUID:: /nUAH0B+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Current-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Current-Location
+attributeID: 1.2.840.113556.1.4.335
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 32
+rangeUpper: 32
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Current-Location
+adminDescription: Current-Location
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: currentLocation
+schemaIDGUID:: /HUAH0B+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Current-Parent-CA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Current-Parent-CA
+attributeID: 1.2.840.113556.1.4.696
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Current-Parent-CA
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Current-Parent-CA
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: currentParentCA
+schemaIDGUID:: Pyc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Current-Value,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Current-Value
+attributeID: 1.2.840.113556.1.4.27
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Current-Value
+adminDescription: Current-Value
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: currentValue
+schemaFlagsEx: 1
+schemaIDGUID:: R3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DBCS-Pwd,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DBCS-Pwd
+attributeID: 1.2.840.113556.1.4.55
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DBCS-Pwd
+adminDescription: DBCS-Pwd
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dBCSPwd
+schemaFlagsEx: 1
+schemaIDGUID:: nHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Class-Store,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Class-Store
+attributeID: 1.2.840.113556.1.4.213
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Class-Store
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Default-Class-Store
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: defaultClassStore
+schemaIDGUID:: SHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Group
+attributeID: 1.2.840.113556.1.4.480
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Group
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Default-Group
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: defaultGroup
+schemaIDGUID:: 4sQLckql0BGv3wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Hiding-Value,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Hiding-Value
+attributeID: 1.2.840.113556.1.4.518
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Hiding-Value
+adminDescription: Default-Hiding-Value
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: defaultHidingValue
+schemaFlagsEx: 1
+schemaIDGUID:: FjGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Local-Policy-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Local-Policy-Object
+attributeID: 1.2.840.113556.1.4.57
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Local-Policy-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Default-Local-Policy-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: defaultLocalPolicyObject
+schemaIDGUID:: n3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Object-Category,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Object-Category
+attributeID: 1.2.840.113556.1.4.783
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Object-Category
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Default-Object-Category
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: defaultObjectCategory
+schemaFlagsEx: 1
+schemaIDGUID:: Z3PZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Priority
+attributeID: 1.2.840.113556.1.4.232
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Priority
+adminDescription: Default-Priority
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: defaultPriority
+schemaIDGUID:: yBYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Default-Security-Descriptor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Default-Security-Descriptor
+attributeID: 1.2.840.113556.1.4.224
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Default-Security-Descriptor
+adminDescription: Default-Security-Descriptor
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: defaultSecurityDescriptor
+schemaFlagsEx: 1
+schemaIDGUID:: MG16gGkW0BGgZACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Delta-Revocation-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Delta-Revocation-List
+attributeID: 2.5.4.53
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 10485760
+mAPIID: 35910
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Delta-Revocation-List
+adminDescription: Delta-Revocation-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: deltaRevocationList
+schemaIDGUID:: tVd3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Department,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Department
+attributeID: 1.2.840.113556.1.2.141
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14872
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Department
+adminDescription: Department
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: department
+schemaIDGUID:: T3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=departmentNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: departmentNumber
+attributeID: 2.16.840.1.113730.3.1.2
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: departmentNumber
+adminDescription: Identifies a department within an organization.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: departmentNumber
+schemaIDGUID:: 7vaevsfLIk+ye5aWfn7lhQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Description
+attributeID: 2.5.4.13
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 1024
+mAPIID: 32879
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Description
+adminDescription: Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: description
+schemaFlagsEx: 1
+schemaIDGUID:: UHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Desktop-Profile,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Desktop-Profile
+attributeID: 1.2.840.113556.1.4.346
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Desktop-Profile
+adminDescription: Desktop-Profile
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: desktopProfile
+schemaIDGUID:: Blmm7saK0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Destination-Indicator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Destination-Indicator
+attributeID: 2.5.4.27
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 32880
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Destination-Indicator
+adminDescription: Destination-Indicator
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: destinationIndicator
+schemaIDGUID:: UXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Classes
+attributeID: 1.2.840.113556.1.4.715
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Classes
+adminDescription: dhcp-Classes
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dhcpClasses
+schemaIDGUID:: UCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Flags
+attributeID: 1.2.840.113556.1.4.700
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Flags
+adminDescription: dhcp-Flags
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: dhcpFlags
+schemaIDGUID:: QSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Identification,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Identification
+attributeID: 1.2.840.113556.1.4.701
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Identification
+adminDescription: dhcp-Identification
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dhcpIdentification
+schemaIDGUID:: Qic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Mask,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Mask
+attributeID: 1.2.840.113556.1.4.706
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Mask
+adminDescription: dhcp-Mask
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: dhcpMask
+schemaIDGUID:: Ryc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-MaxKey,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-MaxKey
+attributeID: 1.2.840.113556.1.4.719
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-MaxKey
+adminDescription: dhcp-MaxKey
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: dhcpMaxKey
+schemaIDGUID:: VCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Obj-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Obj-Description
+attributeID: 1.2.840.113556.1.4.703
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Obj-Description
+adminDescription: dhcp-Obj-Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dhcpObjDescription
+schemaIDGUID:: RCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Obj-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Obj-Name
+attributeID: 1.2.840.113556.1.4.702
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Obj-Name
+adminDescription: dhcp-Obj-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dhcpObjName
+schemaIDGUID:: Qyc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Options,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Options
+attributeID: 1.2.840.113556.1.4.714
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Options
+adminDescription: dhcp-Options
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dhcpOptions
+schemaIDGUID:: Tyc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Properties,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Properties
+attributeID: 1.2.840.113556.1.4.718
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Properties
+adminDescription: dhcp-Properties
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dhcpProperties
+schemaIDGUID:: Uyc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Ranges,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Ranges
+attributeID: 1.2.840.113556.1.4.707
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Ranges
+adminDescription: dhcp-Ranges
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: dhcpRanges
+schemaIDGUID:: SCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Reservations,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Reservations
+attributeID: 1.2.840.113556.1.4.709
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Reservations
+adminDescription: dhcp-Reservations
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: dhcpReservations
+schemaIDGUID:: Sic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Servers
+attributeID: 1.2.840.113556.1.4.704
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Servers
+adminDescription: dhcp-Servers
+oMSyntax: 19
+searchFlags: 0
+extendedCharsAllowed: TRUE
+lDAPDisplayName: dhcpServers
+schemaIDGUID:: RSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Sites,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Sites
+attributeID: 1.2.840.113556.1.4.708
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Sites
+adminDescription: dhcp-Sites
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: dhcpSites
+schemaIDGUID:: SSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-State,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-State
+attributeID: 1.2.840.113556.1.4.717
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-State
+adminDescription: dhcp-State
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: dhcpState
+schemaIDGUID:: Uic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Subnets,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Subnets
+attributeID: 1.2.840.113556.1.4.705
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Subnets
+adminDescription: dhcp-Subnets
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: dhcpSubnets
+schemaIDGUID:: Ric9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Type
+attributeID: 1.2.840.113556.1.4.699
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Type
+adminDescription: dhcp-Type
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: dhcpType
+schemaIDGUID:: Oyc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Unique-Key,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Unique-Key
+attributeID: 1.2.840.113556.1.4.698
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Unique-Key
+adminDescription: dhcp-Unique-Key
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: dhcpUniqueKey
+schemaIDGUID:: Oic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=dhcp-Update-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: dhcp-Update-Time
+attributeID: 1.2.840.113556.1.4.720
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: dhcp-Update-Time
+adminDescription: dhcp-Update-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: dhcpUpdateTime
+schemaIDGUID:: VSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Display-Name
+attributeID: 1.2.840.113556.1.2.13
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Display-Name
+adminDescription: Display-Name
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: displayName
+schemaFlagsEx: 1
+schemaIDGUID:: U3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Display-Name-Printable,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Display-Name-Printable
+attributeID: 1.2.840.113556.1.2.353
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+mAPIID: 14847
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Display-Name-Printable
+adminDescription: Display-Name-Printable
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: displayNamePrintable
+schemaFlagsEx: 1
+schemaIDGUID:: VHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DIT-Content-Rules,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DIT-Content-Rules
+attributeID: 2.5.21.2
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DIT-Content-Rules
+adminDescription: DIT-Content-Rules
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dITContentRules
+schemaFlagsEx: 1
+schemaIDGUID:: Rtl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Division,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Division
+attributeID: 1.2.840.113556.1.4.261
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Division
+adminDescription: Division
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: division
+schemaIDGUID:: oDZh/nMg0BGpwgCqAGwz7Q==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DMD-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DMD-Location
+attributeID: 1.2.840.113556.1.2.36
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DMD-Location
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: DMD-Location
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: dMDLocation
+schemaFlagsEx: 1
+schemaIDGUID:: i//48JER0BGgYACqAGwz7Q==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DMD-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DMD-Name
+attributeID: 1.2.840.113556.1.2.598
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+mAPIID: 35926
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DMD-Name
+adminDescription: DMD-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dmdName
+schemaIDGUID:: uVd3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DN-Reference-Update,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DN-Reference-Update
+attributeID: 1.2.840.113556.1.4.1242
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DN-Reference-Update
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: DN-Reference-Update
+oMSyntax: 127
+searchFlags: 8
+lDAPDisplayName: dNReferenceUpdate
+schemaFlagsEx: 1
+schemaIDGUID:: hg35LZ8A0hGqTADAT9fYOg==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Allow-Dynamic,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dns-Allow-Dynamic
+attributeID: 1.2.840.113556.1.4.378
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Allow-Dynamic
+adminDescription: Dns-Allow-Dynamic
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: dnsAllowDynamic
+schemaIDGUID:: ZR764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Allow-XFR,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dns-Allow-XFR
+attributeID: 1.2.840.113556.1.4.379
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Allow-XFR
+adminDescription: Dns-Allow-XFR
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: dnsAllowXFR
+schemaIDGUID:: Zh764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DNS-Host-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DNS-Host-Name
+attributeID: 1.2.840.113556.1.4.619
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DNS-Host-Name
+adminDescription: DNS-Host-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dNSHostName
+schemaFlagsEx: 1
+schemaIDGUID:: R5Xjchh70RGt7wDAT9jVzQ==
+attributeSecurityGUID:: R5Xjchh70RGt7wDAT9jVzQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Notify-Secondaries,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dns-Notify-Secondaries
+attributeID: 1.2.840.113556.1.4.381
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Notify-Secondaries
+adminDescription: Dns-Notify-Secondaries
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: dnsNotifySecondaries
+schemaIDGUID:: aB764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DNS-Property,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DNS-Property
+attributeID: 1.2.840.113556.1.4.1306
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DNS-Property
+adminDescription: DNS-Property
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dNSProperty
+schemaIDGUID:: /hVaZ3A70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Record,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dns-Record
+attributeID: 1.2.840.113556.1.4.382
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Record
+adminDescription: Dns-Record
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dnsRecord
+schemaIDGUID:: aR764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Root,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dns-Root
+attributeID: 1.2.840.113556.1.4.28
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Root
+adminDescription: Dns-Root
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: dnsRoot
+schemaFlagsEx: 1
+schemaIDGUID:: WXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Secure-Secondaries,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dns-Secure-Secondaries
+attributeID: 1.2.840.113556.1.4.380
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Secure-Secondaries
+adminDescription: Dns-Secure-Secondaries
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: dnsSecureSecondaries
+schemaIDGUID:: Zx764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DNS-Tombstoned,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DNS-Tombstoned
+attributeID: 1.2.840.113556.1.4.1414
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DNS-Tombstoned
+adminDescription: DNS-Tombstoned
+oMSyntax: 1
+searchFlags: 1
+lDAPDisplayName: dNSTombstoned
+schemaIDGUID:: ty7r1U6+O0aiFGNKRNc5Lg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentAuthor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: documentAuthor
+attributeID: 0.9.2342.19200300.100.1.14
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentAuthor
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ The documentAuthor attribute type specifies the distinguished name of the auth
+ or of a document.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: documentAuthor
+schemaIDGUID:: GY6K8V+veESwlm81wn64Pw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentIdentifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: documentIdentifier
+attributeID: 0.9.2342.19200300.100.1.11
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentIdentifier
+adminDescription: 
+ The documentIdentifier attribute type specifies a unique identifier for a docu
+ ment.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: documentIdentifier
+schemaIDGUID:: gs4hC2P/2UaQ+8i58k6XuQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentLocation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: documentLocation
+attributeID: 0.9.2342.19200300.100.1.15
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentLocation
+adminDescription: 
+ The documentLocation attribute type specifies the location of the document ori
+ ginal.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: documentLocation
+schemaIDGUID:: TrFYuW2sxE6Ikr5wtp9ygQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentPublisher,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: documentPublisher
+attributeID: 0.9.2342.19200300.100.1.56
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentPublisher
+adminDescription: 
+ The documentPublisher attribute is the person and/or organization that publish
+ ed a document.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: documentPublisher
+schemaIDGUID:: 1wkPF2nrikSaMPGv7P0y1w==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentTitle,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: documentTitle
+attributeID: 0.9.2342.19200300.100.1.12
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentTitle
+adminDescription: 
+ The documentTitle attribute type specifies the title of a document.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: documentTitle
+schemaIDGUID:: nFom3iz/uUeR3G5v4sQwYg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentVersion,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: documentVersion
+attributeID: 0.9.2342.19200300.100.1.13
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentVersion
+adminDescription: 
+ The documentVersion attribute type specifies the version number of a document.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: documentVersion
+schemaIDGUID:: qaizlBPW7EyarV+8wQRrQw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Certificate-Authorities,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Certificate-Authorities
+attributeID: 1.2.840.113556.1.4.668
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Certificate-Authorities
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Domain-Certificate-Authorities
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: domainCAs
+schemaIDGUID:: esv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Component,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Component
+attributeID: 0.9.2342.19200300.100.1.25
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Component
+adminDescription: Domain-Component
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dc
+schemaFlagsEx: 1
+schemaIDGUID:: VVoZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Cross-Ref,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Cross-Ref
+attributeID: 1.2.840.113556.1.4.472
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Cross-Ref
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Domain-Cross-Ref
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: domainCrossRef
+schemaFlagsEx: 1
+schemaIDGUID:: e+oAsIag0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-ID
+attributeID: 1.2.840.113556.1.4.686
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-ID
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Domain-ID
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: domainID
+schemaIDGUID:: NCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Identifier
+attributeID: 1.2.840.113556.1.4.755
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Identifier
+adminDescription: Domain-Identifier
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: domainIdentifier
+schemaIDGUID:: eBJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Policy-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Policy-Object
+attributeID: 1.2.840.113556.1.4.32
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Policy-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Domain-Policy-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: domainPolicyObject
+schemaIDGUID:: XXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Policy-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Policy-Reference
+attributeID: 1.2.840.113556.1.4.422
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Policy-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Domain-Policy-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: domainPolicyReference
+schemaIDGUID:: Kn6mgCKf0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: /omboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Replica,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Replica
+attributeID: 1.2.840.113556.1.4.158
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Replica
+adminDescription: Domain-Replica
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: domainReplica
+schemaFlagsEx: 1
+schemaIDGUID:: XnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Wide-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Domain-Wide-Policy
+attributeID: 1.2.840.113556.1.4.421
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Wide-Policy
+adminDescription: Domain-Wide-Policy
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: domainWidePolicy
+schemaIDGUID:: KX6mgCKf0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: /YmboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=drink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: drink
+attributeID: 0.9.2342.19200300.100.1.5
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: drink
+adminDescription: 
+ The drink (Favourite Drink) attribute type specifies the favorite drink of an 
+ object (or person).
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: drink
+schemaIDGUID:: taUaGi4m9k2vBCz2sNgASA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Driver-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Driver-Name
+attributeID: 1.2.840.113556.1.4.229
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Driver-Name
+adminDescription: Driver-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: driverName
+schemaIDGUID:: xRYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Driver-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Driver-Version
+attributeID: 1.2.840.113556.1.4.276
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Driver-Version
+adminDescription: Driver-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: driverVersion
+schemaIDGUID:: bl8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DS-Core-Propagation-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DS-Core-Propagation-Data
+attributeID: 1.2.840.113556.1.4.1357
+attributeSyntax: 2.5.5.11
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DS-Core-Propagation-Data
+adminDescription: DS-Core-Propagation-Data
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: dSCorePropagationData
+schemaFlagsEx: 1
+schemaIDGUID:: S6pn0QiL0hGZOQAA+HpX1A==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DS-Heuristics,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DS-Heuristics
+attributeID: 1.2.840.113556.1.2.212
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DS-Heuristics
+adminDescription: DS-Heuristics
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dSHeuristics
+schemaFlagsEx: 1
+schemaIDGUID:: hv/48JER0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DS-UI-Admin-Maximum,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DS-UI-Admin-Maximum
+attributeID: 1.2.840.113556.1.4.1344
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DS-UI-Admin-Maximum
+adminDescription: DS-UI-Admin-Maximum
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: dSUIAdminMaximum
+schemaIDGUID:: 4AqN7pFv0hGZBQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DS-UI-Admin-Notification,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DS-UI-Admin-Notification
+attributeID: 1.2.840.113556.1.4.1343
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DS-UI-Admin-Notification
+adminDescription: DS-UI-Admin-Notification
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: dSUIAdminNotification
+schemaIDGUID:: lArq9pFv0hGZBQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DS-UI-Shell-Maximum,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DS-UI-Shell-Maximum
+attributeID: 1.2.840.113556.1.4.1345
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DS-UI-Shell-Maximum
+adminDescription: DS-UI-Shell-Maximum
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: dSUIShellMaximum
+schemaIDGUID:: anbK/JFv0hGZBQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DSA-Signature,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: DSA-Signature
+attributeID: 1.2.840.113556.1.2.74
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+mAPIID: 32887
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DSA-Signature
+adminDescription: DSA-Signature
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: dSASignature
+schemaFlagsEx: 1
+schemaIDGUID:: vFd3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dynamic-LDAP-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Dynamic-LDAP-Server
+attributeID: 1.2.840.113556.1.4.537
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dynamic-LDAP-Server
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Dynamic-LDAP-Server
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: dynamicLDAPServer
+schemaIDGUID:: IYBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=E-mail-Addresses,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: E-mail-Addresses
+attributeID: 0.9.2342.19200300.100.1.3
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 256
+mAPIID: 14846
+showInAdvancedViewOnly: TRUE
+adminDisplayName: E-mail-Addresses
+adminDescription: E-mail-Addresses
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: mail
+schemaIDGUID:: YXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=EFSPolicy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: EFSPolicy
+attributeID: 1.2.840.113556.1.4.268
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: EFSPolicy
+adminDescription: EFSPolicy
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: eFSPolicy
+schemaFlagsEx: 1
+schemaIDGUID:: 7LJOjhJH0BGhoADAT9kwyQ==
+attributeSecurityGUID:: /YmboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Employee-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Employee-ID
+attributeID: 1.2.840.113556.1.4.35
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Employee-ID
+adminDescription: Employee-ID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: employeeID
+schemaIDGUID:: YnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Employee-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Employee-Number
+attributeID: 1.2.840.113556.1.2.610
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 512
+mAPIID: 35943
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Employee-Number
+adminDescription: Employee-Number
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: employeeNumber
+schemaIDGUID:: 73PfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Employee-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Employee-Type
+attributeID: 1.2.840.113556.1.2.613
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+mAPIID: 35945
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Employee-Type
+adminDescription: Employee-Type
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: employeeType
+schemaIDGUID:: 8HPfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Enabled
+attributeID: 1.2.840.113556.1.2.557
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+mAPIID: 35873
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Enabled
+adminDescription: Enabled
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: Enabled
+schemaFlagsEx: 1
+schemaIDGUID:: 8nPfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Enabled-Connection,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Enabled-Connection
+attributeID: 1.2.840.113556.1.4.36
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Enabled-Connection
+adminDescription: Enabled-Connection
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: enabledConnection
+schemaFlagsEx: 1
+schemaIDGUID:: Y3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Enrollment-Providers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Enrollment-Providers
+attributeID: 1.2.840.113556.1.4.825
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Enrollment-Providers
+adminDescription: Enrollment-Providers
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: enrollmentProviders
+schemaIDGUID:: s8U5KmCJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Entry-TTL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Entry-TTL
+description: 
+ This operational attribute is present in every dynamic entry and is maintained
+  by the server. The value of this attribute is the time-in-seconds that the en
+ try will continue to exist before disappearing from the directory. In the abse
+ nce of intervening "refresh" operations, the values returned by reading the at
+ tribute in two successive searches are guaranteed to be non-increasing. The sm
+ allest permissible value is 0, indicating that the entry may disappear without
+  warning.
+attributeID: 1.3.6.1.4.1.1466.101.119.3
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 31557600
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Entry-TTL
+adminDescription: Entry-TTL
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: entryTTL
+schemaIDGUID:: zN4T0hrYhEOqwtz8/WMc+A==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Extended-Attribute-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Extended-Attribute-Info
+attributeID: 1.2.840.113556.1.4.909
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Extended-Attribute-Info
+adminDescription: Extended-Attribute-Info
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: extendedAttributeInfo
+schemaFlagsEx: 1
+schemaIDGUID:: R9l6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Extended-Chars-Allowed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Extended-Chars-Allowed
+attributeID: 1.2.840.113556.1.2.380
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+mAPIID: 32935
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Extended-Chars-Allowed
+adminDescription: Extended-Chars-Allowed
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: extendedCharsAllowed
+schemaFlagsEx: 1
+schemaIDGUID:: ZnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Extended-Class-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Extended-Class-Info
+attributeID: 1.2.840.113556.1.4.908
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Extended-Class-Info
+adminDescription: Extended-Class-Info
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: extendedClassInfo
+schemaFlagsEx: 1
+schemaIDGUID:: SNl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Extension-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Extension-Name
+attributeID: 1.2.840.113556.1.2.227
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 255
+mAPIID: 32937
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Extension-Name
+adminDescription: Extension-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: extensionName
+schemaIDGUID:: cnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Extra-Columns,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Extra-Columns
+attributeID: 1.2.840.113556.1.4.1687
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Extra-Columns
+adminDescription: Extra-Columns
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: extraColumns
+schemaIDGUID:: RihO0tkdz0uZ16YifMhtpw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Facsimile-Telephone-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Facsimile-Telephone-Number
+attributeID: 2.5.4.23
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14883
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Facsimile-Telephone-Number
+adminDescription: Facsimile-Telephone-Number
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: facsimileTelephoneNumber
+schemaIDGUID:: dHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=File-Ext-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: File-Ext-Priority
+attributeID: 1.2.840.113556.1.4.816
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: File-Ext-Priority
+adminDescription: File-Ext-Priority
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: fileExtPriority
+schemaIDGUID:: FYPh2TmJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Flags
+attributeID: 1.2.840.113556.1.4.38
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Flags
+adminDescription: Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: flags
+schemaIDGUID:: dnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Flat-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Flat-Name
+attributeID: 1.2.840.113556.1.4.511
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Flat-Name
+adminDescription: Flat-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: flatName
+schemaFlagsEx: 1
+schemaIDGUID:: FzGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Force-Logoff,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Force-Logoff
+attributeID: 1.2.840.113556.1.4.39
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Force-Logoff
+adminDescription: Force-Logoff
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: forceLogoff
+schemaFlagsEx: 1
+schemaIDGUID:: d3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Foreign-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Foreign-Identifier
+attributeID: 1.2.840.113556.1.4.356
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Foreign-Identifier
+adminDescription: Foreign-Identifier
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: foreignIdentifier
+schemaIDGUID:: HomXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Friendly-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Friendly-Names
+attributeID: 1.2.840.113556.1.4.682
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Friendly-Names
+adminDescription: Friendly-Names
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: friendlyNames
+schemaIDGUID:: iMv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=From-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: From-Entry
+attributeID: 1.2.840.113556.1.4.910
+attributeSyntax: 2.5.5.8
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: From-Entry
+adminDescription: From-Entry
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: fromEntry
+schemaFlagsEx: 1
+schemaIDGUID:: Sdl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=From-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: From-Server
+attributeID: 1.2.840.113556.1.4.40
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: From-Server
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: From-Server
+oMSyntax: 127
+searchFlags: 1
+lDAPDisplayName: fromServer
+schemaFlagsEx: 1
+schemaIDGUID:: eXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Frs-Computer-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Frs-Computer-Reference
+attributeID: 1.2.840.113556.1.4.869
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 102
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Frs-Computer-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Frs-Computer-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: frsComputerReference
+schemaIDGUID:: eCUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Frs-Computer-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Frs-Computer-Reference-BL
+attributeID: 1.2.840.113556.1.4.870
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 103
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Frs-Computer-Reference-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Frs-Computer-Reference-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: frsComputerReferenceBL
+schemaIDGUID:: eSUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Control-Data-Creation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Control-Data-Creation
+attributeID: 1.2.840.113556.1.4.871
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Control-Data-Creation
+adminDescription: FRS-Control-Data-Creation
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSControlDataCreation
+schemaIDGUID:: eiUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Control-Inbound-Backlog,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Control-Inbound-Backlog
+attributeID: 1.2.840.113556.1.4.872
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Control-Inbound-Backlog
+adminDescription: FRS-Control-Inbound-Backlog
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSControlInboundBacklog
+schemaIDGUID:: eyUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Control-Outbound-Backlog,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Control-Outbound-Backlog
+attributeID: 1.2.840.113556.1.4.873
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Control-Outbound-Backlog
+adminDescription: FRS-Control-Outbound-Backlog
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSControlOutboundBacklog
+schemaIDGUID:: fCUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Directory-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Directory-Filter
+attributeID: 1.2.840.113556.1.4.484
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Directory-Filter
+adminDescription: FRS-Directory-Filter
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSDirectoryFilter
+schemaIDGUID:: cfHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-DS-Poll,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-DS-Poll
+attributeID: 1.2.840.113556.1.4.490
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-DS-Poll
+adminDescription: FRS-DS-Poll
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: fRSDSPoll
+schemaIDGUID:: d/HoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Extensions,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Extensions
+attributeID: 1.2.840.113556.1.4.536
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Extensions
+adminDescription: FRS-Extensions
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: fRSExtensions
+schemaIDGUID:: IIBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Fault-Condition,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Fault-Condition
+attributeID: 1.2.840.113556.1.4.491
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Fault-Condition
+adminDescription: FRS-Fault-Condition
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSFaultCondition
+schemaIDGUID:: ePHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-File-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-File-Filter
+attributeID: 1.2.840.113556.1.4.483
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-File-Filter
+adminDescription: FRS-File-Filter
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSFileFilter
+schemaIDGUID:: cPHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Flags
+attributeID: 1.2.840.113556.1.4.874
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Flags
+adminDescription: FRS-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: fRSFlags
+schemaIDGUID:: fSUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Level-Limit,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Level-Limit
+attributeID: 1.2.840.113556.1.4.534
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Level-Limit
+adminDescription: FRS-Level-Limit
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: fRSLevelLimit
+schemaIDGUID:: HoBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Member-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Member-Reference
+attributeID: 1.2.840.113556.1.4.875
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 104
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Member-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: FRS-Member-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: fRSMemberReference
+schemaIDGUID:: fiUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Member-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Member-Reference-BL
+attributeID: 1.2.840.113556.1.4.876
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 105
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Member-Reference-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: FRS-Member-Reference-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: fRSMemberReferenceBL
+schemaIDGUID:: fyUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Partner-Auth-Level,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Partner-Auth-Level
+attributeID: 1.2.840.113556.1.4.877
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Partner-Auth-Level
+adminDescription: FRS-Partner-Auth-Level
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: fRSPartnerAuthLevel
+schemaIDGUID:: gCUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Primary-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Primary-Member
+attributeID: 1.2.840.113556.1.4.878
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 106
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Primary-Member
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: FRS-Primary-Member
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: fRSPrimaryMember
+schemaIDGUID:: gSUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Replica-Set-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Replica-Set-GUID
+attributeID: 1.2.840.113556.1.4.533
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Replica-Set-GUID
+adminDescription: FRS-Replica-Set-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: fRSReplicaSetGUID
+schemaIDGUID:: GoBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Replica-Set-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Replica-Set-Type
+attributeID: 1.2.840.113556.1.4.31
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Replica-Set-Type
+adminDescription: FRS-Replica-Set-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: fRSReplicaSetType
+schemaIDGUID:: a3PZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Root-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Root-Path
+attributeID: 1.2.840.113556.1.4.487
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Root-Path
+adminDescription: FRS-Root-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSRootPath
+schemaIDGUID:: dPHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Root-Security,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Root-Security
+attributeID: 1.2.840.113556.1.4.535
+attributeSyntax: 2.5.5.15
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Root-Security
+adminDescription: FRS-Root-Security
+oMSyntax: 66
+searchFlags: 0
+lDAPDisplayName: fRSRootSecurity
+schemaIDGUID:: H4BFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Service-Command,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Service-Command
+attributeID: 1.2.840.113556.1.4.500
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Service-Command
+adminDescription: FRS-Service-Command
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSServiceCommand
+schemaIDGUID:: 7gys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Service-Command-Status,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Service-Command-Status
+attributeID: 1.2.840.113556.1.4.879
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Service-Command-Status
+adminDescription: FRS-Service-Command-Status
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSServiceCommandStatus
+schemaIDGUID:: giUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Staging-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Staging-Path
+attributeID: 1.2.840.113556.1.4.488
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Staging-Path
+adminDescription: FRS-Staging-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSStagingPath
+schemaIDGUID:: dfHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Time-Last-Command,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Time-Last-Command
+attributeID: 1.2.840.113556.1.4.880
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Time-Last-Command
+adminDescription: FRS-Time-Last-Command
+oMSyntax: 23
+searchFlags: 0
+lDAPDisplayName: fRSTimeLastCommand
+schemaIDGUID:: gyUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Time-Last-Config-Change,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Time-Last-Config-Change
+attributeID: 1.2.840.113556.1.4.881
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Time-Last-Config-Change
+adminDescription: FRS-Time-Last-Config-Change
+oMSyntax: 23
+searchFlags: 0
+lDAPDisplayName: fRSTimeLastConfigChange
+schemaIDGUID:: hCUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Update-Timeout,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Update-Timeout
+attributeID: 1.2.840.113556.1.4.485
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Update-Timeout
+adminDescription: FRS-Update-Timeout
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: fRSUpdateTimeout
+schemaIDGUID:: cvHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Version
+attributeID: 1.2.840.113556.1.4.882
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Version
+adminDescription: FRS-Version
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSVersion
+schemaIDGUID:: hSUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Version-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Version-GUID
+attributeID: 1.2.840.113556.1.4.43
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Version-GUID
+adminDescription: FRS-Version-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: fRSVersionGUID
+schemaIDGUID:: bHPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FRS-Working-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FRS-Working-Path
+attributeID: 1.2.840.113556.1.4.486
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FRS-Working-Path
+adminDescription: FRS-Working-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: fRSWorkingPath
+schemaIDGUID:: c/HoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FSMO-Role-Owner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: FSMO-Role-Owner
+attributeID: 1.2.840.113556.1.4.369
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FSMO-Role-Owner
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: FSMO-Role-Owner
+oMSyntax: 127
+searchFlags: 1
+lDAPDisplayName: fSMORoleOwner
+schemaFlagsEx: 1
+schemaIDGUID:: hxgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Garbage-Coll-Period,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Garbage-Coll-Period
+attributeID: 1.2.840.113556.1.2.301
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 32943
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Garbage-Coll-Period
+adminDescription: Garbage-Coll-Period
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: garbageCollPeriod
+schemaFlagsEx: 1
+schemaIDGUID:: oSTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Gecos,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Gecos
+attributeID: 1.3.6.1.1.1.1.2
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 10240
+showInAdvancedViewOnly: TRUE
+adminDisplayName: gecos
+adminDescription: The GECOS field; the common name (RFC 2307)
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: gecos
+schemaIDGUID:: Hz/go1UdU0KgrzDCp4Tkbg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Generated-Connection,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Generated-Connection
+attributeID: 1.2.840.113556.1.4.41
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Generated-Connection
+adminDescription: Generated-Connection
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: generatedConnection
+schemaIDGUID:: enmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Generation-Qualifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Generation-Qualifier
+attributeID: 2.5.4.44
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35923
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Generation-Qualifier
+adminDescription: Generation-Qualifier
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: generationQualifier
+schemaIDGUID:: BFh3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GidNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GidNumber
+attributeID: 1.3.6.1.1.1.1.1
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: gidNumber
+adminDescription: 
+ An integer uniquely identifying a group in an administrative domain (RFC 2307)
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: gidNumber
+schemaIDGUID:: DF+5xZ7sxEGEnLRll+1mlg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Given-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Given-Name
+attributeID: 2.5.4.42
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14854
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Given-Name
+adminDescription: Given-Name
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: givenName
+schemaFlagsEx: 1
+schemaIDGUID:: jv/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Global-Address-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Global-Address-List
+attributeID: 1.2.840.113556.1.4.1245
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Global-Address-List
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Global-Address-List
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: globalAddressList
+schemaFlagsEx: 1
+schemaIDGUID:: SMdU9/QG0hGqUwDAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Global-Address-List2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Global-Address-List2
+attributeID: 1.2.840.113556.1.4.2047
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2124
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Global-Address-List2
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute is used on a Microsoft Exchange container to store the distingu
+ ished name of a newly created global address list (GAL). This attribute must h
+ ave an entry before you can enable Messaging Application Programming Interface
+  (MAPI) clients to use a GAL.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: globalAddressList2
+schemaFlagsEx: 1
+schemaIDGUID:: PfaYSBJBfEeIJjygC9gnfQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Governs-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Governs-ID
+attributeID: 1.2.840.113556.1.2.22
+attributeSyntax: 2.5.5.2
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Governs-ID
+adminDescription: Governs-ID
+oMSyntax: 6
+searchFlags: 8
+lDAPDisplayName: governsID
+schemaFlagsEx: 1
+schemaIDGUID:: fXmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GP-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GP-Link
+attributeID: 1.2.840.113556.1.4.891
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GP-Link
+adminDescription: GP-Link
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: gPLink
+schemaIDGUID:: vjsO8/Cf0RG2AwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GP-Options,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GP-Options
+attributeID: 1.2.840.113556.1.4.892
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GP-Options
+adminDescription: GP-Options
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: gPOptions
+schemaIDGUID:: vzsO8/Cf0RG2AwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GPC-File-Sys-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GPC-File-Sys-Path
+attributeID: 1.2.840.113556.1.4.894
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GPC-File-Sys-Path
+adminDescription: GPC-File-Sys-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: gPCFileSysPath
+schemaIDGUID:: wTsO8/Cf0RG2AwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GPC-Functionality-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GPC-Functionality-Version
+attributeID: 1.2.840.113556.1.4.893
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GPC-Functionality-Version
+adminDescription: GPC-Functionality-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: gPCFunctionalityVersion
+schemaIDGUID:: wDsO8/Cf0RG2AwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GPC-Machine-Extension-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GPC-Machine-Extension-Names
+attributeID: 1.2.840.113556.1.4.1348
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GPC-Machine-Extension-Names
+adminDescription: GPC-Machine-Extension-Names
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: gPCMachineExtensionNames
+schemaIDGUID:: zI7/Mj940hGZFgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GPC-User-Extension-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GPC-User-Extension-Names
+attributeID: 1.2.840.113556.1.4.1349
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GPC-User-Extension-Names
+adminDescription: GPC-User-Extension-Names
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: gPCUserExtensionNames
+schemaIDGUID:: xl+nQj940hGZFgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=GPC-WQL-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: GPC-WQL-Filter
+attributeID: 1.2.840.113556.1.4.1694
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: GPC-WQL-Filter
+adminDescription: GPC-WQL-Filter
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: gPCWQLFilter
+schemaIDGUID:: psfUe90aNkSMBDmZqIAVTA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Group-Attributes
+attributeID: 1.2.840.113556.1.4.152
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group-Attributes
+adminDescription: Group-Attributes
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: groupAttributes
+schemaIDGUID:: fnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group-Membership-SAM,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Group-Membership-SAM
+attributeID: 1.2.840.113556.1.4.166
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group-Membership-SAM
+adminDescription: Group-Membership-SAM
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: groupMembershipSAM
+schemaIDGUID:: gHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Group-Priority
+attributeID: 1.2.840.113556.1.4.345
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group-Priority
+adminDescription: Group-Priority
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: groupPriority
+schemaIDGUID:: BVmm7saK0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Group-Type
+attributeID: 1.2.840.113556.1.4.750
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group-Type
+adminDescription: Group-Type
+oMSyntax: 2
+searchFlags: 9
+lDAPDisplayName: groupType
+schemaFlagsEx: 1
+schemaIDGUID:: HgKamltK0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Groups-to-Ignore,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Groups-to-Ignore
+attributeID: 1.2.840.113556.1.4.344
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Groups-to-Ignore
+adminDescription: Groups-to-Ignore
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: groupsToIgnore
+schemaIDGUID:: BFmm7saK0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Has-Master-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Has-Master-NCs
+attributeID: 1.2.840.113556.1.2.14
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 32950
+linkID: 76
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Has-Master-NCs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Has-Master-NCs
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: hasMasterNCs
+schemaFlagsEx: 1
+schemaIDGUID:: gnmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Has-Partial-Replica-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Has-Partial-Replica-NCs
+attributeID: 1.2.840.113556.1.2.15
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 32949
+linkID: 74
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Has-Partial-Replica-NCs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Has-Partial-Replica-NCs
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: hasPartialReplicaNCs
+schemaFlagsEx: 1
+schemaIDGUID:: gXmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Help-Data16,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Help-Data16
+attributeID: 1.2.840.113556.1.2.402
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 32826
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Help-Data16
+adminDescription: Help-Data16
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: helpData16
+schemaFlagsEx: 1
+schemaIDGUID:: pyTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Help-Data32,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Help-Data32
+attributeID: 1.2.840.113556.1.2.9
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 32784
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Help-Data32
+adminDescription: Help-Data32
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: helpData32
+schemaFlagsEx: 1
+schemaIDGUID:: qCTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Help-File-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Help-File-Name
+attributeID: 1.2.840.113556.1.2.327
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 13
+mAPIID: 32827
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Help-File-Name
+adminDescription: Help-File-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: helpFileName
+schemaFlagsEx: 1
+schemaIDGUID:: qSTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Hide-From-AB,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Hide-From-AB
+attributeID: 1.2.840.113556.1.4.1780
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Hide-From-AB
+adminDescription: Hide-From-AB
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: hideFromAB
+schemaIDGUID:: ULcF7Hep/k6OjbpsGm4zqA==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Home-Directory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Home-Directory
+attributeID: 1.2.840.113556.1.4.44
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Home-Directory
+adminDescription: Home-Directory
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: homeDirectory
+schemaFlagsEx: 1
+schemaIDGUID:: hXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Home-Drive,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Home-Drive
+attributeID: 1.2.840.113556.1.4.45
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Home-Drive
+adminDescription: Home-Drive
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: homeDrive
+schemaFlagsEx: 1
+schemaIDGUID:: hnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=host,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: host
+attributeID: 0.9.2342.19200300.100.1.9
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: host
+adminDescription: The host attribute type specifies a host computer.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: host
+schemaIDGUID:: cd9DYEj6z0arfMvVRkSyLQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=houseIdentifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: houseIdentifier
+attributeID: 2.5.4.51
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 32768
+showInAdvancedViewOnly: TRUE
+adminDisplayName: houseIdentifier
+adminDescription: 
+ The houseIdentifier attribute type specifies a linguistic construct used to id
+ entify a particular building, for example a house number or house name relativ
+ e to a street, avenue, town or city, etc.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: houseIdentifier
+schemaIDGUID:: t5hTpErEtk6C0xPBCUbb/g==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Icon-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Icon-Path
+attributeID: 1.2.840.113556.1.4.219
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Icon-Path
+adminDescription: Icon-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: iconPath
+schemaIDGUID:: g//48JER0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Implemented-Categories,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Implemented-Categories
+attributeID: 1.2.840.113556.1.4.320
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Implemented-Categories
+adminDescription: Implemented-Categories
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: implementedCategories
+schemaIDGUID:: kg5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IndexedScopes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IndexedScopes
+attributeID: 1.2.840.113556.1.4.681
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: IndexedScopes
+adminDescription: IndexedScopes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: indexedScopes
+schemaIDGUID:: h8v9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Initial-Auth-Incoming,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Initial-Auth-Incoming
+attributeID: 1.2.840.113556.1.4.539
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Initial-Auth-Incoming
+adminDescription: Initial-Auth-Incoming
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: initialAuthIncoming
+schemaFlagsEx: 1
+schemaIDGUID:: I4BFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Initial-Auth-Outgoing,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Initial-Auth-Outgoing
+attributeID: 1.2.840.113556.1.4.540
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Initial-Auth-Outgoing
+adminDescription: Initial-Auth-Outgoing
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: initialAuthOutgoing
+schemaFlagsEx: 1
+schemaIDGUID:: JIBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Initials,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Initials
+attributeID: 2.5.4.43
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 6
+mAPIID: 14858
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Initials
+adminDescription: Initials
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: initials
+schemaIDGUID:: kP/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Install-Ui-Level,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Install-Ui-Level
+attributeID: 1.2.840.113556.1.4.847
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Install-Ui-Level
+adminDescription: Install-Ui-Level
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: installUiLevel
+schemaIDGUID:: ZN2nlhiR0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Instance-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Instance-Type
+attributeID: 1.2.840.113556.1.2.1
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 32957
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Instance-Type
+adminDescription: Instance-Type
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: instanceType
+schemaFlagsEx: 1
+schemaIDGUID:: jHmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Inter-Site-Topology-Failover,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Inter-Site-Topology-Failover
+attributeID: 1.2.840.113556.1.4.1248
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Inter-Site-Topology-Failover
+adminDescription: Inter-Site-Topology-Failover
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: interSiteTopologyFailover
+schemaFlagsEx: 1
+schemaIDGUID:: YJ7Gt8cs0hGFTgCgyYP2CA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Inter-Site-Topology-Generator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Inter-Site-Topology-Generator
+attributeID: 1.2.840.113556.1.4.1246
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Inter-Site-Topology-Generator
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Inter-Site-Topology-Generator
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: interSiteTopologyGenerator
+schemaFlagsEx: 1
+schemaIDGUID:: Xp7Gt8cs0hGFTgCgyYP2CA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Inter-Site-Topology-Renew,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Inter-Site-Topology-Renew
+attributeID: 1.2.840.113556.1.4.1247
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Inter-Site-Topology-Renew
+adminDescription: Inter-Site-Topology-Renew
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: interSiteTopologyRenew
+schemaFlagsEx: 1
+schemaIDGUID:: X57Gt8cs0hGFTgCgyYP2CA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=International-ISDN-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: International-ISDN-Number
+attributeID: 2.5.4.25
+attributeSyntax: 2.5.5.6
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 16
+mAPIID: 32958
+showInAdvancedViewOnly: TRUE
+adminDisplayName: International-ISDN-Number
+adminDescription: International-ISDN-Number
+oMSyntax: 18
+searchFlags: 0
+lDAPDisplayName: internationalISDNNumber
+schemaIDGUID:: jXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Invocation-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Invocation-Id
+attributeID: 1.2.840.113556.1.2.115
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+mAPIID: 32959
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Invocation-Id
+adminDescription: Invocation-Id
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: invocationId
+schemaFlagsEx: 1
+schemaIDGUID:: jnmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpHostNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IpHostNumber
+attributeID: 1.3.6.1.1.1.1.19
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipHostNumber
+adminDescription: IP address as a dotted decimal omitting leading zeros
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: ipHostNumber
+schemaIDGUID:: IbeL3tyF3k+2h5ZXaI5mfg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpNetmaskNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IpNetmaskNumber
+attributeID: 1.3.6.1.1.1.1.21
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipNetmaskNumber
+adminDescription: IP netmask as a dotted decimal, omitting leading zeros
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: ipNetmaskNumber
+schemaIDGUID:: zU/2by5GYk+0SppTR2WeuQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpNetworkNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IpNetworkNumber
+attributeID: 1.3.6.1.1.1.1.20
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipNetworkNumber
+adminDescription: IP network as a dotted decimal, omitting leading zeros
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: ipNetworkNumber
+schemaIDGUID:: 9FQ4TocwpEKoE7sMUolY0w==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpProtocolNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IpProtocolNumber
+attributeID: 1.3.6.1.1.1.1.17
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipProtocolNumber
+adminDescription: 
+ This is part of the protocols map and stores the unique number that identifies
+  the protocol.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: ipProtocolNumber
+schemaIDGUID:: 68b16y0OFUSWcBCBmTtCEQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Data
+attributeID: 1.2.840.113556.1.4.623
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Data
+adminDescription: Ipsec-Data
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: ipsecData
+schemaIDGUID:: H/gPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Data-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Data-Type
+attributeID: 1.2.840.113556.1.4.622
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Data-Type
+adminDescription: Ipsec-Data-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: ipsecDataType
+schemaIDGUID:: HvgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Filter-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Filter-Reference
+attributeID: 1.2.840.113556.1.4.629
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Filter-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-Filter-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecFilterReference
+schemaIDGUID:: I/gPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-ID
+attributeID: 1.2.840.113556.1.4.621
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-ID
+adminDescription: Ipsec-ID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ipsecID
+schemaIDGUID:: HfgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-ISAKMP-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-ISAKMP-Reference
+attributeID: 1.2.840.113556.1.4.626
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-ISAKMP-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-ISAKMP-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecISAKMPReference
+schemaIDGUID:: IPgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Name
+attributeID: 1.2.840.113556.1.4.620
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Name
+adminDescription: Ipsec-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ipsecName
+schemaIDGUID:: HPgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IPSEC-Negotiation-Policy-Action,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IPSEC-Negotiation-Policy-Action
+attributeID: 1.2.840.113556.1.4.888
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: IPSEC-Negotiation-Policy-Action
+adminDescription: IPSEC-Negotiation-Policy-Action
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: iPSECNegotiationPolicyAction
+schemaIDGUID:: dTA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Negotiation-Policy-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Negotiation-Policy-Reference
+attributeID: 1.2.840.113556.1.4.628
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Negotiation-Policy-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-Negotiation-Policy-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecNegotiationPolicyReference
+schemaIDGUID:: IvgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IPSEC-Negotiation-Policy-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IPSEC-Negotiation-Policy-Type
+attributeID: 1.2.840.113556.1.4.887
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: IPSEC-Negotiation-Policy-Type
+adminDescription: IPSEC-Negotiation-Policy-Type
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: iPSECNegotiationPolicyType
+schemaIDGUID:: dDA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-NFA-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-NFA-Reference
+attributeID: 1.2.840.113556.1.4.627
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-NFA-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-NFA-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecNFAReference
+schemaIDGUID:: IfgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Owners-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Owners-Reference
+attributeID: 1.2.840.113556.1.4.624
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Owners-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-Owners-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecOwnersReference
+schemaIDGUID:: JPgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Policy-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Ipsec-Policy-Reference
+attributeID: 1.2.840.113556.1.4.517
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Policy-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Ipsec-Policy-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ipsecPolicyReference
+schemaIDGUID:: GDGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpServicePort,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IpServicePort
+attributeID: 1.3.6.1.1.1.1.15
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipServicePort
+adminDescription: 
+ This is a part of the services map and contains the port at which the UNIX ser
+ vice is available.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: ipServicePort
+schemaIDGUID:: v64t/2P0WkmEBT5INkHqog==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpServiceProtocol,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: IpServiceProtocol
+attributeID: 1.3.6.1.1.1.1.16
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipServiceProtocol
+adminDescription: 
+ This is a part of the services map and stores the protocol number for a UNIX s
+ ervice.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: ipServiceProtocol
+schemaIDGUID:: C+yWzdYetEOya/FwtkWIPw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Critical-System-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Critical-System-Object
+attributeID: 1.2.840.113556.1.4.868
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Critical-System-Object
+adminDescription: Is-Critical-System-Object
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: isCriticalSystemObject
+schemaFlagsEx: 1
+schemaIDGUID:: DfP7AP6R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Defunct,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Defunct
+attributeID: 1.2.840.113556.1.4.661
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Defunct
+adminDescription: Is-Defunct
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: isDefunct
+schemaFlagsEx: 1
+schemaIDGUID:: vg5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Deleted,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Deleted
+attributeID: 1.2.840.113556.1.2.48
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+mAPIID: 32960
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Deleted
+adminDescription: Is-Deleted
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: isDeleted
+schemaFlagsEx: 1
+schemaIDGUID:: j3mWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Ephemeral,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Ephemeral
+attributeID: 1.2.840.113556.1.4.1212
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Ephemeral
+adminDescription: Is-Ephemeral
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: isEphemeral
+schemaIDGUID:: 8FPE9PHF0RG7ywCAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Member-Of-DL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Member-Of-DL
+attributeID: 1.2.840.113556.1.2.102
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 32776
+linkID: 3
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Member-Of-DL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Is-Member-Of-DL
+oMSyntax: 127
+searchFlags: 16
+lDAPDisplayName: memberOf
+schemaFlagsEx: 1
+schemaIDGUID:: kXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: QMIKvKl50BGQIADAT8LUzw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Member-Of-Partial-Attribute-Set,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Member-Of-Partial-Attribute-Set
+attributeID: 1.2.840.113556.1.4.639
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Member-Of-Partial-Attribute-Set
+adminDescription: Is-Member-Of-Partial-Attribute-Set
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: isMemberOfPartialAttributeSet
+schemaFlagsEx: 1
+schemaIDGUID:: nVtAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Privilege-Holder,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Privilege-Holder
+attributeID: 1.2.840.113556.1.4.638
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 71
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Privilege-Holder
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Is-Privilege-Holder
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: isPrivilegeHolder
+schemaIDGUID:: nFtAGfo80RGpwAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Recycled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Recycled
+attributeID: 1.2.840.113556.1.4.2058
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Recycled
+adminDescription: Is the object recycled.
+oMSyntax: 1
+searchFlags: 8
+lDAPDisplayName: isRecycled
+schemaFlagsEx: 1
+schemaIDGUID:: VpK1j/FVS0Sqy/W0gv40WQ==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Is-Single-Valued,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Is-Single-Valued
+attributeID: 1.2.840.113556.1.2.33
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+mAPIID: 32961
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Is-Single-Valued
+adminDescription: Is-Single-Valued
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: isSingleValued
+schemaFlagsEx: 1
+schemaIDGUID:: knmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=jpegPhoto,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: jpegPhoto
+attributeID: 0.9.2342.19200300.100.1.60
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: jpegPhoto
+adminDescription: 
+ Used to store one or more images of a person using the JPEG File Interchange F
+ ormat [JFIF].
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: jpegPhoto
+schemaIDGUID:: cgXIusQJqU+a5nYo162+Dg==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Keywords,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Keywords
+attributeID: 1.2.840.113556.1.4.48
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Keywords
+adminDescription: Keywords
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: keywords
+schemaFlagsEx: 1
+schemaIDGUID:: k3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Knowledge-Information,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Knowledge-Information
+attributeID: 2.5.4.2
+attributeSyntax: 2.5.5.4
+isSingleValued: FALSE
+mAPIID: 32963
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Knowledge-Information
+adminDescription: Knowledge-Information
+oMSyntax: 20
+searchFlags: 0
+lDAPDisplayName: knowledgeInformation
+schemaIDGUID:: H1h3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=labeledURI,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: labeledURI
+attributeID: 1.3.6.1.4.1.250.1.57
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: labeledURI
+adminDescription: 
+ A Uniform Resource Identifier followed by a label. The label is used to descri
+ be the resource to which the URI points, and is intended as a friendly name fi
+ t for human consumption.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: labeledURI
+schemaIDGUID:: RrtpxYDGvESic+bCJ9cbRQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Backup-Restoration-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Backup-Restoration-Time
+attributeID: 1.2.840.113556.1.4.519
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Backup-Restoration-Time
+adminDescription: Last-Backup-Restoration-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lastBackupRestorationTime
+schemaIDGUID:: 6Au7H2O60BGv7wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Content-Indexed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Content-Indexed
+attributeID: 1.2.840.113556.1.4.50
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Content-Indexed
+adminDescription: Last-Content-Indexed
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lastContentIndexed
+schemaIDGUID:: lXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Known-Parent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Known-Parent
+attributeID: 1.2.840.113556.1.4.781
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Known-Parent
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Last-Known-Parent
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: lastKnownParent
+schemaFlagsEx: 1
+schemaIDGUID:: cIarUglX0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Logoff,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Logoff
+attributeID: 1.2.840.113556.1.4.51
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Logoff
+adminDescription: Last-Logoff
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lastLogoff
+schemaFlagsEx: 1
+schemaIDGUID:: lnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Logon,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Logon
+attributeID: 1.2.840.113556.1.4.52
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Logon
+adminDescription: Last-Logon
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lastLogon
+schemaFlagsEx: 1
+schemaIDGUID:: l3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Logon-Timestamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Logon-Timestamp
+attributeID: 1.2.840.113556.1.4.1696
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Logon-Timestamp
+adminDescription: Last-Logon-Timestamp
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: lastLogonTimestamp
+schemaFlagsEx: 1
+schemaIDGUID:: BAriwFoO80+Ugl7+rs1wYA==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Set-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Set-Time
+attributeID: 1.2.840.113556.1.4.53
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Set-Time
+adminDescription: Last-Set-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lastSetTime
+schemaFlagsEx: 1
+schemaIDGUID:: mHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Last-Update-Sequence,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Last-Update-Sequence
+attributeID: 1.2.840.113556.1.4.330
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Last-Update-Sequence
+adminDescription: Last-Update-Sequence
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: lastUpdateSequence
+schemaIDGUID:: nA5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=LDAP-Admin-Limits,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: LDAP-Admin-Limits
+attributeID: 1.2.840.113556.1.4.843
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: LDAP-Admin-Limits
+adminDescription: LDAP-Admin-Limits
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: lDAPAdminLimits
+schemaFlagsEx: 1
+schemaIDGUID:: UqNZc/eQ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=LDAP-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: LDAP-Display-Name
+attributeID: 1.2.840.113556.1.2.460
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+mAPIID: 33137
+showInAdvancedViewOnly: TRUE
+adminDisplayName: LDAP-Display-Name
+adminDescription: LDAP-Display-Name
+oMSyntax: 64
+searchFlags: 9
+lDAPDisplayName: lDAPDisplayName
+schemaFlagsEx: 1
+schemaIDGUID:: mnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=LDAP-IPDeny-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: LDAP-IPDeny-List
+attributeID: 1.2.840.113556.1.4.844
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: LDAP-IPDeny-List
+adminDescription: LDAP-IPDeny-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: lDAPIPDenyList
+schemaFlagsEx: 1
+schemaIDGUID:: U6NZc/eQ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Legacy-Exchange-DN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Legacy-Exchange-DN
+attributeID: 1.2.840.113556.1.4.655
+attributeSyntax: 2.5.5.4
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Legacy-Exchange-DN
+adminDescription: Legacy-Exchange-DN
+oMSyntax: 20
+searchFlags: 13
+lDAPDisplayName: legacyExchangeDN
+schemaFlagsEx: 1
+schemaIDGUID:: vA5jKNVB0RGpwQAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Link-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Link-ID
+attributeID: 1.2.840.113556.1.2.50
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 32965
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Link-ID
+adminDescription: Link-ID
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: linkID
+schemaFlagsEx: 1
+schemaIDGUID:: m3mWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Link-Track-Secret,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Link-Track-Secret
+attributeID: 1.2.840.113556.1.4.269
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Link-Track-Secret
+adminDescription: Link-Track-Secret
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: linkTrackSecret
+schemaIDGUID:: 4g/oKrRH0BGhpADAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Lm-Pwd-History,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Lm-Pwd-History
+attributeID: 1.2.840.113556.1.4.160
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lm-Pwd-History
+adminDescription: Lm-Pwd-History
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: lmPwdHistory
+schemaFlagsEx: 1
+schemaIDGUID:: nXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Local-Policy-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Local-Policy-Flags
+attributeID: 1.2.840.113556.1.4.56
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Local-Policy-Flags
+adminDescription: Local-Policy-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: localPolicyFlags
+schemaFlagsEx: 1
+schemaIDGUID:: nnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Local-Policy-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Local-Policy-Reference
+attributeID: 1.2.840.113556.1.4.457
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Local-Policy-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Local-Policy-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: localPolicyReference
+schemaIDGUID:: TX6mgCKf0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: AYqboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Locale-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Locale-ID
+attributeID: 1.2.840.113556.1.4.58
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Locale-ID
+adminDescription: Locale-ID
+oMSyntax: 2
+searchFlags: 16
+lDAPDisplayName: localeID
+schemaIDGUID:: oXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Locality-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Locality-Name
+attributeID: 2.5.4.7
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 14887
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Locality-Name
+adminDescription: Locality-Name
+oMSyntax: 64
+searchFlags: 17
+lDAPDisplayName: l
+schemaFlagsEx: 1
+schemaIDGUID:: onmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Localization-Display-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Localization-Display-Id
+attributeID: 1.2.840.113556.1.4.1353
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Localization-Display-Id
+adminDescription: Localization-Display-Id
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: localizationDisplayId
+schemaIDGUID:: 0fBGp9B40hGZFgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Localized-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Localized-Description
+attributeID: 1.2.840.113556.1.4.817
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Localized-Description
+adminDescription: Localized-Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: localizedDescription
+schemaIDGUID:: FoPh2TmJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Location
+attributeID: 1.2.840.113556.1.4.222
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Location
+adminDescription: Location
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: location
+schemaIDGUID:: n7fcCV8W0BGgZACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Lock-Out-Observation-Window,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Lock-Out-Observation-Window
+attributeID: 1.2.840.113556.1.4.61
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lock-Out-Observation-Window
+adminDescription: Lock-Out-Observation-Window
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lockOutObservationWindow
+schemaFlagsEx: 1
+schemaIDGUID:: pHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Lockout-Duration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Lockout-Duration
+attributeID: 1.2.840.113556.1.4.60
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lockout-Duration
+adminDescription: Lockout-Duration
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lockoutDuration
+schemaFlagsEx: 1
+schemaIDGUID:: pXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Lockout-Threshold,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Lockout-Threshold
+attributeID: 1.2.840.113556.1.4.73
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lockout-Threshold
+adminDescription: Lockout-Threshold
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: lockoutThreshold
+schemaFlagsEx: 1
+schemaIDGUID:: pnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Lockout-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Lockout-Time
+attributeID: 1.2.840.113556.1.4.662
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lockout-Time
+adminDescription: Lockout-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lockoutTime
+schemaFlagsEx: 1
+schemaIDGUID:: vw5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=LoginShell,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: LoginShell
+attributeID: 1.3.6.1.1.1.1.4
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: loginShell
+adminDescription: The path to the login shell (RFC 2307)
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: loginShell
+schemaIDGUID:: LNFTpTEyXkyK340YlpdyHg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Logo,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Logo
+attributeID: 2.16.840.1.113730.3.1.36
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Logo
+adminDescription: Logo
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: thumbnailLogo
+schemaFlagsEx: 1
+schemaIDGUID:: qXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Logon-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Logon-Count
+attributeID: 1.2.840.113556.1.4.169
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Logon-Count
+adminDescription: Logon-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: logonCount
+schemaFlagsEx: 1
+schemaIDGUID:: qnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Logon-Hours,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Logon-Hours
+attributeID: 1.2.840.113556.1.4.64
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Logon-Hours
+adminDescription: Logon-Hours
+oMSyntax: 4
+searchFlags: 16
+lDAPDisplayName: logonHours
+schemaFlagsEx: 1
+schemaIDGUID:: q3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Logon-Workstation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Logon-Workstation
+attributeID: 1.2.840.113556.1.4.65
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Logon-Workstation
+adminDescription: Logon-Workstation
+oMSyntax: 4
+searchFlags: 16
+lDAPDisplayName: logonWorkstation
+schemaIDGUID:: rHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=LSA-Creation-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: LSA-Creation-Time
+attributeID: 1.2.840.113556.1.4.66
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: LSA-Creation-Time
+adminDescription: LSA-Creation-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lSACreationTime
+schemaIDGUID:: rXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=LSA-Modified-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: LSA-Modified-Count
+attributeID: 1.2.840.113556.1.4.67
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: LSA-Modified-Count
+adminDescription: LSA-Modified-Count
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: lSAModifiedCount
+schemaIDGUID:: rnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MacAddress,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MacAddress
+attributeID: 1.3.6.1.1.1.1.22
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: macAddress
+adminDescription: MAC address in maximal, colon seperated hex notation
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: macAddress
+schemaIDGUID:: 3SKl5nCX4UOJ3h3lBEMo9w==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Machine-Architecture,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Machine-Architecture
+attributeID: 1.2.840.113556.1.4.68
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Machine-Architecture
+adminDescription: Machine-Architecture
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: machineArchitecture
+schemaIDGUID:: r3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Machine-Password-Change-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Machine-Password-Change-Interval
+attributeID: 1.2.840.113556.1.4.520
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Machine-Password-Change-Interval
+adminDescription: Machine-Password-Change-Interval
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: machinePasswordChangeInterval
+schemaIDGUID:: jjW2yTi70BGv7wAA+ANnwQ==
+attributeSecurityGUID:: /omboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Machine-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Machine-Role
+attributeID: 1.2.840.113556.1.4.71
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Machine-Role
+adminDescription: Machine-Role
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: machineRole
+schemaFlagsEx: 1
+schemaIDGUID:: snmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Machine-Wide-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Machine-Wide-Policy
+attributeID: 1.2.840.113556.1.4.459
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Machine-Wide-Policy
+adminDescription: Machine-Wide-Policy
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: machineWidePolicy
+schemaIDGUID:: T36mgCKf0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: AYqboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Managed-By,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Managed-By
+attributeID: 1.2.840.113556.1.4.653
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+mAPIID: 32780
+linkID: 72
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Managed-By
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Managed-By
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: managedBy
+schemaFlagsEx: 1
+schemaIDGUID:: IMGWAtpA0RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Managed-Objects,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Managed-Objects
+attributeID: 1.2.840.113556.1.4.654
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 32804
+linkID: 73
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Managed-Objects
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Managed-Objects
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: managedObjects
+schemaIDGUID:: JMGWAtpA0RGpwAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Manager,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Manager
+attributeID: 0.9.2342.19200300.100.1.10
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+mAPIID: 32773
+linkID: 42
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Manager
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Manager
+oMSyntax: 127
+searchFlags: 16
+lDAPDisplayName: manager
+schemaIDGUID:: tXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MAPI-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MAPI-ID
+attributeID: 1.2.840.113556.1.2.49
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 32974
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MAPI-ID
+adminDescription: MAPI-ID
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mAPIID
+schemaFlagsEx: 1
+schemaIDGUID:: t3mWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Marshalled-Interface,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Marshalled-Interface
+attributeID: 1.2.840.113556.1.4.72
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Marshalled-Interface
+adminDescription: Marshalled-Interface
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: marshalledInterface
+schemaIDGUID:: uXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Mastered-By,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Mastered-By
+attributeID: 1.2.840.113556.1.4.1409
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 77
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Mastered-By
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Mastered-By
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: masteredBy
+schemaFlagsEx: 1
+schemaIDGUID:: 4GSO5MkS0xGRAgDAT9kasQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Max-Pwd-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Max-Pwd-Age
+attributeID: 1.2.840.113556.1.4.74
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Max-Pwd-Age
+adminDescription: Max-Pwd-Age
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: maxPwdAge
+schemaFlagsEx: 1
+schemaIDGUID:: u3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Max-Renew-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Max-Renew-Age
+attributeID: 1.2.840.113556.1.4.75
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Max-Renew-Age
+adminDescription: Max-Renew-Age
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: maxRenewAge
+schemaFlagsEx: 1
+schemaIDGUID:: vHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Max-Storage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Max-Storage
+attributeID: 1.2.840.113556.1.4.76
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Max-Storage
+adminDescription: Max-Storage
+oMSyntax: 65
+searchFlags: 16
+lDAPDisplayName: maxStorage
+schemaIDGUID:: vXmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Max-Ticket-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Max-Ticket-Age
+attributeID: 1.2.840.113556.1.4.77
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Max-Ticket-Age
+adminDescription: Max-Ticket-Age
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: maxTicketAge
+schemaFlagsEx: 1
+schemaIDGUID:: vnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=May-Contain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: May-Contain
+attributeID: 1.2.840.113556.1.2.25
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: May-Contain
+adminDescription: May-Contain
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: mayContain
+schemaFlagsEx: 1
+schemaIDGUID:: v3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingAdvertiseScope,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingAdvertiseScope
+attributeID: 1.2.840.113556.1.4.582
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingAdvertiseScope
+adminDescription: meetingAdvertiseScope
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingAdvertiseScope
+schemaIDGUID:: i8y2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingApplication,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingApplication
+attributeID: 1.2.840.113556.1.4.573
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingApplication
+adminDescription: meetingApplication
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingApplication
+schemaIDGUID:: g8y2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingBandwidth,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingBandwidth
+attributeID: 1.2.840.113556.1.4.589
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingBandwidth
+adminDescription: meetingBandwidth
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: meetingBandwidth
+schemaIDGUID:: ksy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingBlob,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingBlob
+attributeID: 1.2.840.113556.1.4.590
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingBlob
+adminDescription: meetingBlob
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: meetingBlob
+schemaIDGUID:: k8y2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingContactInfo,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingContactInfo
+attributeID: 1.2.840.113556.1.4.578
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingContactInfo
+adminDescription: meetingContactInfo
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingContactInfo
+schemaIDGUID:: h8y2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingDescription,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingDescription
+attributeID: 1.2.840.113556.1.4.567
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingDescription
+adminDescription: meetingDescription
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingDescription
+schemaIDGUID:: fsy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingEndTime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingEndTime
+attributeID: 1.2.840.113556.1.4.588
+attributeSyntax: 2.5.5.11
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingEndTime
+adminDescription: meetingEndTime
+oMSyntax: 23
+searchFlags: 0
+lDAPDisplayName: meetingEndTime
+schemaIDGUID:: kcy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingID
+attributeID: 1.2.840.113556.1.4.565
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingID
+adminDescription: meetingID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingID
+schemaIDGUID:: fMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingIP,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingIP
+attributeID: 1.2.840.113556.1.4.580
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingIP
+adminDescription: meetingIP
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingIP
+schemaIDGUID:: icy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingIsEncrypted,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingIsEncrypted
+attributeID: 1.2.840.113556.1.4.585
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingIsEncrypted
+adminDescription: meetingIsEncrypted
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingIsEncrypted
+schemaIDGUID:: jsy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingKeyword,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingKeyword
+attributeID: 1.2.840.113556.1.4.568
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingKeyword
+adminDescription: meetingKeyword
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingKeyword
+schemaIDGUID:: f8y2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingLanguage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingLanguage
+attributeID: 1.2.840.113556.1.4.574
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingLanguage
+adminDescription: meetingLanguage
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingLanguage
+schemaIDGUID:: hMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingLocation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingLocation
+attributeID: 1.2.840.113556.1.4.569
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingLocation
+adminDescription: meetingLocation
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingLocation
+schemaIDGUID:: gMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingMaxParticipants,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingMaxParticipants
+attributeID: 1.2.840.113556.1.4.576
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingMaxParticipants
+adminDescription: meetingMaxParticipants
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: meetingMaxParticipants
+schemaIDGUID:: hcy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingName
+attributeID: 1.2.840.113556.1.4.566
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingName
+adminDescription: meetingName
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingName
+schemaIDGUID:: fcy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingOriginator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingOriginator
+attributeID: 1.2.840.113556.1.4.577
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingOriginator
+adminDescription: meetingOriginator
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingOriginator
+schemaIDGUID:: hsy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingOwner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingOwner
+attributeID: 1.2.840.113556.1.4.579
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingOwner
+adminDescription: meetingOwner
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingOwner
+schemaIDGUID:: iMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingProtocol,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingProtocol
+attributeID: 1.2.840.113556.1.4.570
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingProtocol
+adminDescription: meetingProtocol
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingProtocol
+schemaIDGUID:: gcy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingRating,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingRating
+attributeID: 1.2.840.113556.1.4.584
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingRating
+adminDescription: meetingRating
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingRating
+schemaIDGUID:: jcy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingRecurrence,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingRecurrence
+attributeID: 1.2.840.113556.1.4.586
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingRecurrence
+adminDescription: meetingRecurrence
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingRecurrence
+schemaIDGUID:: j8y2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingScope,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingScope
+attributeID: 1.2.840.113556.1.4.581
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingScope
+adminDescription: meetingScope
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingScope
+schemaIDGUID:: isy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingStartTime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingStartTime
+attributeID: 1.2.840.113556.1.4.587
+attributeSyntax: 2.5.5.11
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingStartTime
+adminDescription: meetingStartTime
+oMSyntax: 23
+searchFlags: 0
+lDAPDisplayName: meetingStartTime
+schemaIDGUID:: kMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingType
+attributeID: 1.2.840.113556.1.4.571
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingType
+adminDescription: meetingType
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingType
+schemaIDGUID:: gsy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=meetingURL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: meetingURL
+attributeID: 1.2.840.113556.1.4.583
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: meetingURL
+adminDescription: meetingURL
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: meetingURL
+schemaIDGUID:: jMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Member
+attributeID: 2.5.4.31
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 32777
+linkID: 2
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Member
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Member
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: member
+schemaFlagsEx: 1
+schemaIDGUID:: wHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: QMIKvKl50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MemberNisNetgroup,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MemberNisNetgroup
+attributeID: 1.3.6.1.1.1.1.13
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 153600
+showInAdvancedViewOnly: TRUE
+adminDisplayName: memberNisNetgroup
+adminDescription: 
+ A multivalued attribute that holds the list of netgroups that are members of t
+ his netgroup.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: memberNisNetgroup
+schemaIDGUID:: 3BdqD+VT6EuUQo884vkBKg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MemberUid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MemberUid
+attributeID: 1.3.6.1.1.1.1.12
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 256000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: memberUid
+adminDescription: 
+ This multivalued attribute holds the login names of the members of a group.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: memberUid
+schemaIDGUID:: NrLaAy5nYU+rZPd9LcL/qw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MHS-OR-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MHS-OR-Address
+attributeID: 1.2.840.113556.1.4.650
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MHS-OR-Address
+adminDescription: MHS-OR-Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mhsORAddress
+schemaIDGUID:: IsGWAtpA0RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Min-Pwd-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Min-Pwd-Age
+attributeID: 1.2.840.113556.1.4.78
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Min-Pwd-Age
+adminDescription: Min-Pwd-Age
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: minPwdAge
+schemaFlagsEx: 1
+schemaIDGUID:: wnmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Min-Pwd-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Min-Pwd-Length
+attributeID: 1.2.840.113556.1.4.79
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Min-Pwd-Length
+adminDescription: Min-Pwd-Length
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: minPwdLength
+schemaFlagsEx: 1
+schemaIDGUID:: w3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Min-Ticket-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Min-Ticket-Age
+attributeID: 1.2.840.113556.1.4.80
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Min-Ticket-Age
+adminDescription: Min-Ticket-Age
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: minTicketAge
+schemaFlagsEx: 1
+schemaIDGUID:: xHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Modified-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Modified-Count
+attributeID: 1.2.840.113556.1.4.168
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Modified-Count
+adminDescription: Modified-Count
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: modifiedCount
+schemaFlagsEx: 1
+schemaIDGUID:: xXmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Modified-Count-At-Last-Prom,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Modified-Count-At-Last-Prom
+attributeID: 1.2.840.113556.1.4.81
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Modified-Count-At-Last-Prom
+adminDescription: Modified-Count-At-Last-Prom
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: modifiedCountAtLastProm
+schemaFlagsEx: 1
+schemaIDGUID:: xnmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Modify-Time-Stamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Modify-Time-Stamp
+attributeID: 2.5.18.2
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Modify-Time-Stamp
+adminDescription: Modify-Time-Stamp
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: modifyTimeStamp
+schemaFlagsEx: 1
+schemaIDGUID:: Stl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Moniker,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Moniker
+attributeID: 1.2.840.113556.1.4.82
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Moniker
+adminDescription: Moniker
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: moniker
+schemaIDGUID:: x3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Moniker-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Moniker-Display-Name
+attributeID: 1.2.840.113556.1.4.83
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Moniker-Display-Name
+adminDescription: Moniker-Display-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: monikerDisplayName
+schemaIDGUID:: yHmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Move-Tree-State,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Move-Tree-State
+attributeID: 1.2.840.113556.1.4.1305
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Move-Tree-State
+adminDescription: Move-Tree-State
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: moveTreeState
+schemaIDGUID:: yMIqH3E70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Central-Access-Policy-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Authz-Central-Access-Policy-ID
+attributeID: 1.2.840.113556.1.4.2154
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Central-Access-Policy-ID
+adminDescription: 
+ For a Central Access Policy, this attribute defines a GUID that can be used to
+  identify the set of policies when applied to a resource.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msAuthz-CentralAccessPolicyID
+schemaIDGUID:: YJvyYnS+MEaUVi9mkZk6hg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Effective-Security-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Authz-Effective-Security-Policy
+attributeID: 1.2.840.113556.1.4.2150
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Security-Policy
+adminDescription: 
+ For a central access rule, this attribute defines the permission that is apply
+ ing to the target resources on the central access rule.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msAuthz-EffectiveSecurityPolicy
+schemaIDGUID:: GRmDB5SPtk+KQpFUXcza0w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Last-Effective-Security-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Authz-Last-Effective-Security-Policy
+attributeID: 1.2.840.113556.1.4.2152
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Last-Effective-Security-Policy
+adminDescription: 
+ For a central access rule, this attribute defines the permission that was last
+  applied to the objects the Central Access Rule is applied to.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msAuthz-LastEffectiveSecurityPolicy
+schemaIDGUID:: xoUWji8+okiljVrw6nifoA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Member-Rules-In-Central-Access-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Authz-Member-Rules-In-Central-Access-Policy
+attributeID: 1.2.840.113556.1.4.2155
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2184
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Member-Rules-In-Central-Access-Policy
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a central access policy, this attribute identifies the central access rule
+ s that comprise the policy.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msAuthz-MemberRulesInCentralAccessPolicy
+schemaIDGUID:: ei/yV343w0KYcs7G8h0uPg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Member-Rules-In-Central-Access-Policy-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Authz-Member-Rules-In-Central-Access-Policy-BL
+attributeID: 1.2.840.113556.1.4.2156
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2185
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Member-Rules-In-Central-Access-Policy-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-Authz-Member-Rules-In-Central-Access-Policy. For a central acc
+ ess rule object, this attribute references one or more central access policies
+  that point to it.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msAuthz-MemberRulesInCentralAccessPolicyBL
+schemaIDGUID:: z2duUd3+lES7OrxQapSIkQ==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Proposed-Security-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Authz-Proposed-Security-Policy
+attributeID: 1.2.840.113556.1.4.2151
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Proposed-Security-Policy
+adminDescription: 
+ For a Central Access Policy Entry, defines the proposed security policy of the
+  objects the CAPE is applied to.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msAuthz-ProposedSecurityPolicy
+schemaIDGUID:: zr5GubUJakuyWktjozDoDg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Resource-Condition,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Authz-Resource-Condition
+attributeID: 1.2.840.113556.1.4.2153
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Resource-Condition
+adminDescription: 
+ For a central access rule, this attribute is an expression that identifies the
+  scope of the target resource to which the policy applies.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msAuthz-ResourceCondition
+schemaIDGUID:: d3iZgHT4aEyGTW5QioO9vQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-DefaultPartitionLink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-COM-DefaultPartitionLink
+attributeID: 1.2.840.113556.1.4.1427
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-DefaultPartitionLink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Link to a the default Partition for the PartitionSet. Default = adminDisplayNa
+ me
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msCOM-DefaultPartitionLink
+schemaIDGUID:: 9xCLmRqqZEO4Z3U9GX/mcA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-ObjectId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-COM-ObjectId
+attributeID: 1.2.840.113556.1.4.1428
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-ObjectId
+adminDescription: Object ID that COM+ uses. Default = adminDisplayName
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msCOM-ObjectId
+schemaIDGUID:: i2cPQ5+I8kGYQyA7WmVXLw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-PartitionLink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-COM-PartitionLink
+attributeID: 1.2.840.113556.1.4.1423
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 1040
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-PartitionLink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Link from a PartitionSet to a Partition. Default = adminDisplayName
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msCOM-PartitionLink
+schemaIDGUID:: YqyrCT8EAkesK2yhXu5XVA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-PartitionSetLink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-COM-PartitionSetLink
+attributeID: 1.2.840.113556.1.4.1424
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 1041
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-PartitionSetLink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Link from a Partition to a PartitionSet. Default = adminDisplayName
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msCOM-PartitionSetLink
+schemaIDGUID:: 3CHxZwJ9fUyC9ZrUyVCsNA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-UserLink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-COM-UserLink
+attributeID: 1.2.840.113556.1.4.1425
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 1049
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-UserLink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Link from a PartitionSet to a User. Default = adminDisplayName
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msCOM-UserLink
+schemaIDGUID:: TTpvniwkN0+waDa1f5/IUg==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-UserPartitionSetLink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-COM-UserPartitionSetLink
+attributeID: 1.2.840.113556.1.4.1426
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 1048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-UserPartitionSetLink
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Link from a User to a PartitionSet. Default = adminDisplayName
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msCOM-UserPartitionSetLink
+schemaIDGUID:: igyUjnfkZ0Owjf8v+ULc1w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Comment-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Comment-v2
+attributeID: 1.2.840.113556.1.4.2036
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32766
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Comment-v2
+adminDescription: Comment associated with DFS root/link.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFS-Commentv2
+schemaIDGUID:: yc6Gt/1hI0WywVzrOGC7Mg==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Generation-GUID-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Generation-GUID-v2
+attributeID: 1.2.840.113556.1.4.2032
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Generation-GUID-v2
+adminDescription: 
+ To be updated each time the entry containing this attribute is modified.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFS-GenerationGUIDv2
+schemaIDGUID:: 2bO4NY/F1kOTDlBA8vGngQ==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Last-Modified-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Last-Modified-v2
+attributeID: 1.2.840.113556.1.4.2034
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Last-Modified-v2
+adminDescription: 
+ To be updated on each write to the entry containing the attribute.
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: msDFS-LastModifiedv2
+schemaIDGUID:: il4JPE4xW0aD9auCd7zymw==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Link-Identity-GUID-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Link-Identity-GUID-v2
+attributeID: 1.2.840.113556.1.4.2041
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Link-Identity-GUID-v2
+adminDescription: 
+ To be set only when the link is created. Stable across rename/move as long as 
+ link is not replaced by another link having same name.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFS-LinkIdentityGUIDv2
+schemaIDGUID:: 8yew7SZX7k2NTtvwfhrR8Q==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Link-Path-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Link-Path-v2
+attributeID: 1.2.840.113556.1.4.2039
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32766
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Link-Path-v2
+adminDescription: 
+ DFS link path relative to the DFS root target share (i.e. without the server/d
+ omain and DFS namespace name components). Use forward slashes (/) instead of b
+ ackslashes so that LDAP searches can be done without having to use escapes.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFS-LinkPathv2
+schemaIDGUID:: 9iGwhqsQokCiUh3AzDvmqQ==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Link-Security-Descriptor-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Link-Security-Descriptor-v2
+attributeID: 1.2.840.113556.1.4.2040
+attributeSyntax: 2.5.5.15
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Link-Security-Descriptor-v2
+adminDescription: 
+ Security descriptor of the DFS links's reparse point on the filesystem.
+oMSyntax: 66
+searchFlags: 0
+lDAPDisplayName: msDFS-LinkSecurityDescriptorv2
+schemaIDGUID:: 94fPVyY0QUizIgKztunrqA==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Namespace-Identity-GUID-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Namespace-Identity-GUID-v2
+attributeID: 1.2.840.113556.1.4.2033
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Namespace-Identity-GUID-v2
+adminDescription: 
+ To be set only when the namespace is created. Stable across rename/move as lon
+ g as namespace is not replaced by another namespace having same name.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFS-NamespaceIdentityGUIDv2
+schemaIDGUID:: zjIEIF/sMUmlJdf0r+NOaA==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Properties-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Properties-v2
+attributeID: 1.2.840.113556.1.4.2037
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Properties-v2
+adminDescription: Properties associated with DFS root/link.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFS-Propertiesv2
+schemaIDGUID:: xVs+DA7r9UCbUzNOlY3/2w==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Schema-Major-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Schema-Major-Version
+attributeID: 1.2.840.113556.1.4.2030
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 2
+rangeUpper: 2
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Schema-Major-Version
+adminDescription: Major version of schema of DFS metadata.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFS-SchemaMajorVersion
+schemaIDGUID:: VXht7EpwYU+apsSafB1Uxw==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Schema-Minor-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Schema-Minor-Version
+attributeID: 1.2.840.113556.1.4.2031
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Schema-Minor-Version
+adminDescription: Minor version of schema of DFS metadata.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFS-SchemaMinorVersion
+schemaIDGUID:: Jaf5/vHoq0O9hmoBFc6eOA==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Short-Name-Link-Path-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Short-Name-Link-Path-v2
+attributeID: 1.2.840.113556.1.4.2042
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32766
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Short-Name-Link-Path-v2
+adminDescription: 
+ Shortname DFS link path relative to the DFS root target share (i.e. without th
+ e server/domain and DFS namespace name components). Use forward slashes (/) in
+ stead of backslashes so that LDAP searches can be done without having to use e
+ scapes.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFS-ShortNameLinkPathv2
+schemaIDGUID:: 8CZ4LfdM6UKgOREQ4NnKmQ==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Target-List-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Target-List-v2
+attributeID: 1.2.840.113556.1.4.2038
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2097152
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Target-List-v2
+adminDescription: Targets corresponding to DFS root/link.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFS-TargetListv2
+schemaIDGUID:: xiaxakH6NkuAnnypFhDUjw==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Ttl-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFS-Ttl-v2
+attributeID: 1.2.840.113556.1.4.2035
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Ttl-v2
+adminDescription: 
+ TTL associated with DFS root/link. For use at DFS referral time.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFS-Ttlv2
+schemaIDGUID:: MU2U6kqGSUOtpQYuLGFPXg==
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-CachePolicy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-CachePolicy
+attributeID: 1.2.840.113556.1.6.13.3.29
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-CachePolicy
+adminDescription: On-demand cache policy options
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-CachePolicy
+schemaIDGUID:: 5wh623b8aUWkX/XstmqItQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-CommonStagingPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-CommonStagingPath
+attributeID: 1.2.840.113556.1.6.13.3.38
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-CommonStagingPath
+adminDescription: Full path of the common staging directory
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-CommonStagingPath
+schemaIDGUID:: Qaxuk1fSuUu9VfMQo88JrQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-CommonStagingSizeInMb,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-CommonStagingSizeInMb
+attributeID: 1.2.840.113556.1.6.13.3.39
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: -1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-CommonStagingSizeInMb
+adminDescription: Size of the common staging directory in MB
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDFSR-CommonStagingSizeInMb
+schemaIDGUID:: DrBeE0ZIi0WOoqN1Wa/UBQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ComputerReference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ComputerReference
+attributeID: 1.2.840.113556.1.6.13.3.101
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2050
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ComputerReference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Forward link to Computer object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDFSR-ComputerReference
+schemaIDGUID:: hVd7bCE9v0GKimJ5QVRNWg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ComputerReferenceBL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ComputerReferenceBL
+attributeID: 1.2.840.113556.1.6.13.3.103
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2051
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ComputerReferenceBL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Backlink attribute for ms-DFSR-ComputerReference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDFSR-ComputerReferenceBL
+schemaIDGUID:: 1ya1XhvXrkSMxpVGAFLmrA==
+systemFlags: 1
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ConflictPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ConflictPath
+attributeID: 1.2.840.113556.1.6.13.3.7
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ConflictPath
+adminDescription: Full path of the conflict directory
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-ConflictPath
+schemaIDGUID:: yLzwXPdg/0u9pq6gNE6xUQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ConflictSizeInMb,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ConflictSizeInMb
+attributeID: 1.2.840.113556.1.6.13.3.8
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: -1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ConflictSizeInMb
+adminDescription: Size of the Conflict directory in MB
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDFSR-ConflictSizeInMb
+schemaIDGUID:: yT/Tms+qmUK7PtH8bqiOSQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ContentSetGuid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ContentSetGuid
+attributeID: 1.2.840.113556.1.6.13.3.18
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ContentSetGuid
+adminDescription: DFSR Content set guid
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFSR-ContentSetGuid
+schemaIDGUID:: 4ag1EKhnIUy3uwMc35nXoA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DefaultCompressionExclusionFilter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DefaultCompressionExclusionFilter
+attributeID: 1.2.840.113556.1.6.13.3.34
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-DefaultCompressionExclusionFilter
+adminDescription: 
+ Filter string containing extensions of file types not to be compressed
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-DefaultCompressionExclusionFilter
+schemaIDGUID:: 1RuBh4vNy0WfXZgPOp4Mlw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DeletedPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DeletedPath
+attributeID: 1.2.840.113556.1.6.13.3.26
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-DeletedPath
+adminDescription: Full path of the Deleted directory
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-DeletedPath
+schemaIDGUID:: uPB8gZXbFEm4M1oHnvZXZA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DeletedSizeInMb,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DeletedSizeInMb
+attributeID: 1.2.840.113556.1.6.13.3.27
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeUpper: -1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-DeletedSizeInMb
+adminDescription: Size of the Deleted directory in MB
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDFSR-DeletedSizeInMb
+schemaIDGUID:: 0ZrtU3WZ9EGD9QwGGhJVOg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DfsLinkTarget,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DfsLinkTarget
+attributeID: 1.2.840.113556.1.6.13.3.24
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-DfsLinkTarget
+adminDescription: Link target used for the subscription
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-DfsLinkTarget
+schemaIDGUID:: qVu49/k7j0KqtC7ubVbwYw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DfsPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DfsPath
+attributeID: 1.2.840.113556.1.6.13.3.21
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-DfsPath
+adminDescription: Full path of associated DFS link
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDFSR-DfsPath
+schemaIDGUID:: 4gPJLIw5O0Sshv9rAerHug==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DirectoryFilter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DirectoryFilter
+attributeID: 1.2.840.113556.1.6.13.3.13
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-DirectoryFilter
+adminDescription: Filter string applied to directories
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-DirectoryFilter
+schemaIDGUID:: d7THky4fQEu3vwB+jQOMzw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-DisablePacketPrivacy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-DisablePacketPrivacy
+attributeID: 1.2.840.113556.1.6.13.3.32
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-DisablePacketPrivacy
+adminDescription: Disable packet privacy on a connection
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDFSR-DisablePacketPrivacy
+schemaIDGUID:: 5e2Eah50/UOd1qoPYVeGIQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Enabled
+attributeID: 1.2.840.113556.1.6.13.3.9
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Enabled
+adminDescription: Specify if the object enabled
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDFSR-Enabled
+schemaIDGUID:: 52pyA32ORkSKrqkWV8AJkw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Extension,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Extension
+attributeID: 1.2.840.113556.1.6.13.3.2
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Extension
+adminDescription: DFSR Extension attribute
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFSR-Extension
+schemaIDGUID:: 7BHweGanGUutz3uB7XgaTQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-FileFilter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-FileFilter
+attributeID: 1.2.840.113556.1.6.13.3.12
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-FileFilter
+adminDescription: Filter string applied to files
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-FileFilter
+schemaIDGUID:: rHCC1tylQUimrM1ovjjBgQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Flags
+attributeID: 1.2.840.113556.1.6.13.3.16
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Flags
+adminDescription: DFSR Object Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-Flags
+schemaIDGUID:: lVZR/mE/yEWb+hnBSMV7CQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Keywords,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Keywords
+attributeID: 1.2.840.113556.1.6.13.3.15
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Keywords
+adminDescription: User defined keywords
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-Keywords
+schemaIDGUID:: kkaLBCdiZ0ugdMRDcIPhSw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-MaxAgeInCacheInMin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-MaxAgeInCacheInMin
+attributeID: 1.2.840.113556.1.6.13.3.31
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeUpper: 2147483647
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-MaxAgeInCacheInMin
+adminDescription: Maximum time in minutes to keep files in full form
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-MaxAgeInCacheInMin
+schemaIDGUID:: jeSwKk6s/EqD5aNCQNthmA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-MemberReference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-MemberReference
+attributeID: 1.2.840.113556.1.6.13.3.100
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2052
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-MemberReference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Forward link to DFSR-Member object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDFSR-MemberReference
+schemaIDGUID:: qjcTJsPxskS76siNSebwxw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-MemberReferenceBL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-MemberReferenceBL
+attributeID: 1.2.840.113556.1.6.13.3.102
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2053
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-MemberReferenceBL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Backlink attribute for ms-DFSR-MemberReference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDFSR-MemberReferenceBL
+schemaIDGUID:: xmLerYAY7UG9PDC30l4U8A==
+systemFlags: 1
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-MinDurationCacheInMin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-MinDurationCacheInMin
+attributeID: 1.2.840.113556.1.6.13.3.30
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeUpper: 2147483647
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-MinDurationCacheInMin
+adminDescription: Minimum time in minutes before truncating files
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-MinDurationCacheInMin
+schemaIDGUID:: emBdTEnOSkSYYoKpX10fzA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-OnDemandExclusionDirectoryFilter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-OnDemandExclusionDirectoryFilter
+attributeID: 1.2.840.113556.1.6.13.3.36
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-OnDemandExclusionDirectoryFilter
+adminDescription: Filter string applied to on demand replication directories
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-OnDemandExclusionDirectoryFilter
+schemaIDGUID:: /zpSfRKQskmZJfkioAGGVg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-OnDemandExclusionFileFilter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-OnDemandExclusionFileFilter
+attributeID: 1.2.840.113556.1.6.13.3.35
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-OnDemandExclusionFileFilter
+adminDescription: Filter string applied to on demand replication files
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-OnDemandExclusionFileFilter
+schemaIDGUID:: 3FmDpoGl5k6QFVOCxg8PtA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Options,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Options
+attributeID: 1.2.840.113556.1.6.13.3.17
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Options
+adminDescription: DFSR object options
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-Options
+schemaIDGUID:: hHDW1iDHfUGGR7aWI3oRTA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Options2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Options2
+attributeID: 1.2.840.113556.1.6.13.3.37
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-Options2
+adminDescription: Object Options2
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-Options2
+schemaIDGUID:: GEPiEaZMSU+a/uXrGvo0cw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Priority
+attributeID: 1.2.840.113556.1.6.13.3.25
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-Priority
+adminDescription: Priority level
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-Priority
+schemaIDGUID:: 1ucg660y3kKxQRatJjGwGw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-RdcEnabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-RdcEnabled
+attributeID: 1.2.840.113556.1.6.13.3.19
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-RdcEnabled
+adminDescription: Enable and disable RDC
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDFSR-RdcEnabled
+schemaIDGUID:: BU6046f0eECnMPSGcKdD+A==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-RdcMinFileSizeInKb,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-RdcMinFileSizeInKb
+attributeID: 1.2.840.113556.1.6.13.3.20
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: -1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-RdcMinFileSizeInKb
+adminDescription: Minimum file size to apply RDC
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDFSR-RdcMinFileSizeInKb
+schemaIDGUID:: MKMC9OWswU2MyXTZAL+K4A==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ReadOnly,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ReadOnly
+attributeID: 1.2.840.113556.1.6.13.3.28
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-ReadOnly
+adminDescription: Specify whether the content is read-only or read-write
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDFSR-ReadOnly
+schemaIDGUID:: IYDEWkfk50adI5LAxqkN+w==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ReplicationGroupGuid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ReplicationGroupGuid
+attributeID: 1.2.840.113556.1.6.13.3.23
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ReplicationGroupGuid
+adminDescription: Replication group guid
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDFSR-ReplicationGroupGuid
+schemaIDGUID:: loetLRl2+E+Wbgpcxnsofw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ReplicationGroupType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-ReplicationGroupType
+attributeID: 1.2.840.113556.1.6.13.3.10
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ReplicationGroupType
+adminDescription: Type of Replication Group
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-ReplicationGroupType
+schemaIDGUID:: yA/t7gEQ7UWAzLv3RJMHIA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-RootFence,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-RootFence
+attributeID: 1.2.840.113556.1.6.13.3.22
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-RootFence
+adminDescription: Root directory fence value
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-RootFence
+schemaIDGUID:: lI6SUdgsvkq1UuUEEkRDcA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-RootPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-RootPath
+attributeID: 1.2.840.113556.1.6.13.3.3
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-RootPath
+adminDescription: Full path of the root directory
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-RootPath
+schemaIDGUID:: wejV1x/mT0afzyC74KLsVA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-RootSizeInMb,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-RootSizeInMb
+attributeID: 1.2.840.113556.1.6.13.3.4
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-RootSizeInMb
+adminDescription: Size of the root directory in MB
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDFSR-RootSizeInMb
+schemaIDGUID:: rGm3kBNEz0OteoZxQudAow==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Schedule,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Schedule
+attributeID: 1.2.840.113556.1.6.13.3.14
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 336
+rangeUpper: 336
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Schedule
+adminDescription: DFSR Replication schedule
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFSR-Schedule
+schemaIDGUID:: X/GZRh+n4kif9ViXwHWSBQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-StagingCleanupTriggerInPercent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-StagingCleanupTriggerInPercent
+attributeID: 1.2.840.113556.1.6.13.3.40
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DFSR-StagingCleanupTriggerInPercent
+adminDescription: Staging cleanup trigger in percent of free disk space
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-StagingCleanupTriggerInPercent
+schemaIDGUID:: I5xL1vrhe0azF2lk10TWMw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-StagingPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-StagingPath
+attributeID: 1.2.840.113556.1.6.13.3.5
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-StagingPath
+adminDescription: Full path of the staging directory
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-StagingPath
+schemaIDGUID:: nqa5hqbwXUCZu3fZd5ksKg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-StagingSizeInMb,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-StagingSizeInMb
+attributeID: 1.2.840.113556.1.6.13.3.6
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: -1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-StagingSizeInMb
+adminDescription: Size of the staging directory in MB
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDFSR-StagingSizeInMb
+schemaIDGUID:: II8KJfz2WUWuZeSyTGeuvg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-TombstoneExpiryInMin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-TombstoneExpiryInMin
+attributeID: 1.2.840.113556.1.6.13.3.11
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2147483647
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-TombstoneExpiryInMin
+adminDescription: Tombstone record lifetime in minutes
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFSR-TombstoneExpiryInMin
+schemaIDGUID:: TF3jIyTjYUiiL+GZFA2uAA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DFSR-Version
+attributeID: 1.2.840.113556.1.6.13.3.1
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Version
+adminDescription: DFSR version number
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFSR-Version
+schemaIDGUID:: CBSGGsM46km6dYVIGnfGVQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-DNSKEY-Record-Set-TTL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-DNSKEY-Record-Set-TTL
+attributeID: 1.2.840.113556.1.4.2139
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2592000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-DNSKEY-Record-Set-TTL
+adminDescription: 
+ An attribute that defines the time-to-live (TTL) value assigned to DNSKEY reco
+ rds when signing the DNS zone.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-DNSKEYRecordSetTTL
+schemaIDGUID:: fzFOj9coLESm3x9JH5ezJg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-DNSKEY-Records,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-DNSKEY-Records
+attributeID: 1.2.840.113556.1.4.2145
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 10000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-DNSKEY-Records
+adminDescription: 
+ An attribute that contains the DNSKEY record set for the root of the DNS zone 
+ and the root key signing key signature records.
+oMSyntax: 4
+searchFlags: 8
+lDAPDisplayName: msDNS-DNSKEYRecords
+schemaIDGUID:: 9VjEKC1gyUqnfLPxvlA6fg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-DS-Record-Algorithms,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-DS-Record-Algorithms
+attributeID: 1.2.840.113556.1.4.2134
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-DS-Record-Algorithms
+adminDescription: 
+ An attribute used to define the algorithms used when writing the dsset file du
+ ring zone signing.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-DSRecordAlgorithms
+schemaIDGUID:: 0npbXPogu0S+szS5wPZVeQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-DS-Record-Set-TTL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-DS-Record-Set-TTL
+attributeID: 1.2.840.113556.1.4.2140
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2592000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-DS-Record-Set-TTL
+adminDescription: 
+ An attribute that defines the time-to-live (TTL) value assigned to DS records 
+ when signing the DNS zone.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-DSRecordSetTTL
+schemaIDGUID:: fJuGKcRk/kKX1fvC+hJBYA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Is-Signed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Is-Signed
+attributeID: 1.2.840.113556.1.4.2130
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Is-Signed
+adminDescription: 
+ An attribute used to define whether or not the DNS zone is signed.
+oMSyntax: 1
+searchFlags: 8
+lDAPDisplayName: msDNS-IsSigned
+schemaIDGUID:: TIUSqvzYXk2RyjaLjYKb7g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Keymaster-Zones,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Keymaster-Zones
+attributeID: 1.2.840.113556.1.4.2128
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Keymaster-Zones
+adminDescription: 
+ A list of Active Directory-integrated zones for which the DNS server is the ke
+ ymaster.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDNS-KeymasterZones
+schemaIDGUID:: O93gCxoEjEGs6S8X0j6dQg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Maintain-Trust-Anchor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Maintain-Trust-Anchor
+attributeID: 1.2.840.113556.1.4.2133
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Maintain-Trust-Anchor
+adminDescription: 
+ An attribute used to define the type of trust anchor to automatically publish 
+ in the forest-wide trust anchor store when the DNS zone is signed.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-MaintainTrustAnchor
+schemaIDGUID:: wWPADdlSVkSeFZwkNKr9lA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-NSEC3-Current-Salt,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-NSEC3-Current-Salt
+attributeID: 1.2.840.113556.1.4.2149
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 510
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-NSEC3-Current-Salt
+adminDescription: 
+ An attribute that defines the current NSEC3 salt string being used to sign the
+  DNS zone.
+oMSyntax: 64
+searchFlags: 8
+lDAPDisplayName: msDNS-NSEC3CurrentSalt
+schemaIDGUID:: MpR9ONGmdESCzQqJquCErg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-NSEC3-Hash-Algorithm,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-NSEC3-Hash-Algorithm
+attributeID: 1.2.840.113556.1.4.2136
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-NSEC3-Hash-Algorithm
+adminDescription: 
+ An attribute that defines the NSEC3 hash algorithm to use when signing the DNS
+  zone.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-NSEC3HashAlgorithm
+schemaIDGUID:: UlWe/7d9OEGIiAXOMgoDIw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-NSEC3-Iterations,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-NSEC3-Iterations
+attributeID: 1.2.840.113556.1.4.2138
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 10000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-NSEC3-Iterations
+adminDescription: 
+ An attribute that defines how many NSEC3 hash iterations to perform when signi
+ ng the DNS zone.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-NSEC3Iterations
+schemaIDGUID:: qwq3gFmJwE6OkxJudt86yg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-NSEC3-OptOut,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-NSEC3-OptOut
+attributeID: 1.2.840.113556.1.4.2132
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-NSEC3-OptOut
+adminDescription: 
+ An attribute used to define whether or not the DNS zone should be signed using
+  NSEC opt-out.
+oMSyntax: 1
+searchFlags: 8
+lDAPDisplayName: msDNS-NSEC3OptOut
+schemaIDGUID:: iCDqe+KMPEKxkWbsUGsVlQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-NSEC3-Random-Salt-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-NSEC3-Random-Salt-Length
+attributeID: 1.2.840.113556.1.4.2137
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-NSEC3-Random-Salt-Length
+adminDescription: 
+ An attribute that defines the length in bytes of the random salt used when sig
+ ning the DNS zone.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-NSEC3RandomSaltLength
+schemaIDGUID:: ZRY2E2yR502lnbHrvQ3hKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-NSEC3-User-Salt,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-NSEC3-User-Salt
+attributeID: 1.2.840.113556.1.4.2148
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 510
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-NSEC3-User-Salt
+adminDescription: 
+ An attribute that defines a user-specified NSEC3 salt string to use when signi
+ ng the DNS zone. If empty, random salt will be used.
+oMSyntax: 64
+searchFlags: 8
+lDAPDisplayName: msDNS-NSEC3UserSalt
+schemaIDGUID:: cGfxryKWvE+hKDCId3YFuQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Parent-Has-Secure-Delegation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Parent-Has-Secure-Delegation
+attributeID: 1.2.840.113556.1.4.2146
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Parent-Has-Secure-Delegation
+adminDescription: 
+ An attribute used to define whether the parental delegation to the DNS zone is
+  secure.
+oMSyntax: 1
+searchFlags: 8
+lDAPDisplayName: msDNS-ParentHasSecureDelegation
+schemaIDGUID:: ZGlcKBrBnkmW2L98daIjxg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Propagation-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Propagation-Time
+attributeID: 1.2.840.113556.1.4.2147
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Propagation-Time
+adminDescription: 
+ An attribute used to define in seconds the expected time required to propagate
+  zone changes through Active Directory.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-PropagationTime
+schemaIDGUID:: Rw00uoEhoEyi9vrkR52rKg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-RFC5011-Key-Rollovers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-RFC5011-Key-Rollovers
+attributeID: 1.2.840.113556.1.4.2135
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-RFC5011-Key-Rollovers
+adminDescription: 
+ An attribute that defines whether or not the DNS zone should be maintained usi
+ ng key rollover procedures defined in RFC 5011.
+oMSyntax: 1
+searchFlags: 8
+lDAPDisplayName: msDNS-RFC5011KeyRollovers
+schemaIDGUID:: QDzZJ1oGwEO92M3yx9Egqg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Secure-Delegation-Polling-Period,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Secure-Delegation-Polling-Period
+attributeID: 1.2.840.113556.1.4.2142
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2592000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Secure-Delegation-Polling-Period
+adminDescription: 
+ An attribute that defines in seconds the time between polling attempts for chi
+ ld zone key rollovers.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-SecureDelegationPollingPeriod
+schemaIDGUID:: vvCw9uSoaESP2cPEe4ci+Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Sign-With-NSEC3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Sign-With-NSEC3
+attributeID: 1.2.840.113556.1.4.2131
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Sign-With-NSEC3
+adminDescription: 
+ An attribute used to define whether or not the DNS zone is signed with NSEC3.
+oMSyntax: 1
+searchFlags: 8
+lDAPDisplayName: msDNS-SignWithNSEC3
+schemaIDGUID:: mSGfx6Ft/0aSPB8/gAxyHg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Signature-Inception-Offset,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Signature-Inception-Offset
+attributeID: 1.2.840.113556.1.4.2141
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2592000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Signature-Inception-Offset
+adminDescription: 
+ An attribute that defines in seconds how far in the past DNSSEC signature vali
+ dity periods should begin when signing the DNS zone.
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDNS-SignatureInceptionOffset
+schemaIDGUID:: LsPUAxfiYUqWmXu8RymgJg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Signing-Key-Descriptors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Signing-Key-Descriptors
+attributeID: 1.2.840.113556.1.4.2143
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 10000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Signing-Key-Descriptors
+adminDescription: 
+ An attribute that contains the set of DNSSEC Signing Key Descriptors (SKDs) us
+ ed by the DNS server to generate keys and sign the DNS zone.
+oMSyntax: 4
+searchFlags: 8
+lDAPDisplayName: msDNS-SigningKeyDescriptors
+schemaIDGUID:: zdhDNLblO0+wmGWaAhSgeQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Signing-Keys,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DNS-Signing-Keys
+attributeID: 1.2.840.113556.1.4.2144
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 10000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Signing-Keys
+adminDescription: 
+ An attribute that contains the set of encrypted DNSSEC signing keys used by th
+ e DNS server to sign the DNS zone.
+oMSyntax: 4
+searchFlags: 8
+lDAPDisplayName: msDNS-SigningKeys
+schemaIDGUID:: bT5nt9nKnk6zGmPoCY/dYw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DRM-Identity-Certificate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DRM-Identity-Certificate
+attributeID: 1.2.840.113556.1.4.1843
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 10240
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DRM-Identity-Certificate
+adminDescription: 
+ The XrML digital rights management certificates for this user.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDRM-IdentityCertificate
+schemaIDGUID:: BBJe6DQ0rUGbVuKQEij/8A==
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Additional-Dns-Host-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Additional-Dns-Host-Name
+attributeID: 1.2.840.113556.1.4.1717
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Additional-Dns-Host-Name
+adminDescription: ms-DS-Additional-Dns-Host-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AdditionalDnsHostName
+schemaFlagsEx: 1
+schemaIDGUID:: kTeGgOnbuE6Dfn8KtV2axw==
+attributeSecurityGUID:: R5Xjchh70RGt7wDAT9jVzQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Additional-Sam-Account-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Additional-Sam-Account-Name
+attributeID: 1.2.840.113556.1.4.1718
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Additional-Sam-Account-Name
+adminDescription: ms-DS-Additional-Sam-Account-Name
+oMSyntax: 64
+searchFlags: 13
+lDAPDisplayName: msDS-AdditionalSamAccountName
+schemaFlagsEx: 1
+schemaIDGUID:: 33FVl9WkmkKfWc3GWB2R5g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-All-Users-Trust-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-All-Users-Trust-Quota
+attributeID: 1.2.840.113556.1.4.1789
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-All-Users-Trust-Quota
+adminDescription: 
+ Used to enforce a combined users quota on the total number of Trusted-Domain o
+ bjects created by using the control access right, "Create inbound Forest trust
+ ".
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AllUsersTrustQuota
+schemaFlagsEx: 1
+schemaIDGUID:: XEqq0wNOEEiXqisznnpDSw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Allowed-DNS-Suffixes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Allowed-DNS-Suffixes
+attributeID: 1.2.840.113556.1.4.1710
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Allowed-DNS-Suffixes
+adminDescription: Allowed suffixes for dNSHostName on computer
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AllowedDNSSuffixes
+schemaFlagsEx: 1
+schemaIDGUID:: G0RphMSaRU6CBb0hnb9nLQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Allowed-To-Act-On-Behalf-Of-Other-Identity,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Allowed-To-Act-On-Behalf-Of-Other-Identity
+attributeID: 1.2.840.113556.1.4.2182
+attributeSyntax: 2.5.5.15
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Allowed-To-Act-On-Behalf-Of-Other-Identity
+adminDescription: 
+ This attribute is used for access checks to determine if a requestor has permi
+ ssion to act on the behalf of other identities to services running as this acc
+ ount.
+oMSyntax: 66
+searchFlags: 0
+lDAPDisplayName: msDS-AllowedToActOnBehalfOfOtherIdentity
+schemaFlagsEx: 1
+schemaIDGUID:: 5cN4P5r3vUaguJ0YEW3ceQ==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Allowed-To-Delegate-To,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Allowed-To-Delegate-To
+attributeID: 1.2.840.113556.1.4.1787
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Allowed-To-Delegate-To
+adminDescription: 
+ Allowed-To-Delegate-To contains a list of SPNs that are used for Constrained D
+ elegation
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AllowedToDelegateTo
+schemaFlagsEx: 1
+schemaIDGUID:: 15QNgKG3oUKxTXyuFCPQfw==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Applies-To-Resource-Types,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Applies-To-Resource-Types
+attributeID: 1.2.840.113556.1.4.2195
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Applies-To-Resource-Types
+adminDescription: 
+ For a resource property, this attribute indicates what resource types this res
+ ource property applies to.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AppliesToResourceTypes
+schemaFlagsEx: 1
+schemaIDGUID:: BiA/aWRXSj2EOVjwSqtLWQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Approx-Immed-Subordinates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Approx-Immed-Subordinates
+attributeID: 1.2.840.113556.1.4.1669
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Approx-Immed-Subordinates
+adminDescription: ms-DS-Approx-Immed-Subordinates
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-Approx-Immed-Subordinates
+schemaFlagsEx: 1
+schemaIDGUID:: Q9KF4c7220q0lrDABdeCPA==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthenticatedAt-DC,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-AuthenticatedAt-DC
+attributeID: 1.2.840.113556.1.4.1958
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2112
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-AuthenticatedAt-DC
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Forwardlink for ms-DS-AuthenticatedTo-Accountlist; for a User, identifies whic
+ h DC a user has authenticated to
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-AuthenticatedAtDC
+schemaFlagsEx: 1
+schemaIDGUID:: nOkePgRmiUSJ2YR5iolRWg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-AuthenticatedTo-Accountlist,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-AuthenticatedTo-Accountlist
+attributeID: 1.2.840.113556.1.4.1957
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2113
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-AuthenticatedTo-Accountlist
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-DS-AuthenticatedAt-DC; for a Computer, identifies which users 
+ have authenticated to this Computer
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-AuthenticatedToAccountlist
+schemaFlagsEx: 1
+schemaIDGUID:: ccmy6N+mvEeNb2J3DVJ6pQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Auxiliary-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Auxiliary-Classes
+attributeID: 1.2.840.113556.1.4.1458
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Auxiliary-Classes
+adminDescription: ms-DS-Auxiliary-Classes
+oMSyntax: 6
+searchFlags: 8
+lDAPDisplayName: msDS-Auxiliary-Classes
+schemaFlagsEx: 1
+schemaIDGUID:: cxCvxFDu4Eu4wImkH+mavg==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Application-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Application-Data
+attributeID: 1.2.840.113556.1.4.1819
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Application-Data
+adminDescription: 
+ A string that is used by individual applications to store whatever information
+  they may need to
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzApplicationData
+schemaIDGUID:: 6MM/UMYcGkaZo57uBPQCpw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Application-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Application-Name
+attributeID: 1.2.840.113556.1.4.1798
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Application-Name
+adminDescription: A string that uniquely identifies an application object
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzApplicationName
+schemaIDGUID:: KAdb2whidkiDt5XT5WlSdQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Application-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Application-Version
+attributeID: 1.2.840.113556.1.4.1817
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Application-Version
+adminDescription: 
+ A version number to indicate that the AzApplication is updated
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzApplicationVersion
+schemaIDGUID:: IKGEccQ6rkeEj/4KsgeE1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Biz-Rule,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Biz-Rule
+attributeID: 1.2.840.113556.1.4.1801
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Biz-Rule
+adminDescription: Text of the script implementing the business rule
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzBizRule
+schemaIDGUID:: qB7UM8nAkkyUlPEEh4QT/Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Biz-Rule-Language,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Biz-Rule-Language
+attributeID: 1.2.840.113556.1.4.1802
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Biz-Rule-Language
+adminDescription: 
+ Language that the business rule script is in (Jscript, VBScript)
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzBizRuleLanguage
+schemaIDGUID:: VkuZUmwOB06qXO+df1oOJQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Class-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Class-ID
+attributeID: 1.2.840.113556.1.4.1816
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 40
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Class-ID
+adminDescription: 
+ A class ID required by the AzRoles UI on the AzApplication object
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzClassId
+schemaIDGUID:: d3I6AS1c70mn3rdls2o/bw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Domain-Timeout,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Domain-Timeout
+attributeID: 1.2.840.113556.1.4.1795
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Domain-Timeout
+adminDescription: 
+ Time (in ms) after a domain is detected to be un-reachable, and before the DC 
+ is tried again
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AzDomainTimeout
+schemaIDGUID:: avVIZHDKLk6wr9IOTOZT0A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Generate-Audits,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Generate-Audits
+attributeID: 1.2.840.113556.1.4.1805
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Generate-Audits
+adminDescription: 
+ A boolean field indicating if runtime audits need to be turned on (include aud
+ its for access checks, etc.)
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-AzGenerateAudits
+schemaIDGUID:: sLoK+WwYGES7hYhEfIciKg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Generic-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Generic-Data
+attributeID: 1.2.840.113556.1.4.1950
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Generic-Data
+adminDescription: AzMan specific generic data
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzGenericData
+schemaIDGUID:: SeP3tVt6fECjNKMcP1OLmA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Last-Imported-Biz-Rule-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Last-Imported-Biz-Rule-Path
+attributeID: 1.2.840.113556.1.4.1803
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Last-Imported-Biz-Rule-Path
+adminDescription: Last imported business rule path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzLastImportedBizRulePath
+schemaIDGUID:: XMtaZpK7vE2MWbNjjqsJsw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-LDAP-Query,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-LDAP-Query
+attributeID: 1.2.840.113556.1.4.1792
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 4096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-LDAP-Query
+adminDescription: ms-DS-Az-LDAP-Query
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzLDAPQuery
+schemaFlagsEx: 1
+schemaIDGUID:: izZTXpT8yEWdfdrzHucRLQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Major-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Major-Version
+attributeID: 1.2.840.113556.1.4.1824
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Major-Version
+adminDescription: Major version number for AzRoles
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AzMajorVersion
+schemaIDGUID:: t625z7fEWUCVaB7Z22tySA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Minor-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Minor-Version
+attributeID: 1.2.840.113556.1.4.1825
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Minor-Version
+adminDescription: Minor version number for AzRoles
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AzMinorVersion
+schemaIDGUID:: k+2F7gmyiEeBZecC9Rv78w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Object-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Object-Guid
+attributeID: 1.2.840.113556.1.4.1949
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Object-Guid
+adminDescription: The unique and portable identifier of AzMan objects
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDS-AzObjectGuid
+schemaIDGUID:: SOWRhDhsZUOnMq8EFWmwLA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Operation-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Operation-ID
+attributeID: 1.2.840.113556.1.4.1800
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Operation-ID
+adminDescription: 
+ Application specific ID that makes the operation unique to the application
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AzOperationID
+schemaIDGUID:: U7XzpXZdvky6P0MSFSyrGA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Scope-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Scope-Name
+attributeID: 1.2.840.113556.1.4.1799
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Scope-Name
+adminDescription: A string that uniquely identifies a scope object
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzScopeName
+schemaIDGUID:: BmtaURcmc0GAmdVgXfBDxg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Script-Engine-Cache-Max,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Script-Engine-Cache-Max
+attributeID: 1.2.840.113556.1.4.1796
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Script-Engine-Cache-Max
+adminDescription: Maximum number of scripts that are cached by the application
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AzScriptEngineCacheMax
+schemaIDGUID:: avYpJpUf80uilo6de54wyA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Script-Timeout,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Script-Timeout
+attributeID: 1.2.840.113556.1.4.1797
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Script-Timeout
+adminDescription: 
+ Maximum time (in ms) to wait for a script to finish auditing a specific policy
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-AzScriptTimeout
+schemaIDGUID:: QfvQh4ss9kG5chH9/VDWsA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Task-Is-Role-Definition,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Az-Task-Is-Role-Definition
+attributeID: 1.2.840.113556.1.4.1818
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Task-Is-Role-Definition
+adminDescription: 
+ A Boolean field which indicates whether AzTask is a classic task or a role def
+ inition
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-AzTaskIsRoleDefinition
+schemaIDGUID:: RIUHe4Js6U+HL/9IrSsuJg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Behavior-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Behavior-Version
+attributeID: 1.2.840.113556.1.4.1459
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Behavior-Version
+adminDescription: ms-DS-Behavior-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-Behavior-Version
+schemaFlagsEx: 1
+schemaIDGUID:: V4ca00ckRUWAgTu2EMrL8g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-BridgeHead-Servers-Used,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-BridgeHead-Servers-Used
+attributeID: 1.2.840.113556.1.4.2049
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+linkID: 2160
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-BridgeHead-Servers-Used
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: List of bridge head servers used by KCC in the previous run.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-BridgeHeadServersUsed
+schemaFlagsEx: 1
+schemaIDGUID:: ZRTtPHF7QSWHgB4epiQ6gg==
+systemFlags: 25
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Byte-Array,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Byte-Array
+attributeID: 1.2.840.113556.1.4.1831
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 1000000
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-Byte-Array
+adminDescription: An attribute for storing binary data.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ByteArray
+schemaIDGUID:: LpfY8Fvd5UClHQRMfBfs5w==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Cached-Membership,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Cached-Membership
+attributeID: 1.2.840.113556.1.4.1441
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Cached-Membership
+adminDescription: ms-DS-Cached-Membership
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-Cached-Membership
+schemaFlagsEx: 1
+schemaIDGUID:: CLDKadTNyUu6uA/zfv4bIA==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Cached-Membership-Time-Stamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Cached-Membership-Time-Stamp
+attributeID: 1.2.840.113556.1.4.1442
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Cached-Membership-Time-Stamp
+adminDescription: ms-DS-Cached-Membership-Time-Stamp
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: msDS-Cached-Membership-Time-Stamp
+schemaFlagsEx: 1
+schemaIDGUID:: H79mNe6+y02Kvu+J/P7GwQ==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Attribute-Source,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Attribute-Source
+attributeID: 1.2.840.113556.1.4.2099
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Attribute-Source
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a claim type object, this attribute points to the attribute that will be u
+ sed as the source for the claim type.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimAttributeSource
+schemaIDGUID:: PhK87ua6ZkGeWymISot2sA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Is-Single-Valued,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Is-Single-Valued
+attributeID: 1.2.840.113556.1.4.2160
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Is-Single-Valued
+adminDescription: 
+ For a claim type object, this attribute identifies if the claim type or resour
+ ce property can only contain single value.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimIsSingleValued
+schemaIDGUID:: uZ94zbSWSEaCGco3gWGvOA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Is-Value-Space-Restricted,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Is-Value-Space-Restricted
+attributeID: 1.2.840.113556.1.4.2159
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Is-Value-Space-Restricted
+adminDescription: 
+ For a claim type, this attribute identifies whether a user can input values ot
+ her than those described in the msDS-ClaimPossibleValues in applications.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimIsValueSpaceRestricted
+schemaIDGUID:: x+QsDMPxgkSFeMYNS7dEIg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Possible-Values,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Possible-Values
+attributeID: 1.2.840.113556.1.4.2097
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1048576
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Possible-Values
+adminDescription: 
+ For a claim type or resource property object, this attribute describes the val
+ ues suggested to a user when the he/she use the claim type or resource propert
+ y in applications.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimPossibleValues
+schemaIDGUID:: 7u0oLnztP0Wv5JO9hvIXTw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Shares-Possible-Values-With,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Shares-Possible-Values-With
+attributeID: 1.2.840.113556.1.4.2101
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2178
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Shares-Possible-Values-With
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a resource property object, this attribute indicates that the suggested va
+ lues of the claims issued are defined on the object that this linked attribute
+  points to. Overrides ms-DS-Claim-Possible-Values on itself, if populated.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimSharesPossibleValuesWith
+schemaIDGUID:: OtHIUgvOV0+JKxj1pDokAA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Shares-Possible-Values-With-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Shares-Possible-Values-With-BL
+attributeID: 1.2.840.113556.1.4.2102
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2179
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Shares-Possible-Values-With-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a claim type object, this attribute indicates that the possible values des
+ cribed in ms-DS-Claim-Possible-Values are being referenced by other claim type
+  objects.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimSharesPossibleValuesWithBL
+schemaIDGUID:: 2yLVVJXs9UibvRiA67shgA==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Source,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Source
+attributeID: 1.2.840.113556.1.4.2157
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Source
+adminDescription: 
+ For a claim type, this attribute indicates the source of the claim type. For e
+ xample, the source can be certificate.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimSource
+schemaIDGUID:: pvIy+ovy0Ee/kWY+j5EKcg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Source-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Source-Type
+attributeID: 1.2.840.113556.1.4.2158
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Source-Type
+adminDescription: 
+ For a security principal claim type, lists the type of store the issued claim 
+ is sourced from
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimSourceType
+schemaIDGUID:: BZzxkvqNIkK70SxPAUh3VA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Type-Applies-To-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Type-Applies-To-Class
+attributeID: 1.2.840.113556.1.4.2100
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2176
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Type-Applies-To-Class
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a claim type object, this linked attribute points to the AD security princ
+ ipal classes that for which claims should be issued. (For example, a link to t
+ he user class).
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimTypeAppliesToClass
+schemaIDGUID:: TA77anbYfEOutsPkFFTCcg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Value-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Claim-Value-Type
+attributeID: 1.2.840.113556.1.4.2098
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Value-Type
+adminDescription: 
+ For a claim type object, specifies the value type of the claims issued.
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-ClaimValueType
+schemaIDGUID:: uRdixo7k90e31WVSuK/WGQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute1,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute1
+attributeID: 1.2.840.113556.1.4.2214
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute1
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute1
+schemaIDGUID:: r+oJl9pJsk2QigRG5eq4RA==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute10,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute10
+attributeID: 1.2.840.113556.1.4.2223
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute10
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute10
+schemaIDGUID:: s/wKZ70T/EeQswpSftgatw==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute11,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute11
+attributeID: 1.2.840.113556.1.4.2224
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute11
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute11
+schemaIDGUID:: yLuenqV9pkKJJSROEqVuJA==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute12,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute12
+attributeID: 1.2.840.113556.1.4.2225
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute12
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute12
+schemaIDGUID:: PcQBPAvhyk+Sskz2FdWwmg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute13,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute13
+attributeID: 1.2.840.113556.1.4.2226
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute13
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute13
+schemaIDGUID:: S0a+KJCreUumsN9DdDHQNg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute14,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute14
+attributeID: 1.2.840.113556.1.4.2227
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute14
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute14
+schemaIDGUID:: ura8zoBuJ0mFYJj+yghqnw==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute15,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute15
+attributeID: 1.2.840.113556.1.4.2228
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute15
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute15
+schemaIDGUID:: N9XkqvCKqk2cxmLq24T/Aw==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute16,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute16
+attributeID: 1.2.840.113556.1.4.2229
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute16
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute16
+schemaIDGUID:: WyGBlZZRU0ChHm/8r8YsTQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute17,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute17
+attributeID: 1.2.840.113556.1.4.2230
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute17
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute17
+schemaIDGUID:: 2m08PehrKUKWfi/1u5O0zg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute18,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute18
+attributeID: 1.2.840.113556.1.4.2231
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute18
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute18
+schemaIDGUID:: NDvniKYKaUSYQm6wGzKltQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute19,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute19
+attributeID: 1.2.840.113556.1.4.2232
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute19
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute19
+schemaIDGUID:: mf51CQeWikaOGMgA0zhzlQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute2
+attributeID: 1.2.840.113556.1.4.2215
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute2
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute2
+schemaIDGUID:: rOBO88HAqUuCyRqQdS8WpQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute20,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute20
+attributeID: 1.2.840.113556.1.4.2233
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute20
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute20
+schemaIDGUID:: KGNE9W6LjUmVqCEXSNWs3A==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute3
+attributeID: 1.2.840.113556.1.4.2216
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute3
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute3
+schemaIDGUID:: Gsj2gtr6DUqw93BtRoOOtQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute4,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute4
+attributeID: 1.2.840.113556.1.4.2217
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute4
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute4
+schemaIDGUID:: NzS/nG5OW0iykSKwJVQnPw==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute5,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute5
+attributeID: 1.2.840.113556.1.4.2218
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute5
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute5
+schemaIDGUID:: W+gVKUfjUkiquyLlplHIZA==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute6,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute6
+attributeID: 1.2.840.113556.1.4.2219
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute6
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute6
+schemaIDGUID:: eSZFYOEo7Eus43EoMzYUVg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute7,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute7
+attributeID: 1.2.840.113556.1.4.2220
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute7
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute7
+schemaIDGUID:: GRN8Sk7jwkCdAGD/eJDyBw==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute8,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute8
+attributeID: 1.2.840.113556.1.4.2221
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute8
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute8
+schemaIDGUID:: FMXRPEmEykSBwAIXgYANKg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-cloudExtensionAttribute9,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute9
+attributeID: 1.2.840.113556.1.4.2222
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-cloudExtensionAttribute9
+adminDescription: 
+ An attribute used to house an arbitrary cloud-relevant string
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msDS-cloudExtensionAttribute9
+schemaIDGUID:: LOFjCkAwQUSuJs2Vrw0kfg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Consistency-Child-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Consistency-Child-Count
+attributeID: 1.2.840.113556.1.4.1361
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Consistency-Child-Count
+adminDescription: MS-DS-Consistency-Child-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mS-DS-ConsistencyChildCount
+schemaIDGUID:: wnuLFzq20hGQ4QDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Consistency-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Consistency-Guid
+attributeID: 1.2.840.113556.1.4.1360
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Consistency-Guid
+adminDescription: MS-DS-Consistency-Guid
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mS-DS-ConsistencyGuid
+schemaIDGUID:: wj13Izq20hGQ4QDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Creator-SID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Creator-SID
+attributeID: 1.2.840.113556.1.4.1410
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Creator-SID
+adminDescription: MS-DS-Creator-SID
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: mS-DS-CreatorSID
+schemaFlagsEx: 1
+schemaIDGUID:: MgHmxYAU0xGRwQAA+HpX1A==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Date-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Date-Time
+attributeID: 1.2.840.113556.1.4.1832
+attributeSyntax: 2.5.5.11
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-Date-Time
+adminDescription: An attribute for storing a data and time value.
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: msDS-DateTime
+schemaIDGUID:: 2MtPI1L7CEmjKP2fbljkAw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Default-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Default-Quota
+attributeID: 1.2.840.113556.1.4.1846
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Default-Quota
+adminDescription: 
+ The default quota that will apply to a security principal creating an object i
+ n the NC if no quota specification exists that covers the security principal.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-DefaultQuota
+schemaFlagsEx: 1
+schemaIDGUID:: JvcYaEtnG0SKOvQFljdM6g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Deleted-Object-Lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Deleted-Object-Lifetime
+attributeID: 1.2.840.113556.1.4.2068
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Deleted-Object-Lifetime
+adminDescription: Lifetime of a deleted object.
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: msDS-DeletedObjectLifetime
+schemaFlagsEx: 1
+schemaIDGUID:: toyzqZoY702KcA/PoVgUjg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-DnsRootAlias,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-DnsRootAlias
+attributeID: 1.2.840.113556.1.4.1719
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-DnsRootAlias
+adminDescription: ms-DS-DnsRootAlias
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-DnsRootAlias
+schemaFlagsEx: 1
+schemaIDGUID:: yqxDIa3uKU21kYX6Sc6Rcw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Egress-Claims-Transformation-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Egress-Claims-Transformation-Policy
+attributeID: 1.2.840.113556.1.4.2192
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2192
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Egress-Claims-Transformation-Policy
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This is a link to a Claims Transformation Policy Object for the egress claims 
+ (claims leaving this forest) to the Trusted Domain. This is applicable only fo
+ r an incoming or bidirectional Cross-Forest Trust. When this link is not prese
+ nt, all claims are allowed to egress as-is.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-EgressClaimsTransformationPolicy
+schemaFlagsEx: 1
+schemaIDGUID:: fkI3wXOaQLCRkBsJW7QyiA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Enabled-Feature,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Enabled-Feature
+attributeID: 1.2.840.113556.1.4.2061
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2168
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Enabled-Feature
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Enabled optional features.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-EnabledFeature
+schemaFlagsEx: 1
+schemaIDGUID:: r64GV0C5sk+8/FJoaDrZ/g==
+systemOnly: TRUE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Enabled-Feature-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Enabled-Feature-BL
+attributeID: 1.2.840.113556.1.4.2069
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2169
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Enabled-Feature-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Scopes where this optional feature is enabled.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-EnabledFeatureBL
+schemaFlagsEx: 1
+schemaIDGUID:: vAFbzsYXuESdwalmiwCQGw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Entry-Time-To-Die,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Entry-Time-To-Die
+attributeID: 1.2.840.113556.1.4.1622
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Entry-Time-To-Die
+adminDescription: ms-DS-Entry-Time-To-Die
+oMSyntax: 24
+searchFlags: 9
+lDAPDisplayName: msDS-Entry-Time-To-Die
+schemaFlagsEx: 1
+schemaIDGUID:: 17rp4d3GAUGoQ3lM7IWwOA==
+systemOnly: TRUE
+systemFlags: 24
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-ExecuteScriptPassword,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-ExecuteScriptPassword
+attributeID: 1.2.840.113556.1.4.1783
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-ExecuteScriptPassword
+adminDescription: ms-DS-ExecuteScriptPassword
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ExecuteScriptPassword
+schemaFlagsEx: 1
+schemaIDGUID:: WkoFnYfRwUadhULfxEpW3Q==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-External-Key,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-External-Key
+attributeID: 1.2.840.113556.1.4.1833
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 10000
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-External-Key
+adminDescription: 
+ A string to identifiy an object in an external store such as a record in a dat
+ abase.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ExternalKey
+schemaIDGUID:: KNUvuaw41ECBjQQzOAg3wQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-External-Store,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-External-Store
+attributeID: 1.2.840.113556.1.4.1834
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 10000
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-External-Store
+adminDescription: 
+ A string to identifiy the location of an external store such as a database.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ExternalStore
+schemaIDGUID:: zXdIYNucx0ewPT2q2wRJEA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Failed-Interactive-Logon-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Failed-Interactive-Logon-Count
+attributeID: 1.2.840.113556.1.4.1972
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-FailedInteractiveLogonCount
+adminDescription: 
+ The total number of failed interactive logons since this feature was turned on
+ .
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-FailedInteractiveLogonCount
+schemaFlagsEx: 1
+schemaIDGUID:: b6g83K1wYEmEJaTWMT2T3Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon
+attributeID: 1.2.840.113556.1.4.1973
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: 
+ ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon
+adminDescription: 
+ The total number of failed interactive logons up until the last successful C-A
+ -D logon.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon
+schemaFlagsEx: 1
+schemaIDGUID:: 5TTSxUpkA0SmZeJuCu9emA==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Filter-Containers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Filter-Containers
+attributeID: 1.2.840.113556.1.4.1703
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Filter-Containers
+adminDescription: ms-DS-Filter-Containers
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-FilterContainers
+schemaIDGUID:: 39wA+zesOkicEqxTpmAwMw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Generation-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Generation-Id
+attributeID: 1.2.840.113556.1.4.2166
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Generation-Id
+adminDescription: 
+ For virtual machine snapshot resuming detection. This attribute represents the
+  VM Generation ID.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-GenerationId
+schemaIDGUID:: PTldHreMT0uECpc7NswJww==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-GeoCoordinates-Altitude,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-GeoCoordinates-Altitude
+attributeID: 1.2.840.113556.1.4.2183
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-GeoCoordinates-Altitude
+adminDescription: ms-DS-GeoCoordinates-Altitude
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: msDS-GeoCoordinatesAltitude
+schemaIDGUID:: twMXoUFWnE2GPl+zMl504A==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-GeoCoordinates-Latitude,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-GeoCoordinates-Latitude
+attributeID: 1.2.840.113556.1.4.2184
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-GeoCoordinates-Latitude
+adminDescription: ms-DS-GeoCoordinates-Latitude
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: msDS-GeoCoordinatesLatitude
+schemaIDGUID:: TtRm3EM99UCFxTwS4WmSfg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-GeoCoordinates-Longitude,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-GeoCoordinates-Longitude
+attributeID: 1.2.840.113556.1.4.2185
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-GeoCoordinates-Longitude
+adminDescription: ms-DS-GeoCoordinates-Longitude
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: msDS-GeoCoordinatesLongitude
+schemaIDGUID:: ECHElOS66kyFd6+BOvXaJQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-GroupMSAMembership,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-GroupMSAMembership
+attributeID: 1.2.840.113556.1.4.2200
+attributeSyntax: 2.5.5.15
+isSingleValued: TRUE
+rangeUpper: 132096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-GroupMSAMembership
+adminDescription: 
+ This attribute is used for access checks to determine if a requestor has permi
+ ssion to retrieve the password for a group MSA.
+oMSyntax: 66
+searchFlags: 0
+lDAPDisplayName: msDS-GroupMSAMembership
+schemaFlagsEx: 1
+schemaIDGUID:: 1u2OiATOQN+0YrilDkG6OA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-HAB-Seniority-Index,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-HAB-Seniority-Index
+attributeID: 1.2.840.113556.1.4.1997
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 36000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-HAB-Seniority-Index
+adminDescription: 
+ Contains the seniority index as applied by the organization where the person w
+ orks.
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: msDS-HABSeniorityIndex
+schemaIDGUID:: 8Un03jv9RUCYz9lljaeItQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Has-Domain-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Has-Domain-NCs
+attributeID: 1.2.840.113556.1.4.1820
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+rangeLower: 4
+rangeUpper: 4
+linkID: 2026
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Has-Domain-NCs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ DS replication information detailing the domain NCs present on a particular se
+ rver.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-HasDomainNCs
+schemaFlagsEx: 1
+schemaIDGUID:: R+MXb0KomES4sxXgB9pP7Q==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Has-Full-Replica-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Has-Full-Replica-NCs
+attributeID: 1.2.840.113556.1.4.1925
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2104
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Has-Full-Replica-NCs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a Directory instance (DSA), identifies the partitions held as full replica
+ s
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-hasFullReplicaNCs
+schemaFlagsEx: 1
+schemaIDGUID:: GC08HdBCaEiZ/g7KHm+p8w==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Has-Instantiated-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Has-Instantiated-NCs
+attributeID: 1.2.840.113556.1.4.1709
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+rangeLower: 4
+rangeUpper: 4
+linkID: 2002
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Has-Instantiated-NCs
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: 
+ DS replication information detailing the state of the NCs present on a particu
+ lar server.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-HasInstantiatedNCs
+schemaFlagsEx: 1
+schemaIDGUID:: vKXpERdFSUCvnFFVT7D8CQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Has-Master-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Has-Master-NCs
+attributeID: 1.2.840.113556.1.4.1836
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2036
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Has-Master-NCs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ A list of the naming contexts contained by a DC. Deprecates hasMasterNCs.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-hasMasterNCs
+schemaFlagsEx: 1
+schemaIDGUID:: 4uAtrtdZR02NR+1N/kNXrQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Host-Service-Account,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Host-Service-Account
+attributeID: 1.2.840.113556.1.4.2056
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2166
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Host-Service-Account
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Service Accounts configured to run on this computer.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-HostServiceAccount
+schemaFlagsEx: 1
+schemaIDGUID:: QxBkgKIV4UCSooyoZvcHdg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Host-Service-Account-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Host-Service-Account-BL
+attributeID: 1.2.840.113556.1.4.2057
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2167
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Host-Service-Account-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Service Accounts Back Link for linking machines associated with the service ac
+ count.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-HostServiceAccountBL
+schemaFlagsEx: 1
+schemaIDGUID:: 6+SrefOI50iJ1vS8fpjDMQ==
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Ingress-Claims-Transformation-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Ingress-Claims-Transformation-Policy
+attributeID: 1.2.840.113556.1.4.2191
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2190
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Ingress-Claims-Transformation-Policy
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This is a link to a Claims Transformation Policy Object for the ingress claims
+  (claims entering this forest) from the Trusted Domain. This is applicable onl
+ y for an outgoing or bidirectional Cross-Forest Trust. If this link is absent,
+  all the ingress claims are dropped.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-IngressClaimsTransformationPolicy
+schemaFlagsEx: 1
+schemaIDGUID:: CEwohm4MQBWLFXUUfSPSDQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Integer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Integer
+attributeID: 1.2.840.113556.1.4.1835
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-Integer
+adminDescription: An attribute for storing an integer.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-Integer
+schemaIDGUID:: 6kzGe07AGEOxAj4HKTcaZQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-IntId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-IntId
+attributeID: 1.2.840.113556.1.4.1716
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-IntId
+adminDescription: ms-DS-IntId
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: msDS-IntId
+schemaFlagsEx: 1
+schemaIDGUID:: aglgvEcbMEuId2Ask/VlMg==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Domain-For,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Domain-For
+attributeID: 1.2.840.113556.1.4.1933
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2027
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-Domain-For
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-DS-Has-Domain-NCs; for a partition root object, identifies whi
+ ch Directory instances (DSA) hold that partition as their primary domain
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-IsDomainFor
+schemaIDGUID:: KloV/+VE4E2DGBOliYjeTw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Full-Replica-For,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Full-Replica-For
+attributeID: 1.2.840.113556.1.4.1932
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2105
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-Full-Replica-For
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-Ds-Has-Full-Replica-NCs; for a partition root object, identifi
+ es which Directory instances (DSA) hold that partition as a full replica
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-IsFullReplicaFor
+schemaIDGUID:: 4HK8yLSm8EiUpf12qIyZhw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Partial-Replica-For,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Partial-Replica-For
+attributeID: 1.2.840.113556.1.4.1934
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 75
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-Partial-Replica-For
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for has-Partial-Replica-NCs; for a partition root object, identifies 
+ which Directory instances (DSA) hold that partition as a partial replica
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-IsPartialReplicaFor
+schemaIDGUID:: 9k/JN9TGj0my+cb3+GR4CQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Possible-Values-Present,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Possible-Values-Present
+attributeID: 1.2.840.113556.1.4.2186
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-Possible-Values-Present
+adminDescription: 
+ This attribute identifies if ms-DS-Claim-Possible-Values on linked resource pr
+ operty must have value or must not have value.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-IsPossibleValuesPresent
+schemaFlagsEx: 1
+schemaIDGUID:: 2tyrb1OMTyCxpJ3wxnwetA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Primary-Computer-For,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Primary-Computer-For
+attributeID: 1.2.840.113556.1.4.2168
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2187
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-Primary-Computer-For
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Backlink atribute for msDS-IsPrimaryComputer.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-IsPrimaryComputerFor
+schemaIDGUID:: rAaMmYc/TkSl3xGwPcilDA==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-Used-As-Resource-Security-Attribute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-Used-As-Resource-Security-Attribute
+attributeID: 1.2.840.113556.1.4.2095
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-Used-As-Resource-Security-Attribute
+adminDescription: 
+ For a resource property, this attribute indicates whether it is being used as 
+ a secure attribute.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-IsUsedAsResourceSecurityAttribute
+schemaIDGUID:: nfjJUTBHjUaitR1JMhLRfg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Is-User-Cachable-At-Rodc,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Is-User-Cachable-At-Rodc
+attributeID: 1.2.840.113556.1.4.2025
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Is-User-Cachable-At-Rodc
+adminDescription: 
+ For a Read-Only Directory instance (DSA), Identifies whether the specified use
+ r's secrets are cachable.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-IsUserCachableAtRodc
+schemaFlagsEx: 1
+schemaIDGUID:: WiQB/h80VkWVH0jAM6iQUA==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-isGC,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-isGC
+attributeID: 1.2.840.113556.1.4.1959
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-isGC
+adminDescription: 
+ For a Directory instance (DSA), Identifies the state of the Global Catalog on 
+ the DSA
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-isGC
+schemaFlagsEx: 1
+schemaIDGUID:: M8/1HeUPnkmQ4elLQnGKRg==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-isRODC,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-isRODC
+attributeID: 1.2.840.113556.1.4.1960
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-isRODC
+adminDescription: 
+ For a Directory instance (DSA), Identifies whether the DSA is a Read-Only DSA
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-isRODC
+schemaFlagsEx: 1
+schemaIDGUID:: I6roqGc+8Uqdei8aHWM6yQ==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-KeyVersionNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-KeyVersionNumber
+attributeID: 1.2.840.113556.1.4.1782
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-KeyVersionNumber
+adminDescription: 
+ The Kerberos version number of the current key for this account. This is a con
+ structed attribute.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-KeyVersionNumber
+schemaFlagsEx: 1
+schemaIDGUID:: wOkjxbUzyEqJI7V7kn9C9g==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-KrbTgt-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-KrbTgt-Link
+attributeID: 1.2.840.113556.1.4.1923
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2100
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-KrbTgt-Link
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a computer, Identifies the user object (krbtgt), acting as the domain or s
+ econdary domain master secret. Depends on which domain or secondary domain the
+  computer resides in.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-KrbTgtLink
+schemaFlagsEx: 1
+schemaIDGUID:: yfWPd05vdEuFataDgzE5EA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-KrbTgt-Link-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-KrbTgt-Link-BL
+attributeID: 1.2.840.113556.1.4.1931
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2101
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-KrbTgt-Link-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-DS-KrbTgt-Link; for a user object (krbtgt) acting as a domain 
+ or secondary domain master secret, identifies which computers are in that doma
+ in or secondary domain
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-KrbTgtLinkBl
+schemaFlagsEx: 1
+schemaIDGUID:: QYzWXd+/i0ObXTnZYYvyYA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Last-Failed-Interactive-Logon-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Last-Failed-Interactive-Logon-Time
+attributeID: 1.2.840.113556.1.4.1971
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-LastFailedInteractiveLogonTime
+adminDescription: 
+ The time that an incorrect password was presented during a C-A-D logon.
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-LastFailedInteractiveLogonTime
+schemaFlagsEx: 1
+schemaIDGUID:: +trnx8MQi0uazVTxEGN0Lg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Last-Known-RDN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Last-Known-RDN
+attributeID: 1.2.840.113556.1.4.2067
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Last-Known-RDN
+adminDescription: Holds original RDN of a deleted object.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-LastKnownRDN
+schemaFlagsEx: 1
+schemaIDGUID:: WFixij5obUaHf9ZA4fmmEQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Last-Successful-Interactive-Logon-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Last-Successful-Interactive-Logon-Time
+attributeID: 1.2.840.113556.1.4.1970
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-LastSuccessfulInteractiveLogonTime
+adminDescription: 
+ The time that the correct password was presented during a C-A-D logon.
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-LastSuccessfulInteractiveLogonTime
+schemaFlagsEx: 1
+schemaIDGUID:: 5ikZAV2LWEK2SgCwtJSXRw==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Local-Effective-Deletion-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Local-Effective-Deletion-Time
+attributeID: 1.2.840.113556.1.4.2059
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Local-Effective-Deletion-Time
+adminDescription: Deletion time of the object in the local DIT.
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: msDS-LocalEffectiveDeletionTime
+schemaFlagsEx: 1
+schemaIDGUID:: DIDylB9T60qXXUisOf2MpA==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Local-Effective-Recycle-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Local-Effective-Recycle-Time
+attributeID: 1.2.840.113556.1.4.2060
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Local-Effective-Recycle-Time
+adminDescription: Recycle time of the object in the local DIT.
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: msDS-LocalEffectiveRecycleTime
+schemaFlagsEx: 1
+schemaIDGUID:: awHWStKwm0yTtllksXuWjA==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Lockout-Duration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Lockout-Duration
+attributeID: 1.2.840.113556.1.4.2018
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeUpper: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lockout Duration
+adminDescription: Lockout duration for locked out user accounts
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-LockoutDuration
+schemaFlagsEx: 1
+schemaIDGUID:: mogfQi5H5E+OueHQvGBxsg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Lockout-Observation-Window,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Lockout-Observation-Window
+attributeID: 1.2.840.113556.1.4.2017
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeUpper: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lockout Observation Window
+adminDescription: Observation Window for lockout of user accounts
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-LockoutObservationWindow
+schemaFlagsEx: 1
+schemaIDGUID:: idpbsK92ika4khvlVVjsyA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Lockout-Threshold,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Lockout-Threshold
+attributeID: 1.2.840.113556.1.4.2019
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lockout Threshold
+adminDescription: Lockout threshold for lockout of user accounts
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-LockoutThreshold
+schemaFlagsEx: 1
+schemaIDGUID:: XsPIuBlKlUqZ0Gn+REYobw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Logon-Time-Sync-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Logon-Time-Sync-Interval
+attributeID: 1.2.840.113556.1.4.1784
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Logon-Time-Sync-Interval
+adminDescription: ms-DS-Logon-Time-Sync-Interval
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-LogonTimeSyncInterval
+schemaFlagsEx: 1
+schemaIDGUID:: +EB5rTrkQkqDvNaI5Z6mBQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Machine-Account-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Machine-Account-Quota
+attributeID: 1.2.840.113556.1.4.1411
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Machine-Account-Quota
+adminDescription: MS-DS-Machine-Account-Quota
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: ms-DS-MachineAccountQuota
+schemaFlagsEx: 1
+schemaIDGUID:: aPtk0IAU0xGRwQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-ManagedPassword,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-ManagedPassword
+attributeID: 1.2.840.113556.1.4.2196
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-ManagedPassword
+adminDescription: This attribute is the managed password data for a group MSA.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ManagedPassword
+schemaFlagsEx: 1
+schemaIDGUID:: hu1i4yi3QgiyfS3qep3yGA==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-ManagedPasswordId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-ManagedPasswordId
+attributeID: 1.2.840.113556.1.4.2197
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-ManagedPasswordId
+adminDescription: 
+ This attribute is the identifier for the current managed password data for a g
+ roup MSA.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ManagedPasswordId
+schemaFlagsEx: 1
+schemaIDGUID:: Wil4DtPGQAq0kdYiUf+gpg==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-ManagedPasswordInterval,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-ManagedPasswordInterval
+attributeID: 1.2.840.113556.1.4.2199
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-ManagedPasswordInterval
+adminDescription: 
+ This attribute is used to retrieve the number of days before a managed passwor
+ d is automatically changed for a group MSA.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-ManagedPasswordInterval
+schemaFlagsEx: 1
+schemaIDGUID:: 9451+HasQ4ii7qJrTcr0CQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-ManagedPasswordPreviousId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-ManagedPasswordPreviousId
+attributeID: 1.2.840.113556.1.4.2198
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-ManagedPasswordPreviousId
+adminDescription: 
+ This attribute is the identifier for the previous managed password data for a 
+ group MSA.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-ManagedPasswordPreviousId
+schemaFlagsEx: 1
+schemaIDGUID:: MSHW0EotT9CZ2RxjZGIppA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Mastered-By,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Mastered-By
+attributeID: 1.2.840.113556.1.4.1837
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2037
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Mastered-By
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Back link for msDS-hasMasterNCs.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDs-masteredBy
+schemaFlagsEx: 1
+schemaIDGUID:: aUcjYBlIFUahsknS8RmstQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Max-Values,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Max-Values
+attributeID: 1.2.840.113556.1.4.1842
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Max-Values
+adminDescription: Max values allowed.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDs-MaxValues
+schemaIDGUID:: pGnh0enrv0mPy4rvOHRZLQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Maximum-Password-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Maximum-Password-Age
+attributeID: 1.2.840.113556.1.4.2011
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeUpper: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Maximum Password Age
+adminDescription: Maximum Password Age for user accounts
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-MaximumPasswordAge
+schemaFlagsEx: 1
+schemaIDGUID:: 9TfT/ZlJzk+yUo/5ybQ4dQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Members-For-Az-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Members-For-Az-Role
+attributeID: 1.2.840.113556.1.4.1806
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2016
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Members-For-Az-Role
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: List of member application groups or users linked to Az-Role
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-MembersForAzRole
+schemaFlagsEx: 1
+schemaIDGUID:: zeb3y6SFFEOJOYv+gFl4NQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Members-For-Az-Role-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Members-For-Az-Role-BL
+attributeID: 1.2.840.113556.1.4.1807
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2017
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Members-For-Az-Role-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Back-link from member application group or user to Az-Role object(s) linking t
+ o it
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-MembersForAzRoleBL
+schemaIDGUID:: IM3s7OCniEaczwLs5eKH9Q==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Members-Of-Resource-Property-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Members-Of-Resource-Property-List
+attributeID: 1.2.840.113556.1.4.2103
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2180
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Members-Of-Resource-Property-List
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a resource property list object, this multi-valued link attribute points t
+ o one or more resource property objects.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-MembersOfResourcePropertyList
+schemaIDGUID:: ERw3Ta1MQUyK0rGAqyvRPA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Members-Of-Resource-Property-List-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Members-Of-Resource-Property-List-BL
+attributeID: 1.2.840.113556.1.4.2104
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2181
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Members-Of-Resource-Property-List-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-DS-Members-Of-Resource-Property-List. For a resource property 
+ object, this attribute references the resource property list object that it is
+  a member of.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-MembersOfResourcePropertyListBL
+schemaIDGUID:: BLdpdLDtaEWlpVn0hix1pw==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Minimum-Password-Age,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Minimum-Password-Age
+attributeID: 1.2.840.113556.1.4.2012
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+rangeUpper: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Minimum Password Age
+adminDescription: Minimum Password Age for user accounts
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-MinimumPasswordAge
+schemaFlagsEx: 1
+schemaIDGUID:: ePh0KpxN+UmXs2dn0cvZow==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Minimum-Password-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Minimum-Password-Length
+attributeID: 1.2.840.113556.1.4.2013
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Minimum Password Length
+adminDescription: Minimum Password Length for user accounts
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-MinimumPasswordLength
+schemaFlagsEx: 1
+schemaIDGUID:: OTQbsjpMHES7XwjyDpsxXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-Repl-Cursors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-Repl-Cursors
+description: 
+ A list of past and present replication partners, and how up to date we are wit
+ h each of them.
+attributeID: 1.2.840.113556.1.4.1704
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-Repl-Cursors
+adminDescription: ms-DS-NC-Repl-Cursors
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-NCReplCursors
+schemaFlagsEx: 1
+schemaIDGUID:: 5HwWiuj560eNePf+gKuyzA==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-Repl-Inbound-Neighbors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-Repl-Inbound-Neighbors
+description: 
+ Replication partners for this partition.  This server obtains replication data
+  from these other servers, which act as sources.
+attributeID: 1.2.840.113556.1.4.1705
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-Repl-Inbound-Neighbors
+adminDescription: ms-DS-NC-Repl-Inbound-Neighbors
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-NCReplInboundNeighbors
+schemaFlagsEx: 1
+schemaIDGUID:: Wqjbnp4+G0ObGqW26e2nlg==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-Repl-Outbound-Neighbors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-Repl-Outbound-Neighbors
+description: 
+ Replication partners for this partition.  This server sends replication data t
+ o these other servers, which act as destinations. This server will notify thes
+ e other servers when new data is available.
+attributeID: 1.2.840.113556.1.4.1706
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-Repl-Outbound-Neighbors
+adminDescription: ms-DS-NC-Repl-Outbound-Neighbors
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-NCReplOutboundNeighbors
+schemaFlagsEx: 1
+schemaIDGUID:: 9S5fhcWhxEy6bTJSKEi2Hw==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-Replica-Locations,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-Replica-Locations
+attributeID: 1.2.840.113556.1.4.1661
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 1044
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-Replica-Locations
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This is a list of servers that are the replica set for the corresponding Non-D
+ omain Naming Context.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NC-Replica-Locations
+schemaFlagsEx: 1
+schemaIDGUID:: FZbelze1vEasDxByDzkJ8w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-RO-Replica-Locations,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-RO-Replica-Locations
+attributeID: 1.2.840.113556.1.4.1967
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2114
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-RO-Replica-Locations
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ a linked attribute on a cross ref object for a partition. This attribute lists
+  the DSA instances which should host the partition in a readonly manner.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NC-RO-Replica-Locations
+schemaFlagsEx: 1
+schemaIDGUID:: 35P3PViYF0SnAXNaHs6/dA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-RO-Replica-Locations-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-RO-Replica-Locations-BL
+attributeID: 1.2.840.113556.1.4.1968
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2115
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-RO-Replica-Locations-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: backlink attribute for ms-DS-NC-RO-Replica-Locations.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NC-RO-Replica-Locations-BL
+schemaIDGUID:: HFFH9SpbzESDWJkqiCWBZA==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-NC-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-NC-Type
+attributeID: 1.2.840.113556.1.4.2024
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-NC-Type
+adminDescription: 
+ A bit field that maintains information about aspects of a NC replica that are 
+ relevant to replication.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-NcType
+schemaFlagsEx: 1
+schemaIDGUID:: 16wuWivMz0idmrbxoAJN6Q==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Never-Reveal-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Never-Reveal-Group
+attributeID: 1.2.840.113556.1.4.1926
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2106
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Never-Reveal-Group
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a Directory instance (DSA), identifies the security group whose users will
+  never have their secrets disclosed to that instance
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NeverRevealGroup
+schemaFlagsEx: 1
+schemaIDGUID:: mVlYFUn9Zk2yXe65arqBdA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Non-Members,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Non-Members
+attributeID: 1.2.840.113556.1.4.1793
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2014
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Non-Members
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: ms-DS-Non-Members
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NonMembers
+schemaFlagsEx: 1
+schemaIDGUID:: 3rH8yjzytUat9x5klXvV2w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Non-Members-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Non-Members-BL
+attributeID: 1.2.840.113556.1.4.1794
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2015
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Non-Members-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MS-DS-Non-Members-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NonMembersBL
+schemaIDGUID:: /GiMKno6h06HIP53xRy+dA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Non-Security-Group-Extra-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Non-Security-Group-Extra-Classes
+attributeID: 1.2.840.113556.1.4.1689
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Non-Security-Group-Extra-Classes
+adminDescription: ms-DS-Non-Security-Group-Extra-Classes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-Non-Security-Group-Extra-Classes
+schemaIDGUID:: /EThLVIfb0i99Bb8wwhOVA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Object-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Object-Reference
+attributeID: 1.2.840.113556.1.4.1840
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2038
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-Object-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ A link to the object that uses the data stored in the object that contains thi
+ s attribute.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ObjectReference
+schemaIDGUID:: 6MKOY+cinECF0hGyG+5y3g==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Object-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Object-Reference-BL
+attributeID: 1.2.840.113556.1.4.1841
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2039
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-DS-Object-Reference-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Back link for ms-DS-Object-Reference.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ObjectReferenceBL
+schemaIDGUID:: FSVwK/fBO0uxSMDkxs7stA==
+systemOnly: TRUE
+systemFlags: 1
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-OIDToGroup-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-OIDToGroup-Link
+attributeID: 1.2.840.113556.1.4.2051
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2164
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-OIDToGroup-Link
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For an OID, identifies the group object corresponding to the issuance policy r
+ epresented by this OID.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-OIDToGroupLink
+schemaFlagsEx: 1
+schemaIDGUID:: fKXJ+UE5jUO+vw7a8qyhhw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-OIDToGroup-Link-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-OIDToGroup-Link-BL
+attributeID: 1.2.840.113556.1.4.2052
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2165
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-OIDToGroup-Link-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-DS-OIDToGroup-Link; identifies the issuance policy, represente
+ d by an OID object, which is mapped to this group.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-OIDToGroupLinkBl
+schemaFlagsEx: 1
+schemaIDGUID:: IA09GkRYmUGtJQ9QOadq2g==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Operations-For-Az-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Operations-For-Az-Role
+attributeID: 1.2.840.113556.1.4.1812
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2022
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Operations-For-Az-Role
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: List of operations linked to Az-Role
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-OperationsForAzRole
+schemaIDGUID:: vgH3k0z6tkO8L02+pxj/qw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Operations-For-Az-Role-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Operations-For-Az-Role-BL
+attributeID: 1.2.840.113556.1.4.1813
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2023
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Operations-For-Az-Role-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Back-link from Az-Operation to Az-Role object(s) linking to it
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-OperationsForAzRoleBL
+schemaIDGUID:: KGJb+DQ3JUW2tz87siCQLA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Operations-For-Az-Task,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Operations-For-Az-Task
+attributeID: 1.2.840.113556.1.4.1808
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2018
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Operations-For-Az-Task
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: List of operations linked to Az-Task
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-OperationsForAzTask
+schemaIDGUID:: NrSsGp0uqUSSmM5N6+tuvw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Operations-For-Az-Task-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Operations-For-Az-Task-BL
+attributeID: 1.2.840.113556.1.4.1809
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2019
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Operations-For-Az-Task-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Back-link from Az-Operation to Az-Task object(s) linking to it
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-OperationsForAzTaskBL
+schemaIDGUID:: EdI3pjlX0U6JsoiXRUi8WQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Optional-Feature-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Optional-Feature-Flags
+attributeID: 1.2.840.113556.1.4.2063
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Optional-Feature-Flags
+adminDescription: 
+ An integer value that contains flags that define behavior of an optional featu
+ re in Active Directory.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-OptionalFeatureFlags
+schemaFlagsEx: 1
+schemaIDGUID:: wWAFirmXEUidt9wGFZiWWw==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Optional-Feature-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Optional-Feature-GUID
+attributeID: 1.2.840.113556.1.4.2062
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Optional-Feature-GUID
+adminDescription: GUID of an optional feature.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-OptionalFeatureGUID
+schemaFlagsEx: 1
+schemaIDGUID:: qL2Im4LdmEmpHV8tK68ZJw==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Other-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Other-Settings
+attributeID: 1.2.840.113556.1.4.1621
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Other-Settings
+adminDescription: ms-DS-Other-Settings
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-Other-Settings
+schemaFlagsEx: 1
+schemaIDGUID:: TPPSeX2du0KDj4ZrPkQA4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Password-Complexity-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Password-Complexity-Enabled
+attributeID: 1.2.840.113556.1.4.2015
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Password Complexity Status
+adminDescription: Password complexity status for user accounts
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-PasswordComplexityEnabled
+schemaFlagsEx: 1
+schemaIDGUID:: SwVo28PJ8EuxWw+1JVKmEA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Password-History-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Password-History-Length
+attributeID: 1.2.840.113556.1.4.2014
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Password History Length
+adminDescription: Password History Length for user accounts
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-PasswordHistoryLength
+schemaFlagsEx: 1
+schemaIDGUID:: txvY/ox2L0yWQSJF3jR5TQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Password-Reversible-Encryption-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Password-Reversible-Encryption-Enabled
+attributeID: 1.2.840.113556.1.4.2016
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Password Reversible Encryption Status
+adminDescription: Password reversible encryption status for user accounts
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-PasswordReversibleEncryptionEnabled
+schemaFlagsEx: 1
+schemaIDGUID:: j93MdWyvh0S7S2nk04qVnA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Password-Settings-Precedence,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Password-Settings-Precedence
+attributeID: 1.2.840.113556.1.4.2023
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 1
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Password Settings Precedence
+adminDescription: Password Settings Precedence
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-PasswordSettingsPrecedence
+schemaFlagsEx: 1
+schemaIDGUID:: rHRjRQofF0aTz7xVp8nTQQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Per-User-Trust-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Per-User-Trust-Quota
+attributeID: 1.2.840.113556.1.4.1788
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Per-User-Trust-Quota
+adminDescription: 
+ Used to enforce a per-user quota for creating Trusted-Domain objects authorize
+ d by the control access right, "Create inbound Forest trust". This attribute l
+ imits the number of Trusted-Domain objects that can be created by a single non
+ -admin user in the domain.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-PerUserTrustQuota
+schemaFlagsEx: 1
+schemaIDGUID:: 8K1h0STKk0mjqossmBMC6A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Per-User-Trust-Tombstones-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Per-User-Trust-Tombstones-Quota
+attributeID: 1.2.840.113556.1.4.1790
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Per-User-Trust-Tombstones-Quota
+adminDescription: 
+ Used to enforce a per-user quota for deleting Trusted-Domain objects when auth
+ orization is based on matching the user's SID to the value of MS-DS-Creator-SI
+ D on the Trusted-Domain object.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-PerUserTrustTombstonesQuota
+schemaFlagsEx: 1
+schemaIDGUID:: xqZwi/lQo0+nHhzgMEBEmw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Phonetic-Company-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Phonetic-Company-Name
+attributeID: 1.2.840.113556.1.4.1945
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35985
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Phonetic-Company-Name
+adminDescription: Contains the phonetic company name where the person works.
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: msDS-PhoneticCompanyName
+schemaIDGUID:: jSDVW/TlrkalFFQ7ycR2WQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Phonetic-Department,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Phonetic-Department
+attributeID: 1.2.840.113556.1.4.1944
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35984
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Phonetic-Department
+adminDescription: 
+ Contains the phonetic department name where the person works.
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: msDS-PhoneticDepartment
+schemaIDGUID:: rz3VbD4A50mnAm+oluem7w==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Phonetic-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Phonetic-Display-Name
+attributeID: 1.2.840.113556.1.4.1946
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 256
+mAPIID: 35986
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Phonetic-Display-Name
+adminDescription: 
+ The phonetic display name of an object.  In the absence of a phonetic display 
+ name the existing display name is used.
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: msDS-PhoneticDisplayName
+schemaFlagsEx: 1
+schemaIDGUID:: 5JQa4mYt5UyzDQ74endv8A==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Phonetic-First-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Phonetic-First-Name
+attributeID: 1.2.840.113556.1.4.1942
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35982
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Phonetic-First-Name
+adminDescription: 
+ Contains the phonetic given name or first name of the person.
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: msDS-PhoneticFirstName
+schemaIDGUID:: TrocSy8wNEGsfPAfbHl4Qw==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Phonetic-Last-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Phonetic-Last-Name
+attributeID: 1.2.840.113556.1.4.1943
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35983
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Phonetic-Last-Name
+adminDescription: Contains the phonetic last name of the person.
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: msDS-PhoneticLastName
+schemaIDGUID:: 7OQX8jYIkEuIry9dS72ivA==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Preferred-GC-Site,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Preferred-GC-Site
+attributeID: 1.2.840.113556.1.4.1444
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Preferred-GC-Site
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: ms-DS-Prefered-GC-Site
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-Preferred-GC-Site
+schemaFlagsEx: 1
+schemaIDGUID:: CrUh2bIKzUKH9gnPg6kYVA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Primary-Computer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Primary-Computer
+attributeID: 1.2.840.113556.1.4.2167
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2186
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Primary-Computer
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a user or group object, identifies the primary computers.
+oMSyntax: 127
+searchFlags: 1
+lDAPDisplayName: msDS-PrimaryComputer
+schemaIDGUID:: 4vQ9obDb60yCi4suFD6egQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Principal-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Principal-Name
+attributeID: 1.2.840.113556.1.4.1865
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Principal-Name
+adminDescription: Account name for the security principal (constructed)
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-PrincipalName
+schemaFlagsEx: 1
+schemaIDGUID:: JZNOVlfQQ8GeO0+eXvRvkw==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Promotion-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Promotion-Settings
+attributeID: 1.2.840.113556.1.4.1962
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Promotion-Settings
+adminDescription: 
+ For a Computer, contains a XML string to be used for delegated DSA promotion
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-PromotionSettings
+schemaIDGUID:: 4rSByMBDvk65u1JQqptDTA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-PSO-Applied,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-PSO-Applied
+attributeID: 1.2.840.113556.1.4.2021
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2119
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Password settings object applied
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Password settings object applied to this object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-PSOApplied
+schemaFlagsEx: 1
+schemaIDGUID:: MfBsXqi9yEOspI/uQScAWw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-PSO-Applies-To,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-PSO-Applies-To
+attributeID: 1.2.840.113556.1.4.2020
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2118
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Password settings object applies to
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Links to objects that this password settings object applies to
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-PSOAppliesTo
+schemaIDGUID:: SA/IZNLNgUiobU6XtvVh/A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Quota-Amount,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Quota-Amount
+attributeID: 1.2.840.113556.1.4.1845
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Quota-Amount
+adminDescription: 
+ The assigned quota in terms of number of objects owned in the database.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-QuotaAmount
+schemaFlagsEx: 1
+schemaIDGUID:: DaC5+4w6M0Kc+XGJJkkDoQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Quota-Effective,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Quota-Effective
+attributeID: 1.2.840.113556.1.4.1848
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Quota-Effective
+adminDescription: 
+ The effective quota for a security principal computed from the assigned quotas
+  for a directory partition.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-QuotaEffective
+schemaFlagsEx: 1
+schemaIDGUID:: UrFVZhwQtEizR+H868YBVw==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Quota-Trustee,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Quota-Trustee
+attributeID: 1.2.840.113556.1.4.1844
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 28
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Quota-Trustee
+adminDescription: 
+ The SID of the security principal for which quota is being assigned.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-QuotaTrustee
+schemaFlagsEx: 1
+schemaIDGUID:: Bok3FqVOvkmo0b/UHf9PZQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Quota-Used,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Quota-Used
+attributeID: 1.2.840.113556.1.4.1849
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Quota-Used
+adminDescription: 
+ The current quota consumed by a security principal in the directory database.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-QuotaUsed
+schemaFlagsEx: 1
+schemaIDGUID:: CEOotV1ht0uwXy8XRqpDnw==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Repl-Attribute-Meta-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Repl-Attribute-Meta-Data
+description: 
+ A list of metadata for each replicated attribute. The metadata indicates who c
+ hanged the attribute last.
+attributeID: 1.2.840.113556.1.4.1707
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Repl-Attribute-Meta-Data
+adminDescription: ms-DS-Repl-Attribute-Meta-Data
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ReplAttributeMetaData
+schemaFlagsEx: 1
+schemaIDGUID:: QjLF105yOUydTC34ydZseg==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Repl-Value-Meta-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Repl-Value-Meta-Data
+description: 
+ A list of metadata for each value of an attribute. The metadata indicates who 
+ changed the value last.
+attributeID: 1.2.840.113556.1.4.1708
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Repl-Value-Meta-Data
+adminDescription: ms-DS-Repl-Value-Meta-Data
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-ReplValueMetaData
+schemaFlagsEx: 1
+schemaIDGUID:: RYFcL73hC0GJV4v6gdWs/Q==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-DS-Replicates-NC-Reason,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-DS-Replicates-NC-Reason
+attributeID: 1.2.840.113556.1.4.1408
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Replicates-NC-Reason
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: MS-DS-Replicates-NC-Reason
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mS-DS-ReplicatesNCReason
+schemaFlagsEx: 1
+schemaIDGUID:: hCuhDrMI0xGRvAAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Replication-Notify-First-DSA-Delay,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Replication-Notify-First-DSA-Delay
+attributeID: 1.2.840.113556.1.4.1663
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Replication-Notify-First-DSA-Delay
+adminDescription: 
+ This attribute controls the delay between changes to the DS, and notification 
+ of the first replica partner for an NC.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-Replication-Notify-First-DSA-Delay
+schemaFlagsEx: 1
+schemaIDGUID:: 9NSrhYkKSU697G81uyViug==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Replication-Notify-Subsequent-DSA-Delay,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Replication-Notify-Subsequent-DSA-Delay
+attributeID: 1.2.840.113556.1.4.1664
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Replication-Notify-Subsequent-DSA-Delay
+adminDescription: 
+ This attribute controls the delay between notification of each subsequent repl
+ ica partner for an NC.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-Replication-Notify-Subsequent-DSA-Delay
+schemaFlagsEx: 1
+schemaIDGUID:: hbM91pLdUkux2A0+zA6Gtg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-ReplicationEpoch,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-ReplicationEpoch
+attributeID: 1.2.840.113556.1.4.1720
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-ReplicationEpoch
+adminDescription: ms-DS-ReplicationEpoch
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-ReplicationEpoch
+schemaFlagsEx: 1
+schemaIDGUID:: earjCBzrtUWve4+UJGyOQQ==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Required-Domain-Behavior-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Required-Domain-Behavior-Version
+attributeID: 1.2.840.113556.1.4.2066
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Required-Domain-Behavior-Version
+adminDescription: Required domain function level for this feature.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-RequiredDomainBehaviorVersion
+schemaFlagsEx: 1
+schemaIDGUID:: /j3d6g6uwky5uV/ltu0t0g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Required-Forest-Behavior-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Required-Forest-Behavior-Version
+attributeID: 1.2.840.113556.1.4.2079
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Required-Forest-Behavior-Version
+adminDescription: Required forest function level for this feature.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-RequiredForestBehaviorVersion
+schemaFlagsEx: 1
+schemaIDGUID:: 6KLsS1OmskGP7nIVdUdL7A==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Resultant-PSO,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Resultant-PSO
+attributeID: 1.2.840.113556.1.4.2022
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Resultant password settings object applied
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Resultant password settings object applied to this object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ResultantPSO
+schemaFlagsEx: 1
+schemaIDGUID:: k6B+t9CIgEeamJEfjosdyg==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Retired-Repl-NC-Signatures,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Retired-Repl-NC-Signatures
+attributeID: 1.2.840.113556.1.4.1826
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Retired-Repl-NC-Signatures
+adminDescription: 
+ Information about naming contexts that are no longer held on this computer
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-RetiredReplNCSignatures
+schemaFlagsEx: 1
+schemaIDGUID:: BlWz1dYZJk2a+xE1esmbXg==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Reveal-OnDemand-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Reveal-OnDemand-Group
+attributeID: 1.2.840.113556.1.4.1928
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2110
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Reveal-OnDemand-Group
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ For a Directory instance (DSA), identifies the security group whose users may 
+ have their secrets disclosed to that instance
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-RevealOnDemandGroup
+schemaFlagsEx: 1
+schemaIDGUID:: Sp89MNYdOEuPxTOv6MmIrQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Revealed-DSAs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Revealed-DSAs
+attributeID: 1.2.840.113556.1.4.1930
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2103
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Revealed-DSAs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Backlink for ms-DS-Revealed-Users; for a user, identifies which Directory inst
+ ances (DSA) hold that user's secret
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-RevealedDSAs
+schemaFlagsEx: 1
+schemaIDGUID:: rPL2lG3HXku3H/Myw+k8Ig==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Revealed-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Revealed-List
+attributeID: 1.2.840.113556.1.4.1940
+attributeSyntax: 2.5.5.14
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Revealed-List
+oMObjectClass:: KoZIhvcUAQEBDA==
+adminDescription: 
+ For a Directory instance (DSA), Identifies the user objects whose secrets have
+  been disclosed to that instance
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-RevealedList
+schemaFlagsEx: 1
+schemaIDGUID:: HNHay+x/ezhiGToGJ9mvgQ==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Revealed-List-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Revealed-List-BL
+attributeID: 1.2.840.113556.1.4.1975
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Revealed-List-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: backlink attribute for ms-DS-Revealed-List.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-RevealedListBL
+schemaFlagsEx: 1
+schemaIDGUID:: /Ygcqvawn0Kyyp2QImboCA==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Revealed-Users,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Revealed-Users
+attributeID: 1.2.840.113556.1.4.1924
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+linkID: 2102
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Revealed-Users
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: 
+ For a Directory instance (DSA), Identifies the user objects whose secrets have
+  been disclosed to that instance
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-RevealedUsers
+schemaFlagsEx: 1
+schemaIDGUID:: IXhcGEk3OkS9aiiImQca2w==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-RID-Pool-Allocation-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-RID-Pool-Allocation-Enabled
+attributeID: 1.2.840.113556.1.4.2213
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-RID-Pool-Allocation-Enabled
+adminDescription: 
+ This attribute indicates whether RID pool allocation is enabled or not.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msDS-RIDPoolAllocationEnabled
+schemaFlagsEx: 1
+schemaIDGUID:: jHyXJLfBQDO09is3XrcR1w==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-ds-Schema-Extensions,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-ds-Schema-Extensions
+attributeID: 1.2.840.113556.1.4.1440
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-ds-Schema-Extensions
+adminDescription: ms-ds-Schema-Extensions
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDs-Schema-Extensions
+schemaIDGUID:: vmGaswftq0yaSklj7QFB4Q==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-SD-Reference-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-SD-Reference-Domain
+attributeID: 1.2.840.113556.1.4.1711
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-SD-Reference-Domain
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ The domain to be used for default security descriptor translation for a Non-Do
+ main Naming Context.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-SDReferenceDomain
+schemaFlagsEx: 1
+schemaIDGUID:: FuNRTCj2pUOwa/+2lfy08w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Secondary-KrbTgt-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Secondary-KrbTgt-Number
+attributeID: 1.2.840.113556.1.4.1929
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 65536
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Secondary-KrbTgt-Number
+adminDescription: 
+ For a user object (krbtgt), acting as a secondary domain master secret, identi
+ fies the protocol identification number associated with the secondary domain.
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: msDS-SecondaryKrbTgtNumber
+schemaFlagsEx: 1
+schemaIDGUID:: EmYVqpYjfkataijSP9sYZQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Security-Group-Extra-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Security-Group-Extra-Classes
+attributeID: 1.2.840.113556.1.4.1688
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Security-Group-Extra-Classes
+adminDescription: ms-DS-Security-Group-Extra-Classes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-Security-Group-Extra-Classes
+schemaIDGUID:: 6GoUT/6kAUinMfUYSKT05A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Settings
+attributeID: 1.2.840.113556.1.4.1697
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 1000000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Settings
+adminDescription: ms-DS-Settings
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-Settings
+schemaIDGUID:: 10cbDqNASEuNG0ysDBzfIQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Site-Affinity,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Site-Affinity
+attributeID: 1.2.840.113556.1.4.1443
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Site-Affinity
+adminDescription: ms-DS-Site-Affinity
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msDS-Site-Affinity
+schemaFlagsEx: 1
+schemaIDGUID:: AlZ8wbe88EaWVmNwyohLcg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-SiteName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-SiteName
+attributeID: 1.2.840.113556.1.4.1961
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-SiteName
+adminDescription: 
+ For a Directory instance (DSA), Identifies the site name that contains the DSA
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-SiteName
+schemaFlagsEx: 1
+schemaIDGUID:: bfOnmJU1ikSeb2uJZbrtnA==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Source-Object-DN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Source-Object-DN
+attributeID: 1.2.840.113556.1.4.1879
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 10240
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Source-Object-DN
+adminDescription: 
+ The string representation of the DN of the object in another forest that corre
+ sponds to this object.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-SourceObjectDN
+schemaIDGUID:: r5M+d7TT1Eiz+QZFdgLT0A==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-SPN-Suffixes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-SPN-Suffixes
+attributeID: 1.2.840.113556.1.4.1715
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-SPN-Suffixes
+adminDescription: ms-DS-SPN-Suffixes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-SPNSuffixes
+schemaFlagsEx: 1
+schemaIDGUID:: 6+GeeI6MTE6M7HmzG3YXtQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Supported-Encryption-Types,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Supported-Encryption-Types
+attributeID: 1.2.840.113556.1.4.1963
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-SupportedEncryptionTypes
+adminDescription: 
+ The encryption algorithms supported by user, computer or trust accounts. The K
+ DC uses this information while generating a service ticket for this account. S
+ ervices/Computers may automatically update this attribute on their respective 
+ accounts in Active Directory, and therefore need write access to this attribut
+ e.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-SupportedEncryptionTypes
+schemaFlagsEx: 1
+schemaIDGUID:: Z5gRIAQdt0qTcc/D1d8K/Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Tasks-For-Az-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Tasks-For-Az-Role
+attributeID: 1.2.840.113556.1.4.1814
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Tasks-For-Az-Role
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: List of tasks for Az-Role
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-TasksForAzRole
+schemaIDGUID:: gpAxNUqMRkaThsKUnUmJTQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Tasks-For-Az-Role-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Tasks-For-Az-Role-BL
+attributeID: 1.2.840.113556.1.4.1815
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2025
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Tasks-For-Az-Role-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Back-link from Az-Task to Az-Role object(s) linking to it
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-TasksForAzRoleBL
+schemaIDGUID:: NtXcoFhR/kKMQMAKetN5WQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Tasks-For-Az-Task,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Tasks-For-Az-Task
+attributeID: 1.2.840.113556.1.4.1810
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2020
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Tasks-For-Az-Task
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: List of tasks linked to Az-Task
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-TasksForAzTask
+schemaIDGUID:: 4o4csc1fp0aV8PODM/CWzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Tasks-For-Az-Task-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Tasks-For-Az-Task-BL
+attributeID: 1.2.840.113556.1.4.1811
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2021
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Tasks-For-Az-Task-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Back-link from Az-Task to the Az-Task object(s) linking to it
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-TasksForAzTaskBL
+schemaIDGUID:: Um5E3/q1okykLxP5ilJsjw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-TDO-Egress-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-TDO-Egress-BL
+attributeID: 1.2.840.113556.1.4.2194
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2193
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-TDO-Egress-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Backlink to TDO Egress rules link on object.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-TDOEgressBL
+schemaFlagsEx: 1
+schemaIDGUID:: KWIA1ROZQiKLF4N2HR4OWw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-TDO-Ingress-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-TDO-Ingress-BL
+attributeID: 1.2.840.113556.1.4.2193
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2191
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-TDO-Ingress-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Backlink to TDO Ingress rules link on object.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-TDOIngressBL
+schemaFlagsEx: 1
+schemaIDGUID:: oWFWWsaXS1SAVuQw/nvFVA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Tombstone-Quota-Factor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Tombstone-Quota-Factor
+attributeID: 1.2.840.113556.1.4.1847
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 100
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Tombstone-Quota-Factor
+adminDescription: 
+ The percentage factor by which tombstone object count should be reduced for th
+ e purpose of quota accounting.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-TombstoneQuotaFactor
+schemaFlagsEx: 1
+schemaIDGUID:: 10QXRrbzukWHU/uVUqXfMg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Top-Quota-Usage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Top-Quota-Usage
+attributeID: 1.2.840.113556.1.4.1850
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Top-Quota-Usage
+adminDescription: 
+ The list of top quota users ordered by decreasing quota usage currently in the
+  directory database.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-TopQuotaUsage
+schemaFlagsEx: 1
+schemaIDGUID:: T858e/Xxtku36yNQSvGedQ==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Transformation-Rules,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Transformation-Rules
+attributeID: 1.2.840.113556.1.4.2189
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Transformation-Rules
+adminDescription: 
+ Specifies the Transformation Rules for Cross-Forest Claims Transformation.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-TransformationRules
+schemaFlagsEx: 1
+schemaIDGUID:: cSuHVbLESDuuUUCV+R7GAA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Transformation-Rules-Compiled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Transformation-Rules-Compiled
+attributeID: 1.2.840.113556.1.4.2190
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Transformation-Rules-Compiled
+adminDescription: Blob containing compiled transformation rules.
+oMSyntax: 4
+searchFlags: 128
+lDAPDisplayName: msDS-TransformationRulesCompiled
+schemaFlagsEx: 1
+schemaIDGUID:: EJq0C2tTTbyicwurDdS9EA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Trust-Forest-Trust-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Trust-Forest-Trust-Info
+attributeID: 1.2.840.113556.1.4.1702
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Trust-Forest-Trust-Info
+adminDescription: ms-DS-Trust-Forest-Trust-Info
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDS-TrustForestTrustInfo
+schemaFlagsEx: 1
+schemaIDGUID:: bobMKdNJaUmULh28CSXRgw==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-UpdateScript,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-UpdateScript
+attributeID: 1.2.840.113556.1.4.1721
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-UpdateScript
+adminDescription: ms-DS-UpdateScript
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-UpdateScript
+schemaFlagsEx: 1
+schemaIDGUID:: ObZuFJ+7wU+oJeKeAMd5IA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-User-Account-Control-Computed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-User-Account-Control-Computed
+attributeID: 1.2.840.113556.1.4.1460
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-User-Account-Control-Computed
+adminDescription: ms-DS-User-Account-Control-Computed
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDS-User-Account-Control-Computed
+schemaFlagsEx: 1
+schemaIDGUID:: NrjELD+2QEmNI+p6zwavVg==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-User-Password-Expiry-Time-Computed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-User-Password-Expiry-Time-Computed
+attributeID: 1.2.840.113556.1.4.1996
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-User-Password-Expiry-Time-Computed
+adminDescription: Contains the expiry time for the user's current password
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-UserPasswordExpiryTimeComputed
+schemaFlagsEx: 1
+schemaIDGUID:: EM/VrQl7SUSa5iU0FI+Kcg==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-USN-Last-Sync-Success,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-USN-Last-Sync-Success
+attributeID: 1.2.840.113556.1.4.2055
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-USN-Last-Sync-Success
+adminDescription: 
+ The USN at which the last successful replication synchronization occurred.
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msDS-USNLastSyncSuccess
+schemaFlagsEx: 1
+schemaIDGUID:: trj3MfjJLU+je1ioIwMDMQ==
+systemOnly: FALSE
+systemFlags: 25
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Value-Type-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Value-Type-Reference
+attributeID: 1.2.840.113556.1.4.2187
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2188
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Value-Type-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute is used to link a resource property object to its value type.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ValueTypeReference
+schemaFlagsEx: 1
+schemaIDGUID:: hF38eNzBSDGJhFj3ktQdPg==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Value-Type-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-DS-Value-Type-Reference-BL
+attributeID: 1.2.840.113556.1.4.2188
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2189
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Value-Type-Reference-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This is the back link for ms-DS-Value-Type-Reference. It links a value type ob
+ ject back to resource properties.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-ValueTypeReferenceBL
+schemaFlagsEx: 1
+schemaIDGUID:: rUNVq6EjRTu5N5sxPVR0qA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Exch-Assistant-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Exch-Assistant-Name
+attributeID: 1.2.840.113556.1.2.444
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+mAPIID: 14896
+adminDisplayName: ms-Exch-Assistant-Name
+adminDescription: ms-Exch-Assistant-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msExchAssistantName
+schemaIDGUID:: lHPfqOrF0RG7ywCAx2ZwwA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Exch-House-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Exch-House-Identifier
+attributeID: 1.2.840.113556.1.2.596
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 35924
+adminDisplayName: ms-Exch-House-Identifier
+adminDescription: ms-Exch-House-Identifier
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msExchHouseIdentifier
+schemaIDGUID:: B3TfqOrF0RG7ywCAx2ZwwA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Exch-LabeledURI,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Exch-LabeledURI
+attributeID: 1.2.840.113556.1.2.593
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 1024
+mAPIID: 35921
+adminDisplayName: ms-Exch-LabeledURI
+adminDescription: ms-Exch-LabeledURI
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msExchLabeledURI
+schemaIDGUID:: IFh3FvNH0RGpwwAA+ANnwQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Exch-Owner-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Exch-Owner-BL
+attributeID: 1.2.840.113556.1.2.104
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 45
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Exch-Owner-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: ms-Exch-Owner-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: ownerBL
+schemaIDGUID:: 9HmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FRS-Hub-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-FRS-Hub-Member
+attributeID: 1.2.840.113556.1.4.1693
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 1046
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-FRS-Hub-Member
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: ms-FRS-Hub-Member
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msFRS-Hub-Member
+schemaIDGUID:: gf9DVrY1qUyVErrwvQoncg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FRS-Topology-Pref,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-FRS-Topology-Pref
+attributeID: 1.2.840.113556.1.4.1692
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-FRS-Topology-Pref
+adminDescription: ms-FRS-Topology-Pref
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msFRS-Topology-Pref
+schemaIDGUID:: 4CeqklBcLUCewe6Efe+XiA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FVE-KeyPackage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-FVE-KeyPackage
+attributeID: 1.2.840.113556.1.4.1999
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 102400
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FVE-KeyPackage
+adminDescription: 
+ This attribute contains a volume's BitLocker encryption key secured by the cor
+ responding recovery password. Full Volume Encryption (FVE) was the pre-release
+  name for BitLocker Drive Encryption.
+oMSyntax: 4
+searchFlags: 664
+lDAPDisplayName: msFVE-KeyPackage
+schemaIDGUID:: qF7VH6eI3EeBKQ2qlxhqVA==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FVE-RecoveryGuid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-FVE-RecoveryGuid
+attributeID: 1.2.840.113556.1.4.1965
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FVE-RecoveryGuid
+adminDescription: 
+ This attribute contains the GUID associated with a BitLocker recovery password
+ . Full Volume Encryption (FVE) was the pre-release name for BitLocker Drive En
+ cryption.
+oMSyntax: 4
+searchFlags: 27
+lDAPDisplayName: msFVE-RecoveryGuid
+schemaIDGUID:: vAlp93jmoEews/hqAETAbQ==
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FVE-RecoveryPassword,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-FVE-RecoveryPassword
+attributeID: 1.2.840.113556.1.4.1964
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FVE-RecoveryPassword
+adminDescription: 
+ This attribute contains a password that can recover a BitLocker-encrypted volu
+ me. Full Volume Encryption (FVE) was the pre-release name for BitLocker Drive 
+ Encryption.
+oMSyntax: 64
+searchFlags: 664
+lDAPDisplayName: msFVE-RecoveryPassword
+schemaIDGUID:: wRoGQ63IzEy3hSv6wg/GCg==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FVE-VolumeGuid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-FVE-VolumeGuid
+attributeID: 1.2.840.113556.1.4.1998
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FVE-VolumeGuid
+adminDescription: 
+ This attribute contains the GUID associated with a BitLocker-supported disk vo
+ lume. Full Volume Encryption (FVE) was the pre-release name for BitLocker Driv
+ e Encryption.
+oMSyntax: 4
+searchFlags: 27
+lDAPDisplayName: msFVE-VolumeGuid
+schemaIDGUID:: z6Xlhe7cdUCc/aydtqLyRQ==
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-ieee-80211-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-ieee-80211-Data
+attributeID: 1.2.840.113556.1.4.1821
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-ieee-80211-Data
+adminDescription: 
+ Stores list of preferred network configurations for Group Policy for Wireless
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msieee80211-Data
+schemaIDGUID:: OAkNDlgmgEWp9noKx7Vmyw==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-ieee-80211-Data-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-ieee-80211-Data-Type
+attributeID: 1.2.840.113556.1.4.1822
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-ieee-80211-Data-Type
+adminDescription: internally used data type for msieee80211-Data blob
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msieee80211-DataType
+schemaIDGUID:: gLFYZdo1/k6+7VIfj0jK+w==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-ieee-80211-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-ieee-80211-ID
+attributeID: 1.2.840.113556.1.4.1823
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-ieee-80211-ID
+adminDescription: an indentifier used for wireless policy object on AD
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msieee80211-ID
+schemaIDGUID:: de9zf8kUI0yB3t0HoG+eiw==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-IIS-FTP-Dir,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-IIS-FTP-Dir
+attributeID: 1.2.840.113556.1.4.1786
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-IIS-FTP-Dir
+adminDescription: Relative user directory on an FTP Root share.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msIIS-FTPDir
+schemaIDGUID:: 6ZlcijAi60a46OWdcS657g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-IIS-FTP-Root,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-IIS-FTP-Root
+attributeID: 1.2.840.113556.1.4.1785
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-IIS-FTP-Root
+adminDescription: Virtual FTP Root where user home directory resides.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msIIS-FTPRoot
+schemaIDGUID:: pCd4KoMUpUmdhFLjgSFWtA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Imaging-Hash-Algorithm,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Imaging-Hash-Algorithm
+attributeID: 1.2.840.113556.1.4.2181
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Imaging-Hash-Algorithm
+adminDescription: 
+ Contains the name of the hash algorithm used to create the Thumbprint Hash for
+  the Scan Repository/Secure Print Device.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msImaging-HashAlgorithm
+schemaIDGUID:: tQ3nigZklkGS/vO7VXUgpw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Imaging-PSP-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Imaging-PSP-Identifier
+attributeID: 1.2.840.113556.1.4.2053
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Imaging-PSP-Identifier
+adminDescription: 
+ Schema Attribute that contains the unique identifier for this PostScan Process
+ .
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msImaging-PSPIdentifier
+schemaIDGUID:: 6TxYUfqUEku5kDBMNbGFlQ==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Imaging-PSP-String,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Imaging-PSP-String
+attributeID: 1.2.840.113556.1.4.2054
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 524288
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Imaging-PSP-String
+adminDescription: 
+ Schema Attribute that contains the XML sequence for this PostScan Process.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msImaging-PSPString
+schemaIDGUID:: rmBne+3WpkS2vp3mLAnsZw==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Imaging-Thumbprint-Hash,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Imaging-Thumbprint-Hash
+attributeID: 1.2.840.113556.1.4.2180
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Imaging-Thumbprint-Hash
+adminDescription: 
+ Contains a hash of the security certificate for the Scan Repository/Secure Pri
+ nt Device.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msImaging-ThumbprintHash
+schemaIDGUID:: xdvfnAQDaUWV9sT2Y/5a5g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-CreateTime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-CreateTime
+attributeID: 1.2.840.113556.1.4.2179
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-CreateTime
+adminDescription: The time when this root key was created.
+oMSyntax: 65
+searchFlags: 640
+lDAPDisplayName: msKds-CreateTime
+schemaIDGUID:: nxEYrpBjRQCzLZfbxwGu9w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-DomainID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-DomainID
+attributeID: 1.2.840.113556.1.4.2177
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-DomainID
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ Distinguished name of the Domain Controller which generated this root key.
+oMSyntax: 127
+searchFlags: 640
+lDAPDisplayName: msKds-DomainID
+schemaIDGUID:: ggRAlgfPTOmQ6PLvxPBJXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-KDF-AlgorithmID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-KDF-AlgorithmID
+attributeID: 1.2.840.113556.1.4.2169
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 200
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-KDF-AlgorithmID
+adminDescription: 
+ The algorithm name of the key derivation function used to compute keys.
+oMSyntax: 64
+searchFlags: 640
+lDAPDisplayName: msKds-KDFAlgorithmID
+schemaIDGUID:: skgs203RTuyfWK1XnYtEDg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-KDF-Param,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-KDF-Param
+attributeID: 1.2.840.113556.1.4.2170
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 2000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-KDF-Param
+adminDescription: Parameters for the key derivation algorithm.
+oMSyntax: 4
+searchFlags: 640
+lDAPDisplayName: msKds-KDFParam
+schemaIDGUID:: cgeAirj0TxW0HC5Cce/3pw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-PrivateKey-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-PrivateKey-Length
+attributeID: 1.2.840.113556.1.4.2174
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-PrivateKey-Length
+adminDescription: The length of the secret agreement private key.
+oMSyntax: 2
+searchFlags: 640
+lDAPDisplayName: msKds-PrivateKeyLength
+schemaIDGUID:: oUJfYec3SBGg3TAH4Jz8gQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-PublicKey-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-PublicKey-Length
+attributeID: 1.2.840.113556.1.4.2173
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-PublicKey-Length
+adminDescription: The length of the secret agreement public key.
+oMSyntax: 2
+searchFlags: 640
+lDAPDisplayName: msKds-PublicKeyLength
+schemaIDGUID:: cPQ44805SUWrW/afnlg/4A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-RootKeyData,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-RootKeyData
+attributeID: 1.2.840.113556.1.4.2175
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-RootKeyData
+adminDescription: Root key.
+oMSyntax: 4
+searchFlags: 640
+lDAPDisplayName: msKds-RootKeyData
+schemaIDGUID:: J3xiJqIIQAqhsY3OhbQpkw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-SecretAgreement-AlgorithmID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-SecretAgreement-AlgorithmID
+attributeID: 1.2.840.113556.1.4.2171
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 200
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-SecretAgreement-AlgorithmID
+adminDescription: 
+ The name of the secret agreement algorithm to be used with public keys.
+oMSyntax: 64
+searchFlags: 640
+lDAPDisplayName: msKds-SecretAgreementAlgorithmID
+schemaIDGUID:: XZcCF14iSsuxXQ2uqLXpkA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-SecretAgreement-Param,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-SecretAgreement-Param
+attributeID: 1.2.840.113556.1.4.2172
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 2000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-SecretAgreement-Param
+adminDescription: The parameters for the secret agreement algorithm.
+oMSyntax: 4
+searchFlags: 640
+lDAPDisplayName: msKds-SecretAgreementParam
+schemaIDGUID:: 2ZmwMP7tSXW4B+ukRNp56Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-UseStartTime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-UseStartTime
+attributeID: 1.2.840.113556.1.4.2178
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-UseStartTime
+adminDescription: The time after which this root key may be used.
+oMSyntax: 65
+searchFlags: 640
+lDAPDisplayName: msKds-UseStartTime
+schemaIDGUID:: fwTcbCL1SreanNlayM39og==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Kds-Version
+attributeID: 1.2.840.113556.1.4.2176
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-Version
+adminDescription: Version number of this root key.
+oMSyntax: 2
+searchFlags: 640
+lDAPDisplayName: msKds-Version
+schemaIDGUID:: QHPw1bDmSh6Xvg0zGL2dsQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-80211-GP-PolicyData,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-net-ieee-80211-GP-PolicyData
+attributeID: 1.2.840.113556.1.4.1952
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 4194304
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-80211-GP-PolicyData
+adminDescription: 
+ This attribute contains all of the settings and data which comprise a group po
+ licy configuration for 802.11 wireless networks.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ms-net-ieee-80211-GP-PolicyData
+schemaIDGUID:: pZUUnHZNjkaZHhQzsKZ4VQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-80211-GP-PolicyGUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-net-ieee-80211-GP-PolicyGUID
+attributeID: 1.2.840.113556.1.4.1951
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-80211-GP-PolicyGUID
+adminDescription: 
+ This attribute contains a GUID which identifies a specific 802.11 group policy
+  object on the domain.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ms-net-ieee-80211-GP-PolicyGUID
+schemaIDGUID:: YnBpNa8ei0SsHjiOC+T97g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-80211-GP-PolicyReserved,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-net-ieee-80211-GP-PolicyReserved
+attributeID: 1.2.840.113556.1.4.1953
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 4194304
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-80211-GP-PolicyReserved
+adminDescription: Reserved for future use
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: ms-net-ieee-80211-GP-PolicyReserved
+schemaIDGUID:: LsZpD44I9U+lOukjzsB8Cg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-8023-GP-PolicyData,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-net-ieee-8023-GP-PolicyData
+attributeID: 1.2.840.113556.1.4.1955
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1048576
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-8023-GP-PolicyData
+adminDescription: 
+ This attribute contains all of the settings and data which comprise a group po
+ licy configuration for 802.3 wired networks.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ms-net-ieee-8023-GP-PolicyData
+schemaIDGUID:: i5SYg1d0kU29TY1+1mnJ9w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-8023-GP-PolicyGUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-net-ieee-8023-GP-PolicyGUID
+attributeID: 1.2.840.113556.1.4.1954
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-8023-GP-PolicyGUID
+adminDescription: 
+ This attribute contains a GUID which identifies a specific 802.3 group policy 
+ object on the domain.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ms-net-ieee-8023-GP-PolicyGUID
+schemaIDGUID:: WrCnlLK4WU+cJTnmm6oWhA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-8023-GP-PolicyReserved,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-net-ieee-8023-GP-PolicyReserved
+attributeID: 1.2.840.113556.1.4.1956
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1048576
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-8023-GP-PolicyReserved
+adminDescription: Reserved for future use
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: ms-net-ieee-8023-GP-PolicyReserved
+schemaIDGUID:: xyfF0wYm602M/RhCb+7Izg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-AccountCredentials,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-AccountCredentials
+attributeID: 1.2.840.113556.1.4.1894
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+linkID: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-PKI-AccountCredentials
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: Storage of encrypted user credential token blobs for roaming
+oMSyntax: 127
+searchFlags: 640
+lDAPDisplayName: msPKIAccountCredentials
+schemaIDGUID:: RKffuNwx8U6sfIS69++dpw==
+attributeSecurityGUID:: 3kfmkW/ZcEuVV9Y/9PPM2A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Cert-Template-OID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Cert-Template-OID
+attributeID: 1.2.840.113556.1.4.1436
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Cert-Template-OID
+adminDescription: ms-PKI-Cert-Template-OID
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msPKI-Cert-Template-OID
+schemaIDGUID:: asNkMSa6jEaL2sHlzCVnKA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Certificate-Application-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Certificate-Application-Policy
+attributeID: 1.2.840.113556.1.4.1674
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Certificate-Application-Policy
+adminDescription: ms-PKI-Certificate-Application-Policy
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-Certificate-Application-Policy
+schemaIDGUID:: SAXZ2zeqAkKZZoxTe6XOMg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Certificate-Name-Flag,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Certificate-Name-Flag
+attributeID: 1.2.840.113556.1.4.1432
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Certificate-Name-Flag
+adminDescription: ms-PKI-Certificate-Name-Flag
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-Certificate-Name-Flag
+schemaIDGUID:: xN0d6v9gbkGMwBfO5TS85w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Certificate-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Certificate-Policy
+attributeID: 1.2.840.113556.1.4.1439
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Certificate-Policy
+adminDescription: ms-PKI-Certificate-Policy
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-Certificate-Policy
+schemaIDGUID:: RiOUOFvMS0Kn2G/9EgKcXw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Credential-Roaming-Tokens,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Credential-Roaming-Tokens
+attributeID: 1.2.840.113556.1.4.2050
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+linkID: 2162
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Credential-Roaming-Tokens
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: 
+ Storage of encrypted user credential token blobs for roaming.
+oMSyntax: 127
+searchFlags: 128
+lDAPDisplayName: msPKI-CredentialRoamingTokens
+schemaIDGUID:: OFr/txgIsEKBENPRVMl/JA==
+attributeSecurityGUID:: 3kfmkW/ZcEuVV9Y/9PPM2A==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-DPAPIMasterKeys,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-DPAPIMasterKeys
+attributeID: 1.2.840.113556.1.4.1893
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+linkID: 2046
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-PKI-DPAPIMasterKeys
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: Storage of encrypted DPAPI Master Keys for user
+oMSyntax: 127
+searchFlags: 640
+lDAPDisplayName: msPKIDPAPIMasterKeys
+schemaIDGUID:: IzD5szmSfE+5nGdF2Hrbwg==
+attributeSecurityGUID:: 3kfmkW/ZcEuVV9Y/9PPM2A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Enrollment-Flag,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Enrollment-Flag
+attributeID: 1.2.840.113556.1.4.1430
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Enrollment-Flag
+adminDescription: ms-PKI-Enrollment-Flag
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-Enrollment-Flag
+schemaIDGUID:: 2Pde0Sby20auebNOVgvRLA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Enrollment-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Enrollment-Servers
+attributeID: 1.2.840.113556.1.4.2076
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 65536
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Enrollment-Servers
+adminDescription: 
+ Priority, authentication type, and URI of each certificate enrollment web serv
+ ice.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-Enrollment-Servers
+schemaIDGUID:: j9Mr8tChMkiLKAMxQ4iGpg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Minimal-Key-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Minimal-Key-Size
+attributeID: 1.2.840.113556.1.4.1433
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Minimal-Key-Size
+adminDescription: ms-PKI-Minimal-Key-Size
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-Minimal-Key-Size
+schemaIDGUID:: 9WNq6X9B00a+Utt3A8UD3w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-OID-Attribute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-OID-Attribute
+attributeID: 1.2.840.113556.1.4.1671
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-OID-Attribute
+adminDescription: ms-PKI-OID-Attribute
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-OID-Attribute
+schemaIDGUID:: iBKejChQT0+nBHbQJvJG7w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-OID-CPS,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-OID-CPS
+attributeID: 1.2.840.113556.1.4.1672
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 32768
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-OID-CPS
+adminDescription: ms-PKI-OID-CPS
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-OID-CPS
+schemaIDGUID:: DpRJX5+nUUq7bz1EalTcaw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-OID-LocalizedName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-OID-LocalizedName
+attributeID: 1.2.840.113556.1.4.1712
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-OID-LocalizedName
+adminDescription: ms-PKI-OID-LocalizedName
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-OIDLocalizedName
+schemaIDGUID:: FqhZfQW7ckqXH1wTMfZ1WQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-OID-User-Notice,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-OID-User-Notice
+attributeID: 1.2.840.113556.1.4.1673
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 32768
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-OID-User-Notice
+adminDescription: ms-PKI-OID-User-Notice
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-OID-User-Notice
+schemaIDGUID:: etrEBBThaU6I3uKT8tOzlQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Private-Key-Flag,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Private-Key-Flag
+attributeID: 1.2.840.113556.1.4.1431
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Private-Key-Flag
+adminDescription: ms-PKI-Private-Key-Flag
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-Private-Key-Flag
+schemaIDGUID:: wkqwujUECUeTByg4DnxwAQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-RA-Application-Policies,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-RA-Application-Policies
+attributeID: 1.2.840.113556.1.4.1675
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-RA-Application-Policies
+adminDescription: ms-PKI-RA-Application-Policies
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-RA-Application-Policies
+schemaIDGUID:: v/uRPHNHzUyoe4XVPnvPag==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-RA-Policies,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-RA-Policies
+attributeID: 1.2.840.113556.1.4.1438
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-RA-Policies
+adminDescription: ms-PKI-RA-Policies
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-RA-Policies
+schemaIDGUID:: Iq5G1VEJR02BfhyflvqtRg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-RA-Signature,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-RA-Signature
+attributeID: 1.2.840.113556.1.4.1429
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-RA-Signature
+adminDescription: MS PKI Number Of RA Signature Required In Request
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-RA-Signature
+schemaIDGUID:: S+AX/n2Tfk+ODpKSyNVoPg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-RoamingTimeStamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-RoamingTimeStamp
+attributeID: 1.2.840.113556.1.4.1892
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-PKI-RoamingTimeStamp
+adminDescription: Time stamp for last change to roaming tokens
+oMSyntax: 4
+searchFlags: 640
+lDAPDisplayName: msPKIRoamingTimeStamp
+schemaIDGUID:: rOQXZvGiq0O2DBH70frPBQ==
+attributeSecurityGUID:: 3kfmkW/ZcEuVV9Y/9PPM2A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Site-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Site-Name
+attributeID: 1.2.840.113556.1.4.2077
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Site-Name
+adminDescription: Active Directory site to which the CA machine belongs.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-Site-Name
+schemaIDGUID:: H3HYDPwKJkmksQmwjT1DbA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Supersede-Templates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Supersede-Templates
+attributeID: 1.2.840.113556.1.4.1437
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Supersede-Templates
+adminDescription: ms-PKI-Supersede-Templates
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msPKI-Supersede-Templates
+schemaIDGUID:: fa7onVt6HUK15AYfed/V1w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Template-Minor-Revision,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Template-Minor-Revision
+attributeID: 1.2.840.113556.1.4.1435
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Template-Minor-Revision
+adminDescription: ms-PKI-Template-Minor-Revision
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-Template-Minor-Revision
+schemaIDGUID:: bCP1E4QYsUa10EhOOJkNWA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Template-Schema-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-PKI-Template-Schema-Version
+attributeID: 1.2.840.113556.1.4.1434
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Template-Schema-Version
+adminDescription: ms-PKI-Template-Schema-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msPKI-Template-Schema-Version
+schemaIDGUID:: 9ekVDB1JlEWRjzKBOgkdqQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RADIUS-FramedInterfaceId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RADIUS-FramedInterfaceId
+attributeID: 1.2.840.113556.1.4.1913
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 8
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RADIUS-FramedInterfaceId
+adminDescription: 
+ This Attribute indicates the IPv6 interface identifier to be configured for th
+ e user.
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUS-FramedInterfaceId
+schemaIDGUID:: I0ryplzWZU2mTzX7aHPCuQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RADIUS-FramedIpv6Prefix,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RADIUS-FramedIpv6Prefix
+attributeID: 1.2.840.113556.1.4.1915
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RADIUS-FramedIpv6Prefix
+adminDescription: 
+ This Attribute indicates an IPv6 prefix (and corresponding route) to be config
+ ured for the user.
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUS-FramedIpv6Prefix
+schemaIDGUID:: ENY+9nzWTUmHvs0eJDWaOA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RADIUS-FramedIpv6Route,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RADIUS-FramedIpv6Route
+attributeID: 1.2.840.113556.1.4.1917
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 4096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RADIUS-FramedIpv6Route
+adminDescription: 
+ This Attribute provides routing information to be configured for the user on t
+ he NAS.
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUS-FramedIpv6Route
+schemaIDGUID:: BKhaWoMwY0iU5QGKeaIuwA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RADIUS-SavedFramedInterfaceId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RADIUS-SavedFramedInterfaceId
+attributeID: 1.2.840.113556.1.4.1914
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 8
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RADIUS-SavedFramedInterfaceId
+adminDescription: 
+ This Attribute indicates the IPv6 interface identifier to be configured for th
+ e user.
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUS-SavedFramedInterfaceId
+schemaIDGUID:: iXLapKOS5UK2ttrRbSgKyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RADIUS-SavedFramedIpv6Prefix,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RADIUS-SavedFramedIpv6Prefix
+attributeID: 1.2.840.113556.1.4.1916
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RADIUS-SavedFramedIpv6Prefix
+adminDescription: 
+ This Attribute indicates an IPv6 prefix (and corresponding route) to be config
+ ured for the user.
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUS-SavedFramedIpv6Prefix
+schemaIDGUID:: YqBlCeGxO0C0jVwOsOlSzA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RADIUS-SavedFramedIpv6Route,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RADIUS-SavedFramedIpv6Route
+attributeID: 1.2.840.113556.1.4.1918
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 4096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RADIUS-SavedFramedIpv6Route
+adminDescription: 
+ This Attribute provides routing information to be configured for the user on t
+ he NAS.
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUS-SavedFramedIpv6Route
+schemaIDGUID:: XLtmlp3fQU20Ny7sfifJsw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RRAS-Attribute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RRAS-Attribute
+attributeID: 1.2.840.113556.1.4.884
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RRAS-Attribute
+adminDescription: ms-RRAS-Attribute
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msRRASAttribute
+schemaIDGUID:: rZib842T0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-RRAS-Vendor-Attribute-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-RRAS-Vendor-Attribute-Entry
+attributeID: 1.2.840.113556.1.4.883
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-RRAS-Vendor-Attribute-Entry
+adminDescription: ms-RRAS-Vendor-Attribute-Entry
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msRRASVendorAttributeEntry
+schemaIDGUID:: rJib842T0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Config-License,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-Config-License
+attributeID: 1.2.840.113556.1.4.2087
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 5242880
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-Config-License
+adminDescription: 
+ Product-key configuration license used during online/phone activation of the A
+ ctive Directory forest
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msSPP-ConfigLicense
+schemaIDGUID:: tcRTA5nRsECzxd6zL9nsBg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Confirmation-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-Confirmation-Id
+attributeID: 1.2.840.113556.1.4.2084
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-Confirmation-Id
+adminDescription: 
+ Confirmation ID (CID) used for phone activation of the Active Directory forest
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSPP-ConfirmationId
+schemaIDGUID:: xJeHbtqsSUqHQLC9Bam4MQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-CSVLK-Partial-Product-Key,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-CSVLK-Partial-Product-Key
+attributeID: 1.2.840.113556.1.4.2106
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 5
+rangeUpper: 5
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-CSVLK-Partial-Product-Key
+adminDescription: 
+ Last 5 characters of CSVLK product-key used to create the Activation Object
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSPP-CSVLKPartialProductKey
+schemaIDGUID:: kbABplKGOkWzhoetI5t8CA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-CSVLK-Pid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-CSVLK-Pid
+attributeID: 1.2.840.113556.1.4.2105
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-CSVLK-Pid
+adminDescription: ID of CSVLK product-key used to create the Activation Object
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSPP-CSVLKPid
+schemaIDGUID:: DVF/tFBr4Ue1VncseeT/xA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-CSVLK-Sku-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-CSVLK-Sku-Id
+attributeID: 1.2.840.113556.1.4.2081
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-CSVLK-Sku-Id
+adminDescription: 
+ SKU ID of CSVLK product-key used to create the Activation Object
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msSPP-CSVLKSkuId
+schemaIDGUID:: OfeElnh7bUeNdDGtdpLu9A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Installation-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-Installation-Id
+attributeID: 1.2.840.113556.1.4.2083
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-Installation-Id
+adminDescription: 
+ Installation ID (IID) used for phone activation of the Active Directory forest
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSPP-InstallationId
+schemaIDGUID:: FLG/aXtAOUeiE8ZjgCs+Nw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Issuance-License,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-Issuance-License
+attributeID: 1.2.840.113556.1.4.2088
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 5242880
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-Issuance-License
+adminDescription: 
+ Issuance license used during online/phone activation of the Active Directory f
+ orest
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msSPP-IssuanceLicense
+schemaIDGUID:: obN1EK+70kmujcTyXIIzAw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-KMS-Ids,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-KMS-Ids
+attributeID: 1.2.840.113556.1.4.2082
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-KMS-Ids
+adminDescription: KMS IDs enabled by the Activation Object
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: msSPP-KMSIds
+schemaIDGUID:: 2j5mm0I11kad8DFAJa8rrA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Online-License,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-Online-License
+attributeID: 1.2.840.113556.1.4.2085
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 5242880
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-Online-License
+adminDescription: 
+ License used during online activation of the Active Directory forest
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msSPP-OnlineLicense
+schemaIDGUID:: jjaPCRJIzUivt6E2uWgH7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Phone-License,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-SPP-Phone-License
+attributeID: 1.2.840.113556.1.4.2086
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 5242880
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-SPP-Phone-License
+adminDescription: 
+ License used during phone activation of the Active Directory forest
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msSPP-PhoneLicense
+schemaIDGUID:: EtnkZ2LzUkCMeUL0W6eyIQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Alias,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Alias
+attributeID: 1.2.840.113556.1.4.1395
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Alias
+adminDescription: MS-SQL-Alias
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: mS-SQL-Alias
+schemaIDGUID:: rrrG4O7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-AllowAnonymousSubscription,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-AllowAnonymousSubscription
+attributeID: 1.2.840.113556.1.4.1394
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-AllowAnonymousSubscription
+adminDescription: MS-SQL-AllowAnonymousSubscription
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-AllowAnonymousSubscription
+schemaIDGUID:: Sr532+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-AllowImmediateUpdatingSubscription,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-AllowImmediateUpdatingSubscription
+attributeID: 1.2.840.113556.1.4.1404
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-AllowImmediateUpdatingSubscription
+adminDescription: MS-SQL-AllowImmediateUpdatingSubscription
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-AllowImmediateUpdatingSubscription
+schemaIDGUID:: bmsYxEvT0hGZmgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-AllowKnownPullSubscription,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-AllowKnownPullSubscription
+attributeID: 1.2.840.113556.1.4.1403
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-AllowKnownPullSubscription
+adminDescription: MS-SQL-AllowKnownPullSubscription
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-AllowKnownPullSubscription
+schemaIDGUID:: VHC7w0vT0hGZmgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-AllowQueuedUpdatingSubscription,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-AllowQueuedUpdatingSubscription
+attributeID: 1.2.840.113556.1.4.1405
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-AllowQueuedUpdatingSubscription
+adminDescription: MS-SQL-AllowQueuedUpdatingSubscription
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-AllowQueuedUpdatingSubscription
+schemaIDGUID:: gMpYxEvT0hGZmgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-AllowSnapshotFilesFTPDownloading,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-AllowSnapshotFilesFTPDownloading
+attributeID: 1.2.840.113556.1.4.1406
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-AllowSnapshotFilesFTPDownloading
+adminDescription: MS-SQL-AllowSnapshotFilesFTPDownloading
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-AllowSnapshotFilesFTPDownloading
+schemaIDGUID:: 6IubxEvT0hGZmgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-AppleTalk,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-AppleTalk
+attributeID: 1.2.840.113556.1.4.1378
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-AppleTalk
+adminDescription: MS-SQL-AppleTalk
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-AppleTalk
+schemaIDGUID:: 9Inaj+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Applications,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Applications
+attributeID: 1.2.840.113556.1.4.1400
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Applications
+adminDescription: MS-SQL-Applications
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Applications
+schemaIDGUID:: 6qLN++7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Build,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Build
+attributeID: 1.2.840.113556.1.4.1368
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Build
+adminDescription: MS-SQL-Build
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Build
+schemaIDGUID:: xJQ+YO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-CharacterSet,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-CharacterSet
+attributeID: 1.2.840.113556.1.4.1370
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-CharacterSet
+adminDescription: MS-SQL-CharacterSet
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mS-SQL-CharacterSet
+schemaIDGUID:: pndhae7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Clustered,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Clustered
+attributeID: 1.2.840.113556.1.4.1373
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Clustered
+adminDescription: MS-SQL-Clustered
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Clustered
+schemaIDGUID:: kL14d+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-ConnectionURL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-ConnectionURL
+attributeID: 1.2.840.113556.1.4.1383
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-ConnectionURL
+adminDescription: MS-SQL-ConnectionURL
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-ConnectionURL
+schemaIDGUID:: 2iMtqe7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Contact,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Contact
+attributeID: 1.2.840.113556.1.4.1365
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Contact
+adminDescription: MS-SQL-Contact
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Contact
+schemaIDGUID:: 2L1sT+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-CreationDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-CreationDate
+attributeID: 1.2.840.113556.1.4.1397
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-CreationDate
+adminDescription: MS-SQL-CreationDate
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-CreationDate
+schemaIDGUID:: VEfh7e7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Database,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Database
+attributeID: 1.2.840.113556.1.4.1393
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Database
+adminDescription: MS-SQL-Database
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: mS-SQL-Database
+schemaIDGUID:: 3Nug1e7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Description
+attributeID: 1.2.840.113556.1.4.1390
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Description
+adminDescription: MS-SQL-Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Description
+schemaIDGUID:: PGCGg+/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-GPSHeight,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-GPSHeight
+attributeID: 1.2.840.113556.1.4.1387
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-GPSHeight
+adminDescription: MS-SQL-GPSHeight
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-GPSHeight
+schemaIDGUID:: Dk/dvO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-GPSLatitude,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-GPSLatitude
+attributeID: 1.2.840.113556.1.4.1385
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-GPSLatitude
+adminDescription: MS-SQL-GPSLatitude
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-GPSLatitude
+schemaIDGUID:: Droisu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-GPSLongitude,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-GPSLongitude
+attributeID: 1.2.840.113556.1.4.1386
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-GPSLongitude
+adminDescription: MS-SQL-GPSLongitude
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-GPSLongitude
+schemaIDGUID:: lHxXt+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-InformationDirectory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-InformationDirectory
+attributeID: 1.2.840.113556.1.4.1392
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-InformationDirectory
+adminDescription: MS-SQL-InformationDirectory
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-InformationDirectory
+schemaIDGUID:: Ltuu0O7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-InformationURL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-InformationURL
+attributeID: 1.2.840.113556.1.4.1382
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-InformationURL
+adminDescription: MS-SQL-InformationURL
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-InformationURL
+schemaIDGUID:: ENUspO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Keywords,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Keywords
+attributeID: 1.2.840.113556.1.4.1401
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Keywords
+adminDescription: MS-SQL-Keywords
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Keywords
+schemaIDGUID:: iqnpAe/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Language,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Language
+attributeID: 1.2.840.113556.1.4.1389
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Language
+adminDescription: MS-SQL-Language
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Language
+schemaIDGUID:: 9HJ/xe7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-LastBackupDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-LastBackupDate
+attributeID: 1.2.840.113556.1.4.1398
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-LastBackupDate
+adminDescription: MS-SQL-LastBackupDate
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-LastBackupDate
+schemaIDGUID:: yqu28u7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-LastDiagnosticDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-LastDiagnosticDate
+attributeID: 1.2.840.113556.1.4.1399
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-LastDiagnosticDate
+adminDescription: MS-SQL-LastDiagnosticDate
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-LastDiagnosticDate
+schemaIDGUID:: iN3W9u7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-LastUpdatedDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-LastUpdatedDate
+attributeID: 1.2.840.113556.1.4.1381
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-LastUpdatedDate
+adminDescription: MS-SQL-LastUpdatedDate
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-LastUpdatedDate
+schemaIDGUID:: 1EPMn+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Location
+attributeID: 1.2.840.113556.1.4.1366
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Location
+adminDescription: MS-SQL-Location
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Location
+schemaIDGUID:: RJYcVu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Memory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Memory
+attributeID: 1.2.840.113556.1.4.1367
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Memory
+adminDescription: MS-SQL-Memory
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Memory
+schemaIDGUID:: jERdW+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-MultiProtocol,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-MultiProtocol
+attributeID: 1.2.840.113556.1.4.1375
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-MultiProtocol
+adminDescription: MS-SQL-MultiProtocol
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-MultiProtocol
+schemaIDGUID:: OPpXge7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Name
+attributeID: 1.2.840.113556.1.4.1363
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Name
+adminDescription: MS-SQL-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: mS-SQL-Name
+schemaIDGUID:: 2N8yNe7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-NamedPipe,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-NamedPipe
+attributeID: 1.2.840.113556.1.4.1374
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-NamedPipe
+adminDescription: MS-SQL-NamedPipe
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-NamedPipe
+schemaIDGUID:: QMiRe+7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-PublicationURL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-PublicationURL
+attributeID: 1.2.840.113556.1.4.1384
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-PublicationURL
+adminDescription: MS-SQL-PublicationURL
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-PublicationURL
+schemaIDGUID:: uBEMru7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Publisher,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Publisher
+attributeID: 1.2.840.113556.1.4.1402
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Publisher
+adminDescription: MS-SQL-Publisher
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Publisher
+schemaIDGUID:: WGhnwUvT0hGZmgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-RegisteredOwner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-RegisteredOwner
+attributeID: 1.2.840.113556.1.4.1364
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-RegisteredOwner
+adminDescription: MS-SQL-RegisteredOwner
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-RegisteredOwner
+schemaIDGUID:: 6kT9SO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-ServiceAccount,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-ServiceAccount
+attributeID: 1.2.840.113556.1.4.1369
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-ServiceAccount
+adminDescription: MS-SQL-ServiceAccount
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-ServiceAccount
+schemaIDGUID:: PjqTZO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Size
+attributeID: 1.2.840.113556.1.4.1396
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Size
+adminDescription: MS-SQL-Size
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Size
+schemaIDGUID:: hIAJ6e7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-SortOrder,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-SortOrder
+attributeID: 1.2.840.113556.1.4.1371
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-SortOrder
+adminDescription: MS-SQL-SortOrder
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-SortOrder
+schemaIDGUID:: wELcbe7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-SPX,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-SPX
+attributeID: 1.2.840.113556.1.4.1376
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-SPX
+adminDescription: MS-SQL-SPX
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-SPX
+schemaIDGUID:: BICwhu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Status,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Status
+attributeID: 1.2.840.113556.1.4.1380
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Status
+adminDescription: MS-SQL-Status
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Status
+schemaIDGUID:: cEd9mu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-TCPIP,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-TCPIP
+attributeID: 1.2.840.113556.1.4.1377
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-TCPIP
+adminDescription: MS-SQL-TCPIP
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-TCPIP
+schemaIDGUID:: pmPCiu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-ThirdParty,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-ThirdParty
+attributeID: 1.2.840.113556.1.4.1407
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-ThirdParty
+adminDescription: MS-SQL-ThirdParty
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mS-SQL-ThirdParty
+schemaIDGUID:: /BHjxEvT0hGZmgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Type
+attributeID: 1.2.840.113556.1.4.1391
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Type
+adminDescription: MS-SQL-Type
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Type
+schemaIDGUID:: qOtIyu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-UnicodeSortOrder,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-UnicodeSortOrder
+attributeID: 1.2.840.113556.1.4.1372
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-UnicodeSortOrder
+adminDescription: MS-SQL-UnicodeSortOrder
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mS-SQL-UnicodeSortOrder
+schemaIDGUID:: ipHccu7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Version
+attributeID: 1.2.840.113556.1.4.1388
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Version
+adminDescription: MS-SQL-Version
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: mS-SQL-Version
+schemaIDGUID:: 0MF8wO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-Vines,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-SQL-Vines
+attributeID: 1.2.840.113556.1.4.1379
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-Vines
+adminDescription: MS-SQL-Vines
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mS-SQL-Vines
+schemaIDGUID:: lGPFlO7M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TAPI-Conference-Blob,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TAPI-Conference-Blob
+attributeID: 1.2.840.113556.1.4.1700
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msTAPI-ConferenceBlob
+adminDescription: msTAPI-ConferenceBlob
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msTAPI-ConferenceBlob
+schemaIDGUID:: HmDETAFyQUGryD5SmuiIYw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TAPI-Ip-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TAPI-Ip-Address
+attributeID: 1.2.840.113556.1.4.1701
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msTAPI-IpAddress
+adminDescription: msTAPI-IpAddress
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTAPI-IpAddress
+schemaIDGUID:: 99fX744XZ0eH+viha4QFRA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TAPI-Protocol-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TAPI-Protocol-Id
+attributeID: 1.2.840.113556.1.4.1699
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msTAPI-ProtocolId
+adminDescription: msTAPI-ProtocolId
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTAPI-ProtocolId
+schemaIDGUID:: z+vBiV96/UGZyskAsyKZqw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TAPI-Unique-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TAPI-Unique-Identifier
+attributeID: 1.2.840.113556.1.4.1698
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msTAPI-uid
+adminDescription: msTAPI-uid
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTAPI-uid
+schemaIDGUID:: 6uekcLmzQ0aJGObdJHG/1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TPM-Owner-Information-Temp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TPM-Owner-Information-Temp
+attributeID: 1.2.840.113556.1.4.2108
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: TPM-OwnerInformationTemp
+adminDescription: 
+ This attribute contains temporary owner information for a particular TPM.
+oMSyntax: 64
+searchFlags: 640
+lDAPDisplayName: msTPM-OwnerInformationTemp
+schemaIDGUID:: nYCUyBO1+E+IEfT0P1rHvA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TPM-OwnerInformation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TPM-OwnerInformation
+attributeID: 1.2.840.113556.1.4.1966
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: TPM-OwnerInformation
+adminDescription: 
+ This attribute contains the owner information of a particular TPM.
+oMSyntax: 64
+searchFlags: 664
+lDAPDisplayName: msTPM-OwnerInformation
+schemaIDGUID:: bRpOqg1VBU6MNUr8uRep/g==
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TPM-Srk-Pub-Thumbprint,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TPM-Srk-Pub-Thumbprint
+attributeID: 1.2.840.113556.1.4.2107
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 20
+showInAdvancedViewOnly: TRUE
+adminDisplayName: TPM-SrkPubThumbprint
+adminDescription: 
+ This attribute contains the thumbprint of the SrkPub corresponding to a partic
+ ular TPM. This helps to index the TPM devices in the directory.
+oMSyntax: 4
+searchFlags: 11
+lDAPDisplayName: msTPM-SrkPubThumbprint
+schemaIDGUID:: 6wbXGXZNokSF1hw0K+O+Nw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TPM-Tpm-Information-For-Computer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TPM-Tpm-Information-For-Computer
+attributeID: 1.2.840.113556.1.4.2109
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2182
+showInAdvancedViewOnly: TRUE
+adminDisplayName: TPM-TpmInformationForComputer
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: This attribute links a Computer object to a TPM object.
+oMSyntax: 127
+searchFlags: 16
+lDAPDisplayName: msTPM-TpmInformationForComputer
+schemaIDGUID:: k3sb6khe1Ua8bE30/aeKNQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TPM-Tpm-Information-For-Computer-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TPM-Tpm-Information-For-Computer-BL
+attributeID: 1.2.840.113556.1.4.2110
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2183
+showInAdvancedViewOnly: TRUE
+adminDisplayName: TPM-TpmInformationForComputerBL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute links a TPM object to the Computer objects associated with it.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msTPM-TpmInformationForComputerBL
+schemaIDGUID:: yYT6FM2OSEO8kW087Ucqtw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Allow-Logon,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Allow-Logon
+attributeID: 1.2.840.113556.1.4.1979
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Allow-Logon
+adminDescription: 
+ Terminal Services Allow Logon specifies whether the user is allowed to log on 
+ to the Terminal Server. The value is 1 if logon is allowed, and 0 if logon is 
+ not allowed.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msTSAllowLogon
+schemaIDGUID:: ZNQMOlS850CTrqZGpuzEtA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Broken-Connection-Action,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Broken-Connection-Action
+attributeID: 1.2.840.113556.1.4.1985
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Broken-Connection-Action
+adminDescription: 
+ Terminal Services Session Broken Connection Action specifies the action to tak
+ e when a Terminal Services session limit is reached. The value is 1 if the cli
+ ent session should be terminated, and 0 if the client session should be discon
+ nected.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msTSBrokenConnectionAction
+schemaIDGUID:: uhv0HARWPkaU1hoSh7csow==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Connect-Client-Drives,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Connect-Client-Drives
+attributeID: 1.2.840.113556.1.4.1986
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Connect-Client-Drives
+adminDescription: 
+ Terminal Services Session Connect Client Drives At Logon specifies whether to 
+ reconnect to mapped client drives at logon. The value is 1 if reconnection is 
+ enabled, and 0 if reconnection is disabled.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msTSConnectClientDrives
+schemaIDGUID:: rypXI90p6kSw+n6EOLmkow==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Connect-Printer-Drives,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Connect-Printer-Drives
+attributeID: 1.2.840.113556.1.4.1987
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Connect-Printer-Drives
+adminDescription: 
+ Terminal Services Session Connect Printer Drives At Logon specifies whether to
+  reconnect to mapped client printers at logon. The value is 1 if reconnection 
+ is enabled, and 0 if reconnection is disabled.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msTSConnectPrinterDrives
+schemaIDGUID:: N6nmjBuHkkyyhdmdQDZoHA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Default-To-Main-Printer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Default-To-Main-Printer
+attributeID: 1.2.840.113556.1.4.1988
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Default-To-Main-Printer
+adminDescription: 
+ Terminal Services Default To Main Printer specifies whether to print automatic
+ ally to the client's default printer. The value is 1 if printing to the client
+ 's default printer is enabled, and 0 if it is disabled.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msTSDefaultToMainPrinter
+schemaIDGUID:: veL/wM/Kx02I1WHp6Vdm9g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Endpoint-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Endpoint-Data
+attributeID: 1.2.840.113556.1.4.2070
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Endpoint-Data
+adminDescription: 
+ This attribute represents the VM Name for machine in TSV deployment.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSEndpointData
+schemaIDGUID:: B8ThQERD80CrQzYlo0pjog==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Endpoint-Plugin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Endpoint-Plugin
+attributeID: 1.2.840.113556.1.4.2072
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Endpoint-Plugin
+adminDescription: 
+ This attribute represents the name of the plugin which handles the orchestrati
+ on.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSEndpointPlugin
+schemaIDGUID:: abUIPB+AWEGxe+Nj1q5pag==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Endpoint-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Endpoint-Type
+attributeID: 1.2.840.113556.1.4.2071
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Endpoint-Type
+adminDescription: 
+ This attribute defines if the machine is a physical machine or a virtual machi
+ ne.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msTSEndpointType
+schemaIDGUID:: gN56N9jixUabzW2d7JOzXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ExpireDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ExpireDate
+attributeID: 1.2.840.113556.1.4.1993
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ExpireDate
+adminDescription: TS Expiration Date
+oMSyntax: 24
+searchFlags: 1
+lDAPDisplayName: msTSExpireDate
+schemaIDGUID:: 9U4AcMMlakSXyJlq6FZndg==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ExpireDate2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ExpireDate2
+attributeID: 1.2.840.113556.1.4.2000
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ExpireDate2
+adminDescription: Expiration date of the second TS per user CAL.
+oMSyntax: 24
+searchFlags: 1
+lDAPDisplayName: msTSExpireDate2
+schemaIDGUID:: cc/fVD+8C0+dWkskdruJJQ==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ExpireDate3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ExpireDate3
+attributeID: 1.2.840.113556.1.4.2003
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ExpireDate3
+adminDescription: Expiration date of the third TS per user CAL.
+oMSyntax: 24
+searchFlags: 1
+lDAPDisplayName: msTSExpireDate3
+schemaIDGUID:: BH+8QXK+MEm9EB80OUEjhw==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ExpireDate4,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ExpireDate4
+attributeID: 1.2.840.113556.1.4.2006
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ExpireDate4
+adminDescription: Expiration date of the fourth TS per user CAL.
+oMSyntax: 24
+searchFlags: 1
+lDAPDisplayName: msTSExpireDate4
+schemaIDGUID:: Q9wRXkogr0+gCGhjYhxvXw==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Home-Directory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Home-Directory
+attributeID: 1.2.840.113556.1.4.1977
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Home-Directory
+adminDescription: 
+ Terminal Services Home Directory specifies the Home directory for the user. Ea
+ ch user on a Terminal Server has a unique home directory. This ensures that ap
+ plication information is stored separately for each user in a multi-user envir
+ onment. To set a home directory on the local computer, specify a local path; f
+ or example, C:\Path. To set a home directory in a network environment, you mus
+ t first set the TerminalServicesHomeDrive property, and then set this property
+  to a UNC path.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSHomeDirectory
+schemaIDGUID:: 8BA1XefEIkG5H6IK3ZDiRg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Home-Drive,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Home-Drive
+attributeID: 1.2.840.113556.1.4.1978
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Home-Drive
+adminDescription: 
+ Terminal Services Home Drive specifies a Home drive for the user. In a network
+  environment, this property is a string containing a drive specification (a dr
+ ive letter followed by a colon) to which the UNC path specified in the Termina
+ lServicesHomeDirectory property is mapped. To set a home directory in a networ
+ k environment, you must first set this property and then set the TerminalServi
+ cesHomeDirectory property.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSHomeDrive
+schemaIDGUID:: 2SQKX/rf2Uysv6BoDANzHg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Initial-Program,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Initial-Program
+attributeID: 1.2.840.113556.1.4.1990
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Initial-Program
+adminDescription: 
+ Terminal Services Session Initial Program specifies the Path and file name of 
+ the application that the user wants to start automatically when the user logs 
+ on to the Terminal Server. To set an initial application to start when the use
+ r logs on, you must first set this property and then set the TerminalServicesW
+ orkDirectory property. If you set only the TerminalServicesInitialProgram prop
+ erty, the application starts in the user's session in the default user directo
+ ry.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSInitialProgram
+schemaIDGUID:: b6wBkmkd+02ALtlVEBCVmQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-LicenseVersion,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-LicenseVersion
+attributeID: 1.2.840.113556.1.4.1994
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-LicenseVersion
+adminDescription: TS License Version
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSLicenseVersion
+schemaIDGUID:: iUrpCi838k2uisZKK8RyeA==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-LicenseVersion2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-LicenseVersion2
+attributeID: 1.2.840.113556.1.4.2001
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-LicenseVersion2
+adminDescription: Version of the second TS per user CAL.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSLicenseVersion2
+schemaIDGUID:: A/ENS5eN2UWtaYXDCAuk5w==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-LicenseVersion3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-LicenseVersion3
+attributeID: 1.2.840.113556.1.4.2004
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-LicenseVersion3
+adminDescription: Version of the third TS per user CAL.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSLicenseVersion3
+schemaIDGUID:: gY+6+KtMc0mjyDptpipeMQ==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-LicenseVersion4,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-LicenseVersion4
+attributeID: 1.2.840.113556.1.4.2007
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-LicenseVersion4
+adminDescription: Version of the fourth TS per user CAL.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSLicenseVersion4
+schemaIDGUID:: l13KcAQjCkmKJ1JnjI0glQ==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ManagingLS,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ManagingLS
+attributeID: 1.2.840.113556.1.4.1995
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ManagingLS
+adminDescription: TS Managing License Server
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSManagingLS
+schemaIDGUID:: R8W887CFLEOawDBFBr8sgw==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ManagingLS2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ManagingLS2
+attributeID: 1.2.840.113556.1.4.2002
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ManagingLS2
+adminDescription: Issuer name of the second TS per user CAL.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSManagingLS2
+schemaIDGUID:: VwefNL1RyE+dZj7O6oolvg==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ManagingLS3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ManagingLS3
+attributeID: 1.2.840.113556.1.4.2005
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ManagingLS3
+adminDescription: Issuer name of the third TS per user CAL.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSManagingLS3
+schemaIDGUID:: wdzV+jAhh0yhGHUyLNZwUA==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-ManagingLS4,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-ManagingLS4
+attributeID: 1.2.840.113556.1.4.2008
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-ManagingLS4
+adminDescription: Issuer name of the fourth TS per user CAL.
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSManagingLS4
+schemaIDGUID:: oLaj9wchQEGzBnXLUhcx5Q==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Max-Connection-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Max-Connection-Time
+attributeID: 1.2.840.113556.1.4.1982
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Max-Connection-Time
+adminDescription: 
+ Terminal Services Session maximum Connection Time is Maximum duration, in minu
+ tes, of the Terminal Services session. After the specified number of minutes h
+ ave elapsed, the session can be disconnected or terminated.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msTSMaxConnectionTime
+schemaIDGUID:: 4g6WHWRklU6ngeO1zV+ViA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Max-Disconnection-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Max-Disconnection-Time
+attributeID: 1.2.840.113556.1.4.1981
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Max-Disconnection-Time
+adminDescription: 
+ Terminal Services Session Maximum Disconnection Time is maximum amount of time
+ , in minutes, that a disconnected Terminal Services session remains active on 
+ the Terminal Server. After the specified number of minutes have elapsed, the s
+ ession is terminated.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msTSMaxDisconnectionTime
+schemaIDGUID:: iXBvMthThEe4FEbYU1EQ0g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Max-Idle-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Max-Idle-Time
+attributeID: 1.2.840.113556.1.4.1983
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Max-Idle-Time
+adminDescription: 
+ Terminal Services Session Maximum Idle Time is maximum amount of time, in minu
+ tes, that the Terminal Services session can remain idle. After the specified n
+ umber of minutes have elapsed, the session can be disconnected or terminated.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msTSMaxIdleTime
+schemaIDGUID:: nJ5z/7drDkayIeJQ894PlQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Primary-Desktop,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Primary-Desktop
+attributeID: 1.2.840.113556.1.4.2073
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 2170
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Primary-Desktop
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute represents the forward link to user's primary desktop.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msTSPrimaryDesktop
+schemaIDGUID:: lJYlKeQJN0KfcpMG6+Y6sg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Primary-Desktop-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Primary-Desktop-BL
+attributeID: 1.2.840.113556.1.4.2074
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2171
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Primary-Desktop-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: This attribute represents the backward link to user.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msTSPrimaryDesktopBL
+schemaIDGUID:: GNyqndFA0U6iv2ub9H09qg==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Profile-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Profile-Path
+attributeID: 1.2.840.113556.1.4.1976
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Profile-Path
+adminDescription: 
+ Terminal Services Profile Path specifies a roaming or mandatory profile path t
+ o use when the user logs on to the Terminal Server. The profile path is in the
+  following network path format: \\servername\profiles folder name\username
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSProfilePath
+schemaIDGUID:: 2zBc5mwxYECjoDh7CD8JzQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-Property01,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-Property01
+attributeID: 1.2.840.113556.1.4.1991
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-Property01
+adminDescription: Placeholder Terminal Server Property 01
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSProperty01
+schemaIDGUID:: d6mu+lWW10mFPfJ7t6rKDw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TS-Property02,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TS-Property02
+attributeID: 1.2.840.113556.1.4.1992
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TS-Property02
+adminDescription: Placeholder Terminal Server Property 02
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSProperty02
+schemaIDGUID:: rPaGNbdReEmrQvk2RjGY5w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Reconnection-Action,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Reconnection-Action
+attributeID: 1.2.840.113556.1.4.1984
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Reconnection-Action
+adminDescription: 
+ Terminal Services Session Reconnection Action specifies whether to allow recon
+ nection to a disconnected Terminal Services session from any client computer. 
+ The value is 1 if reconnection is allowed from the original client computer on
+ ly, and 0 if reconnection from any client computer is allowed.
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: msTSReconnectionAction
+schemaIDGUID:: ytduNhg+f0yrrjUaAeS09w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Remote-Control,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Remote-Control
+attributeID: 1.2.840.113556.1.4.1980
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Remote-Control
+adminDescription: 
+ Terminal Services Remote Control specifies the whether to allow remote observa
+ tion or remote control of the user's Terminal Services session. For a descript
+ ion of these values, see the RemoteControl method of the Win32_TSRemoteControl
+ Setting WMI class. 0 - Disable, 1 - EnableInputNotify, 2 - EnableInputNoNotify
+ , 3 - EnableNoInputNotify and 4 - EnableNoInputNoNotify
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msTSRemoteControl
+schemaIDGUID:: JnIXFUKGi0aMSAPd/QBJgg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Secondary-Desktop-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Secondary-Desktop-BL
+attributeID: 1.2.840.113556.1.4.2078
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2173
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Secondary-Desktop-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: This attribute represents the backward link to user.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msTSSecondaryDesktopBL
+schemaIDGUID:: rwexNAqgWkWxOd0aGxLYrw==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Secondary-Desktops,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Secondary-Desktops
+attributeID: 1.2.840.113556.1.4.2075
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2172
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Secondary-Desktops
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute represents the array of forward links to user's secondary deskt
+ ops.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msTSSecondaryDesktops
+schemaIDGUID:: mqI69jG74Ui/qwpsWh05wg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TS-Work-Directory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-TS-Work-Directory
+attributeID: 1.2.840.113556.1.4.1989
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-TS-Work-Directory
+adminDescription: 
+ Terminal Services Session Work Directory specifies the working directory path 
+ for the user. To set an initial application to start when the user logs on to 
+ the Terminal Server, you must first set the TerminalServicesInitialProgram pro
+ perty, and then set this property.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msTSWorkDirectory
+schemaIDGUID:: ZvZEpzw9yEyDS51Pb2h7iw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TSLS-Property01,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TSLS-Property01
+attributeID: 1.2.840.113556.1.4.2009
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TSLS-Property01
+adminDescription: Placeholder Terminal Server License Server Property 01
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSLSProperty01
+schemaIDGUID:: kDXlhx2XUkqVW0eU0VqErg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-TSLS-Property02,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MS-TSLS-Property02
+attributeID: 1.2.840.113556.1.4.2010
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-TSLS-Property02
+adminDescription: Placeholder Terminal Server License Server Property 02
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msTSLSProperty02
+schemaIDGUID:: sHvHR24xL06X8Q1MSPyp3Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Author,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Author
+attributeID: 1.2.840.113556.1.4.1623
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-Author
+adminDescription: ms-WMI-Author
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Author
+schemaIDGUID:: wcBmY3JpZk6zpR1SrQwFRw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-ChangeDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-ChangeDate
+attributeID: 1.2.840.113556.1.4.1624
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-ChangeDate
+adminDescription: ms-WMI-ChangeDate
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-ChangeDate
+schemaIDGUID:: oPfN+UTsN0mnm82RUis6qA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Class
+attributeID: 1.2.840.113556.1.4.1676
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Class
+adminDescription: ms-WMI-Class
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Class
+schemaIDGUID:: X5LBkCRKB0uyAr4y6zyLdA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-ClassDefinition,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-ClassDefinition
+attributeID: 1.2.840.113556.1.4.1625
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-ClassDefinition
+adminDescription: ms-WMI-ClassDefinition
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-ClassDefinition
+schemaIDGUID:: vA6cK3LCy0WZ0k0OaRYy4A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-CreationDate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-CreationDate
+attributeID: 1.2.840.113556.1.4.1626
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-CreationDate
+adminDescription: ms-WMI-CreationDate
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-CreationDate
+schemaIDGUID:: LgqLdFEzP0uxcS8XQU6neQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Genus,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Genus
+attributeID: 1.2.840.113556.1.4.1677
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Genus
+adminDescription: ms-WMI-Genus
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-Genus
+schemaIDGUID:: OmfIUFaPFEaTCJ4TQPua8w==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-ID
+attributeID: 1.2.840.113556.1.4.1627
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-ID
+adminDescription: ms-WMI-ID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-ID
+schemaIDGUID:: A6g5k7iU90eRI6hTuf9+RQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-int8Default,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-int8Default
+attributeID: 1.2.840.113556.1.4.1632
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-int8Default
+adminDescription: ms-WMI-int8Default
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msWMI-Int8Default
+schemaIDGUID:: WgjY9FuMhUeVm9xYVWbkRQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-int8Max,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-int8Max
+attributeID: 1.2.840.113556.1.4.1633
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-int8Max
+adminDescription: ms-WMI-int8Max
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msWMI-Int8Max
+schemaIDGUID:: R7XY4z0ARkmjK9x87clrdA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-int8Min,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-int8Min
+attributeID: 1.2.840.113556.1.4.1634
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-int8Min
+adminDescription: ms-WMI-int8Min
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msWMI-Int8Min
+schemaIDGUID:: 0YkU7cxUZkCzaKANqiZk8Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-int8ValidValues,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-int8ValidValues
+attributeID: 1.2.840.113556.1.4.1635
+attributeSyntax: 2.5.5.16
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-int8ValidValues
+adminDescription: ms-WMI-int8ValidValues
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: msWMI-Int8ValidValues
+schemaIDGUID:: qRk1EALAG0SYGrCz4BLIAw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intDefault,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intDefault
+attributeID: 1.2.840.113556.1.4.1628
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-intDefault
+adminDescription: ms-WMI-intDefault
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-IntDefault
+schemaIDGUID:: +AcMG912YECh4XAIRhnckA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intFlags1,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intFlags1
+attributeID: 1.2.840.113556.1.4.1678
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-intFlags1
+adminDescription: ms-WMI-intFlags1
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-intFlags1
+schemaIDGUID:: uQbgGEVk40idz7Xs+8Tfjg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intFlags2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intFlags2
+attributeID: 1.2.840.113556.1.4.1679
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-intFlags2
+adminDescription: ms-WMI-intFlags2
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-intFlags2
+schemaIDGUID:: yUJaB1rFsUWsk+sIazH2EA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intFlags3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intFlags3
+attributeID: 1.2.840.113556.1.4.1680
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-intFlags3
+adminDescription: ms-WMI-intFlags3
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-intFlags3
+schemaIDGUID:: Nqef8gne5EuyOuc0wSS6zA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intFlags4,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intFlags4
+attributeID: 1.2.840.113556.1.4.1681
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-intFlags4
+adminDescription: ms-WMI-intFlags4
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-intFlags4
+schemaIDGUID:: rKd0vZPEnEy9+lx7EZymsg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intMax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intMax
+attributeID: 1.2.840.113556.1.4.1629
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-intMax
+adminDescription: ms-WMI-intMax
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-IntMax
+schemaIDGUID:: LAyS+5TyJkSKwdJLQqorzg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intMin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intMin
+attributeID: 1.2.840.113556.1.4.1630
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-intMin
+adminDescription: ms-WMI-intMin
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-IntMin
+schemaIDGUID:: uuPCaDeYcEyY4PDDNpXQIw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-intValidValues,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-intValidValues
+attributeID: 1.2.840.113556.1.4.1631
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-intValidValues
+adminDescription: ms-WMI-intValidValues
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msWMI-IntValidValues
+schemaIDGUID:: 9mX1akmnckuWNDxdR+a04A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Mof,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Mof
+attributeID: 1.2.840.113556.1.4.1638
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-Mof
+adminDescription: ms-WMI-Mof
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Mof
+schemaIDGUID:: n4A2Z2QgPkShRYEmKx8TZg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Name
+attributeID: 1.2.840.113556.1.4.1639
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-Name
+adminDescription: ms-WMI-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Name
+schemaIDGUID:: 5azIxoF+r0KtcndBLFlBxA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-NormalizedClass,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-NormalizedClass
+attributeID: 1.2.840.113556.1.4.1640
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-NormalizedClass
+adminDescription: ms-WMI-NormalizedClass
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-NormalizedClass
+schemaIDGUID:: j2K66o7r6U+D/Gk75pVVmw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Parm1,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Parm1
+attributeID: 1.2.840.113556.1.4.1682
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Parm1
+adminDescription: ms-WMI-Parm1
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Parm1
+schemaIDGUID:: hRToJ7Cxi0q+3c4ZqDfibg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Parm2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Parm2
+attributeID: 1.2.840.113556.1.4.1683
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Parm2
+adminDescription: ms-WMI-Parm2
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Parm2
+schemaIDGUID:: jlADAEKcdkqo9Di/ZLqw3g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Parm3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Parm3
+attributeID: 1.2.840.113556.1.4.1684
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Parm3
+adminDescription: ms-WMI-Parm3
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Parm3
+schemaIDGUID:: to+VRb1Szkifn8JxLZ8r/A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Parm4,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Parm4
+attributeID: 1.2.840.113556.1.4.1685
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Parm4
+adminDescription: ms-WMI-Parm4
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Parm4
+schemaIDGUID:: o9UAOM7xgkulmhUo6nlfWQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-PropertyName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-PropertyName
+attributeID: 1.2.840.113556.1.4.1641
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-PropertyName
+adminDescription: ms-WMI-PropertyName
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-PropertyName
+schemaIDGUID:: gwiSq/jnck20oMBEmJdQnQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Query,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-Query
+attributeID: 1.2.840.113556.1.4.1642
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-Query
+adminDescription: ms-WMI-Query
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-Query
+schemaIDGUID:: Pvn/ZeM1o0WFrodsZxgpfw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-QueryLanguage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-QueryLanguage
+attributeID: 1.2.840.113556.1.4.1643
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-QueryLanguage
+adminDescription: ms-WMI-QueryLanguage
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-QueryLanguage
+schemaIDGUID:: mPo8fXvBVEKL103puTKjRQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-ScopeGuid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-ScopeGuid
+attributeID: 1.2.840.113556.1.4.1686
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-ScopeGuid
+adminDescription: ms-WMI-ScopeGuid
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-ScopeGuid
+schemaIDGUID:: UY23h19Af0uA7SvSh4b0jQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-SourceOrganization,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-SourceOrganization
+attributeID: 1.2.840.113556.1.4.1644
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-SourceOrganization
+adminDescription: ms-WMI-SourceOrganization
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-SourceOrganization
+schemaIDGUID:: bO33NF1hjUGqAFSafXvgPg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-stringDefault,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-stringDefault
+attributeID: 1.2.840.113556.1.4.1636
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-stringDefault
+adminDescription: ms-WMI-stringDefault
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-StringDefault
+schemaIDGUID:: tkIuFcU3VU+rSBYGOEqa6g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-stringValidValues,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-stringValidValues
+attributeID: 1.2.840.113556.1.4.1637
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-stringValidValues
+adminDescription: ms-WMI-stringValidValues
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-StringValidValues
+schemaIDGUID:: MZ1gN7+iWEuPUytk5XoHbQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-TargetClass,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-TargetClass
+attributeID: 1.2.840.113556.1.4.1645
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-TargetClass
+adminDescription: ms-WMI-TargetClass
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-TargetClass
+schemaIDGUID:: 1ti2lejJYUaivGpcq8BMYg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-TargetNameSpace,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-TargetNameSpace
+attributeID: 1.2.840.113556.1.4.1646
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-TargetNameSpace
+adminDescription: ms-WMI-TargetNameSpace
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-TargetNameSpace
+schemaIDGUID:: H7ZKHCA05USEnYtdv2D+tw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-TargetObject,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-TargetObject
+attributeID: 1.2.840.113556.1.4.1647
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-TargetObject
+adminDescription: ms-WMI-TargetObject
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msWMI-TargetObject
+schemaIDGUID:: pWdPxOV9H0qS2WYrVzZLdw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-TargetPath,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-TargetPath
+attributeID: 1.2.840.113556.1.4.1648
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-TargetPath
+adminDescription: ms-WMI-TargetPath
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-TargetPath
+schemaIDGUID:: mqcGUP5rYUWfUhPPTdPlYA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-TargetType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-WMI-TargetType
+attributeID: 1.2.840.113556.1.4.1649
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-WMI-TargetType
+adminDescription: ms-WMI-TargetType
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msWMI-TargetType
+schemaIDGUID:: Higqyism90+0GbwSM1Kk6Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Mscope-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Mscope-Id
+attributeID: 1.2.840.113556.1.4.716
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Mscope-Id
+adminDescription: Mscope-Id
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: mscopeId
+schemaIDGUID:: USc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Msi-File-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Msi-File-List
+attributeID: 1.2.840.113556.1.4.671
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Msi-File-List
+adminDescription: Msi-File-List
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msiFileList
+schemaIDGUID:: fcv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Msi-Script,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Msi-Script
+attributeID: 1.2.840.113556.1.4.814
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Msi-Script
+adminDescription: Msi-Script
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msiScript
+schemaIDGUID:: E4Ph2TmJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Msi-Script-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Msi-Script-Name
+attributeID: 1.2.840.113556.1.4.845
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Msi-Script-Name
+adminDescription: Msi-Script-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msiScriptName
+schemaIDGUID:: Yt2nlhiR0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Msi-Script-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Msi-Script-Path
+attributeID: 1.2.840.113556.1.4.15
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Msi-Script-Path
+adminDescription: Msi-Script-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msiScriptPath
+schemaIDGUID:: N3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Msi-Script-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Msi-Script-Size
+attributeID: 1.2.840.113556.1.4.846
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Msi-Script-Size
+adminDescription: Msi-Script-Size
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msiScriptSize
+schemaIDGUID:: Y92nlhiR0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Authenticate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Authenticate
+attributeID: 1.2.840.113556.1.4.923
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Authenticate
+adminDescription: MSMQ-Authenticate
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQAuthenticate
+schemaIDGUID:: JsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Base-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Base-Priority
+attributeID: 1.2.840.113556.1.4.920
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Base-Priority
+adminDescription: MSMQ-Base-Priority
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQBasePriority
+schemaIDGUID:: I8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Computer-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Computer-Type
+attributeID: 1.2.840.113556.1.4.933
+attributeSyntax: 2.5.5.4
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Computer-Type
+adminDescription: MSMQ-Computer-Type
+oMSyntax: 20
+searchFlags: 0
+lDAPDisplayName: mSMQComputerType
+schemaIDGUID:: LsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Computer-Type-Ex,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Computer-Type-Ex
+attributeID: 1.2.840.113556.1.4.1417
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Computer-Type-Ex
+adminDescription: MSMQ-Computer-Type-Ex
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mSMQComputerTypeEx
+schemaIDGUID:: 6A0SGMT0QUO9lTLrW898gA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Cost,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Cost
+attributeID: 1.2.840.113556.1.4.946
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Cost
+adminDescription: MSMQ-Cost
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQCost
+schemaIDGUID:: OsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-CSP-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-CSP-Name
+attributeID: 1.2.840.113556.1.4.940
+attributeSyntax: 2.5.5.4
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-CSP-Name
+adminDescription: MSMQ-CSP-Name
+oMSyntax: 20
+searchFlags: 0
+lDAPDisplayName: mSMQCSPName
+schemaIDGUID:: NMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Dependent-Client-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Dependent-Client-Service
+attributeID: 1.2.840.113556.1.4.1239
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Dependent-Client-Service
+adminDescription: MSMQ-Dependent-Client-Service
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQDependentClientService
+schemaIDGUID:: gw35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Dependent-Client-Services,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Dependent-Client-Services
+attributeID: 1.2.840.113556.1.4.1226
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Dependent-Client-Services
+adminDescription: MSMQ-Dependent-Client-Services
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQDependentClientServices
+schemaIDGUID:: dg35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Digests,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Digests
+attributeID: 1.2.840.113556.1.4.948
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Digests
+adminDescription: MSMQ-Digests
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: mSMQDigests
+schemaIDGUID:: PMMNmgDB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Digests-Mig,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Digests-Mig
+attributeID: 1.2.840.113556.1.4.966
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Digests-Mig
+adminDescription: MSMQ-Digests-Mig
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQDigestsMig
+schemaIDGUID:: 4NhxDzva0RGQpQDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Ds-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Ds-Service
+attributeID: 1.2.840.113556.1.4.1238
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Ds-Service
+adminDescription: MSMQ-Ds-Service
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQDsService
+schemaIDGUID:: gg35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Ds-Services,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Ds-Services
+attributeID: 1.2.840.113556.1.4.1228
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Ds-Services
+adminDescription: MSMQ-Ds-Services
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQDsServices
+schemaIDGUID:: eA35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Encrypt-Key,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Encrypt-Key
+attributeID: 1.2.840.113556.1.4.936
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Encrypt-Key
+adminDescription: MSMQ-Encrypt-Key
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQEncryptKey
+schemaIDGUID:: McMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Foreign,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Foreign
+attributeID: 1.2.840.113556.1.4.934
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Foreign
+adminDescription: MSMQ-Foreign
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQForeign
+schemaIDGUID:: L8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-In-Routing-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-In-Routing-Servers
+attributeID: 1.2.840.113556.1.4.929
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-In-Routing-Servers
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-In-Routing-Servers
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQInRoutingServers
+schemaIDGUID:: LMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Interval1,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Interval1
+attributeID: 1.2.840.113556.1.4.1308
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Interval1
+adminDescription: MSMQ-Interval1
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQInterval1
+schemaIDGUID:: qiWojns70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Interval2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Interval2
+attributeID: 1.2.840.113556.1.4.1309
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Interval2
+adminDescription: MSMQ-Interval2
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQInterval2
+schemaIDGUID:: Uo+4mXs70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Journal,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Journal
+attributeID: 1.2.840.113556.1.4.918
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Journal
+adminDescription: MSMQ-Journal
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQJournal
+schemaIDGUID:: IcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Journal-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Journal-Quota
+attributeID: 1.2.840.113556.1.4.921
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Journal-Quota
+adminDescription: MSMQ-Journal-Quota
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQJournalQuota
+schemaIDGUID:: JMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Label,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Label
+attributeID: 1.2.840.113556.1.4.922
+attributeSyntax: 2.5.5.4
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 124
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Label
+adminDescription: MSMQ-Label
+oMSyntax: 20
+searchFlags: 1
+lDAPDisplayName: mSMQLabel
+schemaIDGUID:: JcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Label-Ex,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Label-Ex
+attributeID: 1.2.840.113556.1.4.1415
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 124
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Label-Ex
+adminDescription: MSMQ-Label-Ex
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: mSMQLabelEx
+schemaIDGUID:: Ja2ARQfU0kitJEPm5WeT1w==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Long-Lived,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Long-Lived
+attributeID: 1.2.840.113556.1.4.941
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Long-Lived
+adminDescription: MSMQ-Long-Lived
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQLongLived
+schemaIDGUID:: NcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Migrated,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Migrated
+attributeID: 1.2.840.113556.1.4.952
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Migrated
+adminDescription: MSMQ-Migrated
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQMigrated
+schemaIDGUID:: P8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Multicast-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Multicast-Address
+attributeID: 1.2.840.113556.1.4.1714
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 9
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Multicast-Address
+adminDescription: MSMQ-Multicast-Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: MSMQ-MulticastAddress
+schemaIDGUID:: EkQvHQ3xN0ObSG5bElzSZQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Name-Style,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Name-Style
+attributeID: 1.2.840.113556.1.4.939
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Name-Style
+adminDescription: MSMQ-Name-Style
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQNameStyle
+schemaIDGUID:: M8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Nt4-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Nt4-Flags
+attributeID: 1.2.840.113556.1.4.964
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Nt4-Flags
+adminDescription: MSMQ-Nt4-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQNt4Flags
+schemaIDGUID:: WKE463/V0RGQogDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Nt4-Stub,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Nt4-Stub
+attributeID: 1.2.840.113556.1.4.960
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Nt4-Stub
+adminDescription: MSMQ-Nt4-Stub
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQNt4Stub
+schemaIDGUID:: 5kuRb37V0RGQogDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-OS-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-OS-Type
+attributeID: 1.2.840.113556.1.4.935
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-OS-Type
+adminDescription: MSMQ-OS-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQOSType
+schemaIDGUID:: MMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Out-Routing-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Out-Routing-Servers
+attributeID: 1.2.840.113556.1.4.928
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Out-Routing-Servers
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-Out-Routing-Servers
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQOutRoutingServers
+schemaIDGUID:: K8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Owner-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Owner-ID
+attributeID: 1.2.840.113556.1.4.925
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Owner-ID
+adminDescription: MSMQ-Owner-ID
+oMSyntax: 4
+searchFlags: 9
+lDAPDisplayName: mSMQOwnerID
+schemaFlagsEx: 1
+schemaIDGUID:: KMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Prev-Site-Gates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Prev-Site-Gates
+attributeID: 1.2.840.113556.1.4.1225
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Prev-Site-Gates
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-Prev-Site-Gates
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQPrevSiteGates
+schemaIDGUID:: dQ35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Privacy-Level,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Privacy-Level
+attributeID: 1.2.840.113556.1.4.924
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Privacy-Level
+adminDescription: MSMQ-Privacy-Level
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: mSMQPrivacyLevel
+schemaIDGUID:: J8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-QM-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-QM-ID
+attributeID: 1.2.840.113556.1.4.951
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-QM-ID
+adminDescription: MSMQ-QM-ID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQQMID
+schemaIDGUID:: PsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Queue-Journal-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Queue-Journal-Quota
+attributeID: 1.2.840.113556.1.4.963
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Queue-Journal-Quota
+adminDescription: MSMQ-Queue-Journal-Quota
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQQueueJournalQuota
+schemaIDGUID:: ZhJEjn/V0RGQogDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Queue-Name-Ext,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Queue-Name-Ext
+attributeID: 1.2.840.113556.1.4.1243
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 92
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Queue-Name-Ext
+adminDescription: MSMQ-Queue-Name-Ext
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mSMQQueueNameExt
+schemaIDGUID:: hw35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Queue-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Queue-Quota
+attributeID: 1.2.840.113556.1.4.962
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Queue-Quota
+adminDescription: MSMQ-Queue-Quota
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQQueueQuota
+schemaIDGUID:: Eo5rP3/V0RGQogDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Queue-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Queue-Type
+attributeID: 1.2.840.113556.1.4.917
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Queue-Type
+adminDescription: MSMQ-Queue-Type
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: mSMQQueueType
+schemaIDGUID:: IMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Quota
+attributeID: 1.2.840.113556.1.4.919
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Quota
+adminDescription: MSMQ-Quota
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQQuota
+schemaIDGUID:: IsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Recipient-FormatName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Recipient-FormatName
+attributeID: 1.2.840.113556.1.4.1695
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 255
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Recipient-FormatName
+adminDescription: MSMQ-Recipient-FormatName
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msMQ-Recipient-FormatName
+schemaIDGUID:: SGf+O0S1WkiwZxsxDEM0vw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Routing-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Routing-Service
+attributeID: 1.2.840.113556.1.4.1237
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Routing-Service
+adminDescription: MSMQ-Routing-Service
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQRoutingService
+schemaIDGUID:: gQ35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Routing-Services,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Routing-Services
+attributeID: 1.2.840.113556.1.4.1227
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Routing-Services
+adminDescription: MSMQ-Routing-Services
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQRoutingServices
+schemaIDGUID:: dw35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Secured-Source,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Secured-Source
+attributeID: 1.2.840.113556.1.4.1713
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Secured-Source
+adminDescription: MSMQ-Secured-Source
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: MSMQ-SecuredSource
+schemaIDGUID:: GyLwiwZ6Y02R8BSZlBgT0w==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Service-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Service-Type
+attributeID: 1.2.840.113556.1.4.930
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Service-Type
+adminDescription: MSMQ-Service-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQServiceType
+schemaIDGUID:: LcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Services,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Services
+attributeID: 1.2.840.113556.1.4.950
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Services
+adminDescription: MSMQ-Services
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQServices
+schemaIDGUID:: PcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Sign-Certificates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Sign-Certificates
+attributeID: 1.2.840.113556.1.4.947
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1048576
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Sign-Certificates
+adminDescription: MSMQ-Sign-Certificates
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQSignCertificates
+schemaIDGUID:: O8MNmgDB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Sign-Certificates-Mig,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Sign-Certificates-Mig
+attributeID: 1.2.840.113556.1.4.967
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1048576
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Sign-Certificates-Mig
+adminDescription: MSMQ-Sign-Certificates-Mig
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQSignCertificatesMig
+schemaIDGUID:: 6riBODva0RGQpQDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Sign-Key,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Sign-Key
+attributeID: 1.2.840.113556.1.4.937
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Sign-Key
+adminDescription: MSMQ-Sign-Key
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQSignKey
+schemaIDGUID:: MsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-1,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-1
+attributeID: 1.2.840.113556.1.4.943
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-1
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-Site-1
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQSite1
+schemaIDGUID:: N8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-2
+attributeID: 1.2.840.113556.1.4.944
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-2
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-Site-2
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQSite2
+schemaIDGUID:: OMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-Foreign,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-Foreign
+attributeID: 1.2.840.113556.1.4.961
+attributeSyntax: 2.5.5.8
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-Foreign
+adminDescription: MSMQ-Site-Foreign
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQSiteForeign
+schemaIDGUID:: ip0S/X7V0RGQogDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-Gates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-Gates
+attributeID: 1.2.840.113556.1.4.945
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-Gates
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-Site-Gates
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQSiteGates
+schemaIDGUID:: OcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-Gates-Mig,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-Gates-Mig
+attributeID: 1.2.840.113556.1.4.1310
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-Gates-Mig
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: MSMQ-Site-Gates-Mig
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: mSMQSiteGatesMig
+schemaIDGUID:: Ukhw4ns70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-ID
+attributeID: 1.2.840.113556.1.4.953
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-ID
+adminDescription: MSMQ-Site-ID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQSiteID
+schemaIDGUID:: QMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-Name
+attributeID: 1.2.840.113556.1.4.965
+attributeSyntax: 2.5.5.4
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-Name
+adminDescription: MSMQ-Site-Name
+oMSyntax: 20
+searchFlags: 0
+lDAPDisplayName: mSMQSiteName
+schemaIDGUID:: srSt/zne0RGQpQDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-Name-Ex,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Site-Name-Ex
+attributeID: 1.2.840.113556.1.4.1416
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-Name-Ex
+adminDescription: MSMQ-Site-Name-Ex
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mSMQSiteNameEx
+schemaIDGUID:: +kQhQn/BSUaU1pcx7SeE7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Sites,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Sites
+attributeID: 1.2.840.113556.1.4.927
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Sites
+adminDescription: MSMQ-Sites
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQSites
+schemaIDGUID:: KsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Transactional,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Transactional
+attributeID: 1.2.840.113556.1.4.926
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Transactional
+adminDescription: MSMQ-Transactional
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: mSMQTransactional
+schemaIDGUID:: KcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-User-Sid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-User-Sid
+attributeID: 1.2.840.113556.1.4.1337
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-User-Sid
+adminDescription: MSMQ-User-Sid
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: mSMQUserSid
+schemaIDGUID:: Mq6KxflW0hGQ0ADAT9kasQ==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: MSMQ-Version
+attributeID: 1.2.840.113556.1.4.942
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Version
+adminDescription: MSMQ-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: mSMQVersion
+schemaIDGUID:: NsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msNPAllowDialin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msNPAllowDialin
+attributeID: 1.2.840.113556.1.4.1119
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msNPAllowDialin
+adminDescription: msNPAllowDialin
+oMSyntax: 1
+searchFlags: 16
+lDAPDisplayName: msNPAllowDialin
+schemaIDGUID:: hZAM2/LB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msNPCalledStationID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msNPCalledStationID
+attributeID: 1.2.840.113556.1.4.1123
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msNPCalledStationID
+adminDescription: msNPCalledStationID
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: msNPCalledStationID
+schemaIDGUID:: iZAM2/LB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msNPCallingStationID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msNPCallingStationID
+attributeID: 1.2.840.113556.1.4.1124
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msNPCallingStationID
+adminDescription: msNPCallingStationID
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msNPCallingStationID
+schemaIDGUID:: ipAM2/LB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msNPSavedCallingStationID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msNPSavedCallingStationID
+attributeID: 1.2.840.113556.1.4.1130
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msNPSavedCallingStationID
+adminDescription: msNPSavedCallingStationID
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msNPSavedCallingStationID
+schemaIDGUID:: jpAM2/LB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRADIUSCallbackNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRADIUSCallbackNumber
+attributeID: 1.2.840.113556.1.4.1145
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRADIUSCallbackNumber
+adminDescription: msRADIUSCallbackNumber
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUSCallbackNumber
+schemaIDGUID:: nJAM2/LB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRADIUSFramedIPAddress,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRADIUSFramedIPAddress
+attributeID: 1.2.840.113556.1.4.1153
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRADIUSFramedIPAddress
+adminDescription: msRADIUSFramedIPAddress
+oMSyntax: 2
+searchFlags: 16
+lDAPDisplayName: msRADIUSFramedIPAddress
+schemaIDGUID:: pJAM2/LB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRADIUSFramedRoute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRADIUSFramedRoute
+attributeID: 1.2.840.113556.1.4.1158
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRADIUSFramedRoute
+adminDescription: msRADIUSFramedRoute
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRADIUSFramedRoute
+schemaIDGUID:: qZAM2/LB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRADIUSServiceType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRADIUSServiceType
+attributeID: 1.2.840.113556.1.4.1171
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRADIUSServiceType
+adminDescription: msRADIUSServiceType
+oMSyntax: 2
+searchFlags: 16
+lDAPDisplayName: msRADIUSServiceType
+schemaIDGUID:: tpAM2/LB0RG7xQCAx2ZwwA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRASSavedCallbackNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRASSavedCallbackNumber
+attributeID: 1.2.840.113556.1.4.1189
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRASSavedCallbackNumber
+adminDescription: msRASSavedCallbackNumber
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRASSavedCallbackNumber
+schemaIDGUID:: xZAM2/LB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRASSavedFramedIPAddress,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRASSavedFramedIPAddress
+attributeID: 1.2.840.113556.1.4.1190
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRASSavedFramedIPAddress
+adminDescription: msRASSavedFramedIPAddress
+oMSyntax: 2
+searchFlags: 16
+lDAPDisplayName: msRASSavedFramedIPAddress
+schemaIDGUID:: xpAM2/LB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRASSavedFramedRoute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msRASSavedFramedRoute
+attributeID: 1.2.840.113556.1.4.1191
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msRASSavedFramedRoute
+adminDescription: msRASSavedFramedRoute
+oMSyntax: 22
+searchFlags: 16
+lDAPDisplayName: msRASSavedFramedRoute
+schemaIDGUID:: x5AM2/LB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Aliases,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Aliases
+attributeID: 1.2.840.113556.1.6.18.1.323
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 153600
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Aliases
+adminDescription: part of the NIS mail map
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: msSFU30Aliases
+schemaIDGUID:: cfHrIJrGMUyyndy4N9iRLQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Crypt-Method,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Crypt-Method
+attributeID: 1.2.840.113556.1.6.18.1.352
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Crypt-Method
+adminDescription: 
+ used to store the method used for encrypting the UNIX passwords, either MD5 or
+  crypt.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: msSFU30CryptMethod
+schemaIDGUID:: o9IDRXA9uEGwd9/xI8FYZQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Domains,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Domains
+attributeID: 1.2.840.113556.1.6.18.1.340
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 256000
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Domains
+adminDescription: 
+ stores the list of UNIX NIS domains migrated to the same AD NIS domain
+oMSyntax: 22
+searchFlags: 1
+lDAPDisplayName: msSFU30Domains
+schemaIDGUID:: 014JkzBv3Uu3NGXVafX3yQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Field-Separator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Field-Separator
+attributeID: 1.2.840.113556.1.6.18.1.302
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 50
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Field-Separator
+adminDescription: stores Field Separator for each NIS map
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30FieldSeparator
+schemaIDGUID:: QhrhooHnoUyn+uwwf2K2oQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Intra-Field-Separator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Intra-Field-Separator
+attributeID: 1.2.840.113556.1.6.18.1.303
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 50
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Intra-Field-Separator
+adminDescription: 
+ This attribute stores intra field separators for each NIS map
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30IntraFieldSeparator
+schemaIDGUID:: 8K6yleQnuUyICqLZqeojuA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Is-Valid-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Is-Valid-Container
+attributeID: 1.2.840.113556.1.6.18.1.350
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Is-Valid-Container
+adminDescription: 
+ internal to Server for NIS and stores whether the current search root is valid
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: msSFU30IsValidContainer
+schemaIDGUID:: 9ULqDY0nV0G0p0m1lmSRWw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Key-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Key-Attributes
+attributeID: 1.2.840.113556.1.6.18.1.301
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Key-Attributes
+adminDescription: 
+ stores the names of the attributes which the Server for NIS will use as keys t
+ o search a map
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30KeyAttributes
+schemaIDGUID:: mNbsMp7OlEihNHrXawgugw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Key-Values,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Key-Values
+attributeID: 1.2.840.113556.1.6.18.1.324
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 10240
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Key-Values
+adminDescription: 
+ This attribute is internal to Server for NIS and is used as a scratch pad
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: msSFU30KeyValues
+schemaIDGUID:: NQKDN+nl8kaSK9jUTwPnrg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Map-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Map-Filter
+attributeID: 1.2.840.113556.1.6.18.1.306
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Map-Filter
+adminDescription: 
+ stores a string containing map keys, domain name and so on. The string is used
+  to filter data in a map
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30MapFilter
+schemaIDGUID:: AW6xt08CI06tDXHxpAa2hA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Master-Server-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Master-Server-Name
+attributeID: 1.2.840.113556.1.6.18.1.307
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Master-Server-Name
+adminDescription: 
+ The value in this container is returned when Server for NIS processes a yp_mas
+ ter API call
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msSFU30MasterServerName
+schemaIDGUID:: ogjJTBieDkGEWfF8xCICCg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Max-Gid-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Max-Gid-Number
+attributeID: 1.2.840.113556.1.6.18.1.342
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Max-Gid-Number
+adminDescription: stores the maximum number of groups migrated to a NIS domain
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: msSFU30MaxGidNumber
+schemaIDGUID:: pmruBDv4mka/WjwA02NGaQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Max-Uid-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Max-Uid-Number
+attributeID: 1.2.840.113556.1.6.18.1.343
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Max-Uid-Number
+adminDescription: stores the maximum number of users migrated to a NIS domain
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: msSFU30MaxUidNumber
+schemaIDGUID:: N4SZ7ETZKEqFACF1iK38dQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Name
+attributeID: 1.2.840.113556.1.6.18.1.309
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Name
+adminDescription: stores the name of a map
+oMSyntax: 22
+searchFlags: 1
+lDAPDisplayName: msSFU30Name
+schemaIDGUID:: 09HFFsI1YUCocKXO/agE8A==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Netgroup-Host-At-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Netgroup-Host-At-Domain
+attributeID: 1.2.840.113556.1.6.18.1.348
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Netgroup-Host-At-Domain
+adminDescription: 
+ Part of the netgroup map.This attribute represents computed strings such as ho
+ st@domain
+oMSyntax: 22
+searchFlags: 1
+lDAPDisplayName: msSFU30NetgroupHostAtDomain
+schemaIDGUID:: Zb/Sl2YEUkiiWuwg9X7jbA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Netgroup-User-At-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Netgroup-User-At-Domain
+attributeID: 1.2.840.113556.1.6.18.1.349
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Netgroup-User-At-Domain
+adminDescription: 
+ Part of the netgroup map.This attribute represents computed strings such as us
+ er@domain
+oMSyntax: 22
+searchFlags: 1
+lDAPDisplayName: msSFU30NetgroupUserAtDomain
+schemaIDGUID:: 7U7oqTDmZ0u0s8rSqC00Xg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Nis-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Nis-Domain
+attributeID: 1.2.840.113556.1.6.18.1.339
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Nis-Domain
+adminDescription: This attribute is used to store the NIS domain
+oMSyntax: 22
+searchFlags: 9
+lDAPDisplayName: msSFU30NisDomain
+schemaIDGUID:: 47LjnvPH+EWMnxOCvkmE0g==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-NSMAP-Field-Position,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-NSMAP-Field-Position
+attributeID: 1.2.840.113556.1.6.18.1.345
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-NSMAP-Field-Position
+adminDescription: 
+ This attribute stores the "field position", to extract the key from a non-stan
+ dard map
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: msSFU30NSMAPFieldPosition
+schemaIDGUID:: Xp1cWJn1B0+c+UNzr0uJ0w==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Order-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Order-Number
+attributeID: 1.2.840.113556.1.6.18.1.308
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Order-Number
+adminDescription: 
+ Every time the data stored in the msSFU-30-Domain-Info object is changed, the 
+ value of this attribute is incremented. Server for NIS uses this object to che
+ ck if the map has changed. This number is used to track data changes between y
+ pxfer calls
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: msSFU30OrderNumber
+schemaIDGUID:: BV9iAu7Rn0+zZlUma+y5XA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Posix-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Posix-Member
+attributeID: 1.2.840.113556.1.6.18.1.346
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2030
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Posix-Member
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute is used to store the DN display name of users which are a part 
+ of the group
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msSFU30PosixMember
+schemaIDGUID:: Ldh1yEgo7Ey7UDxUhtCdVw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Posix-Member-Of,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Posix-Member-Of
+attributeID: 1.2.840.113556.1.6.18.1.347
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2031
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Posix-Member-Of
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ stores the display names of groups to which this user belongs to
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msSFU30PosixMemberOf
+schemaIDGUID:: kmvXe0QyikOtpiT16jQ4Hg==
+systemOnly: FALSE
+systemFlags: 1
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Result-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Result-Attributes
+attributeID: 1.2.840.113556.1.6.18.1.305
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Result-Attributes
+adminDescription: Server for NIS uses this object as a scratch pad
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30ResultAttributes
+schemaIDGUID:: trBn4UVAM0SsNVP5ctRcug==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Search-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Search-Attributes
+attributeID: 1.2.840.113556.1.6.18.1.304
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Search-Attributes
+adminDescription: 
+ stores the names of the attributes Server for NIS needs while searching a map
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30SearchAttributes
+schemaIDGUID:: 8C2a71cuyEiJUAzGdABHMw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Search-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Search-Container
+attributeID: 1.2.840.113556.1.6.18.1.300
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Search-Container
+adminDescription: 
+ stores the identifier of an object from where each search will begin
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msSFU30SearchContainer
+schemaIDGUID:: or/uJ+v7jk+q1sUCR5lCkQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Yp-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: msSFU-30-Yp-Servers
+attributeID: 1.2.840.113556.1.6.18.1.341
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 20480
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Yp-Servers
+adminDescription: 
+ Stores ypserves list, list of "Servers for NIS" in a NIS domain
+oMSyntax: 22
+searchFlags: 1
+lDAPDisplayName: msSFU30YpServers
+schemaIDGUID:: S5RKCFDh/kuTRUDhrtrrug==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Must-Contain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Must-Contain
+attributeID: 1.2.840.113556.1.2.24
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Must-Contain
+adminDescription: Must-Contain
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: mustContain
+schemaFlagsEx: 1
+schemaIDGUID:: 03mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Name-Service-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Name-Service-Flags
+attributeID: 1.2.840.113556.1.4.753
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Name-Service-Flags
+adminDescription: Name-Service-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: nameServiceFlags
+schemaIDGUID:: QCghgNxL0RGpxAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NC-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NC-Name
+attributeID: 1.2.840.113556.1.2.16
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NC-Name
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: NC-Name
+oMSyntax: 127
+searchFlags: 8
+lDAPDisplayName: nCName
+schemaFlagsEx: 1
+schemaIDGUID:: 1nmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NETBIOS-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NETBIOS-Name
+attributeID: 1.2.840.113556.1.4.87
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NETBIOS-Name
+adminDescription: NETBIOS-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: nETBIOSName
+schemaFlagsEx: 1
+schemaIDGUID:: 2HmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Allow-New-Clients,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Allow-New-Clients
+attributeID: 1.2.840.113556.1.4.849
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Allow-New-Clients
+adminDescription: netboot-Allow-New-Clients
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: netbootAllowNewClients
+schemaIDGUID:: djA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Answer-Only-Valid-Clients,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Answer-Only-Valid-Clients
+attributeID: 1.2.840.113556.1.4.854
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Answer-Only-Valid-Clients
+adminDescription: netboot-Answer-Only-Valid-Clients
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: netbootAnswerOnlyValidClients
+schemaIDGUID:: ezA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Answer-Requests,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Answer-Requests
+attributeID: 1.2.840.113556.1.4.853
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Answer-Requests
+adminDescription: netboot-Answer-Requests
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: netbootAnswerRequests
+schemaIDGUID:: ejA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Current-Client-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Current-Client-Count
+attributeID: 1.2.840.113556.1.4.852
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Current-Client-Count
+adminDescription: netboot-Current-Client-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: netbootCurrentClientCount
+schemaIDGUID:: eTA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Netboot-DUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Netboot-DUID
+attributeID: 1.2.840.113556.1.4.2234
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 2
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Netboot-DUID
+adminDescription: Netboot-DUID
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: netbootDUID
+schemaIDGUID:: vXAlU3c9T0KCLw1jbcbarQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Netboot-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Netboot-GUID
+attributeID: 1.2.840.113556.1.4.359
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Netboot-GUID
+adminDescription: Netboot-GUID
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: netbootGUID
+schemaIDGUID:: IYmXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Netboot-Initialization,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Netboot-Initialization
+attributeID: 1.2.840.113556.1.4.358
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Netboot-Initialization
+adminDescription: Netboot-Initialization
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootInitialization
+schemaIDGUID:: IImXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-IntelliMirror-OSes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-IntelliMirror-OSes
+attributeID: 1.2.840.113556.1.4.857
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-IntelliMirror-OSes
+adminDescription: netboot-IntelliMirror-OSes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootIntelliMirrorOSes
+schemaIDGUID:: fjA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Limit-Clients,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Limit-Clients
+attributeID: 1.2.840.113556.1.4.850
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Limit-Clients
+adminDescription: netboot-Limit-Clients
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: netbootLimitClients
+schemaIDGUID:: dzA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Locally-Installed-OSes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Locally-Installed-OSes
+attributeID: 1.2.840.113556.1.4.859
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Locally-Installed-OSes
+adminDescription: netboot-Locally-Installed-OSes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootLocallyInstalledOSes
+schemaIDGUID:: gDA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Netboot-Machine-File-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Netboot-Machine-File-Path
+attributeID: 1.2.840.113556.1.4.361
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Netboot-Machine-File-Path
+adminDescription: Netboot-Machine-File-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootMachineFilePath
+schemaIDGUID:: I4mXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Max-Clients,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Max-Clients
+attributeID: 1.2.840.113556.1.4.851
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Max-Clients
+adminDescription: netboot-Max-Clients
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: netbootMaxClients
+schemaIDGUID:: eDA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Netboot-Mirror-Data-File,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Netboot-Mirror-Data-File
+attributeID: 1.2.840.113556.1.4.1241
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Netboot-Mirror-Data-File
+adminDescription: Netboot-Mirror-Data-File
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootMirrorDataFile
+schemaIDGUID:: hQ35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-New-Machine-Naming-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-New-Machine-Naming-Policy
+attributeID: 1.2.840.113556.1.4.855
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-New-Machine-Naming-Policy
+adminDescription: netboot-New-Machine-Naming-Policy
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootNewMachineNamingPolicy
+schemaIDGUID:: fDA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-New-Machine-OU,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-New-Machine-OU
+attributeID: 1.2.840.113556.1.4.856
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-New-Machine-OU
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: netboot-New-Machine-OU
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: netbootNewMachineOU
+schemaIDGUID:: fTA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-SCP-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-SCP-BL
+attributeID: 1.2.840.113556.1.4.864
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 101
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-SCP-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: netboot-SCP-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: netbootSCPBL
+schemaIDGUID:: gjA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Server
+attributeID: 1.2.840.113556.1.4.860
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 100
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Server
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: netboot-Server
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: netbootServer
+schemaIDGUID:: gTA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Netboot-SIF-File,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Netboot-SIF-File
+attributeID: 1.2.840.113556.1.4.1240
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Netboot-SIF-File
+adminDescription: Netboot-SIF-File
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootSIFFile
+schemaIDGUID:: hA35LZ8A0hGqTADAT9fYOg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=netboot-Tools,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: netboot-Tools
+attributeID: 1.2.840.113556.1.4.858
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: netboot-Tools
+adminDescription: netboot-Tools
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: netbootTools
+schemaIDGUID:: fzA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Network-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Network-Address
+attributeID: 1.2.840.113556.1.2.459
+attributeSyntax: 2.5.5.4
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 256
+mAPIID: 33136
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Network-Address
+adminDescription: Network-Address
+oMSyntax: 20
+searchFlags: 0
+lDAPDisplayName: networkAddress
+schemaIDGUID:: 2XmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Next-Level-Store,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Next-Level-Store
+attributeID: 1.2.840.113556.1.4.214
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Next-Level-Store
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Next-Level-Store
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: nextLevelStore
+schemaIDGUID:: 2nmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Next-Rid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Next-Rid
+attributeID: 1.2.840.113556.1.4.88
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Next-Rid
+adminDescription: Next-Rid
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: nextRid
+schemaFlagsEx: 1
+schemaIDGUID:: 23mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisMapEntry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NisMapEntry
+attributeID: 1.3.6.1.1.1.1.27
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: nisMapEntry
+adminDescription: This holds one map entry of a non standard map.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: nisMapEntry
+schemaIDGUID:: biGVSsD8LkC1f1lxYmFIqQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisMapName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NisMapName
+attributeID: 1.3.6.1.1.1.1.26
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: nisMapName
+adminDescription: 
+ The attribute contains the name of the map to which the object belongs.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: nisMapName
+schemaIDGUID:: eTydlpoOlU2wrL3ef/jzoQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisNetgroupTriple,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NisNetgroupTriple
+attributeID: 1.3.6.1.1.1.1.14
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 153600
+showInAdvancedViewOnly: TRUE
+adminDisplayName: nisNetgroupTriple
+adminDescription: This attribute represents one entry from a netgroup map.
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: nisNetgroupTriple
+schemaIDGUID:: dC4DqO8w9U+v/A/CF3g/7A==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Non-Security-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Non-Security-Member
+attributeID: 1.2.840.113556.1.4.530
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 50
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Non-Security-Member
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Non-Security-Member
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: nonSecurityMember
+schemaIDGUID:: GIBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Non-Security-Member-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Non-Security-Member-BL
+attributeID: 1.2.840.113556.1.4.531
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 51
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Non-Security-Member-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Non-Security-Member-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: nonSecurityMemberBL
+schemaIDGUID:: GYBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Notification-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Notification-List
+attributeID: 1.2.840.113556.1.4.303
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Notification-List
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Notification-List
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: notificationList
+schemaIDGUID:: VloZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NT-Group-Members,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NT-Group-Members
+attributeID: 1.2.840.113556.1.4.89
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NT-Group-Members
+adminDescription: NT-Group-Members
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: nTGroupMembers
+schemaIDGUID:: 33mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NT-Mixed-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NT-Mixed-Domain
+attributeID: 1.2.840.113556.1.4.357
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NT-Mixed-Domain
+adminDescription: NT-Mixed-Domain
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: nTMixedDomain
+schemaFlagsEx: 1
+schemaIDGUID:: H4mXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Nt-Pwd-History,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Nt-Pwd-History
+attributeID: 1.2.840.113556.1.4.94
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Nt-Pwd-History
+adminDescription: Nt-Pwd-History
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: ntPwdHistory
+schemaFlagsEx: 1
+schemaIDGUID:: 4nmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NT-Security-Descriptor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: NT-Security-Descriptor
+attributeID: 1.2.840.113556.1.2.281
+attributeSyntax: 2.5.5.15
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 132096
+mAPIID: 32787
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NT-Security-Descriptor
+adminDescription: NT-Security-Descriptor
+oMSyntax: 66
+searchFlags: 8
+lDAPDisplayName: nTSecurityDescriptor
+schemaFlagsEx: 1
+schemaIDGUID:: 43mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 26
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Obj-Dist-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Obj-Dist-Name
+attributeID: 2.5.4.49
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+mAPIID: 32828
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Obj-Dist-Name
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Obj-Dist-Name
+oMSyntax: 127
+searchFlags: 8
+lDAPDisplayName: distinguishedName
+schemaFlagsEx: 1
+schemaIDGUID:: 5HmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Category,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Category
+attributeID: 1.2.840.113556.1.4.782
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Category
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Object-Category
+oMSyntax: 127
+searchFlags: 1
+lDAPDisplayName: objectCategory
+schemaFlagsEx: 1
+schemaIDGUID:: aXPZJnBg0RGpxgAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Class
+attributeID: 2.5.4.0
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Class
+adminDescription: Object-Class
+oMSyntax: 6
+searchFlags: 9
+lDAPDisplayName: objectClass
+schemaFlagsEx: 1
+schemaIDGUID:: 5XmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Class-Category,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Class-Category
+attributeID: 1.2.840.113556.1.2.370
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 3
+mAPIID: 33014
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Class-Category
+adminDescription: Object-Class-Category
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: objectClassCategory
+schemaFlagsEx: 1
+schemaIDGUID:: 5nmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Classes
+attributeID: 2.5.21.6
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Classes
+adminDescription: Object-Classes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: objectClasses
+schemaFlagsEx: 1
+schemaIDGUID:: S9l6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Count
+attributeID: 1.2.840.113556.1.4.506
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Count
+adminDescription: Object-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: objectCount
+schemaIDGUID:: FqKqNJm20BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Guid
+attributeID: 1.2.840.113556.1.4.2
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+mAPIID: 35949
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Guid
+adminDescription: Object-Guid
+oMSyntax: 4
+searchFlags: 9
+lDAPDisplayName: objectGUID
+schemaFlagsEx: 1
+schemaIDGUID:: 53mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Sid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Sid
+attributeID: 1.2.840.113556.1.4.146
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 28
+mAPIID: 32807
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Sid
+adminDescription: Object-Sid
+oMSyntax: 4
+searchFlags: 9
+lDAPDisplayName: objectSid
+schemaFlagsEx: 1
+schemaIDGUID:: 6HmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Object-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Object-Version
+attributeID: 1.2.840.113556.1.2.76
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 33015
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Object-Version
+adminDescription: Object-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: objectVersion
+schemaFlagsEx: 1
+schemaIDGUID:: SFh3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OEM-Information,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: OEM-Information
+attributeID: 1.2.840.113556.1.4.151
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: OEM-Information
+adminDescription: OEM-Information
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: oEMInformation
+schemaFlagsEx: 1
+schemaIDGUID:: 6nmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OM-Object-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: OM-Object-Class
+attributeID: 1.2.840.113556.1.2.218
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+mAPIID: 33021
+showInAdvancedViewOnly: TRUE
+adminDisplayName: OM-Object-Class
+adminDescription: OM-Object-Class
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: oMObjectClass
+schemaFlagsEx: 1
+schemaIDGUID:: 7HmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OM-Syntax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: OM-Syntax
+attributeID: 1.2.840.113556.1.2.231
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 33022
+showInAdvancedViewOnly: TRUE
+adminDisplayName: OM-Syntax
+adminDescription: OM-Syntax
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: oMSyntax
+schemaFlagsEx: 1
+schemaIDGUID:: 7XmWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OMT-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: OMT-Guid
+attributeID: 1.2.840.113556.1.4.505
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: OMT-Guid
+adminDescription: OMT-Guid
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: oMTGuid
+schemaIDGUID:: 8wys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OMT-Indx-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: OMT-Indx-Guid
+attributeID: 1.2.840.113556.1.4.333
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: OMT-Indx-Guid
+adminDescription: OMT-Indx-Guid
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: oMTIndxGuid
+schemaIDGUID:: +nUAH0B+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OncRpcNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: OncRpcNumber
+attributeID: 1.3.6.1.1.1.1.18
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: oncRpcNumber
+adminDescription: 
+ This is a part of the rpc map and stores the RPC number for UNIX RPCs.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: oncRpcNumber
+schemaIDGUID:: 9SVoltkBXEqgEdFa6E76VQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Operating-System,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Operating-System
+attributeID: 1.2.840.113556.1.4.363
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Operating-System
+adminDescription: Operating-System
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: operatingSystem
+schemaFlagsEx: 1
+schemaIDGUID:: JYmXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Operating-System-Hotfix,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Operating-System-Hotfix
+attributeID: 1.2.840.113556.1.4.415
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Operating-System-Hotfix
+adminDescription: Operating-System-Hotfix
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: operatingSystemHotfix
+schemaIDGUID:: PBuVvZac0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Operating-System-Service-Pack,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Operating-System-Service-Pack
+attributeID: 1.2.840.113556.1.4.365
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Operating-System-Service-Pack
+adminDescription: Operating-System-Service-Pack
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: operatingSystemServicePack
+schemaFlagsEx: 1
+schemaIDGUID:: J4mXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Operating-System-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Operating-System-Version
+attributeID: 1.2.840.113556.1.4.364
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Operating-System-Version
+adminDescription: Operating-System-Version
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: operatingSystemVersion
+schemaFlagsEx: 1
+schemaIDGUID:: JomXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Operator-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Operator-Count
+attributeID: 1.2.840.113556.1.4.144
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Operator-Count
+adminDescription: Operator-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: operatorCount
+schemaFlagsEx: 1
+schemaIDGUID:: 7nmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Option-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Option-Description
+attributeID: 1.2.840.113556.1.4.712
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Option-Description
+adminDescription: Option-Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: optionDescription
+schemaIDGUID:: TSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Options,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Options
+attributeID: 1.2.840.113556.1.4.307
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Options
+adminDescription: Options
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: options
+schemaFlagsEx: 1
+schemaIDGUID:: U1oZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Options-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Options-Location
+attributeID: 1.2.840.113556.1.4.713
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Options-Location
+adminDescription: Options-Location
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: optionsLocation
+schemaIDGUID:: Tic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Organization-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Organization-Name
+attributeID: 2.5.4.10
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 33025
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Organization-Name
+adminDescription: Organization-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: o
+schemaFlagsEx: 1
+schemaIDGUID:: 73mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Organizational-Unit-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Organizational-Unit-Name
+attributeID: 2.5.4.11
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 33026
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Organizational-Unit-Name
+adminDescription: Organizational-Unit-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: ou
+schemaFlagsEx: 1
+schemaIDGUID:: 8HmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=organizationalStatus,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: organizationalStatus
+attributeID: 0.9.2342.19200300.100.1.45
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: organizationalStatus
+adminDescription: 
+ The organizationalStatus attribute type specifies a category by which a person
+  is often referred to in an organization.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: organizationalStatus
+schemaIDGUID:: GWBZKElzL02t/1pimWH5Qg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Original-Display-Table,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Original-Display-Table
+attributeID: 1.2.840.113556.1.2.445
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 33027
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Original-Display-Table
+adminDescription: Original-Display-Table
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: originalDisplayTable
+schemaIDGUID:: ziTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Original-Display-Table-MSDOS,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Original-Display-Table-MSDOS
+attributeID: 1.2.840.113556.1.2.214
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 33028
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Original-Display-Table-MSDOS
+adminDescription: Original-Display-Table-MSDOS
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: originalDisplayTableMSDOS
+schemaIDGUID:: zyTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Other-Login-Workstations,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Other-Login-Workstations
+attributeID: 1.2.840.113556.1.4.91
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Other-Login-Workstations
+adminDescription: Other-Login-Workstations
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: otherLoginWorkstations
+schemaIDGUID:: 8XmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Other-Mailbox,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Other-Mailbox
+attributeID: 1.2.840.113556.1.4.651
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Other-Mailbox
+adminDescription: Other-Mailbox
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherMailbox
+schemaIDGUID:: I8GWAtpA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Other-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Other-Name
+attributeID: 2.16.840.1.113730.3.1.34
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Other-Name
+adminDescription: Other-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: middleName
+schemaIDGUID:: 8nmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Other-Well-Known-Objects,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Other-Well-Known-Objects
+attributeID: 1.2.840.113556.1.4.1359
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Other-Well-Known-Objects
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: Other-Well-Known-Objects
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: otherWellKnownObjects
+schemaFlagsEx: 1
+schemaIDGUID:: XU6mHg+s0hGQ3wDAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Owner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Owner
+attributeID: 2.5.4.32
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 44
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Owner
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Owner
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: owner
+schemaIDGUID:: 83mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Package-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Package-Flags
+attributeID: 1.2.840.113556.1.4.327
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Package-Flags
+adminDescription: Package-Flags
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: packageFlags
+schemaIDGUID:: mQ5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Package-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Package-Name
+attributeID: 1.2.840.113556.1.4.326
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Package-Name
+adminDescription: Package-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: packageName
+schemaIDGUID:: mA5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Package-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Package-Type
+attributeID: 1.2.840.113556.1.4.324
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Package-Type
+adminDescription: Package-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: packageType
+schemaIDGUID:: lg5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Parent-CA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Parent-CA
+attributeID: 1.2.840.113556.1.4.557
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Parent-CA
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Parent-CA
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: parentCA
+schemaIDGUID:: G4BFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Parent-CA-Certificate-Chain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Parent-CA-Certificate-Chain
+attributeID: 1.2.840.113556.1.4.685
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Parent-CA-Certificate-Chain
+adminDescription: Parent-CA-Certificate-Chain
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: parentCACertificateChain
+schemaIDGUID:: Myc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Parent-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Parent-GUID
+attributeID: 1.2.840.113556.1.4.1224
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Parent-GUID
+adminDescription: Parent-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: parentGUID
+schemaFlagsEx: 1
+schemaIDGUID:: dA35LZ8A0hGqTADAT9fYOg==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Partial-Attribute-Deletion-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Partial-Attribute-Deletion-List
+attributeID: 1.2.840.113556.1.4.663
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Partial-Attribute-Deletion-List
+adminDescription: Partial-Attribute-Deletion-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: partialAttributeDeletionList
+schemaFlagsEx: 1
+schemaIDGUID:: wA5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Partial-Attribute-Set,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Partial-Attribute-Set
+attributeID: 1.2.840.113556.1.4.640
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Partial-Attribute-Set
+adminDescription: Partial-Attribute-Set
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: partialAttributeSet
+schemaFlagsEx: 1
+schemaIDGUID:: nltAGfo80RGpwAAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pek-Key-Change-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pek-Key-Change-Interval
+attributeID: 1.2.840.113556.1.4.866
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pek-Key-Change-Interval
+adminDescription: Pek-Key-Change-Interval
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: pekKeyChangeInterval
+schemaIDGUID:: hDA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pek-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pek-List
+attributeID: 1.2.840.113556.1.4.865
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pek-List
+adminDescription: Pek-List
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pekList
+schemaFlagsEx: 1
+schemaIDGUID:: gzA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pending-CA-Certificates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pending-CA-Certificates
+attributeID: 1.2.840.113556.1.4.693
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pending-CA-Certificates
+adminDescription: Pending-CA-Certificates
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pendingCACertificates
+schemaIDGUID:: PCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pending-Parent-CA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pending-Parent-CA
+attributeID: 1.2.840.113556.1.4.695
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pending-Parent-CA
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Pending-Parent-CA
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: pendingParentCA
+schemaIDGUID:: Pic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Per-Msg-Dialog-Display-Table,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Per-Msg-Dialog-Display-Table
+attributeID: 1.2.840.113556.1.2.325
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 33032
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Per-Msg-Dialog-Display-Table
+adminDescription: Per-Msg-Dialog-Display-Table
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: perMsgDialogDisplayTable
+schemaIDGUID:: 0yTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Per-Recip-Dialog-Display-Table,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Per-Recip-Dialog-Display-Table
+attributeID: 1.2.840.113556.1.2.326
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 32768
+mAPIID: 33033
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Per-Recip-Dialog-Display-Table
+adminDescription: Per-Recip-Dialog-Display-Table
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: perRecipDialogDisplayTable
+schemaIDGUID:: 1CTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Personal-Title,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Personal-Title
+attributeID: 1.2.840.113556.1.2.615
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35947
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Personal-Title
+adminDescription: Personal-Title
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: personalTitle
+schemaIDGUID:: WFh3FvNH0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Fax-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Fax-Other
+attributeID: 1.2.840.113556.1.4.646
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Fax-Other
+adminDescription: Phone-Fax-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherFacsimileTelephoneNumber
+schemaIDGUID:: HcGWAtpA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Home-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Home-Other
+attributeID: 1.2.840.113556.1.2.277
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14895
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Home-Other
+adminDescription: Phone-Home-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherHomePhone
+schemaIDGUID:: ov/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Home-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Home-Primary
+attributeID: 0.9.2342.19200300.100.1.20
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14857
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Home-Primary
+adminDescription: Phone-Home-Primary
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: homePhone
+schemaIDGUID:: of/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Ip-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Ip-Other
+attributeID: 1.2.840.113556.1.4.722
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Ip-Other
+adminDescription: Phone-Ip-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherIpPhone
+schemaIDGUID:: S24UTdRI0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Ip-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Ip-Primary
+attributeID: 1.2.840.113556.1.4.721
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Ip-Primary
+adminDescription: Phone-Ip-Primary
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: ipPhone
+schemaIDGUID:: Sm4UTdRI0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-ISDN-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-ISDN-Primary
+attributeID: 1.2.840.113556.1.4.649
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-ISDN-Primary
+adminDescription: Phone-ISDN-Primary
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: primaryInternationalISDNNumber
+schemaIDGUID:: H8GWAtpA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Mobile-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Mobile-Other
+attributeID: 1.2.840.113556.1.4.647
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Mobile-Other
+adminDescription: Phone-Mobile-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherMobile
+schemaIDGUID:: HsGWAtpA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Mobile-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Mobile-Primary
+attributeID: 0.9.2342.19200300.100.1.41
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14876
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Mobile-Primary
+adminDescription: Phone-Mobile-Primary
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mobile
+schemaIDGUID:: o//48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Office-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Office-Other
+attributeID: 1.2.840.113556.1.2.18
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14875
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Office-Other
+adminDescription: Phone-Office-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherTelephone
+schemaIDGUID:: pf/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Pager-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Pager-Other
+attributeID: 1.2.840.113556.1.2.118
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 35950
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Pager-Other
+adminDescription: Phone-Pager-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: otherPager
+schemaIDGUID:: pP/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Phone-Pager-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Phone-Pager-Primary
+attributeID: 0.9.2342.19200300.100.1.42
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14881
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Phone-Pager-Primary
+adminDescription: Phone-Pager-Primary
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: pager
+schemaIDGUID:: pv/48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=photo,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: photo
+attributeID: 0.9.2342.19200300.100.1.7
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: photo
+adminDescription: 
+ An object encoded in G3 fax as explained in recommendation T.4, with an ASN.1 
+ wrapper to make it compatible with an X.400 BodyPart as defined in X.420.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: photo
+schemaIDGUID:: aJeXnBq6CEyWMsalwe1kmg==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Physical-Delivery-Office-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Physical-Delivery-Office-Name
+attributeID: 2.5.4.19
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 14873
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Physical-Delivery-Office-Name
+adminDescription: Physical-Delivery-Office-Name
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: physicalDeliveryOfficeName
+schemaIDGUID:: 93mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Physical-Location-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Physical-Location-Object
+attributeID: 1.2.840.113556.1.4.514
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Physical-Location-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Physical-Location-Object
+oMSyntax: 127
+searchFlags: 1
+lDAPDisplayName: physicalLocationObject
+schemaIDGUID:: GTGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Picture,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Picture
+attributeID: 2.16.840.1.113730.3.1.35
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 102400
+mAPIID: 35998
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Picture
+adminDescription: Picture
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: thumbnailPhoto
+schemaIDGUID:: UMo7jX4d0BGggQCqAGwz7Q==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Critical-Extensions,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Critical-Extensions
+attributeID: 1.2.840.113556.1.4.1330
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Critical-Extensions
+adminDescription: PKI-Critical-Extensions
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: pKICriticalExtensions
+schemaIDGUID:: BpFa/J070hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Default-CSPs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Default-CSPs
+attributeID: 1.2.840.113556.1.4.1334
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Default-CSPs
+adminDescription: PKI-Default-CSPs
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: pKIDefaultCSPs
+schemaIDGUID:: bjP2Hp470hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Default-Key-Spec,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Default-Key-Spec
+attributeID: 1.2.840.113556.1.4.1327
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Default-Key-Spec
+adminDescription: PKI-Default-Key-Spec
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: pKIDefaultKeySpec
+schemaIDGUID:: bq5sQp070hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Enrollment-Access,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Enrollment-Access
+attributeID: 1.2.840.113556.1.4.1335
+attributeSyntax: 2.5.5.15
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Enrollment-Access
+adminDescription: PKI-Enrollment-Access
+oMSyntax: 66
+searchFlags: 0
+lDAPDisplayName: pKIEnrollmentAccess
+schemaIDGUID:: eOJrkvlW0hGQ0ADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Expiration-Period,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Expiration-Period
+attributeID: 1.2.840.113556.1.4.1331
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Expiration-Period
+adminDescription: PKI-Expiration-Period
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pKIExpirationPeriod
+schemaIDGUID:: 0nAVBJ470hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Extended-Key-Usage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Extended-Key-Usage
+attributeID: 1.2.840.113556.1.4.1333
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Extended-Key-Usage
+adminDescription: PKI-Extended-Key-Usage
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: pKIExtendedKeyUsage
+schemaIDGUID:: 9mqXGJ470hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Key-Usage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Key-Usage
+attributeID: 1.2.840.113556.1.4.1328
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Key-Usage
+adminDescription: PKI-Key-Usage
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pKIKeyUsage
+schemaIDGUID:: fqiw6Z070hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Max-Issuing-Depth,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Max-Issuing-Depth
+attributeID: 1.2.840.113556.1.4.1329
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Max-Issuing-Depth
+adminDescription: PKI-Max-Issuing-Depth
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: pKIMaxIssuingDepth
+schemaIDGUID:: +t6/8J070hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Overlap-Period,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKI-Overlap-Period
+attributeID: 1.2.840.113556.1.4.1332
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Overlap-Period
+adminDescription: PKI-Overlap-Period
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pKIOverlapPeriod
+schemaIDGUID:: 7KMZEp470hGQzADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKT,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKT
+attributeID: 1.2.840.113556.1.4.206
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 10485760
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKT
+adminDescription: PKT
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pKT
+schemaIDGUID:: 8flHhCcQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKT-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: PKT-Guid
+attributeID: 1.2.840.113556.1.4.205
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKT-Guid
+adminDescription: PKT-Guid
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: pKTGuid
+schemaIDGUID:: 8PlHhCcQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Policy-Replication-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Policy-Replication-Flags
+attributeID: 1.2.840.113556.1.4.633
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Policy-Replication-Flags
+adminDescription: Policy-Replication-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: policyReplicationFlags
+schemaIDGUID:: lltAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Port-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Port-Name
+attributeID: 1.2.840.113556.1.4.228
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Port-Name
+adminDescription: Port-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: portName
+schemaIDGUID:: xBYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Poss-Superiors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Poss-Superiors
+attributeID: 1.2.840.113556.1.2.8
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Poss-Superiors
+adminDescription: Poss-Superiors
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: possSuperiors
+schemaFlagsEx: 1
+schemaIDGUID:: +nmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Possible-Inferiors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Possible-Inferiors
+attributeID: 1.2.840.113556.1.4.915
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Possible-Inferiors
+adminDescription: Possible-Inferiors
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: possibleInferiors
+schemaFlagsEx: 1
+schemaIDGUID:: TNl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Post-Office-Box,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Post-Office-Box
+attributeID: 2.5.4.18
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 40
+mAPIID: 14891
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Post-Office-Box
+adminDescription: Post-Office-Box
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: postOfficeBox
+schemaIDGUID:: +3mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Postal-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Postal-Address
+attributeID: 2.5.4.16
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 4096
+mAPIID: 33036
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Postal-Address
+adminDescription: Postal-Address
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: postalAddress
+schemaIDGUID:: /HmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Postal-Code,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Postal-Code
+attributeID: 2.5.4.17
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 40
+mAPIID: 14890
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Postal-Code
+adminDescription: Postal-Code
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: postalCode
+schemaIDGUID:: /XmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Preferred-Delivery-Method,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Preferred-Delivery-Method
+attributeID: 2.5.4.28
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+mAPIID: 33037
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Preferred-Delivery-Method
+adminDescription: Preferred-Delivery-Method
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: preferredDeliveryMethod
+schemaIDGUID:: /nmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Preferred-OU,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Preferred-OU
+attributeID: 1.2.840.113556.1.4.97
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Preferred-OU
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Preferred-OU
+oMSyntax: 127
+searchFlags: 16
+lDAPDisplayName: preferredOU
+schemaIDGUID:: /3mWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=preferredLanguage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: preferredLanguage
+attributeID: 2.16.840.1.113730.3.1.39
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: preferredLanguage
+adminDescription: The preferred written or spoken language for a person.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: preferredLanguage
+schemaIDGUID:: 0OBrhecY4UaPX37k2QIODQ==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Prefix-Map,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Prefix-Map
+attributeID: 1.2.840.113556.1.4.538
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Prefix-Map
+adminDescription: Prefix-Map
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: prefixMap
+schemaFlagsEx: 1
+schemaIDGUID:: IoBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Presentation-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Presentation-Address
+attributeID: 2.5.4.29
+attributeSyntax: 2.5.5.13
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Presentation-Address
+oMObjectClass:: KwwCh3McAIVc
+adminDescription: Presentation-Address
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: presentationAddress
+schemaIDGUID:: S3TfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Previous-CA-Certificates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Previous-CA-Certificates
+attributeID: 1.2.840.113556.1.4.692
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Previous-CA-Certificates
+adminDescription: Previous-CA-Certificates
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: previousCACertificates
+schemaIDGUID:: OSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Previous-Parent-CA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Previous-Parent-CA
+attributeID: 1.2.840.113556.1.4.694
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Previous-Parent-CA
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Previous-Parent-CA
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: previousParentCA
+schemaIDGUID:: PSc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Primary-Group-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Primary-Group-ID
+attributeID: 1.2.840.113556.1.4.98
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Primary-Group-ID
+adminDescription: Primary-Group-ID
+oMSyntax: 2
+searchFlags: 17
+lDAPDisplayName: primaryGroupID
+schemaFlagsEx: 1
+schemaIDGUID:: AHqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Primary-Group-Token,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Primary-Group-Token
+attributeID: 1.2.840.113556.1.4.1412
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Primary-Group-Token
+adminDescription: Primary-Group-Token
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: primaryGroupToken
+schemaFlagsEx: 1
+schemaIDGUID:: OIftwP1+gUSE2WbS24vjaQ==
+systemOnly: TRUE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Attributes
+attributeID: 1.2.840.113556.1.4.247
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Attributes
+adminDescription: Print-Attributes
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printAttributes
+schemaIDGUID:: 1xYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Bin-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Bin-Names
+attributeID: 1.2.840.113556.1.4.237
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Bin-Names
+adminDescription: Print-Bin-Names
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printBinNames
+schemaIDGUID:: zRYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Collate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Collate
+attributeID: 1.2.840.113556.1.4.242
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Collate
+adminDescription: Print-Collate
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: printCollate
+schemaIDGUID:: 0hYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Color,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Color
+attributeID: 1.2.840.113556.1.4.243
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Color
+adminDescription: Print-Color
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: printColor
+schemaIDGUID:: 0xYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Duplex-Supported,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Duplex-Supported
+attributeID: 1.2.840.113556.1.4.1311
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Duplex-Supported
+adminDescription: Print-Duplex-Supported
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: printDuplexSupported
+schemaIDGUID:: zBYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-End-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-End-Time
+attributeID: 1.2.840.113556.1.4.234
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-End-Time
+adminDescription: Print-End-Time
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printEndTime
+schemaIDGUID:: yhYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Form-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Form-Name
+attributeID: 1.2.840.113556.1.4.235
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Form-Name
+adminDescription: Print-Form-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printFormName
+schemaIDGUID:: yxYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Keep-Printed-Jobs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Keep-Printed-Jobs
+attributeID: 1.2.840.113556.1.4.275
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Keep-Printed-Jobs
+adminDescription: Print-Keep-Printed-Jobs
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: printKeepPrintedJobs
+schemaIDGUID:: bV8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Language,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Language
+attributeID: 1.2.840.113556.1.4.246
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Language
+adminDescription: Print-Language
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printLanguage
+schemaIDGUID:: 1hYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-MAC-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-MAC-Address
+attributeID: 1.2.840.113556.1.4.288
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-MAC-Address
+adminDescription: Print-MAC-Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printMACAddress
+schemaIDGUID:: el8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Max-Copies,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Max-Copies
+attributeID: 1.2.840.113556.1.4.241
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Max-Copies
+adminDescription: Print-Max-Copies
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMaxCopies
+schemaIDGUID:: 0RYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Max-Resolution-Supported,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Max-Resolution-Supported
+attributeID: 1.2.840.113556.1.4.238
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Max-Resolution-Supported
+adminDescription: Print-Max-Resolution-Supported
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMaxResolutionSupported
+schemaIDGUID:: zxYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Max-X-Extent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Max-X-Extent
+attributeID: 1.2.840.113556.1.4.277
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Max-X-Extent
+adminDescription: Print-Max-X-Extent
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMaxXExtent
+schemaIDGUID:: b18wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Max-Y-Extent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Max-Y-Extent
+attributeID: 1.2.840.113556.1.4.278
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Max-Y-Extent
+adminDescription: Print-Max-Y-Extent
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMaxYExtent
+schemaIDGUID:: cF8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Media-Ready,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Media-Ready
+attributeID: 1.2.840.113556.1.4.289
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Media-Ready
+adminDescription: Print-Media-Ready
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printMediaReady
+schemaIDGUID:: 9fzLOz1N0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Media-Supported,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Media-Supported
+attributeID: 1.2.840.113556.1.4.299
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Media-Supported
+adminDescription: Print-Media-Supported
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printMediaSupported
+schemaIDGUID:: bylLJL1a0BGv0gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Memory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Memory
+attributeID: 1.2.840.113556.1.4.282
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Memory
+adminDescription: Print-Memory
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMemory
+schemaIDGUID:: dF8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Min-X-Extent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Min-X-Extent
+attributeID: 1.2.840.113556.1.4.279
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Min-X-Extent
+adminDescription: Print-Min-X-Extent
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMinXExtent
+schemaIDGUID:: cV8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Min-Y-Extent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Min-Y-Extent
+attributeID: 1.2.840.113556.1.4.280
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Min-Y-Extent
+adminDescription: Print-Min-Y-Extent
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printMinYExtent
+schemaIDGUID:: cl8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Network-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Network-Address
+attributeID: 1.2.840.113556.1.4.287
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Network-Address
+adminDescription: Print-Network-Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printNetworkAddress
+schemaIDGUID:: eV8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Notify,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Notify
+attributeID: 1.2.840.113556.1.4.272
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Notify
+adminDescription: Print-Notify
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printNotify
+schemaIDGUID:: al8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Number-Up,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Number-Up
+attributeID: 1.2.840.113556.1.4.290
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Number-Up
+adminDescription: Print-Number-Up
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printNumberUp
+schemaIDGUID:: 9PzLOz1N0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Orientations-Supported,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Orientations-Supported
+attributeID: 1.2.840.113556.1.4.240
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Orientations-Supported
+adminDescription: Print-Orientations-Supported
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printOrientationsSupported
+schemaIDGUID:: 0BYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Owner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Owner
+attributeID: 1.2.840.113556.1.4.271
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Owner
+adminDescription: Print-Owner
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printOwner
+schemaIDGUID:: aV8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Pages-Per-Minute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Pages-Per-Minute
+attributeID: 1.2.840.113556.1.4.631
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Pages-Per-Minute
+adminDescription: Print-Pages-Per-Minute
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printPagesPerMinute
+schemaIDGUID:: l1tAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Rate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Rate
+attributeID: 1.2.840.113556.1.4.285
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Rate
+adminDescription: Print-Rate
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printRate
+schemaIDGUID:: d18wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Rate-Unit,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Rate-Unit
+attributeID: 1.2.840.113556.1.4.286
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Rate-Unit
+adminDescription: Print-Rate-Unit
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printRateUnit
+schemaIDGUID:: eF8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Separator-File,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Separator-File
+attributeID: 1.2.840.113556.1.4.230
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Separator-File
+adminDescription: Print-Separator-File
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printSeparatorFile
+schemaIDGUID:: xhYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Share-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Share-Name
+attributeID: 1.2.840.113556.1.4.270
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Share-Name
+adminDescription: Print-Share-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printShareName
+schemaIDGUID:: aF8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Spooling,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Spooling
+attributeID: 1.2.840.113556.1.4.274
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Spooling
+adminDescription: Print-Spooling
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printSpooling
+schemaIDGUID:: bF8wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Stapling-Supported,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Stapling-Supported
+attributeID: 1.2.840.113556.1.4.281
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Stapling-Supported
+adminDescription: Print-Stapling-Supported
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: printStaplingSupported
+schemaIDGUID:: c18wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Start-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Start-Time
+attributeID: 1.2.840.113556.1.4.233
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Start-Time
+adminDescription: Print-Start-Time
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: printStartTime
+schemaIDGUID:: yRYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Status,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Print-Status
+attributeID: 1.2.840.113556.1.4.273
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Status
+adminDescription: Print-Status
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printStatus
+schemaIDGUID:: a18wuuNH0BGhpgDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Printer-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Printer-Name
+attributeID: 1.2.840.113556.1.4.300
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Printer-Name
+adminDescription: Printer-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: printerName
+schemaIDGUID:: bilLJL1a0BGv0gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Prior-Set-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Prior-Set-Time
+attributeID: 1.2.840.113556.1.4.99
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Prior-Set-Time
+adminDescription: Prior-Set-Time
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: priorSetTime
+schemaFlagsEx: 1
+schemaIDGUID:: AXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Prior-Value,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Prior-Value
+attributeID: 1.2.840.113556.1.4.100
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Prior-Value
+adminDescription: Prior-Value
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: priorValue
+schemaFlagsEx: 1
+schemaIDGUID:: AnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Priority
+attributeID: 1.2.840.113556.1.4.231
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Priority
+adminDescription: Priority
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: priority
+schemaIDGUID:: xxYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Private-Key,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Private-Key
+attributeID: 1.2.840.113556.1.4.101
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Private-Key
+adminDescription: Private-Key
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: privateKey
+schemaFlagsEx: 1
+schemaIDGUID:: A3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Privilege-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Privilege-Attributes
+attributeID: 1.2.840.113556.1.4.636
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Privilege-Attributes
+adminDescription: Privilege-Attributes
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: privilegeAttributes
+schemaIDGUID:: mltAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Privilege-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Privilege-Display-Name
+attributeID: 1.2.840.113556.1.4.634
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Privilege-Display-Name
+adminDescription: Privilege-Display-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: privilegeDisplayName
+schemaIDGUID:: mFtAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Privilege-Holder,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Privilege-Holder
+attributeID: 1.2.840.113556.1.4.637
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 70
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Privilege-Holder
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Privilege-Holder
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: privilegeHolder
+schemaIDGUID:: m1tAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Privilege-Value,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Privilege-Value
+attributeID: 1.2.840.113556.1.4.635
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Privilege-Value
+adminDescription: Privilege-Value
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: privilegeValue
+schemaIDGUID:: mVtAGfo80RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Product-Code,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Product-Code
+attributeID: 1.2.840.113556.1.4.818
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Product-Code
+adminDescription: Product-Code
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: productCode
+schemaIDGUID:: F4Ph2TmJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Profile-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Profile-Path
+attributeID: 1.2.840.113556.1.4.139
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Profile-Path
+adminDescription: Profile-Path
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: profilePath
+schemaFlagsEx: 1
+schemaIDGUID:: BXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Proxied-Object-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Proxied-Object-Name
+attributeID: 1.2.840.113556.1.4.1249
+attributeSyntax: 2.5.5.7
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Proxied-Object-Name
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: Proxied-Object-Name
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: proxiedObjectName
+schemaFlagsEx: 1
+schemaIDGUID:: AqSu4VvN0BGv/wAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Proxy-Addresses,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Proxy-Addresses
+attributeID: 1.2.840.113556.1.2.210
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 1123
+mAPIID: 32783
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Proxy-Addresses
+adminDescription: Proxy-Addresses
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: proxyAddresses
+schemaFlagsEx: 1
+schemaIDGUID:: BnqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Proxy-Generation-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Proxy-Generation-Enabled
+attributeID: 1.2.840.113556.1.2.523
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+mAPIID: 33201
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Proxy-Generation-Enabled
+adminDescription: Proxy-Generation-Enabled
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: proxyGenerationEnabled
+schemaIDGUID:: 1iTUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Proxy-Lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Proxy-Lifetime
+attributeID: 1.2.840.113556.1.4.103
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Proxy-Lifetime
+adminDescription: Proxy-Lifetime
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: proxyLifetime
+schemaFlagsEx: 1
+schemaIDGUID:: B3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Public-Key-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Public-Key-Policy
+attributeID: 1.2.840.113556.1.4.420
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Public-Key-Policy
+adminDescription: Public-Key-Policy
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: publicKeyPolicy
+schemaIDGUID:: KH6mgCKf0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: /YmboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Purported-Search,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Purported-Search
+attributeID: 1.2.840.113556.1.4.886
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Purported-Search
+adminDescription: Purported-Search
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: purportedSearch
+schemaIDGUID:: UE61tDqU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pwd-History-Length,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pwd-History-Length
+attributeID: 1.2.840.113556.1.4.95
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 65535
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pwd-History-Length
+adminDescription: Pwd-History-Length
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: pwdHistoryLength
+schemaFlagsEx: 1
+schemaIDGUID:: CXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pwd-Last-Set,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pwd-Last-Set
+attributeID: 1.2.840.113556.1.4.96
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pwd-Last-Set
+adminDescription: Pwd-Last-Set
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: pwdLastSet
+schemaFlagsEx: 1
+schemaIDGUID:: CnqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Pwd-Properties,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Pwd-Properties
+attributeID: 1.2.840.113556.1.4.93
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Pwd-Properties
+adminDescription: Pwd-Properties
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: pwdProperties
+schemaFlagsEx: 1
+schemaIDGUID:: C3qWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: YHNAx78g0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Quality-Of-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Quality-Of-Service
+attributeID: 1.2.840.113556.1.4.458
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Quality-Of-Service
+adminDescription: Quality-Of-Service
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: qualityOfService
+schemaIDGUID:: Tn6mgCKf0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: AYqboujH0BGbrgDAT9ku9Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Query-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Query-Filter
+attributeID: 1.2.840.113556.1.4.1355
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Query-Filter
+adminDescription: Query-Filter
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: queryFilter
+schemaIDGUID:: Jgr3y3h+0hGZIQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Query-Policy-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Query-Policy-BL
+attributeID: 1.2.840.113556.1.4.608
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 69
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Query-Policy-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Query-Policy-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: queryPolicyBL
+schemaIDGUID:: BKSu4VvN0BGv/wAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Query-Policy-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Query-Policy-Object
+attributeID: 1.2.840.113556.1.4.607
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 68
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Query-Policy-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Query-Policy-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: queryPolicyObject
+schemaFlagsEx: 1
+schemaIDGUID:: A6Su4VvN0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=QueryPoint,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: QueryPoint
+attributeID: 1.2.840.113556.1.4.680
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: QueryPoint
+adminDescription: QueryPoint
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: queryPoint
+schemaIDGUID:: hsv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Range-Lower,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Range-Lower
+attributeID: 1.2.840.113556.1.2.34
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 33043
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Range-Lower
+adminDescription: Range-Lower
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: rangeLower
+schemaFlagsEx: 1
+schemaIDGUID:: DHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Range-Upper,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Range-Upper
+attributeID: 1.2.840.113556.1.2.35
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 33044
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Range-Upper
+adminDescription: Range-Upper
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: rangeUpper
+schemaFlagsEx: 1
+schemaIDGUID:: DXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RDN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RDN
+attributeID: 1.2.840.113556.1.4.1
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 255
+mAPIID: 33282
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RDN
+adminDescription: RDN
+oMSyntax: 64
+searchFlags: 13
+lDAPDisplayName: name
+schemaFlagsEx: 1
+schemaIDGUID:: DnqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RDN-Att-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RDN-Att-ID
+attributeID: 1.2.840.113556.1.2.26
+attributeSyntax: 2.5.5.2
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RDN-Att-ID
+adminDescription: RDN-Att-ID
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: rDNAttID
+schemaFlagsEx: 1
+schemaIDGUID:: D3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Registered-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Registered-Address
+attributeID: 2.5.4.26
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 4096
+mAPIID: 33049
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Registered-Address
+adminDescription: Registered-Address
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: registeredAddress
+schemaIDGUID:: EHqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Server-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Remote-Server-Name
+attributeID: 1.2.840.113556.1.4.105
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Remote-Server-Name
+adminDescription: Remote-Server-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: remoteServerName
+schemaIDGUID:: EnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Source,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Remote-Source
+attributeID: 1.2.840.113556.1.4.107
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Remote-Source
+adminDescription: Remote-Source
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: remoteSource
+schemaIDGUID:: FHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Source-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Remote-Source-Type
+attributeID: 1.2.840.113556.1.4.108
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Remote-Source-Type
+adminDescription: Remote-Source-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: remoteSourceType
+schemaIDGUID:: FXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Storage-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Remote-Storage-GUID
+attributeID: 1.2.840.113556.1.4.809
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Remote-Storage-GUID
+adminDescription: Remote-Storage-GUID
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: remoteStorageGUID
+schemaIDGUID:: sMU5KmCJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Repl-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Repl-Interval
+attributeID: 1.2.840.113556.1.4.1336
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Repl-Interval
+adminDescription: Repl-Interval
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: replInterval
+schemaFlagsEx: 1
+schemaIDGUID:: Gp26RfpW0hGQ0ADAT9kasQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Repl-Property-Meta-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Repl-Property-Meta-Data
+attributeID: 1.2.840.113556.1.4.3
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Repl-Property-Meta-Data
+adminDescription: Repl-Property-Meta-Data
+oMSyntax: 4
+searchFlags: 8
+lDAPDisplayName: replPropertyMetaData
+schemaFlagsEx: 1
+schemaIDGUID:: wBYUKGgZ0BGijwCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 27
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Repl-Topology-Stay-Of-Execution,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Repl-Topology-Stay-Of-Execution
+attributeID: 1.2.840.113556.1.4.677
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Repl-Topology-Stay-Of-Execution
+adminDescription: Repl-Topology-Stay-Of-Execution
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: replTopologyStayOfExecution
+schemaFlagsEx: 1
+schemaIDGUID:: g8v9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Repl-UpToDate-Vector,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Repl-UpToDate-Vector
+attributeID: 1.2.840.113556.1.4.4
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Repl-UpToDate-Vector
+adminDescription: Repl-UpToDate-Vector
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: replUpToDateVector
+schemaFlagsEx: 1
+schemaIDGUID:: FnqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Replica-Source,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Replica-Source
+attributeID: 1.2.840.113556.1.4.109
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Replica-Source
+adminDescription: Replica-Source
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: replicaSource
+schemaIDGUID:: GHqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Reports,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Reports
+attributeID: 1.2.840.113556.1.2.436
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 32782
+linkID: 43
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Reports
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Reports
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: directReports
+schemaIDGUID:: HHqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Reps-From,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Reps-From
+attributeID: 1.2.840.113556.1.2.91
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Reps-From
+oMObjectClass:: KoZIhvcUAQEBBg==
+adminDescription: Reps-From
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: repsFrom
+schemaFlagsEx: 1
+schemaIDGUID:: HXqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Reps-To,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Reps-To
+attributeID: 1.2.840.113556.1.2.83
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Reps-To
+oMObjectClass:: KoZIhvcUAQEBBg==
+adminDescription: Reps-To
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: repsTo
+schemaFlagsEx: 1
+schemaIDGUID:: HnqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Required-Categories,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Required-Categories
+attributeID: 1.2.840.113556.1.4.321
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Required-Categories
+adminDescription: Required-Categories
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: requiredCategories
+schemaIDGUID:: kw5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Retired-Repl-DSA-Signatures,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Retired-Repl-DSA-Signatures
+attributeID: 1.2.840.113556.1.4.673
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Retired-Repl-DSA-Signatures
+adminDescription: Retired-Repl-DSA-Signatures
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: retiredReplDSASignatures
+schemaFlagsEx: 1
+schemaIDGUID:: f8v9ewdI0RGpwwAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Revision,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Revision
+attributeID: 1.2.840.113556.1.4.145
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Revision
+adminDescription: Revision
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: revision
+schemaFlagsEx: 1
+schemaIDGUID:: IXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Rid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Rid
+attributeID: 1.2.840.113556.1.4.153
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Rid
+adminDescription: Rid
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: rid
+schemaFlagsEx: 1
+schemaIDGUID:: InqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Allocation-Pool,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Allocation-Pool
+attributeID: 1.2.840.113556.1.4.371
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Allocation-Pool
+adminDescription: RID-Allocation-Pool
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: rIDAllocationPool
+schemaFlagsEx: 1
+schemaIDGUID:: iRgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Available-Pool,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Available-Pool
+attributeID: 1.2.840.113556.1.4.370
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Available-Pool
+adminDescription: RID-Available-Pool
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: rIDAvailablePool
+schemaFlagsEx: 1
+schemaIDGUID:: iBgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Manager-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Manager-Reference
+attributeID: 1.2.840.113556.1.4.368
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Manager-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: RID-Manager-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: rIDManagerReference
+schemaFlagsEx: 1
+schemaIDGUID:: hhgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Next-RID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Next-RID
+attributeID: 1.2.840.113556.1.4.374
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Next-RID
+adminDescription: RID-Next-RID
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: rIDNextRID
+schemaFlagsEx: 1
+schemaIDGUID:: jBgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Previous-Allocation-Pool,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Previous-Allocation-Pool
+attributeID: 1.2.840.113556.1.4.372
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Previous-Allocation-Pool
+adminDescription: RID-Previous-Allocation-Pool
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: rIDPreviousAllocationPool
+schemaFlagsEx: 1
+schemaIDGUID:: ihgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Set-References,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Set-References
+attributeID: 1.2.840.113556.1.4.669
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Set-References
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: RID-Set-References
+oMSyntax: 127
+searchFlags: 8
+lDAPDisplayName: rIDSetReferences
+schemaFlagsEx: 1
+schemaIDGUID:: e8v9ewdI0RGpwwAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Used-Pool,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: RID-Used-Pool
+attributeID: 1.2.840.113556.1.4.373
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Used-Pool
+adminDescription: RID-Used-Pool
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: rIDUsedPool
+schemaFlagsEx: 1
+schemaIDGUID:: ixgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Rights-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Rights-Guid
+attributeID: 1.2.840.113556.1.4.340
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 36
+rangeUpper: 36
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Rights-Guid
+adminDescription: Rights-Guid
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: rightsGuid
+schemaFlagsEx: 1
+schemaIDGUID:: HJOXgtOG0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Role-Occupant,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Role-Occupant
+attributeID: 2.5.4.33
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 33061
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Role-Occupant
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Role-Occupant
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: roleOccupant
+schemaIDGUID:: ZXTfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=roomNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: roomNumber
+attributeID: 0.9.2342.19200300.100.1.6
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: roomNumber
+adminDescription: The room number of an object.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: roomNumber
+schemaIDGUID:: wvjXgSfjDUqRxrQtQAkRXw==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Root-Trust,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Root-Trust
+attributeID: 1.2.840.113556.1.4.674
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Root-Trust
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Root-Trust
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: rootTrust
+schemaFlagsEx: 1
+schemaIDGUID:: gMv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Annotation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Annotation
+attributeID: 1.2.840.113556.1.4.366
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Annotation
+adminDescription: rpc-Ns-Annotation
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: rpcNsAnnotation
+schemaIDGUID:: 3hthiPSM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Bindings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Bindings
+attributeID: 1.2.840.113556.1.4.113
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Bindings
+adminDescription: rpc-Ns-Bindings
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: rpcNsBindings
+schemaIDGUID:: I3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Codeset,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Codeset
+attributeID: 1.2.840.113556.1.4.367
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Codeset
+adminDescription: rpc-Ns-Codeset
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: rpcNsCodeset
+schemaIDGUID:: 4KALepiO0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Entry-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Entry-Flags
+attributeID: 1.2.840.113556.1.4.754
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Entry-Flags
+adminDescription: rpc-Ns-Entry-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: rpcNsEntryFlags
+schemaIDGUID:: QSghgNxL0RGpxAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Group
+attributeID: 1.2.840.113556.1.4.114
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Group
+adminDescription: rpc-Ns-Group
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: rpcNsGroup
+schemaIDGUID:: JHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Interface-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Interface-ID
+attributeID: 1.2.840.113556.1.4.115
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Interface-ID
+adminDescription: rpc-Ns-Interface-ID
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: rpcNsInterfaceID
+schemaIDGUID:: JXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Object-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Object-ID
+attributeID: 1.2.840.113556.1.4.312
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Object-ID
+adminDescription: rpc-Ns-Object-ID
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: rpcNsObjectID
+schemaIDGUID:: SBxAKSd60BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Priority
+attributeID: 1.2.840.113556.1.4.117
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Priority
+adminDescription: rpc-Ns-Priority
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: rpcNsPriority
+schemaIDGUID:: J3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Profile-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Profile-Entry
+attributeID: 1.2.840.113556.1.4.118
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Profile-Entry
+adminDescription: rpc-Ns-Profile-Entry
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: rpcNsProfileEntry
+schemaIDGUID:: KHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Ns-Transfer-Syntax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: rpc-Ns-Transfer-Syntax
+attributeID: 1.2.840.113556.1.4.314
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Ns-Transfer-Syntax
+adminDescription: rpc-Ns-Transfer-Syntax
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: rpcNsTransferSyntax
+schemaIDGUID:: ShxAKSd60BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SAM-Account-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SAM-Account-Name
+attributeID: 1.2.840.113556.1.4.221
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SAM-Account-Name
+adminDescription: SAM-Account-Name
+oMSyntax: 64
+searchFlags: 13
+lDAPDisplayName: sAMAccountName
+schemaFlagsEx: 1
+schemaIDGUID:: 0L8KPmoS0BGgYACqAGwz7Q==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SAM-Account-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SAM-Account-Type
+attributeID: 1.2.840.113556.1.4.302
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SAM-Account-Type
+adminDescription: SAM-Account-Type
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: sAMAccountType
+schemaFlagsEx: 1
+schemaIDGUID:: bGJ7bvJk0BGv0gDAT9kwyQ==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SAM-Domain-Updates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SAM-Domain-Updates
+attributeID: 1.2.840.113556.1.4.1969
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SAM-Domain-Updates
+adminDescription: 
+ Contains a bitmask of performed SAM operations on active directory
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: samDomainUpdates
+schemaFlagsEx: 1
+schemaIDGUID:: FNHSBJn3m0683JDo9bp+vg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Schedule,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Schedule
+attributeID: 1.2.840.113556.1.4.211
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Schedule
+adminDescription: Schedule
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: schedule
+schemaFlagsEx: 1
+schemaIDGUID:: JCJx3eQQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Schema-Flags-Ex,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Schema-Flags-Ex
+attributeID: 1.2.840.113556.1.4.120
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Schema-Flags-Ex
+adminDescription: Schema-Flags-Ex
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: schemaFlagsEx
+schemaFlagsEx: 1
+schemaIDGUID:: K3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Schema-ID-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Schema-ID-GUID
+attributeID: 1.2.840.113556.1.4.148
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Schema-ID-GUID
+adminDescription: Schema-ID-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: schemaIDGUID
+schemaFlagsEx: 1
+schemaIDGUID:: I3mWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Schema-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Schema-Info
+attributeID: 1.2.840.113556.1.4.1358
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Schema-Info
+adminDescription: Schema-Info
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: schemaInfo
+schemaFlagsEx: 1
+schemaIDGUID:: rmT7+bST0hGZRQAA+HpX1A==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Schema-Update,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Schema-Update
+attributeID: 1.2.840.113556.1.4.481
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Schema-Update
+adminDescription: Schema-Update
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: schemaUpdate
+schemaIDGUID:: tAYtHo+s0BGv4wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Schema-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Schema-Version
+attributeID: 1.2.840.113556.1.2.471
+attributeSyntax: 2.5.5.9
+isSingleValued: FALSE
+mAPIID: 33148
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Schema-Version
+adminDescription: Schema-Version
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: schemaVersion
+schemaIDGUID:: LHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Scope-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Scope-Flags
+attributeID: 1.2.840.113556.1.4.1354
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Scope-Flags
+adminDescription: Scope-Flags
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: scopeFlags
+schemaIDGUID:: wqTzFnl+0hGZIQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Script-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Script-Path
+attributeID: 1.2.840.113556.1.4.62
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Script-Path
+adminDescription: Script-Path
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: scriptPath
+schemaFlagsEx: 1
+schemaIDGUID:: qHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SD-Rights-Effective,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SD-Rights-Effective
+attributeID: 1.2.840.113556.1.4.1304
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SD-Rights-Effective
+adminDescription: SD-Rights-Effective
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: sDRightsEffective
+schemaFlagsEx: 1
+schemaIDGUID:: pq/bw98z0hGYsgAA+HpX1A==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Search-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Search-Flags
+attributeID: 1.2.840.113556.1.2.334
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+mAPIID: 33069
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Search-Flags
+adminDescription: Search-Flags
+oMSyntax: 10
+searchFlags: 0
+lDAPDisplayName: searchFlags
+schemaFlagsEx: 1
+schemaIDGUID:: LXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Search-Guide,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Search-Guide
+attributeID: 2.5.4.14
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+mAPIID: 33070
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Search-Guide
+adminDescription: Search-Guide
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: searchGuide
+schemaIDGUID:: LnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=secretary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: secretary
+attributeID: 0.9.2342.19200300.100.1.21
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: secretary
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Specifies the secretary of a person.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: secretary
+schemaIDGUID:: mi0HAa2YU0qXROg+KHJ4+w==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Security-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Security-Identifier
+attributeID: 1.2.840.113556.1.4.121
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Security-Identifier
+adminDescription: Security-Identifier
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: securityIdentifier
+schemaFlagsEx: 1
+schemaIDGUID:: L3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=See-Also,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: See-Also
+attributeID: 2.5.4.34
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 33071
+showInAdvancedViewOnly: TRUE
+adminDisplayName: See-Also
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: See-Also
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: seeAlso
+schemaIDGUID:: MXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Seq-Notification,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Seq-Notification
+attributeID: 1.2.840.113556.1.4.504
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Seq-Notification
+adminDescription: Seq-Notification
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: seqNotification
+schemaIDGUID:: 8gys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Serial-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Serial-Number
+attributeID: 2.5.4.5
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 33072
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Serial-Number
+adminDescription: Serial-Number
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: serialNumber
+schemaIDGUID:: MnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Server-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Server-Name
+attributeID: 1.2.840.113556.1.4.223
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Server-Name
+adminDescription: Server-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: serverName
+schemaFlagsEx: 1
+schemaIDGUID:: oLfcCV8W0BGgZACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Server-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Server-Reference
+attributeID: 1.2.840.113556.1.4.515
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 94
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Server-Reference
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Server-Reference
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: serverReference
+schemaFlagsEx: 1
+schemaIDGUID:: bXPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Server-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Server-Reference-BL
+attributeID: 1.2.840.113556.1.4.516
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 95
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Server-Reference-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Server-Reference-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: serverReferenceBL
+schemaFlagsEx: 1
+schemaIDGUID:: bnPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Server-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Server-Role
+attributeID: 1.2.840.113556.1.4.157
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Server-Role
+adminDescription: Server-Role
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: serverRole
+schemaIDGUID:: M3qWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Server-State,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Server-State
+attributeID: 1.2.840.113556.1.4.154
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Server-State
+adminDescription: Server-State
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: serverState
+schemaFlagsEx: 1
+schemaIDGUID:: NHqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Binding-Information,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-Binding-Information
+attributeID: 1.2.840.113556.1.4.510
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Binding-Information
+adminDescription: Service-Binding-Information
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: serviceBindingInformation
+schemaIDGUID:: HDGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Class-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-Class-ID
+attributeID: 1.2.840.113556.1.4.122
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Class-ID
+adminDescription: Service-Class-ID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: serviceClassID
+schemaIDGUID:: NXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Class-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-Class-Info
+attributeID: 1.2.840.113556.1.4.123
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Class-Info
+adminDescription: Service-Class-Info
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: serviceClassInfo
+schemaIDGUID:: NnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Class-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-Class-Name
+attributeID: 1.2.840.113556.1.4.509
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Class-Name
+adminDescription: Service-Class-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: serviceClassName
+schemaIDGUID:: HTGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-DNS-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-DNS-Name
+attributeID: 1.2.840.113556.1.4.657
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-DNS-Name
+adminDescription: Service-DNS-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: serviceDNSName
+schemaIDGUID:: uA5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-DNS-Name-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-DNS-Name-Type
+attributeID: 1.2.840.113556.1.4.659
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-DNS-Name-Type
+adminDescription: Service-DNS-Name-Type
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: serviceDNSNameType
+schemaIDGUID:: ug5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Instance-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-Instance-Version
+attributeID: 1.2.840.113556.1.4.199
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 8
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Instance-Version
+adminDescription: Service-Instance-Version
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: serviceInstanceVersion
+schemaIDGUID:: N3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Principal-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Service-Principal-Name
+attributeID: 1.2.840.113556.1.4.771
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Principal-Name
+adminDescription: Service-Principal-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: servicePrincipalName
+schemaFlagsEx: 1
+schemaIDGUID:: iEem8wZT0RGpxQAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Setup-Command,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Setup-Command
+attributeID: 1.2.840.113556.1.4.325
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Setup-Command
+adminDescription: Setup-Command
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: setupCommand
+schemaIDGUID:: lw5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowExpire,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowExpire
+attributeID: 1.3.6.1.1.1.1.10
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowExpire
+adminDescription: Absolute date to expire account
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowExpire
+schemaIDGUID:: AJoVdf8f9EyL/07yaVz2Qw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowFlag,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowFlag
+attributeID: 1.3.6.1.1.1.1.11
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowFlag
+adminDescription: 
+ This is a part of the shadow map used to store the flag value.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowFlag
+schemaIDGUID:: Dbf+jdvFtkaxXqQ4nmzumw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowInactive,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowInactive
+attributeID: 1.3.6.1.1.1.1.9
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowInactive
+adminDescription: Number of days before password expiry to warn user
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowInactive
+schemaIDGUID:: Hx2HhhAzEkOO/a9J3PsmcQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowLastChange,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowLastChange
+attributeID: 1.3.6.1.1.1.1.5
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowLastChange
+adminDescription: Last change of shadow information.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowLastChange
+schemaIDGUID:: nGjy+OgpQ0iBd+i5jhXurA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowMax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowMax
+attributeID: 1.3.6.1.1.1.1.7
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowMax
+adminDescription: Maximum number of days password is valid.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowMax
+schemaIDGUID:: UsmF8t1QnkSRYDuIDZmYjQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowMin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowMin
+attributeID: 1.3.6.1.1.1.1.6
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowMin
+adminDescription: Minimum number of days between shadow changes.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowMin
+schemaIDGUID:: N4drp6HlaEWwV9wS4Evksg==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowWarning,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ShadowWarning
+attributeID: 1.3.6.1.1.1.1.8
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowWarning
+adminDescription: Number of days before password expiry to warn user
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: shadowWarning
+schemaIDGUID:: nJzoenYpRkq7ijQPiFYBFw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Shell-Context-Menu,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Shell-Context-Menu
+attributeID: 1.2.840.113556.1.4.615
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Shell-Context-Menu
+adminDescription: Shell-Context-Menu
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: shellContextMenu
+schemaIDGUID:: OdA/VS7z0BGwvADAT9jcpg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Shell-Property-Pages,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Shell-Property-Pages
+attributeID: 1.2.840.113556.1.4.563
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Shell-Property-Pages
+adminDescription: Shell-Property-Pages
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: shellPropertyPages
+schemaIDGUID:: OYBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Short-Server-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Short-Server-Name
+attributeID: 1.2.840.113556.1.4.1209
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Short-Server-Name
+adminDescription: Short-Server-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: shortServerName
+schemaIDGUID:: ARWwRRnE0RG7yQCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Show-In-Address-Book,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Show-In-Address-Book
+attributeID: 1.2.840.113556.1.4.644
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Show-In-Address-Book
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Show-In-Address-Book
+oMSyntax: 127
+searchFlags: 16
+lDAPDisplayName: showInAddressBook
+schemaFlagsEx: 1
+schemaIDGUID:: DvZ0PnM+0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Show-In-Advanced-View-Only,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Show-In-Advanced-View-Only
+attributeID: 1.2.840.113556.1.2.169
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Show-In-Advanced-View-Only
+adminDescription: Show-In-Advanced-View-Only
+oMSyntax: 1
+searchFlags: 17
+lDAPDisplayName: showInAdvancedViewOnly
+schemaFlagsEx: 1
+schemaIDGUID:: hHmWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SID-History,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SID-History
+attributeID: 1.2.840.113556.1.4.609
+attributeSyntax: 2.5.5.17
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SID-History
+adminDescription: SID-History
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: sIDHistory
+schemaFlagsEx: 1
+schemaIDGUID:: eELrF2fR0BGwAgAA+ANnwQ==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Signature-Algorithms,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Signature-Algorithms
+attributeID: 1.2.840.113556.1.4.824
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Signature-Algorithms
+adminDescription: Signature-Algorithms
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: signatureAlgorithms
+schemaIDGUID:: ssU5KmCJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Site-GUID
+attributeID: 1.2.840.113556.1.4.362
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-GUID
+adminDescription: Site-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: siteGUID
+schemaIDGUID:: JImXPgGM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Link-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Site-Link-List
+attributeID: 1.2.840.113556.1.4.822
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 142
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-Link-List
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Site-Link-List
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: siteLinkList
+schemaFlagsEx: 1
+schemaIDGUID:: 3SwM1VGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Site-List
+attributeID: 1.2.840.113556.1.4.821
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 144
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-List
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Site-List
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: siteList
+schemaFlagsEx: 1
+schemaIDGUID:: 3CwM1VGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Site-Object
+attributeID: 1.2.840.113556.1.4.512
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+linkID: 46
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Site-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: siteObject
+schemaFlagsEx: 1
+schemaIDGUID:: TJQQPlTD0BGv+AAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Object-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Site-Object-BL
+attributeID: 1.2.840.113556.1.4.513
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 47
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-Object-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Site-Object-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: siteObjectBL
+schemaIDGUID:: TZQQPlTD0BGv+AAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 17
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Site-Server
+attributeID: 1.2.840.113556.1.4.494
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-Server
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Site-Server
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: siteServer
+schemaIDGUID:: fPHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SMTP-Mail-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SMTP-Mail-Address
+attributeID: 1.2.840.113556.1.4.786
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SMTP-Mail-Address
+adminDescription: SMTP-Mail-Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: mailAddress
+schemaFlagsEx: 1
+schemaIDGUID:: b3PZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SPN-Mappings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SPN-Mappings
+attributeID: 1.2.840.113556.1.4.1347
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SPN-Mappings
+adminDescription: SPN-Mappings
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: sPNMappings
+schemaFlagsEx: 1
+schemaIDGUID:: bOewKkFw0hGZBQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=State-Or-Province-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: State-Or-Province-Name
+attributeID: 2.5.4.8
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 14888
+showInAdvancedViewOnly: TRUE
+adminDisplayName: State-Or-Province-Name
+adminDescription: State-Or-Province-Name
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: st
+schemaFlagsEx: 1
+schemaIDGUID:: OXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Street-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Street-Address
+attributeID: 2.5.4.9
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+mAPIID: 33082
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Street-Address
+adminDescription: Street-Address
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: street
+schemaFlagsEx: 1
+schemaIDGUID:: OnqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Structural-Object-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Structural-Object-Class
+attributeID: 2.5.21.9
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Structural-Object-Class
+adminDescription: The class hierarchy without auxiliary classes
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: structuralObjectClass
+schemaFlagsEx: 1
+schemaIDGUID:: n5RgOKj2OEuZUIHstrwpgg==
+systemOnly: FALSE
+systemFlags: 20
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sub-Class-Of,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Sub-Class-Of
+attributeID: 1.2.840.113556.1.2.21
+attributeSyntax: 2.5.5.2
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sub-Class-Of
+adminDescription: Sub-Class-Of
+oMSyntax: 6
+searchFlags: 8
+lDAPDisplayName: subClassOf
+schemaFlagsEx: 1
+schemaIDGUID:: O3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sub-Refs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Sub-Refs
+attributeID: 1.2.840.113556.1.2.7
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+mAPIID: 33083
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sub-Refs
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Sub-Refs
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: subRefs
+schemaFlagsEx: 1
+schemaIDGUID:: PHqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SubSchemaSubEntry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: SubSchemaSubEntry
+attributeID: 2.5.18.10
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SubSchemaSubEntry
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: SubSchemaSubEntry
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: subSchemaSubEntry
+schemaFlagsEx: 1
+schemaIDGUID:: Tdl6mlPK0RG70ACAx2ZwwA==
+systemOnly: TRUE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Super-Scope-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Super-Scope-Description
+attributeID: 1.2.840.113556.1.4.711
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Super-Scope-Description
+adminDescription: Super-Scope-Description
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: superScopeDescription
+schemaIDGUID:: TCc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Super-Scopes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Super-Scopes
+attributeID: 1.2.840.113556.1.4.710
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Super-Scopes
+adminDescription: Super-Scopes
+oMSyntax: 19
+searchFlags: 0
+lDAPDisplayName: superScopes
+schemaIDGUID:: Syc9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Superior-DNS-Root,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Superior-DNS-Root
+attributeID: 1.2.840.113556.1.4.532
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Superior-DNS-Root
+adminDescription: Superior-DNS-Root
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: superiorDNSRoot
+schemaFlagsEx: 1
+schemaIDGUID:: HYBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Supplemental-Credentials,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Supplemental-Credentials
+attributeID: 1.2.840.113556.1.4.125
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Supplemental-Credentials
+adminDescription: Supplemental-Credentials
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: supplementalCredentials
+schemaFlagsEx: 1
+schemaIDGUID:: P3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Supported-Application-Context,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Supported-Application-Context
+attributeID: 2.5.4.30
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+mAPIID: 33085
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Supported-Application-Context
+adminDescription: Supported-Application-Context
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: supportedApplicationContext
+schemaIDGUID:: j1h3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Surname,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Surname
+attributeID: 2.5.4.4
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14865
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Surname
+adminDescription: Surname
+oMSyntax: 64
+searchFlags: 5
+lDAPDisplayName: sn
+schemaFlagsEx: 1
+schemaIDGUID:: QXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sync-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Sync-Attributes
+attributeID: 1.2.840.113556.1.4.666
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sync-Attributes
+adminDescription: Sync-Attributes
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: syncAttributes
+schemaIDGUID:: 5FF2Ax1E0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sync-Membership,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Sync-Membership
+attributeID: 1.2.840.113556.1.4.665
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 78
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sync-Membership
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Sync-Membership
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: syncMembership
+schemaIDGUID:: 41F2Ax1E0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sync-With-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Sync-With-Object
+attributeID: 1.2.840.113556.1.4.664
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sync-With-Object
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Sync-With-Object
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: syncWithObject
+schemaIDGUID:: 4lF2Ax1E0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sync-With-SID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Sync-With-SID
+attributeID: 1.2.840.113556.1.4.667
+attributeSyntax: 2.5.5.17
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sync-With-SID
+adminDescription: Sync-With-SID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: syncWithSID
+schemaIDGUID:: 5VF2Ax1E0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=System-Auxiliary-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: System-Auxiliary-Class
+attributeID: 1.2.840.113556.1.4.198
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: System-Auxiliary-Class
+adminDescription: System-Auxiliary-Class
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: systemAuxiliaryClass
+schemaFlagsEx: 1
+schemaIDGUID:: Q3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=System-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: System-Flags
+attributeID: 1.2.840.113556.1.4.375
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: System-Flags
+adminDescription: System-Flags
+oMSyntax: 2
+searchFlags: 8
+lDAPDisplayName: systemFlags
+schemaFlagsEx: 1
+schemaIDGUID:: Yh764EWb0BGv3QDAT9kwyQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=System-May-Contain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: System-May-Contain
+attributeID: 1.2.840.113556.1.4.196
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: System-May-Contain
+adminDescription: System-May-Contain
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: systemMayContain
+schemaFlagsEx: 1
+schemaIDGUID:: RHqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=System-Must-Contain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: System-Must-Contain
+attributeID: 1.2.840.113556.1.4.197
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: System-Must-Contain
+adminDescription: System-Must-Contain
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: systemMustContain
+schemaFlagsEx: 1
+schemaIDGUID:: RXqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=System-Only,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: System-Only
+attributeID: 1.2.840.113556.1.4.170
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: System-Only
+adminDescription: System-Only
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: systemOnly
+schemaFlagsEx: 1
+schemaIDGUID:: RnqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=System-Poss-Superiors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: System-Poss-Superiors
+attributeID: 1.2.840.113556.1.4.195
+attributeSyntax: 2.5.5.2
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: System-Poss-Superiors
+adminDescription: System-Poss-Superiors
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: systemPossSuperiors
+schemaFlagsEx: 1
+schemaIDGUID:: R3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Telephone-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Telephone-Number
+attributeID: 2.5.4.20
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+mAPIID: 14856
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Telephone-Number
+adminDescription: Telephone-Number
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: telephoneNumber
+schemaIDGUID:: SXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Teletex-Terminal-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Teletex-Terminal-Identifier
+attributeID: 2.5.4.22
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+mAPIID: 33091
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Teletex-Terminal-Identifier
+adminDescription: Teletex-Terminal-Identifier
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: teletexTerminalIdentifier
+schemaIDGUID:: SnqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Telex-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Telex-Number
+attributeID: 2.5.4.21
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 32
+mAPIID: 14892
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Telex-Number
+adminDescription: Telex-Number
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: telexNumber
+schemaIDGUID:: S3qWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Telex-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Telex-Primary
+attributeID: 1.2.840.113556.1.4.648
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 64
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Telex-Primary
+adminDescription: Telex-Primary
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: primaryTelexNumber
+schemaIDGUID:: IcGWAtpA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Template-Roots,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Template-Roots
+attributeID: 1.2.840.113556.1.4.1346
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Template-Roots
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Template-Roots
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: templateRoots
+schemaFlagsEx: 1
+schemaIDGUID:: oOmd7UFw0hGZBQAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Template-Roots2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Template-Roots2
+attributeID: 1.2.840.113556.1.4.2048
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2126
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Template-Roots2
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ This attribute is used on the Exchange config container to indicate where the 
+ template containers are stored. This information is used by the Active Directo
+ ry MAPI provider.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: templateRoots2
+schemaFlagsEx: 1
+schemaIDGUID:: GqnLsYIGYkOmWRU+IB7waQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Terminal-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Terminal-Server
+attributeID: 1.2.840.113556.1.4.885
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeUpper: 20480
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Terminal-Server
+adminDescription: Terminal-Server
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: terminalServer
+schemaIDGUID:: HJq2bSKU0RGuvQAA+ANnwQ==
+attributeSecurityGUID:: YrwFWMm9KESl4oVqD0wYXg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Text-Country,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Text-Country
+attributeID: 1.2.840.113556.1.2.131
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 14886
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Text-Country
+adminDescription: Text-Country
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: co
+schemaIDGUID:: p//48JER0BGgYACqAGwz7Q==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Text-Encoded-OR-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Text-Encoded-OR-Address
+attributeID: 0.9.2342.19200300.100.1.2
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+mAPIID: 35969
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Text-Encoded-OR-Address
+adminDescription: Text-Encoded-OR-Address
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: textEncodedORAddress
+schemaIDGUID:: iXTfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Time-Refresh,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Time-Refresh
+attributeID: 1.2.840.113556.1.4.503
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Time-Refresh
+adminDescription: Time-Refresh
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: timeRefresh
+schemaIDGUID:: 8Qys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Time-Vol-Change,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Time-Vol-Change
+attributeID: 1.2.840.113556.1.4.502
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Time-Vol-Change
+adminDescription: Time-Vol-Change
+oMSyntax: 65
+searchFlags: 1
+lDAPDisplayName: timeVolChange
+schemaIDGUID:: 8Ays3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Title,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Title
+attributeID: 2.5.4.12
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 14871
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Title
+adminDescription: Title
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: title
+schemaIDGUID:: VXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Token-Groups,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Token-Groups
+attributeID: 1.2.840.113556.1.4.1301
+attributeSyntax: 2.5.5.17
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Token-Groups
+adminDescription: Token-Groups
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: tokenGroups
+schemaFlagsEx: 1
+schemaIDGUID:: bZ7Gt8cs0hGFTgCgyYP2CA==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Token-Groups-Global-And-Universal,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Token-Groups-Global-And-Universal
+attributeID: 1.2.840.113556.1.4.1418
+attributeSyntax: 2.5.5.17
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Token-Groups-Global-And-Universal
+adminDescription: Token-Groups-Global-And-Universal
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: tokenGroupsGlobalAndUniversal
+schemaFlagsEx: 1
+schemaIDGUID:: HbGpRq5gWkC36P+KWNRW0g==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Token-Groups-No-GC-Acceptable,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Token-Groups-No-GC-Acceptable
+attributeID: 1.2.840.113556.1.4.1303
+attributeSyntax: 2.5.5.17
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Token-Groups-No-GC-Acceptable
+adminDescription: Token-Groups-No-GC-Acceptable
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: tokenGroupsNoGCAcceptable
+schemaFlagsEx: 1
+schemaIDGUID:: ksMPBN8z0hGYsgAA+HpX1A==
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+systemOnly: FALSE
+systemFlags: 134217748
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Tombstone-Lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Tombstone-Lifetime
+attributeID: 1.2.840.113556.1.2.54
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 33093
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Tombstone-Lifetime
+adminDescription: Tombstone-Lifetime
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: tombstoneLifetime
+schemaFlagsEx: 1
+schemaIDGUID:: YKjDFnMS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Transport-Address-Attribute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Transport-Address-Attribute
+attributeID: 1.2.840.113556.1.4.895
+attributeSyntax: 2.5.5.2
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Transport-Address-Attribute
+adminDescription: Transport-Address-Attribute
+oMSyntax: 6
+searchFlags: 0
+lDAPDisplayName: transportAddressAttribute
+schemaFlagsEx: 1
+schemaIDGUID:: fIbcwWGi0RG2BgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Transport-DLL-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Transport-DLL-Name
+attributeID: 1.2.840.113556.1.4.789
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Transport-DLL-Name
+adminDescription: Transport-DLL-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: transportDLLName
+schemaFlagsEx: 1
+schemaIDGUID:: cnPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Transport-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Transport-Type
+attributeID: 1.2.840.113556.1.4.791
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Transport-Type
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Transport-Type
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: transportType
+schemaFlagsEx: 1
+schemaIDGUID:: dHPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Treat-As-Leaf,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Treat-As-Leaf
+attributeID: 1.2.840.113556.1.4.806
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Treat-As-Leaf
+adminDescription: Treat-As-Leaf
+oMSyntax: 1
+searchFlags: 0
+lDAPDisplayName: treatAsLeaf
+schemaIDGUID:: 40TQjx930RGurgAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Tree-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Tree-Name
+attributeID: 1.2.840.113556.1.4.660
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Tree-Name
+adminDescription: Tree-Name
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: treeName
+schemaIDGUID:: vQ5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Attributes
+attributeID: 1.2.840.113556.1.4.470
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Attributes
+adminDescription: Trust-Attributes
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: trustAttributes
+schemaFlagsEx: 1
+schemaIDGUID:: Wn6mgCKf0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Auth-Incoming,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Auth-Incoming
+attributeID: 1.2.840.113556.1.4.129
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Auth-Incoming
+adminDescription: Trust-Auth-Incoming
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: trustAuthIncoming
+schemaFlagsEx: 1
+schemaIDGUID:: WXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Auth-Outgoing,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Auth-Outgoing
+attributeID: 1.2.840.113556.1.4.135
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Auth-Outgoing
+adminDescription: Trust-Auth-Outgoing
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: trustAuthOutgoing
+schemaFlagsEx: 1
+schemaIDGUID:: X3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Direction,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Direction
+attributeID: 1.2.840.113556.1.4.132
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Direction
+adminDescription: Trust-Direction
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: trustDirection
+schemaFlagsEx: 1
+schemaIDGUID:: XHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Parent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Parent
+attributeID: 1.2.840.113556.1.4.471
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Parent
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: Trust-Parent
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: trustParent
+schemaFlagsEx: 1
+schemaIDGUID:: euoAsIag0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Partner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Partner
+attributeID: 1.2.840.113556.1.4.133
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Partner
+adminDescription: Trust-Partner
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: trustPartner
+schemaFlagsEx: 1
+schemaIDGUID:: XXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Posix-Offset,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Posix-Offset
+attributeID: 1.2.840.113556.1.4.134
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Posix-Offset
+adminDescription: Trust-Posix-Offset
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: trustPosixOffset
+schemaFlagsEx: 1
+schemaIDGUID:: XnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trust-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Trust-Type
+attributeID: 1.2.840.113556.1.4.136
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trust-Type
+adminDescription: Trust-Type
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: trustType
+schemaFlagsEx: 1
+schemaIDGUID:: YHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=UAS-Compat,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: UAS-Compat
+attributeID: 1.2.840.113556.1.4.155
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: UAS-Compat
+adminDescription: UAS-Compat
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: uASCompat
+schemaFlagsEx: 1
+schemaIDGUID:: YXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: 0J8RuPYEYkerekmGx2s/mg==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=uid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: uid
+attributeID: 0.9.2342.19200300.100.1.1
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: uid
+adminDescription: A user ID.
+oMSyntax: 64
+searchFlags: 8
+lDAPDisplayName: uid
+schemaIDGUID:: oPywC4ken0KQGhQTiU2fWQ==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=UidNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: UidNumber
+attributeID: 1.3.6.1.1.1.1.0
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: uidNumber
+adminDescription: 
+ An integer uniquely identifying a user in an administrative domain (RFC 2307)
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: uidNumber
+schemaIDGUID:: j8wPhWuc4Ue2cXxlS+TVsw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=UNC-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: UNC-Name
+attributeID: 1.2.840.113556.1.4.137
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: UNC-Name
+adminDescription: UNC-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: uNCName
+schemaIDGUID:: ZHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Unicode-Pwd,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Unicode-Pwd
+attributeID: 1.2.840.113556.1.4.90
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Unicode-Pwd
+adminDescription: Unicode-Pwd
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: unicodePwd
+schemaFlagsEx: 1
+schemaIDGUID:: 4XmWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=uniqueIdentifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: uniqueIdentifier
+attributeID: 0.9.2342.19200300.100.1.44
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: uniqueIdentifier
+adminDescription: 
+ The uniqueIdentifier attribute type specifies a "unique identifier" for an obj
+ ect represented in the Directory.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: uniqueIdentifier
+schemaIDGUID:: x4QBusU47UulJnVCFHBYDA==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=uniqueMember,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: uniqueMember
+attributeID: 2.5.4.50
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: uniqueMember
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: 
+ The distinguished name for the member of a group. Used by groupOfUniqueNames.
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: uniqueMember
+schemaIDGUID:: JoeIjwr410Sx7sud8hOSyA==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=UnixHomeDirectory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: UnixHomeDirectory
+attributeID: 1.3.6.1.1.1.1.3
+attributeSyntax: 2.5.5.5
+isSingleValued: TRUE
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: unixHomeDirectory
+adminDescription: The absolute path to the home directory (RFC 2307)
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: unixHomeDirectory
+schemaIDGUID:: ErotvA8ATUa/HQgIRl2IQw==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=UnixUserPassword,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: UnixUserPassword
+attributeID: 1.2.840.113556.1.4.1910
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 128
+showInAdvancedViewOnly: TRUE
+adminDisplayName: unixUserPassword
+adminDescription: userPassword compatible with Unix system.
+oMSyntax: 4
+searchFlags: 128
+lDAPDisplayName: unixUserPassword
+schemaIDGUID:: R7csYejAkk+SIf3V8VtVDQ==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=unstructuredAddress,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: unstructuredAddress
+attributeID: 1.2.840.113549.1.9.8
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: unstructuredAddress
+adminDescription: 
+ The IP address of the router. For example, 100.11.22.33. PKCS #9
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: unstructuredAddress
+schemaIDGUID:: OQiVUEzMkUSGOvz5QtaEtw==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=unstructuredName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: unstructuredName
+attributeID: 1.2.840.113549.1.9.2
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: unstructuredName
+adminDescription: 
+ The DNS name of the router. For example, router1.microsoft.com. PKCS #9
+oMSyntax: 22
+searchFlags: 0
+lDAPDisplayName: unstructuredName
+schemaIDGUID:: d/GOnM9ByUWWc3cWwMiQGw==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Upgrade-Product-Code,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Upgrade-Product-Code
+attributeID: 1.2.840.113556.1.4.813
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Upgrade-Product-Code
+adminDescription: Upgrade-Product-Code
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: upgradeProductCode
+schemaIDGUID:: EoPh2TmJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=UPN-Suffixes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: UPN-Suffixes
+attributeID: 1.2.840.113556.1.4.890
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: UPN-Suffixes
+adminDescription: UPN-Suffixes
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: uPNSuffixes
+schemaFlagsEx: 1
+schemaIDGUID:: v2AhAySY0RGuwAAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Account-Control,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Account-Control
+attributeID: 1.2.840.113556.1.4.8
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Account-Control
+adminDescription: User-Account-Control
+oMSyntax: 2
+searchFlags: 25
+lDAPDisplayName: userAccountControl
+schemaFlagsEx: 1
+schemaIDGUID:: aHqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Cert,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Cert
+attributeID: 1.2.840.113556.1.4.645
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+mAPIID: 14882
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Cert
+adminDescription: User-Cert
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: userCert
+schemaIDGUID:: aXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Comment,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Comment
+attributeID: 1.2.840.113556.1.4.156
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Comment
+adminDescription: User-Comment
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: comment
+schemaFlagsEx: 1
+schemaIDGUID:: anqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Parameters,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Parameters
+attributeID: 1.2.840.113556.1.4.138
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Parameters
+adminDescription: User-Parameters
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: userParameters
+schemaFlagsEx: 1
+schemaIDGUID:: bXqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: AEIWTMAg0BGnaACqAG4FKQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Password,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Password
+attributeID: 2.5.4.35
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 128
+mAPIID: 33107
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Password
+adminDescription: User-Password
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: userPassword
+schemaFlagsEx: 1
+schemaIDGUID:: bnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Principal-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Principal-Name
+attributeID: 1.2.840.113556.1.4.656
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Principal-Name
+adminDescription: User-Principal-Name
+oMSyntax: 64
+searchFlags: 1
+lDAPDisplayName: userPrincipalName
+schemaFlagsEx: 1
+schemaIDGUID:: uw5jKNVB0RGpwQAA+ANnwQ==
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+systemOnly: FALSE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Shared-Folder,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Shared-Folder
+attributeID: 1.2.840.113556.1.4.751
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Shared-Folder
+adminDescription: User-Shared-Folder
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: userSharedFolder
+schemaIDGUID:: HwKamltK0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Shared-Folder-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Shared-Folder-Other
+attributeID: 1.2.840.113556.1.4.752
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Shared-Folder-Other
+adminDescription: User-Shared-Folder-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: userSharedFolderOther
+schemaIDGUID:: IAKamltK0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-SMIME-Certificate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-SMIME-Certificate
+attributeID: 2.16.840.1.113730.3.140
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 32768
+mAPIID: 14960
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-SMIME-Certificate
+adminDescription: User-SMIME-Certificate
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: userSMIMECertificate
+schemaIDGUID:: sp1q4TxA0RGpwAAA+ANnwQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User-Workstations,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: User-Workstations
+attributeID: 1.2.840.113556.1.4.86
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User-Workstations
+adminDescription: User-Workstations
+oMSyntax: 64
+searchFlags: 16
+lDAPDisplayName: userWorkstations
+schemaFlagsEx: 1
+schemaIDGUID:: 13mWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: ECAgX6V50BGQIADAT8LUzw==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=userClass,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: userClass
+attributeID: 0.9.2342.19200300.100.1.8
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 256
+showInAdvancedViewOnly: TRUE
+adminDisplayName: userClass
+adminDescription: 
+ The userClass attribute type specifies a category of computer user.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: userClass
+schemaIDGUID:: iipzEU3hxUy5L9k/UcbY5A==
+systemOnly: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=userPKCS12,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: userPKCS12
+attributeID: 2.16.840.1.113730.3.1.216
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: userPKCS12
+adminDescription: 
+ PKCS #12 PFX PDU for exchange of personal identity information.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: userPKCS12
+schemaIDGUID:: tYqZI/hwB0CkwahKODEfmg==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=USN-Changed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: USN-Changed
+attributeID: 1.2.840.113556.1.2.120
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+mAPIID: 32809
+showInAdvancedViewOnly: TRUE
+adminDisplayName: USN-Changed
+adminDescription: USN-Changed
+oMSyntax: 65
+searchFlags: 9
+lDAPDisplayName: uSNChanged
+schemaFlagsEx: 1
+schemaIDGUID:: b3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=USN-Created,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: USN-Created
+attributeID: 1.2.840.113556.1.2.19
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+mAPIID: 33108
+showInAdvancedViewOnly: TRUE
+adminDisplayName: USN-Created
+adminDescription: USN-Created
+oMSyntax: 65
+searchFlags: 9
+lDAPDisplayName: uSNCreated
+schemaFlagsEx: 1
+schemaIDGUID:: cHqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=USN-DSA-Last-Obj-Removed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: USN-DSA-Last-Obj-Removed
+attributeID: 1.2.840.113556.1.2.267
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+mAPIID: 33109
+showInAdvancedViewOnly: TRUE
+adminDisplayName: USN-DSA-Last-Obj-Removed
+adminDescription: USN-DSA-Last-Obj-Removed
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: uSNDSALastObjRemoved
+schemaFlagsEx: 1
+schemaIDGUID:: cXqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=USN-Intersite,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: USN-Intersite
+attributeID: 1.2.840.113556.1.2.469
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+mAPIID: 33146
+showInAdvancedViewOnly: TRUE
+adminDisplayName: USN-Intersite
+adminDescription: USN-Intersite
+oMSyntax: 2
+searchFlags: 1
+lDAPDisplayName: USNIntersite
+schemaIDGUID:: mHTfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=USN-Last-Obj-Rem,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: USN-Last-Obj-Rem
+attributeID: 1.2.840.113556.1.2.121
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+mAPIID: 33110
+showInAdvancedViewOnly: TRUE
+adminDisplayName: USN-Last-Obj-Rem
+adminDescription: USN-Last-Obj-Rem
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: uSNLastObjRem
+schemaFlagsEx: 1
+schemaIDGUID:: c3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=USN-Source,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: USN-Source
+attributeID: 1.2.840.113556.1.4.896
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+mAPIID: 33111
+showInAdvancedViewOnly: TRUE
+adminDisplayName: USN-Source
+adminDescription: USN-Source
+oMSyntax: 65
+searchFlags: 0
+lDAPDisplayName: uSNSource
+schemaIDGUID:: rVh3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Valid-Accesses,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Valid-Accesses
+attributeID: 1.2.840.113556.1.4.1356
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Valid-Accesses
+adminDescription: Valid-Accesses
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: validAccesses
+schemaFlagsEx: 1
+schemaIDGUID:: gKMvTVR/0hGZKgAA+HpX1A==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Vendor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Vendor
+attributeID: 1.2.840.113556.1.4.255
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 512
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Vendor
+adminDescription: Vendor
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: vendor
+schemaIDGUID:: 3xYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Version-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Version-Number
+attributeID: 1.2.840.113556.1.4.141
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Version-Number
+adminDescription: Version-Number
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: versionNumber
+schemaIDGUID:: dnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Version-Number-Hi,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Version-Number-Hi
+attributeID: 1.2.840.113556.1.4.328
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Version-Number-Hi
+adminDescription: Version-Number-Hi
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: versionNumberHi
+schemaIDGUID:: mg5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Version-Number-Lo,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Version-Number-Lo
+attributeID: 1.2.840.113556.1.4.329
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Version-Number-Lo
+adminDescription: Version-Number-Lo
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: versionNumberLo
+schemaIDGUID:: mw5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Vol-Table-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Vol-Table-GUID
+attributeID: 1.2.840.113556.1.4.336
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Vol-Table-GUID
+adminDescription: Vol-Table-GUID
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: volTableGUID
+schemaIDGUID:: /XUAH0B+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Vol-Table-Idx-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Vol-Table-Idx-GUID
+attributeID: 1.2.840.113556.1.4.334
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Vol-Table-Idx-GUID
+adminDescription: Vol-Table-Idx-GUID
+oMSyntax: 4
+searchFlags: 1
+lDAPDisplayName: volTableIdxGUID
+schemaIDGUID:: +3UAH0B+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Volume-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Volume-Count
+attributeID: 1.2.840.113556.1.4.507
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Volume-Count
+adminDescription: Volume-Count
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: volumeCount
+schemaIDGUID:: F6KqNJm20BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Wbem-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Wbem-Path
+attributeID: 1.2.840.113556.1.4.301
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Wbem-Path
+adminDescription: Wbem-Path
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: wbemPath
+schemaIDGUID:: cClLJL1a0BGv0gDAT9kwyQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Well-Known-Objects,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Well-Known-Objects
+attributeID: 1.2.840.113556.1.4.618
+attributeSyntax: 2.5.5.7
+isSingleValued: FALSE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Well-Known-Objects
+oMObjectClass:: KoZIhvcUAQEBCw==
+adminDescription: Well-Known-Objects
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: wellKnownObjects
+schemaFlagsEx: 1
+schemaIDGUID:: g4kwBYh20RGt7QDAT9jVzQ==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=When-Changed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: When-Changed
+attributeID: 1.2.840.113556.1.2.3
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+mAPIID: 12296
+showInAdvancedViewOnly: TRUE
+adminDisplayName: When-Changed
+adminDescription: When-Changed
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: whenChanged
+schemaFlagsEx: 1
+schemaIDGUID:: d3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 19
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=When-Created,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: When-Created
+attributeID: 1.2.840.113556.1.2.2
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+mAPIID: 12295
+showInAdvancedViewOnly: TRUE
+adminDisplayName: When-Created
+adminDescription: When-Created
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: whenCreated
+schemaFlagsEx: 1
+schemaIDGUID:: eHqWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemFlags: 18
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Winsock-Addresses,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: Winsock-Addresses
+attributeID: 1.2.840.113556.1.4.142
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Winsock-Addresses
+adminDescription: Winsock-Addresses
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: winsockAddresses
+schemaIDGUID:: eXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=WWW-Home-Page,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: WWW-Home-Page
+attributeID: 1.2.840.113556.1.2.464
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 1
+rangeUpper: 2048
+showInAdvancedViewOnly: TRUE
+adminDisplayName: WWW-Home-Page
+adminDescription: WWW-Home-Page
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: wWWHomePage
+schemaIDGUID:: enqWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: s5VX5FWU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=WWW-Page-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: WWW-Page-Other
+attributeID: 1.2.840.113556.1.4.749
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+mAPIID: 33141
+showInAdvancedViewOnly: TRUE
+adminDisplayName: WWW-Page-Other
+adminDescription: WWW-Page-Other
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: url
+schemaIDGUID:: IQKamltK0RGpwwAA+ANnwQ==
+attributeSecurityGUID:: s5VX5FWU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=X121-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: X121-Address
+attributeID: 2.5.4.24
+attributeSyntax: 2.5.5.6
+isSingleValued: FALSE
+rangeLower: 1
+rangeUpper: 15
+mAPIID: 33112
+showInAdvancedViewOnly: TRUE
+adminDisplayName: X121-Address
+adminDescription: X121-Address
+oMSyntax: 18
+searchFlags: 0
+lDAPDisplayName: x121Address
+schemaIDGUID:: e3qWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=x500uniqueIdentifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: x500uniqueIdentifier
+attributeID: 2.5.4.45
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+showInAdvancedViewOnly: FALSE
+adminDisplayName: x500uniqueIdentifier
+adminDescription: 
+ Used to distinguish between objects when a distinguished name has been reused.
+   This is a different attribute type from both the "uid" and "uniqueIdentifier
+ " types.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: x500uniqueIdentifier
+schemaIDGUID:: H6F90D2KtkKwqnbJYr5xmg==
+systemOnly: FALSE
+systemFlags: 0
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=X509-Cert,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: X509-Cert
+attributeID: 2.5.4.36
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+rangeUpper: 32768
+mAPIID: 35946
+showInAdvancedViewOnly: TRUE
+adminDisplayName: X509-Cert
+adminDescription: X509-Cert
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: userCertificate
+schemaIDGUID:: f3qWv+YN0BGihQCqADBJ4g==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
diff --git a/source4/setup/ad-schema/Classes_for_AD_DS__Windows_Server_2008_R2.ldf b/source4/setup/ad-schema/Classes_for_AD_DS__Windows_Server_2008_R2.ldf
new file mode 100644
index 0000000..204b4a7
--- /dev/null
+++ b/source4/setup/ad-schema/Classes_for_AD_DS__Windows_Server_2008_R2.ldf
@@ -0,0 +1,7934 @@
+# Intellectual Property Rights Notice for Open Specifications Documentation
+# •	Technical Documentation. Microsoft publishes Open Specifications documentation for protocols, file formats, languages, standards as well as overviews of the interaction among each of these technologies. 
+# •	Copyrights. This documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you may make copies of it in order to develop implementations of the technologies described in the Open Specifications and may distribute portions of it in your implementations using these technologies or your documentation as necessary to properly document the implementation. You may also distribute in your implementation, with or without modification, any schema, IDL’s, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the Open Specifications. 
+# •	No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation.
+# •	Patents. Microsoft has patents that may cover your implementations of the technologies described in the Open Specifications. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, a given Open Specification may be covered by Microsoft's Open Specification Promise (available here:  http://www.microsoft.com/interop/osp) or the Community Promise (available here: http://www.microsoft.com/interop/cp/default.mspx). If you would prefer a written license, or if the technologies described in the Open Specifications are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting iplg@microsoft.com.
+# •	Trademarks. The names of companies and products contained in this documentation may be covered by trademarks or similar intellectual property rights. This notice does not grant any licenses under those rights.
+# •	Fictitious Names. The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in this documentation are fictitious.  No association with any real company, organization, product, domain name, email address, logo, person, place, or event is intended or should be inferred.
+# Reservation of Rights. All other rights are reserved, and this notice does not grant any rights other than specifically described above, whether by implication, estoppel, or otherwise.
+# Tools. The Open Specifications do not require the use of Microsoft programming tools or programming environments in order for you to develop an implementation. If you have access to Microsoft programming tools and environments you are free to take advantage of them. Certain Open Specifications are intended for use in conjunction with publicly available standard specifications and network programming art, and assumes that the reader either is familiar with the aforementioned material or has immediate access to it.
+
+# The following class schema definitions were generated from the Windows Server 2008 R2 version of Active Directory Domain Services (AD DS). 
+
+dn: CN=Organization,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Organization
+subClassOf: top
+governsID: 2.5.6.4
+rDNAttID: o
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Organization
+adminDescription: Organization
+objectClassCategory: 1
+lDAPDisplayName: organization
+schemaIDGUID:: o3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: locality
+systemPossSuperiors: country
+systemPossSuperiors: domainDNS
+systemMayContain: x121Address
+systemMayContain: userPassword
+systemMayContain: telexNumber
+systemMayContain: teletexTerminalIdentifier
+systemMayContain: telephoneNumber
+systemMayContain: street
+systemMayContain: st
+systemMayContain: seeAlso
+systemMayContain: searchGuide
+systemMayContain: registeredAddress
+systemMayContain: preferredDeliveryMethod
+systemMayContain: postalCode
+systemMayContain: postalAddress
+systemMayContain: postOfficeBox
+systemMayContain: physicalDeliveryOfficeName
+systemMayContain: l
+systemMayContain: internationalISDNNumber
+systemMayContain: facsimileTelephoneNumber
+systemMayContain: destinationIndicator
+systemMayContain: businessCategory
+systemMustContain: o
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Organization,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTDS-DSA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTDS-DSA
+subClassOf: applicationSettings
+governsID: 1.2.840.113556.1.5.7000.47
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTDS-DSA
+adminDescription: NTDS-DSA
+objectClassCategory: 1
+lDAPDisplayName: nTDSDSA
+schemaIDGUID:: q//48JER0BGgYACqAGwz7Q==
+systemOnly: TRUE
+systemPossSuperiors: organization
+systemPossSuperiors: server
+systemMayContain: msDS-EnabledFeature
+systemMayContain: msDS-IsUserCachableAtRodc
+systemMayContain: msDS-SiteName
+systemMayContain: msDS-isRODC
+systemMayContain: msDS-isGC
+systemMayContain: msDS-RevealedUsers
+systemMayContain: msDS-RevealOnDemandGroup
+systemMayContain: msDS-NeverRevealGroup
+systemMayContain: msDS-hasFullReplicaNCs
+systemMayContain: serverReference
+systemMayContain: msDS-RetiredReplNCSignatures
+systemMayContain: retiredReplDSASignatures
+systemMayContain: queryPolicyObject
+systemMayContain: options
+systemMayContain: networkAddress
+systemMayContain: msDS-ReplicationEpoch
+systemMayContain: msDS-HasInstantiatedNCs
+systemMayContain: msDS-hasMasterNCs
+systemMayContain: msDS-HasDomainNCs
+systemMayContain: msDS-Behavior-Version
+systemMayContain: managedBy
+systemMayContain: lastBackupRestorationTime
+systemMayContain: invocationId
+systemMayContain: hasPartialReplicaNCs
+systemMayContain: hasMasterNCs
+systemMayContain: fRSRootPath
+systemMayContain: dMDLocation
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTDS-DSA,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DMD,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: DMD
+subClassOf: top
+governsID: 1.2.840.113556.1.3.9
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DMD
+adminDescription: DMD
+objectClassCategory: 1
+lDAPDisplayName: dMD
+schemaIDGUID:: j3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemPossSuperiors: configuration
+systemMayContain: msDS-USNLastSyncSuccess
+systemMayContain: schemaUpdate
+systemMayContain: schemaInfo
+systemMayContain: prefixMap
+systemMayContain: msDs-Schema-Extensions
+systemMayContain: msDS-IntId
+systemMayContain: dmdName
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=DMD,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SubSchema,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: SubSchema
+subClassOf: top
+governsID: 2.5.20.1
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SubSchema
+adminDescription: SubSchema
+objectClassCategory: 1
+lDAPDisplayName: subSchema
+schemaIDGUID:: YTKLWo3D0RG7yQCAx2ZwwA==
+systemOnly: TRUE
+systemPossSuperiors: dMD
+systemMayContain: objectClasses
+systemMayContain: modifyTimeStamp
+systemMayContain: extendedClassInfo
+systemMayContain: extendedAttributeInfo
+systemMayContain: dITContentRules
+systemMayContain: attributeTypes
+defaultSecurityDescriptor: D:S:
+systemFlags: 134217744
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=SubSchema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Attribute-Schema
+subClassOf: top
+governsID: 1.2.840.113556.1.3.14
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Attribute-Schema
+adminDescription: Attribute-Schema
+objectClassCategory: 1
+lDAPDisplayName: attributeSchema
+schemaIDGUID:: gHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: dMD
+systemMayContain: systemOnly
+systemMayContain: searchFlags
+systemMayContain: schemaFlagsEx
+systemMayContain: rangeUpper
+systemMayContain: rangeLower
+systemMayContain: oMObjectClass
+systemMayContain: msDs-Schema-Extensions
+systemMayContain: msDS-IntId
+systemMayContain: mAPIID
+systemMayContain: linkID
+systemMayContain: isMemberOfPartialAttributeSet
+systemMayContain: isEphemeral
+systemMayContain: isDefunct
+systemMayContain: extendedCharsAllowed
+systemMayContain: classDisplayName
+systemMayContain: attributeSecurityGUID
+systemMustContain: schemaIDGUID
+systemMustContain: oMSyntax
+systemMustContain: lDAPDisplayName
+systemMustContain: isSingleValued
+systemMustContain: cn
+systemMustContain: attributeSyntax
+systemMustContain: attributeID
+defaultSecurityDescriptor: D:S:
+systemFlags: 134217744
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=account,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: account
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 0.9.2342.19200300.100.4.5
+mayContain: uid
+mayContain: host
+mayContain: ou
+mayContain: o
+mayContain: l
+mayContain: seeAlso
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: account
+adminDescription: 
+ The account object class is used to define entries representing computer accou
+ nts.
+objectClassCategory: 1
+lDAPDisplayName: account
+schemaIDGUID:: aqQoJq2m4Eq4VCsS2f5vng==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=account,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Class-Schema
+subClassOf: top
+governsID: 1.2.840.113556.1.3.13
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Class-Schema
+adminDescription: Class-Schema
+objectClassCategory: 1
+lDAPDisplayName: classSchema
+schemaIDGUID:: g3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: dMD
+systemMayContain: systemPossSuperiors
+systemMayContain: systemOnly
+systemMayContain: systemMustContain
+systemMayContain: systemMayContain
+systemMayContain: systemAuxiliaryClass
+systemMayContain: schemaFlagsEx
+systemMayContain: rDNAttID
+systemMayContain: possSuperiors
+systemMayContain: mustContain
+systemMayContain: msDs-Schema-Extensions
+systemMayContain: msDS-IntId
+systemMayContain: mayContain
+systemMayContain: lDAPDisplayName
+systemMayContain: isDefunct
+systemMayContain: defaultSecurityDescriptor
+systemMayContain: defaultHidingValue
+systemMayContain: classDisplayName
+systemMayContain: auxiliaryClass
+systemMustContain: subClassOf
+systemMustContain: schemaIDGUID
+systemMustContain: objectClassCategory
+systemMustContain: governsID
+systemMustContain: defaultObjectCategory
+systemMustContain: cn
+defaultSecurityDescriptor: D:S:
+systemFlags: 134217744
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ACS-Policy
+subClassOf: top
+governsID: 1.2.840.113556.1.5.137
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Policy
+adminDescription: ACS-Policy
+objectClassCategory: 1
+lDAPDisplayName: aCSPolicy
+schemaIDGUID:: iBJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: aCSTotalNoOfFlows
+systemMayContain: aCSTimeOfDay
+systemMayContain: aCSServiceType
+systemMayContain: aCSPriority
+systemMayContain: aCSPermissionBits
+systemMayContain: aCSMinimumDelayVariation
+systemMayContain: aCSMinimumLatency
+systemMayContain: aCSMaximumSDUSize
+systemMayContain: aCSMinimumPolicedSize
+systemMayContain: aCSMaxTokenRatePerFlow
+systemMayContain: aCSMaxTokenBucketPerFlow
+systemMayContain: aCSMaxPeakBandwidthPerFlow
+systemMayContain: aCSMaxDurationPerFlow
+systemMayContain: aCSMaxAggregatePeakRatePerUser
+systemMayContain: aCSIdentityName
+systemMayContain: aCSDirection
+systemMayContain: aCSAggregateTokenRatePerUser
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ACS-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Resource-Limits,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ACS-Resource-Limits
+subClassOf: top
+governsID: 1.2.840.113556.1.5.191
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Resource-Limits
+adminDescription: ACS-Resource-Limits
+objectClassCategory: 1
+lDAPDisplayName: aCSResourceLimits
+schemaIDGUID:: BJuJLjQo0xGR1AAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: aCSMaxTokenRatePerFlow
+systemMayContain: aCSServiceType
+systemMayContain: aCSMaxPeakBandwidthPerFlow
+systemMayContain: aCSMaxPeakBandwidth
+systemMayContain: aCSAllocableRSVPBandwidth
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ACS-Resource-Limits,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Subnet,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ACS-Subnet
+subClassOf: top
+governsID: 1.2.840.113556.1.5.138
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Subnet
+adminDescription: ACS-Subnet
+objectClassCategory: 1
+lDAPDisplayName: aCSSubnet
+schemaIDGUID:: iRJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: aCSServerList
+systemMayContain: aCSRSVPLogFilesLocation
+systemMayContain: aCSRSVPAccountFilesLocation
+systemMayContain: aCSNonReservedTxSize
+systemMayContain: aCSNonReservedTxLimit
+systemMayContain: aCSNonReservedTokenSize
+systemMayContain: aCSNonReservedPeakRate
+systemMayContain: aCSNonReservedMinPolicedSize
+systemMayContain: aCSNonReservedMaxSDUSize
+systemMayContain: aCSMaxTokenRatePerFlow
+systemMayContain: aCSMaxSizeOfRSVPLogFile
+systemMayContain: aCSMaxSizeOfRSVPAccountFile
+systemMayContain: aCSMaxPeakBandwidthPerFlow
+systemMayContain: aCSMaxPeakBandwidth
+systemMayContain: aCSMaxNoOfLogFiles
+systemMayContain: aCSMaxNoOfAccountFiles
+systemMayContain: aCSMaxDurationPerFlow
+systemMayContain: aCSEventLogLevel
+systemMayContain: aCSEnableRSVPMessageLogging
+systemMayContain: aCSEnableRSVPAccounting
+systemMayContain: aCSEnableACSService
+systemMayContain: aCSDSBMRefresh
+systemMayContain: aCSDSBMPriority
+systemMayContain: aCSDSBMDeadTime
+systemMayContain: aCSCacheTimeout
+systemMayContain: aCSAllocableRSVPBandwidth
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ACS-Subnet,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Book-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Address-Book-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.125
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Book-Container
+adminDescription: Address-Book-Container
+objectClassCategory: 1
+lDAPDisplayName: addressBookContainer
+schemaIDGUID:: D/Z0PnM+0RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: addressBookContainer
+systemPossSuperiors: configuration
+systemMayContain: purportedSearch
+systemMustContain: displayName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(OA;;CR;a1990816-4298-11d1-ade2-00c04fd8d5cd;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Address-Book-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Template,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Address-Template
+subClassOf: displayTemplate
+governsID: 1.2.840.113556.1.3.58
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Template
+adminDescription: Address-Template
+objectClassCategory: 1
+lDAPDisplayName: addressTemplate
+schemaIDGUID:: CiXUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: proxyGenerationEnabled
+systemMayContain: perRecipDialogDisplayTable
+systemMayContain: perMsgDialogDisplayTable
+systemMayContain: addressType
+systemMayContain: addressSyntax
+systemMustContain: displayName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Address-Template,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Application-Entity,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Application-Entity
+subClassOf: top
+governsID: 2.5.6.12
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Application-Entity
+adminDescription: Application-Entity
+objectClassCategory: 1
+lDAPDisplayName: applicationEntity
+schemaIDGUID:: T+7fP/RH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: applicationProcess
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: supportedApplicationContext
+systemMayContain: seeAlso
+systemMayContain: ou
+systemMayContain: o
+systemMayContain: l
+systemMustContain: presentationAddress
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Application-Entity,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Application-Process,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Application-Process
+subClassOf: top
+governsID: 2.5.6.11
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Application-Process
+adminDescription: Application-Process
+objectClassCategory: 1
+lDAPDisplayName: applicationProcess
+schemaIDGUID:: CyXUX2IS0BGgYACqAGwz7Q==
+systemOnly: TRUE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: organization
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemMayContain: seeAlso
+systemMayContain: ou
+systemMayContain: l
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Application-Process,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Application-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Application-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.5.7000.49
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Application-Settings
+adminDescription: Application-Settings
+objectClassCategory: 2
+lDAPDisplayName: applicationSettings
+schemaIDGUID:: wayA9/BW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: server
+systemMayContain: notificationList
+systemMayContain: msDS-Settings
+systemMayContain: applicationName
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Application-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Application-Site-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Application-Site-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.5.68
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Application-Site-Settings
+adminDescription: Application-Site-Settings
+objectClassCategory: 2
+lDAPDisplayName: applicationSiteSettings
+schemaIDGUID:: XFoZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: site
+systemMayContain: notificationList
+systemMayContain: applicationName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Application-Site-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Application-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Application-Version
+possSuperiors: organizationalUnit
+possSuperiors: computer
+possSuperiors: container
+subClassOf: applicationSettings
+governsID: 1.2.840.113556.1.5.216
+mayContain: owner
+mayContain: managedBy
+mayContain: keywords
+mayContain: versionNumberLo
+mayContain: versionNumberHi
+mayContain: versionNumber
+mayContain: vendor
+mayContain: appSchemaVersion
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Application-Version
+adminDescription: 
+ Stores versioning information for an application and its schema.
+objectClassCategory: 1
+lDAPDisplayName: applicationVersion
+schemaIDGUID:: rJDH3U2vKkSPD6HUyqfdkg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 0
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Application-Version,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Builtin-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Builtin-Domain
+subClassOf: top
+governsID: 1.2.840.113556.1.5.4
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Builtin-Domain
+adminDescription: Builtin-Domain
+objectClassCategory: 1
+lDAPDisplayName: builtinDomain
+schemaIDGUID:: gXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemAuxiliaryClass: samDomainBase
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Builtin-Domain,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Category-Registration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Category-Registration
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.74
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Category-Registration
+adminDescription: Category-Registration
+objectClassCategory: 1
+lDAPDisplayName: categoryRegistration
+schemaIDGUID:: nQ5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: classStore
+systemMayContain: managedBy
+systemMayContain: localizedDescription
+systemMayContain: localeID
+systemMayContain: categoryId
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Category-Registration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Certification-Authority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Certification-Authority
+subClassOf: top
+governsID: 2.5.6.16
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Certification-Authority
+adminDescription: Certification-Authority
+objectClassCategory: 0
+lDAPDisplayName: certificationAuthority
+schemaIDGUID:: UO7fP/RH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: teletexTerminalIdentifier
+systemMayContain: supportedApplicationContext
+systemMayContain: signatureAlgorithms
+systemMayContain: searchGuide
+systemMayContain: previousParentCA
+systemMayContain: previousCACertificates
+systemMayContain: pendingParentCA
+systemMayContain: pendingCACertificates
+systemMayContain: parentCACertificateChain
+systemMayContain: parentCA
+systemMayContain: enrollmentProviders
+systemMayContain: domainPolicyObject
+systemMayContain: domainID
+systemMayContain: dNSHostName
+systemMayContain: deltaRevocationList
+systemMayContain: currentParentCA
+systemMayContain: crossCertificatePair
+systemMayContain: cRLObject
+systemMayContain: certificateTemplates
+systemMayContain: cAWEBURL
+systemMayContain: cAUsages
+systemMayContain: cAConnect
+systemMayContain: cACertificateDN
+systemMustContain: cn
+systemMustContain: certificateRevocationList
+systemMustContain: cACertificate
+systemMustContain: authorityRevocationList
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Certification-Authority,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Class-Registration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Class-Registration
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.10
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Class-Registration
+adminDescription: Class-Registration
+objectClassCategory: 1
+lDAPDisplayName: classRegistration
+schemaIDGUID:: gnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: classStore
+systemMayContain: requiredCategories
+systemMayContain: managedBy
+systemMayContain: implementedCategories
+systemMayContain: cOMTreatAsClassId
+systemMayContain: cOMProgID
+systemMayContain: cOMOtherProgId
+systemMayContain: cOMInterfaceID
+systemMayContain: cOMCLSID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Class-Registration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Class-Store,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Class-Store
+subClassOf: top
+governsID: 1.2.840.113556.1.5.44
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Class-Store
+adminDescription: Class-Store
+objectClassCategory: 1
+lDAPDisplayName: classStore
+schemaIDGUID:: hHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: domainPolicy
+systemPossSuperiors: computer
+systemPossSuperiors: group
+systemPossSuperiors: user
+systemPossSuperiors: classStore
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemPossSuperiors: container
+systemMayContain: versionNumber
+systemMayContain: nextLevelStore
+systemMayContain: lastUpdateSequence
+systemMayContain: appSchemaVersion
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Class-Store,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Com-Connection-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Com-Connection-Point
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.11
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Com-Connection-Point
+adminDescription: Com-Connection-Point
+objectClassCategory: 1
+lDAPDisplayName: comConnectionPoint
+schemaIDGUID:: hXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: monikerDisplayName
+systemMayContain: moniker
+systemMayContain: marshalledInterface
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Com-Connection-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Computer
+subClassOf: user
+governsID: 1.2.840.113556.1.3.30
+mayContain: msSFU30Name
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Aliases
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Computer
+adminDescription: Computer
+auxiliaryClass: ipHost
+objectClassCategory: 1
+lDAPDisplayName: computer
+schemaIDGUID:: hnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: msTSSecondaryDesktopBL
+systemMayContain: msTSPrimaryDesktopBL
+systemMayContain: msTSEndpointPlugin
+systemMayContain: msTSEndpointType
+systemMayContain: msTSEndpointData
+systemMayContain: msDS-HostServiceAccount
+systemMayContain: msDS-IsUserCachableAtRodc
+systemMayContain: msTSProperty02
+systemMayContain: msTSProperty01
+systemMayContain: msTPM-OwnerInformation
+systemMayContain: msDS-RevealOnDemandGroup
+systemMayContain: msDS-NeverRevealGroup
+systemMayContain: msDS-PromotionSettings
+systemMayContain: msDS-SiteName
+systemMayContain: msDS-isRODC
+systemMayContain: msDS-isGC
+systemMayContain: msDS-AuthenticatedAtDC
+systemMayContain: msDS-ExecuteScriptPassword
+systemMayContain: msDS-RevealedList
+systemMayContain: msDS-RevealedUsers
+systemMayContain: msDS-KrbTgtLink
+systemMayContain: volumeCount
+systemMayContain: siteGUID
+systemMayContain: rIDSetReferences
+systemMayContain: policyReplicationFlags
+systemMayContain: physicalLocationObject
+systemMayContain: operatingSystemVersion
+systemMayContain: operatingSystemServicePack
+systemMayContain: operatingSystemHotfix
+systemMayContain: operatingSystem
+systemMayContain: networkAddress
+systemMayContain: netbootSIFFile
+systemMayContain: netbootMirrorDataFile
+systemMayContain: netbootMachineFilePath
+systemMayContain: netbootInitialization
+systemMayContain: netbootGUID
+systemMayContain: msDS-AdditionalSamAccountName
+systemMayContain: msDS-AdditionalDnsHostName
+systemMayContain: managedBy
+systemMayContain: machineRole
+systemMayContain: location
+systemMayContain: localPolicyFlags
+systemMayContain: dNSHostName
+systemMayContain: defaultLocalPolicyObject
+systemMayContain: cn
+systemMayContain: catalogs
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCRLCLORCSDDT;;;CO)(OA;;WP;4c164200-20c0-
+ 11d0-a768-00aa006e0529;;CO)(A;;RPLCLORC;;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-0
+ 0aa0040529b;;WD)(A;;CCDC;;;PS)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;
+ PO)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;SW;f3a64788-5306-11
+ d1-a9c5-0000f80367c1;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(O
+ A;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)(OA;;SW;72e39547-7b18-11d1-adef
+ -00c04fd8d5cd;;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO)(OA;;WP;3e0
+ abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;
+ ;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00aa003049e2;
+ CO)(OA;;WP;bf967950-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa00
+ 3049e2;CO)(OA;;WP;bf967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285
+ -00aa003049e2;CO)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Configuration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Configuration
+subClassOf: top
+governsID: 1.2.840.113556.1.5.12
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Configuration
+adminDescription: Configuration
+objectClassCategory: 1
+lDAPDisplayName: configuration
+schemaIDGUID:: h3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemPossSuperiors: domainDNS
+systemMayContain: msDS-USNLastSyncSuccess
+systemMayContain: gPOptions
+systemMayContain: gPLink
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLC
+ LORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Configuration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Connection-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Connection-Point
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.14
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Connection-Point
+adminDescription: Connection-Point
+objectClassCategory: 2
+lDAPDisplayName: connectionPoint
+schemaIDGUID:: zx60XEwO0BGihgCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemMayContain: msDS-Settings
+systemMayContain: managedBy
+systemMayContain: keywords
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Connection-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Contact,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Contact
+subClassOf: organizationalPerson
+governsID: 1.2.840.113556.1.5.15
+mayContain: msDS-SourceObjectDN
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Contact
+adminDescription: Contact
+objectClassCategory: 1
+lDAPDisplayName: contact
+schemaIDGUID:: 0B60XEwO0BGihgCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: notes
+systemMustContain: cn
+systemAuxiliaryClass: mailRecipient
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Person,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Person
+subClassOf: top
+governsID: 2.5.6.6
+mayContain: attributeCertificateAttribute
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Person
+adminDescription: Person
+objectClassCategory: 0
+lDAPDisplayName: person
+schemaIDGUID:: p3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: userPassword
+systemMayContain: telephoneNumber
+systemMayContain: sn
+systemMayContain: serialNumber
+systemMayContain: seeAlso
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Container
+subClassOf: top
+governsID: 1.2.840.113556.1.3.23
+mayContain: msDS-ObjectReference
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Container
+adminDescription: Container
+objectClassCategory: 1
+lDAPDisplayName: container
+schemaIDGUID:: i3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: msDS-AzScope
+systemPossSuperiors: msDS-AzApplication
+systemPossSuperiors: msDS-AzAdminManager
+systemPossSuperiors: subnet
+systemPossSuperiors: server
+systemPossSuperiors: nTDSService
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organization
+systemPossSuperiors: configuration
+systemPossSuperiors: container
+systemPossSuperiors: organizationalUnit
+systemMayContain: schemaVersion
+systemMayContain: defaultClassStore
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Control-Access-Right,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Control-Access-Right
+subClassOf: top
+governsID: 1.2.840.113556.1.5.77
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Control-Access-Right
+adminDescription: Control-Access-Right
+objectClassCategory: 1
+lDAPDisplayName: controlAccessRight
+schemaIDGUID:: HpOXgtOG0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: validAccesses
+systemMayContain: rightsGuid
+systemMayContain: localizationDisplayId
+systemMayContain: appliesTo
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Control-Access-Right,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Country,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Country
+subClassOf: top
+governsID: 2.5.6.2
+rDNAttID: c
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Country
+adminDescription: Country
+objectClassCategory: 0
+lDAPDisplayName: country
+schemaIDGUID:: jHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organization
+systemMayContain: co
+systemMayContain: searchGuide
+systemMustContain: c
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Country,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CRL-Distribution-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: CRL-Distribution-Point
+subClassOf: top
+governsID: 2.5.6.19
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CRL-Distribution-Point
+adminDescription: CRL-Distribution-Point
+objectClassCategory: 1
+lDAPDisplayName: cRLDistributionPoint
+schemaIDGUID:: ylh3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: deltaRevocationList
+systemMayContain: cRLPartitionedRevocationList
+systemMayContain: certificateRevocationList
+systemMayContain: certificateAuthorityObject
+systemMayContain: authorityRevocationList
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=CRL-Distribution-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Cross-Ref,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Cross-Ref
+subClassOf: top
+governsID: 1.2.840.113556.1.3.11
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Cross-Ref
+adminDescription: Cross-Ref
+objectClassCategory: 1
+lDAPDisplayName: crossRef
+schemaIDGUID:: jXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: crossRefContainer
+systemMayContain: trustParent
+systemMayContain: superiorDNSRoot
+systemMayContain: rootTrust
+systemMayContain: nTMixedDomain
+systemMayContain: nETBIOSName
+systemMayContain: Enabled
+systemMayContain: msDS-SDReferenceDomain
+systemMayContain: msDS-Replication-Notify-Subsequent-DSA-Delay
+systemMayContain: msDS-Replication-Notify-First-DSA-Delay
+systemMayContain: msDS-NC-RO-Replica-Locations
+systemMayContain: msDS-NC-Replica-Locations
+systemMayContain: msDS-DnsRootAlias
+systemMayContain: msDS-Behavior-Version
+systemMustContain: nCName
+systemMustContain: dnsRoot
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Cross-Ref-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.7000.53
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Cross-Ref-Container
+adminDescription: Cross-Ref-Container
+objectClassCategory: 1
+lDAPDisplayName: crossRefContainer
+schemaIDGUID:: 4GCe7/dW0RGpxgAA+ANnwQ==
+systemOnly: TRUE
+systemPossSuperiors: configuration
+systemMayContain: msDS-EnabledFeature
+systemMayContain: msDS-SPNSuffixes
+systemMayContain: uPNSuffixes
+systemMayContain: msDS-UpdateScript
+systemMayContain: msDS-ExecuteScriptPassword
+systemMayContain: msDS-Behavior-Version
+defaultSecurityDescriptor: D:(A;;GA;;;SY)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Device,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Device
+subClassOf: top
+governsID: 2.5.6.14
+mayContain: msSFU30Aliases
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Device
+adminDescription: Device
+auxiliaryClass: ipHost
+auxiliaryClass: ieee802Device
+auxiliaryClass: bootableDevice
+objectClassCategory: 0
+lDAPDisplayName: device
+schemaIDGUID:: jnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: organization
+systemPossSuperiors: container
+systemMayContain: serialNumber
+systemMayContain: seeAlso
+systemMayContain: owner
+systemMayContain: ou
+systemMayContain: o
+systemMayContain: l
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Device,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dfs-Configuration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Dfs-Configuration
+subClassOf: top
+governsID: 1.2.840.113556.1.5.42
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dfs-Configuration
+adminDescription: Dfs-Configuration
+objectClassCategory: 1
+lDAPDisplayName: dfsConfiguration
+schemaIDGUID:: 8vlHhCcQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: domainDNS
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Dfs-Configuration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DHCP-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: DHCP-Class
+subClassOf: top
+governsID: 1.2.840.113556.1.5.132
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DHCP-Class
+adminDescription: DHCP-Class
+objectClassCategory: 1
+lDAPDisplayName: dHCPClass
+schemaIDGUID:: Vic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: superScopes
+systemMayContain: superScopeDescription
+systemMayContain: optionsLocation
+systemMayContain: optionDescription
+systemMayContain: networkAddress
+systemMayContain: mscopeId
+systemMayContain: dhcpUpdateTime
+systemMayContain: dhcpSubnets
+systemMayContain: dhcpState
+systemMayContain: dhcpSites
+systemMayContain: dhcpServers
+systemMayContain: dhcpReservations
+systemMayContain: dhcpRanges
+systemMayContain: dhcpProperties
+systemMayContain: dhcpOptions
+systemMayContain: dhcpObjName
+systemMayContain: dhcpObjDescription
+systemMayContain: dhcpMaxKey
+systemMayContain: dhcpMask
+systemMayContain: dhcpClasses
+systemMustContain: dhcpUniqueKey
+systemMustContain: dhcpType
+systemMustContain: dhcpIdentification
+systemMustContain: dhcpFlags
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=DHCP-Class,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Display-Specifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Display-Specifier
+subClassOf: top
+governsID: 1.2.840.113556.1.5.84
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Display-Specifier
+adminDescription: Display-Specifier
+objectClassCategory: 1
+lDAPDisplayName: displaySpecifier
+schemaIDGUID:: ih764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: treatAsLeaf
+systemMayContain: shellPropertyPages
+systemMayContain: shellContextMenu
+systemMayContain: scopeFlags
+systemMayContain: queryFilter
+systemMayContain: iconPath
+systemMayContain: extraColumns
+systemMayContain: creationWizard
+systemMayContain: createWizardExt
+systemMayContain: createDialog
+systemMayContain: contextMenu
+systemMayContain: classDisplayName
+systemMayContain: attributeDisplayNames
+systemMayContain: adminPropertyPages
+systemMayContain: adminMultiselectPropertyPages
+systemMayContain: adminContextMenu
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Display-Specifier,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Display-Template,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Display-Template
+subClassOf: top
+governsID: 1.2.840.113556.1.3.59
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Display-Template
+adminDescription: Display-Template
+objectClassCategory: 1
+lDAPDisplayName: displayTemplate
+schemaIDGUID:: DCXUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: originalDisplayTableMSDOS
+systemMayContain: originalDisplayTable
+systemMayContain: helpFileName
+systemMayContain: helpData32
+systemMayContain: helpData16
+systemMayContain: addressEntryDisplayTableMSDOS
+systemMayContain: addressEntryDisplayTable
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Display-Template,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Node,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Dns-Node
+subClassOf: top
+governsID: 1.2.840.113556.1.5.86
+rDNAttID: dc
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Node
+adminDescription: Dns-Node
+objectClassCategory: 1
+lDAPDisplayName: dnsNode
+schemaIDGUID:: jB764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: dnsZone
+systemMayContain: dNSTombstoned
+systemMayContain: dnsRecord
+systemMayContain: dNSProperty
+systemMustContain: dc
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;ED)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLO
+ RC;;;WD)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Zone,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Dns-Zone
+subClassOf: top
+governsID: 1.2.840.113556.1.5.85
+rDNAttID: dc
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Zone
+adminDescription: Dns-Zone
+objectClassCategory: 1
+lDAPDisplayName: dnsZone
+schemaIDGUID:: ix764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: managedBy
+systemMayContain: dnsSecureSecondaries
+systemMayContain: dNSProperty
+systemMayContain: dnsNotifySecondaries
+systemMayContain: dnsAllowXFR
+systemMayContain: dnsAllowDynamic
+systemMustContain: dc
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;ED)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;CC;;;AU)(A;;RPLCLORC;;;WD)(A;;RPWPCRCCDCLC
+ LORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Dns-Zone,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=document,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: document
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 0.9.2342.19200300.100.4.6
+mayContain: documentIdentifier
+mayContain: documentPublisher
+mayContain: documentLocation
+mayContain: documentAuthor
+mayContain: documentVersion
+mayContain: documentTitle
+mayContain: ou
+mayContain: o
+mayContain: l
+mayContain: seeAlso
+mayContain: description
+mayContain: cn
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: document
+adminDescription: 
+ The document object class is used to define entries which represent documents.
+objectClassCategory: 1
+lDAPDisplayName: document
+schemaIDGUID:: bdm6OdbCr0uIq35CB2ABFw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=document,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentSeries,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: documentSeries
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 0.9.2342.19200300.100.4.9
+mustContain: cn
+mayContain: telephoneNumber
+mayContain: ou
+mayContain: o
+mayContain: l
+mayContain: seeAlso
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentSeries
+adminDescription: 
+ The documentSeries object class is used to define an entry which represents a 
+ series of documents.
+objectClassCategory: 1
+lDAPDisplayName: documentSeries
+schemaIDGUID:: fOArei8wlku8kAeV1miF+A==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=documentSeries,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Domain
+subClassOf: top
+governsID: 1.2.840.113556.1.5.66
+rDNAttID: dc
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain
+adminDescription: Domain
+objectClassCategory: 2
+lDAPDisplayName: domain
+schemaIDGUID:: WloZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: domain
+systemPossSuperiors: organization
+systemMustContain: dc
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-DNS,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Domain-DNS
+subClassOf: domain
+governsID: 1.2.840.113556.1.5.67
+rDNAttID: dc
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-DNS
+adminDescription: Domain-DNS
+objectClassCategory: 1
+lDAPDisplayName: domainDNS
+schemaIDGUID:: W1oZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemMayContain: msDS-EnabledFeature
+systemMayContain: msDS-USNLastSyncSuccess
+systemMayContain: msDS-Behavior-Version
+systemMayContain: msDS-AllowedDNSSuffixes
+systemMayContain: managedBy
+systemAuxiliaryClass: samDomain
+defaultSecurityDescriptor: 
+ D:(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;S-1-5-21-3826996545-2955106365
+ -1559736734-498)(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(
+ OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79
+ f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;11
+ 31f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc
+ 2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRC
+ WDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSD
+ DTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967
+ aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc
+ 2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9
+ 020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-
+ 20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;R
+ P;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU
+ )(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-
+ 0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-
+ 11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b42
+ 2-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79
+ a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;
+ bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(
+ OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F01
+ 5E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-
+ 9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;R
+ U)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-
+ ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967ab
+ a-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f
+ 608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854
+ e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;;CR;1131f6ad-9c07-1
+ 1d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)(OA
+ ;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;89e95b76-444d-4c62-991a-
+ 0facbeda640c;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5-32-557)(O
+ A;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846
+ -c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)(OA;;CR;113
+ 1f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2
+ dcd2;;BA)(OA;CIIO;CRRPWP;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)S:(AU;SA;WDW
+ OWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-000
+ 0f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11
+ d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Domain-Policy
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.18
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Policy
+adminDescription: Domain-Policy
+objectClassCategory: 1
+lDAPDisplayName: domainPolicy
+schemaIDGUID:: mXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemPossSuperiors: container
+systemMayContain: qualityOfService
+systemMayContain: pwdProperties
+systemMayContain: pwdHistoryLength
+systemMayContain: publicKeyPolicy
+systemMayContain: proxyLifetime
+systemMayContain: minTicketAge
+systemMayContain: minPwdLength
+systemMayContain: minPwdAge
+systemMayContain: maxTicketAge
+systemMayContain: maxRenewAge
+systemMayContain: maxPwdAge
+systemMayContain: managedBy
+systemMayContain: lockoutThreshold
+systemMayContain: lockoutDuration
+systemMayContain: lockOutObservationWindow
+systemMayContain: ipsecPolicyReference
+systemMayContain: forceLogoff
+systemMayContain: eFSPolicy
+systemMayContain: domainWidePolicy
+systemMayContain: domainPolicyReference
+systemMayContain: domainCAs
+systemMayContain: defaultLocalPolicyObject
+systemMayContain: authenticationOptions
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Domain-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=domainRelatedObject,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: domainRelatedObject
+subClassOf: top
+governsID: 0.9.2342.19200300.100.4.17
+mayContain: associatedDomain
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: domainRelatedObject
+adminDescription: 
+ The domainRelatedObject object class is used to define an entry which represen
+ ts a series of documents.
+objectClassCategory: 3
+lDAPDisplayName: domainRelatedObject
+schemaIDGUID:: PS39i9rvSUWFLPheE3rtxg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=domainRelatedObject,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DS-UI-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: DS-UI-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.5.183
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DS-UI-Settings
+adminDescription: DS-UI-Settings
+objectClassCategory: 1
+lDAPDisplayName: dSUISettings
+schemaIDGUID:: FA+xCZNv0hGZBQAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msDS-Non-Security-Group-Extra-Classes
+systemMayContain: msDS-Security-Group-Extra-Classes
+systemMayContain: msDS-FilterContainers
+systemMayContain: dSUIShellMaximum
+systemMayContain: dSUIAdminNotification
+systemMayContain: dSUIAdminMaximum
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=DS-UI-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DSA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: DSA
+subClassOf: applicationEntity
+governsID: 2.5.6.13
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DSA
+adminDescription: DSA
+objectClassCategory: 1
+lDAPDisplayName: dSA
+schemaIDGUID:: Uu7fP/RH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: server
+systemPossSuperiors: computer
+systemMayContain: knowledgeInformation
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=DSA,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dynamic-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Dynamic-Object
+description: 
+ This class, if present in an entry, indicates that this entry has a limited li
+ fetime and may disappear automatically when its time-to-live has reached 0. If
+  the client has not supplied a value for the entryTtl attribute, the server wi
+ ll provide one.
+subClassOf: top
+governsID: 1.3.6.1.4.1.1466.101.119.2
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dynamic-Object
+adminDescription: Dynamic-Object
+objectClassCategory: 3
+lDAPDisplayName: dynamicObject
+schemaIDGUID:: SRLVZlUzH0yyToHyUqyiOw==
+systemOnly: FALSE
+systemMayContain: msDS-Entry-Time-To-Die
+systemMayContain: entryTTL
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Dynamic-Object,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=File-Link-Tracking,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: File-Link-Tracking
+subClassOf: top
+governsID: 1.2.840.113556.1.5.52
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: File-Link-Tracking
+adminDescription: File-Link-Tracking
+objectClassCategory: 1
+lDAPDisplayName: fileLinkTracking
+schemaIDGUID:: KSJx3eQQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=File-Link-Tracking,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=File-Link-Tracking-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: File-Link-Tracking-Entry
+subClassOf: top
+governsID: 1.2.840.113556.1.5.59
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: File-Link-Tracking-Entry
+adminDescription: File-Link-Tracking-Entry
+objectClassCategory: 1
+lDAPDisplayName: fileLinkTrackingEntry
+schemaIDGUID:: 7bJOjhJH0BGhoADAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: fileLinkTracking
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=File-Link-Tracking-Entry,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Foreign-Security-Principal
+subClassOf: top
+governsID: 1.2.840.113556.1.5.76
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Foreign-Security-Principal
+adminDescription: Foreign-Security-Principal
+objectClassCategory: 1
+lDAPDisplayName: foreignSecurityPrincipal
+schemaIDGUID:: EhzjiTCF0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: foreignIdentifier
+systemMustContain: objectSid
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9
+ 819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;
+ ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-000
+ 0F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45
+ 795B3-9455-11d1-AEBD-0000F80367C1;;PS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9
+ 020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;
+ E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04
+ fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=friendlyCountry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: friendlyCountry
+subClassOf: country
+governsID: 0.9.2342.19200300.100.4.18
+mustContain: co
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: friendlyCountry
+adminDescription: 
+ The friendlyCountry object class is used to define country entries in the DIT.
+objectClassCategory: 1
+lDAPDisplayName: friendlyCountry
+schemaIDGUID:: UvGYxGvcSkefUnzbo9fTUQ==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=friendlyCountry,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FT-Dfs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: FT-Dfs
+subClassOf: top
+governsID: 1.2.840.113556.1.5.43
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FT-Dfs
+adminDescription: FT-Dfs
+objectClassCategory: 1
+lDAPDisplayName: fTDfs
+schemaIDGUID:: 8/lHhCcQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemPossSuperiors: dfsConfiguration
+systemMayContain: uNCName
+systemMayContain: managedBy
+systemMayContain: keywords
+systemMustContain: remoteServerName
+systemMustContain: pKTGuid
+systemMustContain: pKT
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=FT-Dfs,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Group
+subClassOf: top
+governsID: 1.2.840.113556.1.5.8
+mayContain: msSFU30PosixMember
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group
+adminDescription: Group
+auxiliaryClass: posixGroup
+objectClassCategory: 1
+lDAPDisplayName: group
+schemaIDGUID:: nHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: msDS-AzScope
+systemPossSuperiors: msDS-AzApplication
+systemPossSuperiors: msDS-AzAdminManager
+systemPossSuperiors: container
+systemPossSuperiors: builtinDomain
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: msDS-AzApplicationData
+systemMayContain: msDS-AzLastImportedBizRulePath
+systemMayContain: msDS-AzBizRuleLanguage
+systemMayContain: msDS-AzBizRule
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: primaryGroupToken
+systemMayContain: operatorCount
+systemMayContain: nTGroupMembers
+systemMayContain: nonSecurityMember
+systemMayContain: msDS-NonMembers
+systemMayContain: msDS-AzLDAPQuery
+systemMayContain: member
+systemMayContain: managedBy
+systemMayContain: groupMembershipSAM
+systemMayContain: groupAttributes
+systemMayContain: mail
+systemMayContain: desktopProfile
+systemMayContain: controlAccessRights
+systemMayContain: adminCount
+systemMustContain: groupType
+systemAuxiliaryClass: mailRecipient
+systemAuxiliaryClass: securityPrincipal
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab
+ 721a55-1e2f-11d0-9819-00aa0040529b;;AU)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d
+ 456d2;;S-1-5-32-560)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Group,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group-Of-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Group-Of-Names
+subClassOf: top
+governsID: 2.5.6.9
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group-Of-Names
+adminDescription: Group-Of-Names
+objectClassCategory: 0
+lDAPDisplayName: groupOfNames
+schemaIDGUID:: nXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: locality
+systemPossSuperiors: organization
+systemPossSuperiors: container
+systemMayContain: seeAlso
+systemMayContain: owner
+systemMayContain: ou
+systemMayContain: o
+systemMayContain: businessCategory
+systemMustContain: member
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Group-Of-Names,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=groupOfUniqueNames,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: groupOfUniqueNames
+possSuperiors: domainDNS
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 2.5.6.17
+mustContain: uniqueMember
+mustContain: cn
+mayContain: seeAlso
+mayContain: owner
+mayContain: ou
+mayContain: o
+mayContain: description
+mayContain: businessCategory
+rDNAttID: cn
+showInAdvancedViewOnly: FALSE
+adminDisplayName: groupOfUniqueNames
+adminDescription: Defines the entries for a group of unique names.
+objectClassCategory: 1
+lDAPDisplayName: groupOfUniqueNames
+schemaIDGUID:: EakQA6OTIU6no1XYWrLEiw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)
+systemFlags: 0
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=groupOfUniqueNames,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group-Policy-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Group-Policy-Container
+subClassOf: container
+governsID: 1.2.840.113556.1.5.157
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group-Policy-Container
+adminDescription: Group-Policy-Container
+objectClassCategory: 1
+lDAPDisplayName: groupPolicyContainer
+schemaIDGUID:: wjsO8/Cf0RG2AwAA+ANnwQ==
+systemOnly: FALSE
+systemMayContain: versionNumber
+systemMayContain: gPCWQLFilter
+systemMayContain: gPCUserExtensionNames
+systemMayContain: gPCMachineExtensionNames
+systemMayContain: gPCFunctionalityVersion
+systemMayContain: gPCFileSysPath
+systemMayContain: flags
+defaultSecurityDescriptor: 
+ D:P(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;DA)(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;EA
+ )(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;CO)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;
+ CI;RPLCLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;LCRP
+ LORC;;;ED)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Group-Policy-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Index-Server-Catalog,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Index-Server-Catalog
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.130
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Index-Server-Catalog
+adminDescription: Index-Server-Catalog
+objectClassCategory: 1
+lDAPDisplayName: indexServerCatalog
+schemaIDGUID:: isv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: uNCName
+systemMayContain: queryPoint
+systemMayContain: indexedScopes
+systemMayContain: friendlyNames
+systemMustContain: creator
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Index-Server-Catalog,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=inetOrgPerson,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: inetOrgPerson
+possSuperiors: domainDNS
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: user
+governsID: 2.16.840.1.113730.3.2.2
+mayContain: x500uniqueIdentifier
+mayContain: userSMIMECertificate
+mayContain: userPKCS12
+mayContain: userCertificate
+mayContain: uid
+mayContain: secretary
+mayContain: roomNumber
+mayContain: preferredLanguage
+mayContain: photo
+mayContain: pager
+mayContain: o
+mayContain: mobile
+mayContain: manager
+mayContain: mail
+mayContain: labeledURI
+mayContain: jpegPhoto
+mayContain: initials
+mayContain: homePostalAddress
+mayContain: homePhone
+mayContain: givenName
+mayContain: employeeType
+mayContain: employeeNumber
+mayContain: displayName
+mayContain: departmentNumber
+mayContain: carLicense
+mayContain: businessCategory
+mayContain: audio
+rDNAttID: cn
+showInAdvancedViewOnly: FALSE
+adminDisplayName: inetOrgPerson
+adminDescription: 
+ Represents people who are associated with an organization in some way.
+objectClassCategory: 1
+lDAPDisplayName: inetOrgPerson
+schemaIDGUID:: FMwoSDcUvEWbB61vAV5fKA==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9
+ 819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;
+ ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-000
+ 0F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45
+ 795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968
+ f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a
+ 9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04
+ fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-
+ 9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;
+ AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0
+ -9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;
+ ;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422
+ -11d1-aebd-0000f80367c1;;S-1-5-32-561)(OA;;WPRP;5805bc62-bdc9-4428-a5e2-856a0f
+ 4c185e;;S-1-5-32-561)
+systemFlags: 0
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Infrastructure-Update,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Infrastructure-Update
+subClassOf: top
+governsID: 1.2.840.113556.1.5.175
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Infrastructure-Update
+adminDescription: Infrastructure-Update
+objectClassCategory: 1
+lDAPDisplayName: infrastructureUpdate
+schemaIDGUID:: iQ35LZ8A0hGqTADAT9fYOg==
+systemOnly: TRUE
+systemPossSuperiors: infrastructureUpdate
+systemPossSuperiors: domain
+systemMayContain: dNReferenceUpdate
+defaultSecurityDescriptor: D:(A;;GA;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Intellimirror-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Intellimirror-Group
+subClassOf: top
+governsID: 1.2.840.113556.1.5.152
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Intellimirror-Group
+adminDescription: Intellimirror-Group
+objectClassCategory: 1
+lDAPDisplayName: intellimirrorGroup
+schemaIDGUID:: hjA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;
+ CCDC;;;CO)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Intellimirror-Group,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Intellimirror-SCP,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Intellimirror-SCP
+subClassOf: serviceAdministrationPoint
+governsID: 1.2.840.113556.1.5.151
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Intellimirror-SCP
+adminDescription: Intellimirror-SCP
+objectClassCategory: 1
+lDAPDisplayName: intellimirrorSCP
+schemaIDGUID:: hTA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemPossSuperiors: intellimirrorGroup
+systemMayContain: netbootTools
+systemMayContain: netbootServer
+systemMayContain: netbootNewMachineOU
+systemMayContain: netbootNewMachineNamingPolicy
+systemMayContain: netbootMaxClients
+systemMayContain: netbootMachineFilePath
+systemMayContain: netbootLocallyInstalledOSes
+systemMayContain: netbootLimitClients
+systemMayContain: netbootIntelliMirrorOSes
+systemMayContain: netbootCurrentClientCount
+systemMayContain: netbootAnswerRequests
+systemMayContain: netbootAnswerOnlyValidClients
+systemMayContain: netbootAllowNewClients
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Intellimirror-SCP,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Inter-Site-Transport,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Inter-Site-Transport
+subClassOf: top
+governsID: 1.2.840.113556.1.5.141
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Inter-Site-Transport
+adminDescription: Inter-Site-Transport
+objectClassCategory: 1
+lDAPDisplayName: interSiteTransport
+schemaIDGUID:: dnPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: interSiteTransportContainer
+systemMayContain: replInterval
+systemMayContain: options
+systemMustContain: transportDLLName
+systemMustContain: transportAddressAttribute
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Inter-Site-Transport,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Inter-Site-Transport-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Inter-Site-Transport-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.140
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Inter-Site-Transport-Container
+adminDescription: Inter-Site-Transport-Container
+objectClassCategory: 1
+lDAPDisplayName: interSiteTransportContainer
+schemaIDGUID:: dXPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: sitesContainer
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Inter-Site-Transport-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Base,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Ipsec-Base
+subClassOf: top
+governsID: 1.2.840.113556.1.5.7000.56
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Base
+adminDescription: Ipsec-Base
+objectClassCategory: 2
+lDAPDisplayName: ipsecBase
+schemaIDGUID:: JfgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemMayContain: ipsecOwnersReference
+systemMayContain: ipsecName
+systemMayContain: ipsecID
+systemMayContain: ipsecDataType
+systemMayContain: ipsecData
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Ipsec-Base,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Ipsec-Filter
+subClassOf: ipsecBase
+governsID: 1.2.840.113556.1.5.118
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Filter
+adminDescription: Ipsec-Filter
+objectClassCategory: 1
+lDAPDisplayName: ipsecFilter
+schemaIDGUID:: JvgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: computer
+systemPossSuperiors: container
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Ipsec-Filter,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-ISAKMP-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Ipsec-ISAKMP-Policy
+subClassOf: ipsecBase
+governsID: 1.2.840.113556.1.5.120
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-ISAKMP-Policy
+adminDescription: Ipsec-ISAKMP-Policy
+objectClassCategory: 1
+lDAPDisplayName: ipsecISAKMPPolicy
+schemaIDGUID:: KPgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemPossSuperiors: organizationalUnit
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Ipsec-ISAKMP-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Negotiation-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Ipsec-Negotiation-Policy
+subClassOf: ipsecBase
+governsID: 1.2.840.113556.1.5.119
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Negotiation-Policy
+adminDescription: Ipsec-Negotiation-Policy
+objectClassCategory: 1
+lDAPDisplayName: ipsecNegotiationPolicy
+schemaIDGUID:: J/gPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: computer
+systemPossSuperiors: container
+systemMayContain: iPSECNegotiationPolicyType
+systemMayContain: iPSECNegotiationPolicyAction
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Ipsec-Negotiation-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-NFA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Ipsec-NFA
+subClassOf: ipsecBase
+governsID: 1.2.840.113556.1.5.121
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-NFA
+adminDescription: Ipsec-NFA
+objectClassCategory: 1
+lDAPDisplayName: ipsecNFA
+schemaIDGUID:: KfgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemPossSuperiors: organizationalUnit
+systemMayContain: ipsecNegotiationPolicyReference
+systemMayContain: ipsecFilterReference
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Ipsec-NFA,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Ipsec-Policy
+subClassOf: ipsecBase
+governsID: 1.2.840.113556.1.5.98
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Policy
+adminDescription: Ipsec-Policy
+objectClassCategory: 1
+lDAPDisplayName: ipsecPolicy
+schemaIDGUID:: ITGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: computer
+systemPossSuperiors: container
+systemMayContain: ipsecNFAReference
+systemMayContain: ipsecISAKMPReference
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Ipsec-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Leaf,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Leaf
+subClassOf: top
+governsID: 1.2.840.113556.1.5.20
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Leaf
+adminDescription: Leaf
+objectClassCategory: 2
+lDAPDisplayName: leaf
+schemaIDGUID:: nnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Leaf,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Licensing-Site-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Licensing-Site-Settings
+subClassOf: applicationSiteSettings
+governsID: 1.2.840.113556.1.5.78
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Licensing-Site-Settings
+adminDescription: Licensing-Site-Settings
+objectClassCategory: 1
+lDAPDisplayName: licensingSiteSettings
+schemaIDGUID:: ffHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: site
+systemMayContain: siteServer
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Licensing-Site-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Link-Track-Object-Move-Table,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Link-Track-Object-Move-Table
+subClassOf: fileLinkTracking
+governsID: 1.2.840.113556.1.5.91
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Link-Track-Object-Move-Table
+adminDescription: Link-Track-Object-Move-Table
+objectClassCategory: 1
+lDAPDisplayName: linkTrackObjectMoveTable
+schemaIDGUID:: 9Qys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: fileLinkTracking
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Link-Track-Object-Move-Table,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Link-Track-OMT-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Link-Track-OMT-Entry
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.93
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Link-Track-OMT-Entry
+adminDescription: Link-Track-OMT-Entry
+objectClassCategory: 1
+lDAPDisplayName: linkTrackOMTEntry
+schemaIDGUID:: 9wys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: linkTrackObjectMoveTable
+systemMayContain: timeRefresh
+systemMayContain: oMTIndxGuid
+systemMayContain: oMTGuid
+systemMayContain: currentLocation
+systemMayContain: birthLocation
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Link-Track-OMT-Entry,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Link-Track-Vol-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Link-Track-Vol-Entry
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.92
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Link-Track-Vol-Entry
+adminDescription: Link-Track-Vol-Entry
+objectClassCategory: 1
+lDAPDisplayName: linkTrackVolEntry
+schemaIDGUID:: 9gys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: linkTrackVolumeTable
+systemMayContain: volTableIdxGUID
+systemMayContain: volTableGUID
+systemMayContain: timeVolChange
+systemMayContain: timeRefresh
+systemMayContain: seqNotification
+systemMayContain: objectCount
+systemMayContain: linkTrackSecret
+systemMayContain: currMachineId
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Link-Track-Vol-Entry,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Link-Track-Volume-Table,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Link-Track-Volume-Table
+subClassOf: fileLinkTracking
+governsID: 1.2.840.113556.1.5.90
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Link-Track-Volume-Table
+adminDescription: Link-Track-Volume-Table
+objectClassCategory: 1
+lDAPDisplayName: linkTrackVolumeTable
+schemaIDGUID:: 9Ays3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: fileLinkTracking
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Link-Track-Volume-Table,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Locality,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Locality
+subClassOf: top
+governsID: 2.5.6.3
+rDNAttID: l
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Locality
+adminDescription: Locality
+objectClassCategory: 1
+lDAPDisplayName: locality
+schemaIDGUID:: oHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: country
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: organization
+systemPossSuperiors: locality
+systemMayContain: street
+systemMayContain: st
+systemMayContain: seeAlso
+systemMayContain: searchGuide
+systemMustContain: l
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Locality,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Lost-And-Found,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Lost-And-Found
+subClassOf: top
+governsID: 1.2.840.113556.1.5.139
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lost-And-Found
+adminDescription: Lost-And-Found
+objectClassCategory: 1
+lDAPDisplayName: lostAndFound
+schemaIDGUID:: cYarUglX0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: configuration
+systemPossSuperiors: domainDNS
+systemPossSuperiors: dMD
+systemMayContain: moveTreeState
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Lost-And-Found,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Mail-Recipient,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Mail-Recipient
+subClassOf: top
+governsID: 1.2.840.113556.1.3.46
+mayContain: msDS-PhoneticDisplayName
+mayContain: userSMIMECertificate
+mayContain: secretary
+mayContain: msExchLabeledURI
+mayContain: msExchAssistantName
+mayContain: labeledURI
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Mail-Recipient
+adminDescription: Mail-Recipient
+objectClassCategory: 3
+lDAPDisplayName: mailRecipient
+schemaIDGUID:: oXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: userCertificate
+systemMayContain: userCert
+systemMayContain: textEncodedORAddress
+systemMayContain: telephoneNumber
+systemMayContain: showInAddressBook
+systemMayContain: legacyExchangeDN
+systemMayContain: garbageCollPeriod
+systemMayContain: info
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Mail-Recipient,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Meeting,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Meeting
+subClassOf: top
+governsID: 1.2.840.113556.1.5.104
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Meeting
+adminDescription: Meeting
+objectClassCategory: 1
+lDAPDisplayName: meeting
+schemaIDGUID:: lMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: meetingURL
+systemMayContain: meetingType
+systemMayContain: meetingStartTime
+systemMayContain: meetingScope
+systemMayContain: meetingRecurrence
+systemMayContain: meetingRating
+systemMayContain: meetingProtocol
+systemMayContain: meetingOwner
+systemMayContain: meetingOriginator
+systemMayContain: meetingMaxParticipants
+systemMayContain: meetingLocation
+systemMayContain: meetingLanguage
+systemMayContain: meetingKeyword
+systemMayContain: meetingIsEncrypted
+systemMayContain: meetingIP
+systemMayContain: meetingID
+systemMayContain: meetingEndTime
+systemMayContain: meetingDescription
+systemMayContain: meetingContactInfo
+systemMayContain: meetingBlob
+systemMayContain: meetingBandwidth
+systemMayContain: meetingApplication
+systemMayContain: meetingAdvertiseScope
+systemMustContain: meetingName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Meeting,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-Partition,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-COM-Partition
+subClassOf: top
+governsID: 1.2.840.113556.1.5.193
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-Partition
+adminDescription: Partition class. Default = adminDisplayName
+objectClassCategory: 1
+lDAPDisplayName: msCOM-Partition
+schemaIDGUID:: dA4ByVhO90mKiV4+I0D8+A==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: msCOM-ObjectId
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-COM-Partition,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-PartitionSet,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-COM-PartitionSet
+subClassOf: top
+governsID: 1.2.840.113556.1.5.194
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-PartitionSet
+adminDescription: PartitionSet class. Default = adminDisplayName
+objectClassCategory: 1
+lDAPDisplayName: msCOM-PartitionSet
+schemaIDGUID:: q2QEJRfEekmXWp4NRZp8oQ==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: msCOM-PartitionLink
+systemMayContain: msCOM-DefaultPartitionLink
+systemMayContain: msCOM-ObjectId
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-COM-PartitionSet,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-App-Configuration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-App-Configuration
+possSuperiors: organizationalUnit
+possSuperiors: computer
+possSuperiors: container
+subClassOf: applicationSettings
+governsID: 1.2.840.113556.1.5.220
+mayContain: owner
+mayContain: msDS-ObjectReference
+mayContain: msDS-Integer
+mayContain: msDS-DateTime
+mayContain: msDS-ByteArray
+mayContain: managedBy
+mayContain: keywords
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-App-Configuration
+adminDescription: Stores configuration parameters for an application.
+objectClassCategory: 1
+lDAPDisplayName: msDS-App-Configuration
+schemaIDGUID:: PjzfkFQYVUSl18rUDVZleg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 0
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-App-Configuration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-App-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-App-Data
+possSuperiors: organizationalUnit
+possSuperiors: computer
+possSuperiors: container
+subClassOf: applicationSettings
+governsID: 1.2.840.113556.1.5.241
+mayContain: owner
+mayContain: msDS-ObjectReference
+mayContain: msDS-Integer
+mayContain: msDS-DateTime
+mayContain: msDS-ByteArray
+mayContain: managedBy
+mayContain: keywords
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-App-Data
+adminDescription: 
+ Stores data that is to be used by an object. For example, profile information 
+ for a user object.
+objectClassCategory: 1
+lDAPDisplayName: msDS-AppData
+schemaIDGUID:: YddnnifjVU28lWgvh14vjg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 0
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-App-Data,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Admin-Manager,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Az-Admin-Manager
+subClassOf: top
+governsID: 1.2.840.113556.1.5.234
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Admin-Manager
+adminDescription: Root of Authorization Policy store instance
+objectClassCategory: 1
+lDAPDisplayName: msDS-AzAdminManager
+schemaIDGUID:: URDuzyhfrkuoY10MwYqO0Q==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: msDS-AzMinorVersion
+systemMayContain: msDS-AzMajorVersion
+systemMayContain: msDS-AzApplicationData
+systemMayContain: msDS-AzGenerateAudits
+systemMayContain: msDS-AzScriptTimeout
+systemMayContain: msDS-AzScriptEngineCacheMax
+systemMayContain: msDS-AzDomainTimeout
+systemMayContain: description
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Az-Admin-Manager,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Application,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Az-Application
+subClassOf: top
+governsID: 1.2.840.113556.1.5.235
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Application
+adminDescription: 
+ Defines an installed instance of an application bound to a particular policy s
+ tore.
+objectClassCategory: 1
+lDAPDisplayName: msDS-AzApplication
+schemaIDGUID:: m9743aXLEk6ELijYtm917A==
+systemOnly: FALSE
+systemPossSuperiors: msDS-AzAdminManager
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: msDS-AzApplicationData
+systemMayContain: msDS-AzGenerateAudits
+systemMayContain: msDS-AzApplicationVersion
+systemMayContain: msDS-AzClassId
+systemMayContain: msDS-AzApplicationName
+systemMayContain: description
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Az-Application,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Operation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Az-Operation
+subClassOf: top
+governsID: 1.2.840.113556.1.5.236
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Operation
+adminDescription: Describes a particular operation supported by an application
+objectClassCategory: 1
+lDAPDisplayName: msDS-AzOperation
+schemaIDGUID:: N74KhpuapE+z0ris5d+exQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: msDS-AzApplication
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: msDS-AzApplicationData
+systemMayContain: description
+systemMustContain: msDS-AzOperationID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Az-Operation,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Az-Role
+subClassOf: top
+governsID: 1.2.840.113556.1.5.239
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Role
+adminDescription: 
+ Defines a set of operations that can be performed by a particular set of users
+  within a particular scope
+objectClassCategory: 1
+lDAPDisplayName: msDS-AzRole
+schemaIDGUID:: yeoTglWd3ESSXOmlK5J2RA==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: msDS-AzScope
+systemPossSuperiors: msDS-AzApplication
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: msDS-AzApplicationData
+systemMayContain: msDS-TasksForAzRole
+systemMayContain: msDS-OperationsForAzRole
+systemMayContain: msDS-MembersForAzRole
+systemMayContain: description
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Az-Role,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Scope,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Az-Scope
+subClassOf: top
+governsID: 1.2.840.113556.1.5.237
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Scope
+adminDescription: Describes a set of objects managed by an application
+objectClassCategory: 1
+lDAPDisplayName: msDS-AzScope
+schemaIDGUID:: VODqT1XOu0eGDlsSBjpR3g==
+systemOnly: FALSE
+systemPossSuperiors: msDS-AzApplication
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: msDS-AzApplicationData
+systemMayContain: description
+systemMustContain: msDS-AzScopeName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Az-Scope,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Task,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Az-Task
+subClassOf: top
+governsID: 1.2.840.113556.1.5.238
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Task
+adminDescription: Describes a set of operations
+objectClassCategory: 1
+lDAPDisplayName: msDS-AzTask
+schemaIDGUID:: c6TTHhubikG/oDo3uVpTBg==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: msDS-AzScope
+systemPossSuperiors: msDS-AzApplication
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: msDS-TasksForAzTask
+systemMayContain: msDS-OperationsForAzTask
+systemMayContain: msDS-AzApplicationData
+systemMayContain: msDS-AzTaskIsRoleDefinition
+systemMayContain: msDS-AzLastImportedBizRulePath
+systemMayContain: msDS-AzBizRuleLanguage
+systemMayContain: msDS-AzBizRule
+systemMayContain: description
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Az-Task,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Optional-Feature,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Optional-Feature
+subClassOf: top
+governsID: 1.2.840.113556.1.5.265
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Optional-Feature
+adminDescription: Configuration for an optional DS feature.
+objectClassCategory: 1
+lDAPDisplayName: msDS-OptionalFeature
+schemaIDGUID:: QQDwRK81i0ayCmzoc3xYCw==
+systemOnly: TRUE
+systemPossSuperiors: container
+systemMayContain: msDS-RequiredForestBehaviorVersion
+systemMayContain: msDS-RequiredDomainBehaviorVersion
+systemMustContain: msDS-OptionalFeatureFlags
+systemMustContain: msDS-OptionalFeatureGUID
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Optional-Feature,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Password-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Password-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.5.255
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Password-Settings
+adminDescription: Password settings object for accounts
+objectClassCategory: 1
+lDAPDisplayName: msDS-PasswordSettings
+schemaIDGUID:: uJ3NO0v4HEWVL2xSuB+exg==
+systemOnly: FALSE
+systemPossSuperiors: msDS-PasswordSettingsContainer
+systemMayContain: msDS-PSOAppliesTo
+systemMustContain: msDS-PasswordHistoryLength
+systemMustContain: msDS-PasswordSettingsPrecedence
+systemMustContain: msDS-PasswordReversibleEncryptionEnabled
+systemMustContain: msDS-LockoutThreshold
+systemMustContain: msDS-LockoutDuration
+systemMustContain: msDS-LockoutObservationWindow
+systemMustContain: msDS-PasswordComplexityEnabled
+systemMustContain: msDS-MinimumPasswordLength
+systemMustContain: msDS-MinimumPasswordAge
+systemMustContain: msDS-MaximumPasswordAge
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Password-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Password-Settings-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Password-Settings-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.256
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Password-Settings-Container
+adminDescription: Container for password settings objects
+objectClassCategory: 1
+lDAPDisplayName: msDS-PasswordSettingsContainer
+schemaIDGUID:: arAGW/NMwES9FkO8EKmH2g==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Password-Settings-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Quota-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Quota-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.242
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Quota-Container
+adminDescription: 
+ A special container that holds all quota specifications for the directory data
+ base.
+objectClassCategory: 1
+lDAPDisplayName: msDS-QuotaContainer
+schemaIDGUID:: T/yD2m8H6kq03I9Nq5tZkw==
+systemOnly: FALSE
+systemPossSuperiors: configuration
+systemPossSuperiors: domainDNS
+systemMayContain: msDS-TopQuotaUsage
+systemMayContain: msDS-QuotaUsed
+systemMayContain: msDS-QuotaEffective
+systemMayContain: msDS-TombstoneQuotaFactor
+systemMayContain: msDS-DefaultQuota
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;BA)(OA;;CR;4ecc03fe-ffc0-
+ 4947-b630-eb672a8a9dbc;;WD)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Quota-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Quota-Control,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Quota-Control
+subClassOf: top
+governsID: 1.2.840.113556.1.5.243
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Quota-Control
+adminDescription: 
+ A class used to represent quota specifications for the directory database.
+objectClassCategory: 1
+lDAPDisplayName: msDS-QuotaControl
+schemaIDGUID:: JvyR3gK9UkuuJnlZmelvxw==
+systemOnly: FALSE
+systemPossSuperiors: msDS-QuotaContainer
+systemMustContain: msDS-QuotaAmount
+systemMustContain: msDS-QuotaTrustee
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;BA)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Quota-Control,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Managed-Service-Account,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Managed-Service-Account
+subClassOf: computer
+governsID: 1.2.840.113556.1.5.264
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Managed-Service-Account
+adminDescription: 
+ Service account class is used to create accounts that are used for running Win
+ dows services.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ManagedServiceAccount
+schemaIDGUID:: RGIgzidYhkq6HBwMOGwbZA==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCRLCLORCSDDT;;;CO)(OA;;WP;4c164200-20c0-
+ 11d0-a768-00aa006e0529;;CO)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO)(O
+ A;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO)(OA;;WP;3e0abfd0-126a-11d0-a060
+ -00aa006c33ed;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;5f202010-79a5-11
+ d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967950-
+ 0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf
+ 967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA
+ ;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEB
+ D-0000F80367C1;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)(A;;RPLCLO
+ RC;;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RPWP;bf967a7f-0d
+ e6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-
+ 1-5-32-560)(OA;;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;;ED)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Managed-Service-Account,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Exch-Configuration-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Exch-Configuration-Container
+subClassOf: container
+governsID: 1.2.840.113556.1.5.176
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Exch-Configuration-Container
+adminDescription: ms-Exch-Configuration-Container
+objectClassCategory: 1
+lDAPDisplayName: msExchConfigurationContainer
+schemaIDGUID:: WGg90PQG0hGqUwDAT9fYOg==
+systemOnly: FALSE
+systemMayContain: templateRoots2
+systemMayContain: templateRoots
+systemMayContain: addressBookRoots2
+systemMayContain: addressBookRoots
+systemMayContain: globalAddressList2
+systemMayContain: globalAddressList
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Exch-Configuration-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-LocalSettings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-LocalSettings
+possSuperiors: computer
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.1
+mayContain: msDFSR-StagingCleanupTriggerInPercent
+mayContain: msDFSR-CommonStagingSizeInMb
+mayContain: msDFSR-CommonStagingPath
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+mayContain: msDFSR-Version
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-LocalSettings
+adminDescription: DFSR settings applicable to local computer
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-LocalSettings
+schemaIDGUID:: kcWF+n8ZfkeDvepaQ98iOQ==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-LocalSettings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Subscriber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-Subscriber
+possSuperiors: msDFSR-LocalSettings
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.2
+mustContain: msDFSR-ReplicationGroupGuid
+mustContain: msDFSR-MemberReference
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Subscriber
+adminDescription: Represents local computer membership of a replication group
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-Subscriber
+schemaIDGUID:: 1wUV4cSS50O/XClYMv/Ilg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-Subscriber,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Subscription,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-Subscription
+possSuperiors: msDFSR-Subscriber
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.3
+mustContain: msDFSR-ReplicationGroupGuid
+mustContain: msDFSR-ContentSetGuid
+mayContain: msDFSR-OnDemandExclusionDirectoryFilter
+mayContain: msDFSR-OnDemandExclusionFileFilter
+mayContain: msDFSR-StagingCleanupTriggerInPercent
+mayContain: msDFSR-Options2
+mayContain: msDFSR-MaxAgeInCacheInMin
+mayContain: msDFSR-MinDurationCacheInMin
+mayContain: msDFSR-CachePolicy
+mayContain: msDFSR-ReadOnly
+mayContain: msDFSR-DeletedSizeInMb
+mayContain: msDFSR-DeletedPath
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+mayContain: msDFSR-DfsLinkTarget
+mayContain: msDFSR-RootFence
+mayContain: msDFSR-Enabled
+mayContain: msDFSR-ConflictSizeInMb
+mayContain: msDFSR-ConflictPath
+mayContain: msDFSR-StagingSizeInMb
+mayContain: msDFSR-StagingPath
+mayContain: msDFSR-RootSizeInMb
+mayContain: msDFSR-RootPath
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Subscription
+adminDescription: Represents local computer participation of a content set
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-Subscription
+schemaIDGUID:: FCQhZ8x7CUaH4AiNrYq97g==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-Subscription,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-GlobalSettings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-GlobalSettings
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.4
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-GlobalSettings
+adminDescription: Global settings applicable to all replication group members
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-GlobalSettings
+schemaIDGUID:: rds1e+yzakiq1C/snW6m9g==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-GlobalSettings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ReplicationGroup,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-ReplicationGroup
+possSuperiors: msDFSR-GlobalSettings
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.5
+mustContain: msDFSR-ReplicationGroupType
+mayContain: msDFSR-OnDemandExclusionDirectoryFilter
+mayContain: msDFSR-OnDemandExclusionFileFilter
+mayContain: msDFSR-DefaultCompressionExclusionFilter
+mayContain: msDFSR-Options2
+mayContain: msDFSR-DeletedSizeInMb
+mayContain: msDFSR-ConflictSizeInMb
+mayContain: msDFSR-StagingSizeInMb
+mayContain: msDFSR-RootSizeInMb
+mayContain: msDFSR-DirectoryFilter
+mayContain: msDFSR-FileFilter
+mayContain: msDFSR-Version
+mayContain: msDFSR-Schedule
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+mayContain: msDFSR-TombstoneExpiryInMin
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ReplicationGroup
+adminDescription: Replication Group container
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-ReplicationGroup
+schemaIDGUID:: 4C8zHCoMMk+vyiPF5Fqedw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-ReplicationGroup,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Content,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-Content
+possSuperiors: msDFSR-ReplicationGroup
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.6
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Content
+adminDescription: Container for DFSR-ContentSet objects
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-Content
+schemaIDGUID:: NZt1ZKHT5EK18aPeFiEJsw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-Content,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ContentSet,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-ContentSet
+possSuperiors: msDFSR-Content
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.7
+mayContain: msDFSR-OnDemandExclusionDirectoryFilter
+mayContain: msDFSR-OnDemandExclusionFileFilter
+mayContain: msDFSR-DefaultCompressionExclusionFilter
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Priority
+mayContain: msDFSR-DeletedSizeInMb
+mayContain: msDFSR-ConflictSizeInMb
+mayContain: msDFSR-StagingSizeInMb
+mayContain: msDFSR-RootSizeInMb
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+mayContain: msDFSR-DirectoryFilter
+mayContain: msDFSR-FileFilter
+mayContain: msDFSR-DfsPath
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ContentSet
+adminDescription: DFSR Content Set
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-ContentSet
+schemaIDGUID:: DfQ3SdymSE2Xygbl+/0/Fg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-ContentSet,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Topology,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-Topology
+possSuperiors: msDFSR-ReplicationGroup
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.8
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Topology
+adminDescription: Container for objects that form the replication topology
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-Topology
+schemaIDGUID:: qYqCBEJugE65YuL+AHVNFw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-Topology,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-Member
+possSuperiors: msDFSR-Topology
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.9
+mustContain: msDFSR-ComputerReference
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+mayContain: msDFSR-Keywords
+mayContain: serverReference
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Member
+adminDescription: Replication group member
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-Member
+schemaIDGUID:: l8gpQhHCfEOlrtv3BbaW5Q==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-Member,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Connection,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-Connection
+possSuperiors: msDFSR-Member
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.10
+mustContain: fromServer
+mayContain: msDFSR-DisablePacketPrivacy
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Priority
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+mayContain: msDFSR-Schedule
+mayContain: msDFSR-Keywords
+mayContain: msDFSR-RdcMinFileSizeInKb
+mayContain: msDFSR-RdcEnabled
+mayContain: msDFSR-Enabled
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Connection
+adminDescription: Directional connection between two members
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-Connection
+schemaIDGUID:: LpeP5bVk70aNi7vD4Yl+qw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-Connection,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-ieee-80211-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-ieee-80211-Policy
+subClassOf: top
+governsID: 1.2.840.113556.1.5.240
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-ieee-80211-Policy
+adminDescription: class to store Wireless Network Policy Object
+objectClassCategory: 1
+lDAPDisplayName: msieee80211-Policy
+schemaIDGUID:: ki2ae+u3gkOXcsPg+bqvlA==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemMayContain: msieee80211-ID
+systemMayContain: msieee80211-DataType
+systemMayContain: msieee80211-Data
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-ieee-80211-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Imaging-PSPs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Imaging-PSPs
+subClassOf: container
+governsID: 1.2.840.113556.1.5.262
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Imaging-PSPs
+adminDescription: Container for all Enterprise Scan Post Scan Process objects.
+objectClassCategory: 1
+lDAPDisplayName: msImaging-PSPs
+schemaIDGUID:: wSrtoAyXd0eEjuxjoOxE/A==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Imaging-PSPs,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Imaging-PostScanProcess,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Imaging-PostScanProcess
+subClassOf: top
+governsID: 1.2.840.113556.1.5.263
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Imaging-PostScanProcess
+adminDescription: Enterprise Scan Post Scan Process object.
+objectClassCategory: 1
+lDAPDisplayName: msImaging-PostScanProcess
+schemaIDGUID:: fCV8H6O4JUWC+BHMx77jbg==
+systemOnly: FALSE
+systemPossSuperiors: msImaging-PSPs
+systemMayContain: msImaging-PSPString
+systemMayContain: serverName
+systemMustContain: displayName
+systemMustContain: msImaging-PSPIdentifier
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Imaging-PostScanProcess,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Print-ConnectionPolicy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Print-ConnectionPolicy
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.23.2
+mustContain: cn
+mayContain: uNCName
+mayContain: serverName
+mayContain: printAttributes
+mayContain: printerName
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Print-ConnectionPolicy
+adminDescription: Pushed Printer Connection Policy1
+objectClassCategory: 1
+lDAPDisplayName: msPrint-ConnectionPolicy
+schemaIDGUID:: xzNvodZ/KEiTZENROP2gjQ==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Print-ConnectionPolicy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Enterprise-Oid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-PKI-Enterprise-Oid
+subClassOf: top
+governsID: 1.2.840.113556.1.5.196
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Enterprise-Oid
+adminDescription: ms-PKI-Enterprise-Oid
+objectClassCategory: 1
+lDAPDisplayName: msPKI-Enterprise-Oid
+schemaIDGUID:: XNjPNxln2EqPnoZ4umJ1Yw==
+systemOnly: FALSE
+systemPossSuperiors: msPKI-Enterprise-Oid
+systemPossSuperiors: container
+systemMayContain: msDS-OIDToGroupLink
+systemMayContain: msPKI-OID-User-Notice
+systemMayContain: msPKI-OIDLocalizedName
+systemMayContain: msPKI-OID-CPS
+systemMayContain: msPKI-OID-Attribute
+systemMayContain: msPKI-Cert-Template-OID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-PKI-Enterprise-Oid,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Key-Recovery-Agent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-PKI-Key-Recovery-Agent
+subClassOf: user
+governsID: 1.2.840.113556.1.5.195
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Key-Recovery-Agent
+adminDescription: ms-PKI-Key-Recovery-Agent
+objectClassCategory: 1
+lDAPDisplayName: msPKI-Key-Recovery-Agent
+schemaIDGUID:: OPLMJo6ghkuagqjJrH7lyw==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-PKI-Key-Recovery-Agent,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-SQLServer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-SQLServer
+subClassOf: serviceConnectionPoint
+governsID: 1.2.840.113556.1.5.184
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-SQLServer
+adminDescription: MS-SQL-SQLServer
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-SQLServer
+schemaIDGUID:: eMj2Be/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: serviceConnectionPoint
+systemMayContain: mS-SQL-Keywords
+systemMayContain: mS-SQL-GPSHeight
+systemMayContain: mS-SQL-GPSLongitude
+systemMayContain: mS-SQL-GPSLatitude
+systemMayContain: mS-SQL-InformationURL
+systemMayContain: mS-SQL-LastUpdatedDate
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-Vines
+systemMayContain: mS-SQL-AppleTalk
+systemMayContain: mS-SQL-TCPIP
+systemMayContain: mS-SQL-SPX
+systemMayContain: mS-SQL-MultiProtocol
+systemMayContain: mS-SQL-NamedPipe
+systemMayContain: mS-SQL-Clustered
+systemMayContain: mS-SQL-UnicodeSortOrder
+systemMayContain: mS-SQL-SortOrder
+systemMayContain: mS-SQL-CharacterSet
+systemMayContain: mS-SQL-ServiceAccount
+systemMayContain: mS-SQL-Build
+systemMayContain: mS-SQL-Memory
+systemMayContain: mS-SQL-Location
+systemMayContain: mS-SQL-Contact
+systemMayContain: mS-SQL-RegisteredOwner
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-SQLServer,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-OLAPServer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-OLAPServer
+subClassOf: serviceConnectionPoint
+governsID: 1.2.840.113556.1.5.185
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-OLAPServer
+adminDescription: MS-SQL-OLAPServer
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-OLAPServer
+schemaIDGUID:: 6hh+DO/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: serviceConnectionPoint
+systemMayContain: mS-SQL-Keywords
+systemMayContain: mS-SQL-PublicationURL
+systemMayContain: mS-SQL-InformationURL
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-Language
+systemMayContain: mS-SQL-ServiceAccount
+systemMayContain: mS-SQL-Contact
+systemMayContain: mS-SQL-RegisteredOwner
+systemMayContain: mS-SQL-Build
+systemMayContain: mS-SQL-Version
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-OLAPServer,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-SQLRepository,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-SQLRepository
+subClassOf: top
+governsID: 1.2.840.113556.1.5.186
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-SQLRepository
+adminDescription: MS-SQL-SQLRepository
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-SQLRepository
+schemaIDGUID:: XDzUEe/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: mS-SQL-SQLServer
+systemMayContain: mS-SQL-InformationDirectory
+systemMayContain: mS-SQL-Version
+systemMayContain: mS-SQL-Description
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-Build
+systemMayContain: mS-SQL-Contact
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-SQLRepository,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-SQLPublication,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-SQLPublication
+subClassOf: top
+governsID: 1.2.840.113556.1.5.187
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-SQLPublication
+adminDescription: MS-SQL-SQLPublication
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-SQLPublication
+schemaIDGUID:: TvbCF+/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: mS-SQL-SQLServer
+systemMayContain: mS-SQL-ThirdParty
+systemMayContain: mS-SQL-AllowSnapshotFilesFTPDownloading
+systemMayContain: mS-SQL-AllowQueuedUpdatingSubscription
+systemMayContain: mS-SQL-AllowImmediateUpdatingSubscription
+systemMayContain: mS-SQL-AllowKnownPullSubscription
+systemMayContain: mS-SQL-Publisher
+systemMayContain: mS-SQL-AllowAnonymousSubscription
+systemMayContain: mS-SQL-Database
+systemMayContain: mS-SQL-Type
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-Description
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-SQLPublication,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-SQLDatabase,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-SQLDatabase
+subClassOf: top
+governsID: 1.2.840.113556.1.5.188
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-SQLDatabase
+adminDescription: MS-SQL-SQLDatabase
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-SQLDatabase
+schemaIDGUID:: SmkIHe/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: mS-SQL-SQLServer
+systemMayContain: mS-SQL-Keywords
+systemMayContain: mS-SQL-InformationURL
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-Applications
+systemMayContain: mS-SQL-LastDiagnosticDate
+systemMayContain: mS-SQL-LastBackupDate
+systemMayContain: mS-SQL-CreationDate
+systemMayContain: mS-SQL-Size
+systemMayContain: mS-SQL-Contact
+systemMayContain: mS-SQL-Alias
+systemMayContain: mS-SQL-Description
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-SQLDatabase,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-OLAPDatabase,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-OLAPDatabase
+subClassOf: top
+governsID: 1.2.840.113556.1.5.189
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-OLAPDatabase
+adminDescription: MS-SQL-OLAPDatabase
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-OLAPDatabase
+schemaIDGUID:: GgOvIO/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: mS-SQL-OLAPServer
+systemMayContain: mS-SQL-Keywords
+systemMayContain: mS-SQL-PublicationURL
+systemMayContain: mS-SQL-ConnectionURL
+systemMayContain: mS-SQL-InformationURL
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-Applications
+systemMayContain: mS-SQL-LastBackupDate
+systemMayContain: mS-SQL-LastUpdatedDate
+systemMayContain: mS-SQL-Size
+systemMayContain: mS-SQL-Type
+systemMayContain: mS-SQL-Description
+systemMayContain: mS-SQL-Contact
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-OLAPDatabase,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-OLAPCube,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-OLAPCube
+subClassOf: top
+governsID: 1.2.840.113556.1.5.190
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-OLAPCube
+adminDescription: MS-SQL-OLAPCube
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-OLAPCube
+schemaIDGUID:: alDwCSjN0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: mS-SQL-OLAPDatabase
+systemMayContain: mS-SQL-Keywords
+systemMayContain: mS-SQL-PublicationURL
+systemMayContain: mS-SQL-InformationURL
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-LastUpdatedDate
+systemMayContain: mS-SQL-Size
+systemMayContain: mS-SQL-Description
+systemMayContain: mS-SQL-Contact
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-OLAPCube,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TAPI-Rt-Conference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-TAPI-Rt-Conference
+subClassOf: top
+governsID: 1.2.840.113556.1.5.221
+rDNAttID: msTAPI-uid
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msTAPI-RtConference
+adminDescription: msTAPI-RtConference
+objectClassCategory: 1
+lDAPDisplayName: msTAPI-RtConference
+schemaIDGUID:: NZd7yipLSU6Jw5kCUzTclA==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemMayContain: msTAPI-ConferenceBlob
+systemMayContain: msTAPI-ProtocolId
+systemMustContain: msTAPI-uid
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-TAPI-Rt-Conference,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TAPI-Rt-Person,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-TAPI-Rt-Person
+subClassOf: top
+governsID: 1.2.840.113556.1.5.222
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msTAPI-RtPerson
+adminDescription: msTAPI-RtPerson
+objectClassCategory: 1
+lDAPDisplayName: msTAPI-RtPerson
+schemaIDGUID:: tRzqUwS3+U2Bj1y07IbKwQ==
+systemOnly: FALSE
+systemPossSuperiors: organization
+systemPossSuperiors: organizationalUnit
+systemMayContain: msTAPI-uid
+systemMayContain: msTAPI-IpAddress
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-TAPI-Rt-Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-IntRangeParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-IntRangeParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.205
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-IntRangeParam
+adminDescription: ms-WMI-IntRangeParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-IntRangeParam
+schemaIDGUID:: fV3KUItc806531tm1JHlJg==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMayContain: msWMI-IntMax
+systemMayContain: msWMI-IntMin
+systemMustContain: msWMI-IntDefault
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-IntRangeParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-IntSetParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-IntSetParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.206
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-IntSetParam
+adminDescription: ms-WMI-IntSetParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-IntSetParam
+schemaIDGUID:: mg0vKXbPsEKEH7ZQ8zHfYg==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMayContain: msWMI-IntValidValues
+systemMustContain: msWMI-IntDefault
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPCCDCLCLODTRC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-IntSetParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-MergeablePolicyTemplate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-MergeablePolicyTemplate
+subClassOf: msWMI-PolicyTemplate
+governsID: 1.2.840.113556.1.5.202
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-MergeablePolicyTemplate
+adminDescription: ms-WMI-MergeablePolicyTemplate
+objectClassCategory: 1
+lDAPDisplayName: msWMI-MergeablePolicyTemplate
+schemaIDGUID:: FCRQB8r9UUiwShNkWxHSJg==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPCCDCLCLODTRC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-MergeablePolicyTemplate,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-ObjectEncoding,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-ObjectEncoding
+subClassOf: top
+governsID: 1.2.840.113556.1.5.217
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-ObjectEncoding
+adminDescription: ms-WMI-ObjectEncoding
+objectClassCategory: 1
+lDAPDisplayName: msWMI-ObjectEncoding
+schemaIDGUID:: yYHdVRLD+UGoTcatvfHo4Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMustContain: msWMI-Class
+systemMustContain: msWMI-ScopeGuid
+systemMustContain: msWMI-Parm1
+systemMustContain: msWMI-Parm2
+systemMustContain: msWMI-Parm3
+systemMustContain: msWMI-Parm4
+systemMustContain: msWMI-Genus
+systemMustContain: msWMI-intFlags1
+systemMustContain: msWMI-intFlags2
+systemMustContain: msWMI-intFlags3
+systemMustContain: msWMI-intFlags4
+systemMustContain: msWMI-ID
+systemMustContain: msWMI-TargetObject
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-ObjectEncoding,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-PolicyTemplate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-PolicyTemplate
+subClassOf: top
+governsID: 1.2.840.113556.1.5.200
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-PolicyTemplate
+adminDescription: ms-WMI-PolicyTemplate
+objectClassCategory: 1
+lDAPDisplayName: msWMI-PolicyTemplate
+schemaIDGUID:: 8YC84kokWU2sxspcT4Lm4Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msWMI-TargetType
+systemMayContain: msWMI-SourceOrganization
+systemMayContain: msWMI-Parm4
+systemMayContain: msWMI-Parm3
+systemMayContain: msWMI-Parm2
+systemMayContain: msWMI-Parm1
+systemMayContain: msWMI-intFlags4
+systemMayContain: msWMI-intFlags3
+systemMayContain: msWMI-intFlags2
+systemMayContain: msWMI-intFlags1
+systemMayContain: msWMI-CreationDate
+systemMayContain: msWMI-ChangeDate
+systemMayContain: msWMI-Author
+systemMustContain: msWMI-NormalizedClass
+systemMustContain: msWMI-TargetPath
+systemMustContain: msWMI-TargetClass
+systemMustContain: msWMI-TargetNameSpace
+systemMustContain: msWMI-Name
+systemMustContain: msWMI-ID
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLO
+ CCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-PolicyTemplate,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-PolicyType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-PolicyType
+subClassOf: top
+governsID: 1.2.840.113556.1.5.211
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-PolicyType
+adminDescription: ms-WMI-PolicyType
+objectClassCategory: 1
+lDAPDisplayName: msWMI-PolicyType
+schemaIDGUID:: EyZbWQlBd06QE6O7TvJ3xw==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msWMI-SourceOrganization
+systemMayContain: msWMI-Parm4
+systemMayContain: msWMI-Parm3
+systemMayContain: msWMI-Parm2
+systemMayContain: msWMI-Parm1
+systemMayContain: msWMI-intFlags4
+systemMayContain: msWMI-intFlags3
+systemMayContain: msWMI-intFlags2
+systemMayContain: msWMI-intFlags1
+systemMayContain: msWMI-CreationDate
+systemMayContain: msWMI-ChangeDate
+systemMayContain: msWMI-Author
+systemMustContain: msWMI-TargetObject
+systemMustContain: msWMI-ID
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLO
+ CCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-PolicyType,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-RangeParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-RangeParam
+subClassOf: top
+governsID: 1.2.840.113556.1.5.203
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-RangeParam
+adminDescription: ms-WMI-RangeParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-RangeParam
+schemaIDGUID:: V1r7RRhQD02QVpl8jJEi2Q==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMustContain: msWMI-TargetType
+systemMustContain: msWMI-TargetClass
+systemMustContain: msWMI-PropertyName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPCCDCLCLODTRC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-RangeParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-RealRangeParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-RealRangeParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.209
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-RealRangeParam
+adminDescription: ms-WMI-RealRangeParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-RealRangeParam
+schemaIDGUID:: 4o/+arxwzkyxZqlvc1nFFA==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMayContain: msWMI-Int8Max
+systemMayContain: msWMI-Int8Min
+systemMustContain: msWMI-Int8Default
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-RealRangeParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Rule,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-Rule
+subClassOf: top
+governsID: 1.2.840.113556.1.5.214
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Rule
+adminDescription: ms-WMI-Rule
+objectClassCategory: 1
+lDAPDisplayName: msWMI-Rule
+schemaIDGUID:: g29+PA7dG0igwnTNlu8qZg==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-Som
+systemPossSuperiors: container
+systemMustContain: msWMI-QueryLanguage
+systemMustContain: msWMI-TargetNameSpace
+systemMustContain: msWMI-Query
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-Rule,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-ShadowObject,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-ShadowObject
+subClassOf: top
+governsID: 1.2.840.113556.1.5.212
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-ShadowObject
+adminDescription: ms-WMI-ShadowObject
+objectClassCategory: 1
+lDAPDisplayName: msWMI-ShadowObject
+schemaIDGUID:: 30vk8dONNUKchvkfMfW1aQ==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-PolicyType
+systemMustContain: msWMI-TargetObject
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-ShadowObject,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-SimplePolicyTemplate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-SimplePolicyTemplate
+subClassOf: msWMI-PolicyTemplate
+governsID: 1.2.840.113556.1.5.201
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-SimplePolicyTemplate
+adminDescription: ms-WMI-SimplePolicyTemplate
+objectClassCategory: 1
+lDAPDisplayName: msWMI-SimplePolicyTemplate
+schemaIDGUID:: tbLIbN8S9kSDB+dPXN7jaQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMustContain: msWMI-TargetObject
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPCCDCLCLODTRC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-SimplePolicyTemplate,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Som,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-Som
+subClassOf: top
+governsID: 1.2.840.113556.1.5.213
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Som
+adminDescription: ms-WMI-Som
+objectClassCategory: 1
+lDAPDisplayName: msWMI-Som
+schemaIDGUID:: eHCFq0IBBkSUWzTJtrEzcg==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msWMI-SourceOrganization
+systemMayContain: msWMI-Parm4
+systemMayContain: msWMI-Parm3
+systemMayContain: msWMI-Parm2
+systemMayContain: msWMI-Parm1
+systemMayContain: msWMI-intFlags4
+systemMayContain: msWMI-intFlags3
+systemMayContain: msWMI-intFlags2
+systemMayContain: msWMI-intFlags1
+systemMayContain: msWMI-CreationDate
+systemMayContain: msWMI-ChangeDate
+systemMayContain: msWMI-Author
+systemMustContain: msWMI-Name
+systemMustContain: msWMI-ID
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLO
+ CCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-Som,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-StringSetParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-StringSetParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.210
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-StringSetParam
+adminDescription: ms-WMI-StringSetParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-StringSetParam
+schemaIDGUID:: onnFC6cd6ky2mYB/O51jpA==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMayContain: msWMI-StringValidValues
+systemMustContain: msWMI-StringDefault
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPCCDCLCLODTRC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-StringSetParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-UintRangeParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-UintRangeParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.207
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-UintRangeParam
+adminDescription: ms-WMI-UintRangeParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-UintRangeParam
+schemaIDGUID:: spmn2fPOs0i1rfuF+N0yFA==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMayContain: msWMI-IntMax
+systemMayContain: msWMI-IntMin
+systemMustContain: msWMI-IntDefault
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-UintRangeParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-UintSetParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-UintSetParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.208
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-UintSetParam
+adminDescription: ms-WMI-UintSetParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-UintSetParam
+schemaIDGUID:: MetLjxlO9UaTLl+gPDObHQ==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMayContain: msWMI-IntValidValues
+systemMustContain: msWMI-IntDefault
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPCCDCLCLODTRC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-UintSetParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-UnknownRangeParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-UnknownRangeParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.204
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-UnknownRangeParam
+adminDescription: ms-WMI-UnknownRangeParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-UnknownRangeParam
+schemaIDGUID:: a8IquNvGmECSxknBijM24Q==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMustContain: msWMI-TargetObject
+systemMustContain: msWMI-NormalizedClass
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-UnknownRangeParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-WMIGPO,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-WMIGPO
+subClassOf: top
+governsID: 1.2.840.113556.1.5.215
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-WMIGPO
+adminDescription: ms-WMI-WMIGPO
+objectClassCategory: 1
+lDAPDisplayName: msWMI-WMIGPO
+schemaIDGUID:: AABjBSc53k6/J8qR8nXCbw==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msWMI-Parm4
+systemMayContain: msWMI-Parm3
+systemMayContain: msWMI-Parm2
+systemMayContain: msWMI-Parm1
+systemMayContain: msWMI-intFlags4
+systemMayContain: msWMI-intFlags3
+systemMayContain: msWMI-intFlags2
+systemMayContain: msWMI-intFlags1
+systemMustContain: msWMI-TargetClass
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLO
+ CCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-WMIGPO,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Configuration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Configuration
+subClassOf: top
+governsID: 1.2.840.113556.1.5.162
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Configuration
+adminDescription: MSMQ-Configuration
+objectClassCategory: 1
+lDAPDisplayName: mSMQConfiguration
+schemaIDGUID:: RMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemMayContain: mSMQSites
+systemMayContain: mSMQSignKey
+systemMayContain: mSMQServiceType
+systemMayContain: mSMQRoutingServices
+systemMayContain: mSMQQuota
+systemMayContain: mSMQOwnerID
+systemMayContain: mSMQOutRoutingServers
+systemMayContain: mSMQOSType
+systemMayContain: mSMQJournalQuota
+systemMayContain: mSMQInRoutingServers
+systemMayContain: mSMQForeign
+systemMayContain: mSMQEncryptKey
+systemMayContain: mSMQDsServices
+systemMayContain: mSMQDependentClientServices
+systemMayContain: mSMQComputerTypeEx
+systemMayContain: mSMQComputerType
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Configuration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Custom-Recipient,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Custom-Recipient
+subClassOf: top
+governsID: 1.2.840.113556.1.5.218
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Custom-Recipient
+adminDescription: MSMQ-Custom-Recipient
+objectClassCategory: 1
+lDAPDisplayName: msMQ-Custom-Recipient
+schemaIDGUID:: F2hth8w1bEOs6l73F03Zvg==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemPossSuperiors: container
+systemMayContain: msMQ-Recipient-FormatName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Custom-Recipient,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Enterprise-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Enterprise-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.5.163
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Enterprise-Settings
+adminDescription: MSMQ-Enterprise-Settings
+objectClassCategory: 1
+lDAPDisplayName: mSMQEnterpriseSettings
+schemaIDGUID:: RcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: mSMQVersion
+systemMayContain: mSMQNameStyle
+systemMayContain: mSMQLongLived
+systemMayContain: mSMQInterval2
+systemMayContain: mSMQInterval1
+systemMayContain: mSMQCSPName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Enterprise-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Group
+subClassOf: top
+governsID: 1.2.840.113556.1.5.219
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Group
+adminDescription: MSMQ-Group
+objectClassCategory: 1
+lDAPDisplayName: msMQ-Group
+schemaIDGUID:: rHqyRvqq+0+3c+W/Yh7oew==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemMustContain: member
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Group,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Migrated-User,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Migrated-User
+subClassOf: top
+governsID: 1.2.840.113556.1.5.179
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Migrated-User
+adminDescription: MSMQ-Migrated-User
+objectClassCategory: 1
+lDAPDisplayName: mSMQMigratedUser
+schemaIDGUID:: l2l3UD080hGQzADAT9kasQ==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemPossSuperiors: builtinDomain
+systemMayContain: mSMQUserSid
+systemMayContain: mSMQSignCertificatesMig
+systemMayContain: mSMQSignCertificates
+systemMayContain: mSMQDigestsMig
+systemMayContain: mSMQDigests
+systemMayContain: objectSid
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Migrated-User,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Queue,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Queue
+subClassOf: top
+governsID: 1.2.840.113556.1.5.161
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Queue
+adminDescription: MSMQ-Queue
+objectClassCategory: 1
+lDAPDisplayName: mSMQQueue
+schemaIDGUID:: Q8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: mSMQConfiguration
+systemMayContain: mSMQTransactional
+systemMayContain: MSMQ-SecuredSource
+systemMayContain: mSMQQueueType
+systemMayContain: mSMQQueueQuota
+systemMayContain: mSMQQueueNameExt
+systemMayContain: mSMQQueueJournalQuota
+systemMayContain: mSMQPrivacyLevel
+systemMayContain: mSMQOwnerID
+systemMayContain: MSMQ-MulticastAddress
+systemMayContain: mSMQLabelEx
+systemMayContain: mSMQLabel
+systemMayContain: mSMQJournal
+systemMayContain: mSMQBasePriority
+systemMayContain: mSMQAuthenticate
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Queue,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.5.165
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Settings
+adminDescription: MSMQ-Settings
+objectClassCategory: 1
+lDAPDisplayName: mSMQSettings
+schemaIDGUID:: R8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: server
+systemMayContain: mSMQSiteNameEx
+systemMayContain: mSMQSiteName
+systemMayContain: mSMQServices
+systemMayContain: mSMQRoutingService
+systemMayContain: mSMQQMID
+systemMayContain: mSMQOwnerID
+systemMayContain: mSMQNt4Flags
+systemMayContain: mSMQMigrated
+systemMayContain: mSMQDsService
+systemMayContain: mSMQDependentClientService
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Site-Link
+subClassOf: top
+governsID: 1.2.840.113556.1.5.164
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-Link
+adminDescription: MSMQ-Site-Link
+objectClassCategory: 1
+lDAPDisplayName: mSMQSiteLink
+schemaIDGUID:: RsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: mSMQEnterpriseSettings
+systemMayContain: mSMQSiteGatesMig
+systemMayContain: mSMQSiteGates
+systemMustContain: mSMQSite2
+systemMustContain: mSMQSite1
+systemMustContain: mSMQCost
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Site-Link,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTDS-Connection,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTDS-Connection
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.71
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTDS-Connection
+adminDescription: NTDS-Connection
+objectClassCategory: 1
+lDAPDisplayName: nTDSConnection
+schemaIDGUID:: YFoZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: nTFRSMember
+systemPossSuperiors: nTFRSReplicaSet
+systemPossSuperiors: nTDSDSA
+systemMayContain: transportType
+systemMayContain: schedule
+systemMayContain: mS-DS-ReplicatesNCReason
+systemMayContain: generatedConnection
+systemMustContain: options
+systemMustContain: fromServer
+systemMustContain: enabledConnection
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTDS-Connection,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTDS-DSA-RO,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTDS-DSA-RO
+subClassOf: nTDSDSA
+governsID: 1.2.840.113556.1.5.254
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTDS-DSA-RO
+adminDescription: 
+ A subclass of Directory Service Agent which is distinguished by its reduced pr
+ ivilege level.
+objectClassCategory: 1
+lDAPDisplayName: nTDSDSARO
+schemaIDGUID:: wW7RhZEHyEuKs3CYBgL/jA==
+systemOnly: TRUE
+systemPossSuperiors: organization
+systemPossSuperiors: server
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTDS-DSA-RO,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTDS-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTDS-Service
+subClassOf: top
+governsID: 1.2.840.113556.1.5.72
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTDS-Service
+adminDescription: NTDS-Service
+objectClassCategory: 1
+lDAPDisplayName: nTDSService
+schemaIDGUID:: X1oZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msDS-DeletedObjectLifetime
+systemMayContain: tombstoneLifetime
+systemMayContain: sPNMappings
+systemMayContain: replTopologyStayOfExecution
+systemMayContain: msDS-Other-Settings
+systemMayContain: garbageCollPeriod
+systemMayContain: dSHeuristics
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTDS-Site-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTDS-Site-Settings
+subClassOf: applicationSiteSettings
+governsID: 1.2.840.113556.1.5.69
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTDS-Site-Settings
+adminDescription: NTDS-Site-Settings
+objectClassCategory: 1
+lDAPDisplayName: nTDSSiteSettings
+schemaIDGUID:: XVoZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: site
+systemMayContain: schedule
+systemMayContain: queryPolicyObject
+systemMayContain: options
+systemMayContain: msDS-Preferred-GC-Site
+systemMayContain: managedBy
+systemMayContain: interSiteTopologyRenew
+systemMayContain: interSiteTopologyGenerator
+systemMayContain: interSiteTopologyFailover
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTDS-Site-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTFRS-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTFRS-Member
+subClassOf: top
+governsID: 1.2.840.113556.1.5.153
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTFRS-Member
+adminDescription: NTFRS-Member
+objectClassCategory: 1
+lDAPDisplayName: nTFRSMember
+schemaIDGUID:: hiUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: nTFRSReplicaSet
+systemMayContain: serverReference
+systemMayContain: fRSUpdateTimeout
+systemMayContain: fRSServiceCommand
+systemMayContain: fRSRootSecurity
+systemMayContain: fRSPartnerAuthLevel
+systemMayContain: fRSFlags
+systemMayContain: fRSExtensions
+systemMayContain: fRSControlOutboundBacklog
+systemMayContain: fRSControlInboundBacklog
+systemMayContain: fRSControlDataCreation
+systemMayContain: frsComputerReference
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTFRS-Member,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTFRS-Replica-Set,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTFRS-Replica-Set
+subClassOf: top
+governsID: 1.2.840.113556.1.5.102
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTFRS-Replica-Set
+adminDescription: NTFRS-Replica-Set
+objectClassCategory: 1
+lDAPDisplayName: nTFRSReplicaSet
+schemaIDGUID:: OoBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: nTFRSSettings
+systemMayContain: schedule
+systemMayContain: msFRS-Topology-Pref
+systemMayContain: msFRS-Hub-Member
+systemMayContain: managedBy
+systemMayContain: fRSVersionGUID
+systemMayContain: fRSServiceCommand
+systemMayContain: fRSRootSecurity
+systemMayContain: fRSReplicaSetType
+systemMayContain: fRSReplicaSetGUID
+systemMayContain: fRSPrimaryMember
+systemMayContain: fRSPartnerAuthLevel
+systemMayContain: fRSLevelLimit
+systemMayContain: fRSFlags
+systemMayContain: fRSFileFilter
+systemMayContain: fRSExtensions
+systemMayContain: fRSDSPoll
+systemMayContain: fRSDirectoryFilter
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(OA;;CCDC;2a132586-9373-11d1
+ -aebc-0000f80367c1;;ED)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTFRS-Replica-Set,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTFRS-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTFRS-Settings
+subClassOf: applicationSettings
+governsID: 1.2.840.113556.1.5.89
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTFRS-Settings
+adminDescription: NTFRS-Settings
+objectClassCategory: 1
+lDAPDisplayName: nTFRSSettings
+schemaIDGUID:: wqyA9/BW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: nTFRSSettings
+systemPossSuperiors: container
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: organization
+systemMayContain: managedBy
+systemMayContain: fRSExtensions
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTFRS-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTFRS-Subscriber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTFRS-Subscriber
+subClassOf: top
+governsID: 1.2.840.113556.1.5.155
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTFRS-Subscriber
+adminDescription: NTFRS-Subscriber
+objectClassCategory: 1
+lDAPDisplayName: nTFRSSubscriber
+schemaIDGUID:: iCUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: nTFRSSubscriptions
+systemMayContain: schedule
+systemMayContain: fRSUpdateTimeout
+systemMayContain: fRSTimeLastConfigChange
+systemMayContain: fRSTimeLastCommand
+systemMayContain: fRSServiceCommandStatus
+systemMayContain: fRSServiceCommand
+systemMayContain: fRSMemberReference
+systemMayContain: fRSFlags
+systemMayContain: fRSFaultCondition
+systemMayContain: fRSExtensions
+systemMustContain: fRSStagingPath
+systemMustContain: fRSRootPath
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWO
+ WDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTFRS-Subscriber,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTFRS-Subscriptions,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTFRS-Subscriptions
+subClassOf: top
+governsID: 1.2.840.113556.1.5.154
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTFRS-Subscriptions
+adminDescription: NTFRS-Subscriptions
+objectClassCategory: 1
+lDAPDisplayName: nTFRSSubscriptions
+schemaIDGUID:: hyUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: user
+systemPossSuperiors: computer
+systemPossSuperiors: nTFRSSubscriptions
+systemMayContain: fRSWorkingPath
+systemMayContain: fRSVersion
+systemMayContain: fRSExtensions
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWO
+ WDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTFRS-Subscriptions,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Organizational-Person,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Organizational-Person
+subClassOf: person
+governsID: 2.5.6.7
+mayContain: msDS-HABSeniorityIndex
+mayContain: msDS-PhoneticDisplayName
+mayContain: msDS-PhoneticCompanyName
+mayContain: msDS-PhoneticDepartment
+mayContain: msDS-PhoneticLastName
+mayContain: msDS-PhoneticFirstName
+mayContain: houseIdentifier
+mayContain: msExchHouseIdentifier
+mayContain: homePostalAddress
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Organizational-Person
+adminDescription: Organizational-Person
+objectClassCategory: 0
+lDAPDisplayName: organizationalPerson
+schemaIDGUID:: pHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: organization
+systemPossSuperiors: container
+systemMayContain: x121Address
+systemMayContain: comment
+systemMayContain: title
+systemMayContain: co
+systemMayContain: primaryTelexNumber
+systemMayContain: telexNumber
+systemMayContain: teletexTerminalIdentifier
+systemMayContain: street
+systemMayContain: st
+systemMayContain: registeredAddress
+systemMayContain: preferredDeliveryMethod
+systemMayContain: postalCode
+systemMayContain: postalAddress
+systemMayContain: postOfficeBox
+systemMayContain: thumbnailPhoto
+systemMayContain: physicalDeliveryOfficeName
+systemMayContain: pager
+systemMayContain: otherPager
+systemMayContain: otherTelephone
+systemMayContain: mobile
+systemMayContain: otherMobile
+systemMayContain: primaryInternationalISDNNumber
+systemMayContain: ipPhone
+systemMayContain: otherIpPhone
+systemMayContain: otherHomePhone
+systemMayContain: homePhone
+systemMayContain: otherFacsimileTelephoneNumber
+systemMayContain: personalTitle
+systemMayContain: middleName
+systemMayContain: otherMailbox
+systemMayContain: ou
+systemMayContain: o
+systemMayContain: mhsORAddress
+systemMayContain: msDS-AllowedToDelegateTo
+systemMayContain: manager
+systemMayContain: thumbnailLogo
+systemMayContain: l
+systemMayContain: internationalISDNNumber
+systemMayContain: initials
+systemMayContain: givenName
+systemMayContain: generationQualifier
+systemMayContain: facsimileTelephoneNumber
+systemMayContain: employeeID
+systemMayContain: mail
+systemMayContain: division
+systemMayContain: destinationIndicator
+systemMayContain: department
+systemMayContain: c
+systemMayContain: countryCode
+systemMayContain: company
+systemMayContain: assistant
+systemMayContain: streetAddress
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Organizational-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Organizational-Role
+subClassOf: top
+governsID: 2.5.6.8
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Organizational-Role
+adminDescription: Organizational-Role
+objectClassCategory: 1
+lDAPDisplayName: organizationalRole
+schemaIDGUID:: v3TfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: organization
+systemPossSuperiors: container
+systemMayContain: x121Address
+systemMayContain: telexNumber
+systemMayContain: teletexTerminalIdentifier
+systemMayContain: telephoneNumber
+systemMayContain: street
+systemMayContain: st
+systemMayContain: seeAlso
+systemMayContain: roleOccupant
+systemMayContain: registeredAddress
+systemMayContain: preferredDeliveryMethod
+systemMayContain: postalCode
+systemMayContain: postalAddress
+systemMayContain: postOfficeBox
+systemMayContain: physicalDeliveryOfficeName
+systemMayContain: ou
+systemMayContain: l
+systemMayContain: internationalISDNNumber
+systemMayContain: facsimileTelephoneNumber
+systemMayContain: destinationIndicator
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Organizational-Role,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Organizational-Unit
+subClassOf: top
+governsID: 2.5.6.5
+rDNAttID: ou
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Organizational-Unit
+adminDescription: Organizational-Unit
+objectClassCategory: 1
+lDAPDisplayName: organizationalUnit
+schemaIDGUID:: pXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: country
+systemPossSuperiors: organization
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: x121Address
+systemMayContain: userPassword
+systemMayContain: uPNSuffixes
+systemMayContain: co
+systemMayContain: telexNumber
+systemMayContain: teletexTerminalIdentifier
+systemMayContain: telephoneNumber
+systemMayContain: street
+systemMayContain: st
+systemMayContain: seeAlso
+systemMayContain: searchGuide
+systemMayContain: registeredAddress
+systemMayContain: preferredDeliveryMethod
+systemMayContain: postalCode
+systemMayContain: postalAddress
+systemMayContain: postOfficeBox
+systemMayContain: physicalDeliveryOfficeName
+systemMayContain: msCOM-UserPartitionSetLink
+systemMayContain: managedBy
+systemMayContain: thumbnailLogo
+systemMayContain: l
+systemMayContain: internationalISDNNumber
+systemMayContain: gPOptions
+systemMayContain: gPLink
+systemMayContain: facsimileTelephoneNumber
+systemMayContain: destinationIndicator
+systemMayContain: desktopProfile
+systemMayContain: defaultGroup
+systemMayContain: countryCode
+systemMayContain: c
+systemMayContain: businessCategory
+systemMustContain: ou
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(OA;
+ ;CCDC;bf967a86-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aba-0de6-11d0-a2
+ 85-00aa003049e2;;AO)(OA;;CCDC;bf967a9c-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CC
+ DC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;E
+ D)(OA;;CCDC;4828CC14-1437-45bc-9B07-AD6F015E5F28;;AO)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Package-Registration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Package-Registration
+subClassOf: top
+governsID: 1.2.840.113556.1.5.49
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Package-Registration
+adminDescription: Package-Registration
+objectClassCategory: 1
+lDAPDisplayName: packageRegistration
+schemaIDGUID:: pnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: classStore
+systemMayContain: versionNumberLo
+systemMayContain: versionNumberHi
+systemMayContain: vendor
+systemMayContain: upgradeProductCode
+systemMayContain: setupCommand
+systemMayContain: productCode
+systemMayContain: packageType
+systemMayContain: packageName
+systemMayContain: packageFlags
+systemMayContain: msiScriptSize
+systemMayContain: msiScriptPath
+systemMayContain: msiScriptName
+systemMayContain: msiScript
+systemMayContain: msiFileList
+systemMayContain: managedBy
+systemMayContain: machineArchitecture
+systemMayContain: localeID
+systemMayContain: lastUpdateSequence
+systemMayContain: installUiLevel
+systemMayContain: iconPath
+systemMayContain: fileExtPriority
+systemMayContain: cOMTypelibId
+systemMayContain: cOMProgID
+systemMayContain: cOMInterfaceID
+systemMayContain: cOMClassID
+systemMayContain: categories
+systemMayContain: canUpgradeScript
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Package-Registration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Physical-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Physical-Location
+subClassOf: locality
+governsID: 1.2.840.113556.1.5.97
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Physical-Location
+adminDescription: Physical-Location
+objectClassCategory: 1
+lDAPDisplayName: physicalLocation
+schemaIDGUID:: IjGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: physicalLocation
+systemPossSuperiors: configuration
+systemMayContain: managedBy
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Physical-Location,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Certificate-Template,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: PKI-Certificate-Template
+subClassOf: top
+governsID: 1.2.840.113556.1.5.177
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Certificate-Template
+adminDescription: PKI-Certificate-Template
+objectClassCategory: 1
+lDAPDisplayName: pKICertificateTemplate
+schemaIDGUID:: opwg5bo70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: pKIOverlapPeriod
+systemMayContain: pKIMaxIssuingDepth
+systemMayContain: pKIKeyUsage
+systemMayContain: pKIExtendedKeyUsage
+systemMayContain: pKIExpirationPeriod
+systemMayContain: pKIEnrollmentAccess
+systemMayContain: pKIDefaultCSPs
+systemMayContain: pKIDefaultKeySpec
+systemMayContain: pKICriticalExtensions
+systemMayContain: msPKI-RA-Signature
+systemMayContain: msPKI-RA-Policies
+systemMayContain: msPKI-RA-Application-Policies
+systemMayContain: msPKI-Template-Schema-Version
+systemMayContain: msPKI-Template-Minor-Revision
+systemMayContain: msPKI-Supersede-Templates
+systemMayContain: msPKI-Private-Key-Flag
+systemMayContain: msPKI-Minimal-Key-Size
+systemMayContain: msPKI-Enrollment-Flag
+systemMayContain: msPKI-Certificate-Policy
+systemMayContain: msPKI-Certificate-Name-Flag
+systemMayContain: msPKI-Certificate-Application-Policy
+systemMayContain: msPKI-Cert-Template-OID
+systemMayContain: flags
+systemMayContain: displayName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=PKI-Certificate-Template,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Enrollment-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: PKI-Enrollment-Service
+subClassOf: top
+governsID: 1.2.840.113556.1.5.178
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Enrollment-Service
+adminDescription: PKI-Enrollment-Service
+objectClassCategory: 1
+lDAPDisplayName: pKIEnrollmentService
+schemaIDGUID:: kqZK7ro70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msPKI-Site-Name
+systemMayContain: msPKI-Enrollment-Servers
+systemMayContain: signatureAlgorithms
+systemMayContain: enrollmentProviders
+systemMayContain: dNSHostName
+systemMayContain: certificateTemplates
+systemMayContain: cACertificateDN
+systemMayContain: cACertificate
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=PKI-Enrollment-Service,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Private-Key-Recovery-Agent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-PKI-Private-Key-Recovery-Agent
+subClassOf: top
+governsID: 1.2.840.113556.1.5.223
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Private-Key-Recovery-Agent
+adminDescription: ms-PKI-Private-Key-Recovery-Agent
+objectClassCategory: 1
+lDAPDisplayName: msPKI-PrivateKeyRecoveryAgent
+schemaIDGUID:: MqZiFblEfkqi0+QmyWo6zA==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMustContain: userCertificate
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-PKI-Private-Key-Recovery-Agent,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Queue,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Print-Queue
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.23
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Queue
+adminDescription: Print-Queue
+objectClassCategory: 1
+lDAPDisplayName: printQueue
+schemaIDGUID:: qHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemMayContain: priority
+systemMayContain: printStatus
+systemMayContain: printStartTime
+systemMayContain: printStaplingSupported
+systemMayContain: printSpooling
+systemMayContain: printShareName
+systemMayContain: printSeparatorFile
+systemMayContain: printRateUnit
+systemMayContain: printRate
+systemMayContain: printPagesPerMinute
+systemMayContain: printOwner
+systemMayContain: printOrientationsSupported
+systemMayContain: printNumberUp
+systemMayContain: printNotify
+systemMayContain: printNetworkAddress
+systemMayContain: printMinYExtent
+systemMayContain: printMinXExtent
+systemMayContain: printMemory
+systemMayContain: printMediaSupported
+systemMayContain: printMediaReady
+systemMayContain: printMaxYExtent
+systemMayContain: printMaxXExtent
+systemMayContain: printMaxResolutionSupported
+systemMayContain: printMaxCopies
+systemMayContain: printMACAddress
+systemMayContain: printLanguage
+systemMayContain: printKeepPrintedJobs
+systemMayContain: printFormName
+systemMayContain: printEndTime
+systemMayContain: printDuplexSupported
+systemMayContain: printColor
+systemMayContain: printCollate
+systemMayContain: printBinNames
+systemMayContain: printAttributes
+systemMayContain: portName
+systemMayContain: physicalLocationObject
+systemMayContain: operatingSystemVersion
+systemMayContain: operatingSystemServicePack
+systemMayContain: operatingSystemHotfix
+systemMayContain: operatingSystem
+systemMayContain: location
+systemMayContain: driverVersion
+systemMayContain: driverName
+systemMayContain: defaultPriority
+systemMayContain: bytesPerMinute
+systemMayContain: assetNumber
+systemMustContain: versionNumber
+systemMustContain: uNCName
+systemMustContain: shortServerName
+systemMustContain: serverName
+systemMustContain: printerName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;PO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLO
+ RC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Print-Queue,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Query-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Query-Policy
+subClassOf: top
+governsID: 1.2.840.113556.1.5.106
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Query-Policy
+adminDescription: Query-Policy
+objectClassCategory: 1
+lDAPDisplayName: queryPolicy
+schemaIDGUID:: dXDMg6fM0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: lDAPIPDenyList
+systemMayContain: lDAPAdminLimits
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Query-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Mail-Recipient,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Remote-Mail-Recipient
+subClassOf: top
+governsID: 1.2.840.113556.1.5.24
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Remote-Mail-Recipient
+adminDescription: Remote-Mail-Recipient
+objectClassCategory: 1
+lDAPDisplayName: remoteMailRecipient
+schemaIDGUID:: qXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: remoteSourceType
+systemMayContain: remoteSource
+systemMayContain: managedBy
+systemAuxiliaryClass: mailRecipient
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(OA;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Remote-Mail-Recipient,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Storage-Service-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Remote-Storage-Service-Point
+subClassOf: serviceAdministrationPoint
+governsID: 1.2.840.113556.1.5.146
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Remote-Storage-Service-Point
+adminDescription: Remote-Storage-Service-Point
+objectClassCategory: 1
+lDAPDisplayName: remoteStorageServicePoint
+schemaIDGUID:: vcU5KmCJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemMayContain: remoteStorageGUID
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Remote-Storage-Service-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Residential-Person,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Residential-Person
+subClassOf: person
+governsID: 2.5.6.10
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Residential-Person
+adminDescription: Residential-Person
+objectClassCategory: 1
+lDAPDisplayName: residentialPerson
+schemaIDGUID:: 1nTfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: locality
+systemPossSuperiors: container
+systemMayContain: x121Address
+systemMayContain: title
+systemMayContain: telexNumber
+systemMayContain: teletexTerminalIdentifier
+systemMayContain: street
+systemMayContain: st
+systemMayContain: registeredAddress
+systemMayContain: preferredDeliveryMethod
+systemMayContain: postalCode
+systemMayContain: postalAddress
+systemMayContain: postOfficeBox
+systemMayContain: physicalDeliveryOfficeName
+systemMayContain: ou
+systemMayContain: l
+systemMayContain: internationalISDNNumber
+systemMayContain: facsimileTelephoneNumber
+systemMayContain: destinationIndicator
+systemMayContain: businessCategory
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Residential-Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rFC822LocalPart,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rFC822LocalPart
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: domain
+governsID: 0.9.2342.19200300.100.4.14
+mayContain: x121Address
+mayContain: telexNumber
+mayContain: teletexTerminalIdentifier
+mayContain: telephoneNumber
+mayContain: street
+mayContain: sn
+mayContain: seeAlso
+mayContain: registeredAddress
+mayContain: preferredDeliveryMethod
+mayContain: postOfficeBox
+mayContain: postalCode
+mayContain: postalAddress
+mayContain: physicalDeliveryOfficeName
+mayContain: internationalISDNNumber
+mayContain: facsimileTelephoneNumber
+mayContain: destinationIndicator
+mayContain: description
+mayContain: cn
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rFC822LocalPart
+adminDescription: 
+ The rFC822LocalPart object class is used to define entries which represent the
+  local part of mail addresses.
+objectClassCategory: 1
+lDAPDisplayName: rFC822LocalPart
+schemaIDGUID:: eDo+ua7LXkige170rlBWhg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rFC822LocalPart,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Manager,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: RID-Manager
+subClassOf: top
+governsID: 1.2.840.113556.1.5.83
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Manager
+adminDescription: RID-Manager
+objectClassCategory: 1
+lDAPDisplayName: rIDManager
+schemaIDGUID:: jRgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: TRUE
+systemPossSuperiors: container
+systemMustContain: rIDAvailablePool
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)S:(AU;SA;CRWP;;;WD)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=RID-Manager,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Set,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: RID-Set
+subClassOf: top
+governsID: 1.2.840.113556.1.5.129
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Set
+adminDescription: RID-Set
+objectClassCategory: 1
+lDAPDisplayName: rIDSet
+schemaIDGUID:: icv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: TRUE
+systemPossSuperiors: user
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemMustContain: rIDUsedPool
+systemMustContain: rIDPreviousAllocationPool
+systemMustContain: rIDNextRID
+systemMustContain: rIDAllocationPool
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=RID-Set,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=room,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: room
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 0.9.2342.19200300.100.4.7
+mustContain: cn
+mayContain: location
+mayContain: telephoneNumber
+mayContain: seeAlso
+mayContain: description
+mayContain: roomNumber
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: room
+adminDescription: 
+ The room object class is used to define entries representing rooms.
+objectClassCategory: 1
+lDAPDisplayName: room
+schemaIDGUID:: 0uVgeLDIu0y9RdlFW+uSBg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=room,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Rpc-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Rpc-Container
+subClassOf: container
+governsID: 1.2.840.113556.1.5.136
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Rpc-Container
+adminDescription: Rpc-Container
+objectClassCategory: 1
+lDAPDisplayName: rpcContainer
+schemaIDGUID:: QighgNxL0RGpxAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: nameServiceFlags
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Rpc-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rpc-Entry
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.27
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Entry
+adminDescription: rpc-Entry
+objectClassCategory: 2
+lDAPDisplayName: rpcEntry
+schemaIDGUID:: rHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rpc-Entry,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rpc-Group
+subClassOf: rpcEntry
+governsID: 1.2.840.113556.1.5.80
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Group
+adminDescription: rpc-Group
+objectClassCategory: 1
+lDAPDisplayName: rpcGroup
+schemaIDGUID:: 3xthiPSM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: rpcNsObjectID
+systemMayContain: rpcNsGroup
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rpc-Group,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Profile,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rpc-Profile
+subClassOf: rpcEntry
+governsID: 1.2.840.113556.1.5.82
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Profile
+adminDescription: rpc-Profile
+objectClassCategory: 1
+lDAPDisplayName: rpcProfile
+schemaIDGUID:: 4RthiPSM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rpc-Profile,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Profile-Element,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rpc-Profile-Element
+subClassOf: rpcEntry
+governsID: 1.2.840.113556.1.5.26
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Profile-Element
+adminDescription: rpc-Profile-Element
+objectClassCategory: 1
+lDAPDisplayName: rpcProfileElement
+schemaIDGUID:: z1OW8tB60BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: rpcProfile
+systemMayContain: rpcNsProfileEntry
+systemMayContain: rpcNsAnnotation
+systemMustContain: rpcNsPriority
+systemMustContain: rpcNsInterfaceID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rpc-Profile-Element,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rpc-Server
+subClassOf: rpcEntry
+governsID: 1.2.840.113556.1.5.81
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Server
+adminDescription: rpc-Server
+objectClassCategory: 1
+lDAPDisplayName: rpcServer
+schemaIDGUID:: 4BthiPSM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: rpcNsObjectID
+systemMayContain: rpcNsEntryFlags
+systemMayContain: rpcNsCodeset
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rpc-Server,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Server-Element,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rpc-Server-Element
+subClassOf: rpcEntry
+governsID: 1.2.840.113556.1.5.73
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Server-Element
+adminDescription: rpc-Server-Element
+objectClassCategory: 1
+lDAPDisplayName: rpcServerElement
+schemaIDGUID:: 0FOW8tB60BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: rpcServer
+systemMustContain: rpcNsTransferSyntax
+systemMustContain: rpcNsInterfaceID
+systemMustContain: rpcNsBindings
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rpc-Server-Element,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RRAS-Administration-Connection-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: RRAS-Administration-Connection-Point
+subClassOf: serviceAdministrationPoint
+governsID: 1.2.840.113556.1.5.150
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RRAS-Administration-Connection-Point
+adminDescription: RRAS-Administration-Connection-Point
+objectClassCategory: 1
+lDAPDisplayName: rRASAdministrationConnectionPoint
+schemaIDGUID:: vsU5KmCJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemMayContain: msRRASAttribute
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=RRAS-Administration-Connection-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RRAS-Administration-Dictionary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: RRAS-Administration-Dictionary
+subClassOf: top
+governsID: 1.2.840.113556.1.5.156
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RRAS-Administration-Dictionary
+adminDescription: RRAS-Administration-Dictionary
+objectClassCategory: 1
+lDAPDisplayName: rRASAdministrationDictionary
+schemaIDGUID:: rpib842T0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msRRASVendorAttributeEntry
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWO
+ WDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=RRAS-Administration-Dictionary,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sam-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Sam-Domain
+subClassOf: top
+governsID: 1.2.840.113556.1.5.3
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sam-Domain
+adminDescription: Sam-Domain
+objectClassCategory: 3
+lDAPDisplayName: samDomain
+schemaIDGUID:: kHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemMayContain: treeName
+systemMayContain: rIDManagerReference
+systemMayContain: replicaSource
+systemMayContain: pwdProperties
+systemMayContain: pwdHistoryLength
+systemMayContain: privateKey
+systemMayContain: pekList
+systemMayContain: pekKeyChangeInterval
+systemMayContain: nTMixedDomain
+systemMayContain: nextRid
+systemMayContain: nETBIOSName
+systemMayContain: msDS-PerUserTrustTombstonesQuota
+systemMayContain: msDS-PerUserTrustQuota
+systemMayContain: ms-DS-MachineAccountQuota
+systemMayContain: msDS-LogonTimeSyncInterval
+systemMayContain: msDS-AllUsersTrustQuota
+systemMayContain: modifiedCountAtLastProm
+systemMayContain: minPwdLength
+systemMayContain: minPwdAge
+systemMayContain: maxPwdAge
+systemMayContain: lSAModifiedCount
+systemMayContain: lSACreationTime
+systemMayContain: lockoutThreshold
+systemMayContain: lockoutDuration
+systemMayContain: lockOutObservationWindow
+systemMayContain: gPOptions
+systemMayContain: gPLink
+systemMayContain: eFSPolicy
+systemMayContain: domainPolicyObject
+systemMayContain: desktopProfile
+systemMayContain: description
+systemMayContain: defaultLocalPolicyObject
+systemMayContain: creationTime
+systemMayContain: controlAccessRights
+systemMayContain: cACertificate
+systemMayContain: builtinModifiedCount
+systemMayContain: builtinCreationTime
+systemMayContain: auditingPolicy
+systemAuxiliaryClass: samDomainBase
+defaultSecurityDescriptor: 
+ D:(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;S-1-5-21-3826996545-2955106365
+ -1559736734-498)(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(
+ OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79
+ f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;11
+ 31f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc
+ 2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRC
+ WDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSD
+ DTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967
+ aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc
+ 2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9
+ 020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-
+ 20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;R
+ P;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU
+ )(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-
+ 0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-
+ 11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b42
+ 2-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79
+ a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;
+ bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(
+ OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F01
+ 5E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-
+ 9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;R
+ U)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-
+ ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967ab
+ a-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f
+ 608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854
+ e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;;CR;1131f6ad-9c07-1
+ 1d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)(OA
+ ;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;89e95b76-444d-4c62-991a-
+ 0facbeda640c;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5-32-557)(O
+ A;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846
+ -c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)(OA;;CR;113
+ 1f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2
+ dcd2;;BA)(OA;CIIO;CRRPWP;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)S:(AU;SA;WDW
+ OWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-000
+ 0f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11
+ d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Sam-Domain,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sam-Domain-Base,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Sam-Domain-Base
+subClassOf: top
+governsID: 1.2.840.113556.1.5.2
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sam-Domain-Base
+adminDescription: Sam-Domain-Base
+objectClassCategory: 3
+lDAPDisplayName: samDomainBase
+schemaIDGUID:: kXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemMayContain: uASCompat
+systemMayContain: serverState
+systemMayContain: serverRole
+systemMayContain: revision
+systemMayContain: pwdProperties
+systemMayContain: pwdHistoryLength
+systemMayContain: oEMInformation
+systemMayContain: objectSid
+systemMayContain: nTSecurityDescriptor
+systemMayContain: nextRid
+systemMayContain: modifiedCountAtLastProm
+systemMayContain: modifiedCount
+systemMayContain: minPwdLength
+systemMayContain: minPwdAge
+systemMayContain: maxPwdAge
+systemMayContain: lockoutThreshold
+systemMayContain: lockoutDuration
+systemMayContain: lockOutObservationWindow
+systemMayContain: forceLogoff
+systemMayContain: domainReplica
+systemMayContain: creationTime
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Sam-Domain-Base,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sam-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Sam-Server
+subClassOf: securityObject
+governsID: 1.2.840.113556.1.5.5
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sam-Server
+adminDescription: Sam-Server
+objectClassCategory: 1
+lDAPDisplayName: samServer
+schemaIDGUID:: rXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemMayContain: samDomainUpdates
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPLCLORC;;;RU)(OA;;CR;91d67418-0135-4acc-8d79-c08e857cfbec;;
+ AU)(OA;;CR;91d67418-0135-4acc-8d79-c08e857cfbec;;RU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Sam-Server,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Secret,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Secret
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.28
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Secret
+adminDescription: Secret
+objectClassCategory: 1
+lDAPDisplayName: secret
+schemaIDGUID:: rnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: priorValue
+systemMayContain: priorSetTime
+systemMayContain: lastSetTime
+systemMayContain: currentValue
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Secret,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Security-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Security-Object
+subClassOf: top
+governsID: 1.2.840.113556.1.5.1
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Security-Object
+adminDescription: Security-Object
+objectClassCategory: 2
+lDAPDisplayName: securityObject
+schemaIDGUID:: r3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Security-Object,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Security-Principal,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Security-Principal
+subClassOf: top
+governsID: 1.2.840.113556.1.5.6
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Security-Principal
+adminDescription: Security-Principal
+objectClassCategory: 3
+lDAPDisplayName: securityPrincipal
+schemaIDGUID:: sHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemMayContain: supplementalCredentials
+systemMayContain: sIDHistory
+systemMayContain: securityIdentifier
+systemMayContain: sAMAccountType
+systemMayContain: rid
+systemMayContain: tokenGroupsNoGCAcceptable
+systemMayContain: tokenGroupsGlobalAndUniversal
+systemMayContain: tokenGroups
+systemMayContain: nTSecurityDescriptor
+systemMayContain: msDS-KeyVersionNumber
+systemMayContain: altSecurityIdentities
+systemMayContain: accountNameHistory
+systemMustContain: sAMAccountName
+systemMustContain: objectSid
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Security-Principal,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Server
+subClassOf: top
+governsID: 1.2.840.113556.1.5.17
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Server
+adminDescription: Server
+objectClassCategory: 1
+lDAPDisplayName: server
+schemaIDGUID:: knqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: serversContainer
+systemMayContain: msDS-IsUserCachableAtRodc
+systemMayContain: msDS-SiteName
+systemMayContain: msDS-isRODC
+systemMayContain: msDS-isGC
+systemMayContain: mailAddress
+systemMayContain: serverReference
+systemMayContain: serialNumber
+systemMayContain: managedBy
+systemMayContain: dNSHostName
+systemMayContain: bridgeheadTransportList
+defaultSecurityDescriptor: 
+ D:(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A
+ ;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Server,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Servers-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Servers-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.7000.48
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Servers-Container
+adminDescription: Servers-Container
+objectClassCategory: 1
+lDAPDisplayName: serversContainer
+schemaIDGUID:: wKyA9/BW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: site
+defaultSecurityDescriptor: 
+ D:(A;;CC;;;BA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Servers-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Administration-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Service-Administration-Point
+subClassOf: serviceConnectionPoint
+governsID: 1.2.840.113556.1.5.94
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Administration-Point
+adminDescription: Service-Administration-Point
+objectClassCategory: 1
+lDAPDisplayName: serviceAdministrationPoint
+schemaIDGUID:: IzGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: computer
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Service-Administration-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Service-Class
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.29
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Class
+adminDescription: Service-Class
+objectClassCategory: 1
+lDAPDisplayName: serviceClass
+schemaIDGUID:: sXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: serviceClassInfo
+systemMustContain: serviceClassID
+systemMustContain: displayName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Service-Class,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Connection-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Service-Connection-Point
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.126
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Connection-Point
+adminDescription: Service-Connection-Point
+objectClassCategory: 1
+lDAPDisplayName: serviceConnectionPoint
+schemaIDGUID:: wQ5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemMayContain: versionNumberLo
+systemMayContain: versionNumberHi
+systemMayContain: versionNumber
+systemMayContain: vendor
+systemMayContain: serviceDNSNameType
+systemMayContain: serviceDNSName
+systemMayContain: serviceClassName
+systemMayContain: serviceBindingInformation
+systemMayContain: appSchemaVersion
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Service-Connection-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Instance,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Service-Instance
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.30
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Instance
+adminDescription: Service-Instance
+objectClassCategory: 1
+lDAPDisplayName: serviceInstance
+schemaIDGUID:: snqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: winsockAddresses
+systemMayContain: serviceInstanceVersion
+systemMustContain: serviceClassID
+systemMustContain: displayName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Service-Instance,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=simpleSecurityObject,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: simpleSecurityObject
+subClassOf: top
+governsID: 0.9.2342.19200300.100.4.19
+mayContain: userPassword
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: simpleSecurityObject
+adminDescription: 
+ The simpleSecurityObject object class is used to allow an entry to have a user
+ Password attribute when an entry's principal object classes do not allow userP
+ assword as an attribute type.
+objectClassCategory: 3
+lDAPDisplayName: simpleSecurityObject
+schemaIDGUID:: C5vmX0bhFU+wq8Hl1IjglA==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=simpleSecurityObject,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Site
+subClassOf: top
+governsID: 1.2.840.113556.1.5.31
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site
+adminDescription: Site
+objectClassCategory: 1
+lDAPDisplayName: site
+schemaIDGUID:: s3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: sitesContainer
+systemMayContain: msDS-BridgeHeadServersUsed
+systemMayContain: notificationList
+systemMayContain: mSMQSiteID
+systemMayContain: mSMQSiteForeign
+systemMayContain: mSMQNt4Stub
+systemMayContain: mSMQInterval2
+systemMayContain: mSMQInterval1
+systemMayContain: managedBy
+systemMayContain: location
+systemMayContain: gPOptions
+systemMayContain: gPLink
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;ED)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Site,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Site-Link
+subClassOf: top
+governsID: 1.2.840.113556.1.5.147
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-Link
+adminDescription: Site-Link
+objectClassCategory: 1
+lDAPDisplayName: siteLink
+schemaIDGUID:: 3iwM1VGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: interSiteTransport
+systemMayContain: schedule
+systemMayContain: replInterval
+systemMayContain: options
+systemMayContain: cost
+systemMustContain: siteList
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Site-Link,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Link-Bridge,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Site-Link-Bridge
+subClassOf: top
+governsID: 1.2.840.113556.1.5.148
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-Link-Bridge
+adminDescription: Site-Link-Bridge
+objectClassCategory: 1
+lDAPDisplayName: siteLinkBridge
+schemaIDGUID:: 3ywM1VGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: interSiteTransport
+systemMustContain: siteLinkList
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Site-Link-Bridge,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sites-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Sites-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.107
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sites-Container
+adminDescription: Sites-Container
+objectClassCategory: 1
+lDAPDisplayName: sitesContainer
+schemaIDGUID:: 2hdBemfN0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: configuration
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Storage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Storage
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.33
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Storage
+adminDescription: Storage
+objectClassCategory: 1
+lDAPDisplayName: storage
+schemaIDGUID:: tXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: monikerDisplayName
+systemMayContain: moniker
+systemMayContain: iconPath
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Storage,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Subnet,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Subnet
+subClassOf: top
+governsID: 1.2.840.113556.1.5.96
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Subnet
+adminDescription: Subnet
+objectClassCategory: 1
+lDAPDisplayName: subnet
+schemaIDGUID:: JDGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: subnetContainer
+systemMayContain: siteObject
+systemMayContain: physicalLocationObject
+systemMayContain: location
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Subnet,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Subnet-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Subnet-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.95
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Subnet-Container
+adminDescription: Subnet-Container
+objectClassCategory: 1
+lDAPDisplayName: subnetContainer
+schemaIDGUID:: JTGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: sitesContainer
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLC
+ LORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Subnet-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Top
+subClassOf: top
+governsID: 2.5.6.0
+mayContain: msSFU30PosixMemberOf
+mayContain: msDFSR-ComputerReferenceBL
+mayContain: msDFSR-MemberReferenceBL
+mayContain: msDS-ObjectReferenceBL
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Top
+adminDescription: Top
+objectClassCategory: 2
+lDAPDisplayName: top
+schemaIDGUID:: t3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemPossSuperiors: lostAndFound
+systemMayContain: msDS-EnabledFeatureBL
+systemMayContain: msDS-LastKnownRDN
+systemMayContain: msDS-HostServiceAccountBL
+systemMayContain: msDS-OIDToGroupLinkBl
+systemMayContain: msDS-LocalEffectiveRecycleTime
+systemMayContain: msDS-LocalEffectiveDeletionTime
+systemMayContain: msDS-PSOApplied
+systemMayContain: msDS-NcType
+systemMayContain: msDS-PrincipalName
+systemMayContain: msDS-RevealedListBL
+systemMayContain: msDS-NC-RO-Replica-Locations-BL
+systemMayContain: msDS-AuthenticatedToAccountlist
+systemMayContain: msDS-IsPartialReplicaFor
+systemMayContain: msDS-IsDomainFor
+systemMayContain: msDS-IsFullReplicaFor
+systemMayContain: msDS-RevealedDSAs
+systemMayContain: msDS-KrbTgtLinkBl
+systemMayContain: url
+systemMayContain: wWWHomePage
+systemMayContain: whenCreated
+systemMayContain: whenChanged
+systemMayContain: wellKnownObjects
+systemMayContain: wbemPath
+systemMayContain: uSNSource
+systemMayContain: uSNLastObjRem
+systemMayContain: USNIntersite
+systemMayContain: uSNDSALastObjRemoved
+systemMayContain: uSNCreated
+systemMayContain: uSNChanged
+systemMayContain: systemFlags
+systemMayContain: subSchemaSubEntry
+systemMayContain: subRefs
+systemMayContain: structuralObjectClass
+systemMayContain: siteObjectBL
+systemMayContain: serverReferenceBL
+systemMayContain: sDRightsEffective
+systemMayContain: revision
+systemMayContain: repsTo
+systemMayContain: repsFrom
+systemMayContain: directReports
+systemMayContain: replUpToDateVector
+systemMayContain: replPropertyMetaData
+systemMayContain: name
+systemMayContain: queryPolicyBL
+systemMayContain: proxyAddresses
+systemMayContain: proxiedObjectName
+systemMayContain: possibleInferiors
+systemMayContain: partialAttributeSet
+systemMayContain: partialAttributeDeletionList
+systemMayContain: otherWellKnownObjects
+systemMayContain: objectVersion
+systemMayContain: objectGUID
+systemMayContain: distinguishedName
+systemMayContain: nonSecurityMemberBL
+systemMayContain: netbootSCPBL
+systemMayContain: ownerBL
+systemMayContain: msDS-ReplValueMetaData
+systemMayContain: msDS-ReplAttributeMetaData
+systemMayContain: msDS-NonMembersBL
+systemMayContain: msDS-NCReplOutboundNeighbors
+systemMayContain: msDS-NCReplInboundNeighbors
+systemMayContain: msDS-NCReplCursors
+systemMayContain: msDS-TasksForAzRoleBL
+systemMayContain: msDS-TasksForAzTaskBL
+systemMayContain: msDS-OperationsForAzRoleBL
+systemMayContain: msDS-OperationsForAzTaskBL
+systemMayContain: msDS-MembersForAzRoleBL
+systemMayContain: msDs-masteredBy
+systemMayContain: mS-DS-ConsistencyGuid
+systemMayContain: mS-DS-ConsistencyChildCount
+systemMayContain: msDS-Approx-Immed-Subordinates
+systemMayContain: msCOM-PartitionSetLink
+systemMayContain: msCOM-UserLink
+systemMayContain: modifyTimeStamp
+systemMayContain: masteredBy
+systemMayContain: managedObjects
+systemMayContain: lastKnownParent
+systemMayContain: isPrivilegeHolder
+systemMayContain: memberOf
+systemMayContain: isRecycled
+systemMayContain: isDeleted
+systemMayContain: isCriticalSystemObject
+systemMayContain: showInAdvancedViewOnly
+systemMayContain: fSMORoleOwner
+systemMayContain: fRSMemberReferenceBL
+systemMayContain: frsComputerReferenceBL
+systemMayContain: fromEntry
+systemMayContain: flags
+systemMayContain: extensionName
+systemMayContain: dSASignature
+systemMayContain: dSCorePropagationData
+systemMayContain: displayNamePrintable
+systemMayContain: displayName
+systemMayContain: description
+systemMayContain: createTimeStamp
+systemMayContain: cn
+systemMayContain: canonicalName
+systemMayContain: bridgeheadServerListBL
+systemMayContain: allowedChildClassesEffective
+systemMayContain: allowedChildClasses
+systemMayContain: allowedAttributesEffective
+systemMayContain: allowedAttributes
+systemMayContain: adminDisplayName
+systemMayContain: adminDescription
+systemMustContain: objectClass
+systemMustContain: objectCategory
+systemMustContain: nTSecurityDescriptor
+systemMustContain: instanceType
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Top,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trusted-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Trusted-Domain
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.34
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trusted-Domain
+adminDescription: Trusted-Domain
+objectClassCategory: 1
+lDAPDisplayName: trustedDomain
+schemaIDGUID:: uHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: trustType
+systemMayContain: trustPosixOffset
+systemMayContain: trustPartner
+systemMayContain: trustDirection
+systemMayContain: trustAuthOutgoing
+systemMayContain: trustAuthIncoming
+systemMayContain: trustAttributes
+systemMayContain: securityIdentifier
+systemMayContain: msDS-SupportedEncryptionTypes
+systemMayContain: msDS-TrustForestTrustInfo
+systemMayContain: mS-DS-CreatorSID
+systemMayContain: initialAuthOutgoing
+systemMayContain: initialAuthIncoming
+systemMayContain: flatName
+systemMayContain: domainIdentifier
+systemMayContain: domainCrossRef
+systemMayContain: additionalTrustedServiceNames
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(OA;;WP;736e4812-af31-11d2-b7df-00805f48caeb;bf967ab8-0de6-11d0-
+ a285-00aa003049e2;CO)(A;;SD;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Trusted-Domain,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Type-Library,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Type-Library
+subClassOf: top
+governsID: 1.2.840.113556.1.5.53
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Type-Library
+adminDescription: Type-Library
+objectClassCategory: 1
+lDAPDisplayName: typeLibrary
+schemaIDGUID:: 4hYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: classStore
+systemMayContain: cOMUniqueLIBID
+systemMayContain: cOMInterfaceID
+systemMayContain: cOMClassID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Type-Library,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: User
+subClassOf: organizationalPerson
+governsID: 1.2.840.113556.1.5.9
+mayContain: msDS-SourceObjectDN
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: x500uniqueIdentifier
+mayContain: userSMIMECertificate
+mayContain: userPKCS12
+mayContain: uid
+mayContain: secretary
+mayContain: roomNumber
+mayContain: preferredLanguage
+mayContain: photo
+mayContain: labeledURI
+mayContain: jpegPhoto
+mayContain: homePostalAddress
+mayContain: givenName
+mayContain: employeeType
+mayContain: employeeNumber
+mayContain: displayName
+mayContain: departmentNumber
+mayContain: carLicense
+mayContain: audio
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User
+adminDescription: User
+auxiliaryClass: shadowAccount
+auxiliaryClass: posixAccount
+objectClassCategory: 1
+lDAPDisplayName: user
+schemaIDGUID:: unqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: builtinDomain
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: msTSSecondaryDesktops
+systemMayContain: msTSPrimaryDesktop
+systemMayContain: msPKI-CredentialRoamingTokens
+systemMayContain: msDS-ResultantPSO
+systemMayContain: msDS-AuthenticatedAtDC
+systemMayContain: msTSInitialProgram
+systemMayContain: msTSWorkDirectory
+systemMayContain: msTSDefaultToMainPrinter
+systemMayContain: msTSConnectPrinterDrives
+systemMayContain: msTSConnectClientDrives
+systemMayContain: msTSBrokenConnectionAction
+systemMayContain: msTSReconnectionAction
+systemMayContain: msTSMaxIdleTime
+systemMayContain: msTSMaxConnectionTime
+systemMayContain: msTSMaxDisconnectionTime
+systemMayContain: msTSRemoteControl
+systemMayContain: msTSAllowLogon
+systemMayContain: msTSHomeDrive
+systemMayContain: msTSHomeDirectory
+systemMayContain: msTSProfilePath
+systemMayContain: msTSLSProperty02
+systemMayContain: msTSLSProperty01
+systemMayContain: msTSProperty02
+systemMayContain: msTSProperty01
+systemMayContain: msTSManagingLS4
+systemMayContain: msTSManagingLS3
+systemMayContain: msTSManagingLS2
+systemMayContain: msTSManagingLS
+systemMayContain: msTSLicenseVersion4
+systemMayContain: msTSLicenseVersion3
+systemMayContain: msTSLicenseVersion2
+systemMayContain: msTSLicenseVersion
+systemMayContain: msTSExpireDate4
+systemMayContain: msTSExpireDate3
+systemMayContain: msTSExpireDate2
+systemMayContain: msTSExpireDate
+systemMayContain: msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon
+systemMayContain: msDS-FailedInteractiveLogonCount
+systemMayContain: msDS-LastFailedInteractiveLogonTime
+systemMayContain: msDS-LastSuccessfulInteractiveLogonTime
+systemMayContain: msRADIUS-SavedFramedIpv6Route
+systemMayContain: msRADIUS-FramedIpv6Route
+systemMayContain: msRADIUS-SavedFramedIpv6Prefix
+systemMayContain: msRADIUS-FramedIpv6Prefix
+systemMayContain: msRADIUS-SavedFramedInterfaceId
+systemMayContain: msRADIUS-FramedInterfaceId
+systemMayContain: msPKIAccountCredentials
+systemMayContain: msPKIDPAPIMasterKeys
+systemMayContain: msPKIRoamingTimeStamp
+systemMayContain: msDS-SupportedEncryptionTypes
+systemMayContain: msDS-SecondaryKrbTgtNumber
+systemMayContain: pager
+systemMayContain: o
+systemMayContain: mobile
+systemMayContain: manager
+systemMayContain: mail
+systemMayContain: initials
+systemMayContain: homePhone
+systemMayContain: businessCategory
+systemMayContain: userCertificate
+systemMayContain: userWorkstations
+systemMayContain: userSharedFolderOther
+systemMayContain: userSharedFolder
+systemMayContain: userPrincipalName
+systemMayContain: userParameters
+systemMayContain: userAccountControl
+systemMayContain: unicodePwd
+systemMayContain: terminalServer
+systemMayContain: servicePrincipalName
+systemMayContain: scriptPath
+systemMayContain: pwdLastSet
+systemMayContain: profilePath
+systemMayContain: primaryGroupID
+systemMayContain: preferredOU
+systemMayContain: otherLoginWorkstations
+systemMayContain: operatorCount
+systemMayContain: ntPwdHistory
+systemMayContain: networkAddress
+systemMayContain: msRASSavedFramedRoute
+systemMayContain: msRASSavedFramedIPAddress
+systemMayContain: msRASSavedCallbackNumber
+systemMayContain: msRADIUSServiceType
+systemMayContain: msRADIUSFramedRoute
+systemMayContain: msRADIUSFramedIPAddress
+systemMayContain: msRADIUSCallbackNumber
+systemMayContain: msNPSavedCallingStationID
+systemMayContain: msNPCallingStationID
+systemMayContain: msNPAllowDialin
+systemMayContain: mSMQSignCertificatesMig
+systemMayContain: mSMQSignCertificates
+systemMayContain: mSMQDigestsMig
+systemMayContain: mSMQDigests
+systemMayContain: msIIS-FTPRoot
+systemMayContain: msIIS-FTPDir
+systemMayContain: msDS-UserPasswordExpiryTimeComputed
+systemMayContain: msDS-User-Account-Control-Computed
+systemMayContain: msDS-Site-Affinity
+systemMayContain: mS-DS-CreatorSID
+systemMayContain: msDS-Cached-Membership-Time-Stamp
+systemMayContain: msDS-Cached-Membership
+systemMayContain: msDRM-IdentityCertificate
+systemMayContain: msCOM-UserPartitionSetLink
+systemMayContain: maxStorage
+systemMayContain: logonWorkstation
+systemMayContain: logonHours
+systemMayContain: logonCount
+systemMayContain: lockoutTime
+systemMayContain: localeID
+systemMayContain: lmPwdHistory
+systemMayContain: lastLogonTimestamp
+systemMayContain: lastLogon
+systemMayContain: lastLogoff
+systemMayContain: homeDrive
+systemMayContain: homeDirectory
+systemMayContain: groupsToIgnore
+systemMayContain: groupPriority
+systemMayContain: groupMembershipSAM
+systemMayContain: dynamicLDAPServer
+systemMayContain: desktopProfile
+systemMayContain: defaultClassStore
+systemMayContain: dBCSPwd
+systemMayContain: controlAccessRights
+systemMayContain: codePage
+systemMayContain: badPwdCount
+systemMayContain: badPasswordTime
+systemMayContain: adminCount
+systemMayContain: aCSPolicyName
+systemMayContain: accountExpires
+systemAuxiliaryClass: securityPrincipal
+systemAuxiliaryClass: mailRecipient
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9
+ 819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;
+ ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-000
+ 0F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45
+ 795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968
+ f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a
+ 9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04
+ fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-
+ 9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;
+ AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0
+ -9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;
+ ;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422
+ -11d1-aebd-0000f80367c1;;S-1-5-32-561)(OA;;WPRP;5805bc62-bdc9-4428-a5e2-856a0f
+ 4c185e;;S-1-5-32-561)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Volume,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Volume
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.36
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Volume
+adminDescription: Volume
+objectClassCategory: 1
+lDAPDisplayName: volume
+schemaIDGUID:: u3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: lastContentIndexed
+systemMayContain: contentIndexingAllowed
+systemMustContain: uNCName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Volume,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PosixAccount,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: PosixAccount
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.0
+mayContain: description
+mayContain: gecos
+mayContain: loginShell
+mayContain: unixUserPassword
+mayContain: userPassword
+mayContain: homeDirectory
+mayContain: unixHomeDirectory
+mayContain: gidNumber
+mayContain: uidNumber
+mayContain: cn
+mayContain: uid
+rDNAttID: uid
+showInAdvancedViewOnly: TRUE
+adminDisplayName: posixAccount
+adminDescription: Abstraction of an account with posix attributes
+objectClassCategory: 3
+lDAPDisplayName: posixAccount
+schemaIDGUID:: QbtErdVniE21dXsgZ0522A==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=PosixAccount,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowAccount,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ShadowAccount
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.1
+mayContain: shadowFlag
+mayContain: shadowExpire
+mayContain: shadowInactive
+mayContain: shadowWarning
+mayContain: shadowMax
+mayContain: shadowMin
+mayContain: shadowLastChange
+mayContain: description
+mayContain: userPassword
+mayContain: uid
+rDNAttID: uid
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowAccount
+adminDescription: Additional attributes for shadow passwords
+objectClassCategory: 3
+lDAPDisplayName: shadowAccount
+schemaIDGUID:: Z4RtWxgadEGzUJzG57SsjQ==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ShadowAccount,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PosixGroup,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: PosixGroup
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.2
+mayContain: memberUid
+mayContain: gidNumber
+mayContain: description
+mayContain: unixUserPassword
+mayContain: userPassword
+mayContain: cn
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: posixGroup
+adminDescription: Abstraction of a group of acconts
+objectClassCategory: 3
+lDAPDisplayName: posixGroup
+schemaIDGUID:: uFCTKiwG0E6ZA93hDQbeug==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=PosixGroup,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpService,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: IpService
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.3
+mustContain: ipServiceProtocol
+mustContain: ipServicePort
+mustContain: cn
+mayContain: nisMapName
+mayContain: msSFU30Aliases
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipService
+adminDescription: Abstraction of an Internet Protocol service.
+objectClassCategory: 1
+lDAPDisplayName: ipService
+schemaIDGUID:: 3/oXJZf6rUid5nmsVyH4ZA==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=IpService,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpProtocol,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: IpProtocol
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.4
+mustContain: ipProtocolNumber
+mustContain: cn
+mayContain: msSFU30Aliases
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipProtocol
+adminDescription: Abstraction of an IP protocol
+objectClassCategory: 1
+lDAPDisplayName: ipProtocol
+schemaIDGUID:: 0sstnPD7x02s4INW3NDwEw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=IpProtocol,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OncRpc,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: OncRpc
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.5
+mustContain: oncRpcNumber
+mustContain: cn
+mayContain: msSFU30Aliases
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: oncRpc
+adminDescription: 
+ Abstraction of an Open Network Computing (ONC) [RFC1057] Remote Procedure Call
+  (RPC) binding
+objectClassCategory: 1
+lDAPDisplayName: oncRpc
+schemaIDGUID:: Xh7dyvz+P0+1qXDplCBDAw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=OncRpc,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpHost,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: IpHost
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.6
+mayContain: manager
+mayContain: l
+mayContain: uid
+mayContain: ipHostNumber
+mayContain: description
+mayContain: cn
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipHost
+adminDescription: Abstraction of a host, an IP device.
+objectClassCategory: 3
+lDAPDisplayName: ipHost
+schemaIDGUID:: RhaRqyeIlU+HgFqPAI62jw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=IpHost,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpNetwork,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: IpNetwork
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.7
+mustContain: ipNetworkNumber
+mustContain: cn
+mayContain: msSFU30Aliases
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: manager
+mayContain: l
+mayContain: uid
+mayContain: ipNetmaskNumber
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipNetwork
+adminDescription: 
+ Abstraction of a network. The distinguished value of the cn attribute denotes 
+ the network's cannonical name
+objectClassCategory: 1
+lDAPDisplayName: ipNetwork
+schemaIDGUID:: wzZY2T4U+0OZKrBX8eyt+Q==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=IpNetwork,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisNetgroup,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NisNetgroup
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.8
+mustContain: cn
+mayContain: msSFU30NetgroupUserAtDomain
+mayContain: msSFU30NetgroupHostAtDomain
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: nisNetgroupTriple
+mayContain: memberNisNetgroup
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: nisNetgroup
+adminDescription: Abstraction of a netgroup. May refer to other netgroups
+objectClassCategory: 1
+lDAPDisplayName: nisNetgroup
+schemaIDGUID:: hL/vcntuXEqo24p1p8rSVA==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NisNetgroup,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisMap,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NisMap
+possSuperiors: domainDNS
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.9
+mustContain: nisMapName
+mustContain: cn
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: nisMap
+adminDescription: A generic abstraction of a nis map
+objectClassCategory: 1
+lDAPDisplayName: nisMap
+schemaIDGUID:: bGZydsECM0+ez/ZJwd2bfA==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NisMap,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisObject,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NisObject
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.10
+mustContain: nisMapEntry
+mustContain: nisMapName
+mustContain: cn
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: nisObject
+adminDescription: An entry in a NIS map
+objectClassCategory: 1
+lDAPDisplayName: nisObject
+schemaIDGUID:: k4pPkFRJX0yx4VPAl6MeEw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NisObject,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IEEE802Device,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: IEEE802Device
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.11
+mayContain: macAddress
+mayContain: cn
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ieee802Device
+adminDescription: A device with a MAC address
+objectClassCategory: 3
+lDAPDisplayName: ieee802Device
+schemaIDGUID:: KeWZpjemfUug+13EZqC4pw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=IEEE802Device,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=BootableDevice,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: BootableDevice
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.12
+mayContain: bootFile
+mayContain: bootParameter
+mayContain: cn
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: bootableDevice
+adminDescription: A device with boot parameters
+objectClassCategory: 3
+lDAPDisplayName: bootableDevice
+schemaIDGUID:: dyTLS7NLRUWp/Ptm4Ta0NQ==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=BootableDevice,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Mail-Aliases,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: msSFU-30-Mail-Aliases
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.18.2.211
+mayContain: nisMapName
+mayContain: msSFU30Aliases
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Mail-Aliases
+adminDescription: represents UNIX mail file data
+objectClassCategory: 1
+lDAPDisplayName: msSFU30MailAliases
+schemaIDGUID:: hQdx1v+Gt0SFtfH4aJUizg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=msSFU-30-Mail-Aliases,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Net-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: msSFU-30-Net-Id
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.18.2.212
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: msSFU30KeyValues
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Net-Id
+adminDescription: stores the netword ID
+objectClassCategory: 1
+lDAPDisplayName: msSFU30NetId
+schemaIDGUID:: LBlj4gIq30iXkpTyMoeBoA==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=msSFU-30-Net-Id,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Domain-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: msSFU-30-Domain-Info
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.18.2.215
+mayContain: msSFU30CryptMethod
+mayContain: msSFU30MaxUidNumber
+mayContain: msSFU30MaxGidNumber
+mayContain: msSFU30OrderNumber
+mayContain: msSFU30MasterServerName
+mayContain: msSFU30IsValidContainer
+mayContain: msSFU30SearchContainer
+mayContain: msSFU30YpServers
+mayContain: msSFU30Domains
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Domain-Info
+adminDescription: 
+ Represents an internal data structure used by Server for NIS.
+objectClassCategory: 1
+lDAPDisplayName: msSFU30DomainInfo
+schemaIDGUID:: zn0pNmtlI0SrZdq7J3CBng==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=msSFU-30-Domain-Info,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Network-User,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: msSFU-30-Network-User
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.18.2.216
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: msSFU30KeyValues
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Network-User
+adminDescription: represents network file data
+objectClassCategory: 1
+lDAPDisplayName: msSFU30NetworkUser
+schemaIDGUID:: ozRT4fALJ0S2chH12ErMkg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=msSFU-30-Network-User,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-NIS-Map-Config,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: msSFU-30-NIS-Map-Config
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.18.2.217
+mayContain: msSFU30MapFilter
+mayContain: msSFU30ResultAttributes
+mayContain: msSFU30SearchAttributes
+mayContain: msSFU30IntraFieldSeparator
+mayContain: msSFU30NSMAPFieldPosition
+mayContain: msSFU30FieldSeparator
+mayContain: msSFU30KeyAttributes
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-NIS-Map-Config
+adminDescription: represents an internal Data Structure used by Server for NIS
+objectClassCategory: 1
+lDAPDisplayName: msSFU30NISMapConfig
+schemaIDGUID:: 0DP3+uv4z02NdfF1OvalCw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=msSFU-30-NIS-Map-Config,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-80211-GroupPolicy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-net-ieee-80211-GroupPolicy
+subClassOf: top
+governsID: 1.2.840.113556.1.5.251
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-80211-GroupPolicy
+adminDescription: 
+ This class represents an 802.11 wireless network group policy object.  This cl
+ ass contains identifiers and configuration data relevant to an 802.11 wireless
+  network.
+objectClassCategory: 1
+lDAPDisplayName: ms-net-ieee-80211-GroupPolicy
+schemaIDGUID:: Yxi4HCK4eUOeol/3vcY4bQ==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemPossSuperiors: container
+systemPossSuperiors: person
+systemMayContain: ms-net-ieee-80211-GP-PolicyReserved
+systemMayContain: ms-net-ieee-80211-GP-PolicyData
+systemMayContain: ms-net-ieee-80211-GP-PolicyGUID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-net-ieee-80211-GroupPolicy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-8023-GroupPolicy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-net-ieee-8023-GroupPolicy
+subClassOf: top
+governsID: 1.2.840.113556.1.5.252
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-8023-GroupPolicy
+adminDescription: 
+ This class represents an 802.3 wired network group policy object.  This class 
+ contains identifiers and configuration data relevant to an 802.3 wired network
+ .
+objectClassCategory: 1
+lDAPDisplayName: ms-net-ieee-8023-GroupPolicy
+schemaIDGUID:: ajqgmRmrRkSTUAy4eO0tmw==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemPossSuperiors: container
+systemPossSuperiors: person
+systemMayContain: ms-net-ieee-8023-GP-PolicyReserved
+systemMayContain: ms-net-ieee-8023-GP-PolicyData
+systemMayContain: ms-net-ieee-8023-GP-PolicyGUID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-net-ieee-8023-GroupPolicy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FVE-RecoveryInformation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-FVE-RecoveryInformation
+subClassOf: top
+governsID: 1.2.840.113556.1.5.253
+mayContain: msFVE-VolumeGuid
+mayContain: msFVE-KeyPackage
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FVE-RecoveryInformation
+adminDescription: 
+ This class contains BitLocker recovery information including GUIDs, recovery p
+ asswords, and keys. Full Volume Encryption (FVE) was the pre-release name for 
+ BitLocker Drive Encryption.
+objectClassCategory: 1
+lDAPDisplayName: msFVE-RecoveryInformation
+schemaIDGUID:: MF1x6lOP0EC9HmEJGG14LA==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemMustContain: msFVE-RecoveryGuid
+systemMustContain: msFVE-RecoveryPassword
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-FVE-RecoveryInformation,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Deleted-Link-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFS-Deleted-Link-v2
+subClassOf: top
+governsID: 1.2.840.113556.1.5.260
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Deleted-Link-v2
+adminDescription: Deleted DFS Link in DFS namespace
+objectClassCategory: 1
+lDAPDisplayName: msDFS-DeletedLinkv2
+schemaIDGUID:: CDQXJcoE6ECGXj+c6b8b0w==
+systemOnly: FALSE
+systemPossSuperiors: msDFS-Namespacev2
+systemMayContain: msDFS-ShortNameLinkPathv2
+systemMayContain: msDFS-Commentv2
+systemMustContain: msDFS-LinkPathv2
+systemMustContain: msDFS-LastModifiedv2
+systemMustContain: msDFS-LinkIdentityGUIDv2
+systemMustContain: msDFS-NamespaceIdentityGUIDv2
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFS-Deleted-Link-v2,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Link-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFS-Link-v2
+subClassOf: top
+governsID: 1.2.840.113556.1.5.259
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Link-v2
+adminDescription: DFS Link in DFS namespace
+objectClassCategory: 1
+lDAPDisplayName: msDFS-Linkv2
+schemaIDGUID:: evtpd1kRlk6czWi8SHBz6w==
+systemOnly: FALSE
+systemPossSuperiors: msDFS-Namespacev2
+systemMayContain: msDFS-ShortNameLinkPathv2
+systemMayContain: msDFS-LinkSecurityDescriptorv2
+systemMayContain: msDFS-Commentv2
+systemMustContain: msDFS-LinkPathv2
+systemMustContain: msDFS-Propertiesv2
+systemMustContain: msDFS-TargetListv2
+systemMustContain: msDFS-Ttlv2
+systemMustContain: msDFS-LastModifiedv2
+systemMustContain: msDFS-LinkIdentityGUIDv2
+systemMustContain: msDFS-NamespaceIdentityGUIDv2
+systemMustContain: msDFS-GenerationGUIDv2
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFS-Link-v2,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Namespace-Anchor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFS-Namespace-Anchor
+subClassOf: top
+governsID: 1.2.840.113556.1.5.257
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Namespace-Anchor
+adminDescription: DFS namespace anchor
+objectClassCategory: 1
+lDAPDisplayName: msDFS-NamespaceAnchor
+schemaIDGUID:: haBz2mRuYU2wZAFdBBZHlQ==
+systemOnly: FALSE
+systemPossSuperiors: dfsConfiguration
+systemMustContain: msDFS-SchemaMajorVersion
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFS-Namespace-Anchor,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Namespace-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFS-Namespace-v2
+subClassOf: top
+governsID: 1.2.840.113556.1.5.258
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Namespace-v2
+adminDescription: DFS namespace
+objectClassCategory: 1
+lDAPDisplayName: msDFS-Namespacev2
+schemaIDGUID:: KIbLIcPzv0u/9gYLLY8pmg==
+systemOnly: FALSE
+systemPossSuperiors: msDFS-NamespaceAnchor
+systemMayContain: msDFS-Commentv2
+systemMustContain: msDFS-Propertiesv2
+systemMustContain: msDFS-TargetListv2
+systemMustContain: msDFS-Ttlv2
+systemMustContain: msDFS-LastModifiedv2
+systemMustContain: msDFS-NamespaceIdentityGUIDv2
+systemMustContain: msDFS-GenerationGUIDv2
+systemMustContain: msDFS-SchemaMinorVersion
+systemMustContain: msDFS-SchemaMajorVersion
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFS-Namespace-v2,CN=Schema,CN=Configuration,DC=X
+
diff --git a/source4/setup/ad-schema/Classes_for_AD_DS__Windows_Server_2012.ldf b/source4/setup/ad-schema/Classes_for_AD_DS__Windows_Server_2012.ldf
new file mode 100644
index 0000000..64f4fb9
--- /dev/null
+++ b/source4/setup/ad-schema/Classes_for_AD_DS__Windows_Server_2012.ldf
@@ -0,0 +1,8624 @@
+# Intellectual Property Rights Notice for Open Specifications Documentation
+# •	Technical Documentation. Microsoft publishes Open Specifications documentation for protocols, file formats, languages, standards as well as overviews of the interaction among each of these technologies. 
+# •	Copyrights. This documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you may make copies of it in order to develop implementations of the technologies described in the Open Specifications and may distribute portions of it in your implementations using these technologies or your documentation as necessary to properly document the implementation. You may also distribute in your implementation, with or without modification, any schema, IDL’s, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the Open Specifications. 
+# •	No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation.
+# •	Patents. Microsoft has patents that may cover your implementations of the technologies described in the Open Specifications. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, a given Open Specification may be covered by Microsoft's Open Specification Promise (available here:  http://www.microsoft.com/interop/osp) or the Community Promise (available here: http://www.microsoft.com/interop/cp/default.mspx). If you would prefer a written license, or if the technologies described in the Open Specifications are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting iplg@microsoft.com.
+# •	Trademarks. The names of companies and products contained in this documentation may be covered by trademarks or similar intellectual property rights. This notice does not grant any licenses under those rights.
+# •	Fictitious Names. The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in this documentation are fictitious.  No association with any real company, organization, product, domain name, email address, logo, person, place, or event is intended or should be inferred.
+# Reservation of Rights. All other rights are reserved, and this notice does not grant any rights other than specifically described above, whether by implication, estoppel, or otherwise.
+# Tools. The Open Specifications do not require the use of Microsoft programming tools or programming environments in order for you to develop an implementation. If you have access to Microsoft programming tools and environments you are free to take advantage of them. Certain Open Specifications are intended for use in conjunction with publicly available standard specifications and network programming art, and assumes that the reader either is familiar with the aforementioned material or has immediate access to it.
+
+# The following class schema definitions were generated from the Windows Server 2012 version of Active Directory Domain Services (AD DS). 
+
+dn: CN=Organization,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Organization
+subClassOf: top
+governsID: 2.5.6.4
+rDNAttID: o
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Organization
+adminDescription: Organization
+objectClassCategory: 1
+lDAPDisplayName: organization
+schemaIDGUID:: o3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: locality
+systemPossSuperiors: country
+systemPossSuperiors: domainDNS
+systemMayContain: x121Address
+systemMayContain: userPassword
+systemMayContain: telexNumber
+systemMayContain: teletexTerminalIdentifier
+systemMayContain: telephoneNumber
+systemMayContain: street
+systemMayContain: st
+systemMayContain: seeAlso
+systemMayContain: searchGuide
+systemMayContain: registeredAddress
+systemMayContain: preferredDeliveryMethod
+systemMayContain: postalCode
+systemMayContain: postalAddress
+systemMayContain: postOfficeBox
+systemMayContain: physicalDeliveryOfficeName
+systemMayContain: l
+systemMayContain: internationalISDNNumber
+systemMayContain: facsimileTelephoneNumber
+systemMayContain: destinationIndicator
+systemMayContain: businessCategory
+systemMustContain: o
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Organization,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTDS-DSA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTDS-DSA
+subClassOf: applicationSettings
+governsID: 1.2.840.113556.1.5.7000.47
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTDS-DSA
+adminDescription: NTDS-DSA
+objectClassCategory: 1
+lDAPDisplayName: nTDSDSA
+schemaIDGUID:: q//48JER0BGgYACqAGwz7Q==
+systemOnly: TRUE
+systemPossSuperiors: organization
+systemPossSuperiors: server
+systemMayContain: msDS-EnabledFeature
+systemMayContain: msDS-IsUserCachableAtRodc
+systemMayContain: msDS-SiteName
+systemMayContain: msDS-isRODC
+systemMayContain: msDS-isGC
+systemMayContain: msDS-RevealedUsers
+systemMayContain: msDS-RevealOnDemandGroup
+systemMayContain: msDS-NeverRevealGroup
+systemMayContain: msDS-hasFullReplicaNCs
+systemMayContain: serverReference
+systemMayContain: msDS-RetiredReplNCSignatures
+systemMayContain: retiredReplDSASignatures
+systemMayContain: queryPolicyObject
+systemMayContain: options
+systemMayContain: networkAddress
+systemMayContain: msDS-ReplicationEpoch
+systemMayContain: msDS-HasInstantiatedNCs
+systemMayContain: msDS-hasMasterNCs
+systemMayContain: msDS-HasDomainNCs
+systemMayContain: msDS-Behavior-Version
+systemMayContain: managedBy
+systemMayContain: lastBackupRestorationTime
+systemMayContain: invocationId
+systemMayContain: hasPartialReplicaNCs
+systemMayContain: hasMasterNCs
+systemMayContain: fRSRootPath
+systemMayContain: dMDLocation
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTDS-DSA,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DMD,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: DMD
+subClassOf: top
+governsID: 1.2.840.113556.1.3.9
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DMD
+adminDescription: DMD
+objectClassCategory: 1
+lDAPDisplayName: dMD
+schemaIDGUID:: j3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemPossSuperiors: configuration
+systemMayContain: msDS-USNLastSyncSuccess
+systemMayContain: schemaUpdate
+systemMayContain: schemaInfo
+systemMayContain: prefixMap
+systemMayContain: msDs-Schema-Extensions
+systemMayContain: msDS-IntId
+systemMayContain: dmdName
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=DMD,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=SubSchema,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: SubSchema
+subClassOf: top
+governsID: 2.5.20.1
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: SubSchema
+adminDescription: SubSchema
+objectClassCategory: 1
+lDAPDisplayName: subSchema
+schemaIDGUID:: YTKLWo3D0RG7yQCAx2ZwwA==
+systemOnly: TRUE
+systemPossSuperiors: dMD
+systemMayContain: objectClasses
+systemMayContain: modifyTimeStamp
+systemMayContain: extendedClassInfo
+systemMayContain: extendedAttributeInfo
+systemMayContain: dITContentRules
+systemMayContain: attributeTypes
+defaultSecurityDescriptor: D:S:
+systemFlags: 134217744
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=SubSchema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Attribute-Schema
+subClassOf: top
+governsID: 1.2.840.113556.1.3.14
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Attribute-Schema
+adminDescription: Attribute-Schema
+objectClassCategory: 1
+lDAPDisplayName: attributeSchema
+schemaIDGUID:: gHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: dMD
+systemMayContain: systemOnly
+systemMayContain: searchFlags
+systemMayContain: schemaFlagsEx
+systemMayContain: rangeUpper
+systemMayContain: rangeLower
+systemMayContain: oMObjectClass
+systemMayContain: msDs-Schema-Extensions
+systemMayContain: msDS-IntId
+systemMayContain: mAPIID
+systemMayContain: linkID
+systemMayContain: isMemberOfPartialAttributeSet
+systemMayContain: isEphemeral
+systemMayContain: isDefunct
+systemMayContain: extendedCharsAllowed
+systemMayContain: classDisplayName
+systemMayContain: attributeSecurityGUID
+systemMustContain: schemaIDGUID
+systemMustContain: oMSyntax
+systemMustContain: lDAPDisplayName
+systemMustContain: isSingleValued
+systemMustContain: cn
+systemMustContain: attributeSyntax
+systemMustContain: attributeID
+defaultSecurityDescriptor: D:S:
+systemFlags: 134217744
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=account,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: account
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 0.9.2342.19200300.100.4.5
+mayContain: uid
+mayContain: host
+mayContain: ou
+mayContain: o
+mayContain: l
+mayContain: seeAlso
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: account
+adminDescription: 
+ The account object class is used to define entries representing computer accou
+ nts.
+objectClassCategory: 1
+lDAPDisplayName: account
+schemaIDGUID:: aqQoJq2m4Eq4VCsS2f5vng==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=account,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Class-Schema
+subClassOf: top
+governsID: 1.2.840.113556.1.3.13
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Class-Schema
+adminDescription: Class-Schema
+objectClassCategory: 1
+lDAPDisplayName: classSchema
+schemaIDGUID:: g3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: dMD
+systemMayContain: systemPossSuperiors
+systemMayContain: systemOnly
+systemMayContain: systemMustContain
+systemMayContain: systemMayContain
+systemMayContain: systemAuxiliaryClass
+systemMayContain: schemaFlagsEx
+systemMayContain: rDNAttID
+systemMayContain: possSuperiors
+systemMayContain: mustContain
+systemMayContain: msDs-Schema-Extensions
+systemMayContain: msDS-IntId
+systemMayContain: mayContain
+systemMayContain: lDAPDisplayName
+systemMayContain: isDefunct
+systemMayContain: defaultSecurityDescriptor
+systemMayContain: defaultHidingValue
+systemMayContain: classDisplayName
+systemMayContain: auxiliaryClass
+systemMustContain: subClassOf
+systemMustContain: schemaIDGUID
+systemMustContain: objectClassCategory
+systemMustContain: governsID
+systemMustContain: defaultObjectCategory
+systemMustContain: cn
+defaultSecurityDescriptor: D:S:
+systemFlags: 134217744
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ACS-Policy
+subClassOf: top
+governsID: 1.2.840.113556.1.5.137
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Policy
+adminDescription: ACS-Policy
+objectClassCategory: 1
+lDAPDisplayName: aCSPolicy
+schemaIDGUID:: iBJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: aCSTotalNoOfFlows
+systemMayContain: aCSTimeOfDay
+systemMayContain: aCSServiceType
+systemMayContain: aCSPriority
+systemMayContain: aCSPermissionBits
+systemMayContain: aCSMinimumDelayVariation
+systemMayContain: aCSMinimumLatency
+systemMayContain: aCSMaximumSDUSize
+systemMayContain: aCSMinimumPolicedSize
+systemMayContain: aCSMaxTokenRatePerFlow
+systemMayContain: aCSMaxTokenBucketPerFlow
+systemMayContain: aCSMaxPeakBandwidthPerFlow
+systemMayContain: aCSMaxDurationPerFlow
+systemMayContain: aCSMaxAggregatePeakRatePerUser
+systemMayContain: aCSIdentityName
+systemMayContain: aCSDirection
+systemMayContain: aCSAggregateTokenRatePerUser
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ACS-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Resource-Limits,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ACS-Resource-Limits
+subClassOf: top
+governsID: 1.2.840.113556.1.5.191
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Resource-Limits
+adminDescription: ACS-Resource-Limits
+objectClassCategory: 1
+lDAPDisplayName: aCSResourceLimits
+schemaIDGUID:: BJuJLjQo0xGR1AAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: aCSMaxTokenRatePerFlow
+systemMayContain: aCSServiceType
+systemMayContain: aCSMaxPeakBandwidthPerFlow
+systemMayContain: aCSMaxPeakBandwidth
+systemMayContain: aCSAllocableRSVPBandwidth
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ACS-Resource-Limits,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ACS-Subnet,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ACS-Subnet
+subClassOf: top
+governsID: 1.2.840.113556.1.5.138
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ACS-Subnet
+adminDescription: ACS-Subnet
+objectClassCategory: 1
+lDAPDisplayName: aCSSubnet
+schemaIDGUID:: iRJWfwFT0RGpxQAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: aCSServerList
+systemMayContain: aCSRSVPLogFilesLocation
+systemMayContain: aCSRSVPAccountFilesLocation
+systemMayContain: aCSNonReservedTxSize
+systemMayContain: aCSNonReservedTxLimit
+systemMayContain: aCSNonReservedTokenSize
+systemMayContain: aCSNonReservedPeakRate
+systemMayContain: aCSNonReservedMinPolicedSize
+systemMayContain: aCSNonReservedMaxSDUSize
+systemMayContain: aCSMaxTokenRatePerFlow
+systemMayContain: aCSMaxSizeOfRSVPLogFile
+systemMayContain: aCSMaxSizeOfRSVPAccountFile
+systemMayContain: aCSMaxPeakBandwidthPerFlow
+systemMayContain: aCSMaxPeakBandwidth
+systemMayContain: aCSMaxNoOfLogFiles
+systemMayContain: aCSMaxNoOfAccountFiles
+systemMayContain: aCSMaxDurationPerFlow
+systemMayContain: aCSEventLogLevel
+systemMayContain: aCSEnableRSVPMessageLogging
+systemMayContain: aCSEnableRSVPAccounting
+systemMayContain: aCSEnableACSService
+systemMayContain: aCSDSBMRefresh
+systemMayContain: aCSDSBMPriority
+systemMayContain: aCSDSBMDeadTime
+systemMayContain: aCSCacheTimeout
+systemMayContain: aCSAllocableRSVPBandwidth
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ACS-Subnet,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Book-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Address-Book-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.125
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Book-Container
+adminDescription: Address-Book-Container
+objectClassCategory: 1
+lDAPDisplayName: addressBookContainer
+schemaIDGUID:: D/Z0PnM+0RGpwAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: addressBookContainer
+systemPossSuperiors: configuration
+systemMayContain: purportedSearch
+systemMustContain: displayName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(OA;;CR;a1990816-4298-11d1-ade2-00c04fd8d5cd;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Address-Book-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Template,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Address-Template
+subClassOf: displayTemplate
+governsID: 1.2.840.113556.1.3.58
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Address-Template
+adminDescription: Address-Template
+objectClassCategory: 1
+lDAPDisplayName: addressTemplate
+schemaIDGUID:: CiXUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: proxyGenerationEnabled
+systemMayContain: perRecipDialogDisplayTable
+systemMayContain: perMsgDialogDisplayTable
+systemMayContain: addressType
+systemMayContain: addressSyntax
+systemMustContain: displayName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Address-Template,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Application-Entity,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Application-Entity
+subClassOf: top
+governsID: 2.5.6.12
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Application-Entity
+adminDescription: Application-Entity
+objectClassCategory: 1
+lDAPDisplayName: applicationEntity
+schemaIDGUID:: T+7fP/RH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: applicationProcess
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: supportedApplicationContext
+systemMayContain: seeAlso
+systemMayContain: ou
+systemMayContain: o
+systemMayContain: l
+systemMustContain: presentationAddress
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Application-Entity,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Application-Process,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Application-Process
+subClassOf: top
+governsID: 2.5.6.11
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Application-Process
+adminDescription: Application-Process
+objectClassCategory: 1
+lDAPDisplayName: applicationProcess
+schemaIDGUID:: CyXUX2IS0BGgYACqAGwz7Q==
+systemOnly: TRUE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: organization
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemMayContain: seeAlso
+systemMayContain: ou
+systemMayContain: l
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Application-Process,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Application-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Application-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.5.7000.49
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Application-Settings
+adminDescription: Application-Settings
+objectClassCategory: 2
+lDAPDisplayName: applicationSettings
+schemaIDGUID:: wayA9/BW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: server
+systemMayContain: notificationList
+systemMayContain: msDS-Settings
+systemMayContain: applicationName
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Application-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Application-Site-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Application-Site-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.5.68
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Application-Site-Settings
+adminDescription: Application-Site-Settings
+objectClassCategory: 2
+lDAPDisplayName: applicationSiteSettings
+schemaIDGUID:: XFoZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: site
+systemMayContain: notificationList
+systemMayContain: applicationName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Application-Site-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Application-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Application-Version
+possSuperiors: organizationalUnit
+possSuperiors: computer
+possSuperiors: container
+subClassOf: applicationSettings
+governsID: 1.2.840.113556.1.5.216
+mayContain: owner
+mayContain: managedBy
+mayContain: keywords
+mayContain: versionNumberLo
+mayContain: versionNumberHi
+mayContain: versionNumber
+mayContain: vendor
+mayContain: appSchemaVersion
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Application-Version
+adminDescription: 
+ Stores versioning information for an application and its schema.
+objectClassCategory: 1
+lDAPDisplayName: applicationVersion
+schemaIDGUID:: rJDH3U2vKkSPD6HUyqfdkg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 0
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Application-Version,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Builtin-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Builtin-Domain
+subClassOf: top
+governsID: 1.2.840.113556.1.5.4
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Builtin-Domain
+adminDescription: Builtin-Domain
+objectClassCategory: 1
+lDAPDisplayName: builtinDomain
+schemaIDGUID:: gXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemAuxiliaryClass: samDomainBase
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Builtin-Domain,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Category-Registration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Category-Registration
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.74
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Category-Registration
+adminDescription: Category-Registration
+objectClassCategory: 1
+lDAPDisplayName: categoryRegistration
+schemaIDGUID:: nQ5sfSB+0BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: classStore
+systemMayContain: managedBy
+systemMayContain: localizedDescription
+systemMayContain: localeID
+systemMayContain: categoryId
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Category-Registration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Certification-Authority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Certification-Authority
+subClassOf: top
+governsID: 2.5.6.16
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Certification-Authority
+adminDescription: Certification-Authority
+objectClassCategory: 0
+lDAPDisplayName: certificationAuthority
+schemaIDGUID:: UO7fP/RH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: teletexTerminalIdentifier
+systemMayContain: supportedApplicationContext
+systemMayContain: signatureAlgorithms
+systemMayContain: searchGuide
+systemMayContain: previousParentCA
+systemMayContain: previousCACertificates
+systemMayContain: pendingParentCA
+systemMayContain: pendingCACertificates
+systemMayContain: parentCACertificateChain
+systemMayContain: parentCA
+systemMayContain: enrollmentProviders
+systemMayContain: domainPolicyObject
+systemMayContain: domainID
+systemMayContain: dNSHostName
+systemMayContain: deltaRevocationList
+systemMayContain: currentParentCA
+systemMayContain: crossCertificatePair
+systemMayContain: cRLObject
+systemMayContain: certificateTemplates
+systemMayContain: cAWEBURL
+systemMayContain: cAUsages
+systemMayContain: cAConnect
+systemMayContain: cACertificateDN
+systemMustContain: cn
+systemMustContain: certificateRevocationList
+systemMustContain: cACertificate
+systemMustContain: authorityRevocationList
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Certification-Authority,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Class-Registration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Class-Registration
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.10
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Class-Registration
+adminDescription: Class-Registration
+objectClassCategory: 1
+lDAPDisplayName: classRegistration
+schemaIDGUID:: gnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: classStore
+systemMayContain: requiredCategories
+systemMayContain: managedBy
+systemMayContain: implementedCategories
+systemMayContain: cOMTreatAsClassId
+systemMayContain: cOMProgID
+systemMayContain: cOMOtherProgId
+systemMayContain: cOMInterfaceID
+systemMayContain: cOMCLSID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Class-Registration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Class-Store,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Class-Store
+subClassOf: top
+governsID: 1.2.840.113556.1.5.44
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Class-Store
+adminDescription: Class-Store
+objectClassCategory: 1
+lDAPDisplayName: classStore
+schemaIDGUID:: hHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: domainPolicy
+systemPossSuperiors: computer
+systemPossSuperiors: group
+systemPossSuperiors: user
+systemPossSuperiors: classStore
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemPossSuperiors: container
+systemMayContain: versionNumber
+systemMayContain: nextLevelStore
+systemMayContain: lastUpdateSequence
+systemMayContain: appSchemaVersion
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Class-Store,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Com-Connection-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Com-Connection-Point
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.11
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Com-Connection-Point
+adminDescription: Com-Connection-Point
+objectClassCategory: 1
+lDAPDisplayName: comConnectionPoint
+schemaIDGUID:: hXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: monikerDisplayName
+systemMayContain: moniker
+systemMayContain: marshalledInterface
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Com-Connection-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Computer
+subClassOf: user
+governsID: 1.2.840.113556.1.3.30
+mayContain: msSFU30Name
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Aliases
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Computer
+adminDescription: Computer
+auxiliaryClass: ipHost
+objectClassCategory: 1
+lDAPDisplayName: computer
+schemaIDGUID:: hnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: msImaging-HashAlgorithm
+systemMayContain: msImaging-ThumbprintHash
+systemMayContain: msDS-GenerationId
+systemMayContain: msTPM-TpmInformationForComputer
+systemMayContain: msTSSecondaryDesktopBL
+systemMayContain: msTSPrimaryDesktopBL
+systemMayContain: msTSEndpointPlugin
+systemMayContain: msTSEndpointType
+systemMayContain: msTSEndpointData
+systemMayContain: msDS-HostServiceAccount
+systemMayContain: msDS-IsUserCachableAtRodc
+systemMayContain: msTSProperty02
+systemMayContain: msTSProperty01
+systemMayContain: msTPM-OwnerInformation
+systemMayContain: msDS-RevealOnDemandGroup
+systemMayContain: msDS-NeverRevealGroup
+systemMayContain: msDS-PromotionSettings
+systemMayContain: msDS-SiteName
+systemMayContain: msDS-isRODC
+systemMayContain: msDS-isGC
+systemMayContain: msDS-AuthenticatedAtDC
+systemMayContain: msDS-ExecuteScriptPassword
+systemMayContain: msDS-RevealedList
+systemMayContain: msDS-RevealedUsers
+systemMayContain: msDS-KrbTgtLink
+systemMayContain: volumeCount
+systemMayContain: siteGUID
+systemMayContain: rIDSetReferences
+systemMayContain: policyReplicationFlags
+systemMayContain: physicalLocationObject
+systemMayContain: operatingSystemVersion
+systemMayContain: operatingSystemServicePack
+systemMayContain: operatingSystemHotfix
+systemMayContain: operatingSystem
+systemMayContain: networkAddress
+systemMayContain: netbootSIFFile
+systemMayContain: netbootMirrorDataFile
+systemMayContain: netbootMachineFilePath
+systemMayContain: netbootInitialization
+systemMayContain: netbootDUID
+systemMayContain: netbootGUID
+systemMayContain: msDS-AdditionalSamAccountName
+systemMayContain: msDS-AdditionalDnsHostName
+systemMayContain: managedBy
+systemMayContain: machineRole
+systemMayContain: location
+systemMayContain: localPolicyFlags
+systemMayContain: dNSHostName
+systemMayContain: defaultLocalPolicyObject
+systemMayContain: cn
+systemMayContain: catalogs
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCRLCLORCSDDT;;;CO)(OA;;WP;4c164200-20c0-
+ 11d0-a768-00aa006e0529;;CO)(A;;RPLCLORC;;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-0
+ 0aa0040529b;;WD)(A;;CCDC;;;PS)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;
+ PO)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;SW;f3a64788-5306-11
+ d1-a9c5-0000f80367c1;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(O
+ A;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)(OA;;SW;72e39547-7b18-11d1-adef
+ -00c04fd8d5cd;;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO)(OA;;WP;3e0
+ abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;
+ ;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00aa003049e2;
+ CO)(OA;;WP;bf967950-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa00
+ 3049e2;CO)(OA;;WP;bf967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285
+ -00aa003049e2;CO)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Configuration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Configuration
+subClassOf: top
+governsID: 1.2.840.113556.1.5.12
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Configuration
+adminDescription: Configuration
+objectClassCategory: 1
+lDAPDisplayName: configuration
+schemaIDGUID:: h3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemPossSuperiors: domainDNS
+systemMayContain: msDS-USNLastSyncSuccess
+systemMayContain: gPOptions
+systemMayContain: gPLink
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLC
+ LORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Configuration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Connection-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Connection-Point
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.14
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Connection-Point
+adminDescription: Connection-Point
+objectClassCategory: 2
+lDAPDisplayName: connectionPoint
+schemaIDGUID:: zx60XEwO0BGihgCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemMayContain: msDS-Settings
+systemMayContain: managedBy
+systemMayContain: keywords
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Connection-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Contact,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Contact
+subClassOf: organizationalPerson
+governsID: 1.2.840.113556.1.5.15
+mayContain: msDS-SourceObjectDN
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Contact
+adminDescription: Contact
+objectClassCategory: 1
+lDAPDisplayName: contact
+schemaIDGUID:: 0B60XEwO0BGihgCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: notes
+systemMustContain: cn
+systemAuxiliaryClass: mailRecipient
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Person,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Person
+subClassOf: top
+governsID: 2.5.6.6
+mayContain: attributeCertificateAttribute
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Person
+adminDescription: Person
+objectClassCategory: 0
+lDAPDisplayName: person
+schemaIDGUID:: p3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: userPassword
+systemMayContain: telephoneNumber
+systemMayContain: sn
+systemMayContain: serialNumber
+systemMayContain: seeAlso
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Container
+subClassOf: top
+governsID: 1.2.840.113556.1.3.23
+mayContain: msDS-ObjectReference
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Container
+adminDescription: Container
+objectClassCategory: 1
+lDAPDisplayName: container
+schemaIDGUID:: i3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: msDS-AzScope
+systemPossSuperiors: msDS-AzApplication
+systemPossSuperiors: msDS-AzAdminManager
+systemPossSuperiors: subnet
+systemPossSuperiors: server
+systemPossSuperiors: nTDSService
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organization
+systemPossSuperiors: configuration
+systemPossSuperiors: container
+systemPossSuperiors: organizationalUnit
+systemMayContain: schemaVersion
+systemMayContain: defaultClassStore
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Control-Access-Right,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Control-Access-Right
+subClassOf: top
+governsID: 1.2.840.113556.1.5.77
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Control-Access-Right
+adminDescription: Control-Access-Right
+objectClassCategory: 1
+lDAPDisplayName: controlAccessRight
+schemaIDGUID:: HpOXgtOG0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: validAccesses
+systemMayContain: rightsGuid
+systemMayContain: localizationDisplayId
+systemMayContain: appliesTo
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Control-Access-Right,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Country,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Country
+subClassOf: top
+governsID: 2.5.6.2
+rDNAttID: c
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Country
+adminDescription: Country
+objectClassCategory: 0
+lDAPDisplayName: country
+schemaIDGUID:: jHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organization
+systemMayContain: co
+systemMayContain: searchGuide
+systemMustContain: c
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Country,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=CRL-Distribution-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: CRL-Distribution-Point
+subClassOf: top
+governsID: 2.5.6.19
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: CRL-Distribution-Point
+adminDescription: CRL-Distribution-Point
+objectClassCategory: 1
+lDAPDisplayName: cRLDistributionPoint
+schemaIDGUID:: ylh3FvNH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: deltaRevocationList
+systemMayContain: cRLPartitionedRevocationList
+systemMayContain: certificateRevocationList
+systemMayContain: certificateAuthorityObject
+systemMayContain: authorityRevocationList
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=CRL-Distribution-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Cross-Ref,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Cross-Ref
+subClassOf: top
+governsID: 1.2.840.113556.1.3.11
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Cross-Ref
+adminDescription: Cross-Ref
+objectClassCategory: 1
+lDAPDisplayName: crossRef
+schemaIDGUID:: jXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: crossRefContainer
+systemMayContain: trustParent
+systemMayContain: superiorDNSRoot
+systemMayContain: rootTrust
+systemMayContain: nTMixedDomain
+systemMayContain: nETBIOSName
+systemMayContain: Enabled
+systemMayContain: msDS-SDReferenceDomain
+systemMayContain: msDS-Replication-Notify-Subsequent-DSA-Delay
+systemMayContain: msDS-Replication-Notify-First-DSA-Delay
+systemMayContain: msDS-NC-RO-Replica-Locations
+systemMayContain: msDS-NC-Replica-Locations
+systemMayContain: msDS-DnsRootAlias
+systemMayContain: msDS-Behavior-Version
+systemMustContain: nCName
+systemMustContain: dnsRoot
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Cross-Ref-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.7000.53
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Cross-Ref-Container
+adminDescription: Cross-Ref-Container
+objectClassCategory: 1
+lDAPDisplayName: crossRefContainer
+schemaIDGUID:: 4GCe7/dW0RGpxgAA+ANnwQ==
+systemOnly: TRUE
+systemPossSuperiors: configuration
+systemMayContain: msDS-EnabledFeature
+systemMayContain: msDS-SPNSuffixes
+systemMayContain: uPNSuffixes
+systemMayContain: msDS-UpdateScript
+systemMayContain: msDS-ExecuteScriptPassword
+systemMayContain: msDS-Behavior-Version
+defaultSecurityDescriptor: D:(A;;GA;;;SY)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Device,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Device
+subClassOf: top
+governsID: 2.5.6.14
+mayContain: msSFU30Aliases
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Device
+adminDescription: Device
+auxiliaryClass: ipHost
+auxiliaryClass: ieee802Device
+auxiliaryClass: bootableDevice
+objectClassCategory: 0
+lDAPDisplayName: device
+schemaIDGUID:: jnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: organization
+systemPossSuperiors: container
+systemMayContain: serialNumber
+systemMayContain: seeAlso
+systemMayContain: owner
+systemMayContain: ou
+systemMayContain: o
+systemMayContain: l
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Device,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dfs-Configuration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Dfs-Configuration
+subClassOf: top
+governsID: 1.2.840.113556.1.5.42
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dfs-Configuration
+adminDescription: Dfs-Configuration
+objectClassCategory: 1
+lDAPDisplayName: dfsConfiguration
+schemaIDGUID:: 8vlHhCcQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: domainDNS
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Dfs-Configuration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DHCP-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: DHCP-Class
+subClassOf: top
+governsID: 1.2.840.113556.1.5.132
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DHCP-Class
+adminDescription: DHCP-Class
+objectClassCategory: 1
+lDAPDisplayName: dHCPClass
+schemaIDGUID:: Vic9lr5I0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: superScopes
+systemMayContain: superScopeDescription
+systemMayContain: optionsLocation
+systemMayContain: optionDescription
+systemMayContain: networkAddress
+systemMayContain: mscopeId
+systemMayContain: dhcpUpdateTime
+systemMayContain: dhcpSubnets
+systemMayContain: dhcpState
+systemMayContain: dhcpSites
+systemMayContain: dhcpServers
+systemMayContain: dhcpReservations
+systemMayContain: dhcpRanges
+systemMayContain: dhcpProperties
+systemMayContain: dhcpOptions
+systemMayContain: dhcpObjName
+systemMayContain: dhcpObjDescription
+systemMayContain: dhcpMaxKey
+systemMayContain: dhcpMask
+systemMayContain: dhcpClasses
+systemMustContain: dhcpUniqueKey
+systemMustContain: dhcpType
+systemMustContain: dhcpIdentification
+systemMustContain: dhcpFlags
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=DHCP-Class,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Display-Specifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Display-Specifier
+subClassOf: top
+governsID: 1.2.840.113556.1.5.84
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Display-Specifier
+adminDescription: Display-Specifier
+objectClassCategory: 1
+lDAPDisplayName: displaySpecifier
+schemaIDGUID:: ih764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: treatAsLeaf
+systemMayContain: shellPropertyPages
+systemMayContain: shellContextMenu
+systemMayContain: scopeFlags
+systemMayContain: queryFilter
+systemMayContain: iconPath
+systemMayContain: extraColumns
+systemMayContain: creationWizard
+systemMayContain: createWizardExt
+systemMayContain: createDialog
+systemMayContain: contextMenu
+systemMayContain: classDisplayName
+systemMayContain: attributeDisplayNames
+systemMayContain: adminPropertyPages
+systemMayContain: adminMultiselectPropertyPages
+systemMayContain: adminContextMenu
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Display-Specifier,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Display-Template,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Display-Template
+subClassOf: top
+governsID: 1.2.840.113556.1.3.59
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Display-Template
+adminDescription: Display-Template
+objectClassCategory: 1
+lDAPDisplayName: displayTemplate
+schemaIDGUID:: DCXUX2IS0BGgYACqAGwz7Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: originalDisplayTableMSDOS
+systemMayContain: originalDisplayTable
+systemMayContain: helpFileName
+systemMayContain: helpData32
+systemMayContain: helpData16
+systemMayContain: addressEntryDisplayTableMSDOS
+systemMayContain: addressEntryDisplayTable
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Display-Template,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Node,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Dns-Node
+subClassOf: top
+governsID: 1.2.840.113556.1.5.86
+rDNAttID: dc
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Node
+adminDescription: Dns-Node
+objectClassCategory: 1
+lDAPDisplayName: dnsNode
+schemaIDGUID:: jB764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: dnsZone
+systemMayContain: dNSTombstoned
+systemMayContain: dnsRecord
+systemMayContain: dNSProperty
+systemMustContain: dc
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;ED)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLO
+ RC;;;WD)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dns-Zone,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Dns-Zone
+subClassOf: top
+governsID: 1.2.840.113556.1.5.85
+rDNAttID: dc
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dns-Zone
+adminDescription: Dns-Zone
+objectClassCategory: 1
+lDAPDisplayName: dnsZone
+schemaIDGUID:: ix764EWb0BGv3QDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msDNS-NSEC3CurrentSalt
+systemMayContain: msDNS-NSEC3UserSalt
+systemMayContain: msDNS-PropagationTime
+systemMayContain: msDNS-ParentHasSecureDelegation
+systemMayContain: msDNS-DNSKEYRecords
+systemMayContain: msDNS-SigningKeys
+systemMayContain: msDNS-SigningKeyDescriptors
+systemMayContain: msDNS-SecureDelegationPollingPeriod
+systemMayContain: msDNS-SignatureInceptionOffset
+systemMayContain: msDNS-DSRecordSetTTL
+systemMayContain: msDNS-DNSKEYRecordSetTTL
+systemMayContain: msDNS-NSEC3Iterations
+systemMayContain: msDNS-NSEC3RandomSaltLength
+systemMayContain: msDNS-NSEC3HashAlgorithm
+systemMayContain: msDNS-RFC5011KeyRollovers
+systemMayContain: msDNS-DSRecordAlgorithms
+systemMayContain: msDNS-MaintainTrustAnchor
+systemMayContain: msDNS-NSEC3OptOut
+systemMayContain: msDNS-SignWithNSEC3
+systemMayContain: msDNS-IsSigned
+systemMayContain: managedBy
+systemMayContain: dnsSecureSecondaries
+systemMayContain: dNSProperty
+systemMayContain: dnsNotifySecondaries
+systemMayContain: dnsAllowXFR
+systemMayContain: dnsAllowDynamic
+systemMustContain: dc
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;ED)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;CC;;;AU)(A;;RPLCLORC;;;WD)(A;;RPWPCRCCDCLC
+ LORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Dns-Zone,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=document,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: document
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 0.9.2342.19200300.100.4.6
+mayContain: documentIdentifier
+mayContain: documentPublisher
+mayContain: documentLocation
+mayContain: documentAuthor
+mayContain: documentVersion
+mayContain: documentTitle
+mayContain: ou
+mayContain: o
+mayContain: l
+mayContain: seeAlso
+mayContain: description
+mayContain: cn
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: document
+adminDescription: 
+ The document object class is used to define entries which represent documents.
+objectClassCategory: 1
+lDAPDisplayName: document
+schemaIDGUID:: bdm6OdbCr0uIq35CB2ABFw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=document,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentSeries,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: documentSeries
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 0.9.2342.19200300.100.4.9
+mustContain: cn
+mayContain: telephoneNumber
+mayContain: ou
+mayContain: o
+mayContain: l
+mayContain: seeAlso
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: documentSeries
+adminDescription: 
+ The documentSeries object class is used to define an entry which represents a 
+ series of documents.
+objectClassCategory: 1
+lDAPDisplayName: documentSeries
+schemaIDGUID:: fOArei8wlku8kAeV1miF+A==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=documentSeries,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Domain
+subClassOf: top
+governsID: 1.2.840.113556.1.5.66
+rDNAttID: dc
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain
+adminDescription: Domain
+objectClassCategory: 2
+lDAPDisplayName: domain
+schemaIDGUID:: WloZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: domain
+systemPossSuperiors: organization
+systemMustContain: dc
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-DNS,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Domain-DNS
+subClassOf: domain
+governsID: 1.2.840.113556.1.5.67
+rDNAttID: dc
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-DNS
+adminDescription: Domain-DNS
+objectClassCategory: 1
+lDAPDisplayName: domainDNS
+schemaIDGUID:: W1oZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemMayContain: msDS-EnabledFeature
+systemMayContain: msDS-USNLastSyncSuccess
+systemMayContain: msDS-Behavior-Version
+systemMayContain: msDS-AllowedDNSSuffixes
+systemMayContain: managedBy
+systemAuxiliaryClass: samDomain
+defaultSecurityDescriptor: 
+ D:(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;S-1-5-21-3934771932-3278152359
+ -543699747-498)(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(O
+ A;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f
+ -00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;113
+ 1f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2
+ dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCW
+ DWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDD
+ TSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967a
+ ba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2
+ d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-90
+ 20-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-2
+ 0c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP
+ ;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)
+ (OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0
+ de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-1
+ 1d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b422
+ -00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79a
+ 2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;b
+ c0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(O
+ A;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015
+ E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9
+ B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU
+ )(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-a
+ b7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba
+ -0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f6
+ 08;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e
+ -00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;WP;ea1b7b93-5e4
+ 8-46d5-bc6c-4df4fda78a35;bf967a86-0de6-11d0-a285-00aa003049e2;PS)(OA;;CR;1131f
+ 6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda64
+ 0c;;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;89e95b76-444d-
+ 4c62-991a-0facbeda640c;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5
+ -32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad
+ -4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)(
+ OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ae-9c07-11d1-f79
+ f-00c04fc2dcd2;;BA)(OA;CIIO;CRRPWP;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)(O
+ A;CIOI;RPWP;3f78c3e5-f79a-46bd-a0b8-9d18116ddc79;;PS)S:(AU;SA;WDWOWP;;;WD)(AU;
+ SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf9
+ 67aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f
+ 80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Domain-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Domain-Policy
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.18
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Domain-Policy
+adminDescription: Domain-Policy
+objectClassCategory: 1
+lDAPDisplayName: domainPolicy
+schemaIDGUID:: mXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemPossSuperiors: container
+systemMayContain: qualityOfService
+systemMayContain: pwdProperties
+systemMayContain: pwdHistoryLength
+systemMayContain: publicKeyPolicy
+systemMayContain: proxyLifetime
+systemMayContain: minTicketAge
+systemMayContain: minPwdLength
+systemMayContain: minPwdAge
+systemMayContain: maxTicketAge
+systemMayContain: maxRenewAge
+systemMayContain: maxPwdAge
+systemMayContain: managedBy
+systemMayContain: lockoutThreshold
+systemMayContain: lockoutDuration
+systemMayContain: lockOutObservationWindow
+systemMayContain: ipsecPolicyReference
+systemMayContain: forceLogoff
+systemMayContain: eFSPolicy
+systemMayContain: domainWidePolicy
+systemMayContain: domainPolicyReference
+systemMayContain: domainCAs
+systemMayContain: defaultLocalPolicyObject
+systemMayContain: authenticationOptions
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Domain-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=domainRelatedObject,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: domainRelatedObject
+subClassOf: top
+governsID: 0.9.2342.19200300.100.4.17
+mayContain: associatedDomain
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: domainRelatedObject
+adminDescription: 
+ The domainRelatedObject object class is used to define an entry which represen
+ ts a series of documents.
+objectClassCategory: 3
+lDAPDisplayName: domainRelatedObject
+schemaIDGUID:: PS39i9rvSUWFLPheE3rtxg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=domainRelatedObject,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DS-UI-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: DS-UI-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.5.183
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DS-UI-Settings
+adminDescription: DS-UI-Settings
+objectClassCategory: 1
+lDAPDisplayName: dSUISettings
+schemaIDGUID:: FA+xCZNv0hGZBQAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msDS-Non-Security-Group-Extra-Classes
+systemMayContain: msDS-Security-Group-Extra-Classes
+systemMayContain: msDS-FilterContainers
+systemMayContain: dSUIShellMaximum
+systemMayContain: dSUIAdminNotification
+systemMayContain: dSUIAdminMaximum
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=DS-UI-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DSA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: DSA
+subClassOf: applicationEntity
+governsID: 2.5.6.13
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: DSA
+adminDescription: DSA
+objectClassCategory: 1
+lDAPDisplayName: dSA
+schemaIDGUID:: Uu7fP/RH0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: server
+systemPossSuperiors: computer
+systemMayContain: knowledgeInformation
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=DSA,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Dynamic-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Dynamic-Object
+description: 
+ This class, if present in an entry, indicates that this entry has a limited li
+ fetime and may disappear automatically when its time-to-live has reached 0. If
+  the client has not supplied a value for the entryTtl attribute, the server wi
+ ll provide one.
+subClassOf: top
+governsID: 1.3.6.1.4.1.1466.101.119.2
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Dynamic-Object
+adminDescription: Dynamic-Object
+objectClassCategory: 3
+lDAPDisplayName: dynamicObject
+schemaIDGUID:: SRLVZlUzH0yyToHyUqyiOw==
+systemOnly: FALSE
+systemMayContain: msDS-Entry-Time-To-Die
+systemMayContain: entryTTL
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Dynamic-Object,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=File-Link-Tracking,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: File-Link-Tracking
+subClassOf: top
+governsID: 1.2.840.113556.1.5.52
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: File-Link-Tracking
+adminDescription: File-Link-Tracking
+objectClassCategory: 1
+lDAPDisplayName: fileLinkTracking
+schemaIDGUID:: KSJx3eQQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=File-Link-Tracking,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=File-Link-Tracking-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: File-Link-Tracking-Entry
+subClassOf: top
+governsID: 1.2.840.113556.1.5.59
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: File-Link-Tracking-Entry
+adminDescription: File-Link-Tracking-Entry
+objectClassCategory: 1
+lDAPDisplayName: fileLinkTrackingEntry
+schemaIDGUID:: 7bJOjhJH0BGhoADAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: fileLinkTracking
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=File-Link-Tracking-Entry,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Foreign-Security-Principal
+subClassOf: top
+governsID: 1.2.840.113556.1.5.76
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Foreign-Security-Principal
+adminDescription: Foreign-Security-Principal
+objectClassCategory: 1
+lDAPDisplayName: foreignSecurityPrincipal
+schemaIDGUID:: EhzjiTCF0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: foreignIdentifier
+systemMustContain: objectSid
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9
+ 819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;
+ ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-000
+ 0F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45
+ 795B3-9455-11d1-AEBD-0000F80367C1;;PS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9
+ 020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;
+ E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04
+ fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=friendlyCountry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: friendlyCountry
+subClassOf: country
+governsID: 0.9.2342.19200300.100.4.18
+mustContain: co
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: friendlyCountry
+adminDescription: 
+ The friendlyCountry object class is used to define country entries in the DIT.
+objectClassCategory: 1
+lDAPDisplayName: friendlyCountry
+schemaIDGUID:: UvGYxGvcSkefUnzbo9fTUQ==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=friendlyCountry,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=FT-Dfs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: FT-Dfs
+subClassOf: top
+governsID: 1.2.840.113556.1.5.43
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FT-Dfs
+adminDescription: FT-Dfs
+objectClassCategory: 1
+lDAPDisplayName: fTDfs
+schemaIDGUID:: 8/lHhCcQ0BGgXwCqAGwz7Q==
+systemOnly: FALSE
+systemPossSuperiors: dfsConfiguration
+systemMayContain: uNCName
+systemMayContain: managedBy
+systemMayContain: keywords
+systemMustContain: remoteServerName
+systemMustContain: pKTGuid
+systemMustContain: pKT
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=FT-Dfs,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Group
+subClassOf: top
+governsID: 1.2.840.113556.1.5.8
+mayContain: msSFU30PosixMember
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group
+adminDescription: Group
+auxiliaryClass: posixGroup
+objectClassCategory: 1
+lDAPDisplayName: group
+schemaIDGUID:: nHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: msDS-AzScope
+systemPossSuperiors: msDS-AzApplication
+systemPossSuperiors: msDS-AzAdminManager
+systemPossSuperiors: container
+systemPossSuperiors: builtinDomain
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: msDS-PrimaryComputer
+systemMayContain: msDS-AzApplicationData
+systemMayContain: msDS-AzLastImportedBizRulePath
+systemMayContain: msDS-AzBizRuleLanguage
+systemMayContain: msDS-AzBizRule
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: primaryGroupToken
+systemMayContain: operatorCount
+systemMayContain: nTGroupMembers
+systemMayContain: nonSecurityMember
+systemMayContain: msDS-NonMembers
+systemMayContain: msDS-AzLDAPQuery
+systemMayContain: member
+systemMayContain: managedBy
+systemMayContain: groupMembershipSAM
+systemMayContain: groupAttributes
+systemMayContain: mail
+systemMayContain: desktopProfile
+systemMayContain: controlAccessRights
+systemMayContain: adminCount
+systemMustContain: groupType
+systemAuxiliaryClass: mailRecipient
+systemAuxiliaryClass: securityPrincipal
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab
+ 721a55-1e2f-11d0-9819-00aa0040529b;;AU)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d
+ 456d2;;S-1-5-32-560)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Group,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group-Of-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Group-Of-Names
+subClassOf: top
+governsID: 2.5.6.9
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group-Of-Names
+adminDescription: Group-Of-Names
+objectClassCategory: 0
+lDAPDisplayName: groupOfNames
+schemaIDGUID:: nXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: locality
+systemPossSuperiors: organization
+systemPossSuperiors: container
+systemMayContain: seeAlso
+systemMayContain: owner
+systemMayContain: ou
+systemMayContain: o
+systemMayContain: businessCategory
+systemMustContain: member
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Group-Of-Names,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=groupOfUniqueNames,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: groupOfUniqueNames
+possSuperiors: domainDNS
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 2.5.6.17
+mustContain: uniqueMember
+mustContain: cn
+mayContain: seeAlso
+mayContain: owner
+mayContain: ou
+mayContain: o
+mayContain: description
+mayContain: businessCategory
+rDNAttID: cn
+showInAdvancedViewOnly: FALSE
+adminDisplayName: groupOfUniqueNames
+adminDescription: Defines the entries for a group of unique names.
+objectClassCategory: 1
+lDAPDisplayName: groupOfUniqueNames
+schemaIDGUID:: EakQA6OTIU6no1XYWrLEiw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)
+systemFlags: 0
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=groupOfUniqueNames,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Group-Policy-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Group-Policy-Container
+subClassOf: container
+governsID: 1.2.840.113556.1.5.157
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Group-Policy-Container
+adminDescription: Group-Policy-Container
+objectClassCategory: 1
+lDAPDisplayName: groupPolicyContainer
+schemaIDGUID:: wjsO8/Cf0RG2AwAA+ANnwQ==
+systemOnly: FALSE
+systemMayContain: versionNumber
+systemMayContain: gPCWQLFilter
+systemMayContain: gPCUserExtensionNames
+systemMayContain: gPCMachineExtensionNames
+systemMayContain: gPCFunctionalityVersion
+systemMayContain: gPCFileSysPath
+systemMayContain: flags
+defaultSecurityDescriptor: 
+ D:P(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;DA)(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;EA
+ )(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;CO)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;
+ CI;RPLCLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;LCRP
+ LORC;;;ED)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Group-Policy-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Index-Server-Catalog,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Index-Server-Catalog
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.130
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Index-Server-Catalog
+adminDescription: Index-Server-Catalog
+objectClassCategory: 1
+lDAPDisplayName: indexServerCatalog
+schemaIDGUID:: isv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: uNCName
+systemMayContain: queryPoint
+systemMayContain: indexedScopes
+systemMayContain: friendlyNames
+systemMustContain: creator
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Index-Server-Catalog,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=inetOrgPerson,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: inetOrgPerson
+possSuperiors: domainDNS
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: user
+governsID: 2.16.840.1.113730.3.2.2
+mayContain: x500uniqueIdentifier
+mayContain: userSMIMECertificate
+mayContain: userPKCS12
+mayContain: userCertificate
+mayContain: uid
+mayContain: secretary
+mayContain: roomNumber
+mayContain: preferredLanguage
+mayContain: photo
+mayContain: pager
+mayContain: o
+mayContain: mobile
+mayContain: manager
+mayContain: mail
+mayContain: labeledURI
+mayContain: jpegPhoto
+mayContain: initials
+mayContain: homePostalAddress
+mayContain: homePhone
+mayContain: givenName
+mayContain: employeeType
+mayContain: employeeNumber
+mayContain: displayName
+mayContain: departmentNumber
+mayContain: carLicense
+mayContain: businessCategory
+mayContain: audio
+rDNAttID: cn
+showInAdvancedViewOnly: FALSE
+adminDisplayName: inetOrgPerson
+adminDescription: 
+ Represents people who are associated with an organization in some way.
+objectClassCategory: 1
+lDAPDisplayName: inetOrgPerson
+schemaIDGUID:: FMwoSDcUvEWbB61vAV5fKA==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9
+ 819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;
+ ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-000
+ 0F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45
+ 795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968
+ f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a
+ 9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04
+ fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-
+ 9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;
+ AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0
+ -9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;
+ ;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422
+ -11d1-aebd-0000f80367c1;;S-1-5-32-561)(OA;;WPRP;5805bc62-bdc9-4428-a5e2-856a0f
+ 4c185e;;S-1-5-32-561)
+systemFlags: 0
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Infrastructure-Update,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Infrastructure-Update
+subClassOf: top
+governsID: 1.2.840.113556.1.5.175
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Infrastructure-Update
+adminDescription: Infrastructure-Update
+objectClassCategory: 1
+lDAPDisplayName: infrastructureUpdate
+schemaIDGUID:: iQ35LZ8A0hGqTADAT9fYOg==
+systemOnly: TRUE
+systemPossSuperiors: infrastructureUpdate
+systemPossSuperiors: domain
+systemMayContain: dNReferenceUpdate
+defaultSecurityDescriptor: D:(A;;GA;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Intellimirror-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Intellimirror-Group
+subClassOf: top
+governsID: 1.2.840.113556.1.5.152
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Intellimirror-Group
+adminDescription: Intellimirror-Group
+objectClassCategory: 1
+lDAPDisplayName: intellimirrorGroup
+schemaIDGUID:: hjA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;
+ CCDC;;;CO)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Intellimirror-Group,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Intellimirror-SCP,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Intellimirror-SCP
+subClassOf: serviceAdministrationPoint
+governsID: 1.2.840.113556.1.5.151
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Intellimirror-SCP
+adminDescription: Intellimirror-SCP
+objectClassCategory: 1
+lDAPDisplayName: intellimirrorSCP
+schemaIDGUID:: hTA4B9+R0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemPossSuperiors: intellimirrorGroup
+systemMayContain: netbootTools
+systemMayContain: netbootServer
+systemMayContain: netbootNewMachineOU
+systemMayContain: netbootNewMachineNamingPolicy
+systemMayContain: netbootMaxClients
+systemMayContain: netbootMachineFilePath
+systemMayContain: netbootLocallyInstalledOSes
+systemMayContain: netbootLimitClients
+systemMayContain: netbootIntelliMirrorOSes
+systemMayContain: netbootCurrentClientCount
+systemMayContain: netbootAnswerRequests
+systemMayContain: netbootAnswerOnlyValidClients
+systemMayContain: netbootAllowNewClients
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Intellimirror-SCP,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Inter-Site-Transport,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Inter-Site-Transport
+subClassOf: top
+governsID: 1.2.840.113556.1.5.141
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Inter-Site-Transport
+adminDescription: Inter-Site-Transport
+objectClassCategory: 1
+lDAPDisplayName: interSiteTransport
+schemaIDGUID:: dnPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: interSiteTransportContainer
+systemMayContain: replInterval
+systemMayContain: options
+systemMustContain: transportDLLName
+systemMustContain: transportAddressAttribute
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Inter-Site-Transport,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Inter-Site-Transport-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Inter-Site-Transport-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.140
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Inter-Site-Transport-Container
+adminDescription: Inter-Site-Transport-Container
+objectClassCategory: 1
+lDAPDisplayName: interSiteTransportContainer
+schemaIDGUID:: dXPZJnBg0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: sitesContainer
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Inter-Site-Transport-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Base,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Ipsec-Base
+subClassOf: top
+governsID: 1.2.840.113556.1.5.7000.56
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Base
+adminDescription: Ipsec-Base
+objectClassCategory: 2
+lDAPDisplayName: ipsecBase
+schemaIDGUID:: JfgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemMayContain: ipsecOwnersReference
+systemMayContain: ipsecName
+systemMayContain: ipsecID
+systemMayContain: ipsecDataType
+systemMayContain: ipsecData
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Ipsec-Base,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Ipsec-Filter
+subClassOf: ipsecBase
+governsID: 1.2.840.113556.1.5.118
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Filter
+adminDescription: Ipsec-Filter
+objectClassCategory: 1
+lDAPDisplayName: ipsecFilter
+schemaIDGUID:: JvgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: computer
+systemPossSuperiors: container
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Ipsec-Filter,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-ISAKMP-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Ipsec-ISAKMP-Policy
+subClassOf: ipsecBase
+governsID: 1.2.840.113556.1.5.120
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-ISAKMP-Policy
+adminDescription: Ipsec-ISAKMP-Policy
+objectClassCategory: 1
+lDAPDisplayName: ipsecISAKMPPolicy
+schemaIDGUID:: KPgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemPossSuperiors: organizationalUnit
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Ipsec-ISAKMP-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Negotiation-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Ipsec-Negotiation-Policy
+subClassOf: ipsecBase
+governsID: 1.2.840.113556.1.5.119
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Negotiation-Policy
+adminDescription: Ipsec-Negotiation-Policy
+objectClassCategory: 1
+lDAPDisplayName: ipsecNegotiationPolicy
+schemaIDGUID:: J/gPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: computer
+systemPossSuperiors: container
+systemMayContain: iPSECNegotiationPolicyType
+systemMayContain: iPSECNegotiationPolicyAction
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Ipsec-Negotiation-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-NFA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Ipsec-NFA
+subClassOf: ipsecBase
+governsID: 1.2.840.113556.1.5.121
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-NFA
+adminDescription: Ipsec-NFA
+objectClassCategory: 1
+lDAPDisplayName: ipsecNFA
+schemaIDGUID:: KfgPtHpC0RGpwgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemPossSuperiors: organizationalUnit
+systemMayContain: ipsecNegotiationPolicyReference
+systemMayContain: ipsecFilterReference
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Ipsec-NFA,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Ipsec-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Ipsec-Policy
+subClassOf: ipsecBase
+governsID: 1.2.840.113556.1.5.98
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Ipsec-Policy
+adminDescription: Ipsec-Policy
+objectClassCategory: 1
+lDAPDisplayName: ipsecPolicy
+schemaIDGUID:: ITGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: computer
+systemPossSuperiors: container
+systemMayContain: ipsecNFAReference
+systemMayContain: ipsecISAKMPReference
+defaultSecurityDescriptor: D:
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Ipsec-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Leaf,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Leaf
+subClassOf: top
+governsID: 1.2.840.113556.1.5.20
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Leaf
+adminDescription: Leaf
+objectClassCategory: 2
+lDAPDisplayName: leaf
+schemaIDGUID:: nnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Leaf,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Licensing-Site-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Licensing-Site-Settings
+subClassOf: applicationSiteSettings
+governsID: 1.2.840.113556.1.5.78
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Licensing-Site-Settings
+adminDescription: Licensing-Site-Settings
+objectClassCategory: 1
+lDAPDisplayName: licensingSiteSettings
+schemaIDGUID:: ffHoG/+p0BGv4gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: site
+systemMayContain: siteServer
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Licensing-Site-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Link-Track-Object-Move-Table,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Link-Track-Object-Move-Table
+subClassOf: fileLinkTracking
+governsID: 1.2.840.113556.1.5.91
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Link-Track-Object-Move-Table
+adminDescription: Link-Track-Object-Move-Table
+objectClassCategory: 1
+lDAPDisplayName: linkTrackObjectMoveTable
+schemaIDGUID:: 9Qys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: fileLinkTracking
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Link-Track-Object-Move-Table,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Link-Track-OMT-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Link-Track-OMT-Entry
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.93
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Link-Track-OMT-Entry
+adminDescription: Link-Track-OMT-Entry
+objectClassCategory: 1
+lDAPDisplayName: linkTrackOMTEntry
+schemaIDGUID:: 9wys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: linkTrackObjectMoveTable
+systemMayContain: timeRefresh
+systemMayContain: oMTIndxGuid
+systemMayContain: oMTGuid
+systemMayContain: currentLocation
+systemMayContain: birthLocation
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Link-Track-OMT-Entry,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Link-Track-Vol-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Link-Track-Vol-Entry
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.92
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Link-Track-Vol-Entry
+adminDescription: Link-Track-Vol-Entry
+objectClassCategory: 1
+lDAPDisplayName: linkTrackVolEntry
+schemaIDGUID:: 9gys3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: linkTrackVolumeTable
+systemMayContain: volTableIdxGUID
+systemMayContain: volTableGUID
+systemMayContain: timeVolChange
+systemMayContain: timeRefresh
+systemMayContain: seqNotification
+systemMayContain: objectCount
+systemMayContain: linkTrackSecret
+systemMayContain: currMachineId
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Link-Track-Vol-Entry,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Link-Track-Volume-Table,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Link-Track-Volume-Table
+subClassOf: fileLinkTracking
+governsID: 1.2.840.113556.1.5.90
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Link-Track-Volume-Table
+adminDescription: Link-Track-Volume-Table
+objectClassCategory: 1
+lDAPDisplayName: linkTrackVolumeTable
+schemaIDGUID:: 9Ays3Y+v0BGv6wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: fileLinkTracking
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Link-Track-Volume-Table,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Locality,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Locality
+subClassOf: top
+governsID: 2.5.6.3
+rDNAttID: l
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Locality
+adminDescription: Locality
+objectClassCategory: 1
+lDAPDisplayName: locality
+schemaIDGUID:: oHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: country
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: organization
+systemPossSuperiors: locality
+systemMayContain: street
+systemMayContain: st
+systemMayContain: seeAlso
+systemMayContain: searchGuide
+systemMustContain: l
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Locality,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Lost-And-Found,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Lost-And-Found
+subClassOf: top
+governsID: 1.2.840.113556.1.5.139
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Lost-And-Found
+adminDescription: Lost-And-Found
+objectClassCategory: 1
+lDAPDisplayName: lostAndFound
+schemaIDGUID:: cYarUglX0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: configuration
+systemPossSuperiors: domainDNS
+systemPossSuperiors: dMD
+systemMayContain: moveTreeState
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Lost-And-Found,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Mail-Recipient,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Mail-Recipient
+subClassOf: top
+governsID: 1.2.840.113556.1.3.46
+mayContain: msDS-GeoCoordinatesLongitude
+mayContain: msDS-GeoCoordinatesLatitude
+mayContain: msDS-GeoCoordinatesAltitude
+mayContain: msDS-PhoneticDisplayName
+mayContain: userSMIMECertificate
+mayContain: secretary
+mayContain: msExchLabeledURI
+mayContain: msExchAssistantName
+mayContain: labeledURI
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Mail-Recipient
+adminDescription: Mail-Recipient
+objectClassCategory: 3
+lDAPDisplayName: mailRecipient
+schemaIDGUID:: oXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: userCertificate
+systemMayContain: userCert
+systemMayContain: textEncodedORAddress
+systemMayContain: telephoneNumber
+systemMayContain: showInAddressBook
+systemMayContain: legacyExchangeDN
+systemMayContain: garbageCollPeriod
+systemMayContain: info
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Mail-Recipient,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Meeting,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Meeting
+subClassOf: top
+governsID: 1.2.840.113556.1.5.104
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Meeting
+adminDescription: Meeting
+objectClassCategory: 1
+lDAPDisplayName: meeting
+schemaIDGUID:: lMy2EcRI0RGpwwAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: meetingURL
+systemMayContain: meetingType
+systemMayContain: meetingStartTime
+systemMayContain: meetingScope
+systemMayContain: meetingRecurrence
+systemMayContain: meetingRating
+systemMayContain: meetingProtocol
+systemMayContain: meetingOwner
+systemMayContain: meetingOriginator
+systemMayContain: meetingMaxParticipants
+systemMayContain: meetingLocation
+systemMayContain: meetingLanguage
+systemMayContain: meetingKeyword
+systemMayContain: meetingIsEncrypted
+systemMayContain: meetingIP
+systemMayContain: meetingID
+systemMayContain: meetingEndTime
+systemMayContain: meetingDescription
+systemMayContain: meetingContactInfo
+systemMayContain: meetingBlob
+systemMayContain: meetingBandwidth
+systemMayContain: meetingApplication
+systemMayContain: meetingAdvertiseScope
+systemMustContain: meetingName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Meeting,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-Partition,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-COM-Partition
+subClassOf: top
+governsID: 1.2.840.113556.1.5.193
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-Partition
+adminDescription: Partition class. Default = adminDisplayName
+objectClassCategory: 1
+lDAPDisplayName: msCOM-Partition
+schemaIDGUID:: dA4ByVhO90mKiV4+I0D8+A==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: msCOM-ObjectId
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-COM-Partition,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-COM-PartitionSet,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-COM-PartitionSet
+subClassOf: top
+governsID: 1.2.840.113556.1.5.194
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-COM-PartitionSet
+adminDescription: PartitionSet class. Default = adminDisplayName
+objectClassCategory: 1
+lDAPDisplayName: msCOM-PartitionSet
+schemaIDGUID:: q2QEJRfEekmXWp4NRZp8oQ==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: msCOM-PartitionLink
+systemMayContain: msCOM-DefaultPartitionLink
+systemMayContain: msCOM-ObjectId
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-COM-PartitionSet,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-App-Configuration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-App-Configuration
+possSuperiors: organizationalUnit
+possSuperiors: computer
+possSuperiors: container
+subClassOf: applicationSettings
+governsID: 1.2.840.113556.1.5.220
+mayContain: owner
+mayContain: msDS-ObjectReference
+mayContain: msDS-Integer
+mayContain: msDS-DateTime
+mayContain: msDS-ByteArray
+mayContain: managedBy
+mayContain: keywords
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-App-Configuration
+adminDescription: Stores configuration parameters for an application.
+objectClassCategory: 1
+lDAPDisplayName: msDS-App-Configuration
+schemaIDGUID:: PjzfkFQYVUSl18rUDVZleg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 0
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-App-Configuration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-App-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-App-Data
+possSuperiors: organizationalUnit
+possSuperiors: computer
+possSuperiors: container
+subClassOf: applicationSettings
+governsID: 1.2.840.113556.1.5.241
+mayContain: owner
+mayContain: msDS-ObjectReference
+mayContain: msDS-Integer
+mayContain: msDS-DateTime
+mayContain: msDS-ByteArray
+mayContain: managedBy
+mayContain: keywords
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-App-Data
+adminDescription: 
+ Stores data that is to be used by an object. For example, profile information 
+ for a user object.
+objectClassCategory: 1
+lDAPDisplayName: msDS-AppData
+schemaIDGUID:: YddnnifjVU28lWgvh14vjg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 0
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-App-Data,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Admin-Manager,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Az-Admin-Manager
+subClassOf: top
+governsID: 1.2.840.113556.1.5.234
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Admin-Manager
+adminDescription: Root of Authorization Policy store instance
+objectClassCategory: 1
+lDAPDisplayName: msDS-AzAdminManager
+schemaIDGUID:: URDuzyhfrkuoY10MwYqO0Q==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: msDS-AzMinorVersion
+systemMayContain: msDS-AzMajorVersion
+systemMayContain: msDS-AzApplicationData
+systemMayContain: msDS-AzGenerateAudits
+systemMayContain: msDS-AzScriptTimeout
+systemMayContain: msDS-AzScriptEngineCacheMax
+systemMayContain: msDS-AzDomainTimeout
+systemMayContain: description
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Az-Admin-Manager,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Application,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Az-Application
+subClassOf: top
+governsID: 1.2.840.113556.1.5.235
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Application
+adminDescription: 
+ Defines an installed instance of an application bound to a particular policy s
+ tore.
+objectClassCategory: 1
+lDAPDisplayName: msDS-AzApplication
+schemaIDGUID:: m9743aXLEk6ELijYtm917A==
+systemOnly: FALSE
+systemPossSuperiors: msDS-AzAdminManager
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: msDS-AzApplicationData
+systemMayContain: msDS-AzGenerateAudits
+systemMayContain: msDS-AzApplicationVersion
+systemMayContain: msDS-AzClassId
+systemMayContain: msDS-AzApplicationName
+systemMayContain: description
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Az-Application,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Operation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Az-Operation
+subClassOf: top
+governsID: 1.2.840.113556.1.5.236
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Operation
+adminDescription: Describes a particular operation supported by an application
+objectClassCategory: 1
+lDAPDisplayName: msDS-AzOperation
+schemaIDGUID:: N74KhpuapE+z0ris5d+exQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: msDS-AzApplication
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: msDS-AzApplicationData
+systemMayContain: description
+systemMustContain: msDS-AzOperationID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Az-Operation,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Az-Role
+subClassOf: top
+governsID: 1.2.840.113556.1.5.239
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Role
+adminDescription: 
+ Defines a set of operations that can be performed by a particular set of users
+  within a particular scope
+objectClassCategory: 1
+lDAPDisplayName: msDS-AzRole
+schemaIDGUID:: yeoTglWd3ESSXOmlK5J2RA==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: msDS-AzScope
+systemPossSuperiors: msDS-AzApplication
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: msDS-AzApplicationData
+systemMayContain: msDS-TasksForAzRole
+systemMayContain: msDS-OperationsForAzRole
+systemMayContain: msDS-MembersForAzRole
+systemMayContain: description
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Az-Role,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Scope,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Az-Scope
+subClassOf: top
+governsID: 1.2.840.113556.1.5.237
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Scope
+adminDescription: Describes a set of objects managed by an application
+objectClassCategory: 1
+lDAPDisplayName: msDS-AzScope
+schemaIDGUID:: VODqT1XOu0eGDlsSBjpR3g==
+systemOnly: FALSE
+systemPossSuperiors: msDS-AzApplication
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: msDS-AzApplicationData
+systemMayContain: description
+systemMustContain: msDS-AzScopeName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Az-Scope,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Az-Task,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Az-Task
+subClassOf: top
+governsID: 1.2.840.113556.1.5.238
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-Task
+adminDescription: Describes a set of operations
+objectClassCategory: 1
+lDAPDisplayName: msDS-AzTask
+schemaIDGUID:: c6TTHhubikG/oDo3uVpTBg==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemPossSuperiors: msDS-AzScope
+systemPossSuperiors: msDS-AzApplication
+systemMayContain: msDS-AzObjectGuid
+systemMayContain: msDS-AzGenericData
+systemMayContain: msDS-TasksForAzTask
+systemMayContain: msDS-OperationsForAzTask
+systemMayContain: msDS-AzApplicationData
+systemMayContain: msDS-AzTaskIsRoleDefinition
+systemMayContain: msDS-AzLastImportedBizRulePath
+systemMayContain: msDS-AzBizRuleLanguage
+systemMayContain: msDS-AzBizRule
+systemMayContain: description
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Az-Task,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Optional-Feature,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Optional-Feature
+subClassOf: top
+governsID: 1.2.840.113556.1.5.265
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Optional-Feature
+adminDescription: Configuration for an optional DS feature.
+objectClassCategory: 1
+lDAPDisplayName: msDS-OptionalFeature
+schemaIDGUID:: QQDwRK81i0ayCmzoc3xYCw==
+systemOnly: TRUE
+systemPossSuperiors: container
+systemMayContain: msDS-RequiredForestBehaviorVersion
+systemMayContain: msDS-RequiredDomainBehaviorVersion
+systemMustContain: msDS-OptionalFeatureFlags
+systemMustContain: msDS-OptionalFeatureGUID
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Optional-Feature,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Password-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Password-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.5.255
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Password-Settings
+adminDescription: Password settings object for accounts
+objectClassCategory: 1
+lDAPDisplayName: msDS-PasswordSettings
+schemaIDGUID:: uJ3NO0v4HEWVL2xSuB+exg==
+systemOnly: FALSE
+systemPossSuperiors: msDS-PasswordSettingsContainer
+systemMayContain: msDS-PSOAppliesTo
+systemMustContain: msDS-PasswordHistoryLength
+systemMustContain: msDS-PasswordSettingsPrecedence
+systemMustContain: msDS-PasswordReversibleEncryptionEnabled
+systemMustContain: msDS-LockoutThreshold
+systemMustContain: msDS-LockoutDuration
+systemMustContain: msDS-LockoutObservationWindow
+systemMustContain: msDS-PasswordComplexityEnabled
+systemMustContain: msDS-MinimumPasswordLength
+systemMustContain: msDS-MinimumPasswordAge
+systemMustContain: msDS-MaximumPasswordAge
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Password-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Password-Settings-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Password-Settings-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.256
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Password-Settings-Container
+adminDescription: Container for password settings objects
+objectClassCategory: 1
+lDAPDisplayName: msDS-PasswordSettingsContainer
+schemaIDGUID:: arAGW/NMwES9FkO8EKmH2g==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Password-Settings-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Quota-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Quota-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.242
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Quota-Container
+adminDescription: 
+ A special container that holds all quota specifications for the directory data
+ base.
+objectClassCategory: 1
+lDAPDisplayName: msDS-QuotaContainer
+schemaIDGUID:: T/yD2m8H6kq03I9Nq5tZkw==
+systemOnly: FALSE
+systemPossSuperiors: configuration
+systemPossSuperiors: domainDNS
+systemMayContain: msDS-TopQuotaUsage
+systemMayContain: msDS-QuotaUsed
+systemMayContain: msDS-QuotaEffective
+systemMayContain: msDS-TombstoneQuotaFactor
+systemMayContain: msDS-DefaultQuota
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;BA)(OA;;CR;4ecc03fe-ffc0-
+ 4947-b630-eb672a8a9dbc;;WD)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Quota-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Quota-Control,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Quota-Control
+subClassOf: top
+governsID: 1.2.840.113556.1.5.243
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Quota-Control
+adminDescription: 
+ A class used to represent quota specifications for the directory database.
+objectClassCategory: 1
+lDAPDisplayName: msDS-QuotaControl
+schemaIDGUID:: JvyR3gK9UkuuJnlZmelvxw==
+systemOnly: FALSE
+systemPossSuperiors: msDS-QuotaContainer
+systemMustContain: msDS-QuotaAmount
+systemMustContain: msDS-QuotaTrustee
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;BA)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Quota-Control,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Managed-Service-Account,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Managed-Service-Account
+subClassOf: computer
+governsID: 1.2.840.113556.1.5.264
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Managed-Service-Account
+adminDescription: 
+ Service account class is used to create accounts that are used for running Win
+ dows services.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ManagedServiceAccount
+schemaIDGUID:: RGIgzidYhkq6HBwMOGwbZA==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCRLCLORCSDDT;;;CO)(OA;;WP;4c164200-20c0-
+ 11d0-a768-00aa006e0529;;CO)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO)(O
+ A;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO)(OA;;WP;3e0abfd0-126a-11d0-a060
+ -00aa006c33ed;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;5f202010-79a5-11
+ d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967950-
+ 0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf
+ 967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA
+ ;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEB
+ D-0000F80367C1;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)(A;;RPLCLO
+ RC;;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RPWP;bf967a7f-0d
+ e6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-
+ 1-5-32-560)(OA;;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;;ED)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Managed-Service-Account,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Exch-Configuration-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Exch-Configuration-Container
+subClassOf: container
+governsID: 1.2.840.113556.1.5.176
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Exch-Configuration-Container
+adminDescription: ms-Exch-Configuration-Container
+objectClassCategory: 1
+lDAPDisplayName: msExchConfigurationContainer
+schemaIDGUID:: WGg90PQG0hGqUwDAT9fYOg==
+systemOnly: FALSE
+systemMayContain: templateRoots2
+systemMayContain: templateRoots
+systemMayContain: addressBookRoots2
+systemMayContain: addressBookRoots
+systemMayContain: globalAddressList2
+systemMayContain: globalAddressList
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Exch-Configuration-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-LocalSettings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-LocalSettings
+possSuperiors: computer
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.1
+mayContain: msDFSR-StagingCleanupTriggerInPercent
+mayContain: msDFSR-CommonStagingSizeInMb
+mayContain: msDFSR-CommonStagingPath
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+mayContain: msDFSR-Version
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-LocalSettings
+adminDescription: DFSR settings applicable to local computer
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-LocalSettings
+schemaIDGUID:: kcWF+n8ZfkeDvepaQ98iOQ==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-LocalSettings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Subscriber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-Subscriber
+possSuperiors: msDFSR-LocalSettings
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.2
+mustContain: msDFSR-ReplicationGroupGuid
+mustContain: msDFSR-MemberReference
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Subscriber
+adminDescription: Represents local computer membership of a replication group
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-Subscriber
+schemaIDGUID:: 1wUV4cSS50O/XClYMv/Ilg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-Subscriber,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Subscription,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-Subscription
+possSuperiors: msDFSR-Subscriber
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.3
+mustContain: msDFSR-ReplicationGroupGuid
+mustContain: msDFSR-ContentSetGuid
+mayContain: msDFSR-OnDemandExclusionDirectoryFilter
+mayContain: msDFSR-OnDemandExclusionFileFilter
+mayContain: msDFSR-StagingCleanupTriggerInPercent
+mayContain: msDFSR-Options2
+mayContain: msDFSR-MaxAgeInCacheInMin
+mayContain: msDFSR-MinDurationCacheInMin
+mayContain: msDFSR-CachePolicy
+mayContain: msDFSR-ReadOnly
+mayContain: msDFSR-DeletedSizeInMb
+mayContain: msDFSR-DeletedPath
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+mayContain: msDFSR-DfsLinkTarget
+mayContain: msDFSR-RootFence
+mayContain: msDFSR-Enabled
+mayContain: msDFSR-ConflictSizeInMb
+mayContain: msDFSR-ConflictPath
+mayContain: msDFSR-StagingSizeInMb
+mayContain: msDFSR-StagingPath
+mayContain: msDFSR-RootSizeInMb
+mayContain: msDFSR-RootPath
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Subscription
+adminDescription: Represents local computer participation of a content set
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-Subscription
+schemaIDGUID:: FCQhZ8x7CUaH4AiNrYq97g==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-Subscription,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-GlobalSettings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-GlobalSettings
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.4
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-GlobalSettings
+adminDescription: Global settings applicable to all replication group members
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-GlobalSettings
+schemaIDGUID:: rds1e+yzakiq1C/snW6m9g==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-GlobalSettings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ReplicationGroup,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-ReplicationGroup
+possSuperiors: msDFSR-GlobalSettings
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.5
+mustContain: msDFSR-ReplicationGroupType
+mayContain: msDFSR-OnDemandExclusionDirectoryFilter
+mayContain: msDFSR-OnDemandExclusionFileFilter
+mayContain: msDFSR-DefaultCompressionExclusionFilter
+mayContain: msDFSR-Options2
+mayContain: msDFSR-DeletedSizeInMb
+mayContain: msDFSR-ConflictSizeInMb
+mayContain: msDFSR-StagingSizeInMb
+mayContain: msDFSR-RootSizeInMb
+mayContain: msDFSR-DirectoryFilter
+mayContain: msDFSR-FileFilter
+mayContain: msDFSR-Version
+mayContain: msDFSR-Schedule
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+mayContain: msDFSR-TombstoneExpiryInMin
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ReplicationGroup
+adminDescription: Replication Group container
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-ReplicationGroup
+schemaIDGUID:: 4C8zHCoMMk+vyiPF5Fqedw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-ReplicationGroup,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Content,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-Content
+possSuperiors: msDFSR-ReplicationGroup
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.6
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Content
+adminDescription: Container for DFSR-ContentSet objects
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-Content
+schemaIDGUID:: NZt1ZKHT5EK18aPeFiEJsw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-Content,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ContentSet,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-ContentSet
+possSuperiors: msDFSR-Content
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.7
+mayContain: msDFSR-OnDemandExclusionDirectoryFilter
+mayContain: msDFSR-OnDemandExclusionFileFilter
+mayContain: msDFSR-DefaultCompressionExclusionFilter
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Priority
+mayContain: msDFSR-DeletedSizeInMb
+mayContain: msDFSR-ConflictSizeInMb
+mayContain: msDFSR-StagingSizeInMb
+mayContain: msDFSR-RootSizeInMb
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+mayContain: msDFSR-DirectoryFilter
+mayContain: msDFSR-FileFilter
+mayContain: msDFSR-DfsPath
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-ContentSet
+adminDescription: DFSR Content Set
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-ContentSet
+schemaIDGUID:: DfQ3SdymSE2Xygbl+/0/Fg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-ContentSet,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Topology,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-Topology
+possSuperiors: msDFSR-ReplicationGroup
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.8
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Topology
+adminDescription: Container for objects that form the replication topology
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-Topology
+schemaIDGUID:: qYqCBEJugE65YuL+AHVNFw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-Topology,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-Member
+possSuperiors: msDFSR-Topology
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.9
+mustContain: msDFSR-ComputerReference
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+mayContain: msDFSR-Keywords
+mayContain: serverReference
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Member
+adminDescription: Replication group member
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-Member
+schemaIDGUID:: l8gpQhHCfEOlrtv3BbaW5Q==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-Member,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Connection,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFSR-Connection
+possSuperiors: msDFSR-Member
+subClassOf: top
+governsID: 1.2.840.113556.1.6.13.4.10
+mustContain: fromServer
+mayContain: msDFSR-DisablePacketPrivacy
+mayContain: msDFSR-Options2
+mayContain: msDFSR-Priority
+mayContain: msDFSR-Extension
+mayContain: msDFSR-Options
+mayContain: msDFSR-Flags
+mayContain: msDFSR-Schedule
+mayContain: msDFSR-Keywords
+mayContain: msDFSR-RdcMinFileSizeInKb
+mayContain: msDFSR-RdcEnabled
+mayContain: msDFSR-Enabled
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFSR-Connection
+adminDescription: Directional connection between two members
+objectClassCategory: 1
+lDAPDisplayName: msDFSR-Connection
+schemaIDGUID:: LpeP5bVk70aNi7vD4Yl+qw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFSR-Connection,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-ieee-80211-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-ieee-80211-Policy
+subClassOf: top
+governsID: 1.2.840.113556.1.5.240
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-ieee-80211-Policy
+adminDescription: class to store Wireless Network Policy Object
+objectClassCategory: 1
+lDAPDisplayName: msieee80211-Policy
+schemaIDGUID:: ki2ae+u3gkOXcsPg+bqvlA==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemMayContain: msieee80211-ID
+systemMayContain: msieee80211-DataType
+systemMayContain: msieee80211-Data
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-ieee-80211-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Imaging-PSPs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Imaging-PSPs
+subClassOf: container
+governsID: 1.2.840.113556.1.5.262
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Imaging-PSPs
+adminDescription: Container for all Enterprise Scan Post Scan Process objects.
+objectClassCategory: 1
+lDAPDisplayName: msImaging-PSPs
+schemaIDGUID:: wSrtoAyXd0eEjuxjoOxE/A==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Imaging-PSPs,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Imaging-PostScanProcess,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Imaging-PostScanProcess
+subClassOf: top
+governsID: 1.2.840.113556.1.5.263
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Imaging-PostScanProcess
+adminDescription: Enterprise Scan Post Scan Process object.
+objectClassCategory: 1
+lDAPDisplayName: msImaging-PostScanProcess
+schemaIDGUID:: fCV8H6O4JUWC+BHMx77jbg==
+systemOnly: FALSE
+systemPossSuperiors: msImaging-PSPs
+systemMayContain: msImaging-PSPString
+systemMayContain: serverName
+systemMustContain: displayName
+systemMustContain: msImaging-PSPIdentifier
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Imaging-PostScanProcess,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Print-ConnectionPolicy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Print-ConnectionPolicy
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.23.2
+mustContain: cn
+mayContain: uNCName
+mayContain: serverName
+mayContain: printAttributes
+mayContain: printerName
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Print-ConnectionPolicy
+adminDescription: Pushed Printer Connection Policy1
+objectClassCategory: 1
+lDAPDisplayName: msPrint-ConnectionPolicy
+schemaIDGUID:: xzNvodZ/KEiTZENROP2gjQ==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Print-ConnectionPolicy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Enterprise-Oid,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-PKI-Enterprise-Oid
+subClassOf: top
+governsID: 1.2.840.113556.1.5.196
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Enterprise-Oid
+adminDescription: ms-PKI-Enterprise-Oid
+objectClassCategory: 1
+lDAPDisplayName: msPKI-Enterprise-Oid
+schemaIDGUID:: XNjPNxln2EqPnoZ4umJ1Yw==
+systemOnly: FALSE
+systemPossSuperiors: msPKI-Enterprise-Oid
+systemPossSuperiors: container
+systemMayContain: msDS-OIDToGroupLink
+systemMayContain: msPKI-OID-User-Notice
+systemMayContain: msPKI-OIDLocalizedName
+systemMayContain: msPKI-OID-CPS
+systemMayContain: msPKI-OID-Attribute
+systemMayContain: msPKI-Cert-Template-OID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-PKI-Enterprise-Oid,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Key-Recovery-Agent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-PKI-Key-Recovery-Agent
+subClassOf: user
+governsID: 1.2.840.113556.1.5.195
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Key-Recovery-Agent
+adminDescription: ms-PKI-Key-Recovery-Agent
+objectClassCategory: 1
+lDAPDisplayName: msPKI-Key-Recovery-Agent
+schemaIDGUID:: OPLMJo6ghkuagqjJrH7lyw==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-PKI-Key-Recovery-Agent,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-SQLServer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-SQLServer
+subClassOf: serviceConnectionPoint
+governsID: 1.2.840.113556.1.5.184
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-SQLServer
+adminDescription: MS-SQL-SQLServer
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-SQLServer
+schemaIDGUID:: eMj2Be/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: serviceConnectionPoint
+systemMayContain: mS-SQL-Keywords
+systemMayContain: mS-SQL-GPSHeight
+systemMayContain: mS-SQL-GPSLongitude
+systemMayContain: mS-SQL-GPSLatitude
+systemMayContain: mS-SQL-InformationURL
+systemMayContain: mS-SQL-LastUpdatedDate
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-Vines
+systemMayContain: mS-SQL-AppleTalk
+systemMayContain: mS-SQL-TCPIP
+systemMayContain: mS-SQL-SPX
+systemMayContain: mS-SQL-MultiProtocol
+systemMayContain: mS-SQL-NamedPipe
+systemMayContain: mS-SQL-Clustered
+systemMayContain: mS-SQL-UnicodeSortOrder
+systemMayContain: mS-SQL-SortOrder
+systemMayContain: mS-SQL-CharacterSet
+systemMayContain: mS-SQL-ServiceAccount
+systemMayContain: mS-SQL-Build
+systemMayContain: mS-SQL-Memory
+systemMayContain: mS-SQL-Location
+systemMayContain: mS-SQL-Contact
+systemMayContain: mS-SQL-RegisteredOwner
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-SQLServer,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-OLAPServer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-OLAPServer
+subClassOf: serviceConnectionPoint
+governsID: 1.2.840.113556.1.5.185
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-OLAPServer
+adminDescription: MS-SQL-OLAPServer
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-OLAPServer
+schemaIDGUID:: 6hh+DO/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: serviceConnectionPoint
+systemMayContain: mS-SQL-Keywords
+systemMayContain: mS-SQL-PublicationURL
+systemMayContain: mS-SQL-InformationURL
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-Language
+systemMayContain: mS-SQL-ServiceAccount
+systemMayContain: mS-SQL-Contact
+systemMayContain: mS-SQL-RegisteredOwner
+systemMayContain: mS-SQL-Build
+systemMayContain: mS-SQL-Version
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-OLAPServer,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-SQLRepository,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-SQLRepository
+subClassOf: top
+governsID: 1.2.840.113556.1.5.186
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-SQLRepository
+adminDescription: MS-SQL-SQLRepository
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-SQLRepository
+schemaIDGUID:: XDzUEe/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: mS-SQL-SQLServer
+systemMayContain: mS-SQL-InformationDirectory
+systemMayContain: mS-SQL-Version
+systemMayContain: mS-SQL-Description
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-Build
+systemMayContain: mS-SQL-Contact
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-SQLRepository,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-SQLPublication,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-SQLPublication
+subClassOf: top
+governsID: 1.2.840.113556.1.5.187
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-SQLPublication
+adminDescription: MS-SQL-SQLPublication
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-SQLPublication
+schemaIDGUID:: TvbCF+/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: mS-SQL-SQLServer
+systemMayContain: mS-SQL-ThirdParty
+systemMayContain: mS-SQL-AllowSnapshotFilesFTPDownloading
+systemMayContain: mS-SQL-AllowQueuedUpdatingSubscription
+systemMayContain: mS-SQL-AllowImmediateUpdatingSubscription
+systemMayContain: mS-SQL-AllowKnownPullSubscription
+systemMayContain: mS-SQL-Publisher
+systemMayContain: mS-SQL-AllowAnonymousSubscription
+systemMayContain: mS-SQL-Database
+systemMayContain: mS-SQL-Type
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-Description
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-SQLPublication,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-SQLDatabase,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-SQLDatabase
+subClassOf: top
+governsID: 1.2.840.113556.1.5.188
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-SQLDatabase
+adminDescription: MS-SQL-SQLDatabase
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-SQLDatabase
+schemaIDGUID:: SmkIHe/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: mS-SQL-SQLServer
+systemMayContain: mS-SQL-Keywords
+systemMayContain: mS-SQL-InformationURL
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-Applications
+systemMayContain: mS-SQL-LastDiagnosticDate
+systemMayContain: mS-SQL-LastBackupDate
+systemMayContain: mS-SQL-CreationDate
+systemMayContain: mS-SQL-Size
+systemMayContain: mS-SQL-Contact
+systemMayContain: mS-SQL-Alias
+systemMayContain: mS-SQL-Description
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-SQLDatabase,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-OLAPDatabase,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-OLAPDatabase
+subClassOf: top
+governsID: 1.2.840.113556.1.5.189
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-OLAPDatabase
+adminDescription: MS-SQL-OLAPDatabase
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-OLAPDatabase
+schemaIDGUID:: GgOvIO/M0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: mS-SQL-OLAPServer
+systemMayContain: mS-SQL-Keywords
+systemMayContain: mS-SQL-PublicationURL
+systemMayContain: mS-SQL-ConnectionURL
+systemMayContain: mS-SQL-InformationURL
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-Applications
+systemMayContain: mS-SQL-LastBackupDate
+systemMayContain: mS-SQL-LastUpdatedDate
+systemMayContain: mS-SQL-Size
+systemMayContain: mS-SQL-Type
+systemMayContain: mS-SQL-Description
+systemMayContain: mS-SQL-Contact
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-OLAPDatabase,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-SQL-OLAPCube,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MS-SQL-OLAPCube
+subClassOf: top
+governsID: 1.2.840.113556.1.5.190
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-SQL-OLAPCube
+adminDescription: MS-SQL-OLAPCube
+objectClassCategory: 1
+lDAPDisplayName: mS-SQL-OLAPCube
+schemaIDGUID:: alDwCSjN0hGZkwAA+HpX1A==
+systemOnly: FALSE
+systemPossSuperiors: mS-SQL-OLAPDatabase
+systemMayContain: mS-SQL-Keywords
+systemMayContain: mS-SQL-PublicationURL
+systemMayContain: mS-SQL-InformationURL
+systemMayContain: mS-SQL-Status
+systemMayContain: mS-SQL-LastUpdatedDate
+systemMayContain: mS-SQL-Size
+systemMayContain: mS-SQL-Description
+systemMayContain: mS-SQL-Contact
+systemMayContain: mS-SQL-Name
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MS-SQL-OLAPCube,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TAPI-Rt-Conference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-TAPI-Rt-Conference
+subClassOf: top
+governsID: 1.2.840.113556.1.5.221
+rDNAttID: msTAPI-uid
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msTAPI-RtConference
+adminDescription: msTAPI-RtConference
+objectClassCategory: 1
+lDAPDisplayName: msTAPI-RtConference
+schemaIDGUID:: NZd7yipLSU6Jw5kCUzTclA==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemMayContain: msTAPI-ConferenceBlob
+systemMayContain: msTAPI-ProtocolId
+systemMustContain: msTAPI-uid
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-TAPI-Rt-Conference,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TAPI-Rt-Person,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-TAPI-Rt-Person
+subClassOf: top
+governsID: 1.2.840.113556.1.5.222
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msTAPI-RtPerson
+adminDescription: msTAPI-RtPerson
+objectClassCategory: 1
+lDAPDisplayName: msTAPI-RtPerson
+schemaIDGUID:: tRzqUwS3+U2Bj1y07IbKwQ==
+systemOnly: FALSE
+systemPossSuperiors: organization
+systemPossSuperiors: organizationalUnit
+systemMayContain: msTAPI-uid
+systemMayContain: msTAPI-IpAddress
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-TAPI-Rt-Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-IntRangeParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-IntRangeParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.205
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-IntRangeParam
+adminDescription: ms-WMI-IntRangeParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-IntRangeParam
+schemaIDGUID:: fV3KUItc806531tm1JHlJg==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMayContain: msWMI-IntMax
+systemMayContain: msWMI-IntMin
+systemMustContain: msWMI-IntDefault
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-IntRangeParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-IntSetParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-IntSetParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.206
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-IntSetParam
+adminDescription: ms-WMI-IntSetParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-IntSetParam
+schemaIDGUID:: mg0vKXbPsEKEH7ZQ8zHfYg==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMayContain: msWMI-IntValidValues
+systemMustContain: msWMI-IntDefault
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPCCDCLCLODTRC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-IntSetParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-MergeablePolicyTemplate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-MergeablePolicyTemplate
+subClassOf: msWMI-PolicyTemplate
+governsID: 1.2.840.113556.1.5.202
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-MergeablePolicyTemplate
+adminDescription: ms-WMI-MergeablePolicyTemplate
+objectClassCategory: 1
+lDAPDisplayName: msWMI-MergeablePolicyTemplate
+schemaIDGUID:: FCRQB8r9UUiwShNkWxHSJg==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPCCDCLCLODTRC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-MergeablePolicyTemplate,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-ObjectEncoding,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-ObjectEncoding
+subClassOf: top
+governsID: 1.2.840.113556.1.5.217
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-ObjectEncoding
+adminDescription: ms-WMI-ObjectEncoding
+objectClassCategory: 1
+lDAPDisplayName: msWMI-ObjectEncoding
+schemaIDGUID:: yYHdVRLD+UGoTcatvfHo4Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMustContain: msWMI-Class
+systemMustContain: msWMI-ScopeGuid
+systemMustContain: msWMI-Parm1
+systemMustContain: msWMI-Parm2
+systemMustContain: msWMI-Parm3
+systemMustContain: msWMI-Parm4
+systemMustContain: msWMI-Genus
+systemMustContain: msWMI-intFlags1
+systemMustContain: msWMI-intFlags2
+systemMustContain: msWMI-intFlags3
+systemMustContain: msWMI-intFlags4
+systemMustContain: msWMI-ID
+systemMustContain: msWMI-TargetObject
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-ObjectEncoding,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-PolicyTemplate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-PolicyTemplate
+subClassOf: top
+governsID: 1.2.840.113556.1.5.200
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-PolicyTemplate
+adminDescription: ms-WMI-PolicyTemplate
+objectClassCategory: 1
+lDAPDisplayName: msWMI-PolicyTemplate
+schemaIDGUID:: 8YC84kokWU2sxspcT4Lm4Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msWMI-TargetType
+systemMayContain: msWMI-SourceOrganization
+systemMayContain: msWMI-Parm4
+systemMayContain: msWMI-Parm3
+systemMayContain: msWMI-Parm2
+systemMayContain: msWMI-Parm1
+systemMayContain: msWMI-intFlags4
+systemMayContain: msWMI-intFlags3
+systemMayContain: msWMI-intFlags2
+systemMayContain: msWMI-intFlags1
+systemMayContain: msWMI-CreationDate
+systemMayContain: msWMI-ChangeDate
+systemMayContain: msWMI-Author
+systemMustContain: msWMI-NormalizedClass
+systemMustContain: msWMI-TargetPath
+systemMustContain: msWMI-TargetClass
+systemMustContain: msWMI-TargetNameSpace
+systemMustContain: msWMI-Name
+systemMustContain: msWMI-ID
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLO
+ CCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-PolicyTemplate,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-PolicyType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-PolicyType
+subClassOf: top
+governsID: 1.2.840.113556.1.5.211
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-PolicyType
+adminDescription: ms-WMI-PolicyType
+objectClassCategory: 1
+lDAPDisplayName: msWMI-PolicyType
+schemaIDGUID:: EyZbWQlBd06QE6O7TvJ3xw==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msWMI-SourceOrganization
+systemMayContain: msWMI-Parm4
+systemMayContain: msWMI-Parm3
+systemMayContain: msWMI-Parm2
+systemMayContain: msWMI-Parm1
+systemMayContain: msWMI-intFlags4
+systemMayContain: msWMI-intFlags3
+systemMayContain: msWMI-intFlags2
+systemMayContain: msWMI-intFlags1
+systemMayContain: msWMI-CreationDate
+systemMayContain: msWMI-ChangeDate
+systemMayContain: msWMI-Author
+systemMustContain: msWMI-TargetObject
+systemMustContain: msWMI-ID
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLO
+ CCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-PolicyType,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-RangeParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-RangeParam
+subClassOf: top
+governsID: 1.2.840.113556.1.5.203
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-RangeParam
+adminDescription: ms-WMI-RangeParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-RangeParam
+schemaIDGUID:: V1r7RRhQD02QVpl8jJEi2Q==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMustContain: msWMI-TargetType
+systemMustContain: msWMI-TargetClass
+systemMustContain: msWMI-PropertyName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPCCDCLCLODTRC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-RangeParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-RealRangeParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-RealRangeParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.209
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-RealRangeParam
+adminDescription: ms-WMI-RealRangeParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-RealRangeParam
+schemaIDGUID:: 4o/+arxwzkyxZqlvc1nFFA==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMayContain: msWMI-Int8Max
+systemMayContain: msWMI-Int8Min
+systemMustContain: msWMI-Int8Default
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-RealRangeParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Rule,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-Rule
+subClassOf: top
+governsID: 1.2.840.113556.1.5.214
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Rule
+adminDescription: ms-WMI-Rule
+objectClassCategory: 1
+lDAPDisplayName: msWMI-Rule
+schemaIDGUID:: g29+PA7dG0igwnTNlu8qZg==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-Som
+systemPossSuperiors: container
+systemMustContain: msWMI-QueryLanguage
+systemMustContain: msWMI-TargetNameSpace
+systemMustContain: msWMI-Query
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-Rule,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-ShadowObject,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-ShadowObject
+subClassOf: top
+governsID: 1.2.840.113556.1.5.212
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-ShadowObject
+adminDescription: ms-WMI-ShadowObject
+objectClassCategory: 1
+lDAPDisplayName: msWMI-ShadowObject
+schemaIDGUID:: 30vk8dONNUKchvkfMfW1aQ==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-PolicyType
+systemMustContain: msWMI-TargetObject
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-ShadowObject,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-SimplePolicyTemplate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-SimplePolicyTemplate
+subClassOf: msWMI-PolicyTemplate
+governsID: 1.2.840.113556.1.5.201
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-SimplePolicyTemplate
+adminDescription: ms-WMI-SimplePolicyTemplate
+objectClassCategory: 1
+lDAPDisplayName: msWMI-SimplePolicyTemplate
+schemaIDGUID:: tbLIbN8S9kSDB+dPXN7jaQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMustContain: msWMI-TargetObject
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPCCDCLCLODTRC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-SimplePolicyTemplate,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-Som,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-Som
+subClassOf: top
+governsID: 1.2.840.113556.1.5.213
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-Som
+adminDescription: ms-WMI-Som
+objectClassCategory: 1
+lDAPDisplayName: msWMI-Som
+schemaIDGUID:: eHCFq0IBBkSUWzTJtrEzcg==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msWMI-SourceOrganization
+systemMayContain: msWMI-Parm4
+systemMayContain: msWMI-Parm3
+systemMayContain: msWMI-Parm2
+systemMayContain: msWMI-Parm1
+systemMayContain: msWMI-intFlags4
+systemMayContain: msWMI-intFlags3
+systemMayContain: msWMI-intFlags2
+systemMayContain: msWMI-intFlags1
+systemMayContain: msWMI-CreationDate
+systemMayContain: msWMI-ChangeDate
+systemMayContain: msWMI-Author
+systemMustContain: msWMI-Name
+systemMustContain: msWMI-ID
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLO
+ CCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-Som,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-StringSetParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-StringSetParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.210
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-StringSetParam
+adminDescription: ms-WMI-StringSetParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-StringSetParam
+schemaIDGUID:: onnFC6cd6ky2mYB/O51jpA==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMayContain: msWMI-StringValidValues
+systemMustContain: msWMI-StringDefault
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPCCDCLCLODTRC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-StringSetParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-UintRangeParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-UintRangeParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.207
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-UintRangeParam
+adminDescription: ms-WMI-UintRangeParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-UintRangeParam
+schemaIDGUID:: spmn2fPOs0i1rfuF+N0yFA==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMayContain: msWMI-IntMax
+systemMayContain: msWMI-IntMin
+systemMustContain: msWMI-IntDefault
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-UintRangeParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-UintSetParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-UintSetParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.208
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-UintSetParam
+adminDescription: ms-WMI-UintSetParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-UintSetParam
+schemaIDGUID:: MetLjxlO9UaTLl+gPDObHQ==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMayContain: msWMI-IntValidValues
+systemMustContain: msWMI-IntDefault
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPCCDCLCLODTRC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-UintSetParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-UnknownRangeParam,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-UnknownRangeParam
+subClassOf: msWMI-RangeParam
+governsID: 1.2.840.113556.1.5.204
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-UnknownRangeParam
+adminDescription: ms-WMI-UnknownRangeParam
+objectClassCategory: 1
+lDAPDisplayName: msWMI-UnknownRangeParam
+schemaIDGUID:: a8IquNvGmECSxknBijM24Q==
+systemOnly: FALSE
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+systemMustContain: msWMI-TargetObject
+systemMustContain: msWMI-NormalizedClass
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-UnknownRangeParam,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-WMI-WMIGPO,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-WMI-WMIGPO
+subClassOf: top
+governsID: 1.2.840.113556.1.5.215
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-WMI-WMIGPO
+adminDescription: ms-WMI-WMIGPO
+objectClassCategory: 1
+lDAPDisplayName: msWMI-WMIGPO
+schemaIDGUID:: AABjBSc53k6/J8qR8nXCbw==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msWMI-Parm4
+systemMayContain: msWMI-Parm3
+systemMayContain: msWMI-Parm2
+systemMayContain: msWMI-Parm1
+systemMayContain: msWMI-intFlags4
+systemMayContain: msWMI-intFlags3
+systemMayContain: msWMI-intFlags2
+systemMayContain: msWMI-intFlags1
+systemMustContain: msWMI-TargetClass
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLO
+ CCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-WMI-WMIGPO,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Configuration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Configuration
+subClassOf: top
+governsID: 1.2.840.113556.1.5.162
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Configuration
+adminDescription: MSMQ-Configuration
+objectClassCategory: 1
+lDAPDisplayName: mSMQConfiguration
+schemaIDGUID:: RMMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemMayContain: mSMQSites
+systemMayContain: mSMQSignKey
+systemMayContain: mSMQServiceType
+systemMayContain: mSMQRoutingServices
+systemMayContain: mSMQQuota
+systemMayContain: mSMQOwnerID
+systemMayContain: mSMQOutRoutingServers
+systemMayContain: mSMQOSType
+systemMayContain: mSMQJournalQuota
+systemMayContain: mSMQInRoutingServers
+systemMayContain: mSMQForeign
+systemMayContain: mSMQEncryptKey
+systemMayContain: mSMQDsServices
+systemMayContain: mSMQDependentClientServices
+systemMayContain: mSMQComputerTypeEx
+systemMayContain: mSMQComputerType
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Configuration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Custom-Recipient,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Custom-Recipient
+subClassOf: top
+governsID: 1.2.840.113556.1.5.218
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Custom-Recipient
+adminDescription: MSMQ-Custom-Recipient
+objectClassCategory: 1
+lDAPDisplayName: msMQ-Custom-Recipient
+schemaIDGUID:: F2hth8w1bEOs6l73F03Zvg==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemPossSuperiors: container
+systemMayContain: msMQ-Recipient-FormatName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Custom-Recipient,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Enterprise-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Enterprise-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.5.163
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Enterprise-Settings
+adminDescription: MSMQ-Enterprise-Settings
+objectClassCategory: 1
+lDAPDisplayName: mSMQEnterpriseSettings
+schemaIDGUID:: RcMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: mSMQVersion
+systemMayContain: mSMQNameStyle
+systemMayContain: mSMQLongLived
+systemMayContain: mSMQInterval2
+systemMayContain: mSMQInterval1
+systemMayContain: mSMQCSPName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Enterprise-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Group
+subClassOf: top
+governsID: 1.2.840.113556.1.5.219
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Group
+adminDescription: MSMQ-Group
+objectClassCategory: 1
+lDAPDisplayName: msMQ-Group
+schemaIDGUID:: rHqyRvqq+0+3c+W/Yh7oew==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemMustContain: member
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Group,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Migrated-User,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Migrated-User
+subClassOf: top
+governsID: 1.2.840.113556.1.5.179
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Migrated-User
+adminDescription: MSMQ-Migrated-User
+objectClassCategory: 1
+lDAPDisplayName: mSMQMigratedUser
+schemaIDGUID:: l2l3UD080hGQzADAT9kasQ==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemPossSuperiors: builtinDomain
+systemMayContain: mSMQUserSid
+systemMayContain: mSMQSignCertificatesMig
+systemMayContain: mSMQSignCertificates
+systemMayContain: mSMQDigestsMig
+systemMayContain: mSMQDigests
+systemMayContain: objectSid
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Migrated-User,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Queue,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Queue
+subClassOf: top
+governsID: 1.2.840.113556.1.5.161
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Queue
+adminDescription: MSMQ-Queue
+objectClassCategory: 1
+lDAPDisplayName: mSMQQueue
+schemaIDGUID:: Q8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: mSMQConfiguration
+systemMayContain: mSMQTransactional
+systemMayContain: MSMQ-SecuredSource
+systemMayContain: mSMQQueueType
+systemMayContain: mSMQQueueQuota
+systemMayContain: mSMQQueueNameExt
+systemMayContain: mSMQQueueJournalQuota
+systemMayContain: mSMQPrivacyLevel
+systemMayContain: mSMQOwnerID
+systemMayContain: MSMQ-MulticastAddress
+systemMayContain: mSMQLabelEx
+systemMayContain: mSMQLabel
+systemMayContain: mSMQJournal
+systemMayContain: mSMQBasePriority
+systemMayContain: mSMQAuthenticate
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Queue,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.5.165
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Settings
+adminDescription: MSMQ-Settings
+objectClassCategory: 1
+lDAPDisplayName: mSMQSettings
+schemaIDGUID:: R8MNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: server
+systemMayContain: mSMQSiteNameEx
+systemMayContain: mSMQSiteName
+systemMayContain: mSMQServices
+systemMayContain: mSMQRoutingService
+systemMayContain: mSMQQMID
+systemMayContain: mSMQOwnerID
+systemMayContain: mSMQNt4Flags
+systemMayContain: mSMQMigrated
+systemMayContain: mSMQDsService
+systemMayContain: mSMQDependentClientService
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: MSMQ-Site-Link
+subClassOf: top
+governsID: 1.2.840.113556.1.5.164
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MSMQ-Site-Link
+adminDescription: MSMQ-Site-Link
+objectClassCategory: 1
+lDAPDisplayName: mSMQSiteLink
+schemaIDGUID:: RsMNmgDB0RG7xQCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: mSMQEnterpriseSettings
+systemMayContain: mSMQSiteGatesMig
+systemMayContain: mSMQSiteGates
+systemMustContain: mSMQSite2
+systemMustContain: mSMQSite1
+systemMustContain: mSMQCost
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=MSMQ-Site-Link,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTDS-Connection,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTDS-Connection
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.71
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTDS-Connection
+adminDescription: NTDS-Connection
+objectClassCategory: 1
+lDAPDisplayName: nTDSConnection
+schemaIDGUID:: YFoZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: nTFRSMember
+systemPossSuperiors: nTFRSReplicaSet
+systemPossSuperiors: nTDSDSA
+systemMayContain: transportType
+systemMayContain: schedule
+systemMayContain: mS-DS-ReplicatesNCReason
+systemMayContain: generatedConnection
+systemMustContain: options
+systemMustContain: fromServer
+systemMustContain: enabledConnection
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTDS-Connection,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTDS-DSA-RO,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTDS-DSA-RO
+subClassOf: nTDSDSA
+governsID: 1.2.840.113556.1.5.254
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTDS-DSA-RO
+adminDescription: 
+ A subclass of Directory Service Agent which is distinguished by its reduced pr
+ ivilege level.
+objectClassCategory: 1
+lDAPDisplayName: nTDSDSARO
+schemaIDGUID:: wW7RhZEHyEuKs3CYBgL/jA==
+systemOnly: TRUE
+systemPossSuperiors: organization
+systemPossSuperiors: server
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTDS-DSA-RO,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTDS-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTDS-Service
+subClassOf: top
+governsID: 1.2.840.113556.1.5.72
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTDS-Service
+adminDescription: NTDS-Service
+objectClassCategory: 1
+lDAPDisplayName: nTDSService
+schemaIDGUID:: X1oZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msDS-DeletedObjectLifetime
+systemMayContain: tombstoneLifetime
+systemMayContain: sPNMappings
+systemMayContain: replTopologyStayOfExecution
+systemMayContain: msDS-Other-Settings
+systemMayContain: garbageCollPeriod
+systemMayContain: dSHeuristics
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTDS-Site-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTDS-Site-Settings
+subClassOf: applicationSiteSettings
+governsID: 1.2.840.113556.1.5.69
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTDS-Site-Settings
+adminDescription: NTDS-Site-Settings
+objectClassCategory: 1
+lDAPDisplayName: nTDSSiteSettings
+schemaIDGUID:: XVoZGaBt0BGv0wDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: site
+systemMayContain: schedule
+systemMayContain: queryPolicyObject
+systemMayContain: options
+systemMayContain: msDS-Preferred-GC-Site
+systemMayContain: managedBy
+systemMayContain: interSiteTopologyRenew
+systemMayContain: interSiteTopologyGenerator
+systemMayContain: interSiteTopologyFailover
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTDS-Site-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTFRS-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTFRS-Member
+subClassOf: top
+governsID: 1.2.840.113556.1.5.153
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTFRS-Member
+adminDescription: NTFRS-Member
+objectClassCategory: 1
+lDAPDisplayName: nTFRSMember
+schemaIDGUID:: hiUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: nTFRSReplicaSet
+systemMayContain: serverReference
+systemMayContain: fRSUpdateTimeout
+systemMayContain: fRSServiceCommand
+systemMayContain: fRSRootSecurity
+systemMayContain: fRSPartnerAuthLevel
+systemMayContain: fRSFlags
+systemMayContain: fRSExtensions
+systemMayContain: fRSControlOutboundBacklog
+systemMayContain: fRSControlInboundBacklog
+systemMayContain: fRSControlDataCreation
+systemMayContain: frsComputerReference
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTFRS-Member,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTFRS-Replica-Set,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTFRS-Replica-Set
+subClassOf: top
+governsID: 1.2.840.113556.1.5.102
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTFRS-Replica-Set
+adminDescription: NTFRS-Replica-Set
+objectClassCategory: 1
+lDAPDisplayName: nTFRSReplicaSet
+schemaIDGUID:: OoBFUmrK0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: nTFRSSettings
+systemMayContain: schedule
+systemMayContain: msFRS-Topology-Pref
+systemMayContain: msFRS-Hub-Member
+systemMayContain: managedBy
+systemMayContain: fRSVersionGUID
+systemMayContain: fRSServiceCommand
+systemMayContain: fRSRootSecurity
+systemMayContain: fRSReplicaSetType
+systemMayContain: fRSReplicaSetGUID
+systemMayContain: fRSPrimaryMember
+systemMayContain: fRSPartnerAuthLevel
+systemMayContain: fRSLevelLimit
+systemMayContain: fRSFlags
+systemMayContain: fRSFileFilter
+systemMayContain: fRSExtensions
+systemMayContain: fRSDSPoll
+systemMayContain: fRSDirectoryFilter
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(OA;;CCDC;2a132586-9373-11d1
+ -aebc-0000f80367c1;;ED)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTFRS-Replica-Set,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTFRS-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTFRS-Settings
+subClassOf: applicationSettings
+governsID: 1.2.840.113556.1.5.89
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTFRS-Settings
+adminDescription: NTFRS-Settings
+objectClassCategory: 1
+lDAPDisplayName: nTFRSSettings
+schemaIDGUID:: wqyA9/BW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: nTFRSSettings
+systemPossSuperiors: container
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: organization
+systemMayContain: managedBy
+systemMayContain: fRSExtensions
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTFRS-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTFRS-Subscriber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTFRS-Subscriber
+subClassOf: top
+governsID: 1.2.840.113556.1.5.155
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTFRS-Subscriber
+adminDescription: NTFRS-Subscriber
+objectClassCategory: 1
+lDAPDisplayName: nTFRSSubscriber
+schemaIDGUID:: iCUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: nTFRSSubscriptions
+systemMayContain: schedule
+systemMayContain: fRSUpdateTimeout
+systemMayContain: fRSTimeLastConfigChange
+systemMayContain: fRSTimeLastCommand
+systemMayContain: fRSServiceCommandStatus
+systemMayContain: fRSServiceCommand
+systemMayContain: fRSMemberReference
+systemMayContain: fRSFlags
+systemMayContain: fRSFaultCondition
+systemMayContain: fRSExtensions
+systemMustContain: fRSStagingPath
+systemMustContain: fRSRootPath
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWO
+ WDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTFRS-Subscriber,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTFRS-Subscriptions,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NTFRS-Subscriptions
+subClassOf: top
+governsID: 1.2.840.113556.1.5.154
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: NTFRS-Subscriptions
+adminDescription: NTFRS-Subscriptions
+objectClassCategory: 1
+lDAPDisplayName: nTFRSSubscriptions
+schemaIDGUID:: hyUTKnOT0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: user
+systemPossSuperiors: computer
+systemPossSuperiors: nTFRSSubscriptions
+systemMayContain: fRSWorkingPath
+systemMayContain: fRSVersion
+systemMayContain: fRSExtensions
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWO
+ WDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NTFRS-Subscriptions,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Organizational-Person,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Organizational-Person
+subClassOf: person
+governsID: 2.5.6.7
+mayContain: msDS-HABSeniorityIndex
+mayContain: msDS-PhoneticDisplayName
+mayContain: msDS-PhoneticCompanyName
+mayContain: msDS-PhoneticDepartment
+mayContain: msDS-PhoneticLastName
+mayContain: msDS-PhoneticFirstName
+mayContain: houseIdentifier
+mayContain: msExchHouseIdentifier
+mayContain: homePostalAddress
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Organizational-Person
+adminDescription: Organizational-Person
+objectClassCategory: 0
+lDAPDisplayName: organizationalPerson
+schemaIDGUID:: pHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: organization
+systemPossSuperiors: container
+systemMayContain: msDS-AllowedToActOnBehalfOfOtherIdentity
+systemMayContain: x121Address
+systemMayContain: comment
+systemMayContain: title
+systemMayContain: co
+systemMayContain: primaryTelexNumber
+systemMayContain: telexNumber
+systemMayContain: teletexTerminalIdentifier
+systemMayContain: street
+systemMayContain: st
+systemMayContain: registeredAddress
+systemMayContain: preferredDeliveryMethod
+systemMayContain: postalCode
+systemMayContain: postalAddress
+systemMayContain: postOfficeBox
+systemMayContain: thumbnailPhoto
+systemMayContain: physicalDeliveryOfficeName
+systemMayContain: pager
+systemMayContain: otherPager
+systemMayContain: otherTelephone
+systemMayContain: mobile
+systemMayContain: otherMobile
+systemMayContain: primaryInternationalISDNNumber
+systemMayContain: ipPhone
+systemMayContain: otherIpPhone
+systemMayContain: otherHomePhone
+systemMayContain: homePhone
+systemMayContain: otherFacsimileTelephoneNumber
+systemMayContain: personalTitle
+systemMayContain: middleName
+systemMayContain: otherMailbox
+systemMayContain: ou
+systemMayContain: o
+systemMayContain: mhsORAddress
+systemMayContain: msDS-AllowedToDelegateTo
+systemMayContain: manager
+systemMayContain: thumbnailLogo
+systemMayContain: l
+systemMayContain: internationalISDNNumber
+systemMayContain: initials
+systemMayContain: givenName
+systemMayContain: generationQualifier
+systemMayContain: facsimileTelephoneNumber
+systemMayContain: employeeID
+systemMayContain: mail
+systemMayContain: division
+systemMayContain: destinationIndicator
+systemMayContain: department
+systemMayContain: c
+systemMayContain: countryCode
+systemMayContain: company
+systemMayContain: assistant
+systemMayContain: streetAddress
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Organizational-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Organizational-Role
+subClassOf: top
+governsID: 2.5.6.8
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Organizational-Role
+adminDescription: Organizational-Role
+objectClassCategory: 1
+lDAPDisplayName: organizationalRole
+schemaIDGUID:: v3TfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: organization
+systemPossSuperiors: container
+systemMayContain: x121Address
+systemMayContain: telexNumber
+systemMayContain: teletexTerminalIdentifier
+systemMayContain: telephoneNumber
+systemMayContain: street
+systemMayContain: st
+systemMayContain: seeAlso
+systemMayContain: roleOccupant
+systemMayContain: registeredAddress
+systemMayContain: preferredDeliveryMethod
+systemMayContain: postalCode
+systemMayContain: postalAddress
+systemMayContain: postOfficeBox
+systemMayContain: physicalDeliveryOfficeName
+systemMayContain: ou
+systemMayContain: l
+systemMayContain: internationalISDNNumber
+systemMayContain: facsimileTelephoneNumber
+systemMayContain: destinationIndicator
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Organizational-Role,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Organizational-Unit
+subClassOf: top
+governsID: 2.5.6.5
+rDNAttID: ou
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Organizational-Unit
+adminDescription: Organizational-Unit
+objectClassCategory: 1
+lDAPDisplayName: organizationalUnit
+schemaIDGUID:: pXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: country
+systemPossSuperiors: organization
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: x121Address
+systemMayContain: userPassword
+systemMayContain: uPNSuffixes
+systemMayContain: co
+systemMayContain: telexNumber
+systemMayContain: teletexTerminalIdentifier
+systemMayContain: telephoneNumber
+systemMayContain: street
+systemMayContain: st
+systemMayContain: seeAlso
+systemMayContain: searchGuide
+systemMayContain: registeredAddress
+systemMayContain: preferredDeliveryMethod
+systemMayContain: postalCode
+systemMayContain: postalAddress
+systemMayContain: postOfficeBox
+systemMayContain: physicalDeliveryOfficeName
+systemMayContain: msCOM-UserPartitionSetLink
+systemMayContain: managedBy
+systemMayContain: thumbnailLogo
+systemMayContain: l
+systemMayContain: internationalISDNNumber
+systemMayContain: gPOptions
+systemMayContain: gPLink
+systemMayContain: facsimileTelephoneNumber
+systemMayContain: destinationIndicator
+systemMayContain: desktopProfile
+systemMayContain: defaultGroup
+systemMayContain: countryCode
+systemMayContain: c
+systemMayContain: businessCategory
+systemMustContain: ou
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(OA;
+ ;CCDC;bf967a86-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aba-0de6-11d0-a2
+ 85-00aa003049e2;;AO)(OA;;CCDC;bf967a9c-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CC
+ DC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;E
+ D)(OA;;CCDC;4828CC14-1437-45bc-9B07-AD6F015E5F28;;AO)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Package-Registration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Package-Registration
+subClassOf: top
+governsID: 1.2.840.113556.1.5.49
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Package-Registration
+adminDescription: Package-Registration
+objectClassCategory: 1
+lDAPDisplayName: packageRegistration
+schemaIDGUID:: pnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: classStore
+systemMayContain: versionNumberLo
+systemMayContain: versionNumberHi
+systemMayContain: vendor
+systemMayContain: upgradeProductCode
+systemMayContain: setupCommand
+systemMayContain: productCode
+systemMayContain: packageType
+systemMayContain: packageName
+systemMayContain: packageFlags
+systemMayContain: msiScriptSize
+systemMayContain: msiScriptPath
+systemMayContain: msiScriptName
+systemMayContain: msiScript
+systemMayContain: msiFileList
+systemMayContain: managedBy
+systemMayContain: machineArchitecture
+systemMayContain: localeID
+systemMayContain: lastUpdateSequence
+systemMayContain: installUiLevel
+systemMayContain: iconPath
+systemMayContain: fileExtPriority
+systemMayContain: cOMTypelibId
+systemMayContain: cOMProgID
+systemMayContain: cOMInterfaceID
+systemMayContain: cOMClassID
+systemMayContain: categories
+systemMayContain: canUpgradeScript
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Package-Registration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Physical-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Physical-Location
+subClassOf: locality
+governsID: 1.2.840.113556.1.5.97
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Physical-Location
+adminDescription: Physical-Location
+objectClassCategory: 1
+lDAPDisplayName: physicalLocation
+schemaIDGUID:: IjGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: physicalLocation
+systemPossSuperiors: configuration
+systemMayContain: managedBy
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Physical-Location,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Certificate-Template,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: PKI-Certificate-Template
+subClassOf: top
+governsID: 1.2.840.113556.1.5.177
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Certificate-Template
+adminDescription: PKI-Certificate-Template
+objectClassCategory: 1
+lDAPDisplayName: pKICertificateTemplate
+schemaIDGUID:: opwg5bo70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: pKIOverlapPeriod
+systemMayContain: pKIMaxIssuingDepth
+systemMayContain: pKIKeyUsage
+systemMayContain: pKIExtendedKeyUsage
+systemMayContain: pKIExpirationPeriod
+systemMayContain: pKIEnrollmentAccess
+systemMayContain: pKIDefaultCSPs
+systemMayContain: pKIDefaultKeySpec
+systemMayContain: pKICriticalExtensions
+systemMayContain: msPKI-RA-Signature
+systemMayContain: msPKI-RA-Policies
+systemMayContain: msPKI-RA-Application-Policies
+systemMayContain: msPKI-Template-Schema-Version
+systemMayContain: msPKI-Template-Minor-Revision
+systemMayContain: msPKI-Supersede-Templates
+systemMayContain: msPKI-Private-Key-Flag
+systemMayContain: msPKI-Minimal-Key-Size
+systemMayContain: msPKI-Enrollment-Flag
+systemMayContain: msPKI-Certificate-Policy
+systemMayContain: msPKI-Certificate-Name-Flag
+systemMayContain: msPKI-Certificate-Application-Policy
+systemMayContain: msPKI-Cert-Template-OID
+systemMayContain: flags
+systemMayContain: displayName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=PKI-Certificate-Template,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Enrollment-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: PKI-Enrollment-Service
+subClassOf: top
+governsID: 1.2.840.113556.1.5.178
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: PKI-Enrollment-Service
+adminDescription: PKI-Enrollment-Service
+objectClassCategory: 1
+lDAPDisplayName: pKIEnrollmentService
+schemaIDGUID:: kqZK7ro70hGQzADAT9kasQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msPKI-Site-Name
+systemMayContain: msPKI-Enrollment-Servers
+systemMayContain: signatureAlgorithms
+systemMayContain: enrollmentProviders
+systemMayContain: dNSHostName
+systemMayContain: certificateTemplates
+systemMayContain: cACertificateDN
+systemMayContain: cACertificate
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=PKI-Enrollment-Service,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-PKI-Private-Key-Recovery-Agent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-PKI-Private-Key-Recovery-Agent
+subClassOf: top
+governsID: 1.2.840.113556.1.5.223
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-PKI-Private-Key-Recovery-Agent
+adminDescription: ms-PKI-Private-Key-Recovery-Agent
+objectClassCategory: 1
+lDAPDisplayName: msPKI-PrivateKeyRecoveryAgent
+schemaIDGUID:: MqZiFblEfkqi0+QmyWo6zA==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMustContain: userCertificate
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-PKI-Private-Key-Recovery-Agent,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Print-Queue,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Print-Queue
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.23
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Print-Queue
+adminDescription: Print-Queue
+objectClassCategory: 1
+lDAPDisplayName: printQueue
+schemaIDGUID:: qHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemMayContain: priority
+systemMayContain: printStatus
+systemMayContain: printStartTime
+systemMayContain: printStaplingSupported
+systemMayContain: printSpooling
+systemMayContain: printShareName
+systemMayContain: printSeparatorFile
+systemMayContain: printRateUnit
+systemMayContain: printRate
+systemMayContain: printPagesPerMinute
+systemMayContain: printOwner
+systemMayContain: printOrientationsSupported
+systemMayContain: printNumberUp
+systemMayContain: printNotify
+systemMayContain: printNetworkAddress
+systemMayContain: printMinYExtent
+systemMayContain: printMinXExtent
+systemMayContain: printMemory
+systemMayContain: printMediaSupported
+systemMayContain: printMediaReady
+systemMayContain: printMaxYExtent
+systemMayContain: printMaxXExtent
+systemMayContain: printMaxResolutionSupported
+systemMayContain: printMaxCopies
+systemMayContain: printMACAddress
+systemMayContain: printLanguage
+systemMayContain: printKeepPrintedJobs
+systemMayContain: printFormName
+systemMayContain: printEndTime
+systemMayContain: printDuplexSupported
+systemMayContain: printColor
+systemMayContain: printCollate
+systemMayContain: printBinNames
+systemMayContain: printAttributes
+systemMayContain: portName
+systemMayContain: physicalLocationObject
+systemMayContain: operatingSystemVersion
+systemMayContain: operatingSystemServicePack
+systemMayContain: operatingSystemHotfix
+systemMayContain: operatingSystem
+systemMayContain: location
+systemMayContain: driverVersion
+systemMayContain: driverName
+systemMayContain: defaultPriority
+systemMayContain: bytesPerMinute
+systemMayContain: assetNumber
+systemMustContain: versionNumber
+systemMustContain: uNCName
+systemMustContain: shortServerName
+systemMustContain: serverName
+systemMustContain: printerName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;PO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLO
+ RC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Print-Queue,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Query-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Query-Policy
+subClassOf: top
+governsID: 1.2.840.113556.1.5.106
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Query-Policy
+adminDescription: Query-Policy
+objectClassCategory: 1
+lDAPDisplayName: queryPolicy
+schemaIDGUID:: dXDMg6fM0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: lDAPIPDenyList
+systemMayContain: lDAPAdminLimits
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Query-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Mail-Recipient,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Remote-Mail-Recipient
+subClassOf: top
+governsID: 1.2.840.113556.1.5.24
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Remote-Mail-Recipient
+adminDescription: Remote-Mail-Recipient
+objectClassCategory: 1
+lDAPDisplayName: remoteMailRecipient
+schemaIDGUID:: qXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: remoteSourceType
+systemMayContain: remoteSource
+systemMayContain: managedBy
+systemAuxiliaryClass: mailRecipient
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(OA;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Remote-Mail-Recipient,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Storage-Service-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Remote-Storage-Service-Point
+subClassOf: serviceAdministrationPoint
+governsID: 1.2.840.113556.1.5.146
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Remote-Storage-Service-Point
+adminDescription: Remote-Storage-Service-Point
+objectClassCategory: 1
+lDAPDisplayName: remoteStorageServicePoint
+schemaIDGUID:: vcU5KmCJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemMayContain: remoteStorageGUID
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Remote-Storage-Service-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Residential-Person,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Residential-Person
+subClassOf: person
+governsID: 2.5.6.10
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Residential-Person
+adminDescription: Residential-Person
+objectClassCategory: 1
+lDAPDisplayName: residentialPerson
+schemaIDGUID:: 1nTfqOrF0RG7ywCAx2ZwwA==
+systemOnly: FALSE
+systemPossSuperiors: locality
+systemPossSuperiors: container
+systemMayContain: x121Address
+systemMayContain: title
+systemMayContain: telexNumber
+systemMayContain: teletexTerminalIdentifier
+systemMayContain: street
+systemMayContain: st
+systemMayContain: registeredAddress
+systemMayContain: preferredDeliveryMethod
+systemMayContain: postalCode
+systemMayContain: postalAddress
+systemMayContain: postOfficeBox
+systemMayContain: physicalDeliveryOfficeName
+systemMayContain: ou
+systemMayContain: l
+systemMayContain: internationalISDNNumber
+systemMayContain: facsimileTelephoneNumber
+systemMayContain: destinationIndicator
+systemMayContain: businessCategory
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Residential-Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rFC822LocalPart,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rFC822LocalPart
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: domain
+governsID: 0.9.2342.19200300.100.4.14
+mayContain: x121Address
+mayContain: telexNumber
+mayContain: teletexTerminalIdentifier
+mayContain: telephoneNumber
+mayContain: street
+mayContain: sn
+mayContain: seeAlso
+mayContain: registeredAddress
+mayContain: preferredDeliveryMethod
+mayContain: postOfficeBox
+mayContain: postalCode
+mayContain: postalAddress
+mayContain: physicalDeliveryOfficeName
+mayContain: internationalISDNNumber
+mayContain: facsimileTelephoneNumber
+mayContain: destinationIndicator
+mayContain: description
+mayContain: cn
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rFC822LocalPart
+adminDescription: 
+ The rFC822LocalPart object class is used to define entries which represent the
+  local part of mail addresses.
+objectClassCategory: 1
+lDAPDisplayName: rFC822LocalPart
+schemaIDGUID:: eDo+ua7LXkige170rlBWhg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rFC822LocalPart,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Manager,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: RID-Manager
+subClassOf: top
+governsID: 1.2.840.113556.1.5.83
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Manager
+adminDescription: RID-Manager
+objectClassCategory: 1
+lDAPDisplayName: rIDManager
+schemaIDGUID:: jRgXZjyP0BGv2gDAT9kwyQ==
+systemOnly: TRUE
+systemPossSuperiors: container
+systemMayContain: msDS-RIDPoolAllocationEnabled
+systemMustContain: rIDAvailablePool
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)S:(AU;SA;CRWP;;;WD)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=RID-Manager,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RID-Set,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: RID-Set
+subClassOf: top
+governsID: 1.2.840.113556.1.5.129
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RID-Set
+adminDescription: RID-Set
+objectClassCategory: 1
+lDAPDisplayName: rIDSet
+schemaIDGUID:: icv9ewdI0RGpwwAA+ANnwQ==
+systemOnly: TRUE
+systemPossSuperiors: user
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemMustContain: rIDUsedPool
+systemMustContain: rIDPreviousAllocationPool
+systemMustContain: rIDNextRID
+systemMustContain: rIDAllocationPool
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=RID-Set,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=room,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: room
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 0.9.2342.19200300.100.4.7
+mustContain: cn
+mayContain: location
+mayContain: telephoneNumber
+mayContain: seeAlso
+mayContain: description
+mayContain: roomNumber
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: room
+adminDescription: 
+ The room object class is used to define entries representing rooms.
+objectClassCategory: 1
+lDAPDisplayName: room
+schemaIDGUID:: 0uVgeLDIu0y9RdlFW+uSBg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=room,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Rpc-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Rpc-Container
+subClassOf: container
+governsID: 1.2.840.113556.1.5.136
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Rpc-Container
+adminDescription: Rpc-Container
+objectClassCategory: 1
+lDAPDisplayName: rpcContainer
+schemaIDGUID:: QighgNxL0RGpxAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: nameServiceFlags
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Rpc-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rpc-Entry
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.27
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Entry
+adminDescription: rpc-Entry
+objectClassCategory: 2
+lDAPDisplayName: rpcEntry
+schemaIDGUID:: rHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rpc-Entry,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rpc-Group
+subClassOf: rpcEntry
+governsID: 1.2.840.113556.1.5.80
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Group
+adminDescription: rpc-Group
+objectClassCategory: 1
+lDAPDisplayName: rpcGroup
+schemaIDGUID:: 3xthiPSM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: rpcNsObjectID
+systemMayContain: rpcNsGroup
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rpc-Group,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Profile,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rpc-Profile
+subClassOf: rpcEntry
+governsID: 1.2.840.113556.1.5.82
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Profile
+adminDescription: rpc-Profile
+objectClassCategory: 1
+lDAPDisplayName: rpcProfile
+schemaIDGUID:: 4RthiPSM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rpc-Profile,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Profile-Element,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rpc-Profile-Element
+subClassOf: rpcEntry
+governsID: 1.2.840.113556.1.5.26
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Profile-Element
+adminDescription: rpc-Profile-Element
+objectClassCategory: 1
+lDAPDisplayName: rpcProfileElement
+schemaIDGUID:: z1OW8tB60BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: rpcProfile
+systemMayContain: rpcNsProfileEntry
+systemMayContain: rpcNsAnnotation
+systemMustContain: rpcNsPriority
+systemMustContain: rpcNsInterfaceID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rpc-Profile-Element,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rpc-Server
+subClassOf: rpcEntry
+governsID: 1.2.840.113556.1.5.81
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Server
+adminDescription: rpc-Server
+objectClassCategory: 1
+lDAPDisplayName: rpcServer
+schemaIDGUID:: 4BthiPSM0BGv2gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: rpcNsObjectID
+systemMayContain: rpcNsEntryFlags
+systemMayContain: rpcNsCodeset
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rpc-Server,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rpc-Server-Element,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: rpc-Server-Element
+subClassOf: rpcEntry
+governsID: 1.2.840.113556.1.5.73
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: rpc-Server-Element
+adminDescription: rpc-Server-Element
+objectClassCategory: 1
+lDAPDisplayName: rpcServerElement
+schemaIDGUID:: 0FOW8tB60BGv1gDAT9kwyQ==
+systemOnly: FALSE
+systemPossSuperiors: rpcServer
+systemMustContain: rpcNsTransferSyntax
+systemMustContain: rpcNsInterfaceID
+systemMustContain: rpcNsBindings
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=rpc-Server-Element,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RRAS-Administration-Connection-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: RRAS-Administration-Connection-Point
+subClassOf: serviceAdministrationPoint
+governsID: 1.2.840.113556.1.5.150
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RRAS-Administration-Connection-Point
+adminDescription: RRAS-Administration-Connection-Point
+objectClassCategory: 1
+lDAPDisplayName: rRASAdministrationConnectionPoint
+schemaIDGUID:: vsU5KmCJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemMayContain: msRRASAttribute
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWD
+ WOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=RRAS-Administration-Connection-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RRAS-Administration-Dictionary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: RRAS-Administration-Dictionary
+subClassOf: top
+governsID: 1.2.840.113556.1.5.156
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: RRAS-Administration-Dictionary
+adminDescription: RRAS-Administration-Dictionary
+objectClassCategory: 1
+lDAPDisplayName: rRASAdministrationDictionary
+schemaIDGUID:: rpib842T0RGuvQAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msRRASVendorAttributeEntry
+defaultSecurityDescriptor: 
+ D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWO
+ WDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=RRAS-Administration-Dictionary,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sam-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Sam-Domain
+subClassOf: top
+governsID: 1.2.840.113556.1.5.3
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sam-Domain
+adminDescription: Sam-Domain
+objectClassCategory: 3
+lDAPDisplayName: samDomain
+schemaIDGUID:: kHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemMayContain: treeName
+systemMayContain: rIDManagerReference
+systemMayContain: replicaSource
+systemMayContain: pwdProperties
+systemMayContain: pwdHistoryLength
+systemMayContain: privateKey
+systemMayContain: pekList
+systemMayContain: pekKeyChangeInterval
+systemMayContain: nTMixedDomain
+systemMayContain: nextRid
+systemMayContain: nETBIOSName
+systemMayContain: msDS-PerUserTrustTombstonesQuota
+systemMayContain: msDS-PerUserTrustQuota
+systemMayContain: ms-DS-MachineAccountQuota
+systemMayContain: msDS-LogonTimeSyncInterval
+systemMayContain: msDS-AllUsersTrustQuota
+systemMayContain: modifiedCountAtLastProm
+systemMayContain: minPwdLength
+systemMayContain: minPwdAge
+systemMayContain: maxPwdAge
+systemMayContain: lSAModifiedCount
+systemMayContain: lSACreationTime
+systemMayContain: lockoutThreshold
+systemMayContain: lockoutDuration
+systemMayContain: lockOutObservationWindow
+systemMayContain: gPOptions
+systemMayContain: gPLink
+systemMayContain: eFSPolicy
+systemMayContain: domainPolicyObject
+systemMayContain: desktopProfile
+systemMayContain: description
+systemMayContain: defaultLocalPolicyObject
+systemMayContain: creationTime
+systemMayContain: controlAccessRights
+systemMayContain: cACertificate
+systemMayContain: builtinModifiedCount
+systemMayContain: builtinCreationTime
+systemMayContain: auditingPolicy
+systemAuxiliaryClass: samDomainBase
+defaultSecurityDescriptor: 
+ D:(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;S-1-5-21-3934771932-3278152359
+ -543699747-498)(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(O
+ A;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f
+ -00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;113
+ 1f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2
+ dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCW
+ DWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDD
+ TSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967a
+ ba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2
+ d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-90
+ 20-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-2
+ 0c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP
+ ;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)
+ (OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0
+ de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-1
+ 1d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b422
+ -00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79a
+ 2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;b
+ c0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(O
+ A;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015
+ E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9
+ B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU
+ )(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-a
+ b7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba
+ -0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f6
+ 08;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e
+ -00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;WP;ea1b7b93-5e4
+ 8-46d5-bc6c-4df4fda78a35;bf967a86-0de6-11d0-a285-00aa003049e2;PS)(OA;;CR;1131f
+ 6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda64
+ 0c;;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;89e95b76-444d-
+ 4c62-991a-0facbeda640c;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5
+ -32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad
+ -4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)(
+ OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ae-9c07-11d1-f79
+ f-00c04fc2dcd2;;BA)(OA;CIIO;CRRPWP;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)(O
+ A;CIOI;RPWP;3f78c3e5-f79a-46bd-a0b8-9d18116ddc79;;PS)S:(AU;SA;WDWOWP;;;WD)(AU;
+ SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf9
+ 67aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f
+ 80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Sam-Domain,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sam-Domain-Base,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Sam-Domain-Base
+subClassOf: top
+governsID: 1.2.840.113556.1.5.2
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sam-Domain-Base
+adminDescription: Sam-Domain-Base
+objectClassCategory: 3
+lDAPDisplayName: samDomainBase
+schemaIDGUID:: kXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemMayContain: uASCompat
+systemMayContain: serverState
+systemMayContain: serverRole
+systemMayContain: revision
+systemMayContain: pwdProperties
+systemMayContain: pwdHistoryLength
+systemMayContain: oEMInformation
+systemMayContain: objectSid
+systemMayContain: nTSecurityDescriptor
+systemMayContain: nextRid
+systemMayContain: modifiedCountAtLastProm
+systemMayContain: modifiedCount
+systemMayContain: minPwdLength
+systemMayContain: minPwdAge
+systemMayContain: maxPwdAge
+systemMayContain: lockoutThreshold
+systemMayContain: lockoutDuration
+systemMayContain: lockOutObservationWindow
+systemMayContain: forceLogoff
+systemMayContain: domainReplica
+systemMayContain: creationTime
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Sam-Domain-Base,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sam-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Sam-Server
+subClassOf: securityObject
+governsID: 1.2.840.113556.1.5.5
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sam-Server
+adminDescription: Sam-Server
+objectClassCategory: 1
+lDAPDisplayName: samServer
+schemaIDGUID:: rXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemMayContain: samDomainUpdates
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPLCLORC;;;RU)(OA;;CR;91d67418-0135-4acc-8d79-c08e857cfbec;;
+ AU)(OA;;CR;91d67418-0135-4acc-8d79-c08e857cfbec;;RU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Sam-Server,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Secret,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Secret
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.28
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Secret
+adminDescription: Secret
+objectClassCategory: 1
+lDAPDisplayName: secret
+schemaIDGUID:: rnqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: priorValue
+systemMayContain: priorSetTime
+systemMayContain: lastSetTime
+systemMayContain: currentValue
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Secret,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Security-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Security-Object
+subClassOf: top
+governsID: 1.2.840.113556.1.5.1
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Security-Object
+adminDescription: Security-Object
+objectClassCategory: 2
+lDAPDisplayName: securityObject
+schemaIDGUID:: r3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Security-Object,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Security-Principal,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Security-Principal
+subClassOf: top
+governsID: 1.2.840.113556.1.5.6
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Security-Principal
+adminDescription: Security-Principal
+objectClassCategory: 3
+lDAPDisplayName: securityPrincipal
+schemaIDGUID:: sHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemMayContain: supplementalCredentials
+systemMayContain: sIDHistory
+systemMayContain: securityIdentifier
+systemMayContain: sAMAccountType
+systemMayContain: rid
+systemMayContain: tokenGroupsNoGCAcceptable
+systemMayContain: tokenGroupsGlobalAndUniversal
+systemMayContain: tokenGroups
+systemMayContain: nTSecurityDescriptor
+systemMayContain: msDS-KeyVersionNumber
+systemMayContain: altSecurityIdentities
+systemMayContain: accountNameHistory
+systemMustContain: sAMAccountName
+systemMustContain: objectSid
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Security-Principal,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Server
+subClassOf: top
+governsID: 1.2.840.113556.1.5.17
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Server
+adminDescription: Server
+objectClassCategory: 1
+lDAPDisplayName: server
+schemaIDGUID:: knqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: serversContainer
+systemMayContain: msDS-IsUserCachableAtRodc
+systemMayContain: msDS-SiteName
+systemMayContain: msDS-isRODC
+systemMayContain: msDS-isGC
+systemMayContain: mailAddress
+systemMayContain: serverReference
+systemMayContain: serialNumber
+systemMayContain: managedBy
+systemMayContain: dNSHostName
+systemMayContain: bridgeheadTransportList
+defaultSecurityDescriptor: 
+ D:(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A
+ ;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Server,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Servers-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Servers-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.7000.48
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Servers-Container
+adminDescription: Servers-Container
+objectClassCategory: 1
+lDAPDisplayName: serversContainer
+schemaIDGUID:: wKyA9/BW0RGpxgAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: site
+defaultSecurityDescriptor: 
+ D:(A;;CC;;;BA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Servers-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Administration-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Service-Administration-Point
+subClassOf: serviceConnectionPoint
+governsID: 1.2.840.113556.1.5.94
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Administration-Point
+adminDescription: Service-Administration-Point
+objectClassCategory: 1
+lDAPDisplayName: serviceAdministrationPoint
+schemaIDGUID:: IzGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: computer
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Service-Administration-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Class,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Service-Class
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.29
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Class
+adminDescription: Service-Class
+objectClassCategory: 1
+lDAPDisplayName: serviceClass
+schemaIDGUID:: sXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: serviceClassInfo
+systemMustContain: serviceClassID
+systemMustContain: displayName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Service-Class,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Connection-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Service-Connection-Point
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.126
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Connection-Point
+adminDescription: Service-Connection-Point
+objectClassCategory: 1
+lDAPDisplayName: serviceConnectionPoint
+schemaIDGUID:: wQ5jKNVB0RGpwQAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemPossSuperiors: computer
+systemMayContain: versionNumberLo
+systemMayContain: versionNumberHi
+systemMayContain: versionNumber
+systemMayContain: vendor
+systemMayContain: serviceDNSNameType
+systemMayContain: serviceDNSName
+systemMayContain: serviceClassName
+systemMayContain: serviceBindingInformation
+systemMayContain: appSchemaVersion
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Service-Connection-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Service-Instance,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Service-Instance
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.30
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Service-Instance
+adminDescription: Service-Instance
+objectClassCategory: 1
+lDAPDisplayName: serviceInstance
+schemaIDGUID:: snqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: winsockAddresses
+systemMayContain: serviceInstanceVersion
+systemMustContain: serviceClassID
+systemMustContain: displayName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Service-Instance,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=simpleSecurityObject,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: simpleSecurityObject
+subClassOf: top
+governsID: 0.9.2342.19200300.100.4.19
+mayContain: userPassword
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: simpleSecurityObject
+adminDescription: 
+ The simpleSecurityObject object class is used to allow an entry to have a user
+ Password attribute when an entry's principal object classes do not allow userP
+ assword as an attribute type.
+objectClassCategory: 3
+lDAPDisplayName: simpleSecurityObject
+schemaIDGUID:: C5vmX0bhFU+wq8Hl1IjglA==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=simpleSecurityObject,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Site
+subClassOf: top
+governsID: 1.2.840.113556.1.5.31
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site
+adminDescription: Site
+objectClassCategory: 1
+lDAPDisplayName: site
+schemaIDGUID:: s3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: sitesContainer
+systemMayContain: msDS-BridgeHeadServersUsed
+systemMayContain: notificationList
+systemMayContain: mSMQSiteID
+systemMayContain: mSMQSiteForeign
+systemMayContain: mSMQNt4Stub
+systemMayContain: mSMQInterval2
+systemMayContain: mSMQInterval1
+systemMayContain: managedBy
+systemMayContain: location
+systemMayContain: gPOptions
+systemMayContain: gPLink
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;ED)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Site,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Site-Link
+subClassOf: top
+governsID: 1.2.840.113556.1.5.147
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-Link
+adminDescription: Site-Link
+objectClassCategory: 1
+lDAPDisplayName: siteLink
+schemaIDGUID:: 3iwM1VGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: interSiteTransport
+systemMayContain: schedule
+systemMayContain: replInterval
+systemMayContain: options
+systemMayContain: cost
+systemMustContain: siteList
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Site-Link,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Link-Bridge,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Site-Link-Bridge
+subClassOf: top
+governsID: 1.2.840.113556.1.5.148
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Site-Link-Bridge
+adminDescription: Site-Link-Bridge
+objectClassCategory: 1
+lDAPDisplayName: siteLinkBridge
+schemaIDGUID:: 3ywM1VGJ0RGuvAAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: interSiteTransport
+systemMustContain: siteLinkList
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Site-Link-Bridge,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Sites-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Sites-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.107
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Sites-Container
+adminDescription: Sites-Container
+objectClassCategory: 1
+lDAPDisplayName: sitesContainer
+schemaIDGUID:: 2hdBemfN0BGv/wAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: configuration
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Storage,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Storage
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.33
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Storage
+adminDescription: Storage
+objectClassCategory: 1
+lDAPDisplayName: storage
+schemaIDGUID:: tXqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: monikerDisplayName
+systemMayContain: moniker
+systemMayContain: iconPath
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Storage,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Subnet,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Subnet
+subClassOf: top
+governsID: 1.2.840.113556.1.5.96
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Subnet
+adminDescription: Subnet
+objectClassCategory: 1
+lDAPDisplayName: subnet
+schemaIDGUID:: JDGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: subnetContainer
+systemMayContain: siteObject
+systemMayContain: physicalLocationObject
+systemMayContain: location
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Subnet,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Subnet-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Subnet-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.95
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Subnet-Container
+adminDescription: Subnet-Container
+objectClassCategory: 1
+lDAPDisplayName: subnetContainer
+schemaIDGUID:: JTGxty640BGv7gAA+ANnwQ==
+systemOnly: FALSE
+systemPossSuperiors: sitesContainer
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLC
+ LORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Subnet-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Top
+subClassOf: top
+governsID: 2.5.6.0
+mayContain: msSFU30PosixMemberOf
+mayContain: msDFSR-ComputerReferenceBL
+mayContain: msDFSR-MemberReferenceBL
+mayContain: msDS-ObjectReferenceBL
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Top
+adminDescription: Top
+objectClassCategory: 2
+lDAPDisplayName: top
+schemaIDGUID:: t3qWv+YN0BGihQCqADBJ4g==
+systemOnly: TRUE
+systemPossSuperiors: lostAndFound
+systemMayContain: msDS-TDOEgressBL
+systemMayContain: msDS-TDOIngressBL
+systemMayContain: msDS-ValueTypeReferenceBL
+systemMayContain: msDS-IsPrimaryComputerFor
+systemMayContain: msDS-ClaimSharesPossibleValuesWithBL
+systemMayContain: msDS-MembersOfResourcePropertyListBL
+systemMayContain: msDS-EnabledFeatureBL
+systemMayContain: msDS-LastKnownRDN
+systemMayContain: msDS-HostServiceAccountBL
+systemMayContain: msDS-OIDToGroupLinkBl
+systemMayContain: msDS-LocalEffectiveRecycleTime
+systemMayContain: msDS-LocalEffectiveDeletionTime
+systemMayContain: msDS-PSOApplied
+systemMayContain: msDS-NcType
+systemMayContain: msDS-PrincipalName
+systemMayContain: msDS-RevealedListBL
+systemMayContain: msDS-NC-RO-Replica-Locations-BL
+systemMayContain: msDS-AuthenticatedToAccountlist
+systemMayContain: msDS-IsPartialReplicaFor
+systemMayContain: msDS-IsDomainFor
+systemMayContain: msDS-IsFullReplicaFor
+systemMayContain: msDS-RevealedDSAs
+systemMayContain: msDS-KrbTgtLinkBl
+systemMayContain: url
+systemMayContain: wWWHomePage
+systemMayContain: whenCreated
+systemMayContain: whenChanged
+systemMayContain: wellKnownObjects
+systemMayContain: wbemPath
+systemMayContain: uSNSource
+systemMayContain: uSNLastObjRem
+systemMayContain: USNIntersite
+systemMayContain: uSNDSALastObjRemoved
+systemMayContain: uSNCreated
+systemMayContain: uSNChanged
+systemMayContain: systemFlags
+systemMayContain: subSchemaSubEntry
+systemMayContain: subRefs
+systemMayContain: structuralObjectClass
+systemMayContain: siteObjectBL
+systemMayContain: serverReferenceBL
+systemMayContain: sDRightsEffective
+systemMayContain: revision
+systemMayContain: repsTo
+systemMayContain: repsFrom
+systemMayContain: directReports
+systemMayContain: replUpToDateVector
+systemMayContain: replPropertyMetaData
+systemMayContain: name
+systemMayContain: queryPolicyBL
+systemMayContain: proxyAddresses
+systemMayContain: proxiedObjectName
+systemMayContain: possibleInferiors
+systemMayContain: partialAttributeSet
+systemMayContain: partialAttributeDeletionList
+systemMayContain: otherWellKnownObjects
+systemMayContain: objectVersion
+systemMayContain: objectGUID
+systemMayContain: distinguishedName
+systemMayContain: nonSecurityMemberBL
+systemMayContain: netbootSCPBL
+systemMayContain: ownerBL
+systemMayContain: msDS-ReplValueMetaData
+systemMayContain: msDS-ReplAttributeMetaData
+systemMayContain: msDS-NonMembersBL
+systemMayContain: msDS-NCReplOutboundNeighbors
+systemMayContain: msDS-NCReplInboundNeighbors
+systemMayContain: msDS-NCReplCursors
+systemMayContain: msDS-TasksForAzRoleBL
+systemMayContain: msDS-TasksForAzTaskBL
+systemMayContain: msDS-OperationsForAzRoleBL
+systemMayContain: msDS-OperationsForAzTaskBL
+systemMayContain: msDS-MembersForAzRoleBL
+systemMayContain: msDs-masteredBy
+systemMayContain: mS-DS-ConsistencyGuid
+systemMayContain: mS-DS-ConsistencyChildCount
+systemMayContain: msDS-Approx-Immed-Subordinates
+systemMayContain: msCOM-PartitionSetLink
+systemMayContain: msCOM-UserLink
+systemMayContain: modifyTimeStamp
+systemMayContain: masteredBy
+systemMayContain: managedObjects
+systemMayContain: lastKnownParent
+systemMayContain: isPrivilegeHolder
+systemMayContain: memberOf
+systemMayContain: isRecycled
+systemMayContain: isDeleted
+systemMayContain: isCriticalSystemObject
+systemMayContain: showInAdvancedViewOnly
+systemMayContain: fSMORoleOwner
+systemMayContain: fRSMemberReferenceBL
+systemMayContain: frsComputerReferenceBL
+systemMayContain: fromEntry
+systemMayContain: flags
+systemMayContain: extensionName
+systemMayContain: dSASignature
+systemMayContain: dSCorePropagationData
+systemMayContain: displayNamePrintable
+systemMayContain: displayName
+systemMayContain: description
+systemMayContain: createTimeStamp
+systemMayContain: cn
+systemMayContain: canonicalName
+systemMayContain: bridgeheadServerListBL
+systemMayContain: allowedChildClassesEffective
+systemMayContain: allowedChildClasses
+systemMayContain: allowedAttributesEffective
+systemMayContain: allowedAttributes
+systemMayContain: adminDisplayName
+systemMayContain: adminDescription
+systemMustContain: objectClass
+systemMustContain: objectCategory
+systemMustContain: nTSecurityDescriptor
+systemMustContain: instanceType
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Top,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Trusted-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Trusted-Domain
+subClassOf: leaf
+governsID: 1.2.840.113556.1.5.34
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Trusted-Domain
+adminDescription: Trusted-Domain
+objectClassCategory: 1
+lDAPDisplayName: trustedDomain
+schemaIDGUID:: uHqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msDS-EgressClaimsTransformationPolicy
+systemMayContain: msDS-IngressClaimsTransformationPolicy
+systemMayContain: trustType
+systemMayContain: trustPosixOffset
+systemMayContain: trustPartner
+systemMayContain: trustDirection
+systemMayContain: trustAuthOutgoing
+systemMayContain: trustAuthIncoming
+systemMayContain: trustAttributes
+systemMayContain: securityIdentifier
+systemMayContain: msDS-SupportedEncryptionTypes
+systemMayContain: msDS-TrustForestTrustInfo
+systemMayContain: mS-DS-CreatorSID
+systemMayContain: initialAuthOutgoing
+systemMayContain: initialAuthIncoming
+systemMayContain: flatName
+systemMayContain: domainIdentifier
+systemMayContain: domainCrossRef
+systemMayContain: additionalTrustedServiceNames
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(OA;;WP;736e4812-af31-11d2-b7df-00805f48caeb;bf967ab8-0de6-11d0-
+ a285-00aa003049e2;CO)(A;;SD;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Trusted-Domain,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Type-Library,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Type-Library
+subClassOf: top
+governsID: 1.2.840.113556.1.5.53
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Type-Library
+adminDescription: Type-Library
+objectClassCategory: 1
+lDAPDisplayName: typeLibrary
+schemaIDGUID:: 4hYUKGgZ0BGijwCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: classStore
+systemMayContain: cOMUniqueLIBID
+systemMayContain: cOMInterfaceID
+systemMayContain: cOMClassID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Type-Library,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: User
+subClassOf: organizationalPerson
+governsID: 1.2.840.113556.1.5.9
+mayContain: msDS-SourceObjectDN
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: x500uniqueIdentifier
+mayContain: userSMIMECertificate
+mayContain: userPKCS12
+mayContain: uid
+mayContain: secretary
+mayContain: roomNumber
+mayContain: preferredLanguage
+mayContain: photo
+mayContain: labeledURI
+mayContain: jpegPhoto
+mayContain: homePostalAddress
+mayContain: givenName
+mayContain: employeeType
+mayContain: employeeNumber
+mayContain: displayName
+mayContain: departmentNumber
+mayContain: carLicense
+mayContain: audio
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User
+adminDescription: User
+auxiliaryClass: shadowAccount
+auxiliaryClass: posixAccount
+objectClassCategory: 1
+lDAPDisplayName: user
+schemaIDGUID:: unqWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: builtinDomain
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: msDS-PrimaryComputer
+systemMayContain: msTSSecondaryDesktops
+systemMayContain: msTSPrimaryDesktop
+systemMayContain: msPKI-CredentialRoamingTokens
+systemMayContain: msDS-ResultantPSO
+systemMayContain: msDS-AuthenticatedAtDC
+systemMayContain: msTSInitialProgram
+systemMayContain: msTSWorkDirectory
+systemMayContain: msTSDefaultToMainPrinter
+systemMayContain: msTSConnectPrinterDrives
+systemMayContain: msTSConnectClientDrives
+systemMayContain: msTSBrokenConnectionAction
+systemMayContain: msTSReconnectionAction
+systemMayContain: msTSMaxIdleTime
+systemMayContain: msTSMaxConnectionTime
+systemMayContain: msTSMaxDisconnectionTime
+systemMayContain: msTSRemoteControl
+systemMayContain: msTSAllowLogon
+systemMayContain: msTSHomeDrive
+systemMayContain: msTSHomeDirectory
+systemMayContain: msTSProfilePath
+systemMayContain: msTSLSProperty02
+systemMayContain: msTSLSProperty01
+systemMayContain: msTSProperty02
+systemMayContain: msTSProperty01
+systemMayContain: msTSManagingLS4
+systemMayContain: msTSManagingLS3
+systemMayContain: msTSManagingLS2
+systemMayContain: msTSManagingLS
+systemMayContain: msTSLicenseVersion4
+systemMayContain: msTSLicenseVersion3
+systemMayContain: msTSLicenseVersion2
+systemMayContain: msTSLicenseVersion
+systemMayContain: msTSExpireDate4
+systemMayContain: msTSExpireDate3
+systemMayContain: msTSExpireDate2
+systemMayContain: msTSExpireDate
+systemMayContain: msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon
+systemMayContain: msDS-FailedInteractiveLogonCount
+systemMayContain: msDS-LastFailedInteractiveLogonTime
+systemMayContain: msDS-LastSuccessfulInteractiveLogonTime
+systemMayContain: msRADIUS-SavedFramedIpv6Route
+systemMayContain: msRADIUS-FramedIpv6Route
+systemMayContain: msRADIUS-SavedFramedIpv6Prefix
+systemMayContain: msRADIUS-FramedIpv6Prefix
+systemMayContain: msRADIUS-SavedFramedInterfaceId
+systemMayContain: msRADIUS-FramedInterfaceId
+systemMayContain: msPKIAccountCredentials
+systemMayContain: msPKIDPAPIMasterKeys
+systemMayContain: msPKIRoamingTimeStamp
+systemMayContain: msDS-SupportedEncryptionTypes
+systemMayContain: msDS-SecondaryKrbTgtNumber
+systemMayContain: pager
+systemMayContain: o
+systemMayContain: mobile
+systemMayContain: manager
+systemMayContain: mail
+systemMayContain: initials
+systemMayContain: homePhone
+systemMayContain: businessCategory
+systemMayContain: userCertificate
+systemMayContain: userWorkstations
+systemMayContain: userSharedFolderOther
+systemMayContain: userSharedFolder
+systemMayContain: userPrincipalName
+systemMayContain: userParameters
+systemMayContain: userAccountControl
+systemMayContain: unicodePwd
+systemMayContain: terminalServer
+systemMayContain: servicePrincipalName
+systemMayContain: scriptPath
+systemMayContain: pwdLastSet
+systemMayContain: profilePath
+systemMayContain: primaryGroupID
+systemMayContain: preferredOU
+systemMayContain: otherLoginWorkstations
+systemMayContain: operatorCount
+systemMayContain: ntPwdHistory
+systemMayContain: networkAddress
+systemMayContain: msRASSavedFramedRoute
+systemMayContain: msRASSavedFramedIPAddress
+systemMayContain: msRASSavedCallbackNumber
+systemMayContain: msRADIUSServiceType
+systemMayContain: msRADIUSFramedRoute
+systemMayContain: msRADIUSFramedIPAddress
+systemMayContain: msRADIUSCallbackNumber
+systemMayContain: msNPSavedCallingStationID
+systemMayContain: msNPCallingStationID
+systemMayContain: msNPAllowDialin
+systemMayContain: mSMQSignCertificatesMig
+systemMayContain: mSMQSignCertificates
+systemMayContain: mSMQDigestsMig
+systemMayContain: mSMQDigests
+systemMayContain: msIIS-FTPRoot
+systemMayContain: msIIS-FTPDir
+systemMayContain: msDS-UserPasswordExpiryTimeComputed
+systemMayContain: msDS-User-Account-Control-Computed
+systemMayContain: msDS-Site-Affinity
+systemMayContain: mS-DS-CreatorSID
+systemMayContain: msDS-Cached-Membership-Time-Stamp
+systemMayContain: msDS-Cached-Membership
+systemMayContain: msDRM-IdentityCertificate
+systemMayContain: msCOM-UserPartitionSetLink
+systemMayContain: maxStorage
+systemMayContain: logonWorkstation
+systemMayContain: logonHours
+systemMayContain: logonCount
+systemMayContain: lockoutTime
+systemMayContain: localeID
+systemMayContain: lmPwdHistory
+systemMayContain: lastLogonTimestamp
+systemMayContain: lastLogon
+systemMayContain: lastLogoff
+systemMayContain: homeDrive
+systemMayContain: homeDirectory
+systemMayContain: groupsToIgnore
+systemMayContain: groupPriority
+systemMayContain: groupMembershipSAM
+systemMayContain: dynamicLDAPServer
+systemMayContain: desktopProfile
+systemMayContain: defaultClassStore
+systemMayContain: dBCSPwd
+systemMayContain: controlAccessRights
+systemMayContain: codePage
+systemMayContain: badPwdCount
+systemMayContain: badPasswordTime
+systemMayContain: adminCount
+systemMayContain: aCSPolicyName
+systemMayContain: accountExpires
+systemAuxiliaryClass: msDS-CloudExtensions
+systemAuxiliaryClass: securityPrincipal
+systemAuxiliaryClass: mailRecipient
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9
+ 819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;
+ ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-000
+ 0F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45
+ 795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968
+ f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a
+ 9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04
+ fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-
+ 9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;
+ AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0
+ -9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;
+ ;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422
+ -11d1-aebd-0000f80367c1;;S-1-5-32-561)(OA;;WPRP;5805bc62-bdc9-4428-a5e2-856a0f
+ 4c185e;;S-1-5-32-561)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Volume,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: Volume
+subClassOf: connectionPoint
+governsID: 1.2.840.113556.1.5.36
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Volume
+adminDescription: Volume
+objectClassCategory: 1
+lDAPDisplayName: volume
+schemaIDGUID:: u3qWv+YN0BGihQCqADBJ4g==
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: lastContentIndexed
+systemMayContain: contentIndexingAllowed
+systemMustContain: uNCName
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=Volume,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PosixAccount,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: PosixAccount
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.0
+mayContain: description
+mayContain: gecos
+mayContain: loginShell
+mayContain: unixUserPassword
+mayContain: userPassword
+mayContain: homeDirectory
+mayContain: unixHomeDirectory
+mayContain: gidNumber
+mayContain: uidNumber
+mayContain: cn
+mayContain: uid
+rDNAttID: uid
+showInAdvancedViewOnly: TRUE
+adminDisplayName: posixAccount
+adminDescription: Abstraction of an account with posix attributes
+objectClassCategory: 3
+lDAPDisplayName: posixAccount
+schemaIDGUID:: QbtErdVniE21dXsgZ0522A==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=PosixAccount,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowAccount,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ShadowAccount
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.1
+mayContain: shadowFlag
+mayContain: shadowExpire
+mayContain: shadowInactive
+mayContain: shadowWarning
+mayContain: shadowMax
+mayContain: shadowMin
+mayContain: shadowLastChange
+mayContain: description
+mayContain: userPassword
+mayContain: uid
+rDNAttID: uid
+showInAdvancedViewOnly: TRUE
+adminDisplayName: shadowAccount
+adminDescription: Additional attributes for shadow passwords
+objectClassCategory: 3
+lDAPDisplayName: shadowAccount
+schemaIDGUID:: Z4RtWxgadEGzUJzG57SsjQ==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ShadowAccount,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PosixGroup,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: PosixGroup
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.2
+mayContain: memberUid
+mayContain: gidNumber
+mayContain: description
+mayContain: unixUserPassword
+mayContain: userPassword
+mayContain: cn
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: posixGroup
+adminDescription: Abstraction of a group of acconts
+objectClassCategory: 3
+lDAPDisplayName: posixGroup
+schemaIDGUID:: uFCTKiwG0E6ZA93hDQbeug==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=PosixGroup,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpService,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: IpService
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.3
+mustContain: ipServiceProtocol
+mustContain: ipServicePort
+mustContain: cn
+mayContain: nisMapName
+mayContain: msSFU30Aliases
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipService
+adminDescription: Abstraction of an Internet Protocol service.
+objectClassCategory: 1
+lDAPDisplayName: ipService
+schemaIDGUID:: 3/oXJZf6rUid5nmsVyH4ZA==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=IpService,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpProtocol,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: IpProtocol
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.4
+mustContain: ipProtocolNumber
+mustContain: cn
+mayContain: msSFU30Aliases
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipProtocol
+adminDescription: Abstraction of an IP protocol
+objectClassCategory: 1
+lDAPDisplayName: ipProtocol
+schemaIDGUID:: 0sstnPD7x02s4INW3NDwEw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=IpProtocol,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OncRpc,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: OncRpc
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.5
+mustContain: oncRpcNumber
+mustContain: cn
+mayContain: msSFU30Aliases
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: oncRpc
+adminDescription: 
+ Abstraction of an Open Network Computing (ONC) [RFC1057] Remote Procedure Call
+  (RPC) binding
+objectClassCategory: 1
+lDAPDisplayName: oncRpc
+schemaIDGUID:: Xh7dyvz+P0+1qXDplCBDAw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=OncRpc,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpHost,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: IpHost
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.6
+mayContain: manager
+mayContain: l
+mayContain: uid
+mayContain: ipHostNumber
+mayContain: description
+mayContain: cn
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipHost
+adminDescription: Abstraction of a host, an IP device.
+objectClassCategory: 3
+lDAPDisplayName: ipHost
+schemaIDGUID:: RhaRqyeIlU+HgFqPAI62jw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=IpHost,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpNetwork,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: IpNetwork
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.7
+mustContain: ipNetworkNumber
+mustContain: cn
+mayContain: msSFU30Aliases
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: manager
+mayContain: l
+mayContain: uid
+mayContain: ipNetmaskNumber
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ipNetwork
+adminDescription: 
+ Abstraction of a network. The distinguished value of the cn attribute denotes 
+ the network's cannonical name
+objectClassCategory: 1
+lDAPDisplayName: ipNetwork
+schemaIDGUID:: wzZY2T4U+0OZKrBX8eyt+Q==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=IpNetwork,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisNetgroup,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NisNetgroup
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.8
+mustContain: cn
+mayContain: msSFU30NetgroupUserAtDomain
+mayContain: msSFU30NetgroupHostAtDomain
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: nisNetgroupTriple
+mayContain: memberNisNetgroup
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: nisNetgroup
+adminDescription: Abstraction of a netgroup. May refer to other netgroups
+objectClassCategory: 1
+lDAPDisplayName: nisNetgroup
+schemaIDGUID:: hL/vcntuXEqo24p1p8rSVA==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NisNetgroup,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisMap,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NisMap
+possSuperiors: domainDNS
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.9
+mustContain: nisMapName
+mustContain: cn
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: nisMap
+adminDescription: A generic abstraction of a nis map
+objectClassCategory: 1
+lDAPDisplayName: nisMap
+schemaIDGUID:: bGZydsECM0+ez/ZJwd2bfA==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NisMap,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisObject,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: NisObject
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: organizationalUnit
+possSuperiors: container
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.10
+mustContain: nisMapEntry
+mustContain: nisMapName
+mustContain: cn
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: description
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: nisObject
+adminDescription: An entry in a NIS map
+objectClassCategory: 1
+lDAPDisplayName: nisObject
+schemaIDGUID:: k4pPkFRJX0yx4VPAl6MeEw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=NisObject,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IEEE802Device,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: IEEE802Device
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.11
+mayContain: macAddress
+mayContain: cn
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ieee802Device
+adminDescription: A device with a MAC address
+objectClassCategory: 3
+lDAPDisplayName: ieee802Device
+schemaIDGUID:: KeWZpjemfUug+13EZqC4pw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=IEEE802Device,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=BootableDevice,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: BootableDevice
+subClassOf: top
+governsID: 1.3.6.1.1.1.2.12
+mayContain: bootFile
+mayContain: bootParameter
+mayContain: cn
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: bootableDevice
+adminDescription: A device with boot parameters
+objectClassCategory: 3
+lDAPDisplayName: bootableDevice
+schemaIDGUID:: dyTLS7NLRUWp/Ptm4Ta0NQ==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=BootableDevice,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Mail-Aliases,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: msSFU-30-Mail-Aliases
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.18.2.211
+mayContain: nisMapName
+mayContain: msSFU30Aliases
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Mail-Aliases
+adminDescription: represents UNIX mail file data
+objectClassCategory: 1
+lDAPDisplayName: msSFU30MailAliases
+schemaIDGUID:: hQdx1v+Gt0SFtfH4aJUizg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=msSFU-30-Mail-Aliases,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Net-Id,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: msSFU-30-Net-Id
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.18.2.212
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: msSFU30KeyValues
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Net-Id
+adminDescription: stores the netword ID
+objectClassCategory: 1
+lDAPDisplayName: msSFU30NetId
+schemaIDGUID:: LBlj4gIq30iXkpTyMoeBoA==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=msSFU-30-Net-Id,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Domain-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: msSFU-30-Domain-Info
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.18.2.215
+mayContain: msSFU30CryptMethod
+mayContain: msSFU30MaxUidNumber
+mayContain: msSFU30MaxGidNumber
+mayContain: msSFU30OrderNumber
+mayContain: msSFU30MasterServerName
+mayContain: msSFU30IsValidContainer
+mayContain: msSFU30SearchContainer
+mayContain: msSFU30YpServers
+mayContain: msSFU30Domains
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Domain-Info
+adminDescription: 
+ Represents an internal data structure used by Server for NIS.
+objectClassCategory: 1
+lDAPDisplayName: msSFU30DomainInfo
+schemaIDGUID:: zn0pNmtlI0SrZdq7J3CBng==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=msSFU-30-Domain-Info,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Network-User,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: msSFU-30-Network-User
+possSuperiors: domainDNS
+possSuperiors: nisMap
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.18.2.216
+mayContain: nisMapName
+mayContain: msSFU30NisDomain
+mayContain: msSFU30Name
+mayContain: msSFU30KeyValues
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-Network-User
+adminDescription: represents network file data
+objectClassCategory: 1
+lDAPDisplayName: msSFU30NetworkUser
+schemaIDGUID:: ozRT4fALJ0S2chH12ErMkg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=msSFU-30-Network-User,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-NIS-Map-Config,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: msSFU-30-NIS-Map-Config
+possSuperiors: container
+subClassOf: top
+governsID: 1.2.840.113556.1.6.18.2.217
+mayContain: msSFU30MapFilter
+mayContain: msSFU30ResultAttributes
+mayContain: msSFU30SearchAttributes
+mayContain: msSFU30IntraFieldSeparator
+mayContain: msSFU30NSMAPFieldPosition
+mayContain: msSFU30FieldSeparator
+mayContain: msSFU30KeyAttributes
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msSFU-30-NIS-Map-Config
+adminDescription: represents an internal Data Structure used by Server for NIS
+objectClassCategory: 1
+lDAPDisplayName: msSFU30NISMapConfig
+schemaIDGUID:: 0DP3+uv4z02NdfF1OvalCw==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=msSFU-30-NIS-Map-Config,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-80211-GroupPolicy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-net-ieee-80211-GroupPolicy
+subClassOf: top
+governsID: 1.2.840.113556.1.5.251
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-80211-GroupPolicy
+adminDescription: 
+ This class represents an 802.11 wireless network group policy object.  This cl
+ ass contains identifiers and configuration data relevant to an 802.11 wireless
+  network.
+objectClassCategory: 1
+lDAPDisplayName: ms-net-ieee-80211-GroupPolicy
+schemaIDGUID:: Yxi4HCK4eUOeol/3vcY4bQ==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemPossSuperiors: container
+systemPossSuperiors: person
+systemMayContain: ms-net-ieee-80211-GP-PolicyReserved
+systemMayContain: ms-net-ieee-80211-GP-PolicyData
+systemMayContain: ms-net-ieee-80211-GP-PolicyGUID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-net-ieee-80211-GroupPolicy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-net-ieee-8023-GroupPolicy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-net-ieee-8023-GroupPolicy
+subClassOf: top
+governsID: 1.2.840.113556.1.5.252
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-net-ieee-8023-GroupPolicy
+adminDescription: 
+ This class represents an 802.3 wired network group policy object.  This class 
+ contains identifiers and configuration data relevant to an 802.3 wired network
+ .
+objectClassCategory: 1
+lDAPDisplayName: ms-net-ieee-8023-GroupPolicy
+schemaIDGUID:: ajqgmRmrRkSTUAy4eO0tmw==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemPossSuperiors: container
+systemPossSuperiors: person
+systemMayContain: ms-net-ieee-8023-GP-PolicyReserved
+systemMayContain: ms-net-ieee-8023-GP-PolicyData
+systemMayContain: ms-net-ieee-8023-GP-PolicyGUID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-net-ieee-8023-GroupPolicy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-FVE-RecoveryInformation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-FVE-RecoveryInformation
+subClassOf: top
+governsID: 1.2.840.113556.1.5.253
+mayContain: msFVE-VolumeGuid
+mayContain: msFVE-KeyPackage
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: FVE-RecoveryInformation
+adminDescription: 
+ This class contains BitLocker recovery information including GUIDs, recovery p
+ asswords, and keys. Full Volume Encryption (FVE) was the pre-release name for 
+ BitLocker Drive Encryption.
+objectClassCategory: 1
+lDAPDisplayName: msFVE-RecoveryInformation
+schemaIDGUID:: MF1x6lOP0EC9HmEJGG14LA==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemMustContain: msFVE-RecoveryGuid
+systemMustContain: msFVE-RecoveryPassword
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-FVE-RecoveryInformation,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Deleted-Link-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFS-Deleted-Link-v2
+subClassOf: top
+governsID: 1.2.840.113556.1.5.260
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Deleted-Link-v2
+adminDescription: Deleted DFS Link in DFS namespace
+objectClassCategory: 1
+lDAPDisplayName: msDFS-DeletedLinkv2
+schemaIDGUID:: CDQXJcoE6ECGXj+c6b8b0w==
+systemOnly: FALSE
+systemPossSuperiors: msDFS-Namespacev2
+systemMayContain: msDFS-ShortNameLinkPathv2
+systemMayContain: msDFS-Commentv2
+systemMustContain: msDFS-LinkPathv2
+systemMustContain: msDFS-LastModifiedv2
+systemMustContain: msDFS-LinkIdentityGUIDv2
+systemMustContain: msDFS-NamespaceIdentityGUIDv2
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFS-Deleted-Link-v2,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Link-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFS-Link-v2
+subClassOf: top
+governsID: 1.2.840.113556.1.5.259
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Link-v2
+adminDescription: DFS Link in DFS namespace
+objectClassCategory: 1
+lDAPDisplayName: msDFS-Linkv2
+schemaIDGUID:: evtpd1kRlk6czWi8SHBz6w==
+systemOnly: FALSE
+systemPossSuperiors: msDFS-Namespacev2
+systemMayContain: msDFS-ShortNameLinkPathv2
+systemMayContain: msDFS-LinkSecurityDescriptorv2
+systemMayContain: msDFS-Commentv2
+systemMustContain: msDFS-LinkPathv2
+systemMustContain: msDFS-Propertiesv2
+systemMustContain: msDFS-TargetListv2
+systemMustContain: msDFS-Ttlv2
+systemMustContain: msDFS-LastModifiedv2
+systemMustContain: msDFS-LinkIdentityGUIDv2
+systemMustContain: msDFS-NamespaceIdentityGUIDv2
+systemMustContain: msDFS-GenerationGUIDv2
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFS-Link-v2,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Namespace-Anchor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFS-Namespace-Anchor
+subClassOf: top
+governsID: 1.2.840.113556.1.5.257
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Namespace-Anchor
+adminDescription: DFS namespace anchor
+objectClassCategory: 1
+lDAPDisplayName: msDFS-NamespaceAnchor
+schemaIDGUID:: haBz2mRuYU2wZAFdBBZHlQ==
+systemOnly: FALSE
+systemPossSuperiors: dfsConfiguration
+systemMustContain: msDFS-SchemaMajorVersion
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFS-Namespace-Anchor,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Namespace-v2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DFS-Namespace-v2
+subClassOf: top
+governsID: 1.2.840.113556.1.5.258
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Namespace-v2
+adminDescription: DFS namespace
+objectClassCategory: 1
+lDAPDisplayName: msDFS-Namespacev2
+schemaIDGUID:: KIbLIcPzv0u/9gYLLY8pmg==
+systemOnly: FALSE
+systemPossSuperiors: msDFS-NamespaceAnchor
+systemMayContain: msDFS-Commentv2
+systemMustContain: msDFS-Propertiesv2
+systemMustContain: msDFS-TargetListv2
+systemMustContain: msDFS-Ttlv2
+systemMustContain: msDFS-LastModifiedv2
+systemMustContain: msDFS-NamespaceIdentityGUIDv2
+systemMustContain: msDFS-GenerationGUIDv2
+systemMustContain: msDFS-SchemaMinorVersion
+systemMustContain: msDFS-SchemaMajorVersion
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFS-Namespace-v2,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Type-Property-Base,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Claim-Type-Property-Base
+subClassOf: top
+governsID: 1.2.840.113556.1.5.269
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Type-Property-Base
+adminDescription: 
+ An abstract class that defines the base class for claim type or resource prope
+ rty classes.
+objectClassCategory: 2
+lDAPDisplayName: msDS-ClaimTypePropertyBase
+schemaIDGUID:: WC9EuJDEh0SKndgLiDJxrQ==
+systemOnly: FALSE
+systemMayContain: msDS-ClaimSharesPossibleValuesWith
+systemMayContain: Enabled
+systemMayContain: msDS-ClaimPossibleValues
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Claim-Type-Property-Base,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Types,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Claim-Types
+subClassOf: top
+governsID: 1.2.840.113556.1.5.270
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Types
+adminDescription: A container of this class can contain claim type objects.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ClaimTypes
+schemaIDGUID:: NTIJNhXHIUirarVvsoBaWA==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Claim-Types,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Resource-Properties,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Resource-Properties
+subClassOf: top
+governsID: 1.2.840.113556.1.5.271
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Resource-Properties
+adminDescription: A container of this class can contain resource properties.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ResourceProperties
+schemaIDGUID:: hEVKelCzj0es1rS4UtgswA==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Resource-Properties,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claim-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Claim-Type
+subClassOf: msDS-ClaimTypePropertyBase
+governsID: 1.2.840.113556.1.5.272
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claim-Type
+adminDescription: 
+ An instance of this class holds the definition of a claim type that can be def
+ ined on security principals.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ClaimType
+schemaIDGUID:: fIWjgWlUj02q5sJ2mXYmBA==
+systemOnly: FALSE
+systemPossSuperiors: msDS-ClaimTypes
+systemMayContain: msDS-ClaimIsSingleValued
+systemMayContain: msDS-ClaimIsValueSpaceRestricted
+systemMayContain: msDS-ClaimValueType
+systemMayContain: msDS-ClaimSourceType
+systemMayContain: msDS-ClaimSource
+systemMayContain: msDS-ClaimTypeAppliesToClass
+systemMayContain: msDS-ClaimAttributeSource
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Claim-Type,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Resource-Property,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Resource-Property
+subClassOf: msDS-ClaimTypePropertyBase
+governsID: 1.2.840.113556.1.5.273
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Resource-Property
+adminDescription: 
+ An instance of this class holds the definition of a property on resources.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ResourceProperty
+schemaIDGUID:: Xj0oWwSElUGTOYRQGIxQGg==
+systemOnly: FALSE
+systemPossSuperiors: msDS-ResourceProperties
+systemMayContain: msDS-AppliesToResourceTypes
+systemMayContain: msDS-IsUsedAsResourceSecurityAttribute
+systemMustContain: msDS-ValueTypeReference
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Resource-Property,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Resource-Property-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Resource-Property-List
+subClassOf: top
+governsID: 1.2.840.113556.1.5.274
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Resource-Property-List
+adminDescription: 
+ An object of this class contains a list of resource properties.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ResourcePropertyList
+schemaIDGUID:: etTjckKzRU2PVrr/gDyr+Q==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msDS-MembersOfResourcePropertyList
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Resource-Property-List,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Activation-Objects-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-SPP-Activation-Objects-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.266
+rDNAttID: cn
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-SPP-Activation-Objects-Container
+adminDescription: 
+ Container for Activation Objects used by Active Directory based activation
+objectClassCategory: 1
+lDAPDisplayName: msSPP-ActivationObjectsContainer
+schemaIDGUID:: K4YvtyW7XU2qUWLFm9+Qrg==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ O:BAG:BAD: (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-SPP-Activation-Objects-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-SPP-Activation-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-SPP-Activation-Object
+subClassOf: top
+governsID: 1.2.840.113556.1.5.267
+rDNAttID: cn
+showInAdvancedViewOnly: FALSE
+adminDisplayName: ms-SPP-Activation-Object
+adminDescription: Activation Object used in Active Directory based activation
+objectClassCategory: 1
+lDAPDisplayName: msSPP-ActivationObject
+schemaIDGUID:: jOagUcUNykOTXcHJEb8u5Q==
+systemOnly: FALSE
+systemPossSuperiors: msSPP-ActivationObjectsContainer
+systemMayContain: msSPP-IssuanceLicense
+systemMayContain: msSPP-ConfigLicense
+systemMayContain: msSPP-PhoneLicense
+systemMayContain: msSPP-OnlineLicense
+systemMayContain: msSPP-ConfirmationId
+systemMayContain: msSPP-InstallationId
+systemMustContain: msSPP-KMSIds
+systemMustContain: msSPP-CSVLKSkuId
+systemMustContain: msSPP-CSVLKPartialProductKey
+systemMustContain: msSPP-CSVLKPid
+defaultSecurityDescriptor: 
+ O:BAG:BAD: (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-SPP-Activation-Object,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TPM-Information-Objects-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-TPM-Information-Objects-Container
+subClassOf: top
+governsID: 1.2.840.113556.1.5.276
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: TPM-InformationObjectsContainer
+adminDescription: Container for TPM objects.
+objectClassCategory: 1
+lDAPDisplayName: msTPM-InformationObjectsContainer
+schemaIDGUID:: vagn4FZk3kWQozhZOHfudA==
+systemOnly: FALSE
+systemPossSuperiors: domainDNS
+systemPossSuperiors: domain
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ LOLCCCRP;;;DC)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-TPM-Information-Objects-Container,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-TPM-Information-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-TPM-Information-Object
+subClassOf: top
+governsID: 1.2.840.113556.1.5.275
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: TPM-InformationObject
+adminDescription: 
+ This class contains recovery information for a Trusted Platform Module (TPM) d
+ evice.
+objectClassCategory: 1
+lDAPDisplayName: msTPM-InformationObject
+schemaIDGUID:: alsEhaZHQ0KnzGiQcB9mLA==
+systemOnly: FALSE
+systemPossSuperiors: msTPM-InformationObjectsContainer
+systemMayContain: msTPM-OwnerInformationTemp
+systemMayContain: msTPM-SrkPubThumbprint
+systemMustContain: msTPM-OwnerInformation
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLO;;;DC)(A;;WP;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-TPM-Information-Object,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DNS-Server-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DNS-Server-Settings
+subClassOf: top
+governsID: 1.2.840.113556.1.4.2129
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DNS-Server-Settings
+adminDescription: A container for storing DNS server settings.
+objectClassCategory: 1
+lDAPDisplayName: msDNS-ServerSettings
+schemaIDGUID:: 7cMv7xhuW0GZ5DEUqMsSSw==
+systemOnly: FALSE
+systemPossSuperiors: server
+systemMayContain: msDNS-KeymasterZones
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+ (A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DNS-Server-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Central-Access-Policies,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Authz-Central-Access-Policies
+subClassOf: top
+governsID: 1.2.840.113556.1.4.2161
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Central-Access-Policies
+adminDescription: 
+ A container of this class can contain Central Access Policy objects.
+objectClassCategory: 1
+lDAPDisplayName: msAuthz-CentralAccessPolicies
+schemaIDGUID:: wyFcVTahWkWTl3lrvTWOJQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Authz-Central-Access-Policies,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Central-Access-Rules,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Authz-Central-Access-Rules
+subClassOf: top
+governsID: 1.2.840.113556.1.4.2162
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Central-Access-Rules
+adminDescription: 
+ A container of this class can contain Central Access Policy Entry objects.
+objectClassCategory: 1
+lDAPDisplayName: msAuthz-CentralAccessRules
+schemaIDGUID:: ehu7mW1gi0+ADuFb5VTKjQ==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Authz-Central-Access-Rules,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Central-Access-Rule,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Authz-Central-Access-Rule
+subClassOf: top
+governsID: 1.2.840.113556.1.4.2163
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Central-Access-Rule
+adminDescription: 
+ A class that defines Central Access Rules used to construct a central access p
+ olicy.
+objectClassCategory: 1
+lDAPDisplayName: msAuthz-CentralAccessRule
+schemaIDGUID:: 3AZKWxwl206IEwvdcTJyJg==
+systemOnly: FALSE
+systemPossSuperiors: msAuthz-CentralAccessRules
+systemMayContain: msAuthz-MemberRulesInCentralAccessPolicyBL
+systemMayContain: msAuthz-ResourceCondition
+systemMayContain: msAuthz-LastEffectiveSecurityPolicy
+systemMayContain: msAuthz-ProposedSecurityPolicy
+systemMayContain: msAuthz-EffectiveSecurityPolicy
+systemMayContain: Enabled
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Authz-Central-Access-Rule,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Authz-Central-Access-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Authz-Central-Access-Policy
+subClassOf: top
+governsID: 1.2.840.113556.1.4.2164
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Authz-Central-Access-Policy
+adminDescription: A class that defines Central Access Policy objects.
+objectClassCategory: 1
+lDAPDisplayName: msAuthz-CentralAccessPolicy
+schemaIDGUID:: sJxnpZ1vLEOLdR4+g08Cqg==
+systemOnly: FALSE
+systemPossSuperiors: msAuthz-CentralAccessPolicies
+systemMayContain: msAuthz-MemberRulesInCentralAccessPolicy
+systemMayContain: msAuthz-CentralAccessPolicyID
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Authz-Central-Access-Policy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-Prov-ServerConfiguration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Kds-Prov-ServerConfiguration
+subClassOf: top
+governsID: 1.2.840.113556.1.5.277
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-Prov-ServerConfiguration
+adminDescription: Configuration for the Group Key Distribution Service.
+objectClassCategory: 1
+lDAPDisplayName: msKds-ProvServerConfiguration
+schemaIDGUID:: qEPyXiUqpkWLcwinGuZ3zg==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msKds-PrivateKeyLength
+systemMayContain: msKds-PublicKeyLength
+systemMayContain: msKds-SecretAgreementParam
+systemMayContain: msKds-SecretAgreementAlgorithmID
+systemMayContain: msKds-KDFParam
+systemMayContain: msKds-KDFAlgorithmID
+systemMustContain: msKds-Version
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Kds-Prov-ServerConfiguration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Kds-Prov-RootKey,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-Kds-Prov-RootKey
+subClassOf: top
+governsID: 1.2.840.113556.1.5.278
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-Kds-Prov-RootKey
+adminDescription: Root keys for the Group Key Distribution Service.
+objectClassCategory: 1
+lDAPDisplayName: msKds-ProvRootKey
+schemaIDGUID:: Qf0CquAXGE+Gh7Ijlklzaw==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: msKds-SecretAgreementParam
+systemMayContain: msKds-KDFParam
+systemMustContain: msKds-CreateTime
+systemMustContain: msKds-RootKeyData
+systemMustContain: msKds-PrivateKeyLength
+systemMustContain: msKds-PublicKeyLength
+systemMustContain: msKds-SecretAgreementAlgorithmID
+systemMustContain: msKds-KDFAlgorithmID
+systemMustContain: msKds-UseStartTime
+systemMustContain: msKds-DomainID
+systemMustContain: msKds-Version
+systemMustContain: cn
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-Kds-Prov-RootKey,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Group-Managed-Service-Account,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Group-Managed-Service-Account
+subClassOf: computer
+governsID: 1.2.840.113556.1.5.282
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: msDS-Group-Managed-Service-Account
+adminDescription: 
+ The group managed service account class is used to create an account which can
+  be shared by different computers to run Windows services.
+objectClassCategory: 1
+lDAPDisplayName: msDS-GroupManagedServiceAccount
+schemaIDGUID:: ilWLe6WT90qtysAX5n8QVw==
+systemOnly: FALSE
+systemPossSuperiors: computer
+systemPossSuperiors: container
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: msDS-GroupMSAMembership
+systemMayContain: msDS-ManagedPasswordPreviousId
+systemMayContain: msDS-ManagedPasswordId
+systemMayContain: msDS-ManagedPassword
+systemMustContain: msDS-ManagedPasswordInterval
+defaultSecurityDescriptor: 
+ D:(OD;;CR;00299570-246d-11d0-a768-00aa006e0529;;WD)(A;;RPWPCRCCDCLCLORCWOWDSDD
+ TSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;
+ SY)(A;;RPCRLCLORCSDDT;;;CO)(OA;;WP;4c164200-20c0-11d0-a768-00aa006e0529;;CO)(O
+ A;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO)(OA;;SW;f3a64788-5306-11d1-a9c5
+ -0000f80367c1;;CO)(OA;;WP;3e0abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-1
+ 1d0-a285-00aa003049e2;CO)(OA;;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86
+ -0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967950-0de6-11d0-a285-00aa003049e2;b
+ f967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967953-0de6-11d0-a285-00aa003
+ 049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-
+ 0000f80367c1;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;SW;72
+ e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)(A;;RPLCLORC;;;AU)(OA;;RPWP;bf967a7f-0d
+ e6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-
+ 1-5-32-560)(OA;;RP;e362ed86-b728-0842-b27d-2dea7a9df218;;WD)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Group-Managed-Service-Account,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Value-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Value-Type
+subClassOf: top
+governsID: 1.2.840.113556.1.5.279
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Value-Type
+adminDescription: 
+ An value type object holds value type information for a resource property.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ValueType
+schemaIDGUID:: 33/C4x2wTk+H5wVu7w65Ig==
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMustContain: msDS-IsPossibleValuesPresent
+systemMustContain: msDS-ClaimIsSingleValued
+systemMustContain: msDS-ClaimIsValueSpaceRestricted
+systemMustContain: msDS-ClaimValueType
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Value-Type,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claims-Transformation-Policy-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Claims-Transformation-Policy-Type
+subClassOf: top
+governsID: 1.2.840.113556.1.5.280
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claims-Transformation-Policy-Type
+adminDescription: 
+ An object of this class holds the one set of Claims Transformation Policy for 
+ Cross-Forest Claims Transformation.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ClaimsTransformationPolicyType
+schemaIDGUID:: s2LrLnMTRf6BATh/Fnbtxw==
+systemOnly: FALSE
+systemPossSuperiors: msDS-ClaimsTransformationPolicies
+systemMayContain: msDS-TransformationRulesCompiled
+systemMayContain: msDS-TransformationRules
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Claims-Transformation-Policy-Type,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Claims-Transformation-Policies,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Claims-Transformation-Policies
+subClassOf: top
+governsID: 1.2.840.113556.1.5.281
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Claims-Transformation-Policies
+adminDescription: 
+ An object of this class holds the one set of Claims Transformation Policy for 
+ Cross-Forest Claims Transformation.
+objectClassCategory: 1
+lDAPDisplayName: msDS-ClaimsTransformationPolicies
+schemaIDGUID:: san8yIh9T7uCekSJJ3EHYg==
+systemOnly: FALSE
+systemPossSuperiors: container
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Claims-Transformation-Policies,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DS-Cloud-Extensions,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: ms-DS-Cloud-Extensions
+subClassOf: top
+governsID: 1.2.840.113556.1.5.283
+mayContain: msDS-cloudExtensionAttribute20
+mayContain: msDS-cloudExtensionAttribute19
+mayContain: msDS-cloudExtensionAttribute18
+mayContain: msDS-cloudExtensionAttribute17
+mayContain: msDS-cloudExtensionAttribute16
+mayContain: msDS-cloudExtensionAttribute15
+mayContain: msDS-cloudExtensionAttribute14
+mayContain: msDS-cloudExtensionAttribute13
+mayContain: msDS-cloudExtensionAttribute12
+mayContain: msDS-cloudExtensionAttribute11
+mayContain: msDS-cloudExtensionAttribute10
+mayContain: msDS-cloudExtensionAttribute9
+mayContain: msDS-cloudExtensionAttribute8
+mayContain: msDS-cloudExtensionAttribute7
+mayContain: msDS-cloudExtensionAttribute6
+mayContain: msDS-cloudExtensionAttribute5
+mayContain: msDS-cloudExtensionAttribute4
+mayContain: msDS-cloudExtensionAttribute3
+mayContain: msDS-cloudExtensionAttribute2
+mayContain: msDS-cloudExtensionAttribute1
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DS-Cloud-Extensions
+adminDescription: 
+ A collection of attributes used to house arbitrary cloud-relevant strings.
+objectClassCategory: 3
+lDAPDisplayName: msDS-CloudExtensions
+schemaIDGUID:: pIceZCaDcUe6LccG3zXjWg==
+systemOnly: FALSE
+defaultSecurityDescriptor: 
+ D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;
+ RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DS-Cloud-Extensions,CN=Schema,CN=Configuration,DC=X
+
diff --git a/source4/setup/ad-schema/MS-AD_Schema_2K8_Attributes.txt b/source4/setup/ad-schema/MS-AD_Schema_2K8_Attributes.txt
new file mode 100644
index 0000000..9d69ee6
--- /dev/null
+++ b/source4/setup/ad-schema/MS-AD_Schema_2K8_Attributes.txt
@@ -0,0 +1,15638 @@
+#Intellectual Property Rights Notice for Protocol Documentation
+#•	Copyrights. This protocol documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you may make copies of it in order to develop implementations of the protocols, and may distribute portions of it in your implementations of the protocols or your documentation as necessary to properly document the implementation. You may also distribute in your implementation, with or without modification, any schema, IDL’s, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the protocol documentation. 
+#•	No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation. 
+#•	Patents. Microsoft has patents that may cover your implementations of the protocols. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, the protocols may be covered by Microsoft’s Open Specification Promise (available here: http://www.microsoft.com/interop/osp). If you would prefer a written license, or if the protocols are not covered by the OSP, patent licenses are available by contacting protocol@microsoft.com. 
+#•	Trademarks. The names of companies and products contained in this documentation may be covered by trademarks or similar intellectual property rights. This notice does not grant any licenses under those rights. 
+#Reservation of Rights. All other rights are reserved, and this notice does not grant any rights other than specifically described above, whether by implication, estoppel, or otherwise. 
+#Tools. This protocol documentation is intended for use in conjunction with publicly available standard specifications and network programming art, and assumes that the reader either is familiar with the aforementioned material or has immediate access to it. A protocol specification does not require the use of Microsoft programming tools or programming environments in order for you to develop an implementation. If you have access to Microsoft programming tools and environments you are free to take advantage of them.
+#
+
+
+cn: Account-Expires
+ldapDisplayName: accountExpires
+attributeId: 1.2.840.113556.1.4.159
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967915-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 4c164200-20c0-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Account-Name-History
+ldapDisplayName: accountNameHistory
+attributeId: 1.2.840.113556.1.4.1307
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 031952ec-3b72-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Aggregate-Token-Rate-Per-User
+ldapDisplayName: aCSAggregateTokenRatePerUser
+attributeId: 1.2.840.113556.1.4.760
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 7f56127d-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Allocable-RSVP-Bandwidth
+ldapDisplayName: aCSAllocableRSVPBandwidth
+attributeId: 1.2.840.113556.1.4.766
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 7f561283-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Cache-Timeout
+ldapDisplayName: aCSCacheTimeout
+attributeId: 1.2.840.113556.1.4.779
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1cb355a1-56d0-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Direction
+ldapDisplayName: aCSDirection
+attributeId: 1.2.840.113556.1.4.757
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7f56127a-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-DSBM-DeadTime
+ldapDisplayName: aCSDSBMDeadTime
+attributeId: 1.2.840.113556.1.4.778
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1cb355a0-56d0-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-DSBM-Priority
+ldapDisplayName: aCSDSBMPriority
+attributeId: 1.2.840.113556.1.4.776
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1cb3559e-56d0-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-DSBM-Refresh
+ldapDisplayName: aCSDSBMRefresh
+attributeId: 1.2.840.113556.1.4.777
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1cb3559f-56d0-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Enable-ACS-Service
+ldapDisplayName: aCSEnableACSService
+attributeId: 1.2.840.113556.1.4.770
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 7f561287-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Enable-RSVP-Accounting
+ldapDisplayName: aCSEnableRSVPAccounting
+attributeId: 1.2.840.113556.1.4.899
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: f072230e-aef5-11d1-bdcf-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Enable-RSVP-Message-Logging
+ldapDisplayName: aCSEnableRSVPMessageLogging
+attributeId: 1.2.840.113556.1.4.768
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 7f561285-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Event-Log-Level
+ldapDisplayName: aCSEventLogLevel
+attributeId: 1.2.840.113556.1.4.769
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7f561286-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Identity-Name
+ldapDisplayName: aCSIdentityName
+attributeId: 1.2.840.113556.1.4.784
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: dab029b6-ddf7-11d1-90a5-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Max-Aggregate-Peak-Rate-Per-User
+ldapDisplayName: aCSMaxAggregatePeakRatePerUser
+attributeId: 1.2.840.113556.1.4.897
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: f072230c-aef5-11d1-bdcf-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Max-Duration-Per-Flow
+ldapDisplayName: aCSMaxDurationPerFlow
+attributeId: 1.2.840.113556.1.4.761
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7f56127e-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Maximum-SDU-Size
+ldapDisplayName: aCSMaximumSDUSize
+attributeId: 1.2.840.113556.1.4.1314
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 87a2d8f9-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Max-No-Of-Account-Files
+ldapDisplayName: aCSMaxNoOfAccountFiles
+attributeId: 1.2.840.113556.1.4.901
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: f0722310-aef5-11d1-bdcf-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Max-No-Of-Log-Files
+ldapDisplayName: aCSMaxNoOfLogFiles
+attributeId: 1.2.840.113556.1.4.774
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1cb3559c-56d0-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Max-Peak-Bandwidth
+ldapDisplayName: aCSMaxPeakBandwidth
+attributeId: 1.2.840.113556.1.4.767
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 7f561284-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Max-Peak-Bandwidth-Per-Flow
+ldapDisplayName: aCSMaxPeakBandwidthPerFlow
+attributeId: 1.2.840.113556.1.4.759
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 7f56127c-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Max-Size-Of-RSVP-Account-File
+ldapDisplayName: aCSMaxSizeOfRSVPAccountFile
+attributeId: 1.2.840.113556.1.4.902
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: f0722311-aef5-11d1-bdcf-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Max-Size-Of-RSVP-Log-File
+ldapDisplayName: aCSMaxSizeOfRSVPLogFile
+attributeId: 1.2.840.113556.1.4.775
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1cb3559d-56d0-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Max-Token-Bucket-Per-Flow
+ldapDisplayName: aCSMaxTokenBucketPerFlow
+attributeId: 1.2.840.113556.1.4.1313
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 81f6e0df-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Max-Token-Rate-Per-Flow
+ldapDisplayName: aCSMaxTokenRatePerFlow
+attributeId: 1.2.840.113556.1.4.758
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 7f56127b-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Minimum-Delay-Variation
+ldapDisplayName: aCSMinimumDelayVariation
+attributeId: 1.2.840.113556.1.4.1317
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 9c65329b-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Minimum-Latency
+ldapDisplayName: aCSMinimumLatency
+attributeId: 1.2.840.113556.1.4.1316
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 9517fefb-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Minimum-Policed-Size
+ldapDisplayName: aCSMinimumPolicedSize
+attributeId: 1.2.840.113556.1.4.1315
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 8d0e7195-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Non-Reserved-Max-SDU-Size
+ldapDisplayName: aCSNonReservedMaxSDUSize
+attributeId: 1.2.840.113556.1.4.1320
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: aec2cfe3-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Non-Reserved-Min-Policed-Size
+ldapDisplayName: aCSNonReservedMinPolicedSize
+attributeId: 1.2.840.113556.1.4.1321
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: b6873917-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Non-Reserved-Peak-Rate
+ldapDisplayName: aCSNonReservedPeakRate
+attributeId: 1.2.840.113556.1.4.1318
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: a331a73f-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Non-Reserved-Token-Size
+ldapDisplayName: aCSNonReservedTokenSize
+attributeId: 1.2.840.113556.1.4.1319
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: a916d7c9-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Non-Reserved-Tx-Limit
+ldapDisplayName: aCSNonReservedTxLimit
+attributeId: 1.2.840.113556.1.4.780
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 1cb355a2-56d0-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Non-Reserved-Tx-Size
+ldapDisplayName: aCSNonReservedTxSize
+attributeId: 1.2.840.113556.1.4.898
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: f072230d-aef5-11d1-bdcf-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Permission-Bits
+ldapDisplayName: aCSPermissionBits
+attributeId: 1.2.840.113556.1.4.765
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 7f561282-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Policy-Name
+ldapDisplayName: aCSPolicyName
+attributeId: 1.2.840.113556.1.4.772
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1cb3559a-56d0-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Priority
+ldapDisplayName: aCSPriority
+attributeId: 1.2.840.113556.1.4.764
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7f561281-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-RSVP-Account-Files-Location
+ldapDisplayName: aCSRSVPAccountFilesLocation
+attributeId: 1.2.840.113556.1.4.900
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f072230f-aef5-11d1-bdcf-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-RSVP-Log-Files-Location
+ldapDisplayName: aCSRSVPLogFilesLocation
+attributeId: 1.2.840.113556.1.4.773
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1cb3559b-56d0-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Server-List
+ldapDisplayName: aCSServerList
+attributeId: 1.2.840.113556.1.4.1312
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7cbd59a5-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Service-Type
+ldapDisplayName: aCSServiceType
+attributeId: 1.2.840.113556.1.4.762
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7f56127f-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Time-Of-Day
+ldapDisplayName: aCSTimeOfDay
+attributeId: 1.2.840.113556.1.4.756
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7f561279-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Total-No-Of-Flows
+ldapDisplayName: aCSTotalNoOfFlows
+attributeId: 1.2.840.113556.1.4.763
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7f561280-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Additional-Information
+ldapDisplayName: notes
+attributeId: 1.2.840.113556.1.4.265
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 6d05fb41-246b-11d0-a9c8-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 32768
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Additional-Trusted-Service-Names
+ldapDisplayName: additionalTrustedServiceNames
+attributeId: 1.2.840.113556.1.4.889
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 032160be-9824-11d1-aec0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Address
+ldapDisplayName: streetAddress
+attributeId: 1.2.840.113556.1.2.256
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f0f8ff84-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 1024
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14889
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Address-Book-Roots
+ldapDisplayName: addressBookRoots
+attributeId: 1.2.840.113556.1.4.1244
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: f70b6e48-06f4-11d2-aa53-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Address-Book-Roots2
+ldapDisplayName: addressBookRoots2
+attributeId: 1.2.840.113556.1.4.2046
+attributeSyntax: 2.5.5.1
+linkID: 2122
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 508ca374-a511-4e4e-9f4f-856f61a6b7e4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Address-Entry-Display-Table
+ldapDisplayName: addressEntryDisplayTable
+attributeId: 1.2.840.113556.1.2.324
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5fd42461-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+mapiID: 32791
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Address-Entry-Display-Table-MSDOS
+ldapDisplayName: addressEntryDisplayTableMSDOS
+attributeId: 1.2.840.113556.1.2.400
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5fd42462-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+mapiID: 32839
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Address-Home
+ldapDisplayName: homePostalAddress
+attributeId: 1.2.840.113556.1.2.617
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 16775781-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 4096
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14941
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Address-Syntax
+ldapDisplayName: addressSyntax
+attributeId: 1.2.840.113556.1.2.255
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5fd42463-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 4096
+mapiID: 32792
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Address-Type
+ldapDisplayName: addressType
+attributeId: 1.2.840.113556.1.2.350
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: TRUE
+schemaIdGuid: 5fd42464-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32
+mapiID: 32840
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Admin-Context-Menu
+ldapDisplayName: adminContextMenu
+attributeId: 1.2.840.113556.1.4.614
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 553fd038-f32e-11d0-b0bc-00c04fd8dca6
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Admin-Count
+ldapDisplayName: adminCount
+attributeId: 1.2.840.113556.1.4.150
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967918-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Admin-Description
+ldapDisplayName: adminDescription
+attributeId: 1.2.840.113556.1.2.226
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967919-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 1024
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+mapiID: 32842
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Admin-Display-Name
+ldapDisplayName: adminDisplayName
+attributeId: 1.2.840.113556.1.2.194
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf96791a-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+mapiID: 32843
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Admin-Multiselect-Property-Pages
+ldapDisplayName: adminMultiselectPropertyPages
+attributeId: 1.2.840.113556.1.4.1690
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 18f9b67d-5ac6-4b3b-97db-d0a406afb7ba
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Admin-Property-Pages
+ldapDisplayName: adminPropertyPages
+attributeId: 1.2.840.113556.1.4.562
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 52458038-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Allowed-Attributes
+ldapDisplayName: allowedAttributes
+attributeId: 1.2.840.113556.1.4.913
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad940-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Allowed-Attributes-Effective
+ldapDisplayName: allowedAttributesEffective
+attributeId: 1.2.840.113556.1.4.914
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad941-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Allowed-Child-Classes
+ldapDisplayName: allowedChildClasses
+attributeId: 1.2.840.113556.1.4.911
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad942-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Allowed-Child-Classes-Effective
+ldapDisplayName: allowedChildClassesEffective
+attributeId: 1.2.840.113556.1.4.912
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad943-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Alt-Security-Identities
+ldapDisplayName: altSecurityIdentities
+attributeId: 1.2.840.113556.1.4.867
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 00fbf30c-91fe-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ANR
+ldapDisplayName: aNR
+attributeId: 1.2.840.113556.1.4.1208
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 45b01500-c419-11d1-bbc9-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Application-Name
+ldapDisplayName: applicationName
+attributeId: 1.2.840.113556.1.4.218
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: dd712226-10e4-11d0-a05f-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Applies-To
+ldapDisplayName: appliesTo
+attributeId: 1.2.840.113556.1.4.341
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 8297931d-86d3-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 36
+rangeUpper: 36
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: App-Schema-Version
+ldapDisplayName: appSchemaVersion
+attributeId: 1.2.840.113556.1.4.848
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 96a7dd65-9118-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Asset-Number
+ldapDisplayName: assetNumber
+attributeId: 1.2.840.113556.1.4.283
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ba305f75-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Assistant
+ldapDisplayName: assistant
+attributeId: 1.2.840.113556.1.4.652
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 0296c11c-40da-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: associatedDomain
+ldapDisplayName: associatedDomain
+attributeId: 0.9.2342.19200300.100.1.37
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 3320fc38-c379-4c17-a510-1bdf6133c5da
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 256
+
+cn: associatedName
+ldapDisplayName: associatedName
+attributeId: 0.9.2342.19200300.100.1.38
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: f7fbfc45-85ab-42a4-a435-780e62f7858b
+systemOnly: FALSE
+searchFlags: 0
+
+cn: Assoc-NT-Account
+ldapDisplayName: assocNTAccount
+attributeId: 1.2.840.113556.1.4.1213
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 398f63c0-ca60-11d1-bbd1-0000f81f10c0
+systemOnly: FALSE
+searchFlags: 0
+
+cn: attributeCertificateAttribute
+ldapDisplayName: attributeCertificateAttribute
+attributeId: 2.5.4.58
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: fa4693bb-7bc2-4cb9-81a8-c99c43b7905e
+systemOnly: FALSE
+searchFlags: 0
+
+cn: Attribute-Display-Names
+ldapDisplayName: attributeDisplayNames
+attributeId: 1.2.840.113556.1.4.748
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: cb843f80-48d9-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Attribute-ID
+ldapDisplayName: attributeID
+attributeId: 1.2.840.113556.1.2.30
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: TRUE
+schemaIdGuid: bf967922-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags:fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Attribute-Security-GUID
+ldapDisplayName: attributeSecurityGUID
+attributeId: 1.2.840.113556.1.4.149
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967924-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Attribute-Syntax
+ldapDisplayName: attributeSyntax
+attributeId: 1.2.840.113556.1.2.32
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: TRUE
+schemaIdGuid: bf967925-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags:fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Attribute-Types
+ldapDisplayName: attributeTypes
+attributeId: 2.5.21.5
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad944-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: audio
+ldapDisplayName: audio
+attributeId: 0.9.2342.19200300.100.1.55
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: d0e1d224-e1a0-42ce-a2da-793ba5244f35
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 250000
+showInAdvancedViewOnly: FALSE
+
+cn: Auditing-Policy
+ldapDisplayName: auditingPolicy
+attributeId: 1.2.840.113556.1.4.202
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 6da8a4fe-0e52-11d0-a286-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Authentication-Options
+ldapDisplayName: authenticationOptions
+attributeId: 1.2.840.113556.1.4.11
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967928-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Authority-Revocation-List
+ldapDisplayName: authorityRevocationList
+attributeId: 2.5.4.38
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 1677578d-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10485760
+mapiID: 32806
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Auxiliary-Class
+ldapDisplayName: auxiliaryClass
+attributeId: 1.2.840.113556.1.2.351
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: bf96792c-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Bad-Password-Time
+ldapDisplayName: badPasswordTime
+attributeId: 1.2.840.113556.1.4.49
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf96792d-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Bad-Pwd-Count
+ldapDisplayName: badPwdCount
+attributeId: 1.2.840.113556.1.4.12
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf96792e-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Birth-Location
+ldapDisplayName: birthLocation
+attributeId: 1.2.840.113556.1.4.332
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 1f0075f9-7e40-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 32
+rangeUpper: 32
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: BootFile
+ldapDisplayName: bootFile
+attributeId: 1.3.6.1.1.1.1.24
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: e3f3cb4e-0f20-42eb-9703-d2ff26e52667
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10240
+
+cn: BootParameter
+ldapDisplayName: bootParameter
+attributeId: 1.3.6.1.1.1.1.23
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: d72a0750-8c7c-416e-8714-e65f11e908be
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10240
+
+cn: Bridgehead-Server-List-BL
+ldapDisplayName: bridgeheadServerListBL
+attributeId: 1.2.840.113556.1.4.820
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: d50c2cdb-8951-11d1-aebc-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 99
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Bridgehead-Transport-List
+ldapDisplayName: bridgeheadTransportList
+attributeId: 1.2.840.113556.1.4.819
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: d50c2cda-8951-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 98
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: buildingName
+ldapDisplayName: buildingName
+attributeId: 0.9.2342.19200300.100.1.48
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f87fa54b-b2c5-4fd7-88c0-daccb21d93c5
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: Builtin-Creation-Time
+ldapDisplayName: builtinCreationTime
+attributeId: 1.2.840.113556.1.4.13
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf96792f-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Builtin-Modified-Count
+ldapDisplayName: builtinModifiedCount
+attributeId: 1.2.840.113556.1.4.14
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967930-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Business-Category
+ldapDisplayName: businessCategory
+attributeId: 2.5.4.15
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf967931-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 128
+mapiID: 32855
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Bytes-Per-Minute
+ldapDisplayName: bytesPerMinute
+attributeId: 1.2.840.113556.1.4.284
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ba305f76-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: CA-Certificate
+ldapDisplayName: cACertificate
+attributeId: 2.5.4.37
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967932-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+mapiID: 32771
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: CA-Certificate-DN
+ldapDisplayName: cACertificateDN
+attributeId: 1.2.840.113556.1.4.697
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 963d2740-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: CA-Connect
+ldapDisplayName: cAConnect
+attributeId: 1.2.840.113556.1.4.687
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 963d2735-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Canonical-Name
+ldapDisplayName: canonicalName
+attributeId: 1.2.840.113556.1.4.916
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad945-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Can-Upgrade-Script
+ldapDisplayName: canUpgradeScript
+attributeId: 1.2.840.113556.1.4.815
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: d9e18314-8939-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: carLicense
+ldapDisplayName: carLicense
+attributeId: 2.16.840.1.113730.3.1.1
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: d4159c92-957d-4a87-8a67-8d2934e01649
+systemOnly: FALSE
+searchFlags: 0
+showInAdvancedViewOnly: FALSE
+
+cn: Catalogs
+ldapDisplayName: catalogs
+attributeId: 1.2.840.113556.1.4.675
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7bfdcb81-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Categories
+ldapDisplayName: categories
+attributeId: 1.2.840.113556.1.4.672
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7bfdcb7e-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 36
+rangeUpper: 36
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Category-Id
+ldapDisplayName: categoryId
+attributeId: 1.2.840.113556.1.4.322
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 7d6c0e94-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: CA-Usages
+ldapDisplayName: cAUsages
+attributeId: 1.2.840.113556.1.4.690
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 963d2738-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: CA-WEB-URL
+ldapDisplayName: cAWEBURL
+attributeId: 1.2.840.113556.1.4.688
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 963d2736-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Certificate-Authority-Object
+ldapDisplayName: certificateAuthorityObject
+attributeId: 1.2.840.113556.1.4.684
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 963d2732-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Certificate-Revocation-List
+ldapDisplayName: certificateRevocationList
+attributeId: 2.5.4.39
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 1677579f-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10485760
+mapiID: 32790
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Certificate-Templates
+ldapDisplayName: certificateTemplates
+attributeId: 1.2.840.113556.1.4.823
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 2a39c5b1-8960-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Class-Display-Name
+ldapDisplayName: classDisplayName
+attributeId: 1.2.840.113556.1.4.610
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 548e1c22-dea6-11d0-b010-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Code-Page
+ldapDisplayName: codePage
+attributeId: 1.2.840.113556.1.4.16
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967938-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 0
+rangeUpper: 65535
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: COM-ClassID
+ldapDisplayName: cOMClassID
+attributeId: 1.2.840.113556.1.4.19
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf96793b-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: COM-CLSID
+ldapDisplayName: cOMCLSID
+attributeId: 1.2.840.113556.1.4.249
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 281416d9-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 36
+rangeUpper: 36
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: COM-InterfaceID
+ldapDisplayName: cOMInterfaceID
+attributeId: 1.2.840.113556.1.4.20
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf96793c-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 36
+rangeUpper: 36
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Comment
+ldapDisplayName: info
+attributeId: 1.2.840.113556.1.2.81
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf96793e-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 1024
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 12292
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Common-Name
+ldapDisplayName: cn
+attributeId: 2.5.4.3
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf96793f-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14863
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: COM-Other-Prog-Id
+ldapDisplayName: cOMOtherProgId
+attributeId: 1.2.840.113556.1.4.253
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 281416dd-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Company
+ldapDisplayName: company
+attributeId: 1.2.840.113556.1.2.146
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f0f8ff88-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14870
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: COM-ProgID
+ldapDisplayName: cOMProgID
+attributeId: 1.2.840.113556.1.4.21
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf96793d-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: COM-Treat-As-Class-Id
+ldapDisplayName: cOMTreatAsClassId
+attributeId: 1.2.840.113556.1.4.251
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 281416db-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 36
+rangeUpper: 36
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: COM-Typelib-Id
+ldapDisplayName: cOMTypelibId
+attributeId: 1.2.840.113556.1.4.254
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 281416de-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 36
+rangeUpper: 36
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: COM-Unique-LIBID
+ldapDisplayName: cOMUniqueLIBID
+attributeId: 1.2.840.113556.1.4.250
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 281416da-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 36
+rangeUpper: 36
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Content-Indexing-Allowed
+ldapDisplayName: contentIndexingAllowed
+attributeId: 1.2.840.113556.1.4.24
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: bf967943-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Context-Menu
+ldapDisplayName: contextMenu
+attributeId: 1.2.840.113556.1.4.499
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 4d8601ee-ac85-11d0-afe3-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Control-Access-Rights
+ldapDisplayName: controlAccessRights
+attributeId: 1.2.840.113556.1.4.200
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 6da8a4fc-0e52-11d0-a286-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Cost
+ldapDisplayName: cost
+attributeId: 1.2.840.113556.1.2.135
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967944-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 32872
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Country-Code
+ldapDisplayName: countryCode
+attributeId: 1.2.840.113556.1.4.25
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 5fd42471-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 0
+rangeUpper: 65535
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Country-Name
+ldapDisplayName: c
+attributeId: 2.5.4.6
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967945-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 3
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 32873
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Create-Dialog
+ldapDisplayName: createDialog
+attributeId: 1.2.840.113556.1.4.810
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2b09958a-8931-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Create-Time-Stamp
+ldapDisplayName: createTimeStamp
+attributeId: 2.5.18.1
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: 2df90d73-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Create-Wizard-Ext
+ldapDisplayName: createWizardExt
+attributeId: 1.2.840.113556.1.4.812
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 2b09958b-8931-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Creation-Time
+ldapDisplayName: creationTime
+attributeId: 1.2.840.113556.1.4.26
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967946-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Creation-Wizard
+ldapDisplayName: creationWizard
+attributeId: 1.2.840.113556.1.4.498
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 4d8601ed-ac85-11d0-afe3-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Creator
+ldapDisplayName: creator
+attributeId: 1.2.840.113556.1.4.679
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7bfdcb85-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: CRL-Object
+ldapDisplayName: cRLObject
+attributeId: 1.2.840.113556.1.4.689
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 963d2737-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: CRL-Partitioned-Revocation-List
+ldapDisplayName: cRLPartitionedRevocationList
+attributeId: 1.2.840.113556.1.4.683
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 963d2731-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10485760
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Cross-Certificate-Pair
+ldapDisplayName: crossCertificatePair
+attributeId: 2.5.4.40
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 167757b2-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 32768
+mapiID: 32805
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Current-Location
+ldapDisplayName: currentLocation
+attributeId: 1.2.840.113556.1.4.335
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 1f0075fc-7e40-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 32
+rangeUpper: 32
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Current-Parent-CA
+ldapDisplayName: currentParentCA
+attributeId: 1.2.840.113556.1.4.696
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 963d273f-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Current-Value
+ldapDisplayName: currentValue
+attributeId: 1.2.840.113556.1.4.27
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967947-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Curr-Machine-Id
+ldapDisplayName: currMachineId
+attributeId: 1.2.840.113556.1.4.337
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 1f0075fe-7e40-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DBCS-Pwd
+ldapDisplayName: dBCSPwd
+attributeId: 1.2.840.113556.1.4.55
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf96799c-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Default-Class-Store
+ldapDisplayName: defaultClassStore
+attributeId: 1.2.840.113556.1.4.213
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: bf967948-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Default-Group
+ldapDisplayName: defaultGroup
+attributeId: 1.2.840.113556.1.4.480
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 720bc4e2-a54a-11d0-afdf-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Default-Hiding-Value
+ldapDisplayName: defaultHidingValue
+attributeId: 1.2.840.113556.1.4.518
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: b7b13116-b82e-11d0-afee-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Default-Local-Policy-Object
+ldapDisplayName: defaultLocalPolicyObject
+attributeId: 1.2.840.113556.1.4.57
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: bf96799f-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Default-Object-Category
+ldapDisplayName: defaultObjectCategory
+attributeId: 1.2.840.113556.1.4.783
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 26d97367-6070-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Default-Priority
+ldapDisplayName: defaultPriority
+attributeId: 1.2.840.113556.1.4.232
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 281416c8-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Default-Security-Descriptor
+ldapDisplayName: defaultSecurityDescriptor
+attributeId: 1.2.840.113556.1.4.224
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 807a6d30-1669-11d0-a064-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Delta-Revocation-List
+ldapDisplayName: deltaRevocationList
+attributeId: 2.5.4.53
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 167757b5-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10485760
+mapiID: 35910
+
+cn: Department
+ldapDisplayName: department
+attributeId: 1.2.840.113556.1.2.141
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf96794f-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14872
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: departmentNumber
+ldapDisplayName: departmentNumber
+attributeId: 2.16.840.1.113730.3.1.2
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: be9ef6ee-cbc7-4f22-b27b-96967e7ee585
+systemOnly: FALSE
+searchFlags: 0
+showInAdvancedViewOnly: FALSE
+
+cn: Description
+ldapDisplayName: description
+attributeId: 2.5.4.13
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf967950-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 1024
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 32879
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Desktop-Profile
+ldapDisplayName: desktopProfile
+attributeId: 1.2.840.113556.1.4.346
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: eea65906-8ac6-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Destination-Indicator
+ldapDisplayName: destinationIndicator
+attributeId: 2.5.4.27
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: bf967951-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 128
+mapiID: 32880
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Classes
+ldapDisplayName: dhcpClasses
+attributeId: 1.2.840.113556.1.4.715
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 963d2750-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Flags
+ldapDisplayName: dhcpFlags
+attributeId: 1.2.840.113556.1.4.700
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 963d2741-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Identification
+ldapDisplayName: dhcpIdentification
+attributeId: 1.2.840.113556.1.4.701
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 963d2742-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Mask
+ldapDisplayName: dhcpMask
+attributeId: 1.2.840.113556.1.4.706
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: 963d2747-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-MaxKey
+ldapDisplayName: dhcpMaxKey
+attributeId: 1.2.840.113556.1.4.719
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 963d2754-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Obj-Description
+ldapDisplayName: dhcpObjDescription
+attributeId: 1.2.840.113556.1.4.703
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 963d2744-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Obj-Name
+ldapDisplayName: dhcpObjName
+attributeId: 1.2.840.113556.1.4.702
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 963d2743-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Options
+ldapDisplayName: dhcpOptions
+attributeId: 1.2.840.113556.1.4.714
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 963d274f-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Properties
+ldapDisplayName: dhcpProperties
+attributeId: 1.2.840.113556.1.4.718
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 963d2753-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Ranges
+ldapDisplayName: dhcpRanges
+attributeId: 1.2.840.113556.1.4.707
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: 963d2748-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Reservations
+ldapDisplayName: dhcpReservations
+attributeId: 1.2.840.113556.1.4.709
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: 963d274a-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Servers
+ldapDisplayName: dhcpServers
+attributeId: 1.2.840.113556.1.4.704
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: 963d2745-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+extendedCharsAllowed: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Sites
+ldapDisplayName: dhcpSites
+attributeId: 1.2.840.113556.1.4.708
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: 963d2749-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-State
+ldapDisplayName: dhcpState
+attributeId: 1.2.840.113556.1.4.717
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: 963d2752-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Subnets
+ldapDisplayName: dhcpSubnets
+attributeId: 1.2.840.113556.1.4.705
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: 963d2746-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Type
+ldapDisplayName: dhcpType
+attributeId: 1.2.840.113556.1.4.699
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 963d273b-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Unique-Key
+ldapDisplayName: dhcpUniqueKey
+attributeId: 1.2.840.113556.1.4.698
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 963d273a-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Update-Time
+ldapDisplayName: dhcpUpdateTime
+attributeId: 1.2.840.113556.1.4.720
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 963d2755-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Display-Name
+ldapDisplayName: displayName
+attributeId: 1.2.840.113556.1.2.13
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967953-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fANR | fATTINDEX
+rangeLower: 0
+rangeUpper: 256
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Display-Name-Printable
+ldapDisplayName: displayNamePrintable
+attributeId: 1.2.840.113556.1.2.353
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: TRUE
+schemaIdGuid: bf967954-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14847
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: DIT-Content-Rules
+ldapDisplayName: dITContentRules
+attributeId: 2.5.21.2
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad946-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Division
+ldapDisplayName: division
+attributeId: 1.2.840.113556.1.4.261
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: fe6136a0-2073-11d0-a9c2-00aa006c33ed
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 0
+rangeUpper: 256
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DMD-Location
+ldapDisplayName: dMDLocation
+attributeId: 1.2.840.113556.1.2.36
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: f0f8ff8b-1191-11d0-a060-00aa006c33ed
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: DMD-Name
+ldapDisplayName: dmdName
+attributeId: 1.2.840.113556.1.2.598
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 167757b9-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 1024
+mapiID: 35926
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DN-Reference-Update
+ldapDisplayName: dNReferenceUpdate
+attributeId: 1.2.840.113556.1.4.1242
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 2df90d86-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: TRUE
+searchFlags:fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Dns-Allow-Dynamic
+ldapDisplayName: dnsAllowDynamic
+attributeId: 1.2.840.113556.1.4.378
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: e0fa1e65-9b45-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Dns-Allow-XFR
+ldapDisplayName: dnsAllowXFR
+attributeId: 1.2.840.113556.1.4.379
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: e0fa1e66-9b45-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DNS-Host-Name
+ldapDisplayName: dNSHostName
+attributeId: 1.2.840.113556.1.4.619
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 72e39547-7b18-11d1-adef-00c04fd8d5cd
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+attributeSecurityGuid: 72e39547-7b18-11d1-adef-00c04fd8d5cd
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Dns-Notify-Secondaries
+ldapDisplayName: dnsNotifySecondaries
+attributeId: 1.2.840.113556.1.4.381
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+schemaIdGuid: e0fa1e68-9b45-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DNS-Property
+ldapDisplayName: dNSProperty
+attributeId: 1.2.840.113556.1.4.1306
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 675a15fe-3b70-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Dns-Record
+ldapDisplayName: dnsRecord
+attributeId: 1.2.840.113556.1.4.382
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: e0fa1e69-9b45-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Dns-Root
+ldapDisplayName: dnsRoot
+attributeId: 1.2.840.113556.1.4.28
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf967959-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 1
+rangeUpper: 255
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Dns-Secure-Secondaries
+ldapDisplayName: dnsSecureSecondaries
+attributeId: 1.2.840.113556.1.4.380
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+schemaIdGuid: e0fa1e67-9b45-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DNS-Tombstoned
+ldapDisplayName: dNSTombstoned
+attributeId: 1.2.840.113556.1.4.1414
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: d5eb2eb7-be4e-463b-a214-634a44d7392e
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: documentAuthor
+ldapDisplayName: documentAuthor
+attributeId: 0.9.2342.19200300.100.1.14
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: f18a8e19-af5f-4478-b096-6f35c27eb83f
+systemOnly: FALSE
+searchFlags: 0
+
+cn: documentIdentifier
+ldapDisplayName: documentIdentifier
+attributeId: 0.9.2342.19200300.100.1.11
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0b21ce82-ff63-46d9-90fb-c8b9f24e97b9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: documentLocation
+ldapDisplayName: documentLocation
+attributeId: 0.9.2342.19200300.100.1.15
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: b958b14e-ac6d-4ec4-8892-be70b69f7281
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: documentPublisher
+ldapDisplayName: documentPublisher
+attributeId: 0.9.2342.19200300.100.1.56
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 170f09d7-eb69-448a-9a30-f1afecfd32d7
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: documentTitle
+ldapDisplayName: documentTitle
+attributeId: 0.9.2342.19200300.100.1.12
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: de265a9c-ff2c-47b9-91dc-6e6fe2c43062
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: documentVersion
+ldapDisplayName: documentVersion
+attributeId: 0.9.2342.19200300.100.1.13
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 94b3a8a9-d613-4cec-9aad-5fbcc1046b43
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: Domain-Certificate-Authorities
+ldapDisplayName: domainCAs
+attributeId: 1.2.840.113556.1.4.668
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 7bfdcb7a-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Domain-Component
+ldapDisplayName: dc
+attributeId: 0.9.2342.19200300.100.1.25
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 19195a55-6da0-11d0-afd3-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 255
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Domain-Cross-Ref
+ldapDisplayName: domainCrossRef
+attributeId: 1.2.840.113556.1.4.472
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: b000ea7b-a086-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Domain-ID
+ldapDisplayName: domainID
+attributeId: 1.2.840.113556.1.4.686
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 963d2734-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Domain-Identifier
+ldapDisplayName: domainIdentifier
+attributeId: 1.2.840.113556.1.4.755
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7f561278-5301-11d1-a9c5-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Domain-Policy-Object
+ldapDisplayName: domainPolicyObject
+attributeId: 1.2.840.113556.1.4.32
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: bf96795d-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Domain-Policy-Reference
+ldapDisplayName: domainPolicyReference
+attributeId: 1.2.840.113556.1.4.422
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 80a67e2a-9f22-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: a29b89fe-c7e8-11d0-9bae-00c04fd92ef5
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Domain-Replica
+ldapDisplayName: domainReplica
+attributeId: 1.2.840.113556.1.4.158
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf96795e-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+attributeSecurityGuid: b8119fd0-04f6-4762-ab7a-4986c76b3f9a
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Domain-Wide-Policy
+ldapDisplayName: domainWidePolicy
+attributeId: 1.2.840.113556.1.4.421
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 80a67e29-9f22-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: a29b89fd-c7e8-11d0-9bae-00c04fd92ef5
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: drink
+ldapDisplayName: drink
+attributeId: 0.9.2342.19200300.100.1.5
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 1a1aa5b5-262e-4df6-af04-2cf6b0d80048
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: Driver-Name
+ldapDisplayName: driverName
+attributeId: 1.2.840.113556.1.4.229
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 281416c5-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Driver-Version
+ldapDisplayName: driverVersion
+attributeId: 1.2.840.113556.1.4.276
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ba305f6e-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DSA-Signature
+ldapDisplayName: dSASignature
+attributeId: 1.2.840.113556.1.2.74
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 167757bc-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 32887
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: DS-Core-Propagation-Data
+ldapDisplayName: dSCorePropagationData
+attributeId: 1.2.840.113556.1.4.1357
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: FALSE
+schemaIdGuid: d167aa4b-8b08-11d2-9939-0000f87a57d4
+systemOnly: TRUE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: DS-Heuristics
+ldapDisplayName: dSHeuristics
+attributeId: 1.2.840.113556.1.2.212
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f0f8ff86-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: DS-UI-Admin-Maximum
+ldapDisplayName: dSUIAdminMaximum
+attributeId: 1.2.840.113556.1.4.1344
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ee8d0ae0-6f91-11d2-9905-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DS-UI-Admin-Notification
+ldapDisplayName: dSUIAdminNotification
+attributeId: 1.2.840.113556.1.4.1343
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f6ea0a94-6f91-11d2-9905-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DS-UI-Shell-Maximum
+ldapDisplayName: dSUIShellMaximum
+attributeId: 1.2.840.113556.1.4.1345
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: fcca766a-6f91-11d2-9905-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Dynamic-LDAP-Server
+ldapDisplayName: dynamicLDAPServer
+attributeId: 1.2.840.113556.1.4.537
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 52458021-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: EFSPolicy
+ldapDisplayName: eFSPolicy
+attributeId: 1.2.840.113556.1.4.268
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 8e4eb2ec-4712-11d0-a1a0-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: a29b89fd-c7e8-11d0-9bae-00c04fd92ef5
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: E-mail-Addresses
+ldapDisplayName: mail
+attributeId: 0.9.2342.19200300.100.1.3
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967961-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 256
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14846
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Employee-ID
+ldapDisplayName: employeeID
+attributeId: 1.2.840.113556.1.4.35
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967962-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Employee-Number
+ldapDisplayName: employeeNumber
+attributeId: 1.2.840.113556.1.2.610
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a8df73ef-c5ea-11d1-bbcb-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 512
+mapiID: 35943
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Employee-Type
+ldapDisplayName: employeeType
+attributeId: 1.2.840.113556.1.2.613
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a8df73f0-c5ea-11d1-bbcb-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 256
+mapiID: 35945
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Enabled
+ldapDisplayName: Enabled
+attributeId: 1.2.840.113556.1.2.557
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: a8df73f2-c5ea-11d1-bbcb-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 35873
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Enabled-Connection
+ldapDisplayName: enabledConnection
+attributeId: 1.2.840.113556.1.4.36
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: bf967963-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Enrollment-Providers
+ldapDisplayName: enrollmentProviders
+attributeId: 1.2.840.113556.1.4.825
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2a39c5b3-8960-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Entry-TTL
+ldapDisplayName: entryTTL
+attributeId: 1.3.6.1.4.1.1466.101.119.3
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d213decc-d81a-4384-aac2-dcfcfd631cf8
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 31557600
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+
+cn: Extended-Attribute-Info
+ldapDisplayName: extendedAttributeInfo
+attributeId: 1.2.840.113556.1.4.909
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad947-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Extended-Chars-Allowed
+ldapDisplayName: extendedCharsAllowed
+attributeId: 1.2.840.113556.1.2.380
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: bf967966-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 32935
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Extended-Class-Info
+ldapDisplayName: extendedClassInfo
+attributeId: 1.2.840.113556.1.4.908
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad948-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Extension-Name
+ldapDisplayName: extensionName
+attributeId: 1.2.840.113556.1.2.227
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf967972-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 255
+mapiID: 32937
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Extra-Columns
+ldapDisplayName: extraColumns
+attributeId: 1.2.840.113556.1.4.1687
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: d24e2846-1dd9-4bcf-99d7-a6227cc86da7
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Facsimile-Telephone-Number
+ldapDisplayName: facsimileTelephoneNumber
+attributeId: 2.5.4.23
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967974-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14883
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: File-Ext-Priority
+ldapDisplayName: fileExtPriority
+attributeId: 1.2.840.113556.1.4.816
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: d9e18315-8939-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Flags
+ldapDisplayName: flags
+attributeId: 1.2.840.113556.1.4.38
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967976-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Flat-Name
+ldapDisplayName: flatName
+attributeId: 1.2.840.113556.1.4.511
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b7b13117-b82e-11d0-afee-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Force-Logoff
+ldapDisplayName: forceLogoff
+attributeId: 1.2.840.113556.1.4.39
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967977-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: b8119fd0-04f6-4762-ab7a-4986c76b3f9a
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Foreign-Identifier
+ldapDisplayName: foreignIdentifier
+attributeId: 1.2.840.113556.1.4.356
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 3e97891e-8c01-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Friendly-Names
+ldapDisplayName: friendlyNames
+attributeId: 1.2.840.113556.1.4.682
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7bfdcb88-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: From-Entry
+ldapDisplayName: fromEntry
+attributeId: 1.2.840.113556.1.4.910
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad949-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: From-Server
+ldapDisplayName: fromServer
+attributeId: 1.2.840.113556.1.4.40
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: bf967979-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Frs-Computer-Reference
+ldapDisplayName: frsComputerReference
+attributeId: 1.2.840.113556.1.4.869
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 2a132578-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 102
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+
+cn: Frs-Computer-Reference-BL
+ldapDisplayName: frsComputerReferenceBL
+attributeId: 1.2.840.113556.1.4.870
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 2a132579-9373-11d1-aebc-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 103
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: FRS-Control-Data-Creation
+ldapDisplayName: fRSControlDataCreation
+attributeId: 1.2.840.113556.1.4.871
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2a13257a-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Control-Inbound-Backlog
+ldapDisplayName: fRSControlInboundBacklog
+attributeId: 1.2.840.113556.1.4.872
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2a13257b-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Control-Outbound-Backlog
+ldapDisplayName: fRSControlOutboundBacklog
+attributeId: 1.2.840.113556.1.4.873
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2a13257c-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Directory-Filter
+ldapDisplayName: fRSDirectoryFilter
+attributeId: 1.2.840.113556.1.4.484
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1be8f171-a9ff-11d0-afe2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-DS-Poll
+ldapDisplayName: fRSDSPoll
+attributeId: 1.2.840.113556.1.4.490
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1be8f177-a9ff-11d0-afe2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Extensions
+ldapDisplayName: fRSExtensions
+attributeId: 1.2.840.113556.1.4.536
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 52458020-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65536
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Fault-Condition
+ldapDisplayName: fRSFaultCondition
+attributeId: 1.2.840.113556.1.4.491
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1be8f178-a9ff-11d0-afe2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-File-Filter
+ldapDisplayName: fRSFileFilter
+attributeId: 1.2.840.113556.1.4.483
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1be8f170-a9ff-11d0-afe2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Flags
+ldapDisplayName: fRSFlags
+attributeId: 1.2.840.113556.1.4.874
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 2a13257d-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Level-Limit
+ldapDisplayName: fRSLevelLimit
+attributeId: 1.2.840.113556.1.4.534
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 5245801e-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Member-Reference
+ldapDisplayName: fRSMemberReference
+attributeId: 1.2.840.113556.1.4.875
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 2a13257e-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 104
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+
+cn: FRS-Member-Reference-BL
+ldapDisplayName: fRSMemberReferenceBL
+attributeId: 1.2.840.113556.1.4.876
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 2a13257f-9373-11d1-aebc-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 105
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: FRS-Partner-Auth-Level
+ldapDisplayName: fRSPartnerAuthLevel
+attributeId: 1.2.840.113556.1.4.877
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 2a132580-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Primary-Member
+ldapDisplayName: fRSPrimaryMember
+attributeId: 1.2.840.113556.1.4.878
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 2a132581-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 106
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Replica-Set-GUID
+ldapDisplayName: fRSReplicaSetGUID
+attributeId: 1.2.840.113556.1.4.533
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5245801a-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Replica-Set-Type
+ldapDisplayName: fRSReplicaSetType
+attributeId: 1.2.840.113556.1.4.31
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 26d9736b-6070-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Root-Path
+ldapDisplayName: fRSRootPath
+attributeId: 1.2.840.113556.1.4.487
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1be8f174-a9ff-11d0-afe2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Root-Security
+ldapDisplayName: fRSRootSecurity
+attributeId: 1.2.840.113556.1.4.535
+attributeSyntax: 2.5.5.15
+omSyntax: 66
+isSingleValued: TRUE
+schemaIdGuid: 5245801f-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65535
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Service-Command
+ldapDisplayName: fRSServiceCommand
+attributeId: 1.2.840.113556.1.4.500
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ddac0cee-af8f-11d0-afeb-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 512
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Service-Command-Status
+ldapDisplayName: fRSServiceCommandStatus
+attributeId: 1.2.840.113556.1.4.879
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2a132582-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 512
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Staging-Path
+ldapDisplayName: fRSStagingPath
+attributeId: 1.2.840.113556.1.4.488
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1be8f175-a9ff-11d0-afe2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Time-Last-Command
+ldapDisplayName: fRSTimeLastCommand
+attributeId: 1.2.840.113556.1.4.880
+attributeSyntax: 2.5.5.11
+omSyntax: 23
+isSingleValued: TRUE
+schemaIdGuid: 2a132583-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Time-Last-Config-Change
+ldapDisplayName: fRSTimeLastConfigChange
+attributeId: 1.2.840.113556.1.4.881
+attributeSyntax: 2.5.5.11
+omSyntax: 23
+isSingleValued: TRUE
+schemaIdGuid: 2a132584-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Update-Timeout
+ldapDisplayName: fRSUpdateTimeout
+attributeId: 1.2.840.113556.1.4.485
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1be8f172-a9ff-11d0-afe2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Version
+ldapDisplayName: fRSVersion
+attributeId: 1.2.840.113556.1.4.882
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2a132585-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Version-GUID
+ldapDisplayName: fRSVersionGUID
+attributeId: 1.2.840.113556.1.4.43
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 26d9736c-6070-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Working-Path
+ldapDisplayName: fRSWorkingPath
+attributeId: 1.2.840.113556.1.4.486
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1be8f173-a9ff-11d0-afe2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FSMO-Role-Owner
+ldapDisplayName: fSMORoleOwner
+attributeId: 1.2.840.113556.1.4.369
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 66171887-8f3c-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Garbage-Coll-Period
+ldapDisplayName: garbageCollPeriod
+attributeId: 1.2.840.113556.1.2.301
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 5fd424a1-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 32943
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Gecos
+ldapDisplayName: gecos
+attributeId: 1.3.6.1.1.1.1.2
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: a3e03f1f-1d55-4253-a0af-30c2a784e46e
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10240
+
+cn: Generated-Connection
+ldapDisplayName: generatedConnection
+attributeId: 1.2.840.113556.1.4.41
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: bf96797a-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Generation-Qualifier
+ldapDisplayName: generationQualifier
+attributeId: 2.5.4.44
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 16775804-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+mapiID: 35923
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: GidNumber
+ldapDisplayName: gidNumber
+attributeId: 1.3.6.1.1.1.1.1
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: c5b95f0c-ec9e-41c4-849c-b46597ed6696
+systemOnly: FALSE
+searchFlags: fATTINDEX
+
+cn: Given-Name
+ldapDisplayName: givenName
+attributeId: 2.5.4.42
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f0f8ff8e-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: fANR | fATTINDEX
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14854
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Global-Address-List
+ldapDisplayName: globalAddressList
+attributeId: 1.2.840.113556.1.4.1245
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: f754c748-06f4-11d2-aa53-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Global-Address-List2
+ldapDisplayName: globalAddressList2
+attributeId: 1.2.840.113556.1.4.2047
+attributeSyntax: 2.5.5.1
+linkID: 2124
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 4898f63d-4112-477c-8826-3ca00bd8277d
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Governs-ID
+ldapDisplayName: governsID
+attributeId: 1.2.840.113556.1.2.22
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: TRUE
+schemaIdGuid: bf96797d-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags:fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: GPC-File-Sys-Path
+ldapDisplayName: gPCFileSysPath
+attributeId: 1.2.840.113556.1.4.894
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f30e3bc1-9ff0-11d1-b603-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: GPC-Functionality-Version
+ldapDisplayName: gPCFunctionalityVersion
+attributeId: 1.2.840.113556.1.4.893
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: f30e3bc0-9ff0-11d1-b603-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: GPC-Machine-Extension-Names
+ldapDisplayName: gPCMachineExtensionNames
+attributeId: 1.2.840.113556.1.4.1348
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 32ff8ecc-783f-11d2-9916-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: GPC-User-Extension-Names
+ldapDisplayName: gPCUserExtensionNames
+attributeId: 1.2.840.113556.1.4.1349
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 42a75fc6-783f-11d2-9916-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: GPC-WQL-Filter
+ldapDisplayName: gPCWQLFilter
+attributeId: 1.2.840.113556.1.4.1694
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7bd4c7a6-1add-4436-8c04-3999a880154c
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: GP-Link
+ldapDisplayName: gPLink
+attributeId: 1.2.840.113556.1.4.891
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f30e3bbe-9ff0-11d1-b603-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: GP-Options
+ldapDisplayName: gPOptions
+attributeId: 1.2.840.113556.1.4.892
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: f30e3bbf-9ff0-11d1-b603-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Group-Attributes
+ldapDisplayName: groupAttributes
+attributeId: 1.2.840.113556.1.4.152
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf96797e-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Group-Membership-SAM
+ldapDisplayName: groupMembershipSAM
+attributeId: 1.2.840.113556.1.4.166
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967980-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Group-Priority
+ldapDisplayName: groupPriority
+attributeId: 1.2.840.113556.1.4.345
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: eea65905-8ac6-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Groups-to-Ignore
+ldapDisplayName: groupsToIgnore
+attributeId: 1.2.840.113556.1.4.344
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: eea65904-8ac6-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Group-Type
+ldapDisplayName: groupType
+attributeId: 1.2.840.113556.1.4.750
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a9a021e-4a5b-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags:fPRESERVEONDELETE | fATTINDEX
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Has-Master-NCs
+ldapDisplayName: hasMasterNCs
+attributeId: 1.2.840.113556.1.2.14
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: bf967982-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+linkID: 76
+mapiID: 32950
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Has-Partial-Replica-NCs
+ldapDisplayName: hasPartialReplicaNCs
+attributeId: 1.2.840.113556.1.2.15
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: bf967981-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+linkID: 74
+mapiID: 32949
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Help-Data16
+ldapDisplayName: helpData16
+attributeId: 1.2.840.113556.1.2.402
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5fd424a7-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+mapiID: 32826
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Help-Data32
+ldapDisplayName: helpData32
+attributeId: 1.2.840.113556.1.2.9
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5fd424a8-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+mapiID: 32784
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Help-File-Name
+ldapDisplayName: helpFileName
+attributeId: 1.2.840.113556.1.2.327
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 5fd424a9-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 13
+mapiID: 32827
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Hide-From-AB
+ldapDisplayName: hideFromAB
+attributeId: 1.2.840.113556.1.4.1780
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: ec05b750-a977-4efe-8e8d-ba6c1a6e33a8
+systemOnly: FALSE
+searchFlags: 0
+
+cn: Home-Directory
+ldapDisplayName: homeDirectory
+attributeId: 1.2.840.113556.1.4.44
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967985-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Home-Drive
+ldapDisplayName: homeDrive
+attributeId: 1.2.840.113556.1.4.45
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967986-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: host
+ldapDisplayName: host
+attributeId: 0.9.2342.19200300.100.1.9
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 6043df71-fa48-46cf-ab7c-cbd54644b22d
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: houseIdentifier
+ldapDisplayName: houseIdentifier
+attributeId: 2.5.4.51
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: a45398b7-c44a-4eb6-82d3-13c10946dbfe
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+
+cn: Icon-Path
+ldapDisplayName: iconPath
+attributeId: 1.2.840.113556.1.4.219
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f0f8ff83-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Implemented-Categories
+ldapDisplayName: implementedCategories
+attributeId: 1.2.840.113556.1.4.320
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 7d6c0e92-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: IndexedScopes
+ldapDisplayName: indexedScopes
+attributeId: 1.2.840.113556.1.4.681
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7bfdcb87-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Initial-Auth-Incoming
+ldapDisplayName: initialAuthIncoming
+attributeId: 1.2.840.113556.1.4.539
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 52458023-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Initial-Auth-Outgoing
+ldapDisplayName: initialAuthOutgoing
+attributeId: 1.2.840.113556.1.4.540
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 52458024-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Initials
+ldapDisplayName: initials
+attributeId: 2.5.4.43
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f0f8ff90-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 6
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14858
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Install-Ui-Level
+ldapDisplayName: installUiLevel
+attributeId: 1.2.840.113556.1.4.847
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 96a7dd64-9118-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Instance-Type
+ldapDisplayName: instanceType
+attributeId: 1.2.840.113556.1.2.1
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf96798c-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags:fPRESERVEONDELETE
+mapiID: 32957
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: International-ISDN-Number
+ldapDisplayName: internationalISDNNumber
+attributeId: 2.5.4.25
+attributeSyntax: 2.5.5.6
+omSyntax: 18
+isSingleValued: FALSE
+schemaIdGuid: bf96798d-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 16
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 32958
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Inter-Site-Topology-Failover
+ldapDisplayName: interSiteTopologyFailover
+attributeId: 1.2.840.113556.1.4.1248
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: b7c69e60-2cc7-11d2-854e-00a0c983f608
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Inter-Site-Topology-Generator
+ldapDisplayName: interSiteTopologyGenerator
+attributeId: 1.2.840.113556.1.4.1246
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: b7c69e5e-2cc7-11d2-854e-00a0c983f608
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Inter-Site-Topology-Renew
+ldapDisplayName: interSiteTopologyRenew
+attributeId: 1.2.840.113556.1.4.1247
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: b7c69e5f-2cc7-11d2-854e-00a0c983f608
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Invocation-Id
+ldapDisplayName: invocationId
+attributeId: 1.2.840.113556.1.2.115
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf96798e-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fATTINDEX
+mapiID: 32959
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: IpHostNumber
+ldapDisplayName: ipHostNumber
+attributeId: 1.3.6.1.1.1.1.19
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: de8bb721-85dc-4fde-b687-9657688e667e
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 128
+
+cn: IpNetmaskNumber
+ldapDisplayName: ipNetmaskNumber
+attributeId: 1.3.6.1.1.1.1.21
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: 6ff64fcd-462e-4f62-b44a-9a5347659eb9
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 128
+
+cn: IpNetworkNumber
+ldapDisplayName: ipNetworkNumber
+attributeId: 1.3.6.1.1.1.1.20
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: 4e3854f4-3087-42a4-a813-bb0c528958d3
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 128
+
+cn: IpProtocolNumber
+ldapDisplayName: ipProtocolNumber
+attributeId: 1.3.6.1.1.1.1.17
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ebf5c6eb-0e2d-4415-9670-1081993b4211
+systemOnly: FALSE
+searchFlags: 0
+
+cn: Ipsec-Data
+ldapDisplayName: ipsecData
+attributeId: 1.2.840.113556.1.4.623
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: b40ff81f-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-Data-Type
+ldapDisplayName: ipsecDataType
+attributeId: 1.2.840.113556.1.4.622
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: b40ff81e-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-Filter-Reference
+ldapDisplayName: ipsecFilterReference
+attributeId: 1.2.840.113556.1.4.629
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: b40ff823-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-ID
+ldapDisplayName: ipsecID
+attributeId: 1.2.840.113556.1.4.621
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b40ff81d-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-ISAKMP-Reference
+ldapDisplayName: ipsecISAKMPReference
+attributeId: 1.2.840.113556.1.4.626
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: b40ff820-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-Name
+ldapDisplayName: ipsecName
+attributeId: 1.2.840.113556.1.4.620
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b40ff81c-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: IPSEC-Negotiation-Policy-Action
+ldapDisplayName: iPSECNegotiationPolicyAction
+attributeId: 1.2.840.113556.1.4.888
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 07383075-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-Negotiation-Policy-Reference
+ldapDisplayName: ipsecNegotiationPolicyReference
+attributeId: 1.2.840.113556.1.4.628
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: b40ff822-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: IPSEC-Negotiation-Policy-Type
+ldapDisplayName: iPSECNegotiationPolicyType
+attributeId: 1.2.840.113556.1.4.887
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 07383074-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-NFA-Reference
+ldapDisplayName: ipsecNFAReference
+attributeId: 1.2.840.113556.1.4.627
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: b40ff821-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-Owners-Reference
+ldapDisplayName: ipsecOwnersReference
+attributeId: 1.2.840.113556.1.4.624
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: b40ff824-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-Policy-Reference
+ldapDisplayName: ipsecPolicyReference
+attributeId: 1.2.840.113556.1.4.517
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: b7b13118-b82e-11d0-afee-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: IpServicePort
+ldapDisplayName: ipServicePort
+attributeId: 1.3.6.1.1.1.1.15
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ff2daebf-f463-495a-8405-3e483641eaa2
+systemOnly: FALSE
+searchFlags: 0
+
+cn: IpServiceProtocol
+ldapDisplayName: ipServiceProtocol
+attributeId: 1.3.6.1.1.1.1.16
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: cd96ec0b-1ed6-43b4-b26b-f170b645883f
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: Is-Critical-System-Object
+ldapDisplayName: isCriticalSystemObject
+attributeId: 1.2.840.113556.1.4.868
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 00fbf30d-91fe-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Is-Defunct
+ldapDisplayName: isDefunct
+attributeId: 1.2.840.113556.1.4.661
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 28630ebe-41d5-11d1-a9c1-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Is-Deleted
+ldapDisplayName: isDeleted
+attributeId: 1.2.840.113556.1.2.48
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: bf96798f-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 32960
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Is-Ephemeral
+ldapDisplayName: isEphemeral
+attributeId: 1.2.840.113556.1.4.1212
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: f4c453f0-c5f1-11d1-bbcb-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Is-Member-Of-DL
+ldapDisplayName: memberOf
+attributeId: 1.2.840.113556.1.2.102
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: bf967991-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fCOPY
+attributeSecurityGuid: bc0ac240-79a9-11d0-9020-00c04fc2d4cf
+linkID: 3
+mapiID: 32776
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Is-Member-Of-Partial-Attribute-Set
+ldapDisplayName: isMemberOfPartialAttributeSet
+attributeId: 1.2.840.113556.1.4.639
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 19405b9d-3cfa-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Is-Privilege-Holder
+ldapDisplayName: isPrivilegeHolder
+attributeId: 1.2.840.113556.1.4.638
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 19405b9c-3cfa-11d1-a9c0-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 71
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: Is-Single-Valued
+ldapDisplayName: isSingleValued
+attributeId: 1.2.840.113556.1.2.33
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: bf967992-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 32961
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: jpegPhoto
+ldapDisplayName: jpegPhoto
+attributeId: 0.9.2342.19200300.100.1.60
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bac80572-09c4-4fa9-9ae6-7628d7adbe0e
+systemOnly: FALSE
+searchFlags: 0
+showInAdvancedViewOnly: FALSE
+
+cn: Keywords
+ldapDisplayName: keywords
+attributeId: 1.2.840.113556.1.4.48
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf967993-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 1
+rangeUpper: 256
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Knowledge-Information
+ldapDisplayName: knowledgeInformation
+attributeId: 2.5.4.2
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: FALSE
+schemaIdGuid: 1677581f-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 32963
+
+cn: labeledURI
+ldapDisplayName: labeledURI
+attributeId: 1.3.6.1.4.1.250.1.57
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: c569bb46-c680-44bc-a273-e6c227d71b45
+systemOnly: FALSE
+searchFlags: 0
+showInAdvancedViewOnly: FALSE
+
+cn: Last-Backup-Restoration-Time
+ldapDisplayName: lastBackupRestorationTime
+attributeId: 1.2.840.113556.1.4.519
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 1fbb0be8-ba63-11d0-afef-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Last-Content-Indexed
+ldapDisplayName: lastContentIndexed
+attributeId: 1.2.840.113556.1.4.50
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967995-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Last-Known-Parent
+ldapDisplayName: lastKnownParent
+attributeId: 1.2.840.113556.1.4.781
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 52ab8670-5709-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Last-Logoff
+ldapDisplayName: lastLogoff
+attributeId: 1.2.840.113556.1.4.51
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967996-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Last-Logon
+ldapDisplayName: lastLogon
+attributeId: 1.2.840.113556.1.4.52
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967997-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Last-Logon-Timestamp
+ldapDisplayName: lastLogonTimestamp
+attributeId: 1.2.840.113556.1.4.1696
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: c0e20a04-0e5a-4ff3-9482-5efeaecd7060
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Last-Set-Time
+ldapDisplayName: lastSetTime
+attributeId: 1.2.840.113556.1.4.53
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967998-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Last-Update-Sequence
+ldapDisplayName: lastUpdateSequence
+attributeId: 1.2.840.113556.1.4.330
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7d6c0e9c-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: LDAP-Admin-Limits
+ldapDisplayName: lDAPAdminLimits
+attributeId: 1.2.840.113556.1.4.843
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7359a352-90f7-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: LDAP-Display-Name
+ldapDisplayName: lDAPDisplayName
+attributeId: 1.2.840.113556.1.2.460
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf96799a-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags:fPRESERVEONDELETE | fATTINDEX
+rangeLower: 1
+rangeUpper: 256
+mapiID: 33137
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: LDAP-IPDeny-List
+ldapDisplayName: lDAPIPDenyList
+attributeId: 1.2.840.113556.1.4.844
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 7359a353-90f7-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Legacy-Exchange-DN
+ldapDisplayName: legacyExchangeDN
+attributeId: 1.2.840.113556.1.4.655
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: TRUE
+schemaIdGuid: 28630ebc-41d5-11d1-a9c1-0000f80367c1
+systemOnly: FALSE
+searchFlags:fPRESERVEONDELETE| fANR | fATTINDEX
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Link-ID
+ldapDisplayName: linkID
+attributeId: 1.2.840.113556.1.2.50
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf96799b-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 32965
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Link-Track-Secret
+ldapDisplayName: linkTrackSecret
+attributeId: 1.2.840.113556.1.4.269
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 2ae80fe2-47b4-11d0-a1a4-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Lm-Pwd-History
+ldapDisplayName: lmPwdHistory
+attributeId: 1.2.840.113556.1.4.160
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf96799d-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Locale-ID
+ldapDisplayName: localeID
+attributeId: 1.2.840.113556.1.4.58
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+schemaIdGuid: bf9679a1-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Locality-Name
+ldapDisplayName: l
+attributeId: 2.5.4.7
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf9679a2-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY | fATTINDEX
+rangeLower: 1
+rangeUpper: 128
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14887
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Localization-Display-Id
+ldapDisplayName: localizationDisplayId
+attributeId: 1.2.840.113556.1.4.1353
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: a746f0d1-78d0-11d2-9916-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Localized-Description
+ldapDisplayName: localizedDescription
+attributeId: 1.2.840.113556.1.4.817
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: d9e18316-8939-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Local-Policy-Flags
+ldapDisplayName: localPolicyFlags
+attributeId: 1.2.840.113556.1.4.56
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf96799e-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Local-Policy-Reference
+ldapDisplayName: localPolicyReference
+attributeId: 1.2.840.113556.1.4.457
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 80a67e4d-9f22-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: a29b8a01-c7e8-11d0-9bae-00c04fd92ef5
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Location
+ldapDisplayName: location
+attributeId: 1.2.840.113556.1.4.222
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 09dcb79f-165f-11d0-a064-00aa006c33ed
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 1024
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Lockout-Duration
+ldapDisplayName: lockoutDuration
+attributeId: 1.2.840.113556.1.4.60
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679a5-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Lock-Out-Observation-Window
+ldapDisplayName: lockOutObservationWindow
+attributeId: 1.2.840.113556.1.4.61
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679a4-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Lockout-Threshold
+ldapDisplayName: lockoutThreshold
+attributeId: 1.2.840.113556.1.4.73
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf9679a6-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 65535
+attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Lockout-Time
+ldapDisplayName: lockoutTime
+attributeId: 1.2.840.113556.1.4.662
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 28630ebf-41d5-11d1-a9c1-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: LoginShell
+ldapDisplayName: loginShell
+attributeId: 1.3.6.1.1.1.1.4
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: a553d12c-3231-4c5e-8adf-8d189697721e
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: Logo
+ldapDisplayName: thumbnailLogo
+attributeId: 2.16.840.1.113730.3.1.36
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf9679a9-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Logon-Count
+ldapDisplayName: logonCount
+attributeId: 1.2.840.113556.1.4.169
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf9679aa-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Logon-Hours
+ldapDisplayName: logonHours
+attributeId: 1.2.840.113556.1.4.64
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf9679ab-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Logon-Workstation
+ldapDisplayName: logonWorkstation
+attributeId: 1.2.840.113556.1.4.65
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf9679ac-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: LSA-Creation-Time
+ldapDisplayName: lSACreationTime
+attributeId: 1.2.840.113556.1.4.66
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679ad-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: LSA-Modified-Count
+ldapDisplayName: lSAModifiedCount
+attributeId: 1.2.840.113556.1.4.67
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679ae-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MacAddress
+ldapDisplayName: macAddress
+attributeId: 1.3.6.1.1.1.1.22
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: e6a522dd-9770-43e1-89de-1de5044328f7
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 128
+
+cn: Machine-Architecture
+ldapDisplayName: machineArchitecture
+attributeId: 1.2.840.113556.1.4.68
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: FALSE
+schemaIdGuid: bf9679af-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Machine-Password-Change-Interval
+ldapDisplayName: machinePasswordChangeInterval
+attributeId: 1.2.840.113556.1.4.520
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: c9b6358e-bb38-11d0-afef-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: a29b89fe-c7e8-11d0-9bae-00c04fd92ef5
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Machine-Role
+ldapDisplayName: machineRole
+attributeId: 1.2.840.113556.1.4.71
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+schemaIdGuid: bf9679b2-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Machine-Wide-Policy
+ldapDisplayName: machineWidePolicy
+attributeId: 1.2.840.113556.1.4.459
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 80a67e4f-9f22-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: a29b8a01-c7e8-11d0-9bae-00c04fd92ef5
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Managed-By
+ldapDisplayName: managedBy
+attributeId: 1.2.840.113556.1.4.653
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 0296c120-40da-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 72
+mapiID: 32780
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Managed-Objects
+ldapDisplayName: managedObjects
+attributeId: 1.2.840.113556.1.4.654
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 0296c124-40da-11d1-a9c0-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 73
+mapiID: 32804
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: Manager
+ldapDisplayName: manager
+attributeId: 0.9.2342.19200300.100.1.10
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: bf9679b5-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+linkID: 42
+mapiID: 32773
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MAPI-ID
+ldapDisplayName: mAPIID
+attributeId: 1.2.840.113556.1.2.49
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf9679b7-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 32974
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Marshalled-Interface
+ldapDisplayName: marshalledInterface
+attributeId: 1.2.840.113556.1.4.72
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf9679b9-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Mastered-By
+ldapDisplayName: masteredBy
+attributeId: 1.2.840.113556.1.4.1409
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: e48e64e0-12c9-11d3-9102-00c04fd91ab1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 77
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Max-Pwd-Age
+ldapDisplayName: maxPwdAge
+attributeId: 1.2.840.113556.1.4.74
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679bb-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Max-Renew-Age
+ldapDisplayName: maxRenewAge
+attributeId: 1.2.840.113556.1.4.75
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679bc-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Max-Storage
+ldapDisplayName: maxStorage
+attributeId: 1.2.840.113556.1.4.76
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679bd-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Max-Ticket-Age
+ldapDisplayName: maxTicketAge
+attributeId: 1.2.840.113556.1.4.77
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679be-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: May-Contain
+ldapDisplayName: mayContain
+attributeId: 1.2.840.113556.1.2.25
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: bf9679bf-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: meetingAdvertiseScope
+ldapDisplayName: meetingAdvertiseScope
+attributeId: 1.2.840.113556.1.4.582
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc8b-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingApplication
+ldapDisplayName: meetingApplication
+attributeId: 1.2.840.113556.1.4.573
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc83-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingBandwidth
+ldapDisplayName: meetingBandwidth
+attributeId: 1.2.840.113556.1.4.589
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc92-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingBlob
+ldapDisplayName: meetingBlob
+attributeId: 1.2.840.113556.1.4.590
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc93-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingContactInfo
+ldapDisplayName: meetingContactInfo
+attributeId: 1.2.840.113556.1.4.578
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc87-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingDescription
+ldapDisplayName: meetingDescription
+attributeId: 1.2.840.113556.1.4.567
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc7e-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingEndTime
+ldapDisplayName: meetingEndTime
+attributeId: 1.2.840.113556.1.4.588
+attributeSyntax: 2.5.5.11
+omSyntax: 23
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc91-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingID
+ldapDisplayName: meetingID
+attributeId: 1.2.840.113556.1.4.565
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc7c-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingIP
+ldapDisplayName: meetingIP
+attributeId: 1.2.840.113556.1.4.580
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc89-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingIsEncrypted
+ldapDisplayName: meetingIsEncrypted
+attributeId: 1.2.840.113556.1.4.585
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc8e-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingKeyword
+ldapDisplayName: meetingKeyword
+attributeId: 1.2.840.113556.1.4.568
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc7f-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingLanguage
+ldapDisplayName: meetingLanguage
+attributeId: 1.2.840.113556.1.4.574
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc84-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingLocation
+ldapDisplayName: meetingLocation
+attributeId: 1.2.840.113556.1.4.569
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc80-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingMaxParticipants
+ldapDisplayName: meetingMaxParticipants
+attributeId: 1.2.840.113556.1.4.576
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc85-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingName
+ldapDisplayName: meetingName
+attributeId: 1.2.840.113556.1.4.566
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc7d-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingOriginator
+ldapDisplayName: meetingOriginator
+attributeId: 1.2.840.113556.1.4.577
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc86-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingOwner
+ldapDisplayName: meetingOwner
+attributeId: 1.2.840.113556.1.4.579
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc88-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingProtocol
+ldapDisplayName: meetingProtocol
+attributeId: 1.2.840.113556.1.4.570
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc81-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingRating
+ldapDisplayName: meetingRating
+attributeId: 1.2.840.113556.1.4.584
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc8d-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingRecurrence
+ldapDisplayName: meetingRecurrence
+attributeId: 1.2.840.113556.1.4.586
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc8f-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingScope
+ldapDisplayName: meetingScope
+attributeId: 1.2.840.113556.1.4.581
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc8a-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingStartTime
+ldapDisplayName: meetingStartTime
+attributeId: 1.2.840.113556.1.4.587
+attributeSyntax: 2.5.5.11
+omSyntax: 23
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc90-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingType
+ldapDisplayName: meetingType
+attributeId: 1.2.840.113556.1.4.571
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc82-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingURL
+ldapDisplayName: meetingURL
+attributeId: 1.2.840.113556.1.4.583
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc8c-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Member
+ldapDisplayName: member
+attributeId: 2.5.4.31
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: bf9679c0-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: bc0ac240-79a9-11d0-9020-00c04fc2d4cf
+linkID: 2
+mapiID: 32777
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: MemberNisNetgroup
+ldapDisplayName: memberNisNetgroup
+attributeId: 1.3.6.1.1.1.1.13
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 0f6a17dc-53e5-4be8-9442-8f3ce2f9012a
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 153600
+
+cn: MemberUid
+ldapDisplayName: memberUid
+attributeId: 1.3.6.1.1.1.1.12
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 03dab236-672e-4f61-ab64-f77d2dc2ffab
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 256000
+
+cn: MHS-OR-Address
+ldapDisplayName: mhsORAddress
+attributeId: 1.2.840.113556.1.4.650
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0296c122-40da-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Min-Pwd-Age
+ldapDisplayName: minPwdAge
+attributeId: 1.2.840.113556.1.4.78
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679c2-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Min-Pwd-Length
+ldapDisplayName: minPwdLength
+attributeId: 1.2.840.113556.1.4.79
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf9679c3-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Min-Ticket-Age
+ldapDisplayName: minTicketAge
+attributeId: 1.2.840.113556.1.4.80
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679c4-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Modified-Count
+ldapDisplayName: modifiedCount
+attributeId: 1.2.840.113556.1.4.168
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679c5-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: b8119fd0-04f6-4762-ab7a-4986c76b3f9a
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Modified-Count-At-Last-Prom
+ldapDisplayName: modifiedCountAtLastProm
+attributeId: 1.2.840.113556.1.4.81
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679c6-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Modify-Time-Stamp
+ldapDisplayName: modifyTimeStamp
+attributeId: 2.5.18.2
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: 9a7ad94a-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Moniker
+ldapDisplayName: moniker
+attributeId: 1.2.840.113556.1.4.82
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf9679c7-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Moniker-Display-Name
+ldapDisplayName: monikerDisplayName
+attributeId: 1.2.840.113556.1.4.83
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf9679c8-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Move-Tree-State
+ldapDisplayName: moveTreeState
+attributeId: 1.2.840.113556.1.4.1305
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 1f2ac2c8-3b71-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-COM-DefaultPartitionLink
+ldapDisplayName: msCOM-DefaultPartitionLink
+attributeId: 1.2.840.113556.1.4.1427
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 998b10f7-aa1a-4364-b867-753d197fe670
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-COM-ObjectId
+ldapDisplayName: msCOM-ObjectId
+attributeId: 1.2.840.113556.1.4.1428
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 430f678b-889f-41f2-9843-203b5a65572f
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-COM-PartitionLink
+ldapDisplayName: msCOM-PartitionLink
+attributeId: 1.2.840.113556.1.4.1423
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 09abac62-043f-4702-ac2b-6ca15eee5754
+systemOnly: FALSE
+searchFlags: 0
+linkID: 1040
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-COM-PartitionSetLink
+ldapDisplayName: msCOM-PartitionSetLink
+attributeId: 1.2.840.113556.1.4.1424
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 67f121dc-7d02-4c7d-82f5-9ad4c950ac34
+systemOnly: TRUE
+searchFlags: 0
+linkID: 1041
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-COM-UserLink
+ldapDisplayName: msCOM-UserLink
+attributeId: 1.2.840.113556.1.4.1425
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 9e6f3a4d-242c-4f37-b068-36b57f9fc852
+systemOnly: TRUE
+searchFlags: 0
+linkID: 1049
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-COM-UserPartitionSetLink
+ldapDisplayName: msCOM-UserPartitionSetLink
+attributeId: 1.2.840.113556.1.4.1426
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 8e940c8a-e477-4367-b08d-ff2ff942dcd7
+systemOnly: FALSE
+searchFlags: 0
+linkID: 1048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Mscope-Id
+ldapDisplayName: mscopeId
+attributeId: 1.2.840.113556.1.4.716
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: TRUE
+schemaIdGuid: 963d2751-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DFS-Comment-v2
+ldapDisplayName: msDFS-Commentv2
+attributeId: 1.2.840.113556.1.4.2036
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b786cec9-61fd-4523-b2c1-5ceb3860bb32
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32766
+
+cn: ms-DFS-Generation-GUID-v2
+ldapDisplayName: msDFS-GenerationGUIDv2
+attributeId: 1.2.840.113556.1.4.2032
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 35b8b3d9-c58f-43d6-930e-5040f2f1a781
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+
+cn: ms-DFS-Last-Modified-v2
+ldapDisplayName: msDFS-LastModifiedv2
+attributeId: 1.2.840.113556.1.4.2034
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: 3c095e8a-314e-465b-83f5-ab8277bcf29b
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+
+cn: ms-DFS-Link-Identity-GUID-v2
+ldapDisplayName: msDFS-LinkIdentityGUIDv2
+attributeId: 1.2.840.113556.1.4.2041
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: edb027f3-5726-4dee-8d4e-dbf07e1ad1f1
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower:16
+rangeUpper: 16
+
+cn: ms-DFS-Link-Path-v2
+ldapDisplayName: msDFS-LinkPathv2
+attributeId: 1.2.840.113556.1.4.2039
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 86b021f6-10ab-40a2-a252-1dc0cc3be6a9
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32766
+
+cn: ms-DFS-Link-Security-Descriptor-v2
+ldapDisplayName: msDFS-LinkSecurityDescriptorv2
+attributeId: 1.2.840.113556.1.4.2040
+attributeSyntax: 2.5.5.15
+omSyntax: 66
+isSingleValued: TRUE
+schemaIdGuid: 57cf87f7-3426-4841-b322-02b3b6e9eba8
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+
+cn: ms-DFS-Namespace-Identity-GUID-v2
+ldapDisplayName: msDFS-NamespaceIdentityGUIDv2
+attributeId: 1.2.840.113556.1.4.2033
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 200432ce-ec5f-4931-a525-d7f4afe34e68
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+
+cn: ms-DFS-Properties-v2
+ldapDisplayName: msDFS-Propertiesv2
+attributeId: 1.2.840.113556.1.4.2037
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0c3e5bc5-eb0e-40f5-9b53-334e958dffdb
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 1024
+
+cn: ms-DFSR-CachePolicy
+ldapDisplayName: msDFSR-CachePolicy
+attributeId: 1.2.840.113556.1.6.13.3.29
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: db7a08e7-fc76-4569-a45f-f5ecb66a88b5
+searchFlags: 0
+
+cn: ms-DFSR-CommonStagingPath
+ldapDisplayName: msDFSR-CommonStagingPath
+attributeId: 1.2.840.113556.1.6.13.3.38
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 936eac41-d257-4bb9-bd55-f310a3cf09ad
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-CommonStagingSizeInMb
+ldapDisplayName: msDFSR-CommonStagingSizeInMb
+attributeId: 1.2.840.113556.1.6.13.3.39
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 135eb00e-4846-458b-8ea2-a37559afd405
+searchFlags: 0
+rangeLower: 0
+rangeUpper: -1
+
+cn: ms-DFSR-ComputerReference
+ldapDisplayName: msDFSR-ComputerReference
+attributeId: 1.2.840.113556.1.6.13.3.101
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 6c7b5785-3d21-41bf-8a8a-627941544d5a
+searchFlags: 0
+linkID: 2050
+
+cn: ms-DFSR-ComputerReferenceBL
+ldapDisplayName: msDFSR-ComputerReferenceBL
+attributeId: 1.2.840.113556.1.6.13.3.103
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 5eb526d7-d71b-44ae-8cc6-95460052e6ac
+searchFlags: 0
+linkID: 2051
+systemFlags: FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DFSR-ConflictPath
+ldapDisplayName: msDFSR-ConflictPath
+attributeId: 1.2.840.113556.1.6.13.3.7
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 5cf0bcc8-60f7-4bff-bda6-aea0344eb151
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-ConflictSizeInMb
+ldapDisplayName: msDFSR-ConflictSizeInMb
+attributeId: 1.2.840.113556.1.6.13.3.8
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 9ad33fc9-aacf-4299-bb3e-d1fc6ea88e49
+searchFlags: 0
+rangeLower: 0
+rangeUpper: -1
+
+cn: ms-DFSR-ContentSetGuid
+ldapDisplayName: msDFSR-ContentSetGuid
+attributeId: 1.2.840.113556.1.6.13.3.18
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 1035a8e1-67a8-4c21-b7bb-031cdf99d7a0
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+
+cn: ms-DFSR-DefaultCompressionExclusionFilter
+ldapDisplayName: msDFSR-DefaultCompressionExclusionFilter
+attributeId: 1.2.840.113556.1.6.13.3.34
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 87811bd5-cd8b-45cb-9f5d-980f3a9e0c97
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-DeletedPath
+ldapDisplayName: msDFSR-DeletedPath
+attributeId: 1.2.840.113556.1.6.13.3.26
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 817cf0b8-db95-4914-b833-5a079ef65764
+searchFlags: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-DeletedSizeInMb
+ldapDisplayName: msDFSR-DeletedSizeInMb
+attributeId: 1.2.840.113556.1.6.13.3.27
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 53ed9ad1-9975-41f4-83f5-0c061a12553a
+searchFlags: 0
+rangeUpper: -1
+
+cn: ms-DFSR-DfsLinkTarget
+ldapDisplayName: msDFSR-DfsLinkTarget
+attributeId: 1.2.840.113556.1.6.13.3.24
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f7b85ba9-3bf9-428f-aab4-2eee6d56f063
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-DfsPath
+ldapDisplayName: msDFSR-DfsPath
+attributeId: 1.2.840.113556.1.6.13.3.21
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2cc903e2-398c-443b-ac86-ff6b01eac7ba
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-DirectoryFilter
+ldapDisplayName: msDFSR-DirectoryFilter
+attributeId: 1.2.840.113556.1.6.13.3.13
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 93c7b477-1f2e-4b40-b7bf-007e8d038ccf
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-DisablePacketPrivacy
+ldapDisplayName: msDFSR-DisablePacketPrivacy
+attributeId: 1.2.840.113556.1.6.13.3.32
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 6a84ede5-741e-43fd-9dd6-aa0f61578621
+searchFlags: 0
+
+cn: ms-DFSR-Enabled
+ldapDisplayName: msDFSR-Enabled
+attributeId: 1.2.840.113556.1.6.13.3.9
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 03726ae7-8e7d-4446-8aae-a91657c00993
+searchFlags: 0
+
+cn: ms-DFSR-Extension
+ldapDisplayName: msDFSR-Extension
+attributeId: 1.2.840.113556.1.6.13.3.2
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 78f011ec-a766-4b19-adcf-7b81ed781a4d
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65536
+
+cn: ms-DFSR-FileFilter
+ldapDisplayName: msDFSR-FileFilter
+attributeId: 1.2.840.113556.1.6.13.3.12
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: d68270ac-a5dc-4841-a6ac-cd68be38c181
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-Flags
+ldapDisplayName: msDFSR-Flags
+attributeId: 1.2.840.113556.1.6.13.3.16
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: fe515695-3f61-45c8-9bfa-19c148c57b09
+searchFlags: 0
+
+cn: ms-DFSR-Keywords
+ldapDisplayName: msDFSR-Keywords
+attributeId: 1.2.840.113556.1.6.13.3.15
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 048b4692-6227-4b67-a074-c4437083e14b
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-MaxAgeInCacheInMin
+ldapDisplayName: msDFSR-MaxAgeInCacheInMin
+attributeId: 1.2.840.113556.1.6.13.3.31
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 2ab0e48d-ac4e-4afc-83e5-a34240db6198
+searchFlags: 0
+rangeUpper: 2147483647
+
+cn: ms-DFSR-MemberReference
+ldapDisplayName: msDFSR-MemberReference
+attributeId: 1.2.840.113556.1.6.13.3.100
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 261337aa-f1c3-44b2-bbea-c88d49e6f0c7
+searchFlags: 0
+linkID: 2052
+
+cn: ms-DFSR-MemberReferenceBL
+ldapDisplayName: msDFSR-MemberReferenceBL
+attributeId: 1.2.840.113556.1.6.13.3.102
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: adde62c6-1880-41ed-bd3c-30b7d25e14f0
+searchFlags: 0
+linkID: 2053
+systemFlags: FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DFSR-MinDurationCacheInMin
+ldapDisplayName: msDFSR-MinDurationCacheInMin
+attributeId: 1.2.840.113556.1.6.13.3.30
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 4c5d607a-ce49-444a-9862-82a95f5d1fcc
+searchFlags: 0
+rangeUpper: 2147483647
+
+cn: ms-DFSR-OnDemandExclusionDirectoryFilter
+ldapDisplayName: msDFSR-OnDemandExclusionDirectoryFilter
+attributeId: 1.2.840.113556.1.6.13.3.36
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7d523aff-9012-49b2-9925-f922a0018656
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-OnDemandExclusionFileFilter
+ldapDisplayName: msDFSR-OnDemandExclusionFileFilter
+attributeId: 1.2.840.113556.1.6.13.3.35
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a68359dc-a581-4ee6-9015-5382c60f0fb4
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-Options
+ldapDisplayName: msDFSR-Options
+attributeId: 1.2.840.113556.1.6.13.3.17
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d6d67084-c720-417d-8647-b696237a114c
+searchFlags: 0
+
+cn: ms-DFSR-Options2
+ldapDisplayName: msDFSR-Options2
+attributeId: 1.2.840.113556.1.6.13.3.37
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 11e24318-4ca6-4f49-9afe-e5eb1afa3473
+searchFlags: 0
+
+cn: ms-DFSR-Priority
+ldapDisplayName: msDFSR-Priority
+attributeId: 1.2.840.113556.1.6.13.3.25
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: eb20e7d6-32ad-42de-b141-16ad2631b01b
+searchFlags: 0
+
+cn: ms-DFSR-RdcEnabled
+ldapDisplayName: msDFSR-RdcEnabled
+attributeId: 1.2.840.113556.1.6.13.3.19
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: e3b44e05-f4a7-4078-a730-f48670a743f8
+searchFlags: 0
+
+cn: ms-DFSR-RdcMinFileSizeInKb
+ldapDisplayName: msDFSR-RdcMinFileSizeInKb
+attributeId: 1.2.840.113556.1.6.13.3.20
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: f402a330-ace5-4dc1-8cc9-74d900bf8ae0
+searchFlags: 0
+rangeLower: 0
+rangeUpper: -1
+
+cn: ms-DFSR-ReadOnly
+ldapDisplayName: msDFSR-ReadOnly
+attributeId: 1.2.840.113556.1.6.13.3.28
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 5ac48021-e447-46e7-9d23-92c0c6a90dfb
+searchFlags: 0
+
+cn: ms-DFSR-ReplicationGroupGuid
+ldapDisplayName: msDFSR-ReplicationGroupGuid
+attributeId: 1.2.840.113556.1.6.13.3.23
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 2dad8796-7619-4ff8-966e-0a5cc67b287f
+searchFlags: fATTINDEX
+rangeLower: 16
+rangeUpper: 16
+
+cn: ms-DFSR-ReplicationGroupType
+ldapDisplayName: msDFSR-ReplicationGroupType
+attributeId: 1.2.840.113556.1.6.13.3.10
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: eeed0fc8-1001-45ed-80cc-bbf744930720
+searchFlags: 0
+
+cn: ms-DFSR-RootFence
+ldapDisplayName: msDFSR-RootFence
+attributeId: 1.2.840.113556.1.6.13.3.22
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 51928e94-2cd8-4abe-b552-e50412444370
+searchFlags: 0
+
+cn: ms-DFSR-RootPath
+ldapDisplayName: msDFSR-RootPath
+attributeId: 1.2.840.113556.1.6.13.3.3
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: d7d5e8c1-e61f-464f-9fcf-20bbe0a2ec54
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-RootSizeInMb
+ldapDisplayName: msDFSR-RootSizeInMb
+attributeId: 1.2.840.113556.1.6.13.3.4
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 90b769ac-4413-43cf-ad7a-867142e740a3
+searchFlags: 0
+rangeLower: 0
+rangeUpper: -1
+
+cn: ms-DFSR-Schedule
+ldapDisplayName: msDFSR-Schedule
+attributeId: 1.2.840.113556.1.6.13.3.14
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 4699f15f-a71f-48e2-9ff5-5897c0759205
+searchFlags: 0
+rangeLower: 336
+rangeUpper: 336
+
+cn: ms-DFSR-StagingCleanupTriggerInPercent
+ldapDisplayName: msDFSR-StagingCleanupTriggerInPercent
+attributeId: 1.2.840.113556.1.6.13.3.40
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d64b9c23-e1fa-467b-b317-6964d744d633
+searchFlags: 0
+
+cn: ms-DFSR-StagingPath
+ldapDisplayName: msDFSR-StagingPath
+attributeId: 1.2.840.113556.1.6.13.3.5
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 86b9a69e-f0a6-405d-99bb-77d977992c2a
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-StagingSizeInMb
+ldapDisplayName: msDFSR-StagingSizeInMb
+attributeId: 1.2.840.113556.1.6.13.3.6
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 250a8f20-f6fc-4559-ae65-e4b24c67aebe
+searchFlags: 0
+rangeLower: 0
+rangeUpper: -1
+
+cn: ms-DFSR-TombstoneExpiryInMin
+ldapDisplayName: msDFSR-TombstoneExpiryInMin
+attributeId: 1.2.840.113556.1.6.13.3.11
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 23e35d4c-e324-4861-a22f-e199140dae00
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2147483647
+
+cn: ms-DFSR-Version
+ldapDisplayName: msDFSR-Version
+attributeId: 1.2.840.113556.1.6.13.3.1
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1a861408-38c3-49ea-ba75-85481a77c655
+searchFlags: 0
+rangeUpper: 256
+
+cn: ms-DFS-Schema-Major-Version
+ldapDisplayName: msDFS-SchemaMajorVersion
+attributeId: 1.2.840.113556.1.4.2030
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ec6d7855-704a-4f61-9aa6-c49a7c1d54c7
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower: 2
+rangeUpper: 2
+
+cn: ms-DFS-Schema-Minor-Version
+ldapDisplayName: msDFS-SchemaMinorVersion
+attributeId: 1.2.840.113556.1.4.2031
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: fef9a725-e8f1-43ab-bd86-6a0115ce9e38
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 0
+
+cn: ms-DFS-Short-Name-Link-Path-v2
+ldapDisplayName: msDFS-ShortNameLinkPathv2
+attributeId: 1.2.840.113556.1.4.2042
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2d7826f0-4cf7-42e9-a039-1110e0d9ca99
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32766
+
+cn: ms-DFS-Target-List-v2
+ldapDisplayName: msDFS-TargetListv2
+attributeId: 1.2.840.113556.1.4.2038
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 6ab126c6-fa41-4b36-809e-7ca91610d48f
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2097152
+
+cn: ms-DFS-Ttl-v2
+ldapDisplayName: msDFS-Ttlv2
+attributeId: 1.2.840.113556.1.4.2035
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ea944d31-864a-4349-ada5-062e2c614f5e
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+
+cn: MS-DRM-Identity-Certificate
+ldapDisplayName: msDRM-IdentityCertificate
+attributeId: 1.2.840.113556.1.4.1843
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: e85e1204-3434-41ad-9b56-e2901228fff0
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 10240
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Additional-Dns-Host-Name
+ldapDisplayName: msDS-AdditionalDnsHostName
+attributeId: 1.2.840.113556.1.4.1717
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 80863791-dbe9-4eb8-837e-7f0ab55d9ac7
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+attributeSecurityGuid: 72e39547-7b18-11d1-adef-00c04fd8d5cd
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Additional-Sam-Account-Name
+ldapDisplayName: msDS-AdditionalSamAccountName
+attributeId: 1.2.840.113556.1.4.1718
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 975571df-a4d5-429a-9f59-cdc6581d91e6
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE| fANR | fATTINDEX
+rangeLower: 0
+rangeUpper: 256
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Allowed-DNS-Suffixes
+ldapDisplayName: msDS-AllowedDNSSuffixes
+attributeId: 1.2.840.113556.1.4.1710
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 8469441b-9ac4-4e45-8205-bd219dbf672d
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Allowed-To-Delegate-To
+ldapDisplayName: msDS-AllowedToDelegateTo
+attributeId: 1.2.840.113556.1.4.1787
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 800d94d7-b7a1-42a1-b14d-7cae1423d07f
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: MS-DS-All-Users-Trust-Quota
+ldapDisplayName: msDS-AllUsersTrustQuota
+attributeId: 1.2.840.113556.1.4.1789
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d3aa4a5c-4e03-4810-97aa-2b339e7a434b
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Approx-Immed-Subordinates
+ldapDisplayName: msDS-Approx-Immed-Subordinates
+attributeId: 1.2.840.113556.1.4.1669
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: e185d243-f6ce-4adb-b496-b0c005d7823c
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-AuthenticatedAt-DC
+ldapDisplayName: msDS-AuthenticatedAtDC
+attributeId: 1.2.840.113556.1.4.1958
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 3e1ee99c-6604-4489-89d9-84798a89515a
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2112
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-AuthenticatedTo-Accountlist
+ldapDisplayName: msDS-AuthenticatedToAccountlist
+attributeId: 1.2.840.113556.1.4.1957
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: e8b2c971-a6df-47bc-8d6f-62770d527aa5
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2113
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Auxiliary-Classes
+ldapDisplayName: msDS-Auxiliary-Classes
+attributeId: 1.2.840.113556.1.4.1458
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: c4af1073-ee50-4be0-b8c0-89a41fe99abe
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Az-Application-Data
+ldapDisplayName: msDS-AzApplicationData
+attributeId: 1.2.840.113556.1.4.1819
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 503fc3e8-1cc6-461a-99a3-9eee04f402a7
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Application-Name
+ldapDisplayName: msDS-AzApplicationName
+attributeId: 1.2.840.113556.1.4.1798
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: db5b0728-6208-4876-83b7-95d3e5695275
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 512
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Application-Version
+ldapDisplayName: msDS-AzApplicationVersion
+attributeId: 1.2.840.113556.1.4.1817
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7184a120-3ac4-47ae-848f-fe0ab20784d4
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Biz-Rule
+ldapDisplayName: msDS-AzBizRule
+attributeId: 1.2.840.113556.1.4.1801
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 33d41ea8-c0c9-4c92-9494-f104878413fd
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65536
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Biz-Rule-Language
+ldapDisplayName: msDS-AzBizRuleLanguage
+attributeId: 1.2.840.113556.1.4.1802
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 52994b56-0e6c-4e07-aa5c-ef9d7f5a0e25
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 64
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Class-ID
+ldapDisplayName: msDS-AzClassId
+attributeId: 1.2.840.113556.1.4.1816
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 013a7277-5c2d-49ef-a7de-b765b36a3f6f
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 40
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Domain-Timeout
+ldapDisplayName: msDS-AzDomainTimeout
+attributeId: 1.2.840.113556.1.4.1795
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 6448f56a-ca70-4e2e-b0af-d20e4ce653d0
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Generate-Audits
+ldapDisplayName: msDS-AzGenerateAudits
+attributeId: 1.2.840.113556.1.4.1805
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: f90abab0-186c-4418-bb85-88447c87222a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Generic-Data
+ldapDisplayName: msDS-AzGenericData
+attributeId: 1.2.840.113556.1.4.1950
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b5f7e349-7a5b-407c-a334-a31c3f538b98
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 65536
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Last-Imported-Biz-Rule-Path
+ldapDisplayName: msDS-AzLastImportedBizRulePath
+attributeId: 1.2.840.113556.1.4.1803
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 665acb5c-bb92-4dbc-8c59-b3638eab09b3
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65536
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-LDAP-Query
+ldapDisplayName: msDS-AzLDAPQuery
+attributeId: 1.2.840.113556.1.4.1792
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 5e53368b-fc94-45c8-9d7d-daf31ee7112d
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 4096
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Az-Major-Version
+ldapDisplayName: msDS-AzMajorVersion
+attributeId: 1.2.840.113556.1.4.1824
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: cfb9adb7-c4b7-4059-9568-1ed9db6b7248
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Minor-Version
+ldapDisplayName: msDS-AzMinorVersion
+attributeId: 1.2.840.113556.1.4.1825
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ee85ed93-b209-4788-8165-e702f51bfbf3
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Object-Guid
+ldapDisplayName: msDS-AzObjectGuid
+attributeId: 1.2.840.113556.1.4.1949
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 8491e548-6c38-4365-a732-af041569b02c
+systemOnly: TRUE
+searchFlags: fATTINDEX
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Operation-ID
+ldapDisplayName: msDS-AzOperationID
+attributeId: 1.2.840.113556.1.4.1800
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: a5f3b553-5d76-4cbe-ba3f-4312152cab18
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Scope-Name
+ldapDisplayName: msDS-AzScopeName
+attributeId: 1.2.840.113556.1.4.1799
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 515a6b06-2617-4173-8099-d5605df043c6
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65536
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Script-Engine-Cache-Max
+ldapDisplayName: msDS-AzScriptEngineCacheMax
+attributeId: 1.2.840.113556.1.4.1796
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 2629f66a-1f95-4bf3-a296-8e9d7b9e30c8
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Script-Timeout
+ldapDisplayName: msDS-AzScriptTimeout
+attributeId: 1.2.840.113556.1.4.1797
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 87d0fb41-2c8b-41f6-b972-11fdfd50d6b0
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Task-Is-Role-Definition
+ldapDisplayName: msDS-AzTaskIsRoleDefinition
+attributeId: 1.2.840.113556.1.4.1818
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 7b078544-6c82-4fe9-872f-ff48ad2b2e26
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Behavior-Version
+ldapDisplayName: msDS-Behavior-Version
+attributeId: 1.2.840.113556.1.4.1459
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d31a8757-2447-4545-8081-3bb610cacbf2
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-BridgeHead-Servers-Used
+ldapDisplayName: msDS-BridgeHeadServersUsed
+attributeId: 1.2.840.113556.1.4.2049
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.11
+linkID: 2160
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+schemaIdGuid: 3ced1465-7b71-2541-8780-1e1ea6243a82
+searchFlags: 0
+systemFlags: FLAG_ATTR_NOT_REPLICATED | FLAG_ATTR_IS_OPERATIONAL |FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Byte-Array
+ldapDisplayName: msDS-ByteArray
+attributeId: 1.2.840.113556.1.4.1831
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: f0d8972e-dd5b-40e5-a51d-044c7c17ece7
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1000000
+
+cn: ms-DS-Cached-Membership
+ldapDisplayName: msDS-Cached-Membership
+attributeId: 1.2.840.113556.1.4.1441
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 69cab008-cdd4-4bc9-bab8-0ff37efe1b20
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Cached-Membership-Time-Stamp
+ldapDisplayName: msDS-Cached-Membership-Time-Stamp
+attributeId: 1.2.840.113556.1.4.1442
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 3566bf1f-beee-4dcb-8abe-ef89fcfec6c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: MS-DS-Consistency-Child-Count
+ldapDisplayName: mS-DS-ConsistencyChildCount
+attributeId: 1.2.840.113556.1.4.1361
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 178b7bc2-b63a-11d2-90e1-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-DS-Consistency-Guid
+ldapDisplayName: mS-DS-ConsistencyGuid
+attributeId: 1.2.840.113556.1.4.1360
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 23773dc2-b63a-11d2-90e1-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-DS-Creator-SID
+ldapDisplayName: mS-DS-CreatorSID
+attributeId: 1.2.840.113556.1.4.1410
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: c5e60132-1480-11d3-91c1-0000f87a57d4
+systemOnly: TRUE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Date-Time
+ldapDisplayName: msDS-DateTime
+attributeId: 1.2.840.113556.1.4.1832
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: FALSE
+schemaIdGuid: 234fcbd8-fb52-4908-a328-fd9f6e58e403
+systemOnly: FALSE
+searchFlags: 0
+
+cn: ms-DS-Default-Quota
+ldapDisplayName: msDS-DefaultQuota
+attributeId: 1.2.840.113556.1.4.1846
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 6818f726-674b-441b-8a3a-f40596374cea
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-DnsRootAlias
+ldapDisplayName: msDS-DnsRootAlias
+attributeId: 1.2.840.113556.1.4.1719
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2143acca-eead-4d29-b591-85fa49ce9173
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 255
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Entry-Time-To-Die
+ldapDisplayName: msDS-Entry-Time-To-Die
+attributeId: 1.2.840.113556.1.4.1622
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: e1e9bad7-c6dd-4101-a843-794cec85b038
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE | fATTINDEX
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_OPERATIONAL
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-ExecuteScriptPassword
+ldapDisplayName: msDS-ExecuteScriptPassword
+attributeId: 1.2.840.113556.1.4.1783
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 9d054a5a-d187-46c1-9d85-42dfc44a56dd
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 64
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-External-Key
+ldapDisplayName: msDS-ExternalKey
+attributeId: 1.2.840.113556.1.4.1833
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: b92fd528-38ac-40d4-818d-0433380837c1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10000
+
+cn: ms-DS-External-Store
+ldapDisplayName: msDS-ExternalStore
+attributeId: 1.2.840.113556.1.4.1834
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 604877cd-9cdb-47c7-b03d-3daadb044910
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10000
+
+cn: ms-DS-Failed-Interactive-Logon-Count
+ldapDisplayName: msDS-FailedInteractiveLogonCount
+attributeId: 1.2.840.113556.1.4.1972
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: dc3ca86f-70ad-4960-8425-a4d6313d93dd
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon
+ldapDisplayName: msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon
+attributeId: 1.2.840.113556.1.4.1973
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: c5d234e5-644a-4403-a665-e26e0aef5e98
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Filter-Containers
+ldapDisplayName: msDS-FilterContainers
+attributeId: 1.2.840.113556.1.4.1703
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: fb00dcdf-ac37-483a-9c12-ac53a6603033
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-HAB-Seniority-Index
+ldapDisplayName: msDS-HABSeniorityIndex
+attributeId: 1.2.840.113556.1.4.1997
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: def449f1-fd3b-4045-98cf-d9658da788b5
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 36000
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Has-Domain-NCs
+ldapDisplayName: msDS-HasDomainNCs
+attributeId: 1.2.840.113556.1.4.1820
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 6f17e347-a842-4498-b8b3-15e007da4fed
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 4
+rangeUpper: 4
+linkID: 2026
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Has-Full-Replica-NCs
+ldapDisplayName: msDS-hasFullReplicaNCs
+attributeId: 1.2.840.113556.1.4.1925
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 1d3c2d18-42d0-4868-99fe-0eca1e6fa9f3
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2104
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Has-Instantiated-NCs
+ldapDisplayName: msDS-HasInstantiatedNCs
+attributeId: 1.2.840.113556.1.4.1709
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.11
+isSingleValued: FALSE
+schemaIdGuid: 11e9a5bc-4517-4049-af9c-51554fb0fc09
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 4
+rangeUpper: 4
+linkID: 2002
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Has-Master-NCs
+ldapDisplayName: msDS-hasMasterNCs
+attributeId: 1.2.840.113556.1.4.1836
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: ae2de0e2-59d7-4d47-8d47-ed4dfe4357ad
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2036
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Integer
+ldapDisplayName: msDS-Integer
+attributeId: 1.2.840.113556.1.4.1835
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+schemaIdGuid: 7bc64cea-c04e-4318-b102-3e0729371a65
+systemOnly: FALSE
+searchFlags: 0
+
+cn: ms-DS-IntId
+ldapDisplayName: msDS-IntId
+attributeId: 1.2.840.113556.1.4.1716
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bc60096a-1b47-4b30-8877-602c93f56532
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Is-Domain-For
+ldapDisplayName: msDS-IsDomainFor
+attributeId: 1.2.840.113556.1.4.1933
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: ff155a2a-44e5-4de0-8318-13a58988de4f
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2027
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-Is-Full-Replica-For
+ldapDisplayName: msDS-IsFullReplicaFor
+attributeId: 1.2.840.113556.1.4.1932
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: c8bc72e0-a6b4-48f0-94a5-fd76a88c9987
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2105
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-isGC
+ldapDisplayName: msDS-isGC
+attributeId: 1.2.840.113556.1.4.1959
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 1df5cf33-0fe5-499e-90e1-e94b42718a46
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Is-Partial-Replica-For
+ldapDisplayName: msDS-IsPartialReplicaFor
+attributeId: 1.2.840.113556.1.4.1934
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 37c94ff6-c6d4-498f-b2f9-c6f7f8647809
+systemOnly: TRUE
+searchFlags: 0
+linkID: 75
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-isRODC
+ldapDisplayName: msDS-isRODC
+attributeId: 1.2.840.113556.1.4.1960
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: a8e8aa23-3e67-4af1-9d7a-2f1a1d633ac9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Is-User-Cachable-At-Rodc
+ldapDisplayName: msDS-IsUserCachableAtRodc
+attributeId: 1.2.840.113556.1.4.2025
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: fe01245a-341f-4556-951f-48c033a89050
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-KeyVersionNumber
+ldapDisplayName: msDS-KeyVersionNumber
+attributeId: 1.2.840.113556.1.4.1782
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: c523e9c0-33b5-4ac8-8923-b57b927f42f6
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-KrbTgt-Link
+ldapDisplayName: msDS-KrbTgtLink
+attributeId: 1.2.840.113556.1.4.1923
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 778ff5c9-6f4e-4b74-856a-d68383313910
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2100
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-KrbTgt-Link-BL
+ldapDisplayName: msDS-KrbTgtLinkBl
+attributeId: 1.2.840.113556.1.4.1931
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 5dd68c41-bfdf-438b-9b5d-39d9618bf260
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2101
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Last-Failed-Interactive-Logon-Time
+ldapDisplayName: msDS-LastFailedInteractiveLogonTime
+attributeId: 1.2.840.113556.1.4.1971
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: c7e7dafa-10c3-4b8b-9acd-54f11063742e
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Last-Successful-Interactive-Logon-Time
+ldapDisplayName: msDS-LastSuccessfulInteractiveLogonTime
+attributeId: 1.2.840.113556.1.4.1970
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 011929e6-8b5d-4258-b64a-00b0b4949747
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Lockout-Duration
+ldapDisplayName: msDS-LockoutDuration
+attributeId: 1.2.840.113556.1.4.2018
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 0
+schemaIdGuid: 421f889a-472e-4fe4-8eb9-e1d0bc6071b2
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Lockout-Observation-Window
+ldapDisplayName: msDS-LockoutObservationWindow
+attributeId: 1.2.840.113556.1.4.2017
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 0
+schemaIdGuid: b05bda89-76af-468a-b892-1be55558ecc8
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Lockout-Threshold
+ldapDisplayName: msDS-LockoutThreshold
+attributeId: 1.2.840.113556.1.4.2019
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65535
+schemaIdGuid: b8c8c35e-4a19-4a95-99d0-69fe4446286f
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Logon-Time-Sync-Interval
+ldapDisplayName: msDS-LogonTimeSyncInterval
+attributeId: 1.2.840.113556.1.4.1784
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ad7940f8-e43a-4a42-83bc-d688e59ea605
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: MS-DS-Machine-Account-Quota
+ldapDisplayName: ms-DS-MachineAccountQuota
+attributeId: 1.2.840.113556.1.4.1411
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d064fb68-1480-11d3-91c1-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Mastered-By
+ldapDisplayName: msDs-masteredBy
+attributeId: 1.2.840.113556.1.4.1837
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 60234769-4819-4615-a1b2-49d2f119acb5
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2037
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Maximum-Password-Age
+ldapDisplayName: msDS-MaximumPasswordAge
+attributeId: 1.2.840.113556.1.4.2011
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 0
+schemaIdGuid: fdd337f5-4999-4fce-b252-8ff9c9b43875
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Max-Values
+ldapDisplayName: msDs-MaxValues
+attributeId: 1.2.840.113556.1.4.1842
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d1e169a4-ebe9-49bf-8fcb-8aef3874592d
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Members-For-Az-Role
+ldapDisplayName: msDS-MembersForAzRole
+attributeId: 1.2.840.113556.1.4.1806
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: cbf7e6cd-85a4-4314-8939-8bfe80597835
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2016
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Members-For-Az-Role-BL
+ldapDisplayName: msDS-MembersForAzRoleBL
+attributeId: 1.2.840.113556.1.4.1807
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: ececcd20-a7e0-4688-9ccf-02ece5e287f5
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2017
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-Minimum-Password-Age
+ldapDisplayName: msDS-MinimumPasswordAge
+attributeId: 1.2.840.113556.1.4.2012
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 0
+schemaIdGuid: 2a74f878-4d9c-49f9-97b3-6767d1cbd9a3
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Minimum-Password-Length
+ldapDisplayName: msDS-MinimumPasswordLength
+attributeId: 1.2.840.113556.1.4.2013
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 255
+schemaIdGuid: b21b3439-4c3a-441c-bb5f-08f20e9b315e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-NC-Repl-Cursors
+ldapDisplayName: msDS-NCReplCursors
+attributeId: 1.2.840.113556.1.4.1704
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 8a167ce4-f9e8-47eb-8d78-f7fe80abb2cc
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-NC-Replica-Locations
+ldapDisplayName: msDS-NC-Replica-Locations
+attributeId: 1.2.840.113556.1.4.1661
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 97de9615-b537-46bc-ac0f-10720f3909f3
+systemOnly: FALSE
+searchFlags: 0
+linkID: 1044
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-NC-Repl-Inbound-Neighbors
+ldapDisplayName: msDS-NCReplInboundNeighbors
+attributeId: 1.2.840.113556.1.4.1705
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9edba85a-3e9e-431b-9b1a-a5b6e9eda796
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-NC-Repl-Outbound-Neighbors
+ldapDisplayName: msDS-NCReplOutboundNeighbors
+attributeId: 1.2.840.113556.1.4.1706
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 855f2ef5-a1c5-4cc4-ba6d-32522848b61f
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-NC-RO-Replica-Locations
+ldapDisplayName: msDS-NC-RO-Replica-Locations
+attributeId: 1.2.840.113556.1.4.1967
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 3df793df-9858-4417-a701-735a1ecebf74
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2114
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-NC-RO-Replica-Locations-BL
+ldapDisplayName: msDS-NC-RO-Replica-Locations-BL
+attributeId: 1.2.840.113556.1.4.1968
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: f547511c-5b2a-44cc-8358-992a88258164
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2115
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-NC-Type
+ldapDisplayName: msDS-NcType
+attributeId: 1.2.840.113556.1.4.2024
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+schemaIdGuid: 5a2eacd7-cc2b-48cf-9d9a-b6f1a0024de9
+showInAdvancedViewOnly: TRUE
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Never-Reveal-Group
+ldapDisplayName: msDS-NeverRevealGroup
+attributeId: 1.2.840.113556.1.4.1926
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 15585999-fd49-4d66-b25d-eeb96aba8174
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2106
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Non-Members
+ldapDisplayName: msDS-NonMembers
+attributeId: 1.2.840.113556.1.4.1793
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: cafcb1de-f23c-46b5-adf7-1e64957bd5db
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2014
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Non-Members-BL
+ldapDisplayName: msDS-NonMembersBL
+attributeId: 1.2.840.113556.1.4.1794
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 2a8c68fc-3a7a-4e87-8720-fe77c51cbe74
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2015
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-Non-Security-Group-Extra-Classes
+ldapDisplayName: msDS-Non-Security-Group-Extra-Classes
+attributeId: 1.2.840.113556.1.4.1689
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 2de144fc-1f52-486f-bdf4-16fcc3084e54
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Object-Reference
+ldapDisplayName: msDS-ObjectReference
+attributeId: 1.2.840.113556.1.4.1840
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 638ec2e8-22e7-409c-85d2-11b21bee72de
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2038
+
+cn: ms-DS-Object-Reference-BL
+ldapDisplayName: msDS-ObjectReferenceBL
+attributeId: 1.2.840.113556.1.4.1841
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 2b702515-c1f7-4b3b-b148-c0e4c6ceecb4
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2039
+systemFlags: FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-Operations-For-Az-Role
+ldapDisplayName: msDS-OperationsForAzRole
+attributeId: 1.2.840.113556.1.4.1812
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 93f701be-fa4c-43b6-bc2f-4dbea718ffab
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2022
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Operations-For-Az-Role-BL
+ldapDisplayName: msDS-OperationsForAzRoleBL
+attributeId: 1.2.840.113556.1.4.1813
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: f85b6228-3734-4525-b6b7-3f3bb220902c
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2023
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-Operations-For-Az-Task
+ldapDisplayName: msDS-OperationsForAzTask
+attributeId: 1.2.840.113556.1.4.1808
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 1aacb436-2e9d-44a9-9298-ce4debeb6ebf
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2018
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Operations-For-Az-Task-BL
+ldapDisplayName: msDS-OperationsForAzTaskBL
+attributeId: 1.2.840.113556.1.4.1809
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: a637d211-5739-4ed1-89b2-88974548bc59
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2019
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-Other-Settings
+ldapDisplayName: msDS-Other-Settings
+attributeId: 1.2.840.113556.1.4.1621
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 79d2f34c-9d7d-42bb-838f-866b3e4400e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Password-Complexity-Enabled
+ldapDisplayName: msDS-PasswordComplexityEnabled
+attributeId: 1.2.840.113556.1.4.2015
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid: db68054b-c9c3-4bf0-b15b-0fb52552a610
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Password-History-Length
+ldapDisplayName: msDS-PasswordHistoryLength
+attributeId: 1.2.840.113556.1.4.2014
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65535
+schemaIdGuid: fed81bb7-768c-4c2f-9641-2245de34794d
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Password-Reversible-Encryption-Enabled
+ldapDisplayName: msDS-PasswordReversibleEncryptionEnabled
+attributeId: 1.2.840.113556.1.4.2016
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid: 75ccdd8f-af6c-4487-bb4b-69e4d38a959c
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Password-Settings-Precedence
+ldapDisplayName: msDS-PasswordSettingsPrecedence
+attributeId: 1.2.840.113556.1.4.2023
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+schemaIdGuid: 456374ac-1f0a-4617-93cf-bc55a7c9d341
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: MS-DS-Per-User-Trust-Quota
+ldapDisplayName: msDS-PerUserTrustQuota
+attributeId: 1.2.840.113556.1.4.1788
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d161adf0-ca24-4993-a3aa-8b2c981302e8
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: MS-DS-Per-User-Trust-Tombstones-Quota
+ldapDisplayName: msDS-PerUserTrustTombstonesQuota
+attributeId: 1.2.840.113556.1.4.1790
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 8b70a6c6-50f9-4fa3-a71e-1ce03040449b
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Phonetic-Company-Name
+ldapDisplayName: msDS-PhoneticCompanyName
+attributeId: 1.2.840.113556.1.4.1945
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 5bd5208d-e5f4-46ae-a514-543bc9c47659
+systemOnly: FALSE
+searchFlags: fATTINDEX | fANR
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 35985
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Phonetic-Department
+ldapDisplayName: msDS-PhoneticDepartment
+attributeId: 1.2.840.113556.1.4.1944
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 6cd53daf-003e-49e7-a702-6fa896e7a6ef
+systemOnly: FALSE
+searchFlags: fATTINDEX | fANR
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 35984
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Phonetic-Display-Name
+ldapDisplayName: msDS-PhoneticDisplayName
+attributeId: 1.2.840.113556.1.4.1946
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: e21a94e4-2d66-4ce5-b30d-0ef87a776ff0
+systemOnly: FALSE
+searchFlags: fATTINDEX | fANR
+rangeLower: 0
+rangeUpper: 256
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 35986
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Phonetic-First-Name
+ldapDisplayName: msDS-PhoneticFirstName
+attributeId: 1.2.840.113556.1.4.1942
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 4b1cba4e-302f-4134-ac7c-f01f6c797843
+systemOnly: FALSE
+searchFlags: fATTINDEX | fANR
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 35982
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Phonetic-Last-Name
+ldapDisplayName: msDS-PhoneticLastName
+attributeId: 1.2.840.113556.1.4.1943
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f217e4ec-0836-4b90-88af-2f5d4bbda2bc
+systemOnly: FALSE
+searchFlags: fATTINDEX | fANR
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 35983
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Preferred-GC-Site
+ldapDisplayName: msDS-Preferred-GC-Site
+attributeId: 1.2.840.113556.1.4.1444
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: d921b50a-0ab2-42cd-87f6-09cf83a91854
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Principal-Name
+ldapDisplayName: msDS-PrincipalName
+attributeId: 1.2.840.113556.1.4.1865
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 564e9325-d057-c143-9e3b-4f9e5ef46f93
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Promotion-Settings
+ldapDisplayName: msDS-PromotionSettings
+attributeId: 1.2.840.113556.1.4.1962
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: c881b4e2-43c0-4ebe-b9bb-5250aa9b434c
+systemOnly: TRUE
+searchFlags: 0
+rangeUpper: 65536
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-PSO-Applied
+ldapDisplayName: msDS-PSOApplied
+attributeId: 1.2.840.113556.1.4.2021
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: fCOPY
+omObjectClass: 1.3.12.2.1011.28.0.714
+schemaIdGuid: 5e6cf031-bda8-43c8-aca4-8fee4127005b
+linkID: 2119
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-PSO-Applies-To
+ldapDisplayName: msDS-PSOAppliesTo
+attributeId: 1.2.840.113556.1.4.2020
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass: 1.3.12.2.1011.28.0.714
+schemaIdGuid: 64c80f48-cdd2-4881-a86d-4e97b6f561fc
+linkID: 2118
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Quota-Amount
+ldapDisplayName: msDS-QuotaAmount
+attributeId: 1.2.840.113556.1.4.1845
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: fbb9a00d-3a8c-4233-9cf9-7189264903a1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Quota-Effective
+ldapDisplayName: msDS-QuotaEffective
+attributeId: 1.2.840.113556.1.4.1848
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 6655b152-101c-48b4-b347-e1fcebc60157
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Quota-Trustee
+ldapDisplayName: msDS-QuotaTrustee
+attributeId: 1.2.840.113556.1.4.1844
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 16378906-4ea5-49be-a8d1-bfd41dff4f65
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 28
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Quota-Used
+ldapDisplayName: msDS-QuotaUsed
+attributeId: 1.2.840.113556.1.4.1849
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: b5a84308-615d-4bb7-b05f-2f1746aa439f
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Repl-Attribute-Meta-Data
+ldapDisplayName: msDS-ReplAttributeMetaData
+attributeId: 1.2.840.113556.1.4.1707
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: d7c53242-724e-4c39-9d4c-2df8c9d66c7a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: MS-DS-Replicates-NC-Reason
+ldapDisplayName: mS-DS-ReplicatesNCReason
+attributeId: 1.2.840.113556.1.4.1408
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.11
+isSingleValued: FALSE
+schemaIdGuid: 0ea12b84-08b3-11d3-91bc-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-ReplicationEpoch
+ldapDisplayName: msDS-ReplicationEpoch
+attributeId: 1.2.840.113556.1.4.1720
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 08e3aa79-eb1c-45b5-af7b-8f94246c8e41
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Replication-Notify-First-DSA-Delay
+ldapDisplayName: msDS-Replication-Notify-First-DSA-Delay
+attributeId: 1.2.840.113556.1.4.1663
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 85abd4f4-0a89-4e49-bdec-6f35bb2562ba
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Replication-Notify-Subsequent-DSA-Delay
+ldapDisplayName: msDS-Replication-Notify-Subsequent-DSA-Delay
+attributeId: 1.2.840.113556.1.4.1664
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d63db385-dd92-4b52-b1d8-0d3ecc0e86b6
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Repl-Value-Meta-Data
+ldapDisplayName: msDS-ReplValueMetaData
+attributeId: 1.2.840.113556.1.4.1708
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 2f5c8145-e1bd-410b-8957-8bfa81d5acfd
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Resultant-PSO
+ldapDisplayName: msDS-ResultantPSO
+attributeId: 1.2.840.113556.1.4.2022
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: fCOPY
+omObjectClass: 1.3.12.2.1011.28.0.714
+schemaIdGuid: b77ea093-88d0-4780-9a98-911f8e8b1dca
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Retired-Repl-NC-Signatures
+ldapDisplayName: msDS-RetiredReplNCSignatures
+attributeId: 1.2.840.113556.1.4.1826
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: d5b35506-19d6-4d26-9afb-11357ac99b5e
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Revealed-DSAs
+ldapDisplayName: msDS-RevealedDSAs
+attributeId: 1.2.840.113556.1.4.1930
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 94f6f2ac-c76d-4b5e-b71f-f332c3e93c22
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2103
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Revealed-List
+ldapDisplayName: msDS-RevealedList
+attributeId: 1.2.840.113556.1.4.1940
+attributeSyntax: 2.5.5.14
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.12
+isSingleValued: FALSE
+schemaIdGuid: cbdad11c-7fec-387b-6219-3a0627d9af81
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Revealed-List-BL
+ldapDisplayName: msDS-RevealedListBL
+attributeId: 1.2.840.113556.1.4.1975
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: aa1c88fd-b0f6-429f-b2ca-9d902266e808
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Revealed-Users
+ldapDisplayName: msDS-RevealedUsers
+attributeId: 1.2.840.113556.1.4.1924
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.11
+isSingleValued: FALSE
+schemaIdGuid: 185c7821-3749-443a-bd6a-288899071adb
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2102
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Reveal-OnDemand-Group
+ldapDisplayName: msDS-RevealOnDemandGroup
+attributeId: 1.2.840.113556.1.4.1928
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 303d9f4a-1dd6-4b38-8fc5-33afe8c988ad
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2110
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-ds-Schema-Extensions
+ldapDisplayName: msDs-Schema-Extensions
+attributeId: 1.2.840.113556.1.4.1440
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: b39a61be-ed07-4cab-9a4a-4963ed0141e1
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-SD-Reference-Domain
+ldapDisplayName: msDS-SDReferenceDomain
+attributeId: 1.2.840.113556.1.4.1711
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 4c51e316-f628-43a5-b06b-ffb695fcb4f3
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2000
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Secondary-KrbTgt-Number
+ldapDisplayName: msDS-SecondaryKrbTgtNumber
+attributeId: 1.2.840.113556.1.4.1929
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: aa156612-2396-467e-ad6a-28d23fdb1865
+systemOnly: TRUE
+searchFlags: fATTINDEX
+rangeLower: 65536
+rangeUpper: 65536
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Security-Group-Extra-Classes
+ldapDisplayName: msDS-Security-Group-Extra-Classes
+attributeId: 1.2.840.113556.1.4.1688
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 4f146ae8-a4fe-4801-a731-f51848a4f4e4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Settings
+ldapDisplayName: msDS-Settings
+attributeId: 1.2.840.113556.1.4.1697
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0e1b47d7-40a3-4b48-8d1b-4cac0c1cdf21
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1000000
+
+cn: ms-DS-Site-Affinity
+ldapDisplayName: msDS-Site-Affinity
+attributeId: 1.2.840.113556.1.4.1443
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: c17c5602-bcb7-46f0-9656-6370ca884b72
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-SiteName
+ldapDisplayName: msDS-SiteName
+attributeId: 1.2.840.113556.1.4.1961
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 98a7f36d-3595-448a-9e6f-6b8965baed9c
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Source-Object-DN
+ldapDisplayName: msDS-SourceObjectDN
+attributeId: 1.2.840.113556.1.4.1879
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 773e93af-d3b4-48d4-b3f9-06457602d3d0
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 10240
+
+cn: ms-DS-SPN-Suffixes
+ldapDisplayName: msDS-SPNSuffixes
+attributeId: 1.2.840.113556.1.4.1715
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 789ee1eb-8c8e-4e4c-8cec-79b31b7617b5
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 255
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Supported-Encryption-Types
+ldapDisplayName: msDS-SupportedEncryptionTypes
+attributeId: 1.2.840.113556.1.4.1963
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 20119867-1d04-4ab7-9371-cfc3d5df0afd
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Tasks-For-Az-Role
+ldapDisplayName: msDS-TasksForAzRole
+attributeId: 1.2.840.113556.1.4.1814
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 35319082-8c4a-4646-9386-c2949d49894d
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2024
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Tasks-For-Az-Role-BL
+ldapDisplayName: msDS-TasksForAzRoleBL
+attributeId: 1.2.840.113556.1.4.1815
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: a0dcd536-5158-42fe-8c40-c00a7ad37959
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2025
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-Tasks-For-Az-Task
+ldapDisplayName: msDS-TasksForAzTask
+attributeId: 1.2.840.113556.1.4.1810
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: b11c8ee2-5fcd-46a7-95f0-f38333f096cf
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2020
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Tasks-For-Az-Task-BL
+ldapDisplayName: msDS-TasksForAzTaskBL
+attributeId: 1.2.840.113556.1.4.1811
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: df446e52-b5fa-4ca2-a42f-13f98a526c8f
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2021
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-Tombstone-Quota-Factor
+ldapDisplayName: msDS-TombstoneQuotaFactor
+attributeId: 1.2.840.113556.1.4.1847
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 461744d7-f3b6-45ba-8753-fb9552a5df32
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 100
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Top-Quota-Usage
+ldapDisplayName: msDS-TopQuotaUsage
+attributeId: 1.2.840.113556.1.4.1850
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7b7cce4f-f1f5-4bb6-b7eb-23504af19e75
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Trust-Forest-Trust-Info
+ldapDisplayName: msDS-TrustForestTrustInfo
+attributeId: 1.2.840.113556.1.4.1702
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 29cc866e-49d3-4969-942e-1dbc0925d183
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-UpdateScript
+ldapDisplayName: msDS-UpdateScript
+attributeId: 1.2.840.113556.1.4.1721
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 146eb639-bb9f-4fc1-a825-e29e00c77920
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-User-Account-Control-Computed
+ldapDisplayName: msDS-User-Account-Control-Computed
+attributeId: 1.2.840.113556.1.4.1460
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 2cc4b836-b63f-4940-8d23-ea7acf06af56
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 4c164200-20c0-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-User-Password-Expiry-Time-Computed
+ldapDisplayName: msDS-UserPasswordExpiryTimeComputed
+attributeId: 1.2.840.113556.1.4.1996
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: add5cf10-7b09-4449-9ae6-2534148f8a72
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 4c164200-20c0-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-Exch-Assistant-Name
+ldapDisplayName: msExchAssistantName
+attributeId: 1.2.840.113556.1.2.444
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a8df7394-c5ea-11d1-bbcb-0080c76670c0
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+mapiID: 14896
+
+cn: ms-Exch-House-Identifier
+ldapDisplayName: msExchHouseIdentifier
+attributeId: 1.2.840.113556.1.2.596
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a8df7407-c5ea-11d1-bbcb-0080c76670c0
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 128
+mapiID: 35924
+
+cn: ms-Exch-LabeledURI
+ldapDisplayName: msExchLabeledURI
+attributeId: 1.2.840.113556.1.2.593
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 16775820-47f3-11d1-a9c3-0000f80367c1
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 1024
+mapiID: 35921
+
+cn: ms-Exch-Owner-BL
+ldapDisplayName: ownerBL
+attributeId: 1.2.840.113556.1.2.104
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: bf9679f4-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+linkID: 45
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-FRS-Hub-Member
+ldapDisplayName: msFRS-Hub-Member
+attributeId: 1.2.840.113556.1.4.1693
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 5643ff81-35b6-4ca9-9512-baf0bd0a2772
+searchFlags: 0
+linkID: 1046
+
+cn: ms-FRS-Topology-Pref
+ldapDisplayName: msFRS-Topology-Pref
+attributeId: 1.2.840.113556.1.4.1692
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 92aa27e0-5c50-402d-9ec1-ee847def9788
+searchFlags: 0
+
+cn: ms-FVE-KeyPackage
+ldapDisplayName: msFVE-KeyPackage
+attributeId: 1.2.840.113556.1.4.1999
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+rangeUpper: 102400
+schemaIdGuid: 1fd55ea8-88a7-47dc-8129-0daa97186a54
+searchFlags: fRODCFilteredAttribute | fCONFIDENTIAL | fCOPY |fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-FVE-RecoveryGuid
+ldapDisplayName: msFVE-RecoveryGuid
+attributeId: 1.2.840.113556.1.4.1965
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: f76909bc-e678-47a0-b0b3-f86a0044c06d
+searchFlags: fCOPY | fPRESERVEONDELETE | fPDNTATTINDEX | fATTINDEX
+rangeUpper: 128
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-FVE-RecoveryPassword
+ldapDisplayName: msFVE-RecoveryPassword
+attributeId: 1.2.840.113556.1.4.1964
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+rangeUpper: 256
+schemaIdGuid: 43061ac1-c8ad-4ccc-b785-2bfac20fc60a
+searchFlags: fRODCFilteredAttribute | fCONFIDENTIAL | fCOPY |fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-FVE-VolumeGuid
+ldapDisplayName: msFVE-VolumeGuid
+attributeId: 1.2.840.113556.1.4.1998
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+searchFlags: fCOPY | fPRESERVEONDELETE | fPDNTATTINDEX | fATTINDEX
+rangeUpper: 128
+schemaIdGuid: 85e5a5cf-dcee-4075-9cfd-ac9db6a2f245
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-ieee-80211-Data
+ldapDisplayName: msieee80211-Data
+attributeId: 1.2.840.113556.1.4.1821
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 0e0d0938-2658-4580-a9f6-7a0ac7b566cb
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-ieee-80211-Data-Type
+ldapDisplayName: msieee80211-DataType
+attributeId: 1.2.840.113556.1.4.1822
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 6558b180-35da-4efe-beed-521f8f48cafb
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-ieee-80211-ID
+ldapDisplayName: msieee80211-ID
+attributeId: 1.2.840.113556.1.4.1823
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7f73ef75-14c9-4c23-81de-dd07a06f9e8b
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Msi-File-List
+ldapDisplayName: msiFileList
+attributeId: 1.2.840.113556.1.4.671
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7bfdcb7d-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-IIS-FTP-Dir
+ldapDisplayName: msIIS-FTPDir
+attributeId: 1.2.840.113556.1.4.1786
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 8a5c99e9-2230-46eb-b8e8-e59d712eb9ee
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-IIS-FTP-Root
+ldapDisplayName: msIIS-FTPRoot
+attributeId: 1.2.840.113556.1.4.1785
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2a7827a4-1483-49a5-9d84-52e3812156b4
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Msi-Script
+ldapDisplayName: msiScript
+attributeId: 1.2.840.113556.1.4.814
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: d9e18313-8939-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Msi-Script-Name
+ldapDisplayName: msiScriptName
+attributeId: 1.2.840.113556.1.4.845
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 96a7dd62-9118-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Msi-Script-Path
+ldapDisplayName: msiScriptPath
+attributeId: 1.2.840.113556.1.4.15
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967937-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Msi-Script-Size
+ldapDisplayName: msiScriptSize
+attributeId: 1.2.840.113556.1.4.846
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 96a7dd63-9118-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Authenticate
+ldapDisplayName: mSMQAuthenticate
+attributeId: 1.2.840.113556.1.4.923
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc326-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Base-Priority
+ldapDisplayName: mSMQBasePriority
+attributeId: 1.2.840.113556.1.4.920
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc323-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Computer-Type
+ldapDisplayName: mSMQComputerType
+attributeId: 1.2.840.113556.1.4.933
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc32e-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Computer-Type-Ex
+ldapDisplayName: mSMQComputerTypeEx
+attributeId: 1.2.840.113556.1.4.1417
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 18120de8-f4c4-4341-bd95-32eb5bcf7c80
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Cost
+ldapDisplayName: mSMQCost
+attributeId: 1.2.840.113556.1.4.946
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc33a-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-CSP-Name
+ldapDisplayName: mSMQCSPName
+attributeId: 1.2.840.113556.1.4.940
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc334-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Dependent-Client-Service
+ldapDisplayName: mSMQDependentClientService
+attributeId: 1.2.840.113556.1.4.1239
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 2df90d83-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Dependent-Client-Services
+ldapDisplayName: mSMQDependentClientServices
+attributeId: 1.2.840.113556.1.4.1226
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 2df90d76-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Digests
+ldapDisplayName: mSMQDigests
+attributeId: 1.2.840.113556.1.4.948
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 9a0dc33c-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 16
+rangeUpper: 16
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Digests-Mig
+ldapDisplayName: mSMQDigestsMig
+attributeId: 1.2.840.113556.1.4.966
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 0f71d8e0-da3b-11d1-90a5-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Ds-Service
+ldapDisplayName: mSMQDsService
+attributeId: 1.2.840.113556.1.4.1238
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 2df90d82-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Ds-Services
+ldapDisplayName: mSMQDsServices
+attributeId: 1.2.840.113556.1.4.1228
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 2df90d78-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Encrypt-Key
+ldapDisplayName: mSMQEncryptKey
+attributeId: 1.2.840.113556.1.4.936
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc331-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Foreign
+ldapDisplayName: mSMQForeign
+attributeId: 1.2.840.113556.1.4.934
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc32f-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-In-Routing-Servers
+ldapDisplayName: mSMQInRoutingServers
+attributeId: 1.2.840.113556.1.4.929
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 9a0dc32c-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Interval1
+ldapDisplayName: mSMQInterval1
+attributeId: 1.2.840.113556.1.4.1308
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 8ea825aa-3b7b-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Interval2
+ldapDisplayName: mSMQInterval2
+attributeId: 1.2.840.113556.1.4.1309
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 99b88f52-3b7b-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Journal
+ldapDisplayName: mSMQJournal
+attributeId: 1.2.840.113556.1.4.918
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc321-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Journal-Quota
+ldapDisplayName: mSMQJournalQuota
+attributeId: 1.2.840.113556.1.4.921
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc324-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Label
+ldapDisplayName: mSMQLabel
+attributeId: 1.2.840.113556.1.4.922
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc325-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 124
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Label-Ex
+ldapDisplayName: mSMQLabelEx
+attributeId: 1.2.840.113556.1.4.1415
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 4580ad25-d407-48d2-ad24-43e6e56793d7
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 124
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Long-Lived
+ldapDisplayName: mSMQLongLived
+attributeId: 1.2.840.113556.1.4.941
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc335-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Migrated
+ldapDisplayName: mSMQMigrated
+attributeId: 1.2.840.113556.1.4.952
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc33f-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Multicast-Address
+ldapDisplayName: MSMQ-MulticastAddress
+attributeId: 1.2.840.113556.1.4.1714
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1d2f4412-f10d-4337-9b48-6e5b125cd265
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 9
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Name-Style
+ldapDisplayName: mSMQNameStyle
+attributeId: 1.2.840.113556.1.4.939
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc333-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Nt4-Flags
+ldapDisplayName: mSMQNt4Flags
+attributeId: 1.2.840.113556.1.4.964
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: eb38a158-d57f-11d1-90a2-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Nt4-Stub
+ldapDisplayName: mSMQNt4Stub
+attributeId: 1.2.840.113556.1.4.960
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+schemaIdGuid: 6f914be6-d57e-11d1-90a2-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-OS-Type
+ldapDisplayName: mSMQOSType
+attributeId: 1.2.840.113556.1.4.935
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc330-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Out-Routing-Servers
+ldapDisplayName: mSMQOutRoutingServers
+attributeId: 1.2.840.113556.1.4.928
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 9a0dc32b-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Owner-ID
+ldapDisplayName: mSMQOwnerID
+attributeId: 1.2.840.113556.1.4.925
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc328-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fPRESERVEONDELETE | fATTINDEX
+rangeLower: 16
+rangeUpper: 16
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: MSMQ-Prev-Site-Gates
+ldapDisplayName: mSMQPrevSiteGates
+attributeId: 1.2.840.113556.1.4.1225
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 2df90d75-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Privacy-Level
+ldapDisplayName: mSMQPrivacyLevel
+attributeId: 1.2.840.113556.1.4.924
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc327-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-QM-ID
+ldapDisplayName: mSMQQMID
+attributeId: 1.2.840.113556.1.4.951
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc33e-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Queue-Journal-Quota
+ldapDisplayName: mSMQQueueJournalQuota
+attributeId: 1.2.840.113556.1.4.963
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 8e441266-d57f-11d1-90a2-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Queue-Name-Ext
+ldapDisplayName: mSMQQueueNameExt
+attributeId: 1.2.840.113556.1.4.1243
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2df90d87-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 92
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Queue-Quota
+ldapDisplayName: mSMQQueueQuota
+attributeId: 1.2.840.113556.1.4.962
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 3f6b8e12-d57f-11d1-90a2-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Queue-Type
+ldapDisplayName: mSMQQueueType
+attributeId: 1.2.840.113556.1.4.917
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc320-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 16
+rangeUpper: 16
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Quota
+ldapDisplayName: mSMQQuota
+attributeId: 1.2.840.113556.1.4.919
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc322-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Recipient-FormatName
+ldapDisplayName: msMQ-Recipient-FormatName
+attributeId: 1.2.840.113556.1.4.1695
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3bfe6748-b544-485a-b067-1b310c4334bf
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 255
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Routing-Service
+ldapDisplayName: mSMQRoutingService
+attributeId: 1.2.840.113556.1.4.1237
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 2df90d81-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Routing-Services
+ldapDisplayName: mSMQRoutingServices
+attributeId: 1.2.840.113556.1.4.1227
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 2df90d77-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Secured-Source
+ldapDisplayName: MSMQ-SecuredSource
+attributeId: 1.2.840.113556.1.4.1713
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 8bf0221b-7a06-4d63-91f0-1499941813d3
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Services
+ldapDisplayName: mSMQServices
+attributeId: 1.2.840.113556.1.4.950
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc33d-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Service-Type
+ldapDisplayName: mSMQServiceType
+attributeId: 1.2.840.113556.1.4.930
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc32d-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Sign-Certificates
+ldapDisplayName: mSMQSignCertificates
+attributeId: 1.2.840.113556.1.4.947
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc33b-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1048576
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Sign-Certificates-Mig
+ldapDisplayName: mSMQSignCertificatesMig
+attributeId: 1.2.840.113556.1.4.967
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 3881b8ea-da3b-11d1-90a5-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1048576
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Sign-Key
+ldapDisplayName: mSMQSignKey
+attributeId: 1.2.840.113556.1.4.937
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc332-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Site-1
+ldapDisplayName: mSMQSite1
+attributeId: 1.2.840.113556.1.4.943
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc337-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Site-2
+ldapDisplayName: mSMQSite2
+attributeId: 1.2.840.113556.1.4.944
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc338-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Site-Foreign
+ldapDisplayName: mSMQSiteForeign
+attributeId: 1.2.840.113556.1.4.961
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: FALSE
+schemaIdGuid: fd129d8a-d57e-11d1-90a2-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Site-Gates
+ldapDisplayName: mSMQSiteGates
+attributeId: 1.2.840.113556.1.4.945
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 9a0dc339-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Site-Gates-Mig
+ldapDisplayName: mSMQSiteGatesMig
+attributeId: 1.2.840.113556.1.4.1310
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: e2704852-3b7b-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Site-ID
+ldapDisplayName: mSMQSiteID
+attributeId: 1.2.840.113556.1.4.953
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc340-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Site-Name
+ldapDisplayName: mSMQSiteName
+attributeId: 1.2.840.113556.1.4.965
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: TRUE
+schemaIdGuid: ffadb4b2-de39-11d1-90a5-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Site-Name-Ex
+ldapDisplayName: mSMQSiteNameEx
+attributeId: 1.2.840.113556.1.4.1416
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 422144fa-c17f-4649-94d6-9731ed2784ed
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Sites
+ldapDisplayName: mSMQSites
+attributeId: 1.2.840.113556.1.4.927
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 9a0dc32a-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Transactional
+ldapDisplayName: mSMQTransactional
+attributeId: 1.2.840.113556.1.4.926
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc329-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-User-Sid
+ldapDisplayName: mSMQUserSid
+attributeId: 1.2.840.113556.1.4.1337
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: c58aae32-56f9-11d2-90d0-00c04fd91ab1
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 128
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+
+cn: MSMQ-Version
+ldapDisplayName: mSMQVersion
+attributeId: 1.2.840.113556.1.4.942
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc336-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-net-ieee-80211-GP-PolicyData
+ldapDisplayName: ms-net-ieee-80211-GP-PolicyData
+attributeId: 1.2.840.113556.1.4.1952
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 9c1495a5-4d76-468e-991e-1433b0a67855
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 4194304
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-net-ieee-80211-GP-PolicyGUID
+ldapDisplayName: ms-net-ieee-80211-GP-PolicyGUID
+attributeId: 1.2.840.113556.1.4.1951
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 35697062-1eaf-448b-ac1e-388e0be4fdee
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 64
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-net-ieee-80211-GP-PolicyReserved
+ldapDisplayName: ms-net-ieee-80211-GP-PolicyReserved
+attributeId: 1.2.840.113556.1.4.1953
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 0f69c62e-088e-4ff5-a53a-e923cec07c0a
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 4194304
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-net-ieee-8023-GP-PolicyData
+ldapDisplayName: ms-net-ieee-8023-GP-PolicyData
+attributeId: 1.2.840.113556.1.4.1955
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 8398948b-7457-4d91-bd4d-8d7ed669c9f7
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1048576
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-net-ieee-8023-GP-PolicyGUID
+ldapDisplayName: ms-net-ieee-8023-GP-PolicyGUID
+attributeId: 1.2.840.113556.1.4.1954
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 94a7b05a-b8b2-4f59-9c25-39e69baa1684
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 64
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-net-ieee-8023-GP-PolicyReserved
+ldapDisplayName: ms-net-ieee-8023-GP-PolicyReserved
+attributeId: 1.2.840.113556.1.4.1956
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: d3c527c7-2606-4deb-8cfd-18426feec8ce
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1048576
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msNPAllowDialin
+ldapDisplayName: msNPAllowDialin
+attributeId: 1.2.840.113556.1.4.1119
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: db0c9085-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msNPCalledStationID
+ldapDisplayName: msNPCalledStationID
+attributeId: 1.2.840.113556.1.4.1123
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: db0c9089-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msNPCallingStationID
+ldapDisplayName: msNPCallingStationID
+attributeId: 1.2.840.113556.1.4.1124
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: db0c908a-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msNPSavedCallingStationID
+ldapDisplayName: msNPSavedCallingStationID
+attributeId: 1.2.840.113556.1.4.1130
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: db0c908e-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-AccountCredentials
+ldapDisplayName: msPKIAccountCredentials
+attributeId: 1.2.840.113556.1.4.1894
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.11
+isSingleValued: FALSE
+schemaIdGuid: b8dfa744-31dc-4ef1-ac7c-84baf7ef9da7
+systemOnly: FALSE
+searchFlags: fCONFIDENTIAL | fRODCFilteredAttribute
+attributeSecurityGuid: 91e647de-d96f-4b70-9557-d63ff4f3ccd8
+linkID: 2048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Certificate-Application-Policy
+ldapDisplayName: msPKI-Certificate-Application-Policy
+attributeId: 1.2.840.113556.1.4.1674
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: dbd90548-aa37-4202-9966-8c537ba5ce32
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Certificate-Name-Flag
+ldapDisplayName: msPKI-Certificate-Name-Flag
+attributeId: 1.2.840.113556.1.4.1432
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ea1dddc4-60ff-416e-8cc0-17cee534bce7
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Certificate-Policy
+ldapDisplayName: msPKI-Certificate-Policy
+attributeId: 1.2.840.113556.1.4.1439
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 38942346-cc5b-424b-a7d8-6ffd12029c5f
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Cert-Template-OID
+ldapDisplayName: msPKI-Cert-Template-OID
+attributeId: 1.2.840.113556.1.4.1436
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3164c36a-ba26-468c-8bda-c1e5cc256728
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-DPAPIMasterKeys
+ldapDisplayName: msPKIDPAPIMasterKeys
+attributeId: 1.2.840.113556.1.4.1893
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.11
+isSingleValued: FALSE
+schemaIdGuid: b3f93023-9239-4f7c-b99c-6745d87adbc2
+systemOnly: FALSE
+searchFlags: fCONFIDENTIAL | fRODCFilteredAttribute
+attributeSecurityGuid: 91e647de-d96f-4b70-9557-d63ff4f3ccd8
+linkID: 2046
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Enrollment-Flag
+ldapDisplayName: msPKI-Enrollment-Flag
+attributeId: 1.2.840.113556.1.4.1430
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d15ef7d8-f226-46db-ae79-b34e560bd12c
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Minimal-Key-Size
+ldapDisplayName: msPKI-Minimal-Key-Size
+attributeId: 1.2.840.113556.1.4.1433
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: e96a63f5-417f-46d3-be52-db7703c503df
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-OID-Attribute
+ldapDisplayName: msPKI-OID-Attribute
+attributeId: 1.2.840.113556.1.4.1671
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 8c9e1288-5028-4f4f-a704-76d026f246ef
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-OID-CPS
+ldapDisplayName: msPKI-OID-CPS
+attributeId: 1.2.840.113556.1.4.1672
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 5f49940e-a79f-4a51-bb6f-3d446a54dc6b
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 32768
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-OID-LocalizedName
+ldapDisplayName: msPKI-OIDLocalizedName
+attributeId: 1.2.840.113556.1.4.1712
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7d59a816-bb05-4a72-971f-5c1331f67559
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 512
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-OID-User-Notice
+ldapDisplayName: msPKI-OID-User-Notice
+attributeId: 1.2.840.113556.1.4.1673
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 04c4da7a-e114-4e69-88de-e293f2d3b395
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 32768
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Private-Key-Flag
+ldapDisplayName: msPKI-Private-Key-Flag
+attributeId: 1.2.840.113556.1.4.1431
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bab04ac2-0435-4709-9307-28380e7c7001
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-RA-Application-Policies
+ldapDisplayName: msPKI-RA-Application-Policies
+attributeId: 1.2.840.113556.1.4.1675
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 3c91fbbf-4773-4ccd-a87b-85d53e7bcf6a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-RA-Policies
+ldapDisplayName: msPKI-RA-Policies
+attributeId: 1.2.840.113556.1.4.1438
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: d546ae22-0951-4d47-817e-1c9f96faad46
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-RA-Signature
+ldapDisplayName: msPKI-RA-Signature
+attributeId: 1.2.840.113556.1.4.1429
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: fe17e04b-937d-4f7e-8e0e-9292c8d5683e
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-RoamingTimeStamp
+ldapDisplayName: msPKIRoamingTimeStamp
+attributeId: 1.2.840.113556.1.4.1892
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 6617e4ac-a2f1-43ab-b60c-11fbd1facf05
+systemOnly: FALSE
+searchFlags: fCONFIDENTIAL | fRODCFilteredAttribute
+attributeSecurityGuid: 91e647de-d96f-4b70-9557-d63ff4f3ccd8
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Supersede-Templates
+ldapDisplayName: msPKI-Supersede-Templates
+attributeId: 1.2.840.113556.1.4.1437
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9de8ae7d-7a5b-421d-b5e4-061f79dfd5d7
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Template-Minor-Revision
+ldapDisplayName: msPKI-Template-Minor-Revision
+attributeId: 1.2.840.113556.1.4.1435
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 13f5236c-1884-46b1-b5d0-484e38990d58
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Template-Schema-Version
+ldapDisplayName: msPKI-Template-Schema-Version
+attributeId: 1.2.840.113556.1.4.1434
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 0c15e9f5-491d-4594-918f-32813a091da9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msRADIUSCallbackNumber
+ldapDisplayName: msRADIUSCallbackNumber
+attributeId: 1.2.840.113556.1.4.1145
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: db0c909c-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-RADIUS-FramedInterfaceId
+ldapDisplayName: msRADIUS-FramedInterfaceId
+attributeId: 1.2.840.113556.1.4.1913
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: a6f24a23-d65c-4d65-a64f-35fb6873c2b9
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeUpper: 8
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msRADIUSFramedIPAddress
+ldapDisplayName: msRADIUSFramedIPAddress
+attributeId: 1.2.840.113556.1.4.1153
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: db0c90a4-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-RADIUS-FramedIpv6Prefix
+ldapDisplayName: msRADIUS-FramedIpv6Prefix
+attributeId: 1.2.840.113556.1.4.1915
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: f63ed610-d67c-494d-87be-cd1e24359a38
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-RADIUS-FramedIpv6Route
+ldapDisplayName: msRADIUS-FramedIpv6Route
+attributeId: 1.2.840.113556.1.4.1917
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 5a5aa804-3083-4863-94e5-018a79a22ec0
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeUpper: 4096
+
+cn: msRADIUSFramedRoute
+ldapDisplayName: msRADIUSFramedRoute
+attributeId: 1.2.840.113556.1.4.1158
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: db0c90a9-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-RADIUS-SavedFramedInterfaceId
+ldapDisplayName: msRADIUS-SavedFramedInterfaceId
+attributeId: 1.2.840.113556.1.4.1914
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: a4da7289-92a3-42e5-b6b6-dad16d280ac9
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeUpper: 8
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-RADIUS-SavedFramedIpv6Prefix
+ldapDisplayName: msRADIUS-SavedFramedIpv6Prefix
+attributeId: 1.2.840.113556.1.4.1916
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: 0965a062-b1e1-403b-b48d-5c0eb0e952cc
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-RADIUS-SavedFramedIpv6Route
+ldapDisplayName: msRADIUS-SavedFramedIpv6Route
+attributeId: 1.2.840.113556.1.4.1918
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 9666bb5c-df9d-4d41-b437-2eec7e27c9b3
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeUpper: 4096
+
+cn: msRADIUSServiceType
+ldapDisplayName: msRADIUSServiceType
+attributeId: 1.2.840.113556.1.4.1171
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: db0c90b6-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msRASSavedCallbackNumber
+ldapDisplayName: msRASSavedCallbackNumber
+attributeId: 1.2.840.113556.1.4.1189
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: db0c90c5-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msRASSavedFramedIPAddress
+ldapDisplayName: msRASSavedFramedIPAddress
+attributeId: 1.2.840.113556.1.4.1190
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: db0c90c6-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msRASSavedFramedRoute
+ldapDisplayName: msRASSavedFramedRoute
+attributeId: 1.2.840.113556.1.4.1191
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: db0c90c7-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-RRAS-Attribute
+ldapDisplayName: msRRASAttribute
+attributeId: 1.2.840.113556.1.4.884
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f39b98ad-938d-11d1-aebd-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-RRAS-Vendor-Attribute-Entry
+ldapDisplayName: msRRASVendorAttributeEntry
+attributeId: 1.2.840.113556.1.4.883
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f39b98ac-938d-11d1-aebd-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msSFU-30-Aliases
+ldapDisplayName: msSFU30Aliases
+attributeId: 1.2.840.113556.1.6.18.1.323
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 20ebf171-c69a-4c31-b29d-dcb837d8912d
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 153600
+
+cn: msSFU-30-Crypt-Method
+ldapDisplayName: msSFU30CryptMethod
+attributeId: 1.2.840.113556.1.6.18.1.352
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: 4503d2a3-3d70-41b8-b077-dff123c15865
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: msSFU-30-Domains
+ldapDisplayName: msSFU30Domains
+attributeId: 1.2.840.113556.1.6.18.1.340
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 93095ed3-6f30-4bdd-b734-65d569f5f7c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeUpper: 256000
+
+cn: msSFU-30-Field-Separator
+ldapDisplayName: msSFU30FieldSeparator
+attributeId: 1.2.840.113556.1.6.18.1.302
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a2e11a42-e781-4ca1-a7fa-ec307f62b6a1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 50
+
+cn: msSFU-30-Intra-Field-Separator
+ldapDisplayName: msSFU30IntraFieldSeparator
+attributeId: 1.2.840.113556.1.6.18.1.303
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 95b2aef0-27e4-4cb9-880a-a2d9a9ea23b8
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 50
+
+cn: msSFU-30-Is-Valid-Container
+ldapDisplayName: msSFU30IsValidContainer
+attributeId: 1.2.840.113556.1.6.18.1.350
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 0dea42f5-278d-4157-b4a7-49b59664915b
+systemOnly: FALSE
+searchFlags: fATTINDEX
+
+cn: msSFU-30-Key-Attributes
+ldapDisplayName: msSFU30KeyAttributes
+attributeId: 1.2.840.113556.1.6.18.1.301
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 32ecd698-ce9e-4894-a134-7ad76b082e83
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: msSFU-30-Key-Values
+ldapDisplayName: msSFU30KeyValues
+attributeId: 1.2.840.113556.1.6.18.1.324
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 37830235-e5e9-46f2-922b-d8d44f03e7ae
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10240
+
+cn: msSFU-30-Map-Filter
+ldapDisplayName: msSFU30MapFilter
+attributeId: 1.2.840.113556.1.6.18.1.306
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b7b16e01-024f-4e23-ad0d-71f1a406b684
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: msSFU-30-Master-Server-Name
+ldapDisplayName: msSFU30MasterServerName
+attributeId: 1.2.840.113556.1.6.18.1.307
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 4cc908a2-9e18-410e-8459-f17cc422020a
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeUpper: 1024
+
+cn: msSFU-30-Max-Gid-Number
+ldapDisplayName: msSFU30MaxGidNumber
+attributeId: 1.2.840.113556.1.6.18.1.342
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 04ee6aa6-f83b-469a-bf5a-3c00d3634669
+systemOnly: FALSE
+searchFlags: fATTINDEX
+
+cn: msSFU-30-Max-Uid-Number
+ldapDisplayName: msSFU30MaxUidNumber
+attributeId: 1.2.840.113556.1.6.18.1.343
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ec998437-d944-4a28-8500-217588adfc75
+systemOnly: FALSE
+searchFlags: fATTINDEX
+
+cn: msSFU-30-Name
+ldapDisplayName: msSFU30Name
+attributeId: 1.2.840.113556.1.6.18.1.309
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: 16c5d1d3-35c2-4061-a870-a5cefda804f0
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeUpper: 1024
+
+cn: msSFU-30-Netgroup-Host-At-Domain
+ldapDisplayName: msSFU30NetgroupHostAtDomain
+attributeId: 1.2.840.113556.1.6.18.1.348
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 97d2bf65-0466-4852-a25a-ec20f57ee36c
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeUpper: 2048
+
+cn: msSFU-30-Netgroup-User-At-Domain
+ldapDisplayName: msSFU30NetgroupUserAtDomain
+attributeId: 1.2.840.113556.1.6.18.1.349
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: a9e84eed-e630-4b67-b4b3-cad2a82d345e
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeUpper: 2048
+
+cn: msSFU-30-Nis-Domain
+ldapDisplayName: msSFU30NisDomain
+attributeId: 1.2.840.113556.1.6.18.1.339
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: 9ee3b2e3-c7f3-45f8-8c9f-1382be4984d2
+systemOnly: FALSE
+searchFlags: fPRESERVEONDELETE | fATTINDEX
+rangeUpper: 1024
+
+cn: msSFU-30-NSMAP-Field-Position
+ldapDisplayName: msSFU30NSMAPFieldPosition
+attributeId: 1.2.840.113556.1.6.18.1.345
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: 585c9d5e-f599-4f07-9cf9-4373af4b89d3
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: msSFU-30-Order-Number
+ldapDisplayName: msSFU30OrderNumber
+attributeId: 1.2.840.113556.1.6.18.1.308
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 02625f05-d1ee-4f9f-b366-55266becb95c
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeUpper: 1024
+
+cn: msSFU-30-Posix-Member
+ldapDisplayName: msSFU30PosixMember
+attributeId: 1.2.840.113556.1.6.18.1.346
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: c875d82d-2848-4cec-bb50-3c5486d09d57
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2030
+
+cn: msSFU-30-Posix-Member-Of
+ldapDisplayName: msSFU30PosixMemberOf
+attributeId: 1.2.840.113556.1.6.18.1.347
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 7bd76b92-3244-438a-ada6-24f5ea34381e
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2031
+systemFlags:  FLAG_ATTR_NOT_REPLICATED
+
+cn: msSFU-30-Result-Attributes
+ldapDisplayName: msSFU30ResultAttributes
+attributeId: 1.2.840.113556.1.6.18.1.305
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: e167b0b6-4045-4433-ac35-53f972d45cba
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: msSFU-30-Search-Attributes
+ldapDisplayName: msSFU30SearchAttributes
+attributeId: 1.2.840.113556.1.6.18.1.304
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: ef9a2df0-2e57-48c8-8950-0cc674004733
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: msSFU-30-Search-Container
+ldapDisplayName: msSFU30SearchContainer
+attributeId: 1.2.840.113556.1.6.18.1.300
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 27eebfa2-fbeb-4f8e-aad6-c50247994291
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 2048
+
+cn: msSFU-30-Yp-Servers
+ldapDisplayName: msSFU30YpServers
+attributeId: 1.2.840.113556.1.6.18.1.341
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 084a944b-e150-4bfe-9345-40e1aedaebba
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeUpper: 20480
+
+cn: MS-SQL-Alias
+ldapDisplayName: mS-SQL-Alias
+attributeId: 1.2.840.113556.1.4.1395
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: e0c6baae-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: fATTINDEX
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-AllowAnonymousSubscription
+ldapDisplayName: mS-SQL-AllowAnonymousSubscription
+attributeId: 1.2.840.113556.1.4.1394
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: db77be4a-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-AllowImmediateUpdatingSubscription
+ldapDisplayName: mS-SQL-AllowImmediateUpdatingSubscription
+attributeId: 1.2.840.113556.1.4.1404
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: c4186b6e-d34b-11d2-999a-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-AllowKnownPullSubscription
+ldapDisplayName: mS-SQL-AllowKnownPullSubscription
+attributeId: 1.2.840.113556.1.4.1403
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: c3bb7054-d34b-11d2-999a-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-AllowQueuedUpdatingSubscription
+ldapDisplayName: mS-SQL-AllowQueuedUpdatingSubscription
+attributeId: 1.2.840.113556.1.4.1405
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: c458ca80-d34b-11d2-999a-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-AllowSnapshotFilesFTPDownloading
+ldapDisplayName: mS-SQL-AllowSnapshotFilesFTPDownloading
+attributeId: 1.2.840.113556.1.4.1406
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: c49b8be8-d34b-11d2-999a-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-AppleTalk
+ldapDisplayName: mS-SQL-AppleTalk
+attributeId: 1.2.840.113556.1.4.1378
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 8fda89f4-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Applications
+ldapDisplayName: mS-SQL-Applications
+attributeId: 1.2.840.113556.1.4.1400
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: fbcda2ea-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Build
+ldapDisplayName: mS-SQL-Build
+attributeId: 1.2.840.113556.1.4.1368
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 603e94c4-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-CharacterSet
+ldapDisplayName: mS-SQL-CharacterSet
+attributeId: 1.2.840.113556.1.4.1370
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 696177a6-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Clustered
+ldapDisplayName: mS-SQL-Clustered
+attributeId: 1.2.840.113556.1.4.1373
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 7778bd90-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-ConnectionURL
+ldapDisplayName: mS-SQL-ConnectionURL
+attributeId: 1.2.840.113556.1.4.1383
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a92d23da-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Contact
+ldapDisplayName: mS-SQL-Contact
+attributeId: 1.2.840.113556.1.4.1365
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 4f6cbdd8-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-CreationDate
+ldapDisplayName: mS-SQL-CreationDate
+attributeId: 1.2.840.113556.1.4.1397
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ede14754-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Database
+ldapDisplayName: mS-SQL-Database
+attributeId: 1.2.840.113556.1.4.1393
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: d5a0dbdc-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: fATTINDEX
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Description
+ldapDisplayName: mS-SQL-Description
+attributeId: 1.2.840.113556.1.4.1390
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 8386603c-ccef-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-GPSHeight
+ldapDisplayName: mS-SQL-GPSHeight
+attributeId: 1.2.840.113556.1.4.1387
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bcdd4f0e-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-GPSLatitude
+ldapDisplayName: mS-SQL-GPSLatitude
+attributeId: 1.2.840.113556.1.4.1385
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b222ba0e-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-GPSLongitude
+ldapDisplayName: mS-SQL-GPSLongitude
+attributeId: 1.2.840.113556.1.4.1386
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b7577c94-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-InformationDirectory
+ldapDisplayName: mS-SQL-InformationDirectory
+attributeId: 1.2.840.113556.1.4.1392
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: d0aedb2e-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-InformationURL
+ldapDisplayName: mS-SQL-InformationURL
+attributeId: 1.2.840.113556.1.4.1382
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a42cd510-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Keywords
+ldapDisplayName: mS-SQL-Keywords
+attributeId: 1.2.840.113556.1.4.1401
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 01e9a98a-ccef-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Language
+ldapDisplayName: mS-SQL-Language
+attributeId: 1.2.840.113556.1.4.1389
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: c57f72f4-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-LastBackupDate
+ldapDisplayName: mS-SQL-LastBackupDate
+attributeId: 1.2.840.113556.1.4.1398
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f2b6abca-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-LastDiagnosticDate
+ldapDisplayName: mS-SQL-LastDiagnosticDate
+attributeId: 1.2.840.113556.1.4.1399
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f6d6dd88-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-LastUpdatedDate
+ldapDisplayName: mS-SQL-LastUpdatedDate
+attributeId: 1.2.840.113556.1.4.1381
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 9fcc43d4-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Location
+ldapDisplayName: mS-SQL-Location
+attributeId: 1.2.840.113556.1.4.1366
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 561c9644-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Memory
+ldapDisplayName: mS-SQL-Memory
+attributeId: 1.2.840.113556.1.4.1367
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 5b5d448c-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-MultiProtocol
+ldapDisplayName: mS-SQL-MultiProtocol
+attributeId: 1.2.840.113556.1.4.1375
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 8157fa38-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Name
+ldapDisplayName: mS-SQL-Name
+attributeId: 1.2.840.113556.1.4.1363
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3532dfd8-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: fATTINDEX
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-NamedPipe
+ldapDisplayName: mS-SQL-NamedPipe
+attributeId: 1.2.840.113556.1.4.1374
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7b91c840-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-PublicationURL
+ldapDisplayName: mS-SQL-PublicationURL
+attributeId: 1.2.840.113556.1.4.1384
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ae0c11b8-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Publisher
+ldapDisplayName: mS-SQL-Publisher
+attributeId: 1.2.840.113556.1.4.1402
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: c1676858-d34b-11d2-999a-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-RegisteredOwner
+ldapDisplayName: mS-SQL-RegisteredOwner
+attributeId: 1.2.840.113556.1.4.1364
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 48fd44ea-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-ServiceAccount
+ldapDisplayName: mS-SQL-ServiceAccount
+attributeId: 1.2.840.113556.1.4.1369
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 64933a3e-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Size
+ldapDisplayName: mS-SQL-Size
+attributeId: 1.2.840.113556.1.4.1396
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: e9098084-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-SortOrder
+ldapDisplayName: mS-SQL-SortOrder
+attributeId: 1.2.840.113556.1.4.1371
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 6ddc42c0-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-SPX
+ldapDisplayName: mS-SQL-SPX
+attributeId: 1.2.840.113556.1.4.1376
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 86b08004-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Status
+ldapDisplayName: mS-SQL-Status
+attributeId: 1.2.840.113556.1.4.1380
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 9a7d4770-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-TCPIP
+ldapDisplayName: mS-SQL-TCPIP
+attributeId: 1.2.840.113556.1.4.1377
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 8ac263a6-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-ThirdParty
+ldapDisplayName: mS-SQL-ThirdParty
+attributeId: 1.2.840.113556.1.4.1407
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: c4e311fc-d34b-11d2-999a-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Type
+ldapDisplayName: mS-SQL-Type
+attributeId: 1.2.840.113556.1.4.1391
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ca48eba8-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-UnicodeSortOrder
+ldapDisplayName: mS-SQL-UnicodeSortOrder
+attributeId: 1.2.840.113556.1.4.1372
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 72dc918a-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Version
+ldapDisplayName: mS-SQL-Version
+attributeId: 1.2.840.113556.1.4.1388
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: c07cc1d0-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: fATTINDEX
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Vines
+ldapDisplayName: mS-SQL-Vines
+attributeId: 1.2.840.113556.1.4.1379
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 94c56394-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TAPI-Conference-Blob
+ldapDisplayName: msTAPI-ConferenceBlob
+attributeId: 1.2.840.113556.1.4.1700
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 4cc4601e-7201-4141-abc8-3e529ae88863
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TAPI-Ip-Address
+ldapDisplayName: msTAPI-IpAddress
+attributeId: 1.2.840.113556.1.4.1701
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: efd7d7f7-178e-4767-87fa-f8a16b840544
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TAPI-Protocol-Id
+ldapDisplayName: msTAPI-ProtocolId
+attributeId: 1.2.840.113556.1.4.1699
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 89c1ebcf-7a5f-41fd-99ca-c900b32299ab
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TAPI-Unique-Identifier
+ldapDisplayName: msTAPI-uid
+attributeId: 1.2.840.113556.1.4.1698
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 70a4e7ea-b3b9-4643-8918-e6dd2471bfd4
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 256
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TPM-OwnerInformation
+ldapDisplayName: msTPM-OwnerInformation
+attributeId: 1.2.840.113556.1.4.1966
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: aa4e1a6d-550d-4e05-8c35-4afcb917a9fe
+searchFlags: fPRESERVEONDELETE | fCOPY | fCONFIDENTIAL |fRODCFilteredAttribute
+rangeUpper: 128
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Allow-Logon
+ldapDisplayName: msTSAllowLogon
+attributeId: 1.2.840.113556.1.4.1979
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 3a0cd464-bc54-40e7-93ae-a646a6ecc4b4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Broken-Connection-Action
+ldapDisplayName: msTSBrokenConnectionAction
+attributeId: 1.2.840.113556.1.4.1985
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 1cf41bba-5604-463e-94d6-1a1287b72ca3
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Connect-Client-Drives
+ldapDisplayName: msTSConnectClientDrives
+attributeId: 1.2.840.113556.1.4.1986
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 23572aaf-29dd-44ea-b0fa-7e8438b9a4a3
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Connect-Printer-Drives
+ldapDisplayName: msTSConnectPrinterDrives
+attributeId: 1.2.840.113556.1.4.1987
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 8ce6a937-871b-4c92-b285-d99d4036681c
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Default-To-Main-Printer
+ldapDisplayName: msTSDefaultToMainPrinter
+attributeId: 1.2.840.113556.1.4.1988
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: c0ffe2bd-cacf-4dc7-88d5-61e9e95766f6
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-ExpireDate
+ldapDisplayName: msTSExpireDate
+attributeId: 1.2.840.113556.1.4.1993
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: 70004ef5-25c3-446a-97c8-996ae8566776
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: TRUE
+
+cn: MS-TS-ExpireDate2
+ldapDisplayName: msTSExpireDate2
+attributeId: 1.2.840.113556.1.4.2000
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: 54dfcf71-bc3f-4f0b-9d5a-4b2476bb8925
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: TRUE
+
+cn: MS-TS-ExpireDate3
+ldapDisplayName: msTSExpireDate3
+attributeId: 1.2.840.113556.1.4.2003
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: 41bc7f04-be72-4930-bd10-1f3439412387
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: TRUE
+
+cn: MS-TS-ExpireDate4
+ldapDisplayName: msTSExpireDate4
+attributeId: 1.2.840.113556.1.4.2006
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: 5e11dc43-204a-4faf-a008-6863621c6f5f
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: TRUE
+
+cn: ms-TS-Home-Directory
+ldapDisplayName: msTSHomeDirectory
+attributeId: 1.2.840.113556.1.4.1977
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 5d3510f0-c4e7-4122-b91f-a20add90e246
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Home-Drive
+ldapDisplayName: msTSHomeDrive
+attributeId: 1.2.840.113556.1.4.1978
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 5f0a24d9-dffa-4cd9-acbf-a0680c03731e
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Initial-Program
+ldapDisplayName: msTSInitialProgram
+attributeId: 1.2.840.113556.1.4.1990
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 9201ac6f-1d69-4dfb-802e-d95510109599
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-LicenseVersion
+ldapDisplayName: msTSLicenseVersion
+attributeId: 1.2.840.113556.1.4.1994
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 0ae94a89-372f-4df2-ae8a-c64a2bc47278
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-LicenseVersion2
+ldapDisplayName: msTSLicenseVersion2
+attributeId: 1.2.840.113556.1.4.2001
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 4b0df103-8d97-45d9-ad69-85c3080ba4e7
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 255
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-LicenseVersion3
+ldapDisplayName: msTSLicenseVersion3
+attributeId: 1.2.840.113556.1.4.2004
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f8ba8f81-4cab-4973-a3c8-3a6da62a5e31
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 255
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-LicenseVersion4
+ldapDisplayName: msTSLicenseVersion4
+attributeId: 1.2.840.113556.1.4.2007
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 70ca5d97-2304-490a-8a27-52678c8d2095
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 255
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TSLS-Property01
+ldapDisplayName: msTSLSProperty01
+attributeId: 1.2.840.113556.1.4.2009
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid: 87e53590-971d-4a52-955b-4794d15a84ae
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TSLS-Property02
+ldapDisplayName: msTSLSProperty02
+attributeId: 1.2.840.113556.1.4.2010
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid: 47c77bb0-316e-4e2f-97f1-0d4c48fca9dd
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-ManagingLS
+ldapDisplayName: msTSManagingLS
+attributeId: 1.2.840.113556.1.4.1995
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f3bcc547-85b0-432c-9ac0-304506bf2c83
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-ManagingLS2
+ldapDisplayName: msTSManagingLS2
+attributeId: 1.2.840.113556.1.4.2002
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+rangeLower: 0
+rangeUpper: 255
+schemaIdGuid: 349f0757-51bd-4fc8-9d66-3eceea8a25be
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-ManagingLS3
+ldapDisplayName: msTSManagingLS3
+attributeId: 1.2.840.113556.1.4.2005
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+rangeLower: 0
+rangeUpper: 255
+schemaIdGuid: fad5dcc1-2130-4c87-a118-75322cd67050
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-ManagingLS4
+ldapDisplayName: msTSManagingLS4
+attributeId: 1.2.840.113556.1.4.2008
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+rangeLower: 0
+rangeUpper: 255
+schemaIdGuid: f7a3b6a0-2107-4140-b306-75cb521731e5
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Max-Connection-Time
+ldapDisplayName: msTSMaxConnectionTime
+attributeId: 1.2.840.113556.1.4.1982
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1d960ee2-6464-4e95-a781-e3b5cd5f9588
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Max-Disconnection-Time
+ldapDisplayName: msTSMaxDisconnectionTime
+attributeId: 1.2.840.113556.1.4.1981
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 326f7089-53d8-4784-b814-46d8535110d2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Max-Idle-Time
+ldapDisplayName: msTSMaxIdleTime
+attributeId: 1.2.840.113556.1.4.1983
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ff739e9c-6bb7-460e-b221-e250f3de0f95
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Profile-Path
+ldapDisplayName: msTSProfilePath
+attributeId: 1.2.840.113556.1.4.1976
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: e65c30db-316c-4060-a3a0-387b083f09cd
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-Property01
+ldapDisplayName: msTSProperty01
+attributeId: 1.2.840.113556.1.4.1991
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: faaea977-9655-49d7-853d-f27bb7aaca0f
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-Property02
+ldapDisplayName: msTSProperty02
+attributeId: 1.2.840.113556.1.4.1992
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 3586f6ac-51b7-4978-ab42-f936463198e7
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Reconnection-Action
+ldapDisplayName: msTSReconnectionAction
+attributeId: 1.2.840.113556.1.4.1984
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 366ed7ca-3e18-4c7f-abae-351a01e4b4f7
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Remote-Control
+ldapDisplayName: msTSRemoteControl
+attributeId: 1.2.840.113556.1.4.1980
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 15177226-8642-468b-8c48-03ddfd004982
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Work-Directory
+ldapDisplayName: msTSWorkDirectory
+attributeId: 1.2.840.113556.1.4.1989
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a744f666-3d3c-4cc8-834b-9d4f6f687b8b
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Author
+ldapDisplayName: msWMI-Author
+attributeId: 1.2.840.113556.1.4.1623
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 6366c0c1-6972-4e66-b3a5-1d52ad0c0547
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-ChangeDate
+ldapDisplayName: msWMI-ChangeDate
+attributeId: 1.2.840.113556.1.4.1624
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f9cdf7a0-ec44-4937-a79b-cd91522b3aa8
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Class
+ldapDisplayName: msWMI-Class
+attributeId: 1.2.840.113556.1.4.1676
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 90c1925f-4a24-4b07-b202-be32eb3c8b74
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-ClassDefinition
+ldapDisplayName: msWMI-ClassDefinition
+attributeId: 1.2.840.113556.1.4.1625
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2b9c0ebc-c272-45cb-99d2-4d0e691632e0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-CreationDate
+ldapDisplayName: msWMI-CreationDate
+attributeId: 1.2.840.113556.1.4.1626
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 748b0a2e-3351-4b3f-b171-2f17414ea779
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Genus
+ldapDisplayName: msWMI-Genus
+attributeId: 1.2.840.113556.1.4.1677
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 50c8673a-8f56-4614-9308-9e1340fb9af3
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-ID
+ldapDisplayName: msWMI-ID
+attributeId: 1.2.840.113556.1.4.1627
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 9339a803-94b8-47f7-9123-a853b9ff7e45
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-int8Default
+ldapDisplayName: msWMI-Int8Default
+attributeId: 1.2.840.113556.1.4.1632
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: f4d8085a-8c5b-4785-959b-dc585566e445
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-int8Max
+ldapDisplayName: msWMI-Int8Max
+attributeId: 1.2.840.113556.1.4.1633
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: e3d8b547-003d-4946-a32b-dc7cedc96b74
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-int8Min
+ldapDisplayName: msWMI-Int8Min
+attributeId: 1.2.840.113556.1.4.1634
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: ed1489d1-54cc-4066-b368-a00daa2664f1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-int8ValidValues
+ldapDisplayName: msWMI-Int8ValidValues
+attributeId: 1.2.840.113556.1.4.1635
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: FALSE
+schemaIdGuid: 103519a9-c002-441b-981a-b0b3e012c803
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-intDefault
+ldapDisplayName: msWMI-IntDefault
+attributeId: 1.2.840.113556.1.4.1628
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1b0c07f8-76dd-4060-a1e1-70084619dc90
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-intFlags1
+ldapDisplayName: msWMI-intFlags1
+attributeId: 1.2.840.113556.1.4.1678
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 18e006b9-6445-48e3-9dcf-b5ecfbc4df8e
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-intFlags2
+ldapDisplayName: msWMI-intFlags2
+attributeId: 1.2.840.113556.1.4.1679
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 075a42c9-c55a-45b1-ac93-eb086b31f610
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-intFlags3
+ldapDisplayName: msWMI-intFlags3
+attributeId: 1.2.840.113556.1.4.1680
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: f29fa736-de09-4be4-b23a-e734c124bacc
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-intFlags4
+ldapDisplayName: msWMI-intFlags4
+attributeId: 1.2.840.113556.1.4.1681
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bd74a7ac-c493-4c9c-bdfa-5c7b119ca6b2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-intMax
+ldapDisplayName: msWMI-IntMax
+attributeId: 1.2.840.113556.1.4.1629
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: fb920c2c-f294-4426-8ac1-d24b42aa2bce
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-intMin
+ldapDisplayName: msWMI-IntMin
+attributeId: 1.2.840.113556.1.4.1630
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 68c2e3ba-9837-4c70-98e0-f0c33695d023
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-intValidValues
+ldapDisplayName: msWMI-IntValidValues
+attributeId: 1.2.840.113556.1.4.1631
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+schemaIdGuid: 6af565f6-a749-4b72-9634-3c5d47e6b4e0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Mof
+ldapDisplayName: msWMI-Mof
+attributeId: 1.2.840.113556.1.4.1638
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 6736809f-2064-443e-a145-81262b1f1366
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Name
+ldapDisplayName: msWMI-Name
+attributeId: 1.2.840.113556.1.4.1639
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: c6c8ace5-7e81-42af-ad72-77412c5941c4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-NormalizedClass
+ldapDisplayName: msWMI-NormalizedClass
+attributeId: 1.2.840.113556.1.4.1640
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: eaba628f-eb8e-4fe9-83fc-693be695559b
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Parm1
+ldapDisplayName: msWMI-Parm1
+attributeId: 1.2.840.113556.1.4.1682
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 27e81485-b1b0-4a8b-bedd-ce19a837e26e
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Parm2
+ldapDisplayName: msWMI-Parm2
+attributeId: 1.2.840.113556.1.4.1683
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 0003508e-9c42-4a76-a8f4-38bf64bab0de
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Parm3
+ldapDisplayName: msWMI-Parm3
+attributeId: 1.2.840.113556.1.4.1684
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 45958fb6-52bd-48ce-9f9f-c2712d9f2bfc
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Parm4
+ldapDisplayName: msWMI-Parm4
+attributeId: 1.2.840.113556.1.4.1685
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3800d5a3-f1ce-4b82-a59a-1528ea795f59
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-PropertyName
+ldapDisplayName: msWMI-PropertyName
+attributeId: 1.2.840.113556.1.4.1641
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ab920883-e7f8-4d72-b4a0-c0449897509d
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Query
+ldapDisplayName: msWMI-Query
+attributeId: 1.2.840.113556.1.4.1642
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 65fff93e-35e3-45a3-85ae-876c6718297f
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-QueryLanguage
+ldapDisplayName: msWMI-QueryLanguage
+attributeId: 1.2.840.113556.1.4.1643
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7d3cfa98-c17b-4254-8bd7-4de9b932a345
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-ScopeGuid
+ldapDisplayName: msWMI-ScopeGuid
+attributeId: 1.2.840.113556.1.4.1686
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 87b78d51-405f-4b7f-80ed-2bd28786f48d
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-SourceOrganization
+ldapDisplayName: msWMI-SourceOrganization
+attributeId: 1.2.840.113556.1.4.1644
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 34f7ed6c-615d-418d-aa00-549a7d7be03e
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-stringDefault
+ldapDisplayName: msWMI-StringDefault
+attributeId: 1.2.840.113556.1.4.1636
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 152e42b6-37c5-4f55-ab48-1606384a9aea
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-stringValidValues
+ldapDisplayName: msWMI-StringValidValues
+attributeId: 1.2.840.113556.1.4.1637
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 37609d31-a2bf-4b58-8f53-2b64e57a076d
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-TargetClass
+ldapDisplayName: msWMI-TargetClass
+attributeId: 1.2.840.113556.1.4.1645
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 95b6d8d6-c9e8-4661-a2bc-6a5cabc04c62
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-TargetNameSpace
+ldapDisplayName: msWMI-TargetNameSpace
+attributeId: 1.2.840.113556.1.4.1646
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1c4ab61f-3420-44e5-849d-8b5dbf60feb7
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-TargetObject
+ldapDisplayName: msWMI-TargetObject
+attributeId: 1.2.840.113556.1.4.1647
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: c44f67a5-7de5-4a1f-92d9-662b57364b77
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-TargetPath
+ldapDisplayName: msWMI-TargetPath
+attributeId: 1.2.840.113556.1.4.1648
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 5006a79a-6bfe-4561-9f52-13cf4dd3e560
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-TargetType
+ldapDisplayName: msWMI-TargetType
+attributeId: 1.2.840.113556.1.4.1649
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ca2a281e-262b-4ff7-b419-bc123352a4e9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Must-Contain
+ldapDisplayName: mustContain
+attributeId: 1.2.840.113556.1.2.24
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: bf9679d3-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Name-Service-Flags
+ldapDisplayName: nameServiceFlags
+attributeId: 1.2.840.113556.1.4.753
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 80212840-4bdc-11d1-a9c4-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NC-Name
+ldapDisplayName: nCName
+attributeId: 1.2.840.113556.1.2.16
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: bf9679d6-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: NETBIOS-Name
+ldapDisplayName: nETBIOSName
+attributeId: 1.2.840.113556.1.4.87
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf9679d8-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 1
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: netboot-Allow-New-Clients
+ldapDisplayName: netbootAllowNewClients
+attributeId: 1.2.840.113556.1.4.849
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 07383076-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-Answer-Only-Valid-Clients
+ldapDisplayName: netbootAnswerOnlyValidClients
+attributeId: 1.2.840.113556.1.4.854
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 0738307b-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-Answer-Requests
+ldapDisplayName: netbootAnswerRequests
+attributeId: 1.2.840.113556.1.4.853
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 0738307a-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-Current-Client-Count
+ldapDisplayName: netbootCurrentClientCount
+attributeId: 1.2.840.113556.1.4.852
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 07383079-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Netboot-GUID
+ldapDisplayName: netbootGUID
+attributeId: 1.2.840.113556.1.4.359
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 3e978921-8c01-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 16
+rangeUpper: 16
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Netboot-Initialization
+ldapDisplayName: netbootInitialization
+attributeId: 1.2.840.113556.1.4.358
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3e978920-8c01-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-IntelliMirror-OSes
+ldapDisplayName: netbootIntelliMirrorOSes
+attributeId: 1.2.840.113556.1.4.857
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0738307e-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-Limit-Clients
+ldapDisplayName: netbootLimitClients
+attributeId: 1.2.840.113556.1.4.850
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 07383077-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-Locally-Installed-OSes
+ldapDisplayName: netbootLocallyInstalledOSes
+attributeId: 1.2.840.113556.1.4.859
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 07383080-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Netboot-Machine-File-Path
+ldapDisplayName: netbootMachineFilePath
+attributeId: 1.2.840.113556.1.4.361
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3e978923-8c01-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-Max-Clients
+ldapDisplayName: netbootMaxClients
+attributeId: 1.2.840.113556.1.4.851
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 07383078-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Netboot-Mirror-Data-File
+ldapDisplayName: netbootMirrorDataFile
+attributeId: 1.2.840.113556.1.4.1241
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 2df90d85-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-New-Machine-Naming-Policy
+ldapDisplayName: netbootNewMachineNamingPolicy
+attributeId: 1.2.840.113556.1.4.855
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0738307c-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-New-Machine-OU
+ldapDisplayName: netbootNewMachineOU
+attributeId: 1.2.840.113556.1.4.856
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 0738307d-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-SCP-BL
+ldapDisplayName: netbootSCPBL
+attributeId: 1.2.840.113556.1.4.864
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 07383082-91df-11d1-aebc-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 101
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: netboot-Server
+ldapDisplayName: netbootServer
+attributeId: 1.2.840.113556.1.4.860
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 07383081-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 100
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Netboot-SIF-File
+ldapDisplayName: netbootSIFFile
+attributeId: 1.2.840.113556.1.4.1240
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 2df90d84-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-Tools
+ldapDisplayName: netbootTools
+attributeId: 1.2.840.113556.1.4.858
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0738307f-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Network-Address
+ldapDisplayName: networkAddress
+attributeId: 1.2.840.113556.1.2.459
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: FALSE
+schemaIdGuid: bf9679d9-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 256
+mapiID: 33136
+
+cn: Next-Level-Store
+ldapDisplayName: nextLevelStore
+attributeId: 1.2.840.113556.1.4.214
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: bf9679da-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Next-Rid
+ldapDisplayName: nextRid
+attributeId: 1.2.840.113556.1.4.88
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf9679db-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: NisMapEntry
+ldapDisplayName: nisMapEntry
+attributeId: 1.3.6.1.1.1.1.27
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: 4a95216e-fcc0-402e-b57f-5971626148a9
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: NisMapName
+ldapDisplayName: nisMapName
+attributeId: 1.3.6.1.1.1.1.26
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: 969d3c79-0e9a-4d95-b0ac-bdde7ff8f3a1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: NisNetgroupTriple
+ldapDisplayName: nisNetgroupTriple
+attributeId: 1.3.6.1.1.1.1.14
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: a8032e74-30ef-4ff5-affc-0fc217783fec
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 153600
+
+cn: Non-Security-Member
+ldapDisplayName: nonSecurityMember
+attributeId: 1.2.840.113556.1.4.530
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 52458018-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 50
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Non-Security-Member-BL
+ldapDisplayName: nonSecurityMemberBL
+attributeId: 1.2.840.113556.1.4.531
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 52458019-ca6a-11d0-afff-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 51
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: Notification-List
+ldapDisplayName: notificationList
+attributeId: 1.2.840.113556.1.4.303
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 19195a56-6da0-11d0-afd3-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NT-Group-Members
+ldapDisplayName: nTGroupMembers
+attributeId: 1.2.840.113556.1.4.89
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf9679df-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NT-Mixed-Domain
+ldapDisplayName: nTMixedDomain
+attributeId: 1.2.840.113556.1.4.357
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 3e97891f-8c01-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Nt-Pwd-History
+ldapDisplayName: ntPwdHistory
+attributeId: 1.2.840.113556.1.4.94
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf9679e2-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: NT-Security-Descriptor
+ldapDisplayName: nTSecurityDescriptor
+attributeId: 1.2.840.113556.1.2.281
+attributeSyntax: 2.5.5.15
+omSyntax: 66
+isSingleValued: TRUE
+schemaIdGuid: bf9679e3-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fPRESERVEONDELETE
+rangeLower: 0
+rangeUpper: 132096
+mapiID: 32787
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_OPERATIONAL |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Obj-Dist-Name
+ldapDisplayName: distinguishedName
+attributeId: 2.5.4.49
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: bf9679e4-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags:fPRESERVEONDELETE
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 32828
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Object-Category
+ldapDisplayName: objectCategory
+attributeId: 1.2.840.113556.1.4.782
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 26d97369-6070-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Object-Class
+ldapDisplayName: objectClass
+attributeId: 2.5.4.0
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: bf9679e5-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fATTINDEX | fPRESERVEONDELETE
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Object-Class-Category
+ldapDisplayName: objectClassCategory
+attributeId: 1.2.840.113556.1.2.370
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+schemaIdGuid: bf9679e6-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 3
+mapiID: 33014
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Object-Classes
+ldapDisplayName: objectClasses
+attributeId: 2.5.21.6
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad94b-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Object-Count
+ldapDisplayName: objectCount
+attributeId: 1.2.840.113556.1.4.506
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 34aaa216-b699-11d0-afee-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Object-Guid
+ldapDisplayName: objectGUID
+attributeId: 1.2.840.113556.1.4.2
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf9679e7-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE | fATTINDEX
+rangeLower: 16
+rangeUpper: 16
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 35949
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Object-Sid
+ldapDisplayName: objectSid
+attributeId: 1.2.840.113556.1.4.146
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf9679e8-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE | fATTINDEX
+rangeLower: 0
+rangeUpper: 28
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+mapiID: 32807
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Object-Version
+ldapDisplayName: objectVersion
+attributeId: 1.2.840.113556.1.2.76
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 16775848-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33015
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: OEM-Information
+ldapDisplayName: oEMInformation
+attributeId: 1.2.840.113556.1.4.151
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf9679ea-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+attributeSecurityGuid: b8119fd0-04f6-4762-ab7a-4986c76b3f9a
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: OM-Object-Class
+ldapDisplayName: oMObjectClass
+attributeId: 1.2.840.113556.1.2.218
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf9679ec-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 33021
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: OM-Syntax
+ldapDisplayName: oMSyntax
+attributeId: 1.2.840.113556.1.2.231
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf9679ed-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE
+mapiID: 33022
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: OMT-Guid
+ldapDisplayName: oMTGuid
+attributeId: 1.2.840.113556.1.4.505
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: ddac0cf3-af8f-11d0-afeb-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: OMT-Indx-Guid
+ldapDisplayName: oMTIndxGuid
+attributeId: 1.2.840.113556.1.4.333
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 1f0075fa-7e40-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: OncRpcNumber
+ldapDisplayName: oncRpcNumber
+attributeId: 1.3.6.1.1.1.1.18
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 966825f5-01d9-4a5c-a011-d15ae84efa55
+systemOnly: FALSE
+searchFlags: 0
+
+cn: Operating-System
+ldapDisplayName: operatingSystem
+attributeId: 1.2.840.113556.1.4.363
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3e978925-8c01-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Operating-System-Hotfix
+ldapDisplayName: operatingSystemHotfix
+attributeId: 1.2.840.113556.1.4.415
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bd951b3c-9c96-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Operating-System-Service-Pack
+ldapDisplayName: operatingSystemServicePack
+attributeId: 1.2.840.113556.1.4.365
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3e978927-8c01-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Operating-System-Version
+ldapDisplayName: operatingSystemVersion
+attributeId: 1.2.840.113556.1.4.364
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3e978926-8c01-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Operator-Count
+ldapDisplayName: operatorCount
+attributeId: 1.2.840.113556.1.4.144
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf9679ee-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Option-Description
+ldapDisplayName: optionDescription
+attributeId: 1.2.840.113556.1.4.712
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 963d274d-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Options
+ldapDisplayName: options
+attributeId: 1.2.840.113556.1.4.307
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 19195a53-6da0-11d0-afd3-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Options-Location
+ldapDisplayName: optionsLocation
+attributeId: 1.2.840.113556.1.4.713
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: 963d274e-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: organizationalStatus
+ldapDisplayName: organizationalStatus
+attributeId: 0.9.2342.19200300.100.1.45
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 28596019-7349-4d2f-adff-5a629961f942
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: Organizational-Unit-Name
+ldapDisplayName: ou
+attributeId: 2.5.4.11
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf9679f0-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 33026
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Organization-Name
+ldapDisplayName: o
+attributeId: 2.5.4.10
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf9679ef-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 33025
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Original-Display-Table
+ldapDisplayName: originalDisplayTable
+attributeId: 1.2.840.113556.1.2.445
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5fd424ce-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+mapiID: 33027
+
+cn: Original-Display-Table-MSDOS
+ldapDisplayName: originalDisplayTableMSDOS
+attributeId: 1.2.840.113556.1.2.214
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5fd424cf-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+mapiID: 33028
+
+cn: Other-Login-Workstations
+ldapDisplayName: otherLoginWorkstations
+attributeId: 1.2.840.113556.1.4.91
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf9679f1-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 0
+rangeUpper: 1024
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Other-Mailbox
+ldapDisplayName: otherMailbox
+attributeId: 1.2.840.113556.1.4.651
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0296c123-40da-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+
+cn: Other-Name
+ldapDisplayName: middleName
+attributeId: 2.16.840.1.113730.3.1.34
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf9679f2-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 64
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Other-Well-Known-Objects
+ldapDisplayName: otherWellKnownObjects
+attributeId: 1.2.840.113556.1.4.1359
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.11
+isSingleValued: FALSE
+schemaIdGuid: 1ea64e5d-ac0f-11d2-90df-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Owner
+ldapDisplayName: owner
+attributeId: 2.5.4.32
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: bf9679f3-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+linkID: 44
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Package-Flags
+ldapDisplayName: packageFlags
+attributeId: 1.2.840.113556.1.4.327
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7d6c0e99-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Package-Name
+ldapDisplayName: packageName
+attributeId: 1.2.840.113556.1.4.326
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7d6c0e98-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Package-Type
+ldapDisplayName: packageType
+attributeId: 1.2.840.113556.1.4.324
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7d6c0e96-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Parent-CA
+ldapDisplayName: parentCA
+attributeId: 1.2.840.113556.1.4.557
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 5245801b-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Parent-CA-Certificate-Chain
+ldapDisplayName: parentCACertificateChain
+attributeId: 1.2.840.113556.1.4.685
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 963d2733-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Parent-GUID
+ldapDisplayName: parentGUID
+attributeId: 1.2.840.113556.1.4.1224
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 2df90d74-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Partial-Attribute-Deletion-List
+ldapDisplayName: partialAttributeDeletionList
+attributeId: 1.2.840.113556.1.4.663
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 28630ec0-41d5-11d1-a9c1-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Partial-Attribute-Set
+ldapDisplayName: partialAttributeSet
+attributeId: 1.2.840.113556.1.4.640
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 19405b9e-3cfa-11d1-a9c0-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Pek-Key-Change-Interval
+ldapDisplayName: pekKeyChangeInterval
+attributeId: 1.2.840.113556.1.4.866
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 07383084-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Pek-List
+ldapDisplayName: pekList
+attributeId: 1.2.840.113556.1.4.865
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 07383083-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Pending-CA-Certificates
+ldapDisplayName: pendingCACertificates
+attributeId: 1.2.840.113556.1.4.693
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 963d273c-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Pending-Parent-CA
+ldapDisplayName: pendingParentCA
+attributeId: 1.2.840.113556.1.4.695
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 963d273e-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Per-Msg-Dialog-Display-Table
+ldapDisplayName: perMsgDialogDisplayTable
+attributeId: 1.2.840.113556.1.2.325
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5fd424d3-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+mapiID: 33032
+
+cn: Per-Recip-Dialog-Display-Table
+ldapDisplayName: perRecipDialogDisplayTable
+attributeId: 1.2.840.113556.1.2.326
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5fd424d4-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+mapiID: 33033
+
+cn: Personal-Title
+ldapDisplayName: personalTitle
+attributeId: 1.2.840.113556.1.2.615
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 16775858-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 35947
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-Fax-Other
+ldapDisplayName: otherFacsimileTelephoneNumber
+attributeId: 1.2.840.113556.1.4.646
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0296c11d-40da-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-Home-Other
+ldapDisplayName: otherHomePhone
+attributeId: 1.2.840.113556.1.2.277
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f0f8ffa2-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14895
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-Home-Primary
+ldapDisplayName: homePhone
+attributeId: 0.9.2342.19200300.100.1.20
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f0f8ffa1-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14857
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-Ip-Other
+ldapDisplayName: otherIpPhone
+attributeId: 1.2.840.113556.1.4.722
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 4d146e4b-48d4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-Ip-Primary
+ldapDisplayName: ipPhone
+attributeId: 1.2.840.113556.1.4.721
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 4d146e4a-48d4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-ISDN-Primary
+ldapDisplayName: primaryInternationalISDNNumber
+attributeId: 1.2.840.113556.1.4.649
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 0296c11f-40da-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-Mobile-Other
+ldapDisplayName: otherMobile
+attributeId: 1.2.840.113556.1.4.647
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0296c11e-40da-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-Mobile-Primary
+ldapDisplayName: mobile
+attributeId: 0.9.2342.19200300.100.1.41
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f0f8ffa3-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14876
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-Office-Other
+ldapDisplayName: otherTelephone
+attributeId: 1.2.840.113556.1.2.18
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f0f8ffa5-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14875
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-Pager-Other
+ldapDisplayName: otherPager
+attributeId: 1.2.840.113556.1.2.118
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f0f8ffa4-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 35950
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-Pager-Primary
+ldapDisplayName: pager
+attributeId: 0.9.2342.19200300.100.1.42
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f0f8ffa6-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14881
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: photo
+ldapDisplayName: photo
+attributeId: 0.9.2342.19200300.100.1.7
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 9c979768-ba1a-4c08-9632-c6a5c1ed649a
+systemOnly: FALSE
+searchFlags: 0
+
+cn: Physical-Delivery-Office-Name
+ldapDisplayName: physicalDeliveryOfficeName
+attributeId: 2.5.4.19
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf9679f7-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fANR | fATTINDEX
+rangeLower: 1
+rangeUpper: 128
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14873
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Physical-Location-Object
+ldapDisplayName: physicalLocationObject
+attributeId: 1.2.840.113556.1.4.514
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: b7b13119-b82e-11d0-afee-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Picture
+ldapDisplayName: thumbnailPhoto
+attributeId: 2.16.840.1.113730.3.1.35
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 8d3bca50-1d7e-11d0-a081-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 102400
+mapiId: 35998
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Critical-Extensions
+ldapDisplayName: pKICriticalExtensions
+attributeId: 1.2.840.113556.1.4.1330
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: fc5a9106-3b9d-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Default-CSPs
+ldapDisplayName: pKIDefaultCSPs
+attributeId: 1.2.840.113556.1.4.1334
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 1ef6336e-3b9e-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Default-Key-Spec
+ldapDisplayName: pKIDefaultKeySpec
+attributeId: 1.2.840.113556.1.4.1327
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 426cae6e-3b9d-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Enrollment-Access
+ldapDisplayName: pKIEnrollmentAccess
+attributeId: 1.2.840.113556.1.4.1335
+attributeSyntax: 2.5.5.15
+omSyntax: 66
+isSingleValued: FALSE
+schemaIdGuid: 926be278-56f9-11d2-90d0-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Expiration-Period
+ldapDisplayName: pKIExpirationPeriod
+attributeId: 1.2.840.113556.1.4.1331
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 041570d2-3b9e-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Extended-Key-Usage
+ldapDisplayName: pKIExtendedKeyUsage
+attributeId: 1.2.840.113556.1.4.1333
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 18976af6-3b9e-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Key-Usage
+ldapDisplayName: pKIKeyUsage
+attributeId: 1.2.840.113556.1.4.1328
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: e9b0a87e-3b9d-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Max-Issuing-Depth
+ldapDisplayName: pKIMaxIssuingDepth
+attributeId: 1.2.840.113556.1.4.1329
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: f0bfdefa-3b9d-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Overlap-Period
+ldapDisplayName: pKIOverlapPeriod
+attributeId: 1.2.840.113556.1.4.1332
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 1219a3ec-3b9e-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKT
+ldapDisplayName: pKT
+attributeId: 1.2.840.113556.1.4.206
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 8447f9f1-1027-11d0-a05f-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10485760
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKT-Guid
+ldapDisplayName: pKTGuid
+attributeId: 1.2.840.113556.1.4.205
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 8447f9f0-1027-11d0-a05f-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Policy-Replication-Flags
+ldapDisplayName: policyReplicationFlags
+attributeId: 1.2.840.113556.1.4.633
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 19405b96-3cfa-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Port-Name
+ldapDisplayName: portName
+attributeId: 1.2.840.113556.1.4.228
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 281416c4-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Possible-Inferiors
+ldapDisplayName: possibleInferiors
+attributeId: 1.2.840.113556.1.4.915
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad94c-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Poss-Superiors
+ldapDisplayName: possSuperiors
+attributeId: 1.2.840.113556.1.2.8
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: bf9679fa-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Postal-Address
+ldapDisplayName: postalAddress
+attributeId: 2.5.4.16
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf9679fc-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 4096
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 33036
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Postal-Code
+ldapDisplayName: postalCode
+attributeId: 2.5.4.17
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf9679fd-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 40
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14890
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Post-Office-Box
+ldapDisplayName: postOfficeBox
+attributeId: 2.5.4.18
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf9679fb-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 40
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14891
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Preferred-Delivery-Method
+ldapDisplayName: preferredDeliveryMethod
+attributeId: 2.5.4.28
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: FALSE
+schemaIdGuid: bf9679fe-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 33037
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: preferredLanguage
+ldapDisplayName: preferredLanguage
+attributeId: 2.16.840.1.113730.3.1.39
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 856be0d0-18e7-46e1-8f5f-7ee4d9020e0d
+systemOnly: FALSE
+searchFlags: 0
+
+cn: Preferred-OU
+ldapDisplayName: preferredOU
+attributeId: 1.2.840.113556.1.4.97
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: bf9679ff-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Prefix-Map
+ldapDisplayName: prefixMap
+attributeId: 1.2.840.113556.1.4.538
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 52458022-ca6a-11d0-afff-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Presentation-Address
+ldapDisplayName: presentationAddress
+attributeId: 2.5.4.29
+attributeSyntax: 2.5.5.13
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.732
+isSingleValued: TRUE
+schemaIdGuid: a8df744b-c5ea-11d1-bbcb-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Previous-CA-Certificates
+ldapDisplayName: previousCACertificates
+attributeId: 1.2.840.113556.1.4.692
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 963d2739-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Previous-Parent-CA
+ldapDisplayName: previousParentCA
+attributeId: 1.2.840.113556.1.4.694
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 963d273d-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Primary-Group-ID
+ldapDisplayName: primaryGroupID
+attributeId: 1.2.840.113556.1.4.98
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a00-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY| fATTINDEX
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Primary-Group-Token
+ldapDisplayName: primaryGroupToken
+attributeId: 1.2.840.113556.1.4.1412
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: c0ed8738-7efd-4481-84d9-66d2db8be369
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Print-Attributes
+ldapDisplayName: printAttributes
+attributeId: 1.2.840.113556.1.4.247
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 281416d7-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Bin-Names
+ldapDisplayName: printBinNames
+attributeId: 1.2.840.113556.1.4.237
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 281416cd-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Collate
+ldapDisplayName: printCollate
+attributeId: 1.2.840.113556.1.4.242
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 281416d2-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Color
+ldapDisplayName: printColor
+attributeId: 1.2.840.113556.1.4.243
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 281416d3-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Duplex-Supported
+ldapDisplayName: printDuplexSupported
+attributeId: 1.2.840.113556.1.4.1311
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 281416cc-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-End-Time
+ldapDisplayName: printEndTime
+attributeId: 1.2.840.113556.1.4.234
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 281416ca-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Printer-Name
+ldapDisplayName: printerName
+attributeId: 1.2.840.113556.1.4.300
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 244b296e-5abd-11d0-afd2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Form-Name
+ldapDisplayName: printFormName
+attributeId: 1.2.840.113556.1.4.235
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 281416cb-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Keep-Printed-Jobs
+ldapDisplayName: printKeepPrintedJobs
+attributeId: 1.2.840.113556.1.4.275
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: ba305f6d-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Language
+ldapDisplayName: printLanguage
+attributeId: 1.2.840.113556.1.4.246
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 281416d6-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-MAC-Address
+ldapDisplayName: printMACAddress
+attributeId: 1.2.840.113556.1.4.288
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ba305f7a-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Max-Copies
+ldapDisplayName: printMaxCopies
+attributeId: 1.2.840.113556.1.4.241
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 281416d1-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Max-Resolution-Supported
+ldapDisplayName: printMaxResolutionSupported
+attributeId: 1.2.840.113556.1.4.238
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 281416cf-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Max-X-Extent
+ldapDisplayName: printMaxXExtent
+attributeId: 1.2.840.113556.1.4.277
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ba305f6f-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Max-Y-Extent
+ldapDisplayName: printMaxYExtent
+attributeId: 1.2.840.113556.1.4.278
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ba305f70-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Media-Ready
+ldapDisplayName: printMediaReady
+attributeId: 1.2.840.113556.1.4.289
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 3bcbfcf5-4d3d-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Media-Supported
+ldapDisplayName: printMediaSupported
+attributeId: 1.2.840.113556.1.4.299
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 244b296f-5abd-11d0-afd2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Memory
+ldapDisplayName: printMemory
+attributeId: 1.2.840.113556.1.4.282
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ba305f74-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Min-X-Extent
+ldapDisplayName: printMinXExtent
+attributeId: 1.2.840.113556.1.4.279
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ba305f71-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Min-Y-Extent
+ldapDisplayName: printMinYExtent
+attributeId: 1.2.840.113556.1.4.280
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ba305f72-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Network-Address
+ldapDisplayName: printNetworkAddress
+attributeId: 1.2.840.113556.1.4.287
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ba305f79-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Notify
+ldapDisplayName: printNotify
+attributeId: 1.2.840.113556.1.4.272
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ba305f6a-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Number-Up
+ldapDisplayName: printNumberUp
+attributeId: 1.2.840.113556.1.4.290
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 3bcbfcf4-4d3d-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Orientations-Supported
+ldapDisplayName: printOrientationsSupported
+attributeId: 1.2.840.113556.1.4.240
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 281416d0-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Owner
+ldapDisplayName: printOwner
+attributeId: 1.2.840.113556.1.4.271
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ba305f69-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Pages-Per-Minute
+ldapDisplayName: printPagesPerMinute
+attributeId: 1.2.840.113556.1.4.631
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 19405b97-3cfa-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Rate
+ldapDisplayName: printRate
+attributeId: 1.2.840.113556.1.4.285
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ba305f77-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Rate-Unit
+ldapDisplayName: printRateUnit
+attributeId: 1.2.840.113556.1.4.286
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ba305f78-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Separator-File
+ldapDisplayName: printSeparatorFile
+attributeId: 1.2.840.113556.1.4.230
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 281416c6-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Share-Name
+ldapDisplayName: printShareName
+attributeId: 1.2.840.113556.1.4.270
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: ba305f68-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Spooling
+ldapDisplayName: printSpooling
+attributeId: 1.2.840.113556.1.4.274
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ba305f6c-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Stapling-Supported
+ldapDisplayName: printStaplingSupported
+attributeId: 1.2.840.113556.1.4.281
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: ba305f73-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Start-Time
+ldapDisplayName: printStartTime
+attributeId: 1.2.840.113556.1.4.233
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 281416c9-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Status
+ldapDisplayName: printStatus
+attributeId: 1.2.840.113556.1.4.273
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ba305f6b-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Priority
+ldapDisplayName: priority
+attributeId: 1.2.840.113556.1.4.231
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 281416c7-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Prior-Set-Time
+ldapDisplayName: priorSetTime
+attributeId: 1.2.840.113556.1.4.99
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967a01-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Prior-Value
+ldapDisplayName: priorValue
+attributeId: 1.2.840.113556.1.4.100
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967a02-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Private-Key
+ldapDisplayName: privateKey
+attributeId: 1.2.840.113556.1.4.101
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967a03-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Privilege-Attributes
+ldapDisplayName: privilegeAttributes
+attributeId: 1.2.840.113556.1.4.636
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 19405b9a-3cfa-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Privilege-Display-Name
+ldapDisplayName: privilegeDisplayName
+attributeId: 1.2.840.113556.1.4.634
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 19405b98-3cfa-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Privilege-Holder
+ldapDisplayName: privilegeHolder
+attributeId: 1.2.840.113556.1.4.637
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 19405b9b-3cfa-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 70
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Privilege-Value
+ldapDisplayName: privilegeValue
+attributeId: 1.2.840.113556.1.4.635
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 19405b99-3cfa-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Product-Code
+ldapDisplayName: productCode
+attributeId: 1.2.840.113556.1.4.818
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: d9e18317-8939-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Profile-Path
+ldapDisplayName: profilePath
+attributeId: 1.2.840.113556.1.4.139
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a05-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Proxied-Object-Name
+ldapDisplayName: proxiedObjectName
+attributeId: 1.2.840.113556.1.4.1249
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.11
+isSingleValued: TRUE
+schemaIdGuid: e1aea402-cd5b-11d0-afff-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Proxy-Addresses
+ldapDisplayName: proxyAddresses
+attributeId: 1.2.840.113556.1.2.210
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf967a06-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fANR | fATTINDEX
+rangeLower: 1
+rangeUpper: 1123
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 32783
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Proxy-Generation-Enabled
+ldapDisplayName: proxyGenerationEnabled
+attributeId: 1.2.840.113556.1.2.523
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 5fd424d6-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33201
+
+cn: Proxy-Lifetime
+ldapDisplayName: proxyLifetime
+attributeId: 1.2.840.113556.1.4.103
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967a07-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Public-Key-Policy
+ldapDisplayName: publicKeyPolicy
+attributeId: 1.2.840.113556.1.4.420
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 80a67e28-9f22-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: a29b89fd-c7e8-11d0-9bae-00c04fd92ef5
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Purported-Search
+ldapDisplayName: purportedSearch
+attributeId: 1.2.840.113556.1.4.886
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b4b54e50-943a-11d1-aebd-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Pwd-History-Length
+ldapDisplayName: pwdHistoryLength
+attributeId: 1.2.840.113556.1.4.95
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a09-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65535
+attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Pwd-Last-Set
+ldapDisplayName: pwdLastSet
+attributeId: 1.2.840.113556.1.4.96
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967a0a-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 4c164200-20c0-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Pwd-Properties
+ldapDisplayName: pwdProperties
+attributeId: 1.2.840.113556.1.4.93
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a0b-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Quality-Of-Service
+ldapDisplayName: qualityOfService
+attributeId: 1.2.840.113556.1.4.458
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 80a67e4e-9f22-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: a29b8a01-c7e8-11d0-9bae-00c04fd92ef5
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Query-Filter
+ldapDisplayName: queryFilter
+attributeId: 1.2.840.113556.1.4.1355
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: cbf70a26-7e78-11d2-9921-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: QueryPoint
+ldapDisplayName: queryPoint
+attributeId: 1.2.840.113556.1.4.680
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7bfdcb86-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Query-Policy-BL
+ldapDisplayName: queryPolicyBL
+attributeId: 1.2.840.113556.1.4.608
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: e1aea404-cd5b-11d0-afff-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 69
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: Query-Policy-Object
+ldapDisplayName: queryPolicyObject
+attributeId: 1.2.840.113556.1.4.607
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: e1aea403-cd5b-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 68
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Range-Lower
+ldapDisplayName: rangeLower
+attributeId: 1.2.840.113556.1.2.34
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a0c-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33043
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Range-Upper
+ldapDisplayName: rangeUpper
+attributeId: 1.2.840.113556.1.2.35
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a0d-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33044
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: RDN
+ldapDisplayName: name
+attributeId: 1.2.840.113556.1.4.1
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a0e-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE| fANR | fATTINDEX
+rangeLower: 1
+rangeUpper: 255
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 33282
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: RDN-Att-ID
+ldapDisplayName: rDNAttID
+attributeId: 1.2.840.113556.1.2.26
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: TRUE
+schemaIdGuid: bf967a0f-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Registered-Address
+ldapDisplayName: registeredAddress
+attributeId: 2.5.4.26
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967a10-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 4096
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 33049
+
+cn: Remote-Server-Name
+ldapDisplayName: remoteServerName
+attributeId: 1.2.840.113556.1.4.105
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf967a12-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Remote-Source
+ldapDisplayName: remoteSource
+attributeId: 1.2.840.113556.1.4.107
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a14-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 1024
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Remote-Source-Type
+ldapDisplayName: remoteSourceType
+attributeId: 1.2.840.113556.1.4.108
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a15-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Remote-Storage-GUID
+ldapDisplayName: remoteStorageGUID
+attributeId: 1.2.840.113556.1.4.809
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2a39c5b0-8960-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Replica-Source
+ldapDisplayName: replicaSource
+attributeId: 1.2.840.113556.1.4.109
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a18-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Repl-Interval
+ldapDisplayName: replInterval
+attributeId: 1.2.840.113556.1.4.1336
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 45ba9d1a-56fa-11d2-90d0-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Repl-Property-Meta-Data
+ldapDisplayName: replPropertyMetaData
+attributeId: 1.2.840.113556.1.4.3
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 281416c0-1968-11d0-a28f-00aa003049e2
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_OPERATIONAL |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Repl-Topology-Stay-Of-Execution
+ldapDisplayName: replTopologyStayOfExecution
+attributeId: 1.2.840.113556.1.4.677
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7bfdcb83-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Repl-UpToDate-Vector
+ldapDisplayName: replUpToDateVector
+attributeId: 1.2.840.113556.1.4.4
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967a16-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Reports
+ldapDisplayName: directReports
+attributeId: 1.2.840.113556.1.2.436
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: bf967a1c-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+linkID: 43
+mapiID: 32782
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: Reps-From
+ldapDisplayName: repsFrom
+attributeId: 1.2.840.113556.1.2.91
+attributeSyntax: 2.5.5.10
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.6
+isSingleValued: FALSE
+schemaIdGuid: bf967a1d-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Reps-To
+ldapDisplayName: repsTo
+attributeId: 1.2.840.113556.1.2.83
+attributeSyntax: 2.5.5.10
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.6
+isSingleValued: FALSE
+schemaIdGuid: bf967a1e-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Required-Categories
+ldapDisplayName: requiredCategories
+attributeId: 1.2.840.113556.1.4.321
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 7d6c0e93-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Retired-Repl-DSA-Signatures
+ldapDisplayName: retiredReplDSASignatures
+attributeId: 1.2.840.113556.1.4.673
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 7bfdcb7f-4807-11d1-a9c3-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Revision
+ldapDisplayName: revision
+attributeId: 1.2.840.113556.1.4.145
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a21-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Rid
+ldapDisplayName: rid
+attributeId: 1.2.840.113556.1.4.153
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a22-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: RID-Allocation-Pool
+ldapDisplayName: rIDAllocationPool
+attributeId: 1.2.840.113556.1.4.371
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 66171889-8f3c-11d0-afda-00c04fd930c9
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: RID-Available-Pool
+ldapDisplayName: rIDAvailablePool
+attributeId: 1.2.840.113556.1.4.370
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 66171888-8f3c-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: RID-Manager-Reference
+ldapDisplayName: rIDManagerReference
+attributeId: 1.2.840.113556.1.4.368
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 66171886-8f3c-11d0-afda-00c04fd930c9
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: RID-Next-RID
+ldapDisplayName: rIDNextRID
+attributeId: 1.2.840.113556.1.4.374
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 6617188c-8f3c-11d0-afda-00c04fd930c9
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: RID-Previous-Allocation-Pool
+ldapDisplayName: rIDPreviousAllocationPool
+attributeId: 1.2.840.113556.1.4.372
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 6617188a-8f3c-11d0-afda-00c04fd930c9
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: RID-Set-References
+ldapDisplayName: rIDSetReferences
+attributeId: 1.2.840.113556.1.4.669
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 7bfdcb7b-4807-11d1-a9c3-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: RID-Used-Pool
+ldapDisplayName: rIDUsedPool
+attributeId: 1.2.840.113556.1.4.373
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 6617188b-8f3c-11d0-afda-00c04fd930c9
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Rights-Guid
+ldapDisplayName: rightsGuid
+attributeId: 1.2.840.113556.1.4.340
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 8297931c-86d3-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 36
+rangeUpper: 36
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Role-Occupant
+ldapDisplayName: roleOccupant
+attributeId: 2.5.4.33
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: a8df7465-c5ea-11d1-bbcb-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33061
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: roomNumber
+ldapDisplayName: roomNumber
+attributeId: 0.9.2342.19200300.100.1.6
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 81d7f8c2-e327-4a0d-91c6-b42d4009115f
+systemOnly: FALSE
+searchFlags: 0
+
+cn: Root-Trust
+ldapDisplayName: rootTrust
+attributeId: 1.2.840.113556.1.4.674
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 7bfdcb80-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: rpc-Ns-Annotation
+ldapDisplayName: rpcNsAnnotation
+attributeId: 1.2.840.113556.1.4.366
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 88611bde-8cf4-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Ns-Bindings
+ldapDisplayName: rpcNsBindings
+attributeId: 1.2.840.113556.1.4.113
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf967a23-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Ns-Codeset
+ldapDisplayName: rpcNsCodeset
+attributeId: 1.2.840.113556.1.4.367
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7a0ba0e0-8e98-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Ns-Entry-Flags
+ldapDisplayName: rpcNsEntryFlags
+attributeId: 1.2.840.113556.1.4.754
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 80212841-4bdc-11d1-a9c4-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Ns-Group
+ldapDisplayName: rpcNsGroup
+attributeId: 1.2.840.113556.1.4.114
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf967a24-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Ns-Interface-ID
+ldapDisplayName: rpcNsInterfaceID
+attributeId: 1.2.840.113556.1.4.115
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a25-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Ns-Object-ID
+ldapDisplayName: rpcNsObjectID
+attributeId: 1.2.840.113556.1.4.312
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 29401c48-7a27-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Ns-Priority
+ldapDisplayName: rpcNsPriority
+attributeId: 1.2.840.113556.1.4.117
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+schemaIdGuid: bf967a27-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Ns-Profile-Entry
+ldapDisplayName: rpcNsProfileEntry
+attributeId: 1.2.840.113556.1.4.118
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a28-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Ns-Transfer-Syntax
+ldapDisplayName: rpcNsTransferSyntax
+attributeId: 1.2.840.113556.1.4.314
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 29401c4a-7a27-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: SAM-Account-Name
+ldapDisplayName: sAMAccountName
+attributeId: 1.2.840.113556.1.4.221
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3e0abfd0-126a-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: fPRESERVEONDELETE| fANR | fATTINDEX
+rangeLower: 0
+rangeUpper: 256
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: SAM-Account-Type
+ldapDisplayName: sAMAccountType
+attributeId: 1.2.840.113556.1.4.302
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 6e7b626c-64f2-11d0-afd2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: SAM-Domain-Updates
+ldapDisplayName: samDomainUpdates
+attributeId: 1.2.840.113556.1.4.1969
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 04d2d114-f799-4e9b-bcdc-90e8f5ba7ebe
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Schedule
+ldapDisplayName: schedule
+attributeId: 1.2.840.113556.1.4.211
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: dd712224-10e4-11d0-a05f-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Schema-Flags-Ex
+ldapDisplayName: schemaFlagsEx
+attributeId: 1.2.840.113556.1.4.120
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a2b-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Schema-ID-GUID
+ldapDisplayName: schemaIDGUID
+attributeId: 1.2.840.113556.1.4.148
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967923-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Schema-Info
+ldapDisplayName: schemaInfo
+attributeId: 1.2.840.113556.1.4.1358
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: f9fb64ae-93b4-11d2-9945-0000f87a57d4
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Schema-Update
+ldapDisplayName: schemaUpdate
+attributeId: 1.2.840.113556.1.4.481
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: 1e2d06b4-ac8f-11d0-afe3-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: Schema-Version
+ldapDisplayName: schemaVersion
+attributeId: 1.2.840.113556.1.2.471
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+schemaIdGuid: bf967a2c-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33148
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Scope-Flags
+ldapDisplayName: scopeFlags
+attributeId: 1.2.840.113556.1.4.1354
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 16f3a4c2-7e79-11d2-9921-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Script-Path
+ldapDisplayName: scriptPath
+attributeId: 1.2.840.113556.1.4.62
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf9679a8-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: SD-Rights-Effective
+ldapDisplayName: sDRightsEffective
+attributeId: 1.2.840.113556.1.4.1304
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: c3dbafa6-33df-11d2-98b2-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Search-Flags
+ldapDisplayName: searchFlags
+attributeId: 1.2.840.113556.1.2.334
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+schemaIdGuid: bf967a2d-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+mapiID: 33069
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Search-Guide
+ldapDisplayName: searchGuide
+attributeId: 2.5.4.14
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967a2e-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33070
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: secretary
+ldapDisplayName: secretary
+attributeId: 0.9.2342.19200300.100.1.21
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 01072d9a-98ad-4a53-9744-e83e287278fb
+systemOnly: FALSE
+searchFlags: 0
+
+cn: Security-Identifier
+ldapDisplayName: securityIdentifier
+attributeId: 1.2.840.113556.1.4.121
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967a2f-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: See-Also
+ldapDisplayName: seeAlso
+attributeId: 2.5.4.34
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: bf967a31-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33071
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Seq-Notification
+ldapDisplayName: seqNotification
+attributeId: 1.2.840.113556.1.4.504
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ddac0cf2-af8f-11d0-afeb-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Serial-Number
+ldapDisplayName: serialNumber
+attributeId: 2.5.4.5
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: bf967a32-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+mapiID: 33072
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Server-Name
+ldapDisplayName: serverName
+attributeId: 1.2.840.113556.1.4.223
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 09dcb7a0-165f-11d0-a064-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 1024
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Server-Reference
+ldapDisplayName: serverReference
+attributeId: 1.2.840.113556.1.4.515
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 26d9736d-6070-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 94
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Server-Reference-BL
+ldapDisplayName: serverReferenceBL
+attributeId: 1.2.840.113556.1.4.516
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 26d9736e-6070-11d1-a9c6-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 95
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Server-Role
+ldapDisplayName: serverRole
+attributeId: 1.2.840.113556.1.4.157
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a33-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: b8119fd0-04f6-4762-ab7a-4986c76b3f9a
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Server-State
+ldapDisplayName: serverState
+attributeId: 1.2.840.113556.1.4.154
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a34-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: b8119fd0-04f6-4762-ab7a-4986c76b3f9a
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Service-Binding-Information
+ldapDisplayName: serviceBindingInformation
+attributeId: 1.2.840.113556.1.4.510
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: b7b1311c-b82e-11d0-afee-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-Class-ID
+ldapDisplayName: serviceClassID
+attributeId: 1.2.840.113556.1.4.122
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967a35-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-Class-Info
+ldapDisplayName: serviceClassInfo
+attributeId: 1.2.840.113556.1.4.123
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967a36-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-Class-Name
+ldapDisplayName: serviceClassName
+attributeId: 1.2.840.113556.1.4.509
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b7b1311d-b82e-11d0-afee-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-DNS-Name
+ldapDisplayName: serviceDNSName
+attributeId: 1.2.840.113556.1.4.657
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 28630eb8-41d5-11d1-a9c1-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-DNS-Name-Type
+ldapDisplayName: serviceDNSNameType
+attributeId: 1.2.840.113556.1.4.659
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 28630eba-41d5-11d1-a9c1-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-Instance-Version
+ldapDisplayName: serviceInstanceVersion
+attributeId: 1.2.840.113556.1.4.199
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967a37-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 8
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-Principal-Name
+ldapDisplayName: servicePrincipalName
+attributeId: 1.2.840.113556.1.4.771
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f3a64788-5306-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Setup-Command
+ldapDisplayName: setupCommand
+attributeId: 1.2.840.113556.1.4.325
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7d6c0e97-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ShadowExpire
+ldapDisplayName: shadowExpire
+attributeId: 1.3.6.1.1.1.1.10
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 75159a00-1fff-4cf4-8bff-4ef2695cf643
+systemOnly: FALSE
+searchFlags: 0
+
+cn: ShadowFlag
+ldapDisplayName: shadowFlag
+attributeId: 1.3.6.1.1.1.1.11
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 8dfeb70d-c5db-46b6-b15e-a4389e6cee9b
+systemOnly: FALSE
+searchFlags: 0
+
+cn: ShadowInactive
+ldapDisplayName: shadowInactive
+attributeId: 1.3.6.1.1.1.1.9
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 86871d1f-3310-4312-8efd-af49dcfb2671
+systemOnly: FALSE
+searchFlags: 0
+
+cn: ShadowLastChange
+ldapDisplayName: shadowLastChange
+attributeId: 1.3.6.1.1.1.1.5
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: f8f2689c-29e8-4843-8177-e8b98e15eeac
+systemOnly: FALSE
+searchFlags: 0
+
+cn: ShadowMax
+ldapDisplayName: shadowMax
+attributeId: 1.3.6.1.1.1.1.7
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: f285c952-50dd-449e-9160-3b880d99988d
+systemOnly: FALSE
+searchFlags: 0
+
+cn: ShadowMin
+ldapDisplayName: shadowMin
+attributeId: 1.3.6.1.1.1.1.6
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: a76b8737-e5a1-4568-b057-dc12e04be4b2
+systemOnly: FALSE
+searchFlags: 0
+
+cn: ShadowWarning
+ldapDisplayName: shadowWarning
+attributeId: 1.3.6.1.1.1.1.8
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7ae89c9c-2976-4a46-bb8a-340f88560117
+systemOnly: FALSE
+searchFlags: 0
+
+cn: Shell-Context-Menu
+ldapDisplayName: shellContextMenu
+attributeId: 1.2.840.113556.1.4.615
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 553fd039-f32e-11d0-b0bc-00c04fd8dca6
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Shell-Property-Pages
+ldapDisplayName: shellPropertyPages
+attributeId: 1.2.840.113556.1.4.563
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 52458039-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Short-Server-Name
+ldapDisplayName: shortServerName
+attributeId: 1.2.840.113556.1.4.1209
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 45b01501-c419-11d1-bbc9-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Show-In-Address-Book
+ldapDisplayName: showInAddressBook
+attributeId: 1.2.840.113556.1.4.644
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 3e74f60e-3e73-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Show-In-Advanced-View-Only
+ldapDisplayName: showInAdvancedViewOnly
+attributeId: 1.2.840.113556.1.2.169
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: bf967984-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY| fATTINDEX
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: SID-History
+ldapDisplayName: sIDHistory
+attributeId: 1.2.840.113556.1.4.609
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 17eb4278-d167-11d0-b002-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Signature-Algorithms
+ldapDisplayName: signatureAlgorithms
+attributeId: 1.2.840.113556.1.4.824
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2a39c5b2-8960-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Site-GUID
+ldapDisplayName: siteGUID
+attributeId: 1.2.840.113556.1.4.362
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 3e978924-8c01-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Site-Link-List
+ldapDisplayName: siteLinkList
+attributeId: 1.2.840.113556.1.4.822
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: d50c2cdd-8951-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 142
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Site-List
+ldapDisplayName: siteList
+attributeId: 1.2.840.113556.1.4.821
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: d50c2cdc-8951-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 144
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Site-Object
+ldapDisplayName: siteObject
+attributeId: 1.2.840.113556.1.4.512
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 3e10944c-c354-11d0-aff8-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 46
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Site-Object-BL
+ldapDisplayName: siteObjectBL
+attributeId: 1.2.840.113556.1.4.513
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 3e10944d-c354-11d0-aff8-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 47
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: Site-Server
+ldapDisplayName: siteServer
+attributeId: 1.2.840.113556.1.4.494
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 1be8f17c-a9ff-11d0-afe2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: SMTP-Mail-Address
+ldapDisplayName: mailAddress
+attributeId: 1.2.840.113556.1.4.786
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 26d9736f-6070-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: SPN-Mappings
+ldapDisplayName: sPNMappings
+attributeId: 1.2.840.113556.1.4.1347
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 2ab0e76c-7041-11d2-9905-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: State-Or-Province-Name
+ldapDisplayName: st
+attributeId: 2.5.4.8
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a39-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 128
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14888
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Street-Address
+ldapDisplayName: street
+attributeId: 2.5.4.9
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a3a-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 1024
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 33082
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Structural-Object-Class
+ldapDisplayName: structuralObjectClass
+attributeId: 2.5.21.9
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: 3860949f-f6a8-4b38-9950-81ecb6bc2982
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Sub-Class-Of
+ldapDisplayName: subClassOf
+attributeId: 1.2.840.113556.1.2.21
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: TRUE
+schemaIdGuid: bf967a3b-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Sub-Refs
+ldapDisplayName: subRefs
+attributeId: 1.2.840.113556.1.2.7
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: bf967a3c-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 33083
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: SubSchemaSubEntry
+ldapDisplayName: subSchemaSubEntry
+attributeId: 2.5.18.10
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad94d-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Superior-DNS-Root
+ldapDisplayName: superiorDNSRoot
+attributeId: 1.2.840.113556.1.4.532
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 5245801d-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Super-Scope-Description
+ldapDisplayName: superScopeDescription
+attributeId: 1.2.840.113556.1.4.711
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 963d274c-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Super-Scopes
+ldapDisplayName: superScopes
+attributeId: 1.2.840.113556.1.4.710
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: 963d274b-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Supplemental-Credentials
+ldapDisplayName: supplementalCredentials
+attributeId: 1.2.840.113556.1.4.125
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967a3f-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Supported-Application-Context
+ldapDisplayName: supportedApplicationContext
+attributeId: 2.5.4.30
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 1677588f-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33085
+
+cn: Surname
+ldapDisplayName: sn
+attributeId: 2.5.4.4
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a41-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fANR | fATTINDEX
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14865
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Sync-Attributes
+ldapDisplayName: syncAttributes
+attributeId: 1.2.840.113556.1.4.666
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 037651e4-441d-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Sync-Membership
+ldapDisplayName: syncMembership
+attributeId: 1.2.840.113556.1.4.665
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 037651e3-441d-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 78
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Sync-With-Object
+ldapDisplayName: syncWithObject
+attributeId: 1.2.840.113556.1.4.664
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 037651e2-441d-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Sync-With-SID
+ldapDisplayName: syncWithSID
+attributeId: 1.2.840.113556.1.4.667
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 037651e5-441d-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: System-Auxiliary-Class
+ldapDisplayName: systemAuxiliaryClass
+attributeId: 1.2.840.113556.1.4.198
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: bf967a43-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: System-Flags
+ldapDisplayName: systemFlags
+attributeId: 1.2.840.113556.1.4.375
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: e0fa1e62-9b45-11d0-afdd-00c04fd930c9
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: System-May-Contain
+ldapDisplayName: systemMayContain
+attributeId: 1.2.840.113556.1.4.196
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: bf967a44-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: System-Must-Contain
+ldapDisplayName: systemMustContain
+attributeId: 1.2.840.113556.1.4.197
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: bf967a45-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: System-Only
+ldapDisplayName: systemOnly
+attributeId: 1.2.840.113556.1.4.170
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: bf967a46-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: System-Poss-Superiors
+ldapDisplayName: systemPossSuperiors
+attributeId: 1.2.840.113556.1.4.195
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: bf967a47-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Telephone-Number
+ldapDisplayName: telephoneNumber
+attributeId: 2.5.4.20
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a49-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14856
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Teletex-Terminal-Identifier
+ldapDisplayName: teletexTerminalIdentifier
+attributeId: 2.5.4.22
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967a4a-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 33091
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Telex-Number
+ldapDisplayName: telexNumber
+attributeId: 2.5.4.21
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967a4b-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14892
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Telex-Primary
+ldapDisplayName: primaryTelexNumber
+attributeId: 1.2.840.113556.1.4.648
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 0296c121-40da-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Template-Roots
+ldapDisplayName: templateRoots
+attributeId: 1.2.840.113556.1.4.1346
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: ed9de9a0-7041-11d2-9905-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Template-Roots2
+ldapDisplayName: templateRoots2
+attributeId: 1.2.840.113556.1.4.2048
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+linkId: 2126
+schemaIdGuid: b1cba91a-0682-4362-a659-153e201ef069
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Terminal-Server
+ldapDisplayName: terminalServer
+attributeId: 1.2.840.113556.1.4.885
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 6db69a1c-9422-11d1-aebd-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeUpper: 20480
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Text-Country
+ldapDisplayName: co
+attributeId: 1.2.840.113556.1.2.131
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f0f8ffa7-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 128
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14886
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Text-Encoded-OR-Address
+ldapDisplayName: textEncodedORAddress
+attributeId: 0.9.2342.19200300.100.1.2
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a8df7489-c5ea-11d1-bbcb-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 1024
+mapiID: 35969
+
+cn: Time-Refresh
+ldapDisplayName: timeRefresh
+attributeId: 1.2.840.113556.1.4.503
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: ddac0cf1-af8f-11d0-afeb-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Time-Vol-Change
+ldapDisplayName: timeVolChange
+attributeId: 1.2.840.113556.1.4.502
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: ddac0cf0-af8f-11d0-afeb-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Title
+ldapDisplayName: title
+attributeId: 2.5.4.12
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a55-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 128
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14871
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Token-Groups
+ldapDisplayName: tokenGroups
+attributeId: 1.2.840.113556.1.4.1301
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: b7c69e6d-2cc7-11d2-854e-00a0c983f608
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Token-Groups-Global-And-Universal
+ldapDisplayName: tokenGroupsGlobalAndUniversal
+attributeId: 1.2.840.113556.1.4.1418
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 46a9b11d-60ae-405a-b7e8-ff8a58d456d2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Token-Groups-No-GC-Acceptable
+ldapDisplayName: tokenGroupsNoGCAcceptable
+attributeId: 1.2.840.113556.1.4.1303
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 040fc392-33df-11d2-98b2-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Tombstone-Lifetime
+ldapDisplayName: tombstoneLifetime
+attributeId: 1.2.840.113556.1.2.54
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 16c3a860-1273-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33093
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Transport-Address-Attribute
+ldapDisplayName: transportAddressAttribute
+attributeId: 1.2.840.113556.1.4.895
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: TRUE
+schemaIdGuid: c1dc867c-a261-11d1-b606-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Transport-DLL-Name
+ldapDisplayName: transportDLLName
+attributeId: 1.2.840.113556.1.4.789
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 26d97372-6070-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 1024
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Transport-Type
+ldapDisplayName: transportType
+attributeId: 1.2.840.113556.1.4.791
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 26d97374-6070-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Treat-As-Leaf
+ldapDisplayName: treatAsLeaf
+attributeId: 1.2.840.113556.1.4.806
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 8fd044e3-771f-11d1-aeae-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Tree-Name
+ldapDisplayName: treeName
+attributeId: 1.2.840.113556.1.4.660
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 28630ebd-41d5-11d1-a9c1-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Trust-Attributes
+ldapDisplayName: trustAttributes
+attributeId: 1.2.840.113556.1.4.470
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 80a67e5a-9f22-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Trust-Auth-Incoming
+ldapDisplayName: trustAuthIncoming
+attributeId: 1.2.840.113556.1.4.129
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967a59-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Trust-Auth-Outgoing
+ldapDisplayName: trustAuthOutgoing
+attributeId: 1.2.840.113556.1.4.135
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967a5f-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Trust-Direction
+ldapDisplayName: trustDirection
+attributeId: 1.2.840.113556.1.4.132
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a5c-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Trust-Parent
+ldapDisplayName: trustParent
+attributeId: 1.2.840.113556.1.4.471
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: b000ea7a-a086-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Trust-Partner
+ldapDisplayName: trustPartner
+attributeId: 1.2.840.113556.1.4.133
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a5d-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 1
+rangeUpper: 1024
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Trust-Posix-Offset
+ldapDisplayName: trustPosixOffset
+attributeId: 1.2.840.113556.1.4.134
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a5e-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Trust-Type
+ldapDisplayName: trustType
+attributeId: 1.2.840.113556.1.4.136
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a60-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: UAS-Compat
+ldapDisplayName: uASCompat
+attributeId: 1.2.840.113556.1.4.155
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a61-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: b8119fd0-04f6-4762-ab7a-4986c76b3f9a
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: uid
+ldapDisplayName: uid
+attributeId: 0.9.2342.19200300.100.1.1
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0bb0fca0-1e89-429f-901a-1413894d9f59
+systemOnly: FALSE
+searchFlags: fPRESERVEONDELETE
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+
+cn: UidNumber
+ldapDisplayName: uidNumber
+attributeId: 1.3.6.1.1.1.1.0
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 850fcc8f-9c6b-47e1-b671-7c654be4d5b3
+systemOnly: FALSE
+searchFlags: fATTINDEX
+
+cn: UNC-Name
+ldapDisplayName: uNCName
+attributeId: 1.2.840.113556.1.4.137
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a64-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Unicode-Pwd
+ldapDisplayName: unicodePwd
+attributeId: 1.2.840.113556.1.4.90
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf9679e1-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: uniqueIdentifier
+ldapDisplayName: uniqueIdentifier
+attributeId: 0.9.2342.19200300.100.1.44
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: ba0184c7-38c5-4bed-a526-75421470580c
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: uniqueMember
+ldapDisplayName: uniqueMember
+attributeId: 2.5.4.50
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 8f888726-f80a-44d7-b1ee-cb9df21392c8
+systemOnly: FALSE
+searchFlags: 0
+
+cn: UnixHomeDirectory
+ldapDisplayName: unixHomeDirectory
+attributeId: 1.3.6.1.1.1.1.3
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: bc2dba12-000f-464d-bf1d-0808465d8843
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 2048
+
+cn: UnixUserPassword
+ldapDisplayName: unixUserPassword
+attributeId: 1.2.840.113556.1.4.1910
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 612cb747-c0e8-4f92-9221-fdd5f15b550d
+systemOnly: FALSE
+searchFlags:fCONFIDENTIAL
+rangeLower: 1
+rangeUpper: 128
+
+cn: unstructuredAddress
+ldapDisplayName: unstructuredAddress
+attributeId: 1.2.840.113549.1.9.8
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 50950839-cc4c-4491-863a-fcf942d684b7
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 256
+
+cn: unstructuredName
+ldapDisplayName: unstructuredName
+attributeId: 1.2.840.113549.1.9.2
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 9c8ef177-41cf-45c9-9673-7716c0c8901b
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 256
+
+cn: Upgrade-Product-Code
+ldapDisplayName: upgradeProductCode
+attributeId: 1.2.840.113556.1.4.813
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: d9e18312-8939-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: UPN-Suffixes
+ldapDisplayName: uPNSuffixes
+attributeId: 1.2.840.113556.1.4.890
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 032160bf-9824-11d1-aec0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: User-Account-Control
+ldapDisplayName: userAccountControl
+attributeId: 1.2.840.113556.1.4.8
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a68-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY| fPRESERVEONDELETE | fATTINDEX
+attributeSecurityGuid: 4c164200-20c0-11d0-a768-00aa006e0529
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: User-Cert
+ldapDisplayName: userCert
+attributeId: 1.2.840.113556.1.4.645
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967a69-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14882
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: userClass
+ldapDisplayName: userClass
+attributeId: 0.9.2342.19200300.100.1.8
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 11732a8a-e14d-4cc5-b92f-d93f51c6d8e4
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: User-Comment
+ldapDisplayName: comment
+attributeId: 1.2.840.113556.1.4.156
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a6a-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: User-Parameters
+ldapDisplayName: userParameters
+attributeId: 1.2.840.113556.1.4.138
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a6d-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+attributeSecurityGuid: 4c164200-20c0-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: User-Password
+ldapDisplayName: userPassword
+attributeId: 2.5.4.35
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967a6e-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 128
+mapiID: 33107
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: userPKCS12
+ldapDisplayName: userPKCS12
+attributeId: 2.16.840.1.113730.3.1.216
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 23998ab5-70f8-4007-a4c1-a84a38311f9a
+systemOnly: FALSE
+searchFlags: 0
+
+cn: User-Principal-Name
+ldapDisplayName: userPrincipalName
+attributeId: 1.2.840.113556.1.4.656
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 28630ebb-41d5-11d1-a9c1-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeUpper: 1024
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: User-Shared-Folder
+ldapDisplayName: userSharedFolder
+attributeId: 1.2.840.113556.1.4.751
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 9a9a021f-4a5b-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: User-Shared-Folder-Other
+ldapDisplayName: userSharedFolderOther
+attributeId: 1.2.840.113556.1.4.752
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9a9a0220-4a5b-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: User-SMIME-Certificate
+ldapDisplayName: userSMIMECertificate
+attributeId: 2.16.840.1.113730.3.140
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: e16a9db2-403c-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 32768
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14960
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: User-Workstations
+ldapDisplayName: userWorkstations
+attributeId: 1.2.840.113556.1.4.86
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf9679d7-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 0
+rangeUpper: 1024
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: USN-Changed
+ldapDisplayName: uSNChanged
+attributeId: 1.2.840.113556.1.2.120
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967a6f-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE | fATTINDEX
+mapiID: 32809
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: USN-Created
+ldapDisplayName: uSNCreated
+attributeId: 1.2.840.113556.1.2.19
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967a70-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE | fATTINDEX
+mapiID: 33108
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: USN-DSA-Last-Obj-Removed
+ldapDisplayName: uSNDSALastObjRemoved
+attributeId: 1.2.840.113556.1.2.267
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967a71-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 33109
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: USN-Intersite
+ldapDisplayName: USNIntersite
+attributeId: 1.2.840.113556.1.2.469
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: a8df7498-c5ea-11d1-bbcb-0080c76670c0
+systemOnly: FALSE
+searchFlags: fATTINDEX
+mapiID: 33146
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: USN-Last-Obj-Rem
+ldapDisplayName: uSNLastObjRem
+attributeId: 1.2.840.113556.1.2.121
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967a73-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 33110
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: USN-Source
+ldapDisplayName: uSNSource
+attributeId: 1.2.840.113556.1.4.896
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 167758ad-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33111
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Valid-Accesses
+ldapDisplayName: validAccesses
+attributeId: 1.2.840.113556.1.4.1356
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 4d2fa380-7f54-11d2-992a-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Vendor
+ldapDisplayName: vendor
+attributeId: 1.2.840.113556.1.4.255
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 281416df-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 512
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Version-Number
+ldapDisplayName: versionNumber
+attributeId: 1.2.840.113556.1.4.141
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a76-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Version-Number-Hi
+ldapDisplayName: versionNumberHi
+attributeId: 1.2.840.113556.1.4.328
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7d6c0e9a-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Version-Number-Lo
+ldapDisplayName: versionNumberLo
+attributeId: 1.2.840.113556.1.4.329
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7d6c0e9b-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Vol-Table-GUID
+ldapDisplayName: volTableGUID
+attributeId: 1.2.840.113556.1.4.336
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 1f0075fd-7e40-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Vol-Table-Idx-GUID
+ldapDisplayName: volTableIdxGUID
+attributeId: 1.2.840.113556.1.4.334
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 1f0075fb-7e40-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Volume-Count
+ldapDisplayName: volumeCount
+attributeId: 1.2.840.113556.1.4.507
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 34aaa217-b699-11d0-afee-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Wbem-Path
+ldapDisplayName: wbemPath
+attributeId: 1.2.840.113556.1.4.301
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 244b2970-5abd-11d0-afd2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Well-Known-Objects
+ldapDisplayName: wellKnownObjects
+attributeId: 1.2.840.113556.1.4.618
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.11
+isSingleValued: FALSE
+schemaIdGuid: 05308983-7688-11d1-aded-00c04fd8d5cd
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: When-Changed
+ldapDisplayName: whenChanged
+attributeId: 1.2.840.113556.1.2.3
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: bf967a77-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 12296
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: When-Created
+ldapDisplayName: whenCreated
+attributeId: 1.2.840.113556.1.2.2
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: bf967a78-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 12295
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Winsock-Addresses
+ldapDisplayName: winsockAddresses
+attributeId: 1.2.840.113556.1.4.142
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967a79-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: WWW-Home-Page
+ldapDisplayName: wWWHomePage
+attributeId: 1.2.840.113556.1.2.464
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a7a-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 2048
+attributeSecurityGuid: e45795b3-9455-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: WWW-Page-Other
+ldapDisplayName: url
+attributeId: 1.2.840.113556.1.4.749
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9a9a0221-4a5b-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: e45795b3-9455-11d1-aebd-0000f80367c1
+mapiID: 33141
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: X121-Address
+ldapDisplayName: x121Address
+attributeId: 2.5.4.24
+attributeSyntax: 2.5.5.6
+omSyntax: 18
+isSingleValued: FALSE
+schemaIdGuid: bf967a7b-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 15
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 33112
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: x500uniqueIdentifier
+ldapDisplayName: x500uniqueIdentifier
+attributeId: 2.5.4.45
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: d07da11f-8a3d-42b6-b0aa-76c962be719a
+systemOnly: FALSE
+searchFlags: 0
+
+cn: X509-Cert
+ldapDisplayName: userCertificate
+attributeId: 2.5.4.36
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967a7f-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 32768
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 35946
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
diff --git a/source4/setup/ad-schema/MS-AD_Schema_2K8_Classes.txt b/source4/setup/ad-schema/MS-AD_Schema_2K8_Classes.txt
new file mode 100644
index 0000000..f60b7bd
--- /dev/null
+++ b/source4/setup/ad-schema/MS-AD_Schema_2K8_Classes.txt
@@ -0,0 +1,3473 @@
+#Intellectual Property Rights Notice for Protocol Documentation
+#•	Copyrights. This protocol documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you may make copies of it in order to develop implementations of the protocols, and may distribute portions of it in your implementations of the protocols or your documentation as necessary to properly document the implementation. You may also distribute in your implementation, with or without modification, any schema, IDL’s, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the protocol documentation. 
+#•	No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation. 
+#•	Patents. Microsoft has patents that may cover your implementations of the protocols. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, the protocols may be covered by Microsoft’s Open Specification Promise (available here: http://www.microsoft.com/interop/osp). If you would prefer a written license, or if the protocols are not covered by the OSP, patent licenses are available by contacting protocol@microsoft.com. 
+#•	Trademarks. The names of companies and products contained in this documentation may be covered by trademarks or similar intellectual property rights. This notice does not grant any licenses under those rights. 
+#Reservation of Rights. All other rights are reserved, and this notice does not grant any rights other than specifically described above, whether by implication, estoppel, or otherwise. 
+#Tools. This protocol documentation is intended for use in conjunction with publicly available standard specifications and network programming art, and assumes that the reader either is familiar with the aforementioned material or has immediate access to it. A protocol specification does not require the use of Microsoft programming tools or programming environments in order for you to develop an implementation. If you have access to Microsoft programming tools and environments you are free to take advantage of them.
+#
+
+
+cn: account
+ldapDisplayName: account
+governsId: 0.9.2342.19200300.100.4.5
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: uid, host, ou, o, l, seeAlso, description
+possSuperiors: organizationalUnit, container
+schemaIdGuid:2628a46a-a6ad-4ae0-b854-2b12d9fe6f9e
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=account,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ACS-Policy
+ldapDisplayName: aCSPolicy
+governsId: 1.2.840.113556.1.5.137
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: aCSTotalNoOfFlows, aCSTimeOfDay, aCSServiceType,aCSPriority, aCSPermissionBits, aCSMinimumDelayVariation,aCSMinimumLatency, aCSMaximumSDUSize, aCSMinimumPolicedSize,aCSMaxTokenRatePerFlow, aCSMaxTokenBucketPerFlow,aCSMaxPeakBandwidthPerFlow, aCSMaxDurationPerFlow,aCSMaxAggregatePeakRatePerUser, aCSIdentityName, aCSDirection,aCSAggregateTokenRatePerUser
+systemPossSuperiors: container
+schemaIdGuid:7f561288-5301-11d1-a9c5-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ACS-Policy,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Resource-Limits
+ldapDisplayName: aCSResourceLimits
+governsId: 1.2.840.113556.1.5.191
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: aCSMaxTokenRatePerFlow, aCSServiceType,aCSMaxPeakBandwidthPerFlow, aCSMaxPeakBandwidth,aCSAllocableRSVPBandwidth
+systemPossSuperiors: container
+schemaIdGuid:2e899b04-2834-11d3-91d4-0000f87a57d4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ACS-Resource-Limits,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Subnet
+ldapDisplayName: aCSSubnet
+governsId: 1.2.840.113556.1.5.138
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: aCSServerList, aCSRSVPLogFilesLocation,aCSRSVPAccountFilesLocation, aCSNonReservedTxSize,aCSNonReservedTxLimit, aCSNonReservedTokenSize,aCSNonReservedPeakRate, aCSNonReservedMinPolicedSize,aCSNonReservedMaxSDUSize, aCSMaxTokenRatePerFlow,aCSMaxSizeOfRSVPLogFile, aCSMaxSizeOfRSVPAccountFile,aCSMaxPeakBandwidthPerFlow, aCSMaxPeakBandwidth, aCSMaxNoOfLogFiles,aCSMaxNoOfAccountFiles, aCSMaxDurationPerFlow, aCSEventLogLevel,aCSEnableRSVPMessageLogging, aCSEnableRSVPAccounting,aCSEnableACSService, aCSDSBMRefresh, aCSDSBMPriority,aCSDSBMDeadTime, aCSCacheTimeout, aCSAllocableRSVPBandwidth
+systemPossSuperiors: container
+schemaIdGuid:7f561289-5301-11d1-a9c5-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ACS-Subnet,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Address-Book-Container
+ldapDisplayName: addressBookContainer
+governsId: 1.2.840.113556.1.5.125
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: displayName
+systemMayContain: purportedSearch
+systemPossSuperiors: addressBookContainer, configuration
+schemaIdGuid:3e74f60f-3e73-11d1-a9c0-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(OA;;CR;a1990816-4298-11d1-ade2-00c04fd8d5cd;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Address-Book-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Address-Template
+ldapDisplayName: addressTemplate
+governsId: 1.2.840.113556.1.3.58
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: displayTemplate
+systemMustContain: displayName
+systemMayContain: proxyGenerationEnabled, perRecipDialogDisplayTable,perMsgDialogDisplayTable, addressType, addressSyntax
+systemPossSuperiors: container
+schemaIdGuid:5fd4250a-1262-11d0-a060-00aa006c33ed
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Address-Template,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Application-Entity
+ldapDisplayName: applicationEntity
+governsId: 2.5.6.12
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: presentationAddress, cn
+systemMayContain: supportedApplicationContext, seeAlso, ou, o, l
+systemPossSuperiors: applicationProcess, organizationalUnit,container
+schemaIdGuid:3fdfee4f-47f4-11d1-a9c3-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Application-Entity,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Application-Process
+ldapDisplayName: applicationProcess
+governsId: 2.5.6.11
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+systemMayContain: seeAlso, ou, l
+systemPossSuperiors: organizationalUnit, organization, container,computer
+schemaIdGuid:5fd4250b-1262-11d0-a060-00aa006c33ed
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=Application-Process,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Application-Settings
+ldapDisplayName: applicationSettings
+governsId: 1.2.840.113556.1.5.7000.49
+objectClassCategory: 2
+rdnAttId: cn
+subClassOf: top
+systemMayContain: notificationList, msDS-Settings, applicationName
+systemPossSuperiors: server
+schemaIdGuid:f780acc1-56f0-11d1-a9c6-0000f80367c1
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Application-Settings,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Application-Site-Settings
+ldapDisplayName: applicationSiteSettings
+governsId: 1.2.840.113556.1.5.68
+objectClassCategory: 2
+rdnAttId: cn
+subClassOf: top
+systemMayContain: notificationList, applicationName
+systemPossSuperiors: site
+schemaIdGuid:19195a5c-6da0-11d0-afd3-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Application-Site-Settings,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Application-Version
+ldapDisplayName: applicationVersion
+governsId: 1.2.840.113556.1.5.216
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: applicationSettings
+mayContain: owner, managedBy, keywords, versionNumberLo,versionNumberHi, versionNumber, vendor, appSchemaVersion
+possSuperiors: organizationalUnit, computer, container
+schemaIdGuid:ddc790ac-af4d-442a-8f0f-a1d4caa7dd92
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Application-Version,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Attribute-Schema
+ldapDisplayName: attributeSchema
+governsId: 1.2.840.113556.1.3.14
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: schemaIDGUID, oMSyntax, lDAPDisplayName,isSingleValued, cn, attributeSyntax, attributeID
+systemMayContain: systemOnly, searchFlags, schemaFlagsEx, rangeUpper,rangeLower, oMObjectClass, msDs-Schema-Extensions, msDS-IntId,mAPIID, linkID, isMemberOfPartialAttributeSet, isEphemeral,isDefunct, extendedCharsAllowed, classDisplayName,attributeSecurityGUID
+systemPossSuperiors: dMD
+schemaIdGuid:bf967a80-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:S:
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_DOMAIN_DISALLOW_RENAME
+
+cn: BootableDevice
+ldapDisplayName: bootableDevice
+governsId: 1.3.6.1.1.1.2.12
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+mayContain: cn, bootParameter, bootFile
+schemaIdGuid:4bcb2477-4bb3-4545-a9fc-fb66e136b435
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=BootableDevice,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Builtin-Domain
+ldapDisplayName: builtinDomain
+governsId: 1.2.840.113556.1.5.4
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemAuxiliaryClass: samDomainBase
+systemPossSuperiors: domainDNS
+schemaIdGuid:bf967a81-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Builtin-Domain,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Category-Registration
+ldapDisplayName: categoryRegistration
+governsId: 1.2.840.113556.1.5.74
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: leaf
+systemMayContain: managedBy, localizedDescription, localeID,categoryId
+systemPossSuperiors: classStore
+schemaIdGuid:7d6c0e9d-7e20-11d0-afd6-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Category-Registration,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Certification-Authority
+ldapDisplayName: certificationAuthority
+governsId: 2.5.6.16
+objectClassCategory: 0
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn, certificateRevocationList, cACertificate,authorityRevocationList
+systemMayContain: teletexTerminalIdentifier,supportedApplicationContext, signatureAlgorithms, searchGuide,previousParentCA, previousCACertificates, pendingParentCA,pendingCACertificates, parentCACertificateChain, parentCA,enrollmentProviders, domainPolicyObject, domainID, dNSHostName,deltaRevocationList, currentParentCA, crossCertificatePair,cRLObject, certificateTemplates, cAWEBURL, cAUsages, cAConnect,cACertificateDN
+systemPossSuperiors: container
+schemaIdGuid:3fdfee50-47f4-11d1-a9c3-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Certification-Authority,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Class-Registration
+ldapDisplayName: classRegistration
+governsId: 1.2.840.113556.1.5.10
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: leaf
+systemMayContain: requiredCategories, managedBy,implementedCategories, cOMTreatAsClassId, cOMProgID,cOMOtherProgId, cOMInterfaceID, cOMCLSID
+systemPossSuperiors: classStore
+schemaIdGuid:bf967a82-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Class-Registration,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Class-Schema
+ldapDisplayName: classSchema
+governsId: 1.2.840.113556.1.3.13
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: subClassOf, schemaIDGUID, objectClassCategory,governsID, defaultObjectCategory, cn
+systemMayContain: systemPossSuperiors, systemOnly, systemMustContain,systemMayContain, systemAuxiliaryClass, schemaFlagsEx, rDNAttID,possSuperiors, mustContain, msDs-Schema-Extensions, msDS-IntId,mayContain, lDAPDisplayName, isDefunct, defaultSecurityDescriptor,defaultHidingValue, classDisplayName, auxiliaryClass
+systemPossSuperiors: dMD
+schemaIdGuid:bf967a83-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:S:
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_DOMAIN_DISALLOW_RENAME
+
+cn: Class-Store
+ldapDisplayName: classStore
+governsId: 1.2.840.113556.1.5.44
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: versionNumber, nextLevelStore, lastUpdateSequence,appSchemaVersion
+systemPossSuperiors: domainPolicy, computer, group, user, classStore,organizationalUnit, domainDNS, container
+schemaIdGuid:bf967a84-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Class-Store,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Com-Connection-Point
+ldapDisplayName: comConnectionPoint
+governsId: 1.2.840.113556.1.5.11
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: connectionPoint
+systemMustContain: cn
+systemMayContain: monikerDisplayName, moniker, marshalledInterface
+systemPossSuperiors: container
+schemaIdGuid:bf967a85-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Com-Connection-Point,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Computer
+ldapDisplayName: computer
+governsId: 1.2.840.113556.1.3.30
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: user
+auxiliaryClass: ipHost
+mayContain: msSFU30Aliases, msSFU30NisDomain, nisMapName,msSFU30Name
+systemMayContain: msDS-IsUserCachableAtRodc, msTSProperty02,msTSProperty01, msTPM-OwnerInformation, msDS-RevealOnDemandGroup,msDS-NeverRevealGroup, msDS-PromotionSettings, msDS-SiteName,msDS-isRODC, msDS-isGC, msDS-AuthenticatedAtDC, msDS-RevealedList,msDS-RevealedUsers, msDS-ExecuteScriptPassword, msDS-KrbTgtLink,volumeCount, siteGUID, rIDSetReferences, policyReplicationFlags,physicalLocationObject, operatingSystemVersion,operatingSystemServicePack, operatingSystemHotfix, operatingSystem,networkAddress, netbootSIFFile, netbootMirrorDataFile,netbootMachineFilePath, netbootInitialization, netbootGUID,msDS-AdditionalSamAccountName, msDS-AdditionalDnsHostName,managedBy, machineRole, location, localPolicyFlags, dNSHostName,defaultLocalPolicyObject, cn, catalogs
+systemPossSuperiors: container, organizationalUnit, domainDNS
+schemaIdGuid:bf967a86-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCRLCLORCSDDT;;;CO)(OA;;WP;4c164200-20c0-11d0-a768-00aa006e0529;;CO)(A;;RPLCLORC;;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(A;;CCDC;;;PS)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO)(OA;;WP;3e0abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967950-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Computer,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Configuration
+ldapDisplayName: configuration
+governsId: 1.2.840.113556.1.5.12
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+systemMayContain: gPOptions, gPLink
+systemPossSuperiors: domainDNS
+schemaIdGuid:bf967a87-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=Configuration,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Connection-Point
+ldapDisplayName: connectionPoint
+governsId: 1.2.840.113556.1.5.14
+objectClassCategory: 2
+rdnAttId: cn
+subClassOf: leaf
+systemMustContain: cn
+systemMayContain: msDS-Settings, managedBy, keywords
+systemPossSuperiors: container, computer
+schemaIdGuid:5cb41ecf-0e4c-11d0-a286-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Connection-Point,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Contact
+ldapDisplayName: contact
+governsId: 1.2.840.113556.1.5.15
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: organizationalPerson
+systemAuxiliaryClass: mailRecipient
+systemMustContain: cn
+mayContain: msDS-SourceObjectDN
+systemMayContain: notes
+systemPossSuperiors: organizationalUnit, domainDNS
+schemaIdGuid:5cb41ed0-0e4c-11d0-a286-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Container
+ldapDisplayName: container
+governsId: 1.2.840.113556.1.3.23
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+mayContain: msDS-ObjectReference
+systemMayContain: schemaVersion, defaultClassStore
+systemPossSuperiors: msDS-AzScope, msDS-AzApplication,msDS-AzAdminManager, subnet, server, nTDSService, domainDNS,organization, configuration, container, organizationalUnit
+schemaIdGuid:bf967a8b-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Control-Access-Right
+ldapDisplayName: controlAccessRight
+governsId: 1.2.840.113556.1.5.77
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: validAccesses, rightsGuid, localizationDisplayId,appliesTo
+systemPossSuperiors: container
+schemaIdGuid:8297931e-86d3-11d0-afda-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Control-Access-Right,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Country
+ldapDisplayName: country
+governsId: 2.5.6.2
+objectClassCategory: 0
+rdnAttId: c
+subClassOf: top
+systemMustContain: c
+systemMayContain: co, searchGuide
+systemPossSuperiors: domainDNS, organization
+schemaIdGuid:bf967a8c-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Country,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: CRL-Distribution-Point
+ldapDisplayName: cRLDistributionPoint
+governsId: 2.5.6.19
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+systemMayContain: deltaRevocationList, cRLPartitionedRevocationList,certificateRevocationList, certificateAuthorityObject,authorityRevocationList
+systemPossSuperiors: container
+schemaIdGuid:167758ca-47f3-11d1-a9c3-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=CRL-Distribution-Point,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Cross-Ref
+ldapDisplayName: crossRef
+governsId: 1.2.840.113556.1.3.11
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: nCName, dnsRoot, cn
+systemMayContain: msDS-NC-RO-Replica-Locations, trustParent,superiorDNSRoot, rootTrust, nTMixedDomain, nETBIOSName, Enabled,msDS-SDReferenceDomain,msDS-Replication-Notify-Subsequent-DSA-Delay,msDS-Replication-Notify-First-DSA-Delay, msDS-NC-Replica-Locations,msDS-DnsRootAlias, msDS-Behavior-Version
+systemPossSuperiors: crossRefContainer
+schemaIdGuid:bf967a8d-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Cross-Ref-Container
+ldapDisplayName: crossRefContainer
+governsId: 1.2.840.113556.1.5.7000.53
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msDS-SPNSuffixes, uPNSuffixes, msDS-UpdateScript,msDS-ExecuteScriptPassword, msDS-Behavior-Version
+systemPossSuperiors: configuration
+schemaIdGuid:ef9e60e0-56f7-11d1-a9c6-0000f80367c1
+defaultSecurityDescriptor: D:(A;;GA;;;SY)
+defaultHidingValue: FALSE
+systemOnly: TRUE
+defaultObjectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Device
+ldapDisplayName: device
+governsId: 2.5.6.14
+objectClassCategory: 0
+rdnAttId: cn
+subClassOf: top
+auxiliaryClass: ipHost, ieee802Device, bootableDevice
+systemMustContain: cn
+mayContain: msSFU30Name, msSFU30NisDomain, nisMapName, msSFU30Aliases
+systemMayContain: serialNumber, seeAlso, owner, ou, o, l
+systemPossSuperiors: domainDNS, organizationalUnit, organization,container
+schemaIdGuid:bf967a8e-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Device,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Dfs-Configuration
+ldapDisplayName: dfsConfiguration
+governsId: 1.2.840.113556.1.5.42
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemPossSuperiors: container, domainDNS
+schemaIdGuid:8447f9f2-1027-11d0-a05f-00aa006c33ed
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Dfs-Configuration,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DHCP-Class
+ldapDisplayName: dHCPClass
+governsId: 1.2.840.113556.1.5.132
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: dhcpUniqueKey, dhcpType, dhcpIdentification,dhcpFlags
+systemMayContain: superScopes, superScopeDescription,optionsLocation, optionDescription, networkAddress, mscopeId,dhcpUpdateTime, dhcpSubnets, dhcpState, dhcpSites, dhcpServers,dhcpReservations, dhcpRanges, dhcpProperties, dhcpOptions,dhcpObjName, dhcpObjDescription, dhcpMaxKey, dhcpMask, dhcpClasses
+systemPossSuperiors: container
+schemaIdGuid:963d2756-48be-11d1-a9c3-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=DHCP-Class,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Display-Specifier
+ldapDisplayName: displaySpecifier
+governsId: 1.2.840.113556.1.5.84
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: treatAsLeaf, shellPropertyPages, shellContextMenu,scopeFlags, queryFilter, iconPath, extraColumns, creationWizard,createWizardExt, createDialog, contextMenu, classDisplayName,attributeDisplayNames, adminPropertyPages,adminMultiselectPropertyPages, adminContextMenu
+systemPossSuperiors: container
+schemaIdGuid:e0fa1e8a-9b45-11d0-afdd-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Display-Specifier,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Display-Template
+ldapDisplayName: displayTemplate
+governsId: 1.2.840.113556.1.3.59
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+systemMayContain: originalDisplayTableMSDOS, originalDisplayTable,helpFileName, helpData32, helpData16, addressEntryDisplayTableMSDOS,addressEntryDisplayTable
+systemPossSuperiors: container
+schemaIdGuid:5fd4250c-1262-11d0-a060-00aa006c33ed
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Display-Template,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: DMD
+ldapDisplayName: dMD
+governsId: 1.2.840.113556.1.3.9
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+systemMayContain: schemaUpdate, schemaInfo, prefixMap,msDs-Schema-Extensions, msDS-IntId, dmdName
+systemPossSuperiors: configuration
+schemaIdGuid:bf967a8f-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=DMD,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Dns-Node
+ldapDisplayName: dnsNode
+governsId: 1.2.840.113556.1.5.86
+objectClassCategory: 1
+rdnAttId: dc
+subClassOf: top
+systemMustContain: dc
+systemMayContain: dNSTombstoned, dnsRecord, dNSProperty
+systemPossSuperiors: dnsZone
+schemaIdGuid:e0fa1e8c-9b45-11d0-afdd-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;ED)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLORC;;;WD)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Dns-Zone
+ldapDisplayName: dnsZone
+governsId: 1.2.840.113556.1.5.85
+objectClassCategory: 1
+rdnAttId: dc
+subClassOf: top
+systemMustContain: dc
+systemMayContain: managedBy, dnsSecureSecondaries, dNSProperty,dnsNotifySecondaries, dnsAllowXFR, dnsAllowDynamic
+systemPossSuperiors: container
+schemaIdGuid:e0fa1e8b-9b45-11d0-afdd-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;ED)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;CC;;;AU)(A;;RPLCLORC;;;WD)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Dns-Zone,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: document
+ldapDisplayName: document
+governsId: 0.9.2342.19200300.100.4.6
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: documentIdentifier, documentPublisher, documentLocation,documentAuthor, documentVersion, documentTitle, ou, o, l, seeAlso,description, cn
+possSuperiors: organizationalUnit, container
+schemaIdGuid:39bad96d-c2d6-4baf-88ab-7e4207600117
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=document,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: documentSeries
+ldapDisplayName: documentSeries
+governsId: 0.9.2342.19200300.100.4.9
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: cn
+mayContain: telephoneNumber, ou, o, l, seeAlso, description
+possSuperiors: organizationalUnit, container
+schemaIdGuid:7a2be07c-302f-4b96-bc90-0795d66885f8
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=documentSeries,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Domain
+ldapDisplayName: domain
+governsId: 1.2.840.113556.1.5.66
+objectClassCategory: 2
+rdnAttId: dc
+subClassOf: top
+systemMustContain: dc
+systemPossSuperiors: domain, organization
+schemaIdGuid:19195a5a-6da0-11d0-afd3-00c04fd930c9
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Domain-DNS
+ldapDisplayName: domainDNS
+governsId: 1.2.840.113556.1.5.67
+objectClassCategory: 1
+rdnAttId: dc
+subClassOf: domain
+systemAuxiliaryClass: samDomain
+systemMayContain: msDS-Behavior-Version, msDS-AllowedDNSSuffixes,managedBy
+systemPossSuperiors: domainDNS
+schemaIdGuid:19195a5b-6da0-11d0-afd3-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5-32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;CIIO;CRRPWP;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)S:(AU;SA;WDWOWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Domain-Policy
+ldapDisplayName: domainPolicy
+governsId: 1.2.840.113556.1.5.18
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: leaf
+systemMayContain: qualityOfService, pwdProperties, pwdHistoryLength,publicKeyPolicy, proxyLifetime, minTicketAge, minPwdLength,minPwdAge, maxTicketAge, maxRenewAge, maxPwdAge, managedBy,lockoutThreshold, lockoutDuration, lockOutObservationWindow,ipsecPolicyReference, forceLogoff, eFSPolicy, domainWidePolicy,domainPolicyReference, domainCAs, defaultLocalPolicyObject,authenticationOptions
+systemPossSuperiors: organizationalUnit, domainDNS, container
+schemaIdGuid:bf967a99-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Domain-Policy,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: domainRelatedObject
+ldapDisplayName: domainRelatedObject
+governsId: 0.9.2342.19200300.100.4.17
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+mayContain: associatedDomain
+schemaIdGuid:8bfd2d3d-efda-4549-852c-f85e137aedc6
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=domainRelatedObject,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: DSA
+ldapDisplayName: dSA
+governsId: 2.5.6.13
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: applicationEntity
+systemMayContain: knowledgeInformation
+systemPossSuperiors: server, computer
+schemaIdGuid:3fdfee52-47f4-11d1-a9c3-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=DSA,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DS-UI-Settings
+ldapDisplayName: dSUISettings
+governsId: 1.2.840.113556.1.5.183
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msDS-Non-Security-Group-Extra-Classes,msDS-Security-Group-Extra-Classes, msDS-FilterContainers,dSUIShellMaximum, dSUIAdminNotification, dSUIAdminMaximum
+systemPossSuperiors: container
+schemaIdGuid:09b10f14-6f93-11d2-9905-0000f87a57d4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=DS-UI-Settings,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Dynamic-Object
+ldapDisplayName: dynamicObject
+governsId: 1.3.6.1.4.1.1466.101.119.2
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msDS-Entry-Time-To-Die, entryTTL
+schemaIdGuid:66d51249-3355-4c1f-b24e-81f252aca23b
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Dynamic-Object,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: File-Link-Tracking
+ldapDisplayName: fileLinkTracking
+governsId: 1.2.840.113556.1.5.52
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemPossSuperiors: container
+schemaIdGuid:dd712229-10e4-11d0-a05f-00aa006c33ed
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=File-Link-Tracking,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: File-Link-Tracking-Entry
+ldapDisplayName: fileLinkTrackingEntry
+governsId: 1.2.840.113556.1.5.59
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemPossSuperiors: fileLinkTracking
+schemaIdGuid:8e4eb2ed-4712-11d0-a1a0-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=File-Link-Tracking-Entry,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Foreign-Security-Principal
+ldapDisplayName: foreignSecurityPrincipal
+governsId: 1.2.840.113556.1.5.76
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: objectSid
+systemMayContain: foreignIdentifier
+systemPossSuperiors: container
+schemaIdGuid:89e31c12-8530-11d0-afda-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: friendlyCountry
+ldapDisplayName: friendlyCountry
+governsId: 0.9.2342.19200300.100.4.18
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: country
+mustContain: co
+schemaIdGuid:c498f152-dc6b-474a-9f52-7cdba3d7d351
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=friendlyCountry,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: FT-Dfs
+ldapDisplayName: fTDfs
+governsId: 1.2.840.113556.1.5.43
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: remoteServerName, pKTGuid, pKT
+systemMayContain: uNCName, managedBy, keywords
+systemPossSuperiors: dfsConfiguration
+schemaIdGuid:8447f9f3-1027-11d0-a05f-00aa006c33ed
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=FT-Dfs,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Group
+ldapDisplayName: group
+governsId: 1.2.840.113556.1.5.8
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+auxiliaryClass: posixGroup
+systemAuxiliaryClass: mailRecipient, securityPrincipal
+systemMustContain: groupType
+mayContain: msSFU30Name, msSFU30NisDomain, msSFU30PosixMember
+systemMayContain: msDS-AzApplicationData,msDS-AzLastImportedBizRulePath, msDS-AzBizRuleLanguage,msDS-AzBizRule, msDS-AzGenericData, msDS-AzObjectGuid,primaryGroupToken, operatorCount, nTGroupMembers, nonSecurityMember,msDS-NonMembers, msDS-AzLDAPQuery, member, managedBy,groupMembershipSAM, groupAttributes, mail, desktopProfile,controlAccessRights, adminCount
+systemPossSuperiors: msDS-AzScope, msDS-AzApplication,msDS-AzAdminManager, container, builtinDomain, organizationalUnit,domainDNS
+schemaIdGuid:bf967a9c-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Group,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Group-Of-Names
+ldapDisplayName: groupOfNames
+governsId: 2.5.6.9
+objectClassCategory: 0
+rdnAttId: cn
+subClassOf: top
+systemMustContain: member, cn
+systemMayContain: seeAlso, owner, ou, o, businessCategory
+systemPossSuperiors: organizationalUnit, locality, organization,container
+schemaIdGuid:bf967a9d-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Group-Of-Names,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: groupOfUniqueNames
+ldapDisplayName: groupOfUniqueNames
+governsId: 2.5.6.17
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: uniqueMember, cn
+mayContain: seeAlso, owner, ou, o, description, businessCategory
+possSuperiors: domainDNS, organizationalUnit, container
+schemaIdGuid:0310a911-93a3-4e21-a7a3-55d85ab2c48b
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=groupOfUniqueNames,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Group-Policy-Container
+ldapDisplayName: groupPolicyContainer
+governsId: 1.2.840.113556.1.5.157
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: container
+systemMayContain: versionNumber, gPCWQLFilter, gPCUserExtensionNames,gPCMachineExtensionNames, gPCFunctionalityVersion, gPCFileSysPath,flags
+schemaIdGuid:f30e3bc2-9ff0-11d1-b603-0000f80367c1
+defaultSecurityDescriptor: D:P(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;DA)(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;EA)(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;CO)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;LCRPLORC;;;ED)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Group-Policy-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: IEEE802Device
+ldapDisplayName: ieee802Device
+governsId: 1.3.6.1.1.1.2.11
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+mayContain: cn, macAddress
+schemaIdGuid:a699e529-a637-4b7d-a0fb-5dc466a0b8a7
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=IEEE802Device,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Index-Server-Catalog
+ldapDisplayName: indexServerCatalog
+governsId: 1.2.840.113556.1.5.130
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: connectionPoint
+systemMustContain: creator
+systemMayContain: uNCName, queryPoint, indexedScopes, friendlyNames
+systemPossSuperiors: organizationalUnit, container
+schemaIdGuid:7bfdcb8a-4807-11d1-a9c3-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Index-Server-Catalog,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: inetOrgPerson
+ldapDisplayName: inetOrgPerson
+governsId: 2.16.840.1.113730.3.2.2
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: user
+mayContain: x500uniqueIdentifier, userSMIMECertificate, userPKCS12,userCertificate, uid, secretary, roomNumber, preferredLanguage,photo, pager, o, mobile, manager, mail, labeledURI, jpegPhoto,initials, homePostalAddress, homePhone, givenName, employeeType,employeeNumber, displayName, departmentNumber, carLicense,businessCategory, audio
+possSuperiors: domainDNS, organizationalUnit, container
+schemaIdGuid:4828cc14-1437-45bc-9b07-ad6f015e5f28
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422-11d1-aebd-0000f80367c1;;S-1-5-32-561)(OA;;WPRP;5805bc62-bdc9-4428-a5e2-856a0f4c185e;;S-1-5-32-561)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Infrastructure-Update
+ldapDisplayName: infrastructureUpdate
+governsId: 1.2.840.113556.1.5.175
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: dNReferenceUpdate
+systemPossSuperiors: infrastructureUpdate, domain
+schemaIdGuid:2df90d89-009f-11d2-aa4c-00c04fd7d83a
+defaultSecurityDescriptor: D:(A;;GA;;;SY)
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Intellimirror-Group
+ldapDisplayName: intellimirrorGroup
+governsId: 1.2.840.113556.1.5.152
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemPossSuperiors: domainDNS, organizationalUnit, container
+schemaIdGuid:07383086-91df-11d1-aebc-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;CCDC;;;CO)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Intellimirror-Group,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Intellimirror-SCP
+ldapDisplayName: intellimirrorSCP
+governsId: 1.2.840.113556.1.5.151
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: serviceAdministrationPoint
+systemMayContain: netbootTools, netbootServer, netbootNewMachineOU,netbootNewMachineNamingPolicy, netbootMaxClients,netbootMachineFilePath, netbootLocallyInstalledOSes,netbootLimitClients, netbootIntelliMirrorOSes,netbootCurrentClientCount, netbootAnswerRequests,netbootAnswerOnlyValidClients, netbootAllowNewClients
+systemPossSuperiors: computer, intellimirrorGroup
+schemaIdGuid:07383085-91df-11d1-aebc-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Intellimirror-SCP,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Inter-Site-Transport
+ldapDisplayName: interSiteTransport
+governsId: 1.2.840.113556.1.5.141
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: transportDLLName, transportAddressAttribute
+systemMayContain: replInterval, options
+systemPossSuperiors: interSiteTransportContainer
+schemaIdGuid:26d97376-6070-11d1-a9c6-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Inter-Site-Transport,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Inter-Site-Transport-Container
+ldapDisplayName: interSiteTransportContainer
+governsId: 1.2.840.113556.1.5.140
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemPossSuperiors: sitesContainer
+schemaIdGuid:26d97375-6070-11d1-a9c6-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Inter-Site-Transport-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: IpHost
+ldapDisplayName: ipHost
+governsId: 1.3.6.1.1.1.2.6
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+mayContain: manager, cn, description, ipHostNumber, uid, l
+schemaIdGuid:ab911646-8827-4f95-8780-5a8f008eb68f
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=IpHost,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: IpNetwork
+ldapDisplayName: ipNetwork
+governsId: 1.3.6.1.1.1.2.7
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: cn, ipNetworkNumber
+mayContain: manager, description, ipNetmaskNumber, uid, l,msSFU30Name, msSFU30NisDomain, nisMapName, msSFU30Aliases
+possSuperiors: domainDNS, nisMap, container, organizationalUnit
+schemaIdGuid:d95836c3-143e-43fb-992a-b057f1ecadf9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=IpNetwork,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: IpProtocol
+ldapDisplayName: ipProtocol
+governsId: 1.3.6.1.1.1.2.4
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: cn, ipProtocolNumber
+mayContain: description, msSFU30Name, msSFU30NisDomain, nisMapName,msSFU30Aliases
+possSuperiors: domainDNS, nisMap, container, organizationalUnit
+schemaIdGuid:9c2dcbd2-fbf0-4dc7-ace0-8356dcd0f013
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=IpProtocol,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Ipsec-Base
+ldapDisplayName: ipsecBase
+governsId: 1.2.840.113556.1.5.7000.56
+objectClassCategory: 2
+rdnAttId: cn
+subClassOf: top
+systemMayContain: ipsecOwnersReference, ipsecName, ipsecID,ipsecDataType, ipsecData
+schemaIdGuid:b40ff825-427a-11d1-a9c2-0000f80367c1
+defaultSecurityDescriptor: D:
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Ipsec-Base,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-Filter
+ldapDisplayName: ipsecFilter
+governsId: 1.2.840.113556.1.5.118
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: ipsecBase
+systemPossSuperiors: organizationalUnit, computer, container
+schemaIdGuid:b40ff826-427a-11d1-a9c2-0000f80367c1
+defaultSecurityDescriptor: D:
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Ipsec-Filter,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-ISAKMP-Policy
+ldapDisplayName: ipsecISAKMPPolicy
+governsId: 1.2.840.113556.1.5.120
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: ipsecBase
+systemPossSuperiors: container, computer, organizationalUnit
+schemaIdGuid:b40ff828-427a-11d1-a9c2-0000f80367c1
+defaultSecurityDescriptor: D:
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Ipsec-ISAKMP-Policy,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-Negotiation-Policy
+ldapDisplayName: ipsecNegotiationPolicy
+governsId: 1.2.840.113556.1.5.119
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: ipsecBase
+systemMayContain: iPSECNegotiationPolicyType,iPSECNegotiationPolicyAction
+systemPossSuperiors: organizationalUnit, computer, container
+schemaIdGuid:b40ff827-427a-11d1-a9c2-0000f80367c1
+defaultSecurityDescriptor: D:
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Ipsec-Negotiation-Policy,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-NFA
+ldapDisplayName: ipsecNFA
+governsId: 1.2.840.113556.1.5.121
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: ipsecBase
+systemMayContain: ipsecNegotiationPolicyReference,ipsecFilterReference
+systemPossSuperiors: container, computer, organizationalUnit
+schemaIdGuid:b40ff829-427a-11d1-a9c2-0000f80367c1
+defaultSecurityDescriptor: D:
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Ipsec-NFA,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-Policy
+ldapDisplayName: ipsecPolicy
+governsId: 1.2.840.113556.1.5.98
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: ipsecBase
+systemMayContain: ipsecNFAReference, ipsecISAKMPReference
+systemPossSuperiors: organizationalUnit, computer, container
+schemaIdGuid:b7b13121-b82e-11d0-afee-0000f80367c1
+defaultSecurityDescriptor: D:
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Ipsec-Policy,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: IpService
+ldapDisplayName: ipService
+governsId: 1.3.6.1.1.1.2.3
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: ipServiceProtocol, ipServicePort, cn
+mayContain: description, msSFU30Name, msSFU30NisDomain,msSFU30Aliases, nisMapName
+possSuperiors: domainDNS, nisMap, container, organizationalUnit
+schemaIdGuid:2517fadf-fa97-48ad-9de6-79ac5721f864
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=IpService,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Leaf
+ldapDisplayName: leaf
+governsId: 1.2.840.113556.1.5.20
+objectClassCategory: 2
+rdnAttId: cn
+subClassOf: top
+schemaIdGuid:bf967a9e-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Leaf,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Licensing-Site-Settings
+ldapDisplayName: licensingSiteSettings
+governsId: 1.2.840.113556.1.5.78
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: applicationSiteSettings
+systemMayContain: siteServer
+systemPossSuperiors: site
+schemaIdGuid:1be8f17d-a9ff-11d0-afe2-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Licensing-Site-Settings,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Link-Track-Object-Move-Table
+ldapDisplayName: linkTrackObjectMoveTable
+governsId: 1.2.840.113556.1.5.91
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: fileLinkTracking
+systemPossSuperiors: fileLinkTracking
+schemaIdGuid:ddac0cf5-af8f-11d0-afeb-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Link-Track-Object-Move-Table,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Link-Track-OMT-Entry
+ldapDisplayName: linkTrackOMTEntry
+governsId: 1.2.840.113556.1.5.93
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: leaf
+systemMayContain: timeRefresh, oMTIndxGuid, oMTGuid, currentLocation,birthLocation
+systemPossSuperiors: linkTrackObjectMoveTable
+schemaIdGuid:ddac0cf7-af8f-11d0-afeb-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Link-Track-OMT-Entry,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Link-Track-Vol-Entry
+ldapDisplayName: linkTrackVolEntry
+governsId: 1.2.840.113556.1.5.92
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: leaf
+systemMayContain: volTableIdxGUID, volTableGUID, timeVolChange,timeRefresh, seqNotification, objectCount, linkTrackSecret,currMachineId
+systemPossSuperiors: linkTrackVolumeTable
+schemaIdGuid:ddac0cf6-af8f-11d0-afeb-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Link-Track-Vol-Entry,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Link-Track-Volume-Table
+ldapDisplayName: linkTrackVolumeTable
+governsId: 1.2.840.113556.1.5.90
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: fileLinkTracking
+systemPossSuperiors: fileLinkTracking
+schemaIdGuid:ddac0cf4-af8f-11d0-afeb-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Link-Track-Volume-Table,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Locality
+ldapDisplayName: locality
+governsId: 2.5.6.3
+objectClassCategory: 1
+rdnAttId: l
+subClassOf: top
+systemMustContain: l
+systemMayContain: street, st, seeAlso, searchGuide
+systemPossSuperiors: domainDNS, country, organizationalUnit,organization, locality
+schemaIdGuid:bf967aa0-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Locality,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Lost-And-Found
+ldapDisplayName: lostAndFound
+governsId: 1.2.840.113556.1.5.139
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: moveTreeState
+systemPossSuperiors: configuration, domainDNS, dMD
+schemaIdGuid:52ab8671-5709-11d1-a9c6-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Lost-And-Found,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Mail-Recipient
+ldapDisplayName: mailRecipient
+governsId: 1.2.840.113556.1.3.46
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+mayContain: msDS-PhoneticDisplayName, userSMIMECertificate,secretary, msExchLabeledURI, msExchAssistantName, labeledURI
+systemMayContain: userCertificate, userCert, textEncodedORAddress,telephoneNumber, showInAddressBook, legacyExchangeDN,garbageCollPeriod, info
+systemPossSuperiors: container
+schemaIdGuid:bf967aa1-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Mail-Recipient,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Meeting
+ldapDisplayName: meeting
+governsId: 1.2.840.113556.1.5.104
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: meetingName
+systemMayContain: meetingURL, meetingType, meetingStartTime,meetingScope, meetingRecurrence, meetingRating, meetingProtocol,meetingOwner, meetingOriginator, meetingMaxParticipants,meetingLocation, meetingLanguage, meetingKeyword,meetingIsEncrypted, meetingIP, meetingID, meetingEndTime,meetingDescription, meetingContactInfo, meetingBlob,meetingBandwidth, meetingApplication, meetingAdvertiseScope
+systemPossSuperiors: container
+schemaIdGuid:11b6cc94-48c4-11d1-a9c3-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Meeting,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-COM-Partition
+ldapDisplayName: msCOM-Partition
+governsId: 1.2.840.113556.1.5.193
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msCOM-ObjectId
+systemPossSuperiors: domainDNS, organizationalUnit, container
+schemaIdGuid:c9010e74-4e58-49f7-8a89-5e3e2340fcf8
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-COM-Partition,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-COM-PartitionSet
+ldapDisplayName: msCOM-PartitionSet
+governsId: 1.2.840.113556.1.5.194
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msCOM-PartitionLink, msCOM-DefaultPartitionLink,msCOM-ObjectId
+systemPossSuperiors: domainDNS, organizationalUnit, container
+schemaIdGuid:250464ab-c417-497a-975a-9e0d459a7ca1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-COM-PartitionSet,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DFS-Deleted-Link-v2
+ldapDisplayName: msDFS-DeletedLinkv2
+governsId: 1.2.840.113556.1.5.260
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msDFS-NamespaceIdentityGUIDv2,msDFS-LinkIdentityGUIDv2, msDFS-LastModifiedv2, msDFS-LinkPathv2
+systemMayContain: msDFS-Commentv2, msDFS-ShortNameLinkPathv2
+systemPossSuperiors: msDFS-Namespacev2
+schemaIdGuid: 25173408-04ca-40e8-865e-3f9ce9bf1bd3
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFS-Deleted-Link-v2, CN=Schema,CN=Configuration, <RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DFS-Link-v2
+ldapDisplayName: msDFS-Linkv2
+governsId: 1.2.840.113556.1.5.259
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msDFS-GenerationGUIDv2,msDFS-NamespaceIdentityGUIDv2, msDFS-LinkIdentityGUIDv2,msDFS-LastModifiedv2, msDFS-Ttlv2, msDFS-TargetListv2,msDFS-Propertiesv2, msDFS-LinkPathv2
+systemMayContain: msDFS-Commentv2, msDFS-LinkSecurityDescriptorv2,msDFS-ShortNameLinkPathv2
+systemPossSuperiors: msDFS-Namespacev2
+schemaIdGuid: 7769fb7a-1159-4e96-9ccd-68bc487073eb
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFS-Link-v2, CN=Schema,CN=Configuration, <RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DFS-Namespace-Anchor
+ldapDisplayName: msDFS-NamespaceAnchor
+governsId: 1.2.840.113556.1.5.257
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msDFS-SchemaMajorVersion
+systemPossSuperiors: dfsConfiguration
+schemaIdGuid: da73a085-6e64-4d61-b064-015d04164795
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFS-Namespace-Anchor, CN=Schema,CN=Configuration, <RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DFS-Namespace-v2
+ldapDisplayName: msDFS-Namespacev2
+governsId: 1.2.840.113556.1.5.258
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msDFS-SchemaMajorVersion,msDFS-SchemaMinorVersion, msDFS-GenerationGUIDv2,msDFS-NamespaceIdentityGUIDv2, msDFS-LastModifiedv2, msDFS-Ttlv2,msDFS-TargetListv2, msDFS-Propertiesv2
+systemMayContain: msDFS-Commentv2
+systemPossSuperiors: msDFS-NamespaceAnchor
+schemaIdGuid: 21cb8628-f3c3-4bbf-bff6-060b2d8f299a
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFS-Namespace-v2, CN=Schema,CN=Configuration, <RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DFSR-Connection
+ldapDisplayName: msDFSR-Connection
+governsId: 1.2.840.113556.1.6.13.4.10
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: fromServer
+mayContain: msDFSR-Options2, msDFSR-DisablePacketPrivacy,msDFSR-Priority, msDFSR-Enabled, msDFSR-RdcEnabled,msDFSR-RdcMinFileSizeInKb, msDFSR-Keywords, msDFSR-Schedule,msDFSR-Flags, msDFSR-Options, msDFSR-Extension
+possSuperiors: msDFSR-Member
+schemaIdGuid:e58f972e-64b5-46ef-8d8b-bbc3e1897eab
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-Connection,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DFSR-Content
+ldapDisplayName: msDFSR-Content
+governsId: 1.2.840.113556.1.6.13.4.6
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msDFSR-Options2, msDFSR-Flags, msDFSR-Options,msDFSR-Extension
+possSuperiors: msDFSR-ReplicationGroup
+schemaIdGuid:64759b35-d3a1-42e4-b5f1-a3de162109b3
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-Content,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DFSR-ContentSet
+ldapDisplayName: msDFSR-ContentSet
+governsId: 1.2.840.113556.1.6.13.4.7
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msDFSR-Options2, msDFSR-OnDemandExclusionDirectoryFilter,msDFSR-OnDemandExclusionFileFilter,msDFSR-DefaultCompressionExclusionFilter, msDFSR-DeletedSizeInMb,msDFSR-Priority, msDFSR-ConflictSizeInMb, msDFSR-StagingSizeInMb,msDFSR-RootSizeInMb, description, msDFSR-DfsPath, msDFSR-FileFilter,msDFSR-DirectoryFilter, msDFSR-Flags, msDFSR-Options,msDFSR-Extension
+possSuperiors: msDFSR-Content
+schemaIdGuid:4937f40d-a6dc-4d48-97ca-06e5fbfd3f16
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-ContentSet,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DFSR-GlobalSettings
+ldapDisplayName: msDFSR-GlobalSettings
+governsId: 1.2.840.113556.1.6.13.4.4
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msDFSR-Options2, msDFSR-Flags, msDFSR-Options,msDFSR-Extension
+possSuperiors: container
+schemaIdGuid:7b35dbad-b3ec-486a-aad4-2fec9d6ea6f6
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-GlobalSettings,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DFSR-LocalSettings
+ldapDisplayName: msDFSR-LocalSettings
+governsId: 1.2.840.113556.1.6.13.4.1
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msDFSR-StagingCleanupTriggerInPercent,msDFSR-CommonStagingSizeInMb, msDFSR-CommonStagingPath,msDFSR-Options2, msDFSR-Version, msDFSR-Flags, msDFSR-Options,msDFSR-Extension
+possSuperiors: computer
+schemaIdGuid:fa85c591-197f-477e-83bd-ea5a43df2239
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-LocalSettings,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DFSR-Member
+ldapDisplayName: msDFSR-Member
+governsId: 1.2.840.113556.1.6.13.4.9
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: msDFSR-ComputerReference
+mayContain: msDFSR-Options2, serverReference, msDFSR-Keywords,msDFSR-Flags, msDFSR-Options, msDFSR-Extension
+possSuperiors: msDFSR-Topology
+schemaIdGuid:4229c897-c211-437c-a5ae-dbf705b696e5
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-Member,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DFSR-ReplicationGroup
+ldapDisplayName: msDFSR-ReplicationGroup
+governsId: 1.2.840.113556.1.6.13.4.5
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: msDFSR-ReplicationGroupType
+mayContain: msDFSR-Options2, msDFSR-OnDemandExclusionDirectoryFilter,msDFSR-OnDemandExclusionFileFilter,msDFSR-DefaultCompressionExclusionFilter, msDFSR-DeletedSizeInMb,msDFSR-DirectoryFilter, msDFSR-FileFilter, msDFSR-ConflictSizeInMb,msDFSR-StagingSizeInMb, msDFSR-RootSizeInMb, description,msDFSR-TombstoneExpiryInMin, msDFSR-Flags, msDFSR-Options,msDFSR-Extension, msDFSR-Schedule, msDFSR-Version
+possSuperiors: msDFSR-GlobalSettings
+schemaIdGuid:1c332fe0-0c2a-4f32-afca-23c5e45a9e77
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-ReplicationGroup,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DFSR-Subscriber
+ldapDisplayName: msDFSR-Subscriber
+governsId: 1.2.840.113556.1.6.13.4.2
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: msDFSR-MemberReference, msDFSR-ReplicationGroupGuid
+mayContain: msDFSR-Options2, msDFSR-Flags, msDFSR-Options,msDFSR-Extension
+possSuperiors: msDFSR-LocalSettings
+schemaIdGuid:e11505d7-92c4-43e7-bf5c-295832ffc896
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-Subscriber,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DFSR-Subscription
+ldapDisplayName: msDFSR-Subscription
+governsId: 1.2.840.113556.1.6.13.4.3
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: msDFSR-ContentSetGuid, msDFSR-ReplicationGroupGuid
+mayContain: msDFSR-StagingCleanupTriggerInPercent, msDFSR-Options2,msDFSR-OnDemandExclusionDirectoryFilter,msDFSR-OnDemandExclusionFileFilter, msDFSR-MaxAgeInCacheInMin,msDFSR-MinDurationCacheInMin, msDFSR-CachePolicy, msDFSR-ReadOnly,msDFSR-DeletedSizeInMb, msDFSR-DeletedPath, msDFSR-RootPath,msDFSR-RootSizeInMb, msDFSR-StagingPath, msDFSR-StagingSizeInMb,msDFSR-ConflictPath, msDFSR-ConflictSizeInMb, msDFSR-Enabled,msDFSR-RootFence, msDFSR-DfsLinkTarget, msDFSR-Flags,msDFSR-Options, msDFSR-Extension
+possSuperiors: msDFSR-Subscriber
+schemaIdGuid:67212414-7bcc-4609-87e0-088dad8abdee
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-Subscription,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DFSR-Topology
+ldapDisplayName: msDFSR-Topology
+governsId: 1.2.840.113556.1.6.13.4.8
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msDFSR-Options2, msDFSR-Flags, msDFSR-Options,msDFSR-Extension
+possSuperiors: msDFSR-ReplicationGroup
+schemaIdGuid:04828aa9-6e42-4e80-b962-e2fe00754d17
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-Topology,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DS-App-Configuration
+ldapDisplayName: msDS-App-Configuration
+governsId: 1.2.840.113556.1.5.220
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: applicationSettings
+mayContain: owner, msDS-ObjectReference, msDS-Integer, msDS-DateTime,msDS-ByteArray, managedBy, keywords
+possSuperiors: organizationalUnit, computer, container
+schemaIdGuid:90df3c3e-1854-4455-a5d7-cad40d56657a
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-App-Configuration,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DS-App-Data
+ldapDisplayName: msDS-AppData
+governsId: 1.2.840.113556.1.5.241
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: applicationSettings
+mayContain: owner, msDS-ObjectReference, msDS-Integer, msDS-DateTime,msDS-ByteArray, managedBy, keywords
+possSuperiors: organizationalUnit, computer, container
+schemaIdGuid:9e67d761-e327-4d55-bc95-682f875e2f8e
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-App-Data,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DS-Az-Admin-Manager
+ldapDisplayName: msDS-AzAdminManager
+governsId: 1.2.840.113556.1.5.234
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msDS-AzGenericData, msDS-AzObjectGuid,msDS-AzMinorVersion, msDS-AzMajorVersion, msDS-AzApplicationData,msDS-AzGenerateAudits, msDS-AzScriptTimeout,msDS-AzScriptEngineCacheMax, msDS-AzDomainTimeout, description
+systemPossSuperiors: domainDNS, organizationalUnit, container
+schemaIdGuid:cfee1051-5f28-4bae-a863-5d0cc18a8ed1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Az-Admin-Manager,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Application
+ldapDisplayName: msDS-AzApplication
+governsId: 1.2.840.113556.1.5.235
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msDS-AzGenericData, msDS-AzObjectGuid,msDS-AzApplicationData, msDS-AzGenerateAudits,msDS-AzApplicationVersion, msDS-AzClassId, msDS-AzApplicationName,description
+systemPossSuperiors: msDS-AzAdminManager
+schemaIdGuid:ddf8de9b-cba5-4e12-842e-28d8b66f75ec
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Az-Application,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Operation
+ldapDisplayName: msDS-AzOperation
+governsId: 1.2.840.113556.1.5.236
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msDS-AzOperationID
+systemMayContain: msDS-AzGenericData, msDS-AzObjectGuid,msDS-AzApplicationData, description
+systemPossSuperiors: container, msDS-AzApplication
+schemaIdGuid:860abe37-9a9b-4fa4-b3d2-b8ace5df9ec5
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Az-Operation,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Role
+ldapDisplayName: msDS-AzRole
+governsId: 1.2.840.113556.1.5.239
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msDS-AzGenericData, msDS-AzObjectGuid,msDS-AzApplicationData, msDS-TasksForAzRole,msDS-OperationsForAzRole, msDS-MembersForAzRole, description
+systemPossSuperiors: container, msDS-AzScope, msDS-AzApplication
+schemaIdGuid:8213eac9-9d55-44dc-925c-e9a52b927644
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Az-Role,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Scope
+ldapDisplayName: msDS-AzScope
+governsId: 1.2.840.113556.1.5.237
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msDS-AzScopeName
+systemMayContain: msDS-AzGenericData, msDS-AzObjectGuid,msDS-AzApplicationData, description
+systemPossSuperiors: msDS-AzApplication
+schemaIdGuid:4feae054-ce55-47bb-860e-5b12063a51de
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Az-Scope,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Task
+ldapDisplayName: msDS-AzTask
+governsId: 1.2.840.113556.1.5.238
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msDS-AzGenericData, msDS-AzObjectGuid,msDS-TasksForAzTask, msDS-OperationsForAzTask,msDS-AzApplicationData, msDS-AzTaskIsRoleDefinition,msDS-AzLastImportedBizRulePath, msDS-AzBizRuleLanguage,msDS-AzBizRule, description
+systemPossSuperiors: container, msDS-AzScope, msDS-AzApplication
+schemaIdGuid:1ed3a473-9b1b-418a-bfa0-3a37b95a5306
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Az-Task,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Password-Settings
+ldapDisplayName: msDS-PasswordSettings
+governsId: 1.2.840.113556.1.5.255
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msDS-MaximumPasswordAge, msDS-MinimumPasswordAge,msDS-MinimumPasswordLength, msDS-PasswordComplexityEnabled,msDS-LockoutObservationWindow, msDS-LockoutDuration,msDS-LockoutThreshold, msDS-PasswordReversibleEncryptionEnabled,msDS-PasswordSettingsPrecedence, msDS-PasswordHistoryLength
+systemMayContain: msDS-PSOAppliesTo
+systemPossSuperiors: msDS-PasswordSettingsContainer
+schemaIdGuid: 3bcd9db8-f84b-451c-952f-6c52b81f9ec6
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Password-Settings,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Password-Settings-Container
+ldapDisplayName: msDS-PasswordSettingsContainer
+governsId: 1.2.840.113556.1.5.256
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemPossSuperiors: container
+schemaIdGuid: 5b06b06a-4cf3-44c0-bd16-43bc10a987da
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Password-Settings-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Quota-Container
+ldapDisplayName: msDS-QuotaContainer
+governsId: 1.2.840.113556.1.5.242
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+systemMayContain: msDS-TopQuotaUsage, msDS-QuotaUsed,msDS-QuotaEffective, msDS-TombstoneQuotaFactor, msDS-DefaultQuota
+systemPossSuperiors: configuration, domainDNS
+schemaIdGuid:da83fc4f-076f-4aea-b4dc-8f4dab9b5993
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;BA)(OA;;CR;4ecc03fe-ffc0-4947-b630-eb672a8a9dbc;;WD)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Quota-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Quota-Control
+ldapDisplayName: msDS-QuotaControl
+governsId: 1.2.840.113556.1.5.243
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msDS-QuotaAmount, msDS-QuotaTrustee, cn
+systemPossSuperiors: msDS-QuotaContainer
+schemaIdGuid:de91fc26-bd02-4b52-ae26-795999e96fc7
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;BA)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Quota-Control,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-Exch-Configuration-Container
+ldapDisplayName: msExchConfigurationContainer
+governsId: 1.2.840.113556.1.5.176
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: container
+systemMayContain: templateRoots, addressBookRoots, globalAddressList,templateRoots2, addressBookRoots2, globalAddressList2
+schemaIdGuid:d03d6858-06f4-11d2-aa53-00c04fd7d83a
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-Exch-Configuration-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-FVE-RecoveryInformation
+ldapDisplayName: msFVE-RecoveryInformation
+governsId: 1.2.840.113556.1.5.253
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msFVE-RecoveryPassword, msFVE-RecoveryGuid
+mayContain: msFVE-KeyPackage, msFVE-VolumeGuid
+systemPossSuperiors: computer
+schemaIdGuid:ea715d30-8f53-40d0-bd1e-6109186d782c
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-FVE-RecoveryInformation,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-ieee-80211-Policy
+ldapDisplayName: msieee80211-Policy
+governsId: 1.2.840.113556.1.5.240
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msieee80211-ID, msieee80211-DataType,msieee80211-Data
+systemPossSuperiors: organizationalUnit, container, computer
+schemaIdGuid:7b9a2d92-b7eb-4382-9772-c3e0f9baaf94
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-ieee-80211-Policy,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Configuration
+ldapDisplayName: mSMQConfiguration
+governsId: 1.2.840.113556.1.5.162
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mSMQSites, mSMQSignKey, mSMQServiceType,mSMQRoutingServices, mSMQQuota, mSMQOwnerID, mSMQOutRoutingServers,mSMQOSType, mSMQJournalQuota, mSMQInRoutingServers, mSMQForeign,mSMQEncryptKey, mSMQDsServices, mSMQDependentClientServices,mSMQComputerTypeEx, mSMQComputerType
+systemPossSuperiors: computer
+schemaIdGuid:9a0dc344-c100-11d1-bbc5-0080c76670c0
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Configuration,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Custom-Recipient
+ldapDisplayName: msMQ-Custom-Recipient
+governsId: 1.2.840.113556.1.5.218
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msMQ-Recipient-FormatName
+systemPossSuperiors: organizationalUnit, domainDNS, container
+schemaIdGuid:876d6817-35cc-436c-acea-5ef7174dd9be
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Custom-Recipient,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Enterprise-Settings
+ldapDisplayName: mSMQEnterpriseSettings
+governsId: 1.2.840.113556.1.5.163
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mSMQVersion, mSMQNameStyle, mSMQLongLived,mSMQInterval2, mSMQInterval1, mSMQCSPName
+systemPossSuperiors: container
+schemaIdGuid:9a0dc345-c100-11d1-bbc5-0080c76670c0
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Enterprise-Settings,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Group
+ldapDisplayName: msMQ-Group
+governsId: 1.2.840.113556.1.5.219
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: member
+systemPossSuperiors: organizationalUnit
+schemaIdGuid:46b27aac-aafa-4ffb-b773-e5bf621ee87b
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Group,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Migrated-User
+ldapDisplayName: mSMQMigratedUser
+governsId: 1.2.840.113556.1.5.179
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mSMQUserSid, mSMQSignCertificatesMig,mSMQSignCertificates, mSMQDigestsMig, mSMQDigests, objectSid
+systemPossSuperiors: organizationalUnit, domainDNS, builtinDomain
+schemaIdGuid:50776997-3c3d-11d2-90cc-00c04fd91ab1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Migrated-User,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Queue
+ldapDisplayName: mSMQQueue
+governsId: 1.2.840.113556.1.5.161
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mSMQTransactional, MSMQ-SecuredSource,mSMQQueueType, mSMQQueueQuota, mSMQQueueNameExt,mSMQQueueJournalQuota, mSMQPrivacyLevel, mSMQOwnerID,MSMQ-MulticastAddress, mSMQLabelEx, mSMQLabel, mSMQJournal,mSMQBasePriority, mSMQAuthenticate
+systemPossSuperiors: mSMQConfiguration
+schemaIdGuid:9a0dc343-c100-11d1-bbc5-0080c76670c0
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Queue,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Settings
+ldapDisplayName: mSMQSettings
+governsId: 1.2.840.113556.1.5.165
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mSMQSiteNameEx, mSMQSiteName, mSMQServices,mSMQRoutingService, mSMQQMID, mSMQOwnerID, mSMQNt4Flags,mSMQMigrated, mSMQDsService, mSMQDependentClientService
+systemPossSuperiors: server
+schemaIdGuid:9a0dc347-c100-11d1-bbc5-0080c76670c0
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Settings,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Site-Link
+ldapDisplayName: mSMQSiteLink
+governsId: 1.2.840.113556.1.5.164
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: mSMQSite2, mSMQSite1, mSMQCost
+systemMayContain: mSMQSiteGatesMig, mSMQSiteGates
+systemPossSuperiors: mSMQEnterpriseSettings
+schemaIdGuid:9a0dc346-c100-11d1-bbc5-0080c76670c0
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Site-Link,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-net-ieee-80211-GroupPolicy
+lDAPDisplayName: ms-net-ieee-80211-GroupPolicy
+governsID: 1.2.840.113556.1.5.251
+objectClassCategory: 1
+rDNAttID: cn
+subClassOf: top
+systemMayContain: ms-net-ieee-80211-GP-PolicyReserved,ms-net-ieee-80211-GP-PolicyData, ms-net-ieee-80211-GP-PolicyGUID
+systemPossSuperiors: computer, container, person
+schemaIDGUID: 1cb81863-b822-4379-9ea2-5ff7bdc6386d
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-net-ieee-80211-GroupPolicy,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-net-ieee-8023-GroupPolicy
+lDAPDisplayName: ms-net-ieee-8023-GroupPolicy
+governsID: 1.2.840.113556.1.5.252
+objectClassCategory: 1
+rDNAttID: cn
+subClassOf: top
+systemMayContain: ms-net-ieee-8023-GP-PolicyReserved,ms-net-ieee-8023-GP-PolicyData, ms-net-ieee-8023-GP-PolicyGUID
+systemPossSuperiors: computer, container, person
+schemaIDGUID: 99a03a6a-ab19-4446-9350-0cb878ed2d9b
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-net-ieee-8023-GroupPolicy,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Enterprise-Oid
+ldapDisplayName: msPKI-Enterprise-Oid
+governsId: 1.2.840.113556.1.5.196
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msPKI-OID-User-Notice, msPKI-OIDLocalizedName,msPKI-OID-CPS, msPKI-OID-Attribute, msPKI-Cert-Template-OID
+systemPossSuperiors: msPKI-Enterprise-Oid, container
+schemaIdGuid:37cfd85c-6719-4ad8-8f9e-8678ba627563
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-PKI-Enterprise-Oid,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Key-Recovery-Agent
+ldapDisplayName: msPKI-Key-Recovery-Agent
+governsId: 1.2.840.113556.1.5.195
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: user
+systemPossSuperiors: container
+schemaIdGuid:26ccf238-a08e-4b86-9a82-a8c9ac7ee5cb
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-PKI-Key-Recovery-Agent,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Private-Key-Recovery-Agent
+ldapDisplayName: msPKI-PrivateKeyRecoveryAgent
+governsId: 1.2.840.113556.1.5.223
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: userCertificate
+systemPossSuperiors: container
+schemaIdGuid:1562a632-44b9-4a7e-a2d3-e426c96a3acc
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-PKI-Private-Key-Recovery-Agent,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-Print-ConnectionPolicy
+ldapDisplayName: msPrint-ConnectionPolicy
+governsId: 1.2.840.113556.1.6.23.2
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: cn
+mayContain: printerName, printAttributes, serverName, uNCName
+possSuperiors: container
+schemaIdGuid:a16f33c7-7fd6-4828-9364-435138fda08d
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-Print-ConnectionPolicy,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: msSFU-30-Domain-Info
+ldapDisplayName: msSFU30DomainInfo
+governsId: 1.2.840.113556.1.6.18.2.215
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msSFU30Domains, msSFU30YpServers, msSFU30SearchContainer,msSFU30IsValidContainer, msSFU30MasterServerName,msSFU30OrderNumber, msSFU30MaxGidNumber, msSFU30MaxUidNumber,msSFU30CryptMethod
+possSuperiors: container
+schemaIdGuid:36297dce-656b-4423-ab65-dabb2770819e
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=msSFU-30-Domain-Info,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: msSFU-30-Mail-Aliases
+ldapDisplayName: msSFU30MailAliases
+governsId: 1.2.840.113556.1.6.18.2.211
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msSFU30Name, msSFU30NisDomain, msSFU30Aliases, nisMapName
+possSuperiors: domainDNS, nisMap, container
+schemaIdGuid:d6710785-86ff-44b7-85b5-f1f8689522ce
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=msSFU-30-Mail-Aliases,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: msSFU-30-Net-Id
+ldapDisplayName: msSFU30NetId
+governsId: 1.2.840.113556.1.6.18.2.212
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msSFU30KeyValues, msSFU30Name, msSFU30NisDomain,nisMapName
+possSuperiors: domainDNS, nisMap, container
+schemaIdGuid:e263192c-2a02-48df-9792-94f2328781a0
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=msSFU-30-Net-Id,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: msSFU-30-Network-User
+ldapDisplayName: msSFU30NetworkUser
+governsId: 1.2.840.113556.1.6.18.2.216
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msSFU30KeyValues, msSFU30Name, msSFU30NisDomain,nisMapName
+possSuperiors: domainDNS, nisMap, container
+schemaIdGuid:e15334a3-0bf0-4427-b672-11f5d84acc92
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=msSFU-30-Network-User,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: msSFU-30-NIS-Map-Config
+ldapDisplayName: msSFU30NISMapConfig
+governsId: 1.2.840.113556.1.6.18.2.217
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msSFU30KeyAttributes, msSFU30FieldSeparator,msSFU30NSMAPFieldPosition, msSFU30IntraFieldSeparator,msSFU30SearchAttributes, msSFU30ResultAttributes, msSFU30MapFilter
+possSuperiors: container
+schemaIdGuid:faf733d0-f8eb-4dcf-8d75-f1753af6a50b
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=msSFU-30-NIS-Map-Config,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: MS-SQL-OLAPCube
+ldapDisplayName: mS-SQL-OLAPCube
+governsId: 1.2.840.113556.1.5.190
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mS-SQL-Keywords, mS-SQL-PublicationURL,mS-SQL-InformationURL, mS-SQL-Status, mS-SQL-LastUpdatedDate,mS-SQL-Size, mS-SQL-Description, mS-SQL-Contact, mS-SQL-Name
+systemPossSuperiors: mS-SQL-OLAPDatabase
+schemaIdGuid:09f0506a-cd28-11d2-9993-0000f87a57d4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MS-SQL-OLAPCube,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-OLAPDatabase
+ldapDisplayName: mS-SQL-OLAPDatabase
+governsId: 1.2.840.113556.1.5.189
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mS-SQL-Keywords, mS-SQL-PublicationURL,mS-SQL-ConnectionURL, mS-SQL-InformationURL, mS-SQL-Status,mS-SQL-Applications, mS-SQL-LastBackupDate, mS-SQL-LastUpdatedDate,mS-SQL-Size, mS-SQL-Type, mS-SQL-Description, mS-SQL-Contact,mS-SQL-Name
+systemPossSuperiors: mS-SQL-OLAPServer
+schemaIdGuid:20af031a-ccef-11d2-9993-0000f87a57d4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MS-SQL-OLAPDatabase,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-OLAPServer
+ldapDisplayName: mS-SQL-OLAPServer
+governsId: 1.2.840.113556.1.5.185
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: serviceConnectionPoint
+systemMayContain: mS-SQL-Keywords, mS-SQL-PublicationURL,mS-SQL-InformationURL, mS-SQL-Status, mS-SQL-Language,mS-SQL-ServiceAccount, mS-SQL-Contact, mS-SQL-RegisteredOwner,mS-SQL-Build, mS-SQL-Version, mS-SQL-Name
+systemPossSuperiors: serviceConnectionPoint
+schemaIdGuid:0c7e18ea-ccef-11d2-9993-0000f87a57d4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MS-SQL-OLAPServer,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-SQLDatabase
+ldapDisplayName: mS-SQL-SQLDatabase
+governsId: 1.2.840.113556.1.5.188
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mS-SQL-Keywords, mS-SQL-InformationURL,mS-SQL-Status, mS-SQL-Applications, mS-SQL-LastDiagnosticDate,mS-SQL-LastBackupDate, mS-SQL-CreationDate, mS-SQL-Size,mS-SQL-Contact, mS-SQL-Alias, mS-SQL-Description, mS-SQL-Name
+systemPossSuperiors: mS-SQL-SQLServer
+schemaIdGuid:1d08694a-ccef-11d2-9993-0000f87a57d4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MS-SQL-SQLDatabase,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-SQLPublication
+ldapDisplayName: mS-SQL-SQLPublication
+governsId: 1.2.840.113556.1.5.187
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mS-SQL-ThirdParty,mS-SQL-AllowSnapshotFilesFTPDownloading,mS-SQL-AllowQueuedUpdatingSubscription,mS-SQL-AllowImmediateUpdatingSubscription,mS-SQL-AllowKnownPullSubscription, mS-SQL-Publisher,mS-SQL-AllowAnonymousSubscription, mS-SQL-Database, mS-SQL-Type,mS-SQL-Status, mS-SQL-Description, mS-SQL-Name
+systemPossSuperiors: mS-SQL-SQLServer
+schemaIdGuid:17c2f64e-ccef-11d2-9993-0000f87a57d4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MS-SQL-SQLPublication,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-SQLRepository
+ldapDisplayName: mS-SQL-SQLRepository
+governsId: 1.2.840.113556.1.5.186
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mS-SQL-InformationDirectory, mS-SQL-Version,mS-SQL-Description, mS-SQL-Status, mS-SQL-Build, mS-SQL-Contact,mS-SQL-Name
+systemPossSuperiors: mS-SQL-SQLServer
+schemaIdGuid:11d43c5c-ccef-11d2-9993-0000f87a57d4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MS-SQL-SQLRepository,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-SQLServer
+ldapDisplayName: mS-SQL-SQLServer
+governsId: 1.2.840.113556.1.5.184
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: serviceConnectionPoint
+systemMayContain: mS-SQL-Keywords, mS-SQL-GPSHeight,mS-SQL-GPSLongitude, mS-SQL-GPSLatitude, mS-SQL-InformationURL,mS-SQL-LastUpdatedDate, mS-SQL-Status, mS-SQL-Vines,mS-SQL-AppleTalk, mS-SQL-TCPIP, mS-SQL-SPX, mS-SQL-MultiProtocol,mS-SQL-NamedPipe, mS-SQL-Clustered, mS-SQL-UnicodeSortOrder,mS-SQL-SortOrder, mS-SQL-CharacterSet, mS-SQL-ServiceAccount,mS-SQL-Build, mS-SQL-Memory, mS-SQL-Location, mS-SQL-Contact,mS-SQL-RegisteredOwner, mS-SQL-Name
+systemPossSuperiors: serviceConnectionPoint
+schemaIdGuid:05f6c878-ccef-11d2-9993-0000f87a57d4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MS-SQL-SQLServer,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TAPI-Rt-Conference
+ldapDisplayName: msTAPI-RtConference
+governsId: 1.2.840.113556.1.5.221
+objectClassCategory: 1
+rdnAttId: msTAPI-uid
+subClassOf: top
+systemMustContain: msTAPI-uid
+systemMayContain: msTAPI-ConferenceBlob, msTAPI-ProtocolId
+systemPossSuperiors: organizationalUnit
+schemaIdGuid:ca7b9735-4b2a-4e49-89c3-99025334dc94
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-TAPI-Rt-Conference,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TAPI-Rt-Person
+ldapDisplayName: msTAPI-RtPerson
+governsId: 1.2.840.113556.1.5.222
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msTAPI-uid, msTAPI-IpAddress
+systemPossSuperiors: organization, organizationalUnit
+schemaIdGuid:53ea1cb5-b704-4df9-818f-5cb4ec86cac1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-TAPI-Rt-Person,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-IntRangeParam
+ldapDisplayName: msWMI-IntRangeParam
+governsId: 1.2.840.113556.1.5.205
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: msWMI-RangeParam
+systemMustContain: msWMI-IntDefault
+systemMayContain: msWMI-IntMax, msWMI-IntMin
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+schemaIdGuid:50ca5d7d-5c8b-4ef3-b9df-5b66d491e526
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-IntRangeParam,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-IntSetParam
+ldapDisplayName: msWMI-IntSetParam
+governsId: 1.2.840.113556.1.5.206
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: msWMI-RangeParam
+systemMustContain: msWMI-IntDefault
+systemMayContain: msWMI-IntValidValues
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+schemaIdGuid:292f0d9a-cf76-42b0-841f-b650f331df62
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-IntSetParam,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-MergeablePolicyTemplate
+ldapDisplayName: msWMI-MergeablePolicyTemplate
+governsId: 1.2.840.113556.1.5.202
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: msWMI-PolicyTemplate
+systemPossSuperiors: container
+schemaIdGuid:07502414-fdca-4851-b04a-13645b11d226
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-MergeablePolicyTemplate,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-ObjectEncoding
+ldapDisplayName: msWMI-ObjectEncoding
+governsId: 1.2.840.113556.1.5.217
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msWMI-Class, msWMI-ScopeGuid, msWMI-Parm1,msWMI-Parm2, msWMI-Parm3, msWMI-Parm4, msWMI-Genus, msWMI-intFlags1,msWMI-intFlags2, msWMI-intFlags3, msWMI-intFlags4, msWMI-ID,msWMI-TargetObject
+systemPossSuperiors: container
+schemaIdGuid:55dd81c9-c312-41f9-a84d-c6adbdf1e8e1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-ObjectEncoding,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-PolicyTemplate
+ldapDisplayName: msWMI-PolicyTemplate
+governsId: 1.2.840.113556.1.5.200
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msWMI-NormalizedClass, msWMI-TargetPath,msWMI-TargetClass, msWMI-TargetNameSpace, msWMI-Name, msWMI-ID
+systemMayContain: msWMI-TargetType, msWMI-SourceOrganization,msWMI-Parm4, msWMI-Parm3, msWMI-Parm2, msWMI-Parm1, msWMI-intFlags4,msWMI-intFlags3, msWMI-intFlags2, msWMI-intFlags1,msWMI-CreationDate, msWMI-ChangeDate, msWMI-Author
+systemPossSuperiors: container
+schemaIdGuid:e2bc80f1-244a-4d59-acc6-ca5c4f82e6e1
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-PolicyTemplate,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-PolicyType
+ldapDisplayName: msWMI-PolicyType
+governsId: 1.2.840.113556.1.5.211
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msWMI-TargetObject, msWMI-ID
+systemMayContain: msWMI-SourceOrganization, msWMI-Parm4,msWMI-Parm3, msWMI-Parm2, msWMI-Parm1, msWMI-intFlags4,msWMI-intFlags3, msWMI-intFlags2, msWMI-intFlags1,msWMI-CreationDate, msWMI-ChangeDate, msWMI-Author
+systemPossSuperiors: container
+schemaIdGuid:595b2613-4109-4e77-9013-a3bb4ef277c7
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-PolicyType,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-RangeParam
+ldapDisplayName: msWMI-RangeParam
+governsId: 1.2.840.113556.1.5.203
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msWMI-TargetType, msWMI-TargetClass,msWMI-PropertyName
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+schemaIdGuid:45fb5a57-5018-4d0f-9056-997c8c9122d9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-RangeParam,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-RealRangeParam
+ldapDisplayName: msWMI-RealRangeParam
+governsId: 1.2.840.113556.1.5.209
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: msWMI-RangeParam
+systemMustContain: msWMI-Int8Default
+systemMayContain: msWMI-Int8Max, msWMI-Int8Min
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+schemaIdGuid:6afe8fe2-70bc-4cce-b166-a96f7359c514
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-RealRangeParam,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Rule
+ldapDisplayName: msWMI-Rule
+governsId: 1.2.840.113556.1.5.214
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msWMI-QueryLanguage, msWMI-TargetNameSpace,msWMI-Query
+systemPossSuperiors: msWMI-Som, container
+schemaIdGuid:3c7e6f83-dd0e-481b-a0c2-74cd96ef2a66
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-Rule,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-ShadowObject
+ldapDisplayName: msWMI-ShadowObject
+governsId: 1.2.840.113556.1.5.212
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msWMI-TargetObject
+systemPossSuperiors: msWMI-PolicyType
+schemaIdGuid:f1e44bdf-8dd3-4235-9c86-f91f31f5b569
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-ShadowObject,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-SimplePolicyTemplate
+ldapDisplayName: msWMI-SimplePolicyTemplate
+governsId: 1.2.840.113556.1.5.201
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: msWMI-PolicyTemplate
+systemMustContain: msWMI-TargetObject
+systemPossSuperiors: container
+schemaIdGuid:6cc8b2b5-12df-44f6-8307-e74f5cdee369
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-SimplePolicyTemplate,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Som
+ldapDisplayName: msWMI-Som
+governsId: 1.2.840.113556.1.5.213
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msWMI-Name, msWMI-ID
+systemMayContain: msWMI-SourceOrganization, msWMI-Parm4, msWMI-Parm3,msWMI-Parm2, msWMI-Parm1, msWMI-intFlags4, msWMI-intFlags3,msWMI-intFlags2, msWMI-intFlags1, msWMI-CreationDate,msWMI-ChangeDate, msWMI-Author
+systemPossSuperiors: container
+schemaIdGuid:ab857078-0142-4406-945b-34c9b6b13372
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-Som,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-StringSetParam
+ldapDisplayName: msWMI-StringSetParam
+governsId: 1.2.840.113556.1.5.210
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: msWMI-RangeParam
+systemMustContain: msWMI-StringDefault
+systemMayContain: msWMI-StringValidValues
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+schemaIdGuid:0bc579a2-1da7-4cea-b699-807f3b9d63a4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-StringSetParam,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-UintRangeParam
+ldapDisplayName: msWMI-UintRangeParam
+governsId: 1.2.840.113556.1.5.207
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: msWMI-RangeParam
+systemMustContain: msWMI-IntDefault
+systemMayContain: msWMI-IntMax, msWMI-IntMin
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+schemaIdGuid:d9a799b2-cef3-48b3-b5ad-fb85f8dd3214
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-UintRangeParam,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-UintSetParam
+ldapDisplayName: msWMI-UintSetParam
+governsId: 1.2.840.113556.1.5.208
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: msWMI-RangeParam
+systemMustContain: msWMI-IntDefault
+systemMayContain: msWMI-IntValidValues
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+schemaIdGuid:8f4beb31-4e19-46f5-932e-5fa03c339b1d
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-UintSetParam,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-UnknownRangeParam
+ldapDisplayName: msWMI-UnknownRangeParam
+governsId: 1.2.840.113556.1.5.204
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: msWMI-RangeParam
+systemMustContain: msWMI-TargetObject, msWMI-NormalizedClass
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+schemaIdGuid:b82ac26b-c6db-4098-92c6-49c18a3336e1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-UnknownRangeParam,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-WMIGPO
+ldapDisplayName: msWMI-WMIGPO
+governsId: 1.2.840.113556.1.5.215
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msWMI-TargetClass
+systemMayContain: msWMI-Parm4, msWMI-Parm3, msWMI-Parm2, msWMI-Parm1,msWMI-intFlags4, msWMI-intFlags3, msWMI-intFlags2, msWMI-intFlags1
+systemPossSuperiors: container
+schemaIdGuid:05630000-3927-4ede-bf27-ca91f275c26f
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-WMIGPO,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NisMap
+ldapDisplayName: nisMap
+governsId: 1.3.6.1.1.1.2.9
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: cn, nisMapName
+mayContain: description
+possSuperiors: domainDNS, container, organizationalUnit
+schemaIdGuid:7672666c-02c1-4f33-9ecf-f649c1dd9b7c
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NisMap,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: NisNetgroup
+ldapDisplayName: nisNetgroup
+governsId: 1.3.6.1.1.1.2.8
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: cn
+mayContain: description, memberNisNetgroup, nisNetgroupTriple,msSFU30Name, msSFU30NisDomain, nisMapName,msSFU30NetgroupHostAtDomain, msSFU30NetgroupUserAtDomain
+possSuperiors: domainDNS, nisMap, container, organizationalUnit
+schemaIdGuid:72efbf84-6e7b-4a5c-a8db-8a75a7cad254
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NisNetgroup,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: NisObject
+ldapDisplayName: nisObject
+governsId: 1.3.6.1.1.1.2.10
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: cn, nisMapName, nisMapEntry
+mayContain: description, msSFU30Name, msSFU30NisDomain
+possSuperiors: domainDNS, nisMap, container, organizationalUnit
+schemaIdGuid:904f8a93-4954-4c5f-b1e1-53c097a31e13
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NisObject,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: NTDS-Connection
+ldapDisplayName: nTDSConnection
+governsId: 1.2.840.113556.1.5.71
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: leaf
+systemMustContain: options, fromServer, enabledConnection
+systemMayContain: transportType, schedule, mS-DS-ReplicatesNCReason,generatedConnection
+systemPossSuperiors: nTFRSMember, nTFRSReplicaSet, nTDSDSA
+schemaIdGuid:19195a60-6da0-11d0-afd3-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTDS-Connection,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NTDS-DSA
+ldapDisplayName: nTDSDSA
+governsId: 1.2.840.113556.1.5.7000.47
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: applicationSettings
+systemMayContain: msDS-IsUserCachableAtRodc, msDS-Sitename,msDS-isRODC, msDS-isGC, msDS-RevealedUsers,msDS-NeverRevealGroup, msDS-RevealOnDemandGroup,msDS-hasFullReplicaNCs, serverReference,msDS-RetiredReplNCSignatures, retiredReplDSASignatures,queryPolicyObject, options, networkAddress, msDS-ReplicationEpoch,msDS-HasInstantiatedNCs, msDS-hasMasterNCs, msDS-HasDomainNCs,msDS-Behavior-Version, managedBy, lastBackupRestorationTime,invocationId, hasPartialReplicaNCs, hasMasterNCs, fRSRootPath,dMDLocation
+systemPossSuperiors: organization, server
+schemaIdGuid:f0f8ffab-1191-11d0-a060-00aa006c33ed
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=NTDS-DSA,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NTDS-DSA-RO
+ldapDisplayName: nTDSDSARO
+governsId: 1.2.840.113556.1.5.254
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: nTDSDSA
+systemPossSuperiors: server, organization
+schemaIdGuid:85d16ec1-0791-4bc8-8ab3-70980602ff8c
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=NTDS-DSA-RO,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NTDS-Service
+ldapDisplayName: nTDSService
+governsId: 1.2.840.113556.1.5.72
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: tombstoneLifetime, sPNMappings,replTopologyStayOfExecution, msDS-Other-Settings, garbageCollPeriod,dSHeuristics
+systemPossSuperiors: container
+schemaIdGuid:19195a5f-6da0-11d0-afd3-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NTDS-Site-Settings
+ldapDisplayName: nTDSSiteSettings
+governsId: 1.2.840.113556.1.5.69
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: applicationSiteSettings
+systemMayContain: schedule, queryPolicyObject, options,msDS-Preferred-GC-Site, managedBy, interSiteTopologyRenew,interSiteTopologyGenerator, interSiteTopologyFailover
+systemPossSuperiors: site
+schemaIdGuid:19195a5d-6da0-11d0-afd3-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTDS-Site-Settings,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NTFRS-Member
+ldapDisplayName: nTFRSMember
+governsId: 1.2.840.113556.1.5.153
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: serverReference, fRSUpdateTimeout,fRSServiceCommand, fRSRootSecurity, fRSPartnerAuthLevel, fRSFlags,fRSExtensions, fRSControlOutboundBacklog, fRSControlInboundBacklog,fRSControlDataCreation, frsComputerReference
+systemPossSuperiors: nTFRSReplicaSet
+schemaIdGuid:2a132586-9373-11d1-aebc-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTFRS-Member,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NTFRS-Replica-Set
+ldapDisplayName: nTFRSReplicaSet
+governsId: 1.2.840.113556.1.5.102
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: schedule, msFRS-Topology-Pref, msFRS-Hub-Member,managedBy, fRSVersionGUID, fRSServiceCommand, fRSRootSecurity,fRSReplicaSetType, fRSReplicaSetGUID, fRSPrimaryMember,fRSPartnerAuthLevel, fRSLevelLimit, fRSFlags, fRSFileFilter,fRSExtensions, fRSDSPoll, fRSDirectoryFilter
+systemPossSuperiors: nTFRSSettings
+schemaIdGuid:5245803a-ca6a-11d0-afff-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(OA;;CCDC;2a132586-9373-11d1-aebc-0000f80367c1;;ED)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTFRS-Replica-Set,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NTFRS-Settings
+ldapDisplayName: nTFRSSettings
+governsId: 1.2.840.113556.1.5.89
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: applicationSettings
+systemMayContain: managedBy, fRSExtensions
+systemPossSuperiors: nTFRSSettings, container, organizationalUnit,organization
+schemaIdGuid:f780acc2-56f0-11d1-a9c6-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTFRS-Settings,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NTFRS-Subscriber
+ldapDisplayName: nTFRSSubscriber
+governsId: 1.2.840.113556.1.5.155
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: fRSStagingPath, fRSRootPath
+systemMayContain: schedule, fRSUpdateTimeout,fRSTimeLastConfigChange, fRSTimeLastCommand,fRSServiceCommandStatus, fRSServiceCommand, fRSMemberReference,fRSFlags, fRSFaultCondition, fRSExtensions
+systemPossSuperiors: nTFRSSubscriptions
+schemaIdGuid:2a132588-9373-11d1-aebc-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTFRS-Subscriber,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NTFRS-Subscriptions
+ldapDisplayName: nTFRSSubscriptions
+governsId: 1.2.840.113556.1.5.154
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: fRSWorkingPath, fRSVersion, fRSExtensions
+systemPossSuperiors: user, computer, nTFRSSubscriptions
+schemaIdGuid:2a132587-9373-11d1-aebc-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTFRS-Subscriptions,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: OncRpc
+ldapDisplayName: oncRpc
+governsId: 1.3.6.1.1.1.2.5
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: cn, oncRpcNumber
+mayContain: description, msSFU30Name, msSFU30NisDomain, nisMapName,msSFU30Aliases
+possSuperiors: domainDNS, nisMap, container, organizationalUnit
+schemaIdGuid:cadd1e5e-fefc-4f3f-b5a9-70e994204303
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=OncRpc,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Organization
+ldapDisplayName: organization
+governsId: 2.5.6.4
+objectClassCategory: 1
+rdnAttId: o
+subClassOf: top
+systemMustContain: o
+systemMayContain: x121Address, userPassword, telexNumber,teletexTerminalIdentifier, telephoneNumber, street, st, seeAlso,searchGuide, registeredAddress, preferredDeliveryMethod, postalCode,postalAddress, postOfficeBox, physicalDeliveryOfficeName, l,internationalISDNNumber, facsimileTelephoneNumber,destinationIndicator, businessCategory
+systemPossSuperiors: locality, country, domainDNS
+schemaIdGuid:bf967aa3-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Organization,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Organizational-Person
+ldapDisplayName: organizationalPerson
+governsId: 2.5.6.7
+objectClassCategory: 0
+rdnAttId: cn
+subClassOf: person
+mayContain: msDS-HABSeniorityIndex, msDS-PhoneticDisplayName,msDS-PhoneticCompanyName, msDS-PhoneticDepartment,msDS-PhoneticLastName, msDS-PhoneticFirstName, houseIdentifier,msExchHouseIdentifier, homePostalAddress
+systemMayContain: x121Address, comment, title, co,primaryTelexNumber, telexNumber, teletexTerminalIdentifier, street,st, registeredAddress, preferredDeliveryMethod, postalCode,postalAddress, postOfficeBox, thumbnailPhoto,physicalDeliveryOfficeName, pager, otherPager, otherTelephone,mobile, otherMobile, primaryInternationalISDNNumber, ipPhone,otherIpPhone, otherHomePhone, homePhone,otherFacsimileTelephoneNumber, personalTitle, middleName,otherMailbox, ou, o, mhsORAddress, msDS-AllowedToDelegateTo,manager, thumbnailLogo, l, internationalISDNNumber, initials,givenName, generationQualifier, facsimileTelephoneNumber,employeeID, mail, division, destinationIndicator, department, c,countryCode, company, assistant, streetAddress
+systemPossSuperiors: organizationalUnit, organization, container
+schemaIdGuid:bf967aa4-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Organizational-Role
+ldapDisplayName: organizationalRole
+governsId: 2.5.6.8
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+systemMayContain: x121Address, telexNumber,teletexTerminalIdentifier, telephoneNumber, street, st, seeAlso,roleOccupant, registeredAddress, preferredDeliveryMethod,postalCode, postalAddress, postOfficeBox,physicalDeliveryOfficeName, ou, l, internationalISDNNumber,facsimileTelephoneNumber, destinationIndicator
+systemPossSuperiors: organizationalUnit, organization, container
+schemaIdGuid:a8df74bf-c5ea-11d1-bbcb-0080c76670c0
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Organizational-Role,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Organizational-Unit
+ldapDisplayName: organizationalUnit
+governsId: 2.5.6.5
+objectClassCategory: 1
+rdnAttId: ou
+subClassOf: top
+systemMustContain: ou
+systemMayContain: x121Address, userPassword, uPNSuffixes, co,telexNumber, teletexTerminalIdentifier, telephoneNumber, street, st,seeAlso, searchGuide, registeredAddress, preferredDeliveryMethod,postalCode, postalAddress, postOfficeBox,physicalDeliveryOfficeName, msCOM-UserPartitionSetLink, managedBy,thumbnailLogo, l, internationalISDNNumber, gPOptions, gPLink,facsimileTelephoneNumber, destinationIndicator, desktopProfile,defaultGroup, countryCode, c, businessCategory
+systemPossSuperiors: country, organization, organizationalUnit,domainDNS
+schemaIdGuid:bf967aa5-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(OA;;CCDC;bf967a86-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aba-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967a9c-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;ED)(OA;;CCDC;4828CC14-1437-45bc-9B07-AD6F015E5F28;;AO)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Package-Registration
+ldapDisplayName: packageRegistration
+governsId: 1.2.840.113556.1.5.49
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: versionNumberLo, versionNumberHi, vendor,upgradeProductCode, setupCommand, productCode, packageType,packageName, packageFlags, msiScriptSize, msiScriptPath,msiScriptName, msiScript, msiFileList, managedBy,machineArchitecture, localeID, lastUpdateSequence, installUiLevel,iconPath, fileExtPriority, cOMTypelibId, cOMProgID, cOMInterfaceID,cOMClassID, categories, canUpgradeScript
+systemPossSuperiors: classStore
+schemaIdGuid:bf967aa6-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Package-Registration,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Person
+ldapDisplayName: person
+governsId: 2.5.6.6
+objectClassCategory: 0
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+mayContain: attributeCertificateAttribute
+systemMayContain: userPassword, telephoneNumber, sn, serialNumber,seeAlso
+systemPossSuperiors: organizationalUnit, container
+schemaIdGuid:bf967aa7-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Physical-Location
+ldapDisplayName: physicalLocation
+governsId: 1.2.840.113556.1.5.97
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: locality
+systemMayContain: managedBy
+systemPossSuperiors: physicalLocation, configuration
+schemaIdGuid:b7b13122-b82e-11d0-afee-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Physical-Location,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Certificate-Template
+ldapDisplayName: pKICertificateTemplate
+governsId: 1.2.840.113556.1.5.177
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: pKIOverlapPeriod, pKIMaxIssuingDepth, pKIKeyUsage,pKIExtendedKeyUsage, pKIExpirationPeriod, pKIEnrollmentAccess,pKIDefaultCSPs, pKIDefaultKeySpec, pKICriticalExtensions,msPKI-RA-Signature, msPKI-RA-Policies,msPKI-RA-Application-Policies, msPKI-Template-Schema-Version,msPKI-Template-Minor-Revision, msPKI-Supersede-Templates,msPKI-Private-Key-Flag, msPKI-Minimal-Key-Size,msPKI-Enrollment-Flag, msPKI-Certificate-Policy,msPKI-Certificate-Name-Flag, msPKI-Certificate-Application-Policy,msPKI-Cert-Template-OID, flags, displayName
+systemPossSuperiors: container
+schemaIdGuid:e5209ca2-3bba-11d2-90cc-00c04fd91ab1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=PKI-Certificate-Template,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Enrollment-Service
+ldapDisplayName: pKIEnrollmentService
+governsId: 1.2.840.113556.1.5.178
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: signatureAlgorithms, enrollmentProviders,dNSHostName, certificateTemplates, cACertificateDN, cACertificate
+systemPossSuperiors: container
+schemaIdGuid:ee4aa692-3bba-11d2-90cc-00c04fd91ab1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=PKI-Enrollment-Service,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PosixAccount
+ldapDisplayName: posixAccount
+governsId: 1.3.6.1.1.1.2.0
+objectClassCategory: 3
+rdnAttId: uid
+subClassOf: top
+mayContain: uid, cn, uidNumber, gidNumber, unixHomeDirectory,homeDirectory, userPassword, unixUserPassword, loginShell, gecos,description
+schemaIdGuid:ad44bb41-67d5-4d88-b575-7b20674e76d8
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=PosixAccount,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: PosixGroup
+ldapDisplayName: posixGroup
+governsId: 1.3.6.1.1.1.2.2
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+mayContain: cn, userPassword, unixUserPassword, description,gidNumber, memberUid
+schemaIdGuid:2a9350b8-062c-4ed0-9903-dde10d06deba
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=PosixGroup,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Print-Queue
+ldapDisplayName: printQueue
+governsId: 1.2.840.113556.1.5.23
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: connectionPoint
+systemMustContain: versionNumber, uNCName, shortServerName,serverName, printerName
+systemMayContain: priority, printStatus, printStartTime,printStaplingSupported, printSpooling, printShareName,printSeparatorFile, printRateUnit, printRate, printPagesPerMinute,printOwner, printOrientationsSupported, printNumberUp, printNotify,printNetworkAddress, printMinYExtent, printMinXExtent, printMemory,printMediaSupported, printMediaReady, printMaxYExtent,printMaxXExtent, printMaxResolutionSupported, printMaxCopies,printMACAddress, printLanguage, printKeepPrintedJobs, printFormName,printEndTime, printDuplexSupported, printColor, printCollate,printBinNames, printAttributes, portName, physicalLocationObject,operatingSystemVersion, operatingSystemServicePack,operatingSystemHotfix, operatingSystem, location, driverVersion,driverName, defaultPriority, bytesPerMinute, assetNumber
+systemPossSuperiors: organizationalUnit, domainDNS, container,computer
+schemaIdGuid:bf967aa8-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;PO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Print-Queue,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Query-Policy
+ldapDisplayName: queryPolicy
+governsId: 1.2.840.113556.1.5.106
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: lDAPIPDenyList, lDAPAdminLimits
+systemPossSuperiors: container
+schemaIdGuid:83cc7075-cca7-11d0-afff-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Query-Policy,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Remote-Mail-Recipient
+ldapDisplayName: remoteMailRecipient
+governsId: 1.2.840.113556.1.5.24
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemAuxiliaryClass: mailRecipient
+systemMayContain: remoteSourceType, remoteSource, managedBy
+systemPossSuperiors: organizationalUnit, domainDNS
+schemaIdGuid:bf967aa9-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(OA;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Remote-Mail-Recipient,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Remote-Storage-Service-Point
+ldapDisplayName: remoteStorageServicePoint
+governsId: 1.2.840.113556.1.5.146
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: serviceAdministrationPoint
+systemMayContain: remoteStorageGUID
+systemPossSuperiors: computer
+schemaIdGuid:2a39c5bd-8960-11d1-aebc-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Remote-Storage-Service-Point,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Residential-Person
+ldapDisplayName: residentialPerson
+governsId: 2.5.6.10
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: person
+systemMayContain: x121Address, title, telexNumber,teletexTerminalIdentifier, street, st, registeredAddress,preferredDeliveryMethod, postalCode, postalAddress, postOfficeBox,physicalDeliveryOfficeName, ou, l, internationalISDNNumber,facsimileTelephoneNumber, destinationIndicator, businessCategory
+systemPossSuperiors: locality, container
+schemaIdGuid:a8df74d6-c5ea-11d1-bbcb-0080c76670c0
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Residential-Person,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rFC822LocalPart
+ldapDisplayName: rFC822LocalPart
+governsId: 0.9.2342.19200300.100.4.14
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: domain
+mayContain: x121Address, telexNumber, teletexTerminalIdentifier,telephoneNumber, street, sn, seeAlso, registeredAddress,preferredDeliveryMethod, postOfficeBox, postalCode, postalAddress,physicalDeliveryOfficeName, internationalISDNNumber,facsimileTelephoneNumber, destinationIndicator, description, cn
+possSuperiors: organizationalUnit, container
+schemaIdGuid:b93e3a78-cbae-485e-a07b-5ef4ae505686
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=rFC822LocalPart,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: RID-Manager
+ldapDisplayName: rIDManager
+governsId: 1.2.840.113556.1.5.83
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: rIDAvailablePool
+systemPossSuperiors: container
+schemaIdGuid:6617188d-8f3c-11d0-afda-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)S:(AU;SA;CRWP;;;WD)
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=RID-Manager,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: RID-Set
+ldapDisplayName: rIDSet
+governsId: 1.2.840.113556.1.5.129
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: rIDUsedPool, rIDPreviousAllocationPool,rIDNextRID, rIDAllocationPool
+systemPossSuperiors: user, container, computer
+schemaIdGuid:7bfdcb89-4807-11d1-a9c3-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=RID-Set,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: room
+ldapDisplayName: room
+governsId: 0.9.2342.19200300.100.4.7
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: cn
+mayContain: location, telephoneNumber, seeAlso, description,roomNumber
+possSuperiors: organizationalUnit, container
+schemaIdGuid:7860e5d2-c8b0-4cbb-bd45-d9455beb9206
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=room,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Rpc-Container
+ldapDisplayName: rpcContainer
+governsId: 1.2.840.113556.1.5.136
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: container
+systemMayContain: nameServiceFlags
+systemPossSuperiors: container
+schemaIdGuid:80212842-4bdc-11d1-a9c4-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Rpc-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Entry
+ldapDisplayName: rpcEntry
+governsId: 1.2.840.113556.1.5.27
+objectClassCategory: 2
+rdnAttId: cn
+subClassOf: connectionPoint
+systemPossSuperiors: container
+schemaIdGuid:bf967aac-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=rpc-Entry,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Group
+ldapDisplayName: rpcGroup
+governsId: 1.2.840.113556.1.5.80
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: rpcEntry
+systemMayContain: rpcNsObjectID, rpcNsGroup
+systemPossSuperiors: container
+schemaIdGuid:88611bdf-8cf4-11d0-afda-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=rpc-Group,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Profile
+ldapDisplayName: rpcProfile
+governsId: 1.2.840.113556.1.5.82
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: rpcEntry
+systemPossSuperiors: container
+schemaIdGuid:88611be1-8cf4-11d0-afda-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=rpc-Profile,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Profile-Element
+ldapDisplayName: rpcProfileElement
+governsId: 1.2.840.113556.1.5.26
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: rpcEntry
+systemMustContain: rpcNsPriority, rpcNsInterfaceID
+systemMayContain: rpcNsProfileEntry, rpcNsAnnotation
+systemPossSuperiors: rpcProfile
+schemaIdGuid:f29653cf-7ad0-11d0-afd6-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=rpc-Profile-Element,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Server
+ldapDisplayName: rpcServer
+governsId: 1.2.840.113556.1.5.81
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: rpcEntry
+systemMayContain: rpcNsObjectID, rpcNsEntryFlags, rpcNsCodeset
+systemPossSuperiors: container
+schemaIdGuid:88611be0-8cf4-11d0-afda-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=rpc-Server,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Server-Element
+ldapDisplayName: rpcServerElement
+governsId: 1.2.840.113556.1.5.73
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: rpcEntry
+systemMustContain: rpcNsTransferSyntax, rpcNsInterfaceID,rpcNsBindings
+systemPossSuperiors: rpcServer
+schemaIdGuid:f29653d0-7ad0-11d0-afd6-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=rpc-Server-Element,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: RRAS-Administration-Connection-Point
+ldapDisplayName: rRASAdministrationConnectionPoint
+governsId: 1.2.840.113556.1.5.150
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: serviceAdministrationPoint
+systemMayContain: msRRASAttribute
+systemPossSuperiors: computer
+schemaIdGuid:2a39c5be-8960-11d1-aebc-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=RRAS-Administration-Connection-Point,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: RRAS-Administration-Dictionary
+ldapDisplayName: rRASAdministrationDictionary
+governsId: 1.2.840.113556.1.5.156
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msRRASVendorAttributeEntry
+systemPossSuperiors: container
+schemaIdGuid:f39b98ae-938d-11d1-aebd-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=RRAS-Administration-Dictionary,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Sam-Domain
+ldapDisplayName: samDomain
+governsId: 1.2.840.113556.1.5.3
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+systemAuxiliaryClass: samDomainBase
+systemMayContain: treeName, rIDManagerReference, replicaSource,pwdProperties, pwdHistoryLength, privateKey, pekList,pekKeyChangeInterval, nTMixedDomain, nextRid, nETBIOSName,msDS-PerUserTrustTombstonesQuota, msDS-PerUserTrustQuota,ms-DS-MachineAccountQuota, msDS-LogonTimeSyncInterval,msDS-AllUsersTrustQuota, modifiedCountAtLastProm, minPwdLength,minPwdAge, maxPwdAge, lSAModifiedCount, lSACreationTime,lockoutThreshold, lockoutDuration, lockOutObservationWindow,gPOptions, gPLink, eFSPolicy, domainPolicyObject, desktopProfile,description, defaultLocalPolicyObject, creationTime,controlAccessRights, cACertificate, builtinModifiedCount,builtinCreationTime, auditingPolicy
+schemaIdGuid:bf967a90-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5-32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;CIIO;CRRPWP;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)S:(AU;SA;WDWOWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Sam-Domain,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Sam-Domain-Base
+ldapDisplayName: samDomainBase
+governsId: 1.2.840.113556.1.5.2
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+systemMayContain: uASCompat, serverState, serverRole, revision,pwdProperties, pwdHistoryLength, oEMInformation, objectSid,nTSecurityDescriptor, nextRid, modifiedCountAtLastProm,modifiedCount, minPwdLength, minPwdAge, maxPwdAge, lockoutThreshold,lockoutDuration, lockOutObservationWindow, forceLogoff,domainReplica, creationTime
+schemaIdGuid:bf967a91-0de6-11d0-a285-00aa003049e2
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Sam-Domain-Base,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Sam-Server
+ldapDisplayName: samServer
+governsId: 1.2.840.113556.1.5.5
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: securityObject
+systemMayContain: samDomainUpdates
+systemPossSuperiors: domainDNS
+schemaIdGuid:bf967aad-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPLCLORC;;;RU)(OA;;CR;91d67418-0135-4acc-8d79-c08e857cfbec;;AU)(OA;;CR;91d67418-0135-4acc-8d79-c08e857cfbec;;RU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Sam-Server,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Secret
+ldapDisplayName: secret
+governsId: 1.2.840.113556.1.5.28
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: leaf
+systemMayContain: priorValue, priorSetTime, lastSetTime, currentValue
+systemPossSuperiors: container
+schemaIdGuid:bf967aae-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Secret,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Security-Object
+ldapDisplayName: securityObject
+governsId: 1.2.840.113556.1.5.1
+objectClassCategory: 2
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+systemPossSuperiors: container
+schemaIdGuid:bf967aaf-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Security-Object,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Security-Principal
+ldapDisplayName: securityPrincipal
+governsId: 1.2.840.113556.1.5.6
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+systemMustContain: sAMAccountName, objectSid
+systemMayContain: supplementalCredentials, sIDHistory,securityIdentifier, sAMAccountType, rid, tokenGroupsNoGCAcceptable,tokenGroupsGlobalAndUniversal, tokenGroups, nTSecurityDescriptor,msDS-KeyVersionNumber, altSecurityIdentities, accountNameHistory
+schemaIdGuid:bf967ab0-0de6-11d0-a285-00aa003049e2
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Security-Principal,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Server
+ldapDisplayName: server
+governsId: 1.2.840.113556.1.5.17
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msDS-IsUserCachableAtRodc, msDS-SiteName,msDS-isRODC, msDS-isGC, mailAddress, serverReference, serialNumber,managedBy, dNSHostName, bridgeheadTransportList
+systemPossSuperiors: serversContainer
+schemaIdGuid:bf967a92-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Server,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Servers-Container
+ldapDisplayName: serversContainer
+governsId: 1.2.840.113556.1.5.7000.48
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemPossSuperiors: site
+schemaIdGuid:f780acc0-56f0-11d1-a9c6-0000f80367c1
+defaultSecurityDescriptor: D:(A;;CC;;;BA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Servers-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-Administration-Point
+ldapDisplayName: serviceAdministrationPoint
+governsId: 1.2.840.113556.1.5.94
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: serviceConnectionPoint
+systemPossSuperiors: computer
+schemaIdGuid:b7b13123-b82e-11d0-afee-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Service-Administration-Point,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-Class
+ldapDisplayName: serviceClass
+governsId: 1.2.840.113556.1.5.29
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: leaf
+systemMustContain: serviceClassID, displayName
+systemMayContain: serviceClassInfo
+systemPossSuperiors: container
+schemaIdGuid:bf967ab1-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Service-Class,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-Connection-Point
+ldapDisplayName: serviceConnectionPoint
+governsId: 1.2.840.113556.1.5.126
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: connectionPoint
+systemMayContain: versionNumberLo, versionNumberHi, versionNumber,vendor, serviceDNSNameType, serviceDNSName, serviceClassName,serviceBindingInformation, appSchemaVersion
+systemPossSuperiors: organizationalUnit, container, computer
+schemaIdGuid:28630ec1-41d5-11d1-a9c1-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Service-Connection-Point,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-Instance
+ldapDisplayName: serviceInstance
+governsId: 1.2.840.113556.1.5.30
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: connectionPoint
+systemMustContain: serviceClassID, displayName
+systemMayContain: winsockAddresses, serviceInstanceVersion
+systemPossSuperiors: container
+schemaIdGuid:bf967ab2-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Service-Instance,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ShadowAccount
+ldapDisplayName: shadowAccount
+governsId: 1.3.6.1.1.1.2.1
+objectClassCategory: 3
+rdnAttId: uid
+subClassOf: top
+mayContain: uid, userPassword, description, shadowLastChange,shadowMin, shadowMax, shadowWarning, shadowInactive, shadowExpire,shadowFlag
+schemaIdGuid:5b6d8467-1a18-4174-b350-9cc6e7b4ac8d
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ShadowAccount,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: simpleSecurityObject
+ldapDisplayName: simpleSecurityObject
+governsId: 0.9.2342.19200300.100.4.19
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+mayContain: userPassword
+schemaIdGuid:5fe69b0b-e146-4f15-b0ab-c1e5d488e094
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=simpleSecurityObject,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Site
+ldapDisplayName: site
+governsId: 1.2.840.113556.1.5.31
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: notificationList, mSMQSiteID, mSMQSiteForeign,mSMQNt4Stub, mSMQInterval2, mSMQInterval1, managedBy, location,gPOptions, gPLink, msDS-BridgeHeadServersUsed
+systemPossSuperiors: sitesContainer
+schemaIdGuid:bf967ab3-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;ED)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Site,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Site-Link
+ldapDisplayName: siteLink
+governsId: 1.2.840.113556.1.5.147
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: siteList
+systemMayContain: schedule, replInterval, options, cost
+systemPossSuperiors: interSiteTransport
+schemaIdGuid:d50c2cde-8951-11d1-aebc-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Site-Link,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Site-Link-Bridge
+ldapDisplayName: siteLinkBridge
+governsId: 1.2.840.113556.1.5.148
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: siteLinkList
+systemPossSuperiors: interSiteTransport
+schemaIdGuid:d50c2cdf-8951-11d1-aebc-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Site-Link-Bridge,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Sites-Container
+ldapDisplayName: sitesContainer
+governsId: 1.2.840.113556.1.5.107
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemPossSuperiors: configuration
+schemaIdGuid:7a4117da-cd67-11d0-afff-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Storage
+ldapDisplayName: storage
+governsId: 1.2.840.113556.1.5.33
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: connectionPoint
+systemMayContain: monikerDisplayName, moniker, iconPath
+systemPossSuperiors: container
+schemaIdGuid:bf967ab5-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Storage,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Subnet
+ldapDisplayName: subnet
+governsId: 1.2.840.113556.1.5.96
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: siteObject, physicalLocationObject, location
+systemPossSuperiors: subnetContainer
+schemaIdGuid:b7b13124-b82e-11d0-afee-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Subnet,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Subnet-Container
+ldapDisplayName: subnetContainer
+governsId: 1.2.840.113556.1.5.95
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemPossSuperiors: sitesContainer
+schemaIdGuid:b7b13125-b82e-11d0-afee-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Subnet-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: SubSchema
+ldapDisplayName: subSchema
+governsId: 2.5.20.1
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: objectClasses, modifyTimeStamp, extendedClassInfo,extendedAttributeInfo, dITContentRules, attributeTypes
+systemPossSuperiors: dMD
+schemaIdGuid:5a8b3261-c38d-11d1-bbc9-0080c76670c0
+defaultSecurityDescriptor: D:S:
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=SubSchema,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_DOMAIN_DISALLOW_RENAME
+
+cn: Top
+ldapDisplayName: top
+governsId: 2.5.6.0
+objectClassCategory: 2
+rdnAttId: cn
+subClassOf: top
+systemMustContain: objectClass, objectCategory, nTSecurityDescriptor,instanceType
+mayContain: msSFU30PosixMemberOf, msDFSR-ComputerReferenceBL,msDFSR-MemberReferenceBL, msDS-ObjectReferenceBL
+systemMayContain: msDS-NcType, msDS-PSOApplied, msDS-PrincipalName,msDS-RevealedListBL, msDS-AuthenticatedToAccountlist,msDS-IsPartialReplicaFor, msDS-IsDomainFor, msDS-IsFullReplicaFor,msDS-RevealedDSAs, msDS-KrbTgtLinkBl, url, wWWHomePage, whenCreated,whenChanged, wellKnownObjects, wbemPath, uSNSource, uSNLastObjRem,USNIntersite, uSNDSALastObjRemoved, uSNCreated, uSNChanged,systemFlags, subSchemaSubEntry, subRefs, structuralObjectClass,siteObjectBL, serverReferenceBL, sDRightsEffective, revision,repsTo, repsFrom, directReports, replUpToDateVector,replPropertyMetaData, name, queryPolicyBL, proxyAddresses,proxiedObjectName, possibleInferiors, partialAttributeSet,partialAttributeDeletionList, otherWellKnownObjects, objectVersion,objectGUID, distinguishedName, nonSecurityMemberBL, netbootSCPBL,ownerBL, msDS-ReplValueMetaData, msDS-ReplAttributeMetaData,msDS-NonMembersBL, msDS-NCReplOutboundNeighbors,msDS-NCReplInboundNeighbors, msDS-NCReplCursors,msDS-TasksForAzRoleBL, msDS-TasksForAzTaskBL,msDS-OperationsForAzRoleBL, msDS-OperationsForAzTaskBL,msDS-MembersForAzRoleBL, msDs-masteredBy, mS-DS-ConsistencyGuid,mS-DS-ConsistencyChildCount, msDS-Approx-Immed-Subordinates,msCOM-PartitionSetLink, msCOM-UserLink, modifyTimeStamp, masteredBy,managedObjects, lastKnownParent, isPrivilegeHolder, memberOf,isDeleted, isCriticalSystemObject, showInAdvancedViewOnly,fSMORoleOwner, fRSMemberReferenceBL, frsComputerReferenceBL,fromEntry, flags, extensionName, dSASignature,dSCorePropagationData, displayNamePrintable, displayName,description, createTimeStamp, cn, canonicalName,bridgeheadServerListBL, allowedChildClassesEffective,allowedChildClasses, allowedAttributesEffective, allowedAttributes,adminDisplayName, adminDescription, msDS-NC-RO-Replica-Locations-BL
+systemPossSuperiors: lostAndFound
+schemaIdGuid:bf967ab7-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=Top,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Trusted-Domain
+ldapDisplayName: trustedDomain
+governsId: 1.2.840.113556.1.5.34
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: leaf
+systemMayContain: msDS-SupportedEncryptionTypes, trustType,trustPosixOffset, trustPartner, trustDirection, trustAuthOutgoing,trustAuthIncoming, trustAttributes, securityIdentifier,msDS-TrustForestTrustInfo, mS-DS-CreatorSID, initialAuthOutgoing,initialAuthIncoming, flatName, domainIdentifier, domainCrossRef,additionalTrustedServiceNames
+systemPossSuperiors: container
+schemaIdGuid:bf967ab8-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(OA;;WP;736e4812-af31-11d2-b7df-00805f48caeb;bf967ab8-0de6-11d0-a285-00aa003049e2;CO)(A;;SD;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Trusted-Domain,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Type-Library
+ldapDisplayName: typeLibrary
+governsId: 1.2.840.113556.1.5.53
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: cOMUniqueLIBID, cOMInterfaceID, cOMClassID
+systemPossSuperiors: classStore
+schemaIdGuid:281416e2-1968-11d0-a28f-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Type-Library,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: User
+ldapDisplayName: user
+governsId: 1.2.840.113556.1.5.9
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: organizationalPerson
+auxiliaryClass: shadowAccount, posixAccount
+systemAuxiliaryClass: securityPrincipal, mailRecipient
+mayContain: msSFU30NisDomain, msSFU30Name, msDS-SourceObjectDN,x500uniqueIdentifier, userSMIMECertificate, userPKCS12, uid,secretary, roomNumber, preferredLanguage, photo, labeledURI,jpegPhoto, homePostalAddress, givenName, employeeType,employeeNumber, displayName, departmentNumber, carLicense, audio
+systemMayContain: msDS-ResultantPSO, MSTSLSProperty01,MSTSLSProperty02, msTSManagingLS2, msTSManagingLS3, msTSManagingLS4,msTSLicenseVersion2, msTSLicenseVersion3, msTSLicenseVersion4,msTSExpireDate2, msTSExpireDate3, msTSExpireDate4,msDS-AuthenticatedAtDC, msDS-UserPasswordExpiryTimeComputed,msTSManagingLS, msTSLicenseVersion, msTSExpireDate, msTSProperty02,msTSProperty01, msTSInitialProgram, msTSWorkDirectory,msTSDefaultToMainPrinter, msTSConnectPrinterDrives,msTSConnectClientDrives, msTSBrokenConnectionAction,msTSReconnectionAction, msTSMaxIdleTime, msTSMaxConnectionTime,msTSMaxDisconnectionTime, msTSRemoteControl, msTSAllowLogon,msTSHomeDrive, msTSHomeDirectory, msTSProfilePath,msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon,msDS-FailedInteractiveLogonCount,msDS-LastFailedInteractiveLogonTime,msDS-LastSuccessfulInteractiveLogonTime,msRADIUS-SavedFramedIpv6Route, msRADIUS-FramedIpv6Route,msRADIUS-SavedFramedIpv6Prefix, msRADIUS-FramedIpv6Prefix,msRADIUS-SavedFramedInterfaceId, msRADIUS-FramedInterfaceId,msPKIAccountCredentials, msPKIDPAPIMasterKeys,msPKIRoamingTimeStamp, msDS-SupportedEncryptionTypes,msDS-SecondaryKrbTgtNumber, pager, o, mobile, manager, mail,initials, homePhone, businessCategory, userCertificate,userWorkstations, userSharedFolderOther, userSharedFolder,userPrincipalName, userParameters, userAccountControl, unicodePwd,terminalServer, servicePrincipalName, scriptPath, pwdLastSet,profilePath, primaryGroupID, preferredOU, otherLoginWorkstations,operatorCount, ntPwdHistory, networkAddress, msRASSavedFramedRoute,msRASSavedFramedIPAddress, msRASSavedCallbackNumber,msRADIUSServiceType, msRADIUSFramedRoute, msRADIUSFramedIPAddress,msRADIUSCallbackNumber, msNPSavedCallingStationID,msNPCallingStationID, msNPAllowDialin, mSMQSignCertificatesMig,mSMQSignCertificates, mSMQDigestsMig, mSMQDigests, msIIS-FTPRoot,msIIS-FTPDir, msDS-User-Account-Control-Computed,msDS-Site-Affinity, mS-DS-CreatorSID,msDS-Cached-Membership-Time-Stamp, msDS-Cached-Membership,msDRM-IdentityCertificate, msCOM-UserPartitionSetLink, maxStorage,logonWorkstation, logonHours, logonCount, lockoutTime, localeID,lmPwdHistory, lastLogonTimestamp, lastLogon, lastLogoff, homeDrive,homeDirectory, groupsToIgnore, groupPriority, groupMembershipSAM,dynamicLDAPServer, desktopProfile, defaultClassStore, dBCSPwd,controlAccessRights, codePage, badPwdCount, badPasswordTime,adminCount, aCSPolicyName, accountExpires
+schemaIdGuid:bf967aba-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422-11d1-aebd-0000f80367c1;;S-1-5-32-561)(OA;;WPRP;5805bc62-bdc9-4428-a5e2-856a0f4c185e;;S-1-5-32-561)
+systemPossSuperiors: builtinDomain, organizationalUnit, domainDNS
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Volume
+ldapDisplayName: volume
+governsId: 1.2.840.113556.1.5.36
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: connectionPoint
+systemMustContain: uNCName
+systemMayContain: lastContentIndexed, contentIndexingAllowed
+systemPossSuperiors: organizationalUnit, domainDNS
+schemaIdGuid:bf967abb-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Volume,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
diff --git a/source4/setup/ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt b/source4/setup/ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt
new file mode 100644
index 0000000..fef1347
--- /dev/null
+++ b/source4/setup/ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt
@@ -0,0 +1,16060 @@
+#Intellectual Property Rights Notice for Protocol Documentation
+#•	Copyrights. This protocol documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you may make copies of it in order to develop implementations of the protocols, and may distribute portions of it in your implementations of the protocols or your documentation as necessary to properly document the implementation. You may also distribute in your implementation, with or without modification, any schema, IDL’s, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the protocol documentation.
+#•	No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation.
+#•	Patents. Microsoft has patents that may cover your implementations of the protocols. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, the protocols may be covered by Microsoft’s Open Specification Promise (available here: http://www.microsoft.com/interop/osp). If you would prefer a written license, or if the protocols are not covered by the OSP, patent licenses are available by contacting protocol@microsoft.com.
+#•	Trademarks. The names of companies and products contained in this documentation may be covered by trademarks or similar intellectual property rights. This notice does not grant any licenses under those rights.
+#Reservation of Rights. All other rights are reserved, and this notice does not grant any rights other than specifically described above, whether by implication, estoppel, or otherwise.
+#Tools. This protocol documentation is intended for use in conjunction with publicly available standard specifications and network programming art, and assumes that the reader either is familiar with the aforementioned material or has immediate access to it. A protocol specification does not require the use of Microsoft programming tools or programming environments in order for you to develop an implementation. If you have access to Microsoft programming tools and environments you are free to take advantage of them.
+#
+
+
+cn: Account-Expires
+ldapDisplayName: accountExpires
+attributeId: 1.2.840.113556.1.4.159
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967915-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 4c164200-20c0-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Account-Name-History
+ldapDisplayName: accountNameHistory
+attributeId: 1.2.840.113556.1.4.1307
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 031952ec-3b72-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Aggregate-Token-Rate-Per-User
+ldapDisplayName: aCSAggregateTokenRatePerUser
+attributeId: 1.2.840.113556.1.4.760
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 7f56127d-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Allocable-RSVP-Bandwidth
+ldapDisplayName: aCSAllocableRSVPBandwidth
+attributeId: 1.2.840.113556.1.4.766
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 7f561283-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Cache-Timeout
+ldapDisplayName: aCSCacheTimeout
+attributeId: 1.2.840.113556.1.4.779
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1cb355a1-56d0-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Direction
+ldapDisplayName: aCSDirection
+attributeId: 1.2.840.113556.1.4.757
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7f56127a-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-DSBM-DeadTime
+ldapDisplayName: aCSDSBMDeadTime
+attributeId: 1.2.840.113556.1.4.778
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1cb355a0-56d0-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-DSBM-Priority
+ldapDisplayName: aCSDSBMPriority
+attributeId: 1.2.840.113556.1.4.776
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1cb3559e-56d0-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-DSBM-Refresh
+ldapDisplayName: aCSDSBMRefresh
+attributeId: 1.2.840.113556.1.4.777
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1cb3559f-56d0-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Enable-ACS-Service
+ldapDisplayName: aCSEnableACSService
+attributeId: 1.2.840.113556.1.4.770
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 7f561287-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Enable-RSVP-Accounting
+ldapDisplayName: aCSEnableRSVPAccounting
+attributeId: 1.2.840.113556.1.4.899
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: f072230e-aef5-11d1-bdcf-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Enable-RSVP-Message-Logging
+ldapDisplayName: aCSEnableRSVPMessageLogging
+attributeId: 1.2.840.113556.1.4.768
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 7f561285-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Event-Log-Level
+ldapDisplayName: aCSEventLogLevel
+attributeId: 1.2.840.113556.1.4.769
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7f561286-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Identity-Name
+ldapDisplayName: aCSIdentityName
+attributeId: 1.2.840.113556.1.4.784
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: dab029b6-ddf7-11d1-90a5-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Max-Aggregate-Peak-Rate-Per-User
+ldapDisplayName: aCSMaxAggregatePeakRatePerUser
+attributeId: 1.2.840.113556.1.4.897
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: f072230c-aef5-11d1-bdcf-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Max-Duration-Per-Flow
+ldapDisplayName: aCSMaxDurationPerFlow
+attributeId: 1.2.840.113556.1.4.761
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7f56127e-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Maximum-SDU-Size
+ldapDisplayName: aCSMaximumSDUSize
+attributeId: 1.2.840.113556.1.4.1314
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 87a2d8f9-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Max-No-Of-Account-Files
+ldapDisplayName: aCSMaxNoOfAccountFiles
+attributeId: 1.2.840.113556.1.4.901
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: f0722310-aef5-11d1-bdcf-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Max-No-Of-Log-Files
+ldapDisplayName: aCSMaxNoOfLogFiles
+attributeId: 1.2.840.113556.1.4.774
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1cb3559c-56d0-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Max-Peak-Bandwidth
+ldapDisplayName: aCSMaxPeakBandwidth
+attributeId: 1.2.840.113556.1.4.767
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 7f561284-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Max-Peak-Bandwidth-Per-Flow
+ldapDisplayName: aCSMaxPeakBandwidthPerFlow
+attributeId: 1.2.840.113556.1.4.759
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 7f56127c-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Max-Size-Of-RSVP-Account-File
+ldapDisplayName: aCSMaxSizeOfRSVPAccountFile
+attributeId: 1.2.840.113556.1.4.902
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: f0722311-aef5-11d1-bdcf-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Max-Size-Of-RSVP-Log-File
+ldapDisplayName: aCSMaxSizeOfRSVPLogFile
+attributeId: 1.2.840.113556.1.4.775
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1cb3559d-56d0-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Max-Token-Bucket-Per-Flow
+ldapDisplayName: aCSMaxTokenBucketPerFlow
+attributeId: 1.2.840.113556.1.4.1313
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 81f6e0df-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Max-Token-Rate-Per-Flow
+ldapDisplayName: aCSMaxTokenRatePerFlow
+attributeId: 1.2.840.113556.1.4.758
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 7f56127b-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Minimum-Delay-Variation
+ldapDisplayName: aCSMinimumDelayVariation
+attributeId: 1.2.840.113556.1.4.1317
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 9c65329b-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Minimum-Latency
+ldapDisplayName: aCSMinimumLatency
+attributeId: 1.2.840.113556.1.4.1316
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 9517fefb-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Minimum-Policed-Size
+ldapDisplayName: aCSMinimumPolicedSize
+attributeId: 1.2.840.113556.1.4.1315
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 8d0e7195-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Non-Reserved-Max-SDU-Size
+ldapDisplayName: aCSNonReservedMaxSDUSize
+attributeId: 1.2.840.113556.1.4.1320
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: aec2cfe3-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Non-Reserved-Min-Policed-Size
+ldapDisplayName: aCSNonReservedMinPolicedSize
+attributeId: 1.2.840.113556.1.4.1321
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: b6873917-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Non-Reserved-Peak-Rate
+ldapDisplayName: aCSNonReservedPeakRate
+attributeId: 1.2.840.113556.1.4.1318
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: a331a73f-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Non-Reserved-Token-Size
+ldapDisplayName: aCSNonReservedTokenSize
+attributeId: 1.2.840.113556.1.4.1319
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: a916d7c9-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Non-Reserved-Tx-Limit
+ldapDisplayName: aCSNonReservedTxLimit
+attributeId: 1.2.840.113556.1.4.780
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 1cb355a2-56d0-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Non-Reserved-Tx-Size
+ldapDisplayName: aCSNonReservedTxSize
+attributeId: 1.2.840.113556.1.4.898
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: f072230d-aef5-11d1-bdcf-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Permission-Bits
+ldapDisplayName: aCSPermissionBits
+attributeId: 1.2.840.113556.1.4.765
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 7f561282-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Policy-Name
+ldapDisplayName: aCSPolicyName
+attributeId: 1.2.840.113556.1.4.772
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1cb3559a-56d0-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Priority
+ldapDisplayName: aCSPriority
+attributeId: 1.2.840.113556.1.4.764
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7f561281-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-RSVP-Account-Files-Location
+ldapDisplayName: aCSRSVPAccountFilesLocation
+attributeId: 1.2.840.113556.1.4.900
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f072230f-aef5-11d1-bdcf-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-RSVP-Log-Files-Location
+ldapDisplayName: aCSRSVPLogFilesLocation
+attributeId: 1.2.840.113556.1.4.773
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1cb3559b-56d0-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Server-List
+ldapDisplayName: aCSServerList
+attributeId: 1.2.840.113556.1.4.1312
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7cbd59a5-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Service-Type
+ldapDisplayName: aCSServiceType
+attributeId: 1.2.840.113556.1.4.762
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7f56127f-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Time-Of-Day
+ldapDisplayName: aCSTimeOfDay
+attributeId: 1.2.840.113556.1.4.756
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7f561279-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Total-No-Of-Flows
+ldapDisplayName: aCSTotalNoOfFlows
+attributeId: 1.2.840.113556.1.4.763
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7f561280-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Additional-Information
+ldapDisplayName: notes
+attributeId: 1.2.840.113556.1.4.265
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 6d05fb41-246b-11d0-a9c8-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 32768
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Additional-Trusted-Service-Names
+ldapDisplayName: additionalTrustedServiceNames
+attributeId: 1.2.840.113556.1.4.889
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 032160be-9824-11d1-aec0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Address
+ldapDisplayName: streetAddress
+attributeId: 1.2.840.113556.1.2.256
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f0f8ff84-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 1024
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14889
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Address-Book-Roots
+ldapDisplayName: addressBookRoots
+attributeId: 1.2.840.113556.1.4.1244
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: f70b6e48-06f4-11d2-aa53-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Address-Book-Roots2
+ldapDisplayName: addressBookRoots2
+attributeId: 1.2.840.113556.1.4.2046
+attributeSyntax: 2.5.5.1
+linkID: 2122
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 508ca374-a511-4e4e-9f4f-856f61a6b7e4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Address-Entry-Display-Table
+ldapDisplayName: addressEntryDisplayTable
+attributeId: 1.2.840.113556.1.2.324
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5fd42461-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+mapiID: 32791
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Address-Entry-Display-Table-MSDOS
+ldapDisplayName: addressEntryDisplayTableMSDOS
+attributeId: 1.2.840.113556.1.2.400
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5fd42462-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+mapiID: 32839
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Address-Home
+ldapDisplayName: homePostalAddress
+attributeId: 1.2.840.113556.1.2.617
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 16775781-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 4096
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14941
+systemFlags: 0
+
+cn: Address-Syntax
+ldapDisplayName: addressSyntax
+attributeId: 1.2.840.113556.1.2.255
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5fd42463-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 4096
+mapiID: 32792
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Address-Type
+ldapDisplayName: addressType
+attributeId: 1.2.840.113556.1.2.350
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: TRUE
+schemaIdGuid: 5fd42464-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32
+mapiID: 32840
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Admin-Context-Menu
+ldapDisplayName: adminContextMenu
+attributeId: 1.2.840.113556.1.4.614
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 553fd038-f32e-11d0-b0bc-00c04fd8dca6
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Admin-Count
+ldapDisplayName: adminCount
+attributeId: 1.2.840.113556.1.4.150
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967918-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Admin-Description
+ldapDisplayName: adminDescription
+attributeId: 1.2.840.113556.1.2.226
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967919-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 1024
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+mapiID: 32842
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Admin-Display-Name
+ldapDisplayName: adminDisplayName
+attributeId: 1.2.840.113556.1.2.194
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf96791a-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+mapiID: 32843
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Admin-Multiselect-Property-Pages
+ldapDisplayName: adminMultiselectPropertyPages
+attributeId: 1.2.840.113556.1.4.1690
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 18f9b67d-5ac6-4b3b-97db-d0a406afb7ba
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Admin-Property-Pages
+ldapDisplayName: adminPropertyPages
+attributeId: 1.2.840.113556.1.4.562
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 52458038-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Allowed-Attributes
+ldapDisplayName: allowedAttributes
+attributeId: 1.2.840.113556.1.4.913
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad940-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Allowed-Attributes-Effective
+ldapDisplayName: allowedAttributesEffective
+attributeId: 1.2.840.113556.1.4.914
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad941-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Allowed-Child-Classes
+ldapDisplayName: allowedChildClasses
+attributeId: 1.2.840.113556.1.4.911
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad942-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Allowed-Child-Classes-Effective
+ldapDisplayName: allowedChildClassesEffective
+attributeId: 1.2.840.113556.1.4.912
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad943-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Alt-Security-Identities
+ldapDisplayName: altSecurityIdentities
+attributeId: 1.2.840.113556.1.4.867
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 00fbf30c-91fe-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ANR
+ldapDisplayName: aNR
+attributeId: 1.2.840.113556.1.4.1208
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 45b01500-c419-11d1-bbc9-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Application-Name
+ldapDisplayName: applicationName
+attributeId: 1.2.840.113556.1.4.218
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: dd712226-10e4-11d0-a05f-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Applies-To
+ldapDisplayName: appliesTo
+attributeId: 1.2.840.113556.1.4.341
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 8297931d-86d3-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 36
+rangeUpper: 36
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: App-Schema-Version
+ldapDisplayName: appSchemaVersion
+attributeId: 1.2.840.113556.1.4.848
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 96a7dd65-9118-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Asset-Number
+ldapDisplayName: assetNumber
+attributeId: 1.2.840.113556.1.4.283
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ba305f75-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Assistant
+ldapDisplayName: assistant
+attributeId: 1.2.840.113556.1.4.652
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 0296c11c-40da-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: associatedDomain
+ldapDisplayName: associatedDomain
+attributeId: 0.9.2342.19200300.100.1.37
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 3320fc38-c379-4c17-a510-1bdf6133c5da
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 256
+
+cn: associatedName
+ldapDisplayName: associatedName
+attributeId: 0.9.2342.19200300.100.1.38
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: f7fbfc45-85ab-42a4-a435-780e62f7858b
+systemOnly: FALSE
+searchFlags: 0
+
+cn: Assoc-NT-Account
+ldapDisplayName: assocNTAccount
+attributeId: 1.2.840.113556.1.4.1213
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 398f63c0-ca60-11d1-bbd1-0000f81f10c0
+systemOnly: FALSE
+searchFlags: 0
+
+cn: attributeCertificateAttribute
+ldapDisplayName: attributeCertificateAttribute
+attributeId: 2.5.4.58
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: fa4693bb-7bc2-4cb9-81a8-c99c43b7905e
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: 0
+
+cn: Attribute-Display-Names
+ldapDisplayName: attributeDisplayNames
+attributeId: 1.2.840.113556.1.4.748
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: cb843f80-48d9-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Attribute-ID
+ldapDisplayName: attributeID
+attributeId: 1.2.840.113556.1.2.30
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: TRUE
+schemaIdGuid: bf967922-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags:fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Attribute-Security-GUID
+ldapDisplayName: attributeSecurityGUID
+attributeId: 1.2.840.113556.1.4.149
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967924-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Attribute-Syntax
+ldapDisplayName: attributeSyntax
+attributeId: 1.2.840.113556.1.2.32
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: TRUE
+schemaIdGuid: bf967925-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags:fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Attribute-Types
+ldapDisplayName: attributeTypes
+attributeId: 2.5.21.5
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad944-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: audio
+ldapDisplayName: audio
+attributeId: 0.9.2342.19200300.100.1.55
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: d0e1d224-e1a0-42ce-a2da-793ba5244f35
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 250000
+showInAdvancedViewOnly: FALSE
+systemFlags: 0
+
+cn: Auditing-Policy
+ldapDisplayName: auditingPolicy
+attributeId: 1.2.840.113556.1.4.202
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 6da8a4fe-0e52-11d0-a286-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Authentication-Options
+ldapDisplayName: authenticationOptions
+attributeId: 1.2.840.113556.1.4.11
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967928-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Authority-Revocation-List
+ldapDisplayName: authorityRevocationList
+attributeId: 2.5.4.38
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 1677578d-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10485760
+mapiID: 32806
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Auxiliary-Class
+ldapDisplayName: auxiliaryClass
+attributeId: 1.2.840.113556.1.2.351
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: bf96792c-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Bad-Password-Time
+ldapDisplayName: badPasswordTime
+attributeId: 1.2.840.113556.1.4.49
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf96792d-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Bad-Pwd-Count
+ldapDisplayName: badPwdCount
+attributeId: 1.2.840.113556.1.4.12
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf96792e-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Birth-Location
+ldapDisplayName: birthLocation
+attributeId: 1.2.840.113556.1.4.332
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 1f0075f9-7e40-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 32
+rangeUpper: 32
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: BootFile
+ldapDisplayName: bootFile
+attributeId: 1.3.6.1.1.1.1.24
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: e3f3cb4e-0f20-42eb-9703-d2ff26e52667
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10240
+
+cn: BootParameter
+ldapDisplayName: bootParameter
+attributeId: 1.3.6.1.1.1.1.23
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: d72a0750-8c7c-416e-8714-e65f11e908be
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10240
+
+cn: Bridgehead-Server-List-BL
+ldapDisplayName: bridgeheadServerListBL
+attributeId: 1.2.840.113556.1.4.820
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: d50c2cdb-8951-11d1-aebc-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 99
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Bridgehead-Transport-List
+ldapDisplayName: bridgeheadTransportList
+attributeId: 1.2.840.113556.1.4.819
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: d50c2cda-8951-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 98
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: buildingName
+ldapDisplayName: buildingName
+attributeId: 0.9.2342.19200300.100.1.48
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f87fa54b-b2c5-4fd7-88c0-daccb21d93c5
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: Builtin-Creation-Time
+ldapDisplayName: builtinCreationTime
+attributeId: 1.2.840.113556.1.4.13
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf96792f-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Builtin-Modified-Count
+ldapDisplayName: builtinModifiedCount
+attributeId: 1.2.840.113556.1.4.14
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967930-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Business-Category
+ldapDisplayName: businessCategory
+attributeId: 2.5.4.15
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf967931-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 128
+mapiID: 32855
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Bytes-Per-Minute
+ldapDisplayName: bytesPerMinute
+attributeId: 1.2.840.113556.1.4.284
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ba305f76-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: CA-Certificate
+ldapDisplayName: cACertificate
+attributeId: 2.5.4.37
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967932-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+mapiID: 32771
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: CA-Certificate-DN
+ldapDisplayName: cACertificateDN
+attributeId: 1.2.840.113556.1.4.697
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 963d2740-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: CA-Connect
+ldapDisplayName: cAConnect
+attributeId: 1.2.840.113556.1.4.687
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 963d2735-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Canonical-Name
+ldapDisplayName: canonicalName
+attributeId: 1.2.840.113556.1.4.916
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad945-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Can-Upgrade-Script
+ldapDisplayName: canUpgradeScript
+attributeId: 1.2.840.113556.1.4.815
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: d9e18314-8939-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: carLicense
+ldapDisplayName: carLicense
+attributeId: 2.16.840.1.113730.3.1.1
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: d4159c92-957d-4a87-8a67-8d2934e01649
+systemOnly: FALSE
+searchFlags: 0
+showInAdvancedViewOnly: FALSE
+systemFlags: 0
+
+cn: Catalogs
+ldapDisplayName: catalogs
+attributeId: 1.2.840.113556.1.4.675
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7bfdcb81-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Categories
+ldapDisplayName: categories
+attributeId: 1.2.840.113556.1.4.672
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7bfdcb7e-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 36
+rangeUpper: 36
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Category-Id
+ldapDisplayName: categoryId
+attributeId: 1.2.840.113556.1.4.322
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 7d6c0e94-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: CA-Usages
+ldapDisplayName: cAUsages
+attributeId: 1.2.840.113556.1.4.690
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 963d2738-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: CA-WEB-URL
+ldapDisplayName: cAWEBURL
+attributeId: 1.2.840.113556.1.4.688
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 963d2736-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Certificate-Authority-Object
+ldapDisplayName: certificateAuthorityObject
+attributeId: 1.2.840.113556.1.4.684
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 963d2732-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Certificate-Revocation-List
+ldapDisplayName: certificateRevocationList
+attributeId: 2.5.4.39
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 1677579f-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10485760
+mapiID: 32790
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Certificate-Templates
+ldapDisplayName: certificateTemplates
+attributeId: 1.2.840.113556.1.4.823
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 2a39c5b1-8960-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Class-Display-Name
+ldapDisplayName: classDisplayName
+attributeId: 1.2.840.113556.1.4.610
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 548e1c22-dea6-11d0-b010-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Code-Page
+ldapDisplayName: codePage
+attributeId: 1.2.840.113556.1.4.16
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967938-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 0
+rangeUpper: 65535
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: COM-ClassID
+ldapDisplayName: cOMClassID
+attributeId: 1.2.840.113556.1.4.19
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf96793b-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: COM-CLSID
+ldapDisplayName: cOMCLSID
+attributeId: 1.2.840.113556.1.4.249
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 281416d9-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 36
+rangeUpper: 36
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: COM-InterfaceID
+ldapDisplayName: cOMInterfaceID
+attributeId: 1.2.840.113556.1.4.20
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf96793c-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 36
+rangeUpper: 36
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Comment
+ldapDisplayName: info
+attributeId: 1.2.840.113556.1.2.81
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf96793e-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 1024
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 12292
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Common-Name
+ldapDisplayName: cn
+attributeId: 2.5.4.3
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf96793f-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14863
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: COM-Other-Prog-Id
+ldapDisplayName: cOMOtherProgId
+attributeId: 1.2.840.113556.1.4.253
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 281416dd-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Company
+ldapDisplayName: company
+attributeId: 1.2.840.113556.1.2.146
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f0f8ff88-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14870
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: COM-ProgID
+ldapDisplayName: cOMProgID
+attributeId: 1.2.840.113556.1.4.21
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf96793d-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: COM-Treat-As-Class-Id
+ldapDisplayName: cOMTreatAsClassId
+attributeId: 1.2.840.113556.1.4.251
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 281416db-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 36
+rangeUpper: 36
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: COM-Typelib-Id
+ldapDisplayName: cOMTypelibId
+attributeId: 1.2.840.113556.1.4.254
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 281416de-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 36
+rangeUpper: 36
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: COM-Unique-LIBID
+ldapDisplayName: cOMUniqueLIBID
+attributeId: 1.2.840.113556.1.4.250
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 281416da-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 36
+rangeUpper: 36
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Content-Indexing-Allowed
+ldapDisplayName: contentIndexingAllowed
+attributeId: 1.2.840.113556.1.4.24
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: bf967943-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Context-Menu
+ldapDisplayName: contextMenu
+attributeId: 1.2.840.113556.1.4.499
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 4d8601ee-ac85-11d0-afe3-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Control-Access-Rights
+ldapDisplayName: controlAccessRights
+attributeId: 1.2.840.113556.1.4.200
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 6da8a4fc-0e52-11d0-a286-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Cost
+ldapDisplayName: cost
+attributeId: 1.2.840.113556.1.2.135
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967944-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 32872
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Country-Code
+ldapDisplayName: countryCode
+attributeId: 1.2.840.113556.1.4.25
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 5fd42471-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 0
+rangeUpper: 65535
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Country-Name
+ldapDisplayName: c
+attributeId: 2.5.4.6
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967945-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 3
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 32873
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Create-Dialog
+ldapDisplayName: createDialog
+attributeId: 1.2.840.113556.1.4.810
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2b09958a-8931-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Create-Time-Stamp
+ldapDisplayName: createTimeStamp
+attributeId: 2.5.18.1
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: 2df90d73-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Create-Wizard-Ext
+ldapDisplayName: createWizardExt
+attributeId: 1.2.840.113556.1.4.812
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 2b09958b-8931-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Creation-Time
+ldapDisplayName: creationTime
+attributeId: 1.2.840.113556.1.4.26
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967946-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Creation-Wizard
+ldapDisplayName: creationWizard
+attributeId: 1.2.840.113556.1.4.498
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 4d8601ed-ac85-11d0-afe3-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Creator
+ldapDisplayName: creator
+attributeId: 1.2.840.113556.1.4.679
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7bfdcb85-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: CRL-Object
+ldapDisplayName: cRLObject
+attributeId: 1.2.840.113556.1.4.689
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 963d2737-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: CRL-Partitioned-Revocation-List
+ldapDisplayName: cRLPartitionedRevocationList
+attributeId: 1.2.840.113556.1.4.683
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 963d2731-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10485760
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Cross-Certificate-Pair
+ldapDisplayName: crossCertificatePair
+attributeId: 2.5.4.40
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 167757b2-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 32768
+mapiID: 32805
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Current-Location
+ldapDisplayName: currentLocation
+attributeId: 1.2.840.113556.1.4.335
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 1f0075fc-7e40-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 32
+rangeUpper: 32
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Current-Parent-CA
+ldapDisplayName: currentParentCA
+attributeId: 1.2.840.113556.1.4.696
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 963d273f-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Current-Value
+ldapDisplayName: currentValue
+attributeId: 1.2.840.113556.1.4.27
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967947-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Curr-Machine-Id
+ldapDisplayName: currMachineId
+attributeId: 1.2.840.113556.1.4.337
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 1f0075fe-7e40-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DBCS-Pwd
+ldapDisplayName: dBCSPwd
+attributeId: 1.2.840.113556.1.4.55
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf96799c-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Default-Class-Store
+ldapDisplayName: defaultClassStore
+attributeId: 1.2.840.113556.1.4.213
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: bf967948-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Default-Group
+ldapDisplayName: defaultGroup
+attributeId: 1.2.840.113556.1.4.480
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 720bc4e2-a54a-11d0-afdf-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Default-Hiding-Value
+ldapDisplayName: defaultHidingValue
+attributeId: 1.2.840.113556.1.4.518
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: b7b13116-b82e-11d0-afee-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Default-Local-Policy-Object
+ldapDisplayName: defaultLocalPolicyObject
+attributeId: 1.2.840.113556.1.4.57
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: bf96799f-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Default-Object-Category
+ldapDisplayName: defaultObjectCategory
+attributeId: 1.2.840.113556.1.4.783
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 26d97367-6070-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Default-Priority
+ldapDisplayName: defaultPriority
+attributeId: 1.2.840.113556.1.4.232
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 281416c8-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Default-Security-Descriptor
+ldapDisplayName: defaultSecurityDescriptor
+attributeId: 1.2.840.113556.1.4.224
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 807a6d30-1669-11d0-a064-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Delta-Revocation-List
+ldapDisplayName: deltaRevocationList
+attributeId: 2.5.4.53
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 167757b5-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10485760
+mapiID: 35910
+
+cn: Department
+ldapDisplayName: department
+attributeId: 1.2.840.113556.1.2.141
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf96794f-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14872
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: departmentNumber
+ldapDisplayName: departmentNumber
+attributeId: 2.16.840.1.113730.3.1.2
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: be9ef6ee-cbc7-4f22-b27b-96967e7ee585
+systemOnly: FALSE
+searchFlags: 0
+showInAdvancedViewOnly: FALSE
+systemFlags: 0
+
+cn: Description
+ldapDisplayName: description
+attributeId: 2.5.4.13
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf967950-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 1024
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 32879
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Desktop-Profile
+ldapDisplayName: desktopProfile
+attributeId: 1.2.840.113556.1.4.346
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: eea65906-8ac6-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Destination-Indicator
+ldapDisplayName: destinationIndicator
+attributeId: 2.5.4.27
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: bf967951-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 128
+mapiID: 32880
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Classes
+ldapDisplayName: dhcpClasses
+attributeId: 1.2.840.113556.1.4.715
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 963d2750-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Flags
+ldapDisplayName: dhcpFlags
+attributeId: 1.2.840.113556.1.4.700
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 963d2741-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Identification
+ldapDisplayName: dhcpIdentification
+attributeId: 1.2.840.113556.1.4.701
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 963d2742-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Mask
+ldapDisplayName: dhcpMask
+attributeId: 1.2.840.113556.1.4.706
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: 963d2747-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-MaxKey
+ldapDisplayName: dhcpMaxKey
+attributeId: 1.2.840.113556.1.4.719
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 963d2754-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Obj-Description
+ldapDisplayName: dhcpObjDescription
+attributeId: 1.2.840.113556.1.4.703
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 963d2744-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Obj-Name
+ldapDisplayName: dhcpObjName
+attributeId: 1.2.840.113556.1.4.702
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 963d2743-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Options
+ldapDisplayName: dhcpOptions
+attributeId: 1.2.840.113556.1.4.714
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 963d274f-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Properties
+ldapDisplayName: dhcpProperties
+attributeId: 1.2.840.113556.1.4.718
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 963d2753-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Ranges
+ldapDisplayName: dhcpRanges
+attributeId: 1.2.840.113556.1.4.707
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: 963d2748-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Reservations
+ldapDisplayName: dhcpReservations
+attributeId: 1.2.840.113556.1.4.709
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: 963d274a-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Servers
+ldapDisplayName: dhcpServers
+attributeId: 1.2.840.113556.1.4.704
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: 963d2745-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+extendedCharsAllowed: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Sites
+ldapDisplayName: dhcpSites
+attributeId: 1.2.840.113556.1.4.708
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: 963d2749-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-State
+ldapDisplayName: dhcpState
+attributeId: 1.2.840.113556.1.4.717
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: 963d2752-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Subnets
+ldapDisplayName: dhcpSubnets
+attributeId: 1.2.840.113556.1.4.705
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: 963d2746-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Type
+ldapDisplayName: dhcpType
+attributeId: 1.2.840.113556.1.4.699
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 963d273b-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Unique-Key
+ldapDisplayName: dhcpUniqueKey
+attributeId: 1.2.840.113556.1.4.698
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 963d273a-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Update-Time
+ldapDisplayName: dhcpUpdateTime
+attributeId: 1.2.840.113556.1.4.720
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 963d2755-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Display-Name
+ldapDisplayName: displayName
+attributeId: 1.2.840.113556.1.2.13
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967953-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fANR | fATTINDEX
+rangeLower: 0
+rangeUpper: 256
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Display-Name-Printable
+ldapDisplayName: displayNamePrintable
+attributeId: 1.2.840.113556.1.2.353
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: TRUE
+schemaIdGuid: bf967954-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14847
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: DIT-Content-Rules
+ldapDisplayName: dITContentRules
+attributeId: 2.5.21.2
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad946-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Division
+ldapDisplayName: division
+attributeId: 1.2.840.113556.1.4.261
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: fe6136a0-2073-11d0-a9c2-00aa006c33ed
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 0
+rangeUpper: 256
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DMD-Location
+ldapDisplayName: dMDLocation
+attributeId: 1.2.840.113556.1.2.36
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: f0f8ff8b-1191-11d0-a060-00aa006c33ed
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: DMD-Name
+ldapDisplayName: dmdName
+attributeId: 1.2.840.113556.1.2.598
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 167757b9-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 1024
+mapiID: 35926
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DN-Reference-Update
+ldapDisplayName: dNReferenceUpdate
+attributeId: 1.2.840.113556.1.4.1242
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 2df90d86-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: TRUE
+searchFlags:fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Dns-Allow-Dynamic
+ldapDisplayName: dnsAllowDynamic
+attributeId: 1.2.840.113556.1.4.378
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: e0fa1e65-9b45-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Dns-Allow-XFR
+ldapDisplayName: dnsAllowXFR
+attributeId: 1.2.840.113556.1.4.379
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: e0fa1e66-9b45-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DNS-Host-Name
+ldapDisplayName: dNSHostName
+attributeId: 1.2.840.113556.1.4.619
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 72e39547-7b18-11d1-adef-00c04fd8d5cd
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+attributeSecurityGuid: 72e39547-7b18-11d1-adef-00c04fd8d5cd
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Dns-Notify-Secondaries
+ldapDisplayName: dnsNotifySecondaries
+attributeId: 1.2.840.113556.1.4.381
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+schemaIdGuid: e0fa1e68-9b45-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DNS-Property
+ldapDisplayName: dNSProperty
+attributeId: 1.2.840.113556.1.4.1306
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 675a15fe-3b70-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Dns-Record
+ldapDisplayName: dnsRecord
+attributeId: 1.2.840.113556.1.4.382
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: e0fa1e69-9b45-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Dns-Root
+ldapDisplayName: dnsRoot
+attributeId: 1.2.840.113556.1.4.28
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf967959-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 1
+rangeUpper: 255
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Dns-Secure-Secondaries
+ldapDisplayName: dnsSecureSecondaries
+attributeId: 1.2.840.113556.1.4.380
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+schemaIdGuid: e0fa1e67-9b45-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DNS-Tombstoned
+ldapDisplayName: dNSTombstoned
+attributeId: 1.2.840.113556.1.4.1414
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: d5eb2eb7-be4e-463b-a214-634a44d7392e
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: documentAuthor
+ldapDisplayName: documentAuthor
+attributeId: 0.9.2342.19200300.100.1.14
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: f18a8e19-af5f-4478-b096-6f35c27eb83f
+systemOnly: FALSE
+searchFlags: 0
+
+cn: documentIdentifier
+ldapDisplayName: documentIdentifier
+attributeId: 0.9.2342.19200300.100.1.11
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0b21ce82-ff63-46d9-90fb-c8b9f24e97b9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: documentLocation
+ldapDisplayName: documentLocation
+attributeId: 0.9.2342.19200300.100.1.15
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: b958b14e-ac6d-4ec4-8892-be70b69f7281
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: documentPublisher
+ldapDisplayName: documentPublisher
+attributeId: 0.9.2342.19200300.100.1.56
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 170f09d7-eb69-448a-9a30-f1afecfd32d7
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: documentTitle
+ldapDisplayName: documentTitle
+attributeId: 0.9.2342.19200300.100.1.12
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: de265a9c-ff2c-47b9-91dc-6e6fe2c43062
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: documentVersion
+ldapDisplayName: documentVersion
+attributeId: 0.9.2342.19200300.100.1.13
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 94b3a8a9-d613-4cec-9aad-5fbcc1046b43
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: Domain-Certificate-Authorities
+ldapDisplayName: domainCAs
+attributeId: 1.2.840.113556.1.4.668
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 7bfdcb7a-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Domain-Component
+ldapDisplayName: dc
+attributeId: 0.9.2342.19200300.100.1.25
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 19195a55-6da0-11d0-afd3-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 255
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Domain-Cross-Ref
+ldapDisplayName: domainCrossRef
+attributeId: 1.2.840.113556.1.4.472
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: b000ea7b-a086-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Domain-ID
+ldapDisplayName: domainID
+attributeId: 1.2.840.113556.1.4.686
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 963d2734-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Domain-Identifier
+ldapDisplayName: domainIdentifier
+attributeId: 1.2.840.113556.1.4.755
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7f561278-5301-11d1-a9c5-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Domain-Policy-Object
+ldapDisplayName: domainPolicyObject
+attributeId: 1.2.840.113556.1.4.32
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: bf96795d-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Domain-Policy-Reference
+ldapDisplayName: domainPolicyReference
+attributeId: 1.2.840.113556.1.4.422
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 80a67e2a-9f22-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: a29b89fe-c7e8-11d0-9bae-00c04fd92ef5
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Domain-Replica
+ldapDisplayName: domainReplica
+attributeId: 1.2.840.113556.1.4.158
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf96795e-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+attributeSecurityGuid: b8119fd0-04f6-4762-ab7a-4986c76b3f9a
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Domain-Wide-Policy
+ldapDisplayName: domainWidePolicy
+attributeId: 1.2.840.113556.1.4.421
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 80a67e29-9f22-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: a29b89fd-c7e8-11d0-9bae-00c04fd92ef5
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: drink
+ldapDisplayName: drink
+attributeId: 0.9.2342.19200300.100.1.5
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 1a1aa5b5-262e-4df6-af04-2cf6b0d80048
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: Driver-Name
+ldapDisplayName: driverName
+attributeId: 1.2.840.113556.1.4.229
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 281416c5-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Driver-Version
+ldapDisplayName: driverVersion
+attributeId: 1.2.840.113556.1.4.276
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ba305f6e-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DSA-Signature
+ldapDisplayName: dSASignature
+attributeId: 1.2.840.113556.1.2.74
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 167757bc-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 32887
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: DS-Core-Propagation-Data
+ldapDisplayName: dSCorePropagationData
+attributeId: 1.2.840.113556.1.4.1357
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: FALSE
+schemaIdGuid: d167aa4b-8b08-11d2-9939-0000f87a57d4
+systemOnly: TRUE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: DS-Heuristics
+ldapDisplayName: dSHeuristics
+attributeId: 1.2.840.113556.1.2.212
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f0f8ff86-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: DS-UI-Admin-Maximum
+ldapDisplayName: dSUIAdminMaximum
+attributeId: 1.2.840.113556.1.4.1344
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ee8d0ae0-6f91-11d2-9905-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DS-UI-Admin-Notification
+ldapDisplayName: dSUIAdminNotification
+attributeId: 1.2.840.113556.1.4.1343
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f6ea0a94-6f91-11d2-9905-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DS-UI-Shell-Maximum
+ldapDisplayName: dSUIShellMaximum
+attributeId: 1.2.840.113556.1.4.1345
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: fcca766a-6f91-11d2-9905-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Dynamic-LDAP-Server
+ldapDisplayName: dynamicLDAPServer
+attributeId: 1.2.840.113556.1.4.537
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 52458021-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: EFSPolicy
+ldapDisplayName: eFSPolicy
+attributeId: 1.2.840.113556.1.4.268
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 8e4eb2ec-4712-11d0-a1a0-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: a29b89fd-c7e8-11d0-9bae-00c04fd92ef5
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: E-mail-Addresses
+ldapDisplayName: mail
+attributeId: 0.9.2342.19200300.100.1.3
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967961-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 256
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14846
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Employee-ID
+ldapDisplayName: employeeID
+attributeId: 1.2.840.113556.1.4.35
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967962-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Employee-Number
+ldapDisplayName: employeeNumber
+attributeId: 1.2.840.113556.1.2.610
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a8df73ef-c5ea-11d1-bbcb-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 512
+mapiID: 35943
+systemFlags: 0
+
+cn: Employee-Type
+ldapDisplayName: employeeType
+attributeId: 1.2.840.113556.1.2.613
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a8df73f0-c5ea-11d1-bbcb-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 256
+mapiID: 35945
+systemFlags: 0
+
+cn: Enabled
+ldapDisplayName: Enabled
+attributeId: 1.2.840.113556.1.2.557
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: a8df73f2-c5ea-11d1-bbcb-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 35873
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Enabled-Connection
+ldapDisplayName: enabledConnection
+attributeId: 1.2.840.113556.1.4.36
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: bf967963-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Enrollment-Providers
+ldapDisplayName: enrollmentProviders
+attributeId: 1.2.840.113556.1.4.825
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2a39c5b3-8960-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Entry-TTL
+ldapDisplayName: entryTTL
+attributeId: 1.3.6.1.4.1.1466.101.119.3
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d213decc-d81a-4384-aac2-dcfcfd631cf8
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 31557600
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+
+cn: Extended-Attribute-Info
+ldapDisplayName: extendedAttributeInfo
+attributeId: 1.2.840.113556.1.4.909
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad947-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Extended-Chars-Allowed
+ldapDisplayName: extendedCharsAllowed
+attributeId: 1.2.840.113556.1.2.380
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: bf967966-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 32935
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Extended-Class-Info
+ldapDisplayName: extendedClassInfo
+attributeId: 1.2.840.113556.1.4.908
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad948-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Extension-Name
+ldapDisplayName: extensionName
+attributeId: 1.2.840.113556.1.2.227
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf967972-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 255
+mapiID: 32937
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Extra-Columns
+ldapDisplayName: extraColumns
+attributeId: 1.2.840.113556.1.4.1687
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: d24e2846-1dd9-4bcf-99d7-a6227cc86da7
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Facsimile-Telephone-Number
+ldapDisplayName: facsimileTelephoneNumber
+attributeId: 2.5.4.23
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967974-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14883
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: File-Ext-Priority
+ldapDisplayName: fileExtPriority
+attributeId: 1.2.840.113556.1.4.816
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: d9e18315-8939-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Flags
+ldapDisplayName: flags
+attributeId: 1.2.840.113556.1.4.38
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967976-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Flat-Name
+ldapDisplayName: flatName
+attributeId: 1.2.840.113556.1.4.511
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b7b13117-b82e-11d0-afee-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Force-Logoff
+ldapDisplayName: forceLogoff
+attributeId: 1.2.840.113556.1.4.39
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967977-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: b8119fd0-04f6-4762-ab7a-4986c76b3f9a
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Foreign-Identifier
+ldapDisplayName: foreignIdentifier
+attributeId: 1.2.840.113556.1.4.356
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 3e97891e-8c01-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Friendly-Names
+ldapDisplayName: friendlyNames
+attributeId: 1.2.840.113556.1.4.682
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7bfdcb88-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: From-Entry
+ldapDisplayName: fromEntry
+attributeId: 1.2.840.113556.1.4.910
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad949-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: From-Server
+ldapDisplayName: fromServer
+attributeId: 1.2.840.113556.1.4.40
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: bf967979-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Frs-Computer-Reference
+ldapDisplayName: frsComputerReference
+attributeId: 1.2.840.113556.1.4.869
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 2a132578-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 102
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+
+cn: Frs-Computer-Reference-BL
+ldapDisplayName: frsComputerReferenceBL
+attributeId: 1.2.840.113556.1.4.870
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 2a132579-9373-11d1-aebc-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 103
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: FRS-Control-Data-Creation
+ldapDisplayName: fRSControlDataCreation
+attributeId: 1.2.840.113556.1.4.871
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2a13257a-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Control-Inbound-Backlog
+ldapDisplayName: fRSControlInboundBacklog
+attributeId: 1.2.840.113556.1.4.872
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2a13257b-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Control-Outbound-Backlog
+ldapDisplayName: fRSControlOutboundBacklog
+attributeId: 1.2.840.113556.1.4.873
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2a13257c-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Directory-Filter
+ldapDisplayName: fRSDirectoryFilter
+attributeId: 1.2.840.113556.1.4.484
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1be8f171-a9ff-11d0-afe2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-DS-Poll
+ldapDisplayName: fRSDSPoll
+attributeId: 1.2.840.113556.1.4.490
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1be8f177-a9ff-11d0-afe2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Extensions
+ldapDisplayName: fRSExtensions
+attributeId: 1.2.840.113556.1.4.536
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 52458020-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65536
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Fault-Condition
+ldapDisplayName: fRSFaultCondition
+attributeId: 1.2.840.113556.1.4.491
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1be8f178-a9ff-11d0-afe2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-File-Filter
+ldapDisplayName: fRSFileFilter
+attributeId: 1.2.840.113556.1.4.483
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1be8f170-a9ff-11d0-afe2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Flags
+ldapDisplayName: fRSFlags
+attributeId: 1.2.840.113556.1.4.874
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 2a13257d-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Level-Limit
+ldapDisplayName: fRSLevelLimit
+attributeId: 1.2.840.113556.1.4.534
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 5245801e-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Member-Reference
+ldapDisplayName: fRSMemberReference
+attributeId: 1.2.840.113556.1.4.875
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 2a13257e-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 104
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+
+cn: FRS-Member-Reference-BL
+ldapDisplayName: fRSMemberReferenceBL
+attributeId: 1.2.840.113556.1.4.876
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 2a13257f-9373-11d1-aebc-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 105
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: FRS-Partner-Auth-Level
+ldapDisplayName: fRSPartnerAuthLevel
+attributeId: 1.2.840.113556.1.4.877
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 2a132580-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Primary-Member
+ldapDisplayName: fRSPrimaryMember
+attributeId: 1.2.840.113556.1.4.878
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 2a132581-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 106
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Replica-Set-GUID
+ldapDisplayName: fRSReplicaSetGUID
+attributeId: 1.2.840.113556.1.4.533
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5245801a-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Replica-Set-Type
+ldapDisplayName: fRSReplicaSetType
+attributeId: 1.2.840.113556.1.4.31
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 26d9736b-6070-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Root-Path
+ldapDisplayName: fRSRootPath
+attributeId: 1.2.840.113556.1.4.487
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1be8f174-a9ff-11d0-afe2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Root-Security
+ldapDisplayName: fRSRootSecurity
+attributeId: 1.2.840.113556.1.4.535
+attributeSyntax: 2.5.5.15
+omSyntax: 66
+isSingleValued: TRUE
+schemaIdGuid: 5245801f-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65535
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Service-Command
+ldapDisplayName: fRSServiceCommand
+attributeId: 1.2.840.113556.1.4.500
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ddac0cee-af8f-11d0-afeb-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 512
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Service-Command-Status
+ldapDisplayName: fRSServiceCommandStatus
+attributeId: 1.2.840.113556.1.4.879
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2a132582-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 512
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Staging-Path
+ldapDisplayName: fRSStagingPath
+attributeId: 1.2.840.113556.1.4.488
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1be8f175-a9ff-11d0-afe2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Time-Last-Command
+ldapDisplayName: fRSTimeLastCommand
+attributeId: 1.2.840.113556.1.4.880
+attributeSyntax: 2.5.5.11
+omSyntax: 23
+isSingleValued: TRUE
+schemaIdGuid: 2a132583-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Time-Last-Config-Change
+ldapDisplayName: fRSTimeLastConfigChange
+attributeId: 1.2.840.113556.1.4.881
+attributeSyntax: 2.5.5.11
+omSyntax: 23
+isSingleValued: TRUE
+schemaIdGuid: 2a132584-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Update-Timeout
+ldapDisplayName: fRSUpdateTimeout
+attributeId: 1.2.840.113556.1.4.485
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1be8f172-a9ff-11d0-afe2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Version
+ldapDisplayName: fRSVersion
+attributeId: 1.2.840.113556.1.4.882
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2a132585-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Version-GUID
+ldapDisplayName: fRSVersionGUID
+attributeId: 1.2.840.113556.1.4.43
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 26d9736c-6070-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Working-Path
+ldapDisplayName: fRSWorkingPath
+attributeId: 1.2.840.113556.1.4.486
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1be8f173-a9ff-11d0-afe2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FSMO-Role-Owner
+ldapDisplayName: fSMORoleOwner
+attributeId: 1.2.840.113556.1.4.369
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 66171887-8f3c-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Garbage-Coll-Period
+ldapDisplayName: garbageCollPeriod
+attributeId: 1.2.840.113556.1.2.301
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 5fd424a1-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 32943
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Gecos
+ldapDisplayName: gecos
+attributeId: 1.3.6.1.1.1.1.2
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: a3e03f1f-1d55-4253-a0af-30c2a784e46e
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10240
+
+cn: Generated-Connection
+ldapDisplayName: generatedConnection
+attributeId: 1.2.840.113556.1.4.41
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: bf96797a-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Generation-Qualifier
+ldapDisplayName: generationQualifier
+attributeId: 2.5.4.44
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 16775804-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+mapiID: 35923
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: GidNumber
+ldapDisplayName: gidNumber
+attributeId: 1.3.6.1.1.1.1.1
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: c5b95f0c-ec9e-41c4-849c-b46597ed6696
+systemOnly: FALSE
+searchFlags: fATTINDEX
+
+cn: Given-Name
+ldapDisplayName: givenName
+attributeId: 2.5.4.42
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f0f8ff8e-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: fANR | fATTINDEX
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14854
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Global-Address-List
+ldapDisplayName: globalAddressList
+attributeId: 1.2.840.113556.1.4.1245
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: f754c748-06f4-11d2-aa53-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Global-Address-List2
+ldapDisplayName: globalAddressList2
+attributeId: 1.2.840.113556.1.4.2047
+attributeSyntax: 2.5.5.1
+linkID: 2124
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 4898f63d-4112-477c-8826-3ca00bd8277d
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Governs-ID
+ldapDisplayName: governsID
+attributeId: 1.2.840.113556.1.2.22
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: TRUE
+schemaIdGuid: bf96797d-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags:fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: GPC-File-Sys-Path
+ldapDisplayName: gPCFileSysPath
+attributeId: 1.2.840.113556.1.4.894
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f30e3bc1-9ff0-11d1-b603-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: GPC-Functionality-Version
+ldapDisplayName: gPCFunctionalityVersion
+attributeId: 1.2.840.113556.1.4.893
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: f30e3bc0-9ff0-11d1-b603-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: GPC-Machine-Extension-Names
+ldapDisplayName: gPCMachineExtensionNames
+attributeId: 1.2.840.113556.1.4.1348
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 32ff8ecc-783f-11d2-9916-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: GPC-User-Extension-Names
+ldapDisplayName: gPCUserExtensionNames
+attributeId: 1.2.840.113556.1.4.1349
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 42a75fc6-783f-11d2-9916-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: GPC-WQL-Filter
+ldapDisplayName: gPCWQLFilter
+attributeId: 1.2.840.113556.1.4.1694
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7bd4c7a6-1add-4436-8c04-3999a880154c
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: GP-Link
+ldapDisplayName: gPLink
+attributeId: 1.2.840.113556.1.4.891
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f30e3bbe-9ff0-11d1-b603-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: GP-Options
+ldapDisplayName: gPOptions
+attributeId: 1.2.840.113556.1.4.892
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: f30e3bbf-9ff0-11d1-b603-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Group-Attributes
+ldapDisplayName: groupAttributes
+attributeId: 1.2.840.113556.1.4.152
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf96797e-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Group-Membership-SAM
+ldapDisplayName: groupMembershipSAM
+attributeId: 1.2.840.113556.1.4.166
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967980-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Group-Priority
+ldapDisplayName: groupPriority
+attributeId: 1.2.840.113556.1.4.345
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: eea65905-8ac6-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Groups-to-Ignore
+ldapDisplayName: groupsToIgnore
+attributeId: 1.2.840.113556.1.4.344
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: eea65904-8ac6-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Group-Type
+ldapDisplayName: groupType
+attributeId: 1.2.840.113556.1.4.750
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a9a021e-4a5b-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags:fPRESERVEONDELETE | fATTINDEX
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Has-Master-NCs
+ldapDisplayName: hasMasterNCs
+attributeId: 1.2.840.113556.1.2.14
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: bf967982-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+linkID: 76
+mapiID: 32950
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Has-Partial-Replica-NCs
+ldapDisplayName: hasPartialReplicaNCs
+attributeId: 1.2.840.113556.1.2.15
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: bf967981-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+linkID: 74
+mapiID: 32949
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Help-Data16
+ldapDisplayName: helpData16
+attributeId: 1.2.840.113556.1.2.402
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5fd424a7-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+mapiID: 32826
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Help-Data32
+ldapDisplayName: helpData32
+attributeId: 1.2.840.113556.1.2.9
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5fd424a8-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+mapiID: 32784
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Help-File-Name
+ldapDisplayName: helpFileName
+attributeId: 1.2.840.113556.1.2.327
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 5fd424a9-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 13
+mapiID: 32827
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Hide-From-AB
+ldapDisplayName: hideFromAB
+attributeId: 1.2.840.113556.1.4.1780
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: ec05b750-a977-4efe-8e8d-ba6c1a6e33a8
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: 0
+
+cn: Home-Directory
+ldapDisplayName: homeDirectory
+attributeId: 1.2.840.113556.1.4.44
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967985-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Home-Drive
+ldapDisplayName: homeDrive
+attributeId: 1.2.840.113556.1.4.45
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967986-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: host
+ldapDisplayName: host
+attributeId: 0.9.2342.19200300.100.1.9
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 6043df71-fa48-46cf-ab7c-cbd54644b22d
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: houseIdentifier
+ldapDisplayName: houseIdentifier
+attributeId: 2.5.4.51
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: a45398b7-c44a-4eb6-82d3-13c10946dbfe
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+
+cn: Icon-Path
+ldapDisplayName: iconPath
+attributeId: 1.2.840.113556.1.4.219
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f0f8ff83-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Implemented-Categories
+ldapDisplayName: implementedCategories
+attributeId: 1.2.840.113556.1.4.320
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 7d6c0e92-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: IndexedScopes
+ldapDisplayName: indexedScopes
+attributeId: 1.2.840.113556.1.4.681
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7bfdcb87-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Initial-Auth-Incoming
+ldapDisplayName: initialAuthIncoming
+attributeId: 1.2.840.113556.1.4.539
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 52458023-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Initial-Auth-Outgoing
+ldapDisplayName: initialAuthOutgoing
+attributeId: 1.2.840.113556.1.4.540
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 52458024-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Initials
+ldapDisplayName: initials
+attributeId: 2.5.4.43
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f0f8ff90-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 6
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14858
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Install-Ui-Level
+ldapDisplayName: installUiLevel
+attributeId: 1.2.840.113556.1.4.847
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 96a7dd64-9118-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Instance-Type
+ldapDisplayName: instanceType
+attributeId: 1.2.840.113556.1.2.1
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf96798c-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags:fPRESERVEONDELETE
+mapiID: 32957
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: International-ISDN-Number
+ldapDisplayName: internationalISDNNumber
+attributeId: 2.5.4.25
+attributeSyntax: 2.5.5.6
+omSyntax: 18
+isSingleValued: FALSE
+schemaIdGuid: bf96798d-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 16
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 32958
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Inter-Site-Topology-Failover
+ldapDisplayName: interSiteTopologyFailover
+attributeId: 1.2.840.113556.1.4.1248
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: b7c69e60-2cc7-11d2-854e-00a0c983f608
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Inter-Site-Topology-Generator
+ldapDisplayName: interSiteTopologyGenerator
+attributeId: 1.2.840.113556.1.4.1246
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: b7c69e5e-2cc7-11d2-854e-00a0c983f608
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Inter-Site-Topology-Renew
+ldapDisplayName: interSiteTopologyRenew
+attributeId: 1.2.840.113556.1.4.1247
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: b7c69e5f-2cc7-11d2-854e-00a0c983f608
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Invocation-Id
+ldapDisplayName: invocationId
+attributeId: 1.2.840.113556.1.2.115
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf96798e-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fATTINDEX
+mapiID: 32959
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: IpHostNumber
+ldapDisplayName: ipHostNumber
+attributeId: 1.3.6.1.1.1.1.19
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: de8bb721-85dc-4fde-b687-9657688e667e
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 128
+
+cn: IpNetmaskNumber
+ldapDisplayName: ipNetmaskNumber
+attributeId: 1.3.6.1.1.1.1.21
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: 6ff64fcd-462e-4f62-b44a-9a5347659eb9
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 128
+
+cn: IpNetworkNumber
+ldapDisplayName: ipNetworkNumber
+attributeId: 1.3.6.1.1.1.1.20
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: 4e3854f4-3087-42a4-a813-bb0c528958d3
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 128
+
+cn: IpProtocolNumber
+ldapDisplayName: ipProtocolNumber
+attributeId: 1.3.6.1.1.1.1.17
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ebf5c6eb-0e2d-4415-9670-1081993b4211
+systemOnly: FALSE
+searchFlags: 0
+
+cn: Ipsec-Data
+ldapDisplayName: ipsecData
+attributeId: 1.2.840.113556.1.4.623
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: b40ff81f-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-Data-Type
+ldapDisplayName: ipsecDataType
+attributeId: 1.2.840.113556.1.4.622
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: b40ff81e-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-Filter-Reference
+ldapDisplayName: ipsecFilterReference
+attributeId: 1.2.840.113556.1.4.629
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: b40ff823-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-ID
+ldapDisplayName: ipsecID
+attributeId: 1.2.840.113556.1.4.621
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b40ff81d-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-ISAKMP-Reference
+ldapDisplayName: ipsecISAKMPReference
+attributeId: 1.2.840.113556.1.4.626
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: b40ff820-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-Name
+ldapDisplayName: ipsecName
+attributeId: 1.2.840.113556.1.4.620
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b40ff81c-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: IPSEC-Negotiation-Policy-Action
+ldapDisplayName: iPSECNegotiationPolicyAction
+attributeId: 1.2.840.113556.1.4.888
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 07383075-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-Negotiation-Policy-Reference
+ldapDisplayName: ipsecNegotiationPolicyReference
+attributeId: 1.2.840.113556.1.4.628
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: b40ff822-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: IPSEC-Negotiation-Policy-Type
+ldapDisplayName: iPSECNegotiationPolicyType
+attributeId: 1.2.840.113556.1.4.887
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 07383074-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-NFA-Reference
+ldapDisplayName: ipsecNFAReference
+attributeId: 1.2.840.113556.1.4.627
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: b40ff821-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-Owners-Reference
+ldapDisplayName: ipsecOwnersReference
+attributeId: 1.2.840.113556.1.4.624
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: b40ff824-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-Policy-Reference
+ldapDisplayName: ipsecPolicyReference
+attributeId: 1.2.840.113556.1.4.517
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: b7b13118-b82e-11d0-afee-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: IpServicePort
+ldapDisplayName: ipServicePort
+attributeId: 1.3.6.1.1.1.1.15
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ff2daebf-f463-495a-8405-3e483641eaa2
+systemOnly: FALSE
+searchFlags: 0
+
+cn: IpServiceProtocol
+ldapDisplayName: ipServiceProtocol
+attributeId: 1.3.6.1.1.1.1.16
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: cd96ec0b-1ed6-43b4-b26b-f170b645883f
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: Is-Critical-System-Object
+ldapDisplayName: isCriticalSystemObject
+attributeId: 1.2.840.113556.1.4.868
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 00fbf30d-91fe-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Is-Defunct
+ldapDisplayName: isDefunct
+attributeId: 1.2.840.113556.1.4.661
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 28630ebe-41d5-11d1-a9c1-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Is-Deleted
+ldapDisplayName: isDeleted
+attributeId: 1.2.840.113556.1.2.48
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: bf96798f-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 32960
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Is-Ephemeral
+ldapDisplayName: isEphemeral
+attributeId: 1.2.840.113556.1.4.1212
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: f4c453f0-c5f1-11d1-bbcb-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Is-Member-Of-DL
+ldapDisplayName: memberOf
+attributeId: 1.2.840.113556.1.2.102
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: bf967991-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fCOPY
+attributeSecurityGuid: bc0ac240-79a9-11d0-9020-00c04fc2d4cf
+linkID: 3
+mapiID: 32776
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Is-Member-Of-Partial-Attribute-Set
+ldapDisplayName: isMemberOfPartialAttributeSet
+attributeId: 1.2.840.113556.1.4.639
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 19405b9d-3cfa-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Is-Privilege-Holder
+ldapDisplayName: isPrivilegeHolder
+attributeId: 1.2.840.113556.1.4.638
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 19405b9c-3cfa-11d1-a9c0-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 71
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: Is-Recycled
+ldapDisplayName: isRecycled
+attributeId: 1.2.840.113556.1.4.2058
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 8fb59256-55f1-444b-aacb-f5b482fe3459
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+isMemberOfPartialAttributeSet: TRUE
+
+cn: Is-Single-Valued
+ldapDisplayName: isSingleValued
+attributeId: 1.2.840.113556.1.2.33
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: bf967992-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 32961
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: jpegPhoto
+ldapDisplayName: jpegPhoto
+attributeId: 0.9.2342.19200300.100.1.60
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bac80572-09c4-4fa9-9ae6-7628d7adbe0e
+systemOnly: FALSE
+searchFlags: 0
+showInAdvancedViewOnly: FALSE
+systemFlags: 0
+
+cn: Keywords
+ldapDisplayName: keywords
+attributeId: 1.2.840.113556.1.4.48
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf967993-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 1
+rangeUpper: 256
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Knowledge-Information
+ldapDisplayName: knowledgeInformation
+attributeId: 2.5.4.2
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: FALSE
+schemaIdGuid: 1677581f-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 32963
+
+cn: labeledURI
+ldapDisplayName: labeledURI
+attributeId: 1.3.6.1.4.1.250.1.57
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: c569bb46-c680-44bc-a273-e6c227d71b45
+systemOnly: FALSE
+searchFlags: 0
+showInAdvancedViewOnly: FALSE
+systemFlags: 0
+
+cn: Last-Backup-Restoration-Time
+ldapDisplayName: lastBackupRestorationTime
+attributeId: 1.2.840.113556.1.4.519
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 1fbb0be8-ba63-11d0-afef-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Last-Content-Indexed
+ldapDisplayName: lastContentIndexed
+attributeId: 1.2.840.113556.1.4.50
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967995-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Last-Known-Parent
+ldapDisplayName: lastKnownParent
+attributeId: 1.2.840.113556.1.4.781
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 52ab8670-5709-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Last-Logoff
+ldapDisplayName: lastLogoff
+attributeId: 1.2.840.113556.1.4.51
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967996-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Last-Logon
+ldapDisplayName: lastLogon
+attributeId: 1.2.840.113556.1.4.52
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967997-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Last-Logon-Timestamp
+ldapDisplayName: lastLogonTimestamp
+attributeId: 1.2.840.113556.1.4.1696
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: c0e20a04-0e5a-4ff3-9482-5efeaecd7060
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+isMemberOfPartialAttributeSet: TRUE
+
+cn: Last-Set-Time
+ldapDisplayName: lastSetTime
+attributeId: 1.2.840.113556.1.4.53
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967998-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Last-Update-Sequence
+ldapDisplayName: lastUpdateSequence
+attributeId: 1.2.840.113556.1.4.330
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7d6c0e9c-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: LDAP-Admin-Limits
+ldapDisplayName: lDAPAdminLimits
+attributeId: 1.2.840.113556.1.4.843
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7359a352-90f7-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: LDAP-Display-Name
+ldapDisplayName: lDAPDisplayName
+attributeId: 1.2.840.113556.1.2.460
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf96799a-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags:fPRESERVEONDELETE | fATTINDEX
+rangeLower: 1
+rangeUpper: 256
+mapiID: 33137
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: LDAP-IPDeny-List
+ldapDisplayName: lDAPIPDenyList
+attributeId: 1.2.840.113556.1.4.844
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 7359a353-90f7-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Legacy-Exchange-DN
+ldapDisplayName: legacyExchangeDN
+attributeId: 1.2.840.113556.1.4.655
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: TRUE
+schemaIdGuid: 28630ebc-41d5-11d1-a9c1-0000f80367c1
+systemOnly: FALSE
+searchFlags:fPRESERVEONDELETE| fANR | fATTINDEX
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Link-ID
+ldapDisplayName: linkID
+attributeId: 1.2.840.113556.1.2.50
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf96799b-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 32965
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Link-Track-Secret
+ldapDisplayName: linkTrackSecret
+attributeId: 1.2.840.113556.1.4.269
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 2ae80fe2-47b4-11d0-a1a4-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Lm-Pwd-History
+ldapDisplayName: lmPwdHistory
+attributeId: 1.2.840.113556.1.4.160
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf96799d-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Locale-ID
+ldapDisplayName: localeID
+attributeId: 1.2.840.113556.1.4.58
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+schemaIdGuid: bf9679a1-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Locality-Name
+ldapDisplayName: l
+attributeId: 2.5.4.7
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf9679a2-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY | fATTINDEX
+rangeLower: 1
+rangeUpper: 128
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14887
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Localization-Display-Id
+ldapDisplayName: localizationDisplayId
+attributeId: 1.2.840.113556.1.4.1353
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: a746f0d1-78d0-11d2-9916-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Localized-Description
+ldapDisplayName: localizedDescription
+attributeId: 1.2.840.113556.1.4.817
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: d9e18316-8939-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Local-Policy-Flags
+ldapDisplayName: localPolicyFlags
+attributeId: 1.2.840.113556.1.4.56
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf96799e-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Local-Policy-Reference
+ldapDisplayName: localPolicyReference
+attributeId: 1.2.840.113556.1.4.457
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 80a67e4d-9f22-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: a29b8a01-c7e8-11d0-9bae-00c04fd92ef5
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Location
+ldapDisplayName: location
+attributeId: 1.2.840.113556.1.4.222
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 09dcb79f-165f-11d0-a064-00aa006c33ed
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 1024
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Lockout-Duration
+ldapDisplayName: lockoutDuration
+attributeId: 1.2.840.113556.1.4.60
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679a5-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Lock-Out-Observation-Window
+ldapDisplayName: lockOutObservationWindow
+attributeId: 1.2.840.113556.1.4.61
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679a4-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Lockout-Threshold
+ldapDisplayName: lockoutThreshold
+attributeId: 1.2.840.113556.1.4.73
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf9679a6-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 65535
+attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Lockout-Time
+ldapDisplayName: lockoutTime
+attributeId: 1.2.840.113556.1.4.662
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 28630ebf-41d5-11d1-a9c1-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: LoginShell
+ldapDisplayName: loginShell
+attributeId: 1.3.6.1.1.1.1.4
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: a553d12c-3231-4c5e-8adf-8d189697721e
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: Logo
+ldapDisplayName: thumbnailLogo
+attributeId: 2.16.840.1.113730.3.1.36
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf9679a9-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Logon-Count
+ldapDisplayName: logonCount
+attributeId: 1.2.840.113556.1.4.169
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf9679aa-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Logon-Hours
+ldapDisplayName: logonHours
+attributeId: 1.2.840.113556.1.4.64
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf9679ab-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Logon-Workstation
+ldapDisplayName: logonWorkstation
+attributeId: 1.2.840.113556.1.4.65
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf9679ac-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: LSA-Creation-Time
+ldapDisplayName: lSACreationTime
+attributeId: 1.2.840.113556.1.4.66
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679ad-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: LSA-Modified-Count
+ldapDisplayName: lSAModifiedCount
+attributeId: 1.2.840.113556.1.4.67
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679ae-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MacAddress
+ldapDisplayName: macAddress
+attributeId: 1.3.6.1.1.1.1.22
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: e6a522dd-9770-43e1-89de-1de5044328f7
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 128
+
+cn: Machine-Architecture
+ldapDisplayName: machineArchitecture
+attributeId: 1.2.840.113556.1.4.68
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: FALSE
+schemaIdGuid: bf9679af-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Machine-Password-Change-Interval
+ldapDisplayName: machinePasswordChangeInterval
+attributeId: 1.2.840.113556.1.4.520
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: c9b6358e-bb38-11d0-afef-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: a29b89fe-c7e8-11d0-9bae-00c04fd92ef5
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Machine-Role
+ldapDisplayName: machineRole
+attributeId: 1.2.840.113556.1.4.71
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+schemaIdGuid: bf9679b2-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Machine-Wide-Policy
+ldapDisplayName: machineWidePolicy
+attributeId: 1.2.840.113556.1.4.459
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 80a67e4f-9f22-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: a29b8a01-c7e8-11d0-9bae-00c04fd92ef5
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Managed-By
+ldapDisplayName: managedBy
+attributeId: 1.2.840.113556.1.4.653
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 0296c120-40da-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 72
+mapiID: 32780
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Managed-Objects
+ldapDisplayName: managedObjects
+attributeId: 1.2.840.113556.1.4.654
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 0296c124-40da-11d1-a9c0-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 73
+mapiID: 32804
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: Manager
+ldapDisplayName: manager
+attributeId: 0.9.2342.19200300.100.1.10
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: bf9679b5-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+linkID: 42
+mapiID: 32773
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MAPI-ID
+ldapDisplayName: mAPIID
+attributeId: 1.2.840.113556.1.2.49
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf9679b7-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 32974
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Marshalled-Interface
+ldapDisplayName: marshalledInterface
+attributeId: 1.2.840.113556.1.4.72
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf9679b9-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Mastered-By
+ldapDisplayName: masteredBy
+attributeId: 1.2.840.113556.1.4.1409
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: e48e64e0-12c9-11d3-9102-00c04fd91ab1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 77
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Max-Pwd-Age
+ldapDisplayName: maxPwdAge
+attributeId: 1.2.840.113556.1.4.74
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679bb-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Max-Renew-Age
+ldapDisplayName: maxRenewAge
+attributeId: 1.2.840.113556.1.4.75
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679bc-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Max-Storage
+ldapDisplayName: maxStorage
+attributeId: 1.2.840.113556.1.4.76
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679bd-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Max-Ticket-Age
+ldapDisplayName: maxTicketAge
+attributeId: 1.2.840.113556.1.4.77
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679be-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: May-Contain
+ldapDisplayName: mayContain
+attributeId: 1.2.840.113556.1.2.25
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: bf9679bf-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: meetingAdvertiseScope
+ldapDisplayName: meetingAdvertiseScope
+attributeId: 1.2.840.113556.1.4.582
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc8b-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingApplication
+ldapDisplayName: meetingApplication
+attributeId: 1.2.840.113556.1.4.573
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc83-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingBandwidth
+ldapDisplayName: meetingBandwidth
+attributeId: 1.2.840.113556.1.4.589
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc92-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingBlob
+ldapDisplayName: meetingBlob
+attributeId: 1.2.840.113556.1.4.590
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc93-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingContactInfo
+ldapDisplayName: meetingContactInfo
+attributeId: 1.2.840.113556.1.4.578
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc87-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingDescription
+ldapDisplayName: meetingDescription
+attributeId: 1.2.840.113556.1.4.567
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc7e-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingEndTime
+ldapDisplayName: meetingEndTime
+attributeId: 1.2.840.113556.1.4.588
+attributeSyntax: 2.5.5.11
+omSyntax: 23
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc91-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingID
+ldapDisplayName: meetingID
+attributeId: 1.2.840.113556.1.4.565
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc7c-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingIP
+ldapDisplayName: meetingIP
+attributeId: 1.2.840.113556.1.4.580
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc89-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingIsEncrypted
+ldapDisplayName: meetingIsEncrypted
+attributeId: 1.2.840.113556.1.4.585
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc8e-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingKeyword
+ldapDisplayName: meetingKeyword
+attributeId: 1.2.840.113556.1.4.568
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc7f-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingLanguage
+ldapDisplayName: meetingLanguage
+attributeId: 1.2.840.113556.1.4.574
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc84-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingLocation
+ldapDisplayName: meetingLocation
+attributeId: 1.2.840.113556.1.4.569
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc80-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingMaxParticipants
+ldapDisplayName: meetingMaxParticipants
+attributeId: 1.2.840.113556.1.4.576
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc85-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingName
+ldapDisplayName: meetingName
+attributeId: 1.2.840.113556.1.4.566
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc7d-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingOriginator
+ldapDisplayName: meetingOriginator
+attributeId: 1.2.840.113556.1.4.577
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc86-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingOwner
+ldapDisplayName: meetingOwner
+attributeId: 1.2.840.113556.1.4.579
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc88-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingProtocol
+ldapDisplayName: meetingProtocol
+attributeId: 1.2.840.113556.1.4.570
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc81-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingRating
+ldapDisplayName: meetingRating
+attributeId: 1.2.840.113556.1.4.584
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc8d-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingRecurrence
+ldapDisplayName: meetingRecurrence
+attributeId: 1.2.840.113556.1.4.586
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc8f-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingScope
+ldapDisplayName: meetingScope
+attributeId: 1.2.840.113556.1.4.581
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc8a-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingStartTime
+ldapDisplayName: meetingStartTime
+attributeId: 1.2.840.113556.1.4.587
+attributeSyntax: 2.5.5.11
+omSyntax: 23
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc90-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingType
+ldapDisplayName: meetingType
+attributeId: 1.2.840.113556.1.4.571
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc82-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingURL
+ldapDisplayName: meetingURL
+attributeId: 1.2.840.113556.1.4.583
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc8c-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Member
+ldapDisplayName: member
+attributeId: 2.5.4.31
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: bf9679c0-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: bc0ac240-79a9-11d0-9020-00c04fc2d4cf
+linkID: 2
+mapiID: 32777
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: MemberNisNetgroup
+ldapDisplayName: memberNisNetgroup
+attributeId: 1.3.6.1.1.1.1.13
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 0f6a17dc-53e5-4be8-9442-8f3ce2f9012a
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 153600
+
+cn: MemberUid
+ldapDisplayName: memberUid
+attributeId: 1.3.6.1.1.1.1.12
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 03dab236-672e-4f61-ab64-f77d2dc2ffab
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 256000
+
+cn: MHS-OR-Address
+ldapDisplayName: mhsORAddress
+attributeId: 1.2.840.113556.1.4.650
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0296c122-40da-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Min-Pwd-Age
+ldapDisplayName: minPwdAge
+attributeId: 1.2.840.113556.1.4.78
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679c2-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Min-Pwd-Length
+ldapDisplayName: minPwdLength
+attributeId: 1.2.840.113556.1.4.79
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf9679c3-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Min-Ticket-Age
+ldapDisplayName: minTicketAge
+attributeId: 1.2.840.113556.1.4.80
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679c4-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Modified-Count
+ldapDisplayName: modifiedCount
+attributeId: 1.2.840.113556.1.4.168
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679c5-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: b8119fd0-04f6-4762-ab7a-4986c76b3f9a
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Modified-Count-At-Last-Prom
+ldapDisplayName: modifiedCountAtLastProm
+attributeId: 1.2.840.113556.1.4.81
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679c6-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Modify-Time-Stamp
+ldapDisplayName: modifyTimeStamp
+attributeId: 2.5.18.2
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: 9a7ad94a-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Moniker
+ldapDisplayName: moniker
+attributeId: 1.2.840.113556.1.4.82
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf9679c7-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Moniker-Display-Name
+ldapDisplayName: monikerDisplayName
+attributeId: 1.2.840.113556.1.4.83
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf9679c8-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Move-Tree-State
+ldapDisplayName: moveTreeState
+attributeId: 1.2.840.113556.1.4.1305
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 1f2ac2c8-3b71-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-COM-DefaultPartitionLink
+ldapDisplayName: msCOM-DefaultPartitionLink
+attributeId: 1.2.840.113556.1.4.1427
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 998b10f7-aa1a-4364-b867-753d197fe670
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-COM-ObjectId
+ldapDisplayName: msCOM-ObjectId
+attributeId: 1.2.840.113556.1.4.1428
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 430f678b-889f-41f2-9843-203b5a65572f
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-COM-PartitionLink
+ldapDisplayName: msCOM-PartitionLink
+attributeId: 1.2.840.113556.1.4.1423
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 09abac62-043f-4702-ac2b-6ca15eee5754
+systemOnly: FALSE
+searchFlags: 0
+linkID: 1040
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-COM-PartitionSetLink
+ldapDisplayName: msCOM-PartitionSetLink
+attributeId: 1.2.840.113556.1.4.1424
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 67f121dc-7d02-4c7d-82f5-9ad4c950ac34
+systemOnly: TRUE
+searchFlags: 0
+linkID: 1041
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-COM-UserLink
+ldapDisplayName: msCOM-UserLink
+attributeId: 1.2.840.113556.1.4.1425
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 9e6f3a4d-242c-4f37-b068-36b57f9fc852
+systemOnly: TRUE
+searchFlags: 0
+linkID: 1049
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-COM-UserPartitionSetLink
+ldapDisplayName: msCOM-UserPartitionSetLink
+attributeId: 1.2.840.113556.1.4.1426
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 8e940c8a-e477-4367-b08d-ff2ff942dcd7
+systemOnly: FALSE
+searchFlags: 0
+linkID: 1048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Mscope-Id
+ldapDisplayName: mscopeId
+attributeId: 1.2.840.113556.1.4.716
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: TRUE
+schemaIdGuid: 963d2751-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DFS-Comment-v2
+ldapDisplayName: msDFS-Commentv2
+attributeId: 1.2.840.113556.1.4.2036
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b786cec9-61fd-4523-b2c1-5ceb3860bb32
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32766
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DFS-Generation-GUID-v2
+ldapDisplayName: msDFS-GenerationGUIDv2
+attributeId: 1.2.840.113556.1.4.2032
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 35b8b3d9-c58f-43d6-930e-5040f2f1a781
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: 16
+
+cn: ms-DFS-Last-Modified-v2
+ldapDisplayName: msDFS-LastModifiedv2
+attributeId: 1.2.840.113556.1.4.2034
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: 3c095e8a-314e-465b-83f5-ab8277bcf29b
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+systemFlags: 16
+
+cn: ms-DFS-Link-Identity-GUID-v2
+ldapDisplayName: msDFS-LinkIdentityGUIDv2
+attributeId: 1.2.840.113556.1.4.2041
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: edb027f3-5726-4dee-8d4e-dbf07e1ad1f1
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower:16
+rangeUpper: 16
+systemFlags: 16
+
+cn: ms-DFS-Link-Path-v2
+ldapDisplayName: msDFS-LinkPathv2
+attributeId: 1.2.840.113556.1.4.2039
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 86b021f6-10ab-40a2-a252-1dc0cc3be6a9
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32766
+systemFlags: 16
+
+cn: ms-DFS-Link-Security-Descriptor-v2
+ldapDisplayName: msDFS-LinkSecurityDescriptorv2
+attributeId: 1.2.840.113556.1.4.2040
+attributeSyntax: 2.5.5.15
+omSyntax: 66
+isSingleValued: TRUE
+schemaIdGuid: 57cf87f7-3426-4841-b322-02b3b6e9eba8
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+systemFlags: 16
+
+cn: ms-DFS-Namespace-Identity-GUID-v2
+ldapDisplayName: msDFS-NamespaceIdentityGUIDv2
+attributeId: 1.2.840.113556.1.4.2033
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 200432ce-ec5f-4931-a525-d7f4afe34e68
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: 16
+
+cn: ms-DFS-Properties-v2
+ldapDisplayName: msDFS-Propertiesv2
+attributeId: 1.2.840.113556.1.4.2037
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0c3e5bc5-eb0e-40f5-9b53-334e958dffdb
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 1024
+systemFlags: 16
+
+cn: ms-DFSR-CachePolicy
+ldapDisplayName: msDFSR-CachePolicy
+attributeId: 1.2.840.113556.1.6.13.3.29
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: db7a08e7-fc76-4569-a45f-f5ecb66a88b5
+searchFlags: 0
+
+cn: ms-DFSR-CommonStagingPath
+ldapDisplayName: msDFSR-CommonStagingPath
+attributeId: 1.2.840.113556.1.6.13.3.38
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 936eac41-d257-4bb9-bd55-f310a3cf09ad
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-CommonStagingSizeInMb
+ldapDisplayName: msDFSR-CommonStagingSizeInMb
+attributeId: 1.2.840.113556.1.6.13.3.39
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 135eb00e-4846-458b-8ea2-a37559afd405
+searchFlags: 0
+rangeLower: 0
+rangeUpper: -1
+
+cn: ms-DFSR-ComputerReference
+ldapDisplayName: msDFSR-ComputerReference
+attributeId: 1.2.840.113556.1.6.13.3.101
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 6c7b5785-3d21-41bf-8a8a-627941544d5a
+searchFlags: 0
+linkID: 2050
+
+cn: ms-DFSR-ComputerReferenceBL
+ldapDisplayName: msDFSR-ComputerReferenceBL
+attributeId: 1.2.840.113556.1.6.13.3.103
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 5eb526d7-d71b-44ae-8cc6-95460052e6ac
+searchFlags: 0
+linkID: 2051
+systemFlags: FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DFSR-ConflictPath
+ldapDisplayName: msDFSR-ConflictPath
+attributeId: 1.2.840.113556.1.6.13.3.7
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 5cf0bcc8-60f7-4bff-bda6-aea0344eb151
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-ConflictSizeInMb
+ldapDisplayName: msDFSR-ConflictSizeInMb
+attributeId: 1.2.840.113556.1.6.13.3.8
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 9ad33fc9-aacf-4299-bb3e-d1fc6ea88e49
+searchFlags: 0
+rangeLower: 0
+rangeUpper: -1
+
+cn: ms-DFSR-ContentSetGuid
+ldapDisplayName: msDFSR-ContentSetGuid
+attributeId: 1.2.840.113556.1.6.13.3.18
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 1035a8e1-67a8-4c21-b7bb-031cdf99d7a0
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+
+cn: ms-DFSR-DefaultCompressionExclusionFilter
+ldapDisplayName: msDFSR-DefaultCompressionExclusionFilter
+attributeId: 1.2.840.113556.1.6.13.3.34
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 87811bd5-cd8b-45cb-9f5d-980f3a9e0c97
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-DeletedPath
+ldapDisplayName: msDFSR-DeletedPath
+attributeId: 1.2.840.113556.1.6.13.3.26
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 817cf0b8-db95-4914-b833-5a079ef65764
+searchFlags: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-DeletedSizeInMb
+ldapDisplayName: msDFSR-DeletedSizeInMb
+attributeId: 1.2.840.113556.1.6.13.3.27
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 53ed9ad1-9975-41f4-83f5-0c061a12553a
+searchFlags: 0
+rangeUpper: -1
+
+cn: ms-DFSR-DfsLinkTarget
+ldapDisplayName: msDFSR-DfsLinkTarget
+attributeId: 1.2.840.113556.1.6.13.3.24
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f7b85ba9-3bf9-428f-aab4-2eee6d56f063
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-DfsPath
+ldapDisplayName: msDFSR-DfsPath
+attributeId: 1.2.840.113556.1.6.13.3.21
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2cc903e2-398c-443b-ac86-ff6b01eac7ba
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-DirectoryFilter
+ldapDisplayName: msDFSR-DirectoryFilter
+attributeId: 1.2.840.113556.1.6.13.3.13
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 93c7b477-1f2e-4b40-b7bf-007e8d038ccf
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-DisablePacketPrivacy
+ldapDisplayName: msDFSR-DisablePacketPrivacy
+attributeId: 1.2.840.113556.1.6.13.3.32
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 6a84ede5-741e-43fd-9dd6-aa0f61578621
+searchFlags: 0
+
+cn: ms-DFSR-Enabled
+ldapDisplayName: msDFSR-Enabled
+attributeId: 1.2.840.113556.1.6.13.3.9
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 03726ae7-8e7d-4446-8aae-a91657c00993
+searchFlags: 0
+
+cn: ms-DFSR-Extension
+ldapDisplayName: msDFSR-Extension
+attributeId: 1.2.840.113556.1.6.13.3.2
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 78f011ec-a766-4b19-adcf-7b81ed781a4d
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65536
+
+cn: ms-DFSR-FileFilter
+ldapDisplayName: msDFSR-FileFilter
+attributeId: 1.2.840.113556.1.6.13.3.12
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: d68270ac-a5dc-4841-a6ac-cd68be38c181
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-Flags
+ldapDisplayName: msDFSR-Flags
+attributeId: 1.2.840.113556.1.6.13.3.16
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: fe515695-3f61-45c8-9bfa-19c148c57b09
+searchFlags: 0
+
+cn: ms-DFSR-Keywords
+ldapDisplayName: msDFSR-Keywords
+attributeId: 1.2.840.113556.1.6.13.3.15
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 048b4692-6227-4b67-a074-c4437083e14b
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-MaxAgeInCacheInMin
+ldapDisplayName: msDFSR-MaxAgeInCacheInMin
+attributeId: 1.2.840.113556.1.6.13.3.31
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 2ab0e48d-ac4e-4afc-83e5-a34240db6198
+searchFlags: 0
+rangeUpper: 2147483647
+
+cn: ms-DFSR-MemberReference
+ldapDisplayName: msDFSR-MemberReference
+attributeId: 1.2.840.113556.1.6.13.3.100
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 261337aa-f1c3-44b2-bbea-c88d49e6f0c7
+searchFlags: 0
+linkID: 2052
+
+cn: ms-DFSR-MemberReferenceBL
+ldapDisplayName: msDFSR-MemberReferenceBL
+attributeId: 1.2.840.113556.1.6.13.3.102
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: adde62c6-1880-41ed-bd3c-30b7d25e14f0
+searchFlags: 0
+linkID: 2053
+systemFlags: FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DFSR-MinDurationCacheInMin
+ldapDisplayName: msDFSR-MinDurationCacheInMin
+attributeId: 1.2.840.113556.1.6.13.3.30
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 4c5d607a-ce49-444a-9862-82a95f5d1fcc
+searchFlags: 0
+rangeUpper: 2147483647
+
+cn: ms-DFSR-OnDemandExclusionDirectoryFilter
+ldapDisplayName: msDFSR-OnDemandExclusionDirectoryFilter
+attributeId: 1.2.840.113556.1.6.13.3.36
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7d523aff-9012-49b2-9925-f922a0018656
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-OnDemandExclusionFileFilter
+ldapDisplayName: msDFSR-OnDemandExclusionFileFilter
+attributeId: 1.2.840.113556.1.6.13.3.35
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a68359dc-a581-4ee6-9015-5382c60f0fb4
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-Options
+ldapDisplayName: msDFSR-Options
+attributeId: 1.2.840.113556.1.6.13.3.17
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d6d67084-c720-417d-8647-b696237a114c
+searchFlags: 0
+
+cn: ms-DFSR-Options2
+ldapDisplayName: msDFSR-Options2
+attributeId: 1.2.840.113556.1.6.13.3.37
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 11e24318-4ca6-4f49-9afe-e5eb1afa3473
+searchFlags: 0
+
+cn: ms-DFSR-Priority
+ldapDisplayName: msDFSR-Priority
+attributeId: 1.2.840.113556.1.6.13.3.25
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: eb20e7d6-32ad-42de-b141-16ad2631b01b
+searchFlags: 0
+
+cn: ms-DFSR-RdcEnabled
+ldapDisplayName: msDFSR-RdcEnabled
+attributeId: 1.2.840.113556.1.6.13.3.19
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: e3b44e05-f4a7-4078-a730-f48670a743f8
+searchFlags: 0
+
+cn: ms-DFSR-RdcMinFileSizeInKb
+ldapDisplayName: msDFSR-RdcMinFileSizeInKb
+attributeId: 1.2.840.113556.1.6.13.3.20
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: f402a330-ace5-4dc1-8cc9-74d900bf8ae0
+searchFlags: 0
+rangeLower: 0
+rangeUpper: -1
+
+cn: ms-DFSR-ReadOnly
+ldapDisplayName: msDFSR-ReadOnly
+attributeId: 1.2.840.113556.1.6.13.3.28
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 5ac48021-e447-46e7-9d23-92c0c6a90dfb
+searchFlags: 0
+
+cn: ms-DFSR-ReplicationGroupGuid
+ldapDisplayName: msDFSR-ReplicationGroupGuid
+attributeId: 1.2.840.113556.1.6.13.3.23
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 2dad8796-7619-4ff8-966e-0a5cc67b287f
+searchFlags: fATTINDEX
+rangeLower: 16
+rangeUpper: 16
+
+cn: ms-DFSR-ReplicationGroupType
+ldapDisplayName: msDFSR-ReplicationGroupType
+attributeId: 1.2.840.113556.1.6.13.3.10
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: eeed0fc8-1001-45ed-80cc-bbf744930720
+searchFlags: 0
+
+cn: ms-DFSR-RootFence
+ldapDisplayName: msDFSR-RootFence
+attributeId: 1.2.840.113556.1.6.13.3.22
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 51928e94-2cd8-4abe-b552-e50412444370
+searchFlags: 0
+
+cn: ms-DFSR-RootPath
+ldapDisplayName: msDFSR-RootPath
+attributeId: 1.2.840.113556.1.6.13.3.3
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: d7d5e8c1-e61f-464f-9fcf-20bbe0a2ec54
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-RootSizeInMb
+ldapDisplayName: msDFSR-RootSizeInMb
+attributeId: 1.2.840.113556.1.6.13.3.4
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 90b769ac-4413-43cf-ad7a-867142e740a3
+searchFlags: 0
+rangeLower: 0
+
+cn: ms-DFSR-Schedule
+ldapDisplayName: msDFSR-Schedule
+attributeId: 1.2.840.113556.1.6.13.3.14
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 4699f15f-a71f-48e2-9ff5-5897c0759205
+searchFlags: 0
+rangeLower: 336
+rangeUpper: 336
+
+cn: ms-DFSR-StagingCleanupTriggerInPercent
+ldapDisplayName: msDFSR-StagingCleanupTriggerInPercent
+attributeId: 1.2.840.113556.1.6.13.3.40
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d64b9c23-e1fa-467b-b317-6964d744d633
+searchFlags: 0
+
+cn: ms-DFSR-StagingPath
+ldapDisplayName: msDFSR-StagingPath
+attributeId: 1.2.840.113556.1.6.13.3.5
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 86b9a69e-f0a6-405d-99bb-77d977992c2a
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-StagingSizeInMb
+ldapDisplayName: msDFSR-StagingSizeInMb
+attributeId: 1.2.840.113556.1.6.13.3.6
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 250a8f20-f6fc-4559-ae65-e4b24c67aebe
+searchFlags: 0
+rangeLower: 0
+rangeUpper: -1
+
+cn: ms-DFSR-TombstoneExpiryInMin
+ldapDisplayName: msDFSR-TombstoneExpiryInMin
+attributeId: 1.2.840.113556.1.6.13.3.11
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 23e35d4c-e324-4861-a22f-e199140dae00
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2147483647
+
+cn: ms-DFSR-Version
+ldapDisplayName: msDFSR-Version
+attributeId: 1.2.840.113556.1.6.13.3.1
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1a861408-38c3-49ea-ba75-85481a77c655
+searchFlags: 0
+rangeUpper: 256
+
+cn: ms-DFS-Schema-Major-Version
+ldapDisplayName: msDFS-SchemaMajorVersion
+attributeId: 1.2.840.113556.1.4.2030
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ec6d7855-704a-4f61-9aa6-c49a7c1d54c7
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower: 2
+rangeUpper: 2
+systemFlags: 16
+
+cn: ms-DFS-Schema-Minor-Version
+ldapDisplayName: msDFS-SchemaMinorVersion
+attributeId: 1.2.840.113556.1.4.2031
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: fef9a725-e8f1-43ab-bd86-6a0115ce9e38
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 0
+systemFlags: 16
+
+cn: ms-DFS-Short-Name-Link-Path-v2
+ldapDisplayName: msDFS-ShortNameLinkPathv2
+attributeId: 1.2.840.113556.1.4.2042
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2d7826f0-4cf7-42e9-a039-1110e0d9ca99
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32766
+systemFlags: 16
+
+cn: ms-DFS-Target-List-v2
+ldapDisplayName: msDFS-TargetListv2
+attributeId: 1.2.840.113556.1.4.2038
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 6ab126c6-fa41-4b36-809e-7ca91610d48f
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2097152
+systemFlags: 16
+
+cn: ms-DFS-Ttl-v2
+ldapDisplayName: msDFS-Ttlv2
+attributeId: 1.2.840.113556.1.4.2035
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ea944d31-864a-4349-ada5-062e2c614f5e
+isMemberOfPartialAttributeSet: FALSE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+searchFlags: 0
+
+cn: MS-DRM-Identity-Certificate
+ldapDisplayName: msDRM-IdentityCertificate
+attributeId: 1.2.840.113556.1.4.1843
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: e85e1204-3434-41ad-9b56-e2901228fff0
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 10240
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+isMemberOfPartialAttributeSet: TRUE
+
+cn: ms-DS-Additional-Dns-Host-Name
+ldapDisplayName: msDS-AdditionalDnsHostName
+attributeId: 1.2.840.113556.1.4.1717
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 80863791-dbe9-4eb8-837e-7f0ab55d9ac7
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+attributeSecurityGuid: 72e39547-7b18-11d1-adef-00c04fd8d5cd
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Additional-Sam-Account-Name
+ldapDisplayName: msDS-AdditionalSamAccountName
+attributeId: 1.2.840.113556.1.4.1718
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 975571df-a4d5-429a-9f59-cdc6581d91e6
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE| fANR | fATTINDEX
+rangeLower: 0
+rangeUpper: 256
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Allowed-DNS-Suffixes
+ldapDisplayName: msDS-AllowedDNSSuffixes
+attributeId: 1.2.840.113556.1.4.1710
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 8469441b-9ac4-4e45-8205-bd219dbf672d
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Allowed-To-Delegate-To
+ldapDisplayName: msDS-AllowedToDelegateTo
+attributeId: 1.2.840.113556.1.4.1787
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 800d94d7-b7a1-42a1-b14d-7cae1423d07f
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: MS-DS-All-Users-Trust-Quota
+ldapDisplayName: msDS-AllUsersTrustQuota
+attributeId: 1.2.840.113556.1.4.1789
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d3aa4a5c-4e03-4810-97aa-2b339e7a434b
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Approx-Immed-Subordinates
+ldapDisplayName: msDS-Approx-Immed-Subordinates
+attributeId: 1.2.840.113556.1.4.1669
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: e185d243-f6ce-4adb-b496-b0c005d7823c
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-AuthenticatedAt-DC
+ldapDisplayName: msDS-AuthenticatedAtDC
+attributeId: 1.2.840.113556.1.4.1958
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 3e1ee99c-6604-4489-89d9-84798a89515a
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2112
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-AuthenticatedTo-Accountlist
+ldapDisplayName: msDS-AuthenticatedToAccountlist
+attributeId: 1.2.840.113556.1.4.1957
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: e8b2c971-a6df-47bc-8d6f-62770d527aa5
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2113
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Auxiliary-Classes
+ldapDisplayName: msDS-Auxiliary-Classes
+attributeId: 1.2.840.113556.1.4.1458
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: c4af1073-ee50-4be0-b8c0-89a41fe99abe
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Az-Application-Data
+ldapDisplayName: msDS-AzApplicationData
+attributeId: 1.2.840.113556.1.4.1819
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 503fc3e8-1cc6-461a-99a3-9eee04f402a7
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Application-Name
+ldapDisplayName: msDS-AzApplicationName
+attributeId: 1.2.840.113556.1.4.1798
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: db5b0728-6208-4876-83b7-95d3e5695275
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 512
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Application-Version
+ldapDisplayName: msDS-AzApplicationVersion
+attributeId: 1.2.840.113556.1.4.1817
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7184a120-3ac4-47ae-848f-fe0ab20784d4
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Biz-Rule
+ldapDisplayName: msDS-AzBizRule
+attributeId: 1.2.840.113556.1.4.1801
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 33d41ea8-c0c9-4c92-9494-f104878413fd
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65536
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Biz-Rule-Language
+ldapDisplayName: msDS-AzBizRuleLanguage
+attributeId: 1.2.840.113556.1.4.1802
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 52994b56-0e6c-4e07-aa5c-ef9d7f5a0e25
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 64
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Class-ID
+ldapDisplayName: msDS-AzClassId
+attributeId: 1.2.840.113556.1.4.1816
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 013a7277-5c2d-49ef-a7de-b765b36a3f6f
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 40
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Domain-Timeout
+ldapDisplayName: msDS-AzDomainTimeout
+attributeId: 1.2.840.113556.1.4.1795
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 6448f56a-ca70-4e2e-b0af-d20e4ce653d0
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Generate-Audits
+ldapDisplayName: msDS-AzGenerateAudits
+attributeId: 1.2.840.113556.1.4.1805
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: f90abab0-186c-4418-bb85-88447c87222a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Generic-Data
+ldapDisplayName: msDS-AzGenericData
+attributeId: 1.2.840.113556.1.4.1950
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b5f7e349-7a5b-407c-a334-a31c3f538b98
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 65536
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Last-Imported-Biz-Rule-Path
+ldapDisplayName: msDS-AzLastImportedBizRulePath
+attributeId: 1.2.840.113556.1.4.1803
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 665acb5c-bb92-4dbc-8c59-b3638eab09b3
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65536
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-LDAP-Query
+ldapDisplayName: msDS-AzLDAPQuery
+attributeId: 1.2.840.113556.1.4.1792
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 5e53368b-fc94-45c8-9d7d-daf31ee7112d
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 4096
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Az-Major-Version
+ldapDisplayName: msDS-AzMajorVersion
+attributeId: 1.2.840.113556.1.4.1824
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: cfb9adb7-c4b7-4059-9568-1ed9db6b7248
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Minor-Version
+ldapDisplayName: msDS-AzMinorVersion
+attributeId: 1.2.840.113556.1.4.1825
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ee85ed93-b209-4788-8165-e702f51bfbf3
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Object-Guid
+ldapDisplayName: msDS-AzObjectGuid
+attributeId: 1.2.840.113556.1.4.1949
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 8491e548-6c38-4365-a732-af041569b02c
+systemOnly: TRUE
+searchFlags: fATTINDEX
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Operation-ID
+ldapDisplayName: msDS-AzOperationID
+attributeId: 1.2.840.113556.1.4.1800
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: a5f3b553-5d76-4cbe-ba3f-4312152cab18
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Scope-Name
+ldapDisplayName: msDS-AzScopeName
+attributeId: 1.2.840.113556.1.4.1799
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 515a6b06-2617-4173-8099-d5605df043c6
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65536
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Script-Engine-Cache-Max
+ldapDisplayName: msDS-AzScriptEngineCacheMax
+attributeId: 1.2.840.113556.1.4.1796
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 2629f66a-1f95-4bf3-a296-8e9d7b9e30c8
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Script-Timeout
+ldapDisplayName: msDS-AzScriptTimeout
+attributeId: 1.2.840.113556.1.4.1797
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 87d0fb41-2c8b-41f6-b972-11fdfd50d6b0
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Task-Is-Role-Definition
+ldapDisplayName: msDS-AzTaskIsRoleDefinition
+attributeId: 1.2.840.113556.1.4.1818
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 7b078544-6c82-4fe9-872f-ff48ad2b2e26
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Behavior-Version
+ldapDisplayName: msDS-Behavior-Version
+attributeId: 1.2.840.113556.1.4.1459
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d31a8757-2447-4545-8081-3bb610cacbf2
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-BridgeHead-Servers-Used
+ldapDisplayName: msDS-BridgeHeadServersUsed
+attributeId: 1.2.840.113556.1.4.2049
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.11
+linkID: 2160
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+schemaIdGuid: 3ced1465-7b71-2541-8780-1e1ea6243a82
+searchFlags: 0
+systemFlags: FLAG_ATTR_NOT_REPLICATED | FLAG_ATTR_IS_OPERATIONAL |FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Byte-Array
+ldapDisplayName: msDS-ByteArray
+attributeId: 1.2.840.113556.1.4.1831
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: f0d8972e-dd5b-40e5-a51d-044c7c17ece7
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1000000
+showInAdvancedViewOnly: FALSE
+
+cn: ms-DS-Cached-Membership
+ldapDisplayName: msDS-Cached-Membership
+attributeId: 1.2.840.113556.1.4.1441
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 69cab008-cdd4-4bc9-bab8-0ff37efe1b20
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Cached-Membership-Time-Stamp
+ldapDisplayName: msDS-Cached-Membership-Time-Stamp
+attributeId: 1.2.840.113556.1.4.1442
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 3566bf1f-beee-4dcb-8abe-ef89fcfec6c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: MS-DS-Consistency-Child-Count
+ldapDisplayName: mS-DS-ConsistencyChildCount
+attributeId: 1.2.840.113556.1.4.1361
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 178b7bc2-b63a-11d2-90e1-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-DS-Consistency-Guid
+ldapDisplayName: mS-DS-ConsistencyGuid
+attributeId: 1.2.840.113556.1.4.1360
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 23773dc2-b63a-11d2-90e1-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-DS-Creator-SID
+ldapDisplayName: mS-DS-CreatorSID
+attributeId: 1.2.840.113556.1.4.1410
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: c5e60132-1480-11d3-91c1-0000f87a57d4
+systemOnly: TRUE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Date-Time
+ldapDisplayName: msDS-DateTime
+attributeId: 1.2.840.113556.1.4.1832
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: FALSE
+schemaIdGuid: 234fcbd8-fb52-4908-a328-fd9f6e58e403
+systemOnly: FALSE
+searchFlags: 0
+showInAdvancedViewOnly: FALSE
+
+cn: ms-DS-Default-Quota
+ldapDisplayName: msDS-DefaultQuota
+attributeId: 1.2.840.113556.1.4.1846
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 6818f726-674b-441b-8a3a-f40596374cea
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Deleted-Object-Lifetime
+ldapDisplayName: msDS-DeletedObjectLifetime
+attributeId: 1.2.840.113556.1.4.2068
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+schemaIdGuid: a9b38cb6-189a-4def-8a70-0fcfa158148e
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-DnsRootAlias
+ldapDisplayName: msDS-DnsRootAlias
+attributeId: 1.2.840.113556.1.4.1719
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2143acca-eead-4d29-b591-85fa49ce9173
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 255
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Enabled-Feature
+ldapDisplayName: msDS-EnabledFeature
+attributeId: 1.2.840.113556.1.4.2061
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+linkId: 2168
+isSingleValued: FALSE
+schemaIdGuid: 5706aeaf-b940-4fb2-bcfc-5268683ad9fe
+isMemberOfPartialAttributeSet: TRUE
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Enabled-Feature-BL
+ldapDisplayName: msDS-EnabledFeatureBL
+attributeId: 1.2.840.113556.1.4.2069
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+linkId: 2169
+isSingleValued: FALSE
+schemaIdGuid: ce5b01bc-17c6-44b8-9dc1-a9668b00901b
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT|FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Entry-Time-To-Die
+ldapDisplayName: msDS-Entry-Time-To-Die
+attributeId: 1.2.840.113556.1.4.1622
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: e1e9bad7-c6dd-4101-a843-794cec85b038
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE | fATTINDEX
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_OPERATIONAL
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-ExecuteScriptPassword
+ldapDisplayName: msDS-ExecuteScriptPassword
+attributeId: 1.2.840.113556.1.4.1783
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 9d054a5a-d187-46c1-9d85-42dfc44a56dd
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 64
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-External-Key
+ldapDisplayName: msDS-ExternalKey
+attributeId: 1.2.840.113556.1.4.1833
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: b92fd528-38ac-40d4-818d-0433380837c1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10000
+
+cn: ms-DS-External-Store
+ldapDisplayName: msDS-ExternalStore
+attributeId: 1.2.840.113556.1.4.1834
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 604877cd-9cdb-47c7-b03d-3daadb044910
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10000
+
+cn: ms-DS-Failed-Interactive-Logon-Count
+ldapDisplayName: msDS-FailedInteractiveLogonCount
+attributeId: 1.2.840.113556.1.4.1972
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: dc3ca86f-70ad-4960-8425-a4d6313d93dd
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon
+ldapDisplayName: msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon
+attributeId: 1.2.840.113556.1.4.1973
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: c5d234e5-644a-4403-a665-e26e0aef5e98
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Filter-Containers
+ldapDisplayName: msDS-FilterContainers
+attributeId: 1.2.840.113556.1.4.1703
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: fb00dcdf-ac37-483a-9c12-ac53a6603033
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-HAB-Seniority-Index
+ldapDisplayName: msDS-HABSeniorityIndex
+attributeId: 1.2.840.113556.1.4.1997
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: def449f1-fd3b-4045-98cf-d9658da788b5
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 36000
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+isMemberOfPartialAttributeSet: TRUE
+
+cn: ms-DS-Has-Domain-NCs
+ldapDisplayName: msDS-HasDomainNCs
+attributeId: 1.2.840.113556.1.4.1820
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 6f17e347-a842-4498-b8b3-15e007da4fed
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 4
+rangeUpper: 4
+linkID: 2026
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Has-Full-Replica-NCs
+ldapDisplayName: msDS-hasFullReplicaNCs
+attributeId: 1.2.840.113556.1.4.1925
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 1d3c2d18-42d0-4868-99fe-0eca1e6fa9f3
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2104
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Has-Instantiated-NCs
+ldapDisplayName: msDS-HasInstantiatedNCs
+attributeId: 1.2.840.113556.1.4.1709
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.11
+isSingleValued: FALSE
+schemaIdGuid: 11e9a5bc-4517-4049-af9c-51554fb0fc09
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 4
+rangeUpper: 4
+linkID: 2002
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Has-Master-NCs
+ldapDisplayName: msDS-hasMasterNCs
+attributeId: 1.2.840.113556.1.4.1836
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: ae2de0e2-59d7-4d47-8d47-ed4dfe4357ad
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2036
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Host-Service-Account
+ldapDisplayName: msDS-HostServiceAccount
+attributeId: 1.2.840.113556.1.4.2056
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 80641043-15a2-40e1-92a2-8ca866f70776
+attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1
+searchFlags: 0
+linkID: 2166
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Host-Service-Account-BL
+ldapDisplayName: msDS-HostServiceAccountBL
+attributeId: 1.2.840.113556.1.4.2057
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 79abe4eb-88f3-48e7-89d6-f4bc7e98c331
+searchFlags: 0
+linkID: 2167
+systemFlags: FLAG_SCHEMA_BASE_OBJECT|FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Integer
+ldapDisplayName: msDS-Integer
+attributeId: 1.2.840.113556.1.4.1835
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+schemaIdGuid: 7bc64cea-c04e-4318-b102-3e0729371a65
+systemOnly: FALSE
+searchFlags: 0
+showInAdvancedViewOnly: FALSE
+
+cn: ms-DS-IntId
+ldapDisplayName: msDS-IntId
+attributeId: 1.2.840.113556.1.4.1716
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bc60096a-1b47-4b30-8877-602c93f56532
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Is-Domain-For
+ldapDisplayName: msDS-IsDomainFor
+attributeId: 1.2.840.113556.1.4.1933
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: ff155a2a-44e5-4de0-8318-13a58988de4f
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2027
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-Is-Full-Replica-For
+ldapDisplayName: msDS-IsFullReplicaFor
+attributeId: 1.2.840.113556.1.4.1932
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: c8bc72e0-a6b4-48f0-94a5-fd76a88c9987
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2105
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-isGC
+ldapDisplayName: msDS-isGC
+attributeId: 1.2.840.113556.1.4.1959
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 1df5cf33-0fe5-499e-90e1-e94b42718a46
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Is-Partial-Replica-For
+ldapDisplayName: msDS-IsPartialReplicaFor
+attributeId: 1.2.840.113556.1.4.1934
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 37c94ff6-c6d4-498f-b2f9-c6f7f8647809
+systemOnly: TRUE
+searchFlags: 0
+linkID: 75
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-isRODC
+ldapDisplayName: msDS-isRODC
+attributeId: 1.2.840.113556.1.4.1960
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: a8e8aa23-3e67-4af1-9d7a-2f1a1d633ac9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Is-User-Cachable-At-Rodc
+ldapDisplayName: msDS-IsUserCachableAtRodc
+attributeId: 1.2.840.113556.1.4.2025
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: fe01245a-341f-4556-951f-48c033a89050
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-KeyVersionNumber
+ldapDisplayName: msDS-KeyVersionNumber
+attributeId: 1.2.840.113556.1.4.1782
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: c523e9c0-33b5-4ac8-8923-b57b927f42f6
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-KrbTgt-Link
+ldapDisplayName: msDS-KrbTgtLink
+attributeId: 1.2.840.113556.1.4.1923
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 778ff5c9-6f4e-4b74-856a-d68383313910
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2100
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-KrbTgt-Link-BL
+ldapDisplayName: msDS-KrbTgtLinkBl
+attributeId: 1.2.840.113556.1.4.1931
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 5dd68c41-bfdf-438b-9b5d-39d9618bf260
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2101
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Last-Failed-Interactive-Logon-Time
+ldapDisplayName: msDS-LastFailedInteractiveLogonTime
+attributeId: 1.2.840.113556.1.4.1971
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: c7e7dafa-10c3-4b8b-9acd-54f11063742e
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Last-Known-RDN
+ldapDisplayName: msDS-LastKnownRDN
+attributeId: 1.2.840.113556.1.4.2067
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 8ab15858-683e-466d-877f-d640e1f9a611
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+rangeLower: 1
+rangeUpper: 255
+
+cn: ms-DS-Last-Successful-Interactive-Logon-Time
+ldapDisplayName: msDS-LastSuccessfulInteractiveLogonTime
+attributeId: 1.2.840.113556.1.4.1970
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 011929e6-8b5d-4258-b64a-00b0b4949747
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Local-Effective-Deletion-Time
+ldapDisplayName: msDS-LocalEffectiveDeletionTime
+attributeId: 1.2.840.113556.1.4.2059
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: 94f2800c-531f-4aeb-975d-48ac39fd8ca4
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT|FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Local-Effective-Recycle-Time
+ldapDisplayName: msDS-LocalEffectiveRecycleTime
+attributeId: 1.2.840.113556.1.4.2060
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: 4ad6016b-b0d2-4c9b-93b6-5964b17b968c
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT|FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Lockout-Duration
+ldapDisplayName: msDS-LockoutDuration
+attributeId: 1.2.840.113556.1.4.2018
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 0
+schemaIdGuid: 421f889a-472e-4fe4-8eb9-e1d0bc6071b2
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Lockout-Observation-Window
+ldapDisplayName: msDS-LockoutObservationWindow
+attributeId: 1.2.840.113556.1.4.2017
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 0
+schemaIdGuid: b05bda89-76af-468a-b892-1be55558ecc8
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Lockout-Threshold
+ldapDisplayName: msDS-LockoutThreshold
+attributeId: 1.2.840.113556.1.4.2019
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65535
+schemaIdGuid: b8c8c35e-4a19-4a95-99d0-69fe4446286f
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Logon-Time-Sync-Interval
+ldapDisplayName: msDS-LogonTimeSyncInterval
+attributeId: 1.2.840.113556.1.4.1784
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ad7940f8-e43a-4a42-83bc-d688e59ea605
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: MS-DS-Machine-Account-Quota
+ldapDisplayName: ms-DS-MachineAccountQuota
+attributeId: 1.2.840.113556.1.4.1411
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d064fb68-1480-11d3-91c1-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Mastered-By
+ldapDisplayName: msDs-masteredBy
+attributeId: 1.2.840.113556.1.4.1837
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 60234769-4819-4615-a1b2-49d2f119acb5
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2037
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Maximum-Password-Age
+ldapDisplayName: msDS-MaximumPasswordAge
+attributeId: 1.2.840.113556.1.4.2011
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 0
+schemaIdGuid: fdd337f5-4999-4fce-b252-8ff9c9b43875
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Max-Values
+ldapDisplayName: msDs-MaxValues
+attributeId: 1.2.840.113556.1.4.1842
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d1e169a4-ebe9-49bf-8fcb-8aef3874592d
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Members-For-Az-Role
+ldapDisplayName: msDS-MembersForAzRole
+attributeId: 1.2.840.113556.1.4.1806
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: cbf7e6cd-85a4-4314-8939-8bfe80597835
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2016
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Members-For-Az-Role-BL
+ldapDisplayName: msDS-MembersForAzRoleBL
+attributeId: 1.2.840.113556.1.4.1807
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: ececcd20-a7e0-4688-9ccf-02ece5e287f5
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2017
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-Minimum-Password-Age
+ldapDisplayName: msDS-MinimumPasswordAge
+attributeId: 1.2.840.113556.1.4.2012
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 0
+schemaIdGuid: 2a74f878-4d9c-49f9-97b3-6767d1cbd9a3
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Minimum-Password-Length
+ldapDisplayName: msDS-MinimumPasswordLength
+attributeId: 1.2.840.113556.1.4.2013
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 255
+schemaIdGuid: b21b3439-4c3a-441c-bb5f-08f20e9b315e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-NC-Repl-Cursors
+ldapDisplayName: msDS-NCReplCursors
+attributeId: 1.2.840.113556.1.4.1704
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 8a167ce4-f9e8-47eb-8d78-f7fe80abb2cc
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-NC-Replica-Locations
+ldapDisplayName: msDS-NC-Replica-Locations
+attributeId: 1.2.840.113556.1.4.1661
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 97de9615-b537-46bc-ac0f-10720f3909f3
+systemOnly: FALSE
+searchFlags: 0
+linkID: 1044
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-NC-Repl-Inbound-Neighbors
+ldapDisplayName: msDS-NCReplInboundNeighbors
+attributeId: 1.2.840.113556.1.4.1705
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9edba85a-3e9e-431b-9b1a-a5b6e9eda796
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-NC-Repl-Outbound-Neighbors
+ldapDisplayName: msDS-NCReplOutboundNeighbors
+attributeId: 1.2.840.113556.1.4.1706
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 855f2ef5-a1c5-4cc4-ba6d-32522848b61f
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-NC-RO-Replica-Locations
+ldapDisplayName: msDS-NC-RO-Replica-Locations
+attributeId: 1.2.840.113556.1.4.1967
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 3df793df-9858-4417-a701-735a1ecebf74
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2114
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-NC-RO-Replica-Locations-BL
+ldapDisplayName: msDS-NC-RO-Replica-Locations-BL
+attributeId: 1.2.840.113556.1.4.1968
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: f547511c-5b2a-44cc-8358-992a88258164
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2115
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-NC-Type
+ldapDisplayName: msDS-NcType
+attributeId: 1.2.840.113556.1.4.2024
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+schemaIdGuid: 5a2eacd7-cc2b-48cf-9d9a-b6f1a0024de9
+showInAdvancedViewOnly: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Never-Reveal-Group
+ldapDisplayName: msDS-NeverRevealGroup
+attributeId: 1.2.840.113556.1.4.1926
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 15585999-fd49-4d66-b25d-eeb96aba8174
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2106
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Non-Members
+ldapDisplayName: msDS-NonMembers
+attributeId: 1.2.840.113556.1.4.1793
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: cafcb1de-f23c-46b5-adf7-1e64957bd5db
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2014
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Non-Members-BL
+ldapDisplayName: msDS-NonMembersBL
+attributeId: 1.2.840.113556.1.4.1794
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 2a8c68fc-3a7a-4e87-8720-fe77c51cbe74
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2015
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-Non-Security-Group-Extra-Classes
+ldapDisplayName: msDS-Non-Security-Group-Extra-Classes
+attributeId: 1.2.840.113556.1.4.1689
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 2de144fc-1f52-486f-bdf4-16fcc3084e54
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Object-Reference
+ldapDisplayName: msDS-ObjectReference
+attributeId: 1.2.840.113556.1.4.1840
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 638ec2e8-22e7-409c-85d2-11b21bee72de
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2038
+
+cn: ms-DS-Object-Reference-BL
+ldapDisplayName: msDS-ObjectReferenceBL
+attributeId: 1.2.840.113556.1.4.1841
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 2b702515-c1f7-4b3b-b148-c0e4c6ceecb4
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2039
+systemFlags: FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-OIDToGroup-Link
+ldapDisplayName: msDS-OIDToGroupLink
+attributeId: 1.2.840.113556.1.4.2051
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: f9c9a57c-3941-438d-bebf-0edaf2aca187
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2164
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-OIDToGroup-Link-BL
+ldapDisplayName: msDS-OIDToGroupLinkBl
+attributeId: 1.2.840.113556.1.4.2052
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 1a3d0d20-5844-4199-ad25-0f5039a76ada
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2165
+systemFlags: FLAG_SCHEMA_BASE_OBJECT|FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Operations-For-Az-Role
+ldapDisplayName: msDS-OperationsForAzRole
+attributeId: 1.2.840.113556.1.4.1812
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 93f701be-fa4c-43b6-bc2f-4dbea718ffab
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2022
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Operations-For-Az-Role-BL
+ldapDisplayName: msDS-OperationsForAzRoleBL
+attributeId: 1.2.840.113556.1.4.1813
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: f85b6228-3734-4525-b6b7-3f3bb220902c
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2023
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-Operations-For-Az-Task
+ldapDisplayName: msDS-OperationsForAzTask
+attributeId: 1.2.840.113556.1.4.1808
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 1aacb436-2e9d-44a9-9298-ce4debeb6ebf
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2018
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Operations-For-Az-Task-BL
+ldapDisplayName: msDS-OperationsForAzTaskBL
+attributeId: 1.2.840.113556.1.4.1809
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: a637d211-5739-4ed1-89b2-88974548bc59
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2019
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-Optional-Feature-Flags
+ldapDisplayName: msDS-OptionalFeatureFlags
+attributeId: 1.2.840.113556.1.4.2063
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 8a0560c1-97b9-4811-9db7-dc061598965b
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Optional-Feature-GUID
+ldapDisplayName: msDS-OptionalFeatureGUID
+attributeId: 1.2.840.113556.1.4.2062
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 9b88bda8-dd82-4998-a91d-5f2d2baf1927
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Other-Settings
+ldapDisplayName: msDS-Other-Settings
+attributeId: 1.2.840.113556.1.4.1621
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 79d2f34c-9d7d-42bb-838f-866b3e4400e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Password-Complexity-Enabled
+ldapDisplayName: msDS-PasswordComplexityEnabled
+attributeId: 1.2.840.113556.1.4.2015
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid: db68054b-c9c3-4bf0-b15b-0fb52552a610
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Password-History-Length
+ldapDisplayName: msDS-PasswordHistoryLength
+attributeId: 1.2.840.113556.1.4.2014
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65535
+schemaIdGuid: fed81bb7-768c-4c2f-9641-2245de34794d
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Password-Reversible-Encryption-Enabled
+ldapDisplayName: msDS-PasswordReversibleEncryptionEnabled
+attributeId: 1.2.840.113556.1.4.2016
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid: 75ccdd8f-af6c-4487-bb4b-69e4d38a959c
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Password-Settings-Precedence
+ldapDisplayName: msDS-PasswordSettingsPrecedence
+attributeId: 1.2.840.113556.1.4.2023
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+schemaIdGuid: 456374ac-1f0a-4617-93cf-bc55a7c9d341
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: MS-DS-Per-User-Trust-Quota
+ldapDisplayName: msDS-PerUserTrustQuota
+attributeId: 1.2.840.113556.1.4.1788
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d161adf0-ca24-4993-a3aa-8b2c981302e8
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: MS-DS-Per-User-Trust-Tombstones-Quota
+ldapDisplayName: msDS-PerUserTrustTombstonesQuota
+attributeId: 1.2.840.113556.1.4.1790
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 8b70a6c6-50f9-4fa3-a71e-1ce03040449b
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Phonetic-Company-Name
+ldapDisplayName: msDS-PhoneticCompanyName
+attributeId: 1.2.840.113556.1.4.1945
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 5bd5208d-e5f4-46ae-a514-543bc9c47659
+systemOnly: FALSE
+searchFlags: fATTINDEX | fANR
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 35985
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+isMemberOfPartialAttributeSet: TRUE
+
+cn: ms-DS-Phonetic-Department
+ldapDisplayName: msDS-PhoneticDepartment
+attributeId: 1.2.840.113556.1.4.1944
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 6cd53daf-003e-49e7-a702-6fa896e7a6ef
+systemOnly: FALSE
+searchFlags: fATTINDEX | fANR
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 35984
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+isMemberOfPartialAttributeSet: TRUE
+
+cn: ms-DS-Phonetic-Display-Name
+ldapDisplayName: msDS-PhoneticDisplayName
+attributeId: 1.2.840.113556.1.4.1946
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: e21a94e4-2d66-4ce5-b30d-0ef87a776ff0
+systemOnly: FALSE
+searchFlags: fATTINDEX | fANR
+rangeLower: 0
+rangeUpper: 256
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 35986
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+isMemberOfPartialAttributeSet: TRUE
+
+cn: ms-DS-Phonetic-First-Name
+ldapDisplayName: msDS-PhoneticFirstName
+attributeId: 1.2.840.113556.1.4.1942
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 4b1cba4e-302f-4134-ac7c-f01f6c797843
+systemOnly: FALSE
+searchFlags: fATTINDEX | fANR
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 35982
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+isMemberOfPartialAttributeSet: TRUE
+
+cn: ms-DS-Phonetic-Last-Name
+ldapDisplayName: msDS-PhoneticLastName
+attributeId: 1.2.840.113556.1.4.1943
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f217e4ec-0836-4b90-88af-2f5d4bbda2bc
+systemOnly: FALSE
+searchFlags: fATTINDEX | fANR
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 35983
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+isMemberOfPartialAttributeSet: TRUE
+
+cn: ms-DS-Preferred-GC-Site
+ldapDisplayName: msDS-Preferred-GC-Site
+attributeId: 1.2.840.113556.1.4.1444
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: d921b50a-0ab2-42cd-87f6-09cf83a91854
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Principal-Name
+ldapDisplayName: msDS-PrincipalName
+attributeId: 1.2.840.113556.1.4.1865
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 564e9325-d057-c143-9e3b-4f9e5ef46f93
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Promotion-Settings
+ldapDisplayName: msDS-PromotionSettings
+attributeId: 1.2.840.113556.1.4.1962
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: c881b4e2-43c0-4ebe-b9bb-5250aa9b434c
+systemOnly: TRUE
+searchFlags: 0
+rangeUpper: 65536
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-PSO-Applied
+ldapDisplayName: msDS-PSOApplied
+attributeId: 1.2.840.113556.1.4.2021
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+omObjectClass: 1.3.12.2.1011.28.0.714
+schemaIdGuid: 5e6cf031-bda8-43c8-aca4-8fee4127005b
+linkID: 2119
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-PSO-Applies-To
+ldapDisplayName: msDS-PSOAppliesTo
+attributeId: 1.2.840.113556.1.4.2020
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass: 1.3.12.2.1011.28.0.714
+schemaIdGuid: 64c80f48-cdd2-4881-a86d-4e97b6f561fc
+linkID: 2118
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Quota-Amount
+ldapDisplayName: msDS-QuotaAmount
+attributeId: 1.2.840.113556.1.4.1845
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: fbb9a00d-3a8c-4233-9cf9-7189264903a1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Quota-Effective
+ldapDisplayName: msDS-QuotaEffective
+attributeId: 1.2.840.113556.1.4.1848
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 6655b152-101c-48b4-b347-e1fcebc60157
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Quota-Trustee
+ldapDisplayName: msDS-QuotaTrustee
+attributeId: 1.2.840.113556.1.4.1844
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 16378906-4ea5-49be-a8d1-bfd41dff4f65
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 28
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Quota-Used
+ldapDisplayName: msDS-QuotaUsed
+attributeId: 1.2.840.113556.1.4.1849
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: b5a84308-615d-4bb7-b05f-2f1746aa439f
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Repl-Attribute-Meta-Data
+ldapDisplayName: msDS-ReplAttributeMetaData
+attributeId: 1.2.840.113556.1.4.1707
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: d7c53242-724e-4c39-9d4c-2df8c9d66c7a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: MS-DS-Replicates-NC-Reason
+ldapDisplayName: mS-DS-ReplicatesNCReason
+attributeId: 1.2.840.113556.1.4.1408
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.11
+isSingleValued: FALSE
+schemaIdGuid: 0ea12b84-08b3-11d3-91bc-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-ReplicationEpoch
+ldapDisplayName: msDS-ReplicationEpoch
+attributeId: 1.2.840.113556.1.4.1720
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 08e3aa79-eb1c-45b5-af7b-8f94246c8e41
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Replication-Notify-First-DSA-Delay
+ldapDisplayName: msDS-Replication-Notify-First-DSA-Delay
+attributeId: 1.2.840.113556.1.4.1663
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 85abd4f4-0a89-4e49-bdec-6f35bb2562ba
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Replication-Notify-Subsequent-DSA-Delay
+ldapDisplayName: msDS-Replication-Notify-Subsequent-DSA-Delay
+attributeId: 1.2.840.113556.1.4.1664
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d63db385-dd92-4b52-b1d8-0d3ecc0e86b6
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Repl-Value-Meta-Data
+ldapDisplayName: msDS-ReplValueMetaData
+attributeId: 1.2.840.113556.1.4.1708
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 2f5c8145-e1bd-410b-8957-8bfa81d5acfd
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Required-Domain-Behavior-Version
+ldapDisplayName: msDS-RequiredDomainBehaviorVersion
+attributeId: 1.2.840.113556.1.4.2066
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: eadd3dfe-ae0e-4cc2-b9b9-5fe5b6ed2dd2
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Required-Forest-Behavior-Version
+ldapDisplayName: msDS-RequiredForestBehaviorVersion
+attributeId: 1.2.840.113556.1.4.2079
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 4beca2e8-a653-41b2-8fee-721575474bec
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Resultant-PSO
+ldapDisplayName: msDS-ResultantPSO
+attributeId: 1.2.840.113556.1.4.2022
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+omObjectClass: 1.3.12.2.1011.28.0.714
+schemaIdGuid: b77ea093-88d0-4780-9a98-911f8e8b1dca
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Retired-Repl-NC-Signatures
+ldapDisplayName: msDS-RetiredReplNCSignatures
+attributeId: 1.2.840.113556.1.4.1826
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: d5b35506-19d6-4d26-9afb-11357ac99b5e
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Revealed-DSAs
+ldapDisplayName: msDS-RevealedDSAs
+attributeId: 1.2.840.113556.1.4.1930
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 94f6f2ac-c76d-4b5e-b71f-f332c3e93c22
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2103
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Revealed-List
+ldapDisplayName: msDS-RevealedList
+attributeId: 1.2.840.113556.1.4.1940
+attributeSyntax: 2.5.5.14
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.12
+isSingleValued: FALSE
+schemaIdGuid: cbdad11c-7fec-387b-6219-3a0627d9af81
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Revealed-List-BL
+ldapDisplayName: msDS-RevealedListBL
+attributeId: 1.2.840.113556.1.4.1975
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: aa1c88fd-b0f6-429f-b2ca-9d902266e808
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Revealed-Users
+ldapDisplayName: msDS-RevealedUsers
+attributeId: 1.2.840.113556.1.4.1924
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.11
+isSingleValued: FALSE
+schemaIdGuid: 185c7821-3749-443a-bd6a-288899071adb
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2102
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Reveal-OnDemand-Group
+ldapDisplayName: msDS-RevealOnDemandGroup
+attributeId: 1.2.840.113556.1.4.1928
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 303d9f4a-1dd6-4b38-8fc5-33afe8c988ad
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2110
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-ds-Schema-Extensions
+ldapDisplayName: msDs-Schema-Extensions
+attributeId: 1.2.840.113556.1.4.1440
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: b39a61be-ed07-4cab-9a4a-4963ed0141e1
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-SD-Reference-Domain
+ldapDisplayName: msDS-SDReferenceDomain
+attributeId: 1.2.840.113556.1.4.1711
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 4c51e316-f628-43a5-b06b-ffb695fcb4f3
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2000
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Secondary-KrbTgt-Number
+ldapDisplayName: msDS-SecondaryKrbTgtNumber
+attributeId: 1.2.840.113556.1.4.1929
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: aa156612-2396-467e-ad6a-28d23fdb1865
+systemOnly: TRUE
+searchFlags: fATTINDEX
+rangeLower: 65536
+rangeUpper: 65536
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Security-Group-Extra-Classes
+ldapDisplayName: msDS-Security-Group-Extra-Classes
+attributeId: 1.2.840.113556.1.4.1688
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 4f146ae8-a4fe-4801-a731-f51848a4f4e4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Settings
+ldapDisplayName: msDS-Settings
+attributeId: 1.2.840.113556.1.4.1697
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0e1b47d7-40a3-4b48-8d1b-4cac0c1cdf21
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1000000
+systemFlags: 0
+
+cn: ms-DS-Site-Affinity
+ldapDisplayName: msDS-Site-Affinity
+attributeId: 1.2.840.113556.1.4.1443
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: c17c5602-bcb7-46f0-9656-6370ca884b72
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-SiteName
+ldapDisplayName: msDS-SiteName
+attributeId: 1.2.840.113556.1.4.1961
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 98a7f36d-3595-448a-9e6f-6b8965baed9c
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Source-Object-DN
+ldapDisplayName: msDS-SourceObjectDN
+attributeId: 1.2.840.113556.1.4.1879
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 773e93af-d3b4-48d4-b3f9-06457602d3d0
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 10240
+
+cn: ms-DS-SPN-Suffixes
+ldapDisplayName: msDS-SPNSuffixes
+attributeId: 1.2.840.113556.1.4.1715
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 789ee1eb-8c8e-4e4c-8cec-79b31b7617b5
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 255
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Supported-Encryption-Types
+ldapDisplayName: msDS-SupportedEncryptionTypes
+attributeId: 1.2.840.113556.1.4.1963
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 20119867-1d04-4ab7-9371-cfc3d5df0afd
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Tasks-For-Az-Role
+ldapDisplayName: msDS-TasksForAzRole
+attributeId: 1.2.840.113556.1.4.1814
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 35319082-8c4a-4646-9386-c2949d49894d
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2024
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Tasks-For-Az-Role-BL
+ldapDisplayName: msDS-TasksForAzRoleBL
+attributeId: 1.2.840.113556.1.4.1815
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: a0dcd536-5158-42fe-8c40-c00a7ad37959
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2025
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-Tasks-For-Az-Task
+ldapDisplayName: msDS-TasksForAzTask
+attributeId: 1.2.840.113556.1.4.1810
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: b11c8ee2-5fcd-46a7-95f0-f38333f096cf
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2020
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Tasks-For-Az-Task-BL
+ldapDisplayName: msDS-TasksForAzTaskBL
+attributeId: 1.2.840.113556.1.4.1811
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: df446e52-b5fa-4ca2-a42f-13f98a526c8f
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2021
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-Tombstone-Quota-Factor
+ldapDisplayName: msDS-TombstoneQuotaFactor
+attributeId: 1.2.840.113556.1.4.1847
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 461744d7-f3b6-45ba-8753-fb9552a5df32
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 100
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Top-Quota-Usage
+ldapDisplayName: msDS-TopQuotaUsage
+attributeId: 1.2.840.113556.1.4.1850
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7b7cce4f-f1f5-4bb6-b7eb-23504af19e75
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Trust-Forest-Trust-Info
+ldapDisplayName: msDS-TrustForestTrustInfo
+attributeId: 1.2.840.113556.1.4.1702
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 29cc866e-49d3-4969-942e-1dbc0925d183
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-UpdateScript
+ldapDisplayName: msDS-UpdateScript
+attributeId: 1.2.840.113556.1.4.1721
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 146eb639-bb9f-4fc1-a825-e29e00c77920
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-User-Account-Control-Computed
+ldapDisplayName: msDS-User-Account-Control-Computed
+attributeId: 1.2.840.113556.1.4.1460
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 2cc4b836-b63f-4940-8d23-ea7acf06af56
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 4c164200-20c0-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-User-Password-Expiry-Time-Computed
+ldapDisplayName: msDS-UserPasswordExpiryTimeComputed
+attributeId: 1.2.840.113556.1.4.1996
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: add5cf10-7b09-4449-9ae6-2534148f8a72
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 4c164200-20c0-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-USN-Last-Sync-Success
+ldapDisplayName: msDS-USNLastSyncSuccess
+attributeId: 1.2.840.113556.1.4.2055
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 31f7b8b6-c9f8-4f2d-a37b-58a823030331
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED | FLAG_ATTR_IS_OPERATIONAL
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-Exch-Assistant-Name
+ldapDisplayName: msExchAssistantName
+attributeId: 1.2.840.113556.1.2.444
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a8df7394-c5ea-11d1-bbcb-0080c76670c0
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+mapiID: 14896
+
+cn: ms-Exch-House-Identifier
+ldapDisplayName: msExchHouseIdentifier
+attributeId: 1.2.840.113556.1.2.596
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a8df7407-c5ea-11d1-bbcb-0080c76670c0
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 128
+mapiID: 35924
+
+cn: ms-Exch-LabeledURI
+ldapDisplayName: msExchLabeledURI
+attributeId: 1.2.840.113556.1.2.593
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 16775820-47f3-11d1-a9c3-0000f80367c1
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 1024
+mapiID: 35921
+
+cn: ms-Exch-Owner-BL
+ldapDisplayName: ownerBL
+attributeId: 1.2.840.113556.1.2.104
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: bf9679f4-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+linkID: 45
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-FRS-Hub-Member
+ldapDisplayName: msFRS-Hub-Member
+attributeId: 1.2.840.113556.1.4.1693
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 5643ff81-35b6-4ca9-9512-baf0bd0a2772
+searchFlags: 0
+linkID: 1046
+
+cn: ms-FRS-Topology-Pref
+ldapDisplayName: msFRS-Topology-Pref
+attributeId: 1.2.840.113556.1.4.1692
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 92aa27e0-5c50-402d-9ec1-ee847def9788
+searchFlags: 0
+
+cn: ms-FVE-KeyPackage
+ldapDisplayName: msFVE-KeyPackage
+attributeId: 1.2.840.113556.1.4.1999
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+rangeUpper: 102400
+schemaIdGuid: 1fd55ea8-88a7-47dc-8129-0daa97186a54
+searchFlags: fRODCFilteredAttribute | fCONFIDENTIAL | fCOPY |fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-FVE-RecoveryGuid
+ldapDisplayName: msFVE-RecoveryGuid
+attributeId: 1.2.840.113556.1.4.1965
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: f76909bc-e678-47a0-b0b3-f86a0044c06d
+searchFlags: fCOPY | fPRESERVEONDELETE | fPDNTATTINDEX | fATTINDEX
+rangeUpper: 128
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+isMemberOfPartialAttributeSet: TRUE
+
+cn: ms-FVE-RecoveryPassword
+ldapDisplayName: msFVE-RecoveryPassword
+attributeId: 1.2.840.113556.1.4.1964
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+rangeUpper: 256
+schemaIdGuid: 43061ac1-c8ad-4ccc-b785-2bfac20fc60a
+searchFlags: fRODCFilteredAttribute | fCONFIDENTIAL | fCOPY |fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-FVE-VolumeGuid
+ldapDisplayName: msFVE-VolumeGuid
+attributeId: 1.2.840.113556.1.4.1998
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+searchFlags: fCOPY | fPRESERVEONDELETE | fPDNTATTINDEX | fATTINDEX
+rangeUpper: 128
+schemaIdGuid: 85e5a5cf-dcee-4075-9cfd-ac9db6a2f245
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+isMemberOfPartialAttributeSet: TRUE
+
+cn: ms-ieee-80211-Data
+ldapDisplayName: msieee80211-Data
+attributeId: 1.2.840.113556.1.4.1821
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 0e0d0938-2658-4580-a9f6-7a0ac7b566cb
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-ieee-80211-Data-Type
+ldapDisplayName: msieee80211-DataType
+attributeId: 1.2.840.113556.1.4.1822
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 6558b180-35da-4efe-beed-521f8f48cafb
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-ieee-80211-ID
+ldapDisplayName: msieee80211-ID
+attributeId: 1.2.840.113556.1.4.1823
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7f73ef75-14c9-4c23-81de-dd07a06f9e8b
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Msi-File-List
+ldapDisplayName: msiFileList
+attributeId: 1.2.840.113556.1.4.671
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7bfdcb7d-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-IIS-FTP-Dir
+ldapDisplayName: msIIS-FTPDir
+attributeId: 1.2.840.113556.1.4.1786
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 8a5c99e9-2230-46eb-b8e8-e59d712eb9ee
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-IIS-FTP-Root
+ldapDisplayName: msIIS-FTPRoot
+attributeId: 1.2.840.113556.1.4.1785
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2a7827a4-1483-49a5-9d84-52e3812156b4
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-Imaging-PSP-Identifier
+ldapDisplayName: msImaging-PSPIdentifier
+attributeId: 1.2.840.113556.1.4.2053
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 51583ce9-94fa-4b12-b990-304c35b18595
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-Imaging-PSP-String
+ldapDisplayName: msImaging-PSPString
+attributeId: 1.2.840.113556.1.4.2054
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7b6760ae-d6ed-44a6-b6be-9de62c09ec67
+searchFlags: 0
+rangeUpper: 524288
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Msi-Script
+ldapDisplayName: msiScript
+attributeId: 1.2.840.113556.1.4.814
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: d9e18313-8939-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Msi-Script-Name
+ldapDisplayName: msiScriptName
+attributeId: 1.2.840.113556.1.4.845
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 96a7dd62-9118-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Msi-Script-Path
+ldapDisplayName: msiScriptPath
+attributeId: 1.2.840.113556.1.4.15
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967937-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Msi-Script-Size
+ldapDisplayName: msiScriptSize
+attributeId: 1.2.840.113556.1.4.846
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 96a7dd63-9118-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Authenticate
+ldapDisplayName: mSMQAuthenticate
+attributeId: 1.2.840.113556.1.4.923
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc326-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Base-Priority
+ldapDisplayName: mSMQBasePriority
+attributeId: 1.2.840.113556.1.4.920
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc323-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Computer-Type
+ldapDisplayName: mSMQComputerType
+attributeId: 1.2.840.113556.1.4.933
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc32e-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Computer-Type-Ex
+ldapDisplayName: mSMQComputerTypeEx
+attributeId: 1.2.840.113556.1.4.1417
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 18120de8-f4c4-4341-bd95-32eb5bcf7c80
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Cost
+ldapDisplayName: mSMQCost
+attributeId: 1.2.840.113556.1.4.946
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc33a-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-CSP-Name
+ldapDisplayName: mSMQCSPName
+attributeId: 1.2.840.113556.1.4.940
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc334-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Dependent-Client-Service
+ldapDisplayName: mSMQDependentClientService
+attributeId: 1.2.840.113556.1.4.1239
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 2df90d83-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Dependent-Client-Services
+ldapDisplayName: mSMQDependentClientServices
+attributeId: 1.2.840.113556.1.4.1226
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 2df90d76-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Digests
+ldapDisplayName: mSMQDigests
+attributeId: 1.2.840.113556.1.4.948
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 9a0dc33c-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 16
+rangeUpper: 16
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Digests-Mig
+ldapDisplayName: mSMQDigestsMig
+attributeId: 1.2.840.113556.1.4.966
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 0f71d8e0-da3b-11d1-90a5-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Ds-Service
+ldapDisplayName: mSMQDsService
+attributeId: 1.2.840.113556.1.4.1238
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 2df90d82-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Ds-Services
+ldapDisplayName: mSMQDsServices
+attributeId: 1.2.840.113556.1.4.1228
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 2df90d78-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Encrypt-Key
+ldapDisplayName: mSMQEncryptKey
+attributeId: 1.2.840.113556.1.4.936
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc331-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Foreign
+ldapDisplayName: mSMQForeign
+attributeId: 1.2.840.113556.1.4.934
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc32f-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-In-Routing-Servers
+ldapDisplayName: mSMQInRoutingServers
+attributeId: 1.2.840.113556.1.4.929
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 9a0dc32c-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Interval1
+ldapDisplayName: mSMQInterval1
+attributeId: 1.2.840.113556.1.4.1308
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 8ea825aa-3b7b-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Interval2
+ldapDisplayName: mSMQInterval2
+attributeId: 1.2.840.113556.1.4.1309
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 99b88f52-3b7b-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Journal
+ldapDisplayName: mSMQJournal
+attributeId: 1.2.840.113556.1.4.918
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc321-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Journal-Quota
+ldapDisplayName: mSMQJournalQuota
+attributeId: 1.2.840.113556.1.4.921
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc324-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Label
+ldapDisplayName: mSMQLabel
+attributeId: 1.2.840.113556.1.4.922
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc325-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 124
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Label-Ex
+ldapDisplayName: mSMQLabelEx
+attributeId: 1.2.840.113556.1.4.1415
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 4580ad25-d407-48d2-ad24-43e6e56793d7
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 124
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Long-Lived
+ldapDisplayName: mSMQLongLived
+attributeId: 1.2.840.113556.1.4.941
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc335-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Migrated
+ldapDisplayName: mSMQMigrated
+attributeId: 1.2.840.113556.1.4.952
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc33f-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Multicast-Address
+ldapDisplayName: MSMQ-MulticastAddress
+attributeId: 1.2.840.113556.1.4.1714
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1d2f4412-f10d-4337-9b48-6e5b125cd265
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 9
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Name-Style
+ldapDisplayName: mSMQNameStyle
+attributeId: 1.2.840.113556.1.4.939
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc333-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Nt4-Flags
+ldapDisplayName: mSMQNt4Flags
+attributeId: 1.2.840.113556.1.4.964
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: eb38a158-d57f-11d1-90a2-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Nt4-Stub
+ldapDisplayName: mSMQNt4Stub
+attributeId: 1.2.840.113556.1.4.960
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+schemaIdGuid: 6f914be6-d57e-11d1-90a2-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-OS-Type
+ldapDisplayName: mSMQOSType
+attributeId: 1.2.840.113556.1.4.935
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc330-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Out-Routing-Servers
+ldapDisplayName: mSMQOutRoutingServers
+attributeId: 1.2.840.113556.1.4.928
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 9a0dc32b-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Owner-ID
+ldapDisplayName: mSMQOwnerID
+attributeId: 1.2.840.113556.1.4.925
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc328-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fPRESERVEONDELETE | fATTINDEX
+rangeLower: 16
+rangeUpper: 16
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: MSMQ-Prev-Site-Gates
+ldapDisplayName: mSMQPrevSiteGates
+attributeId: 1.2.840.113556.1.4.1225
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 2df90d75-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Privacy-Level
+ldapDisplayName: mSMQPrivacyLevel
+attributeId: 1.2.840.113556.1.4.924
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc327-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-QM-ID
+ldapDisplayName: mSMQQMID
+attributeId: 1.2.840.113556.1.4.951
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc33e-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Queue-Journal-Quota
+ldapDisplayName: mSMQQueueJournalQuota
+attributeId: 1.2.840.113556.1.4.963
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 8e441266-d57f-11d1-90a2-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Queue-Name-Ext
+ldapDisplayName: mSMQQueueNameExt
+attributeId: 1.2.840.113556.1.4.1243
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2df90d87-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 92
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Queue-Quota
+ldapDisplayName: mSMQQueueQuota
+attributeId: 1.2.840.113556.1.4.962
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 3f6b8e12-d57f-11d1-90a2-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Queue-Type
+ldapDisplayName: mSMQQueueType
+attributeId: 1.2.840.113556.1.4.917
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc320-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 16
+rangeUpper: 16
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Quota
+ldapDisplayName: mSMQQuota
+attributeId: 1.2.840.113556.1.4.919
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc322-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Recipient-FormatName
+ldapDisplayName: msMQ-Recipient-FormatName
+attributeId: 1.2.840.113556.1.4.1695
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3bfe6748-b544-485a-b067-1b310c4334bf
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 255
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Routing-Service
+ldapDisplayName: mSMQRoutingService
+attributeId: 1.2.840.113556.1.4.1237
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 2df90d81-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Routing-Services
+ldapDisplayName: mSMQRoutingServices
+attributeId: 1.2.840.113556.1.4.1227
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 2df90d77-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Secured-Source
+ldapDisplayName: MSMQ-SecuredSource
+attributeId: 1.2.840.113556.1.4.1713
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 8bf0221b-7a06-4d63-91f0-1499941813d3
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Services
+ldapDisplayName: mSMQServices
+attributeId: 1.2.840.113556.1.4.950
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc33d-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Service-Type
+ldapDisplayName: mSMQServiceType
+attributeId: 1.2.840.113556.1.4.930
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc32d-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Sign-Certificates
+ldapDisplayName: mSMQSignCertificates
+attributeId: 1.2.840.113556.1.4.947
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc33b-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1048576
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Sign-Certificates-Mig
+ldapDisplayName: mSMQSignCertificatesMig
+attributeId: 1.2.840.113556.1.4.967
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 3881b8ea-da3b-11d1-90a5-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1048576
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Sign-Key
+ldapDisplayName: mSMQSignKey
+attributeId: 1.2.840.113556.1.4.937
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc332-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Site-1
+ldapDisplayName: mSMQSite1
+attributeId: 1.2.840.113556.1.4.943
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc337-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Site-2
+ldapDisplayName: mSMQSite2
+attributeId: 1.2.840.113556.1.4.944
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc338-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Site-Foreign
+ldapDisplayName: mSMQSiteForeign
+attributeId: 1.2.840.113556.1.4.961
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: FALSE
+schemaIdGuid: fd129d8a-d57e-11d1-90a2-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Site-Gates
+ldapDisplayName: mSMQSiteGates
+attributeId: 1.2.840.113556.1.4.945
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 9a0dc339-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Site-Gates-Mig
+ldapDisplayName: mSMQSiteGatesMig
+attributeId: 1.2.840.113556.1.4.1310
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: e2704852-3b7b-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Site-ID
+ldapDisplayName: mSMQSiteID
+attributeId: 1.2.840.113556.1.4.953
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc340-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Site-Name
+ldapDisplayName: mSMQSiteName
+attributeId: 1.2.840.113556.1.4.965
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: TRUE
+schemaIdGuid: ffadb4b2-de39-11d1-90a5-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Site-Name-Ex
+ldapDisplayName: mSMQSiteNameEx
+attributeId: 1.2.840.113556.1.4.1416
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 422144fa-c17f-4649-94d6-9731ed2784ed
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Sites
+ldapDisplayName: mSMQSites
+attributeId: 1.2.840.113556.1.4.927
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 9a0dc32a-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Transactional
+ldapDisplayName: mSMQTransactional
+attributeId: 1.2.840.113556.1.4.926
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc329-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-User-Sid
+ldapDisplayName: mSMQUserSid
+attributeId: 1.2.840.113556.1.4.1337
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: c58aae32-56f9-11d2-90d0-00c04fd91ab1
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 128
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+
+cn: MSMQ-Version
+ldapDisplayName: mSMQVersion
+attributeId: 1.2.840.113556.1.4.942
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc336-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-net-ieee-80211-GP-PolicyData
+ldapDisplayName: ms-net-ieee-80211-GP-PolicyData
+attributeId: 1.2.840.113556.1.4.1952
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 9c1495a5-4d76-468e-991e-1433b0a67855
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 4194304
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-net-ieee-80211-GP-PolicyGUID
+ldapDisplayName: ms-net-ieee-80211-GP-PolicyGUID
+attributeId: 1.2.840.113556.1.4.1951
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 35697062-1eaf-448b-ac1e-388e0be4fdee
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 64
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-net-ieee-80211-GP-PolicyReserved
+ldapDisplayName: ms-net-ieee-80211-GP-PolicyReserved
+attributeId: 1.2.840.113556.1.4.1953
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 0f69c62e-088e-4ff5-a53a-e923cec07c0a
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 4194304
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-net-ieee-8023-GP-PolicyData
+ldapDisplayName: ms-net-ieee-8023-GP-PolicyData
+attributeId: 1.2.840.113556.1.4.1955
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 8398948b-7457-4d91-bd4d-8d7ed669c9f7
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1048576
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-net-ieee-8023-GP-PolicyGUID
+ldapDisplayName: ms-net-ieee-8023-GP-PolicyGUID
+attributeId: 1.2.840.113556.1.4.1954
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 94a7b05a-b8b2-4f59-9c25-39e69baa1684
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 64
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-net-ieee-8023-GP-PolicyReserved
+ldapDisplayName: ms-net-ieee-8023-GP-PolicyReserved
+attributeId: 1.2.840.113556.1.4.1956
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: d3c527c7-2606-4deb-8cfd-18426feec8ce
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1048576
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msNPAllowDialin
+ldapDisplayName: msNPAllowDialin
+attributeId: 1.2.840.113556.1.4.1119
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: db0c9085-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msNPCalledStationID
+ldapDisplayName: msNPCalledStationID
+attributeId: 1.2.840.113556.1.4.1123
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: db0c9089-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+searchFlags: 0
+
+cn: msNPCallingStationID
+ldapDisplayName: msNPCallingStationID
+attributeId: 1.2.840.113556.1.4.1124
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: db0c908a-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msNPSavedCallingStationID
+ldapDisplayName: msNPSavedCallingStationID
+attributeId: 1.2.840.113556.1.4.1130
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: db0c908e-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-AccountCredentials
+ldapDisplayName: msPKIAccountCredentials
+attributeId: 1.2.840.113556.1.4.1894
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.11
+isSingleValued: FALSE
+schemaIdGuid: b8dfa744-31dc-4ef1-ac7c-84baf7ef9da7
+systemOnly: FALSE
+searchFlags: fCONFIDENTIAL | fRODCFilteredAttribute
+attributeSecurityGuid: 91e647de-d96f-4b70-9557-d63ff4f3ccd8
+linkID: 2048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+isMemberOfPartialAttributeSet: FALSE
+
+cn: ms-PKI-Certificate-Application-Policy
+ldapDisplayName: msPKI-Certificate-Application-Policy
+attributeId: 1.2.840.113556.1.4.1674
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: dbd90548-aa37-4202-9966-8c537ba5ce32
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Certificate-Name-Flag
+ldapDisplayName: msPKI-Certificate-Name-Flag
+attributeId: 1.2.840.113556.1.4.1432
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ea1dddc4-60ff-416e-8cc0-17cee534bce7
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Certificate-Policy
+ldapDisplayName: msPKI-Certificate-Policy
+attributeId: 1.2.840.113556.1.4.1439
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 38942346-cc5b-424b-a7d8-6ffd12029c5f
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+systemOnly: FALSE
+
+cn: ms-PKI-Cert-Template-OID
+ldapDisplayName: msPKI-Cert-Template-OID
+attributeId: 1.2.840.113556.1.4.1436
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3164c36a-ba26-468c-8bda-c1e5cc256728
+systemOnly: FALSE
+searchFlags: 1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Credential-Roaming-Tokens
+ldapDisplayName: msPKI-CredentialRoamingTokens
+attributeId: 1.2.840.113556.1.4.2050
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.11
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+schemaIdGuid: b7ff5a38-0818-42b0-8110-d3d154c97f24
+attributeSecurityGUID: 91e647de-d96f-4b70-9557-d63ff4f3ccd8
+searchFlags: fCONFIDENTIAL
+linkID: 2162
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-DPAPIMasterKeys
+ldapDisplayName: msPKIDPAPIMasterKeys
+attributeId: 1.2.840.113556.1.4.1893
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.11
+isSingleValued: FALSE
+schemaIdGuid: b3f93023-9239-4f7c-b99c-6745d87adbc2
+systemOnly: FALSE
+searchFlags: fCONFIDENTIAL | fRODCFilteredAttribute
+attributeSecurityGuid: 91e647de-d96f-4b70-9557-d63ff4f3ccd8
+linkID: 2046
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+isMemberOfPartialAttributeSet: FALSE
+
+cn: ms-PKI-Enrollment-Flag
+ldapDisplayName: msPKI-Enrollment-Flag
+attributeId: 1.2.840.113556.1.4.1430
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d15ef7d8-f226-46db-ae79-b34e560bd12c
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Enrollment-Servers
+ldapDisplayName: msPKI-Enrollment-Servers
+attributeId: 1.2.840.113556.1.4.2076
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f22bd38f-a1d0-4832-8b28-0331438886a6
+systemOnly: FALSE
+rangeUpper: 65536
+isMemberOfPartialAttributeSet: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Minimal-Key-Size
+ldapDisplayName: msPKI-Minimal-Key-Size
+attributeId: 1.2.840.113556.1.4.1433
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: e96a63f5-417f-46d3-be52-db7703c503df
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-OID-Attribute
+ldapDisplayName: msPKI-OID-Attribute
+attributeId: 1.2.840.113556.1.4.1671
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 8c9e1288-5028-4f4f-a704-76d026f246ef
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-OID-CPS
+ldapDisplayName: msPKI-OID-CPS
+attributeId: 1.2.840.113556.1.4.1672
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 5f49940e-a79f-4a51-bb6f-3d446a54dc6b
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 32768
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-OID-LocalizedName
+ldapDisplayName: msPKI-OIDLocalizedName
+attributeId: 1.2.840.113556.1.4.1712
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7d59a816-bb05-4a72-971f-5c1331f67559
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 512
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-OID-User-Notice
+ldapDisplayName: msPKI-OID-User-Notice
+attributeId: 1.2.840.113556.1.4.1673
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 04c4da7a-e114-4e69-88de-e293f2d3b395
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 32768
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Private-Key-Flag
+ldapDisplayName: msPKI-Private-Key-Flag
+attributeId: 1.2.840.113556.1.4.1431
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bab04ac2-0435-4709-9307-28380e7c7001
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-RA-Application-Policies
+ldapDisplayName: msPKI-RA-Application-Policies
+attributeId: 1.2.840.113556.1.4.1675
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 3c91fbbf-4773-4ccd-a87b-85d53e7bcf6a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-RA-Policies
+ldapDisplayName: msPKI-RA-Policies
+attributeId: 1.2.840.113556.1.4.1438
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: d546ae22-0951-4d47-817e-1c9f96faad46
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-RA-Signature
+ldapDisplayName: msPKI-RA-Signature
+attributeId: 1.2.840.113556.1.4.1429
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: fe17e04b-937d-4f7e-8e0e-9292c8d5683e
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-RoamingTimeStamp
+ldapDisplayName: msPKIRoamingTimeStamp
+attributeId: 1.2.840.113556.1.4.1892
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 6617e4ac-a2f1-43ab-b60c-11fbd1facf05
+systemOnly: FALSE
+searchFlags: fCONFIDENTIAL | fRODCFilteredAttribute
+attributeSecurityGuid: 91e647de-d96f-4b70-9557-d63ff4f3ccd8
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+isMemberOfPartialAttributeSet: FALSE
+
+cn: ms-PKI-Site-Name
+ldapDisplayName: msPKI-Site-Name
+attributeId: 1.2.840.113556.1.4.2077
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 0cd8711f-0afc-4926-a4b1-09b08d3d436c
+systemOnly: FALSE
+rangeUpper: 1024
+isMemberOfPartialAttributeSet: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Supersede-Templates
+ldapDisplayName: msPKI-Supersede-Templates
+attributeId: 1.2.840.113556.1.4.1437
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9de8ae7d-7a5b-421d-b5e4-061f79dfd5d7
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Template-Minor-Revision
+ldapDisplayName: msPKI-Template-Minor-Revision
+attributeId: 1.2.840.113556.1.4.1435
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 13f5236c-1884-46b1-b5d0-484e38990d58
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Template-Schema-Version
+ldapDisplayName: msPKI-Template-Schema-Version
+attributeId: 1.2.840.113556.1.4.1434
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 0c15e9f5-491d-4594-918f-32813a091da9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msRADIUSCallbackNumber
+ldapDisplayName: msRADIUSCallbackNumber
+attributeId: 1.2.840.113556.1.4.1145
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: db0c909c-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-RADIUS-FramedInterfaceId
+ldapDisplayName: msRADIUS-FramedInterfaceId
+attributeId: 1.2.840.113556.1.4.1913
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: a6f24a23-d65c-4d65-a64f-35fb6873c2b9
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeUpper: 8
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msRADIUSFramedIPAddress
+ldapDisplayName: msRADIUSFramedIPAddress
+attributeId: 1.2.840.113556.1.4.1153
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: db0c90a4-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-RADIUS-FramedIpv6Prefix
+ldapDisplayName: msRADIUS-FramedIpv6Prefix
+attributeId: 1.2.840.113556.1.4.1915
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: f63ed610-d67c-494d-87be-cd1e24359a38
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-RADIUS-FramedIpv6Route
+ldapDisplayName: msRADIUS-FramedIpv6Route
+attributeId: 1.2.840.113556.1.4.1917
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 5a5aa804-3083-4863-94e5-018a79a22ec0
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeUpper: 4096
+
+cn: msRADIUSFramedRoute
+ldapDisplayName: msRADIUSFramedRoute
+attributeId: 1.2.840.113556.1.4.1158
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: db0c90a9-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-RADIUS-SavedFramedInterfaceId
+ldapDisplayName: msRADIUS-SavedFramedInterfaceId
+attributeId: 1.2.840.113556.1.4.1914
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: a4da7289-92a3-42e5-b6b6-dad16d280ac9
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeUpper: 8
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-RADIUS-SavedFramedIpv6Prefix
+ldapDisplayName: msRADIUS-SavedFramedIpv6Prefix
+attributeId: 1.2.840.113556.1.4.1916
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: 0965a062-b1e1-403b-b48d-5c0eb0e952cc
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-RADIUS-SavedFramedIpv6Route
+ldapDisplayName: msRADIUS-SavedFramedIpv6Route
+attributeId: 1.2.840.113556.1.4.1918
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 9666bb5c-df9d-4d41-b437-2eec7e27c9b3
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeUpper: 4096
+
+cn: msRADIUSServiceType
+ldapDisplayName: msRADIUSServiceType
+attributeId: 1.2.840.113556.1.4.1171
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: db0c90b6-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msRASSavedCallbackNumber
+ldapDisplayName: msRASSavedCallbackNumber
+attributeId: 1.2.840.113556.1.4.1189
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: db0c90c5-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msRASSavedFramedIPAddress
+ldapDisplayName: msRASSavedFramedIPAddress
+attributeId: 1.2.840.113556.1.4.1190
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: db0c90c6-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msRASSavedFramedRoute
+ldapDisplayName: msRASSavedFramedRoute
+attributeId: 1.2.840.113556.1.4.1191
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: db0c90c7-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-RRAS-Attribute
+ldapDisplayName: msRRASAttribute
+attributeId: 1.2.840.113556.1.4.884
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f39b98ad-938d-11d1-aebd-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-RRAS-Vendor-Attribute-Entry
+ldapDisplayName: msRRASVendorAttributeEntry
+attributeId: 1.2.840.113556.1.4.883
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f39b98ac-938d-11d1-aebd-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msSFU-30-Aliases
+ldapDisplayName: msSFU30Aliases
+attributeId: 1.2.840.113556.1.6.18.1.323
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 20ebf171-c69a-4c31-b29d-dcb837d8912d
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 153600
+
+cn: msSFU-30-Crypt-Method
+ldapDisplayName: msSFU30CryptMethod
+attributeId: 1.2.840.113556.1.6.18.1.352
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: 4503d2a3-3d70-41b8-b077-dff123c15865
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: msSFU-30-Domains
+ldapDisplayName: msSFU30Domains
+attributeId: 1.2.840.113556.1.6.18.1.340
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 93095ed3-6f30-4bdd-b734-65d569f5f7c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeUpper: 256000
+
+cn: msSFU-30-Field-Separator
+ldapDisplayName: msSFU30FieldSeparator
+attributeId: 1.2.840.113556.1.6.18.1.302
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a2e11a42-e781-4ca1-a7fa-ec307f62b6a1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 50
+
+cn: msSFU-30-Intra-Field-Separator
+ldapDisplayName: msSFU30IntraFieldSeparator
+attributeId: 1.2.840.113556.1.6.18.1.303
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 95b2aef0-27e4-4cb9-880a-a2d9a9ea23b8
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 50
+
+cn: msSFU-30-Is-Valid-Container
+ldapDisplayName: msSFU30IsValidContainer
+attributeId: 1.2.840.113556.1.6.18.1.350
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 0dea42f5-278d-4157-b4a7-49b59664915b
+systemOnly: FALSE
+searchFlags: fATTINDEX
+
+cn: msSFU-30-Key-Attributes
+ldapDisplayName: msSFU30KeyAttributes
+attributeId: 1.2.840.113556.1.6.18.1.301
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 32ecd698-ce9e-4894-a134-7ad76b082e83
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: msSFU-30-Key-Values
+ldapDisplayName: msSFU30KeyValues
+attributeId: 1.2.840.113556.1.6.18.1.324
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 37830235-e5e9-46f2-922b-d8d44f03e7ae
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10240
+
+cn: msSFU-30-Map-Filter
+ldapDisplayName: msSFU30MapFilter
+attributeId: 1.2.840.113556.1.6.18.1.306
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b7b16e01-024f-4e23-ad0d-71f1a406b684
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: msSFU-30-Master-Server-Name
+ldapDisplayName: msSFU30MasterServerName
+attributeId: 1.2.840.113556.1.6.18.1.307
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 4cc908a2-9e18-410e-8459-f17cc422020a
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeUpper: 1024
+
+cn: msSFU-30-Max-Gid-Number
+ldapDisplayName: msSFU30MaxGidNumber
+attributeId: 1.2.840.113556.1.6.18.1.342
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 04ee6aa6-f83b-469a-bf5a-3c00d3634669
+systemOnly: FALSE
+searchFlags: fATTINDEX
+
+cn: msSFU-30-Max-Uid-Number
+ldapDisplayName: msSFU30MaxUidNumber
+attributeId: 1.2.840.113556.1.6.18.1.343
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ec998437-d944-4a28-8500-217588adfc75
+systemOnly: FALSE
+searchFlags: fATTINDEX
+
+cn: msSFU-30-Name
+ldapDisplayName: msSFU30Name
+attributeId: 1.2.840.113556.1.6.18.1.309
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: 16c5d1d3-35c2-4061-a870-a5cefda804f0
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeUpper: 1024
+
+cn: msSFU-30-Netgroup-Host-At-Domain
+ldapDisplayName: msSFU30NetgroupHostAtDomain
+attributeId: 1.2.840.113556.1.6.18.1.348
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 97d2bf65-0466-4852-a25a-ec20f57ee36c
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeUpper: 2048
+
+cn: msSFU-30-Netgroup-User-At-Domain
+ldapDisplayName: msSFU30NetgroupUserAtDomain
+attributeId: 1.2.840.113556.1.6.18.1.349
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: a9e84eed-e630-4b67-b4b3-cad2a82d345e
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeUpper: 2048
+
+cn: msSFU-30-Nis-Domain
+ldapDisplayName: msSFU30NisDomain
+attributeId: 1.2.840.113556.1.6.18.1.339
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: 9ee3b2e3-c7f3-45f8-8c9f-1382be4984d2
+systemOnly: FALSE
+searchFlags: fPRESERVEONDELETE | fATTINDEX
+rangeUpper: 1024
+
+cn: msSFU-30-NSMAP-Field-Position
+ldapDisplayName: msSFU30NSMAPFieldPosition
+attributeId: 1.2.840.113556.1.6.18.1.345
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: 585c9d5e-f599-4f07-9cf9-4373af4b89d3
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: msSFU-30-Order-Number
+ldapDisplayName: msSFU30OrderNumber
+attributeId: 1.2.840.113556.1.6.18.1.308
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 02625f05-d1ee-4f9f-b366-55266becb95c
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeUpper: 1024
+
+cn: msSFU-30-Posix-Member
+ldapDisplayName: msSFU30PosixMember
+attributeId: 1.2.840.113556.1.6.18.1.346
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: c875d82d-2848-4cec-bb50-3c5486d09d57
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2030
+
+cn: msSFU-30-Posix-Member-Of
+ldapDisplayName: msSFU30PosixMemberOf
+attributeId: 1.2.840.113556.1.6.18.1.347
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 7bd76b92-3244-438a-ada6-24f5ea34381e
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2031
+systemFlags:  FLAG_ATTR_NOT_REPLICATED
+
+cn: msSFU-30-Result-Attributes
+ldapDisplayName: msSFU30ResultAttributes
+attributeId: 1.2.840.113556.1.6.18.1.305
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: e167b0b6-4045-4433-ac35-53f972d45cba
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: msSFU-30-Search-Attributes
+ldapDisplayName: msSFU30SearchAttributes
+attributeId: 1.2.840.113556.1.6.18.1.304
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: ef9a2df0-2e57-48c8-8950-0cc674004733
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: msSFU-30-Search-Container
+ldapDisplayName: msSFU30SearchContainer
+attributeId: 1.2.840.113556.1.6.18.1.300
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 27eebfa2-fbeb-4f8e-aad6-c50247994291
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 2048
+
+cn: msSFU-30-Yp-Servers
+ldapDisplayName: msSFU30YpServers
+attributeId: 1.2.840.113556.1.6.18.1.341
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 084a944b-e150-4bfe-9345-40e1aedaebba
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeUpper: 20480
+
+cn: MS-SQL-Alias
+ldapDisplayName: mS-SQL-Alias
+attributeId: 1.2.840.113556.1.4.1395
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: e0c6baae-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: fATTINDEX
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-AllowAnonymousSubscription
+ldapDisplayName: mS-SQL-AllowAnonymousSubscription
+attributeId: 1.2.840.113556.1.4.1394
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: db77be4a-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-AllowImmediateUpdatingSubscription
+ldapDisplayName: mS-SQL-AllowImmediateUpdatingSubscription
+attributeId: 1.2.840.113556.1.4.1404
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: c4186b6e-d34b-11d2-999a-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-AllowKnownPullSubscription
+ldapDisplayName: mS-SQL-AllowKnownPullSubscription
+attributeId: 1.2.840.113556.1.4.1403
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: c3bb7054-d34b-11d2-999a-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-AllowQueuedUpdatingSubscription
+ldapDisplayName: mS-SQL-AllowQueuedUpdatingSubscription
+attributeId: 1.2.840.113556.1.4.1405
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: c458ca80-d34b-11d2-999a-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-AllowSnapshotFilesFTPDownloading
+ldapDisplayName: mS-SQL-AllowSnapshotFilesFTPDownloading
+attributeId: 1.2.840.113556.1.4.1406
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: c49b8be8-d34b-11d2-999a-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-AppleTalk
+ldapDisplayName: mS-SQL-AppleTalk
+attributeId: 1.2.840.113556.1.4.1378
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 8fda89f4-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Applications
+ldapDisplayName: mS-SQL-Applications
+attributeId: 1.2.840.113556.1.4.1400
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: fbcda2ea-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Build
+ldapDisplayName: mS-SQL-Build
+attributeId: 1.2.840.113556.1.4.1368
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 603e94c4-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-CharacterSet
+ldapDisplayName: mS-SQL-CharacterSet
+attributeId: 1.2.840.113556.1.4.1370
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 696177a6-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Clustered
+ldapDisplayName: mS-SQL-Clustered
+attributeId: 1.2.840.113556.1.4.1373
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 7778bd90-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-ConnectionURL
+ldapDisplayName: mS-SQL-ConnectionURL
+attributeId: 1.2.840.113556.1.4.1383
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a92d23da-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Contact
+ldapDisplayName: mS-SQL-Contact
+attributeId: 1.2.840.113556.1.4.1365
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 4f6cbdd8-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-CreationDate
+ldapDisplayName: mS-SQL-CreationDate
+attributeId: 1.2.840.113556.1.4.1397
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ede14754-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Database
+ldapDisplayName: mS-SQL-Database
+attributeId: 1.2.840.113556.1.4.1393
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: d5a0dbdc-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: fATTINDEX
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Description
+ldapDisplayName: mS-SQL-Description
+attributeId: 1.2.840.113556.1.4.1390
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 8386603c-ccef-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-GPSHeight
+ldapDisplayName: mS-SQL-GPSHeight
+attributeId: 1.2.840.113556.1.4.1387
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bcdd4f0e-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-GPSLatitude
+ldapDisplayName: mS-SQL-GPSLatitude
+attributeId: 1.2.840.113556.1.4.1385
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b222ba0e-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-GPSLongitude
+ldapDisplayName: mS-SQL-GPSLongitude
+attributeId: 1.2.840.113556.1.4.1386
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b7577c94-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-InformationDirectory
+ldapDisplayName: mS-SQL-InformationDirectory
+attributeId: 1.2.840.113556.1.4.1392
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: d0aedb2e-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-InformationURL
+ldapDisplayName: mS-SQL-InformationURL
+attributeId: 1.2.840.113556.1.4.1382
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a42cd510-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Keywords
+ldapDisplayName: mS-SQL-Keywords
+attributeId: 1.2.840.113556.1.4.1401
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 01e9a98a-ccef-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Language
+ldapDisplayName: mS-SQL-Language
+attributeId: 1.2.840.113556.1.4.1389
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: c57f72f4-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-LastBackupDate
+ldapDisplayName: mS-SQL-LastBackupDate
+attributeId: 1.2.840.113556.1.4.1398
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f2b6abca-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-LastDiagnosticDate
+ldapDisplayName: mS-SQL-LastDiagnosticDate
+attributeId: 1.2.840.113556.1.4.1399
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f6d6dd88-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-LastUpdatedDate
+ldapDisplayName: mS-SQL-LastUpdatedDate
+attributeId: 1.2.840.113556.1.4.1381
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 9fcc43d4-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Location
+ldapDisplayName: mS-SQL-Location
+attributeId: 1.2.840.113556.1.4.1366
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 561c9644-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Memory
+ldapDisplayName: mS-SQL-Memory
+attributeId: 1.2.840.113556.1.4.1367
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 5b5d448c-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-MultiProtocol
+ldapDisplayName: mS-SQL-MultiProtocol
+attributeId: 1.2.840.113556.1.4.1375
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 8157fa38-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Name
+ldapDisplayName: mS-SQL-Name
+attributeId: 1.2.840.113556.1.4.1363
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3532dfd8-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: fATTINDEX
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-NamedPipe
+ldapDisplayName: mS-SQL-NamedPipe
+attributeId: 1.2.840.113556.1.4.1374
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7b91c840-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-PublicationURL
+ldapDisplayName: mS-SQL-PublicationURL
+attributeId: 1.2.840.113556.1.4.1384
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ae0c11b8-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Publisher
+ldapDisplayName: mS-SQL-Publisher
+attributeId: 1.2.840.113556.1.4.1402
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: c1676858-d34b-11d2-999a-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-RegisteredOwner
+ldapDisplayName: mS-SQL-RegisteredOwner
+attributeId: 1.2.840.113556.1.4.1364
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 48fd44ea-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-ServiceAccount
+ldapDisplayName: mS-SQL-ServiceAccount
+attributeId: 1.2.840.113556.1.4.1369
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 64933a3e-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Size
+ldapDisplayName: mS-SQL-Size
+attributeId: 1.2.840.113556.1.4.1396
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: e9098084-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-SortOrder
+ldapDisplayName: mS-SQL-SortOrder
+attributeId: 1.2.840.113556.1.4.1371
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 6ddc42c0-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-SPX
+ldapDisplayName: mS-SQL-SPX
+attributeId: 1.2.840.113556.1.4.1376
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 86b08004-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Status
+ldapDisplayName: mS-SQL-Status
+attributeId: 1.2.840.113556.1.4.1380
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 9a7d4770-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-TCPIP
+ldapDisplayName: mS-SQL-TCPIP
+attributeId: 1.2.840.113556.1.4.1377
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 8ac263a6-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-ThirdParty
+ldapDisplayName: mS-SQL-ThirdParty
+attributeId: 1.2.840.113556.1.4.1407
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: c4e311fc-d34b-11d2-999a-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Type
+ldapDisplayName: mS-SQL-Type
+attributeId: 1.2.840.113556.1.4.1391
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ca48eba8-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-UnicodeSortOrder
+ldapDisplayName: mS-SQL-UnicodeSortOrder
+attributeId: 1.2.840.113556.1.4.1372
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 72dc918a-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Version
+ldapDisplayName: mS-SQL-Version
+attributeId: 1.2.840.113556.1.4.1388
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: c07cc1d0-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: fATTINDEX
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Vines
+ldapDisplayName: mS-SQL-Vines
+attributeId: 1.2.840.113556.1.4.1379
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 94c56394-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TAPI-Conference-Blob
+ldapDisplayName: msTAPI-ConferenceBlob
+attributeId: 1.2.840.113556.1.4.1700
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 4cc4601e-7201-4141-abc8-3e529ae88863
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TAPI-Ip-Address
+ldapDisplayName: msTAPI-IpAddress
+attributeId: 1.2.840.113556.1.4.1701
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: efd7d7f7-178e-4767-87fa-f8a16b840544
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TAPI-Protocol-Id
+ldapDisplayName: msTAPI-ProtocolId
+attributeId: 1.2.840.113556.1.4.1699
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 89c1ebcf-7a5f-41fd-99ca-c900b32299ab
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TAPI-Unique-Identifier
+ldapDisplayName: msTAPI-uid
+attributeId: 1.2.840.113556.1.4.1698
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 70a4e7ea-b3b9-4643-8918-e6dd2471bfd4
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 256
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TPM-OwnerInformation
+ldapDisplayName: msTPM-OwnerInformation
+attributeId: 1.2.840.113556.1.4.1966
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: aa4e1a6d-550d-4e05-8c35-4afcb917a9fe
+searchFlags: fPRESERVEONDELETE | fCOPY | fCONFIDENTIAL |fRODCFilteredAttribute
+rangeUpper: 128
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Allow-Logon
+ldapDisplayName: msTSAllowLogon
+attributeId: 1.2.840.113556.1.4.1979
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 3a0cd464-bc54-40e7-93ae-a646a6ecc4b4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Broken-Connection-Action
+ldapDisplayName: msTSBrokenConnectionAction
+attributeId: 1.2.840.113556.1.4.1985
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 1cf41bba-5604-463e-94d6-1a1287b72ca3
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Connect-Client-Drives
+ldapDisplayName: msTSConnectClientDrives
+attributeId: 1.2.840.113556.1.4.1986
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 23572aaf-29dd-44ea-b0fa-7e8438b9a4a3
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Connect-Printer-Drives
+ldapDisplayName: msTSConnectPrinterDrives
+attributeId: 1.2.840.113556.1.4.1987
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 8ce6a937-871b-4c92-b285-d99d4036681c
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Default-To-Main-Printer
+ldapDisplayName: msTSDefaultToMainPrinter
+attributeId: 1.2.840.113556.1.4.1988
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: c0ffe2bd-cacf-4dc7-88d5-61e9e95766f6
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Endpoint-Data
+ldapDisplayName: msTSEndpointData
+attributeId: 1.2.840.113556.1.4.2070
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 40e1c407-4344-40f3-ab43-3625a34a63a2
+systemOnly: FALSE
+rangeLower: 0
+rangeUpper: 32767
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Endpoint-Plugin
+ldapDisplayName: msTSEndpointPlugin
+attributeId: 1.2.840.113556.1.4.2072
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3c08b569-801f-4158-b17b-e363d6ae696a
+systemOnly: FALSE
+rangeLower: 0
+rangeUpper: 32767
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Endpoint-Type
+ldapDisplayName: msTSEndpointType
+attributeId: 1.2.840.113556.1.4.2071
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 377ade80-e2d8-46c5-9bcd-6d9dec93b35e
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-ExpireDate
+ldapDisplayName: msTSExpireDate
+attributeId: 1.2.840.113556.1.4.1993
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: 70004ef5-25c3-446a-97c8-996ae8566776
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: TRUE
+
+cn: MS-TS-ExpireDate2
+ldapDisplayName: msTSExpireDate2
+attributeId: 1.2.840.113556.1.4.2000
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: 54dfcf71-bc3f-4f0b-9d5a-4b2476bb8925
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: TRUE
+
+cn: MS-TS-ExpireDate3
+ldapDisplayName: msTSExpireDate3
+attributeId: 1.2.840.113556.1.4.2003
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: 41bc7f04-be72-4930-bd10-1f3439412387
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: TRUE
+
+cn: MS-TS-ExpireDate4
+ldapDisplayName: msTSExpireDate4
+attributeId: 1.2.840.113556.1.4.2006
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: 5e11dc43-204a-4faf-a008-6863621c6f5f
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: TRUE
+
+cn: ms-TS-Home-Directory
+ldapDisplayName: msTSHomeDirectory
+attributeId: 1.2.840.113556.1.4.1977
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 5d3510f0-c4e7-4122-b91f-a20add90e246
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Home-Drive
+ldapDisplayName: msTSHomeDrive
+attributeId: 1.2.840.113556.1.4.1978
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 5f0a24d9-dffa-4cd9-acbf-a0680c03731e
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Initial-Program
+ldapDisplayName: msTSInitialProgram
+attributeId: 1.2.840.113556.1.4.1990
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 9201ac6f-1d69-4dfb-802e-d95510109599
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-LicenseVersion
+ldapDisplayName: msTSLicenseVersion
+attributeId: 1.2.840.113556.1.4.1994
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 0ae94a89-372f-4df2-ae8a-c64a2bc47278
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-LicenseVersion2
+ldapDisplayName: msTSLicenseVersion2
+attributeId: 1.2.840.113556.1.4.2001
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 4b0df103-8d97-45d9-ad69-85c3080ba4e7
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 255
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-LicenseVersion3
+ldapDisplayName: msTSLicenseVersion3
+attributeId: 1.2.840.113556.1.4.2004
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f8ba8f81-4cab-4973-a3c8-3a6da62a5e31
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 255
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-LicenseVersion4
+ldapDisplayName: msTSLicenseVersion4
+attributeId: 1.2.840.113556.1.4.2007
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 70ca5d97-2304-490a-8a27-52678c8d2095
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 255
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TSLS-Property01
+ldapDisplayName: msTSLSProperty01
+attributeId: 1.2.840.113556.1.4.2009
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid: 87e53590-971d-4a52-955b-4794d15a84ae
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TSLS-Property02
+ldapDisplayName: msTSLSProperty02
+attributeId: 1.2.840.113556.1.4.2010
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid: 47c77bb0-316e-4e2f-97f1-0d4c48fca9dd
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-ManagingLS
+ldapDisplayName: msTSManagingLS
+attributeId: 1.2.840.113556.1.4.1995
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f3bcc547-85b0-432c-9ac0-304506bf2c83
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-ManagingLS2
+ldapDisplayName: msTSManagingLS2
+attributeId: 1.2.840.113556.1.4.2002
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+rangeLower: 0
+rangeUpper: 255
+schemaIdGuid: 349f0757-51bd-4fc8-9d66-3eceea8a25be
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-ManagingLS3
+ldapDisplayName: msTSManagingLS3
+attributeId: 1.2.840.113556.1.4.2005
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+rangeLower: 0
+rangeUpper: 255
+schemaIdGuid: fad5dcc1-2130-4c87-a118-75322cd67050
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-ManagingLS4
+ldapDisplayName: msTSManagingLS4
+attributeId: 1.2.840.113556.1.4.2008
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+rangeLower: 0
+rangeUpper: 255
+schemaIdGuid: f7a3b6a0-2107-4140-b306-75cb521731e5
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Max-Connection-Time
+ldapDisplayName: msTSMaxConnectionTime
+attributeId: 1.2.840.113556.1.4.1982
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1d960ee2-6464-4e95-a781-e3b5cd5f9588
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Max-Disconnection-Time
+ldapDisplayName: msTSMaxDisconnectionTime
+attributeId: 1.2.840.113556.1.4.1981
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 326f7089-53d8-4784-b814-46d8535110d2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Max-Idle-Time
+ldapDisplayName: msTSMaxIdleTime
+attributeId: 1.2.840.113556.1.4.1983
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ff739e9c-6bb7-460e-b221-e250f3de0f95
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Primary-Desktop
+ldapDisplayName: msTSPrimaryDesktop
+attributeId: 1.2.840.113556.1.4.2073
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+linkID: 2170
+isSingleValued: TRUE
+schemaIdGuid: 29259694-09e4-4237-9f72-9306ebe63ab2
+omObjectClass: 1.3.12.2.1011.28.0.714
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Primary-Desktop-BL
+ldapDisplayName: msTSPrimaryDesktopBL
+attributeId: 1.2.840.113556.1.4.2074
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+linkID: 2171
+isSingleValued: FALSE
+omObjectClass: 1.3.12.2.1011.28.0.714
+schemaIdGuid: 9daadc18-40d1-4ed1-a2bf-6b9bf47d3daa
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: 17
+
+cn: ms-TS-Profile-Path
+ldapDisplayName: msTSProfilePath
+attributeId: 1.2.840.113556.1.4.1976
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: e65c30db-316c-4060-a3a0-387b083f09cd
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-Property01
+ldapDisplayName: msTSProperty01
+attributeId: 1.2.840.113556.1.4.1991
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: faaea977-9655-49d7-853d-f27bb7aaca0f
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-Property02
+ldapDisplayName: msTSProperty02
+attributeId: 1.2.840.113556.1.4.1992
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 3586f6ac-51b7-4978-ab42-f936463198e7
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Reconnection-Action
+ldapDisplayName: msTSReconnectionAction
+attributeId: 1.2.840.113556.1.4.1984
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 366ed7ca-3e18-4c7f-abae-351a01e4b4f7
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Remote-Control
+ldapDisplayName: msTSRemoteControl
+attributeId: 1.2.840.113556.1.4.1980
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 15177226-8642-468b-8c48-03ddfd004982
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Secondary-Desktop-BL
+ldapDisplayName: msTSSecondaryDesktopBL
+attributeId: 1.2.840.113556.1.4.2078
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+linkID: 2173
+isSingleValued: FALSE
+schemaIdGuid: 34b107af-a00a-455a-b139-dd1a1b12d8af
+systemOnly: TRUE
+searchFlags: 0
+omObjectClass: 1.3.12.2.1011.28.0.714
+systemFlags: 17
+
+cn: ms-TS-Secondary-Desktops
+ldapDisplayName: msTSSecondaryDesktops
+attributeId: 1.2.840.113556.1.4.2075
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+linkID: 2172
+isSingleValued: FALSE
+schemaIdGuid: f63aa29a-bb31-48e1-bfab-0a6c5a1d39c2
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass: 1.3.12.2.1011.28.0.714
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Work-Directory
+ldapDisplayName: msTSWorkDirectory
+attributeId: 1.2.840.113556.1.4.1989
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a744f666-3d3c-4cc8-834b-9d4f6f687b8b
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Author
+ldapDisplayName: msWMI-Author
+attributeId: 1.2.840.113556.1.4.1623
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 6366c0c1-6972-4e66-b3a5-1d52ad0c0547
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: FALSE
+
+cn: ms-WMI-ChangeDate
+ldapDisplayName: msWMI-ChangeDate
+attributeId: 1.2.840.113556.1.4.1624
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f9cdf7a0-ec44-4937-a79b-cd91522b3aa8
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: FALSE
+
+cn: ms-WMI-Class
+ldapDisplayName: msWMI-Class
+attributeId: 1.2.840.113556.1.4.1676
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 90c1925f-4a24-4b07-b202-be32eb3c8b74
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-ClassDefinition
+ldapDisplayName: msWMI-ClassDefinition
+attributeId: 1.2.840.113556.1.4.1625
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2b9c0ebc-c272-45cb-99d2-4d0e691632e0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-CreationDate
+ldapDisplayName: msWMI-CreationDate
+attributeId: 1.2.840.113556.1.4.1626
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 748b0a2e-3351-4b3f-b171-2f17414ea779
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Genus
+ldapDisplayName: msWMI-Genus
+attributeId: 1.2.840.113556.1.4.1677
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 50c8673a-8f56-4614-9308-9e1340fb9af3
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-ID
+ldapDisplayName: msWMI-ID
+attributeId: 1.2.840.113556.1.4.1627
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 9339a803-94b8-47f7-9123-a853b9ff7e45
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: FALSE
+
+cn: ms-WMI-int8Default
+ldapDisplayName: msWMI-Int8Default
+attributeId: 1.2.840.113556.1.4.1632
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: f4d8085a-8c5b-4785-959b-dc585566e445
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-int8Max
+ldapDisplayName: msWMI-Int8Max
+attributeId: 1.2.840.113556.1.4.1633
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: e3d8b547-003d-4946-a32b-dc7cedc96b74
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: FALSE
+
+cn: ms-WMI-int8Min
+ldapDisplayName: msWMI-Int8Min
+attributeId: 1.2.840.113556.1.4.1634
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: ed1489d1-54cc-4066-b368-a00daa2664f1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: FALSE
+
+cn: ms-WMI-int8ValidValues
+ldapDisplayName: msWMI-Int8ValidValues
+attributeId: 1.2.840.113556.1.4.1635
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: FALSE
+schemaIdGuid: 103519a9-c002-441b-981a-b0b3e012c803
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-intDefault
+ldapDisplayName: msWMI-IntDefault
+attributeId: 1.2.840.113556.1.4.1628
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1b0c07f8-76dd-4060-a1e1-70084619dc90
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: FALSE
+
+cn: ms-WMI-intFlags1
+ldapDisplayName: msWMI-intFlags1
+attributeId: 1.2.840.113556.1.4.1678
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 18e006b9-6445-48e3-9dcf-b5ecfbc4df8e
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-intFlags2
+ldapDisplayName: msWMI-intFlags2
+attributeId: 1.2.840.113556.1.4.1679
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 075a42c9-c55a-45b1-ac93-eb086b31f610
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-intFlags3
+ldapDisplayName: msWMI-intFlags3
+attributeId: 1.2.840.113556.1.4.1680
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: f29fa736-de09-4be4-b23a-e734c124bacc
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-intFlags4
+ldapDisplayName: msWMI-intFlags4
+attributeId: 1.2.840.113556.1.4.1681
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bd74a7ac-c493-4c9c-bdfa-5c7b119ca6b2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-intMax
+ldapDisplayName: msWMI-IntMax
+attributeId: 1.2.840.113556.1.4.1629
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: fb920c2c-f294-4426-8ac1-d24b42aa2bce
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: FALSE
+
+cn: ms-WMI-intMin
+ldapDisplayName: msWMI-IntMin
+attributeId: 1.2.840.113556.1.4.1630
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 68c2e3ba-9837-4c70-98e0-f0c33695d023
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: FALSE
+
+cn: ms-WMI-intValidValues
+ldapDisplayName: msWMI-IntValidValues
+attributeId: 1.2.840.113556.1.4.1631
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+schemaIdGuid: 6af565f6-a749-4b72-9634-3c5d47e6b4e0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Mof
+ldapDisplayName: msWMI-Mof
+attributeId: 1.2.840.113556.1.4.1638
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 6736809f-2064-443e-a145-81262b1f1366
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: FALSE
+
+cn: ms-WMI-Name
+ldapDisplayName: msWMI-Name
+attributeId: 1.2.840.113556.1.4.1639
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: c6c8ace5-7e81-42af-ad72-77412c5941c4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: FALSE
+
+cn: ms-WMI-NormalizedClass
+ldapDisplayName: msWMI-NormalizedClass
+attributeId: 1.2.840.113556.1.4.1640
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: eaba628f-eb8e-4fe9-83fc-693be695559b
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Parm1
+ldapDisplayName: msWMI-Parm1
+attributeId: 1.2.840.113556.1.4.1682
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 27e81485-b1b0-4a8b-bedd-ce19a837e26e
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Parm2
+ldapDisplayName: msWMI-Parm2
+attributeId: 1.2.840.113556.1.4.1683
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 0003508e-9c42-4a76-a8f4-38bf64bab0de
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Parm3
+ldapDisplayName: msWMI-Parm3
+attributeId: 1.2.840.113556.1.4.1684
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 45958fb6-52bd-48ce-9f9f-c2712d9f2bfc
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Parm4
+ldapDisplayName: msWMI-Parm4
+attributeId: 1.2.840.113556.1.4.1685
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3800d5a3-f1ce-4b82-a59a-1528ea795f59
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-PropertyName
+ldapDisplayName: msWMI-PropertyName
+attributeId: 1.2.840.113556.1.4.1641
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ab920883-e7f8-4d72-b4a0-c0449897509d
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Query
+ldapDisplayName: msWMI-Query
+attributeId: 1.2.840.113556.1.4.1642
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 65fff93e-35e3-45a3-85ae-876c6718297f
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: FALSE
+
+cn: ms-WMI-QueryLanguage
+ldapDisplayName: msWMI-QueryLanguage
+attributeId: 1.2.840.113556.1.4.1643
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7d3cfa98-c17b-4254-8bd7-4de9b932a345
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-ScopeGuid
+ldapDisplayName: msWMI-ScopeGuid
+attributeId: 1.2.840.113556.1.4.1686
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 87b78d51-405f-4b7f-80ed-2bd28786f48d
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-SourceOrganization
+ldapDisplayName: msWMI-SourceOrganization
+attributeId: 1.2.840.113556.1.4.1644
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 34f7ed6c-615d-418d-aa00-549a7d7be03e
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-stringDefault
+ldapDisplayName: msWMI-StringDefault
+attributeId: 1.2.840.113556.1.4.1636
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 152e42b6-37c5-4f55-ab48-1606384a9aea
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-stringValidValues
+ldapDisplayName: msWMI-StringValidValues
+attributeId: 1.2.840.113556.1.4.1637
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 37609d31-a2bf-4b58-8f53-2b64e57a076d
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-TargetClass
+ldapDisplayName: msWMI-TargetClass
+attributeId: 1.2.840.113556.1.4.1645
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 95b6d8d6-c9e8-4661-a2bc-6a5cabc04c62
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-TargetNameSpace
+ldapDisplayName: msWMI-TargetNameSpace
+attributeId: 1.2.840.113556.1.4.1646
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1c4ab61f-3420-44e5-849d-8b5dbf60feb7
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-TargetObject
+ldapDisplayName: msWMI-TargetObject
+attributeId: 1.2.840.113556.1.4.1647
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: c44f67a5-7de5-4a1f-92d9-662b57364b77
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-TargetPath
+ldapDisplayName: msWMI-TargetPath
+attributeId: 1.2.840.113556.1.4.1648
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 5006a79a-6bfe-4561-9f52-13cf4dd3e560
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-TargetType
+ldapDisplayName: msWMI-TargetType
+attributeId: 1.2.840.113556.1.4.1649
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ca2a281e-262b-4ff7-b419-bc123352a4e9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Must-Contain
+ldapDisplayName: mustContain
+attributeId: 1.2.840.113556.1.2.24
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: bf9679d3-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Name-Service-Flags
+ldapDisplayName: nameServiceFlags
+attributeId: 1.2.840.113556.1.4.753
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 80212840-4bdc-11d1-a9c4-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NC-Name
+ldapDisplayName: nCName
+attributeId: 1.2.840.113556.1.2.16
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: bf9679d6-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: NETBIOS-Name
+ldapDisplayName: nETBIOSName
+attributeId: 1.2.840.113556.1.4.87
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf9679d8-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 1
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: netboot-Allow-New-Clients
+ldapDisplayName: netbootAllowNewClients
+attributeId: 1.2.840.113556.1.4.849
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 07383076-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-Answer-Only-Valid-Clients
+ldapDisplayName: netbootAnswerOnlyValidClients
+attributeId: 1.2.840.113556.1.4.854
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 0738307b-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-Answer-Requests
+ldapDisplayName: netbootAnswerRequests
+attributeId: 1.2.840.113556.1.4.853
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 0738307a-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-Current-Client-Count
+ldapDisplayName: netbootCurrentClientCount
+attributeId: 1.2.840.113556.1.4.852
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 07383079-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Netboot-GUID
+ldapDisplayName: netbootGUID
+attributeId: 1.2.840.113556.1.4.359
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 3e978921-8c01-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 16
+rangeUpper: 16
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Netboot-Initialization
+ldapDisplayName: netbootInitialization
+attributeId: 1.2.840.113556.1.4.358
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3e978920-8c01-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-IntelliMirror-OSes
+ldapDisplayName: netbootIntelliMirrorOSes
+attributeId: 1.2.840.113556.1.4.857
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0738307e-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-Limit-Clients
+ldapDisplayName: netbootLimitClients
+attributeId: 1.2.840.113556.1.4.850
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 07383077-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-Locally-Installed-OSes
+ldapDisplayName: netbootLocallyInstalledOSes
+attributeId: 1.2.840.113556.1.4.859
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 07383080-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Netboot-Machine-File-Path
+ldapDisplayName: netbootMachineFilePath
+attributeId: 1.2.840.113556.1.4.361
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3e978923-8c01-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-Max-Clients
+ldapDisplayName: netbootMaxClients
+attributeId: 1.2.840.113556.1.4.851
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 07383078-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Netboot-Mirror-Data-File
+ldapDisplayName: netbootMirrorDataFile
+attributeId: 1.2.840.113556.1.4.1241
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 2df90d85-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-New-Machine-Naming-Policy
+ldapDisplayName: netbootNewMachineNamingPolicy
+attributeId: 1.2.840.113556.1.4.855
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0738307c-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-New-Machine-OU
+ldapDisplayName: netbootNewMachineOU
+attributeId: 1.2.840.113556.1.4.856
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 0738307d-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-SCP-BL
+ldapDisplayName: netbootSCPBL
+attributeId: 1.2.840.113556.1.4.864
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 07383082-91df-11d1-aebc-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 101
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: netboot-Server
+ldapDisplayName: netbootServer
+attributeId: 1.2.840.113556.1.4.860
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 07383081-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 100
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Netboot-SIF-File
+ldapDisplayName: netbootSIFFile
+attributeId: 1.2.840.113556.1.4.1240
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 2df90d84-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-Tools
+ldapDisplayName: netbootTools
+attributeId: 1.2.840.113556.1.4.858
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0738307f-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Network-Address
+ldapDisplayName: networkAddress
+attributeId: 1.2.840.113556.1.2.459
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: FALSE
+schemaIdGuid: bf9679d9-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 256
+mapiID: 33136
+
+cn: Next-Level-Store
+ldapDisplayName: nextLevelStore
+attributeId: 1.2.840.113556.1.4.214
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: bf9679da-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Next-Rid
+ldapDisplayName: nextRid
+attributeId: 1.2.840.113556.1.4.88
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf9679db-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: NisMapEntry
+ldapDisplayName: nisMapEntry
+attributeId: 1.3.6.1.1.1.1.27
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: 4a95216e-fcc0-402e-b57f-5971626148a9
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: NisMapName
+ldapDisplayName: nisMapName
+attributeId: 1.3.6.1.1.1.1.26
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: 969d3c79-0e9a-4d95-b0ac-bdde7ff8f3a1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: NisNetgroupTriple
+ldapDisplayName: nisNetgroupTriple
+attributeId: 1.3.6.1.1.1.1.14
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: a8032e74-30ef-4ff5-affc-0fc217783fec
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 153600
+
+cn: Non-Security-Member
+ldapDisplayName: nonSecurityMember
+attributeId: 1.2.840.113556.1.4.530
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 52458018-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 50
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Non-Security-Member-BL
+ldapDisplayName: nonSecurityMemberBL
+attributeId: 1.2.840.113556.1.4.531
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 52458019-ca6a-11d0-afff-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 51
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: Notification-List
+ldapDisplayName: notificationList
+attributeId: 1.2.840.113556.1.4.303
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 19195a56-6da0-11d0-afd3-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NT-Group-Members
+ldapDisplayName: nTGroupMembers
+attributeId: 1.2.840.113556.1.4.89
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf9679df-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NT-Mixed-Domain
+ldapDisplayName: nTMixedDomain
+attributeId: 1.2.840.113556.1.4.357
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 3e97891f-8c01-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Nt-Pwd-History
+ldapDisplayName: ntPwdHistory
+attributeId: 1.2.840.113556.1.4.94
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf9679e2-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: NT-Security-Descriptor
+ldapDisplayName: nTSecurityDescriptor
+attributeId: 1.2.840.113556.1.2.281
+attributeSyntax: 2.5.5.15
+omSyntax: 66
+isSingleValued: TRUE
+schemaIdGuid: bf9679e3-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fPRESERVEONDELETE
+rangeLower: 0
+rangeUpper: 132096
+mapiID: 32787
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_OPERATIONAL |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Obj-Dist-Name
+ldapDisplayName: distinguishedName
+attributeId: 2.5.4.49
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: bf9679e4-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags:fPRESERVEONDELETE
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 32828
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Object-Category
+ldapDisplayName: objectCategory
+attributeId: 1.2.840.113556.1.4.782
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 26d97369-6070-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Object-Class
+ldapDisplayName: objectClass
+attributeId: 2.5.4.0
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: bf9679e5-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fATTINDEX | fPRESERVEONDELETE
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Object-Class-Category
+ldapDisplayName: objectClassCategory
+attributeId: 1.2.840.113556.1.2.370
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+schemaIdGuid: bf9679e6-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 3
+mapiID: 33014
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Object-Classes
+ldapDisplayName: objectClasses
+attributeId: 2.5.21.6
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad94b-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Object-Count
+ldapDisplayName: objectCount
+attributeId: 1.2.840.113556.1.4.506
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 34aaa216-b699-11d0-afee-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Object-Guid
+ldapDisplayName: objectGUID
+attributeId: 1.2.840.113556.1.4.2
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf9679e7-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE | fATTINDEX
+rangeLower: 16
+rangeUpper: 16
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 35949
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Object-Sid
+ldapDisplayName: objectSid
+attributeId: 1.2.840.113556.1.4.146
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf9679e8-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE | fATTINDEX
+rangeLower: 0
+rangeUpper: 28
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+mapiID: 32807
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Object-Version
+ldapDisplayName: objectVersion
+attributeId: 1.2.840.113556.1.2.76
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 16775848-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33015
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: OEM-Information
+ldapDisplayName: oEMInformation
+attributeId: 1.2.840.113556.1.4.151
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf9679ea-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+attributeSecurityGuid: b8119fd0-04f6-4762-ab7a-4986c76b3f9a
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: OM-Object-Class
+ldapDisplayName: oMObjectClass
+attributeId: 1.2.840.113556.1.2.218
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf9679ec-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 33021
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: OM-Syntax
+ldapDisplayName: oMSyntax
+attributeId: 1.2.840.113556.1.2.231
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf9679ed-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE
+mapiID: 33022
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: OMT-Guid
+ldapDisplayName: oMTGuid
+attributeId: 1.2.840.113556.1.4.505
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: ddac0cf3-af8f-11d0-afeb-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: OMT-Indx-Guid
+ldapDisplayName: oMTIndxGuid
+attributeId: 1.2.840.113556.1.4.333
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 1f0075fa-7e40-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: OncRpcNumber
+ldapDisplayName: oncRpcNumber
+attributeId: 1.3.6.1.1.1.1.18
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 966825f5-01d9-4a5c-a011-d15ae84efa55
+systemOnly: FALSE
+searchFlags: 0
+
+cn: Operating-System
+ldapDisplayName: operatingSystem
+attributeId: 1.2.840.113556.1.4.363
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3e978925-8c01-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Operating-System-Hotfix
+ldapDisplayName: operatingSystemHotfix
+attributeId: 1.2.840.113556.1.4.415
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bd951b3c-9c96-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Operating-System-Service-Pack
+ldapDisplayName: operatingSystemServicePack
+attributeId: 1.2.840.113556.1.4.365
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3e978927-8c01-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Operating-System-Version
+ldapDisplayName: operatingSystemVersion
+attributeId: 1.2.840.113556.1.4.364
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3e978926-8c01-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Operator-Count
+ldapDisplayName: operatorCount
+attributeId: 1.2.840.113556.1.4.144
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf9679ee-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Option-Description
+ldapDisplayName: optionDescription
+attributeId: 1.2.840.113556.1.4.712
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 963d274d-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Options
+ldapDisplayName: options
+attributeId: 1.2.840.113556.1.4.307
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 19195a53-6da0-11d0-afd3-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Options-Location
+ldapDisplayName: optionsLocation
+attributeId: 1.2.840.113556.1.4.713
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: 963d274e-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: organizationalStatus
+ldapDisplayName: organizationalStatus
+attributeId: 0.9.2342.19200300.100.1.45
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 28596019-7349-4d2f-adff-5a629961f942
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: Organizational-Unit-Name
+ldapDisplayName: ou
+attributeId: 2.5.4.11
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf9679f0-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 33026
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Organization-Name
+ldapDisplayName: o
+attributeId: 2.5.4.10
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf9679ef-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 33025
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Original-Display-Table
+ldapDisplayName: originalDisplayTable
+attributeId: 1.2.840.113556.1.2.445
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5fd424ce-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+mapiID: 33027
+
+cn: Original-Display-Table-MSDOS
+ldapDisplayName: originalDisplayTableMSDOS
+attributeId: 1.2.840.113556.1.2.214
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5fd424cf-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+mapiID: 33028
+
+cn: Other-Login-Workstations
+ldapDisplayName: otherLoginWorkstations
+attributeId: 1.2.840.113556.1.4.91
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf9679f1-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 0
+rangeUpper: 1024
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Other-Mailbox
+ldapDisplayName: otherMailbox
+attributeId: 1.2.840.113556.1.4.651
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0296c123-40da-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+
+cn: Other-Name
+ldapDisplayName: middleName
+attributeId: 2.16.840.1.113730.3.1.34
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf9679f2-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 64
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Other-Well-Known-Objects
+ldapDisplayName: otherWellKnownObjects
+attributeId: 1.2.840.113556.1.4.1359
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.11
+isSingleValued: FALSE
+schemaIdGuid: 1ea64e5d-ac0f-11d2-90df-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Owner
+ldapDisplayName: owner
+attributeId: 2.5.4.32
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: bf9679f3-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+linkID: 44
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Package-Flags
+ldapDisplayName: packageFlags
+attributeId: 1.2.840.113556.1.4.327
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7d6c0e99-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Package-Name
+ldapDisplayName: packageName
+attributeId: 1.2.840.113556.1.4.326
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7d6c0e98-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Package-Type
+ldapDisplayName: packageType
+attributeId: 1.2.840.113556.1.4.324
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7d6c0e96-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Parent-CA
+ldapDisplayName: parentCA
+attributeId: 1.2.840.113556.1.4.557
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 5245801b-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Parent-CA-Certificate-Chain
+ldapDisplayName: parentCACertificateChain
+attributeId: 1.2.840.113556.1.4.685
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 963d2733-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Parent-GUID
+ldapDisplayName: parentGUID
+attributeId: 1.2.840.113556.1.4.1224
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 2df90d74-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Partial-Attribute-Deletion-List
+ldapDisplayName: partialAttributeDeletionList
+attributeId: 1.2.840.113556.1.4.663
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 28630ec0-41d5-11d1-a9c1-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Partial-Attribute-Set
+ldapDisplayName: partialAttributeSet
+attributeId: 1.2.840.113556.1.4.640
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 19405b9e-3cfa-11d1-a9c0-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Pek-Key-Change-Interval
+ldapDisplayName: pekKeyChangeInterval
+attributeId: 1.2.840.113556.1.4.866
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 07383084-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Pek-List
+ldapDisplayName: pekList
+attributeId: 1.2.840.113556.1.4.865
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 07383083-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Pending-CA-Certificates
+ldapDisplayName: pendingCACertificates
+attributeId: 1.2.840.113556.1.4.693
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 963d273c-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Pending-Parent-CA
+ldapDisplayName: pendingParentCA
+attributeId: 1.2.840.113556.1.4.695
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 963d273e-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Per-Msg-Dialog-Display-Table
+ldapDisplayName: perMsgDialogDisplayTable
+attributeId: 1.2.840.113556.1.2.325
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5fd424d3-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+mapiID: 33032
+
+cn: Per-Recip-Dialog-Display-Table
+ldapDisplayName: perRecipDialogDisplayTable
+attributeId: 1.2.840.113556.1.2.326
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5fd424d4-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+mapiID: 33033
+
+cn: Personal-Title
+ldapDisplayName: personalTitle
+attributeId: 1.2.840.113556.1.2.615
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 16775858-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 35947
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-Fax-Other
+ldapDisplayName: otherFacsimileTelephoneNumber
+attributeId: 1.2.840.113556.1.4.646
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0296c11d-40da-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-Home-Other
+ldapDisplayName: otherHomePhone
+attributeId: 1.2.840.113556.1.2.277
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f0f8ffa2-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14895
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-Home-Primary
+ldapDisplayName: homePhone
+attributeId: 0.9.2342.19200300.100.1.20
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f0f8ffa1-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14857
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-Ip-Other
+ldapDisplayName: otherIpPhone
+attributeId: 1.2.840.113556.1.4.722
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 4d146e4b-48d4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-Ip-Primary
+ldapDisplayName: ipPhone
+attributeId: 1.2.840.113556.1.4.721
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 4d146e4a-48d4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-ISDN-Primary
+ldapDisplayName: primaryInternationalISDNNumber
+attributeId: 1.2.840.113556.1.4.649
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 0296c11f-40da-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-Mobile-Other
+ldapDisplayName: otherMobile
+attributeId: 1.2.840.113556.1.4.647
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0296c11e-40da-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-Mobile-Primary
+ldapDisplayName: mobile
+attributeId: 0.9.2342.19200300.100.1.41
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f0f8ffa3-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14876
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-Office-Other
+ldapDisplayName: otherTelephone
+attributeId: 1.2.840.113556.1.2.18
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f0f8ffa5-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14875
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-Pager-Other
+ldapDisplayName: otherPager
+attributeId: 1.2.840.113556.1.2.118
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f0f8ffa4-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 35950
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-Pager-Primary
+ldapDisplayName: pager
+attributeId: 0.9.2342.19200300.100.1.42
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f0f8ffa6-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14881
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: photo
+ldapDisplayName: photo
+attributeId: 0.9.2342.19200300.100.1.7
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 9c979768-ba1a-4c08-9632-c6a5c1ed649a
+systemOnly: FALSE
+searchFlags: 0
+showInAdvancedViewOnly: FALSE
+systemFlags: 0
+
+cn: Physical-Delivery-Office-Name
+ldapDisplayName: physicalDeliveryOfficeName
+attributeId: 2.5.4.19
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf9679f7-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fANR | fATTINDEX
+rangeLower: 1
+rangeUpper: 128
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14873
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Physical-Location-Object
+ldapDisplayName: physicalLocationObject
+attributeId: 1.2.840.113556.1.4.514
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: b7b13119-b82e-11d0-afee-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Picture
+ldapDisplayName: thumbnailPhoto
+attributeId: 2.16.840.1.113730.3.1.35
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 8d3bca50-1d7e-11d0-a081-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 102400
+mapiId: 35998
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Critical-Extensions
+ldapDisplayName: pKICriticalExtensions
+attributeId: 1.2.840.113556.1.4.1330
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: fc5a9106-3b9d-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Default-CSPs
+ldapDisplayName: pKIDefaultCSPs
+attributeId: 1.2.840.113556.1.4.1334
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 1ef6336e-3b9e-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Default-Key-Spec
+ldapDisplayName: pKIDefaultKeySpec
+attributeId: 1.2.840.113556.1.4.1327
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 426cae6e-3b9d-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Enrollment-Access
+ldapDisplayName: pKIEnrollmentAccess
+attributeId: 1.2.840.113556.1.4.1335
+attributeSyntax: 2.5.5.15
+omSyntax: 66
+isSingleValued: FALSE
+schemaIdGuid: 926be278-56f9-11d2-90d0-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Expiration-Period
+ldapDisplayName: pKIExpirationPeriod
+attributeId: 1.2.840.113556.1.4.1331
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 041570d2-3b9e-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Extended-Key-Usage
+ldapDisplayName: pKIExtendedKeyUsage
+attributeId: 1.2.840.113556.1.4.1333
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 18976af6-3b9e-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Key-Usage
+ldapDisplayName: pKIKeyUsage
+attributeId: 1.2.840.113556.1.4.1328
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: e9b0a87e-3b9d-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Max-Issuing-Depth
+ldapDisplayName: pKIMaxIssuingDepth
+attributeId: 1.2.840.113556.1.4.1329
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: f0bfdefa-3b9d-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Overlap-Period
+ldapDisplayName: pKIOverlapPeriod
+attributeId: 1.2.840.113556.1.4.1332
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 1219a3ec-3b9e-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKT
+ldapDisplayName: pKT
+attributeId: 1.2.840.113556.1.4.206
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 8447f9f1-1027-11d0-a05f-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10485760
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKT-Guid
+ldapDisplayName: pKTGuid
+attributeId: 1.2.840.113556.1.4.205
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 8447f9f0-1027-11d0-a05f-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Policy-Replication-Flags
+ldapDisplayName: policyReplicationFlags
+attributeId: 1.2.840.113556.1.4.633
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 19405b96-3cfa-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Port-Name
+ldapDisplayName: portName
+attributeId: 1.2.840.113556.1.4.228
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 281416c4-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Possible-Inferiors
+ldapDisplayName: possibleInferiors
+attributeId: 1.2.840.113556.1.4.915
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad94c-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Poss-Superiors
+ldapDisplayName: possSuperiors
+attributeId: 1.2.840.113556.1.2.8
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: bf9679fa-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Postal-Address
+ldapDisplayName: postalAddress
+attributeId: 2.5.4.16
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf9679fc-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 4096
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 33036
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Postal-Code
+ldapDisplayName: postalCode
+attributeId: 2.5.4.17
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf9679fd-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 40
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14890
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Post-Office-Box
+ldapDisplayName: postOfficeBox
+attributeId: 2.5.4.18
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf9679fb-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 40
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14891
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Preferred-Delivery-Method
+ldapDisplayName: preferredDeliveryMethod
+attributeId: 2.5.4.28
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: FALSE
+schemaIdGuid: bf9679fe-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 33037
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: preferredLanguage
+ldapDisplayName: preferredLanguage
+attributeId: 2.16.840.1.113730.3.1.39
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 856be0d0-18e7-46e1-8f5f-7ee4d9020e0d
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: 0
+
+cn: Preferred-OU
+ldapDisplayName: preferredOU
+attributeId: 1.2.840.113556.1.4.97
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: bf9679ff-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Prefix-Map
+ldapDisplayName: prefixMap
+attributeId: 1.2.840.113556.1.4.538
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 52458022-ca6a-11d0-afff-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Presentation-Address
+ldapDisplayName: presentationAddress
+attributeId: 2.5.4.29
+attributeSyntax: 2.5.5.13
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.732
+isSingleValued: TRUE
+schemaIdGuid: a8df744b-c5ea-11d1-bbcb-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Previous-CA-Certificates
+ldapDisplayName: previousCACertificates
+attributeId: 1.2.840.113556.1.4.692
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 963d2739-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Previous-Parent-CA
+ldapDisplayName: previousParentCA
+attributeId: 1.2.840.113556.1.4.694
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 963d273d-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Primary-Group-ID
+ldapDisplayName: primaryGroupID
+attributeId: 1.2.840.113556.1.4.98
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a00-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY| fATTINDEX
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Primary-Group-Token
+ldapDisplayName: primaryGroupToken
+attributeId: 1.2.840.113556.1.4.1412
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: c0ed8738-7efd-4481-84d9-66d2db8be369
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Print-Attributes
+ldapDisplayName: printAttributes
+attributeId: 1.2.840.113556.1.4.247
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 281416d7-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Bin-Names
+ldapDisplayName: printBinNames
+attributeId: 1.2.840.113556.1.4.237
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 281416cd-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Collate
+ldapDisplayName: printCollate
+attributeId: 1.2.840.113556.1.4.242
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 281416d2-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Color
+ldapDisplayName: printColor
+attributeId: 1.2.840.113556.1.4.243
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 281416d3-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Duplex-Supported
+ldapDisplayName: printDuplexSupported
+attributeId: 1.2.840.113556.1.4.1311
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 281416cc-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-End-Time
+ldapDisplayName: printEndTime
+attributeId: 1.2.840.113556.1.4.234
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 281416ca-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Printer-Name
+ldapDisplayName: printerName
+attributeId: 1.2.840.113556.1.4.300
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 244b296e-5abd-11d0-afd2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Form-Name
+ldapDisplayName: printFormName
+attributeId: 1.2.840.113556.1.4.235
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 281416cb-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Keep-Printed-Jobs
+ldapDisplayName: printKeepPrintedJobs
+attributeId: 1.2.840.113556.1.4.275
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: ba305f6d-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Language
+ldapDisplayName: printLanguage
+attributeId: 1.2.840.113556.1.4.246
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 281416d6-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-MAC-Address
+ldapDisplayName: printMACAddress
+attributeId: 1.2.840.113556.1.4.288
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ba305f7a-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Max-Copies
+ldapDisplayName: printMaxCopies
+attributeId: 1.2.840.113556.1.4.241
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 281416d1-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Max-Resolution-Supported
+ldapDisplayName: printMaxResolutionSupported
+attributeId: 1.2.840.113556.1.4.238
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 281416cf-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Max-X-Extent
+ldapDisplayName: printMaxXExtent
+attributeId: 1.2.840.113556.1.4.277
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ba305f6f-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Max-Y-Extent
+ldapDisplayName: printMaxYExtent
+attributeId: 1.2.840.113556.1.4.278
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ba305f70-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Media-Ready
+ldapDisplayName: printMediaReady
+attributeId: 1.2.840.113556.1.4.289
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 3bcbfcf5-4d3d-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Media-Supported
+ldapDisplayName: printMediaSupported
+attributeId: 1.2.840.113556.1.4.299
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 244b296f-5abd-11d0-afd2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Memory
+ldapDisplayName: printMemory
+attributeId: 1.2.840.113556.1.4.282
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ba305f74-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Min-X-Extent
+ldapDisplayName: printMinXExtent
+attributeId: 1.2.840.113556.1.4.279
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ba305f71-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Min-Y-Extent
+ldapDisplayName: printMinYExtent
+attributeId: 1.2.840.113556.1.4.280
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ba305f72-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Network-Address
+ldapDisplayName: printNetworkAddress
+attributeId: 1.2.840.113556.1.4.287
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ba305f79-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Notify
+ldapDisplayName: printNotify
+attributeId: 1.2.840.113556.1.4.272
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ba305f6a-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Number-Up
+ldapDisplayName: printNumberUp
+attributeId: 1.2.840.113556.1.4.290
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 3bcbfcf4-4d3d-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Orientations-Supported
+ldapDisplayName: printOrientationsSupported
+attributeId: 1.2.840.113556.1.4.240
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 281416d0-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Owner
+ldapDisplayName: printOwner
+attributeId: 1.2.840.113556.1.4.271
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ba305f69-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Pages-Per-Minute
+ldapDisplayName: printPagesPerMinute
+attributeId: 1.2.840.113556.1.4.631
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 19405b97-3cfa-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Rate
+ldapDisplayName: printRate
+attributeId: 1.2.840.113556.1.4.285
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ba305f77-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Rate-Unit
+ldapDisplayName: printRateUnit
+attributeId: 1.2.840.113556.1.4.286
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ba305f78-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Separator-File
+ldapDisplayName: printSeparatorFile
+attributeId: 1.2.840.113556.1.4.230
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 281416c6-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Share-Name
+ldapDisplayName: printShareName
+attributeId: 1.2.840.113556.1.4.270
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: ba305f68-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Spooling
+ldapDisplayName: printSpooling
+attributeId: 1.2.840.113556.1.4.274
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ba305f6c-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Stapling-Supported
+ldapDisplayName: printStaplingSupported
+attributeId: 1.2.840.113556.1.4.281
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: ba305f73-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Start-Time
+ldapDisplayName: printStartTime
+attributeId: 1.2.840.113556.1.4.233
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 281416c9-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Status
+ldapDisplayName: printStatus
+attributeId: 1.2.840.113556.1.4.273
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ba305f6b-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Priority
+ldapDisplayName: priority
+attributeId: 1.2.840.113556.1.4.231
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 281416c7-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Prior-Set-Time
+ldapDisplayName: priorSetTime
+attributeId: 1.2.840.113556.1.4.99
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967a01-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Prior-Value
+ldapDisplayName: priorValue
+attributeId: 1.2.840.113556.1.4.100
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967a02-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Private-Key
+ldapDisplayName: privateKey
+attributeId: 1.2.840.113556.1.4.101
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967a03-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Privilege-Attributes
+ldapDisplayName: privilegeAttributes
+attributeId: 1.2.840.113556.1.4.636
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 19405b9a-3cfa-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Privilege-Display-Name
+ldapDisplayName: privilegeDisplayName
+attributeId: 1.2.840.113556.1.4.634
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 19405b98-3cfa-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Privilege-Holder
+ldapDisplayName: privilegeHolder
+attributeId: 1.2.840.113556.1.4.637
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 19405b9b-3cfa-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 70
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Privilege-Value
+ldapDisplayName: privilegeValue
+attributeId: 1.2.840.113556.1.4.635
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 19405b99-3cfa-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Product-Code
+ldapDisplayName: productCode
+attributeId: 1.2.840.113556.1.4.818
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: d9e18317-8939-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Profile-Path
+ldapDisplayName: profilePath
+attributeId: 1.2.840.113556.1.4.139
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a05-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Proxied-Object-Name
+ldapDisplayName: proxiedObjectName
+attributeId: 1.2.840.113556.1.4.1249
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.11
+isSingleValued: TRUE
+schemaIdGuid: e1aea402-cd5b-11d0-afff-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Proxy-Addresses
+ldapDisplayName: proxyAddresses
+attributeId: 1.2.840.113556.1.2.210
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf967a06-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fANR | fATTINDEX
+rangeLower: 1
+rangeUpper: 1123
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 32783
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Proxy-Generation-Enabled
+ldapDisplayName: proxyGenerationEnabled
+attributeId: 1.2.840.113556.1.2.523
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 5fd424d6-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33201
+
+cn: Proxy-Lifetime
+ldapDisplayName: proxyLifetime
+attributeId: 1.2.840.113556.1.4.103
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967a07-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Public-Key-Policy
+ldapDisplayName: publicKeyPolicy
+attributeId: 1.2.840.113556.1.4.420
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 80a67e28-9f22-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: a29b89fd-c7e8-11d0-9bae-00c04fd92ef5
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Purported-Search
+ldapDisplayName: purportedSearch
+attributeId: 1.2.840.113556.1.4.886
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b4b54e50-943a-11d1-aebd-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Pwd-History-Length
+ldapDisplayName: pwdHistoryLength
+attributeId: 1.2.840.113556.1.4.95
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a09-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65535
+attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Pwd-Last-Set
+ldapDisplayName: pwdLastSet
+attributeId: 1.2.840.113556.1.4.96
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967a0a-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 4c164200-20c0-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Pwd-Properties
+ldapDisplayName: pwdProperties
+attributeId: 1.2.840.113556.1.4.93
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a0b-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Quality-Of-Service
+ldapDisplayName: qualityOfService
+attributeId: 1.2.840.113556.1.4.458
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 80a67e4e-9f22-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: a29b8a01-c7e8-11d0-9bae-00c04fd92ef5
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Query-Filter
+ldapDisplayName: queryFilter
+attributeId: 1.2.840.113556.1.4.1355
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: cbf70a26-7e78-11d2-9921-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: QueryPoint
+ldapDisplayName: queryPoint
+attributeId: 1.2.840.113556.1.4.680
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7bfdcb86-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Query-Policy-BL
+ldapDisplayName: queryPolicyBL
+attributeId: 1.2.840.113556.1.4.608
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: e1aea404-cd5b-11d0-afff-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 69
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: Query-Policy-Object
+ldapDisplayName: queryPolicyObject
+attributeId: 1.2.840.113556.1.4.607
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: e1aea403-cd5b-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 68
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Range-Lower
+ldapDisplayName: rangeLower
+attributeId: 1.2.840.113556.1.2.34
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a0c-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33043
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Range-Upper
+ldapDisplayName: rangeUpper
+attributeId: 1.2.840.113556.1.2.35
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a0d-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33044
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: RDN
+ldapDisplayName: name
+attributeId: 1.2.840.113556.1.4.1
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a0e-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE| fANR | fATTINDEX
+rangeLower: 1
+rangeUpper: 255
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 33282
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: RDN-Att-ID
+ldapDisplayName: rDNAttID
+attributeId: 1.2.840.113556.1.2.26
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: TRUE
+schemaIdGuid: bf967a0f-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Registered-Address
+ldapDisplayName: registeredAddress
+attributeId: 2.5.4.26
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967a10-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 4096
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 33049
+
+cn: Remote-Server-Name
+ldapDisplayName: remoteServerName
+attributeId: 1.2.840.113556.1.4.105
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf967a12-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Remote-Source
+ldapDisplayName: remoteSource
+attributeId: 1.2.840.113556.1.4.107
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a14-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 1024
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Remote-Source-Type
+ldapDisplayName: remoteSourceType
+attributeId: 1.2.840.113556.1.4.108
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a15-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Remote-Storage-GUID
+ldapDisplayName: remoteStorageGUID
+attributeId: 1.2.840.113556.1.4.809
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2a39c5b0-8960-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Replica-Source
+ldapDisplayName: replicaSource
+attributeId: 1.2.840.113556.1.4.109
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a18-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Repl-Interval
+ldapDisplayName: replInterval
+attributeId: 1.2.840.113556.1.4.1336
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 45ba9d1a-56fa-11d2-90d0-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Repl-Property-Meta-Data
+ldapDisplayName: replPropertyMetaData
+attributeId: 1.2.840.113556.1.4.3
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 281416c0-1968-11d0-a28f-00aa003049e2
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_OPERATIONAL |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Repl-Topology-Stay-Of-Execution
+ldapDisplayName: replTopologyStayOfExecution
+attributeId: 1.2.840.113556.1.4.677
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7bfdcb83-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Repl-UpToDate-Vector
+ldapDisplayName: replUpToDateVector
+attributeId: 1.2.840.113556.1.4.4
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967a16-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Reports
+ldapDisplayName: directReports
+attributeId: 1.2.840.113556.1.2.436
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: bf967a1c-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+linkID: 43
+mapiID: 32782
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: Reps-From
+ldapDisplayName: repsFrom
+attributeId: 1.2.840.113556.1.2.91
+attributeSyntax: 2.5.5.10
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.6
+isSingleValued: FALSE
+schemaIdGuid: bf967a1d-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Reps-To
+ldapDisplayName: repsTo
+attributeId: 1.2.840.113556.1.2.83
+attributeSyntax: 2.5.5.10
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.6
+isSingleValued: FALSE
+schemaIdGuid: bf967a1e-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Required-Categories
+ldapDisplayName: requiredCategories
+attributeId: 1.2.840.113556.1.4.321
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 7d6c0e93-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Retired-Repl-DSA-Signatures
+ldapDisplayName: retiredReplDSASignatures
+attributeId: 1.2.840.113556.1.4.673
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 7bfdcb7f-4807-11d1-a9c3-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Revision
+ldapDisplayName: revision
+attributeId: 1.2.840.113556.1.4.145
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a21-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Rid
+ldapDisplayName: rid
+attributeId: 1.2.840.113556.1.4.153
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a22-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: RID-Allocation-Pool
+ldapDisplayName: rIDAllocationPool
+attributeId: 1.2.840.113556.1.4.371
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 66171889-8f3c-11d0-afda-00c04fd930c9
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: RID-Available-Pool
+ldapDisplayName: rIDAvailablePool
+attributeId: 1.2.840.113556.1.4.370
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 66171888-8f3c-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: RID-Manager-Reference
+ldapDisplayName: rIDManagerReference
+attributeId: 1.2.840.113556.1.4.368
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 66171886-8f3c-11d0-afda-00c04fd930c9
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: RID-Next-RID
+ldapDisplayName: rIDNextRID
+attributeId: 1.2.840.113556.1.4.374
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 6617188c-8f3c-11d0-afda-00c04fd930c9
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: RID-Previous-Allocation-Pool
+ldapDisplayName: rIDPreviousAllocationPool
+attributeId: 1.2.840.113556.1.4.372
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 6617188a-8f3c-11d0-afda-00c04fd930c9
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: RID-Set-References
+ldapDisplayName: rIDSetReferences
+attributeId: 1.2.840.113556.1.4.669
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 7bfdcb7b-4807-11d1-a9c3-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: RID-Used-Pool
+ldapDisplayName: rIDUsedPool
+attributeId: 1.2.840.113556.1.4.373
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 6617188b-8f3c-11d0-afda-00c04fd930c9
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Rights-Guid
+ldapDisplayName: rightsGuid
+attributeId: 1.2.840.113556.1.4.340
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 8297931c-86d3-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 36
+rangeUpper: 36
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Role-Occupant
+ldapDisplayName: roleOccupant
+attributeId: 2.5.4.33
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: a8df7465-c5ea-11d1-bbcb-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33061
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: roomNumber
+ldapDisplayName: roomNumber
+attributeId: 0.9.2342.19200300.100.1.6
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 81d7f8c2-e327-4a0d-91c6-b42d4009115f
+systemOnly: FALSE
+searchFlags: 0
+showInAdvancedViewOnly: FALSE
+systemFlags: 0
+
+cn: Root-Trust
+ldapDisplayName: rootTrust
+attributeId: 1.2.840.113556.1.4.674
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 7bfdcb80-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: rpc-Ns-Annotation
+ldapDisplayName: rpcNsAnnotation
+attributeId: 1.2.840.113556.1.4.366
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 88611bde-8cf4-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Ns-Bindings
+ldapDisplayName: rpcNsBindings
+attributeId: 1.2.840.113556.1.4.113
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf967a23-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Ns-Codeset
+ldapDisplayName: rpcNsCodeset
+attributeId: 1.2.840.113556.1.4.367
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7a0ba0e0-8e98-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Ns-Entry-Flags
+ldapDisplayName: rpcNsEntryFlags
+attributeId: 1.2.840.113556.1.4.754
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 80212841-4bdc-11d1-a9c4-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Ns-Group
+ldapDisplayName: rpcNsGroup
+attributeId: 1.2.840.113556.1.4.114
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf967a24-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Ns-Interface-ID
+ldapDisplayName: rpcNsInterfaceID
+attributeId: 1.2.840.113556.1.4.115
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a25-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Ns-Object-ID
+ldapDisplayName: rpcNsObjectID
+attributeId: 1.2.840.113556.1.4.312
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 29401c48-7a27-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Ns-Priority
+ldapDisplayName: rpcNsPriority
+attributeId: 1.2.840.113556.1.4.117
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+schemaIdGuid: bf967a27-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Ns-Profile-Entry
+ldapDisplayName: rpcNsProfileEntry
+attributeId: 1.2.840.113556.1.4.118
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a28-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Ns-Transfer-Syntax
+ldapDisplayName: rpcNsTransferSyntax
+attributeId: 1.2.840.113556.1.4.314
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 29401c4a-7a27-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: SAM-Account-Name
+ldapDisplayName: sAMAccountName
+attributeId: 1.2.840.113556.1.4.221
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3e0abfd0-126a-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: fPRESERVEONDELETE| fANR | fATTINDEX
+rangeLower: 0
+rangeUpper: 256
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: SAM-Account-Type
+ldapDisplayName: sAMAccountType
+attributeId: 1.2.840.113556.1.4.302
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 6e7b626c-64f2-11d0-afd2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: SAM-Domain-Updates
+ldapDisplayName: samDomainUpdates
+attributeId: 1.2.840.113556.1.4.1969
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 04d2d114-f799-4e9b-bcdc-90e8f5ba7ebe
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Schedule
+ldapDisplayName: schedule
+attributeId: 1.2.840.113556.1.4.211
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: dd712224-10e4-11d0-a05f-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Schema-Flags-Ex
+ldapDisplayName: schemaFlagsEx
+attributeId: 1.2.840.113556.1.4.120
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a2b-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Schema-ID-GUID
+ldapDisplayName: schemaIDGUID
+attributeId: 1.2.840.113556.1.4.148
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967923-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Schema-Info
+ldapDisplayName: schemaInfo
+attributeId: 1.2.840.113556.1.4.1358
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: f9fb64ae-93b4-11d2-9945-0000f87a57d4
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Schema-Update
+ldapDisplayName: schemaUpdate
+attributeId: 1.2.840.113556.1.4.481
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: 1e2d06b4-ac8f-11d0-afe3-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: Schema-Version
+ldapDisplayName: schemaVersion
+attributeId: 1.2.840.113556.1.2.471
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+schemaIdGuid: bf967a2c-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33148
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Scope-Flags
+ldapDisplayName: scopeFlags
+attributeId: 1.2.840.113556.1.4.1354
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 16f3a4c2-7e79-11d2-9921-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Script-Path
+ldapDisplayName: scriptPath
+attributeId: 1.2.840.113556.1.4.62
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf9679a8-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: SD-Rights-Effective
+ldapDisplayName: sDRightsEffective
+attributeId: 1.2.840.113556.1.4.1304
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: c3dbafa6-33df-11d2-98b2-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Search-Flags
+ldapDisplayName: searchFlags
+attributeId: 1.2.840.113556.1.2.334
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+schemaIdGuid: bf967a2d-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+mapiID: 33069
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Search-Guide
+ldapDisplayName: searchGuide
+attributeId: 2.5.4.14
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967a2e-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33070
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: secretary
+ldapDisplayName: secretary
+attributeId: 0.9.2342.19200300.100.1.21
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 01072d9a-98ad-4a53-9744-e83e287278fb
+systemOnly: FALSE
+searchFlags: 0
+showInAdvancedViewOnly: FALSE
+systemFlags: 0
+
+cn: Security-Identifier
+ldapDisplayName: securityIdentifier
+attributeId: 1.2.840.113556.1.4.121
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967a2f-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: See-Also
+ldapDisplayName: seeAlso
+attributeId: 2.5.4.34
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: bf967a31-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33071
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Seq-Notification
+ldapDisplayName: seqNotification
+attributeId: 1.2.840.113556.1.4.504
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ddac0cf2-af8f-11d0-afeb-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Serial-Number
+ldapDisplayName: serialNumber
+attributeId: 2.5.4.5
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: bf967a32-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+mapiID: 33072
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Server-Name
+ldapDisplayName: serverName
+attributeId: 1.2.840.113556.1.4.223
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 09dcb7a0-165f-11d0-a064-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 1024
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Server-Reference
+ldapDisplayName: serverReference
+attributeId: 1.2.840.113556.1.4.515
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 26d9736d-6070-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 94
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Server-Reference-BL
+ldapDisplayName: serverReferenceBL
+attributeId: 1.2.840.113556.1.4.516
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 26d9736e-6070-11d1-a9c6-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 95
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Server-Role
+ldapDisplayName: serverRole
+attributeId: 1.2.840.113556.1.4.157
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a33-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: b8119fd0-04f6-4762-ab7a-4986c76b3f9a
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Server-State
+ldapDisplayName: serverState
+attributeId: 1.2.840.113556.1.4.154
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a34-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: b8119fd0-04f6-4762-ab7a-4986c76b3f9a
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Service-Binding-Information
+ldapDisplayName: serviceBindingInformation
+attributeId: 1.2.840.113556.1.4.510
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: b7b1311c-b82e-11d0-afee-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-Class-ID
+ldapDisplayName: serviceClassID
+attributeId: 1.2.840.113556.1.4.122
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967a35-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-Class-Info
+ldapDisplayName: serviceClassInfo
+attributeId: 1.2.840.113556.1.4.123
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967a36-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-Class-Name
+ldapDisplayName: serviceClassName
+attributeId: 1.2.840.113556.1.4.509
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b7b1311d-b82e-11d0-afee-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-DNS-Name
+ldapDisplayName: serviceDNSName
+attributeId: 1.2.840.113556.1.4.657
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 28630eb8-41d5-11d1-a9c1-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-DNS-Name-Type
+ldapDisplayName: serviceDNSNameType
+attributeId: 1.2.840.113556.1.4.659
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 28630eba-41d5-11d1-a9c1-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-Instance-Version
+ldapDisplayName: serviceInstanceVersion
+attributeId: 1.2.840.113556.1.4.199
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967a37-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 8
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-Principal-Name
+ldapDisplayName: servicePrincipalName
+attributeId: 1.2.840.113556.1.4.771
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f3a64788-5306-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Setup-Command
+ldapDisplayName: setupCommand
+attributeId: 1.2.840.113556.1.4.325
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7d6c0e97-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ShadowExpire
+ldapDisplayName: shadowExpire
+attributeId: 1.3.6.1.1.1.1.10
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 75159a00-1fff-4cf4-8bff-4ef2695cf643
+systemOnly: FALSE
+searchFlags: 0
+
+cn: ShadowFlag
+ldapDisplayName: shadowFlag
+attributeId: 1.3.6.1.1.1.1.11
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 8dfeb70d-c5db-46b6-b15e-a4389e6cee9b
+systemOnly: FALSE
+searchFlags: 0
+
+cn: ShadowInactive
+ldapDisplayName: shadowInactive
+attributeId: 1.3.6.1.1.1.1.9
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 86871d1f-3310-4312-8efd-af49dcfb2671
+systemOnly: FALSE
+searchFlags: 0
+
+cn: ShadowLastChange
+ldapDisplayName: shadowLastChange
+attributeId: 1.3.6.1.1.1.1.5
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: f8f2689c-29e8-4843-8177-e8b98e15eeac
+systemOnly: FALSE
+searchFlags: 0
+
+cn: ShadowMax
+ldapDisplayName: shadowMax
+attributeId: 1.3.6.1.1.1.1.7
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: f285c952-50dd-449e-9160-3b880d99988d
+systemOnly: FALSE
+searchFlags: 0
+
+cn: ShadowMin
+ldapDisplayName: shadowMin
+attributeId: 1.3.6.1.1.1.1.6
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: a76b8737-e5a1-4568-b057-dc12e04be4b2
+systemOnly: FALSE
+searchFlags: 0
+
+cn: ShadowWarning
+ldapDisplayName: shadowWarning
+attributeId: 1.3.6.1.1.1.1.8
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7ae89c9c-2976-4a46-bb8a-340f88560117
+systemOnly: FALSE
+searchFlags: 0
+
+cn: Shell-Context-Menu
+ldapDisplayName: shellContextMenu
+attributeId: 1.2.840.113556.1.4.615
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 553fd039-f32e-11d0-b0bc-00c04fd8dca6
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Shell-Property-Pages
+ldapDisplayName: shellPropertyPages
+attributeId: 1.2.840.113556.1.4.563
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 52458039-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Short-Server-Name
+ldapDisplayName: shortServerName
+attributeId: 1.2.840.113556.1.4.1209
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 45b01501-c419-11d1-bbc9-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Show-In-Address-Book
+ldapDisplayName: showInAddressBook
+attributeId: 1.2.840.113556.1.4.644
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 3e74f60e-3e73-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Show-In-Advanced-View-Only
+ldapDisplayName: showInAdvancedViewOnly
+attributeId: 1.2.840.113556.1.2.169
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: bf967984-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY| fATTINDEX
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: SID-History
+ldapDisplayName: sIDHistory
+attributeId: 1.2.840.113556.1.4.609
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 17eb4278-d167-11d0-b002-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Signature-Algorithms
+ldapDisplayName: signatureAlgorithms
+attributeId: 1.2.840.113556.1.4.824
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2a39c5b2-8960-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Site-GUID
+ldapDisplayName: siteGUID
+attributeId: 1.2.840.113556.1.4.362
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 3e978924-8c01-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Site-Link-List
+ldapDisplayName: siteLinkList
+attributeId: 1.2.840.113556.1.4.822
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: d50c2cdd-8951-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 142
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Site-List
+ldapDisplayName: siteList
+attributeId: 1.2.840.113556.1.4.821
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: d50c2cdc-8951-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 144
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Site-Object
+ldapDisplayName: siteObject
+attributeId: 1.2.840.113556.1.4.512
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 3e10944c-c354-11d0-aff8-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 46
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Site-Object-BL
+ldapDisplayName: siteObjectBL
+attributeId: 1.2.840.113556.1.4.513
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 3e10944d-c354-11d0-aff8-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 47
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: Site-Server
+ldapDisplayName: siteServer
+attributeId: 1.2.840.113556.1.4.494
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 1be8f17c-a9ff-11d0-afe2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: SMTP-Mail-Address
+ldapDisplayName: mailAddress
+attributeId: 1.2.840.113556.1.4.786
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 26d9736f-6070-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: SPN-Mappings
+ldapDisplayName: sPNMappings
+attributeId: 1.2.840.113556.1.4.1347
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 2ab0e76c-7041-11d2-9905-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: State-Or-Province-Name
+ldapDisplayName: st
+attributeId: 2.5.4.8
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a39-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 128
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14888
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Street-Address
+ldapDisplayName: street
+attributeId: 2.5.4.9
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a3a-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 1024
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 33082
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Structural-Object-Class
+ldapDisplayName: structuralObjectClass
+attributeId: 2.5.21.9
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: 3860949f-f6a8-4b38-9950-81ecb6bc2982
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Sub-Class-Of
+ldapDisplayName: subClassOf
+attributeId: 1.2.840.113556.1.2.21
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: TRUE
+schemaIdGuid: bf967a3b-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Sub-Refs
+ldapDisplayName: subRefs
+attributeId: 1.2.840.113556.1.2.7
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: bf967a3c-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 33083
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: SubSchemaSubEntry
+ldapDisplayName: subSchemaSubEntry
+attributeId: 2.5.18.10
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad94d-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Superior-DNS-Root
+ldapDisplayName: superiorDNSRoot
+attributeId: 1.2.840.113556.1.4.532
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 5245801d-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Super-Scope-Description
+ldapDisplayName: superScopeDescription
+attributeId: 1.2.840.113556.1.4.711
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 963d274c-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Super-Scopes
+ldapDisplayName: superScopes
+attributeId: 1.2.840.113556.1.4.710
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: 963d274b-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Supplemental-Credentials
+ldapDisplayName: supplementalCredentials
+attributeId: 1.2.840.113556.1.4.125
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967a3f-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Supported-Application-Context
+ldapDisplayName: supportedApplicationContext
+attributeId: 2.5.4.30
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 1677588f-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33085
+
+cn: Surname
+ldapDisplayName: sn
+attributeId: 2.5.4.4
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a41-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fANR | fATTINDEX
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14865
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Sync-Attributes
+ldapDisplayName: syncAttributes
+attributeId: 1.2.840.113556.1.4.666
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 037651e4-441d-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Sync-Membership
+ldapDisplayName: syncMembership
+attributeId: 1.2.840.113556.1.4.665
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 037651e3-441d-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 78
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Sync-With-Object
+ldapDisplayName: syncWithObject
+attributeId: 1.2.840.113556.1.4.664
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 037651e2-441d-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Sync-With-SID
+ldapDisplayName: syncWithSID
+attributeId: 1.2.840.113556.1.4.667
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 037651e5-441d-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: System-Auxiliary-Class
+ldapDisplayName: systemAuxiliaryClass
+attributeId: 1.2.840.113556.1.4.198
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: bf967a43-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: System-Flags
+ldapDisplayName: systemFlags
+attributeId: 1.2.840.113556.1.4.375
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: e0fa1e62-9b45-11d0-afdd-00c04fd930c9
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: System-May-Contain
+ldapDisplayName: systemMayContain
+attributeId: 1.2.840.113556.1.4.196
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: bf967a44-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: System-Must-Contain
+ldapDisplayName: systemMustContain
+attributeId: 1.2.840.113556.1.4.197
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: bf967a45-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: System-Only
+ldapDisplayName: systemOnly
+attributeId: 1.2.840.113556.1.4.170
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: bf967a46-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: System-Poss-Superiors
+ldapDisplayName: systemPossSuperiors
+attributeId: 1.2.840.113556.1.4.195
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: bf967a47-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Telephone-Number
+ldapDisplayName: telephoneNumber
+attributeId: 2.5.4.20
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a49-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14856
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Teletex-Terminal-Identifier
+ldapDisplayName: teletexTerminalIdentifier
+attributeId: 2.5.4.22
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967a4a-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 33091
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Telex-Number
+ldapDisplayName: telexNumber
+attributeId: 2.5.4.21
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967a4b-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14892
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Telex-Primary
+ldapDisplayName: primaryTelexNumber
+attributeId: 1.2.840.113556.1.4.648
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 0296c121-40da-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Template-Roots
+ldapDisplayName: templateRoots
+attributeId: 1.2.840.113556.1.4.1346
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: ed9de9a0-7041-11d2-9905-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Template-Roots2
+ldapDisplayName: templateRoots2
+attributeId: 1.2.840.113556.1.4.2048
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+linkId: 2126
+schemaIdGuid: b1cba91a-0682-4362-a659-153e201ef069
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Terminal-Server
+ldapDisplayName: terminalServer
+attributeId: 1.2.840.113556.1.4.885
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 6db69a1c-9422-11d1-aebd-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeUpper: 20480
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+attributeSecurityGUID: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+
+cn: Text-Country
+ldapDisplayName: co
+attributeId: 1.2.840.113556.1.2.131
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f0f8ffa7-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 128
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14886
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Text-Encoded-OR-Address
+ldapDisplayName: textEncodedORAddress
+attributeId: 0.9.2342.19200300.100.1.2
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a8df7489-c5ea-11d1-bbcb-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 1024
+mapiID: 35969
+
+cn: Time-Refresh
+ldapDisplayName: timeRefresh
+attributeId: 1.2.840.113556.1.4.503
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: ddac0cf1-af8f-11d0-afeb-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Time-Vol-Change
+ldapDisplayName: timeVolChange
+attributeId: 1.2.840.113556.1.4.502
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: ddac0cf0-af8f-11d0-afeb-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Title
+ldapDisplayName: title
+attributeId: 2.5.4.12
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a55-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 128
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14871
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Token-Groups
+ldapDisplayName: tokenGroups
+attributeId: 1.2.840.113556.1.4.1301
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: b7c69e6d-2cc7-11d2-854e-00a0c983f608
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Token-Groups-Global-And-Universal
+ldapDisplayName: tokenGroupsGlobalAndUniversal
+attributeId: 1.2.840.113556.1.4.1418
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 46a9b11d-60ae-405a-b7e8-ff8a58d456d2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Token-Groups-No-GC-Acceptable
+ldapDisplayName: tokenGroupsNoGCAcceptable
+attributeId: 1.2.840.113556.1.4.1303
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 040fc392-33df-11d2-98b2-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Tombstone-Lifetime
+ldapDisplayName: tombstoneLifetime
+attributeId: 1.2.840.113556.1.2.54
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 16c3a860-1273-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33093
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Transport-Address-Attribute
+ldapDisplayName: transportAddressAttribute
+attributeId: 1.2.840.113556.1.4.895
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: TRUE
+schemaIdGuid: c1dc867c-a261-11d1-b606-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Transport-DLL-Name
+ldapDisplayName: transportDLLName
+attributeId: 1.2.840.113556.1.4.789
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 26d97372-6070-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 1024
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Transport-Type
+ldapDisplayName: transportType
+attributeId: 1.2.840.113556.1.4.791
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 26d97374-6070-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Treat-As-Leaf
+ldapDisplayName: treatAsLeaf
+attributeId: 1.2.840.113556.1.4.806
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 8fd044e3-771f-11d1-aeae-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Tree-Name
+ldapDisplayName: treeName
+attributeId: 1.2.840.113556.1.4.660
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 28630ebd-41d5-11d1-a9c1-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Trust-Attributes
+ldapDisplayName: trustAttributes
+attributeId: 1.2.840.113556.1.4.470
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 80a67e5a-9f22-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Trust-Auth-Incoming
+ldapDisplayName: trustAuthIncoming
+attributeId: 1.2.840.113556.1.4.129
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967a59-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Trust-Auth-Outgoing
+ldapDisplayName: trustAuthOutgoing
+attributeId: 1.2.840.113556.1.4.135
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967a5f-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Trust-Direction
+ldapDisplayName: trustDirection
+attributeId: 1.2.840.113556.1.4.132
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a5c-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Trust-Parent
+ldapDisplayName: trustParent
+attributeId: 1.2.840.113556.1.4.471
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: b000ea7a-a086-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Trust-Partner
+ldapDisplayName: trustPartner
+attributeId: 1.2.840.113556.1.4.133
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a5d-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 1
+rangeUpper: 1024
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Trust-Posix-Offset
+ldapDisplayName: trustPosixOffset
+attributeId: 1.2.840.113556.1.4.134
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a5e-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Trust-Type
+ldapDisplayName: trustType
+attributeId: 1.2.840.113556.1.4.136
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a60-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: UAS-Compat
+ldapDisplayName: uASCompat
+attributeId: 1.2.840.113556.1.4.155
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a61-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: b8119fd0-04f6-4762-ab7a-4986c76b3f9a
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: uid
+ldapDisplayName: uid
+attributeId: 0.9.2342.19200300.100.1.1
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0bb0fca0-1e89-429f-901a-1413894d9f59
+systemOnly: FALSE
+searchFlags: fPRESERVEONDELETE
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+showInAdvancedViewOnly: FALSE
+systemFlags: 0
+
+cn: UidNumber
+ldapDisplayName: uidNumber
+attributeId: 1.3.6.1.1.1.1.0
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 850fcc8f-9c6b-47e1-b671-7c654be4d5b3
+systemOnly: FALSE
+searchFlags: fATTINDEX
+
+cn: UNC-Name
+ldapDisplayName: uNCName
+attributeId: 1.2.840.113556.1.4.137
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a64-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Unicode-Pwd
+ldapDisplayName: unicodePwd
+attributeId: 1.2.840.113556.1.4.90
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf9679e1-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: uniqueIdentifier
+ldapDisplayName: uniqueIdentifier
+attributeId: 0.9.2342.19200300.100.1.44
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: ba0184c7-38c5-4bed-a526-75421470580c
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: uniqueMember
+ldapDisplayName: uniqueMember
+attributeId: 2.5.4.50
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 8f888726-f80a-44d7-b1ee-cb9df21392c8
+systemOnly: FALSE
+searchFlags: 0
+showInAdvancedViewOnly: FALSE
+systemFlags: 0
+
+cn: UnixHomeDirectory
+ldapDisplayName: unixHomeDirectory
+attributeId: 1.3.6.1.1.1.1.3
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: bc2dba12-000f-464d-bf1d-0808465d8843
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 2048
+
+cn: UnixUserPassword
+ldapDisplayName: unixUserPassword
+attributeId: 1.2.840.113556.1.4.1910
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 612cb747-c0e8-4f92-9221-fdd5f15b550d
+systemOnly: FALSE
+searchFlags:fCONFIDENTIAL
+rangeLower: 1
+rangeUpper: 128
+
+cn: unstructuredAddress
+ldapDisplayName: unstructuredAddress
+attributeId: 1.2.840.113549.1.9.8
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 50950839-cc4c-4491-863a-fcf942d684b7
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 256
+systemFlags: 0
+
+cn: unstructuredName
+ldapDisplayName: unstructuredName
+attributeId: 1.2.840.113549.1.9.2
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 9c8ef177-41cf-45c9-9673-7716c0c8901b
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 256
+systemFlags: 0
+
+cn: Upgrade-Product-Code
+ldapDisplayName: upgradeProductCode
+attributeId: 1.2.840.113556.1.4.813
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: d9e18312-8939-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: UPN-Suffixes
+ldapDisplayName: uPNSuffixes
+attributeId: 1.2.840.113556.1.4.890
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 032160bf-9824-11d1-aec0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: User-Account-Control
+ldapDisplayName: userAccountControl
+attributeId: 1.2.840.113556.1.4.8
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a68-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY| fPRESERVEONDELETE | fATTINDEX
+attributeSecurityGuid: 4c164200-20c0-11d0-a768-00aa006e0529
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: User-Cert
+ldapDisplayName: userCert
+attributeId: 1.2.840.113556.1.4.645
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967a69-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14882
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: userClass
+ldapDisplayName: userClass
+attributeId: 0.9.2342.19200300.100.1.8
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 11732a8a-e14d-4cc5-b92f-d93f51c6d8e4
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: User-Comment
+ldapDisplayName: comment
+attributeId: 1.2.840.113556.1.4.156
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a6a-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: User-Parameters
+ldapDisplayName: userParameters
+attributeId: 1.2.840.113556.1.4.138
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a6d-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+attributeSecurityGuid: 4c164200-20c0-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: User-Password
+ldapDisplayName: userPassword
+attributeId: 2.5.4.35
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967a6e-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 128
+mapiID: 33107
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: userPKCS12
+ldapDisplayName: userPKCS12
+attributeId: 2.16.840.1.113730.3.1.216
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 23998ab5-70f8-4007-a4c1-a84a38311f9a
+systemOnly: FALSE
+searchFlags: 0
+showInAdvancedViewOnly: FALSE
+systemFlags: 0
+
+cn: User-Principal-Name
+ldapDisplayName: userPrincipalName
+attributeId: 1.2.840.113556.1.4.656
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 28630ebb-41d5-11d1-a9c1-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeUpper: 1024
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: User-Shared-Folder
+ldapDisplayName: userSharedFolder
+attributeId: 1.2.840.113556.1.4.751
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 9a9a021f-4a5b-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: User-Shared-Folder-Other
+ldapDisplayName: userSharedFolderOther
+attributeId: 1.2.840.113556.1.4.752
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9a9a0220-4a5b-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: User-SMIME-Certificate
+ldapDisplayName: userSMIMECertificate
+attributeId: 2.16.840.1.113730.3.140
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: e16a9db2-403c-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 32768
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14960
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: 0
+
+cn: User-Workstations
+ldapDisplayName: userWorkstations
+attributeId: 1.2.840.113556.1.4.86
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf9679d7-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 0
+rangeUpper: 1024
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: USN-Changed
+ldapDisplayName: uSNChanged
+attributeId: 1.2.840.113556.1.2.120
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967a6f-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE | fATTINDEX
+mapiID: 32809
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: USN-Created
+ldapDisplayName: uSNCreated
+attributeId: 1.2.840.113556.1.2.19
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967a70-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE | fATTINDEX
+mapiID: 33108
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: USN-DSA-Last-Obj-Removed
+ldapDisplayName: uSNDSALastObjRemoved
+attributeId: 1.2.840.113556.1.2.267
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967a71-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 33109
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: USN-Intersite
+ldapDisplayName: USNIntersite
+attributeId: 1.2.840.113556.1.2.469
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: a8df7498-c5ea-11d1-bbcb-0080c76670c0
+systemOnly: FALSE
+searchFlags: fATTINDEX
+mapiID: 33146
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: USN-Last-Obj-Rem
+ldapDisplayName: uSNLastObjRem
+attributeId: 1.2.840.113556.1.2.121
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967a73-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 33110
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: USN-Source
+ldapDisplayName: uSNSource
+attributeId: 1.2.840.113556.1.4.896
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 167758ad-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33111
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Valid-Accesses
+ldapDisplayName: validAccesses
+attributeId: 1.2.840.113556.1.4.1356
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 4d2fa380-7f54-11d2-992a-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Vendor
+ldapDisplayName: vendor
+attributeId: 1.2.840.113556.1.4.255
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 281416df-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 512
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Version-Number
+ldapDisplayName: versionNumber
+attributeId: 1.2.840.113556.1.4.141
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a76-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Version-Number-Hi
+ldapDisplayName: versionNumberHi
+attributeId: 1.2.840.113556.1.4.328
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7d6c0e9a-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Version-Number-Lo
+ldapDisplayName: versionNumberLo
+attributeId: 1.2.840.113556.1.4.329
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7d6c0e9b-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Vol-Table-GUID
+ldapDisplayName: volTableGUID
+attributeId: 1.2.840.113556.1.4.336
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 1f0075fd-7e40-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Vol-Table-Idx-GUID
+ldapDisplayName: volTableIdxGUID
+attributeId: 1.2.840.113556.1.4.334
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 1f0075fb-7e40-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Volume-Count
+ldapDisplayName: volumeCount
+attributeId: 1.2.840.113556.1.4.507
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 34aaa217-b699-11d0-afee-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Wbem-Path
+ldapDisplayName: wbemPath
+attributeId: 1.2.840.113556.1.4.301
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 244b2970-5abd-11d0-afd2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Well-Known-Objects
+ldapDisplayName: wellKnownObjects
+attributeId: 1.2.840.113556.1.4.618
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.11
+isSingleValued: FALSE
+schemaIdGuid: 05308983-7688-11d1-aded-00c04fd8d5cd
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: When-Changed
+ldapDisplayName: whenChanged
+attributeId: 1.2.840.113556.1.2.3
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: bf967a77-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 12296
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: When-Created
+ldapDisplayName: whenCreated
+attributeId: 1.2.840.113556.1.2.2
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: bf967a78-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 12295
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Winsock-Addresses
+ldapDisplayName: winsockAddresses
+attributeId: 1.2.840.113556.1.4.142
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967a79-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: WWW-Home-Page
+ldapDisplayName: wWWHomePage
+attributeId: 1.2.840.113556.1.2.464
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a7a-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 2048
+attributeSecurityGuid: e45795b3-9455-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: WWW-Page-Other
+ldapDisplayName: url
+attributeId: 1.2.840.113556.1.4.749
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9a9a0221-4a5b-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: e45795b3-9455-11d1-aebd-0000f80367c1
+mapiID: 33141
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: X121-Address
+ldapDisplayName: x121Address
+attributeId: 2.5.4.24
+attributeSyntax: 2.5.5.6
+omSyntax: 18
+isSingleValued: FALSE
+schemaIdGuid: bf967a7b-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 15
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 33112
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: x500uniqueIdentifier
+ldapDisplayName: x500uniqueIdentifier
+attributeId: 2.5.4.45
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: d07da11f-8a3d-42b6-b0aa-76c962be719a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: 0
+
+cn: X509-Cert
+ldapDisplayName: userCertificate
+attributeId: 2.5.4.36
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967a7f-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 32768
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 35946
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
diff --git a/source4/setup/ad-schema/MS-AD_Schema_2K8_R2_Classes.txt b/source4/setup/ad-schema/MS-AD_Schema_2K8_R2_Classes.txt
new file mode 100644
index 0000000..27beb35
--- /dev/null
+++ b/source4/setup/ad-schema/MS-AD_Schema_2K8_R2_Classes.txt
@@ -0,0 +1,3577 @@
+#Intellectual Property Rights Notice for Protocol Documentation
+#•	Copyrights. This protocol documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you may make copies of it in order to develop implementations of the protocols, and may distribute portions of it in your implementations of the protocols or your documentation as necessary to properly document the implementation. You may also distribute in your implementation, with or without modification, any schema, IDL’s, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the protocol documentation.
+#•	No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation.
+#•	Patents. Microsoft has patents that may cover your implementations of the protocols. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, the protocols may be covered by Microsoft’s Open Specification Promise (available here: http://www.microsoft.com/interop/osp). If you would prefer a written license, or if the protocols are not covered by the OSP, patent licenses are available by contacting protocol@microsoft.com.
+#•	Trademarks. The names of companies and products contained in this documentation may be covered by trademarks or similar intellectual property rights. This notice does not grant any licenses under those rights.
+#Reservation of Rights. All other rights are reserved, and this notice does not grant any rights other than specifically described above, whether by implication, estoppel, or otherwise.
+#Tools. This protocol documentation is intended for use in conjunction with publicly available standard specifications and network programming art, and assumes that the reader either is familiar with the aforementioned material or has immediate access to it. A protocol specification does not require the use of Microsoft programming tools or programming environments in order for you to develop an implementation. If you have access to Microsoft programming tools and environments you are free to take advantage of them.
+#
+
+
+cn: account
+ldapDisplayName: account
+governsId: 0.9.2342.19200300.100.4.5
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: uid, host, ou, o, l, seeAlso, description
+possSuperiors: organizationalUnit, container
+schemaIdGuid:2628a46a-a6ad-4ae0-b854-2b12d9fe6f9e
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=account,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ACS-Policy
+ldapDisplayName: aCSPolicy
+governsId: 1.2.840.113556.1.5.137
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: aCSTotalNoOfFlows, aCSTimeOfDay, aCSServiceType,aCSPriority, aCSPermissionBits, aCSMinimumDelayVariation,aCSMinimumLatency, aCSMaximumSDUSize, aCSMinimumPolicedSize,aCSMaxTokenRatePerFlow, aCSMaxTokenBucketPerFlow,aCSMaxPeakBandwidthPerFlow, aCSMaxDurationPerFlow,aCSMaxAggregatePeakRatePerUser, aCSIdentityName, aCSDirection,aCSAggregateTokenRatePerUser
+systemPossSuperiors: container
+schemaIdGuid:7f561288-5301-11d1-a9c5-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ACS-Policy,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Resource-Limits
+ldapDisplayName: aCSResourceLimits
+governsId: 1.2.840.113556.1.5.191
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: aCSMaxTokenRatePerFlow, aCSServiceType,aCSMaxPeakBandwidthPerFlow, aCSMaxPeakBandwidth,aCSAllocableRSVPBandwidth
+systemPossSuperiors: container
+schemaIdGuid:2e899b04-2834-11d3-91d4-0000f87a57d4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ACS-Resource-Limits,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Subnet
+ldapDisplayName: aCSSubnet
+governsId: 1.2.840.113556.1.5.138
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: aCSServerList, aCSRSVPLogFilesLocation,aCSRSVPAccountFilesLocation, aCSNonReservedTxSize,aCSNonReservedTxLimit, aCSNonReservedTokenSize,aCSNonReservedPeakRate, aCSNonReservedMinPolicedSize,aCSNonReservedMaxSDUSize, aCSMaxTokenRatePerFlow,aCSMaxSizeOfRSVPLogFile, aCSMaxSizeOfRSVPAccountFile,aCSMaxPeakBandwidthPerFlow, aCSMaxPeakBandwidth, aCSMaxNoOfLogFiles,aCSMaxNoOfAccountFiles, aCSMaxDurationPerFlow, aCSEventLogLevel,aCSEnableRSVPMessageLogging, aCSEnableRSVPAccounting,aCSEnableACSService, aCSDSBMRefresh, aCSDSBMPriority,aCSDSBMDeadTime, aCSCacheTimeout, aCSAllocableRSVPBandwidth
+systemPossSuperiors: container
+schemaIdGuid:7f561289-5301-11d1-a9c5-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ACS-Subnet,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Address-Book-Container
+ldapDisplayName: addressBookContainer
+governsId: 1.2.840.113556.1.5.125
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: displayName
+systemMayContain: purportedSearch
+systemPossSuperiors: addressBookContainer, configuration
+schemaIdGuid:3e74f60f-3e73-11d1-a9c0-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(OA;;CR;a1990816-4298-11d1-ade2-00c04fd8d5cd;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Address-Book-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Address-Template
+ldapDisplayName: addressTemplate
+governsId: 1.2.840.113556.1.3.58
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: displayTemplate
+systemMustContain: displayName
+systemMayContain: proxyGenerationEnabled, perRecipDialogDisplayTable,perMsgDialogDisplayTable, addressType, addressSyntax
+systemPossSuperiors: container
+schemaIdGuid:5fd4250a-1262-11d0-a060-00aa006c33ed
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Address-Template,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Application-Entity
+ldapDisplayName: applicationEntity
+governsId: 2.5.6.12
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: presentationAddress, cn
+systemMayContain: supportedApplicationContext, seeAlso, ou, o, l
+systemPossSuperiors: applicationProcess, organizationalUnit,container
+schemaIdGuid:3fdfee4f-47f4-11d1-a9c3-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Application-Entity,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Application-Process
+ldapDisplayName: applicationProcess
+governsId: 2.5.6.11
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+systemMayContain: seeAlso, ou, l
+systemPossSuperiors: organizationalUnit, organization, container,computer
+schemaIdGuid:5fd4250b-1262-11d0-a060-00aa006c33ed
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=Application-Process,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Application-Settings
+ldapDisplayName: applicationSettings
+governsId: 1.2.840.113556.1.5.7000.49
+objectClassCategory: 2
+rdnAttId: cn
+subClassOf: top
+systemMayContain: notificationList, msDS-Settings, applicationName
+systemPossSuperiors: server
+schemaIdGuid:f780acc1-56f0-11d1-a9c6-0000f80367c1
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Application-Settings,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Application-Site-Settings
+ldapDisplayName: applicationSiteSettings
+governsId: 1.2.840.113556.1.5.68
+objectClassCategory: 2
+rdnAttId: cn
+subClassOf: top
+systemMayContain: notificationList, applicationName
+systemPossSuperiors: site
+schemaIdGuid:19195a5c-6da0-11d0-afd3-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Application-Site-Settings,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Application-Version
+ldapDisplayName: applicationVersion
+governsId: 1.2.840.113556.1.5.216
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: applicationSettings
+mayContain: owner, managedBy, keywords, versionNumberLo,versionNumberHi, versionNumber, vendor, appSchemaVersion
+possSuperiors: organizationalUnit, computer, container
+schemaIdGuid:ddc790ac-af4d-442a-8f0f-a1d4caa7dd92
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Application-Version,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: 0
+
+cn: Attribute-Schema
+ldapDisplayName: attributeSchema
+governsId: 1.2.840.113556.1.3.14
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: schemaIDGUID, oMSyntax, lDAPDisplayName,isSingleValued, cn, attributeSyntax, attributeID
+systemMayContain: systemOnly, searchFlags, schemaFlagsEx, rangeUpper,rangeLower, oMObjectClass, msDs-Schema-Extensions, msDS-IntId,mAPIID, linkID, isMemberOfPartialAttributeSet, isEphemeral,isDefunct, extendedCharsAllowed, classDisplayName,attributeSecurityGUID
+systemPossSuperiors: dMD
+schemaIdGuid:bf967a80-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:S:
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_DOMAIN_DISALLOW_RENAME
+
+cn: BootableDevice
+ldapDisplayName: bootableDevice
+governsId: 1.3.6.1.1.1.2.12
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+mayContain: cn, bootParameter, bootFile
+schemaIdGuid:4bcb2477-4bb3-4545-a9fc-fb66e136b435
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=BootableDevice,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Builtin-Domain
+ldapDisplayName: builtinDomain
+governsId: 1.2.840.113556.1.5.4
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemAuxiliaryClass: samDomainBase
+systemPossSuperiors: domainDNS
+schemaIdGuid:bf967a81-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Builtin-Domain,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Category-Registration
+ldapDisplayName: categoryRegistration
+governsId: 1.2.840.113556.1.5.74
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: leaf
+systemMayContain: managedBy, localizedDescription, localeID,categoryId
+systemPossSuperiors: classStore
+schemaIdGuid:7d6c0e9d-7e20-11d0-afd6-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Category-Registration,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Certification-Authority
+ldapDisplayName: certificationAuthority
+governsId: 2.5.6.16
+objectClassCategory: 0
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn, certificateRevocationList, cACertificate,authorityRevocationList
+systemMayContain: teletexTerminalIdentifier,supportedApplicationContext, signatureAlgorithms, searchGuide,previousParentCA, previousCACertificates, pendingParentCA,pendingCACertificates, parentCACertificateChain, parentCA,enrollmentProviders, domainPolicyObject, domainID, dNSHostName,deltaRevocationList, currentParentCA, crossCertificatePair,cRLObject, certificateTemplates, cAWEBURL, cAUsages, cAConnect,cACertificateDN
+systemPossSuperiors: container
+schemaIdGuid:3fdfee50-47f4-11d1-a9c3-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Certification-Authority,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Class-Registration
+ldapDisplayName: classRegistration
+governsId: 1.2.840.113556.1.5.10
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: leaf
+systemMayContain: requiredCategories, managedBy,implementedCategories, cOMTreatAsClassId, cOMProgID,cOMOtherProgId, cOMInterfaceID, cOMCLSID
+systemPossSuperiors: classStore
+schemaIdGuid:bf967a82-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Class-Registration,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Class-Schema
+ldapDisplayName: classSchema
+governsId: 1.2.840.113556.1.3.13
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: subClassOf, schemaIDGUID, objectClassCategory,governsID, defaultObjectCategory, cn
+systemMayContain: systemPossSuperiors, systemOnly, systemMustContain,systemMayContain, systemAuxiliaryClass, schemaFlagsEx, rDNAttID,possSuperiors, mustContain, msDs-Schema-Extensions, msDS-IntId,mayContain, lDAPDisplayName, isDefunct, defaultSecurityDescriptor,defaultHidingValue, classDisplayName, auxiliaryClass
+systemPossSuperiors: dMD
+schemaIdGuid:bf967a83-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:S:
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_DOMAIN_DISALLOW_RENAME
+
+cn: Class-Store
+ldapDisplayName: classStore
+governsId: 1.2.840.113556.1.5.44
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: versionNumber, nextLevelStore, lastUpdateSequence,appSchemaVersion
+systemPossSuperiors: domainPolicy, computer, group, user, classStore,organizationalUnit, domainDNS, container
+schemaIdGuid:bf967a84-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Class-Store,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Com-Connection-Point
+ldapDisplayName: comConnectionPoint
+governsId: 1.2.840.113556.1.5.11
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: connectionPoint
+systemMustContain: cn
+systemMayContain: monikerDisplayName, moniker, marshalledInterface
+systemPossSuperiors: container
+schemaIdGuid:bf967a85-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Com-Connection-Point,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Computer
+ldapDisplayName: computer
+governsId: 1.2.840.113556.1.3.30
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: user
+auxiliaryClass: ipHost
+mayContain: msSFU30Aliases, msSFU30NisDomain, nisMapName,msSFU30Name
+systemMayContain: msTSEndpointData, msTSEndpointType,msTSEndpointPlugin, msDS-HostServiceAccount,msDS-IsUserCachableAtRodc, msTSProperty02,msTSProperty01, msTPM-OwnerInformation, msDS-RevealOnDemandGroup,msDS-NeverRevealGroup, msDS-PromotionSettings, msDS-SiteName,msDS-isRODC, msDS-isGC, msDS-AuthenticatedAtDC, msDS-RevealedList,msDS-RevealedUsers, msDS-ExecuteScriptPassword, msDS-KrbTgtLink,volumeCount, siteGUID, rIDSetReferences, policyReplicationFlags,physicalLocationObject, operatingSystemVersion,operatingSystemServicePack, operatingSystemHotfix, operatingSystem,networkAddress, netbootSIFFile, netbootMirrorDataFile,netbootMachineFilePath, netbootInitialization, netbootGUID,msDS-AdditionalSamAccountName, msDS-AdditionalDnsHostName,managedBy, machineRole, location, localPolicyFlags, dNSHostName,defaultLocalPolicyObject, cn, catalogs, msTSPrimaryDesktopBL, msTSSecondaryDesktopBL
+systemPossSuperiors: container, organizationalUnit, domainDNS
+schemaIdGuid:bf967a86-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCRLCLORCSDDT;;;CO)(OA;;WP;4c164200-20c0-11d0-a768-00aa006e0529;;CO)(A;;RPLCLORC;;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(A;;CCDC;;;PS)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO)(OA;;WP;3e0abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967950-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Computer,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Configuration
+ldapDisplayName: configuration
+governsId: 1.2.840.113556.1.5.12
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+systemMayContain: msDS-USNLastSyncSuccess, gPOptions, gPLink
+systemPossSuperiors: domainDNS
+schemaIdGuid:bf967a87-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=Configuration,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Connection-Point
+ldapDisplayName: connectionPoint
+governsId: 1.2.840.113556.1.5.14
+objectClassCategory: 2
+rdnAttId: cn
+subClassOf: leaf
+systemMustContain: cn
+systemMayContain: msDS-Settings, managedBy, keywords
+systemPossSuperiors: container, computer
+schemaIdGuid:5cb41ecf-0e4c-11d0-a286-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Connection-Point,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Contact
+ldapDisplayName: contact
+governsId: 1.2.840.113556.1.5.15
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: organizationalPerson
+systemAuxiliaryClass: mailRecipient
+systemMustContain: cn
+mayContain: msDS-SourceObjectDN
+systemMayContain: notes
+systemPossSuperiors: organizationalUnit, domainDNS
+schemaIdGuid:5cb41ed0-0e4c-11d0-a286-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Container
+ldapDisplayName: container
+governsId: 1.2.840.113556.1.3.23
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+mayContain: msDS-ObjectReference
+systemMayContain: schemaVersion, defaultClassStore
+systemPossSuperiors: msDS-AzScope, msDS-AzApplication,msDS-AzAdminManager, subnet, server, nTDSService, domainDNS,organization, configuration, container, organizationalUnit
+schemaIdGuid:bf967a8b-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Control-Access-Right
+ldapDisplayName: controlAccessRight
+governsId: 1.2.840.113556.1.5.77
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: validAccesses, rightsGuid, localizationDisplayId,appliesTo
+systemPossSuperiors: container
+schemaIdGuid:8297931e-86d3-11d0-afda-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Control-Access-Right,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Country
+ldapDisplayName: country
+governsId: 2.5.6.2
+objectClassCategory: 0
+rdnAttId: c
+subClassOf: top
+systemMustContain: c
+systemMayContain: co, searchGuide
+systemPossSuperiors: domainDNS, organization
+schemaIdGuid:bf967a8c-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Country,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: CRL-Distribution-Point
+ldapDisplayName: cRLDistributionPoint
+governsId: 2.5.6.19
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+systemMayContain: deltaRevocationList, cRLPartitionedRevocationList,certificateRevocationList, certificateAuthorityObject,authorityRevocationList
+systemPossSuperiors: container
+schemaIdGuid:167758ca-47f3-11d1-a9c3-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=CRL-Distribution-Point,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Cross-Ref
+ldapDisplayName: crossRef
+governsId: 1.2.840.113556.1.3.11
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: nCName, dnsRoot, cn
+systemMayContain: msDS-NC-RO-Replica-Locations, trustParent,superiorDNSRoot, rootTrust, nTMixedDomain, nETBIOSName, Enabled,msDS-SDReferenceDomain,msDS-Replication-Notify-Subsequent-DSA-Delay,msDS-Replication-Notify-First-DSA-Delay, msDS-NC-Replica-Locations,msDS-DnsRootAlias, msDS-Behavior-Version
+systemPossSuperiors: crossRefContainer
+schemaIdGuid:bf967a8d-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Cross-Ref-Container
+ldapDisplayName: crossRefContainer
+governsId: 1.2.840.113556.1.5.7000.53
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msDS-EnabledFeature, msDS-SPNSuffixes, uPNSuffixes,msDS-UpdateScript, msDS-ExecuteScriptPassword, msDS-Behavior-Version
+systemPossSuperiors: configuration
+schemaIdGuid:ef9e60e0-56f7-11d1-a9c6-0000f80367c1
+defaultSecurityDescriptor: D:(A;;GA;;;SY)
+defaultHidingValue: FALSE
+systemOnly: TRUE
+defaultObjectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Device
+ldapDisplayName: device
+governsId: 2.5.6.14
+objectClassCategory: 0
+rdnAttId: cn
+subClassOf: top
+auxiliaryClass: ipHost, ieee802Device, bootableDevice
+systemMustContain: cn
+mayContain: msSFU30Name, msSFU30NisDomain, nisMapName, msSFU30Aliases
+systemMayContain: serialNumber, seeAlso, owner, ou, o, l
+systemPossSuperiors: domainDNS, organizationalUnit, organization,container
+schemaIdGuid:bf967a8e-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Device,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Dfs-Configuration
+ldapDisplayName: dfsConfiguration
+governsId: 1.2.840.113556.1.5.42
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemPossSuperiors: container, domainDNS
+schemaIdGuid:8447f9f2-1027-11d0-a05f-00aa006c33ed
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Dfs-Configuration,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DHCP-Class
+ldapDisplayName: dHCPClass
+governsId: 1.2.840.113556.1.5.132
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: dhcpUniqueKey, dhcpType, dhcpIdentification,dhcpFlags
+systemMayContain: superScopes, superScopeDescription,optionsLocation, optionDescription, networkAddress, mscopeId,dhcpUpdateTime, dhcpSubnets, dhcpState, dhcpSites, dhcpServers,dhcpReservations, dhcpRanges, dhcpProperties, dhcpOptions,dhcpObjName, dhcpObjDescription, dhcpMaxKey, dhcpMask, dhcpClasses
+systemPossSuperiors: container
+schemaIdGuid:963d2756-48be-11d1-a9c3-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=DHCP-Class,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Display-Specifier
+ldapDisplayName: displaySpecifier
+governsId: 1.2.840.113556.1.5.84
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: treatAsLeaf, shellPropertyPages, shellContextMenu,scopeFlags, queryFilter, iconPath, extraColumns, creationWizard,createWizardExt, createDialog, contextMenu, classDisplayName,attributeDisplayNames, adminPropertyPages,adminMultiselectPropertyPages, adminContextMenu
+systemPossSuperiors: container
+schemaIdGuid:e0fa1e8a-9b45-11d0-afdd-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Display-Specifier,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Display-Template
+ldapDisplayName: displayTemplate
+governsId: 1.2.840.113556.1.3.59
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+systemMayContain: originalDisplayTableMSDOS, originalDisplayTable,helpFileName, helpData32, helpData16, addressEntryDisplayTableMSDOS,addressEntryDisplayTable
+systemPossSuperiors: container
+schemaIdGuid:5fd4250c-1262-11d0-a060-00aa006c33ed
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Display-Template,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: DMD
+ldapDisplayName: dMD
+governsId: 1.2.840.113556.1.3.9
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+systemMayContain: msDS-USNLastSyncSuccess, schemaUpdate, schemaInfo,prefixMap, msDs-Schema-Extensions, msDS-IntId, dmdName
+systemPossSuperiors: configuration
+schemaIdGuid:bf967a8f-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+defaultObjectCategory: CN=DMD,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+systemOnly: TRUE
+
+cn: Dns-Node
+ldapDisplayName: dnsNode
+governsId: 1.2.840.113556.1.5.86
+objectClassCategory: 1
+rdnAttId: dc
+subClassOf: top
+systemMustContain: dc
+systemMayContain: dNSTombstoned, dnsRecord, dNSProperty
+systemPossSuperiors: dnsZone
+schemaIdGuid:e0fa1e8c-9b45-11d0-afdd-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;ED)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLORC;;;WD)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Dns-Zone
+ldapDisplayName: dnsZone
+governsId: 1.2.840.113556.1.5.85
+objectClassCategory: 1
+rdnAttId: dc
+subClassOf: top
+systemMustContain: dc
+systemMayContain: managedBy, dnsSecureSecondaries, dNSProperty,dnsNotifySecondaries, dnsAllowXFR, dnsAllowDynamic
+systemPossSuperiors: container
+schemaIdGuid:e0fa1e8b-9b45-11d0-afdd-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;ED)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;CC;;;AU)(A;;RPLCLORC;;;WD)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Dns-Zone,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: document
+ldapDisplayName: document
+governsId: 0.9.2342.19200300.100.4.6
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: documentIdentifier, documentPublisher, documentLocation,documentAuthor, documentVersion, documentTitle, ou, o, l, seeAlso,description, cn
+possSuperiors: organizationalUnit, container
+schemaIdGuid:39bad96d-c2d6-4baf-88ab-7e4207600117
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=document,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: documentSeries
+ldapDisplayName: documentSeries
+governsId: 0.9.2342.19200300.100.4.9
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: cn
+mayContain: telephoneNumber, ou, o, l, seeAlso, description
+possSuperiors: organizationalUnit, container
+schemaIdGuid:7a2be07c-302f-4b96-bc90-0795d66885f8
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=documentSeries,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Domain
+ldapDisplayName: domain
+governsId: 1.2.840.113556.1.5.66
+objectClassCategory: 2
+rdnAttId: dc
+subClassOf: top
+systemMustContain: dc
+systemPossSuperiors: domain, organization
+schemaIdGuid:19195a5a-6da0-11d0-afd3-00c04fd930c9
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Domain-DNS
+ldapDisplayName: domainDNS
+governsId: 1.2.840.113556.1.5.67
+objectClassCategory: 1
+rdnAttId: dc
+subClassOf: domain
+systemAuxiliaryClass: samDomain
+systemMayContain: msDS-EnabledFeature, msDS-USNLastSyncSuccess,msDS-Behavior-Version, msDS-AllowedDNSSuffixes, managedBy
+systemPossSuperiors: domainDNS
+schemaIdGuid:19195a5b-6da0-11d0-afd3-00c04fd930c9
+defaultSecurityDescriptor: D:(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;S-1
+ -5-21-2848215498-2472035911-1947525656-498)(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-
+ 11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(
+ OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f7
+ 9f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;
+ 1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRC
+ WDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;
+ ;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8
+ -0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO
+ ;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2
+ ;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-
+ 00aa003049e2;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de
+ 6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;
+ bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;RP;c7407360-20bf-11d0-a768-00aa0
+ 06e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(A;;RP
+ RC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(A;;LCRPLO
+ RC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828CC14-1437-45bc-9
+ B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828CC14
+ -1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d
+ 4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a7
+ 68-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;5f202010-
+ 79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;
+ RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;;RP;b8119fd0-04f6-4762-
+ ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)(OA;CI
+ IO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049
+ e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a28
+ 5-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0
+ de6-11d0-a285-00aa003049e2;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;D
+ D)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)(OA;;CR;1131f6ad-9c07-11d1
+ -f79f-00c04fc2dcd2;;BA)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)(OA;;
+ CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5-32-557)(OA;;CR;280f369c-67c7-4
+ 38e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU)(O
+ A;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)(OA;;CR;1131f6ae-9c07-11d1-f79
+ f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;CIIO;
+ CRRPWP;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)S:(AU;SA;WDWOWP;;;WD)(AU;SA;C
+ R;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967a
+ a5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80
+ 367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Domain-Policy
+ldapDisplayName: domainPolicy
+governsId: 1.2.840.113556.1.5.18
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: leaf
+systemMayContain: qualityOfService, pwdProperties, pwdHistoryLength,publicKeyPolicy, proxyLifetime, minTicketAge, minPwdLength,minPwdAge, maxTicketAge, maxRenewAge, maxPwdAge, managedBy,lockoutThreshold, lockoutDuration, lockOutObservationWindow,ipsecPolicyReference, forceLogoff, eFSPolicy, domainWidePolicy,domainPolicyReference, domainCAs, defaultLocalPolicyObject,authenticationOptions
+systemPossSuperiors: organizationalUnit, domainDNS, container
+schemaIdGuid:bf967a99-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Domain-Policy,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: domainRelatedObject
+ldapDisplayName: domainRelatedObject
+governsId: 0.9.2342.19200300.100.4.17
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+mayContain: associatedDomain
+schemaIdGuid:8bfd2d3d-efda-4549-852c-f85e137aedc6
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=domainRelatedObject,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: DSA
+ldapDisplayName: dSA
+governsId: 2.5.6.13
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: applicationEntity
+systemMayContain: knowledgeInformation
+systemPossSuperiors: server, computer
+schemaIdGuid:3fdfee52-47f4-11d1-a9c3-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=DSA,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DS-UI-Settings
+ldapDisplayName: dSUISettings
+governsId: 1.2.840.113556.1.5.183
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msDS-Non-Security-Group-Extra-Classes,msDS-Security-Group-Extra-Classes, msDS-FilterContainers,dSUIShellMaximum, dSUIAdminNotification, dSUIAdminMaximum
+systemPossSuperiors: container
+schemaIdGuid:09b10f14-6f93-11d2-9905-0000f87a57d4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=DS-UI-Settings,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Dynamic-Object
+ldapDisplayName: dynamicObject
+governsId: 1.3.6.1.4.1.1466.101.119.2
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msDS-Entry-Time-To-Die, entryTTL
+schemaIdGuid:66d51249-3355-4c1f-b24e-81f252aca23b
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Dynamic-Object,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: File-Link-Tracking
+ldapDisplayName: fileLinkTracking
+governsId: 1.2.840.113556.1.5.52
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemPossSuperiors: container
+schemaIdGuid:dd712229-10e4-11d0-a05f-00aa006c33ed
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=File-Link-Tracking,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: File-Link-Tracking-Entry
+ldapDisplayName: fileLinkTrackingEntry
+governsId: 1.2.840.113556.1.5.59
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemPossSuperiors: fileLinkTracking
+schemaIdGuid:8e4eb2ed-4712-11d0-a1a0-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=File-Link-Tracking-Entry,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Foreign-Security-Principal
+ldapDisplayName: foreignSecurityPrincipal
+governsId: 1.2.840.113556.1.5.76
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: objectSid
+systemMayContain: foreignIdentifier
+systemPossSuperiors: container
+schemaIdGuid:89e31c12-8530-11d0-afda-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: friendlyCountry
+ldapDisplayName: friendlyCountry
+governsId: 0.9.2342.19200300.100.4.18
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: country
+mustContain: co
+schemaIdGuid:c498f152-dc6b-474a-9f52-7cdba3d7d351
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=friendlyCountry,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: FT-Dfs
+ldapDisplayName: fTDfs
+governsId: 1.2.840.113556.1.5.43
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: remoteServerName, pKTGuid, pKT
+systemMayContain: uNCName, managedBy, keywords
+systemPossSuperiors: dfsConfiguration
+schemaIdGuid:8447f9f3-1027-11d0-a05f-00aa006c33ed
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=FT-Dfs,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Group
+ldapDisplayName: group
+governsId: 1.2.840.113556.1.5.8
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+auxiliaryClass: posixGroup
+systemAuxiliaryClass: mailRecipient, securityPrincipal
+systemMustContain: groupType
+mayContain: msSFU30Name, msSFU30NisDomain, msSFU30PosixMember
+systemMayContain: msDS-AzApplicationData,msDS-AzLastImportedBizRulePath, msDS-AzBizRuleLanguage,msDS-AzBizRule, msDS-AzGenericData, msDS-AzObjectGuid,primaryGroupToken, operatorCount, nTGroupMembers, nonSecurityMember,msDS-NonMembers, msDS-AzLDAPQuery, member, managedBy,groupMembershipSAM, groupAttributes, mail, desktopProfile,controlAccessRights, adminCount
+systemPossSuperiors: msDS-AzScope, msDS-AzApplication,msDS-AzAdminManager, container, builtinDomain, organizationalUnit,domainDNS
+schemaIdGuid:bf967a9c-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Group,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Group-Of-Names
+ldapDisplayName: groupOfNames
+governsId: 2.5.6.9
+objectClassCategory: 0
+rdnAttId: cn
+subClassOf: top
+systemMustContain: member, cn
+systemMayContain: seeAlso, owner, ou, o, businessCategory
+systemPossSuperiors: organizationalUnit, locality, organization,container
+schemaIdGuid:bf967a9d-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Group-Of-Names,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: groupOfUniqueNames
+ldapDisplayName: groupOfUniqueNames
+governsId: 2.5.6.17
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: uniqueMember, cn
+mayContain: seeAlso, owner, ou, o, description, businessCategory
+possSuperiors: domainDNS, organizationalUnit, container
+schemaIdGuid:0310a911-93a3-4e21-a7a3-55d85ab2c48b
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=groupOfUniqueNames,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: 0
+
+cn: Group-Policy-Container
+ldapDisplayName: groupPolicyContainer
+governsId: 1.2.840.113556.1.5.157
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: container
+systemMayContain: versionNumber, gPCWQLFilter, gPCUserExtensionNames,gPCMachineExtensionNames, gPCFunctionalityVersion, gPCFileSysPath,flags
+schemaIdGuid:f30e3bc2-9ff0-11d1-b603-0000f80367c1
+defaultSecurityDescriptor: D:P(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;DA)(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;EA)(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;CO)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;LCRPLORC;;;ED)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Group-Policy-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: IEEE802Device
+ldapDisplayName: ieee802Device
+governsId: 1.3.6.1.1.1.2.11
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+mayContain: cn, macAddress
+schemaIdGuid:a699e529-a637-4b7d-a0fb-5dc466a0b8a7
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=IEEE802Device,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Index-Server-Catalog
+ldapDisplayName: indexServerCatalog
+governsId: 1.2.840.113556.1.5.130
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: connectionPoint
+systemMustContain: creator
+systemMayContain: uNCName, queryPoint, indexedScopes, friendlyNames
+systemPossSuperiors: organizationalUnit, container
+schemaIdGuid:7bfdcb8a-4807-11d1-a9c3-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Index-Server-Catalog,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: inetOrgPerson
+ldapDisplayName: inetOrgPerson
+governsId: 2.16.840.1.113730.3.2.2
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: user
+mayContain: x500uniqueIdentifier, userSMIMECertificate, userPKCS12,userCertificate, uid, secretary, roomNumber, preferredLanguage,photo, pager, o, mobile, manager, mail, labeledURI, jpegPhoto,initials, homePostalAddress, homePhone, givenName, employeeType,employeeNumber, displayName, departmentNumber, carLicense,businessCategory, audio
+possSuperiors: domainDNS, organizationalUnit, container
+schemaIdGuid:4828cc14-1437-45bc-9b07-ad6f015e5f28
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422-11d1-aebd-0000f80367c1;;S-1-5-32-561)(OA;;WPRP;5805bc62-bdc9-4428-a5e2-856a0f4c185e;;S-1-5-32-561)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,<RootDomainDN>
+showInAdvancedViewOnly: FALSE
+systemFlags: 0
+
+cn: Infrastructure-Update
+ldapDisplayName: infrastructureUpdate
+governsId: 1.2.840.113556.1.5.175
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: dNReferenceUpdate
+systemPossSuperiors: infrastructureUpdate, domain
+schemaIdGuid:2df90d89-009f-11d2-aa4c-00c04fd7d83a
+defaultSecurityDescriptor: D:(A;;GA;;;SY)
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Intellimirror-Group
+ldapDisplayName: intellimirrorGroup
+governsId: 1.2.840.113556.1.5.152
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemPossSuperiors: domainDNS, organizationalUnit, container
+schemaIdGuid:07383086-91df-11d1-aebc-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;CCDC;;;CO)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Intellimirror-Group,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Intellimirror-SCP
+ldapDisplayName: intellimirrorSCP
+governsId: 1.2.840.113556.1.5.151
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: serviceAdministrationPoint
+systemMayContain: netbootTools, netbootServer, netbootNewMachineOU,netbootNewMachineNamingPolicy, netbootMaxClients,netbootMachineFilePath, netbootLocallyInstalledOSes,netbootLimitClients, netbootIntelliMirrorOSes,netbootCurrentClientCount, netbootAnswerRequests,netbootAnswerOnlyValidClients, netbootAllowNewClients
+systemPossSuperiors: computer, intellimirrorGroup
+schemaIdGuid:07383085-91df-11d1-aebc-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Intellimirror-SCP,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Inter-Site-Transport
+ldapDisplayName: interSiteTransport
+governsId: 1.2.840.113556.1.5.141
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: transportDLLName, transportAddressAttribute
+systemMayContain: replInterval, options
+systemPossSuperiors: interSiteTransportContainer
+schemaIdGuid:26d97376-6070-11d1-a9c6-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Inter-Site-Transport,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Inter-Site-Transport-Container
+ldapDisplayName: interSiteTransportContainer
+governsId: 1.2.840.113556.1.5.140
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemPossSuperiors: sitesContainer
+schemaIdGuid:26d97375-6070-11d1-a9c6-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Inter-Site-Transport-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: IpHost
+ldapDisplayName: ipHost
+governsId: 1.3.6.1.1.1.2.6
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+mayContain: manager, cn, description, ipHostNumber, uid, l
+schemaIdGuid:ab911646-8827-4f95-8780-5a8f008eb68f
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=IpHost,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: IpNetwork
+ldapDisplayName: ipNetwork
+governsId: 1.3.6.1.1.1.2.7
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: cn, ipNetworkNumber
+mayContain: manager, description, ipNetmaskNumber, uid, l,msSFU30Name, msSFU30NisDomain, nisMapName, msSFU30Aliases
+possSuperiors: domainDNS, nisMap, container, organizationalUnit
+schemaIdGuid:d95836c3-143e-43fb-992a-b057f1ecadf9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=IpNetwork,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: IpProtocol
+ldapDisplayName: ipProtocol
+governsId: 1.3.6.1.1.1.2.4
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: cn, ipProtocolNumber
+mayContain: description, msSFU30Name, msSFU30NisDomain, nisMapName,msSFU30Aliases
+possSuperiors: domainDNS, nisMap, container, organizationalUnit
+schemaIdGuid:9c2dcbd2-fbf0-4dc7-ace0-8356dcd0f013
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=IpProtocol,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Ipsec-Base
+ldapDisplayName: ipsecBase
+governsId: 1.2.840.113556.1.5.7000.56
+objectClassCategory: 2
+rdnAttId: cn
+subClassOf: top
+systemMayContain: ipsecOwnersReference, ipsecName, ipsecID,ipsecDataType, ipsecData
+schemaIdGuid:b40ff825-427a-11d1-a9c2-0000f80367c1
+defaultSecurityDescriptor: D:
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Ipsec-Base,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-Filter
+ldapDisplayName: ipsecFilter
+governsId: 1.2.840.113556.1.5.118
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: ipsecBase
+systemPossSuperiors: organizationalUnit, computer, container
+schemaIdGuid:b40ff826-427a-11d1-a9c2-0000f80367c1
+defaultSecurityDescriptor: D:
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Ipsec-Filter,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-ISAKMP-Policy
+ldapDisplayName: ipsecISAKMPPolicy
+governsId: 1.2.840.113556.1.5.120
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: ipsecBase
+systemPossSuperiors: container, computer, organizationalUnit
+schemaIdGuid:b40ff828-427a-11d1-a9c2-0000f80367c1
+defaultSecurityDescriptor: D:
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Ipsec-ISAKMP-Policy,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-Negotiation-Policy
+ldapDisplayName: ipsecNegotiationPolicy
+governsId: 1.2.840.113556.1.5.119
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: ipsecBase
+systemMayContain: iPSECNegotiationPolicyType,iPSECNegotiationPolicyAction
+systemPossSuperiors: organizationalUnit, computer, container
+schemaIdGuid:b40ff827-427a-11d1-a9c2-0000f80367c1
+defaultSecurityDescriptor: D:
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Ipsec-Negotiation-Policy,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-NFA
+ldapDisplayName: ipsecNFA
+governsId: 1.2.840.113556.1.5.121
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: ipsecBase
+systemMayContain: ipsecNegotiationPolicyReference,ipsecFilterReference
+systemPossSuperiors: container, computer, organizationalUnit
+schemaIdGuid:b40ff829-427a-11d1-a9c2-0000f80367c1
+defaultSecurityDescriptor: D:
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Ipsec-NFA,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-Policy
+ldapDisplayName: ipsecPolicy
+governsId: 1.2.840.113556.1.5.98
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: ipsecBase
+systemMayContain: ipsecNFAReference, ipsecISAKMPReference
+systemPossSuperiors: organizationalUnit, computer, container
+schemaIdGuid:b7b13121-b82e-11d0-afee-0000f80367c1
+defaultSecurityDescriptor: D:
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Ipsec-Policy,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: IpService
+ldapDisplayName: ipService
+governsId: 1.3.6.1.1.1.2.3
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: ipServiceProtocol, ipServicePort, cn
+mayContain: description, msSFU30Name, msSFU30NisDomain,msSFU30Aliases, nisMapName
+possSuperiors: domainDNS, nisMap, container, organizationalUnit
+schemaIdGuid:2517fadf-fa97-48ad-9de6-79ac5721f864
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=IpService,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Leaf
+ldapDisplayName: leaf
+governsId: 1.2.840.113556.1.5.20
+objectClassCategory: 2
+rdnAttId: cn
+subClassOf: top
+schemaIdGuid:bf967a9e-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Leaf,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Licensing-Site-Settings
+ldapDisplayName: licensingSiteSettings
+governsId: 1.2.840.113556.1.5.78
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: applicationSiteSettings
+systemMayContain: siteServer
+systemPossSuperiors: site
+schemaIdGuid:1be8f17d-a9ff-11d0-afe2-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Licensing-Site-Settings,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Link-Track-Object-Move-Table
+ldapDisplayName: linkTrackObjectMoveTable
+governsId: 1.2.840.113556.1.5.91
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: fileLinkTracking
+systemPossSuperiors: fileLinkTracking
+schemaIdGuid:ddac0cf5-af8f-11d0-afeb-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Link-Track-Object-Move-Table,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Link-Track-OMT-Entry
+ldapDisplayName: linkTrackOMTEntry
+governsId: 1.2.840.113556.1.5.93
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: leaf
+systemMayContain: timeRefresh, oMTIndxGuid, oMTGuid, currentLocation,birthLocation
+systemPossSuperiors: linkTrackObjectMoveTable
+schemaIdGuid:ddac0cf7-af8f-11d0-afeb-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Link-Track-OMT-Entry,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Link-Track-Vol-Entry
+ldapDisplayName: linkTrackVolEntry
+governsId: 1.2.840.113556.1.5.92
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: leaf
+systemMayContain: volTableIdxGUID, volTableGUID, timeVolChange,timeRefresh, seqNotification, objectCount, linkTrackSecret,currMachineId
+systemPossSuperiors: linkTrackVolumeTable
+schemaIdGuid:ddac0cf6-af8f-11d0-afeb-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Link-Track-Vol-Entry,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Link-Track-Volume-Table
+ldapDisplayName: linkTrackVolumeTable
+governsId: 1.2.840.113556.1.5.90
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: fileLinkTracking
+systemPossSuperiors: fileLinkTracking
+schemaIdGuid:ddac0cf4-af8f-11d0-afeb-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Link-Track-Volume-Table,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Locality
+ldapDisplayName: locality
+governsId: 2.5.6.3
+objectClassCategory: 1
+rdnAttId: l
+subClassOf: top
+systemMustContain: l
+systemMayContain: street, st, seeAlso, searchGuide
+systemPossSuperiors: domainDNS, country, organizationalUnit,organization, locality
+schemaIdGuid:bf967aa0-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Locality,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Lost-And-Found
+ldapDisplayName: lostAndFound
+governsId: 1.2.840.113556.1.5.139
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: moveTreeState
+systemPossSuperiors: configuration, domainDNS, dMD
+schemaIdGuid:52ab8671-5709-11d1-a9c6-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Lost-And-Found,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Mail-Recipient
+ldapDisplayName: mailRecipient
+governsId: 1.2.840.113556.1.3.46
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+mayContain: msDS-PhoneticDisplayName, userSMIMECertificate,secretary, msExchLabeledURI, msExchAssistantName, labeledURI
+systemMayContain: userCertificate, userCert, textEncodedORAddress,telephoneNumber, showInAddressBook, legacyExchangeDN,garbageCollPeriod, info
+systemPossSuperiors: container
+schemaIdGuid:bf967aa1-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Mail-Recipient,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Meeting
+ldapDisplayName: meeting
+governsId: 1.2.840.113556.1.5.104
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: meetingName
+systemMayContain: meetingURL, meetingType, meetingStartTime,meetingScope, meetingRecurrence, meetingRating, meetingProtocol,meetingOwner, meetingOriginator, meetingMaxParticipants,meetingLocation, meetingLanguage, meetingKeyword,meetingIsEncrypted, meetingIP, meetingID, meetingEndTime,meetingDescription, meetingContactInfo, meetingBlob,meetingBandwidth, meetingApplication, meetingAdvertiseScope
+systemPossSuperiors: container
+schemaIdGuid:11b6cc94-48c4-11d1-a9c3-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Meeting,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-COM-Partition
+ldapDisplayName: msCOM-Partition
+governsId: 1.2.840.113556.1.5.193
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msCOM-ObjectId
+systemPossSuperiors: domainDNS, organizationalUnit, container
+schemaIdGuid:c9010e74-4e58-49f7-8a89-5e3e2340fcf8
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-COM-Partition,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-COM-PartitionSet
+ldapDisplayName: msCOM-PartitionSet
+governsId: 1.2.840.113556.1.5.194
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msCOM-PartitionLink, msCOM-DefaultPartitionLink,msCOM-ObjectId
+systemPossSuperiors: domainDNS, organizationalUnit, container
+schemaIdGuid:250464ab-c417-497a-975a-9e0d459a7ca1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-COM-PartitionSet,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DFS-Deleted-Link-v2
+ldapDisplayName: msDFS-DeletedLinkv2
+governsId: 1.2.840.113556.1.5.260
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msDFS-NamespaceIdentityGUIDv2,msDFS-LinkIdentityGUIDv2, msDFS-LastModifiedv2, msDFS-LinkPathv2
+systemMayContain: msDFS-Commentv2, msDFS-ShortNameLinkPathv2
+systemPossSuperiors: msDFS-Namespacev2
+schemaIdGuid: 25173408-04ca-40e8-865e-3f9ce9bf1bd3
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFS-Deleted-Link-v2, CN=Schema,CN=Configuration, <RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DFS-Link-v2
+ldapDisplayName: msDFS-Linkv2
+governsId: 1.2.840.113556.1.5.259
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msDFS-GenerationGUIDv2,msDFS-NamespaceIdentityGUIDv2, msDFS-LinkIdentityGUIDv2,msDFS-LastModifiedv2, msDFS-Ttlv2, msDFS-TargetListv2,msDFS-Propertiesv2, msDFS-LinkPathv2
+systemMayContain: msDFS-Commentv2, msDFS-LinkSecurityDescriptorv2,msDFS-ShortNameLinkPathv2
+systemPossSuperiors: msDFS-Namespacev2
+schemaIdGuid: 7769fb7a-1159-4e96-9ccd-68bc487073eb
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFS-Link-v2, CN=Schema,CN=Configuration, <RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DFS-Namespace-Anchor
+ldapDisplayName: msDFS-NamespaceAnchor
+governsId: 1.2.840.113556.1.5.257
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msDFS-SchemaMajorVersion
+systemPossSuperiors: dfsConfiguration
+schemaIdGuid: da73a085-6e64-4d61-b064-015d04164795
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFS-Namespace-Anchor, CN=Schema,CN=Configuration, <RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DFS-Namespace-v2
+ldapDisplayName: msDFS-Namespacev2
+governsId: 1.2.840.113556.1.5.258
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msDFS-SchemaMajorVersion,msDFS-SchemaMinorVersion, msDFS-GenerationGUIDv2,msDFS-NamespaceIdentityGUIDv2, msDFS-LastModifiedv2, msDFS-Ttlv2,msDFS-TargetListv2, msDFS-Propertiesv2
+systemMayContain: msDFS-Commentv2
+systemPossSuperiors: msDFS-NamespaceAnchor
+schemaIdGuid: 21cb8628-f3c3-4bbf-bff6-060b2d8f299a
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFS-Namespace-v2, CN=Schema,CN=Configuration, <RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DFSR-Connection
+ldapDisplayName: msDFSR-Connection
+governsId: 1.2.840.113556.1.6.13.4.10
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: fromServer
+mayContain: msDFSR-Options2, msDFSR-DisablePacketPrivacy,msDFSR-Priority, msDFSR-Enabled, msDFSR-RdcEnabled,msDFSR-RdcMinFileSizeInKb, msDFSR-Keywords, msDFSR-Schedule,msDFSR-Flags, msDFSR-Options, msDFSR-Extension
+possSuperiors: msDFSR-Member
+schemaIdGuid:e58f972e-64b5-46ef-8d8b-bbc3e1897eab
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-Connection,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DFSR-Content
+ldapDisplayName: msDFSR-Content
+governsId: 1.2.840.113556.1.6.13.4.6
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msDFSR-Options2, msDFSR-Flags, msDFSR-Options,msDFSR-Extension
+possSuperiors: msDFSR-ReplicationGroup
+schemaIdGuid:64759b35-d3a1-42e4-b5f1-a3de162109b3
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-Content,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DFSR-ContentSet
+ldapDisplayName: msDFSR-ContentSet
+governsId: 1.2.840.113556.1.6.13.4.7
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msDFSR-Options2, msDFSR-OnDemandExclusionDirectoryFilter,msDFSR-OnDemandExclusionFileFilter,msDFSR-DefaultCompressionExclusionFilter, msDFSR-DeletedSizeInMb,msDFSR-Priority, msDFSR-ConflictSizeInMb, msDFSR-StagingSizeInMb,msDFSR-RootSizeInMb, description, msDFSR-DfsPath, msDFSR-FileFilter,msDFSR-DirectoryFilter, msDFSR-Flags, msDFSR-Options,msDFSR-Extension
+possSuperiors: msDFSR-Content
+schemaIdGuid:4937f40d-a6dc-4d48-97ca-06e5fbfd3f16
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-ContentSet,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DFSR-GlobalSettings
+ldapDisplayName: msDFSR-GlobalSettings
+governsId: 1.2.840.113556.1.6.13.4.4
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msDFSR-Options2, msDFSR-Flags, msDFSR-Options,msDFSR-Extension
+possSuperiors: container
+schemaIdGuid:7b35dbad-b3ec-486a-aad4-2fec9d6ea6f6
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-GlobalSettings,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DFSR-LocalSettings
+ldapDisplayName: msDFSR-LocalSettings
+governsId: 1.2.840.113556.1.6.13.4.1
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msDFSR-StagingCleanupTriggerInPercent,msDFSR-CommonStagingSizeInMb, msDFSR-CommonStagingPath,msDFSR-Options2, msDFSR-Version, msDFSR-Flags, msDFSR-Options,msDFSR-Extension
+possSuperiors: computer
+schemaIdGuid:fa85c591-197f-477e-83bd-ea5a43df2239
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-LocalSettings,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DFSR-Member
+ldapDisplayName: msDFSR-Member
+governsId: 1.2.840.113556.1.6.13.4.9
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: msDFSR-ComputerReference
+mayContain: msDFSR-Options2, serverReference, msDFSR-Keywords,msDFSR-Flags, msDFSR-Options, msDFSR-Extension
+possSuperiors: msDFSR-Topology
+schemaIdGuid:4229c897-c211-437c-a5ae-dbf705b696e5
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-Member,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DFSR-ReplicationGroup
+ldapDisplayName: msDFSR-ReplicationGroup
+governsId: 1.2.840.113556.1.6.13.4.5
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: msDFSR-ReplicationGroupType
+mayContain: msDFSR-Options2, msDFSR-OnDemandExclusionDirectoryFilter,msDFSR-OnDemandExclusionFileFilter,msDFSR-DefaultCompressionExclusionFilter, msDFSR-DeletedSizeInMb,msDFSR-DirectoryFilter, msDFSR-FileFilter, msDFSR-ConflictSizeInMb,msDFSR-StagingSizeInMb, msDFSR-RootSizeInMb, description,msDFSR-TombstoneExpiryInMin, msDFSR-Flags, msDFSR-Options,msDFSR-Extension, msDFSR-Schedule, msDFSR-Version
+possSuperiors: msDFSR-GlobalSettings
+schemaIdGuid:1c332fe0-0c2a-4f32-afca-23c5e45a9e77
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-ReplicationGroup,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DFSR-Subscriber
+ldapDisplayName: msDFSR-Subscriber
+governsId: 1.2.840.113556.1.6.13.4.2
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: msDFSR-MemberReference, msDFSR-ReplicationGroupGuid
+mayContain: msDFSR-Options2, msDFSR-Flags, msDFSR-Options,msDFSR-Extension
+possSuperiors: msDFSR-LocalSettings
+schemaIdGuid:e11505d7-92c4-43e7-bf5c-295832ffc896
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-Subscriber,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DFSR-Subscription
+ldapDisplayName: msDFSR-Subscription
+governsId: 1.2.840.113556.1.6.13.4.3
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: msDFSR-ContentSetGuid, msDFSR-ReplicationGroupGuid
+mayContain: msDFSR-StagingCleanupTriggerInPercent, msDFSR-Options2,msDFSR-OnDemandExclusionDirectoryFilter,msDFSR-OnDemandExclusionFileFilter, msDFSR-MaxAgeInCacheInMin,msDFSR-MinDurationCacheInMin, msDFSR-CachePolicy, msDFSR-ReadOnly,msDFSR-DeletedSizeInMb, msDFSR-DeletedPath, msDFSR-RootPath,msDFSR-RootSizeInMb, msDFSR-StagingPath, msDFSR-StagingSizeInMb,msDFSR-ConflictPath, msDFSR-ConflictSizeInMb, msDFSR-Enabled,msDFSR-RootFence, msDFSR-DfsLinkTarget, msDFSR-Flags,msDFSR-Options, msDFSR-Extension
+possSuperiors: msDFSR-Subscriber
+schemaIdGuid:67212414-7bcc-4609-87e0-088dad8abdee
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-Subscription,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DFSR-Topology
+ldapDisplayName: msDFSR-Topology
+governsId: 1.2.840.113556.1.6.13.4.8
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msDFSR-Options2, msDFSR-Flags, msDFSR-Options,msDFSR-Extension
+possSuperiors: msDFSR-ReplicationGroup
+schemaIdGuid:04828aa9-6e42-4e80-b962-e2fe00754d17
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-Topology,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DS-App-Configuration
+ldapDisplayName: msDS-App-Configuration
+governsId: 1.2.840.113556.1.5.220
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: applicationSettings
+mayContain: owner, msDS-ObjectReference, msDS-Integer, msDS-DateTime,msDS-ByteArray, managedBy, keywords
+possSuperiors: organizationalUnit, computer, container
+schemaIdGuid:90df3c3e-1854-4455-a5d7-cad40d56657a
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-App-Configuration,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: 0
+
+cn: ms-DS-App-Data
+ldapDisplayName: msDS-AppData
+governsId: 1.2.840.113556.1.5.241
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: applicationSettings
+mayContain: owner, msDS-ObjectReference, msDS-Integer, msDS-DateTime,msDS-ByteArray, managedBy, keywords
+possSuperiors: organizationalUnit, computer, container
+schemaIdGuid:9e67d761-e327-4d55-bc95-682f875e2f8e
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-App-Data,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: 0
+
+cn: ms-DS-Az-Admin-Manager
+ldapDisplayName: msDS-AzAdminManager
+governsId: 1.2.840.113556.1.5.234
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msDS-AzGenericData, msDS-AzObjectGuid,msDS-AzMinorVersion, msDS-AzMajorVersion, msDS-AzApplicationData,msDS-AzGenerateAudits, msDS-AzScriptTimeout,msDS-AzScriptEngineCacheMax, msDS-AzDomainTimeout, description
+systemPossSuperiors: domainDNS, organizationalUnit, container
+schemaIdGuid:cfee1051-5f28-4bae-a863-5d0cc18a8ed1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Az-Admin-Manager,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Application
+ldapDisplayName: msDS-AzApplication
+governsId: 1.2.840.113556.1.5.235
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msDS-AzGenericData, msDS-AzObjectGuid,msDS-AzApplicationData, msDS-AzGenerateAudits,msDS-AzApplicationVersion, msDS-AzClassId, msDS-AzApplicationName,description
+systemPossSuperiors: msDS-AzAdminManager
+schemaIdGuid:ddf8de9b-cba5-4e12-842e-28d8b66f75ec
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Az-Application,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Operation
+ldapDisplayName: msDS-AzOperation
+governsId: 1.2.840.113556.1.5.236
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msDS-AzOperationID
+systemMayContain: msDS-AzGenericData, msDS-AzObjectGuid,msDS-AzApplicationData, description
+systemPossSuperiors: container, msDS-AzApplication
+schemaIdGuid:860abe37-9a9b-4fa4-b3d2-b8ace5df9ec5
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Az-Operation,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Role
+ldapDisplayName: msDS-AzRole
+governsId: 1.2.840.113556.1.5.239
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msDS-AzGenericData, msDS-AzObjectGuid,msDS-AzApplicationData, msDS-TasksForAzRole,msDS-OperationsForAzRole, msDS-MembersForAzRole, description
+systemPossSuperiors: container, msDS-AzScope, msDS-AzApplication
+schemaIdGuid:8213eac9-9d55-44dc-925c-e9a52b927644
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Az-Role,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Scope
+ldapDisplayName: msDS-AzScope
+governsId: 1.2.840.113556.1.5.237
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msDS-AzScopeName
+systemMayContain: msDS-AzGenericData, msDS-AzObjectGuid,msDS-AzApplicationData, description
+systemPossSuperiors: msDS-AzApplication
+schemaIdGuid:4feae054-ce55-47bb-860e-5b12063a51de
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Az-Scope,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Task
+ldapDisplayName: msDS-AzTask
+governsId: 1.2.840.113556.1.5.238
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msDS-AzGenericData, msDS-AzObjectGuid,msDS-TasksForAzTask, msDS-OperationsForAzTask,msDS-AzApplicationData, msDS-AzTaskIsRoleDefinition,msDS-AzLastImportedBizRulePath, msDS-AzBizRuleLanguage,msDS-AzBizRule, description
+systemPossSuperiors: container, msDS-AzScope, msDS-AzApplication
+schemaIdGuid:1ed3a473-9b1b-418a-bfa0-3a37b95a5306
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Az-Task,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Managed-Service-Account
+ldapDisplayName: msDS-ManagedServiceAccount
+governsId: 1.2.840.113556.1.5.264
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: computer
+systemPossSuperiors: domainDNS,organizationalUnit,container
+schemaIdGuid: ce206244-5827-4a86-ba1c-1c0c386c1b64
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCRLCLORCSDDT;;;CO)(OA;;WP;4c164200-20c0-11d0-a768-00aa006e0529;;CO)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO)(OA;;WP;3e0abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967950-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)(A;;RPLCLORC;;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;;ED)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Managed-Service-Account,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Optional-Feature
+ldapDisplayName: msDS-OptionalFeature
+governsId: 1.2.840.113556.1.5.265
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msDS-OptionalFeatureFlags,msDS-OptionalFeatureGUID
+systemMayContain: msDS-RequiredDomainBehaviorVersion,msDS-RequiredForestBehaviorVersion
+systemPossSuperiors: container
+schemaIdGuid: 44f00041-35af-468b-b20a-6ce8737c580b
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=ms-DS-Optional-Feature,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Password-Settings
+ldapDisplayName: msDS-PasswordSettings
+governsId: 1.2.840.113556.1.5.255
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msDS-MaximumPasswordAge, msDS-MinimumPasswordAge,msDS-MinimumPasswordLength, msDS-PasswordComplexityEnabled,msDS-LockoutObservationWindow, msDS-LockoutDuration,msDS-LockoutThreshold, msDS-PasswordReversibleEncryptionEnabled,msDS-PasswordSettingsPrecedence, msDS-PasswordHistoryLength
+systemMayContain: msDS-PSOAppliesTo
+systemPossSuperiors: msDS-PasswordSettingsContainer
+schemaIdGuid: 3bcd9db8-f84b-451c-952f-6c52b81f9ec6
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Password-Settings,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Password-Settings-Container
+ldapDisplayName: msDS-PasswordSettingsContainer
+governsId: 1.2.840.113556.1.5.256
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemPossSuperiors: container
+schemaIdGuid: 5b06b06a-4cf3-44c0-bd16-43bc10a987da
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Password-Settings-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Quota-Container
+ldapDisplayName: msDS-QuotaContainer
+governsId: 1.2.840.113556.1.5.242
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+systemMayContain: msDS-TopQuotaUsage, msDS-QuotaUsed,msDS-QuotaEffective, msDS-TombstoneQuotaFactor, msDS-DefaultQuota
+systemPossSuperiors: configuration, domainDNS
+schemaIdGuid:da83fc4f-076f-4aea-b4dc-8f4dab9b5993
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;BA)(OA;;CR;4ecc03fe-ffc0-4947-b630-eb672a8a9dbc;;WD)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Quota-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Quota-Control
+ldapDisplayName: msDS-QuotaControl
+governsId: 1.2.840.113556.1.5.243
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msDS-QuotaAmount, msDS-QuotaTrustee, cn
+systemPossSuperiors: msDS-QuotaContainer
+schemaIdGuid:de91fc26-bd02-4b52-ae26-795999e96fc7
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;BA)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Quota-Control,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-Exch-Configuration-Container
+ldapDisplayName: msExchConfigurationContainer
+governsId: 1.2.840.113556.1.5.176
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: container
+systemMayContain: templateRoots, addressBookRoots, globalAddressList,templateRoots2, addressBookRoots2, globalAddressList2
+schemaIdGuid:d03d6858-06f4-11d2-aa53-00c04fd7d83a
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-Exch-Configuration-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-FVE-RecoveryInformation
+ldapDisplayName: msFVE-RecoveryInformation
+governsId: 1.2.840.113556.1.5.253
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msFVE-RecoveryPassword, msFVE-RecoveryGuid
+mayContain: msFVE-KeyPackage, msFVE-VolumeGuid
+systemPossSuperiors: computer
+schemaIdGuid:ea715d30-8f53-40d0-bd1e-6109186d782c
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-FVE-RecoveryInformation,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-ieee-80211-Policy
+ldapDisplayName: msieee80211-Policy
+governsId: 1.2.840.113556.1.5.240
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msieee80211-ID, msieee80211-DataType,msieee80211-Data
+systemPossSuperiors: organizationalUnit, container, computer
+schemaIdGuid:7b9a2d92-b7eb-4382-9772-c3e0f9baaf94
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-ieee-80211-Policy,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-Imaging-PostScanProcess
+ldapDisplayName: msImaging-PostScanProcess
+governsId: 1.2.840.113556.1.5.263
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msImaging-PSPString, serverName
+systemMustContain: displayName, msImaging-PSPIdentifier
+systemPossSuperiors: msImaging-PSPs
+schemaIdGuid: 1f7c257c-b8a3-4525-82f8-11ccc7bee36e
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-Imaging-PostScanProcess,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-Imaging-PSPs
+ldapDisplayName: msImaging-PSPs
+governsId: 1.2.840.113556.1.5.262
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: container
+systemPossSuperiors: container
+schemaIdGuid: a0ed2ac1-970c-4777-848e-ec63a0ec44fc
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-Imaging-PSPs,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+
+cn: MSMQ-Configuration
+ldapDisplayName: mSMQConfiguration
+governsId: 1.2.840.113556.1.5.162
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mSMQSites, mSMQSignKey, mSMQServiceType,mSMQRoutingServices, mSMQQuota, mSMQOwnerID, mSMQOutRoutingServers,mSMQOSType, mSMQJournalQuota, mSMQInRoutingServers, mSMQForeign,mSMQEncryptKey, mSMQDsServices, mSMQDependentClientServices,mSMQComputerTypeEx, mSMQComputerType
+systemPossSuperiors: computer
+schemaIdGuid:9a0dc344-c100-11d1-bbc5-0080c76670c0
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Configuration,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Custom-Recipient
+ldapDisplayName: msMQ-Custom-Recipient
+governsId: 1.2.840.113556.1.5.218
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msMQ-Recipient-FormatName
+systemPossSuperiors: organizationalUnit, domainDNS, container
+schemaIdGuid:876d6817-35cc-436c-acea-5ef7174dd9be
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Custom-Recipient,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Enterprise-Settings
+ldapDisplayName: mSMQEnterpriseSettings
+governsId: 1.2.840.113556.1.5.163
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mSMQVersion, mSMQNameStyle, mSMQLongLived,mSMQInterval2, mSMQInterval1, mSMQCSPName
+systemPossSuperiors: container
+schemaIdGuid:9a0dc345-c100-11d1-bbc5-0080c76670c0
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Enterprise-Settings,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Group
+ldapDisplayName: msMQ-Group
+governsId: 1.2.840.113556.1.5.219
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: member
+systemPossSuperiors: organizationalUnit
+schemaIdGuid:46b27aac-aafa-4ffb-b773-e5bf621ee87b
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Group,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Migrated-User
+ldapDisplayName: mSMQMigratedUser
+governsId: 1.2.840.113556.1.5.179
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mSMQUserSid, mSMQSignCertificatesMig,mSMQSignCertificates, mSMQDigestsMig, mSMQDigests, objectSid
+systemPossSuperiors: organizationalUnit, domainDNS, builtinDomain
+schemaIdGuid:50776997-3c3d-11d2-90cc-00c04fd91ab1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Migrated-User,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Queue
+ldapDisplayName: mSMQQueue
+governsId: 1.2.840.113556.1.5.161
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mSMQTransactional, MSMQ-SecuredSource,mSMQQueueType, mSMQQueueQuota, mSMQQueueNameExt,mSMQQueueJournalQuota, mSMQPrivacyLevel, mSMQOwnerID,MSMQ-MulticastAddress, mSMQLabelEx, mSMQLabel, mSMQJournal,mSMQBasePriority, mSMQAuthenticate
+systemPossSuperiors: mSMQConfiguration
+schemaIdGuid:9a0dc343-c100-11d1-bbc5-0080c76670c0
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Queue,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Settings
+ldapDisplayName: mSMQSettings
+governsId: 1.2.840.113556.1.5.165
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mSMQSiteNameEx, mSMQSiteName, mSMQServices,mSMQRoutingService, mSMQQMID, mSMQOwnerID, mSMQNt4Flags,mSMQMigrated, mSMQDsService, mSMQDependentClientService
+systemPossSuperiors: server
+schemaIdGuid:9a0dc347-c100-11d1-bbc5-0080c76670c0
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Settings,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Site-Link
+ldapDisplayName: mSMQSiteLink
+governsId: 1.2.840.113556.1.5.164
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: mSMQSite2, mSMQSite1, mSMQCost
+systemMayContain: mSMQSiteGatesMig, mSMQSiteGates
+systemPossSuperiors: mSMQEnterpriseSettings
+schemaIdGuid:9a0dc346-c100-11d1-bbc5-0080c76670c0
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Site-Link,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-net-ieee-80211-GroupPolicy
+lDAPDisplayName: ms-net-ieee-80211-GroupPolicy
+governsID: 1.2.840.113556.1.5.251
+objectClassCategory: 1
+rDNAttID: cn
+subClassOf: top
+systemMayContain: ms-net-ieee-80211-GP-PolicyReserved,ms-net-ieee-80211-GP-PolicyData, ms-net-ieee-80211-GP-PolicyGUID
+systemPossSuperiors: computer, container, person
+schemaIDGUID: 1cb81863-b822-4379-9ea2-5ff7bdc6386d
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-net-ieee-80211-GroupPolicy,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-net-ieee-8023-GroupPolicy
+lDAPDisplayName: ms-net-ieee-8023-GroupPolicy
+governsID: 1.2.840.113556.1.5.252
+objectClassCategory: 1
+rDNAttID: cn
+subClassOf: top
+systemMayContain: ms-net-ieee-8023-GP-PolicyReserved,ms-net-ieee-8023-GP-PolicyData, ms-net-ieee-8023-GP-PolicyGUID
+systemPossSuperiors: computer, container, person
+schemaIDGUID: 99a03a6a-ab19-4446-9350-0cb878ed2d9b
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-net-ieee-8023-GroupPolicy,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Enterprise-Oid
+ldapDisplayName: msPKI-Enterprise-Oid
+governsId: 1.2.840.113556.1.5.196
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msDS-OIDToGroupLink, msPKI-OID-User-Notice,msPKI-OIDLocalizedName, msPKI-OID-CPS, msPKI-OID-Attribute,msPKI-Cert-Template-OID
+systemPossSuperiors: msPKI-Enterprise-Oid, container
+schemaIdGuid:37cfd85c-6719-4ad8-8f9e-8678ba627563
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-PKI-Enterprise-Oid,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Key-Recovery-Agent
+ldapDisplayName: msPKI-Key-Recovery-Agent
+governsId: 1.2.840.113556.1.5.195
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: user
+systemPossSuperiors: container
+schemaIdGuid:26ccf238-a08e-4b86-9a82-a8c9ac7ee5cb
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-PKI-Key-Recovery-Agent,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Private-Key-Recovery-Agent
+ldapDisplayName: msPKI-PrivateKeyRecoveryAgent
+governsId: 1.2.840.113556.1.5.223
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: userCertificate
+systemPossSuperiors: container
+schemaIdGuid:1562a632-44b9-4a7e-a2d3-e426c96a3acc
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-PKI-Private-Key-Recovery-Agent,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-Print-ConnectionPolicy
+ldapDisplayName: msPrint-ConnectionPolicy
+governsId: 1.2.840.113556.1.6.23.2
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: cn
+mayContain: printerName, printAttributes, serverName, uNCName
+possSuperiors: container
+schemaIdGuid:a16f33c7-7fd6-4828-9364-435138fda08d
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-Print-ConnectionPolicy,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: msSFU-30-Domain-Info
+ldapDisplayName: msSFU30DomainInfo
+governsId: 1.2.840.113556.1.6.18.2.215
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msSFU30Domains, msSFU30YpServers, msSFU30SearchContainer,msSFU30IsValidContainer, msSFU30MasterServerName,msSFU30OrderNumber, msSFU30MaxGidNumber, msSFU30MaxUidNumber,msSFU30CryptMethod
+possSuperiors: container
+schemaIdGuid:36297dce-656b-4423-ab65-dabb2770819e
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=msSFU-30-Domain-Info,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: msSFU-30-Mail-Aliases
+ldapDisplayName: msSFU30MailAliases
+governsId: 1.2.840.113556.1.6.18.2.211
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msSFU30Name, msSFU30NisDomain, msSFU30Aliases, nisMapName
+possSuperiors: domainDNS, nisMap, container
+schemaIdGuid:d6710785-86ff-44b7-85b5-f1f8689522ce
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=msSFU-30-Mail-Aliases,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: msSFU-30-Net-Id
+ldapDisplayName: msSFU30NetId
+governsId: 1.2.840.113556.1.6.18.2.212
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msSFU30KeyValues, msSFU30Name, msSFU30NisDomain,nisMapName
+possSuperiors: domainDNS, nisMap, container
+schemaIdGuid:e263192c-2a02-48df-9792-94f2328781a0
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=msSFU-30-Net-Id,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: msSFU-30-Network-User
+ldapDisplayName: msSFU30NetworkUser
+governsId: 1.2.840.113556.1.6.18.2.216
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msSFU30KeyValues, msSFU30Name, msSFU30NisDomain,nisMapName
+possSuperiors: domainDNS, nisMap, container
+schemaIdGuid:e15334a3-0bf0-4427-b672-11f5d84acc92
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=msSFU-30-Network-User,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: msSFU-30-NIS-Map-Config
+ldapDisplayName: msSFU30NISMapConfig
+governsId: 1.2.840.113556.1.6.18.2.217
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msSFU30KeyAttributes, msSFU30FieldSeparator,msSFU30NSMAPFieldPosition, msSFU30IntraFieldSeparator,msSFU30SearchAttributes, msSFU30ResultAttributes, msSFU30MapFilter
+possSuperiors: container
+schemaIdGuid:faf733d0-f8eb-4dcf-8d75-f1753af6a50b
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=msSFU-30-NIS-Map-Config,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: MS-SQL-OLAPCube
+ldapDisplayName: mS-SQL-OLAPCube
+governsId: 1.2.840.113556.1.5.190
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mS-SQL-Keywords, mS-SQL-PublicationURL,mS-SQL-InformationURL, mS-SQL-Status, mS-SQL-LastUpdatedDate,mS-SQL-Size, mS-SQL-Description, mS-SQL-Contact, mS-SQL-Name
+systemPossSuperiors: mS-SQL-OLAPDatabase
+schemaIdGuid:09f0506a-cd28-11d2-9993-0000f87a57d4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MS-SQL-OLAPCube,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-OLAPDatabase
+ldapDisplayName: mS-SQL-OLAPDatabase
+governsId: 1.2.840.113556.1.5.189
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mS-SQL-Keywords, mS-SQL-PublicationURL,mS-SQL-ConnectionURL, mS-SQL-InformationURL, mS-SQL-Status,mS-SQL-Applications, mS-SQL-LastBackupDate, mS-SQL-LastUpdatedDate,mS-SQL-Size, mS-SQL-Type, mS-SQL-Description, mS-SQL-Contact,mS-SQL-Name
+systemPossSuperiors: mS-SQL-OLAPServer
+schemaIdGuid:20af031a-ccef-11d2-9993-0000f87a57d4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MS-SQL-OLAPDatabase,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-OLAPServer
+ldapDisplayName: mS-SQL-OLAPServer
+governsId: 1.2.840.113556.1.5.185
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: serviceConnectionPoint
+systemMayContain: mS-SQL-Keywords, mS-SQL-PublicationURL,mS-SQL-InformationURL, mS-SQL-Status, mS-SQL-Language,mS-SQL-ServiceAccount, mS-SQL-Contact, mS-SQL-RegisteredOwner,mS-SQL-Build, mS-SQL-Version, mS-SQL-Name
+systemPossSuperiors: serviceConnectionPoint
+schemaIdGuid:0c7e18ea-ccef-11d2-9993-0000f87a57d4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MS-SQL-OLAPServer,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-SQLDatabase
+ldapDisplayName: mS-SQL-SQLDatabase
+governsId: 1.2.840.113556.1.5.188
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mS-SQL-Keywords, mS-SQL-InformationURL,mS-SQL-Status, mS-SQL-Applications, mS-SQL-LastDiagnosticDate,mS-SQL-LastBackupDate, mS-SQL-CreationDate, mS-SQL-Size,mS-SQL-Contact, mS-SQL-Alias, mS-SQL-Description, mS-SQL-Name
+systemPossSuperiors: mS-SQL-SQLServer
+schemaIdGuid:1d08694a-ccef-11d2-9993-0000f87a57d4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MS-SQL-SQLDatabase,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-SQLPublication
+ldapDisplayName: mS-SQL-SQLPublication
+governsId: 1.2.840.113556.1.5.187
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mS-SQL-ThirdParty,mS-SQL-AllowSnapshotFilesFTPDownloading,mS-SQL-AllowQueuedUpdatingSubscription,mS-SQL-AllowImmediateUpdatingSubscription,mS-SQL-AllowKnownPullSubscription, mS-SQL-Publisher,mS-SQL-AllowAnonymousSubscription, mS-SQL-Database, mS-SQL-Type,mS-SQL-Status, mS-SQL-Description, mS-SQL-Name
+systemPossSuperiors: mS-SQL-SQLServer
+schemaIdGuid:17c2f64e-ccef-11d2-9993-0000f87a57d4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MS-SQL-SQLPublication,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-SQLRepository
+ldapDisplayName: mS-SQL-SQLRepository
+governsId: 1.2.840.113556.1.5.186
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mS-SQL-InformationDirectory, mS-SQL-Version,mS-SQL-Description, mS-SQL-Status, mS-SQL-Build, mS-SQL-Contact,mS-SQL-Name
+systemPossSuperiors: mS-SQL-SQLServer
+schemaIdGuid:11d43c5c-ccef-11d2-9993-0000f87a57d4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MS-SQL-SQLRepository,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-SQLServer
+ldapDisplayName: mS-SQL-SQLServer
+governsId: 1.2.840.113556.1.5.184
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: serviceConnectionPoint
+systemMayContain: mS-SQL-Keywords, mS-SQL-GPSHeight,mS-SQL-GPSLongitude, mS-SQL-GPSLatitude, mS-SQL-InformationURL,mS-SQL-LastUpdatedDate, mS-SQL-Status, mS-SQL-Vines,mS-SQL-AppleTalk, mS-SQL-TCPIP, mS-SQL-SPX, mS-SQL-MultiProtocol,mS-SQL-NamedPipe, mS-SQL-Clustered, mS-SQL-UnicodeSortOrder,mS-SQL-SortOrder, mS-SQL-CharacterSet, mS-SQL-ServiceAccount,mS-SQL-Build, mS-SQL-Memory, mS-SQL-Location, mS-SQL-Contact,mS-SQL-RegisteredOwner, mS-SQL-Name
+systemPossSuperiors: serviceConnectionPoint
+schemaIdGuid:05f6c878-ccef-11d2-9993-0000f87a57d4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MS-SQL-SQLServer,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TAPI-Rt-Conference
+ldapDisplayName: msTAPI-RtConference
+governsId: 1.2.840.113556.1.5.221
+objectClassCategory: 1
+rdnAttId: msTAPI-uid
+subClassOf: top
+systemMustContain: msTAPI-uid
+systemMayContain: msTAPI-ConferenceBlob, msTAPI-ProtocolId
+systemPossSuperiors: organizationalUnit
+schemaIdGuid:ca7b9735-4b2a-4e49-89c3-99025334dc94
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-TAPI-Rt-Conference,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TAPI-Rt-Person
+ldapDisplayName: msTAPI-RtPerson
+governsId: 1.2.840.113556.1.5.222
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msTAPI-uid, msTAPI-IpAddress
+systemPossSuperiors: organization, organizationalUnit
+schemaIdGuid:53ea1cb5-b704-4df9-818f-5cb4ec86cac1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-TAPI-Rt-Person,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-IntRangeParam
+ldapDisplayName: msWMI-IntRangeParam
+governsId: 1.2.840.113556.1.5.205
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: msWMI-RangeParam
+systemMustContain: msWMI-IntDefault
+systemMayContain: msWMI-IntMax, msWMI-IntMin
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+schemaIdGuid:50ca5d7d-5c8b-4ef3-b9df-5b66d491e526
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-IntRangeParam,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-IntSetParam
+ldapDisplayName: msWMI-IntSetParam
+governsId: 1.2.840.113556.1.5.206
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: msWMI-RangeParam
+systemMustContain: msWMI-IntDefault
+systemMayContain: msWMI-IntValidValues
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+schemaIdGuid:292f0d9a-cf76-42b0-841f-b650f331df62
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-IntSetParam,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-MergeablePolicyTemplate
+ldapDisplayName: msWMI-MergeablePolicyTemplate
+governsId: 1.2.840.113556.1.5.202
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: msWMI-PolicyTemplate
+systemPossSuperiors: container
+schemaIdGuid:07502414-fdca-4851-b04a-13645b11d226
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-MergeablePolicyTemplate,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-ObjectEncoding
+ldapDisplayName: msWMI-ObjectEncoding
+governsId: 1.2.840.113556.1.5.217
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msWMI-Class, msWMI-ScopeGuid, msWMI-Parm1,msWMI-Parm2, msWMI-Parm3, msWMI-Parm4, msWMI-Genus, msWMI-intFlags1,msWMI-intFlags2, msWMI-intFlags3, msWMI-intFlags4, msWMI-ID,msWMI-TargetObject
+systemPossSuperiors: container
+schemaIdGuid:55dd81c9-c312-41f9-a84d-c6adbdf1e8e1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-ObjectEncoding,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-PolicyTemplate
+ldapDisplayName: msWMI-PolicyTemplate
+governsId: 1.2.840.113556.1.5.200
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msWMI-NormalizedClass, msWMI-TargetPath,msWMI-TargetClass, msWMI-TargetNameSpace, msWMI-Name, msWMI-ID
+systemMayContain: msWMI-TargetType, msWMI-SourceOrganization,msWMI-Parm4, msWMI-Parm3, msWMI-Parm2, msWMI-Parm1, msWMI-intFlags4,msWMI-intFlags3, msWMI-intFlags2, msWMI-intFlags1,msWMI-CreationDate, msWMI-ChangeDate, msWMI-Author
+systemPossSuperiors: container
+schemaIdGuid:e2bc80f1-244a-4d59-acc6-ca5c4f82e6e1
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-PolicyTemplate,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-PolicyType
+ldapDisplayName: msWMI-PolicyType
+governsId: 1.2.840.113556.1.5.211
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msWMI-TargetObject, msWMI-ID
+systemMayContain: msWMI-SourceOrganization, msWMI-Parm4,msWMI-Parm3, msWMI-Parm2, msWMI-Parm1, msWMI-intFlags4,msWMI-intFlags3, msWMI-intFlags2, msWMI-intFlags1,msWMI-CreationDate, msWMI-ChangeDate, msWMI-Author
+systemPossSuperiors: container
+schemaIdGuid:595b2613-4109-4e77-9013-a3bb4ef277c7
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-PolicyType,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-RangeParam
+ldapDisplayName: msWMI-RangeParam
+governsId: 1.2.840.113556.1.5.203
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msWMI-TargetType, msWMI-TargetClass,msWMI-PropertyName
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+schemaIdGuid:45fb5a57-5018-4d0f-9056-997c8c9122d9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-RangeParam,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-RealRangeParam
+ldapDisplayName: msWMI-RealRangeParam
+governsId: 1.2.840.113556.1.5.209
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: msWMI-RangeParam
+systemMustContain: msWMI-Int8Default
+systemMayContain: msWMI-Int8Max, msWMI-Int8Min
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+schemaIdGuid:6afe8fe2-70bc-4cce-b166-a96f7359c514
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-RealRangeParam,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Rule
+ldapDisplayName: msWMI-Rule
+governsId: 1.2.840.113556.1.5.214
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msWMI-QueryLanguage, msWMI-TargetNameSpace,msWMI-Query
+systemPossSuperiors: msWMI-Som, container
+schemaIdGuid:3c7e6f83-dd0e-481b-a0c2-74cd96ef2a66
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-Rule,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-ShadowObject
+ldapDisplayName: msWMI-ShadowObject
+governsId: 1.2.840.113556.1.5.212
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msWMI-TargetObject
+systemPossSuperiors: msWMI-PolicyType
+schemaIdGuid:f1e44bdf-8dd3-4235-9c86-f91f31f5b569
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-ShadowObject,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-SimplePolicyTemplate
+ldapDisplayName: msWMI-SimplePolicyTemplate
+governsId: 1.2.840.113556.1.5.201
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: msWMI-PolicyTemplate
+systemMustContain: msWMI-TargetObject
+systemPossSuperiors: container
+schemaIdGuid:6cc8b2b5-12df-44f6-8307-e74f5cdee369
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-SimplePolicyTemplate,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Som
+ldapDisplayName: msWMI-Som
+governsId: 1.2.840.113556.1.5.213
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msWMI-Name, msWMI-ID
+systemMayContain: msWMI-SourceOrganization, msWMI-Parm4, msWMI-Parm3,msWMI-Parm2, msWMI-Parm1, msWMI-intFlags4, msWMI-intFlags3,msWMI-intFlags2, msWMI-intFlags1, msWMI-CreationDate,msWMI-ChangeDate, msWMI-Author
+systemPossSuperiors: container
+schemaIdGuid:ab857078-0142-4406-945b-34c9b6b13372
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-Som,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-StringSetParam
+ldapDisplayName: msWMI-StringSetParam
+governsId: 1.2.840.113556.1.5.210
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: msWMI-RangeParam
+systemMustContain: msWMI-StringDefault
+systemMayContain: msWMI-StringValidValues
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+schemaIdGuid:0bc579a2-1da7-4cea-b699-807f3b9d63a4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-StringSetParam,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-UintRangeParam
+ldapDisplayName: msWMI-UintRangeParam
+governsId: 1.2.840.113556.1.5.207
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: msWMI-RangeParam
+systemMustContain: msWMI-IntDefault
+systemMayContain: msWMI-IntMax, msWMI-IntMin
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+schemaIdGuid:d9a799b2-cef3-48b3-b5ad-fb85f8dd3214
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-UintRangeParam,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-UintSetParam
+ldapDisplayName: msWMI-UintSetParam
+governsId: 1.2.840.113556.1.5.208
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: msWMI-RangeParam
+systemMustContain: msWMI-IntDefault
+systemMayContain: msWMI-IntValidValues
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+schemaIdGuid:8f4beb31-4e19-46f5-932e-5fa03c339b1d
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-UintSetParam,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-UnknownRangeParam
+ldapDisplayName: msWMI-UnknownRangeParam
+governsId: 1.2.840.113556.1.5.204
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: msWMI-RangeParam
+systemMustContain: msWMI-TargetObject, msWMI-NormalizedClass
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+schemaIdGuid:b82ac26b-c6db-4098-92c6-49c18a3336e1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-UnknownRangeParam,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-WMIGPO
+ldapDisplayName: msWMI-WMIGPO
+governsId: 1.2.840.113556.1.5.215
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msWMI-TargetClass
+systemMayContain: msWMI-Parm4, msWMI-Parm3, msWMI-Parm2, msWMI-Parm1,msWMI-intFlags4, msWMI-intFlags3, msWMI-intFlags2, msWMI-intFlags1
+systemPossSuperiors: container
+schemaIdGuid:05630000-3927-4ede-bf27-ca91f275c26f
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-WMIGPO,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NisMap
+ldapDisplayName: nisMap
+governsId: 1.3.6.1.1.1.2.9
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: cn, nisMapName
+mayContain: description
+possSuperiors: domainDNS, container, organizationalUnit
+schemaIdGuid:7672666c-02c1-4f33-9ecf-f649c1dd9b7c
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NisMap,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: NisNetgroup
+ldapDisplayName: nisNetgroup
+governsId: 1.3.6.1.1.1.2.8
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: cn
+mayContain: description, memberNisNetgroup, nisNetgroupTriple,msSFU30Name, msSFU30NisDomain, nisMapName,msSFU30NetgroupHostAtDomain, msSFU30NetgroupUserAtDomain
+possSuperiors: domainDNS, nisMap, container, organizationalUnit
+schemaIdGuid:72efbf84-6e7b-4a5c-a8db-8a75a7cad254
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NisNetgroup,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: NisObject
+ldapDisplayName: nisObject
+governsId: 1.3.6.1.1.1.2.10
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: cn, nisMapName, nisMapEntry
+mayContain: description, msSFU30Name, msSFU30NisDomain
+possSuperiors: domainDNS, nisMap, container, organizationalUnit
+schemaIdGuid:904f8a93-4954-4c5f-b1e1-53c097a31e13
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NisObject,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: NTDS-Connection
+ldapDisplayName: nTDSConnection
+governsId: 1.2.840.113556.1.5.71
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: leaf
+systemMustContain: options, fromServer, enabledConnection
+systemMayContain: transportType, schedule, mS-DS-ReplicatesNCReason,generatedConnection
+systemPossSuperiors: nTFRSMember, nTFRSReplicaSet, nTDSDSA
+schemaIdGuid:19195a60-6da0-11d0-afd3-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTDS-Connection,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NTDS-DSA
+ldapDisplayName: nTDSDSA
+governsId: 1.2.840.113556.1.5.7000.47
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: applicationSettings
+systemMayContain: msDS-IsUserCachableAtRodc, msDS-SiteName,msDS-isRODC, msDS-isGC, msDS-RevealedUsers,msDS-NeverRevealGroup, msDS-RevealOnDemandGroup,msDS-hasFullReplicaNCs, serverReference,msDS-RetiredReplNCSignatures, retiredReplDSASignatures,queryPolicyObject, options, networkAddress, msDS-ReplicationEpoch,msDS-HasInstantiatedNCs, msDS-hasMasterNCs, msDS-HasDomainNCs,msDS-Behavior-Version, managedBy, lastBackupRestorationTime,invocationId, hasPartialReplicaNCs, hasMasterNCs, fRSRootPath,dMDLocation, msDS-EnabledFeature
+systemPossSuperiors: organization, server
+schemaIdGuid:f0f8ffab-1191-11d0-a060-00aa006c33ed
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=NTDS-DSA,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NTDS-DSA-RO
+ldapDisplayName: nTDSDSARO
+governsId: 1.2.840.113556.1.5.254
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: nTDSDSA
+systemPossSuperiors: server, organization
+schemaIdGuid:85d16ec1-0791-4bc8-8ab3-70980602ff8c
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=NTDS-DSA-RO,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NTDS-Service
+ldapDisplayName: nTDSService
+governsId: 1.2.840.113556.1.5.72
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msDS-DeletedObjectLifetime, tombstoneLifetime,sPNMappings, replTopologyStayOfExecution, msDS-Other-Settings,garbageCollPeriod, dSHeuristics
+systemPossSuperiors: container
+schemaIdGuid:19195a5f-6da0-11d0-afd3-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NTDS-Site-Settings
+ldapDisplayName: nTDSSiteSettings
+governsId: 1.2.840.113556.1.5.69
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: applicationSiteSettings
+systemMayContain: schedule, queryPolicyObject, options,msDS-Preferred-GC-Site, managedBy, interSiteTopologyRenew,interSiteTopologyGenerator, interSiteTopologyFailover
+systemPossSuperiors: site
+schemaIdGuid:19195a5d-6da0-11d0-afd3-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTDS-Site-Settings,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NTFRS-Member
+ldapDisplayName: nTFRSMember
+governsId: 1.2.840.113556.1.5.153
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: serverReference, fRSUpdateTimeout,fRSServiceCommand, fRSRootSecurity, fRSPartnerAuthLevel, fRSFlags,fRSExtensions, fRSControlOutboundBacklog, fRSControlInboundBacklog,fRSControlDataCreation, frsComputerReference
+systemPossSuperiors: nTFRSReplicaSet
+schemaIdGuid:2a132586-9373-11d1-aebc-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTFRS-Member,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NTFRS-Replica-Set
+ldapDisplayName: nTFRSReplicaSet
+governsId: 1.2.840.113556.1.5.102
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: schedule, msFRS-Topology-Pref, msFRS-Hub-Member,managedBy, fRSVersionGUID, fRSServiceCommand, fRSRootSecurity,fRSReplicaSetType, fRSReplicaSetGUID, fRSPrimaryMember,fRSPartnerAuthLevel, fRSLevelLimit, fRSFlags, fRSFileFilter,fRSExtensions, fRSDSPoll, fRSDirectoryFilter
+systemPossSuperiors: nTFRSSettings
+schemaIdGuid:5245803a-ca6a-11d0-afff-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(OA;;CCDC;2a132586-9373-11d1-aebc-0000f80367c1;;ED)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTFRS-Replica-Set,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NTFRS-Settings
+ldapDisplayName: nTFRSSettings
+governsId: 1.2.840.113556.1.5.89
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: applicationSettings
+systemMayContain: managedBy, fRSExtensions
+systemPossSuperiors: nTFRSSettings, container, organizationalUnit,organization
+schemaIdGuid:f780acc2-56f0-11d1-a9c6-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTFRS-Settings,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NTFRS-Subscriber
+ldapDisplayName: nTFRSSubscriber
+governsId: 1.2.840.113556.1.5.155
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: fRSStagingPath, fRSRootPath
+systemMayContain: schedule, fRSUpdateTimeout,fRSTimeLastConfigChange, fRSTimeLastCommand,fRSServiceCommandStatus, fRSServiceCommand, fRSMemberReference,fRSFlags, fRSFaultCondition, fRSExtensions
+systemPossSuperiors: nTFRSSubscriptions
+schemaIdGuid:2a132588-9373-11d1-aebc-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTFRS-Subscriber,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NTFRS-Subscriptions
+ldapDisplayName: nTFRSSubscriptions
+governsId: 1.2.840.113556.1.5.154
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: fRSWorkingPath, fRSVersion, fRSExtensions
+systemPossSuperiors: user, computer, nTFRSSubscriptions
+schemaIdGuid:2a132587-9373-11d1-aebc-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTFRS-Subscriptions,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: OncRpc
+ldapDisplayName: oncRpc
+governsId: 1.3.6.1.1.1.2.5
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: cn, oncRpcNumber
+mayContain: description, msSFU30Name, msSFU30NisDomain, nisMapName,msSFU30Aliases
+possSuperiors: domainDNS, nisMap, container, organizationalUnit
+schemaIdGuid:cadd1e5e-fefc-4f3f-b5a9-70e994204303
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=OncRpc,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Organization
+ldapDisplayName: organization
+governsId: 2.5.6.4
+objectClassCategory: 1
+rdnAttId: o
+subClassOf: top
+systemMustContain: o
+systemMayContain: x121Address, userPassword, telexNumber,teletexTerminalIdentifier, telephoneNumber, street, st, seeAlso,searchGuide, registeredAddress, preferredDeliveryMethod, postalCode,postalAddress, postOfficeBox, physicalDeliveryOfficeName, l,internationalISDNNumber, facsimileTelephoneNumber,destinationIndicator, businessCategory
+systemPossSuperiors: locality, country, domainDNS
+schemaIdGuid:bf967aa3-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Organization,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Organizational-Person
+ldapDisplayName: organizationalPerson
+governsId: 2.5.6.7
+objectClassCategory: 0
+rdnAttId: cn
+subClassOf: person
+mayContain: msDS-HABSeniorityIndex, msDS-PhoneticDisplayName,msDS-PhoneticCompanyName, msDS-PhoneticDepartment,msDS-PhoneticLastName, msDS-PhoneticFirstName, houseIdentifier,msExchHouseIdentifier, homePostalAddress
+systemMayContain: x121Address, comment, title, co,primaryTelexNumber, telexNumber, teletexTerminalIdentifier, street,st, registeredAddress, preferredDeliveryMethod, postalCode,postalAddress, postOfficeBox, thumbnailPhoto,physicalDeliveryOfficeName, pager, otherPager, otherTelephone,mobile, otherMobile, primaryInternationalISDNNumber, ipPhone,otherIpPhone, otherHomePhone, homePhone,otherFacsimileTelephoneNumber, personalTitle, middleName,otherMailbox, ou, o, mhsORAddress, msDS-AllowedToDelegateTo,manager, thumbnailLogo, l, internationalISDNNumber, initials,givenName, generationQualifier, facsimileTelephoneNumber,employeeID, mail, division, destinationIndicator, department, c,countryCode, company, assistant, streetAddress
+systemPossSuperiors: organizationalUnit, organization, container
+schemaIdGuid:bf967aa4-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Organizational-Role
+ldapDisplayName: organizationalRole
+governsId: 2.5.6.8
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+systemMayContain: x121Address, telexNumber,teletexTerminalIdentifier, telephoneNumber, street, st, seeAlso,roleOccupant, registeredAddress, preferredDeliveryMethod,postalCode, postalAddress, postOfficeBox,physicalDeliveryOfficeName, ou, l, internationalISDNNumber,facsimileTelephoneNumber, destinationIndicator
+systemPossSuperiors: organizationalUnit, organization, container
+schemaIdGuid:a8df74bf-c5ea-11d1-bbcb-0080c76670c0
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Organizational-Role,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Organizational-Unit
+ldapDisplayName: organizationalUnit
+governsId: 2.5.6.5
+objectClassCategory: 1
+rdnAttId: ou
+subClassOf: top
+systemMustContain: ou
+systemMayContain: x121Address, userPassword, uPNSuffixes, co,telexNumber, teletexTerminalIdentifier, telephoneNumber, street, st,seeAlso, searchGuide, registeredAddress, preferredDeliveryMethod,postalCode, postalAddress, postOfficeBox,physicalDeliveryOfficeName, msCOM-UserPartitionSetLink, managedBy,thumbnailLogo, l, internationalISDNNumber, gPOptions, gPLink,facsimileTelephoneNumber, destinationIndicator, desktopProfile,defaultGroup, countryCode, c, businessCategory
+systemPossSuperiors: country, organization, organizationalUnit,domainDNS
+schemaIdGuid:bf967aa5-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(OA;;CCDC;bf967a86-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aba-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967a9c-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;ED)(OA;;CCDC;4828CC14-1437-45bc-9B07-AD6F015E5F28;;AO)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Package-Registration
+ldapDisplayName: packageRegistration
+governsId: 1.2.840.113556.1.5.49
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: versionNumberLo, versionNumberHi, vendor,upgradeProductCode, setupCommand, productCode, packageType,packageName, packageFlags, msiScriptSize, msiScriptPath,msiScriptName, msiScript, msiFileList, managedBy,machineArchitecture, localeID, lastUpdateSequence, installUiLevel,iconPath, fileExtPriority, cOMTypelibId, cOMProgID, cOMInterfaceID,cOMClassID, categories, canUpgradeScript
+systemPossSuperiors: classStore
+schemaIdGuid:bf967aa6-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Package-Registration,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Person
+ldapDisplayName: person
+governsId: 2.5.6.6
+objectClassCategory: 0
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+mayContain: attributeCertificateAttribute
+systemMayContain: userPassword, telephoneNumber, sn, serialNumber,seeAlso
+systemPossSuperiors: organizationalUnit, container
+schemaIdGuid:bf967aa7-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Physical-Location
+ldapDisplayName: physicalLocation
+governsId: 1.2.840.113556.1.5.97
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: locality
+systemMayContain: managedBy
+systemPossSuperiors: physicalLocation, configuration
+schemaIdGuid:b7b13122-b82e-11d0-afee-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Physical-Location,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Certificate-Template
+ldapDisplayName: pKICertificateTemplate
+governsId: 1.2.840.113556.1.5.177
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: pKIOverlapPeriod, pKIMaxIssuingDepth, pKIKeyUsage,pKIExtendedKeyUsage, pKIExpirationPeriod, pKIEnrollmentAccess,pKIDefaultCSPs, pKIDefaultKeySpec, pKICriticalExtensions,msPKI-RA-Signature, msPKI-RA-Policies,msPKI-RA-Application-Policies, msPKI-Template-Schema-Version,msPKI-Template-Minor-Revision, msPKI-Supersede-Templates,msPKI-Private-Key-Flag, msPKI-Minimal-Key-Size,msPKI-Enrollment-Flag, msPKI-Certificate-Policy,msPKI-Certificate-Name-Flag, msPKI-Certificate-Application-Policy,msPKI-Cert-Template-OID, flags, displayName
+systemPossSuperiors: container
+schemaIdGuid:e5209ca2-3bba-11d2-90cc-00c04fd91ab1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=PKI-Certificate-Template,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Enrollment-Service
+ldapDisplayName: pKIEnrollmentService
+governsId: 1.2.840.113556.1.5.178
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msPKI-Enrollment-Servers, msPKI-Site-Name,signatureAlgorithms, enrollmentProviders, dNSHostName,certificateTemplates, cACertificateDN, cACertificate
+systemPossSuperiors: container
+schemaIdGuid:ee4aa692-3bba-11d2-90cc-00c04fd91ab1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=PKI-Enrollment-Service,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PosixAccount
+ldapDisplayName: posixAccount
+governsId: 1.3.6.1.1.1.2.0
+objectClassCategory: 3
+rdnAttId: uid
+subClassOf: top
+mayContain: uid, cn, uidNumber, gidNumber, unixHomeDirectory,homeDirectory, userPassword, unixUserPassword, loginShell, gecos,description
+schemaIdGuid:ad44bb41-67d5-4d88-b575-7b20674e76d8
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=PosixAccount,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: PosixGroup
+ldapDisplayName: posixGroup
+governsId: 1.3.6.1.1.1.2.2
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+mayContain: cn, userPassword, unixUserPassword, description,gidNumber, memberUid
+schemaIdGuid:2a9350b8-062c-4ed0-9903-dde10d06deba
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=PosixGroup,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Print-Queue
+ldapDisplayName: printQueue
+governsId: 1.2.840.113556.1.5.23
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: connectionPoint
+systemMustContain: versionNumber, uNCName, shortServerName,serverName, printerName
+systemMayContain: priority, printStatus, printStartTime,printStaplingSupported, printSpooling, printShareName,printSeparatorFile, printRateUnit, printRate, printPagesPerMinute,printOwner, printOrientationsSupported, printNumberUp, printNotify,printNetworkAddress, printMinYExtent, printMinXExtent, printMemory,printMediaSupported, printMediaReady, printMaxYExtent,printMaxXExtent, printMaxResolutionSupported, printMaxCopies,printMACAddress, printLanguage, printKeepPrintedJobs, printFormName,printEndTime, printDuplexSupported, printColor, printCollate,printBinNames, printAttributes, portName, physicalLocationObject,operatingSystemVersion, operatingSystemServicePack,operatingSystemHotfix, operatingSystem, location, driverVersion,driverName, defaultPriority, bytesPerMinute, assetNumber
+systemPossSuperiors: organizationalUnit, domainDNS, container,computer
+schemaIdGuid:bf967aa8-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;PO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Print-Queue,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Query-Policy
+ldapDisplayName: queryPolicy
+governsId: 1.2.840.113556.1.5.106
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: lDAPIPDenyList, lDAPAdminLimits
+systemPossSuperiors: container
+schemaIdGuid:83cc7075-cca7-11d0-afff-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Query-Policy,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Remote-Mail-Recipient
+ldapDisplayName: remoteMailRecipient
+governsId: 1.2.840.113556.1.5.24
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemAuxiliaryClass: mailRecipient
+systemMayContain: remoteSourceType, remoteSource, managedBy
+systemPossSuperiors: organizationalUnit, domainDNS
+schemaIdGuid:bf967aa9-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(OA;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Remote-Mail-Recipient,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Remote-Storage-Service-Point
+ldapDisplayName: remoteStorageServicePoint
+governsId: 1.2.840.113556.1.5.146
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: serviceAdministrationPoint
+systemMayContain: remoteStorageGUID
+systemPossSuperiors: computer
+schemaIdGuid:2a39c5bd-8960-11d1-aebc-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Remote-Storage-Service-Point,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Residential-Person
+ldapDisplayName: residentialPerson
+governsId: 2.5.6.10
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: person
+systemMayContain: x121Address, title, telexNumber,teletexTerminalIdentifier, street, st, registeredAddress,preferredDeliveryMethod, postalCode, postalAddress, postOfficeBox,physicalDeliveryOfficeName, ou, l, internationalISDNNumber,facsimileTelephoneNumber, destinationIndicator, businessCategory
+systemPossSuperiors: locality, container
+schemaIdGuid:a8df74d6-c5ea-11d1-bbcb-0080c76670c0
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Residential-Person,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rFC822LocalPart
+ldapDisplayName: rFC822LocalPart
+governsId: 0.9.2342.19200300.100.4.14
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: domain
+mayContain: x121Address, telexNumber, teletexTerminalIdentifier,telephoneNumber, street, sn, seeAlso, registeredAddress,preferredDeliveryMethod, postOfficeBox, postalCode, postalAddress,physicalDeliveryOfficeName, internationalISDNNumber,facsimileTelephoneNumber, destinationIndicator, description, cn
+possSuperiors: organizationalUnit, container
+schemaIdGuid:b93e3a78-cbae-485e-a07b-5ef4ae505686
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=rFC822LocalPart,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: RID-Manager
+ldapDisplayName: rIDManager
+governsId: 1.2.840.113556.1.5.83
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: rIDAvailablePool
+systemPossSuperiors: container
+schemaIdGuid:6617188d-8f3c-11d0-afda-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)S:(AU;SA;CRWP;;;WD)
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=RID-Manager,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: RID-Set
+ldapDisplayName: rIDSet
+governsId: 1.2.840.113556.1.5.129
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: rIDUsedPool, rIDPreviousAllocationPool,rIDNextRID, rIDAllocationPool
+systemPossSuperiors: user, container, computer
+schemaIdGuid:7bfdcb89-4807-11d1-a9c3-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=RID-Set,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: room
+ldapDisplayName: room
+governsId: 0.9.2342.19200300.100.4.7
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: cn
+mayContain: location, telephoneNumber, seeAlso, description,roomNumber
+possSuperiors: organizationalUnit, container
+schemaIdGuid:7860e5d2-c8b0-4cbb-bd45-d9455beb9206
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=room,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Rpc-Container
+ldapDisplayName: rpcContainer
+governsId: 1.2.840.113556.1.5.136
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: container
+systemMayContain: nameServiceFlags
+systemPossSuperiors: container
+schemaIdGuid:80212842-4bdc-11d1-a9c4-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Rpc-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Entry
+ldapDisplayName: rpcEntry
+governsId: 1.2.840.113556.1.5.27
+objectClassCategory: 2
+rdnAttId: cn
+subClassOf: connectionPoint
+systemPossSuperiors: container
+schemaIdGuid:bf967aac-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=rpc-Entry,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Group
+ldapDisplayName: rpcGroup
+governsId: 1.2.840.113556.1.5.80
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: rpcEntry
+systemMayContain: rpcNsObjectID, rpcNsGroup
+systemPossSuperiors: container
+schemaIdGuid:88611bdf-8cf4-11d0-afda-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=rpc-Group,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Profile
+ldapDisplayName: rpcProfile
+governsId: 1.2.840.113556.1.5.82
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: rpcEntry
+systemPossSuperiors: container
+schemaIdGuid:88611be1-8cf4-11d0-afda-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=rpc-Profile,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Profile-Element
+ldapDisplayName: rpcProfileElement
+governsId: 1.2.840.113556.1.5.26
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: rpcEntry
+systemMustContain: rpcNsPriority, rpcNsInterfaceID
+systemMayContain: rpcNsProfileEntry, rpcNsAnnotation
+systemPossSuperiors: rpcProfile
+schemaIdGuid:f29653cf-7ad0-11d0-afd6-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=rpc-Profile-Element,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Server
+ldapDisplayName: rpcServer
+governsId: 1.2.840.113556.1.5.81
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: rpcEntry
+systemMayContain: rpcNsObjectID, rpcNsEntryFlags, rpcNsCodeset
+systemPossSuperiors: container
+schemaIdGuid:88611be0-8cf4-11d0-afda-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=rpc-Server,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Server-Element
+ldapDisplayName: rpcServerElement
+governsId: 1.2.840.113556.1.5.73
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: rpcEntry
+systemMustContain: rpcNsTransferSyntax, rpcNsInterfaceID,rpcNsBindings
+systemPossSuperiors: rpcServer
+schemaIdGuid:f29653d0-7ad0-11d0-afd6-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=rpc-Server-Element,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: RRAS-Administration-Connection-Point
+ldapDisplayName: rRASAdministrationConnectionPoint
+governsId: 1.2.840.113556.1.5.150
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: serviceAdministrationPoint
+systemMayContain: msRRASAttribute
+systemPossSuperiors: computer
+schemaIdGuid:2a39c5be-8960-11d1-aebc-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=RRAS-Administration-Connection-Point,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: RRAS-Administration-Dictionary
+ldapDisplayName: rRASAdministrationDictionary
+governsId: 1.2.840.113556.1.5.156
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msRRASVendorAttributeEntry
+systemPossSuperiors: container
+schemaIdGuid:f39b98ae-938d-11d1-aebd-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=RRAS-Administration-Dictionary,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Sam-Domain
+ldapDisplayName: samDomain
+governsId: 1.2.840.113556.1.5.3
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+systemAuxiliaryClass: samDomainBase
+systemMayContain: treeName, rIDManagerReference, replicaSource,pwdProperties, pwdHistoryLength, privateKey, pekList,pekKeyChangeInterval, nTMixedDomain, nextRid, nETBIOSName,msDS-PerUserTrustTombstonesQuota, msDS-PerUserTrustQuota,ms-DS-MachineAccountQuota, msDS-LogonTimeSyncInterval,msDS-AllUsersTrustQuota, modifiedCountAtLastProm, minPwdLength,minPwdAge, maxPwdAge, lSAModifiedCount, lSACreationTime,lockoutThreshold, lockoutDuration, lockOutObservationWindow,gPOptions, gPLink, eFSPolicy, domainPolicyObject, desktopProfile,description, defaultLocalPolicyObject, creationTime,controlAccessRights, cACertificate, builtinModifiedCount,builtinCreationTime, auditingPolicy
+schemaIdGuid:bf967a90-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;S-1-5-21-2848215498-2472035911-1947525656-498)(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5-32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;CIIO;CRRPWP;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)S:(AU;SA;WDWOWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Sam-Domain,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Sam-Domain-Base
+ldapDisplayName: samDomainBase
+governsId: 1.2.840.113556.1.5.2
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+systemMayContain: uASCompat, serverState, serverRole, revision,pwdProperties, pwdHistoryLength, oEMInformation, objectSid,nTSecurityDescriptor, nextRid, modifiedCountAtLastProm,modifiedCount, minPwdLength, minPwdAge, maxPwdAge, lockoutThreshold,lockoutDuration, lockOutObservationWindow, forceLogoff,domainReplica, creationTime
+schemaIdGuid:bf967a91-0de6-11d0-a285-00aa003049e2
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Sam-Domain-Base,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Sam-Server
+ldapDisplayName: samServer
+governsId: 1.2.840.113556.1.5.5
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: securityObject
+systemMayContain: samDomainUpdates
+systemPossSuperiors: domainDNS
+schemaIdGuid:bf967aad-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPLCLORC;;;RU)(OA;;CR;91d67418-0135-4acc-8d79-c08e857cfbec;;AU)(OA;;CR;91d67418-0135-4acc-8d79-c08e857cfbec;;RU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Sam-Server,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Secret
+ldapDisplayName: secret
+governsId: 1.2.840.113556.1.5.28
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: leaf
+systemMayContain: priorValue, priorSetTime, lastSetTime, currentValue
+systemPossSuperiors: container
+schemaIdGuid:bf967aae-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Secret,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Security-Object
+ldapDisplayName: securityObject
+governsId: 1.2.840.113556.1.5.1
+objectClassCategory: 2
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+systemPossSuperiors: container
+schemaIdGuid:bf967aaf-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Security-Object,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Security-Principal
+ldapDisplayName: securityPrincipal
+governsId: 1.2.840.113556.1.5.6
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+systemMustContain: sAMAccountName, objectSid
+systemMayContain: supplementalCredentials, sIDHistory,securityIdentifier, sAMAccountType, rid, tokenGroupsNoGCAcceptable,tokenGroupsGlobalAndUniversal, tokenGroups, nTSecurityDescriptor,msDS-KeyVersionNumber, altSecurityIdentities, accountNameHistory
+schemaIdGuid:bf967ab0-0de6-11d0-a285-00aa003049e2
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Security-Principal,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Server
+ldapDisplayName: server
+governsId: 1.2.840.113556.1.5.17
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msDS-IsUserCachableAtRodc, msDS-SiteName,msDS-isRODC, msDS-isGC, mailAddress, serverReference, serialNumber,managedBy, dNSHostName, bridgeheadTransportList
+systemPossSuperiors: serversContainer
+schemaIdGuid:bf967a92-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Server,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Servers-Container
+ldapDisplayName: serversContainer
+governsId: 1.2.840.113556.1.5.7000.48
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemPossSuperiors: site
+schemaIdGuid:f780acc0-56f0-11d1-a9c6-0000f80367c1
+defaultSecurityDescriptor: D:(A;;CC;;;BA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Servers-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-Administration-Point
+ldapDisplayName: serviceAdministrationPoint
+governsId: 1.2.840.113556.1.5.94
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: serviceConnectionPoint
+systemPossSuperiors: computer
+schemaIdGuid:b7b13123-b82e-11d0-afee-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Service-Administration-Point,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-Class
+ldapDisplayName: serviceClass
+governsId: 1.2.840.113556.1.5.29
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: leaf
+systemMustContain: serviceClassID, displayName
+systemMayContain: serviceClassInfo
+systemPossSuperiors: container
+schemaIdGuid:bf967ab1-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Service-Class,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-Connection-Point
+ldapDisplayName: serviceConnectionPoint
+governsId: 1.2.840.113556.1.5.126
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: connectionPoint
+systemMayContain: versionNumberLo, versionNumberHi, versionNumber,vendor, serviceDNSNameType, serviceDNSName, serviceClassName,serviceBindingInformation, appSchemaVersion
+systemPossSuperiors: organizationalUnit, container, computer
+schemaIdGuid:28630ec1-41d5-11d1-a9c1-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Service-Connection-Point,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-Instance
+ldapDisplayName: serviceInstance
+governsId: 1.2.840.113556.1.5.30
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: connectionPoint
+systemMustContain: serviceClassID, displayName
+systemMayContain: winsockAddresses, serviceInstanceVersion
+systemPossSuperiors: container
+schemaIdGuid:bf967ab2-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Service-Instance,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ShadowAccount
+ldapDisplayName: shadowAccount
+governsId: 1.3.6.1.1.1.2.1
+objectClassCategory: 3
+rdnAttId: uid
+subClassOf: top
+mayContain: uid, userPassword, description, shadowLastChange,shadowMin, shadowMax, shadowWarning, shadowInactive, shadowExpire,shadowFlag
+schemaIdGuid:5b6d8467-1a18-4174-b350-9cc6e7b4ac8d
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ShadowAccount,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: simpleSecurityObject
+ldapDisplayName: simpleSecurityObject
+governsId: 0.9.2342.19200300.100.4.19
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+mayContain: userPassword
+schemaIdGuid:5fe69b0b-e146-4f15-b0ab-c1e5d488e094
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=simpleSecurityObject,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Site
+ldapDisplayName: site
+governsId: 1.2.840.113556.1.5.31
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: notificationList, mSMQSiteID, mSMQSiteForeign,mSMQNt4Stub, mSMQInterval2, mSMQInterval1, managedBy, location,gPOptions, gPLink, msDS-BridgeHeadServersUsed
+systemPossSuperiors: sitesContainer
+schemaIdGuid:bf967ab3-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;ED)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Site,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Site-Link
+ldapDisplayName: siteLink
+governsId: 1.2.840.113556.1.5.147
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: siteList
+systemMayContain: schedule, replInterval, options, cost
+systemPossSuperiors: interSiteTransport
+schemaIdGuid:d50c2cde-8951-11d1-aebc-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Site-Link,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Site-Link-Bridge
+ldapDisplayName: siteLinkBridge
+governsId: 1.2.840.113556.1.5.148
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: siteLinkList
+systemPossSuperiors: interSiteTransport
+schemaIdGuid:d50c2cdf-8951-11d1-aebc-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Site-Link-Bridge,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Sites-Container
+ldapDisplayName: sitesContainer
+governsId: 1.2.840.113556.1.5.107
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemPossSuperiors: configuration
+schemaIdGuid:7a4117da-cd67-11d0-afff-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Storage
+ldapDisplayName: storage
+governsId: 1.2.840.113556.1.5.33
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: connectionPoint
+systemMayContain: monikerDisplayName, moniker, iconPath
+systemPossSuperiors: container
+schemaIdGuid:bf967ab5-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Storage,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Subnet
+ldapDisplayName: subnet
+governsId: 1.2.840.113556.1.5.96
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: siteObject, physicalLocationObject, location
+systemPossSuperiors: subnetContainer
+schemaIdGuid:b7b13124-b82e-11d0-afee-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Subnet,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Subnet-Container
+ldapDisplayName: subnetContainer
+governsId: 1.2.840.113556.1.5.95
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemPossSuperiors: sitesContainer
+schemaIdGuid:b7b13125-b82e-11d0-afee-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Subnet-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: SubSchema
+ldapDisplayName: subSchema
+governsId: 2.5.20.1
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: objectClasses, modifyTimeStamp, extendedClassInfo,extendedAttributeInfo, dITContentRules, attributeTypes
+systemPossSuperiors: dMD
+schemaIdGuid:5a8b3261-c38d-11d1-bbc9-0080c76670c0
+defaultSecurityDescriptor: D:S:
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=SubSchema,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_DOMAIN_DISALLOW_RENAME
+
+cn: Top
+ldapDisplayName: top
+governsId: 2.5.6.0
+objectClassCategory: 2
+rdnAttId: cn
+subClassOf: top
+systemMustContain: objectClass, objectCategory, nTSecurityDescriptor,instanceType
+mayContain: msSFU30PosixMemberOf, msDFSR-ComputerReferenceBL,msDFSR-MemberReferenceBL, msDS-ObjectReferenceBL
+systemMayContain: msDS-EnabledFeatureBL, msDS-LastKnownRDN, msDS-HostServiceAccountBL,msDS-OIDToGroupLinkBl, msDS-LocalEffectiveRecycleTime,msDS-LocalEffectiveDeletionTime, isRecycled, msDS-NcType,msDS-PSOApplied, msDS-PrincipalName,msDS-RevealedListBL, msDS-AuthenticatedToAccountlist,msDS-IsPartialReplicaFor, msDS-IsDomainFor, msDS-IsFullReplicaFor,msDS-RevealedDSAs, msDS-KrbTgtLinkBl, url, wWWHomePage, whenCreated,whenChanged, wellKnownObjects, wbemPath, uSNSource, uSNLastObjRem,USNIntersite, uSNDSALastObjRemoved, uSNCreated, uSNChanged,systemFlags, subSchemaSubEntry, subRefs, structuralObjectClass,siteObjectBL, serverReferenceBL, sDRightsEffective, revision,repsTo, repsFrom, directReports, replUpToDateVector,replPropertyMetaData, name, queryPolicyBL, proxyAddresses,proxiedObjectName, possibleInferiors, partialAttributeSet,partialAttributeDeletionList, otherWellKnownObjects, objectVersion,objectGUID, distinguishedName, nonSecurityMemberBL, netbootSCPBL,ownerBL, msDS-ReplValueMetaData, msDS-ReplAttributeMetaData,msDS-NonMembersBL, msDS-NCReplOutboundNeighbors,msDS-NCReplInboundNeighbors, msDS-NCReplCursors,msDS-TasksForAzRoleBL, msDS-TasksForAzTaskBL,msDS-OperationsForAzRoleBL, msDS-OperationsForAzTaskBL,msDS-MembersForAzRoleBL, msDs-masteredBy, mS-DS-ConsistencyGuid,mS-DS-ConsistencyChildCount, msDS-Approx-Immed-Subordinates,msCOM-PartitionSetLink, msCOM-UserLink, modifyTimeStamp, masteredBy,managedObjects, lastKnownParent, isPrivilegeHolder, memberOf,isDeleted, isCriticalSystemObject, showInAdvancedViewOnly,fSMORoleOwner, fRSMemberReferenceBL, frsComputerReferenceBL,fromEntry, flags, extensionName, dSASignature,dSCorePropagationData, displayNamePrintable, displayName,description, createTimeStamp, cn, canonicalName,bridgeheadServerListBL, allowedChildClassesEffective,allowedChildClasses, allowedAttributesEffective, allowedAttributes,adminDisplayName, adminDescription, msDS-NC-RO-Replica-Locations-BL
+systemPossSuperiors: lostAndFound
+schemaIdGuid:bf967ab7-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=Top,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Trusted-Domain
+ldapDisplayName: trustedDomain
+governsId: 1.2.840.113556.1.5.34
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: leaf
+systemMayContain: msDS-SupportedEncryptionTypes, trustType,trustPosixOffset, trustPartner, trustDirection, trustAuthOutgoing,trustAuthIncoming, trustAttributes, securityIdentifier,msDS-TrustForestTrustInfo, mS-DS-CreatorSID, initialAuthOutgoing,initialAuthIncoming, flatName, domainIdentifier, domainCrossRef,additionalTrustedServiceNames
+systemPossSuperiors: container
+schemaIdGuid:bf967ab8-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(OA;;WP;736e4812-af31-11d2-b7df-00805f48caeb;bf967ab8-0de6-11d0-a285-00aa003049e2;CO)(A;;SD;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Trusted-Domain,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Type-Library
+ldapDisplayName: typeLibrary
+governsId: 1.2.840.113556.1.5.53
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: cOMUniqueLIBID, cOMInterfaceID, cOMClassID
+systemPossSuperiors: classStore
+schemaIdGuid:281416e2-1968-11d0-a28f-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Type-Library,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: User
+ldapDisplayName: user
+governsId: 1.2.840.113556.1.5.9
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: organizationalPerson
+auxiliaryClass: shadowAccount, posixAccount
+systemAuxiliaryClass: securityPrincipal, mailRecipient
+mayContain: msSFU30NisDomain, msSFU30Name, msDS-SourceObjectDN,x500uniqueIdentifier, userSMIMECertificate, userPKCS12, uid,secretary, roomNumber, preferredLanguage, photo, labeledURI,jpegPhoto, homePostalAddress, givenName, employeeType,employeeNumber, displayName, departmentNumber, carLicense, audio
+systemMayContain:  msTSPrimaryDesktop, msTSSecondaryDesktops,msPKI-CredentialRoamingTokens, msDS-ResultantPSO, msTSLSProperty01,msTSLSProperty02, msTSManagingLS2, msTSManagingLS3, msTSManagingLS4,msTSLicenseVersion2, msTSLicenseVersion3, msTSLicenseVersion4,msTSExpireDate2, msTSExpireDate3, msTSExpireDate4,msDS-AuthenticatedAtDC, msDS-UserPasswordExpiryTimeComputed,msTSManagingLS, msTSLicenseVersion, msTSExpireDate, msTSProperty02,msTSProperty01, msTSInitialProgram, msTSWorkDirectory,msTSDefaultToMainPrinter, msTSConnectPrinterDrives,msTSConnectClientDrives, msTSBrokenConnectionAction,msTSReconnectionAction, msTSMaxIdleTime, msTSMaxConnectionTime,msTSMaxDisconnectionTime, msTSRemoteControl, msTSAllowLogon,msTSHomeDrive, msTSHomeDirectory, msTSProfilePath,msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon,msDS-FailedInteractiveLogonCount,msDS-LastFailedInteractiveLogonTime,msDS-LastSuccessfulInteractiveLogonTime,msRADIUS-SavedFramedIpv6Route, msRADIUS-FramedIpv6Route,msRADIUS-SavedFramedIpv6Prefix, msRADIUS-FramedIpv6Prefix,msRADIUS-SavedFramedInterfaceId, msRADIUS-FramedInterfaceId,msPKIAccountCredentials, msPKIDPAPIMasterKeys,msPKIRoamingTimeStamp, msDS-SupportedEncryptionTypes,msDS-SecondaryKrbTgtNumber, pager, o, mobile, manager, mail,initials, homePhone, businessCategory, userCertificate,userWorkstations, userSharedFolderOther, userSharedFolder,userPrincipalName, userParameters, userAccountControl, unicodePwd,terminalServer, servicePrincipalName, scriptPath, pwdLastSet,profilePath, primaryGroupID, preferredOU, otherLoginWorkstations,operatorCount, ntPwdHistory, networkAddress, msRASSavedFramedRoute,msRASSavedFramedIPAddress, msRASSavedCallbackNumber,msRADIUSServiceType, msRADIUSFramedRoute, msRADIUSFramedIPAddress,msRADIUSCallbackNumber, msNPSavedCallingStationID,msNPCallingStationID, msNPAllowDialin, mSMQSignCertificatesMig,mSMQSignCertificates, mSMQDigestsMig, mSMQDigests, msIIS-FTPRoot,msIIS-FTPDir, msDS-User-Account-Control-Computed,msDS-Site-Affinity, mS-DS-CreatorSID,msDS-Cached-Membership-Time-Stamp, msDS-Cached-Membership,msDRM-IdentityCertificate, msCOM-UserPartitionSetLink, maxStorage,logonWorkstation, logonHours, logonCount, lockoutTime, localeID,lmPwdHistory, lastLogonTimestamp, lastLogon, lastLogoff, homeDrive,homeDirectory, groupsToIgnore, groupPriority, groupMembershipSAM,dynamicLDAPServer, desktopProfile, defaultClassStore, dBCSPwd,controlAccessRights, codePage, badPwdCount, badPasswordTime,adminCount, aCSPolicyName, accountExpires
+schemaIdGuid:bf967aba-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422-11d1-aebd-0000f80367c1;;S-1-5-32-561)(OA;;WPRP;5805bc62-bdc9-4428-a5e2-856a0f4c185e;;S-1-5-32-561)
+systemPossSuperiors: builtinDomain, organizationalUnit, domainDNS
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Volume
+ldapDisplayName: volume
+governsId: 1.2.840.113556.1.5.36
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: connectionPoint
+systemMustContain: uNCName
+systemMayContain: lastContentIndexed, contentIndexingAllowed
+systemPossSuperiors: organizationalUnit, domainDNS
+schemaIdGuid:bf967abb-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Volume,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
diff --git a/source4/setup/ad-schema/licence.txt b/source4/setup/ad-schema/licence.txt
new file mode 100644
index 0000000..6362e84
--- /dev/null
+++ b/source4/setup/ad-schema/licence.txt
@@ -0,0 +1,7 @@
+NOTE:
+
+The licence on these schema files is not GPL, or a standard Open
+Source licence.  Be careful to redistribute these files as part of
+Samba or 'your implementation', but not alone.
+
+See each file for it's licence from Microsoft.
diff --git a/source4/setup/adprep/README.txt b/source4/setup/adprep/README.txt
new file mode 100644
index 0000000..3f6c187
--- /dev/null
+++ b/source4/setup/adprep/README.txt
@@ -0,0 +1,43 @@
+The following files in the WindowsServerDocs folder have been sourced from a
+Microsoft Github repository.
+
+project: https://github.com/MicrosoftDocs/windowsserverdocs/
+
+License files (LICENSE and LICENSE-CODE) have also been included in the
+./WindowsServerDocs directory for reference.
+
+
+===============================================================================
+
+The Schema updates file is taken from this repository:
+
+file: WindowsServerDocs/identity/ad-ds/deploy/Schema-Updates.md
+
+./WindowsServerDocs/Schema-Updates.md is our current version of the file
+(last updated Jun 1, 2017, commit SHA f79755b75d2810b8a4).
+
+The ms_schema_markdown.py script was then used to produce the .ldf files.
+
+However, this schema didn't work. The ./WindowsServerDocs/*.diff files are the
+changes we made on top of this to get the schema working on Samba. If you are
+re-generating the .ldf files, to apply the patches, use:
+
+for p in `ls WindowsServerDocs/*.diff` ; do patch -p 1 < $p ; done
+
+All this is handled at runtime in the provision code, so that we do
+not store patched generated files in git (an alternative would have
+been to patch the original markdown).
+
+
+===============================================================================
+
+The Forest Wide updates file is taken from this repository:
+
+file: WindowsServerDocs/identity/ad-ds/deploy/RODC/Forest-Wide-Updates.md
+
+./WindowsServerDocs/Forest-Wide-Updates.md is our current version of the file
+(last updated Dec 15, 2017, commit SHA f209fb9101ee87107).
+
+The ms_forest_updates_markdown.py script is used to extract the add portions of
+the updates. The rest are handled manually in forest_updates.py by interpreting
+this documentation (as they are not as well-structured).
diff --git a/source4/setup/adprep/WindowsServerDocs/Domain-Wide-Updates.md.unused b/source4/setup/adprep/WindowsServerDocs/Domain-Wide-Updates.md.unused
new file mode 100644
index 0000000..c3d3502
--- /dev/null
+++ b/source4/setup/adprep/WindowsServerDocs/Domain-Wide-Updates.md.unused
@@ -0,0 +1,58 @@
+---
+ms.assetid: 2a5d5271-6ac6-4c1b-b4ef-9b568932a55a
+title: Active Directory domain-wide schema updates
+description: Domain-wide schema updates performed by adprep /domainprep when promoting a Domain Controller
+author: iainfoulds
+ms.author: daveba
+manager: daveba
+ms.date: 10/29/2018
+ms.topic: article
+---
+# Domain-wide schema updates
+
+>Applies to: Windows Server 2022, Windows Server 2019, Windows Server
+
+You can review the following set of changes to help understand and prepare for the schema updates that are performed by adprep /domainprep in Windows Server.
+
+Beginning in Windows Server 2012, Adprep commands run automatically as needed during AD DS installation. They can also be run separately in advance of AD DS installation. For more information, see [Running Adprep.exe](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd464018(v=ws.10)).
+
+For more information about how to interpret the access control entry (ACE) strings, see [ACE strings](/windows/win32/secauthz/ace-strings). For more information about how to interpret the security ID (SID) strings, see [SID strings](/windows/win32/secauthz/sid-strings).
+
+## Windows Server (Semi-Annual Channel): Domain-wide updates
+
+After the operations that are performed by **domainprep** in Windows Server 2016 (operation 89) complete, the **revision** attribute for the CN=ActiveDirectoryUpdate,CN=DomainUpdates,CN=System,DC=ForestRootDomain object is set to **16**.
+
+|Operations number and GUID|Description|Permissions|
+|------------------------------|---------------|--------------|---------------|
+|**Operation 89**: {A0C238BA-9E30-4EE6-80A6-43F731E9A5CD}|Delete the ACE granting Full Control to Enterprise Key Admins and add an ACE granting Enterprise Key Admins Full Control over just the msdsKeyCredentialLink attribute.|Delete (A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;Enterprise Key Admins) <br /> <br />Add (OA;CI;RPWP;5b47d60f-6090-40b2-9f37-2a4de88f3063;;Enterprise Key Admins)|
+
+## Windows Server 2016: Domain-wide updates
+
+After the operations that are performed by **domainprep** in Windows Server 2016 (operations 82-88) complete, the **revision** attribute for the CN=ActiveDirectoryUpdate,CN=DomainUpdates,CN=System,DC=ForestRootDomain object is set to **15**.
+
+|Operations number and GUID|Description|Attributes|Permissions|
+|------------------------------|---------------|--------------|---------------|
+|**Operation 82**: {83C53DA7-427E-47A4-A07A-A324598B88F7}|Create CN=Keys container at root of domain|- objectClass: container<br />- description: Default container for key credential objects<br />- ShowInAdvancedViewOnly: TRUE|(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)<br />(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)<br />(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)<br />(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DD)<br />(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;ED)|
+|**Operation 83**: {C81FC9CC-0130-4FD1-B272-634D74818133}|Add Full Control allow aces to CN=Keys container for "domain\Key Admins" and "rootdomain\Enterprise Key Admins".|N/A|(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;Key Admins)<br />(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;Enterprise Key Admins)|
+|**Operation 84**: {E5F9E791-D96D-4FC9-93C9-D53E1DC439BA}|Modify otherWellKnownObjects attribute to point to the CN=Keys container.|- otherWellKnownObjects: B:32:683A24E2E8164BD3AF86AC3C2CF3F981:CN=Keys,%ws|N/A|
+|**Operation 85**: {e6d5fd00-385d-4e65-b02d-9da3493ed850}|Modify the domain NC to permit "domain\Key Admins" and "rootdomain\Enterprise Key Admins" to modify the msds-KeyCredentialLink attribute. |N/A|(OA;CI;RPWP;5b47d60f-6090-40b2-9f37-2a4de88f3063;;Key Admins)<br />(OA;CI;RPWP;5b47d60f-6090-40b2-9f37-2a4de88f3063;;Enterprise Key Admins in root domain, but in non-root domains resulted in a bogus domain-relative ACE with a non-resolvable -527 SID)|
+|**Operation 86**: {3a6b3fbf-3168-4312-a10d-dd5b3393952d}|Grant the DS-Validated-Write-Computer CAR to creator owner and self|N/A|(OA;CIIO;SW;9b026da6-0d3c-465c-8bee-5199d7165cba;bf967a86-0de6-11d0-a285-00aa003049e2;PS)<br />(OA;CIIO;SW;9b026da6-0d3c-465c-8bee-5199d7165cba;bf967a86-0de6-11d0-a285-00aa003049e2;CO)|
+|**Operation 87**: {7F950403-0AB3-47F9-9730-5D7B0269F9BD}|Delete the ACE granting Full Control to the incorrect domain-relative Enterprise Key Admins group, and add an ACE granting Full Control to Enterprise Key Admins group. |N/A|Delete (A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;Enterprise Key Admins)<br /> <br />Add (A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;Enterprise Key Admins)|
+|**Operation 88**: {434bb40d-dbc9-4fe7-81d4-d57229f7b080}|Add "msDS-ExpirePasswordsOnSmartCardOnlyAccounts" on the domain NC object and set default value to FALSE|N/A|N/A|
+
+The Enterprise Key Admins and Key Admins groups are only created after a Windows Server 2016 Domain Controller is promoted and takes over the PDC Emulator FSMO role.
+
+## Windows Server 2012 R2: Domain-wide updates
+
+Although no operations are performed by **domainprep** in Windows Server 2012 R2, after the command completes, the **revision** attribute for the CN=ActiveDirectoryUpdate,CN=DomainUpdates,CN=System,DC=ForestRootDomain object is set to **10**.
+
+## Windows Server 2012: Domain-wide updates
+
+After the operations that are performed by **domainprep** in Windows Server 2012 (operations 78, 79, 80, and 81) complete, the **revision** attribute for the CN=ActiveDirectoryUpdate,CN=DomainUpdates,CN=System,DC=ForestRootDomain object is set to **9**.
+
+|Operations number and GUID|Description|Attributes|Permissions|
+|------------------------------|---------------|--------------|---------------|
+|**Operation 78**: {c3c927a6-cc1d-47c0-966b-be8f9b63d991}|Create a new object CN=TPM Devices in the Domain partition.|Object class: msTPM-InformationObjectsContainer|N/A|
+|**Operation 79**: {54afcfb9-637a-4251-9f47-4d50e7021211}|Created an access control entry for the TPM service.|N/A|(OA;CIIO;WP;ea1b7b93-5e48-46d5-bc6c-4df4fda78a35;bf967a86-0de6-11d0-a285-00aa003049e2;PS)|
+|**Operation 80**: {f4728883-84dd-483c-9897-274f2ebcf11e}|Grant "Clone DC" extended right to **Cloneable Domain Controllers** group|N/A|(OA;;CR;3e0f7e18-2c7a-4c10-ba82-4d926db99a3e;;*domain SID*-522)|
+|**Operation 81**: {ff4f9d27-7157-4cb0-80a9-5d6f2b14c8ff}|Grant ms-DS-Allowed-To-Act-On-Behalf-Of-Other-Identity to Principal Self on all objects.|N/A|(OA;CIOI;RPWP;3f78c3e5-f79a-46bd-a0b8-9d18116ddc79;;PS)|
diff --git a/source4/setup/adprep/WindowsServerDocs/Forest-Wide-Updates.md b/source4/setup/adprep/WindowsServerDocs/Forest-Wide-Updates.md
new file mode 100644
index 0000000..49d5201
--- /dev/null
+++ b/source4/setup/adprep/WindowsServerDocs/Forest-Wide-Updates.md
@@ -0,0 +1,98 @@
+---
+description: "Learn more about: Forest-Wide Updates"
+ms.assetid: 3647b7e3-54a4-46c6-ab68-82fcf3bfacda
+title: Active Directory Forest-Wide Updates
+author: iainfoulds
+ms.author: daveba
+manager: daveba
+ms.date: 10/29/2018
+ms.topic: article
+---
+# Forest-Wide Updates
+
+>Applies to: Windows Server 2022, Windows Server 2019, Windows Server
+
+You can review the following set of changes to help understand and prepare for the schema updates that are performed by adprep /forestprep in Windows Server 2019.
+
+Beginning in Windows Server 2012, Adprep commands run automatically as needed during AD DS installation. They can also be run separately in advance of AD DS installation. For more information, see [Running Adprep.exe](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd464018(v=ws.10)).
+
+For more information about how to interpret the access control entry (ACE) strings, see [ACE strings](/windows/win32/secauthz/ace-strings). For more information about how to interpret the security ID (SID) strings, see [SID strings](/windows/win32/secauthz/sid-strings).
+
+## Windows Server 2016: Forest-wide updates
+
+After the operations that are performed by the **forestprep** command in Windows Server 2016 (operations 136-142) are complete, the **revision** attribute for the CN=ActiveDirectoryUpdate,CN=ForestUpdates,CN=Configuration,DC=ForestRootDomain object is set to **16**.
+
+| Operation number and GUID | Description | Attributes | Permissions |
+|--|--|--|--|
+| **Operation 136**: {328092FB-16E7-4453-9AB8-7592DB56E9C4} | Granting the "CN=Send-As,CN=Extended-Rights" to gMSA accounts. | N/A | N/A |
+| **Operation 137**: {3A1C887F-DF0A-489F-B3F2-2D0409095F6E} | Granting the "CN=Receive-As,CN=Extended-Rights" to gMSA accounts. | N/A | N/A |
+| **Operation 138**: {232E831F-F988-4444-8E3E-8A352E2FD411} | Granting the "CN=Personal-Information,CN=Extended-Rights" to gMSA accounts. | N/A | N/A |
+| **Operation 139**: {DDDDCF0C-BEC9-4A5A-AE86-3CFE6CC6E110} | Granting the "CN=Public-Information,CN=Extended-Rights" to gMSA accounts. | N/A | N/A |
+| **Operation 140**: {A0A45AAC-5550-42DF-BB6A-3CC5C46B52F2} | Granting the "CN=Validated-SPN,CN=Extended-Rights" to gMSA accounts. | N/A | N/A |
+| **Operation 141**: {3E7645F3-3EA5-4567-B35A-87630449C70C} | Granting the "CN=Allowed-To-Authenticate,CN=Extended-Rights" to gMSA accounts. | N/A | N/A |
+| **Operation 142**: {E634067B-E2C4-4D79-B6E8-73C619324D5E} | Granting the "CN=MS-TS-GatewayAccess,CN=Extended-Rights" to gMSA accounts. | N/A | N/A |
+
+## Windows Server 2012 R2: Forest-wide updates
+
+After the operations that are performed by the **forestprep** command in Windows Server 2012 R2 (operations 131-135) are complete, the **revision** attribute for the CN=ActiveDirectoryUpdate,CN=ForestUpdates,CN=Configuration,DC=ForestRootDomain object is set to **15**.
+
+| Operation number and GUID | Description | Attributes | Permissions |
+|--|--|--|--|
+| **Operation 131**: {b83818c1-01a6-4f39-91b7-a3bb581c3ae3} | Created a new authentication policy configuration container object CN=AuthN Policy Configuration,CN=Services in the Configuration partition. | -   objectClass: container<br />-   displayName: Authentication Policy Configuration<br />-   description: Contains configuration for authentication policy.<br />-   showInAdvancedViewOnly: True | (A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
+| **Operation 132**: {bbbb9db0-4009-4368-8c40-6674e980d3c3} | Created a new authentication policies object CN=AuthN Policies,CN=AuthN Policy Configuration,CN=Services in the Configuration partition. | -   objectClass: msDS-AuthNPolicies<br />-   displayName: Authentication Policies<br />-   description: Contains authentication policy objects.<br />-   showInAdvancedViewOnly: True | (A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)<br />(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)<br />(A;;RPLCLORC;;;AU) |
+| **Operation 133**: {f754861c-3692-4a7b-b2c2-d0fa28ed0b0b} | Created a new authentication policy silos object CN=AuthN Silos,CN=AuthN Policy Configuration,CN=Services in the Configuration partition. | -   objectClass: msDS-AuthNPolicySilos<br />-   displayName: Authentication Policy Silos<br />-   description: Contains authentication policy silo objects.<br />-   showInAdvancedViewOnly: True | (A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)<br />(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)<br />(A;;RPLCLORC;;;AU) |
+| **Operation 134**: {d32f499f-3026-4af0-a5bd-13fe5a331bd2} | Created a new authentication silo claim type object CN=ad://ext/AuthenticationSilo,CN=Claim Types,CN=Claims Configuration,CN=Services in the Configuration partition. | -   objectClass: msDS-ClaimType<br />-   displayname: AuthenticationSilo<br />-   name: ad://ext/AuthenticationSilo<br />-   Enabled: True<br />-   msDS-ClaimIsValueSpaceRestricted: True<br />-   msDS-ClaimIsSingleValued: True<br />-   msDS-ClaimSourceType: Constructed<br />-   msDS-ClaimValueType: 3<br />-   msDS-ClaimTypeAppliesToClass: CN=User,CN=Schema,%ws<br />-   msDS-ClaimTypeAppliesToClass: CN=Computer,CN=Schema,%ws<br />-   msDS-ClaimTypeAppliesToClass: CN=ms-DS-Managed-Service-Account,CN=Schema,%ws<br />-   msDS-ClaimTypeAppliesToClass: CN=ms-DS-Group-Managed-Service-Account,CN=Schema,%ws | (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)<br />(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)<br />(A;;RPLCLORC;;;AU) |
+| **Operation 135**: {38618886-98ee-4e42-8cf1-d9a2cd9edf8b} | Set the msDS-ClaimIsValueSpaceRestricted attribute on new authentication silo claim type to false | -   msDS-ClaimIsValueSpaceRestricted: False | N/A |
+
+## Windows Server 2012: Forest-wide updates
+
+After the operations that are performed by the **forestprep** command in Windows Server 2012 (operations 84-130) are complete, the **revision** attribute for the CN=ActiveDirectoryUpdate,CN=ForestUpdates,CN=Configuration,DC=ForestRootDomain object is set to **11**.
+
+|Operation number and GUID|Description|Attributes|Permissions|
+|-----------------------------|---------------|--------------|---------------|
+|**Operation 84**: {4664e973-cb20-4def-b3d5-559d6fe123e0}|Created a new container CN=Claims Configuration,CN=Services in the Configuration partition.|-   objectClass: container|(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 85**: {2972d92d-a07a-44ac-9cb0-bf243356f345}|Created a new object CN=Claim Types,CN=Claims Configuration,CN=Services in the Configuration partition.|-   objectClass: msDS-ClaimTypes<br />-   showInAdvancedViewOnly: True|(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCDCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 86**: {09a49cb3-6c54-4b83-ab20-8370838ba149}|Created a new object CN=Resource Properties,CN=Claims Configuration,CN=Services in the Configuration partition.|-   objectClass: msDS-ResourceProperties<br />-   showInAdvancedViewOnly: True|(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCDCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 87**: {77283e65-ce02-4dc3-8c1e-bf99b22527c2}|Created a new container CN=Resource Property Lists,CN=Claims Configuration,CN=Services in the Configuration partition.|-   objectClass: container<br />-   showInAdvancedViewOnly: True|(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCDCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 88**: {0afb7f53-96bd-404b-a659-89e65c269420}|Created a new object CN=Sam-Domain in the Schema partition.|N/A|Created the following access control entry (ACE) to grant Write Property to Principal Self on the object:<p>(OA;CIIO;WP;ea1b7b93-5e48-46d5-bc6c-4df4fda78a35;bf967a86-0de6-11d0-a285-00aa003049e2;PS)|
+|**Operation 89**: {c7f717ef-fdbe-4b4b-8dfc-fa8b839fbcfa}|Created a new object CN=Domain-DNS in the Schema partition.|N/A|Created the following access control entry (ACE) to grant Write Property to Principal Self on the object:<p>(OA;CIIO;WP;ea1b7b93-5e48-46d5-bc6c-4df4fda78a35;bf967a86-0de6-11d0-a285-00aa003049e2;PS)|
+|**Operation 90**: {00232167-f3a4-43c6-b503-9acb7a81b01c}|Call back function to upgrade display specifiers.|N/A|N/A|
+|**Operation 91**: {73a9515b-511c-44d2-822b-444a33d3bd33}|Created a new container CN=Microsoft SPP,CN=Services in the Configuration partition.|-   objectClass: container<br />-   showInAdvancedViewOnly: True|(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 92**: {e0c60003-2ed7-4fd3-8659-7655a7e79397}|Created a new Activation Objects container CN=Activation Objects,CN=Microsoft SPP,CN=Services in the Configuration partition.|-   objectClass: msSPP-ActivationObjectsContainer<br />-   showInAdvancedViewOnly: True|(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 93**: {ed0c8cca-80ab-4b6b-ac5a-59b1d317e11f}|Created a new Central Access Policies container CN=Central Access Policies,CN=Claims Configuration,CN=Services in the Configuration partition.|-   objectClass: msAuthz-CentralAccessPolicies<br />-   showInAdvancedViewOnly: True|(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCDCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 94**: {b6a6c19a-afc9-476b-8994-61f5b14b3f05}|Created a new Central Access Policy Entries container CN=Central Access Rules,CN=Claims Configuration,CN=Services in the Configuration partition.|-   objectClass: msAuthz-CentralAccessRules<br />-   showInAdvancedViewOnly: True|(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCDCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 95**: {defc28cd-6cb6-4479-8bcb-aabfb41e9713}|Created a new Group Key Distribution service container CN=Group Key Distribution Service,CN=Services in the Configuration partition.|-   objectClass: container<br />-   description: The container contains configuration and data for Group Key Distribution Service.<br />-   showInAdvancedViewOnly: True|(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 96**: {d6bd96d4-e66b-4a38-9c6b-e976ff58c56d}|Created a new Master Root Keys container CN=Master Root Keys,CN=Group Key Distribution Service,CN=Services in the Configuration partition.|-   objectClass: container<br />-   description: The container contains master root keys for Group Key Distribution Service.<br />-   showInAdvancedViewOnly: True|(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 97**: {bb8efc40-3090-4fa2-8a3f-7cd1d380e695}|Created a new Server Configuration container CN=Server Configuration,CN=Group Key Distribution Service,CN=Services in the Configuration partition.|-   objectClass: container<br />-   description: The container contains Group Key Distribution Service configurations.<br />-   showInAdvancedViewOnly: True|(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 98**: {2d6abe1b-4326-489e-920c-76d5337d2dc5}|Created a new Empty server configuration objects container CN=Group Key Distribution Service Server Configuration,CN=Server Configuration,CN=Group Key Distribution Service,CN=Services in the Configuration partition.|-   objectClass: msKds-ProvServerConfiguration<br />-   description: The configuration of cryptography algorithms used by Group Key Distribution Service.<br />-   msKds-Version: 1<br />-   showInAdvancedViewOnly: True|(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 99**: {6b13dfb5-cecc-4fb8-b28d-0505cea24175}|Created a new Claims Transformation Policies configuration container CN=Claims Transformation Policies,CN=Claims Configuration,CN=Services in the Configuration partition.|-   objectClass: msDS-ClaimsTransformationPolicies<br />-   showInAdvancedViewOnly: True|(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCDCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 100**: {92e73422-c68b-46c9-b0d5-b55f9c741410}|Created a new Value Types configuration container CN=Value Types,CN=Claims Configuration,CN=Services in the Configuration partition.|-   objectClass: container<br />-   showInAdvancedViewOnly: True|(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 101**: {c0ad80b4-8e84-4cc4-9163-2f84649bcc42}|Created a new SinglevaluedChoice value type configuration object CN=MS-DS-SinglevaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services in the Configuration partition.|-   objectClass: msDS-ValueType<br />-   description: You can use this type to author a resource property. When assigning value to a resource property of this value type, a user can choose only one entry from a list of suggested values.<br />-   displayname: Single-valued Choice<br />-   msDS-ClaimValueType: 3<br />-   msDS-ClaimIsValueSpaceRestricted: True<br />-   msDS-ClaimIsSingleValued: True<br />-   msDS-IsPossibleValuesPresent: True<br />-   showInAdvancedViewOnly: True|(D;;SDDT;;;WD)<br />(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 102**: {992fe1d0-6591-4f24-a163-c820fcb7f308}|Created a new YesNo value type configuration object CN=MS-DS-YesNo,CN=Value Types,CN=Claims Configuration,CN=Services in the Configuration partition.|-   objectClass: msDS-ValueType<br />-   description: The valid values for this type are Yes or No.<br />-   displayname: Yes/No<br />-   msDS-ClaimValueType: 6<br />-   msDS-ClaimIsValueSpaceRestricted: False<br />-   msDS-ClaimIsSingleValued: True<br />-   msDS-IsPossibleValuesPresent: False<br />-   showInAdvancedViewOnly: True|(D;;SDDT;;;WD)<br />(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 103**: {ede85f96-7061-47bf-b11b-0c0d999595b5}|Created a new Number value type configuration object CN=MS-DS-Number,CN=Value Types,CN=Claims Configuration,CN=Services in the Configuration partition.|-   objectClass: msDS-ValueType<br />-   description: You can use this type to author resource properties that contain a single number.<br />-   displayname: Number<br />-   msDS-ClaimValueType: 1<br />-   msDS-ClaimIsValueSpaceRestricted: False<br />-   msDS-ClaimIsSingleValued: True<br />-   msDS-IsPossibleValuesPresent: False<br />-   showInAdvancedViewOnly: True|(D;;SDDT;;;WD)<br />(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 104**: {ee0f3271-eb51-414a-bdac-8f9ba6397a39}|Created a new DateTime value type configuration object CN=MS-DS-DateTime,CN=Value Types,CN=Claims Configuration,CN=Services in the Configuration partition.|-   objectClass: msDS-ValueType<br />-   description: You can use this type to author resource properties that are of the date and time format.<br />-   displayname: Date Time<br />-   msDS-ClaimValueType: 1<br />-   msDS-ClaimIsValueSpaceRestricted: False<br />-   msDS-ClaimIsSingleValued: True<br />-   msDS-IsPossibleValuesPresent: False<br />-   showInAdvancedViewOnly: True|(D;;SDDT;;;WD)<br />(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 105**: {587d52e0-507e-440e-9d67-e6129f33bb68}|Created a new OrderedList value type configuration object CN=MS-DS-OrderedList,CN=Value Types,CN=Claims Configuration,CN=Services in the Configuration partition.|-   objectClass: msDS-ValueType<br />-   description: You can use this type to author resource properties that contain a single choice entry that can be compared to other resource properties of the same type. A user typically chooses the entry from a list of ordered suggested values that are provided by ms-DS-Claim-Possible-Values on the resource properties.<br />-   displayname: Ordered List<br />-   msDS-ClaimValueType: 1<br />-   msDS-ClaimIsValueSpaceRestricted: True<br />-   msDS-ClaimIsSingleValued: True<br />-   msDS-IsPossibleValuesPresent: True<br />-   showInAdvancedViewOnly: True|(D;;SDDT;;;WD)<br />(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 106**: {ce24f0f6-237e-43d6-ac04-1e918ab04aac}|Created a new Text value type configuration object CN=MS-DS-Text,CN=Value Types,CN=Claims Configuration,CN=Services in the Configuration partition.|-   objectClass: msDS-ValueType<br />-   description: You can use this type to author resource properties that contain a single text entry.<br />-   displayname: Text<br />-   msDS-ClaimValueType: 3<br />-   msDS-ClaimIsValueSpaceRestricted: False<br />-   msDS-ClaimIsSingleValued: True<br />-   msDS-IsPossibleValuesPresent: False<br />-   showInAdvancedViewOnly: True|(D;;SDDT;;;WD)<br />(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 107**: {7f77d431-dd6a-434f-ae4d-ce82928e498f}|Created a new MultivaluedText value type configuration object CN=MS-DS-MultivaluedText,CN=Value Types,CN=Claims Configuration,CN=Services in the Configuration partition.|-   objectClass: msDS-ValueType<br />-   description: You can use this type to author resource properties that can have multiple text entries.<br />-   displayname: Multi-valued Text<br />-   msDS-ClaimValueType: 3<br />-   msDS-ClaimIsValueSpaceRestricted: False<br />-   msDS-ClaimIsSingleValued: False<br />-   msDS-IsPossibleValuesPresent: False<br />-   showInAdvancedViewOnly: True|(D;;SDDT;;;WD)<br />(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 108**: {ba14e1f6-7cd1-4739-804f-57d0ea74edf4}|Created a new MultivaluedChoice value type configuration object CN=MS-DS-MultivaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services in the Configuration partition.|-   objectClass: msDS-ValueType<br />-   description: You can use this type to author resource properties that can have multiple entries that cannot be compared. A user typically chooses each entry from a list of suggested values that are provided by ms-DS-Claim-Possible-Values on the resource properties.<br />-   displayname: Multi-valued Choice<br />-   msDS-ClaimValueType: 3<br />-   msDS-ClaimIsValueSpaceRestricted: True<br />-   msDS-ClaimIsSingleValued: False<br />-   msDS-IsPossibleValuesPresent: True<br />-   showInAdvancedViewOnly: True|(D;;SDDT;;;WD)<br />(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 109**: {156ffa2a-e07c-46fb-a5c4-fbd84a4e5cce}|Created a new Personally Identifiable Information resource property object CN=PII_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services in the Configuration partition.|-   objectClass: msDS-ResourceProperty<br />-   description: The Personally Identifiable Information (PII) property specifies whether the resource contains PII and if it does, what the sensitivity level of that information is.<br />-   displayname: Personally Identifiable Information<br />-   Enabled: False<br />-   msDS-IsUsedAsResourceSecurityAttribute: True<br />-   msDS-ValueTypeReference: CN=MS-DS-OrderedList,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>|(D;;SDDT;;;WD)<br />(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 110**: {7771d7dd-2231-4470-aa74-84a6f56fc3b6}|Created a new Protected Health Information resource property object CN=ProtectedHealthInformation_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services in the Configuration partition.|-   objectClass: msDS-ResourceProperty<br />-   description: The Protected Health Information (PHI) property specifies whether the resource contains any data related to an individual's medical record or medical payment history.<br />-   displayname: Protected Health Information<br />-   Enabled: False<br />-   msDS-IsUsedAsResourceSecurityAttribute: True<br />-   msDS-ValueTypeReference: CN=MS-DS-YesNo,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>|(D;;SDDT;;;WD)<br />(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 111**: {49b2ae86-839a-4ea0-81fe-9171c1b98e83}|Created a new Required Clearance resource property object CN=RequiredClearance_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services in the Configuration partition.|-   objectClass: msDS-ResourceProperty<br />-   description: The Required Clearance property specifies the level of clearance a user should possess before attempting to access the resource.<br />-   displayname: Required Clearance<br />-   Enabled: False<br />-   msDS-IsUsedAsResourceSecurityAttribute: True<br />-   msDS-ValueTypeReference: CN=MS-DS-OrderedList,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>|(D;;SDDT;;;WD)<br />(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 112**: {1b1de989-57ec-4e96-b933-8279a8119da4}|Created a new Confidentiality resource property object CN=Confidentiality_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services in the Configuration partition.|-   objectClass: msDS-ResourceProperty<br />-   description: The Confidentiality property specifies the level of confidentiality of the resource, and the potential impact of inadvertent access or disclosure.<br />-   displayname: Confidentiality<br />-   Enabled: False<br />-   msDS-IsUsedAsResourceSecurityAttribute: True<br />-   msDS-ValueTypeReference: CN=MS-DS-OrderedList,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>|(D;;SDDT;;;WD)<br />(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 113**: {281c63f0-2c9a-4cce-9256-a238c23c0db9}|Created a new Compliancy resource property object CN=Compliancy_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services in the Configuration partition.|-   objectClass: msDS-ResourceProperty<br />-   description: The Compliancy property specifies the compliance frameworks that apply to the resource.<br />-   displayname: Compliancy<br />-   Enabled: False<br />-   msDS-IsUsedAsResourceSecurityAttribute: True<br />-   msDS-ValueTypeReference: CN=MS-DS-MultivaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>|(D;;SDDT;;;WD)<br />(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 114**: {4c47881a-f15a-4f6c-9f49-2742f7a11f4b}|Created a new Discoverability resource property object CN=Discoverability_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services in the Configuration partition.|-   objectClass: msDS-ResourceProperty<br />-   description: The Discoverability property specifies whether the resource contains potential evidence that might require disclosure to opposing legal counsel during the course of current or future litigation.<br />-   displayname: Discoverability<br />-   Enabled: False<br />-   msDS-IsUsedAsResourceSecurityAttribute: True<br />-   msDS-ValueTypeReference: CN=MS-DS-SinglevaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>|(D;;SDDT;;;WD)<br />(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 115**: {2aea2dc6-d1d3-4f0c-9994-66c1da21de0f}|Created a new Immutable resource property object CN=Immutable_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services in the Configuration partition.|-   objectClass: msDS-ResourceProperty<br />-   description: The Immutable property specifies whether a user should be allowed to delete a resource or change its contents.<br />-   displayname: Immutable<br />-   Enabled: False<br />-   msDS-IsUsedAsResourceSecurityAttribute: True<br />-   msDS-ValueTypeReference: CN=MS-DS-YesNo,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>|(D;;SDDT;;;WD)<br />(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 116**: {ae78240c-43b9-499e-ae65-2b6e0f0e202a}|Created a new Intellectual Property resource property object CN=IntellectualProperty_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services in the Configuration partition.|-   objectClass: msDS-ResourceProperty<br />-   description: The Intellectual Property (IP) property specifies whether the resource contains IP, and if so, what kind.<br />-   displayname: Intellectual Property<br />-   Enabled: False<br />-   msDS-IsUsedAsResourceSecurityAttribute: True<br />-   msDS-ValueTypeReference: CN=MS-DS-SinglevaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>|(D;;SDDT;;;WD)<br />(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 117**: {261b5bba-3438-4d5c-a3e9-7b871e5f57f0}|Created a new Department resource property object CN=Department_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services in the Configuration partition.|-   objectClass: msDS-ResourceProperty<br />-   description: The Department property specifies the name of the department to which  the resource belongs.<br />-   displayname: Department<br />-   Enabled: False<br />-   msDS-IsUsedAsResourceSecurityAttribute: True<br />-   msDS-ValueTypeReference: CN=MS-DS-SinglevaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>|(D;;SDDT;;;WD)<br />(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 118**: {3fb79c05-8ea1-438c-8c7a-81f213aa61c2}|Created a new Impact resource property object CN=Impact_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services in the Configuration partition.|-   objectClass: msDS-ResourceProperty<br />-   description: The Impact property specifies the degree of organizational impact from inappropriate access or loss of the resource.<br />-   displayname: Impact<br />-   Enabled: False<br />-   msDS-IsUsedAsResourceSecurityAttribute: True<br />-   msDS-ValueTypeReference: CN=MS-DS-OrderedList,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain<br />-   msDS-ClaimPossibleValues: High - High business impact (HBI) - 3000, Moderate - Medium business impact (MBI) - 2000, Low - Low business impact (LBI) - 1000>|(D;;SDDT;;;WD)<br />(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 119**: {0b2be39a-d463-4c23-8290-32186759d3b1}|Created a new Personal Use resource property object CN=PersonalUse_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services in the Configuration partition.|-   objectClass: msDS-ResourceProperty<br />-   description: The Personal Use property specifies whether the file is for personal use (not business related).<br />-   displayname: Personal Use<br />-   Enabled: False<br />-   msDS-IsUsedAsResourceSecurityAttribute: True<br />-   msDS-ValueTypeReference: CN=MS-DS-YesNo,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>|(D;;SDDT;;;WD)<br />(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 120**: {f0842b44-bc03-46a1-a860-006e8527fccd}|Created a new Project resource property object CN=Project_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services in the Configuration partition.|-   objectClass: msDS-ResourceProperty<br />-   description: The Project property specifies the names of one or more projects that are relevant to the resource.<br />-   displayname: Project<br />-   Enabled: False<br />-   msDS-IsUsedAsResourceSecurityAttribute: True<br />-   msDS-ValueTypeReference: CN=MS-DS-MultivaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>|(D;;SDDT;;;WD)<br />(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 121**: {93efec15-4dd9-4850-bc86-a1f2c8e2ebb9}|Created a new Retention Period resource property object CN=RetentionPeriod_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services in the Configuration partition.|-   objectClass: msDS-ResourceProperty<br />-   description: The Retention Period property specifies the maximum period for which the file should be retained.<br />-   displayname: Retention Period<br />-   Enabled: False<br />-   msDS-IsUsedAsResourceSecurityAttribute: True<br />-   msDS-ValueTypeReference: CN=MS-DS-SinglevaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>|(D;;SDDT;;;WD)<br />(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 122**: {9e108d96-672f-40f0-b6bd-69ee1f0b7ac4}|Created a new Retention Start Date resource property object CN=RetentionStartDate_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services in the Configuration partition.|-   objectClass: msDS-ResourceProperty<br />-   description: The Retention Start Date property defines the starting date for a Retention Period. The retention period would begin on the Retention Start Date.<br />-   displayname: Retention Start Date<br />-   Enabled: False<br />-   msDS-IsUsedAsResourceSecurityAttribute: False<br />-   msDS-ValueTypeReference: CN=MS-DS-DateTime,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>|(D;;SDDT;;;WD)<br />(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 123**: {1e269508-f862-4c4a-b01f-420d26c4ff8c}|Created a new Company resource property object CN=Company_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services in the Configuration partition.|-   objectClass: msDS-ResourceProperty<br />-   description: The Company property specifies which company the resource belongs to.<br />-   displayname: Company<br />-   Enabled: False<br />-   msDS-IsUsedAsResourceSecurityAttribute: True<br />-   msDS-ValueTypeReference: CN=MS-DS-SinglevaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>|(D;;SDDT;;;WD)<br />(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 125**: {e1ab17ed-5efb-4691-ad2d-0424592c5755} **Note:** Operation 124 was deleted.|Created a new Folder Usage resource property object CN=FolderUsage_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services in the Configuration partition.|-   objectClass: msDS-ResourceProperty<br />-   description: The Folder Usage property specifies the purpose of the folder and the kind of files stored in it.<br />-   displayname: Folder Usage<br />-   Enabled: False<br />-   msDS-IsUsedAsResourceSecurityAttribute: False<br />-   msDS-AppliestoResourceTypes: MS-DS-Container<br />-   msDS-ValueTypeReference: CN=MS-DS-MultivaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>|(D;;SDDT;;;WD)<br />(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 126**: {0e848bd4-7c70-48f2-b8fc-00fbaa82e360}|Created a new Global Resource Property List configuration object CN=Global Resource Property List,CN=Resource Property Lists,CN=Claims Configuration,CN=Services in the Configuration partition.|-   objectClass: msDS-ResourcePropertyList<br />-   description: This is a global out of box resource property list that contains all resource properties that can be consumed by applications.<br />-   showInAdvancedViewOnly: True<br />-   msDS-MembersOfResourcePropertyList: CN=PII_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain><br />-   msDS-MembersOfResourcePropertyList: CN=ProtectedHealthInformation_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain><br />-   msDS-MembersOfResourcePropertyList: CN=RequiredClearance_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain><br />-   msDS-MembersOfResourcePropertyList: CN=Confidentiality_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain><br />-   msDS-MembersOfResourcePropertyList: CN=Compliancy_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain><br />-   msDS-MembersOfResourcePropertyList: CN=Discoverability_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain><br />-   msDS-MembersOfResourcePropertyList: CN=Immutable_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain><br />-   msDS-MembersOfResourcePropertyList: CN=IntellectualProperty_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain><br />-   msDS-MembersOfResourcePropertyList: CN=Department_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain><br />-   msDS-MembersOfResourcePropertyList: CN=Impact_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain><br />-   msDS-MembersOfResourcePropertyList: CN=PersonalUse_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain><br />-   msDS-MembersOfResourcePropertyList: CN=Project_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain><br />-   msDS-MembersOfResourcePropertyList: CN=RetentionPeriod_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain><br />-   msDS-MembersOfResourcePropertyList: CN=RetentionStartDate_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain><br />-   msDS-MembersOfResourcePropertyList: CN=Company_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain><br />-   msDS-MembersOfResourcePropertyList: CN=FolderUsage_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>|(D;;SDDT;;;WD)<br />(A;;RPLCLORC;;;AU)<br />(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)<br />(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)|
+|**Operation 127**: {016f23f7-077d-41fa-a356-de7cfdb01797}|Call back function to upgrade display specifiers.|N/A|N/A|
+|**Operation 128**: {49c140db-2de3-44c2-a99a-bab2e6d2ba81}|Updated strings for Folder Usage resource property object CN=FolderUsage_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services in the Configuration partition.|-   description: The Folder Usage property specifies the purpose of the folder and the kind of files stored in it.|N/A|
+|**Operation 129**: {e0b11c80-62c5-47f7-ad0d-3734a71b8312}|Added ACE to grant Principal Self Write Property and Read Property on CN=Sam-Domain object.|N/A|(OA;CIOI;RPWP;3f78c3e5-f79a-46bd-a0b8-9d18116ddc79;;PS)|
+|**Operation 130**: {2ada1a2d-b02f-4731-b4fe-59f955e24f71}|Added ACE to grant Principal Self Write Property and Read Property on CN=Domain-DNS object.|N/A|(OA;CIOI;RPWP;3f78c3e5-f79a-46bd-a0b8-9d18116ddc79;;PS)|
diff --git a/source4/setup/adprep/WindowsServerDocs/LICENSE b/source4/setup/adprep/WindowsServerDocs/LICENSE
new file mode 100644
index 0000000..a2c95fc
--- /dev/null
+++ b/source4/setup/adprep/WindowsServerDocs/LICENSE
@@ -0,0 +1,395 @@
+Attribution 4.0 International
+
+=======================================================================
+
+Creative Commons Corporation ("Creative Commons") is not a law firm and
+does not provide legal services or legal advice. Distribution of
+Creative Commons public licenses does not create a lawyer-client or
+other relationship. Creative Commons makes its licenses and related
+information available on an "as-is" basis. Creative Commons gives no
+warranties regarding its licenses, any material licensed under their
+terms and conditions, or any related information. Creative Commons
+disclaims all liability for damages resulting from their use to the
+fullest extent possible.
+
+Using Creative Commons Public Licenses
+
+Creative Commons public licenses provide a standard set of terms and
+conditions that creators and other rights holders may use to share
+original works of authorship and other material subject to copyright
+and certain other rights specified in the public license below. The
+following considerations are for informational purposes only, are not
+exhaustive, and do not form part of our licenses.
+
+     Considerations for licensors: Our public licenses are
+     intended for use by those authorized to give the public
+     permission to use material in ways otherwise restricted by
+     copyright and certain other rights. Our licenses are
+     irrevocable. Licensors should read and understand the terms
+     and conditions of the license they choose before applying it.
+     Licensors should also secure all rights necessary before
+     applying our licenses so that the public can reuse the
+     material as expected. Licensors should clearly mark any
+     material not subject to the license. This includes other CC-
+     licensed material, or material used under an exception or
+     limitation to copyright. More considerations for licensors:
+	wiki.creativecommons.org/Considerations_for_licensors
+
+     Considerations for the public: By using one of our public
+     licenses, a licensor grants the public permission to use the
+     licensed material under specified terms and conditions. If
+     the licensor's permission is not necessary for any reason--for
+     example, because of any applicable exception or limitation to
+     copyright--then that use is not regulated by the license. Our
+     licenses grant only permissions under copyright and certain
+     other rights that a licensor has authority to grant. Use of
+     the licensed material may still be restricted for other
+     reasons, including because others have copyright or other
+     rights in the material. A licensor may make special requests,
+     such as asking that all changes be marked or described.
+     Although not required by our licenses, you are encouraged to
+     respect those requests where reasonable. More_considerations
+     for the public: 
+	wiki.creativecommons.org/Considerations_for_licensees
+
+=======================================================================
+
+Creative Commons Attribution 4.0 International Public License
+
+By exercising the Licensed Rights (defined below), You accept and agree
+to be bound by the terms and conditions of this Creative Commons
+Attribution 4.0 International Public License ("Public License"). To the
+extent this Public License may be interpreted as a contract, You are
+granted the Licensed Rights in consideration of Your acceptance of
+these terms and conditions, and the Licensor grants You such rights in
+consideration of benefits the Licensor receives from making the
+Licensed Material available under these terms and conditions.
+
+
+Section 1 -- Definitions.
+
+  a. Adapted Material means material subject to Copyright and Similar
+     Rights that is derived from or based upon the Licensed Material
+     and in which the Licensed Material is translated, altered,
+     arranged, transformed, or otherwise modified in a manner requiring
+     permission under the Copyright and Similar Rights held by the
+     Licensor. For purposes of this Public License, where the Licensed
+     Material is a musical work, performance, or sound recording,
+     Adapted Material is always produced where the Licensed Material is
+     synched in timed relation with a moving image.
+
+  b. Adapter's License means the license You apply to Your Copyright
+     and Similar Rights in Your contributions to Adapted Material in
+     accordance with the terms and conditions of this Public License.
+
+  c. Copyright and Similar Rights means copyright and/or similar rights
+     closely related to copyright including, without limitation,
+     performance, broadcast, sound recording, and Sui Generis Database
+     Rights, without regard to how the rights are labeled or
+     categorized. For purposes of this Public License, the rights
+     specified in Section 2(b)(1)-(2) are not Copyright and Similar
+     Rights.
+
+  d. Effective Technological Measures means those measures that, in the
+     absence of proper authority, may not be circumvented under laws
+     fulfilling obligations under Article 11 of the WIPO Copyright
+     Treaty adopted on December 20, 1996, and/or similar international
+     agreements.
+
+  e. Exceptions and Limitations means fair use, fair dealing, and/or
+     any other exception or limitation to Copyright and Similar Rights
+     that applies to Your use of the Licensed Material.
+
+  f. Licensed Material means the artistic or literary work, database,
+     or other material to which the Licensor applied this Public
+     License.
+
+  g. Licensed Rights means the rights granted to You subject to the
+     terms and conditions of this Public License, which are limited to
+     all Copyright and Similar Rights that apply to Your use of the
+     Licensed Material and that the Licensor has authority to license.
+
+  h. Licensor means the individual(s) or entity(ies) granting rights
+     under this Public License.
+
+  i. Share means to provide material to the public by any means or
+     process that requires permission under the Licensed Rights, such
+     as reproduction, public display, public performance, distribution,
+     dissemination, communication, or importation, and to make material
+     available to the public including in ways that members of the
+     public may access the material from a place and at a time
+     individually chosen by them.
+
+  j. Sui Generis Database Rights means rights other than copyright
+     resulting from Directive 96/9/EC of the European Parliament and of
+     the Council of 11 March 1996 on the legal protection of databases,
+     as amended and/or succeeded, as well as other essentially
+     equivalent rights anywhere in the world.
+
+  k. You means the individual or entity exercising the Licensed Rights
+     under this Public License. Your has a corresponding meaning.
+
+
+Section 2 -- Scope.
+
+  a. License grant.
+
+       1. Subject to the terms and conditions of this Public License,
+          the Licensor hereby grants You a worldwide, royalty-free,
+          non-sublicensable, non-exclusive, irrevocable license to
+          exercise the Licensed Rights in the Licensed Material to:
+
+            a. reproduce and Share the Licensed Material, in whole or
+               in part; and
+
+            b. produce, reproduce, and Share Adapted Material.
+
+       2. Exceptions and Limitations. For the avoidance of doubt, where
+          Exceptions and Limitations apply to Your use, this Public
+          License does not apply, and You do not need to comply with
+          its terms and conditions.
+
+       3. Term. The term of this Public License is specified in Section
+          6(a).
+
+       4. Media and formats; technical modifications allowed. The
+          Licensor authorizes You to exercise the Licensed Rights in
+          all media and formats whether now known or hereafter created,
+          and to make technical modifications necessary to do so. The
+          Licensor waives and/or agrees not to assert any right or
+          authority to forbid You from making technical modifications
+          necessary to exercise the Licensed Rights, including
+          technical modifications necessary to circumvent Effective
+          Technological Measures. For purposes of this Public License,
+          simply making modifications authorized by this Section 2(a)
+          (4) never produces Adapted Material.
+
+       5. Downstream recipients.
+
+            a. Offer from the Licensor -- Licensed Material. Every
+               recipient of the Licensed Material automatically
+               receives an offer from the Licensor to exercise the
+               Licensed Rights under the terms and conditions of this
+               Public License.
+
+            b. No downstream restrictions. You may not offer or impose
+               any additional or different terms or conditions on, or
+               apply any Effective Technological Measures to, the
+               Licensed Material if doing so restricts exercise of the
+               Licensed Rights by any recipient of the Licensed
+               Material.
+
+       6. No endorsement. Nothing in this Public License constitutes or
+          may be construed as permission to assert or imply that You
+          are, or that Your use of the Licensed Material is, connected
+          with, or sponsored, endorsed, or granted official status by,
+          the Licensor or others designated to receive attribution as
+          provided in Section 3(a)(1)(A)(i).
+
+  b. Other rights.
+
+       1. Moral rights, such as the right of integrity, are not
+          licensed under this Public License, nor are publicity,
+          privacy, and/or other similar personality rights; however, to
+          the extent possible, the Licensor waives and/or agrees not to
+          assert any such rights held by the Licensor to the limited
+          extent necessary to allow You to exercise the Licensed
+          Rights, but not otherwise.
+
+       2. Patent and trademark rights are not licensed under this
+          Public License.
+
+       3. To the extent possible, the Licensor waives any right to
+          collect royalties from You for the exercise of the Licensed
+          Rights, whether directly or through a collecting society
+          under any voluntary or waivable statutory or compulsory
+          licensing scheme. In all other cases the Licensor expressly
+          reserves any right to collect such royalties.
+
+
+Section 3 -- License Conditions.
+
+Your exercise of the Licensed Rights is expressly made subject to the
+following conditions.
+
+  a. Attribution.
+
+       1. If You Share the Licensed Material (including in modified
+          form), You must:
+
+            a. retain the following if it is supplied by the Licensor
+               with the Licensed Material:
+
+                 i. identification of the creator(s) of the Licensed
+                    Material and any others designated to receive
+                    attribution, in any reasonable manner requested by
+                    the Licensor (including by pseudonym if
+                    designated);
+
+                ii. a copyright notice;
+
+               iii. a notice that refers to this Public License;
+
+                iv. a notice that refers to the disclaimer of
+                    warranties;
+
+                 v. a URI or hyperlink to the Licensed Material to the
+                    extent reasonably practicable;
+
+            b. indicate if You modified the Licensed Material and
+               retain an indication of any previous modifications; and
+
+            c. indicate the Licensed Material is licensed under this
+               Public License, and include the text of, or the URI or
+               hyperlink to, this Public License.
+
+       2. You may satisfy the conditions in Section 3(a)(1) in any
+          reasonable manner based on the medium, means, and context in
+          which You Share the Licensed Material. For example, it may be
+          reasonable to satisfy the conditions by providing a URI or
+          hyperlink to a resource that includes the required
+          information.
+
+       3. If requested by the Licensor, You must remove any of the
+          information required by Section 3(a)(1)(A) to the extent
+          reasonably practicable.
+
+       4. If You Share Adapted Material You produce, the Adapter's
+          License You apply must not prevent recipients of the Adapted
+          Material from complying with this Public License.
+
+
+Section 4 -- Sui Generis Database Rights.
+
+Where the Licensed Rights include Sui Generis Database Rights that
+apply to Your use of the Licensed Material:
+
+  a. for the avoidance of doubt, Section 2(a)(1) grants You the right
+     to extract, reuse, reproduce, and Share all or a substantial
+     portion of the contents of the database;
+
+  b. if You include all or a substantial portion of the database
+     contents in a database in which You have Sui Generis Database
+     Rights, then the database in which You have Sui Generis Database
+     Rights (but not its individual contents) is Adapted Material; and
+
+  c. You must comply with the conditions in Section 3(a) if You Share
+     all or a substantial portion of the contents of the database.
+
+For the avoidance of doubt, this Section 4 supplements and does not
+replace Your obligations under this Public License where the Licensed
+Rights include other Copyright and Similar Rights.
+
+
+Section 5 -- Disclaimer of Warranties and Limitation of Liability.
+
+  a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE
+     EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS
+     AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF
+     ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS,
+     IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION,
+     WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR
+     PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS,
+     ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT
+     KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT
+     ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU.
+
+  b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE
+     TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION,
+     NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT,
+     INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES,
+     COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR
+     USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN
+     ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR
+     DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR
+     IN PART, THIS LIMITATION MAY NOT APPLY TO YOU.
+
+  c. The disclaimer of warranties and limitation of liability provided
+     above shall be interpreted in a manner that, to the extent
+     possible, most closely approximates an absolute disclaimer and
+     waiver of all liability.
+
+
+Section 6 -- Term and Termination.
+
+  a. This Public License applies for the term of the Copyright and
+     Similar Rights licensed here. However, if You fail to comply with
+     this Public License, then Your rights under this Public License
+     terminate automatically.
+
+  b. Where Your right to use the Licensed Material has terminated under
+     Section 6(a), it reinstates:
+
+       1. automatically as of the date the violation is cured, provided
+          it is cured within 30 days of Your discovery of the
+          violation; or
+
+       2. upon express reinstatement by the Licensor.
+
+     For the avoidance of doubt, this Section 6(b) does not affect any
+     right the Licensor may have to seek remedies for Your violations
+     of this Public License.
+
+  c. For the avoidance of doubt, the Licensor may also offer the
+     Licensed Material under separate terms or conditions or stop
+     distributing the Licensed Material at any time; however, doing so
+     will not terminate this Public License.
+
+  d. Sections 1, 5, 6, 7, and 8 survive termination of this Public
+     License.
+
+
+Section 7 -- Other Terms and Conditions.
+
+  a. The Licensor shall not be bound by any additional or different
+     terms or conditions communicated by You unless expressly agreed.
+
+  b. Any arrangements, understandings, or agreements regarding the
+     Licensed Material not stated herein are separate from and
+     independent of the terms and conditions of this Public License.
+
+
+Section 8 -- Interpretation.
+
+  a. For the avoidance of doubt, this Public License does not, and
+     shall not be interpreted to, reduce, limit, restrict, or impose
+     conditions on any use of the Licensed Material that could lawfully
+     be made without permission under this Public License.
+
+  b. To the extent possible, if any provision of this Public License is
+     deemed unenforceable, it shall be automatically reformed to the
+     minimum extent necessary to make it enforceable. If the provision
+     cannot be reformed, it shall be severed from this Public License
+     without affecting the enforceability of the remaining terms and
+     conditions.
+
+  c. No term or condition of this Public License will be waived and no
+     failure to comply consented to unless expressly agreed to by the
+     Licensor.
+
+  d. Nothing in this Public License constitutes or may be interpreted
+     as a limitation upon, or waiver of, any privileges and immunities
+     that apply to the Licensor or You, including from the legal
+     processes of any jurisdiction or authority.
+
+
+=======================================================================
+
+Creative Commons is not a party to its public
+licenses. Notwithstanding, Creative Commons may elect to apply one of
+its public licenses to material it publishes and in those instances
+will be considered the “Licensor.� The text of the Creative Commons
+public licenses is dedicated to the public domain under the CC0 Public
+Domain Dedication. Except for the limited purpose of indicating that
+material is shared under a Creative Commons public license or as
+otherwise permitted by the Creative Commons policies published at
+creativecommons.org/policies, Creative Commons does not authorize the
+use of the trademark "Creative Commons" or any other trademark or logo
+of Creative Commons without its prior written consent including,
+without limitation, in connection with any unauthorized modifications
+to any of its public licenses or any other arrangements,
+understandings, or agreements concerning use of licensed material. For
+the avoidance of doubt, this paragraph does not form part of the
+public licenses.
+
+Creative Commons may be contacted at creativecommons.org.
\ No newline at end of file
diff --git a/source4/setup/adprep/WindowsServerDocs/LICENSE-CODE b/source4/setup/adprep/WindowsServerDocs/LICENSE-CODE
new file mode 100644
index 0000000..b17b032
--- /dev/null
+++ b/source4/setup/adprep/WindowsServerDocs/LICENSE-CODE
@@ -0,0 +1,17 @@
+The MIT License (MIT)
+Copyright (c) Microsoft Corporation
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and 
+associated documentation files (the "Software"), to deal in the Software without restriction, 
+including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, 
+and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, 
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial 
+portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT 
+NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, 
+WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
\ No newline at end of file
diff --git a/source4/setup/adprep/WindowsServerDocs/Read-Only-Domain-Controller-Updates.md.unused b/source4/setup/adprep/WindowsServerDocs/Read-Only-Domain-Controller-Updates.md.unused
new file mode 100644
index 0000000..f9b947f
--- /dev/null
+++ b/source4/setup/adprep/WindowsServerDocs/Read-Only-Domain-Controller-Updates.md.unused
@@ -0,0 +1,16 @@
+---
+description: "Learn more about: Read-Only Domain Controller Updates"
+ms.assetid: 38f6adb1-dfcf-456d-b631-2b1e96dc670b
+title: Read-Only Domain Controller Updates
+author: iainfoulds
+ms.author: daveba
+manager: daveba
+ms.date: 05/31/2017
+ms.topic: article
+---
+
+# Read-Only Domain Controller Updates
+
+>Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012
+
+There are no changes to adprep /rodcprep in Windows Server 2012 R2 or in Windows Server 2012.
diff --git a/source4/setup/adprep/WindowsServerDocs/Sch49.ldf.diff b/source4/setup/adprep/WindowsServerDocs/Sch49.ldf.diff
new file mode 100644
index 0000000..d9a76cc
--- /dev/null
+++ b/source4/setup/adprep/WindowsServerDocs/Sch49.ldf.diff
@@ -0,0 +1,29 @@
+--- orig/Sch49.ldf	2023-02-02 11:19:49.258058871 +0100
++++ patched/Sch49.ldf	2023-02-02 11:19:49.702061539 +0100
+@@ -669,26 +669,20 @@
+ replace: defaultHidingValue
+ defaultHidingValue: TRUE
+ -
+ 
+ dn: CN=ms-DS-Resource-Properties,CN=Schema,CN=Configuration,DC=X
+ changetype: ntdsSchemaModify
+ replace: defaultHidingValue
+ defaultHidingValue: TRUE
+ -
+ 
+-dn: CN=ms-DS-List-Of-Claim-Types,CN=Schema,CN=Configuration,DC=X
+-changetype: ntdsSchemaModify
+-replace: defaultHidingValue
+-defaultHidingValue: TRUE
+--
+-
+ dn: CN=ms-DS-Claim-Type,CN=Schema,CN=Configuration,DC=X
+ changetype: ntdsSchemaModify
+ add: systemMayContain
+ systemMayContain: 1.2.840.113556.1.4.2157
+ systemMayContain: 1.2.840.113556.1.4.2158
+ systemMayContain: 1.2.840.113556.1.4.2098
+ systemMayContain: 1.2.840.113556.1.4.2159
+ systemMayContain: 1.2.840.113556.1.4.2160
+ -
+ 
diff --git a/source4/setup/adprep/WindowsServerDocs/Sch50.ldf.diff b/source4/setup/adprep/WindowsServerDocs/Sch50.ldf.diff
new file mode 100644
index 0000000..47a1ffd
--- /dev/null
+++ b/source4/setup/adprep/WindowsServerDocs/Sch50.ldf.diff
@@ -0,0 +1,107 @@
+--- orig/Sch50.ldf	2023-02-02 11:19:49.258058871 +0100
++++ patched/Sch50.ldf	2023-02-02 12:08:24.613054023 +0100
+@@ -3,20 +3,21 @@
+ changetype: ntdsSchemaAdd
+ objectClass: attributeSchema
+ ldapDisplayName: msDS-AllowedToActOnBehalfOfOtherIdentity
+ adminDisplayName: ms-DS-Allowed-To-Act-On-Behalf-Of-Other-Identity
+ adminDescription: This attribute is used for access checks to determine if a requester has permission to act on the behalf of other identities to services running as this account.
+ attributeId: 1.2.840.113556.1.4.2182
+ attributeSyntax: 2.5.5.15
+ omSyntax: 66
+ isSingleValued: TRUE
+ systemOnly: TRUE
++schemaFlagsEx: 1
+ searchFlags: 0
+ rangeLower: 0
+ rangeUpper: 132096
+ schemaIdGuid:: 5cN4P5r3vUaguJ0YEW3ceQ==
+ attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+ showInAdvancedViewOnly: TRUE
+ systemFlags: 16
+ 
+ dn: CN=ms-Kds-Version,CN=Schema,CN=Configuration,DC=X
+ changetype: ntdsSchemaAdd
+@@ -243,21 +244,21 @@
+ ldapDisplayName: msKds-SecretAgreementParam
+ adminDisplayName: ms-Kds-SecretAgreement-Param
+ adminDescription: The parameters for the secret agreement algorithm.
+ attributeId: 1.2.840.113556.1.4.2172
+ attributeSyntax: 2.5.5.10
+ omSyntax: 4
+ isSingleValued: TRUE
+ systemOnly: FALSE
+ searchFlags: 640
+ rangeUpper: 2000
+-schemaIdGuid:: MLCZ2e3+dUm4B+ukRNp56Q==
++schemaIdGuid:: 2ZmwMP7tSXW4B+ukRNp56Q==
+ showInAdvancedViewOnly: TRUE
+ systemFlags: 16
+ 
+ dn: CN=ms-Kds-SecretAgreement-AlgorithmID,CN=Schema,CN=Configuration,DC=X
+ changetype: ntdsSchemaAdd
+ objectClass: attributeSchema
+ ldapDisplayName: msKds-SecretAgreementAlgorithmID
+ adminDisplayName: ms-Kds-SecretAgreement-AlgorithmID
+ adminDescription: The name of the secret agreement algorithm to be used with public keys.
+ attributeId: 1.2.840.113556.1.4.2171
+@@ -276,56 +277,59 @@
+ objectClass: attributeSchema
+ ldapDisplayName: msDS-ValueTypeReference
+ adminDisplayName: ms-DS-Value-Type-Reference
+ adminDescription: This attribute is used to link a resource property object to its value type.
+ attributeId: 1.2.840.113556.1.4.2187
+ attributeSyntax: 2.5.5.1
+ omSyntax: 127
+ isSingleValued: TRUE
+ systemOnly: TRUE
+ searchFlags: 0
++schemaFlagsEx: 1
+ omObjectClass:: KwwCh3McAIVK
+ schemaIdGuid:: hF38eNzBSDGJhFj3ktQdPg==
+ linkID: 2188
+ showInAdvancedViewOnly: TRUE
+ systemFlags: 16
+ 
+ dn: CN=ms-DS-Value-Type-Reference-BL,CN=Schema,CN=Configuration,DC=X
+ changetype: ntdsSchemaAdd
+ objectClass: attributeSchema
+ ldapDisplayName: msDS-ValueTypeReferenceBL
+ adminDisplayName: ms-DS-Value-Type-Reference-BL
+ adminDescription: This is the back link for ms-DS-Value-Type-Reference. It links a value type object back to resource properties.
+ attributeId: 1.2.840.113556.1.4.2188
+ attributeSyntax: 2.5.5.1
+ omSyntax: 127
+ isSingleValued: FALSE
+ systemOnly: TRUE
+ searchFlags: 0
++schemaFlagsEx: 1
+ omObjectClass:: KwwCh3McAIVK
+ schemaIdGuid:: rUNVq6EjRTu5N5sxPVR0qA==
+ linkID: 2189
+ showInAdvancedViewOnly: TRUE
+ systemFlags: 17
+ 
+ dn: CN=ms-DS-Is-Possible-Values-Present,CN=Schema,CN=Configuration,DC=X
+ changetype: ntdsSchemaAdd
+ objectClass: attributeSchema
+ ldapDisplayName: msDS-IsPossibleValuesPresent
+ adminDisplayName: ms-DS-Is-Possible-Values-Present
+ adminDescription: This attribute identifies if ms-DS-Claim-Possible-Values on linked resource property must have value or must not have value.
+ attributeId: 1.2.840.113556.1.4.2186
+ attributeSyntax: 2.5.5.8
+ omSyntax: 1
+ isSingleValued: TRUE
+ systemOnly: TRUE
+ searchFlags: 0
++schemaFlagsEx: 1
+ schemaIdGuid:: 2tyrb1OMTyCxpJ3wxnwetA==
+ showInAdvancedViewOnly: TRUE
+ systemFlags: 16
+ 
+ dn:
+ changetype: modify
+ add: schemaUpdateNow
+ schemaUpdateNow: 1
+ -
+ 
diff --git a/source4/setup/adprep/WindowsServerDocs/Sch51.ldf.diff b/source4/setup/adprep/WindowsServerDocs/Sch51.ldf.diff
new file mode 100644
index 0000000..9a7c8d1
--- /dev/null
+++ b/source4/setup/adprep/WindowsServerDocs/Sch51.ldf.diff
@@ -0,0 +1,225 @@
+--- orig/Sch51.ldf	2023-02-02 11:19:49.258058871 +0100
++++ patched/Sch51.ldf	2023-02-02 13:21:57.135145640 +0100
+@@ -4,173 +4,183 @@
+ objectClass: attributeSchema
+ ldapDisplayName: msDS-TransformationRules
+ adminDisplayName: ms-DS-Transformation-Rules
+ adminDescription: Specifies the Transformation Rules for Across-Forest Claims Transformation.
+ attributeId: 1.2.840.113556.1.4.2189
+ attributeSyntax: 2.5.5.12
+ omSyntax: 64
+ isSingleValued: TRUE
+ systemOnly: FALSE
+ searchFlags: 0
++schemaFlagsEx: 1
+ schemaIdGuid:: cSuHVbLESDuuUUCV+R7GAA==
+ showInAdvancedViewOnly: TRUE
+ systemFlags: 16
+ 
+ dn: CN=ms-DS-Applies-To-Resource-Types,CN=Schema,CN=Configuration,DC=X
+ changetype: ntdsSchemaAdd
+ objectClass: attributeSchema
+ ldapDisplayName: msDS-AppliesToResourceTypes
+ adminDisplayName: ms-DS-Applies-To-Resource-Types
+ adminDescription: For a resource property, this attribute indicates what resource types this resource property applies to.
+ attributeId: 1.2.840.113556.1.4.2195
+ attributeSyntax: 2.5.5.12
+ omSyntax: 64
+ isSingleValued: FALSE
+ systemOnly: FALSE
+ searchFlags: 0
++schemaFlagsEx: 1
+ schemaIdGuid:: BiA/aWRXSj2EOVjwSqtLWQ==
+ showInAdvancedViewOnly: TRUE
+ systemFlags: 16
+ 
+ dn: CN=ms-DS-Transformation-Rules-Compiled,CN=Schema,CN=Configuration,DC=X
+ changetype: ntdsSchemaAdd
+ objectClass: attributeSchema
+ ldapDisplayName: msDS-TransformationRulesCompiled
+ adminDisplayName: ms-DS-Transformation-Rules-Compiled
+ adminDescription: Blob containing compiled transformation rules.
+ attributeId: 1.2.840.113556.1.4.2190
+ attributeSyntax: 2.5.5.10
+ omSyntax: 4
+ isSingleValued: TRUE
+ systemOnly: TRUE
+ searchFlags: 128
++schemaFlagsEx: 1
+ schemaIdGuid:: EJq0C2tTTbyicwurDdS9EA==
+ showInAdvancedViewOnly: TRUE
+ systemFlags: 17
+ 
+ dn: CN=ms-DS-Egress-Claims-Transformation-Policy,CN=Schema,CN=Configuration,DC=X
+ changetype: ntdsSchemaAdd
+ objectClass: attributeSchema
+ ldapDisplayName: msDS-EgressClaimsTransformationPolicy
+ adminDisplayName: ms-DS-Egress-Claims-Transformation-Policy
+ adminDescription: This is a link to a Claims Transformation Policy Object for the egress claims (claims leaving this forest) to the Trusted Domain. This is applicable only for an incoming or bidirectional Across-Forest Trust. When this link is not present, all claims are allowed to egress as-is.
+ attributeId: 1.2.840.113556.1.4.2192
+ attributeSyntax: 2.5.5.1
+ omSyntax: 127
+ isSingleValued: TRUE
+ systemOnly: FALSE
+ searchFlags: 0
++schemaFlagsEx: 1
+ omObjectClass:: KwwCh3McAIVK
+ schemaIdGuid:: fkI3wXOaQLCRkBsJW7QyiA==
+ linkID: 2192
+ showInAdvancedViewOnly: TRUE
+ systemFlags: 16
+ 
+ dn: CN=ms-DS-Ingress-Claims-Transformation-Policy,CN=Schema,CN=Configuration,DC=X
+ changetype: ntdsSchemaAdd
+ objectClass: attributeSchema
+ ldapDisplayName: msDS-IngressClaimsTransformationPolicy
+ adminDisplayName: ms-DS-Ingress-Claims-Transformation-Policy
+ adminDescription: This is a link to a Claims Transformation Policy Object for the ingress claims (claims entering this forest) from the Trusted Domain. This is applicable only for an outgoing or bidirectional Across-Forest Trust. If this link is absent, all the ingress claims are dropped.
+ attributeId: 1.2.840.113556.1.4.2191
+ attributeSyntax: 2.5.5.1
+ omSyntax: 127
+ isSingleValued: TRUE
+ systemOnly: FALSE
+ searchFlags: 0
++schemaFlagsEx: 1
+ omObjectClass:: KwwCh3McAIVK
+ schemaIdGuid:: CEwohm4MQBWLFXUUfSPSDQ==
+ linkID: 2190
+ showInAdvancedViewOnly: TRUE
+ systemFlags: 16
+ 
+ dn: CN=ms-DS-TDO-Egress-BL,CN=Schema,CN=Configuration,DC=X
+ changetype: ntdsSchemaAdd
+ objectClass: attributeSchema
+ ldapDisplayName: msDS-TDOEgressBL
+ adminDisplayName: ms-DS-TDO-Egress-BL
+ adminDescription: Backlink to TDO Egress rules link on object.
+ attributeId: 1.2.840.113556.1.4.2194
+ attributeSyntax: 2.5.5.1
+ omSyntax: 127
+ isSingleValued: FALSE
+ systemOnly: TRUE
+ searchFlags: 0
++schemaFlagsEx: 1
+ omObjectClass:: KwwCh3McAIVK
+ schemaIdGuid:: KWIA1ROZQiKLF4N2HR4OWw==
+ linkID: 2193
+ showInAdvancedViewOnly: TRUE
+ systemFlags: 17
+ 
+ dn: CN=ms-DS-TDO-Ingress-BL,CN=Schema,CN=Configuration,DC=X
+ changetype: ntdsSchemaAdd
+ objectClass: attributeSchema
+ ldapDisplayName: msDS-TDOIngressBL
+ adminDisplayName: ms-DS-TDO-Ingress-BL
+ adminDescription: Backlink to TDO Ingress rules link on object.
+ attributeId: 1.2.840.113556.1.4.2193
+ attributeSyntax: 2.5.5.1
+ omSyntax: 127
+ isSingleValued: FALSE
+ systemOnly: TRUE
+ searchFlags: 0
++schemaFlagsEx: 1
+ omObjectClass:: KwwCh3McAIVK
+ schemaIdGuid:: oWFWWsaXS1SAVuQw/nvFVA==
+ linkID: 2191
+ showInAdvancedViewOnly: TRUE
+ systemFlags: 17
+ 
+ dn: CN=ms-DS-ManagedPassword,CN=Schema,CN=Configuration,DC=X
+ changetype: ntdsSchemaAdd
+ objectClass: attributeSchema
+ ldapDisplayName: msDS-ManagedPassword
+ adminDisplayName: msDS-ManagedPassword
+ adminDescription: This attribute is the managed password data for a group MSA.
+ attributeId: 1.2.840.113556.1.4.2196
+ attributeSyntax: 2.5.5.10
+ omSyntax: 4
+ isSingleValued: TRUE
+ systemOnly: FALSE
+ searchFlags: 0
++schemaFlagsEx: 1
+ schemaIdGuid:: hu1i4yi3QgiyfS3qep3yGA==
+ showInAdvancedViewOnly: TRUE
+ systemFlags: 20
+ 
+ dn: CN=ms-DS-ManagedPasswordId,CN=Schema,CN=Configuration,DC=X
+ changetype: ntdsSchemaAdd
+ objectClass: attributeSchema
+ ldapDisplayName: msDS-ManagedPasswordId
+ adminDisplayName: msDS-ManagedPasswordId
+ adminDescription: This attribute is the identifier for the current managed password data for a group MSA.
+ attributeId: 1.2.840.113556.1.4.2197
+ attributeSyntax: 2.5.5.10
+ omSyntax: 4
+ isSingleValued: TRUE
+ systemOnly: TRUE
+ searchFlags: 0
++schemaFlagsEx: 1
+ rangeUpper: 1024
+ schemaIdGuid:: Wil4DtPGQAq0kdYiUf+gpg==
+ showInAdvancedViewOnly: TRUE
+ systemFlags: 16
+ 
+ dn: CN=ms-DS-GroupMSAMembership,CN=Schema,CN=Configuration,DC=X
+ changetype: ntdsSchemaAdd
+ objectClass: attributeSchema
+ ldapDisplayName: msDS-GroupMSAMembership
+ adminDisplayName: msDS-GroupMSAMembership
+ adminDescription: This attribute is used for access checks to determine if a requester has permission to retrieve the password for a group MSA.
+ attributeId: 1.2.840.113556.1.4.2200
+ attributeSyntax: 2.5.5.15
+ omSyntax: 66
+ isSingleValued: TRUE
+ systemOnly: FALSE
+ searchFlags: 0
++schemaFlagsEx: 1
+ rangeUpper: 132096
+ schemaIdGuid:: 1u2OiATOQN+0YrilDkG6OA==
+ showInAdvancedViewOnly: TRUE
+ systemFlags: 16
+ 
+ dn: CN=ms-DS-GeoCoordinates-Altitude,CN=Schema,CN=Configuration,DC=X
+ changetype: ntdsSchemaAdd
+ objectClass: attributeSchema
+ ldapDisplayName: msDS-GeoCoordinatesAltitude
+ adminDisplayName: ms-DS-GeoCoordinates-Altitude
+@@ -222,36 +232,38 @@
+ objectClass: attributeSchema
+ ldapDisplayName: msDS-ManagedPasswordInterval
+ adminDisplayName: msDS-ManagedPasswordInterval
+ adminDescription: This attribute is used to retrieve the number of days before a managed password is automatically changed for a group MSA.
+ attributeId: 1.2.840.113556.1.4.2199
+ attributeSyntax: 2.5.5.9
+ omSyntax: 2
+ isSingleValued: TRUE
+ systemOnly: TRUE
+ searchFlags: 0
++schemaFlagsEx: 1
+ schemaIdGuid:: 9451+HasQ4ii7qJrTcr0CQ==
+ showInAdvancedViewOnly: TRUE
+ systemFlags: 16
+ 
+ dn: CN=ms-DS-ManagedPasswordPreviousId,CN=Schema,CN=Configuration,DC=X
+ changetype: ntdsSchemaAdd
+ objectClass: attributeSchema
+ ldapDisplayName: msDS-ManagedPasswordPreviousId
+ adminDisplayName: msDS-ManagedPasswordPreviousId
+ adminDescription: This attribute is the identifier for the previous managed password data for a group MSA.
+ attributeId: 1.2.840.113556.1.4.2198
+ attributeSyntax: 2.5.5.10
+ omSyntax: 4
+ isSingleValued: TRUE
+ systemOnly: TRUE
+ searchFlags: 0
++schemaFlagsEx: 1
+ rangeUpper: 1024
+ schemaIdGuid:: MSHW0EotT9CZ2RxjZGIppA==
+ showInAdvancedViewOnly: TRUE
+ systemFlags: 16
+ 
+ dn:
+ changetype: modify
+ add: schemaUpdateNow
+ schemaUpdateNow: 1
+ -
diff --git a/source4/setup/adprep/WindowsServerDocs/Sch57.ldf.diff b/source4/setup/adprep/WindowsServerDocs/Sch57.ldf.diff
new file mode 100644
index 0000000..d82875a
--- /dev/null
+++ b/source4/setup/adprep/WindowsServerDocs/Sch57.ldf.diff
@@ -0,0 +1,105 @@
+--- orig/Sch57.ldf	2023-02-02 11:19:49.258058871 +0100
++++ patched/Sch57.ldf	2023-02-03 11:55:09.049696113 +0100
+@@ -61,96 +61,101 @@
+ adminDescription: This attribute is used to enable or disable the user-device relationship.
+ ldapDisplayName: msDS-IsEnabled
+ attributeId: 1.2.840.113556.1.4.2248
+ omSyntax: 1
+ attributeSyntax: 2.5.5.8
+ isSingleValued: TRUE
+ instanceType: 4
+ searchFlags: 0
+ systemOnly: FALSE
+ schemaIdGuid:: DlypIoMfgkyUzr6miM/IcQ==
++isMemberOfPartialAttributeSet: TRUE
+ systemFlags: 16
+ 
+ dn: CN=ms-DS-Device-OS-Type,CN=Schema,CN=Configuration,DC=X
+ changetype: ntdsSchemaAdd
+ objectClass: attributeSchema
+ cn: ms-DS-Device-OS-Type
+ adminDisplayName: ms-DS-Device-OS-Type
+ adminDescription: This attribute is used to track the type of device based on the OS.
+ ldapDisplayName: msDS-DeviceOSType
+ attributeId: 1.2.840.113556.1.4.2249
+ omSyntax: 64
+ attributeSyntax: 2.5.5.12
+ isSingleValued: FALSE
+ instanceType: 4
+ rangeLower: 0
+ rangeUpper: 1024
+ searchFlags: 0
+ systemOnly: FALSE
+ schemaIdGuid:: TUUOELvzy02EX41e3EccWQ==
++isMemberOfPartialAttributeSet: TRUE
+ systemFlags: 16
+ 
+ dn: CN=ms-DS-Device-OS-Version,CN=Schema,CN=Configuration,DC=X
+ changetype: ntdsSchemaAdd
+ objectClass: attributeSchema
+ cn: ms-DS-Device-OS-Version
+ adminDisplayName: ms-DS-Device-OS-Version
+ adminDescription: This attribute is used to track the OS version of the device.
+ ldapDisplayName: msDS-DeviceOSVersion
+ attributeId: 1.2.840.113556.1.4.2250
+ omSyntax: 64
+ attributeSyntax: 2.5.5.12
+ isSingleValued: FALSE
+ instanceType: 4
+ rangeLower: 0
+ rangeUpper: 512
+-searchFlags: 0
++searchFlags: 1
+ systemOnly: FALSE
+ schemaIdGuid:: Y4z7cKtfBEWrnRSzKain+A==
++isMemberOfPartialAttributeSet: TRUE
+ systemFlags: 16
+ 
+ dn: CN=ms-DS-Device-Physical-IDs,CN=Schema,CN=Configuration,DC=X
+ changetype: ntdsSchemaAdd
+ objectClass: attributeSchema
+ cn: ms-DS-Device-Physical-IDs
+ adminDisplayName: ms-DS-Device-Physical-IDs
+ adminDescription: This attribute is used to store identifiers of the physical device.
+ ldapDisplayName: msDS-DevicePhysicalIDs
+ attributeId: 1.2.840.113556.1.4.2251
+ omSyntax: 4
+ attributeSyntax: 2.5.5.10
+ isSingleValued: FALSE
+ instanceType: 4
+ rangeLower: 1
+ rangeUpper: 10485760
+ searchFlags: 1
+ systemOnly: FALSE
+ schemaIdGuid:: FFRhkKCiR0Spk1NAlZm3Tg==
++isMemberOfPartialAttributeSet: TRUE
+ systemFlags: 16
+ 
+ dn: CN=ms-DS-Device-ID,CN=Schema,CN=Configuration,DC=X
+ changetype: ntdsSchemaAdd
+ objectClass: attributeSchema
+ cn: ms-DS-Device-ID
+ adminDisplayName: ms-DS-Device-ID
+ adminDescription: This attribute stores the ID of the device.
+ ldapDisplayName: msDS-DeviceID
+ attributeId: 1.2.840.113556.1.4.2252
+ omSyntax: 4
+ attributeSyntax: 2.5.5.10
+ isSingleValued: TRUE
+ instanceType: 4
+ rangeLower: 16
+ rangeUpper: 16
+ searchFlags: 1
+ systemOnly: FALSE
+ schemaIdGuid:: x4EBw0Jj+0GyeffFZsvgpw==
++isMemberOfPartialAttributeSet: TRUE
+ systemFlags: 16
+ 
+ dn:
+ changetype: modify
+ add: schemaUpdateNow
+ schemaUpdateNow: 1
+ -
+ 
+ dn: CN=ms-DS-Device-Registration-Service-Container,CN=Schema,CN=Configuration,DC=X
+ changetype: ntdsSchemaAdd
diff --git a/source4/setup/adprep/WindowsServerDocs/Sch59.ldf.diff b/source4/setup/adprep/WindowsServerDocs/Sch59.ldf.diff
new file mode 100644
index 0000000..294900c
--- /dev/null
+++ b/source4/setup/adprep/WindowsServerDocs/Sch59.ldf.diff
@@ -0,0 +1,26 @@
+--- orig/Sch59.ldf	2023-02-02 11:19:49.258058871 +0100
++++ patched/Sch59.ldf	2023-02-03 12:01:09.935996927 +0100
+@@ -160,23 +160,20 @@
+ changetype: ntdsSchemaModify
+ replace: isSingleValued
+ isSingleValued: TRUE
+ -
+ 
+ dn: CN=ms-DS-Device-Physical-IDs,CN=Schema,CN=Configuration,DC=X
+ changetype: ntdsSchemaModify
+ replace: omSyntax
+ omSyntax: 64
+ -
+-
+-dn: CN=ms-DS-Device-Physical-IDs,CN=Schema,CN=Configuration,DC=X
+-changetype: ntdsSchemaModify
+ replace: attributeSyntax
+ attributeSyntax: 2.5.5.12
+ -
+ 
+ dn: CN=ms-DS-Device-Physical-IDs,CN=Schema,CN=Configuration,DC=X
+ changetype: ntdsSchemaModify
+ replace: rangeUpper
+ rangeUpper: 1024
+ -
+ 
diff --git a/source4/setup/adprep/WindowsServerDocs/Schema-Updates.md b/source4/setup/adprep/WindowsServerDocs/Schema-Updates.md
new file mode 100644
index 0000000..bd1672d
--- /dev/null
+++ b/source4/setup/adprep/WindowsServerDocs/Schema-Updates.md
@@ -0,0 +1,48573 @@
+---
+ms.assetid: abf69b09-6528-42e0-b164-813c7c2c78e7
+title: Schema updates in Windows Server
+description: Schema changes made by adprep by operating system version
+author: iainfoulds
+ms.author: daveba
+manager: daveba
+ms.date: 12/02/2019
+ms.topic: article
+---
+# Windows Server Active Directory schema updates
+
+>Applies to: Windows Server 2022, Windows Server 2019, Windows Server
+
+This topic lists the LDF files that include the changes that Adprep.exe makes.
+
+## Schema Update in Windows Server 2019
+
+Sch88.ldf is the only new file introduced with Windows Server 2019.
+
+### Sch88.ldf
+
+```
+dn: CN=ms-DS-Preferred-Data-Location,CN=schema,CN=configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+attributeID: 1.2.840.113556.1.4.2366
+attributeSyntax: 2.5.5.12
+adminDisplayName: ms-DS-Preferred-Data-Location
+adminDescription: ms-DS-Preferred-Data-Location
+oMSyntax: 64
+lDAPDisplayName: msDS-preferredDataLocation
+isSingleValued: TRUE
+schemaIDGUID:: 3ooM+pRMEEa6zhgO/e4hQA==
+searchFlags: 0
+showInAdvancedViewOnly: FALSE
+systemFlags: 16
+systemOnly: FALSE
+rangeLower: 1
+rangeUpper: 10
+isMemberOfPartialAttributeSet: TRUE
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2366
+-
+
+dn: CN=Contact,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2366
+-
+
+dn: CN=Group,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2366
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 88
+-
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+```
+
+## Schema Updates in Windows Server 2016
+
+Sch70.ldf through Sch87.ldf are introduced with Windows Server 2016.
+
+### Sch70.ldf
+
+```
+dn: CN=ms-DS-Device-MDMStatus,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-Device-MDMStatus
+adminDisplayName: ms-DS-Device-MDMStatus
+adminDescription: This attribute is used to manage the mobile device management status of the device.
+ldapDisplayName: msDS-DeviceMDMStatus
+attributeId: 1.2.840.113556.1.4.2308
+omSyntax: 64
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+instanceType: 4
+rangeUpper: 256
+searchFlags: 0
+systemOnly: FALSE
+schemaIdGuid:: lo8K9sRXLEKjrZ4voJzm9w==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=ms-DS-Device,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2308
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 70
+-
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+```
+
+### Sch71.ldf
+
+```
+dn: CN=ms-DS-GeoCoordinates-Altitude,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 16
+-
+
+dn: CN=ms-DS-GeoCoordinates-Latitude,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 16
+-
+
+dn: CN=ms-DS-GeoCoordinates-Longitude,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 16
+-
+
+dn: CN=ms-DS-Device-OS-Version,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 1
+-
+
+dn: CN=ms-DS-Device-OS-Type,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 1
+-
+
+# Increase schema version
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 71
+-
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+```
+
+### Sch72.ldf
+
+```
+dn: CN=ms-DS-External-Directory-Object-Id,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+adminDisplayName: ms-DS-External-Directory-Object-Id
+adminDescription: ms-DS-External-Directory-Object-Id
+ldapDisplayName: msDS-ExternalDirectoryObjectId
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+attributeId: 1.2.840.113556.1.4.2310
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isMemberOfPartialAttributeSet: TRUE
+isSingleValued: TRUE
+instanceType: 4
+rangeUpper: 256
+schemaIdGuid:: kL8pva1m4UCIexDfBwQZpg==
+searchFlags: 9
+showInAdvancedViewOnly: FALSE
+systemOnly: FALSE
+systemFlags: 16
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=Mail-Recipient,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.4.2310
+-
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2273
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 72
+-
+
+```
+
+### Sch73.ldf
+
+```
+dn: CN=ms-DS-Is-Compliant,CN=Schema,CN=Configuration,DC=x
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+CN: ms-DS-Is-Compliant
+adminDescription: This attribute is used to determine if the object is compliant with company policies.
+adminDisplayName: msDS-IsCompliant
+lDAPDisplayName: msDS-IsCompliant
+attributeId: 1.2.840.113556.1.4.2314
+oMSyntax: 1
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+instanceType: 4
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemOnly: FALSE
+schemaIDGUID:: D31SWcC34kyh3XHO9pYykg==
+systemFlags: 16
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=ms-DS-Device,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2314
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 73
+-
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+```
+
+### Sch74.ldf
+
+```
+dn: CN=ms-DS-Key-Id,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-KeyId
+adminDisplayName: msDS-KeyId
+adminDescription: This attribute contains a key identifier.
+attributeId: 1.2.840.113556.1.4.2315
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+isMemberOfPartialAttributeSet: TRUE
+systemOnly: FALSE
+searchFlags: 1
+schemaIdGuid:: S/iUwq0vcUu+TJ/FcB9gug==
+systemFlags: 16
+RangeLower: 0
+RangeUpper: 132096
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DS-Key-Material,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-KeyMaterial
+adminDisplayName: msDS-KeyMaterial
+adminDescription: This attribute contains key material.
+attributeId: 1.2.840.113556.1.4.2316
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+isMemberOfPartialAttributeSet: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: nw4uodveMU+PIRMRuVgYLw==
+systemFlags: 16
+RangeLower: 0
+RangeUpper: 132096
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DS-Key-Usage,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-KeyUsage
+adminDisplayName: msDS-KeyUsage
+adminDescription: This attribute identifies the usage scenario for the key.
+attributeId: 1.2.840.113556.1.4.2317
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+isMemberOfPartialAttributeSet: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: TLRx3ropl0WeysM0is4ZFw==
+systemFlags: 16
+RangeLower: 0
+RangeUpper: 132096
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DS-Key-Principal,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-KeyPrincipal
+adminDisplayName: msDS-KeyPrincipal
+adminDescription: This attribute specifies the principal that a key object applies to.
+attributeId: 1.2.840.113556.1.4.2318
+attributeSyntax: 2.5.5.1
+omObjectClass:: KwwCh3McAIVK
+omSyntax: 127
+isSingleValued: TRUE
+isMemberOfPartialAttributeSet: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: OyVhvQGUOUGmkzVvxADz6g==
+systemFlags: 16
+instanceType: 4
+linkID: 2218
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DS-Key-Principal-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-KeyPrincipalBL
+adminDisplayName: msDS-KeyPrincipalBL
+adminDescription: This attribute is the backlink for msDS-KeyPrincipal.
+attributeId: 1.2.840.113556.1.4.2319
+attributeSyntax: 2.5.5.1
+omObjectClass:: KwwCh3McAIVK
+omSyntax: 127
+isSingleValued: FALSE
+isMemberOfPartialAttributeSet: TRUE
+systemOnly: TRUE
+searchFlags: 0
+schemaIdGuid:: vI8y0XSFUEGIHQsQiIJ4eA==
+systemFlags: 16
+instanceType: 4
+linkID: 2219
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DS-Device-DN,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-DeviceDN
+adminDisplayName: msDS-DeviceDN
+adminDescription: This attribute identifies the registered device from which this key object was provisioned.
+attributeId: 1.2.840.113556.1.4.2320
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+isMemberOfPartialAttributeSet: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: KREsZJk4IUeOIUg545iM5Q==
+systemFlags: 16
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DS-Computer-SID,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ComputerSID
+adminDisplayName: msDS-ComputerSID
+adminDescription: This attribute identifies a domain-joined computer.
+attributeId: 1.2.840.113556.1.4.2321
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: TRUE
+isMemberOfPartialAttributeSet: TRUE
+systemOnly: FALSE
+searchFlags: 1
+schemaIdGuid:: INf733IILkCZQPzXjbBJug==
+systemFlags: 16
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DS-Custom-Key-Information,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-CustomKeyInformation
+adminDisplayName: msDS-CustomKeyInformation
+adminDescription: This attribute contains additional information about the key.
+attributeId: 1.2.840.113556.1.4.2322
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+isMemberOfPartialAttributeSet: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: iOnltuTlhkyirg2suXCg4Q==
+systemFlags: 16
+RangeLower: 0
+RangeUpper: 132096
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DS-Key-Approximate-Last-Logon-Time-Stamp,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+adminDisplayName: msDS-KeyApproximateLastLogonTimeStamp
+adminDescription: The approximate time this key was last used in a logon operation.
+ldapDisplayName: msDS-KeyApproximateLastLogonTimeStamp
+attributeId: 1.2.840.113556.1.4.2323
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+instanceType: 4
+searchFlags: 1
+isMemberOfPartialAttributeSet: TRUE
+systemOnly: FALSE
+schemaIdGuid:: jcmaZJqbQU2va/YW8qYuSg==
+systemFlags: 16
+showInAdvancedViewOnly: TRUE
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=ms-DS-Key-Credential,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDS-KeyCredential
+adminDisplayName: msDS-KeyCredential
+adminDescription: An instance of this class contains key material.
+governsId: 1.2.840.113556.1.5.297
+objectClassCategory: 1
+rdnAttId: cn
+schemaIdGuid:: Q1Uf7i58akeLP+EfSvbEmA==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+defaultHidingValue: FALSE
+showInAdvancedViewOnly: TRUE
+systemOnly: FALSE
+systemFlags: 16
+instanceType: 4
+subClassOf: top
+systemPossSuperiors: 1.2.840.113556.1.3.23
+systemMustContain: 1.2.840.113556.1.4.2315
+systemMayContain: 1.2.840.113556.1.4.2316
+systemMayContain: 1.2.840.113556.1.4.2317
+systemMayContain: 1.2.840.113556.1.4.2318
+systemMayContain: 1.2.840.113556.1.4.2320
+systemMayContain: 1.2.840.113556.1.4.2321
+systemMayContain: 1.2.840.113556.1.4.2322
+systemMayContain: 1.2.840.113556.1.4.2323
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+add:systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2319
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 74
+-
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+```
+
+### Sch75.ldf
+
+```
+dn: CN=ms-DS-Device-Trust-Type,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+CN: ms-DS-Device-Trust-Type
+adminDescription: Represents join type for devices.
+adminDisplayName: msDS-DeviceTrustType
+lDAPDisplayName: msDS-DeviceTrustType
+attributeId: 1.2.840.113556.1.4.2325
+oMSyntax: 2
+attributeSyntax: 2.5.5.9
+instanceType: 4
+isMemberOfPartialAttributeSet: TRUE
+isSingleValued: TRUE
+searchFlags: 0
+showInAdvancedViewOnly: TRUE
+systemOnly: FALSE
+schemaIDGUID:: B2ikxNxqu0uX3mvtGBob/g==
+systemFlags: 16
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=ms-DS-Device,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2325
+-
+
+#
+# Optional Feature Object
+#
+dn: CN=Expiring Group Membership Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: msDS-OptionalFeature
+msDS-OptionalFeatureFlags: 1
+msDS-OptionalFeatureGUID:: c+hD7OjMQEa0qwf/5KtbzQ==
+msDS-RequiredForestBehaviorVersion: 7
+# 0x800000000
+# 0x080000000
+# 0x040000000
+systemFlags: 2348810240
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 75
+-
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+```
+
+### Sch76.ldf
+
+```
+dn: CN=ms-DS-Shadow-Principal-Sid,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+lDAPDisplayName: msDS-ShadowPrincipalSid
+adminDisplayName: ms-DS-Shadow-Principal-Sid
+adminDescription: Contains the SID of a principal from an external forest.
+attributeID: 1.2.840.113556.1.4.2324
+attributeSyntax: 2.5.5.17
+oMSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+schemaIDGUID:: IgfMHbCq70+Vbydv4Z3hBw==
+systemFlags: 16
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=ms-DS-Shadow-Principal-Container,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDS-ShadowPrincipalContainer
+adminDisplayName: ms-DS-Shadow-Principal-Container
+adminDescription: Dedicated container for msDS-ShadowPrincipal objects.
+governsId: 1.2.840.113556.1.5.298
+objectClassCategory: 1
+rdnAttId: cn
+schemaIdGuid:: RVX5ERLXUEy4R9J4FTfGMw==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+showInAdvancedViewOnly: TRUE
+systemOnly: FALSE
+systemFlags: 16
+instanceType: 4
+subClassOf: container
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=ms-DS-Shadow-Principal,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDS-ShadowPrincipal
+adminDisplayName: ms-DS-Shadow-Principal
+adminDescription: Represents a principal from an external forest.
+governsId: 1.2.840.113556.1.5.299
+objectClassCategory: 1
+rdnAttId: cn
+schemaIdGuid:: s0wPd0MWnEa3Zu3XeqdeFA==
+defaultHidingValue: FALSE
+showInAdvancedViewOnly: TRUE
+systemOnly: FALSE
+systemFlags: 16
+instanceType: 4
+subClassOf: top
+systemPossSuperiors: msDS-ShadowPrincipalContainer
+systemMayContain: member
+systemMustContain: msDS-ShadowPrincipalSid
+
+dn: CN=Shadow Principal Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: msDS-OptionalFeature
+msDS-OptionalFeatureFlags: 1
+msDS-OptionalFeatureGUID:: KbW388juRVatNjmTdiXpNg==
+msDS-RequiredForestBehaviorVersion: 7
+systemFlags: 2348810240
+
+dn: CN=Shadow Principal Configuration,CN=Services,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: msDS-ShadowPrincipalContainer
+showInAdvancedViewOnly: TRUE
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 76
+-
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+```
+
+### Sch77.ldf
+
+```
+dn: CN=ms-DS-Key-Id,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: isMemberOfPartialAttributeSet
+isMemberOfPartialAttributeSet: FALSE
+-
+
+dn: CN=ms-DS-Key-Material,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: isMemberOfPartialAttributeSet
+isMemberOfPartialAttributeSet: FALSE
+-
+
+dn: CN=ms-DS-Key-Usage,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: isMemberOfPartialAttributeSet
+isMemberOfPartialAttributeSet: FALSE
+-
+
+dn: CN=ms-DS-Key-Principal,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: isMemberOfPartialAttributeSet
+isMemberOfPartialAttributeSet: FALSE
+-
+
+dn: CN=ms-DS-Device-DN,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: isMemberOfPartialAttributeSet
+isMemberOfPartialAttributeSet: FALSE
+-
+
+dn: CN=ms-DS-Computer-SID,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: isMemberOfPartialAttributeSet
+isMemberOfPartialAttributeSet: FALSE
+-
+
+dn: CN=ms-DS-Custom-Key-Information,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: isMemberOfPartialAttributeSet
+isMemberOfPartialAttributeSet: FALSE
+-
+
+dn: CN=ms-DS-Key-Approximate-Last-Logon-Time-Stamp,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: isMemberOfPartialAttributeSet
+isMemberOfPartialAttributeSet: FALSE
+-
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=ms-DS-Key-Credential,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2252
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 77
+-
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+```
+
+### Sch78.ldf
+
+```
+#
+# Optional Feature Object
+#
+dn: CN=Expiring Group Membership Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+# FLAG_ALLOW_RENAME 0x400000
+systemFlags: 1073741824
+-
+
+dn: CN=Expiring Group Membership Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=X
+changetype: ntdsSchemaModRdn
+newrdn: Privileged Access Management Feature
+deleteoldrdn: 1
+
+dn: CN=Privileged Access Management Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+# FLAG_DISALLOW_DELETE 0x80000000
+# FLAG_DOMAIN_DISALLOW_RENAME0x08000000
+# FLAG_DOMAIN_DISALLOW_MOVE0x04000000
+systemFlags: 2348810240
+-
+
+dn: CN=Shadow Principal Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+# FLAG_DOMAIN_DISALLOW_RENAME0x08000000
+# FLAG_DOMAIN_DISALLOW_MOVE0x04000000
+replace: systemFlags
+systemFlags: 201326592
+-
+
+dn: CN=Shadow Principal Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=X
+changetype: ntdsSchemaDelete
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 78
+-
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+```
+
+### Sch79.ldf
+
+```
+dn: CN=ms-DS-Device,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2321
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 79
+-
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+```
+
+### Sch80.ldf
+
+```
+dn: CN=ms-DS-Key-Credential-Link,CN=schema,CN=configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+attributeID: 1.2.840.113556.1.4.2328
+attributeSyntax: 2.5.5.7
+adminDisplayName: ms-DS-Key-Credential-Link
+adminDescription: Contains key material and usage.
+oMSyntax: 127
+oMObjectClass:: KoZIhvcUAQEBCw==
+lDAPDisplayName: msDS-KeyCredentialLink
+isSingleValued: FALSE
+systemOnly: FALSE
+schemaIDGUID:: D9ZHW5BgskCfNypN6I8wYw==
+searchFlags: 0
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+linkId: 2220
+
+dn: CN=ms-DS-Key-Credential-Link-BL,CN=schema,CN=configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+attributeID: 1.2.840.113556.1.4.2329
+attributeSyntax: 2.5.5.1
+oMSyntax: 127
+lDAPDisplayName: msDS-KeyCredentialLink-BL
+isSingleValued: FALSE
+systemOnly: FALSE
+schemaIDGUID:: iNeKk18i7k6Tua0koVnh2w==
+searchFlags: 0
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+linkId: 2221
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2328
+-
+
+dn: CN=ms-DS-Device,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2328
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 80
+-
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+```
+
+### Sch81.ldf
+
+```
+dn: CN=DS-Validated-Write-Computer,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+displayName: Validated write to computer attributes.
+rightsGuid: 9b026da6-0d3c-465c-8bee-5199d7165cba
+appliesTo: bf967a86-0de6-11d0-a285-00aa003049e2
+ShowInAdvancedViewOnly: TRUE
+validAccesses: 8
+
+dn: CN=ms-DS-Key-Credential-Link,CN=schema,CN=configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGUID
+attributeSecurityGUID:: pm0CmzwNXEaL7lGZ1xZcug==
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 81
+-
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+```
+
+### Sch82.ldf
+
+```
+dn: CN=Dns-Zone-Scope-Container,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+cn: Dns-Zone-Scope-Container
+adminDisplayName: Dns-Zone-Scope-Container
+adminDescription: Container for Dns Zone Scope objects.
+ldapDisplayName: dnsZoneScopeContainer
+rDNAttID: cn
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;ED)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;CC;;;AU)(A;;RPLCLORC;;;WD)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+governsId: 1.2.840.113556.1.5.300
+instanceType: 4
+objectClassCategory: 1
+schemaIdGuid:: k5Bp8lryIEKd6wPfTMSpxQ==
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+systemFlags: 16
+subClassOf: top
+systemPossSuperiors: 1.2.840.113556.1.5.85
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=Dns-Zone-Scope,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+cn: Dns-Zone-Scope
+adminDisplayName: Dns-Zone-Scope
+adminDescription: A zonescope of a zone is another copy of the zone contained in the zone with different set of resource records.
+ldapDisplayName: dnsZoneScope
+rDNAttID: cn
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;ED)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;CC;;;AU)(A;;RPLCLORC;;;WD)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+governsId: 1.2.840.113556.1.5.301
+instanceType: 4
+objectClassCategory: 1
+schemaIdGuid:: YYpvaT8tzkCks+J138xJxQ==
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+systemFlags: 16
+subClassOf: top
+systemPossSuperiors: 1.2.840.113556.1.5.300
+systemMustContain: 0.9.2342.19200300.100.1.25
+systemMayContain: 1.2.840.113556.1.4.1306
+systemMayContain: 1.2.840.113556.1.4.653
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=Dns-Node,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemPossSuperiors
+systemPossSuperiors: 1.2.840.113556.1.5.301
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 82
+-
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+```
+
+### Sch83.ldf
+
+```
+dn: CN=ms-DS-Expire-Passwords-On-Smart-Card-Only-Accounts,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+CN: ms-DS-Expire-Passwords-On-Smart-Card-Only-Accounts
+attributeID: 1.2.840.113556.1.4.2344
+attributeSyntax: 2.5.5.8
+adminDisplayName: ms-DS-Expire-Passwords-On-Smart-Card-Only-Accounts
+adminDescription: This attribute controls whether the passwords on smart-card-only accounts expire in accordance with the password policy.
+oMSyntax: 1
+lDAPDisplayName: msDS-ExpirePasswordsOnSmartCardOnlyAccounts
+isSingleValued: TRUE
+systemOnly: FALSE
+schemaIDGUID:: SKsXNCTfsU+AsA/LNn4l4w==
+systemFlags: 16
+searchFlags: 0
+instanceType: 4
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=Domain-DNS,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2344
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 83
+-
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+```
+
+### Sch84.ldf
+
+```
+dn: CN=ms-DS-Token-Group-Names,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msds-tokenGroupNames
+adminDisplayName: ms-DS-Token-Group-Names
+adminDescription: The distinguished names of security groups the principal is directly or indirectly a member of.
+attributeId: 1.2.840.113556.1.4.2345
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass:: KwwCh3McAIVK
+isSingleValued: FALSE
+systemOnly: TRUE
+# 0x00000800 (Attribute is returned only on base searches.)
+# searchFlags hex value 0x00000800
+searchFlags: 2048
+schemaIdGuid:: dgVlZZlGyU+NGCbgzQE3pg==
+attributeSecurityGuid:: +IhwA+EK0hG0IgCgyWj5OQ==
+showInAdvancedViewOnly: TRUE
+# 0x00000001 (Attribute is not replicated)
+# 0x00000004 (Attribute is constructed)
+# 0x00000008 (Attribute is operational)
+# 0x00000010 (Attribute is in the base schema)
+# systemFlags hex value 0x0000001D
+systemFlags: 29
+
+dn: CN=ms-DS-Token-Group-Names-Global-And-Universal,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msds-tokenGroupNamesGlobalAndUniversal
+adminDisplayName: ms-DS-Token-Group-Names-Global-And-Universal
+adminDescription: The distinguished names of global and universal security groups the principal is directly or indirectly a member of.
+attributeId: 1.2.840.113556.1.4.2346
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass:: KwwCh3McAIVK
+isSingleValued: FALSE
+systemOnly: TRUE
+# 0x00000800 (Attribute is returned only on base searches.)
+# searchFlags hex value 0x00000800
+searchFlags: 2048
+schemaIdGuid:: 9NEG+iJ5rUq3nLIgH1RBfA==
+attributeSecurityGuid:: +IhwA+EK0hG0IgCgyWj5OQ==
+showInAdvancedViewOnly: TRUE
+# 0x00000001 (Attribute is not replicated)
+# 0x00000004 (Attribute is constructed)
+# 0x00000008 (Attribute is operational)
+# 0x00000010 (Attribute is in the base schema)
+# systemFlags hex value 0x0000001D
+systemFlags: 29
+
+dn: CN=ms-DS-Token-Group-Names-No-GC-Acceptable,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msds-tokenGroupNamesNoGCAcceptable
+adminDisplayName: ms-DS-Token-Group-Names-No-GC-Acceptable
+adminDescription: The distinguished names of security groups the principal is directly or indirectly a member of as reported by the local DC.
+attributeId: 1.2.840.113556.1.4.2347
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass:: KwwCh3McAIVK
+isSingleValued: FALSE
+systemOnly: TRUE
+# 0x00000800 (Attribute is returned only on base searches.)
+# searchFlags hex value 0x00000800
+searchFlags: 2048
+schemaIdGuid:: yMY/UvSaAkqc1z3qEp7rJw==
+attributeSecurityGuid:: +IhwA+EK0hG0IgCgyWj5OQ==
+showInAdvancedViewOnly: TRUE
+# 0x00000001 (Attribute is not replicated)
+# 0x00000004 (Attribute is constructed)
+# 0x00000008 (Attribute is operational)
+# 0x00000010 (Attribute is in the base schema)
+# systemFlags hex value 0x0000001D
+systemFlags: 29
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=Security-Principal,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2345
+systemMayContain: 1.2.840.113556.1.4.2346
+systemMayContain: 1.2.840.113556.1.4.2347
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 84
+-
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+```
+
+### Sch85.ldf
+
+```
+dn: CN=ms-DS-User-Allowed-NTLM-Network-Authentication,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-UserAllowedNTLMNetworkAuthentication
+adminDisplayName: ms-DS-User-Allowed-NTLM-Network-Authentication
+adminDescription: This attribute is used to determine if a user is allowed to authenticate using NTLM authentication.
+attributeId: 1.2.840.113556.1.4.2348
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+# searchFlags hex value 0x00000000
+searchFlags: 0
+# schemaIdGuid {7ece040f-9327-4cdc-aad3-037adfe62639}
+schemaIdGuid:: DwTOfieT3Eyq0wN63+YmOQ==
+# attributeSecurityGuid {00000000-0000-0000-0000-000000000000}
+showInAdvancedViewOnly: TRUE
+# systemFlags hex value 0x00000010
+# 0x00000010 (Attribute is in the base schema)
+systemFlags: 16
+
+dn: CN=ms-DS-Service-Allowed-NTLM-Network-Authentication,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ServiceAllowedNTLMNetworkAuthentication
+adminDisplayName: ms-DS-Service-Allowed-NTLM-Network-Authentication
+adminDescription: This attribute is used to determine if a service is allowed to authenticate using NTLM authentication.
+attributeId: 1.2.840.113556.1.4.2349
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+# searchFlags hex value 0x00000000
+searchFlags: 0
+# schemaIdGuid {278947b9-5222-435e-96b7-1503858c2b48}
+schemaIdGuid:: uUeJJyJSXkOWtxUDhYwrSA==
+# attributeSecurityGuid {00000000-0000-0000-0000-000000000000}
+showInAdvancedViewOnly: TRUE
+# systemFlags hex value 0x00000010
+# 0x00000010 (Attribute is in the base schema)
+systemFlags: 16
+
+dn: CN=ms-DS-Strong-NTLM-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-StrongNTLMPolicy
+adminDisplayName: ms-DS-Strong-NTLM-Policy
+adminDescription: This attribute specifies policy options for NTLM secrets with strong entropy.
+attributeId: 1.2.840.113556.1.4.2350
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+# searchFlags hex value 0x00000000
+searchFlags: 0
+# schemaIdGuid {aacd2170-482a-44c6-b66e-42c2f66a285c}
+schemaIdGuid:: cCHNqipIxkS2bkLC9mooXA==
+# attributeSecurityGuid {00000000-0000-0000-0000-000000000000}
+showInAdvancedViewOnly: TRUE
+# systemFlags hex value 0x00000010
+# 0x00000010 (Attribute is in the base schema)
+systemFlags: 16
+
+dn: CN=ms-DS-AuthN-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2348
+systemMayContain: 1.2.840.113556.1.4.2349
+systemMayContain: 1.2.840.113556.1.4.2350
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 85
+-
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+```
+
+### Sch86.ldf
+
+```
+dn: CN=ms-DS-Source-Anchor,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-SourceAnchor
+adminDisplayName: ms-DS-Source-Anchor
+adminDescription: Unique, immutable identifier for the object in the authoritative directory.
+attributeId: 1.2.840.113556.1.4.2352
+attributeSyntax: 2.5.5.12
+# Syntax: String
+oMSyntax: 64
+isSingleValued: TRUE
+# Note that we do not supply rangeUpper here.DS API enforces a maximum length of 256 Unicode characters,
+# which may translate to more than 256 multi-byte characters in AD given that the AD syntax for this
+# attribute is not String(Unicode).
+rangeLower: 1
+systemOnly: FALSE
+# searchFlags: +fPDNTATTINDEX for SearchForAddressListObjects
+# searchFlags: fPDNTATTINDEX | fPRESERVEONDELETE
+searchFlags: 10
+schemaIDGUID:: B/QCsEAT60G8oL19k44lqQ==
+# attributeSecurityGuid {00000000-0000-0000-0000-000000000000}
+showInAdvancedViewOnly: TRUE
+# systemFlags hex value 0x00000010
+# 0x00000010 (Attribute is in the base schema)
+systemFlags: 16
+
+dn: CN=ms-DS-Object-SOA,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ObjectSoa
+adminDisplayName: ms-DS-Object-SOA
+adminDescription: This attribute is used to identify the source of authority of the object.
+attributeId: 1.2.840.113556.1.4.2353
+attributeSyntax: 2.5.5.12
+# Syntax: String
+oMSyntax: 64
+isSingleValued: TRUE
+# Note that we do not supply rangeUpper here.DS API enforces a maximum length of 256 Unicode characters,
+# which may translate to more than 256 multi-byte characters in AD given that the AD syntax for this
+# attribute is not String(Unicode).
+rangeLower: 1
+systemOnly: FALSE
+searchFlags: 0
+schemaIDGUID:: 9b32NHkuO0yOFD2Tt1qriQ==
+showInAdvancedViewOnly: TRUE
+# systemFlags hex value 0x00000010
+# 0x00000010 (Attribute is in the base schema)
+systemFlags: 16
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2352
+systemMayContain: 1.2.840.113556.1.4.2353
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 86
+-
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+```
+
+### Sch87.ldf
+
+```
+dn: CN=Send-As,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: modify
+add: appliesTo
+appliesTo: 7b8b558a-93a5-4af7-adca-c017e67f1057
+-
+
+dn: CN=Receive-As,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: modify
+add: appliesTo
+appliesTo: 7b8b558a-93a5-4af7-adca-c017e67f1057
+-
+
+dn: CN=Personal-Information,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: modify
+add: appliesTo
+appliesTo: 7b8b558a-93a5-4af7-adca-c017e67f1057
+-
+
+dn: CN=Public-Information,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: modify
+add: appliesTo
+appliesTo: 7b8b558a-93a5-4af7-adca-c017e67f1057
+-
+
+dn: CN=Validated-SPN,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: modify
+add: appliesTo
+appliesTo: 7b8b558a-93a5-4af7-adca-c017e67f1057
+-
+
+dn: CN=Allowed-To-Authenticate,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: modify
+add: appliesTo
+appliesTo: 7b8b558a-93a5-4af7-adca-c017e67f1057
+-
+
+dn: CN=MS-TS-GatewayAccess,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: modify
+add: appliesTo
+appliesTo: 7b8b558a-93a5-4af7-adca-c017e67f1057
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 87
+-
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+```
+
+## Schema Updates in Windows Server 2012 R2
+
+Sch57.ldf through Sch69.ldf are introduced with Windows Server 2012 R2.
+
+### Sch57.ldf
+
+```
+dn: CN=ms-DS-Issuer-Certificates,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-Issuer-Certificates
+adminDisplayName: ms-DS-Issuer-Certificates
+adminDescription: The keys used to sign certificates issued by the Registration Service.
+ldapDisplayName: msDS-IssuerCertificates
+attributeId: 1.2.840.113556.1.4.2240
+omSyntax: 4
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+instanceType: 4
+rangeLower: 1
+rangeUpper: 65536
+searchFlags: 0
+systemOnly: FALSE
+schemaIdGuid:: 2m89a5MIxEOJ+x+1KmYWqQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Registration-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-Registration-Quota
+adminDisplayName: ms-DS-Registration-Quota
+adminDescription: Policy used to limit the number of registrations allowed for a single user.
+ldapDisplayName: msDS-RegistrationQuota
+attributeId: 1.2.840.113556.1.4.2241
+omSyntax: 2
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+instanceType: 4
+searchFlags: 0
+systemOnly: FALSE
+schemaIdGuid:: woYyymQfeUCWvOYrYQ5zDw==
+systemFlags: 16
+
+dn: CN=ms-DS-Maximum-Registration-Inactivity-Period,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-Maximum-Registration-Inactivity-Period
+adminDisplayName: ms-DS-Maximum-Registration-Inactivity-Period
+adminDescription: The maximum amount of days used to detect inactivty of registration objects.
+ldapDisplayName: msDS-MaximumRegistrationInactivityPeriod
+attributeId: 1.2.840.113556.1.4.2242
+omSyntax: 2
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+instanceType: 4
+searchFlags: 0
+systemOnly: FALSE
+schemaIdGuid:: OapcCuYFykm4CAJbk2YQ5w==
+systemFlags: 16
+
+dn: CN=ms-DS-Is-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-Is-Enabled
+adminDisplayName: ms-DS-Is-Enabled
+adminDescription: This attribute is used to enable or disable the user-device relationship.
+ldapDisplayName: msDS-IsEnabled
+attributeId: 1.2.840.113556.1.4.2248
+omSyntax: 1
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+instanceType: 4
+searchFlags: 0
+systemOnly: FALSE
+schemaIdGuid:: DlypIoMfgkyUzr6miM/IcQ==
+systemFlags: 16
+
+dn: CN=ms-DS-Device-OS-Type,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-Device-OS-Type
+adminDisplayName: ms-DS-Device-OS-Type
+adminDescription: This attribute is used to track the type of device based on the OS.
+ldapDisplayName: msDS-DeviceOSType
+attributeId: 1.2.840.113556.1.4.2249
+omSyntax: 64
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+instanceType: 4
+rangeLower: 0
+rangeUpper: 1024
+searchFlags: 0
+systemOnly: FALSE
+schemaIdGuid:: TUUOELvzy02EX41e3EccWQ==
+systemFlags: 16
+
+dn: CN=ms-DS-Device-OS-Version,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-Device-OS-Version
+adminDisplayName: ms-DS-Device-OS-Version
+adminDescription: This attribute is used to track the OS version of the device.
+ldapDisplayName: msDS-DeviceOSVersion
+attributeId: 1.2.840.113556.1.4.2250
+omSyntax: 64
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+instanceType: 4
+rangeLower: 0
+rangeUpper: 512
+searchFlags: 0
+systemOnly: FALSE
+schemaIdGuid:: Y4z7cKtfBEWrnRSzKain+A==
+systemFlags: 16
+
+dn: CN=ms-DS-Device-Physical-IDs,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-Device-Physical-IDs
+adminDisplayName: ms-DS-Device-Physical-IDs
+adminDescription: This attribute is used to store identifiers of the physical device.
+ldapDisplayName: msDS-DevicePhysicalIDs
+attributeId: 1.2.840.113556.1.4.2251
+omSyntax: 4
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+instanceType: 4
+rangeLower: 1
+rangeUpper: 10485760
+searchFlags: 1
+systemOnly: FALSE
+schemaIdGuid:: FFRhkKCiR0Spk1NAlZm3Tg==
+systemFlags: 16
+
+dn: CN=ms-DS-Device-ID,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-Device-ID
+adminDisplayName: ms-DS-Device-ID
+adminDescription: This attribute stores the ID of the device.
+ldapDisplayName: msDS-DeviceID
+attributeId: 1.2.840.113556.1.4.2252
+omSyntax: 4
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+instanceType: 4
+rangeLower: 16
+rangeUpper: 16
+searchFlags: 1
+systemOnly: FALSE
+schemaIdGuid:: x4EBw0Jj+0GyeffFZsvgpw==
+systemFlags: 16
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=ms-DS-Device-Registration-Service-Container,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+cn: ms-DS-Device-Registration-Service-Container
+adminDisplayName: ms-DS-Device-Registration-Service-Container
+adminDescription: A class for the container used to house all enrollment services used for device registrations.
+ldapDisplayName: msDS-DeviceRegistrationServiceContainer
+rDNAttID: cn
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+governsId: 1.2.840.113556.1.5.287
+instanceType: 4
+objectClassCategory: 1
+schemaIdGuid:: zlULMc09kkOpbcnjU5fCTw==
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+systemFlags: 16
+subClassOf: top
+systemPossSuperiors: 1.2.840.113556.1.3.23
+
+dn: CN=ms-DS-Device-Container,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+cn: ms-DS-Device-Container
+adminDisplayName: ms-DS-Device-Container
+adminDescription: A class for the container used to hold device objects.
+ldapDisplayName: msDS-DeviceContainer
+rDNAttID: cn
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+governsId: 1.2.840.113556.1.5.289
+instanceType: 4
+objectClassCategory: 1
+schemaIdGuid:: WIyefBuQqE627E656fwOEQ==
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+systemFlags: 16
+subClassOf: top
+systemPossSuperiors: 1.2.840.113556.1.5.67
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=ms-DS-Device-Registration-Service,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+cn: ms-DS-Device-Registration-Service
+adminDisplayName: ms-DS-Device-Registration-Service
+adminDescription: An object of this class holds the registration service configuration used for devices.
+ldapDisplayName: msDS-DeviceRegistrationService
+rDNAttID: cn
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+governsId: 1.2.840.113556.1.5.284
+instanceType: 4
+objectClassCategory: 1
+schemaIdGuid:: Gjq8ltLj00mvEXsN951n9Q==
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+systemFlags: 16
+subClassOf: top
+systemPossSuperiors: 1.2.840.113556.1.5.287
+systemMayContain: 1.2.840.113556.1.4.2240
+systemMayContain: 1.2.840.113556.1.4.2241
+systemMayContain: 1.2.840.113556.1.4.2242
+
+dn: CN=ms-DS-Device,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+cn: ms-DS-Device
+adminDisplayName: ms-DS-Device
+adminDescription: An object of this type represents a registered device.
+ldapDisplayName: msDS-Device
+rDNAttID: cn
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+governsId: 1.2.840.113556.1.5.286
+instanceType: 4
+objectClassCategory: 1
+schemaIdGuid:: c7byXUFtdEez6NUujun/mQ==
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+systemFlags: 16
+subClassOf: top
+systemPossSuperiors: 1.2.840.113556.1.5.289
+systemMayContain: 1.2.840.113556.1.4.2248
+systemMayContain: 1.2.840.113556.1.4.2249
+systemMayContain: 1.2.840.113556.1.4.2250
+systemMayContain: 1.2.840.113556.1.4.2251
+systemMayContain: 1.2.840.113556.1.4.2252
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 57
+-
+```
+
+### Sch58.ldf
+
+```
+dn: CN=ms-DS-Resource-Property-List,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultHidingValue
+defaultHidingValue: FALSE
+-
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 58
+-
+```
+
+### Sch59.ldf
+
+```
+dn: CN=ms-DS-User-Device-Registration,CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: isDefunct
+isDefunct: TRUE
+-
+
+dn: CN=ms-DS-User-Device-Registration-Container,CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: isDefunct
+isDefunct: TRUE
+-
+
+dn: CN=ms-DS-Device,CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2246
+-
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2244
+-
+
+dn: CN=ms-DS-User-Device-Registration-Link,CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: isDefunct
+isDefunct: TRUE
+-
+
+dn: CN=ms-DS-User-Device-Registration-Link-BL,CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: isDefunct
+isDefunct: TRUE
+-
+
+dn: CN=ms-DS-Authentication-Level,CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: isDefunct
+isDefunct: TRUE
+-
+
+dn: CN=ms-DS-Approximate-Last-Use-Time-Stamp,CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: isDefunct
+isDefunct: TRUE
+-
+
+dn: CN=ms-DS-Device-Reference,CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: isDefunct
+isDefunct: TRUE
+-
+
+dn: CN=ms-DS-Device-Location,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-Device-Location
+adminDisplayName: ms-DS-Device-Location
+adminDescription: The DN under which the device objects will be created.
+ldapDisplayName: msDS-DeviceLocation
+attributeId: 1.2.840.113556.1.4.2261
+omSyntax: 127
+omObjectClass:: KwwCh3McAIVK
+attributeSyntax: 2.5.5.1
+isSingleValued: TRUE
+instanceType: 4
+searchFlags: 0
+systemOnly: TRUE
+schemaIdGuid:: yFb74+hd9UWxsdK2zTHnYg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Registered-Owner,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-Registered-Owner
+adminDisplayName: ms-DS-Registered-Owner
+adminDescription: Single valued binary attribute containing the primary SID referencing the first user to register the device. The value is not removed during de-registration, but could be managed by an administrator.
+ldapDisplayName: msDS-RegisteredOwner
+attributeId: 1.2.840.113556.1.4.2258
+omSyntax: 4
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+instanceType: 4
+searchFlags: 1
+isMemberOfPartialAttributeSet: TRUE
+systemOnly: FALSE
+schemaIdGuid:: 6SZ2YesBz0KZH85heYIjfg==
+systemFlags: 18
+
+dn: CN=ms-DS-Registered-Users,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-Registered-Users
+adminDisplayName: ms-DS-Registered-Users
+adminDescription: Contains the list of users that have registered the device.Users in this list have all of the features provided by the "Company Portal" app.And they have SSO to company resources.
+ldapDisplayName: msDS-RegisteredUsers
+attributeId: 1.2.840.113556.1.4.2263
+omSyntax: 4
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+instanceType: 4
+searchFlags: 1
+isMemberOfPartialAttributeSet: TRUE
+systemOnly: FALSE
+schemaIdGuid:: DBZJBI5ayE+wUgHA9uSPAg==
+systemFlags: 18
+
+dn: CN=ms-DS-Approximate-Last-Logon-Time-Stamp,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-Approximate-Last-Logon-Time-Stamp
+adminDisplayName: ms-DS-Approximate-Last-Logon-Time-Stamp
+adminDescription: The approximate time a user last logged on with from the device.
+ldapDisplayName: msDS-ApproximateLastLogonTimeStamp
+attributeId: 1.2.840.113556.1.4.2262
+omSyntax: 65
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+instanceType: 4
+searchFlags: 1
+isMemberOfPartialAttributeSet: TRUE
+systemOnly: FALSE
+schemaIdGuid:: O5hPo8aEDE+QUKOhSh01pA==
+systemFlags: 16
+
+dn: CN=ms-DS-Device-Object-Version,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-Device-Object-Version
+adminDisplayName: ms-DS-Device-Object-Version
+adminDescription: This attribute is used to identify the schema version of the device.
+ldapDisplayName: msDS-DeviceObjectVersion
+attributeId: 1.2.840.113556.1.4.2257
+omSyntax: 2
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+instanceType: 4
+searchFlags: 1
+isMemberOfPartialAttributeSet: TRUE
+systemOnly: FALSE
+schemaIdGuid:: Wmll73nxak6T3rAeBmgc+w==
+systemFlags: 18
+
+dn: CN=ms-DS-Device-OS-Type,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: isSingleValued
+isSingleValued: TRUE
+-
+
+dn: CN=ms-DS-Device-OS-Type,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 1
+-
+
+dn: CN=ms-DS-Device-OS-Version,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: isSingleValued
+isSingleValued: TRUE
+-
+
+dn: CN=ms-DS-Device-Physical-IDs,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: omSyntax
+omSyntax: 64
+-
+
+dn: CN=ms-DS-Device-Physical-IDs,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: attributeSyntax
+attributeSyntax: 2.5.5.12
+-
+
+dn: CN=ms-DS-Device-Physical-IDs,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: rangeUpper
+rangeUpper: 1024
+-
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=ms-DS-Device-Registration-Service,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMustContain
+systemMustContain: 1.2.840.113556.1.4.2261
+-
+
+dn: CN=ms-DS-Device,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2257
+systemMayContain: 1.2.840.113556.1.4.2258
+systemMayContain: 1.2.840.113556.1.4.2262
+systemMayContain: 1.2.840.113556.1.4.2263
+-
+
+dn: CN=ms-DS-Device,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2248
+-
+
+dn: CN=ms-DS-Device,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMustContain
+systemMustContain: 1.2.840.113556.1.4.2248
+systemMustContain: 1.2.840.113556.1.2.13
+systemMustContain: 1.2.840.113556.1.4.867
+-
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 59
+-
+```
+
+### Sch60.ldf
+
+```
+dn: CN=ms-DS-Is-Member-Of-DL-Transitive,CN=Schema,CN=Configuration,DC=X
+# This constructed attribute transitively expands the
+# linked attribute "isMemberOfDL"
+changetype: ntdsschemaadd
+objectClass: attributeSchema
+lDAPDisplayName: msds-memberOfTransitive
+adminDisplayName: msds-memberOfTransitive
+adminDescription: msds-memberOfTransitive
+attributeID: 1.2.840.113556.1.4.2236
+attributeSyntax: 2.5.5.1
+oMSyntax: 127
+oMObjectClass:: KwwCh3McAIVK
+isSingleValued: FALSE
+systemOnly: TRUE
+# 0x800(only return on base search)
+searchFlags: 2048
+showInAdvancedViewOnly: TRUE
+schemaIdGuid:: tmYhhkHJJ0eVZUi//ylB3g==
+# 0x10 (base schema) +
+# 0x08 (operational) +
+# 0x04 (constructed) +
+# 0x01 (not replicated)
+systemFlags: 29
+
+dn: CN=ms-DS-Member-Transitive,CN=Schema,CN=Configuration,DC=X
+# This constructed attribute transitively expands the
+# linked attribute "member"
+changetype: ntdsschemaadd
+objectClass: attributeSchema
+lDAPDisplayName: msds-memberTransitive
+adminDisplayName: msds-memberTransitive
+adminDescription: msds-memberTransitive
+attributeID: 1.2.840.113556.1.4.2238
+attributeSyntax: 2.5.5.1
+oMSyntax: 127
+oMObjectClass:: KwwCh3McAIVK
+isSingleValued: FALSE
+systemOnly: TRUE
+# 0x800(only return on base search)
+searchFlags: 2048
+showInAdvancedViewOnly: TRUE
+schemaIdGuid:: WzkV4gSR2US4lDmeyeId/A==
+# 0x10 (base schema) +
+# 0x08 (operational) +
+# 0x04 (constructed) +
+# 0x01 (not replicated)
+systemFlags: 29
+
+dn: CN=ms-DS-Parent-Dist-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsschemaadd
+objectClass: attributeSchema
+lDAPDisplayName: msDS-parentdistname
+adminDisplayName: ms-DS-Parent-Dist-Name
+adminDescription: ms-DS-Parent-Dist-Name
+attributeID: 1.2.840.113556.1.4.2203
+attributeSyntax: 2.5.5.1
+oMSyntax: 127
+oMObjectClass:: KwwCh3McAIVK
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+schemaIDGUID:: ff4YuRqXBPSeIZJhq+yXCw==
+showInAdvancedViewOnly: TRUE
+# 0x10 (base schema) +
+# 0x08 (operational) +
+# 0x04 (constructed) +
+# 0x01 (not replicated)
+systemFlags: 29
+
+dn: CN=ms-DS-Repl-Value-Meta-Data-Ext,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ReplValueMetaDataExt
+adminDisplayName: ms-DS-Repl-Value-Meta-Data-Ext
+adminDescription: ms-DS-Repl-Value-Meta-Data-Ext
+attributeId: 1.2.840.113556.1.4.2235
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 79ICHq1EskamfZ/RjXgLyg==
+showInAdvancedViewOnly: TRUE
+# 0x10 (base schema) +
+# 0x04 (constructed)
+systemFlags: 20
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: cn=Top,cn=Schema,cn=Configuration,dc=X
+changetype: ntdsschemamodify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2238
+systemMayContain: 1.2.840.113556.1.4.2236
+systemMayContain: 1.2.840.113556.1.4.2203
+systemMayContain: 1.2.840.113556.1.4.2235
+-
+
+dn: CN=DS-Set-Owner,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+displayName: Set Owner of an object during creation.
+rightsGuid: 4125c71f-7fac-4ff0-bcb7-f09a41325286
+appliesTo: 26f11b08-a29d-4869-99bb-ef0b99fd883e
+validAccesses: 256
+
+dn: CN=DS-Bypass-Quota,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+displayName: Bypass the quota restrictions during creation.
+rightsGuid: 88a9933e-e5c8-4f2a-9dd7-2527416b8092
+appliesTo: 26f11b08-a29d-4869-99bb-ef0b99fd883e
+validAccesses: 256
+
+dn: CN=DS-Read-Partition-Secrets,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+displayName: Read secret attributes of objects in a Partition
+rightsGuid: 084c93a2-620d-4879-a836-f0ae47de0e89
+appliesTo: 26f11b08-a29d-4869-99bb-ef0b99fd883e
+validAccesses: 256
+
+dn: CN=DS-Write-Partition-Secrets,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+displayName: Write secret attributes of objects in a Partition
+rightsGuid: 94825A8D-B171-4116-8146-1E34D8F54401
+appliesTo: 26f11b08-a29d-4869-99bb-ef0b99fd883e
+validAccesses: 256
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 60
+-
+```
+
+### Sch61.ldf
+
+```
+dn: CN=ms-DS-Drs-Farm-ID,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-Drs-Farm-ID
+adminDisplayName: ms-DS-Drs-Farm-ID
+adminDescription: This attribute stores the name of the federation service this DRS object is associated with.
+ldapDisplayName: msDS-DrsFarmID
+attributeId: 1.2.840.113556.1.4.2265
+omSyntax: 64
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+instanceType: 4
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemOnly: TRUE
+schemaIdGuid:: ZvdVYC4gzUmovuUrsVnt+w==
+systemFlags: 16
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=ms-DS-Device-Registration-Service,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMustContain
+systemMustContain: 1.2.840.113556.1.4.2248
+systemMustContain: 1.2.840.113556.1.4.2265
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 61
+-
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+```
+
+### Sch62.ldf
+
+```
+dn: CN=ms-DS-Issuer-Public-Certificates,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-Issuer-Public-Certificates
+adminDisplayName: ms-DS-Issuer-Public-Certificates
+adminDescription: The public keysof the keys used to sign certificates issued by the Registration Service.
+ldapDisplayName: msDS-IssuerPublicCertificates
+attributeId: 1.2.840.113556.1.4.2269
+omSyntax: 4
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+instanceType: 4
+rangeLower: 1
+rangeUpper: 65536
+searchFlags: 0
+systemOnly: FALSE
+schemaIdGuid:: /u3xtdK0dkCrD2FINCsL9g==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=ms-DS-Device-Registration-Service,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2269
+-
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 62
+-
+
+```
+
+### Sch63.ldf
+
+```
+dn: CN=ms-DS-Issuer-Certificates,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 128
+-
+
+dn: CN=ms-DS-Device-Registration-Service,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+-
+
+dn: CN=ms-DS-Device-Registration-Service-Container,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+-
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 63
+-
+
+```
+
+### Sch64.ldf
+
+```
+dn: CN=ms-DS-Device-Registration-Service,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+-
+
+dn: CN=ms-DS-Device-Registration-Service-Container,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+-
+
+dn: CN=ms-DS-Device,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2252
+-
+
+dn: CN=ms-DS-Device,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMustContain
+systemMustContain: 1.2.840.113556.1.4.2252
+-
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 64
+-
+```
+
+### Sch65.ldf
+
+```
+dn: CN=ms-DS-Registration-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: showInAdvancedViewOnly
+showInAdvancedViewOnly: TRUE
+-
+
+dn: CN=ms-DS-Maximum-Registration-Inactivity-Period,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: showInAdvancedViewOnly
+showInAdvancedViewOnly: TRUE
+-
+
+dn: CN=ms-DS-Registered-Owner,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: showInAdvancedViewOnly
+showInAdvancedViewOnly: TRUE
+-
+
+dn: CN=ms-DS-Registered-Users,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: showInAdvancedViewOnly
+showInAdvancedViewOnly: TRUE
+-
+
+dn: CN=ms-DS-Approximate-Last-Logon-Time-Stamp,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: showInAdvancedViewOnly
+showInAdvancedViewOnly: TRUE
+-
+
+dn: CN=ms-DS-Is-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: showInAdvancedViewOnly
+showInAdvancedViewOnly: TRUE
+-
+
+dn: CN=ms-DS-Device-OS-Type,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: showInAdvancedViewOnly
+showInAdvancedViewOnly: TRUE
+-
+
+dn: CN=ms-DS-Device-OS-Version,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: showInAdvancedViewOnly
+showInAdvancedViewOnly: TRUE
+-
+
+dn: CN=ms-DS-Device-Physical-IDs,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: showInAdvancedViewOnly
+showInAdvancedViewOnly: TRUE
+-
+
+dn: CN=ms-DS-Device-ID,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: showInAdvancedViewOnly
+showInAdvancedViewOnly: TRUE
+-
+
+dn: CN=ms-DS-Device-Object-Version,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: showInAdvancedViewOnly
+showInAdvancedViewOnly: TRUE
+-
+
+dn: CN=ms-DS-Drs-Farm-ID,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: showInAdvancedViewOnly
+showInAdvancedViewOnly: TRUE
+-
+
+dn: CN=ms-DS-IsManaged,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-IsManaged
+adminDisplayName: ms-DS-IsManaged
+adminDescription: This attribute is used to indicate the device is managed by a on-premises MDM.
+ldapDisplayName: msDS-IsManaged
+attributeId: 1.2.840.113556.1.4.2270
+omSyntax: 1
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+instanceType: 4
+searchFlags: 1
+systemOnly: FALSE
+schemaIdGuid:: zmpoYCds3kOk5fAML40zCQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Cloud-IsManaged,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-Cloud-IsManaged
+adminDisplayName: ms-DS-Cloud-IsManaged
+adminDescription: This attribute is used to indicate the device is managed by a cloud MDM.
+ldapDisplayName: msDS-CloudIsManaged
+attributeId: 1.2.840.113556.1.4.2271
+omSyntax: 1
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+instanceType: 4
+searchFlags: 1
+systemOnly: FALSE
+schemaIdGuid:: jroVU4+VUku9OBNJowTdYw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Cloud-Anchor,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-Cloud-Anchor
+adminDisplayName: ms-DS-Cloud-Anchor
+adminDescription: This attribute is used by the DirSync engine to indicate the object SOA and to maintain the relationship between the on-premises and cloud object.
+ldapDisplayName: msDS-CloudAnchor
+attributeId: 1.2.840.113556.1.4.2273
+omSyntax: 4
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+instanceType: 4
+searchFlags: 0
+systemOnly: FALSE
+schemaIdGuid:: gF5WeNQD40+vrIw7yi82Uw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Cloud-Issuer-Public-Certificates,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-Cloud-Issuer-Public-Certificates
+adminDisplayName: ms-DS-Cloud-Issuer-Public-Certificates
+adminDescription: The public keys used by the cloud DRS to sign certificates issued by the Registration Service.
+ldapDisplayName: msDS-CloudIssuerPublicCertificates
+attributeId: 1.2.840.113556.1.4.2274
+omSyntax: 4
+attributeSyntax: 2.5.5.10
+isSingleValued: FALSE
+instanceType: 4
+rangeLower: 1
+rangeUpper: 65536
+searchFlags: 0
+systemOnly: FALSE
+schemaIdGuid:: T7XoodZL0k+Y4rzukqVUlw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Cloud-IsEnabled,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-Cloud-IsEnabled
+adminDisplayName: ms-DS-Cloud-IsEnabled
+adminDescription: This attribute is used to indicate whether cloud DRS is enabled.
+ldapDisplayName: msDS-CloudIsEnabled
+attributeId: 1.2.840.113556.1.4.2275
+omSyntax: 1
+attributeSyntax: 2.5.5.8
+isSingleValued: TRUE
+instanceType: 4
+searchFlags: 0
+systemOnly: FALSE
+schemaIdGuid:: KIOEiU58b0+gEyjOOtKC3A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=ms-DS-Device,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2270
+systemMayContain: 1.2.840.113556.1.4.2271
+systemMayContain: 1.2.840.113556.1.4.2273
+-
+
+dn: CN=ms-DS-Device-Registration-Service,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2274
+systemMayContain: 1.2.840.113556.1.4.2275
+-
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 65
+-
+```
+
+### Sch66.ldf
+
+```
+dn: CN=ms-DS-SyncServerUrl,CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-SyncServerUrl
+ldapDisplayName: msDS-SyncServerUrl
+adminDisplayName: ms-DS-SyncServerUrl
+adminDescription: Use this attribute to store the sync server (Url format) which hosts the user sync folder
+AttributeID: 1.2.840.113556.1.4.2276
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+SystemOnly: FALSE
+searchFlags: 1
+rangeLower: 1
+rangeUpper: 512
+schemaIdGuid:: 0sOst3QqpE+sJeY/6LYSGA==
+showInAdvancedViewOnly: FALSE
+systemFlags: 16
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2276
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 66
+-
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+```
+
+### Sch67.ldf
+
+```
+dn: CN=ms-DS-Device-Registration-Service,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemMustContain
+systemMustContain: 1.2.840.113556.1.4.2265
+-
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=ms-DS-Drs-Farm-ID,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: isDefunct
+isDefunct: TRUE
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 67
+-
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+```
+
+### Sch68.ldf
+
+```
+dn: CN=ms-DS-User-Allowed-To-Authenticate-To,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-UserAllowedToAuthenticateTo
+adminDisplayName: ms-DS-User-Allowed-To-Authenticate-To
+adminDescription: This attribute is used to determine if a user has permission to authenticate to a service.
+attributeId: 1.2.840.113556.1.4.2277
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: f6oM3k5yhkKxeRkmce/GZA==
+systemFlags: 16
+RangeLower: 0
+RangeUpper: 132096
+instanceType: 4
+
+dn: CN=ms-DS-User-Allowed-To-Authenticate-From,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-UserAllowedToAuthenticateFrom
+adminDisplayName: ms-DS-User-Allowed-To-Authenticate-From
+adminDescription: This attribute is used to determine if a user has permission to authenticate from a computer.
+attributeId: 1.2.840.113556.1.4.2278
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: AJZMLOGwfUSN2nSQIle9tQ==
+systemFlags: 16
+RangeLower: 0
+RangeUpper: 132096
+instanceType: 4
+
+dn: CN=ms-DS-User-TGT-Lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-UserTGTLifetime
+adminDisplayName: User TGT Lifetime
+adminDescription: This attribute specifies the maximum age of a Kerberos TGT issued to a user in units of 10^(-7) seconds.
+attributeId: 1.2.840.113556.1.4.2279
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: g8khhZn1D0K5q7EiK9+VwQ==
+systemFlags: 16
+instanceType: 4
+
+dn: CN=ms-DS-Computer-Allowed-To-Authenticate-To,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ComputerAllowedToAuthenticateTo
+adminDisplayName: ms-DS-Computer-Allowed-To-Authenticate-To
+adminDescription: This attribute is used to determine if a computer has permission to authenticate to a service.
+attributeId: 1.2.840.113556.1.4.2280
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 6atbEH4Hk0e5dO8EELYlcw==
+systemFlags: 16
+RangeLower: 0
+RangeUpper: 132096
+instanceType: 4
+
+dn: CN=ms-DS-Computer-TGT-Lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ComputerTGTLifetime
+adminDisplayName: Computer TGT Lifetime
+adminDescription: This attribute specifies the maximum age of a Kerberos TGT issued to a computer in units of 10^(-7) seconds.
+attributeId: 1.2.840.113556.1.4.2281
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: JHWTLrnfrEykNqW32mT9Zg==
+systemFlags: 16
+instanceType: 4
+
+dn: CN=ms-DS-Service-Allowed-To-Authenticate-To,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ServiceAllowedToAuthenticateTo
+adminDisplayName: ms-DS-Service-Allowed-To-Authenticate-To
+adminDescription: This attribute is used to determine if a service has permission to authenticate to a service.
+attributeId: 1.2.840.113556.1.4.2282
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: MTGX8k2bIEi03gR07zuEnw==
+systemFlags: 16
+RangeLower: 0
+RangeUpper: 132096
+instanceType: 4
+
+dn: CN=ms-DS-Service-Allowed-To-Authenticate-From,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ServiceAllowedToAuthenticateFrom
+adminDisplayName: ms-DS-Service-Allowed-To-Authenticate-From
+adminDescription: This attribute is used to determine if a service has permission to authenticate from a computer.
+attributeId: 1.2.840.113556.1.4.2283
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: mnDalxY3Zkmx0YOLpTw9iQ==
+systemFlags: 16
+RangeLower: 0
+RangeUpper: 132096
+instanceType: 4
+
+dn: CN=ms-DS-Service-TGT-Lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ServiceTGTLifetime
+adminDisplayName: Service TGT Lifetime
+adminDescription: This attribute specifies the maximum age of a Kerberos TGT issued to a service in units of 10^(-7) seconds.
+attributeId: 1.2.840.113556.1.4.2284
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: IDz+XSnKfUCbq4Qh5V63XA==
+systemFlags: 16
+instanceType: 4
+
+dn: CN=ms-DS-Assigned-AuthN-Policy-Silo,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-AssignedAuthNPolicySilo
+adminDisplayName: Assigned Authentication Policy Silo
+adminDescription: This attribute specifies which AuthNPolicySilo a principal is assigned to.
+attributeId: 1.2.840.113556.1.4.2285
+attributeSyntax: 2.5.5.1
+omObjectClass:: KwwCh3McAIVK
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: QcE/svUN6kqzPWz0kwd7Pw==
+systemFlags: 16
+instanceType: 4
+linkID: 2202
+
+dn: CN=ms-DS-Assigned-AuthN-Policy-Silo-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-AssignedAuthNPolicySiloBL
+adminDisplayName: Assigned Authentication Policy Silo Backlink
+adminDescription: This attribute is the backlink for msDS-AssignedAuthNPolicySilo.
+attributeId: 1.2.840.113556.1.4.2286
+attributeSyntax: 2.5.5.1
+omObjectClass:: KwwCh3McAIVK
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+schemaIdGuid:: FAUUM3r10keOxATEZmYAxw==
+systemFlags: 16
+instanceType: 4
+linkID: 2203
+
+dn: CN=ms-DS-AuthN-Policy-Silo-Members,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-AuthNPolicySiloMembers
+adminDisplayName: Authentication Policy Silo Members
+adminDescription: This attribute specifies which principals are assigned to the AuthNPolicySilo.
+attributeId: 1.2.840.113556.1.4.2287
+attributeSyntax: 2.5.5.1
+omObjectClass:: KwwCh3McAIVK
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: BR5NFqZIhkio6XeiAG48dw==
+systemFlags: 16
+instanceType: 4
+linkID: 2204
+
+dn: CN=ms-DS-AuthN-Policy-Silo-Members-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-AuthNPolicySiloMembersBL
+adminDisplayName: Authentication Policy Silo Members Backlink
+adminDescription: This attribute is the backlink for msDS-AuthNPolicySiloMembers.
+attributeId: 1.2.840.113556.1.4.2288
+attributeSyntax: 2.5.5.1
+omObjectClass:: KwwCh3McAIVK
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+schemaIdGuid:: x8v8EeT7UUm0t63fb579RA==
+systemFlags: 16
+instanceType: 4
+linkID: 2205
+
+dn: CN=ms-DS-User-AuthN-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-UserAuthNPolicy
+adminDisplayName: User Authentication Policy
+adminDescription: This attribute specifies which AuthNPolicy should be applied to users assigned to this silo object.
+attributeId: 1.2.840.113556.1.4.2289
+attributeSyntax: 2.5.5.1
+omObjectClass:: KwwCh3McAIVK
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 87kmzRXUKkSPeHxhUj7pWw==
+systemFlags: 16
+instanceType: 4
+linkID: 2206
+
+dn: CN=ms-DS-User-AuthN-Policy-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-UserAuthNPolicyBL
+adminDisplayName: User Authentication Policy Backlink
+adminDescription: This attribute is the backlink for msDS-UserAuthNPolicy.
+attributeId: 1.2.840.113556.1.4.2290
+attributeSyntax: 2.5.5.1
+omObjectClass:: KwwCh3McAIVK
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+schemaIdGuid:: qfoXL0ddH0uXfqpS+r5lyA==
+systemFlags: 16
+instanceType: 4
+linkID: 2207
+
+dn: CN=ms-DS-Computer-AuthN-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ComputerAuthNPolicy
+adminDisplayName: Computer Authentication Policy
+adminDescription: This attribute specifies which AuthNPolicy should be applied to computers assigned to this silo object.
+attributeId: 1.2.840.113556.1.4.2291
+attributeSyntax: 2.5.5.1
+omObjectClass:: KwwCh3McAIVK
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: yWO4r6O+D0Sp82FTzGaJKQ==
+systemFlags: 16
+instanceType: 4
+linkID: 2208
+
+dn: CN=ms-DS-Computer-AuthN-Policy-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ComputerAuthNPolicyBL
+adminDisplayName: Computer Authentication Policy Backlink
+adminDescription: This attribute is the backlink for msDS-ComputerAuthNPolicy.
+attributeId: 1.2.840.113556.1.4.2292
+attributeSyntax: 2.5.5.1
+omObjectClass:: KwwCh3McAIVK
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+schemaIdGuid:: MmLvK6EwfkWGBHr22/ExuA==
+systemFlags: 16
+instanceType: 4
+linkID: 2209
+
+dn: CN=ms-DS-Service-AuthN-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ServiceAuthNPolicy
+adminDisplayName: Service Authentication Policy
+adminDescription: This attribute specifies which AuthNPolicy should be applied to services assigned to this silo object.
+attributeId: 1.2.840.113556.1.4.2293
+attributeSyntax: 2.5.5.1
+omObjectClass:: KwwCh3McAIVK
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: lW1qKs4o7km7JG0fwB4xEQ==
+systemFlags: 16
+instanceType: 4
+linkID: 2210
+
+dn: CN=ms-DS-Service-AuthN-Policy-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ServiceAuthNPolicyBL
+adminDisplayName: Service Authentication Policy Backlink
+adminDescription: This attribute is the backlink for msDS-ServiceAuthNPolicy.
+attributeId: 1.2.840.113556.1.4.2294
+attributeSyntax: 2.5.5.1
+omObjectClass:: KwwCh3McAIVK
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+schemaIdGuid:: 7CgRLKJao0KzLfCXnKn80g==
+systemFlags: 16
+instanceType: 4
+linkID: 2211
+
+dn: CN=ms-DS-Assigned-AuthN-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-AssignedAuthNPolicy
+adminDisplayName: Assigned Authentication Policy
+adminDescription: This attribute specifies which AuthNPolicy should be applied to this principal.
+attributeId: 1.2.840.113556.1.4.2295
+attributeSyntax: 2.5.5.1
+omObjectClass:: KwwCh3McAIVK
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 2Ap6uPdUwUmEoOZNEoU1iA==
+systemFlags: 16
+instanceType: 4
+linkID: 2212
+
+dn: CN=ms-DS-Assigned-AuthN-Policy-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-AssignedAuthNPolicyBL
+adminDisplayName: Assigned Authentication Policy Backlink
+adminDescription: This attribute is the backlink for msDS-AssignedAuthNPolicy.
+attributeId: 1.2.840.113556.1.4.2296
+attributeSyntax: 2.5.5.1
+omObjectClass:: KwwCh3McAIVK
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+schemaIdGuid:: PBsTLZ/T7kqBXo20vBznrA==
+systemFlags: 16
+instanceType: 4
+linkID: 2213
+
+dn: CN=ms-DS-AuthN-Policy-Enforced,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-AuthNPolicyEnforced
+adminDisplayName: Authentication Policy Enforced
+adminDescription: This attribute specifies whether the authentication policy is enforced.
+attributeId: 1.2.840.113556.1.4.2297
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: wgxWekXsukSy1yEjatWf1Q==
+instanceType: 4
+systemFlags: 16
+
+dn: CN=ms-DS-AuthN-Policy-Silo-Enforced,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-AuthNPolicySiloEnforced
+adminDisplayName: Authentication Policy Silo Enforced
+adminDescription: This attribute specifies whether the authentication policy silo is enforced.
+attributeId: 1.2.840.113556.1.4.2298
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: AhH18uBrPUmHJhVGzbyHcQ==
+instanceType: 4
+systemFlags: 16
+
+dn: CN=ms-DS-AuthN-Policy-Silos,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDS-AuthNPolicySilos
+adminDisplayName: Authentication Policy Silos
+adminDescription: A container of this class can contain authentication policy silo objects.
+governsId: 1.2.840.113556.1.5.291
+objectClassCategory: 1
+rdnAttId: cn
+schemaIdGuid:: Ckex0oSPHkmnUrQB7gD+XA==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-AuthN-Policy-Silos,CN=Schema,CN=Configuration,DC=X
+instanceType: 4
+systemFlags: 16
+subClassOf: top
+systemPossSuperiors: 1.2.840.113556.1.3.23
+
+dn: CN=ms-DS-AuthN-Policies,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDS-AuthNPolicies
+adminDisplayName: Authentication Policies
+adminDescription: A container of this class can contain authentication policy objects.
+governsId: 1.2.840.113556.1.5.293
+objectClassCategory: 1
+rdnAttId: cn
+schemaIdGuid:: Xd+aOpd7fk+rtOW1XBwGtA==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-AuthN-Policies,CN=Schema,CN=Configuration,DC=X
+instanceType: 4
+systemFlags: 16
+subClassOf: top
+systemPossSuperiors: 1.2.840.113556.1.3.23
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=ms-DS-AuthN-Policy-Silo,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDS-AuthNPolicySilo
+adminDisplayName: Authentication Policy Silo
+adminDescription: An instance of this class defines authentication policies and related behaviors for assigned users, computers, and services.
+governsId: 1.2.840.113556.1.5.292
+objectClassCategory: 1
+rdnAttId: cn
+schemaIdGuid:: Hkbw+X1piUaSmTfmHWF7DQ==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-AuthN-Policy-Silo,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+instanceType: 4
+systemmaycontain: msDS-AuthNPolicySiloMembers
+systemmaycontain: msDS-UserAuthNPolicy
+systemmaycontain: msDS-ComputerAuthNPolicy
+systemmaycontain: msDS-ServiceAuthNPolicy
+systemmaycontain: msDS-AssignedAuthNPolicySiloBL
+systemmaycontain: msDS-AuthNPolicySiloEnforced
+subClassOf: top
+systemPossSuperiors: msDS-AuthNPolicySilos
+
+dn: CN=ms-DS-AuthN-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDS-AuthNPolicy
+adminDisplayName: Authentication Policy
+adminDescription: An instance of this class defines authentication policy behaviors for assigned principals.
+governsId: 1.2.840.113556.1.5.294
+objectClassCategory: 1
+rdnAttId: cn
+schemaIdGuid:: VhFqq8dN9UCRgI5M5C/lzQ==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-AuthN-Policy,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+instanceType: 4
+systemmaycontain: msDS-UserAllowedToAuthenticateTo
+systemmaycontain: msDS-UserAllowedToAuthenticateFrom
+systemmaycontain: msDS-UserTGTLifetime
+systemmaycontain: msDS-ComputerAllowedToAuthenticateTo
+systemmaycontain: msDS-ComputerTGTLifetime
+systemmaycontain: msDS-ServiceAllowedToAuthenticateTo
+systemmaycontain: msDS-ServiceAllowedToAuthenticateFrom
+systemmaycontain: msDS-ServiceTGTLifetime
+systemmaycontain: msDS-UserAuthNPolicyBL
+systemmaycontain: msDS-ComputerAuthNPolicyBL
+systemmaycontain: msDS-ServiceAuthNPolicyBL
+systemmaycontain: msDS-AssignedAuthNPolicyBL
+systemmaycontain: msDS-AuthNPolicyEnforced
+subClassOf: top
+systemPossSuperiors: msDS-AuthNPolicies
+
+dn: CN=user,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add:systemmaycontain
+systemmaycontain: msDS-AssignedAuthNPolicy
+systemmaycontain: msDS-AssignedAuthNPolicySilo
+systemmaycontain: msDS-AuthNPolicySiloMembersBL
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 68
+-
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+```
+
+### Sch69.ldf
+
+```
+dn: CN=ms-DS-AuthN-Policy-Silo,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: defaultHidingValue
+defaultHidingValue: FALSE
+-
+
+dn: CN=ms-DS-AuthN-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: defaultHidingValue
+defaultHidingValue: FALSE
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 69
+-
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+```
+
+## Schema Updates in Windows Server 2012
+
+Sch48.ldf through Sch56.ldf are introduced with Windows Server 2012.
+
+### Sch48.ldf
+
+```
+dn: CN=ms-DS-Members-Of-Resource-Property-List,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-MembersOfResourcePropertyList
+adminDisplayName: ms-DS-Members-Of-Resource-Property-List
+adminDescription: For a resource property list object, this multi-valued link attribute points to one or more resource property objects.
+attributeId: 1.2.840.113556.1.4.2103
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: ERw3Ta1MQUyK0rGAqyvRPA==
+linkID: 2180
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Members-Of-Resource-Property-List-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-MembersOfResourcePropertyListBL
+adminDisplayName: ms-DS-Members-Of-Resource-Property-List-BL
+adminDescription: Backlink for ms-DS-Members-Of-Resource-Property-List. For a resource property object, this attribute references the resource property list object that it is a member of.
+attributeId: 1.2.840.113556.1.4.2104
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: BLdpdLDtaEWlpVn0hix1pw==
+linkID: 2181
+showInAdvancedViewOnly: TRUE
+systemFlags: 17
+
+dn: CN=ms-DS-Claim-Value-Type,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ClaimValueType
+adminDisplayName: ms-DS-Claim-Value-Type
+adminDescription: For a claim type object, specifies the value type of the claims issued.
+attributeId: 1.2.840.113556.1.4.2098
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+schemaIdGuid:: uRdixo7k90e31WVSuK/WGQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Claim-Possible-Values,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ClaimPossibleValues
+adminDisplayName: ms-DS-Claim-Possible-Values
+adminDescription: For a claim type or resource property object, this attribute describes the values suggested to a user when the he/she use the claim type or resource property in applications.
+attributeId: 1.2.840.113556.1.4.2097
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1048576
+schemaIdGuid:: 7u0oLnztP0Wv5JO9hvIXTw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Claim-Attribute-Source,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ClaimAttributeSource
+adminDisplayName: ms-DS-Claim-Attribute-Source
+adminDescription: For a claim type object, this attribute points to the attribute that will be used as the source for the claim type.
+attributeId: 1.2.840.113556.1.4.2099
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: PhK87ua6ZkGeWymISot2sA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Claim-Type-Applies-To-Class,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ClaimTypeAppliesToClass
+adminDisplayName: ms-DS-Claim-Type-Applies-To-Class
+adminDescription: For a claim type object, this linked attribute points to the AD security principal classes that for which claims should be issued. (For example, a link to the user class).
+attributeId: 1.2.840.113556.1.4.2100
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: TA77anbYfEOutsPkFFTCcg==
+linkID: 2176
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Claim-Shares-Possible-Values-With,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ClaimSharesPossibleValuesWith
+adminDisplayName: ms-DS-Claim-Shares-Possible-Values-With
+adminDescription: For a resource property object, this attribute indicates that the suggested values of the claims issued are defined on the object that this linked attribute points to. Overrides ms-DS-Claim-Possible-Values on itself, if populated.
+attributeId: 1.2.840.113556.1.4.2101
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: OtHIUgvOV0+JKxj1pDokAA==
+linkID: 2178
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Claim-Shares-Possible-Values-With-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ClaimSharesPossibleValuesWithBL
+adminDisplayName: ms-DS-Claim-Shares-Possible-Values-With-BL
+adminDescription: For a claim type object, this attribute indicates that the possible values described in ms-DS-Claim-Possible-Values are being referenced by other claim type objects.
+attributeId: 1.2.840.113556.1.4.2102
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: 2yLVVJXs9UibvRiA67shgA==
+linkID: 2179
+showInAdvancedViewOnly: TRUE
+systemFlags: 17
+
+dn: CN=ms-DS-Is-Used-As-Resource-Security-Attribute,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-IsUsedAsResourceSecurityAttribute
+adminDisplayName: ms-DS-Is-Used-As-Resource-Security-Attribute
+adminDescription: For a resource property, this attribute indicates whether it is being used as a secure attribute.
+attributeId: 1.2.840.113556.1.4.2095
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: nfjJUTBHjUaitR1JMhLRfg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-SPP-KMS-Ids,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msSPP-KMSIds
+adminDisplayName: ms-SPP-KMS-Ids
+adminDescription: KMS IDs enabled by the Activation Object
+attributeId: 1.2.840.113556.1.4.2082
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 1
+rangeLower: 16
+rangeUpper: 16
+schemaIdGuid:: 2j5mm0I11kad8DFAJa8rrA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-SPP-CSVLK-Pid,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msSPP-CSVLKPid
+adminDisplayName: ms-SPP-CSVLK-Pid
+adminDescription: ID of CSVLK product-key used to create the Activation Object
+attributeId: 1.2.840.113556.1.4.2105
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 512
+schemaIdGuid:: DVF/tFBr4Ue1VncseeT/xA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-SPP-CSVLK-Sku-Id,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msSPP-CSVLKSkuId
+adminDisplayName: ms-SPP-CSVLK-Sku-Id
+adminDescription: SKU ID of CSVLK product-key used to create the Activation Object
+attributeId: 1.2.840.113556.1.4.2081
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+schemaIdGuid:: OfeElnh7bUeNdDGtdpLu9A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-SPP-Phone-License,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msSPP-PhoneLicense
+adminDisplayName: ms-SPP-Phone-License
+adminDescription: License used during phone activation of the Active Directory forest
+attributeId: 1.2.840.113556.1.4.2086
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 5242880
+schemaIdGuid:: EtnkZ2LzUkCMeUL0W6eyIQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-SPP-Config-License,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msSPP-ConfigLicense
+adminDisplayName: ms-SPP-Config-License
+adminDescription: Product-key configuration license used during online/phone activation of the Active Directory forest
+attributeId: 1.2.840.113556.1.4.2087
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 5242880
+schemaIdGuid:: tcRTA5nRsECzxd6zL9nsBg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-SPP-Online-License,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msSPP-OnlineLicense
+adminDisplayName: ms-SPP-Online-License
+adminDescription: License used during online activation of the Active Directory forest
+attributeId: 1.2.840.113556.1.4.2085
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 5242880
+schemaIdGuid:: jjaPCRJIzUivt6E2uWgH7Q==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-SPP-Confirmation-Id,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msSPP-ConfirmationId
+adminDisplayName: ms-SPP-Confirmation-Id
+adminDescription: Confirmation ID (CID) used for phone activation of the Active Directory forest
+attributeId: 1.2.840.113556.1.4.2084
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 512
+schemaIdGuid:: xJeHbtqsSUqHQLC9Bam4MQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-SPP-Installation-Id,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msSPP-InstallationId
+adminDisplayName: ms-SPP-Installation-Id
+adminDescription: Installation ID (IID) used for phone activation of the Active Directory forest
+attributeId: 1.2.840.113556.1.4.2083
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 512
+schemaIdGuid:: FLG/aXtAOUeiE8ZjgCs+Nw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-SPP-Issuance-License,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msSPP-IssuanceLicense
+adminDisplayName: ms-SPP-Issuance-License
+adminDescription: Issuance license used during online/phone activation of the Active Directory forest
+attributeId: 1.2.840.113556.1.4.2088
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 5242880
+schemaIdGuid:: obN1EK+70kmujcTyXIIzAw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-SPP-CSVLK-Partial-Product-Key,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msSPP-CSVLKPartialProductKey
+adminDisplayName: ms-SPP-CSVLK-Partial-Product-Key
+adminDescription: Last 5 characters of CSVLK product-key used to create the Activation Object
+attributeId: 1.2.840.113556.1.4.2106
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 5
+rangeUpper: 5
+schemaIdGuid:: kbABplKGOkWzhoetI5t8CA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-TPM-Srk-Pub-Thumbprint,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTPM-SrkPubThumbprint
+adminDisplayName: TPM-SrkPubThumbprint
+adminDescription: This attribute contains the thumbprint of the SrkPub corresponding to a particular TPM. This helps to index the TPM devices in the directory.
+attributeId: 1.2.840.113556.1.4.2107
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 11
+rangeUpper: 20
+schemaIdGuid:: 6wbXGXZNokSF1hw0K+O+Nw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-TPM-Owner-Information-Temp,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTPM-OwnerInformationTemp
+adminDisplayName: TPM-OwnerInformationTemp
+adminDescription: This attribute contains temporary owner information for a particular TPM.
+attributeId: 1.2.840.113556.1.4.2108
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 640
+rangeUpper: 128
+schemaIdGuid:: nYCUyBO1+E+IEfT0P1rHvA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-TPM-Tpm-Information-For-Computer,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTPM-TpmInformationForComputer
+adminDisplayName: TPM-TpmInformationForComputer
+adminDescription: This attribute links a Computer object to a TPM object.
+attributeId: 1.2.840.113556.1.4.2109
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 16
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: k3sb6khe1Ua8bE30/aeKNQ==
+linkID: 2182
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-TPM-Tpm-Information-For-Computer-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTPM-TpmInformationForComputerBL
+adminDisplayName: TPM-TpmInformationForComputerBL
+adminDescription: This attribute links a TPM object to the Computer objects associated with it.
+attributeId: 1.2.840.113556.1.4.2110
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: yYT6FM2OSEO8kW087Ucqtw==
+linkID: 2183
+showInAdvancedViewOnly: TRUE
+systemFlags: 17
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=ms-DS-Claim-Types,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDS-ClaimTypes
+adminDisplayName: ms-DS-Claim-Types
+adminDescription: A container of this class can contain claim type objects.
+governsId: 1.2.840.113556.1.5.270
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: NTIJNhXHIUirarVvsoBaWA==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Claim-Types,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-DS-Resource-Property-List,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDS-ResourcePropertyList
+adminDisplayName: ms-DS-Resource-Property-List
+adminDescription: An object of this class contains a list of resource properties.
+governsId: 1.2.840.113556.1.5.274
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.2103
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: etTjckKzRU2PVrr/gDyr+Q==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Resource-Property-List,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-DS-Resource-Properties,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDS-ResourceProperties
+adminDisplayName: ms-DS-Resource-Properties
+adminDescription: A container of this class can contain resource properties.
+governsId: 1.2.840.113556.1.5.271
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: hEVKelCzj0es1rS4UtgswA==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Resource-Properties,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-DS-Claim-Type-Property-Base,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDS-ClaimTypePropertyBase
+adminDisplayName: ms-DS-Claim-Type-Property-Base
+adminDescription: An abstract class that defines the base class for claim type or resource property classes.
+governsId: 1.2.840.113556.1.5.269
+objectClassCategory: 2
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.2101
+systemMayContain: 1.2.840.113556.1.2.557
+systemMayContain: 1.2.840.113556.1.4.2097
+schemaIdGuid:: WC9EuJDEh0SKndgLiDJxrQ==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Claim-Type-Property-Base,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-DS-Resource-Property,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDS-ResourceProperty
+adminDisplayName: ms-DS-Resource-Property
+adminDescription: An instance of this class holds the definition of a property on resources.
+governsId: 1.2.840.113556.1.5.273
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.5.269
+systemMayContain: 1.2.840.113556.1.4.2095
+systemPossSuperiors: 1.2.840.113556.1.5.271
+schemaIdGuid:: Xj0oWwSElUGTOYRQGIxQGg==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Resource-Property,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-DS-Claim-Type,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDS-ClaimType
+adminDisplayName: ms-DS-Claim-Type
+adminDescription: An instance of this class holds the definition of a claim type that can be defined on security principals.
+governsId: 1.2.840.113556.1.5.272
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.5.269
+systemMayContain: 1.2.840.113556.1.4.2100
+systemMayContain: 1.2.840.113556.1.4.2099
+systemPossSuperiors: 1.2.840.113556.1.5.270
+schemaIdGuid:: fIWjgWlUj02q5sJ2mXYmBA==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Claim-Type,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-SPP-Activation-Objects-Container,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msSPP-ActivationObjectsContainer
+adminDisplayName: ms-SPP-Activation-Objects-Container
+adminDescription: Container for Activation Objects used by Active Directory based activation
+governsId: 1.2.840.113556.1.5.266
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: K4YvtyW7XU2qUWLFm9+Qrg==
+defaultSecurityDescriptor: O:BAG:BAD: (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: FALSE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-SPP-Activation-Objects-Container,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-SPP-Activation-Object,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msSPP-ActivationObject
+adminDisplayName: ms-SPP-Activation-Object
+adminDescription: Activation Object used in Active Directory based activation
+governsId: 1.2.840.113556.1.5.267
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 1.2.840.113556.1.4.2082
+systemMustContain: 1.2.840.113556.1.4.2081
+systemMustContain: 1.2.840.113556.1.4.2106
+systemMustContain: 1.2.840.113556.1.4.2105
+systemMayContain: 1.2.840.113556.1.4.2088
+systemMayContain: 1.2.840.113556.1.4.2087
+systemMayContain: 1.2.840.113556.1.4.2086
+systemMayContain: 1.2.840.113556.1.4.2085
+systemMayContain: 1.2.840.113556.1.4.2084
+systemMayContain: 1.2.840.113556.1.4.2083
+systemPossSuperiors: 1.2.840.113556.1.5.266
+schemaIdGuid:: jOagUcUNykOTXcHJEb8u5Q==
+defaultSecurityDescriptor: O:BAG:BAD: (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: FALSE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-SPP-Activation-Object,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-TPM-Information-Objects-Container,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msTPM-InformationObjectsContainer
+adminDisplayName: TPM-InformationObjectsContainer
+adminDescription: Container for TPM objects.
+governsId: 1.2.840.113556.1.5.276
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 2.5.4.3
+systemPossSuperiors: 1.2.840.113556.1.5.67
+systemPossSuperiors: 1.2.840.113556.1.5.66
+schemaIdGuid:: vagn4FZk3kWQozhZOHfudA==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;LOLCCCRP;;;DC)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-TPM-Information-Objects-Container,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-TPM-Information-Object,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msTPM-InformationObject
+adminDisplayName: TPM-InformationObject
+adminDescription: This class contains recovery information for a Trusted Platform Module (TPM) device.
+governsId: 1.2.840.113556.1.5.275
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 1.2.840.113556.1.4.1966
+systemMayContain: 1.2.840.113556.1.4.2108
+systemMayContain: 1.2.840.113556.1.4.2107
+systemPossSuperiors: 1.2.840.113556.1.5.276
+schemaIdGuid:: alsEhaZHQ0KnzGiQcB9mLA==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLO;;;DC)(A;;WP;;;CO)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-TPM-Information-Object,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2102
+systemMayContain: 1.2.840.113556.1.4.2104
+-
+
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2109
+-
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 48
+-
+```
+
+### Sch49.ldf
+
+```
+dn: CN=ms-DNS-Is-Signed,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDNS-IsSigned
+adminDisplayName: ms-DNS-Is-Signed
+adminDescription: An attribute used to define whether or not the DNS zone is signed.
+attributeId: 1.2.840.113556.1.4.2130
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 8
+schemaIdGuid:: TIUSqvzYXk2RyjaLjYKb7g==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DNS-NSEC3-OptOut,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDNS-NSEC3OptOut
+adminDisplayName: ms-DNS-NSEC3-OptOut
+adminDescription: An attribute used to define whether or not the DNS zone should be signed using NSEC opt-out.
+attributeId: 1.2.840.113556.1.4.2132
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 8
+schemaIdGuid:: iCDqe+KMPEKxkWbsUGsVlQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DNS-Signing-Keys,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDNS-SigningKeys
+adminDisplayName: ms-DNS-Signing-Keys
+adminDescription: An attribute that contains the set of encrypted DNSSEC signing keys used by the DNS server to sign the DNS zone.
+attributeId: 1.2.840.113556.1.4.2144
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 8
+rangeUpper: 10000
+schemaIdGuid:: bT5nt9nKnk6zGmPoCY/dYw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DNS-Sign-With-NSEC3,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDNS-SignWithNSEC3
+adminDisplayName: ms-DNS-Sign-With-NSEC3
+adminDescription: An attribute used to define whether or not the DNS zone is signed with NSEC3.
+attributeId: 1.2.840.113556.1.4.2131
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 8
+schemaIdGuid:: mSGfx6Ft/0aSPB8/gAxyHg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DNS-NSEC3-User-Salt,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDNS-NSEC3UserSalt
+adminDisplayName: ms-DNS-NSEC3-User-Salt
+adminDescription: An attribute that defines a user-specified NSEC3 salt string to use when signing the DNS zone. If empty, random salt will be used.
+attributeId: 1.2.840.113556.1.4.2148
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 8
+rangeLower: 0
+rangeUpper: 510
+schemaIdGuid:: cGfxryKWvE+hKDCId3YFuQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DNS-DNSKEY-Records,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDNS-DNSKEYRecords
+adminDisplayName: ms-DNS-DNSKEY-Records
+adminDescription: An attribute that contains the DNSKEY record set for the root of the DNS zone and the root key signing key signature records.
+attributeId: 1.2.840.113556.1.4.2145
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 8
+rangeUpper: 10000
+schemaIdGuid:: 9VjEKC1gyUqnfLPxvlA6fg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DNS-DS-Record-Set-TTL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDNS-DSRecordSetTTL
+adminDisplayName: ms-DNS-DS-Record-Set-TTL
+adminDescription: An attribute that defines the time-to-live (TTL) value assigned to DS records when signing the DNS zone.
+attributeId: 1.2.840.113556.1.4.2140
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 8
+rangeLower: 0
+rangeUpper: 2592000
+schemaIdGuid:: fJuGKcRk/kKX1fvC+hJBYA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DNS-Keymaster-Zones,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDNS-KeymasterZones
+adminDisplayName: ms-DNS-Keymaster-Zones
+adminDescription: A list of Active Directory-integrated zones for which the DNS server is the keymaster.
+attributeId: 1.2.840.113556.1.4.2128
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: O93gCxoEjEGs6S8X0j6dQg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DNS-NSEC3-Iterations,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDNS-NSEC3Iterations
+adminDisplayName: ms-DNS-NSEC3-Iterations
+adminDescription: An attribute that defines how many NSEC3 hash iterations to perform when signing the DNS zone.
+attributeId: 1.2.840.113556.1.4.2138
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 8
+rangeLower: 0
+rangeUpper: 10000
+schemaIdGuid:: qwq3gFmJwE6OkxJudt86yg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DNS-Propagation-Time,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDNS-PropagationTime
+adminDisplayName: ms-DNS-Propagation-Time
+adminDescription: An attribute used to define in seconds the expected time required to propagate zone changes through Active Directory.
+attributeId: 1.2.840.113556.1.4.2147
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 8
+schemaIdGuid:: Rw00uoEhoEyi9vrkR52rKg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DNS-NSEC3-Current-Salt,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDNS-NSEC3CurrentSalt
+adminDisplayName: ms-DNS-NSEC3-Current-Salt
+adminDescription: An attribute that defines the current NSEC3 salt string being used to sign the DNS zone.
+attributeId: 1.2.840.113556.1.4.2149
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 8
+rangeLower: 0
+rangeUpper: 510
+schemaIdGuid:: MpR9ONGmdESCzQqJquCErg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DNS-RFC5011-Key-Rollovers,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDNS-RFC5011KeyRollovers
+adminDisplayName: ms-DNS-RFC5011-Key-Rollovers
+adminDescription: An attribute that defines whether or not the DNS zone should be maintained using key rollover procedures defined in RFC 5011.
+attributeId: 1.2.840.113556.1.4.2135
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 8
+schemaIdGuid:: QDzZJ1oGwEO92M3yx9Egqg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DNS-NSEC3-Hash-Algorithm,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDNS-NSEC3HashAlgorithm
+adminDisplayName: ms-DNS-NSEC3-Hash-Algorithm
+adminDescription: An attribute that defines the NSEC3 hash algorithm to use when signing the DNS zone.
+attributeId: 1.2.840.113556.1.4.2136
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 8
+schemaIdGuid:: UlWe/7d9OEGIiAXOMgoDIw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DNS-DS-Record-Algorithms,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDNS-DSRecordAlgorithms
+adminDisplayName: ms-DNS-DS-Record-Algorithms
+adminDescription: An attribute used to define the algorithms used when writing the dsset file during zone signing.
+attributeId: 1.2.840.113556.1.4.2134
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 8
+schemaIdGuid:: 0npbXPogu0S+szS5wPZVeQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DNS-DNSKEY-Record-Set-TTL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDNS-DNSKEYRecordSetTTL
+adminDisplayName: ms-DNS-DNSKEY-Record-Set-TTL
+adminDescription: An attribute that defines the time-to-live (TTL) value assigned to DNSKEY records when signing the DNS zone.
+attributeId: 1.2.840.113556.1.4.2139
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 8
+rangeLower: 0
+rangeUpper: 2592000
+schemaIdGuid:: fzFOj9coLESm3x9JH5ezJg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DNS-Maintain-Trust-Anchor,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDNS-MaintainTrustAnchor
+adminDisplayName: ms-DNS-Maintain-Trust-Anchor
+adminDescription: An attribute used to define the type of trust anchor to automatically publish in the forest-wide trust anchor store when the DNS zone is signed.
+attributeId: 1.2.840.113556.1.4.2133
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 8
+schemaIdGuid:: wWPADdlSVkSeFZwkNKr9lA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DNS-NSEC3-Random-Salt-Length,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDNS-NSEC3RandomSaltLength
+adminDisplayName: ms-DNS-NSEC3-Random-Salt-Length
+adminDescription: An attribute that defines the length in bytes of the random salt used when signing the DNS zone.
+attributeId: 1.2.840.113556.1.4.2137
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 8
+rangeLower: 0
+rangeUpper: 255
+schemaIdGuid:: ZRY2E2yR502lnbHrvQ3hKQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DNS-Signing-Key-Descriptors,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDNS-SigningKeyDescriptors
+adminDisplayName: ms-DNS-Signing-Key-Descriptors
+adminDescription: An attribute that contains the set of DNSSEC Signing Key Descriptors (SKDs) used by the DNS server to generate keys and sign the DNS zone.
+attributeId: 1.2.840.113556.1.4.2143
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 8
+rangeUpper: 10000
+schemaIdGuid:: zdhDNLblO0+wmGWaAhSgeQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DNS-Signature-Inception-Offset,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDNS-SignatureInceptionOffset
+adminDisplayName: ms-DNS-Signature-Inception-Offset
+adminDescription: An attribute that defines in seconds how far in the past DNSSEC signature validity periods should begin when signing the DNS zone.
+attributeId: 1.2.840.113556.1.4.2141
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 8
+rangeLower: 0
+rangeUpper: 2592000
+schemaIdGuid:: LsPUAxfiYUqWmXu8RymgJg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DNS-Parent-Has-Secure-Delegation,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDNS-ParentHasSecureDelegation
+adminDisplayName: ms-DNS-Parent-Has-Secure-Delegation
+adminDescription: An attribute used to define whether the parental delegation to the DNS zone is secure.
+attributeId: 1.2.840.113556.1.4.2146
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 8
+schemaIdGuid:: ZGlcKBrBnkmW2L98daIjxg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DNS-Secure-Delegation-Polling-Period,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDNS-SecureDelegationPollingPeriod
+adminDisplayName: ms-DNS-Secure-Delegation-Polling-Period
+adminDescription: An attribute that defines in seconds the time between polling attempts for child zone key rollovers.
+attributeId: 1.2.840.113556.1.4.2142
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 8
+rangeLower: 0
+rangeUpper: 2592000
+schemaIdGuid:: vvCw9uSoaESP2cPEe4ci+Q==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-Authz-Member-Rules-In-Central-Access-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msAuthz-MemberRulesInCentralAccessPolicy
+adminDisplayName: ms-Authz-Member-Rules-In-Central-Access-Policy
+adminDescription: For a central access policy, this attribute identifies the central access rules that comprise the policy.
+attributeId: 1.2.840.113556.1.4.2155
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: ei/yV343w0KYcs7G8h0uPg==
+linkID: 2184
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-Authz-Member-Rules-In-Central-Access-Policy-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msAuthz-MemberRulesInCentralAccessPolicyBL
+adminDisplayName: ms-Authz-Member-Rules-In-Central-Access-Policy-BL
+adminDescription: Backlink for ms-Authz-Member-Rules-In-Central-Access-Policy. For a central access rule object, this attribute references one or more central access policies that point to it.
+attributeId: 1.2.840.113556.1.4.2156
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: z2duUd3+lES7OrxQapSIkQ==
+linkID: 2185
+showInAdvancedViewOnly: TRUE
+systemFlags: 17
+
+dn: CN=ms-DS-Claim-Source,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ClaimSource
+adminDisplayName: ms-DS-Claim-Source
+adminDescription: For a claim type, this attribute indicates the source of the claim type. For example, the source can be certificate.
+attributeId: 1.2.840.113556.1.4.2157
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: pvIy+ovy0Ee/kWY+j5EKcg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-Authz-Proposed-Security-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msAuthz-ProposedSecurityPolicy
+adminDisplayName: ms-Authz-Proposed-Security-Policy
+adminDescription: For a Central Access Policy Entry, defines the proposed security policy of the objects the CAPE is applied to.
+attributeId: 1.2.840.113556.1.4.2151
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: zr5GubUJakuyWktjozDoDg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Claim-Source-Type,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ClaimSourceType
+adminDisplayName: ms-DS-Claim-Source-Type
+adminDescription: For a security principal claim type, lists the type of store the issued claim is sourced from
+attributeId: 1.2.840.113556.1.4.2158
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: BZzxkvqNIkK70SxPAUh3VA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-Authz-Effective-Security-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msAuthz-EffectiveSecurityPolicy
+adminDisplayName: ms-Authz-Security-Policy
+adminDescription: For a central access rule, this attribute defines the permission that is applying to the target resources on the central access rule.
+attributeId: 1.2.840.113556.1.4.2150
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: GRmDB5SPtk+KQpFUXcza0w==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Claim-Is-Single-Valued,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ClaimIsSingleValued
+adminDisplayName: ms-DS-Claim-Is-Single-Valued
+adminDescription: For a claim type object, this attribute identifies if the claim type or resource property can only contain single value.
+attributeId: 1.2.840.113556.1.4.2160
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+schemaIdGuid:: uZ94zbSWSEaCGco3gWGvOA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-Authz-Last-Effective-Security-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msAuthz-LastEffectiveSecurityPolicy
+adminDisplayName: ms-Authz-Last-Effective-Security-Policy
+adminDescription: For a Central Access Policy Entry, defines the security policy that was last applied to the objects the CAPE is applied to.
+attributeId: 1.2.840.113556.1.4.2152
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: xoUWji8+okiljVrw6nifoA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-Authz-Resource-Condition,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msAuthz-ResourceCondition
+adminDisplayName: ms-Authz-Resource-Condition
+adminDescription: For a central access rule, this attribute is an expression that identifies the scope of the target resource to which the policy applies.
+attributeId: 1.2.840.113556.1.4.2153
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: d3iZgHT4aEyGTW5QioO9vQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Claim-Is-Value-Space-Restricted,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ClaimIsValueSpaceRestricted
+adminDisplayName: ms-DS-Claim-Is-Value-Space-Restricted
+adminDescription: For a claim type, this attribute identifies whether a user can input values other than those described in the msDS-ClaimPossibleValues in applications.
+attributeId: 1.2.840.113556.1.4.2159
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: x+QsDMPxgkSFeMYNS7dEIg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-Authz-Central-Access-Policy-ID,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msAuthz-CentralAccessPolicyID
+adminDisplayName: ms-Authz-Central-Access-Policy-ID
+adminDescription: For a Central Access Policy, this attribute defines a GUID that can be used to identify the set of policies when applied to a resource.
+attributeId: 1.2.840.113556.1.4.2154
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: YJvyYnS+MEaUVi9mkZk6hg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Generation-Id,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-GenerationId
+adminDisplayName: ms-DS-Generation-Id
+adminDescription: For virtual machine snapshot resuming detection. This attribute represents the VM Generation ID.
+attributeId: 1.2.840.113556.1.4.2166
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+systemOnly: TRUE
+searchFlags: 0
+schemaIdGuid:: PTldHreMT0uECpc7NswJww==
+showInAdvancedViewOnly: TRUE
+systemFlags: 17
+
+dn: CN=ms-DS-Claim-Shares-Possible-Values-With,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: adminDescription
+adminDescription: For a claim type object, indicates that the possible values of the claims issued are defined on the object this linked attribute points to; overrides msDS-ClaimPossibleValues, msDS-ClaimValueType, and msDS-ClaimIsValueSpaceRestricted, if populated.
+-
+replace: isSingleValued
+isSingleValued: TRUE
+-
+
+dn: CN=ms-DNS-Server-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDNS-ServerSettings
+adminDisplayName: ms-DNS-Server-Settings
+adminDescription: A container for storing DNS server settings.
+governsId: 1.2.840.113556.1.4.2129
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.2128
+systemPossSuperiors: 1.2.840.113556.1.5.17
+schemaIdGuid:: 7cMv7xhuW0GZ5DEUqMsSSw==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DNS-Server-Settings,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-Authz-Central-Access-Policies,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msAuthz-CentralAccessPolicies
+adminDisplayName: ms-Authz-Central-Access-Policies
+adminDescription: A container of this class can contain Central Access Policy objects.
+governsId: 1.2.840.113556.1.4.2161
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: wyFcVTahWkWTl3lrvTWOJQ==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-Authz-Central-Access-Policies,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-Authz-Central-Access-Rules,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msAuthz-CentralAccessRules
+adminDisplayName: ms-Authz-Central-Access-Rules
+adminDescription: A container of this class can contain Central Access Policy Entry objects.
+governsId: 1.2.840.113556.1.4.2162
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: ehu7mW1gi0+ADuFb5VTKjQ==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-Authz-Central-Access-Rules,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-Authz-Central-Access-Rule,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msAuthz-CentralAccessRule
+adminDisplayName: ms-Authz-Central-Access-Rule
+adminDescription: A class that defines Central Access Rules used to construct a central access policy.
+governsId: 1.2.840.113556.1.4.2163
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.2153
+systemMayContain: 1.2.840.113556.1.4.2152
+systemMayContain: 1.2.840.113556.1.4.2151
+systemMayContain: 1.2.840.113556.1.4.2150
+systemMayContain: 1.2.840.113556.1.2.557
+systemPossSuperiors: 1.2.840.113556.1.4.2162
+schemaIdGuid:: 3AZKWxwl206IEwvdcTJyJg==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-Authz-Central-Access-Rule,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-Authz-Central-Access-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msAuthz-CentralAccessPolicy
+adminDisplayName: ms-Authz-Central-Access-Policy
+adminDescription: A class that defines Central Access Policy objects.
+governsId: 1.2.840.113556.1.4.2164
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.2155
+systemMayContain: 1.2.840.113556.1.4.2154
+systemPossSuperiors: 1.2.840.113556.1.4.2161
+schemaIdGuid:: sJxnpZ1vLEOLdR4+g08Cqg==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-Authz-Central-Access-Policy,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-DS-Claim-Types,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultHidingValue
+defaultHidingValue: TRUE
+-
+
+dn: CN=ms-DS-Resource-Properties,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultHidingValue
+defaultHidingValue: TRUE
+-
+
+dn: CN=ms-DS-List-Of-Claim-Types,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultHidingValue
+defaultHidingValue: TRUE
+-
+
+dn: CN=ms-DS-Claim-Type,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2157
+systemMayContain: 1.2.840.113556.1.4.2158
+systemMayContain: 1.2.840.113556.1.4.2098
+systemMayContain: 1.2.840.113556.1.4.2159
+systemMayContain: 1.2.840.113556.1.4.2160
+-
+
+dn: CN=Dns-Zone,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2130
+systemMayContain: 1.2.840.113556.1.4.2131
+systemMayContain: 1.2.840.113556.1.4.2132
+systemMayContain: 1.2.840.113556.1.4.2133
+systemMayContain: 1.2.840.113556.1.4.2134
+systemMayContain: 1.2.840.113556.1.4.2135
+systemMayContain: 1.2.840.113556.1.4.2136
+systemMayContain: 1.2.840.113556.1.4.2137
+systemMayContain: 1.2.840.113556.1.4.2138
+systemMayContain: 1.2.840.113556.1.4.2139
+systemMayContain: 1.2.840.113556.1.4.2140
+systemMayContain: 1.2.840.113556.1.4.2141
+systemMayContain: 1.2.840.113556.1.4.2142
+systemMayContain: 1.2.840.113556.1.4.2143
+systemMayContain: 1.2.840.113556.1.4.2144
+systemMayContain: 1.2.840.113556.1.4.2145
+systemMayContain: 1.2.840.113556.1.4.2146
+systemMayContain: 1.2.840.113556.1.4.2147
+systemMayContain: 1.2.840.113556.1.4.2148
+systemMayContain: 1.2.840.113556.1.4.2149
+-
+
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2166
+-
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=DS-Clone-Domain-Controller,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+displayName: Allow a DC to create a clone of itself
+rightsGuid: 3e0f7e18-2c7a-4c10-ba82-4d926db99a3e
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+validAccesses: 256
+localizationDisplayId: 80
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 49
+-
+```
+
+### Sch50.ldf
+
+```
+dn: CN=ms-DS-Allowed-To-Act-On-Behalf-Of-Other-Identity,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-AllowedToActOnBehalfOfOtherIdentity
+adminDisplayName: ms-DS-Allowed-To-Act-On-Behalf-Of-Other-Identity
+adminDescription: This attribute is used for access checks to determine if a requester has permission to act on the behalf of other identities to services running as this account.
+attributeId: 1.2.840.113556.1.4.2182
+attributeSyntax: 2.5.5.15
+omSyntax: 66
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 132096
+schemaIdGuid:: 5cN4P5r3vUaguJ0YEW3ceQ==
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-Kds-Version,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msKds-Version
+adminDisplayName: ms-Kds-Version
+adminDescription: Version number of this root key.
+attributeId: 1.2.840.113556.1.4.2176
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 640
+schemaIdGuid:: QHPw1bDmSh6Xvg0zGL2dsQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-Kds-DomainID,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msKds-DomainID
+adminDisplayName: ms-Kds-DomainID
+adminDescription: Distinguished name of the Domain Controller which generated this root key.
+attributeId: 1.2.840.113556.1.4.2177
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 640
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: ggRAlgfPTOmQ6PLvxPBJXg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-Kds-KDF-Param,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msKds-KDFParam
+adminDisplayName: ms-Kds-KDF-Param
+adminDescription: Parameters for the key derivation algorithm.
+attributeId: 1.2.840.113556.1.4.2170
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 640
+rangeUpper: 2000
+schemaIdGuid:: cgeAirj0TxW0HC5Cce/3pw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-Kds-CreateTime,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msKds-CreateTime
+adminDisplayName: ms-Kds-CreateTime
+adminDescription: The time when this root key was created.
+attributeId: 1.2.840.113556.1.4.2179
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 640
+schemaIdGuid:: nxEYrpBjRQCzLZfbxwGu9w==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-Kds-RootKeyData,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msKds-RootKeyData
+adminDisplayName: ms-Kds-RootKeyData
+adminDescription: Root key.
+attributeId: 1.2.840.113556.1.4.2175
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 640
+rangeUpper: 128
+schemaIdGuid:: J3xiJqIIQAqhsY3OhbQpkw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Primary-Computer,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-PrimaryComputer
+adminDisplayName: ms-DS-Primary-Computer
+adminDescription: For a user or group object, identifies the primary computers.
+attributeId: 1.2.840.113556.1.4.2167
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 1
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: 4vQ9obDb60yCi4suFD6egQ==
+linkID: 2186
+showInAdvancedViewOnly: TRUE
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: 16
+
+dn: CN=ms-Kds-UseStartTime,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msKds-UseStartTime
+adminDisplayName: ms-Kds-UseStartTime
+adminDescription: The time after which this root key may be used.
+attributeId: 1.2.840.113556.1.4.2178
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 640
+schemaIdGuid:: fwTcbCL1SreanNlayM39og==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-Imaging-Hash-Algorithm,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msImaging-HashAlgorithm
+adminDisplayName: ms-Imaging-Hash-Algorithm
+adminDescription: Contains the name of the hash algorithm used to create the Thumbprint Hash for the Scan Repository/Secure Print Device.
+attributeId: 1.2.840.113556.1.4.2181
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 64
+schemaIdGuid:: tQ3nigZklkGS/vO7VXUgpw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-Kds-KDF-AlgorithmID,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msKds-KDFAlgorithmID
+adminDisplayName: ms-Kds-KDF-AlgorithmID
+adminDescription: The algorithm name of the key derivation function used to compute keys.
+attributeId: 1.2.840.113556.1.4.2169
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 640
+rangeUpper: 200
+schemaIdGuid:: skgs203RTuyfWK1XnYtEDg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-Imaging-Thumbprint-Hash,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msImaging-ThumbprintHash
+adminDisplayName: ms-Imaging-Thumbprint-Hash
+adminDescription: Contains a hash of the security certificate for the Scan Repository/Secure Print Device.
+attributeId: 1.2.840.113556.1.4.2180
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+schemaIdGuid:: xdvfnAQDaUWV9sT2Y/5a5g==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-Kds-PublicKey-Length,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msKds-PublicKeyLength
+adminDisplayName: ms-Kds-PublicKey-Length
+adminDescription: The length of the secret agreement public key.
+attributeId: 1.2.840.113556.1.4.2173
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 640
+schemaIdGuid:: cPQ44805SUWrW/afnlg/4A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-Kds-PrivateKey-Length,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msKds-PrivateKeyLength
+adminDisplayName: ms-Kds-PrivateKey-Length
+adminDescription: The length of the secret agreement private key.
+attributeId: 1.2.840.113556.1.4.2174
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 640
+schemaIdGuid:: oUJfYec3SBGg3TAH4Jz8gQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Is-Primary-Computer-For,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-IsPrimaryComputerFor
+adminDisplayName: ms-DS-Is-Primary-Computer-For
+adminDescription: Backlink attribute for msDS-IsPrimaryComputer.
+attributeId: 1.2.840.113556.1.4.2168
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: rAaMmYc/TkSl3xGwPcilDA==
+linkID: 2187
+showInAdvancedViewOnly: TRUE
+systemFlags: 17
+
+dn: CN=ms-Kds-SecretAgreement-Param,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msKds-SecretAgreementParam
+adminDisplayName: ms-Kds-SecretAgreement-Param
+adminDescription: The parameters for the secret agreement algorithm.
+attributeId: 1.2.840.113556.1.4.2172
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 640
+rangeUpper: 2000
+schemaIdGuid:: MLCZ2e3+dUm4B+ukRNp56Q==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-Kds-SecretAgreement-AlgorithmID,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msKds-SecretAgreementAlgorithmID
+adminDisplayName: ms-Kds-SecretAgreement-AlgorithmID
+adminDescription: The name of the secret agreement algorithm to be used with public keys.
+attributeId: 1.2.840.113556.1.4.2171
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 640
+rangeUpper: 200
+schemaIdGuid:: XZcCF14iSsuxXQ2uqLXpkA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Value-Type-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ValueTypeReference
+adminDisplayName: ms-DS-Value-Type-Reference
+adminDescription: This attribute is used to link a resource property object to its value type.
+attributeId: 1.2.840.113556.1.4.2187
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: hF38eNzBSDGJhFj3ktQdPg==
+linkID: 2188
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Value-Type-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ValueTypeReferenceBL
+adminDisplayName: ms-DS-Value-Type-Reference-BL
+adminDescription: This is the back link for ms-DS-Value-Type-Reference. It links a value type object back to resource properties.
+attributeId: 1.2.840.113556.1.4.2188
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: rUNVq6EjRTu5N5sxPVR0qA==
+linkID: 2189
+showInAdvancedViewOnly: TRUE
+systemFlags: 17
+
+dn: CN=ms-DS-Is-Possible-Values-Present,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-IsPossibleValuesPresent
+adminDisplayName: ms-DS-Is-Possible-Values-Present
+adminDescription: This attribute identifies if ms-DS-Claim-Possible-Values on linked resource property must have value or must not have value.
+attributeId: 1.2.840.113556.1.4.2186
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+schemaIdGuid:: 2tyrb1OMTyCxpJ3wxnwetA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=ms-Kds-Prov-RootKey,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msKds-ProvRootKey
+adminDisplayName: ms-Kds-Prov-RootKey
+adminDescription: Root keys for the Group Key Distribution Service.
+governsId: 1.2.840.113556.1.5.278
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 1.2.840.113556.1.4.2179
+systemMustContain: 1.2.840.113556.1.4.2175
+systemMustContain: 1.2.840.113556.1.4.2174
+systemMustContain: 1.2.840.113556.1.4.2173
+systemMustContain: 1.2.840.113556.1.4.2171
+systemMustContain: 1.2.840.113556.1.4.2169
+systemMustContain: 1.2.840.113556.1.4.2178
+systemMustContain: 1.2.840.113556.1.4.2177
+systemMustContain: 1.2.840.113556.1.4.2176
+systemMustContain: 2.5.4.3
+systemMayContain: 1.2.840.113556.1.4.2172
+systemMayContain: 1.2.840.113556.1.4.2170
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: Qf0CquAXGE+Gh7Ijlklzaw==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-Kds-Prov-RootKey,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-Kds-Prov-ServerConfiguration,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msKds-ProvServerConfiguration
+adminDisplayName: ms-Kds-Prov-ServerConfiguration
+adminDescription: Configuration for the Group Key Distribution Service.
+governsId: 1.2.840.113556.1.5.277
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 1.2.840.113556.1.4.2176
+systemMayContain: 1.2.840.113556.1.4.2174
+systemMayContain: 1.2.840.113556.1.4.2173
+systemMayContain: 1.2.840.113556.1.4.2172
+systemMayContain: 1.2.840.113556.1.4.2171
+systemMayContain: 1.2.840.113556.1.4.2170
+systemMayContain: 1.2.840.113556.1.4.2169
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: qEPyXiUqpkWLcwinGuZ3zg==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-Kds-Prov-ServerConfiguration,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2168
+systemMayContain: 1.2.840.113556.1.4.2188
+-
+
+dn: CN=Group,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2167
+-
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2167
+-
+
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2180
+systemMayContain: 1.2.840.113556.1.4.2181
+-
+
+dn: CN=Organizational-Person,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2182
+-
+
+dn: CN=ms-DS-Resource-Property,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMustContain
+systemMustContain: 1.2.840.113556.1.4.2187
+-
+
+dn: CN=ms-DS-Value-Type,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDS-ValueType
+adminDisplayName: ms-DS-Value-Type
+adminDescription: An value type object holds value type information for a resource property.
+governsId: 1.2.840.113556.1.5.279
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 1.2.840.113556.1.4.2186
+systemMustContain: 1.2.840.113556.1.4.2160
+systemMustContain: 1.2.840.113556.1.4.2159
+systemMustContain: 1.2.840.113556.1.4.2098
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: 33/C4x2wTk+H5wVu7w65Ig==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Value-Type,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=Validated-MS-DS-Behavior-Version,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+rightsGuid: d31a8757-2447-4545-8081-3bb610cacbf2
+appliesTo: f0f8ffab-1191-11d0-a060-00aa006c33ed
+displayName: Validated write to MS DS behavior version
+localizationDisplayId: 81
+validAccesses: 8
+showInAdvancedViewOnly: TRUE
+
+dn: CN=Validated-MS-DS-Additional-DNS-Host-Name,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+rightsGuid: 80863791-dbe9-4eb8-837e-7f0ab55d9ac7
+appliesTo: bf967a86-0de6-11d0-a285-00aa003049e2
+displayName: Validated write to MS DS Additional DNS Host Name
+localizationDisplayId: 82
+validAccesses: 8
+showInAdvancedViewOnly: TRUE
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 50
+-
+```
+
+### Sch51.ldf
+
+```
+dn: CN=ms-DS-Transformation-Rules,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-TransformationRules
+adminDisplayName: ms-DS-Transformation-Rules
+adminDescription: Specifies the Transformation Rules for Across-Forest Claims Transformation.
+attributeId: 1.2.840.113556.1.4.2189
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: cSuHVbLESDuuUUCV+R7GAA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Applies-To-Resource-Types,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-AppliesToResourceTypes
+adminDisplayName: ms-DS-Applies-To-Resource-Types
+adminDescription: For a resource property, this attribute indicates what resource types this resource property applies to.
+attributeId: 1.2.840.113556.1.4.2195
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: BiA/aWRXSj2EOVjwSqtLWQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Transformation-Rules-Compiled,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-TransformationRulesCompiled
+adminDisplayName: ms-DS-Transformation-Rules-Compiled
+adminDescription: Blob containing compiled transformation rules.
+attributeId: 1.2.840.113556.1.4.2190
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 128
+schemaIdGuid:: EJq0C2tTTbyicwurDdS9EA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 17
+
+dn: CN=ms-DS-Egress-Claims-Transformation-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-EgressClaimsTransformationPolicy
+adminDisplayName: ms-DS-Egress-Claims-Transformation-Policy
+adminDescription: This is a link to a Claims Transformation Policy Object for the egress claims (claims leaving this forest) to the Trusted Domain. This is applicable only for an incoming or bidirectional Across-Forest Trust. When this link is not present, all claims are allowed to egress as-is.
+attributeId: 1.2.840.113556.1.4.2192
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: fkI3wXOaQLCRkBsJW7QyiA==
+linkID: 2192
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Ingress-Claims-Transformation-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-IngressClaimsTransformationPolicy
+adminDisplayName: ms-DS-Ingress-Claims-Transformation-Policy
+adminDescription: This is a link to a Claims Transformation Policy Object for the ingress claims (claims entering this forest) from the Trusted Domain. This is applicable only for an outgoing or bidirectional Across-Forest Trust. If this link is absent, all the ingress claims are dropped.
+attributeId: 1.2.840.113556.1.4.2191
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: CEwohm4MQBWLFXUUfSPSDQ==
+linkID: 2190
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-TDO-Egress-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-TDOEgressBL
+adminDisplayName: ms-DS-TDO-Egress-BL
+adminDescription: Backlink to TDO Egress rules link on object.
+attributeId: 1.2.840.113556.1.4.2194
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: KWIA1ROZQiKLF4N2HR4OWw==
+linkID: 2193
+showInAdvancedViewOnly: TRUE
+systemFlags: 17
+
+dn: CN=ms-DS-TDO-Ingress-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-TDOIngressBL
+adminDisplayName: ms-DS-TDO-Ingress-BL
+adminDescription: Backlink to TDO Ingress rules link on object.
+attributeId: 1.2.840.113556.1.4.2193
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: oWFWWsaXS1SAVuQw/nvFVA==
+linkID: 2191
+showInAdvancedViewOnly: TRUE
+systemFlags: 17
+
+dn: CN=ms-DS-ManagedPassword,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ManagedPassword
+adminDisplayName: msDS-ManagedPassword
+adminDescription: This attribute is the managed password data for a group MSA.
+attributeId: 1.2.840.113556.1.4.2196
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: hu1i4yi3QgiyfS3qep3yGA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 20
+
+dn: CN=ms-DS-ManagedPasswordId,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ManagedPasswordId
+adminDisplayName: msDS-ManagedPasswordId
+adminDescription: This attribute is the identifier for the current managed password data for a group MSA.
+attributeId: 1.2.840.113556.1.4.2197
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+rangeUpper: 1024
+schemaIdGuid:: Wil4DtPGQAq0kdYiUf+gpg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-GroupMSAMembership,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-GroupMSAMembership
+adminDisplayName: msDS-GroupMSAMembership
+adminDescription: This attribute is used for access checks to determine if a requester has permission to retrieve the password for a group MSA.
+attributeId: 1.2.840.113556.1.4.2200
+attributeSyntax: 2.5.5.15
+omSyntax: 66
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 132096
+schemaIdGuid:: 1u2OiATOQN+0YrilDkG6OA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-GeoCoordinates-Altitude,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-GeoCoordinatesAltitude
+adminDisplayName: ms-DS-GeoCoordinates-Altitude
+adminDescription: ms-DS-GeoCoordinates-Altitude
+attributeId: 1.2.840.113556.1.4.2183
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+searchFlags: 1
+schemaIdGuid:: twMXoUFWnE2GPl+zMl504A==
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-GeoCoordinates-Latitude,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-GeoCoordinatesLatitude
+adminDisplayName: ms-DS-GeoCoordinates-Latitude
+adminDescription: ms-DS-GeoCoordinates-Latitude
+attributeId: 1.2.840.113556.1.4.2184
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+searchFlags: 1
+schemaIdGuid:: TtRm3EM99UCFxTwS4WmSfg==
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-GeoCoordinates-Longitude,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-GeoCoordinatesLongitude
+adminDisplayName: ms-DS-GeoCoordinates-Longitude
+adminDescription: ms-DS-GeoCoordinates-Longitude
+attributeId: 1.2.840.113556.1.4.2185
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+searchFlags: 1
+schemaIdGuid:: ECHElOS66kyFd6+BOvXaJQ==
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-ManagedPasswordInterval,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ManagedPasswordInterval
+adminDisplayName: msDS-ManagedPasswordInterval
+adminDescription: This attribute is used to retrieve the number of days before a managed password is automatically changed for a group MSA.
+attributeId: 1.2.840.113556.1.4.2199
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+schemaIdGuid:: 9451+HasQ4ii7qJrTcr0CQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-ManagedPasswordPreviousId,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ManagedPasswordPreviousId
+adminDisplayName: msDS-ManagedPasswordPreviousId
+adminDescription: This attribute is the identifier for the previous managed password data for a group MSA.
+attributeId: 1.2.840.113556.1.4.2198
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+rangeUpper: 1024
+schemaIdGuid:: MSHW0EotT9CZ2RxjZGIppA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=ms-DS-Claims-Transformation-Policies,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDS-ClaimsTransformationPolicies
+adminDisplayName: ms-DS-Claims-Transformation-Policies
+adminDescription: An object of this class holds the one set of Claims Transformation Policy for Across-Forest Claims Transformation.
+governsId: 1.2.840.113556.1.5.281
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: san8yIh9T7uCekSJJ3EHYg==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Claims-Transformation-Policies,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-DS-Claims-Transformation-Policy-Type,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDS-ClaimsTransformationPolicyType
+adminDisplayName: ms-DS-Claims-Transformation-Policy-Type
+adminDescription: An object of this class holds the one set of Claims Transformation Policy for Across-Forest Claims Transformation.
+governsId: 1.2.840.113556.1.5.280
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.2190
+systemMayContain: 1.2.840.113556.1.4.2189
+systemPossSuperiors: 1.2.840.113556.1.5.281
+schemaIdGuid:: s2LrLnMTRf6BATh/Fnbtxw==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Claims-Transformation-Policy-Type,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2193
+systemMayContain: 1.2.840.113556.1.4.2194
+-
+
+dn: CN=Trusted-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2191
+systemMayContain: 1.2.840.113556.1.4.2192
+-
+
+dn: CN=ms-DS-Resource-Property,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2195
+-
+
+dn: CN=Mail-Recipient,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.4.2183
+mayContain: 1.2.840.113556.1.4.2184
+mayContain: 1.2.840.113556.1.4.2185
+-
+
+dn: CN=ms-DS-Group-Managed-Service-Account,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDS-GroupManagedServiceAccount
+adminDisplayName: msDS-Group-Managed-Service-Account
+adminDescription: The group managed service account class is used to create an account which can be shared by different computers to run Windows services.
+governsId: 1.2.840.113556.1.5.282
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.30
+systemMustContain: 1.2.840.113556.1.4.2199
+systemMayContain: 1.2.840.113556.1.4.2200
+systemMayContain: 1.2.840.113556.1.4.2198
+systemMayContain: 1.2.840.113556.1.4.2197
+systemMayContain: 1.2.840.113556.1.4.2196
+systemPossSuperiors: 1.2.840.113556.1.3.30
+systemPossSuperiors: 1.2.840.113556.1.3.23
+systemPossSuperiors: 2.5.6.5
+systemPossSuperiors: 1.2.840.113556.1.5.67
+schemaIdGuid:: ilWLe6WT90qtysAX5n8QVw==
+defaultSecurityDescriptor: D:(OD;;CR;00299570-246d-11d0-a768-00aa006e0529;;WD)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCRLCLORCSDDT;;;CO)(OA;;WP;4c164200-20c0-11d0-a768-00aa006e0529;;CO)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO)(OA;;WP;3e0abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967950-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)(A;;RPLCLORC;;;AU)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;RP;e362ed86-b728-0842-b27d-2dea7a9df218;;WD)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Group-Managed-Service-Account,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 51
+-
+```
+
+### Sch52.ldf
+
+```
+dn: CN=ms-DS-RID-Pool-Allocation-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-RIDPoolAllocationEnabled
+adminDisplayName: ms-DS-RID-Pool-Allocation-Enabled
+adminDescription: This attribute indicates whether RID pool allocation is enabled or not.
+attributeId: 1.2.840.113556.1.4.2213
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+instanceType: 4
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+schemaFlagsEx: 1
+schemaIdGuid:: jHyXJLfBQDO09is3XrcR1w==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=RID-Set-References,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 8
+-
+
+dn: CN=Netboot-DUID,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: Netboot-DUID
+ldapDisplayName: netbootDUID
+adminDisplayName: Netboot-DUID
+adminDescription: This attribute is used to store DHCPv6 DUID device ID.
+attributeId: 1.2.840.113556.1.4.2234
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+instanceType: 4
+isSingleValued: TRUE
+searchFlags: 1
+systemFlags: 16
+isMemberOfPartialAttributeSet: TRUE
+systemOnly: FALSE
+rangeLower: 2
+rangeUpper: 128
+schemaIdGuid:: vXAlU3c9T0KCLw1jbcbarQ==
+showInAdvancedViewOnly: TRUE
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=RID-Manager,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2213
+-
+
+dn: CN=domainDNS-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: adminContextMenu
+adminContextMenu: 3,{2fb1b669-59ea-4f64-b728-05309f2c11c8}
+-
+
+dn: CN=computer-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: adminPropertyPages
+adminPropertyPages: 13,{2fb1b669-59ea-4f64-b728-05309f2c11c8}
+-
+
+dn: CN=Certificate-AutoEnrollment,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+showInAdvancedViewOnly: TRUE
+appliesTo: e5209ca2-3bba-11d2-90cc-00c04fd91ab1
+displayname: AutoEnrollment
+localizationDisplayId: 83
+rightsGuid: a05b8cc2-17bc-4802-a710-e7c15ab866a2
+validAccesses: 256
+
+# Update element: computer
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.4.2234
+-
+
+dn: CN=ms-DS-cloudExtensionAttribute1,CN=Schema,CN=Configuration,dc=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute1
+lDAPDisplayName: msDS-cloudExtensionAttribute1
+adminDisplayName: ms-DS-cloudExtensionAttribute1
+adminDescription: An attribute used to house an arbitrary cloud-relevant string
+attributeID: 1.2.840.113556.1.4.2214
+attributeSyntax: 2.5.5.12
+oMSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+isMemberOfPartialAttributeSet: TRUE
+schemaIDGUID:: r+oJl9pJsk2QigRG5eq4RA==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-cloudExtensionAttribute2,CN=Schema,CN=Configuration,dc=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute2
+lDAPDisplayName: msDS-cloudExtensionAttribute2
+adminDisplayName: ms-DS-cloudExtensionAttribute2
+adminDescription: An attribute used to house an arbitrary cloud-relevant string
+attributeID: 1.2.840.113556.1.4.2215
+attributeSyntax: 2.5.5.12
+oMSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+isMemberOfPartialAttributeSet: TRUE
+schemaIDGUID:: rOBO88HAqUuCyRqQdS8WpQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-cloudExtensionAttribute3,CN=Schema,CN=Configuration,dc=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute3
+lDAPDisplayName: msDS-cloudExtensionAttribute3
+adminDisplayName: ms-DS-cloudExtensionAttribute3
+adminDescription: An attribute used to house an arbitrary cloud-relevant string
+attributeID: 1.2.840.113556.1.4.2216
+attributeSyntax: 2.5.5.12
+oMSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+isMemberOfPartialAttributeSet: TRUE
+schemaIDGUID:: Gsj2gtr6DUqw93BtRoOOtQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-cloudExtensionAttribute4,CN=Schema,CN=Configuration,dc=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute4
+lDAPDisplayName: msDS-cloudExtensionAttribute4
+adminDisplayName: ms-DS-cloudExtensionAttribute4
+adminDescription: An attribute used to house an arbitrary cloud-relevant string
+attributeID: 1.2.840.113556.1.4.2217
+attributeSyntax: 2.5.5.12
+oMSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+isMemberOfPartialAttributeSet: TRUE
+schemaIDGUID:: NzS/nG5OW0iykSKwJVQnPw==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-cloudExtensionAttribute5,CN=Schema,CN=Configuration,dc=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute5
+lDAPDisplayName: msDS-cloudExtensionAttribute5
+adminDisplayName: ms-DS-cloudExtensionAttribute5
+adminDescription: An attribute used to house an arbitrary cloud-relevant string
+attributeID: 1.2.840.113556.1.4.2218
+attributeSyntax: 2.5.5.12
+oMSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+isMemberOfPartialAttributeSet: TRUE
+schemaIDGUID:: W+gVKUfjUkiquyLlplHIZA==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-cloudExtensionAttribute6,CN=Schema,CN=Configuration,dc=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute6
+lDAPDisplayName: msDS-cloudExtensionAttribute6
+adminDisplayName: ms-DS-cloudExtensionAttribute6
+adminDescription: An attribute used to house an arbitrary cloud-relevant string
+attributeID: 1.2.840.113556.1.4.2219
+attributeSyntax: 2.5.5.12
+oMSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+isMemberOfPartialAttributeSet: TRUE
+schemaIDGUID:: eSZFYOEo7Eus43EoMzYUVg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-cloudExtensionAttribute7,CN=Schema,CN=Configuration,dc=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute7
+lDAPDisplayName: msDS-cloudExtensionAttribute7
+adminDisplayName: ms-DS-cloudExtensionAttribute7
+adminDescription: An attribute used to house an arbitrary cloud-relevant string
+attributeID: 1.2.840.113556.1.4.2220
+attributeSyntax: 2.5.5.12
+oMSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+isMemberOfPartialAttributeSet: TRUE
+schemaIDGUID:: GRN8Sk7jwkCdAGD/eJDyBw==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-cloudExtensionAttribute8,CN=Schema,CN=Configuration,dc=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute8
+lDAPDisplayName: msDS-cloudExtensionAttribute8
+adminDisplayName: ms-DS-cloudExtensionAttribute8
+adminDescription: An attribute used to house an arbitrary cloud-relevant string
+attributeID: 1.2.840.113556.1.4.2221
+attributeSyntax: 2.5.5.12
+oMSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+isMemberOfPartialAttributeSet: TRUE
+schemaIDGUID:: FMXRPEmEykSBwAIXgYANKg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-cloudExtensionAttribute9,CN=Schema,CN=Configuration,dc=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute9
+lDAPDisplayName: msDS-cloudExtensionAttribute9
+adminDisplayName: ms-DS-cloudExtensionAttribute9
+adminDescription: An attribute used to house an arbitrary cloud-relevant string
+attributeID: 1.2.840.113556.1.4.2222
+attributeSyntax: 2.5.5.12
+oMSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+isMemberOfPartialAttributeSet: TRUE
+schemaIDGUID:: LOFjCkAwQUSuJs2Vrw0kfg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-cloudExtensionAttribute10,CN=Schema,CN=Configuration,dc=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute10
+lDAPDisplayName: msDS-cloudExtensionAttribute10
+adminDisplayName: ms-DS-cloudExtensionAttribute10
+adminDescription: An attribute used to house an arbitrary cloud-relevant string
+attributeID: 1.2.840.113556.1.4.2223
+attributeSyntax: 2.5.5.12
+oMSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+isMemberOfPartialAttributeSet: TRUE
+schemaIDGUID:: s/wKZ70T/EeQswpSftgatw==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-cloudExtensionAttribute11,CN=Schema,CN=Configuration,dc=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute11
+lDAPDisplayName: msDS-cloudExtensionAttribute11
+adminDisplayName: ms-DS-cloudExtensionAttribute11
+adminDescription: An attribute used to house an arbitrary cloud-relevant string
+attributeID: 1.2.840.113556.1.4.2224
+attributeSyntax: 2.5.5.12
+oMSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+isMemberOfPartialAttributeSet: TRUE
+schemaIDGUID:: yLuenqV9pkKJJSROEqVuJA==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-cloudExtensionAttribute12,CN=Schema,CN=Configuration,dc=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute12
+lDAPDisplayName: msDS-cloudExtensionAttribute12
+adminDisplayName: ms-DS-cloudExtensionAttribute12
+adminDescription: An attribute used to house an arbitrary cloud-relevant string
+attributeID: 1.2.840.113556.1.4.2225
+attributeSyntax: 2.5.5.12
+oMSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+isMemberOfPartialAttributeSet: TRUE
+schemaIDGUID:: PcQBPAvhyk+Sskz2FdWwmg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-cloudExtensionAttribute13,CN=Schema,CN=Configuration,dc=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute13
+lDAPDisplayName: msDS-cloudExtensionAttribute13
+adminDisplayName: ms-DS-cloudExtensionAttribute13
+adminDescription: An attribute used to house an arbitrary cloud-relevant string
+attributeID: 1.2.840.113556.1.4.2226
+attributeSyntax: 2.5.5.12
+oMSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+isMemberOfPartialAttributeSet: TRUE
+schemaIDGUID:: S0a+KJCreUumsN9DdDHQNg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-cloudExtensionAttribute14,CN=Schema,CN=Configuration,dc=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute14
+lDAPDisplayName: msDS-cloudExtensionAttribute14
+adminDisplayName: ms-DS-cloudExtensionAttribute14
+adminDescription: An attribute used to house an arbitrary cloud-relevant string
+attributeID: 1.2.840.113556.1.4.2227
+attributeSyntax: 2.5.5.12
+oMSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+isMemberOfPartialAttributeSet: TRUE
+schemaIDGUID:: ura8zoBuJ0mFYJj+yghqnw==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-cloudExtensionAttribute15,CN=Schema,CN=Configuration,dc=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute15
+lDAPDisplayName: msDS-cloudExtensionAttribute15
+adminDisplayName: ms-DS-cloudExtensionAttribute15
+adminDescription: An attribute used to house an arbitrary cloud-relevant string
+attributeID: 1.2.840.113556.1.4.2228
+attributeSyntax: 2.5.5.12
+oMSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+isMemberOfPartialAttributeSet: TRUE
+schemaIDGUID:: N9XkqvCKqk2cxmLq24T/Aw==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-cloudExtensionAttribute16,CN=Schema,CN=Configuration,dc=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute16
+lDAPDisplayName: msDS-cloudExtensionAttribute16
+adminDisplayName: ms-DS-cloudExtensionAttribute16
+adminDescription: An attribute used to house an arbitrary cloud-relevant string
+attributeID: 1.2.840.113556.1.4.2229
+attributeSyntax: 2.5.5.12
+oMSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+isMemberOfPartialAttributeSet: TRUE
+schemaIDGUID:: WyGBlZZRU0ChHm/8r8YsTQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-cloudExtensionAttribute17,CN=Schema,CN=Configuration,dc=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute17
+lDAPDisplayName: msDS-cloudExtensionAttribute17
+adminDisplayName: ms-DS-cloudExtensionAttribute17
+adminDescription: An attribute used to house an arbitrary cloud-relevant string
+attributeID: 1.2.840.113556.1.4.2230
+attributeSyntax: 2.5.5.12
+oMSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+isMemberOfPartialAttributeSet: TRUE
+schemaIDGUID:: 2m08PehrKUKWfi/1u5O0zg==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-cloudExtensionAttribute18,CN=Schema,CN=Configuration,dc=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute18
+lDAPDisplayName: msDS-cloudExtensionAttribute18
+adminDisplayName: ms-DS-cloudExtensionAttribute18
+adminDescription: An attribute used to house an arbitrary cloud-relevant string
+attributeID: 1.2.840.113556.1.4.2231
+attributeSyntax: 2.5.5.12
+oMSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+isMemberOfPartialAttributeSet: TRUE
+schemaIDGUID:: NDvniKYKaUSYQm6wGzKltQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-cloudExtensionAttribute19,CN=Schema,CN=Configuration,dc=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute19
+lDAPDisplayName: msDS-cloudExtensionAttribute19
+adminDisplayName: ms-DS-cloudExtensionAttribute19
+adminDescription: An attribute used to house an arbitrary cloud-relevant string
+attributeID: 1.2.840.113556.1.4.2232
+attributeSyntax: 2.5.5.12
+oMSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+isMemberOfPartialAttributeSet: TRUE
+schemaIDGUID:: mf51CQeWikaOGMgA0zhzlQ==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-cloudExtensionAttribute20,CN=Schema,CN=Configuration,dc=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DS-cloudExtensionAttribute20
+lDAPDisplayName: msDS-cloudExtensionAttribute20
+adminDisplayName: ms-DS-cloudExtensionAttribute20
+adminDescription: An attribute used to house an arbitrary cloud-relevant string
+attributeID: 1.2.840.113556.1.4.2233
+attributeSyntax: 2.5.5.12
+oMSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+isMemberOfPartialAttributeSet: TRUE
+schemaIDGUID:: KGNE9W6LjUmVqCEXSNWs3A==
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Cloud-Extensions,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDS-CloudExtensions
+adminDisplayName: ms-DS-Cloud-Extensions
+adminDescription: A collection of attributes used to house arbitrary cloud-relevant strings.
+governsId: 1.2.840.113556.1.5.283
+objectClassCategory: 3
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+MayContain: 1.2.840.113556.1.4.2214
+MayContain: 1.2.840.113556.1.4.2215
+MayContain: 1.2.840.113556.1.4.2216
+MayContain: 1.2.840.113556.1.4.2217
+MayContain: 1.2.840.113556.1.4.2218
+MayContain: 1.2.840.113556.1.4.2219
+MayContain: 1.2.840.113556.1.4.2220
+MayContain: 1.2.840.113556.1.4.2221
+MayContain: 1.2.840.113556.1.4.2222
+MayContain: 1.2.840.113556.1.4.2223
+MayContain: 1.2.840.113556.1.4.2224
+MayContain: 1.2.840.113556.1.4.2225
+MayContain: 1.2.840.113556.1.4.2226
+MayContain: 1.2.840.113556.1.4.2227
+MayContain: 1.2.840.113556.1.4.2228
+MayContain: 1.2.840.113556.1.4.2229
+MayContain: 1.2.840.113556.1.4.2230
+MayContain: 1.2.840.113556.1.4.2231
+MayContain: 1.2.840.113556.1.4.2232
+MayContain: 1.2.840.113556.1.4.2233
+schemaIdGuid:: pIceZCaDcUe6LccG3zXjWg==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Cloud-Extensions,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemAuxiliaryClass
+systemAuxiliaryClass: 1.2.840.113556.1.5.283
+-
+
+dn: CN=Personal-Information,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: appliesTo
+appliesTo: 641E87A4-8326-4771-BA2D-C706DF35E35A
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 52
+-
+```
+
+### Sch53.ldf
+
+```
+dn: CN=ms-Authz-Central-Access-Rule,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2156
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 53
+-
+```
+
+### Sch54.ldf
+
+```
+dn: CN=User-Account-Restrictions,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: appliesTo
+appliesTo: 7b8b558a-93a5-4af7-adca-c017e67f1057
+-
+
+dn: CN=ms-DS-Allowed-To-Act-On-Behalf-Of-Other-Identity,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: attributeSecurityGuid
+attributeSecurityGuid:: AEIWTMAg0BGnaACqAG4FKQ==
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 54
+-
+```
+
+### Sch55.ldf
+
+```
+dn: CN=DNS-Host-Name-Attributes,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: appliesTo
+appliesTo: 7b8b558a-93a5-4af7-adca-c017e67f1057
+-
+
+dn: CN=Validated-DNS-Host-Name,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: appliesTo
+appliesTo: 7b8b558a-93a5-4af7-adca-c017e67f1057
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 55
+-
+```
+
+### Sch56.ldf
+
+```
+# Update element: computer. Remove netboot-DUID from mayContain
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: mayContain
+mayContain: 1.2.840.113556.1.4.2234
+-
+
+# Update element: computer. Add netboot-DUID to SystemMayContain
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2234
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 56
+-
+```
+
+## Schema Updates in previous versions of Windows Server
+
+Sch0.ldf through Sch47.ldf are introduced with Windows Server 2000 to Windows Server 2008 R2.
+
+### Sch0.ldf
+
+```
+# Make a system-only mod first. If  they haven't got the binary
+# support necessary, it will fail right here, and the tool can
+# later be rerun.
+
+dn: CN=User-Principal-Name,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemFlags
+systemFlags: 2
+-
+
+# Add these two objects first. If the DC is running a 1717.IDS schema,
+# these were deleted just before this. So add them first so that
+# the system does not run without them for long
+# They are not dependent on any schema changes
+
+dn: CN=container-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: add
+objectClass: displaySpecifier
+hideFromAB: TRUE
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+classDisplayName: Container
+attributeDisplayNames: cn,Name
+attributeDisplayNames: description,Description
+
+dn: CN=default-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: add
+objectClass: displaySpecifier
+hideFromAB: TRUE
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+attributeDisplayNames: cn,Name
+attributeDisplayNames: description,Description
+
+
+# Attribute Adds
+
+dn: CN=Pek-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: pekList
+adminDisplayName: Pek-List
+adminDescription: Pek-List
+attributeId: 1.2.840.113556.1.4.865
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: gzA4B9+R0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+systemFlags: 1
+
+dn: CN=FRS-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: fRSFlags
+adminDisplayName: FRS-Flags
+adminDescription: FRS-Flags
+attributeId: 1.2.840.113556.1.4.874
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: fSUTKnOT0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=Site-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: siteList
+adminDisplayName: Site-List
+adminDescription: Site-List
+attributeId: 1.2.840.113556.1.4.821
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 3CwM1VGJ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=Msi-Script,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msiScript
+adminDisplayName: Msi-Script
+adminDescription: Msi-Script
+attributeId: 1.2.840.113556.1.4.814
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: E4Ph2TmJ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=FRS-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: fRSVersion
+adminDisplayName: FRS-Version
+adminDescription: FRS-Version
+attributeId: 1.2.840.113556.1.4.882
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32
+schemaIdGuid:: hSUTKnOT0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=Treat-As-Leaf,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: treatAsLeaf
+adminDisplayName: Treat-As-Leaf
+adminDescription: Treat-As-Leaf
+attributeId: 1.2.840.113556.1.4.806
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 40TQjx930RGurgAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=Product-Code,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: productCode
+adminDisplayName: Product-Code
+adminDescription: Product-Code
+attributeId: 1.2.840.113556.1.4.818
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 16
+schemaIdGuid:: F4Ph2TmJ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=DNS-Host-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: dNSHostName
+adminDisplayName: DNS-Host-Name
+adminDescription: DNS-Host-Name
+attributeId: 1.2.840.113556.1.4.619
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+schemaIdGuid:: R5Xjchh70RGt7wDAT9jVzQ==
+hideFromAB: TRUE
+
+
+dn: CN=Create-Dialog,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: createDialog
+adminDisplayName: Create-Dialog
+adminDescription: Create-Dialog
+attributeId: 1.2.840.113556.1.4.810
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: ipUJKzGJ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=netboot-SCP-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: netbootSCPBL
+adminDisplayName: netboot-SCP-BL
+adminDescription: netboot-SCP-BL
+attributeId: 1.2.840.113556.1.4.864
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: gjA4B9+R0RGuvAAA+ANnwQ==
+linkID: 101
+hideFromAB: TRUE
+systemFlags: 1
+
+dn: CN=Site-Link-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: siteLinkList
+adminDisplayName: Site-Link-List
+adminDescription: Site-Link-List
+attributeId: 1.2.840.113556.1.4.822
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 3SwM1VGJ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=netboot-Tools,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: netbootTools
+adminDisplayName: netboot-Tools
+adminDescription: netboot-Tools
+attributeId: 1.2.840.113556.1.4.858
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: fzA4B9+R0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+
+dn: CN=Msi-Script-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msiScriptName
+adminDisplayName: Msi-Script-Name
+adminDescription: Msi-Script-Name
+attributeId: 1.2.840.113556.1.4.845
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: Yt2nlhiR0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=netboot-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: netbootServer
+adminDisplayName: netboot-Server
+adminDescription: netboot-Server
+attributeId: 1.2.840.113556.1.4.860
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: gTA4B9+R0RGuvAAA+ANnwQ==
+linkID: 100
+hideFromAB: TRUE
+
+dn: CN=Msi-Script-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msiScriptSize
+adminDisplayName: Msi-Script-Size
+adminDescription: Msi-Script-Size
+attributeId: 1.2.840.113556.1.4.846
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: Y92nlhiR0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=LDAP-IPDeny-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: lDAPIPDenyList
+adminDisplayName: LDAP-IPDeny-List
+adminDescription: LDAP-IPDeny-List
+attributeId: 1.2.840.113556.1.4.844
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: U6NZc/eQ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=Install-Ui-Level,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: installUiLevel
+adminDisplayName: Install-Ui-Level
+adminDescription: Install-Ui-Level
+attributeId: 1.2.840.113556.1.4.847
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: ZN2nlhiR0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=Terminal-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: terminalServer
+adminDisplayName: Terminal-Server
+adminDescription: Terminal-Server
+attributeId: 1.2.840.113556.1.4.885
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: HJq2bSKU0RGuvQAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=LDAP-Admin-Limits,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: lDAPAdminLimits
+adminDisplayName: LDAP-Admin-Limits
+adminDescription: LDAP-Admin-Limits
+attributeId: 1.2.840.113556.1.4.843
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: UqNZc/eQ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=Create-Wizard-Ext,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: createWizardExt
+adminDisplayName: Create-Wizard-Ext
+adminDescription: Create-Wizard-Ext
+attributeId: 1.2.840.113556.1.4.812
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: i5UJKzGJ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=Purported-Search,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: purportedSearch
+adminDisplayName: Purported-Search
+adminDescription: Purported-Search
+attributeId: 1.2.840.113556.1.4.886
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+schemaIdGuid:: UE61tDqU0RGuvQAA+ANnwQ==
+hideFromAB: TRUE
+
+
+dn: CN=ms-RRAS-Attribute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRRASAttribute
+adminDisplayName: ms-RRAS-Attribute
+adminDescription: ms-RRAS-Attribute
+attributeId: 1.2.840.113556.1.4.884
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: rZib842T0RGuvQAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=File-Ext-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: fileExtPriority
+adminDisplayName: File-Ext-Priority
+adminDescription: File-Ext-Priority
+attributeId: 1.2.840.113556.1.4.816
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 1
+schemaIdGuid:: FYPh2TmJ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+
+dn: CN=Can-Upgrade-Script,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: canUpgradeScript
+adminDisplayName: Can-Upgrade-Script
+adminDescription: Can-Upgrade-Script
+attributeId: 1.2.840.113556.1.4.815
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: FIPh2TmJ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=App-Schema-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: appSchemaVersion
+adminDisplayName: App-Schema-Version
+adminDescription: App-Schema-Version
+attributeId: 1.2.840.113556.1.4.848
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: Zd2nlhiR0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=FRS-Primary-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: fRSPrimaryMember
+adminDisplayName: FRS-Primary-Member
+adminDescription: FRS-Primary-Member
+attributeId: 1.2.840.113556.1.4.878
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+linkId: 106
+schemaIdGuid:: gSUTKnOT0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+
+dn: CN=Remote-Storage-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: remoteStorageGUID
+adminDisplayName: Remote-Storage-GUID
+adminDescription: Remote-Storage-GUID
+attributeId: 1.2.840.113556.1.4.809
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: sMU5KmCJ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+
+dn: CN=netboot-Max-Clients,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: netbootMaxClients
+adminDisplayName: netboot-Max-Clients
+adminDescription: netboot-Max-Clients
+attributeId: 1.2.840.113556.1.4.851
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: eDA4B9+R0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+
+dn: CN=FRS-Member-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: fRSMemberReference
+adminDisplayName: FRS-Member-Reference
+adminDescription: FRS-Member-Reference
+attributeId: 1.2.840.113556.1.4.875
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: fiUTKnOT0RGuvAAA+ANnwQ==
+linkID: 104
+hideFromAB: TRUE
+systemFlags: 2
+
+dn: CN=Upgrade-Product-Code,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: upgradeProductCode
+adminDisplayName: Upgrade-Product-Code
+adminDescription: Upgrade-Product-Code
+attributeId: 1.2.840.113556.1.4.813
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 16
+schemaIdGuid:: EoPh2TmJ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=FRS-Time-Last-Command,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: fRSTimeLastCommand
+adminDisplayName: FRS-Time-Last-Command
+adminDescription: FRS-Time-Last-Command
+attributeId: 1.2.840.113556.1.4.880
+attributeSyntax: 2.5.5.11
+omSyntax: 23
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: gyUTKnOT0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+
+dn: CN=netboot-New-Machine-OU,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: netbootNewMachineOU
+adminDisplayName: netboot-New-Machine-OU
+adminDescription: netboot-New-Machine-OU
+attributeId: 1.2.840.113556.1.4.856
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: fTA4B9+R0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=netboot-Limit-Clients,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: netbootLimitClients
+adminDisplayName: netboot-Limit-Clients
+adminDescription: netboot-Limit-Clients
+attributeId: 1.2.840.113556.1.4.850
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: dzA4B9+R0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=Signature-Algorithms,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: signatureAlgorithms
+adminDisplayName: Signature-Algorithms
+adminDescription: Signature-Algorithms
+attributeId: 1.2.840.113556.1.4.824
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: ssU5KmCJ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=FRS-Partner-Auth-Level,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: fRSPartnerAuthLevel
+adminDisplayName: FRS-Partner-Auth-Level
+adminDescription: FRS-Partner-Auth-Level
+attributeId: 1.2.840.113556.1.4.877
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: gCUTKnOT0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=Enrollment-Providers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: enrollmentProviders
+adminDisplayName: Enrollment-Providers
+adminDescription: Enrollment-Providers
+attributeId: 1.2.840.113556.1.4.825
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: s8U5KmCJ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=FRS-Member-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: fRSMemberReferenceBL
+adminDisplayName: FRS-Member-Reference-BL
+adminDescription: FRS-Member-Reference-BL
+attributeId: 1.2.840.113556.1.4.876
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: fyUTKnOT0RGuvAAA+ANnwQ==
+linkID: 105
+hideFromAB: TRUE
+systemFlags: 1
+
+dn: CN=Certificate-Templates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: certificateTemplates
+adminDisplayName: Certificate-Templates
+adminDescription: Certificate-Templates
+attributeId: 1.2.840.113556.1.4.823
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: scU5KmCJ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=Pek-Key-Change-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: pekKeyChangeInterval
+adminDisplayName: Pek-Key-Change-Interval
+adminDescription: Pek-Key-Change-Interval
+attributeId: 1.2.840.113556.1.4.866
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: hDA4B9+R0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=Localized-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: localizedDescription
+adminDisplayName: Localized-Description
+adminDescription: Localized-Description
+attributeId: 1.2.840.113556.1.4.817
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: FoPh2TmJ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=Frs-Computer-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: frsComputerReference
+adminDisplayName: Frs-Computer-Reference
+adminDescription: Frs-Computer-Reference
+attributeId: 1.2.840.113556.1.4.869
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: eCUTKnOT0RGuvAAA+ANnwQ==
+linkID: 102
+systemFlags: 2
+hideFromAB: TRUE
+
+dn: CN=Alt-Security-Identities,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: altSecurityIdentities
+adminDisplayName: Alt-Security-Identities
+adminDescription: Alt-Security-Identities
+attributeId: 1.2.840.113556.1.4.867
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 1
+schemaIdGuid:: DPP7AP6R0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=netboot-Answer-Requests,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: netbootAnswerRequests
+adminDisplayName: netboot-Answer-Requests
+adminDescription: netboot-Answer-Requests
+attributeId: 1.2.840.113556.1.4.853
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: ejA4B9+R0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=Bridgehead-Server-List-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: bridgeheadServerListBL
+adminDisplayName: Bridgehead-Server-List-BL
+adminDescription: Bridgehead-Server-List-BL
+attributeId: 1.2.840.113556.1.4.820
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 2ywM1VGJ0RGuvAAA+ANnwQ==
+linkID: 99
+hideFromAB: TRUE
+systemFlags: 1
+
+dn: CN=Frs-Computer-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: frsComputerReferenceBL
+adminDisplayName: Frs-Computer-Reference-BL
+adminDescription: Frs-Computer-Reference-BL
+attributeId: 1.2.840.113556.1.4.870
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: eSUTKnOT0RGuvAAA+ANnwQ==
+linkID: 103
+hideFromAB: TRUE
+systemFlags: 1
+
+dn: CN=FRS-Control-Data-Creation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: fRSControlDataCreation
+adminDisplayName: FRS-Control-Data-Creation
+adminDescription: FRS-Control-Data-Creation
+attributeId: 1.2.840.113556.1.4.871
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32
+schemaIdGuid:: eiUTKnOT0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=Is-Critical-System-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: isCriticalSystemObject
+adminDisplayName: Is-Critical-System-Object
+adminDescription: Is-Critical-System-Object
+attributeId: 1.2.840.113556.1.4.868
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+schemaIdGuid:: DfP7AP6R0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=netboot-Allow-New-Clients,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: netbootAllowNewClients
+adminDisplayName: netboot-Allow-New-Clients
+adminDescription: netboot-Allow-New-Clients
+attributeId: 1.2.840.113556.1.4.849
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: djA4B9+R0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=FRS-Time-Last-Config-Change,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: fRSTimeLastConfigChange
+adminDisplayName: FRS-Time-Last-Config-Change
+adminDescription: FRS-Time-Last-Config-Change
+attributeId: 1.2.840.113556.1.4.881
+attributeSyntax: 2.5.5.11
+omSyntax: 23
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: hCUTKnOT0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=Bridgehead-Transport-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: bridgeheadTransportList
+adminDisplayName: Bridgehead-Transport-List
+adminDescription: Bridgehead-Transport-List
+attributeId: 1.2.840.113556.1.4.819
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 2iwM1VGJ0RGuvAAA+ANnwQ==
+linkID: 98
+hideFromAB: TRUE
+
+dn: CN=FRS-Service-Command-Status,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: fRSServiceCommandStatus
+adminDisplayName: FRS-Service-Command-Status
+adminDescription: FRS-Service-Command-Status
+attributeId: 1.2.840.113556.1.4.879
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 512
+schemaIdGuid:: giUTKnOT0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=FRS-Control-Inbound-Backlog,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: fRSControlInboundBacklog
+adminDisplayName: FRS-Control-Inbound-Backlog
+adminDescription: FRS-Control-Inbound-Backlog
+attributeId: 1.2.840.113556.1.4.872
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32
+schemaIdGuid:: eyUTKnOT0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=netboot-IntelliMirror-OSes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: netbootIntelliMirrorOSes
+adminDisplayName: netboot-IntelliMirror-OSes
+adminDescription: netboot-IntelliMirror-OSes
+attributeId: 1.2.840.113556.1.4.857
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: fjA4B9+R0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=FRS-Control-Outbound-Backlog,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: fRSControlOutboundBacklog
+adminDisplayName: FRS-Control-Outbound-Backlog
+adminDescription: FRS-Control-Outbound-Backlog
+attributeId: 1.2.840.113556.1.4.873
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32
+schemaIdGuid:: fCUTKnOT0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=netboot-Current-Client-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: netbootCurrentClientCount
+adminDisplayName: netboot-Current-Client-Count
+adminDescription: netboot-Current-Client-Count
+attributeId: 1.2.840.113556.1.4.852
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: eTA4B9+R0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=IPSEC-Negotiation-Policy-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: iPSECNegotiationPolicyType
+adminDisplayName: IPSEC-Negotiation-Policy-Type
+adminDescription: IPSEC-Negotiation-Policy-Type
+attributeId: 1.2.840.113556.1.4.887
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: dDA4B9+R0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=ms-RRAS-Vendor-Attribute-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRRASVendorAttributeEntry
+adminDisplayName: ms-RRAS-Vendor-Attribute-Entry
+adminDescription: ms-RRAS-Vendor-Attribute-Entry
+attributeId: 1.2.840.113556.1.4.883
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: rJib842T0RGuvQAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=netboot-Locally-Installed-OSes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: netbootLocallyInstalledOSes
+adminDisplayName: netboot-Locally-Installed-OSes
+adminDescription: netboot-Locally-Installed-OSes
+attributeId: 1.2.840.113556.1.4.859
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: gDA4B9+R0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=IPSEC-Negotiation-Policy-Action,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: iPSECNegotiationPolicyAction
+adminDisplayName: IPSEC-Negotiation-Policy-Action
+adminDescription: IPSEC-Negotiation-Policy-Action
+attributeId: 1.2.840.113556.1.4.888
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: dTA4B9+R0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=netboot-New-Machine-Naming-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: netbootNewMachineNamingPolicy
+adminDisplayName: netboot-New-Machine-Naming-Policy
+adminDescription: netboot-New-Machine-Naming-Policy
+attributeId: 1.2.840.113556.1.4.855
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: fDA4B9+R0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=netboot-Answer-Only-Valid-Clients,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: netbootAnswerOnlyValidClients
+adminDisplayName: netboot-Answer-Only-Valid-Clients
+adminDescription: netboot-Answer-Only-Valid-Clients
+attributeId: 1.2.840.113556.1.4.854
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: ezA4B9+R0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=UPN-Suffixes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+lDAPDisplayName: uPNSuffixes
+adminDescription: UPN-Suffixes
+adminDisplayName: UPN-Suffixes
+attributeID: 1.2.840.113556.1.4.890
+attributeSyntax: 2.5.5.12
+oMSyntax: 64
+isSingleValued: FALSE
+schemaIDGUID:: v2AhAySY0RGuwAAA+ANnwQ==
+searchFlags: 0
+systemOnly: FALSE
+hideFromAB: TRUE
+
+dn: CN=Additional-Trusted-Service-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+lDAPDisplayName: additionalTrustedServiceNames
+adminDescription: Additional-Trusted-Service-Names
+adminDisplayName: Additional-Trusted-Service-Names
+attributeID: 1.2.840.113556.1.4.889
+attributeSyntax: 2.5.5.12
+oMSyntax: 64
+isSingleValued: FALSE
+schemaIDGUID:: vmAhAySY0RGuwAAA+ANnwQ==
+searchFlags: 0
+systemOnly: FALSE
+hideFromAB: TRUE
+
+
+# Here because OID got reused with different syntax
+# We will delete Replica-Set-Type, and add FRS-Replica-Set-Type
+# with a new OID.
+
+dn: CN=NTFRS-Replica-Set,CN=schema,CN=configuration,DC=X
+changetype: modify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.30
+-
+
+dn: CN=Replica-Set-Type,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=FRS-Replica-Set-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: fRSReplicaSetType
+adminDisplayName: FRS-Replica-Set-Type
+adminDescription: FRS-Replica-Set-Type
+attributeId: 1.2.840.113556.1.4.31
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: a3PZJnBg0RGpxgAA+ANnwQ==
+hideFromAB: TRUE
+
+# Attribute Renames, plus some modifies in some cases
+
+dn: CN=Replication-DS-Poll,CN=schema,CN=configuration,DC=X
+changetype: modrdn
+newrdn: FRS-DS-Poll
+deleteoldrdn: 1
+
+dn: CN=FRS-DS-Poll,CN=schema,CN=configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: fRSDSPoll
+-
+replace: adminDisplayName
+adminDisplayName: FRS-DS-Poll
+-
+replace: adminDescription
+adminDescription: FRS-DS-Poll
+-
+
+
+dn: CN=Com-Unique-Cat-Id,CN=schema,CN=configuration,DC=X
+changetype: modrdn
+newrdn: Category-Id
+deleteoldrdn: 1
+
+dn: CN=Category-Id,CN=schema,CN=configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: categoryId
+-
+replace: adminDisplayName
+adminDisplayName: Category-Id
+-
+replace: adminDescription
+adminDescription: Category-Id
+-
+
+
+dn: CN=Replication-Root-Path,CN=schema,CN=configuration,DC=X
+changetype: modrdn
+newrdn: FRS-Root-Path
+deleteoldrdn: 1
+
+dn: CN=FRS-Root-Path,CN=schema,CN=configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: fRSRootPath
+-
+replace: adminDisplayName
+adminDisplayName: FRS-Root-Path
+-
+replace: adminDescription
+adminDescription: FRS-Root-Path
+-
+add: rangeLower
+rangeLower: 0
+-
+add: rangeUpper
+rangeUpper: 2048
+-
+
+
+dn: CN=Replication-File-Filter,CN=schema,CN=configuration,DC=X
+changetype: modrdn
+newrdn: FRS-File-Filter
+deleteoldrdn: 1
+
+dn: CN=FRS-File-Filter,CN=schema,CN=configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: fRSFileFilter
+-
+replace: adminDisplayName
+adminDisplayName: FRS-File-Filter
+-
+replace: adminDescription
+adminDescription: FRS-File-Filter
+-
+add: rangeLower
+rangeLower: 0
+-
+add: rangeUpper
+rangeUpper: 2048
+-
+
+
+dn: CN=Replication-Level-Limit,CN=schema,CN=configuration,DC=X
+changetype: modrdn
+newrdn: FRS-Level-Limit
+deleteoldrdn: 1
+
+dn: CN=FRS-Level-Limit,CN=schema,CN=configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: fRSLevelLimit
+-
+replace: adminDisplayName
+adminDisplayName: FRS-Level-Limit
+-
+replace: adminDescription
+adminDescription: FRS-Level-Limit
+-
+
+
+dn: CN=Replication-Extensions,CN=schema,CN=configuration,DC=X
+changetype: modrdn
+newrdn: FRS-Extensions
+deleteoldrdn: 1
+
+dn: CN=FRS-Extensions,CN=schema,CN=configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: fRSExtensions
+-
+replace: adminDisplayName
+adminDisplayName: FRS-Extensions
+-
+replace: adminDescription
+adminDescription: FRS-Extensions
+-
+add: rangeLower
+rangeLower: 0
+-
+add: rangeUpper
+rangeUpper: 65536
+-
+
+dn: CN=Replication-Staging-Path,CN=schema,CN=configuration,DC=X
+changetype: modrdn
+newrdn: FRS-Staging-Path
+deleteoldrdn: 1
+
+dn: CN=FRS-Staging-Path,CN=schema,CN=configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: fRSStagingPath
+-
+replace: adminDisplayName
+adminDisplayName: FRS-Staging-Path
+-
+replace: adminDescription
+adminDescription: FRS-Staging-Path
+-
+add: rangeLower
+rangeLower: 0
+-
+add: rangeUpper
+rangeUpper: 2048
+-
+
+
+dn: CN=Code-Package,CN=schema,CN=configuration,DC=X
+changetype: modrdn
+newrdn: Msi-Script-Path
+deleteoldrdn: 1
+
+dn: CN=Msi-Script-Path,CN=schema,CN=configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: msiScriptPath
+-
+replace: adminDisplayName
+adminDisplayName: Msi-Script-Path
+-
+replace: adminDescription
+adminDescription: Msi-Script-Path
+-
+
+
+dn: CN=Replication-DB-Path,CN=schema,CN=configuration,DC=X
+changetype: modrdn
+newrdn: FRS-Working-Path
+deleteoldrdn: 1
+
+dn: CN=FRS-Working-Path,CN=schema,CN=configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: fRSWorkingPath
+-
+replace: adminDisplayName
+adminDisplayName: FRS-Working-Path
+-
+replace: adminDescription
+adminDescription: FRS-Working-Path
+-
+add: rangeLower
+rangeLower: 0
+-
+add: rangeUpper
+rangeUpper: 2048
+-
+
+
+dn: CN=Replica-Version-GUID,CN=schema,CN=configuration,DC=X
+changetype: modrdn
+newrdn: FRS-Version-GUID
+deleteoldrdn: 1
+
+dn: CN=FRS-Version-GUID,CN=schema,CN=configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: fRSVersionGuid
+-
+replace: adminDisplayName
+adminDisplayName: FRS-Version-GUID
+-
+replace: adminDescription
+adminDescription: FRS-Version-GUID
+-
+add: rangeLower
+rangeLower: 16
+-
+add: rangeUpper
+rangeUpper: 16
+-
+
+
+dn: CN=Replication-Root-Security,CN=schema,CN=configuration,DC=X
+changetype: modrdn
+newrdn: FRS-Root-Security
+deleteoldrdn: 1
+
+dn: CN=FRS-Root-Security,CN=schema,CN=configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: fRSRootSecurity
+-
+replace: adminDisplayName
+adminDisplayName: FRS-Root-Security
+-
+replace: adminDescription
+adminDescription: FRS-Root-Security
+-
+add: rangeLower
+rangeLower: 0
+-
+add: rangeUpper
+rangeUpper: 65535
+-
+
+
+dn: CN=Replication-Update-Timeout,CN=schema,CN=configuration,DC=X
+changetype: modrdn
+newrdn: FRS-Update-Timeout
+deleteoldrdn: 1
+
+dn: CN=FRS-Update-Timeout,CN=schema,CN=configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: fRSUpdateTimeout
+-
+replace: adminDisplayName
+adminDisplayName: FRS-Update-Timeout
+-
+replace: adminDescription
+adminDescription: FRS-Update-Timeout
+-
+
+
+dn: CN=Replication-Service-Command,CN=schema,CN=configuration,DC=X
+changetype: modrdn
+newrdn: FRS-Service-Command
+deleteoldrdn: 1
+
+dn: CN=FRS-Service-Command,CN=schema,CN=configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: fRSServiceCommand
+-
+replace: adminDisplayName
+adminDisplayName: FRS-Service-Command
+-
+replace: adminDescription
+adminDescription: FRS-Service-Command
+-
+add: rangeLower
+rangeLower: 0
+-
+add: rangeUpper
+rangeUpper: 512
+-
+
+
+dn: CN=Replica-Set-GUID,CN=schema,CN=configuration,DC=X
+changetype: modrdn
+newrdn: FRS-Replica-Set-GUID
+deleteoldrdn: 1
+
+dn: CN=FRS-Replica-Set-GUID,CN=schema,CN=configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: fRSReplicaSetGuid
+-
+replace: adminDisplayName
+adminDisplayName: FRS-Replica-Set-GUID
+-
+replace: adminDescription
+adminDescription: FRS-Replica-Set-GUID
+-
+
+
+dn: CN=Replication-Status,CN=schema,CN=configuration,DC=X
+changetype: modrdn
+newrdn: FRS-Fault-Condition
+deleteoldrdn: 1
+
+dn: CN=FRS-Fault-Condition,CN=schema,CN=configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: fRSFaultCondition
+-
+replace: adminDisplayName
+adminDisplayName: FRS-Fault-Condition
+-
+replace: adminDescription
+adminDescription: FRS-Fault-Condition
+-
+add: rangeLower
+rangeLower: 1
+-
+add: rangeUpper
+rangeUpper: 16
+-
+
+
+dn: CN=Replication-Directory-Filter,CN=schema,CN=configuration,DC=X
+changetype: modrdn
+newrdn: FRS-Directory-Filter
+deleteoldrdn: 1
+
+dn: CN=FRS-Directory-Filter,CN=schema,CN=configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: fRSDirectoryFilter
+-
+replace: adminDisplayName
+adminDisplayName: FRS-Directory-Filter
+-
+replace: adminDescription
+adminDescription: FRS-Directory-Filter
+-
+add: rangeLower
+rangeLower: 0
+-
+add: rangeUpper
+rangeUpper: 2048
+-
+
+dn: CN=Created-Entry,CN=schema,CN=configuration,DC=X
+changetype: modrdn
+newrdn: rpc-Ns-Entry-Flags
+deleteoldrdn: 1
+
+dn: CN=rpc-Ns-Entry-Flags,CN=schema,CN=configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: rpcNsEntryFlags
+-
+replace: adminDisplayName
+adminDisplayName: rpc-Ns-Entry-Flags
+-
+replace: adminDescription
+adminDescription: rpc-Ns-Entry-Flags
+-
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+# Class Adds
+
+dn: CN=NTFRS-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: nTFRSMember
+adminDisplayName: NTFRS-Member
+adminDescription: NTFRS-Member
+governsId: 1.2.840.113556.1.5.153
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.515
+systemMayContain: 1.2.840.113556.1.4.485
+systemMayContain: 1.2.840.113556.1.4.500
+systemMayContain: 1.2.840.113556.1.4.535
+systemMayContain: 1.2.840.113556.1.4.877
+systemMayContain: 1.2.840.113556.1.4.874
+systemMayContain: 1.2.840.113556.1.4.536
+systemMayContain: 1.2.840.113556.1.4.873
+systemMayContain: 1.2.840.113556.1.4.872
+systemMayContain: 1.2.840.113556.1.4.871
+systemMayContain: 1.2.840.113556.1.4.869
+systemPossSuperiors: 1.2.840.113556.1.5.102
+schemaIdGuid:: hiUTKnOT0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTFRS-Member,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Link-Bridge,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: siteLinkBridge
+adminDisplayName: Site-Link-Bridge
+adminDescription: Site-Link-Bridge
+governsId: 1.2.840.113556.1.5.148
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.822
+systemPossSuperiors: 1.2.840.113556.1.5.141
+schemaIdGuid:: 3ywM1VGJ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Site-Link-Bridge,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RRAS-Administration-Connection-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: rRASAdministrationConnectionPoint
+adminDisplayName: RRAS-Administration-Connection-Point
+adminDescription: RRAS-Administration-Connection-Point
+governsId: 1.2.840.113556.1.5.150
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.5.94
+systemMayContain: 1.2.840.113556.1.4.884
+systemPossSuperiors: 1.2.840.113556.1.3.30
+schemaIdGuid:: vsU5KmCJ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=RRAS-Administration-Connection-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTFRS-Subscriptions,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+lDAPDisplayName: nTFRSSubscriptions
+adminDescription: NTFRS-Subscriptions
+adminDisplayName: NTFRS-Subscriptions
+governsID: 1.2.840.113556.1.5.154
+objectClassCategory: 1
+rDNAttID: 2.5.4.3
+subClassOf: 2.5.6.0
+schemaIDGUID:: hyUTKnOT0RGuvAAA+ANnwQ==
+systemMayContain: 1.2.840.113556.1.4.486
+systemMayContain: 1.2.840.113556.1.4.882
+systemMayContain: 1.2.840.113556.1.4.536
+systemPossSuperiors: 1.2.840.113556.1.3.30
+systemPossSuperiors: 1.2.840.113556.1.5.154
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTFRS-Subscriptions,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Storage-Service-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: remoteStorageServicePoint
+adminDisplayName: Remote-Storage-Service-Point
+adminDescription: Remote-Storage-Service-Point
+governsId: 1.2.840.113556.1.5.146
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.5.94
+systemMayContain: 1.2.840.113556.1.4.809
+systemPossSuperiors: 1.2.840.113556.1.3.30
+schemaIdGuid:: vcU5KmCJ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Remote-Storage-Service-Point,CN=Schema,CN=Configuration,DC=X
+
+
+dn: CN=Intellimirror-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+lDAPDisplayName: intellimirrorGroup
+adminDescription: Intellimirror-Group
+adminDisplayName: Intellimirror-Group
+governsID: 1.2.840.113556.1.5.152
+objectClassCategory: 1
+rDNAttID: 2.5.4.3
+schemaIDGUID:: hjA4B9+R0RGuvAAA+ANnwQ==
+subClassOf: 2.5.6.0
+systemPossSuperiors: 2.5.6.5
+systemPossSuperiors: 1.2.840.113556.1.3.23
+hideFromAB: TRUE
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Intellimirror-Group,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: siteLink
+adminDisplayName: Site-Link
+adminDescription: Site-Link
+governsId: 1.2.840.113556.1.5.147
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 1.2.840.113556.1.4.821
+systemMayContain: 1.2.840.113556.1.4.211
+systemMayContain: 1.2.840.113556.1.2.135
+systemPossSuperiors: 1.2.840.113556.1.5.141
+schemaIdGuid:: 3iwM1VGJ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Site-Link,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Intellimirror-SCP,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: intellimirrorSCP
+adminDisplayName: Intellimirror-SCP
+adminDescription: Intellimirror-SCP
+governsId: 1.2.840.113556.1.5.151
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.5.94
+systemMayContain: 1.2.840.113556.1.4.858
+systemMayContain: 1.2.840.113556.1.4.860
+systemMayContain: 1.2.840.113556.1.4.856
+systemMayContain: 1.2.840.113556.1.4.855
+systemMayContain: 1.2.840.113556.1.4.851
+systemMayContain: 1.2.840.113556.1.4.361
+systemMayContain: 1.2.840.113556.1.4.859
+systemMayContain: 1.2.840.113556.1.4.850
+systemMayContain: 1.2.840.113556.1.4.857
+systemMayContain: 1.2.840.113556.1.4.358
+systemMayContain: 1.2.840.113556.1.4.359
+systemMayContain: 1.2.840.113556.1.4.852
+systemMayContain: 1.2.840.113556.1.4.853
+systemMayContain: 1.2.840.113556.1.4.854
+systemMayContain: 1.2.840.113556.1.4.849
+systemPossSuperiors: 1.2.840.113556.1.3.30
+systemPossSuperiors: 1.2.840.113556.1.5.152
+schemaIdGuid:: hTA4B9+R0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Intellimirror-SCP,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTFRS-Subscriber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: nTFRSSubscriber
+adminDisplayName: NTFRS-Subscriber
+adminDescription: NTFRS-Subscriber
+governsId: 1.2.840.113556.1.5.155
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 1.2.840.113556.1.4.488
+systemMustContain: 1.2.840.113556.1.4.487
+systemMayContain: 1.2.840.113556.1.4.211
+systemMayContain: 1.2.840.113556.1.4.485
+systemMayContain: 1.2.840.113556.1.4.881
+systemMayContain: 1.2.840.113556.1.4.880
+systemMayContain: 1.2.840.113556.1.4.879
+systemMayContain: 1.2.840.113556.1.4.500
+systemMayContain: 1.2.840.113556.1.4.875
+systemMayContain: 1.2.840.113556.1.4.874
+systemMayContain: 1.2.840.113556.1.4.491
+systemMayContain: 1.2.840.113556.1.4.536
+systemPossSuperiors: 1.2.840.113556.1.5.154
+schemaIdGuid:: iCUTKnOT0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTFRS-Subscriber,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RRAS-Administration-Dictionary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: rRASAdministrationDictionary
+adminDisplayName: RRAS-Administration-Dictionary
+adminDescription: RRAS-Administration-Dictionary
+governsId: 1.2.840.113556.1.5.156
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.883
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: rpib842T0RGuvQAA+ANnwQ==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=RRAS-Administration-Dictionary,CN=Schema,CN=Configuration,DC=X
+
+
+# Syntax in two attributes got modified. USN-Source and
+# Transport-Address-Type. We don't propagate the changes.
+# We will delete both and add new attributes
+# to replace them.
+
+# Attribute and Class Modifications
+
+dn: CN=Object-Class,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: searchFlags
+searchFlags: 0
+-
+
+dn: CN=Surname,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=State-Or-Province-Name,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Street-Address,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Title,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Postal-Address,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Postal-Code,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Phone-Office-Other,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Post-Office-Box,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Physical-Delivery-Office-Name,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Phone-Home-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Telephone-Number,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Telex-Number,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Teletex-Terminal-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Facsimile-Telephone-Number,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=X121-Address,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=International-ISDN-Number,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Registered-Address,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Preferred-Delivery-Method,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Picture,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Phone-Mobile-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Phone-Pager-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Initials,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Voice-Mail-Password,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: spVX5FWU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Voice-Mail-Recorded-Name,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: spVX5FWU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Voice-Mail-Greetings,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: spVX5FWU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Voice-Mail-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: spVX5FWU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Voice-Mail-Volume,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: spVX5FWU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Voice-Mail-Speed,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: spVX5FWU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Voice-Mail-Recording-Length,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: spVX5FWU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Forwarding-Address,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: spVX5FWU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Personal-Title,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Address-Home,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Phone-Pager-Other,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Phone-Fax-Other,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Phone-Mobile-Other,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Telex-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Phone-ISDN-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Assistant,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+
+dn: CN=Categories,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: rangeLower
+rangeLower: 36
+-
+add: rangeUpper
+rangeUpper: 36
+-
+
+dn: CN=Creator,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: searchFlags
+searchFlags: 0
+-
+
+dn: CN=Phone-Ip-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Phone-Ip-Other,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=WWW-Page-Other,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: s5VX5FWU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Group-Type,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: searchFlags
+searchFlags: 1
+-
+add: systemFlags
+systemFlags: 2
+-
+
+dn: CN=User-Shared-Folder,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=User-Shared-Folder-Other,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Address,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Service-Principal-Name,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemFlags
+systemFlags: 2
+-
+
+dn: CN=Phone-Home-Other,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+
+dn: CN=AutoReply,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: spVX5FWU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=AutoReply-Message,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: spVX5FWU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Package-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: searchFlags
+searchFlags: 1
+-
+
+dn: CN=AutoReply-Subject,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: spVX5FWU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=WWW-Home-Page,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: s5VX5FWU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.890
+-
+
+dn: CN=Trusted-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.889
+-
+
+dn: CN=Inter-Site-Transport,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.789
+-
+add: systemMustContain
+systemMustContain: 1.2.840.113556.1.4.789
+-
+
+dn: CN=Group-Of-Names,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: objectClassCategory
+objectClassCategory: 2
+-
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.820
+systemMayContain: 1.2.840.113556.1.4.864
+systemMayContain: 1.2.840.113556.1.4.868
+systemMayContain: 1.2.840.113556.1.4.870
+systemMayContain: 1.2.840.113556.1.4.876
+-
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.290
+systemMayContain: 1.2.840.113556.1.2.291
+systemMayContain: 1.2.840.113556.1.2.292
+systemMayContain: 1.2.840.113556.1.2.293
+systemMayContain: 1.2.840.113556.1.2.339
+systemMayContain: 1.2.840.113556.1.2.340
+systemMayContain: 1.2.840.113556.1.2.341
+systemMayContain: 1.2.840.113556.1.2.342
+systemMayContain: 1.2.840.113556.1.2.469
+-
+
+dn: CN=Sam-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.865
+systemMayContain: 1.2.840.113556.1.4.866
+-
+
+dn: CN=Domain,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: defaultObjectCategory
+defaultObjectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,DC=X
+-
+
+dn: CN=Security-Principal,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.867
+-
+
+dn: CN=ACS-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: defaultHidingValue
+defaultHidingValue: TRUE
+-
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.765
+-
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.885
+systemMayContain: 1.2.840.113556.1.4.771
+-
+
+dn: CN=ACS-Subnet,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: defaultHidingValue
+defaultHidingValue: TRUE
+-
+
+dn: CN=Class-Registration,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.252
+-
+
+dn: CN=Inter-Site-Transport-Container,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemPossSuperiors
+systemPossSuperiors: 1.2.840.113556.1.5.107
+-
+delete: systemPossSuperiors
+systemPossSuperiors: 1.2.840.113556.1.5.142
+-
+
+dn: CN=Inter-Site-Transport,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+delete: systemMustContain
+systemMustContain: 1.2.840.113556.1.4.790
+-
+
+dn: CN=Certification-Authority,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.619
+systemMayContain: 1.2.840.113556.1.4.823
+systemMayContain: 1.2.840.113556.1.4.824
+systemMayContain: 1.2.840.113556.1.4.825
+-
+
+dn: CN=Server,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.619
+systemMayContain: 1.2.840.113556.1.4.786
+systemMayContain: 1.2.840.113556.1.4.819
+-
+
+dn: CN=Print-Queue,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.631
+-
+
+dn: CN=Remote-Mail-Recipient,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: defaultHidingValue
+defaultHidingValue: TRUE
+-
+
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.619
+-
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.360
+systemMayContain: 1.2.840.113556.1.4.486
+-
+
+dn: CN=Storage,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: defaultHidingValue
+defaultHidingValue: TRUE
+-
+
+dn: CN=Class-Store,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.848
+-
+add: systemPossSuperiors
+systemPossSuperiors: 1.2.840.113556.1.5.18
+-
+
+dn: CN=Mail-Recipient,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.47
+systemMayContain: 1.2.840.113556.1.2.129
+systemMayContain: 1.2.840.113556.1.2.144
+systemMayContain: 1.2.840.113556.1.2.221
+-
+
+dn: CN=NTDS-DSA,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.786
+systemMayContain: 0.9.2342.19200300.100.1.3
+-
+
+dn: CN=Package-Registration,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.20
+systemMayContain: 1.2.840.113556.1.4.813
+systemMayContain: 1.2.840.113556.1.4.814
+systemMayContain: 1.2.840.113556.1.4.815
+systemMayContain: 1.2.840.113556.1.4.816
+systemMayContain: 1.2.840.113556.1.4.818
+systemMayContain: 1.2.840.113556.1.4.845
+systemMayContain: 1.2.840.113556.1.4.846
+systemMayContain: 1.2.840.113556.1.4.847
+-
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.17
+-
+
+dn: CN=NTDS-Site-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.607
+-
+
+dn: CN=NTDS-Connection,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.791
+-
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.785
+-
+add: systemPossSuperiors
+systemPossSuperiors: 1.2.840.113556.1.5.153
+-
+
+dn: CN=Category-Registration,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.817
+-
+
+dn: CN=Display-Specifier,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.806
+systemMayContain: 1.2.840.113556.1.4.810
+systemMayContain: 1.2.840.113556.1.4.812
+-
+
+dn: CN=NTFRS-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.653
+-
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.459
+systemMayContain: 1.2.840.113556.1.4.211
+systemMayContain: 1.2.840.113556.1.4.486
+systemMayContain: 1.2.840.113556.1.4.487
+systemMayContain: 1.2.840.113556.1.4.488
+systemMayContain: 1.2.840.113556.1.4.489
+systemMayContain: 1.2.840.113556.1.4.490
+systemMayContain: 1.2.840.113556.1.4.491
+systemMayContain: 1.2.840.113556.1.4.500
+systemMayContain: 1.2.840.113556.1.4.535
+systemMayContain: 1.2.840.113556.1.4.564
+-
+delete: systemMustContain
+systemMustContain: 1.2.840.113556.1.4.43
+-
+add: systemPossSuperiors
+systemPossSuperiors: 2.5.6.4
+systemPossSuperiors: 2.5.6.5
+systemPossSuperiors: 1.2.840.113556.1.3.23
+-
+delete: systemPossSuperiors
+systemPossSuperiors: 1.2.840.113556.1.5.17
+-
+
+dn: CN=NTFRS-Replica-Set,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.43
+systemMayContain: 1.2.840.113556.1.4.31
+systemMayContain: 1.2.840.113556.1.4.653
+systemMayContain: 1.2.840.113556.1.4.874
+systemMayContain: 1.2.840.113556.1.4.877
+systemMayContain: 1.2.840.113556.1.4.878
+-
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.459
+systemMayContain: 1.2.840.113556.1.4.485
+systemMayContain: 1.2.840.113556.1.4.486
+systemMayContain: 1.2.840.113556.1.4.487
+systemMayContain: 1.2.840.113556.1.4.488
+systemMayContain: 1.2.840.113556.1.4.489
+systemMayContain: 1.2.840.113556.1.4.491
+systemMayContain: 1.2.840.113556.1.4.564
+-
+
+dn: CN=Query-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.844
+systemMayContain: 1.2.840.113556.1.4.843
+-
+delete: systemMustContain
+systemMustContain: 1.2.840.113556.1.4.604
+systemMustContain: 1.2.840.113556.1.4.603
+systemMustContain: 1.2.840.113556.1.4.602
+systemMustContain: 1.2.840.113556.1.4.599
+systemMustContain: 1.2.840.113556.1.4.601
+systemMustContain: 1.2.840.113556.1.4.600
+-
+
+dn: CN=Ipsec-Negotiation-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.887
+systemMayContain: 1.2.840.113556.1.4.888
+-
+
+dn: CN=Address-Book-Container,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.886
+-
+add: systemMustContain
+systemMustContain: 1.2.840.113556.1.2.13
+-
+
+dn: CN=Service-Connection-Point,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.658
+-
+
+# Attribute and Class deletes
+
+# First delete some objects in Config NC before deleting their classes
+
+dn: CN=RPC,CN=Inter-Site Transports,CN=Site Connectors,CN=sites,CN=configuration,DC=X
+changetype: delete
+
+dn: CN=Inter-Site Transports,CN=Site Connectors,CN=sites,CN=configuration,DC=X
+changetype: delete
+
+dn: CN=Site Connectors,CN=sites,CN=configuration,DC=X
+changetype: delete
+
+
+
+dn: CN=RAS-X400-Link,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Information-Store-Cfg,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=MHS-Link-Monitoring-Config,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=LocalGroup,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Exchange-Admin-Service,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Eicon-X25-X400-Link,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=X400-Link,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Protocol-Cfg-POP,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DX-Requestor,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Protocol-Cfg-LDAP-Site,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Protocol-Cfg-LDAP-Server,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=COM-Interface,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Mailbox-Agent,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Eicon-X25-Stack,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Directory-Cfg,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=NNTP-Newsfeed,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=RAS-Stack,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Site-Connector,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Encryption-Cfg,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=View-Container,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=DXA-Site-Server,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=Application-Registration,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Protocol-Cfg-IMAP,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=MHS-Server-Monitoring-Config,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Site-Addressing,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Admin-Extension,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Protocol-Cfg-HTTP,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=MHS-Public-Store,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Add-In,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Transport-Stack,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Protocol-Cfg-NNTP,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Protocol-Cfg-LDAP,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=MHS-Message-Store,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Protocol-Cfg,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Protocol-Cfg-Shared-Site,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=MTA-Cfg,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=MHS-Monitoring-Config,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Mail-Gateway,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Distribution-List,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Protocol-Cfg-Shared-Server,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Local-DXA,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=NTFRS-Site-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=MTA,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Addr-Type,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=View-Root,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Remote-DXA,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Protocol-Cfg-Shared,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=ADMD,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=PRMD,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Run-As,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Req-Seq,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=To-Site,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Runs-On,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Encrypt,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=COM-App-Id,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=App-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Form-Data,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=INSAdmin,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=N-Address,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Send-TNEF,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Line-Wrap,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Auth-Orig,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=From-Site,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Types,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Inbound-DN,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=View-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Imp-Seq,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=DXA-Req-Seq,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Assistant-Name,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=P-Selector,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Rid-Server,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=S-Selector,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=T-Selector,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=HTTP-Pub-PF,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=OWA-Server,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Svr-Seq,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=Domain-Name,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-ReqName,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Conf-Seq,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Auth-Orig-BL,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=COM-PS-CLSID,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Netboot-NIC,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=HTTP-Pub-GAL,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=RAS-Account,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Remote-Site,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Port-Number,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Require-SSL,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Target-MTAs,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Trust-Level,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=Can-Create-PF,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Log-Filename,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Contact-Name,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Inbound-Host,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Password,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=RAS-Password,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Content-Type,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Routing-List,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=HTTP-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=COM-Package-Id,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=MTA-Local-Cred,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Group-By-Attr-1,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Group-By-Attr-2,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Group-By-Attr-3,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Group-By-Attr-4,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Character-Set,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Delegate-User,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DL-Member-Rule,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Admin-Copy,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=Do-OAB-Version,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=COM-Unique-IID,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Computer-Name,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Newsfeed-Type,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Monitor-Clock,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=N-Address-Type,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Inbound-Sites,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Referral-List,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Imp-Seq-USN,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Employee-Type,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Req-Seq-USN,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Role-Occupant,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Site-Affinity,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Unauth-Orig-BL,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Import-Now,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=USN-Intersite,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Outbound-Host,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Export-Now,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Svr-Seq-USN,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=LDAP-Search-Cfg,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Can-Create-PF-BL,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Can-Create-PF-DL,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Local-Admin,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=MTA-Local-Desig,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Imp-Seq-Time,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Req-Seq-Time,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Conf-Seq-USN,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=DXA-Svr-Seq-Time,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Property-Pages,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Outbound-Sites,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Use-Site-Values,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Newsgroup-List,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Report-To-Owner,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=RTS-Window-Size,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Unauth-Orig,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Admin-Update,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Domain-Replicas,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Can-Not-Create-PF,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Append-ReqCN,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Recipient-CP,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=MDB-Unread-Limit,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Off-Line-AB-Style,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=DXA-Conf-Req-Time,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Can-Preserve-DNs,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Employee-Number,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Connection-Type,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=RAS-Phone-Number,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=Authorized-User,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Site-Folder-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Site-Proxy-Space,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=SMIME-Alg-List-NA,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Local-Bridge-Head,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=Monitor-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=View-Definition,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Trans-Retry-Mins,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Can-Create-PF-DL-BL,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=DXA-Logging-Level,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Off-Line-AB-Server,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Inbound-Newsfeed,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Maximum-Object-ID,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=House-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Remote-Client,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=HTTP-Pub-GAL-Limit,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Anonymous-Access,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Import-Container,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Monitor-Services,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Supporting-Stack,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Control-Msg-Rules,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Remote-Bridge-Head,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Send-EMail-Message,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Inbound-Accept-All,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Can-Not-Create-PF-BL,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Can-Not-Create-PF-DL,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Connected-Domains,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Gateway-Local-Cred,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Clock-Alert-Repair,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Clock-Alert-Offset,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-In-Template-Map,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=Folders-Container,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DL-Mem-Reject-Perms,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Character-Set-List,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Expand-DLs-Locally,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Authorized-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Local-Initial-Turn,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Home-Public-Server,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Encrypt-Alg-List-NA,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Incoming-Password,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DL-Mem-Submit-Perms,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Outbound-Newsfeed,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=P-Selector-Inbound,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Anonymous-Account,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Num-Of-Open-Retries,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Export-Containers,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Monitored-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Replica-Set-Server,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Service-Realm-Name,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Aliased-Object-Name,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Site-Folder-Server,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=S-Selector-Inbound,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Outbound-Host-Type,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Off-Line-AB-Schedule,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Trans-Timeout-Mins,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=T-Selector-Inbound,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=RAS-Callback-Number,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=X25-Leased-Line-Port,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=X25-Remote-MTA-Phone,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=X400-Attachment-Type,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Bridgehead-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Gateway-Local-Desig,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=GWART-Last-Modified,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=X400-Selector-Syntax,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Admin-Extension-DLL,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=List-Public-Folders,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Lockout-Disconnect,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Display-Name-Suffix,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Certificate-Chain-V3,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Out-Template-Map,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=SMIME-Alg-List-Other,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Space-Last-Computed,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=Over-Site-Connector,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=RAS-Remote-SRVR-Name,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=RTS-Checkpoint-Size,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Proxy-Generator-DLL,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Remote-Out-BH-Server,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Open-Retry-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=XMIT-Timeout-Normal,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=NNTP-Distributions,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=XMIT-Timeout-Urgent,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=MDB-Backoff-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Import-Sensitivity,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=SMIME-Alg-Selected-NA,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Can-Not-Create-PF-DL-BL,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Enabled-Protocol-Cfg,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DL-Mem-Reject-Perms-BL,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Clock-Warning-Repair,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Replication-Stagger,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Clock-Warning-Offset,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=X25-Leased-or-Switched,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Exchange-Options,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=Control-Msg-Folder-ID,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Service-Action-Other,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Service-Action-First,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DL-Mem-Submit-Perms-BL,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Temp-Assoc-Threshold,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Template-Options,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Gateway-Routing-Tree,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Authorized-Password,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Group-By-Attr-Value-DN,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Return-Exact-Msg-Size,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Client-Access-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Report-To-Originator,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=RTS-Recovery-Timeout,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Off-Line-AB-Containers,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Enable-Compatibility,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Association-Lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Service-Action-Second,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Cross-Certificate-CRL,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Responsible-Local-DXA,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Encapsulation-Method,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Inbound-Newsfeed-Type,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=MDB-Msg-Time-Out-Period,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Service-Restart-Delay,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=Authentication-To-Use,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=HTTP-Pub-AB-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Encrypt-Alg-List-Other,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Group-By-Attr-Value-Str,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Hide-DL-Membership,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Filter-Local-Addresses,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Encrypt-Alg-Selected-NA,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Default-Message-Format,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=DXA-Conf-Container-List,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Translation-Table-Used,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Disabled-Gateway-Proxy,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Native-Address-Type,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Template-TimeStamp,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Monitoring-Alert-Delay,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Replication-Boot-State,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Connection-List-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Assoc-Protocol-Cfg-NNTP,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Monitoring-Recipients,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Prev-Remote-Entries,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Num-Of-Transfer-Retries,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=CA-Exchange-Certificate,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Outgoing-Msg-Size-Limit,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Monitoring-Alert-Units,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=OOF-Reply-To-Originator,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Disable-Deferred-Commit,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Turn-Request-Threshold,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=XMIT-Timeout-Non-Urgent,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=SMIME-Alg-Selected-Other,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Service-Restart-Message,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=COM-Auto-Convert-Class-Id,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=RAS-Phonebook-Entry-Name,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=NNTP-Distributions-Flag,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Local-Bridge-Head-Address,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Transfer-Timeout-Normal,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Transfer-Retry-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Transfer-Timeout-Urgent,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Message-Tracking-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=CA-Signature-Certificate,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Bidirectional-Connector,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=X25-Call-User-Data-Incoming,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Available-Distributions,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=Replication-Mail-Msg-Size,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=X25-Call-User-Data-Outgoing,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Transport-Expedited-Data,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-UnConf-Container-List,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Prev-Exchange-Options,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Monitoring-Warning-Delay,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Session-Disconnect-Timer,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Prev-Template-Options,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Quota-Notification-Style,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Root-Newsgroups-Folder-ID,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Monitoring-Warning-Units,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Remote-Bridge-Head-Address,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Export-Custom-Recipients,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Support-SMIME-Signatures,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Encrypt-Alg-Selected-Other,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Container-Administrators,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Monitoring-Recipients-NDR,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Two-Way-Alternate-Facility,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Preserve-Internet-Content,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=DXA-Prev-Export-Native-Only,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=X25-Facilities-Data-Incoming,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=X25-Facilities-Data-Outgoing,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Default-Intra-Site-Schedule,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Default-Inter-Site-Schedule,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=Connection-List-Filter-Type,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Transfer-Timeout-Non-Urgent,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=Quota-Notification-Schedule,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=CA-Exchange-Certificate-Chain,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Authorized-Password-Confirm,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Monitoring-Normal-Poll-Units,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=CA-Signature-Certificate-Chain,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Certificate-Revocation-List-V1,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Certificate-Revocation-List-V3,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Monitoring-Hotsite-Poll-Units,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Enabled-Authorization-Packages,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Prev-In-Exchange-Sensitivity,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Monitoring-Normal-Poll-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Monitoring-Escalation-Procedure,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Prev-Replication-Sensitivity,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Monitoring-Hotsite-Poll-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Available-Authorization-Packages,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+# Changes for earlier schemas
+
+dn: CN=Application-Entity,CN=schema,CN=configuration,DC=X
+changetype: modify
+delete: systemMustContain
+systemMustContain: presentationAddress
+-
+
+dn: CN=DMD,CN=schema,CN=configuration,DC=X
+changetype: modify
+delete: systemMayContain
+systemMayContain: foreignDSAs
+-
+
+dn: CN=NTDS-DSA,CN=schema,CN=configuration,DC=X
+changetype: modify
+delete: systemMayContain
+systemMayContain: presentationAddress
+-
+
+dn: CN=Top,CN=schema,CN=configuration,DC=X
+changetype: modify
+delete: systemMayContain
+systemMayContain: masterDSA
+-
+
+
+dn: CN=Foreign-DSAs,CN=schema,CN=configuration,dc=X
+changetype: delete
+
+
+dn: CN=Presentation-Address,CN=schema,CN=configuration,dc=X
+changetype: delete
+
+dn: CN=Ref-Full-Replicas,CN=schema,CN=configuration,dc=X
+changetype: delete
+
+dn: CN=Ref-Master-DSA,CN=schema,CN=configuration,dc=X
+changetype: delete
+
+# End of changes for earlier schemas
+
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+# Config NC changes
+
+# Extended rights
+
+dn: CN=Open-Address-Book,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: add
+objectClass: controlAccessRight
+hideFromAB: TRUE
+appliesTo: 3e74f60f-3e73-11d1-a9c0-0000f80367c1
+displayName: Open Address Book
+rightsGuid: a1990816-4298-11d1-ade2-00c04fd8d5cd
+
+dn: CN=Personal-Information,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: add
+objectClass: controlAccessRight
+hideFromAB: TRUE
+appliesTo: bf967aba-0de6-11d0-a285-00aa003049e2
+displayName: Modify Personal Information
+rightsGuid: 77B5B886-944A-11d1-AEBD-0000F80367C1
+
+dn: CN=Email-Information,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: add
+objectClass: controlAccessRight
+hideFromAB: TRUE
+appliesTo: bf967aba-0de6-11d0-a285-00aa003049e2
+displayName: Modify Email Information
+rightsGuid: E45795B2-9455-11d1-AEBD-0000F80367C1
+
+dn: CN=Web-Information,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: add
+objectClass: controlAccessRight
+hideFromAB: TRUE
+appliesTo: bf967aba-0de6-11d0-a285-00aa003049e2
+displayName: Modify Web Information
+rightsGuid: E45795B3-9455-11d1-AEBD-0000F80367C1
+
+
+# Display-Specifiers
+
+dn: CN=localGroup-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=nTFRSSettings-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: add
+objectClass: displaySpecifier
+hideFromAB: TRUE
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminContextmenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+classDisplayName: NTFRS Settings
+
+dn: CN=nTFRSReplicaSet-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: add
+objectClass: displaySpecifier
+hideFromAB: TRUE
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+classDisplayName: NTFRS Replica Set
+
+dn: CN=mSFTFRS-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: add
+objectClass: displaySpecifier
+hideFromAB: TRUE
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+classDisplayName: Microsoft FRS
+
+
+dn: CN=user-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+add: treatAsLeaf
+treatAsLeaf: TRUE
+-
+delete: adminPropertyPages
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+-
+add: adminPropertyPages
+adminPropertyPages: 5,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 6,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 7,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+-
+delete: attributeDisplayNames
+attributeDisplayNames: comment,Comment
+attributeDisplayNames: company,Company
+attributeDisplayNames: distinguishedName,X500 DN
+attributeDisplayNames: facsimileTelephoneNumber, Facsimile Telephone Numbers
+attributeDisplayNames: generationQualifier, Generation Qualifier
+attributeDisplayNames: internationalISDNNumber, International ISDN Number
+attributeDisplayNames: mobile,Cellular Phone Number
+attributeDisplayNames: personalTitle,Personal Title
+attributeDisplayNames: physicalDeliveryOfficeName,Delivery Office
+attributeDisplayNames: postalCode,ZIP Code
+attributeDisplayNames: primaryGroupID,Primary Group SID
+attributeDisplayNames: streetAddress,Address
+attributeDisplayNames: telephoneNumber,Telephone Number
+attributeDisplayNames: title,Title
+attributeDisplayNames: url,Web Page Address
+attributeDisplayNames: userAccountControl,User Account Control Flags
+-
+add: attributeDisplayNames
+attributeDisplayNames: assistant,Assistant
+attributeDisplayNames: comment,User Account Comment
+attributeDisplayNames: co,Company
+attributeDisplayNames: distinguishedName,X500 Distinguished Name
+attributeDisplayNames: facsimileTelephoneNumber,Facsimile Telephone Number
+attributeDisplayNames: generationQualifier,Name Suffix
+attributeDisplayNames: internationalISDNNumber, International ISDN Number (Others)
+attributeDisplayNames: ipPhone,IP Phone Number
+attributeDisplayNames: mobile,Primary Mobile Phone Number
+attributeDisplayNames: otherFacsimileTelephoneNumber,Facsimile Telephone Number (Others)
+attributeDisplayNames: otherHomePhone,Home Phone (Others)
+attributeDisplayNames: otherIpPhone,IP Phone Number (Others)
+attributeDisplayNames: otherMailbox,E-Mail Address (Others)
+attributeDisplayNames: otherMobile,Mobile Phone Number (Others)
+attributeDisplayNames: otherPager,Pager Number (Others)
+attributeDisplayNames: otherTelephone,Office Telephone Number (Others)
+attributeDisplayNames: personalTitle,Title
+attributeDisplayNames: physicalDeliveryOfficeName,Office Location
+attributeDisplayNames: postalCode,ZIP/Postal Code
+attributeDisplayNames: primaryInternationalISDNNumber,International ISDN Number
+attributeDisplayNames: primaryTelexNumber,Telex Number
+attributeDisplayNames: streetAddress,Other Address
+attributeDisplayNames: telephoneNumber,Primary Phone
+attributeDisplayNames: telexNumber,Telex Number (Others)
+attributeDisplayNames: url,Web Page Address (Others)
+attributeDisplayNames: userPrincipalName,Logon Name
+attributeDisplayNames: wWWHomePage,Web Page Address
+-
+
+dn: CN=group-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+delete: attributeDisplayNames
+attributeDisplayNames: desctription,Description
+attributeDisplayNames: contactName,Contact Name
+attributeDisplayNames: distinguishedName,X500 DN
+attributeDisplayNames: groupAttributes,Group Attribute Flags
+-
+add: attributeDisplayNames
+attributeDisplayNames: description,Description
+attributeDisplayNames: distinguishedName,X500 Distinguished Name
+attributeDisplayNames: managedBy,Managed By
+-
+
+dn: CN=domainDNS-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+delete: classDisplayName
+classDisplayName: Domain (DNS)
+-
+add: classDisplayName
+classDisplayName: Domain
+-
+add: attributeDisplayNames
+attributeDisplayNames: cn,Name
+attributeDisplayNames: description,Description
+-
+
+dn: CN=contact-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+add: attributeDisplayNames
+attributeDisplayNames: assistant,Assistant
+attributeDisplayNames: cn,Name
+attributeDisplayNames: comment,Comment
+attributeDisplayNames: co,Company
+attributeDisplayNames: department,Department
+attributeDisplayNames: description,Description
+attributeDisplayNames: directReports,Direct Reports
+attributeDisplayNames: distinguishedName,X500 Distinguished Name
+attributeDisplayNames: division,Division
+attributeDisplayNames: employeeID,Employee ID
+attributeDisplayNames: facsimileTelephoneNumber,Facsimile Telephone Number
+attributeDisplayNames: generationQualifier,Name Suffix
+attributeDisplayNames: givenName,First Name
+attributeDisplayNames: homePhone,Home Phone
+attributeDisplayNames: homePostalAddress,Home Address
+attributeDisplayNames: info,Notes
+attributeDisplayNames: initials,Initials
+attributeDisplayNames: internationalISDNNumber,International ISDN Number (Others)
+attributeDisplayNames: ipPhone,IP Phone Number
+attributeDisplayNames: l,City
+attributeDisplayNames: mail,E-Mail Address
+attributeDisplayNames: manager,Manager
+attributeDisplayNames: memberOf,Group Membership
+attributeDisplayNames: middleName,Middle Name
+attributeDisplayNames: mobile,Primary Mobile Phone Number
+attributeDisplayNames: otherHomePhone,Home Phone Number (Others)
+attributeDisplayNames: otherIpPhone,IP Phone Number (Others)
+attributeDisplayNames: otherMailbox,E-Mail Address (Others)
+attributeDisplayNames: otherMobile,Mobile Phone Number (Others)
+attributeDisplayNames: otherPager,Pager Number (Others)
+attributeDisplayNames: otherTelephone,Telephone Number (Others)
+attributeDisplayNames: personalTitle,Personal Title
+attributeDisplayNames: physicalDeliveryOfficeName,Office Location
+attributeDisplayNames: postalCode,ZIP/Postal Code
+attributeDisplayNames: postOfficeBox,Post Office Box
+attributeDisplayNames: primaryInternationalISDNNumber,International ISDN Number
+attributeDisplayNames: primaryTelexNumber,Telex Number
+attributeDisplayNames: sn,Last Name
+attributeDisplayNames: st,State
+attributeDisplayNames: streetAddress,Other Address
+attributeDisplayNames: telephoneNumber,Primary Phone
+attributeDisplayNames: telexNumber,Telex Number (Others)
+attributeDisplayNames: url,Web Page Address (Others)
+attributeDisplayNames: wWWHomePage,Web Page Address
+-
+
+dn: CN=domainPolicy-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+delete: adminPropertyPages
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+-
+add: adminPropertyPages
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+-
+
+dn: CN=serviceAdministrationPoint-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+delete: classDisplayName
+classDisplayName: Service Administration Point
+-
+add: classDisplayName
+classDisplayName: Service
+-
+
+dn: CN=computer-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+add: attributeDisplayNames
+attributeDisplayNames: cn,Name
+attributeDisplayNames: description,Description
+attributeDisplayNames: operatingSystem,Operating System
+attributeDisplayNames: operatingSystemVersion,Operating System Version
+attributeDisplayNames: type,Type
+-
+
+dn: CN=printQueue-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+add: attributeDisplayNames
+attributeDisplayNames: cn,Directory Service Name
+attributeDisplayNames: uNCName,Network Name
+attributeDisplayNames: assetNumber,Asset Number
+attributeDisplayNames: bytesPerMinute,Bytes per Minute
+attributeDisplayNames: contactName,Contact
+attributeDisplayNames: description,Comment
+attributeDisplayNames: driverName,Model
+attributeDisplayNames: driverVersion,Driver Version
+attributeDisplayNames: location,Location
+attributeDisplayNames: portName,Port
+attributeDisplayNames: printBinNames,Input Trays
+attributeDisplayNames: printCollate,Supports Collation
+attributeDisplayNames: printColor,Supports Color Printing
+attributeDisplayNames: printDuplexSupported,Supports Double-sided Printing
+attributeDisplayNames: printerName,Name
+attributeDisplayNames: printFormName,Form Name
+attributeDisplayNames: printLanguage,Data Format
+attributeDisplayNames: printMACAddress,Physical Network Address
+attributeDisplayNames: printMaxCopies,Maximum Number of Copies
+attributeDisplayNames: printMaxResolutionSupported,Maximum Resolution
+attributeDisplayNames: printMaxXExtent,Maximum Printable Width
+attributeDisplayNames: printMaxYExtent,Maximum Printable Height
+attributeDisplayNames: printMediaReady,Paper Available
+attributeDisplayNames: printMediaSupported,Paper Types Supported
+attributeDisplayNames: printMemory,Installed Memory
+attributeDisplayNames: printMinXExtent,Minimum Printable Width
+attributeDisplayNames: printMinYExtent,Minimum Printable Height
+attributeDisplayNames: printNetworkAddress,Network Address
+attributeDisplayNames: printNumberUp,Supports N-Up Printing
+attributeDisplayNames: operatingSystem,Operating System
+attributeDisplayNames: operatingSystemVersion,Operating System Version
+attributeDisplayNames: printOrientationsSupported,Orientations Supported
+attributeDisplayNames: printOwner,Owner Name
+attributeDisplayNames: printRate,Speed
+attributeDisplayNames: printRateUnit,Speed Units
+attributeDisplayNames: printPagesPerMinute,Pages per Minute
+attributeDisplayNames: printShareName,Share Name
+attributeDisplayNames: printStaplingSupported,Supports Stapling
+attributeDisplayNames: printStatus,State
+attributeDisplayNames: priority,Print Job Priority
+attributeDisplayNames: serverName,Server Name
+attributeDisplayNames: url,Web Page Address
+attributeDisplayNames: versionNumber,Object Version
+attributeDisplayNames: whenChanged,Date Modified
+attributeDisplayNames: whenCreated,Date Created
+-
+
+dn: CN=organizationalUnit-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+add: attributeDisplayNames
+attributeDisplayNames: cn,Name
+attributeDisplayNames: description,Description
+-
+
+dn: CN=trustedDomain-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+add: attributeDisplayNames
+attributeDisplayNames: cn,Name
+attributeDisplayNames: description,Description
+-
+
+dn: CN=volume-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+add: attributeDisplayNames
+attributeDisplayNames: cn,Name
+attributeDisplayNames: description,Description
+attributeDisplayNames: uNCName,Network Path
+-
+delete: classDisplayName
+classDisplayName: Volume
+-
+add: classDisplayName
+classDisplayName: Shared Folder
+-
+
+dn: CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=X
+changetype: add
+objectClass: interSiteTransportContainer
+hideFromAB: TRUE
+
+dn: CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=X
+changetype: add
+objectClass: interSiteTransport
+transportDllName: ismip.dll
+hideFromAB: TRUE
+
+dn: CN=SMTP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=X
+changetype: add
+objectClass: interSiteTransport
+transportDllName: ismsmtp.dll
+hideFromAB: TRUE
+
+dn: CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=X
+changetype: add
+objectClass: queryPolicy
+lDAPAdminLimits: MaxConnections=1000
+lDAPAdminLimits: InitRecvTimeout=120
+lDAPAdminLimits: AllowDeepNonIndexSearch=False
+lDAPAdminLimits: MaxConnIdleTime=900
+lDAPAdminLimits: MaxActiveQueries=20
+lDAPAdminLimits: MaxNotificationPerConn=5
+lDAPAdminLimits: MaxPageSize=1000
+lDAPAdminLimits: MaxQueryDuration=120
+lDAPAdminLimits: MaxTempTableSize=10000
+lDAPAdminLimits: MaxResultSetSize=262144
+lDAPAdminLimits: MaxPoolThreads=4
+lDAPAdminLimits: MaxDatagramRecv=4096
+hideFromAB: TRUE
+
+# Used to decide if earlier changes are present,
+# so delete this last
+
+dn: CN=Master-DSA,CN=schema,CN=configuration,dc=X
+changetype: delete
+
+# Object-Version on schema container
+
+dn: CN=schema,CN=configuration,DC=X
+changetype: modify
+add: objectVersion
+objectVersion: 1
+-
+
+```
+
+### Sch00.ldf
+
+```
+
+dn: CN=container-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=default-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: delete
+
+```
+
+### Sch1.ldf
+
+```
+
+dn: CN=container-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: add
+objectClass: displaySpecifier
+hideFromAB: TRUE
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+classDisplayName: Container
+attributeDisplayNames: cn,Name
+attributeDisplayNames: description,Description
+
+dn: CN=default-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: add
+objectClass: displaySpecifier
+hideFromAB: TRUE
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+attributeDisplayNames: cn,Name
+attributeDisplayNames: description,Description
+
+
+# Attribute Adds
+
+dn: CN=Pek-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: pekList
+adminDisplayName: Pek-List
+adminDescription: Pek-List
+attributeId: 1.2.840.113556.1.4.865
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: gzA4B9+R0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+systemFlags: 1
+
+dn: CN=FRS-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: fRSFlags
+adminDisplayName: FRS-Flags
+adminDescription: FRS-Flags
+attributeId: 1.2.840.113556.1.4.874
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: fSUTKnOT0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=Site-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: siteList
+adminDisplayName: Site-List
+adminDescription: Site-List
+attributeId: 1.2.840.113556.1.4.821
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 3CwM1VGJ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=Msi-Script,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msiScript
+adminDisplayName: Msi-Script
+adminDescription: Msi-Script
+attributeId: 1.2.840.113556.1.4.814
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: E4Ph2TmJ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=FRS-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: fRSVersion
+adminDisplayName: FRS-Version
+adminDescription: FRS-Version
+attributeId: 1.2.840.113556.1.4.882
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32
+schemaIdGuid:: hSUTKnOT0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=Treat-As-Leaf,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: treatAsLeaf
+adminDisplayName: Treat-As-Leaf
+adminDescription: Treat-As-Leaf
+attributeId: 1.2.840.113556.1.4.806
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 40TQjx930RGurgAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=Product-Code,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: productCode
+adminDisplayName: Product-Code
+adminDescription: Product-Code
+attributeId: 1.2.840.113556.1.4.818
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 16
+schemaIdGuid:: F4Ph2TmJ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=DNS-Host-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: dNSHostName
+adminDisplayName: DNS-Host-Name
+adminDescription: DNS-Host-Name
+attributeId: 1.2.840.113556.1.4.619
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+schemaIdGuid:: R5Xjchh70RGt7wDAT9jVzQ==
+hideFromAB: TRUE
+
+
+dn: CN=Create-Dialog,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: createDialog
+adminDisplayName: Create-Dialog
+adminDescription: Create-Dialog
+attributeId: 1.2.840.113556.1.4.810
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: ipUJKzGJ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=netboot-SCP-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: netbootSCPBL
+adminDisplayName: netboot-SCP-BL
+adminDescription: netboot-SCP-BL
+attributeId: 1.2.840.113556.1.4.864
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: gjA4B9+R0RGuvAAA+ANnwQ==
+linkID: 101
+hideFromAB: TRUE
+systemFlags: 1
+
+dn: CN=Site-Link-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: siteLinkList
+adminDisplayName: Site-Link-List
+adminDescription: Site-Link-List
+attributeId: 1.2.840.113556.1.4.822
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 3SwM1VGJ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=netboot-Tools,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: netbootTools
+adminDisplayName: netboot-Tools
+adminDescription: netboot-Tools
+attributeId: 1.2.840.113556.1.4.858
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: fzA4B9+R0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+
+dn: CN=Msi-Script-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msiScriptName
+adminDisplayName: Msi-Script-Name
+adminDescription: Msi-Script-Name
+attributeId: 1.2.840.113556.1.4.845
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: Yt2nlhiR0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=netboot-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: netbootServer
+adminDisplayName: netboot-Server
+adminDescription: netboot-Server
+attributeId: 1.2.840.113556.1.4.860
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: gTA4B9+R0RGuvAAA+ANnwQ==
+linkID: 100
+hideFromAB: TRUE
+
+dn: CN=Msi-Script-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msiScriptSize
+adminDisplayName: Msi-Script-Size
+adminDescription: Msi-Script-Size
+attributeId: 1.2.840.113556.1.4.846
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: Y92nlhiR0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=LDAP-IPDeny-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: lDAPIPDenyList
+adminDisplayName: LDAP-IPDeny-List
+adminDescription: LDAP-IPDeny-List
+attributeId: 1.2.840.113556.1.4.844
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: U6NZc/eQ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=Install-Ui-Level,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: installUiLevel
+adminDisplayName: Install-Ui-Level
+adminDescription: Install-Ui-Level
+attributeId: 1.2.840.113556.1.4.847
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: ZN2nlhiR0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=Terminal-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: terminalServer
+adminDisplayName: Terminal-Server
+adminDescription: Terminal-Server
+attributeId: 1.2.840.113556.1.4.885
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: HJq2bSKU0RGuvQAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=LDAP-Admin-Limits,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: lDAPAdminLimits
+adminDisplayName: LDAP-Admin-Limits
+adminDescription: LDAP-Admin-Limits
+attributeId: 1.2.840.113556.1.4.843
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: UqNZc/eQ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=Create-Wizard-Ext,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: createWizardExt
+adminDisplayName: Create-Wizard-Ext
+adminDescription: Create-Wizard-Ext
+attributeId: 1.2.840.113556.1.4.812
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: i5UJKzGJ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=Purported-Search,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: purportedSearch
+adminDisplayName: Purported-Search
+adminDescription: Purported-Search
+attributeId: 1.2.840.113556.1.4.886
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+schemaIdGuid:: UE61tDqU0RGuvQAA+ANnwQ==
+hideFromAB: TRUE
+
+
+dn: CN=ms-RRAS-Attribute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRRASAttribute
+adminDisplayName: ms-RRAS-Attribute
+adminDescription: ms-RRAS-Attribute
+attributeId: 1.2.840.113556.1.4.884
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: rZib842T0RGuvQAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=File-Ext-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: fileExtPriority
+adminDisplayName: File-Ext-Priority
+adminDescription: File-Ext-Priority
+attributeId: 1.2.840.113556.1.4.816
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 1
+schemaIdGuid:: FYPh2TmJ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+
+dn: CN=Can-Upgrade-Script,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: canUpgradeScript
+adminDisplayName: Can-Upgrade-Script
+adminDescription: Can-Upgrade-Script
+attributeId: 1.2.840.113556.1.4.815
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: FIPh2TmJ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=App-Schema-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: appSchemaVersion
+adminDisplayName: App-Schema-Version
+adminDescription: App-Schema-Version
+attributeId: 1.2.840.113556.1.4.848
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: Zd2nlhiR0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=FRS-Primary-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: fRSPrimaryMember
+adminDisplayName: FRS-Primary-Member
+adminDescription: FRS-Primary-Member
+attributeId: 1.2.840.113556.1.4.878
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+linkId: 106
+schemaIdGuid:: gSUTKnOT0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+
+dn: CN=Remote-Storage-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: remoteStorageGUID
+adminDisplayName: Remote-Storage-GUID
+adminDescription: Remote-Storage-GUID
+attributeId: 1.2.840.113556.1.4.809
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: sMU5KmCJ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+
+dn: CN=netboot-Max-Clients,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: netbootMaxClients
+adminDisplayName: netboot-Max-Clients
+adminDescription: netboot-Max-Clients
+attributeId: 1.2.840.113556.1.4.851
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: eDA4B9+R0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+
+dn: CN=FRS-Member-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: fRSMemberReference
+adminDisplayName: FRS-Member-Reference
+adminDescription: FRS-Member-Reference
+attributeId: 1.2.840.113556.1.4.875
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: fiUTKnOT0RGuvAAA+ANnwQ==
+linkID: 104
+hideFromAB: TRUE
+systemFlags: 2
+
+dn: CN=Upgrade-Product-Code,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: upgradeProductCode
+adminDisplayName: Upgrade-Product-Code
+adminDescription: Upgrade-Product-Code
+attributeId: 1.2.840.113556.1.4.813
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 16
+schemaIdGuid:: EoPh2TmJ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=FRS-Time-Last-Command,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: fRSTimeLastCommand
+adminDisplayName: FRS-Time-Last-Command
+adminDescription: FRS-Time-Last-Command
+attributeId: 1.2.840.113556.1.4.880
+attributeSyntax: 2.5.5.11
+omSyntax: 23
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: gyUTKnOT0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+
+dn: CN=netboot-New-Machine-OU,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: netbootNewMachineOU
+adminDisplayName: netboot-New-Machine-OU
+adminDescription: netboot-New-Machine-OU
+attributeId: 1.2.840.113556.1.4.856
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: fTA4B9+R0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=netboot-Limit-Clients,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: netbootLimitClients
+adminDisplayName: netboot-Limit-Clients
+adminDescription: netboot-Limit-Clients
+attributeId: 1.2.840.113556.1.4.850
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: dzA4B9+R0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=Signature-Algorithms,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: signatureAlgorithms
+adminDisplayName: Signature-Algorithms
+adminDescription: Signature-Algorithms
+attributeId: 1.2.840.113556.1.4.824
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: ssU5KmCJ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=FRS-Partner-Auth-Level,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: fRSPartnerAuthLevel
+adminDisplayName: FRS-Partner-Auth-Level
+adminDescription: FRS-Partner-Auth-Level
+attributeId: 1.2.840.113556.1.4.877
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: gCUTKnOT0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=Enrollment-Providers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: enrollmentProviders
+adminDisplayName: Enrollment-Providers
+adminDescription: Enrollment-Providers
+attributeId: 1.2.840.113556.1.4.825
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: s8U5KmCJ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=FRS-Member-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: fRSMemberReferenceBL
+adminDisplayName: FRS-Member-Reference-BL
+adminDescription: FRS-Member-Reference-BL
+attributeId: 1.2.840.113556.1.4.876
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: fyUTKnOT0RGuvAAA+ANnwQ==
+linkID: 105
+hideFromAB: TRUE
+systemFlags: 1
+
+dn: CN=Certificate-Templates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: certificateTemplates
+adminDisplayName: Certificate-Templates
+adminDescription: Certificate-Templates
+attributeId: 1.2.840.113556.1.4.823
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: scU5KmCJ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=Pek-Key-Change-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: pekKeyChangeInterval
+adminDisplayName: Pek-Key-Change-Interval
+adminDescription: Pek-Key-Change-Interval
+attributeId: 1.2.840.113556.1.4.866
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: hDA4B9+R0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=Localized-Description,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: localizedDescription
+adminDisplayName: Localized-Description
+adminDescription: Localized-Description
+attributeId: 1.2.840.113556.1.4.817
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: FoPh2TmJ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=Frs-Computer-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: frsComputerReference
+adminDisplayName: Frs-Computer-Reference
+adminDescription: Frs-Computer-Reference
+attributeId: 1.2.840.113556.1.4.869
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: eCUTKnOT0RGuvAAA+ANnwQ==
+linkID: 102
+systemFlags: 2
+hideFromAB: TRUE
+
+dn: CN=Alt-Security-Identities,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: altSecurityIdentities
+adminDisplayName: Alt-Security-Identities
+adminDescription: Alt-Security-Identities
+attributeId: 1.2.840.113556.1.4.867
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 1
+schemaIdGuid:: DPP7AP6R0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=netboot-Answer-Requests,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: netbootAnswerRequests
+adminDisplayName: netboot-Answer-Requests
+adminDescription: netboot-Answer-Requests
+attributeId: 1.2.840.113556.1.4.853
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: ejA4B9+R0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=Bridgehead-Server-List-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: bridgeheadServerListBL
+adminDisplayName: Bridgehead-Server-List-BL
+adminDescription: Bridgehead-Server-List-BL
+attributeId: 1.2.840.113556.1.4.820
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 2ywM1VGJ0RGuvAAA+ANnwQ==
+linkID: 99
+hideFromAB: TRUE
+systemFlags: 1
+
+dn: CN=Frs-Computer-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: frsComputerReferenceBL
+adminDisplayName: Frs-Computer-Reference-BL
+adminDescription: Frs-Computer-Reference-BL
+attributeId: 1.2.840.113556.1.4.870
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: eSUTKnOT0RGuvAAA+ANnwQ==
+linkID: 103
+hideFromAB: TRUE
+systemFlags: 1
+
+dn: CN=FRS-Control-Data-Creation,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: fRSControlDataCreation
+adminDisplayName: FRS-Control-Data-Creation
+adminDescription: FRS-Control-Data-Creation
+attributeId: 1.2.840.113556.1.4.871
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32
+schemaIdGuid:: eiUTKnOT0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=Is-Critical-System-Object,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: isCriticalSystemObject
+adminDisplayName: Is-Critical-System-Object
+adminDescription: Is-Critical-System-Object
+attributeId: 1.2.840.113556.1.4.868
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+schemaIdGuid:: DfP7AP6R0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=netboot-Allow-New-Clients,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: netbootAllowNewClients
+adminDisplayName: netboot-Allow-New-Clients
+adminDescription: netboot-Allow-New-Clients
+attributeId: 1.2.840.113556.1.4.849
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: djA4B9+R0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=FRS-Time-Last-Config-Change,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: fRSTimeLastConfigChange
+adminDisplayName: FRS-Time-Last-Config-Change
+adminDescription: FRS-Time-Last-Config-Change
+attributeId: 1.2.840.113556.1.4.881
+attributeSyntax: 2.5.5.11
+omSyntax: 23
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: hCUTKnOT0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=Bridgehead-Transport-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: bridgeheadTransportList
+adminDisplayName: Bridgehead-Transport-List
+adminDescription: Bridgehead-Transport-List
+attributeId: 1.2.840.113556.1.4.819
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 2iwM1VGJ0RGuvAAA+ANnwQ==
+linkID: 98
+hideFromAB: TRUE
+
+dn: CN=FRS-Service-Command-Status,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: fRSServiceCommandStatus
+adminDisplayName: FRS-Service-Command-Status
+adminDescription: FRS-Service-Command-Status
+attributeId: 1.2.840.113556.1.4.879
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 512
+schemaIdGuid:: giUTKnOT0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=FRS-Control-Inbound-Backlog,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: fRSControlInboundBacklog
+adminDisplayName: FRS-Control-Inbound-Backlog
+adminDescription: FRS-Control-Inbound-Backlog
+attributeId: 1.2.840.113556.1.4.872
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32
+schemaIdGuid:: eyUTKnOT0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=netboot-IntelliMirror-OSes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: netbootIntelliMirrorOSes
+adminDisplayName: netboot-IntelliMirror-OSes
+adminDescription: netboot-IntelliMirror-OSes
+attributeId: 1.2.840.113556.1.4.857
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: fjA4B9+R0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=FRS-Control-Outbound-Backlog,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: fRSControlOutboundBacklog
+adminDisplayName: FRS-Control-Outbound-Backlog
+adminDescription: FRS-Control-Outbound-Backlog
+attributeId: 1.2.840.113556.1.4.873
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32
+schemaIdGuid:: fCUTKnOT0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=netboot-Current-Client-Count,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: netbootCurrentClientCount
+adminDisplayName: netboot-Current-Client-Count
+adminDescription: netboot-Current-Client-Count
+attributeId: 1.2.840.113556.1.4.852
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: eTA4B9+R0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=IPSEC-Negotiation-Policy-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: iPSECNegotiationPolicyType
+adminDisplayName: IPSEC-Negotiation-Policy-Type
+adminDescription: IPSEC-Negotiation-Policy-Type
+attributeId: 1.2.840.113556.1.4.887
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: dDA4B9+R0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=ms-RRAS-Vendor-Attribute-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRRASVendorAttributeEntry
+adminDisplayName: ms-RRAS-Vendor-Attribute-Entry
+adminDescription: ms-RRAS-Vendor-Attribute-Entry
+attributeId: 1.2.840.113556.1.4.883
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: rJib842T0RGuvQAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=netboot-Locally-Installed-OSes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: netbootLocallyInstalledOSes
+adminDisplayName: netboot-Locally-Installed-OSes
+adminDescription: netboot-Locally-Installed-OSes
+attributeId: 1.2.840.113556.1.4.859
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: gDA4B9+R0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=IPSEC-Negotiation-Policy-Action,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: iPSECNegotiationPolicyAction
+adminDisplayName: IPSEC-Negotiation-Policy-Action
+adminDescription: IPSEC-Negotiation-Policy-Action
+attributeId: 1.2.840.113556.1.4.888
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: dTA4B9+R0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=netboot-New-Machine-Naming-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: netbootNewMachineNamingPolicy
+adminDisplayName: netboot-New-Machine-Naming-Policy
+adminDescription: netboot-New-Machine-Naming-Policy
+attributeId: 1.2.840.113556.1.4.855
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: fDA4B9+R0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=netboot-Answer-Only-Valid-Clients,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: netbootAnswerOnlyValidClients
+adminDisplayName: netboot-Answer-Only-Valid-Clients
+adminDescription: netboot-Answer-Only-Valid-Clients
+attributeId: 1.2.840.113556.1.4.854
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: ezA4B9+R0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=UPN-Suffixes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+lDAPDisplayName: uPNSuffixes
+adminDescription: UPN-Suffixes
+adminDisplayName: UPN-Suffixes
+attributeID: 1.2.840.113556.1.4.890
+attributeSyntax: 2.5.5.12
+oMSyntax: 64
+isSingleValued: FALSE
+schemaIDGUID:: v2AhAySY0RGuwAAA+ANnwQ==
+searchFlags: 0
+systemOnly: FALSE
+hideFromAB: TRUE
+
+dn: CN=Additional-Trusted-Service-Names,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+lDAPDisplayName: additionalTrustedServiceNames
+adminDescription: Additional-Trusted-Service-Names
+adminDisplayName: Additional-Trusted-Service-Names
+attributeID: 1.2.840.113556.1.4.889
+attributeSyntax: 2.5.5.12
+oMSyntax: 64
+isSingleValued: FALSE
+schemaIDGUID:: vmAhAySY0RGuwAAA+ANnwQ==
+searchFlags: 0
+systemOnly: FALSE
+hideFromAB: TRUE
+
+
+# Change because OID got reused with different syntax.
+# We will delete Replica-Set-Type, and add FRS-Replica-Set-Type
+# with a new OID.
+
+dn: CN=NTFRS-Replica-Set,CN=schema,CN=configuration,DC=X
+changetype: modify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.30
+-
+
+dn: CN=Replica-Set-Type,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=FRS-Replica-Set-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: fRSReplicaSetType
+adminDisplayName: FRS-Replica-Set-Type
+adminDescription: FRS-Replica-Set-Type
+attributeId: 1.2.840.113556.1.4.31
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: a3PZJnBg0RGpxgAA+ANnwQ==
+hideFromAB: TRUE
+
+# End of change
+
+# Attribute Renames, plus some modifies in some cases
+
+dn: CN=Replication-DS-Poll,CN=schema,CN=configuration,DC=X
+changetype: modrdn
+newrdn: FRS-DS-Poll
+deleteoldrdn: 1
+
+dn: CN=FRS-DS-Poll,CN=schema,CN=configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: fRSDSPoll
+-
+replace: adminDisplayName
+adminDisplayName: FRS-DS-Poll
+-
+replace: adminDescription
+adminDescription: FRS-DS-Poll
+-
+
+
+dn: CN=Com-Unique-Cat-Id,CN=schema,CN=configuration,DC=X
+changetype: modrdn
+newrdn: Category-Id
+deleteoldrdn: 1
+
+dn: CN=Category-Id,CN=schema,CN=configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: categoryId
+-
+replace: adminDisplayName
+adminDisplayName: Category-Id
+-
+replace: adminDescription
+adminDescription: Category-Id
+-
+
+
+dn: CN=Replication-Root-Path,CN=schema,CN=configuration,DC=X
+changetype: modrdn
+newrdn: FRS-Root-Path
+deleteoldrdn: 1
+
+dn: CN=FRS-Root-Path,CN=schema,CN=configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: fRSRootPath
+-
+replace: adminDisplayName
+adminDisplayName: FRS-Root-Path
+-
+replace: adminDescription
+adminDescription: FRS-Root-Path
+-
+add: rangeLower
+rangeLower: 0
+-
+add: rangeUpper
+rangeUpper: 2048
+-
+
+
+dn: CN=Replication-File-Filter,CN=schema,CN=configuration,DC=X
+changetype: modrdn
+newrdn: FRS-File-Filter
+deleteoldrdn: 1
+
+dn: CN=FRS-File-Filter,CN=schema,CN=configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: fRSFileFilter
+-
+replace: adminDisplayName
+adminDisplayName: FRS-File-Filter
+-
+replace: adminDescription
+adminDescription: FRS-File-Filter
+-
+add: rangeLower
+rangeLower: 0
+-
+add: rangeUpper
+rangeUpper: 2048
+-
+
+
+dn: CN=Replication-Level-Limit,CN=schema,CN=configuration,DC=X
+changetype: modrdn
+newrdn: FRS-Level-Limit
+deleteoldrdn: 1
+
+dn: CN=FRS-Level-Limit,CN=schema,CN=configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: fRSLevelLimit
+-
+replace: adminDisplayName
+adminDisplayName: FRS-Level-Limit
+-
+replace: adminDescription
+adminDescription: FRS-Level-Limit
+-
+
+
+dn: CN=Replication-Extensions,CN=schema,CN=configuration,DC=X
+changetype: modrdn
+newrdn: FRS-Extensions
+deleteoldrdn: 1
+
+dn: CN=FRS-Extensions,CN=schema,CN=configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: fRSExtensions
+-
+replace: adminDisplayName
+adminDisplayName: FRS-Extensions
+-
+replace: adminDescription
+adminDescription: FRS-Extensions
+-
+add: rangeLower
+rangeLower: 0
+-
+add: rangeUpper
+rangeUpper: 65536
+-
+
+dn: CN=Replication-Staging-Path,CN=schema,CN=configuration,DC=X
+changetype: modrdn
+newrdn: FRS-Staging-Path
+deleteoldrdn: 1
+
+dn: CN=FRS-Staging-Path,CN=schema,CN=configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: fRSStagingPath
+-
+replace: adminDisplayName
+adminDisplayName: FRS-Staging-Path
+-
+replace: adminDescription
+adminDescription: FRS-Staging-Path
+-
+add: rangeLower
+rangeLower: 0
+-
+add: rangeUpper
+rangeUpper: 2048
+-
+
+
+dn: CN=Code-Package,CN=schema,CN=configuration,DC=X
+changetype: modrdn
+newrdn: Msi-Script-Path
+deleteoldrdn: 1
+
+dn: CN=Msi-Script-Path,CN=schema,CN=configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: msiScriptPath
+-
+replace: adminDisplayName
+adminDisplayName: Msi-Script-Path
+-
+replace: adminDescription
+adminDescription: Msi-Script-Path
+-
+
+
+dn: CN=Replication-DB-Path,CN=schema,CN=configuration,DC=X
+changetype: modrdn
+newrdn: FRS-Working-Path
+deleteoldrdn: 1
+
+dn: CN=FRS-Working-Path,CN=schema,CN=configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: fRSWorkingPath
+-
+replace: adminDisplayName
+adminDisplayName: FRS-Working-Path
+-
+replace: adminDescription
+adminDescription: FRS-Working-Path
+-
+add: rangeLower
+rangeLower: 0
+-
+add: rangeUpper
+rangeUpper: 2048
+-
+
+
+dn: CN=Replica-Version-GUID,CN=schema,CN=configuration,DC=X
+changetype: modrdn
+newrdn: FRS-Version-GUID
+deleteoldrdn: 1
+
+dn: CN=FRS-Version-GUID,CN=schema,CN=configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: fRSVersionGuid
+-
+replace: adminDisplayName
+adminDisplayName: FRS-Version-GUID
+-
+replace: adminDescription
+adminDescription: FRS-Version-GUID
+-
+add: rangeLower
+rangeLower: 16
+-
+add: rangeUpper
+rangeUpper: 16
+-
+
+
+dn: CN=Replication-Root-Security,CN=schema,CN=configuration,DC=X
+changetype: modrdn
+newrdn: FRS-Root-Security
+deleteoldrdn: 1
+
+dn: CN=FRS-Root-Security,CN=schema,CN=configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: fRSRootSecurity
+-
+replace: adminDisplayName
+adminDisplayName: FRS-Root-Security
+-
+replace: adminDescription
+adminDescription: FRS-Root-Security
+-
+add: rangeLower
+rangeLower: 0
+-
+add: rangeUpper
+rangeUpper: 65535
+-
+
+
+dn: CN=Replication-Update-Timeout,CN=schema,CN=configuration,DC=X
+changetype: modrdn
+newrdn: FRS-Update-Timeout
+deleteoldrdn: 1
+
+dn: CN=FRS-Update-Timeout,CN=schema,CN=configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: fRSUpdateTimeout
+-
+replace: adminDisplayName
+adminDisplayName: FRS-Update-Timeout
+-
+replace: adminDescription
+adminDescription: FRS-Update-Timeout
+-
+
+
+dn: CN=Replication-Service-Command,CN=schema,CN=configuration,DC=X
+changetype: modrdn
+newrdn: FRS-Service-Command
+deleteoldrdn: 1
+
+dn: CN=FRS-Service-Command,CN=schema,CN=configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: fRSServiceCommand
+-
+replace: adminDisplayName
+adminDisplayName: FRS-Service-Command
+-
+replace: adminDescription
+adminDescription: FRS-Service-Command
+-
+add: rangeLower
+rangeLower: 0
+-
+add: rangeUpper
+rangeUpper: 512
+-
+
+
+dn: CN=Replica-Set-GUID,CN=schema,CN=configuration,DC=X
+changetype: modrdn
+newrdn: FRS-Replica-Set-GUID
+deleteoldrdn: 1
+
+dn: CN=FRS-Replica-Set-GUID,CN=schema,CN=configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: fRSReplicaSetGuid
+-
+replace: adminDisplayName
+adminDisplayName: FRS-Replica-Set-GUID
+-
+replace: adminDescription
+adminDescription: FRS-Replica-Set-GUID
+-
+
+
+dn: CN=Replication-Status,CN=schema,CN=configuration,DC=X
+changetype: modrdn
+newrdn: FRS-Fault-Condition
+deleteoldrdn: 1
+
+dn: CN=FRS-Fault-Condition,CN=schema,CN=configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: fRSFaultCondition
+-
+replace: adminDisplayName
+adminDisplayName: FRS-Fault-Condition
+-
+replace: adminDescription
+adminDescription: FRS-Fault-Condition
+-
+add: rangeLower
+rangeLower: 1
+-
+add: rangeUpper
+rangeUpper: 16
+-
+
+
+dn: CN=Replication-Directory-Filter,CN=schema,CN=configuration,DC=X
+changetype: modrdn
+newrdn: FRS-Directory-Filter
+deleteoldrdn: 1
+
+dn: CN=FRS-Directory-Filter,CN=schema,CN=configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: fRSDirectoryFilter
+-
+replace: adminDisplayName
+adminDisplayName: FRS-Directory-Filter
+-
+replace: adminDescription
+adminDescription: FRS-Directory-Filter
+-
+add: rangeLower
+rangeLower: 0
+-
+add: rangeUpper
+rangeUpper: 2048
+-
+
+dn: CN=Created-Entry,CN=schema,CN=configuration,DC=X
+changetype: modrdn
+newrdn: rpc-Ns-Entry-Flags
+deleteoldrdn: 1
+
+dn: CN=rpc-Ns-Entry-Flags,CN=schema,CN=configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: rpcNsEntryFlags
+-
+replace: adminDisplayName
+adminDisplayName: rpc-Ns-Entry-Flags
+-
+replace: adminDescription
+adminDescription: rpc-Ns-Entry-Flags
+-
+
+
+# Class Adds
+
+dn: CN=NTFRS-Member,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: nTFRSMember
+adminDisplayName: NTFRS-Member
+adminDescription: NTFRS-Member
+governsId: 1.2.840.113556.1.5.153
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.515
+systemMayContain: 1.2.840.113556.1.4.485
+systemMayContain: 1.2.840.113556.1.4.500
+systemMayContain: 1.2.840.113556.1.4.535
+systemMayContain: 1.2.840.113556.1.4.877
+systemMayContain: 1.2.840.113556.1.4.874
+systemMayContain: 1.2.840.113556.1.4.536
+systemMayContain: 1.2.840.113556.1.4.873
+systemMayContain: 1.2.840.113556.1.4.872
+systemMayContain: 1.2.840.113556.1.4.871
+systemMayContain: 1.2.840.113556.1.4.869
+systemPossSuperiors: 1.2.840.113556.1.5.102
+schemaIdGuid:: hiUTKnOT0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTFRS-Member,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Link-Bridge,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: siteLinkBridge
+adminDisplayName: Site-Link-Bridge
+adminDescription: Site-Link-Bridge
+governsId: 1.2.840.113556.1.5.148
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.822
+systemPossSuperiors: 1.2.840.113556.1.5.141
+schemaIdGuid:: 3ywM1VGJ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Site-Link-Bridge,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RRAS-Administration-Connection-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: rRASAdministrationConnectionPoint
+adminDisplayName: RRAS-Administration-Connection-Point
+adminDescription: RRAS-Administration-Connection-Point
+governsId: 1.2.840.113556.1.5.150
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.5.94
+systemMayContain: 1.2.840.113556.1.4.884
+systemPossSuperiors: 1.2.840.113556.1.3.30
+schemaIdGuid:: vsU5KmCJ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=RRAS-Administration-Connection-Point,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTFRS-Subscriptions,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+lDAPDisplayName: nTFRSSubscriptions
+adminDescription: NTFRS-Subscriptions
+adminDisplayName: NTFRS-Subscriptions
+governsID: 1.2.840.113556.1.5.154
+objectClassCategory: 1
+rDNAttID: 2.5.4.3
+subClassOf: 2.5.6.0
+schemaIDGUID:: hyUTKnOT0RGuvAAA+ANnwQ==
+systemMayContain: 1.2.840.113556.1.4.486
+systemMayContain: 1.2.840.113556.1.4.882
+systemMayContain: 1.2.840.113556.1.4.536
+systemPossSuperiors: 1.2.840.113556.1.3.30
+systemPossSuperiors: 1.2.840.113556.1.5.154
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTFRS-Subscriptions,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-Storage-Service-Point,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: remoteStorageServicePoint
+adminDisplayName: Remote-Storage-Service-Point
+adminDescription: Remote-Storage-Service-Point
+governsId: 1.2.840.113556.1.5.146
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.5.94
+systemMayContain: 1.2.840.113556.1.4.809
+systemPossSuperiors: 1.2.840.113556.1.3.30
+schemaIdGuid:: vcU5KmCJ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Remote-Storage-Service-Point,CN=Schema,CN=Configuration,DC=X
+
+
+dn: CN=Intellimirror-Group,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+lDAPDisplayName: intellimirrorGroup
+adminDescription: Intellimirror-Group
+adminDisplayName: Intellimirror-Group
+governsID: 1.2.840.113556.1.5.152
+objectClassCategory: 1
+rDNAttID: 2.5.4.3
+schemaIDGUID:: hjA4B9+R0RGuvAAA+ANnwQ==
+subClassOf: 2.5.6.0
+systemPossSuperiors: 2.5.6.5
+systemPossSuperiors: 1.2.840.113556.1.3.23
+hideFromAB: TRUE
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Intellimirror-Group,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: siteLink
+adminDisplayName: Site-Link
+adminDescription: Site-Link
+governsId: 1.2.840.113556.1.5.147
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 1.2.840.113556.1.4.821
+systemMayContain: 1.2.840.113556.1.4.211
+systemMayContain: 1.2.840.113556.1.2.135
+systemPossSuperiors: 1.2.840.113556.1.5.141
+schemaIdGuid:: 3iwM1VGJ0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Site-Link,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Intellimirror-SCP,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: intellimirrorSCP
+adminDisplayName: Intellimirror-SCP
+adminDescription: Intellimirror-SCP
+governsId: 1.2.840.113556.1.5.151
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.5.94
+systemMayContain: 1.2.840.113556.1.4.858
+systemMayContain: 1.2.840.113556.1.4.860
+systemMayContain: 1.2.840.113556.1.4.856
+systemMayContain: 1.2.840.113556.1.4.855
+systemMayContain: 1.2.840.113556.1.4.851
+systemMayContain: 1.2.840.113556.1.4.361
+systemMayContain: 1.2.840.113556.1.4.859
+systemMayContain: 1.2.840.113556.1.4.850
+systemMayContain: 1.2.840.113556.1.4.857
+systemMayContain: 1.2.840.113556.1.4.358
+systemMayContain: 1.2.840.113556.1.4.359
+systemMayContain: 1.2.840.113556.1.4.852
+systemMayContain: 1.2.840.113556.1.4.853
+systemMayContain: 1.2.840.113556.1.4.854
+systemMayContain: 1.2.840.113556.1.4.849
+systemPossSuperiors: 1.2.840.113556.1.3.30
+systemPossSuperiors: 1.2.840.113556.1.5.152
+schemaIdGuid:: hTA4B9+R0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Intellimirror-SCP,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NTFRS-Subscriber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: nTFRSSubscriber
+adminDisplayName: NTFRS-Subscriber
+adminDescription: NTFRS-Subscriber
+governsId: 1.2.840.113556.1.5.155
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 1.2.840.113556.1.4.488
+systemMustContain: 1.2.840.113556.1.4.487
+systemMayContain: 1.2.840.113556.1.4.211
+systemMayContain: 1.2.840.113556.1.4.485
+systemMayContain: 1.2.840.113556.1.4.881
+systemMayContain: 1.2.840.113556.1.4.880
+systemMayContain: 1.2.840.113556.1.4.879
+systemMayContain: 1.2.840.113556.1.4.500
+systemMayContain: 1.2.840.113556.1.4.875
+systemMayContain: 1.2.840.113556.1.4.874
+systemMayContain: 1.2.840.113556.1.4.491
+systemMayContain: 1.2.840.113556.1.4.536
+systemPossSuperiors: 1.2.840.113556.1.5.154
+schemaIdGuid:: iCUTKnOT0RGuvAAA+ANnwQ==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTFRS-Subscriber,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RRAS-Administration-Dictionary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: rRASAdministrationDictionary
+adminDisplayName: RRAS-Administration-Dictionary
+adminDescription: RRAS-Administration-Dictionary
+governsId: 1.2.840.113556.1.5.156
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.883
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: rpib842T0RGuvQAA+ANnwQ==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=RRAS-Administration-Dictionary,CN=Schema,CN=Configuration,DC=X
+
+
+# Syntax in two attributes have been modified. USN-Source and
+# Transport-Address-Type. We don't propagate the changes.
+# We will delete both and add new attributes
+# to replace them.
+
+# Attribute and Class Modifications
+
+dn: CN=Object-Class,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: searchFlags
+searchFlags: 0
+-
+
+dn: CN=Surname,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=State-Or-Province-Name,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Street-Address,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Title,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Postal-Address,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Postal-Code,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Phone-Office-Other,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Post-Office-Box,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Physical-Delivery-Office-Name,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Phone-Home-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Telephone-Number,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Telex-Number,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Teletex-Terminal-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Facsimile-Telephone-Number,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=X121-Address,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=International-ISDN-Number,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Registered-Address,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Preferred-Delivery-Method,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Picture,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Phone-Mobile-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Phone-Pager-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Initials,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Voice-Mail-Password,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: spVX5FWU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Voice-Mail-Recorded-Name,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: spVX5FWU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Voice-Mail-Greetings,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: spVX5FWU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Voice-Mail-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: spVX5FWU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Voice-Mail-Volume,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: spVX5FWU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Voice-Mail-Speed,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: spVX5FWU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Voice-Mail-Recording-Length,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: spVX5FWU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Forwarding-Address,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: spVX5FWU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Personal-Title,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Address-Home,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Phone-Pager-Other,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Phone-Fax-Other,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Phone-Mobile-Other,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Telex-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Phone-ISDN-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Assistant,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=User-Principal-Name,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemFlags
+systemFlags: 2
+-
+
+dn: CN=Categories,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: rangeLower
+rangeLower: 36
+-
+add: rangeUpper
+rangeUpper: 36
+-
+
+dn: CN=Creator,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: searchFlags
+searchFlags: 0
+-
+
+dn: CN=Phone-Ip-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Phone-Ip-Other,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=WWW-Page-Other,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: s5VX5FWU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Group-Type,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: searchFlags
+searchFlags: 1
+-
+add: systemFlags
+systemFlags: 2
+-
+
+dn: CN=User-Shared-Folder,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=User-Shared-Folder-Other,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Address,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Service-Principal-Name,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemFlags
+systemFlags: 2
+-
+
+dn: CN=Phone-Home-Other,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+
+dn: CN=AutoReply,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: spVX5FWU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=AutoReply-Message,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: spVX5FWU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Package-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: searchFlags
+searchFlags: 1
+-
+
+dn: CN=AutoReply-Subject,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: spVX5FWU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=WWW-Home-Page,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: s5VX5FWU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.890
+-
+
+dn: CN=Trusted-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.889
+-
+
+dn: CN=Inter-Site-Transport,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.789
+-
+add: systemMustContain
+systemMustContain: 1.2.840.113556.1.4.789
+-
+
+dn: CN=Group-Of-Names,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: objectClassCategory
+objectClassCategory: 2
+-
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.820
+systemMayContain: 1.2.840.113556.1.4.864
+systemMayContain: 1.2.840.113556.1.4.868
+systemMayContain: 1.2.840.113556.1.4.870
+systemMayContain: 1.2.840.113556.1.4.876
+-
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.290
+systemMayContain: 1.2.840.113556.1.2.291
+systemMayContain: 1.2.840.113556.1.2.292
+systemMayContain: 1.2.840.113556.1.2.293
+systemMayContain: 1.2.840.113556.1.2.339
+systemMayContain: 1.2.840.113556.1.2.340
+systemMayContain: 1.2.840.113556.1.2.341
+systemMayContain: 1.2.840.113556.1.2.342
+systemMayContain: 1.2.840.113556.1.2.469
+-
+
+dn: CN=Sam-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.865
+systemMayContain: 1.2.840.113556.1.4.866
+-
+
+dn: CN=Domain,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: defaultObjectCategory
+defaultObjectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,DC=X
+-
+
+dn: CN=Security-Principal,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.867
+-
+
+dn: CN=ACS-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: defaultHidingValue
+defaultHidingValue: TRUE
+-
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.765
+-
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.885
+systemMayContain: 1.2.840.113556.1.4.771
+-
+
+dn: CN=ACS-Subnet,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: defaultHidingValue
+defaultHidingValue: TRUE
+-
+
+dn: CN=Class-Registration,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.252
+-
+
+dn: CN=Inter-Site-Transport-Container,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemPossSuperiors
+systemPossSuperiors: 1.2.840.113556.1.5.107
+-
+delete: systemPossSuperiors
+systemPossSuperiors: 1.2.840.113556.1.5.142
+-
+
+dn: CN=Inter-Site-Transport,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+delete: systemMustContain
+systemMustContain: 1.2.840.113556.1.4.790
+-
+
+dn: CN=Certification-Authority,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.619
+systemMayContain: 1.2.840.113556.1.4.823
+systemMayContain: 1.2.840.113556.1.4.824
+systemMayContain: 1.2.840.113556.1.4.825
+-
+
+dn: CN=Server,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.619
+systemMayContain: 1.2.840.113556.1.4.786
+systemMayContain: 1.2.840.113556.1.4.819
+-
+
+dn: CN=Print-Queue,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.631
+-
+
+dn: CN=Remote-Mail-Recipient,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: defaultHidingValue
+defaultHidingValue: TRUE
+-
+
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.619
+-
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.360
+systemMayContain: 1.2.840.113556.1.4.486
+-
+
+dn: CN=Storage,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: defaultHidingValue
+defaultHidingValue: TRUE
+-
+
+dn: CN=Class-Store,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.848
+-
+add: systemPossSuperiors
+systemPossSuperiors: 1.2.840.113556.1.5.18
+-
+
+dn: CN=Mail-Recipient,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.47
+systemMayContain: 1.2.840.113556.1.2.129
+systemMayContain: 1.2.840.113556.1.2.144
+systemMayContain: 1.2.840.113556.1.2.221
+-
+
+dn: CN=NTDS-DSA,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.786
+systemMayContain: 0.9.2342.19200300.100.1.3
+-
+
+dn: CN=Package-Registration,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.20
+systemMayContain: 1.2.840.113556.1.4.813
+systemMayContain: 1.2.840.113556.1.4.814
+systemMayContain: 1.2.840.113556.1.4.815
+systemMayContain: 1.2.840.113556.1.4.816
+systemMayContain: 1.2.840.113556.1.4.818
+systemMayContain: 1.2.840.113556.1.4.845
+systemMayContain: 1.2.840.113556.1.4.846
+systemMayContain: 1.2.840.113556.1.4.847
+-
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.17
+-
+
+dn: CN=NTDS-Site-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.607
+-
+
+dn: CN=NTDS-Connection,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.791
+-
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.785
+-
+add: systemPossSuperiors
+systemPossSuperiors: 1.2.840.113556.1.5.153
+-
+
+dn: CN=Category-Registration,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.817
+-
+
+dn: CN=Display-Specifier,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.806
+systemMayContain: 1.2.840.113556.1.4.810
+systemMayContain: 1.2.840.113556.1.4.812
+-
+
+dn: CN=NTFRS-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.653
+-
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.459
+systemMayContain: 1.2.840.113556.1.4.211
+systemMayContain: 1.2.840.113556.1.4.486
+systemMayContain: 1.2.840.113556.1.4.487
+systemMayContain: 1.2.840.113556.1.4.488
+systemMayContain: 1.2.840.113556.1.4.489
+systemMayContain: 1.2.840.113556.1.4.490
+systemMayContain: 1.2.840.113556.1.4.491
+systemMayContain: 1.2.840.113556.1.4.500
+systemMayContain: 1.2.840.113556.1.4.535
+systemMayContain: 1.2.840.113556.1.4.564
+-
+delete: systemMustContain
+systemMustContain: 1.2.840.113556.1.4.43
+-
+add: systemPossSuperiors
+systemPossSuperiors: 2.5.6.4
+systemPossSuperiors: 2.5.6.5
+systemPossSuperiors: 1.2.840.113556.1.3.23
+-
+delete: systemPossSuperiors
+systemPossSuperiors: 1.2.840.113556.1.5.17
+-
+
+dn: CN=NTFRS-Replica-Set,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.43
+systemMayContain: 1.2.840.113556.1.4.31
+systemMayContain: 1.2.840.113556.1.4.653
+systemMayContain: 1.2.840.113556.1.4.874
+systemMayContain: 1.2.840.113556.1.4.877
+systemMayContain: 1.2.840.113556.1.4.878
+-
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.459
+systemMayContain: 1.2.840.113556.1.4.485
+systemMayContain: 1.2.840.113556.1.4.486
+systemMayContain: 1.2.840.113556.1.4.487
+systemMayContain: 1.2.840.113556.1.4.488
+systemMayContain: 1.2.840.113556.1.4.489
+systemMayContain: 1.2.840.113556.1.4.491
+systemMayContain: 1.2.840.113556.1.4.564
+-
+
+dn: CN=Query-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.844
+systemMayContain: 1.2.840.113556.1.4.843
+-
+delete: systemMustContain
+systemMustContain: 1.2.840.113556.1.4.604
+systemMustContain: 1.2.840.113556.1.4.603
+systemMustContain: 1.2.840.113556.1.4.602
+systemMustContain: 1.2.840.113556.1.4.599
+systemMustContain: 1.2.840.113556.1.4.601
+systemMustContain: 1.2.840.113556.1.4.600
+-
+
+dn: CN=Ipsec-Negotiation-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.887
+systemMayContain: 1.2.840.113556.1.4.888
+-
+
+dn: CN=Address-Book-Container,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.886
+-
+add: systemMustContain
+systemMustContain: 1.2.840.113556.1.2.13
+-
+
+dn: CN=Service-Connection-Point,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.658
+-
+
+# Attribute and Class deletes
+
+# First delete some objects in Config NC before deleting their classes
+
+dn: CN=RPC,CN=Inter-Site Transports,CN=Site Connectors,CN=sites,CN=configuration,DC=X
+changetype: delete
+
+dn: CN=Inter-Site Transports,CN=Site Connectors,CN=sites,CN=configuration,DC=X
+changetype: delete
+
+dn: CN=Site Connectors,CN=sites,CN=configuration,DC=X
+changetype: delete
+
+
+
+dn: CN=RAS-X400-Link,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Information-Store-Cfg,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=MHS-Link-Monitoring-Config,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=LocalGroup,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Exchange-Admin-Service,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Eicon-X25-X400-Link,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=X400-Link,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Protocol-Cfg-POP,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DX-Requestor,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Protocol-Cfg-LDAP-Site,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Protocol-Cfg-LDAP-Server,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=COM-Interface,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Mailbox-Agent,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Eicon-X25-Stack,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Directory-Cfg,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=NNTP-Newsfeed,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=RAS-Stack,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Site-Connector,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Encryption-Cfg,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=View-Container,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Site-Server,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=Application-Registration,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Protocol-Cfg-IMAP,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=MHS-Server-Monitoring-Config,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Site-Addressing,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Admin-Extension,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Protocol-Cfg-HTTP,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=MHS-Public-Store,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Add-In,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Transport-Stack,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Protocol-Cfg-NNTP,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Protocol-Cfg-LDAP,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=MHS-Message-Store,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Protocol-Cfg,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Protocol-Cfg-Shared-Site,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=MTA-Cfg,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=MHS-Monitoring-Config,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Mail-Gateway,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Distribution-List,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Protocol-Cfg-Shared-Server,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Local-DXA,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=NTFRS-Site-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=MTA,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Addr-Type,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=View-Root,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Remote-DXA,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Protocol-Cfg-Shared,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=ADMD,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=PRMD,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Run-As,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Req-Seq,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=To-Site,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Runs-On,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Encrypt,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=COM-App-Id,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=App-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Form-Data,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=INSAdmin,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=N-Address,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Send-TNEF,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Line-Wrap,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Auth-Orig,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=From-Site,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Types,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Inbound-DN,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=View-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Imp-Seq,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=DXA-Req-Seq,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Assistant-Name,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=P-Selector,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Rid-Server,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=S-Selector,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=T-Selector,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=HTTP-Pub-PF,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=OWA-Server,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Svr-Seq,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=Domain-Name,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-ReqName,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Conf-Seq,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Auth-Orig-BL,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=COM-PS-CLSID,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Netboot-NIC,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=HTTP-Pub-GAL,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=RAS-Account,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Remote-Site,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Port-Number,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Require-SSL,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Target-MTAs,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Trust-Level,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=Can-Create-PF,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Log-Filename,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Contact-Name,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Inbound-Host,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Password,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=RAS-Password,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Content-Type,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Routing-List,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=HTTP-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=COM-Package-Id,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=MTA-Local-Cred,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Group-By-Attr-1,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Group-By-Attr-2,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Group-By-Attr-3,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Group-By-Attr-4,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Character-Set,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Delegate-User,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DL-Member-Rule,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Admin-Copy,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=Do-OAB-Version,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=COM-Unique-IID,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Computer-Name,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Newsfeed-Type,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Monitor-Clock,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=N-Address-Type,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Inbound-Sites,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Referral-List,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Imp-Seq-USN,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Employee-Type,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Req-Seq-USN,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Role-Occupant,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Site-Affinity,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Unauth-Orig-BL,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Import-Now,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=USN-Intersite,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Outbound-Host,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Export-Now,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Svr-Seq-USN,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=LDAP-Search-Cfg,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Can-Create-PF-BL,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Can-Create-PF-DL,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Local-Admin,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=MTA-Local-Desig,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Imp-Seq-Time,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Req-Seq-Time,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Conf-Seq-USN,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=DXA-Svr-Seq-Time,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Property-Pages,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Outbound-Sites,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Use-Site-Values,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Newsgroup-List,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Report-To-Owner,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=RTS-Window-Size,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Unauth-Orig,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Admin-Update,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Domain-Replicas,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Can-Not-Create-PF,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Append-ReqCN,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Recipient-CP,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=MDB-Unread-Limit,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Off-Line-AB-Style,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=DXA-Conf-Req-Time,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Can-Preserve-DNs,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Employee-Number,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Connection-Type,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=RAS-Phone-Number,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=Authorized-User,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Site-Folder-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Site-Proxy-Space,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=SMIME-Alg-List-NA,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Local-Bridge-Head,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=Monitor-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=View-Definition,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Trans-Retry-Mins,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Can-Create-PF-DL-BL,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=DXA-Logging-Level,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Off-Line-AB-Server,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Inbound-Newsfeed,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Maximum-Object-ID,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=House-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Remote-Client,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=HTTP-Pub-GAL-Limit,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Anonymous-Access,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Import-Container,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Monitor-Services,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Supporting-Stack,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Control-Msg-Rules,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Remote-Bridge-Head,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Send-EMail-Message,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Inbound-Accept-All,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Can-Not-Create-PF-BL,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Can-Not-Create-PF-DL,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Connected-Domains,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Gateway-Local-Cred,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Clock-Alert-Repair,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Clock-Alert-Offset,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-In-Template-Map,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=Folders-Container,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DL-Mem-Reject-Perms,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Character-Set-List,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Expand-DLs-Locally,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Authorized-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Local-Initial-Turn,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Home-Public-Server,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Encrypt-Alg-List-NA,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Incoming-Password,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DL-Mem-Submit-Perms,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Outbound-Newsfeed,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=P-Selector-Inbound,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Anonymous-Account,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Num-Of-Open-Retries,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Export-Containers,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Monitored-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Replica-Set-Server,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Service-Realm-Name,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Aliased-Object-Name,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Site-Folder-Server,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=S-Selector-Inbound,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Outbound-Host-Type,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Off-Line-AB-Schedule,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Trans-Timeout-Mins,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=T-Selector-Inbound,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=RAS-Callback-Number,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=X25-Leased-Line-Port,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=X25-Remote-MTA-Phone,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=X400-Attachment-Type,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Bridgehead-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Gateway-Local-Desig,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=GWART-Last-Modified,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=X400-Selector-Syntax,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Admin-Extension-DLL,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=List-Public-Folders,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Lockout-Disconnect,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Display-Name-Suffix,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Certificate-Chain-V3,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Out-Template-Map,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=SMIME-Alg-List-Other,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Space-Last-Computed,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=Over-Site-Connector,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=RAS-Remote-SRVR-Name,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=RTS-Checkpoint-Size,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Proxy-Generator-DLL,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Remote-Out-BH-Server,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Open-Retry-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=XMIT-Timeout-Normal,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=NNTP-Distributions,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=XMIT-Timeout-Urgent,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=MDB-Backoff-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Import-Sensitivity,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=SMIME-Alg-Selected-NA,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Can-Not-Create-PF-DL-BL,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Enabled-Protocol-Cfg,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DL-Mem-Reject-Perms-BL,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Clock-Warning-Repair,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Replication-Stagger,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Clock-Warning-Offset,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=X25-Leased-or-Switched,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Exchange-Options,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=Control-Msg-Folder-ID,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Service-Action-Other,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Service-Action-First,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DL-Mem-Submit-Perms-BL,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Temp-Assoc-Threshold,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Template-Options,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Gateway-Routing-Tree,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Authorized-Password,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Group-By-Attr-Value-DN,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Return-Exact-Msg-Size,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Client-Access-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Report-To-Originator,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=RTS-Recovery-Timeout,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Off-Line-AB-Containers,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Enable-Compatibility,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Association-Lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Service-Action-Second,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Cross-Certificate-CRL,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Responsible-Local-DXA,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Encapsulation-Method,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Inbound-Newsfeed-Type,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=MDB-Msg-Time-Out-Period,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Service-Restart-Delay,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=Authentication-To-Use,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=HTTP-Pub-AB-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Encrypt-Alg-List-Other,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Group-By-Attr-Value-Str,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Hide-DL-Membership,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Filter-Local-Addresses,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Encrypt-Alg-Selected-NA,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Default-Message-Format,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=DXA-Conf-Container-List,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Translation-Table-Used,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Disabled-Gateway-Proxy,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Native-Address-Type,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Template-TimeStamp,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Monitoring-Alert-Delay,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Replication-Boot-State,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Connection-List-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Assoc-Protocol-Cfg-NNTP,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Monitoring-Recipients,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Prev-Remote-Entries,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Num-Of-Transfer-Retries,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=CA-Exchange-Certificate,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Outgoing-Msg-Size-Limit,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Monitoring-Alert-Units,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=OOF-Reply-To-Originator,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Disable-Deferred-Commit,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Turn-Request-Threshold,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=XMIT-Timeout-Non-Urgent,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=SMIME-Alg-Selected-Other,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Service-Restart-Message,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=COM-Auto-Convert-Class-Id,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=RAS-Phonebook-Entry-Name,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=NNTP-Distributions-Flag,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Local-Bridge-Head-Address,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Transfer-Timeout-Normal,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Transfer-Retry-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Transfer-Timeout-Urgent,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Message-Tracking-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=CA-Signature-Certificate,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Bidirectional-Connector,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=X25-Call-User-Data-Incoming,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Available-Distributions,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=Replication-Mail-Msg-Size,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=X25-Call-User-Data-Outgoing,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Transport-Expedited-Data,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-UnConf-Container-List,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Prev-Exchange-Options,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Monitoring-Warning-Delay,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Session-Disconnect-Timer,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Prev-Template-Options,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Quota-Notification-Style,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Root-Newsgroups-Folder-ID,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Monitoring-Warning-Units,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Remote-Bridge-Head-Address,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Export-Custom-Recipients,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Support-SMIME-Signatures,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Encrypt-Alg-Selected-Other,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Container-Administrators,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Monitoring-Recipients-NDR,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Two-Way-Alternate-Facility,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Preserve-Internet-Content,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=DXA-Prev-Export-Native-Only,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=X25-Facilities-Data-Incoming,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=X25-Facilities-Data-Outgoing,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Default-Intra-Site-Schedule,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Default-Inter-Site-Schedule,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=Connection-List-Filter-Type,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Transfer-Timeout-Non-Urgent,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=Quota-Notification-Schedule,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=CA-Exchange-Certificate-Chain,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Authorized-Password-Confirm,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Monitoring-Normal-Poll-Units,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=CA-Signature-Certificate-Chain,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Certificate-Revocation-List-V1,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Certificate-Revocation-List-V3,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Monitoring-Hotsite-Poll-Units,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Enabled-Authorization-Packages,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Prev-In-Exchange-Sensitivity,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Monitoring-Normal-Poll-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Monitoring-Escalation-Procedure,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=DXA-Prev-Replication-Sensitivity,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Monitoring-Hotsite-Poll-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Available-Authorization-Packages,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+# Config NC changes
+
+# Extended rights
+
+dn: CN=Open-Address-Book,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: add
+objectClass: controlAccessRight
+hideFromAB: TRUE
+appliesTo: 3e74f60f-3e73-11d1-a9c0-0000f80367c1
+displayName: Open Address Book
+rightsGuid: a1990816-4298-11d1-ade2-00c04fd8d5cd
+
+dn: CN=Personal-Information,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: add
+objectClass: controlAccessRight
+hideFromAB: TRUE
+appliesTo: bf967aba-0de6-11d0-a285-00aa003049e2
+displayName: Modify Personal Information
+rightsGuid: 77B5B886-944A-11d1-AEBD-0000F80367C1
+
+dn: CN=Email-Information,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: add
+objectClass: controlAccessRight
+hideFromAB: TRUE
+appliesTo: bf967aba-0de6-11d0-a285-00aa003049e2
+displayName: Modify Email Information
+rightsGuid: E45795B2-9455-11d1-AEBD-0000F80367C1
+
+dn: CN=Web-Information,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: add
+objectClass: controlAccessRight
+hideFromAB: TRUE
+appliesTo: bf967aba-0de6-11d0-a285-00aa003049e2
+displayName: Modify Web Information
+rightsGuid: E45795B3-9455-11d1-AEBD-0000F80367C1
+
+
+# Display-Specifiers
+
+dn: CN=localGroup-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=nTFRSSettings-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: add
+objectClass: displaySpecifier
+hideFromAB: TRUE
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminContextmenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+classDisplayName: NTFRS Settings
+
+dn: CN=nTFRSReplicaSet-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: add
+objectClass: displaySpecifier
+hideFromAB: TRUE
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+classDisplayName: NTFRS Replica Set
+
+dn: CN=mSFTFRS-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: add
+objectClass: displaySpecifier
+hideFromAB: TRUE
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+classDisplayName: Microsoft FRS
+
+
+dn: CN=user-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+add: treatAsLeaf
+treatAsLeaf: TRUE
+-
+delete: adminPropertyPages
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+-
+add: adminPropertyPages
+adminPropertyPages: 5,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 6,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 7,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+-
+delete: attributeDisplayNames
+attributeDisplayNames: comment,Comment
+attributeDisplayNames: company,Company
+attributeDisplayNames: distinguishedName,X500 DN
+attributeDisplayNames: facsimileTelephoneNumber, Facsimile Telephone Numbers
+attributeDisplayNames: generationQualifier, Generation Qualifier
+attributeDisplayNames: internationalISDNNumber, International ISDN Number
+attributeDisplayNames: mobile,Cellular Phone Number
+attributeDisplayNames: personalTitle,Personal Title
+attributeDisplayNames: physicalDeliveryOfficeName,Delivery Office
+attributeDisplayNames: postalCode,ZIP Code
+attributeDisplayNames: primaryGroupID,Primary Group SID
+attributeDisplayNames: streetAddress,Address
+attributeDisplayNames: telephoneNumber,Telephone Number
+attributeDisplayNames: title,Title
+attributeDisplayNames: url,Web Page Address
+attributeDisplayNames: userAccountControl,User Account Control Flags
+-
+add: attributeDisplayNames
+attributeDisplayNames: assistant,Assistant
+attributeDisplayNames: comment,User Account Comment
+attributeDisplayNames: co,Company
+attributeDisplayNames: distinguishedName,X500 Distinguished Name
+attributeDisplayNames: facsimileTelephoneNumber,Facsimile Telephone Number
+attributeDisplayNames: generationQualifier,Name Suffix
+attributeDisplayNames: internationalISDNNumber, International ISDN Number (Others)
+attributeDisplayNames: ipPhone,IP Phone Number
+attributeDisplayNames: mobile,Primary Mobile Phone Number
+attributeDisplayNames: otherFacsimileTelephoneNumber,Facsimile Telephone Number (Others)
+attributeDisplayNames: otherHomePhone,Home Phone (Others)
+attributeDisplayNames: otherIpPhone,IP Phone Number (Others)
+attributeDisplayNames: otherMailbox,E-Mail Address (Others)
+attributeDisplayNames: otherMobile,Mobile Phone Number (Others)
+attributeDisplayNames: otherPager,Pager Number (Others)
+attributeDisplayNames: otherTelephone,Office Telephone Number (Others)
+attributeDisplayNames: personalTitle,Title
+attributeDisplayNames: physicalDeliveryOfficeName,Office Location
+attributeDisplayNames: postalCode,ZIP/Postal Code
+attributeDisplayNames: primaryInternationalISDNNumber,International ISDN Number
+attributeDisplayNames: primaryTelexNumber,Telex Number
+attributeDisplayNames: streetAddress,Other Address
+attributeDisplayNames: telephoneNumber,Primary Phone
+attributeDisplayNames: telexNumber,Telex Number (Others)
+attributeDisplayNames: url,Web Page Address (Others)
+attributeDisplayNames: userPrincipalName,Logon Name
+attributeDisplayNames: wWWHomePage,Web Page Address
+-
+
+dn: CN=group-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+delete: attributeDisplayNames
+attributeDisplayNames: desctription,Description
+attributeDisplayNames: contactName,Contact Name
+attributeDisplayNames: distinguishedName,X500 DN
+attributeDisplayNames: groupAttributes,Group Attribute Flags
+-
+add: attributeDisplayNames
+attributeDisplayNames: description,Description
+attributeDisplayNames: distinguishedName,X500 Distinguished Name
+attributeDisplayNames: managedBy,Managed By
+-
+
+dn: CN=domainDNS-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+delete: classDisplayName
+classDisplayName: Domain (DNS)
+-
+add: classDisplayName
+classDisplayName: Domain
+-
+add: attributeDisplayNames
+attributeDisplayNames: cn,Name
+attributeDisplayNames: description,Description
+-
+
+dn: CN=contact-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+add: attributeDisplayNames
+attributeDisplayNames: assistant,Assistant
+attributeDisplayNames: cn,Name
+attributeDisplayNames: comment,Comment
+attributeDisplayNames: co,Company
+attributeDisplayNames: department,Department
+attributeDisplayNames: description,Description
+attributeDisplayNames: directReports,Direct Reports
+attributeDisplayNames: distinguishedName,X500 Distinguished Name
+attributeDisplayNames: division,Division
+attributeDisplayNames: employeeID,Employee ID
+attributeDisplayNames: facsimileTelephoneNumber,Facsimile Telephone Number
+attributeDisplayNames: generationQualifier,Name Suffix
+attributeDisplayNames: givenName,First Name
+attributeDisplayNames: homePhone,Home Phone
+attributeDisplayNames: homePostalAddress,Home Address
+attributeDisplayNames: info,Notes
+attributeDisplayNames: initials,Initials
+attributeDisplayNames: internationalISDNNumber,International ISDN Number (Others)
+attributeDisplayNames: ipPhone,IP Phone Number
+attributeDisplayNames: l,City
+attributeDisplayNames: mail,E-Mail Address
+attributeDisplayNames: manager,Manager
+attributeDisplayNames: memberOf,Group Membership
+attributeDisplayNames: middleName,Middle Name
+attributeDisplayNames: mobile,Primary Mobile Phone Number
+attributeDisplayNames: otherHomePhone,Home Phone Number (Others)
+attributeDisplayNames: otherIpPhone,IP Phone Number (Others)
+attributeDisplayNames: otherMailbox,E-Mail Address (Others)
+attributeDisplayNames: otherMobile,Mobile Phone Number (Others)
+attributeDisplayNames: otherPager,Pager Number (Others)
+attributeDisplayNames: otherTelephone,Telephone Number (Others)
+attributeDisplayNames: personalTitle,Personal Title
+attributeDisplayNames: physicalDeliveryOfficeName,Office Location
+attributeDisplayNames: postalCode,ZIP/Postal Code
+attributeDisplayNames: postOfficeBox,Post Office Box
+attributeDisplayNames: primaryInternationalISDNNumber,International ISDN Number
+attributeDisplayNames: primaryTelexNumber,Telex Number
+attributeDisplayNames: sn,Last Name
+attributeDisplayNames: st,State
+attributeDisplayNames: streetAddress,Other Address
+attributeDisplayNames: telephoneNumber,Primary Phone
+attributeDisplayNames: telexNumber,Telex Number (Others)
+attributeDisplayNames: url,Web Page Address (Others)
+attributeDisplayNames: wWWHomePage,Web Page Address
+-
+
+dn: CN=domainPolicy-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+delete: adminPropertyPages
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+-
+add: adminPropertyPages
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+-
+
+dn: CN=serviceAdministrationPoint-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+delete: classDisplayName
+classDisplayName: Service Administration Point
+-
+add: classDisplayName
+classDisplayName: Service
+-
+
+dn: CN=computer-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+add: attributeDisplayNames
+attributeDisplayNames: cn,Name
+attributeDisplayNames: description,Description
+attributeDisplayNames: operatingSystem,Operating System
+attributeDisplayNames: operatingSystemVersion,Operating System Version
+attributeDisplayNames: type,Type
+-
+
+dn: CN=printQueue-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+add: attributeDisplayNames
+attributeDisplayNames: cn,Directory Service Name
+attributeDisplayNames: uNCName,Network Name
+attributeDisplayNames: assetNumber,Asset Number
+attributeDisplayNames: bytesPerMinute,Bytes per Minute
+attributeDisplayNames: contactName,Contact
+attributeDisplayNames: description,Comment
+attributeDisplayNames: driverName,Model
+attributeDisplayNames: driverVersion,Driver Version
+attributeDisplayNames: location,Location
+attributeDisplayNames: portName,Port
+attributeDisplayNames: printBinNames,Input Trays
+attributeDisplayNames: printCollate,Supports Collation
+attributeDisplayNames: printColor,Supports Color Printing
+attributeDisplayNames: printDuplexSupported,Supports Double-sided Printing
+attributeDisplayNames: printerName,Name
+attributeDisplayNames: printFormName,Form Name
+attributeDisplayNames: printLanguage,Data Format
+attributeDisplayNames: printMACAddress,Physical Network Address
+attributeDisplayNames: printMaxCopies,Maximum Number of Copies
+attributeDisplayNames: printMaxResolutionSupported,Maximum Resolution
+attributeDisplayNames: printMaxXExtent,Maximum Printable Width
+attributeDisplayNames: printMaxYExtent,Maximum Printable Height
+attributeDisplayNames: printMediaReady,Paper Available
+attributeDisplayNames: printMediaSupported,Paper Types Supported
+attributeDisplayNames: printMemory,Installed Memory
+attributeDisplayNames: printMinXExtent,Minimum Printable Width
+attributeDisplayNames: printMinYExtent,Minimum Printable Height
+attributeDisplayNames: printNetworkAddress,Network Address
+attributeDisplayNames: printNumberUp,Supports N-Up Printing
+attributeDisplayNames: operatingSystem,Operating System
+attributeDisplayNames: operatingSystemVersion,Operating System Version
+attributeDisplayNames: printOrientationsSupported,Orientations Supported
+attributeDisplayNames: printOwner,Owner Name
+attributeDisplayNames: printRate,Speed
+attributeDisplayNames: printRateUnit,Speed Units
+attributeDisplayNames: printPagesPerMinute,Pages per Minute
+attributeDisplayNames: printShareName,Share Name
+attributeDisplayNames: printStaplingSupported,Supports Stapling
+attributeDisplayNames: printStatus,State
+attributeDisplayNames: priority,Print Job Priority
+attributeDisplayNames: serverName,Server Name
+attributeDisplayNames: url,Web Page Address
+attributeDisplayNames: versionNumber,Object Version
+attributeDisplayNames: whenChanged,Date Modified
+attributeDisplayNames: whenCreated,Date Created
+-
+
+dn: CN=organizationalUnit-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+add: attributeDisplayNames
+attributeDisplayNames: cn,Name
+attributeDisplayNames: description,Description
+-
+
+dn: CN=trustedDomain-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+add: attributeDisplayNames
+attributeDisplayNames: cn,Name
+attributeDisplayNames: description,Description
+-
+
+dn: CN=volume-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+add: attributeDisplayNames
+attributeDisplayNames: cn,Name
+attributeDisplayNames: description,Description
+attributeDisplayNames: uNCName,Network Path
+-
+delete: classDisplayName
+classDisplayName: Volume
+-
+add: classDisplayName
+classDisplayName: Shared Folder
+-
+
+dn: CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=X
+changetype: add
+objectClass: interSiteTransportContainer
+hideFromAB: TRUE
+
+dn: CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=X
+changetype: add
+objectClass: interSiteTransport
+transportDllName: ismip.dll
+hideFromAB: TRUE
+
+dn: CN=SMTP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=X
+changetype: add
+objectClass: interSiteTransport
+transportDllName: ismsmtp.dll
+hideFromAB: TRUE
+
+
+dn: CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=X
+changetype: add
+objectClass: queryPolicy
+lDAPAdminLimits: MaxConnections=1000
+lDAPAdminLimits: InitRecvTimeout=120
+lDAPAdminLimits: AllowDeepNonIndexSearch=False
+lDAPAdminLimits: MaxConnIdleTime=900
+lDAPAdminLimits: MaxActiveQueries=20
+lDAPAdminLimits: MaxNotificationPerConn=5
+lDAPAdminLimits: MaxPageSize=1000
+lDAPAdminLimits: MaxQueryDuration=120
+lDAPAdminLimits: MaxTempTableSize=10000
+lDAPAdminLimits: MaxResultSetSize=262144
+lDAPAdminLimits: MaxPoolThreads=4
+lDAPAdminLimits: MaxDatagramRecv=4096
+hideFromAB: TRUE
+
+
+# Object-Version on schema container
+
+dn: CN=schema,CN=configuration,DC=X
+changetype: modify
+add: objectVersion
+objectVersion: 1
+-
+
+```
+
+### Sch2.ldf
+
+```
+dn: CN=GP-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: gPLink
+adminDisplayName: GP-Link
+adminDescription: GP-Link
+attributeId: 1.2.840.113556.1.4.891
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: vjsO8/Cf0RG2AwAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=GP-Options,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: gPOptions
+adminDisplayName: GP-Options
+adminDescription: GP-Options
+attributeId: 1.2.840.113556.1.4.892
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: vzsO8/Cf0RG2AwAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=GPC-File-Sys-Path,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: gPCFileSysPath
+adminDisplayName: GPC-File-Sys-Path
+adminDescription: GPC-File-Sys-Path
+attributeId: 1.2.840.113556.1.4.894
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: wTsO8/Cf0RG2AwAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=GPC-Functionality-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: gPCFunctionalityVersion
+adminDisplayName: GPC-Functionality-Version
+adminDescription: GPC-Functionality-Version
+attributeId: 1.2.840.113556.1.4.893
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: wDsO8/Cf0RG2AwAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=Transport-Address-Attribute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: transportAddressAttribute
+adminDisplayName: Transport-Address-Attribute
+adminDescription: Transport-Address-Attribute
+attributeId: 1.2.840.113556.1.4.895
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: fIbcwWGi0RG2BgAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=Group-Policy-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: groupPolicyContainer
+adminDisplayName: Group-Policy-Container
+adminDescription: Group-Policy-Container
+governsId: 1.2.840.113556.1.5.157
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.23
+systemMayContain: 1.2.840.113556.1.4.141
+systemMayContain: 1.2.840.113556.1.4.893
+systemMayContain: 1.2.840.113556.1.4.894
+systemMayContain: 1.2.840.113556.1.4.38
+systemMayContain: 1.2.840.113556.1.2.13
+schemaIdGuid:: wjsO8/Cf0RG2AwAA+ANnwQ==
+hideFromAB: TRUE
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Group-Policy-Container,CN=Schema,CN=Configuration,DC=X
+
+# To take care of change of OID for USN-Source
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.374
+-
+
+dn: CN=USN-Source,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=USN-Source,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+lDAPDisplayName: uSNSource
+adminDescription: USN-Source
+adminDisplayName: USN-Source
+attributeID: 1.2.840.113556.1.4.896
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+mAPIID: 33111
+oMSyntax: 65
+schemaIDGUID:: rVh3FvNH0RGpwwAA+ANnwQ==
+searchFlags: 0
+systemOnly: FALSE
+hideFromAB: TRUE
+
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.896
+-
+
+dn: CN=Sam-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.891
+systemMayContain: 1.2.840.113556.1.4.892
+-
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.342
+systemMayContain: 1.2.840.113556.1.4.678
+-
+
+dn: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.891
+systemMayContain: 1.2.840.113556.1.4.892
+systemMayContain: 2.5.4.6
+-
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.342
+systemMayContain: 1.2.840.113556.1.4.678
+-
+
+dn: CN=Group,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.342
+-
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.891
+systemMayContain: 1.2.840.113556.1.4.892
+-
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.342
+systemMayContain: 1.2.840.113556.1.4.343
+-
+
+dn: CN=Inter-Site-Transport,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMustContain
+systemMustContain: 1.2.840.113556.1.4.895
+-
+
+dn: CN=Domain-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.418
+-
+
+dn: CN=Container,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.213
+-
+
+dn: CN=Intellimirror-SCP,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: defaultHidingValue
+defaultHidingValue: TRUE
+-
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.358
+systemMayContain: 1.2.840.113556.1.4.359
+-
+
+dn: CN=Intellimirror-Group,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: defaultHidingValue
+defaultHidingValue: TRUE
+-
+add: systemPossSuperiors
+systemPossSuperiors: 1.2.840.113556.1.5.67
+-
+
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.342
+systemMayContain: 1.2.840.113556.1.4.343
+systemMayContain: 1.2.840.113556.1.4.515
+-
+
+dn: CN=NTDS-DSA,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.515
+-
+
+dn: CN=Site,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.891
+systemMayContain: 1.2.840.113556.1.4.892
+-
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.342
+systemMayContain: 1.2.840.113556.1.4.678
+-
+
+dn: CN=Object-Category,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemFlags
+systemFlags: 2
+-
+
+# Change of OID of FRS-Replica-Set-Type
+# Delete by name, not by OID.
+
+dn: CN=NTFRS-Replica-Set,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+delete: systemMayContain
+systemMayContain: fRSReplicaSetType
+-
+
+dn: CN=FRS-Replica-Set-Type,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=FRS-Replica-Set-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+lDAPDisplayName: fRSReplicaSetType
+adminDescription: FRS-Replica-Set-Type
+adminDisplayName: FRS-Replica-Set-Type
+attributeID: 1.2.840.113556.1.4.31
+attributeSyntax: 2.5.5.9
+hideFromAB: TRUE
+isSingleValued: TRUE
+oMSyntax: 2
+schemaIDGUID:: a3PZJnBg0RGpxgAA+ANnwQ==
+searchFlags: 0
+systemOnly: FALSE
+
+
+dn: CN=NTFRS-Replica-Set,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.31
+-
+
+dn: CN=Builtin-Sync,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: defaultHidingValue
+defaultHidingValue: TRUE
+-
+
+dn: CN=Policy-Name,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Policy-Link,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Policy-Options,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn: CN=Change-Pwd-Logon-Required,CN=Schema,CN=Configuration,DC=X
+changetype: delete
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=DS-Replication-Get-Changes,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: add
+objectClass: controlAccessRight
+hideFromAB: TRUE
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+appliesTo: bf967a87-0de6-11d0-a285-00aa003049e2
+appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2
+displayName: Replicating Directory Changes
+rightsGUID: 1131f6aa-9c07-11d1-f79f-00c04fc2dcd2
+
+dn: CN=DS-Replication-Synchronize,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: add
+objectClass: controlAccessRight
+hideFromAB: TRUE
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+appliesTo: bf967a87-0de6-11d0-a285-00aa003049e2
+appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2
+displayName: Replication Synchronization
+rightsGUID: 1131f6ab-9c07-11d1-f79f-00c04fc2dcd2
+
+dn: CN=DS-Replication-Manage-Topology,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: add
+objectClass: controlAccessRight
+hideFromAB: TRUE
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+appliesTo: bf967a87-0de6-11d0-a285-00aa003049e2
+appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2
+displayName: Manage Replication Topology
+rightsGUID: 1131f6ac-9c07-11d1-f79f-00c04fc2dcd2
+
+dn: CN=IntellimirrorGroup-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: add
+objectClass: displaySpecifier
+hideFromAB: TRUE
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror-Group
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+
+dn: CN=IntellimirrorSCP-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: add
+objectClass: displaySpecifier
+hideFromAB: TRUE
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror-Service
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+
+dn: CN=computer-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+add: adminPropertyPages
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+-
+
+
+dn: CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=X
+changetype: modify
+add: transportAddressAttribute
+transportAddressAttribute: dnsHostName
+-
+
+dn: CN=SMTP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=X
+changetype: modify
+add: transportAddressAttribute
+transportAddressAttribute: mailAddress
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: objectVersion
+objectVersion: 2
+-
+
+```
+
+### Sch3.ldf
+
+```
+# Existing Extended-Rights Mod
+
+dn: CN=User-Force-Change-Password,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: modify
+replace: displayName
+displayName: Reset Password
+-
+add: appliesTo
+appliesTo: bf967a86-0de6-11d0-a285-00aa003049e2
+-
+
+
+# New Display-Specifier adds
+
+dn: CN=server-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: add
+objectClass: displaySpecifier
+hideFromAB: TRUE
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+classDisplayName: Server
+
+dn: CN=siteLink-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: add
+objectClass: displaySpecifier
+hideFromAB: TRUE
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+classDisplayName: Site Link
+
+dn: CN=siteLinkBridge-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: add
+objectClass: displaySpecifier
+hideFromAB: TRUE
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+classDisplayName: Site Link Bridge
+
+dn: CN=interSiteTransport-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: add
+objectClass: displaySpecifier
+hideFromAB: TRUE
+adminPropertyPages: 1,{6DFE6491-AC8D-11D0-B945-00C04FD8D5B0}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+classDisplayName: Inter-Site Transport
+
+dn: CN=licensingSiteSettings-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: add
+objectClass: displaySpecifier
+hideFromAB: TRUE
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+classDisplayName: Licensing Site Settings
+
+dn: CN=nTDSSiteSettings-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: add
+objectClass: displaySpecifier
+hideFromAB: TRUE
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+classDisplayName: NTDS Site Settings
+
+dn: CN=nTFRSMember-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: add
+objectClass: displaySpecifier
+hideFromAB: TRUE
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+classDisplayName: NTFRS Member
+
+
+dn: CN=nTFRSSubscriber-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: add
+objectClass: displaySpecifier
+hideFromAB: TRUE
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+classDisplayName: NTFRS Subscriber
+
+dn: CN=nTFRSSubscriptions-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: add
+objectClass: displaySpecifier
+hideFromAB: TRUE
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+classDisplayName: NTFRS Subscriptions
+
+dn: CN=rpcContainer-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: add
+objectClass: displaySpecifier
+hideFromAB: TRUE
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+classDisplayName: RPC Services
+attributeDisplayNames: cn,Name
+attributeDisplayNames: description,Description
+
+
+# Existing display-specifier mods
+
+
+dn: CN=mSFTFRS-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: delete
+
+
+dn: CN=user-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+delete: adminPropertyPages
+adminPropertyPages: 3,{6dfe648a-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 5,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 6,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 7,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+-
+add: adminPropertyPages
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+-
+add: attributeDisplayNames
+attributeDisplayNames: userWorkstations,Logon Workstations
+-
+
+
+dn: CN=group-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+delete: adminPropertyPages
+adminPropertyPages: 2,{6dfe648a-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+-
+add: adminPropertyPages
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+-
+add: adminContextMenu
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+-
+
+dn: CN=domainDNS-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+add: adminContextMenu
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+-
+
+dn: CN=contact-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+add: adminContextMenu
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+-
+
+dn: CN=domainPolicy-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+add: adminContextMenu
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+-
+
+dn: CN=localPolicy-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+add: adminContextMenu
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+-
+
+dn: CN=serviceAdministrationPoint-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+add: adminContextMenu
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+-
+
+dn: CN=computer-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+add: adminContextMenu
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+-
+
+dn: CN=printQueue-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+add: adminContextMenu
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+-
+
+dn: CN=site-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+add: adminContextMenu
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+-
+
+dn: CN=nTDSSettings-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+add: adminContextMenu
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+-
+
+dn: CN=nTDSDSA-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+add: adminContextMenu
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+-
+
+dn: CN=nTDSConnection-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+add: adminContextMenu
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+-
+
+dn: CN=nTFRSSettings-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+add: adminContextMenu
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+-
+
+dn: CN=nTFRSReplicaSet-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+add: adminContextMenu
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+-
+
+
+dn: CN=subnet-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+add: adminContextMenu
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+-
+
+dn: CN=organizationalUnit-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+add: adminContextMenu
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+-
+
+dn: CN=container-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+add: adminContextMenu
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+-
+
+dn: CN=trustedDomain-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+add: adminContextMenu
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+-
+
+dn: CN=volume-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+add: adminContextMenu
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+-
+
+dn: CN=default-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: modify
+add: adminContextMenu
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+-
+
+
+# New Extended-Rights adds
+
+
+dn: CN=Change-Schema-Master,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: add
+objectClass: controlAccessRight
+hideFromAB: TRUE
+appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2
+displayName: Change Schema Master
+rightsGUID: e12b56b6-0a95-11d1-adbb-00c04fd8d5cd
+
+dn: CN=Change-Rid-Master,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: add
+objectClass: controlAccessRight
+hideFromAB: TRUE
+appliesTo: 6617188d-8f3c-11d0-afda-00c04fd930c9
+displayName: Change Rid Master
+rightsGUID: d58d5f36-0a98-11d1-adbb-00c04fd8d5cd
+
+dn: CN=Abandon-Replication,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: add
+objectClass: controlAccessRight
+hideFromAB: TRUE
+appliesTo: f0f8ffab-1191-11d0-a060-00aa006c33ed
+displayName: Abandon Replication
+rightsGUID: ee914b82-0a98-11d1-adbb-00c04fd8d5cd
+
+dn: CN=Do-Garbage-Collection,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: add
+objectClass: controlAccessRight
+hideFromAB: TRUE
+appliesTo: f0f8ffab-1191-11d0-a060-00aa006c33ed
+displayName: Do Garbage Collection
+rightsGUID: fec364e0-0a98-11d1-adbb-00c04fd8d5cd
+
+
+dn: CN=Recalculate-Hierarchy,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: add
+objectClass: controlAccessRight
+hideFromAB: TRUE
+appliesTo: f0f8ffab-1191-11d0-a060-00aa006c33ed
+displayName: Recalculate Hierarchy
+rightsGUID: 0bc1554e-0a99-11d1-adbb-00c04fd8d5cd
+
+dn: CN=Allocate-Rids,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: add
+objectClass: controlAccessRight
+hideFromAB: TRUE
+appliesTo: f0f8ffab-1191-11d0-a060-00aa006c33ed
+displayName: Allocate Rids
+rightsGUID: 1abd7cf8-0a99-11d1-adbb-00c04fd8d5cd
+
+dn: CN=Change-PDC,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: add
+objectClass: controlAccessRight
+hideFromAB: TRUE
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+displayName: Change PDC
+rightsGUID: bae50096-4752-11d1-9052-00c04fc2d4cf
+
+dn: CN=Add-GUID,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: add
+objectClass: controlAccessRight
+hideFromAB: TRUE
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+displayName: Add GUID
+rightsGUID: 440820ad-65b4-11d1-a3da-0000f875ae0d
+
+dn: CN=Change-Domain-Master,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: add
+objectClass: controlAccessRight
+hideFromAB: TRUE
+appliesTo: ef9e60e0-56f7-11d1-a9c6-0000f80367c1
+displayName: Change Domain Master
+rightsGUID: 014bf69c-7b3b-11d1-85f6-08002be74fab
+
+
+
+# Bump up the schema version
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: objectVersion
+objectVersion: 3
+-
+
+```
+
+### Sch4.ldf
+
+```
+# Renames.
+
+dn: CN=DXA-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: modrdn
+newrdn: Deleted-Item-Flags
+deleteoldrdn: 1
+
+dn: CN=Deleted-Item-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: deletedItemFlags
+-
+replace: adminDisplayName
+adminDisplayName: Deleted-Item-Flags
+-
+replace: adminDescription
+adminsDescription: Deleted-Item-Flags
+-
+
+dn: CN=DXA-Task,CN=Schema,CN=Configuration,DC=X
+changetype: modrdn
+newrdn: Message-Size-Limit
+deleteoldrdn: 1
+
+dn: CN=Message-Size-Limit,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: messageSizeLimit
+-
+replace: adminDisplayName
+adminDisplayName: Message-Size-Limit
+-
+replace: adminDescription
+adminsDescription: Message-Size-Limit
+-
+
+dn: CN=Assoc-NT-Account,CN=Schema,CN=Configuration,DC=X
+changetype: modrdn
+newrdn: Assoc-NT-Account-Unused
+deleteoldrdn: 1
+
+dn: CN=Assoc-NT-Account-Unused,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: assocNTAccountUnused
+-
+replace: adminDisplayName
+adminDisplayName: Assoc-NT-Account-Unused
+-
+replace: adminDescription
+adminsDescription: Assoc-NT-Account-Unused
+-
+
+dn: CN=Assoc-NT-Account,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: assocNTAccount
+adminDisplayName: Assoc-NT-Account
+adminDescription: Assoc-NT-Account
+attributeId: 1.2.840.113556.1.4.1213
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+hideFromAB: TRUE
+
+
+
+
+dn: CN=ANR,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: aNR
+adminDisplayName: ANR
+adminDescription: ANR
+attributeId: 1.2.840.113556.1.4.1208
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: ABWwRRnE0RG7yQCAx2ZwwA==
+hideFromAB: TRUE
+systemFlags: 8000004
+
+dn: CN=ADMD,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: ADMD
+adminDisplayName: ADMD
+adminDescription: ADMD
+attributeId: 1.2.840.113556.1.2.232
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 16
+schemaIdGuid:: kHPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32841
+hideFromAB: TRUE
+
+dn: CN=PRMD,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: PRMD
+adminDisplayName: PRMD
+adminDescription: PRMD
+attributeId: 1.2.840.113556.1.2.224
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 16
+schemaIdGuid:: TXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33038
+hideFromAB: TRUE
+
+dn: CN=Req-Seq,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: ReqSeq
+adminDisplayName: Req-Seq
+adminDescription: Req-Seq
+attributeId: 1.2.840.113556.1.2.173
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: YHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33058
+hideFromAB: TRUE
+
+dn: CN=Runs-On,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: RunsOn
+adminDisplayName: Runs-On
+adminDescription: Runs-On
+attributeId: 1.2.840.113556.1.2.185
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: a3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33066
+hideFromAB: TRUE
+
+dn: CN=Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: Enabled
+adminDisplayName: Enabled
+adminDescription: Enabled
+attributeId: 1.2.840.113556.1.2.557
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 8nPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 35873
+hideFromAB: TRUE
+
+dn: CN=Telephone-Home-Fax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: homeFax
+adminDisplayName: Telephone-Home-Fax
+adminDescription: Telephone-Home-Fax
+attributeId: 1.2.840.113556.1.2.609
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 128
+schemaIdGuid:: hXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 14885
+hideFromAB: TRUE
+
+dn: CN=Encrypt,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: Encrypt
+adminDisplayName: Encrypt
+adminDescription: Encrypt
+attributeId: 1.2.840.113556.1.2.236
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 9nPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32931
+hideFromAB: TRUE
+
+dn: CN=Form-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: FormData
+adminDisplayName: Form-Data
+adminDescription: Form-Data
+attributeId: 1.2.840.113556.1.2.607
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: AHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 35941
+hideFromAB: TRUE
+
+dn: CN=INSAdmin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: INSAdmin
+adminDisplayName: INSAdmin
+adminDescription: INSAdmin
+attributeId: 1.2.840.113556.1.2.543
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: FnTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33221
+hideFromAB: TRUE
+
+dn: CN=N-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: NAddress
+adminDisplayName: N-Address
+adminDescription: N-Address
+attributeId: 1.2.840.113556.1.2.282
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 50
+schemaIdGuid:: NHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33009
+hideFromAB: TRUE
+
+dn: CN=Send-TNEF,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: SendTNEF
+adminDisplayName: Send-TNEF
+adminDescription: Send-TNEF
+attributeId: 1.2.840.113556.1.2.492
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: b3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33169
+hideFromAB: TRUE
+
+dn: CN=Line-Wrap,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: LineWrap
+adminDisplayName: Line-Wrap
+adminDescription: Line-Wrap
+attributeId: 1.2.840.113556.1.2.449
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: GHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32964
+hideFromAB: TRUE
+
+dn: CN=Auth-Orig,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: AuthOrig
+adminDisplayName: Auth-Orig
+adminDescription: Auth-Orig
+attributeId: 1.2.840.113556.1.2.129
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: VgYBAgULHQ==
+schemaIdGuid:: l3PfqOrF0RG7ywCAx2ZwwA==
+linkID: 110
+hideFromAB: TRUE
+
+dn: CN=MSMQ-QM-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: mSMQQMID
+adminDisplayName: MSMQ-QM-ID
+adminDescription: MSMQ-QM-ID
+attributeId: 1.2.840.113556.1.4.951
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: PsMNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=DXA-Types,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXATypes
+adminDisplayName: DXA-Types
+adminDescription: DXA-Types
+attributeId: 1.2.840.113556.1.2.119
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 7XPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32928
+hideFromAB: TRUE
+
+dn: CN=MSMQ-Cost,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: mSMQCost
+adminDisplayName: MSMQ-Cost
+adminDescription: MSMQ-Cost
+attributeId: 1.2.840.113556.1.4.946
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: OsMNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=MSMQ-Site-1,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: mSMQSite1
+adminDisplayName: MSMQ-Site-1
+adminDescription: MSMQ-Site-1
+attributeId: 1.2.840.113556.1.4.943
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: N8MNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=MSMQ-Site-2,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: mSMQSite2
+adminDisplayName: MSMQ-Site-2
+adminDescription: MSMQ-Site-2
+attributeId: 1.2.840.113556.1.4.944
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: OMMNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=MSMQ-Label,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: mSMQLabel
+adminDisplayName: MSMQ-Label
+adminDescription: MSMQ-Label
+attributeId: 1.2.840.113556.1.4.922
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+schemaIdGuid:: JcMNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+isMemberOfPartialAttributeSet: TRUE
+
+dn: CN=Inbound-DN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: InboundDN
+adminDisplayName: Inbound-DN
+adminDescription: Inbound-DN
+attributeId: 1.2.840.113556.1.2.553
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: EHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 35870
+hideFromAB: TRUE
+
+dn: CN=View-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: ViewFlags
+adminDisplayName: View-Flags
+adminDescription: View-Flags
+attributeId: 1.2.840.113556.1.2.546
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: mnTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 35864
+hideFromAB: TRUE
+
+dn: CN=DXA-Imp-Seq,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXAImpSeq
+adminDisplayName: DXA-Imp-Seq
+adminDescription: DXA-Imp-Seq
+attributeId: 1.2.840.113556.1.2.116
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32
+schemaIdGuid:: 0nPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32899
+hideFromAB: TRUE
+
+dn: CN=DXA-Req-Seq,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXAReqSeq
+adminDisplayName: DXA-Req-Seq
+adminDescription: DXA-Req-Seq
+attributeId: 1.2.840.113556.1.2.101
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32
+schemaIdGuid:: 5HPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32918
+hideFromAB: TRUE
+
+dn: CN=Assistant-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: secretary
+adminDisplayName: Assistant-Name
+adminDescription: Assistant-Name
+attributeId: 1.2.840.113556.1.2.444
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+schemaIdGuid:: lHPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 14896
+hideFromAB: TRUE
+
+dn: CN=P-Selector,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: PSelector
+adminDisplayName: P-Selector
+adminDescription: P-Selector
+attributeId: 1.2.840.113556.1.2.285
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 16
+schemaIdGuid:: SHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33030
+hideFromAB: TRUE
+
+dn: CN=Rid-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: RidServer
+adminDisplayName: Rid-Server
+adminDescription: Rid-Server
+attributeId: 1.2.840.113556.1.2.346
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: ZHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33060
+hideFromAB: TRUE
+
+dn: CN=S-Selector,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: SSelector
+adminDisplayName: S-Selector
+adminDescription: S-Selector
+attributeId: 1.2.840.113556.1.2.284
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 16
+schemaIdGuid:: bHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33067
+hideFromAB: TRUE
+
+dn: CN=T-Selector,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: TSelector
+adminDisplayName: T-Selector
+adminDescription: T-Selector
+attributeId: 1.2.840.113556.1.2.283
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32
+schemaIdGuid:: gXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33088
+hideFromAB: TRUE
+
+dn: CN=HTTP-Pub-PF,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: HTTPPubPF
+adminDisplayName: HTTP-Pub-PF
+adminDescription: HTTP-Pub-PF
+attributeId: 1.2.840.113556.1.2.505
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 1024
+schemaIdGuid:: C3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33182
+hideFromAB: TRUE
+
+dn: CN=OWA-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: OWAServer
+adminDisplayName: OWA-Server
+adminDescription: OWA-Server
+attributeId: 1.2.840.113556.1.2.608
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 128
+schemaIdGuid:: R3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 35942
+hideFromAB: TRUE
+
+dn: CN=DXA-Svr-Seq,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXASvrSeq
+adminDisplayName: DXA-Svr-Seq
+adminDescription: DXA-Svr-Seq
+attributeId: 1.2.840.113556.1.2.360
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32
+schemaIdGuid:: 6HPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32922
+hideFromAB: TRUE
+
+dn: CN=From-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: fromEntry
+adminDisplayName: From-Entry
+adminDescription: From-Entry
+attributeId: 1.2.840.113556.1.4.910
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIDGUID:: Sdl6mlPK0RG70ACAx2ZwwA==
+hideFromAB: TRUE
+systemFlags: 8000004
+
+dn: CN=MSMQ-Sites,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: mSMQSites
+adminDisplayName: MSMQ-Sites
+adminDescription: MSMQ-Sites
+attributeId: 1.2.840.113556.1.4.927
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: KsMNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+isMemberOfPartialAttributeSet: TRUE
+
+dn: CN=MSMQ-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: mSMQQuota
+adminDisplayName: MSMQ-Quota
+adminDescription: MSMQ-Quota
+attributeId: 1.2.840.113556.1.4.919
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: IsMNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+isMemberOfPartialAttributeSet: TRUE
+
+dn: CN=Domain-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DomainName
+adminDisplayName: Domain-Name
+adminDescription: Domain-Name
+attributeId: 1.2.840.113556.1.2.147
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 362
+schemaIdGuid:: yHPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32886
+hideFromAB: TRUE
+
+dn: CN=DXA-ReqName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXAReqName
+adminDisplayName: DXA-ReqName
+adminDescription: DXA-ReqName
+attributeId: 1.2.840.113556.1.2.446
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+schemaIdGuid:: 53PfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32921
+hideFromAB: TRUE
+
+dn: CN=DXA-Conf-Seq,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXAConfSeq
+adminDisplayName: DXA-Conf-Seq
+adminDescription: DXA-Conf-Seq
+attributeId: 1.2.840.113556.1.2.184
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32
+schemaIdGuid:: znPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32894
+hideFromAB: TRUE
+
+dn: CN=Auth-Orig-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: AuthOrigBL
+adminDisplayName: Auth-Orig-BL
+adminDescription: Auth-Orig-BL
+attributeId: 1.2.840.113556.1.2.290
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: mHPfqOrF0RG7ywCAx2ZwwA==
+linkID: 111
+mapiID: 32851
+hideFromAB: TRUE
+systemFlags: 1
+
+dn: CN=HTTP-Pub-GAL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: HTTPPubGAL
+adminDisplayName: HTTP-Pub-GAL
+adminDescription: HTTP-Pub-GAL
+attributeId: 1.2.840.113556.1.2.502
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: CXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33179
+hideFromAB: TRUE
+
+dn: CN=MSMQ-Site-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: mSMQSiteID
+adminDisplayName: MSMQ-Site-ID
+adminDescription: MSMQ-Site-ID
+attributeId: 1.2.840.113556.1.4.953
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: QMMNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=RAS-Account,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: RASAccount
+adminDisplayName: RAS-Account
+adminDescription: RAS-Account
+attributeId: 1.2.840.113556.1.2.519
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: UXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33197
+hideFromAB: TRUE
+
+dn: CN=Remote-Site,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: RemoteSite
+adminDisplayName: Remote-Site
+adminDescription: Remote-Site
+attributeId: 1.2.840.113556.1.2.27
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: W3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33053
+hideFromAB: TRUE
+
+dn: CN=Port-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: PortNumber
+adminDisplayName: Port-Number
+adminDescription: Port-Number
+attributeId: 1.2.840.113556.1.2.527
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65535
+schemaIdGuid:: SnTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33205
+hideFromAB: TRUE
+
+dn: CN=Require-SSL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: RequireSSL
+adminDisplayName: Require-SSL
+adminDescription: Require-SSL
+attributeId: 1.2.840.113556.1.2.560
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: YXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 35877
+hideFromAB: TRUE
+
+dn: CN=Target-MTAs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: TargetMTAs
+adminDisplayName: Target-MTAs
+adminDescription: Target-MTAs
+attributeId: 1.2.840.113556.1.2.259
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 36
+schemaIdGuid:: g3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33090
+hideFromAB: TRUE
+
+dn: CN=Trust-Level,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: TrustLevel
+adminDisplayName: Trust-Level
+adminDescription: Trust-Level
+attributeId: 1.2.840.113556.1.2.70
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 100
+schemaIdGuid:: knTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33103
+hideFromAB: TRUE
+
+dn: CN=Unauth-Orig,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: UnauthOrig
+adminDisplayName: Unauth-Orig
+adminDescription: Unauth-Orig
+attributeId: 1.2.840.113556.1.2.221
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: VgYBAgULHQ==
+schemaIdGuid:: lXTfqOrF0RG7ywCAx2ZwwA==
+linkID: 114
+hideFromAB: TRUE
+
+dn: CN=MSMQ-OS-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: mSMQOSType
+adminDisplayName: MSMQ-OS-Type
+adminDescription: MSMQ-OS-Type
+attributeId: 1.2.840.113556.1.4.935
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: MMMNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Can-Create-PF,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: CanCreatePF
+adminDisplayName: Can-Create-PF
+adminDescription: Can-Create-PF
+attributeId: 1.2.840.113556.1.2.11
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: oXPfqOrF0RG7ywCAx2ZwwA==
+linkID: 124
+mapiID: 32856
+hideFromAB: TRUE
+
+dn: CN=Log-Filename,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: LogFilename
+adminDisplayName: Log-Filename
+adminDescription: Log-Filename
+attributeId: 1.2.840.113556.1.2.192
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+schemaIdGuid:: HXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32970
+hideFromAB: TRUE
+
+dn: CN=Is-Ephemeral,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: isEphemeral
+adminDisplayName: Is-Ephemeral
+adminDescription: Is-Ephemeral
+attributeId: 1.2.840.113556.1.4.1212
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+schemaIdGuid:: 8FPE9PHF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Inbound-Host,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: InboundHost
+adminDisplayName: Inbound-Host
+adminDescription: Inbound-Host
+attributeId: 1.2.840.113556.1.2.489
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 512
+schemaIdGuid:: EXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33166
+hideFromAB: TRUE
+
+dn: CN=MSMQ-CSP-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: mSMQCSPName
+adminDisplayName: MSMQ-CSP-Name
+adminDescription: MSMQ-CSP-Name
+attributeId: 1.2.840.113556.1.4.940
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: NMMNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=DXA-Password,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXAPassword
+adminDisplayName: DXA-Password
+adminDescription: DXA-Password
+attributeId: 1.2.840.113556.1.2.305
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 12
+schemaIdGuid:: 23PfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32908
+hideFromAB: TRUE
+
+dn: CN=MSMQ-Digests,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: mSMQDigests
+adminDisplayName: MSMQ-Digests
+adminDescription: MSMQ-Digests
+attributeId: 1.2.840.113556.1.4.948
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 1
+schemaIdGuid:: PMMNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+isMemberOfPartialAttributeSet: TRUE
+
+dn: CN=MSMQ-Foreign,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: mSMQForeign
+adminDisplayName: MSMQ-Foreign
+adminDescription: MSMQ-Foreign
+attributeId: 1.2.840.113556.1.4.934
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: L8MNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+isMemberOfPartialAttributeSet: TRUE
+
+dn: CN=MSMQ-Owner-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: mSMQOwnerID
+adminDisplayName: MSMQ-Owner-ID
+adminDescription: MSMQ-Owner-ID
+attributeId: 1.2.840.113556.1.4.925
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+schemaIdGuid:: KMMNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+isMemberOfPartialAttributeSet: TRUE
+
+dn: CN=MSMQ-Sign-Key,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: mSMQSignKey
+adminDisplayName: MSMQ-Sign-Key
+adminDescription: MSMQ-Sign-Key
+attributeId: 1.2.840.113556.1.4.937
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: MsMNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=MSMQ-Journal,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: mSMQJournal
+adminDisplayName: MSMQ-Journal
+adminDescription: MSMQ-Journal
+attributeId: 1.2.840.113556.1.4.918
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: IcMNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+isMemberOfPartialAttributeSet: TRUE
+
+dn: CN=Content-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: ContentType
+adminDisplayName: Content-Type
+adminDescription: Content-Type
+attributeId: 1.2.840.113556.1.2.481
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 4
+schemaIdGuid:: uXPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33158
+hideFromAB: TRUE
+
+dn: CN=RAS-Password,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: RASPassword
+adminDisplayName: RAS-Password
+adminDescription: RAS-Password
+attributeId: 1.2.840.113556.1.2.520
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: U3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33198
+hideFromAB: TRUE
+
+dn: CN=MSMQ-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: mSMQVersion
+adminDisplayName: MSMQ-Version
+adminDescription: MSMQ-Version
+attributeId: 1.2.840.113556.1.4.942
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: NsMNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msNPVersion,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msNPVersion
+adminDisplayName: msNPVersion
+adminDescription: msNPVersion
+attributeId: 1.2.840.113556.1.4.1135
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: k5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Routing-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: RoutingList
+adminDisplayName: Routing-List
+adminDescription: Routing-List
+attributeId: 1.2.840.113556.1.2.354
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 2243
+schemaIdGuid:: Z3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33062
+hideFromAB: TRUE
+
+dn: CN=HTTP-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: HTTPServers
+adminDisplayName: HTTP-Servers
+adminDescription: HTTP-Servers
+attributeId: 1.2.840.113556.1.2.517
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+schemaIdGuid:: DHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33195
+hideFromAB: TRUE
+
+dn: CN=MTA-Local-Cred,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: MTALocalCred
+adminDisplayName: MTA-Local-Cred
+adminDescription: MTA-Local-Cred
+attributeId: 1.2.840.113556.1.2.270
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+schemaIdGuid:: MnTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33007
+hideFromAB: TRUE
+
+dn: CN=Character-Set,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: CharacterSet
+adminDisplayName: Character-Set
+adminDescription: Character-Set
+attributeId: 1.2.840.113556.1.2.480
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+schemaIdGuid:: rXPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33157
+hideFromAB: TRUE
+
+dn: CN=Delegate-User,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DelegateUser
+adminDisplayName: Delegate-User
+adminDescription: Delegate-User
+attributeId: 1.2.840.113556.1.2.591
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: vnPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 35913
+hideFromAB: TRUE
+
+dn: CN=DL-Member-Rule,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DLMemberRule
+adminDisplayName: DL-Member-Rule
+adminDescription: DL-Member-Rule
+attributeId: 1.2.840.113556.1.2.330
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 4096
+schemaIdGuid:: xnPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32884
+hideFromAB: TRUE
+
+dn: CN=DXA-Admin-Copy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXAAdminCopy
+adminDisplayName: DXA-Admin-Copy
+adminDescription: DXA-Admin-Copy
+attributeId: 1.2.840.113556.1.2.378
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: yXPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32888
+hideFromAB: TRUE
+
+dn: CN=Do-OAB-Version,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DoOABVersion
+adminDisplayName: Do-OAB-Version
+adminDescription: Do-OAB-Version
+attributeId: 1.2.840.113556.1.2.575
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: x3PfqOrF0RG7ywCAx2ZwwA==
+mapiID: 35898
+hideFromAB: TRUE
+
+dn: CN=MSMQ-Migrated,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: mSMQMigrated
+adminDisplayName: MSMQ-Migrated
+adminDescription: MSMQ-Migrated
+attributeId: 1.2.840.113556.1.4.952
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: P8MNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Computer-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: ComputerName
+adminDisplayName: Computer-Name
+adminDescription: Computer-Name
+attributeId: 1.2.840.113556.1.2.20
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+schemaIdGuid:: tHPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32869
+hideFromAB: TRUE
+
+dn: CN=Monitor-Clock,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: MonitorClock
+adminDisplayName: Monitor-Clock
+adminDescription: Monitor-Clock
+attributeId: 1.2.840.113556.1.2.163
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: I3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32982
+hideFromAB: TRUE
+
+dn: CN=N-Address-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: NAddressType
+adminDisplayName: N-Address-Type
+adminDescription: N-Address-Type
+attributeId: 1.2.840.113556.1.2.222
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: NXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33010
+hideFromAB: TRUE
+
+dn: CN=Inbound-Sites,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: InboundSites
+adminDisplayName: Inbound-Sites
+adminDescription: Inbound-Sites
+attributeId: 1.2.840.113556.1.2.71
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: FHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32956
+hideFromAB: TRUE
+
+dn: CN=msNPSequence,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msNPSequence
+adminDisplayName: msNPSequence
+adminDescription: msNPSequence
+attributeId: 1.2.840.113556.1.4.1131
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: j5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msNPVendorID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msNPVendorID
+adminDisplayName: msNPVendorID
+adminDescription: msNPVendorID
+attributeId: 1.2.840.113556.1.4.1134
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: kpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Newsfeed-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: NewsfeedType
+adminDisplayName: Newsfeed-Type
+adminDescription: Newsfeed-Type
+attributeId: 1.2.840.113556.1.2.495
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2
+schemaIdGuid:: NnTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33172
+hideFromAB: TRUE
+
+dn: CN=DXA-Imp-Seq-USN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXAImpSeqUSN
+adminDisplayName: DXA-Imp-Seq-USN
+adminDescription: DXA-Imp-Seq-USN
+attributeId: 1.2.840.113556.1.2.86
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 1HPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32901
+hideFromAB: TRUE
+
+dn: CN=Employee-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: employeeType
+adminDisplayName: Employee-Type
+adminDescription: Employee-Type
+attributeId: 1.2.840.113556.1.2.613
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+schemaIdGuid:: 8HPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 35945
+hideFromAB: TRUE
+
+dn: CN=DXA-Req-Seq-USN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXAReqSeqUSN
+adminDisplayName: DXA-Req-Seq-USN
+adminDescription: DXA-Req-Seq-USN
+attributeId: 1.2.840.113556.1.2.182
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 5nPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32920
+hideFromAB: TRUE
+
+dn: CN=MSMQ-Services,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: mSMQServices
+adminDisplayName: MSMQ-Services
+adminDescription: MSMQ-Services
+attributeId: 1.2.840.113556.1.4.950
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: PcMNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+isMemberOfPartialAttributeSet: TRUE
+
+dn: CN=Referral-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: ReferralList
+adminDisplayName: Referral-List
+adminDescription: Referral-List
+attributeId: 1.2.840.113556.1.2.510
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 1024
+schemaIdGuid:: V3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33187
+hideFromAB: TRUE
+
+dn: CN=Role-Occupant,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: roleOccupant
+adminDisplayName: Role-Occupant
+adminDescription: Role-Occupant
+attributeId: 2.5.4.33
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: ZXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33061
+hideFromAB: TRUE
+
+dn: CN=DXA-Import-Now,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXAImportNow
+adminDisplayName: DXA-Import-Now
+adminDescription: DXA-Import-Now
+attributeId: 1.2.840.113556.1.2.376
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 1XPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32902
+hideFromAB: TRUE
+
+dn: CN=Outbound-Host,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: OutboundHost
+adminDisplayName: Outbound-Host
+adminDescription: Outbound-Host
+attributeId: 1.2.840.113556.1.2.488
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 1024
+schemaIdGuid:: QnTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33165
+hideFromAB: TRUE
+
+dn: CN=Site-Affinity,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: SiteAffinity
+adminDisplayName: Site-Affinity
+adminDescription: Site-Affinity
+attributeId: 1.2.840.113556.1.2.434
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: dnTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33079
+hideFromAB: TRUE
+
+dn: CN=msAscendFRN391,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendFRN391
+adminDisplayName: msAscendFRN391
+adminDescription: msAscendFRN391
+attributeId: 1.2.840.113556.1.4.1035
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: MZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=DXA-Export-Now,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXAExportNow
+adminDisplayName: DXA-Export-Now
+adminDescription: DXA-Export-Now
+attributeId: 1.2.840.113556.1.2.377
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 0XPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32897
+hideFromAB: TRUE
+
+dn: CN=Unauth-Orig-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: UnauthOrigBL
+adminDisplayName: Unauth-Orig-BL
+adminDescription: Unauth-Orig-BL
+attributeId: 1.2.840.113556.1.2.292
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: lnTfqOrF0RG7ywCAx2ZwwA==
+linkID: 115
+mapiID: 33106
+hideFromAB: TRUE
+systemFlags: 1
+
+dn: CN=DXA-Svr-Seq-USN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXASvrSeqUSN
+adminDisplayName: DXA-Svr-Seq-USN
+adminDescription: DXA-Svr-Seq-USN
+attributeId: 1.2.840.113556.1.2.124
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 6nPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32924
+hideFromAB: TRUE
+
+dn: CN=msAscendFRT391,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendFRT391
+adminDisplayName: msAscendFRT391
+adminDescription: msAscendFRT391
+attributeId: 1.2.840.113556.1.4.1038
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: NJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendFRT392,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendFRT392
+adminDisplayName: msAscendFRT392
+adminDescription: msAscendFRT392
+attributeId: 1.2.840.113556.1.4.1039
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: NZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=USN-Intersite,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: USNIntersite
+adminDisplayName: USN-Intersite
+adminDescription: USN-Intersite
+attributeId: 1.2.840.113556.1.2.469
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+schemaIdGuid:: mHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33146
+hideFromAB: TRUE
+
+dn: CN=LDAP-Search-Cfg,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: LDAPSearchCfg
+adminDisplayName: LDAP-Search-Cfg
+adminDescription: LDAP-Search-Cfg
+attributeId: 1.2.840.113556.1.2.552
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2
+schemaIdGuid:: F3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 35869
+hideFromAB: TRUE
+
+dn: CN=Canonical-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: canonicalName
+adminDisplayName: Canonical-Name
+adminDescription: Canonical-Name
+attributeId: 1.2.840.113556.1.4.916
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIDGUID:: Rdl6mlPK0RG70ACAx2ZwwA==
+hideFromAB: TRUE
+systemFlags: 8000004
+
+dn: CN=Can-Create-PF-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: CanCreatePFBL
+adminDisplayName: Can-Create-PF-BL
+adminDescription: Can-Create-PF-BL
+attributeId: 1.2.840.113556.1.2.339
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: onPfqOrF0RG7ywCAx2ZwwA==
+linkID: 125
+mapiID: 32857
+hideFromAB: TRUE
+systemFlags: 1
+
+dn: CN=Can-Create-PF-DL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: CanCreatePFDL
+adminDisplayName: Can-Create-PF-DL
+adminDescription: Can-Create-PF-DL
+attributeId: 1.2.840.113556.1.2.62
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: o3PfqOrF0RG7ywCAx2ZwwA==
+linkID: 126
+mapiID: 32858
+hideFromAB: TRUE
+
+dn: CN=DXA-Local-Admin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXALocalAdmin
+adminDisplayName: DXA-Local-Admin
+adminDescription: DXA-Local-Admin
+attributeId: 1.2.840.113556.1.2.113
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: 13PfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32904
+hideFromAB: TRUE
+
+dn: CN=MTA-Local-Desig,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: MTALocalDesig
+adminDisplayName: MTA-Local-Desig
+adminDescription: MTA-Local-Desig
+attributeId: 1.2.840.113556.1.2.271
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32
+schemaIdGuid:: M3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33008
+hideFromAB: TRUE
+
+dn: CN=Object-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: objectClasses
+adminDisplayName: Object-Classes
+adminDescription: Object-Classes
+attributeId: 2.5.21.6
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIDGUID:: S9l6mlPK0RG70ACAx2ZwwA==
+hideFromAB: TRUE
+systemFlags: 8000004
+
+dn: CN=DXA-Imp-Seq-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXAImpSeqTime
+adminDisplayName: DXA-Imp-Seq-Time
+adminDescription: DXA-Imp-Seq-Time
+attributeId: 1.2.840.113556.1.2.117
+attributeSyntax: 2.5.5.11
+omSyntax: 23
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 03PfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32900
+hideFromAB: TRUE
+
+dn: CN=msAscendGroup,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendGroup
+adminDisplayName: msAscendGroup
+adminDescription: msAscendGroup
+attributeId: 1.2.840.113556.1.4.1042
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: OJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=DXA-Req-Seq-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXAReqSeqTime
+adminDisplayName: DXA-Req-Seq-Time
+adminDescription: DXA-Req-Seq-Time
+attributeId: 1.2.840.113556.1.2.114
+attributeSyntax: 2.5.5.11
+omSyntax: 23
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 5XPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32919
+hideFromAB: TRUE
+
+dn: CN=DXA-Conf-Seq-USN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXAConfSeqUSN
+adminDisplayName: DXA-Conf-Seq-USN
+adminDescription: DXA-Conf-Seq-USN
+attributeId: 1.2.840.113556.1.2.45
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: z3PfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32895
+hideFromAB: TRUE
+
+dn: CN=MSMQ-Long-Lived,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: mSMQLongLived
+adminDisplayName: MSMQ-Long-Lived
+adminDescription: MSMQ-Long-Lived
+attributeId: 1.2.840.113556.1.4.941
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: NcMNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=MSMQ-Site-Gates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: mSMQSiteGates
+adminDisplayName: MSMQ-Site-Gates
+adminDescription: MSMQ-Site-Gates
+attributeId: 1.2.840.113556.1.4.945
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: OcMNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msNPTimeOfDay,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msNPTimeOfDay
+adminDisplayName: msNPTimeOfDay
+adminDescription: msNPTimeOfDay
+attributeId: 1.2.840.113556.1.4.1133
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: kZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msRADIUSClass,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSClass
+adminDisplayName: msRADIUSClass
+adminDescription: msRADIUSClass
+attributeId: 1.2.840.113556.1.4.1146
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: nZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=DXA-Svr-Seq-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXASvrSeqTime
+adminDisplayName: DXA-Svr-Seq-Time
+adminDescription: DXA-Svr-Seq-Time
+attributeId: 1.2.840.113556.1.2.361
+attributeSyntax: 2.5.5.11
+omSyntax: 23
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 6XPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32923
+hideFromAB: TRUE
+
+dn: CN=MSMQ-Name-Style,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: mSMQNameStyle
+adminDisplayName: MSMQ-Name-Style
+adminDescription: MSMQ-Name-Style
+attributeId: 1.2.840.113556.1.4.939
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: M8MNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Outbound-Sites,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: OutboundSites
+adminDisplayName: Outbound-Sites
+adminDescription: Outbound-Sites
+attributeId: 1.2.840.113556.1.2.0
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: RXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33029
+hideFromAB: TRUE
+
+dn: CN=MSMQ-Queue-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: mSMQQueueType
+adminDisplayName: MSMQ-Queue-Type
+adminDescription: MSMQ-Queue-Type
+attributeId: 1.2.840.113556.1.4.917
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+schemaIdGuid:: IMMNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+isMemberOfPartialAttributeSet: TRUE
+
+dn: CN=Newsgroup-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: NewsgroupList
+adminDisplayName: Newsgroup-List
+adminDescription: Newsgroup-List
+attributeId: 1.2.840.113556.1.2.497
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: N3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33174
+hideFromAB: TRUE
+
+dn: CN=Report-To-Owner,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: ReportToOwner
+adminDisplayName: Report-To-Owner
+adminDescription: Report-To-Owner
+attributeId: 1.2.840.113556.1.2.207
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: X3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33057
+hideFromAB: TRUE
+
+dn: CN=Telephone-Personal-Pager,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: personalPager
+adminDisplayName: Telephone-Personal-Pager
+adminDescription: Telephone-Personal-Pager
+attributeId: 1.2.840.113556.1.2.612
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 128
+schemaIdGuid:: h3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 35944
+hideFromAB: TRUE
+
+dn: CN=RTS-Window-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: RTSWindowSize
+adminDisplayName: RTS-Window-Size
+adminDescription: RTS-Window-Size
+attributeId: 1.2.840.113556.1.2.153
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 10
+schemaIdGuid:: anTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33065
+hideFromAB: TRUE
+
+dn: CN=Use-Site-Values,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: UseSiteValues
+adminDisplayName: Use-Site-Values
+adminDescription: Use-Site-Values
+attributeId: 1.2.840.113556.1.2.478
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: l3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33155
+hideFromAB: TRUE
+
+dn: CN=msAscendBridge,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendBridge
+adminDisplayName: msAscendBridge
+adminDescription: msAscendBridge
+attributeId: 1.2.840.113556.1.4.989
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: A5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendFRDLCI,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendFRDLCI
+adminDisplayName: msAscendFRDLCI
+adminDescription: msAscendFRDLCI
+attributeId: 1.2.840.113556.1.4.1030
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: LJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendBackup,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendBackup
+adminDisplayName: msAscendBackup
+adminDescription: msAscendBackup
+attributeId: 1.2.840.113556.1.4.985
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: /48M2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendForce56,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendForce56
+adminDisplayName: msAscendForce56
+adminDescription: msAscendForce56
+attributeId: 1.2.840.113556.1.4.1023
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: JZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=DXA-Admin-Update,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXAAdminUpdate
+adminDisplayName: DXA-Admin-Update
+adminDescription: DXA-Admin-Update
+attributeId: 1.2.840.113556.1.2.381
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: ynPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32890
+hideFromAB: TRUE
+
+dn: CN=Can-Not-Create-PF,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: CanNotCreatePF
+adminDisplayName: Can-Not-Create-PF
+adminDescription: Can-Not-Create-PF
+attributeId: 1.2.840.113556.1.2.63
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: pXPfqOrF0RG7ywCAx2ZwwA==
+linkID: 128
+mapiID: 32860
+hideFromAB: TRUE
+
+dn: CN=DXA-Append-ReqCN,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXAAppendReqCN
+adminDisplayName: DXA-Append-ReqCN
+adminDescription: DXA-Append-ReqCN
+attributeId: 1.2.840.113556.1.2.174
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: y3PfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32891
+hideFromAB: TRUE
+
+dn: CN=DXA-Recipient-CP,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXARecipientCP
+adminDisplayName: DXA-Recipient-CP
+adminDescription: DXA-Recipient-CP
+attributeId: 1.2.840.113556.1.2.384
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 24
+schemaIdGuid:: 4nPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32916
+hideFromAB: TRUE
+
+dn: CN=MDB-Unread-Limit,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: MDBUnreadLimit
+adminDisplayName: MDB-Unread-Limit
+adminDescription: MDB-Unread-Limit
+attributeId: 1.2.840.113556.1.2.69
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: IXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32979
+hideFromAB: TRUE
+
+dn: CN=msAscendMetric,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendMetric
+adminDisplayName: msAscendMetric
+adminDescription: msAscendMetric
+attributeId: 1.2.840.113556.1.4.1065
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: T5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Off-Line-AB-Style,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: OffLineABStyle
+adminDisplayName: Off-Line-AB-Style
+adminDescription: Off-Line-AB-Style
+attributeId: 1.2.840.113556.1.2.390
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: P3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33019
+hideFromAB: TRUE
+
+dn: CN=DXA-Conf-Req-Time,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXAConfReqTime
+adminDisplayName: DXA-Conf-Req-Time
+adminDescription: DXA-Conf-Req-Time
+attributeId: 1.2.840.113556.1.2.122
+attributeSyntax: 2.5.5.11
+omSyntax: 23
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: zXPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32893
+hideFromAB: TRUE
+
+dn: CN=Can-Preserve-DNs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: CanPreserveDNs
+adminDisplayName: Can-Preserve-DNs
+adminDescription: Can-Preserve-DNs
+attributeId: 1.2.840.113556.1.2.455
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: qXPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32864
+hideFromAB: TRUE
+
+dn: CN=Employee-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: employeeNumber
+adminDisplayName: Employee-Number
+adminDescription: Employee-Number
+attributeId: 1.2.840.113556.1.2.610
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 512
+schemaIdGuid:: 73PfqOrF0RG7ywCAx2ZwwA==
+mapiID: 35943
+hideFromAB: TRUE
+
+dn: CN=Connection-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: ConnectionType
+adminDisplayName: Connection-Type
+adminDescription: Connection-Type
+attributeId: 1.2.840.113556.1.2.525
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: uHPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33203
+hideFromAB: TRUE
+
+dn: CN=msAscendFRType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendFRType
+adminDisplayName: msAscendFRType
+adminDescription: msAscendFRType
+attributeId: 1.2.840.113556.1.4.1040
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: NpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msNPIPPoolName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msNPIPPoolName
+adminDisplayName: msNPIPPoolName
+adminDescription: msNPIPPoolName
+attributeId: 1.2.840.113556.1.4.1128
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: jJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msRADIUSAnyVSA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSAnyVSA
+adminDisplayName: msRADIUSAnyVSA
+adminDescription: msRADIUSAnyVSA
+attributeId: 1.2.840.113556.1.4.1137
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: lJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msRASUseRADIUS,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRASUseRADIUS
+adminDisplayName: msRASUseRADIUS
+adminDescription: msRASUseRADIUS
+attributeId: 1.2.840.113556.1.4.1192
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: yJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Authorized-User,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: AuthorizedUser
+adminDisplayName: Authorized-User
+adminDescription: Authorized-User
+attributeId: 1.2.840.113556.1.2.276
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 512
+schemaIdGuid:: nXPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32854
+hideFromAB: TRUE
+
+dn: CN=msNPConstraint,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msNPConstraint
+adminDisplayName: msNPConstraint
+adminDescription: msNPConstraint
+attributeId: 1.2.840.113556.1.4.1126
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: i5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Attribute-Types,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: attributeTypes
+adminDisplayName: Attribute-Types
+adminDescription: Attribute-Types
+attributeId: 2.5.21.5
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIDGUID:: RNl6mlPK0RG70ACAx2ZwwA==
+hideFromAB: TRUE
+systemFlags: 8000004
+
+dn: CN=Local-Bridge-Head,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: LocalBridgeHead
+adminDisplayName: Local-Bridge-Head
+adminDescription: Local-Bridge-Head
+attributeId: 1.2.840.113556.1.2.311
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+schemaIdGuid:: GnTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32966
+hideFromAB: TRUE
+
+dn: CN=msRADIUSPrompt,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSPrompt
+adminDisplayName: msRADIUSPrompt
+adminDescription: msRADIUSPrompt
+attributeId: 1.2.840.113556.1.4.1170
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: tZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=MSMQ-Encrypt-Key,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: mSMQEncryptKey
+adminDisplayName: MSMQ-Encrypt-Key
+adminDescription: MSMQ-Encrypt-Key
+attributeId: 1.2.840.113556.1.4.936
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: McMNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+isMemberOfPartialAttributeSet: TRUE
+
+dn: CN=RAS-Phone-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: RASPhoneNumber
+adminDisplayName: RAS-Phone-Number
+adminDescription: RAS-Phone-Number
+attributeId: 1.2.840.113556.1.2.314
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 128
+schemaIdGuid:: VHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33046
+hideFromAB: TRUE
+
+dn: CN=Monitor-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: MonitorServers
+adminDisplayName: Monitor-Servers
+adminDescription: Monitor-Servers
+attributeId: 1.2.840.113556.1.2.156
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: JHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32983
+hideFromAB: TRUE
+
+dn: CN=Site-Folder-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: SiteFolderGUID
+adminDisplayName: Site-Folder-GUID
+adminDescription: Site-Folder-GUID
+attributeId: 1.2.840.113556.1.2.456
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: d3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33126
+hideFromAB: TRUE
+
+dn: CN=Site-Proxy-Space,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: SiteProxySpace
+adminDisplayName: Site-Proxy-Space
+adminDescription: Site-Proxy-Space
+attributeId: 1.2.840.113556.1.2.385
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 1123
+schemaIdGuid:: eXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33080
+hideFromAB: TRUE
+
+dn: CN=SMIME-Alg-List-NA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: SMIMEAlgListNA
+adminDisplayName: SMIME-Alg-List-NA
+adminDescription: SMIME-Alg-List-NA
+attributeId: 1.2.840.113556.1.2.568
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+schemaIdGuid:: enTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 35891
+hideFromAB: TRUE
+
+dn: CN=Can-Create-PF-DL-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: CanCreatePFDLBL
+adminDisplayName: Can-Create-PF-DL-BL
+adminDescription: Can-Create-PF-DL-BL
+attributeId: 1.2.840.113556.1.2.340
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: pHPfqOrF0RG7ywCAx2ZwwA==
+linkID: 127
+mapiID: 32859
+hideFromAB: TRUE
+systemFlags: 1
+
+dn: CN=Telephone-Personal-Mobile,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: personalMobile
+adminDisplayName: Telephone-Personal-Mobile
+adminDescription: Telephone-Personal-Mobile
+attributeId: 1.2.840.113556.1.2.611
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 128
+schemaIdGuid:: hnTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 14877
+hideFromAB: TRUE
+
+dn: CN=Trans-Retry-Mins,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: TransRetryMins
+adminDisplayName: Trans-Retry-Mins
+adminDescription: Trans-Retry-Mins
+attributeId: 1.2.840.113556.1.2.219
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: inTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33095
+hideFromAB: TRUE
+
+dn: CN=View-Definition,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: ViewDefinition
+adminDisplayName: View-Definition
+adminDescription: View-Definition
+attributeId: 1.2.840.113556.1.2.549
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 2048
+schemaIdGuid:: mXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 35867
+hideFromAB: TRUE
+
+dn: CN=msAscendDataSvc,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendDataSvc
+adminDisplayName: msAscendDataSvc
+adminDescription: msAscendDataSvc
+attributeId: 1.2.840.113556.1.4.1009
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: F5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=DXA-Logging-Level,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXALoggingLevel
+adminDisplayName: DXA-Logging-Level
+adminDescription: DXA-Logging-Level
+attributeId: 1.2.840.113556.1.2.382
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 1
+schemaIdGuid:: 2HPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32905
+hideFromAB: TRUE
+
+dn: CN=Off-Line-AB-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: OffLineABServer
+adminDisplayName: Off-Line-AB-Server
+adminDescription: Off-Line-AB-Server
+attributeId: 1.2.840.113556.1.2.392
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: PnTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33018
+hideFromAB: TRUE
+
+dn: CN=Inbound-Newsfeed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: InboundNewsfeed
+adminDisplayName: Inbound-Newsfeed
+adminDescription: Inbound-Newsfeed
+attributeId: 1.2.840.113556.1.2.494
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: EnTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33171
+hideFromAB: TRUE
+
+dn: CN=Maximum-Object-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: MaximumObjectID
+adminDisplayName: Maximum-Object-ID
+adminDescription: Maximum-Object-ID
+attributeId: 1.2.840.113556.1.2.458
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 22
+schemaIdGuid:: HnTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33129
+hideFromAB: TRUE
+
+dn: CN=House-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: houseIdentifier
+adminDisplayName: House-Identifier
+adminDescription: House-Identifier
+attributeId: 1.2.840.113556.1.2.596
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 128
+schemaIdGuid:: B3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 35924
+hideFromAB: TRUE
+
+dn: CN=DXA-Remote-Client,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXARemoteClient
+adminDisplayName: DXA-Remote-Client
+adminDescription: DXA-Remote-Client
+attributeId: 1.2.840.113556.1.2.112
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: 43PfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32917
+hideFromAB: TRUE
+
+dn: CN=msAscendPPPVJ1172,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendPPPVJ1172
+adminDisplayName: msAscendPPPVJ1172
+adminDescription: msAscendPPPVJ1172
+attributeId: 1.2.840.113556.1.4.1080
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: XpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msNPAllowDialin,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msNPAllowDialin
+adminDisplayName: msNPAllowDialin
+adminDescription: msNPAllowDialin
+attributeId: 1.2.840.113556.1.4.1119
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: hZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendRouteIP,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendRouteIP
+adminDisplayName: msAscendRouteIP
+adminDescription: msAscendRouteIP
+attributeId: 1.2.840.113556.1.4.1096
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: bpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=HTTP-Pub-GAL-Limit,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: HTTPPubGALLimit
+adminDisplayName: HTTP-Pub-GAL-Limit
+adminDescription: HTTP-Pub-GAL-Limit
+attributeId: 1.2.840.113556.1.2.503
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: CnTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33180
+hideFromAB: TRUE
+
+dn: CN=Anonymous-Access,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: AnonymousAccess
+adminDisplayName: Anonymous-Access
+adminDescription: Anonymous-Access
+attributeId: 1.2.840.113556.1.2.482
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: knPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33159
+hideFromAB: TRUE
+
+dn: CN=Import-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: ImportContainer
+adminDisplayName: Import-Container
+adminDescription: Import-Container
+attributeId: 1.2.840.113556.1.2.110
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: DXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32954
+hideFromAB: TRUE
+
+dn: CN=Modify-Time-Stamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: modifyTimeStamp
+adminDisplayName: Modify-Time-Stamp
+adminDescription: Modify-Time-Stamp
+attributeId: 2.5.18.2
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIDGUID:: Stl6mlPK0RG70ACAx2ZwwA==
+hideFromAB: TRUE
+systemFlags: 8000004
+
+dn: CN=msAscendFRDCEN392,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendFRDCEN392
+adminDisplayName: msAscendFRDCEN392
+adminDescription: msAscendFRDCEN392
+attributeId: 1.2.840.113556.1.4.1025
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: J5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendFRDCEN393,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendFRDCEN393
+adminDisplayName: msAscendFRDCEN393
+adminDescription: msAscendFRDCEN393
+attributeId: 1.2.840.113556.1.4.1026
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: KJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=DIT-Content-Rules,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: dITContentRules
+adminDisplayName: DIT-Content-Rules
+adminDescription: DIT-Content-Rules
+attributeId: 2.5.21.2
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIDGUID:: Rtl6mlPK0RG70ACAx2ZwwA==
+hideFromAB: TRUE
+systemFlags: 8000004
+
+dn: CN=Monitor-Services,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: MonitorServices
+adminDisplayName: Monitor-Services
+adminDescription: Monitor-Services
+attributeId: 1.2.840.113556.1.2.160
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: JXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32984
+hideFromAB: TRUE
+
+dn: CN=msAscendFRDTEN392,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendFRDTEN392
+adminDisplayName: msAscendFRDTEN392
+adminDescription: msAscendFRDTEN392
+attributeId: 1.2.840.113556.1.4.1031
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: LZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendFRDTEN393,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendFRDTEN393
+adminDisplayName: msAscendFRDTEN393
+adminDescription: msAscendFRDTEN393
+attributeId: 1.2.840.113556.1.4.1032
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: LpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=MSMQ-Service-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: mSMQServiceType
+adminDisplayName: MSMQ-Service-Type
+adminDescription: MSMQ-Service-Type
+attributeId: 1.2.840.113556.1.4.930
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: LcMNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+isMemberOfPartialAttributeSet: TRUE
+
+dn: CN=Control-Msg-Rules,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: ControlMsgRules
+adminDisplayName: Control-Msg-Rules
+adminDescription: Control-Msg-Rules
+attributeId: 1.2.840.113556.1.2.485
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32767
+schemaIdGuid:: u3PfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33162
+hideFromAB: TRUE
+
+dn: CN=Short-Server-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: shortServerName
+adminDisplayName: Short-Server-Name
+adminDescription: Short-Server-Name
+attributeId: 1.2.840.113556.1.4.1209
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: ARWwRRnE0RG7yQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Supporting-Stack,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: SupportingStack
+adminDisplayName: Supporting-Stack
+adminDescription: Supporting-Stack
+attributeId: 1.2.840.113556.1.2.28
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: gHTfqOrF0RG7ywCAx2ZwwA==
+linkID: 132
+mapiID: 33086
+hideFromAB: TRUE
+
+dn: CN=msAscendCallback,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendCallback
+adminDisplayName: msAscendCallback
+adminDescription: msAscendCallback
+attributeId: 1.2.840.113556.1.4.992
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: BpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendCBCPMode,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendCBCPMode
+adminDisplayName: msAscendCBCPMode
+adminDescription: msAscendCBCPMode
+attributeId: 1.2.840.113556.1.4.1000
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: DpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Remote-Bridge-Head,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: RemoteBridgeHead
+adminDisplayName: Remote-Bridge-Head
+adminDescription: Remote-Bridge-Head
+attributeId: 1.2.840.113556.1.2.191
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+schemaIdGuid:: WHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33050
+hideFromAB: TRUE
+
+
+dn: CN=msAscendDataRate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendDataRate
+adminDisplayName: msAscendDataRate
+adminDescription: msAscendDataRate
+attributeId: 1.2.840.113556.1.4.1008
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: FpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Hide-DL-Membership,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: HideDLMembership
+adminDisplayName: Hide-DL-Membership
+adminDescription: Hide-DL-Membership
+attributeId: 1.2.840.113556.1.2.297
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: BXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32952
+hideFromAB: TRUE
+
+dn: CN=Send-EMail-Message,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: SendEMailMessage
+adminDisplayName: Send-EMail-Message
+adminDescription: Send-EMail-Message
+attributeId: 1.2.840.113556.1.2.566
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: bnTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 35889
+hideFromAB: TRUE
+
+dn: CN=Inbound-Accept-All,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: InboundAcceptAll
+adminDisplayName: Inbound-Accept-All
+adminDescription: Inbound-Accept-All
+attributeId: 1.2.840.113556.1.2.555
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: D3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 35872
+hideFromAB: TRUE
+
+dn: CN=Can-Not-Create-PF-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: CanNotCreatePFBL
+adminDisplayName: Can-Not-Create-PF-BL
+adminDescription: Can-Not-Create-PF-BL
+attributeId: 1.2.840.113556.1.2.341
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: pnPfqOrF0RG7ywCAx2ZwwA==
+linkID: 129
+mapiID: 32861
+hideFromAB: TRUE
+systemFlags: 1
+
+dn: CN=Can-Not-Create-PF-DL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: CanNotCreatePFDL
+adminDisplayName: Can-Not-Create-PF-DL
+adminDescription: Can-Not-Create-PF-DL
+attributeId: 1.2.840.113556.1.2.300
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: p3PfqOrF0RG7ywCAx2ZwwA==
+linkID: 130
+mapiID: 32862
+hideFromAB: TRUE
+
+dn: CN=Connected-Domains,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: ConnectedDomains
+adminDisplayName: Connected-Domains
+adminDescription: Connected-Domains
+attributeId: 1.2.840.113556.1.2.211
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 1243
+schemaIdGuid:: tXPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32870
+hideFromAB: TRUE
+
+dn: CN=Gateway-Local-Cred,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: GatewayLocalCred
+adminDisplayName: Gateway-Local-Cred
+adminDescription: Gateway-Local-Cred
+attributeId: 1.2.840.113556.1.2.37
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+schemaIdGuid:: AXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32944
+hideFromAB: TRUE
+
+dn: CN=msAscendFRDirect,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendFRDirect
+adminDisplayName: msAscendFRDirect
+adminDescription: msAscendFRDirect
+attributeId: 1.2.840.113556.1.4.1027
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: KZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendIPDirect,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendIPDirect
+adminDisplayName: msAscendIPDirect
+adminDescription: msAscendIPDirect
+attributeId: 1.2.840.113556.1.4.1053
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: Q5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Clock-Alert-Repair,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: ClockAlertRepair
+adminDisplayName: Clock-Alert-Repair
+adminDescription: Clock-Alert-Repair
+attributeId: 1.2.840.113556.1.2.164
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: sXPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32866
+hideFromAB: TRUE
+
+dn: CN=msAscendIPXAlias,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendIPXAlias
+adminDisplayName: msAscendIPXAlias
+adminDescription: msAscendIPXAlias
+attributeId: 1.2.840.113556.1.4.1055
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: RZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Clock-Alert-Offset,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: ClockAlertOffset
+adminDisplayName: Clock-Alert-Offset
+adminDescription: Clock-Alert-Offset
+attributeId: 1.2.840.113556.1.2.165
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: sHPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32865
+hideFromAB: TRUE
+
+dn: CN=DXA-In-Template-Map,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXAInTemplateMap
+adminDisplayName: DXA-In-Template-Map
+adminDescription: DXA-In-Template-Map
+attributeId: 1.2.840.113556.1.2.363
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 128
+schemaIdGuid:: 1nPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32903
+hideFromAB: TRUE
+
+dn: CN=DL-Mem-Reject-Perms,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DLMemRejectPerms
+adminDisplayName: DL-Mem-Reject-Perms
+adminDescription: DL-Mem-Reject-Perms
+attributeId: 1.2.840.113556.1.2.47
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: VgYBAgULHQ==
+schemaIdGuid:: wnPfqOrF0RG7ywCAx2ZwwA==
+linkID: 116
+hideFromAB: TRUE
+
+dn: CN=Character-Set-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: CharacterSetList
+adminDisplayName: Character-Set-List
+adminDescription: Character-Set-List
+attributeId: 1.2.840.113556.1.2.477
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 128
+schemaIdGuid:: rnPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33154
+hideFromAB: TRUE
+
+dn: CN=Expand-DLs-Locally,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: ExpandDLsLocally
+adminDisplayName: Expand-DLs-Locally
+adminDescription: Expand-DLs-Locally
+attributeId: 1.2.840.113556.1.2.201
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: +3PfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32932
+hideFromAB: TRUE
+
+dn: CN=Authorized-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: AuthorizedDomain
+adminDisplayName: Authorized-Domain
+adminDescription: Authorized-Domain
+attributeId: 1.2.840.113556.1.2.202
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 15
+schemaIdGuid:: mnPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32852
+hideFromAB: TRUE
+
+dn: CN=Folders-Container,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: FoldersContainer
+adminDisplayName: Folders-Container
+adminDescription: Folders-Container
+attributeId: 1.2.840.113556.1.2.235
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: /3PfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32942
+hideFromAB: TRUE
+
+dn: CN=msAscendCallType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendCallType
+adminDisplayName: msAscendCallType
+adminDescription: msAscendCallType
+attributeId: 1.2.840.113556.1.4.997
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: C5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendFRLinkUp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendFRLinkUp
+adminDisplayName: msAscendFRLinkUp
+adminDescription: msAscendFRLinkUp
+attributeId: 1.2.840.113556.1.4.1034
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: MJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendHostInfo,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendHostInfo
+adminDisplayName: msAscendHostInfo
+adminDescription: msAscendHostInfo
+attributeId: 1.2.840.113556.1.4.1049
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: P5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Local-Initial-Turn,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: LocalInitialTurn
+adminDisplayName: Local-Initial-Turn
+adminDescription: Local-Initial-Turn
+attributeId: 1.2.840.113556.1.2.39
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: HHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32968
+hideFromAB: TRUE
+
+dn: CN=Home-Public-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: HomePublicServer
+adminDisplayName: Home-Public-Server
+adminDescription: Home-Public-Server
+attributeId: 1.2.840.113556.1.2.441
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: BnTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32831
+hideFromAB: TRUE
+
+
+dn: CN=msAscendMenuItem,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendMenuItem
+adminDisplayName: msAscendMenuItem
+adminDescription: msAscendMenuItem
+attributeId: 1.2.840.113556.1.4.1063
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: TZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendRemoteFW,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendRemoteFW
+adminDisplayName: msAscendRemoteFW
+adminDescription: msAscendRemoteFW
+attributeId: 1.2.840.113556.1.4.1092
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: apAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Encrypt-Alg-List-NA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: EncryptAlgListNA
+adminDisplayName: Encrypt-Alg-List-NA
+adminDescription: Encrypt-Alg-List-NA
+attributeId: 1.2.840.113556.1.2.130
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32
+schemaIdGuid:: 93PfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32832
+hideFromAB: TRUE
+
+dn: CN=Incoming-Password,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: IncomingPassword
+adminDisplayName: Incoming-Password
+adminDescription: Incoming-Password
+attributeId: 1.2.840.113556.1.2.521
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: FXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33199
+hideFromAB: TRUE
+
+dn: CN=msAscendSendAuth,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendSendAuth
+adminDisplayName: msAscendSendAuth
+adminDescription: msAscendSendAuth
+attributeId: 1.2.840.113556.1.4.1101
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: c5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=DL-Mem-Submit-Perms,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DLMemSubmitPerms
+adminDisplayName: DL-Mem-Submit-Perms
+adminDescription: DL-Mem-Submit-Perms
+attributeId: 1.2.840.113556.1.2.144
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: VgYBAgULHQ==
+schemaIdGuid:: xHPfqOrF0RG7ywCAx2ZwwA==
+linkID: 112
+hideFromAB: TRUE
+
+dn: CN=msAscendFT1Caller,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendFT1Caller
+adminDisplayName: msAscendFT1Caller
+adminDescription: msAscendFT1Caller
+attributeId: 1.2.840.113556.1.4.1041
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: N5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendIPXRoute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendIPXRoute
+adminDisplayName: msAscendIPXRoute
+adminDescription: msAscendIPXRoute
+attributeId: 1.2.840.113556.1.4.1058
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: SJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendRouteIPX,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendRouteIPX
+adminDisplayName: msAscendRouteIPX
+adminDescription: msAscendRouteIPX
+attributeId: 1.2.840.113556.1.4.1097
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: b5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendXmitRate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendXmitRate
+adminDisplayName: msAscendXmitRate
+adminDescription: msAscendXmitRate
+attributeId: 1.2.840.113556.1.4.1118
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: hJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=MSMQ-Authenticate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: mSMQAuthenticate
+adminDisplayName: MSMQ-Authenticate
+adminDescription: MSMQ-Authenticate
+attributeId: 1.2.840.113556.1.4.923
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: JsMNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+isMemberOfPartialAttributeSet: TRUE
+
+dn: CN=msRADIUSFilterId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSFilterId
+adminDisplayName: msRADIUSFilterId
+adminDescription: msRADIUSFilterId
+attributeId: 1.2.840.113556.1.4.1148
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: n5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Anonymous-Account,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: AnonymousAccount
+adminDisplayName: Anonymous-Account
+adminDescription: Anonymous-Account
+attributeId: 1.2.840.113556.1.2.561
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+schemaIdGuid:: k3PfqOrF0RG7ywCAx2ZwwA==
+mapiID: 35878
+hideFromAB: TRUE
+
+dn: CN=Export-Containers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: ExportContainers
+adminDisplayName: Export-Containers
+adminDescription: Export-Containers
+attributeId: 1.2.840.113556.1.2.111
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: /HPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32933
+hideFromAB: TRUE
+
+dn: CN=Monitored-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: MonitoredServers
+adminDisplayName: Monitored-Servers
+adminDescription: Monitored-Servers
+attributeId: 1.2.840.113556.1.2.179
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: JnTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32986
+hideFromAB: TRUE
+
+dn: CN=MSMQ-Base-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: mSMQBasePriority
+adminDisplayName: MSMQ-Base-Priority
+adminDescription: MSMQ-Base-Priority
+attributeId: 1.2.840.113556.1.4.920
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: I8MNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+isMemberOfPartialAttributeSet: TRUE
+
+dn: CN=Num-Of-Open-Retries,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: NumOfOpenRetries
+adminDisplayName: Num-Of-Open-Retries
+adminDescription: Num-Of-Open-Retries
+attributeId: 1.2.840.113556.1.2.148
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid:: OnTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33012
+hideFromAB: TRUE
+
+dn: CN=Outbound-Newsfeed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: OutboundNewsfeed
+adminDisplayName: Outbound-Newsfeed
+adminDescription: Outbound-Newsfeed
+attributeId: 1.2.840.113556.1.2.496
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: RHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33173
+hideFromAB: TRUE
+
+dn: CN=MSMQ-Journal-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: mSMQJournalQuota
+adminDisplayName: MSMQ-Journal-Quota
+adminDescription: MSMQ-Journal-Quota
+attributeId: 1.2.840.113556.1.4.921
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: JMMNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+isMemberOfPartialAttributeSet: TRUE
+
+dn: CN=P-Selector-Inbound,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: PSelectorInbound
+adminDisplayName: P-Selector-Inbound
+adminDescription: P-Selector-Inbound
+attributeId: 1.2.840.113556.1.2.52
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 16
+schemaIdGuid:: SXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33031
+hideFromAB: TRUE
+
+dn: CN=MSMQ-Computer-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: mSMQComputerType
+adminDisplayName: MSMQ-Computer-Type
+adminDescription: MSMQ-Computer-Type
+attributeId: 1.2.840.113556.1.4.933
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: LsMNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Outbound-Host-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: OutboundHostType
+adminDisplayName: Outbound-Host-Type
+adminDescription: Outbound-Host-Type
+attributeId: 1.2.840.113556.1.2.522
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: Q3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33200
+hideFromAB: TRUE
+
+dn: CN=S-Selector-Inbound,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: SSelectorInbound
+adminDisplayName: S-Selector-Inbound
+adminDescription: S-Selector-Inbound
+attributeId: 1.2.840.113556.1.2.46
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 16
+schemaIdGuid:: bXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33068
+hideFromAB: TRUE
+
+dn: CN=Off-Line-AB-Schedule,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: OffLineABSchedule
+adminDisplayName: Off-Line-AB-Schedule
+adminDescription: Off-Line-AB-Schedule
+attributeId: 1.2.840.113556.1.2.389
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 84
+rangeUpper: 84
+schemaIdGuid:: PXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33017
+hideFromAB: TRUE
+
+dn: CN=msAscendCBCPDelay,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendCBCPDelay
+adminDisplayName: msAscendCBCPDelay
+adminDescription: msAscendCBCPDelay
+attributeId: 1.2.840.113556.1.4.998
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: DJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=RAS-Callback-Number,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: RASCallbackNumber
+adminDisplayName: RAS-Callback-Number
+adminDescription: RAS-Callback-Number
+attributeId: 1.2.840.113556.1.2.315
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 48
+schemaIdGuid:: UnTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33045
+hideFromAB: TRUE
+
+dn: CN=Site-Folder-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: SiteFolderServer
+adminDisplayName: Site-Folder-Server
+adminDescription: Site-Folder-Server
+attributeId: 1.2.840.113556.1.2.457
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: eHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33127
+hideFromAB: TRUE
+
+dn: CN=T-Selector-Inbound,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: TSelectorInbound
+adminDisplayName: T-Selector-Inbound
+adminDescription: T-Selector-Inbound
+attributeId: 1.2.840.113556.1.2.5
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32
+schemaIdGuid:: gnTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33089
+hideFromAB: TRUE
+
+dn: CN=Trans-Timeout-Mins,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: TransTimeoutMins
+adminDisplayName: Trans-Timeout-Mins
+adminDescription: Trans-Timeout-Mins
+attributeId: 1.2.840.113556.1.2.220
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: i3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33096
+hideFromAB: TRUE
+
+dn: CN=Bridgehead-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: BridgeheadServers
+adminDisplayName: Bridgehead-Servers
+adminDescription: Bridgehead-Servers
+attributeId: 1.2.840.113556.1.2.463
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: oHPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33140
+hideFromAB: TRUE
+
+dn: CN=Gateway-Local-Desig,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: GatewayLocalDesig
+adminDisplayName: Gateway-Local-Desig
+adminDescription: Gateway-Local-Desig
+attributeId: 1.2.840.113556.1.2.29
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32
+schemaIdGuid:: AnTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32945
+hideFromAB: TRUE
+
+dn: CN=msAscendHandleIPX,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendHandleIPX
+adminDisplayName: msAscendHandleIPX
+adminDescription: msAscendHandleIPX
+attributeId: 1.2.840.113556.1.4.1043
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: OZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendIdleLimit,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendIdleLimit
+adminDisplayName: msAscendIdleLimit
+adminDescription: msAscendIdleLimit
+attributeId: 1.2.840.113556.1.4.1050
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: QJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendIFNetmask,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendIFNetmask
+adminDisplayName: msAscendIFNetmask
+adminDescription: msAscendIFNetmask
+attributeId: 1.2.840.113556.1.4.1051
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: QZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Extended-Class-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: extendedClassInfo
+adminDisplayName: Extended-Class-Info
+adminDescription: Extended-Class-Info
+attributeId: 1.2.840.113556.1.4.908
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIDGUID:: SNl6mlPK0RG70ACAx2ZwwA==
+hideFromAB: TRUE
+systemFlags: 8000004
+
+dn: CN=msAscendDHCPReply,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendDHCPReply
+adminDisplayName: msAscendDHCPReply
+adminDescription: msAscendDHCPReply
+attributeId: 1.2.840.113556.1.4.1014
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: HJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendFRLinkMgt,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendFRLinkMgt
+adminDisplayName: msAscendFRLinkMgt
+adminDescription: msAscendFRLinkMgt
+attributeId: 1.2.840.113556.1.4.1033
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: L5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Admin-Extension-DLL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: AdminExtensionDLL
+adminDisplayName: Admin-Extension-DLL
+adminDescription: Admin-Extension-DLL
+attributeId: 1.2.840.113556.1.2.95
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 255
+schemaIdGuid:: kXPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32844
+hideFromAB: TRUE
+
+dn: CN=msAscendFirstDest,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendFirstDest
+adminDisplayName: msAscendFirstDest
+adminDescription: msAscendFirstDest
+attributeId: 1.2.840.113556.1.4.1022
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: JJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=List-Public-Folders,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: ListPublicFolders
+adminDisplayName: List-Public-Folders
+adminDescription: List-Public-Folders
+attributeId: 1.2.840.113556.1.2.592
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: GXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 35920
+hideFromAB: TRUE
+
+dn: CN=Display-Name-Suffix,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DisplayNameSuffix
+adminDisplayName: Display-Name-Suffix
+adminDescription: Display-Name-Suffix
+attributeId: 1.2.840.113556.1.2.586
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+schemaIdGuid:: wXPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 35908
+hideFromAB: TRUE
+
+dn: CN=msRADIUSEapTypeID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSEapTypeID
+adminDisplayName: msRADIUSEapTypeID
+adminDescription: msRADIUSEapTypeID
+attributeId: 1.2.840.113556.1.4.1210
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 4I3dYZnF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Allowed-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: allowedAttributes
+adminDisplayName: Allowed-Attributes
+adminDescription: Allowed-Attributes
+attributeId: 1.2.840.113556.1.4.913
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIDGUID:: QNl6mlPK0RG70ACAx2ZwwA==
+hideFromAB: TRUE
+systemFlags: 8000004
+
+dn: CN=Certificate-Chain-V3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: CertificateChainV3
+adminDisplayName: Certificate-Chain-V3
+adminDescription: Certificate-Chain-V3
+attributeId: 1.2.840.113556.1.2.562
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: qnPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 35879
+hideFromAB: TRUE
+
+dn: CN=DXA-Out-Template-Map,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXAOutTemplateMap
+adminDisplayName: DXA-Out-Template-Map
+adminDescription: DXA-Out-Template-Map
+attributeId: 1.2.840.113556.1.2.364
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 128
+schemaIdGuid:: 2nPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32907
+hideFromAB: TRUE
+
+dn: CN=msAscendEventType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendEventType
+adminDisplayName: msAscendEventType
+adminDescription: msAscendEventType
+attributeId: 1.2.840.113556.1.4.1019
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: IZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=MSMQ-Transactional,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: mSMQTransactional
+adminDisplayName: MSMQ-Transactional
+adminDescription: MSMQ-Transactional
+attributeId: 1.2.840.113556.1.4.926
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: KcMNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+isMemberOfPartialAttributeSet: TRUE
+
+dn: CN=msRADIUSFramedMTU,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSFramedMTU
+adminDisplayName: msRADIUSFramedMTU
+adminDescription: msRADIUSFramedMTU
+attributeId: 1.2.840.113556.1.4.1156
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: p5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Possible-Inferiors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: possibleInferiors
+adminDisplayName: Possible-Inferiors
+adminDescription: Possible-Inferiors
+attributeId: 1.2.840.113556.1.4.915
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIDGUID:: TNl6mlPK0RG70ACAx2ZwwA==
+hideFromAB: TRUE
+systemFlags: 8000004
+
+dn: CN=MSMQ-Privacy-Levell,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: mSMQPrivacyLevell
+adminDisplayName: MSMQ-Privacy-Levell
+adminDescription: MSMQ-Privacy-Levell
+attributeId: 1.2.840.113556.1.4.924
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2
+schemaIdGuid:: J8MNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+isMemberOfPartialAttributeSet: TRUE
+
+dn: CN=RAS-Remote-SRVR-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: RASRemoteSRVRName
+adminDisplayName: RAS-Remote-SRVR-Name
+adminDescription: RAS-Remote-SRVR-Name
+attributeId: 1.2.840.113556.1.2.78
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 15
+schemaIdGuid:: VnTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33048
+hideFromAB: TRUE
+
+dn: CN=Proxy-Generator-DLL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: ProxyGeneratorDLL
+adminDisplayName: Proxy-Generator-DLL
+adminDescription: Proxy-Generator-DLL
+attributeId: 1.2.840.113556.1.2.328
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 255
+schemaIdGuid:: TnTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33039
+hideFromAB: TRUE
+
+dn: CN=Remote-Out-BH-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: RemoteOutBHServer
+adminDisplayName: Remote-Out-BH-Server
+adminDescription: Remote-Out-BH-Server
+attributeId: 1.2.840.113556.1.2.310
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: WnTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33052
+hideFromAB: TRUE
+
+dn: CN=RTS-Checkpoint-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: RTSCheckpointSize
+adminDisplayName: RTS-Checkpoint-Size
+adminDescription: RTS-Checkpoint-Size
+attributeId: 1.2.840.113556.1.2.152
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 100
+schemaIdGuid:: aHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33063
+hideFromAB: TRUE
+
+dn: CN=msAscendBACPEnable,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendBACPEnable
+adminDisplayName: msAscendBACPEnable
+adminDescription: msAscendBACPEnable
+attributeId: 1.2.840.113556.1.4.986
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: AJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendCBCPEnable,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendCBCPEnable
+adminDisplayName: msAscendCBCPEnable
+adminDescription: msAscendCBCPEnable
+attributeId: 1.2.840.113556.1.4.999
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: DZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msRADIUSPortLimit,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSPortLimit
+adminDisplayName: msRADIUSPortLimit
+adminDescription: msRADIUSPortLimit
+attributeId: 1.2.840.113556.1.4.1169
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: tJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Open-Retry-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: OpenRetryInterval
+adminDisplayName: Open-Retry-Interval
+adminDescription: Open-Retry-Interval
+attributeId: 1.2.840.113556.1.2.143
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: QXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33024
+hideFromAB: TRUE
+
+dn: CN=NNTP-Distributions,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: NNTPDistributions
+adminDisplayName: NNTP-Distributions
+adminDescription: NNTP-Distributions
+attributeId: 1.2.840.113556.1.2.498
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 4096
+schemaIdGuid:: OHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33175
+hideFromAB: TRUE
+
+dn: CN=SMIME-Alg-List-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: SMIMEAlgListOther
+adminDisplayName: SMIME-Alg-List-Other
+adminDescription: SMIME-Alg-List-Other
+attributeId: 1.2.840.113556.1.2.569
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+schemaIdGuid:: e3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 35892
+hideFromAB: TRUE
+
+dn: CN=SubSchemaSubEntry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: subSchemaSubEntry
+adminDisplayName: SubSchemaSubEntry
+adminDescription: SubSchemaSubEntry
+attributeId: 2.5.18.10
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIDGUID:: Tdl6mlPK0RG70ACAx2ZwwA==
+hideFromAB: TRUE
+systemFlags: 8000004
+
+dn: CN=Well-Known-Objects,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: wellKnownObjects
+adminDisplayName: Well-Known-Objects
+adminDescription: Well-Known-Objects
+attributeId: 1.2.840.113556.1.4.618
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+oMObjectClass:: KoZIhvcUAQEBCw==
+schemaIdGuid:: g4kwBYh20RGt7QDAT9jVzQ==
+hideFromAB: TRUE
+
+dn: CN=X25-Leased-Line-Port,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: X25LeasedLinePort
+adminDisplayName: X25-Leased-Line-Port
+adminDescription: X25-Leased-Line-Port
+attributeId: 1.2.840.113556.1.2.321
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 3
+schemaIdGuid:: n3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33117
+hideFromAB: TRUE
+
+dn: CN=msAscendCallByCall,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendCallByCall
+adminDisplayName: msAscendCallByCall
+adminDescription: msAscendCallByCall
+attributeId: 1.2.840.113556.1.4.995
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: CZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msRADIUSCallbackId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSCallbackId
+adminDisplayName: msRADIUSCallbackId
+adminDescription: msRADIUSCallbackId
+attributeId: 1.2.840.113556.1.4.1144
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: m5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=X25-Remote-MTA-Phone,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: X25RemoteMTAPhone
+adminDisplayName: X25-Remote-MTA-Phone
+adminDescription: X25-Remote-MTA-Phone
+attributeId: 1.2.840.113556.1.2.373
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 55
+schemaIdGuid:: oXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33119
+hideFromAB: TRUE
+
+dn: CN=MDB-Backoff-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: MDBBackoffInterval
+adminDisplayName: MDB-Backoff-Interval
+adminDescription: MDB-Backoff-Interval
+attributeId: 1.2.840.113556.1.2.72
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: H3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32975
+hideFromAB: TRUE
+
+dn: CN=X400-Attachment-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: X400AttachmentType
+adminDisplayName: X400-Attachment-Type
+adminDescription: X400-Attachment-Type
+attributeId: 1.2.840.113556.1.2.99
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: onTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33120
+hideFromAB: TRUE
+
+dn: CN=Import-Sensitivity,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: ImportSensitivity
+adminDisplayName: Import-Sensitivity
+adminDescription: Import-Sensitivity
+attributeId: 1.2.840.113556.1.2.383
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: DnTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32955
+hideFromAB: TRUE
+
+dn: CN=msAscendAddSeconds,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendAddSeconds
+adminDisplayName: msAscendAddSeconds
+adminDescription: msAscendAddSeconds
+attributeId: 1.2.840.113556.1.4.978
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: +I8M2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=SMIME-Alg-Selected-NA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: SMIMEAlgSelectedNA
+adminDisplayName: SMIME-Alg-Selected-NA
+adminDescription: SMIME-Alg-Selected-NA
+attributeId: 1.2.840.113556.1.2.570
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+schemaIdGuid:: fHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 35893
+hideFromAB: TRUE
+
+dn: CN=X400-Selector-Syntax,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: X400SelectorSyntax
+adminDisplayName: X400-Selector-Syntax
+adminDescription: X400-Selector-Syntax
+attributeId: 1.2.840.113556.1.2.443
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 1
+schemaIdGuid:: o3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33121
+hideFromAB: TRUE
+
+dn: CN=Can-Not-Create-PF-DL-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: CanNotCreatePFDLBL
+adminDisplayName: Can-Not-Create-PF-DL-BL
+adminDescription: Can-Not-Create-PF-DL-BL
+attributeId: 1.2.840.113556.1.2.342
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: qHPfqOrF0RG7ywCAx2ZwwA==
+linkID: 131
+mapiID: 32863
+hideFromAB: TRUE
+systemFlags: 1
+
+dn: CN=XMIT-Timeout-Normal,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: XMITTimeoutNormal
+adminDisplayName: XMIT-Timeout-Normal
+adminDescription: XMIT-Timeout-Normal
+attributeId: 1.2.840.113556.1.2.67
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid:: pXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33124
+hideFromAB: TRUE
+
+dn: CN=Enabled-Protocol-Cfg,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: EnabledProtocolCfg
+adminDisplayName: Enabled-Protocol-Cfg
+adminDescription: Enabled-Protocol-Cfg
+attributeId: 1.2.840.113556.1.2.515
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 9HPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33192
+hideFromAB: TRUE
+
+dn: CN=msAscendDataFilter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendDataFilter
+adminDisplayName: msAscendDataFilter
+adminDescription: msAscendDataFilter
+attributeId: 1.2.840.113556.1.4.1007
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: FZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendCallFilter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendCallFilter
+adminDisplayName: msAscendCallFilter
+adminDescription: msAscendCallFilter
+attributeId: 1.2.840.113556.1.4.996
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: CpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendDialNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendDialNumber
+adminDisplayName: msAscendDialNumber
+adminDescription: msAscendDialNumber
+attributeId: 1.2.840.113556.1.4.1015
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: HZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=XMIT-Timeout-Urgent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: XMITTimeoutUrgent
+adminDisplayName: XMIT-Timeout-Urgent
+adminDescription: XMIT-Timeout-Urgent
+attributeId: 1.2.840.113556.1.2.53
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid:: pnTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33125
+hideFromAB: TRUE
+
+dn: CN=msAscendRemoteAddr,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendRemoteAddr
+adminDisplayName: msAscendRemoteAddr
+adminDescription: msAscendRemoteAddr
+attributeId: 1.2.840.113556.1.4.1091
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: aZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendTSIdleMode,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendTSIdleMode
+adminDisplayName: msAscendTSIdleMode
+adminDescription: msAscendTSIdleMode
+attributeId: 1.2.840.113556.1.4.1110
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: fJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=DL-Mem-Reject-Perms-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DLMemRejectPermsBL
+adminDisplayName: DL-Mem-Reject-Perms-BL
+adminDescription: DL-Mem-Reject-Perms-BL
+attributeId: 1.2.840.113556.1.2.293
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: w3PfqOrF0RG7ywCAx2ZwwA==
+linkID: 117
+mapiID: 32882
+hideFromAB: TRUE
+systemFlags: 1
+
+dn: CN=msAscendDBAMonitor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendDBAMonitor
+adminDisplayName: msAscendDBAMonitor
+adminDescription: msAscendDBAMonitor
+attributeId: 1.2.840.113556.1.4.1010
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: GJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Clock-Warning-Repair,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: ClockWarningRepair
+adminDisplayName: Clock-Warning-Repair
+adminDescription: Clock-Warning-Repair
+attributeId: 1.2.840.113556.1.2.166
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: s3PfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32868
+hideFromAB: TRUE
+
+dn: CN=msAscendPPPAddress,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendPPPAddress
+adminDisplayName: msAscendPPPAddress
+adminDescription: msAscendPPPAddress
+attributeId: 1.2.840.113556.1.4.1078
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: XJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendSendSecret,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendSendSecret
+adminDisplayName: msAscendSendSecret
+adminDescription: msAscendSendSecret
+attributeId: 1.2.840.113556.1.4.1103
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: dZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msRADIUSEapKeyFlag,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSEapKeyFlag
+adminDisplayName: msRADIUSEapKeyFlag
+adminDescription: msRADIUSEapKeyFlag
+attributeId: 1.2.840.113556.1.4.1211
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 4Y3dYZnF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Clock-Warning-Offset,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: ClockWarningOffset
+adminDisplayName: Clock-Warning-Offset
+adminDescription: Clock-Warning-Offset
+attributeId: 1.2.840.113556.1.2.177
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: snPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32867
+hideFromAB: TRUE
+
+dn: CN=msAscendSendPasswd,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendSendPasswd
+adminDisplayName: msAscendSendPasswd
+adminDescription: msAscendSendPasswd
+attributeId: 1.2.840.113556.1.4.1102
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: dJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=DXA-Exchange-Options,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXAExchangeOptions
+adminDisplayName: DXA-Exchange-Options
+adminDescription: DXA-Exchange-Options
+attributeId: 1.2.840.113556.1.2.359
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 3
+schemaIdGuid:: 0HPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32896
+hideFromAB: TRUE
+
+dn: CN=Control-Msg-Folder-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: ControlMsgFolderID
+adminDisplayName: Control-Msg-Folder-ID
+adminDescription: Control-Msg-Folder-ID
+attributeId: 1.2.840.113556.1.2.483
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 1024
+schemaIdGuid:: unPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33160
+hideFromAB: TRUE
+
+dn: CN=msAscendTargetUtil,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendTargetUtil
+adminDisplayName: msAscendTargetUtil
+adminDescription: msAscendTargetUtil
+attributeId: 1.2.840.113556.1.4.1106
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: eJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Replication-Stagger,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: ReplicationStagger
+adminDisplayName: Replication-Stagger
+adminDescription: Replication-Stagger
+attributeId: 1.2.840.113556.1.2.349
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: XXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33055
+hideFromAB: TRUE
+
+dn: CN=msRADIUSVendorName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSVendorName
+adminDisplayName: msRADIUSVendorName
+adminDescription: msRADIUSVendorName
+attributeId: 1.2.840.113556.1.4.1182
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: wZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=DL-Mem-Submit-Perms-BL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DLMemSubmitPermsBL
+adminDisplayName: DL-Mem-Submit-Perms-BL
+adminDescription: DL-Mem-Submit-Perms-BL
+attributeId: 1.2.840.113556.1.2.291
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: xXPfqOrF0RG7ywCAx2ZwwA==
+linkID: 113
+mapiID: 32883
+hideFromAB: TRUE
+systemFlags: 1
+
+dn: CN=Service-Action-First,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: ServiceActionFirst
+adminDisplayName: Service-Action-First
+adminDescription: Service-Action-First
+attributeId: 1.2.840.113556.1.2.161
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2
+schemaIdGuid:: cHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33073
+hideFromAB: TRUE
+
+dn: CN=msNPAllowedEapType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msNPAllowedEapType
+adminDisplayName: msNPAllowedEapType
+adminDescription: msNPAllowedEapType
+attributeId: 1.2.840.113556.1.4.1120
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: hpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Service-Action-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: ServiceActionOther
+adminDisplayName: Service-Action-Other
+adminDescription: Service-Action-Other
+attributeId: 1.2.840.113556.1.2.59
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2
+schemaIdGuid:: cXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33074
+hideFromAB: TRUE
+
+dn: CN=Telephone-Assistant,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: TelephoneAssistant
+adminDisplayName: Telephone-Assistant
+adminDescription: Telephone-Assistant
+attributeId: 1.2.840.113556.1.2.79
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+schemaIdGuid:: hHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 14894
+hideFromAB: TRUE
+
+dn: CN=Temp-Assoc-Threshold,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: TempAssocThreshold
+adminDisplayName: Temp-Assoc-Threshold
+adminDescription: Temp-Assoc-Threshold
+attributeId: 1.2.840.113556.1.2.329
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32767
+schemaIdGuid:: iHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33092
+hideFromAB: TRUE
+
+dn: CN=DXA-Template-Options,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXATemplateOptions
+adminDisplayName: DXA-Template-Options
+adminDescription: DXA-Template-Options
+attributeId: 1.2.840.113556.1.2.358
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 3
+schemaIdGuid:: 63PfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32926
+hideFromAB: TRUE
+
+dn: CN=Gateway-Routing-Tree,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: GatewayRoutingTree
+adminDisplayName: Gateway-Routing-Tree
+adminDescription: Gateway-Routing-Tree
+attributeId: 1.2.840.113556.1.2.167
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: A3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32947
+hideFromAB: TRUE
+
+dn: CN=X25-Leased-or-Switched,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: X25LeasedorSwitched
+adminDisplayName: X25-Leased-or-Switched
+adminDescription: X25-Leased-or-Switched
+attributeId: 1.2.840.113556.1.2.372
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: oHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33118
+hideFromAB: TRUE
+
+dn: CN=Authorized-Password,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: AuthorizedPassword
+adminDisplayName: Authorized-Password
+adminDescription: Authorized-Password
+attributeId: 1.2.840.113556.1.2.193
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 512
+schemaIdGuid:: m3PfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32853
+hideFromAB: TRUE
+
+dn: CN=Return-Exact-Msg-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: ReturnExactMsgSize
+adminDisplayName: Return-Exact-Msg-Size
+adminDescription: Return-Exact-Msg-Size
+attributeId: 1.2.840.113556.1.2.594
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: Y3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 35922
+hideFromAB: TRUE
+
+dn: CN=Client-Access-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: ClientAccessEnabled
+adminDisplayName: Client-Access-Enabled
+adminDescription: Client-Access-Enabled
+attributeId: 1.2.840.113556.1.2.559
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: r3PfqOrF0RG7ywCAx2ZwwA==
+mapiID: 35876
+hideFromAB: TRUE
+
+dn: CN=Report-To-Originator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: ReportToOriginator
+adminDisplayName: Report-To-Originator
+adminDescription: Report-To-Originator
+attributeId: 1.2.840.113556.1.2.206
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: XnTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33056
+hideFromAB: TRUE
+
+dn: CN=msRADIUSTunnelType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSTunnelType
+adminDisplayName: msRADIUSTunnelType
+adminDescription: msRADIUSTunnelType
+attributeId: 1.2.840.113556.1.4.1181
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: wJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=RTS-Recovery-Timeout,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: RTSRecoveryTimeout
+adminDisplayName: RTS-Recovery-Timeout
+adminDescription: RTS-Recovery-Timeout
+attributeId: 1.2.840.113556.1.2.151
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid:: aXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33064
+hideFromAB: TRUE
+
+dn: CN=Allowed-Child-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: allowedChildClasses
+adminDisplayName: Allowed-Child-Classes
+adminDescription: Allowed-Child-Classes
+attributeId: 1.2.840.113556.1.4.911
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIDGUID:: Qtl6mlPK0RG70ACAx2ZwwA==
+hideFromAB: TRUE
+systemFlags: 8000004
+
+dn: CN=msAscendFRNailedGrp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendFRNailedGrp
+adminDisplayName: msAscendFRNailedGrp
+adminDescription: msAscendFRNailedGrp
+attributeId: 1.2.840.113556.1.4.1036
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: MpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendAuthenAlias,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendAuthenAlias
+adminDisplayName: msAscendAuthenAlias
+adminDescription: msAscendAuthenAlias
+attributeId: 1.2.840.113556.1.4.984
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: /o8M2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendIPXNodeAddr,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendIPXNodeAddr
+adminDisplayName: msAscendIPXNodeAddr
+adminDescription: msAscendIPXNodeAddr
+attributeId: 1.2.840.113556.1.4.1056
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: RpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Enable-Compatibility,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: EnableCompatibility
+adminDisplayName: Enable-Compatibility
+adminDescription: Enable-Compatibility
+attributeId: 1.2.840.113556.1.2.567
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 8XPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 35890
+hideFromAB: TRUE
+
+
+dn: CN=Association-Lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: AssociationLifetime
+adminDisplayName: Association-Lifetime
+adminDescription: Association-Lifetime
+attributeId: 1.2.840.113556.1.2.149
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid:: lnPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32850
+hideFromAB: TRUE
+
+dn: CN=Off-Line-AB-Containers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: OffLineABContainers
+adminDisplayName: Off-Line-AB-Containers
+adminDescription: Off-Line-AB-Containers
+attributeId: 1.2.840.113556.1.2.391
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: PHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33016
+hideFromAB: TRUE
+
+dn: CN=Cross-Certificate-CRL,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: CrossCertificateCRL
+adminDisplayName: Cross-Certificate-CRL
+adminDescription: Cross-Certificate-CRL
+attributeId: 1.2.840.113556.1.2.565
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: vHPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 35888
+hideFromAB: TRUE
+
+dn: CN=msAscendIPXPeerMode,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendIPXPeerMode
+adminDisplayName: msAscendIPXPeerMode
+adminDescription: msAscendIPXPeerMode
+attributeId: 1.2.840.113556.1.4.1057
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: R5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendTSIdleLimit,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendTSIdleLimit
+adminDisplayName: msAscendTSIdleLimit
+adminDescription: msAscendTSIdleLimit
+attributeId: 1.2.840.113556.1.4.1109
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: e5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendMultilinkID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendMultilinkID
+adminDisplayName: msAscendMultilinkID
+adminDescription: msAscendMultilinkID
+attributeId: 1.2.840.113556.1.4.1074
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: WJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendUserAcctKey,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendUserAcctKey
+adminDisplayName: msAscendUserAcctKey
+adminDescription: msAscendUserAcctKey
+attributeId: 1.2.840.113556.1.4.1114
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: gJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msNPCalledStationID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msNPCalledStationID
+adminDisplayName: msNPCalledStationID
+adminDescription: msNPCalledStationID
+attributeId: 1.2.840.113556.1.4.1123
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: iZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Encapsulation-Method,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: EncapsulationMethod
+adminDisplayName: Encapsulation-Method
+adminDescription: Encapsulation-Method
+attributeId: 1.2.840.113556.1.2.448
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 9XPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32930
+hideFromAB: TRUE
+
+dn: CN=msAscendPPPAsyncMap,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendPPPAsyncMap
+adminDisplayName: msAscendPPPAsyncMap
+adminDescription: msAscendPPPAsyncMap
+attributeId: 1.2.840.113556.1.4.1079
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: XZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendMaximumTime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendMaximumTime
+adminDisplayName: msAscendMaximumTime
+adminDescription: msAscendMaximumTime
+attributeId: 1.2.840.113556.1.4.1062
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: TJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendRequireAuth,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendRequireAuth
+adminDisplayName: msAscendRequireAuth
+adminDescription: msAscendRequireAuth
+attributeId: 1.2.840.113556.1.4.1094
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: bJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendModemSlotNo,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendModemSlotNo
+adminDisplayName: msAscendModemSlotNo
+adminDescription: msAscendModemSlotNo
+attributeId: 1.2.840.113556.1.4.1069
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: U5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Responsible-Local-DXA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: ResponsibleLocalDXA
+adminDisplayName: Responsible-Local-DXA
+adminDescription: Responsible-Local-DXA
+attributeId: 1.2.840.113556.1.2.298
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: YnTfqOrF0RG7ywCAx2ZwwA==
+linkID: 122
+mapiID: 33059
+hideFromAB: TRUE
+
+dn: CN=Inbound-Newsfeed-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: InboundNewsfeedType
+adminDisplayName: Inbound-Newsfeed-Type
+adminDescription: Inbound-Newsfeed-Type
+attributeId: 1.2.840.113556.1.2.554
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: E3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 35871
+hideFromAB: TRUE
+
+dn: CN=msAscendModemPortNo,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendModemPortNo
+adminDisplayName: msAscendModemPortNo
+adminDescription: msAscendModemPortNo
+attributeId: 1.2.840.113556.1.4.1067
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: UZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=MDB-Msg-Time-Out-Period,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: MDBMsgTimeOutPeriod
+adminDisplayName: MDB-Msg-Time-Out-Period
+adminDescription: MDB-Msg-Time-Out-Period
+attributeId: 1.2.840.113556.1.2.64
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: IHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32976
+hideFromAB: TRUE
+
+dn: CN=msRADIUSFramedRoute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSFramedRoute
+adminDisplayName: msRADIUSFramedRoute
+adminDescription: msRADIUSFramedRoute
+attributeId: 1.2.840.113556.1.4.1158
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: qZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Presentation-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: presentationAddress
+adminDisplayName: Presentation-Address
+adminDescription: Presentation-Address
+attributeId: 2.5.4.29
+attributeSyntax: 2.5.5.13
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVc
+schemaIdGuid:: S3TfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendThirdPrompt,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendThirdPrompt
+adminDisplayName: msAscendThirdPrompt
+adminDescription: msAscendThirdPrompt
+attributeId: 1.2.840.113556.1.4.1107
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: eZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msRADIUSIdleTimeout,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSIdleTimeout
+adminDisplayName: msRADIUSIdleTimeout
+adminDescription: msRADIUSIdleTimeout
+attributeId: 1.2.840.113556.1.4.1160
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: q5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Authentication-To-Use,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: AuthenticationToUse
+adminDisplayName: Authentication-To-Use
+adminDescription: Authentication-To-Use
+attributeId: 1.2.840.113556.1.2.501
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 128
+schemaIdGuid:: mXPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33178
+hideFromAB: TRUE
+
+
+dn: CN=Encrypt-Alg-List-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: EncryptAlgListOther
+adminDisplayName: Encrypt-Alg-List-Other
+adminDescription: Encrypt-Alg-List-Other
+attributeId: 1.2.840.113556.1.2.399
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32
+schemaIdGuid:: +HPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32833
+hideFromAB: TRUE
+
+dn: CN=HTTP-Pub-AB-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: HTTPPubABAttributes
+adminDisplayName: HTTP-Pub-AB-Attributes
+adminDescription: HTTP-Pub-AB-Attributes
+attributeId: 1.2.840.113556.1.2.516
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 128
+schemaIdGuid:: CHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33193
+hideFromAB: TRUE
+
+dn: CN=msRADIUSLoginIPHost,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSLoginIPHost
+adminDisplayName: msRADIUSLoginIPHost
+adminDescription: msRADIUSLoginIPHost
+attributeId: 1.2.840.113556.1.4.1161
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: rJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msRADIUSServiceType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSServiceType
+adminDisplayName: msRADIUSServiceType
+adminDescription: msRADIUSServiceType
+attributeId: 1.2.840.113556.1.4.1171
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: tpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msNPSessionsAllowed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msNPSessionsAllowed
+adminDisplayName: msNPSessionsAllowed
+adminDescription: msNPSessionsAllowed
+attributeId: 1.2.840.113556.1.4.1132
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: kJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Service-Action-Second,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: ServiceActionSecond
+adminDisplayName: Service-Action-Second
+adminDescription: Service-Action-Second
+attributeId: 1.2.840.113556.1.2.60
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2
+schemaIdGuid:: cnTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33075
+hideFromAB: TRUE
+
+dn: CN=Service-Restart-Delay,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: ServiceRestartDelay
+adminDisplayName: Service-Restart-Delay
+adminDescription: Service-Restart-Delay
+attributeId: 1.2.840.113556.1.2.162
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: c3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33076
+hideFromAB: TRUE
+
+dn: CN=msAscendFRDirectDLCI,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendFRDirectDLCI
+adminDisplayName: msAscendFRDirectDLCI
+adminDescription: msAscendFRDirectDLCI
+attributeId: 1.2.840.113556.1.4.1028
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: KpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendUserAcctBase,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendUserAcctBase
+adminDisplayName: msAscendUserAcctBase
+adminDescription: msAscendUserAcctBase
+attributeId: 1.2.840.113556.1.4.1112
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: fpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendFCPParameter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendFCPParameter
+adminDisplayName: msAscendFCPParameter
+adminDescription: msAscendFCPParameter
+attributeId: 1.2.840.113556.1.4.1021
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: I5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Filter-Local-Addresses,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: FilterLocalAddresses
+adminDisplayName: Filter-Local-Addresses
+adminDescription: Filter-Local-Addresses
+attributeId: 1.2.840.113556.1.2.44
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: /nPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32941
+hideFromAB: TRUE
+
+dn: CN=msAscendModemShelfNo,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendModemShelfNo
+adminDisplayName: msAscendModemShelfNo
+adminDescription: msAscendModemShelfNo
+attributeId: 1.2.840.113556.1.4.1068
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: UpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Encrypt-Alg-Selected-NA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: EncryptAlgSelectedNA
+adminDisplayName: Encrypt-Alg-Selected-NA
+adminDescription: Encrypt-Alg-Selected-NA
+attributeId: 1.2.840.113556.1.2.401
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32
+schemaIdGuid:: +XPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32835
+hideFromAB: TRUE
+
+dn: CN=Default-Message-Format,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DefaultMessageFormat
+adminDisplayName: Default-Message-Format
+adminDescription: Default-Message-Format
+attributeId: 1.2.840.113556.1.2.572
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: vXPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 35895
+hideFromAB: TRUE
+
+dn: CN=msAscendEndpointDisc,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendEndpointDisc
+adminDisplayName: msAscendEndpointDisc
+adminDescription: msAscendEndpointDisc
+attributeId: 1.2.840.113556.1.4.1018
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: IJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendUserAcctTime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendUserAcctTime
+adminDisplayName: msAscendUserAcctTime
+adminDescription: msAscendUserAcctTime
+attributeId: 1.2.840.113556.1.4.1116
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: gpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=DXA-Conf-Container-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXAConfContainerList
+adminDisplayName: DXA-Conf-Container-List
+adminDescription: DXA-Conf-Container-List
+attributeId: 1.2.840.113556.1.2.180
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: zHPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32892
+hideFromAB: TRUE
+
+dn: CN=msAscendMenuSelector,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendMenuSelector
+adminDisplayName: msAscendMenuSelector
+adminDescription: msAscendMenuSelector
+attributeId: 1.2.840.113556.1.4.1064
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: TpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=MSMQ-Sign-Certificates,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: mSMQSignCertificates
+adminDisplayName: MSMQ-Sign-Certificates
+adminDescription: MSMQ-Sign-Certificates
+attributeId: 1.2.840.113556.1.4.947
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: O8MNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+isMemberOfPartialAttributeSet: TRUE
+
+dn: CN=msAscendAssignIPPool,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendAssignIPPool
+adminDisplayName: msAscendAssignIPPool
+adminDescription: msAscendAssignIPPool
+attributeId: 1.2.840.113556.1.4.982
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: /I8M2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendUserAcctHost,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendUserAcctHost
+adminDisplayName: msAscendUserAcctHost
+adminDescription: msAscendUserAcctHost
+attributeId: 1.2.840.113556.1.4.1113
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: f5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendPreemptLimit,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendPreemptLimit
+adminDisplayName: msAscendPreemptLimit
+adminDescription: msAscendPreemptLimit
+attributeId: 1.2.840.113556.1.4.1082
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: YJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendUserAcctType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendUserAcctType
+adminDisplayName: msAscendUserAcctType
+adminDescription: msAscendUserAcctType
+attributeId: 1.2.840.113556.1.4.1117
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: g5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Disabled-Gateway-Proxy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DisabledGatewayProxy
+adminDisplayName: Disabled-Gateway-Proxy
+adminDescription: Disabled-Gateway-Proxy
+attributeId: 1.2.840.113556.1.2.541
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 1024
+schemaIdGuid:: wHPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33219
+hideFromAB: TRUE
+
+dn: CN=DXA-Native-Address-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXANativeAddressType
+adminDisplayName: DXA-Native-Address-Type
+adminDescription: DXA-Native-Address-Type
+attributeId: 1.2.840.113556.1.2.331
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32
+schemaIdGuid:: 2XPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32906
+hideFromAB: TRUE
+
+dn: CN=DXA-Template-TimeStamp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXATemplateTimeStamp
+adminDisplayName: DXA-Template-TimeStamp
+adminDescription: DXA-Template-TimeStamp
+attributeId: 1.2.840.113556.1.2.365
+attributeSyntax: 2.5.5.11
+omSyntax: 23
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 7HPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32927
+hideFromAB: TRUE
+
+dn: CN=Monitoring-Alert-Delay,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: MonitoringAlertDelay
+adminDisplayName: Monitoring-Alert-Delay
+adminDescription: Monitoring-Alert-Delay
+attributeId: 1.2.840.113556.1.2.158
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: J3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32988
+hideFromAB: TRUE
+
+dn: CN=msAscendUserAcctPort,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendUserAcctPort
+adminDisplayName: msAscendUserAcctPort
+adminDescription: msAscendUserAcctPort
+attributeId: 1.2.840.113556.1.4.1115
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: gZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Connection-List-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: ConnectionListFilter
+adminDisplayName: Connection-List-Filter
+adminDescription: Connection-List-Filter
+attributeId: 1.2.840.113556.1.2.475
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 10240
+schemaIdGuid:: tnPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33152
+hideFromAB: TRUE
+
+dn: CN=msNPCallingStationID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msNPCallingStationID
+adminDisplayName: msNPCallingStationID
+adminDescription: msNPCallingStationID
+attributeId: 1.2.840.113556.1.4.1124
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: ipAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msRADIUSArapFeatures,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSArapFeatures
+adminDisplayName: msRADIUSArapFeatures
+adminDescription: msRADIUSArapFeatures
+attributeId: 1.2.840.113556.1.4.1138
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: lZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msRADIUSLoginLATNode,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSLoginLATNode
+adminDisplayName: msRADIUSLoginLATNode
+adminDescription: msRADIUSLoginLATNode
+attributeId: 1.2.840.113556.1.4.1163
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: rpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msRADIUSLoginService,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSLoginService
+adminDisplayName: msRADIUSLoginService
+adminDescription: msRADIUSLoginService
+attributeId: 1.2.840.113556.1.4.1166
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: sZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Assoc-Protocol-Cfg-NNTP,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: AssocProtocolCfgNNTP
+adminDisplayName: Assoc-Protocol-Cfg-NNTP
+adminDescription: Assoc-Protocol-Cfg-NNTP
+attributeId: 1.2.840.113556.1.2.512
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: lXPfqOrF0RG7ywCAx2ZwwA==
+linkID: 140
+mapiID: 33189
+hideFromAB: TRUE
+
+dn: CN=Monitoring-Recipients,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: MonitoringRecipients
+adminDisplayName: Monitoring-Recipients
+adminDescription: Monitoring-Recipients
+attributeId: 1.2.840.113556.1.2.159
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: LnTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33001
+hideFromAB: TRUE
+
+dn: CN=DXA-Prev-Remote-Entries,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXAPrevRemoteEntries
+adminDisplayName: DXA-Prev-Remote-Entries
+adminDescription: DXA-Prev-Remote-Entries
+attributeId: 1.2.840.113556.1.2.265
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: 33PfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32912
+hideFromAB: TRUE
+
+dn: CN=msRADIUSArapSecurity,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSArapSecurity
+adminDisplayName: msRADIUSArapSecurity
+adminDescription: msRADIUSArapSecurity
+attributeId: 1.2.840.113556.1.4.1139
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: lpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Text-Encoded-OR-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: textEncodedORAddress
+adminDisplayName: Text-Encoded-OR-Address
+adminDescription: Text-Encoded-OR-Address
+attributeId: 0.9.2342.19200300.100.1.2
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 1024
+schemaIdGuid:: iXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 35949
+hideFromAB: TRUE
+
+dn: CN=msRADIUSLoginLATPort,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSLoginLATPort
+adminDisplayName: msRADIUSLoginLATPort
+adminDescription: msRADIUSLoginLATPort
+attributeId: 1.2.840.113556.1.4.1164
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: r5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Num-Of-Transfer-Retries,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: NumOfTransferRetries
+adminDisplayName: Num-Of-Transfer-Retries
+adminDescription: Num-Of-Transfer-Retries
+attributeId: 1.2.840.113556.1.2.134
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid:: O3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33013
+hideFromAB: TRUE
+
+dn: CN=ACS-Non-Reserved-Tx-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: aCSNonReservedTxSize
+adminDisplayName: ACS-Non-Reserved-Tx-Size
+adminDescription: ACS-Non-Reserved-Tx-Size
+attributeId: 1.2.840.113556.1.4.898
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: DSNy8PWu0RG9zwAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=msAscendCallbackDelay,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendCallbackDelay
+adminDisplayName: msAscendCallbackDelay
+adminDescription: msAscendCallbackDelay
+attributeId: 1.2.840.113556.1.4.993
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: B5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Translation-Table-Used,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: TranslationTableUsed
+adminDisplayName: Translation-Table-Used
+adminDescription: Translation-Table-Used
+attributeId: 1.2.840.113556.1.2.396
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid:: kHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33101
+hideFromAB: TRUE
+
+dn: CN=msRADIUSLoginTCPPort,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSLoginTCPPort
+adminDisplayName: msRADIUSLoginTCPPort
+adminDescription: msRADIUSLoginTCPPort
+attributeId: 1.2.840.113556.1.4.1167
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: spAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Outgoing-Msg-Size-Limit,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: OutgoingMsgSizeLimit
+adminDisplayName: Outgoing-Msg-Size-Limit
+adminDescription: Outgoing-Msg-Size-Limit
+attributeId: 1.2.840.113556.1.2.490
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: RnTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33167
+hideFromAB: TRUE
+
+dn: CN=Monitoring-Alert-Units,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: MonitoringAlertUnits
+adminDisplayName: Monitoring-Alert-Units
+adminDescription: Monitoring-Alert-Units
+attributeId: 1.2.840.113556.1.2.57
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2
+schemaIdGuid:: KHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32989
+hideFromAB: TRUE
+
+dn: CN=OOF-Reply-To-Originator,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: OOFReplyToOriginator
+adminDisplayName: OOF-Reply-To-Originator
+adminDescription: OOF-Reply-To-Originator
+attributeId: 1.2.840.113556.1.2.438
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: QHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33023
+hideFromAB: TRUE
+
+dn: CN=Disable-Deferred-Commit,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DisableDeferredCommit
+adminDisplayName: Disable-Deferred-Commit
+adminDescription: Disable-Deferred-Commit
+attributeId: 1.2.840.113556.1.2.558
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: v3PfqOrF0RG7ywCAx2ZwwA==
+mapiID: 35875
+hideFromAB: TRUE
+
+dn: CN=msNPAllowedPortTypes,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msNPAllowedPortTypes
+adminDisplayName: msNPAllowedPortTypes
+adminDescription: msNPAllowedPortTypes
+attributeId: 1.2.840.113556.1.4.1121
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: h5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendBridgeAddress,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendBridgeAddress
+adminDisplayName: msAscendBridgeAddress
+adminDescription: msAscendBridgeAddress
+attributeId: 1.2.840.113556.1.4.990
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: BJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Turn-Request-Threshold,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: TurnRequestThreshold
+adminDisplayName: Turn-Request-Threshold
+adminDescription: Turn-Request-Threshold
+attributeId: 1.2.840.113556.1.2.38
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid:: k3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33104
+hideFromAB: TRUE
+
+dn: CN=MSMQ-In-Routing-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: mSMQInRoutingServers
+adminDisplayName: MSMQ-In-Routing-Servers
+adminDescription: MSMQ-In-Routing-Servers
+attributeId: 1.2.840.113556.1.4.929
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: LMMNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+isMemberOfPartialAttributeSet: TRUE
+
+dn: CN=XMIT-Timeout-Non-Urgent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: XMITTimeoutNonUrgent
+adminDisplayName: XMIT-Timeout-Non-Urgent
+adminDescription: XMIT-Timeout-Non-Urgent
+attributeId: 1.2.840.113556.1.2.84
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid:: pHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33123
+hideFromAB: TRUE
+
+dn: CN=msAscendBillingNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendBillingNumber
+adminDisplayName: msAscendBillingNumber
+adminDescription: msAscendBillingNumber
+attributeId: 1.2.840.113556.1.4.988
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: ApAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendFRProfileName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendFRProfileName
+adminDisplayName: msAscendFRProfileName
+adminDescription: msAscendFRProfileName
+attributeId: 1.2.840.113556.1.4.1037
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: M5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendFRCircuitName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendFRCircuitName
+adminDisplayName: msAscendFRCircuitName
+adminDescription: msAscendFRCircuitName
+attributeId: 1.2.840.113556.1.4.1024
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: JpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendReceiveSecret,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendReceiveSecret
+adminDisplayName: msAscendReceiveSecret
+adminDescription: msAscendReceiveSecret
+attributeId: 1.2.840.113556.1.4.1090
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: aJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=SMIME-Alg-Selected-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: SMIMEAlgSelectedOther
+adminDisplayName: SMIME-Alg-Selected-Other
+adminDescription: SMIME-Alg-Selected-Other
+attributeId: 1.2.840.113556.1.2.571
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+schemaIdGuid:: fXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 35894
+hideFromAB: TRUE
+
+dn: CN=msAscendClientGateway,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendClientGateway
+adminDisplayName: msAscendClientGateway
+adminDescription: msAscendClientGateway
+attributeId: 1.2.840.113556.1.4.1003
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: EZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendRemoveSeconds,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendRemoveSeconds
+adminDisplayName: msAscendRemoveSeconds
+adminDescription: msAscendRemoveSeconds
+attributeId: 1.2.840.113556.1.4.1093
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: a5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Extended-Attribute-Info,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: extendedAttributeInfo
+adminDisplayName: Extended-Attribute-Info
+adminDescription: Extended-Attribute-Info
+attributeId: 1.2.840.113556.1.4.909
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIDGUID:: R9l6mlPK0RG70ACAx2ZwwA==
+hideFromAB: TRUE
+systemFlags: 8000004
+
+dn: CN=msRASSavedFramedRoute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRASSavedFramedRoute
+adminDisplayName: msRASSavedFramedRoute
+adminDescription: msRASSavedFramedRoute
+attributeId: 1.2.840.113556.1.4.1191
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: x5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msNPRADIUSProfileName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msNPRADIUSProfileName
+adminDisplayName: msNPRADIUSProfileName
+adminDescription: msNPRADIUSProfileName
+attributeId: 1.2.840.113556.1.4.1129
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: jZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Service-Restart-Message,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: ServiceRestartMessage
+adminDisplayName: Service-Restart-Message
+adminDescription: Service-Restart-Message
+attributeId: 1.2.840.113556.1.2.58
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 120
+schemaIdGuid:: dHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33077
+hideFromAB: TRUE
+
+dn: CN=msAscendTransitNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendTransitNumber
+adminDisplayName: msAscendTransitNumber
+adminDescription: msAscendTransitNumber
+attributeId: 1.2.840.113556.1.4.1108
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: epAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msRADIUSFramedRouting,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSFramedRouting
+adminDisplayName: msRADIUSFramedRouting
+adminDescription: msRADIUSFramedRouting
+attributeId: 1.2.840.113556.1.4.1159
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: qpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=RAS-Phonebook-Entry-Name,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: RASPhonebookEntryName
+adminDisplayName: RAS-Phonebook-Entry-Name
+adminDescription: RAS-Phonebook-Entry-Name
+attributeId: 1.2.840.113556.1.2.313
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+schemaIdGuid:: VXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33047
+hideFromAB: TRUE
+
+dn: CN=msAscendPRINumberType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendPRINumberType
+adminDisplayName: msAscendPRINumberType
+adminDescription: msAscendPRINumberType
+attributeId: 1.2.840.113556.1.4.1089
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: Z5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=NNTP-Distributions-Flag,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: NNTPDistributionsFlag
+adminDisplayName: NNTP-Distributions-Flag
+adminDescription: NNTP-Distributions-Flag
+attributeId: 1.2.840.113556.1.2.511
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: OXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33188
+hideFromAB: TRUE
+
+dn: CN=msAscendPPPVJSlotComp,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendPPPVJSlotComp
+adminDisplayName: msAscendPPPVJSlotComp
+adminDescription: msAscendPPPVJSlotComp
+attributeId: 1.2.840.113556.1.4.1081
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: X5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Local-Bridge-Head-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: LocalBridgeHeadAddress
+adminDisplayName: Local-Bridge-Head-Address
+adminDescription: Local-Bridge-Head-Address
+attributeId: 1.2.840.113556.1.2.225
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 1118
+schemaIdGuid:: G3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32967
+hideFromAB: TRUE
+
+dn: CN=msRADIUSLoginLATGroup,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSLoginLATGroup
+adminDisplayName: msRADIUSLoginLATGroup
+adminDescription: msRADIUSLoginLATGroup
+attributeId: 1.2.840.113556.1.4.1162
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: rZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendSessionSvrKey,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendSessionSvrKey
+adminDisplayName: msAscendSessionSvrKey
+adminDescription: msAscendSessionSvrKey
+attributeId: 1.2.840.113556.1.4.1104
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: dpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Transfer-Timeout-Normal,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: TransferTimeoutNormal
+adminDisplayName: Transfer-Timeout-Normal
+adminDescription: Transfer-Timeout-Normal
+attributeId: 1.2.840.113556.1.2.137
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid:: jnTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33099
+hideFromAB: TRUE
+
+dn: CN=msRADIUSAttributeType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSAttributeType
+adminDisplayName: msRADIUSAttributeType
+adminDescription: msRADIUSAttributeType
+attributeId: 1.2.840.113556.1.4.1142
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: mZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Transfer-Retry-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: TransferRetryInterval
+adminDisplayName: Transfer-Retry-Interval
+adminDescription: Transfer-Retry-Interval
+attributeId: 1.2.840.113556.1.2.133
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid:: jHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33097
+hideFromAB: TRUE
+
+dn: CN=Transfer-Timeout-Urgent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: TransferTimeoutUrgent
+adminDisplayName: Transfer-Timeout-Urgent
+adminDescription: Transfer-Timeout-Urgent
+attributeId: 1.2.840.113556.1.2.142
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid:: j3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33100
+hideFromAB: TRUE
+
+dn: CN=Message-Tracking-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: MessageTrackingEnabled
+adminDisplayName: Message-Tracking-Enabled
+adminDescription: Message-Tracking-Enabled
+attributeId: 1.2.840.113556.1.2.453
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: InTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32981
+hideFromAB: TRUE
+
+dn: CN=msAscendExpectCallback,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendExpectCallback
+adminDisplayName: msAscendExpectCallback
+adminDescription: msAscendExpectCallback
+attributeId: 1.2.840.113556.1.4.1020
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: IpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msRADIUSPasswordRetry,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSPasswordRetry
+adminDisplayName: msRADIUSPasswordRetry
+adminDescription: msRADIUSPasswordRetry
+attributeId: 1.2.840.113556.1.4.1168
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: s5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msRADIUSCallbackNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSCallbackNumber
+adminDisplayName: msRADIUSCallbackNumber
+adminDescription: msRADIUSCallbackNumber
+attributeId: 1.2.840.113556.1.4.1145
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: nJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendDialoutAllowed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendDialoutAllowed
+adminDisplayName: msAscendDialoutAllowed
+adminDescription: msAscendDialoutAllowed
+attributeId: 1.2.840.113556.1.4.1016
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: HpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=MSMQ-Out-Routing-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: mSMQOutRoutingServers
+adminDisplayName: MSMQ-Out-Routing-Servers
+adminDescription: MSMQ-Out-Routing-Servers
+attributeId: 1.2.840.113556.1.4.928
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: K8MNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+isMemberOfPartialAttributeSet: TRUE
+
+dn: CN=msAscendMPPIdlePercent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendMPPIdlePercent
+adminDisplayName: msAscendMPPIdlePercent
+adminDescription: msAscendMPPIdlePercent
+attributeId: 1.2.840.113556.1.4.1070
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: VJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendAssignIPClient,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendAssignIPClient
+adminDisplayName: msAscendAssignIPClient
+adminDescription: msAscendAssignIPClient
+attributeId: 1.2.840.113556.1.4.981
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: +48M2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=X25-Call-User-Data-Incoming,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: X25CallUserDataIncoming
+adminDisplayName: X25-Call-User-Data-Incoming
+adminDescription: X25-Call-User-Data-Incoming
+attributeId: 1.2.840.113556.1.2.316
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 128
+schemaIdGuid:: m3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33113
+hideFromAB: TRUE
+
+dn: CN=ACS-Max-No-Of-Account-Files,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: aCSMaxNoOfAccountFiles
+adminDisplayName: ACS-Max-No-Of-Account-Files
+adminDescription: ACS-Max-No-Of-Account-Files
+attributeId: 1.2.840.113556.1.4.901
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: ECNy8PWu0RG9zwAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=msAscendDHCPPoolNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendDHCPPoolNumber
+adminDisplayName: msAscendDHCPPoolNumber
+adminDescription: msAscendDHCPPoolNumber
+attributeId: 1.2.840.113556.1.4.1013
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: G5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Available-Distributions,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: AvailableDistributions
+adminDisplayName: Available-Distributions
+adminDescription: Available-Distributions
+attributeId: 1.2.840.113556.1.2.486
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 10240
+schemaIdGuid:: n3PfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33163
+hideFromAB: TRUE
+
+dn: CN=msAscendAppletalkRoute,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendAppletalkRoute
+adminDisplayName: msAscendAppletalkRoute
+adminDescription: msAscendAppletalkRoute
+attributeId: 1.2.840.113556.1.4.980
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: +o8M2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendRouteAppletalk,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendRouteAppletalk
+adminDisplayName: msAscendRouteAppletalk
+adminDescription: msAscendRouteAppletalk
+attributeId: 1.2.840.113556.1.4.1095
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: bZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msRADIUSArapZoneAccess,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSArapZoneAccess
+adminDisplayName: msRADIUSArapZoneAccess
+adminDescription: msRADIUSArapZoneAccess
+attributeId: 1.2.840.113556.1.4.1140
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: l5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendAssignIPServer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendAssignIPServer
+adminDisplayName: msAscendAssignIPServer
+adminDescription: msAscendAssignIPServer
+attributeId: 1.2.840.113556.1.4.983
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: /Y8M2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=DXA-UnConf-Container-List,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXAUnConfContainerList
+adminDisplayName: DXA-UnConf-Container-List
+adminDescription: DXA-UnConf-Container-List
+attributeId: 1.2.840.113556.1.2.181
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: 7nPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32929
+hideFromAB: TRUE
+
+dn: CN=Replication-Mail-Msg-Size,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: ReplicationMailMsgSize
+adminDisplayName: Replication-Mail-Msg-Size
+adminDescription: Replication-Mail-Msg-Size
+attributeId: 1.2.840.113556.1.2.103
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: XHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33128
+hideFromAB: TRUE
+
+dn: CN=msAscendCBCPTrunkGroup,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendCBCPTrunkGroup
+adminDisplayName: msAscendCBCPTrunkGroup
+adminDescription: msAscendCBCPTrunkGroup
+attributeId: 1.2.840.113556.1.4.1001
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: D5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendPreSessionTime,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendPreSessionTime
+adminDisplayName: msAscendPreSessionTime
+adminDescription: msAscendPreSessionTime
+attributeId: 1.2.840.113556.1.4.1087
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: ZZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=DXA-Prev-Exchange-Options,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXAPrevExchangeOptions
+adminDisplayName: DXA-Prev-Exchange-Options
+adminDescription: DXA-Prev-Exchange-Options
+attributeId: 1.2.840.113556.1.2.216
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 3
+schemaIdGuid:: 3HPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32909
+hideFromAB: TRUE
+
+dn: CN=Monitoring-Warning-Delay,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: MonitoringWarningDelay
+adminDisplayName: Monitoring-Warning-Delay
+adminDescription: Monitoring-Warning-Delay
+attributeId: 1.2.840.113556.1.2.157
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: MHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33005
+hideFromAB: TRUE
+
+dn: CN=msAscendNetwaretimeout,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendNetwaretimeout
+adminDisplayName: msAscendNetwaretimeout
+adminDescription: msAscendNetwaretimeout
+attributeId: 1.2.840.113556.1.4.1075
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: WZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msRADIUSFramedProtocol,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSFramedProtocol
+adminDisplayName: msRADIUSFramedProtocol
+adminDescription: msRADIUSFramedProtocol
+attributeId: 1.2.840.113556.1.4.1157
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: qJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendNumberSessions,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendNumberSessions
+adminDisplayName: msAscendNumberSessions
+adminDescription: msAscendNumberSessions
+attributeId: 1.2.840.113556.1.4.1076
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: WpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendNumInMultilink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendNumInMultilink
+adminDisplayName: msAscendNumInMultilink
+adminDescription: msAscendNumInMultilink
+attributeId: 1.2.840.113556.1.4.1077
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: W5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Session-Disconnect-Timer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: SessionDisconnectTimer
+adminDisplayName: Session-Disconnect-Timer
+adminDescription: Session-Disconnect-Timer
+attributeId: 1.2.840.113556.1.2.154
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid:: dXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33078
+hideFromAB: TRUE
+
+dn: CN=Transport-Expedited-Data,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: TransportExpeditedData
+adminDisplayName: Transport-Expedited-Data
+adminDescription: Transport-Expedited-Data
+attributeId: 1.2.840.113556.1.2.150
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: kXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33102
+hideFromAB: TRUE
+
+dn: CN=X25-Call-User-Data-Outgoing,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: X25CallUserDataOutgoing
+adminDisplayName: X25-Call-User-Data-Outgoing
+adminDescription: X25-Call-User-Data-Outgoing
+attributeId: 1.2.840.113556.1.2.317
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 128
+schemaIdGuid:: nHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33114
+hideFromAB: TRUE
+
+dn: CN=msAscendPreInputOctets,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendPreInputOctets
+adminDisplayName: msAscendPreInputOctets
+adminDescription: msAscendPreInputOctets
+attributeId: 1.2.840.113556.1.4.1083
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: YZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msNPAuthenticationType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msNPAuthenticationType
+adminDisplayName: msNPAuthenticationType
+adminDescription: msNPAuthenticationType
+attributeId: 1.2.840.113556.1.4.1122
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: iJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=DXA-Prev-Template-Options,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXAPrevTemplateOptions
+adminDisplayName: DXA-Prev-Template-Options
+adminDescription: DXA-Prev-Template-Options
+attributeId: 1.2.840.113556.1.2.395
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 3
+schemaIdGuid:: 4XPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32914
+hideFromAB: TRUE
+
+dn: CN=Quota-Notification-Style,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: QuotaNotificationStyle
+adminDisplayName: Quota-Notification-Style
+adminDescription: Quota-Notification-Style
+attributeId: 1.2.840.113556.1.2.388
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2
+schemaIdGuid:: UHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33042
+hideFromAB: TRUE
+
+dn: CN=Root-Newsgroups-Folder-ID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: RootNewsgroupsFolderID
+adminDisplayName: Root-Newsgroups-Folder-ID
+adminDescription: Root-Newsgroups-Folder-ID
+attributeId: 1.2.840.113556.1.2.524
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 1024
+schemaIdGuid:: ZnTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33202
+hideFromAB: TRUE
+
+dn: CN=MS-MPPE-Encryption-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: mSMPPEEncryptionPolicy
+adminDisplayName: MS-MPPE-Encryption-Policy
+adminDescription: MS-MPPE-Encryption-Policy
+attributeId: 1.2.840.113556.1.4.977
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: 948M2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Monitoring-Warning-Units,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: MonitoringWarningUnits
+adminDisplayName: Monitoring-Warning-Units
+adminDescription: Monitoring-Warning-Units
+attributeId: 1.2.840.113556.1.2.56
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2
+schemaIdGuid:: MXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33006
+hideFromAB: TRUE
+
+dn: CN=msRADIUSTunnelPassword,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSTunnelPassword
+adminDisplayName: msRADIUSTunnelPassword
+adminDescription: msRADIUSTunnelPassword
+attributeId: 1.2.840.113556.1.4.1177
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: vJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Remote-Bridge-Head-Address,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: RemoteBridgeHeadAddress
+adminDisplayName: Remote-Bridge-Head-Address
+adminDescription: Remote-Bridge-Head-Address
+attributeId: 1.2.840.113556.1.2.94
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 1118
+schemaIdGuid:: WXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33051
+hideFromAB: TRUE
+
+dn: CN=Export-Custom-Recipients,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: ExportCustomRecipients
+adminDisplayName: Export-Custom-Recipients
+adminDescription: Export-Custom-Recipients
+attributeId: 1.2.840.113556.1.2.307
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: /XPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32934
+hideFromAB: TRUE
+
+dn: CN=msRADIUSSessionTimeout,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSSessionTimeout
+adminDisplayName: msRADIUSSessionTimeout
+adminDescription: msRADIUSSessionTimeout
+attributeId: 1.2.840.113556.1.4.1172
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: t5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendHomeAgentIPAddr,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendHomeAgentIPAddr
+adminDisplayName: msAscendHomeAgentIPAddr
+adminDescription: msAscendHomeAgentIPAddr
+attributeId: 1.2.840.113556.1.4.1045
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: O5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendDecChannelCount,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendDecChannelCount
+adminDisplayName: msAscendDecChannelCount
+adminDescription: msAscendDecChannelCount
+attributeId: 1.2.840.113556.1.4.1011
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: GZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Support-SMIME-Signatures,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: SupportSMIMESignatures
+adminDisplayName: Support-SMIME-Signatures
+adminDescription: Support-SMIME-Signatures
+attributeId: 1.2.840.113556.1.2.590
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: f3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 35912
+hideFromAB: TRUE
+
+dn: CN=msAscendDisconnectCause,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendDisconnectCause
+adminDisplayName: msAscendDisconnectCause
+adminDescription: msAscendDisconnectCause
+attributeId: 1.2.840.113556.1.4.1017
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: H5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendIncChannelCount,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendIncChannelCount
+adminDisplayName: msAscendIncChannelCount
+adminDescription: msAscendIncChannelCount
+attributeId: 1.2.840.113556.1.4.1052
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: QpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendFRDirectProfile,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendFRDirectProfile
+adminDisplayName: msAscendFRDirectProfile
+adminDescription: msAscendFRDirectProfile
+attributeId: 1.2.840.113556.1.4.1029
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: K5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=ACS-Enable-RSVP-Accounting,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: aCSEnableRSVPAccounting
+adminDisplayName: ACS-Enable-RSVP-Accounting
+adminDescription: ACS-Enable-RSVP-Accounting
+attributeId: 1.2.840.113556.1.4.899
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: DiNy8PWu0RG9zwAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=msAscendMinimumChannels,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendMinimumChannels
+adminDisplayName: msAscendMinimumChannels
+adminDescription: msAscendMinimumChannels
+attributeId: 1.2.840.113556.1.4.1066
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: UJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendClientAssignDNS,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendClientAssignDNS
+adminDisplayName: msAscendClientAssignDNS
+adminDescription: msAscendClientAssignDNS
+attributeId: 1.2.840.113556.1.4.1002
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: EJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendMaximumChannels,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendMaximumChannels
+adminDisplayName: msAscendMaximumChannels
+adminDescription: msAscendMaximumChannels
+attributeId: 1.2.840.113556.1.4.1061
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: S5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msRADIUSFramedIPAddress,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSFramedIPAddress
+adminDisplayName: msRADIUSFramedIPAddress
+adminDescription: msRADIUSFramedIPAddress
+attributeId: 1.2.840.113556.1.4.1153
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: pJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendRoutePreference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendRoutePreference
+adminDisplayName: msAscendRoutePreference
+adminDescription: msAscendRoutePreference
+attributeId: 1.2.840.113556.1.4.1098
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: cJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendHomeNetworkName,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendHomeNetworkName
+adminDisplayName: msAscendHomeNetworkName
+adminDescription: msAscendHomeNetworkName
+attributeId: 1.2.840.113556.1.4.1048
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: PpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendMulticastClient,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendMulticastClient
+adminDisplayName: msAscendMulticastClient
+adminDescription: msAscendMulticastClient
+attributeId: 1.2.840.113556.1.4.1071
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: VZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Encrypt-Alg-Selected-Other,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: EncryptAlgSelectedOther
+adminDisplayName: Encrypt-Alg-Selected-Other
+adminDescription: Encrypt-Alg-Selected-Other
+attributeId: 1.2.840.113556.1.2.397
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32
+schemaIdGuid:: +nPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32829
+hideFromAB: TRUE
+
+dn: CN=msRADIUSFramedIPNetmask,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSFramedIPNetmask
+adminDisplayName: msRADIUSFramedIPNetmask
+adminDescription: msRADIUSFramedIPNetmask
+attributeId: 1.2.840.113556.1.4.1154
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: pZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendConnectProgress,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendConnectProgress
+adminDisplayName: msAscendConnectProgress
+adminDescription: msAscendConnectProgress
+attributeId: 1.2.840.113556.1.4.1006
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: FJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendLinkCompression,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendLinkCompression
+adminDisplayName: msAscendLinkCompression
+adminDescription: msAscendLinkCompression
+attributeId: 1.2.840.113556.1.4.1059
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: SZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendPreInputPackets,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendPreInputPackets
+adminDisplayName: msAscendPreInputPackets
+adminDescription: msAscendPreInputPackets
+attributeId: 1.2.840.113556.1.4.1084
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: YpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msRADIUSLoginLATService,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSLoginLATService
+adminDisplayName: msRADIUSLoginLATService
+adminDescription: msRADIUSLoginLATService
+attributeId: 1.2.840.113556.1.4.1165
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: sJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Monitoring-Recipients-NDR,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: MonitoringRecipientsNDR
+adminDisplayName: Monitoring-Recipients-NDR
+adminDescription: Monitoring-Recipients-NDR
+attributeId: 1.2.840.113556.1.2.387
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: L3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33002
+hideFromAB: TRUE
+
+dn: CN=Two-Way-Alternate-Facility,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: TwoWayAlternateFacility
+adminDisplayName: Two-Way-Alternate-Facility
+adminDescription: Two-Way-Alternate-Facility
+attributeId: 1.2.840.113556.1.2.40
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: lHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33105
+hideFromAB: TRUE
+
+dn: CN=msRADIUSAttributeNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSAttributeNumber
+adminDisplayName: msRADIUSAttributeNumber
+adminDescription: msRADIUSAttributeNumber
+attributeId: 1.2.840.113556.1.4.1141
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: mJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msRADIUSAttributeVendor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSAttributeVendor
+adminDisplayName: msRADIUSAttributeVendor
+adminDescription: msRADIUSAttributeVendor
+attributeId: 1.2.840.113556.1.4.1143
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: mpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Preserve-Internet-Content,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: PreserveInternetContent
+adminDisplayName: Preserve-Internet-Content
+adminDescription: Preserve-Internet-Content
+attributeId: 1.2.840.113556.1.2.556
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: THTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 35874
+hideFromAB: TRUE
+
+dn: CN=msAscendPreOutputOctets,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendPreOutputOctets
+adminDisplayName: msAscendPreOutputOctets
+adminDescription: msAscendPreOutputOctets
+attributeId: 1.2.840.113556.1.4.1085
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: Y5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=DXA-Prev-Export-Native-Only,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXAPrevExportNativeOnly
+adminDisplayName: DXA-Prev-Export-Native-Only
+adminDescription: DXA-Prev-Export-Native-Only
+attributeId: 1.2.840.113556.1.2.203
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 3XPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32910
+hideFromAB: TRUE
+
+dn: CN=msRASMPPEEncryptionType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRASMPPEEncryptionType
+adminDisplayName: msRASMPPEEncryptionType
+adminDescription: msRASMPPEEncryptionType
+attributeId: 1.2.840.113556.1.4.1188
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: xJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=X25-Facilities-Data-Incoming,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: X25FacilitiesDataIncoming
+adminDisplayName: X25-Facilities-Data-Incoming
+adminDescription: X25-Facilities-Data-Incoming
+attributeId: 1.2.840.113556.1.2.318
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 109
+schemaIdGuid:: nXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33115
+hideFromAB: TRUE
+
+dn: CN=msAscendBaseChannelCount,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendBaseChannelCount
+adminDisplayName: msAscendBaseChannelCount
+adminDescription: msAscendBaseChannelCount
+attributeId: 1.2.840.113556.1.4.987
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: AZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msRASSavedCallbackNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRASSavedCallbackNumber
+adminDisplayName: msRASSavedCallbackNumber
+adminDescription: msRASSavedCallbackNumber
+attributeId: 1.2.840.113556.1.4.1189
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: xZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=X25-Facilities-Data-Outgoing,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: X25FacilitiesDataOutgoing
+adminDisplayName: X25-Facilities-Data-Outgoing
+adminDescription: X25-Facilities-Data-Outgoing
+attributeId: 1.2.840.113556.1.2.319
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 109
+schemaIdGuid:: nnTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33116
+hideFromAB: TRUE
+
+dn: CN=msAscendCallAttemptLimit,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendCallAttemptLimit
+adminDisplayName: msAscendCallAttemptLimit
+adminDescription: msAscendCallAttemptLimit
+attributeId: 1.2.840.113556.1.4.991
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: BZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendIPPoolDefinition,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendIPPoolDefinition
+adminDisplayName: msAscendIPPoolDefinition
+adminDescription: msAscendIPPoolDefinition
+attributeId: 1.2.840.113556.1.4.1054
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: RJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendPrimaryHomeAgent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendPrimaryHomeAgent
+adminDisplayName: msAscendPrimaryHomeAgent
+adminDescription: msAscendPrimaryHomeAgent
+attributeId: 1.2.840.113556.1.4.1088
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: ZpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendHomeAgentUDPPort,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendHomeAgentUDPPort
+adminDisplayName: msAscendHomeAgentUDPPort
+adminDescription: msAscendHomeAgentUDPPort
+attributeId: 1.2.840.113556.1.4.1047
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: PZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendClientPrimaryDNS,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendClientPrimaryDNS
+adminDisplayName: msAscendClientPrimaryDNS
+adminDescription: msAscendClientPrimaryDNS
+attributeId: 1.2.840.113556.1.4.1004
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: EpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msRADIUSTunnelPreference,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSTunnelPreference
+adminDisplayName: msRADIUSTunnelPreference
+adminDescription: msRADIUSTunnelPreference
+attributeId: 1.2.840.113556.1.4.1178
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: vZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendSecondsOfHistory,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendSecondsOfHistory
+adminDisplayName: msAscendSecondsOfHistory
+adminDescription: msAscendSecondsOfHistory
+attributeId: 1.2.840.113556.1.4.1100
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: cpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendPreOutputPackets,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendPreOutputPackets
+adminDisplayName: msAscendPreOutputPackets
+adminDescription: msAscendPreOutputPackets
+attributeId: 1.2.840.113556.1.4.1086
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: ZJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msRADIUSFramedIPXNetwork,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSFramedIPXNetwork
+adminDisplayName: msRADIUSFramedIPXNetwork
+adminDescription: msRADIUSFramedIPXNetwork
+attributeId: 1.2.840.113556.1.4.1155
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: ppAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Connection-List-Filter-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: ConnectionListFilterType
+adminDisplayName: Connection-List-Filter-Type
+adminDescription: Connection-List-Filter-Type
+attributeId: 1.2.840.113556.1.2.526
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2
+schemaIdGuid:: t3PfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33204
+hideFromAB: TRUE
+
+dn: CN=msAscendHistoryWeighType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendHistoryWeighType
+adminDisplayName: msAscendHistoryWeighType
+adminDescription: msAscendHistoryWeighType
+attributeId: 1.2.840.113556.1.4.1044
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: OpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msRADIUSTunnelMediumType,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSTunnelMediumType
+adminDisplayName: msRADIUSTunnelMediumType
+adminDescription: msRADIUSTunnelMediumType
+attributeId: 1.2.840.113556.1.4.1176
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: u5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Transfer-Timeout-Non-Urgent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: TransferTimeoutNonUrgent
+adminDisplayName: Transfer-Timeout-Non-Urgent
+adminDescription: Transfer-Timeout-Non-Urgent
+attributeId: 1.2.840.113556.1.2.136
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid:: jXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33098
+hideFromAB: TRUE
+
+dn: CN=msAscendCallBlockDuration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendCallBlockDuration
+adminDisplayName: msAscendCallBlockDuration
+adminDescription: msAscendCallBlockDuration
+attributeId: 1.2.840.113556.1.4.994
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: CJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendAppletalkPeerMode,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendAppletalkPeerMode
+adminDisplayName: msAscendAppletalkPeerMode
+adminDescription: msAscendAppletalkPeerMode
+attributeId: 1.2.840.113556.1.4.979
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: +Y8M2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msRASSavedFramedIPAddress,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRASSavedFramedIPAddress
+adminDisplayName: msRASSavedFramedIPAddress
+adminDescription: msRASSavedFramedIPAddress
+attributeId: 1.2.840.113556.1.4.1190
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: xpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendDHCPMaximumLeases,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendDHCPMaximumLeases
+adminDisplayName: msAscendDHCPMaximumLeases
+adminDescription: msAscendDHCPMaximumLeases
+attributeId: 1.2.840.113556.1.4.1012
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: GpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendHomeAgentPassword,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendHomeAgentPassword
+adminDisplayName: msAscendHomeAgentPassword
+adminDescription: msAscendHomeAgentPassword
+attributeId: 1.2.840.113556.1.4.1046
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: PJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msNPSavedCallingStationID,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msNPSavedCallingStationID
+adminDisplayName: msNPSavedCallingStationID
+adminDescription: msNPSavedCallingStationID
+attributeId: 1.2.840.113556.1.4.1130
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: jpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Quota-Notification-Schedule,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: QuotaNotificationSchedule
+adminDisplayName: Quota-Notification-Schedule
+adminDescription: Quota-Notification-Schedule
+attributeId: 1.2.840.113556.1.2.98
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 84
+rangeUpper: 84
+schemaIdGuid:: T3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33041
+hideFromAB: TRUE
+
+dn: CN=msRADIUSFramedCompression,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSFramedCompression
+adminDisplayName: msRADIUSFramedCompression
+adminDescription: msRADIUSFramedCompression
+attributeId: 1.2.840.113556.1.4.1152
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: o5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msRADIUSTerminationAction,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSTerminationAction
+adminDisplayName: msRADIUSTerminationAction
+adminDescription: msRADIUSTerminationAction
+attributeId: 1.2.840.113556.1.4.1173
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: uJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendTunnelingProtocol,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendTunnelingProtocol
+adminDisplayName: msAscendTunnelingProtocol
+adminDescription: msAscendTunnelingProtocol
+attributeId: 1.2.840.113556.1.4.1111
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: fZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Authorized-Password-Confirm,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: AuthorizedPasswordConfirm
+adminDisplayName: Authorized-Password-Confirm
+adminDescription: Authorized-Password-Confirm
+attributeId: 1.2.840.113556.1.2.493
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 512
+schemaIdGuid:: nHPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33170
+hideFromAB: TRUE
+
+dn: CN=msRASMPPEEncryptionPolicy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRASMPPEEncryptionPolicy
+adminDisplayName: msRASMPPEEncryptionPolicy
+adminDescription: msRASMPPEEncryptionPolicy
+attributeId: 1.2.840.113556.1.4.1187
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: w5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Monitoring-Normal-Poll-Units,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: MonitoringNormalPollUnits
+adminDisplayName: Monitoring-Normal-Poll-Units
+adminDescription: Monitoring-Normal-Poll-Units
+attributeId: 1.2.840.113556.1.2.88
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2
+schemaIdGuid:: LXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33000
+hideFromAB: TRUE
+
+dn: CN=msAscendSecondaryHomeAgent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendSecondaryHomeAgent
+adminDisplayName: msAscendSecondaryHomeAgent
+adminDescription: msAscendSecondaryHomeAgent
+attributeId: 1.2.840.113556.1.4.1099
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: cZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendClientSecondaryDNS,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendClientSecondaryDNS
+adminDisplayName: msAscendClientSecondaryDNS
+adminDescription: msAscendClientSecondaryDNS
+attributeId: 1.2.840.113556.1.4.1005
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: E5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Allowed-Attributes-Effective,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: allowedAttributesEffective
+adminDisplayName: Allowed-Attributes-Effective
+adminDescription: Allowed-Attributes-Effective
+attributeId: 1.2.840.113556.1.4.914
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIDGUID:: Qdl6mlPK0RG70ACAx2ZwwA==
+hideFromAB: TRUE
+systemFlags: 8000004
+
+dn: CN=msAscendMulticastRateLimit,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendMulticastRateLimit
+adminDisplayName: msAscendMulticastRateLimit
+adminDescription: msAscendMulticastRateLimit
+attributeId: 1.2.840.113556.1.4.1073
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: V5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msRADIUSTunnelAssignmentId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSTunnelAssignmentId
+adminDisplayName: msRADIUSTunnelAssignmentId
+adminDescription: msRADIUSTunnelAssignmentId
+attributeId: 1.2.840.113556.1.4.1174
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: uZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msRADIUSVSAAttributeNumber,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSVSAAttributeNumber
+adminDisplayName: msRADIUSVSAAttributeNumber
+adminDescription: msRADIUSVSAAttributeNumber
+attributeId: 1.2.840.113556.1.4.1183
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: wpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendSharedProfileEnable,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendSharedProfileEnable
+adminDisplayName: msAscendSharedProfileEnable
+adminDescription: msAscendSharedProfileEnable
+attributeId: 1.2.840.113556.1.4.1105
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: d5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Certificate-Revocation-List-V1,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: CertificateRevocationListV1
+adminDisplayName: Certificate-Revocation-List-V1
+adminDescription: Certificate-Revocation-List-V1
+attributeId: 1.2.840.113556.1.2.564
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: q3PfqOrF0RG7ywCAx2ZwwA==
+mapiID: 35881
+hideFromAB: TRUE
+
+dn: CN=Certificate-Revocation-List-V3,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: CertificateRevocationListV3
+adminDisplayName: Certificate-Revocation-List-V3
+adminDescription: Certificate-Revocation-List-V3
+attributeId: 1.2.840.113556.1.2.563
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: rHPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 35880
+hideFromAB: TRUE
+
+dn: CN=Monitoring-Hotsite-Poll-Units,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: MonitoringHotsitePollUnits
+adminDisplayName: Monitoring-Hotsite-Poll-Units
+adminDescription: Monitoring-Hotsite-Poll-Units
+attributeId: 1.2.840.113556.1.2.87
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2
+schemaIdGuid:: K3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32996
+hideFromAB: TRUE
+
+dn: CN=msRADIUSFramedAppleTalkLink,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSFramedAppleTalkLink
+adminDisplayName: msRADIUSFramedAppleTalkLink
+adminDescription: msRADIUSFramedAppleTalkLink
+attributeId: 1.2.840.113556.1.4.1149
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: oJAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msAscendMaximumCallDuration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendMaximumCallDuration
+adminDisplayName: msAscendMaximumCallDuration
+adminDescription: msAscendMaximumCallDuration
+attributeId: 1.2.840.113556.1.4.1060
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: SpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msRADIUSFramedAppleTalkZone,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSFramedAppleTalkZone
+adminDisplayName: msRADIUSFramedAppleTalkZone
+adminDescription: msRADIUSFramedAppleTalkZone
+attributeId: 1.2.840.113556.1.4.1151
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: opAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=ACS-RSVP-Account-Files-Location,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: aCSRSVPAccountFilesLocation
+adminDisplayName: ACS-RSVP-Account-Files-Location
+adminDescription: ACS-RSVP-Account-Files-Location
+attributeId: 1.2.840.113556.1.4.900
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: DyNy8PWu0RG9zwAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=ACS-Max-Size-Of-RSVP-Account-File,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: aCSMaxSizeOfRSVPAccountFile
+adminDisplayName: ACS-Max-Size-Of-RSVP-Account-File
+adminDescription: ACS-Max-Size-Of-RSVP-Account-File
+attributeId: 1.2.840.113556.1.4.902
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: ESNy8PWu0RG9zwAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=Allowed-Child-Classes-Effective,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: allowedChildClassesEffective
+adminDisplayName: Allowed-Child-Classes-Effective
+adminDescription: Allowed-Child-Classes-Effective
+attributeId: 1.2.840.113556.1.4.912
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIDGUID:: Q9l6mlPK0RG70ACAx2ZwwA==
+hideFromAB: TRUE
+systemFlags: 8000004
+
+dn: CN=Enabled-Authorization-Packages,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: EnabledAuthorizationPackages
+adminDisplayName: Enabled-Authorization-Packages
+adminDescription: Enabled-Authorization-Packages
+attributeId: 1.2.840.113556.1.2.479
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 128
+schemaIdGuid:: 83PfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33156
+hideFromAB: TRUE
+
+dn: CN=msAscendMulticastGLeaveDelay,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msAscendMulticastGLeaveDelay
+adminDisplayName: msAscendMulticastGLeaveDelay
+adminDescription: msAscendMulticastGLeaveDelay
+attributeId: 1.2.840.113556.1.4.1072
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: VpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msRADIUSTunnelClientEndpoint,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSTunnelClientEndpoint
+adminDisplayName: msRADIUSTunnelClientEndpoint
+adminDescription: msRADIUSTunnelClientEndpoint
+attributeId: 1.2.840.113556.1.4.1175
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: upAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=DXA-Prev-In-Exchange-Sensitivity,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXAPrevInExchangeSensitivity
+adminDisplayName: DXA-Prev-In-Exchange-Sensitivity
+adminDescription: DXA-Prev-In-Exchange-Sensitivity
+attributeId: 1.2.840.113556.1.2.90
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 3nPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32911
+hideFromAB: TRUE
+
+dn: CN=Monitoring-Normal-Poll-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: MonitoringNormalPollInterval
+adminDisplayName: Monitoring-Normal-Poll-Interval
+adminDescription: Monitoring-Normal-Poll-Interval
+attributeId: 1.2.840.113556.1.2.187
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: LHTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32999
+hideFromAB: TRUE
+
+dn: CN=msRADIUSTunnelPrivateGroupId,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSTunnelPrivateGroupId
+adminDisplayName: msRADIUSTunnelPrivateGroupId
+adminDescription: msRADIUSTunnelPrivateGroupId
+attributeId: 1.2.840.113556.1.4.1179
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: vpAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=msRADIUSTunnelServerEndpoint,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSTunnelServerEndpoint
+adminDisplayName: msRADIUSTunnelServerEndpoint
+adminDescription: msRADIUSTunnelServerEndpoint
+attributeId: 1.2.840.113556.1.4.1180
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: v5AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Monitoring-Escalation-Procedure,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: MonitoringEscalationProcedure
+adminDisplayName: Monitoring-Escalation-Procedure
+adminDescription: Monitoring-Escalation-Procedure
+attributeId: 1.2.840.113556.1.2.188
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 1064
+schemaIdGuid:: KXTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32994
+hideFromAB: TRUE
+
+dn: CN=DXA-Prev-Replication-Sensitivity,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: DXAPrevReplicationSensitivity
+adminDisplayName: DXA-Prev-Replication-Sensitivity
+adminDescription: DXA-Prev-Replication-Sensitivity
+attributeId: 1.2.840.113556.1.2.215
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 4HPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32913
+hideFromAB: TRUE
+
+dn: CN=Monitoring-Hotsite-Poll-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: MonitoringHotsitePollInterval
+adminDisplayName: Monitoring-Hotsite-Poll-Interval
+adminDescription: Monitoring-Hotsite-Poll-Interval
+attributeId: 1.2.840.113556.1.2.186
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: KnTfqOrF0RG7ywCAx2ZwwA==
+mapiID: 32995
+hideFromAB: TRUE
+
+dn: CN=Available-Authorization-Packages,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: AvailableAuthorizationPackages
+adminDisplayName: Available-Authorization-Packages
+adminDescription: Available-Authorization-Packages
+attributeId: 1.2.840.113556.1.2.476
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 512
+schemaIdGuid:: nnPfqOrF0RG7ywCAx2ZwwA==
+mapiID: 33153
+hideFromAB: TRUE
+
+dn: CN=ACS-Max-Aggregate-Peak-Rate-Per-User,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: aCSMaxAggregatePeakRatePerUser
+adminDisplayName: ACS-Max-Aggregate-Peak-Rate-Per-User
+adminDescription: ACS-Max-Aggregate-Peak-Rate-Per-User
+attributeId: 1.2.840.113556.1.4.897
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: DCNy8PWu0RG9zwAA+ANnwQ==
+hideFromAB: TRUE
+
+dn: CN=msRADIUSFramedAppleTalkNetwork,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSFramedAppleTalkNetwork
+adminDisplayName: msRADIUSFramedAppleTalkNetwork
+adminDescription: msRADIUSFramedAppleTalkNetwork
+attributeId: 1.2.840.113556.1.4.1150
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: oZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+
+dn: CN=Mail-Gateway,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: mailGateway
+adminDisplayName: Mail-Gateway
+adminDescription: Mail-Gateway
+governsId: 1.2.840.113556.1.3.51
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 1.2.840.113556.1.2.171
+systemMustContain: 1.2.840.113556.1.2.241
+systemMustContain: 2.5.4.3
+systemMayContain: 1.2.840.113556.1.2.221
+systemMayContain: 1.2.840.113556.1.2.396
+systemMayContain: 1.2.840.113556.1.2.142
+systemMayContain: 1.2.840.113556.1.2.137
+systemMayContain: 1.2.840.113556.1.2.136
+systemMayContain: 1.2.840.113556.1.2.133
+systemMayContain: 2.5.4.30
+systemMayContain: 1.2.840.113556.1.2.354
+systemMayContain: 1.2.840.113556.1.2.223
+systemMayContain: 1.2.840.113556.1.2.224
+systemMayContain: 1.2.840.113556.1.2.69
+systemMayContain: 1.2.840.113556.1.2.266
+systemMayContain: 1.2.840.113556.1.2.64
+systemMayContain: 1.2.840.113556.1.2.72
+systemMayContain: 1.2.840.113556.1.2.449
+systemMayContain: 1.2.840.113556.1.2.383
+systemMayContain: 1.2.840.113556.1.2.110
+systemMayContain: 1.2.840.113556.1.2.244
+systemMayContain: 1.2.840.113556.1.2.307
+systemMayContain: 1.2.840.113556.1.2.111
+systemMayContain: 1.2.840.113556.1.2.448
+systemMayContain: 1.2.840.113556.1.2.144
+systemMayContain: 1.2.840.113556.1.2.47
+systemMayContain: 1.2.840.113556.1.2.189
+systemMayContain: 1.2.840.113556.1.2.140
+systemMayContain: 1.2.840.113556.1.2.139
+systemMayContain: 1.2.840.113556.1.2.138
+systemMayContain: 2.5.4.6
+systemMayContain: 1.2.840.113556.1.2.211
+systemMayContain: 1.2.840.113556.1.2.20
+systemMayContain: 1.2.840.113556.1.2.455
+systemMayContain: 1.2.840.113556.1.2.129
+systemMayContain: 1.2.840.113556.1.2.232
+systemMayContain: 1.2.840.113556.1.2.73
+systemMayContain: 1.2.840.113556.1.2.213
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: t3TfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Mail-Gateway,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=X400-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: x400Link
+adminDisplayName: X400-Link
+adminDescription: X400-Link
+governsId: 1.2.840.113556.1.3.29
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.51
+systemMayContain: 1.2.840.113556.1.2.443
+systemMayContain: 1.2.840.113556.1.2.99
+systemMayContain: 1.2.840.113556.1.2.40
+systemMayContain: 1.2.840.113556.1.2.38
+systemMayContain: 1.2.840.113556.1.2.150
+systemMayContain: 1.2.840.113556.1.2.329
+systemMayContain: 1.2.840.113556.1.2.5
+systemMayContain: 1.2.840.113556.1.2.283
+systemMayContain: 1.2.840.113556.1.2.28
+systemMayContain: 1.2.840.113556.1.2.154
+systemMayContain: 1.2.840.113556.1.2.46
+systemMayContain: 1.2.840.113556.1.2.284
+systemMayContain: 1.2.840.113556.1.2.153
+systemMayContain: 1.2.840.113556.1.2.151
+systemMayContain: 1.2.840.113556.1.2.152
+systemMayContain: 1.2.840.113556.1.2.52
+systemMayContain: 1.2.840.113556.1.2.285
+systemMayContain: 1.2.840.113556.1.2.143
+systemMayContain: 1.2.840.113556.1.2.134
+systemMayContain: 1.2.840.113556.1.2.148
+systemMayContain: 1.2.840.113556.1.2.222
+systemMayContain: 1.2.840.113556.1.2.282
+systemMayContain: 1.2.840.113556.1.2.271
+systemMayContain: 1.2.840.113556.1.2.270
+systemMayContain: 1.2.840.113556.1.2.39
+systemMayContain: 1.2.840.113556.1.2.29
+systemMayContain: 1.2.840.113556.1.2.37
+systemMayContain: 1.2.840.113556.1.2.149
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: 4HTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=X400-Link,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Information-Store-Cfg,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: informationStoreCfg
+adminDisplayName: Information-Store-Cfg
+adminDescription: Information-Store-Cfg
+governsId: 1.2.840.113556.1.3.5
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 2.5.4.3
+systemMayContain: 1.2.840.113556.1.2.457
+systemMayContain: 1.2.840.113556.1.2.456
+systemMayContain: 1.2.840.113556.1.2.434
+systemMayContain: 1.2.840.113556.1.2.388
+systemMayContain: 1.2.840.113556.1.2.98
+systemMayContain: 1.2.840.113556.1.2.453
+systemMayContain: 1.2.840.113556.1.2.266
+systemMayContain: 1.2.840.113556.1.2.272
+systemMayContain: 1.2.840.113556.1.2.235
+systemMayContain: 1.2.840.113556.1.2.586
+systemMayContain: 1.2.840.113556.1.2.13
+systemMayContain: 1.2.840.113556.1.2.300
+systemMayContain: 1.2.840.113556.1.2.63
+systemMayContain: 1.2.840.113556.1.2.62
+systemMayContain: 1.2.840.113556.1.2.11
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: tHTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Information-Store-Cfg,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MHS-Monitoring-Config,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: mHSMonitoringConfig
+adminDisplayName: MHS-Monitoring-Config
+adminDescription: MHS-Monitoring-Config
+governsId: 1.2.840.113556.1.3.6
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 2.5.4.3
+systemMayContain: 1.2.840.113556.1.2.185
+systemMayContain: 1.2.840.113556.1.2.88
+systemMayContain: 1.2.840.113556.1.2.187
+systemMayContain: 1.2.840.113556.1.2.87
+systemMayContain: 1.2.840.113556.1.2.186
+systemMayContain: 1.2.840.113556.1.2.188
+systemMayContain: 1.2.840.113556.1.2.200
+systemMayContain: 1.2.840.113556.1.2.450
+systemMayContain: 1.2.840.113556.1.2.179
+systemMayContain: 1.2.840.113556.1.2.192
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: u3TfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MHS-Monitoring-Config,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Protocol-Cfg-Shared,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: protocolCfgShared
+adminDisplayName: Protocol-Cfg-Shared
+adminDescription: Protocol-Cfg-Shared
+governsId: 1.2.840.113556.1.3.65
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 2.5.4.3
+systemMayContain: 1.2.840.113556.1.2.478
+systemMayContain: 1.2.840.113556.1.2.608
+systemMayContain: 1.2.840.113556.1.4.216
+systemMayContain: 1.2.840.113556.1.2.9
+systemMayContain: 1.2.840.113556.1.2.607
+systemMayContain: 1.2.840.113556.1.2.337
+systemMayContain: 1.2.840.113556.1.2.526
+systemMayContain: 1.2.840.113556.1.2.475
+systemMayContain: 1.2.840.113556.1.2.477
+systemMayContain: 1.2.840.113556.1.2.476
+systemPossSuperiors: 1.2.840.113556.1.3.30
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: 0HTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Protocol-Cfg-Shared,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Protocol-Cfg-Shared-Site,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: protocolCfgSharedSite
+adminDisplayName: Protocol-Cfg-Shared-Site
+adminDescription: Protocol-Cfg-Shared-Site
+governsId: 1.2.840.113556.1.3.66
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.65
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: 0nTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Protocol-Cfg-Shared-Site,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MTA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: mTA
+adminDisplayName: MTA
+adminDescription: MTA
+governsId: 1.2.840.113556.1.3.49
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 1.2.840.113556.1.2.220
+systemMustContain: 1.2.840.113556.1.2.219
+systemMustContain: 1.2.840.113556.1.2.271
+systemMustContain: 2.5.4.3
+systemMayContain: 1.2.840.113556.1.2.270
+systemMayContain: 1.2.840.113556.1.2.201
+systemMayContain: 1.2.840.113556.1.2.189
+systemMayContain: 1.2.840.113556.1.2.140
+systemMayContain: 1.2.840.113556.1.2.139
+systemMayContain: 1.2.840.113556.1.2.138
+systemPossSuperiors: 1.2.840.113556.1.3.30
+systemPossSuperiors: container
+schemaIdGuid:: p3TfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MTA,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Exchange-Admin-Service,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: exchangeAdminService
+adminDisplayName: Exchange-Admin-Service
+adminDescription: Exchange-Admin-Service
+governsId: 1.2.840.113556.1.3.62
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemAuxiliaryClass: 1.2.840.113556.1.3.46
+systemMustContain: 1.2.840.113556.1.2.241
+systemMayContain: 1.2.840.113556.1.2.189
+systemPossSuperiors: 1.2.840.113556.1.3.23
+systemPossSuperiors: 1.2.840.113556.1.3.30
+schemaIdGuid:: snTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Exchange-Admin-Service,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Protocol-Cfg-Shared-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: protocolCfgSharedServer
+adminDisplayName: Protocol-Cfg-Shared-Server
+adminDescription: Protocol-Cfg-Shared-Server
+governsId: 1.2.840.113556.1.3.67
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.65
+systemPossSuperiors: 1.2.840.113556.1.3.30
+schemaIdGuid:: 0XTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Protocol-Cfg-Shared-Server,CN=Schema,CN=Configuration,DC=X
+
+
+dn: CN=Protocol-Cfg,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: protocolCfg
+adminDisplayName: Protocol-Cfg
+adminDescription: Protocol-Cfg
+governsId: 1.2.840.113556.1.3.68
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 2.5.4.3
+systemMayContain: 1.2.840.113556.1.2.478
+systemMayContain: 1.2.840.113556.1.2.492
+systemMayContain: 1.2.840.113556.1.2.560
+systemMayContain: 1.2.840.113556.1.2.556
+systemMayContain: 1.2.840.113556.1.2.527
+systemMayContain: 1.2.840.113556.1.2.491
+systemMayContain: 1.2.840.113556.1.2.515
+systemMayContain: 1.2.840.113556.1.2.479
+systemMayContain: 1.2.840.113556.1.2.189
+systemMayContain: 1.2.840.113556.1.2.481
+systemMayContain: 1.2.840.113556.1.2.559
+systemMayContain: 1.2.840.113556.1.2.480
+systemMayContain: 1.2.840.113556.1.2.149
+systemMayContain: 1.2.840.113556.1.2.482
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: wHTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Protocol-Cfg,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RFC1006-X400-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: rFC1006X400Link
+adminDisplayName: RFC1006-X400-Link
+adminDescription: RFC1006-X400-Link
+governsId: 1.2.840.113556.1.3.32
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.29
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: 2HTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=RFC1006-X400-Link,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Remote-DXA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: remoteDXA
+adminDisplayName: Remote-DXA
+adminDescription: Remote-DXA
+governsId: 1.2.840.113556.1.3.2
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 1.2.840.113556.1.2.307
+systemMustContain: 1.2.840.113556.1.2.112
+systemMustContain: 2.5.4.3
+systemMayContain: 1.2.840.113556.1.2.298
+systemMayContain: 1.2.840.113556.1.2.173
+systemMayContain: 1.2.840.113556.1.2.223
+systemMayContain: 1.2.840.113556.1.2.100
+systemMayContain: 1.2.840.113556.1.2.383
+systemMayContain: 1.2.840.113556.1.2.110
+systemMayContain: 1.2.840.113556.1.2.111
+systemMayContain: 1.2.840.113556.1.2.181
+systemMayContain: 1.2.840.113556.1.2.119
+systemMayContain: 1.2.840.113556.1.2.358
+systemMayContain: 1.2.840.113556.1.2.124
+systemMayContain: 1.2.840.113556.1.2.361
+systemMayContain: 1.2.840.113556.1.2.360
+systemMayContain: 1.2.840.113556.1.2.446
+systemMayContain: 1.2.840.113556.1.2.182
+systemMayContain: 1.2.840.113556.1.2.114
+systemMayContain: 1.2.840.113556.1.2.101
+systemMayContain: 1.2.840.113556.1.2.384
+systemMayContain: 1.2.840.113556.1.2.217
+systemMayContain: 1.2.840.113556.1.2.395
+systemMayContain: 1.2.840.113556.1.2.215
+systemMayContain: 1.2.840.113556.1.2.265
+systemMayContain: 1.2.840.113556.1.2.90
+systemMayContain: 1.2.840.113556.1.2.203
+systemMayContain: 1.2.840.113556.1.2.216
+systemMayContain: 1.2.840.113556.1.2.305
+systemMayContain: 1.2.840.113556.1.2.331
+systemMayContain: 1.2.840.113556.1.2.113
+systemMayContain: 1.2.840.113556.1.2.376
+systemMayContain: 1.2.840.113556.1.2.86
+systemMayContain: 1.2.840.113556.1.2.117
+systemMayContain: 1.2.840.113556.1.2.116
+systemMayContain: 1.2.840.113556.1.2.377
+systemMayContain: 1.2.840.113556.1.2.359
+systemMayContain: 1.2.840.113556.1.2.45
+systemMayContain: 1.2.840.113556.1.2.184
+systemMayContain: 1.2.840.113556.1.2.122
+systemMayContain: 1.2.840.113556.1.2.180
+systemMayContain: 1.2.840.113556.1.2.174
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: 1XTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Remote-DXA,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Protocol-Cfg-HTTP,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: protocolCfgHTTP
+adminDisplayName: Protocol-Cfg-HTTP
+adminDescription: Protocol-Cfg-HTTP
+governsId: 1.2.840.113556.1.3.79
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.68
+systemMustContain: 1.2.840.113556.1.2.502
+systemMayContain: 1.2.840.113556.1.2.517
+systemMayContain: 1.2.840.113556.1.2.505
+systemMayContain: 1.2.840.113556.1.2.503
+systemMayContain: 1.2.840.113556.1.2.516
+systemPossSuperiors: 1.2.840.113556.1.3.67
+systemPossSuperiors: 1.2.840.113556.1.3.66
+schemaIdGuid:: wXTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Protocol-Cfg-HTTP,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Protocol-Cfg-LDAP,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: protocolCfgLDAP
+adminDisplayName: Protocol-Cfg-LDAP
+adminDescription: Protocol-Cfg-LDAP
+governsId: 1.2.840.113556.1.3.75
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.68
+systemMayContain: 1.2.840.113556.1.2.490
+systemMayContain: 1.2.840.113556.1.2.552
+systemPossSuperiors: 1.2.840.113556.1.3.67
+systemPossSuperiors: 1.2.840.113556.1.3.66
+schemaIdGuid:: x3TfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Protocol-Cfg-LDAP,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Protocol-Cfg-IMAP,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: protocolCfgIMAP
+adminDisplayName: Protocol-Cfg-IMAP
+adminDescription: Protocol-Cfg-IMAP
+governsId: 1.2.840.113556.1.3.84
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.68
+systemMayContain: 1.2.840.113556.1.2.594
+systemMayContain: 1.2.840.113556.1.2.608
+systemMayContain: 1.2.840.113556.1.2.592
+systemMayContain: 1.2.840.113556.1.2.9
+systemMayContain: 1.2.840.113556.1.2.607
+systemMayContain: 1.2.840.113556.1.2.337
+systemMayContain: 1.2.840.113556.1.2.591
+systemMayContain: 1.2.840.113556.1.2.561
+systemPossSuperiors: 1.2.840.113556.1.3.67
+systemPossSuperiors: 1.2.840.113556.1.3.66
+schemaIdGuid:: xHTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Protocol-Cfg-IMAP,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Protocol-Cfg-HTTP-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: protocolCfgHTTPServer
+adminDisplayName: Protocol-Cfg-HTTP-Server
+adminDescription: Protocol-Cfg-HTTP-Server
+governsId: 1.2.840.113556.1.3.80
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.79
+systemPossSuperiors: 1.2.840.113556.1.3.67
+schemaIdGuid:: wnTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Protocol-Cfg-HTTP-Server,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Protocol-Cfg-NNTP,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: protocolCfgNNTP
+adminDisplayName: Protocol-Cfg-NNTP
+adminDescription: Protocol-Cfg-NNTP
+governsId: 1.2.840.113556.1.3.72
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.68
+systemMayContain: 1.2.840.113556.1.2.484
+systemMayContain: 1.2.840.113556.1.2.590
+systemMayContain: 1.2.840.113556.1.2.524
+systemMayContain: 1.2.840.113556.1.2.543
+systemMayContain: 1.2.840.113556.1.2.485
+systemMayContain: 1.2.840.113556.1.2.483
+systemMayContain: 1.2.840.113556.1.2.486
+systemPossSuperiors: 1.2.840.113556.1.3.67
+systemPossSuperiors: 1.2.840.113556.1.3.66
+schemaIdGuid:: ynTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Protocol-Cfg-NNTP,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Mailbox-Agent,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: mailboxAgent
+adminDisplayName: Mailbox-Agent
+adminDescription: Mailbox-Agent
+governsId: 1.2.840.113556.1.3.17
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.22
+systemMayContain: 2.5.4.32
+systemMayContain: 1.2.840.113556.1.2.20
+systemMayContain: 1.2.840.113556.1.2.73
+systemMayContain: 1.2.840.113556.1.2.213
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: uHTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Mailbox-Agent,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Directory-Cfg,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: directoryCfg
+adminDisplayName: Directory-Cfg
+adminDescription: Directory-Cfg
+governsId: 1.2.840.113556.1.3.4
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 2.5.4.3
+systemMayContain: 1.2.840.113556.1.2.509
+systemMayContain: 1.2.840.113556.1.2.54
+systemMayContain: 1.2.840.113556.1.2.385
+systemMayContain: 1.2.840.113556.1.2.520
+systemMayContain: 1.2.840.113556.1.2.519
+systemMayContain: 1.2.840.113556.1.2.390
+systemMayContain: 1.2.840.113556.1.2.392
+systemMayContain: 1.2.840.113556.1.2.389
+systemMayContain: 1.2.840.113556.1.2.391
+systemMayContain: 1.2.840.113556.1.2.301
+systemMayContain: 1.2.840.113556.1.2.575
+systemMayContain: 1.2.840.113556.1.2.212
+systemMayContain: 1.2.840.113556.1.4.1213
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: rXTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Directory-Cfg,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NNTP-Newsfeed,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: nNTPNewsfeed
+adminDisplayName: NNTP-Newsfeed
+adminDescription: NNTP-Newsfeed
+governsId: 1.2.840.113556.1.3.78
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 1.2.840.113556.1.2.495
+systemMustContain: 2.5.4.3
+systemMayContain: 1.2.840.113556.1.2.484
+systemMayContain: 1.2.840.113556.1.2.492
+systemMayContain: 1.2.840.113556.1.2.560
+systemMayContain: 1.2.840.113556.1.2.313
+systemMayContain: 1.2.840.113556.1.2.520
+systemMayContain: 1.2.840.113556.1.2.519
+systemMayContain: 1.2.840.113556.1.2.527
+systemMayContain: 1.2.840.113556.1.2.490
+systemMayContain: 1.2.840.113556.1.2.496
+systemMayContain: 1.2.840.113556.1.2.522
+systemMayContain: 1.2.840.113556.1.2.488
+systemMayContain: 1.2.840.113556.1.2.511
+systemMayContain: 1.2.840.113556.1.2.498
+systemMayContain: 1.2.840.113556.1.2.497
+systemMayContain: 1.2.840.113556.1.2.543
+systemMayContain: 1.2.840.113556.1.2.521
+systemMayContain: 1.2.840.113556.1.2.491
+systemMayContain: 1.2.840.113556.1.2.554
+systemMayContain: 1.2.840.113556.1.2.494
+systemMayContain: 1.2.840.113556.1.2.489
+systemMayContain: 1.2.840.113556.1.2.553
+systemMayContain: 1.2.840.113556.1.2.555
+systemMayContain: 1.2.840.113556.1.2.557
+systemMayContain: 1.2.840.113556.1.2.558
+systemMayContain: 1.2.840.113556.1.2.525
+systemMayContain: 1.2.840.113556.1.2.276
+systemMayContain: 1.2.840.113556.1.2.493
+systemMayContain: 1.2.840.113556.1.2.193
+systemMayContain: 1.2.840.113556.1.2.501
+systemMayContain: 1.2.840.113556.1.2.512
+systemMayContain: 1.2.840.113556.1.2.212
+systemMayContain: 1.2.840.113556.1.2.73
+systemMayContain: 1.2.840.113556.1.2.213
+systemMayContain: 1.2.840.113556.1.4.1213
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: qXTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NNTP-Newsfeed,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DXA-Site-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: dXASiteServer
+adminDisplayName: DXA-Site-Server
+adminDescription: DXA-Site-Server
+governsId: 1.2.840.113556.1.3.60
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 2.5.4.3
+systemMayContain: 1.2.840.113556.1.2.298
+systemMayContain: 1.2.840.113556.1.2.113
+systemMayContain: 1.2.840.113556.1.2.379
+systemMayContain: 1.2.840.113556.1.2.378
+systemMayContain: 1.2.840.113556.1.2.73
+systemMayContain: 1.2.840.113556.1.2.213
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: sHTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=DXA-Site-Server,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Site-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: mSMQSiteLink
+adminDisplayName: MSMQ-Site-Link
+adminDescription: MSMQ-Site-Link
+governsId: 1.2.840.113556.1.5.164
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.945
+systemMayContain: 1.2.840.113556.1.4.944
+systemMayContain: 1.2.840.113556.1.4.943
+systemMayContain: 1.2.840.113556.1.4.946
+systemPossSuperiors: 1.2.840.113556.1.5.31
+schemaIdGuid:: RsMNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Site-Link,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: mSMQSettings
+adminDisplayName: MSMQ-Settings
+adminDescription: MSMQ-Settings
+governsId: 1.2.840.113556.1.5.165
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.950
+systemMayContain: 1.2.840.113556.1.4.951
+systemMayContain: 1.2.840.113556.1.4.925
+systemMayContain: 1.2.840.113556.1.4.952
+systemPossSuperiors: 1.2.840.113556.1.5.17
+schemaIdGuid:: R8MNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=EAP,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: eAP
+adminDisplayName: EAP
+adminDescription: EAP
+governsId: 1.2.840.113556.1.5.167
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.1210
+systemMayContain: 1.2.840.113556.1.4.1211
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: 2ZAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=EAP,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Transport-Stack,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: transportStack
+adminDisplayName: Transport-Stack
+adminDescription: Transport-Stack
+governsId: 1.2.840.113556.1.3.18
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 2.5.4.3
+systemMayContain: 1.2.840.113556.1.2.443
+systemMayContain: 1.2.840.113556.1.2.283
+systemMayContain: 1.2.840.113556.1.2.284
+systemMayContain: 1.2.840.113556.1.2.285
+systemMayContain: 1.2.840.113556.1.2.222
+systemMayContain: 1.2.840.113556.1.2.282
+systemPossSuperiors: 1.2.840.113556.1.3.49
+systemPossSuperiors: 1.2.840.113556.1.3.30
+systemPossSuperiors: container
+schemaIdGuid:: 3XTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Transport-Stack,CN=Schema,CN=Configuration,DC=X
+
+
+dn: CN=Mail-Connector,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: mailConnector
+adminDisplayName: Mail-Connector
+adminDescription: Mail-Connector
+governsId: 1.2.840.113556.1.3.61
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.51
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: tnTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Mail-Connector,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Enterprise-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: mSMQEnterpriseSettings
+adminDisplayName: MSMQ-Enterprise-Settings
+adminDescription: MSMQ-Enterprise-Settings
+governsId: 1.2.840.113556.1.5.163
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.942
+systemMayContain: 1.2.840.113556.1.4.939
+systemMayContain: 1.2.840.113556.1.4.941
+systemMayContain: 1.2.840.113556.1.4.940
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: RcMNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Enterprise-Settings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Encryption-Cfg,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: encryptionCfg
+adminDisplayName: Encryption-Cfg
+adminDescription: Encryption-Cfg
+governsId: 1.2.840.113556.1.3.16
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 2.5.4.3
+systemMayContain: 1.2.840.113556.1.2.571
+systemMayContain: 1.2.840.113556.1.2.570
+systemMayContain: 1.2.840.113556.1.2.569
+systemMayContain: 1.2.840.113556.1.2.568
+systemMayContain: 1.2.840.113556.1.2.440
+systemMayContain: 1.2.840.113556.1.2.397
+systemMayContain: 1.2.840.113556.1.2.401
+systemMayContain: 1.2.840.113556.1.2.399
+systemMayContain: 1.2.840.113556.1.2.130
+systemMayContain: 1.2.840.113556.1.2.572
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: sXTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Encryption-Cfg,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Connector,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: siteConnector
+adminDisplayName: Site-Connector
+adminDescription: Site-Connector
+governsId: 1.2.840.113556.1.3.50
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 2.5.4.3
+systemMayContain: 1.2.840.113556.1.2.259
+systemMayContain: 1.2.840.113556.1.2.354
+systemMayContain: 1.2.840.113556.1.2.171
+systemMayContain: 1.2.840.113556.1.2.147
+systemMayContain: 1.2.840.113556.1.2.135
+systemMayContain: 1.2.840.113556.1.2.463
+systemMayContain: 1.2.840.113556.1.2.276
+systemMayContain: 1.2.840.113556.1.2.193
+systemMayContain: 1.2.840.113556.1.2.202
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: 2nTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Site-Connector,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DX-Server-Conn,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: dXServerConn
+adminDisplayName: DX-Server-Conn
+adminDescription: DX-Server-Conn
+governsId: 1.2.840.113556.1.3.20
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.2
+systemPossSuperiors: 1.2.840.113556.1.3.60
+schemaIdGuid:: r3TfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=DX-Server-Conn,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Protocol-Cfg-POP,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: protocolCfgPOP
+adminDisplayName: Protocol-Cfg-POP
+adminDescription: Protocol-Cfg-POP
+governsId: 1.2.840.113556.1.3.69
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.68
+systemMayContain: 1.2.840.113556.1.2.608
+systemMayContain: 1.2.840.113556.1.2.9
+systemMayContain: 1.2.840.113556.1.2.607
+systemMayContain: 1.2.840.113556.1.2.337
+systemPossSuperiors: 1.2.840.113556.1.3.67
+systemPossSuperiors: 1.2.840.113556.1.3.66
+schemaIdGuid:: zXTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Protocol-Cfg-POP,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MHS-Link-Monitoring-Config,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: mHSLinkMonitoringConfig
+adminDisplayName: MHS-Link-Monitoring-Config
+adminDescription: MHS-Link-Monitoring-Config
+governsId: 1.2.840.113556.1.3.12
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.6
+systemMayContain: 1.2.840.113556.1.2.56
+systemMayContain: 1.2.840.113556.1.2.157
+systemMayContain: 1.2.840.113556.1.2.387
+systemMayContain: 1.2.840.113556.1.2.159
+systemMayContain: 1.2.840.113556.1.2.57
+systemMayContain: 1.2.840.113556.1.2.158
+systemMayContain: 1.2.840.113556.1.2.156
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: uXTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MHS-Link-Monitoring-Config,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Site-Addressing,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: siteAddressing
+adminDisplayName: Site-Addressing
+adminDescription: Site-Addressing
+governsId: 1.2.840.113556.1.3.0
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 2.5.4.3
+systemMayContain: 1.2.840.113556.1.2.385
+systemMayContain: 1.2.840.113556.1.2.354
+systemMayContain: 1.2.840.113556.1.2.346
+systemMayContain: 1.2.840.113556.1.2.167
+systemMayContain: 1.2.840.113556.1.2.302
+systemMayContain: 1.2.840.113556.1.2.44
+systemMayContain: 1.2.840.113556.1.2.541
+systemMayContain: 1.2.840.113556.1.2.73
+systemMayContain: 1.2.840.113556.1.2.213
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: 2XTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Site-Addressing,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Admin-Extension,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: adminExtension
+adminDisplayName: Admin-Extension
+adminDescription: Admin-Extension
+governsId: 1.2.840.113556.1.3.21
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 1.2.840.113556.1.2.178
+systemMustContain: 2.5.4.3
+systemMustContain: 1.2.840.113556.1.2.95
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: rHTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Admin-Extension,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Protocol-Cfg-POP-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: protocolCfgPOPServer
+adminDisplayName: Protocol-Cfg-POP-Server
+adminDescription: Protocol-Cfg-POP-Server
+governsId: 1.2.840.113556.1.3.71
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.69
+systemPossSuperiors: 1.2.840.113556.1.3.67
+schemaIdGuid:: znTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Protocol-Cfg-POP-Server,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MHS-Public-Store,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: mHSPublicStore
+adminDisplayName: MHS-Public-Store
+adminDescription: MHS-Public-Store
+governsId: 1.2.840.113556.1.3.28
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemAuxiliaryClass: 1.2.840.113556.1.3.46
+systemMustContain: 1.2.840.113556.1.2.241
+systemMayContain: 1.2.840.113556.1.2.266
+systemMayContain: 1.2.840.113556.1.2.272
+systemMayContain: 1.2.840.113556.1.2.458
+systemMayContain: 1.2.840.113556.1.2.189
+systemMayContain: 1.2.840.113556.1.2.106
+systemPossSuperiors: 1.2.840.113556.1.3.30
+systemPossSuperiors: container
+schemaIdGuid:: vHTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MHS-Public-Store,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Add-In,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: addIn
+adminDisplayName: Add-In
+adminDescription: Add-In
+governsId: 1.2.840.113556.1.3.36
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 1.2.840.113556.1.2.20
+systemMustContain: 2.5.4.3
+systemMayContain: 2.5.4.32
+systemMayContain: 1.2.840.113556.1.2.73
+systemMayContain: 1.2.840.113556.1.2.213
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: qnTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Add-In,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RFC1006-Stack,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: rFC1006Stack
+adminDisplayName: RFC1006-Stack
+adminDescription: RFC1006-Stack
+governsId: 1.2.840.113556.1.3.24
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.18
+systemPossSuperiors: 1.2.840.113556.1.3.49
+systemPossSuperiors: 1.2.840.113556.1.3.30
+systemPossSuperiors: container
+schemaIdGuid:: 13TfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=RFC1006-Stack,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Protocol-Cfg-LDAP-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: protocolCfgLDAPServer
+adminDisplayName: Protocol-Cfg-LDAP-Server
+adminDescription: Protocol-Cfg-LDAP-Server
+governsId: 1.2.840.113556.1.3.77
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.75
+systemMayContain: 1.2.840.113556.1.2.510
+systemPossSuperiors: 1.2.840.113556.1.3.67
+schemaIdGuid:: yHTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Protocol-Cfg-LDAP-Server,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Protocol-Cfg-IMAP-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: protocolCfgIMAPServer
+adminDisplayName: Protocol-Cfg-IMAP-Server
+adminDescription: Protocol-Cfg-IMAP-Server
+governsId: 1.2.840.113556.1.3.85
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.84
+systemPossSuperiors: 1.2.840.113556.1.3.67
+schemaIdGuid:: xXTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Protocol-Cfg-IMAP-Server,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MS-Mail-Connector,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: mSMailConnector
+adminDisplayName: MS-Mail-Connector
+adminDescription: MS-Mail-Connector
+governsId: 1.2.840.113556.1.3.31
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.51
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: vnTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MS-Mail-Connector,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRADIUSProfile,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: msRADIUSProfile
+adminDisplayName: msRADIUSProfile
+adminDescription: msRADIUSProfile
+governsId: 1.2.840.113556.1.5.166
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.1188
+systemMayContain: 1.2.840.113556.1.4.1187
+systemMayContain: 1.2.840.113556.1.4.739
+systemMayContain: 1.2.840.113556.1.4.738
+systemMayContain: 1.2.840.113556.1.4.737
+systemMayContain: 1.2.840.113556.1.4.1181
+systemMayContain: 1.2.840.113556.1.4.1180
+systemMayContain: 1.2.840.113556.1.4.1179
+systemMayContain: 1.2.840.113556.1.4.1178
+systemMayContain: 1.2.840.113556.1.4.1177
+systemMayContain: 1.2.840.113556.1.4.1176
+systemMayContain: 1.2.840.113556.1.4.1175
+systemMayContain: 1.2.840.113556.1.4.1174
+systemMayContain: 1.2.840.113556.1.4.1173
+systemMayContain: 1.2.840.113556.1.4.1172
+systemMayContain: 1.2.840.113556.1.4.1171
+systemMayContain: 1.2.840.113556.1.4.1170
+systemMayContain: 1.2.840.113556.1.4.1169
+systemMayContain: 1.2.840.113556.1.4.1168
+systemMayContain: 1.2.840.113556.1.4.1167
+systemMayContain: 1.2.840.113556.1.4.1166
+systemMayContain: 1.2.840.113556.1.4.1165
+systemMayContain: 1.2.840.113556.1.4.1164
+systemMayContain: 1.2.840.113556.1.4.1163
+systemMayContain: 1.2.840.113556.1.4.1162
+systemMayContain: 1.2.840.113556.1.4.1161
+systemMayContain: 1.2.840.113556.1.4.1160
+systemMayContain: 1.2.840.113556.1.4.1159
+systemMayContain: 1.2.840.113556.1.4.1158
+systemMayContain: 1.2.840.113556.1.4.1157
+systemMayContain: 1.2.840.113556.1.4.1156
+systemMayContain: 1.2.840.113556.1.4.1155
+systemMayContain: 1.2.840.113556.1.4.1154
+systemMayContain: 1.2.840.113556.1.4.1153
+systemMayContain: 1.2.840.113556.1.4.1152
+systemMayContain: 1.2.840.113556.1.4.1151
+systemMayContain: 1.2.840.113556.1.4.1150
+systemMayContain: 1.2.840.113556.1.4.1149
+systemMayContain: 1.2.840.113556.1.4.1148
+systemMayContain: 1.2.840.113556.1.4.1146
+systemMayContain: 1.2.840.113556.1.4.1145
+systemMayContain: 1.2.840.113556.1.4.1144
+systemMayContain: 1.2.840.113556.1.4.1140
+systemMayContain: 1.2.840.113556.1.4.1139
+systemMayContain: 1.2.840.113556.1.4.1138
+systemMayContain: 1.2.840.113556.1.4.1137
+systemMayContain: 1.2.840.113556.1.4.1135
+systemMayContain: 1.2.840.113556.1.4.1134
+systemMayContain: 1.2.840.113556.1.4.1133
+systemMayContain: 1.2.840.113556.1.4.1132
+systemMayContain: 1.2.840.113556.1.4.1128
+systemMayContain: 1.2.840.113556.1.4.1126
+systemMayContain: 1.2.840.113556.1.4.1124
+systemMayContain: 1.2.840.113556.1.4.1123
+systemMayContain: 1.2.840.113556.1.4.1122
+systemMayContain: 1.2.840.113556.1.4.1121
+systemMayContain: 1.2.840.113556.1.4.1120
+systemMayContain: 1.2.840.113556.1.4.1119
+systemMayContain: 1.2.840.113556.1.4.1118
+systemMayContain: 1.2.840.113556.1.4.1117
+systemMayContain: 1.2.840.113556.1.4.1116
+systemMayContain: 1.2.840.113556.1.4.1115
+systemMayContain: 1.2.840.113556.1.4.1114
+systemMayContain: 1.2.840.113556.1.4.1113
+systemMayContain: 1.2.840.113556.1.4.1112
+systemMayContain: 1.2.840.113556.1.4.1111
+systemMayContain: 1.2.840.113556.1.4.1110
+systemMayContain: 1.2.840.113556.1.4.1109
+systemMayContain: 1.2.840.113556.1.4.1108
+systemMayContain: 1.2.840.113556.1.4.1107
+systemMayContain: 1.2.840.113556.1.4.1106
+systemMayContain: 1.2.840.113556.1.4.1105
+systemMayContain: 1.2.840.113556.1.4.1104
+systemMayContain: 1.2.840.113556.1.4.1103
+systemMayContain: 1.2.840.113556.1.4.1102
+systemMayContain: 1.2.840.113556.1.4.1101
+systemMayContain: 1.2.840.113556.1.4.1100
+systemMayContain: 1.2.840.113556.1.4.1099
+systemMayContain: 1.2.840.113556.1.4.1098
+systemMayContain: 1.2.840.113556.1.4.1097
+systemMayContain: 1.2.840.113556.1.4.1096
+systemMayContain: 1.2.840.113556.1.4.1095
+systemMayContain: 1.2.840.113556.1.4.1094
+systemMayContain: 1.2.840.113556.1.4.1093
+systemMayContain: 1.2.840.113556.1.4.1092
+systemMayContain: 1.2.840.113556.1.4.1091
+systemMayContain: 1.2.840.113556.1.4.1090
+systemMayContain: 1.2.840.113556.1.4.1089
+systemMayContain: 1.2.840.113556.1.4.1088
+systemMayContain: 1.2.840.113556.1.4.1087
+systemMayContain: 1.2.840.113556.1.4.1086
+systemMayContain: 1.2.840.113556.1.4.1085
+systemMayContain: 1.2.840.113556.1.4.1084
+systemMayContain: 1.2.840.113556.1.4.1083
+systemMayContain: 1.2.840.113556.1.4.1082
+systemMayContain: 1.2.840.113556.1.4.1081
+systemMayContain: 1.2.840.113556.1.4.1080
+systemMayContain: 1.2.840.113556.1.4.1079
+systemMayContain: 1.2.840.113556.1.4.1078
+systemMayContain: 1.2.840.113556.1.4.1077
+systemMayContain: 1.2.840.113556.1.4.1076
+systemMayContain: 1.2.840.113556.1.4.1075
+systemMayContain: 1.2.840.113556.1.4.1074
+systemMayContain: 1.2.840.113556.1.4.1073
+systemMayContain: 1.2.840.113556.1.4.1072
+systemMayContain: 1.2.840.113556.1.4.1071
+systemMayContain: 1.2.840.113556.1.4.1070
+systemMayContain: 1.2.840.113556.1.4.1069
+systemMayContain: 1.2.840.113556.1.4.1068
+systemMayContain: 1.2.840.113556.1.4.1067
+systemMayContain: 1.2.840.113556.1.4.1066
+systemMayContain: 1.2.840.113556.1.4.1065
+systemMayContain: 1.2.840.113556.1.4.1064
+systemMayContain: 1.2.840.113556.1.4.1063
+systemMayContain: 1.2.840.113556.1.4.1062
+systemMayContain: 1.2.840.113556.1.4.1061
+systemMayContain: 1.2.840.113556.1.4.1060
+systemMayContain: 1.2.840.113556.1.4.1059
+systemMayContain: 1.2.840.113556.1.4.1058
+systemMayContain: 1.2.840.113556.1.4.1057
+systemMayContain: 1.2.840.113556.1.4.1056
+systemMayContain: 1.2.840.113556.1.4.1055
+systemMayContain: 1.2.840.113556.1.4.1054
+systemMayContain: 1.2.840.113556.1.4.1053
+systemMayContain: 1.2.840.113556.1.4.1052
+systemMayContain: 1.2.840.113556.1.4.1051
+systemMayContain: 1.2.840.113556.1.4.1050
+systemMayContain: 1.2.840.113556.1.4.1049
+systemMayContain: 1.2.840.113556.1.4.1048
+systemMayContain: 1.2.840.113556.1.4.1047
+systemMayContain: 1.2.840.113556.1.4.1046
+systemMayContain: 1.2.840.113556.1.4.1045
+systemMayContain: 1.2.840.113556.1.4.1044
+systemMayContain: 1.2.840.113556.1.4.1043
+systemMayContain: 1.2.840.113556.1.4.1042
+systemMayContain: 1.2.840.113556.1.4.1041
+systemMayContain: 1.2.840.113556.1.4.1040
+systemMayContain: 1.2.840.113556.1.4.1039
+systemMayContain: 1.2.840.113556.1.4.1038
+systemMayContain: 1.2.840.113556.1.4.1037
+systemMayContain: 1.2.840.113556.1.4.1036
+systemMayContain: 1.2.840.113556.1.4.1035
+systemMayContain: 1.2.840.113556.1.4.1034
+systemMayContain: 1.2.840.113556.1.4.1033
+systemMayContain: 1.2.840.113556.1.4.1032
+systemMayContain: 1.2.840.113556.1.4.1031
+systemMayContain: 1.2.840.113556.1.4.1030
+systemMayContain: 1.2.840.113556.1.4.1029
+systemMayContain: 1.2.840.113556.1.4.1028
+systemMayContain: 1.2.840.113556.1.4.1027
+systemMayContain: 1.2.840.113556.1.4.1026
+systemMayContain: 1.2.840.113556.1.4.1025
+systemMayContain: 1.2.840.113556.1.4.1024
+systemMayContain: 1.2.840.113556.1.4.1023
+systemMayContain: 1.2.840.113556.1.4.1022
+systemMayContain: 1.2.840.113556.1.4.1021
+systemMayContain: 1.2.840.113556.1.4.1020
+systemMayContain: 1.2.840.113556.1.4.1019
+systemMayContain: 1.2.840.113556.1.4.1018
+systemMayContain: 1.2.840.113556.1.4.1017
+systemMayContain: 1.2.840.113556.1.4.1016
+systemMayContain: 1.2.840.113556.1.4.1015
+systemMayContain: 1.2.840.113556.1.4.1014
+systemMayContain: 1.2.840.113556.1.4.1013
+systemMayContain: 1.2.840.113556.1.4.1012
+systemMayContain: 1.2.840.113556.1.4.1011
+systemMayContain: 1.2.840.113556.1.4.1010
+systemMayContain: 1.2.840.113556.1.4.1009
+systemMayContain: 1.2.840.113556.1.4.1008
+systemMayContain: 1.2.840.113556.1.4.1007
+systemMayContain: 1.2.840.113556.1.4.1006
+systemMayContain: 1.2.840.113556.1.4.1005
+systemMayContain: 1.2.840.113556.1.4.1004
+systemMayContain: 1.2.840.113556.1.4.1003
+systemMayContain: 1.2.840.113556.1.4.1002
+systemMayContain: 1.2.840.113556.1.4.1001
+systemMayContain: 1.2.840.113556.1.4.1000
+systemMayContain: 1.2.840.113556.1.4.999
+systemMayContain: 1.2.840.113556.1.4.998
+systemMayContain: 1.2.840.113556.1.4.997
+systemMayContain: 1.2.840.113556.1.4.996
+systemMayContain: 1.2.840.113556.1.4.995
+systemMayContain: 1.2.840.113556.1.4.994
+systemMayContain: 1.2.840.113556.1.4.993
+systemMayContain: 1.2.840.113556.1.4.992
+systemMayContain: 1.2.840.113556.1.4.991
+systemMayContain: 1.2.840.113556.1.4.990
+systemMayContain: 1.2.840.113556.1.4.989
+systemMayContain: 1.2.840.113556.1.4.988
+systemMayContain: 1.2.840.113556.1.4.987
+systemMayContain: 1.2.840.113556.1.4.986
+systemMayContain: 1.2.840.113556.1.4.985
+systemMayContain: 1.2.840.113556.1.4.984
+systemMayContain: 1.2.840.113556.1.4.983
+systemMayContain: 1.2.840.113556.1.4.982
+systemMayContain: 1.2.840.113556.1.4.981
+systemMayContain: 1.2.840.113556.1.4.980
+systemMayContain: 1.2.840.113556.1.4.979
+systemMayContain: 1.2.840.113556.1.4.978
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: 2JAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=msRADIUSProfile,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MHS-Message-Store,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: mHSMessageStore
+adminDisplayName: MHS-Message-Store
+adminDescription: MHS-Message-Store
+governsId: 1.2.840.113556.1.3.56
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemAuxiliaryClass: 1.2.840.113556.1.3.46
+systemMustContain: 1.2.840.113556.1.2.241
+systemMayContain: 1.2.840.113556.1.2.266
+systemMayContain: 1.2.840.113556.1.2.272
+systemMayContain: 1.2.840.113556.1.2.458
+systemMayContain: 1.2.840.113556.1.2.441
+systemMayContain: 1.2.840.113556.1.2.189
+systemMayContain: 1.2.840.113556.1.2.106
+systemPossSuperiors: 1.2.840.113556.1.3.30
+systemPossSuperiors: container
+schemaIdGuid:: unTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MHS-Message-Store,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Protocol-Cfg-HTTP-Site,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: protocolCfgHTTPSite
+adminDisplayName: Protocol-Cfg-HTTP-Site
+adminDescription: Protocol-Cfg-HTTP-Site
+governsId: 1.2.840.113556.1.3.81
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.79
+systemPossSuperiors: 1.2.840.113556.1.3.66
+schemaIdGuid:: w3TfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Protocol-Cfg-HTTP-Site,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Protocol-Cfg-NNTP-Site,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: protocolCfgNNTPSite
+adminDisplayName: Protocol-Cfg-NNTP-Site
+adminDescription: Protocol-Cfg-NNTP-Site
+governsId: 1.2.840.113556.1.3.73
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.72
+systemPossSuperiors: 1.2.840.113556.1.3.66
+schemaIdGuid:: zHTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Protocol-Cfg-NNTP-Site,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRADIUSVendors,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: msRADIUSVendors
+adminDisplayName: msRADIUSVendors
+adminDescription: msRADIUSVendors
+governsId: 1.2.840.113556.1.5.170
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 1.2.840.113556.1.4.1182
+systemMayContain: 1.2.840.113556.1.4.1192
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: 3JAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=msRADIUSVendors,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MTA-Cfg,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: mTACfg
+adminDisplayName: MTA-Cfg
+adminDescription: MTA-Cfg
+governsId: 1.2.840.113556.1.3.3
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 2.5.4.3
+systemMayContain: 1.2.840.113556.1.2.53
+systemMayContain: 1.2.840.113556.1.2.67
+systemMayContain: 1.2.840.113556.1.2.84
+systemMayContain: 1.2.840.113556.1.2.150
+systemMayContain: 1.2.840.113556.1.2.142
+systemMayContain: 1.2.840.113556.1.2.137
+systemMayContain: 1.2.840.113556.1.2.136
+systemMayContain: 1.2.840.113556.1.2.133
+systemMayContain: 1.2.840.113556.1.2.329
+systemMayContain: 1.2.840.113556.1.2.154
+systemMayContain: 1.2.840.113556.1.2.153
+systemMayContain: 1.2.840.113556.1.2.151
+systemMayContain: 1.2.840.113556.1.2.152
+systemMayContain: 1.2.840.113556.1.2.143
+systemMayContain: 1.2.840.113556.1.2.134
+systemMayContain: 1.2.840.113556.1.2.148
+systemMayContain: 1.2.840.113556.1.2.453
+systemMayContain: 1.2.840.113556.1.2.145
+systemMayContain: 1.2.840.113556.1.2.149
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: qHTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MTA-Cfg,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Virtual-Computer,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: virtualComputer
+adminDisplayName: Virtual-Computer
+adminDescription: Virtual-Computer
+governsId: 1.2.840.113556.1.5.160
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.30
+schemaIdGuid:: QsMNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msNetworkPolicy,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: msNetworkPolicy
+adminDisplayName: msNetworkPolicy
+adminDescription: msNetworkPolicy
+governsId: 1.2.840.113556.1.5.168
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 1.2.840.113556.1.4.1131
+systemMayContain: 1.2.840.113556.1.4.1135
+systemMayContain: 1.2.840.113556.1.4.1134
+systemMayContain: 1.2.840.113556.1.4.1129
+systemMayContain: 1.2.840.113556.1.4.1126
+systemMayContain: 1.2.840.113556.1.4.977
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: 2pAM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=msNetworkPolicy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MHS-Server-Monitoring-Config,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: mHSServerMonitoringConfig
+adminDisplayName: MHS-Server-Monitoring-Config
+adminDescription: MHS-Server-Monitoring-Config
+governsId: 1.2.840.113556.1.3.7
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.6
+systemMayContain: 1.2.840.113556.1.2.58
+systemMayContain: 1.2.840.113556.1.2.162
+systemMayContain: 1.2.840.113556.1.2.60
+systemMayContain: 1.2.840.113556.1.2.59
+systemMayContain: 1.2.840.113556.1.2.161
+systemMayContain: 1.2.840.113556.1.2.160
+systemMayContain: 1.2.840.113556.1.2.163
+systemMayContain: 1.2.840.113556.1.2.166
+systemMayContain: 1.2.840.113556.1.2.177
+systemMayContain: 1.2.840.113556.1.2.164
+systemMayContain: 1.2.840.113556.1.2.165
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: vXTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MHS-Server-Monitoring-Config,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Cluster-Organizational-Unit,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: clusterOrganizationalUnit
+adminDisplayName: Cluster-Organizational-Unit
+adminDescription: Cluster-Organizational-Unit
+governsId: 1.2.840.113556.1.5.159
+objectClassCategory: 1
+rdnAttId: 2.5.4.11
+subClassOf: 2.5.6.5
+schemaIdGuid:: QcMNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Cluster-Organizational-Unit,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RAS-X400-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: rASX400Link
+adminDisplayName: RAS-X400-Link
+adminDescription: RAS-X400-Link
+governsId: 1.2.840.113556.1.3.34
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.29
+systemMayContain: 1.2.840.113556.1.2.78
+systemMayContain: 1.2.840.113556.1.2.313
+systemMayContain: 1.2.840.113556.1.2.314
+systemMayContain: 1.2.840.113556.1.2.315
+systemMayContain: 1.2.840.113556.1.2.276
+systemMayContain: 1.2.840.113556.1.2.193
+systemMayContain: 1.2.840.113556.1.2.202
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: 1HTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=RAS-X400-Link,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=X25-Stack,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: x25Stack
+adminDisplayName: X25-Stack
+adminDescription: X25-Stack
+governsId: 1.2.840.113556.1.3.27
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.18
+systemMustContain: 1.2.840.113556.1.2.321
+systemMayContain: 1.2.840.113556.1.2.372
+systemMayContain: 1.2.840.113556.1.2.318
+systemMayContain: 1.2.840.113556.1.2.316
+systemPossSuperiors: 1.2.840.113556.1.3.49
+systemPossSuperiors: 1.2.840.113556.1.3.30
+systemPossSuperiors: container
+schemaIdGuid:: 3nTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=X25-Stack,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Protocol-Cfg-NNTP-Server,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: protocolCfgNNTPServer
+adminDisplayName: Protocol-Cfg-NNTP-Server
+adminDescription: Protocol-Cfg-NNTP-Server
+governsId: 1.2.840.113556.1.3.74
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.72
+systemPossSuperiors: 1.2.840.113556.1.3.67
+schemaIdGuid:: y3TfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Protocol-Cfg-NNTP-Server,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Residential-Person,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: residentialPerson
+adminDisplayName: Residential-Person
+adminDescription: Residential-Person
+governsId: 2.5.6.10
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.6
+systemMayContain: 2.5.4.24
+systemMayContain: 2.5.4.12
+systemMayContain: 2.5.4.21
+systemMayContain: 2.5.4.22
+systemMayContain: 2.5.4.9
+systemMayContain: 2.5.4.8
+systemMayContain: 2.5.4.26
+systemMayContain: 2.5.4.28
+systemMayContain: 2.5.4.17
+systemMayContain: 2.5.4.16
+systemMayContain: 2.5.4.18
+systemMayContain: 2.5.4.19
+systemMayContain: 2.5.4.11
+systemMayContain: 2.5.4.7
+systemMayContain: 2.5.4.25
+systemMayContain: 2.5.4.23
+systemMayContain: 2.5.4.27
+systemMayContain: 2.5.4.15
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: 1nTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Residential-Person,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=TP4-Stack,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: tP4Stack
+adminDisplayName: TP4-Stack
+adminDescription: TP4-Stack
+governsId: 1.2.840.113556.1.3.25
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.18
+systemPossSuperiors: 1.2.840.113556.1.3.49
+systemPossSuperiors: 1.2.840.113556.1.3.30
+systemPossSuperiors: container
+schemaIdGuid:: 23TfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=TP4-Stack,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Configuration,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: mSMQConfiguration
+adminDisplayName: MSMQ-Configuration
+adminDescription: MSMQ-Configuration
+governsId: 1.2.840.113556.1.5.162
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.927
+systemMayContain: 1.2.840.113556.1.4.937
+systemMayContain: 1.2.840.113556.1.4.930
+systemMayContain: 1.2.840.113556.1.4.919
+systemMayContain: 1.2.840.113556.1.4.925
+systemMayContain: 1.2.840.113556.1.4.928
+systemMayContain: 1.2.840.113556.1.4.935
+systemMayContain: 1.2.840.113556.1.4.921
+systemMayContain: 1.2.840.113556.1.4.929
+systemMayContain: 1.2.840.113556.1.4.934
+systemMayContain: 1.2.840.113556.1.4.936
+systemMayContain: 1.2.840.113556.1.4.933
+systemPossSuperiors: 1.2.840.113556.1.3.30
+schemaIdGuid:: RMMNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Configuration,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Local-DXA,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: localDXA
+adminDisplayName: Local-DXA
+adminDescription: Local-DXA
+governsId: 1.2.840.113556.1.3.1
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemAuxiliaryClass: 1.2.840.113556.1.3.46
+systemMustContain: 1.2.840.113556.1.2.241
+systemMayContain: 1.2.840.113556.1.2.365
+systemMayContain: 1.2.840.113556.1.2.364
+systemMayContain: 1.2.840.113556.1.2.363
+systemMayContain: 1.2.840.113556.1.2.381
+systemMayContain: 1.2.840.113556.1.2.189
+systemPossSuperiors: 1.2.840.113556.1.3.30
+systemPossSuperiors: container
+schemaIdGuid:: tXTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Local-DXA,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=RAS-Stack,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: rASStack
+adminDisplayName: RAS-Stack
+adminDescription: RAS-Stack
+governsId: 1.2.840.113556.1.3.26
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.18
+systemMayContain: 1.2.840.113556.1.2.315
+systemMayContain: 1.2.840.113556.1.2.236
+systemPossSuperiors: 1.2.840.113556.1.3.49
+systemPossSuperiors: 1.2.840.113556.1.3.30
+systemPossSuperiors: container
+schemaIdGuid:: 03TfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=RAS-Stack,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Addr-Type,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: addrType
+adminDisplayName: Addr-Type
+adminDescription: Addr-Type
+governsId: 1.2.840.113556.1.3.57
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 1.2.840.113556.1.2.328
+systemMustContain: 1.2.840.113556.1.2.178
+systemMustContain: 2.5.4.3
+systemMayContain: 1.2.840.113556.1.2.523
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: q3TfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Addr-Type,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Organizational-Role,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: organizationalRole
+adminDisplayName: Organizational-Role
+adminDescription: Organizational-Role
+governsId: 2.5.6.8
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 2.5.4.3
+systemMayContain: 2.5.4.24
+systemMayContain: 2.5.4.21
+systemMayContain: 2.5.4.22
+systemMayContain: 2.5.4.20
+systemMayContain: 2.5.4.9
+systemMayContain: 2.5.4.8
+systemMayContain: 2.5.4.34
+systemMayContain: 2.5.4.33
+systemMayContain: 2.5.4.26
+systemMayContain: 2.5.4.28
+systemMayContain: 2.5.4.17
+systemMayContain: 2.5.4.16
+systemMayContain: 2.5.4.18
+systemMayContain: 2.5.4.19
+systemMayContain: 2.5.4.11
+systemMayContain: 2.5.4.7
+systemMayContain: 2.5.4.25
+systemMayContain: 2.5.4.23
+systemMayContain: 2.5.4.27
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: v3TfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Organizational-Role,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=X25-X400-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: x25X400Link
+adminDisplayName: X25-X400-Link
+adminDescription: X25-X400-Link
+governsId: 1.2.840.113556.1.3.35
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.29
+systemMayContain: 1.2.840.113556.1.2.373
+systemMayContain: 1.2.840.113556.1.2.319
+systemMayContain: 1.2.840.113556.1.2.318
+systemMayContain: 1.2.840.113556.1.2.317
+systemMayContain: 1.2.840.113556.1.2.316
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: 33TfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=X25-X400-Link,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msRADIUSDictionary,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: msRADIUSDictionary
+adminDisplayName: msRADIUSDictionary
+adminDescription: msRADIUSDictionary
+governsId: 1.2.840.113556.1.5.169
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 1.2.840.113556.1.4.1142
+systemMustContain: 1.2.840.113556.1.4.1141
+systemMayContain: 1.2.840.113556.1.4.1183
+systemMayContain: 1.2.840.113556.1.4.1143
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: 25AM2/LB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=msRADIUSDictionary,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Protocol-Cfg-POP-Site,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: protocolCfgPOPSite
+adminDisplayName: Protocol-Cfg-POP-Site
+adminDescription: Protocol-Cfg-POP-Site
+governsId: 1.2.840.113556.1.3.70
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.69
+systemPossSuperiors: 1.2.840.113556.1.3.66
+schemaIdGuid:: z3TfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Protocol-Cfg-POP-Site,CN=Schema,CN=Configuration,DC=X
+
+
+# Make the may-contains of subschema class non-constructed.
+
+dn: CN=Attribute-Types,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+delete: systemFlags
+systemFlags: 8000004
+-
+
+dn: CN=DIT-Content-Rules,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+delete: systemFlags
+systemFlags: 8000004
+-
+
+dn: CN=Extended-Attribute-Info,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+delete: systemFlags
+systemFlags: 8000004
+-
+
+dn: CN=Extended-Class-Info,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+delete: systemFlags
+systemFlags: 8000004
+-
+
+dn: CN=Modify-Time-Stamp,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+delete: systemFlags
+systemFlags: 8000004
+-
+
+dn: CN=Object-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+delete: systemFlags
+systemFlags: 8000004
+-
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=SubSchema,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: subSchema
+adminDisplayName: SubSchema
+adminDescription: SubSchema
+governsId: 2.5.20.1
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 2.5.21.6
+systemMayContain: 2.5.18.2
+systemMayContain: 1.2.840.113556.1.4.908
+systemMayContain: 1.2.840.113556.1.4.909
+systemMayContain: 2.5.21.2
+systemMayContain: 2.5.21.5
+systemPossSuperiors: 1.2.840.113556.1.3.9
+schemaIdGuid:: YTKLWo3D0RG7yQCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=SubSchema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Attribute-Types,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemFlags
+systemFlags: 8000004
+-
+
+dn: CN=DIT-Content-Rules,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemFlags
+systemFlags: 8000004
+-
+
+dn: CN=Extended-Attribute-Info,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemFlags
+systemFlags: 8000004
+-
+
+dn: CN=Extended-Class-Info,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemFlags
+systemFlags: 8000004
+-
+
+dn: CN=Modify-Time-Stamp,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemFlags
+systemFlags: 8000004
+-
+
+dn: CN=Object-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemFlags
+systemFlags: 8000004
+-
+
+dn: CN=DX-Requestor,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: dXRequestor
+adminDisplayName: DX-Requestor
+adminDescription: DX-Requestor
+governsId: 1.2.840.113556.1.3.19
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.2
+systemMayContain: 1.2.840.113556.1.2.73
+systemMayContain: 1.2.840.113556.1.2.213
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: rnTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=DX-Requestor,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=TP4-X400-Link,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: tP4X400Link
+adminDisplayName: TP4-X400-Link
+adminDescription: TP4-X400-Link
+governsId: 1.2.840.113556.1.3.33
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.29
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: 3HTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=TP4-X400-Link,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Queue,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: mSMQQueue
+adminDisplayName: MSMQ-Queue
+adminDescription: MSMQ-Queue
+governsId: 1.2.840.113556.1.5.161
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.926
+systemMayContain: 1.2.840.113556.1.4.919
+systemMayContain: 1.2.840.113556.1.4.917
+systemMayContain: 1.2.840.113556.1.4.924
+systemMayContain: 1.2.840.113556.1.4.925
+systemMayContain: 1.2.840.113556.1.4.922
+systemMayContain: 1.2.840.113556.1.4.921
+systemMayContain: 1.2.840.113556.1.4.918
+systemMayContain: 1.2.840.113556.1.4.920
+systemMayContain: 1.2.840.113556.1.4.923
+systemPossSuperiors: 1.2.840.113556.1.5.162
+schemaIdGuid:: Q8MNmgDB0RG7xQCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Queue,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Protocol-Cfg-LDAP-Site,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: protocolCfgLDAPSite
+adminDisplayName: Protocol-Cfg-LDAP-Site
+adminDescription: Protocol-Cfg-LDAP-Site
+governsId: 1.2.840.113556.1.3.76
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.75
+systemMayContain: 1.2.840.113556.1.2.510
+systemPossSuperiors: 1.2.840.113556.1.3.66
+schemaIdGuid:: yXTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Protocol-Cfg-LDAP-Site,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Protocol-Cfg-IMAP-Site,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: classSchema
+ldapDisplayName: protocolCfgIMAPSite
+adminDisplayName: Protocol-Cfg-IMAP-Site
+adminDescription: Protocol-Cfg-IMAP-Site
+governsId: 1.2.840.113556.1.3.86
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.84
+systemPossSuperiors: 1.2.840.113556.1.3.66
+schemaIdGuid:: xnTfqOrF0RG7ywCAx2ZwwA==
+hideFromAB: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Protocol-Cfg-IMAP-Site,CN=Schema,CN=Configuration,DC=X
+
+# Modifies
+
+dn: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemFlags
+systemFlags: 134217728
+-
+
+dn: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemFlags
+systemFlags: 134217728
+-
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1212
+-
+
+dn: CN=Group,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: mail
+-
+
+dn: CN=Contact,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: c
+-
+
+
+dn: CN=RID-Available-Pool,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: systemOnly
+systemOnly: FALSE
+-
+
+dn: CN=Activation-Schedule,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: rangeUpper
+rangeUpper: 84
+-
+add: rangeLower
+rangeLower: 84
+-
+
+
+dn: CN=Extension-Attribute-1,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: extensionAttribute1
+-
+
+dn: CN=Extension-Attribute-2,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: extensionAttribute2
+-
+
+dn: CN=Extension-Attribute-3,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: extensionAttribute3
+-
+
+dn: CN=Extension-Attribute-4,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: extensionAttribute4
+-
+
+dn: CN=Extension-Attribute-5,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: extensionAttribute5
+-
+
+dn: CN=Extension-Attribute-6,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: extensionAttribute6
+-
+
+dn: CN=Extension-Attribute-7,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: extensionAttribute7
+-
+
+dn: CN=Extension-Attribute-8,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: extensionAttribute8
+-
+
+dn: CN=Extension-Attribute-9,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: extensionAttribute9
+-
+
+dn: CN=Extension-Attribute-10,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: ldapDisplayName
+ldapDisplayName: extensionAttribute10
+-
+
+dn: CN=Common-Name,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: VAGN5Pi80RGHAgDAT7lgUA==
+-
+
+dn: CN=E-mail-Addresses,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: VAGN5Pi80RGHAgDAT7lgUA==
+-
+
+dn: CN=Manager,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: VAGN5Pi80RGHAgDAT7lgUA==
+-
+
+dn: CN=Description,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: VAGN5Pi80RGHAgDAT7lgUA==
+-
+
+dn: CN=Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: VAGN5Pi80RGHAgDAT7lgUA==
+-
+
+dn: CN=Attribute-Certificate,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: VAGN5Pi80RGHAgDAT7lgUA==
+-
+
+dn: CN=Comment,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: VAGN5Pi80RGHAgDAT7lgUA==
+-
+
+dn: CN=Proxied-Object-Name,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemFlags
+systemFlags: 2
+-
+
+dn: CN=Trust-Partner,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: searchFlags
+searchFlags: 1
+-
+
+dn: CN=User-Cert,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=User-SMIME-Certificate,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Department,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: VAGN5Pi80RGHAgDAT7lgUA==
+-
+
+dn: CN=User-Principal-Name,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: VAGN5Pi80RGHAgDAT7lgUA==
+-
+
+dn: CN=Company,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: VAGN5Pi80RGHAgDAT7lgUA==
+-
+
+dn: CN=Alternate-Security-Identities,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: VAGN5Pi80RGHAgDAT7lgUA==
+-
+
+dn: CN=Division,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: VAGN5Pi80RGHAgDAT7lgUA==
+-
+
+dn: CN=Display-Name-Printable,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: VAGN5Pi80RGHAgDAT7lgUA==
+-
+
+dn: CN=Alt-Security-Identities,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: VAGN5Pi80RGHAgDAT7lgUA==
+-
+
+dn: CN=Reports,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: attributeSecurityGuid
+attributeSecurityGuid:: VAGN5Pi80RGHAgDAT7lgUA==
+-
+
+dn: CN=Flat-Name,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: searchFlags
+searchFlags: 1
+-
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.290
+systemMayContain: 1.2.840.113556.1.2.291
+systemMayContain: 1.2.840.113556.1.2.292
+systemMayContain: 1.2.840.113556.1.2.293
+systemMayContain: 1.2.840.113556.1.2.339
+systemMayContain: 1.2.840.113556.1.2.340
+systemMayContain: 1.2.840.113556.1.2.341
+systemMayContain: 1.2.840.113556.1.2.342
+systemMayContain: 1.2.840.113556.1.2.469
+systemMayContain: 1.2.840.113556.1.4.618
+-
+
+dn: CN=Organizational-Person,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.25
+-
+
+dn: CN=ACS-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.897
+-
+
+dn: CN=Group-Of-Names,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.206
+systemMayContain: 1.2.840.113556.1.2.207
+systemMayContain: 1.2.840.113556.1.2.297
+systemMayContain: 1.2.840.113556.1.2.330
+systemMayContain: 1.2.840.113556.1.2.438
+-
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.947
+systemMayContain: 1.2.840.113556.1.4.948
+systemMayContain: 1.2.840.113556.1.4.1119
+systemMayContain: 1.2.840.113556.1.4.1124
+systemMayContain: 1.2.840.113556.1.4.1130
+systemMayContain: 1.2.840.113556.1.4.1145
+systemMayContain: 1.2.840.113556.1.4.1153
+systemMayContain: 1.2.840.113556.1.4.1158
+systemMayContain: 1.2.840.113556.1.4.1189
+systemMayContain: 1.2.840.113556.1.4.1190
+systemMayContain: 1.2.840.113556.1.4.1191
+-
+
+dn: CN=ACS-Subnet,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.898
+systemMayContain: 1.2.840.113556.1.4.899
+systemMayContain: 1.2.840.113556.1.4.900
+systemMayContain: 1.2.840.113556.1.4.901
+systemMayContain: 1.2.840.113556.1.4.902
+-
+
+dn: CN=Application-Entity,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMustContain
+systemMustContain: 2.5.4.29
+-
+
+dn: CN=Certification-Authority,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.562
+systemMayContain: 1.2.840.113556.1.2.563
+systemMayContain: 1.2.840.113556.1.2.564
+systemMayContain: 1.2.840.113556.1.2.565
+systemMayContain: 1.2.840.113556.1.2.566
+systemMayContain: 1.2.840.113556.1.2.567
+-
+
+dn: CN=Server,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.452
+systemMayContain: 1.2.840.113556.1.4.515
+systemMayContain: 2.5.4.5
+-
+
+dn: CN=Mailbox,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.79
+systemMayContain: 1.2.840.113556.1.2.444
+systemMayContain: 1.2.840.113556.1.2.596
+systemMayContain: 1.2.840.113556.1.2.607
+systemMayContain: 1.2.840.113556.1.2.608
+systemMayContain: 1.2.840.113556.1.2.609
+systemMayContain: 1.2.840.113556.1.2.610
+systemMayContain: 1.2.840.113556.1.2.611
+systemMayContain: 1.2.840.113556.1.2.612
+systemMayContain: 1.2.840.113556.1.2.613
+systemMayContain: 1.2.840.113556.1.4.1213
+-
+
+dn: CN=Container,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemPossSuperiors
+systemPossSuperiors: 1.2.840.113556.1.5.17
+systemPossSuperiors: 1.2.840.113556.1.5.161
+-
+
+dn: CN=Print-Queue,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.141
+systemMayContain: 1.2.840.113556.1.4.223
+systemMayContain: 1.2.840.113556.1.4.300
+-
+add: systemMustContain
+systemMustContain: 1.2.840.113556.1.4.141
+systemMustContain: 1.2.840.113556.1.4.223
+systemMustContain: 1.2.840.113556.1.4.300
+systemMustContain: 1.2.840.113556.1.4.1209
+-
+
+dn: CN=Group-Policy-Container,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: defaultHidingValue
+defaultHidingValue: TRUE
+-
+
+dn: CN=Site,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.953
+-
+
+dn: CN=Mail-Recipient,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.47
+systemMayContain: 1.2.840.113556.1.2.144
+systemMayContain: 1.2.840.113556.1.2.221
+systemMayContain: 0.9.2342.19200300.100.1.2
+systemMayContain: 1.2.840.113556.1.2.129
+-
+
+dn: CN=Remote-Address,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.79
+systemMayContain: 1.2.840.113556.1.2.444
+systemMayContain: 1.2.840.113556.1.2.596
+systemMayContain: 1.2.840.113556.1.2.609
+systemMayContain: 1.2.840.113556.1.2.610
+systemMayContain: 1.2.840.113556.1.2.611
+systemMayContain: 1.2.840.113556.1.2.612
+systemMayContain: 1.2.840.113556.1.2.613
+systemMayContain: 1.2.840.113556.1.4.1213
+-
+
+dn: CN=When-Created,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: omSyntax
+omSyntax: 24
+-
+
+dn: CN=When-Changed,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: omSyntax
+omSyntax: 24
+-
+
+dn: CN=Schema-Update,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: omSyntax
+omSyntax: 24
+-
+
+dn: CN=Schema-Update-Now,CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: omSyntax
+omSyntax: 24
+-
+
+
+
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=Aggregate,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: subschema
+
+
+dn: CN=User-Change-Password,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: modify
+add: appliesTo
+appliesTo: bf967a86-0de6-11d0-a285-00aa003049e2
+-
+replace: displayName
+displayName: Change Password
+-
+
+dn: CN=Send-As,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: modify
+add: appliesTo
+appliesTo: bf967a86-0de6-11d0-a285-00aa003049e2
+-
+
+dn: CN=Receive-As,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: modify
+add: appliesTo
+appliesTo: bf967a86-0de6-11d0-a285-00aa003049e2
+-
+
+dn: CN=Email-Information,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: modify
+add: appliesTo
+appliesTo: bf967a9c-0de6-11d0-a285-00aa003049e2
+-
+
+dn: CN=Personal-Information,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: modify
+add: appliesTo
+appliesTo: 5cb41ed0-0e4c-11d0-a286-00aa003049e2
+-
+
+dn: CN=Web-Information,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: modify
+add: appliesTo
+appliesTo: 5cb41ed0-0e4c-11d0-a286-00aa003049e2
+-
+
+dn: CN=Public-Information,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: add
+objectClass: controlAccessRight
+appliesTo: bf967aba-0de6-11d0-a285-00aa003049e2
+appliesTo: bf967a86-0de6-11d0-a285-00aa003049e2
+displayName: Public Information
+rightsGUID: e48d0154-bcf8-11d1-8702-00c04fb96050
+hideFromAB: TRUE
+
+dn: CN=RRAS,CN=Services,CN=Configuration,DC=X
+changetype: add
+objectClass: container
+hideFromAb: TRUE
+
+dn: CN=Radius,CN=Services,CN=Configuration,DC=X
+changetype: add
+objectClass: container
+hideFromAb: TRUE
+
+dn: CN=EAPEntries,CN=Services,CN=Configuration,DC=X
+changetype: add
+objectClass: container
+hideFromAb: TRUE
+
+dn: CN=IdentityDictionary,CN=RRAS,CN=Services,CN=Configuration,DC=X
+changetype: add
+objectClass: rRASAdministrationDictionary
+hideFromAb: TRUE
+msRRASVendorAttributeEntry: 311:0:8:RIP (version 1 or 2)
+msRRASVendorAttributeEntry: 311:0:13:OSPF
+msRRASVendorAttributeEntry: 311:1:10:IGMP Only
+msRRASVendorAttributeEntry: 311::5:1:IPX RIP
+msRRASVendorAttributeEntry: 311:5:2:IPX SAP
+msRRASVendorAttributeEntry: 311:6:501:IP Forwarding Enabled
+msRRASVendorAttributeEntry: 311:6:502:IPX Forwarding Enabled
+msRRASVendorAttributeEntry: 311:6:503:AppleTalk Forwarding Enabled
+msRRASVendorAttributeEntry: 311:6:601:LAN-to- LAN Router
+msRRASVendorAttributeEntry: 311:6:602:Remote Access Server
+msRRASVendorAttributeEntry: 311:6:603:Demand Dial Router
+msRRASVendorAttributeEntry: 311:6:604:Network Address and Port Translation
+msRRASVendorAttributeEntry: 311:6:701:Point-to-Point Tunneling Protocol
+msRRASVendorAttributeEntry: 311:6:702:Layer 2 Tunneling Protocol
+msRRASVendorAttributeEntry: 311:6:703:Frame Relay
+msRRASVendorAttributeEntry: 311:6:704:ATM
+msRRASVendorAttributeEntry: 311:6:705:ISDN
+msRRASVendorAttributeEntry: 311:6:706:Modem
+msRRASVendorAttributeEntry: 311:6:707:SONET
+msRRASVendorAttributeEntry: 311:6:708:Switched 56
+msRRASVendorAttributeEntry: 311:6:709:IrDA
+msRRASVendorAttributeEntry: 311:6:710:X.25
+msRRASVendorAttributeEntry: 311:6:711:Generic WAN
+msRRASVendorAttributeEntry: 311:6:712:Generic LAN
+msRRASVendorAttributeEntry: 311:6:713:Point to point serial connection
+msRRASVendorAttributeEntry: 311:6:714:Point to point parallel connection
+msRRASVendorAttributeEntry: 311:6:801:NT Domain Authentication
+msRRASVendorAttributeEntry: 311:6:802:RADIUS Authentication
+msRRASVendorAttributeEntry: 311:6:803:RADIUS Accouting
+
+dn: CN=RadiusProfiles,CN=Radius,CN=Services,CN=Configuration,DC=X
+changetype: add
+objectClass: container
+hideFromAB: TRUE
+
+dn: CN=NetworkPolicy,CN=Radius,CN=Services,CN=Configuration,DC=X
+changetype: add
+objectClass: container
+hideFromAB: TRUE
+
+dn: CN=Dictionary,CN=Radius,CN=Services,CN=Configuration,DC=X
+changetype: add
+objectClass: container
+hideFromAB: TRUE
+
+dn: CN=Vendors,CN=Radius,CN=Services,CN=Configuration,DC=X
+changetype: add
+objectClass: container
+hideFromAB: TRUE
+
+dn: CN=MD5 Challenge,CN=EAPEntries,CN=Services,CN=Configuration,DC=X
+changetype: add
+objectClass: EAP
+msRADIUSEapTypeID: 4
+msRADIUSEapKeyFlag: TRUE
+hideFromAB: TRUE
+
+dn: CN=Transport Layer Security,CN=EAPEntries,CN=Services,CN=Configuration,DC=X
+changetype: add
+objectClass: EAP
+msRADIUSEapTypeID: 13
+msRADIUSEapKeyFlag: TRUE
+hideFromAB: TRUE
+
+dn: CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=X
+changetype: modify
+delete: lDAPAdminLimits
+lDAPAdminLimits: MaxDatagramRecv=4096
+-
+add: lDAPAdminLimits
+lDAPAdminLimits: MaxDatagramRecv=1024
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: objectVersion
+objectVersion: 4
+-
+
+```
+
+### Sch5.ldf
+
+```
+Does not exist
+```
+
+### Sch6.ldf
+
+```
+dn: CN=Hide-From-Address-Book,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModRdn
+newrdn: Show-In-Advanced-View-Only
+deleteoldrdn: 1
+
+dn: CN=Show-In-Advanced-View-Only,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: adminDisplayName
+adminDisplayName: Show-In-Advanced-View-Only
+-
+replace: adminDescription
+adminDescription: Show-In-Advanced-View-Only
+-
+replace: ldapDisplayName
+ldapDisplayName: showInAdvancedViewOnly
+-
+
+dn: CN=Creation-Time,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: ldapDisplayName
+ldapDisplayName: creationTime
+-
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=Create-Time-Stamp,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+lDAPDisplayName: createTimeStamp
+adminDescription: Create-Time-Stamp
+adminDisplayName: Create-Time-Stamp
+attributeID: 2.5.18.1
+attributeSyntax: 2.5.5.11
+oMSyntax: 24
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+schemaIDGUID:: cw35LZ8A0hGqTADAT9fYOg==
+systemFlags: 134217732
+showInAdvancedViewOnly: TRUE
+
+
+
+dn: CN=msCiscoAV,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msCiscoAV
+adminDisplayName: msCiscoAV
+adminDescription: msCiscoAV
+attributeId: 1.2.840.113556.1.4.1230
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: eg35LZ8A0hGqTADAT9fYOg==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=Parent-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: parentGUID
+adminDisplayName: Parent-GUID
+adminDescription: Parent-GUID
+attributeId: 1.2.840.113556.1.4.1224
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+schemaIdGuid:: dA35LZ8A0hGqTADAT9fYOg==
+systemFlags: 134217732
+showInAdvancedViewOnly: TRUE
+
+dn: CN=msNPAction,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msNPAction
+adminDisplayName: msNPAction
+adminDescription: msNPAction
+attributeId: 1.2.840.113556.1.4.1234
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: fg35LZ8A0hGqTADAT9fYOg==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=msRASFilter,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msRASFilter
+adminDisplayName: msRASFilter
+adminDescription: msRASFilter
+attributeId: 1.2.840.113556.1.4.1229
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: eQ35LZ8A0hGqTADAT9fYOg==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=MSMQ-Ds-Service,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mSMQDsService
+adminDisplayName: MSMQ-Ds-Service
+adminDescription: MSMQ-Ds-Service
+attributeId: 1.2.840.113556.1.4.1238
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: gg35LZ8A0hGqTADAT9fYOg==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=Netboot-SIF-File,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: netbootSIFFile
+adminDisplayName: Netboot-SIF-File
+adminDescription: Netboot-SIF-File
+attributeId: 1.2.840.113556.1.4.1240
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: hA35LZ8A0hGqTADAT9fYOg==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=MSMQ-Ds-Services,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mSMQDsServices
+adminDisplayName: MSMQ-Ds-Services
+adminDescription: MSMQ-Ds-Services
+attributeId: 1.2.840.113556.1.4.1228
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: eA35LZ8A0hGqTADAT9fYOg==
+isMemberOfPartialAttributeSet: TRUE
+showInAdvancedViewOnly: TRUE
+
+dn: CN=MSMQ-Queue-Name-Ext,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mSMQQueueNameExt
+adminDisplayName: MSMQ-Queue-Name-Ext
+adminDescription: MSMQ-Queue-Name-Ext
+attributeId: 1.2.840.113556.1.4.1243
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 92
+schemaIdGuid:: hw35LZ8A0hGqTADAT9fYOg==
+isMemberOfPartialAttributeSet: TRUE
+showInAdvancedViewOnly: TRUE
+
+dn: CN=DN-Reference-Update,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: dNReferenceUpdate
+adminDisplayName: DN-Reference-Update
+adminDescription: DN-Reference-Update
+attributeId: 1.2.840.113556.1.4.1242
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: hg35LZ8A0hGqTADAT9fYOg==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=MSMQ-Prev-Site-Gates,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mSMQPrevSiteGates
+adminDisplayName: MSMQ-Prev-Site-Gates
+adminDescription: MSMQ-Prev-Site-Gates
+attributeId: 1.2.840.113556.1.4.1225
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: dQ35LZ8A0hGqTADAT9fYOg==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=MSMQ-Routing-Service,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mSMQRoutingService
+adminDisplayName: MSMQ-Routing-Service
+adminDescription: MSMQ-Routing-Service
+attributeId: 1.2.840.113556.1.4.1237
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: gQ35LZ8A0hGqTADAT9fYOg==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=MSMQ-Routing-Services,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mSMQRoutingServices
+adminDisplayName: MSMQ-Routing-Services
+adminDescription: MSMQ-Routing-Services
+attributeId: 1.2.840.113556.1.4.1227
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: dw35LZ8A0hGqTADAT9fYOg==
+isMemberOfPartialAttributeSet: TRUE
+showInAdvancedViewOnly: TRUE
+
+dn: CN=msRADIUSReplyMessage,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSReplyMessage
+adminDisplayName: msRADIUSReplyMessage
+adminDescription: msRADIUSReplyMessage
+attributeId: 1.2.840.113556.1.4.1235
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: fw35LZ8A0hGqTADAT9fYOg==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=Netboot-Mirror-Data-File,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: netbootMirrorDataFile
+adminDisplayName: Netboot-Mirror-Data-File
+adminDescription: Netboot-Mirror-Data-File
+attributeId: 1.2.840.113556.1.4.1241
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: hQ35LZ8A0hGqTADAT9fYOg==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=msNPOverrideUserDialin,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msNPOverrideUserDialin
+adminDisplayName: msNPOverrideUserDialin
+adminDescription: msNPOverrideUserDialin
+attributeId: 1.2.840.113556.1.4.1233
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: fQ35LZ8A0hGqTADAT9fYOg==
+showInAdvancedViewOnly: TRUE
+
+
+dn: CN=msNPAuthenticationType2,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msNPAuthenticationType2
+adminDisplayName: msNPAuthenticationType2
+adminDescription: msNPAuthenticationType2
+attributeId: 1.2.840.113556.1.4.1236
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: gA35LZ8A0hGqTADAT9fYOg==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=MSMQ-Dependent-Client-Service,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mSMQDependentClientService
+adminDisplayName: MSMQ-Dependent-Client-Service
+adminDescription: MSMQ-Dependent-Client-Service
+attributeId: 1.2.840.113556.1.4.1239
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: gw35LZ8A0hGqTADAT9fYOg==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=msRADIUSRasServerGroupGUID,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSRasServerGroupGUID
+adminDisplayName: msRADIUSRasServerGroupGUID
+adminDescription: msRADIUSRasServerGroupGUID
+attributeId: 1.2.840.113556.1.4.1231
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: ew35LZ8A0hGqTADAT9fYOg==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=MSMQ-Dependent-Client-Services,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mSMQDependentClientServices
+adminDisplayName: MSMQ-Dependent-Client-Services
+adminDescription: MSMQ-Dependent-Client-Services
+attributeId: 1.2.840.113556.1.4.1226
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: dg35LZ8A0hGqTADAT9fYOg==
+isMemberOfPartialAttributeSet: TRUE
+showInAdvancedViewOnly: TRUE
+
+dn: CN=msRADIUSRasServerSetupFlags,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msRADIUSRasServerSetupFlags
+adminDisplayName: msRADIUSRasServerSetupFlags
+adminDescription: msRADIUSRasServerSetupFlags
+attributeId: 1.2.840.113556.1.4.1232
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: fA35LZ8A0hGqTADAT9fYOg==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=Address-Book-Roots,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: addressBookRoots
+adminDisplayName: Address-Book-Roots
+adminDescription: Address-Book-Roots
+attributeId: 1.2.840.113556.1.4.1244
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: SG4L9/QG0hGqUwDAT9fYOg==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=Global-Address-List,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: globalAddressList
+adminDisplayName: Global-Address-List
+adminDescription: Global-Address-List
+attributeId: 1.2.840.113556.1.4.1245
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: SMdU9/QG0hGqUwDAT9fYOg==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=Infrastructure-Update,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: infrastructureUpdate
+adminDisplayName: Infrastructure-Update
+adminDescription: Infrastructure-Update
+governsId: 1.2.840.113556.1.5.175
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.1242
+systemPossSuperiors: 1.2.840.113556.1.5.175
+systemPossSuperiors: 1.2.840.113556.1.5.66
+schemaIdGuid:: iQ35LZ8A0hGqTADAT9fYOg==
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,DC=X
+showInAdvancedViewOnly: TRUE
+
+dn: CN=msRADIUSConfigSettings,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msRADIUSConfigSettings
+adminDisplayName: msRADIUSConfigSettings
+adminDescription: msRADIUSConfigSettings
+governsId: 1.2.840.113556.1.5.174
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.1232
+systemMayContain: 1.2.840.113556.1.4.1231
+systemMayContain: 1.2.840.113556.1.4.1233
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: iA35LZ8A0hGqTADAT9fYOg==
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=msRADIUSConfigSettings,CN=Schema,CN=Configuration,DC=X
+showInAdvancedViewOnly: TRUE
+
+dn: CN=msExch-Configuration-Container,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msExchConfigurationContainer
+adminDisplayName: msExch-Configuration-Container
+adminDescription: msExch-Configuration-Container
+governsId: 1.2.840.113556.1.5.176
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.23
+systemMayContain: 1.2.840.113556.1.4.1244
+systemMayContain: 1.2.840.113556.1.4.1245
+schemaIdGuid:: WGg90PQG0hGqUwDAT9fYOg==
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=msExch-Configuration-Container,CN=Schema,CN=Configuration,DC=X
+
+
+dn: CN=Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: rangeLower
+rangeLower: 0
+-
+replace: attributeSecurityGUID
+attributeSecurityGUID:: Qi+6WaJ50BGQIADAT8LTzw==
+-
+
+dn: CN=MSMQ-Site-Gates,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: oMObjectClass
+oMObjectClass:: KwwCh3McAIVK
+-
+
+dn: CN=Group-Policy-Container,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCRCWOWDSDSW;;;DA)(A;;RPWPCRCCDCLCRCWOWDSDSW;;;SY)(A;;RPLCRC;;;AU)(OA;;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)S:(AU;SAFA;WDWOSDWPCRCCDCSW;;;WD)
+-
+
+dn: CN=Dns-Zone,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;ED)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;CC;;;AU)(A;;RPLCLORC;;;WD)S:(AU;SAFA;WDWOSDDTWPCRCCDCSW;;;WD)
+-
+
+dn: CN=Dns-Node,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;ED)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLORC;;;WD)S:(AU;SAFA;WDWOSDDTWPCRCCDCSW;;;WD)
+-
+
+dn: CN=Sam-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:(A;;RP;;;WD)(OA;;RPWPCR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;RPWPCR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;RPWPCR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;RPWPCR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;RPWPCR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;RPWPCR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCRC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CIOI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDSW;;;SY)S:(AU;SAFA;WDWOSDWPCRCCDCSW;;;WD)
+-
+
+dn: CN=Domain-DNS,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:(A;;RP;;;WD)(OA;;RPWPCR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;RPWPCR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;RPWPCR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;RPWPCR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;RPWPCR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;RPWPCR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCRC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;CIOI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDSW;;;SY)S:(AU;SAFA;WDWOSDWPCRCCDCSW;;;WD)
+-
+
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 2.5.18.1
+systemMayContain: 2.5.18.2
+-
+
+dn: CN=RID-Set,CN=Schema,CN=configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemPossSuperiors
+systemPossSuperiors: User
+-
+
+dn: CN=NTFRS-Subscriptions,CN=Schema,CN=configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemPossSuperiors
+systemPossSuperiors: User
+-
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1171
+-
+
+dn: CN=Contact,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemAuxiliaryClass
+systemAuxiliaryClass: 1.2.840.113556.1.3.46
+-
+
+dn: CN=Intellimirror-Group,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultHidingValue
+defaultHidingValue: FALSE
+-
+
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1240
+systemMayContain: 1.2.840.113556.1.4.1241
+-
+
+dn: CN=MSMQ-Queue,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1243
+-
+
+dn: CN=MSMQ-Configuration,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1226
+systemMayContain: 1.2.840.113556.1.4.1227
+systemMayContain: 1.2.840.113556.1.4.1228
+-
+
+dn: CN=MSMQ-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1237
+systemMayContain: 1.2.840.113556.1.4.1238
+systemMayContain: 1.2.840.113556.1.4.1239
+-
+
+dn: CN=msRADIUSProfile,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1229
+systemMayContain: 1.2.840.113556.1.4.1230
+systemMayContain: 1.2.840.113556.1.4.1233
+systemMayContain: 1.2.840.113556.1.4.1235
+systemMayContain: 1.2.840.113556.1.4.1236
+-
+
+dn: CN=msNetworkPolicy,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1234
+-
+
+dn: CN=Postal-Address,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: mAPIID
+mAPIID: 33036
+-
+
+dn: CN=Company,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: mAPIID
+mAPIID: 14870
+-
+
+dn: CN=Telephone-Number,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: mAPIID
+mAPIID: 14856
+-
+
+dn: CN=Phone-Pager-Other,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: mAPIID
+mAPIID: 35950
+-
+
+# Delete Owner's and owner-BL's mapiid before adding the same
+# to Managed-By and Managed-Objects.
+
+dn: CN=Owner,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: mAPIID
+-
+
+dn: CN=Owner-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: mAPIID
+-
+
+dn: CN=Managed-By,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mAPIID
+mAPIID: 32780
+-
+
+dn: CN=Managed-Objects,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mAPIID
+mAPIID: 32804
+-
+
+dn: CN=Auth-Orig,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: mAPIID
+-
+
+dn: CN=Unauth-Orig,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: mAPIID
+-
+
+dn: CN=DL-Mem-Submit-Perms,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: mAPIID
+-
+
+dn: CN=DL-Mem-Reject-Perms,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: mAPIID
+-
+
+dn: CN=Presentation-Address,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: mAPIID
+-
+
+dn: CN=Additional-Information,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: mAPIID
+-
+
+dn: CN=Tagged-X509-Cert,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: mAPIID
+-
+
+dn: CN=Show-In-Address-Book,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGuid:: VAGN5Pi80RGHAgDAT7lgUA==
+-
+
+dn: CN=Legacy-Exchange-DN,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGuid:: VAGN5Pi80RGHAgDAT7lgUA==
+-
+
+dn: CN=msNPAllowDialin,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+-
+
+dn: CN=msNPCallingStationId,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+-
+
+dn: CN=msNPConstraint,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+-
+
+dn: CN=msRADIUSCallbackNumber,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+-
+
+dn: CN=msRADIUSFramedIPAddress,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+-
+
+dn: CN=msRADIUSFramedRoute,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+-
+
+dn: CN=msRADIUSServiceType,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGUID:: +IhwA+EK0hG0IgCgyWj5OQ==
+-
+
+dn: CN=Obj-Dist-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+-
+
+dn: CN=Object-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+-
+
+dn: CN=System-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+-
+
+dn: CN=Allowed-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+-
+
+dn: CN=Allowed-Attributes-Effective,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+-
+
+dn: CN=Allowed-Child-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+-
+
+dn: CN=Allowed-Child-Classes-Effective,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+-
+
+dn: CN=COM-ClassID,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: rangeLower
+-
+delete: rangeUpper
+-
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+
+# New Extended right add
+
+dn: CN=Apply-Group-Policy,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+showInAdvancedViewOnly: TRUE
+rightsGUID: edacfd8f-ffb3-11d1-b41d-00a0c968f939
+displayName: Apply Group Policy
+appliesTo: f30e3bc2-9ff0-11d1-b603-0000f80367c1
+
+dn: CN=RAS-Information,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+showInAdvancedViewOnly: TRUE
+appliesTo: bf967aba-0de6-11d0-a285-00aa003049e2
+displayName: Remote Access Information
+rightsGUID: 037088f8-0ae1-11d2-b422-00a0c968f939
+
+# Modify exisiting Extended right
+
+# Modrdns in config container require FLAG_CONFIG_ALLOW_RENAME
+# For all such renames, we will set the flag, rename, and then
+# delete the flag. Currently, none of the objects modified here
+# has the flag set. The flag is 0x40000000, we set the decimal
+
+dn: CN=msmq-Open-Conector,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemFlags
+systemFlags: 1073741824
+-
+
+dn: CN=msmq-Open-Conector,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModRdn
+newrdn: msmq-Open-Connector
+deleteoldrdn: 1
+
+dn: CN=msmq-Open-Connector,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemFlags
+-
+
+# Display Specifier Changes
+
+dn: CN=user-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: attributeDisplayNames
+attributeDisplayNames: userFullName,User Full Name
+-
+add: attributeDisplayNames
+attributeDisplayNames: displayName,Display Name
+-
+
+dn: CN=user-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminContextMenu
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+-
+delete: adminContextMenu
+adminContextMenu: 2,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+-
+delete: adminPropertyPages
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+-
+
+dn: CN=group-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminContextMenu
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+-
+
+dn: CN=domainDNS-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminContextMenu
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+-
+
+dn: CN=contact-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminContextMenu
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+-
+
+dn: CN=domainPolicy-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminContextMenu
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+-
+
+dn: CN=localPolicy-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminContextMenu
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+-
+
+dn: CN=serviceAdministrationPoint-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminContextMenu
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+-
+
+dn: CN=computer-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminContextMenu
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+-
+
+dn: CN=printQueue-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminContextMenu
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+-
+
+dn: CN=site-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminContextMenu
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+-
+
+dn: CN=server-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminContextMenu
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+-
+
+dn: CN=nTDSSettings-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminContextMenu
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+-
+
+dn: CN=nTDSDSA-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminContextMenu
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+-
+
+dn: CN=nTDSConnection-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminContextMenu
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+-
+
+dn: CN=nTFRSSettings-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminContextMenu
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+-
+
+dn: CN=nTFRSReplicaSet-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminContextMenu
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+-
+
+dn: CN=subnet-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminContextMenu
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+-
+
+dn: CN=siteLink-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminContextMenu
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+-
+
+dn: CN=siteLinkBridge-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminContextMenu
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+-
+
+dn: CN=interSiteTransport-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminContextMenu
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+-
+
+dn: CN=licensingSiteSettings-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminContextMenu
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+-
+
+dn: CN=nTDSSiteSettings-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminContextMenu
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+-
+
+dn: CN=nTFRSMember-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminContextMenu
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+-
+
+dn: CN=nTFRSSubscriber-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminContextMenu
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+-
+
+dn: CN=nTFRSSubscriptions-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminContextMenu
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+-
+
+dn: CN=organizationalUnit-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminContextMenu
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+-
+
+dn: CN=container-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminContextMenu
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+-
+
+dn: CN=rpcContainer-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminContextMenu
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+-
+
+dn: CN=trustedDomain-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminContextMenu
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+-
+
+dn: CN=volume-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminContextMenu
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+-
+
+dn: CN=sitesContainer-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminContextMenu
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+-
+
+dn: CN=interSiteTransportContainer-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminContextMenu
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+-
+
+dn: CN=subnetContainer-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminContextMenu
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+-
+
+dn: CN=serversContainer-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminContextMenu
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+-
+
+dn: CN=nTDSService-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminContextMenu
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+-
+
+dn: CN=queryPolicy-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminContextMenu
+adminContextMenu: 0,{6971d64e-f335-11d0-b0bc-00c04fd8dca6}
+-
+
+dn: CN=mSMQQueue-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: creationWizard
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+-
+
+dn: CN=mSMQSiteLink-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: creationWizard
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+-
+
+dn: CN=remoteStorageServicePoint-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: classDisplayName
+classDisplayName: Remote Storage Service
+-
+delete: adminContextMenu
+adminContextMenu: 0,&Manage ...,RsAdmin.msc
+-
+add: adminContextMenu
+adminContextMenu: 0,&Manage...,RsAdmin.msc
+-
+
+dn: CN=foreignSecurityPrincipal-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: displaySpecifier
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+classDisplayName: Foreign Security Principal
+attributeDisplayNames: cn,Name
+attributeDisplayNames: description,Description
+showInAdvancedViewOnly: TRUE
+
+dn: CN=Settings,CN=Radius,CN=Services,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: container
+showInAdvancedViewOnly: TRUE
+
+
+# name change for well-known-security-principals
+
+dn: CN=CreatorOwner,CN=WellKnown Security Principals,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemFlags
+systemFlags: 1073741824
+-
+
+dn: CN=CreatorOwner,CN=WellKnown Security Principals,CN=Configuration,DC=X
+changetype: ntdsSchemaModRdn
+newrdn: Creator Owner
+deleteoldrdn: 1
+
+dn: CN=Creator Owner,CN=WellKnown Security Principals,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemFlags
+-
+
+dn: CN=CreatorGroup,CN=WellKnown Security Principals,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemFlags
+systemFlags: 1073741824
+-
+
+dn: CN=CreatorGroup,CN=WellKnown Security Principals,CN=Configuration,DC=X
+changetype: ntdsSchemaModRdn
+newrdn: Creator Group
+deleteoldrdn: 1
+
+dn: CN=Creator Group,CN=WellKnown Security Principals,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemFlags
+-
+
+dn: CN=PrincipalSelf,CN=WellKnown Security Principals,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemFlags
+systemFlags: 1073741824
+-
+
+dn: CN=PrincipalSelf,CN=WellKnown Security Principals,CN=Configuration,DC=X
+changetype: ntdsSchemaModRdn
+newrdn: Principal Self
+deleteoldrdn: 1
+
+dn: CN=Principal Self,CN=WellKnown Security Principals,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemFlags
+-
+
+dn: CN=AuthenticatedUser,CN=WellKnown Security Principals,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemFlags
+systemFlags: 1073741824
+-
+
+dn: CN=AuthenticatedUser,CN=WellKnown Security Principals,CN=Configuration,DC=X
+changetype: ntdsSchemaModRdn
+newrdn: Authenticated User
+deleteoldrdn: 1
+
+dn: CN=Authenticated User,CN=WellKnown Security Principals,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemFlags
+-
+
+
+# Update schema version
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: modify
+replace: objectVersion
+objectVersion: 6
+-
+
+```
+
+### Sch7.ldf
+
+```
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.606
+-
+
+dn: CN=Proxied-Object-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModRdn
+newrdn: Proxied-Object-Name-Unused
+deleteoldrdn: 1
+
+dn: CN=Proxied-Object-Name-Unused,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: adminDisplayName
+adminDisplayName: Proxied-Object-Name-Unused
+-
+replace: adminDescription
+adminDescription: Proxied-Object-Name-Unused
+-
+replace: ldapDisplayName
+ldapDisplayName: proxiedObjectNameUnused
+-
+replace: schemaIdGuid
+schemaIdGuid:: X55550su0hG6vZjY/cfjDw==
+-
+
+dn: CN=Proxied-Object-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: proxiedObjectName
+adminDisplayName: Proxied-Object-Name
+adminDescription: Proxied-Object-Name
+attributeId: 1.2.840.113556.1.4.1249
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+schemaIdGuid:: AqSu4VvN0BGv/wAA+ANnwQ==
+showInAdvancedViewOnly: TRUE
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: 2
+
+dn: CN=Proxied-Object-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: omObjectClass
+omObjectClass:: KoZIhvcUAQEBCw==
+-
+
+dn: CN=Inter-Site-Topology-Renew,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: interSiteTopologyRenew
+adminDisplayName: Inter-Site-Topology-Renew
+adminDescription: Inter-Site-Topology-Renew
+attributeId: 1.2.840.113556.1.4.1247
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: X57Gt8cs0hGFTgCgyYP2CA==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=Inter-Site-Topology-Failover,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: interSiteTopologyFailover
+adminDisplayName: Inter-Site-Topology-Failover
+adminDescription: Inter-Site-Topology-Failover
+attributeId: 1.2.840.113556.1.4.1248
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: YJ7Gt8cs0hGFTgCgyYP2CA==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=Inter-Site-Topology-Generator,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: interSiteTopologyGenerator
+adminDisplayName: Inter-Site-Topology-Generator
+adminDescription: Inter-Site-Topology-Generator
+attributeId: 1.2.840.113556.1.4.1246
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: Xp7Gt8cs0hGFTgCgyYP2CA==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=Token-Groups,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: tokenGroups
+adminDisplayName: Token-Groups
+adminDescription: Token-Groups
+attributeId: 1.2.840.113556.1.4.1301
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: bZ7Gt8cs0hGFTgCgyYP2CA==
+attributeSecurityGuid:: ksMPBN8z0hGYsgAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 134217732
+
+dn: CN=Token-Groups-No-GC-Acceptable,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: tokenGroupsNoGCAcceptable
+adminDisplayName: Token-Groups-No-GC-Acceptable
+adminDescription: Token-Groups-No-GC-Acceptable
+attributeId: 1.2.840.113556.1.4.1303
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: ksMPBN8z0hGYsgAA+HpX1A==
+attributeSecurityGuid:: ksMPBN8z0hGYsgAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 134217732
+
+dn: CN=SD-Rights-Effective,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: sDRightsEffective
+adminDisplayName: SD-Rights-Effective
+adminDescription: SD-Rights-Effective
+attributeId: 1.2.840.113556.1.4.1304
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: pq/bw98z0hGYsgAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 134217732
+
+dn: CN=Parent-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 134217732
+-
+
+dn: CN=DN-Reference-Update,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 8
+-
+
+dn: CN=Sub-Class-Of,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 8
+-
+
+dn: CN=Object-Class,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 8
+-
+
+dn: CN=Instance-Type,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 8
+-
+
+dn: CN=RDN,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 9
+-
+
+dn: CN=Object-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 9
+-
+
+dn: CN=Repl-Property-Meta-Data,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 8
+-
+
+dn: CN=User-Account-Control,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 9
+-
+
+dn: CN=NC-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 8
+-
+
+dn: CN=USN-Created,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 9
+-
+
+dn: CN=Governs-ID,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 8
+-
+
+dn: CN=Attribute-ID,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 8
+-
+
+dn: CN=Attribute-Syntax,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 8
+-
+
+dn: CN=Obj-Dist-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 8
+-
+
+dn: CN=USN-Changed,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 9
+-
+
+dn: CN=Legacy-Exchange-DN,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 13
+-
+
+dn: CN=Object-Sid,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 9
+-
+
+dn: CN=SAM-Account-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 13
+-
+
+dn: CN=OM-Syntax,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 8
+-
+
+dn: CN=Group-Type,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 9
+-
+
+dn: CN=NT-Security-Descriptor,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 8
+-
+
+dn: CN=System-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 8
+-
+
+dn: CN=MSMQ-Owner-ID,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 9
+-
+
+dn: CN=LDAP-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 9
+-
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1249
+systemMayContain: 1.2.840.113556.1.4.1304
+-
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.549
+systemMayContain: 1.2.840.113556.1.4.550
+systemMayContain: 1.2.840.113556.1.4.551
+systemMayContain: 1.2.840.113556.1.4.552
+systemMayContain: 1.2.840.113556.1.4.553
+systemMayContain: 1.2.840.113556.1.4.554
+systemMayContain: 1.2.840.113556.1.4.555
+systemMayContain: 1.2.840.113556.1.4.556
+-
+
+dn: CN=DHCP-Class,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemMayContain
+systemMayContain: 2.5.4.13
+-
+
+dn: CN=Sam-Server,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.145
+systemMayContain: 1.2.840.113556.1.2.281
+-
+
+dn: CN=Security-Principal,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1301
+systemMayContain: 1.2.840.113556.1.4.1303
+-
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.194
+systemMayContain: 1.2.840.113556.1.2.226
+systemMayContain: 1.2.840.113556.1.4.112
+systemMayContain: 1.2.840.113556.1.4.145
+systemMayContain: 1.2.840.113556.1.4.201
+-
+
+dn: CN=Organizational-Person,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemMayContain
+systemMayContain: 2.5.4.4
+systemMayContain: 2.5.4.20
+-
+
+dn: CN=Group,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemMayContain
+systemMayContain: 2.5.4.13
+-
+
+dn: CN=DMD,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.482
+-
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.25
+-
+
+dn: CN=Cross-Ref,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.557
+-
+
+dn: CN=Configuration,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemMayContain
+systemMayContain: 2.5.4.13
+-
+
+dn: CN=Connection-Point,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemMayContain
+systemMayContain: 2.5.4.13
+-
+
+dn: CN=Certification-Authority,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.69
+-
+
+dn: CN=Server,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.452
+systemMayContain: 1.2.840.113556.1.4.69
+-
+
+dn: CN=Domain-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemMayContain
+systemMayContain: 2.5.4.13
+-
+
+dn: CN=Group-Policy-Container,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.13
+-
+
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.69
+systemMayContain: 1.2.840.113556.1.4.344
+systemMayContain: 1.2.840.113556.1.4.345
+systemMayContain: 1.2.840.113556.1.4.771
+systemMayContain: 2.5.4.13
+systemMayContain: 2.5.4.36
+-
+
+dn: CN=Site,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.211
+-
+
+dn: CN=MSMQ-Configuration,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultHidingValue
+defaultHidingValue: TRUE
+-
+
+dn: CN=MSMQ-Enterprise-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultHidingValue
+defaultHidingValue: TRUE
+-
+
+dn: CN=MSMQ-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultHidingValue
+defaultHidingValue: TRUE
+-
+
+dn: CN=Mail-Recipient,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.13
+systemMayContain: 1.2.840.113556.1.2.169
+systemMayContain: 1.2.840.113556.1.2.210
+systemMayContain: 1.2.840.113556.1.2.353
+systemMayContain: 1.2.840.113556.1.2.464
+-
+
+dn: CN=NTDS-DSA,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.211
+-
+
+dn: CN=Application-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemMayContain
+systemMayContain: 2.5.4.13
+-
+
+dn: CN=Application-Site-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemMayContain
+systemMayContain: 2.5.4.13
+-
+
+dn: CN=NTDS-Site-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1246
+systemMayContain: 1.2.840.113556.1.4.1247
+systemMayContain: 1.2.840.113556.1.4.1248
+-
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.211
+-
+
+dn: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.13
+-
+
+dn: CN=Control-Access-Right,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.13
+-
+
+dn: CN=Assoc-Remote-DXA,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: LinkID
+LinkID: 123
+-
+
+dn: CN=NNTP-Newsfeeds,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: LinkID
+LinkID: 141
+-
+
+dn: CN=Supporting-Stack-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: LinkID
+LinkID: 133
+-
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+
+# name change for MSMQ objects
+
+dn: CN=msmq-Peak-Dead-Letter,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemFlags
+systemFlags: 1073741824
+-
+
+dn: CN=msmq-Peak-Dead-Letter,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModRdn
+newrdn: msmq-Peek-Dead-Letter
+deleteoldrdn: 1
+
+dn: CN=msmq-Peek-Dead-Letter,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemFlags
+-
+
+dn: CN=msmq-Receive-machine-Journal,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemFlags
+systemFlags: 1073741824
+-
+
+dn: CN=msmq-Receive-machine-Journal,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModRdn
+newrdn: msmq-Receive-computer-Journal
+deleteoldrdn: 1
+
+dn: CN=msmq-Receive-computer-Journal,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemFlags
+-
+
+dn: CN=msmq-Peak-machine-Journal,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemFlags
+systemFlags: 1073741824
+-
+
+dn: CN=msmq-Peak-machine-Journal,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModRdn
+newrdn: msmq-Peek-computer-Journal
+deleteoldrdn: 1
+
+dn: CN=msmq-Peek-computer-Journal,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemFlags
+-
+
+dn: CN=msmq-Peak,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemFlags
+systemFlags: 1073741824
+-
+
+dn: CN=msmq-Peak,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModRdn
+newrdn: msmq-Peek
+deleteoldrdn: 1
+
+dn: CN=msmq-Peek,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemFlags
+-
+
+dn: CN=msmq-Peek-Dead-Letter,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: displayName
+displayName: Peek Dead Letter
+-
+
+dn: CN=msmq-Receive-computer-Journal,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: displayName
+displayName: Receive Computer Journal
+-
+
+dn: CN=msmq-Peek-computer-Journal,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: displayName
+displayName: Peek Computer Journal
+-
+
+dn: CN=msmq-Peek,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: displayName
+displayName: Peek Message
+-
+
+dn: CN=mSMQQueue-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: classDisplayName
+classDisplayName: MSMQ Queue
+-
+add: treatAsLeaf
+treatAsLeaf: TRUE
+-
+
+dn: CN=mSMQConfiguration-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: classDisplayName
+classDisplayName: MSMQ Configuration
+-
+
+dn: CN=mSMQEnterpriseSettings-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: classDisplayName
+classDisplayName: MSMQ Enterprise
+-
+
+dn: CN=mSMQSiteLink-display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: classDisplayName
+classDisplayName: MSMQ Site Link
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 7
+-
+
+```
+
+### Sch8.ldf
+
+```
+dn: CN=Print-Duplex-Supported,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModRdn
+newrdn: Print-Duplex-Supported-Unused
+deleteoldrdn: 1
+
+dn: CN=Print-Duplex-Supported-Unused,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: adminDisplayName
+adminDisplayName: Print-Duplex-Supported-Unused
+-
+replace: adminDescription
+adminDescription: Print-Duplex-Supported-Unused
+-
+replace: ldapDisplayName
+ldapDisplayName: printDuplexSupportedUnused
+-
+replace: schemaIdGuid
+schemaIdGuid:: AsPDrFY80hGf8LYGeY0bDw==
+-
+
+dn: CN=Assoc-NT-Account-Unused,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModRdn
+newrdn: DS-Heuristics
+deleteoldrdn: 1
+
+dn: CN=DS-Heuristics,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: adminDisplayName
+adminDisplayName: DS-Heuristics
+-
+replace: adminDescription
+adminDescription: DS-Heuristics
+-
+replace: ldapDisplayName
+ldapDisplayName: dSHeuristics
+-
+delete: mapiID
+-
+
+
+dn: cn=print-duplex-supported,cn=schema,cn=configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+lDAPDisplayName: printDuplexSupported
+adminDescription: Print-Duplex-Supported
+adminDisplayName: Print-Duplex-Supported
+attributeID: 1.2.840.113556.1.4.1311
+attributeSyntax: 2.5.5.8
+oMSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIDGUID:: zBYUKGgZ0BGijwCqADBJ4g==
+showInAdvancedViewOnly: TRUE
+isMemberOfPartialAttributeSet: TRUE
+
+dn: CN=Move-Tree-State,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: moveTreeState
+adminDisplayName: Move-Tree-State
+adminDescription: Move-Tree-State
+attributeId: 1.2.840.113556.1.4.1305
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: yMIqH3E70hGQzADAT9kasQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=PKI-Key-Usage,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: pKIKeyUsage
+adminDisplayName: PKI-Key-Usage
+adminDescription: PKI-Key-Usage
+attributeId: 1.2.840.113556.1.4.1328
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: fqiw6Z070hGQzADAT9kasQ==
+showInAdvancedViewOnly: TRUE
+isMemberOfPartialAttributeSet: TRUE
+
+dn: CN=DNS-Property,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: dNSProperty
+adminDisplayName: DNS-Property
+adminDescription: DNS-Property
+attributeId: 1.2.840.113556.1.4.1306
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: /hVaZ3A70hGQzADAT9kasQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=DS-Heuristics,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: dSHeuristics
+adminDisplayName: DS-Heuristics
+adminDescription: DS-Heuristics
+attributeId: 1.2.840.113556.1.2.212
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: hv/48JER0BGgYACqAGwz7Q==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=MSMQ-Interval1,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mSMQInterval1
+adminDisplayName: MSMQ-Interval1
+adminDescription: MSMQ-Interval1
+attributeId: 1.2.840.113556.1.4.1308
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: qiWojns70hGQzADAT9kasQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=MSMQ-Interval2,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mSMQInterval2
+adminDisplayName: MSMQ-Interval2
+adminDescription: MSMQ-Interval2
+attributeId: 1.2.840.113556.1.4.1309
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: Uo+4mXs70hGQzADAT9kasQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ACS-Server-List,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: aCSServerList
+adminDisplayName: ACS-Server-List
+adminDescription: ACS-Server-List
+attributeId: 1.2.840.113556.1.4.1312
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: pVm9fJA70hGQzADAT9kasQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=PKI-Default-CSPs,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: pKIDefaultCSPs
+adminDisplayName: PKI-Default-CSPs
+adminDescription: PKI-Default-CSPs
+attributeId: 1.2.840.113556.1.4.1334
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: bjP2Hp470hGQzADAT9kasQ==
+showInAdvancedViewOnly: TRUE
+isMemberOfPartialAttributeSet: TRUE
+
+dn: CN=MSMQ-Site-Gates-Mig,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mSMQSiteGatesMig
+adminDisplayName: MSMQ-Site-Gates-Mig
+adminDescription: MSMQ-Site-Gates-Mig
+attributeId: 1.2.840.113556.1.4.1310
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: Ukhw4ns70hGQzADAT9kasQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=PKI-Overlap-Period,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: pKIOverlapPeriod
+adminDisplayName: PKI-Overlap-Period
+adminDescription: PKI-Overlap-Period
+attributeId: 1.2.840.113556.1.4.1332
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 7KMZEp470hGQzADAT9kasQ==
+showInAdvancedViewOnly: TRUE
+isMemberOfPartialAttributeSet: TRUE
+
+dn: CN=PKI-Default-Key-Spec,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: pKIDefaultKeySpec
+adminDisplayName: PKI-Default-Key-Spec
+adminDescription: PKI-Default-Key-Spec
+attributeId: 1.2.840.113556.1.4.1327
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: bq5sQp070hGQzADAT9kasQ==
+showInAdvancedViewOnly: TRUE
+isMemberOfPartialAttributeSet: TRUE
+
+dn: CN=ACS-Minimum-Latency,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: aCSMinimumLatency
+adminDisplayName: ACS-Minimum-Latency
+adminDescription: ACS-Minimum-Latency
+attributeId: 1.2.840.113556.1.4.1316
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: +/4XlZA70hGQzADAT9kasQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ACS-Maximum-SDU-Size,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: aCSMaximumSDUSize
+adminDisplayName: ACS-Maximum-SDU-Size
+adminDescription: ACS-Maximum-SDU-Size
+attributeId: 1.2.840.113556.1.4.1314
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: +diih5A70hGQzADAT9kasQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=Account-Name-History,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: accountNameHistory
+adminDisplayName: Account-Name-History
+adminDescription: Account-Name-History
+attributeId: 1.2.840.113556.1.4.1307
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 7FIZA3I70hGQzADAT9kasQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=PKI-Max-Issuing-Depth,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: pKIMaxIssuingDepth
+adminDisplayName: PKI-Max-Issuing-Depth
+adminDescription: PKI-Max-Issuing-Depth
+attributeId: 1.2.840.113556.1.4.1329
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: +t6/8J070hGQzADAT9kasQ==
+showInAdvancedViewOnly: TRUE
+isMemberOfPartialAttributeSet: TRUE
+
+dn: CN=PKI-Extended-Key-Usage,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: pKIExtendedKeyUsage
+adminDisplayName: PKI-Extended-Key-Usage
+adminDescription: PKI-Extended-Key-Usage
+attributeId: 1.2.840.113556.1.4.1333
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 9mqXGJ470hGQzADAT9kasQ==
+showInAdvancedViewOnly: TRUE
+isMemberOfPartialAttributeSet: TRUE
+
+dn: CN=PKI-Expiration-Period,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: pKIExpirationPeriod
+adminDisplayName: PKI-Expiration-Period
+adminDescription: PKI-Expiration-Period
+attributeId: 1.2.840.113556.1.4.1331
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 0nAVBJ470hGQzADAT9kasQ==
+showInAdvancedViewOnly: TRUE
+isMemberOfPartialAttributeSet: TRUE
+
+dn: CN=ACS-Minimum-Policed-Size,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: aCSMinimumPolicedSize
+adminDisplayName: ACS-Minimum-Policed-Size
+adminDescription: ACS-Minimum-Policed-Size
+attributeId: 1.2.840.113556.1.4.1315
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: lXEOjZA70hGQzADAT9kasQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=PKI-Critical-Extensions,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: pKICriticalExtensions
+adminDisplayName: PKI-Critical-Extensions
+adminDescription: PKI-Critical-Extensions
+attributeId: 1.2.840.113556.1.4.1330
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: BpFa/J070hGQzADAT9kasQ==
+showInAdvancedViewOnly: TRUE
+isMemberOfPartialAttributeSet: TRUE
+
+dn: CN=ACS-Non-Reserved-Peak-Rate,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: aCSNonReservedPeakRate
+adminDisplayName: ACS-Non-Reserved-Peak-Rate
+adminDescription: ACS-Non-Reserved-Peak-Rate
+attributeId: 1.2.840.113556.1.4.1318
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: P6cxo5A70hGQzADAT9kasQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ACS-Non-Reserved-Token-Size,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: aCSNonReservedTokenSize
+adminDisplayName: ACS-Non-Reserved-Token-Size
+adminDescription: ACS-Non-Reserved-Token-Size
+attributeId: 1.2.840.113556.1.4.1319
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: ydcWqZA70hGQzADAT9kasQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ACS-Minimum-Delay-Variation,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: aCSMinimumDelayVariation
+adminDisplayName: ACS-Minimum-Delay-Variation
+adminDescription: ACS-Minimum-Delay-Variation
+attributeId: 1.2.840.113556.1.4.1317
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: mzJlnJA70hGQzADAT9kasQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ACS-Max-Token-Bucket-Per-Flow,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: aCSMaxTokenBucketPerFlow
+adminDisplayName: ACS-Max-Token-Bucket-Per-Flow
+adminDescription: ACS-Max-Token-Bucket-Per-Flow
+attributeId: 1.2.840.113556.1.4.1313
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 3+D2gZA70hGQzADAT9kasQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ACS-Non-Reserved-Max-SDU-Size,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: aCSNonReservedMaxSDUSize
+adminDisplayName: ACS-Non-Reserved-Max-SDU-Size
+adminDescription: ACS-Non-Reserved-Max-SDU-Size
+attributeId: 1.2.840.113556.1.4.1320
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 48/CrpA70hGQzADAT9kasQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ACS-Non-Reserved-Min-Policed-Size,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: aCSNonReservedMinPolicedSize
+adminDisplayName: ACS-Non-Reserved-Min-Policed-Size
+adminDescription: ACS-Non-Reserved-Min-Policed-Size
+attributeId: 1.2.840.113556.1.4.1321
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: FzmHtpA70hGQzADAT9kasQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=MSMQ-User-Sid,CN=Schema,CN=Configuration,DC=arobindg15,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mSMQUserSid
+adminDisplayName: MSMQ-User-Sid
+adminDescription: MSMQ-User-Sid
+attributeId: 1.2.840.113556.1.4.1337
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 128
+schemaIdGuid:: Mq6KxflW0hGQ0ADAT9kasQ==
+showInAdvancedViewOnly: TRUE
+isMemberOfPartialAttributeSet: TRUE
+
+dn: CN=Repl-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: replInterval
+adminDisplayName: Repl-Interval
+adminDescription: Repl-Interval
+attributeId: 1.2.840.113556.1.4.1336
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: Gp26RfpW0hGQ0ADAT9kasQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=PKI-Enrollment-Access,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: pKIEnrollmentAccess
+adminDisplayName: PKI-Enrollment-Access
+adminDescription: PKI-Enrollment-Access
+attributeId: 1.2.840.113556.1.4.1335
+attributeSyntax: 2.5.5.15
+omSyntax: 66
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: eOJrkvlW0hGQ0ADAT9kasQ==
+showInAdvancedViewOnly: TRUE
+isMemberOfPartialAttributeSet: TRUE
+
+dn: CN=SPN-Mappings,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: sPNMappings
+adminDisplayName: SPN-Mappings
+adminDescription: SPN-Mappings
+attributeId: 1.2.840.113556.1.4.1347
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: bOewKkFw0hGZBQAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=Template-Roots,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: templateRoots
+adminDisplayName: Template-Roots
+adminDescription: Template-Roots
+attributeId: 1.2.840.113556.1.4.1346
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: oOmd7UFw0hGZBQAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=DS-UI-Admin-Maximum,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: dSUIAdminMaximum
+adminDisplayName: DS-UI-Admin-Maximum
+adminDescription: DS-UI-Admin-Maximum
+attributeId: 1.2.840.113556.1.4.1344
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 4AqN7pFv0hGZBQAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=DS-UI-Shell-Maximum,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: dSUIShellMaximum
+adminDisplayName: DS-UI-Shell-Maximum
+adminDescription: DS-UI-Shell-Maximum
+attributeId: 1.2.840.113556.1.4.1345
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: anbK/JFv0hGZBQAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=DS-UI-Admin-Notification,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: dSUIAdminNotification
+adminDisplayName: DS-UI-Admin-Notification
+adminDescription: DS-UI-Admin-Notification
+attributeId: 1.2.840.113556.1.4.1343
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: lArq9pFv0hGZBQAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+
+dn: CN=Localization-Display-Id,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: localizationDisplayId
+adminDisplayName: Localization-Display-Id
+adminDescription: Localization-Display-Id
+attributeId: 1.2.840.113556.1.4.1353
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 0fBGp9B40hGZFgAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=GPC-User-Extension-Names,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: gPCUserExtensionNames
+adminDisplayName: GPC-User-Extension-Names
+adminDescription: GPC-User-Extension-Names
+attributeId: 1.2.840.113556.1.4.1349
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: xl+nQj940hGZFgAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+
+dn: CN=GPC-Machine-Extension-Names,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: gPCMachineExtensionNames
+adminDisplayName: GPC-Machine-Extension-Names
+adminDescription: GPC-Machine-Extension-Names
+attributeId: 1.2.840.113556.1.4.1348
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: zI7/Mj940hGZFgAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=Scope-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: scopeFlags
+adminDisplayName: Scope-Flags
+adminDescription: Scope-Flags
+attributeId: 1.2.840.113556.1.4.1354
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: wqTzFnl+0hGZIQAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=Query-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: queryFilter
+adminDisplayName: Query-Filter
+adminDescription: Query-Filter
+attributeId: 1.2.840.113556.1.4.1355
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: Jgr3y3h+0hGZIQAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=Valid-Accesses,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: validAccesses
+adminDisplayName: Valid-Accesses
+adminDescription: Valid-Accesses
+attributeId: 1.2.840.113556.1.4.1356
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: gKMvTVR/0hGZKgAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=DS-Core-Propagation-Data,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+lDAPDisplayName: dSCorePropagationData
+adminDescription: DS-Core-Propagation-Data
+adminDisplayName: DS-Core-Propagation-Data
+attributeID: 1.2.840.113556.1.4.1357
+attributeSyntax: 2.5.5.11
+oMSyntax: 24
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+schemaIDGUID:: S6pn0QiL0hGZOQAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 17
+
+dn: CN=Schema-Info,CN=schema,CN=configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+lDAPDisplayName: schemaInfo
+adminDescription: Schema-Info
+adminDisplayName: Schema-Info
+attributeID: 1.2.840.113556.1.4.1358
+attributeSyntax: 2.5.5.10
+oMSyntax: 4
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+schemaIDGUID:: rmT7+bST0hGZRQAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+
+dn: CN=DS-UI-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: dSUISettings
+adminDisplayName: DS-UI-Settings
+adminDescription: DS-UI-Settings
+governsId: 1.2.840.113556.1.5.183
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.1345
+systemMayContain: 1.2.840.113556.1.4.1343
+systemMayContain: 1.2.840.113556.1.4.1344
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: FA+xCZNv0hGZBQAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=DS-UI-Settings,CN=Schema,CN=Configuration,DC=X
+
+
+
+dn: CN=PKI-Enrollment-Service,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: pKIEnrollmentService
+adminDisplayName: PKI-Enrollment-Service
+adminDescription: PKI-Enrollment-Service
+governsId: 1.2.840.113556.1.5.178
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.824
+systemMayContain: 1.2.840.113556.1.4.825
+systemMayContain: 1.2.840.113556.1.4.619
+systemMayContain: 1.2.840.113556.1.4.823
+systemMayContain: 1.2.840.113556.1.4.697
+systemMayContain: 2.5.4.37
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: kqZK7ro70hGQzADAT9kasQ==
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=PKI-Enrollment-Service,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PKI-Certificate-Template,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: pKICertificateTemplate
+adminDisplayName: PKI-Certificate-Template
+adminDescription: PKI-Certificate-Template
+governsId: 1.2.840.113556.1.5.177
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.1332
+systemMayContain: 1.2.840.113556.1.4.1329
+systemMayContain: 1.2.840.113556.1.4.1328
+systemMayContain: 1.2.840.113556.1.4.1333
+systemMayContain: 1.2.840.113556.1.4.1331
+systemMayContain: 1.2.840.113556.1.4.1334
+systemMayContain: 1.2.840.113556.1.4.1327
+systemMayContain: 1.2.840.113556.1.4.1330
+systemMayContain: 1.2.840.113556.1.4.38
+systemMayContain: 1.2.840.113556.1.2.13
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: opwg5bo70hGQzADAT9kasQ==
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=PKI-Certificate-Template,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=MSMQ-Migrated-User,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: mSMQMigratedUser
+adminDisplayName: MSMQ-Migrated-User
+adminDescription: MSMQ-Migrated-User
+governsId: 1.2.840.113556.1.5.179
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.967
+systemMayContain: 1.2.840.113556.1.4.947
+systemMayContain: 1.2.840.113556.1.4.966
+systemMayContain: 1.2.840.113556.1.4.948
+systemMayContain: 1.2.840.113556.1.4.146
+systemPossSuperiors: 2.5.6.5
+systemPossSuperiors: 1.2.840.113556.1.5.67
+systemPossSuperiors: 1.2.840.113556.1.5.4
+schemaIdGuid:: l2l3UD080hGQzADAT9kasQ==
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Migrated-User,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=DMD,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1358
+-
+
+dn: CN=Display-Specifier,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1354
+systemMayContain: 1.2.840.113556.1.4.1355
+-
+
+dn: CN=Control-Access-Right,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1356
+-
+
+dn: CN=msExch-Configuration-Container,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1346
+-
+
+dn: CN=NTDS-Service,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1347
+-
+
+dn: CN=NTDS-Site-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.211
+-
+
+dn: CN=NTFRS-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemPossSuperiors
+systemPossSuperiors: 1.2.840.113556.1.5.89
+-
+
+dn: CN=Inter-Site-Transport,CN=Schema,CN=Configuration,DC=arobindg15,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1336
+systemMayContain: 1.2.840.113556.1.4.307
+-
+
+dn: CN=Site-Link,CN=Schema,CN=Configuration,DC=arobindg15,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.307
+systemMayContain: 1.2.840.113556.1.4.1336
+-
+
+dn: CN=PKI-Certificate-Template,CN=Schema,CN=Configuration,DC=arobindg15,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1335
+-
+
+dn: CN=MSMQ-Migrated-User,CN=Schema,CN=Configuration,DC=arobindg15,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1337
+-
+
+dn: CN=Group-Policy-Container,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1348
+systemMayContain: 1.2.840.113556.1.4.1349
+-
+
+dn: CN=Control-Access-Right,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1353
+-
+
+dn: CN=E-Mail-Addresses,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mapiID
+mapiID: 14846
+-
+
+dn: CN=Assoc-NT-Account,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mapiID
+mapiID: 32807
+-
+
+dn: CN=Assoc-NT-Account,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: mapiID
+-
+
+dn: CN=Object-Sid,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mapiID
+mapiID: 32807
+-
+
+dn: CN=Keywords,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 1
+-
+add: isMemberOfPartialAttributeSet
+isMemberOfPartialAttributeSet: TRUE
+-
+
+dn: CN=Netboot-Machine-File-Path,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: isMemberOfPartialAttributeSet
+isMemberOfPartialAttributeSet: TRUE
+-
+
+dn: CN=Netboot-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: isMemberOfPartialAttributeSet
+isMemberOfPartialAttributeSet: TRUE
+-
+
+dn: CN=MSMQ-Digests-Mig,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: isMemberOfPartialAttributeSet
+isMemberOfPartialAttributeSet: TRUE
+-
+
+dn: CN=MSMQ-Sign-Certificates-Mig,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: isMemberOfPartialAttributeSet
+isMemberOfPartialAttributeSet: TRUE
+-
+
+dn: CN=Manager,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: isMemberOfPartialAttributeSet
+isMemberOfPartialAttributeSet: TRUE
+-
+
+dn: CN=Service-Binding-Information,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: isMemberOfPartialAttributeSet
+isMemberOfPartialAttributeSet: TRUE
+-
+
+dn: CN=Global-Address-List,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: isSingleValued
+isSingleValued: FALSE
+-
+
+dn: CN=Site-Server,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: isSingleValued
+isSingleValued: FALSE
+-
+
+dn: CN=Directory-Cfg,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.212
+-
+
+dn: CN=Security-Principal,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1307
+-
+
+dn: CN=ACS-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1313
+systemMayContain: 1.2.840.113556.1.4.1314
+systemMayContain: 1.2.840.113556.1.4.1315
+systemMayContain: 1.2.840.113556.1.4.1316
+systemMayContain: 1.2.840.113556.1.4.1317
+-
+
+dn: CN=ACS-Subnet,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1312
+systemMayContain: 1.2.840.113556.1.4.1318
+systemMayContain: 1.2.840.113556.1.4.1319
+systemMayContain: 1.2.840.113556.1.4.1320
+systemMayContain: 1.2.840.113556.1.4.1321
+-
+
+dn: CN=Lost-And-Found,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemOnly
+systemOnly: FALSE
+-
+
+dn: CN=Lost-And-Found,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1305
+-
+
+dn: CN=Mailbox,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.212
+-
+
+dn: CN=Container,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemPossSuperiors
+systemPossSuperiors: 1.2.840.113556.1.5.96
+-
+
+dn: CN=Print-Queue,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1311
+-
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.236
+-
+
+dn: CN=Intellimirror-Group,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultHidingValue
+defaultHidingValue: TRUE
+-
+
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.222
+-
+
+dn: CN=Site,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.222
+systemMayContain: 1.2.840.113556.1.4.1308
+systemMayContain: 1.2.840.113556.1.4.1309
+-
+
+dn: CN=MSMQ-Enterprise-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1308
+systemMayContain: 1.2.840.113556.1.4.1309
+-
+
+dn: CN=MSMQ-Site-Link,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1310
+-
+
+
+dn: CN=Remote-Address,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.212
+-
+
+dn: CN=NTDS-Service,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.212
+-
+
+dn: CN=NNTP-Newsfeed,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.212
+-
+
+dn: CN=Dns-Zone,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1306
+-
+
+dn: CN=Dns-Node,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1306
+-
+
+dn: CN=Subnet,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.222
+-
+
+dn: CN=rpc-Group,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.114
+-
+delete: systemMustContain
+systemMustContain: 1.2.840.113556.1.4.114
+-
+
+dn: CN=rpc-Profile-Element,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.118
+-
+delete: systemMustContain
+systemMustContain: 1.2.840.113556.1.4.118
+-
+
+dn: CN=Company,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: ldapDisplayName
+ldapDisplayName: company
+-
+
+dn: CN=Text-Country,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: ldapDisplayName
+ldapDisplayName: co
+-
+
+dn: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemPossSuperiors
+systemPossSuperiors: container
+-
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;RPWPCR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWPCR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWPCR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWPCR;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWPCR;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWPCR;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;RPWPCR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)
+-
+
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLORC;;;AU)(OA;;RPWPCR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;CCDC;;;PS)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)
+-
+
+dn: CN=Group-Policy-Container,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:P(A;;RPWPCCDCLCLOLORCWOWDSDDTSW;;;DA)(A;CIOI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;EA)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(OA;;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)
+-
+
+dn: CN=X509-Cert,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: attributeSecurityGuid
+attributeSecurityGUID:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Country,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.131
+-
+
+dn: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.131
+-
+
+dn: CN=Organizational-Person,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.131
+-
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1357
+-
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+# Config NC changes
+
+dn: CN=nTDSSettings-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: classDisplayName
+classDisplayName: Settings
+-
+
+dn: CN=nTDSDSA-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: classDisplayName
+classDisplayName: Domain Controller Settings
+-
+
+dn: CN=nTDSConnection-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: classDisplayName
+classDisplayName: Connection
+-
+
+dn: CN=nTFRSSettings-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: classDisplayName
+classDisplayName: FRS Settings
+-
+
+dn: CN=nTFRSReplicaSet-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: classDisplayName
+classDisplayName: FRS Replica Set
+-
+
+dn: CN=nTDSSiteSettings-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: classDisplayName
+classDisplayName: Site Settings
+-
+
+dn: CN=nTFRSMember-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: classDisplayName
+classDisplayName: FRS Member
+-
+
+dn: CN=nTFRSSubscriber-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: classDisplayName
+classDisplayName: FRS Subscriber
+-
+
+dn: CN=nTFRSSubscriptions-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: classDisplayName
+classDisplayName: FRS Subscriptions
+-
+
+dn: CN=nTDSService-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: classDisplayName
+classDisplayName: Service
+-
+
+dn: CN=mSMQSiteLink-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: classDisplayName
+classDisplayName: MSMQ Routing Link
+-
+
+dn: CN=user-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: adminPropertyPages
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+-
+
+dn: CN=printQueue-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: attributeDisplayNames
+attributeDisplayNames: whenCreated,Date Published
+-
+
+dn: CN=MsmqServices,CN=Services,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: mSMQEnterpriseSettings
+mSmQVersion: 200
+showInAdvancedViewOnly: TRUE
+
+dn: CN=DS-Install-Replica,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+displayName: Add/Remove Replica In Domain
+rightsGUID: 9923a32a-3607-11d2-b9be-0000f87a36b2
+showInAdvancedViewOnly: TRUE
+
+dn: CN=Change-Infrastructure-Master,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+appliesTo: 2df90d89-009f-11d2-aa4c-00c04fd7d83a
+displayName: Change Infrastructure Master
+rightsGUID: cc17b1fb-33d9-11d2-97d4-00c04fd8d5cd
+showInAdvancedViewOnly: TRUE
+
+dn: CN=sitesContainer-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: adminPropertyPages
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+-
+
+dn: CN=interSiteTransportContainer-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: adminPropertyPages
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+-
+
+dn: CN=interSiteTransport-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: adminPropertyPages
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+-
+delete: adminPropertyPages
+adminPropertyPages: 1,{6DFE6491-AC8D-11D0-B945-00C04FD8D5B0}
+-
+
+dn: CN=subnetContainer-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: adminPropertyPages
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+-
+
+dn: CN=serversContainer-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: adminPropertyPages
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+-
+
+dn: CN=nTDSService-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: adminPropertyPages
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+-
+
+dn: CN=queryPolicy-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: adminPropertyPages
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+-
+
+dn: CN=user-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: attributeDisplayNames
+attributeDisplayNames: countryCode,Country Code
+attributeDisplayNames: comment,User Account Comment
+-
+add: attributeDisplayNames
+attributeDisplayNames: comment,Comment
+attributeDisplayNames: samAccountName,Downlevel Logon Name
+-
+
+dn: CN=user-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: attributeDisplayNames
+attributeDisplayNames: co,Company
+-
+add: attributeDisplayNames
+attributeDisplayNames: company,Company
+-
+
+dn: CN=contact-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: attributeDisplayNames
+attributeDisplayNames: co,Company
+-
+add: attributeDisplayNames
+attributeDisplayNames: company,Company
+-
+
+dn: CN=computer-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: attributeDisplayNames
+attributeDisplayNames: type,Type
+-
+add: attributeDisplayNames
+attributeDisplayNames: managedBy,Managed By
+-
+
+dn: CN=computer-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminPropertyPages
+-
+
+dn: CN=computer-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: adminPropertyPages
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{9da6fd64-c63b-11d0-b94d-00c04fd8d5b0}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+-
+
+dn: CN=computer-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: createWizardExt
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+-
+
+dn: CN=site-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminPropertyPages
+-
+
+dn: CN=site-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: adminPropertyPages
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+-
+
+dn: CN=subnet-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminPropertyPages
+-
+
+dn: CN=subnet-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: adminPropertyPages
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+-
+
+dn: CN=organizationalUnit-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeDisplayNames
+attributeDisplayNames: managedBy,Managed By
+-
+
+dn: CN=volume-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeDisplayNames
+attributeDisplayNames: managedBy,Managed By
+attributeDisplayNames: keywords,Keywords
+-
+
+dn: CN=pKICertificateTemplate-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: displaySpecifier
+adminPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+shellPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+contextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+adminContextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+classDisplayName: Certificate Template
+attributeDisplayNames: cn,Name
+attributeDisplayNames: description,Description
+iconPath: 0,capesnpn.dll,-227
+showInAdvancedViewOnly: TRUE
+
+dn: CN=DS-UI-Default-Settings,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: dSUISettings
+showInAdvancedViewOnly: TRUE
+
+dn: CN=RAS-Information,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: displayName
+displayName: Modify Remote Access Information
+-
+
+dn: CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: sPNMappings
+spnMappings: host=alerter,appmgmt,cisvc,clipsrv,browser,dhcp,dnscache,replicator,eventlog,eventsystem,policyagent,oakley,dmserver,ldp,ldap,dns,mcsvc,fax,msiserver,ias,messenger,netlogon,netman,netdde,netddedsm,nmagent,plugplay,protectedstorage,rasman,rpclocator,rpc,rpcss,remoteaccess,rsvp,samss,scardsvr,scesrv,seclogon,scm,dcom,cifs,spooler,snmp,schedule,tapisrv,trksvr,trkwks,ups,time,wins,www,http,w3svc,iisadmin
+-
+
+dn: CN=user-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminPropertyPages
+adminPropertyPages: 2,{9da6fd66-c63b-11d0-b94d-00c04fd8d5b0}
+-
+
+dn: CN=contact-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminPropertyPages
+adminPropertyPages: 2,{9da6fd66-c63b-11d0-b94d-00c04fd8d5b0}
+-
+
+dn: CN=serviceAdministrationPoint-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminPropertyPages
+adminPropertyPages: 2,{9da6fd64-c63b-11d0-b94d-00c04fd8d5b0}
+-
+
+dn: CN=computer-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminPropertyPages
+adminPropertyPages: 2,{9da6fd64-c63b-11d0-b94d-00c04fd8d5b0}
+-
+
+dn: CN=volume-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminPropertyPages
+adminPropertyPages: 2,{9da6fd64-c63b-11d0-b94d-00c04fd8d5b0}
+-
+
+dn: CN=domainDNS-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminPropertyPages
+adminPropertyPages: 2,{9da6fd65-c63b-11d0-b94d-00c04fd8d5b0}
+-
+
+dn: CN=organizationalUnit-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminPropertyPages
+adminPropertyPages: 2,{9da6fd65-c63b-11d0-b94d-00c04fd8d5b0}
+-
+
+dn: CN=mSMQQueue-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminPropertyPages
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+-
+
+dn: CN=mSMQConfiguration-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminPropertyPages
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+-
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminPropertyPages
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+-
+add: adminPropertyPages
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+-
+
+dn: CN=mSMQSettings-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminPropertyPages
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+-
+add: adminPropertyPages
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+-
+
+dn: CN=mSMQSiteLink-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: adminPropertyPages
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+-
+add: adminPropertyPages
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+-
+
+
+dn: CN=Domain-Administer-Server,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 1
+-
+add: validAccesses
+validAccesses: 256
+-
+
+dn: CN=User-Change-Password,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 2
+-
+add: validAccesses
+validAccesses: 256
+-
+
+dn: CN=User-Force-Change-Password,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 3
+-
+add: validAccesses
+validAccesses: 256
+-
+
+dn: CN=Send-As,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 4
+-
+add: validAccesses
+validAccesses: 256
+-
+
+dn: CN=Receive-As,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 5
+-
+add: validAccesses
+validAccesses: 256
+-
+
+dn: CN=Send-To,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 6
+-
+add: validAccesses
+validAccesses: 256
+-
+
+dn: CN=Domain-Password,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 7
+-
+add: validAccesses
+validAccesses: 48
+-
+replace: displayName
+displayName: Domain Password & Lockout Policie
+-
+
+dn: CN=General-Information,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 8
+-
+add: validAccesses
+validAccesses: 48
+-
+replace: displayName
+displayName: General Information
+-
+
+dn: CN=User-Account-Restrictions,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 9
+-
+add: validAccesses
+validAccesses: 48
+-
+replace: displayName
+displayName: Account Restrictions
+-
+
+dn: CN=User-Logon,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 10
+-
+add: validAccesses
+validAccesses: 48
+-
+replace: displayName
+displayName: Logon Information
+-
+
+dn: CN=Membership,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 11
+-
+add: validAccesses
+validAccesses: 256
+-
+
+dn: CN=Lockout-Policy,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 12
+-
+add: validAccesses
+validAccesses: 48
+-
+replace: displayName
+displayName: Lockout Policy
+-
+
+dn: CN=Password-Policy,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 13
+-
+add: validAccesses
+validAccesses: 48
+-
+replace: displayName
+displayName: Password Policy
+-
+
+dn: CN=Domain-Configuration,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 14
+-
+add: validAccesses
+validAccesses: 48
+-
+replace: displayName
+displayName: Domain Policy Configuration
+-
+
+dn: CN=Domain-Policy-Ref,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 15
+-
+add: validAccesses
+validAccesses: 48
+-
+replace: displayName
+displayName: Domain Policy Reference
+-
+
+dn: CN=Privileges,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 16
+-
+add: validAccesses
+validAccesses: 48
+-
+replace: displayName
+displayName: Privileges
+-
+
+dn: CN=Administrative-Access,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 17
+-
+add: validAccesses
+validAccesses: 48
+-
+replace: displayName
+displayName: Logon Rights
+-
+
+dn: CN=Local-Policy-Ref,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 18
+-
+add: validAccesses
+validAccesses: 48
+-
+replace: displayName
+displayName: Local Policy Reference
+-
+
+dn: CN=Audit-Policy,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 19
+-
+add: validAccesses
+validAccesses: 48
+-
+replace: displayName
+displayName: Audit Policy
+-
+
+dn: CN=Builtin-Local-Groups,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 20
+-
+add: validAccesses
+validAccesses: 48
+-
+replace: displayName
+displayName: Administrative Roles
+-
+
+dn: CN=Open-Address-Book,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 21
+-
+add: validAccesses
+validAccesses: 256
+-
+
+dn: CN=Email-Information,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 22
+-
+add: validAccesses
+validAccesses: 48
+-
+replace: displayName
+displayName: Phone and Mail Options
+-
+
+dn: CN=Personal-Information,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 23
+-
+add: validAccesses
+validAccesses: 48
+-
+replace: displayName
+displayName: Personal Information
+-
+
+dn: CN=Web-Information,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 24
+-
+add: validAccesses
+validAccesses: 48
+-
+replace: displayName
+displayName: Web Information
+-
+
+dn: CN=DS-Replication-Get-Changes,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 25
+-
+add: validAccesses
+validAccesses: 256
+-
+
+dn: CN=DS-Replication-Synchronize,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 26
+-
+add: validAccesses
+validAccesses: 256
+-
+
+dn: CN=DS-Replication-Manage-Topology,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 27
+-
+add: validAccesses
+validAccesses: 256
+-
+
+dn: CN=Change-Schema-Master,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 28
+-
+add: validAccesses
+validAccesses: 256
+-
+
+dn: CN=Change-Rid-Master,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 29
+-
+add: validAccesses
+validAccesses: 256
+-
+
+dn: CN=Abandon-Replication,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 30
+-
+add: validAccesses
+validAccesses: 256
+-
+
+dn: CN=Do-Garbage-Collection,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 31
+-
+add: validAccesses
+validAccesses: 256
+-
+
+dn: CN=Recalculate-Hierarchy,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 32
+-
+add: validAccesses
+validAccesses: 256
+-
+
+dn: CN=Allocate-Rids,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 33
+-
+add: validAccesses
+validAccesses: 256
+-
+
+dn: CN=Change-PDC,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 34
+-
+add: validAccesses
+validAccesses: 256
+-
+
+dn: CN=Add-GUID,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 35
+-
+add: validAccesses
+validAccesses: 256
+-
+
+dn: CN=Change-Domain-Master,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 36
+-
+add: validAccesses
+validAccesses: 256
+-
+
+dn: CN=Public-Information,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 37
+-
+add: validAccesses
+validAccesses: 48
+-
+replace: displayName
+displayName: Public Information
+-
+
+dn: CN=msmq-Receive-Dead-Letter,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 38
+-
+add: validAccesses
+validAccesses: 256
+-
+
+dn: CN=msmq-Peek-Dead-Letter,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 39
+-
+add: validAccesses
+validAccesses: 256
+-
+
+dn: CN=msmq-Receive-computer-Journal,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 40
+-
+add: validAccesses
+validAccesses: 256
+-
+
+dn: CN=msmq-Peek-computer-Journal,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 41
+-
+add: validAccesses
+validAccesses: 256
+-
+
+dn: CN=msmq-Receive,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 42
+-
+add: validAccesses
+validAccesses: 256
+-
+
+dn: CN=msmq-Peek,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 43
+-
+add: validAccesses
+validAccesses: 256
+-
+
+dn: CN=msmq-Send,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 44
+-
+add: validAccesses
+validAccesses: 256
+-
+
+dn: CN=msmq-Receive-journal,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 45
+-
+add: validAccesses
+validAccesses: 256
+-
+
+dn: CN=msmq-Open-Connector,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 46
+-
+add: validAccesses
+validAccesses: 256
+-
+
+dn: CN=Apply-Group-Policy,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 47
+-
+add: validAccesses
+validAccesses: 256
+-
+
+dn: CN=RAS-Information,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 48
+-
+add: validAccesses
+validAccesses: 256
+-
+
+dn: CN=DS-Install-Replica,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 49
+-
+add: validAccesses
+validAccesses: 256
+-
+
+dn: CN=Change-Infrastructure-Master,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: localizationDisplayId
+localizationDisplayId: 50
+-
+add: validAccesses
+validAccesses: 256
+-
+
+dn: CN=Update-Schema-Cache,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+showInAdvancedViewOnly: TRUE
+appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2
+displayName: Update Schema Cache
+localizationDisplayId: 51
+rightsGUID: be2bb760-7f46-11d2-b9ad-00c04f79f805
+validAccesses: 256
+
+dn: CN=Recalculate-Security-Inheritance,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+showInAdvancedViewOnly: TRUE
+appliesTo: f0f8ffab-1191-11d0-a060-00aa006c33ed
+displayName: Recalculate Security Inheritance
+localizationDisplayId: 52
+rightsGUID: 62dd28a8-7f46-11d2-b9ad-00c04f79f805
+validAccesses: 256
+
+dn: CN=DS-Check-Stale-Phantoms,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+showInAdvancedViewOnly: TRUE
+appliesTo: f0f8ffab-1191-11d0-a060-00aa006c33ed
+displayName: Check Stale Phantoms
+localizationDisplayId: 53
+rightsGUID: 69ae6200-7f46-11d2-b9ad-00c04f79f805
+validAccesses: 256
+
+dn: CN=Certificate-Enrollment,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+showInAdvancedViewOnly: TRUE
+appliesTo:  e5209ca2-3bba-11d2-90cc-00c04fd91ab1
+displayname: Enroll
+localizationDisplayId: 54
+rightsGuid: 0e10c968-78fb-11d2-90d4-00c04f79dc55
+validAccesses: 256
+
+dn: CN=DEFAULTIPSITELINK,CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: cost
+cost: 100
+-
+add: replInterval
+replInterval: 180
+-
+
+dn: CN=IntellimirrorGroup-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: classDisplayName
+classDisplayName: Intellimirror Group
+-
+
+dn: CN=IntellimirrorSCP-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: classDisplayName
+classDisplayName: Intellimirror Service
+-
+
+dn: CN=organizationalUnit-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: attributeDisplayNames
+attributeDisplayNames: cn,Name
+-
+add: attributeDisplayNames
+attributeDisplayNames: cn,Common Name
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 8
+-
+
+```
+
+### Sch9.ldf
+
+```
+dn: CN=msExch-Configuration-Container,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModRdn
+newrdn: ms-Exch-Configuration-Container
+deleteoldrdn: 1
+
+dn: CN=ms-Exch-Configuration-Container,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: adminDisplayName
+adminDisplayName: ms-Exch-Configuration-Container
+-
+replace: adminDescription
+adminDescription: ms-Exch-Configuration-Container
+-
+
+dn: CN=Mime-Types,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModRdn
+newrdn: Mime-Types-Unused
+deleteoldrdn: 1
+
+dn: CN=Mime-Types-Unused,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: adminDisplayName
+adminDisplayName: Mime-Types-Unused
+-
+replace: adminDescription
+adminDescription: Mime-Types-Unused
+-
+replace: ldapDisplayName
+ldapDisplayName: mimeTypesUnused
+-
+
+
+dn: CN=DS-Core-Propagation-Data,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+lDAPDisplayName: dSCorePropagationData
+adminDescription: DS-Core-Propagation-Data
+adminDisplayName: DS-Core-Propagation-Data
+attributeID: 1.2.840.113556.1.4.1357
+attributeSyntax: 2.5.5.11
+oMSyntax: 24
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+schemaIDGUID:: S6pn0QiL0hGZOQAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 17
+
+dn: CN=Schema-Info,CN=schema,CN=configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+lDAPDisplayName: schemaInfo
+adminDescription: Schema-Info
+adminDisplayName: Schema-Info
+attributeID: 1.2.840.113556.1.4.1358
+attributeSyntax: 2.5.5.10
+oMSyntax: 4
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+schemaIDGUID:: rmT7+bST0hGZRQAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=Other-Well-Known-Objects,CN=schema,CN=configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+lDAPDisplayName: otherWellKnownObjects
+adminDescription: Other-Well-Known-Objects
+adminDisplayName: Other-Well-Known-Objects
+attributeID: 1.2.840.113556.1.4.1359
+attributeSyntax: 2.5.5.7
+oMSyntax: 127
+oMObjectClass:: KoZIhvcUAQEBCw==
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIDGUID:: XU6mHg+s0hGQ3wDAT9kasQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-DS-Consistency-Child-Count,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+lDAPDisplayName: mS-DS-ConsistencyChildCount
+adminDescription: MS-DS-Consistency-Child-Count
+adminDisplayName: MS-DS-Consistency-Child-Count
+attributeID: 1.2.840.113556.1.4.1361
+attributeSyntax: 2.5.5.9
+oMSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIDGUID:: wnuLFzq20hGQ4QDAT9kasQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+
+dn: CN=MS-DS-Consistency-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+lDAPDisplayName: mS-DS-ConsistencyGuid
+adminDescription: MS-DS-Consistency-Guid
+adminDisplayName: MS-DS-Consistency-Guid
+attributeID: 1.2.840.113556.1.4.1360
+attributeSyntax: 2.5.5.10
+oMSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIDGUID:: wj13Izq20hGQ4QDAT9kasQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-SPX,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-SPX
+adminDisplayName: MS-SQL-SPX
+adminDescription: MS-SQL-SPX
+attributeId: 1.2.840.113556.1.4.1376
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: BICwhu7M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-Name,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-Name
+adminDisplayName: MS-SQL-Name
+adminDescription: MS-SQL-Name
+attributeId: 1.2.840.113556.1.4.1363
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+schemaIdGuid:: 2N8yNe7M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-Size,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-Size
+adminDisplayName: MS-SQL-Size
+adminDescription: MS-SQL-Size
+attributeId: 1.2.840.113556.1.4.1396
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: hIAJ6e7M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-Type,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-Type
+adminDisplayName: MS-SQL-Type
+adminDescription: MS-SQL-Type
+attributeId: 1.2.840.113556.1.4.1391
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: qOtIyu7M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-Alias,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-Alias
+adminDisplayName: MS-SQL-Alias
+adminDescription: MS-SQL-Alias
+attributeId: 1.2.840.113556.1.4.1395
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+schemaIdGuid:: rrrG4O7M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-Build,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-Build
+adminDisplayName: MS-SQL-Build
+adminDescription: MS-SQL-Build
+attributeId: 1.2.840.113556.1.4.1368
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: xJQ+YO7M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-TCPIP,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-TCPIP
+adminDisplayName: MS-SQL-TCPIP
+adminDescription: MS-SQL-TCPIP
+attributeId: 1.2.840.113556.1.4.1377
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: pmPCiu7M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-Vines,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-Vines
+adminDisplayName: MS-SQL-Vines
+adminDescription: MS-SQL-Vines
+attributeId: 1.2.840.113556.1.4.1379
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: lGPFlO7M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-Memory,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-Memory
+adminDisplayName: MS-SQL-Memory
+adminDescription: MS-SQL-Memory
+attributeId: 1.2.840.113556.1.4.1367
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: jERdW+7M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-Status,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-Status
+adminDisplayName: MS-SQL-Status
+adminDescription: MS-SQL-Status
+attributeId: 1.2.840.113556.1.4.1380
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: cEd9mu7M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-Contact,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-Contact
+adminDisplayName: MS-SQL-Contact
+adminDescription: MS-SQL-Contact
+attributeId: 1.2.840.113556.1.4.1365
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 2L1sT+7M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-Version,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-Version
+adminDisplayName: MS-SQL-Version
+adminDescription: MS-SQL-Version
+attributeId: 1.2.840.113556.1.4.1388
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+schemaIdGuid:: 0MF8wO7M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-Database,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-Database
+adminDisplayName: MS-SQL-Database
+adminDescription: MS-SQL-Database
+attributeId: 1.2.840.113556.1.4.1393
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+schemaIdGuid:: 3Nug1e7M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-Language,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-Language
+adminDisplayName: MS-SQL-Language
+adminDescription: MS-SQL-Language
+attributeId: 1.2.840.113556.1.4.1389
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 9HJ/xe7M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-Location,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-Location
+adminDisplayName: MS-SQL-Location
+adminDescription: MS-SQL-Location
+attributeId: 1.2.840.113556.1.4.1366
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: RJYcVu7M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-Keywords,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-Keywords
+adminDisplayName: MS-SQL-Keywords
+adminDescription: MS-SQL-Keywords
+attributeId: 1.2.840.113556.1.4.1401
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: iqnpAe/M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-NamedPipe,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-NamedPipe
+adminDisplayName: MS-SQL-NamedPipe
+adminDescription: MS-SQL-NamedPipe
+attributeId: 1.2.840.113556.1.4.1374
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: QMiRe+7M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-AppleTalk,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-AppleTalk
+adminDisplayName: MS-SQL-AppleTalk
+adminDescription: MS-SQL-AppleTalk
+attributeId: 1.2.840.113556.1.4.1378
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 9Inaj+7M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-GPSHeight,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-GPSHeight
+adminDisplayName: MS-SQL-GPSHeight
+adminDescription: MS-SQL-GPSHeight
+attributeId: 1.2.840.113556.1.4.1387
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: Dk/dvO7M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-Clustered,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-Clustered
+adminDisplayName: MS-SQL-Clustered
+adminDescription: MS-SQL-Clustered
+attributeId: 1.2.840.113556.1.4.1373
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: kL14d+7M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-SortOrder,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-SortOrder
+adminDisplayName: MS-SQL-SortOrder
+adminDescription: MS-SQL-SortOrder
+attributeId: 1.2.840.113556.1.4.1371
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: wELcbe7M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-Description,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-Description
+adminDisplayName: MS-SQL-Description
+adminDescription: MS-SQL-Description
+attributeId: 1.2.840.113556.1.4.1390
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: PGCGg+/M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-GPSLatitude,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-GPSLatitude
+adminDisplayName: MS-SQL-GPSLatitude
+adminDescription: MS-SQL-GPSLatitude
+attributeId: 1.2.840.113556.1.4.1385
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: Droisu7M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-CreationDate,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-CreationDate
+adminDisplayName: MS-SQL-CreationDate
+adminDescription: MS-SQL-CreationDate
+attributeId: 1.2.840.113556.1.4.1397
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: VEfh7e7M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-CharacterSet,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-CharacterSet
+adminDisplayName: MS-SQL-CharacterSet
+adminDescription: MS-SQL-CharacterSet
+attributeId: 1.2.840.113556.1.4.1370
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: pndhae7M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-Applications,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-Applications
+adminDisplayName: MS-SQL-Applications
+adminDescription: MS-SQL-Applications
+attributeId: 1.2.840.113556.1.4.1400
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 6qLN++7M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-GPSLongitude,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-GPSLongitude
+adminDisplayName: MS-SQL-GPSLongitude
+adminDescription: MS-SQL-GPSLongitude
+attributeId: 1.2.840.113556.1.4.1386
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: lHxXt+7M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-ConnectionURL,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-ConnectionURL
+adminDisplayName: MS-SQL-ConnectionURL
+adminDescription: MS-SQL-ConnectionURL
+attributeId: 1.2.840.113556.1.4.1383
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 2iMtqe7M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-MultiProtocol,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-MultiProtocol
+adminDisplayName: MS-SQL-MultiProtocol
+adminDescription: MS-SQL-MultiProtocol
+attributeId: 1.2.840.113556.1.4.1375
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: OPpXge7M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-LastBackupDate,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-LastBackupDate
+adminDisplayName: MS-SQL-LastBackupDate
+adminDescription: MS-SQL-LastBackupDate
+attributeId: 1.2.840.113556.1.4.1398
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: yqu28u7M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-ServiceAccount,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-ServiceAccount
+adminDisplayName: MS-SQL-ServiceAccount
+adminDescription: MS-SQL-ServiceAccount
+attributeId: 1.2.840.113556.1.4.1369
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: PjqTZO7M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-PublicationURL,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-PublicationURL
+adminDisplayName: MS-SQL-PublicationURL
+adminDescription: MS-SQL-PublicationURL
+attributeId: 1.2.840.113556.1.4.1384
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: uBEMru7M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-InformationURL,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-InformationURL
+adminDisplayName: MS-SQL-InformationURL
+adminDescription: MS-SQL-InformationURL
+attributeId: 1.2.840.113556.1.4.1382
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: ENUspO7M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-LastUpdatedDate,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-LastUpdatedDate
+adminDisplayName: MS-SQL-LastUpdatedDate
+adminDescription: MS-SQL-LastUpdatedDate
+attributeId: 1.2.840.113556.1.4.1381
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 1EPMn+7M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-RegisteredOwner,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-RegisteredOwner
+adminDisplayName: MS-SQL-RegisteredOwner
+adminDescription: MS-SQL-RegisteredOwner
+attributeId: 1.2.840.113556.1.4.1364
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 6kT9SO7M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-UnicodeSortOrder,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-UnicodeSortOrder
+adminDisplayName: MS-SQL-UnicodeSortOrder
+adminDescription: MS-SQL-UnicodeSortOrder
+attributeId: 1.2.840.113556.1.4.1372
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: ipHccu7M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-LastDiagnosticDate,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-LastDiagnosticDate
+adminDisplayName: MS-SQL-LastDiagnosticDate
+adminDescription: MS-SQL-LastDiagnosticDate
+attributeId: 1.2.840.113556.1.4.1399
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: iN3W9u7M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-InformationDirectory,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-InformationDirectory
+adminDisplayName: MS-SQL-InformationDirectory
+adminDescription: MS-SQL-InformationDirectory
+attributeId: 1.2.840.113556.1.4.1392
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: Ltuu0O7M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-AllowAnonymousSubscription,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mS-SQL-AllowAnonymousSubscription
+adminDisplayName: MS-SQL-AllowAnonymousSubscription
+adminDescription: MS-SQL-AllowAnonymousSubscription
+attributeId: 1.2.840.113556.1.4.1394
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: Sr532+7M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-SQL-SQLServer,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: mS-SQL-SQLServer
+adminDisplayName: MS-SQL-SQLServer
+adminDescription: MS-SQL-SQLServer
+governsId: 1.2.840.113556.1.5.184
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.5.126
+systemMayContain: 1.2.840.113556.1.4.1401
+systemMayContain: 1.2.840.113556.1.4.1387
+systemMayContain: 1.2.840.113556.1.4.1386
+systemMayContain: 1.2.840.113556.1.4.1385
+systemMayContain: 1.2.840.113556.1.4.1382
+systemMayContain: 1.2.840.113556.1.4.1381
+systemMayContain: 1.2.840.113556.1.4.1380
+systemMayContain: 1.2.840.113556.1.4.1379
+systemMayContain: 1.2.840.113556.1.4.1378
+systemMayContain: 1.2.840.113556.1.4.1377
+systemMayContain: 1.2.840.113556.1.4.1376
+systemMayContain: 1.2.840.113556.1.4.1375
+systemMayContain: 1.2.840.113556.1.4.1374
+systemMayContain: 1.2.840.113556.1.4.1373
+systemMayContain: 1.2.840.113556.1.4.1372
+systemMayContain: 1.2.840.113556.1.4.1371
+systemMayContain: 1.2.840.113556.1.4.1370
+systemMayContain: 1.2.840.113556.1.4.1369
+systemMayContain: 1.2.840.113556.1.4.1368
+systemMayContain: 1.2.840.113556.1.4.1367
+systemMayContain: 1.2.840.113556.1.4.1366
+systemMayContain: 1.2.840.113556.1.4.1365
+systemMayContain: 1.2.840.113556.1.4.1364
+systemMayContain: 1.2.840.113556.1.4.1363
+systemPossSuperiors: 1.2.840.113556.1.5.126
+schemaIdGuid:: eMj2Be/M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MS-SQL-SQLServer,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+
+dn: CN=MS-SQL-OLAPServer,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: mS-SQL-OLAPServer
+adminDisplayName: MS-SQL-OLAPServer
+adminDescription: MS-SQL-OLAPServer
+governsId: 1.2.840.113556.1.5.185
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.5.126
+systemMayContain: 1.2.840.113556.1.4.1401
+systemMayContain: 1.2.840.113556.1.4.1384
+systemMayContain: 1.2.840.113556.1.4.1382
+systemMayContain: 1.2.840.113556.1.4.1380
+systemMayContain: 1.2.840.113556.1.4.1389
+systemMayContain: 1.2.840.113556.1.4.1369
+systemMayContain: 1.2.840.113556.1.4.1365
+systemMayContain: 1.2.840.113556.1.4.1364
+systemMayContain: 1.2.840.113556.1.4.1368
+systemMayContain: 1.2.840.113556.1.4.1388
+systemMayContain: 1.2.840.113556.1.4.1363
+systemPossSuperiors: 1.2.840.113556.1.5.126
+schemaIdGuid:: 6hh+DO/M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MS-SQL-OLAPServer,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+
+dn: CN=MS-SQL-SQLPublication,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: mS-SQL-SQLPublication
+adminDisplayName: MS-SQL-SQLPublication
+adminDescription: MS-SQL-SQLPublication
+governsId: 1.2.840.113556.1.5.187
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.1394
+systemMayContain: 1.2.840.113556.1.4.1393
+systemMayContain: 1.2.840.113556.1.4.1391
+systemMayContain: 1.2.840.113556.1.4.1380
+systemMayContain: 1.2.840.113556.1.4.1390
+systemMayContain: 1.2.840.113556.1.4.1363
+systemPossSuperiors: 1.2.840.113556.1.5.184
+schemaIdGuid:: TvbCF+/M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MS-SQL-SQLPublication,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+
+dn: CN=MS-SQL-OLAPDatabase,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: mS-SQL-OLAPDatabase
+adminDisplayName: MS-SQL-OLAPDatabase
+adminDescription: MS-SQL-OLAPDatabase
+governsId: 1.2.840.113556.1.5.189
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.1401
+systemMayContain: 1.2.840.113556.1.4.1384
+systemMayContain: 1.2.840.113556.1.4.1383
+systemMayContain: 1.2.840.113556.1.4.1382
+systemMayContain: 1.2.840.113556.1.4.1380
+systemMayContain: 1.2.840.113556.1.4.1400
+systemMayContain: 1.2.840.113556.1.4.1398
+systemMayContain: 1.2.840.113556.1.4.1381
+systemMayContain: 1.2.840.113556.1.4.1396
+systemMayContain: 1.2.840.113556.1.4.1391
+systemMayContain: 1.2.840.113556.1.4.1390
+systemMayContain: 1.2.840.113556.1.4.1365
+systemMayContain: 1.2.840.113556.1.4.1363
+systemPossSuperiors: 1.2.840.113556.1.5.185
+schemaIdGuid:: GgOvIO/M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MS-SQL-OLAPDatabase,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+
+dn: CN=MS-SQL-SQLRepository,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: mS-SQL-SQLRepository
+adminDisplayName: MS-SQL-SQLRepository
+adminDescription: MS-SQL-SQLRepository
+governsId: 1.2.840.113556.1.5.186
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.1392
+systemMayContain: 1.2.840.113556.1.4.1388
+systemMayContain: 1.2.840.113556.1.4.1390
+systemMayContain: 1.2.840.113556.1.4.1380
+systemMayContain: 1.2.840.113556.1.4.1368
+systemMayContain: 1.2.840.113556.1.4.1365
+systemMayContain: 1.2.840.113556.1.4.1363
+systemPossSuperiors: 1.2.840.113556.1.5.184
+schemaIdGuid:: XDzUEe/M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MS-SQL-SQLRepository,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+
+
+dn: CN=MS-SQL-SQLDatabase,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: mS-SQL-SQLDatabase
+adminDisplayName: MS-SQL-SQLDatabase
+adminDescription: MS-SQL-SQLDatabase
+governsId: 1.2.840.113556.1.5.188
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.1401
+systemMayContain: 1.2.840.113556.1.4.1382
+systemMayContain: 1.2.840.113556.1.4.1380
+systemMayContain: 1.2.840.113556.1.4.1400
+systemMayContain: 1.2.840.113556.1.4.1399
+systemMayContain: 1.2.840.113556.1.4.1398
+systemMayContain: 1.2.840.113556.1.4.1397
+systemMayContain: 1.2.840.113556.1.4.1396
+systemMayContain: 1.2.840.113556.1.4.1365
+systemMayContain: 1.2.840.113556.1.4.1395
+systemMayContain: 1.2.840.113556.1.4.1390
+systemMayContain: 1.2.840.113556.1.4.1363
+systemPossSuperiors: 1.2.840.113556.1.5.184
+schemaIdGuid:: SmkIHe/M0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MS-SQL-SQLDatabase,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+
+dn: CN=MS-SQL-OLAPCube,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: mS-SQL-OLAPCube
+adminDisplayName: MS-SQL-OLAPCube
+adminDescription: MS-SQL-OLAPCube
+governsId: 1.2.840.113556.1.5.190
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.1401
+systemMayContain: 1.2.840.113556.1.4.1384
+systemMayContain: 1.2.840.113556.1.4.1382
+systemMayContain: 1.2.840.113556.1.4.1380
+systemMayContain: 1.2.840.113556.1.4.1381
+systemMayContain: 1.2.840.113556.1.4.1396
+systemMayContain: 1.2.840.113556.1.4.1390
+systemMayContain: 1.2.840.113556.1.4.1365
+systemMayContain: 1.2.840.113556.1.4.1363
+systemPossSuperiors: 1.2.840.113556.1.5.189
+schemaIdGuid:: alDwCSjN0hGZkwAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MS-SQL-OLAPCube,CN=Schema,CN=Configuration,DC=arobindg1,DC=nttest,DC=microsoft,DC=com
+
+
+
+dn: CN=DMD,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1358
+-
+
+dn: CN=NTDS-Site-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.211
+-
+
+dn: CN=E-Mail-Addresses,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mapiID
+mapiID: 14846
+-
+
+dn: CN=Address-Home,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemFlags
+systemFlags: 16
+-
+
+dn: CN=Extension-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemFlags
+systemFlags: 16
+-
+
+dn: CN=Text-Country,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemFlags
+systemFlags: 16
+-
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)
+-
+
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLORC;;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;CCDC;;;PS)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)
+-
+
+dn: CN=Group-Policy-Container,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:P(A;;RPWPCCDCLCLOLORCWOWDSDDTSW;;;DA)(A;CIOI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;EA)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(OA;;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)
+-
+
+dn: CN=Service-Connection-Point,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+-
+
+dn: CN=Group,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU)
+-
+
+dn: CN=Servers-Container,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;BA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+-
+
+dn: CN=Sam-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CIOI;RPWPCRLCLOCCRCWDWOSDDTSW;;;EA)S:(AU;CIOISAFA;WDWOSDDTWPCRCCDCSW;;;WD)
+-
+
+dn: CN=Country,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.131
+-
+
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLORC;;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;CCDC;;;PS)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;PS)
+-
+
+dn: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(OA;;CCDC;bf967a86-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aba-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967a9c-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(A;;RPLCLORC;;;AU)
+-
+
+dn: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.131
+-
+
+dn: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemPossSuperiors
+systemPossSuperiors: 1.2.840.113556.1.3.23
+-
+
+dn: CN=Organizational-Person,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.131
+-
+
+dn: CN=Service-Principal-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGuid:: VAGN5Pi80RGHAgDAT7lgUA==
+-
+
+dn: CN=Well-Known-Objects,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 18
+-
+
+dn: CN=RDN,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 13
+-
+
+dn: CN=PKI-Certificate-Template,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultHidingValue
+defaultHidingVale: TRUE
+-
+
+dn: CN=PKI-Enrollment-Service,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultHidingValue
+defaultHidingVale: TRUE
+-
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1357
+-
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1359
+-
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1360
+systemMayContain: 1.2.840.113556.1.4.1361
+-
+
+dn: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.25
+-
+
+dn: CN=GP-Link,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: isMemberOfPartialAttributeSet
+isMemberOfPartialAttributeSet: TRUE
+-
+
+dn: CN=Sid-History,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 1
+-
+
+dn: CN=Sid-History,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGuid:: Qi+6WaJ50BGQIADAT8LTzw==
+-
+
+dn: CN=MSMQ-Digests,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=MSMQ-Sign-Certificates,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=E-Mail-Addresses,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: isMemberOfPartialAttributeSet
+isMemberOfPartialAttributeSet: TRUE
+-
+
+dn: CN=Given-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: isMemberOfPartialAttributeSet
+isMemberOfPartialAttributeSet: TRUE
+-
+
+dn: CN=Surname,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: isMemberOfPartialAttributeSet
+isMemberOfPartialAttributeSet: TRUE
+-
+
+
+dn: CN=Show-In-Advanced-View-Only,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: mapiID
+-
+
+# Need to swap the ldapDisplayName of Comment and Additional-Information,
+# so first give a temp name so that we won't fail with dup ldapDisplayName
+
+dn: CN=Additional-Information,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: ldapDisplayName
+ldapDisplayName: ms-info
+-
+
+dn: CN=Comment,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: ldapDisplayName
+ldapDisplayName: info
+-
+
+dn: CN=Additional-Information,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: ldapDisplayName
+ldapDisplayName: notes
+-
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemMayContain
+systemMayContain: gPLink
+systemMayContain: gPOptions
+-
+
+dn: CN=Object-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 19
+-
+
+dn: CN=Obj-Dist-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 19
+-
+
+dn: CN=Common-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 18
+-
+
+dn: CN=Country-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 18
+-
+
+dn: CN=Domain-Component,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 18
+-
+
+dn: CN=Organization-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 18
+-
+
+dn: CN=Organizational-Unit-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 18
+-
+
+dn: CN=State-Or-Province-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 18
+-
+
+dn: CN=Street-Address,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 18
+-
+
+dn: CN=Locality-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 18
+-
+
+dn: CN=DS-Core-Propagation-Data,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 19
+-
+
+dn: CN=Partial-Attribute-Deletion-List,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 19
+-
+
+dn: CN=Partial-Attribute-Set,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 19
+-
+
+dn: CN=Sub-Refs,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 19
+-
+
+dn: CN=USN-Last-Obj-Rem,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 19
+-
+
+dn: CN=Repl-Property-Meta-Data,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 19
+-
+
+dn: CN=Repl-UpToDate-Vector,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 19
+-
+
+dn: CN=Reps-From,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 19
+-
+
+dn: CN=Reps-To,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 19
+-
+
+dn: CN=USN-Changed,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 19
+-
+
+dn: CN=USN-Created,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 19
+-
+
+dn: CN=When-Changed,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 19
+-
+
+dn: CN=Telephone-Number,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: isMemberOfPartialAttributeSet
+isMemberOfPartialAttributeSet: TRUE
+-
+
+dn: CN=Legacy-Exchange-DN,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: isMemberOfPartialAttributeSet
+isMemberOfPartialAttributeSet: TRUE
+-
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=IntellimirrorGroup-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: classDisplayName
+classDisplayName: Intellimirror Group
+-
+
+dn: CN=IntellimirrorSCP-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: classDisplayName
+classDisplayName: Intellimirror Service
+-
+
+dn: CN=organizationalUnit-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: attributeDisplayNames
+attributeDisplayNames: cn,Name
+-
+
+dn: CN=organizationalUnit-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: attributeDisplayNames
+attributeDisplayNames: cn,Common Name
+-
+
+dn: CN=organizationalUnit-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeDisplayNames
+attributeDisplayNames: ou,Name
+-
+
+dn: CN=DS-UI-Default-Settings,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: dSUIAdminNotification
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+-
+
+dn: CN=user-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: attributeDisplayNames
+attributeDisplayNames: notes,Notes
+-
+
+dn: CN=user-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeDisplayNames
+attributeDisplayNames: info,Notes
+-
+
+dn: CN=group-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: attributeDisplayNames
+attributeDisplayNames: notes,Notes
+-
+
+dn: CN=group-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeDisplayNames
+attributeDisplayNames: info,Notes
+-
+
+dn: CN=contact-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: attributeDisplayNames
+attributeDisplayNames: info,Notes
+-
+
+dn: CN=contact-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeDisplayNames
+attributeDisplayNames: notes,Notes
+-
+
+
+dn: CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: ldapAdminLimits
+ldapAdminLimits: AllowDeepNonIndexSearch=False
+-
+
+dn: CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: ldapAdminLimits
+ldapAdminLimits: MaxConnections=1000
+-
+add: ldapAdminLimits
+ldapAdminLimits: MaxConnections=5000
+-
+
+dn: CN=Principal Self,CN=WellKnown Security Principals,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemFlags
+systemFlags: 1073741824
+-
+
+dn: CN=Principal Self,CN=WellKnown Security Principals,CN=Configuration,DC=X
+changetype: ntdsSchemaModRdn
+newrdn: Self
+deleteoldrdn: 1
+
+dn: CN=Self,CN=WellKnown Security Principals,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemFlags
+-
+
+dn: CN=Authenticated User,CN=WellKnown Security Principals,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemFlags
+systemFlags: 1073741824
+-
+
+dn: CN=Authenticated User,CN=WellKnown Security Principals,CN=Configuration,DC=X
+changetype: ntdsSchemaModRdn
+newrdn: Authenticated Users
+deleteoldrdn: 1
+
+dn: CN=Authenticated Users,CN=WellKnown Security Principals,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemFlags
+-
+
+dn: CN=Restricted Code,CN=WellKnown Security Principals,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemFlags
+systemFlags: 1073741824
+-
+
+dn: CN=Restricted Code,CN=WellKnown Security Principals,CN=Configuration,DC=X
+changetype: ntdsSchemaModRdn
+newrdn: Restricted
+deleteoldrdn: 1
+
+dn: CN=Restricted,CN=WellKnown Security Principals,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemFlags
+-
+
+dn: CN=Local System,CN=WellKnown Security Principals,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemFlags
+systemFlags: 1073741824
+-
+
+dn: CN=Local System,CN=WellKnown Security Principals,CN=Configuration,DC=X
+changetype: ntdsSchemaModRdn
+newrdn: System
+deleteoldrdn: 1
+
+dn: CN=System,CN=WellKnown Security Principals,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemFlags
+-
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 9
+-
+
+```
+
+### Sch10.ldf
+
+```
+Does not exist
+```
+
+### Sch11.ldf
+
+```
+dn: CN=MS-DS-Replicates-NC-Reason,CN=schema,CN=configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+adminDescription: MS-DS-Replicates-NC-Reason
+adminDisplayName: MS-DS-Replicates-NC-Reason
+attributeID: 1.2.840.113556.1.4.1408
+attributeSyntax: 2.5.5.7
+oMSyntax: 127
+oMObjectClass:: KoZIhvcUAQEBCw==
+lDAPDisplayName: mS-DS-ReplicatesNCReason
+isSingleValued: FALSE
+systemOnly: FALSE
+schemaIDGUID:: hCuhDrMI0xGRvAAA+HpX1A==
+searchFlags: 0
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=Mastered-By,CN=schema,CN=configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+adminDescription: Mastered-By
+adminDisplayName: Mastered-By
+attributeID: 1.2.840.113556.1.4.1409
+attributeSyntax: 2.5.5.1
+oMSyntax: 127
+oMObjectClass:: KwwCh3McAIVK
+lDAPDisplayName: masteredBy
+isSingleValued: FALSE
+systemOnly: TRUE
+schemaIDGUID:: 4GSO5MkS0xGRAgDAT9kasQ==
+searchFlags: 0
+linkID: 77
+showInAdvancedViewOnly: TRUE
+systemFlags: 17
+
+dn: CN=MS-DS-Machine-Account-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+adminDescription: MS-DS-Machine-Account-Quota
+adminDisplayName: MS-DS-Machine-Account-Quota
+attributeID: 1.2.840.113556.1.4.1411
+attributeSyntax: 2.5.5.9
+oMSyntax: 2
+lDAPDisplayName: mS-DS-MachineAccountQuota
+isSingleValued: TRUE
+schemaIDGUID:: aPtk0IAU0xGRwQAA+HpX1A==
+systemOnly: FALSE
+searchFlags: 0
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-DS-Creator-Sid,CN=Schema,CN=Configuration,DC=arobindg6,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+adminDescription: MS-DS-Creator-SID
+adminDisplayName: MS-DS-Creator-SID
+attributeID: 1.2.840.113556.1.4.1410
+attributeSyntax: 2.5.5.17
+oMSyntax: 4
+lDAPDisplayName: mS-DS-CreatorSID
+isSingleValued: TRUE
+schemaIDGUID:: MgHmxYAU0xGRwQAA+HpX1A==
+systemOnly: TRUE
+searchFlags: 1
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 5
+-
+
+dn: CN=Surname,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 5
+-
+
+dn: CN=Facsimile-Telephone-Number,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: rangeUpper
+rangeUpper: 64
+-
+
+dn: CN=Telephone-Number,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: rangeUpper
+rangeUpper: 64
+-
+
+dn: CN=Poss-Superiors,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: isMemberOfPartialAttributeSet
+isMemberOfPartialAttributeSet: TRUE
+-
+
+dn: CN=System-Poss-Superiors,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: isMemberOfPartialAttributeSet
+isMemberOfPartialAttributeSet: TRUE
+-
+
+dn: CN=Range-Upper,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: isMemberOfPartialAttributeSet
+isMemberOfPartialAttributeSet: TRUE
+-
+
+dn: CN=Range-Lower,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: isMemberOfPartialAttributeSet
+isMemberOfPartialAttributeSet: TRUE
+-
+
+dn: CN=Ldap-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: isMemberOfPartialAttributeSet
+isMemberOfPartialAttributeSet: TRUE
+-
+
+dn: CN=ms-RRAS-Attribute,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: isMemberOfPartialAttributeSet
+isMemberOfPartialAttributeSet: TRUE
+-
+
+dn: CN=When-Created,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: isMemberOfPartialAttributeSet
+isMemberOfPartialAttributeSet: TRUE
+-
+
+dn: CN=User-Cert,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: isMemberOfPartialAttributeSet
+isMemberOfPartialAttributeSet: TRUE
+-
+
+dn: CN=X509-Cert,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: isMemberOfPartialAttributeSet
+isMemberOfPartialAttributeSet: TRUE
+-
+
+dn: CN=User-SMIME-Certificate,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: isMemberOfPartialAttributeSet
+isMemberOfPartialAttributeSet: TRUE
+-
+
+dn: CN=Proxy-Addresses,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+-
+
+dn: CN=Text-Country,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+-
+
+dn: CN=Member,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGUID:: QMIKvKl50BGQIADAT8LUzw==
+-
+
+dn: CN=Bridgehead-Server-List-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemOnly
+systemOnly: TRUE
+-
+
+dn: CN=Frs-Computer-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemOnly
+systemOnly: TRUE
+-
+
+dn: CN=FRS-Member-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemOnly
+systemOnly: TRUE
+-
+
+dn: CN=Is-Privilege-Holder,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemOnly
+systemOnly: TRUE
+-
+
+dn: CN=Managed-Objects,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemOnly
+systemOnly: TRUE
+-
+
+dn: CN=netboot-SCP-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemOnly
+systemOnly: TRUE
+-
+
+dn: CN=Non-Security-Member-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemOnly
+systemOnly: TRUE
+-
+
+dn: CN=Query-Policy-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemOnly
+systemOnly: TRUE
+-
+
+dn: CN=Server-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemOnly
+systemOnly: TRUE
+-
+
+dn: CN=Site-Object-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemOnly
+systemOnly: TRUE
+-
+
+dn: CN=NTDS-Connection,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1408
+-
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1409
+-
+
+dn: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: uPNSuffixes
+-
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1410
+-
+
+dn: CN=Sam-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1411
+-
+
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCRLCLORCSDDT;;;CO)(OA;;WP;4c164200-20c0-11d0-a768-00aa006e0529;;CO)(A;;RPLCLORC;;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;CCDC;;;PS)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)
+-
+
+dn: CN=FT-Dfs,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLORC;;;AU)
+-
+
+
+dn: CN=Manager,CN=schema,CN=configuration,DC=x
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=Assistant,CN=schema,CN=configuration,DC=x
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=Show-In-Address-Book,CN=schema,CN=configuration,DC=x
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=Division,CN=schema,CN=configuration,DC=x
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=Account-Expires,CN=schema,CN=configuration,DC=x
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=Profile-Path,CN=schema,CN=configuration,DC=x
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=Primary-Group-ID,CN=schema,CN=configuration,DC=x
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 17
+-
+
+dn: CN=Preferred-OU,CN=schema,CN=configuration,DC=x
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=Other-Login-Workstations,CN=schema,CN=configuration,DC=x
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=User-Workstations,CN=schema,CN=configuration,DC=x
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=Max-Storage,CN=schema,CN=configuration,DC=x
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=Logon-Workstation,CN=schema,CN=configuration,DC=x
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=Logon-Hours,CN=schema,CN=configuration,DC=x
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=Script-Path,CN=schema,CN=configuration,DC=x
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=Locale-Id,CN=schema,CN=configuration,DC=x
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=Home-Drive,CN=schema,CN=configuration,DC=x
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=Home-Directory,CN=schema,CN=configuration,DC=x
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=Country-Code,CN=schema,CN=configuration,DC=x
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=Code-Page,CN=schema,CN=configuration,DC=x
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=User-Account-Control,CN=schema,CN=configuration,DC=x
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 25
+-
+
+dn: CN=Employee-Type,CN=schema,CN=configuration,DC=x
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=Show-In-Advanced-View-Only,CN=schema,CN=configuration,DC=x
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 17
+-
+
+dn: CN=Company,CN=schema,CN=configuration,DC=x
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=Department,CN=schema,CN=configuration,DC=x
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=Text-Country,CN=schema,CN=configuration,DC=x
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=Is-Member-Of-DL,CN=schema,CN=configuration,DC=x
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=Post-Office-Box,CN=schema,CN=configuration,DC=x
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=Postal-Code,CN=schema,CN=configuration,DC=x
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=Postal-Address,CN=schema,CN=configuration,DC=x
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=Street-Address,CN=schema,CN=configuration,DC=x
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=State-Or-Province-Name,CN=schema,CN=configuration,DC=x
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=Locality-Name,CN=schema,CN=configuration,DC=x
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 17
+-
+
+dn: CN=Country-Name,CN=schema,CN=configuration,DC=x
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=Sam-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)S:(AU;CISAFA;WDWOSDDTWPCRCCDCSW;;;WD)
+-
+
+dn: CN=Servers-Container,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;BA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+-
+
+dn: CN=Group-Policy-Container,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:P(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;DA)(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;EA)(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;CO)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)
+-
+
+dn: CN=Alt-Security-Identities,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 18
+-
+
+dn: CN=NT-Security-Descriptor,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: rangeUpper
+rangeUpper: 132096
+-
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+
+
+# Config NC changes
+
+dn: CN=Lockout-Policy,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaDelete
+
+dn: CN=Password-Policy,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaDelete
+
+dn: CN=Domain-Configuration,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaDelete
+
+dn: CN=Domain-Policy-Ref,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaDelete
+
+dn: CN=Privileges,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaDelete
+
+dn: CN=Administrative-Access,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaDelete
+
+dn: CN=Local-Policy-Ref,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaDelete
+
+dn: CN=Audit-Policy,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaDelete
+
+dn: CN=Builtin-Local-Groups,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaDelete
+
+
+dn: CN=RAS-Information,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: validAccesses
+validAccesses: 48
+-
+
+dn: CN=Membership,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: validAccesses
+validAccesses: 48
+-
+
+dn: CN=RAS-Information,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: displayName
+displayName: Remote Access Information
+-
+
+dn: CN=Membership,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: displayName
+displayName: Group Membership
+-
+
+dn: CN=Open-Address-Book,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: displayName
+displayName: Open Address List
+-
+
+dn: CN=Self-Membership,CN=extended-rights,CN=configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+rightsGuid: bf9679c0-0de6-11d0-a285-00aa003049e2
+appliesTo: bf967a9c-0de6-11d0-a285-00aa003049e2
+displayName: Add/Remove self as member
+localizationDisplayId: 12
+validAccesses: 8
+showInAdvancedViewOnly: TRUE
+
+dn: CN=Validated-DNS-Host-Name,CN=extended-rights,CN=configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+rightsGuid: 72e39547-7b18-11d1-adef-00c04fd8d5cd
+appliesTo: bf967a86-0de6-11d0-a285-00aa003049e2
+displayName: Validated write to DNS host name
+localizationDisplayId: 13
+validAccesses: 8
+showInAdvancedViewOnly: TRUE
+
+dn: CN=Validated-SPN,CN=extended-rights,CN=configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+rightsGuid: f3a64788-5306-11d1-a9c5-0000f80367c1
+appliesTo: bf967aba-0de6-11d0-a285-00aa003049e2
+appliesTo: bf967a86-0de6-11d0-a285-00aa003049e2
+displayName: Validated write to service principal name
+localizationDisplayId: 14
+validAccesses: 8
+showInAdvancedViewOnly: TRUE
+
+dn: CN=user-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: attributeDisplayNames
+attributeDisplayNames: facsimileTelephoneNumber,Facsimile Telephone Number
+attributeDisplayNames: otherFacsimileTelephoneNumber,Facsimile Telephone Number (Others)
+attributeDisplayNames: otherTelephone,Office Telephone Number (Others)
+attributeDisplayNames: mobile,Primary Mobile Phone Number
+attributeDisplayNames: otherMobile,Mobile Phone Number (Others)
+-
+
+dn: CN=user-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeDisplayNames
+attributeDisplayNames: facsimileTelephoneNumber,Fax Number
+attributeDisplayNames: otherFacsimileTelephoneNumber,Fax Number (Others)
+attributeDisplayNames: otherTelephone,Phone Number (Others)
+attributeDisplayNames: mobile,Mobile Number
+attributeDisplayNames: otherMobile,Mobile Number (Others)
+-
+
+# The following add is preceded by a delete separately since some DCs may have it.
+# If not, this is just skipped
+
+dn: CN=Contact-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: attributeDisplayNames
+attributeDisplayNames: otherFacsimileTelephoneNumber,Facsimile Telephone Number (Others)
+-
+
+dn: CN=contact-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: attributeDisplayNames
+attributeDisplayNames: facsimileTelephoneNumber,Facsimile Telephone Number
+attributeDisplayNames: otherTelephone,Telephone Number (Others)
+attributeDisplayNames: mobile,Primary Mobile Phone Number
+attributeDisplayNames: otherMobile,Mobile Phone Number (Others)
+-
+
+dn: CN=contact-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeDisplayNames
+attributeDisplayNames: facsimileTelephoneNumber,Fax Number
+attributeDisplayNames: otherFacsimileTelephoneNumber,Fax Number (Others)
+attributeDisplayNames: otherTelephone,Phone Number (Others)
+attributeDisplayNames: mobile,Mobile Number
+attributeDisplayNames: otherMobile,Mobile Number (Others)
+-
+
+dn: CN=mSMQMigratedUser-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: displaySpecifier
+classDisplayName: MSMQ Upgraded User
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+showInAdvancedViewOnly: TRUE
+
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 11
+-
+
+```
+
+### Sch12.ldf
+
+```
+dn: CN=DNS-Tombstoned,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+lDAPDisplayName: dNSTombstoned
+adminDescription: DNS-Tombstoned
+adminDisplayName: DNS-Tombstoned
+attributeID: 1.2.840.113556.1.4.1414
+attributeSyntax: 2.5.5.8
+oMSyntax: 1
+isSingleValued: TRUE
+searchFlags: 1
+systemOnly: FALSE
+schemaIDGUID:: ty7r1U6+O0aiFGNKRNc5Lg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+
+dn: CN=Primary-Group-Token,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+lDAPDisplayName: primaryGroupToken
+adminDescription: Primary-Group-Token
+adminDisplayName: Primary-Group-Token
+attributeID: 1.2.840.113556.1.4.1412
+attributeSyntax: 2.5.5.9
+oMSyntax: 2
+isSingleValued: TRUE
+searchFlags: 0
+systemOnly: TRUE
+schemaIDGUID:: OIftwP1+gUSE2WbS24vjaQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 20
+
+
+dn: CN=ACS-Resource-Limits,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+lDAPDisplayName: aCSResourceLimits
+adminDescription: ACS-Resource-Limits
+adminDisplayName: ACS-Resource-Limits
+governsID: 1.2.840.113556.1.5.191
+objectClassCategory: 1
+rDNAttID: cn
+subClassOf: top
+systemMayContain: aCSMaxTokenRatePerFlow
+systemMayContain: aCSServiceType
+systemMayContain: aCSMaxPeakBandwidthPerFlow
+systemMayContain: aCSMaxPeakBandwidth
+systemMayContain: aCSAllocableRSVPBandwidth
+systemPossSuperiors: container
+schemaIDGUID:: BJuJLjQo0xGR1AAA+HpX1A==
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+systemFlags: 16
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+
+dn: CN=Street-Address,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: rangeUpper
+rangeUpper: 1024
+-
+
+dn: CN=Phone-Home-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: isMemberOfPartialAttributeSet
+isMemberOfPartialAttributeSet: TRUE
+-
+
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCRLCLORCSDDT;;;CO)(OA;;WP;4c164200-20c0-11d0-a768-00aa006e0529;;CO)(A;;RPLCLORC;;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;CCDC;;;PS)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO)
+-
+
+
+dn: CN=Group,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1412
+-
+
+dn: CN=Sam-Account-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: rangeUpper
+rangeUpper: 256
+-
+
+dn: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMustContain
+systemMustContain: objectSid
+-
+
+dn: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemMayContain
+systemMayContain: objectSid
+-
+
+dn: CN=Dns-Node,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1414
+-
+
+dn: CN=Link-Track-Vol-Entry,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+-
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+
+# Config NC changes
+
+dn: CN=Personal-Information,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: appliesTo
+appliesTo: bf967a86-0de6-11d0-a285-00aa003049e2
+-
+
+dn: CN=User-Account-Restrictions,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: appliesTo
+appliesTo: bf967a86-0de6-11d0-a285-00aa003049e2
+-
+
+dn: CN=Validated-SPN,CN=extended-rights,CN=configuration,DC=X
+changetype: ntdsSchemaModify
+delete: appliesTo
+appliesTo: bf967aba-0de6-11d0-a285-00aa003049e2
+-
+
+dn: CN=IntellimirrorSCP-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: adminPropertyPages
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+-
+
+dn: cn=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: spnMappings
+sPNMappings: host=alerter,appmgmt,cisvc,clipsrv,browser,dhcp,dnscache,replicator,eventlog,eventsystem,policyagent,oakley,dmserver,dns,mcsvc,fax,msiserver,ias,messenger,netlogon,netman,netdde,netddedsm,nmagent,plugplay,protectedstorage,rasman,rpclocator,rpc,rpcss,remoteaccess,rsvp,samss,scardsvr,scesrv,seclogon,scm,dcom,cifs,spooler,snmp,schedule,tapisrv,trksvr,trkwks,ups,time,wins,www,http,w3svc,iisadmin
+-
+
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 12
+-
+
+```
+
+### Sch13.ldf
+
+```
+
+# Schema NC changes
+
+dn: CN=Initials,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: attributeSecurityGuid
+attributeSecurityGuid:: VAGN5Pi80RGHAgDAT7lgUA==
+-
+
+dn: CN=Comment,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: attributeSecurityGuid
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+-
+
+dn: CN=Sam-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(A;;RC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)S:(AU;CISAFA;WDWOSDDTWPCRCCDCSW;;;WD)
+-
+
+dn: CN=Domain-DNS,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(A;;RC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)S:(AU;CISAFA;WDWOSDDTWPCRCCDCSW;;;WD)
+-
+
+dn: CN=SD-Rights-Effective,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGuid:: Qi+6WaJ50BGQIADAT8LTzw==
+-
+
+dn: CN=MSMQ-Label-Ex,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mSMQLabelEx
+adminDisplayName: MSMQ-Label-Ex
+adminDescription: MSMQ-Label-Ex
+attributeId: 1.2.840.113556.1.4.1415
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+rangeLower: 0
+rangeUpper: 124
+schemaIdGuid:: Ja2ARQfU0kitJEPm5WeT1w==
+showInAdvancedViewOnly: TRUE
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: 16
+
+dn: CN=MSMQ-Site-Name-Ex,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mSMQSiteNameEx
+adminDisplayName: MSMQ-Site-Name-Ex
+adminDescription: MSMQ-Site-Name-Ex
+attributeId: 1.2.840.113556.1.4.1416
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: +kQhQn/BSUaU1pcx7SeE7Q==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MSMQ-Computer-Type-Ex,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: mSMQComputerTypeEx
+adminDisplayName: MSMQ-Computer-Type-Ex
+adminDescription: MSMQ-Computer-Type-Ex
+attributeId: 1.2.840.113556.1.4.1417
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 6A0SGMT0QUO9lTLrW898gA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=Token-Groups-Global-And-Universal,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: tokenGroupsGlobalAndUniversal
+adminDisplayName: Token-Groups-Global-And-Universal
+adminDescription: Token-Groups-Global-And-Universal
+attributeId: 1.2.840.113556.1.4.1418
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: HbGpRq5gWkC36P+KWNRW0g==
+attributeSecurityGuid:: +IhwA+EK0hG0IgCgyWj5OQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 134217748
+
+# pick up the new attributes so they can be a may-contain below
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=MSMQ-Queue,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1415
+-
+
+dn: CN=MSMQ-Configuration,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1417
+-
+
+dn: CN=MSMQ-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1416
+-
+
+dn: CN=Security-Principal,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1418
+-
+
+dn: CN=Server,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+-
+
+dn: CN=Site,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+-
+
+dn: CN=Servers-Container,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:(A;;CC;;;BA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+-
+
+# Enable iff schema changes are added above.
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+# Config NC changes
+
+dn: CN=user-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: adminPropertyPages
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+-
+
+dn: CN=user-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: attributeDisplayNames
+attributeDisplayNames: generationQualifier,Name Suffix
+attributeDisplayNames: homeDirectory,Home Directory
+attributeDisplayNames: samAccountName,Downlevel Logon Name
+attributeDisplayNames: st,State
+attributeDisplayNames: streetAddress,Other Address
+attributeDisplayNames: telephoneNumber,Primary Phone
+-
+add: attributeDisplayNames
+attributeDisplayNames: co,Country
+attributeDisplayNames: generationQualifier,Generational Suffix
+attributeDisplayNames: homeDirectory,Home Folder
+attributeDisplayNames: samAccountName,Logon Name (pre-Windows 2000)
+attributeDisplayNames: st,State/Province
+attributeDisplayNames: streetAddress,Street Address
+attributeDisplayNames: telephoneNumber,Telephone Number
+attributeDisplayNames: title,Job Title
+-
+
+dn: CN=group-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: attributeDisplayNames
+attributeDisplayNames: physicalDeliveryOfficeName,Delivery Office
+attributeDisplayNames: url,Web Page Address
+-
+add: attributeDisplayNames
+attributeDisplayNames: physicalDeliveryOfficeName,Office Location
+attributeDisplayNames: samAccountName,Group name (pre-Windows 2000)
+attributeDisplayNames: url,Web Page Address (Others)
+attributeDisplayNames: wWWHomePage,Web Page Address
+-
+
+dn: CN=contact-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: attributeDisplayNames
+attributeDisplayNames: generationQualifier,Name Suffix
+attributeDisplayNames: notes,Notes
+attributeDisplayNames: personalTitle,Personal Title
+attributeDisplayNames: st,State
+attributeDisplayNames: streetAddress,Other Address
+attributeDisplayNames: telephoneNumber,Primary Phone
+-
+add: attributeDisplayNames
+attributeDisplayNames: c,Country Abbreviation
+attributeDisplayNames: co,Country
+attributeDisplayNames: displayName,Display Name
+attributeDisplayNames: generationQualifier,Generational Suffix
+attributeDisplayNames: info,Notes
+attributeDisplayNames: pager,Pager Number
+attributeDisplayNames: personalTitle,Title
+attributeDisplayNames: st,State/Province
+attributeDisplayNames: streetAddress,Street Address
+attributeDisplayNames: telephoneNumber,Telephone Number
+attributeDisplayNames: title,Job Title
+-
+
+dn: CN=computer-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeDisplayNames
+attributeDisplayNames: samAccountName,Computer name (pre-Windows 2000)
+-
+
+# Increase object version
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 13
+-
+
+```
+
+### Sch14.ldf
+
+```
+
+# Schema NC changes
+
+dn: CN=When-Created,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 18
+-
+
+dn: CN=Server-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: isSingleValued
+isSingleValued: FALSE
+-
+
+dn: CN=SID-History,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemOnly
+systemOnly: FALSE
+-
+
+dn: CN=Object-Sid,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemOnly
+systemOnly: TRUE
+-
+
+dn: CN=System-Poss-Superiors,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 18
+-
+
+dn: CN=MSMQ-User-Sid,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 18
+-
+
+dn: CN=netboot-SCP-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: isSingleValued
+isSingleValued: FALSE
+-
+
+dn: CN=ms-PKI-RA-Policies,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msPKI-RA-Policies
+adminDisplayName: ms-PKI-RA-Policies
+adminDescription: ms-PKI-RA-Policies
+attributeId: 1.2.840.113556.1.4.1438
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: Iq5G1VEJR02BfhyflvqtRg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-PKI-RA-Signature,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msPKI-RA-Signature
+adminDisplayName: ms-PKI-RA-Signature
+adminDescription: MS PKI Number Of RA Signature Required In Request
+attributeId: 1.2.840.113556.1.4.1429
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: S+AX/n2Tfk+ODpKSyNVoPg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-PKI-Enrollment-Flag,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msPKI-Enrollment-Flag
+adminDisplayName: ms-PKI-Enrollment-Flag
+adminDescription: ms-PKI-Enrollment-Flag
+attributeId: 1.2.840.113556.1.4.1430
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 2Pde0Sby20auebNOVgvRLA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-PKI-Private-Key-Flag,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msPKI-Private-Key-Flag
+adminDisplayName: ms-PKI-Private-Key-Flag
+adminDescription: ms-PKI-Private-Key-Flag
+attributeId: 1.2.840.113556.1.4.1431
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: wkqwujUECUeTByg4DnxwAQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-PKI-Minimal-Key-Size,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msPKI-Minimal-Key-Size
+adminDisplayName: ms-PKI-Minimal-Key-Size
+adminDescription: ms-PKI-Minimal-Key-Size
+attributeId: 1.2.840.113556.1.4.1433
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 9WNq6X9B00a+Utt3A8UD3w==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-PKI-Cert-Template-OID,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msPKI-Cert-Template-OID
+adminDisplayName: ms-PKI-Cert-Template-OID
+adminDescription: ms-PKI-Cert-Template-OID
+attributeId: 1.2.840.113556.1.4.1436
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: asNkMSa6jEaL2sHlzCVnKA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-PKI-Certificate-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msPKI-Certificate-Policy
+adminDisplayName: ms-PKI-Certificate-Policy
+adminDescription: ms-PKI-Certificate-Policy
+attributeId: 1.2.840.113556.1.4.1439
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: RiOUOFvMS0Kn2G/9EgKcXw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-PKI-Supersede-Templates,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msPKI-Supersede-Templates
+adminDisplayName: ms-PKI-Supersede-Templates
+adminDescription: ms-PKI-Supersede-Templates
+attributeId: 1.2.840.113556.1.4.1437
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: fa7onVt6HUK15AYfed/V1w==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-PKI-Certificate-Name-Flag,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msPKI-Certificate-Name-Flag
+adminDisplayName: ms-PKI-Certificate-Name-Flag
+adminDescription: ms-PKI-Certificate-Name-Flag
+attributeId: 1.2.840.113556.1.4.1432
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: xN0d6v9gbkGMwBfO5TS85w==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-PKI-Template-Schema-Version,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msPKI-Template-Schema-Version
+adminDisplayName: ms-PKI-Template-Schema-Version
+adminDescription: ms-PKI-Template-Schema-Version
+attributeId: 1.2.840.113556.1.4.1434
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 9ekVDB1JlEWRjzKBOgkdqQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-PKI-Template-Minor-Revision,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msPKI-Template-Minor-Revision
+adminDisplayName: ms-PKI-Template-Minor-Revision
+adminDescription: ms-PKI-Template-Minor-Revision
+attributeId: 1.2.840.113556.1.4.1435
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: bCP1E4QYsUa10EhOOJkNWA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-PKI-Key-Recovery-Agent,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msPKI-Key-Recovery-Agent
+adminDisplayName: ms-PKI-Key-Recovery-Agent
+adminDescription: ms-PKI-Key-Recovery-Agent
+governsId: 1.2.840.113556.1.5.195
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.5.9
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: OPLMJo6ghkuagqjJrH7lyw==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-PKI-Key-Recovery-Agent,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-ds-Schema-Extensions,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDs-Schema-Extensions
+adminDisplayName: ms-ds-Schema-Extensions
+adminDescription: ms-ds-Schema-Extensions
+attributeId: 1.2.840.113556.1.4.1440
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+schemaIdGuid:: vmGaswftq0yaSklj7QFB4Q==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=Entry-TTL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: entryTTL
+adminDisplayName: Entry-TTL
+adminDescription: Entry-TTL
+attributeId: 1.3.6.1.4.1.1466.101.119.3
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 31557600
+schemaIdGuid:: zN4T0hrYhEOqwtz8/WMc+A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 20
+
+dn: CN=ms-DS-Other-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-Other-Settings
+adminDisplayName: ms-DS-Other-Settings
+adminDescription: ms-DS-Other-Settings
+attributeId: 1.2.840.113556.1.4.1621
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: TPPSeX2du0KDj4ZrPkQA4g==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Entry-Time-To-Die,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-Entry-Time-To-Die
+adminDisplayName: ms-DS-Entry-Time-To-Die
+adminDescription: ms-DS-Entry-Time-To-Die
+attributeId: 1.2.840.113556.1.4.1622
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 9
+schemaIdGuid:: 17rp4d3GAUGoQ3lM7IWwOA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Site-Affinity,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-Site-Affinity
+adminDisplayName: ms-DS-Site-Affinity
+adminDescription: ms-DS-Site-Affinity
+attributeId: 1.2.840.113556.1.4.1443
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 1
+schemaIdGuid:: AlZ8wbe88EaWVmNwyohLcg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Preferred-GC-Site,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-Preferred-GC-Site
+adminDisplayName: ms-DS-Preferred-GC-Site
+adminDescription: ms-DS-Prefered-GC-Site
+attributeId: 1.2.840.113556.1.4.1444
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: CrUh2bIKzUKH9gnPg6kYVA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Cached-Membership,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-Cached-Membership
+adminDisplayName: ms-DS-Cached-Membership
+adminDescription: ms-DS-Cached-Membership
+attributeId: 1.2.840.113556.1.4.1441
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: CLDKadTNyUu6uA/zfv4bIA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 17
+
+dn: CN=ms-DS-Cached-Membership-Time-Stamp,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-Cached-Membership-Time-Stamp
+adminDisplayName: ms-DS-Cached-Membership-Time-Stamp
+adminDescription: ms-DS-Cached-Membership-Time-Stamp
+attributeId: 1.2.840.113556.1.4.1442
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+schemaIdGuid:: H79mNe6+y02Kvu+J/P7GwQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 17
+
+dn: CN=ms-DS-Auxiliary-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-Auxiliary-Classes
+adminDisplayName: ms-DS-Auxiliary-Classes
+adminDescription: ms-DS-Auxiliary-Classes
+attributeId: 1.2.840.113556.1.4.1458
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 8
+schemaIdGuid:: cxCvxFDu4Eu4wImkH+mavg==
+attributeSecurityGuid:: VAGN5Pi80RGHAgDAT7lgUA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 20
+
+dn: CN=Structural-Object-Class,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: structuralObjectClass
+adminDisplayName: Structural-Object-Class
+adminDescription: The class hierarchy without auxiliary classes
+attributeId: 2.5.21.9
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: n5RgOKj2OEuZUIHstrwpgg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 20
+
+dn: CN=ms-DS-Replication-Notify-Subsequent-DSA-Delay,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-Replication-Notify-Subsequent-DSA-Delay
+adminDisplayName: ms-DS-Replication-Notify-Subsequent-DSA-Delay
+adminDescription: This attribute controls the delay between notification of each subsequent replica partner for an NC.
+attributeId: 1.2.840.113556.1.4.1664
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: hbM91pLdUkux2A0+zA6Gtg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-WMI-ID,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-ID
+adminDisplayName: ms-WMI-ID
+adminDescription: ms-WMI-ID
+attributeId: 1.2.840.113556.1.4.1627
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: A6g5k7iU90eRI6hTuf9+RQ==
+showInAdvancedViewOnly: FALSE
+systemFlags: 16
+
+dn: CN=ms-WMI-Mof,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-Mof
+adminDisplayName: ms-WMI-Mof
+adminDescription: ms-WMI-Mof
+attributeId: 1.2.840.113556.1.4.1638
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: n4A2Z2QgPkShRYEmKx8TZg==
+showInAdvancedViewOnly: FALSE
+systemFlags: 16
+
+dn: CN=ms-WMI-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-Name
+adminDisplayName: ms-WMI-Name
+adminDescription: ms-WMI-Name
+attributeId: 1.2.840.113556.1.4.1639
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 5azIxoF+r0KtcndBLFlBxA==
+showInAdvancedViewOnly: FALSE
+systemFlags: 16
+
+dn: CN=ms-WMI-Query,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-Query
+adminDisplayName: ms-WMI-Query
+adminDescription: ms-WMI-Query
+attributeId: 1.2.840.113556.1.4.1642
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: Pvn/ZeM1o0WFrodsZxgpfw==
+showInAdvancedViewOnly: FALSE
+systemFlags: 16
+
+dn: CN=ms-WMI-intMin,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-IntMin
+adminDisplayName: ms-WMI-intMin
+adminDescription: ms-WMI-intMin
+attributeId: 1.2.840.113556.1.4.1630
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: uuPCaDeYcEyY4PDDNpXQIw==
+showInAdvancedViewOnly: FALSE
+systemFlags: 16
+
+dn: CN=ms-WMI-intMax,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-IntMax
+adminDisplayName: ms-WMI-intMax
+adminDescription: ms-WMI-intMax
+attributeId: 1.2.840.113556.1.4.1629
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: LAyS+5TyJkSKwdJLQqorzg==
+showInAdvancedViewOnly: FALSE
+systemFlags: 16
+
+dn: CN=ms-WMI-Author,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-Author
+adminDisplayName: ms-WMI-Author
+adminDescription: ms-WMI-Author
+attributeId: 1.2.840.113556.1.4.1623
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: wcBmY3JpZk6zpR1SrQwFRw==
+showInAdvancedViewOnly: FALSE
+systemFlags: 16
+
+dn: CN=ms-WMI-int8Min,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-Int8Min
+adminDisplayName: ms-WMI-int8Min
+adminDescription: ms-WMI-int8Min
+attributeId: 1.2.840.113556.1.4.1634
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 0YkU7cxUZkCzaKANqiZk8Q==
+showInAdvancedViewOnly: FALSE
+systemFlags: 16
+
+dn: CN=ms-WMI-int8Max,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-Int8Max
+adminDisplayName: ms-WMI-int8Max
+adminDescription: ms-WMI-int8Max
+attributeId: 1.2.840.113556.1.4.1633
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: R7XY4z0ARkmjK9x87clrdA==
+showInAdvancedViewOnly: FALSE
+systemFlags: 16
+
+dn: CN=ms-COM-ObjectId,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msCOM-ObjectId
+adminDisplayName: ms-COM-ObjectId
+adminDescription: Object ID that COM+ uses. Default = adminDisplayName
+attributeId: 1.2.840.113556.1.4.1428
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: i2cPQ5+I8kGYQyA7WmVXLw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-COM-UserPartitionSetLink,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msCOM-UserPartitionSetLink
+adminDisplayName: ms-COM-UserPartitionSetLink
+adminDescription: Link from a User to a PartitionSet. Default = adminDisplayName
+attributeId: 1.2.840.113556.1.4.1426
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: igyUjnfkZ0Owjf8v+ULc1w==
+linkID: 1048
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-COM-UserLink,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msCOM-UserLink
+adminDisplayName: ms-COM-UserLink
+adminDescription: Link from a PartitionSet to a User. Default = adminDisplayName
+attributeId: 1.2.840.113556.1.4.1425
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: TTpvniwkN0+waDa1f5/IUg==
+linkID: 1049
+showInAdvancedViewOnly: TRUE
+systemFlags: 17
+
+dn: CN=ms-WMI-ChangeDate,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-ChangeDate
+adminDisplayName: ms-WMI-ChangeDate
+adminDescription: ms-WMI-ChangeDate
+attributeId: 1.2.840.113556.1.4.1624
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: oPfN+UTsN0mnm82RUis6qA==
+showInAdvancedViewOnly: FALSE
+systemFlags: 16
+
+dn: CN=ms-WMI-intDefault,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-IntDefault
+adminDisplayName: ms-WMI-intDefault
+adminDescription: ms-WMI-intDefault
+attributeId: 1.2.840.113556.1.4.1628
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: +AcMG912YECh4XAIRhnckA==
+showInAdvancedViewOnly: FALSE
+systemFlags: 16
+
+dn: CN=ms-WMI-TargetPath,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-TargetPath
+adminDisplayName: ms-WMI-TargetPath
+adminDescription: ms-WMI-TargetPath
+attributeId: 1.2.840.113556.1.4.1648
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: mqcGUP5rYUWfUhPPTdPlYA==
+showInAdvancedViewOnly: FALSE
+systemFlags: 16
+
+dn: CN=ms-WMI-TargetType,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-TargetType
+adminDisplayName: ms-WMI-TargetType
+adminDescription: ms-WMI-TargetType
+attributeId: 1.2.840.113556.1.4.1649
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: Higqyism90+0GbwSM1Kk6Q==
+showInAdvancedViewOnly: FALSE
+systemFlags: 16
+
+dn: CN=ms-WMI-int8Default,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-Int8Default
+adminDisplayName: ms-WMI-int8Default
+adminDescription: ms-WMI-int8Default
+attributeId: 1.2.840.113556.1.4.1632
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: WgjY9FuMhUeVm9xYVWbkRQ==
+showInAdvancedViewOnly: FALSE
+systemFlags: 16
+
+dn: CN=ms-WMI-TargetClass,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-TargetClass
+adminDisplayName: ms-WMI-TargetClass
+adminDescription: ms-WMI-TargetClass
+attributeId: 1.2.840.113556.1.4.1645
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 1ti2lejJYUaivGpcq8BMYg==
+showInAdvancedViewOnly: FALSE
+systemFlags: 16
+
+dn: CN=ms-WMI-CreationDate,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-CreationDate
+adminDisplayName: ms-WMI-CreationDate
+adminDescription: ms-WMI-CreationDate
+attributeId: 1.2.840.113556.1.4.1626
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: LgqLdFEzP0uxcS8XQU6neQ==
+showInAdvancedViewOnly: FALSE
+systemFlags: 16
+
+dn: CN=ms-WMI-TargetObject,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-TargetObject
+adminDisplayName: ms-WMI-TargetObject
+adminDescription: ms-WMI-TargetObject
+attributeId: 1.2.840.113556.1.4.1647
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: pWdPxOV9H0qS2WYrVzZLdw==
+showInAdvancedViewOnly: FALSE
+systemFlags: 16
+
+dn: CN=ms-WMI-PropertyName,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-PropertyName
+adminDisplayName: ms-WMI-PropertyName
+adminDescription: ms-WMI-PropertyName
+attributeId: 1.2.840.113556.1.4.1641
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: gwiSq/jnck20oMBEmJdQnQ==
+showInAdvancedViewOnly: FALSE
+systemFlags: 16
+
+dn: CN=ms-COM-PartitionLink,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msCOM-PartitionLink
+adminDisplayName: ms-COM-PartitionLink
+adminDescription: Link from a PartitionSet to a Partition. Default = adminDisplayName
+attributeId: 1.2.840.113556.1.4.1423
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: YqyrCT8EAkesK2yhXu5XVA==
+linkID: 1040
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-WMI-QueryLanguage,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-QueryLanguage
+adminDisplayName: ms-WMI-QueryLanguage
+adminDescription: ms-WMI-QueryLanguage
+attributeId: 1.2.840.113556.1.4.1643
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: mPo8fXvBVEKL103puTKjRQ==
+showInAdvancedViewOnly: FALSE
+systemFlags: 16
+
+dn: CN=ms-WMI-stringDefault,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-StringDefault
+adminDisplayName: ms-WMI-stringDefault
+adminDescription: ms-WMI-stringDefault
+attributeId: 1.2.840.113556.1.4.1636
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: tkIuFcU3VU+rSBYGOEqa6g==
+showInAdvancedViewOnly: FALSE
+systemFlags: 16
+
+dn: CN=ms-WMI-intValidValues,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-IntValidValues
+adminDisplayName: ms-WMI-intValidValues
+adminDescription: ms-WMI-intValidValues
+attributeId: 1.2.840.113556.1.4.1631
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 9mX1akmnckuWNDxdR+a04A==
+showInAdvancedViewOnly: FALSE
+systemFlags: 16
+
+dn: CN=ms-DS-Behavior-Version,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-Behavior-Version
+adminDisplayName: ms-DS-Behavior-Version
+adminDescription: ms-DS-Behavior-Version
+attributeId: 1.2.840.113556.1.4.1459
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 0
+schemaIdGuid:: V4ca00ckRUWAgTu2EMrL8g==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-WMI-int8ValidValues,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-Int8ValidValues
+adminDisplayName: ms-WMI-int8ValidValues
+adminDescription: ms-WMI-int8ValidValues
+attributeId: 1.2.840.113556.1.4.1635
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: qRk1EALAG0SYGrCz4BLIAw==
+showInAdvancedViewOnly: FALSE
+systemFlags: 16
+
+dn: CN=ms-WMI-TargetNameSpace,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-TargetNameSpace
+adminDisplayName: ms-WMI-TargetNameSpace
+adminDescription: ms-WMI-TargetNameSpace
+attributeId: 1.2.840.113556.1.4.1646
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: H7ZKHCA05USEnYtdv2D+tw==
+showInAdvancedViewOnly: FALSE
+systemFlags: 16
+
+dn: CN=ms-WMI-ClassDefinition,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-ClassDefinition
+adminDisplayName: ms-WMI-ClassDefinition
+adminDescription: ms-WMI-ClassDefinition
+attributeId: 1.2.840.113556.1.4.1625
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: vA6cK3LCy0WZ0k0OaRYy4A==
+showInAdvancedViewOnly: FALSE
+systemFlags: 16
+
+dn: CN=ms-WMI-NormalizedClass,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-NormalizedClass
+adminDisplayName: ms-WMI-NormalizedClass
+adminDescription: ms-WMI-NormalizedClass
+attributeId: 1.2.840.113556.1.4.1640
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: j2K66o7r6U+D/Gk75pVVmw==
+showInAdvancedViewOnly: FALSE
+systemFlags: 16
+
+dn: CN=ms-COM-PartitionSetLink,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msCOM-PartitionSetLink
+adminDisplayName: ms-COM-PartitionSetLink
+adminDescription: Link from a Partition to a PartitionSet. Default = adminDisplayName
+attributeId: 1.2.840.113556.1.4.1424
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: 3CHxZwJ9fUyC9ZrUyVCsNA==
+linkID: 1041
+showInAdvancedViewOnly: TRUE
+systemFlags: 17
+
+dn: CN=ms-WMI-stringValidValues,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-StringValidValues
+adminDisplayName: ms-WMI-stringValidValues
+adminDescription: ms-WMI-stringValidValues
+attributeId: 1.2.840.113556.1.4.1637
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: MZ1gN7+iWEuPUytk5XoHbQ==
+showInAdvancedViewOnly: FALSE
+systemFlags: 16
+
+dn: CN=ms-DS-NC-Replica-Locations,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-NC-Replica-Locations
+adminDisplayName: ms-DS-NC-Replica-Locations
+adminDescription: This is a list of servers that are the replica set for the corresponding Non-Domain Naming Context.
+attributeId: 1.2.840.113556.1.4.1661
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: FZbelze1vEasDxByDzkJ8w==
+linkID: 1044
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-WMI-SourceOrganization,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-SourceOrganization
+adminDisplayName: ms-WMI-SourceOrganization
+adminDescription: ms-WMI-SourceOrganization
+attributeId: 1.2.840.113556.1.4.1644
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: bO33NF1hjUGqAFSafXvgPg==
+showInAdvancedViewOnly: FALSE
+systemFlags: 16
+
+dn: CN=ms-COM-DefaultPartitionLink,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msCOM-DefaultPartitionLink
+adminDisplayName: ms-COM-DefaultPartitionLink
+adminDescription: Link to a the default Partition for the PartitionSet. Default = adminDisplayName
+attributeId: 1.2.840.113556.1.4.1427
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: 9xCLmRqqZEO4Z3U9GX/mcA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-User-Account-Control-Computed,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-User-Account-Control-Computed
+adminDisplayName: ms-DS-User-Account-Control-Computed
+adminDescription: ms-DS-User-Account-Control-Computed
+attributeId: 1.2.840.113556.1.4.1460
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: NrjELD+2QEmNI+p6zwavVg==
+attributeSecurityGuid:: AEIWTMAg0BGnaACqAG4FKQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 20
+
+dn: CN=ms-DS-Replication-Notify-First-DSA-Delay,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-Replication-Notify-First-DSA-Delay
+adminDisplayName: ms-DS-Replication-Notify-First-DSA-Delay
+adminDescription: This attribute controls the delay between changes to the DS, and notification of the first replica partner for an NC.
+attributeId: 1.2.840.113556.1.4.1663
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 9NSrhYkKSU697G81uyViug==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Approx-Immed-Subordinates,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-Approx-Immed-Subordinates
+adminDisplayName: ms-DS-Approx-Immed-Subordinates
+adminDescription: ms-DS-Approx-Immed-Subordinates
+attributeId: 1.2.840.113556.1.4.1669
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+schemaIdGuid:: Q9KF4c7220q0lrDABdeCPA==
+attributeSecurityGuid:: VAGN5Pi80RGHAgDAT7lgUA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 20
+
+# Load new attributes into the schema cache for inclusion below
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=PKI-Certificate-Template,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1429
+systemMayContain: 1.2.840.113556.1.4.1430
+systemMayContain: 1.2.840.113556.1.4.1431
+systemMayContain: 1.2.840.113556.1.4.1432
+systemMayContain: 1.2.840.113556.1.4.1433
+systemMayContain: 1.2.840.113556.1.4.1434
+systemMayContain: 1.2.840.113556.1.4.1435
+systemMayContain: 1.2.840.113556.1.4.1436
+systemMayContain: 1.2.840.113556.1.4.1437
+systemMayContain: 1.2.840.113556.1.4.1438
+systemMayContain: 1.2.840.113556.1.4.1439
+-
+
+dn: CN=ms-PKI-Enterprise-Oid,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msPKI-Enterprise-Oid
+adminDisplayName: ms-PKI-Enterprise-Oid
+adminDescription: ms-PKI-Enterprise-Oid
+governsId: 1.2.840.113556.1.5.196
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.1436
+systemPossSuperiors: 1.2.840.113556.1.5.196
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: XNjPNxln2EqPnoZ4umJ1Yw==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-PKI-Enterprise-Oid,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1440
+-
+
+dn: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1440
+-
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1441
+systemMayContain: 1.2.840.113556.1.4.1442
+systemMayContain: 1.2.840.113556.1.4.1443
+-
+
+dn: CN=NTDS-Site-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1444
+-
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 2.5.21.9
+-
+
+dn: CN=ms-WMI-Som,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msWMI-Som
+adminDisplayName: ms-WMI-Som
+adminDescription: ms-WMI-Som
+governsId: 1.2.840.113556.1.5.213
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 1.2.840.113556.1.4.1639
+systemMustContain: 1.2.840.113556.1.4.1644
+systemMustContain: 1.2.840.113556.1.4.1623
+systemMustContain: 1.2.840.113556.1.4.1624
+systemMustContain: 1.2.840.113556.1.4.1626
+systemMustContain: 1.2.840.113556.1.4.1627
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: eHCFq0IBBkSUWzTJtrEzcg==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-Som,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-WMI-PolicyTemplate,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msWMI-PolicyTemplate
+adminDisplayName: ms-WMI-PolicyTemplate
+adminDescription: ms-WMI-PolicyTemplate
+governsId: 1.2.840.113556.1.5.200
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 1.2.840.113556.1.4.1626
+systemMustContain: 1.2.840.113556.1.4.1624
+systemMustContain: 1.2.840.113556.1.4.1623
+systemMustContain: 1.2.840.113556.1.4.1644
+systemMustContain: 1.2.840.113556.1.4.1640
+systemMustContain: 1.2.840.113556.1.4.1648
+systemMustContain: 1.2.840.113556.1.4.1645
+systemMustContain: 1.2.840.113556.1.4.1646
+systemMustContain: 1.2.840.113556.1.4.1639
+systemMustContain: 1.2.840.113556.1.4.1627
+systemMayContain: 1.2.840.113556.1.4.1649
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: 8YC84kokWU2sxspcT4Lm4Q==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-PolicyTemplate,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-WMI-WMIGPO,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msWMI-WMIGPO
+adminDisplayName: ms-WMI-WMIGPO
+adminDescription: ms-WMI-WMIGPO
+governsId: 1.2.840.113556.1.5.215
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 1.2.840.113556.1.4.1645
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: AABjBSc53k6/J8qR8nXCbw==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-WMIGPO,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-COM-Partition,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msCOM-Partition
+adminDisplayName: ms-COM-Partition
+adminDescription: Partition class. Default = adminDisplayName
+governsId: 1.2.840.113556.1.5.193
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.1428
+systemPossSuperiors: 1.2.840.113556.1.5.67
+systemPossSuperiors: 2.5.6.5
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: dA4ByVhO90mKiV4+I0D8+A==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-COM-Partition,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-WMI-PolicyType,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msWMI-PolicyType
+adminDisplayName: ms-WMI-PolicyType
+adminDescription: ms-WMI-PolicyType
+governsId: 1.2.840.113556.1.5.211
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 1.2.840.113556.1.4.1626
+systemMustContain: 1.2.840.113556.1.4.1624
+systemMustContain: 1.2.840.113556.1.4.1623
+systemMustContain: 1.2.840.113556.1.4.1644
+systemMustContain: 1.2.840.113556.1.4.1647
+systemMustContain: 1.2.840.113556.1.4.1627
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: EyZbWQlBd06QE6O7TvJ3xw==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-PolicyType,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-WMI-ShadowObject,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msWMI-ShadowObject
+adminDisplayName: ms-WMI-ShadowObject
+adminDescription: ms-WMI-ShadowObject
+governsId: 1.2.840.113556.1.5.212
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 1.2.840.113556.1.4.1647
+systemPossSuperiors: 1.2.840.113556.1.5.211
+schemaIdGuid:: 30vk8dONNUKchvkfMfW1aQ==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-ShadowObject,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-COM-PartitionSet,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msCOM-PartitionSet
+adminDisplayName: ms-COM-PartitionSet
+adminDescription: PartitionSet class. Default = adminDisplayName
+governsId: 1.2.840.113556.1.5.194
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.1423
+systemMayContain: 1.2.840.113556.1.4.1427
+systemMayContain: 1.2.840.113556.1.4.1428
+systemPossSuperiors: 1.2.840.113556.1.5.67
+systemPossSuperiors: 2.5.6.5
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: q2QEJRfEekmXWp4NRZp8oQ==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-COM-PartitionSet,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-WMI-Rule,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msWMI-Rule
+adminDisplayName: ms-WMI-Rule
+adminDescription: ms-WMI-Rule
+governsId: 1.2.840.113556.1.5.214
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 1.2.840.113556.1.4.1643
+systemMustContain: 1.2.840.113556.1.4.1646
+systemMustContain: 1.2.840.113556.1.4.1642
+systemPossSuperiors: 1.2.840.113556.1.5.213
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: g29+PA7dG0igwnTNlu8qZg==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-Rule,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1426
+systemMayContain: 1.2.840.113556.1.4.1460
+-
+
+dn: CN=Cross-Ref,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1661
+systemMayContain: 1.2.840.113556.1.4.1663
+systemMayContain: 1.2.840.113556.1.4.1664
+-
+
+dn: CN=NTDS-DSA,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1459
+-
+
+dn: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1459
+-
+
+dn: CN=Domain-DNS,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1459
+-
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1669
+-
+
+dn: CN=Dynamic-Object,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: dynamicObject
+adminDisplayName: Dynamic-Object
+adminDescription: Dynamic-Object
+governsId: 1.3.6.1.4.1.1466.101.119.2
+objectClassCategory: 3
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.1622
+systemMayContain: 1.3.6.1.4.1.1466.101.119.3
+schemaIdGuid:: SRLVZlUzH0yyToHyUqyiOw==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Dynamic-Object,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=NTDS-Service,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1621
+-
+
+# Reload new schema cache to pick up classes used in subclassof
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=ms-WMI-MergeablePolicyTemplate,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msWMI-MergeablePolicyTemplate
+adminDisplayName: ms-WMI-MergeablePolicyTemplate
+adminDescription: ms-WMI-MergeablePolicyTemplate
+governsId: 1.2.840.113556.1.5.202
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.5.200
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: FCRQB8r9UUiwShNkWxHSJg==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-MergeablePolicyTemplate,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+# Reload new schema cache to pick up classes used in possSuperiors
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=ms-WMI-RangeParam,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msWMI-RangeParam
+adminDisplayName: ms-WMI-RangeParam
+adminDescription: ms-WMI-RangeParam
+governsId: 1.2.840.113556.1.5.203
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 1.2.840.113556.1.4.1649
+systemMustContain: 1.2.840.113556.1.4.1645
+systemMustContain: 1.2.840.113556.1.4.1641
+systemPossSuperiors: 1.2.840.113556.1.5.202
+schemaIdGuid:: V1r7RRhQD02QVpl8jJEi2Q==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-RangeParam,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+# Reload new schema cache to pick up classes used in possSuperiors
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=ms-WMI-StringSetParam,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msWMI-StringSetParam
+adminDisplayName: ms-WMI-StringSetParam
+adminDescription: ms-WMI-StringSetParam
+governsId: 1.2.840.113556.1.5.210
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.5.203
+systemMustContain: 1.2.840.113556.1.4.1636
+systemMayContain: 1.2.840.113556.1.4.1637
+systemPossSuperiors: 1.2.840.113556.1.5.202
+schemaIdGuid:: onnFC6cd6ky2mYB/O51jpA==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-StringSetParam,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-WMI-UnknownRangeParam,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msWMI-UnknownRangeParam
+adminDisplayName: ms-WMI-UnknownRangeParam
+adminDescription: ms-WMI-UnknownRangeParam
+governsId: 1.2.840.113556.1.5.204
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.5.203
+systemMustContain: 1.2.840.113556.1.4.1647
+systemMustContain: 1.2.840.113556.1.4.1640
+systemPossSuperiors: 1.2.840.113556.1.5.202
+schemaIdGuid:: a8IquNvGmECSxknBijM24Q==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-UnknownRangeParam,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-WMI-RealRangeParam,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msWMI-RealRangeParam
+adminDisplayName: ms-WMI-RealRangeParam
+adminDescription: ms-WMI-RealRangeParam
+governsId: 1.2.840.113556.1.5.209
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.5.203
+systemMustContain: 1.2.840.113556.1.4.1632
+systemMayContain: 1.2.840.113556.1.4.1633
+systemMayContain: 1.2.840.113556.1.4.1634
+systemPossSuperiors: 1.2.840.113556.1.5.202
+schemaIdGuid:: 4o/+arxwzkyxZqlvc1nFFA==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-RealRangeParam,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-WMI-SimplePolicyTemplate,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msWMI-SimplePolicyTemplate
+adminDisplayName: ms-WMI-SimplePolicyTemplate
+adminDescription: ms-WMI-SimplePolicyTemplate
+governsId: 1.2.840.113556.1.5.201
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.5.200
+systemMustContain: 1.2.840.113556.1.4.1647
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: tbLIbN8S9kSDB+dPXN7jaQ==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-SimplePolicyTemplate,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-WMI-IntSetParam,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msWMI-IntSetParam
+adminDisplayName: ms-WMI-IntSetParam
+adminDescription: ms-WMI-IntSetParam
+governsId: 1.2.840.113556.1.5.206
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.5.203
+systemMustContain: 1.2.840.113556.1.4.1628
+systemMayContain: 1.2.840.113556.1.4.1631
+systemPossSuperiors: 1.2.840.113556.1.5.202
+schemaIdGuid:: mg0vKXbPsEKEH7ZQ8zHfYg==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-IntSetParam,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-WMI-UintSetParam,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msWMI-UintSetParam
+adminDisplayName: ms-WMI-UintSetParam
+adminDescription: ms-WMI-UintSetParam
+governsId: 1.2.840.113556.1.5.208
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.5.203
+systemMustContain: 1.2.840.113556.1.4.1628
+systemMayContain: 1.2.840.113556.1.4.1631
+systemPossSuperiors: 1.2.840.113556.1.5.202
+schemaIdGuid:: MetLjxlO9UaTLl+gPDObHQ==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-UintSetParam,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-WMI-IntRangeParam,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msWMI-IntRangeParam
+adminDisplayName: ms-WMI-IntRangeParam
+adminDescription: ms-WMI-IntRangeParam
+governsId: 1.2.840.113556.1.5.205
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.5.203
+systemMustContain: 1.2.840.113556.1.4.1628
+systemMayContain: 1.2.840.113556.1.4.1629
+systemMayContain: 1.2.840.113556.1.4.1630
+systemPossSuperiors: 1.2.840.113556.1.5.202
+schemaIdGuid:: fV3KUItc806531tm1JHlJg==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-IntRangeParam,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-WMI-UintRangeParam,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msWMI-UintRangeParam
+adminDisplayName: ms-WMI-UintRangeParam
+adminDescription: ms-WMI-UintRangeParam
+governsId: 1.2.840.113556.1.5.207
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.5.203
+systemMustContain: 1.2.840.113556.1.4.1628
+systemMayContain: 1.2.840.113556.1.4.1629
+systemMayContain: 1.2.840.113556.1.4.1630
+systemPossSuperiors: 1.2.840.113556.1.5.202
+schemaIdGuid:: spmn2fPOs0i1rfuF+N0yFA==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-UintRangeParam,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+# Reload new schema cache
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+# Config NC changes
+
+dn: CN=KRA,CN=Public Key Services,CN=Services,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: Container
+ShowInAdvancedViewOnly: TRUE
+
+dn: CN=OID,CN=Public Key Services,CN=Services,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: msPKI-Enterprise-Oid
+ShowInAdvancedViewOnly: TRUE
+
+dn: CN=Generate-RSoP,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+ShowInAdvancedViewOnly: TRUE
+appliesTo: bf967aa5-0de6-11d0-a285-00aa003049e2
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+displayName: Generate Resultant Set of Policy
+localizationDisplayId: 55
+rightsGUID: b7b1b3dd-ab09-4242-9e30-9980e5d322f7
+validAccesses: 256
+
+dn: CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: msDS-Other-Settings
+msDS-Other-Settings: DynamicObjectDefaultTTL=86400
+msDS-Other-Settings: DynamicObjectMinTTL=900
+-
+
+# Increase object version
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 14
+-
+
+```
+
+### Sch15.ldf
+
+```
+
+# Schema NC changes
+
+dn: CN=ms-WMI-Parm1,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-Parm1
+adminDisplayName: ms-WMI-Parm1
+adminDescription: ms-WMI-Parm1
+attributeId: 1.2.840.113556.1.4.1682
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: hRToJ7Cxi0q+3c4ZqDfibg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-WMI-Parm2,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-Parm2
+adminDisplayName: ms-WMI-Parm2
+adminDescription: ms-WMI-Parm2
+attributeId: 1.2.840.113556.1.4.1683
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: jlADAEKcdkqo9Di/ZLqw3g==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-WMI-Parm3,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-Parm3
+adminDisplayName: ms-WMI-Parm3
+adminDescription: ms-WMI-Parm3
+attributeId: 1.2.840.113556.1.4.1684
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: to+VRb1Szkifn8JxLZ8r/A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-WMI-Parm4,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-Parm4
+adminDisplayName: ms-WMI-Parm4
+adminDescription: ms-WMI-Parm4
+attributeId: 1.2.840.113556.1.4.1685
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: o9UAOM7xgkulmhUo6nlfWQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-WMI-Class,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-Class
+adminDisplayName: ms-WMI-Class
+adminDescription: ms-WMI-Class
+attributeId: 1.2.840.113556.1.4.1676
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: X5LBkCRKB0uyAr4y6zyLdA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-WMI-Genus,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-Genus
+adminDisplayName: ms-WMI-Genus
+adminDescription: ms-WMI-Genus
+attributeId: 1.2.840.113556.1.4.1677
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: OmfIUFaPFEaTCJ4TQPua8w==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-PKI-OID-CPS,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msPKI-OID-CPS
+adminDisplayName: ms-PKI-OID-CPS
+adminDescription: ms-PKI-OID-CPS
+attributeId: 1.2.840.113556.1.4.1672
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: DpRJX5+nUUq7bz1EalTcaw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=GPC-WQL-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: gPCWQLFilter
+adminDisplayName: GPC-WQL-Filter
+adminDescription: GPC-WQL-Filter
+attributeId: 1.2.840.113556.1.4.1694
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: psfUe90aNkSMBDmZqIAVTA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=Extra-Columns,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: extraColumns
+adminDisplayName: Extra-Columns
+adminDescription: Extra-Columns
+attributeId: 1.2.840.113556.1.4.1687
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: RihO0tkdz0uZ16YifMhtpw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-WMI-intFlags1,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-intFlags1
+adminDisplayName: ms-WMI-intFlags1
+adminDescription: ms-WMI-intFlags1
+attributeId: 1.2.840.113556.1.4.1678
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: uQbgGEVk40idz7Xs+8Tfjg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-WMI-intFlags2,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-intFlags2
+adminDisplayName: ms-WMI-intFlags2
+adminDescription: ms-WMI-intFlags2
+attributeId: 1.2.840.113556.1.4.1679
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: yUJaB1rFsUWsk+sIazH2EA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-WMI-intFlags3,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-intFlags3
+adminDisplayName: ms-WMI-intFlags3
+adminDescription: ms-WMI-intFlags3
+attributeId: 1.2.840.113556.1.4.1680
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: Nqef8gne5EuyOuc0wSS6zA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-WMI-intFlags4,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-intFlags4
+adminDisplayName: ms-WMI-intFlags4
+adminDescription: ms-WMI-intFlags4
+attributeId: 1.2.840.113556.1.4.1681
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: rKd0vZPEnEy9+lx7EZymsg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-WMI-ScopeGuid,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msWMI-ScopeGuid
+adminDisplayName: ms-WMI-ScopeGuid
+adminDescription: ms-WMI-ScopeGuid
+attributeId: 1.2.840.113556.1.4.1686
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: UY23h19Af0uA7SvSh4b0jQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-FRS-Hub-Member,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msFRS-Hub-Member
+adminDisplayName: ms-FRS-Hub-Member
+adminDescription: ms-FRS-Hub-Member
+attributeId: 1.2.840.113556.1.4.1693
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass:: KwwCh3McAIVK
+linkID: 1046
+isSingleValued: TRUE
+searchFlags: 0
+schemaIdGuid:: gf9DVrY1qUyVErrwvQoncg==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-PKI-OID-Attribute,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msPKI-OID-Attribute
+adminDisplayName: ms-PKI-OID-Attribute
+adminDescription: ms-PKI-OID-Attribute
+attributeId: 1.2.840.113556.1.4.1671
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: iBKejChQT0+nBHbQJvJG7w==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-FRS-Topology-Pref,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msFRS-Topology-Pref
+adminDisplayName: ms-FRS-Topology-Pref
+adminDescription: ms-FRS-Topology-Pref
+attributeId: 1.2.840.113556.1.4.1692
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+searchFlags: 0
+schemaIdGuid:: 4CeqklBcLUCewe6Efe+XiA==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-PKI-OID-User-Notice,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msPKI-OID-User-Notice
+adminDisplayName: ms-PKI-OID-User-Notice
+adminDescription: ms-PKI-OID-User-Notice
+attributeId: 1.2.840.113556.1.4.1673
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: etrEBBThaU6I3uKT8tOzlQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-PKI-RA-Application-Policies,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msPKI-RA-Application-Policies
+adminDisplayName: ms-PKI-RA-Application-Policies
+adminDescription: ms-PKI-RA-Application-Policies
+attributeId: 1.2.840.113556.1.4.1675
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: v/uRPHNHzUyoe4XVPnvPag==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=Admin-Multiselect-Property-Pages,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: adminMultiselectPropertyPages
+adminDisplayName: Admin-Multiselect-Property-Pages
+adminDescription: Admin-Multiselect-Property-Pages
+attributeId: 1.2.840.113556.1.4.1690
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: fbb5GMZaO0uX29CkBq+3ug==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Security-Group-Extra-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-Security-Group-Extra-Classes
+adminDisplayName: ms-DS-Security-Group-Extra-Classes
+adminDescription: ms-DS-Security-Group-Extra-Classes
+attributeId: 1.2.840.113556.1.4.1688
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 6GoUT/6kAUinMfUYSKT05A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-PKI-Certificate-Application-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msPKI-Certificate-Application-Policy
+adminDisplayName: ms-PKI-Certificate-Application-Policy
+adminDescription: ms-PKI-Certificate-Application-Policy
+attributeId: 1.2.840.113556.1.4.1674
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: SAXZ2zeqAkKZZoxTe6XOMg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Non-Security-Group-Extra-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-Non-Security-Group-Extra-Classes
+adminDisplayName: Non-Security-Group-Extra-Classes
+adminDescription: ms-DS-Non-Security-Group-Extra-Classes
+attributeId: 1.2.840.113556.1.4.1689
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: /EThLVIfb0i99Bb8wwhOVA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MSMQ-Recipient-FormatName,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msMQ-Recipient-FormatName
+adminDisplayName: MSMQ-Recipient-FormatName
+adminDescription: MSMQ-Recipient-FormatName
+attributeId: 1.2.840.113556.1.4.1695
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 255
+schemaIdGuid:: SGf+O0S1WkiwZxsxDEM0vw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=Last-Logon-Timestamp,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: lastLogonTimestamp
+adminDisplayName: Last-Logon-Timestamp
+adminDescription: Last-Logon-Timestamp
+attributeId: 1.2.840.113556.1.4.1696
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: BAriwFoO80+Ugl7+rs1wYA==
+attributeSecurityGuid:: ECAgX6V50BGQIADAT8LUzw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-Settings
+adminDisplayName: ms-DS-Settings
+adminDescription: ms-DS-Settings
+attributeId: 1.2.840.113556.1.4.1697
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 10cbDqNASEuNG0ysDBzfIQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-TAPI-Unique-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTAPI-uid
+adminDisplayName: msTAPI-uid
+adminDescription: msTAPI-uid
+attributeId: 1.2.840.113556.1.4.1698
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 120
+schemaIdGuid:: 6uekcLmzQ0aJGObdJHG/1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-TAPI-Ip-Address,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTAPI-IpAddress
+adminDisplayName: msTAPI-IpAddress
+adminDescription: msTAPI-IpAddress
+attributeId: 1.2.840.113556.1.4.1701
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 99fX744XZ0eH+viha4QFRA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-TAPI-Protocol-Id,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTAPI-ProtocolId
+adminDisplayName: msTAPI-ProtocolId
+adminDescription: msTAPI-ProtocolId
+attributeId: 1.2.840.113556.1.4.1699
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: z+vBiV96/UGZyskAsyKZqw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-TAPI-Conference-Blob,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTAPI-ConferenceBlob
+adminDisplayName: msTAPI-ConferenceBlob
+adminDescription: msTAPI-ConferenceBlob
+attributeId: 1.2.840.113556.1.4.1700
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: HmDETAFyQUGryD5SmuiIYw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=Is-Member-Of-DL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGuid:: QMIKvKl50BGQIADAT8LUzw==
+-
+
+dn: CN=ms-DS-Entry-Time-To-Die,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 9
+-
+
+dn: CN=ms-DS-Trust-Forest-Trust-Info,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-TrustForestTrustInfo
+adminDisplayName: ms-DS-Trust-Forest-Trust-Info
+adminDescription: ms-DS-Trust-Forest-Trust-Info
+attributeId: 1.2.840.113556.1.4.1702
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: bobMKdNJaUmULh28CSXRgw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-Exch-Owner-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+lDAPDisplayName: ownerBL
+adminDescription: ms-Exch-Owner-BL
+adminDisplayName: ms-Exch-Owner-BL
+attributeID: 1.2.840.113556.1.2.104
+attributeSyntax: 2.5.5.1
+oMSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+oMObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: 9HmWv+YN0BGihQCqADBJ4g==
+linkID: 45
+showInAdvancedViewOnly: TRUE
+systemFlags: 17
+
+# Load the schema cache to pick up new attributes
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=ms-WMI-ObjectEncoding,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msWMI-ObjectEncoding
+adminDisplayName: ms-WMI-ObjectEncoding
+adminDescription: ms-WMI-ObjectEncoding
+governsId: 1.2.840.113556.1.5.217
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 1.2.840.113556.1.4.1676
+systemMustContain: 1.2.840.113556.1.4.1686
+systemMustContain: 1.2.840.113556.1.4.1682
+systemMustContain: 1.2.840.113556.1.4.1683
+systemMustContain: 1.2.840.113556.1.4.1684
+systemMustContain: 1.2.840.113556.1.4.1685
+systemMustContain: 1.2.840.113556.1.4.1677
+systemMustContain: 1.2.840.113556.1.4.1678
+systemMustContain: 1.2.840.113556.1.4.1679
+systemMustContain: 1.2.840.113556.1.4.1680
+systemMustContain: 1.2.840.113556.1.4.1681
+systemMustContain: 1.2.840.113556.1.4.1627
+systemMustContain: 1.2.840.113556.1.4.1647
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: yYHdVRLD+UGoTcatvfHo4Q==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-ObjectEncoding,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=Application-Version,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: applicationVersion
+adminDisplayName: Application-Version
+adminDescription: Stores versioning information for an application and its schema.
+governsId: 1.2.840.113556.1.5.216
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.5.7000.49
+systemMayContain: 1.2.840.113556.1.4.329
+systemMayContain: 1.2.840.113556.1.4.328
+systemMayContain: 1.2.840.113556.1.4.141
+systemMayContain: 1.2.840.113556.1.4.255
+systemMayContain: 1.2.840.113556.1.4.848
+systemPossSuperiors: 1.2.840.113556.1.3.30
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: rJDH3U2vKkSPD6HUyqfdkg==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Application-Version,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1424
+systemMayContain: 1.2.840.113556.1.4.1425
+-
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.104
+-
+
+dn: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1426
+-
+
+dn: CN=Configuration,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.892
+systemMayContain: 1.2.840.113556.1.4.891
+-
+
+dn: CN=Connection-Point,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemPossSuperiors
+systemPossSuperiors: 1.2.840.113556.1.3.30
+-
+
+dn: CN=Group-Policy-Container,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1694
+-
+
+dn: CN=FT-Dfs,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.137
+-
+
+dn: CN=PKI-Certificate-Template,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1674
+systemMayContain: 1.2.840.113556.1.4.1675
+-
+
+dn: CN=ms-PKI-Enterprise-Oid,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1671
+systemMayContain: 1.2.840.113556.1.4.1672
+systemMayContain: 1.2.840.113556.1.4.1673
+-
+
+dn: CN=ms-WMI-PolicyTemplate,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+-
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1678
+systemMayContain: 1.2.840.113556.1.4.1679
+systemMayContain: 1.2.840.113556.1.4.1680
+systemMayContain: 1.2.840.113556.1.4.1681
+systemMayContain: 1.2.840.113556.1.4.1682
+systemMayContain: 1.2.840.113556.1.4.1683
+systemMayContain: 1.2.840.113556.1.4.1684
+systemMayContain: 1.2.840.113556.1.4.1685
+-
+
+dn: CN=ms-WMI-PolicyType,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+-
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1685
+systemMayContain: 1.2.840.113556.1.4.1684
+systemMayContain: 1.2.840.113556.1.4.1683
+systemMayContain: 1.2.840.113556.1.4.1682
+systemMayContain: 1.2.840.113556.1.4.1681
+systemMayContain: 1.2.840.113556.1.4.1680
+systemMayContain: 1.2.840.113556.1.4.1679
+systemMayContain: 1.2.840.113556.1.4.1678
+-
+
+dn: CN=Display-Specifier,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1687
+systemMayContain: 1.2.840.113556.1.4.1690
+-
+
+dn: CN=DS-UI-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1688
+systemMayContain: 1.2.840.113556.1.4.1689
+-
+
+dn: CN=ms-WMI-Som,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+-
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1685
+systemMayContain: 1.2.840.113556.1.4.1684
+systemMayContain: 1.2.840.113556.1.4.1683
+systemMayContain: 1.2.840.113556.1.4.1682
+systemMayContain: 1.2.840.113556.1.4.1681
+systemMayContain: 1.2.840.113556.1.4.1680
+systemMayContain: 1.2.840.113556.1.4.1679
+systemMayContain: 1.2.840.113556.1.4.1678
+-
+
+dn: CN=ms-WMI-WMIGPO,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+-
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1685
+systemMayContain: 1.2.840.113556.1.4.1684
+systemMayContain: 1.2.840.113556.1.4.1683
+systemMayContain: 1.2.840.113556.1.4.1682
+systemMayContain: 1.2.840.113556.1.4.1681
+systemMayContain: 1.2.840.113556.1.4.1680
+systemMayContain: 1.2.840.113556.1.4.1679
+systemMayContain: 1.2.840.113556.1.4.1678
+-
+
+dn: CN=NTFRS-Replica-Set,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1692
+systemMayContain: 1.2.840.113556.1.4.1693
+-
+
+dn: CN=Service-Connection-Point,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.141
+systemMayContain: 1.2.840.113556.1.4.255
+systemMayContain: 1.2.840.113556.1.4.328
+systemMayContain: 1.2.840.113556.1.4.329
+systemMayContain: 1.2.840.113556.1.4.848
+-
+
+dn: CN=MSMQ-Group,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msMQ-Group
+adminDisplayName: MSMQ-Group
+adminDescription: MSMQ-Group
+governsId: 1.2.840.113556.1.5.219
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 2.5.4.31
+systemPossSuperiors: 2.5.6.5
+schemaIdGuid:: rHqyRvqq+0+3c+W/Yh7oew==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Group,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=MSMQ-Custom-Recipient,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msMQ-Custom-Recipient
+adminDisplayName: MSMQ-Custom-Recipient
+adminDescription: MSMQ-Custom-Recipient
+governsId: 1.2.840.113556.1.5.218
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 1.2.840.113556.1.4.1695
+systemPossSuperiors: 2.5.6.5
+schemaIdGuid:: F2hth8w1bEOs6l73F03Zvg==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Custom-Recipient,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1696
+-
+
+dn: CN=FT-Dfs,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.48
+systemMayContain: 1.2.840.113556.1.4.653
+-
+
+dn: CN=ms-DS-App-Configuration,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDS-App-Configuration
+adminDisplayName: ms-DS-App-Configuration
+adminDescription: Stores configuration parameters for an application.
+governsId: 1.2.840.113556.1.5.220
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.5.7000.49
+systemPossSuperiors: 1.2.840.113556.1.3.30
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: PjzfkFQYVUSl18rUDVZleg==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-App-Configuration,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=Connection-Point,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1697
+-
+
+dn: CN=Application-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1697
+-
+
+dn: CN=ms-TAPI-Rt-Person,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msTAPI-RtPerson
+adminDisplayName: msTAPI-RtPerson
+adminDescription: msTAPI-RtPerson
+governsId: 1.2.840.113556.1.5.222
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.1701
+systemPossSuperiors: 2.5.6.4
+systemPossSuperiors: 2.5.6.5
+schemaIdGuid:: tRzqUwS3+U2Bj1y07IbKwQ==
+defaultSecurityDescriptor: D:(A;;GA;;;WD)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-TAPI-Rt-Person,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-TAPI-Rt-Conference,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msTAPI-RtConference
+adminDisplayName: msTAPI-RtConference
+adminDescription: msTAPI-RtConference
+governsId: 1.2.840.113556.1.5.221
+objectClassCategory: 1
+rdnAttId: 1.2.840.113556.1.4.1698
+subClassOf: 2.5.6.0
+systemMustContain: 1.2.840.113556.1.4.1698
+systemMayContain: 1.2.840.113556.1.4.1700
+systemMayContain: 1.2.840.113556.1.4.1699
+systemPossSuperiors: 2.5.6.5
+schemaIdGuid:: NZd7yipLSU6Jw5kCUzTclA==
+defaultSecurityDescriptor: D:(A;;GA;;;WD)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-TAPI-Rt-Conference,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=Trusted-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1702
+-
+
+# Reload the schema cache to pick up altered classes and attributes
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+# Config NC changes
+
+dn: CN=msmq-Send,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: appliesTo
+appliesTo: 46b27aac-aafa-4ffb-b773-e5bf621ee87b
+-
+
+dn: CN=Refresh-Group-Cache,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+ShowInAdvancedViewOnly: TRUE
+appliesTo: f0f8ffab-1191-11d0-a060-00aa006c33ed
+displayName: Refresh Group Cache for Logons
+localizationDisplayId: 56
+rightsGUID: 9432c620-033c-4db7-8b58-14ef6d0bf477
+validAccesses: 256
+
+# Increase object version
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 15
+-
+
+```
+
+### Sch16.ldf
+
+```
+
+# Schema NC changes
+
+dn: CN=Well-Known-Objects,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: rangeLower
+rangeLower: 16
+-
+add: rangeUpper
+rangeUpper: 16
+-
+
+dn: CN=Other-Well-Known-Objects,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: rangeLower
+rangeLower: 16
+-
+add: rangeUpper
+rangeUpper: 16
+-
+
+dn: CN=ms-WMI-PolicyTemplate,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1623
+systemMayContain: 1.2.840.113556.1.4.1624
+systemMayContain: 1.2.840.113556.1.4.1626
+systemMayContain: 1.2.840.113556.1.4.1644
+-
+delete: systemMustContain
+systemMustContain: 1.2.840.113556.1.4.1623
+systemMustContain: 1.2.840.113556.1.4.1624
+systemMustContain: 1.2.840.113556.1.4.1626
+systemMustContain: 1.2.840.113556.1.4.1644
+-
+
+dn: CN=ms-WMI-PolicyType,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1623
+systemMayContain: 1.2.840.113556.1.4.1624
+systemMayContain: 1.2.840.113556.1.4.1626
+systemMayContain: 1.2.840.113556.1.4.1644
+-
+delete: systemMustContain
+systemMustContain: 1.2.840.113556.1.4.1623
+systemMustContain: 1.2.840.113556.1.4.1624
+systemMustContain: 1.2.840.113556.1.4.1626
+systemMustContain: 1.2.840.113556.1.4.1644
+-
+
+dn: CN=ms-WMI-Som,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1623
+systemMayContain: 1.2.840.113556.1.4.1624
+systemMayContain: 1.2.840.113556.1.4.1626
+systemMayContain: 1.2.840.113556.1.4.1644
+-
+delete: systemMustContain
+systemMustContain: 1.2.840.113556.1.4.1623
+systemMustContain: 1.2.840.113556.1.4.1624
+systemMustContain: 1.2.840.113556.1.4.1626
+systemMustContain: 1.2.840.113556.1.4.1644
+-
+
+dn: CN=Application-Version,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultHidingValue
+defaultHidingValue: TRUE
+-
+
+dn: CN=ms-DS-App-Configuration,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultHidingValue
+defaultHidingValue: TRUE
+-
+
+dn: CN=ms-TAPI-Unique-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: rangeUpper
+rangeUpper: 256
+-
+
+dn: CN=ms-TAPI-Rt-Person,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1698
+-
+
+dn: CN=ms-DS-NC-Repl-Cursors,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-NCReplCursors
+adminDisplayName: ms-DS-NC-Repl-Cursors
+adminDescription: ms-DS-NC-Repl-Cursors
+attributeId: 1.2.840.113556.1.4.1704
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 5HwWiuj560eNePf+gKuyzA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 20
+
+dn: CN=ms-DS-Filter-Containers,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-FilterContainers
+adminDisplayName: ms-DS-Filter-Containers
+adminDescription: ms-DS-Filter-Containers
+attributeId: 1.2.840.113556.1.4.1703
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+schemaIdGuid:: 39wA+zesOkicEqxTpmAwMw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Repl-Value-Meta-Data,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ReplValueMetaData
+adminDisplayName: ms-DS-Repl-Value-Meta-Data
+adminDescription: ms-DS-Repl-Value-Meta-Data
+attributeId: 1.2.840.113556.1.4.1708
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: RYFcL73hC0GJV4v6gdWs/Q==
+showInAdvancedViewOnly: TRUE
+systemFlags: 20
+
+dn: CN=ms-DS-Repl-Attribute-Meta-Data,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ReplAttributeMetaData
+adminDisplayName: ms-DS-Repl-Attribute-Meta-Data
+adminDescription: ms-DS-Repl-Attribute-Meta-Data
+attributeId: 1.2.840.113556.1.4.1707
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: QjLF105yOUydTC34ydZseg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 20
+
+dn: CN=ms-DS-NC-Repl-Inbound-Neighbors,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-NCReplInboundNeighbors
+adminDisplayName: ms-DS-NC-Repl-Inbound-Neighbors
+adminDescription: ms-DS-NC-Repl-Inbound-Neighbors
+attributeId: 1.2.840.113556.1.4.1705
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: Wqjbnp4+G0ObGqW26e2nlg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 20
+
+dn: CN=ms-DS-NC-Repl-Outbound-Neighbors,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-NCReplOutboundNeighbors
+adminDisplayName: ms-DS-NC-Repl-Outbound-Neighbors
+adminDescription: ms-DS-NC-Repl-Outbound-Neighbors
+attributeId: 1.2.840.113556.1.4.1706
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 9S5fhcWhxEy6bTJSKEi2Hw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 20
+
+dn: CN=ms-DS-Has-Instantiated-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-HasInstantiatedNCs
+adminDisplayName: ms-DS-Has-Instantiated-NCs
+adminDescription: DS replication information detailing the state of the NCs present on a particular server.
+attributeId: 1.2.840.113556.1.4.1709
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 4
+rangeUpper: 4
+omObjectClass:: KoZIhvcUAQEBCw==
+schemaIdGuid:: vKXpERdFSUCvnFFVT7D8CQ==
+linkID: 2002
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Allowed-DNS-Suffixes,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-AllowedDNSSuffixes
+adminDisplayName: ms-DS-Allowed-DNS-Suffixes
+adminDescription: Allowed suffixes for dNSHostName on computer
+attributeId: 1.2.840.113556.1.4.1710
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+schemaIdGuid:: G0RphMSaRU6CBb0hnb9nLQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=Country-Code,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: rangeLower
+rangeLower: 0
+-
+add: rangeUpper
+rangeUpper: 65535
+-
+
+dn: CN=ms-DS-SD-Reference-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-SDReferenceDomain
+adminDisplayName: ms-DS-SD-Reference-Domain
+adminDescription: The domain to be used for default security descriptor translation for a Non-Domain Naming Context.
+attributeId: 1.2.840.113556.1.4.1711
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: FuNRTCj2pUOwa/+2lfy08w==
+linkID: 2000
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+# Load the schema cache to pick up new attributes
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1704
+systemMayContain: 1.2.840.113556.1.4.1705
+systemMayContain: 1.2.840.113556.1.4.1706
+systemMayContain: 1.2.840.113556.1.4.1707
+systemMayContain: 1.2.840.113556.1.4.1708
+-
+
+dn: CN=DS-UI-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1703
+-
+
+dn: CN=NTDS-DSA,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1709
+-
+
+dn: CN=Domain-DNS,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1710
+-
+
+dn: CN=Cross-Ref,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1711
+-
+
+# Reload the schema cache to pick up altered classes and attributes
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+# Config NC changes
+
+dn: CN=SAM-Enumerate-Entire-Domain,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+ShowInAdvancedViewOnly: TRUE
+appliesTo: bf967aad-0de6-11d0-a285-00aa003049e2
+displayName: Enumerate Entire SAM Domain
+localizationDisplayId: 57
+rightsGUID: 91d67418-0135-4acc-8d79-c08e857cfbec
+validAccesses: 256
+
+dn: CN=Generate-RSoP-Logging,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+ShowInAdvancedViewOnly: TRUE
+appliesTo: bf967aa5-0de6-11d0-a285-00aa003049e2
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+displayName: Generate Resultant Set of Policy (Logging)
+localizationDisplayId: 58
+rightsGUID: b7b1b3de-ab09-4242-9e30-9980e5d322f7
+validAccesses: 256
+
+dn: CN=Generate-RSoP,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemFlags
+systemFlags: 1073741824
+-
+
+dn: CN=Generate-RSoP,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModRdn
+newrdn: Generate-RSoP-Planning
+deleteoldrdn: 1
+
+dn: CN=Generate-RSoP-Planning,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemFlags
+-
+
+dn: CN=Generate-RSoP-Planning,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: displayName
+displayName: Generate Resultant Set of Policy (Planning)
+-
+
+# Increase object version
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 16
+-
+
+```
+
+### Sch17.ldf
+
+```
+
+# Schema NC changes
+
+dn: CN=Repl-Property-Meta-Data,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 27
+-
+
+dn: CN=ms-DS-Entry-Time-To-Die,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 24
+-
+
+dn: CN=NT-Security-Descriptor,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 26
+-
+
+dn: CN=ms-PKI-OID-LocalizedName,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msPKI-OIDLocalizedName
+adminDisplayName: ms-PKI-OID-LocalizedName
+adminDescription: ms-PKI-OID-LocalizedName
+attributeId: 1.2.840.113556.1.4.1712
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 512
+schemaIdGuid:: FqhZfQW7ckqXH1wTMfZ1WQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MSMQ-Secured-Source,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: MSMQ-SecuredSource
+adminDisplayName: MSMQ-Secured-Source
+adminDescription: MSMQ-Secured-Source
+attributeId: 1.2.840.113556.1.4.1713
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: GyLwiwZ6Y02R8BSZlBgT0w==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MSMQ-Multicast-Address,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: MSMQ-MulticastAddress
+adminDisplayName: MSMQ-Multicast-Address
+adminDescription: MSMQ-Multicast-Address
+attributeId: 1.2.840.113556.1.4.1714
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 9
+schemaIdGuid:: EkQvHQ3xN0ObSG5bElzSZQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-SPN-Suffixes,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-SPNSuffixes
+adminDisplayName: ms-DS-SPN-Suffixes
+adminDescription: ms-DS-SPN-Suffixes
+attributeId: 1.2.840.113556.1.4.1715
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 255
+schemaIdGuid:: 6+GeeI6MTE6M7HmzG3YXtQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Has-Instantiated-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: linkID
+linkID: 2002
+-
+
+dn: CN=ms-DS-IntId,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-IntId
+adminDisplayName: ms-DS-IntId
+adminDescription: ms-DS-IntId
+attributeId: 1.2.840.113556.1.4.1716
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 8
+schemaIdGuid:: aglgvEcbMEuId2Ask/VlMg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+
+dn: CN=Invocation-Id,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 1
+-
+
+# Load the schema cache to pick up new attributes
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=ms-PKI-Private-Key-Recovery-Agent,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msPKI-PrivateKeyRecoveryAgent
+adminDisplayName: ms-PKI-Private-Key-Recovery-Agent
+adminDescription: ms-PKI-Private-Key-Recovery-Agent
+governsId: 1.2.840.113556.1.5.223
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 2.5.4.36
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: MqZiFblEfkqi0+QmyWo6zA==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-PKI-Private-Key-Recovery-Agent,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-PKI-Enterprise-Oid,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1712
+-
+
+
+dn: CN=MSMQ-Queue,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1713
+systemMayContain: 1.2.840.113556.1.4.1714
+-
+
+dn: CN=MSMQ-Custom-Recipient,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultHidingValue
+defaultHidingValue: FALSE
+-
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1695
+-
+delete: systemMustContain
+systemMustContain: 1.2.840.113556.1.4.1695
+-
+add: systemPossSuperiors
+systemPossSuperiors: 1.2.840.113556.1.5.67
+systemPossSuperiors: 1.2.840.113556.1.3.23
+-
+
+dn: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1715
+-
+
+dn: CN=DMD,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1440
+systemMayContain: 1.2.840.113556.1.4.1716
+-
+
+dn: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1716
+-
+
+dn: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1716
+-
+
+# Reload the schema cache to pick up altered classes and attributes
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+# Config NC changes
+
+# Increase object version
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 17
+-
+
+```
+
+### Sch18.ldf
+
+```
+dn: CN=ms-Exch-Assistant-Name,CN=Schema,CN=Configuration,DC=X
+changetype: NtdsSchemaAdd
+adminDescription: ms-Exch-Assistant-Name
+adminDisplayName: ms-Exch-Assistant-Name
+attributeID: 1.2.840.113556.1.2.444
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+lDAPDisplayName: msExchAssistantName
+mapiId: 14896
+oMSyntax: 64
+objectClass: attributeSchema
+rangeLower: 1
+rangeUpper: 256
+schemaIdGuid:: lHPfqOrF0RG7ywCAx2ZwwA==
+searchFlags: 0
+
+dn: CN=ms-Exch-LabeledURI,CN=Schema,CN=Configuration,DC=X
+changetype: NtdsSchemaAdd
+adminDescription: ms-Exch-LabeledURI
+adminDisplayName: ms-Exch-LabeledURI
+attributeID: 1.2.840.113556.1.2.593
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+lDAPDisplayName: msExchLabeledURI
+mapiId: 35921
+name: ms-Exch-LabeledURI
+oMSyntax: 64
+objectClass: attributeSchema
+rangeLower: 1
+rangeUpper: 1024
+schemaIdGuid:: IFh3FvNH0RGpwwAA+ANnwQ==
+searchFlags: 0
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+# change the LDN of Exchange schema objects
+
+dn: CN=ms-Exch-Assistant-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: lDAPDisplayName
+lDAPDisplayName: msExchAssistantName
+-
+
+dn: CN=ms-Exch-LabeledURI,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: lDAPDisplayName
+lDAPDisplayName: msExchLabeledURI
+-
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+# Schema NC changes
+
+dn: CN=uid,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: uid
+adminDisplayName: uid
+adminDescription: A user ID.
+attributeId: 0.9.2342.19200300.100.1.1
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 8
+schemaIdGuid:: oPywC4ken0KQGhQTiU2fWQ==
+attributeSecurityGuid:: Qi+6WaJ50BGQIADAT8LTzw==
+showInAdvancedViewOnly: FALSE
+systemFlags: 0
+
+dn: CN=audio,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: audio
+adminDisplayName: audio
+adminDescription: The Audio attribute type allows the storing of sounds in the Directory.
+attributeId: 0.9.2342.19200300.100.1.55
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 250000
+schemaIdGuid:: JNLh0KDhzkKi2nk7pSRPNQ==
+showInAdvancedViewOnly: FALSE
+systemFlags: 0
+
+dn: CN=photo,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: photo
+adminDisplayName: photo
+adminDescription: An object encoded in G3 fax as explained in recommendation T.4, with an ASN.1 wrapper to make it compatible with an X.400 BodyPart as defined in X.420.
+attributeId: 0.9.2342.19200300.100.1.7
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: aJeXnBq6CEyWMsalwe1kmg==
+showInAdvancedViewOnly: FALSE
+systemFlags: 0
+
+dn: CN=jpegPhoto,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: jpegPhoto
+adminDisplayName: jpegPhoto
+adminDescription: Used to store one or more images of a person using the JPEG File Interchange Format [JFIF].
+attributeId: 0.9.2342.19200300.100.1.60
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: cgXIusQJqU+a5nYo162+Dg==
+showInAdvancedViewOnly: FALSE
+systemFlags: 0
+
+dn: CN=secretary,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: secretary
+adminDisplayName: secretary
+adminDescription: Specifies the secretary of a person.
+attributeId: 0.9.2342.19200300.100.1.21
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: mi0HAa2YU0qXROg+KHJ4+w==
+showInAdvancedViewOnly: FALSE
+systemFlags: 0
+
+dn: CN=userPKCS12,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: userPKCS12
+adminDisplayName: userPKCS12
+adminDescription: PKCS #12 PFX PDU for exchange of personal identity information.
+attributeId: 2.16.840.1.113730.3.1.216
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: tYqZI/hwB0CkwahKODEfmg==
+showInAdvancedViewOnly: FALSE
+systemFlags: 0
+
+dn: CN=carLicense,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: carLicense
+adminDisplayName: carLicense
+adminDescription: Vehicle license or registration plate.
+attributeId: 2.16.840.1.113730.3.1.1
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: kpwV1H2Vh0qKZ40pNOAWSQ==
+showInAdvancedViewOnly: FALSE
+systemFlags: 0
+
+dn: CN=labeledURI,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: labeledURI
+adminDisplayName: labeledURI
+adminDescription: A Uniform Resource Identifier followed by a label. The label is used to describe the resource to which the URI points, and is intended as a friendly name fit for human consumption.
+attributeId: 1.3.6.1.4.1.250.1.57
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: RrtpxYDGvESic+bCJ9cbRQ==
+showInAdvancedViewOnly: FALSE
+systemFlags: 0
+
+dn: CN=roomNumber,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: roomNumber
+adminDisplayName: roomNumber
+adminDescription: The room number of an object.
+attributeId: 0.9.2342.19200300.100.1.6
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: wvjXgSfjDUqRxrQtQAkRXw==
+showInAdvancedViewOnly: FALSE
+systemFlags: 0
+
+dn: CN=uniqueMember,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: uniqueMember
+adminDisplayName: uniqueMember
+adminDescription: The distinguished name for the member of a group. Used by groupOfUniqueNames.
+attributeId: 2.5.4.50
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: JoeIjwr410Sx7sud8hOSyA==
+showInAdvancedViewOnly: FALSE
+systemFlags: 0
+
+dn: CN=departmentNumber,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: departmentNumber
+adminDisplayName: departmentNumber
+adminDescription: Identifies a department within an organization.
+attributeId: 2.16.840.1.113730.3.1.2
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 7vaevsfLIk+ye5aWfn7lhQ==
+showInAdvancedViewOnly: FALSE
+systemFlags: 0
+
+dn: CN=unstructuredName,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: unstructuredName
+adminDisplayName: unstructuredName
+adminDescription: The DNS name of the router. For example, router1.microsoft.com. PKCS #9
+attributeId: 1.2.840.113549.1.9.2
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 256
+schemaIdGuid:: d/GOnM9ByUWWc3cWwMiQGw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 0
+
+dn: CN=preferredLanguage,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: preferredLanguage
+adminDisplayName: preferredLanguage
+adminDescription: The preferred written or spoken language for a person.
+attributeId: 2.16.840.1.113730.3.1.39
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 0OBrhecY4UaPX37k2QIODQ==
+showInAdvancedViewOnly: FALSE
+systemFlags: 0
+
+dn: CN=x500uniqueIdentifier,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: x500uniqueIdentifier
+adminDisplayName: x500uniqueIdentifier
+adminDescription: Used to distinguish between objects when a distinguished name has been reused.  This is a different attribute type from both the "uid" and "uniqueIdentifier" types.
+attributeId: 2.5.4.45
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: H6F90D2KtkKwqnbJYr5xmg==
+showInAdvancedViewOnly: FALSE
+systemFlags: 0
+
+dn: CN=unstructuredAddress,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: unstructuredAddress
+adminDisplayName: unstructuredAddress
+adminDescription: The IP address of the router. For example, 100.11.22.33. PKCS #9
+attributeId: 1.2.840.113549.1.9.8
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 256
+schemaIdGuid:: OQiVUEzMkUSGOvz5QtaEtw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 0
+
+dn: CN=attributeCertificateAttribute,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: attributeCertificateAttribute
+adminDisplayName: attributeCertificateAttribute
+adminDescription: A digitally signed or certified identity and set of attributes. Used to bind authorization information to an identity. X.509
+attributeId: 2.5.4.58
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: u5NG+sJ7uUyBqMmcQ7eQXg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 0
+
+
+# Load the schema cache to pick up new attributes
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=inetOrgPerson,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: inetOrgPerson
+adminDisplayName: inetOrgPerson
+adminDescription: Represents people who are associated with an organization in some way.
+governsId: 2.16.840.1.113730.3.2.2
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.5.9
+systemMayContain: 2.5.4.45
+systemMayContain: 2.16.840.1.113730.3.140
+systemMayContain: 2.16.840.1.113730.3.1.216
+systemMayContain: 2.5.4.36
+systemMayContain: 0.9.2342.19200300.100.1.1
+systemMayContain: 0.9.2342.19200300.100.1.21
+systemMayContain: 0.9.2342.19200300.100.1.6
+systemMayContain: 2.16.840.1.113730.3.1.39
+systemMayContain: 0.9.2342.19200300.100.1.7
+systemMayContain: 0.9.2342.19200300.100.1.42
+systemMayContain: 2.5.4.10
+systemMayContain: 0.9.2342.19200300.100.1.41
+systemMayContain: 0.9.2342.19200300.100.1.10
+systemMayContain: 0.9.2342.19200300.100.1.3
+systemMayContain: 1.3.6.1.4.1.250.1.57
+systemMayContain: 0.9.2342.19200300.100.1.60
+systemMayContain: 2.5.4.43
+systemMayContain: 1.2.840.113556.1.2.617
+systemMayContain: 0.9.2342.19200300.100.1.20
+systemMayContain: 2.5.4.42
+systemMayContain: 1.2.840.113556.1.2.613
+systemMayContain: 1.2.840.113556.1.2.610
+systemMayContain: 1.2.840.113556.1.2.13
+systemMayContain: 2.16.840.1.113730.3.1.2
+systemMayContain: 2.16.840.1.113730.3.1.1
+systemMayContain: 2.5.4.15
+systemMayContain: 0.9.2342.19200300.100.1.55
+systemPossSuperiors: 1.2.840.113556.1.5.67
+systemPossSuperiors: 2.5.6.5
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: FMwoSDcUvEWbB61vAV5fKA==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)
+showInAdvancedViewOnly: FALSE
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,DC=X
+systemFlags: 0
+
+dn: CN=groupOfUniqueNames,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: groupOfUniqueNames
+adminDisplayName: groupOfUniqueNames
+adminDescription: Defines the entries for a group of unique names.
+governsId: 2.5.6.17
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 2.5.4.50
+systemMustContain: 2.5.4.3
+systemMayContain: 2.5.4.34
+systemMayContain: 2.5.4.32
+systemMayContain: 2.5.4.11
+systemMayContain: 2.5.4.10
+systemMayContain: 2.5.4.13
+systemMayContain: 2.5.4.15
+systemPossSuperiors: 1.2.840.113556.1.5.67
+systemPossSuperiors: 2.5.6.5
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: EakQA6OTIU6no1XYWrLEiw==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)
+showInAdvancedViewOnly: FALSE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=groupOfUniqueNames,CN=Schema,CN=Configuration,DC=X
+systemFlags: 0
+
+
+dn: CN=Person,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 2.5.4.5
+systemMayContain: 2.5.4.58
+-
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.13
+systemMayContain: 1.2.840.113556.1.2.610
+systemMayContain: 1.2.840.113556.1.2.613
+systemMayContain: 1.2.840.113556.1.2.617
+systemMayContain: 2.5.4.10
+systemMayContain: 2.5.4.15
+systemMayContain: 2.5.4.42
+systemMayContain: 2.5.4.43
+systemMayContain: 2.5.4.45
+systemMayContain: 0.9.2342.19200300.100.1.1
+systemMayContain: 0.9.2342.19200300.100.1.3
+systemMayContain: 0.9.2342.19200300.100.1.6
+systemMayContain: 0.9.2342.19200300.100.1.7
+systemMayContain: 0.9.2342.19200300.100.1.10
+systemMayContain: 0.9.2342.19200300.100.1.20
+systemMayContain: 0.9.2342.19200300.100.1.21
+systemMayContain: 0.9.2342.19200300.100.1.41
+systemMayContain: 0.9.2342.19200300.100.1.42
+systemMayContain: 0.9.2342.19200300.100.1.55
+systemMayContain: 0.9.2342.19200300.100.1.60
+systemMayContain: 2.16.840.1.113730.3.1.1
+systemMayContain: 2.16.840.1.113730.3.1.2
+systemMayContain: 2.16.840.1.113730.3.1.39
+systemMayContain: 2.16.840.1.113730.3.1.216
+systemMayContain: 1.3.6.1.4.1.250.1.57
+systemMayContain: 2.16.840.1.113730.3.140
+-
+
+dn: CN=Mail-Recipient,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.2.444
+mayContain: 1.2.840.113556.1.2.593
+mayContain: 1.3.6.1.4.1.250.1.57
+mayContain: 0.9.2342.19200300.100.1.21
+-
+
+# Reload the schema cache to pick up altered classes and attributes
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=Mail-Recipient,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.3.6.1.4.1.250.1.57
+mayContain: 0.9.2342.19200300.100.1.21
+-
+
+# Reload the schema cache to pick up altered classes and attributes
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+# Config NC changes
+
+
+# Increase object version
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 18
+-
+
+```
+
+### Sch19.ldf
+
+```
+
+# attributes
+
+dn: CN=ms-DS-Auxiliary-Classes,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 20
+-
+
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+
+# class changes
+
+dn: CN=groupOfUniqueNames,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)
+-
+
+
+dn: CN=Force-Logoff,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGuid:: 0J8RuPYEYkerekmGx2s/mg==
+-
+
+dn: CN=OEM-Information,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGuid:: 0J8RuPYEYkerekmGx2s/mg==
+-
+
+dn: CN=Server-State,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGuid:: 0J8RuPYEYkerekmGx2s/mg==
+-
+
+dn: CN=UAS-Compat,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGuid:: 0J8RuPYEYkerekmGx2s/mg==
+-
+
+dn: CN=Server-Role,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGuid:: 0J8RuPYEYkerekmGx2s/mg==
+-
+
+dn: CN=Domain-Replica,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGuid:: 0J8RuPYEYkerekmGx2s/mg==
+-
+
+dn: CN=Modified-Count,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGuid:: 0J8RuPYEYkerekmGx2s/mg==
+-
+
+
+# Reload the schema cache to pick up altered classes and attributes
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+# Config NC changes
+dn: CN=Domain-Other-Parameters,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+ShowInAdvancedViewOnly: TRUE
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+displayName: Other Domain Parameters (for use by SAM)
+localizationDisplayId: 59
+rightsGUID: b8119fd0-04f6-4762-ab7a-4986c76b3f9a
+validAccesses: 48
+
+dn: CN=Email-Information,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: appliesTo
+appliesTo: 4828CC14-1437-45bc-9B07-AD6F015E5F28
+-
+
+dn: CN=General-Information,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: appliesTo
+appliesTo: 4828CC14-1437-45bc-9B07-AD6F015E5F28
+-
+
+dn: CN=Membership,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: appliesTo
+appliesTo: 4828CC14-1437-45bc-9B07-AD6F015E5F28
+-
+
+dn: CN=Personal-Information,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: appliesTo
+appliesTo: 4828CC14-1437-45bc-9B07-AD6F015E5F28
+-
+
+dn: CN=Public-Information,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: appliesTo
+appliesTo: 4828CC14-1437-45bc-9B07-AD6F015E5F28
+-
+
+dn: CN=RAS-Information,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: appliesTo
+appliesTo: 4828CC14-1437-45bc-9B07-AD6F015E5F28
+-
+
+dn: CN=Receive-As,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: appliesTo
+appliesTo: 4828CC14-1437-45bc-9B07-AD6F015E5F28
+-
+
+dn: CN=Send-As,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: appliesTo
+appliesTo: 4828CC14-1437-45bc-9B07-AD6F015E5F28
+-
+
+dn: CN=User-Account-Restrictions,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: appliesTo
+appliesTo: 4828CC14-1437-45bc-9B07-AD6F015E5F28
+-
+
+dn: CN=User-Change-Password,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: appliesTo
+appliesTo: 4828CC14-1437-45bc-9B07-AD6F015E5F28
+-
+
+dn: CN=User-Force-Change-Password,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: appliesTo
+appliesTo: 4828CC14-1437-45bc-9B07-AD6F015E5F28
+-
+
+dn: CN=User-Logon,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: appliesTo
+appliesTo: 4828CC14-1437-45bc-9B07-AD6F015E5F28
+-
+
+dn: CN=Web-Information,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: appliesTo
+appliesTo: 4828CC14-1437-45bc-9B07-AD6F015E5F28
+-
+
+dn: CN=Domain-Password,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: appliesTo
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+-
+
+# Increase object version
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 19
+-
+
+```
+
+### Sch20.ldf
+
+```
+
+# attributes
+
+dn: CN=ms-DS-DnsRootAlias,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-DnsRootAlias
+adminDisplayName: ms-DS-DnsRootAlias
+adminDescription: ms-DS-DnsRootAlias
+attributeId: 1.2.840.113556.1.4.1719
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 255
+schemaIdGuid:: yqxDIa3uKU21kYX6Sc6Rcw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-UpdateScript,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-UpdateScript
+adminDisplayName: ms-DS-UpdateScript
+adminDescription: ms-DS-UpdateScript
+attributeId: 1.2.840.113556.1.4.1721
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: ObZuFJ+7wU+oJeKeAMd5IA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-ReplicationEpoch,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ReplicationEpoch
+adminDisplayName: ms-DS-ReplicationEpoch
+adminDescription: ms-DS-ReplicationEpoch
+attributeId: 1.2.840.113556.1.4.1720
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: earjCBzrtUWve4+UJGyOQQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 17
+
+dn: CN=ms-DS-Additional-Dns-Host-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-AdditionalDnsHostName
+adminDisplayName: ms-DS-Additional-Dns-Host-Name
+adminDescription: ms-DS-Additional-Dns-Host-Name
+attributeId: 1.2.840.113556.1.4.1717
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+schemaIdGuid:: kTeGgOnbuE6Dfn8KtV2axw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Additional-Sam-Account-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-AdditionalSamAccountName
+adminDisplayName: ms-DS-Additional-Sam-Account-Name
+adminDescription: ms-DS-Additional-Sam-Account-Name
+attributeId: 1.2.840.113556.1.4.1718
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 13
+rangeLower: 0
+rangeUpper: 256
+schemaIdGuid:: 33FVl9WkmkKfWc3GWB2R5g==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=Hide-From-AB,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: hideFromAB
+adminDisplayName: Hide-From-AB
+adminDescription: Hide-From-AB
+attributeId: 1.2.840.113556.1.4.1780
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: ULcF7Hep/k6OjbpsGm4zqA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 0
+
+dn: CN=ms-DS-ExecuteScriptPassword,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ExecuteScriptPassword
+adminDisplayName: ms-DS-ExecuteScriptPassword
+adminDescription: ms-DS-ExecuteScriptPassword
+attributeId: 1.2.840.113556.1.4.1783
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 64
+schemaIdGuid:: WkoFnYfRwUadhULfxEpW3Q==
+showInAdvancedViewOnly: TRUE
+systemFlags: 17
+
+
+dn: CN=preferredLanguage,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: ldapDisplayName
+ldapDisplayName: preferredLanguage
+-
+replace: adminDisplayName
+adminDisplayName: preferredLanguage
+-
+
+dn: CN=Code-Page,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: rangeLower
+rangeLower: 0
+-
+replace: rangeUpper
+rangeUpper: 65535
+-
+
+
+# Reload the schema cache to pick up altered classes and attributes
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+# class changes
+
+
+dn: CN=Cross-Ref,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1719
+-
+
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1717
+systemMayContain: 1.2.840.113556.1.4.1718
+-
+
+dn: CN=NTDS-DSA,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1720
+-
+
+dn: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1721
+systemMayContain: 1.2.840.113556.1.4.1783
+-
+
+dn: CN=ms-TAPI-Rt-Conference,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+-
+
+dn: CN=ms-TAPI-Rt-Person,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultSecurityDescriptor
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+-
+
+# Reload the schema cache to pick up altered classes and attributes
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+# change objects in configuration container
+
+dn: CN=Abandon-Replication,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaDelete
+
+
+# Increase object version
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 20
+-
+
+```
+
+### Sch21.ldf
+
+```
+# attributes
+
+dn: CN=ms-DS-Logon-Time-Sync-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-LogonTimeSyncInterval
+adminDisplayName: ms-DS-Logon-Time-Sync-Interval
+adminDescription: ms-DS-Logon-Time-Sync-Interval
+attributeId: 1.2.840.113556.1.4.1784
+attributeSyntax: 2.5.5.9
+oMSyntax: 2
+rangeLower: 0
+isSingleValued: TRUE
+searchFlags: 0
+systemOnly: FALSE
+showInAdvancedViewOnly: TRUE
+schemaIdGuid:: +EB5rTrkQkqDvNaI5Z6mBQ==
+systemFlags: 16
+
+dn: CN=ms-DS-Allowed-To-Delegate-To,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+lDAPDisplayName: msDS-AllowedToDelegateTo
+adminDisplayName: ms-DS-Allowed-To-Delegate-To
+adminDescription: Allowed-To-Delegate-To contains a list of SPNs that are used for Constrained Delegation
+attributeId: 1.2.840.113556.1.4.1787
+attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
+attributeSyntax: 2.5.5.12
+oMSyntax: 64
+isSingleValued: FALSE
+searchFlags: 0
+systemOnly: FALSE
+showInAdvancedViewOnly: TRUE
+schemaIdGuid:: 15QNgKG3oUKxTXyuFCPQfw==
+systemFlags: 16
+
+dn: CN=ms-IIS-FTP-Root,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+adminDescription: Virtual FTP Root where user home directory resides.
+adminDisplayName: ms-IIS-FTP-Root
+attributeID: 1.2.840.113556.1.4.1785
+attributeSyntax: 2.5.5.12
+instanceType: 4
+isSingleValued: TRUE
+lDAPDisplayName: msIIS-FTPRoot
+objectClass: attributeSchema
+oMSyntax: 64
+rangeLower: 1
+rangeUpper: 256
+searchFlags: 0
+showInAdvancedViewOnly: TRUE
+schemaIdGuid:: pCd4KoMUpUmdhFLjgSFWtA==
+systemOnly: FALSE
+systemFlags: 16
+
+dn: CN=ms-IIS-FTP-Dir,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaadd
+adminDescription: Relative user directory on an FTP Root share.
+adminDisplayName: ms-IIS-FTP-Dir
+attributeID: 1.2.840.113556.1.4.1786
+attributeSyntax: 2.5.5.12
+instanceType: 4
+isSingleValued: TRUE
+lDAPDisplayName: msIIS-FTPDir
+objectClass: attributeSchema
+oMSyntax: 64
+rangeLower: 1
+rangeUpper: 256
+searchFlags: 0
+showInAdvancedViewOnly: TRUE
+schemaIdGuid:: 6ZlcijAi60a46OWdcS657g==
+systemOnly: FALSE
+systemFlags: 16
+
+dn: CN=dhcp-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: extendedCharsAllowed
+extendedCharsAllowed: TRUE
+-
+
+dn: CN=Extended-Chars-Allowed,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemOnly
+systemOnly: FALSE
+-
+
+# Reload the schema cache to pick up altered classes and attributes
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+# classes
+
+dn: CN=Cross-Ref,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.357
+-
+
+dn: CN=Sam-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1784
+-
+
+dn: CN=Organizational-Person,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1787
+-
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1785
+-
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1786
+-
+
+
+# Reload the schema cache to pick up altered classes and attributes
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+# change objects in configuration container
+
+
+# Increase object version
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 21
+-
+
+```
+
+### Sch22.ldf
+
+```
+# attributes
+dn: CN=uid,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 0
+-
+
+dn: CN=audio,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 0
+-
+
+dn: CN=photo,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 0
+-
+
+dn: CN=jpegPhoto,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 0
+-
+
+dn: CN=userPKCS12,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 0
+-
+
+dn: CN=carLicense,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 0
+-
+
+dn: CN=roomNumber,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 0
+-
+
+dn: CN=uniqueMember,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 0
+-
+
+dn: CN=departmentNumber,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 0
+-
+
+dn: CN=unstructuredName,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 0
+-
+
+dn: CN=preferredLanguage,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 0
+-
+
+dn: CN=x500uniqueIdentifier,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 0
+-
+
+dn: CN=unstructuredAddress,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 0
+-
+
+dn: CN=attributeCertificateAttribute,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 0
+-
+
+dn: CN=DNS-Host-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGuid:: R5Xjchh70RGt7wDAT9jVzQ==
+-
+
+dn: CN=ms-DS-Additional-Dns-host-name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGuid:: R5Xjchh70RGt7wDAT9jVzQ==
+-
+
+dn: CN=MS-DS-Per-User-Trust-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-PerUserTrustQuota
+adminDisplayName: MS-DS-Per-User-Trust-Quota
+adminDescription: Used to enforce a per-user quota for creating Trusted-Domain objects authorized by the control access right, "Create inbound Forest trust". This attribute limits the number of Trusted-Domain objects that can be created by a single non-admin user in the domain.
+attributeId: 1.2.840.113556.1.4.1788
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 8K1h0STKk0mjqossmBMC6A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-DS-All-Users-Trust-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-AllUsersTrustQuota
+adminDisplayName: MS-DS-All-Users-Trust-Quota
+adminDescription: Used to enforce a combined users quota on the total number of Trusted-Domain objects created by using the control access right, "Create inbound Forest trust".
+attributeId: 1.2.840.113556.1.4.1789
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: XEqq0wNOEEiXqisznnpDSw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-DS-Per-User-Trust-Tombstones-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-PerUserTrustTombstonesQuota
+adminDisplayName: MS-DS-Per-User-Trust-Tombstones-Quota
+adminDescription: Used to enforce a per-user quota for deleting Trusted-Domain objects when authorization is based on matching the user's SID to the value of MS-DS-Creator-SID on the Trusted-Domain object.
+attributeId: 1.2.840.113556.1.4.1790
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: xqZwi/lQo0+nHhzgMEBEmw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+
+dn: CN=ms-DS-Logon-Time-Sync-Interval,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: rangeLower
+rangeLower: 0
+-
+
+# Reload the schema cache to pick up attributes
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+# classes
+
+dn: CN=inetOrgPerson,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 0
+-
+
+dn: CN=groupOfUniqueNames,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 0
+-
+
+dn: CN=Cross-Ref,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1459
+-
+
+dn: CN=Sam-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1788
+systemMayContain: 1.2.840.113556.1.4.1789
+systemMayContain: 1.2.840.113556.1.4.1790
+-
+
+dn: CN=Trusted-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1410
+-
+
+
+dn: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemPossSuperiors
+systemPossSuperiors: 2.5.6.2
+-
+
+dn: CN=Country,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemPossSuperiors
+systemPossSuperiors: 2.5.6.4
+systemPossSuperiors: 1.2.840.113556.1.5.67
+-
+replace: objectClassCategory
+objectClassCategory: 0
+-
+
+dn: CN=Person,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectClassCategory
+objectClassCategory: 0
+-
+
+dn: CN=Organizational-Person,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectClassCategory
+objectClassCategory: 0
+-
+
+dn: CN=Group-Of-Names,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectClassCategory
+objectClassCategory: 0
+-
+
+dn: CN=Device,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectClassCategory
+objectClassCategory: 0
+-
+
+dn: CN=Certification-Authority,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectClassCategory
+objectClassCategory: 0
+-
+
+
+# Reload the schema cache to pick up altered classes and attributes
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+# change objects in configuration container
+
+dn: CN=DNS-Host-Name-Attributes,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+ShowInAdvancedViewOnly: TRUE
+appliesTo: bf967a86-0de6-11d0-a285-00aa003049e2
+displayName: DNS Host Name Attributes
+localizationDisplayId: 60
+rightsGUID: 72e39547-7b18-11d1-adef-00c04fd8d5cd
+validAccesses: 48
+
+dn: CN=Create-Inbound-Forest-Trust,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+ShowInAdvancedViewOnly: TRUE
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+displayName: Create Inbound Forest Trust
+localizationDisplayId: 61
+rightsGUID: e2a36dc9-ae17-47c3-b58b-be34c55ba633
+validAccesses: 256
+
+
+dn: CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: wellKnownObjects
+wellKnownObjects: B:32:ab8153b7768811d1aded00c04fd8d5cd:CN=LostAndFound,CN=Configuration,DC=X
+-
+
+dn: CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: wellKnownObjects
+wellKnownObjects: B:32:ab8153b7768811d1aded00c04fd8d5cd:CN=LostAndFoundConfig,CN=Configuration,DC=X
+-
+
+# Increase object version
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 22
+-
+
+```
+
+### Sch23.ldf
+
+```
+# attributes
+
+dn: CN=Script-Path,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: attributeSecurityGuid
+attributeSecurityGuid:: ECAgX6V50BGQIADAT8LUzw==
+-
+
+dn: CN=User-Workstations,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: attributeSecurityGuid
+attributeSecurityGuid:: ECAgX6V50BGQIADAT8LUzw==
+-
+
+
+# Reload the schema cache to pick up attributes
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+# classes
+
+dn: CN=Country,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace:defaultHidingValue
+defaultHidingValue: TRUE
+-
+
+dn: CN=Person,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace:defaultHidingValue
+defaultHidingValue: TRUE
+-
+
+dn: CN=Organizational-Person,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace:defaultHidingValue
+defaultHidingValue: TRUE
+-
+
+dn: CN=Group-Of-Names,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace:defaultHidingValue
+defaultHidingValue: TRUE
+-
+
+
+# Reload the schema cache to pick up altered classes and attributes
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+# change objects in configuration container
+
+dn: CN=DS-Replication-Get-Changes-All,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+ShowInAdvancedViewOnly: TRUE
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+appliesTo: bf967a87-0de6-11d0-a285-00aa003049e2
+appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2
+displayName: Replicating Directory Changes All
+localizationDisplayId: 62
+rightsGUID: 1131f6ad-9c07-11d1-f79f-00c04fc2dcd2
+validAccesses: 256
+
+# Increase object version
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 23
+-
+
+```
+
+### Sch24.ldf
+
+```
+# attributes
+
+dn: CN=Employee-Number,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 0
+-
+
+dn: CN=Employee-Type,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 0
+-
+
+dn: CN=Address-Home,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 0
+-
+
+dn: CN=User-SMIME-Certificate,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemFlags
+systemFlags: 0
+-
+
+dn: CN=Lockout-Threshold,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: rangeUpper
+rangeUpper: 65535
+-
+
+dn: CN=ms-ds-dnsrootalias,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: rangeUpper
+rangeUpper: 255
+-
+
+dn: CN=ms-DS-Az-LDAP-Query,CN=Schema,CN=Configuration,DC=X
+changetype: NtdsSchemaAdd
+objectClass: attributeSchema
+attributeID: 1.2.840.113556.1.4.1792
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 4096
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Az-LDAP-Query
+adminDescription: ms-DS-Az-LDAP-Query
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDS-AzLDAPQuery
+schemaIDGUID:: izZTXpT8yEWdfdrzHucRLQ==
+systemOnly: FALSE
+systemFlags: 16
+
+
+dn: CN=ms-DS-Non-Members,CN=Schema,CN=Configuration,DC=X
+changetype: NtdsSchemaAdd
+objectClass: attributeSchema
+attributeID: 1.2.840.113556.1.4.1793
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2014
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Non-Members
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: ms-DS-Non-Members
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NonMembers
+schemaIDGUID:: 3rH8yjzytUat9x5klXvV2w==
+systemOnly: FALSE
+systemFlags: 16
+
+dn: CN=ms-DS-Non-Members-BL,CN=Schema,CN=Configuration,DC=X
+changetype: NtdsSchemaAdd
+objectClass: attributeSchema
+attributeID: 1.2.840.113556.1.4.1794
+attributeSyntax: 2.5.5.1
+isSingleValued: FALSE
+linkID: 2015
+showInAdvancedViewOnly: TRUE
+adminDisplayName: MS-DS-Non-Members-BL
+oMObjectClass:: KwwCh3McAIVK
+adminDescription: ms-DS-Non-Members-BL
+oMSyntax: 127
+searchFlags: 0
+lDAPDisplayName: msDS-NonMembersBL
+schemaIDGUID:: /GiMKno6h06HIP53xRy+dA==
+systemOnly: TRUE
+systemFlags: 16
+
+
+# Reload the schema cache to pick up attributes
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+# classes
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1794
+-
+
+dn: CN=Group,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1792
+systemMayContain: 1.2.840.113556.1.4.1793
+-
+
+
+# Reload the schema cache to pick up altered classes and attributes
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+# change objects in configuration container
+
+
+dn: CN=Migrate-SID-History,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+ShowInAdvancedViewOnly: TRUE
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+displayName:Migrate SID History
+localizationDisplayId: 63
+rightsGUID: BA33815A-4F93-4c76-87F3-57574BFF8109
+validAccesses: 256
+
+# Increase object version
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 24
+-
+
+```
+
+### Sch25.ldf
+
+```
+dn: CN=ms-DS-Az-Class-ID,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-AzClassId
+adminDisplayName: MS-DS-Az-Class-ID
+adminDescription: A class ID required by the AzRoles UI on the AzApplication object
+attributeId: 1.2.840.113556.1.4.1816
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 40
+schemaIdGuid:: d3I6AS1c70mn3rdls2o/bw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Az-Biz-Rule,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-AzBizRule
+adminDisplayName: MS-DS-Az-Biz-Rule
+adminDescription: Text of the script implementing the business rule
+attributeId: 1.2.840.113556.1.4.1801
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65536
+schemaIdGuid:: qB7UM8nAkkyUlPEEh4QT/Q==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Az-Scope-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-AzScopeName
+adminDisplayName: MS-DS-Az-Scope-Name
+adminDescription: A string that uniquely identifies a scope object
+attributeId: 1.2.840.113556.1.4.1799
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65536
+schemaIdGuid:: BmtaURcmc0GAmdVgXfBDxg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Az-Operation-ID,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-AzOperationID
+adminDisplayName: MS-DS-Az-Operation-ID
+adminDescription: Application specific ID that makes the operation unique to the application
+attributeId: 1.2.840.113556.1.4.1800
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+schemaIdGuid:: U7XzpXZdvky6P0MSFSyrGA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Tasks-For-Az-Role,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-TasksForAzRole
+adminDisplayName: MS-DS-Tasks-For-Az-Role
+adminDescription: List of tasks for Az-Role
+attributeId: 1.2.840.113556.1.4.1814
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: gpAxNUqMRkaThsKUnUmJTQ==
+linkID: 2024
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Tasks-For-Az-Task,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-TasksForAzTask
+adminDisplayName: MS-DS-Tasks-For-Az-Task
+adminDescription: List of tasks linked to Az-Task
+attributeId: 1.2.840.113556.1.4.1810
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: 4o4csc1fp0aV8PODM/CWzw==
+linkID: 2020
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Az-Domain-Timeout,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-AzDomainTimeout
+adminDisplayName: MS-DS-Az-Domain-Timeout
+adminDescription: Time (in ms) after a domain is detected to be un-reachable, and before the DC is tried again
+attributeId: 1.2.840.113556.1.4.1795
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+schemaIdGuid:: avVIZHDKLk6wr9IOTOZT0A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Az-Script-Timeout,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-AzScriptTimeout
+adminDisplayName: MS-DS-Az-Script-Timeout
+adminDescription: Maximum time (in ms) to wait for a script to finish auditing a specific policy
+attributeId: 1.2.840.113556.1.4.1797
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+schemaIdGuid:: QfvQh4ss9kG5chH9/VDWsA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Az-Generate-Audits,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-AzGenerateAudits
+adminDisplayName: MS-DS-Az-Generate-Audits
+adminDescription: A boolean field indicating if runtime audits need to be turned on (include audits for access checks, etc.)
+attributeId: 1.2.840.113556.1.4.1805
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: sLoK+WwYGES7hYhEfIciKg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Members-For-Az-Role,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-MembersForAzRole
+adminDisplayName: MS-DS-Members-For-Az-Role
+adminDescription: List of member application groups or users linked to Az-Role
+attributeId: 1.2.840.113556.1.4.1806
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: zeb3y6SFFEOJOYv+gFl4NQ==
+linkID: 2016
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-KeyVersionNumber,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-KeyVersionNumber
+adminDisplayName: ms-DS-KeyVersionNumber
+adminDescription: The Kerberos version number of the current key for this account. This is a constructed attribute.
+attributeId: 1.2.840.113556.1.4.1782
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+schemaIdGuid:: wOkjxbUzyEqJI7V7kn9C9g==
+showInAdvancedViewOnly: FALSE
+systemFlags: 20
+
+dn: CN=ms-DS-Az-Application-Data,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-AzApplicationData
+adminDisplayName: MS-DS-Az-Application-Data
+adminDescription: A string that is used by individual applications to store whatever information they may need to
+attributeId: 1.2.840.113556.1.4.1819
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+schemaIdGuid:: 6MM/UMYcGkaZo57uBPQCpw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Az-Application-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-AzApplicationName
+adminDisplayName: MS-DS-Az-Application-Name
+adminDescription: A string that uniquely identifies an application object
+attributeId: 1.2.840.113556.1.4.1798
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 512
+schemaIdGuid:: KAdb2whidkiDt5XT5WlSdQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Az-Biz-Rule-Language,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-AzBizRuleLanguage
+adminDisplayName: MS-DS-Az-Biz-Rule-Language
+adminDescription: Language that the business rule script is in (Jscript, VBScript)
+attributeId: 1.2.840.113556.1.4.1802
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 64
+schemaIdGuid:: VkuZUmwOB06qXO+df1oOJQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+
+dn: CN=ms-DS-Operations-For-Az-Role,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-OperationsForAzRole
+adminDisplayName: MS-DS-Operations-For-Az-Role
+adminDescription: List of operations linked to Az-Role
+attributeId: 1.2.840.113556.1.4.1812
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: vgH3k0z6tkO8L02+pxj/qw==
+linkID: 2022
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Operations-For-Az-Task,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-OperationsForAzTask
+adminDisplayName: MS-DS-Operations-For-Az-Task
+adminDescription: List of operations linked to Az-Task
+attributeId: 1.2.840.113556.1.4.1808
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: NrSsGp0uqUSSmM5N6+tuvw==
+linkID: 2018
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Az-Application-Version,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-AzApplicationVersion
+adminDisplayName: MS-DS-Az-Application-Version
+adminDescription: A version number to indicate that the AzApplication is updated
+attributeId: 1.2.840.113556.1.4.1817
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+schemaIdGuid:: IKGEccQ6rkeEj/4KsgeE1A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+
+dn: CN=ms-DS-Az-Script-Engine-Cache-Max,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-AzScriptEngineCacheMax
+adminDisplayName: MS-DS-Az-Script-Engine-Cache-Max
+adminDescription: Maximum number of scripts that are cached by the application
+attributeId: 1.2.840.113556.1.4.1796
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+schemaIdGuid:: avYpJpUf80uilo6de54wyA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Az-Task-Is-Role-Definition,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-AzTaskIsRoleDefinition
+adminDisplayName: MS-DS-Az-Task-Is-Role-Definition
+adminDescription: A Boolean field which indicates whether AzTask is a classic task or a role definition
+attributeId: 1.2.840.113556.1.4.1818
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: RIUHe4Js6U+HL/9IrSsuJg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Az-Last-Imported-Biz-Rule-Path,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-AzLastImportedBizRulePath
+adminDisplayName: MS-DS-Az-Last-Imported-Biz-Rule-Path
+adminDescription: Last imported business rule path
+attributeId: 1.2.840.113556.1.4.1803
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65536
+schemaIdGuid:: XMtaZpK7vE2MWbNjjqsJsw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=ms-DS-Tasks-For-Az-Role-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-TasksForAzRoleBL
+adminDisplayName: MS-DS-Tasks-For-Az-Role-BL
+adminDescription: Back-link from Az-Task to Az-Role object(s) linking to it
+attributeId: 1.2.840.113556.1.4.1815
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: NtXcoFhR/kKMQMAKetN5WQ==
+linkID: 2025
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Tasks-For-Az-Task-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-TasksForAzTaskBL
+adminDisplayName: MS-DS-Tasks-For-Az-Task-BL
+adminDescription: Back-link from Az-Task to the Az-Task object(s) linking to it
+attributeId: 1.2.840.113556.1.4.1811
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: Um5E3/q1okykLxP5ilJsjw==
+linkID: 2021
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Members-For-Az-Role-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-MembersForAzRoleBL
+adminDisplayName: MS-DS-Members-For-Az-Role-BL
+adminDescription: Back-link from member application group or user to Az-Role object(s) linking to it
+attributeId: 1.2.840.113556.1.4.1807
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: IM3s7OCniEaczwLs5eKH9Q==
+linkID: 2017
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Operations-For-Az-Role-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-OperationsForAzRoleBL
+adminDisplayName: MS-DS-Operations-For-Az-Role-BL
+adminDescription: Back-link from Az-Operation to Az-Role object(s) linking to it
+attributeId: 1.2.840.113556.1.4.1813
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: KGJb+DQ3JUW2tz87siCQLA==
+linkID: 2023
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Operations-For-Az-Task-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-OperationsForAzTaskBL
+adminDisplayName: MS-DS-Operations-For-Az-Task-BL
+adminDescription: Back-link from Az-Operation to Az-Task object(s) linking to it
+attributeId: 1.2.840.113556.1.4.1809
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: EdI3pjlX0U6JsoiXRUi8WQ==
+linkID: 2019
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=ms-DS-Az-Admin-Manager,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDS-AzAdminManager
+adminDisplayName: MS-DS-Az-Admin-Manager
+adminDescription: Root of Authorization Policy store instance
+governsId: 1.2.840.113556.1.5.234
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.1819
+systemMayContain: 1.2.840.113556.1.4.1805
+systemMayContain: 1.2.840.113556.1.4.1797
+systemMayContain: 1.2.840.113556.1.4.1796
+systemMayContain: 1.2.840.113556.1.4.1795
+systemMayContain: 2.5.4.13
+systemPossSuperiors: 1.2.840.113556.1.5.67
+systemPossSuperiors: 2.5.6.5
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: URDuzyhfrkuoY10MwYqO0Q==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Az-Admin-Manager,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-DS-Az-Application,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDS-AzApplication
+adminDisplayName: MS-DS-Az-Application
+adminDescription: Defines an installed instance of an application bound to a particular policy store.
+governsId: 1.2.840.113556.1.5.235
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.1819
+systemMayContain: 1.2.840.113556.1.4.1805
+systemMayContain: 1.2.840.113556.1.4.1817
+systemMayContain: 1.2.840.113556.1.4.1816
+systemMayContain: 1.2.840.113556.1.4.1798
+systemMayContain: 2.5.4.13
+systemPossSuperiors: 1.2.840.113556.1.5.234
+schemaIdGuid:: m9743aXLEk6ELijYtm917A==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Az-Application,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-DS-Az-Scope,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDS-AzScope
+adminDisplayName: MS-DS-Az-Scope
+adminDescription: Describes a set of objects managed by an application
+governsId: 1.2.840.113556.1.5.237
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 1.2.840.113556.1.4.1799
+systemMayContain: 1.2.840.113556.1.4.1819
+systemMayContain: 2.5.4.13
+systemPossSuperiors: 1.2.840.113556.1.5.235
+schemaIdGuid:: VODqT1XOu0eGDlsSBjpR3g==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Az-Scope,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-DS-Az-Operation,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDS-AzOperation
+adminDisplayName: MS-DS-Az-Operation
+adminDescription: Describes a particular operation supported by an application
+governsId: 1.2.840.113556.1.5.236
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 1.2.840.113556.1.4.1800
+systemMayContain: 1.2.840.113556.1.4.1819
+systemMayContain: 2.5.4.13
+systemPossSuperiors: 1.2.840.113556.1.5.235
+schemaIdGuid:: N74KhpuapE+z0ris5d+exQ==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Az-Operation,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-DS-Az-Task,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDS-AzTask
+adminDisplayName: MS-DS-Az-Task
+adminDescription: Describes a set of operations
+governsId: 1.2.840.113556.1.5.238
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.1810
+systemMayContain: 1.2.840.113556.1.4.1808
+systemMayContain: 1.2.840.113556.1.4.1819
+systemMayContain: 1.2.840.113556.1.4.1818
+systemMayContain: 1.2.840.113556.1.4.1803
+systemMayContain: 1.2.840.113556.1.4.1802
+systemMayContain: 1.2.840.113556.1.4.1801
+systemMayContain: 2.5.4.13
+systemPossSuperiors: 1.2.840.113556.1.5.237
+systemPossSuperiors: 1.2.840.113556.1.5.235
+schemaIdGuid:: c6TTHhubikG/oDo3uVpTBg==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Az-Task,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-DS-Az-Role,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDS-AzRole
+adminDisplayName: MS-DS-Az-Role
+adminDescription: Defines a set of operations that can be performed by a particular set of users within a particular scope
+governsId: 1.2.840.113556.1.5.239
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.1819
+systemMayContain: 1.2.840.113556.1.4.1814
+systemMayContain: 1.2.840.113556.1.4.1812
+systemMayContain: 1.2.840.113556.1.4.1806
+systemMayContain: 2.5.4.13
+systemPossSuperiors: 1.2.840.113556.1.5.237
+systemPossSuperiors: 1.2.840.113556.1.5.235
+schemaIdGuid:: yeoTglWd3ESSXOmlK5J2RA==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Az-Role,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1807
+systemMayContain: 1.2.840.113556.1.4.1809
+systemMayContain: 1.2.840.113556.1.4.1811
+systemMayContain: 1.2.840.113556.1.4.1813
+systemMayContain: 1.2.840.113556.1.4.1815
+-
+
+dn: CN=inetOrgPerson,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 2.5.4.45
+mayContain: 2.16.840.1.113730.3.140
+mayContain: 2.16.840.1.113730.3.1.216
+mayContain: 2.5.4.36
+mayContain: 0.9.2342.19200300.100.1.1
+mayContain: 0.9.2342.19200300.100.1.21
+mayContain: 0.9.2342.19200300.100.1.6
+mayContain: 2.16.840.1.113730.3.1.39
+mayContain: 0.9.2342.19200300.100.1.7
+mayContain: 0.9.2342.19200300.100.1.42
+mayContain: 2.5.4.10
+mayContain: 0.9.2342.19200300.100.1.41
+mayContain: 0.9.2342.19200300.100.1.10
+mayContain: 0.9.2342.19200300.100.1.3
+mayContain: 1.3.6.1.4.1.250.1.57
+mayContain: 0.9.2342.19200300.100.1.60
+mayContain: 2.5.4.43
+mayContain: 1.2.840.113556.1.2.617
+mayContain: 0.9.2342.19200300.100.1.20
+mayContain: 2.5.4.42
+mayContain: 1.2.840.113556.1.2.613
+mayContain: 1.2.840.113556.1.2.610
+mayContain: 1.2.840.113556.1.2.13
+mayContain: 2.16.840.1.113730.3.1.2
+mayContain: 2.16.840.1.113730.3.1.1
+mayContain: 2.5.4.15
+mayContain: 0.9.2342.19200300.100.1.55
+-
+delete: systemMayContain
+systemMayContain: 2.5.4.45
+systemMayContain: 2.16.840.1.113730.3.140
+systemMayContain: 2.16.840.1.113730.3.1.216
+systemMayContain: 2.5.4.36
+systemMayContain: 0.9.2342.19200300.100.1.1
+systemMayContain: 0.9.2342.19200300.100.1.21
+systemMayContain: 0.9.2342.19200300.100.1.6
+systemMayContain: 2.16.840.1.113730.3.1.39
+systemMayContain: 0.9.2342.19200300.100.1.7
+systemMayContain: 0.9.2342.19200300.100.1.42
+systemMayContain: 2.5.4.10
+systemMayContain: 0.9.2342.19200300.100.1.41
+systemMayContain: 0.9.2342.19200300.100.1.10
+systemMayContain: 0.9.2342.19200300.100.1.3
+systemMayContain: 1.3.6.1.4.1.250.1.57
+systemMayContain: 0.9.2342.19200300.100.1.60
+systemMayContain: 2.5.4.43
+systemMayContain: 1.2.840.113556.1.2.617
+systemMayContain: 0.9.2342.19200300.100.1.20
+systemMayContain: 2.5.4.42
+systemMayContain: 1.2.840.113556.1.2.613
+systemMayContain: 1.2.840.113556.1.2.610
+systemMayContain: 1.2.840.113556.1.2.13
+systemMayContain: 2.16.840.1.113730.3.1.2
+systemMayContain: 2.16.840.1.113730.3.1.1
+systemMayContain: 2.5.4.15
+systemMayContain: 0.9.2342.19200300.100.1.55
+-
+add: possSuperiors
+possSuperiors: 1.2.840.113556.1.5.67
+possSuperiors: 2.5.6.5
+possSuperiors: 1.2.840.113556.1.3.23
+-
+delete: systemPossSuperiors
+systemPossSuperiors: 1.2.840.113556.1.5.67
+systemPossSuperiors: 2.5.6.5
+systemPossSuperiors: 1.2.840.113556.1.3.23
+-
+
+dn: CN=Person,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 2.5.4.58
+-
+delete: systemMayContain
+systemMayContain: 2.5.4.58
+-
+
+dn: CN=Security-Principal,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1782
+-
+
+dn: CN=Organizational-Person,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.2.617
+-
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.617
+-
+
+dn: CN=Group,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemPossSuperiors
+systemPossSuperiors: 1.2.840.113556.1.5.234
+systemPossSuperiors: 1.2.840.113556.1.5.235
+systemPossSuperiors: 1.2.840.113556.1.5.237
+-
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 2.5.4.45
+mayContain: 2.16.840.1.113730.3.140
+mayContain: 2.16.840.1.113730.3.1.216
+mayContain: 0.9.2342.19200300.100.1.1
+mayContain: 0.9.2342.19200300.100.1.21
+mayContain: 0.9.2342.19200300.100.1.6
+mayContain: 2.16.840.1.113730.3.1.39
+mayContain: 0.9.2342.19200300.100.1.7
+mayContain: 1.3.6.1.4.1.250.1.57
+mayContain: 0.9.2342.19200300.100.1.60
+mayContain: 1.2.840.113556.1.2.617
+mayContain: 2.5.4.42
+mayContain: 1.2.840.113556.1.2.613
+mayContain: 1.2.840.113556.1.2.610
+mayContain: 1.2.840.113556.1.2.13
+mayContain: 2.16.840.1.113730.3.1.2
+mayContain: 2.16.840.1.113730.3.1.1
+mayContain: 0.9.2342.19200300.100.1.55
+-
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.2.13
+systemMayContain: 1.2.840.113556.1.2.610
+systemMayContain: 1.2.840.113556.1.2.613
+systemMayContain: 1.2.840.113556.1.2.617
+systemMayContain: 2.5.4.42
+systemMayContain: 2.5.4.45
+systemMayContain: 0.9.2342.19200300.100.1.1
+systemMayContain: 0.9.2342.19200300.100.1.6
+systemMayContain: 0.9.2342.19200300.100.1.7
+systemMayContain: 0.9.2342.19200300.100.1.21
+systemMayContain: 0.9.2342.19200300.100.1.55
+systemMayContain: 0.9.2342.19200300.100.1.60
+systemMayContain: 2.16.840.1.113730.3.1.1
+systemMayContain: 2.16.840.1.113730.3.1.2
+systemMayContain: 2.16.840.1.113730.3.1.39
+systemMayContain: 2.16.840.1.113730.3.1.216
+systemMayContain: 1.3.6.1.4.1.250.1.57
+systemMayContain: 2.16.840.1.113730.3.140
+-
+
+dn: CN=groupOfUniqueNames,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 2.5.4.34
+mayContain: 2.5.4.32
+mayContain: 2.5.4.11
+mayContain: 2.5.4.10
+mayContain: 2.5.4.13
+mayContain: 2.5.4.15
+-
+delete: systemMayContain
+systemMayContain: 2.5.4.34
+systemMayContain: 2.5.4.32
+systemMayContain: 2.5.4.11
+systemMayContain: 2.5.4.10
+systemMayContain: 2.5.4.13
+systemMayContain: 2.5.4.15
+-
+add: mustContain
+mustContain: 2.5.4.50
+mustContain: 2.5.4.3
+-
+delete: systemMustContain
+systemMustContain: 2.5.4.50
+systemMustContain: 2.5.4.3
+-
+add: possSuperiors
+possSuperiors: 1.2.840.113556.1.5.67
+possSuperiors: 2.5.6.5
+possSuperiors: 1.2.840.113556.1.3.23
+-
+delete: systemPossSuperiors
+systemPossSuperiors: 1.2.840.113556.1.5.67
+systemPossSuperiors: 2.5.6.5
+systemPossSuperiors: 1.2.840.113556.1.3.23
+-
+
+dn: CN=Mail-Recipient,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 2.16.840.1.113730.3.140
+-
+delete: systemMayContain
+systemMayContain: 2.16.840.1.113730.3.140
+-
+
+
+# Reload the schema cache to pick up altered classes and attributes
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+# Config NC changes
+
+dn: CN=Reanimate-Tombstones,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+ShowInAdvancedViewOnly: TRUE
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+appliesTo: bf967a87-0de6-11d0-a285-00aa003049e2
+appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2
+displayName:Reanimate Tombstones
+localizationDisplayId: 64
+rightsGUID: 45EC5156-DB7E-47bb-B53F-DBEB2D03C40F
+validAccesses: 256
+
+
+# Increase object version
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 25
+-
+
+```
+
+### Sch26.ldf
+
+```
+dn: CN=ms-ieee-80211-ID,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msieee80211-ID
+adminDisplayName: ms-ieee-80211-ID
+adminDescription: an indentifier used for wireless policy object on AD
+attributeId: 1.2.840.113556.1.4.1823
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+searchFlags: 0
+schemaIdGuid:: de9zf8kUI0yB3t0HoG+eiw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-ieee-80211-Data,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msieee80211-Data
+adminDisplayName: ms-ieee-80211-Data
+adminDescription: Stores list of preferred network configurations for Group Policy for Wireless
+attributeId: 1.2.840.113556.1.4.1821
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+searchFlags: 0
+schemaIdGuid:: OAkNDlgmgEWp9noKx7Vmyw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Has-Domain-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-HasDomainNCs
+adminDisplayName: ms-DS-Has-Domain-NCs
+adminDescription: DS replication information detailing the domain NCs present on a particular server.
+attributeId: 1.2.840.113556.1.4.1820
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 4
+rangeUpper: 4
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: R+MXb0KomES4sxXgB9pP7Q==
+linkID: 2026
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-ieee-80211-Data-Type,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msieee80211-DataType
+adminDisplayName: ms-ieee-80211-Data-Type
+adminDescription: internally used data type for msieee80211-Data blob
+attributeId: 1.2.840.113556.1.4.1822
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+searchFlags: 0
+schemaIdGuid:: gLFYZdo1/k6+7VIfj0jK+w==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Az-Major-Version,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-AzMajorVersion
+adminDisplayName: MS-DS-Az-Major-Version
+adminDescription: Major version number for AzRoles
+attributeId: 1.2.840.113556.1.4.1824
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+schemaIdGuid:: t625z7fEWUCVaB7Z22tySA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Az-Minor-Version,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-AzMinorVersion
+adminDisplayName: MS-DS-Az-Minor-Version
+adminDescription: Minor version number for AzRoles
+attributeId: 1.2.840.113556.1.4.1825
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+schemaIdGuid:: k+2F7gmyiEeBZecC9Rv78w==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=Locality,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemPossSuperiors
+systemPossSuperiors: 1.2.840.113556.1.5.67
+-
+
+dn: CN=Organization,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemPossSuperiors
+systemPossSuperiors: 2.5.6.3
+-
+
+dn: CN=Organizational-Person,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemPossSuperiors
+systemPossSuperiors: 2.5.6.4
+systemPossSuperiors: 2.5.6.5
+-
+
+dn: CN=Organizational-Role,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemPossSuperiors
+systemPossSuperiors: 2.5.6.4
+systemPossSuperiors: 2.5.6.5
+-
+
+dn: CN=Group-Of-Names,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemPossSuperiors
+systemPossSuperiors: 2.5.6.3
+systemPossSuperiors: 2.5.6.4
+systemPossSuperiors: 2.5.6.5
+-
+
+dn: CN=Residential-Person,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemPossSuperiors
+systemPossSuperiors: 2.5.6.3
+-
+
+dn: CN=Application-Process,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemPossSuperiors
+systemPossSuperiors: 2.5.6.4
+systemPossSuperiors: 2.5.6.5
+-
+
+dn: CN=Application-Entity,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemPossSuperiors
+systemPossSuperiors: 2.5.6.11
+-
+
+dn: CN=Device,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemPossSuperiors
+systemPossSuperiors: 2.5.6.4
+systemPossSuperiors: 2.5.6.5
+-
+
+dn: CN=Person,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemPossSuperiors
+systemPossSuperiors: 2.5.6.5
+-
+
+# Reload the schema cache to pick up altered classes and attributes
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=ms-ieee-80211-Policy,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msieee80211-Policy
+adminDisplayName: ms-ieee-80211-Policy
+adminDescription: class to store Wireless Network Policy Object
+governsId: 1.2.840.113556.1.5.240
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.1823
+systemMayContain: 1.2.840.113556.1.4.1822
+systemMayContain: 1.2.840.113556.1.4.1821
+systemPossSuperiors: 2.5.6.5
+systemPossSuperiors: 1.2.840.113556.1.3.23
+systemPossSuperiors: 1.2.840.113556.1.3.30
+schemaIdGuid:: ki2ae+u3gkOXcsPg+bqvlA==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-ieee-80211-Policy,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+
+dn: CN=NTDS-DSA,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1820
+-
+
+dn: CN=Container,CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+add: systemPossSuperiors
+systemPossSuperiors: 1.2.840.113556.1.5.234
+systemPossSuperiors: 1.2.840.113556.1.5.235
+-
+
+dn: CN=ms-DS-Az-Operation,CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+add: systemPossSuperiors
+systemPossSuperiors: 1.2.840.113556.1.3.23
+-
+
+dn: CN=ms-DS-Az-Task,CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+add: systemPossSuperiors
+systemPossSuperiors: 1.2.840.113556.1.3.23
+-
+
+dn: CN=ms-DS-Az-Role,CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+add: systemPossSuperiors
+systemPossSuperiors: 1.2.840.113556.1.3.23
+-
+
+dn: CN=ms-DS-Az-Admin-Manager,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1824
+systemMayContain: 1.2.840.113556.1.4.1825
+-
+
+dn: CN=Container,CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+add: systemPossSuperiors
+systemPossSuperiors: 1.2.840.113556.1.5.237
+-
+
+# Reload the schema cache to pick up altered classes and attributes
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=Allowed-To-Authenticate,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+ShowInAdvancedViewOnly: TRUE
+appliesTo: bf967a86-0de6-11d0-a285-00aa003049e2
+appliesTo: bf967aba-0de6-11d0-a285-00aa003049e2
+appliesTo: 4828cc14-1437-45bc-9b07-ad6f015e5f28
+displayName: Allowed to Authenticate
+localizationDisplayId: 65
+rightsGUID: 68B1D179-0D15-4d4f-AB71-46152E79A7BC
+validAccesses: 256
+
+
+# Increase object version
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 26
+-
+
+```
+
+### Sch27.ldf
+
+```
+dn: CN=ms-Exch-House-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msExchHouseIdentifier
+adminDisplayName: ms-Exch-House-Identifier
+adminDescription: ms-Exch-House-Identifier
+attributeId: 1.2.840.113556.1.2.596
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 128
+schemaIdGuid:: B3TfqOrF0RG7ywCAx2ZwwA==
+mapiID: 35924
+
+dn: CN=ms-Exch-House-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: ldapDisplayName
+ldapDisplayName: msExchHouseIdentifier
+-
+
+dn: CN=host,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: host
+adminDisplayName: host
+adminDescription: The host attribute type specifies a host computer.
+attributeId: 0.9.2342.19200300.100.1.9
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+schemaIdGuid:: cd9DYEj6z0arfMvVRkSyLQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=drink,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: drink
+adminDisplayName: drink
+adminDescription: The drink (Favourite Drink) attribute type specifies the favorite drink of an object (or person).
+attributeId: 0.9.2342.19200300.100.1.5
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+schemaIdGuid:: taUaGi4m9k2vBCz2sNgASA==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=userClass,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: userClass
+adminDisplayName: userClass
+adminDescription: The userClass attribute type specifies a category of computer user.
+attributeId: 0.9.2342.19200300.100.1.8
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+schemaIdGuid:: iipzEU3hxUy5L9k/UcbY5A==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DS-Integer,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-Integer
+adminDisplayName: ms-DS-Integer
+adminDescription: An attribute for storing an integer.
+attributeId: 1.2.840.113556.1.4.1835
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 6kzGe07AGEOxAj4HKTcaZQ==
+showInAdvancedViewOnly: FALSE
+
+dn: CN=buildingName,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: buildingName
+adminDisplayName: buildingName
+adminDescription: The buildingName attribute type specifies the name of the building where an organization or organizational unit is based.
+attributeId: 0.9.2342.19200300.100.1.48
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+schemaIdGuid:: S6V/+MWy10+IwNrMsh2TxQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DS-Date-Time,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-DateTime
+adminDisplayName: ms-DS-Date-Time
+adminDescription: An attribute for storing a data and time value.
+attributeId: 1.2.840.113556.1.4.1832
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 2MtPI1L7CEmjKP2fbljkAw==
+showInAdvancedViewOnly: FALSE
+
+dn: CN=documentTitle,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: documentTitle
+adminDisplayName: documentTitle
+adminDescription: The documentTitle attribute type specifies the title of a document.
+attributeId: 0.9.2342.19200300.100.1.12
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+schemaIdGuid:: nFom3iz/uUeR3G5v4sQwYg==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DS-Byte-Array,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ByteArray
+adminDisplayName: ms-DS-Byte-Array
+adminDescription: An attribute for storing binary data.
+attributeId: 1.2.840.113556.1.4.1831
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1000000
+schemaIdGuid:: LpfY8Fvd5UClHQRMfBfs5w==
+showInAdvancedViewOnly: FALSE
+
+dn: CN=associatedName,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: associatedName
+adminDisplayName: associatedName
+adminDescription: The associatedName attribute type specifies an entry in the organizational DIT associated with a DNS domain.
+attributeId: 0.9.2342.19200300.100.1.38
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: Rfz796uFpEKkNXgOYveFiw==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=documentAuthor,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: documentAuthor
+adminDisplayName: documentAuthor
+adminDescription: The documentAuthor attribute type specifies the distinguished name of the author of a document.
+attributeId: 0.9.2342.19200300.100.1.14
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: GY6K8V+veESwlm81wn64Pw==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=houseIdentifier,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: houseIdentifier
+adminDisplayName: houseIdentifier
+adminDescription: The houseIdentifier attribute type specifies a linguistic construct used to identify a particular building, for example a house number or house name relative to a street, avenue, town or city, etc.
+attributeId: 2.5.4.51
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+schemaIdGuid:: t5hTpErEtk6C0xPBCUbb/g==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=documentVersion,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: documentVersion
+adminDisplayName: documentVersion
+adminDescription: The documentVersion attribute type specifies the version number of a document.
+attributeId: 0.9.2342.19200300.100.1.13
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+schemaIdGuid:: qaizlBPW7EyarV+8wQRrQw==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DS-External-Key,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ExternalKey
+adminDisplayName: ms-DS-External-Key
+adminDescription: A string to identifiy an object in an external store such as a record in a database.
+attributeId: 1.2.840.113556.1.4.1833
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10000
+schemaIdGuid:: KNUvuaw41ECBjQQzOAg3wQ==
+showInAdvancedViewOnly: FALSE
+
+dn: CN=associatedDomain,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: associatedDomain
+adminDisplayName: associatedDomain
+adminDescription: The associatedDomain attribute type specifies a DNS domain which is associated with an object.
+attributeId: 0.9.2342.19200300.100.1.37
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 256
+schemaIdGuid:: OPwgM3nDF0ylEBvfYTPF2g==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=documentLocation,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: documentLocation
+adminDisplayName: documentLocation
+adminDescription: The documentLocation attribute type specifies the location of the document original.
+attributeId: 0.9.2342.19200300.100.1.15
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+schemaIdGuid:: TrFYuW2sxE6Ikr5wtp9ygQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=uniqueIdentifier,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: uniqueIdentifier
+adminDisplayName: uniqueIdentifier
+adminDescription: The uniqueIdentifier attribute type specifies a "unique identifier" for an object represented in the Directory.
+attributeId: 0.9.2342.19200300.100.1.44
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+schemaIdGuid:: x4QBusU47UulJnVCFHBYDA==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DS-Has-Master-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-hasMasterNCs
+adminDisplayName: ms-DS-Has-Master-NCs
+adminDescription: A list of the naming contexts contained by a DC. Deprecates hasMasterNCs.
+attributeId: 1.2.840.113556.1.4.1836
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: 4uAtrtdZR02NR+1N/kNXrQ==
+linkID: 2036
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=documentPublisher,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: documentPublisher
+adminDisplayName: documentPublisher
+adminDescription: The documentPublisher attribute is the person and/or organization that published a document.
+attributeId: 0.9.2342.19200300.100.1.56
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+schemaIdGuid:: 1wkPF2nrikSaMPGv7P0y1w==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DS-External-Store,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ExternalStore
+adminDisplayName: ms-DS-External-Store
+adminDescription: A string to identifiy the location of an external store such as a database.
+attributeId: 1.2.840.113556.1.4.1834
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10000
+schemaIdGuid:: zXdIYNucx0ewPT2q2wRJEA==
+showInAdvancedViewOnly: FALSE
+
+dn: CN=documentIdentifier,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: documentIdentifier
+adminDisplayName: documentIdentifier
+adminDescription: The documentIdentifier attribute type specifies a unique identifier for a document.
+attributeId: 0.9.2342.19200300.100.1.11
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+schemaIdGuid:: gs4hC2P/2UaQ+8i58k6XuQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DS-Object-Reference,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ObjectReference
+adminDisplayName: ms-DS-Object-Reference
+adminDescription: A link to the object that uses the data stored in the object that contains this attribute.
+attributeId: 1.2.840.113556.1.4.1840
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: 6MKOY+cinECF0hGyG+5y3g==
+linkID: 2038
+showInAdvancedViewOnly: FALSE
+
+dn: CN=organizationalStatus,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: organizationalStatus
+adminDisplayName: organizationalStatus
+adminDescription: The organizationalStatus attribute type specifies a category by which a person is often referred to in an organization.
+attributeId: 0.9.2342.19200300.100.1.45
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+schemaIdGuid:: GWBZKElzL02t/1pimWH5Qg==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DS-Retired-Repl-NC-Signatures,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-RetiredReplNCSignatures
+adminDisplayName: ms-DS-Retired-Repl-NC-Signatures
+adminDescription: Information about naming contexts that are no longer held on this computer
+attributeId: 1.2.840.113556.1.4.1826
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+schemaIdGuid:: BlWz1dYZJk2a+xE1esmbXg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 17
+
+dn: CN=simpleSecurityObject,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: simpleSecurityObject
+adminDisplayName: simpleSecurityObject
+adminDescription: The simpleSecurityObject object class is used to allow an entry to have a userPassword attribute when an entry's principal object classes do not allow userPassword as an attribute type.
+governsId: 0.9.2342.19200300.100.4.19
+objectClassCategory: 3
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+mayContain: 2.5.4.35
+schemaIdGuid:: C5vmX0bhFU+wq8Hl1IjglA==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=simpleSecurityObject,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=X509-Cert,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: rangeUpper
+rangeUpper: 32768
+-
+
+dn: CN=Certificate-Revocation-List,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: rangeUpper
+rangeUpper: 10485760
+-
+
+dn: CN=Authority-Revocation-List,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: rangeUpper
+rangeUpper: 10485760
+-
+
+dn: CN=Crl-Partitioned-Revocation-List,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: rangeUpper
+rangeUpper: 10485760
+-
+
+dn: CN=Delta-Revocation-List,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: rangeUpper
+rangeUpper: 10485760
+-
+
+dn: CN=Cross-Certificate-Pair,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: rangeUpper
+rangeUpper: 32768
+-
+
+dn: CN=ms-PKI-OID-CPS,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: rangeUpper
+rangeUpper: 32768
+-
+
+dn: CN=ms-PKI-OID-User-Notice,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: rangeUpper
+rangeUpper: 32768
+-
+
+dn: CN=User-SMIME-Certificate,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: rangeUpper
+rangeUpper: 32768
+-
+
+dn: CN=User-Principal-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: rangeUpper
+rangeUpper: 1024
+-
+
+dn: CN=ms-DS-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: rangeUpper
+rangeUpper: 1000000
+-
+replace: systemFlags
+systemFlags: 0
+-
+
+dn: CN=PKT,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: rangeUpper
+rangeUpper: 10485760
+-
+
+dn: CN=Phone-Ip-Primary,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: rangeUpper
+rangeUpper: 64
+-
+
+dn: CN=Additional-Information,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: rangeUpper
+rangeUpper: 32768
+-
+
+
+dn: CN=MSMQ-Sign-Certificates,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: rangeUpper
+rangeUpper: 1048576
+-
+
+dn: CN=MSMQ-Sign-Certificates-Mig,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: rangeUpper
+rangeUpper: 1048576
+-
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=ms-DS-Mastered-By,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDs-masteredBy
+adminDisplayName: ms-DS-Mastered-By
+adminDescription: Back link for msDS-hasMasterNCs.
+attributeId: 1.2.840.113556.1.4.1837
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: aUcjYBlIFUahsknS8RmstQ==
+linkID: 2037
+showInAdvancedViewOnly: TRUE
+systemFlags: 17
+
+dn: CN=ms-DS-Object-Reference-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ObjectReferenceBL
+adminDisplayName: ms-DS-Object-Reference-BL
+adminDescription: Back link for ms-DS-Object-Reference.
+attributeId: 1.2.840.113556.1.4.1841
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: FSVwK/fBO0uxSMDkxs7stA==
+linkID: 2039
+showInAdvancedViewOnly: FALSE
+systemFlags: 1
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=ms-DS-App-Data,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDS-AppData
+adminDisplayName: ms-DS-App-Data
+adminDescription: Stores data that is to be used by an object. For example, profile information for a user object.
+governsId: 1.2.840.113556.1.5.241
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.5.7000.49
+mayContain: 2.5.4.32
+mayContain: 1.2.840.113556.1.4.1840
+mayContain: 1.2.840.113556.1.4.1835
+mayContain: 1.2.840.113556.1.4.1832
+mayContain: 1.2.840.113556.1.4.1831
+mayContain: 1.2.840.113556.1.4.653
+mayContain: 1.2.840.113556.1.4.48
+possSuperiors: 2.5.6.5
+possSuperiors: 1.2.840.113556.1.3.30
+possSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: YddnnifjVU28lWgvh14vjg==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-App-Data,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=rFC822LocalPart,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: rFC822LocalPart
+adminDisplayName: rFC822LocalPart
+adminDescription: The rFC822LocalPart object class is used to define entries which represent the local part of mail addresses.
+governsId: 0.9.2342.19200300.100.4.14
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.5.66
+mayContain: 2.5.4.24
+mayContain: 2.5.4.21
+mayContain: 2.5.4.22
+mayContain: 2.5.4.20
+mayContain: 2.5.4.9
+mayContain: 2.5.4.4
+mayContain: 2.5.4.34
+mayContain: 2.5.4.26
+mayContain: 2.5.4.28
+mayContain: 2.5.4.18
+mayContain: 2.5.4.17
+mayContain: 2.5.4.16
+mayContain: 2.5.4.19
+mayContain: 2.5.4.25
+mayContain: 2.5.4.23
+mayContain: 2.5.4.27
+mayContain: 2.5.4.13
+mayContain: 2.5.4.3
+possSuperiors: 2.5.6.5
+possSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: eDo+ua7LXkige170rlBWhg==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=rFC822LocalPart,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=room,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: room
+adminDisplayName: room
+adminDescription: The room object class is used to define entries representing rooms.
+governsId: 0.9.2342.19200300.100.4.7
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+mustContain: 2.5.4.3
+mayContain: 1.2.840.113556.1.4.222
+mayContain: 2.5.4.20
+mayContain: 2.5.4.34
+mayContain: 2.5.4.13
+mayContain: 0.9.2342.19200300.100.1.6
+possSuperiors: 2.5.6.5
+possSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: 0uVgeLDIu0y9RdlFW+uSBg==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=room,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=documentSeries,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: documentSeries
+adminDisplayName: documentSeries
+adminDescription: The documentSeries object class is used to define an entry which represents a series of documents.
+governsId: 0.9.2342.19200300.100.4.9
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+mustContain: 2.5.4.3
+mayContain: 2.5.4.20
+mayContain: 2.5.4.11
+mayContain: 2.5.4.10
+mayContain: 2.5.4.7
+mayContain: 2.5.4.34
+mayContain: 2.5.4.13
+possSuperiors: 2.5.6.5
+possSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: fOArei8wlku8kAeV1miF+A==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=documentSeries,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=friendlyCountry,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: friendlyCountry
+adminDisplayName: friendlyCountry
+adminDescription: The friendlyCountry object class is used to define country entries in the DIT.
+governsId: 0.9.2342.19200300.100.4.18
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.2
+mustContain: 1.2.840.113556.1.2.131
+schemaIdGuid:: UvGYxGvcSkefUnzbo9fTUQ==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=friendlyCountry,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=account,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: account
+adminDisplayName: account
+adminDescription: The account object class is used to define entries representing computer accounts.
+governsId: 0.9.2342.19200300.100.4.5
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+mayContain: 0.9.2342.19200300.100.1.1
+mayContain: 0.9.2342.19200300.100.1.9
+mayContain: 2.5.4.11
+mayContain: 2.5.4.10
+mayContain: 2.5.4.7
+mayContain: 2.5.4.34
+mayContain: 2.5.4.13
+possSuperiors: 2.5.6.5
+possSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: aqQoJq2m4Eq4VCsS2f5vng==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=account,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=document,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: document
+adminDisplayName: document
+adminDescription: The document object class is used to define entries which represent documents.
+governsId: 0.9.2342.19200300.100.4.6
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+mayContain: 0.9.2342.19200300.100.1.11
+mayContain: 0.9.2342.19200300.100.1.56
+mayContain: 0.9.2342.19200300.100.1.15
+mayContain: 0.9.2342.19200300.100.1.14
+mayContain: 0.9.2342.19200300.100.1.13
+mayContain: 0.9.2342.19200300.100.1.12
+mayContain: 2.5.4.11
+mayContain: 2.5.4.10
+mayContain: 2.5.4.7
+mayContain: 2.5.4.34
+mayContain: 2.5.4.13
+mayContain: 2.5.4.3
+possSuperiors: 2.5.6.5
+possSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: bdm6OdbCr0uIq35CB2ABFw==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=document,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=domainRelatedObject,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: domainRelatedObject
+adminDisplayName: domainRelatedObject
+adminDescription: The domainRelatedObject object class is used to define an entry which represents a series of documents.
+governsId: 0.9.2342.19200300.100.4.17
+objectClassCategory: 3
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+mayContain: 0.9.2342.19200300.100.1.37
+schemaIdGuid:: PS39i9rvSUWFLPheE3rtxg==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=domainRelatedObject,CN=Schema,CN=Configuration,DC=X
+
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.4.1841
+-
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1837
+-
+
+
+dn: CN=DMD,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemPossSuperiors
+systemPossSuperiors: 2.5.6.4
+systemPossSuperiors: 2.5.6.5
+systemPossSuperiors: 2.5.6.11
+systemPossSuperiors: 1.2.840.113556.1.3.23
+-
+replace:systemOnly
+systemOnly: TRUE
+-
+
+dn: CN=Configuration,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace:systemOnly
+systemOnly: TRUE
+-
+
+dn: CN=Container,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.4.1840
+-
+
+
+dn: CN=Container,CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+add: systemPossSuperiors
+systemPossSuperiors: 1.2.840.113556.1.5.237
+-
+
+
+dn: CN=NTDS-DSA,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1826
+systemMayContain: 1.2.840.113556.1.4.1836
+-
+
+
+dn: CN=Application-Version,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 2.5.4.32
+mayContain: 1.2.840.113556.1.4.653
+mayContain: 1.2.840.113556.1.4.48
+mayContain: 1.2.840.113556.1.4.329
+mayContain: 1.2.840.113556.1.4.328
+mayContain: 1.2.840.113556.1.4.141
+mayContain: 1.2.840.113556.1.4.255
+mayContain: 1.2.840.113556.1.4.848
+-
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.329
+systemMayContain: 1.2.840.113556.1.4.328
+systemMayContain: 1.2.840.113556.1.4.141
+systemMayContain: 1.2.840.113556.1.4.255
+systemMayContain: 1.2.840.113556.1.4.848
+-
+add: possSuperiors
+possSuperiors: 2.5.6.5
+possSuperiors: 1.2.840.113556.1.3.30
+possSuperiors: 1.2.840.113556.1.3.23
+-
+delete: systemPossSuperiors
+systemPossSuperiors: 1.2.840.113556.1.3.30
+systemPossSuperiors: 1.2.840.113556.1.3.23
+-
+
+dn: CN=ms-DS-App-Configuration,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 2.5.4.32
+mayContain: 1.2.840.113556.1.4.1840
+mayContain: 1.2.840.113556.1.4.1835
+mayContain: 1.2.840.113556.1.4.1832
+mayContain: 1.2.840.113556.1.4.1831
+mayContain: 1.2.840.113556.1.4.653
+mayContain: 1.2.840.113556.1.4.48
+-
+add: possSuperiors
+possSuperiors: 2.5.6.5
+possSuperiors: 1.2.840.113556.1.3.30
+possSuperiors: 1.2.840.113556.1.3.23
+-
+delete: systemPossSuperiors
+systemPossSuperiors: 1.2.840.113556.1.3.30
+systemPossSuperiors: 1.2.840.113556.1.3.23
+-
+
+dn: CN=Organizational-Person,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.2.596
+-
+
+
+dn: CN=Organizational-Person,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 2.5.4.51
+-
+
+
+dn: CN=Container,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemPossSuperiors
+systemPossSuperiors: 1.2.840.113556.1.5.161
+-
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=DS-Execute-Intentions-Script,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+ShowInAdvancedViewOnly: TRUE
+appliesTo: ef9e60e0-56f7-11d1-a9c6-0000f80367c1
+displayName: Execute Forest Update Script
+localizationDisplayId: 66
+rightsGUID: 2f16c4a5-b98e-432c-952a-cb388ba33f2e
+validAccesses: 256
+
+
+
+# Increase object version
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 27
+-
+
+```
+
+### Sch28.ldf
+
+```
+dn: CN=DS-Replication-Monitor-Topology,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+ShowInAdvancedViewOnly: TRUE
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+appliesTo: bf967a87-0de6-11d0-a285-00aa003049e2
+appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2
+displayName: Monitor Active Directory Replication
+localizationDisplayId: 67
+rightsGUID: f98340fb-7c5b-4cdb-a00b-2ebdfa115a96
+validAccesses: 256
+
+dn: CN=Update-Password-Not-Required-Bit,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+ShowInAdvancedViewOnly: TRUE
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+displayName: Update Password Not Required Bit
+localizationDisplayId: 68
+rightsGUID: 280f369c-67c7-438e-ae98-1d46f3c6f541
+validAccesses: 256
+
+dn: CN=Unexpire-Password,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+ShowInAdvancedViewOnly: TRUE
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+displayName: Unexpire Password
+localizationDisplayId: 69
+rightsGUID: ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501
+validAccesses: 256
+
+dn: CN=Enable-Per-User-Reversibly-Encrypted-Password,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+ShowInAdvancedViewOnly: TRUE
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+displayName: Enable Per User Reversibly Encrypted Password
+localizationDisplayId: 70
+rightsGUID: 05c74c5e-4deb-43b4-bd9f-86664c2a7fd5
+validAccesses: 256
+
+
+# Increase object version
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 28
+-
+
+```
+
+### Sch29.ldf
+
+```
+dn: CN=ms-DS-Max-Values,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDs-MaxValues
+adminDisplayName: ms-DS-Max-Values
+adminDescription: Max values allowed.
+attributeId: 1.2.840.113556.1.4.1842
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+schemaIdGuid:: pGnh0enrv0mPy4rvOHRZLQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-DRM-Identity-Certificate,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDRM-IdentityCertificate
+adminDisplayName: ms-DRM-Identity-Certificate
+adminDescription: The XrML digital rights management certificates for this user.
+attributeId: 1.2.840.113556.1.4.1843
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 10240
+schemaIdGuid:: BBJe6DQ0rUGbVuKQEij/8A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1843
+-
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+# Increase object version
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 29
+-
+
+```
+
+### Sch30.ldf
+
+```
+dn: CN=ms-DS-Quota-Used,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-QuotaUsed
+adminDisplayName: ms-DS-Quota-Used
+adminDescription: The current quota consumed by a security principal in the directory database.
+attributeId: 1.2.840.113556.1.4.1849
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: CEOotV1ht0uwXy8XRqpDnw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 20
+
+dn: CN=ms-DS-Quota-Amount,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-QuotaAmount
+adminDisplayName: ms-DS-Quota-Amount
+adminDescription: The assigned quota in terms of number of objects owned in the database.
+attributeId: 1.2.840.113556.1.4.1845
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: DaC5+4w6M0Kc+XGJJkkDoQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Default-Quota,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-DefaultQuota
+adminDisplayName: ms-DS-Default-Quota
+adminDescription: The default quota that will apply to a security principal creating an object in the NC if no quota specification exists that covers the security principal.
+attributeId: 1.2.840.113556.1.4.1846
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: JvcYaEtnG0SKOvQFljdM6g==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Quota-Trustee,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-QuotaTrustee
+adminDisplayName: ms-DS-Quota-Trustee
+adminDescription: The SID of the security principal for which quota is being assigned.
+attributeId: 1.2.840.113556.1.4.1844
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 28
+schemaIdGuid:: Bok3FqVOvkmo0b/UHf9PZQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Top-Quota-Usage,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-TopQuotaUsage
+adminDisplayName: ms-DS-Top-Quota-Usage
+adminDescription: The list of top quota users ordered by decreasing quota usage currently in the directory database.
+attributeId: 1.2.840.113556.1.4.1850
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: T858e/Xxtku36yNQSvGedQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 20
+
+dn: CN=ms-DS-Quota-Effective,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-QuotaEffective
+adminDisplayName: ms-DS-Quota-Effective
+adminDescription: The effective quota for a security principal computed from the assigned quotas for a directory partition.
+attributeId: 1.2.840.113556.1.4.1848
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: UrFVZhwQtEizR+H868YBVw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 20
+
+dn: CN=MS-DRM-Identity-Certificate,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDRM-IdentityCertificate
+adminDisplayName: ms-DRM-Identity-Certificate
+adminDescription: The XrML digital rights management certificates for this user.
+attributeId: 1.2.840.113556.1.4.1843
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 10240
+schemaIdGuid:: BBJe6DQ0rUGbVuKQEij/8A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Tombstone-Quota-Factor,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-TombstoneQuotaFactor
+adminDisplayName: ms-DS-Tombstone-Quota-Factor
+adminDescription: The factor by which tombstone object count should be reduced for the purpose of quota accounting.
+attributeId: 1.2.840.113556.1.4.1847
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 100
+schemaIdGuid:: 10QXRrbzukWHU/uVUqXfMg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+
+dn: CN=Terminal-Server,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: rangeUpper
+rangeUpper: 20480
+-
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=ms-DS-Quota-Container,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDS-QuotaContainer
+adminDisplayName: ms-DS-Quota-Container
+adminDescription: A special container that holds all quota specifications for the directory database.
+governsId: 1.2.840.113556.1.5.242
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 2.5.4.3
+systemMayContain: 1.2.840.113556.1.4.1850
+systemMayContain: 1.2.840.113556.1.4.1849
+systemMayContain: 1.2.840.113556.1.4.1848
+systemMayContain: 1.2.840.113556.1.4.1847
+systemMayContain: 1.2.840.113556.1.4.1846
+systemPossSuperiors: 1.2.840.113556.1.5.12
+systemPossSuperiors: 1.2.840.113556.1.5.67
+schemaIdGuid:: T/yD2m8H6kq03I9Nq5tZkw==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;BA)(OA;;CR;4ecc03fe-ffc0-4947-b630-eb672a8a9dbc;;WD)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Quota-Container,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-DS-Quota-Control,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDS-QuotaControl
+adminDisplayName: ms-DS-Quota-Control
+adminDescription: A class used to represent quota specifications for the directory database.
+governsId: 1.2.840.113556.1.5.243
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 1.2.840.113556.1.4.1845
+systemMustContain: 1.2.840.113556.1.4.1844
+systemMustContain: 2.5.4.3
+systemPossSuperiors: 1.2.840.113556.1.5.242
+schemaIdGuid:: JvyR3gK9UkuuJnlZmelvxw==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;BA)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Quota-Control,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+
+dn: CN=DS-Query-Self-Quota,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+ShowInAdvancedViewOnly: TRUE
+appliesTo:da83fc4f-076f-4aea-b4dc-8f4dab9b5993
+displayName:Query Self Quota
+localizationDisplayId: 71
+rightsGUID:4ecc03fe-ffc0-4947-b630-eb672a8a9dbc
+validAccesses: 256
+
+
+# Increase object version
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 30
+-
+
+```
+
+### Sch31.ldf
+
+```
+dn: CN=Gecos,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: gecos
+adminDisplayName: gecos
+adminDescription: The GECOS field; the common name (RFC 2307)
+attributeId: 1.3.6.1.1.1.1.2
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10240
+schemaIdGuid:: Hz/go1UdU0KgrzDCp4Tkbg==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=BootFile,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: bootFile
+adminDisplayName: bootFile
+adminDescription: Boot image name
+attributeId: 1.3.6.1.1.1.1.24
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10240
+schemaIdGuid:: Tsvz4yAP60KXA9L/JuUmZw==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=MemberUid,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: memberUid
+adminDisplayName: memberUid
+adminDescription: This multivalued attribute holds the login names of the members of a group.
+attributeId: 1.3.6.1.1.1.1.12
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 256000
+schemaIdGuid:: NrLaAy5nYU+rZPd9LcL/qw==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=GidNumber,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: gidNumber
+adminDisplayName: gidNumber
+adminDescription: An integer uniquely identifying a group in an administrative domain (RFC 2307)
+attributeId: 1.3.6.1.1.1.1.1
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+schemaIdGuid:: DF+5xZ7sxEGEnLRll+1mlg==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ShadowMin,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: shadowMin
+adminDisplayName: shadowMin
+adminDescription: Minimum number of days between shadow changes.
+attributeId: 1.3.6.1.1.1.1.6
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: N4drp6HlaEWwV9wS4Evksg==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=UidNumber,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: uidNumber
+adminDisplayName: uidNumber
+adminDescription: An integer uniquely identifying a user in an administrative domain (RFC 2307)
+attributeId: 1.3.6.1.1.1.1.0
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+schemaIdGuid:: j8wPhWuc4Ue2cXxlS+TVsw==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ShadowMax,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: shadowMax
+adminDisplayName: shadowMax
+adminDescription: Maximum number of days password is valid.
+attributeId: 1.3.6.1.1.1.1.7
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: UsmF8t1QnkSRYDuIDZmYjQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=MacAddress,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: macAddress
+adminDisplayName: macAddress
+adminDescription: MAC address in maximal, colon separated hex notation
+attributeId: 1.3.6.1.1.1.1.22
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 128
+schemaIdGuid:: 3SKl5nCX4UOJ3h3lBEMo9w==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ShadowFlag,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: shadowFlag
+adminDisplayName: shadowFlag
+adminDescription: This is a part of the shadow map used to store the flag value.
+attributeId: 1.3.6.1.1.1.1.11
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: Dbf+jdvFtkaxXqQ4nmzumw==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=NisMapName,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: nisMapName
+adminDisplayName: nisMapName
+adminDescription: The attribute contains the name of the map to which the object belongs.
+attributeId: 1.3.6.1.1.1.1.26
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+schemaIdGuid:: eTydlpoOlU2wrL3ef/jzoQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=LoginShell,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: loginShell
+adminDisplayName: loginShell
+adminDescription: The path to the login shell (RFC 2307)
+attributeId: 1.3.6.1.1.1.1.4
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+schemaIdGuid:: LNFTpTEyXkyK340YlpdyHg==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=msSFU-30-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msSFU30Name
+adminDisplayName: msSFU-30-Name
+adminDescription: stores the name of a map
+attributeId: 1.2.840.113556.1.6.18.1.309
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+rangeUpper: 1024
+schemaIdGuid:: 09HFFsI1YUCocKXO/agE8A==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DFSR-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-Flags
+adminDisplayName: ms-DFSR-Flags
+adminDescription: DFSR Object Flags
+attributeId: 1.2.840.113556.1.6.13.3.16
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+searchFlags: 0
+schemaIdGuid:: lVZR/mE/yEWb+hnBSMV7CQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=NisMapEntry,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: nisMapEntry
+adminDisplayName: nisMapEntry
+adminDescription: This holds one map entry of a non standard map.
+attributeId: 1.3.6.1.1.1.1.27
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+schemaIdGuid:: biGVSsD8LkC1f1lxYmFIqQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=OncRpcNumber,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: oncRpcNumber
+adminDisplayName: oncRpcNumber
+adminDescription: This is a part of the rpc map and stores the RPC number for UNIX RPCs.
+attributeId: 1.3.6.1.1.1.1.18
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 9SVoltkBXEqgEdFa6E76VQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IpHostNumber,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: ipHostNumber
+adminDisplayName: ipHostNumber
+adminDescription: IP address as a dotted decimal omitting leading zeros
+attributeId: 1.3.6.1.1.1.1.19
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 128
+schemaIdGuid:: IbeL3tyF3k+2h5ZXaI5mfg==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ShadowExpire,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: shadowExpire
+adminDisplayName: shadowExpire
+adminDescription: Absolute date to expire account
+attributeId: 1.3.6.1.1.1.1.10
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: AJoVdf8f9EyL/07yaVz2Qw==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DFSR-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-Enabled
+adminDisplayName: ms-DFSR-Enabled
+adminDescription: Specify if the object enabled
+attributeId: 1.2.840.113556.1.6.13.3.9
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+searchFlags: 0
+schemaIdGuid:: 52pyA32ORkSKrqkWV8AJkw==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DFSR-DfsPath,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-DfsPath
+adminDisplayName: ms-DFSR-DfsPath
+adminDescription: Full path of associated DFS link
+attributeId: 1.2.840.113556.1.6.13.3.21
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+searchFlags: 1
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid:: 4gPJLIw5O0Sshv9rAerHug==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=BootParameter,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: bootParameter
+adminDisplayName: bootParameter
+adminDescription: rpc.bootparamd parameter
+attributeId: 1.3.6.1.1.1.1.23
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10240
+schemaIdGuid:: UAcq13yMbkGHFOZfEekIvg==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=msSFU-30-Aliases,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msSFU30Aliases
+adminDisplayName: msSFU-30-Aliases
+adminDescription: part of the NIS mail map
+attributeId: 1.2.840.113556.1.6.18.1.323
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 153600
+schemaIdGuid:: cfHrIJrGMUyyndy4N9iRLQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=msSFU-30-Domains,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msSFU30Domains
+adminDisplayName: msSFU-30-Domains
+adminDescription: stores the list of UNIX NIS domains migrated to the same AD NIS domain
+attributeId: 1.2.840.113556.1.6.18.1.340
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 1
+rangeUpper: 256000
+schemaIdGuid:: 014JkzBv3Uu3NGXVafX3yQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IpServicePort,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: ipServicePort
+adminDisplayName: ipServicePort
+adminDescription: This is a part of the services map and contains the port at which the UNIX service is available.
+attributeId: 1.3.6.1.1.1.1.15
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: v64t/2P0WkmEBT5INkHqog==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DFSR-Version,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-Version
+adminDisplayName: ms-DFSR-Version
+adminDescription: DFSR version number
+attributeId: 1.2.840.113556.1.6.13.3.1
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+rangeUpper: 256
+searchFlags: 0
+schemaIdGuid:: CBSGGsM46km6dYVIGnfGVQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DFSR-Options,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-Options
+adminDisplayName: ms-DFSR-Options
+adminDescription: DFSR object options
+attributeId: 1.2.840.113556.1.6.13.3.17
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+searchFlags: 0
+schemaIdGuid:: hHDW1iDHfUGGR7aWI3oRTA==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ShadowWarning,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: shadowWarning
+adminDisplayName: shadowWarning
+adminDescription: Number of days before password expiry to warn user
+attributeId: 1.3.6.1.1.1.1.8
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: nJzoenYpRkq7ijQPiFYBFw==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DFSR-Schedule,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-Schedule
+adminDisplayName: ms-DFSR-Schedule
+adminDescription: DFSR Replication schedule
+attributeId: 1.2.840.113556.1.6.13.3.14
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+searchFlags: 0
+rangeLower: 336
+rangeUpper: 336
+schemaIdGuid:: X/GZRh+n4kif9ViXwHWSBQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ShadowInactive,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: shadowInactive
+adminDisplayName: shadowInactive
+adminDescription: Number of days before password expiry to warn user
+attributeId: 1.3.6.1.1.1.1.9
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: Hx2HhhAzEkOO/a9J3PsmcQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DFSR-RootPath,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-RootPath
+adminDisplayName: ms-DFSR-RootPath
+adminDescription: Full path of the root directory
+attributeId: 1.2.840.113556.1.6.13.3.3
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid:: wejV1x/mT0afzyC74KLsVA==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DFSR-Keywords,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-Keywords
+adminDisplayName: ms-DFSR-Keywords
+adminDescription: User defined keywords
+attributeId: 1.2.840.113556.1.6.13.3.15
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid:: kkaLBCdiZ0ugdMRDcIPhSw==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DFSR-RootFence,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-RootFence
+adminDisplayName: ms-DFSR-RootFence
+adminDescription: Root directory fence value
+attributeId: 1.2.840.113556.1.6.13.3.22
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+searchFlags: 0
+schemaIdGuid:: lI6SUdgsvkq1UuUEEkRDcA==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=msSFU-30-Nis-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msSFU30NisDomain
+adminDisplayName: msSFU-30-Nis-Domain
+adminDescription: This attribute is used to store the NIS domain
+attributeId: 1.2.840.113556.1.6.18.1.339
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+rangeUpper: 1024
+systemOnly: FALSE
+searchFlags: 9
+schemaIdGuid:: 47LjnvPH+EWMnxOCvkmE0g==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IpNetmaskNumber,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: ipNetmaskNumber
+adminDisplayName: ipNetmaskNumber
+adminDescription: IP netmask as a dotted decimal, omitting leading zeros
+attributeId: 1.3.6.1.1.1.1.21
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 128
+schemaIdGuid:: zU/2by5GYk+0SppTR2WeuQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=msSFU-30-Map-Filter,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msSFU30MapFilter
+adminDisplayName: msSFU-30-Map-Filter
+adminDescription: stores a string containing map keys, domain name and so on. The string is used to filter data in a map
+attributeId: 1.2.840.113556.1.6.18.1.306
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+schemaIdGuid:: AW6xt08CI06tDXHxpAa2hA==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DFSR-Extension,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-Extension
+adminDisplayName: ms-DFSR-Extension
+adminDescription: DFSR Extension attribute
+attributeId: 1.2.840.113556.1.6.13.3.2
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65536
+schemaIdGuid:: 7BHweGanGUutz3uB7XgaTQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IpNetworkNumber,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: ipNetworkNumber
+adminDisplayName: ipNetworkNumber
+adminDescription: IP network as a dotted decimal, omitting leading zeros
+attributeId: 1.3.6.1.1.1.1.20
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 128
+schemaIdGuid:: 9FQ4TocwpEKoE7sMUolY0w==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=msSFU-30-Key-Values,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msSFU30KeyValues
+adminDisplayName: msSFU-30-Key-Values
+adminDescription: This attribute is internal to Server for NIS and is used as a scratch pad
+attributeId: 1.2.840.113556.1.6.18.1.324
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+rangeUpper: 10240
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: NQKDN+nl8kaSK9jUTwPnrg==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=msSFU-30-Yp-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msSFU30YpServers
+adminDisplayName: msSFU-30-Yp-Servers
+adminDescription: Stores ypserves list, list of "Servers for NIS" in a NIS domain
+attributeId: 1.2.840.113556.1.6.18.1.341
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+rangeUpper: 20480
+systemOnly: FALSE
+searchFlags: 1
+schemaIdGuid:: S5RKCFDh/kuTRUDhrtrrug==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DFSR-RdcEnabled,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-RdcEnabled
+adminDisplayName: ms-DFSR-RdcEnabled
+adminDescription: Enable and disable RDC
+attributeId: 1.2.840.113556.1.6.13.3.19
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+searchFlags: 0
+schemaIdGuid:: BU6046f0eECnMPSGcKdD+A==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ShadowLastChange,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: shadowLastChange
+adminDisplayName: shadowLastChange
+adminDescription: Last change of shadow information.
+attributeId: 1.3.6.1.1.1.1.5
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: nGjy+OgpQ0iBd+i5jhXurA==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DFSR-FileFilter,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-FileFilter
+adminDisplayName: ms-DFSR-FileFilter
+adminDescription: Filter string applied to files
+attributeId: 1.2.840.113556.1.6.13.3.12
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid:: rHCC1tylQUimrM1ovjjBgQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IpProtocolNumber,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: ipProtocolNumber
+adminDisplayName: ipProtocolNumber
+adminDescription: This is part of the protocols map and stores the unique number that identifies the protocol.
+attributeId: 1.3.6.1.1.1.1.17
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 68b16y0OFUSWcBCBmTtCEQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=UnixUserPassword,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: unixUserPassword
+adminDisplayName: unixUserPassword
+adminDescription: userPassword compatible with Unix system.
+attributeId: 1.2.840.113556.1.4.1910
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 128
+rangeLower: 1
+rangeUpper: 128
+schemaIdGuid:: R7csYejAkk+SIf3V8VtVDQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DFSR-StagingPath,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-StagingPath
+adminDisplayName: ms-DFSR-StagingPath
+adminDescription: Full path of the staging directory
+attributeId: 1.2.840.113556.1.6.13.3.5
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid:: nqa5hqbwXUCZu3fZd5ksKg==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=MemberNisNetgroup,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: memberNisNetgroup
+adminDisplayName: memberNisNetgroup
+adminDescription: A multivalued attribute that holds the list of netgroups that are members of this netgroup.
+attributeId: 1.3.6.1.1.1.1.13
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+rangeUpper: 153600
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 3BdqD+VT6EuUQo884vkBKg==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=msSFU-30-Order-Number,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msSFU30OrderNumber
+adminDisplayName: msSFU-30-Order-Number
+adminDescription: Every time the data stored in the msSFU-30-Domain-Info object is changed, the value of this attribute is incremented. Server for NIS uses this object to check if the map has changed. This number is used to track data changes between ypxfer calls
+attributeId: 1.2.840.113556.1.6.18.1.308
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+rangeUpper: 1024
+systemOnly: FALSE
+searchFlags: 1
+schemaIdGuid:: BV9iAu7Rn0+zZlUma+y5XA==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IpServiceProtocol,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: ipServiceProtocol
+adminDisplayName: ipServiceProtocol
+adminDescription: This is a part of the services map and stores the protocol number for a UNIX service.
+attributeId: 1.3.6.1.1.1.1.16
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+rangeUpper: 1024
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: C+yWzdYetEOya/FwtkWIPw==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=msSFU-30-Posix-Member,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msSFU30PosixMember
+adminDisplayName: msSFU-30-Posix-Member
+adminDescription: This attribute is used to stores the DN display name of users??? part of a group
+attributeId: 1.2.840.113556.1.6.18.1.346
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: Ldh1yEgo7Ey7UDxUhtCdVw==
+linkID: 2030
+showInAdvancedViewOnly: TRUE
+
+dn: CN=UnixHomeDirectory,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: unixHomeDirectory
+adminDisplayName: unixHomeDirectory
+adminDescription: The absolute path to the home directory (RFC 2307)
+attributeId: 1.3.6.1.1.1.1.3
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+rangeUpper: 2048
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: ErotvA8ATUa/HQgIRl2IQw==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=msSFU-30-Crypt-Method,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msSFU30CryptMethod
+adminDisplayName: msSFU-30-Crypt-Method
+adminDescription: used to store the method used for encrypting the UNIX passwords, either MD5 or crypt.
+attributeId: 1.2.840.113556.1.6.18.1.352
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+rangeUpper: 1024
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: o9IDRXA9uEGwd9/xI8FYZQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=NisNetgroupTriple,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: nisNetgroupTriple
+adminDisplayName: nisNetgroupTriple
+adminDescription: This attribute represents one entry from a netgroup map.
+attributeId: 1.3.6.1.1.1.1.14
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+rangeUpper: 153600
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: dC4DqO8w9U+v/A/CF3g/7A==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DFSR-ConflictPath,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-ConflictPath
+adminDisplayName: ms-DFSR-ConflictPath
+adminDescription: Full path of the conflict directory
+attributeId: 1.2.840.113556.1.6.13.3.7
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid:: yLzwXPdg/0u9pq6gNE6xUQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=msSFU-30-Max-Gid-Number,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msSFU30MaxGidNumber
+adminDisplayName: msSFU-30-Max-Gid-Number
+adminDescription: stores the maximum number of groups migrated to a NIS domain
+attributeId: 1.2.840.113556.1.6.18.1.342
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+schemaIdGuid:: pmruBDv4mka/WjwA02NGaQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=msSFU-30-Max-Uid-Number,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msSFU30MaxUidNumber
+adminDisplayName: msSFU-30-Max-Uid-Number
+adminDescription: stores the maximum number of users migrated to a NIS domain
+attributeId: 1.2.840.113556.1.6.18.1.343
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+schemaIdGuid:: N4SZ7ETZKEqFACF1iK38dQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DFSR-RootSizeInMb,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-RootSizeInMb
+adminDisplayName: ms-DFSR-RootSizeInMb
+adminDescription: Size of the root directory in MB
+attributeId: 1.2.840.113556.1.6.13.3.4
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: -1
+schemaIdGuid:: rGm3kBNEz0OteoZxQudAow==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DFSR-DfsLinkTarget,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-DfsLinkTarget
+adminDisplayName: ms-DFSR-DfsLinkTarget
+adminDescription: Link target used for the subscription
+attributeId: 1.2.840.113556.1.6.13.3.24
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid:: qVu49/k7j0KqtC7ubVbwYw==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=msSFU-30-Posix-Member-Of,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msSFU30PosixMemberOf
+adminDisplayName: msSFU-30-Posix-Member-Of
+adminDescription: stores the display names of groups to which this user belongs to
+attributeId: 1.2.840.113556.1.6.18.1.347
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: kmvXe0QyikOtpiT16jQ4Hg==
+linkID: 2031
+showInAdvancedViewOnly: TRUE
+systemFlags: 1
+
+dn: CN=msSFU-30-Key-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msSFU30KeyAttributes
+adminDisplayName: msSFU-30-Key-Attributes
+adminDescription: stores the names of the attributes which the Server for NIS will use as keys to search a map
+attributeId: 1.2.840.113556.1.6.18.1.301
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+rangeUpper: 1024
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: mNbsMp7OlEihNHrXawgugw==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=msSFU-30-Field-Separator,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msSFU30FieldSeparator
+adminDisplayName: msSFU-30-Field-Separator
+adminDescription: stores Field Separator for each NIS map
+attributeId: 1.2.840.113556.1.6.18.1.302
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+rangeUpper: 50
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: QhrhooHnoUyn+uwwf2K2oQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DFSR-ContentSetGuid,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-ContentSetGuid
+adminDisplayName: ms-DFSR-ContentSetGuid
+adminDescription: DFSR Content set guid
+attributeId: 1.2.840.113556.1.6.13.3.18
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+schemaIdGuid:: 4ag1EKhnIUy3uwMc35nXoA==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DFSR-MemberReference,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-MemberReference
+adminDisplayName: ms-DFSR-MemberReference
+adminDescription: Forward link to DFSR-Member object
+attributeId: 1.2.840.113556.1.6.13.3.100
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: qjcTJsPxskS76siNSebwxw==
+linkID: 2052
+showInAdvancedViewOnly: TRUE
+
+dn: CN=msSFU-30-Search-Container,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msSFU30SearchContainer
+adminDisplayName: msSFU-30-Search-Container
+adminDescription: stores the identifier of an object from where each search will begin
+attributeId: 1.2.840.113556.1.6.18.1.300
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+rangeUpper: 2048
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: or/uJ+v7jk+q1sUCR5lCkQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DFSR-StagingSizeInMb,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-StagingSizeInMb
+adminDisplayName: ms-DFSR-StagingSizeInMb
+adminDescription: Size of the staging directory in MB
+attributeId: 1.2.840.113556.1.6.13.3.6
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: -1
+schemaIdGuid:: II8KJfz2WUWuZeSyTGeuvg==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DFSR-DirectoryFilter,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-DirectoryFilter
+adminDisplayName: ms-DFSR-DirectoryFilter
+adminDescription: Filter string applied to directories
+attributeId: 1.2.840.113556.1.6.13.3.13
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid:: d7THky4fQEu3vwB+jQOMzw==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DFSR-ConflictSizeInMb,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-ConflictSizeInMb
+adminDisplayName: ms-DFSR-ConflictSizeInMb
+adminDescription: Size of the Conflict directory in MB
+attributeId: 1.2.840.113556.1.6.13.3.8
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: -1
+schemaIdGuid:: yT/Tms+qmUK7PtH8bqiOSQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=msSFU-30-Is-Valid-Container,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msSFU30IsValidContainer
+adminDisplayName: msSFU-30-Is-Valid-Container
+adminDescription: internal to Server for NIS and stores whether the current search root is valid
+attributeId: 1.2.840.113556.1.6.18.1.350
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+schemaIdGuid:: 9ULqDY0nV0G0p0m1lmSRWw==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=msSFU-30-Search-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msSFU30SearchAttributes
+adminDisplayName: msSFU-30-Search-Attributes
+adminDescription: stores the names of the attributes Server for NIS needs while searching a map
+attributeId: 1.2.840.113556.1.6.18.1.304
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+rangeUpper: 1024
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 8C2a71cuyEiJUAzGdABHMw==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=msSFU-30-Master-Server-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msSFU30MasterServerName
+adminDisplayName: msSFU-30-Master-Server-Name
+adminDescription: The value in this container is returned when Server for NIS processes a yp_master API call
+attributeId: 1.2.840.113556.1.6.18.1.307
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+rangeUpper: 1024
+systemOnly: FALSE
+searchFlags: 1
+schemaIdGuid:: ogjJTBieDkGEWfF8xCICCg==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=msSFU-30-Result-Attributes,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msSFU30ResultAttributes
+adminDisplayName: msSFU-30-Result-Attributes
+adminDescription: Server for NIS uses this object as a scratch pad
+attributeId: 1.2.840.113556.1.6.18.1.305
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+rangeUpper: 1024
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: trBn4UVAM0SsNVP5ctRcug==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DFSR-MemberReferenceBL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-MemberReferenceBL
+adminDisplayName: ms-DFSR-MemberReferenceBL
+adminDescription: Backlink attribute for ms-DFSR-MemberReference
+attributeId: 1.2.840.113556.1.6.13.3.102
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: xmLerYAY7UG9PDC30l4U8A==
+linkID: 2053
+showInAdvancedViewOnly: TRUE
+systemFlags: 1
+
+dn: CN=ms-DFSR-ComputerReference,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-ComputerReference
+adminDisplayName: ms-DFSR-ComputerReference
+adminDescription: Forward link to Computer object
+attributeId: 1.2.840.113556.1.6.13.3.101
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: hVd7bCE9v0GKimJ5QVRNWg==
+linkID: 2050
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DFSR-RdcMinFileSizeInKb,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-RdcMinFileSizeInKb
+adminDisplayName: ms-DFSR-RdcMinFileSizeInKb
+adminDescription: Minimum file size to apply RDC
+attributeId: 1.2.840.113556.1.6.13.3.20
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: -1
+schemaIdGuid:: MKMC9OWswU2MyXTZAL+K4A==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=msSFU-30-NSMAP-Field-Position,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msSFU30NSMAPFieldPosition
+adminDisplayName: msSFU-30-NSMAP-Field-Position
+adminDescription: This attribute stores the "field position", to extract the key from a non-standard map
+attributeId: 1.2.840.113556.1.6.18.1.345
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+rangeUpper: 1024
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: Xp1cWJn1B0+c+UNzr0uJ0w==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DFSR-ComputerReferenceBL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-ComputerReferenceBL
+adminDisplayName: ms-DFSR-ComputerReferenceBL
+adminDescription: Backlink attribute for ms-DFSR-ComputerReference
+attributeId: 1.2.840.113556.1.6.13.3.103
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: 1ya1XhvXrkSMxpVGAFLmrA==
+linkID: 2051
+showInAdvancedViewOnly: TRUE
+systemFlags: 1
+
+dn: CN=msSFU-30-Intra-Field-Separator,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msSFU30IntraFieldSeparator
+adminDisplayName: msSFU-30-Intra-Field-Separator
+adminDescription: This attribute stores intra field separators for each NIS map
+attributeId: 1.2.840.113556.1.6.18.1.303
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+rangeUpper: 50
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 8K6yleQnuUyICqLZqeojuA==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DFSR-ReplicationGroupGuid,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-ReplicationGroupGuid
+adminDisplayName: ms-DFSR-ReplicationGroupGuid
+adminDescription: Replication group guid
+attributeId: 1.2.840.113556.1.6.13.3.23
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+searchFlags: 1
+rangeLower: 16
+rangeUpper: 16
+schemaIdGuid:: loetLRl2+E+Wbgpcxnsofw==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=msSFU-30-Netgroup-Host-At-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msSFU30NetgroupHostAtDomain
+adminDisplayName: msSFU-30-Netgroup-Host-At-Domain
+adminDescription: Part of the netgroup map.This attribute represents computed strings such as host@domain
+attributeId: 1.2.840.113556.1.6.18.1.348
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+rangeUpper: 2048
+systemOnly: FALSE
+searchFlags: 1
+schemaIdGuid:: Zb/Sl2YEUkiiWuwg9X7jbA==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=msSFU-30-Netgroup-User-At-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msSFU30NetgroupUserAtDomain
+adminDisplayName: msSFU-30-Netgroup-User-At-Domain
+adminDescription: Part of the netgroup map.This attribute represents computed strings such as user@domain
+attributeId: 1.2.840.113556.1.6.18.1.349
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+rangeUpper: 2048
+systemOnly: FALSE
+searchFlags: 1
+schemaIdGuid:: 7U7oqTDmZ0u0s8rSqC00Xg==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DFSR-ReplicationGroupType,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-ReplicationGroupType
+adminDisplayName: ms-DFSR-ReplicationGroupType
+adminDescription: Type of Replication Group
+attributeId: 1.2.840.113556.1.6.13.3.10
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+searchFlags: 0
+schemaIdGuid:: yA/t7gEQ7UWAzLv3RJMHIA==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DFSR-TombstoneExpiryInMin,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-TombstoneExpiryInMin
+adminDisplayName: ms-DFSR-TombstoneExpiryInMin
+adminDescription: Tombstone record lifetime in minutes
+attributeId: 1.2.840.113556.1.6.13.3.11
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2147483647
+schemaIdGuid:: TF3jIyTjYUiiL+GZFA2uAA==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DS-Source-Object-DN,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-SourceObjectDN
+adminDisplayName: ms-DS-Source-Object-DN
+adminDescription: The string representation of the DN of the object in another forest that corresponds to this object.
+attributeId: 1.2.840.113556.1.4.1879
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 10240
+schemaIdGuid:: r5M+d7TT1Eiz+QZFdgLT0A==
+showInAdvancedViewOnly: TRUE
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=ms-DFSR-LocalSettings,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDFSR-LocalSettings
+adminDisplayName: ms-DFSR-LocalSettings
+adminDescription: DFSR settings applicable to local computer
+governsId: 1.2.840.113556.1.6.13.4.1
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+mayContain: 1.2.840.113556.1.6.13.3.2
+mayContain: 1.2.840.113556.1.6.13.3.17
+mayContain: 1.2.840.113556.1.6.13.3.16
+mayContain: 1.2.840.113556.1.6.13.3.1
+possSuperiors: 1.2.840.113556.1.3.30
+schemaIdGuid:: kcWF+n8ZfkeDvepaQ98iOQ==
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-LocalSettings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisMap,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: nisMap
+adminDisplayName: nisMap
+adminDescription: A generic abstraction of a nis map
+governsId: 1.3.6.1.1.1.2.9
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+mustContain: 1.3.6.1.1.1.1.26
+mustContain: 2.5.4.3
+mayContain: 2.5.4.13
+possSuperiors: 2.5.6.5
+possSuperiors: 1.2.840.113556.1.3.23
+possSuperiors: 1.2.840.113556.1.5.67
+schemaIdGuid:: bGZydsECM0+ez/ZJwd2bfA==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NisMap,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpProtocol,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: ipProtocol
+adminDisplayName: ipProtocol
+adminDescription: Abstraction of an IP protocol
+governsId: 1.3.6.1.1.1.2.4
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+mustContain: 1.3.6.1.1.1.1.17
+mustContain: 2.5.4.3
+mayContain: 1.2.840.113556.1.6.18.1.323
+mayContain: 1.3.6.1.1.1.1.26
+mayContain: 1.2.840.113556.1.6.18.1.339
+mayContain: 1.2.840.113556.1.6.18.1.309
+mayContain: 2.5.4.13
+possSuperiors: 2.5.6.5
+possSuperiors: 1.2.840.113556.1.3.23
+possSuperiors: 1.3.6.1.1.1.2.9
+possSuperiors: 1.2.840.113556.1.5.67
+schemaIdGuid:: 0sstnPD7x02s4INW3NDwEw==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=IpProtocol,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PosixGroup,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: posixGroup
+adminDisplayName: posixGroup
+adminDescription: Abstraction of a group of acconts
+governsId: 1.3.6.1.1.1.2.2
+objectClassCategory: 3
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+mayContain: 1.3.6.1.1.1.1.12
+mayContain: 1.3.6.1.1.1.1.1
+mayContain: 2.5.4.13
+mayContain: 1.2.840.113556.1.4.1910
+mayContain: 2.5.4.35
+mayContain: 2.5.4.3
+schemaIdGuid:: uFCTKiwG0E6ZA93hDQbeug==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=PosixGroup,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-GlobalSettings,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDFSR-GlobalSettings
+adminDisplayName: ms-DFSR-GlobalSettings
+adminDescription: Global settings applicable to all replication group members
+governsId: 1.2.840.113556.1.6.13.4.4
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+mayContain: 1.2.840.113556.1.6.13.3.2
+mayContain: 1.2.840.113556.1.6.13.3.17
+mayContain: 1.2.840.113556.1.6.13.3.16
+possSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: rds1e+yzakiq1C/snW6m9g==
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-GlobalSettings,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IEEE802Device,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: ieee802Device
+adminDisplayName: ieee802Device
+adminDescription: A device with a MAC address
+governsId: 1.3.6.1.1.1.2.11
+objectClassCategory: 3
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+mayContain: 1.3.6.1.1.1.1.22
+mayContain: 2.5.4.3
+schemaIdGuid:: KeWZpjemfUug+13EZqC4pw==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=IEEE802Device,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Net-Id,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msSFU30NetId
+adminDisplayName: msSFU-30-Net-Id
+adminDescription: stores the netword ID
+governsId: 1.2.840.113556.1.6.18.2.212
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+mayContain: 1.3.6.1.1.1.1.26
+mayContain: 1.2.840.113556.1.6.18.1.339
+mayContain: 1.2.840.113556.1.6.18.1.309
+mayContain: 1.2.840.113556.1.6.18.1.324
+possSuperiors: 1.2.840.113556.1.3.23
+possSuperiors: 1.3.6.1.1.1.2.9
+possSuperiors: 1.2.840.113556.1.5.67
+schemaIdGuid:: LBlj4gIq30iXkpTyMoeBoA==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=msSFU-30-Net-Id,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisNetgroup,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: nisNetgroup
+adminDisplayName: nisNetgroup
+adminDescription: Abstraction of a netgroup. May refer to other netgroups
+governsId: 1.3.6.1.1.1.2.8
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+mustContain: 2.5.4.3
+mayContain: 1.2.840.113556.1.6.18.1.349
+mayContain: 1.2.840.113556.1.6.18.1.348
+mayContain: 1.3.6.1.1.1.1.26
+mayContain: 1.2.840.113556.1.6.18.1.339
+mayContain: 1.2.840.113556.1.6.18.1.309
+mayContain: 1.3.6.1.1.1.1.14
+mayContain: 1.3.6.1.1.1.1.13
+mayContain: 2.5.4.13
+possSuperiors: 2.5.6.5
+possSuperiors: 1.2.840.113556.1.3.23
+possSuperiors: 1.3.6.1.1.1.2.9
+possSuperiors: 1.2.840.113556.1.5.67
+schemaIdGuid:: hL/vcntuXEqo24p1p8rSVA==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NisNetgroup,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ReplicationGroup,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDFSR-ReplicationGroup
+adminDisplayName: ms-DFSR-ReplicationGroup
+adminDescription: Replication Group container
+governsId: 1.2.840.113556.1.6.13.4.5
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+mustContain: 1.2.840.113556.1.6.13.3.10
+mayContain: 1.2.840.113556.1.6.13.3.1
+mayContain: 1.2.840.113556.1.6.13.3.14
+mayContain: 1.2.840.113556.1.6.13.3.2
+mayContain: 1.2.840.113556.1.6.13.3.17
+mayContain: 1.2.840.113556.1.6.13.3.16
+mayContain: 1.2.840.113556.1.6.13.3.11
+mayContain: 2.5.4.13
+possSuperiors: 1.2.840.113556.1.6.13.4.4
+schemaIdGuid:: 4C8zHCoMMk+vyiPF5Fqedw==
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-ReplicationGroup,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Topology,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDFSR-Topology
+adminDisplayName: ms-DFSR-Topology
+adminDescription: Container for objects that form the replication topology
+governsId: 1.2.840.113556.1.6.13.4.8
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+mayContain: 1.2.840.113556.1.6.13.3.2
+mayContain: 1.2.840.113556.1.6.13.3.17
+mayContain: 1.2.840.113556.1.6.13.3.16
+possSuperiors: 1.2.840.113556.1.6.13.4.5
+schemaIdGuid:: qYqCBEJugE65YuL+AHVNFw==
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-Topology,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=PosixAccount,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: posixAccount
+adminDisplayName: posixAccount
+adminDescription: Abstraction of an account with posix attributes
+governsId: 1.3.6.1.1.1.2.0
+objectClassCategory: 3
+rdnAttId: 0.9.2342.19200300.100.1.1
+subClassOf: 2.5.6.0
+mayContain: 2.5.4.13
+mayContain: 1.3.6.1.1.1.1.2
+mayContain: 1.3.6.1.1.1.1.4
+mayContain: 1.2.840.113556.1.4.1910
+mayContain: 2.5.4.35
+mayContain: 1.2.840.113556.1.4.44
+mayContain: 1.3.6.1.1.1.1.3
+mayContain: 1.3.6.1.1.1.1.1
+mayContain: 1.3.6.1.1.1.1.0
+mayContain: 2.5.4.3
+mayContain: 0.9.2342.19200300.100.1.1
+schemaIdGuid:: QbtErdVniE21dXsgZ0522A==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=PosixAccount,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ShadowAccount,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: shadowAccount
+adminDisplayName: shadowAccount
+adminDescription: Additional attributes for shadow passwords
+governsId: 1.3.6.1.1.1.2.1
+objectClassCategory: 3
+rdnAttId: 0.9.2342.19200300.100.1.1
+subClassOf: 2.5.6.0
+mayContain: 1.3.6.1.1.1.1.11
+mayContain: 1.3.6.1.1.1.1.10
+mayContain: 1.3.6.1.1.1.1.9
+mayContain: 1.3.6.1.1.1.1.8
+mayContain: 1.3.6.1.1.1.1.7
+mayContain: 1.3.6.1.1.1.1.6
+mayContain: 1.3.6.1.1.1.1.5
+mayContain: 2.5.4.13
+mayContain: 2.5.4.35
+mayContain: 0.9.2342.19200300.100.1.1
+schemaIdGuid:: Z4RtWxgadEGzUJzG57SsjQ==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ShadowAccount,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Content,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDFSR-Content
+adminDisplayName: ms-DFSR-Content
+adminDescription: Container for DFSR-ContentSet objects
+governsId: 1.2.840.113556.1.6.13.4.6
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+mayContain: 1.2.840.113556.1.6.13.3.2
+mayContain: 1.2.840.113556.1.6.13.3.17
+mayContain: 1.2.840.113556.1.6.13.3.16
+possSuperiors: 1.2.840.113556.1.6.13.4.5
+schemaIdGuid:: NZt1ZKHT5EK18aPeFiEJsw==
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-Content,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=BootableDevice,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: bootableDevice
+adminDisplayName: bootableDevice
+adminDescription: A device with boot parameters
+governsId: 1.3.6.1.1.1.2.12
+objectClassCategory: 3
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+mayContain: 1.3.6.1.1.1.1.24
+mayContain: 1.3.6.1.1.1.1.23
+mayContain: 2.5.4.3
+schemaIdGuid:: dyTLS7NLRUWp/Ptm4Ta0NQ==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=BootableDevice,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-Print-ConnectionPolicy,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msPrint-ConnectionPolicy
+adminDisplayName: ms-Print-ConnectionPolicy
+adminDescription: Pushed Printer Connection Policy1
+governsId: 1.2.840.113556.1.6.23.2
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+mustContain: 2.5.4.3
+mayContain: 1.2.840.113556.1.4.137
+mayContain: 1.2.840.113556.1.4.223
+mayContain: 1.2.840.113556.1.4.247
+mayContain: 1.2.840.113556.1.4.300
+possSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: xzNvodZ/KEiTZENROP2gjQ==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-Print-ConnectionPolicy,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Member,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDFSR-Member
+adminDisplayName: ms-DFSR-Member
+adminDescription: Replication group member
+governsId: 1.2.840.113556.1.6.13.4.9
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+mustContain: 1.2.840.113556.1.6.13.3.101
+mayContain: 1.2.840.113556.1.6.13.3.2
+mayContain: 1.2.840.113556.1.6.13.3.17
+mayContain: 1.2.840.113556.1.6.13.3.16
+mayContain: 1.2.840.113556.1.6.13.3.15
+mayContain: 1.2.840.113556.1.4.515
+possSuperiors: 1.2.840.113556.1.6.13.4.8
+schemaIdGuid:: l8gpQhHCfEOlrtv3BbaW5Q==
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-Member,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=OncRpc,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: oncRpc
+adminDisplayName: oncRpc
+adminDescription: Abstraction of an Open Network Computing (ONC) [RFC1057] Remote Procedure Call (RPC) binding
+governsId: 1.3.6.1.1.1.2.5
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+mustContain: 1.3.6.1.1.1.1.18
+mustContain: 2.5.4.3
+mayContain: 1.2.840.113556.1.6.18.1.323
+mayContain: 1.3.6.1.1.1.1.26
+mayContain: 1.2.840.113556.1.6.18.1.339
+mayContain: 1.2.840.113556.1.6.18.1.309
+mayContain: 2.5.4.13
+possSuperiors: 2.5.6.5
+possSuperiors: 1.2.840.113556.1.3.23
+possSuperiors: 1.3.6.1.1.1.2.9
+possSuperiors: 1.2.840.113556.1.5.67
+schemaIdGuid:: Xh7dyvz+P0+1qXDplCBDAw==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=OncRpc,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpHost,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: ipHost
+adminDisplayName: ipHost
+adminDescription: Abstraction of a host, an IP device.
+governsId: 1.3.6.1.1.1.2.6
+objectClassCategory: 3
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+mayContain: 2.5.4.7
+mayContain: 0.9.2342.19200300.100.1.1
+mayContain: 1.3.6.1.1.1.1.19
+mayContain: 2.5.4.13
+mayContain: 2.5.4.3
+mayContain: 0.9.2342.19200300.100.1.10
+schemaIdGuid:: RhaRqyeIlU+HgFqPAI62jw==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=IpHost,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Domain-Info,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msSFU30DomainInfo
+adminDisplayName: msSFU-30-Domain-Info
+adminDescription: Represents an internal data structure used by Server for NIS.
+governsId: 1.2.840.113556.1.6.18.2.215
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+mayContain: 1.2.840.113556.1.6.18.1.352
+mayContain: 1.2.840.113556.1.6.18.1.343
+mayContain: 1.2.840.113556.1.6.18.1.342
+mayContain: 1.2.840.113556.1.6.18.1.308
+mayContain: 1.2.840.113556.1.6.18.1.307
+mayContain: 1.2.840.113556.1.6.18.1.350
+mayContain: 1.2.840.113556.1.6.18.1.300
+mayContain: 1.2.840.113556.1.6.18.1.341
+mayContain: 1.2.840.113556.1.6.18.1.340
+possSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: zn0pNmtlI0SrZdq7J3CBng==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=msSFU-30-Domain-Info,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Connection,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDFSR-Connection
+adminDisplayName: ms-DFSR-Connection
+adminDescription: Directional connection between two members
+governsId: 1.2.840.113556.1.6.13.4.10
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+mustContain: 1.2.840.113556.1.4.40
+mayContain: 1.2.840.113556.1.6.13.3.2
+mayContain: 1.2.840.113556.1.6.13.3.17
+mayContain: 1.2.840.113556.1.6.13.3.16
+mayContain: 1.2.840.113556.1.6.13.3.14
+mayContain: 1.2.840.113556.1.6.13.3.15
+mayContain: 1.2.840.113556.1.6.13.3.20
+mayContain: 1.2.840.113556.1.6.13.3.19
+mayContain: 1.2.840.113556.1.6.13.3.9
+possSuperiors: 1.2.840.113556.1.6.13.4.9
+schemaIdGuid:: LpeP5bVk70aNi7vD4Yl+qw==
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-Connection,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Subscriber,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDFSR-Subscriber
+adminDisplayName: ms-DFSR-Subscriber
+adminDescription: Represents local computer membership of a replication group
+governsId: 1.2.840.113556.1.6.13.4.2
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+mustContain: 1.2.840.113556.1.6.13.3.23
+mustContain: 1.2.840.113556.1.6.13.3.100
+mayContain: 1.2.840.113556.1.6.13.3.2
+mayContain: 1.2.840.113556.1.6.13.3.17
+mayContain: 1.2.840.113556.1.6.13.3.16
+possSuperiors: 1.2.840.113556.1.6.13.4.1
+schemaIdGuid:: 1wUV4cSS50O/XClYMv/Ilg==
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-Subscriber,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-ContentSet,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDFSR-ContentSet
+adminDisplayName: ms-DFSR-ContentSet
+adminDescription: DFSR Content Set
+governsId: 1.2.840.113556.1.6.13.4.7
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+mayContain: 1.2.840.113556.1.6.13.3.2
+mayContain: 1.2.840.113556.1.6.13.3.17
+mayContain: 1.2.840.113556.1.6.13.3.16
+mayContain: 1.2.840.113556.1.6.13.3.13
+mayContain: 1.2.840.113556.1.6.13.3.12
+mayContain: 1.2.840.113556.1.6.13.3.21
+mayContain: 2.5.4.13
+possSuperiors: 1.2.840.113556.1.6.13.4.6
+schemaIdGuid:: DfQ3SdymSE2Xygbl+/0/Fg==
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-ContentSet,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Mail-Aliases,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msSFU30MailAliases
+adminDisplayName: msSFU-30-Mail-Aliases
+adminDescription: represents UNIX mail file data
+governsId: 1.2.840.113556.1.6.18.2.211
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+mayContain: 1.3.6.1.1.1.1.26
+mayContain: 1.2.840.113556.1.6.18.1.323
+mayContain: 1.2.840.113556.1.6.18.1.339
+mayContain: 1.2.840.113556.1.6.18.1.309
+possSuperiors: 1.2.840.113556.1.3.23
+possSuperiors: 1.3.6.1.1.1.2.9
+possSuperiors: 1.2.840.113556.1.5.67
+schemaIdGuid:: hQdx1v+Gt0SFtfH4aJUizg==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=msSFU-30-Mail-Aliases,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-Network-User,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msSFU30NetworkUser
+adminDisplayName: msSFU-30-Network-User
+adminDescription: represents network file data
+governsId: 1.2.840.113556.1.6.18.2.216
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+mayContain: 1.3.6.1.1.1.1.26
+mayContain: 1.2.840.113556.1.6.18.1.339
+mayContain: 1.2.840.113556.1.6.18.1.309
+mayContain: 1.2.840.113556.1.6.18.1.324
+possSuperiors: 1.2.840.113556.1.3.23
+possSuperiors: 1.3.6.1.1.1.2.9
+possSuperiors: 1.2.840.113556.1.5.67
+schemaIdGuid:: ozRT4fALJ0S2chH12ErMkg==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=msSFU-30-Network-User,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=msSFU-30-NIS-Map-Config,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msSFU30NISMapConfig
+adminDisplayName: msSFU-30-NIS-Map-Config
+adminDescription: represents an internal Data Structure used by Server for NIS
+governsId: 1.2.840.113556.1.6.18.2.217
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+mayContain: 1.2.840.113556.1.6.18.1.306
+mayContain: 1.2.840.113556.1.6.18.1.305
+mayContain: 1.2.840.113556.1.6.18.1.304
+mayContain: 1.2.840.113556.1.6.18.1.303
+mayContain: 1.2.840.113556.1.6.18.1.345
+mayContain: 1.2.840.113556.1.6.18.1.302
+mayContain: 1.2.840.113556.1.6.18.1.301
+possSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: 0DP3+uv4z02NdfF1OvalCw==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=msSFU-30-NIS-Map-Config,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFSR-Subscription,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDFSR-Subscription
+adminDisplayName: ms-DFSR-Subscription
+adminDescription: Represents local computer participation of a content set
+governsId: 1.2.840.113556.1.6.13.4.3
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+mustContain: 1.2.840.113556.1.6.13.3.23
+mustContain: 1.2.840.113556.1.6.13.3.18
+mayContain: 1.2.840.113556.1.6.13.3.2
+mayContain: 1.2.840.113556.1.6.13.3.17
+mayContain: 1.2.840.113556.1.6.13.3.16
+mayContain: 1.2.840.113556.1.6.13.3.24
+mayContain: 1.2.840.113556.1.6.13.3.22
+mayContain: 1.2.840.113556.1.6.13.3.9
+mayContain: 1.2.840.113556.1.6.13.3.8
+mayContain: 1.2.840.113556.1.6.13.3.7
+mayContain: 1.2.840.113556.1.6.13.3.6
+mayContain: 1.2.840.113556.1.6.13.3.5
+mayContain: 1.2.840.113556.1.6.13.3.4
+mayContain: 1.2.840.113556.1.6.13.3.3
+possSuperiors: 1.2.840.113556.1.6.13.4.2
+schemaIdGuid:: FCQhZ8x7CUaH4AiNrYq97g==
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-Subscription,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=NisObject,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: nisObject
+adminDisplayName: nisObject
+adminDescription: An entry in a NIS map
+governsId: 1.3.6.1.1.1.2.10
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+mustContain: 1.3.6.1.1.1.1.27
+mustContain: 1.3.6.1.1.1.1.26
+mustContain: 2.5.4.3
+mayContain: 1.2.840.113556.1.6.18.1.339
+mayContain: 1.2.840.113556.1.6.18.1.309
+mayContain: 2.5.4.13
+possSuperiors: 2.5.6.5
+possSuperiors: 1.2.840.113556.1.3.23
+possSuperiors: 1.3.6.1.1.1.2.9
+possSuperiors: 1.2.840.113556.1.5.67
+schemaIdGuid:: k4pPkFRJX0yx4VPAl6MeEw==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NisObject,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpService,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: ipService
+adminDisplayName: ipService
+adminDescription: Abstraction of an Internet Protocol service.
+governsId: 1.3.6.1.1.1.2.3
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+mustContain: 2.5.4.3
+mustContain: 1.3.6.1.1.1.1.15
+mustContain: 1.3.6.1.1.1.1.16
+mayContain: 1.3.6.1.1.1.1.26
+mayContain: 1.2.840.113556.1.6.18.1.323
+mayContain: 1.2.840.113556.1.6.18.1.339
+mayContain: 1.2.840.113556.1.6.18.1.309
+mayContain: 2.5.4.13
+possSuperiors: 2.5.6.5
+possSuperiors: 1.2.840.113556.1.3.23
+possSuperiors: 1.3.6.1.1.1.2.9
+possSuperiors: 1.2.840.113556.1.5.67
+schemaIdGuid:: 3/oXJZf6rUid5nmsVyH4ZA==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=IpService,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=IpNetwork,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: ipNetwork
+adminDisplayName: ipNetwork
+adminDescription: Abstraction of a network. The distinguished value of the cn attribute denotes the network's canonical name
+governsId: 1.3.6.1.1.1.2.7
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+mustContain: 1.3.6.1.1.1.1.20
+mustContain: 2.5.4.3
+mayContain: 1.2.840.113556.1.6.18.1.323
+mayContain: 1.3.6.1.1.1.1.26
+mayContain: 1.2.840.113556.1.6.18.1.339
+mayContain: 1.2.840.113556.1.6.18.1.309
+mayContain: 2.5.4.7
+mayContain: 0.9.2342.19200300.100.1.1
+mayContain: 1.3.6.1.1.1.1.21
+mayContain: 2.5.4.13
+mayContain: 0.9.2342.19200300.100.1.10
+possSuperiors: 2.5.6.5
+possSuperiors: 1.2.840.113556.1.3.23
+possSuperiors: 1.3.6.1.1.1.2.9
+possSuperiors: 1.2.840.113556.1.5.67
+schemaIdGuid:: wzZY2T4U+0OZKrBX8eyt+Q==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=IpNetwork,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.6.13.3.102
+-
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.6.13.3.103
+-
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.6.18.1.347
+-
+
+dn: CN=Group,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.6.18.1.346
+-
+
+dn: CN=Group,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.6.18.1.339
+-
+
+dn: CN=Group,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.6.18.1.309
+-
+
+dn: CN=Group,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: auxiliaryClass
+auxiliaryClass: 1.3.6.1.1.1.2.2
+-
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.4.1879
+-
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.6.18.1.309
+-
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.6.18.1.339
+-
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: auxiliaryClass
+auxiliaryClass: 1.3.6.1.1.1.2.0
+-
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: auxiliaryClass
+auxiliaryClass: 1.3.6.1.1.1.2.1
+-
+
+dn: CN=Device,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.6.18.1.323
+-
+
+dn: CN=Device,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.3.6.1.1.1.1.26
+-
+
+dn: CN=Device,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.6.18.1.339
+-
+
+dn: CN=Device,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.6.18.1.309
+-
+
+dn: CN=Device,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: auxiliaryClass
+auxiliaryClass: 1.3.6.1.1.1.2.12
+-
+
+dn: CN=Device,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: auxiliaryClass
+auxiliaryClass: 1.3.6.1.1.1.2.11
+-
+
+dn: CN=Device,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: auxiliaryClass
+auxiliaryClass: 1.3.6.1.1.1.2.6
+-
+
+dn: CN=Device,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemPossSuperiors
+systemPossSuperiors: 1.2.840.113556.1.5.67
+-
+
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.6.18.1.309
+-
+
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.3.6.1.1.1.1.26
+-
+
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.6.18.1.339
+-
+
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.6.18.1.323
+-
+
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: auxiliaryClass
+auxiliaryClass: 1.3.6.1.1.1.2.6
+-
+
+dn: CN=Contact,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.4.1879
+-
+
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+# Increase object version
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 31
+-
+
+```
+
+### Sch32.ldf
+
+```
+dn: CN=ms-DS-KrbTgt-Link,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-KrbTgtLink
+adminDisplayName: ms-DS-KrbTgt-Link
+adminDescription: For a computer, Identifies the user object (krbtgt), acting as the domain or secondary domain master secret. Depends on which domain or secondary domain the computer resides in.
+attributeId: 1.2.840.113556.1.4.1923
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: yfWPd05vdEuFataDgzE5EA==
+linkID: 2100
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Revealed-Users,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-RevealedUsers
+adminDisplayName: ms-DS-Revealed-Users
+adminDescription: For a Directory instance (DSA), Identifies the user objects whose secrets have been disclosed to that instance
+attributeId: 1.2.840.113556.1.4.1924
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+omObjectClass:: KoZIhvcUAQEBCw==
+schemaIdGuid:: IXhcGEk3OkS9aiiImQca2w==
+linkID: 2102
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Revealed-List,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-RevealedList
+adminDisplayName: ms-DS-Revealed-List
+adminDescription: For a Directory instance (DSA), Identifies the user objects whose secrets have been disclosed to that instance
+attributeId: 1.2.840.113556.1.4.1940
+attributeSyntax: 2.5.5.14
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+omObjectClass:: KoZIhvcUAQEBDA==
+schemaIdGuid:: HNHay+x/ezhiGToGJ9mvgQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 20
+
+dn: CN=ms-DS-Has-Full-Replica-NCs,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-hasFullReplicaNCs
+adminDisplayName: ms-DS-Has-Full-Replica-NCs
+adminDescription: For a Directory instance (DSA), identifies the partitions held as full replicas
+attributeId: 1.2.840.113556.1.4.1925
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: GC08HdBCaEiZ/g7KHm+p8w==
+linkID: 2104
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Never-Reveal-Group,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-NeverRevealGroup
+adminDisplayName: ms-DS-Never-Reveal-Group
+adminDescription: For a Directory instance (DSA), identifies the security group whose users will never have their secrets disclosed to that instance
+attributeId: 1.2.840.113556.1.4.1926
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: mVlYFUn9Zk2yXe65arqBdA==
+linkID: 2106
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Reveal-OnDemand-Group,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-RevealOnDemandGroup
+adminDisplayName: ms-DS-Reveal-OnDemand-Group
+adminDescription: For a Directory instance (DSA), identifies the security group whose users may have their secrets disclosed to that instance
+attributeId: 1.2.840.113556.1.4.1928
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: Sp89MNYdOEuPxTOv6MmIrQ==
+linkID: 2110
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Secondary-KrbTgt-Number,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-SecondaryKrbTgtNumber
+adminDisplayName: ms-DS-Secondary-KrbTgt-Number
+adminDescription: For a user object (krbtgt), acting as a secondary domain master secret, identifies the protocol identification number associated with the secondary domain.
+attributeId: 1.2.840.113556.1.4.1929
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 1
+rangeLower: 65536
+rangeUpper: 65536
+schemaIdGuid:: EmYVqpYjfkataijSP9sYZQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Revealed-DSAs,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-RevealedDSAs
+adminDisplayName: ms-DS-Revealed-DSAs
+adminDescription: Backlink for ms-DS-Revealed-Users; for a user, identifies which Directory instances (DSA) hold that user's secret
+attributeId: 1.2.840.113556.1.4.1930
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: rPL2lG3HXku3H/Myw+k8Ig==
+linkID: 2103
+showInAdvancedViewOnly: TRUE
+systemFlags: 17
+
+dn: CN=ms-DS-KrbTgt-Link-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-KrbTgtLinkBl
+adminDisplayName: ms-DS-KrbTgt-Link-BL
+adminDescription: Backlink for ms-DS-KrbTgt-Link; for a user object (krbtgt) acting as a domain or secondary domain master secret, identifies which computers are in that domain or secondary domain
+attributeId: 1.2.840.113556.1.4.1931
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: QYzWXd+/i0ObXTnZYYvyYA==
+linkID: 2101
+showInAdvancedViewOnly: TRUE
+systemFlags: 17
+
+dn: CN=ms-DS-Is-Domain-For,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-IsDomainFor
+adminDisplayName: ms-DS-Is-Domain-For
+adminDescription: Backlink for ms-DS-Has-Domain-NCs; for a partition root object, identifies which Directory instances (DSA) hold that partition as their primary domain
+attributeId: 1.2.840.113556.1.4.1933
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: KloV/+VE4E2DGBOliYjeTw==
+linkID: 2027
+showInAdvancedViewOnly: TRUE
+systemFlags: 17
+
+dn: CN=ms-DS-Is-Full-Replica-For,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-IsFullReplicaFor
+adminDisplayName: ms-DS-Is-Full-Replica-For
+adminDescription: Backlink for ms-Ds-Has-Full-Replica-NCs; for a partition root object, identifies which Directory instances (DSA) hold that partition as a full replica
+attributeId: 1.2.840.113556.1.4.1932
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: 4HK8yLSm8EiUpf12qIyZhw==
+linkID: 2105
+showInAdvancedViewOnly: TRUE
+systemFlags: 17
+
+dn: CN=ms-DS-Is-Partial-Replica-For,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-IsPartialReplicaFor
+adminDisplayName: ms-DS-Is-Partial-Replica-For
+adminDescription: Backlink for has-Partial-Replica-NCs; for a partition root object, identifies which Directory instances (DSA) hold that partition as a partial replica
+attributeId: 1.2.840.113556.1.4.1934
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: 9k/JN9TGj0my+cb3+GR4CQ==
+linkID: 75
+showInAdvancedViewOnly: TRUE
+systemFlags: 17
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1931
+systemMayContain: 1.2.840.113556.1.4.1930
+systemMayContain: 1.2.840.113556.1.4.1932
+systemMayContain: 1.2.840.113556.1.4.1933
+systemMayContain: 1.2.840.113556.1.4.1934
+-
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1929
+-
+
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1923
+-
+
+dn: CN=NTDS-DSA,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1925
+systemMayContain: 1.2.840.113556.1.4.1928
+systemMayContain: 1.2.840.113556.1.4.1926
+systemMayContain: 1.2.840.113556.1.4.1924
+-
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+# Increase object version
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 32
+-
+
+```
+
+### Sch33.ldf
+
+```
+dn: CN=ms-DS-isGC,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-isGC
+adminDisplayName: ms-DS-isGC
+adminDescription: For a Directory instance (DSA), Identifies the state of the Global Catalog on the DSA
+attributeId: 1.2.840.113556.1.4.1959
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: M8/1HeUPnkmQ4elLQnGKRg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 20
+
+dn: CN=ms-DS-isRODC,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-isRODC
+adminDisplayName: ms-DS-isRODC
+adminDescription: For a Directory instance (DSA), Identifies whether the DSA is a Read-Only DSA
+attributeId: 1.2.840.113556.1.4.1960
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: I6roqGc+8Uqdei8aHWM6yQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 20
+
+dn: CN=ms-DS-SiteName,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-SiteName
+adminDisplayName: ms-DS-SiteName
+adminDescription: For a Directory instance (DSA), Identifies the site name that contains the DSA
+attributeId: 1.2.840.113556.1.4.1961
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: bfOnmJU1ikSeb2uJZbrtnA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 20
+
+dn: CN=ms-DS-AuthenticatedAt-DC,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-AuthenticatedAtDC
+adminDisplayName: ms-DS-AuthenticatedAt-DC
+adminDescription: Forwardlink for ms-DS-AuthenticatedTo-Accountlist; for a User, identifies which DC a user has authenticated to
+attributeId: 1.2.840.113556.1.4.1958
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: nOkePgRmiUSJ2YR5iolRWg==
+linkID: 2112
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Promotion-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-PromotionSettings
+adminDisplayName: ms-DS-Promotion-Settings
+adminDescription: For a Computer, contains a XML string to be used for delegated DSA promotion
+attributeId: 1.2.840.113556.1.4.1962
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+rangeUpper: 65536
+schemaIdGuid:: 4rSByMBDvk65u1JQqptDTA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Supported-Encryption-Types,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-SupportedEncryptionTypes
+adminDisplayName: msDS-SupportedEncryptionTypes
+adminDescription: The encryption algorithms supported by user, computer or trust accounts. The KDC uses this information while generating a service ticket for this account. Services/Computers may automatically update this attribute on their respective accounts in Active Directory, and therefore need write access to this attribute.
+attributeId: 1.2.840.113556.1.4.1963
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: Z5gRIAQdt0qTcc/D1d8K/Q==
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-AuthenticatedTo-Accountlist,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-AuthenticatedToAccountlist
+adminDisplayName: ms-DS-AuthenticatedTo-Accountlist
+adminDescription: Backlink for ms-DS-AuthenticatedAt-DC; for a Computer, identifies which users have authenticated to this Computer
+attributeId: 1.2.840.113556.1.4.1957
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: ccmy6N+mvEeNb2J3DVJ6pQ==
+linkID: 2113
+showInAdvancedViewOnly: TRUE
+systemFlags: 17
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=ms-DS-Never-Reveal-Group,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: isSingleValued
+isSingleValued: FALSE
+-
+
+dn: CN=ms-DS-Reveal-OnDemand-Group,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: isSingleValued
+isSingleValued: FALSE
+-
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1957
+-
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1963
+-
+
+dn: CN=Server,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1959
+systemMayContain: 1.2.840.113556.1.4.1960
+systemMayContain: 1.2.840.113556.1.4.1961
+-
+
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1783
+systemMayContain: 1.2.840.113556.1.4.1924
+systemMayContain: 1.2.840.113556.1.4.1940
+systemMayContain: 1.2.840.113556.1.4.1958
+systemMayContain: 1.2.840.113556.1.4.1959
+systemMayContain: 1.2.840.113556.1.4.1960
+systemMayContain: 1.2.840.113556.1.4.1961
+systemMayContain: 1.2.840.113556.1.4.1962
+systemMayContain: 1.2.840.113556.1.4.1926
+systemMayContain: 1.2.840.113556.1.4.1928
+-
+
+dn: CN=Trusted-Domain,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1963
+-
+
+dn: CN=NTDS-DSA,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1959
+systemMayContain: 1.2.840.113556.1.4.1960
+systemMayContain: 1.2.840.113556.1.4.1961
+-
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1927
+-
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+# Increase object version
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 33
+-
+
+```
+
+### Sch34.ldf
+
+```
+dn: CN=ms-DFSR-ReadOnly,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-ReadOnly
+adminDisplayName: DFSR-ReadOnly
+adminDescription: Specify whether the content is read-only or read-write
+attributeId: 1.2.840.113556.1.6.13.3.28
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+searchFlags: 0
+schemaIdGuid:: IYDEWkfk50adI5LAxqkN+w==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DFSR-Priority,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-Priority
+adminDisplayName: DFSR-Priority
+adminDescription: Priority level
+attributeId: 1.2.840.113556.1.6.13.3.25
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+searchFlags: 0
+schemaIdGuid:: 1ucg660y3kKxQRatJjGwGw==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DS-Az-Object-Guid,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-AzObjectGuid
+adminDisplayName: MS-DS-Az-Object-Guid
+adminDescription: The unique and portable identifier of AzMan objects
+attributeId: 1.2.840.113556.1.4.1949
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 1
+rangeLower: 16
+rangeUpper: 16
+schemaIdGuid:: SOWRhDhsZUOnMq8EFWmwLA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Az-Generic-Data,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-AzGenericData
+adminDisplayName: MS-DS-Az-Generic-Data
+adminDescription: AzMan specific generic data
+attributeId: 1.2.840.113556.1.4.1950
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 65536
+schemaIdGuid:: SeP3tVt6fECjNKMcP1OLmA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DFSR-CachePolicy,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-CachePolicy
+adminDisplayName: DFSR-CachePolicy
+adminDescription: On-demand cache policy options
+attributeId: 1.2.840.113556.1.6.13.3.29
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+searchFlags: 0
+schemaIdGuid:: 5wh623b8aUWkX/XstmqItQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DFSR-DeletedPath,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-DeletedPath
+adminDisplayName: DFSR-DeletedPath
+adminDescription: Full path of the Deleted directory
+attributeId: 1.2.840.113556.1.6.13.3.26
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+searchFlags: 0
+rangeUpper: 32767
+schemaIdGuid:: uPB8gZXbFEm4M1oHnvZXZA==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-FVE-RecoveryGuid,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msFVE-RecoveryGuid
+adminDisplayName: FVE-RecoveryGuid
+adminDescription: This attribute contains the GUID associated with a Full Volume Encryption (FVE) recovery password.
+attributeId: 1.2.840.113556.1.4.1965
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+searchFlags: 9
+schemaIdGuid:: vAlp93jmoEews/hqAETAbQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-TPM-OwnerInformation,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTPM-OwnerInformation
+adminDisplayName: TPM-OwnerInformation
+adminDescription: This attribute contains the owner information of a particular TPM.
+attributeId: 1.2.840.113556.1.4.1966
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+searchFlags: 8
+schemaIdGuid:: bRpOqg1VBU6MNUr8uRep/g==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-PKI-DPAPIMasterKeys,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msPKIDPAPIMasterKeys
+adminDisplayName: MS-PKI-DPAPIMasterKeys
+adminDescription: Storage of encrypted DPAPI Master Keys for user
+attributeId: 1.2.840.113556.1.4.1893
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 128
+omObjectClass:: KoZIhvcUAQEBCw==
+schemaIdGuid:: IzD5szmSfE+5nGdF2Hrbwg==
+attributeSecurityGuid:: 3kfmkW/ZcEuVV9Y/9PPM2A==
+linkID: 2046
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Phonetic-Last-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-PhoneticLastName
+adminDisplayName: ms-DS-Phonetic-Last-Name
+adminDescription: Contains the phonetic last name of the person.
+attributeId: 1.2.840.113556.1.4.1943
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 5
+rangeLower: 1
+rangeUpper: 64
+schemaIdGuid:: 7OQX8jYIkEuIry9dS72ivA==
+attributeSecurityGuid:: VAGN5Pi80RGHAgDAT7lgUA==
+mapiID: 35983
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-PKI-RoamingTimeStamp,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msPKIRoamingTimeStamp
+adminDisplayName: MS-PKI-RoamingTimeStamp
+adminDescription: Time stamp for last change to roaming tokens
+attributeId: 1.2.840.113556.1.4.1892
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 128
+schemaIdGuid:: rOQXZvGiq0O2DBH70frPBQ==
+attributeSecurityGuid:: 3kfmkW/ZcEuVV9Y/9PPM2A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DFSR-DeletedSizeInMb,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-DeletedSizeInMb
+adminDisplayName: DFSR-DeletedSizeInMb
+adminDescription: Size of the Deleted directory in MB
+attributeId: 1.2.840.113556.1.6.13.3.27
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+searchFlags: 0
+rangeUpper: -1
+schemaIdGuid:: 0ZrtU3WZ9EGD9QwGGhJVOg==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DS-Phonetic-First-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-PhoneticFirstName
+adminDisplayName: ms-DS-Phonetic-First-Name
+adminDescription: Contains the phonetic given name or first name of the person.
+attributeId: 1.2.840.113556.1.4.1942
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 5
+rangeLower: 1
+rangeUpper: 64
+schemaIdGuid:: TrocSy8wNEGsfPAfbHl4Qw==
+attributeSecurityGuid:: VAGN5Pi80RGHAgDAT7lgUA==
+mapiID: 35982
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-FVE-RecoveryPassword,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msFVE-RecoveryPassword
+adminDisplayName: FVE-RecoveryPassword
+adminDescription: This attribute contains the password required to recover a Full Volume Encryption (FVE) volume.
+attributeId: 1.2.840.113556.1.4.1964
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+searchFlags: 8
+schemaIdGuid:: wRoGQ63IzEy3hSv6wg/GCg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Phonetic-Department,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-PhoneticDepartment
+adminDisplayName: ms-DS-Phonetic-Department
+adminDescription: Contains the phonetic department name where the person works.
+attributeId: 1.2.840.113556.1.4.1944
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 5
+rangeLower: 1
+rangeUpper: 64
+schemaIdGuid:: rz3VbD4A50mnAm+oluem7w==
+attributeSecurityGuid:: VAGN5Pi80RGHAgDAT7lgUA==
+mapiID: 35984
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-PKI-AccountCredentials,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msPKIAccountCredentials
+adminDisplayName: MS-PKI-AccountCredentials
+adminDescription: Storage of encrypted user credential token blobs for roaming
+attributeId: 1.2.840.113556.1.4.1894
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 128
+omObjectClass:: KoZIhvcUAQEBCw==
+schemaIdGuid:: RKffuNwx8U6sfIS69++dpw==
+attributeSecurityGuid:: 3kfmkW/ZcEuVV9Y/9PPM2A==
+linkID: 2048
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-RADIUS-FramedIpv6Route,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msRADIUS-FramedIpv6Route
+adminDisplayName: ms-RADIUS-FramedIpv6Route
+adminDescription: This Attribute provides routing information to be configured for the user on the NAS.
+attributeId: 1.2.840.113556.1.4.1917
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 4096
+schemaIdGuid:: BKhaWoMwY0iU5QGKeaIuwA==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DS-Phonetic-Display-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-PhoneticDisplayName
+adminDisplayName: ms-DS-Phonetic-Display-Name
+adminDescription: The phonetic display name of an object.  In the absence of a phonetic display name the existing display name is used.
+attributeId: 1.2.840.113556.1.4.1946
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 5
+rangeLower: 0
+rangeUpper: 256
+schemaIdGuid:: 5JQa4mYt5UyzDQ74endv8A==
+attributeSecurityGuid:: VAGN5Pi80RGHAgDAT7lgUA==
+mapiID: 35986
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Phonetic-Company-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-PhoneticCompanyName
+adminDisplayName: ms-DS-Phonetic-Company-Name
+adminDescription: Contains the phonetic company name where the person works.
+attributeId: 1.2.840.113556.1.4.1945
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 5
+rangeLower: 1
+rangeUpper: 64
+schemaIdGuid:: jSDVW/TlrkalFFQ7ycR2WQ==
+attributeSecurityGuid:: VAGN5Pi80RGHAgDAT7lgUA==
+mapiID: 35985
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-net-ieee-8023-GP-PolicyData,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: ms-net-ieee-8023-GP-PolicyData
+adminDisplayName: ms-net-ieee-8023-GP-PolicyData
+adminDescription: This attribute contains all of the settings and data which comprise a group policy configuration for 802.3 wired networks.
+attributeId: 1.2.840.113556.1.4.1955
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1048576
+schemaIdGuid:: i5SYg1d0kU29TY1+1mnJ9w==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-net-ieee-8023-GP-PolicyGUID,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: ms-net-ieee-8023-GP-PolicyGUID
+adminDisplayName: ms-net-ieee-8023-GP-PolicyGUID
+adminDescription: This attribute contains a GUID which identifies a specific 802.3 group policy object on the domain.
+attributeId: 1.2.840.113556.1.4.1954
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 64
+schemaIdGuid:: WrCnlLK4WU+cJTnmm6oWhA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DFSR-MaxAgeInCacheInMin,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-MaxAgeInCacheInMin
+adminDisplayName: DFSR-MaxAgeInCacheInMin
+adminDescription: Maximum time in minutes to keep files in full form
+attributeId: 1.2.840.113556.1.6.13.3.31
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+searchFlags: 0
+rangeUpper: 2147483647
+schemaIdGuid:: jeSwKk6s/EqD5aNCQNthmA==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-net-ieee-80211-GP-PolicyData,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: ms-net-ieee-80211-GP-PolicyData
+adminDisplayName: ms-net-ieee-80211-GP-PolicyData
+adminDescription: This attribute contains all of the settings and data which comprise a group policy configuration for 802.11 wireless networks.
+attributeId: 1.2.840.113556.1.4.1952
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 4194304
+schemaIdGuid:: pZUUnHZNjkaZHhQzsKZ4VQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-RADIUS-FramedIpv6Prefix,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msRADIUS-FramedIpv6Prefix
+adminDisplayName: ms-RADIUS-FramedIpv6Prefix
+adminDescription: This Attribute indicates an IPv6 prefix (and corresponding route) to be configured for the user.
+attributeId: 1.2.840.113556.1.4.1915
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 16
+schemaIdGuid:: ENY+9nzWTUmHvs0eJDWaOA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-net-ieee-80211-GP-PolicyGUID,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: ms-net-ieee-80211-GP-PolicyGUID
+adminDisplayName: ms-net-ieee-80211-GP-PolicyGUID
+adminDescription: This attribute contains a GUID which identifies a specific 802.11 group policy object on the domain.
+attributeId: 1.2.840.113556.1.4.1951
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 64
+schemaIdGuid:: YnBpNa8ei0SsHjiOC+T97g==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-RADIUS-FramedInterfaceId,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msRADIUS-FramedInterfaceId
+adminDisplayName: ms-RADIUS-FramedInterfaceId
+adminDescription: This Attribute indicates the IPv6 interface identifier to be configured for the user.
+attributeId: 1.2.840.113556.1.4.1913
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 8
+schemaIdGuid:: I0ryplzWZU2mTzX7aHPCuQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-NC-RO-Replica-Locations,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-NC-RO-Replica-Locations
+adminDisplayName: ms-DS-NC-RO-Replica-Locations
+adminDescription: a linked attribute on a cross ref object for a partition. This attribute lists the DSA instances which should host the partition in a readonly manner.
+attributeId: 1.2.840.113556.1.4.1967
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: 35P3PViYF0SnAXNaHs6/dA==
+linkID: 2114
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-NC-RO-Replica-Locations-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-NC-RO-Replica-Locations-BL
+adminDisplayName: ms-DS-NC-RO-Replica-Locations-BL
+adminDescription: backlink attribute for ms-DS-NC-RO-Replica-Locations.
+attributeId: 1.2.840.113556.1.4.1968
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: HFFH9SpbzESDWJkqiCWBZA==
+linkID: 2115
+showInAdvancedViewOnly: TRUE
+systemFlags: 17
+
+dn: CN=ms-DFSR-MinDurationCacheInMin,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-MinDurationCacheInMin
+adminDisplayName: DFSR-MinDurationCacheInMin
+adminDescription: Minimum time in minutes before truncating files
+attributeId: 1.2.840.113556.1.6.13.3.30
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+searchFlags: 0
+rangeUpper: 2147483647
+schemaIdGuid:: emBdTEnOSkSYYoKpX10fzA==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-net-ieee-8023-GP-PolicyReserved,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: ms-net-ieee-8023-GP-PolicyReserved
+adminDisplayName: ms-net-ieee-8023-GP-PolicyReserved
+adminDescription: Reserved for future use
+attributeId: 1.2.840.113556.1.4.1956
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1048576
+schemaIdGuid:: xyfF0wYm602M/RhCb+7Izg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-RADIUS-SavedFramedIpv6Route,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msRADIUS-SavedFramedIpv6Route
+adminDisplayName: ms-RADIUS-SavedFramedIpv6Route
+adminDescription: This Attribute provides routing information to be configured for the user on the NAS.
+attributeId: 1.2.840.113556.1.4.1918
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 4096
+schemaIdGuid:: XLtmlp3fQU20Ny7sfifJsw==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-net-ieee-80211-GP-PolicyReserved,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: ms-net-ieee-80211-GP-PolicyReserved
+adminDisplayName: ms-net-ieee-80211-GP-PolicyReserved
+adminDescription: Reserved for future use
+attributeId: 1.2.840.113556.1.4.1953
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 4194304
+schemaIdGuid:: LsZpD44I9U+lOukjzsB8Cg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-RADIUS-SavedFramedIpv6Prefix,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msRADIUS-SavedFramedIpv6Prefix
+adminDisplayName: ms-RADIUS-SavedFramedIpv6Prefix
+adminDescription: This Attribute indicates an IPv6 prefix (and corresponding route) to be configured for the user.
+attributeId: 1.2.840.113556.1.4.1916
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 16
+schemaIdGuid:: YqBlCeGxO0C0jVwOsOlSzA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-RADIUS-SavedFramedInterfaceId,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msRADIUS-SavedFramedInterfaceId
+adminDisplayName: ms-RADIUS-SavedFramedInterfaceId
+adminDescription: This Attribute indicates the IPv6 interface identifier to be configured for the user.
+attributeId: 1.2.840.113556.1.4.1914
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 8
+schemaIdGuid:: iXLapKOS5UK2ttrRbSgKyQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=SAM-Domain-Updates,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: samDomainUpdates
+adminDisplayName: SAM-Domain-Updates
+adminDescription: Contains a bitmask of performed SAM operations on active directory
+attributeId: 1.2.840.113556.1.4.1969
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+schemaIdGuid:: FNHSBJn3m0683JDo9bp+vg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DFSR-RootSizeInMb,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: rangeUpper
+-
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=ms-net-ieee-8023-GroupPolicy,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: ms-net-ieee-8023-GroupPolicy
+adminDisplayName: ms-net-ieee-8023-GroupPolicy
+adminDescription: This class represents an 802.3 wired network group policy object.  This class contains identifiers and configuration data relevant to an 802.3 wired network.
+governsId: 1.2.840.113556.1.5.252
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.1956
+systemMayContain: 1.2.840.113556.1.4.1955
+systemMayContain: 1.2.840.113556.1.4.1954
+systemPossSuperiors: 1.2.840.113556.1.3.30
+systemPossSuperiors: 1.2.840.113556.1.3.23
+systemPossSuperiors: 2.5.6.6
+schemaIdGuid:: ajqgmRmrRkSTUAy4eO0tmw==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-net-ieee-8023-GroupPolicy,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-net-ieee-80211-GroupPolicy,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: ms-net-ieee-80211-GroupPolicy
+adminDisplayName: ms-net-ieee-80211-GroupPolicy
+adminDescription: This class represents an 802.11 wireless network group policy object.  This class contains identifiers and configuration data relevant to an 802.11 wireless network.
+governsId: 1.2.840.113556.1.5.251
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.1953
+systemMayContain: 1.2.840.113556.1.4.1952
+systemMayContain: 1.2.840.113556.1.4.1951
+systemPossSuperiors: 1.2.840.113556.1.3.30
+systemPossSuperiors: 1.2.840.113556.1.3.23
+systemPossSuperiors: 2.5.6.6
+schemaIdGuid:: Yxi4HCK4eUOeol/3vcY4bQ==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-net-ieee-80211-GroupPolicy,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-FVE-RecoveryInformation,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msFVE-RecoveryInformation
+adminDisplayName: FVE-RecoveryInformation
+adminDescription: This class contains a Full Volume Encryption recovery password with its associated GUID.
+governsId: 1.2.840.113556.1.5.253
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 1.2.840.113556.1.4.1965
+systemMustContain: 1.2.840.113556.1.4.1964
+systemPossSuperiors: 1.2.840.113556.1.3.30
+schemaIdGuid:: MF1x6lOP0EC9HmEJGG14LA==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-FVE-RecoveryInformation,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=NTDS-DSA-RO,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: nTDSDSARO
+adminDisplayName: NTDS-DSA-RO
+adminDescription: A subclass of Directory Service Agent which is distinguished by its reduced privilege level.
+governsId: 1.2.840.113556.1.5.254
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.5.7000.47
+systemPossSuperiors: 2.5.6.4
+systemPossSuperiors: 1.2.840.113556.1.5.17
+schemaIdGuid:: wW7RhZEHyEuKs3CYBgL/jA==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTDS-DSA-RO,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-DFSR-Subscription,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.6.13.3.26
+mayContain: 1.2.840.113556.1.6.13.3.27
+mayContain: 1.2.840.113556.1.6.13.3.28
+mayContain: 1.2.840.113556.1.6.13.3.29
+mayContain: 1.2.840.113556.1.6.13.3.30
+mayContain: 1.2.840.113556.1.6.13.3.31
+-
+
+dn: CN=ms-DFSR-ReplicationGroup,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.6.13.3.4
+mayContain: 1.2.840.113556.1.6.13.3.6
+mayContain: 1.2.840.113556.1.6.13.3.8
+mayContain: 1.2.840.113556.1.6.13.3.12
+mayContain: 1.2.840.113556.1.6.13.3.13
+mayContain: 1.2.840.113556.1.6.13.3.27
+-
+
+dn: CN=ms-DFSR-ContentSet,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.6.13.3.4
+mayContain: 1.2.840.113556.1.6.13.3.6
+mayContain: 1.2.840.113556.1.6.13.3.8
+mayContain: 1.2.840.113556.1.6.13.3.25
+mayContain: 1.2.840.113556.1.6.13.3.27
+-
+
+dn: CN=Organizational-Person,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.4.1942
+mayContain: 1.2.840.113556.1.4.1943
+mayContain: 1.2.840.113556.1.4.1944
+mayContain: 1.2.840.113556.1.4.1945
+mayContain: 1.2.840.113556.1.4.1946
+-
+
+dn: CN=Group,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1949
+systemMayContain: 1.2.840.113556.1.4.1950
+systemMayContain: 1.2.840.113556.1.4.1801
+systemMayContain: 1.2.840.113556.1.4.1802
+systemMayContain: 1.2.840.113556.1.4.1803
+systemMayContain: 1.2.840.113556.1.4.1819
+-
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1892
+systemMayContain: 1.2.840.113556.1.4.1893
+systemMayContain: 1.2.840.113556.1.4.1894
+systemMayContain: 1.2.840.113556.1.4.1913
+systemMayContain: 1.2.840.113556.1.4.1914
+systemMayContain: 1.2.840.113556.1.4.1915
+systemMayContain: 1.2.840.113556.1.4.1916
+systemMayContain: 1.2.840.113556.1.4.1917
+systemMayContain: 1.2.840.113556.1.4.1918
+-
+
+dn: CN=ms-DFSR-Connection,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.6.13.3.25
+-
+
+dn: CN=Cross-Ref,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1967
+-
+
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1966
+-
+
+dn: CN=Mail-Recipient,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.4.1946
+-
+
+dn: CN=ms-DS-Az-Admin-Manager,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1949
+systemMayContain: 1.2.840.113556.1.4.1950
+-
+
+dn: CN=ms-DS-Az-Application,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1949
+systemMayContain: 1.2.840.113556.1.4.1950
+-
+
+dn: CN=ms-DS-Az-Operation,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1949
+systemMayContain: 1.2.840.113556.1.4.1950
+-
+
+dn: CN=ms-DS-Az-Scope,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1949
+systemMayContain: 1.2.840.113556.1.4.1950
+-
+
+dn: CN=ms-DS-Az-Task,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1949
+systemMayContain: 1.2.840.113556.1.4.1950
+-
+
+dn: CN=ms-DS-Az-Role,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1949
+systemMayContain: 1.2.840.113556.1.4.1950
+-
+
+dn: CN=Sam-Server,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1969
+-
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: cn=Private-Information,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+cn: Private-Information
+objectClass: controlAccessRight
+displayName: Private Information
+appliesTo: 4828cc14-1437-45bc-9b07-ad6f015e5f28
+appliesTo: bf967aba-0de6-11d0-a285-00aa003049e2
+rightsGUID: 91e647de-d96f-4b70-9557-d63ff4f3ccd8
+validAccesses: 48
+
+# Increase object version
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 34
+-
+
+```
+
+### Sch35.ldf
+
+```
+dn: CN=ms-DS-Last-Successful-Interactive-Logon-Time,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-LastSuccessfulInteractiveLogonTime
+adminDisplayName: msDS-LastSuccessfulInteractiveLogonTime
+adminDescription: The time that the correct password was presented during a C-A-D logon.
+attributeId: 1.2.840.113556.1.4.1970
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+schemaIdGuid:: 5ikZAV2LWEK2SgCwtJSXRw==
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon
+adminDisplayName: ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon
+adminDescription: The total number of failed interactive logons up until the last successful C-A-D logon.
+attributeId: 1.2.840.113556.1.4.1973
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+schemaIdGuid:: 5TTSxUpkA0SmZeJuCu9emA==
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Failed-Interactive-Logon-Count,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-FailedInteractiveLogonCount
+adminDisplayName: msDS-FailedInteractiveLogonCount
+adminDescription: The total number of failed interactive logons since this feature was turned on.
+attributeId: 1.2.840.113556.1.4.1972
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+schemaIdGuid:: b6g83K1wYEmEJaTWMT2T3Q==
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Last-Failed-Interactive-Logon-Time,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-LastFailedInteractiveLogonTime
+adminDisplayName: msDS-LastFailedInteractiveLogonTime
+adminDescription: The time that an incorrect password was presented during a C-A-D logon.
+attributeId: 1.2.840.113556.1.4.1971
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+schemaIdGuid:: +trnx8MQi0uazVTxEGN0Lg==
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1970
+systemMayContain: 1.2.840.113556.1.4.1971
+systemMayContain: 1.2.840.113556.1.4.1972
+systemMayContain: 1.2.840.113556.1.4.1973
+-
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+# Increase object version
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 35
+-
+```
+
+### Sch36.ldf
+
+```
+dn: CN=ms-DS-Revealed-List-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-RevealedListBL
+adminDisplayName: ms-DS-Revealed-List-BL
+adminDescription: backlink attribute for ms-DS-Revealed-List.
+attributeId: 1.2.840.113556.1.4.1975
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: /Ygcqvawn0Kyyp2QImboCA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 20
+
+dn: CN=From-Server,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 1
+-
+
+dn: CN=msNPAllowDialin,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=msNPCallingStationID,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=msNPSavedCallingStationID,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=msRADIUSCallbackNumber,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=msRADIUSFramedIPAddress,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=msRADIUSFramedRoute,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=msRADIUSServiceType,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=msRASSavedCallbackNumber,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=msRASSavedFramedIPAddress,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=msRASSavedFramedRoute,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=ms-RADIUS-FramedInterfaceId,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=ms-RADIUS-SavedFramedInterfaceId,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=ms-RADIUS-FramedIpv6Prefix,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=ms-RADIUS-SavedFramedIpv6Prefix,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=ms-RADIUS-FramedIpv6Route,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=ms-RADIUS-SavedFramedIpv6Route,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 16
+-
+
+dn: CN=ms-FVE-RecoveryPassword,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 136
+-
+
+dn: CN=ms-FVE-RecoveryGuid,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 137
+-
+
+dn: CN=ms-TPM-OwnerInformation,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 136
+-
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1975
+-
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: cn=Read-Only-Replication-Secret-Synchronization,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: localizationDisplayId
+localizationDisplayId: 72
+-
+
+dn: cn=Read-Only-Replication-Secret-Synchronization,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+displayName: Read Only Replication Secret Synchronization
+localizationDisplayId: 73
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+appliesTo: bf967a87-0de6-11d0-a285-00aa003049e2
+appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2
+rightsGUID: 1131f6ae-9c07-11d1-f79f-00c04fc2dcd2
+validAccesses: 256
+
+# Increase object version
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 36
+-
+
+```
+
+### Sch37.ldf
+
+```
+dn: CN=ms-DS-User-Password-Expiry-Time-Computed,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-UserPasswordExpiryTimeComputed
+adminDisplayName: ms-DS-User-Password-Expiry-Time-Computed
+adminDescription: Contains the expiry time for the user's current password
+attributeId: 1.2.840.113556.1.4.1996
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: EM/VrQl7SUSa5iU0FI+Kcg==
+attributeSecurityGuid:: AEIWTMAg0BGnaACqAG4FKQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 20
+
+dn: CN=ms-DS-Principal-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-PrincipalName
+adminDisplayName: ms-DS-Principal-Name
+adminDescription: Account name for the security principal (constructed)
+attributeId: 1.2.840.113556.1.4.1865
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: JZNOVlfQQ8GeO0+eXvRvkw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 20
+
+dn: CN=ms-DFSR-OnDemandExclusionDirectoryFilter,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-OnDemandExclusionDirectoryFilter
+adminDisplayName: DFSR-OnDemandExclusionDirectoryFilter
+adminDescription: Filter string applied to on demand replication directories
+attributeId: 1.2.840.113556.1.6.13.3.36
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid:: /zpSfRKQskmZJfkioAGGVg==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DFSR-DefaultCompressionExclusionFilter,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-DefaultCompressionExclusionFilter
+adminDisplayName: DFSR-DefaultCompressionExclusionFilter
+adminDescription: Filter string containing extensions of file types not to be compressed
+attributeId: 1.2.840.113556.1.6.13.3.34
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid:: 1RuBh4vNy0WfXZgPOp4Mlw==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-TS-Home-Drive,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSHomeDrive
+adminDisplayName: ms-TS-Home-Drive
+adminDescription: Terminal Services Home Drive specifies a Home drive for the user. In a network environment, this property is a string containing a drive specification (a drive letter followed by a colon) to which the UNC path specified in the TerminalServicesHomeDirectory property is mapped. To set a home directory in a network environment, you must first set this property and then set the TerminalServicesHomeDirectory property.
+attributeId: 1.2.840.113556.1.4.1978
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid:: 2SQKX/rf2Uysv6BoDANzHg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-TS-Property01,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSProperty01
+adminDisplayName: MS-TS-Property01
+adminDescription: Placeholder Terminal Server Property 01
+attributeId: 1.2.840.113556.1.4.1991
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 1
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid:: d6mu+lWW10mFPfJ7t6rKDw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-TS-Property02,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSProperty02
+adminDisplayName: MS-TS-Property02
+adminDescription: Placeholder Terminal Server Property 02
+attributeId: 1.2.840.113556.1.4.1992
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 1
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid:: rPaGNbdReEmrQvk2RjGY5w==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-TS-Allow-Logon,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSAllowLogon
+adminDisplayName: ms-TS-Allow-Logon
+adminDescription: Terminal Services Allow Logon specifies whether the user is allowed to log on to the Terminal Server. The value is 1 if logon is allowed, and 0 if logon is not allowed.
+attributeId: 1.2.840.113556.1.4.1979
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: ZNQMOlS850CTrqZGpuzEtA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-TS-ExpireDate,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSExpireDate
+adminDisplayName: MS-TS-ExpireDate
+adminDescription: TS Expiration Date
+attributeId: 1.2.840.113556.1.4.1993
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+schemaIdGuid:: 9U4AcMMlakSXyJlq6FZndg==
+showInAdvancedViewOnly: FALSE
+systemFlags: 16
+
+dn: CN=MS-TS-ManagingLS,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSManagingLS
+adminDisplayName: MS-TS-ManagingLS
+adminDescription: TS Managing License Server
+attributeId: 1.2.840.113556.1.4.1995
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+schemaIdGuid:: R8W887CFLEOawDBFBr8sgw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DFSR-Options2,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-Options2
+adminDisplayName: DFSR-Options2
+adminDescription: Object Options2
+attributeId: 1.2.840.113556.1.6.13.3.37
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+searchFlags: 0
+schemaIdGuid:: GEPiEaZMSU+a/uXrGvo0cw==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-TS-Profile-Path,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSProfilePath
+adminDisplayName: ms-TS-Profile-Path
+adminDescription: Terminal Services Profile Path specifies a roaming or mandatory profile path to use when the user logs on to the Terminal Server. The profile path is in the following network path format: \\servername\profiles folder name\username
+attributeId: 1.2.840.113556.1.4.1976
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid:: 2zBc5mwxYECjoDh7CD8JzQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-TS-Max-Idle-Time,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSMaxIdleTime
+adminDisplayName: ms-TS-Max-Idle-Time
+adminDescription: Terminal Services Session Maximum Idle Time is maximum amount of time, in minutes, that the Terminal Services session can remain idle. After the specified number of minutes have elapsed, the session can be disconnected or terminated.
+attributeId: 1.2.840.113556.1.4.1983
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: nJ5z/7drDkayIeJQ894PlQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-TS-Home-Directory,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSHomeDirectory
+adminDisplayName: ms-TS-Home-Directory
+adminDescription: Terminal Services Home Directory specifies the Home directory for the user. Each user on a Terminal Server has a unique home directory. This ensures that application information is stored separately for each user in a multi-user environment. To set a home directory on the local computer, specify a local path; for example, C:\Path. To set a home directory in a network environment, you must first set the TerminalServicesHomeDrive property, and then set this property to a UNC path.
+attributeId: 1.2.840.113556.1.4.1977
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid:: 8BA1XefEIkG5H6IK3ZDiRg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-TS-Remote-Control,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSRemoteControl
+adminDisplayName: ms-TS-Remote-Control
+adminDescription: Terminal Services Remote Control specifies the whether to allow remote observation or remote control of the user's Terminal Services session. For a description of these values, see the RemoteControl method of the Win32_TSRemoteControlSetting WMI class. 0 - Disable, 1 - EnableInputNotify, 2 - EnableInputNoNotify, 3 - EnableNoInputNotify and 4 - EnableNoInputNoNotify
+attributeId: 1.2.840.113556.1.4.1980
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: JnIXFUKGi0aMSAPd/QBJgg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-TS-Work-Directory,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSWorkDirectory
+adminDisplayName: ms-TS-Work-Directory
+adminDescription: Terminal Services Session Work Directory specifies the working directory path for the user. To set an initial application to start when the user logs on to the Terminal Server, you must first set the TerminalServicesInitialProgram property, and then set this property.
+attributeId: 1.2.840.113556.1.4.1989
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid:: ZvZEpzw9yEyDS51Pb2h7iw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-TS-Initial-Program,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSInitialProgram
+adminDisplayName: ms-TS-Initial-Program
+adminDescription: Terminal Services Session Initial Program specifies the Path and file name of the application that the user wants to start automatically when the user logs on to the Terminal Server. To set an initial application to start when the user logs on, you must first set this property and then set the TerminalServicesWorkDirectory property. If you set only the TerminalServicesInitialProgram property, the application starts in the user's session in the default user directory.
+attributeId: 1.2.840.113556.1.4.1990
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid:: b6wBkmkd+02ALtlVEBCVmQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-TS-LicenseVersion,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSLicenseVersion
+adminDisplayName: MS-TS-LicenseVersion
+adminDescription: TS License Version
+attributeId: 1.2.840.113556.1.4.1994
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+schemaIdGuid:: iUrpCi838k2uisZKK8RyeA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-TS-Max-Connection-Time,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSMaxConnectionTime
+adminDisplayName: ms-TS-Max-Connection-Time
+adminDescription: Terminal Services Session maximum Connection Time is Maximum duration, in minutes, of the Terminal Services session. After the specified number of minutes have elapsed, the session can be disconnected or terminated.
+attributeId: 1.2.840.113556.1.4.1982
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: 4g6WHWRklU6ngeO1zV+ViA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-TS-Reconnection-Action,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSReconnectionAction
+adminDisplayName: ms-TS-Reconnection-Action
+adminDescription: Terminal Services Session Reconnection Action specifies whether to allow reconnection to a disconnected Terminal Services session from any client computer. The value is 1 if reconnection is allowed from the original client computer only, and 0 if reconnection from any client computer is allowed.
+attributeId: 1.2.840.113556.1.4.1984
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: ytduNhg+f0yrrjUaAeS09w==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-TS-Connect-Client-Drives,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSConnectClientDrives
+adminDisplayName: ms-TS-Connect-Client-Drives
+adminDescription: Terminal Services Session Connect Client Drives At Logon specifies whether to reconnect to mapped client drives at logon. The value is 1 if reconnection is enabled, and 0 if reconnection is disabled.
+attributeId: 1.2.840.113556.1.4.1986
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: rypXI90p6kSw+n6EOLmkow==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DFSR-CommonStagingPath,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-CommonStagingPath
+adminDisplayName: DFSR-CommonStagingPath
+adminDescription: Full path of the common staging directory
+attributeId: 1.2.840.113556.1.6.13.3.38
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid:: Qaxuk1fSuUu9VfMQo88JrQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-TS-Max-Disconnection-Time,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSMaxDisconnectionTime
+adminDisplayName: ms-TS-Max-Disconnection-Time
+adminDescription: Terminal Services Session Maximum Disconnection Time is maximum amount of time, in minutes, that a disconnected Terminal Services session remains active on the Terminal Server. After the specified number of minutes have elapsed, the session is terminated.
+attributeId: 1.2.840.113556.1.4.1981
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: iXBvMthThEe4FEbYU1EQ0g==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-TS-Default-To-Main-Printer,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSDefaultToMainPrinter
+adminDisplayName: ms-TS-Default-To-Main-Printer
+adminDescription: Terminal Services Default To Main Printer specifies whether to print automatically to the client's default printer. The value is 1 if printing to the client's default printer is enabled, and 0 if it is disabled.
+attributeId: 1.2.840.113556.1.4.1988
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: veL/wM/Kx02I1WHp6Vdm9g==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-TS-Connect-Printer-Drives,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSConnectPrinterDrives
+adminDisplayName: ms-TS-Connect-Printer-Drives
+adminDescription: Terminal Services Session Connect Printer Drives At Logon specifies whether to reconnect to mapped client printers at logon. The value is 1 if reconnection is enabled, and 0 if reconnection is disabled.
+attributeId: 1.2.840.113556.1.4.1987
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: N6nmjBuHkkyyhdmdQDZoHA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-TS-Broken-Connection-Action,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSBrokenConnectionAction
+adminDisplayName: ms-TS-Broken-Connection-Action
+adminDescription: Terminal Services Session Broken Connection Action specifies the action to take when a Terminal Services session limit is reached. The value is 1 if the client session should be terminated, and 0 if the client session should be disconnected.
+attributeId: 1.2.840.113556.1.4.1985
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: uhv0HARWPkaU1hoSh7csow==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DFSR-DisablePacketPrivacy,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-DisablePacketPrivacy
+adminDisplayName: DFSR-DisablePacketPrivacy
+adminDescription: Disable packet privacy on a connection
+attributeId: 1.2.840.113556.1.6.13.3.32
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+searchFlags: 0
+schemaIdGuid:: 5e2Eah50/UOd1qoPYVeGIQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DFSR-CommonStagingSizeInMb,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-CommonStagingSizeInMb
+adminDisplayName: DFSR-CommonStagingSizeInMb
+adminDescription: Size of the common staging directory in MB
+attributeId: 1.2.840.113556.1.6.13.3.39
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: -1
+schemaIdGuid:: DrBeE0ZIi0WOoqN1Wa/UBQ==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DFSR-OnDemandExclusionFileFilter,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-OnDemandExclusionFileFilter
+adminDisplayName: DFSR-OnDemandExclusionFileFilter
+adminDescription: Filter string applied to on demand replication files
+attributeId: 1.2.840.113556.1.6.13.3.35
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid:: 3FmDpoGl5k6QFVOCxg8PtA==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-DFSR-StagingCleanupTriggerInPercent,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDFSR-StagingCleanupTriggerInPercent
+adminDisplayName: DFSR-StagingCleanupTriggerInPercent
+adminDescription: Staging cleanup trigger in percent of free disk space
+attributeId: 1.2.840.113556.1.6.13.3.40
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+searchFlags: 0
+schemaIdGuid:: I5xL1vrhe0azF2lk10TWMw==
+showInAdvancedViewOnly: TRUE
+
+dn: CN=Terminal-Server,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 1
+-
+
+dn: CN=MS-TS-ExpireDate,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGuid:: YrwFWMm9KESl4oVqD0wYXg==
+-
+
+dn: CN=MS-TS-LicenseVersion,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGuid:: YrwFWMm9KESl4oVqD0wYXg==
+-
+
+dn: CN=MS-TS-ManagingLS,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGuid:: YrwFWMm9KESl4oVqD0wYXg==
+-
+
+dn: CN=Terminal-Server,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGuid:: YrwFWMm9KESl4oVqD0wYXg==
+-
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=ms-DFSR-LocalSettings,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.6.13.3.37
+mayContain: 1.2.840.113556.1.6.13.3.38
+mayContain: 1.2.840.113556.1.6.13.3.39
+mayContain: 1.2.840.113556.1.6.13.3.40
+-
+
+dn: CN=ms-DFSR-Subscriber,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.6.13.3.37
+-
+
+dn: CN=ms-DFSR-Subscription,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.6.13.3.35
+mayContain: 1.2.840.113556.1.6.13.3.36
+mayContain: 1.2.840.113556.1.6.13.3.37
+mayContain: 1.2.840.113556.1.6.13.3.40
+-
+
+dn: CN=ms-DFSR-GlobalSettings,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.6.13.3.37
+-
+
+dn: CN=ms-DFSR-ReplicationGroup,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.6.13.3.34
+mayContain: 1.2.840.113556.1.6.13.3.35
+mayContain: 1.2.840.113556.1.6.13.3.36
+mayContain: 1.2.840.113556.1.6.13.3.37
+-
+
+dn: CN=ms-DFSR-Content,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.6.13.3.37
+-
+
+dn: CN=ms-DFSR-ContentSet,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.6.13.3.34
+mayContain: 1.2.840.113556.1.6.13.3.35
+mayContain: 1.2.840.113556.1.6.13.3.36
+mayContain: 1.2.840.113556.1.6.13.3.37
+-
+
+dn: CN=ms-DFSR-Topology,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.6.13.3.37
+-
+
+dn: CN=ms-DFSR-Member,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.6.13.3.37
+-
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1976
+systemMayContain: 1.2.840.113556.1.4.1977
+systemMayContain: 1.2.840.113556.1.4.1978
+systemMayContain: 1.2.840.113556.1.4.1979
+systemMayContain: 1.2.840.113556.1.4.1980
+systemMayContain: 1.2.840.113556.1.4.1981
+systemMayContain: 1.2.840.113556.1.4.1982
+systemMayContain: 1.2.840.113556.1.4.1983
+systemMayContain: 1.2.840.113556.1.4.1984
+systemMayContain: 1.2.840.113556.1.4.1985
+systemMayContain: 1.2.840.113556.1.4.1986
+systemMayContain: 1.2.840.113556.1.4.1987
+systemMayContain: 1.2.840.113556.1.4.1988
+systemMayContain: 1.2.840.113556.1.4.1989
+systemMayContain: 1.2.840.113556.1.4.1990
+systemMayContain: 1.2.840.113556.1.4.1991
+systemMayContain: 1.2.840.113556.1.4.1992
+systemMayContain: 1.2.840.113556.1.4.1993
+systemMayContain: 1.2.840.113556.1.4.1994
+systemMayContain: 1.2.840.113556.1.4.1995
+-
+
+dn: CN=ms-DFSR-Connection,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.6.13.3.32
+mayContain: 1.2.840.113556.1.6.13.3.37
+-
+
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1991
+systemMayContain: 1.2.840.113556.1.4.1992
+-
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1996
+-
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1865
+-
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1957
+-
+
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1958
+-
+
+dn: CN=ms-DS-AuthenticatedTo-Accountlist,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: adminDescription
+adminDescription: Backlink for ms-DS-AuthenticatedAt-DC; for a Computer, identifies which users have authenticated to this Computer
+-
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=MS-TS-GatewayAccess,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+displayName: MS-TS-GatewayAccess
+rightsGuid: ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501
+appliesTo: bf967a86-0de6-11d0-a285-00aa003049e2
+validAccesses: 48
+localizationDisplayId: 74
+
+dn: CN=Terminal-Server-License-Server,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+displayName: Terminal Server License Server
+appliesTo: 4828cc14-1437-45bc-9b07-ad6f015e5f28
+appliesTo: bf967aba-0de6-11d0-a285-00aa003049e2
+rightsGuid: ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501
+appliesTo: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+validAccesses: 48
+localizationDisplayId: 75
+
+
+# Increase object version
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 37
+-
+
+```
+
+### Sch38.ldf
+
+```
+dn: CN=ms-DS-AuthenticatedAt-DC,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemOnly
+systemOnly: FALSE
+-
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+# Increase object version
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 38
+-
+
+```
+
+### Sch39.ldf
+
+```
+dn: CN=ms-FVE-KeyPackage,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msFVE-KeyPackage
+adminDisplayName: FVE-KeyPackage
+adminDescription: This attribute contains a volume's BitLocker encryption key secured by the corresponding recovery password. Full Volume Encryption (FVE) was the pre-release name for BitLocker Drive Encryption.
+attributeId: 1.2.840.113556.1.4.1999
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+searchFlags: 152
+rangeUpper: 102400
+schemaIdGuid:: qF7VH6eI3EeBKQ2qlxhqVA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-FVE-VolumeGuid,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msFVE-VolumeGuid
+adminDisplayName: FVE-VolumeGuid
+adminDescription: This attribute contains the GUID associated with a BitLocker-supported disk volume. Full Volume Encryption (FVE) was the pre-release name for BitLocker Drive Encryption.
+attributeId: 1.2.840.113556.1.4.1998
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+searchFlags: 27
+rangeUpper: 128
+schemaIdGuid:: z6Xlhe7cdUCc/aydtqLyRQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-HAB-Seniority-Index,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-HABSeniorityIndex
+adminDisplayName: ms-DS-HAB-Seniority-Index
+adminDescription: Contains the seniority index as applied by the organization where the person works.
+attributeId: 1.2.840.113556.1.4.1997
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+mapiID: 36000
+searchFlags: 1
+schemaIdGuid:: 8Un03jv9RUCYz9lljaeItQ==
+attributeSecurityGuid:: VAGN5Pi80RGHAgDAT7lgUA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+
+dn: CN=ms-FVE-RecoveryPassword,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: adminDescription
+adminDescription: This attribute contains a password that can recover a BitLocker-encrypted volume. Full Volume Encryption (FVE) was the pre-release name for BitLocker Drive Encryption.
+-
+add: rangeUpper
+rangeUpper: 256
+-
+replace: searchFlags
+searchFlags: 152
+-
+
+dn: CN=ms-FVE-RecoveryGuid,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: adminDescription
+adminDescription: This attribute contains the GUID associated with a BitLocker recovery password. Full Volume Encryption (FVE) was the pre-release name for BitLocker Drive Encryption.
+-
+add: rangeUpper
+rangeUpper: 128
+-
+replace: searchFlags
+searchFlags: 27
+-
+
+dn: CN=ms-TPM-OwnerInformation,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: rangeUpper
+rangeUpper: 128
+-
+replace: searchFlags
+searchFlags: 152
+-
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1958
+-
+
+
+dn: CN=ms-FVE-RecoveryInformation,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: adminDescription
+adminDescription: This class contains BitLocker recovery information including GUIDs, recovery passwords, and keys. Full Volume Encryption (FVE) was the pre-release name for BitLocker Drive Encryption.
+-
+
+
+dn: CN=msSFU-30-Posix-Member,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: adminDescription
+adminDescription: This attribute is used to store the DN display name of users which are a part of the group
+-
+
+dn: CN=ms-FVE-RecoveryInformation,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1998
+systemMayContain: 1.2.840.113556.1.4.1999
+-
+
+
+dn: CN=NTDS-DSA-RO,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemOnly
+systemOnly: TRUE
+-
+
+dn: CN=Organizational-Person,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.4.1997
+-
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+# Increase object version
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 39
+-
+
+```
+
+### Sch40.ldf
+
+```
+dn: CN=ms-DS-Password-Reversible-Encryption-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-PasswordReversibleEncryptionEnabled
+adminDisplayName: Password Reversible Encryption Status
+adminDescription: Password reversible encryption status for user accounts
+attributeId: 1.2.840.113556.1.4.2016
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: j93MdWyvh0S7S2nk04qVnA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-NC-Type,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-NcType
+adminDisplayName: ms-DS-NC-Type
+adminDescription: A bit field that maintains information about aspects of a NC replica that are relevant to replication.
+attributeId: 1.2.840.113556.1.4.2024
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+schemaIdGuid:: 16wuWivMz0idmrbxoAJN6Q==
+showInAdvancedViewOnly: TRUE
+systemFlags: 17
+
+
+dn: CN=ms-DS-PSO-Applies-To,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-PSOAppliesTo
+adminDisplayName: Password settings object applies to
+adminDescription: Links to objects that this password settings object applies to
+attributeId: 1.2.840.113556.1.4.2020
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: SA/IZNLNgUiobU6XtvVh/A==
+linkID: 2118
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-PSO-Applied,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-PSOApplied
+adminDisplayName: Password settings object applied
+adminDescription: Password settings object applied to this object
+attributeId: 1.2.840.113556.1.4.2021
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 16
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: MfBsXqi9yEOspI/uQScAWw==
+linkID: 2119
+showInAdvancedViewOnly: TRUE
+systemFlags: 17
+
+dn: CN=ms-DS-Resultant-PSO,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-ResultantPSO
+adminDisplayName: Resultant password settings object applied
+adminDescription: Resultant password settings object applied to this object
+attributeId: 1.2.840.113556.1.4.2022
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 16
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: k6B+t9CIgEeamJEfjosdyg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 20
+
+dn: CN=ms-DS-Lockout-Duration,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-LockoutDuration
+adminDisplayName: Lockout Duration
+adminDescription: Lockout duration for locked out user accounts
+attributeId: 1.2.840.113556.1.4.2018
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 0
+schemaIdGuid:: mogfQi5H5E+OueHQvGBxsg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Lockout-Threshold,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-LockoutThreshold
+adminDisplayName: Lockout Threshold
+adminDescription: Lockout threshold for lockout of user accounts
+attributeId: 1.2.840.113556.1.4.2019
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65535
+schemaIdGuid:: XsPIuBlKlUqZ0Gn+REYobw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Minimum-Password-Age,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-MinimumPasswordAge
+adminDisplayName: Minimum Password Age
+adminDescription: Minimum Password Age for user accounts
+attributeId: 1.2.840.113556.1.4.2012
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 0
+schemaIdGuid:: ePh0KpxN+UmXs2dn0cvZow==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Maximum-Password-Age,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-MaximumPasswordAge
+adminDisplayName: Maximum Password Age
+adminDescription: Maximum Password Age for user accounts
+attributeId: 1.2.840.113556.1.4.2011
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 0
+schemaIdGuid:: 9TfT/ZlJzk+yUo/5ybQ4dQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Minimum-Password-Length,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-MinimumPasswordLength
+adminDisplayName: Minimum Password Length
+adminDescription: Minimum Password Length for user accounts
+attributeId: 1.2.840.113556.1.4.2013
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 255
+schemaIdGuid:: OTQbsjpMHES7XwjyDpsxXg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Password-History-Length,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-PasswordHistoryLength
+adminDisplayName: Password History Length
+adminDescription: Password History Length for user accounts
+attributeId: 1.2.840.113556.1.4.2014
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65535
+schemaIdGuid:: txvY/ox2L0yWQSJF3jR5TQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Lockout-Observation-Window,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-LockoutObservationWindow
+adminDisplayName: Lockout Observation Window
+adminDescription: Observation Window for lockout of user accounts
+attributeId: 1.2.840.113556.1.4.2017
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 0
+schemaIdGuid:: idpbsK92ika4khvlVVjsyA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Password-Complexity-Enabled,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-PasswordComplexityEnabled
+adminDisplayName: Password Complexity Status
+adminDescription: Password complexity status for user accounts
+attributeId: 1.2.840.113556.1.4.2015
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: SwVo28PJ8EuxWw+1JVKmEA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Password-Settings-Precedence,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-PasswordSettingsPrecedence
+adminDisplayName: Password Settings Precedence
+adminDescription: Password Settings Precedence
+attributeId: 1.2.840.113556.1.4.2023
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+schemaIdGuid:: rHRjRQofF0aTz7xVp8nTQQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-TS-ManagingLS2,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSManagingLS2
+adminDisplayName: MS-TS-ManagingLS2
+adminDescription: Issuer name of the second TS per user CAL.
+attributeId: 1.2.840.113556.1.4.2002
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+rangeLower: 0
+rangeUpper: 255
+schemaIdGuid:: VwefNL1RyE+dZj7O6oolvg==
+attributeSecurityGuid:: YrwFWMm9KESl4oVqD0wYXg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-TS-ManagingLS3,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSManagingLS3
+adminDisplayName: MS-TS-ManagingLS3
+adminDescription: Issuer name of the third TS per user CAL.
+attributeId: 1.2.840.113556.1.4.2005
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+rangeLower: 0
+rangeUpper: 255
+schemaIdGuid:: wdzV+jAhh0yhGHUyLNZwUA==
+attributeSecurityGuid:: YrwFWMm9KESl4oVqD0wYXg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-TS-ManagingLS4,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSManagingLS4
+adminDisplayName: MS-TS-ManagingLS4
+adminDescription: Issuer name of the fourth TS per user CAL.
+attributeId: 1.2.840.113556.1.4.2008
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+rangeLower: 0
+rangeUpper: 255
+schemaIdGuid:: oLaj9wchQEGzBnXLUhcx5Q==
+attributeSecurityGuid:: YrwFWMm9KESl4oVqD0wYXg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-TS-ExpireDate2,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSExpireDate2
+adminDisplayName: MS-TS-ExpireDate2
+adminDescription: Expiration date of the second TS per user CAL.
+attributeId: 1.2.840.113556.1.4.2000
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+schemaIdGuid:: cc/fVD+8C0+dWkskdruJJQ==
+attributeSecurityGuid:: YrwFWMm9KESl4oVqD0wYXg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-TS-ExpireDate3,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSExpireDate3
+adminDisplayName: MS-TS-ExpireDate3
+adminDescription: Expiration date of the third TS per user CAL.
+attributeId: 1.2.840.113556.1.4.2003
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+schemaIdGuid:: BH+8QXK+MEm9EB80OUEjhw==
+attributeSecurityGuid:: YrwFWMm9KESl4oVqD0wYXg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-TS-ExpireDate4,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSExpireDate4
+adminDisplayName: MS-TS-ExpireDate4
+adminDescription: Expiration date of the fourth TS per user CAL.
+attributeId: 1.2.840.113556.1.4.2006
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+schemaIdGuid:: Q9wRXkogr0+gCGhjYhxvXw==
+attributeSecurityGuid:: YrwFWMm9KESl4oVqD0wYXg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-TSLS-Property01,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSLSProperty01
+adminDisplayName: MS-TSLS-Property01
+adminDescription: Placeholder Terminal Server License Server Property 01
+attributeId: 1.2.840.113556.1.4.2009
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 1
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid:: kDXlhx2XUkqVW0eU0VqErg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-TSLS-Property02,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSLSProperty02
+adminDisplayName: MS-TSLS-Property02
+adminDescription: Placeholder Terminal Server License Server Property 02
+attributeId: 1.2.840.113556.1.4.2010
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 1
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid:: sHvHR24xL06X8Q1MSPyp3Q==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-TS-LicenseVersion2,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSLicenseVersion2
+adminDisplayName: MS-TS-LicenseVersion2
+adminDescription: Version of the second TS per user CAL.
+attributeId: 1.2.840.113556.1.4.2001
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+rangeLower: 0
+rangeUpper: 255
+schemaIdGuid:: A/ENS5eN2UWtaYXDCAuk5w==
+attributeSecurityGuid:: YrwFWMm9KESl4oVqD0wYXg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-TS-LicenseVersion3,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSLicenseVersion3
+adminDisplayName: MS-TS-LicenseVersion3
+adminDescription: Version of the third TS per user CAL.
+attributeId: 1.2.840.113556.1.4.2004
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+rangeLower: 0
+rangeUpper: 255
+schemaIdGuid:: gY+6+KtMc0mjyDptpipeMQ==
+attributeSecurityGuid:: YrwFWMm9KESl4oVqD0wYXg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=MS-TS-LicenseVersion4,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSLicenseVersion4
+adminDisplayName: MS-TS-LicenseVersion4
+adminDescription: Version of the fourth TS per user CAL.
+attributeId: 1.2.840.113556.1.4.2007
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 1
+rangeLower: 0
+rangeUpper: 255
+schemaIdGuid:: l13KcAQjCkmKJ1JnjI0glQ==
+attributeSecurityGuid:: YrwFWMm9KESl4oVqD0wYXg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Is-User-Cachable-At-Rodc,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-IsUserCachableAtRodc
+adminDisplayName: ms-DS-Is-User-Cachable-At-Rodc
+adminDescription: For a Read-Only Directory instance (DSA), Identifies whether the specified user's secrets are cachable.
+attributeId: 1.2.840.113556.1.4.2025
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: WiQB/h80VkWVH0jAM6iQUA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 20
+
+dn: CN=Title,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: rangeUpper
+rangeUpper: 128
+-
+
+dn: CN=Last-Logon-Timestamp,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 1
+-
+
+dn: CN=ms-FVE-RecoveryPassword,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 664
+-
+
+dn: CN=ms-TPM-OwnerInformation,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 664
+-
+
+dn: CN=ms-FVE-KeyPackage,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 664
+-
+
+dn: CN=Picture,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: mapiId
+mapiId: 35998
+-
+
+dn: CN=ms-DS-Source-Object-DN,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: attributeSecurityGuid
+attributeSecurityGuid:: VAGN5Pi80RGHAgDAT7lgUA==
+-
+
+dn: CN=ipServiceProtocol,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: isSingleValued
+isSingleValued: FALSE
+-
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=Device,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemPossSuperiors
+systemPossSuperiors: 1.2.840.113556.1.5.67
+-
+
+dn: CN=ipService,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: possSuperiors
+possSuperiors: 1.2.840.113556.1.5.67
+-
+
+dn: CN=ipService,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: possSuperiors
+possSuperiors: 1.3.6.1.1.1.2.9
+-
+
+dn: CN=ipProtocol,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: possSuperiors
+possSuperiors: 1.2.840.113556.1.5.67
+-
+
+dn: CN=ipProtocol,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: possSuperiors
+possSuperiors: 1.3.6.1.1.1.2.9
+-
+
+dn: CN=ipHost,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 0.9.2342.19200300.100.1.10
+-
+
+dn: CN=ipNetwork,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: possSuperiors
+possSuperiors: 1.2.840.113556.1.5.67
+-
+
+dn: CN=ipNetwork,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: possSuperiors
+possSuperiors: 1.3.6.1.1.1.2.9
+-
+
+dn: CN=ipNetwork,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 0.9.2342.19200300.100.1.10
+-
+
+
+dn: CN=nisNetgroup,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: possSuperiors
+possSuperiors: 1.2.840.113556.1.5.67
+-
+
+dn: CN=nisNetGroup,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: possSuperiors
+possSuperiors: 1.3.6.1.1.1.2.9
+-
+
+dn: CN=nisMap,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: possSuperiors
+possSuperiors: 1.2.840.113556.1.5.67
+-
+
+dn: CN=nisObject,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: possSuperiors
+possSuperiors: 1.2.840.113556.1.5.67
+-
+
+dn: CN=nisObject,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: possSuperiors
+possSuperiors: 1.3.6.1.1.1.2.9
+-
+
+dn: CN=msSFU-30-Mail-Aliases,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: possSuperiors
+possSuperiors: 1.2.840.113556.1.5.67
+-
+
+dn: CN=msSFU-30-Mail-Aliases,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: possSuperiors
+possSuperiors: 1.3.6.1.1.1.2.9
+-
+
+dn: CN=msSFU-30-Net-Id,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: possSuperiors
+possSuperiors: 1.2.840.113556.1.5.67
+-
+
+dn: CN=msSFU-30-Net-Id,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: possSuperiors
+possSuperiors: 1.3.6.1.1.1.2.9
+-
+
+dn: CN=msSFU-30-Network-User,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: possSuperiors
+possSuperiors: 1.2.840.113556.1.5.67
+-
+
+dn: CN=msSFU-30-Network-User,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: possSuperiors
+possSuperiors: 1.3.6.1.1.1.2.9
+-
+
+
+dn: CN=ms-DS-Password-Settings-Container,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDS-PasswordSettingsContainer
+adminDisplayName: ms-DS-Password-Settings-Container
+adminDescription: Container for password settings objects
+governsId: 1.2.840.113556.1.5.256
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: arAGW/NMwES9FkO8EKmH2g==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+showInAdvancedViewOnly: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Password-Settings-Container,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-DS-Password-Settings,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDS-PasswordSettings
+adminDisplayName: ms-DS-Password-Settings
+adminDescription: Password settings object for accounts
+governsId: 1.2.840.113556.1.5.255
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 1.2.840.113556.1.4.2023
+systemMustContain: 1.2.840.113556.1.4.2016
+systemMustContain: 1.2.840.113556.1.4.2019
+systemMustContain: 1.2.840.113556.1.4.2018
+systemMustContain: 1.2.840.113556.1.4.2017
+systemMustContain: 1.2.840.113556.1.4.2015
+systemMustContain: 1.2.840.113556.1.4.2013
+systemMustContain: 1.2.840.113556.1.4.2012
+systemMustContain: 1.2.840.113556.1.4.2011
+systemMustContain: 1.2.840.113556.1.4.2014
+systemMayContain: 1.2.840.113556.1.4.2020
+systemPossSuperiors: 1.2.840.113556.1.5.256
+schemaIdGuid:: uJ3NO0v4HEWVL2xSuB+exg==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+showInAdvancedViewOnly: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Password-Settings,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2000
+systemMayContain: 1.2.840.113556.1.4.2001
+systemMayContain: 1.2.840.113556.1.4.2002
+systemMayContain: 1.2.840.113556.1.4.2003
+systemMayContain: 1.2.840.113556.1.4.2004
+systemMayContain: 1.2.840.113556.1.4.2005
+systemMayContain: 1.2.840.113556.1.4.2006
+systemMayContain: 1.2.840.113556.1.4.2007
+systemMayContain: 1.2.840.113556.1.4.2008
+systemMayContain: 1.2.840.113556.1.4.2009
+systemMayContain: 1.2.840.113556.1.4.2010
+systemMayContain: 1.2.840.113556.1.4.2022
+-
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2021
+systemMayContain: 1.2.840.113556.1.4.2024
+-
+
+
+dn: CN=ms-FVE-RecoveryInformation,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: mayContain
+mayContain: 1.2.840.113556.1.4.1998
+mayContain: 1.2.840.113556.1.4.1999
+-
+
+dn: CN=ms-FVE-RecoveryInformation,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1998
+systemMayContain: 1.2.840.113556.1.4.1999
+-
+
+dn: CN=Server,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2025
+-
+
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2025
+-
+
+dn: CN=NTDS-DSA,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2025
+-
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=Reload-SSL-Certificate,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+displayName: Reload SSL/TLS Certificate
+rightsGuid: 1a60ea8d-58a6-4b20-bcdc-fb71eb8a9ff8
+appliesTo: f0f8ffab-1191-11d0-a060-00aa006c33ed
+validAccesses: 256
+localizationDisplayId: 76
+
+dn: CN=DS-Replication-Get-Changes-In-Filtered-Set,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+displayName: Replicating Directory Changes In Filtered Set
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+appliesTo: bf967a87-0de6-11d0-a285-00aa003049e2
+appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2
+rightsGuid: 89e95b76-444d-4c62-991a-0facbeda640c
+validAccesses: 256
+localizationDisplayId: 77
+
+dn: CN=MS-TS-GatewayAccess,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: rightsGuid
+rightsGuid: ffa6f046-ca4b-4feb-b40d-04dfee722543
+-
+
+dn: CN=Terminal-Server-License-Server,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: rightsGuid
+rightsGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+-
+delete: appliesTo
+appliesTo: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+-
+
+# Increase object version
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 40
+-
+
+```
+
+### Sch41.ldf
+
+```
+dn: CN=NTDS-DSA,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1959
+-
+
+dn: CN=NTDS-DSA,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1960
+-
+
+dn: CN=NTDS-DSA,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1961
+-
+
+dn: CN=ms-DS-PSO-Applied,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 0
+-
+
+dn: CN=ms-DS-Resultant-PSO,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 0
+-
+
+dn:
+changetype: ntdsSchemaModify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=MS-TS-GatewayAccess,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: rightsGuid
+rightsGuid: ffa6f046-ca4b-4feb-b40d-04dfee722543
+-
+
+dn: CN=Terminal-Server-License-Server,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: rightsGuid
+rightsGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+-
+delete: appliesTo
+appliesTo: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+-
+
+# Increase object version
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 41
+-
+
+```
+
+### Sch42.ldf
+
+```
+dn: CN=account-expires,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=address,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=address-book-roots,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=address-entry-display-table,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=address-entry-display-table-msdos,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=address-syntax,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=address-type,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=admin-count,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=admin-display-name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=allowed-attributes,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=allowed-attributes-effective,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=allowed-child-classes,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=allowed-child-classes-effective,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=alt-security-identities,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=anr,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=attribute-id,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=attribute-security-guid,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=attribute-syntax,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=attribute-types,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=auditing-policy,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=authentication-options,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=auxiliary-class,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=bad-password-time,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=bad-pwd-count,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=bridgehead-server-list-bl,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=canonical-name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=code-page,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=common-name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=cost,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=country-code,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=country-name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=create-time-stamp,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=creation-time,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=current-value,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=dbcs-pwd,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=default-hiding-value,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=default-object-category,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=default-security-descriptor,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=description,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=display-name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=display-name-printable,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=dit-content-rules,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=dmd-location,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=dn-reference-update,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=dns-host-name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=dns-root,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=domain-component,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=domain-cross-ref,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=domain-replica,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ds-core-propagation-data,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ds-heuristics,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=dsa-signature,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=efspolicy,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=enabled,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=enabled-connection,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=extended-attribute-info,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=extended-chars-allowed,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=extended-class-info,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=flat-name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=force-logoff,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=from-entry,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=from-server,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=fsmo-role-owner,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=garbage-coll-period,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=given-name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=global-address-list,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=governs-id,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=group-type,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=has-master-ncs,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=has-partial-replica-ncs,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=help-data16,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=help-data32,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=help-file-name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=home-directory,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=home-drive,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=initial-auth-incoming,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=initial-auth-outgoing,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=instance-type,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=inter-site-topology-failover,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=inter-site-topology-generator,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=inter-site-topology-renew,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=invocation-id,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=is-critical-system-object,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=is-defunct,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=is-deleted,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=is-member-of-dl,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=is-member-of-partial-attribute-set,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=is-single-valued,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=keywords,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=last-known-parent,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=last-logoff,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=last-logon,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=last-logon-timestamp,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=last-set-time,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ldap-admin-limits,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ldap-display-name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ldap-ipdeny-list,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=legacy-exchange-dn,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=link-id,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=lm-pwd-history,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=local-policy-flags,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=locality-name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=lock-out-observation-window,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=lockout-duration,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=lockout-threshold,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=lockout-time,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=logo,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=logon-count,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=logon-hours,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=machine-role,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=managed-by,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=mapi-id,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=mastered-by,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=max-pwd-age,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=max-renew-age,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=max-ticket-age,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=may-contain,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=member,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=min-pwd-age,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=min-pwd-length,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=min-ticket-age,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=modified-count,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=modified-count-at-last-prom,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=modify-time-stamp,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-additional-dns-host-name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-additional-sam-account-name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-all-users-trust-quota,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-allowed-dns-suffixes,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-allowed-to-delegate-to,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-auxiliary-classes,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-approx-immed-subordinates,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-authenticatedat-dc,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-authenticatedto-accountlist,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-az-ldap-query,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-behavior-version,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-cached-membership,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-cached-membership-time-stamp,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-creator-sid,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-default-quota,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-dnsrootalias,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-entry-time-to-die,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-executescriptpassword,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-has-instantiated-ncs,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-has-domain-ncs,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-has-master-ncs,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-intid,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-isgc,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-isrodc,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-keyversionnumber,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-logon-time-sync-interval,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-mastered-by,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-maximum-password-age,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-minimum-password-age,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-minimum-password-length,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-password-history-length,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-password-complexity-enabled,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-password-reversible-encryption-enabled,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-lockout-observation-window,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-lockout-duration,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-lockout-threshold,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-pso-applied,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-resultant-pso,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-password-settings-precedence,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-members-for-az-role,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-nc-type,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-non-members,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-phonetic-display-name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-sitename,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-supported-encryption-types,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-trust-forest-trust-info,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-tombstone-quota-factor,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-top-quota-usage,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-machine-account-quota,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-other-settings,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-principal-name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-quota-amount,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-quota-effective,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-quota-trustee,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-quota-used,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-nc-repl-cursors,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-nc-repl-inbound-neighbors,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-nc-repl-outbound-neighbors,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-nc-replica-locations,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-nc-ro-replica-locations,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-per-user-trust-quota,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-per-user-trust-tombstones-quota,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-preferred-gc-site,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-repl-attribute-meta-data,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-repl-value-meta-data,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-replicates-nc-reason,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-replication-notify-first-dsa-delay,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-replication-notify-subsequent-dsa-delay,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-replicationepoch,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-retired-repl-nc-signatures,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-sd-reference-domain,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-site-affinity,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-spn-suffixes,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-port-ssl,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-service-account,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-user-account-disabled,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-user-dont-expire-password,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-user-account-auto-locked,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-user-password-expiry-time-computed,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-user-account-control-computed,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-user-password-expiry-time-computed,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-updatescript,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-krbtgt-link,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-revealed-users,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-has-full-replica-ncs,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-never-reveal-group,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-reveal-ondemand-group,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-secondary-krbtgt-number,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-revealed-dsas,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-krbtgt-link-bl,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-is-user-cachable-at-rodc,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-revealed-list,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-revealed-list-bl,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-last-successful-interactive-logon-time,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-last-failed-interactive-logon-time,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-failed-interactive-logon-count,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=ms-ds-failed-interactive-logon-count-at-last-successful-logon,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=msmq-owner-id,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=must-contain,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=nc-name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=netbios-name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=next-rid,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=nt-mixed-domain,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=nt-pwd-history,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=nt-security-descriptor,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=obj-dist-name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=object-category,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=object-class,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=object-class-category,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=object-classes,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=object-guid,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=object-sid,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=object-version,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=oem-information,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=om-object-class,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=om-syntax,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=operating-system,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=operating-system-service-pack,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=operating-system-version,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=operator-count,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=options,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=organization-name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=organizational-unit-name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=other-well-known-objects,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=parent-guid,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=partial-attribute-deletion-list,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=partial-attribute-set,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=pek-list,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=poss-superiors,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=possible-inferiors,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=prefix-map,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=primary-group-id,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=primary-group-token,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=prior-set-time,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=prior-value,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=private-key,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=profile-path,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=proxied-object-name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=proxy-addresses,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=proxy-lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=pwd-history-length,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=pwd-last-set,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=pwd-properties,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=query-policy-object,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=range-lower,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=range-upper,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=rdn,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=rdn-att-id,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=repl-property-meta-data,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=repl-topology-stay-of-execution,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=repl-uptodate-vector,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=repl-interval,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=reps-from,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=reps-to,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=retired-repl-dsa-signatures,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=token-groups,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=token-groups-global-and-universal,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=token-groups-no-gc-acceptable,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=revision,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=rid,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=rid-allocation-pool,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=rid-available-pool,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=rid-manager-reference,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=rid-next-rid,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=rid-previous-allocation-pool,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=rid-set-references,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=rid-used-pool,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=rights-guid,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=root-trust,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=sam-account-name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=sam-account-type,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=sam-domain-updates,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=schedule,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=schema-id-guid,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=schema-info,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=script-path,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=sd-rights-effective,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=search-flags,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=security-identifier,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=server-name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=server-reference,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=server-reference-bl,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=server-state,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=service-principal-name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=show-in-address-book,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=show-in-advanced-view-only,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=sid-history,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=site-link-list,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=site-list,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=site-object,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=smtp-mail-address,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=spn-mappings,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=state-or-province-name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=street-address,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=structural-object-class,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=sub-class-of,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=sub-refs,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=subschemasubentry,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=superior-dns-root,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=supplemental-credentials,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=surname,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=system-auxiliary-class,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=system-flags,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=system-may-contain,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=system-must-contain,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=system-only,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=system-poss-superiors,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=template-roots,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=tombstone-lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=transport-address-attribute,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=transport-dll-name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=transport-type,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=trust-attributes,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=trust-auth-incoming,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=trust-auth-outgoing,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=trust-direction,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=trust-parent,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=trust-partner,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=trust-posix-offset,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=trust-type,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=uas-compat,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=unicode-pwd,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=upn-suffixes,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=user-account-control,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=user-comment,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=user-parameters,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=user-password,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=user-principal-name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=user-workstations,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=usn-changed,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=usn-created,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=usn-dsa-last-obj-removed,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=usn-last-obj-rem,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=valid-accesses,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=well-known-objects,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=when-changed,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=when-created,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+dn: cn=schema-flags-ex,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: systemOnly
+systemOnly: TRUE
+-
+
+dn: CN=Schema-Flags-Ex,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: schemaFlagsEx
+schemaFlagsEx: 1
+-
+
+# Increase object version
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 42
+-
+
+```
+
+### Sch43.ldf
+
+```
+dn: CN=ms-DFS-Schema-Major-Version,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DFS-Schema-Major-Version
+attributeID: 1.2.840.113556.1.4.2030
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 2
+rangeUpper: 2
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Schema-Major-Version
+adminDescription: Major version of schema of DFS metadata.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFS-SchemaMajorVersion
+schemaIDGUID:: VXht7EpwYU+apsSafB1Uxw==
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-DFS-Schema-Minor-Version,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DFS-Schema-Minor-Version
+attributeID: 1.2.840.113556.1.4.2031
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 0
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Schema-Minor-Version
+adminDescription: Minor version of schema of DFS metadata.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFS-SchemaMinorVersion
+schemaIDGUID:: Jaf5/vHoq0O9hmoBFc6eOA==
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-DFS-Generation-GUID-v2,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DFS-Generation-GUID-v2
+attributeID: 1.2.840.113556.1.4.2032
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Generation-GUID-v2
+adminDescription: To be updated each time the entry containing this attribute is modified.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFS-GenerationGUIDv2
+schemaIDGUID:: 2bO4NY/F1kOTDlBA8vGngQ==
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-DFS-Namespace-Identity-GUID-v2,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DFS-Namespace-Identity-GUID-v2
+attributeID: 1.2.840.113556.1.4.2033
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Namespace-Identity-GUID-v2
+adminDescription: To be set only when the namespace is created. Stable across rename/move as long as namespace is not replaced by another namespace having same name.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFS-NamespaceIdentityGUIDv2
+schemaIDGUID:: zjIEIF/sMUmlJdf0r+NOaA==
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-DFS-Last-Modified-v2,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DFS-Last-Modified-v2
+attributeID: 1.2.840.113556.1.4.2034
+attributeSyntax: 2.5.5.11
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Last-Modified-v2
+adminDescription: To be updated on each write to the entry containing the attribute.
+oMSyntax: 24
+searchFlags: 0
+lDAPDisplayName: msDFS-LastModifiedv2
+schemaIDGUID:: il4JPE4xW0aD9auCd7zymw==
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-DFS-Ttl-v2,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DFS-Ttl-v2
+attributeID: 1.2.840.113556.1.4.2035
+attributeSyntax: 2.5.5.9
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Ttl-v2
+adminDescription: TTL associated with DFS root/link. For use at DFS referral time.
+oMSyntax: 2
+searchFlags: 0
+lDAPDisplayName: msDFS-Ttlv2
+schemaIDGUID:: MU2U6kqGSUOtpQYuLGFPXg==
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-DFS-Comment-v2,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DFS-Comment-v2
+attributeID: 1.2.840.113556.1.4.2036
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32766
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Comment-v2
+adminDescription: Comment associated with DFS root/link.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFS-Commentv2
+schemaIDGUID:: yc6Gt/1hI0WywVzrOGC7Mg==
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-DFS-Properties-v2,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DFS-Properties-v2
+attributeID: 1.2.840.113556.1.4.2037
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+rangeLower: 0
+rangeUpper: 1024
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Properties-v2
+adminDescription: Properties associated with DFS root/link.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFS-Propertiesv2
+schemaIDGUID:: xVs+DA7r9UCbUzNOlY3/2w==
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-DFS-Target-List-v2,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DFS-Target-List-v2
+attributeID: 1.2.840.113556.1.4.2038
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 2097152
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Target-List-v2
+adminDescription: Targets corresponding to DFS root/link.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFS-TargetListv2
+schemaIDGUID:: xiaxakH6NkuAnnypFhDUjw==
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-DFS-Link-Path-v2,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DFS-Link-Path-v2
+attributeID: 1.2.840.113556.1.4.2039
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32766
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Link-Path-v2
+adminDescription: DFS link path relative to the DFS root target share (i.e. without the server/domain and DFS namespace name components). Use forward slashes (/) instead of backslashes so that LDAP searches can be done without having to use escapes.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFS-LinkPathv2
+schemaIDGUID:: 9iGwhqsQokCiUh3AzDvmqQ==
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-DFS-Link-Security-Descriptor-v2,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DFS-Link-Security-Descriptor-v2
+attributeID: 1.2.840.113556.1.4.2040
+attributeSyntax: 2.5.5.15
+isSingleValued: TRUE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Link-Security-Descriptor-v2
+adminDescription: Security descriptor of the DFS links's reparse point on the filesystem.
+oMSyntax: 66
+searchFlags: 0
+lDAPDisplayName: msDFS-LinkSecurityDescriptorv2
+schemaIDGUID:: 94fPVyY0QUizIgKztunrqA==
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-DFS-Link-Identity-GUID-v2,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DFS-Link-Identity-GUID-v2
+attributeID: 1.2.840.113556.1.4.2041
+attributeSyntax: 2.5.5.10
+isSingleValued: TRUE
+rangeLower: 16
+rangeUpper: 16
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Link-Identity-GUID-v2
+adminDescription: To be set only when the link is created. Stable across rename/move as long as link is not replaced by another link having same name.
+oMSyntax: 4
+searchFlags: 0
+lDAPDisplayName: msDFS-LinkIdentityGUIDv2
+schemaIDGUID:: 8yew7SZX7k2NTtvwfhrR8Q==
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-DFS-Short-Name-Link-Path-v2,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+cn: ms-DFS-Short-Name-Link-Path-v2
+attributeID: 1.2.840.113556.1.4.2042
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+rangeLower: 0
+rangeUpper: 32766
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Short-Name-Link-Path-v2
+adminDescription: Shortname DFS link path relative to the DFS root target share (i.e. without the server/domain and DFS namespace name components). Use forward slashes (/) instead of backslashes so that LDAP searches can be done without having to use escapes.
+oMSyntax: 64
+searchFlags: 0
+lDAPDisplayName: msDFS-ShortNameLinkPathv2
+schemaIDGUID:: 8CZ4LfdM6UKgOREQ4NnKmQ==
+isMemberOfPartialAttributeSet: FALSE
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+DN:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=ms-DFS-Namespace-Anchor,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+cn: ms-DFS-Namespace-Anchor
+subClassOf: top
+governsID: 1.2.840.113556.1.5.257
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Namespace-Anchor
+adminDescription: DFS namespace anchor
+objectClassCategory: 1
+lDAPDisplayName: msDFS-NamespaceAnchor
+schemaIDGUID:: haBz2mRuYU2wZAFdBBZHlQ==
+systemOnly: FALSE
+systemPossSuperiors: 1.2.840.113556.1.5.42
+systemMustContain: 1.2.840.113556.1.4.2030
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFS-Namespace-Anchor,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Namespace-v2,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+cn: ms-DFS-Namespace-v2
+subClassOf: top
+governsID: 1.2.840.113556.1.5.258
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Namespace-v2
+adminDescription: DFS namespace
+objectClassCategory: 1
+lDAPDisplayName: msDFS-Namespacev2
+schemaIDGUID:: KIbLIcPzv0u/9gYLLY8pmg==
+systemOnly: FALSE
+systemPossSuperiors: 1.2.840.113556.1.5.257
+systemMayContain: 1.2.840.113556.1.4.2036
+systemMustContain: 1.2.840.113556.1.4.2037
+systemMustContain: 1.2.840.113556.1.4.2038
+systemMustContain: 1.2.840.113556.1.4.2035
+systemMustContain: 1.2.840.113556.1.4.2034
+systemMustContain: 1.2.840.113556.1.4.2033
+systemMustContain: 1.2.840.113556.1.4.2032
+systemMustContain: 1.2.840.113556.1.4.2031
+systemMustContain: 1.2.840.113556.1.4.2030
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFS-Namespace-v2,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Link-v2,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+cn: ms-DFS-Link-v2
+subClassOf: top
+governsID: 1.2.840.113556.1.5.259
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Link-v2
+adminDescription: DFS Link in DFS namespace
+objectClassCategory: 1
+lDAPDisplayName: msDFS-Linkv2
+schemaIDGUID:: evtpd1kRlk6czWi8SHBz6w==
+systemOnly: FALSE
+systemPossSuperiors: 1.2.840.113556.1.5.258
+systemMayContain: 1.2.840.113556.1.4.2042
+systemMayContain: 1.2.840.113556.1.4.2040
+systemMayContain: 1.2.840.113556.1.4.2036
+systemMustContain: 1.2.840.113556.1.4.2039
+systemMustContain: 1.2.840.113556.1.4.2037
+systemMustContain: 1.2.840.113556.1.4.2038
+systemMustContain: 1.2.840.113556.1.4.2035
+systemMustContain: 1.2.840.113556.1.4.2034
+systemMustContain: 1.2.840.113556.1.4.2041
+systemMustContain: 1.2.840.113556.1.4.2033
+systemMustContain: 1.2.840.113556.1.4.2032
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFS-Link-v2,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=ms-DFS-Deleted-Link-v2,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+cn: ms-DFS-Deleted-Link-v2
+subClassOf: top
+governsID: 1.2.840.113556.1.5.260
+rDNAttID: cn
+showInAdvancedViewOnly: TRUE
+adminDisplayName: ms-DFS-Deleted-Link-v2
+adminDescription: Deleted DFS Link in DFS namespace
+objectClassCategory: 1
+lDAPDisplayName: msDFS-DeletedLinkv2
+schemaIDGUID:: CDQXJcoE6ECGXj+c6b8b0w==
+systemOnly: FALSE
+systemPossSuperiors: 1.2.840.113556.1.5.258
+systemMayContain: 1.2.840.113556.1.4.2042
+systemMayContain: 1.2.840.113556.1.4.2036
+systemMustContain: 1.2.840.113556.1.4.2039
+systemMustContain: 1.2.840.113556.1.4.2034
+systemMustContain: 1.2.840.113556.1.4.2041
+systemMustContain: 1.2.840.113556.1.4.2033
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=ms-DFS-Deleted-Link-v2,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=Address-Book-Roots2,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: addressBookRoots2
+adminDisplayName: Address-Book-Roots2
+adminDescription: Used by Exchange. Exchange configures trees of address book containers to show up in the MAPI address book. This attribute on the Exchange Config object lists the roots of the address book container trees.
+attributeId: 1.2.840.113556.1.4.2046
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+linkID: 2122
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: dKOMUBGlTk6fT4VvYaa35A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+schemaFlagsEx: 1
+
+dn: CN=Global-Address-List2,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: globalAddressList2
+adminDisplayName: Global-Address-List2
+adminDescription: This attribute is used on a Microsoft Exchange container to store the distinguished name of a newly created global address list (GAL). This attribute must have an entry before you can enable Messaging Application Programming Interface (MAPI) clients to use a GAL.
+attributeId: 1.2.840.113556.1.4.2047
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+linkID: 2124
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: PfaYSBJBfEeIJjygC9gnfQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+schemaFlagsEx: 1
+
+dn: CN=Template-Roots2,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: templateRoots2
+adminDisplayName: Template-Roots2
+adminDescription: This attribute is used on the Exchange config container to indicate where the template containers are stored. This information is used by the Active Directory MAPI provider.
+attributeId: 1.2.840.113556.1.4.2048
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+linkID: 2126
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: GqnLsYIGYkOmWRU+IB7waQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+schemaFlagsEx: 1
+
+DN:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=ms-Exch-Configuration-Container,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2046
+systemMayContain: 1.2.840.113556.1.4.2047
+systemMayContain: 1.2.840.113556.1.4.2048
+-
+
+# Increase object version
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 43
+-
+
+```
+
+### Sch44.ldf
+
+```
+dn: CN=TOP,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.1968
+-
+
+dn: CN=MS-TS-ExpireDate,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: showInAdvancedViewOnly
+showInAdvancedViewOnly: TRUE
+-
+
+dn: CN=ms-PKI-DPAPIMasterKeys,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 640
+-
+
+dn: CN=ms-PKI-AccountCredentials,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 640
+-
+
+dn: CN=ms-PKI-RoamingTimeStamp,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 640
+-
+
+dn: CN=Global-Address-List2,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: adminDescription
+adminDescription: This attribute is used on a Microsoft Exchange container to store the distinguished name of a newly created global address list (GAL). This attribute must have an entry before you can enable Messaging Application Programming Interface (MAPI) clients to use a GAL.
+-
+
+dn: CN=Global-Address-List2,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: isSingleValued
+isSingleValued: FALSE
+-
+
+dn: CN=ms-DS-BridgeHead-Servers-Used,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+adminDescription: List of bridge head servers used by KCC in the previous run.
+adminDisplayName: ms-DS-BridgeHead-Servers-Used
+attributeID: 1.2.840.113556.1.4.2049
+attributeSyntax: 2.5.5.7
+cn: ms-DS-BridgeHead-Servers-Used
+instanceType: 4
+isSingleValued: FALSE
+lDAPDisplayName: msDS-BridgeHeadServersUsed
+linkID: 2160
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+objectClass: attributeSchema
+oMObjectClass:: KoZIhvcUAQEBCw==
+oMSyntax: 127
+schemaFlagsEx: 1
+schemaIDGUID:: ZRTtPHF7QSWHgB4epiQ6gg==
+searchFlags: 0
+showInAdvancedViewOnly: TRUE
+systemFlags: 25
+
+DN:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=Site,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2049
+-
+
+# Increase object version
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 44
+-
+
+```
+
+### Sch45.ldf
+
+```
+DN: CN=ms-DS-USN-Last-Sync-Success,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+adminDisplayName: ms-DS-USN-Last-Sync-Success
+adminDescription: The USN at which the last successful replication synchronization occurred.
+attributeID: 1.2.840.113556.1.4.2055
+attributeSyntax: 2.5.5.16
+isSingleValued: TRUE
+lDAPDisplayName: msDS-USNLastSyncSuccess
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+objectClass: attributeSchema
+oMSyntax: 65
+schemaFlagsEx: 1
+searchFlags: 0
+schemaIDGUID:: trj3MfjJLU+je1ioIwMDMQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 25
+systemOnly: FALSE
+
+dn: CN=Is-Recycled,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: isRecycled
+adminDisplayName: Is-Recycled
+adminDescription: Is the object recycled.
+attributeId: 1.2.840.113556.1.4.2058
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: TRUE
+schemaFlagsEx: 1
+searchFlags: 8
+schemaIdGuid:: VpK1j/FVS0Sqy/W0gv40WQ==
+showInAdvancedViewOnly: TRUE
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: 18
+
+dn: CN=ms-DS-Optional-Feature-GUID,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-OptionalFeatureGUID
+adminDisplayName: ms-DS-Optional-Feature-GUID
+adminDescription: GUID of an optional feature.
+attributeId: 1.2.840.113556.1.4.2062
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaFlagsEx: 1
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+schemaIdGuid:: qL2Im4LdmEmpHV8tK68ZJw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Enabled-Feature,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-EnabledFeature
+adminDisplayName: ms-DS-Enabled-Feature
+adminDescription: Enabled optional features.
+attributeId: 1.2.840.113556.1.4.2061
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+schemaFlagsEx: 1
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: r64GV0C5sk+8/FJoaDrZ/g==
+linkID: 2168
+isMemberOfPartialAttributeSet: TRUE
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-Imaging-PSP-String,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msImaging-PSPString
+adminDisplayName: ms-Imaging-PSP-String
+adminDescription: Schema Attribute that contains the XML sequence for this PostScan Process.
+attributeId: 1.2.840.113556.1.4.2054
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+schemaFlagsEx: 1
+isSingleValued: TRUE
+searchFlags: 0
+rangeUpper: 524288
+schemaIdGuid:: rmBne+3WpkS2vp3mLAnsZw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-OIDToGroup-Link,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-OIDToGroupLink
+adminDisplayName: ms-DS-OIDToGroup-Link
+adminDescription: For an OID, identifies the group object corresponding to the issuance policy represented by this OID.
+attributeId: 1.2.840.113556.1.4.2051
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+schemaFlagsEx: 1
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: fKXJ+UE5jUO+vw7a8qyhhw==
+linkID: 2164
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-OIDToGroup-Link-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-OIDToGroupLinkBl
+adminDisplayName: ms-DS-OIDToGroup-Link-BL
+adminDescription: Backlink for ms-DS-OIDToGroup-Link; identifies the issuance policy, represented by an OID object, which is mapped to this group.
+attributeId: 1.2.840.113556.1.4.2052
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+schemaFlagsEx: 1
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: IA09GkRYmUGtJQ9QOadq2g==
+linkID: 2165
+showInAdvancedViewOnly: TRUE
+systemFlags: 17
+
+dn: CN=ms-Imaging-PSP-Identifier,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msImaging-PSPIdentifier
+adminDisplayName: ms-Imaging-PSP-Identifier
+adminDescription: Schema Attribute that contains the unique identifier for this PostScan Process.
+attributeId: 1.2.840.113556.1.4.2053
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+searchFlags: 0
+schemaIdGuid:: 6TxYUfqUEku5kDBMNbGFlQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Host-Service-Account,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-HostServiceAccount
+adminDisplayName: ms-DS-Host-Service-Account
+adminDescription: Service Accounts configured to run on this computer.
+attributeId: 1.2.840.113556.1.4.2056
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+searchFlags: 0
+schemaFlagsEx: 1
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: QxBkgKIV4UCSooyoZvcHdg==
+attributeSecurityGuid:: hri1d0qU0RGuvQAA+ANnwQ==
+linkID: 2166
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Host-Service-Account-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-HostServiceAccountBL
+adminDisplayName: ms-DS-Host-Service-Account-BL
+adminDescription: Service Accounts Back Link for linking machines associated with the service account.
+attributeId: 1.2.840.113556.1.4.2057
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+searchFlags: 0
+schemaFlagsEx: 1
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: 6+SrefOI50iJ1vS8fpjDMQ==
+linkID: 2167
+showInAdvancedViewOnly: TRUE
+systemFlags: 17
+
+dn: CN=ms-DS-Required-Domain-Behavior-Version,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-RequiredDomainBehaviorVersion
+adminDisplayName: ms-DS-Required-Domain-Behavior-Version
+adminDescription: Required domain function level for this feature.
+attributeId: 1.2.840.113556.1.4.2066
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+schemaFlagsEx: 1
+schemaIdGuid:: /j3d6g6uwky5uV/ltu0t0g==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Required-Forest-Behavior-Version,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-RequiredForestBehaviorVersion
+adminDisplayName: ms-DS-Required-Forest-Behavior-Version
+adminDescription: Required forest function level for this feature.
+attributeId: 1.2.840.113556.1.4.2079
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+schemaFlagsEx: 1
+schemaIdGuid:: 6KLsS1OmskGP7nIVdUdL7A==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-PKI-Credential-Roaming-Tokens,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msPKI-CredentialRoamingTokens
+adminDisplayName: ms-PKI-Credential-Roaming-Tokens
+adminDescription: Storage of encrypted user credential token blobs for roaming.
+attributeId: 1.2.840.113556.1.4.2050
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+isSingleValued: FALSE
+searchFlags: 128
+omObjectClass:: KoZIhvcUAQEBCw==
+schemaIdGuid:: OFr/txgIsEKBENPRVMl/JA==
+attributeSecurityGuid:: 3kfmkW/ZcEuVV9Y/9PPM2A==
+linkID: 2162
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Local-Effective-Recycle-Time,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-LocalEffectiveRecycleTime
+adminDisplayName: ms-DS-Local-Effective-Recycle-Time
+adminDescription: Recycle time of the object in the local DIT.
+attributeId: 1.2.840.113556.1.4.2060
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+schemaFlagsEx: 1
+schemaIdGuid:: awHWStKwm0yTtllksXuWjA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 20
+
+dn: CN=ms-DS-Local-Effective-Deletion-Time,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-LocalEffectiveDeletionTime
+adminDisplayName: ms-DS-Local-Effective-Deletion-Time
+adminDescription: Deletion time of the object in the local DIT.
+attributeId: 1.2.840.113556.1.4.2059
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+schemaFlagsEx: 1
+schemaIdGuid:: DIDylB9T60qXXUisOf2MpA==
+showInAdvancedViewOnly: TRUE
+systemFlags: 20
+
+dn: CN=ms-DS-Last-Known-RDN,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-LastKnownRDN
+adminDisplayName: ms-DS-Last-Known-RDN
+adminDescription: Holds original RDN of a deleted object.
+attributeId: 1.2.840.113556.1.4.2067
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaFlagsEx: 1
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 255
+schemaIdGuid:: WFixij5obUaHf9ZA4fmmEQ==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Enabled-Feature-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-EnabledFeatureBL
+adminDisplayName: ms-DS-Enabled-Feature-BL
+adminDescription: Scopes where this optional feature is enabled.
+attributeId: 1.2.840.113556.1.4.2069
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+schemaFlagsEx: 1
+systemOnly: TRUE
+searchFlags: 0
+omObjectClass:: KwwCh3McAIVK
+schemaIdGuid:: vAFbzsYXuESdwalmiwCQGw==
+linkID: 2169
+showInAdvancedViewOnly: TRUE
+systemFlags: 17
+
+dn: CN=ms-DS-Deleted-Object-Lifetime,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-DeletedObjectLifetime
+adminDisplayName: ms-DS-Deleted-Object-Lifetime
+adminDescription: Lifetime of a deleted object.
+attributeId: 1.2.840.113556.1.4.2068
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+schemaFlagsEx: 1
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid:: toyzqZoY702KcA/PoVgUjg==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-DS-Optional-Feature-Flags,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msDS-OptionalFeatureFlags
+adminDisplayName: ms-DS-Optional-Feature-Flags
+adminDescription: An integer value that contains flags that define behavior of an optional feature in Active Directory.
+attributeId: 1.2.840.113556.1.4.2063
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaFlagsEx: 1
+systemOnly: TRUE
+searchFlags: 0
+schemaIdGuid:: wWAFirmXEUidt9wGFZiWWw==
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-PKI-Enrollment-Servers,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaadd
+objectClass: attributeSchema
+cn: ms-PKI-Enrollment-Servers
+attributeID: 1.2.840.113556.1.4.2076
+attributeSyntax: 2.5.5.12
+isSingleValued: FALSE
+adminDisplayName: ms-PKI-Enrollment-Servers
+adminDescription: Priority, authentication type, and URI of each certificate enrollment web service.
+oMSyntax: 64
+lDAPDisplayName: msPKI-Enrollment-Servers
+name: ms-PKI-Enrollment-Servers
+schemaIDGUID:: j9Mr8tChMkiLKAMxQ4iGpg==
+instanceType: 4
+rangeUpper: 65536
+isMemberOfPartialAttributeSet: TRUE
+searchFlags: 0
+# System-Flags=FLAG_SCHEMA_BASE_OBJECT
+systemFlags: 16
+systemOnly: FALSE
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-PKI-Site-Name,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaadd
+objectClass: attributeSchema
+cn: ms-PKI-Site-Name
+attributeID: 1.2.840.113556.1.4.2077
+attributeSyntax: 2.5.5.12
+isSingleValued: TRUE
+adminDisplayName: ms-PKI-Site-Name
+adminDescription: Active Directory site to which the CA machine belongs.
+oMSyntax: 64
+lDAPDisplayName: msPKI-Site-Name
+name: ms-PKI-Site-Name
+schemaIDGUID:: H3HYDPwKJkmksQmwjT1DbA==
+instanceType: 4
+rangeUpper: 1024
+isMemberOfPartialAttributeSet: TRUE
+searchFlags: 0
+systemOnly: FALSE
+# System-Flags=FLAG_SCHEMA_BASE_OBJECT
+systemFlags: 16
+showInAdvancedViewOnly: TRUE
+
+dn: CN=ms-TS-Endpoint-Data,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSEndpointData
+adminDisplayName: ms-TS-Endpoint-Data
+adminDescription: This attribute represents the VM Name for machine in TSV deployment.
+attributeId: 1.2.840.113556.1.4.2070
+attributeSyntax: 2.5.5.12
+schemaIDGUID:: B8ThQERD80CrQzYlo0pjog==
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-TS-Endpoint-Type,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSEndpointType
+adminDisplayName: ms-TS-Endpoint-Type
+adminDescription: This attribute defines if the machine is a physical machine or a virtual machine.
+attributeId: 1.2.840.113556.1.4.2071
+attributeSyntax: 2.5.5.9
+schemaIDGUID:: gN56N9jixUabzW2d7JOzXg==
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-TS-Endpoint-Plugin,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSEndpointPlugin
+adminDisplayName: ms-TS-Endpoint-Plugin
+adminDescription: This attribute represents the name of the plugin which handles the orchestration.
+attributeId: 1.2.840.113556.1.4.2072
+attributeSyntax: 2.5.5.12
+schemaIDGUID:: abUIPB+AWEGxe+Nj1q5pag==
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-TS-Primary-Desktop,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSPrimaryDesktop
+adminDisplayName: ms-TS-Primary-Desktop
+adminDescription: This attribute represents the forward link to user's primary desktop.
+attributeId: 1.2.840.113556.1.4.2073
+attributeSyntax: 2.5.5.1
+schemaIDGUID:: lJYlKeQJN0KfcpMG6+Y6sg==
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2170
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-TS-Secondary-Desktops,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSSecondaryDesktops
+adminDisplayName: ms-TS-Secondary-Desktops
+adminDescription: This attribute represents the array of forward links to user's secondary desktops.
+attributeId: 1.2.840.113556.1.4.2075
+attributeSyntax: 2.5.5.1
+schemaIDGUID:: mqI69jG74Ui/qwpsWh05wg==
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2172
+showInAdvancedViewOnly: TRUE
+systemFlags: 16
+
+dn: CN=ms-TS-Primary-Desktop-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSPrimaryDesktopBL
+adminDisplayName: ms-TS-Primary-Desktop-BL
+adminDescription: This attribute represents the backward link to user.
+attributeId: 1.2.840.113556.1.4.2074
+attributeSyntax: 2.5.5.1
+schemaIDGUID:: GNyqndFA0U6iv2ub9H09qg==
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2171
+showInAdvancedViewOnly: TRUE
+systemFlags: 17
+
+dn: CN=ms-TS-Secondary-Desktop-BL,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: attributeSchema
+ldapDisplayName: msTSSecondaryDesktopBL
+adminDisplayName: ms-TS-Secondary-Desktop-BL
+adminDescription: This attribute represents the backward link to user.
+attributeId: 1.2.840.113556.1.4.2078
+attributeSyntax: 2.5.5.1
+schemaIDGUID:: rwexNAqgWkWxOd0aGxLYrw==
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2173
+showInAdvancedViewOnly: TRUE
+systemFlags: 17
+
+DN:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=ms-Imaging-PSPs,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msImaging-PSPs
+adminDisplayName: ms-Imaging-PSPs
+adminDescription: Container for all Enterprise Scan Post Scan Process objects.
+governsId: 1.2.840.113556.1.5.262
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.23
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: wSrtoAyXd0eEjuxjoOxE/A==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-Imaging-PSPs,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-DS-Optional-Feature,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDS-OptionalFeature
+adminDisplayName: ms-DS-Optional-Feature
+adminDescription: Configuration for an optional DS feature.
+governsId: 1.2.840.113556.1.5.265
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMayContain: 1.2.840.113556.1.4.2079
+systemMayContain: 1.2.840.113556.1.4.2066
+systemMustContain: 1.2.840.113556.1.4.2062
+systemMustContain: 1.2.840.113556.1.4.2063
+systemPossSuperiors: 1.2.840.113556.1.3.23
+schemaIdGuid:: QQDwRK81i0ayCmzoc3xYCw==
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=ms-DS-Optional-Feature,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-Imaging-PostScanProcess,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msImaging-PostScanProcess
+adminDisplayName: ms-Imaging-PostScanProcess
+adminDescription: Enterprise Scan Post Scan Process object.
+governsId: 1.2.840.113556.1.5.263
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 2.5.6.0
+systemMustContain: 1.2.840.113556.1.2.13
+systemMustContain: 1.2.840.113556.1.4.2053
+systemMayContain: 1.2.840.113556.1.4.2054
+systemMayContain: 1.2.840.113556.1.4.223
+systemPossSuperiors: 1.2.840.113556.1.5.262
+schemaIdGuid:: fCV8H6O4JUWC+BHMx77jbg==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-Imaging-PostScanProcess,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+dn: CN=ms-DS-Managed-Service-Account,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: classSchema
+ldapDisplayName: msDS-ManagedServiceAccount
+adminDisplayName: ms-DS-Managed-Service-Account
+adminDescription: Service account class is used to create accounts that are used for running Windows services.
+governsId: 1.2.840.113556.1.5.264
+objectClassCategory: 1
+rdnAttId: 2.5.4.3
+subClassOf: 1.2.840.113556.1.3.30
+systemPossSuperiors: 1.2.840.113556.1.5.67
+systemPossSuperiors: 2.5.6.5
+systemPossSuperiors: 1.2.840.113556.1.3.23
+systemPossSuperiors: 1.2.840.113556.1.3.30
+schemaIdGuid:: RGIgzidYhkq6HBwMOGwbZA==
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCRLCLORCSDDT;;;CO)(OA;;WP;4c164200-20c0-11d0-a768-00aa006e0529;;CO)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO)(OA;;WP;3e0abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967950-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)(A;;RPLCLORC;;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)
+showInAdvancedViewOnly: TRUE
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Managed-Service-Account,CN=Schema,CN=Configuration,DC=X
+systemFlags: 16
+
+
+dn: CN=DMD,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2055
+-
+
+dn: CN=Configuration,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2055
+-
+
+dn: CN=domain-DNS,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2055
+-
+
+dn: CN=ms-PKI-Cert-Template-OID,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: searchFlags
+searchFlags: 1
+-
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2052
+systemMayContain: 1.2.840.113556.1.4.2057
+systemMayContain: 1.2.840.113556.1.4.2058
+systemMayContain: 1.2.840.113556.1.4.2059
+systemMayContain: 1.2.840.113556.1.4.2060
+-
+
+
+dn: CN=Top,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2067
+systemMayContain: 1.2.840.113556.1.4.2069
+-
+
+dn: CN=NTDS-Service,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2068
+-
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2050
+-
+
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2056
+-
+
+
+dn: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2061
+-
+
+dn: CN=Domain-DNS,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2061
+-
+
+dn: CN=ms-PKI-Enterprise-Oid,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2051
+-
+
+dn: CN=PKI-Enrollment-Service,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2076
+systemMayContain: 1.2.840.113556.1.4.2077
+-
+
+dn: CN=User,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2073
+systemMayContain: 1.2.840.113556.1.4.2075
+-
+
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2070
+systemMayContain: 1.2.840.113556.1.4.2071
+systemMayContain: 1.2.840.113556.1.4.2072
+systemMayContain: 1.2.840.113556.1.4.2074
+systemMayContain: 1.2.840.113556.1.4.2078
+-
+
+DN:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: container
+systemFlags: -1946157056
+
+
+dn: CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: msDS-OptionalFeature
+msDS-OptionalFeatureGUID:: 2NxtdtCsXkTzuaf5tnRPKg==
+msDS-RequiredForestBehaviorVersion: 4
+msDS-OptionalFeatureFlags: 1
+systemFlags: -1946157056
+
+
+dn: CN=User-Change-Password,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: appliesTo
+appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64
+-
+
+dn: CN=User-Force-Change-Password,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: appliesTo
+appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64
+-
+
+dn: CN=Send-As,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: appliesTo
+appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64
+-
+
+dn: CN=Receive-As,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: appliesTo
+appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64
+-
+
+dn: CN=User-Account-Restrictions,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: appliesTo
+appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64
+-
+
+dn: CN=Personal-Information,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: appliesTo
+appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64
+-
+
+dn: CN=Public-Information,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: appliesTo
+appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64
+-
+
+dn: CN=Validated-DNS-Host-Name,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: appliesTo
+appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64
+-
+
+dn: CN=Validated-SPN,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: appliesTo
+appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64
+-
+
+dn: CN=DNS-Host-Name-Attributes,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: appliesTo
+appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64
+-
+
+dn: CN=Allowed-To-Authenticate,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: appliesTo
+appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64
+-
+
+dn: CN=MS-TS-GatewayAccess,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: appliesTo
+appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64
+-
+
+dn: CN=Run-Protect-Admin-Groups-Task,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+displayName: Run Protect Admin Groups Task
+rightsGuid: 7726b9d5-a4b4-4288-a6b2-dce952e80a7f
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+validAccesses: 256
+localizationDisplayId: 78
+
+dn: CN=Manage-Optional-Features,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: ntdsSchemaAdd
+objectClass: controlAccessRight
+displayName: Manage Optional Features for Active Directory
+rightsGuid: 7c0e2a7c-a419-48e4-a995-10180aad54dd
+appliesTo: ef9e60e0-56f7-11d1-a9c6-0000f80367c1
+validAccesses: 256
+localizationDisplayId: 79
+
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 45
+-
+
+```
+
+### Sch46.ldf
+
+```
+dn: CN=ms-DS-Managed-Service-Account,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: defaultHidingValue
+defaultHidingValue: FALSE
+-
+
+DN:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+# Increase object version
+dn: CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 46
+-
+
+```
+
+### Sch47.ldf
+
+```
+dn: CN=NTDS-DSA,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+add: systemMayContain
+systemMayContain: 1.2.840.113556.1.4.2061
+-
+
+dn: CN=ms-DS-Managed-Service-Account,CN=Schema,CN=Configuration,DC=X
+changetype: ntdsSchemaModify
+delete: systemPossSuperiors
+systemPossSuperiors: 1.2.840.113556.1.3.30
+-
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+#increase object version
+dn: CN=Schema,CN=Configuration,DC=X
+changeType: ntdsSchemaModify
+replace: objectVersion
+objectVersion: 47
+-
+
+```
+
+## Next steps
+
+[Domain-wide schema update operations](Domain-Wide-Updates.md)
+
+[Forest-wide schema update operations](../deploy/rodc/forest-wide-updates.md)
diff --git a/source4/setup/adprep/fix-forest-rev.ldf b/source4/setup/adprep/fix-forest-rev.ldf
new file mode 100644
index 0000000..b4458e6
--- /dev/null
+++ b/source4/setup/adprep/fix-forest-rev.ldf
@@ -0,0 +1,6 @@
+dn: CN=ActiveDirectoryRodcUpdate,CN=ForestUpdates,CN=Configuration,DC=X
+changetype: modify
+replace: revision
+revision: 2
+-
+
diff --git a/source4/setup/adprep/samba-4.7-missing-for-schema45.ldif b/source4/setup/adprep/samba-4.7-missing-for-schema45.ldif
new file mode 100644
index 0000000..37efba2
--- /dev/null
+++ b/source4/setup/adprep/samba-4.7-missing-for-schema45.ldif
@@ -0,0 +1,112 @@
+# Missing objects and values that should be in Samba 4.7 to honour the
+# claimed schema 45
+#
+# Extracted from 'samba-tool ldapcmp' and ldbsearch on two Samba
+# installs before and after the schema 2012 patch set landed.
+#
+#
+dn: CN=Manage-Optional-Features,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: add
+objectClass: controlAccessRight
+displayName: Manage Optional Features
+rightsGuid: 7c0e2a7c-a419-48e4-a995-10180aad54dd
+appliesTo: ef9e60e0-56f7-11d1-a9c6-0000f80367c1
+validAccesses: 256
+localizationDisplayId: 79
+-
+
+dn: CN=Run-Protect-Admin-Groups-Task,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: add
+objectClass: controlAccessRight
+displayName: Run Protect Admin Groups Task
+rightsGuid: 7726b9d5-a4b4-4288-a6b2-dce952e80a7f
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+validAccesses: 256
+localizationDisplayId: 78
+-
+
+#
+# These appliesTo values are also documented in MS-ADTS
+# (as 'only in schema version 45 and greater')
+#
+dn: CN=Allowed-To-Authenticate,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: modify
+add: appliesTo
+appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64
+-
+
+dn: CN=DNS-Host-Name-Attributes,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: modify
+add: appliesTo
+appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64
+-
+
+dn: CN=MS-TS-GatewayAccess,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: modify
+add: appliesTo
+appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64
+-
+
+dn: CN=Personal-Information,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: modify
+add: appliesTo
+appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64
+-
+
+dn: CN=Public-Information,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: modify
+add: appliesTo
+appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64
+-
+
+dn: CN=Receive-As,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: modify
+add: appliesTo
+appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64
+-
+
+dn: CN=Send-As,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: modify
+add: appliesTo
+appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64
+-
+
+dn: CN=User-Account-Restrictions,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: modify
+add: appliesTo
+appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64
+-
+
+dn: CN=User-Change-Password,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: modify
+add: appliesTo
+appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64
+-
+
+dn: CN=User-Force-Change-Password,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: modify
+add: appliesTo
+appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64
+-
+
+dn: CN=Validated-DNS-Host-Name,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: modify
+add: appliesTo
+appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64
+-
+
+dn: CN=Validated-SPN,CN=Extended-Rights,CN=Configuration,DC=X
+changetype: modify
+add: appliesTo
+appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64
+-
+
+#
+# systemFlags was also changed in schema 45 but not Samba.
+#
+dn: CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=X
+changetype: modify
+replace: systemFlags
+systemFlags: -1946157056
+-
+
diff --git a/source4/setup/aggregate_schema.ldif b/source4/setup/aggregate_schema.ldif
new file mode 100644
index 0000000..662f1ab
--- /dev/null
+++ b/source4/setup/aggregate_schema.ldif
@@ -0,0 +1,5 @@
+dn: CN=Aggregate,${SCHEMADN}
+objectClass: top
+objectClass: subSchema
+showInAdvancedViewOnly: FALSE
+systemFlags: 134217728
diff --git a/source4/setup/display-specifiers/DisplaySpecifiers-Win2k0.txt b/source4/setup/display-specifiers/DisplaySpecifiers-Win2k0.txt
new file mode 100644
index 0000000..567ebed
--- /dev/null
+++ b/source4/setup/display-specifiers/DisplaySpecifiers-Win2k0.txt
@@ -0,0 +1,23573 @@
+#
+#Intellectual Property Rights Notice for Open Specifications Documentation
+#
+#- Technical Documentation. Microsoft publishes Open Specifications documentation for protocols, file formats, languages, standards as well as overviews of the interaction among each of these technologies.
+#
+#- Copyrights. This documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you may make copies of it in order to develop implementations of the technologies described in the Open Specifications and may distribute portions of it in your implementations using these technologies or your documentation as necessary to properly document the implementation. You may also distribute in your implementation, with or without modification, any schema, IDL’s, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the Open Specifications.
+#
+#- No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation.
+#
+#- Patents. Microsoft has patents that may cover your implementations of the technologies described in the Open Specifications. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, a given Open Specification may be covered by Microsoft's Open Specification Promise (available here: http://www.microsoft.com/interop/osp) or the Community Promise (available here:  http://www.microsoft.com/interop/cp/default.mspx). If you would prefer a written license, or if the technologies described n the Open Specifications are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting iplg@microsoft.com.
+#
+#- Trademarks. The names of companies and products contained in this documentation may be covered by trademarks or similar intellectual property rights. This notice does not grant any licenses under those rights.
+#
+#- Reservation of Rights. All other rights are reserved, and this notice does not grant any rights other than specifically described above, whether by implication, estoppel, or otherwise.
+#
+#- Tools. The Open Specifications do not require the use of Microsoft programming tools or programming environments in order for you to develop an implementation. If you have access to Microsoft programming tools and environments you are free to take advantage of them. Certain Open Specifications are intended for use in conjunction with publicly available standard specifications and network programming art, and assumes that the reader either is familiar with the aforementioned material or has immediate access to it.
+#
+#- Preliminary Documentation. This Open Specification is preliminary documentation for this technology.  Since the documentation may change between this preliminary version and the final version, there are risks in relying on preliminary documentation. To the extent that you incur additional development obligations or any other costs as a result of relying on this preliminary documentation, you do so at your own risk.
+
+dn: CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+cn: DisplaySpecifiers
+instanceType: 4
+distinguishedName: CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: container
+name: DisplaySpecifiers
+showInAdvancedViewOnly: TRUE
+systemFlags: -2147483648
+
+dn: CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+instanceType: 4
+distinguishedName: CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: container
+showInAdvancedViewOnly: TRUE
+
+dn: CN=DS-UI-Default-Settings,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+cn: DS-UI-Default-Settings
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+instanceType: 4
+distinguishedName: CN=DS-UI-Default-Settings,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: dSUISettings
+name: DS-UI-Default-Settings
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorGroup-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Skupina IntelliMirror
+cn: IntellimirrorGroup-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorGroup-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorGroup-Display
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorSCP-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: U2x1xb5iYSBJbnRlbGxpTWlycm9y
+cn: IntellimirrorSCP-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorSCP-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorSCP-Display
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=user-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNhIHN0csOhbmt5IHYgc8OtdGkgV1dX
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsUMWZaWhsYcWhb3ZhY8OtIGptw6lubw==
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxQxZlpaGxhxaFvdmFjw60gcHJhY292bsOtIHN0YW5pY2U=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsWm9icmF6b3ZhbsOpIGptw6lubw==
+attributeDisplayNames:: dXJsLEFkcmVzYSBzdHLDoW5reSB2IHPDrXRpIFdXVyAoZGFsxaHDrSBhZHJlc3kp
+attributeDisplayNames:: dGl0bGUsTsOhemV2IGZ1bmtjZQ==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsxIzDrXNsbyBkw6Fsbm9waXN1IChkYWzFocOtIMSNw61zbGEp
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25uw60gxI3DrXNsbw==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxVbGljZQ==
+attributeDisplayNames:: c3QsT2tyZXM=
+attributeDisplayNames:: c24sUMWZw61qbWVuw60=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsUMWZaWhsYcWhb3ZhY8OtIGptw6lubyAocMWZZWQgV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLMSMw61zbG8gZMOhbG5vcGlzdQ==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE1lemluw6Fyb2Ruw60gxI3DrXNsbyBJU0RO
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQTyBCb3g=
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb8WhdG92bsOtIHNtxJtyb3ZhY8OtIMSNw61zbG8=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVW3DrXN0xJtuw60ga2FuY2Vsw6HFmWU=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxGdW5rY2U=
+attributeDisplayNames:: cGFnZXIsxIzDrXNsbyBvcGVyw6F0b3J1
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm7DrSDEjcOtc2xvIChkYWzFocOtIMSNw61zbGEp
+attributeDisplayNames:: b3RoZXJQYWdlcizEjMOtc2xvIG9wZXLDoXRvcnUgKGRhbMWhw60gxI3DrXNsYSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsxIzDrXNsbyBtb2JpbG7DrWhvIHRlbGVmb251IChkYWzFocOtIMSNw61zbGEp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVsZWt0cm9uaWNrw6EgYWRyZXNhIChkYWzFocOtIGFkcmVzeSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLFRlbGVmb25uw60gxI3DrXNsbyBJUCAoZGFsxaHDrSDEjcOtc2xhKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm7DrSDEjcOtc2xvIGRvbcWvIChkYWzFocOtIMSNw61zbGEp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsxIzDrXNsbyBmYXh1IChkYWzFocOtIMSNw61zbGEp
+attributeDisplayNames:: aW5mbyxQb3puw6Fta3k=
+attributeDisplayNames:: bW9iaWxlLMSMw61zbG8gbW9iaWxuw61obyB0ZWxlZm9udQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSwyLiBrxZllc3Ruw60gam3DqW5v
+attributeDisplayNames:: bWVtYmVyT2YsxIxsZW5zdHbDrSB2ZSBza3VwaW7DoWNo
+attributeDisplayNames:: bWFuYWdlcixOYWTFmcOtemVuw70=
+attributeDisplayNames:: bWFpbCxFbGVrdHJvbmlja8OhIGFkcmVzYQ==
+attributeDisplayNames:: bCxNxJtzdG8=
+attributeDisplayNames:: aXBQaG9uZSxUZWxlZm9ubsOtIMSNw61zbG8gSVA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTWV6aW7DoXJvZG7DrSDEjcOtc2xvIElTRE4gKGRhbMWhw60gxI3DrXNsYSk=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2nDoWx5
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNhIGRvbcWv
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25uw60gxI3DrXNsbyBkb23Frw==
+attributeDisplayNames:: aG9tZURyaXZlLERvbW92c2vDoSBqZWRub3RrYQ==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxEb21vdnNrw6Egc2xvxb5rYQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEvFmWVzdG7DrSBqbcOpbm8=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixHZW5lcmHEjW7DrSBwxZnDrXBvbmE=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG92w6kgxI3DrXNsbw==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJRCB6YW3Em3N0bmFuY2U=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXpl
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsSm3DqW5vIHBvZGxlIHByb3Rva29sIFg1MDA=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxQxZnDrW3DrSBwb2TFmcOtemVuw60=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPZGTEm2xlbsOt
+attributeDisplayNames:: Y29tcGFueSxTcG9sZcSNbm9zdA==
+attributeDisplayNames:: Y29tbWVudCxLb21lbnTDocWZ
+attributeDisplayNames:: Y28sU3TDoXQ=
+attributeDisplayNames:: Yyxaa3JhdGthIHN0w6F0dQ==
+attributeDisplayNames:: Y24sSm3DqW5v
+attributeDisplayNames:: YXNzaXN0YW50LEFzaXN0ZW50
+classDisplayName:: VcW+aXZhdGVs
+cn: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=user-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: user-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=group-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNhIHN0csOhbmt5IHYgc8OtdGkgV1dX
+attributeDisplayNames:: dXJsLEFkcmVzYSBzdHLDoW5reSB2IHPDrXRpIFdXVyAoZGFsxaHDrSBhZHJlc3kp
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTsOhemV2IHNrdXBpbnkgKHDFmWVkIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVW3DrXN0xJtuw60ga2FuY2Vsw6HFmWU=
+attributeDisplayNames:: aW5mbyxQb3puw6Fta3k=
+attributeDisplayNames:: bWVtYmVyLMSMbGVub3bDqQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LFNwcsOhdmNlIG9iamVrdHU=
+attributeDisplayNames:: bCxNxJtzdG8=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsSm3DqW5vIHBvZGxlIHByb3Rva29sIFg1MDA=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Yyxaa3JhdGthIHN0w6F0dQ==
+attributeDisplayNames:: Y24sSm3DqW5v
+classDisplayName: Skupina
+cn: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=group-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: group-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+classDisplayName:: RG9tw6luYQ==
+cn: domainDNS-Display
+instanceType: 4
+distinguishedName: CN=domainDNS-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainDNS-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=contact-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNhIHN0csOhbmt5IHYgc8OtdGkgV1dX
+attributeDisplayNames:: dXJsLEFkcmVzYSBzdHLDoW5reSB2IHPDrXRpIFdXVyAoZGFsxaHDrSBhZHJlc3kp
+attributeDisplayNames:: dGl0bGUsTsOhemV2IGZ1bmtjZQ==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsxIzDrXNsbyBkw6Fsbm9waXN1IChkYWzFocOtIMSNw61zbGEp
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25uw60gxI3DrXNsbw==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxVbGljZQ==
+attributeDisplayNames:: c3QsT2tyZXM=
+attributeDisplayNames:: c24sUMWZw61qbWVuw60=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLMSMw61zbG8gZMOhbG5vcGlzdQ==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE1lemluw6Fyb2Ruw60gxI3DrXNsbyBJU0RO
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQTyBCb3g=
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb8WhdG92bsOtIHNtxJtyb3ZhY8OtIMSNw61zbG8=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVW3DrXN0xJtuw60ga2FuY2Vsw6HFmWU=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxGdW5rY2U=
+attributeDisplayNames:: cGFnZXIsxIzDrXNsbyBvcGVyw6F0b3J1
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm7DrSDEjcOtc2xvIChkYWzFocOtIMSNw61zbGEp
+attributeDisplayNames:: b3RoZXJQYWdlcizEjMOtc2xvIG9wZXLDoXRvcnUgKGRhbMWhw60gxI3DrXNsYSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsxIzDrXNsbyBtb2JpbG7DrWhvIHRlbGVmb251IChkYWzFocOtIMSNw61zbGEp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVsZWt0cm9uaWNrw6EgYWRyZXNhIChkYWzFocOtIGFkcmVzeSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLFRlbGVmb25uw60gxI3DrXNsbyBJUCAoZGFsxaHDrSDEjcOtc2xhKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm7DrSDEjcOtc2xvIGRvbcWvIChkYWzFocOtIMSNw61zbGEp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsxIzDrXNsbyBmYXh1IChkYWzFocOtIMSNw61zbGEp
+attributeDisplayNames:: bW9iaWxlLMSMw61zbG8gbW9iaWxuw61obyB0ZWxlZm9udQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSwyLiBrxZllc3Ruw60gam3DqW5v
+attributeDisplayNames:: bWVtYmVyT2YsxIxsZW5zdHbDrSB2ZSBza3VwaW7DoWNo
+attributeDisplayNames:: bWFuYWdlcixOYWTFmcOtemVuw70=
+attributeDisplayNames:: bWFpbCxFbGVrdHJvbmlja8OhIGFkcmVzYQ==
+attributeDisplayNames:: bCxNxJtzdG8=
+attributeDisplayNames:: aXBQaG9uZSxUZWxlZm9ubsOtIMSNw61zbG8gSVA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTWV6aW7DoXJvZG7DrSDEjcOtc2xvIElTRE4gKGRhbMWhw60gxI3DrXNsYSk=
+attributeDisplayNames:: aW5mbyxQb3puw6Fta3k=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2nDoWx5
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNhIGRvbcWv
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25uw60gxI3DrXNsbyBkb23Frw==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEvFmWVzdG7DrSBqbcOpbm8=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixHZW5lcmHEjW7DrSBwxZnDrXBvbmE=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG92w6kgxI3DrXNsbw==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJRCB6YW3Em3N0bmFuY2U=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXpl
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsSm3DqW5vIHBvZGxlIHByb3Rva29sIFg1MDA=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsWm9icmF6b3ZhbsOpIGptw6lubw==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxQxZnDrW3DrSBwb2TFmcOtemVuw60=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPZGTEm2xlbsOt
+attributeDisplayNames:: Y29tcGFueSxTcG9sZcSNbm9zdA==
+attributeDisplayNames:: Y29tbWVudCxLb21lbnTDocWZ
+attributeDisplayNames:: Y24sSm3DqW5v
+attributeDisplayNames:: Y28sU3TDoXQ=
+attributeDisplayNames:: Yyxaa3JhdGthIHN0w6F0dQ==
+attributeDisplayNames:: YXNzaXN0YW50LEFzaXN0ZW50
+classDisplayName: Kontakt
+cn: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=contact-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: contact-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=domainPolicy-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: WsOhc2FkeSBkb23DqW55
+cn: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=domainPolicy-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=localPolicy-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: TcOtc3Ruw60gesOhc2FkeQ==
+cn: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=localPolicy-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: localPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serviceAdministrationPoint-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U2x1xb5iYQ==
+cn: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serviceAdministrationPoint-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=computer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTsOhemV2IHBvxI3DrXRhxI1lIChwxZllZCBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixWZXJ6ZSBvcGVyYcSNbsOtaG8gc3lzdMOpbXU=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLE9wZXJhxI1uw60gc3lzdMOpbQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LFNwcsOhdmNlIG9iamVrdHU=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+classDisplayName:: UG/EjcOtdGHEjQ==
+cn: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+instanceType: 4
+distinguishedName: CN=computer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: computer-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=printQueue-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixWZXJ6ZSBvYmpla3R1
+attributeDisplayNames:: dXJsLEFkcmVzYSBzdHLDoW5reSB2IHPDrXRpIFdXVw==
+attributeDisplayNames:: c2VydmVyTmFtZSxOw6F6ZXYgc2VydmVydQ==
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxQb2Rwb3JhIHNlxaHDrXbDoW7DrQ==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTsOhemV2IHNkw61sZW7DqSBwb2xvxb5reQ==
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxTdHJhbnkgemEgbWludXR1
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxKZWRub3RreSByeWNobG9zdGk=
+attributeDisplayNames:: cHJpbnRSYXRlLFJ5Y2hsb3N0
+attributeDisplayNames:: cHJpbnRPd25lcixKbcOpbm8gdmxhc3Ruw61rYQ==
+attributeDisplayNames:: cHJpbnRNZW1vcnksTmFpbnN0YWxvdmFuw6EgcGFtxJvFpQ==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxQb2Rwb3JvdmFuw6kgdHlweSBwYXDDrXJ1
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFBhcMOtciBrIGRpc3BvemljaQ==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLE1heGltw6FsbsOtIHJvemxpxaFlbsOt
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxKYXp5ayB0aXNrw6Fybnk=
+attributeDisplayNames:: cHJpbnRlck5hbWUsSm3DqW5v
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsUG9kcG9yYSBvYm91c3RyYW5uw6lobyB0aXNrdQ==
+attributeDisplayNames:: cHJpbnRDb2xvcixQb2Rwb3JhIGJhcmV2bsOpaG8gdGlza3U=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFBvZHBvcmEga29tcGxldG92w6Fuw60ga29wacOt
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxWc3R1cG7DrSB6w6Fzb2Juw61reQ==
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydA==
+attributeDisplayNames:: bG9jYXRpb24sVW3DrXN0xJtuw60=
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS29tZW50w6HFmQ==
+attributeDisplayNames:: Y29udGFjdE5hbWUsS29udGFrdA==
+attributeDisplayNames:: YXNzZXROdW1iZXIsSW52ZW50w6FybsOtIMSNw61zbG8=
+attributeDisplayNames:: dU5DTmFtZSxOw6F6ZXYgc8OtdMSb
+attributeDisplayNames:: Y24sTsOhemV2IGFkcmVzw6HFmW92w6kgc2x1xb5ieQ==
+classDisplayName:: VGlza8Ohcm5h
+cn: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=printQueue-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: printQueue-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=site-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: U8OtxaU=
+cn: site-Display
+instanceType: 4
+distinguishedName: CN=site-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: site-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=server-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+cn: server-Display
+instanceType: 4
+distinguishedName: CN=server-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: server-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: TmFzdGF2ZW7DrQ==
+cn: nTDSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSDSA-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: TmFzdGF2ZW7DrSDFmWFkacSNZSBkb23DqW55
+cn: nTDSDSA-Display
+instanceType: 4
+distinguishedName: CN=nTDSDSA-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSDSA-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSConnection-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: UMWZaXBvamVuw60=
+cn: nTDSConnection-Display
+instanceType: 4
+distinguishedName: CN=nTDSConnection-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSConnection-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: TmFzdGF2ZW7DrSBzbHXFvmJ5IEZSUw==
+cn: nTFRSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSReplicaSet-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: U2FkYSByZXBsaWsgc2x1xb5ieSBGUlM=
+cn: nTFRSReplicaSet-Display
+instanceType: 4
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSReplicaSet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnet-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: UG9kc8OtxaU=
+cn: subnet-Display
+instanceType: 4
+distinguishedName: CN=subnet-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLink-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UHJvcG9qZW7DrSBzw610xJs=
+cn: siteLink-Display
+instanceType: 4
+distinguishedName: CN=siteLink-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLinkBridge-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: TW9zdCBwcm8gcHJvcG9qZW7DrSBzw610xJs=
+cn: siteLinkBridge-Display
+instanceType: 4
+distinguishedName: CN=siteLinkBridge-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLinkBridge-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransport-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: UMWZZW5vcyBtZXppIHPDrXTEm21p
+cn: interSiteTransport-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransport-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransport-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=licensingSiteSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: TmFzdGF2ZW7DrSBsaWNlbmNvdsOhbsOtIHPDrXTEmw==
+cn: licensingSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=licensingSiteSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: licensingSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSiteSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: TmFzdGF2ZW7DrSBzw610xJs=
+cn: nTDSSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSiteSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSMember-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: xIxsZW4gc2x1xb5ieSBGUlM=
+cn: nTFRSMember-Display
+instanceType: 4
+distinguishedName: CN=nTFRSMember-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSMember-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriber-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: T2RixJtyYXRlbCBzbHXFvmJ5IEZSUw==
+cn: nTFRSSubscriber-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriber-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriber-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriptions-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: T2RixJtyeSBzbHXFvmJ5IEZSUw==
+cn: nTFRSSubscriptions-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriptions-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=organizationalUnit-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames:: bWFuYWdlZEJ5LFNwcsOhdmNlIG9iamVrdHU=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: b3UsSm3DqW5v
+classDisplayName:: T3JnYW5pemHEjW7DrSDDunR2YXI=
+cn: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=organizationalUnit-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: organizationalUnit-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=container-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+classDisplayName: Kontejner
+cn: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=container-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: container-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=rpcContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+classDisplayName:: U2x1xb5iYSBSUEM=
+cn: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=rpcContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: rpcContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=trustedDomain-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+classDisplayName:: RMWvdsSbcnlob2Ruw6EgZG9tw6luYQ==
+cn: trustedDomain-Display
+instanceType: 4
+distinguishedName: CN=trustedDomain-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: trustedDomain-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=volume-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dU5DTmFtZSxTw63FpW92w6EgY2VzdGE=
+attributeDisplayNames:: a2V5d29yZHMsS2zDrcSNb3bDoSBzbG92YQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LFNwcsOhdmNlIG9iamVrdHU=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+classDisplayName:: U2TDrWxlbsOhIHNsb8W+a2E=
+cn: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=volume-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: volume-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQQueue-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: Fronta MSMQ
+cn: mSMQQueue-Display
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+iconPath: 0,mqsnap.dll,-251
+instanceType: 4
+distinguishedName: CN=mSMQQueue-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQQueue-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: Konfigurace fronty MSMQ
+cn: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+instanceType: 4
+distinguishedName: CN=mSMQConfiguration-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQConfiguration-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: Um96bGVobMOhIHPDrcWlIGZyb250eSBNU01R
+cn: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+instanceType: 4
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQEnterpriseSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQMigratedUser-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: SW5vdm92YW7DvSB1xb5pdmF0ZWwgZnJvbnR5IE1TTVE=
+cn: mSMQMigratedUser-Display
+instanceType: 4
+distinguishedName: CN=mSMQMigratedUser-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQMigratedUser-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSiteLink-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: UHJvcG9qZW7DrSBzbcSbcm92w6Fuw60gZnJvbnR5IE1TTVE=
+cn: mSMQSiteLink-Display
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+iconPath: 0,mqsnap.dll,-254
+instanceType: 4
+distinguishedName: CN=mSMQSiteLink-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSiteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TmFzdGF2ZW7DrSBmcm9udHkgTVNNUQ==
+cn: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+instanceType: 4
+distinguishedName: CN=mSMQSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=remoteStorageServicePoint-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,&Spravovat...,RsAdmin.msc
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: Y24sSm3DqW5v
+classDisplayName:: U2x1xb5iYSB2emTDoWxlbsOpIHBhbcSbdGk=
+cn: remoteStorageServicePoint-Display
+instanceType: 4
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: remoteStorageServicePoint-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+cn: default-Display
+instanceType: 4
+distinguishedName: CN=default-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: default-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=sitesContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: S29udGVqbmVyIHPDrXTDrQ==
+cn: sitesContainer-Display
+instanceType: 4
+distinguishedName: CN=sitesContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: sitesContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransportContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: S29udGVqbmVyIG1lemlzw63FpW92w71jaCBwxZllbm9zxa8=
+cn: interSiteTransportContainer-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransportContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransportContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnetContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: S29udGVqbmVyIHBvZHPDrXTDrQ==
+cn: subnetContainer-Display
+instanceType: 4
+distinguishedName: CN=subnetContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnetContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serversContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: S29udGVqbmVyIHNlcnZlcsWv
+cn: serversContainer-Display
+instanceType: 4
+distinguishedName: CN=serversContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serversContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSService-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2x1xb5iYSBBY3RpdmUgRGlyZWN0b3J5
+cn: nTDSService-Display
+instanceType: 4
+distinguishedName: CN=nTDSService-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSService-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=queryPolicy-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: WsOhc2FkeSBkb3Rhem92w6Fuw60=
+cn: queryPolicy-Display
+instanceType: 4
+distinguishedName: CN=queryPolicy-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: queryPolicy-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=foreignSecurityPrincipal-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+classDisplayName:: Q2l6w60gZMWvdsSbcnlob2Ruw70gb2JqZWt0
+cn: foreignSecurityPrincipal-Display
+instanceType: 4
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: foreignSecurityPrincipal-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=pKICertificateTemplate-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+classDisplayName:: xaBhYmxvbmEgY2VydGlmaWvDoXR1
+cn: pKICertificateTemplate-Display
+contextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+iconPath: 0,capesnpn.dll,-227
+instanceType: 4
+distinguishedName: CN=pKICertificateTemplate-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: pKICertificateTemplate-Display
+shellPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+instanceType: 4
+distinguishedName: CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: container
+showInAdvancedViewOnly: TRUE
+
+dn: CN=DS-UI-Default-Settings,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+cn: DS-UI-Default-Settings
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+instanceType: 4
+distinguishedName: CN=DS-UI-Default-Settings,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: dSUISettings
+name: DS-UI-Default-Settings
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorGroup-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror-grupp
+cn: IntellimirrorGroup-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorGroup-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorGroup-Display
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorSCP-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvci10asOkbnN0
+cn: IntellimirrorSCP-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorSCP-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorSCP-Display
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=user-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViYnNpZGVzYWRyZXNz
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsSW5sb2dnbmluZ3NuYW1u
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxJbmxvZ2duaW5nc2FyYmV0c3N0YXRpb25lcg==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzbmluZ3NuYW1u
+attributeDisplayNames:: dXJsLFdlYmJzaWRlc2FkcmVzcyAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: dGl0bGUsQmVmYXR0bmluZw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXgtbnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxHYXR1YWRyZXNz
+attributeDisplayNames:: c3QsUmVnaW9u
+attributeDisplayNames:: c24sRWZ0ZXJuYW1u
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsSW5sb2dnbmluZ3NuYW1uIChmw7ZyZSBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4LW51bW1lcg==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLElTRE4tbnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxCb3g=
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQXJiZXRzcGxhdHM=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRlbA==
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O2a2FybnVtbWVy
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm51bW1lciAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7ZrYXJudW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtcG9zdGFkcmVzcyAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgaGVtIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: aW5mbyxLb21tZW50YXJlcg==
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsYW5uYW1u
+attributeDisplayNames:: bWVtYmVyT2YsR3J1cHBtZWRsZW1za2Fw
+attributeDisplayNames:: bWFuYWdlcixDaGVm
+attributeDisplayNames:: bWFpbCxFLXBvc3RhZHJlc3M=
+attributeDisplayNames:: bCxPcnQ=
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSVNETi1udW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzLCBoZW0=
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24sIGhlbQ==
+attributeDisplayNames:: aG9tZURyaXZlLEFyYmV0c2VuaGV0
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxBcmJldHNtYXBw
+attributeDisplayNames:: Z2l2ZW5OYW1lLEbDtnJuYW1u
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYW1uc3VmZml4
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnN0w6RsbG5pbmdzLUlE
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb24=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCB1bmlrdCBuYW1u
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxVbmRlcnN0w6RsbGRh
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3Jpdm5pbmc=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBdmRlbG5pbmc=
+attributeDisplayNames:: Y29tcGFueSxPcmdhbmlzYXRpb24=
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kc2bDtnJrb3J0bmluZw==
+attributeDisplayNames:: Y24sTmFtbg==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+classDisplayName:: QW52w6RuZGFyZQ==
+cn: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=user-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: user-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=group-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViYnNpZGVzYWRyZXNz
+attributeDisplayNames:: dXJsLFdlYmJzaWRlc2FkcmVzcyAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsR3J1cHBuYW1uIChmw7ZyZSBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQXJiZXRzcGxhdHM=
+attributeDisplayNames:: aW5mbyxLb21tZW50YXJlcg==
+attributeDisplayNames:: bWVtYmVyLE1lZGxlbW1hcg==
+attributeDisplayNames:: bWFuYWdlZEJ5LEhhbnRlcmFkIGF2
+attributeDisplayNames:: bCxPcnQ=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCB1bmlrdCBuYW1u
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3Jpdm5pbmc=
+attributeDisplayNames:: YyxMYW5kc2bDtnJrb3J0bmluZw==
+attributeDisplayNames:: Y24sTmFtbg==
+classDisplayName: Grupp
+cn: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=group-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: group-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+classDisplayName:: RG9tw6Ru
+cn: domainDNS-Display
+instanceType: 4
+distinguishedName: CN=domainDNS-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainDNS-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=contact-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViYnNpZGVzYWRyZXNz
+attributeDisplayNames:: dXJsLFdlYmJzaWRlc2FkcmVzcyAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: dGl0bGUsQmVmYXR0bmluZw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXgtbnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxHYXR1YWRyZXNz
+attributeDisplayNames:: c3QsUmVnaW9u
+attributeDisplayNames:: c24sRWZ0ZXJuYW1u
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4LW51bW1lcg==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLElTRE4tbnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxCb3g=
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQXJiZXRzcGxhdHM=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRlbA==
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O2a2FybnVtbWVy
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm51bW1lciAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7ZrYXJudW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtcG9zdGFkcmVzcyAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgaGVtIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsYW5uYW1u
+attributeDisplayNames:: bWVtYmVyT2YsR3J1cHBtZWRsZW1za2Fw
+attributeDisplayNames:: bWFuYWdlcixDaGVm
+attributeDisplayNames:: bWFpbCxFLXBvc3RhZHJlc3M=
+attributeDisplayNames:: bCxPcnQ=
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSVNETi1udW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: aW5mbyxLb21tZW50YXJlcg==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzLCBoZW0=
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24sIGhlbQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEbDtnJuYW1u
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYW1uc3VmZml4
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnN0w6RsbG5pbmdzLUlE
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb24=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCB1bmlrdCBuYW1u
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzbmluZ3NuYW1u
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxVbmRlcnN0w6RsbGRh
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3Jpdm5pbmc=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBdmRlbG5pbmc=
+attributeDisplayNames:: Y29tcGFueSxPcmdhbmlzYXRpb24=
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y24sTmFtbg==
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kc2bDtnJrb3J0bmluZw==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+classDisplayName: Kontakt
+cn: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=contact-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: contact-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=domainPolicy-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: RG9tw6RucHJpbmNpcA==
+cn: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=domainPolicy-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=localPolicy-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Lokal princip
+cn: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=localPolicy-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: localPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serviceAdministrationPoint-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VGrDpG5zdA==
+cn: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serviceAdministrationPoint-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=computer-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsRGF0b3JuYW1uIChmw7ZyZSBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixPcGVyYXRpdnN5c3RlbXZlcnNpb24=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLE9wZXJhdGl2c3lzdGVt
+attributeDisplayNames:: bWFuYWdlZEJ5LEhhbnRlcmFkIGF2
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3Jpdm5pbmc=
+attributeDisplayNames:: Y24sTmFtbg==
+classDisplayName: Dator
+cn: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+instanceType: 4
+distinguishedName: CN=computer-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: computer-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=printQueue-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixPYmpla3R2ZXJzaW9u
+attributeDisplayNames:: dXJsLFdlYmJzaWRlc2FkcmVzcw==
+attributeDisplayNames:: c2VydmVyTmFtZSxTZXJ2ZXJuYW1u
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxTdMO2ZGVyIGjDpGZ0bmluZw==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsUmVzdXJzbmFtbg==
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxTaWRvciBwZXIgbWludXQ=
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxFbmhldGVyIGbDtnIgaGFzdGlnaGV0
+attributeDisplayNames:: cHJpbnRSYXRlLEhhc3RpZ2hldA==
+attributeDisplayNames:: cHJpbnRPd25lcixOYW1uIHDDpSDDpGdhcmU=
+attributeDisplayNames:: cHJpbnRNZW1vcnksSW5zdGFsbGVyYXQgbWlubmU=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxQYXBwZXJzdHlwZXIgc29tIHN0w7Zkcw==
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFRpbGxnw6RuZ2xpZ2EgcGFwcGVy
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLE1heGltYWwgdXBwbMO2c25pbmc=
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxTa3JpdmFyc3Byw6Vr
+attributeDisplayNames:: cHJpbnRlck5hbWUsTmFtbg==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsU3TDtmRlciBkdWJiZWxzaWRpZyB1dHNrcmlmdA==
+attributeDisplayNames:: cHJpbnRDb2xvcixTdMO2ZGVyIGbDpHJndXRza3JpZnQ=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFN0w7ZkZXIgc29ydGVyaW5n
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxJbm1hdG5pbmdzZmFjaw==
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydA==
+attributeDisplayNames:: bG9jYXRpb24sU2tyaXZhcmVucyBwbGF0cw==
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbGw=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS29tbWVudGFy
+attributeDisplayNames:: Y29udGFjdE5hbWUsS29udGFrdA==
+attributeDisplayNames:: YXNzZXROdW1iZXIsSW52ZW50YXJpZW51bW1lcg==
+attributeDisplayNames:: dU5DTmFtZSxOw6R0dmVya3NuYW1u
+attributeDisplayNames:: Y24sS2F0YWxvZ3Rqw6Ruc3RuYW1u
+classDisplayName: Skrivare
+cn: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=printQueue-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: printQueue-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=site-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Plats
+cn: site-Display
+instanceType: 4
+distinguishedName: CN=site-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: site-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=server-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+cn: server-Display
+instanceType: 4
+distinguishedName: CN=server-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: server-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSettings-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: SW5zdMOkbGxuaW5nYXI=
+cn: nTDSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSettings-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSDSA-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: SW5zdMOkbGxuaW5nYXIgZsO2ciBkb23DpG5rb250cm9sbGFudA==
+cn: nTDSDSA-Display
+instanceType: 4
+distinguishedName: CN=nTDSDSA-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSDSA-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSConnection-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Anslutning
+cn: nTDSConnection-Display
+instanceType: 4
+distinguishedName: CN=nTDSConnection-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSConnection-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSettings-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTLWluc3TDpGxsbmluZ2Fy
+cn: nTFRSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSettings-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSReplicaSet-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTLXJlcGxpa3VwcHPDpHR0bmluZw==
+cn: nTFRSReplicaSet-Display
+instanceType: 4
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSReplicaSet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnet-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: VW5kZXJuw6R0
+cn: subnet-Display
+instanceType: 4
+distinguishedName: CN=subnet-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLink-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UGxhdHNsw6Ruaw==
+cn: siteLink-Display
+instanceType: 4
+distinguishedName: CN=siteLink-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLinkBridge-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UGxhdHNsw6Rua2JyeWdnYQ==
+cn: siteLinkBridge-Display
+instanceType: 4
+distinguishedName: CN=siteLinkBridge-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLinkBridge-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransport-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Transport mellan platser
+cn: interSiteTransport-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransport-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransport-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=licensingSiteSettings-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: UGxhdHNpbnN0w6RsbG5pbmdhciBmw7ZyIGxpY2Vuc2llcmluZw==
+cn: licensingSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=licensingSiteSettings-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: licensingSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSiteSettings-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: UGxhdHNpbnN0w6RsbG5pbmdhcg==
+cn: nTDSSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSiteSettings-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSMember-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-medlem
+cn: nTFRSMember-Display
+instanceType: 4
+distinguishedName: CN=nTFRSMember-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSMember-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriber-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-prenumerant
+cn: nTFRSSubscriber-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriber-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriber-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriptions-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-prenumerationer
+cn: nTFRSSubscriptions-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriptions-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=organizationalUnit-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames: managedBy,Hanterad av
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: ou,Namn
+classDisplayName: Organisationsenhet
+cn: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=organizationalUnit-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: organizationalUnit-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=container-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+classDisplayName:: QmVow6VsbGFyZQ==
+cn: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=container-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: container-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=rpcContainer-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+classDisplayName:: UlBDLXRqw6Ruc3Rlcg==
+cn: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=rpcContainer-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: rpcContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=trustedDomain-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+classDisplayName:: QmV0cm9kZCBkb23DpG4=
+cn: trustedDomain-Display
+instanceType: 4
+distinguishedName: CN=trustedDomain-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: trustedDomain-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=volume-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dU5DTmFtZSxOw6R0dmVya3Nzw7ZrdsOkZw==
+attributeDisplayNames:: a2V5d29yZHMsTnlja2Vsb3Jk
+attributeDisplayNames:: bWFuYWdlZEJ5LEhhbnRlcmFkIGF2
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3Jpdm5pbmc=
+attributeDisplayNames:: Y24sTmFtbg==
+classDisplayName: Delad mapp
+cn: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=volume-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: volume-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQQueue-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUS1rw7Y=
+cn: mSMQQueue-Display
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+iconPath: 0,mqsnap.dll,-251
+instanceType: 4
+distinguishedName: CN=mSMQQueue-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQQueue-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-konfiguration
+cn: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+instanceType: 4
+distinguishedName: CN=mSMQConfiguration-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQConfiguration-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUS1mw7ZyZXRhZw==
+cn: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+instanceType: 4
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQEnterpriseSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQMigratedUser-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUS11cHBncmFkZXJhZCBhbnbDpG5kYXJl
+cn: mSMQMigratedUser-Display
+instanceType: 4
+distinguishedName: CN=mSMQMigratedUser-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQMigratedUser-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSiteLink-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUS1yb3V0bmluZ2zDpG5r
+cn: mSMQSiteLink-Display
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+iconPath: 0,mqsnap.dll,-254
+instanceType: 4
+distinguishedName: CN=mSMQSiteLink-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSiteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSettings-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUS1pbnN0w6RsbG5pbmdhcg==
+cn: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+instanceType: 4
+distinguishedName: CN=mSMQSettings-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=remoteStorageServicePoint-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,&Hantera...,RsAdmin.msc
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames: cn,Namn
+classDisplayName:: VGrDpG5zdGVuIFJlbW90ZSBTdG9yYWdl
+cn: remoteStorageServicePoint-Display
+instanceType: 4
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: remoteStorageServicePoint-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+cn: default-Display
+instanceType: 4
+distinguishedName: CN=default-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: default-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=sitesContainer-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVow6VsbGFyZSBmw7ZyIHBsYXRzZXI=
+cn: sitesContainer-Display
+instanceType: 4
+distinguishedName: CN=sitesContainer-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: sitesContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransportContainer-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVow6VsbGFyZSBmw7ZyIHRyYW5zcG9ydGVyIG1lbGxhbiBwbGF0c2Vy
+cn: interSiteTransportContainer-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransportContainer-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransportContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnetContainer-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVow6VsbGFyZSBmw7ZyIHVuZGVybsOkdA==
+cn: subnetContainer-Display
+instanceType: 4
+distinguishedName: CN=subnetContainer-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnetContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serversContainer-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVow6VsbGFyZSBmw7ZyIHNlcnZyYXI=
+cn: serversContainer-Display
+instanceType: 4
+distinguishedName: CN=serversContainer-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serversContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSService-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeS10asOkbnN0
+cn: nTDSService-Display
+instanceType: 4
+distinguishedName: CN=nTDSService-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSService-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=queryPolicy-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: RnLDpWdlcHJpbmNpcA==
+cn: queryPolicy-Display
+instanceType: 4
+distinguishedName: CN=queryPolicy-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: queryPolicy-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=foreignSecurityPrincipal-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+classDisplayName:: RXh0ZXJudCBzw6RrZXJoZXRzb2JqZWt0
+cn: foreignSecurityPrincipal-Display
+instanceType: 4
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: foreignSecurityPrincipal-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=pKICertificateTemplate-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+classDisplayName: Certifikatmall
+cn: pKICertificateTemplate-Display
+contextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+iconPath: 0,capesnpn.dll,-227
+instanceType: 4
+distinguishedName: CN=pKICertificateTemplate-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: pKICertificateTemplate-Display
+shellPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+instanceType: 4
+distinguishedName: CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: container
+showInAdvancedViewOnly: TRUE
+
+dn: CN=DS-UI-Default-Settings,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+cn: DS-UI-Default-Settings
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+instanceType: 4
+distinguishedName: CN=DS-UI-Default-Settings,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: dSUISettings
+name: DS-UI-Default-Settings
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorGroup-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror-groep
+cn: IntellimirrorGroup-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorGroup-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorGroup-Display
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorSCP-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror-service
+cn: IntellimirrorSCP-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorSCP-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorSCP-Display
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=user-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXMgdmFuIHdlYnBhZ2luYQ==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsQWFubWVsZGluZ3NuYWFt
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxBYW5tZWxkaW5nc3dlcmtzdGF0aW9ucw==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsV2VlcmdhdmVuYWFt
+attributeDisplayNames:: dXJsLEFkcmVzIHZhbiB3ZWJwYWdpbmEgKG92ZXJpZyk=
+attributeDisplayNames:: dGl0bGUsRnVuY3RpZSA=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhudW1tZXIgKG92ZXJpZyk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb29ubnVtbWVy
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlcw==
+attributeDisplayNames:: c3QsUHJvdmluY2ll
+attributeDisplayNames:: c24sQWNodGVybmFhbQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsQWFubWVsZGluZ3NuYWFtIChwcsOpLVdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4bnVtbWVy
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGVybmF0aW9uYWFsIElTRE4tbnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0YnVz
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0Y29kZQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS2FudG9vcmxvY2F0aWU=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxGdW5jdGll
+attributeDisplayNames:: cGFnZXIsTnVtbWVyIHZhbiBwYWdlcg==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvb25udW1tZXIgemFrZWxpamsgKG92ZXJpZyk=
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW1tZXIgdmFuIHBpZXBlciAob3ZlcmlnKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtbWVyIHZhbiBtb2JpZWxlIHRlbGVmb29uIChvdmVyaWcp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtbWFpbGFkcmVzIChvdmVyaWcp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb29ubnVtbWVyIChvdmVyaWcp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvb25udW1tZXIgcHJpdsOpIChvdmVyaWcp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChvdmVyaWcp
+attributeDisplayNames:: aW5mbyxPcG1lcmtpbmdlbg==
+attributeDisplayNames:: bW9iaWxlLE51bW1lciB2YW4gbW9iaWVsZSB0ZWxlZm9vbg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxUd2VlZGUgdm9vcm5hYW0=
+attributeDisplayNames:: bWVtYmVyT2YsR3JvZXBzbGlkbWFhdHNjaGFw
+attributeDisplayNames:: bWFuYWdlcixNYW5hZ2Vy
+attributeDisplayNames:: bWFpbCxFLW1haWxhZHJlcw==
+attributeDisplayNames:: bCxXb29ucGxhYXRz
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9vbm51bW1lcg==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50ZXJuYXRpb25hYWwgSVNETi1udW1tZXIgKG92ZXJpZyk=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVu
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXMgKHByaXbDqSk=
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb29ubnVtbWVyIChwcml2w6kp
+attributeDisplayNames:: aG9tZURyaXZlLEJhc2lzc3RhdGlvbg==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxCYXNpc21hcA==
+attributeDisplayNames:: Z2l2ZW5OYW1lLFZvb3JuYWFt
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYWFtYWNodGVydm9lZ3NlbA==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxXZXJrbmVtZXItSUQ=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpZQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsRGlzdGluZ3Vpc2hlZCBuYW1lIChYNTAwKQ==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEaXJlY3RlIG9uZGVyZ2VzY2hpa3Rlbg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVzY2hyaWp2aW5n
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBZmRlbGluZw==
+attributeDisplayNames:: Y29tcGFueSxCZWRyaWpm
+attributeDisplayNames:: Y29tbWVudCxPcG1lcmtpbmc=
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kIChhZmtvcnRpbmcp
+attributeDisplayNames:: Y24sTmFhbQ==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+classDisplayName: Gebruiker
+cn: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=user-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: user-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=group-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXMgdmFuIHdlYnBhZ2luYQ==
+attributeDisplayNames:: dXJsLEFkcmVzIHZhbiB3ZWJwYWdpbmEgKG92ZXJpZyk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsR3JvZXBzbmFhbSAocHLDqS1XaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS2FudG9vcmxvY2F0aWU=
+attributeDisplayNames:: aW5mbyxPcG1lcmtpbmdlbg==
+attributeDisplayNames:: bWVtYmVyLExlZGVu
+attributeDisplayNames:: bWFuYWdlZEJ5LEJlaGVlcmQgZG9vcg==
+attributeDisplayNames:: bCxXb29ucGxhYXRz
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsRGlzdGluZ3Vpc2hlZCBuYW1lIChYNTAwKQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVzY2hyaWp2aW5n
+attributeDisplayNames:: YyxMYW5kIChhZmtvcnRpbmcp
+attributeDisplayNames:: Y24sTmFhbQ==
+classDisplayName: Groep
+cn: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=group-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: group-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+classDisplayName: Domein
+cn: domainDNS-Display
+instanceType: 4
+distinguishedName: CN=domainDNS-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainDNS-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=contact-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXMgdmFuIHdlYnBhZ2luYQ==
+attributeDisplayNames:: dXJsLEFkcmVzIHZhbiB3ZWJwYWdpbmEgKG92ZXJpZyk=
+attributeDisplayNames:: dGl0bGUsRnVuY3RpZSA=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhudW1tZXIgKG92ZXJpZyk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb29ubnVtbWVy
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlcw==
+attributeDisplayNames:: c3QsUHJvdmluY2ll
+attributeDisplayNames:: c24sQWNodGVybmFhbQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4bnVtbWVy
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGVybmF0aW9uYWFsIElTRE4tbnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0YnVz
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0Y29kZQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS2FudG9vcmxvY2F0aWU=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxGdW5jdGll
+attributeDisplayNames:: cGFnZXIsTnVtbWVyIHZhbiBwYWdlcg==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvb25udW1tZXIgemFrZWxpamsgKG92ZXJpZyk=
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW1tZXIgdmFuIHBpZXBlciAob3ZlcmlnKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtbWVyIHZhbiBtb2JpZWxlIHRlbGVmb29uIChvdmVyaWcp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtbWFpbGFkcmVzIChvdmVyaWcp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb29ubnVtbWVyIChvdmVyaWcp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvb25udW1tZXIgcHJpdsOpIChvdmVyaWcp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChvdmVyaWcp
+attributeDisplayNames:: bW9iaWxlLE51bW1lciB2YW4gbW9iaWVsZSB0ZWxlZm9vbg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxUd2VlZGUgdm9vcm5hYW0=
+attributeDisplayNames:: bWVtYmVyT2YsR3JvZXBzbGlkbWFhdHNjaGFw
+attributeDisplayNames:: bWFuYWdlcixNYW5hZ2Vy
+attributeDisplayNames:: bWFpbCxFLW1haWxhZHJlcw==
+attributeDisplayNames:: bCxXb29ucGxhYXRz
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9vbm51bW1lcg==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50ZXJuYXRpb25hYWwgSVNETi1udW1tZXIgKG92ZXJpZyk=
+attributeDisplayNames:: aW5mbyxPcG1lcmtpbmdlbg==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVu
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXMgKHByaXbDqSk=
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb29ubnVtbWVyIChwcml2w6kp
+attributeDisplayNames:: Z2l2ZW5OYW1lLFZvb3JuYWFt
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYWFtYWNodGVydm9lZ3NlbA==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxXZXJrbmVtZXItSUQ=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpZQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsRGlzdGluZ3Vpc2hlZCBuYW1lIChYNTAwKQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsV2VlcmdhdmVuYWFt
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEaXJlY3RlIG9uZGVyZ2VzY2hpa3Rlbg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVzY2hyaWp2aW5n
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBZmRlbGluZw==
+attributeDisplayNames:: Y29tcGFueSxCZWRyaWpm
+attributeDisplayNames:: Y29tbWVudCxPcG1lcmtpbmc=
+attributeDisplayNames:: Y24sTmFhbQ==
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kIChhZmtvcnRpbmcp
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+classDisplayName: Contactpersoon
+cn: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=contact-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: contact-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=domainPolicy-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Domeinbeleid
+cn: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=domainPolicy-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=localPolicy-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Lokaal beleid
+cn: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=localPolicy-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: localPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serviceAdministrationPoint-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Service
+cn: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serviceAdministrationPoint-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=computer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsQ29tcHV0ZXJuYWFtIChwcsOpLVdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixWZXJzaWUgdmFuIGJlc3R1cmluZ3NzeXN0ZWVt
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLEJlc3R1cmluZ3NzeXN0ZWVt
+attributeDisplayNames:: bWFuYWdlZEJ5LEJlaGVlcmQgZG9vcg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVzY2hyaWp2aW5n
+attributeDisplayNames:: Y24sTmFhbQ==
+classDisplayName: Computer
+cn: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+instanceType: 4
+distinguishedName: CN=computer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: computer-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=printQueue-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixPYmplY3R2ZXJzaWU=
+attributeDisplayNames:: dXJsLEFkcmVzIHZhbiB3ZWJwYWdpbmE=
+attributeDisplayNames:: c2VydmVyTmFtZSxTZXJ2ZXJuYWFt
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxPbmRlcnN0ZXVuaW5nIHZvb3IgbmlldGVu
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsU2hhcmVuYWFt
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxQYWdpbmEncyBwZXIgbWludXV0
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxFZW5oZWlkIHZhbiBzbmVsaGVpZA==
+attributeDisplayNames:: cHJpbnRSYXRlLFNuZWxoZWlk
+attributeDisplayNames:: cHJpbnRPd25lcixOYWFtIHZhbiBlaWdlbmFhcg==
+attributeDisplayNames:: cHJpbnRNZW1vcnksR2XDr25zdGFsbGVlcmQgZ2VoZXVnZW4=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxPbmRlcnN0ZXVuZGUgcGFwaWVydHlwZW4=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LEJlc2NoaWtiYWFyIHBhcGllcg==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLE1heGltdW1yZXNvbHV0aWU=
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxQcmludGVydGFhbA==
+attributeDisplayNames:: cHJpbnRlck5hbWUsTmFhbQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsT25kZXJzdGV1bmluZyB2b29yIGR1YmJlbHppamRpZyBhZmRydWtrZW4=
+attributeDisplayNames:: cHJpbnRDb2xvcixPbmRlcnN0ZXVuaW5nIHZvb3Iga2xldXJhZmRydWtrZW4=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLE9uZGVyc3RldW5pbmcgdm9vciBzb3J0ZXJlbg==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxJbnZvZXJsYWRlbg==
+attributeDisplayNames:: cG9ydE5hbWUsUG9vcnQ=
+attributeDisplayNames:: bG9jYXRpb24sTG9jYXRpZQ==
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3BtZXJraW5n
+attributeDisplayNames:: Y29udGFjdE5hbWUsQ29udGFjdHBlcnNvb24=
+attributeDisplayNames:: YXNzZXROdW1iZXIsSW52ZW50YXJpc251bW1lcg==
+attributeDisplayNames:: dU5DTmFtZSxOZXR3ZXJrbmFhbQ==
+attributeDisplayNames:: Y24sTmFhbSB2YW4gZGlyZWN0b3J5LXNlcnZpY2U=
+classDisplayName: Printer
+cn: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=printQueue-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: printQueue-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=site-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Site
+cn: site-Display
+instanceType: 4
+distinguishedName: CN=site-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: site-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=server-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+cn: server-Display
+instanceType: 4
+distinguishedName: CN=server-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: server-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Instellingen
+cn: nTDSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSDSA-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Instellingen van domeincontroller
+cn: nTDSDSA-Display
+instanceType: 4
+distinguishedName: CN=nTDSDSA-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSDSA-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSConnection-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Verbinding
+cn: nTDSConnection-Display
+instanceType: 4
+distinguishedName: CN=nTDSConnection-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSConnection-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-instellingen
+cn: nTFRSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSReplicaSet-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-replicaset
+cn: nTFRSReplicaSet-Display
+instanceType: 4
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSReplicaSet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnet-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Subnet
+cn: subnet-Display
+instanceType: 4
+distinguishedName: CN=subnet-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLink-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Site-koppeling
+cn: siteLink-Display
+instanceType: 4
+distinguishedName: CN=siteLink-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLinkBridge-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Site-koppelingsbrug
+cn: siteLinkBridge-Display
+instanceType: 4
+distinguishedName: CN=siteLinkBridge-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLinkBridge-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransport-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Intersite-transport
+cn: interSiteTransport-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransport-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransport-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=licensingSiteSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Instellingen van licentiesite
+cn: licensingSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=licensingSiteSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: licensingSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSiteSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName: Site-instellingen
+cn: nTDSSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSiteSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSMember-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-lid
+cn: nTFRSMember-Display
+instanceType: 4
+distinguishedName: CN=nTFRSMember-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSMember-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriber-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-abonnee
+cn: nTFRSSubscriber-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriber-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriber-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriptions-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-abonnementen
+cn: nTFRSSubscriptions-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriptions-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=organizationalUnit-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames: managedBy,Beheerd door
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: ou,Naam
+classDisplayName: Organisatie-eenheid
+cn: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=organizationalUnit-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: organizationalUnit-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=container-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+classDisplayName: Container
+cn: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=container-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: container-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=rpcContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+classDisplayName: RPC-services
+cn: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=rpcContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: rpcContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=trustedDomain-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+classDisplayName: Vertrouwd domein
+cn: trustedDomain-Display
+instanceType: 4
+distinguishedName: CN=trustedDomain-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: trustedDomain-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=volume-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames: uNCName,Netwerkpad
+attributeDisplayNames: keywords,Trefwoorden
+attributeDisplayNames: managedBy,Beheerd door
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+classDisplayName: Gedeelde map
+cn: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=volume-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: volume-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQQueue-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-wachtrij
+cn: mSMQQueue-Display
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+iconPath: 0,mqsnap.dll,-251
+instanceType: 4
+distinguishedName: CN=mSMQQueue-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQQueue-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-configuratie
+cn: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+instanceType: 4
+distinguishedName: CN=mSMQConfiguration-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQConfiguration-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ-onderneming
+cn: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+instanceType: 4
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQEnterpriseSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQMigratedUser-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName: Gebruiker met MSMQ-upgrade
+cn: mSMQMigratedUser-Display
+instanceType: 4
+distinguishedName: CN=mSMQMigratedUser-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQMigratedUser-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSiteLink-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-routeringskoppeling
+cn: mSMQSiteLink-Display
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+iconPath: 0,mqsnap.dll,-254
+instanceType: 4
+distinguishedName: CN=mSMQSiteLink-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSiteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-instellingen
+cn: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+instanceType: 4
+distinguishedName: CN=mSMQSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=remoteStorageServicePoint-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,&Beheren...,RsAdmin.msc
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames: cn,Naam
+classDisplayName: Remote Storage-service
+cn: remoteStorageServicePoint-Display
+instanceType: 4
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: remoteStorageServicePoint-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+cn: default-Display
+instanceType: 4
+distinguishedName: CN=default-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: default-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=sitesContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Container voor sites
+cn: sitesContainer-Display
+instanceType: 4
+distinguishedName: CN=sitesContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: sitesContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransportContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Container voor intersite-transporten
+cn: interSiteTransportContainer-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransportContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransportContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnetContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Container voor subnetten
+cn: subnetContainer-Display
+instanceType: 4
+distinguishedName: CN=subnetContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnetContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serversContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Container voor servers
+cn: serversContainer-Display
+instanceType: 4
+distinguishedName: CN=serversContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serversContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSService-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Active Directory-service
+cn: nTDSService-Display
+instanceType: 4
+distinguishedName: CN=nTDSService-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSService-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=queryPolicy-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Querybeleid
+cn: queryPolicy-Display
+instanceType: 4
+distinguishedName: CN=queryPolicy-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: queryPolicy-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=foreignSecurityPrincipal-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+classDisplayName: Afwijkende beveiligings-principal
+cn: foreignSecurityPrincipal-Display
+instanceType: 4
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: foreignSecurityPrincipal-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=pKICertificateTemplate-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+classDisplayName: Certificaatsjabloon
+cn: pKICertificateTemplate-Display
+contextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+iconPath: 0,capesnpn.dll,-227
+instanceType: 4
+distinguishedName: CN=pKICertificateTemplate-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: pKICertificateTemplate-Display
+shellPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+instanceType: 4
+distinguishedName: CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: container
+showInAdvancedViewOnly: TRUE
+
+dn: CN=DS-UI-Default-Settings,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+cn: DS-UI-Default-Settings
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+instanceType: 4
+distinguishedName: CN=DS-UI-Default-Settings,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: dSUISettings
+name: DS-UI-Default-Settings
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorGroup-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror Group
+cn: IntellimirrorGroup-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorGroup-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorGroup-Display
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorSCP-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror Service
+cn: IntellimirrorSCP-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorSCP-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorSCP-Display
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=user-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us15vXqteV15HXqiDXk9ejINeQ15nXoNeY16jXoNeY
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs16nXnSDXm9eg15nXodeU
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzXqteX16DXldeqINei15HXldeT15Qg15zXkdeZ16bXldeiINeb16DXmdeh15Q=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs16nXnSDXqtem15XXkteU
+attributeDisplayNames:: dXJsLNeb16rXldeR16og15PXoyDXkNeZ16DXmNeo16DXmCAo15DXl9eo15nXnSnigI8=
+attributeDisplayNames:: dGl0bGUs16rXldeQ16gg16rXpNen15nXkw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIs157Xodek16gg15jXnNen16EgKNeQ15fXqNeZ150p4oCP
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNee16HXpNeoINeY15zXpNeV158=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzXm9eq15XXkdeqINeo15fXldeR
+attributeDisplayNames:: c3Qs157Xk9eZ16DXlC/XnteX15XXlg==
+attributeDisplayNames:: c24s16nXnSDXntep16TXl9eU
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs16nXnSDXm9eg15nXodeUIOKAjijXmNeo15XXnSBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNee16HXpNeoINeY15zXp9eh
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNee16HXpNeoIElTRE4g15HXmdeg15zXkNeV157XmQ==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzXqteQINeT15XXkNeo
+attributeDisplayNames:: cG9zdGFsQ29kZSzXnteZ16fXldeT
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs157Xmden15XXnSDXntep16jXkw==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzXqteV15DXqA==
+attributeDisplayNames:: cGFnZXIs157Xodek16gg15DXmdeq15XXqNeZ16o=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs157Xodek16gg15jXnNek15XXnyAo15DXl9eo15nXnSnigI8=
+attributeDisplayNames:: b3RoZXJQYWdlcizXnteh16TXqCDXkNeZ16rXldeo15nXqiAo15DXl9eo15nXnSnigI8=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs157Xodek16gg16DXmdeZ15MgKNeQ15fXqNeZ150p4oCP
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNeb16rXldeR16og15PXldeQ16gg15DXnNen15jXqNeV16DXmSAo15DXl9eo15nXnSnigI8=
+attributeDisplayNames:: b3RoZXJJcFBob25lLNee16HXpNeoINeY15zXpNeV158gSVAgKNeQ15fXqNeZ150p4oCO
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs157Xodek16gg15jXnNek15XXnyDXkdeR15nXqiAo15DXl9eo15nXnSnigI8=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs157Xodek16gg16TXp9ehICjXkNeX16jXmdedKeKAjw==
+attributeDisplayNames:: aW5mbyzXlNei16jXldeq
+attributeDisplayNames:: bW9iaWxlLNee16HXpNeoINeg15nXmdeT
+attributeDisplayNames:: bWlkZGxlTmFtZSzXqdedINeQ157Xptei15k=
+attributeDisplayNames:: bWVtYmVyT2Ys15fXkdeo15XXqiDXkden15HXldem15Q=
+attributeDisplayNames:: bWFuYWdlcizXnteg15TXnA==
+attributeDisplayNames:: bWFpbCzXm9eq15XXkdeqINeT15XXkNeoINeQ15zXp9eY16jXldeg15k=
+attributeDisplayNames:: bCzXoteZ16g=
+attributeDisplayNames:: aXBQaG9uZSzXnteh16TXqCDXmNec16TXldefIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs157Xodek16ggSVNETiDXkdeZ16DXnNeQ15XXnteZICjXkNeX16jXmdedKeKAjw==
+attributeDisplayNames:: aW5pdGlhbHMs16jXkNep15kg16rXmdeR15XXqg==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms15vXqteV15HXqiDXkdeR15nXqg==
+attributeDisplayNames:: aG9tZVBob25lLNeY15zXpNeV158g15HXkdeZ16o=
+attributeDisplayNames:: aG9tZURyaXZlLNeb15XXoNefINeo15DXqdeZ
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzXqteZ16fXmdeUINeo15DXqdeZ16o=
+attributeDisplayNames:: Z2l2ZW5OYW1lLNep150g16TXqNeY15k=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizXodeZ15XXnteqINep15wg15PXldeo
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNee16HXpNeoINek16fXoQ==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzXnteW15TXlCDXoteV15HXkw==
+attributeDisplayNames:: ZGl2aXNpb24s15fXmNeZ15HXlA==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs16nXnSDXmdeZ15fXldeT15kg16nXnCBYNTAw
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzXm9ek15XXpNeZ150g15nXqdeZ16jXldeq
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: ZGVwYXJ0bWVudCzXnteX15zXp9eU
+attributeDisplayNames:: Y29tcGFueSzXl9eR16jXlA==
+attributeDisplayNames:: Y29tbWVudCzXlNei16jXlA==
+attributeDisplayNames:: Y28s157Xk9eZ16DXlA==
+attributeDisplayNames:: YyzXp9eZ16bXldeoINee15PXmdeg15Q=
+attributeDisplayNames:: Y24s16nXnQ==
+attributeDisplayNames:: YXNzaXN0YW50LNei15XXlteo
+classDisplayName:: 157Xqdeq157XqQ==
+cn: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=user-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: user-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=group-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us15vXqteV15HXqiDXk9ejINeQ15nXoNeY16jXoNeY
+attributeDisplayNames:: dXJsLNeb16rXldeR16og15PXoyDXkNeZ16DXmNeo16DXmCAo15DXl9eo15nXnSnigI8=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs16nXnSDXp9eR15XXpteU4oCOICjXmNeo15XXnSBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs157Xmden15XXnSDXntep16jXkw==
+attributeDisplayNames:: aW5mbyzXlNei16jXldeq
+attributeDisplayNames:: bWVtYmVyLNeX15HXqNeZ150=
+attributeDisplayNames:: bWFuYWdlZEJ5LNee16DXldeU15zXqiDXotecLdeZ15PXmQ==
+attributeDisplayNames:: bCzXoteZ16g=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs16nXnSDXmdeZ15fXldeT15kg16nXnCBYNTAw
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: YyzXp9eZ16bXldeoINee15PXmdeg15Q=
+attributeDisplayNames:: Y24s16nXnQ==
+classDisplayName:: 16fXkdeV16bXlA==
+cn: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=group-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: group-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+classDisplayName:: 16fXkdeV16bXqiDXnteX16nXkdeZ150=
+cn: domainDNS-Display
+instanceType: 4
+distinguishedName: CN=domainDNS-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainDNS-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=contact-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us15vXqteV15HXqiDXk9ejINeQ15nXoNeY16jXoNeY
+attributeDisplayNames:: dXJsLNeb16rXldeR16og15PXoyDXkNeZ16DXmNeo16DXmCAo15DXl9eo15nXnSnigI8=
+attributeDisplayNames:: dGl0bGUs16rXldeQ16gg16rXpNen15nXkw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIs157Xodek16gg15jXnNen16EgKNeQ15fXqNeZ150p4oCP
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNee16HXpNeoINeY15zXpNeV158=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzXm9eq15XXkdeqINeo15fXldeR
+attributeDisplayNames:: c3Qs157Xk9eZ16DXlC/XnteX15XXlg==
+attributeDisplayNames:: c24s16nXnSDXntep16TXl9eU
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNee16HXpNeoINeY15zXp9eh
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNee16HXpNeoIElTRE4g15HXmdeg15zXkNeV157XmQ==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzXqteQINeT15XXkNeo
+attributeDisplayNames:: cG9zdGFsQ29kZSzXnteZ16fXldeT
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs157Xmden15XXnSDXntep16jXkw==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzXqteV15DXqA==
+attributeDisplayNames:: cGFnZXIs157Xodek16gg15DXmdeq15XXqNeZ16o=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs157Xodek16gg15jXnNek15XXnyAo15DXl9eo15nXnSnigI8=
+attributeDisplayNames:: b3RoZXJQYWdlcizXnteh16TXqCDXkNeZ16rXldeo15nXqiAo15DXl9eo15nXnSnigI8=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs157Xodek16gg16DXmdeZ15MgKNeQ15fXqNeZ150p4oCP
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNeb16rXldeR16og15PXldeQ16gg15DXnNen15jXqNeV16DXmSAo15DXl9eo15nXnSnigI8=
+attributeDisplayNames:: b3RoZXJJcFBob25lLNee16HXpNeoINeY15zXpNeV158gSVAgKNeQ15fXqNeZ150p4oCO
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs157Xodek16gg15jXnNek15XXnyDXkdeR15nXqiAo15DXl9eo15nXnSnigI8=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs157Xodek16gg16TXp9ehICjXkNeX16jXmdedKeKAjw==
+attributeDisplayNames:: bW9iaWxlLNee16HXpNeoINeg15nXmdeT
+attributeDisplayNames:: bWlkZGxlTmFtZSzXqdedINeQ157Xptei15k=
+attributeDisplayNames:: bWVtYmVyT2Ys15fXkdeo15XXqiDXkden15HXldem15Q=
+attributeDisplayNames:: bWFuYWdlcizXnteg15TXnA==
+attributeDisplayNames:: bWFpbCzXm9eq15XXkdeqINeT15XXkNeoINeQ15zXp9eY16jXldeg15k=
+attributeDisplayNames:: bCzXoteZ16g=
+attributeDisplayNames:: aXBQaG9uZSzXnteh16TXqCDXmNec16TXldefIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs157Xodek16ggSVNETiDXkdeZ16DXnNeQ15XXnteZICjXkNeX16jXmdedKeKAjw==
+attributeDisplayNames:: aW5mbyzXlNei16jXldeq
+attributeDisplayNames:: aW5pdGlhbHMs16jXkNep15kg16rXmdeR15XXqg==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms15vXqteV15HXqiDXkdeR15nXqg==
+attributeDisplayNames:: aG9tZVBob25lLNeY15zXpNeV158g15HXkdeZ16o=
+attributeDisplayNames:: Z2l2ZW5OYW1lLNep150g16TXqNeY15k=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizXodeZ15XXnteqINep15wg15PXldeo
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNee16HXpNeoINek16fXoQ==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzXnteW15TXlCDXoteV15HXkw==
+attributeDisplayNames:: ZGl2aXNpb24s15fXmNeZ15HXlA==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs16nXnSDXmdeZ15fXldeT15kg16nXnCBYNTAw
+attributeDisplayNames:: ZGlzcGxheU5hbWUs16nXnSDXqtem15XXkteU
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzXm9ek15XXpNeZ150g15nXqdeZ16jXldeq
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: ZGVwYXJ0bWVudCzXnteX15zXp9eU
+attributeDisplayNames:: Y29tcGFueSzXl9eR16jXlA==
+attributeDisplayNames:: Y29tbWVudCzXlNei16jXlA==
+attributeDisplayNames:: Y24s16nXnQ==
+attributeDisplayNames:: Y28s157Xk9eZ16DXlA==
+attributeDisplayNames:: YyzXp9eZ16bXldeoINee15PXmdeg15Q=
+attributeDisplayNames:: YXNzaXN0YW50LNei15XXlteo
+classDisplayName:: 15DXmdepINen16nXqA==
+cn: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=contact-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: contact-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=domainPolicy-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 157Xk9eZ16DXmdeV16og16fXkdeV16bXqiDXnteX16nXkdeZ150=
+cn: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=domainPolicy-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=localPolicy-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 157Xk9eZ16DXmdeV16og157Xp9eV157Xmdeq
+cn: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=localPolicy-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: localPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serviceAdministrationPoint-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 16nXmdeo15XXqg==
+cn: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serviceAdministrationPoint-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=computer-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs16nXnSDXnteX16nXkSDigI4o15jXqNeV150gV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizXkteZ16jXodeqINee16LXqNeb16og15TXpNei15zXlA==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLNee16LXqNeb16og15TXpNei15zXlA==
+attributeDisplayNames:: bWFuYWdlZEJ5LNee16DXldeU15zXqiDXotecLdeZ15PXmQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+classDisplayName:: 157Xl9ep15E=
+cn: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+instanceType: 4
+distinguishedName: CN=computer-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: computer-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=printQueue-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcizXkteZ16jXodeqINeQ15XXkdeZ15nXp9eY
+attributeDisplayNames:: dXJsLNeb16rXldeR16og15PXoyDXkNeZ16DXmNeo16DXmA==
+attributeDisplayNames:: c2VydmVyTmFtZSzXqdedINep16jXqg==
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzXqtee15nXm9eUINeR15TXmdeT15XXpw==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUs16nXnSDXqdeZ16rXldej
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzXk9ek15nXnSDXnNeT16fXlA==
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzXmdeX15nXk9eV16og157XlNeZ16jXldeq
+attributeDisplayNames:: cHJpbnRSYXRlLNee15TXmdeo15XXqg==
+attributeDisplayNames:: cHJpbnRPd25lcizXqdedINeR16LXnNeZ150=
+attributeDisplayNames:: cHJpbnRNZW1vcnks15bXmdeb16jXldefINee15XXqten158=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzXodeV15LXmSDXoNeZ15nXqCDXoNeq157Xm9eZ150=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LNeg15nXmdeoINeW157Xmdef
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLNeo15bXldec15XXpteZ15Qg157Xp9eh15nXntec15nXqg==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSzXqdek16og157Xk9ek16HXqg==
+attributeDisplayNames:: cHJpbnRlck5hbWUs16nXnQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQs16rXnteZ15vXlCDXkdeU15PXpNeh15Qg15PXlS3XpteT15PXmdeq
+attributeDisplayNames:: cHJpbnRDb2xvcizXqtee15nXm9eUINeR15TXk9ek16HXqiDXpteR16I=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLNeq157Xmdeb15Qg15HXkNeZ16HXldej
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzXnteS16nXmSDXp9ec15g=
+attributeDisplayNames:: cG9ydE5hbWUs15nXpteZ15DXlA==
+attributeDisplayNames:: bG9jYXRpb24s157Xmden15XXnQ==
+attributeDisplayNames:: ZHJpdmVyTmFtZSzXk9eS150=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s15TXoteo15Q=
+attributeDisplayNames:: Y29udGFjdE5hbWUs15DXmdepINen16nXqA==
+attributeDisplayNames:: YXNzZXROdW1iZXIs157Xodek16gg16DXm9eh
+attributeDisplayNames:: dU5DTmFtZSzXqdedINeo16nXqg==
+attributeDisplayNames:: Y24s16nXnSDXqdeZ16jXldeqINeh16TXqNeZ15XXqg==
+classDisplayName:: 157Xk9ek16HXqg==
+cn: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=printQueue-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: printQueue-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=site-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 15DXqteo
+cn: site-Display
+instanceType: 4
+distinguishedName: CN=site-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: site-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=server-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 16nXqNeq
+cn: server-Display
+instanceType: 4
+distinguishedName: CN=server-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: server-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSettings-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 15TXkteT16jXldeq
+cn: nTDSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSettings-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSDSA-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 15TXkteT16jXldeqINeR16fXqCDXp9eR15XXpteqINee15fXqdeR15nXnQ==
+cn: nTDSDSA-Display
+instanceType: 4
+distinguishedName: CN=nTDSDSA-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSDSA-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSConnection-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 15TXqten16nXqNeV16o=
+cn: nTDSConnection-Display
+instanceType: 4
+distinguishedName: CN=nTDSConnection-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSConnection-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSettings-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 15TXkteT16jXldeqIEZSUw==
+cn: nTFRSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSettings-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSReplicaSet-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 16fXkdeV16bXqiDXoteV16rXp9eZ150g157XqdeV15vXpNec15nXnSDXqdecIEZSUw==
+cn: nTFRSReplicaSet-Display
+instanceType: 4
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSReplicaSet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnet-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 16jXqdeqINee16nXoNeU
+cn: subnet-Display
+instanceType: 4
+distinguishedName: CN=subnet-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLink-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 16fXmdep15XXqCDXnNeQ16rXqNeZ150=
+cn: siteLink-Display
+instanceType: 4
+distinguishedName: CN=siteLink-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLinkBridge-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 15LXqdeoINen15nXqdeV16gg15zXkNeq16jXmded
+cn: siteLinkBridge-Display
+instanceType: 4
+distinguishedName: CN=siteLinkBridge-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLinkBridge-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransport-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 16rXoteR15XXqNeUINeR16rXldeaINeQ16rXqNeZ150=
+cn: interSiteTransport-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransport-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransport-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=licensingSiteSettings-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 15TXkteT16jXldeqINeQ16rXqCDXqNeZ16nXldeZ
+cn: licensingSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=licensingSiteSettings-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: licensingSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSiteSettings-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: 15TXkteT16jXldeqINeQ16rXqA==
+cn: nTDSSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSiteSettings-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSMember-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 15fXkdeoIEZSUw==
+cn: nTFRSMember-Display
+instanceType: 4
+distinguishedName: CN=nTFRSMember-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSMember-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriber-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 157XoNeV15kgRlJT
+cn: nTFRSSubscriber-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriber-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriber-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriptions-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 157XoNeV15nXmSBGUlM=
+cn: nTFRSSubscriptions-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriptions-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=organizationalUnit-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames:: bWFuYWdlZEJ5LNee16DXldeU15zXqiDXotecLdeZ15PXmQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: b3Us16nXnQ==
+classDisplayName:: 15nXl9eZ15PXlCDXkNeo15LXldeg15nXqg==
+cn: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=organizationalUnit-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: organizationalUnit-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=container-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+classDisplayName:: 15LXldeo150g157Xm9eZ15w=
+cn: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=container-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: container-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=rpcContainer-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+classDisplayName:: 16nXmdeo15XXqteZIFJQQw==
+cn: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=rpcContainer-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: rpcContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=trustedDomain-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+classDisplayName:: 16fXkdeV16bXqiDXnteX16nXkdeZ150g15DXnteZ16DXlA==
+cn: trustedDomain-Display
+instanceType: 4
+distinguishedName: CN=trustedDomain-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: trustedDomain-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=volume-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dU5DTmFtZSzXoNeq15nXkSDXqNep16o=
+attributeDisplayNames:: a2V5d29yZHMs157Xmdec15XXqiDXntek16rXlw==
+attributeDisplayNames:: bWFuYWdlZEJ5LNee16DXldeU15zXqiDXotecLdeZ15PXmQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+classDisplayName:: 16rXmden15nXlCDXntep15XXqtek16o=
+cn: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=volume-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: volume-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQQueue-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: 16rXldeoIE1TTVE=
+cn: mSMQQueue-Display
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+iconPath: 0,mqsnap.dll,-251
+instanceType: 4
+distinguishedName: CN=mSMQQueue-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQQueue-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: 16rXpteV16jXqiBNU01R
+cn: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+instanceType: 4
+distinguishedName: CN=mSMQConfiguration-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQConfiguration-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ Enterprise
+cn: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+instanceType: 4
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQEnterpriseSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQMigratedUser-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: 157Xqdeq157XqSDXntep15XXk9eo15Ig16nXnCBNU01R
+cn: mSMQMigratedUser-Display
+instanceType: 4
+distinguishedName: CN=mSMQMigratedUser-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQMigratedUser-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSiteLink-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: 16fXmdep15XXqCDXnNeg15nXqteV15EgTVNNUQ==
+cn: mSMQSiteLink-Display
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+iconPath: 0,mqsnap.dll,-254
+instanceType: 4
+distinguishedName: CN=mSMQSiteLink-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSiteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSettings-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: 15TXkteT16jXldeqIE1TTVE=
+cn: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+instanceType: 4
+distinguishedName: CN=mSMQSettings-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=remoteStorageServicePoint-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu:: MCwm16DXlNecLi4uLFJzQWRtaW4ubXNj
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: Y24s16nXnQ==
+classDisplayName:: 16nXmdeo15XXqiDXkNeX16HXldefINee16jXldeX16c=
+cn: remoteStorageServicePoint-Display
+instanceType: 4
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: remoteStorageServicePoint-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+cn: default-Display
+instanceType: 4
+distinguishedName: CN=default-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: default-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=sitesContainer-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 15LXldeo150g157Xm9eZ15wg16nXnCDXkNeq16jXmded
+cn: sitesContainer-Display
+instanceType: 4
+distinguishedName: CN=sitesContainer-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: sitesContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransportContainer-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 15LXldeo150g157Xm9eZ15wg16nXnCDXqtei15HXldeo15Qg15HXqteV15og15DXqteo15nXnQ==
+cn: interSiteTransportContainer-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransportContainer-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransportContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnetContainer-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 15LXldeo150g157Xm9eZ15wg16nXnCDXqNep16rXldeqINee16nXoNeU
+cn: subnetContainer-Display
+instanceType: 4
+distinguishedName: CN=subnetContainer-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnetContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serversContainer-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 15LXldeo150g157Xm9eZ15wg16nXnCDXqdeo16rXmded
+cn: serversContainer-Display
+instanceType: 4
+distinguishedName: CN=serversContainer-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serversContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSService-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 16nXmdeo15XXqiBBY3RpdmUgRGlyZWN0b3J5
+cn: nTDSService-Display
+instanceType: 4
+distinguishedName: CN=nTDSService-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSService-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=queryPolicy-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 157Xk9eZ16DXmdeV16og16nXkNeZ15zXqteV16o=
+cn: queryPolicy-Display
+instanceType: 4
+distinguishedName: CN=queryPolicy-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: queryPolicy-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=foreignSecurityPrincipal-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+classDisplayName:: 157XoNeU15wg15DXkdeY15fXqiDXl9eV16U=
+cn: foreignSecurityPrincipal-Display
+instanceType: 4
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: foreignSecurityPrincipal-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=pKICertificateTemplate-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+classDisplayName:: 16rXkdeg15nXqiDXkNeZ16nXldeo
+cn: pKICertificateTemplate-Display
+contextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+iconPath: 0,capesnpn.dll,-227
+instanceType: 4
+distinguishedName: CN=pKICertificateTemplate-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: pKICertificateTemplate-Display
+shellPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+instanceType: 4
+distinguishedName: CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: container
+showInAdvancedViewOnly: TRUE
+
+dn: CN=DS-UI-Default-Settings,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+cn: DS-UI-Default-Settings
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+instanceType: 4
+distinguishedName: CN=DS-UI-Default-Settings,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: dSUISettings
+name: DS-UI-Default-Settings
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorGroup-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Gruppen IntelliMirror
+cn: IntellimirrorGroup-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorGroup-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorGroup-Display
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorSCP-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: Tjenesten IntelliMirror
+cn: IntellimirrorSCP-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorSCP-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorSCP-Display
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=user-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBww6UgV2Vic3RlZA==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTG9nb25uYXZu
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxMb2dvbiBww6UgYXJiZWpkc3N0YXRpb25lcg==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzdCBuYXZu
+attributeDisplayNames:: dXJsLEFkcmVzc2UgcMOlIFdlYnNpZGUgKGFuZHJlKQ==
+attributeDisplayNames:: dGl0bGUsSm9idGl0ZWw=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc3Nl
+attributeDisplayNames:: c3QsT21yw6VkZS9yZWdpb24=
+attributeDisplayNames:: c24sRWZ0ZXJuYXZu
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTG9nb25uYXZuIChmw7hyIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4bnVtbWVy
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGVybmF0aW9uYWx0IElTRE4tbnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0Ym9rcw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9y
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRlbA==
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O4Z2VybnVtbWVy
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbiwgYXJiZWpkZSAoYW5kcmUp
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7hnZXJudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtbWFpbC1hZHJlc3NlIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgcHJpdmF0IChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: aW5mbyxCZW3DpnJrbmluZ2Vy
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsZW1uYXZu
+attributeDisplayNames:: bWVtYmVyT2YsR3J1cHBlbWVkbGVtc2thYg==
+attributeDisplayNames:: bWFuYWdlcixPdmVyb3JkbmV0
+attributeDisplayNames:: bWFpbCxFLW1haWwtYWRyZXNzZQ==
+attributeDisplayNames:: bCxCeQ==
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50ZXJuYXRpb25hbHQgSVNETi1udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsUHJpdmF0YWRyZXNzZQ==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gKHByaXZhdCk=
+attributeDisplayNames:: aG9tZURyaXZlLEhqZW1tZWRyZXY=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxIamVtbWVtYXBwZQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEZvcm5hdm4=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYXZuZXN1ZmZpa3MgKGYuZWtzLiBTci4sIEpyLiwgSUlJKQ==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnNhdHRlcyBJRC1udW1tZXI=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb24=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCBrZW5kZW5hdm4=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEaXJla3RlIHVuZGVyb3JkbmVkZQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBZmRlbGluZw==
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kZWZvcmtvcnRlbHNl
+attributeDisplayNames:: Y24sTmF2bg==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+classDisplayName: Bruger
+cn: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=user-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: user-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=group-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBww6UgV2Vic3RlZA==
+attributeDisplayNames:: dXJsLEFkcmVzc2UgcMOlIFdlYnNpZGUgKGFuZHJlKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsR3J1cHBlbmF2biAoZsO4ciBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9y
+attributeDisplayNames:: aW5mbyxCZW3DpnJrbmluZ2Vy
+attributeDisplayNames:: bWVtYmVyLE1lZGxlbW1lcg==
+attributeDisplayNames:: bWFuYWdlZEJ5LEFkbWluaXN0cmVyZXQgYWY=
+attributeDisplayNames:: bCxCeQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCBrZW5kZW5hdm4=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: YyxMYW5kZWZvcmtvcnRlbHNl
+attributeDisplayNames:: Y24sTmF2bg==
+classDisplayName: Gruppe
+cn: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=group-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: group-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+classDisplayName:: RG9tw6ZuZQ==
+cn: domainDNS-Display
+instanceType: 4
+distinguishedName: CN=domainDNS-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainDNS-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=contact-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBww6UgV2Vic3RlZA==
+attributeDisplayNames:: dXJsLEFkcmVzc2UgcMOlIFdlYnNpZGUgKGFuZHJlKQ==
+attributeDisplayNames:: dGl0bGUsSm9idGl0ZWw=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc3Nl
+attributeDisplayNames:: c3QsT21yw6VkZS9yZWdpb24=
+attributeDisplayNames:: c24sRWZ0ZXJuYXZu
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4bnVtbWVy
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGVybmF0aW9uYWx0IElTRE4tbnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0Ym9rcw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9y
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRlbA==
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O4Z2VybnVtbWVy
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbiwgYXJiZWpkZSAoYW5kcmUp
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7hnZXJudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtbWFpbC1hZHJlc3NlIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgcHJpdmF0IChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsZW1uYXZu
+attributeDisplayNames:: bWVtYmVyT2YsR3J1cHBlbWVkbGVtc2thYg==
+attributeDisplayNames:: bWFuYWdlcixPdmVyb3JkbmV0
+attributeDisplayNames:: bWFpbCxFLW1haWwtYWRyZXNzZQ==
+attributeDisplayNames:: bCxCeQ==
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50ZXJuYXRpb25hbHQgSVNETi1udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: aW5mbyxCZW3DpnJrbmluZ2Vy
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsUHJpdmF0YWRyZXNzZQ==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gKHByaXZhdCk=
+attributeDisplayNames:: Z2l2ZW5OYW1lLEZvcm5hdm4=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYXZuZXN1ZmZpa3MgKGYuZWtzLiBTci4sIEpyLiwgSUlJKQ==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnNhdHRlcyBJRC1udW1tZXI=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb24=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCBrZW5kZW5hdm4=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzdCBuYXZu
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEaXJla3RlIHVuZGVyb3JkbmVkZQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBZmRlbGluZw==
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y24sTmF2bg==
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kZWZvcmtvcnRlbHNl
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+classDisplayName: Kontaktperson
+cn: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=contact-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: contact-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=domainPolicy-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: RG9tw6ZuZXBvbGl0aWs=
+cn: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=domainPolicy-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=localPolicy-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Lokal politik
+cn: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=localPolicy-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: localPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serviceAdministrationPoint-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Tjeneste
+cn: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serviceAdministrationPoint-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=computer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsQ29tcHV0ZXJuYXZuIChmw7hyIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixPcGVyYXRpdnN5c3RlbSAtIHZlcnNpb24=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLE9wZXJhdGl2c3lzdGVt
+attributeDisplayNames:: bWFuYWdlZEJ5LEFkbWluaXN0cmVyZXQgYWY=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: Y24sTmF2bg==
+classDisplayName: Computer
+cn: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+instanceType: 4
+distinguishedName: CN=computer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: computer-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=printQueue-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixPYmpla3R2ZXJzaW9u
+attributeDisplayNames:: dXJsLEFkcmVzc2UgcMOlIFdlYnN0ZWQ=
+attributeDisplayNames:: c2VydmVyTmFtZSxTZXJ2ZXJuYXZu
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxVbmRlcnN0w7h0dGVyIGjDpmZ0bmluZw==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsU2hhcmVuYXZu
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxTaWRlciBwci4gbWludXQ=
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxIYXN0aWdoZWRzZW5oZWRlcg==
+attributeDisplayNames:: cHJpbnRSYXRlLEhhc3RpZ2hlZA==
+attributeDisplayNames:: cHJpbnRPd25lcixOYXZuIHDDpSBlamVy
+attributeDisplayNames:: cHJpbnRNZW1vcnksSW5zdGFsbGVyZXQgaHVrb21tZWxzZQ==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxVbmRlcnN0w7h0dGVkZSBwYXBpcnR5cGVy
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFRpbGfDpm5nZWxpZ2UgcGFwaXJ0eXBlcg==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLE1ha3NpbXVtb3Bsw7hzbmluZw==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxQcmludGVyc3Byb2c=
+attributeDisplayNames:: cHJpbnRlck5hbWUsTmF2bg==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsVW5kZXJzdMO4dHRlciBkb2JiZWx0c2lkZXQgdWRza3Jpdm5pbmc=
+attributeDisplayNames:: cHJpbnRDb2xvcixVbmRlcnN0w7h0dGVyIGZhcnZldWRza3Jpdm5pbmc=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFVuZGVyc3TDuHR0ZXIgc8OmdHZpcyBzb3J0ZXJpbmc=
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxQcmludGVyYmFra2Vy
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydA==
+attributeDisplayNames:: bG9jYXRpb24sUGxhY2VyaW5n
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS29tbWVudGFy
+attributeDisplayNames:: Y29udGFjdE5hbWUsS29udGFrdHBlcnNvbg==
+attributeDisplayNames:: YXNzZXROdW1iZXIsVWRzdHlyc251bW1lcg==
+attributeDisplayNames:: dU5DTmFtZSxOZXR2w6Zya3NuYXZu
+attributeDisplayNames:: Y24sTmF2biBww6Uga2F0YWxvZ3RqZW5lc3Rl
+classDisplayName: Printer
+cn: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=printQueue-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: printQueue-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=site-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: T21yw6VkZQ==
+cn: site-Display
+instanceType: 4
+distinguishedName: CN=site-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: site-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=server-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+cn: server-Display
+instanceType: 4
+distinguishedName: CN=server-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: server-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Indstillinger
+cn: nTDSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSDSA-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: SW5kc3RpbGxpbmdlciBmb3IgZG9tw6ZuZWNvbnRyb2xsZXI=
+cn: nTDSDSA-Display
+instanceType: 4
+distinguishedName: CN=nTDSDSA-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSDSA-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSConnection-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Forbindelse
+cn: nTDSConnection-Display
+instanceType: 4
+distinguishedName: CN=nTDSConnection-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSConnection-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Indstillinger for FRS
+cn: nTFRSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSReplicaSet-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: UmVwbGlrZXJpbmdzc8OmdCBmb3IgRlJT
+cn: nTFRSReplicaSet-Display
+instanceType: 4
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSReplicaSet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnet-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Undernet
+cn: subnet-Display
+instanceType: 4
+distinguishedName: CN=subnet-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLink-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: TGluayB0aWwgb21yw6VkZQ==
+cn: siteLink-Display
+instanceType: 4
+distinguishedName: CN=siteLink-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLinkBridge-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: TGlua2JybyB0aWwgb21yw6VkZQ==
+cn: siteLinkBridge-Display
+instanceType: 4
+distinguishedName: CN=siteLinkBridge-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLinkBridge-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransport-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: VHJhbnNwb3J0IGluZGVuZm9yIG9tcsOlZGU=
+cn: interSiteTransport-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransport-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransport-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=licensingSiteSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: TGljZW5zaW5kc3RpbGxpbmdlciBmb3Igb21yw6VkZQ==
+cn: licensingSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=licensingSiteSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: licensingSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSiteSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: SW5kc3RpbGxpbmdlciBmb3Igb21yw6VkZQ==
+cn: nTDSSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSiteSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSMember-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-medlem
+cn: nTFRSMember-Display
+instanceType: 4
+distinguishedName: CN=nTFRSMember-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSMember-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriber-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-abonnent
+cn: nTFRSSubscriber-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriber-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriber-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriptions-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-abonnementer
+cn: nTFRSSubscriptions-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriptions-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=organizationalUnit-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames: managedBy,Administreret af
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: ou,Navn
+classDisplayName: Organisationsenhed
+cn: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=organizationalUnit-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: organizationalUnit-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=container-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+classDisplayName: Objektbeholder
+cn: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=container-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: container-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=rpcContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+classDisplayName: RPC-tjenester
+cn: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=rpcContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: rpcContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=trustedDomain-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+classDisplayName:: RG9tw6ZuZSwgZGVyIG55ZGVyIHRpbGxpZA==
+cn: trustedDomain-Display
+instanceType: 4
+distinguishedName: CN=trustedDomain-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: trustedDomain-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=volume-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dU5DTmFtZSxOZXR2w6Zya3NzdGk=
+attributeDisplayNames:: a2V5d29yZHMsTsO4Z2xlb3Jk
+attributeDisplayNames:: bWFuYWdlZEJ5LEFkbWluaXN0cmVyZXQgYWY=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: Y24sTmF2bg==
+classDisplayName: Delt mappe
+cn: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=volume-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: volume-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQQueue-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUS1rw7g=
+cn: mSMQQueue-Display
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+iconPath: 0,mqsnap.dll,-251
+instanceType: 4
+distinguishedName: CN=mSMQQueue-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQQueue-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-konfiguration
+cn: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+instanceType: 4
+distinguishedName: CN=mSMQConfiguration-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQConfiguration-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ Enterprise
+cn: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+instanceType: 4
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQEnterpriseSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQMigratedUser-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName: MSMQ-opgraderet bruger
+cn: mSMQMigratedUser-Display
+instanceType: 4
+distinguishedName: CN=mSMQMigratedUser-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQMigratedUser-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSiteLink-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-routing-link
+cn: mSMQSiteLink-Display
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+iconPath: 0,mqsnap.dll,-254
+instanceType: 4
+distinguishedName: CN=mSMQSiteLink-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSiteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName: Indstillinger for MSMQ
+cn: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+instanceType: 4
+distinguishedName: CN=mSMQSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=remoteStorageServicePoint-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,&Administrer...,RsAdmin.msc
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames: cn,Navn
+classDisplayName: Tjenesten Storage Service
+cn: remoteStorageServicePoint-Display
+instanceType: 4
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: remoteStorageServicePoint-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+cn: default-Display
+instanceType: 4
+distinguishedName: CN=default-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: default-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=sitesContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVob2xkZXIgZm9yIG9tcsOlZGU=
+cn: sitesContainer-Display
+instanceType: 4
+distinguishedName: CN=sitesContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: sitesContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransportContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVob2xkZXIgZm9yIHRyYW5zcG9ydCBpbmRlbmZvciBvbXLDpWRl
+cn: interSiteTransportContainer-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransportContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransportContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnetContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Undernetbeholder
+cn: subnetContainer-Display
+instanceType: 4
+distinguishedName: CN=subnetContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnetContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serversContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Serverbeholder
+cn: serversContainer-Display
+instanceType: 4
+distinguishedName: CN=serversContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serversContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSService-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Active Directory-tjeneste
+cn: nTDSService-Display
+instanceType: 4
+distinguishedName: CN=nTDSService-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSService-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=queryPolicy-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: Rm9yZXNww7hyZ3NlbHNwb2xpdGlr
+cn: queryPolicy-Display
+instanceType: 4
+distinguishedName: CN=queryPolicy-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: queryPolicy-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=foreignSecurityPrincipal-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+classDisplayName:: RWtzdGVybiBkb23Dpm5la29udG8sIGRlciBueWRlciB0aWxsaWQ=
+cn: foreignSecurityPrincipal-Display
+instanceType: 4
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: foreignSecurityPrincipal-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=pKICertificateTemplate-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+classDisplayName: Certifikatskabelon
+cn: pKICertificateTemplate-Display
+contextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+iconPath: 0,capesnpn.dll,-227
+instanceType: 4
+distinguishedName: CN=pKICertificateTemplate-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: pKICertificateTemplate-Display
+shellPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+instanceType: 4
+distinguishedName: CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: container
+showInAdvancedViewOnly: TRUE
+
+dn: CN=DS-UI-Default-Settings,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+cn: DS-UI-Default-Settings
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+instanceType: 4
+distinguishedName: CN=DS-UI-Default-Settings,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: dSUISettings
+name: DS-UI-Default-Settings
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorGroup-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror Grup
+cn: IntellimirrorGroup-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorGroup-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorGroup-Display
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorSCP-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror Hizmeti
+cn: IntellimirrorSCP-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorSCP-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorSCP-Display
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=user-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIFNheWZhc8SxIEFkcmVzaQ==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsT3R1cnVtIEHDp21hIEFkxLE=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxPdHVydW0gQcOnbWEgxLDFnyDEsHN0YXN5b25sYXLEsQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsR8O2csO8bmVuIEFk
+attributeDisplayNames:: dXJsLFdlYiBTYXlmYXPEsSBBZHJlc2kgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: dGl0bGUsxLDFnyDDnG52YW7EsQ==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb24gTnVtYXJhc8Sx
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxTb2thayBBZHJlc2k=
+attributeDisplayNames:: c3QsxLBsw6dl
+attributeDisplayNames:: c24sU295YWTEsQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsT3R1cnVtIEHDp21hIEFkxLEgKFdpbmRvd3MgMjAwMCDDtm5jZXNpKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrcyBOdW1hcmFzxLE=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLFVsdXNsYXJhcmFzxLEgSVNETiBOdW1hcmFzxLE=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0YSBLdXR1c3U=
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0YSBLb2R1
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsxLDFn3llcmkgS29udW11
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzDnG52YW4=
+attributeDisplayNames:: cGFnZXIsw4dhxJ9yxLEgQ2loYXrEsSBOdW1hcmFzxLE=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbiBOdW1hcmFzxLEgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: b3RoZXJQYWdlcizDh2HEn3LEsSBDaWhhesSxIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsQ2VwIFRlbGVmb251IE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtUG9zdGEgQWRyZXNpIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIFRlbGVmb24gTnVtYXJhc8SxIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsRXYgVGVsZWZvbnUgTnVtYXJhc8SxIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmFrcyBOdW1hcmFzxLEgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: aW5mbyxOb3RsYXI=
+attributeDisplayNames:: bW9iaWxlLENlcCBUZWxlZm9udSBOdW1hcmFzxLE=
+attributeDisplayNames:: bWlkZGxlTmFtZSzEsGtpbmNpIEFk
+attributeDisplayNames:: bWVtYmVyT2YsR3J1cCDDnHllbGnEn2k=
+attributeDisplayNames:: bWFuYWdlcixZw7ZuZXRpY2k=
+attributeDisplayNames:: bWFpbCxFLVBvc3RhIEFkcmVzaQ==
+attributeDisplayNames:: bCzFnmVoaXI=
+attributeDisplayNames:: aXBQaG9uZSxJUCBUZWxlZm9uIE51bWFyYXPEsQ==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsVWx1c2xhcmFyYXPEsSBJU0ROIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: aW5pdGlhbHMsQmHFnyBIYXJmbGVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRXYgQWRyZXNp
+attributeDisplayNames:: aG9tZVBob25lLEV2IFRlbGVmb251
+attributeDisplayNames:: aG9tZURyaXZlLEFuYSBTw7xyw7xjw7w=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxBbmEgS2xhc8O2cg==
+attributeDisplayNames:: Z2l2ZW5OYW1lLMSwbGsgQWQ=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizDnHJldGltc2VsIFNvbmVr
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZha3MgTnVtYXJhc8Sx
+attributeDisplayNames:: ZW1wbG95ZWVJRCzDh2FsxLHFn2FuIEtpbWxpayBOdW1hcmFzxLE=
+attributeDisplayNames:: ZGl2aXNpb24sQsO2bMO8bQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCBTZcOna2luIEFkxLE=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEb8SfcnVkYW4gUmFwb3JsYXI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEYWlyZQ==
+attributeDisplayNames:: Y29tcGFueSzFnmlya2V0
+attributeDisplayNames:: Y29tbWVudCxBw6fEsWtsYW1h
+attributeDisplayNames:: Y28sw5xsa2U=
+attributeDisplayNames:: YyzDnGxrZSBLxLFzYWx0bWFzxLE=
+attributeDisplayNames:: Y24sQWTEsQ==
+attributeDisplayNames:: YXNzaXN0YW50LFlhcmTEsW1jxLE=
+classDisplayName:: S3VsbGFuxLFjxLE=
+cn: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=user-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: user-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=group-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIFNheWZhc8SxIEFkcmVzaQ==
+attributeDisplayNames:: dXJsLFdlYiBTYXlmYXPEsSBBZHJlc2kgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsR3J1cCBhZMSxIChXaW5kb3dzIDIwMDAgw7ZuY2VzaSk=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsxLDFn3llcmkgS29udW11
+attributeDisplayNames:: aW5mbyxOb3RsYXI=
+attributeDisplayNames:: bWVtYmVyLMOceWVsZXI=
+attributeDisplayNames:: bWFuYWdlZEJ5LFnDtm5ldGVu
+attributeDisplayNames:: bCzFnmVoaXI=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCBTZcOna2luIEFkxLE=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: YyzDnGxrZSBLxLFzYWx0bWFzxLE=
+attributeDisplayNames:: Y24sQWTEsQ==
+classDisplayName: Grup
+cn: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=group-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: group-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: Y24sQWTEsQ==
+classDisplayName:: RXRraSBBbGFuxLE=
+cn: domainDNS-Display
+instanceType: 4
+distinguishedName: CN=domainDNS-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainDNS-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=contact-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIFNheWZhc8SxIEFkcmVzaQ==
+attributeDisplayNames:: dXJsLFdlYiBTYXlmYXPEsSBBZHJlc2kgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: dGl0bGUsxLDFnyDDnG52YW7EsQ==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb24gTnVtYXJhc8Sx
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxTb2thayBBZHJlc2k=
+attributeDisplayNames:: c3QsxLBsw6dl
+attributeDisplayNames:: c24sU295YWTEsQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrcyBOdW1hcmFzxLE=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLFVsdXNsYXJhcmFzxLEgSVNETiBOdW1hcmFzxLE=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0YSBLdXR1c3U=
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0YSBLb2R1
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsxLDFn3llcmkgS29udW11
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzDnG52YW4=
+attributeDisplayNames:: cGFnZXIsw4dhxJ9yxLEgQ2loYXrEsSBOdW1hcmFzxLE=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbiBOdW1hcmFzxLEgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: b3RoZXJQYWdlcizDh2HEn3LEsSBDaWhhesSxIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsQ2VwIFRlbGVmb251IE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtUG9zdGEgQWRyZXNpIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIFRlbGVmb24gTnVtYXJhc8SxIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsRXYgVGVsZWZvbnUgTnVtYXJhc8SxIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmFrcyBOdW1hcmFzxLEgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: bW9iaWxlLENlcCBUZWxlZm9udSBOdW1hcmFzxLE=
+attributeDisplayNames:: bWlkZGxlTmFtZSzEsGtpbmNpIEFk
+attributeDisplayNames:: bWVtYmVyT2YsR3J1cCDDnHllbGnEn2k=
+attributeDisplayNames:: bWFuYWdlcixZw7ZuZXRpY2k=
+attributeDisplayNames:: bWFpbCxFLVBvc3RhIEFkcmVzaQ==
+attributeDisplayNames:: bCzFnmVoaXI=
+attributeDisplayNames:: aXBQaG9uZSxJUCBUZWxlZm9uIE51bWFyYXPEsQ==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsVWx1c2xhcmFyYXPEsSBJU0ROIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: aW5mbyxOb3RsYXI=
+attributeDisplayNames:: aW5pdGlhbHMsQmHFnyBIYXJmbGVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRXYgQWRyZXNp
+attributeDisplayNames:: aG9tZVBob25lLEV2IFRlbGVmb251
+attributeDisplayNames:: Z2l2ZW5OYW1lLMSwbGsgQWQ=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizDnHJldGltc2VsIFNvbmVr
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZha3MgTnVtYXJhc8Sx
+attributeDisplayNames:: ZW1wbG95ZWVJRCzDh2FsxLHFn2FuIEtpbWxpayBOdW1hcmFzxLE=
+attributeDisplayNames:: ZGl2aXNpb24sQsO2bMO8bQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCBTZcOna2luIEFkxLE=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsR8O2csO8bmVuIEFk
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEb8SfcnVkYW4gUmFwb3JsYXI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEYWlyZQ==
+attributeDisplayNames:: Y29tcGFueSzFnmlya2V0
+attributeDisplayNames:: Y29tbWVudCxBw6fEsWtsYW1h
+attributeDisplayNames:: Y24sQWTEsQ==
+attributeDisplayNames:: Y28sw5xsa2U=
+attributeDisplayNames:: YyzDnGxrZSBLxLFzYWx0bWFzxLE=
+attributeDisplayNames:: YXNzaXN0YW50LFlhcmTEsW1jxLE=
+classDisplayName:: QmHFn3Z1cnU=
+cn: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=contact-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: contact-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=domainPolicy-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: RXRraSBBbGFuxLEgxLBsa2VzaQ==
+cn: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=domainPolicy-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=localPolicy-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: WWVyZWwgxLBsa2U=
+cn: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=localPolicy-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: localPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serviceAdministrationPoint-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Hizmet
+cn: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serviceAdministrationPoint-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=computer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsQmlsZ2lzYXlhciBhZMSxIChXaW5kb3dzIDIwMDAgw7ZuY2VzaSk=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizEsMWfbGV0aW0gU2lzdGVtaSBTw7xyw7xtw7w=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLMSwxZ9sZXRpbSBTaXN0ZW1p
+attributeDisplayNames:: bWFuYWdlZEJ5LFnDtm5ldGVu
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: Y24sQWTEsQ==
+classDisplayName: Bilgisayar
+cn: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+instanceType: 4
+distinguishedName: CN=computer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: computer-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=printQueue-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixOZXNuZSBTw7xyw7xtw7w=
+attributeDisplayNames:: dXJsLFdlYiBTYXlmYXPEsSBBZHJlc2k=
+attributeDisplayNames:: c2VydmVyTmFtZSxTdW51Y3UgQWTEsQ==
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxaxLFtYmFsYW1hIERlc3Rla2xlbml5b3I=
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsUGF5bGHFn8SxbSBBZMSx
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxEYWtpa2FkYWtpIFNheWZhIFNhecSxc8Sx
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxIxLF6IEJpcmltbGVyaQ==
+attributeDisplayNames:: cHJpbnRSYXRlLEjEsXo=
+attributeDisplayNames:: cHJpbnRPd25lcixTYWhpYmluaW4gQWTEsQ==
+attributeDisplayNames:: cHJpbnRNZW1vcnksWcO8a2zDvCBCZWxsZWs=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxEZXN0ZWtsZW5lbiBLYcSfxLF0IFTDvHJsZXJp
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LEt1bGxhbsSxbGFiaWxpciBLYcSfxLF0
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLEVuIELDvHnDvGsgw4fDtnrDvG7DvHJsw7xr
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxZYXrEsWPEsSBEaWxp
+attributeDisplayNames:: cHJpbnRlck5hbWUsQWTEsQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsw4dpZnQgVGFyYWZsxLEgWWF6ZMSxcm1hIERlc3Rla2xlbml5b3I=
+attributeDisplayNames:: cHJpbnRDb2xvcixSZW5rbGkgWWF6ZMSxcm1hIERlc3Rla2xlbml5b3I=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLEhhcm1hbmxhbWEgRGVzdGVrbGVuaXlvcg==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxHaXJpxZ8gVGVwc2lsZXJp
+attributeDisplayNames:: cG9ydE5hbWUsQmHEn2xhbnTEsSBOb2t0YXPEsQ==
+attributeDisplayNames:: bG9jYXRpb24sS29udW0=
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbGk=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: Y29udGFjdE5hbWUsQmHFn3Z1cnU=
+attributeDisplayNames:: YXNzZXROdW1iZXIsTWFsIE51bWFyYXPEsQ==
+attributeDisplayNames:: dU5DTmFtZSxBxJ8gQWTEsQ==
+attributeDisplayNames:: Y24sRGl6aW4gSGl6bWV0aSBBZMSx
+classDisplayName:: WWF6xLFjxLE=
+cn: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=printQueue-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: printQueue-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=site-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: QsO2bGdl
+cn: site-Display
+instanceType: 4
+distinguishedName: CN=site-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: site-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=server-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Sunucu
+cn: server-Display
+instanceType: 4
+distinguishedName: CN=server-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: server-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Ayarlar
+cn: nTDSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSDSA-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: RXRraSBBbGFuxLEgRGVuZXRsZXlpY2lzaSBBeWFybGFyxLE=
+cn: nTDSDSA-Display
+instanceType: 4
+distinguishedName: CN=nTDSDSA-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSDSA-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSConnection-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: QmHEn2xhbnTEsQ==
+cn: nTDSConnection-Display
+instanceType: 4
+distinguishedName: CN=nTDSConnection-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSConnection-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIEF5YXJsYXLEsQ==
+cn: nTFRSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSReplicaSet-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIFlpbmVsZW1lIMOceWVzaQ==
+cn: nTFRSReplicaSet-Display
+instanceType: 4
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSReplicaSet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnet-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: QWx0IEHEnw==
+cn: subnet-Display
+instanceType: 4
+distinguishedName: CN=subnet-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLink-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: QsO2bGdlIEJhxJ9sYW50xLFzxLE=
+cn: siteLink-Display
+instanceType: 4
+distinguishedName: CN=siteLink-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLinkBridge-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: QsO2bGdlIEJhxJ9sYW50xLFzxLEgS8O2cHLDvHPDvA==
+cn: siteLinkBridge-Display
+instanceType: 4
+distinguishedName: CN=siteLinkBridge-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLinkBridge-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransport-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: QsO2bGdlbGVyIEFyYXPEsSBBa3RhcsSxbQ==
+cn: interSiteTransport-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransport-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransport-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=licensingSiteSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: WWV0a2kgVmVybWUgQsO2bGdlc2kgQXlhcmxhcsSx
+cn: licensingSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=licensingSiteSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: licensingSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSiteSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: QsO2bGdlIEF5YXJsYXLEsQ==
+cn: nTDSSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSiteSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSMember-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIMOceWVzaQ==
+cn: nTFRSMember-Display
+instanceType: 4
+distinguishedName: CN=nTFRSMember-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSMember-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriber-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS Abonesi
+cn: nTFRSSubscriber-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriber-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriber-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriptions-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS Abonelikleri
+cn: nTFRSSubscriptions-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriptions-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=organizationalUnit-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames:: bWFuYWdlZEJ5LFnDtm5ldGVu
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: b3UsQWTEsQ==
+classDisplayName:: WWFwxLFzYWwgQmlyaW0=
+cn: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=organizationalUnit-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: organizationalUnit-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=container-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: Y24sQWTEsQ==
+classDisplayName:: S2Fwc2F5xLFjxLE=
+cn: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=container-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: container-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=rpcContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: Y24sQWTEsQ==
+classDisplayName: RPC Hizmetleri
+cn: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=rpcContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: rpcContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=trustedDomain-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: Y24sQWTEsQ==
+classDisplayName:: R8O8dmVuaWxlbiBFdGtpIEFsYW7EsQ==
+cn: trustedDomain-Display
+instanceType: 4
+distinguishedName: CN=trustedDomain-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: trustedDomain-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=volume-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dU5DTmFtZSxBxJ8gWW9sdQ==
+attributeDisplayNames:: a2V5d29yZHMsQW5haHRhciBTw7Z6Y8O8a2xlcg==
+attributeDisplayNames:: bWFuYWdlZEJ5LFnDtm5ldGVu
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: Y24sQWTEsQ==
+classDisplayName:: UGF5bGHFn3TEsXLEsWxtxLHFnyBLbGFzw7Zy
+cn: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=volume-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: volume-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQQueue-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSBLdXlydcSfdQ==
+cn: mSMQQueue-Display
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+iconPath: 0,mqsnap.dll,-251
+instanceType: 4
+distinguishedName: CN=mSMQQueue-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQQueue-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSBZYXDEsWxhbmTEsXJtYXPEsQ==
+cn: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+instanceType: 4
+distinguishedName: CN=mSMQConfiguration-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQConfiguration-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUSBLdXJ1bHXFnw==
+cn: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+instanceType: 4
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQEnterpriseSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQMigratedUser-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUSBZw7xrc2VsdGlsbWnFnyBLdWxsYW7EsWPEsQ==
+cn: mSMQMigratedUser-Display
+instanceType: 4
+distinguishedName: CN=mSMQMigratedUser-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQMigratedUser-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSiteLink-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSBZw7ZubGVuZGlybWUgQmHEn2xhbnTEsXPEsQ==
+cn: mSMQSiteLink-Display
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+iconPath: 0,mqsnap.dll,-254
+instanceType: 4
+distinguishedName: CN=mSMQSiteLink-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSiteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSBBeWFybGFyxLE=
+cn: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+instanceType: 4
+distinguishedName: CN=mSMQSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=remoteStorageServicePoint-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu:: MCwmWcO2bmV0Li4uLFJzQWRtaW4ubXNj
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: Y24sQWTEsQ==
+classDisplayName: Uzakta Depolama Hizmeti
+cn: remoteStorageServicePoint-Display
+instanceType: 4
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: remoteStorageServicePoint-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: Y24sQWTEsQ==
+cn: default-Display
+instanceType: 4
+distinguishedName: CN=default-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: default-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=sitesContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QsO2bGdlbGVyIEthcHNhecSxY8Sxc8Sx
+cn: sitesContainer-Display
+instanceType: 4
+distinguishedName: CN=sitesContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: sitesContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransportContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QsO2bGdlbGVyIEFyYXPEsSBBa3RhcsSxbWxhciBLYXBzYXnEsWPEsXPEsQ==
+cn: interSiteTransportContainer-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransportContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransportContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnetContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWx0IEHEn2xhciBLYXBzYXnEsWPEsXPEsQ==
+cn: subnetContainer-Display
+instanceType: 4
+distinguishedName: CN=subnetContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnetContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serversContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U3VudWN1bGFyIEthcHNhecSxY8Sxc8Sx
+cn: serversContainer-Display
+instanceType: 4
+distinguishedName: CN=serversContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serversContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSService-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Active Directory Hizmeti
+cn: nTDSService-Display
+instanceType: 4
+distinguishedName: CN=nTDSService-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSService-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=queryPolicy-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U29yZ3UgxLBsa2VzaQ==
+cn: queryPolicy-Display
+instanceType: 4
+distinguishedName: CN=queryPolicy-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: queryPolicy-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=foreignSecurityPrincipal-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: Y24sQWTEsQ==
+classDisplayName:: WWFiYW5jxLEgR8O8dmVubGlrIMSwbGtlc2k=
+cn: foreignSecurityPrincipal-Display
+instanceType: 4
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: foreignSecurityPrincipal-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=pKICertificateTemplate-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: Y24sQWTEsQ==
+classDisplayName:: U2VydGlmaWthIMWeYWJsb251
+cn: pKICertificateTemplate-Display
+contextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+iconPath: 0,capesnpn.dll,-227
+instanceType: 4
+distinguishedName: CN=pKICertificateTemplate-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: pKICertificateTemplate-Display
+shellPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+instanceType: 4
+distinguishedName: CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: container
+showInAdvancedViewOnly: TRUE
+
+dn: CN=DS-UI-Default-Settings,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+cn: DS-UI-Default-Settings
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+instanceType: 4
+distinguishedName: CN=DS-UI-Default-Settings,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: dSUISettings
+name: DS-UI-Default-Settings
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorGroup-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror-gruppe
+cn: IntellimirrorGroup-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorGroup-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorGroup-Display
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorSCP-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror-tjeneste
+cn: IntellimirrorSCP-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorSCP-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorSCP-Display
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=user-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViLWFkcmVzc2U=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsUMOlbG9nZ2luZ3NuYXZu
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxBcmJlaWRzc3Rhc2pvbmVyIHNvbSBrYW4gbG9nZ2VzIHDDpQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzbmluZ3NuYXZu
+attributeDisplayNames:: dXJsLEFkcmVzc2UgdGlsIFdlYi1zaWRlIChhbmRyZSk=
+attributeDisplayNames:: dGl0bGUsU3RpbGxpbmc=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzbnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxHYXRlYWRyZXNzZQ==
+attributeDisplayNames:: c3QsRGVsc3RhdC9yZWdpb24=
+attributeDisplayNames:: c24sRXR0ZXJuYXZu
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsUMOlbG9nZ2luZ3NuYXZuIChwcmUtV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrc251bW1lcg==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGVybmFzam9uYWx0IElTRE4tbnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0Ym9rcw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9y
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXR0ZWw=
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O4a2VybnVtbWVy
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbiwgYXJiZWlkIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7hrZXJudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtcG9zdGFkcmVzc2UgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgcHJpdmF0IChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsVGVsZWZha3NudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: aW5mbyxNZXJrbmFkZXI=
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsb21uYXZu
+attributeDisplayNames:: bWVtYmVyT2YsR3J1cHBlbWVkbGVtc2thcA==
+attributeDisplayNames:: bWFuYWdlcixMZWRlcg==
+attributeDisplayNames:: bWFpbCxFLXBvc3RhZHJlc3Nl
+attributeDisplayNames:: bCxQb3N0c3RlZA==
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50ZXJuYXNqb25hbHQgSVNETi1udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: aW5pdGlhbHMsRm9yYm9rc3RhdmVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsUHJpdmF0YWRyZXNzZQ==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24sIHByaXZhdA==
+attributeDisplayNames:: aG9tZURyaXZlLEhqZW1tZXN0YXNqb24=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxIamVtbWVtYXBwZQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEZvcm5hdm4=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixHZW5lcmFzam9uc3N1ZmZpa3M=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLFRlbGVmYWtzbnVtbWVy
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnNhdHQtSUQ=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNqb24=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWC41MDAgdW5pa3QgbmF2bg==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEaXJla3RlIHVuZGVyb3JkbmVkZQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBdmRlbGluZw==
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kc2ZvcmtvcnRlbHNl
+attributeDisplayNames:: Y24sTmF2bg==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+classDisplayName: Bruker
+cn: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=user-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: user-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=group-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames: wWWHomePage,Web-adresse
+attributeDisplayNames: url,Adresse til Web-side (andre)
+attributeDisplayNames: samAccountName,Gruppenavn (pre-Windows 2000)
+attributeDisplayNames: physicalDeliveryOfficeName,Kontor
+attributeDisplayNames: info,Merknader
+attributeDisplayNames: member,Medlemmer
+attributeDisplayNames: managedBy,Behandles av
+attributeDisplayNames: l,Poststed
+attributeDisplayNames: distinguishedName,X.500 unikt navn
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: c,Landsforkortelse
+attributeDisplayNames: cn,Navn
+classDisplayName: Gruppe
+cn: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=group-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: group-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+classDisplayName: Domene
+cn: domainDNS-Display
+instanceType: 4
+distinguishedName: CN=domainDNS-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainDNS-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=contact-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViLWFkcmVzc2U=
+attributeDisplayNames:: dXJsLEFkcmVzc2UgdGlsIFdlYi1zaWRlIChhbmRyZSk=
+attributeDisplayNames:: dGl0bGUsU3RpbGxpbmc=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzbnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxHYXRlYWRyZXNzZQ==
+attributeDisplayNames:: c3QsRGVsc3RhdC9yZWdpb24=
+attributeDisplayNames:: c24sRXR0ZXJuYXZu
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrc251bW1lcg==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGVybmFzam9uYWx0IElTRE4tbnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0Ym9rcw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9y
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXR0ZWw=
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O4a2VybnVtbWVy
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbiwgYXJiZWlkIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7hrZXJudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtcG9zdGFkcmVzc2UgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgcHJpdmF0IChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsVGVsZWZha3NudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsb21uYXZu
+attributeDisplayNames:: bWVtYmVyT2YsR3J1cHBlbWVkbGVtc2thcA==
+attributeDisplayNames:: bWFuYWdlcixMZWRlcg==
+attributeDisplayNames:: bWFpbCxFLXBvc3RhZHJlc3Nl
+attributeDisplayNames:: bCxQb3N0c3RlZA==
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50ZXJuYXNqb25hbHQgSVNETi1udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: aW5mbyxNZXJrbmFkZXI=
+attributeDisplayNames:: aW5pdGlhbHMsRm9yYm9rc3RhdmVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsUHJpdmF0YWRyZXNzZQ==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24sIHByaXZhdA==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEZvcm5hdm4=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixHZW5lcmFzam9uc3N1ZmZpa3M=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLFRlbGVmYWtzbnVtbWVy
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnNhdHQtSUQ=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNqb24=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWC41MDAgdW5pa3QgbmF2bg==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzbmluZ3NuYXZu
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEaXJla3RlIHVuZGVyb3JkbmVkZQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBdmRlbGluZw==
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y24sTmF2bg==
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kc2ZvcmtvcnRlbHNl
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+classDisplayName: Kontakt
+cn: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=contact-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: contact-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=domainPolicy-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Domenepolicy
+cn: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=domainPolicy-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=localPolicy-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Lokal policy
+cn: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=localPolicy-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: localPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serviceAdministrationPoint-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Tjeneste
+cn: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serviceAdministrationPoint-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=computer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames: samAccountName,Datamaskinnavn (pre-Windows 2000)
+attributeDisplayNames: operatingSystemVersion,Operativsystemversjon
+attributeDisplayNames: operatingSystem,Operativsystem
+attributeDisplayNames: managedBy,Behandles av
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+classDisplayName: Datamaskin
+cn: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+instanceType: 4
+distinguishedName: CN=computer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: computer-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=printQueue-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixPYmpla3R2ZXJzam9u
+attributeDisplayNames:: dXJsLFdlYi1hZHJlc3Nl
+attributeDisplayNames:: c2VydmVyTmFtZSxTZXJ2ZXJuYXZu
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxTdMO4dHRlciBzdGlmdGluZw==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTmF2biBww6UgZGVsdCByZXNzdXJz
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxTaWRlciBwZXIgbWludXR0
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxIYXN0aWdoZXRzZW5oZXRlcg==
+attributeDisplayNames:: cHJpbnRSYXRlLEhhc3RpZ2hldA==
+attributeDisplayNames:: cHJpbnRPd25lcixFaWVybmF2bg==
+attributeDisplayNames:: cHJpbnRNZW1vcnksTWlubmUgaW5zdGFsbGVydA==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxTdMO4dHRlZGUgcGFwaXJ0eXBlcg==
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFRpbGdqZW5nZWxpZ2UgcGFwaXJ0eXBlcg==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLE1ha3NpbWFsIG9wcGzDuHNuaW5n
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxTa3JpdmVyc3Byw6Vr
+attributeDisplayNames:: cHJpbnRlck5hbWUsTmF2bg==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsU3TDuHR0ZXIgZG9iYmVsdHNpZGlnIHV0c2tyaWZ0
+attributeDisplayNames:: cHJpbnRDb2xvcixTdMO4dHRlciBmYXJnZXV0c2tyaWZ0
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFN0w7h0dGVyIHNvcnRlcmluZw==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxJbm5za3VmZmVy
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydA==
+attributeDisplayNames:: bG9jYXRpb24sUGxhc3NlcmluZw==
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbGw=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS29tbWVudGFy
+attributeDisplayNames:: Y29udGFjdE5hbWUsS29udGFrdA==
+attributeDisplayNames:: YXNzZXROdW1iZXIsR2plbnN0YW5kc251bW1lcg==
+attributeDisplayNames:: dU5DTmFtZSxOZXR0dmVya3NuYXZu
+attributeDisplayNames:: Y24sTmF2biBww6Uga2F0YWxvZ3RqZW5lc3Rl
+classDisplayName: Skriver
+cn: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=printQueue-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: printQueue-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=site-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: T21yw6VkZQ==
+cn: site-Display
+instanceType: 4
+distinguishedName: CN=site-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: site-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=server-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+cn: server-Display
+instanceType: 4
+distinguishedName: CN=server-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: server-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Innstillinger
+cn: nTDSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSDSA-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Innstillinger for domenekontroller
+cn: nTDSDSA-Display
+instanceType: 4
+distinguishedName: CN=nTDSDSA-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSDSA-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSConnection-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Tilkobling
+cn: nTDSConnection-Display
+instanceType: 4
+distinguishedName: CN=nTDSConnection-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSConnection-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-innstillinger
+cn: nTFRSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSReplicaSet-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-replikasett
+cn: nTFRSReplicaSet-Display
+instanceType: 4
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSReplicaSet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnet-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Delnett
+cn: subnet-Display
+instanceType: 4
+distinguishedName: CN=subnet-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLink-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: T21yw6VkZWtvYmxpbmc=
+cn: siteLink-Display
+instanceType: 4
+distinguishedName: CN=siteLink-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLinkBridge-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: T21yw6VkZWtvYmxpbmdzYnJv
+cn: siteLinkBridge-Display
+instanceType: 4
+distinguishedName: CN=siteLinkBridge-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLinkBridge-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransport-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: VHJhbnNwb3J0IG1lbGxvbSBvbXLDpWRlcg==
+cn: interSiteTransport-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransport-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransport-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=licensingSiteSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: SW5uc3RpbGxpbmdlciBmb3IgbGlzZW5zaWVyaW5nc29tcsOlZGU=
+cn: licensingSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=licensingSiteSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: licensingSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSiteSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: T21yw6VkZWlubnN0aWxsaW5nZXI=
+cn: nTDSSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSiteSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSMember-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-medlem
+cn: nTFRSMember-Display
+instanceType: 4
+distinguishedName: CN=nTFRSMember-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSMember-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriber-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-abonnent
+cn: nTFRSSubscriber-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriber-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriber-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriptions-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-abonnement
+cn: nTFRSSubscriptions-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriptions-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=organizationalUnit-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames: managedBy,Behandles av
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: ou,Navn
+classDisplayName: Organisasjonsenhet
+cn: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=organizationalUnit-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: organizationalUnit-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=container-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+classDisplayName: Beholder
+cn: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=container-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: container-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=rpcContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+classDisplayName: RPC-tjenester
+cn: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=rpcContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: rpcContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=trustedDomain-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+classDisplayName: Klarert domene
+cn: trustedDomain-Display
+instanceType: 4
+distinguishedName: CN=trustedDomain-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: trustedDomain-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=volume-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dU5DTmFtZSxOZXR0dmVya3NiYW5l
+attributeDisplayNames:: a2V5d29yZHMsTsO4a2tlbG9yZA==
+attributeDisplayNames:: bWFuYWdlZEJ5LEJlaGFuZGxlcyBhdg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: Y24sTmF2bg==
+classDisplayName: Delt mappe
+cn: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=volume-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: volume-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQQueue-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUS1rw7g=
+cn: mSMQQueue-Display
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+iconPath: 0,mqsnap.dll,-251
+instanceType: 4
+distinguishedName: CN=mSMQQueue-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQQueue-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-konfigurasjon
+cn: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+instanceType: 4
+distinguishedName: CN=mSMQConfiguration-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQConfiguration-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ-organisasjon
+cn: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+instanceType: 4
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQEnterpriseSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQMigratedUser-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName: MSMQ-oppgradert bruker
+cn: mSMQMigratedUser-Display
+instanceType: 4
+distinguishedName: CN=mSMQMigratedUser-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQMigratedUser-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSiteLink-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-rutingskobling
+cn: mSMQSiteLink-Display
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+iconPath: 0,mqsnap.dll,-254
+instanceType: 4
+distinguishedName: CN=mSMQSiteLink-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSiteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-innstillinger
+cn: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+instanceType: 4
+distinguishedName: CN=mSMQSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=remoteStorageServicePoint-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,&Behandle...,RsAdmin.msc
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames: cn,Navn
+classDisplayName: Ekstern lagringstjeneste
+cn: remoteStorageServicePoint-Display
+instanceType: 4
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: remoteStorageServicePoint-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+cn: default-Display
+instanceType: 4
+distinguishedName: CN=default-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: default-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=sitesContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVob2xkZXIgZm9yIG9tcsOlZGVy
+cn: sitesContainer-Display
+instanceType: 4
+distinguishedName: CN=sitesContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: sitesContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransportContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVob2xkZXIgZm9yIHRyYW5zcG9ydGVyIG1lbGxvbSBvbXLDpWRlcg==
+cn: interSiteTransportContainer-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransportContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransportContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnetContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Beholder for delnett
+cn: subnetContainer-Display
+instanceType: 4
+distinguishedName: CN=subnetContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnetContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serversContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Beholder for servere
+cn: serversContainer-Display
+instanceType: 4
+distinguishedName: CN=serversContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serversContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSService-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Active Directory-tjeneste
+cn: nTDSService-Display
+instanceType: 4
+distinguishedName: CN=nTDSService-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSService-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=queryPolicy-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U3DDuHJyaW5nc3BvbGljeQ==
+cn: queryPolicy-Display
+instanceType: 4
+distinguishedName: CN=queryPolicy-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: queryPolicy-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=foreignSecurityPrincipal-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+classDisplayName: Eksternt sikkerhetsobjekt
+cn: foreignSecurityPrincipal-Display
+instanceType: 4
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: foreignSecurityPrincipal-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=pKICertificateTemplate-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+classDisplayName: Sertifikatmal
+cn: pKICertificateTemplate-Display
+contextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+iconPath: 0,capesnpn.dll,-227
+instanceType: 4
+distinguishedName: CN=pKICertificateTemplate-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: pKICertificateTemplate-Display
+shellPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+instanceType: 4
+distinguishedName: CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: container
+showInAdvancedViewOnly: TRUE
+
+dn: CN=DS-UI-Default-Settings,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+cn: DS-UI-Default-Settings
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+instanceType: 4
+distinguishedName: CN=DS-UI-Default-Settings,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: dSUISettings
+name: DS-UI-Default-Settings
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorGroup-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror csoport
+cn: IntellimirrorGroup-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorGroup-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorGroup-Display
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorSCP-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvciBzem9sZ8OhbHRhdMOhcw==
+cn: IntellimirrorSCP-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorSCP-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorSCP-Display
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=user-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViaGVseSBjw61tZQ==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsQmVqZWxlbnRrZXrDqXNpIG7DqXY=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxCZWplbGVudGtlesOpc2kgbXVua2HDoWxsb23DoXNvaw==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTWVnamVsZW7DrXRldHQgbsOpdg==
+attributeDisplayNames:: dXJsLFdlYmhlbHkgY8OtbWUgKGVnecOpYik=
+attributeDisplayNames:: dGl0bGUsTXVua2Frw7Zy
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhzesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25zesOhbQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxVdGNh
+attributeDisplayNames:: c3QsTWVneWU=
+attributeDisplayNames:: c24sVmV6ZXTDqWtuw6l2
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsV2luZG93cyAyMDAwIGVsxZF0dGkgYmVqZWxlbnRrZXrDqXNpIG7DqXY=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4c3rDoW0=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE5lbXpldGvDtnppIElTRE4tc3rDoW0=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0YWZpw7Nr
+attributeDisplayNames:: cG9zdGFsQ29kZSxJcsOhbnnDrXTDs3N6w6Ft
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsSXJvZGEgaGVseWU=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxCZW9zenTDoXM=
+attributeDisplayNames:: cGFnZXIsU3plbcOpbHlow612w7NzesOhbQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbnN6w6FtIChlZ3nDqWIp
+attributeDisplayNames:: b3RoZXJQYWdlcixTemVtw6lseWjDrXbDs3N6w6FtIChlZ3nDqWIp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9uc3rDoW0gKGVnecOpYik=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVsZWt0cm9uaWt1cyBsZXbDqWxjw61tIChlZ3nDqWIp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25zesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsT3R0aG9uaSB0ZWxlZm9uc3rDoW0gKGVnecOpYik=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4c3rDoW0gKGVnecOpYik=
+attributeDisplayNames:: aW5mbyxNZWdqZWd5esOpc2Vr
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbnN6w6Ft
+attributeDisplayNames:: bWlkZGxlTmFtZSxLw7Z6w6lwc8WRIG7DqXY=
+attributeDisplayNames:: bWVtYmVyT2YsQ3NvcG9ydHRhZ3PDoWc=
+attributeDisplayNames:: bWFuYWdlcixGZWxldHRlcw==
+attributeDisplayNames:: bWFpbCxFbGVrdHJvbmlrdXMgbGV2w6lsY8OtbQ==
+attributeDisplayNames:: bCxWw6Fyb3M=
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9uc3rDoW0=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTmVtemV0a8O2emkgSVNETi1zesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: aW5pdGlhbHMsTW9ub2dyYW0=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsT3R0aG9uaSBjw61t
+attributeDisplayNames:: aG9tZVBob25lLE90dGhvbmkgdGVsZWZvbg==
+attributeDisplayNames:: aG9tZURyaXZlLEtlemTFkW1lZ2hhanTDsw==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxLZXpkxZFtYXBwYQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLFV0w7Nuw6l2
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixHZW5lcsOhY2nDs3MgdXTDs3RhZw==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheHN6w6Ft
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbGthbG1hem90dCBhem9ub3PDrXTDs2ph
+attributeDisplayNames:: ZGl2aXNpb24sRsWRb3N6dMOhbHk=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCBtZWdrw7xsw7ZuYsO2enRldMWRIG7DqXY=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxLw7Z6dmV0bGVuIGJlb3N6dG90dGFr
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPc3p0w6FseQ==
+attributeDisplayNames:: Y29tcGFueSxDw6ln
+attributeDisplayNames:: Y29tbWVudCxNZWdqZWd5esOpcw==
+attributeDisplayNames:: Y28sT3JzesOhZw==
+attributeDisplayNames:: YyxPcnN6w6FnbsOpdiByw7Z2aWTDrXTDqXNl
+attributeDisplayNames:: Y24sTsOpdg==
+attributeDisplayNames:: YXNzaXN0YW50LFNlZ8OpZA==
+classDisplayName:: RmVsaGFzem7DoWzDsw==
+cn: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=user-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: user-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=group-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViaGVseSBjw61tZQ==
+attributeDisplayNames:: dXJsLFdlYmhlbHkgY8OtbWUgKGVnecOpYik=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsV2luZG93cyAyMDAwIGVsxZF0dGkgY3NvcG9ydG7DqXY=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsSXJvZGEgaGVseWU=
+attributeDisplayNames:: aW5mbyxNZWdqZWd5esOpc2Vr
+attributeDisplayNames:: bWVtYmVyLFRhZ29r
+attributeDisplayNames:: bWFuYWdlZEJ5LEtlemVsaQ==
+attributeDisplayNames:: bCxWw6Fyb3M=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCBtZWdrw7xsw7ZuYsO2enRldMWRIG7DqXY=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: YyxPcnN6w6FnbsOpdiByw7Z2aWTDrXTDqXNl
+attributeDisplayNames:: Y24sTsOpdg==
+classDisplayName: Csoport
+cn: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=group-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: group-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+classDisplayName:: VGFydG9tw6FueQ==
+cn: domainDNS-Display
+instanceType: 4
+distinguishedName: CN=domainDNS-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainDNS-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=contact-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViaGVseSBjw61tZQ==
+attributeDisplayNames:: dXJsLFdlYmhlbHkgY8OtbWUgKGVnecOpYik=
+attributeDisplayNames:: dGl0bGUsTXVua2Frw7Zy
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhzesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25zesOhbQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxVdGNh
+attributeDisplayNames:: c3QsTWVneWU=
+attributeDisplayNames:: c24sVmV6ZXTDqWtuw6l2
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4c3rDoW0=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE5lbXpldGvDtnppIElTRE4tc3rDoW0=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0YWZpw7Nr
+attributeDisplayNames:: cG9zdGFsQ29kZSxJcsOhbnnDrXTDs3N6w6Ft
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsSXJvZGEgaGVseWU=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxCZW9zenTDoXM=
+attributeDisplayNames:: cGFnZXIsU3plbcOpbHlow612w7NzesOhbQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbnN6w6FtIChlZ3nDqWIp
+attributeDisplayNames:: b3RoZXJQYWdlcixTemVtw6lseWjDrXbDs3N6w6FtIChlZ3nDqWIp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9uc3rDoW0gKGVnecOpYik=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVsZWt0cm9uaWt1cyBsZXbDqWxjw61tIChlZ3nDqWIp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25zesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsT3R0aG9uaSB0ZWxlZm9uc3rDoW0gKGVnecOpYik=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4c3rDoW0gKGVnecOpYik=
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbnN6w6Ft
+attributeDisplayNames:: bWlkZGxlTmFtZSxLw7Z6w6lwc8WRIG7DqXY=
+attributeDisplayNames:: bWVtYmVyT2YsQ3NvcG9ydHRhZ3PDoWc=
+attributeDisplayNames:: bWFuYWdlcixGZWxldHRlcw==
+attributeDisplayNames:: bWFpbCxFbGVrdHJvbmlrdXMgbGV2w6lsY8OtbQ==
+attributeDisplayNames:: bCxWw6Fyb3M=
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9uc3rDoW0=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTmVtemV0a8O2emkgSVNETi1zesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: aW5mbyxNZWdqZWd5esOpc2Vr
+attributeDisplayNames:: aW5pdGlhbHMsTW9ub2dyYW0=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsT3R0aG9uaSBjw61t
+attributeDisplayNames:: aG9tZVBob25lLE90dGhvbmkgdGVsZWZvbg==
+attributeDisplayNames:: Z2l2ZW5OYW1lLFV0w7Nuw6l2
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixHZW5lcsOhY2nDs3MgdXTDs3RhZw==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheHN6w6Ft
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbGthbG1hem90dCBhem9ub3PDrXTDs2ph
+attributeDisplayNames:: ZGl2aXNpb24sRsWRb3N6dMOhbHk=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCBtZWdrw7xsw7ZuYsO2enRldMWRIG7DqXY=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTWVnamVsZW7DrXRldHQgbsOpdg==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxLw7Z6dmV0bGVuIGJlb3N6dG90dGFr
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPc3p0w6FseQ==
+attributeDisplayNames:: Y29tcGFueSxDw6ln
+attributeDisplayNames:: Y29tbWVudCxNZWdqZWd5esOpcw==
+attributeDisplayNames:: Y24sTsOpdg==
+attributeDisplayNames:: Y28sT3JzesOhZw==
+attributeDisplayNames:: YyxPcnN6w6FnbsOpdiByw7Z2aWTDrXTDqXNl
+attributeDisplayNames:: YXNzaXN0YW50LFNlZ8OpZA==
+classDisplayName:: S2FwY3NvbGF0dGFydMOz
+cn: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=contact-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: contact-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=domainPolicy-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: VGFydG9tw6FueWjDoXppcmVuZA==
+cn: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=domainPolicy-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=localPolicy-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: SGVseWkgaMOhemlyZW5k
+cn: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=localPolicy-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: localPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serviceAdministrationPoint-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U3pvbGfDoWx0YXTDoXM=
+cn: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serviceAdministrationPoint-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=computer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsV2luZG93cyAyMDAwIGVsxZF0dGkgc3rDoW3DrXTDs2fDqXBuw6l2
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixPcGVyw6FjacOzcyByZW5kc3plciB2ZXJ6acOzamE=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLE9wZXLDoWNpw7NzIHJlbmRzemVy
+attributeDisplayNames:: bWFuYWdlZEJ5LEtlemVsaQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+classDisplayName:: U3rDoW3DrXTDs2fDqXA=
+cn: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+instanceType: 4
+distinguishedName: CN=computer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: computer-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=printQueue-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixPYmpla3R1bSB2ZXJ6acOzamE=
+attributeDisplayNames:: dXJsLFdlYmhlbHkgY8OtbWU=
+attributeDisplayNames:: c2VydmVyTmFtZSxLaXN6b2xnw6Fsw7Nuw6l2
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxUw6Ftb2dhdGphIGF6IMO2c3N6ZWbFsXrDqXN0
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTWVnb3N6dMOhc2kgbsOpdg==
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxPbGRhbCBwZXIgcGVyYw==
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxTZWJlc3PDqWdlZ3lzw6ln
+attributeDisplayNames:: cHJpbnRSYXRlLFNlYmVzc8OpZw==
+attributeDisplayNames:: cHJpbnRPd25lcixUdWxhamRvbm9zIG5ldmU=
+attributeDisplayNames:: cHJpbnRNZW1vcnksVGVsZXDDrXRldHQgbWVtw7NyaWE=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxUw6Ftb2dhdG90dCBwYXDDrXJ0w61wdXNvaw==
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFJlbmRlbGtlesOpc3JlIMOhbGzDsyBwYXDDrXI=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLE1heGltw6FsaXMgZmVsYm9udMOhcw==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxOeW9tdGF0w7MgbnllbHZl
+attributeDisplayNames:: cHJpbnRlck5hbWUsTsOpdg==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsVMOhbW9nYXRqYSBhIGvDqXRvbGRhbGFzIG55b210YXTDoXN0
+attributeDisplayNames:: cHJpbnRDb2xvcixUw6Ftb2dhdGphIGEgc3rDrW5lcyBueW9tdGF0w6FzdA==
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFTDoW1vZ2F0amEgYSBzesOpdHbDoWxvZ2F0w6FzdA==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxCZW1lbmV0aSB0w6FsY8Ohaw==
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydA==
+attributeDisplayNames:: bG9jYXRpb24sSGVseQ==
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbGw=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTWVnamVneXrDqXM=
+attributeDisplayNames:: Y29udGFjdE5hbWUsS2FwY3NvbGF0dGFydMOz
+attributeDisplayNames:: YXNzZXROdW1iZXIsRXN6a8O2enN6w6Ft
+attributeDisplayNames:: dU5DTmFtZSxIw6Fsw7N6YXRpIG7DqXY=
+attributeDisplayNames:: Y24sQ8OtbXTDoXJzem9sZ8OhbHRhdMOhcyBuZXZl
+classDisplayName:: TnlvbXRhdMOz
+cn: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=printQueue-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: printQueue-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=site-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Telephely
+cn: site-Display
+instanceType: 4
+distinguishedName: CN=site-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: site-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=server-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: S2lzem9sZ8OhbMOz
+cn: server-Display
+instanceType: 4
+distinguishedName: CN=server-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: server-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: QmXDoWxsw610w6Fzb2s=
+cn: nTDSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSDSA-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: VGFydG9tw6FueXZlesOpcmzFkSBiZcOhbGzDrXTDoXNhaQ==
+cn: nTDSDSA-Display
+instanceType: 4
+distinguishedName: CN=nTDSDSA-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSDSA-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSConnection-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Kapcsolat
+cn: nTDSConnection-Display
+instanceType: 4
+distinguishedName: CN=nTDSConnection-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSConnection-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTLWJlw6FsbMOtdMOhc29r
+cn: nTFRSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSReplicaSet-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTLXJlcGxpa2Frw6lzemxldA==
+cn: nTFRSReplicaSet-Display
+instanceType: 4
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSReplicaSet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnet-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: QWxow6Fsw7N6YXQ=
+cn: subnet-Display
+instanceType: 4
+distinguishedName: CN=subnet-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLink-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: SGVseWhpdmF0a296w6Fz
+cn: siteLink-Display
+instanceType: 4
+distinguishedName: CN=siteLink-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLinkBridge-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: SGVseWhpdmF0a296w6FzaMOtZA==
+cn: siteLinkBridge-Display
+instanceType: 4
+distinguishedName: CN=siteLinkBridge-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLinkBridge-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransport-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: SGVseWvDtnppIMOhdHZpdGVs
+cn: interSiteTransport-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransport-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransport-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=licensingSiteSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: TGljZW5jZWzFkSBoZWx5IGJlw6FsbMOtdMOhc2Fp
+cn: licensingSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=licensingSiteSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: licensingSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSiteSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: SGVseSBiZcOhbGzDrXTDoXNhaQ==
+cn: nTDSSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSiteSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSMember-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-tag
+cn: nTFRSMember-Display
+instanceType: 4
+distinguishedName: CN=nTFRSMember-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSMember-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriber-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTLWVsxZFmaXpldMWR
+cn: nTFRSSubscriber-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriber-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriber-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriptions-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTLWVsxZFmaXpldMOpc2Vr
+cn: nTFRSSubscriptions-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriptions-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=organizationalUnit-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames:: bWFuYWdlZEJ5LEtlemVsaQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: b3UsTsOpdg==
+classDisplayName:: U3plcnZlemV0aSBlZ3lzw6ln
+cn: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=organizationalUnit-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: organizationalUnit-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=container-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+classDisplayName:: VMOhcm9sw7M=
+cn: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=container-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: container-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=rpcContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+classDisplayName:: UlBDLXN6b2xnw6FsdGF0w6Fzb2s=
+cn: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=rpcContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: rpcContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=trustedDomain-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+classDisplayName:: TWVnaGF0YWxtYXpvdHQgdGFydG9tw6FueQ==
+cn: trustedDomain-Display
+instanceType: 4
+distinguishedName: CN=trustedDomain-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: trustedDomain-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=volume-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dU5DTmFtZSxIw6Fsw7N6YXRpIGVsw6lyw6lzaSDDunQ=
+attributeDisplayNames:: a2V5d29yZHMsS3VsY3NzemF2YWs=
+attributeDisplayNames:: bWFuYWdlZEJ5LEtlemVsaQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+classDisplayName: Megosztott mappa
+cn: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=volume-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: volume-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQQueue-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUS12w6Fyw7NsaXN0YQ==
+cn: mSMQQueue-Display
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+iconPath: 0,mqsnap.dll,-251
+instanceType: 4
+distinguishedName: CN=mSMQQueue-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQQueue-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUS1rb25maWd1csOhY2nDsw==
+cn: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+instanceType: 4
+distinguishedName: CN=mSMQConfiguration-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQConfiguration-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUS12w6FsbGFsYXQ=
+cn: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+instanceType: 4
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQEnterpriseSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQMigratedUser-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUS1yYSBmcmlzc8OtdGV0dCBmZWxoYXN6bsOhbMOz
+cn: mSMQMigratedUser-Display
+instanceType: 4
+distinguishedName: CN=mSMQMigratedUser-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQMigratedUser-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSiteLink-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUS3DunR2w6FsYXN6dMOzaGl2YXRrb3rDoXM=
+cn: mSMQSiteLink-Display
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+iconPath: 0,mqsnap.dll,-254
+instanceType: 4
+distinguishedName: CN=mSMQSiteLink-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSiteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUS1iZcOhbGzDrXTDoXNvaw==
+cn: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+instanceType: 4
+distinguishedName: CN=mSMQSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=remoteStorageServicePoint-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu:: MCwmS2V6ZWzDqXMuLi4sUnNBZG1pbi5tc2M=
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: Y24sTsOpdg==
+classDisplayName:: VMOhdnTDoXJvbMOzIHN6b2xnw6FsdGF0w6Fz
+cn: remoteStorageServicePoint-Display
+instanceType: 4
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: remoteStorageServicePoint-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+cn: default-Display
+instanceType: 4
+distinguishedName: CN=default-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: default-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=sitesContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: SGVseXTDoXJvbMOz
+cn: sitesContainer-Display
+instanceType: 4
+distinguishedName: CN=sitesContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: sitesContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransportContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: SGVseWvDtnppIMOhdHZpdGVsZWsgdMOhcm9sw7NqYQ==
+cn: interSiteTransportContainer-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransportContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransportContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnetContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWxow6Fsw7N6YXRvayB0w6Fyb2zDs2ph
+cn: subnetContainer-Display
+instanceType: 4
+distinguishedName: CN=subnetContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnetContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serversContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: S2lzem9sZ8OhbMOzayB0w6Fyb2zDs2ph
+cn: serversContainer-Display
+instanceType: 4
+distinguishedName: CN=serversContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serversContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSService-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeSBzem9sZ8OhbHRhdMOhcw==
+cn: nTDSService-Display
+instanceType: 4
+distinguishedName: CN=nTDSService-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSService-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=queryPolicy-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: TGVrw6lyZGV6w6lzaSBow6F6aXJlbmQ=
+cn: queryPolicy-Display
+instanceType: 4
+distinguishedName: CN=queryPolicy-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: queryPolicy-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=foreignSecurityPrincipal-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+classDisplayName:: S8O8bHPFkSBzemVyZXBsxZE=
+cn: foreignSecurityPrincipal-Display
+instanceType: 4
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: foreignSecurityPrincipal-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=pKICertificateTemplate-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+classDisplayName:: Qml6b255w610dsOhbnlzYWJsb24=
+cn: pKICertificateTemplate-Display
+contextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+iconPath: 0,capesnpn.dll,-227
+instanceType: 4
+distinguishedName: CN=pKICertificateTemplate-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: pKICertificateTemplate-Display
+shellPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+instanceType: 4
+distinguishedName: CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: container
+showInAdvancedViewOnly: TRUE
+
+dn: CN=DS-UI-Default-Settings,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+cn: DS-UI-Default-Settings
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+instanceType: 4
+distinguishedName: CN=DS-UI-Default-Settings,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: dSUISettings
+name: DS-UI-Default-Settings
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorGroup-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror-Gruppe
+cn: IntellimirrorGroup-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorGroup-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorGroup-Display
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorSCP-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror-Dienst
+cn: IntellimirrorSCP-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorSCP-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorSCP-Display
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=user-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2Vic2VpdGVuYWRyZXNzZQ==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsQW5tZWxkZW5hbWU=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxBbm1lbGRlYXJiZWl0c3N0YXRpb25lbg==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsQW5nZXplaWd0ZXIgTmFtZQ==
+attributeDisplayNames:: dXJsLFdlYnNlaXRlbmFkcmVzc2UgKEFuZGVyZSk=
+attributeDisplayNames:: dGl0bGUsUG9zaXRpb24=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhudW1tZXIgKEFuZGVyZSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFJ1Zm51bW1lcg==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxTdHJhw59l
+attributeDisplayNames:: c3QsQnVuZGVzbGFuZC9LYW50b24=
+attributeDisplayNames:: c24sTmFjaG5hbWU=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsQW5tZWxkZW5hbWUgKGbDvHIgV2luZG93cyBOVCAzLjV4LzQuMCk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4bnVtbWVy
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGVybmF0aW9uYWxlIElTRE4tTnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0ZmFjaA==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQTFo=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQsO8cm8=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxBbnJlZGU=
+attributeDisplayNames:: cGFnZXIsUGFnZXJudW1tZXI=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsUnVmbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJQYWdlcixQYWdlcm51bW1lciAoQW5kZXJlKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWxmdW5rbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtTWFpbC1BZHJlc3NlIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLVJ1Zm51bW1lciAoQW5kZXJlKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsUHJpdmF0cnVmbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: aW5mbyxIaW53ZWlzZQ==
+attributeDisplayNames:: bW9iaWxlLE1vYmlsZnVua251bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxad2VpdGVyIFZvcm5hbWU=
+attributeDisplayNames:: bWVtYmVyT2YsR3J1cHBlbm1pdGdsaWVkc2NoYWZ0
+attributeDisplayNames:: bWFuYWdlcixWb3JnZXNldHp0ZShyKQ==
+attributeDisplayNames:: bWFpbCxFLU1haWwtQWRyZXNzZQ==
+attributeDisplayNames:: bCxTdGFkdA==
+attributeDisplayNames:: aXBQaG9uZSxJUC1SdWZudW1tZXI=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50ZXJuYXRpb25hbGUgSVNETi1OdW1tZXIgKEFuZGVyZSk=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVu
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsUHJpdmF0YWRyZXNzZQ==
+attributeDisplayNames:: aG9tZVBob25lLFByaXZhdHJ1Zm51bW1lcg==
+attributeDisplayNames:: aG9tZURyaXZlLEJhc2lzbGF1Zndlcms=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxCYXNpc29yZG5lcg==
+attributeDisplayNames:: Z2l2ZW5OYW1lLFZvcm5hbWU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYW1lbnN6dXNhdHo=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBcmJlaXRuZWhtZXJrZW5udW5n
+attributeDisplayNames:: ZGl2aXNpb24sSGF1cHRhYnRlaWx1bmc=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMC1kZWZpbmllcnRlciBOYW1l
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxNaXRhcmJlaXRlcg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVzY2hyZWlidW5n
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBYnRlaWx1bmc=
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kZXNhYmvDvHJ6dW5n
+attributeDisplayNames:: Y24sTmFtZQ==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+classDisplayName: Benutzer
+cn: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=user-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: user-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=group-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2Vic2VpdGVuYWRyZXNzZQ==
+attributeDisplayNames:: dXJsLFdlYnNlaXRlbmFkcmVzc2UgKEFuZGVyZSk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsR3J1cHBlbm5hbWUgKGbDvHIgV2luZG93cyBOVCAzLjV4LzQuMCk=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQsO8cm8=
+attributeDisplayNames:: aW5mbyxIaW53ZWlzZQ==
+attributeDisplayNames:: bWVtYmVyLE1pdGdsaWVkZXI=
+attributeDisplayNames:: bWFuYWdlZEJ5LFZlcndhbHRldCB2b24=
+attributeDisplayNames:: bCxTdGFkdA==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMC1kZWZpbmllcnRlciBOYW1l
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVzY2hyZWlidW5n
+attributeDisplayNames:: YyxMYW5kZXNhYmvDvHJ6dW5n
+attributeDisplayNames:: Y24sTmFtZQ==
+classDisplayName: Gruppe
+cn: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=group-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: group-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+classDisplayName:: RG9tw6RuZQ==
+cn: domainDNS-Display
+instanceType: 4
+distinguishedName: CN=domainDNS-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainDNS-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=contact-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2Vic2VpdGVuYWRyZXNzZQ==
+attributeDisplayNames:: dXJsLFdlYnNlaXRlbmFkcmVzc2UgKEFuZGVyZSk=
+attributeDisplayNames:: dGl0bGUsUG9zaXRpb24=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhudW1tZXIgKEFuZGVyZSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFJ1Zm51bW1lcg==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxTdHJhw59l
+attributeDisplayNames:: c3QsQnVuZGVzbGFuZC9LYW50b24=
+attributeDisplayNames:: c24sTmFjaG5hbWU=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4bnVtbWVy
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGVybmF0aW9uYWxlIElTRE4tTnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0ZmFjaA==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQTFo=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQsO8cm8=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxBbnJlZGU=
+attributeDisplayNames:: cGFnZXIsUGFnZXJudW1tZXI=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsUnVmbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJQYWdlcixQYWdlcm51bW1lciAoQW5kZXJlKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWxmdW5rbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtTWFpbC1BZHJlc3NlIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLVJ1Zm51bW1lciAoQW5kZXJlKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsUHJpdmF0cnVmbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: bW9iaWxlLE1vYmlsZnVua251bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxad2VpdGVyIFZvcm5hbWU=
+attributeDisplayNames:: bWVtYmVyT2YsR3J1cHBlbm1pdGdsaWVkc2NoYWZ0
+attributeDisplayNames:: bWFuYWdlcixWb3JnZXNldHp0ZShyKQ==
+attributeDisplayNames:: bWFpbCxFLU1haWwtQWRyZXNzZQ==
+attributeDisplayNames:: bCxTdGFkdA==
+attributeDisplayNames:: aXBQaG9uZSxJUC1SdWZudW1tZXI=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50ZXJuYXRpb25hbGUgSVNETi1OdW1tZXIgKEFuZGVyZSk=
+attributeDisplayNames:: aW5mbyxIaW53ZWlzZQ==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVu
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsUHJpdmF0YWRyZXNzZQ==
+attributeDisplayNames:: aG9tZVBob25lLFByaXZhdHJ1Zm51bW1lcg==
+attributeDisplayNames:: Z2l2ZW5OYW1lLFZvcm5hbWU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYW1lbnN6dXNhdHo=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBcmJlaXRuZWhtZXJrZW5udW5n
+attributeDisplayNames:: ZGl2aXNpb24sSGF1cHRhYnRlaWx1bmc=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMC1kZWZpbmllcnRlciBOYW1l
+attributeDisplayNames:: ZGlzcGxheU5hbWUsQW5nZXplaWd0ZXIgTmFtZQ==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxNaXRhcmJlaXRlcg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVzY2hyZWlidW5n
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBYnRlaWx1bmc=
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y24sTmFtZQ==
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kZXNhYmvDvHJ6dW5n
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+classDisplayName: Kontakt
+cn: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=contact-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: contact-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=domainPolicy-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: RG9tw6RuZW5yaWNodGxpbmll
+cn: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=domainPolicy-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=localPolicy-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Lokale Richtlinie
+cn: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=localPolicy-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: localPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serviceAdministrationPoint-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Dienst
+cn: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serviceAdministrationPoint-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=computer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsQ29tcHV0ZXJuYW1lIChmw7xyIFdpbmRvd3MgTlQgMy41eC80LjAp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixCZXRyaWVic3N5c3RlbXZlcnNpb24=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLEJldHJpZWJzc3lzdGVt
+attributeDisplayNames:: bWFuYWdlZEJ5LFZlcndhbHRldCB2b24=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVzY2hyZWlidW5n
+attributeDisplayNames:: Y24sTmFtZQ==
+classDisplayName: Computer
+cn: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+instanceType: 4
+distinguishedName: CN=computer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: computer-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=printQueue-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixPYmpla3R2ZXJzaW9u
+attributeDisplayNames:: dXJsLFdlYnNlaXRlbmFkcmVzc2U=
+attributeDisplayNames:: c2VydmVyTmFtZSxTZXJ2ZXJuYW1l
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxVbnRlcnN0w7x0enQgSGVmdGVu
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsRnJlaWdhYmVuYW1l
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxTZWl0ZW4gcHJvIE1pbnV0ZQ==
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxHZXNjaHdpbmRpZ2tlaXRzZWluaGVpdGVu
+attributeDisplayNames:: cHJpbnRSYXRlLEdlc2Nod2luZGlna2VpdA==
+attributeDisplayNames:: cHJpbnRPd25lcixCZXNpdHplcg==
+attributeDisplayNames:: cHJpbnRNZW1vcnksSW5zdGFsbGllcnRlciBTcGVpY2hlcg==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxVbnRlcnN0w7x0enRlIFBhcGllcnR5cGVu
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFZlcmbDvGdiYXJlcyBQYXBpZXI=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLE1heGltYWxlIEF1ZmzDtnN1bmc=
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxEcnVja2Vyc3ByYWNoZQ==
+attributeDisplayNames:: cHJpbnRlck5hbWUsTmFtZQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsVW50ZXJzdMO8dHp0IGRvcHBlbHNlaXRpZ2VzIERydWNrZW4=
+attributeDisplayNames:: cHJpbnRDb2xvcixVbnRlcnN0w7x0enQgZmFyYmlnZXMgRHJ1Y2tlbg==
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFVudGVyc3TDvHR6dCBTb3J0aWVyZW4=
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxFaW5nYWJlc2Now6RjaHRl
+attributeDisplayNames:: cG9ydE5hbWUsQW5zY2hsdXNz
+attributeDisplayNames:: bG9jYXRpb24sUGZhZA==
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbGw=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS29tbWVudGFy
+attributeDisplayNames:: Y29udGFjdE5hbWUsS29udGFrdA==
+attributeDisplayNames:: YXNzZXROdW1iZXIsR2Vyw6R0ZW51bW1lcg==
+attributeDisplayNames:: dU5DTmFtZSxOZXR6d2Vya25hbWU=
+attributeDisplayNames:: Y24sTmFtZSBkZXMgVmVyemVpY2huaXNkaWVuc3Rlcw==
+classDisplayName: Drucker
+cn: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=printQueue-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: printQueue-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=site-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Standort
+cn: site-Display
+instanceType: 4
+distinguishedName: CN=site-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: site-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=server-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+cn: server-Display
+instanceType: 4
+distinguishedName: CN=server-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: server-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Einstellungen
+cn: nTDSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSDSA-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: RWluc3RlbGx1bmdlbiBkZXMgRG9tw6RuZW5jb250cm9sbGVycw==
+cn: nTDSDSA-Display
+instanceType: 4
+distinguishedName: CN=nTDSDSA-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSDSA-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSConnection-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Verbindung
+cn: nTDSConnection-Display
+instanceType: 4
+distinguishedName: CN=nTDSConnection-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSConnection-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-Einstellungen
+cn: nTFRSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSReplicaSet-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-Replikatssatz
+cn: nTFRSReplicaSet-Display
+instanceType: 4
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSReplicaSet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnet-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Subnetz
+cn: subnet-Display
+instanceType: 4
+distinguishedName: CN=subnet-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLink-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: U3RhbmRvcnR2ZXJrbsO8cGZ1bmc=
+cn: siteLink-Display
+instanceType: 4
+distinguishedName: CN=siteLink-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLinkBridge-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: U3RhbmRvcnR2ZXJrbsO8cGZ1bmdzYnLDvGNrZQ==
+cn: siteLinkBridge-Display
+instanceType: 4
+distinguishedName: CN=siteLinkBridge-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLinkBridge-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransport-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: U3RhbmRvcnTDvGJlcmdyZWlmZW5kZXIgVHJhbnNwb3J0
+cn: interSiteTransport-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransport-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransport-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=licensingSiteSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Lizenzierungsstandorteinstellungen
+cn: licensingSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=licensingSiteSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: licensingSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSiteSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName: Standorteinstellungen
+cn: nTDSSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSiteSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSMember-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-Mitglied
+cn: nTFRSMember-Display
+instanceType: 4
+distinguishedName: CN=nTFRSMember-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSMember-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriber-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-Abonnent
+cn: nTFRSSubscriber-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriber-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriber-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriptions-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-Abonnements
+cn: nTFRSSubscriptions-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriptions-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=organizationalUnit-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames: managedBy,Verwaltet von
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: ou,Name
+classDisplayName: Organisationseinheit
+cn: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=organizationalUnit-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: organizationalUnit-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=container-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+classDisplayName: Container
+cn: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=container-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: container-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=rpcContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+classDisplayName: RPC-Dienste
+cn: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=rpcContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: rpcContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=trustedDomain-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+classDisplayName:: VmVydHJhdWVuc3fDvHJkaWdlIERvbcOkbmU=
+cn: trustedDomain-Display
+instanceType: 4
+distinguishedName: CN=trustedDomain-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: trustedDomain-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=volume-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dU5DTmFtZSxOZXR6d2Vya3BmYWQ=
+attributeDisplayNames:: a2V5d29yZHMsU2NobMO8c3NlbHfDtnJ0ZXI=
+attributeDisplayNames:: bWFuYWdlZEJ5LFZlcndhbHRldCB2b24=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVzY2hyZWlidW5n
+attributeDisplayNames:: Y24sTmFtZQ==
+classDisplayName: Freigegebener Ordner
+cn: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=volume-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: volume-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQQueue-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-Warteschlange
+cn: mSMQQueue-Display
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+iconPath: 0,mqsnap.dll,-251
+instanceType: 4
+distinguishedName: CN=mSMQQueue-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQQueue-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-Konfiguration
+cn: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+instanceType: 4
+distinguishedName: CN=mSMQConfiguration-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQConfiguration-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ-Unternehmen
+cn: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+instanceType: 4
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQEnterpriseSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQMigratedUser-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName: Aktualisierter MSMQ-Benutzer
+cn: mSMQMigratedUser-Display
+instanceType: 4
+distinguishedName: CN=mSMQMigratedUser-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQMigratedUser-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSiteLink-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-Routingverbindung
+cn: mSMQSiteLink-Display
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+iconPath: 0,mqsnap.dll,-254
+instanceType: 4
+distinguishedName: CN=mSMQSiteLink-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSiteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-Einstellungen
+cn: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+instanceType: 4
+distinguishedName: CN=mSMQSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=remoteStorageServicePoint-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,Ver&walten...,RsAdmin.msc
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames: cn,Name
+classDisplayName: Remotespeicherdienst
+cn: remoteStorageServicePoint-Display
+instanceType: 4
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: remoteStorageServicePoint-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+cn: default-Display
+instanceType: 4
+distinguishedName: CN=default-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: default-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=sitesContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Standortcontainer
+cn: sitesContainer-Display
+instanceType: 4
+distinguishedName: CN=sitesContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: sitesContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransportContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U3RhbmRvcnTDvGJlcmdyZWlmZW5kZXIgVHJhbnNwb3J0Y29udGFpbmVy
+cn: interSiteTransportContainer-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransportContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransportContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnetContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Subnetzcontainer
+cn: subnetContainer-Display
+instanceType: 4
+distinguishedName: CN=subnetContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnetContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serversContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Servercontainer
+cn: serversContainer-Display
+instanceType: 4
+distinguishedName: CN=serversContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serversContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSService-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Active Directory-Dienst
+cn: nTDSService-Display
+instanceType: 4
+distinguishedName: CN=nTDSService-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSService-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=queryPolicy-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Abfragerichtlinie
+cn: queryPolicy-Display
+instanceType: 4
+distinguishedName: CN=queryPolicy-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: queryPolicy-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=foreignSecurityPrincipal-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+classDisplayName: Fremder Sicherheitsprincipal
+cn: foreignSecurityPrincipal-Display
+instanceType: 4
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: foreignSecurityPrincipal-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=pKICertificateTemplate-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+classDisplayName: Zertifikatsvorlage
+cn: pKICertificateTemplate-Display
+contextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+iconPath: 0,capesnpn.dll,-227
+instanceType: 4
+distinguishedName: CN=pKICertificateTemplate-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: pKICertificateTemplate-Display
+shellPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+instanceType: 4
+distinguishedName: CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: container
+showInAdvancedViewOnly: TRUE
+
+dn: CN=DS-UI-Default-Settings,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+cn: DS-UI-Default-Settings
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+instanceType: 4
+distinguishedName: CN=DS-UI-Default-Settings,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: dSUISettings
+name: DS-UI-Default-Settings
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorGroup-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvciDnu4Q=
+cn: IntellimirrorGroup-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorGroup-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorGroup-Display
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorSCP-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvciDmnI3liqE=
+cn: IntellimirrorSCP-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorSCP-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorSCP-Display
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=user-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us572R6aG15Zyw5Z2A
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs55m75b2V5ZCN
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyznmbvlvZXlt6XkvZznq5k=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs5pi+56S65ZCN
+attributeDisplayNames:: dXJsLOe9kemhteWcsOWdgCAo5YW25a6DKQ==
+attributeDisplayNames:: dGl0bGUs5bel5L2c6IGM56ew
+attributeDisplayNames:: dGVsZXhOdW1iZXIs55S15oql5Y+356CBICjlhbblroMp
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOeUteivneWPt+eggQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzooZfpgZPlnLDlnYA=
+attributeDisplayNames:: c3Qs55yBL+ebtOi+luW4gi/oh6rmsrvljLo=
+attributeDisplayNames:: c24s5aeT
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs55m75b2V5ZCNIChXaW5kb3dzIDIwMDAg5Lul5YmN54mI5pysKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOeUteaKpeWPt+eggQ==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWbvemZhSBJU0ROIOWPt+eggQ==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzpgq7nrrE=
+attributeDisplayNames:: cG9zdGFsQ29kZSzpgq7nvJY=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5Yqe5YWs5a6k5L2N572u
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSznp7Dlkbw=
+attributeDisplayNames:: cGFnZXIs5ZG85py65Y+356CB
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs55S16K+d5Y+356CBICjlhbblroMp
+attributeDisplayNames:: b3RoZXJQYWdlcizlkbzmnLrlj7fnoIEgKOWFtuWugyk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs56e75Yqo55S16K+d5Y+356CBICjlhbblroMp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOeUteWtkOmCruS7tuWcsOWdgCAo5YW25a6DKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOeUteivneWPt+eggSAo5YW25a6DKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs5a625bqt55S16K+d5Y+356CBICjlhbblroMp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs5Lyg55yf5Y+356CBICjlhbblroMp
+attributeDisplayNames:: aW5mbyzms6jph4o=
+attributeDisplayNames:: bW9iaWxlLOenu+WKqOeUteivneWPt+eggQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSzkuK3pl7TlkI0=
+attributeDisplayNames:: bWVtYmVyT2Ys57uE5oiQ5ZGY
+attributeDisplayNames:: bWFuYWdlcizkuIrlj7g=
+attributeDisplayNames:: bWFpbCznlLXlrZDpgq7ku7blnLDlnYA=
+attributeDisplayNames:: bCzljr8v5biC
+attributeDisplayNames:: aXBQaG9uZSxJUCDnlLXor53lj7fnoIE=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5Zu96ZmFIElTRE4g5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: aW5pdGlhbHMs6Iux5paH57yp5YaZ5ZCN
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms5a625bqt5Zyw5Z2A
+attributeDisplayNames:: aG9tZVBob25lLOWutuW6reeUteivnQ==
+attributeDisplayNames:: aG9tZURyaXZlLOS4u+mpseWKqOWZqA==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzkuLvmlofku7blpLk=
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjQ==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizkuJbooq3np7DosJM=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLOS8oOecn+WPt+eggQ==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzogYzlkZjnvJblj7c=
+attributeDisplayNames:: ZGl2aXNpb24s5YiG6YOo
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDnibnlvILlkI3np7A=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXkuIvlsZ4=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jpl6g=
+attributeDisplayNames:: Y29tcGFueSzlhazlj7g=
+attributeDisplayNames:: Y29tbWVudCzor7TmmI4=
+attributeDisplayNames:: Y28s5Zu95a62KOWcsOWMuik=
+attributeDisplayNames:: Yyzlm73lrrYo5Zyw5Yy6Kee8qeWGmQ==
+attributeDisplayNames:: Y24s5ZCN56ew
+attributeDisplayNames:: YXNzaXN0YW50LOWKqeaJiw==
+classDisplayName:: 55So5oi3
+cn: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=user-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: user-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=group-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us572R6aG15Zyw5Z2A
+attributeDisplayNames:: dXJsLOe9kemhteWcsOWdgCAo5YW25a6DKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs57uE5ZCNIChXaW5kb3dzIDIwMDAg5Lul5YmN54mI5pysKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5Yqe5YWs5a6k5L2N572u
+attributeDisplayNames:: aW5mbyzms6jph4o=
+attributeDisplayNames:: bWVtYmVyLOaIkOWRmA==
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: bCzljr8v5biC
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDnibnlvILlkI3np7A=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Yyzlm73lrrYo5Zyw5Yy6Kee8qeWGmQ==
+attributeDisplayNames:: Y24s5ZCN56ew
+classDisplayName:: 57uE
+cn: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=group-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: group-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+classDisplayName:: 5Z+f
+cn: domainDNS-Display
+instanceType: 4
+distinguishedName: CN=domainDNS-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainDNS-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=contact-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us572R6aG15Zyw5Z2A
+attributeDisplayNames:: dXJsLOe9kemhteWcsOWdgCAo5YW25a6DKQ==
+attributeDisplayNames:: dGl0bGUs5bel5L2c6IGM56ew
+attributeDisplayNames:: dGVsZXhOdW1iZXIs55S15oql5Y+356CBICjlhbblroMp
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOeUteivneWPt+eggQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzooZfpgZPlnLDlnYA=
+attributeDisplayNames:: c3Qs55yBL+ebtOi+luW4gi/oh6rmsrvljLo=
+attributeDisplayNames:: c24s5aeT
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOeUteaKpeWPt+eggQ==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWbvemZhSBJU0ROIOWPt+eggQ==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzpgq7nrrE=
+attributeDisplayNames:: cG9zdGFsQ29kZSzpgq7nvJY=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5Yqe5YWs5a6k5L2N572u
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSznp7Dlkbw=
+attributeDisplayNames:: cGFnZXIs5ZG85py65Y+356CB
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs55S16K+d5Y+356CBICjlhbblroMp
+attributeDisplayNames:: b3RoZXJQYWdlcizlkbzmnLrlj7fnoIEgKOWFtuWugyk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs56e75Yqo55S16K+d5Y+356CBICjlhbblroMp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOeUteWtkOmCruS7tuWcsOWdgCAo5YW25a6DKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOeUteivneWPt+eggSAo5YW25a6DKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs5a625bqt55S16K+d5Y+356CBICjlhbblroMp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs5Lyg55yf5Y+356CBICjlhbblroMp
+attributeDisplayNames:: bW9iaWxlLOenu+WKqOeUteivneWPt+eggQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSzkuK3pl7TlkI0=
+attributeDisplayNames:: bWVtYmVyT2Ys57uE5oiQ5ZGY
+attributeDisplayNames:: bWFuYWdlcizkuIrlj7g=
+attributeDisplayNames:: bWFpbCznlLXlrZDpgq7ku7blnLDlnYA=
+attributeDisplayNames:: bCzljr8v5biC
+attributeDisplayNames:: aXBQaG9uZSxJUCDnlLXor53lj7fnoIE=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5Zu96ZmFIElTRE4g5Y+356CBICjlhbblroMp
+attributeDisplayNames:: aW5mbyzms6jph4o=
+attributeDisplayNames:: aW5pdGlhbHMs6Iux5paH57yp5YaZ5ZCN
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms5a625bqt5Zyw5Z2A
+attributeDisplayNames:: aG9tZVBob25lLOWutuW6reeUteivnQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjQ==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizkuJbooq3np7DosJM=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLOS8oOecn+WPt+eggQ==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzogYzlkZjnvJblj7c=
+attributeDisplayNames:: ZGl2aXNpb24s5YiG6YOo
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDnibnlvILlkI3np7A=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs5pi+56S65ZCN
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXkuIvlsZ4=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jpl6g=
+attributeDisplayNames:: Y29tcGFueSzlhazlj7g=
+attributeDisplayNames:: Y29tbWVudCzor7TmmI4=
+attributeDisplayNames:: Y24s5ZCN56ew
+attributeDisplayNames:: Y28s5Zu95a62KOWcsOWMuik=
+attributeDisplayNames:: Yyzlm73lrrYo5Zyw5Yy6Kee8qeWGmQ==
+attributeDisplayNames:: YXNzaXN0YW50LOWKqeaJiw==
+classDisplayName:: 6IGU57uc5Lq6
+cn: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=contact-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: contact-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=domainPolicy-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 5Z+f562W55Wl
+cn: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=domainPolicy-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=localPolicy-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 5pys5Zyw562W55Wl
+cn: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=localPolicy-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: localPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serviceAdministrationPoint-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5pyN5Yqh
+cn: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serviceAdministrationPoint-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=computer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs6K6h566X5py65ZCNIChXaW5kb3dzIDIwMDAg5Lul5YmN54mI5pysKQ==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizmk43kvZzns7vnu5/niYjmnKw=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLOaTjeS9nOezu+e7nw==
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+classDisplayName:: 6K6h566X5py6
+cn: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+instanceType: 4
+distinguishedName: CN=computer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: computer-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=printQueue-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcizlr7nosaHniYjmnKw=
+attributeDisplayNames:: dXJsLOe9kemhteWcsOWdgA==
+attributeDisplayNames:: c2VydmVyTmFtZSzmnI3liqHlmajlkI0=
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzmlK/mjIHoo4XorqI=
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUs5YWx5Lqr5ZCN
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzmr4/liIbpkp/pobXmlbA=
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzpgJ/luqbljZXkvY0=
+attributeDisplayNames:: cHJpbnRSYXRlLOmAn+W6pg==
+attributeDisplayNames:: cHJpbnRPd25lcizmiYDmnInogIXlkI3np7A=
+attributeDisplayNames:: cHJpbnRNZW1vcnks5bey6KOF5YaF5a2Y
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzmlK/mjIHnmoTnurjlvKDnsbvlnos=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LOWPr+eUqOe6uOW8oA==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLOacgOWkp+WIhui+qOeOhw==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSzmiZPljbDmnLror63oqIA=
+attributeDisplayNames:: cHJpbnRlck5hbWUs5ZCN56ew
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQs5pSv5oyB5Y+M6Z2i5omT5Y2w
+attributeDisplayNames:: cHJpbnRDb2xvcizmlK/mjIHlvanoibLmiZPljbA=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLOaUr+aMgeWvueeFpw==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzov5vnurjlmag=
+attributeDisplayNames:: cG9ydE5hbWUs56uv5Y+j
+attributeDisplayNames:: bG9jYXRpb24s5L2N572u
+attributeDisplayNames:: ZHJpdmVyTmFtZSzlnovlj7c=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6K+05piO
+attributeDisplayNames:: Y29udGFjdE5hbWUs6IGU57uc5Lq6
+attributeDisplayNames:: YXNzZXROdW1iZXIs6LWE5Lqn5Y+356CB
+attributeDisplayNames:: dU5DTmFtZSznvZHnu5zlkI0=
+attributeDisplayNames:: Y24s55uu5b2V5pyN5Yqh5ZCN
+classDisplayName:: 5omT5Y2w5py6
+cn: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=printQueue-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: printQueue-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=site-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 56uZ54K5
+cn: site-Display
+instanceType: 4
+distinguishedName: CN=site-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: site-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=server-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 5pyN5Yqh5Zmo
+cn: server-Display
+instanceType: 4
+distinguishedName: CN=server-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: server-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 6K6+572u
+cn: nTDSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSDSA-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 5Z+f5o6n5Yi25Zmo6K6+572u
+cn: nTDSDSA-Display
+instanceType: 4
+distinguishedName: CN=nTDSDSA-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSDSA-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSConnection-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 6L+e5o6l
+cn: nTDSConnection-Display
+instanceType: 4
+distinguishedName: CN=nTDSConnection-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSConnection-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOiuvue9rg==
+cn: nTFRSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSReplicaSet-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOWkjeWItumbhg==
+cn: nTFRSReplicaSet-Display
+instanceType: 4
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSReplicaSet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnet-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 5a2Q572R
+cn: subnet-Display
+instanceType: 4
+distinguishedName: CN=subnet-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLink-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 56uZ54K56ZO+5o6l
+cn: siteLink-Display
+instanceType: 4
+distinguishedName: CN=siteLink-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLinkBridge-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 56uZ54K56ZO+5o6l5qGl
+cn: siteLinkBridge-Display
+instanceType: 4
+distinguishedName: CN=siteLinkBridge-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLinkBridge-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransport-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 56uZ6Ze05Lyg6L6T
+cn: interSiteTransport-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransport-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransport-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=licensingSiteSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 5o6I5p2D56uZ54K56K6+572u
+cn: licensingSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=licensingSiteSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: licensingSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSiteSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: 56uZ54K56K6+572u
+cn: nTDSSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSiteSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSMember-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOaIkOWRmA==
+cn: nTFRSMember-Display
+instanceType: 4
+distinguishedName: CN=nTFRSMember-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSMember-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriber-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOiuoumYheiAhQ==
+cn: nTFRSSubscriber-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriber-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriber-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriptions-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOiuoumYhQ==
+cn: nTFRSSubscriptions-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriptions-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=organizationalUnit-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: b3Us5ZCN56ew
+classDisplayName:: 57uE57uH5Y2V5L2N
+cn: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=organizationalUnit-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: organizationalUnit-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=container-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+classDisplayName:: 5a655Zmo
+cn: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=container-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: container-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=rpcContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+classDisplayName:: UlBDIOacjeWKoQ==
+cn: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=rpcContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: rpcContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=trustedDomain-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+classDisplayName:: 5Y+X5L+h5Lu75Z+f
+cn: trustedDomain-Display
+instanceType: 4
+distinguishedName: CN=trustedDomain-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: trustedDomain-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=volume-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dU5DTmFtZSznvZHnu5zot6/lvoQ=
+attributeDisplayNames:: a2V5d29yZHMs5YWz6ZSu5a2X
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+classDisplayName:: 5YWx5Lqr5paH5Lu25aS5
+cn: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=volume-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: volume-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQQueue-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDpmJ/liJc=
+cn: mSMQQueue-Display
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+iconPath: 0,mqsnap.dll,-251
+instanceType: 4
+distinguishedName: CN=mSMQQueue-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQQueue-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDphY3nva4=
+cn: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+instanceType: 4
+distinguishedName: CN=mSMQConfiguration-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQConfiguration-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUSDkvIHkuJrnuqc=
+cn: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+instanceType: 4
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQEnterpriseSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQMigratedUser-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUSDljYfnuqfnlKjmiLc=
+cn: mSMQMigratedUser-Display
+instanceType: 4
+distinguishedName: CN=mSMQMigratedUser-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQMigratedUser-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSiteLink-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDot6/nlLHpk77mjqU=
+cn: mSMQSiteLink-Display
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+iconPath: 0,mqsnap.dll,-254
+instanceType: 4
+distinguishedName: CN=mSMQSiteLink-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSiteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDorr7nva4=
+cn: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+instanceType: 4
+distinguishedName: CN=mSMQSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=remoteStorageServicePoint-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu:: MCznrqHnkIYoJk0pLi4uLFJzQWRtaW4ubXNj
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: Y24s5ZCN56ew
+classDisplayName:: 6L+c56iL5a2Y5YKo5pyN5Yqh
+cn: remoteStorageServicePoint-Display
+instanceType: 4
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: remoteStorageServicePoint-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+cn: default-Display
+instanceType: 4
+distinguishedName: CN=default-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: default-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=sitesContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 56uZ54K55a655Zmo
+cn: sitesContainer-Display
+instanceType: 4
+distinguishedName: CN=sitesContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: sitesContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransportContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 56uZ6Ze05Lyg6L6T5a655Zmo
+cn: interSiteTransportContainer-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransportContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransportContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnetContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 5a2Q572R5a655Zmo
+cn: subnetContainer-Display
+instanceType: 4
+distinguishedName: CN=subnetContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnetContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serversContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 5pyN5Yqh5Zmo5a655Zmo
+cn: serversContainer-Display
+instanceType: 4
+distinguishedName: CN=serversContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serversContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSService-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeSDmnI3liqE=
+cn: nTDSService-Display
+instanceType: 4
+distinguishedName: CN=nTDSService-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSService-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=queryPolicy-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 5p+l6K+i562W55Wl
+cn: queryPolicy-Display
+instanceType: 4
+distinguishedName: CN=queryPolicy-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: queryPolicy-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=foreignSecurityPrincipal-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+classDisplayName:: 5aSW6YOo5a6J5YWo6KeE6IyD
+cn: foreignSecurityPrincipal-Display
+instanceType: 4
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: foreignSecurityPrincipal-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=pKICertificateTemplate-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+classDisplayName:: 6K+B5Lmm5pG45p2/
+cn: pKICertificateTemplate-Display
+contextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+iconPath: 0,capesnpn.dll,-227
+instanceType: 4
+distinguishedName: CN=pKICertificateTemplate-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: pKICertificateTemplate-Display
+shellPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+instanceType: 4
+distinguishedName: CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: container
+showInAdvancedViewOnly: TRUE
+
+dn: CN=DS-UI-Default-Settings,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+cn: DS-UI-Default-Settings
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+instanceType: 4
+distinguishedName: CN=DS-UI-Default-Settings,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: dSUISettings
+name: DS-UI-Default-Settings
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorGroup-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Grupa IntelliMirror
+cn: IntellimirrorGroup-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorGroup-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorGroup-Display
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorSCP-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: VXPFgnVnYSBJbnRlbGxpTWlycm9y
+cn: IntellimirrorSCP-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorSCP-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorSCP-Display
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=user-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXMgc3Ryb255IHcgc2llY2kgV2Vi
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTmF6d2EgbG9nb3dhbmlh
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxMb2dvd2FuaWUgbmEgc3RhY2phY2ggcm9ib2N6eWNo
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTmF6d2Egd3nFm3dpZXRsYW5h
+attributeDisplayNames:: dXJsLEFkcmVzIHN0cm9ueSBzaWVjaSBXZWIgKGlubmUp
+attributeDisplayNames:: dGl0bGUsU3Rhbm93aXNrbw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtZXIgdGVsZWtzdSAoaW5uZSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bWVyIHRlbGVmb251
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxVbGljYQ==
+attributeDisplayNames:: c3QsV29qZXfDs2R6dHdv
+attributeDisplayNames:: c24sTmF6d2lza28=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTmF6d2EgbG9nb3dhbmlhIChzeXN0ZW15IHN0YXJzemUgbmnFvCBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bWVyIHRlbGVrc3U=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE1pxJlkenluYXJvZG93eSBudW1lciBzaWVjaW93eSBJU0RO
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxOdW1lciBza3J6eW5raSBwb2N6dG93ZWo=
+attributeDisplayNames:: cG9zdGFsQ29kZSxLb2QgcG9jenRvd3k=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9rYWxpemFjamEgYml1cmE=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUeXR1xYI=
+attributeDisplayNames:: cGFnZXIsTnVtZXIgcGFnZXJh
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtZXIgdGVsZWZvbnUgc8WCdcW8Ym93ZWdvIChpbm5lKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW1lciBwYWdlcmEgKGlubmUp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtZXIgdGVsZWZvbnUga29tw7Nya293ZWdvIChpbm5lKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEFkcmVzIGUtbWFpbCAoaW5uZSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bWVyIHRlbGVmb251IElQIChpbm5lKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtZXIgdGVsZWZvbnUgZG9tb3dlZ28gKGlubmUp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtZXIgZmFrc3UgKGlubmUp
+attributeDisplayNames:: aW5mbyxOb3RhdGtp
+attributeDisplayNames:: bW9iaWxlLFBvZHN0YXdvd3kgbnVtZXIgdGVsZWZvbnUga29tw7Nya293ZWdv
+attributeDisplayNames:: bWlkZGxlTmFtZSxEcnVnaWUgaW1pxJk=
+attributeDisplayNames:: bWVtYmVyT2YsQ3rFgm9ua29zdHdvIGdydXB5
+attributeDisplayNames:: bWFuYWdlcixNZW5lZMW8ZXI=
+attributeDisplayNames:: bWFpbCxBZHJlcyBlLW1haWw=
+attributeDisplayNames:: bCxNaWFzdG8=
+attributeDisplayNames:: aXBQaG9uZSxOdW1lciB0ZWxlZm9udSBJUA==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTWnEmWR6eW5hcm9kb3d5IG51bWVyIHNpZWNpb3d5IElTRE4gKGlubmUp
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2phxYJ5
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXMgZG9tb3d5
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gZG9tb3d5
+attributeDisplayNames:: aG9tZURyaXZlLER5c2sgbWFjaWVyenlzdHk=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxGb2xkZXIgbWFjaWVyenlzdHk=
+attributeDisplayNames:: Z2l2ZW5OYW1lLEltacSZ
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpa3MgcG9rb2xlbmlvd3k=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bWVyIGZha3N1
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZGVudHlmaWthdG9yIHByYWNvd25pa2E=
+attributeDisplayNames:: ZGl2aXNpb24sV3lkemlhxYI=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTmF6d2Egd3lyw7PFvG5pYWrEhWNhIFg1MDA=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxCZXpwb8WbcmVkbmkgcG9kd8WCYWRuaQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEemlhxYI=
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21lbnRhcno=
+attributeDisplayNames:: Y28sS3Jhag==
+attributeDisplayNames:: YyxTeW1ib2wga3JhanU=
+attributeDisplayNames:: Y24sTmF6d2E=
+attributeDisplayNames:: YXNzaXN0YW50LEFzeXN0ZW50
+classDisplayName:: VcW8eXRrb3duaWs=
+cn: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=user-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: user-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=group-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXMgc3Ryb255IHcgc2llY2kgV2Vi
+attributeDisplayNames:: dXJsLEFkcmVzIHN0cm9ueSBzaWVjaSBXZWIgKGlubmUp
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTmF6d2EgZ3J1cHkgKHN5c3RlbXkgc3RhcnN6ZSBuacW8IFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9rYWxpemFjamEgYml1cmE=
+attributeDisplayNames:: aW5mbyxOb3RhdGtp
+attributeDisplayNames:: bWVtYmVyLEN6xYJvbmtvd2ll
+attributeDisplayNames:: bWFuYWdlZEJ5LFphcnrEhWR6YW5hIHByemV6
+attributeDisplayNames:: bCxNaWFzdG8=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTmF6d2Egd3lyw7PFvG5pYWrEhWNhIFg1MDA=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: YyxTeW1ib2wga3JhanU=
+attributeDisplayNames:: Y24sTmF6d2E=
+classDisplayName: Grupa
+cn: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=group-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: group-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+classDisplayName: Domena
+cn: domainDNS-Display
+instanceType: 4
+distinguishedName: CN=domainDNS-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainDNS-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=contact-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXMgc3Ryb255IHcgc2llY2kgV2Vi
+attributeDisplayNames:: dXJsLEFkcmVzIHN0cm9ueSBzaWVjaSBXZWIgKGlubmUp
+attributeDisplayNames:: dGl0bGUsU3Rhbm93aXNrbw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtZXIgdGVsZWtzdSAoaW5uZSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bWVyIHRlbGVmb251
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxVbGljYQ==
+attributeDisplayNames:: c3QsV29qZXfDs2R6dHdv
+attributeDisplayNames:: c24sTmF6d2lza28=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bWVyIHRlbGVrc3U=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE1pxJlkenluYXJvZG93eSBudW1lciBzaWVjaW93eSBJU0RO
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxOdW1lciBza3J6eW5raSBwb2N6dG93ZWo=
+attributeDisplayNames:: cG9zdGFsQ29kZSxLb2QgcG9jenRvd3k=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9rYWxpemFjamEgYml1cmE=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUeXR1xYI=
+attributeDisplayNames:: cGFnZXIsTnVtZXIgcGFnZXJh
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtZXIgdGVsZWZvbnUgc8WCdcW8Ym93ZWdvIChpbm5lKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW1lciBwYWdlcmEgKGlubmUp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtZXIgdGVsZWZvbnUga29tw7Nya293ZWdvIChpbm5lKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEFkcmVzIGUtbWFpbCAoaW5uZSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bWVyIHRlbGVmb251IElQIChpbm5lKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtZXIgdGVsZWZvbnUgZG9tb3dlZ28gKGlubmUp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtZXIgZmFrc3UgKGlubmUp
+attributeDisplayNames:: bW9iaWxlLFBvZHN0YXdvd3kgbnVtZXIgdGVsZWZvbnUga29tw7Nya293ZWdv
+attributeDisplayNames:: bWlkZGxlTmFtZSxEcnVnaWUgaW1pxJk=
+attributeDisplayNames:: bWVtYmVyT2YsQ3rFgm9ua29zdHdvIGdydXB5
+attributeDisplayNames:: bWFuYWdlcixNZW5lZMW8ZXI=
+attributeDisplayNames:: bWFpbCxBZHJlcyBlLW1haWw=
+attributeDisplayNames:: bCxNaWFzdG8=
+attributeDisplayNames:: aXBQaG9uZSxOdW1lciB0ZWxlZm9udSBJUA==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTWnEmWR6eW5hcm9kb3d5IG51bWVyIHNpZWNpb3d5IElTRE4gKGlubmUp
+attributeDisplayNames:: aW5mbyxOb3RhdGtp
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2phxYJ5
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXMgZG9tb3d5
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gZG9tb3d5
+attributeDisplayNames:: Z2l2ZW5OYW1lLEltacSZ
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpa3MgcG9rb2xlbmlvd3k=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bWVyIGZha3N1
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZGVudHlmaWthdG9yIHByYWNvd25pa2E=
+attributeDisplayNames:: ZGl2aXNpb24sV3lkemlhxYI=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTmF6d2Egd3lyw7PFvG5pYWrEhWNhIFg1MDA=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTmF6d2Egd3nFm3dpZXRsYW5h
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxCZXpwb8WbcmVkbmkgcG9kd8WCYWRuaQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEemlhxYI=
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21lbnRhcno=
+attributeDisplayNames:: Y24sTmF6d2E=
+attributeDisplayNames:: Y28sS3Jhag==
+attributeDisplayNames:: YyxTeW1ib2wga3JhanU=
+attributeDisplayNames:: YXNzaXN0YW50LEFzeXN0ZW50
+classDisplayName: Kontakt
+cn: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=contact-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: contact-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=domainPolicy-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Zasady domen
+cn: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=domainPolicy-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=localPolicy-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Zasady lokalne
+cn: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=localPolicy-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: localPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serviceAdministrationPoint-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VXPFgnVnYQ==
+cn: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serviceAdministrationPoint-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=computer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTmF6d2Ega29tcHV0ZXJhIChzeXN0ZW15IHN0YXJzemUgbmnFvCBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixXZXJzamEgc3lzdGVtdSBvcGVyYWN5am5lZ28=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLFN5c3RlbSBvcGVyYWN5am55
+attributeDisplayNames:: bWFuYWdlZEJ5LFphcnrEhWR6YW5hIHByemV6
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: Y24sTmF6d2E=
+classDisplayName: Komputer
+cn: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+instanceType: 4
+distinguishedName: CN=computer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: computer-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=printQueue-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixXZXJzamEgb2JpZWt0dQ==
+attributeDisplayNames:: dXJsLEFkcmVzIHN0cm9ueSB3IHNpZWNpIFdlYg==
+attributeDisplayNames:: c2VydmVyTmFtZSxOYXp3YSBzZXJ3ZXJh
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxPYnPFgnVndWplIHpzenl3YW5pZQ==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTmF6d2EgdWR6aWHFgnU=
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxTdHJvbiBuYSBtaW51dMSZ
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxKZWRub3N0a2kgc3p5YmtvxZtjaQ==
+attributeDisplayNames:: cHJpbnRSYXRlLFN6eWJrb8WbxIc=
+attributeDisplayNames:: cHJpbnRPd25lcixOYXp3YSB3xYJhxZtjaWNpZWxh
+attributeDisplayNames:: cHJpbnRNZW1vcnksWmFpbnN0YWxvd2FuYSBwYW1pxJnEhw==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxPYnPFgnVnaXdhbmUgZm9ybWF0eSBwYXBpZXJ1
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFBhcGllciBkb3N0xJlwbnk=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLFJvemR6aWVsY3pvxZvEhyBtYWtzeW1hbG5h
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxKxJl6eWsgZHJ1a2Fya2k=
+attributeDisplayNames:: cHJpbnRlck5hbWUsTmF6d2E=
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsT2JzxYJ1Z3VqZSBkcnVrb3dhbmllIGR3dXN0cm9ubmU=
+attributeDisplayNames:: cHJpbnRDb2xvcixPYnPFgnVndWplIGRydWtvd2FuaWUgdyBrb2xvcnpl
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLE9ic8WCdWd1amUgc29ydG93YW5pZQ==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxaYXNvYm5pa2kgd2VqxZtjaW93ZQ==
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydA==
+attributeDisplayNames:: bG9jYXRpb24sTG9rYWxpemFjamE=
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS29tZW50YXJ6
+attributeDisplayNames:: Y29udGFjdE5hbWUsS29udGFrdA==
+attributeDisplayNames:: YXNzZXROdW1iZXIsTnVtZXIgxZtyb2RrYSB0cndhxYJlZ28=
+attributeDisplayNames:: dU5DTmFtZSxOYXp3YSBzaWVjaW93YQ==
+attributeDisplayNames:: Y24sTmF6d2EgdXPFgnVnaSBrYXRhbG9nb3dlag==
+classDisplayName: Drukarka
+cn: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=printQueue-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: printQueue-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=site-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Witryna
+cn: site-Display
+instanceType: 4
+distinguishedName: CN=site-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: site-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=server-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Serwer
+cn: server-Display
+instanceType: 4
+distinguishedName: CN=server-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: server-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Ustawienia
+cn: nTDSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSDSA-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Ustawienia kontrolera domeny
+cn: nTDSDSA-Display
+instanceType: 4
+distinguishedName: CN=nTDSDSA-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSDSA-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSConnection-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: UG/FgsSFY3plbmll
+cn: nTDSConnection-Display
+instanceType: 4
+distinguishedName: CN=nTDSConnection-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSConnection-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Ustawienia systemu FRS
+cn: nTFRSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSReplicaSet-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Zestaw replik systemu FRS
+cn: nTFRSReplicaSet-Display
+instanceType: 4
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSReplicaSet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnet-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: UG9kc2llxIc=
+cn: subnet-Display
+instanceType: 4
+distinguishedName: CN=subnet-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLink-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: xYHEhWN6ZSB3aXRyeW55
+cn: siteLink-Display
+instanceType: 4
+distinguishedName: CN=siteLink-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLinkBridge-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: TW9zdCDFgsSFY3phIHdpdHJ5bnk=
+cn: siteLinkBridge-Display
+instanceType: 4
+distinguishedName: CN=siteLinkBridge-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLinkBridge-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransport-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: VHJhbnNwb3J0IG1pxJlkenkgd2l0cnluYW1p
+cn: interSiteTransport-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransport-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransport-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=licensingSiteSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Ustawienia witryny licencjonowania
+cn: licensingSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=licensingSiteSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: licensingSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSiteSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName: Ustawienia witryny
+cn: nTDSSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSiteSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSMember-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: Q3rFgm9uZWsgc3lzdGVtdSBGUlM=
+cn: nTFRSMember-Display
+instanceType: 4
+distinguishedName: CN=nTFRSMember-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSMember-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriber-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Subskrybent systemu FRS
+cn: nTFRSSubscriber-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriber-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriber-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriptions-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Subskrypcje systemu FRS
+cn: nTFRSSubscriptions-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriptions-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=organizationalUnit-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames:: bWFuYWdlZEJ5LFphcnrEhWR6YW5hIHByemV6
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: b3UsTmF6d2E=
+classDisplayName: Jednostka organizacyjna
+cn: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=organizationalUnit-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: organizationalUnit-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=container-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+classDisplayName: Kontener
+cn: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=container-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: container-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=rpcContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+classDisplayName:: VXPFgnVnaSBSUEM=
+cn: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=rpcContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: rpcContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=trustedDomain-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+classDisplayName: Domena zaufana
+cn: trustedDomain-Display
+instanceType: 4
+distinguishedName: CN=trustedDomain-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: trustedDomain-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=volume-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dU5DTmFtZSzFmmNpZcW8a2Egc2llY2lvd2E=
+attributeDisplayNames:: a2V5d29yZHMsU8WCb3dhIGtsdWN6b3dl
+attributeDisplayNames:: bWFuYWdlZEJ5LFphcnrEhWR6YW5hIHByemV6
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: Y24sTmF6d2E=
+classDisplayName:: Rm9sZGVyIHVkb3N0xJlwbmlvbnk=
+cn: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=volume-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: volume-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQQueue-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: S29sZWprYSB1c8WCdWdpIE1TTVE=
+cn: mSMQQueue-Display
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+iconPath: 0,mqsnap.dll,-251
+instanceType: 4
+distinguishedName: CN=mSMQQueue-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQQueue-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: S29uZmlndXJhY2phIHVzxYJ1Z2kgTVNNUQ==
+cn: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+instanceType: 4
+distinguishedName: CN=mSMQConfiguration-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQConfiguration-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: UHJ6ZWRzacSZd3ppxJljaWUgdXPFgnVnaSBNU01R
+cn: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+instanceType: 4
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQEnterpriseSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQMigratedUser-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: VWFrdHVhbG5pb255IHXFvHl0a293bmlrIHVzxYJ1Z2kgTVNNUQ==
+cn: mSMQMigratedUser-Display
+instanceType: 4
+distinguishedName: CN=mSMQMigratedUser-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQMigratedUser-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSiteLink-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: xYHEhWN6ZSBsaXN0eSB3eXN5xYJrb3dlaiB1c8WCdWdpIE1TTVE=
+cn: mSMQSiteLink-Display
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+iconPath: 0,mqsnap.dll,-254
+instanceType: 4
+distinguishedName: CN=mSMQSiteLink-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSiteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: VXN0YXdpZW5pYSB1c8WCdWdpIE1TTVE=
+cn: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+instanceType: 4
+distinguishedName: CN=mSMQSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=remoteStorageServicePoint-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu:: MCwmWmFyesSFZHphai4uLixSc0FkbWluLm1zYw==
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames: cn,Nazwa
+classDisplayName:: WmRhbG5hIHVzxYJ1Z2EgemFwaXN1asSFY2E=
+cn: remoteStorageServicePoint-Display
+instanceType: 4
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: remoteStorageServicePoint-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+cn: default-Display
+instanceType: 4
+distinguishedName: CN=default-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: default-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=sitesContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Kontener witryn
+cn: sitesContainer-Display
+instanceType: 4
+distinguishedName: CN=sitesContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: sitesContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransportContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: S29udGVuZXIgdHJhbnNwb3J0dSBtacSZZHp5IHdpdHJ5bmFtaQ==
+cn: interSiteTransportContainer-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransportContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransportContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnetContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Kontener podsieci
+cn: subnetContainer-Display
+instanceType: 4
+distinguishedName: CN=subnetContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnetContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serversContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: S29udGVuZXIgc2Vyd2Vyw7N3
+cn: serversContainer-Display
+instanceType: 4
+distinguishedName: CN=serversContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serversContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSService-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: VXPFgnVnYSBBY3RpdmUgRGlyZWN0b3J5
+cn: nTDSService-Display
+instanceType: 4
+distinguishedName: CN=nTDSService-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSService-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=queryPolicy-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Zasady kwerend
+cn: queryPolicy-Display
+instanceType: 4
+distinguishedName: CN=queryPolicy-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: queryPolicy-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=foreignSecurityPrincipal-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+classDisplayName:: V3lzdGF3Y2Egb2JjeWNoIHphYmV6cGllY3plxYQ=
+cn: foreignSecurityPrincipal-Display
+instanceType: 4
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: foreignSecurityPrincipal-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=pKICertificateTemplate-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+classDisplayName: Szablon certyfikatu
+cn: pKICertificateTemplate-Display
+contextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+iconPath: 0,capesnpn.dll,-227
+instanceType: 4
+distinguishedName: CN=pKICertificateTemplate-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: pKICertificateTemplate-Display
+shellPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+instanceType: 4
+distinguishedName: CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: container
+showInAdvancedViewOnly: TRUE
+
+dn: CN=DS-UI-Default-Settings,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+cn: DS-UI-Default-Settings
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+instanceType: 4
+distinguishedName: CN=DS-UI-Default-Settings,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: dSUISettings
+name: DS-UI-Default-Settings
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorGroup-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Gruppo IntelliMirror
+cn: IntellimirrorGroup-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorGroup-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorGroup-Display
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorSCP-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: Servizio IntelliMirror
+cn: IntellimirrorSCP-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorSCP-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorSCP-Display
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=user-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsSW5kaXJpenpvIHBhZ2luYSBXZWI=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBkaSBhY2Nlc3Nv
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxBY2Nlc3NvIGFsbGUgd29ya3N0YXRpb24=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzdWFsaXp6YSBub21l
+attributeDisplayNames:: dXJsLEluZGlyaXp6byBwYWdpbmUgV2ViIChhbHRyaSk=
+attributeDisplayNames:: dGl0bGUsUG9zaXppb25l
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtZXJvIHRlbGV4IChhbHRyaSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bWVybyBkaSB0ZWxlZm9ubw==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxJbmRpcml6em8=
+attributeDisplayNames:: c3QsUHJvdmluY2lh
+attributeDisplayNames:: c24sQ29nbm9tZQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBhY2Nlc3NvIChwcmUtV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bWVybyB0ZWxleA==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE51bWVybyBJU0ROIGludGVybmF6aW9uYWxlIA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxDYXNlbGxhIHVmZmljaW8gcG9zdGFsZQ==
+attributeDisplayNames:: cG9zdGFsQ29kZSxDQVA=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWJpY2F6aW9uZSB1ZmZpY2lv
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRvbG8=
+attributeDisplayNames:: cGFnZXIsTnVtZXJvIHBhZ2Vy
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtZXJvIHRlbGVmb25pY28gdWZmaWNpbyAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW1lcm8gcGFnZXIgKGFsdHJpKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtZXJvIHRlbGVmb25pY28gY2VsbHVsYXJlIChhbHRyaSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEluZGlyaXp6byBwb3N0YSBlbGV0dHJvbmljYSAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bWVybyB0ZWxlZm9uaWNvIElQIChhbHRyaSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtZXJvIHRlbGVmb25vIGFiaXRhemlvbmUgKGFsdHJpKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtZXJvIGZheCAoYWx0cmkp
+attributeDisplayNames:: aW5mbyxOb3Rl
+attributeDisplayNames:: bW9iaWxlLE51bWVybyB0ZWxlZm9uaWNvIGNlbGx1bGFyZQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWNvbmRvIG5vbWU=
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJvIGRp
+attributeDisplayNames:: bWFuYWdlcixNYW5hZ2Vy
+attributeDisplayNames:: bWFpbCxJbmRpcml6em8gcG9zdGEgZWxldHRyb25pY2E=
+attributeDisplayNames:: bCxDaXR0w6A=
+attributeDisplayNames:: aXBQaG9uZSxOdW1lcm8gdGVsZWZvbmljbyBJUCA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTnVtZXJvIElTRE4gaW50ZXJuYXppb25hbGUgKGFsdHJpKQ==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pemlhbGk=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsSW5kaXJpenpvIChhYml0YXppb25lKQ==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25vIChhYi4p
+attributeDisplayNames:: aG9tZURyaXZlLFVuaXTDoCBwcmluY2lwYWxl
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxDYXJ0ZWxsYSBwcmluY2lwYWxl
+attributeDisplayNames:: Z2l2ZW5OYW1lLE5vbWU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZmaXNzbyBnZW5lcmF6aW9uYWxl
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bWVybyBmYXg=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJRCBpbXBpZWdhdG8=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb25l
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBkaXN0aW50byBYNTAw
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxTdWJhbHRlcm5p
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpemlvbmU=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEaXBhcnRpbWVudG8=
+attributeDisplayNames:: Y29tcGFueSxTb2NpZXTDoA==
+attributeDisplayNames:: Y29tbWVudCxDb21tZW50bw==
+attributeDisplayNames:: Y28sUGFlc2U=
+attributeDisplayNames:: YyxBYmJyZXZpYXppb25lIHBhZXNl
+attributeDisplayNames:: Y24sTm9tZSB1dGVudGU=
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+classDisplayName: Utente
+cn: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=user-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: user-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=group-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsSW5kaXJpenpvIHBhZ2luYSBXZWI=
+attributeDisplayNames:: dXJsLEluZGlyaXp6byBwYWdpbmUgV2ViIChhbHRyaSk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBncnVwcG8gKHByZS1XaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWJpY2F6aW9uZSB1ZmZpY2lv
+attributeDisplayNames:: aW5mbyxOb3Rl
+attributeDisplayNames:: bWVtYmVyLE1lbWJyaQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlc3RpdG8gZGE=
+attributeDisplayNames:: bCxDaXR0w6A=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBkaXN0aW50byBYNTAw
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpemlvbmU=
+attributeDisplayNames:: YyxBYmJyZXZpYXppb25lIHBhZXNl
+attributeDisplayNames:: Y24sTm9tZSB1dGVudGU=
+classDisplayName: Gruppo
+cn: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=group-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: group-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome utente
+classDisplayName: Dominio
+cn: domainDNS-Display
+instanceType: 4
+distinguishedName: CN=domainDNS-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainDNS-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=contact-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsSW5kaXJpenpvIHBhZ2luYSBXZWI=
+attributeDisplayNames:: dXJsLEluZGlyaXp6byBwYWdpbmUgV2ViIChhbHRyaSk=
+attributeDisplayNames:: dGl0bGUsUG9zaXppb25l
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtZXJvIHRlbGV4IChhbHRyaSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bWVybyBkaSB0ZWxlZm9ubw==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxJbmRpcml6em8=
+attributeDisplayNames:: c3QsUHJvdmluY2lh
+attributeDisplayNames:: c24sQ29nbm9tZQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bWVybyB0ZWxleA==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE51bWVybyBJU0ROIGludGVybmF6aW9uYWxlIA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxDYXNlbGxhIHVmZmljaW8gcG9zdGFsZQ==
+attributeDisplayNames:: cG9zdGFsQ29kZSxDQVA=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWJpY2F6aW9uZSB1ZmZpY2lv
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRvbG8=
+attributeDisplayNames:: cGFnZXIsTnVtZXJvIHBhZ2Vy
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtZXJvIHRlbGVmb25pY28gdWZmaWNpbyAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW1lcm8gcGFnZXIgKGFsdHJpKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtZXJvIHRlbGVmb25pY28gY2VsbHVsYXJlIChhbHRyaSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEluZGlyaXp6byBwb3N0YSBlbGV0dHJvbmljYSAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bWVybyB0ZWxlZm9uaWNvIElQIChhbHRyaSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtZXJvIHRlbGVmb25vIGFiaXRhemlvbmUgKGFsdHJpKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtZXJvIGZheCAoYWx0cmkp
+attributeDisplayNames:: bW9iaWxlLE51bWVybyB0ZWxlZm9uaWNvIGNlbGx1bGFyZQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWNvbmRvIG5vbWU=
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJvIGRp
+attributeDisplayNames:: bWFuYWdlcixNYW5hZ2Vy
+attributeDisplayNames:: bWFpbCxJbmRpcml6em8gcG9zdGEgZWxldHRyb25pY2E=
+attributeDisplayNames:: bCxDaXR0w6A=
+attributeDisplayNames:: aXBQaG9uZSxOdW1lcm8gdGVsZWZvbmljbyBJUCA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTnVtZXJvIElTRE4gaW50ZXJuYXppb25hbGUgKGFsdHJpKQ==
+attributeDisplayNames:: aW5mbyxOb3Rl
+attributeDisplayNames:: aW5pdGlhbHMsSW5pemlhbGk=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsSW5kaXJpenpvIChhYml0YXppb25lKQ==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25vIChhYi4p
+attributeDisplayNames:: Z2l2ZW5OYW1lLE5vbWU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZmaXNzbyBnZW5lcmF6aW9uYWxl
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bWVybyBmYXg=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJRCBpbXBpZWdhdG8=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb25l
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBkaXN0aW50byBYNTAw
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzdWFsaXp6YSBub21l
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxTdWJhbHRlcm5p
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpemlvbmU=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEaXBhcnRpbWVudG8=
+attributeDisplayNames:: Y29tcGFueSxTb2NpZXTDoA==
+attributeDisplayNames:: Y29tbWVudCxDb21tZW50bw==
+attributeDisplayNames:: Y24sTm9tZSB1dGVudGU=
+attributeDisplayNames:: Y28sUGFlc2U=
+attributeDisplayNames:: YyxBYmJyZXZpYXppb25lIHBhZXNl
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+classDisplayName: Contatto
+cn: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=contact-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: contact-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=domainPolicy-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Criteri dominio
+cn: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=domainPolicy-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=localPolicy-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Criteri locali
+cn: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=localPolicy-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: localPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serviceAdministrationPoint-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Servizio
+cn: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serviceAdministrationPoint-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=computer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames: samAccountName,Nome computer (pre-Windows 2000)
+attributeDisplayNames: operatingSystemVersion,Vesione sistema operativo
+attributeDisplayNames: operatingSystem,Sistema operativo
+attributeDisplayNames: managedBy,Gestito da
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome utente
+classDisplayName: Computer
+cn: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+instanceType: 4
+distinguishedName: CN=computer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: computer-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=printQueue-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixWZXJzaW9uZSBvZ2dldHRv
+attributeDisplayNames:: dXJsLEluZGlyaXp6byBwYWdpbmEgV2Vi
+attributeDisplayNames:: c2VydmVyTmFtZSxOb21lIHNlcnZlcg==
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxTdXBwb3J0YSBncmFmZmV0dGF0dXJh
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTm9tZSBjb25kaXZpc2lvbmU=
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxQYWdpbmUgYWwgbWludXRv
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxVbml0w6AgdmVsb2NpdMOg
+attributeDisplayNames:: cHJpbnRSYXRlLFZlbG9jaXTDoA==
+attributeDisplayNames:: cHJpbnRPd25lcixOb21lIHByb3ByaWV0YXJpbw==
+attributeDisplayNames:: cHJpbnRNZW1vcnksTWVtb3JpYSBpbnN0YWxsYXRh
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxUaXBpIGRpIGZvZ2xpIHN1cHBvcnRhdGk=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LEZvZ2xpIGRpc3BvbmliaWxp
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLFJpc29sdXppb25lIG1hc3NpbWE=
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxMaW5ndWFnZ2lvIHN0YW1wYW50ZQ==
+attributeDisplayNames:: cHJpbnRlck5hbWUsTm9tZSB1dGVudGU=
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsU3VwcG9ydGEgbGEgc3RhbXBhIGZyb250ZS1yZXRybw==
+attributeDisplayNames:: cHJpbnRDb2xvcixTdXBwb3J0YSBsYSBzdGFtcGEgYSBjb2xvcmk=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFN1cHBvcnRhIGxhIGZhc2NpY29sYXppb25l
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxDYXNzZXR0aSBkaSBpbnB1dA==
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydGE=
+attributeDisplayNames:: bG9jYXRpb24sTG9jYWxpdMOgIGRpIGNoaWFtYXRh
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbGxv
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQ29tbWVudG8=
+attributeDisplayNames:: Y29udGFjdE5hbWUsQ29udGF0dG8=
+attributeDisplayNames:: YXNzZXROdW1iZXIsTnVtZXJvIGFzc2V0
+attributeDisplayNames:: dU5DTmFtZSxOb21lIHJldGU=
+attributeDisplayNames:: Y24sTm9tZSBzZXJ2aXppbyBkaXJlY3Rvcnk=
+classDisplayName: Stampante
+cn: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=printQueue-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: printQueue-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=site-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Sito
+cn: site-Display
+instanceType: 4
+distinguishedName: CN=site-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: site-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=server-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+cn: server-Display
+instanceType: 4
+distinguishedName: CN=server-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: server-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Impostazioni
+cn: nTDSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSDSA-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Impostazioni controller di dominio
+cn: nTDSDSA-Display
+instanceType: 4
+distinguishedName: CN=nTDSDSA-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSDSA-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSConnection-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Connessione
+cn: nTDSConnection-Display
+instanceType: 4
+distinguishedName: CN=nTDSConnection-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSConnection-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Impostazioni FRS
+cn: nTFRSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSReplicaSet-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Insieme di replica FRS
+cn: nTFRSReplicaSet-Display
+instanceType: 4
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSReplicaSet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnet-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Subnet
+cn: subnet-Display
+instanceType: 4
+distinguishedName: CN=subnet-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLink-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Collegamento di sito
+cn: siteLink-Display
+instanceType: 4
+distinguishedName: CN=siteLink-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLinkBridge-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Ponte di collegamento di sito
+cn: siteLinkBridge-Display
+instanceType: 4
+distinguishedName: CN=siteLinkBridge-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLinkBridge-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransport-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Trasporto tra siti
+cn: interSiteTransport-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransport-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransport-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=licensingSiteSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Impostazioni sito licenze
+cn: licensingSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=licensingSiteSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: licensingSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSiteSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName: Impostazioni sito
+cn: nTDSSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSiteSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSMember-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Membro FRS
+cn: nTFRSMember-Display
+instanceType: 4
+distinguishedName: CN=nTFRSMember-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSMember-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriber-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Sottoscrittore FRS
+cn: nTFRSSubscriber-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriber-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriber-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriptions-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Sottoscrizioni FRS
+cn: nTFRSSubscriptions-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriptions-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=organizationalUnit-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames: managedBy,Gestito da
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: ou,Nome utente
+classDisplayName:: VW5pdMOgIG9yZ2FuaXp6YXRpdmE=
+cn: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=organizationalUnit-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: organizationalUnit-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=container-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome utente
+classDisplayName: Contenitore
+cn: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=container-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: container-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=rpcContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome utente
+classDisplayName: Servizi RPC
+cn: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=rpcContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: rpcContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=trustedDomain-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome utente
+classDisplayName: Dominio trusted
+cn: trustedDomain-Display
+instanceType: 4
+distinguishedName: CN=trustedDomain-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: trustedDomain-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=volume-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames: uNCName,Percorso di rete
+attributeDisplayNames: keywords,Parole chiave
+attributeDisplayNames: managedBy,Gestito da
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome utente
+classDisplayName: Cartella condivisa
+cn: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=volume-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: volume-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQQueue-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: Coda MSMQ
+cn: mSMQQueue-Display
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+iconPath: 0,mqsnap.dll,-251
+instanceType: 4
+distinguishedName: CN=mSMQQueue-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQQueue-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: Configurazione MSMQ
+cn: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+instanceType: 4
+distinguishedName: CN=mSMQConfiguration-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQConfiguration-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: Organizzazione MSMQ
+cn: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+instanceType: 4
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQEnterpriseSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQMigratedUser-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName: Utente aggiornato a MSMQ
+cn: mSMQMigratedUser-Display
+instanceType: 4
+distinguishedName: CN=mSMQMigratedUser-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQMigratedUser-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSiteLink-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: Collegamento di routing MSMQ
+cn: mSMQSiteLink-Display
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+iconPath: 0,mqsnap.dll,-254
+instanceType: 4
+distinguishedName: CN=mSMQSiteLink-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSiteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName: Impostazioni MSMQ
+cn: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+instanceType: 4
+distinguishedName: CN=mSMQSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=remoteStorageServicePoint-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,&Gestisci...,RsAdmin.msc
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames: cn,Nome utente
+classDisplayName: Servizio di archiviazione remota
+cn: remoteStorageServicePoint-Display
+instanceType: 4
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: remoteStorageServicePoint-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome utente
+cn: default-Display
+instanceType: 4
+distinguishedName: CN=default-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: default-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=sitesContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenitore Siti
+cn: sitesContainer-Display
+instanceType: 4
+distinguishedName: CN=sitesContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: sitesContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransportContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenitore Trasporti tra siti
+cn: interSiteTransportContainer-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransportContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransportContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnetContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenitore Subnet
+cn: subnetContainer-Display
+instanceType: 4
+distinguishedName: CN=subnetContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnetContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serversContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenitore Server
+cn: serversContainer-Display
+instanceType: 4
+distinguishedName: CN=serversContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serversContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSService-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Servizio Active Directory
+cn: nTDSService-Display
+instanceType: 4
+distinguishedName: CN=nTDSService-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSService-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=queryPolicy-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Criteri ricerca
+cn: queryPolicy-Display
+instanceType: 4
+distinguishedName: CN=queryPolicy-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: queryPolicy-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=foreignSecurityPrincipal-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome utente
+classDisplayName: Valore principale protezione esterna
+cn: foreignSecurityPrincipal-Display
+instanceType: 4
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: foreignSecurityPrincipal-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=pKICertificateTemplate-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome utente
+classDisplayName: Modello certificato
+cn: pKICertificateTemplate-Display
+contextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+iconPath: 0,capesnpn.dll,-227
+instanceType: 4
+distinguishedName: CN=pKICertificateTemplate-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: pKICertificateTemplate-Display
+shellPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+instanceType: 4
+distinguishedName: CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: container
+showInAdvancedViewOnly: TRUE
+
+dn: CN=DS-UI-Default-Settings,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+cn: DS-UI-Default-Settings
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+instanceType: 4
+distinguishedName: CN=DS-UI-Default-Settings,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: dSUISettings
+name: DS-UI-Default-Settings
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorGroup-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: zp/OvM6szrTOsSBJbnRlbGxpTWlycm9y
+cn: IntellimirrorGroup-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorGroup-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorGroup-Display
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorSCP-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: zqXPgM63z4HOtc+Dzq/OsSBJbnRlbGxpTWlycm9y
+cn: IntellimirrorSCP-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorSCP-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorSCP-Display
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=user-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UszpTOuc61z43OuM+Fzr3Pg863IM65z4PPhM6/z4POtc67zq/OtM6xz4I=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUszozOvc6/zrzOsSDPg8+Nzr3OtM61z4POt8+C
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzOo8+Nzr3OtM61z4POtyDPg8+EzrHOuM68z47OvSDOtc+BzrPOsc+Dzq/Osc+C
+attributeDisplayNames:: ZGlzcGxheU5hbWUszpXOvM+GzrHOvc65zrbPjM68zrXOvc6/IM+Mzr3Ov868zrE=
+attributeDisplayNames:: dXJsLM6UzrnOtc+NzrjPhc69z4POtyDOuc+Dz4TOv8+DzrXOu86vzrTOsc+CICjOrM67zrvOtc+CKQ==
+attributeDisplayNames:: dGl0bGUszqTOr8+EzrvOv8+CIM61z4HOs86xz4POr86xz4I=
+attributeDisplayNames:: dGVsZXhOdW1iZXIszpHPgc65zrjOvM+Mz4Igz4TOrc67zrXOviAozqzOu867zr/OuSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+EzrfOu861z4bPjs69zr/PhQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzOlM65zrXPjc64z4XOvc+Dzrc=
+attributeDisplayNames:: c3Qszp3Ov868z4zPgg==
+attributeDisplayNames:: c24szpXPgM+Ozr3Phc68zr8=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUszozOvc6/zrzOsSDPg8+Nzr3OtM61z4POt8+CIM+Hz4HOrs+Dz4TOtyAoz4DPgc65zr0gz4TOsSBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+Ezq3Ou861zr4=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLM6UzrnOtc64zr3Ors+CIM6xz4HOuc64zrzPjM+CIElTRE4=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzOpM6xz4fPhc60z4HOv868zrnOus6uIM64z4XPgc6vzrTOsQ==
+attributeDisplayNames:: cG9zdGFsQ29kZSzOpM6xz4fPhc60z4HOv868zrnOus+Mz4IgzrrPjs60zrnOus6xz4I=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUszqTOv8+Azr/OuM61z4POr86xIM6zz4HOsc+GzrXOr86/z4U=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzOpM6vz4TOu86/z4I=
+attributeDisplayNames:: cGFnZXIszpHPgc65zrjOvM+Mz4IgzrPOuc6xIM6xz4DOv8+Dz4TOv867zq4gz4TOt867zrXOtc65zrTOv8+Azr/Or863z4POt8+C
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUszpHPgc65zrjOvM+Mz4Igz4TOt867zrXPhs+Ozr3Ov8+FICjOrM67zrvOv865KQ==
+attributeDisplayNames:: b3RoZXJQYWdlcizOkc+BzrnOuM68z4zPgiDOs865zrEgzrHPgM6/z4PPhM6/zrvOriDPhM63zrvOtc61zrnOtM6/z4DOv86vzrfPg863z4IgKM6szrvOu86/zrkp
+attributeDisplayNames:: b3RoZXJNb2JpbGUszpHPgc65zrjOvM+Mz4IgzrrOuc69zrfPhM6/z40gz4TOt867zrXPhs+Ozr3Ov8+FICjOrM67zrvOv865KQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LM6XzrvOtc66z4TPgc6/zr3Ouc66zq4gzrTOuc61z43OuM+Fzr3Pg863ICjOrM67zrvOtc+CKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLM6Rz4HOuc64zrzPjM+CIM+EzrfOu861z4bPjs69zr/PhSBJUCAozqzOu867zr/OuSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUszqTOt867zq3Phs+Jzr3OvyDOv865zrrOr86xz4IgKM6szrvOu86xKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIszpHPgc65zrjOvM+Mz4Igz4bOsc6+ICjOrM67zrvOv865KQ==
+attributeDisplayNames:: aW5mbyzOo863zrzOtc65z47Pg861zrnPgg==
+attributeDisplayNames:: bW9iaWxlLM6Rz4HOuc64zrzPjM+CIM66zrnOvc63z4TOv8+NIM+EzrfOu861z4bPjs69zr/PhQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSzOoM6xz4TPgc+Ozr3Phc68zr8=
+attributeDisplayNames:: bWVtYmVyT2YszpzOrc67zr/PgiDOv868zqzOtM6xz4I=
+attributeDisplayNames:: bWFuYWdlcizOoM+Bzr/Pis+Dz4TOrM68zrXOvc6/z4I=
+attributeDisplayNames:: bWFpbCzOl867zrXOus+Ez4HOv869zrnOus6uIM60zrnOtc+NzrjPhc69z4POtw==
+attributeDisplayNames:: bCzOoM+MzrvOtw==
+attributeDisplayNames:: aXBQaG9uZSzOkc+BzrnOuM68z4zPgiDPhM63zrvOtc+Gz47Ovc6/z4UgSVA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIszpTOuc61zrjOvc6uz4IgzrHPgc65zrjOvM+Mz4IgSVNETiAozqzOu867zr/OuSk=
+attributeDisplayNames:: aW5pdGlhbHMszpHPgc+HzrnOus6s
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MszpTOuc61z43OuM+Fzr3Pg863IM6/zrnOus6vzrHPgg==
+attributeDisplayNames:: aG9tZVBob25lLM6kzrfOu86tz4bPic69zr8gzr/Ouc66zq/Osc+C
+attributeDisplayNames:: aG9tZURyaXZlLM6az43Pgc65zrEgzrzOv869zqzOtM6xIM60zq/Pg866zr/PhQ==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzOms61zr3PhM+BzrnOus+Mz4Igz4bOrM66zrXOu86/z4I=
+attributeDisplayNames:: Z2l2ZW5OYW1lLM6Mzr3Ov868zrE=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizOlM63zrzOuc6/z4XPgc6zzr/Pjc68zrXOvc6/IM+Az4HPjM64zrXOvM6x
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+GzrHOvg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzOkc69zrHOs869z4nPgc65z4PPhM65zrrPjCDPhc+AzrHOu867zq7Ou86/z4U=
+attributeDisplayNames:: ZGl2aXNpb24szprOu86szrTOv8+C
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUszpHPgM6/zrrOu861zrnPg8+EzrnOus+MIM+Mzr3Ov868zrEgWDUwMA==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzOhs68zrXPg86xIM6xzr3Osc+GzrXPgc+MzrzOtc69zr/OuQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: ZGVwYXJ0bWVudCzOpM68zq7OvM6x
+attributeDisplayNames:: Y29tcGFueSzOlc+EzrHOuc+BzrXOr86x
+attributeDisplayNames:: Y29tbWVudCzOo8+Hz4zOu865zr8=
+attributeDisplayNames:: Y28szqfPjs+BzrE=
+attributeDisplayNames:: YyzOo8+Fzr3PhM6/zrzOv86zz4HOsc+Gzq/OsSDPh8+Oz4HOsc+C
+attributeDisplayNames:: Y24szp/Ovc6/zrzOsc+EzrXPgM+Ozr3Phc68zr8=
+attributeDisplayNames:: YXNzaXN0YW50LM6Szr/Ot864z4zPgg==
+classDisplayName:: zqfPgc6uz4PPhM63z4I=
+cn: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=user-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: user-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=group-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UszpTOuc61z43OuM+Fzr3Pg863IM65z4PPhM6/z4POtc67zq/OtM6xz4I=
+attributeDisplayNames:: dXJsLM6UzrnOtc+NzrjPhc69z4POtyDOuc+Dz4TOv8+DzrXOu86vzrTOsc+CICjOrM67zrvOtc+CKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUszozOvc6/zrzOsSDOv868zqzOtM6xz4IgKM+Az4HOuc69IM+EzrEgV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUszqTOv8+Azr/OuM61z4POr86xIM6zz4HOsc+GzrXOr86/z4U=
+attributeDisplayNames:: aW5mbyzOo863zrzOtc65z47Pg861zrnPgg==
+attributeDisplayNames:: bWVtYmVyLM6czq3Ou863
+attributeDisplayNames:: bWFuYWdlZEJ5LM6UzrnOsc+HzrXOuc+Bzq/Ots61z4TOsc65IM6xz4DPjA==
+attributeDisplayNames:: bCzOoM+MzrvOtw==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUszpHPgM6/zrrOu861zrnPg8+EzrnOus+MIM+Mzr3Ov868zrEgWDUwMA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: YyzOo8+Fzr3PhM6/zrzOv86zz4HOsc+Gzq/OsSDPh8+Oz4HOsc+C
+attributeDisplayNames:: Y24szp/Ovc6/zrzOsc+EzrXPgM+Ozr3Phc68zr8=
+classDisplayName:: zp/OvM6szrTOsQ==
+cn: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=group-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: group-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szp/Ovc6/zrzOsc+EzrXPgM+Ozr3Phc68zr8=
+classDisplayName:: zqTOv868zq3Osc+C
+cn: domainDNS-Display
+instanceType: 4
+distinguishedName: CN=domainDNS-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainDNS-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=contact-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UszpTOuc61z43OuM+Fzr3Pg863IM65z4PPhM6/z4POtc67zq/OtM6xz4I=
+attributeDisplayNames:: dXJsLM6UzrnOtc+NzrjPhc69z4POtyDOuc+Dz4TOv8+DzrXOu86vzrTOsc+CICjOrM67zrvOtc+CKQ==
+attributeDisplayNames:: dGl0bGUszqTOr8+EzrvOv8+CIM61z4HOs86xz4POr86xz4I=
+attributeDisplayNames:: dGVsZXhOdW1iZXIszpHPgc65zrjOvM+Mz4Igz4TOrc67zrXOviAozqzOu867zr/OuSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+EzrfOu861z4bPjs69zr/PhQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzOlM65zrXPjc64z4XOvc+Dzrc=
+attributeDisplayNames:: c3Qszp3Ov868z4zPgg==
+attributeDisplayNames:: c24szpXPgM+Ozr3Phc68zr8=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+Ezq3Ou861zr4=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLM6UzrnOtc64zr3Ors+CIM6xz4HOuc64zrzPjM+CIElTRE4=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzOpM6xz4fPhc60z4HOv868zrnOus6uIM64z4XPgc6vzrTOsQ==
+attributeDisplayNames:: cG9zdGFsQ29kZSzOpM6xz4fPhc60z4HOv868zrnOus+Mz4IgzrrPjs60zrnOus6xz4I=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUszqTOv8+Azr/OuM61z4POr86xIM6zz4HOsc+GzrXOr86/z4U=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzOpM6vz4TOu86/z4I=
+attributeDisplayNames:: cGFnZXIszpHPgc65zrjOvM+Mz4IgzrPOuc6xIM6xz4DOv8+Dz4TOv867zq4gz4TOt867zrXOtc65zrTOv8+Azr/Or863z4POt8+C
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUszpHPgc65zrjOvM+Mz4Igz4TOt867zrXPhs+Ozr3Ov8+FICjOrM67zrvOv865KQ==
+attributeDisplayNames:: b3RoZXJQYWdlcizOkc+BzrnOuM68z4zPgiDOs865zrEgzrHPgM6/z4PPhM6/zrvOriDPhM63zrvOtc61zrnOtM6/z4DOv86vzrfPg863z4IgKM6szrvOu86/zrkp
+attributeDisplayNames:: b3RoZXJNb2JpbGUszpHPgc65zrjOvM+Mz4IgzrrOuc69zrfPhM6/z40gz4TOt867zrXPhs+Ozr3Ov8+FICjOrM67zrvOv865KQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LM6XzrvOtc66z4TPgc6/zr3Ouc66zq4gzrTOuc61z43OuM+Fzr3Pg863ICjOrM67zrvOtc+CKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLM6Rz4HOuc64zrzPjM+CIM+EzrfOu861z4bPjs69zr/PhSBJUCAozqzOu867zr/OuSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUszqTOt867zq3Phs+Jzr3OvyDOv865zrrOr86xz4IgKM6szrvOu86xKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIszpHPgc65zrjOvM+Mz4Igz4bOsc6+ICjOrM67zrvOv865KQ==
+attributeDisplayNames:: bW9iaWxlLM6Rz4HOuc64zrzPjM+CIM66zrnOvc63z4TOv8+NIM+EzrfOu861z4bPjs69zr/PhQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSzOoM6xz4TPgc+Ozr3Phc68zr8=
+attributeDisplayNames:: bWVtYmVyT2YszpzOrc67zr/PgiDOv868zqzOtM6xz4I=
+attributeDisplayNames:: bWFuYWdlcizOoM+Bzr/Pis+Dz4TOrM68zrXOvc6/z4I=
+attributeDisplayNames:: bWFpbCzOl867zrXOus+Ez4HOv869zrnOus6uIM60zrnOtc+NzrjPhc69z4POtw==
+attributeDisplayNames:: bCzOoM+MzrvOtw==
+attributeDisplayNames:: aXBQaG9uZSzOkc+BzrnOuM68z4zPgiDPhM63zrvOtc+Gz47Ovc6/z4UgSVA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIszpTOuc61zrjOvc6uz4IgzrHPgc65zrjOvM+Mz4IgSVNETiAozqzOu867zr/OuSk=
+attributeDisplayNames:: aW5mbyzOo863zrzOtc65z47Pg861zrnPgg==
+attributeDisplayNames:: aW5pdGlhbHMszpHPgc+HzrnOus6s
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MszpTOuc61z43OuM+Fzr3Pg863IM6/zrnOus6vzrHPgg==
+attributeDisplayNames:: aG9tZVBob25lLM6kzrfOu86tz4bPic69zr8gzr/Ouc66zq/Osc+C
+attributeDisplayNames:: Z2l2ZW5OYW1lLM6Mzr3Ov868zrE=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizOlM63zrzOuc6/z4XPgc6zzr/Pjc68zrXOvc6/IM+Az4HPjM64zrXOvM6x
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+GzrHOvg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzOkc69zrHOs869z4nPgc65z4PPhM65zrrPjCDPhc+AzrHOu867zq7Ou86/z4U=
+attributeDisplayNames:: ZGl2aXNpb24szprOu86szrTOv8+C
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUszpHPgM6/zrrOu861zrnPg8+EzrnOus+MIM+Mzr3Ov868zrEgWDUwMA==
+attributeDisplayNames:: ZGlzcGxheU5hbWUszpXOvM+GzrHOvc65zrbPjM68zrXOvc6/IM+Mzr3Ov868zrE=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzOhs68zrXPg86xIM6xzr3Osc+GzrXPgc+MzrzOtc69zr/OuQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: ZGVwYXJ0bWVudCzOpM68zq7OvM6x
+attributeDisplayNames:: Y29tcGFueSzOlc+EzrHOuc+BzrXOr86x
+attributeDisplayNames:: Y29tbWVudCzOo8+Hz4zOu865zr8=
+attributeDisplayNames:: Y24szp/Ovc6/zrzOsc+EzrXPgM+Ozr3Phc68zr8=
+attributeDisplayNames:: Y28szqfPjs+BzrE=
+attributeDisplayNames:: YyzOo8+Fzr3PhM6/zrzOv86zz4HOsc+Gzq/OsSDPh8+Oz4HOsc+C
+attributeDisplayNames:: YXNzaXN0YW50LM6Szr/Ot864z4zPgg==
+classDisplayName:: zpXPgM6xz4bOrg==
+cn: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=contact-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: contact-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=domainPolicy-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: zqDOv867zrnPhM65zrrOriDPhM6/zrzOrc6x
+cn: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=domainPolicy-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=localPolicy-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: zqTOv8+AzrnOus6uIM+Azr/Ou865z4TOuc66zq4=
+cn: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=localPolicy-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: localPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serviceAdministrationPoint-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zqXPgM63z4HOtc+Dzq/OsQ==
+cn: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serviceAdministrationPoint-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=computer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUszozOvc6/zrzOsSDPhc+Azr/Ou86/zrPOuc+Dz4TOriAoz4DPgc65zr0gz4TOsSBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizOiM66zrTOv8+DzrcgzrvOtc65z4TOv8+Fz4HOs865zrrOv8+NIM+Dz4XPg8+Ezq7OvM6xz4TOv8+C
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLM6bzrXOuc+Ezr/Phc+BzrPOuc66z4wgz4PPjc+Dz4TOt868zrE=
+attributeDisplayNames:: bWFuYWdlZEJ5LM6UzrnOsc+HzrXOuc+Bzq/Ots61z4TOsc65IM6xz4DPjA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szp/Ovc6/zrzOsc+EzrXPgM+Ozr3Phc68zr8=
+classDisplayName:: zqXPgM6/zrvOv86zzrnPg8+Ezq7Pgg==
+cn: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+instanceType: 4
+distinguishedName: CN=computer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: computer-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=printQueue-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcizOiM66zrTOv8+DzrcgzrHOvc+EzrnOus61zrnOvM6tzr3Ov8+F
+attributeDisplayNames:: dXJsLM6UzrnOtc+NzrjPhc69z4POtyDOuc+Dz4TOv8+DzrXOu86vzrTOsc+C
+attributeDisplayNames:: c2VydmVyTmFtZSzOjM69zr/OvM6xIM60zrnOsc66zr/OvM65z4PPhM6u
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzOpc+Azr/Pg8+Ezq7Pgc65zr7OtyDPg8+Fz4HPgc6xz4bOrs+C
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUszozOvc6/zrzOsSDOus6/zrnOvc+Mz4fPgc63z4PPhM6/z4Ugz4PPhM6/zrnPh861zq/Ov8+F
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzOo861zrvOr860zrXPgiDOsc69zqwgzrvOtc+Az4TPjA==
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzOnM6/zr3OrM60zrXPgiDPhM6xz4fPjc+EzrfPhM6xz4I=
+attributeDisplayNames:: cHJpbnRSYXRlLM6kzrHPh8+Nz4TOt8+EzrE=
+attributeDisplayNames:: cHJpbnRPd25lcizOjM69zr/OvM6xIM66zrHPhM+Mz4fOv8+F
+attributeDisplayNames:: cHJpbnRNZW1vcnkszpXOs866zrHPhM61z4PPhM63zrzOrc69zrcgzrzOvc6uzrzOtw==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzOpM+Nz4DOv865IM+HzrHPgc+EzrnOv8+NIM+Azr/PhSDPhc+Azr/Pg8+EzrfPgc6vzrbOv869z4TOsc65
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LM6UzrnOsc64zq3Pg865zrzOvyDPh86xz4HPhM6v
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLM6czq3Os865z4PPhM63IM6xzr3OrM67z4XPg863
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSzOk867z47Pg8+DzrEgzrXOus+Ez4XPgM+Jz4TOrg==
+attributeDisplayNames:: cHJpbnRlck5hbWUszp/Ovc6/zrzOsc+EzrXPgM+Ozr3Phc68zr8=
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQszqXPgM6/z4PPhM63z4HOr862zrXOuSDOtc66z4TPjc+Az4nPg863IM60zrnPgM67zq7PgiDPjM+IzrXPic+C
+attributeDisplayNames:: cHJpbnRDb2xvcizOpc+Azr/Pg8+EzrfPgc6vzrbOtc65IM6tzrPPh8+Bz4nOvM63IM61zrrPhM+Nz4DPic+Dzrc=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLM6lz4DOv8+Dz4TOt8+Bzq/Ots61zrkgz4TOsc6+zrnOvc+MzrzOt8+Dzrc=
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzOms6xz4POrc+EzrXPgiDOtc65z4PPjM60zr/PhQ==
+attributeDisplayNames:: cG9ydE5hbWUszpjPjc+BzrE=
+attributeDisplayNames:: bG9jYXRpb24szpjOrc+Dzrc=
+attributeDisplayNames:: ZHJpdmVyTmFtZSzOnM6/zr3PhM6tzrvOvw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqPPh8+MzrvOuc6/
+attributeDisplayNames:: Y29udGFjdE5hbWUszpXPgM6xz4bOrg==
+attributeDisplayNames:: YXNzZXROdW1iZXIszpHPgc65zrjOvM+Mz4Igz4PPhM6/zrnPh861zq/Ov8+F
+attributeDisplayNames:: dU5DTmFtZSzOjM69zr/OvM6xIM60zrnOus+Ez43Ov8+F
+attributeDisplayNames:: Y24szozOvc6/zrzOsSDPhc+AzrfPgc61z4POr86xz4IgzrrOsc+EzrHOu8+MzrPOv8+F
+classDisplayName:: zpXOus+Ez4XPgM+Jz4TOrs+C
+cn: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=printQueue-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: printQueue-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=site-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: zqTOv8+Azr/OuM61z4POr86x
+cn: site-Display
+instanceType: 4
+distinguishedName: CN=site-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: site-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=server-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: zpTOuc6xzrrOv868zrnPg8+Ezq7Pgg==
+cn: server-Display
+instanceType: 4
+distinguishedName: CN=server-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: server-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: zqHPhc64zrzOr8+DzrXOuc+C
+cn: nTDSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSDSA-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: zqHPhc64zrzOr8+DzrXOuc+CIM61zrvOtc6zzrrPhM6uIM+Ezr/OvM6tzrE=
+cn: nTDSDSA-Display
+instanceType: 4
+distinguishedName: CN=nTDSDSA-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSDSA-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSConnection-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: zqPPjc69zrTOtc+Dzrc=
+cn: nTDSConnection-Display
+instanceType: 4
+distinguishedName: CN=nTDSConnection-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSConnection-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: zqHPhc64zrzOr8+DzrXOuc+CIEZSUw==
+cn: nTFRSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSReplicaSet-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: zqPPjc69zr/Ou86/IM+Bzq3PgM67zrnOus6xz4IgRlJT
+cn: nTFRSReplicaSet-Display
+instanceType: 4
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSReplicaSet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnet-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: zqXPgM6/zrTOr866z4TPhc6/
+cn: subnet-Display
+instanceType: 4
+distinguishedName: CN=subnet-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLink-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: zqPPjc69zrTOtc+Dzrcgz4TOv8+Azr/OuM61z4POr86xz4I=
+cn: siteLink-Display
+instanceType: 4
+distinguishedName: CN=siteLink-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLinkBridge-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: zpPOrc+Gz4XPgc6xIM+Dz43Ovc60zrXPg863z4Igz4TOv8+Azr/OuM61z4POr86xz4I=
+cn: siteLinkBridge-Display
+instanceType: 4
+distinguishedName: CN=siteLinkBridge-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLinkBridge-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransport-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: zpzOtc+EzrHPhs6/z4HOrCDOvM61z4TOsc6+z40gzrHPgM6/zrzOsc66z4HPhc+DzrzOrc69z4nOvSDPhM6/z4DOv864zrXPg865z47OvQ==
+cn: interSiteTransport-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransport-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransport-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=licensingSiteSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: zqHPhc64zrzOr8+DzrXOuc+CIM6szrTOtc65zrHPgiDPh8+Bzq7Pg863z4Igz4TOv8+Azr/OuM61z4POr86xz4I=
+cn: licensingSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=licensingSiteSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: licensingSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSiteSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: zqHPhc64zrzOr8+DzrXOuc+CIM+Ezr/PgM6/zrjOtc+Dzq/Osc+C
+cn: nTDSSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSiteSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSMember-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: zpzOrc67zr/PgiBGUlM=
+cn: nTFRSMember-Display
+instanceType: 4
+distinguishedName: CN=nTFRSMember-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSMember-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriber-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: zqPPhc69zrTPgc6/zrzOt8+Ezq7PgiBGUlM=
+cn: nTFRSSubscriber-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriber-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriber-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriptions-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: zqPPhc69zrTPgc6/zrzOrc+CIEZSUw==
+cn: nTFRSSubscriptions-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriptions-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=organizationalUnit-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames:: bWFuYWdlZEJ5LM6UzrnOsc+HzrXOuc+Bzq/Ots61z4TOsc65IM6xz4DPjA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: b3Uszp/Ovc6/zrzOsc+EzrXPgM+Ozr3Phc68zr8=
+classDisplayName:: zp/Pgc6zzrHOvc65zrrOriDOvM6/zr3OrM60zrE=
+cn: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=organizationalUnit-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: organizationalUnit-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=container-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szp/Ovc6/zrzOsc+EzrXPgM+Ozr3Phc68zr8=
+classDisplayName:: zprOv869z4TOrc65zr3Otc+B
+cn: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=container-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: container-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=rpcContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szp/Ovc6/zrzOsc+EzrXPgM+Ozr3Phc68zr8=
+classDisplayName:: zqXPgM63z4HOtc+Dzq/Otc+CIFJQQw==
+cn: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=rpcContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: rpcContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=trustedDomain-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szp/Ovc6/zrzOsc+EzrXPgM+Ozr3Phc68zr8=
+classDisplayName:: zojOvM+AzrnPg8+Ezr/PgiDPhM6/zrzOrc6xz4I=
+cn: trustedDomain-Display
+instanceType: 4
+distinguishedName: CN=trustedDomain-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: trustedDomain-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=volume-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dU5DTmFtZSzOlM65zrHOtM+Bzr/OvM6uIM60zrnOus+Ez43Ov8+F
+attributeDisplayNames:: a2V5d29yZHMszpvOrc6+zrXOuc+CLc66zrvOtc65zrTOuc6s
+attributeDisplayNames:: bWFuYWdlZEJ5LM6UzrnOsc+HzrXOuc+Bzq/Ots61z4TOsc65IM6xz4DPjA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szp/Ovc6/zrzOsc+EzrXPgM+Ozr3Phc68zr8=
+classDisplayName:: zprOv865zr3PjM+Hz4HOt8+Dz4TOv8+CIM+GzqzOus61zrvOv8+C
+cn: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=volume-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: volume-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQQueue-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: zp/Phc+BzqwgTVNNUQ==
+cn: mSMQQueue-Display
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+iconPath: 0,mqsnap.dll,-251
+instanceType: 4
+distinguishedName: CN=mSMQQueue-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQQueue-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: zqDOsc+BzqzOvM61z4TPgc6/zrkgTVNNUQ==
+cn: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+instanceType: 4
+distinguishedName: CN=mSMQConfiguration-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQConfiguration-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: zpXPhM6xzrnPgc65zrrPjCBNU01R
+cn: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+instanceType: 4
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQEnterpriseSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQMigratedUser-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: zpHOvc6xzrLOsc64zrzOuc+DzrzOrc69zr/PgiDPh8+Bzq7Pg8+EzrfPgiBNU01R
+cn: mSMQMigratedUser-Display
+instanceType: 4
+distinguishedName: CN=mSMQMigratedUser-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQMigratedUser-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSiteLink-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: zpTPgc6/zrzOv867z4zOs863z4POtyDPg8+Nzr3OtM61z4POt8+CIE1TTVE=
+cn: mSMQSiteLink-Display
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+iconPath: 0,mqsnap.dll,-254
+instanceType: 4
+distinguishedName: CN=mSMQSiteLink-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSiteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: zqHPhc64zrzOr8+DzrXOuc+CIE1TTVE=
+cn: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+instanceType: 4
+distinguishedName: CN=mSMQSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=remoteStorageServicePoint-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu:: MCwmzpTOuc6xz4fOtc6vz4HOuc+DzrcuLi4sUnNBZG1pbi5tc2M=
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: Y24szp/Ovc6/zrzOsc+EzrXPgM+Ozr3Phc68zr8=
+classDisplayName:: zqXPgM63z4HOtc+Dzq/OsSDOsc+Azr/OvM6xzrrPgc+Fz4POvM6tzr3Ot8+CIM6xz4DOv864zq7Ous61z4XPg863z4I=
+cn: remoteStorageServicePoint-Display
+instanceType: 4
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: remoteStorageServicePoint-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szp/Ovc6/zrzOsc+EzrXPgM+Ozr3Phc68zr8=
+cn: default-Display
+instanceType: 4
+distinguishedName: CN=default-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: default-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=sitesContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: zprOv869z4TOrc65zr3Otc+BIM+Ezr/PgM6/zrjOtc+DzrnPjs69
+cn: sitesContainer-Display
+instanceType: 4
+distinguishedName: CN=sitesContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: sitesContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransportContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: zprOv869z4TOrc65zr3Otc+BIM68zrXPhM6xz4bOv8+Bz47OvSDOvM61z4TOsc6+z40gzrHPgM6/zrzOsc66z4HPhc+DzrzOrc69z4nOvSDPhM6/z4DOv864zrXPg865z47OvQ==
+cn: interSiteTransportContainer-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransportContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransportContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnetContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: zprOv869z4TOrc65zr3Otc+BIM+Fz4DOv860zrnOus+Ez43Pic69
+cn: subnetContainer-Display
+instanceType: 4
+distinguishedName: CN=subnetContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnetContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serversContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: zprOv869z4TOrc65zr3Otc+BIM60zrnOsc66zr/OvM65z4PPhM+Ozr0=
+cn: serversContainer-Display
+instanceType: 4
+distinguishedName: CN=serversContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serversContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSService-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: zqXPgM63z4HOtc+Dzq/OsSDOus6xz4TOsc67z4zOs86/z4UgQWN0aXZlIERpcmVjdG9yeQ==
+cn: nTDSService-Display
+instanceType: 4
+distinguishedName: CN=nTDSService-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSService-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=queryPolicy-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: zqDOv867zrnPhM65zrrOriDOtc+Bz4nPhM6uzrzOsc+Ezr/Pgg==
+cn: queryPolicy-Display
+instanceType: 4
+distinguishedName: CN=queryPolicy-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: queryPolicy-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=foreignSecurityPrincipal-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szp/Ovc6/zrzOsc+EzrXPgM+Ozr3Phc68zr8=
+classDisplayName:: zpHPgc+Hzq4gzrXOvs+Jz4TOtc+BzrnOus6uz4IgzrHPg8+GzqzOu861zrnOsc+C
+cn: foreignSecurityPrincipal-Display
+instanceType: 4
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: foreignSecurityPrincipal-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=pKICertificateTemplate-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szp/Ovc6/zrzOsc+EzrXPgM+Ozr3Phc68zr8=
+classDisplayName:: zqDPgc+Mz4TPhc+Azr8gz4DOuc+Dz4TOv8+Azr/Ouc63z4TOuc66z47OvQ==
+cn: pKICertificateTemplate-Display
+contextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+iconPath: 0,capesnpn.dll,-227
+instanceType: 4
+distinguishedName: CN=pKICertificateTemplate-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: pKICertificateTemplate-Display
+shellPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+instanceType: 4
+distinguishedName: CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: container
+showInAdvancedViewOnly: TRUE
+
+dn: CN=DS-UI-Default-Settings,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+cn: DS-UI-Default-Settings
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+instanceType: 4
+distinguishedName: CN=DS-UI-Default-Settings,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: dSUISettings
+name: DS-UI-Default-Settings
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorGroup-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: 2YXYrNmF2YjYudipIEludGVsbGlNaXJyb3I=
+cn: IntellimirrorGroup-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorGroup-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorGroup-Display
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorSCP-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: 2K7Yr9mF2KkgSW50ZWxsaU1pcnJvcg==
+cn: IntellimirrorSCP-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorSCP-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorSCP-Display
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=user-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us2LnZhtmI2KfZhiDYtdmB2K3YqSDZiNmK2Kg=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs2KfYs9mFINiq2LPYrNmK2YQg2KfZhNiv2K7ZiNmE
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzZhdit2LfYp9iqINiq2LPYrNmK2YQg2KfZhNiv2K7ZiNmE
+attributeDisplayNames:: ZGlzcGxheU5hbWUs2KfYs9mFINin2YTYudix2LY=
+attributeDisplayNames:: dXJsLNi52YbZiNin2YYg2LXZgdit2Kkg2YjZitioICjYotiu2LEp
+attributeDisplayNames:: dGl0bGUs2KfZhNmF2LPZhdmJINin2YTZiNi42YrZgdmK
+attributeDisplayNames:: dGVsZXhOdW1iZXIs2LHZgtmFINin2YTYqtmE2YPYsyAo2KLYrtixKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNix2YLZhSDYp9mE2YfYp9iq2YE=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzYp9mE2LnZhtmI2KfZhg==
+attributeDisplayNames:: c3Qs2KfZhNmI2YTYp9mK2Kkv2KfZhNmF2YLYp9i32LnYqQ==
+attributeDisplayNames:: c24s2KfZhNin2LPZhSDYp9mE2KPYrtmK2LE=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs2KfYs9mFINiq2LPYrNmK2YQg2KfZhNiv2K7ZiNmEICjZhdinINmC2KjZhCBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNix2YLZhSDYp9mE2KrZhNmD2LM=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNix2YLZhSBJU0ROINin2YTYr9mI2YTZig==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzYtdmG2K/ZiNmCINin2YTYqNix2YrYrw==
+attributeDisplayNames:: cG9zdGFsQ29kZSzYp9mE2LHZhdiyINin2YTYqNix2YrYr9mK
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs2YXZiNmC2Lkg2KfZhNmF2YPYqtio
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzYp9mE2YTZgtio
+attributeDisplayNames:: cGFnZXIs2LHZgtmFINin2YTZhtiv2ZHYp9ih
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs2LHZgtmFINin2YTZh9in2KrZgSAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcizYsdmC2YUg2KfZhNmG2K/Zkdin2KEgKNii2K7YsSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs2LHZgtmFINin2YTZh9in2KrZgSDYp9mE2KzZiNmR2KfZhCAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNi52YbZiNin2YYg2KfZhNio2LHZitivINin2YTYpdmE2YPYqtix2YjZhtmKICjYotiu2LEp
+attributeDisplayNames:: b3RoZXJJcFBob25lLNi52YbZiNin2YYg2YfYp9iq2YEgSVAgKNii2K7YsSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs2LHZgtmFINmH2KfYqtmBINin2YTZhdmG2LLZhCAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs2LHZgtmFINin2YTZgdin2YPYsyAo2KLYrtixKQ==
+attributeDisplayNames:: aW5mbyzZhdmE2KfYrdi42KfYqg==
+attributeDisplayNames:: bW9iaWxlLNix2YLZhSDYp9mE2YfYp9iq2YEg2KfZhNis2YjZkdin2YQ=
+attributeDisplayNames:: bWlkZGxlTmFtZSzYp9mE2KfYs9mFINin2YTYo9mI2LPYtw==
+attributeDisplayNames:: bWVtYmVyT2Ys2LnYttmI2YrYqSDYp9mE2YXYrNmF2YjYudip
+attributeDisplayNames:: bWFuYWdlcizYp9mE2YXYr9mK2LE=
+attributeDisplayNames:: bWFpbCzYudmG2YjYp9mGINin2YTYqNix2YrYryDYp9mE2KXZhNmD2KrYsdmI2YbZig==
+attributeDisplayNames:: bCzYp9mE2YXYr9mK2YbYqQ==
+attributeDisplayNames:: aXBQaG9uZSzYsdmC2YUg2YfYp9iq2YEgSVA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs2LHZgtmFIElTRE4g2KfZhNiv2YjZhNmKICjYotiu2LEp
+attributeDisplayNames:: aW5pdGlhbHMs2KfZhNij2K3YsdmBINin2YTYo9mI2YTZiSDZhdmGINin2YTYo9iz2YXYp9ih
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms2LnZhtmI2KfZhiDYp9mE2YXZhtiy2YQ=
+attributeDisplayNames:: aG9tZVBob25lLNmH2KfYqtmBINin2YTZhdmG2LLZhA==
+attributeDisplayNames:: aG9tZURyaXZlLNmF2K3YsdmDINin2YTYo9mC2LHYp9i1INin2YTYsdim2YrYs9mK
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzYp9mE2K/ZhNmK2YQg2KfZhNix2KbZitiz2Yo=
+attributeDisplayNames:: Z2l2ZW5OYW1lLNin2YTYp9iz2YUg2KfZhNij2YjZhA==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizZhNin2K3ZgtipINin2YTYp9iz2YU=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNix2YLZhSDYp9mE2YHYp9mD2LM=
+attributeDisplayNames:: ZW1wbG95ZWVJRCzYp9mE2LHZgtmFINin2YTZhdi52LHZgSDZhNmE2YXZiNi42YE=
+attributeDisplayNames:: ZGl2aXNpb24s2KfZhNmB2LHYuQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs2KfZhNin2LPZhSDYp9mE2YXZhdmK2LIg2YTZgCBYNTAw
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzYp9mE2YXYsdik2YjYs9mI2YY=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCzYp9mE2YLYs9mF
+attributeDisplayNames:: Y29tcGFueSzYp9mE2LTYsdmD2Kk=
+attributeDisplayNames:: Y29tbWVudCzYqti52YTZitmC
+attributeDisplayNames:: Y28s2KfZhNio2YTYrw==
+attributeDisplayNames:: YyzYp9iu2KrYtdin2LEg2KfZhNio2YTYrw==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+attributeDisplayNames:: YXNzaXN0YW50LNin2YTZhdiz2KfYudiv
+classDisplayName:: 2KfZhNmF2LPYqtiu2K/ZhQ==
+cn: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=user-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: user-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=group-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us2LnZhtmI2KfZhiDYtdmB2K3YqSDZiNmK2Kg=
+attributeDisplayNames:: dXJsLNi52YbZiNin2YYg2LXZgdit2Kkg2YjZitioICjYotiu2LEp
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs2KfYs9mFINin2YTZhdis2YXZiNi52KkgKNmF2Kcg2YLYqNmEIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs2YXZiNmC2Lkg2KfZhNmF2YPYqtio
+attributeDisplayNames:: aW5mbyzZhdmE2KfYrdi42KfYqg==
+attributeDisplayNames:: bWVtYmVyLNin2YTYo9i52LbYp9ih
+attributeDisplayNames:: bWFuYWdlZEJ5LNmK2KrZhSDYpdiv2KfYsdiq2Ycg2YXZhiDZgtio2YQ=
+attributeDisplayNames:: bCzYp9mE2YXYr9mK2YbYqQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs2KfZhNin2LPZhSDYp9mE2YXZhdmK2LIg2YTZgCBYNTAw
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: YyzYp9iu2KrYtdin2LEg2KfZhNio2YTYrw==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+classDisplayName:: 2KfZhNmF2KzZhdmI2LnYqQ==
+cn: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=group-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: group-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+classDisplayName:: 2KfZhNmF2KzYp9mE
+cn: domainDNS-Display
+instanceType: 4
+distinguishedName: CN=domainDNS-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainDNS-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=contact-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us2LnZhtmI2KfZhiDYtdmB2K3YqSDZiNmK2Kg=
+attributeDisplayNames:: dXJsLNi52YbZiNin2YYg2LXZgdit2Kkg2YjZitioICjYotiu2LEp
+attributeDisplayNames:: dGl0bGUs2KfZhNmF2LPZhdmJINin2YTZiNi42YrZgdmK
+attributeDisplayNames:: dGVsZXhOdW1iZXIs2LHZgtmFINin2YTYqtmE2YPYsyAo2KLYrtixKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNix2YLZhSDYp9mE2YfYp9iq2YE=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzYp9mE2LnZhtmI2KfZhg==
+attributeDisplayNames:: c3Qs2KfZhNmI2YTYp9mK2Kkv2KfZhNmF2YLYp9i32LnYqQ==
+attributeDisplayNames:: c24s2KfZhNin2LPZhSDYp9mE2KPYrtmK2LE=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNix2YLZhSDYp9mE2KrZhNmD2LM=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNix2YLZhSBJU0ROINin2YTYr9mI2YTZig==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzYtdmG2K/ZiNmCINin2YTYqNix2YrYrw==
+attributeDisplayNames:: cG9zdGFsQ29kZSzYp9mE2LHZhdiyINin2YTYqNix2YrYr9mK
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs2YXZiNmC2Lkg2KfZhNmF2YPYqtio
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzYp9mE2YTZgtio
+attributeDisplayNames:: cGFnZXIs2LHZgtmFINin2YTZhtiv2ZHYp9ih
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs2LHZgtmFINin2YTZh9in2KrZgSAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcizYsdmC2YUg2KfZhNmG2K/Zkdin2KEgKNii2K7YsSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs2LHZgtmFINin2YTZh9in2KrZgSDYp9mE2KzZiNmR2KfZhCAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNi52YbZiNin2YYg2KfZhNio2LHZitivINin2YTYpdmE2YPYqtix2YjZhtmKICjYotiu2LEp
+attributeDisplayNames:: b3RoZXJJcFBob25lLNi52YbZiNin2YYg2YfYp9iq2YEgSVAgKNii2K7YsSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs2LHZgtmFINmH2KfYqtmBINin2YTZhdmG2LLZhCAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs2LHZgtmFINin2YTZgdin2YPYsyAo2KLYrtixKQ==
+attributeDisplayNames:: bW9iaWxlLNix2YLZhSDYp9mE2YfYp9iq2YEg2KfZhNis2YjZkdin2YQ=
+attributeDisplayNames:: bWlkZGxlTmFtZSzYp9mE2KfYs9mFINin2YTYo9mI2LPYtw==
+attributeDisplayNames:: bWVtYmVyT2Ys2LnYttmI2YrYqSDYp9mE2YXYrNmF2YjYudip
+attributeDisplayNames:: bWFuYWdlcizYp9mE2YXYr9mK2LE=
+attributeDisplayNames:: bWFpbCzYudmG2YjYp9mGINin2YTYqNix2YrYryDYp9mE2KXZhNmD2KrYsdmI2YbZig==
+attributeDisplayNames:: bCzYp9mE2YXYr9mK2YbYqQ==
+attributeDisplayNames:: aXBQaG9uZSzYsdmC2YUg2YfYp9iq2YEgSVA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs2LHZgtmFIElTRE4g2KfZhNiv2YjZhNmKICjYotiu2LEp
+attributeDisplayNames:: aW5mbyzZhdmE2KfYrdi42KfYqg==
+attributeDisplayNames:: aW5pdGlhbHMs2KfZhNij2K3YsdmBINin2YTYo9mI2YTZiSDZhdmGINin2YTYo9iz2YXYp9ih
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms2LnZhtmI2KfZhiDYp9mE2YXZhtiy2YQ=
+attributeDisplayNames:: aG9tZVBob25lLNmH2KfYqtmBINin2YTZhdmG2LLZhA==
+attributeDisplayNames:: Z2l2ZW5OYW1lLNin2YTYp9iz2YUg2KfZhNij2YjZhA==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizZhNin2K3ZgtipINin2YTYp9iz2YU=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNix2YLZhSDYp9mE2YHYp9mD2LM=
+attributeDisplayNames:: ZW1wbG95ZWVJRCzYp9mE2LHZgtmFINin2YTZhdi52LHZgSDZhNmE2YXZiNi42YE=
+attributeDisplayNames:: ZGl2aXNpb24s2KfZhNmB2LHYuQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs2KfZhNin2LPZhSDYp9mE2YXZhdmK2LIg2YTZgCBYNTAw
+attributeDisplayNames:: ZGlzcGxheU5hbWUs2KfYs9mFINin2YTYudix2LY=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzYp9mE2YXYsdik2YjYs9mI2YY=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCzYp9mE2YLYs9mF
+attributeDisplayNames:: Y29tcGFueSzYp9mE2LTYsdmD2Kk=
+attributeDisplayNames:: Y29tbWVudCzYqti52YTZitmC
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+attributeDisplayNames:: Y28s2KfZhNio2YTYrw==
+attributeDisplayNames:: YyzYp9iu2KrYtdin2LEg2KfZhNio2YTYrw==
+attributeDisplayNames:: YXNzaXN0YW50LNin2YTZhdiz2KfYudiv
+classDisplayName:: 2KzZh9ipINin2YTYp9iq2LXYp9mE
+cn: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=contact-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: contact-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=domainPolicy-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 2YbZh9isINin2YTZhdis2KfZhA==
+cn: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=domainPolicy-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=localPolicy-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 2KfZhNmG2YfYrCDYp9mE2YXYrdmE2Yo=
+cn: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=localPolicy-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: localPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serviceAdministrationPoint-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfZhNiu2K/Zhdip
+cn: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serviceAdministrationPoint-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=computer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs2KfYs9mFINin2YTZg9mF2KjZitmI2KrYsSAo2YXYpyDZgtio2YQgV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizYpdi12K/Yp9ixINmG2LjYp9mFINin2YTYqti02LrZitmE
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLNmG2LjYp9mFINin2YTYqti02LrZitmE
+attributeDisplayNames:: bWFuYWdlZEJ5LNmK2KrZhSDYpdiv2KfYsdiq2Ycg2YXZhiDZgtio2YQ=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+classDisplayName:: 2KfZhNmD2YXYqNmK2YjYqtix
+cn: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+instanceType: 4
+distinguishedName: CN=computer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: computer-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=printQueue-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcizYpdi12K/Yp9ixINin2YTZg9in2KbZhg==
+attributeDisplayNames:: dXJsLNi52YbZiNin2YYg2LXZgdit2Kkg2YjZitio
+attributeDisplayNames:: c2VydmVyTmFtZSzYp9iz2YUg2KfZhNmF2YTZgtmF
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzYqtiv2LnZhSDYp9mE2KrYr9io2YrYsw==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUs2KfYs9mFINin2YTZhdi02KfYsdmD2Kk=
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzYtdmB2K3YqSDYqNin2YTYr9mC2YrZgtip
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzZiNit2K/Yp9iqINin2YTYs9ix2LnYqQ==
+attributeDisplayNames:: cHJpbnRSYXRlLNin2YTYs9ix2LnYqQ==
+attributeDisplayNames:: cHJpbnRPd25lcizYp9iz2YUg2KfZhNmF2KfZhNmD
+attributeDisplayNames:: cHJpbnRNZW1vcnks2KfZhNiw2KfZg9ix2Kkg2KfZhNmF2KvYqNiq2Kk=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzYo9mG2YjYp9i5INin2YTZiNix2YIg2KfZhNmF2LnYqtmF2K/YqQ==
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LNin2YTZiNix2YIg2KfZhNmF2KrZiNmB2LE=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLNin2YTYrdivINin2YTYo9mC2LXZiSDZhNmE2K/Zgtip
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSzZhNi62Kkg2KfZhNi32KfYqNi52Kk=
+attributeDisplayNames:: cHJpbnRlck5hbWUs2KfZhNin2LPZhQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQs2KrYr9i52YUg2KfZhNi32KjYp9i52Kkg2LnZhNmJINin2YTZiNis2YfZitmG
+attributeDisplayNames:: cHJpbnRDb2xvcizYqtiv2LnZhSDYp9mE2LfYqNin2LnYqSDYqNin2YTYo9mE2YjYp9mG
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLNiq2K/YudmFINiq2LHYqtmK2Kgg2KfZhNmG2LPYrg==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzYudmE2Kgg2KfZhNil2K/Yrtin2YQ=
+attributeDisplayNames:: cG9ydE5hbWUs2KfZhNmF2YbZgdiw
+attributeDisplayNames:: bG9jYXRpb24s2KfZhNmF2YjZgti5
+attributeDisplayNames:: ZHJpdmVyTmFtZSzYp9mE2LfYsdin2LI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KrYudmE2YrZgg==
+attributeDisplayNames:: Y29udGFjdE5hbWUs2KzZh9ipINin2YTYp9iq2LXYp9mE
+attributeDisplayNames:: YXNzZXROdW1iZXIs2LHZgtmFINin2YTYo9i12YQ=
+attributeDisplayNames:: dU5DTmFtZSzYp9iz2YUg2LTYqNmD2Kkg2KfZhNin2KrYtdin2YQ=
+attributeDisplayNames:: Y24s2KfYs9mFINiu2K/ZhdipINin2YTYr9mE2YrZhA==
+classDisplayName:: 2KfZhNi32KfYqNi52Kk=
+cn: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=printQueue-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: printQueue-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=site-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 2KfZhNmF2YjZgti5
+cn: site-Display
+instanceType: 4
+distinguishedName: CN=site-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: site-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=server-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 2KfZhNmF2YTZgtmF
+cn: server-Display
+instanceType: 4
+distinguishedName: CN=server-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: server-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 2KfZhNil2LnYr9in2K/Yp9iq
+cn: nTDSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSDSA-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 2KXYudiv2KfYr9in2Kog2YjYrdiv2Kkg2KrYrdmD2YUg2KfZhNmF2KzYp9mE
+cn: nTDSDSA-Display
+instanceType: 4
+distinguishedName: CN=nTDSDSA-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSDSA-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSConnection-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 2KfZhNin2KrYtdin2YQ=
+cn: nTDSConnection-Display
+instanceType: 4
+distinguishedName: CN=nTDSConnection-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSConnection-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 2KXYudiv2KfYr9in2KogRlJT
+cn: nTFRSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSReplicaSet-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 2YXYrNmF2YjYudipINin2YTZhtiz2K4g2KfZhNmF2KrZhdin2KvZhNipINmE2YAgRlJT
+cn: nTFRSReplicaSet-Display
+instanceType: 4
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSReplicaSet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnet-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 2KfZhNi02KjZg9ipINin2YTZgdix2LnZitip
+cn: subnet-Display
+instanceType: 4
+distinguishedName: CN=subnet-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLink-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 2KfYsdiq2KjYp9i3INin2YTZhdmI2YLYuQ==
+cn: siteLink-Display
+instanceType: 4
+distinguishedName: CN=siteLink-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLinkBridge-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 2KzYs9ixINin2LHYqtio2KfYtyDYp9mE2YXZiNmC2Lk=
+cn: siteLinkBridge-Display
+instanceType: 4
+distinguishedName: CN=siteLinkBridge-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLinkBridge-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransport-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 2YbZgtmEINio2YrZhiDYp9mE2YXZiNin2YLYuQ==
+cn: interSiteTransport-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransport-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransport-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=licensingSiteSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 2KXYudiv2KfYr9in2Kog2KrYsdiu2YrYtSDYp9mE2YXZiNmC2Lk=
+cn: licensingSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=licensingSiteSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: licensingSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSiteSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: 2KXYudiv2KfYr9in2Kog2KfZhNmF2YjZgti5
+cn: nTDSSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSiteSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSMember-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 2LnYttmIIEZSUw==
+cn: nTFRSMember-Display
+instanceType: 4
+distinguishedName: CN=nTFRSMember-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSMember-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriber-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 2YXYtNiq2LHZgyBGUlM=
+cn: nTFRSSubscriber-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriber-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriber-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriptions-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 2KfYtNiq2LHYp9mD2KfYqiBGUlM=
+cn: nTFRSSubscriptions-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriptions-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=organizationalUnit-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames:: bWFuYWdlZEJ5LNmK2KrZhSDYpdiv2KfYsdiq2Ycg2YXZhiDZgtio2YQ=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: b3Us2KfZhNin2LPZhQ==
+classDisplayName:: 2KfZhNmI2K3Yr9ipINin2YTYqtmG2LjZitmF2YrYqQ==
+cn: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=organizationalUnit-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: organizationalUnit-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=container-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+classDisplayName:: 2KfZhNit2KfZiNmK2Kk=
+cn: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=container-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: container-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=rpcContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+classDisplayName:: 2K7Yr9mF2KfYqiBSUEM=
+cn: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=rpcContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: rpcContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=trustedDomain-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+classDisplayName:: 2KfZhNmF2KzYp9mEINin2YTZhdmI2KvZiNmC
+cn: trustedDomain-Display
+instanceType: 4
+distinguishedName: CN=trustedDomain-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: trustedDomain-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=volume-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dU5DTmFtZSzZhdiz2KfYsSDYtNio2YPYqSDYp9mE2KfYqti12KfZhA==
+attributeDisplayNames:: a2V5d29yZHMs2KfZhNmD2YTZhdin2Kog2KfZhNij2LPYp9iz2YrYqQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LNmK2KrZhSDYpdiv2KfYsdiq2Ycg2YXZhiDZgtio2YQ=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+classDisplayName:: 2KfZhNmF2KzZhNivINin2YTZhdi02KrYsdmD
+cn: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=volume-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: volume-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQQueue-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: 2YLYp9im2YXYqSDYp9mG2KrYuNin2LEgTVNNUQ==
+cn: mSMQQueue-Display
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+iconPath: 0,mqsnap.dll,-251
+instanceType: 4
+distinguishedName: CN=mSMQQueue-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQQueue-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: 2KrZg9mI2YrZhiBNU01R
+cn: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+instanceType: 4
+distinguishedName: CN=mSMQConfiguration-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQConfiguration-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: 2YXYtNix2YjYuSBNU01R
+cn: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+instanceType: 4
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQEnterpriseSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQMigratedUser-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: 2YXYs9iq2K7Yr9mFINiq2LHZgtmK2Kkg2YTZgCBNU01R
+cn: mSMQMigratedUser-Display
+instanceType: 4
+distinguishedName: CN=mSMQMigratedUser-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQMigratedUser-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSiteLink-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: 2KfYsdiq2KjYp9i3INiq2YjYrNmK2YcgTVNNUQ==
+cn: mSMQSiteLink-Display
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+iconPath: 0,mqsnap.dll,-254
+instanceType: 4
+distinguishedName: CN=mSMQSiteLink-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSiteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: 2KXYudiv2KfYr9in2KogTVNNUQ==
+cn: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+instanceType: 4
+distinguishedName: CN=mSMQSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=remoteStorageServicePoint-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu:: MCzYpSbYr9in2LHYqS4uLixSc0FkbWluLm1zYw==
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+classDisplayName:: 2K7Yr9mF2Kkg2KfZhNiq2K7YstmK2YYg2KfZhNio2LnZitiv
+cn: remoteStorageServicePoint-Display
+instanceType: 4
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: remoteStorageServicePoint-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+cn: default-Display
+instanceType: 4
+distinguishedName: CN=default-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: default-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=sitesContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 2K3Yp9mI2YrYqSDYp9mE2YXZiNin2YLYuQ==
+cn: sitesContainer-Display
+instanceType: 4
+distinguishedName: CN=sitesContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: sitesContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransportContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 2K3Yp9mI2YrYqSDYp9mE2YbZgtmE2YrYp9iqINio2YrZhiDYp9mE2YXZiNin2YLYuQ==
+cn: interSiteTransportContainer-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransportContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransportContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnetContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 2K3Yp9mI2YrYqSDYp9mE2LTYqNmD2KfYqiDYp9mE2YHYsdi52YrYqQ==
+cn: subnetContainer-Display
+instanceType: 4
+distinguishedName: CN=subnetContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnetContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serversContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 2K3Yp9mI2YrYqSDYp9mE2YXZhNmC2YXYp9iq
+cn: serversContainer-Display
+instanceType: 4
+distinguishedName: CN=serversContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serversContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSService-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 2K7Yr9mF2KkgQWN0aXZlIERpcmVjdG9yeQ==
+cn: nTDSService-Display
+instanceType: 4
+distinguishedName: CN=nTDSService-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSService-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=queryPolicy-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 2YbZh9isINin2YTYp9iz2KrYudmE2KfZhQ==
+cn: queryPolicy-Display
+instanceType: 4
+distinguishedName: CN=queryPolicy-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: queryPolicy-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=foreignSecurityPrincipal-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+classDisplayName:: 2KPYs9in2LMg2KfZhNij2YXYp9mGINin2YTYrtin2LHYrNmK
+cn: foreignSecurityPrincipal-Display
+instanceType: 4
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: foreignSecurityPrincipal-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=pKICertificateTemplate-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+classDisplayName:: 2YLYp9mE2Kgg2KfZhNi02YfYp9iv2Kk=
+cn: pKICertificateTemplate-Display
+contextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+iconPath: 0,capesnpn.dll,-227
+instanceType: 4
+distinguishedName: CN=pKICertificateTemplate-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: pKICertificateTemplate-Display
+shellPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+instanceType: 4
+distinguishedName: CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: container
+showInAdvancedViewOnly: TRUE
+
+dn: CN=DS-UI-Default-Settings,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+cn: DS-UI-Default-Settings
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+instanceType: 4
+distinguishedName: CN=DS-UI-Default-Settings,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: dSUISettings
+name: DS-UI-Default-Settings
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorGroup-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Grupo IntelliMirror
+cn: IntellimirrorGroup-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorGroup-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorGroup-Display
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorSCP-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: U2VydmnDp28gSW50ZWxsaU1pcnJvcg==
+cn: IntellimirrorSCP-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorSCP-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorSCP-Display
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=user-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIGRlIHDDoWdpbmEgZGEgV2Vi
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBkZSBpbsOtY2lvIGRlIHNlc3PDo28=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxFc3Rhw6fDtWVzIGRlIHRyYWJhbGhvIGFjZXNzw612ZWlz
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tZSBhIGFwcmVzZW50YXI=
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkYSBww6FnaW5hIFdFQiAob3V0cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTsO6bWVybyBkZSB0ZWxleCAob3V0cm9zKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgdGVsZWZvbmU=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxSdWE=
+attributeDisplayNames:: c3QsRGlzdHJpdG8=
+attributeDisplayNames:: c24sQXBlbGlkbw==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkZSBpbsOtY2lvIGRlIHNlc3PDo28gKGFudGVyaW9yIGFvIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE7Dum1lcm8gZGUgdGVsZXg=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE7Dum1lcm8gUkRJUyBpbnRlcm5hY2lvbmFs
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxBcGFydGFkbw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxDw7NkaWdvIHBvc3RhbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9jYWxpemHDp8OjbyBkbyBlc2NyaXTDs3Jpbw==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGFnZXIsTsO6bWVybyBkZSBwYWdlcg==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTsO6bWVybyBkZSB0ZWxlZm9uZSAob3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOw7ptZXJvIGRlIHBhZ2VyIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTsO6bWVybyBkZSB0ZWxlbcOzdmVsIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVuZGVyZcOnbyBkZSBjb3JyZWlvIGVsZWN0csOzbmljbyAob3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLE7Dum1lcm8gZGUgdGVsZWZvbmUgSVAgKG91dHJvcyk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTsO6bWVybyBkZSB0ZWxlZm9uZSBkYSByZXNpZMOqbmNpYSAob3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTsO6bWVyb3MgZGUgZmF4IChvdXRyb3Mp
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: bW9iaWxlLE7Dum1lcm8gZGUgdGVsZW3Ds3ZlbA==
+attributeDisplayNames:: bWlkZGxlTmFtZSwywrogbm9tZQ==
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJvIGRvIGdydXBv
+attributeDisplayNames:: bWFuYWdlcixHZXN0b3I=
+attributeDisplayNames:: bWFpbCxFbmRlcmXDp28gZGUgY29ycmVpbyBlbGVjdHLDs25pY28=
+attributeDisplayNames:: bCxMb2NhbGlkYWRl
+attributeDisplayNames:: aXBQaG9uZSxOw7ptZXJvIGRlIHRlbGVmb25lIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTsO6bWVybyBSRElTIGludGVybmFjaW9uYWwgKG91dHJvcyk=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhaXM=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRW5kZXJlw6dvIGRhIHJlc2lkw6puY2lh
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25lIGRhIHJlc2lkw6puY2lh
+attributeDisplayNames:: aG9tZURyaXZlLFVuaWRhZGUgcmFpeg==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxQYXN0YSByYWl6
+attributeDisplayNames:: Z2l2ZW5OYW1lLE5vbWUgcHLDs3ByaW8=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpeG8gZGUgZ2VyYcOnw6Nv
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZG8gZmF4
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJRCBkbyBlbXByZWdhZG8=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXPDo28=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBYNTAwIGRpc3RpbnRv
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxDb2xhYm9yYWRvcmVzIGRpcmVjdG9z
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: Y29tcGFueSxFbXByZXNh
+attributeDisplayNames:: Y29tbWVudCxDb21lbnTDoXJpbw==
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkbyBwYcOtcw==
+attributeDisplayNames:: Y24sTm9tZQ==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+classDisplayName: Utilizador
+cn: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=user-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: user-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=group-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIGRlIHDDoWdpbmEgZGEgV2Vi
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkYSBww6FnaW5hIFdFQiAob3V0cm9zKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkbyBncnVwbyAoYW50ZXJpb3IgYW8gV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9jYWxpemHDp8OjbyBkbyBlc2NyaXTDs3Jpbw==
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: bWVtYmVyLE1lbWJyb3M=
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmlkbyBwb3I=
+attributeDisplayNames:: bCxMb2NhbGlkYWRl
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBYNTAwIGRpc3RpbnRv
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkbyBwYcOtcw==
+attributeDisplayNames:: Y24sTm9tZQ==
+classDisplayName: Grupo
+cn: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=group-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: group-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+classDisplayName:: RG9tw61uaW8=
+cn: domainDNS-Display
+instanceType: 4
+distinguishedName: CN=domainDNS-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainDNS-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=contact-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIGRlIHDDoWdpbmEgZGEgV2Vi
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkYSBww6FnaW5hIFdFQiAob3V0cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTsO6bWVybyBkZSB0ZWxleCAob3V0cm9zKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgdGVsZWZvbmU=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxSdWE=
+attributeDisplayNames:: c3QsRGlzdHJpdG8=
+attributeDisplayNames:: c24sQXBlbGlkbw==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE7Dum1lcm8gZGUgdGVsZXg=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE7Dum1lcm8gUkRJUyBpbnRlcm5hY2lvbmFs
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxBcGFydGFkbw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxDw7NkaWdvIHBvc3RhbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9jYWxpemHDp8OjbyBkbyBlc2NyaXTDs3Jpbw==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGFnZXIsTsO6bWVybyBkZSBwYWdlcg==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTsO6bWVybyBkZSB0ZWxlZm9uZSAob3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOw7ptZXJvIGRlIHBhZ2VyIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTsO6bWVybyBkZSB0ZWxlbcOzdmVsIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVuZGVyZcOnbyBkZSBjb3JyZWlvIGVsZWN0csOzbmljbyAob3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLE7Dum1lcm8gZGUgdGVsZWZvbmUgSVAgKG91dHJvcyk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTsO6bWVybyBkZSB0ZWxlZm9uZSBkYSByZXNpZMOqbmNpYSAob3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTsO6bWVyb3MgZGUgZmF4IChvdXRyb3Mp
+attributeDisplayNames:: bW9iaWxlLE7Dum1lcm8gZGUgdGVsZW3Ds3ZlbA==
+attributeDisplayNames:: bWlkZGxlTmFtZSwywrogbm9tZQ==
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJvIGRvIGdydXBv
+attributeDisplayNames:: bWFuYWdlcixHZXN0b3I=
+attributeDisplayNames:: bWFpbCxFbmRlcmXDp28gZGUgY29ycmVpbyBlbGVjdHLDs25pY28=
+attributeDisplayNames:: bCxMb2NhbGlkYWRl
+attributeDisplayNames:: aXBQaG9uZSxOw7ptZXJvIGRlIHRlbGVmb25lIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTsO6bWVybyBSRElTIGludGVybmFjaW9uYWwgKG91dHJvcyk=
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhaXM=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRW5kZXJlw6dvIGRhIHJlc2lkw6puY2lh
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25lIGRhIHJlc2lkw6puY2lh
+attributeDisplayNames:: Z2l2ZW5OYW1lLE5vbWUgcHLDs3ByaW8=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpeG8gZGUgZ2VyYcOnw6Nv
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZG8gZmF4
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJRCBkbyBlbXByZWdhZG8=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXPDo28=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBYNTAwIGRpc3RpbnRv
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tZSBhIGFwcmVzZW50YXI=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxDb2xhYm9yYWRvcmVzIGRpcmVjdG9z
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: Y29tcGFueSxFbXByZXNh
+attributeDisplayNames:: Y29tbWVudCxDb21lbnTDoXJpbw==
+attributeDisplayNames:: Y24sTm9tZQ==
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkbyBwYcOtcw==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+classDisplayName: Contacto
+cn: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=contact-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: contact-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=domainPolicy-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: UG9sw610aWNhIGRlIGRvbcOtbmlv
+cn: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=domainPolicy-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=localPolicy-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: UG9sw610aWNhIGxvY2Fs
+cn: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=localPolicy-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: localPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serviceAdministrationPoint-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U2VydmnDp28=
+cn: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serviceAdministrationPoint-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=computer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkbyBjb21wdXRhZG9yIChhbnRlcmlvciBhbyBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixWZXJzw6NvIGRvIHNpc3RlbWEgb3BlcmF0aXZv
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLFNpc3RlbWEgb3BlcmF0aXZv
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmlkbyBwb3I=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+classDisplayName: Computador
+cn: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+instanceType: 4
+distinguishedName: CN=computer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: computer-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=printQueue-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixWZXJzw6NvIGRvIG9iamVjdG8=
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkZSBww6FnaW5hIGRhIFdlYg==
+attributeDisplayNames:: c2VydmVyTmFtZSxOb21lIGRvIHNlcnZpZG9y
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxTdXBvcnRhIGFncmFmYW1lbnRv
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTm9tZSBkZSBwYXJ0aWxoYQ==
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxQw6FnaW5hcyBwb3IgbWludXRv
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxVbmlkYWRlcyBkZSB2ZWxvY2lkYWRl
+attributeDisplayNames:: cHJpbnRSYXRlLFZlbG9jaWRhZGU=
+attributeDisplayNames:: cHJpbnRPd25lcixOb21lIGRvIHByb3ByaWV0w6FyaW8=
+attributeDisplayNames:: cHJpbnRNZW1vcnksTWVtw7NyaWEgaW5zdGFsYWRh
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxUaXBvcyBkZSBwYXBlbCBzdXBvcnRhZG9z
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFBhcGVsIGRpc3BvbsOtdmVs
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLFJlc29sdcOnw6NvIG3DoXhpbWE=
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxMaW5ndWFnZW0gZGEgaW1wcmVzc29yYQ==
+attributeDisplayNames:: cHJpbnRlck5hbWUsTm9tZQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsU3Vwb3J0YSBpbXByZXNzw6NvIGRvcyBkb2lzIGxhZG9z
+attributeDisplayNames:: cHJpbnRDb2xvcixTdXBvcnRhIGltcHJlc3PDo28gYSBjb3Jlcw==
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFN1cG9ydGEgY8OzcGlhcyBhZ3J1cGFkYXM=
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxUYWJ1bGVpcm8gZGUgZW50cmFkYQ==
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydGE=
+attributeDisplayNames:: bG9jYXRpb24sTG9jYWxpemHDp8Ojbw==
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQ29tZW50w6FyaW8=
+attributeDisplayNames:: Y29udGFjdE5hbWUsQ29udGFjdG8=
+attributeDisplayNames:: YXNzZXROdW1iZXIsTsO6bWVybyBkZSBjb250cm9sbw==
+attributeDisplayNames:: dU5DTmFtZSxOb21lIGRlIHJlZGU=
+attributeDisplayNames:: Y24sTm9tZSBkbyBzZXJ2acOnbyBkZSBkaXJlY3TDs3Jpbw==
+classDisplayName: Impressora
+cn: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=printQueue-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: printQueue-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=site-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Site
+cn: site-Display
+instanceType: 4
+distinguishedName: CN=site-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: site-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=server-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Servidor
+cn: server-Display
+instanceType: 4
+distinguishedName: CN=server-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: server-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: RGVmaW5pw6fDtWVz
+cn: nTDSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSDSA-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: RGVmaW5pw6fDtWVzIGRvIGNvbnRyb2xhZG9yIGRlIGRvbcOtbmlv
+cn: nTDSDSA-Display
+instanceType: 4
+distinguishedName: CN=nTDSDSA-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSDSA-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSConnection-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: TGlnYcOnw6Nv
+cn: nTDSConnection-Display
+instanceType: 4
+distinguishedName: CN=nTDSConnection-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSConnection-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RGVmaW5pw6fDtWVzIEZSUw==
+cn: nTFRSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSReplicaSet-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: Q29uanVudG8gZGUgcsOpcGxpY2FzIEZSUw==
+cn: nTFRSReplicaSet-Display
+instanceType: 4
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSReplicaSet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnet-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Subrede
+cn: subnet-Display
+instanceType: 4
+distinguishedName: CN=subnet-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLink-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: TGlnYcOnw6NvIHBhcmEgbyBzaXRl
+cn: siteLink-Display
+instanceType: 4
+distinguishedName: CN=siteLink-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLinkBridge-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: QnJpZGdlIGRlIGxpZ2HDp8OjbyBwYXJhIG8gc2l0ZQ==
+cn: siteLinkBridge-Display
+instanceType: 4
+distinguishedName: CN=siteLinkBridge-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLinkBridge-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransport-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Transporte entre sites
+cn: interSiteTransport-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransport-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransport-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=licensingSiteSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: RGVmaW5pw6fDtWVzIGRvIHNpdGUgZGUgbGljZW5jaWFtZW50bw==
+cn: licensingSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=licensingSiteSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: licensingSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSiteSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: RGVmaW5pw6fDtWVzIGRvIHNpdGU=
+cn: nTDSSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSiteSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSMember-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Membro FRS
+cn: nTFRSMember-Display
+instanceType: 4
+distinguishedName: CN=nTFRSMember-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSMember-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriber-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Subscritor FRS
+cn: nTFRSSubscriber-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriber-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriber-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriptions-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: U3Vic2NyacOnw7VlcyBGUlM=
+cn: nTFRSSubscriptions-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriptions-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=organizationalUnit-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmlkbyBwb3I=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: b3UsTm9tZQ==
+classDisplayName: Unidade organizacional
+cn: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=organizationalUnit-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: organizationalUnit-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=container-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+classDisplayName: Contentor
+cn: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=container-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: container-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=rpcContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+classDisplayName:: U2VydmnDp29zIFJQQw==
+cn: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=rpcContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: rpcContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=trustedDomain-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+classDisplayName:: RG9tw61uaW8gZmlkZWRpZ25v
+cn: trustedDomain-Display
+instanceType: 4
+distinguishedName: CN=trustedDomain-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: trustedDomain-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=volume-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dU5DTmFtZSxDYW1pbmhvIGRlIHJlZGU=
+attributeDisplayNames:: a2V5d29yZHMsUGFsYXZyYXMtY2hhdmU=
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmlkbyBwb3I=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+classDisplayName: Pasta partilhada
+cn: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=volume-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: volume-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQQueue-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: Fila MSMQ
+cn: mSMQQueue-Display
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+iconPath: 0,mqsnap.dll,-251
+instanceType: 4
+distinguishedName: CN=mSMQQueue-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQQueue-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: Q29uZmlndXJhw6fDo28gTVNNUQ==
+cn: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+instanceType: 4
+distinguishedName: CN=mSMQConfiguration-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQConfiguration-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: Empresa MSMQ
+cn: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+instanceType: 4
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQEnterpriseSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQMigratedUser-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: VXRpbGl6YWRvciBjb20gYWN0dWFsaXphw6fDo28gTVNNUQ==
+cn: mSMQMigratedUser-Display
+instanceType: 4
+distinguishedName: CN=mSMQMigratedUser-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQMigratedUser-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSiteLink-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TGlnYcOnw6NvIGRlIGVuY2FtaW5oYW1lbnRvIE1TTVE=
+cn: mSMQSiteLink-Display
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+iconPath: 0,mqsnap.dll,-254
+instanceType: 4
+distinguishedName: CN=mSMQSiteLink-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSiteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: RGVmaW5pw6fDtWVzIE1TTVE=
+cn: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+instanceType: 4
+distinguishedName: CN=mSMQSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=remoteStorageServicePoint-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,&Gerir...,RsAdmin.msc
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames: cn,Nome
+classDisplayName:: U2VydmnDp28gZGUgYXJtYXplbmFtZW50byByZW1vdG8=
+cn: remoteStorageServicePoint-Display
+instanceType: 4
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: remoteStorageServicePoint-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+cn: default-Display
+instanceType: 4
+distinguishedName: CN=default-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: default-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=sitesContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contentor de sites
+cn: sitesContainer-Display
+instanceType: 4
+distinguishedName: CN=sitesContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: sitesContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransportContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contentor de transporte entre sites
+cn: interSiteTransportContainer-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransportContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransportContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnetContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contentor de subredes
+cn: subnetContainer-Display
+instanceType: 4
+distinguishedName: CN=subnetContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnetContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serversContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: Q29udGVudG9yIGRlIHNlcnZpw6dvcw==
+cn: serversContainer-Display
+instanceType: 4
+distinguishedName: CN=serversContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serversContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSService-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2VydmnDp28gZG8gQWN0aXZlIERpcmVjdG9yeQ==
+cn: nTDSService-Display
+instanceType: 4
+distinguishedName: CN=nTDSService-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSService-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=queryPolicy-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: UG9sw610aWNhIGRlIGNvbnN1bHRhcw==
+cn: queryPolicy-Display
+instanceType: 4
+distinguishedName: CN=queryPolicy-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: queryPolicy-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=foreignSecurityPrincipal-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+classDisplayName:: U2VndXJhbsOnYSBleHRlcm5hIHByaW5jaXBhbA==
+cn: foreignSecurityPrincipal-Display
+instanceType: 4
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: foreignSecurityPrincipal-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=pKICertificateTemplate-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+classDisplayName: Modelo de certificado
+cn: pKICertificateTemplate-Display
+contextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+iconPath: 0,capesnpn.dll,-227
+instanceType: 4
+distinguishedName: CN=pKICertificateTemplate-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: pKICertificateTemplate-Display
+shellPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+instanceType: 4
+distinguishedName: CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: container
+showInAdvancedViewOnly: TRUE
+
+dn: CN=DS-UI-Default-Settings,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+cn: DS-UI-Default-Settings
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+instanceType: 4
+distinguishedName: CN=DS-UI-Default-Settings,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: dSUISettings
+name: DS-UI-Default-Settings
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorGroup-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Grupo do IntelliMirror
+cn: IntellimirrorGroup-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorGroup-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorGroup-Display
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorSCP-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: U2VydmnDp28gSW50ZWxsaU1pcnJvcg==
+cn: IntellimirrorSCP-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorSCP-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorSCP-Display
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=user-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIGRlIHDDoWdpbmEgZGEgV2Vi
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBkZSBsb2dvbg==
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxFc3Rhw6fDtWVzIGRlIHRyYWJhbGhvIGRlIGxvZ29u
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tZSBwYXJhIGV4aWJpw6fDo28=
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkZSBww6FnaW5hIGRhIFdlYiAob3V0cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTsO6bWVybyBkZSB0ZWxleCAob3V0cm9zKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZG8gdGVsZWZvbmU=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxFbmRlcmXDp28=
+attributeDisplayNames:: c3QsVUY=
+attributeDisplayNames:: c24sU29icmVub21l
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkZSBsb2dvbiAoYW50ZXJpb3IgYW8gV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE7Dum1lcm8gZGUgdGVsZXg=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE7Dum1lcm8gSVNETiBpbnRlcm5hY2lvbmFs
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxDYWl4YSBwb3N0YWw=
+attributeDisplayNames:: cG9zdGFsQ29kZSxDRVA=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsRW5kZXJlw6dvIGNvbWVyY2lhbA==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGFnZXIsTsO6bWVybyBkbyBwYWdlcg==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTsO6bWVybyBkZSB0ZWxlZm9uZSAob3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOw7ptZXJvIGRvIHBhZ2VyIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTsO6bWVybyBkbyBjZWx1bGFyIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVuZGVyZcOnbyBkZSBjb3JyZWlvIGVsZXRyw7RuaWNvIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJJcFBob25lLFRlbGVmb25lIElQIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTsO6bWVybyBkZSB0ZWxlZm9uZSByZXNpZGVuY2lhbCAob3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTsO6bWVybyBkbyBmYXggKG91dHJvcyk=
+attributeDisplayNames:: aW5mbyxPYnNlcnZhw6fDtWVz
+attributeDisplayNames:: bW9iaWxlLE7Dum1lcm8gZG8gY2VsdWxhcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWd1bmRvIG5vbWU=
+attributeDisplayNames:: bWVtYmVyT2YsUGFydGljaXBhw6fDo28gbm8gZ3J1cG8=
+attributeDisplayNames:: bWFuYWdlcixHZXJlbnRl
+attributeDisplayNames:: bWFpbCxFbmRlcmXDp28gZGUgY29ycmVpbyBlbGV0csO0bmljbw==
+attributeDisplayNames:: bCxDaWRhZGU=
+attributeDisplayNames:: aXBQaG9uZSxUZWxlZm9uZSBJUA==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTsO6bWVybyBJU0ROIGludGVybmFjaW9uYWwgKG91dHJvcyk=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhaXM=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRW5kZXJlw6dvIHJlc2lkZW5jaWFs
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25lIHJlc2lkZW5jaWFs
+attributeDisplayNames:: aG9tZURyaXZlLFVuaWRhZGUgYmFzZQ==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxQYXN0YSBiYXNl
+attributeDisplayNames:: Z2l2ZW5OYW1lLFByZW5vbWU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpeG8gZ2VyYWNpb25hbA==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZG8gZmF4
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZGVudGlmaWNhw6fDo28gZG8gZW1wcmVnYWRv
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXPDo28=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBkaXN0aW50byBYNTAw
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxTdWJvcmRpbmFkb3MgZGlyZXRvcw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: Y29tcGFueSxFbXByZXNh
+attributeDisplayNames:: Y29tbWVudCxDb21lbnTDoXJpbw==
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkbyBwYcOtcw==
+attributeDisplayNames:: Y24sTm9tZQ==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+classDisplayName:: VXN1w6FyaW8=
+cn: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=user-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: user-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=group-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIGRlIHDDoWdpbmEgZGEgV2Vi
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkZSBww6FnaW5hIGRhIFdlYiAob3V0cm9zKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkbyBncnVwbyAoYW50ZXJpb3IgYW8gV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsRW5kZXJlw6dvIGNvbWVyY2lhbA==
+attributeDisplayNames:: aW5mbyxPYnNlcnZhw6fDtWVz
+attributeDisplayNames:: bWVtYmVyLFBhcnRpY2lwYW50ZXM=
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmVuY2lhZG8gcG9y
+attributeDisplayNames:: bCxDaWRhZGU=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBkaXN0aW50byBYNTAw
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkbyBwYcOtcw==
+attributeDisplayNames:: Y24sTm9tZQ==
+classDisplayName: Grupo
+cn: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=group-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: group-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+classDisplayName:: RG9tw61uaW8=
+cn: domainDNS-Display
+instanceType: 4
+distinguishedName: CN=domainDNS-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainDNS-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=contact-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIGRlIHDDoWdpbmEgZGEgV2Vi
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkZSBww6FnaW5hIGRhIFdlYiAob3V0cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTsO6bWVybyBkZSB0ZWxleCAob3V0cm9zKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZG8gdGVsZWZvbmU=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxFbmRlcmXDp28=
+attributeDisplayNames:: c3QsVUY=
+attributeDisplayNames:: c24sU29icmVub21l
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE7Dum1lcm8gZGUgdGVsZXg=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE7Dum1lcm8gSVNETiBpbnRlcm5hY2lvbmFs
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxDYWl4YSBwb3N0YWw=
+attributeDisplayNames:: cG9zdGFsQ29kZSxDRVA=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsRW5kZXJlw6dvIGNvbWVyY2lhbA==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGFnZXIsTsO6bWVybyBkbyBwYWdlcg==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTsO6bWVybyBkZSB0ZWxlZm9uZSAob3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOw7ptZXJvIGRvIHBhZ2VyIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTsO6bWVybyBkbyBjZWx1bGFyIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVuZGVyZcOnbyBkZSBjb3JyZWlvIGVsZXRyw7RuaWNvIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJJcFBob25lLFRlbGVmb25lIElQIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTsO6bWVybyBkZSB0ZWxlZm9uZSByZXNpZGVuY2lhbCAob3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTsO6bWVybyBkbyBmYXggKG91dHJvcyk=
+attributeDisplayNames:: bW9iaWxlLE7Dum1lcm8gZG8gY2VsdWxhcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWd1bmRvIG5vbWU=
+attributeDisplayNames:: bWVtYmVyT2YsUGFydGljaXBhw6fDo28gbm8gZ3J1cG8=
+attributeDisplayNames:: bWFuYWdlcixHZXJlbnRl
+attributeDisplayNames:: bWFpbCxFbmRlcmXDp28gZGUgY29ycmVpbyBlbGV0csO0bmljbw==
+attributeDisplayNames:: bCxDaWRhZGU=
+attributeDisplayNames:: aXBQaG9uZSxUZWxlZm9uZSBJUA==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTsO6bWVybyBJU0ROIGludGVybmFjaW9uYWwgKG91dHJvcyk=
+attributeDisplayNames:: aW5mbyxPYnNlcnZhw6fDtWVz
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhaXM=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRW5kZXJlw6dvIHJlc2lkZW5jaWFs
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25lIHJlc2lkZW5jaWFs
+attributeDisplayNames:: Z2l2ZW5OYW1lLFByZW5vbWU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpeG8gZ2VyYWNpb25hbA==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZG8gZmF4
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZGVudGlmaWNhw6fDo28gZG8gZW1wcmVnYWRv
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXPDo28=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBkaXN0aW50byBYNTAw
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tZSBwYXJhIGV4aWJpw6fDo28=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxTdWJvcmRpbmFkb3MgZGlyZXRvcw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: Y29tcGFueSxFbXByZXNh
+attributeDisplayNames:: Y29tbWVudCxDb21lbnTDoXJpbw==
+attributeDisplayNames:: Y24sTm9tZQ==
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkbyBwYcOtcw==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+classDisplayName: Contato
+cn: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=contact-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: contact-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=domainPolicy-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: RGlyZXRpdmEgZGUgZG9tw61uaW8=
+cn: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=domainPolicy-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=localPolicy-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Diretiva local
+cn: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=localPolicy-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: localPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serviceAdministrationPoint-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U2VydmnDp28=
+cn: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serviceAdministrationPoint-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=computer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkbyBjb21wdXRhZG9yIChhbnRlcmlvciBhbyBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixWZXJzw6NvIGRvIHNpc3RlbWEgb3BlcmFjaW9uYWw=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLFNpc3RlbWEgb3BlcmFjaW9uYWw=
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmVuY2lhZG8gcG9y
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+classDisplayName: Computador
+cn: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+instanceType: 4
+distinguishedName: CN=computer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: computer-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=printQueue-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixWZXJzw6NvIGRvIG9iamV0bw==
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkZSBww6FnaW5hIGRhIFdlYg==
+attributeDisplayNames:: c2VydmVyTmFtZSxOb21lIGRvIHNlcnZpZG9y
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxGb3JuZWNlIHN1cG9ydGUgYSBncmFtcGVhbWVudG8=
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTm9tZSBkbyBjb21wYXJ0aWxoYW1lbnRv
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxQw6FnaW5hcyBwb3IgbWludXRv
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxVbmlkYWRlcyBkZSB2ZWxvY2lkYWRl
+attributeDisplayNames:: cHJpbnRSYXRlLFZlbG9jaWRhZGU=
+attributeDisplayNames:: cHJpbnRPd25lcixOb21lIGRvIHByb3ByaWV0w6FyaW8=
+attributeDisplayNames:: cHJpbnRNZW1vcnksTWVtw7NyaWEgaW5zdGFsYWRh
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxUaXBvcyBkZSBwYXBlbCBwYXJhIG9zIHF1YWlzIGjDoSBzdXBvcnRl
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFBhcGVsIGRpc3BvbsOtdmVs
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLFJlc29sdcOnw6NvIG3DoXhpbWE=
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxMaW5ndWFnZW0gZGUgaW1wcmVzc8Ojbw==
+attributeDisplayNames:: cHJpbnRlck5hbWUsTm9tZQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsRm9ybmVjZSBzdXBvcnRlIGEgaW1wcmVzc8OjbyBkb3MgZG9pcyBsYWRvcw==
+attributeDisplayNames:: cHJpbnRDb2xvcixGb3JuZWNlIHN1cG9ydGUgYSBpbXByZXNzw6NvIGNvbG9yaWRh
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLEZvcm5lY2Ugc3Vwb3J0ZSBhIGludGVyY2FsYcOnw6Nv
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxCYW5kZWphcyBkZSBlbnRyYWRh
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydGE=
+attributeDisplayNames:: bG9jYXRpb24sTG9jYWw=
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQ29tZW50w6FyaW8=
+attributeDisplayNames:: Y29udGFjdE5hbWUsQ29udGF0bw==
+attributeDisplayNames:: YXNzZXROdW1iZXIsTsO6bWVybyBkbyBhdGl2bw==
+attributeDisplayNames:: dU5DTmFtZSxOb21lIGRhIHJlZGU=
+attributeDisplayNames:: Y24sTm9tZSBkbyBzZXJ2acOnbyBkZSBkaXJldMOzcmlv
+classDisplayName: Impressora
+cn: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=printQueue-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: printQueue-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=site-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Site
+cn: site-Display
+instanceType: 4
+distinguishedName: CN=site-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: site-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=server-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Servidor
+cn: server-Display
+instanceType: 4
+distinguishedName: CN=server-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: server-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: Q29uZmlndXJhw6fDtWVz
+cn: nTDSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSDSA-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: Q29uZmlndXJhw6fDtWVzIGRvIGNvbnRyb2xhZG9yIGRlIGRvbcOtbmlv
+cn: nTDSDSA-Display
+instanceType: 4
+distinguishedName: CN=nTDSDSA-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSDSA-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSConnection-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: Q29uZXjDo28=
+cn: nTDSConnection-Display
+instanceType: 4
+distinguishedName: CN=nTDSConnection-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSConnection-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: Q29uZmlndXJhw6fDtWVzIGRvIHNlcnZpw6dvIGRlIGR1cGxpY2HDp8OjbyBkZSBhcnF1aXZvcw==
+cn: nTFRSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSReplicaSet-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: Q29uanVudG8gZGUgcsOpcGxpY2FzIGRvIHNlcnZpw6dvIGRlIGR1cGxpY2HDp8OjbyBkZSBhcnF1aXZvcw==
+cn: nTFRSReplicaSet-Display
+instanceType: 4
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSReplicaSet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnet-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Sub-rede
+cn: subnet-Display
+instanceType: 4
+distinguishedName: CN=subnet-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLink-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Link do site
+cn: siteLink-Display
+instanceType: 4
+distinguishedName: CN=siteLink-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLinkBridge-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Ponte de links do site
+cn: siteLinkBridge-Display
+instanceType: 4
+distinguishedName: CN=siteLinkBridge-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLinkBridge-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransport-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Transporte entre sites
+cn: interSiteTransport-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransport-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransport-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=licensingSiteSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: Q29uZmlndXJhw6fDtWVzIGRvIHNpdGUgZGUgbGljZW5jaWFtZW50bw==
+cn: licensingSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=licensingSiteSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: licensingSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSiteSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: Q29uZmlndXJhw6fDtWVzIGRvIHNpdGU=
+cn: nTDSSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSiteSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSMember-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: UGFydGljaXBhbnRlIGRvIHNlcnZpw6dvIGRlIHJlcGxpY2HDp8OjbyBkZSBhcnF1aXZvcw==
+cn: nTFRSMember-Display
+instanceType: 4
+distinguishedName: CN=nTFRSMember-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSMember-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriber-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: QXNzaW5hbnRlIGRvIHNlcnZpw6dvIGRlIGR1cGxpY2HDp8OjbyBkZSBhcnF1aXZvcw==
+cn: nTFRSSubscriber-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriber-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriber-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriptions-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: QXNzaW5hdHVyYXMgZG8gc2VydmnDp28gZGUgZHVwbGljYcOnw6NvIGRlIGFycXVpdm9z
+cn: nTFRSSubscriptions-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriptions-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=organizationalUnit-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmVuY2lhZG8gcG9y
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: b3UsTm9tZQ==
+classDisplayName: Unidade organizacional
+cn: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=organizationalUnit-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: organizationalUnit-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=container-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+classDisplayName: Recipiente
+cn: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=container-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: container-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=rpcContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+classDisplayName:: U2VydmnDp29zIGRlIGNoYW1hZGEgYSBwcm9jZWRpbWVudG9zIHJlbW90b3M=
+cn: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=rpcContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: rpcContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=trustedDomain-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+classDisplayName:: RG9tw61uaW8gY29uZmnDoXZlbA==
+cn: trustedDomain-Display
+instanceType: 4
+distinguishedName: CN=trustedDomain-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: trustedDomain-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=volume-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dU5DTmFtZSxDYW1pbmhvIGRlIHJlZGU=
+attributeDisplayNames:: a2V5d29yZHMsUGFsYXZyYXMtY2hhdmU=
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmVuY2lhZG8gcG9y
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+classDisplayName: Pasta compartilhada
+cn: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=volume-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: volume-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQQueue-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: Fila MSMQ
+cn: mSMQQueue-Display
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+iconPath: 0,mqsnap.dll,-251
+instanceType: 4
+distinguishedName: CN=mSMQQueue-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQQueue-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: Q29uZmlndXJhw6fDo28gTVNNUQ==
+cn: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+instanceType: 4
+distinguishedName: CN=mSMQConfiguration-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQConfiguration-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: Empreendimento MSMQ
+cn: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+instanceType: 4
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQEnterpriseSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQMigratedUser-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: VXN1w6FyaW8gYXR1YWxpemFkbyBNU01R
+cn: mSMQMigratedUser-Display
+instanceType: 4
+distinguishedName: CN=mSMQMigratedUser-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQMigratedUser-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSiteLink-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: Link de roteamento MSMQ
+cn: mSMQSiteLink-Display
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+iconPath: 0,mqsnap.dll,-254
+instanceType: 4
+distinguishedName: CN=mSMQSiteLink-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSiteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: Q29uZmlndXJhw6fDtWVzIE1TTVE=
+cn: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+instanceType: 4
+distinguishedName: CN=mSMQSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=remoteStorageServicePoint-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,&Gerenciar...,RsAdmin.msc
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames: cn,Nome
+classDisplayName:: U2VydmnDp28gZGUgYXJtYXplbmFtZW50byByZW1vdG8=
+cn: remoteStorageServicePoint-Display
+instanceType: 4
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: remoteStorageServicePoint-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+cn: default-Display
+instanceType: 4
+distinguishedName: CN=default-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: default-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=sitesContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Recipiente de sites
+cn: sitesContainer-Display
+instanceType: 4
+distinguishedName: CN=sitesContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: sitesContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransportContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Recipiente de transportes entre sites
+cn: interSiteTransportContainer-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransportContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransportContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnetContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Recipiente de sub-redes
+cn: subnetContainer-Display
+instanceType: 4
+distinguishedName: CN=subnetContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnetContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serversContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Recipiente de servidores
+cn: serversContainer-Display
+instanceType: 4
+distinguishedName: CN=serversContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serversContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSService-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2VydmnDp28gQWN0aXZlIERpcmVjdG9yeQ==
+cn: nTDSService-Display
+instanceType: 4
+distinguishedName: CN=nTDSService-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSService-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=queryPolicy-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Diretiva de consulta
+cn: queryPolicy-Display
+instanceType: 4
+distinguishedName: CN=queryPolicy-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: queryPolicy-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=foreignSecurityPrincipal-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+classDisplayName:: UHJpbmNpcGFsIHNlZ3VyYW7Dp2EgZXh0ZXJuYQ==
+cn: foreignSecurityPrincipal-Display
+instanceType: 4
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: foreignSecurityPrincipal-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=pKICertificateTemplate-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+classDisplayName: Modelo de certificado
+cn: pKICertificateTemplate-Display
+contextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+iconPath: 0,capesnpn.dll,-227
+instanceType: 4
+distinguishedName: CN=pKICertificateTemplate-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: pKICertificateTemplate-Display
+shellPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+instanceType: 4
+distinguishedName: CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: container
+showInAdvancedViewOnly: TRUE
+
+dn: CN=DS-UI-Default-Settings,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+cn: DS-UI-Default-Settings
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+instanceType: 4
+distinguishedName: CN=DS-UI-Default-Settings,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: dSUISettings
+name: DS-UI-Default-Settings
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorGroup-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror Group
+cn: IntellimirrorGroup-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorGroup-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorGroup-Display
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorSCP-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror Service
+cn: IntellimirrorSCP-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorSCP-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorSCP-Display
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=user-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIOODmuODvOOCuCDjgqLjg4njg6zjgrk=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs44Ot44Kw44Kq44Oz5ZCN
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzjg63jgrDjgqrjg7PjgafjgY3jgovjg6/jg7zjgq/jgrnjg4bjg7zjgrfjg6fjg7M=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs6KGo56S65ZCN
+attributeDisplayNames:: dXJsLFdlYiDjg5rjg7zjgrgg44Ki44OJ44Os44K5ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: dGl0bGUs5b256IG3
+attributeDisplayNames:: dGVsZXhOdW1iZXIs44OG44Os44OD44Kv44K555Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOmbu+ipseeVquWPtw==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyznlarlnLA=
+attributeDisplayNames:: c3Qs6YO96YGT5bqc55yM
+attributeDisplayNames:: c24s5aeT
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs44Ot44Kw44Kq44Oz5ZCNIChXaW5kb3dzIDIwMDAg5Lul5YmNKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOODhuODrOODg+OCr+OCueeVquWPtw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWbvemamyBJU0ROIOeVquWPtw==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCznp4Hmm7jnrrE=
+attributeDisplayNames:: cG9zdGFsQ29kZSzpg7Xkvr/nlarlj7c=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5LqL5qWt5omA
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzmlaznp7A=
+attributeDisplayNames:: cGFnZXIs44Od44Kx44OD44OI44OZ44Or55Wq5Y+3
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJQYWdlcizjg53jgrHjg4Pjg4jjg5njg6vnlarlj7cgKOOBneOBruS7lik=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs44Oi44OQ44Kk44Or6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOmbu+WtkOODoeODvOODqyDjgqLjg4njg6zjgrkgKOOBneOBruS7lik=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOmbu+ipseeVquWPtyAo44Gd44Gu5LuWKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs6Ieq5a6F6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRkFYIOeVquWPtyAo44Gd44Gu5LuWKQ==
+attributeDisplayNames:: aW5mbyzjg6Hjg6I=
+attributeDisplayNames:: bW9iaWxlLOODouODkOOCpOODq+mbu+ipseeVquWPtw==
+attributeDisplayNames:: bWlkZGxlTmFtZSzjg5/jg4njg6sg44ON44O844Og
+attributeDisplayNames:: bWVtYmVyT2Ys44Kw44Or44O844OXIOODoeODs+ODkOOCt+ODg+ODlw==
+attributeDisplayNames:: bWFuYWdlcizkuIrlj7g=
+attributeDisplayNames:: bWFpbCzpm7vlrZDjg6Hjg7zjg6sg44Ki44OJ44Os44K5
+attributeDisplayNames:: bCzluILljLrnlLrmnZE=
+attributeDisplayNames:: aXBQaG9uZSxJUCDpm7voqbHnlarlj7c=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5Zu96ZqbIElTRE4g55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: aW5pdGlhbHMs44Kk44OL44K344Oj44Or
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms6Ieq5a6F5L2P5omA
+attributeDisplayNames:: aG9tZVBob25lLOiHquWuhembu+ipseeVquWPtw==
+attributeDisplayNames:: aG9tZURyaXZlLOODm+ODvOODoCDjg4njg6njgqTjg5Y=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzjg5vjg7zjg6Ag44OV44Kp44Or44OA
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjQ==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizlkI3liY3jgrXjg5XjgqPjg4Pjgq/jgrk=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZBWCDnlarlj7c=
+attributeDisplayNames:: ZW1wbG95ZWVJRCznpL7lk6EgSUQ=
+attributeDisplayNames:: ZGl2aXNpb24s5pys6YOo
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDorZjliKXlkI0=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXloLHlkYrogIU=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jnvbI=
+attributeDisplayNames:: Y29tcGFueSzkvJrnpL7lkI0=
+attributeDisplayNames:: Y29tbWVudCzjgrPjg6Hjg7Pjg4g=
+attributeDisplayNames:: Y28s5Zu9
+attributeDisplayNames:: Yyzlm73jga7nlaXlkI0=
+attributeDisplayNames:: Y24s5ZCN5YmN
+attributeDisplayNames:: YXNzaXN0YW50LOOCouOCt+OCueOCv+ODs+ODiA==
+classDisplayName:: 44Om44O844K244O8
+cn: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=user-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: user-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=group-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIOODmuODvOOCuCDjgqLjg4njg6zjgrk=
+attributeDisplayNames:: dXJsLFdlYiDjg5rjg7zjgrgg44Ki44OJ44Os44K5ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs44Kw44Or44O844OX5ZCNIChXaW5kb3dzIDIwMDAg5Lul5YmNKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5LqL5qWt5omA
+attributeDisplayNames:: aW5mbyzjg6Hjg6I=
+attributeDisplayNames:: bWVtYmVyLOODoeODs+ODkA==
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: bCzluILljLrnlLrmnZE=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDorZjliKXlkI0=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Yyzlm73jga7nlaXlkI0=
+attributeDisplayNames:: Y24s5ZCN5YmN
+classDisplayName:: 44Kw44Or44O844OX
+cn: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=group-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: group-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+classDisplayName:: 44OJ44Oh44Kk44Oz
+cn: domainDNS-Display
+instanceType: 4
+distinguishedName: CN=domainDNS-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainDNS-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=contact-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIOODmuODvOOCuCDjgqLjg4njg6zjgrk=
+attributeDisplayNames:: dXJsLFdlYiDjg5rjg7zjgrgg44Ki44OJ44Os44K5ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: dGl0bGUs5b256IG3
+attributeDisplayNames:: dGVsZXhOdW1iZXIs44OG44Os44OD44Kv44K555Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOmbu+ipseeVquWPtw==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyznlarlnLA=
+attributeDisplayNames:: c3Qs6YO96YGT5bqc55yM
+attributeDisplayNames:: c24s5aeT
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOODhuODrOODg+OCr+OCueeVquWPtw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWbvemamyBJU0ROIOeVquWPtw==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCznp4Hmm7jnrrE=
+attributeDisplayNames:: cG9zdGFsQ29kZSzpg7Xkvr/nlarlj7c=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5LqL5qWt5omA
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzmlaznp7A=
+attributeDisplayNames:: cGFnZXIs44Od44Kx44OD44OI44OZ44Or55Wq5Y+3
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJQYWdlcizjg53jgrHjg4Pjg4jjg5njg6vnlarlj7cgKOOBneOBruS7lik=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs44Oi44OQ44Kk44Or6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOmbu+WtkOODoeODvOODqyDjgqLjg4njg6zjgrkgKOOBneOBruS7lik=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOmbu+ipseeVquWPtyAo44Gd44Gu5LuWKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs6Ieq5a6F6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRkFYIOeVquWPtyAo44Gd44Gu5LuWKQ==
+attributeDisplayNames:: bW9iaWxlLOODouODkOOCpOODq+mbu+ipseeVquWPtw==
+attributeDisplayNames:: bWlkZGxlTmFtZSzjg5/jg4njg6sg44ON44O844Og
+attributeDisplayNames:: bWVtYmVyT2Ys44Kw44Or44O844OXIOODoeODs+ODkOOCt+ODg+ODlw==
+attributeDisplayNames:: bWFuYWdlcizkuIrlj7g=
+attributeDisplayNames:: bWFpbCzpm7vlrZDjg6Hjg7zjg6sg44Ki44OJ44Os44K5
+attributeDisplayNames:: bCzluILljLrnlLrmnZE=
+attributeDisplayNames:: aXBQaG9uZSxJUCDpm7voqbHnlarlj7c=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5Zu96ZqbIElTRE4g55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: aW5mbyzjg6Hjg6I=
+attributeDisplayNames:: aW5pdGlhbHMs44Kk44OL44K344Oj44Or
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms6Ieq5a6F5L2P5omA
+attributeDisplayNames:: aG9tZVBob25lLOiHquWuhembu+ipseeVquWPtw==
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjQ==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizlkI3liY3jgrXjg5XjgqPjg4Pjgq/jgrk=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZBWCDnlarlj7c=
+attributeDisplayNames:: ZW1wbG95ZWVJRCznpL7lk6EgSUQ=
+attributeDisplayNames:: ZGl2aXNpb24s5pys6YOo
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDorZjliKXlkI0=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs6KGo56S65ZCN
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXloLHlkYrogIU=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jnvbI=
+attributeDisplayNames:: Y29tcGFueSzkvJrnpL7lkI0=
+attributeDisplayNames:: Y29tbWVudCzjgrPjg6Hjg7Pjg4g=
+attributeDisplayNames:: Y24s5ZCN5YmN
+attributeDisplayNames:: Y28s5Zu9
+attributeDisplayNames:: Yyzlm73jga7nlaXlkI0=
+attributeDisplayNames:: YXNzaXN0YW50LOOCouOCt+OCueOCv+ODs+ODiA==
+classDisplayName:: 6YCj57Wh5YWI
+cn: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=contact-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: contact-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=domainPolicy-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 44OJ44Oh44Kk44OzIOODneODquOCt+ODvA==
+cn: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=domainPolicy-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=localPolicy-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 44Ot44O844Kr44OrIOODneODquOCt+ODvA==
+cn: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=localPolicy-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: localPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serviceAdministrationPoint-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 44K144O844OT44K5
+cn: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serviceAdministrationPoint-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=computer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs44Kz44Oz44OU44Ol44O844K/5ZCNIChXaW5kb3dzIDIwMDAg5Lul5YmNKQ==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizjgqrjg5rjg6zjg7zjg4bjgqPjg7PjgrAg44K344K544OG44Og44Gu44OQ44O844K444On44Oz
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLOOCquODmuODrOODvOODhuOCo+ODs+OCsCDjgrfjgrnjg4bjg6A=
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+classDisplayName:: 44Kz44Oz44OU44Ol44O844K/
+cn: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+instanceType: 4
+distinguishedName: CN=computer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: computer-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=printQueue-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcizjgqrjg5bjgrjjgqfjgq/jg4jjga7jg5Djg7zjgrjjg6fjg7M=
+attributeDisplayNames:: dXJsLFdlYiDjg5rjg7zjgrgg44Ki44OJ44Os44K5
+attributeDisplayNames:: c2VydmVyTmFtZSzjgrXjg7zjg5Djg7zlkI0=
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzjg5vjg4Hjgq3jgrnmraLjgoHjgpLjgrXjg53jg7zjg4g=
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUs5YWx5pyJ5ZCN
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzjg5rjg7zjgrgv5YiG
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzpgJ/luqbjga7ljZjkvY0=
+attributeDisplayNames:: cHJpbnRSYXRlLOmAn+W6pg==
+attributeDisplayNames:: cHJpbnRPd25lcizmiYDmnInogIXlkI0=
+attributeDisplayNames:: cHJpbnRNZW1vcnks44Kk44Oz44K544OI44O844Or44GV44KM44Gf44Oh44Oi44Oq
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzjgrXjg53jg7zjg4jjgZXjgozjgovnlKjntJnjga7nqK7poZ4=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LOWIqeeUqOWPr+iDveOBqueUqOe0mQ==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLOacgOmrmOino+WDj+W6pg==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSzjg5fjg6rjg7Pjgr/oqIDoqp4=
+attributeDisplayNames:: cHJpbnRlck5hbWUs5ZCN5YmN
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQs5Lih6Z2i5Y2w5Yi344KS44K144Od44O844OI
+attributeDisplayNames:: cHJpbnRDb2xvcizjgqvjg6njg7zljbDliLfjgpLjgrXjg53jg7zjg4g=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLOS4geWQiOOBhOOCkuOCteODneODvOODiA==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzlhaXlipvjg4jjg6zjgqQ=
+attributeDisplayNames:: cG9ydE5hbWUs44Od44O844OI
+attributeDisplayNames:: bG9jYXRpb24s5aC05omA
+attributeDisplayNames:: ZHJpdmVyTmFtZSzjg6Ljg4fjg6s=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s44Kz44Oh44Oz44OI
+attributeDisplayNames:: Y29udGFjdE5hbWUs6YCj57Wh5YWI
+attributeDisplayNames:: YXNzZXROdW1iZXIs6LOH55Sj55Wq5Y+3
+attributeDisplayNames:: dU5DTmFtZSzjg43jg4Pjg4jjg6/jg7zjgq/lkI0=
+attributeDisplayNames:: Y24s44OH44Kj44Os44Kv44OI44OqIOOCteODvOODk+OCueWQjQ==
+classDisplayName:: 44OX44Oq44Oz44K/
+cn: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=printQueue-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: printQueue-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=site-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 44K144Kk44OI
+cn: site-Display
+instanceType: 4
+distinguishedName: CN=site-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: site-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=server-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 44K144O844OQ44O8
+cn: server-Display
+instanceType: 4
+distinguishedName: CN=server-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: server-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 6Kit5a6a
+cn: nTDSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSDSA-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 44OJ44Oh44Kk44OzIOOCs+ODs+ODiOODreODvOODqeOBruioreWumg==
+cn: nTDSDSA-Display
+instanceType: 4
+distinguishedName: CN=nTDSDSA-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSDSA-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSConnection-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 5o6l57aa
+cn: nTDSConnection-Display
+instanceType: 4
+distinguishedName: CN=nTDSConnection-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSConnection-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOioreWumg==
+cn: nTFRSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSReplicaSet-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOikh+ijveeJqeOCu+ODg+ODiA==
+cn: nTFRSReplicaSet-Display
+instanceType: 4
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSReplicaSet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnet-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 44K144OW44ON44OD44OI
+cn: subnet-Display
+instanceType: 4
+distinguishedName: CN=subnet-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLink-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 44K144Kk44OIIOODquODs+OCrw==
+cn: siteLink-Display
+instanceType: 4
+distinguishedName: CN=siteLink-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLinkBridge-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 44K144Kk44OIIOODquODs+OCryDjg5bjg6rjg4Pjgrg=
+cn: siteLinkBridge-Display
+instanceType: 4
+distinguishedName: CN=siteLinkBridge-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLinkBridge-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransport-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 44K144Kk44OI6ZaT44OI44Op44Oz44K544Od44O844OI
+cn: interSiteTransport-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransport-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransport-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=licensingSiteSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 44Op44Kk44K744Oz44K5IOOCteOCpOODiOOBruioreWumg==
+cn: licensingSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=licensingSiteSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: licensingSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSiteSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: 44K144Kk44OI44Gu6Kit5a6a
+cn: nTDSSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSiteSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSMember-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOODoeODs+ODkA==
+cn: nTFRSMember-Display
+instanceType: 4
+distinguishedName: CN=nTFRSMember-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSMember-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriber-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOOCteODluOCueOCr+ODqeOCpOODkA==
+cn: nTFRSSubscriber-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriber-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriber-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriptions-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOOCteODluOCueOCr+ODquODl+OCt+ODp+ODsw==
+cn: nTFRSSubscriptions-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriptions-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=organizationalUnit-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: b3Us5ZCN5YmN
+classDisplayName:: 57WE57mU5Y2Y5L2NIChPVSk=
+cn: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=organizationalUnit-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: organizationalUnit-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=container-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+classDisplayName:: 44Kz44Oz44OG44OK
+cn: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=container-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: container-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=rpcContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+classDisplayName:: UlBDIOOCteODvOODk+OCuQ==
+cn: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=rpcContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: rpcContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=trustedDomain-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+classDisplayName:: 5L+h6aC844GV44KM44KL5YG044Gu44OJ44Oh44Kk44Oz
+cn: trustedDomain-Display
+instanceType: 4
+distinguishedName: CN=trustedDomain-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: trustedDomain-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=volume-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dU5DTmFtZSzjg43jg4Pjg4jjg6/jg7zjgq8g44OR44K5
+attributeDisplayNames:: a2V5d29yZHMs44Kt44O844Ov44O844OJ
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+classDisplayName:: 5YWx5pyJ44OV44Kp44Or44OA
+cn: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=volume-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: volume-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQQueue-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDjgq3jg6Xjg7w=
+cn: mSMQQueue-Display
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+iconPath: 0,mqsnap.dll,-251
+instanceType: 4
+distinguishedName: CN=mSMQQueue-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQQueue-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDmp4vmiJA=
+cn: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+instanceType: 4
+distinguishedName: CN=mSMQConfiguration-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQConfiguration-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUSDjgqjjg7Pjgr/jg5fjg6njgqTjgro=
+cn: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+instanceType: 4
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQEnterpriseSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQMigratedUser-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUSDjgqLjg4Pjg5fjgrDjg6zjg7zjg4nmuIjjgb/jg6bjg7zjgrbjg7w=
+cn: mSMQMigratedUser-Display
+instanceType: 4
+distinguishedName: CN=mSMQMigratedUser-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQMigratedUser-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSiteLink-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDjg6vjg7zjg4bjgqPjg7PjgrAg44Oq44Oz44Kv
+cn: mSMQSiteLink-Display
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+iconPath: 0,mqsnap.dll,-254
+instanceType: 4
+distinguishedName: CN=mSMQSiteLink-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSiteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDoqK3lrpo=
+cn: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+instanceType: 4
+distinguishedName: CN=mSMQSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=remoteStorageServicePoint-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu:: MCznrqHnkIYoJk0pLi4uLFJzQWRtaW4ubXNj
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: Y24s5ZCN5YmN
+classDisplayName:: 44Oq44Oi44O844OI6KiY5oa25Z+f44K144O844OT44K5
+cn: remoteStorageServicePoint-Display
+instanceType: 4
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: remoteStorageServicePoint-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+cn: default-Display
+instanceType: 4
+distinguishedName: CN=default-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: default-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=sitesContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 44K144Kk44OIIOOCs+ODs+ODhuODig==
+cn: sitesContainer-Display
+instanceType: 4
+distinguishedName: CN=sitesContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: sitesContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransportContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 44K144Kk44OI6ZaT44OI44Op44Oz44K544Od44O844OIIOOCs+ODs+ODhuODig==
+cn: interSiteTransportContainer-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransportContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransportContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnetContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 44K144OW44ON44OD44OIIOOCs+ODs+ODhuODig==
+cn: subnetContainer-Display
+instanceType: 4
+distinguishedName: CN=subnetContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnetContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serversContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 44K144O844OQ44O8IOOCs+ODs+ODhuODig==
+cn: serversContainer-Display
+instanceType: 4
+distinguishedName: CN=serversContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serversContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSService-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeSDjgrXjg7zjg5Pjgrk=
+cn: nTDSService-Display
+instanceType: 4
+distinguishedName: CN=nTDSService-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSService-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=queryPolicy-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 44Kv44Ko44OqIOODneODquOCt+ODvA==
+cn: queryPolicy-Display
+instanceType: 4
+distinguishedName: CN=queryPolicy-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: queryPolicy-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=foreignSecurityPrincipal-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+classDisplayName:: 5aSW6YOo44Gu44K744Kt44Ol44Oq44OG44KjIOODl+ODquODs+OCt+ODkeODqw==
+cn: foreignSecurityPrincipal-Display
+instanceType: 4
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: foreignSecurityPrincipal-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=pKICertificateTemplate-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+classDisplayName:: 6Ki85piO5pu444OG44Oz44OX44Os44O844OI
+cn: pKICertificateTemplate-Display
+contextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+iconPath: 0,capesnpn.dll,-227
+instanceType: 4
+distinguishedName: CN=pKICertificateTemplate-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: pKICertificateTemplate-Display
+shellPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+instanceType: 4
+distinguishedName: CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: container
+showInAdvancedViewOnly: TRUE
+
+dn: CN=DS-UI-Default-Settings,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+cn: DS-UI-Default-Settings
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+instanceType: 4
+distinguishedName: CN=DS-UI-Default-Settings,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: dSUISettings
+name: DS-UI-Default-Settings
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorGroup-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvci1yeWhtw6Q=
+cn: IntellimirrorGroup-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorGroup-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorGroup-Display
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorSCP-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror-palvelu
+cn: IntellimirrorSCP-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorSCP-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorSCP-Display
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=user-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViLW9zb2l0ZQ==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsS2lyamF1dHVtaXNuaW1p
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxLaXJqYXV0dW1pc3R5w7Zhc2VtYXQ=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTsOkeXR0w7ZuaW1p
+attributeDisplayNames:: dXJsLFdlYi1zaXZ1biBvc29pdGUgKG11dXQp
+attributeDisplayNames:: dGl0bGUsVGVodMOkdsOkbmltaWtl
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzaSAobXV1dCk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFB1aGVsaW5udW1lcm8=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxLYXR1b3NvaXRl
+attributeDisplayNames:: c3QsT3NhdmFsdGlvIHRhaSBwcm92aW5zc2k=
+attributeDisplayNames:: c24sU3VrdW5pbWk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsS2lyamF1dHVtaXNuaW1pIChXaW5kb3dzIDIwMDA6dGEgZWRlbHTDpHbDpHQgdmVyc2lvdCk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrc2k=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEthbnNhaW52w6RsaW5lbiBJU0ROLW51bWVybw==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0aWxva2Vybw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0aW51bWVybw==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVG9pbWlzdG9uIHNpamFpbnRp
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUZWh0w6R2w6Q=
+attributeDisplayNames:: cGFnZXIsSGFrdWxhaXR0ZWVuIG51bWVybw==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsUHVoZWxpbm51bWVybyAobXV1dCk=
+attributeDisplayNames:: b3RoZXJQYWdlcixIYWt1bGFpdHRlZW4gbnVtZXJvIChtdXV0KQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTWF0a2FwdWhlbGluIChtdXV0KQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LFPDpGhrw7Zwb3N0aW9zb2l0ZSAobXV1dCk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXB1aGVsaW5udW1lcm8gKG11dXQp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsS290aXB1aGVsaW5udW1lcm8gKG11dXQp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmFrc2ludW1lcm8gKG11dXQp
+attributeDisplayNames:: aW5mbyxIdW9tYXV0dWtzaWE=
+attributeDisplayNames:: bW9iaWxlLE1hdGthcHVoZWxpbg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxUb2luZW4gbmltaQ==
+attributeDisplayNames:: bWVtYmVyT2YsUnlobcOkbiBqw6RzZW55eXM=
+attributeDisplayNames:: bWFuYWdlcixFc2ltaWVz
+attributeDisplayNames:: bWFpbCxTw6Roa8O2cG9zdGlvc29pdGU=
+attributeDisplayNames:: bCxLYXVwdW5raQ==
+attributeDisplayNames:: aXBQaG9uZSxJUC1wdWhlbGlubnVtZXJv
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsS2Fuc2FpbnbDpGxpbmVuIElTRE4tbnVtZXJvIChtdXV0KQ==
+attributeDisplayNames:: aW5pdGlhbHMsTmltaWtpcmphaW1ldA==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsS290aW9zb2l0ZQ==
+attributeDisplayNames:: aG9tZVBob25lLEtvdGlwdWhlbGlu
+attributeDisplayNames:: aG9tZURyaXZlLEtvdGlhc2VtYQ==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxLb3Rpa2Fuc2lv
+attributeDisplayNames:: Z2l2ZW5OYW1lLEV0dW5pbWk=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOaW1lbiBsaWl0ZQ==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZha3NpbnVtZXJv
+attributeDisplayNames:: ZW1wbG95ZWVJRCxUecO2bnRla2lqw6R0dW5udXM=
+attributeDisplayNames:: ZGl2aXNpb24sSmFvc3Rv
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMC1uaW1p
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxBbGFpc2V0
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPc2FzdG8=
+attributeDisplayNames:: Y29tcGFueSxZcml0eXM=
+attributeDisplayNames:: Y29tbWVudCxIdW9tYXV0dXM=
+attributeDisplayNames:: Y28sTWFh
+attributeDisplayNames:: YyxNYWFuIGx5aGVubmU=
+attributeDisplayNames:: Y24sTmltaQ==
+attributeDisplayNames:: YXNzaXN0YW50LEF2dXN0YWph
+classDisplayName:: S8OkeXR0w6Rqw6Q=
+cn: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=user-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: user-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=group-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViLW9zb2l0ZQ==
+attributeDisplayNames:: dXJsLFdlYi1zaXZ1biBvc29pdGUgKG11dXQp
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsUnlobcOkbiBuaW1pIChXaW5kb3dzIDIwMDA6dGEgZWRlbHTDpHbDpHQgdmVyc2lvdCk=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVG9pbWlzdG9uIHNpamFpbnRp
+attributeDisplayNames:: aW5mbyxIdW9tYXV0dWtzaWE=
+attributeDisplayNames:: bWVtYmVyLErDpHNlbmV0
+attributeDisplayNames:: bWFuYWdlZEJ5LFlsbMOkcGl0w6Rqw6Q=
+attributeDisplayNames:: bCxLYXVwdW5raQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMC1uaW1p
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: YyxNYWFuIGx5aGVubmU=
+attributeDisplayNames:: Y24sTmltaQ==
+classDisplayName:: UnlobcOk
+cn: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=group-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: group-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+classDisplayName: Toimialue
+cn: domainDNS-Display
+instanceType: 4
+distinguishedName: CN=domainDNS-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainDNS-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=contact-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViLW9zb2l0ZQ==
+attributeDisplayNames:: dXJsLFdlYi1zaXZ1biBvc29pdGUgKG11dXQp
+attributeDisplayNames:: dGl0bGUsVGVodMOkdsOkbmltaWtl
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzaSAobXV1dCk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFB1aGVsaW5udW1lcm8=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxLYXR1b3NvaXRl
+attributeDisplayNames:: c3QsT3NhdmFsdGlvIHRhaSBwcm92aW5zc2k=
+attributeDisplayNames:: c24sU3VrdW5pbWk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrc2k=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEthbnNhaW52w6RsaW5lbiBJU0ROLW51bWVybw==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0aWxva2Vybw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0aW51bWVybw==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVG9pbWlzdG9uIHNpamFpbnRp
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUZWh0w6R2w6Q=
+attributeDisplayNames:: cGFnZXIsSGFrdWxhaXR0ZWVuIG51bWVybw==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsUHVoZWxpbm51bWVybyAobXV1dCk=
+attributeDisplayNames:: b3RoZXJQYWdlcixIYWt1bGFpdHRlZW4gbnVtZXJvIChtdXV0KQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTWF0a2FwdWhlbGluIChtdXV0KQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LFPDpGhrw7Zwb3N0aW9zb2l0ZSAobXV1dCk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXB1aGVsaW5udW1lcm8gKG11dXQp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsS290aXB1aGVsaW5udW1lcm8gKG11dXQp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmFrc2ludW1lcm8gKG11dXQp
+attributeDisplayNames:: bW9iaWxlLE1hdGthcHVoZWxpbg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxUb2luZW4gbmltaQ==
+attributeDisplayNames:: bWVtYmVyT2YsUnlobcOkbiBqw6RzZW55eXM=
+attributeDisplayNames:: bWFuYWdlcixFc2ltaWVz
+attributeDisplayNames:: bWFpbCxTw6Roa8O2cG9zdGlvc29pdGU=
+attributeDisplayNames:: bCxLYXVwdW5raQ==
+attributeDisplayNames:: aXBQaG9uZSxJUC1wdWhlbGlubnVtZXJv
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsS2Fuc2FpbnbDpGxpbmVuIElTRE4tbnVtZXJvIChtdXV0KQ==
+attributeDisplayNames:: aW5mbyxIdW9tYXV0dWtzaWE=
+attributeDisplayNames:: aW5pdGlhbHMsTmltaWtpcmphaW1ldA==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsS290aW9zb2l0ZQ==
+attributeDisplayNames:: aG9tZVBob25lLEtvdGlwdWhlbGlu
+attributeDisplayNames:: Z2l2ZW5OYW1lLEV0dW5pbWk=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOaW1lbiBsaWl0ZQ==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZha3NpbnVtZXJv
+attributeDisplayNames:: ZW1wbG95ZWVJRCxUecO2bnRla2lqw6R0dW5udXM=
+attributeDisplayNames:: ZGl2aXNpb24sSmFvc3Rv
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMC1uaW1p
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTsOkeXR0w7ZuaW1p
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxBbGFpc2V0
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPc2FzdG8=
+attributeDisplayNames:: Y29tcGFueSxZcml0eXM=
+attributeDisplayNames:: Y29tbWVudCxIdW9tYXV0dXM=
+attributeDisplayNames:: Y24sTmltaQ==
+attributeDisplayNames:: Y28sTWFh
+attributeDisplayNames:: YyxNYWFuIGx5aGVubmU=
+attributeDisplayNames:: YXNzaXN0YW50LEF2dXN0YWph
+classDisplayName:: WWh0ZXlzaGVua2lsw7Y=
+cn: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=contact-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: contact-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=domainPolicy-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: VG9pbWlhbHVlZW4ga8OkeXTDpG50w7Y=
+cn: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=domainPolicy-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=localPolicy-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: UGFpa2FsbGluZW4ga8OkeXTDpG50w7Y=
+cn: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=localPolicy-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: localPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serviceAdministrationPoint-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Palvelu
+cn: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serviceAdministrationPoint-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=computer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsVGlldG9rb25lZW4gbmltaSAoV2luZG93cyAyMDAwOnRhIGVkZWx0w6R2w6R0IHZlcnNpb3Qp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixLw6R5dHTDtmrDpHJqZXN0ZWxtw6R2ZXJzaW8=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLEvDpHl0dMO2asOkcmplc3RlbG3DpA==
+attributeDisplayNames:: bWFuYWdlZEJ5LFlsbMOkcGl0w6Rqw6Q=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: Y24sTmltaQ==
+classDisplayName: Tietokone
+cn: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+instanceType: 4
+distinguishedName: CN=computer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: computer-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=printQueue-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixPYmpla3RpbiB2ZXJzaW8=
+attributeDisplayNames:: dXJsLFdlYi1vc29pdGU=
+attributeDisplayNames:: c2VydmVyTmFtZSxQYWx2ZWxpbm5pbWk=
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxUdWtlZSBuaWRvbnRhYQ==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsSmFrb25pbWk=
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxTaXZ1amEgbWludXV0aXNzYQ==
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxOb3BldXN5a3Npa8O2dA==
+attributeDisplayNames:: cHJpbnRSYXRlLE5vcGV1cw==
+attributeDisplayNames:: cHJpbnRPd25lcixPbWlzdGFqYW4gbmltaQ==
+attributeDisplayNames:: cHJpbnRNZW1vcnksQXNlbm5ldHR1IG11aXN0aQ==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxUdWV0dXQgcGFwZXJpdHl5cGl0
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LEvDpHl0ZXR0w6R2aXNzw6Qgb2xldmF0IHBhcGVyaXQ=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLEVuaW1tw6Rpc3RhcmtrdXVz
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxUdWxvc3R1c2tpZWxp
+attributeDisplayNames:: cHJpbnRlck5hbWUsTmltaQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsVHVrZWUga2Frc2lwdW9saXN0YSB0dWxvc3RhbWlzdGE=
+attributeDisplayNames:: cHJpbnRDb2xvcixUdWtlZSB2w6RyaXR1bG9zdGFtaXN0YQ==
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFR1a2VlIGxhaml0dGVsdWE=
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxTecO2dHTDtmxva2Vyb3Q=
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydHRp
+attributeDisplayNames:: bG9jYXRpb24sU2lqYWludGk=
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNYWxsaQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sSHVvbWF1dHVz
+attributeDisplayNames:: Y29udGFjdE5hbWUsWWh0ZXlzaGVua2lsw7Y=
+attributeDisplayNames:: YXNzZXROdW1iZXIsS2FsdXN0b251bWVybw==
+attributeDisplayNames:: dU5DTmFtZSxWZXJra29uaW1p
+attributeDisplayNames:: Y24sSGFrZW1pc3RvcGFsdmVsdW5pbWk=
+classDisplayName: Kirjoitin
+cn: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=printQueue-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: printQueue-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=site-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Saitti
+cn: site-Display
+instanceType: 4
+distinguishedName: CN=site-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: site-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=server-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Palvelin
+cn: server-Display
+instanceType: 4
+distinguishedName: CN=server-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: server-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Asetukset
+cn: nTDSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSDSA-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Toimialueen ohjauskoneen asetukset
+cn: nTDSDSA-Display
+instanceType: 4
+distinguishedName: CN=nTDSDSA-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSDSA-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSConnection-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Yhteys
+cn: nTDSConnection-Display
+instanceType: 4
+distinguishedName: CN=nTDSConnection-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSConnection-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-asetukset
+cn: nTFRSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSReplicaSet-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-replikointisarja
+cn: nTFRSReplicaSet-Display
+instanceType: 4
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSReplicaSet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnet-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Aliverkko
+cn: subnet-Display
+instanceType: 4
+distinguishedName: CN=subnet-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLink-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Saitin linkki
+cn: siteLink-Display
+instanceType: 4
+distinguishedName: CN=siteLink-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLinkBridge-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Saitin linkkisilta
+cn: siteLinkBridge-Display
+instanceType: 4
+distinguishedName: CN=siteLinkBridge-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLinkBridge-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransport-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: U2FpdHRpZW4gdsOkbGluZW4gdGllZG9uc2lpcnRv
+cn: interSiteTransport-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransport-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransport-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=licensingSiteSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: U2FpdGluIGvDpHl0dMO2b2lrZXVzYXNldHVrc2V0
+cn: licensingSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=licensingSiteSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: licensingSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSiteSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName: Saitin asetukset
+cn: nTDSSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSiteSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSMember-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTLWrDpHNlbg==
+cn: nTFRSMember-Display
+instanceType: 4
+distinguishedName: CN=nTFRSMember-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSMember-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriber-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-tilaaja
+cn: nTFRSSubscriber-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriber-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriber-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriptions-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-tilaukset
+cn: nTFRSSubscriptions-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriptions-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=organizationalUnit-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames:: bWFuYWdlZEJ5LFlsbMOkcGl0w6Rqw6Q=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: b3UsTmltaQ==
+classDisplayName:: T3JnYW5pc2FhdGlveWtzaWtrw7YgKE9VKQ==
+cn: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=organizationalUnit-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: organizationalUnit-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=container-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+classDisplayName:: U8OkaWzDtg==
+cn: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=container-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: container-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=rpcContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+classDisplayName: RPC-palvelut
+cn: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=rpcContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: rpcContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=trustedDomain-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+classDisplayName: Luotettu toimialue
+cn: trustedDomain-Display
+instanceType: 4
+distinguishedName: CN=trustedDomain-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: trustedDomain-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=volume-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dU5DTmFtZSxWZXJra29wb2xrdQ==
+attributeDisplayNames:: a2V5d29yZHMsQXZhaW5zYW5hdA==
+attributeDisplayNames:: bWFuYWdlZEJ5LFlsbMOkcGl0w6Rqw6Q=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: Y24sTmltaQ==
+classDisplayName: Jaettu kansio
+cn: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=volume-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: volume-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQQueue-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-jono
+cn: mSMQQueue-Display
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+iconPath: 0,mqsnap.dll,-251
+instanceType: 4
+distinguishedName: CN=mSMQQueue-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQQueue-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-kokoonpano
+cn: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+instanceType: 4
+distinguishedName: CN=mSMQConfiguration-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQConfiguration-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ-organisaatio
+cn: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+instanceType: 4
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQEnterpriseSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQMigratedUser-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUS1ww6Rpdml0ZXR0eSBrw6R5dHTDpGrDpA==
+cn: mSMQMigratedUser-Display
+instanceType: 4
+distinguishedName: CN=mSMQMigratedUser-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQMigratedUser-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSiteLink-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-reitityslinkki
+cn: mSMQSiteLink-Display
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+iconPath: 0,mqsnap.dll,-254
+instanceType: 4
+distinguishedName: CN=mSMQSiteLink-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSiteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-asetukset
+cn: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+instanceType: 4
+distinguishedName: CN=mSMQSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=remoteStorageServicePoint-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,&Hallitse...,RsAdmin.msc
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames: cn,Nimi
+classDisplayName:: RXTDpHRhbGxlbm51c3BhbHZlbHU=
+cn: remoteStorageServicePoint-Display
+instanceType: 4
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: remoteStorageServicePoint-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+cn: default-Display
+instanceType: 4
+distinguishedName: CN=default-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: default-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=sitesContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2FpdGluIHPDpGlsw7Y=
+cn: sitesContainer-Display
+instanceType: 4
+distinguishedName: CN=sitesContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: sitesContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransportContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2FpdHRpZW4gdsOkbGlzZW4gdGllZG9uc2lpcnJvbiBzw6RpbMO2
+cn: interSiteTransportContainer-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransportContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransportContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnetContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWxpdmVya29uIHPDpGlsw7Y=
+cn: subnetContainer-Display
+instanceType: 4
+distinguishedName: CN=subnetContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnetContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serversContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: UGFsdmVsaW1lbiBzw6RpbMO2
+cn: serversContainer-Display
+instanceType: 4
+distinguishedName: CN=serversContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serversContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSService-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Active Directory -palvelu
+cn: nTDSService-Display
+instanceType: 4
+distinguishedName: CN=nTDSService-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSService-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=queryPolicy-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: SGFrdWvDpHl0w6RudMO2
+cn: queryPolicy-Display
+instanceType: 4
+distinguishedName: CN=queryPolicy-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: queryPolicy-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=foreignSecurityPrincipal-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+classDisplayName: Ulkoinen suojausobjekti
+cn: foreignSecurityPrincipal-Display
+instanceType: 4
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: foreignSecurityPrincipal-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=pKICertificateTemplate-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+classDisplayName: Sertifikaattimalli
+cn: pKICertificateTemplate-Display
+contextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+iconPath: 0,capesnpn.dll,-227
+instanceType: 4
+distinguishedName: CN=pKICertificateTemplate-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: pKICertificateTemplate-Display
+shellPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+instanceType: 4
+distinguishedName: CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: container
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSService-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeSDmnI3li5k=
+cn: nTDSService-Display
+instanceType: 4
+distinguishedName: CN=nTDSService-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSService-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=queryPolicy-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 5p+l6Kmi5Y6f5YmH
+cn: queryPolicy-Display
+instanceType: 4
+distinguishedName: CN=queryPolicy-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: queryPolicy-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=foreignSecurityPrincipal-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqq5piO
+attributeDisplayNames:: Y24s5ZCN56ix
+classDisplayName:: 5aSW6YOo5a6J5YWo5oCn5Y6f5YmH
+cn: foreignSecurityPrincipal-Display
+instanceType: 4
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: foreignSecurityPrincipal-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=pKICertificateTemplate-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqq5piO
+attributeDisplayNames:: Y24s5ZCN56ix
+classDisplayName:: 5oaR6K2J56+E5pys
+cn: pKICertificateTemplate-Display
+contextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+iconPath: 0,capesnpn.dll,-227
+instanceType: 4
+distinguishedName: CN=pKICertificateTemplate-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: pKICertificateTemplate-Display
+shellPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=DS-UI-Default-Settings,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+cn: DS-UI-Default-Settings
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+instanceType: 4
+distinguishedName: CN=DS-UI-Default-Settings,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: dSUISettings
+name: DS-UI-Default-Settings
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorGroup-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvciDnvqTntYQ=
+cn: IntellimirrorGroup-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorGroup-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorGroup-Display
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorSCP-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvciDmnI3li5k=
+cn: IntellimirrorSCP-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorSCP-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorSCP-Display
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=user-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us57ay5Z2A
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs55m75YWl5ZCN56ix
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyznmbvlhaXlt6XkvZznq5k=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs6aGv56S65ZCN56ix
+attributeDisplayNames:: dXJsLOe2suWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: dGl0bGUs5bel5L2c6IG356ix
+attributeDisplayNames:: dGVsZXhOdW1iZXIs6Zu75YKz6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOmbu+ipseiZn+eivA==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzooZfpgZPlnLDlnYA=
+attributeDisplayNames:: c3Qs55yB
+attributeDisplayNames:: c24s5aeT5rCP
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs55m75YWl5ZCN56ixIChXaW5kb3dzIDIwMDAg5LmL5YmN54mI5pysKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOmbu+WCs+iZn+eivA==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWci+mamyBJU0ROIOiZn+eivA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzpg7XmlL/kv6HnrrE=
+attributeDisplayNames:: cG9zdGFsQ29kZSzpg7XpgZ7ljYDomZ8=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs6L6m5YWs5Zyw6bue
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSznqLHorII=
+attributeDisplayNames:: cGFnZXIs5ZG85Y+r5Zmo6Jmf56K8
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJQYWdlcizlkbzlj6vlmajomZ/norwgKOWFtuS7lik=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs6KGM5YuV6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOmbu+WtkOmDteS7tuWcsOWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOmbu+ipseiZn+eivCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs5L2P5a6F6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs5YKz55yf6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: aW5mbyzms6jmhI/kuovpoIU=
+attributeDisplayNames:: bW9iaWxlLOihjOWLlembu+ipseiZn+eivA==
+attributeDisplayNames:: bWlkZGxlTmFtZSzkuK3plpPlkI3lrZc=
+attributeDisplayNames:: bWVtYmVyT2Ys576k57WE57WE5ZOh6LOH5qC8
+attributeDisplayNames:: bWFuYWdlcizkuLvnrqE=
+attributeDisplayNames:: bWFpbCzpm7vlrZDpg7Xku7blnLDlnYA=
+attributeDisplayNames:: bCznuKMv5biC
+attributeDisplayNames:: aXBQaG9uZSxJUCDpm7voqbHomZ/norw=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5ZyL6ZqbIElTRE4g6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: aW5pdGlhbHMs57iu5a+r5ZCN
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms5L2P5a625Zyw5Z2A
+attributeDisplayNames:: aG9tZVBob25lLOS9j+Wuhembu+ipsQ==
+attributeDisplayNames:: aG9tZURyaXZlLOS4u+ebrumMhOejgeeinw==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzkuLvnm67pjITos4fmlpnlpL4=
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjeWtlw==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizkuJbopbLnqLHorII=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLOWCs+ecn+iZn+eivA==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzlk6Hlt6XorZjliKXnorw=
+attributeDisplayNames:: ZGl2aXNpb24s6JmV
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDlj6/ovqjliKXnmoTlkI3nqLE=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXpg6jlsaw=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqq5piO
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jploA=
+attributeDisplayNames:: Y29tcGFueSzlhazlj7g=
+attributeDisplayNames:: Y29tbWVudCzlgpnoqLs=
+attributeDisplayNames:: Y28s5ZyL5a62KOWcsOWNgCk=
+attributeDisplayNames:: YyzlnIvlrrYo5Zyw5Y2AKee4ruWvqw==
+attributeDisplayNames:: Y24s5ZCN56ix
+attributeDisplayNames:: YXNzaXN0YW50LOWKqeeQhg==
+classDisplayName:: 5L2/55So6ICF
+cn: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=user-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: user-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=group-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us57ay5Z2A
+attributeDisplayNames:: dXJsLOe2suWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs576k57WE5ZCN56ixIChXaW5kb3dzIDIwMDAg5LmL5YmN54mI5pysKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs6L6m5YWs5Zyw6bue
+attributeDisplayNames:: aW5mbyzms6jmhI/kuovpoIU=
+attributeDisplayNames:: bWVtYmVyLOe1hOWToQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: bCznuKMv5biC
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDlj6/ovqjliKXnmoTlkI3nqLE=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqq5piO
+attributeDisplayNames:: YyzlnIvlrrYo5Zyw5Y2AKee4ruWvqw==
+attributeDisplayNames:: Y24s5ZCN56ix
+classDisplayName:: 576k57WE
+cn: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=group-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: group-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqq5piO
+attributeDisplayNames:: Y24s5ZCN56ix
+classDisplayName:: 57ay5Z+f
+cn: domainDNS-Display
+instanceType: 4
+distinguishedName: CN=domainDNS-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainDNS-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=contact-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us57ay5Z2A
+attributeDisplayNames:: dXJsLOe2suWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: dGl0bGUs5bel5L2c6IG356ix
+attributeDisplayNames:: dGVsZXhOdW1iZXIs6Zu75YKz6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOmbu+ipseiZn+eivA==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzooZfpgZPlnLDlnYA=
+attributeDisplayNames:: c3Qs55yB
+attributeDisplayNames:: c24s5aeT5rCP
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOmbu+WCs+iZn+eivA==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWci+mamyBJU0ROIOiZn+eivA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzpg7XmlL/kv6HnrrE=
+attributeDisplayNames:: cG9zdGFsQ29kZSzpg7XpgZ7ljYDomZ8=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs6L6m5YWs5Zyw6bue
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSznqLHorII=
+attributeDisplayNames:: cGFnZXIs5ZG85Y+r5Zmo6Jmf56K8
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJQYWdlcizlkbzlj6vlmajomZ/norwgKOWFtuS7lik=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs6KGM5YuV6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOmbu+WtkOmDteS7tuWcsOWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOmbu+ipseiZn+eivCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs5L2P5a6F6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs5YKz55yf6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: bW9iaWxlLOihjOWLlembu+ipseiZn+eivA==
+attributeDisplayNames:: bWlkZGxlTmFtZSzkuK3plpPlkI3lrZc=
+attributeDisplayNames:: bWVtYmVyT2Ys576k57WE57WE5ZOh6LOH5qC8
+attributeDisplayNames:: bWFuYWdlcizkuLvnrqE=
+attributeDisplayNames:: bWFpbCzpm7vlrZDpg7Xku7blnLDlnYA=
+attributeDisplayNames:: bCznuKMv5biC
+attributeDisplayNames:: aXBQaG9uZSxJUCDpm7voqbHomZ/norw=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5ZyL6ZqbIElTRE4g6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: aW5mbyzms6jmhI/kuovpoIU=
+attributeDisplayNames:: aW5pdGlhbHMs57iu5a+r5ZCN
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms5L2P5a625Zyw5Z2A
+attributeDisplayNames:: aG9tZVBob25lLOS9j+Wuhembu+ipsQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjeWtlw==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizkuJbopbLnqLHorII=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLOWCs+ecn+iZn+eivA==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzlk6Hlt6XorZjliKXnorw=
+attributeDisplayNames:: ZGl2aXNpb24s6JmV
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDlj6/ovqjliKXnmoTlkI3nqLE=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs6aGv56S65ZCN56ix
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXpg6jlsaw=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqq5piO
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jploA=
+attributeDisplayNames:: Y29tcGFueSzlhazlj7g=
+attributeDisplayNames:: Y29tbWVudCzlgpnoqLs=
+attributeDisplayNames:: Y24s5ZCN56ix
+attributeDisplayNames:: Y28s5ZyL5a62KOWcsOWNgCk=
+attributeDisplayNames:: YyzlnIvlrrYo5Zyw5Y2AKee4ruWvqw==
+attributeDisplayNames:: YXNzaXN0YW50LOWKqeeQhg==
+classDisplayName:: 6IGv57Wh5Lq6
+cn: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=contact-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: contact-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=domainPolicy-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 57ay5Z+f5Y6f5YmH
+cn: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=domainPolicy-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=localPolicy-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 5pys5qmf5Y6f5YmH
+cn: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=localPolicy-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: localPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serviceAdministrationPoint-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5pyN5YuZ
+cn: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serviceAdministrationPoint-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=computer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs6Zu76IWm5ZCN56ixIChXaW5kb3dzIDIwMDAg5LmL5YmN54mI5pysKQ==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizkvZzmpa3ns7vntbHniYjmnKw=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLOS9nOalreezu+e1sQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqq5piO
+attributeDisplayNames:: Y24s5ZCN56ix
+classDisplayName:: 6Zu76IWm
+cn: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+instanceType: 4
+distinguishedName: CN=computer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: computer-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=printQueue-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlciznianku7bniYjmnKw=
+attributeDisplayNames:: dXJsLOe2suWdgA==
+attributeDisplayNames:: c2VydmVyTmFtZSzkvLrmnI3lmajlkI3nqLE=
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzmlK/mj7Too53oqII=
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUs5YWx55So5ZCN56ix
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzpoIEv5YiG6ZCY
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzpgJ/luqbllq7kvY0=
+attributeDisplayNames:: cHJpbnRSYXRlLOmAn+W6pg==
+attributeDisplayNames:: cHJpbnRPd25lcizmk4HmnInkurrlkI3nqLE=
+attributeDisplayNames:: cHJpbnRNZW1vcnks5a6J6KOd55qE6KiY5oa26auU
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzmlK/mj7TnmoTntJnlvLXpoZ7lnos=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LOWPr+eUqOe0meW8tQ==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLOacgOWkp+ino+aekOW6pg==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSzljbDooajmqZ/oqp7oqIA=
+attributeDisplayNames:: cHJpbnRlck5hbWUs5ZCN56ix
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQs5pSv5o+06ZuZ6Z2i5YiX5Y2w
+attributeDisplayNames:: cHJpbnRDb2xvcizmlK/mj7TlvanoibLliJfljbA=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLOaUr+aPtOagoeWwjQ==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzpgIHntJnljKM=
+attributeDisplayNames:: cG9ydE5hbWUs6YCj5o6l5Z+g
+attributeDisplayNames:: bG9jYXRpb24s5L2N572u
+attributeDisplayNames:: ZHJpdmVyTmFtZSzlnovomZ8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5YKZ6Ki7
+attributeDisplayNames:: Y29udGFjdE5hbWUs6IGv57Wh5Lq6
+attributeDisplayNames:: YXNzZXROdW1iZXIs6LOH55Si57eo6Jmf
+attributeDisplayNames:: dU5DTmFtZSzntrLot6/lkI3nqLE=
+attributeDisplayNames:: Y24s55uu6YyE5pyN5YuZ5ZCN56ix
+classDisplayName:: 5Y2w6KGo5qmf
+cn: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=printQueue-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: printQueue-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=site-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 56uZ5Y+w
+cn: site-Display
+instanceType: 4
+distinguishedName: CN=site-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: site-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=server-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 5Ly65pyN5Zmo
+cn: server-Display
+instanceType: 4
+distinguishedName: CN=server-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: server-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 6Kit5a6a
+cn: nTDSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSDSA-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 57ay5Z+f5o6n5Yi256uZ6Kit5a6a
+cn: nTDSDSA-Display
+instanceType: 4
+distinguishedName: CN=nTDSDSA-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSDSA-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSConnection-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 6YCj57ea
+cn: nTDSConnection-Display
+instanceType: 4
+distinguishedName: CN=nTDSConnection-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSConnection-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOioreWumg==
+cn: nTFRSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSReplicaSet-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOikh+Wvq+e1hA==
+cn: nTFRSReplicaSet-Display
+instanceType: 4
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSReplicaSet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnet-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 5a2Q57ay6Lev
+cn: subnet-Display
+instanceType: 4
+distinguishedName: CN=subnet-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLink-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 57ay56uZ6YCj57WQ
+cn: siteLink-Display
+instanceType: 4
+distinguishedName: CN=siteLink-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLinkBridge-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 57ay56uZ6YCj57WQ5qmL5o6l5Zmo
+cn: siteLinkBridge-Display
+instanceType: 4
+distinguishedName: CN=siteLinkBridge-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLinkBridge-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransport-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 56uZ5Y+w6ZaT5YKz6Ly4
+cn: interSiteTransport-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransport-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransport-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=licensingSiteSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 5o6I5qyK57ay56uZ6Kit5a6a
+cn: licensingSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=licensingSiteSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: licensingSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSiteSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: 56uZ5Y+w6Kit5a6a
+cn: nTDSSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSiteSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSMember-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOaIkOWToQ==
+cn: nTFRSMember-Display
+instanceType: 4
+distinguishedName: CN=nTFRSMember-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSMember-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriber-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOioguaItg==
+cn: nTFRSSubscriber-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriber-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriber-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriptions-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOiogumWsQ==
+cn: nTFRSSubscriptions-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriptions-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=organizationalUnit-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqq5piO
+attributeDisplayNames:: b3Us5ZCN56ix
+classDisplayName:: 57WE57mU5Zau5L2N
+cn: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=organizationalUnit-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: organizationalUnit-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=container-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqq5piO
+attributeDisplayNames:: Y24s5ZCN56ix
+classDisplayName:: 5a655Y2A
+cn: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=container-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: container-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=rpcContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqq5piO
+attributeDisplayNames:: Y24s5ZCN56ix
+classDisplayName:: UlBDIOacjeWLmQ==
+cn: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=rpcContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: rpcContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=trustedDomain-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqq5piO
+attributeDisplayNames:: Y24s5ZCN56ix
+classDisplayName:: 5Y+X5L+h5Lu755qE57ay5Z+f
+cn: trustedDomain-Display
+instanceType: 4
+distinguishedName: CN=trustedDomain-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: trustedDomain-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=volume-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dU5DTmFtZSzntrLot6/ot6/lvpE=
+attributeDisplayNames:: a2V5d29yZHMs6Zec6Y215a2X
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqq5piO
+attributeDisplayNames:: Y24s5ZCN56ix
+classDisplayName:: 5YWx55So6LOH5paZ5aS+
+cn: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=volume-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: volume-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQQueue-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDkvYfliJc=
+cn: mSMQQueue-Display
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+iconPath: 0,mqsnap.dll,-251
+instanceType: 4
+distinguishedName: CN=mSMQQueue-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQQueue-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDntYTmhYs=
+cn: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+instanceType: 4
+distinguishedName: CN=mSMQConfiguration-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQConfiguration-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ Enterprise
+cn: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+instanceType: 4
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQEnterpriseSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQMigratedUser-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUSDljYfntJrkvb/nlKjogIU=
+cn: mSMQMigratedUser-Display
+instanceType: 4
+distinguishedName: CN=mSMQMigratedUser-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQMigratedUser-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSiteLink-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDot6/nlLHpgKPntZA=
+cn: mSMQSiteLink-Display
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+iconPath: 0,mqsnap.dll,-254
+instanceType: 4
+distinguishedName: CN=mSMQSiteLink-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSiteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDoqK3lrpo=
+cn: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+instanceType: 4
+distinguishedName: CN=mSMQSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=remoteStorageServicePoint-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu:: MCznrqHnkIYoJk0pLi4uLFJzQWRtaW4ubXNj
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: Y24s5ZCN56ix
+classDisplayName:: 6YGg56uv5a2Y5pS+5pyN5YuZ
+cn: remoteStorageServicePoint-Display
+instanceType: 4
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: remoteStorageServicePoint-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqq5piO
+attributeDisplayNames:: Y24s5ZCN56ix
+cn: default-Display
+instanceType: 4
+distinguishedName: CN=default-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: default-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=sitesContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 57ay56uZ5a655Y2A
+cn: sitesContainer-Display
+instanceType: 4
+distinguishedName: CN=sitesContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: sitesContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransportContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 56uZ5Y+w6ZaT5YKz6Ly45a655Y2A
+cn: interSiteTransportContainer-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransportContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransportContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnetContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 5a2Q57ay6Lev5a655Y2A
+cn: subnetContainer-Display
+instanceType: 4
+distinguishedName: CN=subnetContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnetContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serversContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 5Ly65pyN5Zmo5a655Y2A
+cn: serversContainer-Display
+instanceType: 4
+distinguishedName: CN=serversContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serversContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+instanceType: 4
+distinguishedName: CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: container
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnet-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Subred
+cn: subnet-Display
+instanceType: 4
+distinguishedName: CN=subnet-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLink-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: VsOtbmN1bG8gZGUgc2l0aW8=
+cn: siteLink-Display
+instanceType: 4
+distinguishedName: CN=siteLink-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLinkBridge-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UHVlbnRlIGRlIHbDrW5jdWxvIGEgc2l0aW8=
+cn: siteLinkBridge-Display
+instanceType: 4
+distinguishedName: CN=siteLinkBridge-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLinkBridge-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransport-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Transporte entre sitios
+cn: interSiteTransport-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransport-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransport-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=licensingSiteSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: Q29uZmlndXJhY2nDs24gZGVsIHNpdGlvIGRlIGxpY2VuY2lh
+cn: licensingSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=licensingSiteSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: licensingSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSiteSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: Q29uZmlndXJhY2nDs24gZGVsIHNpdGlv
+cn: nTDSSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSiteSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSMember-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Miembro de FRS
+cn: nTFRSMember-Display
+instanceType: 4
+distinguishedName: CN=nTFRSMember-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSMember-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriber-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Suscriptor de FRS
+cn: nTFRSSubscriber-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriber-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriber-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriptions-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Suscripciones a FRS
+cn: nTFRSSubscriptions-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriptions-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=organizationalUnit-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames:: bWFuYWdlZEJ5LEFkbWluaXN0cmFkbyBwb3I=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: b3UsTm9tYnJl
+classDisplayName: Unidad organizativa
+cn: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=organizationalUnit-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: organizationalUnit-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=container-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+classDisplayName: Contenedor
+cn: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=container-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: container-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=rpcContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+classDisplayName: Servicios RPC
+cn: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=rpcContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: rpcContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=trustedDomain-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+classDisplayName:: RG9taW5pbyBlbiBxdWUgc2UgY29uZsOtYQ==
+cn: trustedDomain-Display
+instanceType: 4
+distinguishedName: CN=trustedDomain-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: trustedDomain-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=volume-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dU5DTmFtZSxSdXRhIGRlIHJlZA==
+attributeDisplayNames:: a2V5d29yZHMsUGFsYWJyYXMgY2xhdmU=
+attributeDisplayNames:: bWFuYWdlZEJ5LEFkbWluaXN0cmFkbyBwb3I=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+classDisplayName: Carpeta compartida
+cn: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=volume-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: volume-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQQueue-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: Cola MSMQ
+cn: mSMQQueue-Display
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+iconPath: 0,mqsnap.dll,-251
+instanceType: 4
+distinguishedName: CN=mSMQQueue-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQQueue-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: Q29uZmlndXJhY2nDs24gZGUgTVNNUQ==
+cn: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+instanceType: 4
+distinguishedName: CN=mSMQConfiguration-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQConfiguration-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: Empresa de MSMQ
+cn: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+instanceType: 4
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQEnterpriseSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQMigratedUser-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName: Usuario actualizado de MSMQ
+cn: mSMQMigratedUser-Display
+instanceType: 4
+distinguishedName: CN=mSMQMigratedUser-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQMigratedUser-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSiteLink-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: VsOtbmN1bG8gZGUgZW5ydXRhbWllbnRvIGRlIE1TTVE=
+cn: mSMQSiteLink-Display
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+iconPath: 0,mqsnap.dll,-254
+instanceType: 4
+distinguishedName: CN=mSMQSiteLink-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSiteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: UGFyw6FtZXRyb3MgZGUgTVNNUQ==
+cn: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+instanceType: 4
+distinguishedName: CN=mSMQSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=remoteStorageServicePoint-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,Ad&ministrar...,RsAdmin.msc
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames: cn,Nombre
+classDisplayName: Servicio de almacenamiento remoto
+cn: remoteStorageServicePoint-Display
+instanceType: 4
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: remoteStorageServicePoint-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+cn: default-Display
+instanceType: 4
+distinguishedName: CN=default-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: default-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=sitesContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenedor de sitios
+cn: sitesContainer-Display
+instanceType: 4
+distinguishedName: CN=sitesContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: sitesContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransportContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenedor de transportes entre sitios
+cn: interSiteTransportContainer-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransportContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransportContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnetContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenedor de subredes
+cn: subnetContainer-Display
+instanceType: 4
+distinguishedName: CN=subnetContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnetContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serversContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenedor de servidores
+cn: serversContainer-Display
+instanceType: 4
+distinguishedName: CN=serversContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serversContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSService-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Servicio de Active Directory
+cn: nTDSService-Display
+instanceType: 4
+distinguishedName: CN=nTDSService-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSService-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=queryPolicy-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Directiva de consulta
+cn: queryPolicy-Display
+instanceType: 4
+distinguishedName: CN=queryPolicy-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: queryPolicy-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=foreignSecurityPrincipal-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+classDisplayName: Principal de seguridad externa
+cn: foreignSecurityPrincipal-Display
+instanceType: 4
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: foreignSecurityPrincipal-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=pKICertificateTemplate-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+classDisplayName: Plantilla de certificado
+cn: pKICertificateTemplate-Display
+contextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+iconPath: 0,capesnpn.dll,-227
+instanceType: 4
+distinguishedName: CN=pKICertificateTemplate-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: pKICertificateTemplate-Display
+shellPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=DS-UI-Default-Settings,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+cn: DS-UI-Default-Settings
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+instanceType: 4
+distinguishedName: CN=DS-UI-Default-Settings,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: dSUISettings
+name: DS-UI-Default-Settings
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorGroup-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Grupo IntelliMirror
+cn: IntellimirrorGroup-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorGroup-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorGroup-Display
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorSCP-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: Servicio IntelliMirror
+cn: IntellimirrorSCP-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorSCP-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorSCP-Display
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=user-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRGlyZWNjacOzbiBkZSBww6FnaW5hIFdlYg==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tYnJlIGRlIGluaWNpbyBkZSBzZXNpw7Nu
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxFc3RhY2lvbmVzIGRlIHRyYWJham8gZGUgaW5pY2lvIGRlIHNlc2nDs24=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tYnJlIHBhcmEgbW9zdHJhcg==
+attributeDisplayNames:: dXJsLERpcmVjY2nDs24gZGUgcMOhZ2luYSBXZWIgKG90cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTsO6bWVybyBkZSB0w6lsZXggKG90cm9zKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgdGVsw6lmb25v
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxDYWxsZQ==
+attributeDisplayNames:: c3QsRXN0YWRvL1Byb3ZpbmNpYQ==
+attributeDisplayNames:: c24sQXBlbGxpZG9z
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tYnJlIGRlIGluaWNpbyBkZSBzZXNpw7NuIChwcmUtV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE7Dum1lcm8gZGUgdMOpbGV4
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE7Dum1lcm8gSVNETiAoUkRTSSkgaW50ZXJuYWNpb25hbA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxBcGFydGFkbyBkZSBjb3JyZW9z
+attributeDisplayNames:: cG9zdGFsQ29kZSxDw7NkaWdvIHBvc3RhbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWJpY2FjacOzbiBkZSBsYSBvZmljaW5h
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGFnZXIsTsO6bWVybyBkZSBsb2NhbGl6YWRvcg==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTsO6bWVybyBkZSB0ZWzDqWZvbm8gKG90cm9zKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOw7ptZXJvIGRlIGxvY2FsaXphZG9yIChvdHJvcyk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTsO6bS4gZGUgdGVsw6lmb25vIG3Ds3ZpbCAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LERpcmVjY2nDs24gZGUgY29ycmVvIGVsZWN0csOzbmljbyAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJJcFBob25lLE7Dum0uIGRlIHRlbMOpZm9ubyBkZSBQSSAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTsO6bWVybyBkZSB0ZWzDqWZvbm8gcGFydGljdWxhciAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTsO6bWVybyBkZSBmYXggKG90cm9zKQ==
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: bW9iaWxlLE7Dum1lcm8gZGUgdGVsw6lmb25vIG3Ds3ZpbA==
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWd1bmRvIG5vbWJyZQ==
+attributeDisplayNames:: bWVtYmVyT2YsUGVydGVuZW5jaWEgYSBncnVwb3M=
+attributeDisplayNames:: bWFuYWdlcixBZG1pbmlzdHJhZG9y
+attributeDisplayNames:: bWFpbCxEaXJlY2Npw7NuIGRlIGNvcnJlbyBlbGVjdHLDs25pY28=
+attributeDisplayNames:: bCxDaXVkYWQ=
+attributeDisplayNames:: aXBQaG9uZSxOw7ptLiBkZSB0ZWzDqWZvbm8gZGVsIFBJ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTsO6bWVybyBJU0ROIChSRFNJKSBpbnRlcm5hY2lvbmFsIChvdHJvcyk=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhbGVz
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRGlyZWNjacOzbiBwZXJzb25hbA==
+attributeDisplayNames:: aG9tZVBob25lLFRlbMOpZm9ubyBwYXJ0aWN1bGFy
+attributeDisplayNames:: aG9tZURyaXZlLFVuaWRhZCBwYXJ0aWN1bGFy
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxDYXJwZXRhIHBhcnRpY3VsYXI=
+attributeDisplayNames:: Z2l2ZW5OYW1lLFByaW1lciBub21icmU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpam8gZ2VuZXJhY2lvbmFs
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgZmF4
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZC4gZGUgZW1wbGVhZG8=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpw7Nu
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tYnJlIGRpc3Rpbmd1aWRvIFg1MDA=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxTdXBlcnZpc2EgYQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: Y29tcGFueSxDb21wYcOxw61h
+attributeDisplayNames:: Y29tbWVudCxDb21lbnRhcmlv
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkZSBwYcOtcw==
+attributeDisplayNames:: Y24sTm9tYnJl
+attributeDisplayNames:: YXNzaXN0YW50LEF5dWRhbnRl
+classDisplayName: Usuario
+cn: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=user-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: user-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=group-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRGlyZWNjacOzbiBkZSBww6FnaW5hIFdlYg==
+attributeDisplayNames:: dXJsLERpcmVjY2nDs24gZGUgcMOhZ2luYSBXZWIgKG90cm9zKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tYnJlIGRlbCBncnVwbyAocHJlLVdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWJpY2FjacOzbiBkZSBsYSBvZmljaW5h
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: bWVtYmVyLE1pZW1icm9z
+attributeDisplayNames:: bWFuYWdlZEJ5LEFkbWluaXN0cmFkbyBwb3I=
+attributeDisplayNames:: bCxDaXVkYWQ=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tYnJlIGRpc3Rpbmd1aWRvIFg1MDA=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkZSBwYcOtcw==
+attributeDisplayNames:: Y24sTm9tYnJl
+classDisplayName: Grupo
+cn: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=group-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: group-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+classDisplayName: Dominio
+cn: domainDNS-Display
+instanceType: 4
+distinguishedName: CN=domainDNS-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainDNS-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=contact-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRGlyZWNjacOzbiBkZSBww6FnaW5hIFdlYg==
+attributeDisplayNames:: dXJsLERpcmVjY2nDs24gZGUgcMOhZ2luYSBXZWIgKG90cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTsO6bWVybyBkZSB0w6lsZXggKG90cm9zKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgdGVsw6lmb25v
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxDYWxsZQ==
+attributeDisplayNames:: c3QsRXN0YWRvL1Byb3ZpbmNpYQ==
+attributeDisplayNames:: c24sQXBlbGxpZG9z
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE7Dum1lcm8gZGUgdMOpbGV4
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE7Dum1lcm8gSVNETiAoUkRTSSkgaW50ZXJuYWNpb25hbA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxBcGFydGFkbyBkZSBjb3JyZW9z
+attributeDisplayNames:: cG9zdGFsQ29kZSxDw7NkaWdvIHBvc3RhbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWJpY2FjacOzbiBkZSBsYSBvZmljaW5h
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGFnZXIsTsO6bWVybyBkZSBsb2NhbGl6YWRvcg==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTsO6bWVybyBkZSB0ZWzDqWZvbm8gKG90cm9zKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOw7ptZXJvIGRlIGxvY2FsaXphZG9yIChvdHJvcyk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTsO6bS4gZGUgdGVsw6lmb25vIG3Ds3ZpbCAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LERpcmVjY2nDs24gZGUgY29ycmVvIGVsZWN0csOzbmljbyAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJJcFBob25lLE7Dum0uIGRlIHRlbMOpZm9ubyBkZSBQSSAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTsO6bWVybyBkZSB0ZWzDqWZvbm8gcGFydGljdWxhciAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTsO6bWVybyBkZSBmYXggKG90cm9zKQ==
+attributeDisplayNames:: bW9iaWxlLE7Dum1lcm8gZGUgdGVsw6lmb25vIG3Ds3ZpbA==
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWd1bmRvIG5vbWJyZQ==
+attributeDisplayNames:: bWVtYmVyT2YsUGVydGVuZW5jaWEgYSBncnVwb3M=
+attributeDisplayNames:: bWFuYWdlcixBZG1pbmlzdHJhZG9y
+attributeDisplayNames:: bWFpbCxEaXJlY2Npw7NuIGRlIGNvcnJlbyBlbGVjdHLDs25pY28=
+attributeDisplayNames:: bCxDaXVkYWQ=
+attributeDisplayNames:: aXBQaG9uZSxOw7ptLiBkZSB0ZWzDqWZvbm8gZGVsIFBJ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTsO6bWVybyBJU0ROIChSRFNJKSBpbnRlcm5hY2lvbmFsIChvdHJvcyk=
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhbGVz
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRGlyZWNjacOzbiBwZXJzb25hbA==
+attributeDisplayNames:: aG9tZVBob25lLFRlbMOpZm9ubyBwYXJ0aWN1bGFy
+attributeDisplayNames:: Z2l2ZW5OYW1lLFByaW1lciBub21icmU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpam8gZ2VuZXJhY2lvbmFs
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgZmF4
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZC4gZGUgZW1wbGVhZG8=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpw7Nu
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tYnJlIGRpc3Rpbmd1aWRvIFg1MDA=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tYnJlIHBhcmEgbW9zdHJhcg==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxTdXBlcnZpc2EgYQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: Y29tcGFueSxDb21wYcOxw61h
+attributeDisplayNames:: Y29tbWVudCxDb21lbnRhcmlv
+attributeDisplayNames:: Y24sTm9tYnJl
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkZSBwYcOtcw==
+attributeDisplayNames:: YXNzaXN0YW50LEF5dWRhbnRl
+classDisplayName: Contacto
+cn: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=contact-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: contact-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=domainPolicy-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Directiva de dominio
+cn: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=domainPolicy-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=localPolicy-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Directiva local
+cn: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=localPolicy-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: localPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serviceAdministrationPoint-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Servicio
+cn: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serviceAdministrationPoint-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=computer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tYnJlIGRlIGVxdWlwbyAocHJlLVdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixWZXJzacOzbiBkZWwgc2lzdGVtYSBvcGVyYXRpdm8=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLFNpc3RlbWEgb3BlcmF0aXZv
+attributeDisplayNames:: bWFuYWdlZEJ5LEFkbWluaXN0cmFkbyBwb3I=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+classDisplayName: Equipo
+cn: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+instanceType: 4
+distinguishedName: CN=computer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: computer-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=printQueue-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixWZXJzacOzbiBkZWwgb2JqZXRv
+attributeDisplayNames:: dXJsLERpcmVjY2nDs24gZGUgcMOhZ2luYSBXZWI=
+attributeDisplayNames:: c2VydmVyTmFtZSxOb21icmUgZGUgc2Vydmlkb3I=
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxQZXJtaXRlIGdyYXBhZG8=
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTm9tYnJlIGRlbCByZWN1cnNvIGNvbXBhcnRpZG8=
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxQw6FnaW5hcyBwb3IgbWludXRv
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxVbmlkYWRlcyBkZSB2ZWxvY2lkYWQ=
+attributeDisplayNames:: cHJpbnRSYXRlLFZlbG9jaWRhZA==
+attributeDisplayNames:: cHJpbnRPd25lcixOb21icmUgZGVsIHByb3BpZXRhcmlv
+attributeDisplayNames:: cHJpbnRNZW1vcnksTWVtb3JpYSBpbnN0YWxhZGE=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxUaXBvcyBkZSBwYXBlbCBhZG1pdGlkb3M=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFBhcGVsIGRpc3BvbmlibGU=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLFJlc29sdWNpw7NuIG3DoXhpbWE=
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxMZW5ndWFqZSBkZSBsYSBpbXByZXNvcmE=
+attributeDisplayNames:: cHJpbnRlck5hbWUsTm9tYnJl
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsQWRtaXRlIGltcHJlc2nDs24gYSBkb2JsZSBjYXJh
+attributeDisplayNames:: cHJpbnRDb2xvcixBZG1pdGUgaW1wcmVzacOzbiBlbiBjb2xvcmVz
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLEFkbWl0ZSBpbnRlcmNhbGFkbw==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxCYW5kZWphcyBkZSBlbnRyYWRh
+attributeDisplayNames:: cG9ydE5hbWUsUHVlcnRv
+attributeDisplayNames:: bG9jYXRpb24sVWJpY2FjacOzbg==
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQ29tZW50YXJpbw==
+attributeDisplayNames:: Y29udGFjdE5hbWUsQ29udGFjdG8=
+attributeDisplayNames:: YXNzZXROdW1iZXIsTsO6bWVybyBkZSBhY3Rpdm8=
+attributeDisplayNames:: dU5DTmFtZSxOb21icmUgZGUgcmVk
+attributeDisplayNames:: Y24sTm9tYnJlIGRlIHNlcnZpY2lvIGRlIGRpcmVjdG9yaW8=
+classDisplayName: Impresora
+cn: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=printQueue-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: printQueue-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=site-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Sitio
+cn: site-Display
+instanceType: 4
+distinguishedName: CN=site-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: site-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=server-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Servidor
+cn: server-Display
+instanceType: 4
+distinguishedName: CN=server-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: server-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: Q29uZmlndXJhY2nDs24=
+cn: nTDSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSDSA-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: Q29uZmlndXJhY2nDs24gZGVsIGNvbnRyb2xhZG9yIGRlIGRvbWluaW8=
+cn: nTDSDSA-Display
+instanceType: 4
+distinguishedName: CN=nTDSDSA-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSDSA-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSConnection-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: Q29uZXhpw7Nu
+cn: nTDSConnection-Display
+instanceType: 4
+distinguishedName: CN=nTDSConnection-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSConnection-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: Q29uZmlndXJhY2nDs24gRlJT
+cn: nTFRSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSReplicaSet-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: Q29uanVudG8gZGUgcsOpcGxpY2FzIEZSUw==
+cn: nTFRSReplicaSet-Display
+instanceType: 4
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSReplicaSet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+instanceType: 4
+distinguishedName: CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: container
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSDSA-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Domain Controller Settings
+cn: nTDSDSA-Display
+instanceType: 4
+distinguishedName: CN=nTDSDSA-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSDSA-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSConnection-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Connection
+cn: nTDSConnection-Display
+instanceType: 4
+distinguishedName: CN=nTDSConnection-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSConnection-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnet-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Subnet
+cn: subnet-Display
+instanceType: 4
+distinguishedName: CN=subnet-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=organizationalUnit-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames: managedBy,Managed By
+attributeDisplayNames: description,Description
+attributeDisplayNames: ou,Name
+classDisplayName: Organizational Unit
+cn: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=organizationalUnit-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: organizationalUnit-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=container-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+classDisplayName: Container
+cn: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=container-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: container-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=trustedDomain-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+classDisplayName: Trusted Domain
+cn: trustedDomain-Display
+instanceType: 4
+distinguishedName: CN=trustedDomain-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: trustedDomain-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=default-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+cn: default-Display
+instanceType: 4
+distinguishedName: CN=default-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: default-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLink-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Site Link
+cn: siteLink-Display
+instanceType: 4
+distinguishedName: CN=siteLink-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLinkBridge-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Site Link Bridge
+cn: siteLinkBridge-Display
+instanceType: 4
+distinguishedName: CN=siteLinkBridge-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLinkBridge-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransport-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Inter-Site Transport
+cn: interSiteTransport-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransport-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransport-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=licensingSiteSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Licensing Site Settings
+cn: licensingSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=licensingSiteSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: licensingSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSiteSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName: Site Settings
+cn: nTDSSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSiteSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSMember-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS Member
+cn: nTFRSMember-Display
+instanceType: 4
+distinguishedName: CN=nTFRSMember-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSMember-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriber-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS Subscriber
+cn: nTFRSSubscriber-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriber-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriber-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriptions-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS Subscriptions
+cn: nTFRSSubscriptions-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriptions-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=rpcContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+classDisplayName: RPC Services
+cn: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=rpcContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: rpcContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQQueue-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ Queue
+cn: mSMQQueue-Display
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+iconPath: 0,mqsnap.dll,-251
+instanceType: 4
+distinguishedName: CN=mSMQQueue-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQQueue-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ Configuration
+cn: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+instanceType: 4
+distinguishedName: CN=mSMQConfiguration-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQConfiguration-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ Enterprise
+cn: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+instanceType: 4
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQEnterpriseSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQMigratedUser-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName: MSMQ Upgraded User
+cn: mSMQMigratedUser-Display
+instanceType: 4
+distinguishedName: CN=mSMQMigratedUser-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQMigratedUser-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSiteLink-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: MSMQ Routing Link
+cn: mSMQSiteLink-Display
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+iconPath: 0,mqsnap.dll,-254
+instanceType: 4
+distinguishedName: CN=mSMQSiteLink-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSiteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName: MSMQ Settings
+cn: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+instanceType: 4
+distinguishedName: CN=mSMQSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=remoteStorageServicePoint-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,&Manage...,RsAdmin.msc
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames: cn,Name
+classDisplayName: Remote Storage Service
+cn: remoteStorageServicePoint-Display
+instanceType: 4
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: remoteStorageServicePoint-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Sites Container
+cn: sitesContainer-Display
+instanceType: 4
+distinguishedName: CN=sitesContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: sitesContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransportContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Inter-Site Transports Container
+cn: interSiteTransportContainer-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransportContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransportContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnetContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Subnets Container
+cn: subnetContainer-Display
+instanceType: 4
+distinguishedName: CN=subnetContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnetContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serversContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Servers Container
+cn: serversContainer-Display
+instanceType: 4
+distinguishedName: CN=serversContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serversContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSService-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Service
+cn: nTDSService-Display
+instanceType: 4
+distinguishedName: CN=nTDSService-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSService-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=queryPolicy-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Query Policy
+cn: queryPolicy-Display
+instanceType: 4
+distinguishedName: CN=queryPolicy-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: queryPolicy-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=foreignSecurityPrincipal-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+classDisplayName: Foreign Security Principal
+cn: foreignSecurityPrincipal-Display
+instanceType: 4
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: foreignSecurityPrincipal-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=pKICertificateTemplate-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+classDisplayName: Certificate Template
+cn: pKICertificateTemplate-Display
+contextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+iconPath: 0,capesnpn.dll,-227
+instanceType: 4
+distinguishedName: CN=pKICertificateTemplate-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: pKICertificateTemplate-Display
+shellPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=DS-UI-Default-Settings,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+cn: DS-UI-Default-Settings
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+instanceType: 4
+distinguishedName: CN=DS-UI-Default-Settings,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: dSUISettings
+name: DS-UI-Default-Settings
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorGroup-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror Group
+cn: IntellimirrorGroup-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorGroup-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorGroup-Display
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorSCP-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror Service
+cn: IntellimirrorSCP-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorSCP-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorSCP-Display
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=user-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames: wWWHomePage,Web Page Address
+attributeDisplayNames: userPrincipalName,Logon Name
+attributeDisplayNames: userWorkstations,Logon Workstations
+attributeDisplayNames: displayName,Display Name
+attributeDisplayNames: url,Web Page Address (Others)
+attributeDisplayNames: title,Job Title
+attributeDisplayNames: telexNumber,Telex Number (Others)
+attributeDisplayNames: telephoneNumber,Telephone Number
+attributeDisplayNames: streetAddress,Street Address
+attributeDisplayNames: st,State/Province
+attributeDisplayNames: sn,Last Name
+attributeDisplayNames: samAccountName,Logon Name (pre-Windows 2000)
+attributeDisplayNames: primaryTelexNumber,Telex Number
+attributeDisplayNames: primaryInternationalISDNNumber,International ISDN Number
+attributeDisplayNames: postOfficeBox,Post Office Box
+attributeDisplayNames: postalCode,ZIP/Postal Code
+attributeDisplayNames: physicalDeliveryOfficeName,Office Location
+attributeDisplayNames: personalTitle,Title
+attributeDisplayNames: pager,Pager Number
+attributeDisplayNames: otherTelephone,Phone Number (Others)
+attributeDisplayNames: otherPager,Pager Number (Others)
+attributeDisplayNames: otherMobile,Mobile Number (Others)
+attributeDisplayNames: otherMailbox,E-Mail Address (Others)
+attributeDisplayNames: otherIpPhone,IP Phone Number (Others)
+attributeDisplayNames: otherHomePhone,Home Phone (Others)
+attributeDisplayNames: otherFacsimileTelephoneNumber,Fax Number (Others)
+attributeDisplayNames: info,Notes
+attributeDisplayNames: mobile,Mobile Number
+attributeDisplayNames: middleName,Middle Name
+attributeDisplayNames: memberOf,Group Membership
+attributeDisplayNames: manager,Manager
+attributeDisplayNames: mail,E-Mail Address
+attributeDisplayNames: l,City
+attributeDisplayNames: ipPhone,IP Phone Number
+attributeDisplayNames: internationalISDNNumber, International ISDN Number (Others)
+attributeDisplayNames: initials,Initials
+attributeDisplayNames: homePostalAddress,Home Address
+attributeDisplayNames: homePhone,Home Phone
+attributeDisplayNames: homeDrive,Home Drive
+attributeDisplayNames: homeDirectory,Home Folder
+attributeDisplayNames: givenName,First Name
+attributeDisplayNames: generationQualifier,Generational Suffix
+attributeDisplayNames: facsimileTelephoneNumber,Fax Number
+attributeDisplayNames: employeeID,Employee ID
+attributeDisplayNames: division,Division
+attributeDisplayNames: distinguishedName,X500 Distinguished Name
+attributeDisplayNames: directReports,Direct Reports
+attributeDisplayNames: description,Description
+attributeDisplayNames: department,Department
+attributeDisplayNames: company,Company
+attributeDisplayNames: comment,Comment
+attributeDisplayNames: co,Country
+attributeDisplayNames: c,Country Abbreviation
+attributeDisplayNames: cn,Name
+attributeDisplayNames: assistant,Assistant
+classDisplayName: User
+cn: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=user-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: user-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=group-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames: wWWHomePage,Web Page Address
+attributeDisplayNames: url,Web Page Address (Others)
+attributeDisplayNames: samAccountName,Group name (pre-Windows 2000)
+attributeDisplayNames: physicalDeliveryOfficeName,Office Location
+attributeDisplayNames: info,Notes
+attributeDisplayNames: member,Members
+attributeDisplayNames: managedBy,Managed By
+attributeDisplayNames: l,City
+attributeDisplayNames: distinguishedName,X500 Distinguished Name
+attributeDisplayNames: description,Description
+attributeDisplayNames: c,Country Abbreviation
+attributeDisplayNames: cn,Name
+classDisplayName: Group
+cn: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=group-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: group-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+classDisplayName: Domain
+cn: domainDNS-Display
+instanceType: 4
+distinguishedName: CN=domainDNS-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainDNS-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=contact-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+attributeDisplayNames: wWWHomePage,Web Page Address
+attributeDisplayNames: url,Web Page Address (Others)
+attributeDisplayNames: title,Job Title
+attributeDisplayNames: telexNumber,Telex Number (Others)
+attributeDisplayNames: telephoneNumber,Telephone Number
+attributeDisplayNames: streetAddress,Street Address
+attributeDisplayNames: st,State/Province
+attributeDisplayNames: sn,Last Name
+attributeDisplayNames: primaryTelexNumber,Telex Number
+attributeDisplayNames: primaryInternationalISDNNumber,International ISDN Number
+attributeDisplayNames: postOfficeBox,Post Office Box
+attributeDisplayNames: postalCode,ZIP/Postal Code
+attributeDisplayNames: physicalDeliveryOfficeName,Office Location
+attributeDisplayNames: personalTitle,Title
+attributeDisplayNames: pager,Pager Number
+attributeDisplayNames: otherTelephone,Phone Number (Others)
+attributeDisplayNames: otherPager,Pager Number (Others)
+attributeDisplayNames: otherMobile,Mobile Number (Others)
+attributeDisplayNames: otherMailbox,E-Mail Address (Others)
+attributeDisplayNames: otherIpPhone,IP Phone Number (Others)
+attributeDisplayNames: otherHomePhone,Home Phone Number (Others)
+attributeDisplayNames: otherFacsimileTelephoneNumber,Fax Number (Others)
+attributeDisplayNames: mobile,Mobile Number
+attributeDisplayNames: middleName,Middle Name
+attributeDisplayNames: memberOf,Group Membership
+attributeDisplayNames: manager,Manager
+attributeDisplayNames: mail,E-Mail Address
+attributeDisplayNames: l,City
+attributeDisplayNames: ipPhone,IP Phone Number
+attributeDisplayNames: internationalISDNNumber,International ISDN Number (Others)
+attributeDisplayNames: info,Notes
+attributeDisplayNames: initials,Initials
+attributeDisplayNames: homePostalAddress,Home Address
+attributeDisplayNames: homePhone,Home Phone
+attributeDisplayNames: givenName,First Name
+attributeDisplayNames: generationQualifier,Generational Suffix
+attributeDisplayNames: facsimileTelephoneNumber,Fax Number
+attributeDisplayNames: employeeID,Employee ID
+attributeDisplayNames: division,Division
+attributeDisplayNames: distinguishedName,X500 Distinguished Name
+attributeDisplayNames: displayName,Display Name
+attributeDisplayNames: directReports,Direct Reports
+attributeDisplayNames: description,Description
+attributeDisplayNames: department,Department
+attributeDisplayNames: company,Company
+attributeDisplayNames: comment,Comment
+attributeDisplayNames: cn,Name
+attributeDisplayNames: co,Country
+attributeDisplayNames: c,Country Abbreviation
+attributeDisplayNames: assistant,Assistant
+classDisplayName: Contact
+cn: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=contact-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: contact-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=domainPolicy-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Domain Policy
+cn: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=domainPolicy-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=localPolicy-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Local Policy
+cn: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=localPolicy-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: localPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=volume-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames: uNCName,Network Path
+attributeDisplayNames: keywords,Keywords
+attributeDisplayNames: managedBy,Managed By
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+classDisplayName: Shared Folder
+cn: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=volume-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: volume-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serviceAdministrationPoint-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Service
+cn: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serviceAdministrationPoint-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=computer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames: samAccountName,Computer name (pre-Windows 2000)
+attributeDisplayNames: operatingSystemVersion,Operating System Version
+attributeDisplayNames: operatingSystem,Operating System
+attributeDisplayNames: managedBy,Managed By
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+classDisplayName: Computer
+cn: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+instanceType: 4
+distinguishedName: CN=computer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: computer-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=printQueue-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames: versionNumber,Object Version
+attributeDisplayNames: url,Web Page Address
+attributeDisplayNames: serverName,Server Name
+attributeDisplayNames: printStaplingSupported,Supports Stapling
+attributeDisplayNames: printShareName,Share Name
+attributeDisplayNames: printPagesPerMinute,Pages per Minute
+attributeDisplayNames: printRateUnit,Speed Units
+attributeDisplayNames: printRate,Speed
+attributeDisplayNames: printOwner,Owner Name
+attributeDisplayNames: printMemory,Installed Memory
+attributeDisplayNames: printMediaSupported,Paper Types Supported
+attributeDisplayNames: printMediaReady,Paper Available
+attributeDisplayNames: printMaxResolutionSupported,Maximum Resolution
+attributeDisplayNames: printLanguage,Printer Language
+attributeDisplayNames: printerName,Name
+attributeDisplayNames: printDuplexSupported,Supports Double-sided Printing
+attributeDisplayNames: printColor,Supports Color Printing
+attributeDisplayNames: printCollate,Supports Collation
+attributeDisplayNames: printBinNames,Input Trays
+attributeDisplayNames: portName,Port
+attributeDisplayNames: location,Location
+attributeDisplayNames: driverName,Model
+attributeDisplayNames: description,Comment
+attributeDisplayNames: contactName,Contact
+attributeDisplayNames: assetNumber,Asset Number
+attributeDisplayNames: uNCName,Network Name
+attributeDisplayNames: cn,Directory Service Name
+classDisplayName: Printer
+cn: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=printQueue-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: printQueue-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=site-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Site
+cn: site-Display
+instanceType: 4
+distinguishedName: CN=site-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: site-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=server-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+cn: server-Display
+instanceType: 4
+distinguishedName: CN=server-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: server-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Settings
+cn: nTDSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS Settings
+cn: nTFRSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSReplicaSet-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS Replica Set
+cn: nTFRSReplicaSet-Display
+instanceType: 4
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSReplicaSet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+instanceType: 4
+distinguishedName: CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: container
+showInAdvancedViewOnly: TRUE
+
+dn: CN=server-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 0KHQtdGA0LLQtdGA
+cn: server-Display
+instanceType: 4
+distinguishedName: CN=server-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: server-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 0J/QsNGA0LDQvNC10YLRgNGL
+cn: nTDSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSDSA-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 0J/QsNGA0LDQvNC10YLRgNGLINC60L7QvdGC0YDQvtC70LvQtdGA0LAg0LTQvtC80LXQvdCw
+cn: nTDSDSA-Display
+instanceType: 4
+distinguishedName: CN=nTDSDSA-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSDSA-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSConnection-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 0J/QvtC00LrQu9GO0YfQtdC90LjQtQ==
+cn: nTDSConnection-Display
+instanceType: 4
+distinguishedName: CN=nTDSConnection-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSConnection-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 0J/QsNGA0LDQvNC10YLRgNGLIEZSUw==
+cn: nTFRSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSReplicaSet-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 0J3QsNCx0L7RgCDRgNC10L/Qu9C40LrQsNGG0LjQuCBGUlM=
+cn: nTFRSReplicaSet-Display
+instanceType: 4
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSReplicaSet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnet-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 0J/QvtC00YHQtdGC0Yw=
+cn: subnet-Display
+instanceType: 4
+distinguishedName: CN=subnet-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLink-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 0KHQstGP0LfRjCDRgdCw0LnRgtC+0LI=
+cn: siteLink-Display
+instanceType: 4
+distinguishedName: CN=siteLink-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLinkBridge-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 0JzQvtGB0YIg0YHQstGP0LfQtdC5INGB0LDQudGC0L7Qsg==
+cn: siteLinkBridge-Display
+instanceType: 4
+distinguishedName: CN=siteLinkBridge-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLinkBridge-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransport-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 0JzQtdC20YHQsNC50YLQvtCy0YvQuSDRgtGA0LDQvdGB0L/QvtGA0YI=
+cn: interSiteTransport-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransport-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransport-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=licensingSiteSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 0J/QsNGA0LDQvNC10YLRgNGLINC70LjRhtC10L3Qt9C40YDQvtCy0LDQvdC40Y8g0YHQsNC50YLQsA==
+cn: licensingSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=licensingSiteSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: licensingSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSiteSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: 0J/QsNGA0LDQvNC10YLRgNGLINGB0LDQudGC0LA=
+cn: nTDSSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSiteSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSMember-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 0KfQu9C10L0gRlJT
+cn: nTFRSMember-Display
+instanceType: 4
+distinguishedName: CN=nTFRSMember-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSMember-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriber-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 0J/QvtC00L/QuNGB0YfQuNC6IEZSUw==
+cn: nTFRSSubscriber-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriber-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriber-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriptions-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 0J/QvtC00L/QuNGB0LrQsCDQvdCwIEZSUw==
+cn: nTFRSSubscriptions-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriptions-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=organizationalUnit-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames:: bWFuYWdlZEJ5LNCj0L/RgNCw0LLQu9GP0LXRgtGB0Y8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: b3Us0J/QvtC70L3QvtC1INC40LzRjw==
+classDisplayName:: 0J/QvtC00YDQsNC30LTQtdC70LXQvdC40LU=
+cn: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=organizationalUnit-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: organizationalUnit-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=container-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+classDisplayName:: 0JrQvtC90YLQtdC50L3QtdGA
+cn: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=container-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: container-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=rpcContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+classDisplayName:: 0KHQu9GD0LbQsdGLIFJQQw==
+cn: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=rpcContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: rpcContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=trustedDomain-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+classDisplayName:: 0JTQvtCy0LXRgNC10L3QvdGL0Lkg0LTQvtC80LXQvQ==
+cn: trustedDomain-Display
+instanceType: 4
+distinguishedName: CN=trustedDomain-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: trustedDomain-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=volume-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dU5DTmFtZSzQodC10YLQtdCy0L7QuSDQv9GD0YLRjA==
+attributeDisplayNames:: a2V5d29yZHMs0JrQu9GO0YfQtdCy0YvQtSDRgdC70L7QstCw
+attributeDisplayNames:: bWFuYWdlZEJ5LNCj0L/RgNCw0LLQu9GP0LXRgtGB0Y8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+classDisplayName:: 0J7QsdGJ0LDRjyDQv9Cw0L/QutCw
+cn: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=volume-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: volume-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQQueue-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: 0J7Rh9C10YDQtdC00YwgTVNNUQ==
+cn: mSMQQueue-Display
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+iconPath: 0,mqsnap.dll,-251
+instanceType: 4
+distinguishedName: CN=mSMQQueue-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQQueue-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: 0J3QsNGB0YLRgNC+0LnQutCwIE1TTVE=
+cn: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+instanceType: 4
+distinguishedName: CN=mSMQConfiguration-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQConfiguration-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUSDQv9GA0LXQtNC/0YDQuNGP0YLQuNGP
+cn: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+instanceType: 4
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQEnterpriseSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQMigratedUser-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: 0J7QsdC90L7QstC70LXQvdC90YvQuSDQv9C+0LvRjNC30L7QstCw0YLQtdC70YwgTVNNUQ==
+cn: mSMQMigratedUser-Display
+instanceType: 4
+distinguishedName: CN=mSMQMigratedUser-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQMigratedUser-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSiteLink-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: 0JzQsNGA0YjRgNGD0YIgTVNNUQ==
+cn: mSMQSiteLink-Display
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+iconPath: 0,mqsnap.dll,-254
+instanceType: 4
+distinguishedName: CN=mSMQSiteLink-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSiteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: 0J/QsNGA0LDQvNC10YLRgNGLIE1TTVE=
+cn: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+instanceType: 4
+distinguishedName: CN=mSMQSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=remoteStorageServicePoint-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu:: MCwm0KPQv9GA0LDQstC70LXQvdC40LUuLi4sUnNBZG1pbi5tc2M=
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+classDisplayName:: 0KHQu9GD0LbQsdCwINCy0L3QtdGI0L3QuNGFINGF0YDQsNC90LjQu9C40Yk=
+cn: remoteStorageServicePoint-Display
+instanceType: 4
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: remoteStorageServicePoint-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+cn: default-Display
+instanceType: 4
+distinguishedName: CN=default-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: default-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=sitesContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 0JrQvtC90YLQtdC50L3QtdGAINGB0LDQudGC0L7Qsg==
+cn: sitesContainer-Display
+instanceType: 4
+distinguishedName: CN=sitesContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: sitesContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransportContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 0JrQvtC90YLQtdC50L3QtdGAINC80LXQttGB0LDQudGC0L7QstC+0LPQviDRgtGA0LDQvdGB0L/QvtGA0YLQsA==
+cn: interSiteTransportContainer-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransportContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransportContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnetContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 0JrQvtC90YLQtdC50L3QtdGAINC/0L7QtNGB0LXRgtC10Lk=
+cn: subnetContainer-Display
+instanceType: 4
+distinguishedName: CN=subnetContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnetContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serversContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 0JrQvtC90YLQtdC50L3QtdGAINGB0LXRgNCy0LXRgNC+0LI=
+cn: serversContainer-Display
+instanceType: 4
+distinguishedName: CN=serversContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serversContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSService-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 0KHQu9GD0LbQsdCwINC60LDRgtCw0LvQvtCz0L7QsiBBY3RpdmUgRGlyZWN0b3J5
+cn: nTDSService-Display
+instanceType: 4
+distinguishedName: CN=nTDSService-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSService-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=queryPolicy-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 0J/QvtC70LjRgtC40LrQsCDQt9Cw0L/RgNC+0YHQsA==
+cn: queryPolicy-Display
+instanceType: 4
+distinguishedName: CN=queryPolicy-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: queryPolicy-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=foreignSecurityPrincipal-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+classDisplayName:: 0JDQtNC80LjQvdC40YHRgtGA0LDRgtC+0YAg0LLQvdC10YjQvdC10Lkg0LHQtdC30L7Qv9Cw0YHQvdC+0YHRgtC4
+cn: foreignSecurityPrincipal-Display
+instanceType: 4
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: foreignSecurityPrincipal-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=pKICertificateTemplate-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+classDisplayName:: 0KjQsNCx0LvQvtC9INGB0LXRgNGC0LjRhNC40LrQsNGC0LA=
+cn: pKICertificateTemplate-Display
+contextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+iconPath: 0,capesnpn.dll,-227
+instanceType: 4
+distinguishedName: CN=pKICertificateTemplate-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: pKICertificateTemplate-Display
+shellPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=DS-UI-Default-Settings,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+cn: DS-UI-Default-Settings
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+instanceType: 4
+distinguishedName: CN=DS-UI-Default-Settings,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: dSUISettings
+name: DS-UI-Default-Settings
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorGroup-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: 0JPRgNGD0L/Qv9CwIEludGVsbGlNaXJyb3I=
+cn: IntellimirrorGroup-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorGroup-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorGroup-Display
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorSCP-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: 0KHQu9GD0LbQsdCwIEludGVsbGlNaXJyb3I=
+cn: IntellimirrorSCP-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorSCP-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorSCP-Display
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=user-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us0JDQtNGA0LXRgSDRgdGC0YDQsNC90LjRhtGLINCyINCY0L3RgtC10YDQvdC10YLQtQ==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs0JjQvNGPINC00LvRjyDQstGF0L7QtNCw
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzQoNCw0LHQvtGH0LjQtSDRgdGC0LDQvdGG0LjQuCDQtNC70Y8g0LLRhdC+0LTQsCDQsiDRgdC40YHRgtC10LzRgw==
+attributeDisplayNames:: ZGlzcGxheU5hbWUs0JLRi9Cy0L7QtNC40LzQvtC1INC40LzRjw==
+attributeDisplayNames:: dXJsLNCQ0LTRgNC10YEg0YHRgtGA0LDQvdC40YbRiyDQsiDQmNC90YLQtdGA0L3QtdGC0LUgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: dGl0bGUs0JTQvtC70LbQvdC+0YHRgtGM
+attributeDisplayNames:: dGVsZXhOdW1iZXIs0J3QvtC80LXRgCDRgtC10LvQtdC60YHQsCAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNCd0L7QvNC10YAg0YLQtdC70LXRhNC+0L3QsA==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzQkNC00YDQtdGBLCDRg9C70LjRhtCw
+attributeDisplayNames:: c3Qs0J7QsdC70LDRgdGC0Yw=
+attributeDisplayNames:: c24s0KTQsNC80LjQu9C40Y8=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs0JjQvNGPINCy0YXQvtC00LAgKNC/0YDQtdC0LVdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNCd0L7QvNC10YAg0YLQtdC70LXQutGB0LA=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNCc0LXQttC00YPQvdCw0YDQvtC00L3Ri9C5INC90L7QvNC10YAgSVNETg==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzQn9C+0YfRgtC+0LLRi9C5INGP0YnQuNC6
+attributeDisplayNames:: cG9zdGFsQ29kZSzQn9C+0YfRgtC+0LLRi9C5INC40L3QtNC10LrRgQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs0JrQvtC80L3QsNGC0LA=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzQotC40YLRg9C7LCDQt9Cy0LDQvdC40LU=
+attributeDisplayNames:: cGFnZXIs0J3QvtC80LXRgCDQv9C10LnQtNC20LXRgNCw
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs0J3QvtC80LXRgCDRgtC10LvQtdGE0L7QvdCwICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: b3RoZXJQYWdlcizQndC+0LzQtdGAINC/0LXQudC00LbQtdGA0LAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs0J3QvtC80LXRgCDRgdC+0YLQvtCy0L7Qs9C+INGC0LXQu9C10YTQvtC90LAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNCt0LvQtdC60YLRgNC+0L3QvdCw0Y8g0L/QvtGH0YLQsCAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLNCi0LXQu9C10YTQvtC90L3Ri9C5INC90L7QvNC10YAgSVAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs0JTQvtC80LDRiNC90LjQuSDRgtC10LvQtdGE0L7QvSAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs0J3QvtC80LXRgCDRhNCw0LrRgdCwICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: aW5mbyzQn9GA0LjQvNC10YfQsNC90LjRjw==
+attributeDisplayNames:: bW9iaWxlLNCd0L7QvNC10YAg0YHQvtGC0L7QstC+0LPQviDRgtC10LvQtdGE0L7QvdCw
+attributeDisplayNames:: bWlkZGxlTmFtZSzQodGA0LXQtNC90Y/RjyDRh9Cw0YHRgtGMINC40LzQtdC90LgsINC+0YLRh9C10YHRgtCy0L4=
+attributeDisplayNames:: bWVtYmVyT2Ys0KfQu9C10L3RgdGC0LLQviDQsiDQs9GA0YPQv9C/0LDRhQ==
+attributeDisplayNames:: bWFuYWdlcizQoNGD0LrQvtCy0L7QtNC40YLQtdC70Yw=
+attributeDisplayNames:: bWFpbCzQrdC70LXQutGC0YDQvtC90L3QsNGPINC/0L7Rh9GC0LA=
+attributeDisplayNames:: bCzQk9C+0YDQvtC0
+attributeDisplayNames:: aXBQaG9uZSzQotC10LvQtdGE0L7QvdC90YvQuSDQvdC+0LzQtdGAIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs0JzQtdC20LTRg9C90LDRgNC+0LTQvdGL0Lkg0L3QvtC80LXRgCBJU0ROICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: aW5pdGlhbHMs0JjQvdC40YbQuNCw0LvRiw==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms0JTQvtC80LDRiNC90LjQuSDQsNC00YDQtdGB
+attributeDisplayNames:: aG9tZVBob25lLNCU0L7QvNCw0YjQvdC40Lkg0YLQtdC70LXRhNC+0L0=
+attributeDisplayNames:: aG9tZURyaXZlLNCU0LjRgdC6INC00L7QvNCw0YjQvdC10Lkg0L/QsNC/0LrQuA==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzQlNC+0LzQsNGI0L3Rj9GPINC/0LDQv9C60LA=
+attributeDisplayNames:: Z2l2ZW5OYW1lLNCY0LzRjw==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizQodGD0YTRhNC40LrRgSDQv9C+0LrQvtC70LXQvdC40Y8=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNCd0L7QvNC10YAg0YTQsNC60YHQsA==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzQmtC+0LQg0YHQvtGC0YDRg9C00L3QuNC60LA=
+attributeDisplayNames:: ZGl2aXNpb24s0J7RgtC00LXQuw==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDRgNCw0LfQu9C40YfQsNGO0YnQtdC10YHRjyDQuNC80Y8=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzQn9GA0Y/QvNGL0LUg0L/QvtC00YfQuNC90LXQvdC90YvQtQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCzQntGC0LTQtdC70LXQvdC40LU=
+attributeDisplayNames:: Y29tcGFueSzQntGA0LPQsNC90LjQt9Cw0YbQuNGP
+attributeDisplayNames:: Y29tbWVudCzQmtC+0LzQvNC10L3RgtCw0YDQuNC5
+attributeDisplayNames:: Y28s0KHRgtGA0LDQvdCw
+attributeDisplayNames:: YyzQodC+0LrRgNCw0YnQtdC90L3QvtC1INC+0LHQvtC30L3QsNGH0LXQvdC40LUg0YHRgtGA0LDQvdGL
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+attributeDisplayNames:: YXNzaXN0YW50LNCf0L7QvNC+0YnQvdC40Lo=
+classDisplayName:: 0J/QvtC70YzQt9C+0LLQsNGC0LXQu9GM
+cn: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=user-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: user-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=group-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us0JDQtNGA0LXRgSDRgdGC0YDQsNC90LjRhtGLINCyINCY0L3RgtC10YDQvdC10YLQtQ==
+attributeDisplayNames:: dXJsLNCQ0LTRgNC10YEg0YHRgtGA0LDQvdC40YbRiyDQsiDQmNC90YLQtdGA0L3QtdGC0LUgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs0JjQvNGPINCz0YDRg9C/0L/RiyAo0L/RgNC10LQtV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs0JrQvtC80L3QsNGC0LA=
+attributeDisplayNames:: aW5mbyzQn9GA0LjQvNC10YfQsNC90LjRjw==
+attributeDisplayNames:: bWVtYmVyLNCn0LvQtdC90Ysg0LPRgNGD0L/Qv9GL
+attributeDisplayNames:: bWFuYWdlZEJ5LNCj0L/RgNCw0LLQu9GP0LXRgtGB0Y8=
+attributeDisplayNames:: bCzQk9C+0YDQvtC0
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDRgNCw0LfQu9C40YfQsNGO0YnQtdC10YHRjyDQuNC80Y8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: YyzQodC+0LrRgNCw0YnQtdC90L3QvtC1INC+0LHQvtC30L3QsNGH0LXQvdC40LUg0YHRgtGA0LDQvdGL
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+classDisplayName:: 0JPRgNGD0L/Qv9Cw
+cn: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=group-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: group-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+classDisplayName:: 0JTQvtC80LXQvQ==
+cn: domainDNS-Display
+instanceType: 4
+distinguishedName: CN=domainDNS-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainDNS-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=contact-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us0JDQtNGA0LXRgSDRgdGC0YDQsNC90LjRhtGLINCyINCY0L3RgtC10YDQvdC10YLQtQ==
+attributeDisplayNames:: dXJsLNCQ0LTRgNC10YEg0YHRgtGA0LDQvdC40YbRiyDQsiDQmNC90YLQtdGA0L3QtdGC0LUgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: dGl0bGUs0JTQvtC70LbQvdC+0YHRgtGM
+attributeDisplayNames:: dGVsZXhOdW1iZXIs0J3QvtC80LXRgCDRgtC10LvQtdC60YHQsCAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNCd0L7QvNC10YAg0YLQtdC70LXRhNC+0L3QsA==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzQkNC00YDQtdGBLCDRg9C70LjRhtCw
+attributeDisplayNames:: c3Qs0J7QsdC70LDRgdGC0Yw=
+attributeDisplayNames:: c24s0KTQsNC80LjQu9C40Y8=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNCd0L7QvNC10YAg0YLQtdC70LXQutGB0LA=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNCc0LXQttC00YPQvdCw0YDQvtC00L3Ri9C5INC90L7QvNC10YAgSVNETg==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzQn9C+0YfRgtC+0LLRi9C5INGP0YnQuNC6
+attributeDisplayNames:: cG9zdGFsQ29kZSzQn9C+0YfRgtC+0LLRi9C5INC40L3QtNC10LrRgQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs0JrQvtC80L3QsNGC0LA=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzQotC40YLRg9C7LCDQt9Cy0LDQvdC40LU=
+attributeDisplayNames:: cGFnZXIs0J3QvtC80LXRgCDQv9C10LnQtNC20LXRgNCw
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs0J3QvtC80LXRgCDRgtC10LvQtdGE0L7QvdCwICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: b3RoZXJQYWdlcizQndC+0LzQtdGAINC/0LXQudC00LbQtdGA0LAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs0J3QvtC80LXRgCDRgdC+0YLQvtCy0L7Qs9C+INGC0LXQu9C10YTQvtC90LAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNCt0LvQtdC60YLRgNC+0L3QvdCw0Y8g0L/QvtGH0YLQsCAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLNCi0LXQu9C10YTQvtC90L3Ri9C5INC90L7QvNC10YAgSVAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs0JTQvtC80LDRiNC90LjQuSDRgtC10LvQtdGE0L7QvSAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs0J3QvtC80LXRgCDRhNCw0LrRgdCwICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: bW9iaWxlLNCd0L7QvNC10YAg0YHQvtGC0L7QstC+0LPQviDRgtC10LvQtdGE0L7QvdCw
+attributeDisplayNames:: bWlkZGxlTmFtZSzQodGA0LXQtNC90Y/RjyDRh9Cw0YHRgtGMINC40LzQtdC90LgsINC+0YLRh9C10YHRgtCy0L4=
+attributeDisplayNames:: bWVtYmVyT2Ys0KfQu9C10L3RgdGC0LLQviDQsiDQs9GA0YPQv9C/0LDRhQ==
+attributeDisplayNames:: bWFuYWdlcizQoNGD0LrQvtCy0L7QtNC40YLQtdC70Yw=
+attributeDisplayNames:: bWFpbCzQrdC70LXQutGC0YDQvtC90L3QsNGPINC/0L7Rh9GC0LA=
+attributeDisplayNames:: bCzQk9C+0YDQvtC0
+attributeDisplayNames:: aXBQaG9uZSzQotC10LvQtdGE0L7QvdC90YvQuSDQvdC+0LzQtdGAIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs0JzQtdC20LTRg9C90LDRgNC+0LTQvdGL0Lkg0L3QvtC80LXRgCBJU0ROICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: aW5mbyzQn9GA0LjQvNC10YfQsNC90LjRjw==
+attributeDisplayNames:: aW5pdGlhbHMs0JjQvdC40YbQuNCw0LvRiw==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms0JTQvtC80LDRiNC90LjQuSDQsNC00YDQtdGB
+attributeDisplayNames:: aG9tZVBob25lLNCU0L7QvNCw0YjQvdC40Lkg0YLQtdC70LXRhNC+0L0=
+attributeDisplayNames:: Z2l2ZW5OYW1lLNCY0LzRjw==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizQodGD0YTRhNC40LrRgSDQv9C+0LrQvtC70LXQvdC40Y8=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNCd0L7QvNC10YAg0YTQsNC60YHQsA==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzQmtC+0LQg0YHQvtGC0YDRg9C00L3QuNC60LA=
+attributeDisplayNames:: ZGl2aXNpb24s0J7RgtC00LXQuw==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDRgNCw0LfQu9C40YfQsNGO0YnQtdC10YHRjyDQuNC80Y8=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs0JLRi9Cy0L7QtNC40LzQvtC1INC40LzRjw==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzQn9GA0Y/QvNGL0LUg0L/QvtC00YfQuNC90LXQvdC90YvQtQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCzQntGC0LTQtdC70LXQvdC40LU=
+attributeDisplayNames:: Y29tcGFueSzQntGA0LPQsNC90LjQt9Cw0YbQuNGP
+attributeDisplayNames:: Y29tbWVudCzQmtC+0LzQvNC10L3RgtCw0YDQuNC5
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+attributeDisplayNames:: Y28s0KHRgtGA0LDQvdCw
+attributeDisplayNames:: YyzQodC+0LrRgNCw0YnQtdC90L3QvtC1INC+0LHQvtC30L3QsNGH0LXQvdC40LUg0YHRgtGA0LDQvdGL
+attributeDisplayNames:: YXNzaXN0YW50LNCf0L7QvNC+0YnQvdC40Lo=
+classDisplayName:: 0JrQvtC90YLQsNC60YI=
+cn: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=contact-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: contact-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=domainPolicy-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 0J/QvtC70LjRgtC40LrQsCDQtNC+0LzQtdC90LA=
+cn: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=domainPolicy-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=localPolicy-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 0JvQvtC60LDQu9GM0L3QsNGPINC/0L7Qu9C40YLQuNC60LA=
+cn: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=localPolicy-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: localPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serviceAdministrationPoint-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0KHQu9GD0LbQsdCw
+cn: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serviceAdministrationPoint-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=computer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs0JjQvNGPINC60L7QvNC/0YzRjtGC0LXRgNCwICjQv9GA0LXQtC1XaW5kb3dzIDIwMDAp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizQktC10YDRgdC40Y8g0L7Qv9C10YDQsNGG0LjQvtC90L3QvtC5INGB0LjRgdGC0LXQvNGL
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLNCe0L/QtdGA0LDRhtC40L7QvdC90LDRjyDRgdC40YHRgtC10LzQsA==
+attributeDisplayNames:: bWFuYWdlZEJ5LNCj0L/RgNCw0LLQu9GP0LXRgtGB0Y8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+classDisplayName:: 0JrQvtC80L/RjNGO0YLQtdGA
+cn: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+instanceType: 4
+distinguishedName: CN=computer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: computer-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=printQueue-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcizQktC10YDRgdC40Y8g0L7QsdGK0LXQutGC0LA=
+attributeDisplayNames:: dXJsLNCQ0LTRgNC10YEg0YHRgtGA0LDQvdC40YbRiyDQsiDQmNC90YLQtdGA0L3QtdGC0LU=
+attributeDisplayNames:: c2VydmVyTmFtZSzQmNC80Y8g0YHQtdGA0LLQtdGA0LA=
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzQn9C+0LTQtNC10YDQttC60LAg0YHRiNC40LLQsNC90LjRjw==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUs0JjQvNGPINC+0LHRidC10LPQviDRgNC10YHRg9GA0YHQsA==
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzQodGC0YDQsNC90LjRhiDQsiDQvNC40L3Rg9GC0YM=
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzQldC00LjQvdC40YbRiyDRgdC60L7RgNC+0YHRgtC4
+attributeDisplayNames:: cHJpbnRSYXRlLNCh0LrQvtGA0L7RgdGC0Yw=
+attributeDisplayNames:: cHJpbnRPd25lcizQmNC80Y8g0LLQu9Cw0LTQtdC70YzRhtCw
+attributeDisplayNames:: cHJpbnRNZW1vcnks0KPRgdGC0LDQvdC+0LLQu9C10L3QvdCw0Y8g0L/QsNC80Y/RgtGM
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzQn9C+0LTQtNC10YDQttC40LLQsNC10LzRi9C1INCy0LjQtNGLINCx0YPQvNCw0LPQuA==
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LNCY0YHQv9C+0LvRjNC30YPQtdC80LDRjyDQsdGD0LzQsNCz0LA=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLNCc0LDQutGB0LjQvNCw0LvRjNC90L7QtSDRgNCw0LfRgNC10YjQtdC90LjQtQ==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSzQo9C/0YDQsNCy0LvRj9GO0YnQuNC5INGP0LfRi9C6INC/0YDQuNC90YLQtdGA0LA=
+attributeDisplayNames:: cHJpbnRlck5hbWUs0J/QvtC70L3QvtC1INC40LzRjw==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQs0J/QvtC00LTQtdGA0LbQutCwINC00LLRg9GB0YLQvtGA0L7QvdC90LXQuSDQv9C10YfQsNGC0Lg=
+attributeDisplayNames:: cHJpbnRDb2xvcizQn9C+0LTQtNC10YDQttC60LAg0YbQstC10YLQvdC+0Lkg0L/QtdGH0LDRgtC4
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLNCf0L7QtNC00LXRgNC20LrQsCDRgNCw0LfQsdC+0YDQsCDQv9C+INC60L7Qv9C40Y/QvA==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzQn9C+0LTQsNGO0YnQuNC1INC70L7RgtC60Lg=
+attributeDisplayNames:: cG9ydE5hbWUs0J/QvtGA0YI=
+attributeDisplayNames:: bG9jYXRpb24s0KDQsNGB0L/QvtC70L7QttC10L3QuNC1
+attributeDisplayNames:: ZHJpdmVyTmFtZSzQnNC+0LTQtdC70Yw=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0JrQvtC80LzQtdC90YLQsNGA0LjQuQ==
+attributeDisplayNames:: Y29udGFjdE5hbWUs0JrQvtC90YLQsNC60YI=
+attributeDisplayNames:: YXNzZXROdW1iZXIs0JDRgNGC0LjQutGD0Ls=
+attributeDisplayNames:: dU5DTmFtZSzQodC10YLQtdCy0L7QtSDQuNC80Y8=
+attributeDisplayNames:: Y24s0JjQvNGPINGB0LvRg9C20LHRiyDQutCw0YLQsNC70L7Qs9C+0LI=
+classDisplayName:: 0J/RgNC40L3RgtC10YA=
+cn: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=printQueue-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: printQueue-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=site-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 0KHQsNC50YI=
+cn: site-Display
+instanceType: 4
+distinguishedName: CN=site-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: site-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+instanceType: 4
+distinguishedName: CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: container
+showInAdvancedViewOnly: TRUE
+
+dn: CN=domainPolicy-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 64+E66mU7J24IOygleyxhQ==
+cn: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=domainPolicy-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=localPolicy-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 66Gc7LusIOygleyxhQ==
+cn: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=localPolicy-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: localPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serviceAdministrationPoint-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 7ISc67mE7Iqk
+cn: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serviceAdministrationPoint-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=computer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs7Lu07ZOo7YSwIOydtOumhChXaW5kb3dzIDIwMDAg7J207KCEKQ==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizsmrTsmIEg7LK07KCcIOuyhOyghA==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLOyatOyYgSDssrTsoJw=
+attributeDisplayNames:: bWFuYWdlZEJ5LOyepey5mCDqtIDrpqzsnpA=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+classDisplayName:: 7Lu07ZOo7YSw
+cn: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+instanceType: 4
+distinguishedName: CN=computer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: computer-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=printQueue-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcizqsJzssrQg67KE7KCE
+attributeDisplayNames:: dXJsLOybuSDtjpjsnbTsp4Ag7KO87IaM
+attributeDisplayNames:: c2VydmVyTmFtZSzshJzrsoQg7J2066aE
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzsiqTthYzsnbTtlIwg7KeA7JuQ
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUs6rO17JygIOydtOumhA==
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSztjpjsnbTsp4Av67aE
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzsho3rj4Qg64uo7JyE
+attributeDisplayNames:: cHJpbnRSYXRlLOyGjeuPhA==
+attributeDisplayNames:: cHJpbnRPd25lcizshozsnKDsnpAg7J2066aE
+attributeDisplayNames:: cHJpbnRNZW1vcnks7ISk7LmY65CcIOuplOuqqOumrA==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzsp4Dsm5DrkJjripQg7Jqp7KeAIOyiheulmA==
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LOyCrOyaqe2VoCDsiJgg7J6I64qUIOyaqeyngA==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLOy1nOuMgCDtlbTsg4Hrj4Q=
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSztlITrprDthLAg7Ja47Ja0
+attributeDisplayNames:: cHJpbnRlck5hbWUs7J2066aE
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQs7JaR66m0IOyduOyHhCDsp4Dsm5A=
+attributeDisplayNames:: cHJpbnRDb2xvcizsu6zrn6wg7J247IeEIOyngOybkA==
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLO2VnCDrtoDslKkg7J247IeEIOyngOybkA==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzsnoXroKUg7Jqp7KeA7ZWo
+attributeDisplayNames:: cG9ydE5hbWUs7Y+s7Yq4
+attributeDisplayNames:: bG9jYXRpb24s7JyE7LmY
+attributeDisplayNames:: ZHJpdmVyTmFtZSzrqqjrjbg=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7KO87ISd
+attributeDisplayNames:: Y29udGFjdE5hbWUs7Jew65297LKY
+attributeDisplayNames:: YXNzZXROdW1iZXIs7J6Q7IKwIOuyiO2YuA==
+attributeDisplayNames:: dU5DTmFtZSzrhKTtirjsm4ztgawg7J2066aE
+attributeDisplayNames:: Y24s65SU66CJ7YSw66asIOyEnOu5hOyKpCDsnbTrpoQ=
+classDisplayName:: 7ZSE66aw7YSw
+cn: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=printQueue-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: printQueue-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=site-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 7IKs7J207Yq4
+cn: site-Display
+instanceType: 4
+distinguishedName: CN=site-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: site-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=server-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 7ISc67KE
+cn: server-Display
+instanceType: 4
+distinguishedName: CN=server-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: server-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 7ISk7KCV
+cn: nTDSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSDSA-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 64+E66mU7J24IOy7qO2KuOuhpOufrCDshKTsoJU=
+cn: nTDSDSA-Display
+instanceType: 4
+distinguishedName: CN=nTDSDSA-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSDSA-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSConnection-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 7Jew6rKw
+cn: nTDSConnection-Display
+instanceType: 4
+distinguishedName: CN=nTDSConnection-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSConnection-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOyEpOyglQ==
+cn: nTFRSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSReplicaSet-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOuzteygnCDshLjtirg=
+cn: nTFRSReplicaSet-Display
+instanceType: 4
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSReplicaSet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnet-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 7ISc67iM64S3
+cn: subnet-Display
+instanceType: 4
+distinguishedName: CN=subnet-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLink-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 7IKs7J207Yq4IOunge2BrA==
+cn: siteLink-Display
+instanceType: 4
+distinguishedName: CN=siteLink-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLinkBridge-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 7IKs7J207Yq4IOunge2BrCDruIzrpqzsp4A=
+cn: siteLinkBridge-Display
+instanceType: 4
+distinguishedName: CN=siteLinkBridge-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLinkBridge-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransport-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 7IKs7J207Yq4IOqwhCDsoITshqE=
+cn: interSiteTransport-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransport-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransport-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=licensingSiteSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 65287J207IS87IuxIOyCrOydtO2KuCDshKTsoJU=
+cn: licensingSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=licensingSiteSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: licensingSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSiteSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: 7IKs7J207Yq4IOyEpOyglQ==
+cn: nTDSSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSiteSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSMember-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOq1rOyEseybkA==
+cn: nTFRSMember-Display
+instanceType: 4
+distinguishedName: CN=nTFRSMember-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSMember-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriber-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOqwgOyeheyekA==
+cn: nTFRSSubscriber-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriber-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriber-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriptions-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOqwgOyehQ==
+cn: nTFRSSubscriptions-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriptions-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=organizationalUnit-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames:: bWFuYWdlZEJ5LOyepey5mCDqtIDrpqzsnpA=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: b3Us7J2066aE
+classDisplayName:: 7KGw7KeBIOuLqOychA==
+cn: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=organizationalUnit-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: organizationalUnit-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=container-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+classDisplayName:: 7Luo7YWM7J2064SI
+cn: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=container-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: container-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=rpcContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+classDisplayName:: UlBDIOyEnOu5hOyKpA==
+cn: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=rpcContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: rpcContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=trustedDomain-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+classDisplayName:: 7Yq465+s7Iqk7Yq465CcIOuPhOuplOyduA==
+cn: trustedDomain-Display
+instanceType: 4
+distinguishedName: CN=trustedDomain-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: trustedDomain-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=volume-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dU5DTmFtZSzrhKTtirjsm4ztgawg6rK966Gc
+attributeDisplayNames:: a2V5d29yZHMs7YKk7JuM65Oc
+attributeDisplayNames:: bWFuYWdlZEJ5LOyepey5mCDqtIDrpqzsnpA=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+classDisplayName:: 6rO17JygIO2PtOuNlA==
+cn: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=volume-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: volume-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQQueue-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDrjIDquLDsl7Q=
+cn: mSMQQueue-Display
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+iconPath: 0,mqsnap.dll,-251
+instanceType: 4
+distinguishedName: CN=mSMQQueue-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQQueue-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDqtazshLE=
+cn: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+instanceType: 4
+distinguishedName: CN=mSMQConfiguration-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQConfiguration-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUSDsl5TthLDtlITrnbzsnbTspog=
+cn: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+instanceType: 4
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQEnterpriseSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQMigratedUser-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUSDsl4Xqt7jroIjsnbTrk5ztlZwg7IKs7Jqp7J6Q
+cn: mSMQMigratedUser-Display
+instanceType: 4
+distinguishedName: CN=mSMQMigratedUser-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQMigratedUser-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSiteLink-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDrnbzsmrDtjIUg66eB7YGs
+cn: mSMQSiteLink-Display
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+iconPath: 0,mqsnap.dll,-254
+instanceType: 4
+distinguishedName: CN=mSMQSiteLink-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSiteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDshKTsoJU=
+cn: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+instanceType: 4
+distinguishedName: CN=mSMQSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=remoteStorageServicePoint-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu:: MCzqtIDrpqwoJk0pLi4uLFJzQWRtaW4ubXNj
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: Y24s7J2066aE
+classDisplayName:: 7JuQ6rKpIOyggOyepeyGjCDshJzruYTsiqQ=
+cn: remoteStorageServicePoint-Display
+instanceType: 4
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: remoteStorageServicePoint-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+cn: default-Display
+instanceType: 4
+distinguishedName: CN=default-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: default-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=sitesContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 7IKs7J207Yq4IOy7qO2FjOydtOuEiA==
+cn: sitesContainer-Display
+instanceType: 4
+distinguishedName: CN=sitesContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: sitesContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransportContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 7IKs7J207Yq4IOqwhCDsoITshqEg7Luo7YWM7J2064SI
+cn: interSiteTransportContainer-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransportContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransportContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnetContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 7ISc67iM64S3IOy7qO2FjOydtOuEiA==
+cn: subnetContainer-Display
+instanceType: 4
+distinguishedName: CN=subnetContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnetContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serversContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 7ISc67KEIOy7qO2FjOydtOuEiA==
+cn: serversContainer-Display
+instanceType: 4
+distinguishedName: CN=serversContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serversContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSService-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeSDshJzruYTsiqQ=
+cn: nTDSService-Display
+instanceType: 4
+distinguishedName: CN=nTDSService-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSService-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=queryPolicy-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 7L+866asIOygleyxhQ==
+cn: queryPolicy-Display
+instanceType: 4
+distinguishedName: CN=queryPolicy-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: queryPolicy-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=foreignSecurityPrincipal-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+classDisplayName:: 7Jm467aAIOuztOyViCDsoJXssYU=
+cn: foreignSecurityPrincipal-Display
+instanceType: 4
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: foreignSecurityPrincipal-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=pKICertificateTemplate-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+classDisplayName:: 7J247Kad7IScIOyWkeyLnQ==
+cn: pKICertificateTemplate-Display
+contextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+iconPath: 0,capesnpn.dll,-227
+instanceType: 4
+distinguishedName: CN=pKICertificateTemplate-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: pKICertificateTemplate-Display
+shellPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=DS-UI-Default-Settings,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+cn: DS-UI-Default-Settings
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+instanceType: 4
+distinguishedName: CN=DS-UI-Default-Settings,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: dSUISettings
+name: DS-UI-Default-Settings
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorGroup-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror Group
+cn: IntellimirrorGroup-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorGroup-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorGroup-Display
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorSCP-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror Service
+cn: IntellimirrorSCP-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorSCP-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorSCP-Display
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=user-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us7Ju5IO2OmOydtOyngCDso7zshow=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs66Gc6re47JioIOydtOumhA==
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzroZzqt7jsmKgg7JuM7YGs7Iqk7YWM7J207IWY
+attributeDisplayNames:: ZGlzcGxheU5hbWUs7ZGc7IucIOydtOumhA==
+attributeDisplayNames:: dXJsLOybuSDtjpjsnbTsp4Ag7KO87IaMICjquLDtg4Ap
+attributeDisplayNames:: dGl0bGUs7KeB7ZWo
+attributeDisplayNames:: dGVsZXhOdW1iZXIs7YWU66CJ7IqkIOuyiO2YuCAo6riw7YOAKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOyghO2ZlCDrsojtmLg=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzso7zshow=
+attributeDisplayNames:: c3Qs7IucL+uPhA==
+attributeDisplayNames:: c24s7ISx
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs66Gc6re47JioIOydtOumhChXaW5kb3dzIDIwMDAg7J207KCEKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLO2FlOugieyKpCDrsojtmLg=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOq1reygnCBJU0ROIOuyiO2YuA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzsgqzshJztlag=
+attributeDisplayNames:: cG9zdGFsQ29kZSzsmrDtjrgg67KI7Zi4
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs7IKs66y07IukIOychOy5mA==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSztmLjsua0=
+attributeDisplayNames:: cGFnZXIs7Zi47Lac6riwIOuyiO2YuA==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs7KCE7ZmUIOuyiO2YuCAo6riw7YOAKQ==
+attributeDisplayNames:: b3RoZXJQYWdlciztmLjstpzquLAg67KI7Zi4ICjquLDtg4Ap
+attributeDisplayNames:: b3RoZXJNb2JpbGUs7Zy064yA7Y+wIOuyiO2YuCAo6riw7YOAKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOyghOyekCDrqZTsnbwg7KO87IaMICjquLDtg4Ap
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOyghO2ZlCDrsojtmLggKOq4sO2DgCk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs7KeRIOyghO2ZlCDrsojtmLgo6riw7YOAKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs7Yyp7IqkIOuyiO2YuCAo6riw7YOAKQ==
+attributeDisplayNames:: aW5mbyzrqZTrqqg=
+attributeDisplayNames:: bW9iaWxlLO2ctOuMgO2PsCDrsojtmLg=
+attributeDisplayNames:: bWlkZGxlTmFtZSzspJHqsIQg7J2066aE
+attributeDisplayNames:: bWVtYmVyT2Ys6re466O5IOuTseuhnQ==
+attributeDisplayNames:: bWFuYWdlcizqtIDrpqzsnpA=
+attributeDisplayNames:: bWFpbCzsoITsnpAg66mU7J28IOyjvOyGjA==
+attributeDisplayNames:: bCzqtawv6rWwL+yLnA==
+attributeDisplayNames:: aXBQaG9uZSxJUCDsoITtmZQg67KI7Zi4
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs6rWt7KCcIElTRE4g67KI7Zi4ICjquLDtg4Ap
+attributeDisplayNames:: aW5pdGlhbHMs7J2064uI7IWc
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms7KeRIOyjvOyGjA==
+attributeDisplayNames:: aG9tZVBob25lLOynkSDsoITtmZQ=
+attributeDisplayNames:: aG9tZURyaXZlLO2ZiCDrk5zrnbzsnbTruIw=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSztmYgg7Y+0642U
+attributeDisplayNames:: Z2l2ZW5OYW1lLOydtOumhCjshLEg7JeG7J2MKQ==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizshLjrjIAg7KCR66+47IKs
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLO2MqeyKpCDrsojtmLg=
+attributeDisplayNames:: ZW1wbG95ZWVJRCzsp4Hsm5AgSUQ=
+attributeDisplayNames:: ZGl2aXNpb24s6rWtKOu2gOyEnCk=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDqs6DsnKAg7J2066aE
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzrtoDtlZgg7KeB7JuQ
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: ZGVwYXJ0bWVudCzrtoDshJw=
+attributeDisplayNames:: Y29tcGFueSztmozsgqw=
+attributeDisplayNames:: Y29tbWVudCzso7zshJ0=
+attributeDisplayNames:: Y28s6rWt6rCA
+attributeDisplayNames:: Yyzqta3qsIAg7JW97J6Q
+attributeDisplayNames:: Y24s7J2066aE
+attributeDisplayNames:: YXNzaXN0YW50LOu5hOyEnA==
+classDisplayName:: 7IKs7Jqp7J6Q
+cn: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=user-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: user-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=group-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us7Ju5IO2OmOydtOyngCDso7zshow=
+attributeDisplayNames:: dXJsLOybuSDtjpjsnbTsp4Ag7KO87IaMICjquLDtg4Ap
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs6re466O5IOydtOumhChXaW5kb3dzIDIwMDAg7J207KCEKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs7IKs66y07IukIOychOy5mA==
+attributeDisplayNames:: aW5mbyzrqZTrqqg=
+attributeDisplayNames:: bWVtYmVyLOq1rOyEseybkA==
+attributeDisplayNames:: bWFuYWdlZEJ5LOyepey5mCDqtIDrpqzsnpA=
+attributeDisplayNames:: bCzqtawv6rWwL+yLnA==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDqs6DsnKAg7J2066aE
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Yyzqta3qsIAg7JW97J6Q
+attributeDisplayNames:: Y24s7J2066aE
+classDisplayName:: 6re466O5
+cn: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=group-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: group-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+classDisplayName:: 64+E66mU7J24
+cn: domainDNS-Display
+instanceType: 4
+distinguishedName: CN=domainDNS-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainDNS-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=contact-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us7Ju5IO2OmOydtOyngCDso7zshow=
+attributeDisplayNames:: dXJsLOybuSDtjpjsnbTsp4Ag7KO87IaMICjquLDtg4Ap
+attributeDisplayNames:: dGl0bGUs7KeB7ZWo
+attributeDisplayNames:: dGVsZXhOdW1iZXIs7YWU66CJ7IqkIOuyiO2YuCAo6riw7YOAKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOyghO2ZlCDrsojtmLg=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzso7zshow=
+attributeDisplayNames:: c3Qs7IucL+uPhA==
+attributeDisplayNames:: c24s7ISx
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLO2FlOugieyKpCDrsojtmLg=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOq1reygnCBJU0ROIOuyiO2YuA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzsgqzshJztlag=
+attributeDisplayNames:: cG9zdGFsQ29kZSzsmrDtjrgg67KI7Zi4
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs7IKs66y07IukIOychOy5mA==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSztmLjsua0=
+attributeDisplayNames:: cGFnZXIs7Zi47Lac6riwIOuyiO2YuA==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs7KCE7ZmUIOuyiO2YuCAo6riw7YOAKQ==
+attributeDisplayNames:: b3RoZXJQYWdlciztmLjstpzquLAg67KI7Zi4ICjquLDtg4Ap
+attributeDisplayNames:: b3RoZXJNb2JpbGUs7Zy064yA7Y+wIOuyiO2YuCAo6riw7YOAKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOyghOyekCDrqZTsnbwg7KO87IaMICjquLDtg4Ap
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOyghO2ZlCDrsojtmLggKOq4sO2DgCk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs7KeRIOyghO2ZlCDrsojtmLggKOq4sO2DgCk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs7Yyp7IqkIOuyiO2YuCAo6riw7YOAKQ==
+attributeDisplayNames:: bW9iaWxlLO2ctOuMgO2PsCDrsojtmLg=
+attributeDisplayNames:: bWlkZGxlTmFtZSzspJHqsIQg7J2066aE
+attributeDisplayNames:: bWVtYmVyT2Ys6re466O5IOuTseuhnQ==
+attributeDisplayNames:: bWFuYWdlcizqtIDrpqzsnpA=
+attributeDisplayNames:: bWFpbCzsoITsnpAg66mU7J28IOyjvOyGjA==
+attributeDisplayNames:: bCzqtawv6rWwL+yLnA==
+attributeDisplayNames:: aXBQaG9uZSxJUCDsoITtmZQg67KI7Zi4
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs6rWt7KCcIElTRE4g67KI7Zi4ICjquLDtg4Ap
+attributeDisplayNames:: aW5mbyzrqZTrqqg=
+attributeDisplayNames:: aW5pdGlhbHMs7J2064uI7IWc
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms7KeRIOyjvOyGjA==
+attributeDisplayNames:: aG9tZVBob25lLOynkSDsoITtmZQ=
+attributeDisplayNames:: Z2l2ZW5OYW1lLOydtOumhCjshLEg7JeG7J2MKQ==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizshLjrjIAg7KCR66+47IKs
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLO2MqeyKpCDrsojtmLg=
+attributeDisplayNames:: ZW1wbG95ZWVJRCzsp4Hsm5AgSUQ=
+attributeDisplayNames:: ZGl2aXNpb24s6rWtKOu2gOyEnCk=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDqs6DsnKAg7J2066aE
+attributeDisplayNames:: ZGlzcGxheU5hbWUs7ZGc7IucIOydtOumhA==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzrtoDtlZgg7KeB7JuQ
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: ZGVwYXJ0bWVudCzrtoDshJw=
+attributeDisplayNames:: Y29tcGFueSztmozsgqw=
+attributeDisplayNames:: Y29tbWVudCzso7zshJ0=
+attributeDisplayNames:: Y24s7J2066aE
+attributeDisplayNames:: Y28s6rWt6rCA
+attributeDisplayNames:: Yyzqta3qsIAg7JW97J6Q
+attributeDisplayNames:: YXNzaXN0YW50LOu5hOyEnA==
+classDisplayName:: 7Jew65297LKY
+cn: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=contact-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: contact-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+instanceType: 4
+distinguishedName: CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: container
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorGroup-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Groupe IntelliMirror
+cn: IntellimirrorGroup-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorGroup-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorGroup-Display
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=IntellimirrorSCP-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: Service IntelliMirror
+cn: IntellimirrorSCP-Display
+instanceType: 4
+distinguishedName: CN=IntellimirrorSCP-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: IntellimirrorSCP-Display
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=user-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBkZSBwYWdlIFdlYg==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tIGQnb3V2ZXJ0dXJlIGRlIHNlc3Npb24=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxTdGF0aW9ucyBkZSB0cmF2YWlsIGFjY2Vzc2libGVz
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tIGNvbXBsZXQ=
+attributeDisplayNames:: dXJsLEFkcmVzc2UgZGUgcGFnZSBXZWIgKEF1dHJlcyk=
+attributeDisplayNames:: dGl0bGUsSW50aXR1bMOpIGRlIGxhIGZvbmN0aW9u
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtw6lybyBkZSB0w6lsZXggKEF1dHJlcyk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bcOpcm8gZGUgdMOpbMOpcGhvbmU=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc3NlIHBvc3RhbGU=
+attributeDisplayNames:: c3Qsw4l0YXQvUsOpZ2lvbg==
+attributeDisplayNames:: c24sTm9tIGRlIGZhbWlsbGU=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tIGQnb3V2ZXJ0dXJlIGRlIHNlc3Npb24gKGFudMOpcmlldXIgw6AgV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bcOpcm8gZGUgdMOpbGV4
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE51bcOpcm8gUk5JUyBpbnRlcm5hdGlvbmFs
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxCb8OudGUgcG9zdGFsZQ==
+attributeDisplayNames:: cG9zdGFsQ29kZSxDb2RlIHBvc3RhbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQWRyZXNzZSBkdSBidXJlYXU=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRyZQ==
+attributeDisplayNames:: cGFnZXIsTnVtw6lybyBkZSByw6ljZXB0ZXVyIGRlIHJhZGlvLW1lc3NhZ2VyaWU=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW3DqXJvIGRlIHLDqWNlcHRldXIgZGUgcmFkaW8tbWVzc2FnZXJpZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSBtb2JpbGUgKEF1dHJlcyk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEFkcmVzc2UgZGUgbWVzc2FnZXJpZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bcOpcm8gZGUgdMOpbMOpcGhvbmUgSVAgKEF1dHJlcyk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSBkb21pY2lsZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtw6lybyBkZSB0w6lsw6ljb3BpZXVyIChBdXRyZXMp
+attributeDisplayNames:: aW5mbyxSZW1hcnF1ZXM=
+attributeDisplayNames:: bW9iaWxlLE51bcOpcm8gZGUgdMOpbMOpcGhvbmUgbW9iaWxl
+attributeDisplayNames:: bWlkZGxlTmFtZSxEZXV4acOobWUgcHLDqW5vbQ==
+attributeDisplayNames:: bWVtYmVyT2YsQWRow6lzaW9uIGF1IGdyb3VwZQ==
+attributeDisplayNames:: bWFuYWdlcixTdXDDqXJpZXVyIGRpcmVjdA==
+attributeDisplayNames:: bWFpbCxBZHJlc3NlIGRlIG1lc3NhZ2VyaWU=
+attributeDisplayNames:: bCxWaWxsZQ==
+attributeDisplayNames:: aXBQaG9uZSxOdW3DqXJvIGRlIHTDqWzDqXBob25lIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTnVtw6lybyBSTklTIGludGVybmF0aW9uYWwgKEF1dHJlcyk=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVzwqA=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzZSBkb21pY2lsZQ==
+attributeDisplayNames:: aG9tZVBob25lLFTDqWzDqXBob25lIGRvbWljaWxl
+attributeDisplayNames:: aG9tZURyaXZlLExlY3RldXIgZGUgYmFzZQ==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxEb3NzaWVyIGRlIGJhc2U=
+attributeDisplayNames:: Z2l2ZW5OYW1lLFByw6lub20=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZmaXhlIGRlIGfDqW7DqXJhdGlvbg==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bcOpcm8gZGUgdMOpbMOpY29waWV1csKg
+attributeDisplayNames:: ZW1wbG95ZWVJRCxOdW3DqXJvIGQnZW1wbG95w6k=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb24=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tIHVuaXF1ZSBYNTAw
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxDb2xsYWJvcmF0ZXVycyBkaXJlY3Rz
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcHRpb24=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEw6lwYXJ0ZW1lbnQ=
+attributeDisplayNames:: Y29tcGFueSxTb2Npw6l0w6k=
+attributeDisplayNames:: Y29tbWVudCxDb21tZW50YWlyZQ==
+attributeDisplayNames:: Y28sUGF5cw==
+attributeDisplayNames:: YyxBYnLDqXZpYXRpb24gZHUgcGF5cw==
+attributeDisplayNames:: Y24sTm9t
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGFudA==
+classDisplayName: Utilisateur
+cn: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=user-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: user-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=group-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBkZSBwYWdlIFdlYg==
+attributeDisplayNames:: dXJsLEFkcmVzc2UgZGUgcGFnZSBXZWIgKEF1dHJlcyk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tIGRlIGdyb3VwZSAoYW50w6lyaWV1ciDDoCBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQWRyZXNzZSBkdSBidXJlYXU=
+attributeDisplayNames:: aW5mbyxSZW1hcnF1ZXM=
+attributeDisplayNames:: bWVtYmVyLE1lbWJyZXM=
+attributeDisplayNames:: bWFuYWdlZEJ5LEfDqXLDqSBwYXI=
+attributeDisplayNames:: bCxWaWxsZQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tIHVuaXF1ZSBYNTAw
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcHRpb24=
+attributeDisplayNames:: YyxBYnLDqXZpYXRpb24gZHUgcGF5cw==
+attributeDisplayNames:: Y24sTm9t
+classDisplayName: Groupe
+cn: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=group-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: group-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+classDisplayName: Domaine
+cn: domainDNS-Display
+instanceType: 4
+distinguishedName: CN=domainDNS-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainDNS-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=contact-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBkZSBwYWdlIFdlYg==
+attributeDisplayNames:: dXJsLEFkcmVzc2UgZGUgcGFnZSBXZWIgKEF1dHJlcyk=
+attributeDisplayNames:: dGl0bGUsSW50aXR1bMOpIGRlIGxhIGZvbmN0aW9u
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtw6lybyBkZSB0w6lsZXggKEF1dHJlcyk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bcOpcm8gZGUgdMOpbMOpcGhvbmU=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc3NlIHBvc3RhbGU=
+attributeDisplayNames:: c3Qsw4l0YXQvUsOpZ2lvbg==
+attributeDisplayNames:: c24sTm9tIGRlIGZhbWlsbGU=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bcOpcm8gZGUgdMOpbGV4
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE51bcOpcm8gUk5JUyBpbnRlcm5hdGlvbmFs
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxCb8OudGUgcG9zdGFsZQ==
+attributeDisplayNames:: cG9zdGFsQ29kZSxDb2RlIHBvc3RhbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQWRyZXNzZSBkdSBidXJlYXU=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRyZQ==
+attributeDisplayNames:: cGFnZXIsTnVtw6lybyBkZSByw6ljZXB0ZXVyIGRlIHJhZGlvLW1lc3NhZ2VyaWU=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW3DqXJvIGRlIHLDqWNlcHRldXIgZGUgcmFkaW8tbWVzc2FnZXJpZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSBtb2JpbGUgKEF1dHJlcyk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEFkcmVzc2UgZGUgbWVzc2FnZXJpZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bcOpcm8gZGUgdMOpbMOpcGhvbmUgSVAgKEF1dHJlcyk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSBkb21pY2lsZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtw6lybyBkZSB0w6lsw6ljb3BpZXVyIChBdXRyZXMp
+attributeDisplayNames:: bW9iaWxlLE51bcOpcm8gZGUgdMOpbMOpcGhvbmUgbW9iaWxl
+attributeDisplayNames:: bWlkZGxlTmFtZSxEZXV4acOobWUgcHLDqW5vbQ==
+attributeDisplayNames:: bWVtYmVyT2YsQWRow6lzaW9uIGF1IGdyb3VwZQ==
+attributeDisplayNames:: bWFuYWdlcixTdXDDqXJpZXVyIGRpcmVjdA==
+attributeDisplayNames:: bWFpbCxBZHJlc3NlIGRlIG1lc3NhZ2VyaWU=
+attributeDisplayNames:: bCxWaWxsZQ==
+attributeDisplayNames:: aXBQaG9uZSxOdW3DqXJvIGRlIHTDqWzDqXBob25lIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTnVtw6lybyBSTklTIGludGVybmF0aW9uYWwgKEF1dHJlcyk=
+attributeDisplayNames:: aW5mbyxSZW1hcnF1ZXM=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVzwqA=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzZSBkb21pY2lsZQ==
+attributeDisplayNames:: aG9tZVBob25lLFTDqWzDqXBob25lIGRvbWljaWxl
+attributeDisplayNames:: Z2l2ZW5OYW1lLFByw6lub20=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZmaXhlIGRlIGfDqW7DqXJhdGlvbg==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bcOpcm8gZGUgdMOpbMOpY29waWV1csKg
+attributeDisplayNames:: ZW1wbG95ZWVJRCxOdW3DqXJvIGQnZW1wbG95w6k=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb24=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tIHVuaXF1ZSBYNTAw
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tIGNvbXBsZXQ=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxDb2xsYWJvcmF0ZXVycyBkaXJlY3Rz
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcHRpb24=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEw6lwYXJ0ZW1lbnQ=
+attributeDisplayNames:: Y29tcGFueSxTb2Npw6l0w6k=
+attributeDisplayNames:: Y29tbWVudCxDb21tZW50YWlyZQ==
+attributeDisplayNames:: Y24sTm9t
+attributeDisplayNames:: Y28sUGF5cw==
+attributeDisplayNames:: YyxBYnLDqXZpYXRpb24gZHUgcGF5cw==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGFudA==
+classDisplayName: Contact
+cn: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=contact-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: contact-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=domainPolicy-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: U3RyYXTDqWdpZSBkZSBkb21haW5l
+cn: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=domainPolicy-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: domainPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=localPolicy-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: U3RyYXTDqWdpZSBsb2NhbGU=
+cn: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=localPolicy-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: localPolicy-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serviceAdministrationPoint-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Service
+cn: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serviceAdministrationPoint-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=computer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tIGQnb3JkaW5hdGV1ciAoYW50w6lyaWV1ciDDoCBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixWZXJzaW9uIGR1IHN5c3TDqG1lIGQnZXhwbG9pdGF0aW9u
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLFN5c3TDqG1lIGQnZXhwbG9pdGF0aW9u
+attributeDisplayNames:: bWFuYWdlZEJ5LEfDqXLDqSBwYXI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcHRpb24=
+attributeDisplayNames:: Y24sTm9t
+classDisplayName: Ordinateur
+cn: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+instanceType: 4
+distinguishedName: CN=computer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: computer-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=printQueue-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixWZXJzaW9uIGRlIGwnb2JqZXQ=
+attributeDisplayNames:: dXJsLEFkcmVzc2UgZGUgcGFnZSBXZWI=
+attributeDisplayNames:: c2VydmVyTmFtZSxOb20gZHUgc2VydmV1cg==
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxQcmVuZCBlbiBjaGFyZ2UgbCdhZ3JhZmFnZQ==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTm9tIGRlIHBhcnRhZ2U=
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxQYWdlcyBwYXIgbWludXRl
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxVbml0w6lzIGRlIHZpdGVzc2U=
+attributeDisplayNames:: cHJpbnRSYXRlLFZpdGVzc2U=
+attributeDisplayNames:: cHJpbnRPd25lcixOb20gZHUgcHJvcHJpw6l0YWlyZQ==
+attributeDisplayNames:: cHJpbnRNZW1vcnksTcOpbW9pcmUgaW5zdGFsbMOpZQ==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxUeXBlcyBkZSBwYXBpZXIgcHJpcyBlbiBjaGFyZ2U=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFBhcGllciBkaXNwb25pYmxl
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLFLDqXNvbHV0aW9uIG1heGltYWxl
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxMYW5nYWdlIGRlIGwnaW1wcmltYW50ZQ==
+attributeDisplayNames:: cHJpbnRlck5hbWUsTm9t
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsUHJlbmQgZW4gY2hhcmdlIGwnaW1wcmVzc2lvbiByZWN0byB2ZXJzbw==
+attributeDisplayNames:: cHJpbnRDb2xvcixQcmVuZCBlbiBjaGFyZ2UgbCdpbXByZXNzaW9uIGVuIGNvdWxldXI=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFByZW5kIGVuIGNoYXJnZSBsJ2Fzc2VtYmxhZ2U=
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxCYWNzIGQnZW50csOpZQ==
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydA==
+attributeDisplayNames:: bG9jYXRpb24sRW1wbGFjZW1lbnQ=
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2TDqGxl
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQ29tbWVudGFpcmU=
+attributeDisplayNames:: Y29udGFjdE5hbWUsQ29udGFjdA==
+attributeDisplayNames:: YXNzZXROdW1iZXIsTnVtw6lybyBkZSBjb250csO0bGU=
+attributeDisplayNames:: dU5DTmFtZSxOb20gcsOpc2VhdQ==
+attributeDisplayNames:: Y24sTm9tIGR1IHNlcnZpY2UgZCdhbm51YWlyZQ==
+classDisplayName: Imprimante
+cn: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=printQueue-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: printQueue-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=site-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Site
+cn: site-Display
+instanceType: 4
+distinguishedName: CN=site-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: site-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=server-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Serveur
+cn: server-Display
+instanceType: 4
+distinguishedName: CN=server-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: server-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: UGFyYW3DqHRyZXM=
+cn: nTDSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSDSA-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: UGFyYW3DqHRyZXMgZHUgY29udHLDtGxldXIgZGUgZG9tYWluZQ==
+cn: nTDSDSA-Display
+instanceType: 4
+distinguishedName: CN=nTDSDSA-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSDSA-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSConnection-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Connexion
+cn: nTDSConnection-Display
+instanceType: 4
+distinguishedName: CN=nTDSConnection-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSConnection-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: UGFyYW3DqHRyZXMgRlJT
+cn: nTFRSSettings-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSReplicaSet-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: SmV1IGRlIHLDqXBsaWNhcyBGUlM=
+cn: nTFRSReplicaSet-Display
+instanceType: 4
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSReplicaSet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnet-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: U291cy1yw6lzZWF1
+cn: subnet-Display
+instanceType: 4
+distinguishedName: CN=subnet-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnet-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLink-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Lien du site
+cn: siteLink-Display
+instanceType: 4
+distinguishedName: CN=siteLink-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=siteLinkBridge-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Pont de la liaison du site
+cn: siteLinkBridge-Display
+instanceType: 4
+distinguishedName: CN=siteLinkBridge-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: siteLinkBridge-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransport-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Transport inter-sites
+cn: interSiteTransport-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransport-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransport-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=licensingSiteSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: UGFyYW3DqHRyZSBkdSBzaXRlIGRlIGdlc3Rpb24gZGVzIGxpY2VuY2Vz
+cn: licensingSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=licensingSiteSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: licensingSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSSiteSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: UGFyYW3DqHRyZXMgZHUgc2l0ZQ==
+cn: nTDSSiteSettings-Display
+instanceType: 4
+distinguishedName: CN=nTDSSiteSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSSiteSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSMember-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Membre FRS
+cn: nTFRSMember-Display
+instanceType: 4
+distinguishedName: CN=nTFRSMember-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSMember-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriber-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: QWJvbm7DqSBGUlM=
+cn: nTFRSSubscriber-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriber-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriber-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTFRSSubscriptions-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Abonnements FRS
+cn: nTFRSSubscriptions-Display
+instanceType: 4
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTFRSSubscriptions-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=organizationalUnit-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames:: bWFuYWdlZEJ5LEfDqXLDqSBwYXI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcHRpb24=
+attributeDisplayNames:: b3UsTm9t
+classDisplayName:: VW5pdMOpIGQnb3JnYW5pc2F0aW9u
+cn: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=organizationalUnit-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: organizationalUnit-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=container-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+classDisplayName: Conteneur
+cn: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=container-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: container-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=rpcContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+classDisplayName: Services RPC
+cn: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=rpcContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: rpcContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=trustedDomain-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+classDisplayName:: RG9tYWluZSBhcHByb3V2w6k=
+cn: trustedDomain-Display
+instanceType: 4
+distinguishedName: CN=trustedDomain-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: trustedDomain-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=volume-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames:: dU5DTmFtZSxDaGVtaW4gcsOpc2VhdQ==
+attributeDisplayNames:: a2V5d29yZHMsTW90cy1jbMOpcw==
+attributeDisplayNames:: bWFuYWdlZEJ5LEfDqXLDqSBwYXI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcHRpb24=
+attributeDisplayNames:: Y24sTm9t
+classDisplayName:: RG9zc2llciBwYXJ0YWfDqQ==
+cn: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+instanceType: 4
+distinguishedName: CN=volume-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: volume-Display
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQQueue-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: File d'attente MSMQ
+cn: mSMQQueue-Display
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+iconPath: 0,mqsnap.dll,-251
+instanceType: 4
+distinguishedName: CN=mSMQQueue-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQQueue-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: Configuration MSMQ
+cn: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+instanceType: 4
+distinguishedName: CN=mSMQConfiguration-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQConfiguration-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: Entreprise MSMQ
+cn: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+instanceType: 4
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQEnterpriseSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQMigratedUser-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: VXRpbGlzYXRldXIgYXlhbnQgdW5lIG1pc2Ugw6Agbml2ZWF1IE1TTVE=
+cn: mSMQMigratedUser-Display
+instanceType: 4
+distinguishedName: CN=mSMQMigratedUser-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQMigratedUser-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSiteLink-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: Liaison de routage MSMQ
+cn: mSMQSiteLink-Display
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+iconPath: 0,mqsnap.dll,-254
+instanceType: 4
+distinguishedName: CN=mSMQSiteLink-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSiteLink-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=mSMQSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: UGFyYW3DqHRyZXMgTVNNUQ==
+cn: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+instanceType: 4
+distinguishedName: CN=mSMQSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: mSMQSettings-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=remoteStorageServicePoint-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu:: MCwmR8OpcmVyLi4uLFJzQWRtaW4ubXNj
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames: cn,Nom
+classDisplayName:: U2VydmljZSBkZSBzdG9ja2FnZSDDqXRlbmR1
+cn: remoteStorageServicePoint-Display
+instanceType: 4
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: remoteStorageServicePoint-Display
+showInAdvancedViewOnly: TRUE
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+cn: default-Display
+instanceType: 4
+distinguishedName: CN=default-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: default-Display
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=sitesContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Conteneur de sites
+cn: sitesContainer-Display
+instanceType: 4
+distinguishedName: CN=sitesContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: sitesContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=interSiteTransportContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Conteneur de transports inter-sites
+cn: interSiteTransportContainer-Display
+instanceType: 4
+distinguishedName: CN=interSiteTransportContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: interSiteTransportContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=subnetContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: Q29udGVuZXVyIGRlIHNvdXMtcsOpc2VhdXg=
+cn: subnetContainer-Display
+instanceType: 4
+distinguishedName: CN=subnetContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: subnetContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=serversContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Conteneur de serveurs
+cn: serversContainer-Display
+instanceType: 4
+distinguishedName: CN=serversContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: serversContainer-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=nTDSService-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Service Active Directory
+cn: nTDSService-Display
+instanceType: 4
+distinguishedName: CN=nTDSService-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: nTDSService-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=queryPolicy-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U3RyYXTDqWdpZSBkZSByZXF1w6p0ZQ==
+cn: queryPolicy-Display
+instanceType: 4
+distinguishedName: CN=queryPolicy-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: queryPolicy-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=foreignSecurityPrincipal-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+classDisplayName:: U8OpY3VyaXTDqSBleHTDqXJpZXVyZSBwcmluY2lwYWxl
+cn: foreignSecurityPrincipal-Display
+instanceType: 4
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: foreignSecurityPrincipal-Display
+showInAdvancedViewOnly: TRUE
+
+dn: CN=pKICertificateTemplate-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+adminContextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+classDisplayName:: TW9kw6hsZSBkZSBjZXJ0aWZpY2F0
+cn: pKICertificateTemplate-Display
+contextMenu: 0,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+iconPath: 0,capesnpn.dll,-227
+instanceType: 4
+distinguishedName: CN=pKICertificateTemplate-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: displaySpecifier
+name: pKICertificateTemplate-Display
+shellPropertyPages: 1,{9bff616c-3e02-11d2-a4ca-00c04fb93209}
+showInAdvancedViewOnly: TRUE
+
+dn: CN=DS-UI-Default-Settings,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+cn: DS-UI-Default-Settings
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+instanceType: 4
+distinguishedName: CN=DS-UI-Default-Settings,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+objectClass: dSUISettings
+name: DS-UI-Default-Settings
+showInAdvancedViewOnly: TRUE
diff --git a/source4/setup/display-specifiers/DisplaySpecifiers-Win2k3.txt b/source4/setup/display-specifiers/DisplaySpecifiers-Win2k3.txt
new file mode 100644
index 0000000..caf4db9
--- /dev/null
+++ b/source4/setup/display-specifiers/DisplaySpecifiers-Win2k3.txt
@@ -0,0 +1,29548 @@
+#Intellectual Property Rights Notice for Open Specifications Documentation
+#
+#- Technical Documentation. Microsoft publishes Open Specifications documentation for protocols, file formats, languages, standards as well as overviews of the interaction among each of these technologies. 
+#- Copyrights. This documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you may make copies of it in order to develop implementations of the technologies described in the Open Specifications and may distribute portions of it in your implementations using these technologies or your documentation as necessary to properly document the implementation. You may also distribute in your implementation, with or without modification, any schema, IDL’s, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the Open Specifications. 
+#
+#- No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation. 
+#
+#- Patents. Microsoft has patents that may cover your implementations of the technologies described in the Open Specifications. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, a given Open Specification may be covered by Microsoft's Open Specification Promise (available here: http://www.microsoft.com/interop/osp) or the Community Promise (available here:  http://www.microsoft.com/interop/cp/default.mspx). If you would prefer a written license, or if the technologies described n the Open Specifications are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting iplg@microsoft.com. 
+#
+#- Trademarks. The names of companies and products contained in this documentation may be covered by trademarks or similar intellectual property rights. This notice does not grant any licenses under those rights. 
+#
+#- Reservation of Rights. All other rights are reserved, and this notice does not grant any rights other than specifically described above, whether by implication, estoppel, or otherwise. 
+#
+#- Tools. The Open Specifications do not require the use of Microsoft programming tools or programming environments in order for you to develop an implementation. If you have access to Microsoft programming tools and environments you are free to take advantage of them. Certain Open Specifications are intended for use in conjunction with publicly available standard specifications and network programming art, and assumes that the reader either is familiar with the aforementioned material or has immediate access to it.
+#
+#- Preliminary Documentation. This Open Specification is preliminary documentation for this technology.  Since the documentation may change between this preliminary version and the final version, there are risks in relying on preliminary documentation. To the extent that you incur additional development obligations or any other costs as a result of relying on this preliminary documentation, you do so at your own risk.
+
+dn: CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+cn: DisplaySpecifiers
+distinguishedName: CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectVersion: 1
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DisplaySpecifiers
+systemFlags: -2147483648
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror Group
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror Service
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 7IKs7Jqp7J6Q
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us7Ju5IO2OmOydtOyngCDso7zshow=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs66Gc6re47JioIOydtOumhA==
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzroZzqt7jsmKgg7JuM7YGs7Iqk7YWM7J207IWY
+attributeDisplayNames:: ZGlzcGxheU5hbWUs7ZGc7IucIOydtOumhA==
+attributeDisplayNames:: dXJsLOybuSDtjpjsnbTsp4Ag7KO87IaMKOq4sO2DgCk=
+attributeDisplayNames:: dGl0bGUs7KeB7ZWo
+attributeDisplayNames:: dGVsZXhOdW1iZXIs7YWU66CJ7IqkIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOyghO2ZlCDrsojtmLg=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzso7zshow=
+attributeDisplayNames:: c3Qs7IucL+uPhA==
+attributeDisplayNames:: c24s7ISx
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs66Gc6re47JioIOydtOumhChXaW5kb3dzIDIwMDAg7J207KCEKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLO2FlOugieyKpCDrsojtmLg=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOq1reygnCBJU0ROIOuyiO2YuA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzsgqzshJztlag=
+attributeDisplayNames:: cG9zdGFsQ29kZSzsmrDtjrgg67KI7Zi4
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs7IKs66y07IukIOychOy5mA==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSztmLjsua0=
+attributeDisplayNames:: cGFnZXIs7Zi47Lac6riwIOuyiO2YuA==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs7KCE7ZmUIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: b3RoZXJQYWdlciztmLjstpzquLAg67KI7Zi4KOq4sO2DgCk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs7Zy064yA7Y+wIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOyghOyekCDrqZTsnbwg7KO87IaMKOq4sO2DgCk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOyghO2ZlCDrsojtmLgo6riw7YOAKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs7KeRIOyghO2ZlCDrsojtmLgo6riw7YOAKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs7Yyp7IqkIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: aW5mbyzrqZTrqqg=
+attributeDisplayNames:: bW9iaWxlLO2ctOuMgO2PsCDrsojtmLg=
+attributeDisplayNames:: bWlkZGxlTmFtZSzspJHqsIQg7J2066aE
+attributeDisplayNames:: bWVtYmVyT2Ys7IaM7IaNIOq3uOujuQ==
+attributeDisplayNames:: bWFuYWdlcizqtIDrpqzsnpA=
+attributeDisplayNames:: bWFpbCzsoITsnpAg66mU7J28IOyjvOyGjA==
+attributeDisplayNames:: bCzqtawv6rWwL+yLnA==
+attributeDisplayNames:: aXBQaG9uZSxJUCDsoITtmZQg67KI7Zi4
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs6rWt7KCcIElTRE4g67KI7Zi4KOq4sO2DgCk=
+attributeDisplayNames:: aW5pdGlhbHMs7J2064uI7IWcKOykkeqwhCDsnbTrpoQp
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms7KeRIOyjvOyGjA==
+attributeDisplayNames:: aG9tZVBob25lLOynkSDsoITtmZQ=
+attributeDisplayNames:: aG9tZURyaXZlLO2ZiCDrk5zrnbzsnbTruIw=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSztmYgg7Y+0642U
+attributeDisplayNames:: Z2l2ZW5OYW1lLOydtOumhCjshLEg7JeG7J2MKQ==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizshLjrjIAg7KCR66+47IKs
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLO2MqeyKpCDrsojtmLg=
+attributeDisplayNames:: ZW1wbG95ZWVJRCzsp4Hsm5AgSUQ=
+attributeDisplayNames:: ZGl2aXNpb24s6rWtKOu2gOyEnCk=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDqs6DsnKAg7J2066aE
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzrtoDtlZgg7KeB7JuQ
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: ZGVwYXJ0bWVudCzrtoDshJw=
+attributeDisplayNames:: Y29tcGFueSztmozsgqw=
+attributeDisplayNames:: Y29tbWVudCzso7zshJ0=
+attributeDisplayNames:: Y28s6rWt6rCA
+attributeDisplayNames:: Yyzqta3qsIAg7JW97J6Q
+attributeDisplayNames:: Y24s7J2066aE
+attributeDisplayNames:: YXNzaXN0YW50LOu5hOyEnA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 6re466O5
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us7Ju5IO2OmOydtOyngCDso7zshow=
+attributeDisplayNames:: dXJsLOybuSDtjpjsnbTsp4Ag7KO87IaMKOq4sO2DgCk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs6re466O5IOydtOumhChXaW5kb3dzIDIwMDAg7J207KCEKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs7IKs66y07IukIOychOy5mA==
+attributeDisplayNames:: aW5mbyzrqZTrqqg=
+attributeDisplayNames:: bWVtYmVyLOq1rOyEseybkA==
+attributeDisplayNames:: bWFuYWdlZEJ5LOq0gOumrA==
+attributeDisplayNames:: bCzqtawv6rWwL+yLnA==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDqs6DsnKAg7J2066aE
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Yyzqta3qsIAg7JW97J6Q
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 64+E66mU7J24
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: ZGMs7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 7Jew65297LKY
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us7Ju5IO2OmOydtOyngCDso7zshow=
+attributeDisplayNames:: dXJsLOybuSDtjpjsnbTsp4Ag7KO87IaMKOq4sO2DgCk=
+attributeDisplayNames:: dGl0bGUs7KeB7ZWo
+attributeDisplayNames:: dGVsZXhOdW1iZXIs7YWU66CJ7IqkIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOyghO2ZlCDrsojtmLg=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzso7zshow=
+attributeDisplayNames:: c3Qs7IucL+uPhA==
+attributeDisplayNames:: c24s7ISx
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLO2FlOugieyKpCDrsojtmLg=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOq1reygnCBJU0ROIOuyiO2YuA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzsgqzshJztlag=
+attributeDisplayNames:: cG9zdGFsQ29kZSzsmrDtjrgg67KI7Zi4
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs7IKs66y07IukIOychOy5mA==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSztmLjsua0=
+attributeDisplayNames:: cGFnZXIs7Zi47Lac6riwIOuyiO2YuA==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs7KCE7ZmUIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: b3RoZXJQYWdlciztmLjstpzquLAg67KI7Zi4KOq4sO2DgCk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs7Zy064yA7Y+wIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOyghOyekCDrqZTsnbwg7KO87IaMKOq4sO2DgCk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOyghO2ZlCDrsojtmLgo6riw7YOAKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs7KeRIOyghO2ZlCDrsojtmLgo6riw7YOAKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs7Yyp7IqkIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: bW9iaWxlLO2ctOuMgO2PsCDrsojtmLg=
+attributeDisplayNames:: bWlkZGxlTmFtZSzspJHqsIQg7J2066aE
+attributeDisplayNames:: bWVtYmVyT2Ys7IaM7IaNIOq3uOujuQ==
+attributeDisplayNames:: bWFuYWdlcizqtIDrpqzsnpA=
+attributeDisplayNames:: bWFpbCzsoITsnpAg66mU7J28IOyjvOyGjA==
+attributeDisplayNames:: bCzqtawv6rWwL+yLnA==
+attributeDisplayNames:: aXBQaG9uZSxJUCDsoITtmZQg67KI7Zi4
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs6rWt7KCcIElTRE4g67KI7Zi4KOq4sO2DgCk=
+attributeDisplayNames:: aW5mbyzrqZTrqqg=
+attributeDisplayNames:: aW5pdGlhbHMs7J2064uI7IWcKOykkeqwhCDsnbTrpoQp
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms7KeRIOyjvOyGjA==
+attributeDisplayNames:: aG9tZVBob25lLOynkSDsoITtmZQ=
+attributeDisplayNames:: Z2l2ZW5OYW1lLOydtOumhCjshLEg7JeG7J2MKQ==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizshLjrjIAg7KCR66+47IKs
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLO2MqeyKpCDrsojtmLg=
+attributeDisplayNames:: ZW1wbG95ZWVJRCzsp4Hsm5AgSUQ=
+attributeDisplayNames:: ZGl2aXNpb24s6rWtKOu2gOyEnCk=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDqs6DsnKAg7J2066aE
+attributeDisplayNames:: ZGlzcGxheU5hbWUs7ZGc7IucIOydtOumhA==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzrtoDtlZgg7KeB7JuQ
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: ZGVwYXJ0bWVudCzrtoDshJw=
+attributeDisplayNames:: Y29tcGFueSztmozsgqw=
+attributeDisplayNames:: Y29tbWVudCzso7zshJ0=
+attributeDisplayNames:: Y24s7J2066aE
+attributeDisplayNames:: Y28s6rWt6rCA
+attributeDisplayNames:: Yyzqta3qsIAg7JW97J6Q
+attributeDisplayNames:: YXNzaXN0YW50LOu5hOyEnA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 64+E66mU7J24IOygleyxhQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 66Gc7LusIOygleyxhQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 7ISc67mE7Iqk
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 7Lu07ZOo7YSw
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs7Lu07ZOo7YSwIOydtOumhChXaW5kb3dzIDIwMDAg7J207KCEKQ==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizsmrTsmIEg7LK07KCcIOuyhOyghA==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLOyatOyYgSDssrTsoJw=
+attributeDisplayNames:: bWFuYWdlZEJ5LOq0gOumrA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 7ZSE66aw7YSw
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcizqsJzssrQg67KE7KCE
+attributeDisplayNames:: dXJsLOybuSDtjpjsnbTsp4Ag7KO87IaM
+attributeDisplayNames:: c2VydmVyTmFtZSzshJzrsoQg7J2066aE
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzsiqTthYzsnbTtlIwg7KeA7JuQ
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUs6rO17JygIOydtOumhA==
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSztjpjsnbTsp4Av67aE
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzsho3rj4Qg64uo7JyE
+attributeDisplayNames:: cHJpbnRSYXRlLOyGjeuPhA==
+attributeDisplayNames:: cHJpbnRPd25lcizshozsnKDsnpAg7J2066aE
+attributeDisplayNames:: cHJpbnRNZW1vcnks7ISk7LmY65CcIOuplOuqqOumrA==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzsp4Dsm5DrkJjripQg7Jqp7KeAIOyiheulmA==
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LOyCrOyaqe2VoCDsiJgg7J6I64qUIOyaqeyngA==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLOy1nOuMgCDtlbTsg4Hrj4Q=
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSztlITrprDthLAg7Ja47Ja0
+attributeDisplayNames:: cHJpbnRlck5hbWUs7J2066aE
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQs7JaR66m0IOyduOyHhCDsp4Dsm5A=
+attributeDisplayNames:: cHJpbnRDb2xvcizsu6zrn6wg7J247IeEIOyngOybkA==
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLO2VnCDrtoDslKkg7J247IeEIOyngOybkA==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzsnoXroKUg7Jqp7KeA7ZWo
+attributeDisplayNames:: cG9ydE5hbWUs7Y+s7Yq4
+attributeDisplayNames:: bG9jYXRpb24s7JyE7LmY
+attributeDisplayNames:: ZHJpdmVyTmFtZSzrqqjrjbg=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7KO87ISd
+attributeDisplayNames:: Y29udGFjdE5hbWUs7Jew65297LKY
+attributeDisplayNames:: YXNzZXROdW1iZXIs7J6Q7IKwIOuyiO2YuA==
+attributeDisplayNames:: dU5DTmFtZSzrhKTtirjsm4ztgawg7J2066aE
+attributeDisplayNames:: Y24s65SU66CJ7YSw66asIOyEnOu5hOyKpCDsnbTrpoQ=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 7IKs7J207Yq4
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 7ISc67KE
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 7ISk7KCV
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 64+E66mU7J24IOy7qO2KuOuhpOufrCDshKTsoJU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 7Jew6rKw
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOyEpOyglQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOuzteygnCDshLjtirg=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 7ISc67iM64S3
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 7IKs7J207Yq4IOunge2BrA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 7IKs7J207Yq4IOunge2BrCDruIzrpqzsp4A=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 7IKs7J207Yq4IOqwhCDsoITshqE=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 65287J207IS87IuxIOyCrOydtO2KuCDshKTsoJU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: 7IKs7J207Yq4IOyEpOyglQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOq1rOyEseybkA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOqwgOyeheyekA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOqwgOyehQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 7KGw7KeBIOq1rOyEsSDri6jsnIQ=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LOq0gOumrA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: b3Us7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 7Luo7YWM7J2064SI
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UlBDIOyEnOu5hOyKpA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 7Yq465+s7Iqk7Yq465CcIOuPhOuplOyduA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 6rO17JygIO2PtOuNlA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSzrhKTtirjsm4ztgawg6rK966Gc
+attributeDisplayNames:: a2V5d29yZHMs7YKk7JuM65Oc
+attributeDisplayNames:: bWFuYWdlZEJ5LOq0gOumrA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDrjIDquLDsl7Q=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDqtazshLE=
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUSDsl5TthLDtlITrnbzsnbTspog=
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUSDsl4Xqt7jroIjsnbTrk5ztlZwg7IKs7Jqp7J6Q
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDrnbzsmrDtjIUg66eB7YGs
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDshKTsoJU=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUSDrjIDquLDsl7Qg67OE7Lmt
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSztmJXsi50g7J2066aE
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: TVNNUSDqt7jro7k=
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLOq1rOyEseybkCDrjIDquLDsl7Q=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 7JuQ6rKpIOyggOyepeyGjCDshJzruYTsiqQ=
+adminContextMenu:: MCzqtIDrpqwoJk0pLi4uLFJzQWRtaW4ubXNj
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSzsmrDtjrgg67KI7Zi4LDAsMTAwLDA=
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAg7KCE7J6QIOuplOydvCDso7zshowsMCwxMzAsMA==
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUs7IKs7Jqp7J6QIOuhnOq3uOyYqCDsnbTrpoQsMCwyMDAsMA==
+extraColumns:: dGl0bGUs7KeB7ZWoLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyzrjIDsg4Eg7KO87IaMLDAsMTAwLDA=
+extraColumns:: c3Qs7IucL+uPhCwwLDEwMCww
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs7IKs66y07IukLDAsMTAwLDA=
+extraColumns:: d2hlbkNoYW5nZWQs7IiY7KCV7ZWcIOuCoOynnCwwLDEzMCww
+extraColumns:: c24s7ISxLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkws7J247Iqk7YS07Yq4IOuplOyLnOynlSBVUkwsMCwxNDAsMA==
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCzsnbjsiqTthLTtirgg66mU7Iuc7KeVIO2ZiCDshJzrsoQsMCwxNzAsMA==
+extraColumns:: Z2l2ZW5OYW1lLOydtOumhCjshLEg7JeG7J2MKSwwLDEwMCww
+extraColumns:: aG9tZU1EQixFeGNoYW5nZSDsgqzshJztlagg7KCA7J6l7IaMLDAsMTAwLDA=
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlIOuzhOy5rSwwLDE3NSww
+extraColumns:: bWFpbCzsoITsnpAg66mU7J28IOyjvOyGjCwwLDEwMCww
+extraColumns:: c0FNQWNjb3VudE5hbWUsV2luZG93cyAyMDAwIOydtOyghCDrsoTsoIQg66Gc6re47JioIOydtOumhCwwLDEyMCww
+extraColumns:: ZGlzcGxheU5hbWUs7ZGc7IucIOydtOumhCwwLDEwMCww
+extraColumns:: ZGVwYXJ0bWVudCzrtoDshJwsMCwxNTAsMA==
+extraColumns:: Yyzqta3qsIAsMCwtMSww
+extraColumns:: Y29tcGFueSztmozsgqwsMCwxNTAsMA==
+extraColumns:: bCzqtawv6rWwL+yLnCwwLDE1MCww
+extraColumns:: dGVsZXBob25lTnVtYmVyLO2ajOyCrCDsoITtmZQsMCwxMDAsMA==
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 7IKs7J207Yq4IOy7qO2FjOydtOuEiA==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 7IKs7J207Yq4IOqwhCDsoITshqEg7Luo7YWM7J2064SI
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 7ISc67iM64S3IOy7qO2FjOydtOuEiA==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 7ISc67KEIOy7qO2FjOydtOuEiA==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeSDshJzruYTsiqQ=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 7L+866asIOygleyxhQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 7Jm467aAIOuztOyViCDsoJXssYU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: 7J247Kad7IScIO2FnO2UjOumvw==
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LOuniOyngOunieycvOuhnCDslYzroKTsp4Qg67aA66qoLDEsMzAwLDA=
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LOu5hOyEnA==
+attributeDisplayNames:: Y24s7J2066aE
+attributeDisplayNames:: Yyzqta3qsIAg7JW97J6Q
+attributeDisplayNames:: Y28s6rWt6rCA
+attributeDisplayNames:: Y29tbWVudCzso7zshJ0=
+attributeDisplayNames:: Y29tcGFueSztmozsgqw=
+attributeDisplayNames:: ZGVwYXJ0bWVudCzrtoDshJw=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzrtoDtlZgg7KeB7JuQ
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDqs6DsnKAg7J2066aE
+attributeDisplayNames:: ZGl2aXNpb24s6rWtKOu2gOyEnCk=
+attributeDisplayNames:: ZW1wbG95ZWVJRCzsp4Hsm5AgSUQ=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLO2MqeyKpCDrsojtmLg=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizshLjrjIAg7KCR66+47IKs
+attributeDisplayNames:: Z2l2ZW5OYW1lLOydtOumhCjshLEg7JeG7J2MKQ==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSztmYgg7Y+0642U
+attributeDisplayNames:: aG9tZURyaXZlLO2ZiCDrk5zrnbzsnbTruIw=
+attributeDisplayNames:: aG9tZVBob25lLOynkSDsoITtmZQ=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms7KeRIOyjvOyGjA==
+attributeDisplayNames:: aW5pdGlhbHMs7J2064uI7IWcKOykkeqwhCDsnbTrpoQp
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs6rWt7KCcIElTRE4g67KI7Zi4KOq4sO2DgCk=
+attributeDisplayNames:: aXBQaG9uZSxJUCDsoITtmZQg67KI7Zi4
+attributeDisplayNames:: bCzqtawv6rWwL+yLnA==
+attributeDisplayNames:: bWFpbCzsoITsnpAg66mU7J28IOyjvOyGjA==
+attributeDisplayNames:: bWFuYWdlcizqtIDrpqzsnpA=
+attributeDisplayNames:: bWVtYmVyT2Ys7IaM7IaNIOq3uOujuQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSzspJHqsIQg7J2066aE
+attributeDisplayNames:: bW9iaWxlLO2ctOuMgO2PsCDrsojtmLg=
+attributeDisplayNames:: aW5mbyzrqZTrqqg=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs7Yyp7IqkIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs7KeRIOyghO2ZlCDrsojtmLgo6riw7YOAKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOyghO2ZlCDrsojtmLgo6riw7YOAKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOyghOyekCDrqZTsnbwg7KO87IaMKOq4sO2DgCk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs7Zy064yA7Y+wIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: b3RoZXJQYWdlciztmLjstpzquLAg67KI7Zi4KOq4sO2DgCk=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs7KCE7ZmUIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: cGFnZXIs7Zi47Lac6riwIOuyiO2YuA==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSztmLjsua0=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs7IKs66y07IukIOychOy5mA==
+attributeDisplayNames:: cG9zdGFsQ29kZSzsmrDtjrgg67KI7Zi4
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzsgqzshJztlag=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOq1reygnCBJU0ROIOuyiO2YuA==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLO2FlOugieyKpCDrsojtmLg=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs66Gc6re47JioIOydtOumhChXaW5kb3dzIDIwMDAg7J207KCEKQ==
+attributeDisplayNames:: c24s7ISx
+attributeDisplayNames:: c3Qs7IucL+uPhA==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzso7zshow=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOyghO2ZlCDrsojtmLg=
+attributeDisplayNames:: dGVsZXhOdW1iZXIs7YWU66CJ7IqkIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: dGl0bGUs7KeB7ZWo
+attributeDisplayNames:: dXJsLOybuSDtjpjsnbTsp4Ag7KO87IaMKOq4sO2DgCk=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs7ZGc7IucIOydtOumhA==
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzroZzqt7jsmKgg7JuM7YGs7Iqk7YWM7J207IWY
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs66Gc6re47JioIOydtOumhA==
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us7Ju5IO2OmOydtOyngCDso7zshow=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Gruppen IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: Tjenesten IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Bruger
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBww6Ugd2Vic3RlZA==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTG9nb25uYXZu
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxMb2cgcMOlIGFyYmVqZHNzdGF0aW9uZXI=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzdCBuYXZu
+attributeDisplayNames:: dXJsLEFkcmVzc2UgcMOlIHdlYnNpZGUgKGFuZHJlKQ==
+attributeDisplayNames:: dGl0bGUsU3RpbGxpbmc=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc3Nl
+attributeDisplayNames:: c3QsT21yw6VkZS9yZWdpb24=
+attributeDisplayNames:: c24sRWZ0ZXJuYXZu
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTG9nb25uYXZuIChmw7hyIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4bnVtbWVy
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGVybmF0aW9uYWx0IElTRE4tbnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0Ym9rcw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9yYWRyZXNzZQ==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRlbA==
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O4Z2VybnVtbWVy
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbiwgYXJiZWpkZSAoYW5kcmUp
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7hnZXJudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtbWFpbC1hZHJlc3NlIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgcHJpdmF0IChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: aW5mbyxOb3Rlcg==
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsZW1uYXZu
+attributeDisplayNames:: bWVtYmVyT2YsTWVkbGVtIGFm
+attributeDisplayNames:: bWFuYWdlcixPdmVyb3JkbmV0
+attributeDisplayNames:: bWFpbCxFLW1haWwtYWRyZXNzZQ==
+attributeDisplayNames:: bCxCeQ==
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50ZXJuYXRpb25hbHQgSVNETi1udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzZSAocHJpdmF0KQ==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gKHByaXZhdCk=
+attributeDisplayNames:: aG9tZURyaXZlLEhqZW1tZWRyZXY=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxIamVtbWVtYXBwZQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEZvcm5hdm4=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYXZuZXN1ZmZpa3MgKGYuZWtzLiBTci4sIEpyLiwgSUlJKQ==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnNhdHRlcyBJRC1udW1tZXI=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb24=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCBrZW5kZW5hdm4=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEaXJla3RlIHVuZGVyb3JkbmVkZQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBZmRlbGluZw==
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kZWZvcmtvcnRlbHNl
+attributeDisplayNames:: Y24sTmF2bg==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Gruppe
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBww6Ugd2Vic3RlZA==
+attributeDisplayNames:: dXJsLEFkcmVzc2UgcMOlIHdlYnNpZGUgKGFuZHJlKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsR3J1cHBlbmF2biAoZsO4ciBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9yYWRyZXNzZQ==
+attributeDisplayNames:: aW5mbyxOb3Rlcg==
+attributeDisplayNames:: bWVtYmVyLE1lZGxlbW1lcg==
+attributeDisplayNames:: bWFuYWdlZEJ5LEFkbWluaXN0cmVyZXQgYWY=
+attributeDisplayNames:: bCxCeQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCBrZW5kZW5hdm4=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: YyxMYW5kZWZvcmtvcnRlbHNl
+attributeDisplayNames:: Y24sTmF2bg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9tw6ZuZQ==
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: dc,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Kontaktperson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBww6Ugd2Vic3RlZA==
+attributeDisplayNames:: dXJsLEFkcmVzc2UgcMOlIHdlYnNpZGUgKGFuZHJlKQ==
+attributeDisplayNames:: dGl0bGUsU3RpbGxpbmc=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc3Nl
+attributeDisplayNames:: c3QsT21yw6VkZS9yZWdpb24=
+attributeDisplayNames:: c24sRWZ0ZXJuYXZu
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4bnVtbWVy
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGVybmF0aW9uYWx0IElTRE4tbnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0Ym9rcw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9yYWRyZXNzZQ==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRlbA==
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O4Z2VybnVtbWVy
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbiwgYXJiZWpkZSAoYW5kcmUp
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7hnZXJudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtbWFpbC1hZHJlc3NlIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgcHJpdmF0IChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsZW1uYXZu
+attributeDisplayNames:: bWVtYmVyT2YsTWVkbGVtIGFm
+attributeDisplayNames:: bWFuYWdlcixPdmVyb3JkbmV0
+attributeDisplayNames:: bWFpbCxFLW1haWwtYWRyZXNzZQ==
+attributeDisplayNames:: bCxCeQ==
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50ZXJuYXRpb25hbHQgSVNETi1udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: aW5mbyxOb3Rlcg==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzZSAocHJpdmF0KQ==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gKHByaXZhdCk=
+attributeDisplayNames:: Z2l2ZW5OYW1lLEZvcm5hdm4=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYXZuZXN1ZmZpa3MgKGYuZWtzLiBTci4sIEpyLiwgSUlJKQ==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnNhdHRlcyBJRC1udW1tZXI=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb24=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCBrZW5kZW5hdm4=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzdCBuYXZu
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEaXJla3RlIHVuZGVyb3JkbmVkZQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBZmRlbGluZw==
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y24sTmF2bg==
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kZWZvcmtvcnRlbHNl
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9tw6ZuZXBvbGl0aWs=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Lokal politik
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Tjeneste
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Computer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsQ29tcHV0ZXJuYXZuIChmw7hyIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixPcGVyYXRpdnN5c3RlbSAtIHZlcnNpb24=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLE9wZXJhdGl2c3lzdGVt
+attributeDisplayNames:: bWFuYWdlZEJ5LEFkbWluaXN0cmVyZXQgYWY=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: Y24sTmF2bg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Printer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixPYmpla3R2ZXJzaW9u
+attributeDisplayNames:: dXJsLEFkcmVzc2UgcMOlIHdlYnN0ZWQ=
+attributeDisplayNames:: c2VydmVyTmFtZSxTZXJ2ZXJuYXZu
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxVbmRlcnN0w7h0dGVyIGjDpmZ0bmluZw==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsU2hhcmVuYXZu
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxTaWRlciBwci4gbWludXQ=
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxIYXN0aWdoZWRzZW5oZWRlcg==
+attributeDisplayNames:: cHJpbnRSYXRlLEhhc3RpZ2hlZA==
+attributeDisplayNames:: cHJpbnRPd25lcixOYXZuIHDDpSBlamVy
+attributeDisplayNames:: cHJpbnRNZW1vcnksSW5zdGFsbGVyZXQgaHVrb21tZWxzZQ==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxVbmRlcnN0w7h0dGVkZSBwYXBpcnR5cGVy
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFRpbGfDpm5nZWxpZ2UgcGFwaXJ0eXBlcg==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLE1ha3NpbXVtb3Bsw7hzbmluZw==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxQcmludGVyc3Byb2c=
+attributeDisplayNames:: cHJpbnRlck5hbWUsTmF2bg==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsVW5kZXJzdMO4dHRlciBkb2JiZWx0c2lkZXQgdWRza3Jpdm5pbmc=
+attributeDisplayNames:: cHJpbnRDb2xvcixVbmRlcnN0w7h0dGVyIGZhcnZldWRza3Jpdm5pbmc=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFVuZGVyc3TDuHR0ZXIgc8OmdHZpcyBzb3J0ZXJpbmc=
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxQcmludGVyYmFra2Vy
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydA==
+attributeDisplayNames:: bG9jYXRpb24sUGxhY2VyaW5n
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS29tbWVudGFy
+attributeDisplayNames:: Y29udGFjdE5hbWUsS29udGFrdHBlcnNvbg==
+attributeDisplayNames:: YXNzZXROdW1iZXIsVWRzdHlyc251bW1lcg==
+attributeDisplayNames:: dU5DTmFtZSxOZXR2w6Zya3NuYXZu
+attributeDisplayNames:: Y24sTmF2biBww6Uga2F0YWxvZ3RqZW5lc3Rl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Websted
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Indstillinger
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: SW5kc3RpbGxpbmdlciBmb3IgZG9tw6ZuZWNvbnRyb2xsZXI=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Forbindelse
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Indstillinger for FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: UmVwbGlrZXJpbmdzc8OmdCBmb3IgRlJT
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Undernet
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: TGluayB0aWwgb21yw6VkZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: TGlua2JybyB0aWwgb21yw6VkZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: VHJhbnNwb3J0IGluZGVuZm9yIG9tcsOlZGU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: TGljZW5zaW5kc3RpbGxpbmdlciBmb3Igb21yw6VkZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: SW5kc3RpbGxpbmdlciBmb3Igb21yw6VkZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-medlem
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-abonnent
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-abonnementer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Organisationsenhed
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: managedBy,Administreret af
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: ou,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Objektbeholder
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: RPC-tjenester
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RG9tw6ZuZSwgZGVyIG55ZGVyIHRpbGxpZA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Delt mappe
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxOZXR2w6Zya3NzdGk=
+attributeDisplayNames:: a2V5d29yZHMsTsO4Z2xlb3Jk
+attributeDisplayNames:: bWFuYWdlZEJ5LEFkbWluaXN0cmVyZXQgYWY=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: Y24sTmF2bg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUS1rw7g=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-konfiguration
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUS1uZXR2w6Zyaw==
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName: MSMQ-opgraderet bruger
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-routing-link
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName: Indstillinger for MSMQ
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUS1rw7gtYWxpYXM=
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Formatnavn
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: MSMQ-gruppe
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLE1lZGxlbXNrw7hlcg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: Y24sTmF2bg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Tjenesten Storage Service
+adminContextMenu: 0,&Administrer...,RsAdmin.msc
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSxQb3N0bnVtbWVyLDAsMTAwLDA=
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAtZS1tYWlsLWFkcmVzc2UsMCwxMzAsMA==
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsTG9nb25uYXZuIGZvciBicnVnZXIsMCwyMDAsMA==
+extraColumns:: dGl0bGUsU3RpbGxpbmcsMCwxMDAsMA==
+extraColumns:: dGFyZ2V0QWRkcmVzcyxEZXN0aW5hdGlvbnNhZHJlc3NlLDAsMTAwLDA=
+extraColumns:: c3QsU3RhdCwwLDEwMCww
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9yLDAsMTAwLDA=
+extraColumns:: d2hlbkNoYW5nZWQsw4ZuZHJldCwwLDEzMCww
+extraColumns:: c24sRWZ0ZXJuYXZuLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMLWFkcmVzc2UgdGlsIG9ubGluZW1lZGRlbGVsc2VyLDAsMTQwLDA=
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxIamVtbWVzZXJ2ZXIgdGlsIG9ubGluZW1lZGRlbGVsc2VyLDAsMTcwLDA=
+extraColumns:: Z2l2ZW5OYW1lLEZvcm5hdm4sMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixFeGNoYW5nZS1wb3N0a2Fzc2VsYWdlciwwLDEwMCww
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlLWFsaWFzLDAsMTc1LDA=
+extraColumns:: bWFpbCxFLW1haWwtYWRyZXNzZSwwLDEwMCww
+extraColumns:: c0FNQWNjb3VudE5hbWUsTG9nb25uYXZuIChmw7hyIFdpbmRvd3MgMjAwMCksMCwxMjAsMA==
+extraColumns:: ZGlzcGxheU5hbWUsVmlzdCBuYXZuLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCxBZmRlbGluZywwLDE1MCww
+extraColumns:: YyxMYW5kLDAsLTEsMA==
+extraColumns:: Y29tcGFueSxGaXJtYSwwLDE1MCww
+extraColumns:: bCxCeSwwLDE1MCww
+extraColumns:: dGVsZXBob25lTnVtYmVyLFRlbGVmb24gKGFyYmVqZGUpLDAsMTAwLDA=
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVob2xkZXIgZm9yIG9tcsOlZGU=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVob2xkZXIgZm9yIHRyYW5zcG9ydCBpbmRlbmZvciBvbXLDpWRl
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Undernetbeholder
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Serverbeholder
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Tjenesten Active Directory
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: Rm9yZXNww7hyZ3NlbHNwb2xpdGlr
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: RWtzdGVybiBkb23Dpm5la29udG8sIGRlciBueWRlciB0aWxsaWQ=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Certifikatskabelon
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns: lastKnownParent,Senest kendte overordnede,1,300,0
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+attributeDisplayNames:: Y24sTmF2bg==
+attributeDisplayNames:: YyxMYW5kZWZvcmtvcnRlbHNl
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBZmRlbGluZw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEaXJla3RlIHVuZGVyb3JkbmVkZQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCBrZW5kZW5hdm4=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb24=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnNhdHRlcyBJRC1udW1tZXI=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYXZuZXN1ZmZpa3MgKGYuZWtzLiBTci4sIEpyLiwgSUlJKQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEZvcm5hdm4=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxIamVtbWVtYXBwZQ==
+attributeDisplayNames:: aG9tZURyaXZlLEhqZW1tZWRyZXY=
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gKHByaXZhdCk=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzZSAocHJpdmF0KQ==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50ZXJuYXRpb25hbHQgSVNETi1udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: bCxCeQ==
+attributeDisplayNames:: bWFpbCxFLW1haWwtYWRyZXNzZQ==
+attributeDisplayNames:: bWFuYWdlcixPdmVyb3JkbmV0
+attributeDisplayNames:: bWVtYmVyT2YsTWVkbGVtIGFm
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsZW1uYXZu
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: aW5mbyxOb3Rlcg==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgcHJpdmF0IChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtbWFpbC1hZHJlc3NlIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7hnZXJudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbiwgYXJiZWpkZSAoYW5kcmUp
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O4Z2VybnVtbWVy
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRlbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9yYWRyZXNzZQ==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0Ym9rcw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGVybmF0aW9uYWx0IElTRE4tbnVtbWVy
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4bnVtbWVy
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTG9nb25uYXZuIChmw7hyIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: c24sRWZ0ZXJuYXZu
+attributeDisplayNames:: c3QsT21yw6VkZS9yZWdpb24=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc3Nl
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: dGl0bGUsU3RpbGxpbmc=
+attributeDisplayNames:: dXJsLEFkcmVzc2UgcMOlIHdlYnNpZGUgKGFuZHJlKQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzdCBuYXZu
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxMb2cgcMOlIGFyYmVqZHNzdGF0aW9uZXI=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTG9nb25uYXZu
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBww6Ugd2Vic3RlZA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: 0JPRgNGD0L/Qv9CwIEludGVsbGlNaXJyb3I=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: 0KHQu9GD0LbQsdCwIEludGVsbGlNaXJyb3I=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0J/QvtC70YzQt9C+0LLQsNGC0LXQu9GM
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us0JDQtNGA0LXRgSDRgdGC0YDQsNC90LjRhtGLINCyINCY0L3RgtC10YDQvdC10YLQtQ==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs0JjQvNGPINC00LvRjyDQstGF0L7QtNCw
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzQoNCw0LHQvtGH0LjQtSDRgdGC0LDQvdGG0LjQuCDQtNC70Y8g0LLRhdC+0LTQsCDQsiDRgdC40YHRgtC10LzRgw==
+attributeDisplayNames:: ZGlzcGxheU5hbWUs0JLRi9Cy0L7QtNC40LzQvtC1INC40LzRjw==
+attributeDisplayNames:: dXJsLNCQ0LTRgNC10YEg0YHRgtGA0LDQvdC40YbRiyDQsiDQmNC90YLQtdGA0L3QtdGC0LUgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: dGl0bGUs0JTQvtC70LbQvdC+0YHRgtGM
+attributeDisplayNames:: dGVsZXhOdW1iZXIs0J3QvtC80LXRgCDRgtC10LvQtdC60YHQsCAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNCd0L7QvNC10YAg0YLQtdC70LXRhNC+0L3QsA==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzQkNC00YDQtdGBLCDRg9C70LjRhtCw
+attributeDisplayNames:: c3Qs0J7QsdC70LDRgdGC0Yw=
+attributeDisplayNames:: c24s0KTQsNC80LjQu9C40Y8=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs0JjQvNGPINCy0YXQvtC00LAgKNC/0YDQtdC0LVdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNCd0L7QvNC10YAg0YLQtdC70LXQutGB0LA=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNCc0LXQttC00YPQvdCw0YDQvtC00L3Ri9C5INC90L7QvNC10YAgSVNETg==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzQn9C+0YfRgtC+0LLRi9C5INGP0YnQuNC6
+attributeDisplayNames:: cG9zdGFsQ29kZSzQn9C+0YfRgtC+0LLRi9C5INC40L3QtNC10LrRgQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs0JrQvtC80L3QsNGC0LA=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzQotC40YLRg9C7LCDQt9Cy0LDQvdC40LU=
+attributeDisplayNames:: cGFnZXIs0J3QvtC80LXRgCDQv9C10LnQtNC20LXRgNCw
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs0J3QvtC80LXRgCDRgtC10LvQtdGE0L7QvdCwICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: b3RoZXJQYWdlcizQndC+0LzQtdGAINC/0LXQudC00LbQtdGA0LAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs0J3QvtC80LXRgCDRgdC+0YLQvtCy0L7Qs9C+INGC0LXQu9C10YTQvtC90LAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNCt0LvQtdC60YLRgNC+0L3QvdCw0Y8g0L/QvtGH0YLQsCAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLNCi0LXQu9C10YTQvtC90L3Ri9C5INC90L7QvNC10YAgSVAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs0JTQvtC80LDRiNC90LjQuSDRgtC10LvQtdGE0L7QvSAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs0J3QvtC80LXRgCDRhNCw0LrRgdCwICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: aW5mbyzQn9GA0LjQvNC10YfQsNC90LjRjw==
+attributeDisplayNames:: bW9iaWxlLNCd0L7QvNC10YAg0YHQvtGC0L7QstC+0LPQviDRgtC10LvQtdGE0L7QvdCw
+attributeDisplayNames:: bWlkZGxlTmFtZSzQodGA0LXQtNC90Y/RjyDRh9Cw0YHRgtGMINC40LzQtdC90LgsINC+0YLRh9C10YHRgtCy0L4=
+attributeDisplayNames:: bWVtYmVyT2Ys0KfQu9C10L0g0LPRgNGD0L/Qv9GL
+attributeDisplayNames:: bWFuYWdlcizQoNGD0LrQvtCy0L7QtNC40YLQtdC70Yw=
+attributeDisplayNames:: bWFpbCzQrdC70LXQutGC0YDQvtC90L3QsNGPINC/0L7Rh9GC0LA=
+attributeDisplayNames:: bCzQk9C+0YDQvtC0
+attributeDisplayNames:: aXBQaG9uZSzQotC10LvQtdGE0L7QvdC90YvQuSDQvdC+0LzQtdGAIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs0JzQtdC20LTRg9C90LDRgNC+0LTQvdGL0Lkg0L3QvtC80LXRgCBJU0ROICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: aW5pdGlhbHMs0JjQvdC40YbQuNCw0LvRiw==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms0JTQvtC80LDRiNC90LjQuSDQsNC00YDQtdGB
+attributeDisplayNames:: aG9tZVBob25lLNCU0L7QvNCw0YjQvdC40Lkg0YLQtdC70LXRhNC+0L0=
+attributeDisplayNames:: aG9tZURyaXZlLNCU0LjRgdC6INC00L7QvNCw0YjQvdC10Lkg0L/QsNC/0LrQuA==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzQlNC+0LzQsNGI0L3Rj9GPINC/0LDQv9C60LA=
+attributeDisplayNames:: Z2l2ZW5OYW1lLNCY0LzRjw==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizQodGD0YTRhNC40LrRgSDQv9C+0LrQvtC70LXQvdC40Y8=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNCd0L7QvNC10YAg0YTQsNC60YHQsA==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzQmtC+0LQg0YHQvtGC0YDRg9C00L3QuNC60LA=
+attributeDisplayNames:: ZGl2aXNpb24s0J7RgtC00LXQuw==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDRgNCw0LfQu9C40YfQsNGO0YnQtdC10YHRjyDQuNC80Y8=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzQn9GA0Y/QvNGL0LUg0L/QvtC00YfQuNC90LXQvdC90YvQtQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCzQntGC0LTQtdC7
+attributeDisplayNames:: Y29tcGFueSzQntGA0LPQsNC90LjQt9Cw0YbQuNGP
+attributeDisplayNames:: Y29tbWVudCzQmtC+0LzQvNC10L3RgtCw0YDQuNC5
+attributeDisplayNames:: Y28s0KHRgtGA0LDQvdCw
+attributeDisplayNames:: YyzQodC+0LrRgNCw0YnQtdC90L3QvtC1INC+0LHQvtC30L3QsNGH0LXQvdC40LUg0YHRgtGA0LDQvdGL
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+attributeDisplayNames:: YXNzaXN0YW50LNCf0L7QvNC+0YnQvdC40Lo=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0JPRgNGD0L/Qv9Cw
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us0JDQtNGA0LXRgSDRgdGC0YDQsNC90LjRhtGLINCyINCY0L3RgtC10YDQvdC10YLQtQ==
+attributeDisplayNames:: dXJsLNCQ0LTRgNC10YEg0YHRgtGA0LDQvdC40YbRiyDQsiDQmNC90YLQtdGA0L3QtdGC0LUgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs0JjQvNGPINCz0YDRg9C/0L/RiyAo0L/RgNC10LQtV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs0JrQvtC80L3QsNGC0LA=
+attributeDisplayNames:: aW5mbyzQn9GA0LjQvNC10YfQsNC90LjRjw==
+attributeDisplayNames:: bWVtYmVyLNCn0LvQtdC90Ysg0LPRgNGD0L/Qv9GL
+attributeDisplayNames:: bWFuYWdlZEJ5LNCj0L/RgNCw0LLQu9GP0LXRgtGB0Y8=
+attributeDisplayNames:: bCzQk9C+0YDQvtC0
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDRgNCw0LfQu9C40YfQsNGO0YnQtdC10YHRjyDQuNC80Y8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: YyzQodC+0LrRgNCw0YnQtdC90L3QvtC1INC+0LHQvtC30L3QsNGH0LXQvdC40LUg0YHRgtGA0LDQvdGL
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0JTQvtC80LXQvQ==
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: ZGMs0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0JrQvtC90YLQsNC60YI=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us0JDQtNGA0LXRgSDRgdGC0YDQsNC90LjRhtGLINCyINCY0L3RgtC10YDQvdC10YLQtQ==
+attributeDisplayNames:: dXJsLNCQ0LTRgNC10YEg0YHRgtGA0LDQvdC40YbRiyDQsiDQmNC90YLQtdGA0L3QtdGC0LUgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: dGl0bGUs0JTQvtC70LbQvdC+0YHRgtGM
+attributeDisplayNames:: dGVsZXhOdW1iZXIs0J3QvtC80LXRgCDRgtC10LvQtdC60YHQsCAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNCd0L7QvNC10YAg0YLQtdC70LXRhNC+0L3QsA==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzQkNC00YDQtdGBLCDRg9C70LjRhtCw
+attributeDisplayNames:: c3Qs0J7QsdC70LDRgdGC0Yw=
+attributeDisplayNames:: c24s0KTQsNC80LjQu9C40Y8=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNCd0L7QvNC10YAg0YLQtdC70LXQutGB0LA=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNCc0LXQttC00YPQvdCw0YDQvtC00L3Ri9C5INC90L7QvNC10YAgSVNETg==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzQn9C+0YfRgtC+0LLRi9C5INGP0YnQuNC6
+attributeDisplayNames:: cG9zdGFsQ29kZSzQn9C+0YfRgtC+0LLRi9C5INC40L3QtNC10LrRgQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs0JrQvtC80L3QsNGC0LA=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzQotC40YLRg9C7LCDQt9Cy0LDQvdC40LU=
+attributeDisplayNames:: cGFnZXIs0J3QvtC80LXRgCDQv9C10LnQtNC20LXRgNCw
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs0J3QvtC80LXRgCDRgtC10LvQtdGE0L7QvdCwICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: b3RoZXJQYWdlcizQndC+0LzQtdGAINC/0LXQudC00LbQtdGA0LAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs0J3QvtC80LXRgCDRgdC+0YLQvtCy0L7Qs9C+INGC0LXQu9C10YTQvtC90LAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNCt0LvQtdC60YLRgNC+0L3QvdCw0Y8g0L/QvtGH0YLQsCAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLNCi0LXQu9C10YTQvtC90L3Ri9C5INC90L7QvNC10YAgSVAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs0JTQvtC80LDRiNC90LjQuSDRgtC10LvQtdGE0L7QvSAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs0J3QvtC80LXRgCDRhNCw0LrRgdCwICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: bW9iaWxlLNCd0L7QvNC10YAg0YHQvtGC0L7QstC+0LPQviDRgtC10LvQtdGE0L7QvdCw
+attributeDisplayNames:: bWlkZGxlTmFtZSzQodGA0LXQtNC90Y/RjyDRh9Cw0YHRgtGMINC40LzQtdC90LgsINC+0YLRh9C10YHRgtCy0L4=
+attributeDisplayNames:: bWVtYmVyT2Ys0KfQu9C10L0g0LPRgNGD0L/Qv9GL
+attributeDisplayNames:: bWFuYWdlcizQoNGD0LrQvtCy0L7QtNC40YLQtdC70Yw=
+attributeDisplayNames:: bWFpbCzQrdC70LXQutGC0YDQvtC90L3QsNGPINC/0L7Rh9GC0LA=
+attributeDisplayNames:: bCzQk9C+0YDQvtC0
+attributeDisplayNames:: aXBQaG9uZSzQotC10LvQtdGE0L7QvdC90YvQuSDQvdC+0LzQtdGAIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs0JzQtdC20LTRg9C90LDRgNC+0LTQvdGL0Lkg0L3QvtC80LXRgCBJU0ROICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: aW5mbyzQn9GA0LjQvNC10YfQsNC90LjRjw==
+attributeDisplayNames:: aW5pdGlhbHMs0JjQvdC40YbQuNCw0LvRiw==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms0JTQvtC80LDRiNC90LjQuSDQsNC00YDQtdGB
+attributeDisplayNames:: aG9tZVBob25lLNCU0L7QvNCw0YjQvdC40Lkg0YLQtdC70LXRhNC+0L0=
+attributeDisplayNames:: Z2l2ZW5OYW1lLNCY0LzRjw==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizQodGD0YTRhNC40LrRgSDQv9C+0LrQvtC70LXQvdC40Y8=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNCd0L7QvNC10YAg0YTQsNC60YHQsA==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzQmtC+0LQg0YHQvtGC0YDRg9C00L3QuNC60LA=
+attributeDisplayNames:: ZGl2aXNpb24s0J7RgtC00LXQuw==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDRgNCw0LfQu9C40YfQsNGO0YnQtdC10YHRjyDQuNC80Y8=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs0JLRi9Cy0L7QtNC40LzQvtC1INC40LzRjw==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzQn9GA0Y/QvNGL0LUg0L/QvtC00YfQuNC90LXQvdC90YvQtQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCzQntGC0LTQtdC7
+attributeDisplayNames:: Y29tcGFueSzQntGA0LPQsNC90LjQt9Cw0YbQuNGP
+attributeDisplayNames:: Y29tbWVudCzQmtC+0LzQvNC10L3RgtCw0YDQuNC5
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+attributeDisplayNames:: Y28s0KHRgtGA0LDQvdCw
+attributeDisplayNames:: YyzQodC+0LrRgNCw0YnQtdC90L3QvtC1INC+0LHQvtC30L3QsNGH0LXQvdC40LUg0YHRgtGA0LDQvdGL
+attributeDisplayNames:: YXNzaXN0YW50LNCf0L7QvNC+0YnQvdC40Lo=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0J/QvtC70LjRgtC40LrQsCDQtNC+0LzQtdC90LA=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0JvQvtC60LDQu9GM0L3QsNGPINC/0L7Qu9C40YLQuNC60LA=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0KHQu9GD0LbQsdCw
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0JrQvtC80L/RjNGO0YLQtdGA
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs0JjQvNGPINC60L7QvNC/0YzRjtGC0LXRgNCwICjQv9GA0LXQtC1XaW5kb3dzIDIwMDAp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizQktC10YDRgdC40Y8g0L7Qv9C10YDQsNGG0LjQvtC90L3QvtC5INGB0LjRgdGC0LXQvNGL
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLNCe0L/QtdGA0LDRhtC40L7QvdC90LDRjyDRgdC40YHRgtC10LzQsA==
+attributeDisplayNames:: bWFuYWdlZEJ5LNCj0L/RgNCw0LLQu9GP0LXRgtGB0Y8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0J/RgNC40L3RgtC10YA=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcizQktC10YDRgdC40Y8g0L7QsdGK0LXQutGC0LA=
+attributeDisplayNames:: dXJsLNCQ0LTRgNC10YEg0YHRgtGA0LDQvdC40YbRiyDQsiDQmNC90YLQtdGA0L3QtdGC0LU=
+attributeDisplayNames:: c2VydmVyTmFtZSzQmNC80Y8g0YHQtdGA0LLQtdGA0LA=
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzQn9C+0LTQtNC10YDQttC60LAg0YHRiNC40LLQsNC90LjRjw==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUs0JjQvNGPINC+0LHRidC10LPQviDRgNC10YHRg9GA0YHQsA==
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzQodGC0YDQsNC90LjRhiDQsiDQvNC40L3Rg9GC0YM=
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzQldC00LjQvdC40YbRiyDRgdC60L7RgNC+0YHRgtC4
+attributeDisplayNames:: cHJpbnRSYXRlLNCh0LrQvtGA0L7RgdGC0Yw=
+attributeDisplayNames:: cHJpbnRPd25lcizQmNC80Y8g0LLQu9Cw0LTQtdC70YzRhtCw
+attributeDisplayNames:: cHJpbnRNZW1vcnks0KPRgdGC0LDQvdC+0LLQu9C10L3QvdCw0Y8g0L/QsNC80Y/RgtGM
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzQn9C+0LTQtNC10YDQttC40LLQsNC10LzRi9C1INCy0LjQtNGLINCx0YPQvNCw0LPQuA==
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LNCY0YHQv9C+0LvRjNC30YPQtdC80LDRjyDQsdGD0LzQsNCz0LA=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLNCc0LDQutGB0LjQvNCw0LvRjNC90L7QtSDRgNCw0LfRgNC10YjQtdC90LjQtQ==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSzQo9C/0YDQsNCy0LvRj9GO0YnQuNC5INGP0LfRi9C6INC/0YDQuNC90YLQtdGA0LA=
+attributeDisplayNames:: cHJpbnRlck5hbWUs0J/QvtC70L3QvtC1INC40LzRjw==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQs0J/QvtC00LTQtdGA0LbQutCwINC00LLRg9GB0YLQvtGA0L7QvdC90LXQuSDQv9C10YfQsNGC0Lg=
+attributeDisplayNames:: cHJpbnRDb2xvcizQn9C+0LTQtNC10YDQttC60LAg0YbQstC10YLQvdC+0Lkg0L/QtdGH0LDRgtC4
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLNCf0L7QtNC00LXRgNC20LrQsCDRgNCw0LfQsdC+0YDQsCDQv9C+INC60L7Qv9C40Y/QvA==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzQn9C+0LTQsNGO0YnQuNC1INC70L7RgtC60Lg=
+attributeDisplayNames:: cG9ydE5hbWUs0J/QvtGA0YI=
+attributeDisplayNames:: bG9jYXRpb24s0KDQsNGB0L/QvtC70L7QttC10L3QuNC1
+attributeDisplayNames:: ZHJpdmVyTmFtZSzQnNC+0LTQtdC70Yw=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0JrQvtC80LzQtdC90YLQsNGA0LjQuQ==
+attributeDisplayNames:: Y29udGFjdE5hbWUs0JrQvtC90YLQsNC60YI=
+attributeDisplayNames:: YXNzZXROdW1iZXIs0JDRgNGC0LjQutGD0Ls=
+attributeDisplayNames:: dU5DTmFtZSzQodC10YLQtdCy0L7QtSDQuNC80Y8=
+attributeDisplayNames:: Y24s0JjQvNGPINGB0LvRg9C20LHRiyDQutCw0YLQsNC70L7Qs9C+0LI=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 0KHQsNC50YI=
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 0KHQtdGA0LLQtdGA
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 0J/QsNGA0LDQvNC10YLRgNGL
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 0J/QsNGA0LDQvNC10YLRgNGLINC60L7QvdGC0YDQvtC70LvQtdGA0LAg0LTQvtC80LXQvdCw
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 0J/QvtC00LrQu9GO0YfQtdC90LjQtQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 0J/QsNGA0LDQvNC10YLRgNGLIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 0J3QsNCx0L7RgCDRgNC10L/Qu9C40LrQsNGG0LjQuCBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 0J/QvtC00YHQtdGC0Yw=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 0KHQstGP0LfRjCDRgdCw0LnRgtC+0LI=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 0JzQvtGB0YIg0YHQstGP0LfQtdC5INGB0LDQudGC0L7Qsg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 0JzQtdC20YHQsNC50YLQvtCy0YvQuSDRgtGA0LDQvdGB0L/QvtGA0YI=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 0J/QsNGA0LDQvNC10YLRgNGLINC70LjRhtC10L3Qt9C40YDQvtCy0LDQvdC40Y8g0YHQsNC50YLQsA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: 0J/QsNGA0LDQvNC10YLRgNGLINGB0LDQudGC0LA=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 0KfQu9C10L0gRlJT
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 0J/QvtC00L/QuNGB0YfQuNC6IEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 0J/QvtC00L/QuNGB0LrQsCDQvdCwIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0J/QvtC00YDQsNC30LTQtdC70LXQvdC40LU=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LNCj0L/RgNCw0LLQu9GP0LXRgtGB0Y8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: b3Us0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0JrQvtC90YLQtdC50L3QtdGA
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 0KHQu9GD0LbQsdGLIFJQQw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 0JTQvtCy0LXRgNC10L3QvdGL0Lkg0LTQvtC80LXQvQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0J7QsdGJ0LDRjyDQv9Cw0L/QutCw
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSzQodC10YLQtdCy0L7QuSDQv9GD0YLRjA==
+attributeDisplayNames:: a2V5d29yZHMs0JrQu9GO0YfQtdCy0YvQtSDRgdC70L7QstCw
+attributeDisplayNames:: bWFuYWdlZEJ5LNCj0L/RgNCw0LLQu9GP0LXRgtGB0Y8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: 0J7Rh9C10YDQtdC00YwgTVNNUQ==
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: 0J3QsNGB0YLRgNC+0LnQutCwIE1TTVE=
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUSDQv9GA0LXQtNC/0YDQuNGP0YLQuNGP
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: 0J7QsdC90L7QstC70LXQvdC90YvQuSDQv9C+0LvRjNC30L7QstCw0YLQtdC70YwgTVNNUQ==
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: 0JzQsNGA0YjRgNGD0YIgTVNNUQ==
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: 0J/QsNGA0LDQvNC10YLRgNGLIE1TTVE=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: 0J/RgdC10LLQtNC+0L3QuNC8INC+0YfQtdGA0LXQtNC4IE1TTVE=
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSzQpNC+0YDQvNCw0YI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: 0JPRgNGD0L/Qv9CwIE1TTVE=
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLNCe0YfQtdGA0LXQtNC4INGH0LvQtdC90L7Qsg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 0KHQu9GD0LbQsdCwINCy0L3QtdGI0L3QuNGFINGF0YDQsNC90LjQu9C40Yk=
+adminContextMenu:: MCwm0KPQv9GA0LDQstC70LXQvdC40LUuLi4sUnNBZG1pbi5tc2M=
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSzQmNC90LTQtdC60YEsMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAg0Y3Quy4g0L/QvtGH0YLQsCwwLDEzMCww
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUs0JjQvNGPINCy0YXQvtC00LAg0L/QvtC70YzQt9C+0LLQsNGC0LXQu9GPLDAsMjAwLDA=
+extraColumns:: dGl0bGUs0JTQvtC70LbQvdC+0YHRgtGMLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyzQmtC+0L3QtdGH0L3Ri9C5INCw0LTRgNC10YEsMCwxMDAsMA==
+extraColumns:: c3Qs0KHQvtGB0YLQvtGP0L3QuNC1LDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs0JrQvtC80L3QsNGC0LAsMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQs0JjQt9C80LXQvdC10L0sMCwxMzAsMA==
+extraColumns:: c24s0KTQsNC80LjQu9C40Y8sMCwxMDAsMA==
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMLdCw0LTRgNC10YEg0YHQtdGA0LLQtdGA0LAg0LzQs9C90L7QstC10L3QvdGL0YUg0YHQvtC+0LHRidC10L3QuNC5LDAsMTQwLDA=
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCzQodC10YDQstC10YAg0LzQs9C90L7QstC10L3QvdGL0YUg0YHQvtC+0LHRidC10L3QuNC5LDAsMTcwLDA=
+extraColumns:: Z2l2ZW5OYW1lLNCY0LzRjywwLDEwMCww
+extraColumns:: aG9tZU1EQizQpdGA0LDQvdC40LvQuNGJ0LUg0L/QvtGH0YLQvtCy0YvRhSDRj9GJ0LjQutC+0LIgRXhjaGFuZ2UsMCwxMDAsMA==
+extraColumns:: bWFpbE5pY2tuYW1lLNCf0YHQtdCy0LTQvtC90LjQvCBFeGNoYW5nZSwwLDE3NSww
+extraColumns:: bWFpbCzQrdC70LXQutGC0YDQvtC90L3QsNGPINC/0L7Rh9GC0LAsMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUs0J/RgNC10LQtV2luZG93cyAyMDAwINC40LzRjyDQstGF0L7QtNCwLDAsMTIwLDA=
+extraColumns:: ZGlzcGxheU5hbWUs0JLRi9Cy0L7QtNC40LzQvtC1INC40LzRjywwLDEwMCww
+extraColumns:: ZGVwYXJ0bWVudCzQntGC0LTQtdC7LDAsMTUwLDA=
+extraColumns:: YyzQodGC0YDQsNC90LAsMCwtMSww
+extraColumns:: Y29tcGFueSzQntGA0LPQsNC90LjQt9Cw0YbQuNGPLDAsMTUwLDA=
+extraColumns:: bCzQk9C+0YDQvtC0LDAsMTUwLDA=
+extraColumns:: dGVsZXBob25lTnVtYmVyLNCh0LvRg9C20LXQsdC90YvQuSDRgtC10LvQtdGE0L7QvSwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 0JrQvtC90YLQtdC50L3QtdGAINGB0LDQudGC0L7Qsg==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 0JrQvtC90YLQtdC50L3QtdGAINC80LXQttGB0LDQudGC0L7QstC+0LPQviDRgtGA0LDQvdGB0L/QvtGA0YLQsA==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 0JrQvtC90YLQtdC50L3QtdGAINC/0L7QtNGB0LXRgtC10Lk=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 0JrQvtC90YLQtdC50L3QtdGAINGB0LXRgNCy0LXRgNC+0LI=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 0KHQu9GD0LbQsdCwIEFjdGl2ZSBEaXJlY3Rvcnk=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 0J/QvtC70LjRgtC40LrQsCDQt9Cw0L/RgNC+0YHQsA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 0JDQtNC80LjQvdC40YHRgtGA0LDRgtC+0YAg0LLQvdC10YjQvdC10Lkg0LHQtdC30L7Qv9Cw0YHQvdC+0YHRgtC4
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: 0KjQsNCx0LvQvtC9INGB0LXRgNGC0LjRhNC40LrQsNGC0LA=
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LNCf0L7RgdC70LXQtNC90LjQuSDQuNC30LLQtdGB0YLQvdGL0Lkg0YDQvtC00LjRgtC10LvRjNGB0LrQuNC5INC+0LHRitC10LrRgiwxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LNCf0L7QvNC+0YnQvdC40Lo=
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+attributeDisplayNames:: YyzQodC+0LrRgNCw0YnQtdC90L3QvtC1INC+0LHQvtC30L3QsNGH0LXQvdC40LUg0YHRgtGA0LDQvdGL
+attributeDisplayNames:: Y28s0KHRgtGA0LDQvdCw
+attributeDisplayNames:: Y29tbWVudCzQmtC+0LzQvNC10L3RgtCw0YDQuNC5
+attributeDisplayNames:: Y29tcGFueSzQntGA0LPQsNC90LjQt9Cw0YbQuNGP
+attributeDisplayNames:: ZGVwYXJ0bWVudCzQntGC0LTQtdC7
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzQn9GA0Y/QvNGL0LUg0L/QvtC00YfQuNC90LXQvdC90YvQtQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDRgNCw0LfQu9C40YfQsNGO0YnQtdC10YHRjyDQuNC80Y8=
+attributeDisplayNames:: ZGl2aXNpb24s0J7RgtC00LXQuw==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzQmtC+0LQg0YHQvtGC0YDRg9C00L3QuNC60LA=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNCd0L7QvNC10YAg0YTQsNC60YHQsA==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizQodGD0YTRhNC40LrRgSDQv9C+0LrQvtC70LXQvdC40Y8=
+attributeDisplayNames:: Z2l2ZW5OYW1lLNCY0LzRjw==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzQlNC+0LzQsNGI0L3Rj9GPINC/0LDQv9C60LA=
+attributeDisplayNames:: aG9tZURyaXZlLNCU0LjRgdC6INC00L7QvNCw0YjQvdC10Lkg0L/QsNC/0LrQuA==
+attributeDisplayNames:: aG9tZVBob25lLNCU0L7QvNCw0YjQvdC40Lkg0YLQtdC70LXRhNC+0L0=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms0JTQvtC80LDRiNC90LjQuSDQsNC00YDQtdGB
+attributeDisplayNames:: aW5pdGlhbHMs0JjQvdC40YbQuNCw0LvRiw==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs0JzQtdC20LTRg9C90LDRgNC+0LTQvdGL0Lkg0L3QvtC80LXRgCBJU0ROICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: aXBQaG9uZSzQotC10LvQtdGE0L7QvdC90YvQuSDQvdC+0LzQtdGAIElQ
+attributeDisplayNames:: bCzQk9C+0YDQvtC0
+attributeDisplayNames:: bWFpbCzQrdC70LXQutGC0YDQvtC90L3QsNGPINC/0L7Rh9GC0LA=
+attributeDisplayNames:: bWFuYWdlcizQoNGD0LrQvtCy0L7QtNC40YLQtdC70Yw=
+attributeDisplayNames:: bWVtYmVyT2Ys0KfQu9C10L0g0LPRgNGD0L/Qv9GL
+attributeDisplayNames:: bWlkZGxlTmFtZSzQodGA0LXQtNC90Y/RjyDRh9Cw0YHRgtGMINC40LzQtdC90LgsINC+0YLRh9C10YHRgtCy0L4=
+attributeDisplayNames:: bW9iaWxlLNCd0L7QvNC10YAg0YHQvtGC0L7QstC+0LPQviDRgtC10LvQtdGE0L7QvdCw
+attributeDisplayNames:: aW5mbyzQn9GA0LjQvNC10YfQsNC90LjRjw==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs0J3QvtC80LXRgCDRhNCw0LrRgdCwICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs0JTQvtC80LDRiNC90LjQuSDRgtC10LvQtdGE0L7QvSAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLNCi0LXQu9C10YTQvtC90L3Ri9C5INC90L7QvNC10YAgSVAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNCt0LvQtdC60YLRgNC+0L3QvdCw0Y8g0L/QvtGH0YLQsCAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUs0J3QvtC80LXRgCDRgdC+0YLQvtCy0L7Qs9C+INGC0LXQu9C10YTQvtC90LAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJQYWdlcizQndC+0LzQtdGAINC/0LXQudC00LbQtdGA0LAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs0J3QvtC80LXRgCDRgtC10LvQtdGE0L7QvdCwICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: cGFnZXIs0J3QvtC80LXRgCDQv9C10LnQtNC20LXRgNCw
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzQotC40YLRg9C7LCDQt9Cy0LDQvdC40LU=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs0JrQvtC80L3QsNGC0LA=
+attributeDisplayNames:: cG9zdGFsQ29kZSzQn9C+0YfRgtC+0LLRi9C5INC40L3QtNC10LrRgQ==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzQn9C+0YfRgtC+0LLRi9C5INGP0YnQuNC6
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNCc0LXQttC00YPQvdCw0YDQvtC00L3Ri9C5INC90L7QvNC10YAgSVNETg==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNCd0L7QvNC10YAg0YLQtdC70LXQutGB0LA=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs0JjQvNGPINCy0YXQvtC00LAgKNC/0YDQtdC0LVdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: c24s0KTQsNC80LjQu9C40Y8=
+attributeDisplayNames:: c3Qs0J7QsdC70LDRgdGC0Yw=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzQkNC00YDQtdGBLCDRg9C70LjRhtCw
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNCd0L7QvNC10YAg0YLQtdC70LXRhNC+0L3QsA==
+attributeDisplayNames:: dGVsZXhOdW1iZXIs0J3QvtC80LXRgCDRgtC10LvQtdC60YHQsCAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: dGl0bGUs0JTQvtC70LbQvdC+0YHRgtGM
+attributeDisplayNames:: dXJsLNCQ0LTRgNC10YEg0YHRgtGA0LDQvdC40YbRiyDQsiDQmNC90YLQtdGA0L3QtdGC0LUgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs0JLRi9Cy0L7QtNC40LzQvtC1INC40LzRjw==
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzQoNCw0LHQvtGH0LjQtSDRgdGC0LDQvdGG0LjQuCDQtNC70Y8g0LLRhdC+0LTQsCDQsiDRgdC40YHRgtC10LzRgw==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs0JjQvNGPINC00LvRjyDQstGF0L7QtNCw
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us0JDQtNGA0LXRgSDRgdGC0YDQsNC90LjRhtGLINCyINCY0L3RgtC10YDQvdC10YLQtQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: 16fXkdeV16bXqiBJbnRlbGxpTWlycm9y
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: 16nXmdeo15XXqiBJbnRlbGxpTWlycm9y
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 157Xqdeq157XqQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us15vXqteV15HXqiDXk9ejINeQ15nXoNeY16jXoNeY
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs16nXnSDXnNeb16DXmdeh15Q=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzXqteX16DXldeqINei15HXldeT15Qg15zXm9eg15nXodeU
+attributeDisplayNames:: ZGlzcGxheU5hbWUs16nXnSDXnNeq16bXldeS15Q=
+attributeDisplayNames:: dXJsLNeb16rXldeR16og15PXoyDXkNeZ16DXmNeo16DXmCAo15DXl9eo15nXnSk=
+attributeDisplayNames:: dGl0bGUs16rXpNen15nXkw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIs157Xodek16gg15jXnNen16EgKNeQ15fXqNeZ150p
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNee16HXpNeoINeY15zXpNeV158=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzXqNeX15XXkQ==
+attributeDisplayNames:: c3Qs157Xk9eZ16DXlC/XnteX15XXlg==
+attributeDisplayNames:: c24s16nXnSDXntep16TXl9eU
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs16nXnSDXnNeb16DXmdeh15QgKNec16TXoNeZIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNee16HXpNeoINeY15zXp9eh
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNee16HXpNeoIElTRE4g15HXmdeg15zXkNeV157XmQ==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzXqteQINeT15XXkNeo
+attributeDisplayNames:: cG9zdGFsQ29kZSzXnteZ16fXldeT
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs157Xmden15XXnSDXlNee16nXqNeT
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzXqteV15DXqA==
+attributeDisplayNames:: cGFnZXIs157Xodek16gg15bXmdee15XXoNeZ16o=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs157Xodek16gg15jXnNek15XXnyAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJQYWdlcizXnteh16TXqCDXlteZ157Xldeg15nXqiAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs157Xodek16gg15jXnNek15XXnyDXoNeZ15nXkyAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNeb16rXldeR16og15PXldeQ16gt15DXnNen15jXqNeV16DXmSAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLNee16HXpNeoINeY15zXpNeV158gSVAgKNeQ15fXqNeZ150p
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs157Xodek16gg15jXnNek15XXnyDXkdeR15nXqiAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs157Xodek16gg16TXp9ehICjXkNeX16jXmdedKQ==
+attributeDisplayNames:: aW5mbyzXlNei16jXldeq
+attributeDisplayNames:: bW9iaWxlLNee16HXpNeoINeY15zXpNeV158g16DXmdeZ15M=
+attributeDisplayNames:: bWlkZGxlTmFtZSzXqdedINeQ157Xptei15k=
+attributeDisplayNames:: bWVtYmVyT2Ys15fXkdeoINeRLQ==
+attributeDisplayNames:: bWFuYWdlcizXnteg15TXnA==
+attributeDisplayNames:: bWFpbCzXm9eq15XXkdeqINeT15XXkNeoLdeQ15zXp9eY16jXldeg15k=
+attributeDisplayNames:: bCzXoteZ16g=
+attributeDisplayNames:: aXBQaG9uZSzXnteh16TXqCDXmNec16TXldefIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs157Xodek16ggSVNETiDXkdeZ16DXnNeQ15XXnteZICjXkNeX16jXmdedKQ==
+attributeDisplayNames:: aW5pdGlhbHMs16jXkNep15kg16rXmdeR15XXqg==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms15vXqteV15HXqiDXlNeR15nXqg==
+attributeDisplayNames:: aG9tZVBob25lLNeY15zXpNeV158g15HXkdeZ16o=
+attributeDisplayNames:: aG9tZURyaXZlLNeb15XXoNefINeU15HXmdeq
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzXqteZ16fXmdeZ16og15TXkdeZ16o=
+attributeDisplayNames:: Z2l2ZW5OYW1lLNep150g16TXqNeY15k=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizXodeZ15XXnteqINeU15PXldeo
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNee16HXpNeoINek16fXoQ==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzXlteZ15TXldeZINei15XXkdeT
+attributeDisplayNames:: ZGl2aXNpb24s157Xl9ec16fXlA==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs16nXnSDXmdeZ15fXldeT15kgWDUwMA==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzXk9eZ15XXldeXINeZ16nXmdeo
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: ZGVwYXJ0bWVudCzXnteX15zXp9eU
+attributeDisplayNames:: Y29tcGFueSzXl9eR16jXlA==
+attributeDisplayNames:: Y29tbWVudCzXlNei16jXldeq
+attributeDisplayNames:: Y28s15DXqNel
+attributeDisplayNames:: YyzXqNeQ16nXmSDXqteZ15HXldeqINeU15DXqNel
+attributeDisplayNames:: Y24s16nXnQ==
+attributeDisplayNames:: YXNzaXN0YW50LNee16HXmdeZ16I=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 16fXkdeV16bXlA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us15vXqteV15HXqiDXk9ejINeQ15nXoNeY16jXoNeY
+attributeDisplayNames:: dXJsLNeb16rXldeR16og15PXoyDXkNeZ16DXmNeo16DXmCAo15DXl9eo15nXnSk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs16nXnSDXp9eR15XXpteUICjXnNek16DXmSBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs157Xmden15XXnSDXlNee16nXqNeT
+attributeDisplayNames:: aW5mbyzXlNei16jXldeq
+attributeDisplayNames:: bWVtYmVyLNeX15HXqNeZ150=
+attributeDisplayNames:: bWFuYWdlZEJ5LNee16DXlNec
+attributeDisplayNames:: bCzXoteZ16g=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs16nXnSDXmdeZ15fXldeT15kgWDUwMA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: YyzXqNeQ16nXmSDXqteZ15HXldeqINeU15DXqNel
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 16fXkdeV16bXqiDXnteX16nXkdeZ150=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: ZGMs16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 15DXmdepINen16nXqA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us15vXqteV15HXqiDXk9ejINeQ15nXoNeY16jXoNeY
+attributeDisplayNames:: dXJsLNeb16rXldeR16og15PXoyDXkNeZ16DXmNeo16DXmCAo15DXl9eo15nXnSk=
+attributeDisplayNames:: dGl0bGUs16rXpNen15nXkw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIs157Xodek16gg15jXnNen16EgKNeQ15fXqNeZ150p
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNee16HXpNeoINeY15zXpNeV158=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzXqNeX15XXkQ==
+attributeDisplayNames:: c3Qs157Xk9eZ16DXlC/XnteX15XXlg==
+attributeDisplayNames:: c24s16nXnSDXntep16TXl9eU
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNee16HXpNeoINeY15zXp9eh
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNee16HXpNeoIElTRE4g15HXmdeg15zXkNeV157XmQ==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzXqteQINeT15XXkNeo
+attributeDisplayNames:: cG9zdGFsQ29kZSzXnteZ16fXldeT
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs157Xmden15XXnSDXlNee16nXqNeT
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzXqteV15DXqA==
+attributeDisplayNames:: cGFnZXIs157Xodek16gg15bXmdee15XXoNeZ16o=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs157Xodek16gg15jXnNek15XXnyAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJQYWdlcizXnteh16TXqCDXlteZ157Xldeg15nXqiAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs157Xodek16gg15jXnNek15XXnyDXoNeZ15nXkyAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNeb16rXldeR16og15PXldeQ16gt15DXnNen15jXqNeV16DXmSAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLNee16HXpNeoINeY15zXpNeV158gSVAgKNeQ15fXqNeZ150p
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs157Xodek16gg15jXnNek15XXnyDXkdeR15nXqiAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs157Xodek16gg16TXp9ehICjXkNeX16jXmdedKQ==
+attributeDisplayNames:: bW9iaWxlLNee16HXpNeoINeY15zXpNeV158g16DXmdeZ15M=
+attributeDisplayNames:: bWlkZGxlTmFtZSzXqdedINeQ157Xptei15k=
+attributeDisplayNames:: bWVtYmVyT2Ys15fXkdeoINeRLQ==
+attributeDisplayNames:: bWFuYWdlcizXnteg15TXnA==
+attributeDisplayNames:: bWFpbCzXm9eq15XXkdeqINeT15XXkNeoLdeQ15zXp9eY16jXldeg15k=
+attributeDisplayNames:: bCzXoteZ16g=
+attributeDisplayNames:: aXBQaG9uZSzXnteh16TXqCDXmNec16TXldefIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs157Xodek16ggSVNETiDXkdeZ16DXnNeQ15XXnteZICjXkNeX16jXmdedKQ==
+attributeDisplayNames:: aW5mbyzXlNei16jXldeq
+attributeDisplayNames:: aW5pdGlhbHMs16jXkNep15kg16rXmdeR15XXqg==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms15vXqteV15HXqiDXlNeR15nXqg==
+attributeDisplayNames:: aG9tZVBob25lLNeY15zXpNeV158g15HXkdeZ16o=
+attributeDisplayNames:: Z2l2ZW5OYW1lLNep150g16TXqNeY15k=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizXodeZ15XXnteqINeU15PXldeo
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNee16HXpNeoINek16fXoQ==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzXlteZ15TXldeZINei15XXkdeT
+attributeDisplayNames:: ZGl2aXNpb24s157Xl9ec16fXlA==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs16nXnSDXmdeZ15fXldeT15kgWDUwMA==
+attributeDisplayNames:: ZGlzcGxheU5hbWUs16nXnSDXnNeq16bXldeS15Q=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzXk9eZ15XXldeXINeZ16nXmdeo
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: ZGVwYXJ0bWVudCzXnteX15zXp9eU
+attributeDisplayNames:: Y29tcGFueSzXl9eR16jXlA==
+attributeDisplayNames:: Y29tbWVudCzXlNei16jXldeq
+attributeDisplayNames:: Y24s16nXnQ==
+attributeDisplayNames:: Y28s15DXqNel
+attributeDisplayNames:: YyzXqNeQ16nXmSDXqteZ15HXldeqINeU15DXqNel
+attributeDisplayNames:: YXNzaXN0YW50LNee16HXmdeZ16I=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 157Xk9eZ16DXmdeV16og16fXkdeV16bXqiDXnteX16nXkdeZ150=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 157Xk9eZ16DXmdeV16og157Xp9eV157Xmdeq
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 16nXmdeo15XXqg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 157Xl9ep15E=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs16nXnSDXnteX16nXkSAo15zXpNeg15kgV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizXkteZ16jXodeqINee16LXqNeb16og15TXpNei15zXlA==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLNee16LXqNeb16og15TXpNei15zXlA==
+attributeDisplayNames:: bWFuYWdlZEJ5LNee16DXlNec
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 157Xk9ek16HXqg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcizXkteZ16jXodeqINeU15DXldeR15nXmden15g=
+attributeDisplayNames:: dXJsLNeb16rXldeR16og15PXoyDXkNeZ16DXmNeo16DXmA==
+attributeDisplayNames:: c2VydmVyTmFtZSzXqdedINeU16nXqNeq
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzXqtee15nXm9eUINeR15TXmdeT15XXpw==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUs16nXnSDXntep15XXqtej
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzXk9ek15nXnSDXkdeT16fXlA==
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzXmdeX15nXk9eV16og157XlNeZ16jXldeq
+attributeDisplayNames:: cHJpbnRSYXRlLNee15TXmdeo15XXqg==
+attributeDisplayNames:: cHJpbnRPd25lcizXqdedINeR16LXnNeZ150=
+attributeDisplayNames:: cHJpbnRNZW1vcnks15bXmdeb16jXldefINee15XXqten158=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzXodeV15LXmSDXoNeZ15nXqCDXoNeq157Xm9eZ150=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LNeg15nXmdeoINeW157Xmdef
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLNeo15bXldec15XXpteZ15Qg157XqNeR15nXqg==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSzXqdek16og15TXnteT16TXodeq
+attributeDisplayNames:: cHJpbnRlck5hbWUs16nXnQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQs16rXnteZ15vXlCDXkdeU15PXpNeh15Qg15PXlS3XpteT15PXmdeq
+attributeDisplayNames:: cHJpbnRDb2xvcizXqtee15nXm9eUINeR15TXk9ek16HXqiDXpteR16I=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLNeq157Xmdeb15Qg15HXkNeZ16HXldej
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzXnteS16nXmSDXp9ec15g=
+attributeDisplayNames:: cG9ydE5hbWUs15nXpteZ15DXlA==
+attributeDisplayNames:: bG9jYXRpb24s157Xmden15XXnQ==
+attributeDisplayNames:: ZHJpdmVyTmFtZSzXnteV15PXnA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s15TXoteo15XXqg==
+attributeDisplayNames:: Y29udGFjdE5hbWUs15DXmdepINen16nXqA==
+attributeDisplayNames:: YXNzZXROdW1iZXIs157Xodek16gg16DXm9eh
+attributeDisplayNames:: dU5DTmFtZSzXqdedINeo16nXqg==
+attributeDisplayNames:: Y24s16nXnSDXqdeZ16jXldeqINeh16TXqNeZ15nXlA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 15DXqteo
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 16nXqNeq
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 15TXkteT16jXldeq
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 15TXkteT16jXldeqINeR16fXqCDXp9eR15XXpteqINee15fXqdeR15nXnQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 15fXmdeR15XXqA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 15TXkteT16jXldeqIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 16LXqNeb16og16LXldeq16fXmdedINee16nXldeb16TXnNeZ150g16nXnCBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 16jXqdeqINee16nXoNeZ16ogU3VibmV0
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 16fXmdep15XXqCDXnNeQ16rXqA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 15LXqdeoINen15nXqdeV16gg15zXkNeq16g=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 16rXoteR15XXqNeUINeR15nXny3XkNeq16jXmded
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 16jXqdeZ15XXnyDXnNeU15LXk9eo15XXqiDXkNeq16g=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: 15TXkteT16jXldeqINeQ16rXqA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 15fXkdeoIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 157XoNeV15kgRlJT
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 157XoNeV15nXmdedINecLUZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 15nXl9eZ15PXlCDXkNeo15LXldeg15nXqg==
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LNee16DXlNec
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: b3Us16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 15LXldeo150g157Xm9eZ15w=
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 16nXmdeo15XXqteZIFJQQw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 16fXkdeV16bXqiDXnteX16nXkdeZ150g15DXnteZ16DXlA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 16rXmden15nXmdeUINee16nXldeq16TXqg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSzXoNeq15nXkSDXlNeo16nXqg==
+attributeDisplayNames:: a2V5d29yZHMs157Xmdec15XXqiDXntek16rXlw==
+attributeDisplayNames:: bWFuYWdlZEJ5LNee16DXlNec
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: 16rXldeoIE1TTVE=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: 16rXpteV16jXqiBNU01R
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: 15DXqNeS15XXnyBNU01R
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: 157Xqdeq157XqSDXntep15XXk9eo15Ig15EtTVNNUQ==
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: 16fXmdep15XXqCDXnteg16rXkSBNU01R
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: 15TXkteT16jXldeqIE1TTVE=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: 15vXmdeg15XXmSDXqteV16ggTVNNUQ==
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSzXqdedINeq15HXoNeZ16o=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: 16fXkdeV16bXqiBNU01R
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLNeq15XXqNeZINeX15HXqNeZ150=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 16nXmdeo15XXqiDXkNeZ15fXodeV158g157XqNeV15fXpw==
+adminContextMenu:: MCwm16DXmdeU15XXnC4uLixSc0FkbWluLm1zYw==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSzXnteZ16fXldeTLDAsMTAwLDA=
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3Ms15vXqteV15HXqiDXk9eV15DXqCDXkNec16fXmNeo15XXoNeZINep15wgWC40MDAsMCwxMzAsMA==
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUs16nXnSDXm9eg15nXodeUINep15wg15TXntep16rXntepLDAsMjAwLDA=
+extraColumns:: dGl0bGUs16rXpNen15nXkywwLDEwMCww
+extraColumns:: dGFyZ2V0QWRkcmVzcyzXm9eq15XXkdeqINeZ16LXkywwLDEwMCww
+extraColumns:: c3Qs15DXlteV16gsMCwxMDAsMA==
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs157Xqdeo15MsMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQs16nXldeg15QsMCwxMzAsMA==
+extraColumns:: c24s16nXnSDXntep16TXl9eULDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkws15vXqteV15HXqiBVUkwg16nXnCDXnteh16jXmdedINee15nXk9eZ15nXnSwwLDE0MCww
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCzXqdeo16og16jXkNep15kg16nXnCDXnteh16jXmdedINee15nXmdeT15nXmdedLDAsMTcwLDA=
+extraColumns:: Z2l2ZW5OYW1lLNep150g16TXqNeY15ksMCwxMDAsMA==
+extraColumns:: aG9tZU1EQizXnteQ15LXqCDXqteZ15HXqiDXlNeT15XXkNeoINep15wgRXhjaGFuZ2UsMCwxMDAsMA==
+extraColumns:: bWFpbE5pY2tuYW1lLNeb15nXoNeV15kgRXhjaGFuZ2UsMCwxNzUsMA==
+extraColumns:: bWFpbCzXm9eq15XXkdeqINeT15XXkNeoLdeQ15zXp9eY16jXldeg15ksMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUs16nXnSDXm9eg15nXodeUINep15zXpNeg15kgV2luZG93cyAyMDAwLDAsMTIwLDA=
+extraColumns:: ZGlzcGxheU5hbWUs16nXnSDXnNeq16bXldeS15QsMCwxMDAsMA==
+extraColumns:: ZGVwYXJ0bWVudCzXnteX15zXp9eULDAsMTUwLDA=
+extraColumns:: YyzXkNeo16UsMCwtMSww
+extraColumns:: Y29tcGFueSzXl9eR16jXlCwwLDE1MCww
+extraColumns:: bCzXoteZ16gsMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLNeY15zXpNeV158g15HXoteR15XXk9eULDAsMTAwLDA=
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 15LXldeo150g157Xm9eZ15wg16nXnCDXkNeq16jXmded
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 15LXldeo150g157Xm9eZ15wg16nXnCDXntei15HXldeo15Qg15HXmdefLdeQ16rXqNeZ150=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 15LXldeo150g157Xm9eZ15wg16nXnCDXqNep16rXldeqINee16nXoNeUIChTdWJuZXRzKQ==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 15LXldeo150g157Xm9eZ15wg16nXnCDXqdeo16rXmded
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 16nXmdeo15XXqiBBY3RpdmUgRGlyZWN0b3J5
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 157Xk9eZ16DXmdeV16og16nXkNeZ15zXqteU
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 16fXqNefINeR15jXl9eV16DXldeqINeW16jXmded
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: 16rXkdeg15nXqiDXkNeZ16nXldeo
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LNeQ15Eg15nXk9eV16Ig15DXl9eo15XXnywxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LNee16HXmdeZ16I=
+attributeDisplayNames:: Y24s16nXnQ==
+attributeDisplayNames:: YyzXqNeQ16nXmSDXqteZ15HXldeqINeU15DXqNel
+attributeDisplayNames:: Y28s15DXqNel
+attributeDisplayNames:: Y29tbWVudCzXlNei16jXldeq
+attributeDisplayNames:: Y29tcGFueSzXl9eR16jXlA==
+attributeDisplayNames:: ZGVwYXJ0bWVudCzXnteX15zXp9eU
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzXk9eZ15XXldeXINeZ16nXmdeo
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs16nXnSDXmdeZ15fXldeT15kgWDUwMA==
+attributeDisplayNames:: ZGl2aXNpb24s157Xl9ec16fXlA==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzXlteZ15TXldeZINei15XXkdeT
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNee16HXpNeoINek16fXoQ==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizXodeZ15XXnteqINeU15PXldeo
+attributeDisplayNames:: Z2l2ZW5OYW1lLNep150g16TXqNeY15k=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzXqteZ16fXmdeZ16og15TXkdeZ16o=
+attributeDisplayNames:: aG9tZURyaXZlLNeb15XXoNefINeU15HXmdeq
+attributeDisplayNames:: aG9tZVBob25lLNeY15zXpNeV158g15HXkdeZ16o=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms15vXqteV15HXqiDXlNeR15nXqg==
+attributeDisplayNames:: aW5pdGlhbHMs16jXkNep15kg16rXmdeR15XXqg==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs157Xodek16ggSVNETiDXkdeZ16DXnNeQ15XXnteZICjXkNeX16jXmdedKQ==
+attributeDisplayNames:: aXBQaG9uZSzXnteh16TXqCDXmNec16TXldefIElQ
+attributeDisplayNames:: bCzXoteZ16g=
+attributeDisplayNames:: bWFpbCzXm9eq15XXkdeqINeT15XXkNeoLdeQ15zXp9eY16jXldeg15k=
+attributeDisplayNames:: bWFuYWdlcizXnteg15TXnA==
+attributeDisplayNames:: bWVtYmVyT2Ys15fXkdeoINeRLQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSzXqdedINeQ157Xptei15k=
+attributeDisplayNames:: bW9iaWxlLNee16HXpNeoINeY15zXpNeV158g16DXmdeZ15M=
+attributeDisplayNames:: aW5mbyzXlNei16jXldeq
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs157Xodek16gg16TXp9ehICjXkNeX16jXmdedKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs15jXnNek15XXnyDXkdeR15nXqiAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLNee16HXpNeoINeY15zXpNeV158gSVAgKNeQ15fXqNeZ150p
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNeb16rXldeR16og15PXldeQ16gt15DXnNen15jXqNeV16DXmSAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs157Xodek16gg15jXnNek15XXnyDXoNeZ15nXkyAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJQYWdlcizXnteh16TXqCDXlteZ157Xldeg15nXqiAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs157Xodek16gg15jXnNek15XXnyAo15DXl9eo15nXnSk=
+attributeDisplayNames:: cGFnZXIs157Xodek16gg15bXmdee15XXoNeZ16o=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzXqteV15DXqA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs157Xmden15XXnSDXlNee16nXqNeT
+attributeDisplayNames:: cG9zdGFsQ29kZSzXnteZ16fXldeT
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzXqteQINeT15XXkNeo
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNee16HXpNeoIElTRE4g15HXmdeg15zXkNeV157XmQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNee16HXpNeoINeY15zXp9eh
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs16nXnSDXnNeb16DXmdeh15QgKNec16TXoNeZIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: c24s16nXnSDXntep16TXl9eU
+attributeDisplayNames:: c3Qs157Xk9eZ16DXlC/XnteX15XXlg==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzXqNeX15XXkQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNee16HXpNeoINeY15zXpNeV158=
+attributeDisplayNames:: dGVsZXhOdW1iZXIs157Xodek16gg15jXnNen16EgKNeQ15fXqNeZ150p
+attributeDisplayNames:: dGl0bGUs16rXpNen15nXkw==
+attributeDisplayNames:: dXJsLNeb16rXldeR16og15PXoyDXkNeZ16DXmNeo16DXmCAo15DXl9eo15nXnSk=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs16nXnSDXnNeq16bXldeS15Q=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzXqteX16DXldeqINei15HXldeT15Qg15zXm9eg15nXodeU
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs16nXnSDXnNeb16DXmdeh15Q=
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us15vXqteV15HXqiDXk9ejINeQ15nXoNeY16jXoNeY
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror Group
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror Service
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: User
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: wWWHomePage,Web Page Address
+attributeDisplayNames: userPrincipalName,Logon Name
+attributeDisplayNames: userWorkstations,Logon Workstations
+attributeDisplayNames: displayName,Display Name
+attributeDisplayNames: url,Web Page Address (Others)
+attributeDisplayNames: title,Job Title
+attributeDisplayNames: telexNumber,Telex Number (Others)
+attributeDisplayNames: telephoneNumber,Telephone Number
+attributeDisplayNames: streetAddress,Street Address
+attributeDisplayNames: st,State/Province
+attributeDisplayNames: sn,Last Name
+attributeDisplayNames: samAccountName,Logon Name (pre-Windows 2000)
+attributeDisplayNames: primaryTelexNumber,Telex Number
+attributeDisplayNames: primaryInternationalISDNNumber,International ISDN Number
+attributeDisplayNames: postOfficeBox,Post Office Box
+attributeDisplayNames: postalCode,ZIP/Postal Code
+attributeDisplayNames: physicalDeliveryOfficeName,Office Location
+attributeDisplayNames: personalTitle,Title
+attributeDisplayNames: pager,Pager Number
+attributeDisplayNames: otherTelephone,Phone Number (Others)
+attributeDisplayNames: otherPager,Pager Number (Others)
+attributeDisplayNames: otherMobile,Mobile Number (Others)
+attributeDisplayNames: otherMailbox,E-Mail Address (Others)
+attributeDisplayNames: otherIpPhone,IP Phone Number (Others)
+attributeDisplayNames: otherHomePhone,Home Phone Number (Others)
+attributeDisplayNames: otherFacsimileTelephoneNumber,Fax Number (Others)
+attributeDisplayNames: info,Notes
+attributeDisplayNames: mobile,Mobile Number
+attributeDisplayNames: middleName,Middle Name
+attributeDisplayNames: memberOf,Member Of
+attributeDisplayNames: manager,Manager
+attributeDisplayNames: mail,E-Mail Address
+attributeDisplayNames: l,City
+attributeDisplayNames: ipPhone,IP Phone Number
+attributeDisplayNames: internationalISDNNumber,International ISDN Number (Others)
+attributeDisplayNames: initials,Initials
+attributeDisplayNames: homePostalAddress,Home Address
+attributeDisplayNames: homePhone,Home Phone
+attributeDisplayNames: homeDrive,Home Drive
+attributeDisplayNames: homeDirectory,Home Folder
+attributeDisplayNames: givenName,First Name
+attributeDisplayNames: generationQualifier,Generational Suffix
+attributeDisplayNames: facsimileTelephoneNumber,Fax Number
+attributeDisplayNames: employeeID,Employee ID
+attributeDisplayNames: division,Division
+attributeDisplayNames: distinguishedName,X500 Distinguished Name
+attributeDisplayNames: directReports,Direct Reports
+attributeDisplayNames: description,Description
+attributeDisplayNames: department,Department
+attributeDisplayNames: company,Company
+attributeDisplayNames: comment,Comment
+attributeDisplayNames: co,Country
+attributeDisplayNames: c,Country Abbreviation
+attributeDisplayNames: cn,Name
+attributeDisplayNames: assistant,Assistant
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Group
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: wWWHomePage,Web Page Address
+attributeDisplayNames: url,Web Page Address (Others)
+attributeDisplayNames: samAccountName,Group name (pre-Windows 2000)
+attributeDisplayNames: physicalDeliveryOfficeName,Office Location
+attributeDisplayNames: info,Notes
+attributeDisplayNames: member,Members
+attributeDisplayNames: managedBy,Managed By
+attributeDisplayNames: l,City
+attributeDisplayNames: distinguishedName,X500 Distinguished Name
+attributeDisplayNames: description,Description
+attributeDisplayNames: c,Country Abbreviation
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Domain
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Description
+attributeDisplayNames: dc,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contact
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: wWWHomePage,Web Page Address
+attributeDisplayNames: url,Web Page Address (Others)
+attributeDisplayNames: title,Job Title
+attributeDisplayNames: telexNumber,Telex Number (Others)
+attributeDisplayNames: telephoneNumber,Telephone Number
+attributeDisplayNames: streetAddress,Street Address
+attributeDisplayNames: st,State/Province
+attributeDisplayNames: sn,Last Name
+attributeDisplayNames: primaryTelexNumber,Telex Number
+attributeDisplayNames: primaryInternationalISDNNumber,International ISDN Number
+attributeDisplayNames: postOfficeBox,Post Office Box
+attributeDisplayNames: postalCode,ZIP/Postal Code
+attributeDisplayNames: physicalDeliveryOfficeName,Office Location
+attributeDisplayNames: personalTitle,Title
+attributeDisplayNames: pager,Pager Number
+attributeDisplayNames: otherTelephone,Phone Number (Others)
+attributeDisplayNames: otherPager,Pager Number (Others)
+attributeDisplayNames: otherMobile,Mobile Number (Others)
+attributeDisplayNames: otherMailbox,E-Mail Address (Others)
+attributeDisplayNames: otherIpPhone,IP Phone Number (Others)
+attributeDisplayNames: otherHomePhone,Home Phone Number (Others)
+attributeDisplayNames: otherFacsimileTelephoneNumber,Fax Number (Others)
+attributeDisplayNames: mobile,Mobile Number
+attributeDisplayNames: middleName,Middle Name
+attributeDisplayNames: memberOf,Member Of
+attributeDisplayNames: manager,Manager
+attributeDisplayNames: mail,E-Mail Address
+attributeDisplayNames: l,City
+attributeDisplayNames: ipPhone,IP Phone Number
+attributeDisplayNames: internationalISDNNumber,International ISDN Number (Others)
+attributeDisplayNames: info,Notes
+attributeDisplayNames: initials,Initials
+attributeDisplayNames: homePostalAddress,Home Address
+attributeDisplayNames: homePhone,Home Phone
+attributeDisplayNames: givenName,First Name
+attributeDisplayNames: generationQualifier,Generational Suffix
+attributeDisplayNames: facsimileTelephoneNumber,Fax Number
+attributeDisplayNames: employeeID,Employee ID
+attributeDisplayNames: division,Division
+attributeDisplayNames: distinguishedName,X500 Distinguished Name
+attributeDisplayNames: displayName,Display Name
+attributeDisplayNames: directReports,Direct Reports
+attributeDisplayNames: description,Description
+attributeDisplayNames: department,Department
+attributeDisplayNames: company,Company
+attributeDisplayNames: comment,Comment
+attributeDisplayNames: cn,Name
+attributeDisplayNames: co,Country
+attributeDisplayNames: c,Country Abbreviation
+attributeDisplayNames: assistant,Assistant
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Domain Policy
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Local Policy
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Shared Folder
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: uNCName,Network Path
+attributeDisplayNames: keywords,Keywords
+attributeDisplayNames: managedBy,Managed By
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Service
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Computer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: samAccountName,Computer name (pre-Windows 2000)
+attributeDisplayNames: operatingSystemVersion,Operating System Version
+attributeDisplayNames: operatingSystem,Operating System
+attributeDisplayNames: managedBy,Managed By
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Printer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: versionNumber,Object Version
+attributeDisplayNames: url,Web Page Address
+attributeDisplayNames: serverName,Server Name
+attributeDisplayNames: printStaplingSupported,Supports Stapling
+attributeDisplayNames: printShareName,Share Name
+attributeDisplayNames: printPagesPerMinute,Pages per Minute
+attributeDisplayNames: printRateUnit,Speed Units
+attributeDisplayNames: printRate,Speed
+attributeDisplayNames: printOwner,Owner Name
+attributeDisplayNames: printMemory,Installed Memory
+attributeDisplayNames: printMediaSupported,Paper Types Supported
+attributeDisplayNames: printMediaReady,Paper Available
+attributeDisplayNames: printMaxResolutionSupported,Maximum Resolution
+attributeDisplayNames: printLanguage,Printer Language
+attributeDisplayNames: printerName,Name
+attributeDisplayNames: printDuplexSupported,Supports Double-sided Printing
+attributeDisplayNames: printColor,Supports Color Printing
+attributeDisplayNames: printCollate,Supports Collation
+attributeDisplayNames: printBinNames,Input Trays
+attributeDisplayNames: portName,Port
+attributeDisplayNames: location,Location
+attributeDisplayNames: driverName,Model
+attributeDisplayNames: description,Comment
+attributeDisplayNames: contactName,Contact
+attributeDisplayNames: assetNumber,Asset Number
+attributeDisplayNames: uNCName,Network Name
+attributeDisplayNames: cn,Directory Service Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Site
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Settings
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS Settings
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS Replica Set
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Domain Controller Settings
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Connection
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Subnet
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Organizational Unit
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: managedBy,Managed By
+attributeDisplayNames: description,Description
+attributeDisplayNames: ou,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Container
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Trusted Domain
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns: postalCode,Zip Code,0,100,0
+extraColumns: textEncodedORAddress,X.400 E-Mail Address,0,130,0
+extraColumns: userPrincipalName,User Logon Name,0,200,0
+extraColumns: title,Job Title,0,100,0
+extraColumns: targetAddress,Target Address,0,100,0
+extraColumns: st,State,0,100,0
+extraColumns: physicalDeliveryOfficeName,Office,0,100,0
+extraColumns: whenChanged,Modified,0,130,0
+extraColumns: sn,Last Name,0,100,0
+extraColumns: msExchIMMetaPhysicalURL,Instant Messaging URL,0,140,0
+extraColumns: msExchIMPhysicalURL,Instant Messaging Home Server,0,170,0
+extraColumns: givenName,First Name,0,100,0
+extraColumns: homeMDB,Exchange Mailbox Store,0,100,0
+extraColumns: mailNickname,Exchange Alias,0,175,0
+extraColumns: mail,E-Mail Address,0,100,0
+extraColumns: sAMAccountName,Pre-Windows 2000 Logon Name,0,120,0
+extraColumns: displayName,Display Name,0,100,0
+extraColumns: department,Department,0,150,0
+extraColumns: c,Country,0,-1,0
+extraColumns: company,Company,0,150,0
+extraColumns: l,City,0,150,0
+extraColumns: telephoneNumber,Business Phone,0,100,0
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Site Link
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Site Link Bridge
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Inter-Site Transport
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Licensing Site Settings
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName: Site Settings
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS Member
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS Subscriber
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS Subscriptions
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: RPC Services
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ Queue
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ Configuration
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ Enterprise
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName: MSMQ Upgraded User
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: MSMQ Routing Link
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName: MSMQ Settings
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: MSMQ Queue Alias
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Format Name
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: MSMQ Group
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames: member,Member Queues
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Remote Storage Service
+adminContextMenu: 0,&Manage...,RsAdmin.msc
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Sites Container
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Inter-Site Transports Container
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Subnets Container
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Servers Container
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Active Directory Service
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Query Policy
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Foreign Security Principal
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Certificate Template
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns: lastKnownParent,Last Known Parent,1,300,0
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: assistant,Assistant
+attributeDisplayNames: cn,Name
+attributeDisplayNames: c,Country Abbreviation
+attributeDisplayNames: co,Country
+attributeDisplayNames: comment,Comment
+attributeDisplayNames: company,Company
+attributeDisplayNames: department,Department
+attributeDisplayNames: description,Description
+attributeDisplayNames: directReports,Direct Reports
+attributeDisplayNames: distinguishedName,X500 Distinguished Name
+attributeDisplayNames: division,Division
+attributeDisplayNames: employeeID,Employee ID
+attributeDisplayNames: facsimileTelephoneNumber,Fax Number
+attributeDisplayNames: generationQualifier,Generational Suffix
+attributeDisplayNames: givenName,First Name
+attributeDisplayNames: homeDirectory,Home Folder
+attributeDisplayNames: homeDrive,Home Drive
+attributeDisplayNames: homePhone,Home Phone
+attributeDisplayNames: homePostalAddress,Home Address
+attributeDisplayNames: initials,Initials
+attributeDisplayNames: internationalISDNNumber,International ISDN Number (Others)
+attributeDisplayNames: ipPhone,IP Phone Number
+attributeDisplayNames: l,City
+attributeDisplayNames: mail,E-Mail Address
+attributeDisplayNames: manager,Manager
+attributeDisplayNames: memberOf,Member Of
+attributeDisplayNames: middleName,Middle Name
+attributeDisplayNames: mobile,Mobile Number
+attributeDisplayNames: info,Notes
+attributeDisplayNames: otherFacsimileTelephoneNumber,Fax Number (Others)
+attributeDisplayNames: otherHomePhone,Home Phone (Others)
+attributeDisplayNames: otherIpPhone,IP Phone Number (Others)
+attributeDisplayNames: otherMailbox,E-Mail Address (Others)
+attributeDisplayNames: otherMobile,Mobile Number (Others)
+attributeDisplayNames: otherPager,Pager Number (Others)
+attributeDisplayNames: otherTelephone,Phone Number (Others)
+attributeDisplayNames: pager,Pager Number
+attributeDisplayNames: personalTitle,Title
+attributeDisplayNames: physicalDeliveryOfficeName,Office Location
+attributeDisplayNames: postalCode,ZIP/Postal Code
+attributeDisplayNames: postOfficeBox,Post Office Box
+attributeDisplayNames: primaryInternationalISDNNumber,International ISDN Number
+attributeDisplayNames: primaryTelexNumber,Telex Number
+attributeDisplayNames: samAccountName,Logon Name (pre-Windows 2000)
+attributeDisplayNames: sn,Last Name
+attributeDisplayNames: st,State/Province
+attributeDisplayNames: streetAddress,Street Address
+attributeDisplayNames: telephoneNumber,Telephone Number
+attributeDisplayNames: telexNumber,Telex Number (Others)
+attributeDisplayNames: title,Job Title
+attributeDisplayNames: url,Web Page Address (Others)
+attributeDisplayNames: displayName,Display Name
+attributeDisplayNames: userWorkstations,Logon Workstations
+attributeDisplayNames: userPrincipalName,Logon Name
+attributeDisplayNames: wWWHomePage,Web Page Address
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Grupo IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: Servicio IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Usuario
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRGlyZWNjacOzbiBkZSBww6FnaW5hIFdlYg==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tYnJlIGRlIGluaWNpbyBkZSBzZXNpw7Nu
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxFc3RhY2lvbmVzIGRlIHRyYWJham8gZGUgaW5pY2lvIGRlIHNlc2nDs24=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tYnJlIHBhcmEgbW9zdHJhcg==
+attributeDisplayNames:: dXJsLERpcmVjY2nDs24gZGUgcMOhZ2luYSBXZWIgKG90cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTsO6bWVybyBkZSB0w6lsZXggKG90cm9zKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgdGVsw6lmb25v
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxDYWxsZQ==
+attributeDisplayNames:: c3QsRXN0YWRvL1Byb3ZpbmNpYQ==
+attributeDisplayNames:: c24sQXBlbGxpZG9z
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tYnJlIGRlIGluaWNpbyBkZSBzZXNpw7NuIChhbnRlcmlvciBhIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE7Dum1lcm8gZGUgdMOpbGV4
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE7Dum1lcm8gSVNETiAoUkRTSSkgaW50ZXJuYWNpb25hbA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxBcGFydGFkbyBkZSBjb3JyZW9z
+attributeDisplayNames:: cG9zdGFsQ29kZSxDw7NkaWdvIHBvc3RhbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWJpY2FjacOzbiBkZSBsYSBvZmljaW5h
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGFnZXIsTsO6bWVybyBkZSBsb2NhbGl6YWRvcg==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTsO6bWVybyBkZSB0ZWzDqWZvbm8gKG90cm9zKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOw7ptZXJvIGRlIGxvY2FsaXphZG9yIChvdHJvcyk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTsO6bS4gZGUgdGVsw6lmb25vIG3Ds3ZpbCAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LERpcmVjY2nDs24gZGUgY29ycmVvIGVsZWN0csOzbmljbyAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJJcFBob25lLE7Dum0uIGRlIHRlbMOpZm9ubyBkZSBQSSAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTsO6bWVybyBkZSB0ZWzDqWZvbm8gcGFydGljdWxhciAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTsO6bWVybyBkZSBmYXggKG90cm9zKQ==
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: bW9iaWxlLE7Dum1lcm8gZGUgdGVsw6lmb25vIG3Ds3ZpbA==
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWd1bmRvIG5vbWJyZQ==
+attributeDisplayNames:: bWVtYmVyT2YsTWllbWJybyBkZQ==
+attributeDisplayNames:: bWFuYWdlcixBZG1pbmlzdHJhZG9y
+attributeDisplayNames:: bWFpbCxEaXJlY2Npw7NuIGRlIGNvcnJlbyBlbGVjdHLDs25pY28=
+attributeDisplayNames:: bCxDaXVkYWQ=
+attributeDisplayNames:: aXBQaG9uZSxOw7ptLiBkZSB0ZWzDqWZvbm8gZGVsIFBJ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTsO6bWVybyBJU0ROIChSRFNJKSBpbnRlcm5hY2lvbmFsIChvdHJvcyk=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhbGVz
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRGlyZWNjacOzbiBwZXJzb25hbA==
+attributeDisplayNames:: aG9tZVBob25lLFRlbMOpZm9ubyBwYXJ0aWN1bGFy
+attributeDisplayNames:: aG9tZURyaXZlLFVuaWRhZCBwYXJ0aWN1bGFy
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxDYXJwZXRhIHBhcnRpY3VsYXI=
+attributeDisplayNames:: Z2l2ZW5OYW1lLFByaW1lciBub21icmU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpam8gZ2VuZXJhY2lvbmFs
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgZmF4
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZC4gZGUgZW1wbGVhZG8=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpw7Nu
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tYnJlIGRpc3Rpbmd1aWRvIFg1MDA=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxTdXBlcnZpc2EgYQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: Y29tcGFueSxDb21wYcOxw61h
+attributeDisplayNames:: Y29tbWVudCxDb21lbnRhcmlv
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkZSBwYcOtcw==
+attributeDisplayNames:: Y24sTm9tYnJl
+attributeDisplayNames:: YXNzaXN0YW50LEF5dWRhbnRl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Grupo
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRGlyZWNjacOzbiBkZSBww6FnaW5hIFdlYg==
+attributeDisplayNames:: dXJsLERpcmVjY2nDs24gZGUgcMOhZ2luYSBXZWIgKG90cm9zKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tYnJlIGRlbCBncnVwbyAoYW50ZXJpb3IgYSBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWJpY2FjacOzbiBkZSBsYSBvZmljaW5h
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: bWVtYmVyLE1pZW1icm9z
+attributeDisplayNames:: bWFuYWdlZEJ5LEFkbWluaXN0cmFkbyBwb3I=
+attributeDisplayNames:: bCxDaXVkYWQ=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tYnJlIGRpc3Rpbmd1aWRvIFg1MDA=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkZSBwYcOtcw==
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Dominio
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: ZGMsTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contacto
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRGlyZWNjacOzbiBkZSBww6FnaW5hIFdlYg==
+attributeDisplayNames:: dXJsLERpcmVjY2nDs24gZGUgcMOhZ2luYSBXZWIgKG90cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTsO6bWVybyBkZSB0w6lsZXggKG90cm9zKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgdGVsw6lmb25v
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxDYWxsZQ==
+attributeDisplayNames:: c3QsRXN0YWRvL1Byb3ZpbmNpYQ==
+attributeDisplayNames:: c24sQXBlbGxpZG9z
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE7Dum1lcm8gZGUgdMOpbGV4
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE7Dum1lcm8gSVNETiAoUkRTSSkgaW50ZXJuYWNpb25hbA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxBcGFydGFkbyBkZSBjb3JyZW9z
+attributeDisplayNames:: cG9zdGFsQ29kZSxDw7NkaWdvIHBvc3RhbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWJpY2FjacOzbiBkZSBsYSBvZmljaW5h
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGFnZXIsTsO6bWVybyBkZSBsb2NhbGl6YWRvcg==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTsO6bWVybyBkZSB0ZWzDqWZvbm8gKG90cm9zKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOw7ptZXJvIGRlIGxvY2FsaXphZG9yIChvdHJvcyk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTsO6bS4gZGUgdGVsw6lmb25vIG3Ds3ZpbCAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LERpcmVjY2nDs24gZGUgY29ycmVvIGVsZWN0csOzbmljbyAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJJcFBob25lLE7Dum0uIGRlIHRlbMOpZm9ubyBkZSBQSSAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTsO6bWVybyBkZSB0ZWzDqWZvbm8gcGFydGljdWxhciAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTsO6bWVybyBkZSBmYXggKG90cm9zKQ==
+attributeDisplayNames:: bW9iaWxlLE7Dum1lcm8gZGUgdGVsw6lmb25vIG3Ds3ZpbA==
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWd1bmRvIG5vbWJyZQ==
+attributeDisplayNames:: bWVtYmVyT2YsTWllbWJybyBkZQ==
+attributeDisplayNames:: bWFuYWdlcixBZG1pbmlzdHJhZG9y
+attributeDisplayNames:: bWFpbCxEaXJlY2Npw7NuIGRlIGNvcnJlbyBlbGVjdHLDs25pY28=
+attributeDisplayNames:: bCxDaXVkYWQ=
+attributeDisplayNames:: aXBQaG9uZSxOw7ptLiBkZSB0ZWzDqWZvbm8gZGVsIFBJ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTsO6bWVybyBJU0ROIChSRFNJKSBpbnRlcm5hY2lvbmFsIChvdHJvcyk=
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhbGVz
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRGlyZWNjacOzbiBwZXJzb25hbA==
+attributeDisplayNames:: aG9tZVBob25lLFRlbMOpZm9ubyBwYXJ0aWN1bGFy
+attributeDisplayNames:: Z2l2ZW5OYW1lLFByaW1lciBub21icmU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpam8gZ2VuZXJhY2lvbmFs
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgZmF4
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZC4gZGUgZW1wbGVhZG8=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpw7Nu
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tYnJlIGRpc3Rpbmd1aWRvIFg1MDA=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tYnJlIHBhcmEgbW9zdHJhcg==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxTdXBlcnZpc2EgYQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: Y29tcGFueSxDb21wYcOxw61h
+attributeDisplayNames:: Y29tbWVudCxDb21lbnRhcmlv
+attributeDisplayNames:: Y24sTm9tYnJl
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkZSBwYcOtcw==
+attributeDisplayNames:: YXNzaXN0YW50LEF5dWRhbnRl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Directiva de dominio
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Directiva local
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Servicio
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Equipo
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tYnJlIGRlbCBlcXVpcG8gKGFudGVyaW9yIGEgV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixWZXJzacOzbiBkZWwgc2lzdGVtYSBvcGVyYXRpdm8=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLFNpc3RlbWEgb3BlcmF0aXZv
+attributeDisplayNames:: bWFuYWdlZEJ5LEFkbWluaXN0cmFkbyBwb3I=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Impresora
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixWZXJzacOzbiBkZWwgb2JqZXRv
+attributeDisplayNames:: dXJsLERpcmVjY2nDs24gZGUgcMOhZ2luYSBXZWI=
+attributeDisplayNames:: c2VydmVyTmFtZSxOb21icmUgZGVsIHNlcnZpZG9y
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxQZXJtaXRlIGdyYXBhZG8=
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTm9tYnJlIGRlbCByZWN1cnNvIGNvbXBhcnRpZG8=
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxQw6FnaW5hcyBwb3IgbWludXRv
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxVbmlkYWRlcyBkZSB2ZWxvY2lkYWQ=
+attributeDisplayNames:: cHJpbnRSYXRlLFZlbG9jaWRhZA==
+attributeDisplayNames:: cHJpbnRPd25lcixOb21icmUgZGVsIHByb3BpZXRhcmlv
+attributeDisplayNames:: cHJpbnRNZW1vcnksTWVtb3JpYSBpbnN0YWxhZGE=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxUaXBvcyBkZSBwYXBlbCBhZG1pdGlkb3M=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFBhcGVsIGRpc3BvbmlibGU=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLFJlc29sdWNpw7NuIG3DoXhpbWE=
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxJZGlvbWEgZGUgaW1wcmVzacOzbg==
+attributeDisplayNames:: cHJpbnRlck5hbWUsTm9tYnJl
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsQWRtaXRlIGltcHJlc2nDs24gYSBkb2JsZSBjYXJh
+attributeDisplayNames:: cHJpbnRDb2xvcixBZG1pdGUgaW1wcmVzacOzbiBlbiBjb2xvcmVz
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLEFkbWl0ZSBpbnRlcmNhbGFkbw==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxCYW5kZWphcyBkZSBlbnRyYWRh
+attributeDisplayNames:: cG9ydE5hbWUsUHVlcnRv
+attributeDisplayNames:: bG9jYXRpb24sVWJpY2FjacOzbg==
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQ29tZW50YXJpbw==
+attributeDisplayNames:: Y29udGFjdE5hbWUsQ29udGFjdG8=
+attributeDisplayNames:: YXNzZXROdW1iZXIsTsO6bWVybyBkZSBpbnZlbnRhcmlv
+attributeDisplayNames:: dU5DTmFtZSxOb21icmUgZGUgcmVk
+attributeDisplayNames:: Y24sTm9tYnJlIGRlIHNlcnZpY2lvIGRlIGRpcmVjdG9yaW8=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Sitio
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Servidor
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: Q29uZmlndXJhY2nDs24=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: Q29uZmlndXJhY2nDs24gZGVsIGNvbnRyb2xhZG9yIGRlIGRvbWluaW8=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: Q29uZXhpw7Nu
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: Q29uZmlndXJhY2nDs24gRlJT
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: Q29uanVudG8gZGUgcsOpcGxpY2FzIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Subred
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: VsOtbmN1bG8gZGUgc2l0aW8=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UHVlbnRlIGRlIHbDrW5jdWxvIGEgc2l0aW8=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Transporte entre sitios
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: Q29uZmlndXJhY2nDs24gZGVsIHNpdGlvIGRlIGxpY2VuY2lh
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: Q29uZmlndXJhY2nDs24gZGVsIHNpdGlv
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Miembro de FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Suscriptor de FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Suscripciones a FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Unidad organizativa
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LEFkbWluaXN0cmFkbyBwb3I=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: b3UsTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contenedor
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Servicios RPC
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Dominio de confianza
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Carpeta compartida
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxSdXRhIGRlIGFjY2VzbyBhIGxhIHJlZA==
+attributeDisplayNames:: a2V5d29yZHMsUGFsYWJyYXMgY2xhdmU=
+attributeDisplayNames:: bWFuYWdlZEJ5LEFkbWluaXN0cmFkbyBwb3I=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: Cola de MSMQ
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: Q29uZmlndXJhY2nDs24gZGUgTVNNUQ==
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: Empresa de MSMQ
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName: Usuario actualizado de MSMQ
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: VsOtbmN1bG8gZGUgZW5ydXRhbWllbnRvIGRlIE1TTVE=
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: UGFyw6FtZXRyb3MgZGUgTVNNUQ==
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: Alias de cola de MSMQ
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSxOb21icmUgZGUgZm9ybWF0bw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: Grupo de MSMQ
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLENvbGFzIGRlIGVzcGVyYSBkZWwgbWllbWJybw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Servicio de almacenamiento remoto
+adminContextMenu: 0,&Administrar...,RsAdmin.msc
+attributeDisplayNames: cn,Nombre
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSxDLiBwb3N0YWwsMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsRGlyZWNjacOzbiBkZSBjb3JyZW8gZWxlY3Ryw7NuaWNvIFguNDAwLDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsTm9tYnJlIGRlIGluaWNpbyBkZSBzZXNpw7NuIGRlbCB1c3VhcmlvLDAsMjAwLDA=
+extraColumns:: dGl0bGUsQ2FyZ28sMCwxMDAsMA==
+extraColumns:: dGFyZ2V0QWRkcmVzcyxEaXJlY2Npw7NuIGRlIGRlc3Rpbm8sMCwxMDAsMA==
+extraColumns:: c3QsRXN0YWRvLDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsT2ZpY2luYSwwLDEwMCww
+extraColumns:: d2hlbkNoYW5nZWQsTW9kaWZpY2FkbywwLDEzMCww
+extraColumns:: c24sQXBlbGxpZG9zLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMIGRlIG1lbnNhamUgaW5zdGFudMOhbmVvLDAsMTQwLDA=
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxTZXJ2aWRvciBwcmluY2lwYWwgZGUgbWVuc2FqZXMgaW5zdGFudMOhbmVvcywwLDE3MCww
+extraColumns:: Z2l2ZW5OYW1lLFByaW1lciBub21icmUsMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixBbG1hY8OpbiBkZSBsYSBCYW5kZWphIGRlIGVudHJhZGEgZGUgRXhjaGFuZ2UsMCwxMDAsMA==
+extraColumns:: bWFpbE5pY2tuYW1lLEFsaWFzIGRlIEV4Y2hhbmdlLDAsMTc1LDA=
+extraColumns:: bWFpbCxEaXJlY2Npw7NuIGRlIGNvcnJlbyBlbGVjdHLDs25pY28sMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsTm9tYnJlIGRlIGluaWNpbyBkZSBzZXNpw7NuIGFudGVyaW9yIGEgV2luZG93cyAyMDAwLDAsMTIwLDA=
+extraColumns:: ZGlzcGxheU5hbWUsTm9tYnJlIHBhcmEgbW9zdHJhciwwLDEwMCww
+extraColumns:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8sMCwxNTAsMA==
+extraColumns:: YyxQYcOtcywwLC0xLDA=
+extraColumns:: Y29tcGFueSxDb21wYcOxw61hLDAsMTUwLDA=
+extraColumns:: bCxDaXVkYWQsMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLFRlbMOpZm9ubyBkZWwgdHJhYmFqbywwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenedor de sitios
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenedor de transportes entre sitios
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenedor de subredes
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenedor de servidores
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Servicios de Active Directory
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Directiva de consulta
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Entidad principal de seguridad externa
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Plantilla de certificado
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LFByaW5jaXBhbCDDumx0aW1vIGNvbm9jaWRvLDEsMzAwLDA=
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEF5dWRhbnRl
+attributeDisplayNames:: Y24sTm9tYnJl
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkZSBwYcOtcw==
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: Y29tbWVudCxDb21lbnRhcmlv
+attributeDisplayNames:: Y29tcGFueSxDb21wYcOxw61h
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxTdXBlcnZpc2EgYQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tYnJlIGRpc3Rpbmd1aWRvIFg1MDA=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpw7Nu
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZC4gZGUgZW1wbGVhZG8=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgZmF4
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpam8gZ2VuZXJhY2lvbmFs
+attributeDisplayNames:: Z2l2ZW5OYW1lLFByaW1lciBub21icmU=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxDYXJwZXRhIHBhcnRpY3VsYXI=
+attributeDisplayNames:: aG9tZURyaXZlLFVuaWRhZCBwYXJ0aWN1bGFy
+attributeDisplayNames:: aG9tZVBob25lLFRlbMOpZm9ubyBwYXJ0aWN1bGFy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRGlyZWNjacOzbiBwZXJzb25hbA==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhbGVz
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTsO6bWVybyBJU0ROIChSRFNJKSBpbnRlcm5hY2lvbmFsIChvdHJvcyk=
+attributeDisplayNames:: aXBQaG9uZSxOw7ptLiBkZSB0ZWzDqWZvbm8gZGVsIFBJ
+attributeDisplayNames:: bCxDaXVkYWQ=
+attributeDisplayNames:: bWFpbCxEaXJlY2Npw7NuIGRlIGNvcnJlbyBlbGVjdHLDs25pY28=
+attributeDisplayNames:: bWFuYWdlcixBZG1pbmlzdHJhZG9y
+attributeDisplayNames:: bWVtYmVyT2YsTWllbWJybyBkZQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWd1bmRvIG5vbWJyZQ==
+attributeDisplayNames:: bW9iaWxlLE7Dum1lcm8gZGUgdGVsw6lmb25vIG3Ds3ZpbA==
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTsO6bWVybyBkZSBmYXggKG90cm9zKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTsO6bWVybyBkZSB0ZWzDqWZvbm8gcGFydGljdWxhciAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJJcFBob25lLE7Dum0uIGRlIHRlbMOpZm9ubyBkZSBQSSAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LERpcmVjY2nDs24gZGUgY29ycmVvIGVsZWN0csOzbmljbyAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTsO6bS4gZGUgdGVsw6lmb25vIG3Ds3ZpbCAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJQYWdlcixOw7ptZXJvIGRlIGxvY2FsaXphZG9yIChvdHJvcyk=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTsO6bWVybyBkZSB0ZWzDqWZvbm8gKG90cm9zKQ==
+attributeDisplayNames:: cGFnZXIsTsO6bWVybyBkZSBsb2NhbGl6YWRvcg==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWJpY2FjacOzbiBkZSBsYSBvZmljaW5h
+attributeDisplayNames:: cG9zdGFsQ29kZSxDw7NkaWdvIHBvc3RhbA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxBcGFydGFkbyBkZSBjb3JyZW9z
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE7Dum1lcm8gSVNETiAoUkRTSSkgaW50ZXJuYWNpb25hbA==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE7Dum1lcm8gZGUgdMOpbGV4
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tYnJlIGRlIGluaWNpbyBkZSBzZXNpw7NuIChhbnRlcmlvciBhIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: c24sQXBlbGxpZG9z
+attributeDisplayNames:: c3QsRXN0YWRvL1Byb3ZpbmNpYQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxDYWxsZQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgdGVsw6lmb25v
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTsO6bWVybyBkZSB0w6lsZXggKG90cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dXJsLERpcmVjY2nDs24gZGUgcMOhZ2luYSBXZWIgKG90cm9zKQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tYnJlIHBhcmEgbW9zdHJhcg==
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxFc3RhY2lvbmVzIGRlIHRyYWJham8gZGUgaW5pY2lvIGRlIHNlc2nDs24=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tYnJlIGRlIGluaWNpbyBkZSBzZXNpw7Nu
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRGlyZWNjacOzbiBkZSBww6FnaW5hIFdlYg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror-groep
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror-service
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Gebruiker
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: wWWHomePage,Adres van website
+attributeDisplayNames: userPrincipalName,Aanmeldingsnaam
+attributeDisplayNames: userWorkstations,Aanmeldingswerkstations
+attributeDisplayNames: displayName,Weergegeven naam
+attributeDisplayNames: url,Adres van website (overige)
+attributeDisplayNames: title,Functie
+attributeDisplayNames: telexNumber,Telexnummer (overige)
+attributeDisplayNames: telephoneNumber,Telefoonnummer
+attributeDisplayNames: streetAddress,Adres
+attributeDisplayNames: st,Provincie
+attributeDisplayNames: sn,Achternaam
+attributeDisplayNames: samAccountName,Aanmeldingsnaam (van voor Windows 2000)
+attributeDisplayNames: primaryTelexNumber,Telexnummer
+attributeDisplayNames: primaryInternationalISDNNumber,Internationaal ISDN-nummer
+attributeDisplayNames: postOfficeBox,Postbus
+attributeDisplayNames: postalCode,Postcode
+attributeDisplayNames: physicalDeliveryOfficeName,Kantoorlocatie
+attributeDisplayNames: personalTitle,titel
+attributeDisplayNames: pager,Pagernummer
+attributeDisplayNames: otherTelephone,Telefoonnummer (overige)
+attributeDisplayNames: otherPager,Pagernummer (overige)
+attributeDisplayNames: otherMobile,Mobiel nummer (overige)
+attributeDisplayNames: otherMailbox,E-mailadres (overige)
+attributeDisplayNames: otherIpPhone,IP-telefoonnummer (overige)
+attributeDisplayNames: otherHomePhone,Telefoonnummer thuis (overige)
+attributeDisplayNames: otherFacsimileTelephoneNumber,Faxnummer (overige)
+attributeDisplayNames: info,Notities
+attributeDisplayNames: mobile,Mobiel nummer
+attributeDisplayNames: middleName,Middelste naam
+attributeDisplayNames: memberOf,Lid van
+attributeDisplayNames: manager,Manager
+attributeDisplayNames: mail,E-mailadres
+attributeDisplayNames: l,Plaats
+attributeDisplayNames: ipPhone,IP-telefoonnummer
+attributeDisplayNames: internationalISDNNumber,Internationaal ISDN-nummer (overige)
+attributeDisplayNames: initials,Initialen
+attributeDisplayNames: homePostalAddress,Thuisadres
+attributeDisplayNames: homePhone,Telefoon (thuis)
+attributeDisplayNames: homeDrive,Basisstation
+attributeDisplayNames: homeDirectory,Basismap
+attributeDisplayNames: givenName,Voornaam
+attributeDisplayNames: generationQualifier,Generatieachtervoegsel
+attributeDisplayNames: facsimileTelephoneNumber,Faxnummer
+attributeDisplayNames: employeeID,Medewerkers-id
+attributeDisplayNames: division,Afdeling
+attributeDisplayNames: distinguishedName,X500 DN-naam
+attributeDisplayNames: directReports,Directe ondergeschikten
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: department,Afdeling
+attributeDisplayNames: company,Bedrijf
+attributeDisplayNames: comment,Opmerking
+attributeDisplayNames: co,Land
+attributeDisplayNames: c,Landafkorting
+attributeDisplayNames: cn,Naam
+attributeDisplayNames: assistant,Assistent
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: GROEP
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: wWWHomePage,Adres van website
+attributeDisplayNames: url,Adres van website (overige)
+attributeDisplayNames: samAccountName,Groepsnaam (pre-Windows 2000)
+attributeDisplayNames: physicalDeliveryOfficeName,Kantoorlocatie
+attributeDisplayNames: info,Notities
+attributeDisplayNames: member,Leden
+attributeDisplayNames: managedBy,Beheerd door
+attributeDisplayNames: l,Plaats
+attributeDisplayNames: distinguishedName,X500 DN-naam
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: c,Landafkorting
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: domein
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: dc,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contactpersoon
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: wWWHomePage,Adres van website
+attributeDisplayNames: url,Adres van website (overige)
+attributeDisplayNames: title,Functie
+attributeDisplayNames: telexNumber,Telexnummer (overige)
+attributeDisplayNames: telephoneNumber,Telefoonnummer
+attributeDisplayNames: streetAddress,Adres
+attributeDisplayNames: st,Provincie
+attributeDisplayNames: sn,Achternaam
+attributeDisplayNames: primaryTelexNumber,Telexnummer
+attributeDisplayNames: primaryInternationalISDNNumber,Internationaal ISDN-nummer
+attributeDisplayNames: postOfficeBox,Postbus
+attributeDisplayNames: postalCode,Postcode
+attributeDisplayNames: physicalDeliveryOfficeName,Kantoorlocatie
+attributeDisplayNames: personalTitle,titel
+attributeDisplayNames: pager,Pagernummer
+attributeDisplayNames: otherTelephone,Telefoonnummer (overige)
+attributeDisplayNames: otherPager,Pagernummer (overige)
+attributeDisplayNames: otherMobile,Mobiel nummer (overige)
+attributeDisplayNames: otherMailbox,E-mailadres (overige)
+attributeDisplayNames: otherIpPhone,IP-telefoonnummer (overige)
+attributeDisplayNames: otherHomePhone,Telefoonnummer thuis (overige)
+attributeDisplayNames: otherFacsimileTelephoneNumber,Faxnummer (overige)
+attributeDisplayNames: mobile,Mobiel nummer
+attributeDisplayNames: middleName,Middelste naam
+attributeDisplayNames: memberOf,Lid van
+attributeDisplayNames: manager,Manager
+attributeDisplayNames: mail,E-mailadres
+attributeDisplayNames: l,Plaats
+attributeDisplayNames: ipPhone,IP-telefoonnummer
+attributeDisplayNames: internationalISDNNumber,Internationaal ISDN-nummer (overige)
+attributeDisplayNames: info,Notities
+attributeDisplayNames: initials,Initialen
+attributeDisplayNames: homePostalAddress,Thuisadres
+attributeDisplayNames: homePhone,Telefoon (thuis)
+attributeDisplayNames: givenName,Voornaam
+attributeDisplayNames: generationQualifier,Generatieachtervoegsel
+attributeDisplayNames: facsimileTelephoneNumber,Faxnummer
+attributeDisplayNames: employeeID,Medewerkers-id
+attributeDisplayNames: division,Afdeling
+attributeDisplayNames: distinguishedName,X500 DN-naam
+attributeDisplayNames: displayName,Weergegeven naam
+attributeDisplayNames: directReports,Directe ondergeschikten
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: department,Afdeling
+attributeDisplayNames: company,Bedrijf
+attributeDisplayNames: comment,Opmerking
+attributeDisplayNames: cn,Naam
+attributeDisplayNames: co,Land
+attributeDisplayNames: c,Landafkorting
+attributeDisplayNames: assistant,Assistent
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Domeinbeleid
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Lokaal beleid
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Service
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Computer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: samAccountName,Computernaam (pre-Windows 2000)
+attributeDisplayNames: operatingSystemVersion,Operating System Version
+attributeDisplayNames: operatingSystem,Besturingssysteem
+attributeDisplayNames: managedBy,Beheerd door
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Printer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixPYmplY3R2ZXJzaWU=
+attributeDisplayNames:: dXJsLEFkcmVzIHZhbiB3ZWJzaXRl
+attributeDisplayNames:: c2VydmVyTmFtZSxTZXJ2ZXJuYWFt
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxPbmRlcnN0ZXVudCBuaWV0ZW4=
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsU2hhcmUtbmFhbQ==
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxQYWdpbmEncyBwZXIgbWludXV0
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxTbmVsaGVpZHNlZW5oZWRlbg==
+attributeDisplayNames:: cHJpbnRSYXRlLFNuZWxoZWlk
+attributeDisplayNames:: cHJpbnRPd25lcixOYWFtIGVpZ2VuYWFy
+attributeDisplayNames:: cHJpbnRNZW1vcnksR2XDr25zdGFsbGVlcmQgZ2VoZXVnZW4=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxPbmRlcnN0ZXVuZGUgcGFwaWVyc29vcnRlbg==
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LEJlc2NoaWtiYWFyIHBhcGllcg==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLE1heGltYWxlIHJlc29sdXRpZQ==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxQcmludGVydGFhbA==
+attributeDisplayNames:: cHJpbnRlck5hbWUsTmFhbQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsT25kZXJzdGV1bnQgZHViYmVsemlqZGlnIGFmZHJ1a2tlbg==
+attributeDisplayNames:: cHJpbnRDb2xvcixPbmRlcnN0ZXVudCBhZmRydWtrZW4gaW4ga2xldXI=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLE9uZGVyc3RldW50IHNvcnRlcmVu
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxJbnZvZXJsYWRl
+attributeDisplayNames:: cG9ydE5hbWUsUG9vcnQ=
+attributeDisplayNames:: bG9jYXRpb24sTG9jYXRpZQ==
+attributeDisplayNames:: ZHJpdmVyTmFtZSxtb2RlbA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3BtZXJraW5n
+attributeDisplayNames:: Y29udGFjdE5hbWUsQ29udGFjdHBlcnNvb24=
+attributeDisplayNames:: YXNzZXROdW1iZXIsRWlnZW5zY2hhcHNudW1tZXI=
+attributeDisplayNames:: dU5DTmFtZSxOZXR3ZXJrbmFhbQ==
+attributeDisplayNames:: Y24sTmFhbSB2YW4gYWRyZXNsaWpzdHNlcnZpY2U=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Website
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Instellingen
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Instellingen van domeincontroller
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Verbinding
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-instellingen
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-replicaset
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Subnet
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Koppeling naar site
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Sitekoppelingsbrug
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Intersitetransport
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Instellingen van licentiesite
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName: Site-instellingen
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-lid
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-abonnee
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-abonnementen
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Afdeling
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: managedBy,Beheerd door
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: ou,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Container
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: RPC-services
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Vertrouwd domein
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Gedeelde map
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: uNCName,Netwerkpad
+attributeDisplayNames: keywords,Trefwoorden
+attributeDisplayNames: managedBy,Beheerd door
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-wachtrij
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-configuratie
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ-onderneming
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName: Bijgewerkte MSMQ-gebruiker
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: Koppeling van MSMQ-routering
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-instellingen
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: MSMQ-wachtrij-alias
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Indelingsnaam
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: MSMQ-groep
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames: member,Wachtrijen voor leden
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Remote Storage-service
+adminContextMenu: 0,&Beheren...,RsAdmin.msc
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns: postalCode,Postcode,0,100,0
+extraColumns: textEncodedORAddress,X.400-e-mailadres,0,130,0
+extraColumns: userPrincipalName,Aanmeldingsnaam van gebruiker,0,200,0
+extraColumns: title,Functie,0,100,0
+extraColumns: targetAddress,Doeladres,0,100,0
+extraColumns: st,Status,0,100,0
+extraColumns: physicalDeliveryOfficeName,Kantoor,0,100,0
+extraColumns: whenChanged,Gewijzigd,0,130,0
+extraColumns: sn,Achternaam,0,100,0
+extraColumns: msExchIMMetaPhysicalURL,URL van Instant Messaging,0,140,0
+extraColumns: msExchIMPhysicalURL,Basisserver voor Instant Messaging,0,170,0
+extraColumns: givenName,Voornaam,0,100,0
+extraColumns: homeMDB,Exchange-bostbusarchief,0,100,0
+extraColumns: mailNickname,Exchange-alias,0,175,0
+extraColumns: mail,E-mailadres,0,100,0
+extraColumns: sAMAccountName,Aanmeldingsnaam van voor Windows 2000,0,120,0
+extraColumns: displayName,Weergegeven naam,0,100,0
+extraColumns: department,Afdeling,0,150,0
+extraColumns: c,Land,0,-1,0
+extraColumns: company,Bedrijf,0,150,0
+extraColumns: l,Plaats,0,150,0
+extraColumns: telephoneNumber,Zakelijke telefoon,0,100,0
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Sitecontainer
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Intersite-transportcontainer
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Subnetcontainer
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Servercontainer
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Active Directory-service
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Query-beleid
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Afwijkende beveiligings-principal
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Certificaatsjabloon
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns: lastKnownParent,Laatst bekende bovenligger,1,300,0
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: assistant,Assistent
+attributeDisplayNames: cn,Naam
+attributeDisplayNames: c,Landafkorting
+attributeDisplayNames: co,Land
+attributeDisplayNames: comment,Opmerking
+attributeDisplayNames: company,Bedrijf
+attributeDisplayNames: department,Afdeling
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: directReports,Directe ondergeschikten
+attributeDisplayNames: distinguishedName,X500 DN-naam
+attributeDisplayNames: division,Afdeling
+attributeDisplayNames: employeeID,Medewerkers-id
+attributeDisplayNames: facsimileTelephoneNumber,Faxnummer
+attributeDisplayNames: generationQualifier,Generatieachtervoegsel
+attributeDisplayNames: givenName,Voornaam
+attributeDisplayNames: homeDirectory,Basismap
+attributeDisplayNames: homeDrive,Basisstation
+attributeDisplayNames: homePhone,Telefoon (thuis)
+attributeDisplayNames: homePostalAddress,Thuisadres
+attributeDisplayNames: initials,Initialen
+attributeDisplayNames: internationalISDNNumber,Internationaal ISDN-nummer (overige)
+attributeDisplayNames: ipPhone,IP-telefoonnummer
+attributeDisplayNames: l,Plaats
+attributeDisplayNames: mail,E-mailadres
+attributeDisplayNames: manager,Manager
+attributeDisplayNames: memberOf,Lid van
+attributeDisplayNames: middleName,Middelste naam
+attributeDisplayNames: mobile,Mobiel nummer
+attributeDisplayNames: info,Notities
+attributeDisplayNames: otherFacsimileTelephoneNumber,Faxnummer (overige)
+attributeDisplayNames: otherHomePhone,Telefoon thuis (overige)
+attributeDisplayNames: otherIpPhone,IP-telefoonnummer (overige)
+attributeDisplayNames: otherMailbox,E-mailadres (overige)
+attributeDisplayNames: otherMobile,Mobiel nummer (overige)
+attributeDisplayNames: otherPager,Pagernummer (overige)
+attributeDisplayNames: otherTelephone,Telefoonnummer (overige)
+attributeDisplayNames: pager,Pagernummer
+attributeDisplayNames: personalTitle,titel
+attributeDisplayNames: physicalDeliveryOfficeName,Kantoorlocatie
+attributeDisplayNames: postalCode,Postcode
+attributeDisplayNames: postOfficeBox,Postbus
+attributeDisplayNames: primaryInternationalISDNNumber,Internationaal ISDN-nummer
+attributeDisplayNames: primaryTelexNumber,Telexnummer
+attributeDisplayNames: samAccountName,Aanmeldingsnaam (van voor Windows 2000)
+attributeDisplayNames: sn,Achternaam
+attributeDisplayNames: st,Provincie
+attributeDisplayNames: streetAddress,Adres
+attributeDisplayNames: telephoneNumber,Telefoonnummer
+attributeDisplayNames: telexNumber,Telexnummer (overige)
+attributeDisplayNames: title,Functie
+attributeDisplayNames: url,Adres van website (overige)
+attributeDisplayNames: displayName,Weergegeven naam
+attributeDisplayNames: userWorkstations,Aanmeldingswerkstations
+attributeDisplayNames: userPrincipalName,Aanmeldingsnaam
+attributeDisplayNames: wWWHomePage,Adres van website
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror-Gruppe
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror-Dienst
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Benutzer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2Vic2VpdGVuYWRyZXNzZQ==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsQW5tZWxkZW5hbWU=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxBbm1lbGRlYXJiZWl0c3N0YXRpb25lbg==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsQW5nZXplaWd0ZXIgTmFtZQ==
+attributeDisplayNames:: dXJsLFdlYnNlaXRlbmFkcmVzc2UgKEFuZGVyZSk=
+attributeDisplayNames:: dGl0bGUsUG9zaXRpb24=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhudW1tZXIgKEFuZGVyZSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFJ1Zm51bW1lcg==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxTdHJhw59l
+attributeDisplayNames:: c3QsQnVuZGVzbGFuZC9LYW50b24=
+attributeDisplayNames:: c24sTmFjaG5hbWU=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsQW5tZWxkZW5hbWUgKFByw6QtV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4bnVtbWVy
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGwuIElTRE4tTnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0ZmFjaA==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQTFo=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQsO8cm8=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxBbnJlZGU=
+attributeDisplayNames:: cGFnZXIsUGFnZXJudW1tZXI=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsUnVmbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJQYWdlcixQYWdlcm51bW1lciAoQW5kZXJlKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWxmdW5rbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtTWFpbC1BZHJlc3NlIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLVJ1Zm51bW1lciAoQW5kZXJlKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsUHJpdmF0cnVmbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: aW5mbyxIaW53ZWlzZQ==
+attributeDisplayNames:: bW9iaWxlLE1vYmlsZnVua251bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxad2VpdGVyIFZvcm5hbWU=
+attributeDisplayNames:: bWVtYmVyT2YsTWl0Z2xpZWQgdm9u
+attributeDisplayNames:: bWFuYWdlcixWb3JnZXNldHp0ZShyKQ==
+attributeDisplayNames:: bWFpbCxFLU1haWwtQWRyZXNzZQ==
+attributeDisplayNames:: bCxTdGFkdA==
+attributeDisplayNames:: aXBQaG9uZSxJUC1SdWZudW1tZXI=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50bC4gSVNETi1OdW1tZXIgKEFuZGVyZSk=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVu
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsUHJpdmF0YWRyZXNzZQ==
+attributeDisplayNames:: aG9tZVBob25lLFByaXZhdHJ1Zm51bW1lcg==
+attributeDisplayNames:: aG9tZURyaXZlLEJhc2lzbGF1Zndlcms=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxCYXNpc29yZG5lcg==
+attributeDisplayNames:: Z2l2ZW5OYW1lLFZvcm5hbWU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYW1lbnN6dXNhdHo=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBcmJlaXRuZWhtZXJrZW5udW5n
+attributeDisplayNames:: ZGl2aXNpb24sSGF1cHRhYnRlaWx1bmc=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMC1kZWZpbmllcnRlciBOYW1l
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxNaXRhcmJlaXRlcg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVzY2hyZWlidW5n
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBYnRlaWx1bmc=
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kZXNhYmvDvHJ6dW5n
+attributeDisplayNames:: Y24sTmFtZQ==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Gruppe
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2Vic2VpdGVuYWRyZXNzZQ==
+attributeDisplayNames:: dXJsLFdlYnNlaXRlbmFkcmVzc2UgKEFuZGVyZSk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsR3J1cHBlbm5hbWUgKFByw6QtV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQsO8cm8=
+attributeDisplayNames:: aW5mbyxIaW53ZWlzZQ==
+attributeDisplayNames:: bWVtYmVyLE1pdGdsaWVkZXI=
+attributeDisplayNames:: bWFuYWdlZEJ5LFZlcndhbHRldCB2b24=
+attributeDisplayNames:: bCxTdGFkdA==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMC1kZWZpbmllcnRlciBOYW1l
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVzY2hyZWlidW5n
+attributeDisplayNames:: YyxMYW5kZXNhYmvDvHJ6dW5n
+attributeDisplayNames:: Y24sTmFtZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9tw6RuZQ==
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: dc,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Kontakt
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2Vic2VpdGVuYWRyZXNzZQ==
+attributeDisplayNames:: dXJsLFdlYnNlaXRlbmFkcmVzc2UgKEFuZGVyZSk=
+attributeDisplayNames:: dGl0bGUsUG9zaXRpb24=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhudW1tZXIgKEFuZGVyZSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFJ1Zm51bW1lcg==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxTdHJhw59l
+attributeDisplayNames:: c3QsQnVuZGVzbGFuZC9LYW50b24=
+attributeDisplayNames:: c24sTmFjaG5hbWU=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4bnVtbWVy
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGwuIElTRE4tTnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0ZmFjaA==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQTFo=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQsO8cm8=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxBbnJlZGU=
+attributeDisplayNames:: cGFnZXIsUGFnZXJudW1tZXI=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsUnVmbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJQYWdlcixQYWdlcm51bW1lciAoQW5kZXJlKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWxmdW5rbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtTWFpbC1BZHJlc3NlIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLVJ1Zm51bW1lciAoQW5kZXJlKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsUHJpdmF0cnVmbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: bW9iaWxlLE1vYmlsZnVua251bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxad2VpdGVyIFZvcm5hbWU=
+attributeDisplayNames:: bWVtYmVyT2YsTWl0Z2xpZWQgdm9u
+attributeDisplayNames:: bWFuYWdlcixWb3JnZXNldHp0ZShyKQ==
+attributeDisplayNames:: bWFpbCxFLU1haWwtQWRyZXNzZQ==
+attributeDisplayNames:: bCxTdGFkdA==
+attributeDisplayNames:: aXBQaG9uZSxJUC1SdWZudW1tZXI=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50bC4gSVNETi1OdW1tZXIgKEFuZGVyZSk=
+attributeDisplayNames:: aW5mbyxIaW53ZWlzZQ==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVu
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsUHJpdmF0YWRyZXNzZQ==
+attributeDisplayNames:: aG9tZVBob25lLFByaXZhdHJ1Zm51bW1lcg==
+attributeDisplayNames:: Z2l2ZW5OYW1lLFZvcm5hbWU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYW1lbnN6dXNhdHo=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBcmJlaXRuZWhtZXJrZW5udW5n
+attributeDisplayNames:: ZGl2aXNpb24sSGF1cHRhYnRlaWx1bmc=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMC1kZWZpbmllcnRlciBOYW1l
+attributeDisplayNames:: ZGlzcGxheU5hbWUsQW5nZXplaWd0ZXIgTmFtZQ==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxNaXRhcmJlaXRlcg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVzY2hyZWlidW5n
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBYnRlaWx1bmc=
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y24sTmFtZQ==
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kZXNhYmvDvHJ6dW5n
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9tw6RuZW5yaWNodGxpbmll
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Lokale Richtlinie
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Dienst
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Computer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsQ29tcHV0ZXJuYW1lIChQcsOkLVdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixCZXRyaWVic3N5c3RlbXZlcnNpb24=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLEJldHJpZWJzc3lzdGVt
+attributeDisplayNames:: bWFuYWdlZEJ5LFZlcndhbHRldCB2b24=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVzY2hyZWlidW5n
+attributeDisplayNames:: Y24sTmFtZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Drucker
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixPYmpla3R2ZXJzaW9u
+attributeDisplayNames:: dXJsLFdlYnNlaXRlbmFkcmVzc2U=
+attributeDisplayNames:: c2VydmVyTmFtZSxTZXJ2ZXJuYW1l
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxVbnRlcnN0w7x0enQgSGVmdGVu
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsRnJlaWdhYmVuYW1l
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxTZWl0ZW4gcHJvIE1pbnV0ZQ==
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxHZXNjaHdpbmRpZ2tlaXRzZWluaGVpdGVu
+attributeDisplayNames:: cHJpbnRSYXRlLEdlc2Nod2luZGlna2VpdA==
+attributeDisplayNames:: cHJpbnRPd25lcixCZXNpdHplcg==
+attributeDisplayNames:: cHJpbnRNZW1vcnksSW5zdGFsbGllcnRlciBTcGVpY2hlcg==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxVbnRlcnN0w7x0enRlIFBhcGllcnR5cGVu
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFZlcmbDvGdiYXJlcyBQYXBpZXI=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLE1heGltYWxlIEF1ZmzDtnN1bmc=
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxEcnVja2Vyc3ByYWNoZQ==
+attributeDisplayNames:: cHJpbnRlck5hbWUsTmFtZQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsVW50ZXJzdMO8dHp0IGJlaWRzZWl0aWdlcyBEcnVja2Vu
+attributeDisplayNames:: cHJpbnRDb2xvcixVbnRlcnN0w7x0enQgZmFyYmlnZXMgRHJ1Y2tlbg==
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFVudGVyc3TDvHR6dCBTb3J0aWVyZW4=
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxFaW5nYWJlc2Now6RjaHRl
+attributeDisplayNames:: cG9ydE5hbWUsQW5zY2hsdXNz
+attributeDisplayNames:: bG9jYXRpb24sT3J0
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbGw=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS29tbWVudGFy
+attributeDisplayNames:: Y29udGFjdE5hbWUsS29udGFrdA==
+attributeDisplayNames:: YXNzZXROdW1iZXIsR2Vyw6R0ZW51bW1lcg==
+attributeDisplayNames:: dU5DTmFtZSxOZXR6d2Vya25hbWU=
+attributeDisplayNames:: Y24sVmVyemVpY2huaXNkaWVuc3RuYW1l
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Standort
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Einstellungen
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: RG9tw6RuZW5jb250cm9sbGVyZWluc3RlbGx1bmdlbg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Verbindung
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-Einstellungen
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-Replikatssatz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Subnetz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: U3RhbmRvcnR2ZXJrbsO8cGZ1bmc=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: U3RhbmRvcnR2ZXJrbsO8cGZ1bmdzYnLDvGNrZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: U3RhbmRvcnTDvGJlcmdyZWlmZW5kZXIgVHJhbnNwb3J0
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Lizenzierungsstandorteinstellungen
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName: Standorteinstellungen
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-Mitglied
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-Abonnent
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-Abonnements
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Organisationseinheit
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: managedBy,Verwaltet von
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: ou,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Container
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: RPC-Dienste
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: VmVydHJhdXRlIERvbcOkbmU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Freigegebener Ordner
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxOZXR6d2Vya3BmYWQ=
+attributeDisplayNames:: a2V5d29yZHMsU2NobMO8c3NlbHfDtnJ0ZXI=
+attributeDisplayNames:: bWFuYWdlZEJ5LFZlcndhbHRldCB2b24=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVzY2hyZWlidW5n
+attributeDisplayNames:: Y24sTmFtZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-Warteschlange
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-Konfiguration
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ-Unternehmen
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName: Aktualisierter MSMQ-Benutzer
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-Routingverbindung
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-Einstellungen
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: MSMQ-Warteschlangenalias
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Formatname
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: MSMQ-Gruppe
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames: member,Mitgliedswarteschlagen
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Remotespeicherdienst
+adminContextMenu: 0,&Verwalten...,RsAdmin.msc
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSxQTFosMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAtRS1NYWlsLUFkcmVzc2UsMCwxMzAsMA==
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsQmVudXR6ZXJhbm1lbGRlbmFtZSwwLDIwMCww
+extraColumns:: dGl0bGUsUG9zaXRpb24sMCwxMDAsMA==
+extraColumns:: dGFyZ2V0QWRkcmVzcyxaaWVsYWRyZXNzZSwwLDEwMCww
+extraColumns:: c3QsTGFuZCwwLDEwMCww
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQsO8cm8sMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQsR2XDpG5kZXJ0LDAsMTMwLDA=
+extraColumns:: c24sTmFjaG5hbWUsMCwxMDAsMA==
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsSW5zdGFudCBNZXNzYWdpbmctVVJMLDAsMTQwLDA=
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxJbnN0YW50IE1lc3NhZ2luZy1Ib21lc2VydmVyLDAsMTcwLDA=
+extraColumns:: Z2l2ZW5OYW1lLFZvcm5hbWUsMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixFeGNoYW5nZS1Qb3N0ZmFjaHNwZWljaGVyLDAsMTAwLDA=
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlLUFsaWFzLDAsMTc1LDA=
+extraColumns:: bWFpbCxFLU1haWwtQWRyZXNzZSwwLDEwMCww
+extraColumns:: c0FNQWNjb3VudE5hbWUsQW5tZWxkZW5hbWUgZsO8ciBQcsOkLVdpbmRvd3MgMjAwMCwwLDEyMCww
+extraColumns:: ZGlzcGxheU5hbWUsQW5nZXplaWd0ZXIgTmFtZSwwLDEwMCww
+extraColumns:: ZGVwYXJ0bWVudCxBYnRlaWx1bmcsMCwxNTAsMA==
+extraColumns:: YyxMYW5kLDAsLTEsMA==
+extraColumns:: Y29tcGFueSxGaXJtYSwwLDE1MCww
+extraColumns:: bCxTdGFkdCwwLDE1MCww
+extraColumns:: dGVsZXBob25lTnVtYmVyLFJ1Zm51bW1lciAoZ2VzY2jDpGZ0bGljaCksMCwxMDAsMA==
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Standortcontainer
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U3RhbmRvcnTDvGJlcmdyZWlmZW5kZXIgVHJhbnNwb3J0Y29udGFpbmVy
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Subnetzcontainer
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Servercontainer
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Active Directory-Dienst
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Abfragerichtlinie
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Fremder Sicherheitsprinzipal
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Zertifikatsvorlage
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LExldHp0ZSBiZWthbm50ZSDDvGJlcmdlb3JkbmV0ZSBJbnN0YW56LDEsMzAwLDA=
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+attributeDisplayNames:: Y24sTmFtZQ==
+attributeDisplayNames:: YyxMYW5kZXNhYmvDvHJ6dW5n
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBYnRlaWx1bmc=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVzY2hyZWlidW5n
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxNaXRhcmJlaXRlcg==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMC1kZWZpbmllcnRlciBOYW1l
+attributeDisplayNames:: ZGl2aXNpb24sSGF1cHRhYnRlaWx1bmc=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBcmJlaXRuZWhtZXJrZW5udW5n
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYW1lbnN6dXNhdHo=
+attributeDisplayNames:: Z2l2ZW5OYW1lLFZvcm5hbWU=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxCYXNpc29yZG5lcg==
+attributeDisplayNames:: aG9tZURyaXZlLEJhc2lzbGF1Zndlcms=
+attributeDisplayNames:: aG9tZVBob25lLFByaXZhdHJ1Zm51bW1lcg==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsUHJpdmF0YWRyZXNzZQ==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVu
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50bC4gSVNETi1OdW1tZXIgKEFuZGVyZSk=
+attributeDisplayNames:: aXBQaG9uZSxJUC1SdWZudW1tZXI=
+attributeDisplayNames:: bCxTdGFkdA==
+attributeDisplayNames:: bWFpbCxFLU1haWwtQWRyZXNzZQ==
+attributeDisplayNames:: bWFuYWdlcixWb3JnZXNldHp0ZShyKQ==
+attributeDisplayNames:: bWVtYmVyT2YsTWl0Z2xpZWQgdm9u
+attributeDisplayNames:: bWlkZGxlTmFtZSxad2VpdGVyIFZvcm5hbWU=
+attributeDisplayNames:: bW9iaWxlLE1vYmlsZnVua251bW1lcg==
+attributeDisplayNames:: aW5mbyxIaW53ZWlzZQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsUHJpdmF0ZSBSdWZudW1tZXIgKEFuZGVyZSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLVJ1Zm51bW1lciAoQW5kZXJlKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtTWFpbC1BZHJlc3NlIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWxmdW5rbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJQYWdlcixQYWdlcm51bW1lciAoQW5kZXJlKQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsUnVmbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: cGFnZXIsUGFnZXJudW1tZXI=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxBbnJlZGU=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQsO8cm8=
+attributeDisplayNames:: cG9zdGFsQ29kZSxQTFo=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0ZmFjaA==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGwuIElTRE4tTnVtbWVy
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4bnVtbWVy
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsQW5tZWxkZW5hbWUgKFByw6QtV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: c24sTmFjaG5hbWU=
+attributeDisplayNames:: c3QsQnVuZGVzbGFuZC9LYW50b24=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxTdHJhw59l
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFJ1Zm51bW1lcg==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhudW1tZXIgKEFuZGVyZSk=
+attributeDisplayNames:: dGl0bGUsUG9zaXRpb24=
+attributeDisplayNames:: dXJsLFdlYnNlaXRlbmFkcmVzc2UgKEFuZGVyZSk=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsQW5nZXplaWd0ZXIgTmFtZQ==
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxBbm1lbGRlYXJiZWl0c3N0YXRpb25lbg==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsQW5tZWxkZW5hbWU=
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2Vic2VpdGVuYWRyZXNzZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror-grupp
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvci10asOkbnN0
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: QW52w6RuZGFyZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViYnNpZGVzYWRyZXNz
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsSW5sb2dnbmluZ3NuYW1u
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxJbmxvZ2duaW5nc2FyYmV0c3N0YXRpb25lcg==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzbmluZ3NuYW1u
+attributeDisplayNames:: dXJsLFdlYmJzaWRlc2FkcmVzcyAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: dGl0bGUsQmVmYXR0bmluZw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXgtbnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxHYXR1YWRyZXNz
+attributeDisplayNames:: c3QsUmVnaW9u
+attributeDisplayNames:: c24sRWZ0ZXJuYW1u
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsSW5sb2dnbmluZ3NuYW1uIChmw7ZyZSBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4LW51bW1lcg==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLElTRE4tbnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxCb3g=
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQXJiZXRzcGxhdHM=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRlbA==
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O2a2FybnVtbWVy
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm51bW1lciAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7ZrYXJudW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtcG9zdGFkcmVzcyAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgaGVtIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: aW5mbyxLb21tZW50YXJlcg==
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsYW5uYW1u
+attributeDisplayNames:: bWVtYmVyT2YsTWVkbGVtIGk=
+attributeDisplayNames:: bWFuYWdlcixDaGVm
+attributeDisplayNames:: bWFpbCxFLXBvc3RhZHJlc3M=
+attributeDisplayNames:: bCxPcnQ=
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSVNETi1udW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzLCBoZW0=
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24sIGhlbQ==
+attributeDisplayNames:: aG9tZURyaXZlLEFyYmV0c2VuaGV0
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxBcmJldHNtYXBw
+attributeDisplayNames:: Z2l2ZW5OYW1lLEbDtnJuYW1u
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYW1uc3VmZml4
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnN0w6RsbG5pbmdzLUlE
+attributeDisplayNames:: ZGl2aXNpb24sQXZkZWxuaW5n
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCB1bmlrdCBuYW1u
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxVbmRlcnN0w6RsbGRh
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3Jpdm5pbmc=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBdmRlbG5pbmc=
+attributeDisplayNames:: Y29tcGFueSxPcmdhbmlzYXRpb24=
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kc2bDtnJrb3J0bmluZw==
+attributeDisplayNames:: Y24sTmFtbg==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Grupp
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViYnNpZGVzYWRyZXNz
+attributeDisplayNames:: dXJsLFdlYmJzaWRlc2FkcmVzcyAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsR3J1cHBuYW1uIChmw7ZyZSBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQXJiZXRzcGxhdHM=
+attributeDisplayNames:: aW5mbyxLb21tZW50YXJlcg==
+attributeDisplayNames:: bWVtYmVyLE1lZGxlbW1hcg==
+attributeDisplayNames:: bWFuYWdlZEJ5LEhhbnRlcmFkIGF2
+attributeDisplayNames:: bCxPcnQ=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCB1bmlrdCBuYW1u
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3Jpdm5pbmc=
+attributeDisplayNames:: YyxMYW5kc2bDtnJrb3J0bmluZw==
+attributeDisplayNames:: Y24sTmFtbg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9tw6Ru
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: dc,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Kontakt
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViYnNpZGVzYWRyZXNz
+attributeDisplayNames:: dXJsLFdlYmJzaWRlc2FkcmVzcyAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: dGl0bGUsQmVmYXR0bmluZw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXgtbnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxHYXR1YWRyZXNz
+attributeDisplayNames:: c3QsUmVnaW9u
+attributeDisplayNames:: c24sRWZ0ZXJuYW1u
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4LW51bW1lcg==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLElTRE4tbnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxCb3g=
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQXJiZXRzcGxhdHM=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRlbA==
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O2a2FybnVtbWVy
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm51bW1lciAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7ZrYXJudW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtcG9zdGFkcmVzcyAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgaGVtIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsYW5uYW1u
+attributeDisplayNames:: bWVtYmVyT2YsTWVkbGVtIGk=
+attributeDisplayNames:: bWFuYWdlcixDaGVm
+attributeDisplayNames:: bWFpbCxFLXBvc3RhZHJlc3M=
+attributeDisplayNames:: bCxPcnQ=
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSVNETi1udW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: aW5mbyxLb21tZW50YXJlcg==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzLCBoZW0=
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24sIGhlbQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEbDtnJuYW1u
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYW1uc3VmZml4
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnN0w6RsbG5pbmdzLUlE
+attributeDisplayNames:: ZGl2aXNpb24sQXZkZWxuaW5n
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCB1bmlrdCBuYW1u
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzbmluZ3NuYW1u
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxVbmRlcnN0w6RsbGRh
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3Jpdm5pbmc=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBdmRlbG5pbmc=
+attributeDisplayNames:: Y29tcGFueSxPcmdhbmlzYXRpb24=
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y24sTmFtbg==
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kc2bDtnJrb3J0bmluZw==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9tw6RucHJpbmNpcA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Lokal princip
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VGrDpG5zdA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: computer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsRGF0b3JuYW1uIChmw7ZyZSBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixPcGVyYXRpdnN5c3RlbXZlcnNpb24=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLE9wZXJhdGl2c3lzdGVt
+attributeDisplayNames:: bWFuYWdlZEJ5LEhhbnRlcmFkIGF2
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3Jpdm5pbmc=
+attributeDisplayNames:: Y24sTmFtbg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Skrivare
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixPYmpla3R2ZXJzaW9u
+attributeDisplayNames:: dXJsLFdlYmJzaWRlc2FkcmVzcw==
+attributeDisplayNames:: c2VydmVyTmFtZSxTZXJ2ZXJuYW1u
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxTdMO2ZGVyIGjDpGZ0bmluZw==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsUmVzdXJzbmFtbg==
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxTaWRvciBwZXIgbWludXQ=
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxFbmhldGVyIGbDtnIgaGFzdGlnaGV0
+attributeDisplayNames:: cHJpbnRSYXRlLEhhc3RpZ2hldA==
+attributeDisplayNames:: cHJpbnRPd25lcixOYW1uIHDDpSDDpGdhcmU=
+attributeDisplayNames:: cHJpbnRNZW1vcnksSW5zdGFsbGVyYXQgbWlubmU=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxQYXBwZXJzdHlwZXIgc29tIHN0w7Zkcw==
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFRpbGxnw6RuZ2xpZ2EgcGFwcGVy
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLE1heGltYWwgdXBwbMO2c25pbmc=
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxTa3JpdmFyc3Byw6Vr
+attributeDisplayNames:: cHJpbnRlck5hbWUsTmFtbg==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsU3TDtmRlciBkdWJiZWxzaWRpZyB1dHNrcmlmdA==
+attributeDisplayNames:: cHJpbnRDb2xvcixTdMO2ZGVyIGbDpHJndXRza3JpZnQ=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFN0w7ZkZXIgc29ydGVyaW5n
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxJbm1hdG5pbmdzZmFjaw==
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydA==
+attributeDisplayNames:: bG9jYXRpb24sU2tyaXZhcmVucyBwbGF0cw==
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbGw=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS29tbWVudGFy
+attributeDisplayNames:: Y29udGFjdE5hbWUsS29udGFrdA==
+attributeDisplayNames:: YXNzZXROdW1iZXIsSW52ZW50YXJpZW51bW1lcg==
+attributeDisplayNames:: dU5DTmFtZSxOw6R0dmVya3NuYW1u
+attributeDisplayNames:: Y24sS2F0YWxvZ3Rqw6Ruc3RuYW1u
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Plats
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: SW5zdMOkbGxuaW5nYXI=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: SW5zdMOkbGxuaW5nYXIgZsO2ciBkb23DpG5rb250cm9sbGFudA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Anslutning
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTLWluc3TDpGxsbmluZ2Fy
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTLXJlcGxpa3VwcHPDpHR0bmluZw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: VW5kZXJuw6R0
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UGxhdHNsw6Ruaw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UGxhdHNsw6Rua2JyeWdnYQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Transport mellan platser
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: UGxhdHNpbnN0w6RsbG5pbmdhciBmw7ZyIGxpY2Vuc2llcmluZw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: UGxhdHNpbnN0w6RsbG5pbmdhcg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-medlem
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-prenumerant
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-prenumerationer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Organisationsenhet
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: managedBy,Hanterad av
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: ou,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: QmVow6VsbGFyZQ==
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UlBDLXRqw6Ruc3Rlcg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: QmV0cm9kZCBkb23DpG4=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Delad mapp
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxOw6R0dmVya3Nzw7ZrdsOkZw==
+attributeDisplayNames:: a2V5d29yZHMsTnlja2Vsb3Jk
+attributeDisplayNames:: bWFuYWdlZEJ5LEhhbnRlcmFkIGF2
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3Jpdm5pbmc=
+attributeDisplayNames:: Y24sTmFtbg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUS1rw7Y=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-konfiguration
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUS1mw7ZyZXRhZw==
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUS11cHBncmFkZXJhZCBhbnbDpG5kYXJl
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUS1yb3V0bmluZ2zDpG5r
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUS1pbnN0w6RsbG5pbmdhcg==
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUS1rw7ZhbGlhcw==
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Formatnamn
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: MSMQ-grupp
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLE1lZGxlbXNrw7Zlcg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3Jpdm5pbmc=
+attributeDisplayNames:: Y24sTmFtbg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: VGrDpG5zdGVuIFJlbW90ZSBTdG9yYWdl
+adminContextMenu: 0,&Hantera...,RsAdmin.msc
+attributeDisplayNames: cn,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSxQb3N0bnVtbWVyLDAsMTAwLDA=
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAtZS1wb3N0YWRyZXNzLDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsQW52w6RuZGFyZW5zIGlubG9nZ25pbmdzbmFtbiwwLDIwMCww
+extraColumns:: dGl0bGUsQmVmYXR0bmluZywwLDEwMCww
+extraColumns:: dGFyZ2V0QWRkcmVzcyxNw6VsYWRyZXNzLDAsMTAwLDA=
+extraColumns:: c3QsVGlsbHN0w6VuZCwwLDEwMCww
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQXJiZXRzcGxhdHMsMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQsw4RuZHJhZCwwLDEzMCww
+extraColumns:: c24sRWZ0ZXJuYW1uLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMIGbDtnIgc25hYmJtZWRkZWxhbmRlbiwwLDE0MCww
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxIZW1zZXJ2ZXIgZsO2ciBzbmFiYm1lZGRlbGFuZGVuLDAsMTcwLDA=
+extraColumns:: Z2l2ZW5OYW1lLEbDtnJuYW1uLDAsMTAwLDA=
+extraColumns:: aG9tZU1EQixFeGNoYW5nZS1wb3N0bMOlZGVhcmtpdiwwLDEwMCww
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlLWFsaWFzLDAsMTc1LDA=
+extraColumns:: bWFpbCxFLXBvc3RhZHJlc3MsMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsSW5sb2dnbmluZ3NuYW1uIGbDtnJlIFdpbmRvd3MgMjAwMCwwLDEyMCww
+extraColumns:: ZGlzcGxheU5hbWUsVmlzbmluZ3NuYW1uLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCxBdmRlbG5pbmcsMCwxNTAsMA==
+extraColumns:: YyxMYW5kLDAsLTEsMA==
+extraColumns:: Y29tcGFueSxPcmdhbmlzYXRpb24sMCwxNTAsMA==
+extraColumns:: bCxPcnQsMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXIsIGFyYmV0ZSwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVow6VsbGFyZSBmw7ZyIHBsYXRzZXI=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVow6VsbGFyZSBmw7ZyIHRyYW5zcG9ydGVyIG1lbGxhbiBwbGF0c2Vy
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVow6VsbGFyZSBmw7ZyIHVuZGVybsOkdA==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVow6VsbGFyZSBmw7ZyIHNlcnZyYXI=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeS10asOkbnN0
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: RnLDpWdlcHJpbmNpcA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: RXh0ZXJudCBzw6RrZXJoZXRzb2JqZWt0
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Certifikatmall
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LFNlbmFzdCBrw6RuZGEgw7Z2ZXJvcmRuYWRlIG9iamVrdCwxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+attributeDisplayNames:: Y24sTmFtbg==
+attributeDisplayNames:: YyxMYW5kc2bDtnJrb3J0bmluZw==
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y29tcGFueSxPcmdhbmlzYXRpb24=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBdmRlbG5pbmc=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3Jpdm5pbmc=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxVbmRlcnN0w6RsbGRh
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCB1bmlrdCBuYW1u
+attributeDisplayNames:: ZGl2aXNpb24sQXZkZWxuaW5n
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnN0w6RsbG5pbmdzLUlE
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYW1uc3VmZml4
+attributeDisplayNames:: Z2l2ZW5OYW1lLEbDtnJuYW1u
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxBcmJldHNtYXBw
+attributeDisplayNames:: aG9tZURyaXZlLEFyYmV0c2VuaGV0
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24sIGhlbQ==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzLCBoZW0=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSVNETi1udW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: bCxPcnQ=
+attributeDisplayNames:: bWFpbCxFLXBvc3RhZHJlc3M=
+attributeDisplayNames:: bWFuYWdlcixDaGVm
+attributeDisplayNames:: bWVtYmVyT2YsTWVkbGVtIGk=
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsYW5uYW1u
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: aW5mbyxLb21tZW50YXJlcg==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgaGVtIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtcG9zdGFkcmVzcyAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7ZrYXJudW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm51bW1lciAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O2a2FybnVtbWVy
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRlbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQXJiZXRzcGxhdHM=
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxCb3g=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLElTRE4tbnVtbWVy
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4LW51bW1lcg==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsSW5sb2dnbmluZ3NuYW1uIChmw7ZyZSBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: c24sRWZ0ZXJuYW1u
+attributeDisplayNames:: c3QsUmVnaW9u
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxHYXR1YWRyZXNz
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXgtbnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: dGl0bGUsQmVmYXR0bmluZw==
+attributeDisplayNames:: dXJsLFdlYmJzaWRlc2FkcmVzcyAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzbmluZ3NuYW1u
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxJbmxvZ2duaW5nc2FyYmV0c3N0YXRpb25lcg==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsSW5sb2dnbmluZ3NuYW1u
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViYnNpZGVzYWRyZXNz
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror csoport
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvciBzem9sZ8OhbHRhdMOhcw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RmVsaGFzem7DoWzDsw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViaGVseSBjw61tZQ==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsQmVqZWxlbnRrZXrDqXNpIG7DqXY=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxCZWplbGVudGtlesOpc2kgbXVua2HDoWxsb23DoXNvaw==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTWVnamVsZW7DrXRldHQgbsOpdg==
+attributeDisplayNames:: dXJsLFdlYmhlbHkgY8OtbWUgKGVnecOpYik=
+attributeDisplayNames:: dGl0bGUsTXVua2Frw7Zy
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhzesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25zesOhbQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxVdGNh
+attributeDisplayNames:: c3QsTWVneWU=
+attributeDisplayNames:: c24sVmV6ZXTDqWtuw6l2
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsV2luZG93cyAyMDAwIGVsxZF0dGkgYmVqZWxlbnRrZXrDqXNpIG7DqXY=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4c3rDoW0=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE5lbXpldGvDtnppIElTRE4tc3rDoW0=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0YWZpw7Nr
+attributeDisplayNames:: cG9zdGFsQ29kZSxJcsOhbnnDrXTDs3N6w6Ft
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsSXJvZGEgaGVseWU=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxCZW9zenTDoXM=
+attributeDisplayNames:: cGFnZXIsU3plbcOpbHlow612w7NzesOhbQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbnN6w6FtIChlZ3nDqWIp
+attributeDisplayNames:: b3RoZXJQYWdlcixTemVtw6lseWjDrXbDs3N6w6FtIChlZ3nDqWIp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9uc3rDoW0gKGVnecOpYik=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVsZWt0cm9uaWt1cyBsZXbDqWxjw61tIChlZ3nDqWIp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25zesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsT3R0aG9uaSB0ZWxlZm9uc3rDoW0gKGVnecOpYik=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4c3rDoW0gKGVnecOpYik=
+attributeDisplayNames:: aW5mbyxNZWdqZWd5esOpc2Vr
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbnN6w6Ft
+attributeDisplayNames:: bWlkZGxlTmFtZSxLw7Z6w6lwc8WRIG7DqXY=
+attributeDisplayNames:: bWVtYmVyT2YsQSBrw7Z2ZXRrZXrFkSB0YWdqYQ==
+attributeDisplayNames:: bWFuYWdlcixGZWxldHRlcw==
+attributeDisplayNames:: bWFpbCxFLW1haWwgY8OtbQ==
+attributeDisplayNames:: bCxUZWxlcMO8bMOpcw==
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9uc3rDoW0=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTmVtemV0a8O2emkgSVNETi1zesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: aW5pdGlhbHMsTW9ub2dyYW0=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsT3R0aG9uaSBjw61t
+attributeDisplayNames:: aG9tZVBob25lLE90dGhvbmkgdGVsZWZvbg==
+attributeDisplayNames:: aG9tZURyaXZlLEtlemTFkW1lZ2hhanTDsw==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxLZXpkxZFtYXBwYQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLFV0w7Nuw6l2
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixHZW5lcsOhY2nDs3MgdXTDs3RhZw==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheHN6w6Ft
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbGthbG1hem90dCBhem9ub3PDrXTDs2ph
+attributeDisplayNames:: ZGl2aXNpb24sRsWRb3N6dMOhbHk=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCBtZWdrw7xsw7ZuYsO2enRldMWRIG7DqXY=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxLw7Z6dmV0bGVuIGJlb3N6dG90dGFr
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPc3p0w6FseQ==
+attributeDisplayNames:: Y29tcGFueSxDw6ln
+attributeDisplayNames:: Y29tbWVudCxNZWdqZWd5esOpcw==
+attributeDisplayNames:: Y28sT3JzesOhZw==
+attributeDisplayNames:: YyxPcnN6w6FnbsOpdiByw7Z2aWTDrXTDqXNl
+attributeDisplayNames:: Y24sTsOpdg==
+attributeDisplayNames:: YXNzaXN0YW50LFNlZ8OpZA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Csoport
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViaGVseSBjw61tZQ==
+attributeDisplayNames:: dXJsLFdlYmhlbHkgY8OtbWUgKGVnecOpYik=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsQ3NvcG9ydG7DqXYgKFdpbmRvd3MgMjAwMCBlbMWRdHRpIHJlbmRzemVyKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsSXJvZGEgaGVseWU=
+attributeDisplayNames:: aW5mbyxNZWdqZWd5esOpc2Vr
+attributeDisplayNames:: bWVtYmVyLFRhZ29r
+attributeDisplayNames:: bWFuYWdlZEJ5LEtlemVsaQ==
+attributeDisplayNames:: bCxUZWxlcMO8bMOpcw==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCBtZWdrw7xsw7ZuYsO2enRldMWRIG7DqXY=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: YyxPcnN6w6FnbsOpdiByw7Z2aWTDrXTDqXNl
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VGFydG9tw6FueQ==
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: ZGMsTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: S2FwY3NvbGF0dGFydMOz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViaGVseSBjw61tZQ==
+attributeDisplayNames:: dXJsLFdlYmhlbHkgY8OtbWUgKGVnecOpYik=
+attributeDisplayNames:: dGl0bGUsTXVua2Frw7Zy
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhzesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25zesOhbQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxVdGNh
+attributeDisplayNames:: c3QsTWVneWU=
+attributeDisplayNames:: c24sVmV6ZXTDqWtuw6l2
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4c3rDoW0=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE5lbXpldGvDtnppIElTRE4tc3rDoW0=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0YWZpw7Nr
+attributeDisplayNames:: cG9zdGFsQ29kZSxJcsOhbnnDrXTDs3N6w6Ft
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsSXJvZGEgaGVseWU=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxCZW9zenTDoXM=
+attributeDisplayNames:: cGFnZXIsU3plbcOpbHlow612w7NzesOhbQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbnN6w6FtIChlZ3nDqWIp
+attributeDisplayNames:: b3RoZXJQYWdlcixTemVtw6lseWjDrXbDs3N6w6FtIChlZ3nDqWIp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9uc3rDoW0gKGVnecOpYik=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVsZWt0cm9uaWt1cyBsZXbDqWxjw61tIChlZ3nDqWIp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25zesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsT3R0aG9uaSB0ZWxlZm9uc3rDoW0gKGVnecOpYik=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4c3rDoW0gKGVnecOpYik=
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbnN6w6Ft
+attributeDisplayNames:: bWlkZGxlTmFtZSxLw7Z6w6lwc8WRIG7DqXY=
+attributeDisplayNames:: bWVtYmVyT2YsQSBrw7Z2ZXRrZXrFkSB0YWdqYQ==
+attributeDisplayNames:: bWFuYWdlcixGZWxldHRlcw==
+attributeDisplayNames:: bWFpbCxFLW1haWwgY8OtbQ==
+attributeDisplayNames:: bCxUZWxlcMO8bMOpcw==
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9uc3rDoW0=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTmVtemV0a8O2emkgSVNETi1zesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: aW5mbyxNZWdqZWd5esOpc2Vr
+attributeDisplayNames:: aW5pdGlhbHMsTW9ub2dyYW0=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsT3R0aG9uaSBjw61t
+attributeDisplayNames:: aG9tZVBob25lLE90dGhvbmkgdGVsZWZvbg==
+attributeDisplayNames:: Z2l2ZW5OYW1lLFV0w7Nuw6l2
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixHZW5lcsOhY2nDs3MgdXTDs3RhZw==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheHN6w6Ft
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbGthbG1hem90dCBhem9ub3PDrXTDs2ph
+attributeDisplayNames:: ZGl2aXNpb24sRsWRb3N6dMOhbHk=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCBtZWdrw7xsw7ZuYsO2enRldMWRIG7DqXY=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTWVnamVsZW7DrXRldHQgbsOpdg==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxLw7Z6dmV0bGVuIGJlb3N6dG90dGFr
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPc3p0w6FseQ==
+attributeDisplayNames:: Y29tcGFueSxDw6ln
+attributeDisplayNames:: Y29tbWVudCxNZWdqZWd5esOpcw==
+attributeDisplayNames:: Y24sTsOpdg==
+attributeDisplayNames:: Y28sT3JzesOhZw==
+attributeDisplayNames:: YyxPcnN6w6FnbsOpdiByw7Z2aWTDrXTDqXNl
+attributeDisplayNames:: YXNzaXN0YW50LFNlZ8OpZA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VGFydG9tw6FueWjDoXppcmVuZA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: SGVseWkgaMOhemlyZW5k
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeSBzem9sZ8OhbHRhdMOhcw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U3rDoW3DrXTDs2fDqXA=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsU3rDoW3DrXTDs2fDqXBuw6l2IChXaW5kb3dzIDIwMDAgZWzFkXR0aSByZW5kc3plcik=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixPcGVyw6FjacOzcyByZW5kc3plciB2ZXJ6acOzamE=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLE9wZXLDoWNpw7NzIHJlbmRzemVy
+attributeDisplayNames:: bWFuYWdlZEJ5LEtlemVsaQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: TnlvbXRhdMOz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixPYmpla3R1bSB2ZXJ6acOzamE=
+attributeDisplayNames:: dXJsLFdlYmhlbHkgY8OtbWU=
+attributeDisplayNames:: c2VydmVyTmFtZSxLaXN6b2xnw6Fsw7Nuw6l2
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxUw6Ftb2dhdGphIGF6IMO2c3N6ZWbFsXrDqXN0
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTWVnb3N6dMOhc2kgbsOpdg==
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxPbGRhbCBwZXIgcGVyYw==
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxTZWJlc3PDqWdlZ3lzw6ln
+attributeDisplayNames:: cHJpbnRSYXRlLFNlYmVzc8OpZw==
+attributeDisplayNames:: cHJpbnRPd25lcixUdWxhamRvbm9zIG5ldmU=
+attributeDisplayNames:: cHJpbnRNZW1vcnksVGVsZXDDrXRldHQgbWVtw7NyaWE=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxUw6Ftb2dhdG90dCBwYXDDrXJ0w61wdXNvaw==
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFJlbmRlbGtlesOpc3JlIMOhbGzDsyBwYXDDrXI=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLE1heGltw6FsaXMgZmVsYm9udMOhcw==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxOeW9tdGF0w7MgbnllbHZl
+attributeDisplayNames:: cHJpbnRlck5hbWUsTsOpdg==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsVMOhbW9nYXRqYSBhIGvDqXRvbGRhbGFzIG55b210YXTDoXN0
+attributeDisplayNames:: cHJpbnRDb2xvcixUw6Ftb2dhdGphIGEgc3rDrW5lcyBueW9tdGF0w6FzdA==
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFTDoW1vZ2F0amEgYSBzesOpdHbDoWxvZ2F0w6FzdA==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxCZW1lbmV0aSB0w6FsY8Ohaw==
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydA==
+attributeDisplayNames:: bG9jYXRpb24sSGVseQ==
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbGw=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTWVnamVneXrDqXM=
+attributeDisplayNames:: Y29udGFjdE5hbWUsS2FwY3NvbGF0dGFydMOz
+attributeDisplayNames:: YXNzZXROdW1iZXIsRXN6a8O2enN6w6Ft
+attributeDisplayNames:: dU5DTmFtZSxIw6Fsw7N6YXRpIG7DqXY=
+attributeDisplayNames:: Y24sQ8OtbXTDoXJzem9sZ8OhbHRhdMOhcyBuZXZl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Telephely
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: S2lzem9sZ8OhbMOz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: QmXDoWxsw610w6Fzb2s=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: VGFydG9tw6FueXZlesOpcmzFkSBiZcOhbGzDrXTDoXNhaQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Kapcsolat
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTLWJlw6FsbMOtdMOhc29r
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTLXJlcGxpa2Frw6lzemxldA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: QWxow6Fsw7N6YXQ=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: SGVseWhpdmF0a296w6Fz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: SGVseWhpdmF0a296w6FzaMOtZA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: SGVseWvDtnppIMOhdHZpdGVs
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: TGljZW5jZWzFkSBoZWx5IGJlw6FsbMOtdMOhc2Fp
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: SGVseSBiZcOhbGzDrXTDoXNhaQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-tag
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTLWVsxZFmaXpldMWR
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTLWVsxZFmaXpldMOpc2Vr
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U3plcnZlemV0aSBlZ3lzw6ln
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LEtlemVsaQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: b3UsTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VMOhcm9sw7M=
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UlBDLXN6b2xnw6FsdGF0w6Fzb2s=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: TWVnYsOtemhhdMOzIHRhcnRvbcOhbnk=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Megosztott mappa
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxIw6Fsw7N6YXRpIGVsw6lyw6lzaSDDunQ=
+attributeDisplayNames:: a2V5d29yZHMsS3VsY3NzemF2YWs=
+attributeDisplayNames:: bWFuYWdlZEJ5LEtlemVsaQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUS12w6Fyw7NsaXN0YQ==
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUS1rb25maWd1csOhY2nDsw==
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUS12w6FsbGFsYXQ=
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUS1yYSBmcmlzc8OtdGV0dCBmZWxoYXN6bsOhbMOz
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUS3DunR2w6FsYXN6dMOzaGl2YXRrb3rDoXM=
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUS1iZcOhbGzDrXTDoXNvaw==
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUS12w6Fyw7NsaXN0YSBhbGlhc25ldmU=
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSxGb3Jtw6F0dW1uw6l2
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: MSMQ-csoport
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLFRhZ29rIHbDoXLDs2xpc3TDoWk=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: VMOhdnTDoXJvbMOzIHN6b2xnw6FsdGF0w6Fz
+adminContextMenu:: MCwmS2V6ZWzDqXMuLi4sUnNBZG1pbi5tc2M=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSxJcsOhbnnDrXTDs3N6w6FtLDAsMTAwLDA=
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAgZS1NYWlsLWPDrW0sMCwxMzAsMA==
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsRmVsaGFzem7DoWzDsyBiZWplbGVudGtlesOpc2kgbmV2ZSwwLDIwMCww
+extraColumns:: dGl0bGUsTXVua2Frw7ZyLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyxDw6lsIGPDrW1lLDAsMTAwLDA=
+extraColumns:: c3Qsw4FsbGFtLDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsSXJvZGEsMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQsTcOzZG9zw610dmEsMCwxMzAsMA==
+extraColumns:: c24sVmV6ZXTDqWtuw6l2LDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsSW5zdGFudCBNZXNzYWdpbmcgVVJMLWplLDAsMTQwLDA=
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxJbnN0YW50IE1lc3NhZ2luZyBraXN6b2xnw6Fsw7NqYSwwLDE3MCww
+extraColumns:: Z2l2ZW5OYW1lLFV0w7Nuw6l2LDAsMTAwLDA=
+extraColumns:: aG9tZU1EQixFeGNoYW5nZSBwb3N0YWZpw7NrIHTDoXJvbMOzamEsMCwxMDAsMA==
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlIGFsaWFzLDAsMTc1LDA=
+extraColumns:: bWFpbCxFLW1haWwgY8OtbSwwLDEwMCww
+extraColumns:: c0FNQWNjb3VudE5hbWUsV2luZG93cyAyMDAwIGVsxZF0dGkgYmVqZWxlbnRrZXrDqXNpIG7DqXYsMCwxMjAsMA==
+extraColumns:: ZGlzcGxheU5hbWUsTWVnamVsZW7DrXRldHQgbsOpdiwwLDEwMCww
+extraColumns:: ZGVwYXJ0bWVudCxPc3p0w6FseSwwLDE1MCww
+extraColumns:: YyxPcnN6w6FnLDAsLTEsMA==
+extraColumns:: Y29tcGFueSxDw6lnLDAsMTUwLDA=
+extraColumns:: bCxUZWxlcMO8bMOpcywwLDE1MCww
+extraColumns:: dGVsZXBob25lTnVtYmVyLE11bmthaGVseWkgdGVsZWZvbiwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: SGVseXTDoXJvbMOz
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: SGVseWVrIGvDtnrDtnR0aSDDoXR2aXRlbCB0w6Fyb2zDs2ph
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWxow6Fsw7N6YXRvayB0w6Fyb2zDs2ph
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: S2lzem9sZ8OhbMOzayB0w6Fyb2zDs2ph
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeSBzem9sZ8OhbHRhdMOhcw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: TGVrw6lyZGV6w6lzZWsgaMOhemlyZW5kamU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: SWRlZ2VuIGJpenRvbnPDoWdpIGVneXN6ZXLFsW7DqXY=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: VGFuw7pzw610dsOhbnlzYWJsb24=
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LFV0b2xzw7MgaXNtZXJ0IHN6w7xsxZEsMSwzMDAsMA==
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LFNlZ8OpZA==
+attributeDisplayNames:: Y24sTsOpdg==
+attributeDisplayNames:: YyxPcnN6w6FnbsOpdiByw7Z2aWTDrXTDqXNl
+attributeDisplayNames:: Y28sT3JzesOhZw==
+attributeDisplayNames:: Y29tbWVudCxNZWdqZWd5esOpcw==
+attributeDisplayNames:: Y29tcGFueSxDw6ln
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPc3p0w6FseQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxLw7Z6dmV0bGVuIGJlb3N6dG90dGFr
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCBtZWdrw7xsw7ZuYsO2enRldMWRIG7DqXY=
+attributeDisplayNames:: ZGl2aXNpb24sRsWRb3N6dMOhbHk=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbGthbG1hem90dCBhem9ub3PDrXTDs2ph
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheHN6w6Ft
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixHZW5lcsOhY2nDs3MgdXTDs3RhZw==
+attributeDisplayNames:: Z2l2ZW5OYW1lLFV0w7Nuw6l2
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxLZXpkxZFtYXBwYQ==
+attributeDisplayNames:: aG9tZURyaXZlLEtlemTFkW1lZ2hhanTDsw==
+attributeDisplayNames:: aG9tZVBob25lLE90dGhvbmkgdGVsZWZvbg==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsT3R0aG9uaSBjw61t
+attributeDisplayNames:: aW5pdGlhbHMsTW9ub2dyYW0=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTmVtemV0a8O2emkgSVNETi1zesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9uc3rDoW0=
+attributeDisplayNames:: bCxUZWxlcMO8bMOpcw==
+attributeDisplayNames:: bWFpbCxFLW1haWwgY8OtbQ==
+attributeDisplayNames:: bWFuYWdlcixGZWxldHRlcw==
+attributeDisplayNames:: bWVtYmVyT2YsQSBrw7Z2ZXRrZXrFkSB0YWdqYQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSxLw7Z6w6lwc8WRIG7DqXY=
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbnN6w6Ft
+attributeDisplayNames:: aW5mbyxNZWdqZWd5esOpc2Vr
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4c3rDoW0gKGVnecOpYik=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsT3R0aG9uaSB0ZWxlZm9uIChlZ3nDqWIp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25zesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVsZWt0cm9uaWt1cyBsZXbDqWxjw61tIChlZ3nDqWIp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9uc3rDoW0gKGVnecOpYik=
+attributeDisplayNames:: b3RoZXJQYWdlcixTemVtw6lseWjDrXbDs3N6w6FtIChlZ3nDqWIp
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbnN6w6FtIChlZ3nDqWIp
+attributeDisplayNames:: cGFnZXIsU3plbcOpbHlow612w7NzesOhbQ==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxCZW9zenTDoXM=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsSXJvZGEgaGVseWU=
+attributeDisplayNames:: cG9zdGFsQ29kZSxJcsOhbnnDrXTDs3N6w6Ft
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0YWZpw7Nr
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE5lbXpldGvDtnppIElTRE4tc3rDoW0=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4c3rDoW0=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsV2luZG93cyAyMDAwIGVsxZF0dGkgYmVqZWxlbnRrZXrDqXNpIG7DqXY=
+attributeDisplayNames:: c24sVmV6ZXTDqWtuw6l2
+attributeDisplayNames:: c3QsTWVneWU=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxVdGNh
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25zesOhbQ==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhzesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: dGl0bGUsTXVua2Frw7Zy
+attributeDisplayNames:: dXJsLFdlYmhlbHkgY8OtbWUgKGVnecOpYik=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTWVnamVsZW7DrXRldHQgbsOpdg==
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxCZWplbGVudGtlesOpc2kgbXVua2HDoWxsb23DoXNvaw==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsQmVqZWxlbnRrZXrDqXNpIG7DqXY=
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViaGVseSBjw61tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: 2YXYrNmF2YjYudipIEludGVsbGlNaXJyb3I=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: 2K7Yr9mF2KkgSW50ZWxsaU1pcnJvcg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfZhNmF2LPYqtiu2K/ZhQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us2LnZhtmI2KfZhiDYtdmB2K3YqSDZiNmK2Kg=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs2KfYs9mFINiq2LPYrNmK2YQg2KfZhNiv2K7ZiNmE
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzZhdit2LfYp9iqINiq2LPYrNmK2YQg2KfZhNiv2K7ZiNmE
+attributeDisplayNames:: ZGlzcGxheU5hbWUs2KfYs9mFINin2YTYudix2LY=
+attributeDisplayNames:: dXJsLNi52YbZiNin2YYg2LXZgdit2Kkg2YjZitioICjYotiu2LEp
+attributeDisplayNames:: dGl0bGUs2KfZhNmF2LPZhdmJINin2YTZiNi42YrZgdmK
+attributeDisplayNames:: dGVsZXhOdW1iZXIs2LHZgtmFINin2YTYqtmE2YrZg9izICjYotiu2LEp
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNix2YLZhSDYp9mE2YfYp9iq2YE=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzYp9mE2LnZhtmI2KfZhg==
+attributeDisplayNames:: c3Qs2KfZhNmI2YTYp9mK2Kkv2KfZhNmF2YLYp9i32LnYqQ==
+attributeDisplayNames:: c24s2KfYs9mFINin2YTYudin2KbZhNip
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs2KfYs9mFINiq2LPYrNmK2YQg2KfZhNiv2K7ZiNmEICjZhdinINmC2KjZhCBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNix2YLZhSDYp9mE2KrZhNmK2YPYsw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNix2YLZhSBJU0ROINin2YTYr9mI2YTZig==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzYtdmG2K/ZiNmCINin2YTYqNix2YrYrw==
+attributeDisplayNames:: cG9zdGFsQ29kZSzYp9mE2LHZhdiyINin2YTYqNix2YrYr9mK
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs2YXZiNmC2Lkg2KfZhNmF2YPYqtio
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzYp9mE2YTZgtio
+attributeDisplayNames:: cGFnZXIs2LHZgtmFINin2YTZhtiv2ZHYp9ih
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs2LHZgtmFINin2YTZh9in2KrZgSAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcizYsdmC2YUg2KfZhNmG2K/Zkdin2KEgKNii2K7YsSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs2LHZgtmFINin2YTZh9in2KrZgSDYp9mE2KzZiNmR2KfZhCAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNi52YbZiNin2YYg2KfZhNio2LHZitivINin2YTYpdmE2YPYqtix2YjZhtmKICjYotiu2LEp
+attributeDisplayNames:: b3RoZXJJcFBob25lLNi52YbZiNin2YYg2YfYp9iq2YEgSVAgKNii2K7YsSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs2LHZgtmFINmH2KfYqtmBINin2YTZhdmG2LLZhCAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs2LHZgtmFINin2YTZgdin2YPYsyAo2KLYrtixKQ==
+attributeDisplayNames:: aW5mbyzZhdmE2KfYrdi42KfYqg==
+attributeDisplayNames:: bW9iaWxlLNix2YLZhSDYp9mE2YfYp9iq2YEg2KfZhNis2YjZkdin2YQ=
+attributeDisplayNames:: bWlkZGxlTmFtZSzYp9mE2KfYs9mFINin2YTYo9mI2LPYtw==
+attributeDisplayNames:: bWVtYmVyT2Ys2LnYttmIINmB2Yo=
+attributeDisplayNames:: bWFuYWdlcizYp9mE2YXYr9mK2LE=
+attributeDisplayNames:: bWFpbCzYudmG2YjYp9mGINin2YTYqNix2YrYryDYp9mE2KXZhNmD2KrYsdmI2YbZig==
+attributeDisplayNames:: bCzYp9mE2YXYr9mK2YbYqQ==
+attributeDisplayNames:: aXBQaG9uZSzYsdmC2YUg2YfYp9iq2YEgSVA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs2LHZgtmFIElTRE4g2KfZhNiv2YjZhNmKICjYotiu2LEp
+attributeDisplayNames:: aW5pdGlhbHMs2KfZhNij2K3YsdmBINin2YTYo9mI2YTZiSDZhdmGINin2YTYo9iz2YXYp9ih
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms2LnZhtmI2KfZhiDYp9mE2YXZhtiy2YQ=
+attributeDisplayNames:: aG9tZVBob25lLNmH2KfYqtmBINin2YTZhdmG2LLZhA==
+attributeDisplayNames:: aG9tZURyaXZlLNmF2K3YsdmDINin2YTYo9mC2LHYp9i1INin2YTYsdim2YrYs9mK
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzYp9mE2K/ZhNmK2YQg2KfZhNix2KbZitiz2Yo=
+attributeDisplayNames:: Z2l2ZW5OYW1lLNin2YTYp9iz2YUg2KfZhNij2YjZhA==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizZhNin2K3ZgtipINin2YTYp9iz2YU=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNix2YLZhSDYp9mE2YHYp9mD2LM=
+attributeDisplayNames:: ZW1wbG95ZWVJRCzYp9mE2LHZgtmFINin2YTZhdi52LHZgSDZhNmE2YXZiNi42YE=
+attributeDisplayNames:: ZGl2aXNpb24s2KfZhNmB2LHYuQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs2KfZhNin2LPZhSDYp9mE2YXZhdmK2LIg2YTZgCBYNTAw
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzYp9mE2KrZgtin2LHZitixINin2YTZhdio2KfYtNix2Kk=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCzYp9mE2YLYs9mF
+attributeDisplayNames:: Y29tcGFueSzYp9mE2LTYsdmD2Kk=
+attributeDisplayNames:: Y29tbWVudCzYp9mE2KrYudmE2YrZgg==
+attributeDisplayNames:: Y28s2KfZhNio2YTYrw==
+attributeDisplayNames:: YyzYp9iu2KrYtdin2LEg2KfZhNio2YTYrw==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+attributeDisplayNames:: YXNzaXN0YW50LNin2YTZhdiz2KfYudiv
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2YXYrNmF2YjYudip
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us2LnZhtmI2KfZhiDYtdmB2K3YqSDZiNmK2Kg=
+attributeDisplayNames:: dXJsLNi52YbZiNin2YYg2LXZgdit2Kkg2YjZitioICjYotiu2LEp
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs2KfYs9mFINin2YTZhdis2YXZiNi52KkgKNmF2Kcg2YLYqNmEIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs2YXZiNmC2Lkg2KfZhNmF2YPYqtio
+attributeDisplayNames:: aW5mbyzZhdmE2KfYrdi42KfYqg==
+attributeDisplayNames:: bWVtYmVyLNin2YTYo9i52LbYp9ih
+attributeDisplayNames:: bWFuYWdlZEJ5LNmK2KrZhSDYpdiv2KfYsdiq2Ycg2YXZhiDZgtio2YQ=
+attributeDisplayNames:: bCzYp9mE2YXYr9mK2YbYqQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs2KfZhNin2LPZhSDYp9mE2YXZhdmK2LIg2YTZgCBYNTAw
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: YyzYp9iu2KrYtdin2LEg2KfZhNio2YTYrw==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfZhNmF2KzYp9mE
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: ZGMs2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfYqti12KfZhA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us2LnZhtmI2KfZhiDYtdmB2K3YqSDZiNmK2Kg=
+attributeDisplayNames:: dXJsLNi52YbZiNin2YYg2LXZgdit2Kkg2YjZitioICjYotiu2LEp
+attributeDisplayNames:: dGl0bGUs2KfZhNmF2LPZhdmJINin2YTZiNi42YrZgdmK
+attributeDisplayNames:: dGVsZXhOdW1iZXIs2LHZgtmFINin2YTYqtmE2YrZg9izICjYotiu2LEp
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNix2YLZhSDYp9mE2YfYp9iq2YE=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzYp9mE2LnZhtmI2KfZhg==
+attributeDisplayNames:: c3Qs2KfZhNmI2YTYp9mK2Kkv2KfZhNmF2YLYp9i32LnYqQ==
+attributeDisplayNames:: c24s2KfYs9mFINin2YTYudin2KbZhNip
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNix2YLZhSDYp9mE2KrZhNmK2YPYsw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNix2YLZhSBJU0ROINin2YTYr9mI2YTZig==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzYtdmG2K/ZiNmCINin2YTYqNix2YrYrw==
+attributeDisplayNames:: cG9zdGFsQ29kZSzYp9mE2LHZhdiyINin2YTYqNix2YrYr9mK
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs2YXZiNmC2Lkg2KfZhNmF2YPYqtio
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzYp9mE2YTZgtio
+attributeDisplayNames:: cGFnZXIs2LHZgtmFINin2YTZhtiv2ZHYp9ih
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs2LHZgtmFINin2YTZh9in2KrZgSAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcizYsdmC2YUg2KfZhNmG2K/Zkdin2KEgKNii2K7YsSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs2LHZgtmFINin2YTZh9in2KrZgSDYp9mE2KzZiNmR2KfZhCAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNi52YbZiNin2YYg2KfZhNio2LHZitivINin2YTYpdmE2YPYqtix2YjZhtmKICjYotiu2LEp
+attributeDisplayNames:: b3RoZXJJcFBob25lLNi52YbZiNin2YYg2YfYp9iq2YEgSVAgKNii2K7YsSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs2LHZgtmFINmH2KfYqtmBINin2YTZhdmG2LLZhCAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs2LHZgtmFINin2YTZgdin2YPYsyAo2KLYrtixKQ==
+attributeDisplayNames:: bW9iaWxlLNix2YLZhSDYp9mE2YfYp9iq2YEg2KfZhNis2YjZkdin2YQ=
+attributeDisplayNames:: bWlkZGxlTmFtZSzYp9mE2KfYs9mFINin2YTYo9mI2LPYtw==
+attributeDisplayNames:: bWVtYmVyT2Ys2LnYttmIINmB2Yo=
+attributeDisplayNames:: bWFuYWdlcizYp9mE2YXYr9mK2LE=
+attributeDisplayNames:: bWFpbCzYudmG2YjYp9mGINin2YTYqNix2YrYryDYp9mE2KXZhNmD2KrYsdmI2YbZig==
+attributeDisplayNames:: bCzYp9mE2YXYr9mK2YbYqQ==
+attributeDisplayNames:: aXBQaG9uZSzYsdmC2YUg2YfYp9iq2YEgSVA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs2LHZgtmFIElTRE4g2KfZhNiv2YjZhNmKICjYotiu2LEp
+attributeDisplayNames:: aW5mbyzZhdmE2KfYrdi42KfYqg==
+attributeDisplayNames:: aW5pdGlhbHMs2KfZhNij2K3YsdmBINin2YTYo9mI2YTZiSDZhdmGINin2YTYo9iz2YXYp9ih
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms2LnZhtmI2KfZhiDYp9mE2YXZhtiy2YQ=
+attributeDisplayNames:: aG9tZVBob25lLNmH2KfYqtmBINin2YTZhdmG2LLZhA==
+attributeDisplayNames:: Z2l2ZW5OYW1lLNin2YTYp9iz2YUg2KfZhNij2YjZhA==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizZhNin2K3ZgtipINin2YTYp9iz2YU=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNix2YLZhSDYp9mE2YHYp9mD2LM=
+attributeDisplayNames:: ZW1wbG95ZWVJRCzYp9mE2LHZgtmFINin2YTZhdi52LHZgSDZhNmE2YXZiNi42YE=
+attributeDisplayNames:: ZGl2aXNpb24s2KfZhNmB2LHYuQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs2KfZhNin2LPZhSDYp9mE2YXZhdmK2LIg2YTZgCBYNTAw
+attributeDisplayNames:: ZGlzcGxheU5hbWUs2KfYs9mFINin2YTYudix2LY=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzYp9mE2KrZgtin2LHZitixINin2YTZhdio2KfYtNix2Kk=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCzYp9mE2YLYs9mF
+attributeDisplayNames:: Y29tcGFueSzYp9mE2LTYsdmD2Kk=
+attributeDisplayNames:: Y29tbWVudCzYp9mE2KrYudmE2YrZgg==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+attributeDisplayNames:: Y28s2KfZhNio2YTYrw==
+attributeDisplayNames:: YyzYp9iu2KrYtdin2LEg2KfZhNio2YTYrw==
+attributeDisplayNames:: YXNzaXN0YW50LNin2YTZhdiz2KfYudiv
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2YbZh9isINin2YTZhdis2KfZhA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfZhNmG2YfYrCDYp9mE2YXYrdmE2Yo=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfZhNiu2K/Zhdip
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfZhNmD2YXYqNmK2YjYqtix
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs2KfYs9mFINin2YTZg9mF2KjZitmI2KrYsSAo2YXYpyDZgtio2YQgV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizYpdi12K/Yp9ixINmG2LjYp9mFINin2YTYqti02LrZitmE
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLNmG2LjYp9mFINin2YTYqti02LrZitmE
+attributeDisplayNames:: bWFuYWdlZEJ5LNmK2KrZhSDYpdiv2KfYsdiq2Ycg2YXZhiDZgtio2YQ=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfZhNi32KfYqNi52Kk=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcizYpdi12K/Yp9ixINin2YTZg9in2KbZhg==
+attributeDisplayNames:: dXJsLNi52YbZiNin2YYg2LXZgdit2Kkg2YjZitio
+attributeDisplayNames:: c2VydmVyTmFtZSzYp9iz2YUg2KfZhNmF2YTZgtmF
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzYqtiv2LnZhSDYp9mE2KrYr9io2YrYsw==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUs2KfYs9mFINin2YTZhdi02KfYsdmD2Kk=
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzYtdmB2K3YqSDYqNin2YTYr9mC2YrZgtip
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzZiNit2K/Yp9iqINin2YTYs9ix2LnYqQ==
+attributeDisplayNames:: cHJpbnRSYXRlLNin2YTYs9ix2LnYqQ==
+attributeDisplayNames:: cHJpbnRPd25lcizYp9iz2YUg2KfZhNmF2KfZhNmD
+attributeDisplayNames:: cHJpbnRNZW1vcnks2KfZhNiw2KfZg9ix2Kkg2KfZhNmF2KvYqNiq2Kk=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzYo9mG2YjYp9i5INin2YTZiNix2YIg2KfZhNmF2LnYqtmF2K/YqQ==
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LNin2YTZiNix2YIg2KfZhNmF2KrZiNmB2LE=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLNin2YTYrdivINin2YTYo9mC2LXZiSDZhNmE2K/Zgtip
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSzZhNi62Kkg2KfZhNi32KfYqNi52Kk=
+attributeDisplayNames:: cHJpbnRlck5hbWUs2KfZhNin2LPZhQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQs2KrYr9i52YUg2KfZhNi32KjYp9i52Kkg2LnZhNmJINin2YTZiNis2YfZitmG
+attributeDisplayNames:: cHJpbnRDb2xvcizYqtiv2LnZhSDYp9mE2LfYqNin2LnYqSDYqNin2YTYo9mE2YjYp9mG
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLNiq2K/YudmFINiq2LHYqtmK2Kgg2KfZhNmG2LPYrg==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzYudmE2Kgg2KfZhNil2K/Yrtin2YQ=
+attributeDisplayNames:: cG9ydE5hbWUs2KfZhNmF2YbZgdiw
+attributeDisplayNames:: bG9jYXRpb24s2KfZhNmF2YjZgti5
+attributeDisplayNames:: ZHJpdmVyTmFtZSzYp9mE2LfYsdin2LI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNiq2LnZhNmK2YI=
+attributeDisplayNames:: Y29udGFjdE5hbWUs2KfYqti12KfZhA==
+attributeDisplayNames:: YXNzZXROdW1iZXIs2LHZgtmFINin2YTYo9i12YQ=
+attributeDisplayNames:: dU5DTmFtZSzYp9iz2YUg2LTYqNmD2Kkg2KfZhNin2KrYtdin2YQ=
+attributeDisplayNames:: Y24s2KfYs9mFINiu2K/ZhdipINin2YTYr9mE2YrZhA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 2KfZhNmF2YjZgti5
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 2KfZhNmF2YTZgtmF
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 2KXYudiv2KfYr9in2Ko=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 2KXYudiv2KfYr9in2Kog2YjYrdiv2Kkg2KrYrdmD2YUg2KfZhNmF2KzYp9mE
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 2KfZhNin2KrYtdin2YQ=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 2KXYudiv2KfYr9in2KogRlJT
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 2YXYrNmF2YjYudipINin2YTZhtiz2K4g2KfZhNmF2KrZhdin2KvZhNipINmE2YAgRlJT
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 2KfZhNi02KjZg9ipINin2YTZgdix2LnZitip
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 2KfYsdiq2KjYp9i3INin2YTZhdmI2YLYuQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 2KzYs9ixINin2LHYqtio2KfYtyDYp9mE2YXZiNmC2Lk=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 2YbZgtmEINio2YrZhiDYp9mE2YXZiNin2YLYuQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 2KXYudiv2KfYr9in2Kog2KrYsdiu2YrYtSDYp9mE2YXZiNmC2Lk=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: 2KXYudiv2KfYr9in2Kog2KfZhNmF2YjZgti5
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 2LnYttmIIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 2YXYtNiq2LHZgyBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 2KfYtNiq2LHYp9mD2KfYqiBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfZhNmI2K3Yr9ipINin2YTYqtmG2LjZitmF2YrYqQ==
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LNmK2KrZhSDYpdiv2KfYsdiq2Ycg2YXZhiDZgtio2YQ=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: b3Us2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfZhNit2KfZiNmK2Kk=
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 2K7Yr9mF2KfYqiBSUEM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 2KfZhNmF2KzYp9mEINin2YTZhdmI2KvZiNmC
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfZhNmF2KzZhNivINin2YTZhdi02KrYsdmD
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSzZhdiz2KfYsSDYtNio2YPYqSDYp9mE2KfYqti12KfZhA==
+attributeDisplayNames:: a2V5d29yZHMs2KfZhNmD2YTZhdin2Kog2KfZhNij2LPYp9iz2YrYqQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LNmK2KrZhSDYpdiv2KfYsdiq2Ycg2YXZhiDZgtio2YQ=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: 2YLYp9im2YXYqSDYp9mG2KrYuNin2LEgTVNNUQ==
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: 2KrZg9mI2YrZhiBNU01R
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: 2YXYtNix2YjYuSBNU01R
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: 2YXYs9iq2K7Yr9mFINiq2LHZgtmK2Kkg2YTZgCBNU01R
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: 2KfYsdiq2KjYp9i3INiq2YjYrNmK2YcgTVNNUQ==
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: 2KXYudiv2KfYr9in2KogTVNNUQ==
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: 2KfZhNin2LPZhSDYp9mE2YXYs9iq2LnYp9ixINmE2YLYp9im2YXYqSDYp9mG2KrYuNin2LEgTVNNUQ==
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSzYp9iz2YUg2KfZhNiq2YbYs9mK2YI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: 2YXYrNmF2YjYudipIE1TTVE=
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLNi52LbZiCDZgtmI2KfYptmFINin2YbYqti42KfYsQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 2K7Yr9mF2Kkg2KfZhNiq2K7YstmK2YYg2KfZhNio2LnZitiv
+adminContextMenu:: MCwm2KXYr9in2LHYqS4uLixSc0FkbWluLm1zYw==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSzYsdmF2LIg2KjYsdmK2K/ZiiwwLDEwMCww
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3Ms2LnZhtmI2KfZhiDYp9mE2KjYsdmK2K8g2KfZhNil2YTZg9iq2LHZiNmG2YogWC40MDAsMCwxMzAsMA==
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUs4oCP4oCP2KfYs9mFINiq2LPYrNmK2YQg2K/YrtmI2YQg2KfZhNmF2LPYqtiu2K/ZhSwwLDIwMCww
+extraColumns:: dGl0bGUs2KfZhNmF2LPZhdmJINin2YTZiNi42YrZgdmKLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyzYp9mE2LnZhtmI2KfZhiDYp9mE2YfYr9mBLDAsMTAwLDA=
+extraColumns:: c3Qs2KfZhNmI2YTYp9mK2KksMCwxMDAsMA==
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs2KfZhNmF2YPYqtioLDAsMTAwLDA=
+extraColumns:: d2hlbkNoYW5nZWQs2KrZhSDYqti52K/ZitmE2YcsMCwxMzAsMA==
+extraColumns:: c24s2KfYs9mFINin2YTYudin2KbZhNipLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMINin2YTYsdiz2KfYptmEINin2YTZgdmI2LHZitipLDAsMTQwLDA=
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCzYp9mE2YXZhNmC2YUg2KfZhNix2KbZitiz2Yog2YTZhNix2LPYp9im2YQg2KfZhNmB2YjYsdmK2KksMCwxNzAsMA==
+extraColumns:: Z2l2ZW5OYW1lLNin2YTYp9iz2YUg2KfZhNij2YjZhCwwLDEwMCww
+extraColumns:: aG9tZU1EQizYqtio2KfYr9mEINmF2K7YstmGINi52YTYqNipINin2YTYqNix2YrYrywwLDEwMCww
+extraColumns:: bWFpbE5pY2tuYW1lLNiq2KjYp9iv2YQg2KfZhNin2LPZhSDYp9mE2YXYs9iq2LnYp9ixLDAsMTc1LDA=
+extraColumns:: bWFpbCzYudmG2YjYp9mGINin2YTYqNix2YrYryDYp9mE2KXZhNmD2KrYsdmI2YbZiiwwLDEwMCww
+extraColumns:: c0FNQWNjb3VudE5hbWUs4oCP4oCP2KfYs9mFINiq2LPYrNmK2YQg2KfZhNiv2K7ZiNmEINin2YTYs9in2KjZgiDZhNmAIFdpbmRvd3MgMjAwMCwwLDEyMCww
+extraColumns:: ZGlzcGxheU5hbWUs2KfYs9mFINin2YTYudix2LYsMCwxMDAsMA==
+extraColumns:: ZGVwYXJ0bWVudCzYp9mE2YLYs9mFLDAsMTUwLDA=
+extraColumns:: YyzYp9mE2KjZhNivLDAsLTEsMA==
+extraColumns:: Y29tcGFueSzYp9mE2LTYsdmD2KksMCwxNTAsMA==
+extraColumns:: bCzYp9mE2YXYr9mK2YbYqSwwLDE1MCww
+extraColumns:: dGVsZXBob25lTnVtYmVyLNmH2KfYqtmBINin2YTYudmF2YQsMCwxMDAsMA==
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 2K3Yp9mI2YrYqSDYp9mE2YXZiNin2YLYuQ==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 2K3Yp9mI2YrYqSDYp9mE2YbZgtmEINio2YrZhiDYp9mE2YXZiNin2YLYuQ==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 2K3Yp9mI2YrYqSDYp9mE2LTYqNmD2KfYqiDYp9mE2YHYsdi52YrYqQ==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 2K3Yp9mI2YrYqSDYp9mE2YXZhNmC2YXYp9iq
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 2K7Yr9mF2KkgQWN0aXZlIERpcmVjdG9yeQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 2YbZh9isINin2YTYp9iz2KrYudmE2KfZhQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 2KPYs9in2LMg2KfZhNij2YXYp9mGINin2YTYrtin2LHYrNmK
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: 2YLYp9mE2Kgg2KfZhNi02YfYp9iv2Kk=
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LNin2YTYo9i12YQg2KfZhNij2K7ZitixINin2YTZhdi52LHZiNmBLDEsMzAwLDA=
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LNin2YTZhdiz2KfYudiv
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+attributeDisplayNames:: YyzYp9iu2KrYtdin2LEg2KfZhNio2YTYrw==
+attributeDisplayNames:: Y28s2KfZhNio2YTYrw==
+attributeDisplayNames:: Y29tbWVudCzYp9mE2KrYudmE2YrZgg==
+attributeDisplayNames:: Y29tcGFueSzYp9mE2LTYsdmD2Kk=
+attributeDisplayNames:: ZGVwYXJ0bWVudCzYp9mE2YLYs9mF
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzYp9mE2KrZgtin2LHZitixINin2YTZhdio2KfYtNix2Kk=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs2KfZhNin2LPZhSDYp9mE2YXZhdmK2LIg2YTZgCBYNTAw
+attributeDisplayNames:: ZGl2aXNpb24s2KfZhNmB2LHYuQ==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzYp9mE2LHZgtmFINin2YTZhdi52LHZgSDZhNmE2YXZiNi42YE=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNix2YLZhSDYp9mE2YHYp9mD2LM=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizZhNin2K3ZgtipINin2YTYp9iz2YU=
+attributeDisplayNames:: Z2l2ZW5OYW1lLNin2YTYp9iz2YUg2KfZhNij2YjZhA==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzYp9mE2K/ZhNmK2YQg2KfZhNix2KbZitiz2Yo=
+attributeDisplayNames:: aG9tZURyaXZlLNmF2K3YsdmDINin2YTYo9mC2LHYp9i1INin2YTYsdim2YrYs9mK
+attributeDisplayNames:: aG9tZVBob25lLNmH2KfYqtmBINin2YTZhdmG2LLZhA==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms2LnZhtmI2KfZhiDYp9mE2YXZhtiy2YQ=
+attributeDisplayNames:: aW5pdGlhbHMs2KfZhNij2K3YsdmBINin2YTYo9mI2YTZiSDZhdmGINin2YTYo9iz2YXYp9ih
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs2LHZgtmFIElTRE4g2KfZhNiv2YjZhNmKICjYotiu2LEp
+attributeDisplayNames:: aXBQaG9uZSzYsdmC2YUg2YfYp9iq2YEgSVA=
+attributeDisplayNames:: bCzYp9mE2YXYr9mK2YbYqQ==
+attributeDisplayNames:: bWFpbCzYudmG2YjYp9mGINin2YTYqNix2YrYryDYp9mE2KXZhNmD2KrYsdmI2YbZig==
+attributeDisplayNames:: bWFuYWdlcizYp9mE2YXYr9mK2LE=
+attributeDisplayNames:: bWVtYmVyT2Ys2LnYttmIINmB2Yo=
+attributeDisplayNames:: bWlkZGxlTmFtZSzYp9mE2KfYs9mFINin2YTYo9mI2LPYtw==
+attributeDisplayNames:: bW9iaWxlLNix2YLZhSDYp9mE2YfYp9iq2YEg2KfZhNis2YjZkdin2YQ=
+attributeDisplayNames:: aW5mbyzZhdmE2KfYrdi42KfYqg==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs2LHZgtmFINin2YTZgdin2YPYsyAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs2LHZgtmFINmH2KfYqtmBINin2YTZhdmG2LLZhCAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLNi52YbZiNin2YYg2YfYp9iq2YEgSVAgKNii2K7YsSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNi52YbZiNin2YYg2KfZhNio2LHZitivINin2YTYpdmE2YPYqtix2YjZhtmKICjYotiu2LEp
+attributeDisplayNames:: b3RoZXJNb2JpbGUs2LHZgtmFINin2YTZh9in2KrZgSDYp9mE2KzZiNmR2KfZhCAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcizYsdmC2YUg2KfZhNmG2K/Zkdin2KEgKNii2K7YsSk=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs2LHZgtmFINin2YTZh9in2KrZgSAo2KLYrtixKQ==
+attributeDisplayNames:: cGFnZXIs2LHZgtmFINin2YTZhtiv2ZHYp9ih
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzYp9mE2YTZgtio
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs2YXZiNmC2Lkg2KfZhNmF2YPYqtio
+attributeDisplayNames:: cG9zdGFsQ29kZSzYp9mE2LHZhdiyINin2YTYqNix2YrYr9mK
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzYtdmG2K/ZiNmCINin2YTYqNix2YrYrw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNix2YLZhSBJU0ROINin2YTYr9mI2YTZig==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNix2YLZhSDYp9mE2KrZhNmK2YPYsw==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs2KfYs9mFINiq2LPYrNmK2YQg2KfZhNiv2K7ZiNmEICjZhdinINmC2KjZhCBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: c24s2KfYs9mFINin2YTYudin2KbZhNip
+attributeDisplayNames:: c3Qs2KfZhNmI2YTYp9mK2Kkv2KfZhNmF2YLYp9i32LnYqQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzYp9mE2LnZhtmI2KfZhg==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNix2YLZhSDYp9mE2YfYp9iq2YE=
+attributeDisplayNames:: dGVsZXhOdW1iZXIs2LHZgtmFINin2YTYqtmE2YrZg9izICjYotiu2LEp
+attributeDisplayNames:: dGl0bGUs2KfZhNmF2LPZhdmJINin2YTZiNi42YrZgdmK
+attributeDisplayNames:: dXJsLNi52YbZiNin2YYg2LXZgdit2Kkg2YjZitioICjYotiu2LEp
+attributeDisplayNames:: ZGlzcGxheU5hbWUs2KfYs9mFINin2YTYudix2LY=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzZhdit2LfYp9iqINiq2LPYrNmK2YQg2KfZhNiv2K7ZiNmE
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs2KfYs9mFINiq2LPYrNmK2YQg2KfZhNiv2K7ZiNmE
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us2LnZhtmI2KfZhiDYtdmB2K3YqSDZiNmK2Kg=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror-gruppe
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror-tjeneste
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Bruker
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViLWFkcmVzc2U=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsUMOlbG9nZ2luZ3NuYXZu
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxBcmJlaWRzc3Rhc2pvbmVyIHNvbSBrYW4gbG9nZ2VzIHDDpQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzbmluZ3NuYXZu
+attributeDisplayNames:: dXJsLEFkcmVzc2UgdGlsIFdlYi1zaWRlIChhbmRyZSk=
+attributeDisplayNames:: dGl0bGUsU3RpbGxpbmc=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzbnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxHYXRlYWRyZXNzZQ==
+attributeDisplayNames:: c3QsRGVsc3RhdC9yZWdpb24=
+attributeDisplayNames:: c24sRXR0ZXJuYXZu
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsUMOlbG9nZ2luZ3NuYXZuIChwcmUtV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrc251bW1lcg==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGVybmFzam9uYWx0IElTRE4tbnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0Ym9rcw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9y
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXR0ZWw=
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O4a2VybnVtbWVy
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm51bW1lciAoYW5kcmUp
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7hrZXJudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtcG9zdGFkcmVzc2UgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgcHJpdmF0IChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsVGVsZWZha3NudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: aW5mbyxNZXJrbmFkZXI=
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsb21uYXZu
+attributeDisplayNames:: bWVtYmVyT2YsTWVkbGVtIGF2
+attributeDisplayNames:: bWFuYWdlcixMZWRlcg==
+attributeDisplayNames:: bWFpbCxFLXBvc3RhZHJlc3Nl
+attributeDisplayNames:: bCxQb3N0c3RlZA==
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50ZXJuYXNqb25hbHQgSVNETi1udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: aW5pdGlhbHMsRm9yYm9rc3RhdmVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsUHJpdmF0YWRyZXNzZQ==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24sIHByaXZhdA==
+attributeDisplayNames:: aG9tZURyaXZlLEhqZW1tZXN0YXNqb24=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxIamVtbWVtYXBwZQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEZvcm5hdm4=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixHZW5lcmFzam9uc3N1ZmZpa3M=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLFRlbGVmYWtzbnVtbWVy
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnNhdHQtSUQ=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNqb24=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWC41MDAgdW5pa3QgbmF2bg==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEaXJla3RlIHVuZGVyb3JkbmVkZQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBdmRlbGluZw==
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kc2ZvcmtvcnRlbHNl
+attributeDisplayNames:: Y24sTmF2bg==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Gruppe
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: wWWHomePage,Web-adresse
+attributeDisplayNames: url,Adresse til Web-side (andre)
+attributeDisplayNames: samAccountName,Gruppenavn (pre-Windows 2000)
+attributeDisplayNames: physicalDeliveryOfficeName,Kontor
+attributeDisplayNames: info,Merknader
+attributeDisplayNames: member,Medlemmer
+attributeDisplayNames: managedBy,Behandles av
+attributeDisplayNames: l,Poststed
+attributeDisplayNames: distinguishedName,X.500 unikt navn
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: c,Landsforkortelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Domene
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: dc,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Kontakt
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViLWFkcmVzc2U=
+attributeDisplayNames:: dXJsLEFkcmVzc2UgdGlsIFdlYi1zaWRlIChhbmRyZSk=
+attributeDisplayNames:: dGl0bGUsU3RpbGxpbmc=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzbnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxHYXRlYWRyZXNzZQ==
+attributeDisplayNames:: c3QsRGVsc3RhdC9yZWdpb24=
+attributeDisplayNames:: c24sRXR0ZXJuYXZu
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrc251bW1lcg==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGVybmFzam9uYWx0IElTRE4tbnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0Ym9rcw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9y
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXR0ZWw=
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O4a2VybnVtbWVy
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm51bW1lciAoYW5kcmUp
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7hrZXJudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtcG9zdGFkcmVzc2UgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgcHJpdmF0IChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsVGVsZWZha3NudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsb21uYXZu
+attributeDisplayNames:: bWVtYmVyT2YsTWVkbGVtIGF2
+attributeDisplayNames:: bWFuYWdlcixMZWRlcg==
+attributeDisplayNames:: bWFpbCxFLXBvc3RhZHJlc3Nl
+attributeDisplayNames:: bCxQb3N0c3RlZA==
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50ZXJuYXNqb25hbHQgSVNETi1udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: aW5mbyxNZXJrbmFkZXI=
+attributeDisplayNames:: aW5pdGlhbHMsRm9yYm9rc3RhdmVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsUHJpdmF0YWRyZXNzZQ==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24sIHByaXZhdA==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEZvcm5hdm4=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixHZW5lcmFzam9uc3N1ZmZpa3M=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLFRlbGVmYWtzbnVtbWVy
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnNhdHQtSUQ=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNqb24=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWC41MDAgdW5pa3QgbmF2bg==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzbmluZ3NuYXZu
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEaXJla3RlIHVuZGVyb3JkbmVkZQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBdmRlbGluZw==
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y24sTmF2bg==
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kc2ZvcmtvcnRlbHNl
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Domenepolicy
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Lokal policy
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Tjeneste
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Datamaskin
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: samAccountName,Datamaskinnavn (pre-Windows 2000)
+attributeDisplayNames: operatingSystemVersion,Operativsystemversjon
+attributeDisplayNames: operatingSystem,Operativsystem
+attributeDisplayNames: managedBy,Behandles av
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Skriver
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixPYmpla3R2ZXJzam9u
+attributeDisplayNames:: dXJsLFdlYi1hZHJlc3Nl
+attributeDisplayNames:: c2VydmVyTmFtZSxTZXJ2ZXJuYXZu
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxTdMO4dHRlciBzdGlmdGluZw==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTmF2biBww6UgZGVsdCByZXNzdXJz
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxTaWRlciBwZXIgbWludXR0
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxIYXN0aWdoZXRzZW5oZXRlcg==
+attributeDisplayNames:: cHJpbnRSYXRlLEhhc3RpZ2hldA==
+attributeDisplayNames:: cHJpbnRPd25lcixFaWVybmF2bg==
+attributeDisplayNames:: cHJpbnRNZW1vcnksTWlubmUgaW5zdGFsbGVydA==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxTdMO4dHRlZGUgcGFwaXJ0eXBlcg==
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFRpbGdqZW5nZWxpZ2UgcGFwaXJ0eXBlcg==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLE1ha3NpbWFsIG9wcGzDuHNuaW5n
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxTa3JpdmVyc3Byw6Vr
+attributeDisplayNames:: cHJpbnRlck5hbWUsTmF2bg==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsU3TDuHR0ZXIgZG9iYmVsdHNpZGlnIHV0c2tyaWZ0
+attributeDisplayNames:: cHJpbnRDb2xvcixTdMO4dHRlciBmYXJnZXV0c2tyaWZ0
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFN0w7h0dGVyIHNvcnRlcmluZw==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxJbm5za3VmZmVy
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydA==
+attributeDisplayNames:: bG9jYXRpb24sUGxhc3NlcmluZw==
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbGw=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS29tbWVudGFy
+attributeDisplayNames:: Y29udGFjdE5hbWUsS29udGFrdA==
+attributeDisplayNames:: YXNzZXROdW1iZXIsR2plbnN0YW5kc251bW1lcg==
+attributeDisplayNames:: dU5DTmFtZSxOZXR0dmVya3NuYXZu
+attributeDisplayNames:: Y24sTmF2biBww6Uga2F0YWxvZ3RqZW5lc3Rl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: T21yw6VkZQ==
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Innstillinger
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Innstillinger for domenekontroller
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Tilkobling
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-innstillinger
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-replikasett
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Delnett
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: T21yw6VkZWtvYmxpbmc=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: T21yw6VkZWtvYmxpbmdzYnJv
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: VHJhbnNwb3J0IG1lbGxvbSBvbXLDpWRlcg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: SW5uc3RpbGxpbmdlciBmb3IgbGlzZW5zaWVyaW5nc29tcsOlZGU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: T21yw6VkZWlubnN0aWxsaW5nZXI=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-medlem
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-abonnent
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-abonnement
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Organisasjonsenhet
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: managedBy,Behandles av
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: ou,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Beholder
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: RPC-tjenester
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Klarert domene
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Delt mappe
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxOZXR0dmVya3NiYW5l
+attributeDisplayNames:: a2V5d29yZHMsTsO4a2tlbG9yZA==
+attributeDisplayNames:: bWFuYWdlZEJ5LEJlaGFuZGxlcyBhdg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: Y24sTmF2bg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUS1rw7g=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-konfigurasjon
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ-organisasjon
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName: MSMQ-oppgradert bruker
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-rutingskobling
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-innstillinger
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUS1rw7hhbGlhcw==
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Formater navn
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: MSMQ-gruppe
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLE1lZGxlbXNrw7hlcg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: Y24sTmF2bg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Ekstern lagringstjeneste
+adminContextMenu: 0,&Behandle...,RsAdmin.msc
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSxQb3N0bnVtbWVyLDAsMTAwLDA=
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAtZS1wb3N0YWRyZXNzZSwwLDEzMCww
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsQnJ1a2VycMOlbG9nZ2luZ3NuYXZuLDAsMjAwLDA=
+extraColumns:: dGl0bGUsU3RpbGxpbmcsMCwxMDAsMA==
+extraColumns:: dGFyZ2V0QWRkcmVzcyxNw6VsYWRyZXNzZSwwLDEwMCww
+extraColumns:: c3QsVGlsc3RhbmQsMCwxMDAsMA==
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9yLDAsMTAwLDA=
+extraColumns:: d2hlbkNoYW5nZWQsRW5kcmV0LDAsMTMwLDA=
+extraColumns:: c24sRXR0ZXJuYXZuLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsV2ViLWFkcmVzc2UgZm9yIMO4eWVibGlra2VsaWdlIG1lbGRpbmdlciwwLDE0MCww
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxIamVtbWVzZXJ2ZXIgZm9yIMO4eWVibGlra2VsaWdlIG1lbGRpbmdlciwwLDE3MCww
+extraColumns:: Z2l2ZW5OYW1lLEZvcm5hdm4sMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixFeGNoYW5nZS1lLXBvc3RiZWhvbGRlciwwLDEwMCww
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlLWFsaWFzLDAsMTc1LDA=
+extraColumns:: bWFpbCxFLXBvc3RhZHJlc3NlLDAsMTAwLDA=
+extraColumns:: c0FNQWNjb3VudE5hbWUsUMOlbG9nZ2luZ3NuYXZuLCBwcmUtV2luZG93cyAyMDAwLDAsMTIwLDA=
+extraColumns:: ZGlzcGxheU5hbWUsVmlzbmluZ3NuYXZuLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCxBdmRlbGluZywwLDE1MCww
+extraColumns:: YyxMYW5kLDAsLTEsMA==
+extraColumns:: Y29tcGFueSxGaXJtYSwwLDE1MCww
+extraColumns:: bCxQb3N0c3RlZCwwLDE1MCww
+extraColumns:: dGVsZXBob25lTnVtYmVyLFRlbGVmb24sIGFyYmVpZCwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVob2xkZXIgZm9yIG9tcsOlZGVy
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVob2xkZXIgZm9yIHRyYW5zcG9ydGVyIG1lbGxvbSBvbXLDpWRlcg==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Beholder for delnett
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Beholder for servere
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Active Directory-tjeneste
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U3DDuHJyaW5nc3BvbGljeQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Eksternt sikkerhetsobjekt
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Sertifikatmal
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns: lastKnownParent,Siste kjente overordnede,1,300,0
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+attributeDisplayNames:: Y24sTmF2bg==
+attributeDisplayNames:: YyxMYW5kc2ZvcmtvcnRlbHNl
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBdmRlbGluZw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEaXJla3RlIHVuZGVyb3JkbmVkZQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWC41MDAgdW5pa3QgbmF2bg==
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNqb24=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnNhdHQtSUQ=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLFRlbGVmYWtzbnVtbWVy
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixHZW5lcmFzam9uc3N1ZmZpa3M=
+attributeDisplayNames:: Z2l2ZW5OYW1lLEZvcm5hdm4=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxIamVtbWVtYXBwZQ==
+attributeDisplayNames:: aG9tZURyaXZlLEhqZW1tZXN0YXNqb24=
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24sIHByaXZhdA==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsUHJpdmF0YWRyZXNzZQ==
+attributeDisplayNames:: aW5pdGlhbHMsRm9yYm9rc3RhdmVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50ZXJuYXNqb25hbHQgSVNETi1udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: bCxQb3N0c3RlZA==
+attributeDisplayNames:: bWFpbCxFLXBvc3RhZHJlc3Nl
+attributeDisplayNames:: bWFuYWdlcixMZWRlcg==
+attributeDisplayNames:: bWVtYmVyT2YsTWVkbGVtIGF2
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsb21uYXZu
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: aW5mbyxNZXJrbmFkZXI=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsVGVsZWZha3NudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciAoYW5kcmUp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtcG9zdGFkcmVzc2UgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7hrZXJudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm51bW1lciAoYW5kcmUp
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O4a2VybnVtbWVy
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXR0ZWw=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9y
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0Ym9rcw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGVybmFzam9uYWx0IElTRE4tbnVtbWVy
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrc251bW1lcg==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsUMOlbG9nZ2luZ3NuYXZuIChwcmUtV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: c24sRXR0ZXJuYXZu
+attributeDisplayNames:: c3QsRGVsc3RhdC9yZWdpb24=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxHYXRlYWRyZXNzZQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzbnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: dGl0bGUsU3RpbGxpbmc=
+attributeDisplayNames:: dXJsLEFkcmVzc2UgdGlsIFdlYi1zaWRlIChhbmRyZSk=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzbmluZ3NuYXZu
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxBcmJlaWRzc3Rhc2pvbmVyIHNvbSBrYW4gbG9nZ2VzIHDDpQ==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsUMOlbG9nZ2luZ3NuYXZu
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViLWFkcmVzc2U=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: zp/OvM6szrTOsSBJbnRlbGxpTWlycm9y
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: zqXPgM63z4HOtc+Dzq/OsSBJbnRlbGxpTWlycm9y
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zqfPgc6uz4PPhM63z4I=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UszpTOuc61z43OuM+Fzr3Pg863IM65z4PPhM6/z4POtc67zq/OtM6xz4I=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUszozOvc6/zrzOsSDPg8+Nzr3OtM61z4POt8+C
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzOo8+EzrHOuM68zr/OryDOtc+BzrPOsc+Dzq/Osc+CIM+Dz43Ovc60zrXPg863z4I=
+attributeDisplayNames:: ZGlzcGxheU5hbWUszpXOvM+GzrHOvc65zrbPjM68zrXOvc6/IM+Mzr3Ov868zrE=
+attributeDisplayNames:: dXJsLM6UzrnOtc+NzrjPhc69z4POtyDOuc+Dz4TOv8+DzrXOu86vzrTOsc+CICjOhs67zrvOtc+CKQ==
+attributeDisplayNames:: dGl0bGUszqTOr8+EzrvOv8+CIM61z4HOs86xz4POr86xz4I=
+attributeDisplayNames:: dGVsZXhOdW1iZXIszpHPgc65zrjOvM+Mz4Igz4TOrc67zrXOviAozobOu867zr/OuSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+EzrfOu861z4bPjs69zr/PhQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzOlM65zrXPjc64z4XOvc+Dzrc=
+attributeDisplayNames:: c3Qszp3Ov868z4zPgg==
+attributeDisplayNames:: c24szpXPgM+Ozr3Phc68zr8=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUszozOvc6/zrzOsSDPg8+Nzr3OtM61z4POt8+CICjPgM+BzrnOvSDPhM6xIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+Ezq3Ou861zr4=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLM6UzrnOtc64zr3Ors+CIM6xz4HOuc64zrzPjM+CIElTRE4=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzOpM6xz4fPhc60z4HOv868zrnOus6uIM64z4XPgc6vzrTOsQ==
+attributeDisplayNames:: cG9zdGFsQ29kZSzOpM6xz4cuIM66z47OtM65zrrOsc+C
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUszqTOv8+Azr/OuM61z4POr86xIM6zz4HOsc+GzrXOr86/z4U=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzOpM6vz4TOu86/z4I=
+attributeDisplayNames:: cGFnZXIszpHPgc65zrjOvM+Mz4Igz4TOt867zrXOtc65zrTOv8+Azr/Or863z4POt8+C
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUszpHPgc65zrjOvM+Mz4Igz4TOt867zrXPhs+Ozr3Ov8+FICjOhs67zrvOv865KQ==
+attributeDisplayNames:: b3RoZXJQYWdlcizOkc+BzrnOuM68z4zPgiDPhM63zrvOtc61zrnOtM6/z4DOv86vzrfPg863z4IgKM6GzrvOu86/zrkp
+attributeDisplayNames:: b3RoZXJNb2JpbGUszpHPgc65zrjOvM+Mz4IgzrrOuc69zrfPhM6/z40gKM6GzrvOu86/zrkp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LM6UzrnOtc+NzrjPhc69z4POtyDOt867zrXOus+Ez4HOv869zrnOus6/z40gz4TOsc+Hz4XOtM+Bzr/OvM61zq/Ov8+FICjOhs67zrvOtc+CKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLM6Rz4HOuc64zrzPjM+CIM+EzrfOu861z4bPjs69zr/PhSBJUCAozobOu867zr/OuSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUszpHPgc65zrjOvM+Mz4Igz4TOt867zrXPhs+Ozr3Ov8+FIM6/zrnOus6vzrHPgiAozobOu867zr/OuSk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIszpHPgc65zrjOvM+Mz4Igz4bOsc6+ICjOhs67zrvOv865KQ==
+attributeDisplayNames:: aW5mbyzOo863zrzOtc65z47Pg861zrnPgg==
+attributeDisplayNames:: bW9iaWxlLM6Rz4HOuc64zrzPjM+CIM66zrnOvc63z4TOv8+N
+attributeDisplayNames:: bWlkZGxlTmFtZSzOoM6xz4TPgc+Ozr3Phc68zr8=
+attributeDisplayNames:: bWVtYmVyT2YszpzOrc67zr/PgiDPhM6/z4U=
+attributeDisplayNames:: bWFuYWdlcizOpc+AzrXPjc64z4XOvc6/z4I=
+attributeDisplayNames:: bWFpbCzOlM65zrXPjc64z4XOvc+DzrcgzrfOu861zrrPhM+Bzr/Ovc65zrrOv8+NIM+EzrHPh8+FzrTPgc6/zrzOtc6vzr/PhQ==
+attributeDisplayNames:: bCzOoM+MzrvOtw==
+attributeDisplayNames:: aXBQaG9uZSzOkc+BzrnOuM68z4zPgiDPhM63zrvOtc+Gz47Ovc6/z4UgSVA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIszpTOuc61zrjOvc6uz4IgzrHPgc65zrjOvM+Mz4IgSVNETiAozobOu867zr/OuSk=
+attributeDisplayNames:: aW5pdGlhbHMszpHPgc+HzrnOus6s
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MszpTOuc61z43OuM+Fzr3Pg863IM6/zrnOus6vzrHPgg==
+attributeDisplayNames:: aG9tZVBob25lLM6kzrfOu86tz4bPic69zr8gzr/Ouc66zq/Osc+C
+attributeDisplayNames:: aG9tZURyaXZlLM6azrXOvc+Ez4HOuc66zq4gzrzOv869zqzOtM6xIM60zq/Pg866zr/PhQ==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzOms61zr3PhM+BzrnOus+Mz4Igz4bOrM66zrXOu86/z4I=
+attributeDisplayNames:: Z2l2ZW5OYW1lLM6Mzr3Ov868zrE=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizOlc+Azq/OuM63zrzOsSDOtM63zrzOuc6/z4XPgc6zzq/Osc+C
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+GzrHOvg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzOkc69zrHOs869z4nPgc65z4PPhM65zrrPjCDOtc+BzrPOsc62zr/OvM6tzr3Ov8+F
+attributeDisplayNames:: ZGl2aXNpb24szqTOv868zq3Osc+C
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUszpHPgM6/zrrOu861zrnPg8+EzrnOus+MIM+Mzr3Ov868zrEgWDUwMA==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzOhs68zrXPg86xIM+Fz4DOtc+NzrjPhc69zr/OuQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: ZGVwYXJ0bWVudCzOpM68zq7OvM6x
+attributeDisplayNames:: Y29tcGFueSzOlc+EzrHOuc+BzrXOr86x
+attributeDisplayNames:: Y29tbWVudCzOo8+Hz4zOu865zr8=
+attributeDisplayNames:: Y28szqfPjs+BzrE=
+attributeDisplayNames:: YyzOo8+Fzr3PhM6/zrzOv86zz4HOsc+Gzq/OsSDPh8+Oz4HOsc+C
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+attributeDisplayNames:: YXNzaXN0YW50LM6Szr/Ot864z4zPgg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zp/OvM6szrTOsQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UszpTOuc61z43OuM+Fzr3Pg863IM65z4PPhM6/z4POtc67zq/OtM6xz4I=
+attributeDisplayNames:: dXJsLM6UzrnOtc+NzrjPhc69z4POtyDOuc+Dz4TOv8+DzrXOu86vzrTOsc+CICjOhs67zrvOtc+CKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUszozOvc6/zrzOsSDOv868zqzOtM6xz4IgKM+Az4HOuc69IM+EzrEgV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUszqTOv8+Azr/OuM61z4POr86xIM6zz4HOsc+GzrXOr86/z4U=
+attributeDisplayNames:: aW5mbyzOo863zrzOtc65z47Pg861zrnPgg==
+attributeDisplayNames:: bWVtYmVyLM6czq3Ou863
+attributeDisplayNames:: bWFuYWdlZEJ5LM6UzrnOsc+HzrXOuc+Bzq/Ots61z4TOsc65IM6xz4DPjA==
+attributeDisplayNames:: bCzOoM+MzrvOtw==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUszpHPgM6/zrrOu861zrnPg8+EzrnOus+MIM+Mzr3Ov868zrEgWDUwMA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: YyzOo8+Fzr3PhM6/zrzOv86zz4HOsc+Gzq/OsSDPh8+Oz4HOsc+C
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zqTOv868zq3Osc+C
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: ZGMszozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zpXPgM6xz4bOrg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UszpTOuc61z43OuM+Fzr3Pg863IM65z4PPhM6/z4POtc67zq/OtM6xz4I=
+attributeDisplayNames:: dXJsLM6UzrnOtc+NzrjPhc69z4POtyDOuc+Dz4TOv8+DzrXOu86vzrTOsc+CICjOhs67zrvOtc+CKQ==
+attributeDisplayNames:: dGl0bGUszqTOr8+EzrvOv8+CIM61z4HOs86xz4POr86xz4I=
+attributeDisplayNames:: dGVsZXhOdW1iZXIszpHPgc65zrjOvM+Mz4Igz4TOrc67zrXOviAozobOu867zr/OuSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+EzrfOu861z4bPjs69zr/PhQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzOlM65zrXPjc64z4XOvc+Dzrc=
+attributeDisplayNames:: c3Qszp3Ov868z4zPgg==
+attributeDisplayNames:: c24szpXPgM+Ozr3Phc68zr8=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+Ezq3Ou861zr4=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLM6UzrnOtc64zr3Ors+CIM6xz4HOuc64zrzPjM+CIElTRE4=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzOpM6xz4fPhc60z4HOv868zrnOus6uIM64z4XPgc6vzrTOsQ==
+attributeDisplayNames:: cG9zdGFsQ29kZSzOpM6xz4cuIM66z47OtM65zrrOsc+C
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUszqTOv8+Azr/OuM61z4POr86xIM6zz4HOsc+GzrXOr86/z4U=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzOpM6vz4TOu86/z4I=
+attributeDisplayNames:: cGFnZXIszpHPgc65zrjOvM+Mz4Igz4TOt867zrXOtc65zrTOv8+Azr/Or863z4POt8+C
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUszpHPgc65zrjOvM+Mz4Igz4TOt867zrXPhs+Ozr3Ov8+FICjOhs67zrvOv865KQ==
+attributeDisplayNames:: b3RoZXJQYWdlcizOkc+BzrnOuM68z4zPgiDPhM63zrvOtc61zrnOtM6/z4DOv86vzrfPg863z4IgKM6GzrvOu86/zrkp
+attributeDisplayNames:: b3RoZXJNb2JpbGUszpHPgc65zrjOvM+Mz4IgzrrOuc69zrfPhM6/z40gKM6GzrvOu86/zrkp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LM6UzrnOtc+NzrjPhc69z4POtyDOt867zrXOus+Ez4HOv869zrnOus6/z40gz4TOsc+Hz4XOtM+Bzr/OvM61zq/Ov8+FICjOhs67zrvOtc+CKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLM6Rz4HOuc64zrzPjM+CIM+EzrfOu861z4bPjs69zr/PhSBJUCAozobOu867zr/OuSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUszpHPgc65zrjOvM+Mz4Igz4TOt867zrXPhs+Ozr3Ov8+FIM6/zrnOus6vzrHPgiAozobOu867zr/OuSk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIszpHPgc65zrjOvM+Mz4Igz4bOsc6+ICjOhs67zrvOv865KQ==
+attributeDisplayNames:: bW9iaWxlLM6Rz4HOuc64zrzPjM+CIM66zrnOvc63z4TOv8+N
+attributeDisplayNames:: bWlkZGxlTmFtZSzOoM6xz4TPgc+Ozr3Phc68zr8=
+attributeDisplayNames:: bWVtYmVyT2YszpzOrc67zr/PgiDPhM6/z4U=
+attributeDisplayNames:: bWFuYWdlcizOpc+AzrXPjc64z4XOvc6/z4I=
+attributeDisplayNames:: bWFpbCzOlM65zrXPjc64z4XOvc+DzrcgzrfOu861zrrPhM+Bzr/Ovc65zrrOv8+NIM+EzrHPh8+FzrTPgc6/zrzOtc6vzr/PhQ==
+attributeDisplayNames:: bCzOoM+MzrvOtw==
+attributeDisplayNames:: aXBQaG9uZSzOkc+BzrnOuM68z4zPgiDPhM63zrvOtc+Gz47Ovc6/z4UgSVA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIszpTOuc61zrjOvc6uz4IgzrHPgc65zrjOvM+Mz4IgSVNETiAozobOu867zr/OuSk=
+attributeDisplayNames:: aW5mbyzOo863zrzOtc65z47Pg861zrnPgg==
+attributeDisplayNames:: aW5pdGlhbHMszpHPgc+HzrnOus6s
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MszpTOuc61z43OuM+Fzr3Pg863IM6/zrnOus6vzrHPgg==
+attributeDisplayNames:: aG9tZVBob25lLM6kzrfOu86tz4bPic69zr8gzr/Ouc66zq/Osc+C
+attributeDisplayNames:: Z2l2ZW5OYW1lLM6Mzr3Ov868zrE=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizOlc+Azq/OuM63zrzOsSDOtM63zrzOuc6/z4XPgc6zzq/Osc+C
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+GzrHOvg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzOkc69zrHOs869z4nPgc65z4PPhM65zrrPjCDOtc+BzrPOsc62zr/OvM6tzr3Ov8+F
+attributeDisplayNames:: ZGl2aXNpb24szqTOv868zq3Osc+C
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUszpHPgM6/zrrOu861zrnPg8+EzrnOus+MIM+Mzr3Ov868zrEgWDUwMA==
+attributeDisplayNames:: ZGlzcGxheU5hbWUszpXOvM+GzrHOvc65zrbPjM68zrXOvc6/IM+Mzr3Ov868zrE=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzOhs68zrXPg86xIM+Fz4DOtc+NzrjPhc69zr/OuQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: ZGVwYXJ0bWVudCzOpM68zq7OvM6x
+attributeDisplayNames:: Y29tcGFueSzOlc+EzrHOuc+BzrXOr86x
+attributeDisplayNames:: Y29tbWVudCzOo8+Hz4zOu865zr8=
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+attributeDisplayNames:: Y28szqfPjs+BzrE=
+attributeDisplayNames:: YyzOo8+Fzr3PhM6/zrzOv86zz4HOsc+Gzq/OsSDPh8+Oz4HOsc+C
+attributeDisplayNames:: YXNzaXN0YW50LM6Szr/Ot864z4zPgg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zqDOv867zrnPhM65zrrOriDPhM6/zrzOrc6x
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zqTOv8+AzrnOus6uIM+Azr/Ou865z4TOuc66zq4=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zqXPgM63z4HOtc+Dzq/OsQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zqXPgM6/zrvOv86zzrnPg8+Ezq7Pgg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUszozOvc6/zrzOsSDPhc+Azr/Ou86/zrPOuc+Dz4TOriAoz4DPgc65zr0gz4TOsSBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizOiM66zrTOv8+DzrcgzrvOtc65z4TOv8+Fz4HOs865zrrOv8+NIM+Dz4XPg8+Ezq7OvM6xz4TOv8+C
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLM6bzrXOuc+Ezr/Phc+BzrPOuc66z4wgz4PPjc+Dz4TOt868zrE=
+attributeDisplayNames:: bWFuYWdlZEJ5LM6UzrnOsc+HzrXOuc+Bzq/Ots61z4TOsc65IM6xz4DPjA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zpXOus+Ez4XPgM+Jz4TOrs+C
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcizOiM66zrTOv8+DzrcgzrHOvc+EzrnOus61zrnOvM6tzr3Ov8+F
+attributeDisplayNames:: dXJsLM6UzrnOtc+NzrjPhc69z4POtyDOuc+Dz4TOv8+DzrXOu86vzrTOsc+C
+attributeDisplayNames:: c2VydmVyTmFtZSzOjM69zr/OvM6xIM60zrnOsc66zr/OvM65z4PPhM6u
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzOpc+Azr/Pg8+Ezq7Pgc65zr7OtyDPg8+Fz4HPgc6xz4bOrs+C
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUszozOvc6/zrzOsSDOus6/zrnOvc+Mz4fPgc63z4PPhM6/z4Ugz4PPhM6/zrnPh861zq/Ov8+F
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzOo861zrvOr860zrXPgiDOsc69zqwgzrvOtc+Az4TPjA==
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzOnM6/zr3OrM60zrXPgiDPhM6xz4fPjc+EzrfPhM6xz4I=
+attributeDisplayNames:: cHJpbnRSYXRlLM6kzrHPh8+Nz4TOt8+EzrE=
+attributeDisplayNames:: cHJpbnRPd25lcizOjM69zr/OvM6xIM66zrHPhM+Mz4fOv8+F
+attributeDisplayNames:: cHJpbnRNZW1vcnkszpXOs866zrHPhM61z4PPhM63zrzOrc69zrcgzrzOvc6uzrzOtw==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzOpM+Nz4DOv865IM+HzrHPgc+EzrnOv8+NIM+Azr/PhSDPhc+Azr/Pg8+EzrfPgc6vzrbOv869z4TOsc65
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LM6UzrnOsc64zq3Pg865zrzOvyDPh86xz4HPhM6v
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLM6czq3Os865z4PPhM63IM6xzr3OrM67z4XPg863
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSzOk867z47Pg8+DzrEgzrXOus+Ez4XPgM+Jz4TOrg==
+attributeDisplayNames:: cHJpbnRlck5hbWUszozOvc6/zrzOsQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQszqXPgM6/z4PPhM63z4HOr862zrXOuSDOtc66z4TPjc+Az4nPg863IM60zrnPgM67zq7PgiDPjM+IzrXPic+C
+attributeDisplayNames:: cHJpbnRDb2xvcizOpc+Azr/Pg8+EzrfPgc6vzrbOtc65IM6tzrPPh8+Bz4nOvM63IM61zrrPhM+Nz4DPic+Dzrc=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLM6lz4DOv8+Dz4TOt8+Bzq/Ots61zrkgz4TOsc6+zrnOvc+MzrzOt8+Dzrc=
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzOms6xz4POrc+EzrXPgiDOtc65z4PPjM60zr/PhQ==
+attributeDisplayNames:: cG9ydE5hbWUszpjPjc+BzrE=
+attributeDisplayNames:: bG9jYXRpb24szpjOrc+Dzrc=
+attributeDisplayNames:: ZHJpdmVyTmFtZSzOnM6/zr3PhM6tzrvOvw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqPPh8+MzrvOuc6/
+attributeDisplayNames:: Y29udGFjdE5hbWUszpXPgM6xz4bOrg==
+attributeDisplayNames:: YXNzZXROdW1iZXIszpHPgc65zrjOvM+Mz4Igz4PPhM6/zrnPh861zq/Ov8+F
+attributeDisplayNames:: dU5DTmFtZSzOjM69zr/OvM6xIM60zrnOus+Ez43Ov8+F
+attributeDisplayNames:: Y24szozOvc6/zrzOsSDPhc+AzrfPgc61z4POr86xz4IgzrrOsc+EzrHOu8+MzrPOv8+F
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: zqTOv8+Azr/OuM61z4POr86x
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: zpTOuc6xzrrOv868zrnPg8+Ezq7Pgg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: zqHPhc64zrzOr8+DzrXOuc+C
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: zqHPhc64zrzOr8+DzrXOuc+CIM61zrvOtc6zzrrPhM6uIM+Ezr/OvM6tzrE=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: zqPPjc69zrTOtc+Dzrc=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: zqHPhc64zrzOr8+DzrXOuc+CIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: zqPPjc69zr/Ou86/IM+BzrXPgM67zq/Ous6xz4IgRlJT
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: zqXPgM6/zrTOr866z4TPhc6/
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: zqPPjc69zrTOtc+Dzrcgz4TOv8+Azr/OuM61z4POr86xz4I=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: zpPOrc+Gz4XPgc6xIM+Dz43Ovc60zrXPg863z4Igz4TOv8+Azr/OuM61z4POr86xz4I=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: zpzOtc+EzrHPhs6/z4HOrCDOvM61z4TOsc6+z40gzrHPgM6/zrzOsc66z4HPhc+DzrzOrc69z4nOvSDPhM6/z4DOv864zrXPg865z47OvQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: zqHPhc64zrzOr8+DzrXOuc+CIM6szrTOtc65zrHPgiDPh8+Bzq7Pg863z4Igz4TOv8+Azr/OuM61z4POr86xz4I=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: zqHPhc64zrzOr8+DzrXOuc+CIM+Ezr/PgM6/zrjOtc+Dzq/Osc+C
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: zpzOrc67zr/PgiBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: zqPPhc69zrTPgc6/zrzOt8+Ezq7PgiBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: zqPPhc69zrTPgc6/zrzOrc+CIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zp/Pgc6zzrHOvc65zrrOriDOvM6/zr3OrM60zrE=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LM6UzrnOsc+HzrXOuc+Bzq/Ots61z4TOsc65IM6xz4DPjA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: b3UszozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zprOv869z4TOrc65zr3Otc+B
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: zqXPgM63z4HOtc+Dzq/Otc+CIFJQQw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: zpHOvs65z4zPgM65z4PPhM6/z4Igz4TOv868zq3Osc+C
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zprOv865zr3PjM+Hz4HOt8+Dz4TOv8+CIM+GzqzOus61zrvOv8+C
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSzOlM65zrHOtM+Bzr/OvM6uIM60zrnOus+Ez43Ov8+F
+attributeDisplayNames:: a2V5d29yZHMszpvOrc6+zrXOuc+CLc66zrvOtc65zrTOuc6s
+attributeDisplayNames:: bWFuYWdlZEJ5LM6UzrnOsc+HzrXOuc+Bzq/Ots61z4TOsc65IM6xz4DPjA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: zp/Phc+BzqwgTVNNUQ==
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: zqHPjc64zrzOuc+Dzrcgz4DOsc+BzrHOvM6tz4TPgc+Jzr0gTVNNUQ==
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: zpXPhM6xzrnPgc61zq/OsSBNU01R
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: zpHOvc6xzrLOsc64zrzOuc+DzrzOrc69zr/PgiDPh8+Bzq7Pg8+EzrfPgiBNU01R
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: zqPPjc69zrTOtc+DzrcgzrTPgc6/zrzOv867z4zOs863z4POt8+CIE1TTVE=
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: zqHPhc64zrzOr8+DzrXOuc+CIE1TTVE=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: zqjOtc+FzrTPjs69z4XOvM6xIM6/z4XPgc6sz4IgTVNNUQ==
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSzOjM69zr/OvM6xIM68zr/Pgc+Gzq7Pgg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: zozOvc6/zrzOsSBNU01R
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLM6fz4XPgc6tz4ItzrzOrc67zrc=
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: zqXPgM63z4HOtc+Dzq/OsSDOsc+Azr/OvM6xzrrPgc+Fz4POvM6tzr3Ot8+CIM6xz4DOv864zq7Ous61z4XPg863z4I=
+adminContextMenu:: MCzOlM65zrEmz4fOtc6vz4HOuc+DzrcuLi4sUnNBZG1pbi5tc2M=
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSzOpM6xz4fPhc60z4HOv868zrnOus+Mz4IgzrrPjs60zrnOus6xz4IsMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MszpTOuc61z43OuM+Fzr3Pg863IM63zrvOtc66z4TPgc6/zr3Ouc66zr/PjSDPhM6xz4fPhc60z4HOv868zrXOr86/z4UgWC40MDAsMCwxMzAsMA==
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUszozOvc6/zrzOsSDPg8+Nzr3OtM61z4POt8+CIM+Hz4HOrs+Dz4TOtywwLDIwMCww
+extraColumns:: dGl0bGUszqTOr8+EzrvOv8+CIM61z4HOs86xz4POr86xz4IsMCwxMDAsMA==
+extraColumns:: dGFyZ2V0QWRkcmVzcyzOlM65zrXPjc64z4XOvc+Dzrcgz4DPgc6/zr/Pgc65z4POvM6/z40sMCwxMDAsMA==
+extraColumns:: c3QszprOsc+EzqzPg8+EzrHPg863LDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUszpPPgc6xz4bOtc6vzr8sMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQszqTPgc6/z4DOv8+Azr/Ouc6uzrjOt866zrUsMCwxMzAsMA==
+extraColumns:: c24szpXPgM+Ozr3Phc68zr8sMCwxMDAsMA==
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMIM6szrzOtc+Dz4nOvSDOvM63zr3Phc68zqzPhM+Jzr0sMCwxNDAsMA==
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCzOlM65zrHOus6/zrzOuc+Dz4TOrs+CIM66zrXOvc+Ez4HOuc66zq7PgiDPg861zrvOr860zrHPgiDOrM68zrXPg8+Jzr0gzrzOt869z4XOvM6sz4TPic69LDAsMTcwLDA=
+extraColumns:: Z2l2ZW5OYW1lLM6Mzr3Ov868zrEsMCwxMDAsMA==
+extraColumns:: aG9tZU1EQizOp8+Oz4HOv8+CIM6xz4DOv864zq7Ous61z4XPg863z4IgzrPPgc6xzrzOvM6xz4TOv866zrnOss+Jz4TOr86/z4UgRXhjaGFuZ2UsMCwxMDAsMA==
+extraColumns:: bWFpbE5pY2tuYW1lLM6ozrXPhc60z47Ovc+FzrzOvyBFeGNoYW5nZSwwLDE3NSww
+extraColumns:: bWFpbCzOlM65zrXPjc64z4XOvc+DzrcgzrfOu861zrrPhM+Bzr/Ovc65zrrOv8+NIM+EzrHPh8+FzrTPgc6/zrzOtc6vzr/PhSwwLDEwMCww
+extraColumns:: c0FNQWNjb3VudE5hbWUszozOvc6/zrzOsSDPg8+Nzr3OtM61z4POt8+CIM+Az4HOuc69IM+EzrEgV2luZG93cyAyMDAwLDAsMTIwLDA=
+extraColumns:: ZGlzcGxheU5hbWUszpXOvM+GzrHOvc65zrbPjM68zrXOvc6/IM+Mzr3Ov868zrEsMCwxMDAsMA==
+extraColumns:: ZGVwYXJ0bWVudCzOpM68zq7OvM6xLDAsMTUwLDA=
+extraColumns:: YyzOp8+Oz4HOsSwwLC0xLDA=
+extraColumns:: Y29tcGFueSzOlc+EzrHOuc+BzrXOr86xLDAsMTUwLDA=
+extraColumns:: bCzOoM+MzrvOtywwLDE1MCww
+extraColumns:: dGVsZXBob25lTnVtYmVyLM6kzrfOu86tz4bPic69zr8gzrXPgc6zzrHPg86vzrHPgiwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: zprOv869z4TOrc65zr3Otc+BIM+Ezr/PgM6/zrjOtc+DzrnPjs69
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: zprOv869z4TOrc65zr3Otc+BIM68zrXPhM6xz4bOv8+Bz47OvSDOvM61z4TOsc6+z40gzrHPgM6/zrzOsc66z4HPhc+DzrzOrc69z4nOvSDPhM6/z4DOv864zrXPg865z47OvQ==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: zprOv869z4TOrc65zr3Otc+BIM+Fz4DOv860zrnOus+Ez43Pic69
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: zprOv869z4TOrc65zr3Otc+BIM60zrnOsc66zr/OvM65z4PPhM+Ozr0=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: zqXPgM63z4HOtc+Dzq/OsSDOus6xz4TOsc67z4zOs86/z4UgQWN0aXZlIERpcmVjdG9yeQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: zqDOv867zrnPhM65zrrOriDOtc+Bz4nPhM6uzrzOsc+Ezr/Pgg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: zpHPgc+Hzq4gzrXOvs+Jz4TOtc+BzrnOus6uz4IgzrHPg8+GzqzOu861zrnOsc+C
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: zqDPgc+Mz4TPhc+Azr8gz4DOuc+Dz4TOv8+Azr/Ouc63z4TOuc66z47OvQ==
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LM6kzrXOu861z4XPhM6xzq/Ov8+CIM6zzr3Pic+Dz4TPjM+CIM6zzr/Ovc6tzrHPgiwxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LM6Szr/Ot864z4zPgg==
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+attributeDisplayNames:: YyzOo8+Fzr3PhM6/zrzOv86zz4HOsc+Gzq/OsSDPh8+Oz4HOsc+C
+attributeDisplayNames:: Y28szqfPjs+BzrE=
+attributeDisplayNames:: Y29tbWVudCzOo8+Hz4zOu865zr8=
+attributeDisplayNames:: Y29tcGFueSzOlc+EzrHOuc+BzrXOr86x
+attributeDisplayNames:: ZGVwYXJ0bWVudCzOpM68zq7OvM6x
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzOhs68zrXPg86xIM+Fz4DOtc+NzrjPhc69zr/OuQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUszpHPgM6/zrrOu861zrnPg8+EzrnOus+MIM+Mzr3Ov868zrEgWDUwMA==
+attributeDisplayNames:: ZGl2aXNpb24szqTOv868zq3Osc+C
+attributeDisplayNames:: ZW1wbG95ZWVJRCzOkc69zrHOs869z4nPgc65z4PPhM65zrrPjCDOtc+BzrPOsc62zr/OvM6tzr3Ov8+F
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+GzrHOvg==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizOlc+Azq/OuM63zrzOsSDOtM63zrzOuc6/z4XPgc6zzq/Osc+C
+attributeDisplayNames:: Z2l2ZW5OYW1lLM6Mzr3Ov868zrE=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzOms61zr3PhM+BzrnOus+Mz4Igz4bOrM66zrXOu86/z4I=
+attributeDisplayNames:: aG9tZURyaXZlLM6azrXOvc+Ez4HOuc66zq4gzrzOv869zqzOtM6xIM60zq/Pg866zr/PhQ==
+attributeDisplayNames:: aG9tZVBob25lLM6kzrfOu86tz4bPic69zr8gzr/Ouc66zq/Osc+C
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MszpTOuc61z43OuM+Fzr3Pg863IM6/zrnOus6vzrHPgg==
+attributeDisplayNames:: aW5pdGlhbHMszpHPgc+HzrnOus6s
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIszpTOuc61zrjOvc6uz4IgzrHPgc65zrjOvM+Mz4IgSVNETiAozobOu867zr/OuSk=
+attributeDisplayNames:: aXBQaG9uZSzOkc+BzrnOuM68z4zPgiDPhM63zrvOtc+Gz47Ovc6/z4UgSVA=
+attributeDisplayNames:: bCzOoM+MzrvOtw==
+attributeDisplayNames:: bWFpbCzOlM65zrXPjc64z4XOvc+DzrcgzrfOu861zrrPhM+Bzr/Ovc65zrrOv8+NIM+EzrHPh8+FzrTPgc6/zrzOtc6vzr/PhQ==
+attributeDisplayNames:: bWFuYWdlcizOpc+AzrXPjc64z4XOvc6/z4I=
+attributeDisplayNames:: bWVtYmVyT2YszpzOrc67zr/PgiDPhM6/z4U=
+attributeDisplayNames:: bWlkZGxlTmFtZSzOoM6xz4TPgc+Ozr3Phc68zr8=
+attributeDisplayNames:: bW9iaWxlLM6Rz4HOuc64zrzPjM+CIM66zrnOvc63z4TOv8+N
+attributeDisplayNames:: aW5mbyzOo863zrzOtc65z47Pg861zrnPgg==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIszpHPgc65zrjOvM+Mz4Igz4bOsc6+ICjOhs67zrvOv865KQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUszqTOt867zq3Phs+Jzr3OvyDOv865zrrOr86xz4IgKM6GzrvOu86xKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLM6Rz4HOuc64zrzPjM+CIM+EzrfOu861z4bPjs69zr/PhSBJUCAozobOu867zr/OuSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LM6UzrnOtc+NzrjPhc69z4POtyDOt867zrXOus+Ez4HOv869zrnOus6/z40gz4TOsc+Hz4XOtM+Bzr/OvM61zq/Ov8+FICjOhs67zrvOtc+CKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUszpHPgc65zrjOvM+Mz4IgzrrOuc69zrfPhM6/z40gKM6GzrvOu86/zrkp
+attributeDisplayNames:: b3RoZXJQYWdlcizOkc+BzrnOuM68z4zPgiDPhM63zrvOtc61zrnOtM6/z4DOv86vzrfPg863z4IgKM6GzrvOu86/zrkp
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUszpHPgc65zrjOvM+Mz4Igz4TOt867zrXPhs+Ozr3Ov8+FICjOhs67zrvOv865KQ==
+attributeDisplayNames:: cGFnZXIszpHPgc65zrjOvM+Mz4Igz4TOt867zrXOtc65zrTOv8+Azr/Or863z4POt8+C
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzOpM6vz4TOu86/z4I=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUszqTOv8+Azr/OuM61z4POr86xIM6zz4HOsc+GzrXOr86/z4U=
+attributeDisplayNames:: cG9zdGFsQ29kZSzOpM6xz4cuIM66z47OtM65zrrOsc+C
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzOpM6xz4fPhc60z4HOv868zrnOus6uIM64z4XPgc6vzrTOsQ==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLM6UzrnOtc64zr3Ors+CIM6xz4HOuc64zrzPjM+CIElTRE4=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+Ezq3Ou861zr4=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUszozOvc6/zrzOsSDPg8+Nzr3OtM61z4POt8+CICjPgM+BzrnOvSDPhM6xIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: c24szpXPgM+Ozr3Phc68zr8=
+attributeDisplayNames:: c3Qszp3Ov868z4zPgg==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzOlM65zrXPjc64z4XOvc+Dzrc=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+EzrfOu861z4bPjs69zr/PhQ==
+attributeDisplayNames:: dGVsZXhOdW1iZXIszpHPgc65zrjOvM+Mz4Igz4TOrc67zrXOviAozobOu867zr/OuSk=
+attributeDisplayNames:: dGl0bGUszqTOr8+EzrvOv8+CIM61z4HOs86xz4POr86xz4I=
+attributeDisplayNames:: dXJsLM6UzrnOtc+NzrjPhc69z4POtyDOuc+Dz4TOv8+DzrXOu86vzrTOsc+CICjOhs67zrvOtc+CKQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUszpXOvM+GzrHOvc65zrbPjM68zrXOvc6/IM+Mzr3Ov868zrE=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzOo8+EzrHOuM68zr/OryDOtc+BzrPOsc+Dzq/Osc+CIM+Dz43Ovc60zrXPg863z4I=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUszozOvc6/zrzOsSDPg8+Nzr3OtM61z4POt8+C
+attributeDisplayNames:: d1dXSG9tZVBhZ2UszpTOuc61z43OuM+Fzr3Pg863IM65z4PPhM6/z4POtc67zq/OtM6xz4I=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror Grup
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror Hizmeti
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: S3VsbGFuxLFjxLE=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIFNheWZhc8SxIEFkcmVzaQ==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsT3R1cnVtIEHDp21hIEFkxLE=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxPdHVydW0gQcOnbWEgxLDFnyDEsHN0YXN5b25sYXLEsQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsR8O2csO8bmVuIEFk
+attributeDisplayNames:: dXJsLFdlYiBTYXlmYXPEsSBBZHJlc2kgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: dGl0bGUsxLDFnyDDnG52YW7EsQ==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb24gTnVtYXJhc8Sx
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxTb2thayBBZHJlc2k=
+attributeDisplayNames:: c3QsxLBsw6dl
+attributeDisplayNames:: c24sU295YWTEsQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsT3R1cnVtIEHDp21hIEFkxLEgKFdpbmRvd3MgMjAwMCDDtm5jZXNpKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrcyBOdW1hcmFzxLE=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLFVsdXNsYXJhcmFzxLEgSVNETiBOdW1hcmFzxLE=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0YSBLdXR1c3U=
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0YSBLb2R1
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsxLDFn3llcmkgS29udW11
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxVbnZhbg==
+attributeDisplayNames:: cGFnZXIsw4dhxJ9yxLEgQ2loYXrEsSBOdW1hcmFzxLE=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbiBOdW1hcmFzxLEgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: b3RoZXJQYWdlcizDh2HEn3LEsSBDaWhhesSxIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsQ2VwIFRlbGVmb251IE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtUG9zdGEgQWRyZXNpIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIFRlbGVmb24gTnVtYXJhc8SxIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsRXYgVGVsZWZvbnUgTnVtYXJhc8SxIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmFrcyBOdW1hcmFzxLEgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: aW5mbyxOb3RsYXI=
+attributeDisplayNames:: bW9iaWxlLENlcCBUZWxlZm9udSBOdW1hcmFzxLE=
+attributeDisplayNames:: bWlkZGxlTmFtZSzEsGtpbmNpIEFk
+attributeDisplayNames:: bWVtYmVyT2Ysw5x5ZXNpIG9sdW5hbiBncnVwbGFy
+attributeDisplayNames:: bWFuYWdlcixZw7ZuZXRpY2k=
+attributeDisplayNames:: bWFpbCxFLVBvc3RhIEFkcmVzaQ==
+attributeDisplayNames:: bCzFnmVoaXI=
+attributeDisplayNames:: aXBQaG9uZSxJUCBUZWxlZm9uIE51bWFyYXPEsQ==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsVWx1c2xhcmFyYXPEsSBJU0ROIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: aW5pdGlhbHMsQmHFnyBIYXJmbGVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRXYgQWRyZXNp
+attributeDisplayNames:: aG9tZVBob25lLEV2IFRlbGVmb251
+attributeDisplayNames:: aG9tZURyaXZlLEFuYSBTw7xyw7xjw7w=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxBbmEgS2xhc8O2cg==
+attributeDisplayNames:: Z2l2ZW5OYW1lLMSwbGsgQWQ=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizDnHJldGltc2VsIFNvbmVr
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZha3MgTnVtYXJhc8Sx
+attributeDisplayNames:: ZW1wbG95ZWVJRCzDh2FsxLHFn2FuIEtpbWxpayBOdW1hcmFzxLE=
+attributeDisplayNames:: ZGl2aXNpb24sQsO2bMO8bQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCBTZcOna2luIEFkxLE=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEb8SfcnVkYW4gUmFwb3JsYXI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEYWlyZQ==
+attributeDisplayNames:: Y29tcGFueSzFnmlya2V0
+attributeDisplayNames:: Y29tbWVudCxBw6fEsWtsYW1h
+attributeDisplayNames:: Y28sw5xsa2U=
+attributeDisplayNames:: YyzDnGxrZSBLxLFzYWx0bWFzxLE=
+attributeDisplayNames:: Y24sQWTEsQ==
+attributeDisplayNames:: YXNzaXN0YW50LFlhcmTEsW1jxLE=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Grup
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIFNheWZhc8SxIEFkcmVzaQ==
+attributeDisplayNames:: dXJsLFdlYiBTYXlmYXPEsSBBZHJlc2kgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsR3J1cCBhZMSxIChXaW5kb3dzIDIwMDAgw7ZuY2VzaSk=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsxLDFn3llcmkgS29udW11
+attributeDisplayNames:: aW5mbyxOb3RsYXI=
+attributeDisplayNames:: bWVtYmVyLMOceWVsZXI=
+attributeDisplayNames:: bWFuYWdlZEJ5LFnDtm5ldGVu
+attributeDisplayNames:: bCzFnmVoaXI=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCBTZcOna2luIEFkxLE=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: YyzDnGxrZSBLxLFzYWx0bWFzxLE=
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RXRraSBBbGFuxLE=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: ZGMsQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: QmHFn3Z1cnU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIFNheWZhc8SxIEFkcmVzaQ==
+attributeDisplayNames:: dXJsLFdlYiBTYXlmYXPEsSBBZHJlc2kgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: dGl0bGUsxLDFnyDDnG52YW7EsQ==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb24gTnVtYXJhc8Sx
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxTb2thayBBZHJlc2k=
+attributeDisplayNames:: c3QsxLBsw6dl
+attributeDisplayNames:: c24sU295YWTEsQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrcyBOdW1hcmFzxLE=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLFVsdXNsYXJhcmFzxLEgSVNETiBOdW1hcmFzxLE=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0YSBLdXR1c3U=
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0YSBLb2R1
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsxLDFn3llcmkgS29udW11
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxVbnZhbg==
+attributeDisplayNames:: cGFnZXIsw4dhxJ9yxLEgQ2loYXrEsSBOdW1hcmFzxLE=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbiBOdW1hcmFzxLEgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: b3RoZXJQYWdlcizDh2HEn3LEsSBDaWhhesSxIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsQ2VwIFRlbGVmb251IE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtUG9zdGEgQWRyZXNpIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIFRlbGVmb24gTnVtYXJhc8SxIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsRXYgVGVsZWZvbnUgTnVtYXJhc8SxIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmFrcyBOdW1hcmFzxLEgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: bW9iaWxlLENlcCBUZWxlZm9udSBOdW1hcmFzxLE=
+attributeDisplayNames:: bWlkZGxlTmFtZSzEsGtpbmNpIEFk
+attributeDisplayNames:: bWVtYmVyT2Ysw5x5ZXNpIG9sdW5hbiBncnVwbGFy
+attributeDisplayNames:: bWFuYWdlcixZw7ZuZXRpY2k=
+attributeDisplayNames:: bWFpbCxFLVBvc3RhIEFkcmVzaQ==
+attributeDisplayNames:: bCzFnmVoaXI=
+attributeDisplayNames:: aXBQaG9uZSxJUCBUZWxlZm9uIE51bWFyYXPEsQ==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsVWx1c2xhcmFyYXPEsSBJU0ROIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: aW5mbyxOb3RsYXI=
+attributeDisplayNames:: aW5pdGlhbHMsQmHFnyBIYXJmbGVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRXYgQWRyZXNp
+attributeDisplayNames:: aG9tZVBob25lLEV2IFRlbGVmb251
+attributeDisplayNames:: Z2l2ZW5OYW1lLMSwbGsgQWQ=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizDnHJldGltc2VsIFNvbmVr
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZha3MgTnVtYXJhc8Sx
+attributeDisplayNames:: ZW1wbG95ZWVJRCzDh2FsxLHFn2FuIEtpbWxpayBOdW1hcmFzxLE=
+attributeDisplayNames:: ZGl2aXNpb24sQsO2bMO8bQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCBTZcOna2luIEFkxLE=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsR8O2csO8bmVuIEFk
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEb8SfcnVkYW4gUmFwb3JsYXI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEYWlyZQ==
+attributeDisplayNames:: Y29tcGFueSzFnmlya2V0
+attributeDisplayNames:: Y29tbWVudCxBw6fEsWtsYW1h
+attributeDisplayNames:: Y24sQWTEsQ==
+attributeDisplayNames:: Y28sw5xsa2U=
+attributeDisplayNames:: YyzDnGxrZSBLxLFzYWx0bWFzxLE=
+attributeDisplayNames:: YXNzaXN0YW50LFlhcmTEsW1jxLE=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RXRraSBBbGFuxLEgxLBsa2VzaQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: WWVyZWwgxLBsa2U=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Active Directory Hizmeti
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Bilgisayar
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsQmlsZ2lzYXlhciBhZMSxIChXaW5kb3dzIDIwMDAgw7ZuY2VzaSk=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizEsMWfbGV0aW0gU2lzdGVtaSBTw7xyw7xtw7w=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLMSwxZ9sZXRpbSBTaXN0ZW1p
+attributeDisplayNames:: bWFuYWdlZEJ5LFnDtm5ldGVu
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: WWF6xLFjxLE=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixOZXNuZSBTw7xyw7xtw7w=
+attributeDisplayNames:: dXJsLFdlYiBTYXlmYXPEsSBBZHJlc2k=
+attributeDisplayNames:: c2VydmVyTmFtZSxTdW51Y3UgQWTEsQ==
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxaxLFtYmFsYW1hIERlc3Rla2xlbml5b3I=
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsUGF5bGHFn8SxbSBBZMSx
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxEYWtpa2FkYWtpIFNheWZhIFNhecSxc8Sx
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxIxLF6IEJpcmltbGVyaQ==
+attributeDisplayNames:: cHJpbnRSYXRlLEjEsXo=
+attributeDisplayNames:: cHJpbnRPd25lcixTYWhpYmluaW4gQWTEsQ==
+attributeDisplayNames:: cHJpbnRNZW1vcnksWcO8a2zDvCBCZWxsZWs=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxEZXN0ZWtsZW5lbiBLYcSfxLF0IFTDvHJsZXJp
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LEt1bGxhbsSxbGFiaWxpciBLYcSfxLF0
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLEVuIELDvHnDvGsgw4fDtnrDvG7DvHJsw7xr
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxZYXrEsWPEsSBEaWxp
+attributeDisplayNames:: cHJpbnRlck5hbWUsQWTEsQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsw4dpZnQgVGFyYWZsxLEgWWF6ZMSxcm1hIERlc3Rla2xlbml5b3I=
+attributeDisplayNames:: cHJpbnRDb2xvcixSZW5rbGkgWWF6ZMSxcm1hIERlc3Rla2xlbml5b3I=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLEhhcm1hbmxhbWEgRGVzdGVrbGVuaXlvcg==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxHaXJpxZ8gVGVwc2lsZXJp
+attributeDisplayNames:: cG9ydE5hbWUsQmHEn2xhbnTEsSBOb2t0YXPEsQ==
+attributeDisplayNames:: bG9jYXRpb24sS29udW0=
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbGk=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: Y29udGFjdE5hbWUsQmHFn3Z1cnU=
+attributeDisplayNames:: YXNzZXROdW1iZXIsTWFsIE51bWFyYXPEsQ==
+attributeDisplayNames:: dU5DTmFtZSxBxJ8gQWTEsQ==
+attributeDisplayNames:: Y24sRGl6aW4gSGl6bWV0aSBBZMSx
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: QsO2bGdl
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Sunucu
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Ayarlar
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: RXRraSBBbGFuxLEgRGVuZXRsZXlpY2lzaSBBeWFybGFyxLE=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: QmHEn2xhbnTEsQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIEF5YXJsYXLEsQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIFlpbmVsZW1lIMOceWVzaQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: QWx0IEHEnw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: QsO2bGdlIEJhxJ9sYW50xLFzxLE=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: QsO2bGdlIEJhxJ9sYW50xLFzxLEgS8O2cHLDvHPDvA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: QsO2bGdlbGVyIEFyYXPEsSBBa3RhcsSxbQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: WWV0a2kgVmVybWUgQsO2bGdlc2kgQXlhcmxhcsSx
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: QsO2bGdlIEF5YXJsYXLEsQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIMOceWVzaQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS Abonesi
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS Abonelikleri
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: WWFwxLFzYWwgQmlyaW0=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LFnDtm5ldGVu
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: b3UsQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: S2Fwc2F5xLFjxLE=
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: RPC Hizmetleri
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: R8O8dmVuaWxlbiBFdGtpIEFsYW7EsQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: UGF5bGHFn3TEsXLEsWxtxLHFnyBLbGFzw7Zy
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxBxJ8gWW9sdQ==
+attributeDisplayNames:: a2V5d29yZHMsQW5haHRhciBTw7Z6Y8O8a2xlcg==
+attributeDisplayNames:: bWFuYWdlZEJ5LFnDtm5ldGVu
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSBLdXlydcSfdQ==
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSBZYXDEsWxhbmTEsXJtYXPEsQ==
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUSBLdXJ1bHXFnw==
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUSBZw7xrc2VsdGlsbWnFnyBLdWxsYW7EsWPEsQ==
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSBZw7ZubGVuZGlybWUgQmHEn2xhbnTEsXPEsQ==
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSBBeWFybGFyxLE=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUSBLdXlydWsgRGnEn2VyIEFkxLE=
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSxCacOnaW0gQWTEsQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: MSMQ Grubu
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLMOceWUgS3V5cnVrbGFyxLE=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Uzakta Depolama Hizmeti
+adminContextMenu:: MCwmWcO2bmV0Li4uLFJzQWRtaW4ubXNj
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSxQb3N0YSBLb2R1LDAsMTAwLDA=
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAgRS1Qb3N0YSBBZHJlc2ksMCwxMzAsMA==
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsS3VsbGFuxLFjxLEgb3R1cnVtIGHDp21hIGFkxLEsMCwyMDAsMA==
+extraColumns:: dGl0bGUsxLDFnyDDnG52YW7EsSwwLDEwMCww
+extraColumns:: dGFyZ2V0QWRkcmVzcyxIZWRlZiBBZHJlc2ksMCwxMDAsMA==
+extraColumns:: c3QsZHVydW0sMCwxMDAsMA==
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsxLDFn3llcmksMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQsRGXEn2nFn3RpcmlsZGksMCwxMzAsMA==
+extraColumns:: c24sU295YWTEsSwwLDEwMCww
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsQW5sxLFrIMSwbGV0aSBVUkwsMCwxNDAsMA==
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxBbmzEsWsgxLBsZXRpIEFuYSBTdW51Y3VzdSwwLDE3MCww
+extraColumns:: Z2l2ZW5OYW1lLMSwbGsgQWQsMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixFeGNoYW5nZSBQb3N0YSBLdXR1c3UgRGVwb3N1LDAsMTAwLDA=
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlIERpxJ9lciBBZMSxLDAsMTc1LDA=
+extraColumns:: bWFpbCxFLVBvc3RhIEFkcmVzaSwwLDEwMCww
+extraColumns:: c0FNQWNjb3VudE5hbWUsV2luZG93cyAyMDAwIMOWbmNlc2kgT3R1cnVtIEHDp21hIEFkxLEsMCwxMjAsMA==
+extraColumns:: ZGlzcGxheU5hbWUsR8O2csO8bmVuIEFkLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCxEYWlyZSwwLDE1MCww
+extraColumns:: YyzDnGxrZSwwLC0xLDA=
+extraColumns:: Y29tcGFueSzFnmlya2V0LDAsMTUwLDA=
+extraColumns:: bCzFnmVoaXIsMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLMSwxZ8gVGVsZWZvbnUsMCwxMDAsMA==
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QsO2bGdlbGVyIEthcHNhecSxY8Sxc8Sx
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QsO2bGdlbGVyIEFyYXPEsSBBa3RhcsSxbWxhciBLYXBzYXnEsWPEsXPEsQ==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWx0IEHEn2xhciBLYXBzYXnEsWPEsXPEsQ==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U3VudWN1bGFyIEthcHNhecSxY8Sxc8Sx
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Active Directory Hizmeti
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U29yZ3UgxLBsa2VzaQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: WWFiYW5jxLEgR8O8dmVubGlrIFNvcnVtbHVzdQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: U2VydGlmaWthIMWeYWJsb251
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns: lastKnownParent,Bilinen Son Anababa,1,300,0
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LFlhcmTEsW1jxLE=
+attributeDisplayNames:: Y24sQWTEsQ==
+attributeDisplayNames:: YyzDnGxrZSBLxLFzYWx0bWFzxLE=
+attributeDisplayNames:: Y28sw5xsa2U=
+attributeDisplayNames:: Y29tbWVudCxBw6fEsWtsYW1h
+attributeDisplayNames:: Y29tcGFueSzFnmlya2V0
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEYWlyZQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEb8SfcnVkYW4gUmFwb3JsYXI=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCBTZcOna2luIEFkxLE=
+attributeDisplayNames:: ZGl2aXNpb24sQsO2bMO8bQ==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzDh2FsxLHFn2FuIEtpbWxpayBOdW1hcmFzxLE=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZha3MgTnVtYXJhc8Sx
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizDnHJldGltc2VsIFNvbmVr
+attributeDisplayNames:: Z2l2ZW5OYW1lLMSwbGsgQWQ=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxBbmEgS2xhc8O2cg==
+attributeDisplayNames:: aG9tZURyaXZlLEFuYSBTw7xyw7xjw7w=
+attributeDisplayNames:: aG9tZVBob25lLEV2IFRlbGVmb251
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRXYgQWRyZXNp
+attributeDisplayNames:: aW5pdGlhbHMsQmHFnyBIYXJmbGVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsVWx1c2xhcmFyYXPEsSBJU0ROIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: aXBQaG9uZSxJUCBUZWxlZm9uIE51bWFyYXPEsQ==
+attributeDisplayNames:: bCzFnmVoaXI=
+attributeDisplayNames:: bWFpbCxFLVBvc3RhIEFkcmVzaQ==
+attributeDisplayNames:: bWFuYWdlcixZw7ZuZXRpY2k=
+attributeDisplayNames:: bWVtYmVyT2Ysw5x5ZXNpIG9sdW5hbiBncnVwbGFy
+attributeDisplayNames:: bWlkZGxlTmFtZSzEsGtpbmNpIEFk
+attributeDisplayNames:: bW9iaWxlLENlcCBUZWxlZm9udSBOdW1hcmFzxLE=
+attributeDisplayNames:: aW5mbyxOb3RsYXI=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmFrcyBOdW1hcmFzxLEgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsRXYgVGVsZWZvbnUgTnVtYXJhc8SxIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIFRlbGVmb24gTnVtYXJhc8SxIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtUG9zdGEgQWRyZXNpIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsQ2VwIFRlbGVmb251IE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: b3RoZXJQYWdlcizDh2HEn3LEsSBDaWhhesSxIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbiBOdW1hcmFzxLEgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: cGFnZXIsw4dhxJ9yxLEgQ2loYXrEsSBOdW1hcmFzxLE=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxVbnZhbg==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsxLDFn3llcmkgS29udW11
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0YSBLb2R1
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0YSBLdXR1c3U=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLFVsdXNsYXJhcmFzxLEgSVNETiBOdW1hcmFzxLE=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrcyBOdW1hcmFzxLE=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsT3R1cnVtIEHDp21hIEFkxLEgKFdpbmRvd3MgMjAwMCDDtm5jZXNpKQ==
+attributeDisplayNames:: c24sU295YWTEsQ==
+attributeDisplayNames:: c3QsxLBsw6dl
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxTb2thayBBZHJlc2k=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb24gTnVtYXJhc8Sx
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: dGl0bGUsxLDFnyDDnG52YW7EsQ==
+attributeDisplayNames:: dXJsLFdlYiBTYXlmYXPEsSBBZHJlc2kgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: ZGlzcGxheU5hbWUsR8O2csO8bmVuIEFk
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxPdHVydW0gQcOnbWEgxLDFnyDEsHN0YXN5b25sYXLEsQ==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsT3R1cnVtIEHDp21hIEFkxLE=
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIFNheWZhc8SxIEFkcmVzaQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Gruppo IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: Servizio IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Utente
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsSW5kaXJpenpvIHBhZ2luYSBXZWI=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBkaSBhY2Nlc3Nv
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxBY2Nlc3NvIGFsbGUgd29ya3N0YXRpb24=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzdWFsaXp6YSBub21l
+attributeDisplayNames:: dXJsLEluZGlyaXp6byBwYWdpbmUgV2ViIChhbHRyaSk=
+attributeDisplayNames:: dGl0bGUsUG9zaXppb25l
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtZXJvIHRlbGV4IChhbHRyaSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bWVybyBkaSB0ZWxlZm9ubw==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxJbmRpcml6em8=
+attributeDisplayNames:: c3QsUHJvdmluY2lh
+attributeDisplayNames:: c24sQ29nbm9tZQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBhY2Nlc3NvIChwcmUtV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bWVybyB0ZWxleA==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE51bWVybyBJU0ROIGludGVybmF6aW9uYWxl
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxDYXNlbGxhIHVmZmljaW8gcG9zdGFsZQ==
+attributeDisplayNames:: cG9zdGFsQ29kZSxDQVA=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWJpY2F6aW9uZSB1ZmZpY2lv
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRvbG8=
+attributeDisplayNames:: cGFnZXIsTnVtZXJvIHBhZ2Vy
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtZXJvIHRlbGVmb25pY28gdWZmaWNpbyAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW1lcm8gcGFnZXIgKGFsdHJpKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtZXJvIHRlbGVmb25pY28gY2VsbHVsYXJlIChhbHRyaSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEluZGlyaXp6byBwb3N0YSBlbGV0dHJvbmljYSAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bWVybyB0ZWxlZm9uaWNvIElQIChhbHRyaSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtZXJvIHRlbGVmb25vIGFiaXRhemlvbmUgKGFsdHJpKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtZXJvIGZheCAoYWx0cmkp
+attributeDisplayNames:: aW5mbyxOb3Rl
+attributeDisplayNames:: bW9iaWxlLE51bWVybyB0ZWxlZm9uaWNvIGNlbGx1bGFyZQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWNvbmRvIG5vbWU=
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJvIGRp
+attributeDisplayNames:: bWFuYWdlcixNYW5hZ2Vy
+attributeDisplayNames:: bWFpbCxJbmRpcml6em8gcG9zdGEgZWxldHRyb25pY2E=
+attributeDisplayNames:: bCxDaXR0w6A=
+attributeDisplayNames:: aXBQaG9uZSxOdW1lcm8gdGVsZWZvbmljbyBJUA==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTnVtZXJvIElTRE4gaW50ZXJuYXppb25hbGUgKGFsdHJpKQ==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pemlhbGk=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsSW5kaXJpenpvIChhYml0YXppb25lKQ==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25vIChhYi4p
+attributeDisplayNames:: aG9tZURyaXZlLFVuaXTDoCBwcmluY2lwYWxl
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxDYXJ0ZWxsYSBwcmluY2lwYWxl
+attributeDisplayNames:: Z2l2ZW5OYW1lLE5vbWU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZmaXNzbyBnZW5lcmF6aW9uYWxl
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bWVybyBmYXg=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJRCBpbXBpZWdhdG8=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb25l
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBkaXN0aW50byBYNTAw
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxTdWJhbHRlcm5p
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpemlvbmU=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEaXBhcnRpbWVudG8=
+attributeDisplayNames:: Y29tcGFueSxTb2NpZXTDoA==
+attributeDisplayNames:: Y29tbWVudCxDb21tZW50bw==
+attributeDisplayNames:: Y28sUGFlc2U=
+attributeDisplayNames:: YyxBYmJyZXZpYXppb25lIHBhZXNl
+attributeDisplayNames:: Y24sTm9tZSB1dGVudGU=
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Gruppo
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsSW5kaXJpenpvIHBhZ2luYSBXZWI=
+attributeDisplayNames:: dXJsLEluZGlyaXp6byBwYWdpbmUgV2ViIChhbHRyaSk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBncnVwcG8gKHByZS1XaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWJpY2F6aW9uZSB1ZmZpY2lv
+attributeDisplayNames:: aW5mbyxOb3Rl
+attributeDisplayNames:: bWVtYmVyLE1lbWJyaQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlc3RpdG8gZGE=
+attributeDisplayNames:: bCxDaXR0w6A=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBkaXN0aW50byBYNTAw
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpemlvbmU=
+attributeDisplayNames:: YyxBYmJyZXZpYXppb25lIHBhZXNl
+attributeDisplayNames:: Y24sTm9tZSB1dGVudGU=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Dominio
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: dc,Nome utente
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contatto
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsSW5kaXJpenpvIHBhZ2luYSBXZWI=
+attributeDisplayNames:: dXJsLEluZGlyaXp6byBwYWdpbmUgV2ViIChhbHRyaSk=
+attributeDisplayNames:: dGl0bGUsUG9zaXppb25l
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtZXJvIHRlbGV4IChhbHRyaSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bWVybyBkaSB0ZWxlZm9ubw==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxJbmRpcml6em8=
+attributeDisplayNames:: c3QsUHJvdmluY2lh
+attributeDisplayNames:: c24sQ29nbm9tZQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bWVybyB0ZWxleA==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE51bWVybyBJU0ROIGludGVybmF6aW9uYWxl
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxDYXNlbGxhIHVmZmljaW8gcG9zdGFsZQ==
+attributeDisplayNames:: cG9zdGFsQ29kZSxDQVA=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWJpY2F6aW9uZSB1ZmZpY2lv
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRvbG8=
+attributeDisplayNames:: cGFnZXIsTnVtZXJvIHBhZ2Vy
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtZXJvIHRlbGVmb25pY28gdWZmaWNpbyAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW1lcm8gcGFnZXIgKGFsdHJpKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtZXJvIHRlbGVmb25pY28gY2VsbHVsYXJlIChhbHRyaSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEluZGlyaXp6byBwb3N0YSBlbGV0dHJvbmljYSAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bWVybyB0ZWxlZm9uaWNvIElQIChhbHRyaSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtZXJvIHRlbGVmb25vIGFiaXRhemlvbmUgKGFsdHJpKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtZXJvIGZheCAoYWx0cmkp
+attributeDisplayNames:: bW9iaWxlLE51bWVybyB0ZWxlZm9uaWNvIGNlbGx1bGFyZQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWNvbmRvIG5vbWU=
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJvIGRp
+attributeDisplayNames:: bWFuYWdlcixNYW5hZ2Vy
+attributeDisplayNames:: bWFpbCxJbmRpcml6em8gcG9zdGEgZWxldHRyb25pY2E=
+attributeDisplayNames:: bCxDaXR0w6A=
+attributeDisplayNames:: aXBQaG9uZSxOdW1lcm8gdGVsZWZvbmljbyBJUA==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTnVtZXJvIElTRE4gaW50ZXJuYXppb25hbGUgKGFsdHJpKQ==
+attributeDisplayNames:: aW5mbyxOb3Rl
+attributeDisplayNames:: aW5pdGlhbHMsSW5pemlhbGk=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsSW5kaXJpenpvIChhYml0YXppb25lKQ==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25vIChhYi4p
+attributeDisplayNames:: Z2l2ZW5OYW1lLE5vbWU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZmaXNzbyBnZW5lcmF6aW9uYWxl
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bWVybyBmYXg=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJRCBpbXBpZWdhdG8=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb25l
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBkaXN0aW50byBYNTAw
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzdWFsaXp6YSBub21l
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxTdWJhbHRlcm5p
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpemlvbmU=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEaXBhcnRpbWVudG8=
+attributeDisplayNames:: Y29tcGFueSxTb2NpZXTDoA==
+attributeDisplayNames:: Y29tbWVudCxDb21tZW50bw==
+attributeDisplayNames:: Y24sTm9tZSB1dGVudGU=
+attributeDisplayNames:: Y28sUGFlc2U=
+attributeDisplayNames:: YyxBYmJyZXZpYXppb25lIHBhZXNl
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Criteri dominio
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Criteri locali
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Servizio Active Directory
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Computer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: samAccountName,Nome computer (pre-Windows 2000)
+attributeDisplayNames: operatingSystemVersion,Vesione sistema operativo
+attributeDisplayNames: operatingSystem,Sistema operativo
+attributeDisplayNames: managedBy,Gestito da
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome utente
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Stampante
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixWZXJzaW9uZSBvZ2dldHRv
+attributeDisplayNames:: dXJsLEluZGlyaXp6byBwYWdpbmEgV2Vi
+attributeDisplayNames:: c2VydmVyTmFtZSxOb21lIHNlcnZlcg==
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxTdXBwb3J0YSBncmFmZmV0dGF0dXJh
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTm9tZSBjb25kaXZpc2lvbmU=
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxQYWdpbmUgYWwgbWludXRv
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxVbml0w6AgdmVsb2NpdMOg
+attributeDisplayNames:: cHJpbnRSYXRlLFZlbG9jaXTDoA==
+attributeDisplayNames:: cHJpbnRPd25lcixOb21lIHByb3ByaWV0YXJpbw==
+attributeDisplayNames:: cHJpbnRNZW1vcnksTWVtb3JpYSBpbnN0YWxsYXRh
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxUaXBpIGRpIGZvZ2xpIHN1cHBvcnRhdGk=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LEZvZ2xpIGRpc3BvbmliaWxp
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLFJpc29sdXppb25lIG1hc3NpbWE=
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxMaW5ndWFnZ2lvIHN0YW1wYW50ZQ==
+attributeDisplayNames:: cHJpbnRlck5hbWUsTm9tZSB1dGVudGU=
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsU3VwcG9ydGEgbGEgc3RhbXBhIGZyb250ZS1yZXRybw==
+attributeDisplayNames:: cHJpbnRDb2xvcixTdXBwb3J0YSBsYSBzdGFtcGEgYSBjb2xvcmk=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFN1cHBvcnRhIGxhIGZhc2NpY29sYXppb25l
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxDYXNzZXR0aSBkaSBpbnB1dA==
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydGE=
+attributeDisplayNames:: bG9jYXRpb24sTG9jYWxpdMOgIGRpIGNoaWFtYXRh
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbGxv
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQ29tbWVudG8=
+attributeDisplayNames:: Y29udGFjdE5hbWUsQ29udGF0dG8=
+attributeDisplayNames:: YXNzZXROdW1iZXIsTnVtZXJvIGFzc2V0
+attributeDisplayNames:: dU5DTmFtZSxOb21lIHJldGU=
+attributeDisplayNames:: Y24sTm9tZSBzZXJ2aXppbyBkaXJlY3Rvcnk=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Sito
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Impostazioni
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Impostazioni controller di dominio
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Connessione
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Impostazioni FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Insieme di replica FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Subnet
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Collegamento di sito
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Ponte di collegamento di sito
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Trasporto tra siti
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Impostazioni sito licenze
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName: Impostazioni sito
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Membro FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Sottoscrittore FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Sottoscrizioni FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VW5pdMOgIG9yZ2FuaXp6YXRpdmE=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: managedBy,Gestito da
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: ou,Nome utente
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contenitore
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome utente
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Servizi RPC
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome utente
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Dominio trusted
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome utente
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Cartella condivisa
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: uNCName,Percorso di rete
+attributeDisplayNames: keywords,Parole chiave
+attributeDisplayNames: managedBy,Gestito da
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome utente
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: Coda MSMQ
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: Configurazione MSMQ
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: Organizzazione MSMQ
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName: Utente aggiornato a MSMQ
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: Collegamento di routing MSMQ
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName: Impostazioni MSMQ
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: Alias coda MSMQ
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Nome formato
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome utente
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: Gruppo MSMQ
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames: member,Code membri
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome utente
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Servizio di archiviazione remota
+adminContextMenu: 0,&Gestisci...,RsAdmin.msc
+attributeDisplayNames: cn,Nome utente
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome utente
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSxDLkEuUC4sMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsSW5kaXJpenpvIGRpIHBvc3RhIGVsZXR0cm9uaWNhIFguNDAwLDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBhY2Nlc3NvIHV0ZW50ZSwwLDIwMCww
+extraColumns:: dGl0bGUsUG9zaXppb25lLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyxJbmRpcml6em8gZGkgZGVzdGluYXppb25lLDAsMTAwLDA=
+extraColumns:: c3QsU3RhdG8sMCwxMDAsMA==
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWZmaWNpbywwLDEwMCww
+extraColumns:: d2hlbkNoYW5nZWQsTW9kaWZpY2F0bywwLDEzMCww
+extraColumns:: c24sQ29nbm9tZSwwLDEwMCww
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMIHBlciBtZXNzYWdnaXN0aWNhIGlzdGFudGFuZWEsMCwxNDAsMA==
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxTZXJ2ZXIgcHJpbmNpcGFsZSBwZXIgbWVzc2FnZ2lzdGljYSBpc3RhbnRhbmVhLDAsMTcwLDA=
+extraColumns:: Z2l2ZW5OYW1lLE5vbWUsMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixBcmNoaXZpbyBjYXNzZXR0YSBwb3N0YWxlIGRpIEV4Y2hhbmdlLDAsMTAwLDA=
+extraColumns:: bWFpbE5pY2tuYW1lLEFsaWFzIGRpIEV4Y2hhbmdlLDAsMTc1LDA=
+extraColumns:: bWFpbCxJbmRpcml6em8gcG9zdGEgZWxldHRyb25pY2EsMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsTm9tZSBkaSBhY2Nlc3NvIHByZWNlZGVudGUgYSBXaW5kb3dzIDIwMDAsMCwxMjAsMA==
+extraColumns:: ZGlzcGxheU5hbWUsVmlzdWFsaXp6YSBub21lLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCxEaXBhcnRpbWVudG8sMCwxNTAsMA==
+extraColumns:: YyxQYWVzZSwwLC0xLDA=
+extraColumns:: Y29tcGFueSxTb2NpZXTDoCwwLDE1MCww
+extraColumns:: bCxDaXR0w6AsMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25vIHVmZmljaW8sMCwxMDAsMA==
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenitore Siti
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenitore Trasporti tra siti
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenitore Subnet
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenitore server
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Servizio Active Directory
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Criteri ricerca
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Responsabili esterni protezione
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome utente
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Modello di certificato
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome utente
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome utente
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns: lastKnownParent,Ultimo genitore conosciuto,1,300,0
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+attributeDisplayNames:: Y24sTm9tZSB1dGVudGU=
+attributeDisplayNames:: YyxBYmJyZXZpYXppb25lIHBhZXNl
+attributeDisplayNames:: Y28sUGFlc2U=
+attributeDisplayNames:: Y29tbWVudCxDb21tZW50bw==
+attributeDisplayNames:: Y29tcGFueSxTb2NpZXTDoA==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEaXBhcnRpbWVudG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpemlvbmU=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxTdWJhbHRlcm5p
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBkaXN0aW50byBYNTAw
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb25l
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJRCBpbXBpZWdhdG8=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bWVybyBmYXg=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZmaXNzbyBnZW5lcmF6aW9uYWxl
+attributeDisplayNames:: Z2l2ZW5OYW1lLE5vbWU=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxDYXJ0ZWxsYSBwcmluY2lwYWxl
+attributeDisplayNames:: aG9tZURyaXZlLFVuaXTDoCBwcmluY2lwYWxl
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25vIChhYi4p
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsSW5kaXJpenpvIChhYml0YXppb25lKQ==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pemlhbGk=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTnVtZXJvIElTRE4gaW50ZXJuYXppb25hbGUgKGFsdHJpKQ==
+attributeDisplayNames:: aXBQaG9uZSxOdW1lcm8gdGVsZWZvbmljbyBJUA==
+attributeDisplayNames:: bCxDaXR0w6A=
+attributeDisplayNames:: bWFpbCxJbmRpcml6em8gcG9zdGEgZWxldHRyb25pY2E=
+attributeDisplayNames:: bWFuYWdlcixNYW5hZ2Vy
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJvIGRp
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWNvbmRvIG5vbWU=
+attributeDisplayNames:: bW9iaWxlLE51bWVybyB0ZWxlZm9uaWNvIGNlbGx1bGFyZQ==
+attributeDisplayNames:: aW5mbyxOb3Rl
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtZXJvIGZheCAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtZXJvIHRlbGVmb25vIGFiaXRhemlvbmUgKGFsdHJpKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bWVybyB0ZWxlZm9uaWNvIElQIChhbHRyaSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEluZGlyaXp6byBwb3N0YSBlbGV0dHJvbmljYSAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtZXJvIHRlbGVmb25pY28gY2VsbHVsYXJlIChhbHRyaSk=
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW1lcm8gcGFnZXIgKGFsdHJpKQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtZXJvIHRlbGVmb25pY28gdWZmaWNpbyAoYWx0cmkp
+attributeDisplayNames:: cGFnZXIsTnVtZXJvIHBhZ2Vy
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRvbG8=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWJpY2F6aW9uZSB1ZmZpY2lv
+attributeDisplayNames:: cG9zdGFsQ29kZSxDQVA=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxDYXNlbGxhIHVmZmljaW8gcG9zdGFsZQ==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE51bWVybyBJU0ROIGludGVybmF6aW9uYWxl
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bWVybyB0ZWxleA==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBhY2Nlc3NvIChwcmUtV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: c24sQ29nbm9tZQ==
+attributeDisplayNames:: c3QsUHJvdmluY2lh
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxJbmRpcml6em8=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bWVybyBkaSB0ZWxlZm9ubw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtZXJvIHRlbGV4IChhbHRyaSk=
+attributeDisplayNames:: dGl0bGUsUG9zaXppb25l
+attributeDisplayNames:: dXJsLEluZGlyaXp6byBwYWdpbmUgV2ViIChhbHRyaSk=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzdWFsaXp6YSBub21l
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxBY2Nlc3NvIGFsbGUgd29ya3N0YXRpb24=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBkaSBhY2Nlc3Nv
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsSW5kaXJpenpvIHBhZ2luYSBXZWI=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvciDnvqTntYQ=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvciDmnI3li5k=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5L2/55So6ICF
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us57ay5Z2A
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs55m75YWl5ZCN56ix
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyznmbvlhaXlt6XkvZznq5k=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs6aGv56S65ZCN56ix
+attributeDisplayNames:: dXJsLOe2suWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: dGl0bGUs5bel5L2c6IG356ix
+attributeDisplayNames:: dGVsZXhOdW1iZXIs6Zu75YKz6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOmbu+ipseiZn+eivA==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzooZfpgZPlnLDlnYA=
+attributeDisplayNames:: c3Qs55yB
+attributeDisplayNames:: c24s5aeT5rCP
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs55m75YWl5ZCN56ixIChXaW5kb3dzIDIwMDAg5YmN54mIKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOmbu+WCs+iZn+eivA==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWci+mamyBJU0ROIOiZn+eivA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzpg7XmlL/kv6HnrrE=
+attributeDisplayNames:: cG9zdGFsQ29kZSzpg7XpgZ7ljYDomZ8=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs6L6m5YWs5Zyw6bue
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSznqLHorII=
+attributeDisplayNames:: cGFnZXIs5ZG85Y+r5Zmo6Jmf56K8
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJQYWdlcizlkbzlj6vlmajomZ/norwgKOWFtuS7lik=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs6KGM5YuV6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOmbu+WtkOmDteS7tuWcsOWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOmbu+ipseiZn+eivCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs5L2P5a6F6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs5YKz55yf6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: aW5mbyzms6jmhI/kuovpoIU=
+attributeDisplayNames:: bW9iaWxlLOihjOWLlembu+ipseiZn+eivA==
+attributeDisplayNames:: bWlkZGxlTmFtZSzkuK3plpPlkI3lrZc=
+attributeDisplayNames:: bWVtYmVyT2Ys6Zq45bGs5pa8
+attributeDisplayNames:: bWFuYWdlcizkuLvnrqE=
+attributeDisplayNames:: bWFpbCzpm7vlrZDpg7Xku7blnLDlnYA=
+attributeDisplayNames:: bCznuKMv5biC
+attributeDisplayNames:: aXBQaG9uZSxJUCDpm7voqbHomZ/norw=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5ZyL6ZqbIElTRE4g6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: aW5pdGlhbHMs57iu5a+r5ZCN
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms5L2P5a625Zyw5Z2A
+attributeDisplayNames:: aG9tZVBob25lLOS9j+Wuhembu+ipsQ==
+attributeDisplayNames:: aG9tZURyaXZlLOS4u+ebrumMhOejgeeinw==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzkuLvnm67pjITos4fmlpnlpL4=
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjeWtlw==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizkuJbopbLnqLHorII=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLOWCs+ecn+iZn+eivA==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzlk6Hlt6XorZjliKXnorw=
+attributeDisplayNames:: ZGl2aXNpb24s6JmV
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDovqjliKXlkI3nqLE=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXpg6jlsaw=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jploA=
+attributeDisplayNames:: Y29tcGFueSzlhazlj7g=
+attributeDisplayNames:: Y29tbWVudCzoqLvop6M=
+attributeDisplayNames:: Y28s5ZyL5a62KOWcsOWNgCk=
+attributeDisplayNames:: YyzlnIvlrrYo5Zyw5Y2AKee4ruWvqw==
+attributeDisplayNames:: Y24s5ZCN56ix
+attributeDisplayNames:: YXNzaXN0YW50LOWKqeeQhg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 576k57WE
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us57ay5Z2A
+attributeDisplayNames:: dXJsLOe2suWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs576k57WE5ZCN56ixIChXaW5kb3dzIDIwMDAg5YmN54mIKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs6L6m5YWs5Zyw6bue
+attributeDisplayNames:: aW5mbyzms6jmhI/kuovpoIU=
+attributeDisplayNames:: bWVtYmVyLOaIkOWToQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: bCznuKMv5biC
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDovqjliKXlkI3nqLE=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: YyzlnIvlrrYo5Zyw5Y2AKee4ruWvqw==
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 57ay5Z+f
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGMs5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 6YCj57Wh5Lq6
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us57ay5Z2A
+attributeDisplayNames:: dXJsLOe2suWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: dGl0bGUs5bel5L2c6IG356ix
+attributeDisplayNames:: dGVsZXhOdW1iZXIs6Zu75YKz6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOmbu+ipseiZn+eivA==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzooZfpgZPlnLDlnYA=
+attributeDisplayNames:: c3Qs55yB
+attributeDisplayNames:: c24s5aeT5rCP
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOmbu+WCs+iZn+eivA==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWci+mamyBJU0ROIOiZn+eivA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzpg7XmlL/kv6HnrrE=
+attributeDisplayNames:: cG9zdGFsQ29kZSzpg7XpgZ7ljYDomZ8=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs6L6m5YWs5Zyw6bue
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSznqLHorII=
+attributeDisplayNames:: cGFnZXIs5ZG85Y+r5Zmo6Jmf56K8
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJQYWdlcizlkbzlj6vlmajomZ/norwgKOWFtuS7lik=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs6KGM5YuV6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOmbu+WtkOmDteS7tuWcsOWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOmbu+ipseiZn+eivCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs5L2P5a6F6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs5YKz55yf6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: bW9iaWxlLOihjOWLlembu+ipseiZn+eivA==
+attributeDisplayNames:: bWlkZGxlTmFtZSzkuK3plpPlkI3lrZc=
+attributeDisplayNames:: bWVtYmVyT2Ys6Zq45bGs5pa8
+attributeDisplayNames:: bWFuYWdlcizkuLvnrqE=
+attributeDisplayNames:: bWFpbCzpm7vlrZDpg7Xku7blnLDlnYA=
+attributeDisplayNames:: bCznuKMv5biC
+attributeDisplayNames:: aXBQaG9uZSxJUCDpm7voqbHomZ/norw=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5ZyL6ZqbIElTRE4g6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: aW5mbyzms6jmhI/kuovpoIU=
+attributeDisplayNames:: aW5pdGlhbHMs57iu5a+r5ZCN
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms5L2P5a625Zyw5Z2A
+attributeDisplayNames:: aG9tZVBob25lLOS9j+Wuhembu+ipsQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjeWtlw==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizkuJbopbLnqLHorII=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLOWCs+ecn+iZn+eivA==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzlk6Hlt6XorZjliKXnorw=
+attributeDisplayNames:: ZGl2aXNpb24s6JmV
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDovqjliKXlkI3nqLE=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs6aGv56S65ZCN56ix
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXpg6jlsaw=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jploA=
+attributeDisplayNames:: Y29tcGFueSzlhazlj7g=
+attributeDisplayNames:: Y29tbWVudCzoqLvop6M=
+attributeDisplayNames:: Y24s5ZCN56ix
+attributeDisplayNames:: Y28s5ZyL5a62KOWcsOWNgCk=
+attributeDisplayNames:: YyzlnIvlrrYo5Zyw5Y2AKee4ruWvqw==
+attributeDisplayNames:: YXNzaXN0YW50LOWKqeeQhg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 57ay5Z+f5Y6f5YmH
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5pys5qmf5Y6f5YmH
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5pyN5YuZ
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 6Zu76IWm
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs6Zu76IWm5ZCN56ixIChXaW5kb3dzIDIwMDAg5YmN54mIKQ==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizkvZzmpa3ns7vntbHniYjmnKw=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLOS9nOalreezu+e1sQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5Y2w6KGo5qmf
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlciznianku7bniYjmnKw=
+attributeDisplayNames:: dXJsLOe2suWdgA==
+attributeDisplayNames:: c2VydmVyTmFtZSzkvLrmnI3lmajlkI3nqLE=
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzmlK/mj7Too53oqII=
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUs5YWx55So5ZCN56ix
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzpoIEv5YiG6ZCY
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzpgJ/luqbllq7kvY0=
+attributeDisplayNames:: cHJpbnRSYXRlLOmAn+W6pg==
+attributeDisplayNames:: cHJpbnRPd25lcizmk4HmnInogIXlkI3nqLE=
+attributeDisplayNames:: cHJpbnRNZW1vcnks5bey5a6J6KOd55qE6KiY5oa26auU
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzmlK/mj7TnmoTntJnlvLXpoZ7lnos=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LOWPr+S9v+eUqOe0meW8tQ==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLOacgOWkp+ino+aekOW6pg==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSzljbDooajmqZ/oqp7oqIA=
+attributeDisplayNames:: cHJpbnRlck5hbWUs5ZCN56ix
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQs5pSv5o+06ZuZ6Z2i5YiX5Y2w
+attributeDisplayNames:: cHJpbnRDb2xvcizmlK/mj7TlvanoibLliJfljbA=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLOaUr+aPtOagoeWwjQ==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzpgIHntJnljKM=
+attributeDisplayNames:: cG9ydE5hbWUs6YCj5o6l5Z+g
+attributeDisplayNames:: bG9jYXRpb24s5L2N572u
+attributeDisplayNames:: ZHJpdmVyTmFtZSzlnovomZ8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Ki76Kej
+attributeDisplayNames:: Y29udGFjdE5hbWUs6YCj57Wh5Lq6
+attributeDisplayNames:: YXNzZXROdW1iZXIs6LOH55Si57eo6Jmf
+attributeDisplayNames:: dU5DTmFtZSzntrLot6/lkI3nqLE=
+attributeDisplayNames:: Y24s55uu6YyE5pyN5YuZ5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 56uZ5Y+w
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 5Ly65pyN5Zmo
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 6Kit5a6a5YC8
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 57ay5Z+f5o6n5Yi256uZ6Kit5a6a
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 6YCj57ea
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOioreWumuWAvA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOikh+Wvq+e1hA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 5a2Q57ay6Lev
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 57ay56uZ6YCj57WQ
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 57ay56uZ6YCj57WQ5qmL5o6l5Zmo
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 56uZ5Y+w6ZaT5YKz6Ly4
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 5o6I5qyK57ay56uZ6Kit5a6a5YC8
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: 56uZ5Y+w6Kit5a6a5YC8
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOaIkOWToQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOioguaItg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOiogumWsQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 57WE57mU5Zau5L2N
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: b3Us5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5a655Y2A
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UlBDIOacjeWLmQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 5Y+X5L+h5Lu755qE57ay5Z+f
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5YWx55So6LOH5paZ5aS+
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSzntrLot6/ot6/lvpE=
+attributeDisplayNames:: a2V5d29yZHMs6Zec6Y215a2X
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDkvYfliJc=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDntYTmhYs=
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ Enterprise
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUSDljYfntJrkvb/nlKjogIU=
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDot6/nlLHpgKPntZA=
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDoqK3lrprlgLw=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUSDot6/nlLHliKXlkI0=
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSzmoLzlvI/lkI3nqLE=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: TVNNUSDnvqTntYQ=
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLOaIkOWToeS9h+WIlw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 6YGg56uv5a2Y5pS+5pyN5YuZ
+adminContextMenu:: MCznrqHnkIYoJk0pLi4uLFJzQWRtaW4ubXNj
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSzpg7XpgZ7ljYDomZ8sMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAg6Zu75a2Q6YO15Lu25Zyw5Z2ALDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUs5L2/55So6ICF55m75YWl5ZCN56ixLDAsMjAwLDA=
+extraColumns:: dGl0bGUs5bel5L2c6IG356ixLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyznm67mqJnkvY3lnYAsMCwxMDAsMA==
+extraColumns:: c3Qs55yBLDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs6L6m5YWs5a6kLDAsMTAwLDA=
+extraColumns:: d2hlbkNoYW5nZWQs5L+u5pS55pel5pyfLDAsMTMwLDA=
+extraColumns:: c24s5aeT5rCPLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkws56uL5Y2z6KiK5oGvIFVSTCwwLDE0MCww
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCznq4vljbPoqIrmga/kuLvkvLrmnI3lmagsMCwxNzAsMA==
+extraColumns:: Z2l2ZW5OYW1lLOWQjeWtlywwLDEwMCww
+extraColumns:: aG9tZU1EQixFeGNoYW5nZSDkv6HnrrHlrZjmlL7ljYAsMCwxMDAsMA==
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlIOWIpeWQjSwwLDE3NSww
+extraColumns:: bWFpbCzpm7vlrZDpg7Xku7blnLDlnYAsMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsV2luZG93cyAyMDAwIOWJjeeJiOeZu+WFpeWQjeeosSwwLDEyMCww
+extraColumns:: ZGlzcGxheU5hbWUs6aGv56S65ZCN56ixLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCzpg6jploAsMCwxNTAsMA==
+extraColumns:: YyzlnIvlrrYo5Zyw5Y2AKSwwLC0xLDA=
+extraColumns:: Y29tcGFueSzlhazlj7gsMCwxNTAsMA==
+extraColumns:: bCznuKMv5biCLDAsMTUwLDA=
+extraColumns:: dGVsZXBob25lTnVtYmVyLOWFrOWPuOmbu+ipsSwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 57ay56uZ5a655Y2A
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 56uZ5Y+w6ZaT5YKz6Ly45a655Y2A
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 5a2Q57ay6Lev5a655Y2A
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 5Ly65pyN5Zmo5a655Y2A
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeSDmnI3li5k=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 5p+l6Kmi5Y6f5YmH
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 5aSW6YOo5a6J5YWo5oCn5Y6f5YmH
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: 5oaR6K2J56+E5pys
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LOS4iuasoeW3suefpeeItuezuywxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LOWKqeeQhg==
+attributeDisplayNames:: Y24s5ZCN56ix
+attributeDisplayNames:: YyzlnIvlrrYo5Zyw5Y2AKee4ruWvqw==
+attributeDisplayNames:: Y28s5ZyL5a62KOWcsOWNgCk=
+attributeDisplayNames:: Y29tbWVudCzoqLvop6M=
+attributeDisplayNames:: Y29tcGFueSzlhazlj7g=
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jploA=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXpg6jlsaw=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDovqjliKXlkI3nqLE=
+attributeDisplayNames:: ZGl2aXNpb24s6JmV
+attributeDisplayNames:: ZW1wbG95ZWVJRCzlk6Hlt6XorZjliKXnorw=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLOWCs+ecn+iZn+eivA==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizkuJbopbLnqLHorII=
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjeWtlw==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzkuLvnm67pjITos4fmlpnlpL4=
+attributeDisplayNames:: aG9tZURyaXZlLOS4u+ebrumMhOejgeeinw==
+attributeDisplayNames:: aG9tZVBob25lLOS9j+Wuhembu+ipsQ==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms5L2P5a625Zyw5Z2A
+attributeDisplayNames:: aW5pdGlhbHMs57iu5a+r5ZCN
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5ZyL6ZqbIElTRE4g6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: aXBQaG9uZSxJUCDpm7voqbHomZ/norw=
+attributeDisplayNames:: bCznuKMv5biC
+attributeDisplayNames:: bWFpbCzpm7vlrZDpg7Xku7blnLDlnYA=
+attributeDisplayNames:: bWFuYWdlcizkuLvnrqE=
+attributeDisplayNames:: bWVtYmVyT2Ys6Zq45bGs5pa8
+attributeDisplayNames:: bWlkZGxlTmFtZSzkuK3plpPlkI3lrZc=
+attributeDisplayNames:: bW9iaWxlLOihjOWLlembu+ipseiZn+eivA==
+attributeDisplayNames:: aW5mbyzms6jmhI/kuovpoIU=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs5YKz55yf6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs5L2P5a6F6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOmbu+ipseiZn+eivCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOmbu+WtkOmDteS7tuWcsOWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUs6KGM5YuV6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJQYWdlcizlkbzlj6vlmajomZ/norwgKOWFtuS7lik=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: cGFnZXIs5ZG85Y+r5Zmo6Jmf56K8
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSznqLHorII=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs6L6m5YWs5Zyw6bue
+attributeDisplayNames:: cG9zdGFsQ29kZSzpg7XpgZ7ljYDomZ8=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzpg7XmlL/kv6HnrrE=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWci+mamyBJU0ROIOiZn+eivA==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOmbu+WCs+iZn+eivA==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs55m75YWl5ZCN56ixIChXaW5kb3dzIDIwMDAg5YmN54mIKQ==
+attributeDisplayNames:: c24s5aeT5rCP
+attributeDisplayNames:: c3Qs55yB
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzooZfpgZPlnLDlnYA=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOmbu+ipseiZn+eivA==
+attributeDisplayNames:: dGVsZXhOdW1iZXIs6Zu75YKz6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: dGl0bGUs5bel5L2c6IG356ix
+attributeDisplayNames:: dXJsLOe2suWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUs6aGv56S65ZCN56ix
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyznmbvlhaXlt6XkvZznq5k=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs55m75YWl5ZCN56ix
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us57ay5Z2A
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Grupa IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: VXPFgnVnYSBJbnRlbGxpTWlycm9y
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VcW8eXRrb3duaWs=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXMgc3Ryb255IHcgc2llY2kgV2Vi
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTmF6d2EgbG9nb3dhbmlh
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxMb2dvd2FuaWUgbmEgc3RhY2phY2ggcm9ib2N6eWNo
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTmF6d2Egd3nFm3dpZXRsYW5h
+attributeDisplayNames:: dXJsLEFkcmVzIHN0cm9ueSBzaWVjaSBXZWIgKGlubmUp
+attributeDisplayNames:: dGl0bGUsU3Rhbm93aXNrbw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtZXIgdGVsZWtzdSAoaW5uZSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bWVyIHRlbGVmb251
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxVbGljYQ==
+attributeDisplayNames:: c3QsV29qZXfDs2R6dHdv
+attributeDisplayNames:: c24sTmF6d2lza28=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTmF6d2EgbG9nb3dhbmlhIChzeXN0ZW15IHN0YXJzemUgbmnFvCBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bWVyIHRlbGVrc3U=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE1pxJlkenluYXJvZG93eSBudW1lciBzaWVjaW93eSBJU0RO
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxOdW1lciBza3J6eW5raSBwb2N6dG93ZWo=
+attributeDisplayNames:: cG9zdGFsQ29kZSxLb2QgcG9jenRvd3k=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9rYWxpemFjamEgYml1cmE=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUeXR1xYI=
+attributeDisplayNames:: cGFnZXIsTnVtZXIgcGFnZXJh
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtZXIgdGVsZWZvbnUgc8WCdcW8Ym93ZWdvIChpbm5lKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW1lciBwYWdlcmEgKGlubmUp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtZXIgdGVsZWZvbnUga29tw7Nya293ZWdvIChpbm5lKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEFkcmVzIGUtbWFpbCAoaW5uZSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bWVyIHRlbGVmb251IElQIChpbm5lKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtZXIgdGVsZWZvbnUgZG9tb3dlZ28gKGlubmUp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtZXIgZmFrc3UgKGlubmUp
+attributeDisplayNames:: aW5mbyxOb3RhdGtp
+attributeDisplayNames:: bW9iaWxlLFBvZHN0YXdvd3kgbnVtZXIgdGVsZWZvbnUga29tw7Nya293ZWdv
+attributeDisplayNames:: bWlkZGxlTmFtZSxEcnVnaWUgaW1pxJk=
+attributeDisplayNames:: bWVtYmVyT2YsQ3rFgm9uZWsgZ3J1cHk=
+attributeDisplayNames:: bWFuYWdlcixNZW5lZMW8ZXI=
+attributeDisplayNames:: bWFpbCxBZHJlcyBlLW1haWw=
+attributeDisplayNames:: bCxNaWFzdG8=
+attributeDisplayNames:: aXBQaG9uZSxOdW1lciB0ZWxlZm9udSBJUA==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTWnEmWR6eW5hcm9kb3d5IG51bWVyIHNpZWNpb3d5IElTRE4gKGlubmUp
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2phxYJ5
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXMgZG9tb3d5
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gZG9tb3d5
+attributeDisplayNames:: aG9tZURyaXZlLER5c2sgbWFjaWVyenlzdHk=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxGb2xkZXIgbWFjaWVyenlzdHk=
+attributeDisplayNames:: Z2l2ZW5OYW1lLEltacSZ
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpa3MgcG9rb2xlbmlvd3k=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bWVyIGZha3N1
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZGVudHlmaWthdG9yIHByYWNvd25pa2E=
+attributeDisplayNames:: ZGl2aXNpb24sV3lkemlhxYI=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTmF6d2Egd3lyw7PFvG5pYWrEhWNhIFg1MDA=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxCZXpwb8WbcmVkbmkgcG9kd8WCYWRuaQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEemlhxYI=
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21lbnRhcno=
+attributeDisplayNames:: Y28sS3Jhag==
+attributeDisplayNames:: YyxTeW1ib2wga3JhanU=
+attributeDisplayNames:: Y24sTmF6d2E=
+attributeDisplayNames:: YXNzaXN0YW50LEFzeXN0ZW50
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Grupa
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXMgc3Ryb255IHcgc2llY2kgV2Vi
+attributeDisplayNames:: dXJsLEFkcmVzIHN0cm9ueSBzaWVjaSBXZWIgKGlubmUp
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTmF6d2EgZ3J1cHkgKHN5c3RlbXkgc3RhcnN6ZSBuacW8IFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9rYWxpemFjamEgYml1cmE=
+attributeDisplayNames:: aW5mbyxOb3RhdGtp
+attributeDisplayNames:: bWVtYmVyLEN6xYJvbmtvd2ll
+attributeDisplayNames:: bWFuYWdlZEJ5LFphcnrEhWR6YW5hIHByemV6
+attributeDisplayNames:: bCxNaWFzdG8=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTmF6d2Egd3lyw7PFvG5pYWrEhWNhIFg1MDA=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: YyxTeW1ib2wga3JhanU=
+attributeDisplayNames:: Y24sTmF6d2E=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Domena
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: dc,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Kontakt
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXMgc3Ryb255IHcgc2llY2kgV2Vi
+attributeDisplayNames:: dXJsLEFkcmVzIHN0cm9ueSBzaWVjaSBXZWIgKGlubmUp
+attributeDisplayNames:: dGl0bGUsU3Rhbm93aXNrbw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtZXIgdGVsZWtzdSAoaW5uZSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bWVyIHRlbGVmb251
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxVbGljYQ==
+attributeDisplayNames:: c3QsV29qZXfDs2R6dHdv
+attributeDisplayNames:: c24sTmF6d2lza28=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bWVyIHRlbGVrc3U=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE1pxJlkenluYXJvZG93eSBudW1lciBzaWVjaW93eSBJU0RO
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxOdW1lciBza3J6eW5raSBwb2N6dG93ZWo=
+attributeDisplayNames:: cG9zdGFsQ29kZSxLb2QgcG9jenRvd3k=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9rYWxpemFjamEgYml1cmE=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUeXR1xYI=
+attributeDisplayNames:: cGFnZXIsTnVtZXIgcGFnZXJh
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtZXIgdGVsZWZvbnUgc8WCdcW8Ym93ZWdvIChpbm5lKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW1lciBwYWdlcmEgKGlubmUp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtZXIgdGVsZWZvbnUga29tw7Nya293ZWdvIChpbm5lKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEFkcmVzIGUtbWFpbCAoaW5uZSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bWVyIHRlbGVmb251IElQIChpbm5lKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtZXIgdGVsZWZvbnUgZG9tb3dlZ28gKGlubmUp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtZXIgZmFrc3UgKGlubmUp
+attributeDisplayNames:: bW9iaWxlLFBvZHN0YXdvd3kgbnVtZXIgdGVsZWZvbnUga29tw7Nya293ZWdv
+attributeDisplayNames:: bWlkZGxlTmFtZSxEcnVnaWUgaW1pxJk=
+attributeDisplayNames:: bWVtYmVyT2YsQ3rFgm9uZWsgZ3J1cHk=
+attributeDisplayNames:: bWFuYWdlcixNZW5lZMW8ZXI=
+attributeDisplayNames:: bWFpbCxBZHJlcyBlLW1haWw=
+attributeDisplayNames:: bCxNaWFzdG8=
+attributeDisplayNames:: aXBQaG9uZSxOdW1lciB0ZWxlZm9udSBJUA==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTWnEmWR6eW5hcm9kb3d5IG51bWVyIHNpZWNpb3d5IElTRE4gKGlubmUp
+attributeDisplayNames:: aW5mbyxOb3RhdGtp
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2phxYJ5
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXMgZG9tb3d5
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gZG9tb3d5
+attributeDisplayNames:: Z2l2ZW5OYW1lLEltacSZ
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpa3MgcG9rb2xlbmlvd3k=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bWVyIGZha3N1
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZGVudHlmaWthdG9yIHByYWNvd25pa2E=
+attributeDisplayNames:: ZGl2aXNpb24sV3lkemlhxYI=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTmF6d2Egd3lyw7PFvG5pYWrEhWNhIFg1MDA=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTmF6d2Egd3nFm3dpZXRsYW5h
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxCZXpwb8WbcmVkbmkgcG9kd8WCYWRuaQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEemlhxYI=
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21lbnRhcno=
+attributeDisplayNames:: Y24sTmF6d2E=
+attributeDisplayNames:: Y28sS3Jhag==
+attributeDisplayNames:: YyxTeW1ib2wga3JhanU=
+attributeDisplayNames:: YXNzaXN0YW50LEFzeXN0ZW50
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Zasady domen
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Zasady lokalne
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VXPFgnVnYQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Komputer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTmF6d2Ega29tcHV0ZXJhIChzeXN0ZW15IHN0YXJzemUgbmnFvCBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixXZXJzamEgc3lzdGVtdSBvcGVyYWN5am5lZ28=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLFN5c3RlbSBvcGVyYWN5am55
+attributeDisplayNames:: bWFuYWdlZEJ5LFphcnrEhWR6YW5hIHByemV6
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: Y24sTmF6d2E=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Drukarka
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixXZXJzamEgb2JpZWt0dQ==
+attributeDisplayNames:: dXJsLEFkcmVzIHN0cm9ueSB3IHNpZWNpIFdlYg==
+attributeDisplayNames:: c2VydmVyTmFtZSxOYXp3YSBzZXJ3ZXJh
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxPYnPFgnVndWplIHpzenl3YW5pZQ==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTmF6d2EgdWR6aWHFgnU=
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxTdHJvbiBuYSBtaW51dMSZ
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxKZWRub3N0a2kgc3p5YmtvxZtjaQ==
+attributeDisplayNames:: cHJpbnRSYXRlLFN6eWJrb8WbxIc=
+attributeDisplayNames:: cHJpbnRPd25lcixOYXp3YSB3xYJhxZtjaWNpZWxh
+attributeDisplayNames:: cHJpbnRNZW1vcnksWmFpbnN0YWxvd2FuYSBwYW1pxJnEhw==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxPYnPFgnVnaXdhbmUgZm9ybWF0eSBwYXBpZXJ1
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFBhcGllciBkb3N0xJlwbnk=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLFJvemR6aWVsY3pvxZvEhyBtYWtzeW1hbG5h
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxKxJl6eWsgZHJ1a2Fya2k=
+attributeDisplayNames:: cHJpbnRlck5hbWUsTmF6d2E=
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsT2JzxYJ1Z3VqZSBkcnVrb3dhbmllIGR3dXN0cm9ubmU=
+attributeDisplayNames:: cHJpbnRDb2xvcixPYnPFgnVndWplIGRydWtvd2FuaWUgdyBrb2xvcnpl
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLE9ic8WCdWd1amUgc29ydG93YW5pZQ==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxaYXNvYm5pa2kgd2VqxZtjaW93ZQ==
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydA==
+attributeDisplayNames:: bG9jYXRpb24sTG9rYWxpemFjamE=
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS29tZW50YXJ6
+attributeDisplayNames:: Y29udGFjdE5hbWUsS29udGFrdA==
+attributeDisplayNames:: YXNzZXROdW1iZXIsTnVtZXIgxZtyb2RrYSB0cndhxYJlZ28=
+attributeDisplayNames:: dU5DTmFtZSxOYXp3YSBzaWVjaW93YQ==
+attributeDisplayNames:: Y24sTmF6d2EgdXPFgnVnaSBrYXRhbG9nb3dlag==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Witryna
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Serwer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Ustawienia
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Ustawienia kontrolera domeny
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: UG/FgsSFY3plbmll
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Ustawienia systemu FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Zestaw replik systemu FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: UG9kc2llxIc=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: xYHEhWN6ZSB3aXRyeW55
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: TW9zdCDFgsSFY3phIHdpdHJ5bnk=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: VHJhbnNwb3J0IG1pxJlkenkgd2l0cnluYW1p
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Ustawienia witryny licencjonowania
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName: Ustawienia witryny
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: Q3rFgm9uZWsgc3lzdGVtdSBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Subskrybent systemu FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Subskrypcje systemu FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Jednostka organizacyjna
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LFphcnrEhWR6YW5hIHByemV6
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: b3UsTmF6d2E=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Kontener
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: VXPFgnVnaSBSUEM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Domena zaufana
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: Rm9sZGVyIHVkb3N0xJlwbmlvbnk=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSzFmmNpZcW8a2Egc2llY2lvd2E=
+attributeDisplayNames:: a2V5d29yZHMsU8WCb3dhIGtsdWN6b3dl
+attributeDisplayNames:: bWFuYWdlZEJ5LFphcnrEhWR6YW5hIHByemV6
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: Y24sTmF6d2E=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: S29sZWprYSB1c8WCdWdpIE1TTVE=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: S29uZmlndXJhY2phIHVzxYJ1Z2kgTVNNUQ==
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: UHJ6ZWRzacSZd3ppxJljaWUgdXPFgnVnaSBNU01R
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: VWFrdHVhbG5pb255IHXFvHl0a293bmlrIHVzxYJ1Z2kgTVNNUQ==
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: xYHEhWN6ZSByb3V0aW5ndSB1c8WCdWdpIE1TTVE=
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: VXN0YXdpZW5pYSB1c8WCdWdpIE1TTVE=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: QWxpYXMga29sZWpraSB1c8WCdWdpIE1TTVE=
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Nazwa formatu
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: R3J1cGEgdXPFgnVnaSBNU01R
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLEtvbGVqa2kgY3rFgm9ua8Ozdw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: Y24sTmF6d2E=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: WmRhbG5hIHVzxYJ1Z2EgemFwaXN1asSFY2E=
+adminContextMenu:: MCwmWmFyesSFZHphai4uLixSc0FkbWluLm1zYw==
+attributeDisplayNames: cn,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSxLb2QgcG9jenRvd3ksMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsQWRyZXMgZS1tYWlsIFguNDAwLDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsTmF6d2EgbG9nb3dhbmlhIHXFvHl0a293bmlrYSwwLDIwMCww
+extraColumns:: dGl0bGUsU3Rhbm93aXNrbywwLDEwMCww
+extraColumns:: dGFyZ2V0QWRkcmVzcyxBZHJlcyBkb2NlbG93eSwwLDEwMCww
+extraColumns:: c3QsV29qZXfDs2R6dHdvLDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQml1cm8sMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQsWm1vZHlmaWtvd2FubywwLDEzMCww
+extraColumns:: c24sTmF6d2lza28sMCwxMDAsMA==
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsQWRyZXMgVVJMIG9ic8WCdWdpIHdpYWRvbW/Fm2NpIGLFgnlza2F3aWN6bnljaCwwLDE0MCww
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxTZXJ3ZXIgbWFjaWVyenlzdHkgb2JzxYJ1Z2kgd2lhZG9tb8WbY2kgYsWCeXNrYXdpY3pueWNoLDAsMTcwLDA=
+extraColumns:: Z2l2ZW5OYW1lLEltacSZLDAsMTAwLDA=
+extraColumns:: aG9tZU1EQixNYWdhenluIHNrcnp5bmtpIHBvY3p0b3dlaiBwcm9ncmFtdSBFeGNoYW5nZSwwLDEwMCww
+extraColumns:: bWFpbE5pY2tuYW1lLEFsaWFzIHByb2dyYW11IEV4Y2hhbmdlLDAsMTc1LDA=
+extraColumns:: bWFpbCxBZHJlcyBlLW1haWwsMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsTmF6d2EgbG9nb3dhbmlhIGRsYSBzeXN0ZW11IHN0YXJzemVnbyBuacW8IFdpbmRvd3MgMjAwMCwwLDEyMCww
+extraColumns:: ZGlzcGxheU5hbWUsTmF6d2Egd3nFm3dpZXRsYW5hLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCxEemlhxYIsMCwxNTAsMA==
+extraColumns:: YyxLcmFqLDAsLTEsMA==
+extraColumns:: Y29tcGFueSxGaXJtYSwwLDE1MCww
+extraColumns:: bCxNaWFzdG8sMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLFRlbGVmb24gc8WCdcW8Ym93eSwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Kontener lokacji
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: S29udGVuZXIgdHJhbnNwb3J0dSBtacSZZHp5bG9rYWN5am5lZ28=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Kontener podsieci
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: S29udGVuZXIgc2Vyd2Vyw7N3
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: VXPFgnVnYSBBY3RpdmUgRGlyZWN0b3J5
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Zasady kwerend
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: V3lzdGF3Y2Egb2JjeWNoIHphYmV6cGllY3plxYQ=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Szablon certyfikatu
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LE9zdGF0bmkgem5hbnkgZWxlbWVudCBuYWRyesSZZG55LDEsMzAwLDA=
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzeXN0ZW50
+attributeDisplayNames:: Y24sTmF6d2E=
+attributeDisplayNames:: YyxTeW1ib2wga3JhanU=
+attributeDisplayNames:: Y28sS3Jhag==
+attributeDisplayNames:: Y29tbWVudCxLb21lbnRhcno=
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEemlhxYI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxCZXpwb8WbcmVkbmkgcG9kd8WCYWRuaQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTmF6d2Egd3lyw7PFvG5pYWrEhWNhIFg1MDA=
+attributeDisplayNames:: ZGl2aXNpb24sV3lkemlhxYI=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZGVudHlmaWthdG9yIHByYWNvd25pa2E=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bWVyIGZha3N1
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpa3MgcG9rb2xlbmlvd3k=
+attributeDisplayNames:: Z2l2ZW5OYW1lLEltacSZ
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxGb2xkZXIgbWFjaWVyenlzdHk=
+attributeDisplayNames:: aG9tZURyaXZlLER5c2sgbWFjaWVyenlzdHk=
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gZG9tb3d5
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXMgZG9tb3d5
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2phxYJ5
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTWnEmWR6eW5hcm9kb3d5IG51bWVyIHNpZWNpb3d5IElTRE4gKGlubmUp
+attributeDisplayNames:: aXBQaG9uZSxOdW1lciB0ZWxlZm9udSBJUA==
+attributeDisplayNames:: bCxNaWFzdG8=
+attributeDisplayNames:: bWFpbCxBZHJlcyBlLW1haWw=
+attributeDisplayNames:: bWFuYWdlcixNZW5lZMW8ZXI=
+attributeDisplayNames:: bWVtYmVyT2YsQ3rFgm9uZWsgZ3J1cHk=
+attributeDisplayNames:: bWlkZGxlTmFtZSxEcnVnaWUgaW1pxJk=
+attributeDisplayNames:: bW9iaWxlLFBvZHN0YXdvd3kgbnVtZXIgdGVsZWZvbnUga29tw7Nya293ZWdv
+attributeDisplayNames:: aW5mbyxOb3RhdGtp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtZXIgZmFrc3UgKGlubmUp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtZXIgdGVsZWZvbnUgZG9tb3dlZ28gKGlubmUp
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bWVyIHRlbGVmb251IElQIChpbm5lKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEFkcmVzIGUtbWFpbCAoaW5uZSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtZXIgdGVsZWZvbnUga29tw7Nya293ZWdvIChpbm5lKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW1lciBwYWdlcmEgKGlubmUp
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtZXIgdGVsZWZvbnUgc8WCdcW8Ym93ZWdvIChpbm5lKQ==
+attributeDisplayNames:: cGFnZXIsTnVtZXIgcGFnZXJh
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUeXR1xYI=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9rYWxpemFjamEgYml1cmE=
+attributeDisplayNames:: cG9zdGFsQ29kZSxLb2QgcG9jenRvd3k=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxOdW1lciBza3J6eW5raSBwb2N6dG93ZWo=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE1pxJlkenluYXJvZG93eSBudW1lciBzaWVjaW93eSBJU0RO
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bWVyIHRlbGVrc3U=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTmF6d2EgbG9nb3dhbmlhIChzeXN0ZW15IHN0YXJzemUgbmnFvCBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: c24sTmF6d2lza28=
+attributeDisplayNames:: c3QsV29qZXfDs2R6dHdv
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxVbGljYQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bWVyIHRlbGVmb251
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtZXIgdGVsZWtzdSAoaW5uZSk=
+attributeDisplayNames:: dGl0bGUsU3Rhbm93aXNrbw==
+attributeDisplayNames:: dXJsLEFkcmVzIHN0cm9ueSBzaWVjaSBXZWIgKGlubmUp
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTmF6d2Egd3nFm3dpZXRsYW5h
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxMb2dvd2FuaWUgbmEgc3RhY2phY2ggcm9ib2N6eWNo
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTmF6d2EgbG9nb3dhbmlh
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXMgc3Ryb255IHcgc2llY2kgV2Vi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvci1yeWhtw6Q=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror-palvelu
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: S8OkeXR0w6Rqw6Q=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViLW9zb2l0ZQ==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsS2lyamF1dHVtaXNuaW1p
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxLaXJqYXV0dW1pc3R5w7Zhc2VtYXQ=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTsOkeXR0w7ZuaW1p
+attributeDisplayNames:: dXJsLFdlYi1zaXZ1biBvc29pdGUgKG11dXQp
+attributeDisplayNames:: dGl0bGUsVGVodMOkdsOkbmltaWtl
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzaSAobXV1dCk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFB1aGVsaW5udW1lcm8=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxLYXR1b3NvaXRl
+attributeDisplayNames:: c3QsT3NhdmFsdGlvIHRhaSBwcm92aW5zc2k=
+attributeDisplayNames:: c24sU3VrdW5pbWk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsS2lyamF1dHVtaXNuaW1pIChXaW5kb3dzIDIwMDA6dGEgZWRlbHTDpHbDpHQgdmVyc2lvdCk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrc2k=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEthbnNhaW52w6RsaW5lbiBJU0ROLW51bWVybw==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0aWxva2Vybw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0aW51bWVybw==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVG9pbWlzdG9uIHNpamFpbnRp
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUZWh0w6R2w6Q=
+attributeDisplayNames:: cGFnZXIsSGFrdWxhaXR0ZWVuIG51bWVybw==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsUHVoZWxpbm51bWVybyAobXV1dCk=
+attributeDisplayNames:: b3RoZXJQYWdlcixIYWt1bGFpdHRlZW4gbnVtZXJvIChtdXV0KQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTWF0a2FwdWhlbGluIChtdXV0KQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LFPDpGhrw7Zwb3N0aW9zb2l0ZSAobXV1dCk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXB1aGVsaW5udW1lcm8gKG11dXQp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsS290aXB1aGVsaW5udW1lcm8gKG11dXQp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmFrc2ludW1lcm8gKG11dXQp
+attributeDisplayNames:: aW5mbyxIdW9tYXV0dWtzaWE=
+attributeDisplayNames:: bW9iaWxlLE1hdGthcHVoZWxpbg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxUb2luZW4gbmltaQ==
+attributeDisplayNames:: bWVtYmVyT2YsSsOkc2VueXlz
+attributeDisplayNames:: bWFuYWdlcixFc2ltaWVz
+attributeDisplayNames:: bWFpbCxTw6Roa8O2cG9zdGlvc29pdGU=
+attributeDisplayNames:: bCxLYXVwdW5raQ==
+attributeDisplayNames:: aXBQaG9uZSxJUC1wdWhlbGlubnVtZXJv
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsS2Fuc2FpbnbDpGxpbmVuIElTRE4tbnVtZXJvIChtdXV0KQ==
+attributeDisplayNames:: aW5pdGlhbHMsTmltaWtpcmphaW1ldA==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsS290aW9zb2l0ZQ==
+attributeDisplayNames:: aG9tZVBob25lLEtvdGlwdWhlbGlu
+attributeDisplayNames:: aG9tZURyaXZlLEtvdGlhc2VtYQ==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxLb3Rpa2Fuc2lv
+attributeDisplayNames:: Z2l2ZW5OYW1lLEV0dW5pbWk=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOaW1lbiBsaWl0ZQ==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZha3NpbnVtZXJv
+attributeDisplayNames:: ZW1wbG95ZWVJRCxUecO2bnRla2lqw6R0dW5udXM=
+attributeDisplayNames:: ZGl2aXNpb24sSmFvc3Rv
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMC1uaW1p
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxBbGFpc2V0
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPc2FzdG8=
+attributeDisplayNames:: Y29tcGFueSxZcml0eXM=
+attributeDisplayNames:: Y29tbWVudCxIdW9tYXV0dXM=
+attributeDisplayNames:: Y28sTWFh
+attributeDisplayNames:: YyxNYWFuIGx5aGVubmU=
+attributeDisplayNames:: Y24sTmltaQ==
+attributeDisplayNames:: YXNzaXN0YW50LEF2dXN0YWph
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: UnlobcOk
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViLW9zb2l0ZQ==
+attributeDisplayNames:: dXJsLFdlYi1zaXZ1biBvc29pdGUgKG11dXQp
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsUnlobcOkbiBuaW1pIChXaW5kb3dzIDIwMDA6dGEgZWRlbHTDpHbDpHQgdmVyc2lvdCk=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVG9pbWlzdG9uIHNpamFpbnRp
+attributeDisplayNames:: aW5mbyxIdW9tYXV0dWtzaWE=
+attributeDisplayNames:: bWVtYmVyLErDpHNlbmV0
+attributeDisplayNames:: bWFuYWdlZEJ5LFlsbMOkcGl0w6Rqw6Q=
+attributeDisplayNames:: bCxLYXVwdW5raQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMC1uaW1p
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: YyxNYWFuIGx5aGVubmU=
+attributeDisplayNames:: Y24sTmltaQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Toimialue
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: dc,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: WWh0ZXlzaGVua2lsw7Y=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViLW9zb2l0ZQ==
+attributeDisplayNames:: dXJsLFdlYi1zaXZ1biBvc29pdGUgKG11dXQp
+attributeDisplayNames:: dGl0bGUsVGVodMOkdsOkbmltaWtl
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzaSAobXV1dCk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFB1aGVsaW5udW1lcm8=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxLYXR1b3NvaXRl
+attributeDisplayNames:: c3QsT3NhdmFsdGlvIHRhaSBwcm92aW5zc2k=
+attributeDisplayNames:: c24sU3VrdW5pbWk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrc2k=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEthbnNhaW52w6RsaW5lbiBJU0ROLW51bWVybw==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0aWxva2Vybw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0aW51bWVybw==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVG9pbWlzdG9uIHNpamFpbnRp
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUZWh0w6R2w6Q=
+attributeDisplayNames:: cGFnZXIsSGFrdWxhaXR0ZWVuIG51bWVybw==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsUHVoZWxpbm51bWVybyAobXV1dCk=
+attributeDisplayNames:: b3RoZXJQYWdlcixIYWt1bGFpdHRlZW4gbnVtZXJvIChtdXV0KQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTWF0a2FwdWhlbGluIChtdXV0KQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LFPDpGhrw7Zwb3N0aW9zb2l0ZSAobXV1dCk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXB1aGVsaW5udW1lcm8gKG11dXQp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsS290aXB1aGVsaW5udW1lcm8gKG11dXQp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmFrc2ludW1lcm8gKG11dXQp
+attributeDisplayNames:: bW9iaWxlLE1hdGthcHVoZWxpbg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxUb2luZW4gbmltaQ==
+attributeDisplayNames:: bWVtYmVyT2YsSsOkc2VueXlz
+attributeDisplayNames:: bWFuYWdlcixFc2ltaWVz
+attributeDisplayNames:: bWFpbCxTw6Roa8O2cG9zdGlvc29pdGU=
+attributeDisplayNames:: bCxLYXVwdW5raQ==
+attributeDisplayNames:: aXBQaG9uZSxJUC1wdWhlbGlubnVtZXJv
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsS2Fuc2FpbnbDpGxpbmVuIElTRE4tbnVtZXJvIChtdXV0KQ==
+attributeDisplayNames:: aW5mbyxIdW9tYXV0dWtzaWE=
+attributeDisplayNames:: aW5pdGlhbHMsTmltaWtpcmphaW1ldA==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsS290aW9zb2l0ZQ==
+attributeDisplayNames:: aG9tZVBob25lLEtvdGlwdWhlbGlu
+attributeDisplayNames:: Z2l2ZW5OYW1lLEV0dW5pbWk=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOaW1lbiBsaWl0ZQ==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZha3NpbnVtZXJv
+attributeDisplayNames:: ZW1wbG95ZWVJRCxUecO2bnRla2lqw6R0dW5udXM=
+attributeDisplayNames:: ZGl2aXNpb24sSmFvc3Rv
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMC1uaW1p
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTsOkeXR0w7ZuaW1p
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxBbGFpc2V0
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPc2FzdG8=
+attributeDisplayNames:: Y29tcGFueSxZcml0eXM=
+attributeDisplayNames:: Y29tbWVudCxIdW9tYXV0dXM=
+attributeDisplayNames:: Y24sTmltaQ==
+attributeDisplayNames:: Y28sTWFh
+attributeDisplayNames:: YyxNYWFuIGx5aGVubmU=
+attributeDisplayNames:: YXNzaXN0YW50LEF2dXN0YWph
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VG9pbWlhbHVlZW4ga8OkeXTDpG50w7Y=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: UGFpa2FsbGluZW4ga8OkeXTDpG50w7Y=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Palvelu
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Tietokone
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsVGlldG9rb25lZW4gbmltaSAoV2luZG93cyAyMDAwOnRhIGVkZWx0w6R2w6R0IHZlcnNpb3Qp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixLw6R5dHTDtmrDpHJqZXN0ZWxtw6R2ZXJzaW8=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLEvDpHl0dMO2asOkcmplc3RlbG3DpA==
+attributeDisplayNames:: bWFuYWdlZEJ5LFlsbMOkcGl0w6Rqw6Q=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: Y24sTmltaQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Kirjoitin
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixPYmpla3RpbiB2ZXJzaW8=
+attributeDisplayNames:: dXJsLFdlYi1vc29pdGU=
+attributeDisplayNames:: c2VydmVyTmFtZSxQYWx2ZWxpbm5pbWk=
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxUdWtlZSBuaWRvbnRhYQ==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsSmFrb25pbWk=
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxTaXZ1amEgbWludXV0aXNzYQ==
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxOb3BldXN5a3Npa8O2dA==
+attributeDisplayNames:: cHJpbnRSYXRlLE5vcGV1cw==
+attributeDisplayNames:: cHJpbnRPd25lcixPbWlzdGFqYW4gbmltaQ==
+attributeDisplayNames:: cHJpbnRNZW1vcnksQXNlbm5ldHR1IG11aXN0aQ==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxUdWV0dXQgcGFwZXJpdHl5cGl0
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LEvDpHl0ZXR0w6R2aXNzw6Qgb2xldmF0IHBhcGVyaXQ=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLEVuaW1tw6Rpc3RhcmtrdXVz
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxUdWxvc3R1c2tpZWxp
+attributeDisplayNames:: cHJpbnRlck5hbWUsTmltaQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsVHVrZWUga2Frc2lwdW9saXN0YSB0dWxvc3RhbWlzdGE=
+attributeDisplayNames:: cHJpbnRDb2xvcixUdWtlZSB2w6RyaXR1bG9zdGFtaXN0YQ==
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFR1a2VlIGxhaml0dGVsdWE=
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxTecO2dHTDtmxva2Vyb3Q=
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydHRp
+attributeDisplayNames:: bG9jYXRpb24sU2lqYWludGk=
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNYWxsaQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sSHVvbWF1dHVz
+attributeDisplayNames:: Y29udGFjdE5hbWUsWWh0ZXlzaGVua2lsw7Y=
+attributeDisplayNames:: YXNzZXROdW1iZXIsS2FsdXN0b251bWVybw==
+attributeDisplayNames:: dU5DTmFtZSxWZXJra29uaW1p
+attributeDisplayNames:: Y24sSGFrZW1pc3RvcGFsdmVsdW5pbWk=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Saitti
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Palvelin
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Asetukset
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Toimialueen ohjauskoneen asetukset
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Yhteys
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-asetukset
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-replikointisarja
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Aliverkko
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Saitin linkki
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Saitin linkkisilta
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: U2FpdHRpZW4gdsOkbGluZW4gdGllZG9uc2lpcnRv
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: U2FpdGluIGvDpHl0dMO2b2lrZXVzYXNldHVrc2V0
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName: Saitin asetukset
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTLWrDpHNlbg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-tilaaja
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-tilaukset
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: T3JnYW5pc2FhdGlveWtzaWtrw7YgKE9VKQ==
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LFlsbMOkcGl0w6Rqw6Q=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: b3UsTmltaQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U8OkaWzDtg==
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: RPC-palvelut
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Luotettu toimialue
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Jaettu kansio
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxWZXJra29wb2xrdQ==
+attributeDisplayNames:: a2V5d29yZHMsQXZhaW5zYW5hdA==
+attributeDisplayNames:: bWFuYWdlZEJ5LFlsbMOkcGl0w6Rqw6Q=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: Y24sTmltaQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-jono
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-kokoonpano
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ-organisaatio
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUS1ww6Rpdml0ZXR0eSBrw6R5dHTDpGrDpA==
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-reitityslinkki
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-asetukset
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: MSMQ-jonoalias
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Nimimuoto
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: TVNNUS1yeWhtw6Q=
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLErDpHNlbmpvbm90
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: Y24sTmltaQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: RXTDpHRhbGxlbm51c3BhbHZlbHU=
+adminContextMenu: 0,&Hallitse...,RsAdmin.msc
+attributeDisplayNames: cn,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSxQb3N0aW51bWVybywwLDEwMCww
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAtc8OkaGvDtnBvc3Rpb3NvaXRlLDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsS8OkeXR0w6Rqw6RuIGtpcmphdXR1bWlzbmltaSwwLDIwMCww
+extraColumns:: dGl0bGUsVGVodMOkdsOkbmltaWtlLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyxLb2hkZW9zb2l0ZSwwLDEwMCww
+extraColumns:: c3QsVmFsdGlvLDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVG9pbWlzdG8sMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQsTXVva2F0dHUsMCwxMzAsMA==
+extraColumns:: c24sU3VrdW5pbWksMCwxMDAsMA==
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsUGlrYXZpZXN0aXR5a3NlbiBVUkwsMCwxNDAsMA==
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxQaWthdmllc3RpdHlrc2VuIGtvdGlwYWx2ZWxpbiwwLDE3MCww
+extraColumns:: Z2l2ZW5OYW1lLEV0dW5pbWksMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixFeGNoYW5nZS1zw6Roa8O2cG9zdGlzw6RpbMO2LDAsMTAwLDA=
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlLWFsaWFzLDAsMTc1LDA=
+extraColumns:: bWFpbCxTw6Roa8O2cG9zdGlvc29pdGUsMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsV2luZG93cyAyMDAwOnRhIGVkZWx0w6R2w6Qga2lyamF1dHVtaXNuaW1pLDAsMTIwLDA=
+extraColumns:: ZGlzcGxheU5hbWUsTsOkeXR0w7ZuaW1pLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCxPc2FzdG8sMCwxNTAsMA==
+extraColumns:: YyxNYWEsMCwtMSww
+extraColumns:: Y29tcGFueSxZcml0eXMsMCwxNTAsMA==
+extraColumns:: bCxLYXVwdW5raSwwLDE1MCww
+extraColumns:: dGVsZXBob25lTnVtYmVyLFR5w7ZwdWhlbGlubnVtZXJvLDAsMTAwLDA=
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2FpdGluIHPDpGlsw7Y=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2FpdHRpZW4gdsOkbGlzZW4gdGllZG9uc2lpcnJvbiBzw6RpbMO2
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWxpdmVya29uIHPDpGlsw7Y=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: UGFsdmVsaW1lbiBzw6RpbMO2
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Active Directory -palvelu
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: SGFrdWvDpHl0w6RudMO2
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Ulkoinen suojausobjekti
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Sertifikaattimalli
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LFZpaW1laXNpbiB0dW5uZXR0dSBpc8OkbnTDpCwxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEF2dXN0YWph
+attributeDisplayNames:: Y24sTmltaQ==
+attributeDisplayNames:: YyxNYWFuIGx5aGVubmU=
+attributeDisplayNames:: Y28sTWFh
+attributeDisplayNames:: Y29tbWVudCxIdW9tYXV0dXM=
+attributeDisplayNames:: Y29tcGFueSxZcml0eXM=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPc2FzdG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxBbGFpc2V0
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMC1uaW1p
+attributeDisplayNames:: ZGl2aXNpb24sSmFvc3Rv
+attributeDisplayNames:: ZW1wbG95ZWVJRCxUecO2bnRla2lqw6R0dW5udXM=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZha3NpbnVtZXJv
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOaW1lbiBsaWl0ZQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEV0dW5pbWk=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxLb3Rpa2Fuc2lv
+attributeDisplayNames:: aG9tZURyaXZlLEtvdGlhc2VtYQ==
+attributeDisplayNames:: aG9tZVBob25lLEtvdGlwdWhlbGlu
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsS290aW9zb2l0ZQ==
+attributeDisplayNames:: aW5pdGlhbHMsTmltaWtpcmphaW1ldA==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsS2Fuc2FpbnbDpGxpbmVuIElTRE4tbnVtZXJvIChtdXV0KQ==
+attributeDisplayNames:: aXBQaG9uZSxJUC1wdWhlbGlubnVtZXJv
+attributeDisplayNames:: bCxLYXVwdW5raQ==
+attributeDisplayNames:: bWFpbCxTw6Roa8O2cG9zdGlvc29pdGU=
+attributeDisplayNames:: bWFuYWdlcixFc2ltaWVz
+attributeDisplayNames:: bWVtYmVyT2YsSsOkc2VueXlz
+attributeDisplayNames:: bWlkZGxlTmFtZSxUb2luZW4gbmltaQ==
+attributeDisplayNames:: bW9iaWxlLE1hdGthcHVoZWxpbg==
+attributeDisplayNames:: aW5mbyxIdW9tYXV0dWtzaWE=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmFrc2ludW1lcm8gKG11dXQp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsS290aXB1aGVsaW5udW1lcm8gKG11dXQp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXB1aGVsaW5udW1lcm8gKG11dXQp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LFPDpGhrw7Zwb3N0aW9zb2l0ZSAobXV1dCk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTWF0a2FwdWhlbGluIChtdXV0KQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixIYWt1bGFpdHRlZW4gbnVtZXJvIChtdXV0KQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsUHVoZWxpbm51bWVybyAobXV1dCk=
+attributeDisplayNames:: cGFnZXIsSGFrdWxhaXR0ZWVuIG51bWVybw==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUZWh0w6R2w6Q=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVG9pbWlzdG9uIHNpamFpbnRp
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0aW51bWVybw==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0aWxva2Vybw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEthbnNhaW52w6RsaW5lbiBJU0ROLW51bWVybw==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrc2k=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsS2lyamF1dHVtaXNuaW1pIChXaW5kb3dzIDIwMDA6dGEgZWRlbHTDpHbDpHQgdmVyc2lvdCk=
+attributeDisplayNames:: c24sU3VrdW5pbWk=
+attributeDisplayNames:: c3QsT3NhdmFsdGlvIHRhaSBwcm92aW5zc2k=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxLYXR1b3NvaXRl
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFB1aGVsaW5udW1lcm8=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzaSAobXV1dCk=
+attributeDisplayNames:: dGl0bGUsVGVodMOkdsOkbmltaWtl
+attributeDisplayNames:: dXJsLFdlYi1zaXZ1biBvc29pdGUgKG11dXQp
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTsOkeXR0w7ZuaW1p
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxLaXJqYXV0dW1pc3R5w7Zhc2VtYXQ=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsS2lyamF1dHVtaXNuaW1p
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViLW9zb2l0ZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvciDnu4Q=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvciDmnI3liqE=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 55So5oi3
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us572R6aG15Zyw5Z2A
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs55m75b2V5ZCN
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyznmbvlvZXlt6XkvZznq5k=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs5pi+56S65ZCN
+attributeDisplayNames:: dXJsLOe9kemhteWcsOWdgCjlhbblroMp
+attributeDisplayNames:: dGl0bGUs5bel5L2c6IGM56ew
+attributeDisplayNames:: dGVsZXhOdW1iZXIs55S15oql5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOeUteivneWPt+eggQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzooZfpgZPlnLDlnYA=
+attributeDisplayNames:: c3Qs55yBL+ebtOi+luW4gi/oh6rmsrvljLo=
+attributeDisplayNames:: c24s5aeT
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs55m75b2V5ZCNKFdpbmRvd3MgMjAwMCDku6XliY3niYjmnKwp
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOeUteaKpeWPt+eggQ==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWbvemZhSBJU0ROIOWPt+eggQ==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzpgq7nrrE=
+attributeDisplayNames:: cG9zdGFsQ29kZSzpgq7nvJY=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5Yqe5YWs5a6k5L2N572u
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSznp7Dlkbw=
+attributeDisplayNames:: cGFnZXIs5ZG85py65Y+356CB
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs55S16K+d5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: b3RoZXJQYWdlcizlkbzmnLrlj7fnoIEo5YW25a6DKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUs56e75Yqo55S16K+d5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOeUteWtkOmCruS7tuWcsOWdgCjlhbblroMp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOeUteivneWPt+eggSjlhbblroMp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs5a625bqt55S16K+d5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs5Lyg55yf5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: aW5mbyzms6jph4o=
+attributeDisplayNames:: bW9iaWxlLOenu+WKqOeUteivneWPt+eggQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSzkuK3pl7TlkI0=
+attributeDisplayNames:: bWVtYmVyT2Ys5oiQ5ZGY6Lqr5Lu95bGe5LqO
+attributeDisplayNames:: bWFuYWdlcizkuIrlj7g=
+attributeDisplayNames:: bWFpbCznlLXlrZDpgq7ku7blnLDlnYA=
+attributeDisplayNames:: bCzljr8v5biC
+attributeDisplayNames:: aXBQaG9uZSxJUCDnlLXor53lj7fnoIE=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5Zu96ZmFIElTRE4g5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: aW5pdGlhbHMs6Iux5paH57yp5YaZ5ZCN
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms5a625bqt5Zyw5Z2A
+attributeDisplayNames:: aG9tZVBob25lLOWutuW6reeUteivnQ==
+attributeDisplayNames:: aG9tZURyaXZlLOS4u+mpseWKqOWZqA==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzkuLvmlofku7blpLk=
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjQ==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizkuJbooq3np7DosJM=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLOS8oOecn+WPt+eggQ==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzogYzlkZjnvJblj7c=
+attributeDisplayNames:: ZGl2aXNpb24s5YiG6YOo
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDovqjliKvlkI3np7A=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXkuIvlsZ4=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jpl6g=
+attributeDisplayNames:: Y29tcGFueSzlhazlj7g=
+attributeDisplayNames:: Y29tbWVudCzor7TmmI4=
+attributeDisplayNames:: Y28s5Zu95a62KOWcsOWMuik=
+attributeDisplayNames:: Yyzlm73lrrYo5Zyw5Yy6Kee8qeWGmQ==
+attributeDisplayNames:: Y24s5ZCN56ew
+attributeDisplayNames:: YXNzaXN0YW50LOWKqeaJiw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 57uE
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us572R6aG15Zyw5Z2A
+attributeDisplayNames:: dXJsLOe9kemhteWcsOWdgCjlhbblroMp
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs57uE5ZCNKFdpbmRvd3MgMjAwMCDku6XliY3niYjmnKwp
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5Yqe5YWs5a6k5L2N572u
+attributeDisplayNames:: aW5mbyzms6jph4o=
+attributeDisplayNames:: bWVtYmVyLOaIkOWRmA==
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: bCzljr8v5biC
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDovqjliKvlkI3np7A=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Yyzlm73lrrYo5Zyw5Yy6Kee8qeWGmQ==
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5Z+f
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGMs5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 6IGU57O75Lq6
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us572R6aG15Zyw5Z2A
+attributeDisplayNames:: dXJsLOe9kemhteWcsOWdgCjlhbblroMp
+attributeDisplayNames:: dGl0bGUs5bel5L2c6IGM56ew
+attributeDisplayNames:: dGVsZXhOdW1iZXIs55S15oql5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOeUteivneWPt+eggQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzooZfpgZPlnLDlnYA=
+attributeDisplayNames:: c3Qs55yBL+ebtOi+luW4gi/oh6rmsrvljLo=
+attributeDisplayNames:: c24s5aeT
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOeUteaKpeWPt+eggQ==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWbvemZhSBJU0ROIOWPt+eggQ==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzpgq7nrrE=
+attributeDisplayNames:: cG9zdGFsQ29kZSzpgq7nvJY=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5Yqe5YWs5a6k5L2N572u
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSznp7Dlkbw=
+attributeDisplayNames:: cGFnZXIs5ZG85py65Y+356CB
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs55S16K+d5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: b3RoZXJQYWdlcizlkbzmnLrlj7fnoIEo5YW25a6DKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUs56e75Yqo55S16K+d5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOeUteWtkOmCruS7tuWcsOWdgCjlhbblroMp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOeUteivneWPt+eggSjlhbblroMp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs5a625bqt55S16K+d5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs5Lyg55yf5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: bW9iaWxlLOenu+WKqOeUteivneWPt+eggQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSzkuK3pl7TlkI0=
+attributeDisplayNames:: bWVtYmVyT2Ys5oiQ5ZGY6Lqr5Lu95bGe5LqO
+attributeDisplayNames:: bWFuYWdlcizkuIrlj7g=
+attributeDisplayNames:: bWFpbCznlLXlrZDpgq7ku7blnLDlnYA=
+attributeDisplayNames:: bCzljr8v5biC
+attributeDisplayNames:: aXBQaG9uZSxJUCDnlLXor53lj7fnoIE=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5Zu96ZmFIElTRE4g5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: aW5mbyzms6jph4o=
+attributeDisplayNames:: aW5pdGlhbHMs6Iux5paH57yp5YaZ5ZCN
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms5a625bqt5Zyw5Z2A
+attributeDisplayNames:: aG9tZVBob25lLOWutuW6reeUteivnQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjQ==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizkuJbooq3np7DosJM=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLOS8oOecn+WPt+eggQ==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzogYzlkZjnvJblj7c=
+attributeDisplayNames:: ZGl2aXNpb24s5YiG6YOo
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDovqjliKvlkI3np7A=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs5pi+56S65ZCN
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXkuIvlsZ4=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jpl6g=
+attributeDisplayNames:: Y29tcGFueSzlhazlj7g=
+attributeDisplayNames:: Y29tbWVudCzor7TmmI4=
+attributeDisplayNames:: Y24s5ZCN56ew
+attributeDisplayNames:: Y28s5Zu95a62KOWcsOWMuik=
+attributeDisplayNames:: Yyzlm73lrrYo5Zyw5Yy6Kee8qeWGmQ==
+attributeDisplayNames:: YXNzaXN0YW50LOWKqeaJiw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5Z+f562W55Wl
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5pys5Zyw562W55Wl
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5pyN5Yqh
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 6K6h566X5py6
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs6K6h566X5py65ZCNKFdpbmRvd3MgMjAwMCDku6XliY3niYjmnKwp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizmk43kvZzns7vnu5/niYjmnKw=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLOaTjeS9nOezu+e7nw==
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5omT5Y2w5py6
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcizlr7nosaHniYjmnKw=
+attributeDisplayNames:: dXJsLOe9kemhteWcsOWdgA==
+attributeDisplayNames:: c2VydmVyTmFtZSzmnI3liqHlmajlkI0=
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzmlK/mjIHoo4XorqI=
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUs5YWx5Lqr5ZCN
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzmr4/liIbpkp/pobXmlbA=
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzpgJ/luqbljZXkvY0=
+attributeDisplayNames:: cHJpbnRSYXRlLOmAn+W6pg==
+attributeDisplayNames:: cHJpbnRPd25lcizmiYDmnInogIXlkI3np7A=
+attributeDisplayNames:: cHJpbnRNZW1vcnks5bey6KOF5YaF5a2Y
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzmlK/mjIHnmoTnurjlvKDnsbvlnos=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LOWPr+eUqOe6uOW8oA==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLOacgOWkp+WIhui+qOeOhw==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSzmiZPljbDmnLror63oqIA=
+attributeDisplayNames:: cHJpbnRlck5hbWUs5ZCN56ew
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQs5pSv5oyB5Y+M6Z2i5omT5Y2w
+attributeDisplayNames:: cHJpbnRDb2xvcizmlK/mjIHlvanoibLmiZPljbA=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLOaUr+aMgeWvueeFpw==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzov5vnurjlmag=
+attributeDisplayNames:: cG9ydE5hbWUs56uv5Y+j
+attributeDisplayNames:: bG9jYXRpb24s5L2N572u
+attributeDisplayNames:: ZHJpdmVyTmFtZSzlnovlj7c=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6K+05piO
+attributeDisplayNames:: Y29udGFjdE5hbWUs6IGU57O75Lq6
+attributeDisplayNames:: YXNzZXROdW1iZXIs6LWE5Lqn5Y+356CB
+attributeDisplayNames:: dU5DTmFtZSznvZHnu5zlkI0=
+attributeDisplayNames:: Y24s55uu5b2V5pyN5Yqh5ZCN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 56uZ54K5
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 5pyN5Yqh5Zmo
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 6K6+572u
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 5Z+f5o6n5Yi25Zmo6K6+572u
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 6L+e5o6l
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOiuvue9rg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOWkjeWItumbhg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 5a2Q572R
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 56uZ54K56ZO+5o6l
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 56uZ54K56ZO+5o6l5qGl
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 56uZ6Ze05Lyg6L6T
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 5o6I5p2D56uZ54K56K6+572u
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: 56uZ54K56K6+572u
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOaIkOWRmA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOiuoumYheiAhQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOiuoumYhQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 57uE57uH5Y2V5L2N
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: b3Us5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5a655Zmo
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UlBDIOacjeWKoQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 5Y+X5L+h5Lu75Z+f
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5YWx5Lqr5paH5Lu25aS5
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSznvZHnu5zot6/lvoQ=
+attributeDisplayNames:: a2V5d29yZHMs5YWz6ZSu5a2X
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDpmJ/liJc=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDphY3nva4=
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUSDkvIHkuJrnuqc=
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUSDljYfnuqfnlKjmiLc=
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDot6/nlLHpk77mjqU=
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDorr7nva4=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUSDpmJ/liJfliKvlkI0=
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSzmoLzlvI/lkI0=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: TVNNUSDnu4Q=
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLOaIkOWRmOmYn+WIlw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 6L+c56iL5a2Y5YKo5pyN5Yqh
+adminContextMenu:: MCznrqHnkIYoJk0pLi4uLFJzQWRtaW4ubXNj
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSzpgq7mlL/nvJbnoIEsMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAg55S15a2Q6YKu5Lu25Zyw5Z2ALDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUs55So5oi355m75b2V5ZCN56ewLDAsMjAwLDA=
+extraColumns:: dGl0bGUs5bel5L2c6IGM56ewLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyznm67moIflnLDlnYAsMCwxMDAsMA==
+extraColumns:: c3Qs55yBL+iHquayu+WMuiwwLDEwMCww
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5Yqe5YWs5a6kLDAsMTAwLDA=
+extraColumns:: d2hlbkNoYW5nZWQs5bey5pu05pS5LDAsMTMwLDA=
+extraColumns:: c24s5aeTLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkws5Y2z5pe25raI5oGvIFVSTCwwLDE0MCww
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCzljbPml7bmtojmga/kuLvmnI3liqHlmagsMCwxNzAsMA==
+extraColumns:: Z2l2ZW5OYW1lLOWQjSwwLDEwMCww
+extraColumns:: aG9tZU1EQixFeGNoYW5nZSDpgq7nrrHlrZjlgqgsMCwxMDAsMA==
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlIOWIq+WQjSwwLDE3NSww
+extraColumns:: bWFpbCznlLXlrZDpgq7ku7blnLDlnYAsMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsV2luZG93cyAyMDAwIOS7peWJjeeahOeZu+W9leWQjeensCwwLDEyMCww
+extraColumns:: ZGlzcGxheU5hbWUs5pi+56S65ZCNLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCzpg6jpl6gsMCwxNTAsMA==
+extraColumns:: Yyzlm73lrrYo5Zyw5Yy6KSwwLC0xLDA=
+extraColumns:: Y29tcGFueSzlhazlj7gsMCwxNTAsMA==
+extraColumns:: bCzljr8v5biCLDAsMTUwLDA=
+extraColumns:: dGVsZXBob25lTnVtYmVyLOWVhuWKoeeUteivnSwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 56uZ54K55a655Zmo
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 56uZ6Ze05Lyg6L6T5a655Zmo
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 5a2Q572R5a655Zmo
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 5pyN5Yqh5Zmo5a655Zmo
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeSDmnI3liqE=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 5p+l6K+i562W55Wl
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 5aSW6YOo5a6J5YWo6KeE6IyD
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: 6K+B5Lmm5qih5p2/
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LOacgOi/keS4gOasoeW3suefpeeahOeItiwxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LOWKqeaJiw==
+attributeDisplayNames:: Y24s5ZCN56ew
+attributeDisplayNames:: Yyzlm73lrrYo5Zyw5Yy6Kee8qeWGmQ==
+attributeDisplayNames:: Y28s5Zu95a62KOWcsOWMuik=
+attributeDisplayNames:: Y29tbWVudCzor7TmmI4=
+attributeDisplayNames:: Y29tcGFueSzlhazlj7g=
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jpl6g=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXkuIvlsZ4=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDovqjliKvlkI3np7A=
+attributeDisplayNames:: ZGl2aXNpb24s5YiG6YOo
+attributeDisplayNames:: ZW1wbG95ZWVJRCzogYzlkZjnvJblj7c=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLOS8oOecn+WPt+eggQ==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizkuJbooq3np7DosJM=
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjQ==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzkuLvmlofku7blpLk=
+attributeDisplayNames:: aG9tZURyaXZlLOS4u+mpseWKqOWZqA==
+attributeDisplayNames:: aG9tZVBob25lLOWutuW6reeUteivnQ==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms5a625bqt5Zyw5Z2A
+attributeDisplayNames:: aW5pdGlhbHMs6Iux5paH57yp5YaZ5ZCN
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5Zu96ZmFIElTRE4g5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: aXBQaG9uZSxJUCDnlLXor53lj7fnoIE=
+attributeDisplayNames:: bCzljr8v5biC
+attributeDisplayNames:: bWFpbCznlLXlrZDpgq7ku7blnLDlnYA=
+attributeDisplayNames:: bWFuYWdlcizkuIrlj7g=
+attributeDisplayNames:: bWVtYmVyT2Ys5oiQ5ZGY6Lqr5Lu95bGe5LqO
+attributeDisplayNames:: bWlkZGxlTmFtZSzkuK3pl7TlkI0=
+attributeDisplayNames:: bW9iaWxlLOenu+WKqOeUteivneWPt+eggQ==
+attributeDisplayNames:: aW5mbyzms6jph4o=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs5Lyg55yf5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs5a625bqt55S16K+dKOWFtuWugyk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOeUteivneWPt+eggSjlhbblroMp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOeUteWtkOmCruS7tuWcsOWdgCjlhbblroMp
+attributeDisplayNames:: b3RoZXJNb2JpbGUs56e75Yqo55S16K+d5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: b3RoZXJQYWdlcizlkbzmnLrlj7fnoIEo5YW25a6DKQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs55S16K+d5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: cGFnZXIs5ZG85py65Y+356CB
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSznp7Dlkbw=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5Yqe5YWs5a6k5L2N572u
+attributeDisplayNames:: cG9zdGFsQ29kZSzpgq7nvJY=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzpgq7nrrE=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWbvemZhSBJU0ROIOWPt+eggQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOeUteaKpeWPt+eggQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs55m75b2V5ZCNKFdpbmRvd3MgMjAwMCDku6XliY3niYjmnKwp
+attributeDisplayNames:: c24s5aeT
+attributeDisplayNames:: c3Qs55yBL+ebtOi+luW4gi/oh6rmsrvljLo=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzooZfpgZPlnLDlnYA=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOeUteivneWPt+eggQ==
+attributeDisplayNames:: dGVsZXhOdW1iZXIs55S15oql5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: dGl0bGUs5bel5L2c6IGM56ew
+attributeDisplayNames:: dXJsLOe9kemhteWcsOWdgCjlhbblroMp
+attributeDisplayNames:: ZGlzcGxheU5hbWUs5pi+56S65ZCN
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyznmbvlvZXlt6XkvZznq5k=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs55m75b2V5ZCN
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us572R6aG15Zyw5Z2A
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror Group
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror Service
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 44Om44O844K244O8
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIOODmuODvOOCuCDjgqLjg4njg6zjgrk=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs44Ot44Kw44Kq44Oz5ZCN
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzjg63jgrDjgqrjg7PjgafjgY3jgovjg6/jg7zjgq/jgrnjg4bjg7zjgrfjg6fjg7M=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs6KGo56S65ZCN
+attributeDisplayNames:: dXJsLFdlYiDjg5rjg7zjgrgg44Ki44OJ44Os44K5ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: dGl0bGUs5b256IG3
+attributeDisplayNames:: dGVsZXhOdW1iZXIs44OG44Os44OD44Kv44K555Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOmbu+ipseeVquWPtw==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyznlarlnLA=
+attributeDisplayNames:: c3Qs6YO96YGT5bqc55yM
+attributeDisplayNames:: c24s5aeT
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs44Ot44Kw44Kq44Oz5ZCNIChXaW5kb3dzIDIwMDAg5Lul5YmNKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOODhuODrOODg+OCr+OCueeVquWPtw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWbvemamyBJU0ROIOeVquWPtw==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCznp4Hmm7jnrrE=
+attributeDisplayNames:: cG9zdGFsQ29kZSzpg7Xkvr/nlarlj7c=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5LqL5qWt5omA
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzmlaznp7A=
+attributeDisplayNames:: cGFnZXIs44Od44Kx44OD44OI44OZ44Or55Wq5Y+3
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJQYWdlcizjg53jgrHjg4Pjg4jjg5njg6vnlarlj7cgKOOBneOBruS7lik=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs5pC65biv6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOmbu+WtkOODoeODvOODqyDjgqLjg4njg6zjgrkgKOOBneOBruS7lik=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOmbu+ipseeVquWPtyAo44Gd44Gu5LuWKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs6Ieq5a6F6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRkFYIOeVquWPtyAo44Gd44Gu5LuWKQ==
+attributeDisplayNames:: aW5mbyzjg6Hjg6I=
+attributeDisplayNames:: bW9iaWxlLOaQuuW4r+mbu+ipseeVquWPtw==
+attributeDisplayNames:: bWlkZGxlTmFtZSzjg5/jg4njg6sg44ON44O844Og
+attributeDisplayNames:: bWVtYmVyT2Ys5omA5bGe44GZ44KL44Kw44Or44O844OX
+attributeDisplayNames:: bWFuYWdlcizkuIrlj7g=
+attributeDisplayNames:: bWFpbCzpm7vlrZDjg6Hjg7zjg6sg44Ki44OJ44Os44K5
+attributeDisplayNames:: bCzluILljLrnlLrmnZE=
+attributeDisplayNames:: aXBQaG9uZSxJUCDpm7voqbHnlarlj7c=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5Zu96ZqbIElTRE4g55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: aW5pdGlhbHMs44Kk44OL44K344Oj44Or
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms6Ieq5a6F5L2P5omA
+attributeDisplayNames:: aG9tZVBob25lLOiHquWuhembu+ipseeVquWPtw==
+attributeDisplayNames:: aG9tZURyaXZlLOODm+ODvOODoCDjg4njg6njgqTjg5Y=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzjg5vjg7zjg6Ag44OV44Kp44Or44OA
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjQ==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizlkI3liY3jgrXjg5XjgqPjg4Pjgq/jgrk=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZBWCDnlarlj7c=
+attributeDisplayNames:: ZW1wbG95ZWVJRCznpL7lk6EgSUQ=
+attributeDisplayNames:: ZGl2aXNpb24s5pys6YOo
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDorZjliKXlkI0=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXloLHlkYrogIU=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jnvbI=
+attributeDisplayNames:: Y29tcGFueSzkvJrnpL7lkI0=
+attributeDisplayNames:: Y29tbWVudCzjgrPjg6Hjg7Pjg4g=
+attributeDisplayNames:: Y28s5Zu9
+attributeDisplayNames:: Yyzlm73jga7nlaXlkI0=
+attributeDisplayNames:: Y24s5ZCN5YmN
+attributeDisplayNames:: YXNzaXN0YW50LOOCouOCt+OCueOCv+ODs+ODiA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 44Kw44Or44O844OX
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIOODmuODvOOCuCDjgqLjg4njg6zjgrk=
+attributeDisplayNames:: dXJsLFdlYiDjg5rjg7zjgrgg44Ki44OJ44Os44K5ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs44Kw44Or44O844OX5ZCNIChXaW5kb3dzIDIwMDAg5Lul5YmNKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5LqL5qWt5omA
+attributeDisplayNames:: aW5mbyzjg6Hjg6I=
+attributeDisplayNames:: bWVtYmVyLOODoeODs+ODkA==
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: bCzluILljLrnlLrmnZE=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDorZjliKXlkI0=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Yyzlm73jga7nlaXlkI0=
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 44OJ44Oh44Kk44Oz
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: ZGMs5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 6YCj57Wh5YWI
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIOODmuODvOOCuCDjgqLjg4njg6zjgrk=
+attributeDisplayNames:: dXJsLFdlYiDjg5rjg7zjgrgg44Ki44OJ44Os44K5ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: dGl0bGUs5b256IG3
+attributeDisplayNames:: dGVsZXhOdW1iZXIs44OG44Os44OD44Kv44K555Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOmbu+ipseeVquWPtw==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyznlarlnLA=
+attributeDisplayNames:: c3Qs6YO96YGT5bqc55yM
+attributeDisplayNames:: c24s5aeT
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOODhuODrOODg+OCr+OCueeVquWPtw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWbvemamyBJU0ROIOeVquWPtw==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCznp4Hmm7jnrrE=
+attributeDisplayNames:: cG9zdGFsQ29kZSzpg7Xkvr/nlarlj7c=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5LqL5qWt5omA
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzmlaznp7A=
+attributeDisplayNames:: cGFnZXIs44Od44Kx44OD44OI44OZ44Or55Wq5Y+3
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJQYWdlcizjg53jgrHjg4Pjg4jjg5njg6vnlarlj7cgKOOBneOBruS7lik=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs5pC65biv6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOmbu+WtkOODoeODvOODqyDjgqLjg4njg6zjgrkgKOOBneOBruS7lik=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOmbu+ipseeVquWPtyAo44Gd44Gu5LuWKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs6Ieq5a6F6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRkFYIOeVquWPtyAo44Gd44Gu5LuWKQ==
+attributeDisplayNames:: bW9iaWxlLOaQuuW4r+mbu+ipseeVquWPtw==
+attributeDisplayNames:: bWlkZGxlTmFtZSzjg5/jg4njg6sg44ON44O844Og
+attributeDisplayNames:: bWVtYmVyT2Ys5omA5bGe44GZ44KL44Kw44Or44O844OX
+attributeDisplayNames:: bWFuYWdlcizkuIrlj7g=
+attributeDisplayNames:: bWFpbCzpm7vlrZDjg6Hjg7zjg6sg44Ki44OJ44Os44K5
+attributeDisplayNames:: bCzluILljLrnlLrmnZE=
+attributeDisplayNames:: aXBQaG9uZSxJUCDpm7voqbHnlarlj7c=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5Zu96ZqbIElTRE4g55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: aW5mbyzjg6Hjg6I=
+attributeDisplayNames:: aW5pdGlhbHMs44Kk44OL44K344Oj44Or
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms6Ieq5a6F5L2P5omA
+attributeDisplayNames:: aG9tZVBob25lLOiHquWuhembu+ipseeVquWPtw==
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjQ==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizlkI3liY3jgrXjg5XjgqPjg4Pjgq/jgrk=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZBWCDnlarlj7c=
+attributeDisplayNames:: ZW1wbG95ZWVJRCznpL7lk6EgSUQ=
+attributeDisplayNames:: ZGl2aXNpb24s5pys6YOo
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDorZjliKXlkI0=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs6KGo56S65ZCN
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXloLHlkYrogIU=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jnvbI=
+attributeDisplayNames:: Y29tcGFueSzkvJrnpL7lkI0=
+attributeDisplayNames:: Y29tbWVudCzjgrPjg6Hjg7Pjg4g=
+attributeDisplayNames:: Y24s5ZCN5YmN
+attributeDisplayNames:: Y28s5Zu9
+attributeDisplayNames:: Yyzlm73jga7nlaXlkI0=
+attributeDisplayNames:: YXNzaXN0YW50LOOCouOCt+OCueOCv+ODs+ODiA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 44OJ44Oh44Kk44OzIOODneODquOCt+ODvA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 44Ot44O844Kr44OrIOODneODquOCt+ODvA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 44K144O844OT44K5
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 44Kz44Oz44OU44Ol44O844K/
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs44Kz44Oz44OU44Ol44O844K/5ZCNIChXaW5kb3dzIDIwMDAg5Lul5YmNKQ==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizjgqrjg5rjg6zjg7zjg4bjgqPjg7PjgrAg44K344K544OG44Og44Gu44OQ44O844K444On44Oz
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLOOCquODmuODrOODvOODhuOCo+ODs+OCsCDjgrfjgrnjg4bjg6A=
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 44OX44Oq44Oz44K/
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcizjgqrjg5bjgrjjgqfjgq/jg4jjga7jg5Djg7zjgrjjg6fjg7M=
+attributeDisplayNames:: dXJsLFdlYiDjg5rjg7zjgrgg44Ki44OJ44Os44K5
+attributeDisplayNames:: c2VydmVyTmFtZSzjgrXjg7zjg5Djg7zlkI0=
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzjg5vjg4Hjgq3jgrnmraLjgoHjgpLjgrXjg53jg7zjg4g=
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUs5YWx5pyJ5ZCN
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzjg5rjg7zjgrgv5YiG
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzpgJ/luqbjga7ljZjkvY0=
+attributeDisplayNames:: cHJpbnRSYXRlLOmAn+W6pg==
+attributeDisplayNames:: cHJpbnRPd25lcizmiYDmnInogIXlkI0=
+attributeDisplayNames:: cHJpbnRNZW1vcnks44Kk44Oz44K544OI44O844Or44GV44KM44Gf44Oh44Oi44Oq
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzjgrXjg53jg7zjg4jjgZXjgozjgovnlKjntJnjga7nqK7poZ4=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LOWIqeeUqOWPr+iDveOBqueUqOe0mQ==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLOacgOmrmOino+WDj+W6pg==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSzjg5fjg6rjg7Pjgr/oqIDoqp4=
+attributeDisplayNames:: cHJpbnRlck5hbWUs5ZCN5YmN
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQs5Lih6Z2i5Y2w5Yi344KS44K144Od44O844OI
+attributeDisplayNames:: cHJpbnRDb2xvcizjgqvjg6njg7zljbDliLfjgpLjgrXjg53jg7zjg4g=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLOS4geWQiOOBhOOCkuOCteODneODvOODiA==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzlhaXlipvjg4jjg6zjgqQ=
+attributeDisplayNames:: cG9ydE5hbWUs44Od44O844OI
+attributeDisplayNames:: bG9jYXRpb24s5aC05omA
+attributeDisplayNames:: ZHJpdmVyTmFtZSzjg6Ljg4fjg6s=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s44Kz44Oh44Oz44OI
+attributeDisplayNames:: Y29udGFjdE5hbWUs6YCj57Wh5YWI
+attributeDisplayNames:: YXNzZXROdW1iZXIs6LOH55Sj55Wq5Y+3
+attributeDisplayNames:: dU5DTmFtZSzjg43jg4Pjg4jjg6/jg7zjgq/lkI0=
+attributeDisplayNames:: Y24s44OH44Kj44Os44Kv44OI44OqIOOCteODvOODk+OCueWQjQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 44K144Kk44OI
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 44K144O844OQ44O8
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 6Kit5a6a
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 44OJ44Oh44Kk44OzIOOCs+ODs+ODiOODreODvOODqeOBruioreWumg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 5o6l57aa
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOioreWumg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOikh+ijveeJqeOCu+ODg+ODiA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 44K144OW44ON44OD44OI
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 44K144Kk44OIIOODquODs+OCrw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 44K144Kk44OIIOODquODs+OCryDjg5bjg6rjg4Pjgrg=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 44K144Kk44OI6ZaT44OI44Op44Oz44K544Od44O844OI
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 44Op44Kk44K744Oz44K5IOOCteOCpOODiOOBruioreWumg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: 44K144Kk44OI44Gu6Kit5a6a
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOODoeODs+ODkA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOOCteODluOCueOCr+ODqeOCpOODkA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOOCteODluOCueOCr+ODquODl+OCt+ODp+ODsw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 57WE57mU5Y2Y5L2NIChPVSk=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: b3Us5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 44Kz44Oz44OG44OK
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UlBDIOOCteODvOODk+OCuQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 5L+h6aC844GV44KM44KL5YG044Gu44OJ44Oh44Kk44Oz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5YWx5pyJ44OV44Kp44Or44OA
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSzjg43jg4Pjg4jjg6/jg7zjgq8g44OR44K5
+attributeDisplayNames:: a2V5d29yZHMs44Kt44O844Ov44O844OJ
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDjgq3jg6Xjg7w=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDmp4vmiJA=
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUSDjgqjjg7Pjgr/jg7zjg5fjg6njgqTjgro=
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUSDjgqLjg4Pjg5fjgrDjg6zjg7zjg4nmuIjjgb/jg6bjg7zjgrbjg7w=
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDjg6vjg7zjg4bjgqPjg7PjgrAg44Oq44Oz44Kv
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDoqK3lrpo=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUSDjgq3jg6Xjg7wg44Ko44Kk44Oq44Ki44K5
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSzlvaLlvI/lkI0=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: TVNNUSDjgrDjg6vjg7zjg5c=
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLOODoeODs+ODkCDjgq3jg6Xjg7w=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 44Oq44Oi44O844OI6KiY5oa25Z+f44K144O844OT44K5
+adminContextMenu:: MCznrqHnkIYoJk0pLi4uLFJzQWRtaW4ubXNj
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSzpg7Xkvr/nlarlj7csMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAg6Zu75a2Q44Oh44O844OrIOOCouODieODrOOCuSwwLDEzMCww
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUs44Om44O844K244O8IOODreOCsOOCquODs+WQjSwwLDIwMCww
+extraColumns:: dGl0bGUs5b256IG3LDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyzjgr/jg7zjgrLjg4Pjg4gg44Ki44OJ44Os44K5LDAsMTAwLDA=
+extraColumns:: c3Qs6YO96YGT5bqc55yMLDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5LqL5qWt5omALDAsMTAwLDA=
+extraColumns:: d2hlbkNoYW5nZWQs5pu05paw5pel5pmCLDAsMTMwLDA=
+extraColumns:: c24s5aeTLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkws44Kk44Oz44K544K/44Oz44OIIOODoeODg+OCu+ODvOOCuOODs+OCsCBVUkwsMCwxNDAsMA==
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCzjgqTjg7Pjgrnjgr/jg7Pjg4gg44Oh44OD44K744O844K444Oz44KwIOODm+ODvOODoCDjgrXjg7zjg5Djg7wsMCwxNzAsMA==
+extraColumns:: Z2l2ZW5OYW1lLOWQjSwwLDEwMCww
+extraColumns:: aG9tZU1EQixFeGNoYW5nZSDjg6Hjg7zjg6vjg5zjg4Pjgq/jgrkg44K544OI44KiLDAsMTAwLDA=
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlIOOCqOOCpOODquOCouOCuSwwLDE3NSww
+extraColumns:: bWFpbCzpm7vlrZDjg6Hjg7zjg6sg44Ki44OJ44Os44K5LDAsMTAwLDA=
+extraColumns:: c0FNQWNjb3VudE5hbWUsV2luZG93cyAyMDAwIOS7peWJjeOBruODreOCsOOCquODs+WQjSwwLDEyMCww
+extraColumns:: ZGlzcGxheU5hbWUs6KGo56S65ZCNLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCzpg6jnvbIsMCwxNTAsMA==
+extraColumns:: Yyzlm70sMCwtMSww
+extraColumns:: Y29tcGFueSzkvJrnpL7lkI0sMCwxNTAsMA==
+extraColumns:: bCzluILljLrnlLrmnZEsMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLOWLpOWLmeWFiOmbu+ipsSwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 44K144Kk44OIIOOCs+ODs+ODhuODig==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 44K144Kk44OI6ZaT44OI44Op44Oz44K544Od44O844OIIOOCs+ODs+ODhuODig==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 44K144OW44ON44OD44OIIOOCs+ODs+ODhuODig==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 44K144O844OQ44O8IOOCs+ODs+ODhuODig==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeSDjgrXjg7zjg5Pjgrk=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 44Kv44Ko44OqIOODneODquOCt+ODvA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 5aSW6YOo44Gu44K744Kt44Ol44Oq44OG44KjIOODl+ODquODs+OCt+ODkeODqw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: 6Ki85piO5pu444OG44Oz44OX44Os44O844OI
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LOacgOW+jOOBq+eiuuiqjeOBleOCjOOBn+imqiwxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LOOCouOCt+OCueOCv+ODs+ODiA==
+attributeDisplayNames:: Y24s5ZCN5YmN
+attributeDisplayNames:: Yyzlm73jga7nlaXlkI0=
+attributeDisplayNames:: Y28s5Zu9
+attributeDisplayNames:: Y29tbWVudCzjgrPjg6Hjg7Pjg4g=
+attributeDisplayNames:: Y29tcGFueSzkvJrnpL7lkI0=
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jnvbI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXloLHlkYrogIU=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDorZjliKXlkI0=
+attributeDisplayNames:: ZGl2aXNpb24s5pys6YOo
+attributeDisplayNames:: ZW1wbG95ZWVJRCznpL7lk6EgSUQ=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZBWCDnlarlj7c=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizlkI3liY3jgrXjg5XjgqPjg4Pjgq/jgrk=
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjQ==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzjg5vjg7zjg6Ag44OV44Kp44Or44OA
+attributeDisplayNames:: aG9tZURyaXZlLOODm+ODvOODoCDjg4njg6njgqTjg5Y=
+attributeDisplayNames:: aG9tZVBob25lLOiHquWuhembu+ipseeVquWPtw==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms6Ieq5a6F5L2P5omA
+attributeDisplayNames:: aW5pdGlhbHMs44Kk44OL44K344Oj44Or
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5Zu96ZqbIElTRE4g55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: aXBQaG9uZSxJUCDpm7voqbHnlarlj7c=
+attributeDisplayNames:: bCzluILljLrnlLrmnZE=
+attributeDisplayNames:: bWFpbCzpm7vlrZDjg6Hjg7zjg6sg44Ki44OJ44Os44K5
+attributeDisplayNames:: bWFuYWdlcizkuIrlj7g=
+attributeDisplayNames:: bWVtYmVyT2Ys5omA5bGe44GZ44KL44Kw44Or44O844OX
+attributeDisplayNames:: bWlkZGxlTmFtZSzjg5/jg4njg6sg44ON44O844Og
+attributeDisplayNames:: bW9iaWxlLOaQuuW4r+mbu+ipseeVquWPtw==
+attributeDisplayNames:: aW5mbyzjg6Hjg6I=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRkFYIOeVquWPtyAo44Gd44Gu5LuWKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs6Ieq5a6F6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOmbu+ipseeVquWPtyAo44Gd44Gu5LuWKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOmbu+WtkOODoeODvOODqyDjgqLjg4njg6zjgrkgKOOBneOBruS7lik=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs5pC65biv6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJQYWdlcizjg53jgrHjg4Pjg4jjg5njg6vnlarlj7cgKOOBneOBruS7lik=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: cGFnZXIs44Od44Kx44OD44OI44OZ44Or55Wq5Y+3
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzmlaznp7A=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5LqL5qWt5omA
+attributeDisplayNames:: cG9zdGFsQ29kZSzpg7Xkvr/nlarlj7c=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCznp4Hmm7jnrrE=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWbvemamyBJU0ROIOeVquWPtw==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOODhuODrOODg+OCr+OCueeVquWPtw==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs44Ot44Kw44Kq44Oz5ZCNIChXaW5kb3dzIDIwMDAg5Lul5YmNKQ==
+attributeDisplayNames:: c24s5aeT
+attributeDisplayNames:: c3Qs6YO96YGT5bqc55yM
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyznlarlnLA=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOmbu+ipseeVquWPtw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIs44OG44Os44OD44Kv44K555Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: dGl0bGUs5b256IG3
+attributeDisplayNames:: dXJsLFdlYiDjg5rjg7zjgrgg44Ki44OJ44Os44K5ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: ZGlzcGxheU5hbWUs6KGo56S65ZCN
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzjg63jgrDjgqrjg7PjgafjgY3jgovjg6/jg7zjgq/jgrnjg4bjg7zjgrfjg6fjg7M=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs44Ot44Kw44Kq44Oz5ZCN
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIOODmuODvOOCuCDjgqLjg4njg6zjgrk=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2x1xb5iYSBBY3RpdmUgRGlyZWN0b3J5
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: WsOhc2FkeSBkb3Rhem92w6Fuw60=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: Q2l6w60gb2JqZWt0eSB6YWJlenBlxI1lbsOt
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: xaBhYmxvbmEgY2VydGlmaWvDoXR1
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LFBvc2xlZG7DrSB6bsOhbcO9IG5hZMWZYXplbsO9IG9iamVrdCwxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzaXN0ZW50
+attributeDisplayNames:: Y24sSm3DqW5v
+attributeDisplayNames:: Yyxaa3JhdGthIHplbcSb
+attributeDisplayNames:: Y28sWmVtxJs=
+attributeDisplayNames:: Y29tbWVudCxLb21lbnTDocWZ
+attributeDisplayNames:: Y29tcGFueSxTcG9sZcSNbm9zdA==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPZGTEm2xlbsOt
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxQxZnDrW3DrSBwb2TFmcOtemVuw60=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsUm96bGnFoXVqw61jw60gbsOhemV2IFg1MDA=
+attributeDisplayNames:: ZGl2aXNpb24sT2RkxJtsZW7DrQ==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZGVudGlmaWthxI1uw60gxI3DrXNsbyB6YW3Em3N0bmFuY2U=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG92w6kgxI3DrXNsbw==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixQxZnDrXBvbmEgemEgam3DqW5lbQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEptw6lubw==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxEb21vdnNrw6Egc2xvxb5rYQ==
+attributeDisplayNames:: aG9tZURyaXZlLERvbW92c2vDoSBqZWRub3RrYQ==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gKGRvbcWvKQ==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNhIGRvbcWv
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2nDoWx5IGRhbMWhw61jaCBqbWVu
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTWV6aW7DoXJvZG7DrSDEjcOtc2xvIElTRE4gKG9zdGF0bsOtKQ==
+attributeDisplayNames:: aXBQaG9uZSxUZWxlZm9ubsOtIMSNw61zbG8gSVA=
+attributeDisplayNames:: bCxNxJtzdG8=
+attributeDisplayNames:: bWFpbCxFLW1haWxvdsOhIGFkcmVzYQ==
+attributeDisplayNames:: bWFuYWdlcixOYWTFmcOtemVuw70=
+attributeDisplayNames:: bWVtYmVyT2YsSmUgxI1sZW5lbQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSwyLiBrxZllc3Ruw60gam3DqW5v
+attributeDisplayNames:: bW9iaWxlLE1vYmlsbsOtIHRlbGVmb24=
+attributeDisplayNames:: aW5mbyxQb3puw6Fta3k=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4b3bDqSDEjcOtc2xvIChvc3RhdG7DrSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbiBkb23FryAob3N0YXRuw60p
+attributeDisplayNames:: b3RoZXJJcFBob25lLFRlbGVmb25uw60gxI3DrXNsbyBJUCAob3N0YXRuw60p
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtbWFpbG92w6EgYWRyZXNhIChvc3RhdG7DrSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWxuw60gdGVsZWZvbiAob3N0YXRuw60p
+attributeDisplayNames:: b3RoZXJQYWdlcizEjMOtc2xvIG9wZXLDoXRvcnUgKG9zdGF0bsOtKQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm7DrSDEjcOtc2xvIChvc3RhdG7DrSk=
+attributeDisplayNames:: cGFnZXIsxIzDrXNsbyBvcGVyw6F0b3J1
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxOw6F6ZXY=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVW3DrXN0xJtuw60gcHJhY292acWhdMSb
+attributeDisplayNames:: cG9zdGFsQ29kZSxQU8SM
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb8WhdG92bsOtIHDFmWlocsOhZGth
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE1lemluw6Fyb2Ruw60gxI3DrXNsbyBJU0RO
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLETDoWxub3Bpcw==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsUMWZaWhsYcWhb3ZhY8OtIGptw6lubyAocHJvIHN5c3TDqW15IHN0YXLFocOtIG5lxb4gV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: c24sUMWZw61qbWVuw60=
+attributeDisplayNames:: c3QsT2tyZXM=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc2E=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25uw60gxI3DrXNsbw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsRMOhbG5vcGlzIChvc3RhdG7DrSk=
+attributeDisplayNames:: dGl0bGUsRnVua2Nl
+attributeDisplayNames:: dXJsLFdlYm92w6EgYWRyZXNhIChvc3RhdG7DrSk=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsWm9icmF6b3ZhbsO9IG7DoXpldg==
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxQxZlpaGxhxaFvdmFjw60gcHJhY292bsOtIHN0YW5pY2U=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsUMWZaWhsYcWhb3ZhY8OtIGptw6lubw==
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNhIHN0csOhbmt5IFdXVw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=DS-UI-Default-Settings,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Skupina IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: U2x1xb5iYSBJbnRlbGxpTWlycm9y
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VcW+aXZhdGVs
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNhIHN0csOhbmt5IFdXVw==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsUMWZaWhsYcWhb3ZhY8OtIGptw6lubw==
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxQxZlpaGxhxaFvdmFjw60gcHJhY292bsOtIHN0YW5pY2U=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsWm9icmF6b3ZhbsO9IG7DoXpldg==
+attributeDisplayNames:: dXJsLFdlYm92w6EgYWRyZXNhIChvc3RhdG7DrSk=
+attributeDisplayNames:: dGl0bGUsRnVua2Nl
+attributeDisplayNames:: dGVsZXhOdW1iZXIsRMOhbG5vcGlzIChvc3RhdG7DrSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25uw60gxI3DrXNsbw==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc2E=
+attributeDisplayNames:: c3QsT2tyZXM=
+attributeDisplayNames:: c24sUMWZw61qbWVuw60=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsUMWZaWhsYcWhb3ZhY8OtIGptw6lubyAocHJvIHN5c3TDqW15IHN0YXLFocOtIG5lxb4gV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLETDoWxub3Bpcw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE1lemluw6Fyb2Ruw60gxI3DrXNsbyBJU0RO
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb8WhdG92bsOtIHDFmWlocsOhZGth
+attributeDisplayNames:: cG9zdGFsQ29kZSxQU8SM
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVW3DrXN0xJtuw60gcHJhY292acWhdMSb
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxOw6F6ZXY=
+attributeDisplayNames:: cGFnZXIsxIzDrXNsbyBvcGVyw6F0b3J1
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm7DrSDEjcOtc2xvIChvc3RhdG7DrSk=
+attributeDisplayNames:: b3RoZXJQYWdlcizEjMOtc2xvIG9wZXLDoXRvcnUgKG9zdGF0bsOtKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWxuw60gdGVsZWZvbiAob3N0YXRuw60p
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtbWFpbG92w6EgYWRyZXNhIChvc3RhdG7DrSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLFRlbGVmb25uw60gxI3DrXNsbyBJUCAob3N0YXRuw60p
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbiBkb23FryAob3N0YXRuw60p
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4b3bDqSDEjcOtc2xvIChvc3RhdG7DrSk=
+attributeDisplayNames:: aW5mbyxQb3puw6Fta3k=
+attributeDisplayNames:: bW9iaWxlLE1vYmlsbsOtIHRlbGVmb24=
+attributeDisplayNames:: bWlkZGxlTmFtZSwyLiBrxZllc3Ruw60gam3DqW5v
+attributeDisplayNames:: bWVtYmVyT2YsSmUgxI1sZW5lbQ==
+attributeDisplayNames:: bWFuYWdlcixOYWTFmcOtemVuw70=
+attributeDisplayNames:: bWFpbCxFLW1haWxvdsOhIGFkcmVzYQ==
+attributeDisplayNames:: bCxNxJtzdG8=
+attributeDisplayNames:: aXBQaG9uZSxUZWxlZm9ubsOtIMSNw61zbG8gSVA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTWV6aW7DoXJvZG7DrSDEjcOtc2xvIElTRE4gKG9zdGF0bsOtKQ==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2nDoWx5IGRhbMWhw61jaCBqbWVu
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNhIGRvbcWv
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gKGRvbcWvKQ==
+attributeDisplayNames:: aG9tZURyaXZlLERvbW92c2vDoSBqZWRub3RrYQ==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxEb21vdnNrw6Egc2xvxb5rYQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEptw6lubw==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixQxZnDrXBvbmEgemEgam3DqW5lbQ==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG92w6kgxI3DrXNsbw==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZGVudGlmaWthxI1uw60gxI3DrXNsbyB6YW3Em3N0bmFuY2U=
+attributeDisplayNames:: ZGl2aXNpb24sT2RkxJtsZW7DrQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsUm96bGnFoXVqw61jw60gbsOhemV2IFg1MDA=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxQxZnDrW3DrSBwb2TFmcOtemVuw60=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPZGTEm2xlbsOt
+attributeDisplayNames:: Y29tcGFueSxTcG9sZcSNbm9zdA==
+attributeDisplayNames:: Y29tbWVudCxLb21lbnTDocWZ
+attributeDisplayNames:: Y28sWmVtxJs=
+attributeDisplayNames:: Yyxaa3JhdGthIHplbcSb
+attributeDisplayNames:: Y24sSm3DqW5v
+attributeDisplayNames:: YXNzaXN0YW50LEFzaXN0ZW50
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Skupina
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNhIHN0csOhbmt5IFdXVw==
+attributeDisplayNames:: dXJsLFdlYm92w6EgYWRyZXNhIChvc3RhdG7DrSk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTsOhemV2IHNrdXBpbnkgKHBybyBzeXN0w6lteSBzdGFyxaHDrSBuZcW+IFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVW3DrXN0xJtuw60gcHJhY292acWhdMSb
+attributeDisplayNames:: aW5mbyxQb3puw6Fta3k=
+attributeDisplayNames:: bWVtYmVyLMSMbGVub3bDqQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LFNwcsOhdmNlIG9iamVrdHU=
+attributeDisplayNames:: bCxNxJtzdG8=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsUm96bGnFoXVqw61jw60gbsOhemV2IFg1MDA=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Yyxaa3JhdGthIHplbcSb
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9tw6luYQ==
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: ZGMsSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Kontakt
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNhIHN0csOhbmt5IFdXVw==
+attributeDisplayNames:: dXJsLFdlYm92w6EgYWRyZXNhIChvc3RhdG7DrSk=
+attributeDisplayNames:: dGl0bGUsRnVua2Nl
+attributeDisplayNames:: dGVsZXhOdW1iZXIsRMOhbG5vcGlzIChvc3RhdG7DrSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25uw60gxI3DrXNsbw==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc2E=
+attributeDisplayNames:: c3QsT2tyZXM=
+attributeDisplayNames:: c24sUMWZw61qbWVuw60=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLETDoWxub3Bpcw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE1lemluw6Fyb2Ruw60gxI3DrXNsbyBJU0RO
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb8WhdG92bsOtIHDFmWlocsOhZGth
+attributeDisplayNames:: cG9zdGFsQ29kZSxQU8SM
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVW3DrXN0xJtuw60gcHJhY292acWhdMSb
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxOw6F6ZXY=
+attributeDisplayNames:: cGFnZXIsxIzDrXNsbyBvcGVyw6F0b3J1
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm7DrSDEjcOtc2xvIChvc3RhdG7DrSk=
+attributeDisplayNames:: b3RoZXJQYWdlcizEjMOtc2xvIG9wZXLDoXRvcnUgKG9zdGF0bsOtKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWxuw60gdGVsZWZvbiAob3N0YXRuw60p
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtbWFpbG92w6EgYWRyZXNhIChvc3RhdG7DrSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLFRlbGVmb25uw60gxI3DrXNsbyBJUCAob3N0YXRuw60p
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbiBkb23FryAob3N0YXRuw60p
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4b3bDqSDEjcOtc2xvIChvc3RhdG7DrSk=
+attributeDisplayNames:: bW9iaWxlLE1vYmlsbsOtIHRlbGVmb24=
+attributeDisplayNames:: bWlkZGxlTmFtZSwyLiBrxZllc3Ruw60gam3DqW5v
+attributeDisplayNames:: bWVtYmVyT2YsSmUgxI1sZW5lbQ==
+attributeDisplayNames:: bWFuYWdlcixOYWTFmcOtemVuw70=
+attributeDisplayNames:: bWFpbCxFLW1haWxvdsOhIGFkcmVzYQ==
+attributeDisplayNames:: bCxNxJtzdG8=
+attributeDisplayNames:: aXBQaG9uZSxUZWxlZm9ubsOtIMSNw61zbG8gSVA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTWV6aW7DoXJvZG7DrSDEjcOtc2xvIElTRE4gKG9zdGF0bsOtKQ==
+attributeDisplayNames:: aW5mbyxQb3puw6Fta3k=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2nDoWx5IGRhbMWhw61jaCBqbWVu
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNhIGRvbcWv
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gKGRvbcWvKQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEptw6lubw==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixQxZnDrXBvbmEgemEgam3DqW5lbQ==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG92w6kgxI3DrXNsbw==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZGVudGlmaWthxI1uw60gxI3DrXNsbyB6YW3Em3N0bmFuY2U=
+attributeDisplayNames:: ZGl2aXNpb24sT2RkxJtsZW7DrQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsUm96bGnFoXVqw61jw60gbsOhemV2IFg1MDA=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsWm9icmF6b3ZhbsO9IG7DoXpldg==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxQxZnDrW3DrSBwb2TFmcOtemVuw60=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPZGTEm2xlbsOt
+attributeDisplayNames:: Y29tcGFueSxTcG9sZcSNbm9zdA==
+attributeDisplayNames:: Y29tbWVudCxLb21lbnTDocWZ
+attributeDisplayNames:: Y24sSm3DqW5v
+attributeDisplayNames:: Y28sWmVtxJs=
+attributeDisplayNames:: Yyxaa3JhdGthIHplbcSb
+attributeDisplayNames:: YXNzaXN0YW50LEFzaXN0ZW50
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: WsOhc2FkeSBkb23DqW55
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: TcOtc3Ruw60gesOhc2FkeQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U2x1xb5iYQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: UG/EjcOtdGHEjQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTsOhemV2IHBvxI3DrXRhxI1lIChwcm8gc3lzdMOpbXkgc3RhcsWhw60gbmXFviBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixWZXJ6ZSBvcGVyYcSNbsOtaG8gc3lzdMOpbXU=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLE9wZXJhxI1uw60gc3lzdMOpbQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LFNwcsOhdmNlIG9iamVrdHU=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VGlza8Ohcm5h
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixWZXJ6ZSBvYmpla3R1
+attributeDisplayNames:: dXJsLEFkcmVzYSBzdHLDoW5reSBXV1c=
+attributeDisplayNames:: c2VydmVyTmFtZSxOw6F6ZXYgc2VydmVydQ==
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxQb2Rwb3J1amUgc2XFocOtdsOhbsOt
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTsOhemV2IHNkw61sZW7DqSBwb2xvxb5reQ==
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxTdHLDoW5reSB6YSBtaW51dHU=
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxKZWRub3RreSByeWNobG9zdGk=
+attributeDisplayNames:: cHJpbnRSYXRlLFJ5Y2hsb3N0
+attributeDisplayNames:: cHJpbnRPd25lcixKbcOpbm8gdmxhc3Ruw61rYQ==
+attributeDisplayNames:: cHJpbnRNZW1vcnksSW5zdGFsb3ZhbsOhIHBhbcSbxaU=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxQb2Rwb3JvdmFuw6kgdHlweSBwYXDDrXJ1
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFBhcMOtciBrIGRpc3BvemljaQ==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLE1heGltw6FsbsOtIHJvemxpxaFlbsOt
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxKYXp5ayB0aXNrw6Fybnk=
+attributeDisplayNames:: cHJpbnRlck5hbWUsSm3DqW5v
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsUG9kcG9ydWplIG9ib3VzdHJhbm7DvSB0aXNr
+attributeDisplayNames:: cHJpbnRDb2xvcixQb2Rwb3J1amUgYmFyZXZuw70gdGlzaw==
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFBvZHBvcnVqZSBza2zDoWTDoW7DrQ==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxWc3R1cG7DrSB6w6Fzb2Juw61reQ==
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydA==
+attributeDisplayNames:: bG9jYXRpb24sVW3DrXN0xJtuw60=
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS29tZW50w6HFmQ==
+attributeDisplayNames:: Y29udGFjdE5hbWUsS29udGFrdA==
+attributeDisplayNames:: YXNzZXROdW1iZXIsRXZpZGVuxI1uw60gxI3DrXNsbw==
+attributeDisplayNames:: dU5DTmFtZSxTw63FpW92w70gbsOhemV2
+attributeDisplayNames:: Y24sTsOhemV2IGFkcmVzw6HFmW92w6kgc2x1xb5ieQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: U8OtxaU=
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: TmFzdGF2ZW7DrQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: TmFzdGF2ZW7DrSDFmWFkacSNZSBkb23DqW55
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: UMWZaXBvamVuw60=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: TmFzdGF2ZW7DrSBzbHXFvmJ5IEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: U2FkYSByZXBsaWsgc2x1xb5ieSBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: UG9kc8OtxaU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: U3BvamVuw60gc8OtdMOt
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: TW9zdCBzcG9qZW7DrSBzw610w60=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: UMWZZW5vcyBtZXppIHPDrXTEm21p
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: TmFzdGF2ZW7DrSBsaWNlbmNvdsOhbsOtIHPDrXTEmw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: TmFzdGF2ZW7DrSBzw610xJs=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: xIxsZW4gc2x1xb5ieSBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: w5rEjWFzdG7DrWsgc2x1xb5ieSBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: T2RixJtyeSBzbHXFvmJ5IEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: T3JnYW5pemHEjW7DrSBqZWRub3RrYQ==
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LFNwcsOhdmNlIG9iamVrdHU=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: b3UsSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Kontejner
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: U2x1xb5ieSBSUEM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RMWvdsSbcnlob2Ruw6EgZG9tw6luYQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U2TDrWxlbsOhIHNsb8W+a2E=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxTw63FpW92w6EgY2VzdGE=
+attributeDisplayNames:: a2V5d29yZHMsS2zDrcSNb3bDoSBzbG92YQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LFNwcsOhdmNlIG9iamVrdHU=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: Fronta MSMQ
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: Konfigurace MSMQ
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: Um96bGVobMOhIHPDrcWlIE1TTVE=
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: QWt0dWFsaXpvdmFuw70gdcW+aXZhdGVsIE1TTVE=
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: UHJvcG9qZW7DrSBzbcSbcm92w6Fuw60gZnJvbnR5IE1TTVE=
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TmFzdGF2ZW7DrSBNU01R
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: Alias fronty MSMQ
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSxOw6F6ZXYgZm9ybcOhdHU=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: Skupina MSMQ
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLMSMbGVuc2vDqSBmcm9udHk=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2x1xb5iYSBSZW1vdGUgU3RvcmFnZQ==
+adminContextMenu: 0,&Spravovat...,RsAdmin.msc
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSxQU8SMLDAsMTAwLDA=
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsQWRyZXNhIGVsZWt0cm9uaWNrw6kgcG/FoXR5IFguNDAwLDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsUMWZaWhsYcWhb3ZhY8OtIHXFvml2YXRlbHNrw6kgam3DqW5vLDAsMjAwLDA=
+extraColumns:: dGl0bGUsRnVua2NlLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyxDw61sb3bDoSBhZHJlc2EsMCwxMDAsMA==
+extraColumns:: c3QsU3RhdiwwLDEwMCww
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS2FuY2Vsw6HFmSwwLDEwMCww
+extraColumns:: d2hlbkNoYW5nZWQsWm3Em27Em25vLDAsMTMwLDA=
+extraColumns:: c24sUMWZw61qbWVuw60sMCwxMDAsMA==
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsQWRyZXNhIFVSTCBzbHXFvmJ5IHJ5Y2hsw6lobyB6YXPDrWzDoW7DrSB6cHLDoXYsMCwxNDAsMA==
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxEb21vdnNrw70gc2VydmVyIHJ5Y2hsw6lobyB6YXPDrWzDoW7DrSB6cHLDoXYsMCwxNzAsMA==
+extraColumns:: Z2l2ZW5OYW1lLEptw6lubywwLDEwMCww
+extraColumns:: aG9tZU1EQizDmmxvxb5pxaF0xJsgcG/FoXRvdm7DrWNoIHNjaHLDoW5layBhcGxpa2FjZSBFeGNoYW5nZSwwLDEwMCww
+extraColumns:: bWFpbE5pY2tuYW1lLEFsaWFzIGFwbGlrYWNlIEV4Y2hhbmdlLDAsMTc1LDA=
+extraColumns:: bWFpbCxFLW1haWxvdsOhIGFkcmVzYSwwLDEwMCww
+extraColumns:: c0FNQWNjb3VudE5hbWUsUMWZaWhsYcWhb3ZhY8OtIGptw6lubyB6ZSBzdGFyxaHDrSB2ZXJ6ZSBzeXN0w6ltdSBXaW5kb3dzLDAsMTIwLDA=
+extraColumns:: ZGlzcGxheU5hbWUsWm9icmF6b3ZhbsO9IG7DoXpldiwwLDEwMCww
+extraColumns:: ZGVwYXJ0bWVudCxPZGTEm2xlbsOtLDAsMTUwLDA=
+extraColumns:: YyxaZW3EmywwLC0xLDA=
+extraColumns:: Y29tcGFueSxTcG9sZcSNbm9zdCwwLDE1MCww
+extraColumns:: bCxNxJtzdG8sMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLFRlbGVmb24gKHphbS4pLDAsMTAwLDA=
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: S29uZWpuZXIgc8OtdMSb
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: S29udGVqbmVyIG1lemlzw63FpW92w6lobyBwxZllbm9zdQ==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: S29udGVqbmVyIHBvZHPDrXTDrQ==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: S29udGVqbmVyIHNlcnZlcsWv
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RG9tw61uaW8gY29uZmnDoXZlbA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Pasta compartilhada
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxDYW1pbmhvIGRlIHJlZGU=
+attributeDisplayNames:: a2V5d29yZHMsUGFsYXZyYXMtY2hhdmU=
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmVuY2lhZG8gcG9y
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: Fila MSMQ
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: Q29uZmlndXJhw6fDo28gTVNNUQ==
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ corporativa
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: VXN1w6FyaW8gYXR1YWxpemFkbyBkbyBNU01R
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TGluayBkZSByb3RlYW1lbnRvIGRvIHNlcnZpw6dvIGRlIGVuZmlsZWlyYW1lbnRvIGRlIG1lbnNhZ2VucyBkYSBNaWNyb3NvZnQ=
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: Q29uZmlndXJhw6fDtWVzIE1TTVE=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: Alias da fila MSMQ
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSxOb21lIGRlIGZvcm1hdG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: Grupo MSMQ
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLEZpbGFzIGRlIHBhcnRpY2lwYW50ZXM=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2VydmnDp28gZGUgYXJtYXplbmFtZW50byByZW1vdG8=
+adminContextMenu: 0,&Gerenciar...,RsAdmin.msc
+attributeDisplayNames: cn,Nome
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSxDRVAsMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsRW5kZXJlw6dvIGRlIGVtYWlsIFguNDAwLDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBkZSBsb2dvbiBkbyB1c3XDoXJpbywwLDIwMCww
+extraColumns:: dGl0bGUsQ2FyZ28sMCwxMDAsMA==
+extraColumns:: dGFyZ2V0QWRkcmVzcyxFbmRlcmXDp28gZGUgZGVzdGlubywwLDEwMCww
+extraColumns:: c3QsRXN0YWRvLDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsRXNjcml0w7NyaW8sMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQsTW9kaWZpY2FkbywwLDEzMCww
+extraColumns:: c24sU29icmVub21lLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMIGRlIG1lbnNhZ2VucyBpbnN0YW50w6JuZWFzLDAsMTQwLDA=
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxTZXJ2aWRvciBsb2NhbCBkZSBtZW5zYWdlbnMgaW5zdGFudMOibmVhcywwLDE3MCww
+extraColumns:: Z2l2ZW5OYW1lLE5vbWUsMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixBcm1hemVuYW1lbnRvIGRhIGNhaXhhIGRlIGNvcnJlaW8gZG8gRXhjaGFuZ2UsMCwxMDAsMA==
+extraColumns:: bWFpbE5pY2tuYW1lLEFsaWFzIGRvIEV4Y2hhbmdlLDAsMTc1LDA=
+extraColumns:: bWFpbCxFbmQuIGRlIGVtYWlsLDAsMTAwLDA=
+extraColumns:: c0FNQWNjb3VudE5hbWUsTm9tZSBkZSBsb2dvbiBhbnRlcmlvciBhbyBXaW5kb3dzIDIwMDAsMCwxMjAsMA==
+extraColumns:: ZGlzcGxheU5hbWUsTm9tZSBwYXJhIGV4aWJpw6fDo28sMCwxMDAsMA==
+extraColumns:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8sMCwxNTAsMA==
+extraColumns:: YyxQYcOtcywwLC0xLDA=
+extraColumns:: Y29tcGFueSxFbXByZXNhLDAsMTUwLDA=
+extraColumns:: bCxDaWRhZGUsMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25lIGNvbWVyY2lhbCwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Recipiente de sites
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Recipiente de transportes entre sites
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Recipiente de sub-redes
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Recipiente de servidores
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2VydmnDp28gZG8gQWN0aXZlIERpcmVjdG9yeQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Diretiva de consulta
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: T2JqZXRvIGRlIHNlZ3VyYW7Dp2EgZXh0ZXJubw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Modelo de certificado
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LMOabHRpbW8gcGFpIGNvbmhlY2lkbywxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+attributeDisplayNames:: Y24sTm9tZQ==
+attributeDisplayNames:: YyxBYnJldmlhw6fDo28gZGUgcGHDrXM=
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: Y29tbWVudCxDb21lbnTDoXJpbw==
+attributeDisplayNames:: Y29tcGFueSxFbXByZXNh
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxTdWJvcmRpbmFkb3MgZGlyZXRvcw==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBkaXN0aW50byBYNTAw
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXPDo28=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxDw7NkaWdvIGRvIEZ1bmNpb27DoXJpbw==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZG8gZmF4
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpeG8gZ2VuZXJhdGl2bw==
+attributeDisplayNames:: Z2l2ZW5OYW1lLE5vbWU=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxQYXN0YSBiYXNl
+attributeDisplayNames:: aG9tZURyaXZlLFVuaWRhZGUgYmFzZQ==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25lIHJlc2lkZW5jaWFs
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRW5kZXJlw6dvIHJlc2lkZW5jaWFs
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhaXM=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTsO6bWVybyBJU0ROIGludGVybmFjaW9uYWwgKG91dHJvcyk=
+attributeDisplayNames:: aXBQaG9uZSxUZWxlZm9uZSBJUA==
+attributeDisplayNames:: bCxDaWRhZGU=
+attributeDisplayNames:: bWFpbCxFbmQuIGRlIGVtYWls
+attributeDisplayNames:: bWFuYWdlcixHZXJlbnRl
+attributeDisplayNames:: bWVtYmVyT2YsUGFydGljaXBhbnRlIGRl
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWd1bmRvIG5vbWU=
+attributeDisplayNames:: bW9iaWxlLE7Dum1lcm8gZG8gY2VsdWxhcg==
+attributeDisplayNames:: aW5mbyxPYnNlcnZhw6fDtWVz
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTsO6bWVybyBkbyBmYXggKG91dHJvcyk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbmUgcmVzaWRlbmNpYWwgKG91dHJvcyk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLE7Dum1lcm8gZG8gdGVsZWZvbmUgSVAgKG91dHJvcyk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVuZGVyZcOnbyBkZSBlbWFpbCAob3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTsO6bWVybyBkbyBjZWx1bGFyIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJQYWdlcixOw7ptZXJvIGRvIHBhZ2VyIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTsK6IGRlIHRlbGVmb25lIChvdXRyb3Mp
+attributeDisplayNames:: cGFnZXIsTsO6bWVybyBkbyBwYWdlcg==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsRW5kLiBjb21lcmNpYWw=
+attributeDisplayNames:: cG9zdGFsQ29kZSxDRVA=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxDYWl4YSBwb3N0YWw=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE7Dum1lcm8gSVNETiBpbnRlcm5hY2lvbmFs
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE7Dum1lcm8gZGUgdGVsZXg=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkZSBsb2dvbiAoYW50ZXJpb3IgYW8gV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: c24sU29icmVub21l
+attributeDisplayNames:: c3QsRXN0YWRvL3Byb3bDrW5jaWE=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxFbmRlcmXDp28=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25l
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTsO6bWVybyBkZSB0ZWxleCAob3V0cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkYSBww6FnaW5hIGRhIFdlYiAob3V0cm9zKQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tZSBwYXJhIGV4aWJpw6fDo28=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxFc3Rhw6fDtWVzIGRlIHRyYWJhbGhvIGRlIGxvZ29u
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBkZSBsb2dvbg==
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIG5hIFdlYg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=DS-UI-Default-Settings,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Grupo do IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: U2VydmnDp28gSW50ZWxsaU1pcnJvcg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VXN1w6FyaW8=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIG5hIFdlYg==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBkZSBsb2dvbg==
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxFc3Rhw6fDtWVzIGRlIHRyYWJhbGhvIGRlIGxvZ29u
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tZSBwYXJhIGV4aWJpw6fDo28=
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkYSBww6FnaW5hIGRhIFdlYiAob3V0cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTsO6bWVybyBkZSB0ZWxleCAob3V0cm9zKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25l
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxFbmRlcmXDp28=
+attributeDisplayNames:: c3QsRXN0YWRvL3Byb3bDrW5jaWE=
+attributeDisplayNames:: c24sU29icmVub21l
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkZSBsb2dvbiAoYW50ZXJpb3IgYW8gV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE7Dum1lcm8gZGUgdGVsZXg=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE7Dum1lcm8gSVNETiBpbnRlcm5hY2lvbmFs
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxDYWl4YSBwb3N0YWw=
+attributeDisplayNames:: cG9zdGFsQ29kZSxDRVA=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsRW5kLiBjb21lcmNpYWw=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGFnZXIsTsO6bWVybyBkbyBwYWdlcg==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTsK6IGRlIHRlbGVmb25lIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJQYWdlcixOw7ptZXJvIGRvIHBhZ2VyIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTsO6bWVybyBkbyBjZWx1bGFyIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVuZGVyZcOnbyBkZSBlbWFpbCAob3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLE7Dum1lcm8gZG8gdGVsZWZvbmUgSVAgKG91dHJvcyk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTsO6bWVybyBkZSB0ZWxlZm9uZSBkZSBjYXNhIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTsO6bWVybyBkbyBmYXggKG91dHJvcyk=
+attributeDisplayNames:: aW5mbyxPYnNlcnZhw6fDtWVz
+attributeDisplayNames:: bW9iaWxlLE7Dum1lcm8gZG8gY2VsdWxhcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWd1bmRvIG5vbWU=
+attributeDisplayNames:: bWVtYmVyT2YsUGFydGljaXBhbnRlIGRl
+attributeDisplayNames:: bWFuYWdlcixHZXJlbnRl
+attributeDisplayNames:: bWFpbCxFbmQuIGRlIGVtYWls
+attributeDisplayNames:: bCxDaWRhZGU=
+attributeDisplayNames:: aXBQaG9uZSxUZWxlZm9uZSBJUA==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTsO6bWVybyBJU0ROIGludGVybmFjaW9uYWwgKG91dHJvcyk=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhaXM=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRW5kZXJlw6dvIHJlc2lkZW5jaWFs
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25lIHJlc2lkZW5jaWFs
+attributeDisplayNames:: aG9tZURyaXZlLFVuaWRhZGUgYmFzZQ==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxQYXN0YSBiYXNl
+attributeDisplayNames:: Z2l2ZW5OYW1lLE5vbWU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpeG8gZ2VuZXJhdGl2bw==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZG8gZmF4
+attributeDisplayNames:: ZW1wbG95ZWVJRCxDw7NkaWdvIGRvIEZ1bmNpb27DoXJpbw==
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXPDo28=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBkaXN0aW50byBYNTAw
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxTdWJvcmRpbmFkb3MgZGlyZXRvcw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: Y29tcGFueSxFbXByZXNh
+attributeDisplayNames:: Y29tbWVudCxDb21lbnTDoXJpbw==
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: YyxBYnJldmlhw6fDo28gZGUgcGHDrXM=
+attributeDisplayNames:: Y24sTm9tZQ==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Grupo
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIG5hIFdlYg==
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkYSBww6FnaW5hIGRhIFdlYiAob3V0cm9zKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkbyBncnVwbyAoYW50ZXJpb3IgYW8gV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsRW5kLiBjb21lcmNpYWw=
+attributeDisplayNames:: aW5mbyxPYnNlcnZhw6fDtWVz
+attributeDisplayNames:: bWVtYmVyLFBhcnRpY2lwYW50ZXM=
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmVuY2lhZG8gcG9y
+attributeDisplayNames:: bCxDaWRhZGU=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBkaXN0aW50byBYNTAw
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: YyxBYnJldmlhw6fDo28gZGUgcGHDrXM=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9tw61uaW8=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: ZGMsTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contato
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIG5hIFdlYg==
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkYSBww6FnaW5hIGRhIFdlYiAob3V0cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTsO6bWVybyBkZSB0ZWxleCAob3V0cm9zKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25l
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxFbmRlcmXDp28=
+attributeDisplayNames:: c3QsRXN0YWRvL3Byb3bDrW5jaWE=
+attributeDisplayNames:: c24sU29icmVub21l
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE7Dum1lcm8gZGUgdGVsZXg=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE7Dum1lcm8gSVNETiBpbnRlcm5hY2lvbmFs
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxDYWl4YSBwb3N0YWw=
+attributeDisplayNames:: cG9zdGFsQ29kZSxDRVA=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsRW5kLiBjb21lcmNpYWw=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGFnZXIsTsO6bWVybyBkbyBwYWdlcg==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTsK6IGRlIHRlbGVmb25lIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJQYWdlcixOw7ptZXJvIGRvIHBhZ2VyIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTsO6bWVybyBkbyBjZWx1bGFyIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVuZGVyZcOnbyBkZSBlbWFpbCAob3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLE7Dum1lcm8gZG8gdGVsZWZvbmUgSVAgKG91dHJvcyk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTsO6bWVybyBkZSB0ZWxlZm9uZSBkZSBjYXNhIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTsO6bWVybyBkbyBmYXggKG91dHJvcyk=
+attributeDisplayNames:: bW9iaWxlLE7Dum1lcm8gZG8gY2VsdWxhcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWd1bmRvIG5vbWU=
+attributeDisplayNames:: bWVtYmVyT2YsUGFydGljaXBhbnRlIGRl
+attributeDisplayNames:: bWFuYWdlcixHZXJlbnRl
+attributeDisplayNames:: bWFpbCxFbmQuIGRlIGVtYWls
+attributeDisplayNames:: bCxDaWRhZGU=
+attributeDisplayNames:: aXBQaG9uZSxUZWxlZm9uZSBJUA==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTsO6bWVybyBJU0ROIGludGVybmFjaW9uYWwgKG91dHJvcyk=
+attributeDisplayNames:: aW5mbyxPYnNlcnZhw6fDtWVz
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhaXM=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRW5kZXJlw6dvIHJlc2lkZW5jaWFs
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25lIHJlc2lkZW5jaWFs
+attributeDisplayNames:: Z2l2ZW5OYW1lLE5vbWU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpeG8gZ2VuZXJhdGl2bw==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZG8gZmF4
+attributeDisplayNames:: ZW1wbG95ZWVJRCxDw7NkaWdvIGRvIEZ1bmNpb27DoXJpbw==
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXPDo28=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBkaXN0aW50byBYNTAw
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tZSBwYXJhIGV4aWJpw6fDo28=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxTdWJvcmRpbmFkb3MgZGlyZXRvcw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: Y29tcGFueSxFbXByZXNh
+attributeDisplayNames:: Y29tbWVudCxDb21lbnTDoXJpbw==
+attributeDisplayNames:: Y24sTm9tZQ==
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: YyxBYnJldmlhw6fDo28gZGUgcGHDrXM=
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RGlyZXRpdmEgZGUgZG9tw61uaW8=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Diretiva local
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U2VydmnDp28=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Computador
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBjb21wdXQuIChwcsOpLVdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixWZXJzw6NvIGRvIHNpc3QuIG9wZXJhY2lvbmFs
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLFNpc3RlbWEgb3BlcmFjaW9uYWw=
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmVuY2lhZG8gcG9y
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Impressora
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixWZXJzw6NvIGRvIG9iamV0bw==
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBuYSBXZWI=
+attributeDisplayNames:: c2VydmVyTmFtZSxOb21lIGRvIHNlcnZpZG9y
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxTdXBvcnRlIGEgZ3JhbXBlYW1lbnRv
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTm9tZSBkbyBjb21wYXJ0aWxoYW1lbnRv
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxQw6FnaW5hcyBwb3IgbWludXRv
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxVbmlkYWRlcyBkZSB2ZWxvY2lkYWRl
+attributeDisplayNames:: cHJpbnRSYXRlLFZlbG9jaWRhZGU=
+attributeDisplayNames:: cHJpbnRPd25lcixOb21lIGRvIHByb3ByaWV0w6FyaW8=
+attributeDisplayNames:: cHJpbnRNZW1vcnksTWVtw7NyaWEgaW5zdGFsYWRh
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxUaXBvcyBkZSBwYXBlbCBwZXJtaXRpZG9z
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFBhcGVsIGRpc3BvbsOtdmVs
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLFJlc29sdcOnw6NvIG3DoXhpbWE=
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxJZGlvbWEgZGEgaW1wcmVzc29yYQ==
+attributeDisplayNames:: cHJpbnRlck5hbWUsTm9tZQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsU3Vwb3J0ZSBhIGltcHJlc3PDo28gZnJlbnRlIGUgdmVyc28=
+attributeDisplayNames:: cHJpbnRDb2xvcixTdXBvcnRlIGEgaW1wcmVzc8OjbyBhIGNvcmVz
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFN1cG9ydGUgYSBlbXVsYcOnw6Nv
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxCYW5kZWphcyBkZSBlbnRyYWRh
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydGE=
+attributeDisplayNames:: bG9jYXRpb24sTG9jYWw=
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQ29tZW50w6FyaW8=
+attributeDisplayNames:: Y29udGFjdE5hbWUsQ29udGF0bw==
+attributeDisplayNames:: YXNzZXROdW1iZXIsTsO6bWVybyBkbyByZWN1cnNv
+attributeDisplayNames:: dU5DTmFtZSxOb21lIGRhIHJlZGU=
+attributeDisplayNames:: Y24sTm9tZSBkbyBzZXJ2acOnbyBkZSBkaXJldMOzcmlv
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Site
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Servidor
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: Q29uZmlndXJhw6fDtWVz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: Q29uZmlndXJhw6fDtWVzIGRvIGNvbnRyb2xhZG9yIGRvIGRvbcOtbmlv
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: Q29uZXjDo28=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: Q29uZmlndXJhw6fDtWVzIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: Q29uanVudG8gZGUgcsOpcGxpY2FzIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Sub-rede
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Link de site
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Ponte de link de site
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Transporte entre sites
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: Q29uZmlndXJhw6fDtWVzIGRlIHNpdGUgZGUgbGljZW5jaWFtZW50bw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: RGVmaW5pw6fDtWVzIGRlIHNpdGU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Membro FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Assinante FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Assinaturas FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Unidade organizacional
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmVuY2lhZG8gcG9y
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: b3UsTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Recipiente
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: U2VydmnDp29zIGRlIGNoYW1hZGEgZGUgcHJvY2VkaW1lbnRvIHJlbW90bw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: UGFyYW3DqHRyZSBkdSBzaXRlIGRlIGdlc3Rpb24gZGVzIGxpY2VuY2Vz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: UGFyYW3DqHRyZXMgZHUgc2l0ZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Membre FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: QWJvbm7DqSBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Abonnements FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VW5pdMOpIGQnb3JnYW5pc2F0aW9uwqA=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LEfDqXLDqSBwYXI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcHRpb24=
+attributeDisplayNames:: b3UsTm9t
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Conteneur
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Services RPC
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RG9tYWluZSBhcHByb3V2w6k=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9zc2llciBwYXJ0YWfDqcKg
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxDaGVtaW4gcsOpc2VhdQ==
+attributeDisplayNames:: a2V5d29yZHMsTW90cyBjbMOpcw==
+attributeDisplayNames:: bWFuYWdlZEJ5LEfDqXLDqSBwYXI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcHRpb24=
+attributeDisplayNames:: Y24sTm9t
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: File d'attente MSMQ
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: Configuration MSMQ
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: Entreprise MSMQ
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: VXRpbGlzYXRldXIgYXlhbnQgdW5lIG1pc2Ugw6Agbml2ZWF1IE1TTVE=
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: Liaison de routage MSMQ
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: UGFyYW3DqHRyZXMgTVNNUQ==
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: Alias de file d'attente MSMQ
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Nom de format
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: Groupe MSMQ
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames: member,Files d'attente de membres
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2VydmljZSBkZSBzdG9ja2FnZSDDqXRlbmR1
+adminContextMenu:: MCwmR8OpcmVyLi4uLFJzQWRtaW4ubXNj
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSxDb2RlIHBvc3RhbCwwLDEwMCww
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsQWRyZXNzZSBkZSBtZXNzYWdlcmllIFguNDAwLDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsTm9tIGQnb3V2ZXJ0dXJlIGRlIHNlc3Npb24gZGUgbCd1dGlsaXNhdGV1ciwwLDIwMCww
+extraColumns:: dGl0bGUsSW50aXR1bMOpIGRlIGxhIGZvbmN0aW9uLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyxBZHJlc3NlIGRlIGRlc3RpbmF0aW9uLDAsMTAwLDA=
+extraColumns:: c3Qsw4l0YXQsMCwxMDAsMA==
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQnVyZWF1LDAsMTAwLDA=
+extraColumns:: d2hlbkNoYW5nZWQsTW9kaWZpw6ksMCwxMzAsMA==
+extraColumns:: c24sTm9tIGRlIGZhbWlsbGUsMCwxMDAsMA==
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMIGRlIG1lc3NhZ2VyaWUgaW5zdGFudGFuw6llLDAsMTQwLDA=
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxTZXJ2ZXVyIGRlIGJhc2UgZGUgbWVzc2FnZXJpZSBpbnN0YW50YW7DqWUsMCwxNzAsMA==
+extraColumns:: Z2l2ZW5OYW1lLFByw6lub20sMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixNYWdhc2luIGJvw650ZSBhdXggbGV0dHJlcyBFeGNoYW5nZSwwLDEwMCww
+extraColumns:: bWFpbE5pY2tuYW1lLEFsaWFzIEV4Y2hhbmdlLDAsMTc1LDA=
+extraColumns:: bWFpbCxBZHJlc3NlIGRlIG1lc3NhZ2VyaWUsMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsTm9tIGQnb3V2ZXJ0dXJlIGRlIHNlc3Npb24gYW50w6lyaWV1ciDDoCBXaW5kb3dzIDIwMDAsMCwxMjAsMA==
+extraColumns:: ZGlzcGxheU5hbWUsTm9tIGNvbXBsZXQsMCwxMDAsMA==
+extraColumns:: ZGVwYXJ0bWVudCxEw6lwYXJ0ZW1lbnQsMCwxNTAsMA==
+extraColumns:: YyxQYXlzLDAsLTEsMA==
+extraColumns:: Y29tcGFueSxTb2Npw6l0w6ksMCwxNTAsMA==
+extraColumns:: bCxWaWxsZSwwLDE1MCww
+extraColumns:: dGVsZXBob25lTnVtYmVyLFTDqWzDqXBob25lIHByb2Zlc3Npb25uZWwsMCwxMDAsMA==
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Conteneur de sites
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Conteneur de transports inter-sites
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: Q29udGVuZXVyIGRlIHNvdXMtcsOpc2VhdXg=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Conteneur de serveurs
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Service Active Directory
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U3RyYXTDqWdpZSBkZSByZXF1w6p0ZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: U8OpY3VyaXTDqSBleHTDqXJpZXVyZSBwcmluY2lwYWxl
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: TW9kw6hsZSBkZSBjZXJ0aWZpY2F0
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns: lastKnownParent,Dernier parent connu,1,300,0
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGFudA==
+attributeDisplayNames:: Y24sTm9t
+attributeDisplayNames:: YyxBYnLDqXZpYXRpb24gZHUgcGF5cw==
+attributeDisplayNames:: Y28sUGF5cw==
+attributeDisplayNames:: Y29tbWVudCxDb21tZW50YWlyZQ==
+attributeDisplayNames:: Y29tcGFueSxTb2Npw6l0w6k=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEw6lwYXJ0ZW1lbnQ=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcHRpb24=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxDb2xsYWJvcmF0ZXVycyBkaXJlY3Rz
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tIHVuaXF1ZSBYNTAw
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb24=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxOdW3DqXJvIGQnZW1wbG95w6k=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bcOpcm8gZGUgdMOpbMOpY29waWV1csKg
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZmaXhlIGRlIGfDqW7DqXJhdGlvbg==
+attributeDisplayNames:: Z2l2ZW5OYW1lLFByw6lub20=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxEb3NzaWVyIGRlIGJhc2U=
+attributeDisplayNames:: aG9tZURyaXZlLExlY3RldXIgZGUgYmFzZQ==
+attributeDisplayNames:: aG9tZVBob25lLFTDqWzDqXBob25lIGRvbWljaWxl
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzZSBkb21pY2lsZQ==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVzwqA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTnVtw6lybyBSTklTIGludGVybmF0aW9uYWwgKEF1dHJlcyk=
+attributeDisplayNames:: aXBQaG9uZSxOdW3DqXJvIGRlIHTDqWzDqXBob25lIElQ
+attributeDisplayNames:: bCxWaWxsZQ==
+attributeDisplayNames:: bWFpbCxBZHJlc3NlIGRlIG1lc3NhZ2VyaWU=
+attributeDisplayNames:: bWFuYWdlcixTdXDDqXJpZXVyIGRpcmVjdA==
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJlIGRl
+attributeDisplayNames:: bWlkZGxlTmFtZSxEZXV4acOobWUgcHLDqW5vbQ==
+attributeDisplayNames:: bW9iaWxlLE51bcOpcm8gZGUgdMOpbMOpcGhvbmUgbW9iaWxl
+attributeDisplayNames:: aW5mbyxSZW1hcnF1ZXM=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtw6lybyBkZSB0w6lsw6ljb3BpZXVyIChBdXRyZXMp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSBkb21pY2lsZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bcOpcm8gZGUgdMOpbMOpcGhvbmUgSVAgKEF1dHJlcyk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEFkcmVzc2UgZGUgbWVzc2FnZXJpZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSBtb2JpbGUgKEF1dHJlcyk=
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW3DqXJvIGRlIHLDqWNlcHRldXIgZGUgcmFkaW8tbWVzc2FnZXJpZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSAoQXV0cmVzKQ==
+attributeDisplayNames:: cGFnZXIsTnVtw6lybyBkZSByw6ljZXB0ZXVyIGRlIHJhZGlvLW1lc3NhZ2VyaWU=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRyZQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQWRyZXNzZSBkdSBidXJlYXU=
+attributeDisplayNames:: cG9zdGFsQ29kZSxDb2RlIHBvc3RhbA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxCb8OudGUgcG9zdGFsZQ==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE51bcOpcm8gUk5JUyBpbnRlcm5hdGlvbmFs
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bcOpcm8gZGUgdMOpbGV4
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tIGQnb3V2ZXJ0dXJlIGRlIHNlc3Npb24gKGFudMOpcmlldXIgw6AgV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: c24sTm9tIGRlIGZhbWlsbGU=
+attributeDisplayNames:: c3Qsw4l0YXQvUsOpZ2lvbg==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc3NlIHBvc3RhbGU=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bcOpcm8gZGUgdMOpbMOpcGhvbmU=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtw6lybyBkZSB0w6lsZXggKEF1dHJlcyk=
+attributeDisplayNames:: dGl0bGUsSW50aXR1bMOpIGRlIGxhIGZvbmN0aW9u
+attributeDisplayNames:: dXJsLEFkcmVzc2UgZGUgcGFnZSBXZWIgKEF1dHJlcyk=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tIGNvbXBsZXQ=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxTdGF0aW9ucyBkZSB0cmF2YWlsIGFjY2Vzc2libGVz
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tIGQnb3V2ZXJ0dXJlIGRlIHNlc3Npb24=
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBkZSBwYWdlIFZi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=DS-UI-Default-Settings,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Groupe IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: Service IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Utilisateur
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBkZSBwYWdlIFZi
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tIGQnb3V2ZXJ0dXJlIGRlIHNlc3Npb24=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxTdGF0aW9ucyBkZSB0cmF2YWlsIGFjY2Vzc2libGVz
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tIGNvbXBsZXQ=
+attributeDisplayNames:: dXJsLEFkcmVzc2UgZGUgcGFnZSBXZWIgKEF1dHJlcyk=
+attributeDisplayNames:: dGl0bGUsSW50aXR1bMOpIGRlIGxhIGZvbmN0aW9u
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtw6lybyBkZSB0w6lsZXggKEF1dHJlcyk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bcOpcm8gZGUgdMOpbMOpcGhvbmU=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc3NlIHBvc3RhbGU=
+attributeDisplayNames:: c3Qsw4l0YXQvUsOpZ2lvbg==
+attributeDisplayNames:: c24sTm9tIGRlIGZhbWlsbGU=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tIGQnb3V2ZXJ0dXJlIGRlIHNlc3Npb24gKGFudMOpcmlldXIgw6AgV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bcOpcm8gZGUgdMOpbGV4
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE51bcOpcm8gUk5JUyBpbnRlcm5hdGlvbmFs
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxCb8OudGUgcG9zdGFsZQ==
+attributeDisplayNames:: cG9zdGFsQ29kZSxDb2RlIHBvc3RhbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQWRyZXNzZSBkdSBidXJlYXU=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRyZQ==
+attributeDisplayNames:: cGFnZXIsTnVtw6lybyBkZSByw6ljZXB0ZXVyIGRlIHJhZGlvLW1lc3NhZ2VyaWU=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW3DqXJvIGRlIHLDqWNlcHRldXIgZGUgcmFkaW8tbWVzc2FnZXJpZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSBtb2JpbGUgKEF1dHJlcyk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEFkcmVzc2UgZGUgbWVzc2FnZXJpZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bcOpcm8gZGUgdMOpbMOpcGhvbmUgSVAgKEF1dHJlcyk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSBkb21pY2lsZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtw6lybyBkZSB0w6lsw6ljb3BpZXVyIChBdXRyZXMp
+attributeDisplayNames:: aW5mbyxSZW1hcnF1ZXM=
+attributeDisplayNames:: bW9iaWxlLE51bcOpcm8gZGUgdMOpbMOpcGhvbmUgbW9iaWxl
+attributeDisplayNames:: bWlkZGxlTmFtZSxEZXV4acOobWUgcHLDqW5vbQ==
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJlIGRl
+attributeDisplayNames:: bWFuYWdlcixTdXDDqXJpZXVyIGRpcmVjdA==
+attributeDisplayNames:: bWFpbCxBZHJlc3NlIGRlIG1lc3NhZ2VyaWU=
+attributeDisplayNames:: bCxWaWxsZQ==
+attributeDisplayNames:: aXBQaG9uZSxOdW3DqXJvIGRlIHTDqWzDqXBob25lIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTnVtw6lybyBSTklTIGludGVybmF0aW9uYWwgKEF1dHJlcyk=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVzwqA=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzZSBkb21pY2lsZQ==
+attributeDisplayNames:: aG9tZVBob25lLFTDqWzDqXBob25lIGRvbWljaWxl
+attributeDisplayNames:: aG9tZURyaXZlLExlY3RldXIgZGUgYmFzZQ==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxEb3NzaWVyIGRlIGJhc2U=
+attributeDisplayNames:: Z2l2ZW5OYW1lLFByw6lub20=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZmaXhlIGRlIGfDqW7DqXJhdGlvbg==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bcOpcm8gZGUgdMOpbMOpY29waWV1csKg
+attributeDisplayNames:: ZW1wbG95ZWVJRCxOdW3DqXJvIGQnZW1wbG95w6k=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb24=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tIHVuaXF1ZSBYNTAw
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxDb2xsYWJvcmF0ZXVycyBkaXJlY3Rz
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcHRpb24=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEw6lwYXJ0ZW1lbnQ=
+attributeDisplayNames:: Y29tcGFueSxTb2Npw6l0w6k=
+attributeDisplayNames:: Y29tbWVudCxDb21tZW50YWlyZQ==
+attributeDisplayNames:: Y28sUGF5cw==
+attributeDisplayNames:: YyxBYnLDqXZpYXRpb24gZHUgcGF5cw==
+attributeDisplayNames:: Y24sTm9t
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGFudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Groupe
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBkZSBwYWdlIFZi
+attributeDisplayNames:: dXJsLEFkcmVzc2UgZGUgcGFnZSBXZWIgKEF1dHJlcyk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tIGRlIGdyb3VwZSAoYW50w6lyaWV1ciDDoCBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQWRyZXNzZSBkdSBidXJlYXU=
+attributeDisplayNames:: aW5mbyxSZW1hcnF1ZXM=
+attributeDisplayNames:: bWVtYmVyLE1lbWJyZXM=
+attributeDisplayNames:: bWFuYWdlZEJ5LEfDqXLDqSBwYXI=
+attributeDisplayNames:: bCxWaWxsZQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tIHVuaXF1ZSBYNTAw
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcHRpb24=
+attributeDisplayNames:: YyxBYnLDqXZpYXRpb24gZHUgcGF5cw==
+attributeDisplayNames:: Y24sTm9t
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Domaine
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Description
+attributeDisplayNames: dc,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contact
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBkZSBwYWdlIFZi
+attributeDisplayNames:: dXJsLEFkcmVzc2UgZGUgcGFnZSBXZWIgKEF1dHJlcyk=
+attributeDisplayNames:: dGl0bGUsSW50aXR1bMOpIGRlIGxhIGZvbmN0aW9u
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtw6lybyBkZSB0w6lsZXggKEF1dHJlcyk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bcOpcm8gZGUgdMOpbMOpcGhvbmU=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc3NlIHBvc3RhbGU=
+attributeDisplayNames:: c3Qsw4l0YXQvUsOpZ2lvbg==
+attributeDisplayNames:: c24sTm9tIGRlIGZhbWlsbGU=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bcOpcm8gZGUgdMOpbGV4
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE51bcOpcm8gUk5JUyBpbnRlcm5hdGlvbmFs
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxCb8OudGUgcG9zdGFsZQ==
+attributeDisplayNames:: cG9zdGFsQ29kZSxDb2RlIHBvc3RhbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQWRyZXNzZSBkdSBidXJlYXU=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRyZQ==
+attributeDisplayNames:: cGFnZXIsTnVtw6lybyBkZSByw6ljZXB0ZXVyIGRlIHJhZGlvLW1lc3NhZ2VyaWU=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW3DqXJvIGRlIHLDqWNlcHRldXIgZGUgcmFkaW8tbWVzc2FnZXJpZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSBtb2JpbGUgKEF1dHJlcyk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEFkcmVzc2UgZGUgbWVzc2FnZXJpZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bcOpcm8gZGUgdMOpbMOpcGhvbmUgSVAgKEF1dHJlcyk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSBkb21pY2lsZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtw6lybyBkZSB0w6lsw6ljb3BpZXVyIChBdXRyZXMp
+attributeDisplayNames:: bW9iaWxlLE51bcOpcm8gZGUgdMOpbMOpcGhvbmUgbW9iaWxl
+attributeDisplayNames:: bWlkZGxlTmFtZSxEZXV4acOobWUgcHLDqW5vbQ==
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJlIGRl
+attributeDisplayNames:: bWFuYWdlcixTdXDDqXJpZXVyIGRpcmVjdA==
+attributeDisplayNames:: bWFpbCxBZHJlc3NlIGRlIG1lc3NhZ2VyaWU=
+attributeDisplayNames:: bCxWaWxsZQ==
+attributeDisplayNames:: aXBQaG9uZSxOdW3DqXJvIGRlIHTDqWzDqXBob25lIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTnVtw6lybyBSTklTIGludGVybmF0aW9uYWwgKEF1dHJlcyk=
+attributeDisplayNames:: aW5mbyxSZW1hcnF1ZXM=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVzwqA=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzZSBkb21pY2lsZQ==
+attributeDisplayNames:: aG9tZVBob25lLFTDqWzDqXBob25lIGRvbWljaWxl
+attributeDisplayNames:: Z2l2ZW5OYW1lLFByw6lub20=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZmaXhlIGRlIGfDqW7DqXJhdGlvbg==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bcOpcm8gZGUgdMOpbMOpY29waWV1csKg
+attributeDisplayNames:: ZW1wbG95ZWVJRCxOdW3DqXJvIGQnZW1wbG95w6k=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb24=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tIHVuaXF1ZSBYNTAw
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tIGNvbXBsZXQ=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxDb2xsYWJvcmF0ZXVycyBkaXJlY3Rz
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcHRpb24=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEw6lwYXJ0ZW1lbnQ=
+attributeDisplayNames:: Y29tcGFueSxTb2Npw6l0w6k=
+attributeDisplayNames:: Y29tbWVudCxDb21tZW50YWlyZQ==
+attributeDisplayNames:: Y24sTm9t
+attributeDisplayNames:: Y28sUGF5cw==
+attributeDisplayNames:: YyxBYnLDqXZpYXRpb24gZHUgcGF5cw==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGFudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U3RyYXTDqWdpZSBkZSBkb21haW5l
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U3RyYXTDqWdpZSBsb2NhbGU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Service
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Ordinateur
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tIGQnb3JkaW5hdGV1ciAoYW50w6lyaWV1ciDDoCBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixWZXJzaW9uIGR1IHN5c3TDqG1lIGQnZXhwbG9pdGF0aW9u
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLFN5c3TDqG1lIGQnZXhwbG9pdGF0aW9u
+attributeDisplayNames:: bWFuYWdlZEJ5LEfDqXLDqSBwYXI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcHRpb24=
+attributeDisplayNames:: Y24sTm9t
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Imprimante
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixWZXJzaW9uIGRlIGwnb2JqZXQ=
+attributeDisplayNames:: dXJsLEFkcmVzc2UgZGUgcGFnZSBWYg==
+attributeDisplayNames:: c2VydmVyTmFtZSxOb20gZGUgc2VydmV1cg==
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxQcmVuZCBlbiBjaGFyZ2UgbCdhZ3JhZmFnZQ==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTm9tIGR1IHBhcnRhZ2U=
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxQYWdlcyBwYXIgbWludXRl
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxVbml0w6lzIGRlIHZpdGVzc2U=
+attributeDisplayNames:: cHJpbnRSYXRlLFZpdGVzc2U=
+attributeDisplayNames:: cHJpbnRPd25lcixOb20gZHUgcHJvcHJpw6l0YWlyZQ==
+attributeDisplayNames:: cHJpbnRNZW1vcnksTcOpbW9pcmUgaW5zdGFsbMOpZQ==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxUeXBlcyBkZSBwYXBpZXIgcHJpcyBlbiBjaGFyZ2U=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFBhcGllciBkaXNwb25pYmxlwqA=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLFLDqXNvbHV0aW9uIG1heGltYWxl
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxMYW5nYWdlIGRlIGwnaW1wcmltYW50ZQ==
+attributeDisplayNames:: cHJpbnRlck5hbWUsTm9t
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsUHJlbmQgZW4gY2hhcmdlIGwnaW1wcmVzc2lvbiByZWN0byB2ZXJzbw==
+attributeDisplayNames:: cHJpbnRDb2xvcixQcmVuZCBlbiBjaGFyZ2UgbCdpbXByZXNzaW9uIGVuIGNvdWxldXI=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFByZW5kIGVuIGNoYXJnZSBsJ2Fzc2VtYmxhZ2U=
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxCYWNzIGQnZW50csOpZQ==
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydA==
+attributeDisplayNames:: bG9jYXRpb24sRW1wbGFjZW1lbnQ=
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2TDqGxl
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQ29tbWVudGFpcmU=
+attributeDisplayNames:: Y29udGFjdE5hbWUsQ29udGFjdA==
+attributeDisplayNames:: YXNzZXROdW1iZXIsTnVtw6lybyBkZSBjb250csO0bGU=
+attributeDisplayNames:: dU5DTmFtZSxOb20gcsOpc2VhdQ==
+attributeDisplayNames:: Y24sTm9tIGR1IHNlcnZpY2UgZCdhbm51YWlyZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Site
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Serveur
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: UGFyYW3DqHRyZXM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: UGFyYW3DqHRyZXMgZHUgY29udHLDtGxldXIgZGUgZG9tYWluZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Connexion
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: UGFyYW3DqHRyZXMgRlJT
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: SmV1IGRlIHLDqXBsaWNhcyBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: U291cy1yw6lzZWF1wqA=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Lien du site
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Pont de la liaison du site
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Transport inter-sites
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: UG9sw610aWNhIGRlIGRvbcOtbmlv
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: UG9sw610aWNhIGxvY2Fs
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U2VydmnDp28=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Computador
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkbyBjb21wdXRhZG9yIChhbnRlcmlvciBhbyBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixWZXJzw6NvIGRvIHNpc3RlbWEgb3BlcmF0aXZv
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLFNpc3RlbWEgb3BlcmF0aXZv
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmlkbyBwb3I=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Impressora
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixWZXJzw6NvIGRvIG9iamVjdG8=
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkZSBww6FnaW5hIGRhIFdlYg==
+attributeDisplayNames:: c2VydmVyTmFtZSxOb21lIGRvIHNlcnZpZG9y
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxTdXBvcnRhIGFncmFmYW1lbnRv
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTm9tZSBkZSBwYXJ0aWxoYQ==
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxQw6FnaW5hcyBwb3IgbWludXRv
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxVbmlkYWRlcyBkZSB2ZWxvY2lkYWRl
+attributeDisplayNames:: cHJpbnRSYXRlLFZlbG9jaWRhZGU=
+attributeDisplayNames:: cHJpbnRPd25lcixOb21lIGRvIHByb3ByaWV0w6FyaW8=
+attributeDisplayNames:: cHJpbnRNZW1vcnksTWVtw7NyaWEgaW5zdGFsYWRh
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxUaXBvcyBkZSBwYXBlbCBzdXBvcnRhZG9z
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFBhcGVsIGRpc3BvbsOtdmVs
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLFJlc29sdcOnw6NvIG3DoXhpbWE=
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxMaW5ndWFnZW0gZGEgaW1wcmVzc29yYQ==
+attributeDisplayNames:: cHJpbnRlck5hbWUsTm9tZQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsU3Vwb3J0YSBpbXByZXNzw6NvIGRvcyBkb2lzIGxhZG9z
+attributeDisplayNames:: cHJpbnRDb2xvcixTdXBvcnRhIGltcHJlc3PDo28gYSBjb3Jlcw==
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFN1cG9ydGEgY8OzcGlhcyBhZ3J1cGFkYXM=
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxUYWJ1bGVpcm8gZGUgZW50cmFkYQ==
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydGE=
+attributeDisplayNames:: bG9jYXRpb24sTG9jYWxpemHDp8Ojbw==
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQ29tZW50w6FyaW8=
+attributeDisplayNames:: Y29udGFjdE5hbWUsQ29udGFjdG8=
+attributeDisplayNames:: YXNzZXROdW1iZXIsTsO6bWVybyBkZSBjb250cm9sbw==
+attributeDisplayNames:: dU5DTmFtZSxOb21lIGRlIHJlZGU=
+attributeDisplayNames:: Y24sTm9tZSBkbyBzZXJ2acOnbyBkZSBkaXJlY3TDs3Jpbw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Local
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Servidor
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: RGVmaW5pw6fDtWVz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: RGVmaW5pw6fDtWVzIGRvIGNvbnRyb2xhZG9yIGRlIGRvbcOtbmlv
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: TGlnYcOnw6Nv
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RGVmaW5pw6fDtWVzIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: Q29uanVudG8gZGUgcsOpcGxpY2FzIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Subrede
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: TGlnYcOnw6NvIHBhcmEgbyBzaXRl
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: QnJpZGdlIGRlIGxpZ2HDp8OjbyBwYXJhIG8gc2l0ZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Transporte entre sites
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: RGVmaW5pw6fDtWVzIGRvIHNpdGUgZGUgbGljZW5jaWFtZW50bw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: RGVmaW5pw6fDtWVzIGRvIHNpdGU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Membro FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Subscritor FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: U3Vic2NyacOnw7VlcyBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Unidade organizacional
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmlkbyBwb3I=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: b3UsTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contentor
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: U2VydmnDp29zIFJQQw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RG9tw61uaW8gZmlkZWRpZ25v
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Pasta partilhada
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxDYW1pbmhvIGRlIHJlZGU=
+attributeDisplayNames:: a2V5d29yZHMsUGFsYXZyYXMtY2hhdmU=
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmlkbyBwb3I=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: Fila MSMQ
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: Q29uZmlndXJhw6fDo28gTVNNUQ==
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: Empresa MSMQ
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: VXRpbGl6YWRvciBjb20gYWN0dWFsaXphw6fDo28gTVNNUQ==
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TGlnYcOnw6NvIGRlIGVuY2FtaW5oYW1lbnRvIE1TTVE=
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: RGVmaW5pw6fDtWVzIE1TTVE=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: Alias de fila MSMQ
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSxOb21lIGRvIGZvcm1hdG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: Grupo MSMQ
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLEZpbGFzIGRlIG1lbWJyb3M=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2VydmnDp28gZGUgYXJtYXplbmFtZW50byByZW1vdG8=
+adminContextMenu: 0,&Gerir...,RsAdmin.msc
+attributeDisplayNames: cn,Nome
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSxDw7NkaWdvIHBvc3RhbCwwLDEwMCww
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsRW5kZXJlw6dvIGRlIGNvcnJlaW8gZWxlY3Ryw7NuaWNvIFguNDAwLDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBkZSBpbsOtY2lvIGRlIHNlc3PDo28gZG8gdXRpbGl6YWRvciwwLDIwMCww
+extraColumns:: dGl0bGUsQ2FyZ28sMCwxMDAsMA==
+extraColumns:: dGFyZ2V0QWRkcmVzcyxFbmRlcmXDp28gZGUgZGVzdGlubywwLDEwMCww
+extraColumns:: c3QsUmVnacOjbywwLDEwMCww
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsRXNjcml0w7NyaW8sMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQsTW9kaWZpY2FkbywwLDEzMCww
+extraColumns:: c24sQXBlbGlkbywwLDEwMCww
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMIGRlIG1lbnNhZ2VucyBpbnN0YW50w6JuZWFzLDAsMTQwLDA=
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxTZXJ2aWRvciBpbmljaWFsIGRlIG1lbnNhZ2VucyBpbnN0YW50w6JuZWFzLDAsMTcwLDA=
+extraColumns:: Z2l2ZW5OYW1lLE5vbWUgcHLDs3ByaW8sMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixBcm1hesOpbSBkZSBjYWl4YSBkZSBjb3JyZWlvIGRlIEV4Y2hhbmdlLDAsMTAwLDA=
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlIEFsaWFzLDAsMTc1LDA=
+extraColumns:: bWFpbCxFbmRlcmXDp28gZGUgY29ycmVpbyBlbGVjdHLDs25pY28sMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsTm9tZSBkZSBpbsOtY2lvIGRlIHNlc3PDo28gcHLDqS1XaW5kb3dzIDIwMDAsMCwxMjAsMA==
+extraColumns:: ZGlzcGxheU5hbWUsTm9tZSBhIGFwcmVzZW50YXIsMCwxMDAsMA==
+extraColumns:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8sMCwxNTAsMA==
+extraColumns:: YyxQYcOtcywwLC0xLDA=
+extraColumns:: Y29tcGFueSxFbXByZXNhLDAsMTUwLDA=
+extraColumns:: bCxMb2NhbGlkYWRlLDAsMTUwLDA=
+extraColumns:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25lIG5hIGVtcHJlc2EsMCwxMDAsMA==
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contentor de sites
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contentor de transporte entre sites
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contentor de subredes
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: Q29udGVudG9yIGRlIHNlcnZpw6dvcw==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2VydmnDp28gZG8gQWN0aXZlIERpcmVjdG9yeQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: UG9sw610aWNhIGRlIGNvbnN1bHRh
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: U2VndXJhbsOnYSBleHRlcm5hIHByaW5jaXBhbA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Modelo de certificado
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LMOabHRpbW8gcHJpbmNpcGFsIGNvbmhlY2lkbywxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+attributeDisplayNames:: Y24sTm9tZQ==
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkbyBwYcOtcw==
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: Y29tbWVudCxDb21lbnTDoXJpbw==
+attributeDisplayNames:: Y29tcGFueSxFbXByZXNh
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxDb2xhYm9yYWRvcmVzIGRpcmVjdG9z
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBYNTAwIGRpc3RpbnRv
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXPDo28=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJRCBkbyBlbXByZWdhZG8=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZG8gZmF4
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpeG8gZGUgZ2VyYcOnw6Nv
+attributeDisplayNames:: Z2l2ZW5OYW1lLE5vbWUgcHLDs3ByaW8=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxQYXN0YSByYWl6
+attributeDisplayNames:: aG9tZURyaXZlLFVuaWRhZGUgcmFpeg==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25lIGRhIHJlc2lkw6puY2lh
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRW5kZXJlw6dvIGRhIHJlc2lkw6puY2lh
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhaXM=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTsO6bWVybyBSRElTIGludGVybmFjaW9uYWwgKG91dHJvcyk=
+attributeDisplayNames:: aXBQaG9uZSxOw7ptZXJvIGRlIHRlbGVmb25lIElQ
+attributeDisplayNames:: bCxMb2NhbGlkYWRl
+attributeDisplayNames:: bWFpbCxFbmRlcmXDp28gZGUgY29ycmVpbyBlbGVjdHLDs25pY28=
+attributeDisplayNames:: bWFuYWdlcixHZXN0b3I=
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJvIGRl
+attributeDisplayNames:: bWlkZGxlTmFtZSwywrogbm9tZQ==
+attributeDisplayNames:: bW9iaWxlLE7Dum1lcm8gZGUgdGVsZW3Ds3ZlbA==
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTsO6bWVyb3MgZGUgZmF4IChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTsO6bWVybyBkZSB0ZWxlZm9uZSBkYSByZXNpZMOqbmNpYSAob3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLE7Dum1lcm8gZGUgdGVsZWZvbmUgSVAgKG91dHJvcyk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVuZGVyZcOnbyBkZSBjb3JyZWlvIGVsZWN0csOzbmljbyAob3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTsO6bWVybyBkZSB0ZWxlbcOzdmVsIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJQYWdlcixOw7ptZXJvIGRlIHBhZ2VyIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTsO6bWVybyBkZSB0ZWxlZm9uZSAob3V0cm9zKQ==
+attributeDisplayNames:: cGFnZXIsTsO6bWVybyBkZSBwYWdlcg==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9jYWxpemHDp8OjbyBkbyBlc2NyaXTDs3Jpbw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxDw7NkaWdvIHBvc3RhbA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxBcGFydGFkbw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE7Dum1lcm8gUkRJUyBpbnRlcm5hY2lvbmFs
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE7Dum1lcm8gZGUgdGVsZXg=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkZSBpbsOtY2lvIGRlIHNlc3PDo28gKGFudGVyaW9yIGFvIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: c24sQXBlbGlkbw==
+attributeDisplayNames:: c3QsRGlzdHJpdG8=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxSdWE=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgdGVsZWZvbmU=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTsO6bWVybyBkZSB0ZWxleCAob3V0cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkYSBww6FnaW5hIFdFQiAob3V0cm9zKQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tZSBhIGFwcmVzZW50YXI=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxFc3Rhw6fDtWVzIGRlIHRyYWJhbGhvIGFjZXNzw612ZWlz
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBkZSBpbsOtY2lvIGRlIHNlc3PDo28=
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIGRlIHDDoWdpbmEgZGEgV2Vi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=DS-UI-Default-Settings,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Grupo IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: U2VydmnDp28gSW50ZWxsaU1pcnJvcg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Utilizador
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIGRlIHDDoWdpbmEgZGEgV2Vi
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBkZSBpbsOtY2lvIGRlIHNlc3PDo28=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxFc3Rhw6fDtWVzIGRlIHRyYWJhbGhvIGFjZXNzw612ZWlz
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tZSBhIGFwcmVzZW50YXI=
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkYSBww6FnaW5hIFdFQiAob3V0cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTsO6bWVybyBkZSB0ZWxleCAob3V0cm9zKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgdGVsZWZvbmU=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxSdWE=
+attributeDisplayNames:: c3QsRGlzdHJpdG8=
+attributeDisplayNames:: c24sQXBlbGlkbw==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkZSBpbsOtY2lvIGRlIHNlc3PDo28gKGFudGVyaW9yIGFvIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE7Dum1lcm8gZGUgdGVsZXg=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE7Dum1lcm8gUkRJUyBpbnRlcm5hY2lvbmFs
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxBcGFydGFkbw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxDw7NkaWdvIHBvc3RhbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9jYWxpemHDp8OjbyBkbyBlc2NyaXTDs3Jpbw==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGFnZXIsTsO6bWVybyBkZSBwYWdlcg==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTsO6bWVybyBkZSB0ZWxlZm9uZSAob3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOw7ptZXJvIGRlIHBhZ2VyIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTsO6bWVybyBkZSB0ZWxlbcOzdmVsIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVuZGVyZcOnbyBkZSBjb3JyZWlvIGVsZWN0csOzbmljbyAob3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLE7Dum1lcm8gZGUgdGVsZWZvbmUgSVAgKG91dHJvcyk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTsO6bWVybyBkZSB0ZWxlZm9uZSBkYSByZXNpZMOqbmNpYSAob3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTsO6bWVyb3MgZGUgZmF4IChvdXRyb3Mp
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: bW9iaWxlLE7Dum1lcm8gZGUgdGVsZW3Ds3ZlbA==
+attributeDisplayNames:: bWlkZGxlTmFtZSwywrogbm9tZQ==
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJvIGRl
+attributeDisplayNames:: bWFuYWdlcixHZXN0b3I=
+attributeDisplayNames:: bWFpbCxFbmRlcmXDp28gZGUgY29ycmVpbyBlbGVjdHLDs25pY28=
+attributeDisplayNames:: bCxMb2NhbGlkYWRl
+attributeDisplayNames:: aXBQaG9uZSxOw7ptZXJvIGRlIHRlbGVmb25lIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTsO6bWVybyBSRElTIGludGVybmFjaW9uYWwgKG91dHJvcyk=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhaXM=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRW5kZXJlw6dvIGRhIHJlc2lkw6puY2lh
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25lIGRhIHJlc2lkw6puY2lh
+attributeDisplayNames:: aG9tZURyaXZlLFVuaWRhZGUgcmFpeg==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxQYXN0YSByYWl6
+attributeDisplayNames:: Z2l2ZW5OYW1lLE5vbWUgcHLDs3ByaW8=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpeG8gZGUgZ2VyYcOnw6Nv
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZG8gZmF4
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJRCBkbyBlbXByZWdhZG8=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXPDo28=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBYNTAwIGRpc3RpbnRv
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxDb2xhYm9yYWRvcmVzIGRpcmVjdG9z
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: Y29tcGFueSxFbXByZXNh
+attributeDisplayNames:: Y29tbWVudCxDb21lbnTDoXJpbw==
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkbyBwYcOtcw==
+attributeDisplayNames:: Y24sTm9tZQ==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Grupo
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIGRlIHDDoWdpbmEgZGEgV2Vi
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkYSBww6FnaW5hIFdFQiAob3V0cm9zKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkbyBncnVwbyAoYW50ZXJpb3IgYW8gV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9jYWxpemHDp8OjbyBkbyBlc2NyaXTDs3Jpbw==
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: bWVtYmVyLE1lbWJyb3M=
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmlkbyBwb3I=
+attributeDisplayNames:: bCxMb2NhbGlkYWRl
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBYNTAwIGRpc3RpbnRv
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkbyBwYcOtcw==
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9tw61uaW8=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: ZGMsTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contacto
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIGRlIHDDoWdpbmEgZGEgV2Vi
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkYSBww6FnaW5hIFdFQiAob3V0cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTsO6bWVybyBkZSB0ZWxleCAob3V0cm9zKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgdGVsZWZvbmU=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxSdWE=
+attributeDisplayNames:: c3QsRGlzdHJpdG8=
+attributeDisplayNames:: c24sQXBlbGlkbw==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE7Dum1lcm8gZGUgdGVsZXg=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE7Dum1lcm8gUkRJUyBpbnRlcm5hY2lvbmFs
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxBcGFydGFkbw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxDw7NkaWdvIHBvc3RhbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9jYWxpemHDp8OjbyBkbyBlc2NyaXTDs3Jpbw==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGFnZXIsTsO6bWVybyBkZSBwYWdlcg==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTsO6bWVybyBkZSB0ZWxlZm9uZSAob3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOw7ptZXJvIGRlIHBhZ2VyIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTsO6bWVybyBkZSB0ZWxlbcOzdmVsIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVuZGVyZcOnbyBkZSBjb3JyZWlvIGVsZWN0csOzbmljbyAob3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLE7Dum1lcm8gZGUgdGVsZWZvbmUgSVAgKG91dHJvcyk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTsO6bWVybyBkZSB0ZWxlZm9uZSBkYSByZXNpZMOqbmNpYSAob3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTsO6bWVyb3MgZGUgZmF4IChvdXRyb3Mp
+attributeDisplayNames:: bW9iaWxlLE7Dum1lcm8gZGUgdGVsZW3Ds3ZlbA==
+attributeDisplayNames:: bWlkZGxlTmFtZSwywrogbm9tZQ==
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJvIGRl
+attributeDisplayNames:: bWFuYWdlcixHZXN0b3I=
+attributeDisplayNames:: bWFpbCxFbmRlcmXDp28gZGUgY29ycmVpbyBlbGVjdHLDs25pY28=
+attributeDisplayNames:: bCxMb2NhbGlkYWRl
+attributeDisplayNames:: aXBQaG9uZSxOw7ptZXJvIGRlIHRlbGVmb25lIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTsO6bWVybyBSRElTIGludGVybmFjaW9uYWwgKG91dHJvcyk=
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhaXM=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRW5kZXJlw6dvIGRhIHJlc2lkw6puY2lh
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25lIGRhIHJlc2lkw6puY2lh
+attributeDisplayNames:: Z2l2ZW5OYW1lLE5vbWUgcHLDs3ByaW8=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpeG8gZGUgZ2VyYcOnw6Nv
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZG8gZmF4
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJRCBkbyBlbXByZWdhZG8=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXPDo28=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBYNTAwIGRpc3RpbnRv
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tZSBhIGFwcmVzZW50YXI=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxDb2xhYm9yYWRvcmVzIGRpcmVjdG9z
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: Y29tcGFueSxFbXByZXNh
+attributeDisplayNames:: Y29tbWVudCxDb21lbnTDoXJpbw==
+attributeDisplayNames:: Y24sTm9tZQ==
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkbyBwYcOtcw==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
diff --git a/source4/setup/display-specifiers/DisplaySpecifiers-Win2k3R2.txt b/source4/setup/display-specifiers/DisplaySpecifiers-Win2k3R2.txt
new file mode 100644
index 0000000..a33daee
--- /dev/null
+++ b/source4/setup/display-specifiers/DisplaySpecifiers-Win2k3R2.txt
@@ -0,0 +1,29549 @@
+#Intellectual Property Rights Notice for Open Specifications Documentation
+#
+#- Technical Documentation. Microsoft publishes Open Specifications documentation for protocols, file formats, languages, standards as well as overviews of the interaction among each of these technologies. 
+#
+#- Copyrights. This documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you may make copies of it in order to develop implementations of the technologies described in the Open Specifications and may distribute portions of it in your implementations using these technologies or your documentation as necessary to properly document the implementation. You may also distribute in your implementation, with or without modification, any schema, IDL’s, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the Open Specifications. 
+#
+#- No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation. 
+#
+#- Patents. Microsoft has patents that may cover your implementations of the technologies described in the Open Specifications. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, a given Open Specification may be covered by Microsoft's Open Specification Promise (available here: http://www.microsoft.com/interop/osp) or the Community Promise (available here:  http://www.microsoft.com/interop/cp/default.mspx). If you would prefer a written license, or if the technologies described n the Open Specifications are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting iplg@microsoft.com. 
+#
+#- Trademarks. The names of companies and products contained in this documentation may be covered by trademarks or similar intellectual property rights. This notice does not grant any licenses under those rights. 
+#
+#- Reservation of Rights. All other rights are reserved, and this notice does not grant any rights other than specifically described above, whether by implication, estoppel, or otherwise. 
+#
+#- Tools. The Open Specifications do not require the use of Microsoft programming tools or programming environments in order for you to develop an implementation. If you have access to Microsoft programming tools and environments you are free to take advantage of them. Certain Open Specifications are intended for use in conjunction with publicly available standard specifications and network programming art, and assumes that the reader either is familiar with the aforementioned material or has immediate access to it.
+#
+#- Preliminary Documentation. This Open Specification is preliminary documentation for this technology.  Since the documentation may change between this preliminary version and the final version, there are risks in relying on preliminary documentation. To the extent that you incur additional development obligations or any other costs as a result of relying on this preliminary documentation, you do so at your own risk.
+
+dn: CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+cn: DisplaySpecifiers
+distinguishedName: CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectVersion: 1
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DisplaySpecifiers
+systemFlags: -2147483648
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror Group
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror Service
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 7IKs7Jqp7J6Q
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us7Ju5IO2OmOydtOyngCDso7zshow=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs66Gc6re47JioIOydtOumhA==
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzroZzqt7jsmKgg7JuM7YGs7Iqk7YWM7J207IWY
+attributeDisplayNames:: ZGlzcGxheU5hbWUs7ZGc7IucIOydtOumhA==
+attributeDisplayNames:: dXJsLOybuSDtjpjsnbTsp4Ag7KO87IaMKOq4sO2DgCk=
+attributeDisplayNames:: dGl0bGUs7KeB7ZWo
+attributeDisplayNames:: dGVsZXhOdW1iZXIs7YWU66CJ7IqkIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOyghO2ZlCDrsojtmLg=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzso7zshow=
+attributeDisplayNames:: c3Qs7IucL+uPhA==
+attributeDisplayNames:: c24s7ISx
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs66Gc6re47JioIOydtOumhChXaW5kb3dzIDIwMDAg7J207KCEKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLO2FlOugieyKpCDrsojtmLg=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOq1reygnCBJU0ROIOuyiO2YuA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzsgqzshJztlag=
+attributeDisplayNames:: cG9zdGFsQ29kZSzsmrDtjrgg67KI7Zi4
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs7IKs66y07IukIOychOy5mA==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSztmLjsua0=
+attributeDisplayNames:: cGFnZXIs7Zi47Lac6riwIOuyiO2YuA==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs7KCE7ZmUIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: b3RoZXJQYWdlciztmLjstpzquLAg67KI7Zi4KOq4sO2DgCk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs7Zy064yA7Y+wIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOyghOyekCDrqZTsnbwg7KO87IaMKOq4sO2DgCk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOyghO2ZlCDrsojtmLgo6riw7YOAKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs7KeRIOyghO2ZlCDrsojtmLgo6riw7YOAKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs7Yyp7IqkIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: aW5mbyzrqZTrqqg=
+attributeDisplayNames:: bW9iaWxlLO2ctOuMgO2PsCDrsojtmLg=
+attributeDisplayNames:: bWlkZGxlTmFtZSzspJHqsIQg7J2066aE
+attributeDisplayNames:: bWVtYmVyT2Ys7IaM7IaNIOq3uOujuQ==
+attributeDisplayNames:: bWFuYWdlcizqtIDrpqzsnpA=
+attributeDisplayNames:: bWFpbCzsoITsnpAg66mU7J28IOyjvOyGjA==
+attributeDisplayNames:: bCzqtawv6rWwL+yLnA==
+attributeDisplayNames:: aXBQaG9uZSxJUCDsoITtmZQg67KI7Zi4
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs6rWt7KCcIElTRE4g67KI7Zi4KOq4sO2DgCk=
+attributeDisplayNames:: aW5pdGlhbHMs7J2064uI7IWcKOykkeqwhCDsnbTrpoQp
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms7KeRIOyjvOyGjA==
+attributeDisplayNames:: aG9tZVBob25lLOynkSDsoITtmZQ=
+attributeDisplayNames:: aG9tZURyaXZlLO2ZiCDrk5zrnbzsnbTruIw=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSztmYgg7Y+0642U
+attributeDisplayNames:: Z2l2ZW5OYW1lLOydtOumhCjshLEg7JeG7J2MKQ==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizshLjrjIAg7KCR66+47IKs
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLO2MqeyKpCDrsojtmLg=
+attributeDisplayNames:: ZW1wbG95ZWVJRCzsp4Hsm5AgSUQ=
+attributeDisplayNames:: ZGl2aXNpb24s6rWtKOu2gOyEnCk=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDqs6DsnKAg7J2066aE
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzrtoDtlZgg7KeB7JuQ
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: ZGVwYXJ0bWVudCzrtoDshJw=
+attributeDisplayNames:: Y29tcGFueSztmozsgqw=
+attributeDisplayNames:: Y29tbWVudCzso7zshJ0=
+attributeDisplayNames:: Y28s6rWt6rCA
+attributeDisplayNames:: Yyzqta3qsIAg7JW97J6Q
+attributeDisplayNames:: Y24s7J2066aE
+attributeDisplayNames:: YXNzaXN0YW50LOu5hOyEnA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 6re466O5
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us7Ju5IO2OmOydtOyngCDso7zshow=
+attributeDisplayNames:: dXJsLOybuSDtjpjsnbTsp4Ag7KO87IaMKOq4sO2DgCk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs6re466O5IOydtOumhChXaW5kb3dzIDIwMDAg7J207KCEKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs7IKs66y07IukIOychOy5mA==
+attributeDisplayNames:: aW5mbyzrqZTrqqg=
+attributeDisplayNames:: bWVtYmVyLOq1rOyEseybkA==
+attributeDisplayNames:: bWFuYWdlZEJ5LOq0gOumrA==
+attributeDisplayNames:: bCzqtawv6rWwL+yLnA==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDqs6DsnKAg7J2066aE
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Yyzqta3qsIAg7JW97J6Q
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 64+E66mU7J24
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: ZGMs7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 7Jew65297LKY
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us7Ju5IO2OmOydtOyngCDso7zshow=
+attributeDisplayNames:: dXJsLOybuSDtjpjsnbTsp4Ag7KO87IaMKOq4sO2DgCk=
+attributeDisplayNames:: dGl0bGUs7KeB7ZWo
+attributeDisplayNames:: dGVsZXhOdW1iZXIs7YWU66CJ7IqkIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOyghO2ZlCDrsojtmLg=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzso7zshow=
+attributeDisplayNames:: c3Qs7IucL+uPhA==
+attributeDisplayNames:: c24s7ISx
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLO2FlOugieyKpCDrsojtmLg=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOq1reygnCBJU0ROIOuyiO2YuA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzsgqzshJztlag=
+attributeDisplayNames:: cG9zdGFsQ29kZSzsmrDtjrgg67KI7Zi4
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs7IKs66y07IukIOychOy5mA==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSztmLjsua0=
+attributeDisplayNames:: cGFnZXIs7Zi47Lac6riwIOuyiO2YuA==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs7KCE7ZmUIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: b3RoZXJQYWdlciztmLjstpzquLAg67KI7Zi4KOq4sO2DgCk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs7Zy064yA7Y+wIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOyghOyekCDrqZTsnbwg7KO87IaMKOq4sO2DgCk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOyghO2ZlCDrsojtmLgo6riw7YOAKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs7KeRIOyghO2ZlCDrsojtmLgo6riw7YOAKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs7Yyp7IqkIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: bW9iaWxlLO2ctOuMgO2PsCDrsojtmLg=
+attributeDisplayNames:: bWlkZGxlTmFtZSzspJHqsIQg7J2066aE
+attributeDisplayNames:: bWVtYmVyT2Ys7IaM7IaNIOq3uOujuQ==
+attributeDisplayNames:: bWFuYWdlcizqtIDrpqzsnpA=
+attributeDisplayNames:: bWFpbCzsoITsnpAg66mU7J28IOyjvOyGjA==
+attributeDisplayNames:: bCzqtawv6rWwL+yLnA==
+attributeDisplayNames:: aXBQaG9uZSxJUCDsoITtmZQg67KI7Zi4
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs6rWt7KCcIElTRE4g67KI7Zi4KOq4sO2DgCk=
+attributeDisplayNames:: aW5mbyzrqZTrqqg=
+attributeDisplayNames:: aW5pdGlhbHMs7J2064uI7IWcKOykkeqwhCDsnbTrpoQp
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms7KeRIOyjvOyGjA==
+attributeDisplayNames:: aG9tZVBob25lLOynkSDsoITtmZQ=
+attributeDisplayNames:: Z2l2ZW5OYW1lLOydtOumhCjshLEg7JeG7J2MKQ==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizshLjrjIAg7KCR66+47IKs
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLO2MqeyKpCDrsojtmLg=
+attributeDisplayNames:: ZW1wbG95ZWVJRCzsp4Hsm5AgSUQ=
+attributeDisplayNames:: ZGl2aXNpb24s6rWtKOu2gOyEnCk=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDqs6DsnKAg7J2066aE
+attributeDisplayNames:: ZGlzcGxheU5hbWUs7ZGc7IucIOydtOumhA==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzrtoDtlZgg7KeB7JuQ
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: ZGVwYXJ0bWVudCzrtoDshJw=
+attributeDisplayNames:: Y29tcGFueSztmozsgqw=
+attributeDisplayNames:: Y29tbWVudCzso7zshJ0=
+attributeDisplayNames:: Y24s7J2066aE
+attributeDisplayNames:: Y28s6rWt6rCA
+attributeDisplayNames:: Yyzqta3qsIAg7JW97J6Q
+attributeDisplayNames:: YXNzaXN0YW50LOu5hOyEnA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 64+E66mU7J24IOygleyxhQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 66Gc7LusIOygleyxhQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 7ISc67mE7Iqk
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 7Lu07ZOo7YSw
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs7Lu07ZOo7YSwIOydtOumhChXaW5kb3dzIDIwMDAg7J207KCEKQ==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizsmrTsmIEg7LK07KCcIOuyhOyghA==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLOyatOyYgSDssrTsoJw=
+attributeDisplayNames:: bWFuYWdlZEJ5LOq0gOumrA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 7ZSE66aw7YSw
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcizqsJzssrQg67KE7KCE
+attributeDisplayNames:: dXJsLOybuSDtjpjsnbTsp4Ag7KO87IaM
+attributeDisplayNames:: c2VydmVyTmFtZSzshJzrsoQg7J2066aE
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzsiqTthYzsnbTtlIwg7KeA7JuQ
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUs6rO17JygIOydtOumhA==
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSztjpjsnbTsp4Av67aE
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzsho3rj4Qg64uo7JyE
+attributeDisplayNames:: cHJpbnRSYXRlLOyGjeuPhA==
+attributeDisplayNames:: cHJpbnRPd25lcizshozsnKDsnpAg7J2066aE
+attributeDisplayNames:: cHJpbnRNZW1vcnks7ISk7LmY65CcIOuplOuqqOumrA==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzsp4Dsm5DrkJjripQg7Jqp7KeAIOyiheulmA==
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LOyCrOyaqe2VoCDsiJgg7J6I64qUIOyaqeyngA==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLOy1nOuMgCDtlbTsg4Hrj4Q=
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSztlITrprDthLAg7Ja47Ja0
+attributeDisplayNames:: cHJpbnRlck5hbWUs7J2066aE
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQs7JaR66m0IOyduOyHhCDsp4Dsm5A=
+attributeDisplayNames:: cHJpbnRDb2xvcizsu6zrn6wg7J247IeEIOyngOybkA==
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLO2VnCDrtoDslKkg7J247IeEIOyngOybkA==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzsnoXroKUg7Jqp7KeA7ZWo
+attributeDisplayNames:: cG9ydE5hbWUs7Y+s7Yq4
+attributeDisplayNames:: bG9jYXRpb24s7JyE7LmY
+attributeDisplayNames:: ZHJpdmVyTmFtZSzrqqjrjbg=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7KO87ISd
+attributeDisplayNames:: Y29udGFjdE5hbWUs7Jew65297LKY
+attributeDisplayNames:: YXNzZXROdW1iZXIs7J6Q7IKwIOuyiO2YuA==
+attributeDisplayNames:: dU5DTmFtZSzrhKTtirjsm4ztgawg7J2066aE
+attributeDisplayNames:: Y24s65SU66CJ7YSw66asIOyEnOu5hOyKpCDsnbTrpoQ=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 7IKs7J207Yq4
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 7ISc67KE
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 7ISk7KCV
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 64+E66mU7J24IOy7qO2KuOuhpOufrCDshKTsoJU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 7Jew6rKw
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOyEpOyglQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOuzteygnCDshLjtirg=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 7ISc67iM64S3
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 7IKs7J207Yq4IOunge2BrA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 7IKs7J207Yq4IOunge2BrCDruIzrpqzsp4A=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 7IKs7J207Yq4IOqwhCDsoITshqE=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 65287J207IS87IuxIOyCrOydtO2KuCDshKTsoJU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: 7IKs7J207Yq4IOyEpOyglQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOq1rOyEseybkA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOqwgOyeheyekA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOqwgOyehQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 7KGw7KeBIOq1rOyEsSDri6jsnIQ=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LOq0gOumrA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: b3Us7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 7Luo7YWM7J2064SI
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UlBDIOyEnOu5hOyKpA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 7Yq465+s7Iqk7Yq465CcIOuPhOuplOyduA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 6rO17JygIO2PtOuNlA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSzrhKTtirjsm4ztgawg6rK966Gc
+attributeDisplayNames:: a2V5d29yZHMs7YKk7JuM65Oc
+attributeDisplayNames:: bWFuYWdlZEJ5LOq0gOumrA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDrjIDquLDsl7Q=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDqtazshLE=
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUSDsl5TthLDtlITrnbzsnbTspog=
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUSDsl4Xqt7jroIjsnbTrk5ztlZwg7IKs7Jqp7J6Q
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDrnbzsmrDtjIUg66eB7YGs
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDshKTsoJU=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUSDrjIDquLDsl7Qg67OE7Lmt
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSztmJXsi50g7J2066aE
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: TVNNUSDqt7jro7k=
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLOq1rOyEseybkCDrjIDquLDsl7Q=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 7JuQ6rKpIOyggOyepeyGjCDshJzruYTsiqQ=
+adminContextMenu:: MCzqtIDrpqwoJk0pLi4uLFJzQWRtaW4ubXNj
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSzsmrDtjrgg67KI7Zi4LDAsMTAwLDA=
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAg7KCE7J6QIOuplOydvCDso7zshowsMCwxMzAsMA==
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUs7IKs7Jqp7J6QIOuhnOq3uOyYqCDsnbTrpoQsMCwyMDAsMA==
+extraColumns:: dGl0bGUs7KeB7ZWoLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyzrjIDsg4Eg7KO87IaMLDAsMTAwLDA=
+extraColumns:: c3Qs7IucL+uPhCwwLDEwMCww
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs7IKs66y07IukLDAsMTAwLDA=
+extraColumns:: d2hlbkNoYW5nZWQs7IiY7KCV7ZWcIOuCoOynnCwwLDEzMCww
+extraColumns:: c24s7ISxLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkws7J247Iqk7YS07Yq4IOuplOyLnOynlSBVUkwsMCwxNDAsMA==
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCzsnbjsiqTthLTtirgg66mU7Iuc7KeVIO2ZiCDshJzrsoQsMCwxNzAsMA==
+extraColumns:: Z2l2ZW5OYW1lLOydtOumhCjshLEg7JeG7J2MKSwwLDEwMCww
+extraColumns:: aG9tZU1EQixFeGNoYW5nZSDsgqzshJztlagg7KCA7J6l7IaMLDAsMTAwLDA=
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlIOuzhOy5rSwwLDE3NSww
+extraColumns:: bWFpbCzsoITsnpAg66mU7J28IOyjvOyGjCwwLDEwMCww
+extraColumns:: c0FNQWNjb3VudE5hbWUsV2luZG93cyAyMDAwIOydtOyghCDrsoTsoIQg66Gc6re47JioIOydtOumhCwwLDEyMCww
+extraColumns:: ZGlzcGxheU5hbWUs7ZGc7IucIOydtOumhCwwLDEwMCww
+extraColumns:: ZGVwYXJ0bWVudCzrtoDshJwsMCwxNTAsMA==
+extraColumns:: Yyzqta3qsIAsMCwtMSww
+extraColumns:: Y29tcGFueSztmozsgqwsMCwxNTAsMA==
+extraColumns:: bCzqtawv6rWwL+yLnCwwLDE1MCww
+extraColumns:: dGVsZXBob25lTnVtYmVyLO2ajOyCrCDsoITtmZQsMCwxMDAsMA==
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 7IKs7J207Yq4IOy7qO2FjOydtOuEiA==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 7IKs7J207Yq4IOqwhCDsoITshqEg7Luo7YWM7J2064SI
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 7ISc67iM64S3IOy7qO2FjOydtOuEiA==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 7ISc67KEIOy7qO2FjOydtOuEiA==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeSDshJzruYTsiqQ=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 7L+866asIOygleyxhQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 7Jm467aAIOuztOyViCDsoJXssYU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: 7J247Kad7IScIO2FnO2UjOumvw==
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LOuniOyngOunieycvOuhnCDslYzroKTsp4Qg67aA66qoLDEsMzAwLDA=
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LOu5hOyEnA==
+attributeDisplayNames:: Y24s7J2066aE
+attributeDisplayNames:: Yyzqta3qsIAg7JW97J6Q
+attributeDisplayNames:: Y28s6rWt6rCA
+attributeDisplayNames:: Y29tbWVudCzso7zshJ0=
+attributeDisplayNames:: Y29tcGFueSztmozsgqw=
+attributeDisplayNames:: ZGVwYXJ0bWVudCzrtoDshJw=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzrtoDtlZgg7KeB7JuQ
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDqs6DsnKAg7J2066aE
+attributeDisplayNames:: ZGl2aXNpb24s6rWtKOu2gOyEnCk=
+attributeDisplayNames:: ZW1wbG95ZWVJRCzsp4Hsm5AgSUQ=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLO2MqeyKpCDrsojtmLg=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizshLjrjIAg7KCR66+47IKs
+attributeDisplayNames:: Z2l2ZW5OYW1lLOydtOumhCjshLEg7JeG7J2MKQ==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSztmYgg7Y+0642U
+attributeDisplayNames:: aG9tZURyaXZlLO2ZiCDrk5zrnbzsnbTruIw=
+attributeDisplayNames:: aG9tZVBob25lLOynkSDsoITtmZQ=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms7KeRIOyjvOyGjA==
+attributeDisplayNames:: aW5pdGlhbHMs7J2064uI7IWcKOykkeqwhCDsnbTrpoQp
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs6rWt7KCcIElTRE4g67KI7Zi4KOq4sO2DgCk=
+attributeDisplayNames:: aXBQaG9uZSxJUCDsoITtmZQg67KI7Zi4
+attributeDisplayNames:: bCzqtawv6rWwL+yLnA==
+attributeDisplayNames:: bWFpbCzsoITsnpAg66mU7J28IOyjvOyGjA==
+attributeDisplayNames:: bWFuYWdlcizqtIDrpqzsnpA=
+attributeDisplayNames:: bWVtYmVyT2Ys7IaM7IaNIOq3uOujuQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSzspJHqsIQg7J2066aE
+attributeDisplayNames:: bW9iaWxlLO2ctOuMgO2PsCDrsojtmLg=
+attributeDisplayNames:: aW5mbyzrqZTrqqg=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs7Yyp7IqkIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs7KeRIOyghO2ZlCDrsojtmLgo6riw7YOAKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOyghO2ZlCDrsojtmLgo6riw7YOAKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOyghOyekCDrqZTsnbwg7KO87IaMKOq4sO2DgCk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs7Zy064yA7Y+wIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: b3RoZXJQYWdlciztmLjstpzquLAg67KI7Zi4KOq4sO2DgCk=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs7KCE7ZmUIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: cGFnZXIs7Zi47Lac6riwIOuyiO2YuA==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSztmLjsua0=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs7IKs66y07IukIOychOy5mA==
+attributeDisplayNames:: cG9zdGFsQ29kZSzsmrDtjrgg67KI7Zi4
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzsgqzshJztlag=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOq1reygnCBJU0ROIOuyiO2YuA==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLO2FlOugieyKpCDrsojtmLg=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs66Gc6re47JioIOydtOumhChXaW5kb3dzIDIwMDAg7J207KCEKQ==
+attributeDisplayNames:: c24s7ISx
+attributeDisplayNames:: c3Qs7IucL+uPhA==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzso7zshow=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOyghO2ZlCDrsojtmLg=
+attributeDisplayNames:: dGVsZXhOdW1iZXIs7YWU66CJ7IqkIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: dGl0bGUs7KeB7ZWo
+attributeDisplayNames:: dXJsLOybuSDtjpjsnbTsp4Ag7KO87IaMKOq4sO2DgCk=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs7ZGc7IucIOydtOumhA==
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzroZzqt7jsmKgg7JuM7YGs7Iqk7YWM7J207IWY
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs66Gc6re47JioIOydtOumhA==
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us7Ju5IO2OmOydtOyngCDso7zshow=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Gruppen IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: Tjenesten IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Bruger
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBww6Ugd2Vic3RlZA==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTG9nb25uYXZu
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxMb2cgcMOlIGFyYmVqZHNzdGF0aW9uZXI=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzdCBuYXZu
+attributeDisplayNames:: dXJsLEFkcmVzc2UgcMOlIHdlYnNpZGUgKGFuZHJlKQ==
+attributeDisplayNames:: dGl0bGUsU3RpbGxpbmc=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc3Nl
+attributeDisplayNames:: c3QsT21yw6VkZS9yZWdpb24=
+attributeDisplayNames:: c24sRWZ0ZXJuYXZu
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTG9nb25uYXZuIChmw7hyIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4bnVtbWVy
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGVybmF0aW9uYWx0IElTRE4tbnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0Ym9rcw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9yYWRyZXNzZQ==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRlbA==
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O4Z2VybnVtbWVy
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbiwgYXJiZWpkZSAoYW5kcmUp
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7hnZXJudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtbWFpbC1hZHJlc3NlIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgcHJpdmF0IChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: aW5mbyxOb3Rlcg==
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsZW1uYXZu
+attributeDisplayNames:: bWVtYmVyT2YsTWVkbGVtIGFm
+attributeDisplayNames:: bWFuYWdlcixPdmVyb3JkbmV0
+attributeDisplayNames:: bWFpbCxFLW1haWwtYWRyZXNzZQ==
+attributeDisplayNames:: bCxCeQ==
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50ZXJuYXRpb25hbHQgSVNETi1udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzZSAocHJpdmF0KQ==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gKHByaXZhdCk=
+attributeDisplayNames:: aG9tZURyaXZlLEhqZW1tZWRyZXY=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxIamVtbWVtYXBwZQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEZvcm5hdm4=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYXZuZXN1ZmZpa3MgKGYuZWtzLiBTci4sIEpyLiwgSUlJKQ==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnNhdHRlcyBJRC1udW1tZXI=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb24=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCBrZW5kZW5hdm4=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEaXJla3RlIHVuZGVyb3JkbmVkZQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBZmRlbGluZw==
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kZWZvcmtvcnRlbHNl
+attributeDisplayNames:: Y24sTmF2bg==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Gruppe
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBww6Ugd2Vic3RlZA==
+attributeDisplayNames:: dXJsLEFkcmVzc2UgcMOlIHdlYnNpZGUgKGFuZHJlKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsR3J1cHBlbmF2biAoZsO4ciBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9yYWRyZXNzZQ==
+attributeDisplayNames:: aW5mbyxOb3Rlcg==
+attributeDisplayNames:: bWVtYmVyLE1lZGxlbW1lcg==
+attributeDisplayNames:: bWFuYWdlZEJ5LEFkbWluaXN0cmVyZXQgYWY=
+attributeDisplayNames:: bCxCeQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCBrZW5kZW5hdm4=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: YyxMYW5kZWZvcmtvcnRlbHNl
+attributeDisplayNames:: Y24sTmF2bg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9tw6ZuZQ==
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: dc,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Kontaktperson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBww6Ugd2Vic3RlZA==
+attributeDisplayNames:: dXJsLEFkcmVzc2UgcMOlIHdlYnNpZGUgKGFuZHJlKQ==
+attributeDisplayNames:: dGl0bGUsU3RpbGxpbmc=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc3Nl
+attributeDisplayNames:: c3QsT21yw6VkZS9yZWdpb24=
+attributeDisplayNames:: c24sRWZ0ZXJuYXZu
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4bnVtbWVy
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGVybmF0aW9uYWx0IElTRE4tbnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0Ym9rcw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9yYWRyZXNzZQ==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRlbA==
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O4Z2VybnVtbWVy
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbiwgYXJiZWpkZSAoYW5kcmUp
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7hnZXJudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtbWFpbC1hZHJlc3NlIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgcHJpdmF0IChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsZW1uYXZu
+attributeDisplayNames:: bWVtYmVyT2YsTWVkbGVtIGFm
+attributeDisplayNames:: bWFuYWdlcixPdmVyb3JkbmV0
+attributeDisplayNames:: bWFpbCxFLW1haWwtYWRyZXNzZQ==
+attributeDisplayNames:: bCxCeQ==
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50ZXJuYXRpb25hbHQgSVNETi1udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: aW5mbyxOb3Rlcg==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzZSAocHJpdmF0KQ==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gKHByaXZhdCk=
+attributeDisplayNames:: Z2l2ZW5OYW1lLEZvcm5hdm4=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYXZuZXN1ZmZpa3MgKGYuZWtzLiBTci4sIEpyLiwgSUlJKQ==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnNhdHRlcyBJRC1udW1tZXI=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb24=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCBrZW5kZW5hdm4=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzdCBuYXZu
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEaXJla3RlIHVuZGVyb3JkbmVkZQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBZmRlbGluZw==
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y24sTmF2bg==
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kZWZvcmtvcnRlbHNl
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9tw6ZuZXBvbGl0aWs=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Lokal politik
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Tjeneste
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Computer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsQ29tcHV0ZXJuYXZuIChmw7hyIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixPcGVyYXRpdnN5c3RlbSAtIHZlcnNpb24=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLE9wZXJhdGl2c3lzdGVt
+attributeDisplayNames:: bWFuYWdlZEJ5LEFkbWluaXN0cmVyZXQgYWY=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: Y24sTmF2bg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Printer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixPYmpla3R2ZXJzaW9u
+attributeDisplayNames:: dXJsLEFkcmVzc2UgcMOlIHdlYnN0ZWQ=
+attributeDisplayNames:: c2VydmVyTmFtZSxTZXJ2ZXJuYXZu
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxVbmRlcnN0w7h0dGVyIGjDpmZ0bmluZw==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsU2hhcmVuYXZu
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxTaWRlciBwci4gbWludXQ=
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxIYXN0aWdoZWRzZW5oZWRlcg==
+attributeDisplayNames:: cHJpbnRSYXRlLEhhc3RpZ2hlZA==
+attributeDisplayNames:: cHJpbnRPd25lcixOYXZuIHDDpSBlamVy
+attributeDisplayNames:: cHJpbnRNZW1vcnksSW5zdGFsbGVyZXQgaHVrb21tZWxzZQ==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxVbmRlcnN0w7h0dGVkZSBwYXBpcnR5cGVy
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFRpbGfDpm5nZWxpZ2UgcGFwaXJ0eXBlcg==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLE1ha3NpbXVtb3Bsw7hzbmluZw==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxQcmludGVyc3Byb2c=
+attributeDisplayNames:: cHJpbnRlck5hbWUsTmF2bg==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsVW5kZXJzdMO4dHRlciBkb2JiZWx0c2lkZXQgdWRza3Jpdm5pbmc=
+attributeDisplayNames:: cHJpbnRDb2xvcixVbmRlcnN0w7h0dGVyIGZhcnZldWRza3Jpdm5pbmc=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFVuZGVyc3TDuHR0ZXIgc8OmdHZpcyBzb3J0ZXJpbmc=
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxQcmludGVyYmFra2Vy
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydA==
+attributeDisplayNames:: bG9jYXRpb24sUGxhY2VyaW5n
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS29tbWVudGFy
+attributeDisplayNames:: Y29udGFjdE5hbWUsS29udGFrdHBlcnNvbg==
+attributeDisplayNames:: YXNzZXROdW1iZXIsVWRzdHlyc251bW1lcg==
+attributeDisplayNames:: dU5DTmFtZSxOZXR2w6Zya3NuYXZu
+attributeDisplayNames:: Y24sTmF2biBww6Uga2F0YWxvZ3RqZW5lc3Rl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Websted
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Indstillinger
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: SW5kc3RpbGxpbmdlciBmb3IgZG9tw6ZuZWNvbnRyb2xsZXI=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Forbindelse
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Indstillinger for FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: UmVwbGlrZXJpbmdzc8OmdCBmb3IgRlJT
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Undernet
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: TGluayB0aWwgb21yw6VkZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: TGlua2JybyB0aWwgb21yw6VkZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: VHJhbnNwb3J0IGluZGVuZm9yIG9tcsOlZGU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: TGljZW5zaW5kc3RpbGxpbmdlciBmb3Igb21yw6VkZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: SW5kc3RpbGxpbmdlciBmb3Igb21yw6VkZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-medlem
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-abonnent
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-abonnementer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Organisationsenhed
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: managedBy,Administreret af
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: ou,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Objektbeholder
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: RPC-tjenester
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RG9tw6ZuZSwgZGVyIG55ZGVyIHRpbGxpZA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Delt mappe
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxOZXR2w6Zya3NzdGk=
+attributeDisplayNames:: a2V5d29yZHMsTsO4Z2xlb3Jk
+attributeDisplayNames:: bWFuYWdlZEJ5LEFkbWluaXN0cmVyZXQgYWY=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: Y24sTmF2bg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUS1rw7g=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-konfiguration
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUS1uZXR2w6Zyaw==
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName: MSMQ-opgraderet bruger
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-routing-link
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName: Indstillinger for MSMQ
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUS1rw7gtYWxpYXM=
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Formatnavn
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: MSMQ-gruppe
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLE1lZGxlbXNrw7hlcg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: Y24sTmF2bg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Tjenesten Storage Service
+adminContextMenu: 0,&Administrer...,RsAdmin.msc
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSxQb3N0bnVtbWVyLDAsMTAwLDA=
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAtZS1tYWlsLWFkcmVzc2UsMCwxMzAsMA==
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsTG9nb25uYXZuIGZvciBicnVnZXIsMCwyMDAsMA==
+extraColumns:: dGl0bGUsU3RpbGxpbmcsMCwxMDAsMA==
+extraColumns:: dGFyZ2V0QWRkcmVzcyxEZXN0aW5hdGlvbnNhZHJlc3NlLDAsMTAwLDA=
+extraColumns:: c3QsU3RhdCwwLDEwMCww
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9yLDAsMTAwLDA=
+extraColumns:: d2hlbkNoYW5nZWQsw4ZuZHJldCwwLDEzMCww
+extraColumns:: c24sRWZ0ZXJuYXZuLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMLWFkcmVzc2UgdGlsIG9ubGluZW1lZGRlbGVsc2VyLDAsMTQwLDA=
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxIamVtbWVzZXJ2ZXIgdGlsIG9ubGluZW1lZGRlbGVsc2VyLDAsMTcwLDA=
+extraColumns:: Z2l2ZW5OYW1lLEZvcm5hdm4sMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixFeGNoYW5nZS1wb3N0a2Fzc2VsYWdlciwwLDEwMCww
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlLWFsaWFzLDAsMTc1LDA=
+extraColumns:: bWFpbCxFLW1haWwtYWRyZXNzZSwwLDEwMCww
+extraColumns:: c0FNQWNjb3VudE5hbWUsTG9nb25uYXZuIChmw7hyIFdpbmRvd3MgMjAwMCksMCwxMjAsMA==
+extraColumns:: ZGlzcGxheU5hbWUsVmlzdCBuYXZuLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCxBZmRlbGluZywwLDE1MCww
+extraColumns:: YyxMYW5kLDAsLTEsMA==
+extraColumns:: Y29tcGFueSxGaXJtYSwwLDE1MCww
+extraColumns:: bCxCeSwwLDE1MCww
+extraColumns:: dGVsZXBob25lTnVtYmVyLFRlbGVmb24gKGFyYmVqZGUpLDAsMTAwLDA=
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVob2xkZXIgZm9yIG9tcsOlZGU=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVob2xkZXIgZm9yIHRyYW5zcG9ydCBpbmRlbmZvciBvbXLDpWRl
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Undernetbeholder
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Serverbeholder
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Tjenesten Active Directory
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: Rm9yZXNww7hyZ3NlbHNwb2xpdGlr
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: RWtzdGVybiBkb23Dpm5la29udG8sIGRlciBueWRlciB0aWxsaWQ=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Certifikatskabelon
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns: lastKnownParent,Senest kendte overordnede,1,300,0
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+attributeDisplayNames:: Y24sTmF2bg==
+attributeDisplayNames:: YyxMYW5kZWZvcmtvcnRlbHNl
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBZmRlbGluZw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEaXJla3RlIHVuZGVyb3JkbmVkZQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCBrZW5kZW5hdm4=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb24=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnNhdHRlcyBJRC1udW1tZXI=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYXZuZXN1ZmZpa3MgKGYuZWtzLiBTci4sIEpyLiwgSUlJKQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEZvcm5hdm4=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxIamVtbWVtYXBwZQ==
+attributeDisplayNames:: aG9tZURyaXZlLEhqZW1tZWRyZXY=
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gKHByaXZhdCk=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzZSAocHJpdmF0KQ==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50ZXJuYXRpb25hbHQgSVNETi1udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: bCxCeQ==
+attributeDisplayNames:: bWFpbCxFLW1haWwtYWRyZXNzZQ==
+attributeDisplayNames:: bWFuYWdlcixPdmVyb3JkbmV0
+attributeDisplayNames:: bWVtYmVyT2YsTWVkbGVtIGFm
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsZW1uYXZu
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: aW5mbyxOb3Rlcg==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgcHJpdmF0IChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtbWFpbC1hZHJlc3NlIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7hnZXJudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbiwgYXJiZWpkZSAoYW5kcmUp
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O4Z2VybnVtbWVy
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRlbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9yYWRyZXNzZQ==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0Ym9rcw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGVybmF0aW9uYWx0IElTRE4tbnVtbWVy
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4bnVtbWVy
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTG9nb25uYXZuIChmw7hyIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: c24sRWZ0ZXJuYXZu
+attributeDisplayNames:: c3QsT21yw6VkZS9yZWdpb24=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc3Nl
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: dGl0bGUsU3RpbGxpbmc=
+attributeDisplayNames:: dXJsLEFkcmVzc2UgcMOlIHdlYnNpZGUgKGFuZHJlKQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzdCBuYXZu
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxMb2cgcMOlIGFyYmVqZHNzdGF0aW9uZXI=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTG9nb25uYXZu
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBww6Ugd2Vic3RlZA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: 0JPRgNGD0L/Qv9CwIEludGVsbGlNaXJyb3I=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: 0KHQu9GD0LbQsdCwIEludGVsbGlNaXJyb3I=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0J/QvtC70YzQt9C+0LLQsNGC0LXQu9GM
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us0JDQtNGA0LXRgSDRgdGC0YDQsNC90LjRhtGLINCyINCY0L3RgtC10YDQvdC10YLQtQ==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs0JjQvNGPINC00LvRjyDQstGF0L7QtNCw
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzQoNCw0LHQvtGH0LjQtSDRgdGC0LDQvdGG0LjQuCDQtNC70Y8g0LLRhdC+0LTQsCDQsiDRgdC40YHRgtC10LzRgw==
+attributeDisplayNames:: ZGlzcGxheU5hbWUs0JLRi9Cy0L7QtNC40LzQvtC1INC40LzRjw==
+attributeDisplayNames:: dXJsLNCQ0LTRgNC10YEg0YHRgtGA0LDQvdC40YbRiyDQsiDQmNC90YLQtdGA0L3QtdGC0LUgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: dGl0bGUs0JTQvtC70LbQvdC+0YHRgtGM
+attributeDisplayNames:: dGVsZXhOdW1iZXIs0J3QvtC80LXRgCDRgtC10LvQtdC60YHQsCAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNCd0L7QvNC10YAg0YLQtdC70LXRhNC+0L3QsA==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzQkNC00YDQtdGBLCDRg9C70LjRhtCw
+attributeDisplayNames:: c3Qs0J7QsdC70LDRgdGC0Yw=
+attributeDisplayNames:: c24s0KTQsNC80LjQu9C40Y8=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs0JjQvNGPINCy0YXQvtC00LAgKNC/0YDQtdC0LVdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNCd0L7QvNC10YAg0YLQtdC70LXQutGB0LA=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNCc0LXQttC00YPQvdCw0YDQvtC00L3Ri9C5INC90L7QvNC10YAgSVNETg==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzQn9C+0YfRgtC+0LLRi9C5INGP0YnQuNC6
+attributeDisplayNames:: cG9zdGFsQ29kZSzQn9C+0YfRgtC+0LLRi9C5INC40L3QtNC10LrRgQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs0JrQvtC80L3QsNGC0LA=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzQotC40YLRg9C7LCDQt9Cy0LDQvdC40LU=
+attributeDisplayNames:: cGFnZXIs0J3QvtC80LXRgCDQv9C10LnQtNC20LXRgNCw
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs0J3QvtC80LXRgCDRgtC10LvQtdGE0L7QvdCwICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: b3RoZXJQYWdlcizQndC+0LzQtdGAINC/0LXQudC00LbQtdGA0LAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs0J3QvtC80LXRgCDRgdC+0YLQvtCy0L7Qs9C+INGC0LXQu9C10YTQvtC90LAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNCt0LvQtdC60YLRgNC+0L3QvdCw0Y8g0L/QvtGH0YLQsCAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLNCi0LXQu9C10YTQvtC90L3Ri9C5INC90L7QvNC10YAgSVAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs0JTQvtC80LDRiNC90LjQuSDRgtC10LvQtdGE0L7QvSAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs0J3QvtC80LXRgCDRhNCw0LrRgdCwICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: aW5mbyzQn9GA0LjQvNC10YfQsNC90LjRjw==
+attributeDisplayNames:: bW9iaWxlLNCd0L7QvNC10YAg0YHQvtGC0L7QstC+0LPQviDRgtC10LvQtdGE0L7QvdCw
+attributeDisplayNames:: bWlkZGxlTmFtZSzQodGA0LXQtNC90Y/RjyDRh9Cw0YHRgtGMINC40LzQtdC90LgsINC+0YLRh9C10YHRgtCy0L4=
+attributeDisplayNames:: bWVtYmVyT2Ys0KfQu9C10L0g0LPRgNGD0L/Qv9GL
+attributeDisplayNames:: bWFuYWdlcizQoNGD0LrQvtCy0L7QtNC40YLQtdC70Yw=
+attributeDisplayNames:: bWFpbCzQrdC70LXQutGC0YDQvtC90L3QsNGPINC/0L7Rh9GC0LA=
+attributeDisplayNames:: bCzQk9C+0YDQvtC0
+attributeDisplayNames:: aXBQaG9uZSzQotC10LvQtdGE0L7QvdC90YvQuSDQvdC+0LzQtdGAIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs0JzQtdC20LTRg9C90LDRgNC+0LTQvdGL0Lkg0L3QvtC80LXRgCBJU0ROICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: aW5pdGlhbHMs0JjQvdC40YbQuNCw0LvRiw==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms0JTQvtC80LDRiNC90LjQuSDQsNC00YDQtdGB
+attributeDisplayNames:: aG9tZVBob25lLNCU0L7QvNCw0YjQvdC40Lkg0YLQtdC70LXRhNC+0L0=
+attributeDisplayNames:: aG9tZURyaXZlLNCU0LjRgdC6INC00L7QvNCw0YjQvdC10Lkg0L/QsNC/0LrQuA==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzQlNC+0LzQsNGI0L3Rj9GPINC/0LDQv9C60LA=
+attributeDisplayNames:: Z2l2ZW5OYW1lLNCY0LzRjw==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizQodGD0YTRhNC40LrRgSDQv9C+0LrQvtC70LXQvdC40Y8=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNCd0L7QvNC10YAg0YTQsNC60YHQsA==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzQmtC+0LQg0YHQvtGC0YDRg9C00L3QuNC60LA=
+attributeDisplayNames:: ZGl2aXNpb24s0J7RgtC00LXQuw==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDRgNCw0LfQu9C40YfQsNGO0YnQtdC10YHRjyDQuNC80Y8=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzQn9GA0Y/QvNGL0LUg0L/QvtC00YfQuNC90LXQvdC90YvQtQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCzQntGC0LTQtdC7
+attributeDisplayNames:: Y29tcGFueSzQntGA0LPQsNC90LjQt9Cw0YbQuNGP
+attributeDisplayNames:: Y29tbWVudCzQmtC+0LzQvNC10L3RgtCw0YDQuNC5
+attributeDisplayNames:: Y28s0KHRgtGA0LDQvdCw
+attributeDisplayNames:: YyzQodC+0LrRgNCw0YnQtdC90L3QvtC1INC+0LHQvtC30L3QsNGH0LXQvdC40LUg0YHRgtGA0LDQvdGL
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+attributeDisplayNames:: YXNzaXN0YW50LNCf0L7QvNC+0YnQvdC40Lo=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0JPRgNGD0L/Qv9Cw
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us0JDQtNGA0LXRgSDRgdGC0YDQsNC90LjRhtGLINCyINCY0L3RgtC10YDQvdC10YLQtQ==
+attributeDisplayNames:: dXJsLNCQ0LTRgNC10YEg0YHRgtGA0LDQvdC40YbRiyDQsiDQmNC90YLQtdGA0L3QtdGC0LUgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs0JjQvNGPINCz0YDRg9C/0L/RiyAo0L/RgNC10LQtV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs0JrQvtC80L3QsNGC0LA=
+attributeDisplayNames:: aW5mbyzQn9GA0LjQvNC10YfQsNC90LjRjw==
+attributeDisplayNames:: bWVtYmVyLNCn0LvQtdC90Ysg0LPRgNGD0L/Qv9GL
+attributeDisplayNames:: bWFuYWdlZEJ5LNCj0L/RgNCw0LLQu9GP0LXRgtGB0Y8=
+attributeDisplayNames:: bCzQk9C+0YDQvtC0
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDRgNCw0LfQu9C40YfQsNGO0YnQtdC10YHRjyDQuNC80Y8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: YyzQodC+0LrRgNCw0YnQtdC90L3QvtC1INC+0LHQvtC30L3QsNGH0LXQvdC40LUg0YHRgtGA0LDQvdGL
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0JTQvtC80LXQvQ==
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: ZGMs0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0JrQvtC90YLQsNC60YI=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us0JDQtNGA0LXRgSDRgdGC0YDQsNC90LjRhtGLINCyINCY0L3RgtC10YDQvdC10YLQtQ==
+attributeDisplayNames:: dXJsLNCQ0LTRgNC10YEg0YHRgtGA0LDQvdC40YbRiyDQsiDQmNC90YLQtdGA0L3QtdGC0LUgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: dGl0bGUs0JTQvtC70LbQvdC+0YHRgtGM
+attributeDisplayNames:: dGVsZXhOdW1iZXIs0J3QvtC80LXRgCDRgtC10LvQtdC60YHQsCAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNCd0L7QvNC10YAg0YLQtdC70LXRhNC+0L3QsA==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzQkNC00YDQtdGBLCDRg9C70LjRhtCw
+attributeDisplayNames:: c3Qs0J7QsdC70LDRgdGC0Yw=
+attributeDisplayNames:: c24s0KTQsNC80LjQu9C40Y8=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNCd0L7QvNC10YAg0YLQtdC70LXQutGB0LA=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNCc0LXQttC00YPQvdCw0YDQvtC00L3Ri9C5INC90L7QvNC10YAgSVNETg==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzQn9C+0YfRgtC+0LLRi9C5INGP0YnQuNC6
+attributeDisplayNames:: cG9zdGFsQ29kZSzQn9C+0YfRgtC+0LLRi9C5INC40L3QtNC10LrRgQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs0JrQvtC80L3QsNGC0LA=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzQotC40YLRg9C7LCDQt9Cy0LDQvdC40LU=
+attributeDisplayNames:: cGFnZXIs0J3QvtC80LXRgCDQv9C10LnQtNC20LXRgNCw
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs0J3QvtC80LXRgCDRgtC10LvQtdGE0L7QvdCwICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: b3RoZXJQYWdlcizQndC+0LzQtdGAINC/0LXQudC00LbQtdGA0LAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs0J3QvtC80LXRgCDRgdC+0YLQvtCy0L7Qs9C+INGC0LXQu9C10YTQvtC90LAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNCt0LvQtdC60YLRgNC+0L3QvdCw0Y8g0L/QvtGH0YLQsCAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLNCi0LXQu9C10YTQvtC90L3Ri9C5INC90L7QvNC10YAgSVAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs0JTQvtC80LDRiNC90LjQuSDRgtC10LvQtdGE0L7QvSAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs0J3QvtC80LXRgCDRhNCw0LrRgdCwICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: bW9iaWxlLNCd0L7QvNC10YAg0YHQvtGC0L7QstC+0LPQviDRgtC10LvQtdGE0L7QvdCw
+attributeDisplayNames:: bWlkZGxlTmFtZSzQodGA0LXQtNC90Y/RjyDRh9Cw0YHRgtGMINC40LzQtdC90LgsINC+0YLRh9C10YHRgtCy0L4=
+attributeDisplayNames:: bWVtYmVyT2Ys0KfQu9C10L0g0LPRgNGD0L/Qv9GL
+attributeDisplayNames:: bWFuYWdlcizQoNGD0LrQvtCy0L7QtNC40YLQtdC70Yw=
+attributeDisplayNames:: bWFpbCzQrdC70LXQutGC0YDQvtC90L3QsNGPINC/0L7Rh9GC0LA=
+attributeDisplayNames:: bCzQk9C+0YDQvtC0
+attributeDisplayNames:: aXBQaG9uZSzQotC10LvQtdGE0L7QvdC90YvQuSDQvdC+0LzQtdGAIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs0JzQtdC20LTRg9C90LDRgNC+0LTQvdGL0Lkg0L3QvtC80LXRgCBJU0ROICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: aW5mbyzQn9GA0LjQvNC10YfQsNC90LjRjw==
+attributeDisplayNames:: aW5pdGlhbHMs0JjQvdC40YbQuNCw0LvRiw==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms0JTQvtC80LDRiNC90LjQuSDQsNC00YDQtdGB
+attributeDisplayNames:: aG9tZVBob25lLNCU0L7QvNCw0YjQvdC40Lkg0YLQtdC70LXRhNC+0L0=
+attributeDisplayNames:: Z2l2ZW5OYW1lLNCY0LzRjw==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizQodGD0YTRhNC40LrRgSDQv9C+0LrQvtC70LXQvdC40Y8=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNCd0L7QvNC10YAg0YTQsNC60YHQsA==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzQmtC+0LQg0YHQvtGC0YDRg9C00L3QuNC60LA=
+attributeDisplayNames:: ZGl2aXNpb24s0J7RgtC00LXQuw==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDRgNCw0LfQu9C40YfQsNGO0YnQtdC10YHRjyDQuNC80Y8=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs0JLRi9Cy0L7QtNC40LzQvtC1INC40LzRjw==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzQn9GA0Y/QvNGL0LUg0L/QvtC00YfQuNC90LXQvdC90YvQtQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCzQntGC0LTQtdC7
+attributeDisplayNames:: Y29tcGFueSzQntGA0LPQsNC90LjQt9Cw0YbQuNGP
+attributeDisplayNames:: Y29tbWVudCzQmtC+0LzQvNC10L3RgtCw0YDQuNC5
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+attributeDisplayNames:: Y28s0KHRgtGA0LDQvdCw
+attributeDisplayNames:: YyzQodC+0LrRgNCw0YnQtdC90L3QvtC1INC+0LHQvtC30L3QsNGH0LXQvdC40LUg0YHRgtGA0LDQvdGL
+attributeDisplayNames:: YXNzaXN0YW50LNCf0L7QvNC+0YnQvdC40Lo=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0J/QvtC70LjRgtC40LrQsCDQtNC+0LzQtdC90LA=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0JvQvtC60LDQu9GM0L3QsNGPINC/0L7Qu9C40YLQuNC60LA=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0KHQu9GD0LbQsdCw
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0JrQvtC80L/RjNGO0YLQtdGA
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs0JjQvNGPINC60L7QvNC/0YzRjtGC0LXRgNCwICjQv9GA0LXQtC1XaW5kb3dzIDIwMDAp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizQktC10YDRgdC40Y8g0L7Qv9C10YDQsNGG0LjQvtC90L3QvtC5INGB0LjRgdGC0LXQvNGL
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLNCe0L/QtdGA0LDRhtC40L7QvdC90LDRjyDRgdC40YHRgtC10LzQsA==
+attributeDisplayNames:: bWFuYWdlZEJ5LNCj0L/RgNCw0LLQu9GP0LXRgtGB0Y8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0J/RgNC40L3RgtC10YA=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcizQktC10YDRgdC40Y8g0L7QsdGK0LXQutGC0LA=
+attributeDisplayNames:: dXJsLNCQ0LTRgNC10YEg0YHRgtGA0LDQvdC40YbRiyDQsiDQmNC90YLQtdGA0L3QtdGC0LU=
+attributeDisplayNames:: c2VydmVyTmFtZSzQmNC80Y8g0YHQtdGA0LLQtdGA0LA=
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzQn9C+0LTQtNC10YDQttC60LAg0YHRiNC40LLQsNC90LjRjw==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUs0JjQvNGPINC+0LHRidC10LPQviDRgNC10YHRg9GA0YHQsA==
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzQodGC0YDQsNC90LjRhiDQsiDQvNC40L3Rg9GC0YM=
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzQldC00LjQvdC40YbRiyDRgdC60L7RgNC+0YHRgtC4
+attributeDisplayNames:: cHJpbnRSYXRlLNCh0LrQvtGA0L7RgdGC0Yw=
+attributeDisplayNames:: cHJpbnRPd25lcizQmNC80Y8g0LLQu9Cw0LTQtdC70YzRhtCw
+attributeDisplayNames:: cHJpbnRNZW1vcnks0KPRgdGC0LDQvdC+0LLQu9C10L3QvdCw0Y8g0L/QsNC80Y/RgtGM
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzQn9C+0LTQtNC10YDQttC40LLQsNC10LzRi9C1INCy0LjQtNGLINCx0YPQvNCw0LPQuA==
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LNCY0YHQv9C+0LvRjNC30YPQtdC80LDRjyDQsdGD0LzQsNCz0LA=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLNCc0LDQutGB0LjQvNCw0LvRjNC90L7QtSDRgNCw0LfRgNC10YjQtdC90LjQtQ==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSzQo9C/0YDQsNCy0LvRj9GO0YnQuNC5INGP0LfRi9C6INC/0YDQuNC90YLQtdGA0LA=
+attributeDisplayNames:: cHJpbnRlck5hbWUs0J/QvtC70L3QvtC1INC40LzRjw==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQs0J/QvtC00LTQtdGA0LbQutCwINC00LLRg9GB0YLQvtGA0L7QvdC90LXQuSDQv9C10YfQsNGC0Lg=
+attributeDisplayNames:: cHJpbnRDb2xvcizQn9C+0LTQtNC10YDQttC60LAg0YbQstC10YLQvdC+0Lkg0L/QtdGH0LDRgtC4
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLNCf0L7QtNC00LXRgNC20LrQsCDRgNCw0LfQsdC+0YDQsCDQv9C+INC60L7Qv9C40Y/QvA==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzQn9C+0LTQsNGO0YnQuNC1INC70L7RgtC60Lg=
+attributeDisplayNames:: cG9ydE5hbWUs0J/QvtGA0YI=
+attributeDisplayNames:: bG9jYXRpb24s0KDQsNGB0L/QvtC70L7QttC10L3QuNC1
+attributeDisplayNames:: ZHJpdmVyTmFtZSzQnNC+0LTQtdC70Yw=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0JrQvtC80LzQtdC90YLQsNGA0LjQuQ==
+attributeDisplayNames:: Y29udGFjdE5hbWUs0JrQvtC90YLQsNC60YI=
+attributeDisplayNames:: YXNzZXROdW1iZXIs0JDRgNGC0LjQutGD0Ls=
+attributeDisplayNames:: dU5DTmFtZSzQodC10YLQtdCy0L7QtSDQuNC80Y8=
+attributeDisplayNames:: Y24s0JjQvNGPINGB0LvRg9C20LHRiyDQutCw0YLQsNC70L7Qs9C+0LI=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 0KHQsNC50YI=
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 0KHQtdGA0LLQtdGA
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 0J/QsNGA0LDQvNC10YLRgNGL
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 0J/QsNGA0LDQvNC10YLRgNGLINC60L7QvdGC0YDQvtC70LvQtdGA0LAg0LTQvtC80LXQvdCw
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 0J/QvtC00LrQu9GO0YfQtdC90LjQtQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 0J/QsNGA0LDQvNC10YLRgNGLIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 0J3QsNCx0L7RgCDRgNC10L/Qu9C40LrQsNGG0LjQuCBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 0J/QvtC00YHQtdGC0Yw=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 0KHQstGP0LfRjCDRgdCw0LnRgtC+0LI=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 0JzQvtGB0YIg0YHQstGP0LfQtdC5INGB0LDQudGC0L7Qsg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 0JzQtdC20YHQsNC50YLQvtCy0YvQuSDRgtGA0LDQvdGB0L/QvtGA0YI=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 0J/QsNGA0LDQvNC10YLRgNGLINC70LjRhtC10L3Qt9C40YDQvtCy0LDQvdC40Y8g0YHQsNC50YLQsA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: 0J/QsNGA0LDQvNC10YLRgNGLINGB0LDQudGC0LA=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 0KfQu9C10L0gRlJT
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 0J/QvtC00L/QuNGB0YfQuNC6IEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 0J/QvtC00L/QuNGB0LrQsCDQvdCwIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0J/QvtC00YDQsNC30LTQtdC70LXQvdC40LU=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LNCj0L/RgNCw0LLQu9GP0LXRgtGB0Y8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: b3Us0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0JrQvtC90YLQtdC50L3QtdGA
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 0KHQu9GD0LbQsdGLIFJQQw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 0JTQvtCy0LXRgNC10L3QvdGL0Lkg0LTQvtC80LXQvQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0J7QsdGJ0LDRjyDQv9Cw0L/QutCw
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSzQodC10YLQtdCy0L7QuSDQv9GD0YLRjA==
+attributeDisplayNames:: a2V5d29yZHMs0JrQu9GO0YfQtdCy0YvQtSDRgdC70L7QstCw
+attributeDisplayNames:: bWFuYWdlZEJ5LNCj0L/RgNCw0LLQu9GP0LXRgtGB0Y8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: 0J7Rh9C10YDQtdC00YwgTVNNUQ==
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: 0J3QsNGB0YLRgNC+0LnQutCwIE1TTVE=
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUSDQv9GA0LXQtNC/0YDQuNGP0YLQuNGP
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: 0J7QsdC90L7QstC70LXQvdC90YvQuSDQv9C+0LvRjNC30L7QstCw0YLQtdC70YwgTVNNUQ==
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: 0JzQsNGA0YjRgNGD0YIgTVNNUQ==
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: 0J/QsNGA0LDQvNC10YLRgNGLIE1TTVE=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: 0J/RgdC10LLQtNC+0L3QuNC8INC+0YfQtdGA0LXQtNC4IE1TTVE=
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSzQpNC+0YDQvNCw0YI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: 0JPRgNGD0L/Qv9CwIE1TTVE=
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLNCe0YfQtdGA0LXQtNC4INGH0LvQtdC90L7Qsg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 0KHQu9GD0LbQsdCwINCy0L3QtdGI0L3QuNGFINGF0YDQsNC90LjQu9C40Yk=
+adminContextMenu:: MCwm0KPQv9GA0LDQstC70LXQvdC40LUuLi4sUnNBZG1pbi5tc2M=
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSzQmNC90LTQtdC60YEsMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAg0Y3Quy4g0L/QvtGH0YLQsCwwLDEzMCww
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUs0JjQvNGPINCy0YXQvtC00LAg0L/QvtC70YzQt9C+0LLQsNGC0LXQu9GPLDAsMjAwLDA=
+extraColumns:: dGl0bGUs0JTQvtC70LbQvdC+0YHRgtGMLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyzQmtC+0L3QtdGH0L3Ri9C5INCw0LTRgNC10YEsMCwxMDAsMA==
+extraColumns:: c3Qs0KHQvtGB0YLQvtGP0L3QuNC1LDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs0JrQvtC80L3QsNGC0LAsMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQs0JjQt9C80LXQvdC10L0sMCwxMzAsMA==
+extraColumns:: c24s0KTQsNC80LjQu9C40Y8sMCwxMDAsMA==
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMLdCw0LTRgNC10YEg0YHQtdGA0LLQtdGA0LAg0LzQs9C90L7QstC10L3QvdGL0YUg0YHQvtC+0LHRidC10L3QuNC5LDAsMTQwLDA=
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCzQodC10YDQstC10YAg0LzQs9C90L7QstC10L3QvdGL0YUg0YHQvtC+0LHRidC10L3QuNC5LDAsMTcwLDA=
+extraColumns:: Z2l2ZW5OYW1lLNCY0LzRjywwLDEwMCww
+extraColumns:: aG9tZU1EQizQpdGA0LDQvdC40LvQuNGJ0LUg0L/QvtGH0YLQvtCy0YvRhSDRj9GJ0LjQutC+0LIgRXhjaGFuZ2UsMCwxMDAsMA==
+extraColumns:: bWFpbE5pY2tuYW1lLNCf0YHQtdCy0LTQvtC90LjQvCBFeGNoYW5nZSwwLDE3NSww
+extraColumns:: bWFpbCzQrdC70LXQutGC0YDQvtC90L3QsNGPINC/0L7Rh9GC0LAsMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUs0J/RgNC10LQtV2luZG93cyAyMDAwINC40LzRjyDQstGF0L7QtNCwLDAsMTIwLDA=
+extraColumns:: ZGlzcGxheU5hbWUs0JLRi9Cy0L7QtNC40LzQvtC1INC40LzRjywwLDEwMCww
+extraColumns:: ZGVwYXJ0bWVudCzQntGC0LTQtdC7LDAsMTUwLDA=
+extraColumns:: YyzQodGC0YDQsNC90LAsMCwtMSww
+extraColumns:: Y29tcGFueSzQntGA0LPQsNC90LjQt9Cw0YbQuNGPLDAsMTUwLDA=
+extraColumns:: bCzQk9C+0YDQvtC0LDAsMTUwLDA=
+extraColumns:: dGVsZXBob25lTnVtYmVyLNCh0LvRg9C20LXQsdC90YvQuSDRgtC10LvQtdGE0L7QvSwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 0JrQvtC90YLQtdC50L3QtdGAINGB0LDQudGC0L7Qsg==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 0JrQvtC90YLQtdC50L3QtdGAINC80LXQttGB0LDQudGC0L7QstC+0LPQviDRgtGA0LDQvdGB0L/QvtGA0YLQsA==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 0JrQvtC90YLQtdC50L3QtdGAINC/0L7QtNGB0LXRgtC10Lk=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 0JrQvtC90YLQtdC50L3QtdGAINGB0LXRgNCy0LXRgNC+0LI=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 0KHQu9GD0LbQsdCwIEFjdGl2ZSBEaXJlY3Rvcnk=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 0J/QvtC70LjRgtC40LrQsCDQt9Cw0L/RgNC+0YHQsA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 0JDQtNC80LjQvdC40YHRgtGA0LDRgtC+0YAg0LLQvdC10YjQvdC10Lkg0LHQtdC30L7Qv9Cw0YHQvdC+0YHRgtC4
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: 0KjQsNCx0LvQvtC9INGB0LXRgNGC0LjRhNC40LrQsNGC0LA=
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LNCf0L7RgdC70LXQtNC90LjQuSDQuNC30LLQtdGB0YLQvdGL0Lkg0YDQvtC00LjRgtC10LvRjNGB0LrQuNC5INC+0LHRitC10LrRgiwxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LNCf0L7QvNC+0YnQvdC40Lo=
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+attributeDisplayNames:: YyzQodC+0LrRgNCw0YnQtdC90L3QvtC1INC+0LHQvtC30L3QsNGH0LXQvdC40LUg0YHRgtGA0LDQvdGL
+attributeDisplayNames:: Y28s0KHRgtGA0LDQvdCw
+attributeDisplayNames:: Y29tbWVudCzQmtC+0LzQvNC10L3RgtCw0YDQuNC5
+attributeDisplayNames:: Y29tcGFueSzQntGA0LPQsNC90LjQt9Cw0YbQuNGP
+attributeDisplayNames:: ZGVwYXJ0bWVudCzQntGC0LTQtdC7
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzQn9GA0Y/QvNGL0LUg0L/QvtC00YfQuNC90LXQvdC90YvQtQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDRgNCw0LfQu9C40YfQsNGO0YnQtdC10YHRjyDQuNC80Y8=
+attributeDisplayNames:: ZGl2aXNpb24s0J7RgtC00LXQuw==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzQmtC+0LQg0YHQvtGC0YDRg9C00L3QuNC60LA=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNCd0L7QvNC10YAg0YTQsNC60YHQsA==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizQodGD0YTRhNC40LrRgSDQv9C+0LrQvtC70LXQvdC40Y8=
+attributeDisplayNames:: Z2l2ZW5OYW1lLNCY0LzRjw==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzQlNC+0LzQsNGI0L3Rj9GPINC/0LDQv9C60LA=
+attributeDisplayNames:: aG9tZURyaXZlLNCU0LjRgdC6INC00L7QvNCw0YjQvdC10Lkg0L/QsNC/0LrQuA==
+attributeDisplayNames:: aG9tZVBob25lLNCU0L7QvNCw0YjQvdC40Lkg0YLQtdC70LXRhNC+0L0=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms0JTQvtC80LDRiNC90LjQuSDQsNC00YDQtdGB
+attributeDisplayNames:: aW5pdGlhbHMs0JjQvdC40YbQuNCw0LvRiw==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs0JzQtdC20LTRg9C90LDRgNC+0LTQvdGL0Lkg0L3QvtC80LXRgCBJU0ROICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: aXBQaG9uZSzQotC10LvQtdGE0L7QvdC90YvQuSDQvdC+0LzQtdGAIElQ
+attributeDisplayNames:: bCzQk9C+0YDQvtC0
+attributeDisplayNames:: bWFpbCzQrdC70LXQutGC0YDQvtC90L3QsNGPINC/0L7Rh9GC0LA=
+attributeDisplayNames:: bWFuYWdlcizQoNGD0LrQvtCy0L7QtNC40YLQtdC70Yw=
+attributeDisplayNames:: bWVtYmVyT2Ys0KfQu9C10L0g0LPRgNGD0L/Qv9GL
+attributeDisplayNames:: bWlkZGxlTmFtZSzQodGA0LXQtNC90Y/RjyDRh9Cw0YHRgtGMINC40LzQtdC90LgsINC+0YLRh9C10YHRgtCy0L4=
+attributeDisplayNames:: bW9iaWxlLNCd0L7QvNC10YAg0YHQvtGC0L7QstC+0LPQviDRgtC10LvQtdGE0L7QvdCw
+attributeDisplayNames:: aW5mbyzQn9GA0LjQvNC10YfQsNC90LjRjw==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs0J3QvtC80LXRgCDRhNCw0LrRgdCwICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs0JTQvtC80LDRiNC90LjQuSDRgtC10LvQtdGE0L7QvSAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLNCi0LXQu9C10YTQvtC90L3Ri9C5INC90L7QvNC10YAgSVAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNCt0LvQtdC60YLRgNC+0L3QvdCw0Y8g0L/QvtGH0YLQsCAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUs0J3QvtC80LXRgCDRgdC+0YLQvtCy0L7Qs9C+INGC0LXQu9C10YTQvtC90LAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJQYWdlcizQndC+0LzQtdGAINC/0LXQudC00LbQtdGA0LAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs0J3QvtC80LXRgCDRgtC10LvQtdGE0L7QvdCwICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: cGFnZXIs0J3QvtC80LXRgCDQv9C10LnQtNC20LXRgNCw
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzQotC40YLRg9C7LCDQt9Cy0LDQvdC40LU=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs0JrQvtC80L3QsNGC0LA=
+attributeDisplayNames:: cG9zdGFsQ29kZSzQn9C+0YfRgtC+0LLRi9C5INC40L3QtNC10LrRgQ==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzQn9C+0YfRgtC+0LLRi9C5INGP0YnQuNC6
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNCc0LXQttC00YPQvdCw0YDQvtC00L3Ri9C5INC90L7QvNC10YAgSVNETg==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNCd0L7QvNC10YAg0YLQtdC70LXQutGB0LA=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs0JjQvNGPINCy0YXQvtC00LAgKNC/0YDQtdC0LVdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: c24s0KTQsNC80LjQu9C40Y8=
+attributeDisplayNames:: c3Qs0J7QsdC70LDRgdGC0Yw=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzQkNC00YDQtdGBLCDRg9C70LjRhtCw
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNCd0L7QvNC10YAg0YLQtdC70LXRhNC+0L3QsA==
+attributeDisplayNames:: dGVsZXhOdW1iZXIs0J3QvtC80LXRgCDRgtC10LvQtdC60YHQsCAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: dGl0bGUs0JTQvtC70LbQvdC+0YHRgtGM
+attributeDisplayNames:: dXJsLNCQ0LTRgNC10YEg0YHRgtGA0LDQvdC40YbRiyDQsiDQmNC90YLQtdGA0L3QtdGC0LUgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs0JLRi9Cy0L7QtNC40LzQvtC1INC40LzRjw==
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzQoNCw0LHQvtGH0LjQtSDRgdGC0LDQvdGG0LjQuCDQtNC70Y8g0LLRhdC+0LTQsCDQsiDRgdC40YHRgtC10LzRgw==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs0JjQvNGPINC00LvRjyDQstGF0L7QtNCw
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us0JDQtNGA0LXRgSDRgdGC0YDQsNC90LjRhtGLINCyINCY0L3RgtC10YDQvdC10YLQtQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: 16fXkdeV16bXqiBJbnRlbGxpTWlycm9y
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: 16nXmdeo15XXqiBJbnRlbGxpTWlycm9y
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 157Xqdeq157XqQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us15vXqteV15HXqiDXk9ejINeQ15nXoNeY16jXoNeY
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs16nXnSDXnNeb16DXmdeh15Q=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzXqteX16DXldeqINei15HXldeT15Qg15zXm9eg15nXodeU
+attributeDisplayNames:: ZGlzcGxheU5hbWUs16nXnSDXnNeq16bXldeS15Q=
+attributeDisplayNames:: dXJsLNeb16rXldeR16og15PXoyDXkNeZ16DXmNeo16DXmCAo15DXl9eo15nXnSk=
+attributeDisplayNames:: dGl0bGUs16rXpNen15nXkw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIs157Xodek16gg15jXnNen16EgKNeQ15fXqNeZ150p
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNee16HXpNeoINeY15zXpNeV158=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzXqNeX15XXkQ==
+attributeDisplayNames:: c3Qs157Xk9eZ16DXlC/XnteX15XXlg==
+attributeDisplayNames:: c24s16nXnSDXntep16TXl9eU
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs16nXnSDXnNeb16DXmdeh15QgKNec16TXoNeZIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNee16HXpNeoINeY15zXp9eh
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNee16HXpNeoIElTRE4g15HXmdeg15zXkNeV157XmQ==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzXqteQINeT15XXkNeo
+attributeDisplayNames:: cG9zdGFsQ29kZSzXnteZ16fXldeT
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs157Xmden15XXnSDXlNee16nXqNeT
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzXqteV15DXqA==
+attributeDisplayNames:: cGFnZXIs157Xodek16gg15bXmdee15XXoNeZ16o=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs157Xodek16gg15jXnNek15XXnyAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJQYWdlcizXnteh16TXqCDXlteZ157Xldeg15nXqiAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs157Xodek16gg15jXnNek15XXnyDXoNeZ15nXkyAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNeb16rXldeR16og15PXldeQ16gt15DXnNen15jXqNeV16DXmSAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLNee16HXpNeoINeY15zXpNeV158gSVAgKNeQ15fXqNeZ150p
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs157Xodek16gg15jXnNek15XXnyDXkdeR15nXqiAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs157Xodek16gg16TXp9ehICjXkNeX16jXmdedKQ==
+attributeDisplayNames:: aW5mbyzXlNei16jXldeq
+attributeDisplayNames:: bW9iaWxlLNee16HXpNeoINeY15zXpNeV158g16DXmdeZ15M=
+attributeDisplayNames:: bWlkZGxlTmFtZSzXqdedINeQ157Xptei15k=
+attributeDisplayNames:: bWVtYmVyT2Ys15fXkdeoINeRLQ==
+attributeDisplayNames:: bWFuYWdlcizXnteg15TXnA==
+attributeDisplayNames:: bWFpbCzXm9eq15XXkdeqINeT15XXkNeoLdeQ15zXp9eY16jXldeg15k=
+attributeDisplayNames:: bCzXoteZ16g=
+attributeDisplayNames:: aXBQaG9uZSzXnteh16TXqCDXmNec16TXldefIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs157Xodek16ggSVNETiDXkdeZ16DXnNeQ15XXnteZICjXkNeX16jXmdedKQ==
+attributeDisplayNames:: aW5pdGlhbHMs16jXkNep15kg16rXmdeR15XXqg==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms15vXqteV15HXqiDXlNeR15nXqg==
+attributeDisplayNames:: aG9tZVBob25lLNeY15zXpNeV158g15HXkdeZ16o=
+attributeDisplayNames:: aG9tZURyaXZlLNeb15XXoNefINeU15HXmdeq
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzXqteZ16fXmdeZ16og15TXkdeZ16o=
+attributeDisplayNames:: Z2l2ZW5OYW1lLNep150g16TXqNeY15k=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizXodeZ15XXnteqINeU15PXldeo
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNee16HXpNeoINek16fXoQ==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzXlteZ15TXldeZINei15XXkdeT
+attributeDisplayNames:: ZGl2aXNpb24s157Xl9ec16fXlA==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs16nXnSDXmdeZ15fXldeT15kgWDUwMA==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzXk9eZ15XXldeXINeZ16nXmdeo
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: ZGVwYXJ0bWVudCzXnteX15zXp9eU
+attributeDisplayNames:: Y29tcGFueSzXl9eR16jXlA==
+attributeDisplayNames:: Y29tbWVudCzXlNei16jXldeq
+attributeDisplayNames:: Y28s15DXqNel
+attributeDisplayNames:: YyzXqNeQ16nXmSDXqteZ15HXldeqINeU15DXqNel
+attributeDisplayNames:: Y24s16nXnQ==
+attributeDisplayNames:: YXNzaXN0YW50LNee16HXmdeZ16I=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 16fXkdeV16bXlA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us15vXqteV15HXqiDXk9ejINeQ15nXoNeY16jXoNeY
+attributeDisplayNames:: dXJsLNeb16rXldeR16og15PXoyDXkNeZ16DXmNeo16DXmCAo15DXl9eo15nXnSk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs16nXnSDXp9eR15XXpteUICjXnNek16DXmSBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs157Xmden15XXnSDXlNee16nXqNeT
+attributeDisplayNames:: aW5mbyzXlNei16jXldeq
+attributeDisplayNames:: bWVtYmVyLNeX15HXqNeZ150=
+attributeDisplayNames:: bWFuYWdlZEJ5LNee16DXlNec
+attributeDisplayNames:: bCzXoteZ16g=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs16nXnSDXmdeZ15fXldeT15kgWDUwMA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: YyzXqNeQ16nXmSDXqteZ15HXldeqINeU15DXqNel
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 16fXkdeV16bXqiDXnteX16nXkdeZ150=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: ZGMs16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 15DXmdepINen16nXqA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us15vXqteV15HXqiDXk9ejINeQ15nXoNeY16jXoNeY
+attributeDisplayNames:: dXJsLNeb16rXldeR16og15PXoyDXkNeZ16DXmNeo16DXmCAo15DXl9eo15nXnSk=
+attributeDisplayNames:: dGl0bGUs16rXpNen15nXkw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIs157Xodek16gg15jXnNen16EgKNeQ15fXqNeZ150p
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNee16HXpNeoINeY15zXpNeV158=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzXqNeX15XXkQ==
+attributeDisplayNames:: c3Qs157Xk9eZ16DXlC/XnteX15XXlg==
+attributeDisplayNames:: c24s16nXnSDXntep16TXl9eU
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNee16HXpNeoINeY15zXp9eh
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNee16HXpNeoIElTRE4g15HXmdeg15zXkNeV157XmQ==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzXqteQINeT15XXkNeo
+attributeDisplayNames:: cG9zdGFsQ29kZSzXnteZ16fXldeT
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs157Xmden15XXnSDXlNee16nXqNeT
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzXqteV15DXqA==
+attributeDisplayNames:: cGFnZXIs157Xodek16gg15bXmdee15XXoNeZ16o=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs157Xodek16gg15jXnNek15XXnyAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJQYWdlcizXnteh16TXqCDXlteZ157Xldeg15nXqiAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs157Xodek16gg15jXnNek15XXnyDXoNeZ15nXkyAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNeb16rXldeR16og15PXldeQ16gt15DXnNen15jXqNeV16DXmSAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLNee16HXpNeoINeY15zXpNeV158gSVAgKNeQ15fXqNeZ150p
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs157Xodek16gg15jXnNek15XXnyDXkdeR15nXqiAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs157Xodek16gg16TXp9ehICjXkNeX16jXmdedKQ==
+attributeDisplayNames:: bW9iaWxlLNee16HXpNeoINeY15zXpNeV158g16DXmdeZ15M=
+attributeDisplayNames:: bWlkZGxlTmFtZSzXqdedINeQ157Xptei15k=
+attributeDisplayNames:: bWVtYmVyT2Ys15fXkdeoINeRLQ==
+attributeDisplayNames:: bWFuYWdlcizXnteg15TXnA==
+attributeDisplayNames:: bWFpbCzXm9eq15XXkdeqINeT15XXkNeoLdeQ15zXp9eY16jXldeg15k=
+attributeDisplayNames:: bCzXoteZ16g=
+attributeDisplayNames:: aXBQaG9uZSzXnteh16TXqCDXmNec16TXldefIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs157Xodek16ggSVNETiDXkdeZ16DXnNeQ15XXnteZICjXkNeX16jXmdedKQ==
+attributeDisplayNames:: aW5mbyzXlNei16jXldeq
+attributeDisplayNames:: aW5pdGlhbHMs16jXkNep15kg16rXmdeR15XXqg==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms15vXqteV15HXqiDXlNeR15nXqg==
+attributeDisplayNames:: aG9tZVBob25lLNeY15zXpNeV158g15HXkdeZ16o=
+attributeDisplayNames:: Z2l2ZW5OYW1lLNep150g16TXqNeY15k=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizXodeZ15XXnteqINeU15PXldeo
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNee16HXpNeoINek16fXoQ==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzXlteZ15TXldeZINei15XXkdeT
+attributeDisplayNames:: ZGl2aXNpb24s157Xl9ec16fXlA==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs16nXnSDXmdeZ15fXldeT15kgWDUwMA==
+attributeDisplayNames:: ZGlzcGxheU5hbWUs16nXnSDXnNeq16bXldeS15Q=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzXk9eZ15XXldeXINeZ16nXmdeo
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: ZGVwYXJ0bWVudCzXnteX15zXp9eU
+attributeDisplayNames:: Y29tcGFueSzXl9eR16jXlA==
+attributeDisplayNames:: Y29tbWVudCzXlNei16jXldeq
+attributeDisplayNames:: Y24s16nXnQ==
+attributeDisplayNames:: Y28s15DXqNel
+attributeDisplayNames:: YyzXqNeQ16nXmSDXqteZ15HXldeqINeU15DXqNel
+attributeDisplayNames:: YXNzaXN0YW50LNee16HXmdeZ16I=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 157Xk9eZ16DXmdeV16og16fXkdeV16bXqiDXnteX16nXkdeZ150=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 157Xk9eZ16DXmdeV16og157Xp9eV157Xmdeq
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 16nXmdeo15XXqg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 157Xl9ep15E=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs16nXnSDXnteX16nXkSAo15zXpNeg15kgV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizXkteZ16jXodeqINee16LXqNeb16og15TXpNei15zXlA==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLNee16LXqNeb16og15TXpNei15zXlA==
+attributeDisplayNames:: bWFuYWdlZEJ5LNee16DXlNec
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 157Xk9ek16HXqg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcizXkteZ16jXodeqINeU15DXldeR15nXmden15g=
+attributeDisplayNames:: dXJsLNeb16rXldeR16og15PXoyDXkNeZ16DXmNeo16DXmA==
+attributeDisplayNames:: c2VydmVyTmFtZSzXqdedINeU16nXqNeq
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzXqtee15nXm9eUINeR15TXmdeT15XXpw==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUs16nXnSDXntep15XXqtej
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzXk9ek15nXnSDXkdeT16fXlA==
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzXmdeX15nXk9eV16og157XlNeZ16jXldeq
+attributeDisplayNames:: cHJpbnRSYXRlLNee15TXmdeo15XXqg==
+attributeDisplayNames:: cHJpbnRPd25lcizXqdedINeR16LXnNeZ150=
+attributeDisplayNames:: cHJpbnRNZW1vcnks15bXmdeb16jXldefINee15XXqten158=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzXodeV15LXmSDXoNeZ15nXqCDXoNeq157Xm9eZ150=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LNeg15nXmdeoINeW157Xmdef
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLNeo15bXldec15XXpteZ15Qg157XqNeR15nXqg==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSzXqdek16og15TXnteT16TXodeq
+attributeDisplayNames:: cHJpbnRlck5hbWUs16nXnQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQs16rXnteZ15vXlCDXkdeU15PXpNeh15Qg15PXlS3XpteT15PXmdeq
+attributeDisplayNames:: cHJpbnRDb2xvcizXqtee15nXm9eUINeR15TXk9ek16HXqiDXpteR16I=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLNeq157Xmdeb15Qg15HXkNeZ16HXldej
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzXnteS16nXmSDXp9ec15g=
+attributeDisplayNames:: cG9ydE5hbWUs15nXpteZ15DXlA==
+attributeDisplayNames:: bG9jYXRpb24s157Xmden15XXnQ==
+attributeDisplayNames:: ZHJpdmVyTmFtZSzXnteV15PXnA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s15TXoteo15XXqg==
+attributeDisplayNames:: Y29udGFjdE5hbWUs15DXmdepINen16nXqA==
+attributeDisplayNames:: YXNzZXROdW1iZXIs157Xodek16gg16DXm9eh
+attributeDisplayNames:: dU5DTmFtZSzXqdedINeo16nXqg==
+attributeDisplayNames:: Y24s16nXnSDXqdeZ16jXldeqINeh16TXqNeZ15nXlA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 15DXqteo
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 16nXqNeq
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 15TXkteT16jXldeq
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 15TXkteT16jXldeqINeR16fXqCDXp9eR15XXpteqINee15fXqdeR15nXnQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 15fXmdeR15XXqA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 15TXkteT16jXldeqIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 16LXqNeb16og16LXldeq16fXmdedINee16nXldeb16TXnNeZ150g16nXnCBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 16jXqdeqINee16nXoNeZ16ogU3VibmV0
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 16fXmdep15XXqCDXnNeQ16rXqA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 15LXqdeoINen15nXqdeV16gg15zXkNeq16g=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 16rXoteR15XXqNeUINeR15nXny3XkNeq16jXmded
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 16jXqdeZ15XXnyDXnNeU15LXk9eo15XXqiDXkNeq16g=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: 15TXkteT16jXldeqINeQ16rXqA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 15fXkdeoIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 157XoNeV15kgRlJT
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 157XoNeV15nXmdedINecLUZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 15nXl9eZ15PXlCDXkNeo15LXldeg15nXqg==
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LNee16DXlNec
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: b3Us16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 15LXldeo150g157Xm9eZ15w=
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 16nXmdeo15XXqteZIFJQQw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 16fXkdeV16bXqiDXnteX16nXkdeZ150g15DXnteZ16DXlA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 16rXmden15nXmdeUINee16nXldeq16TXqg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSzXoNeq15nXkSDXlNeo16nXqg==
+attributeDisplayNames:: a2V5d29yZHMs157Xmdec15XXqiDXntek16rXlw==
+attributeDisplayNames:: bWFuYWdlZEJ5LNee16DXlNec
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: 16rXldeoIE1TTVE=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: 16rXpteV16jXqiBNU01R
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: 15DXqNeS15XXnyBNU01R
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: 157Xqdeq157XqSDXntep15XXk9eo15Ig15EtTVNNUQ==
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: 16fXmdep15XXqCDXnteg16rXkSBNU01R
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: 15TXkteT16jXldeqIE1TTVE=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: 15vXmdeg15XXmSDXqteV16ggTVNNUQ==
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSzXqdedINeq15HXoNeZ16o=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: 16fXkdeV16bXqiBNU01R
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLNeq15XXqNeZINeX15HXqNeZ150=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 16nXmdeo15XXqiDXkNeZ15fXodeV158g157XqNeV15fXpw==
+adminContextMenu:: MCwm16DXmdeU15XXnC4uLixSc0FkbWluLm1zYw==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSzXnteZ16fXldeTLDAsMTAwLDA=
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3Ms15vXqteV15HXqiDXk9eV15DXqCDXkNec16fXmNeo15XXoNeZINep15wgWC40MDAsMCwxMzAsMA==
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUs16nXnSDXm9eg15nXodeUINep15wg15TXntep16rXntepLDAsMjAwLDA=
+extraColumns:: dGl0bGUs16rXpNen15nXkywwLDEwMCww
+extraColumns:: dGFyZ2V0QWRkcmVzcyzXm9eq15XXkdeqINeZ16LXkywwLDEwMCww
+extraColumns:: c3Qs15DXlteV16gsMCwxMDAsMA==
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs157Xqdeo15MsMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQs16nXldeg15QsMCwxMzAsMA==
+extraColumns:: c24s16nXnSDXntep16TXl9eULDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkws15vXqteV15HXqiBVUkwg16nXnCDXnteh16jXmdedINee15nXk9eZ15nXnSwwLDE0MCww
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCzXqdeo16og16jXkNep15kg16nXnCDXnteh16jXmdedINee15nXmdeT15nXmdedLDAsMTcwLDA=
+extraColumns:: Z2l2ZW5OYW1lLNep150g16TXqNeY15ksMCwxMDAsMA==
+extraColumns:: aG9tZU1EQizXnteQ15LXqCDXqteZ15HXqiDXlNeT15XXkNeoINep15wgRXhjaGFuZ2UsMCwxMDAsMA==
+extraColumns:: bWFpbE5pY2tuYW1lLNeb15nXoNeV15kgRXhjaGFuZ2UsMCwxNzUsMA==
+extraColumns:: bWFpbCzXm9eq15XXkdeqINeT15XXkNeoLdeQ15zXp9eY16jXldeg15ksMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUs16nXnSDXm9eg15nXodeUINep15zXpNeg15kgV2luZG93cyAyMDAwLDAsMTIwLDA=
+extraColumns:: ZGlzcGxheU5hbWUs16nXnSDXnNeq16bXldeS15QsMCwxMDAsMA==
+extraColumns:: ZGVwYXJ0bWVudCzXnteX15zXp9eULDAsMTUwLDA=
+extraColumns:: YyzXkNeo16UsMCwtMSww
+extraColumns:: Y29tcGFueSzXl9eR16jXlCwwLDE1MCww
+extraColumns:: bCzXoteZ16gsMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLNeY15zXpNeV158g15HXoteR15XXk9eULDAsMTAwLDA=
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 15LXldeo150g157Xm9eZ15wg16nXnCDXkNeq16jXmded
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 15LXldeo150g157Xm9eZ15wg16nXnCDXntei15HXldeo15Qg15HXmdefLdeQ16rXqNeZ150=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 15LXldeo150g157Xm9eZ15wg16nXnCDXqNep16rXldeqINee16nXoNeUIChTdWJuZXRzKQ==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 15LXldeo150g157Xm9eZ15wg16nXnCDXqdeo16rXmded
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 16nXmdeo15XXqiBBY3RpdmUgRGlyZWN0b3J5
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 157Xk9eZ16DXmdeV16og16nXkNeZ15zXqteU
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 16fXqNefINeR15jXl9eV16DXldeqINeW16jXmded
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: 16rXkdeg15nXqiDXkNeZ16nXldeo
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LNeQ15Eg15nXk9eV16Ig15DXl9eo15XXnywxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=40d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LNee16HXmdeZ16I=
+attributeDisplayNames:: Y24s16nXnQ==
+attributeDisplayNames:: YyzXqNeQ16nXmSDXqteZ15HXldeqINeU15DXqNel
+attributeDisplayNames:: Y28s15DXqNel
+attributeDisplayNames:: Y29tbWVudCzXlNei16jXldeq
+attributeDisplayNames:: Y29tcGFueSzXl9eR16jXlA==
+attributeDisplayNames:: ZGVwYXJ0bWVudCzXnteX15zXp9eU
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzXk9eZ15XXldeXINeZ16nXmdeo
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs16nXnSDXmdeZ15fXldeT15kgWDUwMA==
+attributeDisplayNames:: ZGl2aXNpb24s157Xl9ec16fXlA==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzXlteZ15TXldeZINei15XXkdeT
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNee16HXpNeoINek16fXoQ==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizXodeZ15XXnteqINeU15PXldeo
+attributeDisplayNames:: Z2l2ZW5OYW1lLNep150g16TXqNeY15k=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzXqteZ16fXmdeZ16og15TXkdeZ16o=
+attributeDisplayNames:: aG9tZURyaXZlLNeb15XXoNefINeU15HXmdeq
+attributeDisplayNames:: aG9tZVBob25lLNeY15zXpNeV158g15HXkdeZ16o=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms15vXqteV15HXqiDXlNeR15nXqg==
+attributeDisplayNames:: aW5pdGlhbHMs16jXkNep15kg16rXmdeR15XXqg==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs157Xodek16ggSVNETiDXkdeZ16DXnNeQ15XXnteZICjXkNeX16jXmdedKQ==
+attributeDisplayNames:: aXBQaG9uZSzXnteh16TXqCDXmNec16TXldefIElQ
+attributeDisplayNames:: bCzXoteZ16g=
+attributeDisplayNames:: bWFpbCzXm9eq15XXkdeqINeT15XXkNeoLdeQ15zXp9eY16jXldeg15k=
+attributeDisplayNames:: bWFuYWdlcizXnteg15TXnA==
+attributeDisplayNames:: bWVtYmVyT2Ys15fXkdeoINeRLQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSzXqdedINeQ157Xptei15k=
+attributeDisplayNames:: bW9iaWxlLNee16HXpNeoINeY15zXpNeV158g16DXmdeZ15M=
+attributeDisplayNames:: aW5mbyzXlNei16jXldeq
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs157Xodek16gg16TXp9ehICjXkNeX16jXmdedKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs15jXnNek15XXnyDXkdeR15nXqiAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLNee16HXpNeoINeY15zXpNeV158gSVAgKNeQ15fXqNeZ150p
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNeb16rXldeR16og15PXldeQ16gt15DXnNen15jXqNeV16DXmSAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs157Xodek16gg15jXnNek15XXnyDXoNeZ15nXkyAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJQYWdlcizXnteh16TXqCDXlteZ157Xldeg15nXqiAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs157Xodek16gg15jXnNek15XXnyAo15DXl9eo15nXnSk=
+attributeDisplayNames:: cGFnZXIs157Xodek16gg15bXmdee15XXoNeZ16o=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzXqteV15DXqA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs157Xmden15XXnSDXlNee16nXqNeT
+attributeDisplayNames:: cG9zdGFsQ29kZSzXnteZ16fXldeT
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzXqteQINeT15XXkNeo
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNee16HXpNeoIElTRE4g15HXmdeg15zXkNeV157XmQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNee16HXpNeoINeY15zXp9eh
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs16nXnSDXnNeb16DXmdeh15QgKNec16TXoNeZIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: c24s16nXnSDXntep16TXl9eU
+attributeDisplayNames:: c3Qs157Xk9eZ16DXlC/XnteX15XXlg==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzXqNeX15XXkQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNee16HXpNeoINeY15zXpNeV158=
+attributeDisplayNames:: dGVsZXhOdW1iZXIs157Xodek16gg15jXnNen16EgKNeQ15fXqNeZ150p
+attributeDisplayNames:: dGl0bGUs16rXpNen15nXkw==
+attributeDisplayNames:: dXJsLNeb16rXldeR16og15PXoyDXkNeZ16DXmNeo16DXmCAo15DXl9eo15nXnSk=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs16nXnSDXnNeq16bXldeS15Q=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzXqteX16DXldeqINei15HXldeT15Qg15zXm9eg15nXodeU
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs16nXnSDXnNeb16DXmdeh15Q=
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us15vXqteV15HXqiDXk9ejINeQ15nXoNeY16jXoNeY
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror Group
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror Service
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: User
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: wWWHomePage,Web Page Address
+attributeDisplayNames: userPrincipalName,Logon Name
+attributeDisplayNames: userWorkstations,Logon Workstations
+attributeDisplayNames: displayName,Display Name
+attributeDisplayNames: url,Web Page Address (Others)
+attributeDisplayNames: title,Job Title
+attributeDisplayNames: telexNumber,Telex Number (Others)
+attributeDisplayNames: telephoneNumber,Telephone Number
+attributeDisplayNames: streetAddress,Street Address
+attributeDisplayNames: st,State/Province
+attributeDisplayNames: sn,Last Name
+attributeDisplayNames: samAccountName,Logon Name (pre-Windows 2000)
+attributeDisplayNames: primaryTelexNumber,Telex Number
+attributeDisplayNames: primaryInternationalISDNNumber,International ISDN Number
+attributeDisplayNames: postOfficeBox,Post Office Box
+attributeDisplayNames: postalCode,ZIP/Postal Code
+attributeDisplayNames: physicalDeliveryOfficeName,Office Location
+attributeDisplayNames: personalTitle,Title
+attributeDisplayNames: pager,Pager Number
+attributeDisplayNames: otherTelephone,Phone Number (Others)
+attributeDisplayNames: otherPager,Pager Number (Others)
+attributeDisplayNames: otherMobile,Mobile Number (Others)
+attributeDisplayNames: otherMailbox,E-Mail Address (Others)
+attributeDisplayNames: otherIpPhone,IP Phone Number (Others)
+attributeDisplayNames: otherHomePhone,Home Phone Number (Others)
+attributeDisplayNames: otherFacsimileTelephoneNumber,Fax Number (Others)
+attributeDisplayNames: info,Notes
+attributeDisplayNames: mobile,Mobile Number
+attributeDisplayNames: middleName,Middle Name
+attributeDisplayNames: memberOf,Member Of
+attributeDisplayNames: manager,Manager
+attributeDisplayNames: mail,E-Mail Address
+attributeDisplayNames: l,City
+attributeDisplayNames: ipPhone,IP Phone Number
+attributeDisplayNames: internationalISDNNumber,International ISDN Number (Others)
+attributeDisplayNames: initials,Initials
+attributeDisplayNames: homePostalAddress,Home Address
+attributeDisplayNames: homePhone,Home Phone
+attributeDisplayNames: homeDrive,Home Drive
+attributeDisplayNames: homeDirectory,Home Folder
+attributeDisplayNames: givenName,First Name
+attributeDisplayNames: generationQualifier,Generational Suffix
+attributeDisplayNames: facsimileTelephoneNumber,Fax Number
+attributeDisplayNames: employeeID,Employee ID
+attributeDisplayNames: division,Division
+attributeDisplayNames: distinguishedName,X500 Distinguished Name
+attributeDisplayNames: directReports,Direct Reports
+attributeDisplayNames: description,Description
+attributeDisplayNames: department,Department
+attributeDisplayNames: company,Company
+attributeDisplayNames: comment,Comment
+attributeDisplayNames: co,Country
+attributeDisplayNames: c,Country Abbreviation
+attributeDisplayNames: cn,Name
+attributeDisplayNames: assistant,Assistant
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Group
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: wWWHomePage,Web Page Address
+attributeDisplayNames: url,Web Page Address (Others)
+attributeDisplayNames: samAccountName,Group name (pre-Windows 2000)
+attributeDisplayNames: physicalDeliveryOfficeName,Office Location
+attributeDisplayNames: info,Notes
+attributeDisplayNames: member,Members
+attributeDisplayNames: managedBy,Managed By
+attributeDisplayNames: l,City
+attributeDisplayNames: distinguishedName,X500 Distinguished Name
+attributeDisplayNames: description,Description
+attributeDisplayNames: c,Country Abbreviation
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Domain
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Description
+attributeDisplayNames: dc,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contact
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: wWWHomePage,Web Page Address
+attributeDisplayNames: url,Web Page Address (Others)
+attributeDisplayNames: title,Job Title
+attributeDisplayNames: telexNumber,Telex Number (Others)
+attributeDisplayNames: telephoneNumber,Telephone Number
+attributeDisplayNames: streetAddress,Street Address
+attributeDisplayNames: st,State/Province
+attributeDisplayNames: sn,Last Name
+attributeDisplayNames: primaryTelexNumber,Telex Number
+attributeDisplayNames: primaryInternationalISDNNumber,International ISDN Number
+attributeDisplayNames: postOfficeBox,Post Office Box
+attributeDisplayNames: postalCode,ZIP/Postal Code
+attributeDisplayNames: physicalDeliveryOfficeName,Office Location
+attributeDisplayNames: personalTitle,Title
+attributeDisplayNames: pager,Pager Number
+attributeDisplayNames: otherTelephone,Phone Number (Others)
+attributeDisplayNames: otherPager,Pager Number (Others)
+attributeDisplayNames: otherMobile,Mobile Number (Others)
+attributeDisplayNames: otherMailbox,E-Mail Address (Others)
+attributeDisplayNames: otherIpPhone,IP Phone Number (Others)
+attributeDisplayNames: otherHomePhone,Home Phone Number (Others)
+attributeDisplayNames: otherFacsimileTelephoneNumber,Fax Number (Others)
+attributeDisplayNames: mobile,Mobile Number
+attributeDisplayNames: middleName,Middle Name
+attributeDisplayNames: memberOf,Member Of
+attributeDisplayNames: manager,Manager
+attributeDisplayNames: mail,E-Mail Address
+attributeDisplayNames: l,City
+attributeDisplayNames: ipPhone,IP Phone Number
+attributeDisplayNames: internationalISDNNumber,International ISDN Number (Others)
+attributeDisplayNames: info,Notes
+attributeDisplayNames: initials,Initials
+attributeDisplayNames: homePostalAddress,Home Address
+attributeDisplayNames: homePhone,Home Phone
+attributeDisplayNames: givenName,First Name
+attributeDisplayNames: generationQualifier,Generational Suffix
+attributeDisplayNames: facsimileTelephoneNumber,Fax Number
+attributeDisplayNames: employeeID,Employee ID
+attributeDisplayNames: division,Division
+attributeDisplayNames: distinguishedName,X500 Distinguished Name
+attributeDisplayNames: displayName,Display Name
+attributeDisplayNames: directReports,Direct Reports
+attributeDisplayNames: description,Description
+attributeDisplayNames: department,Department
+attributeDisplayNames: company,Company
+attributeDisplayNames: comment,Comment
+attributeDisplayNames: cn,Name
+attributeDisplayNames: co,Country
+attributeDisplayNames: c,Country Abbreviation
+attributeDisplayNames: assistant,Assistant
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Domain Policy
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Local Policy
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Shared Folder
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: uNCName,Network Path
+attributeDisplayNames: keywords,Keywords
+attributeDisplayNames: managedBy,Managed By
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Service
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Computer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: samAccountName,Computer name (pre-Windows 2000)
+attributeDisplayNames: operatingSystemVersion,Operating System Version
+attributeDisplayNames: operatingSystem,Operating System
+attributeDisplayNames: managedBy,Managed By
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Printer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: versionNumber,Object Version
+attributeDisplayNames: url,Web Page Address
+attributeDisplayNames: serverName,Server Name
+attributeDisplayNames: printStaplingSupported,Supports Stapling
+attributeDisplayNames: printShareName,Share Name
+attributeDisplayNames: printPagesPerMinute,Pages per Minute
+attributeDisplayNames: printRateUnit,Speed Units
+attributeDisplayNames: printRate,Speed
+attributeDisplayNames: printOwner,Owner Name
+attributeDisplayNames: printMemory,Installed Memory
+attributeDisplayNames: printMediaSupported,Paper Types Supported
+attributeDisplayNames: printMediaReady,Paper Available
+attributeDisplayNames: printMaxResolutionSupported,Maximum Resolution
+attributeDisplayNames: printLanguage,Printer Language
+attributeDisplayNames: printerName,Name
+attributeDisplayNames: printDuplexSupported,Supports Double-sided Printing
+attributeDisplayNames: printColor,Supports Color Printing
+attributeDisplayNames: printCollate,Supports Collation
+attributeDisplayNames: printBinNames,Input Trays
+attributeDisplayNames: portName,Port
+attributeDisplayNames: location,Location
+attributeDisplayNames: driverName,Model
+attributeDisplayNames: description,Comment
+attributeDisplayNames: contactName,Contact
+attributeDisplayNames: assetNumber,Asset Number
+attributeDisplayNames: uNCName,Network Name
+attributeDisplayNames: cn,Directory Service Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Site
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Settings
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS Settings
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS Replica Set
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Domain Controller Settings
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Connection
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Subnet
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Organizational Unit
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: managedBy,Managed By
+attributeDisplayNames: description,Description
+attributeDisplayNames: ou,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Container
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Trusted Domain
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns: postalCode,Zip Code,0,100,0
+extraColumns: textEncodedORAddress,X.400 E-Mail Address,0,130,0
+extraColumns: userPrincipalName,User Logon Name,0,200,0
+extraColumns: title,Job Title,0,100,0
+extraColumns: targetAddress,Target Address,0,100,0
+extraColumns: st,State,0,100,0
+extraColumns: physicalDeliveryOfficeName,Office,0,100,0
+extraColumns: whenChanged,Modified,0,130,0
+extraColumns: sn,Last Name,0,100,0
+extraColumns: msExchIMMetaPhysicalURL,Instant Messaging URL,0,140,0
+extraColumns: msExchIMPhysicalURL,Instant Messaging Home Server,0,170,0
+extraColumns: givenName,First Name,0,100,0
+extraColumns: homeMDB,Exchange Mailbox Store,0,100,0
+extraColumns: mailNickname,Exchange Alias,0,175,0
+extraColumns: mail,E-Mail Address,0,100,0
+extraColumns: sAMAccountName,Pre-Windows 2000 Logon Name,0,120,0
+extraColumns: displayName,Display Name,0,100,0
+extraColumns: department,Department,0,150,0
+extraColumns: c,Country,0,-1,0
+extraColumns: company,Company,0,150,0
+extraColumns: l,City,0,150,0
+extraColumns: telephoneNumber,Business Phone,0,100,0
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Site Link
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Site Link Bridge
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Inter-Site Transport
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Licensing Site Settings
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName: Site Settings
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS Member
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS Subscriber
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS Subscriptions
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: RPC Services
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ Queue
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ Configuration
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ Enterprise
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName: MSMQ Upgraded User
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: MSMQ Routing Link
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName: MSMQ Settings
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: MSMQ Queue Alias
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Format Name
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: MSMQ Group
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames: member,Member Queues
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Remote Storage Service
+adminContextMenu: 0,&Manage...,RsAdmin.msc
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Sites Container
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Inter-Site Transports Container
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Subnets Container
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Servers Container
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Active Directory Service
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Query Policy
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Foreign Security Principal
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Certificate Template
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns: lastKnownParent,Last Known Parent,1,300,0
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: assistant,Assistant
+attributeDisplayNames: cn,Name
+attributeDisplayNames: c,Country Abbreviation
+attributeDisplayNames: co,Country
+attributeDisplayNames: comment,Comment
+attributeDisplayNames: company,Company
+attributeDisplayNames: department,Department
+attributeDisplayNames: description,Description
+attributeDisplayNames: directReports,Direct Reports
+attributeDisplayNames: distinguishedName,X500 Distinguished Name
+attributeDisplayNames: division,Division
+attributeDisplayNames: employeeID,Employee ID
+attributeDisplayNames: facsimileTelephoneNumber,Fax Number
+attributeDisplayNames: generationQualifier,Generational Suffix
+attributeDisplayNames: givenName,First Name
+attributeDisplayNames: homeDirectory,Home Folder
+attributeDisplayNames: homeDrive,Home Drive
+attributeDisplayNames: homePhone,Home Phone
+attributeDisplayNames: homePostalAddress,Home Address
+attributeDisplayNames: initials,Initials
+attributeDisplayNames: internationalISDNNumber,International ISDN Number (Others)
+attributeDisplayNames: ipPhone,IP Phone Number
+attributeDisplayNames: l,City
+attributeDisplayNames: mail,E-Mail Address
+attributeDisplayNames: manager,Manager
+attributeDisplayNames: memberOf,Member Of
+attributeDisplayNames: middleName,Middle Name
+attributeDisplayNames: mobile,Mobile Number
+attributeDisplayNames: info,Notes
+attributeDisplayNames: otherFacsimileTelephoneNumber,Fax Number (Others)
+attributeDisplayNames: otherHomePhone,Home Phone (Others)
+attributeDisplayNames: otherIpPhone,IP Phone Number (Others)
+attributeDisplayNames: otherMailbox,E-Mail Address (Others)
+attributeDisplayNames: otherMobile,Mobile Number (Others)
+attributeDisplayNames: otherPager,Pager Number (Others)
+attributeDisplayNames: otherTelephone,Phone Number (Others)
+attributeDisplayNames: pager,Pager Number
+attributeDisplayNames: personalTitle,Title
+attributeDisplayNames: physicalDeliveryOfficeName,Office Location
+attributeDisplayNames: postalCode,ZIP/Postal Code
+attributeDisplayNames: postOfficeBox,Post Office Box
+attributeDisplayNames: primaryInternationalISDNNumber,International ISDN Number
+attributeDisplayNames: primaryTelexNumber,Telex Number
+attributeDisplayNames: samAccountName,Logon Name (pre-Windows 2000)
+attributeDisplayNames: sn,Last Name
+attributeDisplayNames: st,State/Province
+attributeDisplayNames: streetAddress,Street Address
+attributeDisplayNames: telephoneNumber,Telephone Number
+attributeDisplayNames: telexNumber,Telex Number (Others)
+attributeDisplayNames: title,Job Title
+attributeDisplayNames: url,Web Page Address (Others)
+attributeDisplayNames: displayName,Display Name
+attributeDisplayNames: userWorkstations,Logon Workstations
+attributeDisplayNames: userPrincipalName,Logon Name
+attributeDisplayNames: wWWHomePage,Web Page Address
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Grupo IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: Servicio IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Usuario
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRGlyZWNjacOzbiBkZSBww6FnaW5hIFdlYg==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tYnJlIGRlIGluaWNpbyBkZSBzZXNpw7Nu
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxFc3RhY2lvbmVzIGRlIHRyYWJham8gZGUgaW5pY2lvIGRlIHNlc2nDs24=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tYnJlIHBhcmEgbW9zdHJhcg==
+attributeDisplayNames:: dXJsLERpcmVjY2nDs24gZGUgcMOhZ2luYSBXZWIgKG90cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTsO6bWVybyBkZSB0w6lsZXggKG90cm9zKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgdGVsw6lmb25v
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxDYWxsZQ==
+attributeDisplayNames:: c3QsRXN0YWRvL1Byb3ZpbmNpYQ==
+attributeDisplayNames:: c24sQXBlbGxpZG9z
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tYnJlIGRlIGluaWNpbyBkZSBzZXNpw7NuIChhbnRlcmlvciBhIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE7Dum1lcm8gZGUgdMOpbGV4
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE7Dum1lcm8gSVNETiAoUkRTSSkgaW50ZXJuYWNpb25hbA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxBcGFydGFkbyBkZSBjb3JyZW9z
+attributeDisplayNames:: cG9zdGFsQ29kZSxDw7NkaWdvIHBvc3RhbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWJpY2FjacOzbiBkZSBsYSBvZmljaW5h
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGFnZXIsTsO6bWVybyBkZSBsb2NhbGl6YWRvcg==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTsO6bWVybyBkZSB0ZWzDqWZvbm8gKG90cm9zKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOw7ptZXJvIGRlIGxvY2FsaXphZG9yIChvdHJvcyk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTsO6bS4gZGUgdGVsw6lmb25vIG3Ds3ZpbCAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LERpcmVjY2nDs24gZGUgY29ycmVvIGVsZWN0csOzbmljbyAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJJcFBob25lLE7Dum0uIGRlIHRlbMOpZm9ubyBkZSBQSSAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTsO6bWVybyBkZSB0ZWzDqWZvbm8gcGFydGljdWxhciAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTsO6bWVybyBkZSBmYXggKG90cm9zKQ==
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: bW9iaWxlLE7Dum1lcm8gZGUgdGVsw6lmb25vIG3Ds3ZpbA==
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWd1bmRvIG5vbWJyZQ==
+attributeDisplayNames:: bWVtYmVyT2YsTWllbWJybyBkZQ==
+attributeDisplayNames:: bWFuYWdlcixBZG1pbmlzdHJhZG9y
+attributeDisplayNames:: bWFpbCxEaXJlY2Npw7NuIGRlIGNvcnJlbyBlbGVjdHLDs25pY28=
+attributeDisplayNames:: bCxDaXVkYWQ=
+attributeDisplayNames:: aXBQaG9uZSxOw7ptLiBkZSB0ZWzDqWZvbm8gZGVsIFBJ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTsO6bWVybyBJU0ROIChSRFNJKSBpbnRlcm5hY2lvbmFsIChvdHJvcyk=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhbGVz
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRGlyZWNjacOzbiBwZXJzb25hbA==
+attributeDisplayNames:: aG9tZVBob25lLFRlbMOpZm9ubyBwYXJ0aWN1bGFy
+attributeDisplayNames:: aG9tZURyaXZlLFVuaWRhZCBwYXJ0aWN1bGFy
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxDYXJwZXRhIHBhcnRpY3VsYXI=
+attributeDisplayNames:: Z2l2ZW5OYW1lLFByaW1lciBub21icmU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpam8gZ2VuZXJhY2lvbmFs
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgZmF4
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZC4gZGUgZW1wbGVhZG8=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpw7Nu
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tYnJlIGRpc3Rpbmd1aWRvIFg1MDA=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxTdXBlcnZpc2EgYQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: Y29tcGFueSxDb21wYcOxw61h
+attributeDisplayNames:: Y29tbWVudCxDb21lbnRhcmlv
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkZSBwYcOtcw==
+attributeDisplayNames:: Y24sTm9tYnJl
+attributeDisplayNames:: YXNzaXN0YW50LEF5dWRhbnRl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Grupo
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRGlyZWNjacOzbiBkZSBww6FnaW5hIFdlYg==
+attributeDisplayNames:: dXJsLERpcmVjY2nDs24gZGUgcMOhZ2luYSBXZWIgKG90cm9zKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tYnJlIGRlbCBncnVwbyAoYW50ZXJpb3IgYSBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWJpY2FjacOzbiBkZSBsYSBvZmljaW5h
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: bWVtYmVyLE1pZW1icm9z
+attributeDisplayNames:: bWFuYWdlZEJ5LEFkbWluaXN0cmFkbyBwb3I=
+attributeDisplayNames:: bCxDaXVkYWQ=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tYnJlIGRpc3Rpbmd1aWRvIFg1MDA=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkZSBwYcOtcw==
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Dominio
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: ZGMsTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contacto
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRGlyZWNjacOzbiBkZSBww6FnaW5hIFdlYg==
+attributeDisplayNames:: dXJsLERpcmVjY2nDs24gZGUgcMOhZ2luYSBXZWIgKG90cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTsO6bWVybyBkZSB0w6lsZXggKG90cm9zKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgdGVsw6lmb25v
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxDYWxsZQ==
+attributeDisplayNames:: c3QsRXN0YWRvL1Byb3ZpbmNpYQ==
+attributeDisplayNames:: c24sQXBlbGxpZG9z
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE7Dum1lcm8gZGUgdMOpbGV4
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE7Dum1lcm8gSVNETiAoUkRTSSkgaW50ZXJuYWNpb25hbA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxBcGFydGFkbyBkZSBjb3JyZW9z
+attributeDisplayNames:: cG9zdGFsQ29kZSxDw7NkaWdvIHBvc3RhbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWJpY2FjacOzbiBkZSBsYSBvZmljaW5h
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGFnZXIsTsO6bWVybyBkZSBsb2NhbGl6YWRvcg==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTsO6bWVybyBkZSB0ZWzDqWZvbm8gKG90cm9zKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOw7ptZXJvIGRlIGxvY2FsaXphZG9yIChvdHJvcyk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTsO6bS4gZGUgdGVsw6lmb25vIG3Ds3ZpbCAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LERpcmVjY2nDs24gZGUgY29ycmVvIGVsZWN0csOzbmljbyAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJJcFBob25lLE7Dum0uIGRlIHRlbMOpZm9ubyBkZSBQSSAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTsO6bWVybyBkZSB0ZWzDqWZvbm8gcGFydGljdWxhciAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTsO6bWVybyBkZSBmYXggKG90cm9zKQ==
+attributeDisplayNames:: bW9iaWxlLE7Dum1lcm8gZGUgdGVsw6lmb25vIG3Ds3ZpbA==
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWd1bmRvIG5vbWJyZQ==
+attributeDisplayNames:: bWVtYmVyT2YsTWllbWJybyBkZQ==
+attributeDisplayNames:: bWFuYWdlcixBZG1pbmlzdHJhZG9y
+attributeDisplayNames:: bWFpbCxEaXJlY2Npw7NuIGRlIGNvcnJlbyBlbGVjdHLDs25pY28=
+attributeDisplayNames:: bCxDaXVkYWQ=
+attributeDisplayNames:: aXBQaG9uZSxOw7ptLiBkZSB0ZWzDqWZvbm8gZGVsIFBJ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTsO6bWVybyBJU0ROIChSRFNJKSBpbnRlcm5hY2lvbmFsIChvdHJvcyk=
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhbGVz
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRGlyZWNjacOzbiBwZXJzb25hbA==
+attributeDisplayNames:: aG9tZVBob25lLFRlbMOpZm9ubyBwYXJ0aWN1bGFy
+attributeDisplayNames:: Z2l2ZW5OYW1lLFByaW1lciBub21icmU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpam8gZ2VuZXJhY2lvbmFs
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgZmF4
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZC4gZGUgZW1wbGVhZG8=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpw7Nu
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tYnJlIGRpc3Rpbmd1aWRvIFg1MDA=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tYnJlIHBhcmEgbW9zdHJhcg==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxTdXBlcnZpc2EgYQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: Y29tcGFueSxDb21wYcOxw61h
+attributeDisplayNames:: Y29tbWVudCxDb21lbnRhcmlv
+attributeDisplayNames:: Y24sTm9tYnJl
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkZSBwYcOtcw==
+attributeDisplayNames:: YXNzaXN0YW50LEF5dWRhbnRl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Directiva de dominio
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Directiva local
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Servicio
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Equipo
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tYnJlIGRlbCBlcXVpcG8gKGFudGVyaW9yIGEgV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixWZXJzacOzbiBkZWwgc2lzdGVtYSBvcGVyYXRpdm8=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLFNpc3RlbWEgb3BlcmF0aXZv
+attributeDisplayNames:: bWFuYWdlZEJ5LEFkbWluaXN0cmFkbyBwb3I=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Impresora
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixWZXJzacOzbiBkZWwgb2JqZXRv
+attributeDisplayNames:: dXJsLERpcmVjY2nDs24gZGUgcMOhZ2luYSBXZWI=
+attributeDisplayNames:: c2VydmVyTmFtZSxOb21icmUgZGVsIHNlcnZpZG9y
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxQZXJtaXRlIGdyYXBhZG8=
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTm9tYnJlIGRlbCByZWN1cnNvIGNvbXBhcnRpZG8=
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxQw6FnaW5hcyBwb3IgbWludXRv
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxVbmlkYWRlcyBkZSB2ZWxvY2lkYWQ=
+attributeDisplayNames:: cHJpbnRSYXRlLFZlbG9jaWRhZA==
+attributeDisplayNames:: cHJpbnRPd25lcixOb21icmUgZGVsIHByb3BpZXRhcmlv
+attributeDisplayNames:: cHJpbnRNZW1vcnksTWVtb3JpYSBpbnN0YWxhZGE=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxUaXBvcyBkZSBwYXBlbCBhZG1pdGlkb3M=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFBhcGVsIGRpc3BvbmlibGU=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLFJlc29sdWNpw7NuIG3DoXhpbWE=
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxJZGlvbWEgZGUgaW1wcmVzacOzbg==
+attributeDisplayNames:: cHJpbnRlck5hbWUsTm9tYnJl
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsQWRtaXRlIGltcHJlc2nDs24gYSBkb2JsZSBjYXJh
+attributeDisplayNames:: cHJpbnRDb2xvcixBZG1pdGUgaW1wcmVzacOzbiBlbiBjb2xvcmVz
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLEFkbWl0ZSBpbnRlcmNhbGFkbw==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxCYW5kZWphcyBkZSBlbnRyYWRh
+attributeDisplayNames:: cG9ydE5hbWUsUHVlcnRv
+attributeDisplayNames:: bG9jYXRpb24sVWJpY2FjacOzbg==
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQ29tZW50YXJpbw==
+attributeDisplayNames:: Y29udGFjdE5hbWUsQ29udGFjdG8=
+attributeDisplayNames:: YXNzZXROdW1iZXIsTsO6bWVybyBkZSBpbnZlbnRhcmlv
+attributeDisplayNames:: dU5DTmFtZSxOb21icmUgZGUgcmVk
+attributeDisplayNames:: Y24sTm9tYnJlIGRlIHNlcnZpY2lvIGRlIGRpcmVjdG9yaW8=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Sitio
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Servidor
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: Q29uZmlndXJhY2nDs24=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: Q29uZmlndXJhY2nDs24gZGVsIGNvbnRyb2xhZG9yIGRlIGRvbWluaW8=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: Q29uZXhpw7Nu
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: Q29uZmlndXJhY2nDs24gRlJT
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: Q29uanVudG8gZGUgcsOpcGxpY2FzIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Subred
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: VsOtbmN1bG8gZGUgc2l0aW8=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UHVlbnRlIGRlIHbDrW5jdWxvIGEgc2l0aW8=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Transporte entre sitios
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: Q29uZmlndXJhY2nDs24gZGVsIHNpdGlvIGRlIGxpY2VuY2lh
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: Q29uZmlndXJhY2nDs24gZGVsIHNpdGlv
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Miembro de FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Suscriptor de FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Suscripciones a FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Unidad organizativa
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LEFkbWluaXN0cmFkbyBwb3I=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: b3UsTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contenedor
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Servicios RPC
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Dominio de confianza
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Carpeta compartida
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxSdXRhIGRlIGFjY2VzbyBhIGxhIHJlZA==
+attributeDisplayNames:: a2V5d29yZHMsUGFsYWJyYXMgY2xhdmU=
+attributeDisplayNames:: bWFuYWdlZEJ5LEFkbWluaXN0cmFkbyBwb3I=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: Cola de MSMQ
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: Q29uZmlndXJhY2nDs24gZGUgTVNNUQ==
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: Empresa de MSMQ
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName: Usuario actualizado de MSMQ
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: VsOtbmN1bG8gZGUgZW5ydXRhbWllbnRvIGRlIE1TTVE=
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: UGFyw6FtZXRyb3MgZGUgTVNNUQ==
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: Alias de cola de MSMQ
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSxOb21icmUgZGUgZm9ybWF0bw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: Grupo de MSMQ
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLENvbGFzIGRlIGVzcGVyYSBkZWwgbWllbWJybw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Servicio de almacenamiento remoto
+adminContextMenu: 0,&Administrar...,RsAdmin.msc
+attributeDisplayNames: cn,Nombre
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSxDLiBwb3N0YWwsMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsRGlyZWNjacOzbiBkZSBjb3JyZW8gZWxlY3Ryw7NuaWNvIFguNDAwLDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsTm9tYnJlIGRlIGluaWNpbyBkZSBzZXNpw7NuIGRlbCB1c3VhcmlvLDAsMjAwLDA=
+extraColumns:: dGl0bGUsQ2FyZ28sMCwxMDAsMA==
+extraColumns:: dGFyZ2V0QWRkcmVzcyxEaXJlY2Npw7NuIGRlIGRlc3Rpbm8sMCwxMDAsMA==
+extraColumns:: c3QsRXN0YWRvLDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsT2ZpY2luYSwwLDEwMCww
+extraColumns:: d2hlbkNoYW5nZWQsTW9kaWZpY2FkbywwLDEzMCww
+extraColumns:: c24sQXBlbGxpZG9zLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMIGRlIG1lbnNhamUgaW5zdGFudMOhbmVvLDAsMTQwLDA=
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxTZXJ2aWRvciBwcmluY2lwYWwgZGUgbWVuc2FqZXMgaW5zdGFudMOhbmVvcywwLDE3MCww
+extraColumns:: Z2l2ZW5OYW1lLFByaW1lciBub21icmUsMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixBbG1hY8OpbiBkZSBsYSBCYW5kZWphIGRlIGVudHJhZGEgZGUgRXhjaGFuZ2UsMCwxMDAsMA==
+extraColumns:: bWFpbE5pY2tuYW1lLEFsaWFzIGRlIEV4Y2hhbmdlLDAsMTc1LDA=
+extraColumns:: bWFpbCxEaXJlY2Npw7NuIGRlIGNvcnJlbyBlbGVjdHLDs25pY28sMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsTm9tYnJlIGRlIGluaWNpbyBkZSBzZXNpw7NuIGFudGVyaW9yIGEgV2luZG93cyAyMDAwLDAsMTIwLDA=
+extraColumns:: ZGlzcGxheU5hbWUsTm9tYnJlIHBhcmEgbW9zdHJhciwwLDEwMCww
+extraColumns:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8sMCwxNTAsMA==
+extraColumns:: YyxQYcOtcywwLC0xLDA=
+extraColumns:: Y29tcGFueSxDb21wYcOxw61hLDAsMTUwLDA=
+extraColumns:: bCxDaXVkYWQsMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLFRlbMOpZm9ubyBkZWwgdHJhYmFqbywwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenedor de sitios
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenedor de transportes entre sitios
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenedor de subredes
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenedor de servidores
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Servicios de Active Directory
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Directiva de consulta
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Entidad principal de seguridad externa
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Plantilla de certificado
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LFByaW5jaXBhbCDDumx0aW1vIGNvbm9jaWRvLDEsMzAwLDA=
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEF5dWRhbnRl
+attributeDisplayNames:: Y24sTm9tYnJl
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkZSBwYcOtcw==
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: Y29tbWVudCxDb21lbnRhcmlv
+attributeDisplayNames:: Y29tcGFueSxDb21wYcOxw61h
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxTdXBlcnZpc2EgYQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tYnJlIGRpc3Rpbmd1aWRvIFg1MDA=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpw7Nu
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZC4gZGUgZW1wbGVhZG8=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgZmF4
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpam8gZ2VuZXJhY2lvbmFs
+attributeDisplayNames:: Z2l2ZW5OYW1lLFByaW1lciBub21icmU=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxDYXJwZXRhIHBhcnRpY3VsYXI=
+attributeDisplayNames:: aG9tZURyaXZlLFVuaWRhZCBwYXJ0aWN1bGFy
+attributeDisplayNames:: aG9tZVBob25lLFRlbMOpZm9ubyBwYXJ0aWN1bGFy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRGlyZWNjacOzbiBwZXJzb25hbA==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhbGVz
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTsO6bWVybyBJU0ROIChSRFNJKSBpbnRlcm5hY2lvbmFsIChvdHJvcyk=
+attributeDisplayNames:: aXBQaG9uZSxOw7ptLiBkZSB0ZWzDqWZvbm8gZGVsIFBJ
+attributeDisplayNames:: bCxDaXVkYWQ=
+attributeDisplayNames:: bWFpbCxEaXJlY2Npw7NuIGRlIGNvcnJlbyBlbGVjdHLDs25pY28=
+attributeDisplayNames:: bWFuYWdlcixBZG1pbmlzdHJhZG9y
+attributeDisplayNames:: bWVtYmVyT2YsTWllbWJybyBkZQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWd1bmRvIG5vbWJyZQ==
+attributeDisplayNames:: bW9iaWxlLE7Dum1lcm8gZGUgdGVsw6lmb25vIG3Ds3ZpbA==
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTsO6bWVybyBkZSBmYXggKG90cm9zKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTsO6bWVybyBkZSB0ZWzDqWZvbm8gcGFydGljdWxhciAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJJcFBob25lLE7Dum0uIGRlIHRlbMOpZm9ubyBkZSBQSSAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LERpcmVjY2nDs24gZGUgY29ycmVvIGVsZWN0csOzbmljbyAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTsO6bS4gZGUgdGVsw6lmb25vIG3Ds3ZpbCAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJQYWdlcixOw7ptZXJvIGRlIGxvY2FsaXphZG9yIChvdHJvcyk=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTsO6bWVybyBkZSB0ZWzDqWZvbm8gKG90cm9zKQ==
+attributeDisplayNames:: cGFnZXIsTsO6bWVybyBkZSBsb2NhbGl6YWRvcg==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWJpY2FjacOzbiBkZSBsYSBvZmljaW5h
+attributeDisplayNames:: cG9zdGFsQ29kZSxDw7NkaWdvIHBvc3RhbA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxBcGFydGFkbyBkZSBjb3JyZW9z
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE7Dum1lcm8gSVNETiAoUkRTSSkgaW50ZXJuYWNpb25hbA==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE7Dum1lcm8gZGUgdMOpbGV4
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tYnJlIGRlIGluaWNpbyBkZSBzZXNpw7NuIChhbnRlcmlvciBhIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: c24sQXBlbGxpZG9z
+attributeDisplayNames:: c3QsRXN0YWRvL1Byb3ZpbmNpYQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxDYWxsZQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgdGVsw6lmb25v
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTsO6bWVybyBkZSB0w6lsZXggKG90cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dXJsLERpcmVjY2nDs24gZGUgcMOhZ2luYSBXZWIgKG90cm9zKQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tYnJlIHBhcmEgbW9zdHJhcg==
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxFc3RhY2lvbmVzIGRlIHRyYWJham8gZGUgaW5pY2lvIGRlIHNlc2nDs24=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tYnJlIGRlIGluaWNpbyBkZSBzZXNpw7Nu
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRGlyZWNjacOzbiBkZSBww6FnaW5hIFdlYg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror-groep
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror-service
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Gebruiker
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: wWWHomePage,Adres van website
+attributeDisplayNames: userPrincipalName,Aanmeldingsnaam
+attributeDisplayNames: userWorkstations,Aanmeldingswerkstations
+attributeDisplayNames: displayName,Weergegeven naam
+attributeDisplayNames: url,Adres van website (overige)
+attributeDisplayNames: title,Functie
+attributeDisplayNames: telexNumber,Telexnummer (overige)
+attributeDisplayNames: telephoneNumber,Telefoonnummer
+attributeDisplayNames: streetAddress,Adres
+attributeDisplayNames: st,Provincie
+attributeDisplayNames: sn,Achternaam
+attributeDisplayNames: samAccountName,Aanmeldingsnaam (van voor Windows 2000)
+attributeDisplayNames: primaryTelexNumber,Telexnummer
+attributeDisplayNames: primaryInternationalISDNNumber,Internationaal ISDN-nummer
+attributeDisplayNames: postOfficeBox,Postbus
+attributeDisplayNames: postalCode,Postcode
+attributeDisplayNames: physicalDeliveryOfficeName,Kantoorlocatie
+attributeDisplayNames: personalTitle,titel
+attributeDisplayNames: pager,Pagernummer
+attributeDisplayNames: otherTelephone,Telefoonnummer (overige)
+attributeDisplayNames: otherPager,Pagernummer (overige)
+attributeDisplayNames: otherMobile,Mobiel nummer (overige)
+attributeDisplayNames: otherMailbox,E-mailadres (overige)
+attributeDisplayNames: otherIpPhone,IP-telefoonnummer (overige)
+attributeDisplayNames: otherHomePhone,Telefoonnummer thuis (overige)
+attributeDisplayNames: otherFacsimileTelephoneNumber,Faxnummer (overige)
+attributeDisplayNames: info,Notities
+attributeDisplayNames: mobile,Mobiel nummer
+attributeDisplayNames: middleName,Middelste naam
+attributeDisplayNames: memberOf,Lid van
+attributeDisplayNames: manager,Manager
+attributeDisplayNames: mail,E-mailadres
+attributeDisplayNames: l,Plaats
+attributeDisplayNames: ipPhone,IP-telefoonnummer
+attributeDisplayNames: internationalISDNNumber,Internationaal ISDN-nummer (overige)
+attributeDisplayNames: initials,Initialen
+attributeDisplayNames: homePostalAddress,Thuisadres
+attributeDisplayNames: homePhone,Telefoon (thuis)
+attributeDisplayNames: homeDrive,Basisstation
+attributeDisplayNames: homeDirectory,Basismap
+attributeDisplayNames: givenName,Voornaam
+attributeDisplayNames: generationQualifier,Generatieachtervoegsel
+attributeDisplayNames: facsimileTelephoneNumber,Faxnummer
+attributeDisplayNames: employeeID,Medewerkers-id
+attributeDisplayNames: division,Afdeling
+attributeDisplayNames: distinguishedName,X500 DN-naam
+attributeDisplayNames: directReports,Directe ondergeschikten
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: department,Afdeling
+attributeDisplayNames: company,Bedrijf
+attributeDisplayNames: comment,Opmerking
+attributeDisplayNames: co,Land
+attributeDisplayNames: c,Landafkorting
+attributeDisplayNames: cn,Naam
+attributeDisplayNames: assistant,Assistent
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: GROEP
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: wWWHomePage,Adres van website
+attributeDisplayNames: url,Adres van website (overige)
+attributeDisplayNames: samAccountName,Groepsnaam (pre-Windows 2000)
+attributeDisplayNames: physicalDeliveryOfficeName,Kantoorlocatie
+attributeDisplayNames: info,Notities
+attributeDisplayNames: member,Leden
+attributeDisplayNames: managedBy,Beheerd door
+attributeDisplayNames: l,Plaats
+attributeDisplayNames: distinguishedName,X500 DN-naam
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: c,Landafkorting
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: domein
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: dc,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contactpersoon
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: wWWHomePage,Adres van website
+attributeDisplayNames: url,Adres van website (overige)
+attributeDisplayNames: title,Functie
+attributeDisplayNames: telexNumber,Telexnummer (overige)
+attributeDisplayNames: telephoneNumber,Telefoonnummer
+attributeDisplayNames: streetAddress,Adres
+attributeDisplayNames: st,Provincie
+attributeDisplayNames: sn,Achternaam
+attributeDisplayNames: primaryTelexNumber,Telexnummer
+attributeDisplayNames: primaryInternationalISDNNumber,Internationaal ISDN-nummer
+attributeDisplayNames: postOfficeBox,Postbus
+attributeDisplayNames: postalCode,Postcode
+attributeDisplayNames: physicalDeliveryOfficeName,Kantoorlocatie
+attributeDisplayNames: personalTitle,titel
+attributeDisplayNames: pager,Pagernummer
+attributeDisplayNames: otherTelephone,Telefoonnummer (overige)
+attributeDisplayNames: otherPager,Pagernummer (overige)
+attributeDisplayNames: otherMobile,Mobiel nummer (overige)
+attributeDisplayNames: otherMailbox,E-mailadres (overige)
+attributeDisplayNames: otherIpPhone,IP-telefoonnummer (overige)
+attributeDisplayNames: otherHomePhone,Telefoonnummer thuis (overige)
+attributeDisplayNames: otherFacsimileTelephoneNumber,Faxnummer (overige)
+attributeDisplayNames: mobile,Mobiel nummer
+attributeDisplayNames: middleName,Middelste naam
+attributeDisplayNames: memberOf,Lid van
+attributeDisplayNames: manager,Manager
+attributeDisplayNames: mail,E-mailadres
+attributeDisplayNames: l,Plaats
+attributeDisplayNames: ipPhone,IP-telefoonnummer
+attributeDisplayNames: internationalISDNNumber,Internationaal ISDN-nummer (overige)
+attributeDisplayNames: info,Notities
+attributeDisplayNames: initials,Initialen
+attributeDisplayNames: homePostalAddress,Thuisadres
+attributeDisplayNames: homePhone,Telefoon (thuis)
+attributeDisplayNames: givenName,Voornaam
+attributeDisplayNames: generationQualifier,Generatieachtervoegsel
+attributeDisplayNames: facsimileTelephoneNumber,Faxnummer
+attributeDisplayNames: employeeID,Medewerkers-id
+attributeDisplayNames: division,Afdeling
+attributeDisplayNames: distinguishedName,X500 DN-naam
+attributeDisplayNames: displayName,Weergegeven naam
+attributeDisplayNames: directReports,Directe ondergeschikten
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: department,Afdeling
+attributeDisplayNames: company,Bedrijf
+attributeDisplayNames: comment,Opmerking
+attributeDisplayNames: cn,Naam
+attributeDisplayNames: co,Land
+attributeDisplayNames: c,Landafkorting
+attributeDisplayNames: assistant,Assistent
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Domeinbeleid
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Lokaal beleid
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Service
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Computer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: samAccountName,Computernaam (pre-Windows 2000)
+attributeDisplayNames: operatingSystemVersion,Operating System Version
+attributeDisplayNames: operatingSystem,Besturingssysteem
+attributeDisplayNames: managedBy,Beheerd door
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Printer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixPYmplY3R2ZXJzaWU=
+attributeDisplayNames:: dXJsLEFkcmVzIHZhbiB3ZWJzaXRl
+attributeDisplayNames:: c2VydmVyTmFtZSxTZXJ2ZXJuYWFt
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxPbmRlcnN0ZXVudCBuaWV0ZW4=
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsU2hhcmUtbmFhbQ==
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxQYWdpbmEncyBwZXIgbWludXV0
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxTbmVsaGVpZHNlZW5oZWRlbg==
+attributeDisplayNames:: cHJpbnRSYXRlLFNuZWxoZWlk
+attributeDisplayNames:: cHJpbnRPd25lcixOYWFtIGVpZ2VuYWFy
+attributeDisplayNames:: cHJpbnRNZW1vcnksR2XDr25zdGFsbGVlcmQgZ2VoZXVnZW4=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxPbmRlcnN0ZXVuZGUgcGFwaWVyc29vcnRlbg==
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LEJlc2NoaWtiYWFyIHBhcGllcg==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLE1heGltYWxlIHJlc29sdXRpZQ==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxQcmludGVydGFhbA==
+attributeDisplayNames:: cHJpbnRlck5hbWUsTmFhbQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsT25kZXJzdGV1bnQgZHViYmVsemlqZGlnIGFmZHJ1a2tlbg==
+attributeDisplayNames:: cHJpbnRDb2xvcixPbmRlcnN0ZXVudCBhZmRydWtrZW4gaW4ga2xldXI=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLE9uZGVyc3RldW50IHNvcnRlcmVu
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxJbnZvZXJsYWRl
+attributeDisplayNames:: cG9ydE5hbWUsUG9vcnQ=
+attributeDisplayNames:: bG9jYXRpb24sTG9jYXRpZQ==
+attributeDisplayNames:: ZHJpdmVyTmFtZSxtb2RlbA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3BtZXJraW5n
+attributeDisplayNames:: Y29udGFjdE5hbWUsQ29udGFjdHBlcnNvb24=
+attributeDisplayNames:: YXNzZXROdW1iZXIsRWlnZW5zY2hhcHNudW1tZXI=
+attributeDisplayNames:: dU5DTmFtZSxOZXR3ZXJrbmFhbQ==
+attributeDisplayNames:: Y24sTmFhbSB2YW4gYWRyZXNsaWpzdHNlcnZpY2U=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Website
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Instellingen
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Instellingen van domeincontroller
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Verbinding
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-instellingen
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-replicaset
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Subnet
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Koppeling naar site
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Sitekoppelingsbrug
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Intersitetransport
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Instellingen van licentiesite
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName: Site-instellingen
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-lid
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-abonnee
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-abonnementen
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Afdeling
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: managedBy,Beheerd door
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: ou,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Container
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: RPC-services
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Vertrouwd domein
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Gedeelde map
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: uNCName,Netwerkpad
+attributeDisplayNames: keywords,Trefwoorden
+attributeDisplayNames: managedBy,Beheerd door
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-wachtrij
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-configuratie
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ-onderneming
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName: Bijgewerkte MSMQ-gebruiker
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: Koppeling van MSMQ-routering
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-instellingen
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: MSMQ-wachtrij-alias
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Indelingsnaam
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: MSMQ-groep
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames: member,Wachtrijen voor leden
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Remote Storage-service
+adminContextMenu: 0,&Beheren...,RsAdmin.msc
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns: postalCode,Postcode,0,100,0
+extraColumns: textEncodedORAddress,X.400-e-mailadres,0,130,0
+extraColumns: userPrincipalName,Aanmeldingsnaam van gebruiker,0,200,0
+extraColumns: title,Functie,0,100,0
+extraColumns: targetAddress,Doeladres,0,100,0
+extraColumns: st,Status,0,100,0
+extraColumns: physicalDeliveryOfficeName,Kantoor,0,100,0
+extraColumns: whenChanged,Gewijzigd,0,130,0
+extraColumns: sn,Achternaam,0,100,0
+extraColumns: msExchIMMetaPhysicalURL,URL van Instant Messaging,0,140,0
+extraColumns: msExchIMPhysicalURL,Basisserver voor Instant Messaging,0,170,0
+extraColumns: givenName,Voornaam,0,100,0
+extraColumns: homeMDB,Exchange-bostbusarchief,0,100,0
+extraColumns: mailNickname,Exchange-alias,0,175,0
+extraColumns: mail,E-mailadres,0,100,0
+extraColumns: sAMAccountName,Aanmeldingsnaam van voor Windows 2000,0,120,0
+extraColumns: displayName,Weergegeven naam,0,100,0
+extraColumns: department,Afdeling,0,150,0
+extraColumns: c,Land,0,-1,0
+extraColumns: company,Bedrijf,0,150,0
+extraColumns: l,Plaats,0,150,0
+extraColumns: telephoneNumber,Zakelijke telefoon,0,100,0
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Sitecontainer
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Intersite-transportcontainer
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Subnetcontainer
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Servercontainer
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Active Directory-service
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Query-beleid
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Afwijkende beveiligings-principal
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Certificaatsjabloon
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns: lastKnownParent,Laatst bekende bovenligger,1,300,0
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: assistant,Assistent
+attributeDisplayNames: cn,Naam
+attributeDisplayNames: c,Landafkorting
+attributeDisplayNames: co,Land
+attributeDisplayNames: comment,Opmerking
+attributeDisplayNames: company,Bedrijf
+attributeDisplayNames: department,Afdeling
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: directReports,Directe ondergeschikten
+attributeDisplayNames: distinguishedName,X500 DN-naam
+attributeDisplayNames: division,Afdeling
+attributeDisplayNames: employeeID,Medewerkers-id
+attributeDisplayNames: facsimileTelephoneNumber,Faxnummer
+attributeDisplayNames: generationQualifier,Generatieachtervoegsel
+attributeDisplayNames: givenName,Voornaam
+attributeDisplayNames: homeDirectory,Basismap
+attributeDisplayNames: homeDrive,Basisstation
+attributeDisplayNames: homePhone,Telefoon (thuis)
+attributeDisplayNames: homePostalAddress,Thuisadres
+attributeDisplayNames: initials,Initialen
+attributeDisplayNames: internationalISDNNumber,Internationaal ISDN-nummer (overige)
+attributeDisplayNames: ipPhone,IP-telefoonnummer
+attributeDisplayNames: l,Plaats
+attributeDisplayNames: mail,E-mailadres
+attributeDisplayNames: manager,Manager
+attributeDisplayNames: memberOf,Lid van
+attributeDisplayNames: middleName,Middelste naam
+attributeDisplayNames: mobile,Mobiel nummer
+attributeDisplayNames: info,Notities
+attributeDisplayNames: otherFacsimileTelephoneNumber,Faxnummer (overige)
+attributeDisplayNames: otherHomePhone,Telefoon thuis (overige)
+attributeDisplayNames: otherIpPhone,IP-telefoonnummer (overige)
+attributeDisplayNames: otherMailbox,E-mailadres (overige)
+attributeDisplayNames: otherMobile,Mobiel nummer (overige)
+attributeDisplayNames: otherPager,Pagernummer (overige)
+attributeDisplayNames: otherTelephone,Telefoonnummer (overige)
+attributeDisplayNames: pager,Pagernummer
+attributeDisplayNames: personalTitle,titel
+attributeDisplayNames: physicalDeliveryOfficeName,Kantoorlocatie
+attributeDisplayNames: postalCode,Postcode
+attributeDisplayNames: postOfficeBox,Postbus
+attributeDisplayNames: primaryInternationalISDNNumber,Internationaal ISDN-nummer
+attributeDisplayNames: primaryTelexNumber,Telexnummer
+attributeDisplayNames: samAccountName,Aanmeldingsnaam (van voor Windows 2000)
+attributeDisplayNames: sn,Achternaam
+attributeDisplayNames: st,Provincie
+attributeDisplayNames: streetAddress,Adres
+attributeDisplayNames: telephoneNumber,Telefoonnummer
+attributeDisplayNames: telexNumber,Telexnummer (overige)
+attributeDisplayNames: title,Functie
+attributeDisplayNames: url,Adres van website (overige)
+attributeDisplayNames: displayName,Weergegeven naam
+attributeDisplayNames: userWorkstations,Aanmeldingswerkstations
+attributeDisplayNames: userPrincipalName,Aanmeldingsnaam
+attributeDisplayNames: wWWHomePage,Adres van website
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror-Gruppe
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror-Dienst
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Benutzer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2Vic2VpdGVuYWRyZXNzZQ==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsQW5tZWxkZW5hbWU=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxBbm1lbGRlYXJiZWl0c3N0YXRpb25lbg==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsQW5nZXplaWd0ZXIgTmFtZQ==
+attributeDisplayNames:: dXJsLFdlYnNlaXRlbmFkcmVzc2UgKEFuZGVyZSk=
+attributeDisplayNames:: dGl0bGUsUG9zaXRpb24=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhudW1tZXIgKEFuZGVyZSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFJ1Zm51bW1lcg==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxTdHJhw59l
+attributeDisplayNames:: c3QsQnVuZGVzbGFuZC9LYW50b24=
+attributeDisplayNames:: c24sTmFjaG5hbWU=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsQW5tZWxkZW5hbWUgKFByw6QtV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4bnVtbWVy
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGwuIElTRE4tTnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0ZmFjaA==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQTFo=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQsO8cm8=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxBbnJlZGU=
+attributeDisplayNames:: cGFnZXIsUGFnZXJudW1tZXI=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsUnVmbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJQYWdlcixQYWdlcm51bW1lciAoQW5kZXJlKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWxmdW5rbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtTWFpbC1BZHJlc3NlIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLVJ1Zm51bW1lciAoQW5kZXJlKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsUHJpdmF0cnVmbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: aW5mbyxIaW53ZWlzZQ==
+attributeDisplayNames:: bW9iaWxlLE1vYmlsZnVua251bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxad2VpdGVyIFZvcm5hbWU=
+attributeDisplayNames:: bWVtYmVyT2YsTWl0Z2xpZWQgdm9u
+attributeDisplayNames:: bWFuYWdlcixWb3JnZXNldHp0ZShyKQ==
+attributeDisplayNames:: bWFpbCxFLU1haWwtQWRyZXNzZQ==
+attributeDisplayNames:: bCxTdGFkdA==
+attributeDisplayNames:: aXBQaG9uZSxJUC1SdWZudW1tZXI=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50bC4gSVNETi1OdW1tZXIgKEFuZGVyZSk=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVu
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsUHJpdmF0YWRyZXNzZQ==
+attributeDisplayNames:: aG9tZVBob25lLFByaXZhdHJ1Zm51bW1lcg==
+attributeDisplayNames:: aG9tZURyaXZlLEJhc2lzbGF1Zndlcms=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxCYXNpc29yZG5lcg==
+attributeDisplayNames:: Z2l2ZW5OYW1lLFZvcm5hbWU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYW1lbnN6dXNhdHo=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBcmJlaXRuZWhtZXJrZW5udW5n
+attributeDisplayNames:: ZGl2aXNpb24sSGF1cHRhYnRlaWx1bmc=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMC1kZWZpbmllcnRlciBOYW1l
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxNaXRhcmJlaXRlcg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVzY2hyZWlidW5n
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBYnRlaWx1bmc=
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kZXNhYmvDvHJ6dW5n
+attributeDisplayNames:: Y24sTmFtZQ==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Gruppe
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2Vic2VpdGVuYWRyZXNzZQ==
+attributeDisplayNames:: dXJsLFdlYnNlaXRlbmFkcmVzc2UgKEFuZGVyZSk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsR3J1cHBlbm5hbWUgKFByw6QtV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQsO8cm8=
+attributeDisplayNames:: aW5mbyxIaW53ZWlzZQ==
+attributeDisplayNames:: bWVtYmVyLE1pdGdsaWVkZXI=
+attributeDisplayNames:: bWFuYWdlZEJ5LFZlcndhbHRldCB2b24=
+attributeDisplayNames:: bCxTdGFkdA==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMC1kZWZpbmllcnRlciBOYW1l
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVzY2hyZWlidW5n
+attributeDisplayNames:: YyxMYW5kZXNhYmvDvHJ6dW5n
+attributeDisplayNames:: Y24sTmFtZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9tw6RuZQ==
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: dc,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Kontakt
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2Vic2VpdGVuYWRyZXNzZQ==
+attributeDisplayNames:: dXJsLFdlYnNlaXRlbmFkcmVzc2UgKEFuZGVyZSk=
+attributeDisplayNames:: dGl0bGUsUG9zaXRpb24=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhudW1tZXIgKEFuZGVyZSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFJ1Zm51bW1lcg==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxTdHJhw59l
+attributeDisplayNames:: c3QsQnVuZGVzbGFuZC9LYW50b24=
+attributeDisplayNames:: c24sTmFjaG5hbWU=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4bnVtbWVy
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGwuIElTRE4tTnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0ZmFjaA==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQTFo=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQsO8cm8=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxBbnJlZGU=
+attributeDisplayNames:: cGFnZXIsUGFnZXJudW1tZXI=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsUnVmbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJQYWdlcixQYWdlcm51bW1lciAoQW5kZXJlKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWxmdW5rbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtTWFpbC1BZHJlc3NlIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLVJ1Zm51bW1lciAoQW5kZXJlKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsUHJpdmF0cnVmbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: bW9iaWxlLE1vYmlsZnVua251bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxad2VpdGVyIFZvcm5hbWU=
+attributeDisplayNames:: bWVtYmVyT2YsTWl0Z2xpZWQgdm9u
+attributeDisplayNames:: bWFuYWdlcixWb3JnZXNldHp0ZShyKQ==
+attributeDisplayNames:: bWFpbCxFLU1haWwtQWRyZXNzZQ==
+attributeDisplayNames:: bCxTdGFkdA==
+attributeDisplayNames:: aXBQaG9uZSxJUC1SdWZudW1tZXI=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50bC4gSVNETi1OdW1tZXIgKEFuZGVyZSk=
+attributeDisplayNames:: aW5mbyxIaW53ZWlzZQ==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVu
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsUHJpdmF0YWRyZXNzZQ==
+attributeDisplayNames:: aG9tZVBob25lLFByaXZhdHJ1Zm51bW1lcg==
+attributeDisplayNames:: Z2l2ZW5OYW1lLFZvcm5hbWU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYW1lbnN6dXNhdHo=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBcmJlaXRuZWhtZXJrZW5udW5n
+attributeDisplayNames:: ZGl2aXNpb24sSGF1cHRhYnRlaWx1bmc=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMC1kZWZpbmllcnRlciBOYW1l
+attributeDisplayNames:: ZGlzcGxheU5hbWUsQW5nZXplaWd0ZXIgTmFtZQ==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxNaXRhcmJlaXRlcg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVzY2hyZWlidW5n
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBYnRlaWx1bmc=
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y24sTmFtZQ==
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kZXNhYmvDvHJ6dW5n
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9tw6RuZW5yaWNodGxpbmll
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Lokale Richtlinie
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Dienst
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Computer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsQ29tcHV0ZXJuYW1lIChQcsOkLVdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixCZXRyaWVic3N5c3RlbXZlcnNpb24=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLEJldHJpZWJzc3lzdGVt
+attributeDisplayNames:: bWFuYWdlZEJ5LFZlcndhbHRldCB2b24=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVzY2hyZWlidW5n
+attributeDisplayNames:: Y24sTmFtZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Drucker
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixPYmpla3R2ZXJzaW9u
+attributeDisplayNames:: dXJsLFdlYnNlaXRlbmFkcmVzc2U=
+attributeDisplayNames:: c2VydmVyTmFtZSxTZXJ2ZXJuYW1l
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxVbnRlcnN0w7x0enQgSGVmdGVu
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsRnJlaWdhYmVuYW1l
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxTZWl0ZW4gcHJvIE1pbnV0ZQ==
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxHZXNjaHdpbmRpZ2tlaXRzZWluaGVpdGVu
+attributeDisplayNames:: cHJpbnRSYXRlLEdlc2Nod2luZGlna2VpdA==
+attributeDisplayNames:: cHJpbnRPd25lcixCZXNpdHplcg==
+attributeDisplayNames:: cHJpbnRNZW1vcnksSW5zdGFsbGllcnRlciBTcGVpY2hlcg==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxVbnRlcnN0w7x0enRlIFBhcGllcnR5cGVu
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFZlcmbDvGdiYXJlcyBQYXBpZXI=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLE1heGltYWxlIEF1ZmzDtnN1bmc=
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxEcnVja2Vyc3ByYWNoZQ==
+attributeDisplayNames:: cHJpbnRlck5hbWUsTmFtZQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsVW50ZXJzdMO8dHp0IGJlaWRzZWl0aWdlcyBEcnVja2Vu
+attributeDisplayNames:: cHJpbnRDb2xvcixVbnRlcnN0w7x0enQgZmFyYmlnZXMgRHJ1Y2tlbg==
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFVudGVyc3TDvHR6dCBTb3J0aWVyZW4=
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxFaW5nYWJlc2Now6RjaHRl
+attributeDisplayNames:: cG9ydE5hbWUsQW5zY2hsdXNz
+attributeDisplayNames:: bG9jYXRpb24sT3J0
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbGw=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS29tbWVudGFy
+attributeDisplayNames:: Y29udGFjdE5hbWUsS29udGFrdA==
+attributeDisplayNames:: YXNzZXROdW1iZXIsR2Vyw6R0ZW51bW1lcg==
+attributeDisplayNames:: dU5DTmFtZSxOZXR6d2Vya25hbWU=
+attributeDisplayNames:: Y24sVmVyemVpY2huaXNkaWVuc3RuYW1l
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Standort
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Einstellungen
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: RG9tw6RuZW5jb250cm9sbGVyZWluc3RlbGx1bmdlbg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Verbindung
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-Einstellungen
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-Replikatssatz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Subnetz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: U3RhbmRvcnR2ZXJrbsO8cGZ1bmc=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: U3RhbmRvcnR2ZXJrbsO8cGZ1bmdzYnLDvGNrZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: U3RhbmRvcnTDvGJlcmdyZWlmZW5kZXIgVHJhbnNwb3J0
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Lizenzierungsstandorteinstellungen
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName: Standorteinstellungen
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-Mitglied
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-Abonnent
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-Abonnements
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Organisationseinheit
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: managedBy,Verwaltet von
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: ou,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Container
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: RPC-Dienste
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: VmVydHJhdXRlIERvbcOkbmU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Freigegebener Ordner
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxOZXR6d2Vya3BmYWQ=
+attributeDisplayNames:: a2V5d29yZHMsU2NobMO8c3NlbHfDtnJ0ZXI=
+attributeDisplayNames:: bWFuYWdlZEJ5LFZlcndhbHRldCB2b24=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVzY2hyZWlidW5n
+attributeDisplayNames:: Y24sTmFtZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-Warteschlange
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-Konfiguration
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ-Unternehmen
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName: Aktualisierter MSMQ-Benutzer
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-Routingverbindung
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-Einstellungen
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: MSMQ-Warteschlangenalias
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Formatname
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: MSMQ-Gruppe
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames: member,Mitgliedswarteschlagen
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Remotespeicherdienst
+adminContextMenu: 0,&Verwalten...,RsAdmin.msc
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSxQTFosMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAtRS1NYWlsLUFkcmVzc2UsMCwxMzAsMA==
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsQmVudXR6ZXJhbm1lbGRlbmFtZSwwLDIwMCww
+extraColumns:: dGl0bGUsUG9zaXRpb24sMCwxMDAsMA==
+extraColumns:: dGFyZ2V0QWRkcmVzcyxaaWVsYWRyZXNzZSwwLDEwMCww
+extraColumns:: c3QsTGFuZCwwLDEwMCww
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQsO8cm8sMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQsR2XDpG5kZXJ0LDAsMTMwLDA=
+extraColumns:: c24sTmFjaG5hbWUsMCwxMDAsMA==
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsSW5zdGFudCBNZXNzYWdpbmctVVJMLDAsMTQwLDA=
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxJbnN0YW50IE1lc3NhZ2luZy1Ib21lc2VydmVyLDAsMTcwLDA=
+extraColumns:: Z2l2ZW5OYW1lLFZvcm5hbWUsMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixFeGNoYW5nZS1Qb3N0ZmFjaHNwZWljaGVyLDAsMTAwLDA=
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlLUFsaWFzLDAsMTc1LDA=
+extraColumns:: bWFpbCxFLU1haWwtQWRyZXNzZSwwLDEwMCww
+extraColumns:: c0FNQWNjb3VudE5hbWUsQW5tZWxkZW5hbWUgZsO8ciBQcsOkLVdpbmRvd3MgMjAwMCwwLDEyMCww
+extraColumns:: ZGlzcGxheU5hbWUsQW5nZXplaWd0ZXIgTmFtZSwwLDEwMCww
+extraColumns:: ZGVwYXJ0bWVudCxBYnRlaWx1bmcsMCwxNTAsMA==
+extraColumns:: YyxMYW5kLDAsLTEsMA==
+extraColumns:: Y29tcGFueSxGaXJtYSwwLDE1MCww
+extraColumns:: bCxTdGFkdCwwLDE1MCww
+extraColumns:: dGVsZXBob25lTnVtYmVyLFJ1Zm51bW1lciAoZ2VzY2jDpGZ0bGljaCksMCwxMDAsMA==
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Standortcontainer
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U3RhbmRvcnTDvGJlcmdyZWlmZW5kZXIgVHJhbnNwb3J0Y29udGFpbmVy
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Subnetzcontainer
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Servercontainer
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Active Directory-Dienst
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Abfragerichtlinie
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Fremder Sicherheitsprinzipal
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Zertifikatsvorlage
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LExldHp0ZSBiZWthbm50ZSDDvGJlcmdlb3JkbmV0ZSBJbnN0YW56LDEsMzAwLDA=
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+attributeDisplayNames:: Y24sTmFtZQ==
+attributeDisplayNames:: YyxMYW5kZXNhYmvDvHJ6dW5n
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBYnRlaWx1bmc=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVzY2hyZWlidW5n
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxNaXRhcmJlaXRlcg==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMC1kZWZpbmllcnRlciBOYW1l
+attributeDisplayNames:: ZGl2aXNpb24sSGF1cHRhYnRlaWx1bmc=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBcmJlaXRuZWhtZXJrZW5udW5n
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYW1lbnN6dXNhdHo=
+attributeDisplayNames:: Z2l2ZW5OYW1lLFZvcm5hbWU=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxCYXNpc29yZG5lcg==
+attributeDisplayNames:: aG9tZURyaXZlLEJhc2lzbGF1Zndlcms=
+attributeDisplayNames:: aG9tZVBob25lLFByaXZhdHJ1Zm51bW1lcg==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsUHJpdmF0YWRyZXNzZQ==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVu
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50bC4gSVNETi1OdW1tZXIgKEFuZGVyZSk=
+attributeDisplayNames:: aXBQaG9uZSxJUC1SdWZudW1tZXI=
+attributeDisplayNames:: bCxTdGFkdA==
+attributeDisplayNames:: bWFpbCxFLU1haWwtQWRyZXNzZQ==
+attributeDisplayNames:: bWFuYWdlcixWb3JnZXNldHp0ZShyKQ==
+attributeDisplayNames:: bWVtYmVyT2YsTWl0Z2xpZWQgdm9u
+attributeDisplayNames:: bWlkZGxlTmFtZSxad2VpdGVyIFZvcm5hbWU=
+attributeDisplayNames:: bW9iaWxlLE1vYmlsZnVua251bW1lcg==
+attributeDisplayNames:: aW5mbyxIaW53ZWlzZQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsUHJpdmF0ZSBSdWZudW1tZXIgKEFuZGVyZSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLVJ1Zm51bW1lciAoQW5kZXJlKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtTWFpbC1BZHJlc3NlIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWxmdW5rbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJQYWdlcixQYWdlcm51bW1lciAoQW5kZXJlKQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsUnVmbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: cGFnZXIsUGFnZXJudW1tZXI=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxBbnJlZGU=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQsO8cm8=
+attributeDisplayNames:: cG9zdGFsQ29kZSxQTFo=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0ZmFjaA==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGwuIElTRE4tTnVtbWVy
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4bnVtbWVy
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsQW5tZWxkZW5hbWUgKFByw6QtV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: c24sTmFjaG5hbWU=
+attributeDisplayNames:: c3QsQnVuZGVzbGFuZC9LYW50b24=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxTdHJhw59l
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFJ1Zm51bW1lcg==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhudW1tZXIgKEFuZGVyZSk=
+attributeDisplayNames:: dGl0bGUsUG9zaXRpb24=
+attributeDisplayNames:: dXJsLFdlYnNlaXRlbmFkcmVzc2UgKEFuZGVyZSk=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsQW5nZXplaWd0ZXIgTmFtZQ==
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxBbm1lbGRlYXJiZWl0c3N0YXRpb25lbg==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsQW5tZWxkZW5hbWU=
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2Vic2VpdGVuYWRyZXNzZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror-grupp
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvci10asOkbnN0
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: QW52w6RuZGFyZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViYnNpZGVzYWRyZXNz
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsSW5sb2dnbmluZ3NuYW1u
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxJbmxvZ2duaW5nc2FyYmV0c3N0YXRpb25lcg==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzbmluZ3NuYW1u
+attributeDisplayNames:: dXJsLFdlYmJzaWRlc2FkcmVzcyAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: dGl0bGUsQmVmYXR0bmluZw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXgtbnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxHYXR1YWRyZXNz
+attributeDisplayNames:: c3QsUmVnaW9u
+attributeDisplayNames:: c24sRWZ0ZXJuYW1u
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsSW5sb2dnbmluZ3NuYW1uIChmw7ZyZSBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4LW51bW1lcg==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLElTRE4tbnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxCb3g=
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQXJiZXRzcGxhdHM=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRlbA==
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O2a2FybnVtbWVy
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm51bW1lciAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7ZrYXJudW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtcG9zdGFkcmVzcyAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgaGVtIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: aW5mbyxLb21tZW50YXJlcg==
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsYW5uYW1u
+attributeDisplayNames:: bWVtYmVyT2YsTWVkbGVtIGk=
+attributeDisplayNames:: bWFuYWdlcixDaGVm
+attributeDisplayNames:: bWFpbCxFLXBvc3RhZHJlc3M=
+attributeDisplayNames:: bCxPcnQ=
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSVNETi1udW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzLCBoZW0=
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24sIGhlbQ==
+attributeDisplayNames:: aG9tZURyaXZlLEFyYmV0c2VuaGV0
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxBcmJldHNtYXBw
+attributeDisplayNames:: Z2l2ZW5OYW1lLEbDtnJuYW1u
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYW1uc3VmZml4
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnN0w6RsbG5pbmdzLUlE
+attributeDisplayNames:: ZGl2aXNpb24sQXZkZWxuaW5n
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCB1bmlrdCBuYW1u
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxVbmRlcnN0w6RsbGRh
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3Jpdm5pbmc=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBdmRlbG5pbmc=
+attributeDisplayNames:: Y29tcGFueSxPcmdhbmlzYXRpb24=
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kc2bDtnJrb3J0bmluZw==
+attributeDisplayNames:: Y24sTmFtbg==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Grupp
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViYnNpZGVzYWRyZXNz
+attributeDisplayNames:: dXJsLFdlYmJzaWRlc2FkcmVzcyAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsR3J1cHBuYW1uIChmw7ZyZSBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQXJiZXRzcGxhdHM=
+attributeDisplayNames:: aW5mbyxLb21tZW50YXJlcg==
+attributeDisplayNames:: bWVtYmVyLE1lZGxlbW1hcg==
+attributeDisplayNames:: bWFuYWdlZEJ5LEhhbnRlcmFkIGF2
+attributeDisplayNames:: bCxPcnQ=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCB1bmlrdCBuYW1u
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3Jpdm5pbmc=
+attributeDisplayNames:: YyxMYW5kc2bDtnJrb3J0bmluZw==
+attributeDisplayNames:: Y24sTmFtbg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9tw6Ru
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: dc,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Kontakt
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViYnNpZGVzYWRyZXNz
+attributeDisplayNames:: dXJsLFdlYmJzaWRlc2FkcmVzcyAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: dGl0bGUsQmVmYXR0bmluZw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXgtbnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxHYXR1YWRyZXNz
+attributeDisplayNames:: c3QsUmVnaW9u
+attributeDisplayNames:: c24sRWZ0ZXJuYW1u
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4LW51bW1lcg==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLElTRE4tbnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxCb3g=
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQXJiZXRzcGxhdHM=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRlbA==
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O2a2FybnVtbWVy
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm51bW1lciAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7ZrYXJudW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtcG9zdGFkcmVzcyAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgaGVtIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsYW5uYW1u
+attributeDisplayNames:: bWVtYmVyT2YsTWVkbGVtIGk=
+attributeDisplayNames:: bWFuYWdlcixDaGVm
+attributeDisplayNames:: bWFpbCxFLXBvc3RhZHJlc3M=
+attributeDisplayNames:: bCxPcnQ=
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSVNETi1udW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: aW5mbyxLb21tZW50YXJlcg==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzLCBoZW0=
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24sIGhlbQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEbDtnJuYW1u
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYW1uc3VmZml4
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnN0w6RsbG5pbmdzLUlE
+attributeDisplayNames:: ZGl2aXNpb24sQXZkZWxuaW5n
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCB1bmlrdCBuYW1u
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzbmluZ3NuYW1u
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxVbmRlcnN0w6RsbGRh
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3Jpdm5pbmc=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBdmRlbG5pbmc=
+attributeDisplayNames:: Y29tcGFueSxPcmdhbmlzYXRpb24=
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y24sTmFtbg==
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kc2bDtnJrb3J0bmluZw==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9tw6RucHJpbmNpcA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Lokal princip
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VGrDpG5zdA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: computer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsRGF0b3JuYW1uIChmw7ZyZSBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixPcGVyYXRpdnN5c3RlbXZlcnNpb24=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLE9wZXJhdGl2c3lzdGVt
+attributeDisplayNames:: bWFuYWdlZEJ5LEhhbnRlcmFkIGF2
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3Jpdm5pbmc=
+attributeDisplayNames:: Y24sTmFtbg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Skrivare
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixPYmpla3R2ZXJzaW9u
+attributeDisplayNames:: dXJsLFdlYmJzaWRlc2FkcmVzcw==
+attributeDisplayNames:: c2VydmVyTmFtZSxTZXJ2ZXJuYW1u
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxTdMO2ZGVyIGjDpGZ0bmluZw==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsUmVzdXJzbmFtbg==
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxTaWRvciBwZXIgbWludXQ=
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxFbmhldGVyIGbDtnIgaGFzdGlnaGV0
+attributeDisplayNames:: cHJpbnRSYXRlLEhhc3RpZ2hldA==
+attributeDisplayNames:: cHJpbnRPd25lcixOYW1uIHDDpSDDpGdhcmU=
+attributeDisplayNames:: cHJpbnRNZW1vcnksSW5zdGFsbGVyYXQgbWlubmU=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxQYXBwZXJzdHlwZXIgc29tIHN0w7Zkcw==
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFRpbGxnw6RuZ2xpZ2EgcGFwcGVy
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLE1heGltYWwgdXBwbMO2c25pbmc=
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxTa3JpdmFyc3Byw6Vr
+attributeDisplayNames:: cHJpbnRlck5hbWUsTmFtbg==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsU3TDtmRlciBkdWJiZWxzaWRpZyB1dHNrcmlmdA==
+attributeDisplayNames:: cHJpbnRDb2xvcixTdMO2ZGVyIGbDpHJndXRza3JpZnQ=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFN0w7ZkZXIgc29ydGVyaW5n
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxJbm1hdG5pbmdzZmFjaw==
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydA==
+attributeDisplayNames:: bG9jYXRpb24sU2tyaXZhcmVucyBwbGF0cw==
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbGw=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS29tbWVudGFy
+attributeDisplayNames:: Y29udGFjdE5hbWUsS29udGFrdA==
+attributeDisplayNames:: YXNzZXROdW1iZXIsSW52ZW50YXJpZW51bW1lcg==
+attributeDisplayNames:: dU5DTmFtZSxOw6R0dmVya3NuYW1u
+attributeDisplayNames:: Y24sS2F0YWxvZ3Rqw6Ruc3RuYW1u
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Plats
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: SW5zdMOkbGxuaW5nYXI=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: SW5zdMOkbGxuaW5nYXIgZsO2ciBkb23DpG5rb250cm9sbGFudA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Anslutning
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTLWluc3TDpGxsbmluZ2Fy
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTLXJlcGxpa3VwcHPDpHR0bmluZw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: VW5kZXJuw6R0
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UGxhdHNsw6Ruaw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UGxhdHNsw6Rua2JyeWdnYQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Transport mellan platser
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: UGxhdHNpbnN0w6RsbG5pbmdhciBmw7ZyIGxpY2Vuc2llcmluZw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: UGxhdHNpbnN0w6RsbG5pbmdhcg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-medlem
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-prenumerant
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-prenumerationer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Organisationsenhet
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: managedBy,Hanterad av
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: ou,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: QmVow6VsbGFyZQ==
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UlBDLXRqw6Ruc3Rlcg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: QmV0cm9kZCBkb23DpG4=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Delad mapp
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxOw6R0dmVya3Nzw7ZrdsOkZw==
+attributeDisplayNames:: a2V5d29yZHMsTnlja2Vsb3Jk
+attributeDisplayNames:: bWFuYWdlZEJ5LEhhbnRlcmFkIGF2
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3Jpdm5pbmc=
+attributeDisplayNames:: Y24sTmFtbg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUS1rw7Y=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-konfiguration
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUS1mw7ZyZXRhZw==
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUS11cHBncmFkZXJhZCBhbnbDpG5kYXJl
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUS1yb3V0bmluZ2zDpG5r
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUS1pbnN0w6RsbG5pbmdhcg==
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUS1rw7ZhbGlhcw==
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Formatnamn
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: MSMQ-grupp
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLE1lZGxlbXNrw7Zlcg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3Jpdm5pbmc=
+attributeDisplayNames:: Y24sTmFtbg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: VGrDpG5zdGVuIFJlbW90ZSBTdG9yYWdl
+adminContextMenu: 0,&Hantera...,RsAdmin.msc
+attributeDisplayNames: cn,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSxQb3N0bnVtbWVyLDAsMTAwLDA=
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAtZS1wb3N0YWRyZXNzLDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsQW52w6RuZGFyZW5zIGlubG9nZ25pbmdzbmFtbiwwLDIwMCww
+extraColumns:: dGl0bGUsQmVmYXR0bmluZywwLDEwMCww
+extraColumns:: dGFyZ2V0QWRkcmVzcyxNw6VsYWRyZXNzLDAsMTAwLDA=
+extraColumns:: c3QsVGlsbHN0w6VuZCwwLDEwMCww
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQXJiZXRzcGxhdHMsMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQsw4RuZHJhZCwwLDEzMCww
+extraColumns:: c24sRWZ0ZXJuYW1uLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMIGbDtnIgc25hYmJtZWRkZWxhbmRlbiwwLDE0MCww
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxIZW1zZXJ2ZXIgZsO2ciBzbmFiYm1lZGRlbGFuZGVuLDAsMTcwLDA=
+extraColumns:: Z2l2ZW5OYW1lLEbDtnJuYW1uLDAsMTAwLDA=
+extraColumns:: aG9tZU1EQixFeGNoYW5nZS1wb3N0bMOlZGVhcmtpdiwwLDEwMCww
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlLWFsaWFzLDAsMTc1LDA=
+extraColumns:: bWFpbCxFLXBvc3RhZHJlc3MsMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsSW5sb2dnbmluZ3NuYW1uIGbDtnJlIFdpbmRvd3MgMjAwMCwwLDEyMCww
+extraColumns:: ZGlzcGxheU5hbWUsVmlzbmluZ3NuYW1uLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCxBdmRlbG5pbmcsMCwxNTAsMA==
+extraColumns:: YyxMYW5kLDAsLTEsMA==
+extraColumns:: Y29tcGFueSxPcmdhbmlzYXRpb24sMCwxNTAsMA==
+extraColumns:: bCxPcnQsMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXIsIGFyYmV0ZSwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVow6VsbGFyZSBmw7ZyIHBsYXRzZXI=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVow6VsbGFyZSBmw7ZyIHRyYW5zcG9ydGVyIG1lbGxhbiBwbGF0c2Vy
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVow6VsbGFyZSBmw7ZyIHVuZGVybsOkdA==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVow6VsbGFyZSBmw7ZyIHNlcnZyYXI=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeS10asOkbnN0
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: RnLDpWdlcHJpbmNpcA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: RXh0ZXJudCBzw6RrZXJoZXRzb2JqZWt0
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Certifikatmall
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LFNlbmFzdCBrw6RuZGEgw7Z2ZXJvcmRuYWRlIG9iamVrdCwxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=41d,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+attributeDisplayNames:: Y24sTmFtbg==
+attributeDisplayNames:: YyxMYW5kc2bDtnJrb3J0bmluZw==
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y29tcGFueSxPcmdhbmlzYXRpb24=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBdmRlbG5pbmc=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3Jpdm5pbmc=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxVbmRlcnN0w6RsbGRh
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCB1bmlrdCBuYW1u
+attributeDisplayNames:: ZGl2aXNpb24sQXZkZWxuaW5n
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnN0w6RsbG5pbmdzLUlE
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYW1uc3VmZml4
+attributeDisplayNames:: Z2l2ZW5OYW1lLEbDtnJuYW1u
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxBcmJldHNtYXBw
+attributeDisplayNames:: aG9tZURyaXZlLEFyYmV0c2VuaGV0
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24sIGhlbQ==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzLCBoZW0=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSVNETi1udW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: bCxPcnQ=
+attributeDisplayNames:: bWFpbCxFLXBvc3RhZHJlc3M=
+attributeDisplayNames:: bWFuYWdlcixDaGVm
+attributeDisplayNames:: bWVtYmVyT2YsTWVkbGVtIGk=
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsYW5uYW1u
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: aW5mbyxLb21tZW50YXJlcg==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgaGVtIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtcG9zdGFkcmVzcyAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7ZrYXJudW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm51bW1lciAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O2a2FybnVtbWVy
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRlbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQXJiZXRzcGxhdHM=
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxCb3g=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLElTRE4tbnVtbWVy
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4LW51bW1lcg==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsSW5sb2dnbmluZ3NuYW1uIChmw7ZyZSBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: c24sRWZ0ZXJuYW1u
+attributeDisplayNames:: c3QsUmVnaW9u
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxHYXR1YWRyZXNz
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXgtbnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: dGl0bGUsQmVmYXR0bmluZw==
+attributeDisplayNames:: dXJsLFdlYmJzaWRlc2FkcmVzcyAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzbmluZ3NuYW1u
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxJbmxvZ2duaW5nc2FyYmV0c3N0YXRpb25lcg==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsSW5sb2dnbmluZ3NuYW1u
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViYnNpZGVzYWRyZXNz
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror csoport
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvciBzem9sZ8OhbHRhdMOhcw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RmVsaGFzem7DoWzDsw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViaGVseSBjw61tZQ==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsQmVqZWxlbnRrZXrDqXNpIG7DqXY=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxCZWplbGVudGtlesOpc2kgbXVua2HDoWxsb23DoXNvaw==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTWVnamVsZW7DrXRldHQgbsOpdg==
+attributeDisplayNames:: dXJsLFdlYmhlbHkgY8OtbWUgKGVnecOpYik=
+attributeDisplayNames:: dGl0bGUsTXVua2Frw7Zy
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhzesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25zesOhbQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxVdGNh
+attributeDisplayNames:: c3QsTWVneWU=
+attributeDisplayNames:: c24sVmV6ZXTDqWtuw6l2
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsV2luZG93cyAyMDAwIGVsxZF0dGkgYmVqZWxlbnRrZXrDqXNpIG7DqXY=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4c3rDoW0=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE5lbXpldGvDtnppIElTRE4tc3rDoW0=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0YWZpw7Nr
+attributeDisplayNames:: cG9zdGFsQ29kZSxJcsOhbnnDrXTDs3N6w6Ft
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsSXJvZGEgaGVseWU=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxCZW9zenTDoXM=
+attributeDisplayNames:: cGFnZXIsU3plbcOpbHlow612w7NzesOhbQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbnN6w6FtIChlZ3nDqWIp
+attributeDisplayNames:: b3RoZXJQYWdlcixTemVtw6lseWjDrXbDs3N6w6FtIChlZ3nDqWIp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9uc3rDoW0gKGVnecOpYik=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVsZWt0cm9uaWt1cyBsZXbDqWxjw61tIChlZ3nDqWIp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25zesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsT3R0aG9uaSB0ZWxlZm9uc3rDoW0gKGVnecOpYik=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4c3rDoW0gKGVnecOpYik=
+attributeDisplayNames:: aW5mbyxNZWdqZWd5esOpc2Vr
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbnN6w6Ft
+attributeDisplayNames:: bWlkZGxlTmFtZSxLw7Z6w6lwc8WRIG7DqXY=
+attributeDisplayNames:: bWVtYmVyT2YsQSBrw7Z2ZXRrZXrFkSB0YWdqYQ==
+attributeDisplayNames:: bWFuYWdlcixGZWxldHRlcw==
+attributeDisplayNames:: bWFpbCxFLW1haWwgY8OtbQ==
+attributeDisplayNames:: bCxUZWxlcMO8bMOpcw==
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9uc3rDoW0=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTmVtemV0a8O2emkgSVNETi1zesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: aW5pdGlhbHMsTW9ub2dyYW0=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsT3R0aG9uaSBjw61t
+attributeDisplayNames:: aG9tZVBob25lLE90dGhvbmkgdGVsZWZvbg==
+attributeDisplayNames:: aG9tZURyaXZlLEtlemTFkW1lZ2hhanTDsw==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxLZXpkxZFtYXBwYQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLFV0w7Nuw6l2
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixHZW5lcsOhY2nDs3MgdXTDs3RhZw==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheHN6w6Ft
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbGthbG1hem90dCBhem9ub3PDrXTDs2ph
+attributeDisplayNames:: ZGl2aXNpb24sRsWRb3N6dMOhbHk=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCBtZWdrw7xsw7ZuYsO2enRldMWRIG7DqXY=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxLw7Z6dmV0bGVuIGJlb3N6dG90dGFr
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPc3p0w6FseQ==
+attributeDisplayNames:: Y29tcGFueSxDw6ln
+attributeDisplayNames:: Y29tbWVudCxNZWdqZWd5esOpcw==
+attributeDisplayNames:: Y28sT3JzesOhZw==
+attributeDisplayNames:: YyxPcnN6w6FnbsOpdiByw7Z2aWTDrXTDqXNl
+attributeDisplayNames:: Y24sTsOpdg==
+attributeDisplayNames:: YXNzaXN0YW50LFNlZ8OpZA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Csoport
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViaGVseSBjw61tZQ==
+attributeDisplayNames:: dXJsLFdlYmhlbHkgY8OtbWUgKGVnecOpYik=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsQ3NvcG9ydG7DqXYgKFdpbmRvd3MgMjAwMCBlbMWRdHRpIHJlbmRzemVyKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsSXJvZGEgaGVseWU=
+attributeDisplayNames:: aW5mbyxNZWdqZWd5esOpc2Vr
+attributeDisplayNames:: bWVtYmVyLFRhZ29r
+attributeDisplayNames:: bWFuYWdlZEJ5LEtlemVsaQ==
+attributeDisplayNames:: bCxUZWxlcMO8bMOpcw==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCBtZWdrw7xsw7ZuYsO2enRldMWRIG7DqXY=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: YyxPcnN6w6FnbsOpdiByw7Z2aWTDrXTDqXNl
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VGFydG9tw6FueQ==
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: ZGMsTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: S2FwY3NvbGF0dGFydMOz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViaGVseSBjw61tZQ==
+attributeDisplayNames:: dXJsLFdlYmhlbHkgY8OtbWUgKGVnecOpYik=
+attributeDisplayNames:: dGl0bGUsTXVua2Frw7Zy
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhzesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25zesOhbQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxVdGNh
+attributeDisplayNames:: c3QsTWVneWU=
+attributeDisplayNames:: c24sVmV6ZXTDqWtuw6l2
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4c3rDoW0=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE5lbXpldGvDtnppIElTRE4tc3rDoW0=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0YWZpw7Nr
+attributeDisplayNames:: cG9zdGFsQ29kZSxJcsOhbnnDrXTDs3N6w6Ft
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsSXJvZGEgaGVseWU=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxCZW9zenTDoXM=
+attributeDisplayNames:: cGFnZXIsU3plbcOpbHlow612w7NzesOhbQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbnN6w6FtIChlZ3nDqWIp
+attributeDisplayNames:: b3RoZXJQYWdlcixTemVtw6lseWjDrXbDs3N6w6FtIChlZ3nDqWIp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9uc3rDoW0gKGVnecOpYik=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVsZWt0cm9uaWt1cyBsZXbDqWxjw61tIChlZ3nDqWIp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25zesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsT3R0aG9uaSB0ZWxlZm9uc3rDoW0gKGVnecOpYik=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4c3rDoW0gKGVnecOpYik=
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbnN6w6Ft
+attributeDisplayNames:: bWlkZGxlTmFtZSxLw7Z6w6lwc8WRIG7DqXY=
+attributeDisplayNames:: bWVtYmVyT2YsQSBrw7Z2ZXRrZXrFkSB0YWdqYQ==
+attributeDisplayNames:: bWFuYWdlcixGZWxldHRlcw==
+attributeDisplayNames:: bWFpbCxFLW1haWwgY8OtbQ==
+attributeDisplayNames:: bCxUZWxlcMO8bMOpcw==
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9uc3rDoW0=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTmVtemV0a8O2emkgSVNETi1zesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: aW5mbyxNZWdqZWd5esOpc2Vr
+attributeDisplayNames:: aW5pdGlhbHMsTW9ub2dyYW0=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsT3R0aG9uaSBjw61t
+attributeDisplayNames:: aG9tZVBob25lLE90dGhvbmkgdGVsZWZvbg==
+attributeDisplayNames:: Z2l2ZW5OYW1lLFV0w7Nuw6l2
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixHZW5lcsOhY2nDs3MgdXTDs3RhZw==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheHN6w6Ft
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbGthbG1hem90dCBhem9ub3PDrXTDs2ph
+attributeDisplayNames:: ZGl2aXNpb24sRsWRb3N6dMOhbHk=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCBtZWdrw7xsw7ZuYsO2enRldMWRIG7DqXY=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTWVnamVsZW7DrXRldHQgbsOpdg==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxLw7Z6dmV0bGVuIGJlb3N6dG90dGFr
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPc3p0w6FseQ==
+attributeDisplayNames:: Y29tcGFueSxDw6ln
+attributeDisplayNames:: Y29tbWVudCxNZWdqZWd5esOpcw==
+attributeDisplayNames:: Y24sTsOpdg==
+attributeDisplayNames:: Y28sT3JzesOhZw==
+attributeDisplayNames:: YyxPcnN6w6FnbsOpdiByw7Z2aWTDrXTDqXNl
+attributeDisplayNames:: YXNzaXN0YW50LFNlZ8OpZA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VGFydG9tw6FueWjDoXppcmVuZA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: SGVseWkgaMOhemlyZW5k
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeSBzem9sZ8OhbHRhdMOhcw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U3rDoW3DrXTDs2fDqXA=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsU3rDoW3DrXTDs2fDqXBuw6l2IChXaW5kb3dzIDIwMDAgZWzFkXR0aSByZW5kc3plcik=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixPcGVyw6FjacOzcyByZW5kc3plciB2ZXJ6acOzamE=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLE9wZXLDoWNpw7NzIHJlbmRzemVy
+attributeDisplayNames:: bWFuYWdlZEJ5LEtlemVsaQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: TnlvbXRhdMOz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixPYmpla3R1bSB2ZXJ6acOzamE=
+attributeDisplayNames:: dXJsLFdlYmhlbHkgY8OtbWU=
+attributeDisplayNames:: c2VydmVyTmFtZSxLaXN6b2xnw6Fsw7Nuw6l2
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxUw6Ftb2dhdGphIGF6IMO2c3N6ZWbFsXrDqXN0
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTWVnb3N6dMOhc2kgbsOpdg==
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxPbGRhbCBwZXIgcGVyYw==
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxTZWJlc3PDqWdlZ3lzw6ln
+attributeDisplayNames:: cHJpbnRSYXRlLFNlYmVzc8OpZw==
+attributeDisplayNames:: cHJpbnRPd25lcixUdWxhamRvbm9zIG5ldmU=
+attributeDisplayNames:: cHJpbnRNZW1vcnksVGVsZXDDrXRldHQgbWVtw7NyaWE=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxUw6Ftb2dhdG90dCBwYXDDrXJ0w61wdXNvaw==
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFJlbmRlbGtlesOpc3JlIMOhbGzDsyBwYXDDrXI=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLE1heGltw6FsaXMgZmVsYm9udMOhcw==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxOeW9tdGF0w7MgbnllbHZl
+attributeDisplayNames:: cHJpbnRlck5hbWUsTsOpdg==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsVMOhbW9nYXRqYSBhIGvDqXRvbGRhbGFzIG55b210YXTDoXN0
+attributeDisplayNames:: cHJpbnRDb2xvcixUw6Ftb2dhdGphIGEgc3rDrW5lcyBueW9tdGF0w6FzdA==
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFTDoW1vZ2F0amEgYSBzesOpdHbDoWxvZ2F0w6FzdA==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxCZW1lbmV0aSB0w6FsY8Ohaw==
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydA==
+attributeDisplayNames:: bG9jYXRpb24sSGVseQ==
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbGw=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTWVnamVneXrDqXM=
+attributeDisplayNames:: Y29udGFjdE5hbWUsS2FwY3NvbGF0dGFydMOz
+attributeDisplayNames:: YXNzZXROdW1iZXIsRXN6a8O2enN6w6Ft
+attributeDisplayNames:: dU5DTmFtZSxIw6Fsw7N6YXRpIG7DqXY=
+attributeDisplayNames:: Y24sQ8OtbXTDoXJzem9sZ8OhbHRhdMOhcyBuZXZl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Telephely
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: S2lzem9sZ8OhbMOz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: QmXDoWxsw610w6Fzb2s=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: VGFydG9tw6FueXZlesOpcmzFkSBiZcOhbGzDrXTDoXNhaQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Kapcsolat
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTLWJlw6FsbMOtdMOhc29r
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTLXJlcGxpa2Frw6lzemxldA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: QWxow6Fsw7N6YXQ=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: SGVseWhpdmF0a296w6Fz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: SGVseWhpdmF0a296w6FzaMOtZA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: SGVseWvDtnppIMOhdHZpdGVs
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: TGljZW5jZWzFkSBoZWx5IGJlw6FsbMOtdMOhc2Fp
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: SGVseSBiZcOhbGzDrXTDoXNhaQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-tag
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTLWVsxZFmaXpldMWR
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTLWVsxZFmaXpldMOpc2Vr
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U3plcnZlemV0aSBlZ3lzw6ln
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LEtlemVsaQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: b3UsTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VMOhcm9sw7M=
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UlBDLXN6b2xnw6FsdGF0w6Fzb2s=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: TWVnYsOtemhhdMOzIHRhcnRvbcOhbnk=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Megosztott mappa
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxIw6Fsw7N6YXRpIGVsw6lyw6lzaSDDunQ=
+attributeDisplayNames:: a2V5d29yZHMsS3VsY3NzemF2YWs=
+attributeDisplayNames:: bWFuYWdlZEJ5LEtlemVsaQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUS12w6Fyw7NsaXN0YQ==
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUS1rb25maWd1csOhY2nDsw==
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUS12w6FsbGFsYXQ=
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUS1yYSBmcmlzc8OtdGV0dCBmZWxoYXN6bsOhbMOz
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUS3DunR2w6FsYXN6dMOzaGl2YXRrb3rDoXM=
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUS1iZcOhbGzDrXTDoXNvaw==
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUS12w6Fyw7NsaXN0YSBhbGlhc25ldmU=
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSxGb3Jtw6F0dW1uw6l2
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: MSMQ-csoport
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLFRhZ29rIHbDoXLDs2xpc3TDoWk=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: VMOhdnTDoXJvbMOzIHN6b2xnw6FsdGF0w6Fz
+adminContextMenu:: MCwmS2V6ZWzDqXMuLi4sUnNBZG1pbi5tc2M=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSxJcsOhbnnDrXTDs3N6w6FtLDAsMTAwLDA=
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAgZS1NYWlsLWPDrW0sMCwxMzAsMA==
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsRmVsaGFzem7DoWzDsyBiZWplbGVudGtlesOpc2kgbmV2ZSwwLDIwMCww
+extraColumns:: dGl0bGUsTXVua2Frw7ZyLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyxDw6lsIGPDrW1lLDAsMTAwLDA=
+extraColumns:: c3Qsw4FsbGFtLDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsSXJvZGEsMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQsTcOzZG9zw610dmEsMCwxMzAsMA==
+extraColumns:: c24sVmV6ZXTDqWtuw6l2LDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsSW5zdGFudCBNZXNzYWdpbmcgVVJMLWplLDAsMTQwLDA=
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxJbnN0YW50IE1lc3NhZ2luZyBraXN6b2xnw6Fsw7NqYSwwLDE3MCww
+extraColumns:: Z2l2ZW5OYW1lLFV0w7Nuw6l2LDAsMTAwLDA=
+extraColumns:: aG9tZU1EQixFeGNoYW5nZSBwb3N0YWZpw7NrIHTDoXJvbMOzamEsMCwxMDAsMA==
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlIGFsaWFzLDAsMTc1LDA=
+extraColumns:: bWFpbCxFLW1haWwgY8OtbSwwLDEwMCww
+extraColumns:: c0FNQWNjb3VudE5hbWUsV2luZG93cyAyMDAwIGVsxZF0dGkgYmVqZWxlbnRrZXrDqXNpIG7DqXYsMCwxMjAsMA==
+extraColumns:: ZGlzcGxheU5hbWUsTWVnamVsZW7DrXRldHQgbsOpdiwwLDEwMCww
+extraColumns:: ZGVwYXJ0bWVudCxPc3p0w6FseSwwLDE1MCww
+extraColumns:: YyxPcnN6w6FnLDAsLTEsMA==
+extraColumns:: Y29tcGFueSxDw6lnLDAsMTUwLDA=
+extraColumns:: bCxUZWxlcMO8bMOpcywwLDE1MCww
+extraColumns:: dGVsZXBob25lTnVtYmVyLE11bmthaGVseWkgdGVsZWZvbiwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: SGVseXTDoXJvbMOz
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: SGVseWVrIGvDtnrDtnR0aSDDoXR2aXRlbCB0w6Fyb2zDs2ph
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWxow6Fsw7N6YXRvayB0w6Fyb2zDs2ph
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: S2lzem9sZ8OhbMOzayB0w6Fyb2zDs2ph
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeSBzem9sZ8OhbHRhdMOhcw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: TGVrw6lyZGV6w6lzZWsgaMOhemlyZW5kamU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: SWRlZ2VuIGJpenRvbnPDoWdpIGVneXN6ZXLFsW7DqXY=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: VGFuw7pzw610dsOhbnlzYWJsb24=
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LFV0b2xzw7MgaXNtZXJ0IHN6w7xsxZEsMSwzMDAsMA==
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LFNlZ8OpZA==
+attributeDisplayNames:: Y24sTsOpdg==
+attributeDisplayNames:: YyxPcnN6w6FnbsOpdiByw7Z2aWTDrXTDqXNl
+attributeDisplayNames:: Y28sT3JzesOhZw==
+attributeDisplayNames:: Y29tbWVudCxNZWdqZWd5esOpcw==
+attributeDisplayNames:: Y29tcGFueSxDw6ln
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPc3p0w6FseQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxLw7Z6dmV0bGVuIGJlb3N6dG90dGFr
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCBtZWdrw7xsw7ZuYsO2enRldMWRIG7DqXY=
+attributeDisplayNames:: ZGl2aXNpb24sRsWRb3N6dMOhbHk=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbGthbG1hem90dCBhem9ub3PDrXTDs2ph
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheHN6w6Ft
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixHZW5lcsOhY2nDs3MgdXTDs3RhZw==
+attributeDisplayNames:: Z2l2ZW5OYW1lLFV0w7Nuw6l2
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxLZXpkxZFtYXBwYQ==
+attributeDisplayNames:: aG9tZURyaXZlLEtlemTFkW1lZ2hhanTDsw==
+attributeDisplayNames:: aG9tZVBob25lLE90dGhvbmkgdGVsZWZvbg==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsT3R0aG9uaSBjw61t
+attributeDisplayNames:: aW5pdGlhbHMsTW9ub2dyYW0=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTmVtemV0a8O2emkgSVNETi1zesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9uc3rDoW0=
+attributeDisplayNames:: bCxUZWxlcMO8bMOpcw==
+attributeDisplayNames:: bWFpbCxFLW1haWwgY8OtbQ==
+attributeDisplayNames:: bWFuYWdlcixGZWxldHRlcw==
+attributeDisplayNames:: bWVtYmVyT2YsQSBrw7Z2ZXRrZXrFkSB0YWdqYQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSxLw7Z6w6lwc8WRIG7DqXY=
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbnN6w6Ft
+attributeDisplayNames:: aW5mbyxNZWdqZWd5esOpc2Vr
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4c3rDoW0gKGVnecOpYik=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsT3R0aG9uaSB0ZWxlZm9uIChlZ3nDqWIp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25zesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVsZWt0cm9uaWt1cyBsZXbDqWxjw61tIChlZ3nDqWIp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9uc3rDoW0gKGVnecOpYik=
+attributeDisplayNames:: b3RoZXJQYWdlcixTemVtw6lseWjDrXbDs3N6w6FtIChlZ3nDqWIp
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbnN6w6FtIChlZ3nDqWIp
+attributeDisplayNames:: cGFnZXIsU3plbcOpbHlow612w7NzesOhbQ==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxCZW9zenTDoXM=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsSXJvZGEgaGVseWU=
+attributeDisplayNames:: cG9zdGFsQ29kZSxJcsOhbnnDrXTDs3N6w6Ft
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0YWZpw7Nr
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE5lbXpldGvDtnppIElTRE4tc3rDoW0=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4c3rDoW0=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsV2luZG93cyAyMDAwIGVsxZF0dGkgYmVqZWxlbnRrZXrDqXNpIG7DqXY=
+attributeDisplayNames:: c24sVmV6ZXTDqWtuw6l2
+attributeDisplayNames:: c3QsTWVneWU=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxVdGNh
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25zesOhbQ==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhzesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: dGl0bGUsTXVua2Frw7Zy
+attributeDisplayNames:: dXJsLFdlYmhlbHkgY8OtbWUgKGVnecOpYik=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTWVnamVsZW7DrXRldHQgbsOpdg==
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxCZWplbGVudGtlesOpc2kgbXVua2HDoWxsb23DoXNvaw==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsQmVqZWxlbnRrZXrDqXNpIG7DqXY=
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViaGVseSBjw61tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: 2YXYrNmF2YjYudipIEludGVsbGlNaXJyb3I=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: 2K7Yr9mF2KkgSW50ZWxsaU1pcnJvcg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfZhNmF2LPYqtiu2K/ZhQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us2LnZhtmI2KfZhiDYtdmB2K3YqSDZiNmK2Kg=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs2KfYs9mFINiq2LPYrNmK2YQg2KfZhNiv2K7ZiNmE
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzZhdit2LfYp9iqINiq2LPYrNmK2YQg2KfZhNiv2K7ZiNmE
+attributeDisplayNames:: ZGlzcGxheU5hbWUs2KfYs9mFINin2YTYudix2LY=
+attributeDisplayNames:: dXJsLNi52YbZiNin2YYg2LXZgdit2Kkg2YjZitioICjYotiu2LEp
+attributeDisplayNames:: dGl0bGUs2KfZhNmF2LPZhdmJINin2YTZiNi42YrZgdmK
+attributeDisplayNames:: dGVsZXhOdW1iZXIs2LHZgtmFINin2YTYqtmE2YrZg9izICjYotiu2LEp
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNix2YLZhSDYp9mE2YfYp9iq2YE=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzYp9mE2LnZhtmI2KfZhg==
+attributeDisplayNames:: c3Qs2KfZhNmI2YTYp9mK2Kkv2KfZhNmF2YLYp9i32LnYqQ==
+attributeDisplayNames:: c24s2KfYs9mFINin2YTYudin2KbZhNip
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs2KfYs9mFINiq2LPYrNmK2YQg2KfZhNiv2K7ZiNmEICjZhdinINmC2KjZhCBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNix2YLZhSDYp9mE2KrZhNmK2YPYsw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNix2YLZhSBJU0ROINin2YTYr9mI2YTZig==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzYtdmG2K/ZiNmCINin2YTYqNix2YrYrw==
+attributeDisplayNames:: cG9zdGFsQ29kZSzYp9mE2LHZhdiyINin2YTYqNix2YrYr9mK
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs2YXZiNmC2Lkg2KfZhNmF2YPYqtio
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzYp9mE2YTZgtio
+attributeDisplayNames:: cGFnZXIs2LHZgtmFINin2YTZhtiv2ZHYp9ih
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs2LHZgtmFINin2YTZh9in2KrZgSAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcizYsdmC2YUg2KfZhNmG2K/Zkdin2KEgKNii2K7YsSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs2LHZgtmFINin2YTZh9in2KrZgSDYp9mE2KzZiNmR2KfZhCAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNi52YbZiNin2YYg2KfZhNio2LHZitivINin2YTYpdmE2YPYqtix2YjZhtmKICjYotiu2LEp
+attributeDisplayNames:: b3RoZXJJcFBob25lLNi52YbZiNin2YYg2YfYp9iq2YEgSVAgKNii2K7YsSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs2LHZgtmFINmH2KfYqtmBINin2YTZhdmG2LLZhCAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs2LHZgtmFINin2YTZgdin2YPYsyAo2KLYrtixKQ==
+attributeDisplayNames:: aW5mbyzZhdmE2KfYrdi42KfYqg==
+attributeDisplayNames:: bW9iaWxlLNix2YLZhSDYp9mE2YfYp9iq2YEg2KfZhNis2YjZkdin2YQ=
+attributeDisplayNames:: bWlkZGxlTmFtZSzYp9mE2KfYs9mFINin2YTYo9mI2LPYtw==
+attributeDisplayNames:: bWVtYmVyT2Ys2LnYttmIINmB2Yo=
+attributeDisplayNames:: bWFuYWdlcizYp9mE2YXYr9mK2LE=
+attributeDisplayNames:: bWFpbCzYudmG2YjYp9mGINin2YTYqNix2YrYryDYp9mE2KXZhNmD2KrYsdmI2YbZig==
+attributeDisplayNames:: bCzYp9mE2YXYr9mK2YbYqQ==
+attributeDisplayNames:: aXBQaG9uZSzYsdmC2YUg2YfYp9iq2YEgSVA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs2LHZgtmFIElTRE4g2KfZhNiv2YjZhNmKICjYotiu2LEp
+attributeDisplayNames:: aW5pdGlhbHMs2KfZhNij2K3YsdmBINin2YTYo9mI2YTZiSDZhdmGINin2YTYo9iz2YXYp9ih
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms2LnZhtmI2KfZhiDYp9mE2YXZhtiy2YQ=
+attributeDisplayNames:: aG9tZVBob25lLNmH2KfYqtmBINin2YTZhdmG2LLZhA==
+attributeDisplayNames:: aG9tZURyaXZlLNmF2K3YsdmDINin2YTYo9mC2LHYp9i1INin2YTYsdim2YrYs9mK
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzYp9mE2K/ZhNmK2YQg2KfZhNix2KbZitiz2Yo=
+attributeDisplayNames:: Z2l2ZW5OYW1lLNin2YTYp9iz2YUg2KfZhNij2YjZhA==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizZhNin2K3ZgtipINin2YTYp9iz2YU=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNix2YLZhSDYp9mE2YHYp9mD2LM=
+attributeDisplayNames:: ZW1wbG95ZWVJRCzYp9mE2LHZgtmFINin2YTZhdi52LHZgSDZhNmE2YXZiNi42YE=
+attributeDisplayNames:: ZGl2aXNpb24s2KfZhNmB2LHYuQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs2KfZhNin2LPZhSDYp9mE2YXZhdmK2LIg2YTZgCBYNTAw
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzYp9mE2KrZgtin2LHZitixINin2YTZhdio2KfYtNix2Kk=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCzYp9mE2YLYs9mF
+attributeDisplayNames:: Y29tcGFueSzYp9mE2LTYsdmD2Kk=
+attributeDisplayNames:: Y29tbWVudCzYp9mE2KrYudmE2YrZgg==
+attributeDisplayNames:: Y28s2KfZhNio2YTYrw==
+attributeDisplayNames:: YyzYp9iu2KrYtdin2LEg2KfZhNio2YTYrw==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+attributeDisplayNames:: YXNzaXN0YW50LNin2YTZhdiz2KfYudiv
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2YXYrNmF2YjYudip
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us2LnZhtmI2KfZhiDYtdmB2K3YqSDZiNmK2Kg=
+attributeDisplayNames:: dXJsLNi52YbZiNin2YYg2LXZgdit2Kkg2YjZitioICjYotiu2LEp
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs2KfYs9mFINin2YTZhdis2YXZiNi52KkgKNmF2Kcg2YLYqNmEIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs2YXZiNmC2Lkg2KfZhNmF2YPYqtio
+attributeDisplayNames:: aW5mbyzZhdmE2KfYrdi42KfYqg==
+attributeDisplayNames:: bWVtYmVyLNin2YTYo9i52LbYp9ih
+attributeDisplayNames:: bWFuYWdlZEJ5LNmK2KrZhSDYpdiv2KfYsdiq2Ycg2YXZhiDZgtio2YQ=
+attributeDisplayNames:: bCzYp9mE2YXYr9mK2YbYqQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs2KfZhNin2LPZhSDYp9mE2YXZhdmK2LIg2YTZgCBYNTAw
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: YyzYp9iu2KrYtdin2LEg2KfZhNio2YTYrw==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfZhNmF2KzYp9mE
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: ZGMs2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfYqti12KfZhA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us2LnZhtmI2KfZhiDYtdmB2K3YqSDZiNmK2Kg=
+attributeDisplayNames:: dXJsLNi52YbZiNin2YYg2LXZgdit2Kkg2YjZitioICjYotiu2LEp
+attributeDisplayNames:: dGl0bGUs2KfZhNmF2LPZhdmJINin2YTZiNi42YrZgdmK
+attributeDisplayNames:: dGVsZXhOdW1iZXIs2LHZgtmFINin2YTYqtmE2YrZg9izICjYotiu2LEp
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNix2YLZhSDYp9mE2YfYp9iq2YE=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzYp9mE2LnZhtmI2KfZhg==
+attributeDisplayNames:: c3Qs2KfZhNmI2YTYp9mK2Kkv2KfZhNmF2YLYp9i32LnYqQ==
+attributeDisplayNames:: c24s2KfYs9mFINin2YTYudin2KbZhNip
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNix2YLZhSDYp9mE2KrZhNmK2YPYsw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNix2YLZhSBJU0ROINin2YTYr9mI2YTZig==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzYtdmG2K/ZiNmCINin2YTYqNix2YrYrw==
+attributeDisplayNames:: cG9zdGFsQ29kZSzYp9mE2LHZhdiyINin2YTYqNix2YrYr9mK
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs2YXZiNmC2Lkg2KfZhNmF2YPYqtio
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzYp9mE2YTZgtio
+attributeDisplayNames:: cGFnZXIs2LHZgtmFINin2YTZhtiv2ZHYp9ih
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs2LHZgtmFINin2YTZh9in2KrZgSAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcizYsdmC2YUg2KfZhNmG2K/Zkdin2KEgKNii2K7YsSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs2LHZgtmFINin2YTZh9in2KrZgSDYp9mE2KzZiNmR2KfZhCAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNi52YbZiNin2YYg2KfZhNio2LHZitivINin2YTYpdmE2YPYqtix2YjZhtmKICjYotiu2LEp
+attributeDisplayNames:: b3RoZXJJcFBob25lLNi52YbZiNin2YYg2YfYp9iq2YEgSVAgKNii2K7YsSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs2LHZgtmFINmH2KfYqtmBINin2YTZhdmG2LLZhCAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs2LHZgtmFINin2YTZgdin2YPYsyAo2KLYrtixKQ==
+attributeDisplayNames:: bW9iaWxlLNix2YLZhSDYp9mE2YfYp9iq2YEg2KfZhNis2YjZkdin2YQ=
+attributeDisplayNames:: bWlkZGxlTmFtZSzYp9mE2KfYs9mFINin2YTYo9mI2LPYtw==
+attributeDisplayNames:: bWVtYmVyT2Ys2LnYttmIINmB2Yo=
+attributeDisplayNames:: bWFuYWdlcizYp9mE2YXYr9mK2LE=
+attributeDisplayNames:: bWFpbCzYudmG2YjYp9mGINin2YTYqNix2YrYryDYp9mE2KXZhNmD2KrYsdmI2YbZig==
+attributeDisplayNames:: bCzYp9mE2YXYr9mK2YbYqQ==
+attributeDisplayNames:: aXBQaG9uZSzYsdmC2YUg2YfYp9iq2YEgSVA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs2LHZgtmFIElTRE4g2KfZhNiv2YjZhNmKICjYotiu2LEp
+attributeDisplayNames:: aW5mbyzZhdmE2KfYrdi42KfYqg==
+attributeDisplayNames:: aW5pdGlhbHMs2KfZhNij2K3YsdmBINin2YTYo9mI2YTZiSDZhdmGINin2YTYo9iz2YXYp9ih
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms2LnZhtmI2KfZhiDYp9mE2YXZhtiy2YQ=
+attributeDisplayNames:: aG9tZVBob25lLNmH2KfYqtmBINin2YTZhdmG2LLZhA==
+attributeDisplayNames:: Z2l2ZW5OYW1lLNin2YTYp9iz2YUg2KfZhNij2YjZhA==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizZhNin2K3ZgtipINin2YTYp9iz2YU=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNix2YLZhSDYp9mE2YHYp9mD2LM=
+attributeDisplayNames:: ZW1wbG95ZWVJRCzYp9mE2LHZgtmFINin2YTZhdi52LHZgSDZhNmE2YXZiNi42YE=
+attributeDisplayNames:: ZGl2aXNpb24s2KfZhNmB2LHYuQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs2KfZhNin2LPZhSDYp9mE2YXZhdmK2LIg2YTZgCBYNTAw
+attributeDisplayNames:: ZGlzcGxheU5hbWUs2KfYs9mFINin2YTYudix2LY=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzYp9mE2KrZgtin2LHZitixINin2YTZhdio2KfYtNix2Kk=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCzYp9mE2YLYs9mF
+attributeDisplayNames:: Y29tcGFueSzYp9mE2LTYsdmD2Kk=
+attributeDisplayNames:: Y29tbWVudCzYp9mE2KrYudmE2YrZgg==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+attributeDisplayNames:: Y28s2KfZhNio2YTYrw==
+attributeDisplayNames:: YyzYp9iu2KrYtdin2LEg2KfZhNio2YTYrw==
+attributeDisplayNames:: YXNzaXN0YW50LNin2YTZhdiz2KfYudiv
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2YbZh9isINin2YTZhdis2KfZhA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfZhNmG2YfYrCDYp9mE2YXYrdmE2Yo=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfZhNiu2K/Zhdip
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfZhNmD2YXYqNmK2YjYqtix
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs2KfYs9mFINin2YTZg9mF2KjZitmI2KrYsSAo2YXYpyDZgtio2YQgV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizYpdi12K/Yp9ixINmG2LjYp9mFINin2YTYqti02LrZitmE
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLNmG2LjYp9mFINin2YTYqti02LrZitmE
+attributeDisplayNames:: bWFuYWdlZEJ5LNmK2KrZhSDYpdiv2KfYsdiq2Ycg2YXZhiDZgtio2YQ=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfZhNi32KfYqNi52Kk=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcizYpdi12K/Yp9ixINin2YTZg9in2KbZhg==
+attributeDisplayNames:: dXJsLNi52YbZiNin2YYg2LXZgdit2Kkg2YjZitio
+attributeDisplayNames:: c2VydmVyTmFtZSzYp9iz2YUg2KfZhNmF2YTZgtmF
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzYqtiv2LnZhSDYp9mE2KrYr9io2YrYsw==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUs2KfYs9mFINin2YTZhdi02KfYsdmD2Kk=
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzYtdmB2K3YqSDYqNin2YTYr9mC2YrZgtip
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzZiNit2K/Yp9iqINin2YTYs9ix2LnYqQ==
+attributeDisplayNames:: cHJpbnRSYXRlLNin2YTYs9ix2LnYqQ==
+attributeDisplayNames:: cHJpbnRPd25lcizYp9iz2YUg2KfZhNmF2KfZhNmD
+attributeDisplayNames:: cHJpbnRNZW1vcnks2KfZhNiw2KfZg9ix2Kkg2KfZhNmF2KvYqNiq2Kk=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzYo9mG2YjYp9i5INin2YTZiNix2YIg2KfZhNmF2LnYqtmF2K/YqQ==
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LNin2YTZiNix2YIg2KfZhNmF2KrZiNmB2LE=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLNin2YTYrdivINin2YTYo9mC2LXZiSDZhNmE2K/Zgtip
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSzZhNi62Kkg2KfZhNi32KfYqNi52Kk=
+attributeDisplayNames:: cHJpbnRlck5hbWUs2KfZhNin2LPZhQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQs2KrYr9i52YUg2KfZhNi32KjYp9i52Kkg2LnZhNmJINin2YTZiNis2YfZitmG
+attributeDisplayNames:: cHJpbnRDb2xvcizYqtiv2LnZhSDYp9mE2LfYqNin2LnYqSDYqNin2YTYo9mE2YjYp9mG
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLNiq2K/YudmFINiq2LHYqtmK2Kgg2KfZhNmG2LPYrg==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzYudmE2Kgg2KfZhNil2K/Yrtin2YQ=
+attributeDisplayNames:: cG9ydE5hbWUs2KfZhNmF2YbZgdiw
+attributeDisplayNames:: bG9jYXRpb24s2KfZhNmF2YjZgti5
+attributeDisplayNames:: ZHJpdmVyTmFtZSzYp9mE2LfYsdin2LI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNiq2LnZhNmK2YI=
+attributeDisplayNames:: Y29udGFjdE5hbWUs2KfYqti12KfZhA==
+attributeDisplayNames:: YXNzZXROdW1iZXIs2LHZgtmFINin2YTYo9i12YQ=
+attributeDisplayNames:: dU5DTmFtZSzYp9iz2YUg2LTYqNmD2Kkg2KfZhNin2KrYtdin2YQ=
+attributeDisplayNames:: Y24s2KfYs9mFINiu2K/ZhdipINin2YTYr9mE2YrZhA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 2KfZhNmF2YjZgti5
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 2KfZhNmF2YTZgtmF
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 2KXYudiv2KfYr9in2Ko=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 2KXYudiv2KfYr9in2Kog2YjYrdiv2Kkg2KrYrdmD2YUg2KfZhNmF2KzYp9mE
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 2KfZhNin2KrYtdin2YQ=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 2KXYudiv2KfYr9in2KogRlJT
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 2YXYrNmF2YjYudipINin2YTZhtiz2K4g2KfZhNmF2KrZhdin2KvZhNipINmE2YAgRlJT
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 2KfZhNi02KjZg9ipINin2YTZgdix2LnZitip
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 2KfYsdiq2KjYp9i3INin2YTZhdmI2YLYuQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 2KzYs9ixINin2LHYqtio2KfYtyDYp9mE2YXZiNmC2Lk=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 2YbZgtmEINio2YrZhiDYp9mE2YXZiNin2YLYuQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 2KXYudiv2KfYr9in2Kog2KrYsdiu2YrYtSDYp9mE2YXZiNmC2Lk=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: 2KXYudiv2KfYr9in2Kog2KfZhNmF2YjZgti5
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 2LnYttmIIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 2YXYtNiq2LHZgyBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 2KfYtNiq2LHYp9mD2KfYqiBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfZhNmI2K3Yr9ipINin2YTYqtmG2LjZitmF2YrYqQ==
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LNmK2KrZhSDYpdiv2KfYsdiq2Ycg2YXZhiDZgtio2YQ=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: b3Us2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfZhNit2KfZiNmK2Kk=
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 2K7Yr9mF2KfYqiBSUEM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 2KfZhNmF2KzYp9mEINin2YTZhdmI2KvZiNmC
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfZhNmF2KzZhNivINin2YTZhdi02KrYsdmD
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSzZhdiz2KfYsSDYtNio2YPYqSDYp9mE2KfYqti12KfZhA==
+attributeDisplayNames:: a2V5d29yZHMs2KfZhNmD2YTZhdin2Kog2KfZhNij2LPYp9iz2YrYqQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LNmK2KrZhSDYpdiv2KfYsdiq2Ycg2YXZhiDZgtio2YQ=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: 2YLYp9im2YXYqSDYp9mG2KrYuNin2LEgTVNNUQ==
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: 2KrZg9mI2YrZhiBNU01R
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: 2YXYtNix2YjYuSBNU01R
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: 2YXYs9iq2K7Yr9mFINiq2LHZgtmK2Kkg2YTZgCBNU01R
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: 2KfYsdiq2KjYp9i3INiq2YjYrNmK2YcgTVNNUQ==
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: 2KXYudiv2KfYr9in2KogTVNNUQ==
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: 2KfZhNin2LPZhSDYp9mE2YXYs9iq2LnYp9ixINmE2YLYp9im2YXYqSDYp9mG2KrYuNin2LEgTVNNUQ==
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSzYp9iz2YUg2KfZhNiq2YbYs9mK2YI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: 2YXYrNmF2YjYudipIE1TTVE=
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLNi52LbZiCDZgtmI2KfYptmFINin2YbYqti42KfYsQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 2K7Yr9mF2Kkg2KfZhNiq2K7YstmK2YYg2KfZhNio2LnZitiv
+adminContextMenu:: MCwm2KXYr9in2LHYqS4uLixSc0FkbWluLm1zYw==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSzYsdmF2LIg2KjYsdmK2K/ZiiwwLDEwMCww
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3Ms2LnZhtmI2KfZhiDYp9mE2KjYsdmK2K8g2KfZhNil2YTZg9iq2LHZiNmG2YogWC40MDAsMCwxMzAsMA==
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUs4oCP4oCP2KfYs9mFINiq2LPYrNmK2YQg2K/YrtmI2YQg2KfZhNmF2LPYqtiu2K/ZhSwwLDIwMCww
+extraColumns:: dGl0bGUs2KfZhNmF2LPZhdmJINin2YTZiNi42YrZgdmKLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyzYp9mE2LnZhtmI2KfZhiDYp9mE2YfYr9mBLDAsMTAwLDA=
+extraColumns:: c3Qs2KfZhNmI2YTYp9mK2KksMCwxMDAsMA==
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs2KfZhNmF2YPYqtioLDAsMTAwLDA=
+extraColumns:: d2hlbkNoYW5nZWQs2KrZhSDYqti52K/ZitmE2YcsMCwxMzAsMA==
+extraColumns:: c24s2KfYs9mFINin2YTYudin2KbZhNipLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMINin2YTYsdiz2KfYptmEINin2YTZgdmI2LHZitipLDAsMTQwLDA=
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCzYp9mE2YXZhNmC2YUg2KfZhNix2KbZitiz2Yog2YTZhNix2LPYp9im2YQg2KfZhNmB2YjYsdmK2KksMCwxNzAsMA==
+extraColumns:: Z2l2ZW5OYW1lLNin2YTYp9iz2YUg2KfZhNij2YjZhCwwLDEwMCww
+extraColumns:: aG9tZU1EQizYqtio2KfYr9mEINmF2K7YstmGINi52YTYqNipINin2YTYqNix2YrYrywwLDEwMCww
+extraColumns:: bWFpbE5pY2tuYW1lLNiq2KjYp9iv2YQg2KfZhNin2LPZhSDYp9mE2YXYs9iq2LnYp9ixLDAsMTc1LDA=
+extraColumns:: bWFpbCzYudmG2YjYp9mGINin2YTYqNix2YrYryDYp9mE2KXZhNmD2KrYsdmI2YbZiiwwLDEwMCww
+extraColumns:: c0FNQWNjb3VudE5hbWUs4oCP4oCP2KfYs9mFINiq2LPYrNmK2YQg2KfZhNiv2K7ZiNmEINin2YTYs9in2KjZgiDZhNmAIFdpbmRvd3MgMjAwMCwwLDEyMCww
+extraColumns:: ZGlzcGxheU5hbWUs2KfYs9mFINin2YTYudix2LYsMCwxMDAsMA==
+extraColumns:: ZGVwYXJ0bWVudCzYp9mE2YLYs9mFLDAsMTUwLDA=
+extraColumns:: YyzYp9mE2KjZhNivLDAsLTEsMA==
+extraColumns:: Y29tcGFueSzYp9mE2LTYsdmD2KksMCwxNTAsMA==
+extraColumns:: bCzYp9mE2YXYr9mK2YbYqSwwLDE1MCww
+extraColumns:: dGVsZXBob25lTnVtYmVyLNmH2KfYqtmBINin2YTYudmF2YQsMCwxMDAsMA==
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 2K3Yp9mI2YrYqSDYp9mE2YXZiNin2YLYuQ==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 2K3Yp9mI2YrYqSDYp9mE2YbZgtmEINio2YrZhiDYp9mE2YXZiNin2YLYuQ==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 2K3Yp9mI2YrYqSDYp9mE2LTYqNmD2KfYqiDYp9mE2YHYsdi52YrYqQ==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 2K3Yp9mI2YrYqSDYp9mE2YXZhNmC2YXYp9iq
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 2K7Yr9mF2KkgQWN0aXZlIERpcmVjdG9yeQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 2YbZh9isINin2YTYp9iz2KrYudmE2KfZhQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 2KPYs9in2LMg2KfZhNij2YXYp9mGINin2YTYrtin2LHYrNmK
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: 2YLYp9mE2Kgg2KfZhNi02YfYp9iv2Kk=
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LNin2YTYo9i12YQg2KfZhNij2K7ZitixINin2YTZhdi52LHZiNmBLDEsMzAwLDA=
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LNin2YTZhdiz2KfYudiv
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+attributeDisplayNames:: YyzYp9iu2KrYtdin2LEg2KfZhNio2YTYrw==
+attributeDisplayNames:: Y28s2KfZhNio2YTYrw==
+attributeDisplayNames:: Y29tbWVudCzYp9mE2KrYudmE2YrZgg==
+attributeDisplayNames:: Y29tcGFueSzYp9mE2LTYsdmD2Kk=
+attributeDisplayNames:: ZGVwYXJ0bWVudCzYp9mE2YLYs9mF
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzYp9mE2KrZgtin2LHZitixINin2YTZhdio2KfYtNix2Kk=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs2KfZhNin2LPZhSDYp9mE2YXZhdmK2LIg2YTZgCBYNTAw
+attributeDisplayNames:: ZGl2aXNpb24s2KfZhNmB2LHYuQ==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzYp9mE2LHZgtmFINin2YTZhdi52LHZgSDZhNmE2YXZiNi42YE=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNix2YLZhSDYp9mE2YHYp9mD2LM=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizZhNin2K3ZgtipINin2YTYp9iz2YU=
+attributeDisplayNames:: Z2l2ZW5OYW1lLNin2YTYp9iz2YUg2KfZhNij2YjZhA==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzYp9mE2K/ZhNmK2YQg2KfZhNix2KbZitiz2Yo=
+attributeDisplayNames:: aG9tZURyaXZlLNmF2K3YsdmDINin2YTYo9mC2LHYp9i1INin2YTYsdim2YrYs9mK
+attributeDisplayNames:: aG9tZVBob25lLNmH2KfYqtmBINin2YTZhdmG2LLZhA==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms2LnZhtmI2KfZhiDYp9mE2YXZhtiy2YQ=
+attributeDisplayNames:: aW5pdGlhbHMs2KfZhNij2K3YsdmBINin2YTYo9mI2YTZiSDZhdmGINin2YTYo9iz2YXYp9ih
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs2LHZgtmFIElTRE4g2KfZhNiv2YjZhNmKICjYotiu2LEp
+attributeDisplayNames:: aXBQaG9uZSzYsdmC2YUg2YfYp9iq2YEgSVA=
+attributeDisplayNames:: bCzYp9mE2YXYr9mK2YbYqQ==
+attributeDisplayNames:: bWFpbCzYudmG2YjYp9mGINin2YTYqNix2YrYryDYp9mE2KXZhNmD2KrYsdmI2YbZig==
+attributeDisplayNames:: bWFuYWdlcizYp9mE2YXYr9mK2LE=
+attributeDisplayNames:: bWVtYmVyT2Ys2LnYttmIINmB2Yo=
+attributeDisplayNames:: bWlkZGxlTmFtZSzYp9mE2KfYs9mFINin2YTYo9mI2LPYtw==
+attributeDisplayNames:: bW9iaWxlLNix2YLZhSDYp9mE2YfYp9iq2YEg2KfZhNis2YjZkdin2YQ=
+attributeDisplayNames:: aW5mbyzZhdmE2KfYrdi42KfYqg==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs2LHZgtmFINin2YTZgdin2YPYsyAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs2LHZgtmFINmH2KfYqtmBINin2YTZhdmG2LLZhCAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLNi52YbZiNin2YYg2YfYp9iq2YEgSVAgKNii2K7YsSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNi52YbZiNin2YYg2KfZhNio2LHZitivINin2YTYpdmE2YPYqtix2YjZhtmKICjYotiu2LEp
+attributeDisplayNames:: b3RoZXJNb2JpbGUs2LHZgtmFINin2YTZh9in2KrZgSDYp9mE2KzZiNmR2KfZhCAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcizYsdmC2YUg2KfZhNmG2K/Zkdin2KEgKNii2K7YsSk=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs2LHZgtmFINin2YTZh9in2KrZgSAo2KLYrtixKQ==
+attributeDisplayNames:: cGFnZXIs2LHZgtmFINin2YTZhtiv2ZHYp9ih
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzYp9mE2YTZgtio
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs2YXZiNmC2Lkg2KfZhNmF2YPYqtio
+attributeDisplayNames:: cG9zdGFsQ29kZSzYp9mE2LHZhdiyINin2YTYqNix2YrYr9mK
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzYtdmG2K/ZiNmCINin2YTYqNix2YrYrw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNix2YLZhSBJU0ROINin2YTYr9mI2YTZig==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNix2YLZhSDYp9mE2KrZhNmK2YPYsw==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs2KfYs9mFINiq2LPYrNmK2YQg2KfZhNiv2K7ZiNmEICjZhdinINmC2KjZhCBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: c24s2KfYs9mFINin2YTYudin2KbZhNip
+attributeDisplayNames:: c3Qs2KfZhNmI2YTYp9mK2Kkv2KfZhNmF2YLYp9i32LnYqQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzYp9mE2LnZhtmI2KfZhg==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNix2YLZhSDYp9mE2YfYp9iq2YE=
+attributeDisplayNames:: dGVsZXhOdW1iZXIs2LHZgtmFINin2YTYqtmE2YrZg9izICjYotiu2LEp
+attributeDisplayNames:: dGl0bGUs2KfZhNmF2LPZhdmJINin2YTZiNi42YrZgdmK
+attributeDisplayNames:: dXJsLNi52YbZiNin2YYg2LXZgdit2Kkg2YjZitioICjYotiu2LEp
+attributeDisplayNames:: ZGlzcGxheU5hbWUs2KfYs9mFINin2YTYudix2LY=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzZhdit2LfYp9iqINiq2LPYrNmK2YQg2KfZhNiv2K7ZiNmE
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs2KfYs9mFINiq2LPYrNmK2YQg2KfZhNiv2K7ZiNmE
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us2LnZhtmI2KfZhiDYtdmB2K3YqSDZiNmK2Kg=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror-gruppe
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror-tjeneste
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Bruker
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViLWFkcmVzc2U=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsUMOlbG9nZ2luZ3NuYXZu
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxBcmJlaWRzc3Rhc2pvbmVyIHNvbSBrYW4gbG9nZ2VzIHDDpQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzbmluZ3NuYXZu
+attributeDisplayNames:: dXJsLEFkcmVzc2UgdGlsIFdlYi1zaWRlIChhbmRyZSk=
+attributeDisplayNames:: dGl0bGUsU3RpbGxpbmc=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzbnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxHYXRlYWRyZXNzZQ==
+attributeDisplayNames:: c3QsRGVsc3RhdC9yZWdpb24=
+attributeDisplayNames:: c24sRXR0ZXJuYXZu
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsUMOlbG9nZ2luZ3NuYXZuIChwcmUtV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrc251bW1lcg==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGVybmFzam9uYWx0IElTRE4tbnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0Ym9rcw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9y
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXR0ZWw=
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O4a2VybnVtbWVy
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm51bW1lciAoYW5kcmUp
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7hrZXJudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtcG9zdGFkcmVzc2UgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgcHJpdmF0IChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsVGVsZWZha3NudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: aW5mbyxNZXJrbmFkZXI=
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsb21uYXZu
+attributeDisplayNames:: bWVtYmVyT2YsTWVkbGVtIGF2
+attributeDisplayNames:: bWFuYWdlcixMZWRlcg==
+attributeDisplayNames:: bWFpbCxFLXBvc3RhZHJlc3Nl
+attributeDisplayNames:: bCxQb3N0c3RlZA==
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50ZXJuYXNqb25hbHQgSVNETi1udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: aW5pdGlhbHMsRm9yYm9rc3RhdmVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsUHJpdmF0YWRyZXNzZQ==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24sIHByaXZhdA==
+attributeDisplayNames:: aG9tZURyaXZlLEhqZW1tZXN0YXNqb24=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxIamVtbWVtYXBwZQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEZvcm5hdm4=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixHZW5lcmFzam9uc3N1ZmZpa3M=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLFRlbGVmYWtzbnVtbWVy
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnNhdHQtSUQ=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNqb24=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWC41MDAgdW5pa3QgbmF2bg==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEaXJla3RlIHVuZGVyb3JkbmVkZQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBdmRlbGluZw==
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kc2ZvcmtvcnRlbHNl
+attributeDisplayNames:: Y24sTmF2bg==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Gruppe
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: wWWHomePage,Web-adresse
+attributeDisplayNames: url,Adresse til Web-side (andre)
+attributeDisplayNames: samAccountName,Gruppenavn (pre-Windows 2000)
+attributeDisplayNames: physicalDeliveryOfficeName,Kontor
+attributeDisplayNames: info,Merknader
+attributeDisplayNames: member,Medlemmer
+attributeDisplayNames: managedBy,Behandles av
+attributeDisplayNames: l,Poststed
+attributeDisplayNames: distinguishedName,X.500 unikt navn
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: c,Landsforkortelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Domene
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: dc,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Kontakt
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViLWFkcmVzc2U=
+attributeDisplayNames:: dXJsLEFkcmVzc2UgdGlsIFdlYi1zaWRlIChhbmRyZSk=
+attributeDisplayNames:: dGl0bGUsU3RpbGxpbmc=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzbnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxHYXRlYWRyZXNzZQ==
+attributeDisplayNames:: c3QsRGVsc3RhdC9yZWdpb24=
+attributeDisplayNames:: c24sRXR0ZXJuYXZu
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrc251bW1lcg==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGVybmFzam9uYWx0IElTRE4tbnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0Ym9rcw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9y
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXR0ZWw=
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O4a2VybnVtbWVy
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm51bW1lciAoYW5kcmUp
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7hrZXJudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtcG9zdGFkcmVzc2UgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgcHJpdmF0IChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsVGVsZWZha3NudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsb21uYXZu
+attributeDisplayNames:: bWVtYmVyT2YsTWVkbGVtIGF2
+attributeDisplayNames:: bWFuYWdlcixMZWRlcg==
+attributeDisplayNames:: bWFpbCxFLXBvc3RhZHJlc3Nl
+attributeDisplayNames:: bCxQb3N0c3RlZA==
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50ZXJuYXNqb25hbHQgSVNETi1udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: aW5mbyxNZXJrbmFkZXI=
+attributeDisplayNames:: aW5pdGlhbHMsRm9yYm9rc3RhdmVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsUHJpdmF0YWRyZXNzZQ==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24sIHByaXZhdA==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEZvcm5hdm4=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixHZW5lcmFzam9uc3N1ZmZpa3M=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLFRlbGVmYWtzbnVtbWVy
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnNhdHQtSUQ=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNqb24=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWC41MDAgdW5pa3QgbmF2bg==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzbmluZ3NuYXZu
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEaXJla3RlIHVuZGVyb3JkbmVkZQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBdmRlbGluZw==
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y24sTmF2bg==
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kc2ZvcmtvcnRlbHNl
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Domenepolicy
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Lokal policy
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Tjeneste
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Datamaskin
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: samAccountName,Datamaskinnavn (pre-Windows 2000)
+attributeDisplayNames: operatingSystemVersion,Operativsystemversjon
+attributeDisplayNames: operatingSystem,Operativsystem
+attributeDisplayNames: managedBy,Behandles av
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Skriver
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixPYmpla3R2ZXJzam9u
+attributeDisplayNames:: dXJsLFdlYi1hZHJlc3Nl
+attributeDisplayNames:: c2VydmVyTmFtZSxTZXJ2ZXJuYXZu
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxTdMO4dHRlciBzdGlmdGluZw==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTmF2biBww6UgZGVsdCByZXNzdXJz
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxTaWRlciBwZXIgbWludXR0
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxIYXN0aWdoZXRzZW5oZXRlcg==
+attributeDisplayNames:: cHJpbnRSYXRlLEhhc3RpZ2hldA==
+attributeDisplayNames:: cHJpbnRPd25lcixFaWVybmF2bg==
+attributeDisplayNames:: cHJpbnRNZW1vcnksTWlubmUgaW5zdGFsbGVydA==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxTdMO4dHRlZGUgcGFwaXJ0eXBlcg==
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFRpbGdqZW5nZWxpZ2UgcGFwaXJ0eXBlcg==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLE1ha3NpbWFsIG9wcGzDuHNuaW5n
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxTa3JpdmVyc3Byw6Vr
+attributeDisplayNames:: cHJpbnRlck5hbWUsTmF2bg==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsU3TDuHR0ZXIgZG9iYmVsdHNpZGlnIHV0c2tyaWZ0
+attributeDisplayNames:: cHJpbnRDb2xvcixTdMO4dHRlciBmYXJnZXV0c2tyaWZ0
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFN0w7h0dGVyIHNvcnRlcmluZw==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxJbm5za3VmZmVy
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydA==
+attributeDisplayNames:: bG9jYXRpb24sUGxhc3NlcmluZw==
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbGw=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS29tbWVudGFy
+attributeDisplayNames:: Y29udGFjdE5hbWUsS29udGFrdA==
+attributeDisplayNames:: YXNzZXROdW1iZXIsR2plbnN0YW5kc251bW1lcg==
+attributeDisplayNames:: dU5DTmFtZSxOZXR0dmVya3NuYXZu
+attributeDisplayNames:: Y24sTmF2biBww6Uga2F0YWxvZ3RqZW5lc3Rl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: T21yw6VkZQ==
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Innstillinger
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Innstillinger for domenekontroller
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Tilkobling
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-innstillinger
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-replikasett
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Delnett
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: T21yw6VkZWtvYmxpbmc=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: T21yw6VkZWtvYmxpbmdzYnJv
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: VHJhbnNwb3J0IG1lbGxvbSBvbXLDpWRlcg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: SW5uc3RpbGxpbmdlciBmb3IgbGlzZW5zaWVyaW5nc29tcsOlZGU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: T21yw6VkZWlubnN0aWxsaW5nZXI=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-medlem
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-abonnent
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-abonnement
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Organisasjonsenhet
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: managedBy,Behandles av
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: ou,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Beholder
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: RPC-tjenester
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Klarert domene
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Delt mappe
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxOZXR0dmVya3NiYW5l
+attributeDisplayNames:: a2V5d29yZHMsTsO4a2tlbG9yZA==
+attributeDisplayNames:: bWFuYWdlZEJ5LEJlaGFuZGxlcyBhdg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: Y24sTmF2bg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUS1rw7g=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-konfigurasjon
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ-organisasjon
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName: MSMQ-oppgradert bruker
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-rutingskobling
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-innstillinger
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUS1rw7hhbGlhcw==
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Formater navn
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: MSMQ-gruppe
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLE1lZGxlbXNrw7hlcg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: Y24sTmF2bg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Ekstern lagringstjeneste
+adminContextMenu: 0,&Behandle...,RsAdmin.msc
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSxQb3N0bnVtbWVyLDAsMTAwLDA=
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAtZS1wb3N0YWRyZXNzZSwwLDEzMCww
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsQnJ1a2VycMOlbG9nZ2luZ3NuYXZuLDAsMjAwLDA=
+extraColumns:: dGl0bGUsU3RpbGxpbmcsMCwxMDAsMA==
+extraColumns:: dGFyZ2V0QWRkcmVzcyxNw6VsYWRyZXNzZSwwLDEwMCww
+extraColumns:: c3QsVGlsc3RhbmQsMCwxMDAsMA==
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9yLDAsMTAwLDA=
+extraColumns:: d2hlbkNoYW5nZWQsRW5kcmV0LDAsMTMwLDA=
+extraColumns:: c24sRXR0ZXJuYXZuLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsV2ViLWFkcmVzc2UgZm9yIMO4eWVibGlra2VsaWdlIG1lbGRpbmdlciwwLDE0MCww
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxIamVtbWVzZXJ2ZXIgZm9yIMO4eWVibGlra2VsaWdlIG1lbGRpbmdlciwwLDE3MCww
+extraColumns:: Z2l2ZW5OYW1lLEZvcm5hdm4sMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixFeGNoYW5nZS1lLXBvc3RiZWhvbGRlciwwLDEwMCww
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlLWFsaWFzLDAsMTc1LDA=
+extraColumns:: bWFpbCxFLXBvc3RhZHJlc3NlLDAsMTAwLDA=
+extraColumns:: c0FNQWNjb3VudE5hbWUsUMOlbG9nZ2luZ3NuYXZuLCBwcmUtV2luZG93cyAyMDAwLDAsMTIwLDA=
+extraColumns:: ZGlzcGxheU5hbWUsVmlzbmluZ3NuYXZuLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCxBdmRlbGluZywwLDE1MCww
+extraColumns:: YyxMYW5kLDAsLTEsMA==
+extraColumns:: Y29tcGFueSxGaXJtYSwwLDE1MCww
+extraColumns:: bCxQb3N0c3RlZCwwLDE1MCww
+extraColumns:: dGVsZXBob25lTnVtYmVyLFRlbGVmb24sIGFyYmVpZCwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVob2xkZXIgZm9yIG9tcsOlZGVy
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVob2xkZXIgZm9yIHRyYW5zcG9ydGVyIG1lbGxvbSBvbXLDpWRlcg==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Beholder for delnett
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Beholder for servere
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Active Directory-tjeneste
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U3DDuHJyaW5nc3BvbGljeQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Eksternt sikkerhetsobjekt
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Sertifikatmal
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns: lastKnownParent,Siste kjente overordnede,1,300,0
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+attributeDisplayNames:: Y24sTmF2bg==
+attributeDisplayNames:: YyxMYW5kc2ZvcmtvcnRlbHNl
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBdmRlbGluZw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEaXJla3RlIHVuZGVyb3JkbmVkZQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWC41MDAgdW5pa3QgbmF2bg==
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNqb24=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnNhdHQtSUQ=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLFRlbGVmYWtzbnVtbWVy
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixHZW5lcmFzam9uc3N1ZmZpa3M=
+attributeDisplayNames:: Z2l2ZW5OYW1lLEZvcm5hdm4=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxIamVtbWVtYXBwZQ==
+attributeDisplayNames:: aG9tZURyaXZlLEhqZW1tZXN0YXNqb24=
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24sIHByaXZhdA==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsUHJpdmF0YWRyZXNzZQ==
+attributeDisplayNames:: aW5pdGlhbHMsRm9yYm9rc3RhdmVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50ZXJuYXNqb25hbHQgSVNETi1udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: bCxQb3N0c3RlZA==
+attributeDisplayNames:: bWFpbCxFLXBvc3RhZHJlc3Nl
+attributeDisplayNames:: bWFuYWdlcixMZWRlcg==
+attributeDisplayNames:: bWVtYmVyT2YsTWVkbGVtIGF2
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsb21uYXZu
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: aW5mbyxNZXJrbmFkZXI=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsVGVsZWZha3NudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciAoYW5kcmUp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtcG9zdGFkcmVzc2UgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7hrZXJudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm51bW1lciAoYW5kcmUp
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O4a2VybnVtbWVy
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXR0ZWw=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9y
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0Ym9rcw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGVybmFzam9uYWx0IElTRE4tbnVtbWVy
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrc251bW1lcg==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsUMOlbG9nZ2luZ3NuYXZuIChwcmUtV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: c24sRXR0ZXJuYXZu
+attributeDisplayNames:: c3QsRGVsc3RhdC9yZWdpb24=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxHYXRlYWRyZXNzZQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzbnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: dGl0bGUsU3RpbGxpbmc=
+attributeDisplayNames:: dXJsLEFkcmVzc2UgdGlsIFdlYi1zaWRlIChhbmRyZSk=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzbmluZ3NuYXZu
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxBcmJlaWRzc3Rhc2pvbmVyIHNvbSBrYW4gbG9nZ2VzIHDDpQ==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsUMOlbG9nZ2luZ3NuYXZu
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViLWFkcmVzc2U=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: zp/OvM6szrTOsSBJbnRlbGxpTWlycm9y
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: zqXPgM63z4HOtc+Dzq/OsSBJbnRlbGxpTWlycm9y
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zqfPgc6uz4PPhM63z4I=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UszpTOuc61z43OuM+Fzr3Pg863IM65z4PPhM6/z4POtc67zq/OtM6xz4I=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUszozOvc6/zrzOsSDPg8+Nzr3OtM61z4POt8+C
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzOo8+EzrHOuM68zr/OryDOtc+BzrPOsc+Dzq/Osc+CIM+Dz43Ovc60zrXPg863z4I=
+attributeDisplayNames:: ZGlzcGxheU5hbWUszpXOvM+GzrHOvc65zrbPjM68zrXOvc6/IM+Mzr3Ov868zrE=
+attributeDisplayNames:: dXJsLM6UzrnOtc+NzrjPhc69z4POtyDOuc+Dz4TOv8+DzrXOu86vzrTOsc+CICjOhs67zrvOtc+CKQ==
+attributeDisplayNames:: dGl0bGUszqTOr8+EzrvOv8+CIM61z4HOs86xz4POr86xz4I=
+attributeDisplayNames:: dGVsZXhOdW1iZXIszpHPgc65zrjOvM+Mz4Igz4TOrc67zrXOviAozobOu867zr/OuSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+EzrfOu861z4bPjs69zr/PhQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzOlM65zrXPjc64z4XOvc+Dzrc=
+attributeDisplayNames:: c3Qszp3Ov868z4zPgg==
+attributeDisplayNames:: c24szpXPgM+Ozr3Phc68zr8=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUszozOvc6/zrzOsSDPg8+Nzr3OtM61z4POt8+CICjPgM+BzrnOvSDPhM6xIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+Ezq3Ou861zr4=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLM6UzrnOtc64zr3Ors+CIM6xz4HOuc64zrzPjM+CIElTRE4=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzOpM6xz4fPhc60z4HOv868zrnOus6uIM64z4XPgc6vzrTOsQ==
+attributeDisplayNames:: cG9zdGFsQ29kZSzOpM6xz4cuIM66z47OtM65zrrOsc+C
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUszqTOv8+Azr/OuM61z4POr86xIM6zz4HOsc+GzrXOr86/z4U=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzOpM6vz4TOu86/z4I=
+attributeDisplayNames:: cGFnZXIszpHPgc65zrjOvM+Mz4Igz4TOt867zrXOtc65zrTOv8+Azr/Or863z4POt8+C
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUszpHPgc65zrjOvM+Mz4Igz4TOt867zrXPhs+Ozr3Ov8+FICjOhs67zrvOv865KQ==
+attributeDisplayNames:: b3RoZXJQYWdlcizOkc+BzrnOuM68z4zPgiDPhM63zrvOtc61zrnOtM6/z4DOv86vzrfPg863z4IgKM6GzrvOu86/zrkp
+attributeDisplayNames:: b3RoZXJNb2JpbGUszpHPgc65zrjOvM+Mz4IgzrrOuc69zrfPhM6/z40gKM6GzrvOu86/zrkp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LM6UzrnOtc+NzrjPhc69z4POtyDOt867zrXOus+Ez4HOv869zrnOus6/z40gz4TOsc+Hz4XOtM+Bzr/OvM61zq/Ov8+FICjOhs67zrvOtc+CKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLM6Rz4HOuc64zrzPjM+CIM+EzrfOu861z4bPjs69zr/PhSBJUCAozobOu867zr/OuSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUszpHPgc65zrjOvM+Mz4Igz4TOt867zrXPhs+Ozr3Ov8+FIM6/zrnOus6vzrHPgiAozobOu867zr/OuSk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIszpHPgc65zrjOvM+Mz4Igz4bOsc6+ICjOhs67zrvOv865KQ==
+attributeDisplayNames:: aW5mbyzOo863zrzOtc65z47Pg861zrnPgg==
+attributeDisplayNames:: bW9iaWxlLM6Rz4HOuc64zrzPjM+CIM66zrnOvc63z4TOv8+N
+attributeDisplayNames:: bWlkZGxlTmFtZSzOoM6xz4TPgc+Ozr3Phc68zr8=
+attributeDisplayNames:: bWVtYmVyT2YszpzOrc67zr/PgiDPhM6/z4U=
+attributeDisplayNames:: bWFuYWdlcizOpc+AzrXPjc64z4XOvc6/z4I=
+attributeDisplayNames:: bWFpbCzOlM65zrXPjc64z4XOvc+DzrcgzrfOu861zrrPhM+Bzr/Ovc65zrrOv8+NIM+EzrHPh8+FzrTPgc6/zrzOtc6vzr/PhQ==
+attributeDisplayNames:: bCzOoM+MzrvOtw==
+attributeDisplayNames:: aXBQaG9uZSzOkc+BzrnOuM68z4zPgiDPhM63zrvOtc+Gz47Ovc6/z4UgSVA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIszpTOuc61zrjOvc6uz4IgzrHPgc65zrjOvM+Mz4IgSVNETiAozobOu867zr/OuSk=
+attributeDisplayNames:: aW5pdGlhbHMszpHPgc+HzrnOus6s
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MszpTOuc61z43OuM+Fzr3Pg863IM6/zrnOus6vzrHPgg==
+attributeDisplayNames:: aG9tZVBob25lLM6kzrfOu86tz4bPic69zr8gzr/Ouc66zq/Osc+C
+attributeDisplayNames:: aG9tZURyaXZlLM6azrXOvc+Ez4HOuc66zq4gzrzOv869zqzOtM6xIM60zq/Pg866zr/PhQ==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzOms61zr3PhM+BzrnOus+Mz4Igz4bOrM66zrXOu86/z4I=
+attributeDisplayNames:: Z2l2ZW5OYW1lLM6Mzr3Ov868zrE=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizOlc+Azq/OuM63zrzOsSDOtM63zrzOuc6/z4XPgc6zzq/Osc+C
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+GzrHOvg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzOkc69zrHOs869z4nPgc65z4PPhM65zrrPjCDOtc+BzrPOsc62zr/OvM6tzr3Ov8+F
+attributeDisplayNames:: ZGl2aXNpb24szqTOv868zq3Osc+C
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUszpHPgM6/zrrOu861zrnPg8+EzrnOus+MIM+Mzr3Ov868zrEgWDUwMA==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzOhs68zrXPg86xIM+Fz4DOtc+NzrjPhc69zr/OuQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: ZGVwYXJ0bWVudCzOpM68zq7OvM6x
+attributeDisplayNames:: Y29tcGFueSzOlc+EzrHOuc+BzrXOr86x
+attributeDisplayNames:: Y29tbWVudCzOo8+Hz4zOu865zr8=
+attributeDisplayNames:: Y28szqfPjs+BzrE=
+attributeDisplayNames:: YyzOo8+Fzr3PhM6/zrzOv86zz4HOsc+Gzq/OsSDPh8+Oz4HOsc+C
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+attributeDisplayNames:: YXNzaXN0YW50LM6Szr/Ot864z4zPgg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zp/OvM6szrTOsQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UszpTOuc61z43OuM+Fzr3Pg863IM65z4PPhM6/z4POtc67zq/OtM6xz4I=
+attributeDisplayNames:: dXJsLM6UzrnOtc+NzrjPhc69z4POtyDOuc+Dz4TOv8+DzrXOu86vzrTOsc+CICjOhs67zrvOtc+CKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUszozOvc6/zrzOsSDOv868zqzOtM6xz4IgKM+Az4HOuc69IM+EzrEgV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUszqTOv8+Azr/OuM61z4POr86xIM6zz4HOsc+GzrXOr86/z4U=
+attributeDisplayNames:: aW5mbyzOo863zrzOtc65z47Pg861zrnPgg==
+attributeDisplayNames:: bWVtYmVyLM6czq3Ou863
+attributeDisplayNames:: bWFuYWdlZEJ5LM6UzrnOsc+HzrXOuc+Bzq/Ots61z4TOsc65IM6xz4DPjA==
+attributeDisplayNames:: bCzOoM+MzrvOtw==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUszpHPgM6/zrrOu861zrnPg8+EzrnOus+MIM+Mzr3Ov868zrEgWDUwMA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: YyzOo8+Fzr3PhM6/zrzOv86zz4HOsc+Gzq/OsSDPh8+Oz4HOsc+C
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zqTOv868zq3Osc+C
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: ZGMszozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zpXPgM6xz4bOrg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UszpTOuc61z43OuM+Fzr3Pg863IM65z4PPhM6/z4POtc67zq/OtM6xz4I=
+attributeDisplayNames:: dXJsLM6UzrnOtc+NzrjPhc69z4POtyDOuc+Dz4TOv8+DzrXOu86vzrTOsc+CICjOhs67zrvOtc+CKQ==
+attributeDisplayNames:: dGl0bGUszqTOr8+EzrvOv8+CIM61z4HOs86xz4POr86xz4I=
+attributeDisplayNames:: dGVsZXhOdW1iZXIszpHPgc65zrjOvM+Mz4Igz4TOrc67zrXOviAozobOu867zr/OuSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+EzrfOu861z4bPjs69zr/PhQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzOlM65zrXPjc64z4XOvc+Dzrc=
+attributeDisplayNames:: c3Qszp3Ov868z4zPgg==
+attributeDisplayNames:: c24szpXPgM+Ozr3Phc68zr8=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+Ezq3Ou861zr4=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLM6UzrnOtc64zr3Ors+CIM6xz4HOuc64zrzPjM+CIElTRE4=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzOpM6xz4fPhc60z4HOv868zrnOus6uIM64z4XPgc6vzrTOsQ==
+attributeDisplayNames:: cG9zdGFsQ29kZSzOpM6xz4cuIM66z47OtM65zrrOsc+C
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUszqTOv8+Azr/OuM61z4POr86xIM6zz4HOsc+GzrXOr86/z4U=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzOpM6vz4TOu86/z4I=
+attributeDisplayNames:: cGFnZXIszpHPgc65zrjOvM+Mz4Igz4TOt867zrXOtc65zrTOv8+Azr/Or863z4POt8+C
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUszpHPgc65zrjOvM+Mz4Igz4TOt867zrXPhs+Ozr3Ov8+FICjOhs67zrvOv865KQ==
+attributeDisplayNames:: b3RoZXJQYWdlcizOkc+BzrnOuM68z4zPgiDPhM63zrvOtc61zrnOtM6/z4DOv86vzrfPg863z4IgKM6GzrvOu86/zrkp
+attributeDisplayNames:: b3RoZXJNb2JpbGUszpHPgc65zrjOvM+Mz4IgzrrOuc69zrfPhM6/z40gKM6GzrvOu86/zrkp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LM6UzrnOtc+NzrjPhc69z4POtyDOt867zrXOus+Ez4HOv869zrnOus6/z40gz4TOsc+Hz4XOtM+Bzr/OvM61zq/Ov8+FICjOhs67zrvOtc+CKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLM6Rz4HOuc64zrzPjM+CIM+EzrfOu861z4bPjs69zr/PhSBJUCAozobOu867zr/OuSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUszpHPgc65zrjOvM+Mz4Igz4TOt867zrXPhs+Ozr3Ov8+FIM6/zrnOus6vzrHPgiAozobOu867zr/OuSk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIszpHPgc65zrjOvM+Mz4Igz4bOsc6+ICjOhs67zrvOv865KQ==
+attributeDisplayNames:: bW9iaWxlLM6Rz4HOuc64zrzPjM+CIM66zrnOvc63z4TOv8+N
+attributeDisplayNames:: bWlkZGxlTmFtZSzOoM6xz4TPgc+Ozr3Phc68zr8=
+attributeDisplayNames:: bWVtYmVyT2YszpzOrc67zr/PgiDPhM6/z4U=
+attributeDisplayNames:: bWFuYWdlcizOpc+AzrXPjc64z4XOvc6/z4I=
+attributeDisplayNames:: bWFpbCzOlM65zrXPjc64z4XOvc+DzrcgzrfOu861zrrPhM+Bzr/Ovc65zrrOv8+NIM+EzrHPh8+FzrTPgc6/zrzOtc6vzr/PhQ==
+attributeDisplayNames:: bCzOoM+MzrvOtw==
+attributeDisplayNames:: aXBQaG9uZSzOkc+BzrnOuM68z4zPgiDPhM63zrvOtc+Gz47Ovc6/z4UgSVA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIszpTOuc61zrjOvc6uz4IgzrHPgc65zrjOvM+Mz4IgSVNETiAozobOu867zr/OuSk=
+attributeDisplayNames:: aW5mbyzOo863zrzOtc65z47Pg861zrnPgg==
+attributeDisplayNames:: aW5pdGlhbHMszpHPgc+HzrnOus6s
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MszpTOuc61z43OuM+Fzr3Pg863IM6/zrnOus6vzrHPgg==
+attributeDisplayNames:: aG9tZVBob25lLM6kzrfOu86tz4bPic69zr8gzr/Ouc66zq/Osc+C
+attributeDisplayNames:: Z2l2ZW5OYW1lLM6Mzr3Ov868zrE=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizOlc+Azq/OuM63zrzOsSDOtM63zrzOuc6/z4XPgc6zzq/Osc+C
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+GzrHOvg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzOkc69zrHOs869z4nPgc65z4PPhM65zrrPjCDOtc+BzrPOsc62zr/OvM6tzr3Ov8+F
+attributeDisplayNames:: ZGl2aXNpb24szqTOv868zq3Osc+C
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUszpHPgM6/zrrOu861zrnPg8+EzrnOus+MIM+Mzr3Ov868zrEgWDUwMA==
+attributeDisplayNames:: ZGlzcGxheU5hbWUszpXOvM+GzrHOvc65zrbPjM68zrXOvc6/IM+Mzr3Ov868zrE=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzOhs68zrXPg86xIM+Fz4DOtc+NzrjPhc69zr/OuQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: ZGVwYXJ0bWVudCzOpM68zq7OvM6x
+attributeDisplayNames:: Y29tcGFueSzOlc+EzrHOuc+BzrXOr86x
+attributeDisplayNames:: Y29tbWVudCzOo8+Hz4zOu865zr8=
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+attributeDisplayNames:: Y28szqfPjs+BzrE=
+attributeDisplayNames:: YyzOo8+Fzr3PhM6/zrzOv86zz4HOsc+Gzq/OsSDPh8+Oz4HOsc+C
+attributeDisplayNames:: YXNzaXN0YW50LM6Szr/Ot864z4zPgg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zqDOv867zrnPhM65zrrOriDPhM6/zrzOrc6x
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zqTOv8+AzrnOus6uIM+Azr/Ou865z4TOuc66zq4=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zqXPgM63z4HOtc+Dzq/OsQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zqXPgM6/zrvOv86zzrnPg8+Ezq7Pgg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUszozOvc6/zrzOsSDPhc+Azr/Ou86/zrPOuc+Dz4TOriAoz4DPgc65zr0gz4TOsSBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizOiM66zrTOv8+DzrcgzrvOtc65z4TOv8+Fz4HOs865zrrOv8+NIM+Dz4XPg8+Ezq7OvM6xz4TOv8+C
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLM6bzrXOuc+Ezr/Phc+BzrPOuc66z4wgz4PPjc+Dz4TOt868zrE=
+attributeDisplayNames:: bWFuYWdlZEJ5LM6UzrnOsc+HzrXOuc+Bzq/Ots61z4TOsc65IM6xz4DPjA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zpXOus+Ez4XPgM+Jz4TOrs+C
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcizOiM66zrTOv8+DzrcgzrHOvc+EzrnOus61zrnOvM6tzr3Ov8+F
+attributeDisplayNames:: dXJsLM6UzrnOtc+NzrjPhc69z4POtyDOuc+Dz4TOv8+DzrXOu86vzrTOsc+C
+attributeDisplayNames:: c2VydmVyTmFtZSzOjM69zr/OvM6xIM60zrnOsc66zr/OvM65z4PPhM6u
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzOpc+Azr/Pg8+Ezq7Pgc65zr7OtyDPg8+Fz4HPgc6xz4bOrs+C
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUszozOvc6/zrzOsSDOus6/zrnOvc+Mz4fPgc63z4PPhM6/z4Ugz4PPhM6/zrnPh861zq/Ov8+F
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzOo861zrvOr860zrXPgiDOsc69zqwgzrvOtc+Az4TPjA==
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzOnM6/zr3OrM60zrXPgiDPhM6xz4fPjc+EzrfPhM6xz4I=
+attributeDisplayNames:: cHJpbnRSYXRlLM6kzrHPh8+Nz4TOt8+EzrE=
+attributeDisplayNames:: cHJpbnRPd25lcizOjM69zr/OvM6xIM66zrHPhM+Mz4fOv8+F
+attributeDisplayNames:: cHJpbnRNZW1vcnkszpXOs866zrHPhM61z4PPhM63zrzOrc69zrcgzrzOvc6uzrzOtw==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzOpM+Nz4DOv865IM+HzrHPgc+EzrnOv8+NIM+Azr/PhSDPhc+Azr/Pg8+EzrfPgc6vzrbOv869z4TOsc65
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LM6UzrnOsc64zq3Pg865zrzOvyDPh86xz4HPhM6v
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLM6czq3Os865z4PPhM63IM6xzr3OrM67z4XPg863
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSzOk867z47Pg8+DzrEgzrXOus+Ez4XPgM+Jz4TOrg==
+attributeDisplayNames:: cHJpbnRlck5hbWUszozOvc6/zrzOsQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQszqXPgM6/z4PPhM63z4HOr862zrXOuSDOtc66z4TPjc+Az4nPg863IM60zrnPgM67zq7PgiDPjM+IzrXPic+C
+attributeDisplayNames:: cHJpbnRDb2xvcizOpc+Azr/Pg8+EzrfPgc6vzrbOtc65IM6tzrPPh8+Bz4nOvM63IM61zrrPhM+Nz4DPic+Dzrc=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLM6lz4DOv8+Dz4TOt8+Bzq/Ots61zrkgz4TOsc6+zrnOvc+MzrzOt8+Dzrc=
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzOms6xz4POrc+EzrXPgiDOtc65z4PPjM60zr/PhQ==
+attributeDisplayNames:: cG9ydE5hbWUszpjPjc+BzrE=
+attributeDisplayNames:: bG9jYXRpb24szpjOrc+Dzrc=
+attributeDisplayNames:: ZHJpdmVyTmFtZSzOnM6/zr3PhM6tzrvOvw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqPPh8+MzrvOuc6/
+attributeDisplayNames:: Y29udGFjdE5hbWUszpXPgM6xz4bOrg==
+attributeDisplayNames:: YXNzZXROdW1iZXIszpHPgc65zrjOvM+Mz4Igz4PPhM6/zrnPh861zq/Ov8+F
+attributeDisplayNames:: dU5DTmFtZSzOjM69zr/OvM6xIM60zrnOus+Ez43Ov8+F
+attributeDisplayNames:: Y24szozOvc6/zrzOsSDPhc+AzrfPgc61z4POr86xz4IgzrrOsc+EzrHOu8+MzrPOv8+F
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: zqTOv8+Azr/OuM61z4POr86x
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: zpTOuc6xzrrOv868zrnPg8+Ezq7Pgg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: zqHPhc64zrzOr8+DzrXOuc+C
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: zqHPhc64zrzOr8+DzrXOuc+CIM61zrvOtc6zzrrPhM6uIM+Ezr/OvM6tzrE=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: zqPPjc69zrTOtc+Dzrc=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: zqHPhc64zrzOr8+DzrXOuc+CIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: zqPPjc69zr/Ou86/IM+BzrXPgM67zq/Ous6xz4IgRlJT
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: zqXPgM6/zrTOr866z4TPhc6/
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: zqPPjc69zrTOtc+Dzrcgz4TOv8+Azr/OuM61z4POr86xz4I=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: zpPOrc+Gz4XPgc6xIM+Dz43Ovc60zrXPg863z4Igz4TOv8+Azr/OuM61z4POr86xz4I=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: zpzOtc+EzrHPhs6/z4HOrCDOvM61z4TOsc6+z40gzrHPgM6/zrzOsc66z4HPhc+DzrzOrc69z4nOvSDPhM6/z4DOv864zrXPg865z47OvQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: zqHPhc64zrzOr8+DzrXOuc+CIM6szrTOtc65zrHPgiDPh8+Bzq7Pg863z4Igz4TOv8+Azr/OuM61z4POr86xz4I=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: zqHPhc64zrzOr8+DzrXOuc+CIM+Ezr/PgM6/zrjOtc+Dzq/Osc+C
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: zpzOrc67zr/PgiBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: zqPPhc69zrTPgc6/zrzOt8+Ezq7PgiBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: zqPPhc69zrTPgc6/zrzOrc+CIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zp/Pgc6zzrHOvc65zrrOriDOvM6/zr3OrM60zrE=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LM6UzrnOsc+HzrXOuc+Bzq/Ots61z4TOsc65IM6xz4DPjA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: b3UszozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zprOv869z4TOrc65zr3Otc+B
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: zqXPgM63z4HOtc+Dzq/Otc+CIFJQQw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: zpHOvs65z4zPgM65z4PPhM6/z4Igz4TOv868zq3Osc+C
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zprOv865zr3PjM+Hz4HOt8+Dz4TOv8+CIM+GzqzOus61zrvOv8+C
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSzOlM65zrHOtM+Bzr/OvM6uIM60zrnOus+Ez43Ov8+F
+attributeDisplayNames:: a2V5d29yZHMszpvOrc6+zrXOuc+CLc66zrvOtc65zrTOuc6s
+attributeDisplayNames:: bWFuYWdlZEJ5LM6UzrnOsc+HzrXOuc+Bzq/Ots61z4TOsc65IM6xz4DPjA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: zp/Phc+BzqwgTVNNUQ==
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: zqHPjc64zrzOuc+Dzrcgz4DOsc+BzrHOvM6tz4TPgc+Jzr0gTVNNUQ==
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: zpXPhM6xzrnPgc61zq/OsSBNU01R
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: zpHOvc6xzrLOsc64zrzOuc+DzrzOrc69zr/PgiDPh8+Bzq7Pg8+EzrfPgiBNU01R
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: zqPPjc69zrTOtc+DzrcgzrTPgc6/zrzOv867z4zOs863z4POt8+CIE1TTVE=
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: zqHPhc64zrzOr8+DzrXOuc+CIE1TTVE=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: zqjOtc+FzrTPjs69z4XOvM6xIM6/z4XPgc6sz4IgTVNNUQ==
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSzOjM69zr/OvM6xIM68zr/Pgc+Gzq7Pgg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: zozOvc6/zrzOsSBNU01R
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLM6fz4XPgc6tz4ItzrzOrc67zrc=
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: zqXPgM63z4HOtc+Dzq/OsSDOsc+Azr/OvM6xzrrPgc+Fz4POvM6tzr3Ot8+CIM6xz4DOv864zq7Ous61z4XPg863z4I=
+adminContextMenu:: MCzOlM65zrEmz4fOtc6vz4HOuc+DzrcuLi4sUnNBZG1pbi5tc2M=
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSzOpM6xz4fPhc60z4HOv868zrnOus+Mz4IgzrrPjs60zrnOus6xz4IsMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MszpTOuc61z43OuM+Fzr3Pg863IM63zrvOtc66z4TPgc6/zr3Ouc66zr/PjSDPhM6xz4fPhc60z4HOv868zrXOr86/z4UgWC40MDAsMCwxMzAsMA==
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUszozOvc6/zrzOsSDPg8+Nzr3OtM61z4POt8+CIM+Hz4HOrs+Dz4TOtywwLDIwMCww
+extraColumns:: dGl0bGUszqTOr8+EzrvOv8+CIM61z4HOs86xz4POr86xz4IsMCwxMDAsMA==
+extraColumns:: dGFyZ2V0QWRkcmVzcyzOlM65zrXPjc64z4XOvc+Dzrcgz4DPgc6/zr/Pgc65z4POvM6/z40sMCwxMDAsMA==
+extraColumns:: c3QszprOsc+EzqzPg8+EzrHPg863LDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUszpPPgc6xz4bOtc6vzr8sMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQszqTPgc6/z4DOv8+Azr/Ouc6uzrjOt866zrUsMCwxMzAsMA==
+extraColumns:: c24szpXPgM+Ozr3Phc68zr8sMCwxMDAsMA==
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMIM6szrzOtc+Dz4nOvSDOvM63zr3Phc68zqzPhM+Jzr0sMCwxNDAsMA==
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCzOlM65zrHOus6/zrzOuc+Dz4TOrs+CIM66zrXOvc+Ez4HOuc66zq7PgiDPg861zrvOr860zrHPgiDOrM68zrXPg8+Jzr0gzrzOt869z4XOvM6sz4TPic69LDAsMTcwLDA=
+extraColumns:: Z2l2ZW5OYW1lLM6Mzr3Ov868zrEsMCwxMDAsMA==
+extraColumns:: aG9tZU1EQizOp8+Oz4HOv8+CIM6xz4DOv864zq7Ous61z4XPg863z4IgzrPPgc6xzrzOvM6xz4TOv866zrnOss+Jz4TOr86/z4UgRXhjaGFuZ2UsMCwxMDAsMA==
+extraColumns:: bWFpbE5pY2tuYW1lLM6ozrXPhc60z47Ovc+FzrzOvyBFeGNoYW5nZSwwLDE3NSww
+extraColumns:: bWFpbCzOlM65zrXPjc64z4XOvc+DzrcgzrfOu861zrrPhM+Bzr/Ovc65zrrOv8+NIM+EzrHPh8+FzrTPgc6/zrzOtc6vzr/PhSwwLDEwMCww
+extraColumns:: c0FNQWNjb3VudE5hbWUszozOvc6/zrzOsSDPg8+Nzr3OtM61z4POt8+CIM+Az4HOuc69IM+EzrEgV2luZG93cyAyMDAwLDAsMTIwLDA=
+extraColumns:: ZGlzcGxheU5hbWUszpXOvM+GzrHOvc65zrbPjM68zrXOvc6/IM+Mzr3Ov868zrEsMCwxMDAsMA==
+extraColumns:: ZGVwYXJ0bWVudCzOpM68zq7OvM6xLDAsMTUwLDA=
+extraColumns:: YyzOp8+Oz4HOsSwwLC0xLDA=
+extraColumns:: Y29tcGFueSzOlc+EzrHOuc+BzrXOr86xLDAsMTUwLDA=
+extraColumns:: bCzOoM+MzrvOtywwLDE1MCww
+extraColumns:: dGVsZXBob25lTnVtYmVyLM6kzrfOu86tz4bPic69zr8gzrXPgc6zzrHPg86vzrHPgiwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: zprOv869z4TOrc65zr3Otc+BIM+Ezr/PgM6/zrjOtc+DzrnPjs69
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: zprOv869z4TOrc65zr3Otc+BIM68zrXPhM6xz4bOv8+Bz47OvSDOvM61z4TOsc6+z40gzrHPgM6/zrzOsc66z4HPhc+DzrzOrc69z4nOvSDPhM6/z4DOv864zrXPg865z47OvQ==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: zprOv869z4TOrc65zr3Otc+BIM+Fz4DOv860zrnOus+Ez43Pic69
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: zprOv869z4TOrc65zr3Otc+BIM60zrnOsc66zr/OvM65z4PPhM+Ozr0=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: zqXPgM63z4HOtc+Dzq/OsSDOus6xz4TOsc67z4zOs86/z4UgQWN0aXZlIERpcmVjdG9yeQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: zqDOv867zrnPhM65zrrOriDOtc+Bz4nPhM6uzrzOsc+Ezr/Pgg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: zpHPgc+Hzq4gzrXOvs+Jz4TOtc+BzrnOus6uz4IgzrHPg8+GzqzOu861zrnOsc+C
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: zqDPgc+Mz4TPhc+Azr8gz4DOuc+Dz4TOv8+Azr/Ouc63z4TOuc66z47OvQ==
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LM6kzrXOu861z4XPhM6xzq/Ov8+CIM6zzr3Pic+Dz4TPjM+CIM6zzr/Ovc6tzrHPgiwxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LM6Szr/Ot864z4zPgg==
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+attributeDisplayNames:: YyzOo8+Fzr3PhM6/zrzOv86zz4HOsc+Gzq/OsSDPh8+Oz4HOsc+C
+attributeDisplayNames:: Y28szqfPjs+BzrE=
+attributeDisplayNames:: Y29tbWVudCzOo8+Hz4zOu865zr8=
+attributeDisplayNames:: Y29tcGFueSzOlc+EzrHOuc+BzrXOr86x
+attributeDisplayNames:: ZGVwYXJ0bWVudCzOpM68zq7OvM6x
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzOhs68zrXPg86xIM+Fz4DOtc+NzrjPhc69zr/OuQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUszpHPgM6/zrrOu861zrnPg8+EzrnOus+MIM+Mzr3Ov868zrEgWDUwMA==
+attributeDisplayNames:: ZGl2aXNpb24szqTOv868zq3Osc+C
+attributeDisplayNames:: ZW1wbG95ZWVJRCzOkc69zrHOs869z4nPgc65z4PPhM65zrrPjCDOtc+BzrPOsc62zr/OvM6tzr3Ov8+F
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+GzrHOvg==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizOlc+Azq/OuM63zrzOsSDOtM63zrzOuc6/z4XPgc6zzq/Osc+C
+attributeDisplayNames:: Z2l2ZW5OYW1lLM6Mzr3Ov868zrE=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzOms61zr3PhM+BzrnOus+Mz4Igz4bOrM66zrXOu86/z4I=
+attributeDisplayNames:: aG9tZURyaXZlLM6azrXOvc+Ez4HOuc66zq4gzrzOv869zqzOtM6xIM60zq/Pg866zr/PhQ==
+attributeDisplayNames:: aG9tZVBob25lLM6kzrfOu86tz4bPic69zr8gzr/Ouc66zq/Osc+C
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MszpTOuc61z43OuM+Fzr3Pg863IM6/zrnOus6vzrHPgg==
+attributeDisplayNames:: aW5pdGlhbHMszpHPgc+HzrnOus6s
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIszpTOuc61zrjOvc6uz4IgzrHPgc65zrjOvM+Mz4IgSVNETiAozobOu867zr/OuSk=
+attributeDisplayNames:: aXBQaG9uZSzOkc+BzrnOuM68z4zPgiDPhM63zrvOtc+Gz47Ovc6/z4UgSVA=
+attributeDisplayNames:: bCzOoM+MzrvOtw==
+attributeDisplayNames:: bWFpbCzOlM65zrXPjc64z4XOvc+DzrcgzrfOu861zrrPhM+Bzr/Ovc65zrrOv8+NIM+EzrHPh8+FzrTPgc6/zrzOtc6vzr/PhQ==
+attributeDisplayNames:: bWFuYWdlcizOpc+AzrXPjc64z4XOvc6/z4I=
+attributeDisplayNames:: bWVtYmVyT2YszpzOrc67zr/PgiDPhM6/z4U=
+attributeDisplayNames:: bWlkZGxlTmFtZSzOoM6xz4TPgc+Ozr3Phc68zr8=
+attributeDisplayNames:: bW9iaWxlLM6Rz4HOuc64zrzPjM+CIM66zrnOvc63z4TOv8+N
+attributeDisplayNames:: aW5mbyzOo863zrzOtc65z47Pg861zrnPgg==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIszpHPgc65zrjOvM+Mz4Igz4bOsc6+ICjOhs67zrvOv865KQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUszqTOt867zq3Phs+Jzr3OvyDOv865zrrOr86xz4IgKM6GzrvOu86xKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLM6Rz4HOuc64zrzPjM+CIM+EzrfOu861z4bPjs69zr/PhSBJUCAozobOu867zr/OuSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LM6UzrnOtc+NzrjPhc69z4POtyDOt867zrXOus+Ez4HOv869zrnOus6/z40gz4TOsc+Hz4XOtM+Bzr/OvM61zq/Ov8+FICjOhs67zrvOtc+CKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUszpHPgc65zrjOvM+Mz4IgzrrOuc69zrfPhM6/z40gKM6GzrvOu86/zrkp
+attributeDisplayNames:: b3RoZXJQYWdlcizOkc+BzrnOuM68z4zPgiDPhM63zrvOtc61zrnOtM6/z4DOv86vzrfPg863z4IgKM6GzrvOu86/zrkp
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUszpHPgc65zrjOvM+Mz4Igz4TOt867zrXPhs+Ozr3Ov8+FICjOhs67zrvOv865KQ==
+attributeDisplayNames:: cGFnZXIszpHPgc65zrjOvM+Mz4Igz4TOt867zrXOtc65zrTOv8+Azr/Or863z4POt8+C
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzOpM6vz4TOu86/z4I=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUszqTOv8+Azr/OuM61z4POr86xIM6zz4HOsc+GzrXOr86/z4U=
+attributeDisplayNames:: cG9zdGFsQ29kZSzOpM6xz4cuIM66z47OtM65zrrOsc+C
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzOpM6xz4fPhc60z4HOv868zrnOus6uIM64z4XPgc6vzrTOsQ==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLM6UzrnOtc64zr3Ors+CIM6xz4HOuc64zrzPjM+CIElTRE4=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+Ezq3Ou861zr4=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUszozOvc6/zrzOsSDPg8+Nzr3OtM61z4POt8+CICjPgM+BzrnOvSDPhM6xIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: c24szpXPgM+Ozr3Phc68zr8=
+attributeDisplayNames:: c3Qszp3Ov868z4zPgg==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzOlM65zrXPjc64z4XOvc+Dzrc=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+EzrfOu861z4bPjs69zr/PhQ==
+attributeDisplayNames:: dGVsZXhOdW1iZXIszpHPgc65zrjOvM+Mz4Igz4TOrc67zrXOviAozobOu867zr/OuSk=
+attributeDisplayNames:: dGl0bGUszqTOr8+EzrvOv8+CIM61z4HOs86xz4POr86xz4I=
+attributeDisplayNames:: dXJsLM6UzrnOtc+NzrjPhc69z4POtyDOuc+Dz4TOv8+DzrXOu86vzrTOsc+CICjOhs67zrvOtc+CKQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUszpXOvM+GzrHOvc65zrbPjM68zrXOvc6/IM+Mzr3Ov868zrE=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzOo8+EzrHOuM68zr/OryDOtc+BzrPOsc+Dzq/Osc+CIM+Dz43Ovc60zrXPg863z4I=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUszozOvc6/zrzOsSDPg8+Nzr3OtM61z4POt8+C
+attributeDisplayNames:: d1dXSG9tZVBhZ2UszpTOuc61z43OuM+Fzr3Pg863IM65z4PPhM6/z4POtc67zq/OtM6xz4I=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror Grup
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror Hizmeti
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: S3VsbGFuxLFjxLE=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIFNheWZhc8SxIEFkcmVzaQ==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsT3R1cnVtIEHDp21hIEFkxLE=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxPdHVydW0gQcOnbWEgxLDFnyDEsHN0YXN5b25sYXLEsQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsR8O2csO8bmVuIEFk
+attributeDisplayNames:: dXJsLFdlYiBTYXlmYXPEsSBBZHJlc2kgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: dGl0bGUsxLDFnyDDnG52YW7EsQ==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb24gTnVtYXJhc8Sx
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxTb2thayBBZHJlc2k=
+attributeDisplayNames:: c3QsxLBsw6dl
+attributeDisplayNames:: c24sU295YWTEsQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsT3R1cnVtIEHDp21hIEFkxLEgKFdpbmRvd3MgMjAwMCDDtm5jZXNpKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrcyBOdW1hcmFzxLE=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLFVsdXNsYXJhcmFzxLEgSVNETiBOdW1hcmFzxLE=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0YSBLdXR1c3U=
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0YSBLb2R1
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsxLDFn3llcmkgS29udW11
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxVbnZhbg==
+attributeDisplayNames:: cGFnZXIsw4dhxJ9yxLEgQ2loYXrEsSBOdW1hcmFzxLE=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbiBOdW1hcmFzxLEgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: b3RoZXJQYWdlcizDh2HEn3LEsSBDaWhhesSxIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsQ2VwIFRlbGVmb251IE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtUG9zdGEgQWRyZXNpIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIFRlbGVmb24gTnVtYXJhc8SxIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsRXYgVGVsZWZvbnUgTnVtYXJhc8SxIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmFrcyBOdW1hcmFzxLEgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: aW5mbyxOb3RsYXI=
+attributeDisplayNames:: bW9iaWxlLENlcCBUZWxlZm9udSBOdW1hcmFzxLE=
+attributeDisplayNames:: bWlkZGxlTmFtZSzEsGtpbmNpIEFk
+attributeDisplayNames:: bWVtYmVyT2Ysw5x5ZXNpIG9sdW5hbiBncnVwbGFy
+attributeDisplayNames:: bWFuYWdlcixZw7ZuZXRpY2k=
+attributeDisplayNames:: bWFpbCxFLVBvc3RhIEFkcmVzaQ==
+attributeDisplayNames:: bCzFnmVoaXI=
+attributeDisplayNames:: aXBQaG9uZSxJUCBUZWxlZm9uIE51bWFyYXPEsQ==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsVWx1c2xhcmFyYXPEsSBJU0ROIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: aW5pdGlhbHMsQmHFnyBIYXJmbGVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRXYgQWRyZXNp
+attributeDisplayNames:: aG9tZVBob25lLEV2IFRlbGVmb251
+attributeDisplayNames:: aG9tZURyaXZlLEFuYSBTw7xyw7xjw7w=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxBbmEgS2xhc8O2cg==
+attributeDisplayNames:: Z2l2ZW5OYW1lLMSwbGsgQWQ=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizDnHJldGltc2VsIFNvbmVr
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZha3MgTnVtYXJhc8Sx
+attributeDisplayNames:: ZW1wbG95ZWVJRCzDh2FsxLHFn2FuIEtpbWxpayBOdW1hcmFzxLE=
+attributeDisplayNames:: ZGl2aXNpb24sQsO2bMO8bQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCBTZcOna2luIEFkxLE=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEb8SfcnVkYW4gUmFwb3JsYXI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEYWlyZQ==
+attributeDisplayNames:: Y29tcGFueSzFnmlya2V0
+attributeDisplayNames:: Y29tbWVudCxBw6fEsWtsYW1h
+attributeDisplayNames:: Y28sw5xsa2U=
+attributeDisplayNames:: YyzDnGxrZSBLxLFzYWx0bWFzxLE=
+attributeDisplayNames:: Y24sQWTEsQ==
+attributeDisplayNames:: YXNzaXN0YW50LFlhcmTEsW1jxLE=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Grup
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIFNheWZhc8SxIEFkcmVzaQ==
+attributeDisplayNames:: dXJsLFdlYiBTYXlmYXPEsSBBZHJlc2kgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsR3J1cCBhZMSxIChXaW5kb3dzIDIwMDAgw7ZuY2VzaSk=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsxLDFn3llcmkgS29udW11
+attributeDisplayNames:: aW5mbyxOb3RsYXI=
+attributeDisplayNames:: bWVtYmVyLMOceWVsZXI=
+attributeDisplayNames:: bWFuYWdlZEJ5LFnDtm5ldGVu
+attributeDisplayNames:: bCzFnmVoaXI=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCBTZcOna2luIEFkxLE=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: YyzDnGxrZSBLxLFzYWx0bWFzxLE=
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RXRraSBBbGFuxLE=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: ZGMsQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: QmHFn3Z1cnU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIFNheWZhc8SxIEFkcmVzaQ==
+attributeDisplayNames:: dXJsLFdlYiBTYXlmYXPEsSBBZHJlc2kgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: dGl0bGUsxLDFnyDDnG52YW7EsQ==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb24gTnVtYXJhc8Sx
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxTb2thayBBZHJlc2k=
+attributeDisplayNames:: c3QsxLBsw6dl
+attributeDisplayNames:: c24sU295YWTEsQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrcyBOdW1hcmFzxLE=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLFVsdXNsYXJhcmFzxLEgSVNETiBOdW1hcmFzxLE=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0YSBLdXR1c3U=
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0YSBLb2R1
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsxLDFn3llcmkgS29udW11
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxVbnZhbg==
+attributeDisplayNames:: cGFnZXIsw4dhxJ9yxLEgQ2loYXrEsSBOdW1hcmFzxLE=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbiBOdW1hcmFzxLEgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: b3RoZXJQYWdlcizDh2HEn3LEsSBDaWhhesSxIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsQ2VwIFRlbGVmb251IE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtUG9zdGEgQWRyZXNpIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIFRlbGVmb24gTnVtYXJhc8SxIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsRXYgVGVsZWZvbnUgTnVtYXJhc8SxIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmFrcyBOdW1hcmFzxLEgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: bW9iaWxlLENlcCBUZWxlZm9udSBOdW1hcmFzxLE=
+attributeDisplayNames:: bWlkZGxlTmFtZSzEsGtpbmNpIEFk
+attributeDisplayNames:: bWVtYmVyT2Ysw5x5ZXNpIG9sdW5hbiBncnVwbGFy
+attributeDisplayNames:: bWFuYWdlcixZw7ZuZXRpY2k=
+attributeDisplayNames:: bWFpbCxFLVBvc3RhIEFkcmVzaQ==
+attributeDisplayNames:: bCzFnmVoaXI=
+attributeDisplayNames:: aXBQaG9uZSxJUCBUZWxlZm9uIE51bWFyYXPEsQ==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsVWx1c2xhcmFyYXPEsSBJU0ROIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: aW5mbyxOb3RsYXI=
+attributeDisplayNames:: aW5pdGlhbHMsQmHFnyBIYXJmbGVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRXYgQWRyZXNp
+attributeDisplayNames:: aG9tZVBob25lLEV2IFRlbGVmb251
+attributeDisplayNames:: Z2l2ZW5OYW1lLMSwbGsgQWQ=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizDnHJldGltc2VsIFNvbmVr
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZha3MgTnVtYXJhc8Sx
+attributeDisplayNames:: ZW1wbG95ZWVJRCzDh2FsxLHFn2FuIEtpbWxpayBOdW1hcmFzxLE=
+attributeDisplayNames:: ZGl2aXNpb24sQsO2bMO8bQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCBTZcOna2luIEFkxLE=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsR8O2csO8bmVuIEFk
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEb8SfcnVkYW4gUmFwb3JsYXI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEYWlyZQ==
+attributeDisplayNames:: Y29tcGFueSzFnmlya2V0
+attributeDisplayNames:: Y29tbWVudCxBw6fEsWtsYW1h
+attributeDisplayNames:: Y24sQWTEsQ==
+attributeDisplayNames:: Y28sw5xsa2U=
+attributeDisplayNames:: YyzDnGxrZSBLxLFzYWx0bWFzxLE=
+attributeDisplayNames:: YXNzaXN0YW50LFlhcmTEsW1jxLE=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RXRraSBBbGFuxLEgxLBsa2VzaQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: WWVyZWwgxLBsa2U=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Active Directory Hizmeti
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Bilgisayar
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsQmlsZ2lzYXlhciBhZMSxIChXaW5kb3dzIDIwMDAgw7ZuY2VzaSk=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizEsMWfbGV0aW0gU2lzdGVtaSBTw7xyw7xtw7w=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLMSwxZ9sZXRpbSBTaXN0ZW1p
+attributeDisplayNames:: bWFuYWdlZEJ5LFnDtm5ldGVu
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: WWF6xLFjxLE=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixOZXNuZSBTw7xyw7xtw7w=
+attributeDisplayNames:: dXJsLFdlYiBTYXlmYXPEsSBBZHJlc2k=
+attributeDisplayNames:: c2VydmVyTmFtZSxTdW51Y3UgQWTEsQ==
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxaxLFtYmFsYW1hIERlc3Rla2xlbml5b3I=
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsUGF5bGHFn8SxbSBBZMSx
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxEYWtpa2FkYWtpIFNheWZhIFNhecSxc8Sx
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxIxLF6IEJpcmltbGVyaQ==
+attributeDisplayNames:: cHJpbnRSYXRlLEjEsXo=
+attributeDisplayNames:: cHJpbnRPd25lcixTYWhpYmluaW4gQWTEsQ==
+attributeDisplayNames:: cHJpbnRNZW1vcnksWcO8a2zDvCBCZWxsZWs=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxEZXN0ZWtsZW5lbiBLYcSfxLF0IFTDvHJsZXJp
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LEt1bGxhbsSxbGFiaWxpciBLYcSfxLF0
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLEVuIELDvHnDvGsgw4fDtnrDvG7DvHJsw7xr
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxZYXrEsWPEsSBEaWxp
+attributeDisplayNames:: cHJpbnRlck5hbWUsQWTEsQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsw4dpZnQgVGFyYWZsxLEgWWF6ZMSxcm1hIERlc3Rla2xlbml5b3I=
+attributeDisplayNames:: cHJpbnRDb2xvcixSZW5rbGkgWWF6ZMSxcm1hIERlc3Rla2xlbml5b3I=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLEhhcm1hbmxhbWEgRGVzdGVrbGVuaXlvcg==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxHaXJpxZ8gVGVwc2lsZXJp
+attributeDisplayNames:: cG9ydE5hbWUsQmHEn2xhbnTEsSBOb2t0YXPEsQ==
+attributeDisplayNames:: bG9jYXRpb24sS29udW0=
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbGk=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: Y29udGFjdE5hbWUsQmHFn3Z1cnU=
+attributeDisplayNames:: YXNzZXROdW1iZXIsTWFsIE51bWFyYXPEsQ==
+attributeDisplayNames:: dU5DTmFtZSxBxJ8gQWTEsQ==
+attributeDisplayNames:: Y24sRGl6aW4gSGl6bWV0aSBBZMSx
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: QsO2bGdl
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Sunucu
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Ayarlar
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: RXRraSBBbGFuxLEgRGVuZXRsZXlpY2lzaSBBeWFybGFyxLE=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: QmHEn2xhbnTEsQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIEF5YXJsYXLEsQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIFlpbmVsZW1lIMOceWVzaQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: QWx0IEHEnw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: QsO2bGdlIEJhxJ9sYW50xLFzxLE=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: QsO2bGdlIEJhxJ9sYW50xLFzxLEgS8O2cHLDvHPDvA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: QsO2bGdlbGVyIEFyYXPEsSBBa3RhcsSxbQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: WWV0a2kgVmVybWUgQsO2bGdlc2kgQXlhcmxhcsSx
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: QsO2bGdlIEF5YXJsYXLEsQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIMOceWVzaQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS Abonesi
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS Abonelikleri
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: WWFwxLFzYWwgQmlyaW0=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LFnDtm5ldGVu
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: b3UsQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: S2Fwc2F5xLFjxLE=
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: RPC Hizmetleri
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: R8O8dmVuaWxlbiBFdGtpIEFsYW7EsQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: UGF5bGHFn3TEsXLEsWxtxLHFnyBLbGFzw7Zy
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxBxJ8gWW9sdQ==
+attributeDisplayNames:: a2V5d29yZHMsQW5haHRhciBTw7Z6Y8O8a2xlcg==
+attributeDisplayNames:: bWFuYWdlZEJ5LFnDtm5ldGVu
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSBLdXlydcSfdQ==
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSBZYXDEsWxhbmTEsXJtYXPEsQ==
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUSBLdXJ1bHXFnw==
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUSBZw7xrc2VsdGlsbWnFnyBLdWxsYW7EsWPEsQ==
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSBZw7ZubGVuZGlybWUgQmHEn2xhbnTEsXPEsQ==
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSBBeWFybGFyxLE=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUSBLdXlydWsgRGnEn2VyIEFkxLE=
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSxCacOnaW0gQWTEsQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: MSMQ Grubu
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLMOceWUgS3V5cnVrbGFyxLE=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Uzakta Depolama Hizmeti
+adminContextMenu:: MCwmWcO2bmV0Li4uLFJzQWRtaW4ubXNj
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSxQb3N0YSBLb2R1LDAsMTAwLDA=
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAgRS1Qb3N0YSBBZHJlc2ksMCwxMzAsMA==
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsS3VsbGFuxLFjxLEgb3R1cnVtIGHDp21hIGFkxLEsMCwyMDAsMA==
+extraColumns:: dGl0bGUsxLDFnyDDnG52YW7EsSwwLDEwMCww
+extraColumns:: dGFyZ2V0QWRkcmVzcyxIZWRlZiBBZHJlc2ksMCwxMDAsMA==
+extraColumns:: c3QsZHVydW0sMCwxMDAsMA==
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsxLDFn3llcmksMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQsRGXEn2nFn3RpcmlsZGksMCwxMzAsMA==
+extraColumns:: c24sU295YWTEsSwwLDEwMCww
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsQW5sxLFrIMSwbGV0aSBVUkwsMCwxNDAsMA==
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxBbmzEsWsgxLBsZXRpIEFuYSBTdW51Y3VzdSwwLDE3MCww
+extraColumns:: Z2l2ZW5OYW1lLMSwbGsgQWQsMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixFeGNoYW5nZSBQb3N0YSBLdXR1c3UgRGVwb3N1LDAsMTAwLDA=
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlIERpxJ9lciBBZMSxLDAsMTc1LDA=
+extraColumns:: bWFpbCxFLVBvc3RhIEFkcmVzaSwwLDEwMCww
+extraColumns:: c0FNQWNjb3VudE5hbWUsV2luZG93cyAyMDAwIMOWbmNlc2kgT3R1cnVtIEHDp21hIEFkxLEsMCwxMjAsMA==
+extraColumns:: ZGlzcGxheU5hbWUsR8O2csO8bmVuIEFkLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCxEYWlyZSwwLDE1MCww
+extraColumns:: YyzDnGxrZSwwLC0xLDA=
+extraColumns:: Y29tcGFueSzFnmlya2V0LDAsMTUwLDA=
+extraColumns:: bCzFnmVoaXIsMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLMSwxZ8gVGVsZWZvbnUsMCwxMDAsMA==
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QsO2bGdlbGVyIEthcHNhecSxY8Sxc8Sx
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QsO2bGdlbGVyIEFyYXPEsSBBa3RhcsSxbWxhciBLYXBzYXnEsWPEsXPEsQ==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWx0IEHEn2xhciBLYXBzYXnEsWPEsXPEsQ==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U3VudWN1bGFyIEthcHNhecSxY8Sxc8Sx
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Active Directory Hizmeti
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U29yZ3UgxLBsa2VzaQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: WWFiYW5jxLEgR8O8dmVubGlrIFNvcnVtbHVzdQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: U2VydGlmaWthIMWeYWJsb251
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns: lastKnownParent,Bilinen Son Anababa,1,300,0
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LFlhcmTEsW1jxLE=
+attributeDisplayNames:: Y24sQWTEsQ==
+attributeDisplayNames:: YyzDnGxrZSBLxLFzYWx0bWFzxLE=
+attributeDisplayNames:: Y28sw5xsa2U=
+attributeDisplayNames:: Y29tbWVudCxBw6fEsWtsYW1h
+attributeDisplayNames:: Y29tcGFueSzFnmlya2V0
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEYWlyZQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sVGFuxLFt
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEb8SfcnVkYW4gUmFwb3JsYXI=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCBTZcOna2luIEFkxLE=
+attributeDisplayNames:: ZGl2aXNpb24sQsO2bMO8bQ==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzDh2FsxLHFn2FuIEtpbWxpayBOdW1hcmFzxLE=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZha3MgTnVtYXJhc8Sx
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizDnHJldGltc2VsIFNvbmVr
+attributeDisplayNames:: Z2l2ZW5OYW1lLMSwbGsgQWQ=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxBbmEgS2xhc8O2cg==
+attributeDisplayNames:: aG9tZURyaXZlLEFuYSBTw7xyw7xjw7w=
+attributeDisplayNames:: aG9tZVBob25lLEV2IFRlbGVmb251
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRXYgQWRyZXNp
+attributeDisplayNames:: aW5pdGlhbHMsQmHFnyBIYXJmbGVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsVWx1c2xhcmFyYXPEsSBJU0ROIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: aXBQaG9uZSxJUCBUZWxlZm9uIE51bWFyYXPEsQ==
+attributeDisplayNames:: bCzFnmVoaXI=
+attributeDisplayNames:: bWFpbCxFLVBvc3RhIEFkcmVzaQ==
+attributeDisplayNames:: bWFuYWdlcixZw7ZuZXRpY2k=
+attributeDisplayNames:: bWVtYmVyT2Ysw5x5ZXNpIG9sdW5hbiBncnVwbGFy
+attributeDisplayNames:: bWlkZGxlTmFtZSzEsGtpbmNpIEFk
+attributeDisplayNames:: bW9iaWxlLENlcCBUZWxlZm9udSBOdW1hcmFzxLE=
+attributeDisplayNames:: aW5mbyxOb3RsYXI=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmFrcyBOdW1hcmFzxLEgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsRXYgVGVsZWZvbnUgTnVtYXJhc8SxIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIFRlbGVmb24gTnVtYXJhc8SxIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtUG9zdGEgQWRyZXNpIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsQ2VwIFRlbGVmb251IE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: b3RoZXJQYWdlcizDh2HEn3LEsSBDaWhhesSxIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbiBOdW1hcmFzxLEgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: cGFnZXIsw4dhxJ9yxLEgQ2loYXrEsSBOdW1hcmFzxLE=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxVbnZhbg==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsxLDFn3llcmkgS29udW11
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0YSBLb2R1
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0YSBLdXR1c3U=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLFVsdXNsYXJhcmFzxLEgSVNETiBOdW1hcmFzxLE=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrcyBOdW1hcmFzxLE=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsT3R1cnVtIEHDp21hIEFkxLEgKFdpbmRvd3MgMjAwMCDDtm5jZXNpKQ==
+attributeDisplayNames:: c24sU295YWTEsQ==
+attributeDisplayNames:: c3QsxLBsw6dl
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxTb2thayBBZHJlc2k=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb24gTnVtYXJhc8Sx
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: dGl0bGUsxLDFnyDDnG52YW7EsQ==
+attributeDisplayNames:: dXJsLFdlYiBTYXlmYXPEsSBBZHJlc2kgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: ZGlzcGxheU5hbWUsR8O2csO8bmVuIEFk
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxPdHVydW0gQcOnbWEgxLDFnyDEsHN0YXN5b25sYXLEsQ==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsT3R1cnVtIEHDp21hIEFkxLE=
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIFNheWZhc8SxIEFkcmVzaQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Gruppo IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: Servizio IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Utente
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsSW5kaXJpenpvIHBhZ2luYSBXZWI=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBkaSBhY2Nlc3Nv
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxBY2Nlc3NvIGFsbGUgd29ya3N0YXRpb24=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzdWFsaXp6YSBub21l
+attributeDisplayNames:: dXJsLEluZGlyaXp6byBwYWdpbmUgV2ViIChhbHRyaSk=
+attributeDisplayNames:: dGl0bGUsUG9zaXppb25l
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtZXJvIHRlbGV4IChhbHRyaSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bWVybyBkaSB0ZWxlZm9ubw==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxJbmRpcml6em8=
+attributeDisplayNames:: c3QsUHJvdmluY2lh
+attributeDisplayNames:: c24sQ29nbm9tZQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBhY2Nlc3NvIChwcmUtV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bWVybyB0ZWxleA==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE51bWVybyBJU0ROIGludGVybmF6aW9uYWxl
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxDYXNlbGxhIHVmZmljaW8gcG9zdGFsZQ==
+attributeDisplayNames:: cG9zdGFsQ29kZSxDQVA=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWJpY2F6aW9uZSB1ZmZpY2lv
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRvbG8=
+attributeDisplayNames:: cGFnZXIsTnVtZXJvIHBhZ2Vy
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtZXJvIHRlbGVmb25pY28gdWZmaWNpbyAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW1lcm8gcGFnZXIgKGFsdHJpKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtZXJvIHRlbGVmb25pY28gY2VsbHVsYXJlIChhbHRyaSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEluZGlyaXp6byBwb3N0YSBlbGV0dHJvbmljYSAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bWVybyB0ZWxlZm9uaWNvIElQIChhbHRyaSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtZXJvIHRlbGVmb25vIGFiaXRhemlvbmUgKGFsdHJpKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtZXJvIGZheCAoYWx0cmkp
+attributeDisplayNames:: aW5mbyxOb3Rl
+attributeDisplayNames:: bW9iaWxlLE51bWVybyB0ZWxlZm9uaWNvIGNlbGx1bGFyZQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWNvbmRvIG5vbWU=
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJvIGRp
+attributeDisplayNames:: bWFuYWdlcixNYW5hZ2Vy
+attributeDisplayNames:: bWFpbCxJbmRpcml6em8gcG9zdGEgZWxldHRyb25pY2E=
+attributeDisplayNames:: bCxDaXR0w6A=
+attributeDisplayNames:: aXBQaG9uZSxOdW1lcm8gdGVsZWZvbmljbyBJUA==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTnVtZXJvIElTRE4gaW50ZXJuYXppb25hbGUgKGFsdHJpKQ==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pemlhbGk=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsSW5kaXJpenpvIChhYml0YXppb25lKQ==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25vIChhYi4p
+attributeDisplayNames:: aG9tZURyaXZlLFVuaXTDoCBwcmluY2lwYWxl
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxDYXJ0ZWxsYSBwcmluY2lwYWxl
+attributeDisplayNames:: Z2l2ZW5OYW1lLE5vbWU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZmaXNzbyBnZW5lcmF6aW9uYWxl
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bWVybyBmYXg=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJRCBpbXBpZWdhdG8=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb25l
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBkaXN0aW50byBYNTAw
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxTdWJhbHRlcm5p
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpemlvbmU=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEaXBhcnRpbWVudG8=
+attributeDisplayNames:: Y29tcGFueSxTb2NpZXTDoA==
+attributeDisplayNames:: Y29tbWVudCxDb21tZW50bw==
+attributeDisplayNames:: Y28sUGFlc2U=
+attributeDisplayNames:: YyxBYmJyZXZpYXppb25lIHBhZXNl
+attributeDisplayNames:: Y24sTm9tZSB1dGVudGU=
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Gruppo
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsSW5kaXJpenpvIHBhZ2luYSBXZWI=
+attributeDisplayNames:: dXJsLEluZGlyaXp6byBwYWdpbmUgV2ViIChhbHRyaSk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBncnVwcG8gKHByZS1XaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWJpY2F6aW9uZSB1ZmZpY2lv
+attributeDisplayNames:: aW5mbyxOb3Rl
+attributeDisplayNames:: bWVtYmVyLE1lbWJyaQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlc3RpdG8gZGE=
+attributeDisplayNames:: bCxDaXR0w6A=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBkaXN0aW50byBYNTAw
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpemlvbmU=
+attributeDisplayNames:: YyxBYmJyZXZpYXppb25lIHBhZXNl
+attributeDisplayNames:: Y24sTm9tZSB1dGVudGU=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Dominio
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: dc,Nome utente
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contatto
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsSW5kaXJpenpvIHBhZ2luYSBXZWI=
+attributeDisplayNames:: dXJsLEluZGlyaXp6byBwYWdpbmUgV2ViIChhbHRyaSk=
+attributeDisplayNames:: dGl0bGUsUG9zaXppb25l
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtZXJvIHRlbGV4IChhbHRyaSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bWVybyBkaSB0ZWxlZm9ubw==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxJbmRpcml6em8=
+attributeDisplayNames:: c3QsUHJvdmluY2lh
+attributeDisplayNames:: c24sQ29nbm9tZQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bWVybyB0ZWxleA==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE51bWVybyBJU0ROIGludGVybmF6aW9uYWxl
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxDYXNlbGxhIHVmZmljaW8gcG9zdGFsZQ==
+attributeDisplayNames:: cG9zdGFsQ29kZSxDQVA=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWJpY2F6aW9uZSB1ZmZpY2lv
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRvbG8=
+attributeDisplayNames:: cGFnZXIsTnVtZXJvIHBhZ2Vy
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtZXJvIHRlbGVmb25pY28gdWZmaWNpbyAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW1lcm8gcGFnZXIgKGFsdHJpKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtZXJvIHRlbGVmb25pY28gY2VsbHVsYXJlIChhbHRyaSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEluZGlyaXp6byBwb3N0YSBlbGV0dHJvbmljYSAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bWVybyB0ZWxlZm9uaWNvIElQIChhbHRyaSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtZXJvIHRlbGVmb25vIGFiaXRhemlvbmUgKGFsdHJpKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtZXJvIGZheCAoYWx0cmkp
+attributeDisplayNames:: bW9iaWxlLE51bWVybyB0ZWxlZm9uaWNvIGNlbGx1bGFyZQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWNvbmRvIG5vbWU=
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJvIGRp
+attributeDisplayNames:: bWFuYWdlcixNYW5hZ2Vy
+attributeDisplayNames:: bWFpbCxJbmRpcml6em8gcG9zdGEgZWxldHRyb25pY2E=
+attributeDisplayNames:: bCxDaXR0w6A=
+attributeDisplayNames:: aXBQaG9uZSxOdW1lcm8gdGVsZWZvbmljbyBJUA==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTnVtZXJvIElTRE4gaW50ZXJuYXppb25hbGUgKGFsdHJpKQ==
+attributeDisplayNames:: aW5mbyxOb3Rl
+attributeDisplayNames:: aW5pdGlhbHMsSW5pemlhbGk=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsSW5kaXJpenpvIChhYml0YXppb25lKQ==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25vIChhYi4p
+attributeDisplayNames:: Z2l2ZW5OYW1lLE5vbWU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZmaXNzbyBnZW5lcmF6aW9uYWxl
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bWVybyBmYXg=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJRCBpbXBpZWdhdG8=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb25l
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBkaXN0aW50byBYNTAw
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzdWFsaXp6YSBub21l
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxTdWJhbHRlcm5p
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpemlvbmU=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEaXBhcnRpbWVudG8=
+attributeDisplayNames:: Y29tcGFueSxTb2NpZXTDoA==
+attributeDisplayNames:: Y29tbWVudCxDb21tZW50bw==
+attributeDisplayNames:: Y24sTm9tZSB1dGVudGU=
+attributeDisplayNames:: Y28sUGFlc2U=
+attributeDisplayNames:: YyxBYmJyZXZpYXppb25lIHBhZXNl
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Criteri dominio
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Criteri locali
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Servizio Active Directory
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Computer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: samAccountName,Nome computer (pre-Windows 2000)
+attributeDisplayNames: operatingSystemVersion,Vesione sistema operativo
+attributeDisplayNames: operatingSystem,Sistema operativo
+attributeDisplayNames: managedBy,Gestito da
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome utente
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Stampante
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixWZXJzaW9uZSBvZ2dldHRv
+attributeDisplayNames:: dXJsLEluZGlyaXp6byBwYWdpbmEgV2Vi
+attributeDisplayNames:: c2VydmVyTmFtZSxOb21lIHNlcnZlcg==
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxTdXBwb3J0YSBncmFmZmV0dGF0dXJh
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTm9tZSBjb25kaXZpc2lvbmU=
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxQYWdpbmUgYWwgbWludXRv
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxVbml0w6AgdmVsb2NpdMOg
+attributeDisplayNames:: cHJpbnRSYXRlLFZlbG9jaXTDoA==
+attributeDisplayNames:: cHJpbnRPd25lcixOb21lIHByb3ByaWV0YXJpbw==
+attributeDisplayNames:: cHJpbnRNZW1vcnksTWVtb3JpYSBpbnN0YWxsYXRh
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxUaXBpIGRpIGZvZ2xpIHN1cHBvcnRhdGk=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LEZvZ2xpIGRpc3BvbmliaWxp
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLFJpc29sdXppb25lIG1hc3NpbWE=
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxMaW5ndWFnZ2lvIHN0YW1wYW50ZQ==
+attributeDisplayNames:: cHJpbnRlck5hbWUsTm9tZSB1dGVudGU=
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsU3VwcG9ydGEgbGEgc3RhbXBhIGZyb250ZS1yZXRybw==
+attributeDisplayNames:: cHJpbnRDb2xvcixTdXBwb3J0YSBsYSBzdGFtcGEgYSBjb2xvcmk=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFN1cHBvcnRhIGxhIGZhc2NpY29sYXppb25l
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxDYXNzZXR0aSBkaSBpbnB1dA==
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydGE=
+attributeDisplayNames:: bG9jYXRpb24sTG9jYWxpdMOgIGRpIGNoaWFtYXRh
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbGxv
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQ29tbWVudG8=
+attributeDisplayNames:: Y29udGFjdE5hbWUsQ29udGF0dG8=
+attributeDisplayNames:: YXNzZXROdW1iZXIsTnVtZXJvIGFzc2V0
+attributeDisplayNames:: dU5DTmFtZSxOb21lIHJldGU=
+attributeDisplayNames:: Y24sTm9tZSBzZXJ2aXppbyBkaXJlY3Rvcnk=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Sito
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Impostazioni
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Impostazioni controller di dominio
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Connessione
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Impostazioni FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Insieme di replica FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Subnet
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Collegamento di sito
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Ponte di collegamento di sito
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Trasporto tra siti
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Impostazioni sito licenze
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName: Impostazioni sito
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Membro FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Sottoscrittore FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Sottoscrizioni FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VW5pdMOgIG9yZ2FuaXp6YXRpdmE=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: managedBy,Gestito da
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: ou,Nome utente
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contenitore
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome utente
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Servizi RPC
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome utente
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Dominio trusted
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome utente
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Cartella condivisa
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: uNCName,Percorso di rete
+attributeDisplayNames: keywords,Parole chiave
+attributeDisplayNames: managedBy,Gestito da
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome utente
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: Coda MSMQ
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: Configurazione MSMQ
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: Organizzazione MSMQ
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName: Utente aggiornato a MSMQ
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: Collegamento di routing MSMQ
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName: Impostazioni MSMQ
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: Alias coda MSMQ
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Nome formato
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome utente
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: Gruppo MSMQ
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames: member,Code membri
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome utente
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Servizio di archiviazione remota
+adminContextMenu: 0,&Gestisci...,RsAdmin.msc
+attributeDisplayNames: cn,Nome utente
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome utente
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSxDLkEuUC4sMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsSW5kaXJpenpvIGRpIHBvc3RhIGVsZXR0cm9uaWNhIFguNDAwLDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBhY2Nlc3NvIHV0ZW50ZSwwLDIwMCww
+extraColumns:: dGl0bGUsUG9zaXppb25lLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyxJbmRpcml6em8gZGkgZGVzdGluYXppb25lLDAsMTAwLDA=
+extraColumns:: c3QsU3RhdG8sMCwxMDAsMA==
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWZmaWNpbywwLDEwMCww
+extraColumns:: d2hlbkNoYW5nZWQsTW9kaWZpY2F0bywwLDEzMCww
+extraColumns:: c24sQ29nbm9tZSwwLDEwMCww
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMIHBlciBtZXNzYWdnaXN0aWNhIGlzdGFudGFuZWEsMCwxNDAsMA==
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxTZXJ2ZXIgcHJpbmNpcGFsZSBwZXIgbWVzc2FnZ2lzdGljYSBpc3RhbnRhbmVhLDAsMTcwLDA=
+extraColumns:: Z2l2ZW5OYW1lLE5vbWUsMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixBcmNoaXZpbyBjYXNzZXR0YSBwb3N0YWxlIGRpIEV4Y2hhbmdlLDAsMTAwLDA=
+extraColumns:: bWFpbE5pY2tuYW1lLEFsaWFzIGRpIEV4Y2hhbmdlLDAsMTc1LDA=
+extraColumns:: bWFpbCxJbmRpcml6em8gcG9zdGEgZWxldHRyb25pY2EsMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsTm9tZSBkaSBhY2Nlc3NvIHByZWNlZGVudGUgYSBXaW5kb3dzIDIwMDAsMCwxMjAsMA==
+extraColumns:: ZGlzcGxheU5hbWUsVmlzdWFsaXp6YSBub21lLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCxEaXBhcnRpbWVudG8sMCwxNTAsMA==
+extraColumns:: YyxQYWVzZSwwLC0xLDA=
+extraColumns:: Y29tcGFueSxTb2NpZXTDoCwwLDE1MCww
+extraColumns:: bCxDaXR0w6AsMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25vIHVmZmljaW8sMCwxMDAsMA==
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenitore Siti
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenitore Trasporti tra siti
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenitore Subnet
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenitore server
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Servizio Active Directory
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Criteri ricerca
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Responsabili esterni protezione
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome utente
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Modello di certificato
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome utente
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome utente
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns: lastKnownParent,Ultimo genitore conosciuto,1,300,0
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+attributeDisplayNames:: Y24sTm9tZSB1dGVudGU=
+attributeDisplayNames:: YyxBYmJyZXZpYXppb25lIHBhZXNl
+attributeDisplayNames:: Y28sUGFlc2U=
+attributeDisplayNames:: Y29tbWVudCxDb21tZW50bw==
+attributeDisplayNames:: Y29tcGFueSxTb2NpZXTDoA==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEaXBhcnRpbWVudG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpemlvbmU=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxTdWJhbHRlcm5p
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBkaXN0aW50byBYNTAw
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb25l
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJRCBpbXBpZWdhdG8=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bWVybyBmYXg=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZmaXNzbyBnZW5lcmF6aW9uYWxl
+attributeDisplayNames:: Z2l2ZW5OYW1lLE5vbWU=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxDYXJ0ZWxsYSBwcmluY2lwYWxl
+attributeDisplayNames:: aG9tZURyaXZlLFVuaXTDoCBwcmluY2lwYWxl
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25vIChhYi4p
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsSW5kaXJpenpvIChhYml0YXppb25lKQ==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pemlhbGk=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTnVtZXJvIElTRE4gaW50ZXJuYXppb25hbGUgKGFsdHJpKQ==
+attributeDisplayNames:: aXBQaG9uZSxOdW1lcm8gdGVsZWZvbmljbyBJUA==
+attributeDisplayNames:: bCxDaXR0w6A=
+attributeDisplayNames:: bWFpbCxJbmRpcml6em8gcG9zdGEgZWxldHRyb25pY2E=
+attributeDisplayNames:: bWFuYWdlcixNYW5hZ2Vy
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJvIGRp
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWNvbmRvIG5vbWU=
+attributeDisplayNames:: bW9iaWxlLE51bWVybyB0ZWxlZm9uaWNvIGNlbGx1bGFyZQ==
+attributeDisplayNames:: aW5mbyxOb3Rl
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtZXJvIGZheCAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtZXJvIHRlbGVmb25vIGFiaXRhemlvbmUgKGFsdHJpKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bWVybyB0ZWxlZm9uaWNvIElQIChhbHRyaSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEluZGlyaXp6byBwb3N0YSBlbGV0dHJvbmljYSAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtZXJvIHRlbGVmb25pY28gY2VsbHVsYXJlIChhbHRyaSk=
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW1lcm8gcGFnZXIgKGFsdHJpKQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtZXJvIHRlbGVmb25pY28gdWZmaWNpbyAoYWx0cmkp
+attributeDisplayNames:: cGFnZXIsTnVtZXJvIHBhZ2Vy
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRvbG8=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWJpY2F6aW9uZSB1ZmZpY2lv
+attributeDisplayNames:: cG9zdGFsQ29kZSxDQVA=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxDYXNlbGxhIHVmZmljaW8gcG9zdGFsZQ==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE51bWVybyBJU0ROIGludGVybmF6aW9uYWxl
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bWVybyB0ZWxleA==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBhY2Nlc3NvIChwcmUtV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: c24sQ29nbm9tZQ==
+attributeDisplayNames:: c3QsUHJvdmluY2lh
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxJbmRpcml6em8=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bWVybyBkaSB0ZWxlZm9ubw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtZXJvIHRlbGV4IChhbHRyaSk=
+attributeDisplayNames:: dGl0bGUsUG9zaXppb25l
+attributeDisplayNames:: dXJsLEluZGlyaXp6byBwYWdpbmUgV2ViIChhbHRyaSk=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzdWFsaXp6YSBub21l
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxBY2Nlc3NvIGFsbGUgd29ya3N0YXRpb24=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBkaSBhY2Nlc3Nv
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsSW5kaXJpenpvIHBhZ2luYSBXZWI=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvciDnvqTntYQ=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvciDmnI3li5k=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5L2/55So6ICF
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us57ay5Z2A
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs55m75YWl5ZCN56ix
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyznmbvlhaXlt6XkvZznq5k=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs6aGv56S65ZCN56ix
+attributeDisplayNames:: dXJsLOe2suWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: dGl0bGUs5bel5L2c6IG356ix
+attributeDisplayNames:: dGVsZXhOdW1iZXIs6Zu75YKz6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOmbu+ipseiZn+eivA==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzooZfpgZPlnLDlnYA=
+attributeDisplayNames:: c3Qs55yB
+attributeDisplayNames:: c24s5aeT5rCP
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs55m75YWl5ZCN56ixIChXaW5kb3dzIDIwMDAg5YmN54mIKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOmbu+WCs+iZn+eivA==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWci+mamyBJU0ROIOiZn+eivA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzpg7XmlL/kv6HnrrE=
+attributeDisplayNames:: cG9zdGFsQ29kZSzpg7XpgZ7ljYDomZ8=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs6L6m5YWs5Zyw6bue
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSznqLHorII=
+attributeDisplayNames:: cGFnZXIs5ZG85Y+r5Zmo6Jmf56K8
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJQYWdlcizlkbzlj6vlmajomZ/norwgKOWFtuS7lik=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs6KGM5YuV6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOmbu+WtkOmDteS7tuWcsOWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOmbu+ipseiZn+eivCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs5L2P5a6F6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs5YKz55yf6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: aW5mbyzms6jmhI/kuovpoIU=
+attributeDisplayNames:: bW9iaWxlLOihjOWLlembu+ipseiZn+eivA==
+attributeDisplayNames:: bWlkZGxlTmFtZSzkuK3plpPlkI3lrZc=
+attributeDisplayNames:: bWVtYmVyT2Ys6Zq45bGs5pa8
+attributeDisplayNames:: bWFuYWdlcizkuLvnrqE=
+attributeDisplayNames:: bWFpbCzpm7vlrZDpg7Xku7blnLDlnYA=
+attributeDisplayNames:: bCznuKMv5biC
+attributeDisplayNames:: aXBQaG9uZSxJUCDpm7voqbHomZ/norw=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5ZyL6ZqbIElTRE4g6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: aW5pdGlhbHMs57iu5a+r5ZCN
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms5L2P5a625Zyw5Z2A
+attributeDisplayNames:: aG9tZVBob25lLOS9j+Wuhembu+ipsQ==
+attributeDisplayNames:: aG9tZURyaXZlLOS4u+ebrumMhOejgeeinw==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzkuLvnm67pjITos4fmlpnlpL4=
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjeWtlw==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizkuJbopbLnqLHorII=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLOWCs+ecn+iZn+eivA==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzlk6Hlt6XorZjliKXnorw=
+attributeDisplayNames:: ZGl2aXNpb24s6JmV
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDovqjliKXlkI3nqLE=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXpg6jlsaw=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jploA=
+attributeDisplayNames:: Y29tcGFueSzlhazlj7g=
+attributeDisplayNames:: Y29tbWVudCzoqLvop6M=
+attributeDisplayNames:: Y28s5ZyL5a62KOWcsOWNgCk=
+attributeDisplayNames:: YyzlnIvlrrYo5Zyw5Y2AKee4ruWvqw==
+attributeDisplayNames:: Y24s5ZCN56ix
+attributeDisplayNames:: YXNzaXN0YW50LOWKqeeQhg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 576k57WE
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us57ay5Z2A
+attributeDisplayNames:: dXJsLOe2suWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs576k57WE5ZCN56ixIChXaW5kb3dzIDIwMDAg5YmN54mIKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs6L6m5YWs5Zyw6bue
+attributeDisplayNames:: aW5mbyzms6jmhI/kuovpoIU=
+attributeDisplayNames:: bWVtYmVyLOaIkOWToQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: bCznuKMv5biC
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDovqjliKXlkI3nqLE=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: YyzlnIvlrrYo5Zyw5Y2AKee4ruWvqw==
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 57ay5Z+f
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGMs5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 6YCj57Wh5Lq6
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us57ay5Z2A
+attributeDisplayNames:: dXJsLOe2suWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: dGl0bGUs5bel5L2c6IG356ix
+attributeDisplayNames:: dGVsZXhOdW1iZXIs6Zu75YKz6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOmbu+ipseiZn+eivA==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzooZfpgZPlnLDlnYA=
+attributeDisplayNames:: c3Qs55yB
+attributeDisplayNames:: c24s5aeT5rCP
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOmbu+WCs+iZn+eivA==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWci+mamyBJU0ROIOiZn+eivA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzpg7XmlL/kv6HnrrE=
+attributeDisplayNames:: cG9zdGFsQ29kZSzpg7XpgZ7ljYDomZ8=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs6L6m5YWs5Zyw6bue
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSznqLHorII=
+attributeDisplayNames:: cGFnZXIs5ZG85Y+r5Zmo6Jmf56K8
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJQYWdlcizlkbzlj6vlmajomZ/norwgKOWFtuS7lik=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs6KGM5YuV6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOmbu+WtkOmDteS7tuWcsOWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOmbu+ipseiZn+eivCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs5L2P5a6F6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs5YKz55yf6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: bW9iaWxlLOihjOWLlembu+ipseiZn+eivA==
+attributeDisplayNames:: bWlkZGxlTmFtZSzkuK3plpPlkI3lrZc=
+attributeDisplayNames:: bWVtYmVyT2Ys6Zq45bGs5pa8
+attributeDisplayNames:: bWFuYWdlcizkuLvnrqE=
+attributeDisplayNames:: bWFpbCzpm7vlrZDpg7Xku7blnLDlnYA=
+attributeDisplayNames:: bCznuKMv5biC
+attributeDisplayNames:: aXBQaG9uZSxJUCDpm7voqbHomZ/norw=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5ZyL6ZqbIElTRE4g6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: aW5mbyzms6jmhI/kuovpoIU=
+attributeDisplayNames:: aW5pdGlhbHMs57iu5a+r5ZCN
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms5L2P5a625Zyw5Z2A
+attributeDisplayNames:: aG9tZVBob25lLOS9j+Wuhembu+ipsQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjeWtlw==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizkuJbopbLnqLHorII=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLOWCs+ecn+iZn+eivA==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzlk6Hlt6XorZjliKXnorw=
+attributeDisplayNames:: ZGl2aXNpb24s6JmV
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDovqjliKXlkI3nqLE=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs6aGv56S65ZCN56ix
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXpg6jlsaw=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jploA=
+attributeDisplayNames:: Y29tcGFueSzlhazlj7g=
+attributeDisplayNames:: Y29tbWVudCzoqLvop6M=
+attributeDisplayNames:: Y24s5ZCN56ix
+attributeDisplayNames:: Y28s5ZyL5a62KOWcsOWNgCk=
+attributeDisplayNames:: YyzlnIvlrrYo5Zyw5Y2AKee4ruWvqw==
+attributeDisplayNames:: YXNzaXN0YW50LOWKqeeQhg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 57ay5Z+f5Y6f5YmH
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5pys5qmf5Y6f5YmH
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5pyN5YuZ
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 6Zu76IWm
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs6Zu76IWm5ZCN56ixIChXaW5kb3dzIDIwMDAg5YmN54mIKQ==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizkvZzmpa3ns7vntbHniYjmnKw=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLOS9nOalreezu+e1sQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5Y2w6KGo5qmf
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlciznianku7bniYjmnKw=
+attributeDisplayNames:: dXJsLOe2suWdgA==
+attributeDisplayNames:: c2VydmVyTmFtZSzkvLrmnI3lmajlkI3nqLE=
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzmlK/mj7Too53oqII=
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUs5YWx55So5ZCN56ix
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzpoIEv5YiG6ZCY
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzpgJ/luqbllq7kvY0=
+attributeDisplayNames:: cHJpbnRSYXRlLOmAn+W6pg==
+attributeDisplayNames:: cHJpbnRPd25lcizmk4HmnInogIXlkI3nqLE=
+attributeDisplayNames:: cHJpbnRNZW1vcnks5bey5a6J6KOd55qE6KiY5oa26auU
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzmlK/mj7TnmoTntJnlvLXpoZ7lnos=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LOWPr+S9v+eUqOe0meW8tQ==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLOacgOWkp+ino+aekOW6pg==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSzljbDooajmqZ/oqp7oqIA=
+attributeDisplayNames:: cHJpbnRlck5hbWUs5ZCN56ix
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQs5pSv5o+06ZuZ6Z2i5YiX5Y2w
+attributeDisplayNames:: cHJpbnRDb2xvcizmlK/mj7TlvanoibLliJfljbA=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLOaUr+aPtOagoeWwjQ==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzpgIHntJnljKM=
+attributeDisplayNames:: cG9ydE5hbWUs6YCj5o6l5Z+g
+attributeDisplayNames:: bG9jYXRpb24s5L2N572u
+attributeDisplayNames:: ZHJpdmVyTmFtZSzlnovomZ8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Ki76Kej
+attributeDisplayNames:: Y29udGFjdE5hbWUs6YCj57Wh5Lq6
+attributeDisplayNames:: YXNzZXROdW1iZXIs6LOH55Si57eo6Jmf
+attributeDisplayNames:: dU5DTmFtZSzntrLot6/lkI3nqLE=
+attributeDisplayNames:: Y24s55uu6YyE5pyN5YuZ5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 56uZ5Y+w
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 5Ly65pyN5Zmo
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 6Kit5a6a5YC8
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 57ay5Z+f5o6n5Yi256uZ6Kit5a6a
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 6YCj57ea
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOioreWumuWAvA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOikh+Wvq+e1hA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 5a2Q57ay6Lev
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 57ay56uZ6YCj57WQ
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 57ay56uZ6YCj57WQ5qmL5o6l5Zmo
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 56uZ5Y+w6ZaT5YKz6Ly4
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 5o6I5qyK57ay56uZ6Kit5a6a5YC8
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: 56uZ5Y+w6Kit5a6a5YC8
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOaIkOWToQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOioguaItg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOiogumWsQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 57WE57mU5Zau5L2N
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: b3Us5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5a655Y2A
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UlBDIOacjeWLmQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 5Y+X5L+h5Lu755qE57ay5Z+f
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5YWx55So6LOH5paZ5aS+
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSzntrLot6/ot6/lvpE=
+attributeDisplayNames:: a2V5d29yZHMs6Zec6Y215a2X
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDkvYfliJc=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDntYTmhYs=
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ Enterprise
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUSDljYfntJrkvb/nlKjogIU=
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDot6/nlLHpgKPntZA=
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDoqK3lrprlgLw=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUSDot6/nlLHliKXlkI0=
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSzmoLzlvI/lkI3nqLE=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: TVNNUSDnvqTntYQ=
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLOaIkOWToeS9h+WIlw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 6YGg56uv5a2Y5pS+5pyN5YuZ
+adminContextMenu:: MCznrqHnkIYoJk0pLi4uLFJzQWRtaW4ubXNj
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSzpg7XpgZ7ljYDomZ8sMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAg6Zu75a2Q6YO15Lu25Zyw5Z2ALDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUs5L2/55So6ICF55m75YWl5ZCN56ixLDAsMjAwLDA=
+extraColumns:: dGl0bGUs5bel5L2c6IG356ixLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyznm67mqJnkvY3lnYAsMCwxMDAsMA==
+extraColumns:: c3Qs55yBLDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs6L6m5YWs5a6kLDAsMTAwLDA=
+extraColumns:: d2hlbkNoYW5nZWQs5L+u5pS55pel5pyfLDAsMTMwLDA=
+extraColumns:: c24s5aeT5rCPLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkws56uL5Y2z6KiK5oGvIFVSTCwwLDE0MCww
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCznq4vljbPoqIrmga/kuLvkvLrmnI3lmagsMCwxNzAsMA==
+extraColumns:: Z2l2ZW5OYW1lLOWQjeWtlywwLDEwMCww
+extraColumns:: aG9tZU1EQixFeGNoYW5nZSDkv6HnrrHlrZjmlL7ljYAsMCwxMDAsMA==
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlIOWIpeWQjSwwLDE3NSww
+extraColumns:: bWFpbCzpm7vlrZDpg7Xku7blnLDlnYAsMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsV2luZG93cyAyMDAwIOWJjeeJiOeZu+WFpeWQjeeosSwwLDEyMCww
+extraColumns:: ZGlzcGxheU5hbWUs6aGv56S65ZCN56ixLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCzpg6jploAsMCwxNTAsMA==
+extraColumns:: YyzlnIvlrrYo5Zyw5Y2AKSwwLC0xLDA=
+extraColumns:: Y29tcGFueSzlhazlj7gsMCwxNTAsMA==
+extraColumns:: bCznuKMv5biCLDAsMTUwLDA=
+extraColumns:: dGVsZXBob25lTnVtYmVyLOWFrOWPuOmbu+ipsSwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 57ay56uZ5a655Y2A
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 56uZ5Y+w6ZaT5YKz6Ly45a655Y2A
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 5a2Q57ay6Lev5a655Y2A
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 5Ly65pyN5Zmo5a655Y2A
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeSDmnI3li5k=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 5p+l6Kmi5Y6f5YmH
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 5aSW6YOo5a6J5YWo5oCn5Y6f5YmH
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: 5oaR6K2J56+E5pys
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LOS4iuasoeW3suefpeeItuezuywxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LOWKqeeQhg==
+attributeDisplayNames:: Y24s5ZCN56ix
+attributeDisplayNames:: YyzlnIvlrrYo5Zyw5Y2AKee4ruWvqw==
+attributeDisplayNames:: Y28s5ZyL5a62KOWcsOWNgCk=
+attributeDisplayNames:: Y29tbWVudCzoqLvop6M=
+attributeDisplayNames:: Y29tcGFueSzlhazlj7g=
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jploA=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXpg6jlsaw=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDovqjliKXlkI3nqLE=
+attributeDisplayNames:: ZGl2aXNpb24s6JmV
+attributeDisplayNames:: ZW1wbG95ZWVJRCzlk6Hlt6XorZjliKXnorw=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLOWCs+ecn+iZn+eivA==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizkuJbopbLnqLHorII=
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjeWtlw==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzkuLvnm67pjITos4fmlpnlpL4=
+attributeDisplayNames:: aG9tZURyaXZlLOS4u+ebrumMhOejgeeinw==
+attributeDisplayNames:: aG9tZVBob25lLOS9j+Wuhembu+ipsQ==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms5L2P5a625Zyw5Z2A
+attributeDisplayNames:: aW5pdGlhbHMs57iu5a+r5ZCN
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5ZyL6ZqbIElTRE4g6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: aXBQaG9uZSxJUCDpm7voqbHomZ/norw=
+attributeDisplayNames:: bCznuKMv5biC
+attributeDisplayNames:: bWFpbCzpm7vlrZDpg7Xku7blnLDlnYA=
+attributeDisplayNames:: bWFuYWdlcizkuLvnrqE=
+attributeDisplayNames:: bWVtYmVyT2Ys6Zq45bGs5pa8
+attributeDisplayNames:: bWlkZGxlTmFtZSzkuK3plpPlkI3lrZc=
+attributeDisplayNames:: bW9iaWxlLOihjOWLlembu+ipseiZn+eivA==
+attributeDisplayNames:: aW5mbyzms6jmhI/kuovpoIU=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs5YKz55yf6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs5L2P5a6F6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOmbu+ipseiZn+eivCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOmbu+WtkOmDteS7tuWcsOWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUs6KGM5YuV6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJQYWdlcizlkbzlj6vlmajomZ/norwgKOWFtuS7lik=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: cGFnZXIs5ZG85Y+r5Zmo6Jmf56K8
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSznqLHorII=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs6L6m5YWs5Zyw6bue
+attributeDisplayNames:: cG9zdGFsQ29kZSzpg7XpgZ7ljYDomZ8=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzpg7XmlL/kv6HnrrE=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWci+mamyBJU0ROIOiZn+eivA==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOmbu+WCs+iZn+eivA==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs55m75YWl5ZCN56ixIChXaW5kb3dzIDIwMDAg5YmN54mIKQ==
+attributeDisplayNames:: c24s5aeT5rCP
+attributeDisplayNames:: c3Qs55yB
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzooZfpgZPlnLDlnYA=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOmbu+ipseiZn+eivA==
+attributeDisplayNames:: dGVsZXhOdW1iZXIs6Zu75YKz6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: dGl0bGUs5bel5L2c6IG356ix
+attributeDisplayNames:: dXJsLOe2suWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUs6aGv56S65ZCN56ix
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyznmbvlhaXlt6XkvZznq5k=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs55m75YWl5ZCN56ix
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us57ay5Z2A
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Grupa IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: VXPFgnVnYSBJbnRlbGxpTWlycm9y
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VcW8eXRrb3duaWs=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXMgc3Ryb255IHcgc2llY2kgV2Vi
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTmF6d2EgbG9nb3dhbmlh
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxMb2dvd2FuaWUgbmEgc3RhY2phY2ggcm9ib2N6eWNo
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTmF6d2Egd3nFm3dpZXRsYW5h
+attributeDisplayNames:: dXJsLEFkcmVzIHN0cm9ueSBzaWVjaSBXZWIgKGlubmUp
+attributeDisplayNames:: dGl0bGUsU3Rhbm93aXNrbw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtZXIgdGVsZWtzdSAoaW5uZSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bWVyIHRlbGVmb251
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxVbGljYQ==
+attributeDisplayNames:: c3QsV29qZXfDs2R6dHdv
+attributeDisplayNames:: c24sTmF6d2lza28=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTmF6d2EgbG9nb3dhbmlhIChzeXN0ZW15IHN0YXJzemUgbmnFvCBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bWVyIHRlbGVrc3U=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE1pxJlkenluYXJvZG93eSBudW1lciBzaWVjaW93eSBJU0RO
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxOdW1lciBza3J6eW5raSBwb2N6dG93ZWo=
+attributeDisplayNames:: cG9zdGFsQ29kZSxLb2QgcG9jenRvd3k=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9rYWxpemFjamEgYml1cmE=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUeXR1xYI=
+attributeDisplayNames:: cGFnZXIsTnVtZXIgcGFnZXJh
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtZXIgdGVsZWZvbnUgc8WCdcW8Ym93ZWdvIChpbm5lKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW1lciBwYWdlcmEgKGlubmUp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtZXIgdGVsZWZvbnUga29tw7Nya293ZWdvIChpbm5lKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEFkcmVzIGUtbWFpbCAoaW5uZSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bWVyIHRlbGVmb251IElQIChpbm5lKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtZXIgdGVsZWZvbnUgZG9tb3dlZ28gKGlubmUp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtZXIgZmFrc3UgKGlubmUp
+attributeDisplayNames:: aW5mbyxOb3RhdGtp
+attributeDisplayNames:: bW9iaWxlLFBvZHN0YXdvd3kgbnVtZXIgdGVsZWZvbnUga29tw7Nya293ZWdv
+attributeDisplayNames:: bWlkZGxlTmFtZSxEcnVnaWUgaW1pxJk=
+attributeDisplayNames:: bWVtYmVyT2YsQ3rFgm9uZWsgZ3J1cHk=
+attributeDisplayNames:: bWFuYWdlcixNZW5lZMW8ZXI=
+attributeDisplayNames:: bWFpbCxBZHJlcyBlLW1haWw=
+attributeDisplayNames:: bCxNaWFzdG8=
+attributeDisplayNames:: aXBQaG9uZSxOdW1lciB0ZWxlZm9udSBJUA==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTWnEmWR6eW5hcm9kb3d5IG51bWVyIHNpZWNpb3d5IElTRE4gKGlubmUp
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2phxYJ5
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXMgZG9tb3d5
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gZG9tb3d5
+attributeDisplayNames:: aG9tZURyaXZlLER5c2sgbWFjaWVyenlzdHk=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxGb2xkZXIgbWFjaWVyenlzdHk=
+attributeDisplayNames:: Z2l2ZW5OYW1lLEltacSZ
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpa3MgcG9rb2xlbmlvd3k=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bWVyIGZha3N1
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZGVudHlmaWthdG9yIHByYWNvd25pa2E=
+attributeDisplayNames:: ZGl2aXNpb24sV3lkemlhxYI=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTmF6d2Egd3lyw7PFvG5pYWrEhWNhIFg1MDA=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxCZXpwb8WbcmVkbmkgcG9kd8WCYWRuaQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEemlhxYI=
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21lbnRhcno=
+attributeDisplayNames:: Y28sS3Jhag==
+attributeDisplayNames:: YyxTeW1ib2wga3JhanU=
+attributeDisplayNames:: Y24sTmF6d2E=
+attributeDisplayNames:: YXNzaXN0YW50LEFzeXN0ZW50
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Grupa
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXMgc3Ryb255IHcgc2llY2kgV2Vi
+attributeDisplayNames:: dXJsLEFkcmVzIHN0cm9ueSBzaWVjaSBXZWIgKGlubmUp
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTmF6d2EgZ3J1cHkgKHN5c3RlbXkgc3RhcnN6ZSBuacW8IFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9rYWxpemFjamEgYml1cmE=
+attributeDisplayNames:: aW5mbyxOb3RhdGtp
+attributeDisplayNames:: bWVtYmVyLEN6xYJvbmtvd2ll
+attributeDisplayNames:: bWFuYWdlZEJ5LFphcnrEhWR6YW5hIHByemV6
+attributeDisplayNames:: bCxNaWFzdG8=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTmF6d2Egd3lyw7PFvG5pYWrEhWNhIFg1MDA=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: YyxTeW1ib2wga3JhanU=
+attributeDisplayNames:: Y24sTmF6d2E=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Domena
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: dc,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Kontakt
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXMgc3Ryb255IHcgc2llY2kgV2Vi
+attributeDisplayNames:: dXJsLEFkcmVzIHN0cm9ueSBzaWVjaSBXZWIgKGlubmUp
+attributeDisplayNames:: dGl0bGUsU3Rhbm93aXNrbw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtZXIgdGVsZWtzdSAoaW5uZSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bWVyIHRlbGVmb251
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxVbGljYQ==
+attributeDisplayNames:: c3QsV29qZXfDs2R6dHdv
+attributeDisplayNames:: c24sTmF6d2lza28=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bWVyIHRlbGVrc3U=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE1pxJlkenluYXJvZG93eSBudW1lciBzaWVjaW93eSBJU0RO
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxOdW1lciBza3J6eW5raSBwb2N6dG93ZWo=
+attributeDisplayNames:: cG9zdGFsQ29kZSxLb2QgcG9jenRvd3k=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9rYWxpemFjamEgYml1cmE=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUeXR1xYI=
+attributeDisplayNames:: cGFnZXIsTnVtZXIgcGFnZXJh
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtZXIgdGVsZWZvbnUgc8WCdcW8Ym93ZWdvIChpbm5lKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW1lciBwYWdlcmEgKGlubmUp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtZXIgdGVsZWZvbnUga29tw7Nya293ZWdvIChpbm5lKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEFkcmVzIGUtbWFpbCAoaW5uZSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bWVyIHRlbGVmb251IElQIChpbm5lKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtZXIgdGVsZWZvbnUgZG9tb3dlZ28gKGlubmUp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtZXIgZmFrc3UgKGlubmUp
+attributeDisplayNames:: bW9iaWxlLFBvZHN0YXdvd3kgbnVtZXIgdGVsZWZvbnUga29tw7Nya293ZWdv
+attributeDisplayNames:: bWlkZGxlTmFtZSxEcnVnaWUgaW1pxJk=
+attributeDisplayNames:: bWVtYmVyT2YsQ3rFgm9uZWsgZ3J1cHk=
+attributeDisplayNames:: bWFuYWdlcixNZW5lZMW8ZXI=
+attributeDisplayNames:: bWFpbCxBZHJlcyBlLW1haWw=
+attributeDisplayNames:: bCxNaWFzdG8=
+attributeDisplayNames:: aXBQaG9uZSxOdW1lciB0ZWxlZm9udSBJUA==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTWnEmWR6eW5hcm9kb3d5IG51bWVyIHNpZWNpb3d5IElTRE4gKGlubmUp
+attributeDisplayNames:: aW5mbyxOb3RhdGtp
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2phxYJ5
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXMgZG9tb3d5
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gZG9tb3d5
+attributeDisplayNames:: Z2l2ZW5OYW1lLEltacSZ
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpa3MgcG9rb2xlbmlvd3k=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bWVyIGZha3N1
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZGVudHlmaWthdG9yIHByYWNvd25pa2E=
+attributeDisplayNames:: ZGl2aXNpb24sV3lkemlhxYI=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTmF6d2Egd3lyw7PFvG5pYWrEhWNhIFg1MDA=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTmF6d2Egd3nFm3dpZXRsYW5h
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxCZXpwb8WbcmVkbmkgcG9kd8WCYWRuaQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEemlhxYI=
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21lbnRhcno=
+attributeDisplayNames:: Y24sTmF6d2E=
+attributeDisplayNames:: Y28sS3Jhag==
+attributeDisplayNames:: YyxTeW1ib2wga3JhanU=
+attributeDisplayNames:: YXNzaXN0YW50LEFzeXN0ZW50
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Zasady domen
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Zasady lokalne
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VXPFgnVnYQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Komputer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTmF6d2Ega29tcHV0ZXJhIChzeXN0ZW15IHN0YXJzemUgbmnFvCBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixXZXJzamEgc3lzdGVtdSBvcGVyYWN5am5lZ28=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLFN5c3RlbSBvcGVyYWN5am55
+attributeDisplayNames:: bWFuYWdlZEJ5LFphcnrEhWR6YW5hIHByemV6
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: Y24sTmF6d2E=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Drukarka
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixXZXJzamEgb2JpZWt0dQ==
+attributeDisplayNames:: dXJsLEFkcmVzIHN0cm9ueSB3IHNpZWNpIFdlYg==
+attributeDisplayNames:: c2VydmVyTmFtZSxOYXp3YSBzZXJ3ZXJh
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxPYnPFgnVndWplIHpzenl3YW5pZQ==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTmF6d2EgdWR6aWHFgnU=
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxTdHJvbiBuYSBtaW51dMSZ
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxKZWRub3N0a2kgc3p5YmtvxZtjaQ==
+attributeDisplayNames:: cHJpbnRSYXRlLFN6eWJrb8WbxIc=
+attributeDisplayNames:: cHJpbnRPd25lcixOYXp3YSB3xYJhxZtjaWNpZWxh
+attributeDisplayNames:: cHJpbnRNZW1vcnksWmFpbnN0YWxvd2FuYSBwYW1pxJnEhw==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxPYnPFgnVnaXdhbmUgZm9ybWF0eSBwYXBpZXJ1
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFBhcGllciBkb3N0xJlwbnk=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLFJvemR6aWVsY3pvxZvEhyBtYWtzeW1hbG5h
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxKxJl6eWsgZHJ1a2Fya2k=
+attributeDisplayNames:: cHJpbnRlck5hbWUsTmF6d2E=
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsT2JzxYJ1Z3VqZSBkcnVrb3dhbmllIGR3dXN0cm9ubmU=
+attributeDisplayNames:: cHJpbnRDb2xvcixPYnPFgnVndWplIGRydWtvd2FuaWUgdyBrb2xvcnpl
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLE9ic8WCdWd1amUgc29ydG93YW5pZQ==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxaYXNvYm5pa2kgd2VqxZtjaW93ZQ==
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydA==
+attributeDisplayNames:: bG9jYXRpb24sTG9rYWxpemFjamE=
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS29tZW50YXJ6
+attributeDisplayNames:: Y29udGFjdE5hbWUsS29udGFrdA==
+attributeDisplayNames:: YXNzZXROdW1iZXIsTnVtZXIgxZtyb2RrYSB0cndhxYJlZ28=
+attributeDisplayNames:: dU5DTmFtZSxOYXp3YSBzaWVjaW93YQ==
+attributeDisplayNames:: Y24sTmF6d2EgdXPFgnVnaSBrYXRhbG9nb3dlag==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Witryna
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Serwer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Ustawienia
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Ustawienia kontrolera domeny
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: UG/FgsSFY3plbmll
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Ustawienia systemu FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Zestaw replik systemu FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: UG9kc2llxIc=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: xYHEhWN6ZSB3aXRyeW55
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: TW9zdCDFgsSFY3phIHdpdHJ5bnk=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: VHJhbnNwb3J0IG1pxJlkenkgd2l0cnluYW1p
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Ustawienia witryny licencjonowania
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName: Ustawienia witryny
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: Q3rFgm9uZWsgc3lzdGVtdSBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Subskrybent systemu FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Subskrypcje systemu FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Jednostka organizacyjna
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LFphcnrEhWR6YW5hIHByemV6
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: b3UsTmF6d2E=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Kontener
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: VXPFgnVnaSBSUEM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Domena zaufana
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: Rm9sZGVyIHVkb3N0xJlwbmlvbnk=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSzFmmNpZcW8a2Egc2llY2lvd2E=
+attributeDisplayNames:: a2V5d29yZHMsU8WCb3dhIGtsdWN6b3dl
+attributeDisplayNames:: bWFuYWdlZEJ5LFphcnrEhWR6YW5hIHByemV6
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: Y24sTmF6d2E=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: S29sZWprYSB1c8WCdWdpIE1TTVE=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: S29uZmlndXJhY2phIHVzxYJ1Z2kgTVNNUQ==
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: UHJ6ZWRzacSZd3ppxJljaWUgdXPFgnVnaSBNU01R
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: VWFrdHVhbG5pb255IHXFvHl0a293bmlrIHVzxYJ1Z2kgTVNNUQ==
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: xYHEhWN6ZSByb3V0aW5ndSB1c8WCdWdpIE1TTVE=
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: VXN0YXdpZW5pYSB1c8WCdWdpIE1TTVE=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: QWxpYXMga29sZWpraSB1c8WCdWdpIE1TTVE=
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Nazwa formatu
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: R3J1cGEgdXPFgnVnaSBNU01R
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLEtvbGVqa2kgY3rFgm9ua8Ozdw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: Y24sTmF6d2E=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: WmRhbG5hIHVzxYJ1Z2EgemFwaXN1asSFY2E=
+adminContextMenu:: MCwmWmFyesSFZHphai4uLixSc0FkbWluLm1zYw==
+attributeDisplayNames: cn,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSxLb2QgcG9jenRvd3ksMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsQWRyZXMgZS1tYWlsIFguNDAwLDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsTmF6d2EgbG9nb3dhbmlhIHXFvHl0a293bmlrYSwwLDIwMCww
+extraColumns:: dGl0bGUsU3Rhbm93aXNrbywwLDEwMCww
+extraColumns:: dGFyZ2V0QWRkcmVzcyxBZHJlcyBkb2NlbG93eSwwLDEwMCww
+extraColumns:: c3QsV29qZXfDs2R6dHdvLDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQml1cm8sMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQsWm1vZHlmaWtvd2FubywwLDEzMCww
+extraColumns:: c24sTmF6d2lza28sMCwxMDAsMA==
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsQWRyZXMgVVJMIG9ic8WCdWdpIHdpYWRvbW/Fm2NpIGLFgnlza2F3aWN6bnljaCwwLDE0MCww
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxTZXJ3ZXIgbWFjaWVyenlzdHkgb2JzxYJ1Z2kgd2lhZG9tb8WbY2kgYsWCeXNrYXdpY3pueWNoLDAsMTcwLDA=
+extraColumns:: Z2l2ZW5OYW1lLEltacSZLDAsMTAwLDA=
+extraColumns:: aG9tZU1EQixNYWdhenluIHNrcnp5bmtpIHBvY3p0b3dlaiBwcm9ncmFtdSBFeGNoYW5nZSwwLDEwMCww
+extraColumns:: bWFpbE5pY2tuYW1lLEFsaWFzIHByb2dyYW11IEV4Y2hhbmdlLDAsMTc1LDA=
+extraColumns:: bWFpbCxBZHJlcyBlLW1haWwsMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsTmF6d2EgbG9nb3dhbmlhIGRsYSBzeXN0ZW11IHN0YXJzemVnbyBuacW8IFdpbmRvd3MgMjAwMCwwLDEyMCww
+extraColumns:: ZGlzcGxheU5hbWUsTmF6d2Egd3nFm3dpZXRsYW5hLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCxEemlhxYIsMCwxNTAsMA==
+extraColumns:: YyxLcmFqLDAsLTEsMA==
+extraColumns:: Y29tcGFueSxGaXJtYSwwLDE1MCww
+extraColumns:: bCxNaWFzdG8sMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLFRlbGVmb24gc8WCdcW8Ym93eSwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Kontener lokacji
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: S29udGVuZXIgdHJhbnNwb3J0dSBtacSZZHp5bG9rYWN5am5lZ28=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Kontener podsieci
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: S29udGVuZXIgc2Vyd2Vyw7N3
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: VXPFgnVnYSBBY3RpdmUgRGlyZWN0b3J5
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Zasady kwerend
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: V3lzdGF3Y2Egb2JjeWNoIHphYmV6cGllY3plxYQ=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Szablon certyfikatu
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LE9zdGF0bmkgem5hbnkgZWxlbWVudCBuYWRyesSZZG55LDEsMzAwLDA=
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzeXN0ZW50
+attributeDisplayNames:: Y24sTmF6d2E=
+attributeDisplayNames:: YyxTeW1ib2wga3JhanU=
+attributeDisplayNames:: Y28sS3Jhag==
+attributeDisplayNames:: Y29tbWVudCxLb21lbnRhcno=
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEemlhxYI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxCZXpwb8WbcmVkbmkgcG9kd8WCYWRuaQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTmF6d2Egd3lyw7PFvG5pYWrEhWNhIFg1MDA=
+attributeDisplayNames:: ZGl2aXNpb24sV3lkemlhxYI=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZGVudHlmaWthdG9yIHByYWNvd25pa2E=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bWVyIGZha3N1
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpa3MgcG9rb2xlbmlvd3k=
+attributeDisplayNames:: Z2l2ZW5OYW1lLEltacSZ
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxGb2xkZXIgbWFjaWVyenlzdHk=
+attributeDisplayNames:: aG9tZURyaXZlLER5c2sgbWFjaWVyenlzdHk=
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gZG9tb3d5
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXMgZG9tb3d5
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2phxYJ5
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTWnEmWR6eW5hcm9kb3d5IG51bWVyIHNpZWNpb3d5IElTRE4gKGlubmUp
+attributeDisplayNames:: aXBQaG9uZSxOdW1lciB0ZWxlZm9udSBJUA==
+attributeDisplayNames:: bCxNaWFzdG8=
+attributeDisplayNames:: bWFpbCxBZHJlcyBlLW1haWw=
+attributeDisplayNames:: bWFuYWdlcixNZW5lZMW8ZXI=
+attributeDisplayNames:: bWVtYmVyT2YsQ3rFgm9uZWsgZ3J1cHk=
+attributeDisplayNames:: bWlkZGxlTmFtZSxEcnVnaWUgaW1pxJk=
+attributeDisplayNames:: bW9iaWxlLFBvZHN0YXdvd3kgbnVtZXIgdGVsZWZvbnUga29tw7Nya293ZWdv
+attributeDisplayNames:: aW5mbyxOb3RhdGtp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtZXIgZmFrc3UgKGlubmUp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtZXIgdGVsZWZvbnUgZG9tb3dlZ28gKGlubmUp
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bWVyIHRlbGVmb251IElQIChpbm5lKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEFkcmVzIGUtbWFpbCAoaW5uZSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtZXIgdGVsZWZvbnUga29tw7Nya293ZWdvIChpbm5lKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW1lciBwYWdlcmEgKGlubmUp
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtZXIgdGVsZWZvbnUgc8WCdcW8Ym93ZWdvIChpbm5lKQ==
+attributeDisplayNames:: cGFnZXIsTnVtZXIgcGFnZXJh
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUeXR1xYI=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9rYWxpemFjamEgYml1cmE=
+attributeDisplayNames:: cG9zdGFsQ29kZSxLb2QgcG9jenRvd3k=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxOdW1lciBza3J6eW5raSBwb2N6dG93ZWo=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE1pxJlkenluYXJvZG93eSBudW1lciBzaWVjaW93eSBJU0RO
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bWVyIHRlbGVrc3U=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTmF6d2EgbG9nb3dhbmlhIChzeXN0ZW15IHN0YXJzemUgbmnFvCBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: c24sTmF6d2lza28=
+attributeDisplayNames:: c3QsV29qZXfDs2R6dHdv
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxVbGljYQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bWVyIHRlbGVmb251
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtZXIgdGVsZWtzdSAoaW5uZSk=
+attributeDisplayNames:: dGl0bGUsU3Rhbm93aXNrbw==
+attributeDisplayNames:: dXJsLEFkcmVzIHN0cm9ueSBzaWVjaSBXZWIgKGlubmUp
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTmF6d2Egd3nFm3dpZXRsYW5h
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxMb2dvd2FuaWUgbmEgc3RhY2phY2ggcm9ib2N6eWNo
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTmF6d2EgbG9nb3dhbmlh
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXMgc3Ryb255IHcgc2llY2kgV2Vi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvci1yeWhtw6Q=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror-palvelu
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: S8OkeXR0w6Rqw6Q=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViLW9zb2l0ZQ==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsS2lyamF1dHVtaXNuaW1p
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxLaXJqYXV0dW1pc3R5w7Zhc2VtYXQ=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTsOkeXR0w7ZuaW1p
+attributeDisplayNames:: dXJsLFdlYi1zaXZ1biBvc29pdGUgKG11dXQp
+attributeDisplayNames:: dGl0bGUsVGVodMOkdsOkbmltaWtl
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzaSAobXV1dCk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFB1aGVsaW5udW1lcm8=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxLYXR1b3NvaXRl
+attributeDisplayNames:: c3QsT3NhdmFsdGlvIHRhaSBwcm92aW5zc2k=
+attributeDisplayNames:: c24sU3VrdW5pbWk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsS2lyamF1dHVtaXNuaW1pIChXaW5kb3dzIDIwMDA6dGEgZWRlbHTDpHbDpHQgdmVyc2lvdCk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrc2k=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEthbnNhaW52w6RsaW5lbiBJU0ROLW51bWVybw==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0aWxva2Vybw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0aW51bWVybw==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVG9pbWlzdG9uIHNpamFpbnRp
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUZWh0w6R2w6Q=
+attributeDisplayNames:: cGFnZXIsSGFrdWxhaXR0ZWVuIG51bWVybw==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsUHVoZWxpbm51bWVybyAobXV1dCk=
+attributeDisplayNames:: b3RoZXJQYWdlcixIYWt1bGFpdHRlZW4gbnVtZXJvIChtdXV0KQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTWF0a2FwdWhlbGluIChtdXV0KQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LFPDpGhrw7Zwb3N0aW9zb2l0ZSAobXV1dCk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXB1aGVsaW5udW1lcm8gKG11dXQp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsS290aXB1aGVsaW5udW1lcm8gKG11dXQp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmFrc2ludW1lcm8gKG11dXQp
+attributeDisplayNames:: aW5mbyxIdW9tYXV0dWtzaWE=
+attributeDisplayNames:: bW9iaWxlLE1hdGthcHVoZWxpbg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxUb2luZW4gbmltaQ==
+attributeDisplayNames:: bWVtYmVyT2YsSsOkc2VueXlz
+attributeDisplayNames:: bWFuYWdlcixFc2ltaWVz
+attributeDisplayNames:: bWFpbCxTw6Roa8O2cG9zdGlvc29pdGU=
+attributeDisplayNames:: bCxLYXVwdW5raQ==
+attributeDisplayNames:: aXBQaG9uZSxJUC1wdWhlbGlubnVtZXJv
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsS2Fuc2FpbnbDpGxpbmVuIElTRE4tbnVtZXJvIChtdXV0KQ==
+attributeDisplayNames:: aW5pdGlhbHMsTmltaWtpcmphaW1ldA==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsS290aW9zb2l0ZQ==
+attributeDisplayNames:: aG9tZVBob25lLEtvdGlwdWhlbGlu
+attributeDisplayNames:: aG9tZURyaXZlLEtvdGlhc2VtYQ==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxLb3Rpa2Fuc2lv
+attributeDisplayNames:: Z2l2ZW5OYW1lLEV0dW5pbWk=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOaW1lbiBsaWl0ZQ==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZha3NpbnVtZXJv
+attributeDisplayNames:: ZW1wbG95ZWVJRCxUecO2bnRla2lqw6R0dW5udXM=
+attributeDisplayNames:: ZGl2aXNpb24sSmFvc3Rv
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMC1uaW1p
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxBbGFpc2V0
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPc2FzdG8=
+attributeDisplayNames:: Y29tcGFueSxZcml0eXM=
+attributeDisplayNames:: Y29tbWVudCxIdW9tYXV0dXM=
+attributeDisplayNames:: Y28sTWFh
+attributeDisplayNames:: YyxNYWFuIGx5aGVubmU=
+attributeDisplayNames:: Y24sTmltaQ==
+attributeDisplayNames:: YXNzaXN0YW50LEF2dXN0YWph
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: UnlobcOk
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViLW9zb2l0ZQ==
+attributeDisplayNames:: dXJsLFdlYi1zaXZ1biBvc29pdGUgKG11dXQp
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsUnlobcOkbiBuaW1pIChXaW5kb3dzIDIwMDA6dGEgZWRlbHTDpHbDpHQgdmVyc2lvdCk=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVG9pbWlzdG9uIHNpamFpbnRp
+attributeDisplayNames:: aW5mbyxIdW9tYXV0dWtzaWE=
+attributeDisplayNames:: bWVtYmVyLErDpHNlbmV0
+attributeDisplayNames:: bWFuYWdlZEJ5LFlsbMOkcGl0w6Rqw6Q=
+attributeDisplayNames:: bCxLYXVwdW5raQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMC1uaW1p
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: YyxNYWFuIGx5aGVubmU=
+attributeDisplayNames:: Y24sTmltaQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Toimialue
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: dc,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: WWh0ZXlzaGVua2lsw7Y=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViLW9zb2l0ZQ==
+attributeDisplayNames:: dXJsLFdlYi1zaXZ1biBvc29pdGUgKG11dXQp
+attributeDisplayNames:: dGl0bGUsVGVodMOkdsOkbmltaWtl
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzaSAobXV1dCk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFB1aGVsaW5udW1lcm8=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxLYXR1b3NvaXRl
+attributeDisplayNames:: c3QsT3NhdmFsdGlvIHRhaSBwcm92aW5zc2k=
+attributeDisplayNames:: c24sU3VrdW5pbWk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrc2k=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEthbnNhaW52w6RsaW5lbiBJU0ROLW51bWVybw==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0aWxva2Vybw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0aW51bWVybw==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVG9pbWlzdG9uIHNpamFpbnRp
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUZWh0w6R2w6Q=
+attributeDisplayNames:: cGFnZXIsSGFrdWxhaXR0ZWVuIG51bWVybw==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsUHVoZWxpbm51bWVybyAobXV1dCk=
+attributeDisplayNames:: b3RoZXJQYWdlcixIYWt1bGFpdHRlZW4gbnVtZXJvIChtdXV0KQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTWF0a2FwdWhlbGluIChtdXV0KQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LFPDpGhrw7Zwb3N0aW9zb2l0ZSAobXV1dCk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXB1aGVsaW5udW1lcm8gKG11dXQp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsS290aXB1aGVsaW5udW1lcm8gKG11dXQp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmFrc2ludW1lcm8gKG11dXQp
+attributeDisplayNames:: bW9iaWxlLE1hdGthcHVoZWxpbg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxUb2luZW4gbmltaQ==
+attributeDisplayNames:: bWVtYmVyT2YsSsOkc2VueXlz
+attributeDisplayNames:: bWFuYWdlcixFc2ltaWVz
+attributeDisplayNames:: bWFpbCxTw6Roa8O2cG9zdGlvc29pdGU=
+attributeDisplayNames:: bCxLYXVwdW5raQ==
+attributeDisplayNames:: aXBQaG9uZSxJUC1wdWhlbGlubnVtZXJv
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsS2Fuc2FpbnbDpGxpbmVuIElTRE4tbnVtZXJvIChtdXV0KQ==
+attributeDisplayNames:: aW5mbyxIdW9tYXV0dWtzaWE=
+attributeDisplayNames:: aW5pdGlhbHMsTmltaWtpcmphaW1ldA==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsS290aW9zb2l0ZQ==
+attributeDisplayNames:: aG9tZVBob25lLEtvdGlwdWhlbGlu
+attributeDisplayNames:: Z2l2ZW5OYW1lLEV0dW5pbWk=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOaW1lbiBsaWl0ZQ==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZha3NpbnVtZXJv
+attributeDisplayNames:: ZW1wbG95ZWVJRCxUecO2bnRla2lqw6R0dW5udXM=
+attributeDisplayNames:: ZGl2aXNpb24sSmFvc3Rv
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMC1uaW1p
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTsOkeXR0w7ZuaW1p
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxBbGFpc2V0
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPc2FzdG8=
+attributeDisplayNames:: Y29tcGFueSxZcml0eXM=
+attributeDisplayNames:: Y29tbWVudCxIdW9tYXV0dXM=
+attributeDisplayNames:: Y24sTmltaQ==
+attributeDisplayNames:: Y28sTWFh
+attributeDisplayNames:: YyxNYWFuIGx5aGVubmU=
+attributeDisplayNames:: YXNzaXN0YW50LEF2dXN0YWph
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VG9pbWlhbHVlZW4ga8OkeXTDpG50w7Y=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: UGFpa2FsbGluZW4ga8OkeXTDpG50w7Y=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Palvelu
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Tietokone
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsVGlldG9rb25lZW4gbmltaSAoV2luZG93cyAyMDAwOnRhIGVkZWx0w6R2w6R0IHZlcnNpb3Qp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixLw6R5dHTDtmrDpHJqZXN0ZWxtw6R2ZXJzaW8=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLEvDpHl0dMO2asOkcmplc3RlbG3DpA==
+attributeDisplayNames:: bWFuYWdlZEJ5LFlsbMOkcGl0w6Rqw6Q=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: Y24sTmltaQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Kirjoitin
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixPYmpla3RpbiB2ZXJzaW8=
+attributeDisplayNames:: dXJsLFdlYi1vc29pdGU=
+attributeDisplayNames:: c2VydmVyTmFtZSxQYWx2ZWxpbm5pbWk=
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxUdWtlZSBuaWRvbnRhYQ==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsSmFrb25pbWk=
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxTaXZ1amEgbWludXV0aXNzYQ==
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxOb3BldXN5a3Npa8O2dA==
+attributeDisplayNames:: cHJpbnRSYXRlLE5vcGV1cw==
+attributeDisplayNames:: cHJpbnRPd25lcixPbWlzdGFqYW4gbmltaQ==
+attributeDisplayNames:: cHJpbnRNZW1vcnksQXNlbm5ldHR1IG11aXN0aQ==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxUdWV0dXQgcGFwZXJpdHl5cGl0
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LEvDpHl0ZXR0w6R2aXNzw6Qgb2xldmF0IHBhcGVyaXQ=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLEVuaW1tw6Rpc3RhcmtrdXVz
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxUdWxvc3R1c2tpZWxp
+attributeDisplayNames:: cHJpbnRlck5hbWUsTmltaQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsVHVrZWUga2Frc2lwdW9saXN0YSB0dWxvc3RhbWlzdGE=
+attributeDisplayNames:: cHJpbnRDb2xvcixUdWtlZSB2w6RyaXR1bG9zdGFtaXN0YQ==
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFR1a2VlIGxhaml0dGVsdWE=
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxTecO2dHTDtmxva2Vyb3Q=
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydHRp
+attributeDisplayNames:: bG9jYXRpb24sU2lqYWludGk=
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNYWxsaQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sSHVvbWF1dHVz
+attributeDisplayNames:: Y29udGFjdE5hbWUsWWh0ZXlzaGVua2lsw7Y=
+attributeDisplayNames:: YXNzZXROdW1iZXIsS2FsdXN0b251bWVybw==
+attributeDisplayNames:: dU5DTmFtZSxWZXJra29uaW1p
+attributeDisplayNames:: Y24sSGFrZW1pc3RvcGFsdmVsdW5pbWk=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Saitti
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Palvelin
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Asetukset
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Toimialueen ohjauskoneen asetukset
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Yhteys
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-asetukset
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-replikointisarja
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Aliverkko
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Saitin linkki
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Saitin linkkisilta
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: U2FpdHRpZW4gdsOkbGluZW4gdGllZG9uc2lpcnRv
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: U2FpdGluIGvDpHl0dMO2b2lrZXVzYXNldHVrc2V0
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName: Saitin asetukset
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTLWrDpHNlbg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-tilaaja
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-tilaukset
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: T3JnYW5pc2FhdGlveWtzaWtrw7YgKE9VKQ==
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LFlsbMOkcGl0w6Rqw6Q=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: b3UsTmltaQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U8OkaWzDtg==
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: RPC-palvelut
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Luotettu toimialue
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Jaettu kansio
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxWZXJra29wb2xrdQ==
+attributeDisplayNames:: a2V5d29yZHMsQXZhaW5zYW5hdA==
+attributeDisplayNames:: bWFuYWdlZEJ5LFlsbMOkcGl0w6Rqw6Q=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: Y24sTmltaQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-jono
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-kokoonpano
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ-organisaatio
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUS1ww6Rpdml0ZXR0eSBrw6R5dHTDpGrDpA==
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-reitityslinkki
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-asetukset
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: MSMQ-jonoalias
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Nimimuoto
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: TVNNUS1yeWhtw6Q=
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLErDpHNlbmpvbm90
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: Y24sTmltaQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: RXTDpHRhbGxlbm51c3BhbHZlbHU=
+adminContextMenu: 0,&Hallitse...,RsAdmin.msc
+attributeDisplayNames: cn,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSxQb3N0aW51bWVybywwLDEwMCww
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAtc8OkaGvDtnBvc3Rpb3NvaXRlLDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsS8OkeXR0w6Rqw6RuIGtpcmphdXR1bWlzbmltaSwwLDIwMCww
+extraColumns:: dGl0bGUsVGVodMOkdsOkbmltaWtlLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyxLb2hkZW9zb2l0ZSwwLDEwMCww
+extraColumns:: c3QsVmFsdGlvLDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVG9pbWlzdG8sMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQsTXVva2F0dHUsMCwxMzAsMA==
+extraColumns:: c24sU3VrdW5pbWksMCwxMDAsMA==
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsUGlrYXZpZXN0aXR5a3NlbiBVUkwsMCwxNDAsMA==
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxQaWthdmllc3RpdHlrc2VuIGtvdGlwYWx2ZWxpbiwwLDE3MCww
+extraColumns:: Z2l2ZW5OYW1lLEV0dW5pbWksMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixFeGNoYW5nZS1zw6Roa8O2cG9zdGlzw6RpbMO2LDAsMTAwLDA=
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlLWFsaWFzLDAsMTc1LDA=
+extraColumns:: bWFpbCxTw6Roa8O2cG9zdGlvc29pdGUsMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsV2luZG93cyAyMDAwOnRhIGVkZWx0w6R2w6Qga2lyamF1dHVtaXNuaW1pLDAsMTIwLDA=
+extraColumns:: ZGlzcGxheU5hbWUsTsOkeXR0w7ZuaW1pLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCxPc2FzdG8sMCwxNTAsMA==
+extraColumns:: YyxNYWEsMCwtMSww
+extraColumns:: Y29tcGFueSxZcml0eXMsMCwxNTAsMA==
+extraColumns:: bCxLYXVwdW5raSwwLDE1MCww
+extraColumns:: dGVsZXBob25lTnVtYmVyLFR5w7ZwdWhlbGlubnVtZXJvLDAsMTAwLDA=
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2FpdGluIHPDpGlsw7Y=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2FpdHRpZW4gdsOkbGlzZW4gdGllZG9uc2lpcnJvbiBzw6RpbMO2
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWxpdmVya29uIHPDpGlsw7Y=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: UGFsdmVsaW1lbiBzw6RpbMO2
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Active Directory -palvelu
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: SGFrdWvDpHl0w6RudMO2
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Ulkoinen suojausobjekti
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Sertifikaattimalli
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LFZpaW1laXNpbiB0dW5uZXR0dSBpc8OkbnTDpCwxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEF2dXN0YWph
+attributeDisplayNames:: Y24sTmltaQ==
+attributeDisplayNames:: YyxNYWFuIGx5aGVubmU=
+attributeDisplayNames:: Y28sTWFh
+attributeDisplayNames:: Y29tbWVudCxIdW9tYXV0dXM=
+attributeDisplayNames:: Y29tcGFueSxZcml0eXM=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPc2FzdG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxBbGFpc2V0
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMC1uaW1p
+attributeDisplayNames:: ZGl2aXNpb24sSmFvc3Rv
+attributeDisplayNames:: ZW1wbG95ZWVJRCxUecO2bnRla2lqw6R0dW5udXM=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZha3NpbnVtZXJv
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOaW1lbiBsaWl0ZQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEV0dW5pbWk=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxLb3Rpa2Fuc2lv
+attributeDisplayNames:: aG9tZURyaXZlLEtvdGlhc2VtYQ==
+attributeDisplayNames:: aG9tZVBob25lLEtvdGlwdWhlbGlu
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsS290aW9zb2l0ZQ==
+attributeDisplayNames:: aW5pdGlhbHMsTmltaWtpcmphaW1ldA==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsS2Fuc2FpbnbDpGxpbmVuIElTRE4tbnVtZXJvIChtdXV0KQ==
+attributeDisplayNames:: aXBQaG9uZSxJUC1wdWhlbGlubnVtZXJv
+attributeDisplayNames:: bCxLYXVwdW5raQ==
+attributeDisplayNames:: bWFpbCxTw6Roa8O2cG9zdGlvc29pdGU=
+attributeDisplayNames:: bWFuYWdlcixFc2ltaWVz
+attributeDisplayNames:: bWVtYmVyT2YsSsOkc2VueXlz
+attributeDisplayNames:: bWlkZGxlTmFtZSxUb2luZW4gbmltaQ==
+attributeDisplayNames:: bW9iaWxlLE1hdGthcHVoZWxpbg==
+attributeDisplayNames:: aW5mbyxIdW9tYXV0dWtzaWE=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmFrc2ludW1lcm8gKG11dXQp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsS290aXB1aGVsaW5udW1lcm8gKG11dXQp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXB1aGVsaW5udW1lcm8gKG11dXQp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LFPDpGhrw7Zwb3N0aW9zb2l0ZSAobXV1dCk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTWF0a2FwdWhlbGluIChtdXV0KQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixIYWt1bGFpdHRlZW4gbnVtZXJvIChtdXV0KQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsUHVoZWxpbm51bWVybyAobXV1dCk=
+attributeDisplayNames:: cGFnZXIsSGFrdWxhaXR0ZWVuIG51bWVybw==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUZWh0w6R2w6Q=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVG9pbWlzdG9uIHNpamFpbnRp
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0aW51bWVybw==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0aWxva2Vybw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEthbnNhaW52w6RsaW5lbiBJU0ROLW51bWVybw==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrc2k=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsS2lyamF1dHVtaXNuaW1pIChXaW5kb3dzIDIwMDA6dGEgZWRlbHTDpHbDpHQgdmVyc2lvdCk=
+attributeDisplayNames:: c24sU3VrdW5pbWk=
+attributeDisplayNames:: c3QsT3NhdmFsdGlvIHRhaSBwcm92aW5zc2k=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxLYXR1b3NvaXRl
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFB1aGVsaW5udW1lcm8=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzaSAobXV1dCk=
+attributeDisplayNames:: dGl0bGUsVGVodMOkdsOkbmltaWtl
+attributeDisplayNames:: dXJsLFdlYi1zaXZ1biBvc29pdGUgKG11dXQp
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTsOkeXR0w7ZuaW1p
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxLaXJqYXV0dW1pc3R5w7Zhc2VtYXQ=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsS2lyamF1dHVtaXNuaW1p
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViLW9zb2l0ZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvciDnu4Q=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvciDmnI3liqE=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 55So5oi3
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us572R6aG15Zyw5Z2A
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs55m75b2V5ZCN
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyznmbvlvZXlt6XkvZznq5k=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs5pi+56S65ZCN
+attributeDisplayNames:: dXJsLOe9kemhteWcsOWdgCjlhbblroMp
+attributeDisplayNames:: dGl0bGUs5bel5L2c6IGM56ew
+attributeDisplayNames:: dGVsZXhOdW1iZXIs55S15oql5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOeUteivneWPt+eggQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzooZfpgZPlnLDlnYA=
+attributeDisplayNames:: c3Qs55yBL+ebtOi+luW4gi/oh6rmsrvljLo=
+attributeDisplayNames:: c24s5aeT
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs55m75b2V5ZCNKFdpbmRvd3MgMjAwMCDku6XliY3niYjmnKwp
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOeUteaKpeWPt+eggQ==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWbvemZhSBJU0ROIOWPt+eggQ==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzpgq7nrrE=
+attributeDisplayNames:: cG9zdGFsQ29kZSzpgq7nvJY=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5Yqe5YWs5a6k5L2N572u
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSznp7Dlkbw=
+attributeDisplayNames:: cGFnZXIs5ZG85py65Y+356CB
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs55S16K+d5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: b3RoZXJQYWdlcizlkbzmnLrlj7fnoIEo5YW25a6DKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUs56e75Yqo55S16K+d5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOeUteWtkOmCruS7tuWcsOWdgCjlhbblroMp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOeUteivneWPt+eggSjlhbblroMp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs5a625bqt55S16K+d5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs5Lyg55yf5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: aW5mbyzms6jph4o=
+attributeDisplayNames:: bW9iaWxlLOenu+WKqOeUteivneWPt+eggQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSzkuK3pl7TlkI0=
+attributeDisplayNames:: bWVtYmVyT2Ys5oiQ5ZGY6Lqr5Lu95bGe5LqO
+attributeDisplayNames:: bWFuYWdlcizkuIrlj7g=
+attributeDisplayNames:: bWFpbCznlLXlrZDpgq7ku7blnLDlnYA=
+attributeDisplayNames:: bCzljr8v5biC
+attributeDisplayNames:: aXBQaG9uZSxJUCDnlLXor53lj7fnoIE=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5Zu96ZmFIElTRE4g5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: aW5pdGlhbHMs6Iux5paH57yp5YaZ5ZCN
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms5a625bqt5Zyw5Z2A
+attributeDisplayNames:: aG9tZVBob25lLOWutuW6reeUteivnQ==
+attributeDisplayNames:: aG9tZURyaXZlLOS4u+mpseWKqOWZqA==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzkuLvmlofku7blpLk=
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjQ==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizkuJbooq3np7DosJM=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLOS8oOecn+WPt+eggQ==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzogYzlkZjnvJblj7c=
+attributeDisplayNames:: ZGl2aXNpb24s5YiG6YOo
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDovqjliKvlkI3np7A=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXkuIvlsZ4=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jpl6g=
+attributeDisplayNames:: Y29tcGFueSzlhazlj7g=
+attributeDisplayNames:: Y29tbWVudCzor7TmmI4=
+attributeDisplayNames:: Y28s5Zu95a62KOWcsOWMuik=
+attributeDisplayNames:: Yyzlm73lrrYo5Zyw5Yy6Kee8qeWGmQ==
+attributeDisplayNames:: Y24s5ZCN56ew
+attributeDisplayNames:: YXNzaXN0YW50LOWKqeaJiw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 57uE
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us572R6aG15Zyw5Z2A
+attributeDisplayNames:: dXJsLOe9kemhteWcsOWdgCjlhbblroMp
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs57uE5ZCNKFdpbmRvd3MgMjAwMCDku6XliY3niYjmnKwp
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5Yqe5YWs5a6k5L2N572u
+attributeDisplayNames:: aW5mbyzms6jph4o=
+attributeDisplayNames:: bWVtYmVyLOaIkOWRmA==
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: bCzljr8v5biC
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDovqjliKvlkI3np7A=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Yyzlm73lrrYo5Zyw5Yy6Kee8qeWGmQ==
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5Z+f
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGMs5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 6IGU57O75Lq6
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us572R6aG15Zyw5Z2A
+attributeDisplayNames:: dXJsLOe9kemhteWcsOWdgCjlhbblroMp
+attributeDisplayNames:: dGl0bGUs5bel5L2c6IGM56ew
+attributeDisplayNames:: dGVsZXhOdW1iZXIs55S15oql5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOeUteivneWPt+eggQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzooZfpgZPlnLDlnYA=
+attributeDisplayNames:: c3Qs55yBL+ebtOi+luW4gi/oh6rmsrvljLo=
+attributeDisplayNames:: c24s5aeT
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOeUteaKpeWPt+eggQ==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWbvemZhSBJU0ROIOWPt+eggQ==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzpgq7nrrE=
+attributeDisplayNames:: cG9zdGFsQ29kZSzpgq7nvJY=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5Yqe5YWs5a6k5L2N572u
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSznp7Dlkbw=
+attributeDisplayNames:: cGFnZXIs5ZG85py65Y+356CB
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs55S16K+d5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: b3RoZXJQYWdlcizlkbzmnLrlj7fnoIEo5YW25a6DKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUs56e75Yqo55S16K+d5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOeUteWtkOmCruS7tuWcsOWdgCjlhbblroMp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOeUteivneWPt+eggSjlhbblroMp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs5a625bqt55S16K+d5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs5Lyg55yf5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: bW9iaWxlLOenu+WKqOeUteivneWPt+eggQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSzkuK3pl7TlkI0=
+attributeDisplayNames:: bWVtYmVyT2Ys5oiQ5ZGY6Lqr5Lu95bGe5LqO
+attributeDisplayNames:: bWFuYWdlcizkuIrlj7g=
+attributeDisplayNames:: bWFpbCznlLXlrZDpgq7ku7blnLDlnYA=
+attributeDisplayNames:: bCzljr8v5biC
+attributeDisplayNames:: aXBQaG9uZSxJUCDnlLXor53lj7fnoIE=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5Zu96ZmFIElTRE4g5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: aW5mbyzms6jph4o=
+attributeDisplayNames:: aW5pdGlhbHMs6Iux5paH57yp5YaZ5ZCN
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms5a625bqt5Zyw5Z2A
+attributeDisplayNames:: aG9tZVBob25lLOWutuW6reeUteivnQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjQ==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizkuJbooq3np7DosJM=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLOS8oOecn+WPt+eggQ==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzogYzlkZjnvJblj7c=
+attributeDisplayNames:: ZGl2aXNpb24s5YiG6YOo
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDovqjliKvlkI3np7A=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs5pi+56S65ZCN
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXkuIvlsZ4=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jpl6g=
+attributeDisplayNames:: Y29tcGFueSzlhazlj7g=
+attributeDisplayNames:: Y29tbWVudCzor7TmmI4=
+attributeDisplayNames:: Y24s5ZCN56ew
+attributeDisplayNames:: Y28s5Zu95a62KOWcsOWMuik=
+attributeDisplayNames:: Yyzlm73lrrYo5Zyw5Yy6Kee8qeWGmQ==
+attributeDisplayNames:: YXNzaXN0YW50LOWKqeaJiw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5Z+f562W55Wl
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5pys5Zyw562W55Wl
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5pyN5Yqh
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 6K6h566X5py6
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs6K6h566X5py65ZCNKFdpbmRvd3MgMjAwMCDku6XliY3niYjmnKwp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizmk43kvZzns7vnu5/niYjmnKw=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLOaTjeS9nOezu+e7nw==
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5omT5Y2w5py6
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcizlr7nosaHniYjmnKw=
+attributeDisplayNames:: dXJsLOe9kemhteWcsOWdgA==
+attributeDisplayNames:: c2VydmVyTmFtZSzmnI3liqHlmajlkI0=
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzmlK/mjIHoo4XorqI=
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUs5YWx5Lqr5ZCN
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzmr4/liIbpkp/pobXmlbA=
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzpgJ/luqbljZXkvY0=
+attributeDisplayNames:: cHJpbnRSYXRlLOmAn+W6pg==
+attributeDisplayNames:: cHJpbnRPd25lcizmiYDmnInogIXlkI3np7A=
+attributeDisplayNames:: cHJpbnRNZW1vcnks5bey6KOF5YaF5a2Y
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzmlK/mjIHnmoTnurjlvKDnsbvlnos=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LOWPr+eUqOe6uOW8oA==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLOacgOWkp+WIhui+qOeOhw==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSzmiZPljbDmnLror63oqIA=
+attributeDisplayNames:: cHJpbnRlck5hbWUs5ZCN56ew
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQs5pSv5oyB5Y+M6Z2i5omT5Y2w
+attributeDisplayNames:: cHJpbnRDb2xvcizmlK/mjIHlvanoibLmiZPljbA=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLOaUr+aMgeWvueeFpw==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzov5vnurjlmag=
+attributeDisplayNames:: cG9ydE5hbWUs56uv5Y+j
+attributeDisplayNames:: bG9jYXRpb24s5L2N572u
+attributeDisplayNames:: ZHJpdmVyTmFtZSzlnovlj7c=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6K+05piO
+attributeDisplayNames:: Y29udGFjdE5hbWUs6IGU57O75Lq6
+attributeDisplayNames:: YXNzZXROdW1iZXIs6LWE5Lqn5Y+356CB
+attributeDisplayNames:: dU5DTmFtZSznvZHnu5zlkI0=
+attributeDisplayNames:: Y24s55uu5b2V5pyN5Yqh5ZCN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 56uZ54K5
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 5pyN5Yqh5Zmo
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 6K6+572u
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 5Z+f5o6n5Yi25Zmo6K6+572u
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 6L+e5o6l
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOiuvue9rg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOWkjeWItumbhg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 5a2Q572R
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 56uZ54K56ZO+5o6l
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 56uZ54K56ZO+5o6l5qGl
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 56uZ6Ze05Lyg6L6T
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 5o6I5p2D56uZ54K56K6+572u
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: 56uZ54K56K6+572u
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOaIkOWRmA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOiuoumYheiAhQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOiuoumYhQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 57uE57uH5Y2V5L2N
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: b3Us5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5a655Zmo
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UlBDIOacjeWKoQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 5Y+X5L+h5Lu75Z+f
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5YWx5Lqr5paH5Lu25aS5
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSznvZHnu5zot6/lvoQ=
+attributeDisplayNames:: a2V5d29yZHMs5YWz6ZSu5a2X
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDpmJ/liJc=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDphY3nva4=
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUSDkvIHkuJrnuqc=
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUSDljYfnuqfnlKjmiLc=
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDot6/nlLHpk77mjqU=
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDorr7nva4=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUSDpmJ/liJfliKvlkI0=
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSzmoLzlvI/lkI0=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: TVNNUSDnu4Q=
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLOaIkOWRmOmYn+WIlw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 6L+c56iL5a2Y5YKo5pyN5Yqh
+adminContextMenu:: MCznrqHnkIYoJk0pLi4uLFJzQWRtaW4ubXNj
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSzpgq7mlL/nvJbnoIEsMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAg55S15a2Q6YKu5Lu25Zyw5Z2ALDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUs55So5oi355m75b2V5ZCN56ewLDAsMjAwLDA=
+extraColumns:: dGl0bGUs5bel5L2c6IGM56ewLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyznm67moIflnLDlnYAsMCwxMDAsMA==
+extraColumns:: c3Qs55yBL+iHquayu+WMuiwwLDEwMCww
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5Yqe5YWs5a6kLDAsMTAwLDA=
+extraColumns:: d2hlbkNoYW5nZWQs5bey5pu05pS5LDAsMTMwLDA=
+extraColumns:: c24s5aeTLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkws5Y2z5pe25raI5oGvIFVSTCwwLDE0MCww
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCzljbPml7bmtojmga/kuLvmnI3liqHlmagsMCwxNzAsMA==
+extraColumns:: Z2l2ZW5OYW1lLOWQjSwwLDEwMCww
+extraColumns:: aG9tZU1EQixFeGNoYW5nZSDpgq7nrrHlrZjlgqgsMCwxMDAsMA==
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlIOWIq+WQjSwwLDE3NSww
+extraColumns:: bWFpbCznlLXlrZDpgq7ku7blnLDlnYAsMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsV2luZG93cyAyMDAwIOS7peWJjeeahOeZu+W9leWQjeensCwwLDEyMCww
+extraColumns:: ZGlzcGxheU5hbWUs5pi+56S65ZCNLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCzpg6jpl6gsMCwxNTAsMA==
+extraColumns:: Yyzlm73lrrYo5Zyw5Yy6KSwwLC0xLDA=
+extraColumns:: Y29tcGFueSzlhazlj7gsMCwxNTAsMA==
+extraColumns:: bCzljr8v5biCLDAsMTUwLDA=
+extraColumns:: dGVsZXBob25lTnVtYmVyLOWVhuWKoeeUteivnSwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 56uZ54K55a655Zmo
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 56uZ6Ze05Lyg6L6T5a655Zmo
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 5a2Q572R5a655Zmo
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 5pyN5Yqh5Zmo5a655Zmo
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeSDmnI3liqE=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 5p+l6K+i562W55Wl
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 5aSW6YOo5a6J5YWo6KeE6IyD
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: 6K+B5Lmm5qih5p2/
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LOacgOi/keS4gOasoeW3suefpeeahOeItiwxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LOWKqeaJiw==
+attributeDisplayNames:: Y24s5ZCN56ew
+attributeDisplayNames:: Yyzlm73lrrYo5Zyw5Yy6Kee8qeWGmQ==
+attributeDisplayNames:: Y28s5Zu95a62KOWcsOWMuik=
+attributeDisplayNames:: Y29tbWVudCzor7TmmI4=
+attributeDisplayNames:: Y29tcGFueSzlhazlj7g=
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jpl6g=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXkuIvlsZ4=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDovqjliKvlkI3np7A=
+attributeDisplayNames:: ZGl2aXNpb24s5YiG6YOo
+attributeDisplayNames:: ZW1wbG95ZWVJRCzogYzlkZjnvJblj7c=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLOS8oOecn+WPt+eggQ==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizkuJbooq3np7DosJM=
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjQ==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzkuLvmlofku7blpLk=
+attributeDisplayNames:: aG9tZURyaXZlLOS4u+mpseWKqOWZqA==
+attributeDisplayNames:: aG9tZVBob25lLOWutuW6reeUteivnQ==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms5a625bqt5Zyw5Z2A
+attributeDisplayNames:: aW5pdGlhbHMs6Iux5paH57yp5YaZ5ZCN
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5Zu96ZmFIElTRE4g5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: aXBQaG9uZSxJUCDnlLXor53lj7fnoIE=
+attributeDisplayNames:: bCzljr8v5biC
+attributeDisplayNames:: bWFpbCznlLXlrZDpgq7ku7blnLDlnYA=
+attributeDisplayNames:: bWFuYWdlcizkuIrlj7g=
+attributeDisplayNames:: bWVtYmVyT2Ys5oiQ5ZGY6Lqr5Lu95bGe5LqO
+attributeDisplayNames:: bWlkZGxlTmFtZSzkuK3pl7TlkI0=
+attributeDisplayNames:: bW9iaWxlLOenu+WKqOeUteivneWPt+eggQ==
+attributeDisplayNames:: aW5mbyzms6jph4o=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs5Lyg55yf5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs5a625bqt55S16K+dKOWFtuWugyk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOeUteivneWPt+eggSjlhbblroMp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOeUteWtkOmCruS7tuWcsOWdgCjlhbblroMp
+attributeDisplayNames:: b3RoZXJNb2JpbGUs56e75Yqo55S16K+d5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: b3RoZXJQYWdlcizlkbzmnLrlj7fnoIEo5YW25a6DKQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs55S16K+d5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: cGFnZXIs5ZG85py65Y+356CB
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSznp7Dlkbw=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5Yqe5YWs5a6k5L2N572u
+attributeDisplayNames:: cG9zdGFsQ29kZSzpgq7nvJY=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzpgq7nrrE=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWbvemZhSBJU0ROIOWPt+eggQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOeUteaKpeWPt+eggQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs55m75b2V5ZCNKFdpbmRvd3MgMjAwMCDku6XliY3niYjmnKwp
+attributeDisplayNames:: c24s5aeT
+attributeDisplayNames:: c3Qs55yBL+ebtOi+luW4gi/oh6rmsrvljLo=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzooZfpgZPlnLDlnYA=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOeUteivneWPt+eggQ==
+attributeDisplayNames:: dGVsZXhOdW1iZXIs55S15oql5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: dGl0bGUs5bel5L2c6IGM56ew
+attributeDisplayNames:: dXJsLOe9kemhteWcsOWdgCjlhbblroMp
+attributeDisplayNames:: ZGlzcGxheU5hbWUs5pi+56S65ZCN
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyznmbvlvZXlt6XkvZznq5k=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs55m75b2V5ZCN
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us572R6aG15Zyw5Z2A
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=inetOrgPerson-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LOOCouOCt+OCueOCv+ODs+ODiA==
+attributeDisplayNames:: Y24s5ZCN5YmN
+attributeDisplayNames:: Yyzlm73jga7nlaXlkI0=
+attributeDisplayNames:: Y28s5Zu9
+attributeDisplayNames:: Y29tbWVudCzjgrPjg6Hjg7Pjg4g=
+attributeDisplayNames:: Y29tcGFueSzkvJrnpL7lkI0=
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jnvbI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXloLHlkYrogIU=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDorZjliKXlkI0=
+attributeDisplayNames:: ZGl2aXNpb24s5pys6YOo
+attributeDisplayNames:: ZW1wbG95ZWVJRCznpL7lk6EgSUQ=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZBWCDnlarlj7c=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizlkI3liY3jgrXjg5XjgqPjg4Pjgq/jgrk=
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjQ==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzjg5vjg7zjg6Ag44OV44Kp44Or44OA
+attributeDisplayNames:: aG9tZURyaXZlLOODm+ODvOODoCDjg4njg6njgqTjg5Y=
+attributeDisplayNames:: aG9tZVBob25lLOiHquWuhembu+ipseeVquWPtw==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms6Ieq5a6F5L2P5omA
+attributeDisplayNames:: aW5pdGlhbHMs44Kk44OL44K344Oj44Or
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5Zu96ZqbIElTRE4g55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: aXBQaG9uZSxJUCDpm7voqbHnlarlj7c=
+attributeDisplayNames:: bCzluILljLrnlLrmnZE=
+attributeDisplayNames:: bWFpbCzpm7vlrZDjg6Hjg7zjg6sg44Ki44OJ44Os44K5
+attributeDisplayNames:: bWFuYWdlcizkuIrlj7g=
+attributeDisplayNames:: bWVtYmVyT2Ys5omA5bGe44GZ44KL44Kw44Or44O844OX
+attributeDisplayNames:: bWlkZGxlTmFtZSzjg5/jg4njg6sg44ON44O844Og
+attributeDisplayNames:: bW9iaWxlLOaQuuW4r+mbu+ipseeVquWPtw==
+attributeDisplayNames:: aW5mbyzjg6Hjg6I=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRkFYIOeVquWPtyAo44Gd44Gu5LuWKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs6Ieq5a6F6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOmbu+ipseeVquWPtyAo44Gd44Gu5LuWKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOmbu+WtkOODoeODvOODqyDjgqLjg4njg6zjgrkgKOOBneOBruS7lik=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs5pC65biv6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJQYWdlcizjg53jgrHjg4Pjg4jjg5njg6vnlarlj7cgKOOBneOBruS7lik=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: cGFnZXIs44Od44Kx44OD44OI44OZ44Or55Wq5Y+3
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzmlaznp7A=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5LqL5qWt5omA
+attributeDisplayNames:: cG9zdGFsQ29kZSzpg7Xkvr/nlarlj7c=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCznp4Hmm7jnrrE=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWbvemamyBJU0ROIOeVquWPtw==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOODhuODrOODg+OCr+OCueeVquWPtw==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs44Ot44Kw44Kq44Oz5ZCNIChXaW5kb3dzIDIwMDAg5Lul5YmNKQ==
+attributeDisplayNames:: c24s5aeT
+attributeDisplayNames:: c3Qs6YO96YGT5bqc55yM
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyznlarlnLA=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOmbu+ipseeVquWPtw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIs44OG44Os44OD44Kv44K555Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: dGl0bGUs5b256IG3
+attributeDisplayNames:: dXJsLFdlYiDjg5rjg7zjgrgg44Ki44OJ44Os44K5ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: ZGlzcGxheU5hbWUs6KGo56S65ZCN
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzjg63jgrDjgqrjg7PjgafjgY3jgovjg6/jg7zjgq/jgrnjg4bjg7zjgrfjg6fjg7M=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs44Ot44Kw44Kq44Oz5ZCN
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIOODmuODvOOCuCDjgqLjg4njg6zjgrk=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=DS-UI-Default-Settings,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror Group
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror Service
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 44Om44O844K244O8
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIOODmuODvOOCuCDjgqLjg4njg6zjgrk=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs44Ot44Kw44Kq44Oz5ZCN
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzjg63jgrDjgqrjg7PjgafjgY3jgovjg6/jg7zjgq/jgrnjg4bjg7zjgrfjg6fjg7M=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs6KGo56S65ZCN
+attributeDisplayNames:: dXJsLFdlYiDjg5rjg7zjgrgg44Ki44OJ44Os44K5ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: dGl0bGUs5b256IG3
+attributeDisplayNames:: dGVsZXhOdW1iZXIs44OG44Os44OD44Kv44K555Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOmbu+ipseeVquWPtw==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyznlarlnLA=
+attributeDisplayNames:: c3Qs6YO96YGT5bqc55yM
+attributeDisplayNames:: c24s5aeT
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs44Ot44Kw44Kq44Oz5ZCNIChXaW5kb3dzIDIwMDAg5Lul5YmNKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOODhuODrOODg+OCr+OCueeVquWPtw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWbvemamyBJU0ROIOeVquWPtw==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCznp4Hmm7jnrrE=
+attributeDisplayNames:: cG9zdGFsQ29kZSzpg7Xkvr/nlarlj7c=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5LqL5qWt5omA
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzmlaznp7A=
+attributeDisplayNames:: cGFnZXIs44Od44Kx44OD44OI44OZ44Or55Wq5Y+3
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJQYWdlcizjg53jgrHjg4Pjg4jjg5njg6vnlarlj7cgKOOBneOBruS7lik=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs5pC65biv6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOmbu+WtkOODoeODvOODqyDjgqLjg4njg6zjgrkgKOOBneOBruS7lik=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOmbu+ipseeVquWPtyAo44Gd44Gu5LuWKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs6Ieq5a6F6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRkFYIOeVquWPtyAo44Gd44Gu5LuWKQ==
+attributeDisplayNames:: aW5mbyzjg6Hjg6I=
+attributeDisplayNames:: bW9iaWxlLOaQuuW4r+mbu+ipseeVquWPtw==
+attributeDisplayNames:: bWlkZGxlTmFtZSzjg5/jg4njg6sg44ON44O844Og
+attributeDisplayNames:: bWVtYmVyT2Ys5omA5bGe44GZ44KL44Kw44Or44O844OX
+attributeDisplayNames:: bWFuYWdlcizkuIrlj7g=
+attributeDisplayNames:: bWFpbCzpm7vlrZDjg6Hjg7zjg6sg44Ki44OJ44Os44K5
+attributeDisplayNames:: bCzluILljLrnlLrmnZE=
+attributeDisplayNames:: aXBQaG9uZSxJUCDpm7voqbHnlarlj7c=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5Zu96ZqbIElTRE4g55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: aW5pdGlhbHMs44Kk44OL44K344Oj44Or
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms6Ieq5a6F5L2P5omA
+attributeDisplayNames:: aG9tZVBob25lLOiHquWuhembu+ipseeVquWPtw==
+attributeDisplayNames:: aG9tZURyaXZlLOODm+ODvOODoCDjg4njg6njgqTjg5Y=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzjg5vjg7zjg6Ag44OV44Kp44Or44OA
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjQ==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizlkI3liY3jgrXjg5XjgqPjg4Pjgq/jgrk=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZBWCDnlarlj7c=
+attributeDisplayNames:: ZW1wbG95ZWVJRCznpL7lk6EgSUQ=
+attributeDisplayNames:: ZGl2aXNpb24s5pys6YOo
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDorZjliKXlkI0=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXloLHlkYrogIU=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jnvbI=
+attributeDisplayNames:: Y29tcGFueSzkvJrnpL7lkI0=
+attributeDisplayNames:: Y29tbWVudCzjgrPjg6Hjg7Pjg4g=
+attributeDisplayNames:: Y28s5Zu9
+attributeDisplayNames:: Yyzlm73jga7nlaXlkI0=
+attributeDisplayNames:: Y24s5ZCN5YmN
+attributeDisplayNames:: YXNzaXN0YW50LOOCouOCt+OCueOCv+ODs+ODiA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 44Kw44Or44O844OX
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIOODmuODvOOCuCDjgqLjg4njg6zjgrk=
+attributeDisplayNames:: dXJsLFdlYiDjg5rjg7zjgrgg44Ki44OJ44Os44K5ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs44Kw44Or44O844OX5ZCNIChXaW5kb3dzIDIwMDAg5Lul5YmNKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5LqL5qWt5omA
+attributeDisplayNames:: aW5mbyzjg6Hjg6I=
+attributeDisplayNames:: bWVtYmVyLOODoeODs+ODkA==
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: bCzluILljLrnlLrmnZE=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDorZjliKXlkI0=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Yyzlm73jga7nlaXlkI0=
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 44OJ44Oh44Kk44Oz
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: ZGMs5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 6YCj57Wh5YWI
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIOODmuODvOOCuCDjgqLjg4njg6zjgrk=
+attributeDisplayNames:: dXJsLFdlYiDjg5rjg7zjgrgg44Ki44OJ44Os44K5ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: dGl0bGUs5b256IG3
+attributeDisplayNames:: dGVsZXhOdW1iZXIs44OG44Os44OD44Kv44K555Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOmbu+ipseeVquWPtw==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyznlarlnLA=
+attributeDisplayNames:: c3Qs6YO96YGT5bqc55yM
+attributeDisplayNames:: c24s5aeT
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOODhuODrOODg+OCr+OCueeVquWPtw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWbvemamyBJU0ROIOeVquWPtw==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCznp4Hmm7jnrrE=
+attributeDisplayNames:: cG9zdGFsQ29kZSzpg7Xkvr/nlarlj7c=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5LqL5qWt5omA
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzmlaznp7A=
+attributeDisplayNames:: cGFnZXIs44Od44Kx44OD44OI44OZ44Or55Wq5Y+3
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJQYWdlcizjg53jgrHjg4Pjg4jjg5njg6vnlarlj7cgKOOBneOBruS7lik=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs5pC65biv6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOmbu+WtkOODoeODvOODqyDjgqLjg4njg6zjgrkgKOOBneOBruS7lik=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOmbu+ipseeVquWPtyAo44Gd44Gu5LuWKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs6Ieq5a6F6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRkFYIOeVquWPtyAo44Gd44Gu5LuWKQ==
+attributeDisplayNames:: bW9iaWxlLOaQuuW4r+mbu+ipseeVquWPtw==
+attributeDisplayNames:: bWlkZGxlTmFtZSzjg5/jg4njg6sg44ON44O844Og
+attributeDisplayNames:: bWVtYmVyT2Ys5omA5bGe44GZ44KL44Kw44Or44O844OX
+attributeDisplayNames:: bWFuYWdlcizkuIrlj7g=
+attributeDisplayNames:: bWFpbCzpm7vlrZDjg6Hjg7zjg6sg44Ki44OJ44Os44K5
+attributeDisplayNames:: bCzluILljLrnlLrmnZE=
+attributeDisplayNames:: aXBQaG9uZSxJUCDpm7voqbHnlarlj7c=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5Zu96ZqbIElTRE4g55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: aW5mbyzjg6Hjg6I=
+attributeDisplayNames:: aW5pdGlhbHMs44Kk44OL44K344Oj44Or
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms6Ieq5a6F5L2P5omA
+attributeDisplayNames:: aG9tZVBob25lLOiHquWuhembu+ipseeVquWPtw==
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjQ==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizlkI3liY3jgrXjg5XjgqPjg4Pjgq/jgrk=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZBWCDnlarlj7c=
+attributeDisplayNames:: ZW1wbG95ZWVJRCznpL7lk6EgSUQ=
+attributeDisplayNames:: ZGl2aXNpb24s5pys6YOo
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsWDUwMCDorZjliKXlkI0=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs6KGo56S65ZCN
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXloLHlkYrogIU=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jnvbI=
+attributeDisplayNames:: Y29tcGFueSzkvJrnpL7lkI0=
+attributeDisplayNames:: Y29tbWVudCzjgrPjg6Hjg7Pjg4g=
+attributeDisplayNames:: Y24s5ZCN5YmN
+attributeDisplayNames:: Y28s5Zu9
+attributeDisplayNames:: Yyzlm73jga7nlaXlkI0=
+attributeDisplayNames:: YXNzaXN0YW50LOOCouOCt+OCueOCv+ODs+ODiA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 44OJ44Oh44Kk44OzIOODneODquOCt+ODvA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 44Ot44O844Kr44OrIOODneODquOCt+ODvA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 44K144O844OT44K5
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 44Kz44Oz44OU44Ol44O844K/
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs44Kz44Oz44OU44Ol44O844K/5ZCNIChXaW5kb3dzIDIwMDAg5Lul5YmNKQ==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizjgqrjg5rjg6zjg7zjg4bjgqPjg7PjgrAg44K344K544OG44Og44Gu44OQ44O844K444On44Oz
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLOOCquODmuODrOODvOODhuOCo+ODs+OCsCDjgrfjgrnjg4bjg6A=
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 44OX44Oq44Oz44K/
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcizjgqrjg5bjgrjjgqfjgq/jg4jjga7jg5Djg7zjgrjjg6fjg7M=
+attributeDisplayNames:: dXJsLFdlYiDjg5rjg7zjgrgg44Ki44OJ44Os44K5
+attributeDisplayNames:: c2VydmVyTmFtZSzjgrXjg7zjg5Djg7zlkI0=
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzjg5vjg4Hjgq3jgrnmraLjgoHjgpLjgrXjg53jg7zjg4g=
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUs5YWx5pyJ5ZCN
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzjg5rjg7zjgrgv5YiG
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzpgJ/luqbjga7ljZjkvY0=
+attributeDisplayNames:: cHJpbnRSYXRlLOmAn+W6pg==
+attributeDisplayNames:: cHJpbnRPd25lcizmiYDmnInogIXlkI0=
+attributeDisplayNames:: cHJpbnRNZW1vcnks44Kk44Oz44K544OI44O844Or44GV44KM44Gf44Oh44Oi44Oq
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzjgrXjg53jg7zjg4jjgZXjgozjgovnlKjntJnjga7nqK7poZ4=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LOWIqeeUqOWPr+iDveOBqueUqOe0mQ==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLOacgOmrmOino+WDj+W6pg==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSzjg5fjg6rjg7Pjgr/oqIDoqp4=
+attributeDisplayNames:: cHJpbnRlck5hbWUs5ZCN5YmN
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQs5Lih6Z2i5Y2w5Yi344KS44K144Od44O844OI
+attributeDisplayNames:: cHJpbnRDb2xvcizjgqvjg6njg7zljbDliLfjgpLjgrXjg53jg7zjg4g=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLOS4geWQiOOBhOOCkuOCteODneODvOODiA==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzlhaXlipvjg4jjg6zjgqQ=
+attributeDisplayNames:: cG9ydE5hbWUs44Od44O844OI
+attributeDisplayNames:: bG9jYXRpb24s5aC05omA
+attributeDisplayNames:: ZHJpdmVyTmFtZSzjg6Ljg4fjg6s=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s44Kz44Oh44Oz44OI
+attributeDisplayNames:: Y29udGFjdE5hbWUs6YCj57Wh5YWI
+attributeDisplayNames:: YXNzZXROdW1iZXIs6LOH55Sj55Wq5Y+3
+attributeDisplayNames:: dU5DTmFtZSzjg43jg4Pjg4jjg6/jg7zjgq/lkI0=
+attributeDisplayNames:: Y24s44OH44Kj44Os44Kv44OI44OqIOOCteODvOODk+OCueWQjQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 44K144Kk44OI
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 44K144O844OQ44O8
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 6Kit5a6a
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 44OJ44Oh44Kk44OzIOOCs+ODs+ODiOODreODvOODqeOBruioreWumg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 5o6l57aa
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOioreWumg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOikh+ijveeJqeOCu+ODg+ODiA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 44K144OW44ON44OD44OI
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 44K144Kk44OIIOODquODs+OCrw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 44K144Kk44OIIOODquODs+OCryDjg5bjg6rjg4Pjgrg=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 44K144Kk44OI6ZaT44OI44Op44Oz44K544Od44O844OI
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 44Op44Kk44K744Oz44K5IOOCteOCpOODiOOBruioreWumg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: 44K144Kk44OI44Gu6Kit5a6a
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOODoeODs+ODkA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOOCteODluOCueOCr+ODqeOCpOODkA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOOCteODluOCueOCr+ODquODl+OCt+ODp+ODsw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 57WE57mU5Y2Y5L2NIChPVSk=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: b3Us5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 44Kz44Oz44OG44OK
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UlBDIOOCteODvOODk+OCuQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 5L+h6aC844GV44KM44KL5YG044Gu44OJ44Oh44Kk44Oz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5YWx5pyJ44OV44Kp44Or44OA
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSzjg43jg4Pjg4jjg6/jg7zjgq8g44OR44K5
+attributeDisplayNames:: a2V5d29yZHMs44Kt44O844Ov44O844OJ
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDjgq3jg6Xjg7w=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDmp4vmiJA=
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUSDjgqjjg7Pjgr/jg7zjg5fjg6njgqTjgro=
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUSDjgqLjg4Pjg5fjgrDjg6zjg7zjg4nmuIjjgb/jg6bjg7zjgrbjg7w=
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDjg6vjg7zjg4bjgqPjg7PjgrAg44Oq44Oz44Kv
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDoqK3lrpo=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUSDjgq3jg6Xjg7wg44Ko44Kk44Oq44Ki44K5
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSzlvaLlvI/lkI0=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: TVNNUSDjgrDjg6vjg7zjg5c=
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLOODoeODs+ODkCDjgq3jg6Xjg7w=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 44Oq44Oi44O844OI6KiY5oa25Z+f44K144O844OT44K5
+adminContextMenu:: MCznrqHnkIYoJk0pLi4uLFJzQWRtaW4ubXNj
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSzpg7Xkvr/nlarlj7csMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAg6Zu75a2Q44Oh44O844OrIOOCouODieODrOOCuSwwLDEzMCww
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUs44Om44O844K244O8IOODreOCsOOCquODs+WQjSwwLDIwMCww
+extraColumns:: dGl0bGUs5b256IG3LDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyzjgr/jg7zjgrLjg4Pjg4gg44Ki44OJ44Os44K5LDAsMTAwLDA=
+extraColumns:: c3Qs6YO96YGT5bqc55yMLDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5LqL5qWt5omALDAsMTAwLDA=
+extraColumns:: d2hlbkNoYW5nZWQs5pu05paw5pel5pmCLDAsMTMwLDA=
+extraColumns:: c24s5aeTLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkws44Kk44Oz44K544K/44Oz44OIIOODoeODg+OCu+ODvOOCuOODs+OCsCBVUkwsMCwxNDAsMA==
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCzjgqTjg7Pjgrnjgr/jg7Pjg4gg44Oh44OD44K744O844K444Oz44KwIOODm+ODvOODoCDjgrXjg7zjg5Djg7wsMCwxNzAsMA==
+extraColumns:: Z2l2ZW5OYW1lLOWQjSwwLDEwMCww
+extraColumns:: aG9tZU1EQixFeGNoYW5nZSDjg6Hjg7zjg6vjg5zjg4Pjgq/jgrkg44K544OI44KiLDAsMTAwLDA=
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlIOOCqOOCpOODquOCouOCuSwwLDE3NSww
+extraColumns:: bWFpbCzpm7vlrZDjg6Hjg7zjg6sg44Ki44OJ44Os44K5LDAsMTAwLDA=
+extraColumns:: c0FNQWNjb3VudE5hbWUsV2luZG93cyAyMDAwIOS7peWJjeOBruODreOCsOOCquODs+WQjSwwLDEyMCww
+extraColumns:: ZGlzcGxheU5hbWUs6KGo56S65ZCNLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCzpg6jnvbIsMCwxNTAsMA==
+extraColumns:: Yyzlm70sMCwtMSww
+extraColumns:: Y29tcGFueSzkvJrnpL7lkI0sMCwxNTAsMA==
+extraColumns:: bCzluILljLrnlLrmnZEsMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLOWLpOWLmeWFiOmbu+ipsSwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 44K144Kk44OIIOOCs+ODs+ODhuODig==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 44K144Kk44OI6ZaT44OI44Op44Oz44K544Od44O844OIIOOCs+ODs+ODhuODig==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 44K144OW44ON44OD44OIIOOCs+ODs+ODhuODig==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 44K144O844OQ44O8IOOCs+ODs+ODhuODig==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeSDjgrXjg7zjg5Pjgrk=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 44Kv44Ko44OqIOODneODquOCt+ODvA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 5aSW6YOo44Gu44K744Kt44Ol44Oq44OG44KjIOODl+ODquODs+OCt+ODkeODqw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: 6Ki85piO5pu444OG44Oz44OX44Os44O844OI
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LOacgOW+jOOBq+eiuuiqjeOBleOCjOOBn+imqiwxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: S29udGVqbmVyIHNlcnZlcsWv
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2x1xb5iYSBBY3RpdmUgRGlyZWN0b3J5
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: WsOhc2FkeSBkb3Rhem92w6Fuw60=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: Q2l6w60gb2JqZWt0eSB6YWJlenBlxI1lbsOt
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: xaBhYmxvbmEgY2VydGlmaWvDoXR1
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LFBvc2xlZG7DrSB6bsOhbcO9IG5hZMWZYXplbsO9IG9iamVrdCwxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzaXN0ZW50
+attributeDisplayNames:: Y24sSm3DqW5v
+attributeDisplayNames:: Yyxaa3JhdGthIHplbcSb
+attributeDisplayNames:: Y28sWmVtxJs=
+attributeDisplayNames:: Y29tbWVudCxLb21lbnTDocWZ
+attributeDisplayNames:: Y29tcGFueSxTcG9sZcSNbm9zdA==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPZGTEm2xlbsOt
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxQxZnDrW3DrSBwb2TFmcOtemVuw60=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsUm96bGnFoXVqw61jw60gbsOhemV2IFg1MDA=
+attributeDisplayNames:: ZGl2aXNpb24sT2RkxJtsZW7DrQ==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZGVudGlmaWthxI1uw60gxI3DrXNsbyB6YW3Em3N0bmFuY2U=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG92w6kgxI3DrXNsbw==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixQxZnDrXBvbmEgemEgam3DqW5lbQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEptw6lubw==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxEb21vdnNrw6Egc2xvxb5rYQ==
+attributeDisplayNames:: aG9tZURyaXZlLERvbW92c2vDoSBqZWRub3RrYQ==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gKGRvbcWvKQ==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNhIGRvbcWv
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2nDoWx5IGRhbMWhw61jaCBqbWVu
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTWV6aW7DoXJvZG7DrSDEjcOtc2xvIElTRE4gKG9zdGF0bsOtKQ==
+attributeDisplayNames:: aXBQaG9uZSxUZWxlZm9ubsOtIMSNw61zbG8gSVA=
+attributeDisplayNames:: bCxNxJtzdG8=
+attributeDisplayNames:: bWFpbCxFLW1haWxvdsOhIGFkcmVzYQ==
+attributeDisplayNames:: bWFuYWdlcixOYWTFmcOtemVuw70=
+attributeDisplayNames:: bWVtYmVyT2YsSmUgxI1sZW5lbQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSwyLiBrxZllc3Ruw60gam3DqW5v
+attributeDisplayNames:: bW9iaWxlLE1vYmlsbsOtIHRlbGVmb24=
+attributeDisplayNames:: aW5mbyxQb3puw6Fta3k=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4b3bDqSDEjcOtc2xvIChvc3RhdG7DrSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbiBkb23FryAob3N0YXRuw60p
+attributeDisplayNames:: b3RoZXJJcFBob25lLFRlbGVmb25uw60gxI3DrXNsbyBJUCAob3N0YXRuw60p
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtbWFpbG92w6EgYWRyZXNhIChvc3RhdG7DrSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWxuw60gdGVsZWZvbiAob3N0YXRuw60p
+attributeDisplayNames:: b3RoZXJQYWdlcizEjMOtc2xvIG9wZXLDoXRvcnUgKG9zdGF0bsOtKQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm7DrSDEjcOtc2xvIChvc3RhdG7DrSk=
+attributeDisplayNames:: cGFnZXIsxIzDrXNsbyBvcGVyw6F0b3J1
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxOw6F6ZXY=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVW3DrXN0xJtuw60gcHJhY292acWhdMSb
+attributeDisplayNames:: cG9zdGFsQ29kZSxQU8SM
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb8WhdG92bsOtIHDFmWlocsOhZGth
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE1lemluw6Fyb2Ruw60gxI3DrXNsbyBJU0RO
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLETDoWxub3Bpcw==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsUMWZaWhsYcWhb3ZhY8OtIGptw6lubyAocHJvIHN5c3TDqW15IHN0YXLFocOtIG5lxb4gV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: c24sUMWZw61qbWVuw60=
+attributeDisplayNames:: c3QsT2tyZXM=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc2E=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25uw60gxI3DrXNsbw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsRMOhbG5vcGlzIChvc3RhdG7DrSk=
+attributeDisplayNames:: dGl0bGUsRnVua2Nl
+attributeDisplayNames:: dXJsLFdlYm92w6EgYWRyZXNhIChvc3RhdG7DrSk=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsWm9icmF6b3ZhbsO9IG7DoXpldg==
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxQxZlpaGxhxaFvdmFjw60gcHJhY292bsOtIHN0YW5pY2U=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsUMWZaWhsYcWhb3ZhY8OtIGptw6lubw==
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNhIHN0csOhbmt5IFdXVw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=DS-UI-Default-Settings,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Skupina IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: U2x1xb5iYSBJbnRlbGxpTWlycm9y
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VcW+aXZhdGVs
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNhIHN0csOhbmt5IFdXVw==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsUMWZaWhsYcWhb3ZhY8OtIGptw6lubw==
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxQxZlpaGxhxaFvdmFjw60gcHJhY292bsOtIHN0YW5pY2U=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsWm9icmF6b3ZhbsO9IG7DoXpldg==
+attributeDisplayNames:: dXJsLFdlYm92w6EgYWRyZXNhIChvc3RhdG7DrSk=
+attributeDisplayNames:: dGl0bGUsRnVua2Nl
+attributeDisplayNames:: dGVsZXhOdW1iZXIsRMOhbG5vcGlzIChvc3RhdG7DrSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25uw60gxI3DrXNsbw==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc2E=
+attributeDisplayNames:: c3QsT2tyZXM=
+attributeDisplayNames:: c24sUMWZw61qbWVuw60=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsUMWZaWhsYcWhb3ZhY8OtIGptw6lubyAocHJvIHN5c3TDqW15IHN0YXLFocOtIG5lxb4gV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLETDoWxub3Bpcw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE1lemluw6Fyb2Ruw60gxI3DrXNsbyBJU0RO
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb8WhdG92bsOtIHDFmWlocsOhZGth
+attributeDisplayNames:: cG9zdGFsQ29kZSxQU8SM
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVW3DrXN0xJtuw60gcHJhY292acWhdMSb
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxOw6F6ZXY=
+attributeDisplayNames:: cGFnZXIsxIzDrXNsbyBvcGVyw6F0b3J1
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm7DrSDEjcOtc2xvIChvc3RhdG7DrSk=
+attributeDisplayNames:: b3RoZXJQYWdlcizEjMOtc2xvIG9wZXLDoXRvcnUgKG9zdGF0bsOtKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWxuw60gdGVsZWZvbiAob3N0YXRuw60p
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtbWFpbG92w6EgYWRyZXNhIChvc3RhdG7DrSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLFRlbGVmb25uw60gxI3DrXNsbyBJUCAob3N0YXRuw60p
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbiBkb23FryAob3N0YXRuw60p
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4b3bDqSDEjcOtc2xvIChvc3RhdG7DrSk=
+attributeDisplayNames:: aW5mbyxQb3puw6Fta3k=
+attributeDisplayNames:: bW9iaWxlLE1vYmlsbsOtIHRlbGVmb24=
+attributeDisplayNames:: bWlkZGxlTmFtZSwyLiBrxZllc3Ruw60gam3DqW5v
+attributeDisplayNames:: bWVtYmVyT2YsSmUgxI1sZW5lbQ==
+attributeDisplayNames:: bWFuYWdlcixOYWTFmcOtemVuw70=
+attributeDisplayNames:: bWFpbCxFLW1haWxvdsOhIGFkcmVzYQ==
+attributeDisplayNames:: bCxNxJtzdG8=
+attributeDisplayNames:: aXBQaG9uZSxUZWxlZm9ubsOtIMSNw61zbG8gSVA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTWV6aW7DoXJvZG7DrSDEjcOtc2xvIElTRE4gKG9zdGF0bsOtKQ==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2nDoWx5IGRhbMWhw61jaCBqbWVu
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNhIGRvbcWv
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gKGRvbcWvKQ==
+attributeDisplayNames:: aG9tZURyaXZlLERvbW92c2vDoSBqZWRub3RrYQ==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxEb21vdnNrw6Egc2xvxb5rYQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEptw6lubw==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixQxZnDrXBvbmEgemEgam3DqW5lbQ==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG92w6kgxI3DrXNsbw==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZGVudGlmaWthxI1uw60gxI3DrXNsbyB6YW3Em3N0bmFuY2U=
+attributeDisplayNames:: ZGl2aXNpb24sT2RkxJtsZW7DrQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsUm96bGnFoXVqw61jw60gbsOhemV2IFg1MDA=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxQxZnDrW3DrSBwb2TFmcOtemVuw60=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPZGTEm2xlbsOt
+attributeDisplayNames:: Y29tcGFueSxTcG9sZcSNbm9zdA==
+attributeDisplayNames:: Y29tbWVudCxLb21lbnTDocWZ
+attributeDisplayNames:: Y28sWmVtxJs=
+attributeDisplayNames:: Yyxaa3JhdGthIHplbcSb
+attributeDisplayNames:: Y24sSm3DqW5v
+attributeDisplayNames:: YXNzaXN0YW50LEFzaXN0ZW50
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Skupina
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNhIHN0csOhbmt5IFdXVw==
+attributeDisplayNames:: dXJsLFdlYm92w6EgYWRyZXNhIChvc3RhdG7DrSk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTsOhemV2IHNrdXBpbnkgKHBybyBzeXN0w6lteSBzdGFyxaHDrSBuZcW+IFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVW3DrXN0xJtuw60gcHJhY292acWhdMSb
+attributeDisplayNames:: aW5mbyxQb3puw6Fta3k=
+attributeDisplayNames:: bWVtYmVyLMSMbGVub3bDqQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LFNwcsOhdmNlIG9iamVrdHU=
+attributeDisplayNames:: bCxNxJtzdG8=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsUm96bGnFoXVqw61jw60gbsOhemV2IFg1MDA=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Yyxaa3JhdGthIHplbcSb
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9tw6luYQ==
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: ZGMsSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Kontakt
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNhIHN0csOhbmt5IFdXVw==
+attributeDisplayNames:: dXJsLFdlYm92w6EgYWRyZXNhIChvc3RhdG7DrSk=
+attributeDisplayNames:: dGl0bGUsRnVua2Nl
+attributeDisplayNames:: dGVsZXhOdW1iZXIsRMOhbG5vcGlzIChvc3RhdG7DrSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25uw60gxI3DrXNsbw==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc2E=
+attributeDisplayNames:: c3QsT2tyZXM=
+attributeDisplayNames:: c24sUMWZw61qbWVuw60=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLETDoWxub3Bpcw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE1lemluw6Fyb2Ruw60gxI3DrXNsbyBJU0RO
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb8WhdG92bsOtIHDFmWlocsOhZGth
+attributeDisplayNames:: cG9zdGFsQ29kZSxQU8SM
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVW3DrXN0xJtuw60gcHJhY292acWhdMSb
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxOw6F6ZXY=
+attributeDisplayNames:: cGFnZXIsxIzDrXNsbyBvcGVyw6F0b3J1
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm7DrSDEjcOtc2xvIChvc3RhdG7DrSk=
+attributeDisplayNames:: b3RoZXJQYWdlcizEjMOtc2xvIG9wZXLDoXRvcnUgKG9zdGF0bsOtKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWxuw60gdGVsZWZvbiAob3N0YXRuw60p
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtbWFpbG92w6EgYWRyZXNhIChvc3RhdG7DrSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLFRlbGVmb25uw60gxI3DrXNsbyBJUCAob3N0YXRuw60p
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbiBkb23FryAob3N0YXRuw60p
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4b3bDqSDEjcOtc2xvIChvc3RhdG7DrSk=
+attributeDisplayNames:: bW9iaWxlLE1vYmlsbsOtIHRlbGVmb24=
+attributeDisplayNames:: bWlkZGxlTmFtZSwyLiBrxZllc3Ruw60gam3DqW5v
+attributeDisplayNames:: bWVtYmVyT2YsSmUgxI1sZW5lbQ==
+attributeDisplayNames:: bWFuYWdlcixOYWTFmcOtemVuw70=
+attributeDisplayNames:: bWFpbCxFLW1haWxvdsOhIGFkcmVzYQ==
+attributeDisplayNames:: bCxNxJtzdG8=
+attributeDisplayNames:: aXBQaG9uZSxUZWxlZm9ubsOtIMSNw61zbG8gSVA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTWV6aW7DoXJvZG7DrSDEjcOtc2xvIElTRE4gKG9zdGF0bsOtKQ==
+attributeDisplayNames:: aW5mbyxQb3puw6Fta3k=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2nDoWx5IGRhbMWhw61jaCBqbWVu
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNhIGRvbcWv
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gKGRvbcWvKQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEptw6lubw==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixQxZnDrXBvbmEgemEgam3DqW5lbQ==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG92w6kgxI3DrXNsbw==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZGVudGlmaWthxI1uw60gxI3DrXNsbyB6YW3Em3N0bmFuY2U=
+attributeDisplayNames:: ZGl2aXNpb24sT2RkxJtsZW7DrQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsUm96bGnFoXVqw61jw60gbsOhemV2IFg1MDA=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsWm9icmF6b3ZhbsO9IG7DoXpldg==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxQxZnDrW3DrSBwb2TFmcOtemVuw60=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPZGTEm2xlbsOt
+attributeDisplayNames:: Y29tcGFueSxTcG9sZcSNbm9zdA==
+attributeDisplayNames:: Y29tbWVudCxLb21lbnTDocWZ
+attributeDisplayNames:: Y24sSm3DqW5v
+attributeDisplayNames:: Y28sWmVtxJs=
+attributeDisplayNames:: Yyxaa3JhdGthIHplbcSb
+attributeDisplayNames:: YXNzaXN0YW50LEFzaXN0ZW50
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: WsOhc2FkeSBkb23DqW55
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: TcOtc3Ruw60gesOhc2FkeQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U2x1xb5iYQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: UG/EjcOtdGHEjQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTsOhemV2IHBvxI3DrXRhxI1lIChwcm8gc3lzdMOpbXkgc3RhcsWhw60gbmXFviBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixWZXJ6ZSBvcGVyYcSNbsOtaG8gc3lzdMOpbXU=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLE9wZXJhxI1uw60gc3lzdMOpbQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LFNwcsOhdmNlIG9iamVrdHU=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VGlza8Ohcm5h
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixWZXJ6ZSBvYmpla3R1
+attributeDisplayNames:: dXJsLEFkcmVzYSBzdHLDoW5reSBXV1c=
+attributeDisplayNames:: c2VydmVyTmFtZSxOw6F6ZXYgc2VydmVydQ==
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxQb2Rwb3J1amUgc2XFocOtdsOhbsOt
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTsOhemV2IHNkw61sZW7DqSBwb2xvxb5reQ==
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxTdHLDoW5reSB6YSBtaW51dHU=
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxKZWRub3RreSByeWNobG9zdGk=
+attributeDisplayNames:: cHJpbnRSYXRlLFJ5Y2hsb3N0
+attributeDisplayNames:: cHJpbnRPd25lcixKbcOpbm8gdmxhc3Ruw61rYQ==
+attributeDisplayNames:: cHJpbnRNZW1vcnksSW5zdGFsb3ZhbsOhIHBhbcSbxaU=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxQb2Rwb3JvdmFuw6kgdHlweSBwYXDDrXJ1
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFBhcMOtciBrIGRpc3BvemljaQ==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLE1heGltw6FsbsOtIHJvemxpxaFlbsOt
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxKYXp5ayB0aXNrw6Fybnk=
+attributeDisplayNames:: cHJpbnRlck5hbWUsSm3DqW5v
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsUG9kcG9ydWplIG9ib3VzdHJhbm7DvSB0aXNr
+attributeDisplayNames:: cHJpbnRDb2xvcixQb2Rwb3J1amUgYmFyZXZuw70gdGlzaw==
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFBvZHBvcnVqZSBza2zDoWTDoW7DrQ==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxWc3R1cG7DrSB6w6Fzb2Juw61reQ==
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydA==
+attributeDisplayNames:: bG9jYXRpb24sVW3DrXN0xJtuw60=
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS29tZW50w6HFmQ==
+attributeDisplayNames:: Y29udGFjdE5hbWUsS29udGFrdA==
+attributeDisplayNames:: YXNzZXROdW1iZXIsRXZpZGVuxI1uw60gxI3DrXNsbw==
+attributeDisplayNames:: dU5DTmFtZSxTw63FpW92w70gbsOhemV2
+attributeDisplayNames:: Y24sTsOhemV2IGFkcmVzw6HFmW92w6kgc2x1xb5ieQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: U8OtxaU=
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: TmFzdGF2ZW7DrQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: TmFzdGF2ZW7DrSDFmWFkacSNZSBkb23DqW55
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: UMWZaXBvamVuw60=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: TmFzdGF2ZW7DrSBzbHXFvmJ5IEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: U2FkYSByZXBsaWsgc2x1xb5ieSBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: UG9kc8OtxaU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: U3BvamVuw60gc8OtdMOt
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: TW9zdCBzcG9qZW7DrSBzw610w60=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: UMWZZW5vcyBtZXppIHPDrXTEm21p
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: TmFzdGF2ZW7DrSBsaWNlbmNvdsOhbsOtIHPDrXTEmw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: TmFzdGF2ZW7DrSBzw610xJs=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: xIxsZW4gc2x1xb5ieSBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: w5rEjWFzdG7DrWsgc2x1xb5ieSBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: T2RixJtyeSBzbHXFvmJ5IEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: T3JnYW5pemHEjW7DrSBqZWRub3RrYQ==
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LFNwcsOhdmNlIG9iamVrdHU=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: b3UsSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Kontejner
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: U2x1xb5ieSBSUEM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RMWvdsSbcnlob2Ruw6EgZG9tw6luYQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U2TDrWxlbsOhIHNsb8W+a2E=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxTw63FpW92w6EgY2VzdGE=
+attributeDisplayNames:: a2V5d29yZHMsS2zDrcSNb3bDoSBzbG92YQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LFNwcsOhdmNlIG9iamVrdHU=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: Fronta MSMQ
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: Konfigurace MSMQ
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: Um96bGVobMOhIHPDrcWlIE1TTVE=
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: QWt0dWFsaXpvdmFuw70gdcW+aXZhdGVsIE1TTVE=
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: UHJvcG9qZW7DrSBzbcSbcm92w6Fuw60gZnJvbnR5IE1TTVE=
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TmFzdGF2ZW7DrSBNU01R
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: Alias fronty MSMQ
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSxOw6F6ZXYgZm9ybcOhdHU=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: Skupina MSMQ
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLMSMbGVuc2vDqSBmcm9udHk=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2x1xb5iYSBSZW1vdGUgU3RvcmFnZQ==
+adminContextMenu: 0,&Spravovat...,RsAdmin.msc
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSxQU8SMLDAsMTAwLDA=
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsQWRyZXNhIGVsZWt0cm9uaWNrw6kgcG/FoXR5IFguNDAwLDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsUMWZaWhsYcWhb3ZhY8OtIHXFvml2YXRlbHNrw6kgam3DqW5vLDAsMjAwLDA=
+extraColumns:: dGl0bGUsRnVua2NlLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyxDw61sb3bDoSBhZHJlc2EsMCwxMDAsMA==
+extraColumns:: c3QsU3RhdiwwLDEwMCww
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS2FuY2Vsw6HFmSwwLDEwMCww
+extraColumns:: d2hlbkNoYW5nZWQsWm3Em27Em25vLDAsMTMwLDA=
+extraColumns:: c24sUMWZw61qbWVuw60sMCwxMDAsMA==
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsQWRyZXNhIFVSTCBzbHXFvmJ5IHJ5Y2hsw6lobyB6YXPDrWzDoW7DrSB6cHLDoXYsMCwxNDAsMA==
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxEb21vdnNrw70gc2VydmVyIHJ5Y2hsw6lobyB6YXPDrWzDoW7DrSB6cHLDoXYsMCwxNzAsMA==
+extraColumns:: Z2l2ZW5OYW1lLEptw6lubywwLDEwMCww
+extraColumns:: aG9tZU1EQizDmmxvxb5pxaF0xJsgcG/FoXRvdm7DrWNoIHNjaHLDoW5layBhcGxpa2FjZSBFeGNoYW5nZSwwLDEwMCww
+extraColumns:: bWFpbE5pY2tuYW1lLEFsaWFzIGFwbGlrYWNlIEV4Y2hhbmdlLDAsMTc1LDA=
+extraColumns:: bWFpbCxFLW1haWxvdsOhIGFkcmVzYSwwLDEwMCww
+extraColumns:: c0FNQWNjb3VudE5hbWUsUMWZaWhsYcWhb3ZhY8OtIGptw6lubyB6ZSBzdGFyxaHDrSB2ZXJ6ZSBzeXN0w6ltdSBXaW5kb3dzLDAsMTIwLDA=
+extraColumns:: ZGlzcGxheU5hbWUsWm9icmF6b3ZhbsO9IG7DoXpldiwwLDEwMCww
+extraColumns:: ZGVwYXJ0bWVudCxPZGTEm2xlbsOtLDAsMTUwLDA=
+extraColumns:: YyxaZW3EmywwLC0xLDA=
+extraColumns:: Y29tcGFueSxTcG9sZcSNbm9zdCwwLDE1MCww
+extraColumns:: bCxNxJtzdG8sMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLFRlbGVmb24gKHphbS4pLDAsMTAwLDA=
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: S29uZWpuZXIgc8OtdMSb
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: S29udGVqbmVyIG1lemlzw63FpW92w6lobyBwxZllbm9zdQ==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: S29udGVqbmVyIHBvZHPDrXTDrQ==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: U2VydmnDp29zIGRlIGNoYW1hZGEgZGUgcHJvY2VkaW1lbnRvIHJlbW90bw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RG9tw61uaW8gY29uZmnDoXZlbA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Pasta compartilhada
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxDYW1pbmhvIGRlIHJlZGU=
+attributeDisplayNames:: a2V5d29yZHMsUGFsYXZyYXMtY2hhdmU=
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmVuY2lhZG8gcG9y
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: Fila MSMQ
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: Q29uZmlndXJhw6fDo28gTVNNUQ==
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ corporativa
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: VXN1w6FyaW8gYXR1YWxpemFkbyBkbyBNU01R
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TGluayBkZSByb3RlYW1lbnRvIGRvIHNlcnZpw6dvIGRlIGVuZmlsZWlyYW1lbnRvIGRlIG1lbnNhZ2VucyBkYSBNaWNyb3NvZnQ=
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: Q29uZmlndXJhw6fDtWVzIE1TTVE=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: Alias da fila MSMQ
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSxOb21lIGRlIGZvcm1hdG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: Grupo MSMQ
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLEZpbGFzIGRlIHBhcnRpY2lwYW50ZXM=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2VydmnDp28gZGUgYXJtYXplbmFtZW50byByZW1vdG8=
+adminContextMenu: 0,&Gerenciar...,RsAdmin.msc
+attributeDisplayNames: cn,Nome
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSxDRVAsMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsRW5kZXJlw6dvIGRlIGVtYWlsIFguNDAwLDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBkZSBsb2dvbiBkbyB1c3XDoXJpbywwLDIwMCww
+extraColumns:: dGl0bGUsQ2FyZ28sMCwxMDAsMA==
+extraColumns:: dGFyZ2V0QWRkcmVzcyxFbmRlcmXDp28gZGUgZGVzdGlubywwLDEwMCww
+extraColumns:: c3QsRXN0YWRvLDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsRXNjcml0w7NyaW8sMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQsTW9kaWZpY2FkbywwLDEzMCww
+extraColumns:: c24sU29icmVub21lLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMIGRlIG1lbnNhZ2VucyBpbnN0YW50w6JuZWFzLDAsMTQwLDA=
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxTZXJ2aWRvciBsb2NhbCBkZSBtZW5zYWdlbnMgaW5zdGFudMOibmVhcywwLDE3MCww
+extraColumns:: Z2l2ZW5OYW1lLE5vbWUsMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixBcm1hemVuYW1lbnRvIGRhIGNhaXhhIGRlIGNvcnJlaW8gZG8gRXhjaGFuZ2UsMCwxMDAsMA==
+extraColumns:: bWFpbE5pY2tuYW1lLEFsaWFzIGRvIEV4Y2hhbmdlLDAsMTc1LDA=
+extraColumns:: bWFpbCxFbmQuIGRlIGVtYWlsLDAsMTAwLDA=
+extraColumns:: c0FNQWNjb3VudE5hbWUsTm9tZSBkZSBsb2dvbiBhbnRlcmlvciBhbyBXaW5kb3dzIDIwMDAsMCwxMjAsMA==
+extraColumns:: ZGlzcGxheU5hbWUsTm9tZSBwYXJhIGV4aWJpw6fDo28sMCwxMDAsMA==
+extraColumns:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8sMCwxNTAsMA==
+extraColumns:: YyxQYcOtcywwLC0xLDA=
+extraColumns:: Y29tcGFueSxFbXByZXNhLDAsMTUwLDA=
+extraColumns:: bCxDaWRhZGUsMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25lIGNvbWVyY2lhbCwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Recipiente de sites
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Recipiente de transportes entre sites
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Recipiente de sub-redes
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Recipiente de servidores
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2VydmnDp28gZG8gQWN0aXZlIERpcmVjdG9yeQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Diretiva de consulta
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: T2JqZXRvIGRlIHNlZ3VyYW7Dp2EgZXh0ZXJubw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Modelo de certificado
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LMOabHRpbW8gcGFpIGNvbmhlY2lkbywxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+attributeDisplayNames:: Y24sTm9tZQ==
+attributeDisplayNames:: YyxBYnJldmlhw6fDo28gZGUgcGHDrXM=
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: Y29tbWVudCxDb21lbnTDoXJpbw==
+attributeDisplayNames:: Y29tcGFueSxFbXByZXNh
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxTdWJvcmRpbmFkb3MgZGlyZXRvcw==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBkaXN0aW50byBYNTAw
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXPDo28=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxDw7NkaWdvIGRvIEZ1bmNpb27DoXJpbw==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZG8gZmF4
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpeG8gZ2VuZXJhdGl2bw==
+attributeDisplayNames:: Z2l2ZW5OYW1lLE5vbWU=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxQYXN0YSBiYXNl
+attributeDisplayNames:: aG9tZURyaXZlLFVuaWRhZGUgYmFzZQ==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25lIHJlc2lkZW5jaWFs
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRW5kZXJlw6dvIHJlc2lkZW5jaWFs
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhaXM=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTsO6bWVybyBJU0ROIGludGVybmFjaW9uYWwgKG91dHJvcyk=
+attributeDisplayNames:: aXBQaG9uZSxUZWxlZm9uZSBJUA==
+attributeDisplayNames:: bCxDaWRhZGU=
+attributeDisplayNames:: bWFpbCxFbmQuIGRlIGVtYWls
+attributeDisplayNames:: bWFuYWdlcixHZXJlbnRl
+attributeDisplayNames:: bWVtYmVyT2YsUGFydGljaXBhbnRlIGRl
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWd1bmRvIG5vbWU=
+attributeDisplayNames:: bW9iaWxlLE7Dum1lcm8gZG8gY2VsdWxhcg==
+attributeDisplayNames:: aW5mbyxPYnNlcnZhw6fDtWVz
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTsO6bWVybyBkbyBmYXggKG91dHJvcyk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbmUgcmVzaWRlbmNpYWwgKG91dHJvcyk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLE7Dum1lcm8gZG8gdGVsZWZvbmUgSVAgKG91dHJvcyk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVuZGVyZcOnbyBkZSBlbWFpbCAob3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTsO6bWVybyBkbyBjZWx1bGFyIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJQYWdlcixOw7ptZXJvIGRvIHBhZ2VyIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTsK6IGRlIHRlbGVmb25lIChvdXRyb3Mp
+attributeDisplayNames:: cGFnZXIsTsO6bWVybyBkbyBwYWdlcg==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsRW5kLiBjb21lcmNpYWw=
+attributeDisplayNames:: cG9zdGFsQ29kZSxDRVA=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxDYWl4YSBwb3N0YWw=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE7Dum1lcm8gSVNETiBpbnRlcm5hY2lvbmFs
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE7Dum1lcm8gZGUgdGVsZXg=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkZSBsb2dvbiAoYW50ZXJpb3IgYW8gV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: c24sU29icmVub21l
+attributeDisplayNames:: c3QsRXN0YWRvL3Byb3bDrW5jaWE=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxFbmRlcmXDp28=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25l
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTsO6bWVybyBkZSB0ZWxleCAob3V0cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkYSBww6FnaW5hIGRhIFdlYiAob3V0cm9zKQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tZSBwYXJhIGV4aWJpw6fDo28=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxFc3Rhw6fDtWVzIGRlIHRyYWJhbGhvIGRlIGxvZ29u
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBkZSBsb2dvbg==
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIG5hIFdlYg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=DS-UI-Default-Settings,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Grupo do IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: U2VydmnDp28gSW50ZWxsaU1pcnJvcg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VXN1w6FyaW8=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIG5hIFdlYg==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBkZSBsb2dvbg==
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxFc3Rhw6fDtWVzIGRlIHRyYWJhbGhvIGRlIGxvZ29u
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tZSBwYXJhIGV4aWJpw6fDo28=
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkYSBww6FnaW5hIGRhIFdlYiAob3V0cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTsO6bWVybyBkZSB0ZWxleCAob3V0cm9zKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25l
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxFbmRlcmXDp28=
+attributeDisplayNames:: c3QsRXN0YWRvL3Byb3bDrW5jaWE=
+attributeDisplayNames:: c24sU29icmVub21l
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkZSBsb2dvbiAoYW50ZXJpb3IgYW8gV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE7Dum1lcm8gZGUgdGVsZXg=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE7Dum1lcm8gSVNETiBpbnRlcm5hY2lvbmFs
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxDYWl4YSBwb3N0YWw=
+attributeDisplayNames:: cG9zdGFsQ29kZSxDRVA=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsRW5kLiBjb21lcmNpYWw=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGFnZXIsTsO6bWVybyBkbyBwYWdlcg==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTsK6IGRlIHRlbGVmb25lIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJQYWdlcixOw7ptZXJvIGRvIHBhZ2VyIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTsO6bWVybyBkbyBjZWx1bGFyIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVuZGVyZcOnbyBkZSBlbWFpbCAob3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLE7Dum1lcm8gZG8gdGVsZWZvbmUgSVAgKG91dHJvcyk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTsO6bWVybyBkZSB0ZWxlZm9uZSBkZSBjYXNhIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTsO6bWVybyBkbyBmYXggKG91dHJvcyk=
+attributeDisplayNames:: aW5mbyxPYnNlcnZhw6fDtWVz
+attributeDisplayNames:: bW9iaWxlLE7Dum1lcm8gZG8gY2VsdWxhcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWd1bmRvIG5vbWU=
+attributeDisplayNames:: bWVtYmVyT2YsUGFydGljaXBhbnRlIGRl
+attributeDisplayNames:: bWFuYWdlcixHZXJlbnRl
+attributeDisplayNames:: bWFpbCxFbmQuIGRlIGVtYWls
+attributeDisplayNames:: bCxDaWRhZGU=
+attributeDisplayNames:: aXBQaG9uZSxUZWxlZm9uZSBJUA==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTsO6bWVybyBJU0ROIGludGVybmFjaW9uYWwgKG91dHJvcyk=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhaXM=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRW5kZXJlw6dvIHJlc2lkZW5jaWFs
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25lIHJlc2lkZW5jaWFs
+attributeDisplayNames:: aG9tZURyaXZlLFVuaWRhZGUgYmFzZQ==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxQYXN0YSBiYXNl
+attributeDisplayNames:: Z2l2ZW5OYW1lLE5vbWU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpeG8gZ2VuZXJhdGl2bw==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZG8gZmF4
+attributeDisplayNames:: ZW1wbG95ZWVJRCxDw7NkaWdvIGRvIEZ1bmNpb27DoXJpbw==
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXPDo28=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBkaXN0aW50byBYNTAw
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxTdWJvcmRpbmFkb3MgZGlyZXRvcw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: Y29tcGFueSxFbXByZXNh
+attributeDisplayNames:: Y29tbWVudCxDb21lbnTDoXJpbw==
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: YyxBYnJldmlhw6fDo28gZGUgcGHDrXM=
+attributeDisplayNames:: Y24sTm9tZQ==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Grupo
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIG5hIFdlYg==
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkYSBww6FnaW5hIGRhIFdlYiAob3V0cm9zKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkbyBncnVwbyAoYW50ZXJpb3IgYW8gV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsRW5kLiBjb21lcmNpYWw=
+attributeDisplayNames:: aW5mbyxPYnNlcnZhw6fDtWVz
+attributeDisplayNames:: bWVtYmVyLFBhcnRpY2lwYW50ZXM=
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmVuY2lhZG8gcG9y
+attributeDisplayNames:: bCxDaWRhZGU=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBkaXN0aW50byBYNTAw
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: YyxBYnJldmlhw6fDo28gZGUgcGHDrXM=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9tw61uaW8=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: ZGMsTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contato
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIG5hIFdlYg==
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkYSBww6FnaW5hIGRhIFdlYiAob3V0cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTsO6bWVybyBkZSB0ZWxleCAob3V0cm9zKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25l
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxFbmRlcmXDp28=
+attributeDisplayNames:: c3QsRXN0YWRvL3Byb3bDrW5jaWE=
+attributeDisplayNames:: c24sU29icmVub21l
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE7Dum1lcm8gZGUgdGVsZXg=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE7Dum1lcm8gSVNETiBpbnRlcm5hY2lvbmFs
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxDYWl4YSBwb3N0YWw=
+attributeDisplayNames:: cG9zdGFsQ29kZSxDRVA=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsRW5kLiBjb21lcmNpYWw=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGFnZXIsTsO6bWVybyBkbyBwYWdlcg==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTsK6IGRlIHRlbGVmb25lIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJQYWdlcixOw7ptZXJvIGRvIHBhZ2VyIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTsO6bWVybyBkbyBjZWx1bGFyIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVuZGVyZcOnbyBkZSBlbWFpbCAob3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLE7Dum1lcm8gZG8gdGVsZWZvbmUgSVAgKG91dHJvcyk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTsO6bWVybyBkZSB0ZWxlZm9uZSBkZSBjYXNhIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTsO6bWVybyBkbyBmYXggKG91dHJvcyk=
+attributeDisplayNames:: bW9iaWxlLE7Dum1lcm8gZG8gY2VsdWxhcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWd1bmRvIG5vbWU=
+attributeDisplayNames:: bWVtYmVyT2YsUGFydGljaXBhbnRlIGRl
+attributeDisplayNames:: bWFuYWdlcixHZXJlbnRl
+attributeDisplayNames:: bWFpbCxFbmQuIGRlIGVtYWls
+attributeDisplayNames:: bCxDaWRhZGU=
+attributeDisplayNames:: aXBQaG9uZSxUZWxlZm9uZSBJUA==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTsO6bWVybyBJU0ROIGludGVybmFjaW9uYWwgKG91dHJvcyk=
+attributeDisplayNames:: aW5mbyxPYnNlcnZhw6fDtWVz
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhaXM=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRW5kZXJlw6dvIHJlc2lkZW5jaWFs
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25lIHJlc2lkZW5jaWFs
+attributeDisplayNames:: Z2l2ZW5OYW1lLE5vbWU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpeG8gZ2VuZXJhdGl2bw==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZG8gZmF4
+attributeDisplayNames:: ZW1wbG95ZWVJRCxDw7NkaWdvIGRvIEZ1bmNpb27DoXJpbw==
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXPDo28=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBkaXN0aW50byBYNTAw
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tZSBwYXJhIGV4aWJpw6fDo28=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxTdWJvcmRpbmFkb3MgZGlyZXRvcw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: Y29tcGFueSxFbXByZXNh
+attributeDisplayNames:: Y29tbWVudCxDb21lbnTDoXJpbw==
+attributeDisplayNames:: Y24sTm9tZQ==
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: YyxBYnJldmlhw6fDo28gZGUgcGHDrXM=
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RGlyZXRpdmEgZGUgZG9tw61uaW8=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Diretiva local
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U2VydmnDp28=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Computador
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBjb21wdXQuIChwcsOpLVdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixWZXJzw6NvIGRvIHNpc3QuIG9wZXJhY2lvbmFs
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLFNpc3RlbWEgb3BlcmFjaW9uYWw=
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmVuY2lhZG8gcG9y
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Impressora
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixWZXJzw6NvIGRvIG9iamV0bw==
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBuYSBXZWI=
+attributeDisplayNames:: c2VydmVyTmFtZSxOb21lIGRvIHNlcnZpZG9y
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxTdXBvcnRlIGEgZ3JhbXBlYW1lbnRv
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTm9tZSBkbyBjb21wYXJ0aWxoYW1lbnRv
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxQw6FnaW5hcyBwb3IgbWludXRv
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxVbmlkYWRlcyBkZSB2ZWxvY2lkYWRl
+attributeDisplayNames:: cHJpbnRSYXRlLFZlbG9jaWRhZGU=
+attributeDisplayNames:: cHJpbnRPd25lcixOb21lIGRvIHByb3ByaWV0w6FyaW8=
+attributeDisplayNames:: cHJpbnRNZW1vcnksTWVtw7NyaWEgaW5zdGFsYWRh
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxUaXBvcyBkZSBwYXBlbCBwZXJtaXRpZG9z
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFBhcGVsIGRpc3BvbsOtdmVs
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLFJlc29sdcOnw6NvIG3DoXhpbWE=
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxJZGlvbWEgZGEgaW1wcmVzc29yYQ==
+attributeDisplayNames:: cHJpbnRlck5hbWUsTm9tZQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsU3Vwb3J0ZSBhIGltcHJlc3PDo28gZnJlbnRlIGUgdmVyc28=
+attributeDisplayNames:: cHJpbnRDb2xvcixTdXBvcnRlIGEgaW1wcmVzc8OjbyBhIGNvcmVz
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFN1cG9ydGUgYSBlbXVsYcOnw6Nv
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxCYW5kZWphcyBkZSBlbnRyYWRh
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydGE=
+attributeDisplayNames:: bG9jYXRpb24sTG9jYWw=
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQ29tZW50w6FyaW8=
+attributeDisplayNames:: Y29udGFjdE5hbWUsQ29udGF0bw==
+attributeDisplayNames:: YXNzZXROdW1iZXIsTsO6bWVybyBkbyByZWN1cnNv
+attributeDisplayNames:: dU5DTmFtZSxOb21lIGRhIHJlZGU=
+attributeDisplayNames:: Y24sTm9tZSBkbyBzZXJ2acOnbyBkZSBkaXJldMOzcmlv
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Site
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Servidor
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: Q29uZmlndXJhw6fDtWVz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: Q29uZmlndXJhw6fDtWVzIGRvIGNvbnRyb2xhZG9yIGRvIGRvbcOtbmlv
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: Q29uZXjDo28=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: Q29uZmlndXJhw6fDtWVzIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: Q29uanVudG8gZGUgcsOpcGxpY2FzIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Sub-rede
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Link de site
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Ponte de link de site
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Transporte entre sites
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: Q29uZmlndXJhw6fDtWVzIGRlIHNpdGUgZGUgbGljZW5jaWFtZW50bw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: RGVmaW5pw6fDtWVzIGRlIHNpdGU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Membro FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Assinante FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Assinaturas FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Unidade organizacional
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmVuY2lhZG8gcG9y
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: b3UsTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Recipiente
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Transport inter-sites
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: UGFyYW3DqHRyZSBkdSBzaXRlIGRlIGdlc3Rpb24gZGVzIGxpY2VuY2Vz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: UGFyYW3DqHRyZXMgZHUgc2l0ZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Membre FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: QWJvbm7DqSBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Abonnements FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VW5pdMOpIGQnb3JnYW5pc2F0aW9uwqA=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LEfDqXLDqSBwYXI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcHRpb24=
+attributeDisplayNames:: b3UsTm9t
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Conteneur
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Services RPC
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RG9tYWluZSBhcHByb3V2w6k=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9zc2llciBwYXJ0YWfDqcKg
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxDaGVtaW4gcsOpc2VhdQ==
+attributeDisplayNames:: a2V5d29yZHMsTW90cyBjbMOpcw==
+attributeDisplayNames:: bWFuYWdlZEJ5LEfDqXLDqSBwYXI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcHRpb24=
+attributeDisplayNames:: Y24sTm9t
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: File d'attente MSMQ
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: Configuration MSMQ
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: Entreprise MSMQ
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: VXRpbGlzYXRldXIgYXlhbnQgdW5lIG1pc2Ugw6Agbml2ZWF1IE1TTVE=
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: Liaison de routage MSMQ
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: UGFyYW3DqHRyZXMgTVNNUQ==
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: Alias de file d'attente MSMQ
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Nom de format
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: Groupe MSMQ
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames: member,Files d'attente de membres
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2VydmljZSBkZSBzdG9ja2FnZSDDqXRlbmR1
+adminContextMenu:: MCwmR8OpcmVyLi4uLFJzQWRtaW4ubXNj
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSxDb2RlIHBvc3RhbCwwLDEwMCww
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsQWRyZXNzZSBkZSBtZXNzYWdlcmllIFguNDAwLDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsTm9tIGQnb3V2ZXJ0dXJlIGRlIHNlc3Npb24gZGUgbCd1dGlsaXNhdGV1ciwwLDIwMCww
+extraColumns:: dGl0bGUsSW50aXR1bMOpIGRlIGxhIGZvbmN0aW9uLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyxBZHJlc3NlIGRlIGRlc3RpbmF0aW9uLDAsMTAwLDA=
+extraColumns:: c3Qsw4l0YXQsMCwxMDAsMA==
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQnVyZWF1LDAsMTAwLDA=
+extraColumns:: d2hlbkNoYW5nZWQsTW9kaWZpw6ksMCwxMzAsMA==
+extraColumns:: c24sTm9tIGRlIGZhbWlsbGUsMCwxMDAsMA==
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMIGRlIG1lc3NhZ2VyaWUgaW5zdGFudGFuw6llLDAsMTQwLDA=
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxTZXJ2ZXVyIGRlIGJhc2UgZGUgbWVzc2FnZXJpZSBpbnN0YW50YW7DqWUsMCwxNzAsMA==
+extraColumns:: Z2l2ZW5OYW1lLFByw6lub20sMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixNYWdhc2luIGJvw650ZSBhdXggbGV0dHJlcyBFeGNoYW5nZSwwLDEwMCww
+extraColumns:: bWFpbE5pY2tuYW1lLEFsaWFzIEV4Y2hhbmdlLDAsMTc1LDA=
+extraColumns:: bWFpbCxBZHJlc3NlIGRlIG1lc3NhZ2VyaWUsMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsTm9tIGQnb3V2ZXJ0dXJlIGRlIHNlc3Npb24gYW50w6lyaWV1ciDDoCBXaW5kb3dzIDIwMDAsMCwxMjAsMA==
+extraColumns:: ZGlzcGxheU5hbWUsTm9tIGNvbXBsZXQsMCwxMDAsMA==
+extraColumns:: ZGVwYXJ0bWVudCxEw6lwYXJ0ZW1lbnQsMCwxNTAsMA==
+extraColumns:: YyxQYXlzLDAsLTEsMA==
+extraColumns:: Y29tcGFueSxTb2Npw6l0w6ksMCwxNTAsMA==
+extraColumns:: bCxWaWxsZSwwLDE1MCww
+extraColumns:: dGVsZXBob25lTnVtYmVyLFTDqWzDqXBob25lIHByb2Zlc3Npb25uZWwsMCwxMDAsMA==
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Conteneur de sites
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Conteneur de transports inter-sites
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: Q29udGVuZXVyIGRlIHNvdXMtcsOpc2VhdXg=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Conteneur de serveurs
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Service Active Directory
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U3RyYXTDqWdpZSBkZSByZXF1w6p0ZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: U8OpY3VyaXTDqSBleHTDqXJpZXVyZSBwcmluY2lwYWxl
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: TW9kw6hsZSBkZSBjZXJ0aWZpY2F0
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns: lastKnownParent,Dernier parent connu,1,300,0
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGFudA==
+attributeDisplayNames:: Y24sTm9t
+attributeDisplayNames:: YyxBYnLDqXZpYXRpb24gZHUgcGF5cw==
+attributeDisplayNames:: Y28sUGF5cw==
+attributeDisplayNames:: Y29tbWVudCxDb21tZW50YWlyZQ==
+attributeDisplayNames:: Y29tcGFueSxTb2Npw6l0w6k=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEw6lwYXJ0ZW1lbnQ=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcHRpb24=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxDb2xsYWJvcmF0ZXVycyBkaXJlY3Rz
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tIHVuaXF1ZSBYNTAw
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb24=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxOdW3DqXJvIGQnZW1wbG95w6k=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bcOpcm8gZGUgdMOpbMOpY29waWV1csKg
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZmaXhlIGRlIGfDqW7DqXJhdGlvbg==
+attributeDisplayNames:: Z2l2ZW5OYW1lLFByw6lub20=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxEb3NzaWVyIGRlIGJhc2U=
+attributeDisplayNames:: aG9tZURyaXZlLExlY3RldXIgZGUgYmFzZQ==
+attributeDisplayNames:: aG9tZVBob25lLFTDqWzDqXBob25lIGRvbWljaWxl
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzZSBkb21pY2lsZQ==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVzwqA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTnVtw6lybyBSTklTIGludGVybmF0aW9uYWwgKEF1dHJlcyk=
+attributeDisplayNames:: aXBQaG9uZSxOdW3DqXJvIGRlIHTDqWzDqXBob25lIElQ
+attributeDisplayNames:: bCxWaWxsZQ==
+attributeDisplayNames:: bWFpbCxBZHJlc3NlIGRlIG1lc3NhZ2VyaWU=
+attributeDisplayNames:: bWFuYWdlcixTdXDDqXJpZXVyIGRpcmVjdA==
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJlIGRl
+attributeDisplayNames:: bWlkZGxlTmFtZSxEZXV4acOobWUgcHLDqW5vbQ==
+attributeDisplayNames:: bW9iaWxlLE51bcOpcm8gZGUgdMOpbMOpcGhvbmUgbW9iaWxl
+attributeDisplayNames:: aW5mbyxSZW1hcnF1ZXM=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtw6lybyBkZSB0w6lsw6ljb3BpZXVyIChBdXRyZXMp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSBkb21pY2lsZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bcOpcm8gZGUgdMOpbMOpcGhvbmUgSVAgKEF1dHJlcyk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEFkcmVzc2UgZGUgbWVzc2FnZXJpZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSBtb2JpbGUgKEF1dHJlcyk=
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW3DqXJvIGRlIHLDqWNlcHRldXIgZGUgcmFkaW8tbWVzc2FnZXJpZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSAoQXV0cmVzKQ==
+attributeDisplayNames:: cGFnZXIsTnVtw6lybyBkZSByw6ljZXB0ZXVyIGRlIHJhZGlvLW1lc3NhZ2VyaWU=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRyZQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQWRyZXNzZSBkdSBidXJlYXU=
+attributeDisplayNames:: cG9zdGFsQ29kZSxDb2RlIHBvc3RhbA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxCb8OudGUgcG9zdGFsZQ==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE51bcOpcm8gUk5JUyBpbnRlcm5hdGlvbmFs
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bcOpcm8gZGUgdMOpbGV4
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tIGQnb3V2ZXJ0dXJlIGRlIHNlc3Npb24gKGFudMOpcmlldXIgw6AgV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: c24sTm9tIGRlIGZhbWlsbGU=
+attributeDisplayNames:: c3Qsw4l0YXQvUsOpZ2lvbg==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc3NlIHBvc3RhbGU=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bcOpcm8gZGUgdMOpbMOpcGhvbmU=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtw6lybyBkZSB0w6lsZXggKEF1dHJlcyk=
+attributeDisplayNames:: dGl0bGUsSW50aXR1bMOpIGRlIGxhIGZvbmN0aW9u
+attributeDisplayNames:: dXJsLEFkcmVzc2UgZGUgcGFnZSBXZWIgKEF1dHJlcyk=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tIGNvbXBsZXQ=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxTdGF0aW9ucyBkZSB0cmF2YWlsIGFjY2Vzc2libGVz
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tIGQnb3V2ZXJ0dXJlIGRlIHNlc3Npb24=
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBkZSBwYWdlIFZi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=DS-UI-Default-Settings,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Groupe IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: Service IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Utilisateur
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBkZSBwYWdlIFZi
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tIGQnb3V2ZXJ0dXJlIGRlIHNlc3Npb24=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxTdGF0aW9ucyBkZSB0cmF2YWlsIGFjY2Vzc2libGVz
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tIGNvbXBsZXQ=
+attributeDisplayNames:: dXJsLEFkcmVzc2UgZGUgcGFnZSBXZWIgKEF1dHJlcyk=
+attributeDisplayNames:: dGl0bGUsSW50aXR1bMOpIGRlIGxhIGZvbmN0aW9u
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtw6lybyBkZSB0w6lsZXggKEF1dHJlcyk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bcOpcm8gZGUgdMOpbMOpcGhvbmU=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc3NlIHBvc3RhbGU=
+attributeDisplayNames:: c3Qsw4l0YXQvUsOpZ2lvbg==
+attributeDisplayNames:: c24sTm9tIGRlIGZhbWlsbGU=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tIGQnb3V2ZXJ0dXJlIGRlIHNlc3Npb24gKGFudMOpcmlldXIgw6AgV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bcOpcm8gZGUgdMOpbGV4
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE51bcOpcm8gUk5JUyBpbnRlcm5hdGlvbmFs
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxCb8OudGUgcG9zdGFsZQ==
+attributeDisplayNames:: cG9zdGFsQ29kZSxDb2RlIHBvc3RhbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQWRyZXNzZSBkdSBidXJlYXU=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRyZQ==
+attributeDisplayNames:: cGFnZXIsTnVtw6lybyBkZSByw6ljZXB0ZXVyIGRlIHJhZGlvLW1lc3NhZ2VyaWU=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW3DqXJvIGRlIHLDqWNlcHRldXIgZGUgcmFkaW8tbWVzc2FnZXJpZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSBtb2JpbGUgKEF1dHJlcyk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEFkcmVzc2UgZGUgbWVzc2FnZXJpZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bcOpcm8gZGUgdMOpbMOpcGhvbmUgSVAgKEF1dHJlcyk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSBkb21pY2lsZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtw6lybyBkZSB0w6lsw6ljb3BpZXVyIChBdXRyZXMp
+attributeDisplayNames:: aW5mbyxSZW1hcnF1ZXM=
+attributeDisplayNames:: bW9iaWxlLE51bcOpcm8gZGUgdMOpbMOpcGhvbmUgbW9iaWxl
+attributeDisplayNames:: bWlkZGxlTmFtZSxEZXV4acOobWUgcHLDqW5vbQ==
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJlIGRl
+attributeDisplayNames:: bWFuYWdlcixTdXDDqXJpZXVyIGRpcmVjdA==
+attributeDisplayNames:: bWFpbCxBZHJlc3NlIGRlIG1lc3NhZ2VyaWU=
+attributeDisplayNames:: bCxWaWxsZQ==
+attributeDisplayNames:: aXBQaG9uZSxOdW3DqXJvIGRlIHTDqWzDqXBob25lIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTnVtw6lybyBSTklTIGludGVybmF0aW9uYWwgKEF1dHJlcyk=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVzwqA=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzZSBkb21pY2lsZQ==
+attributeDisplayNames:: aG9tZVBob25lLFTDqWzDqXBob25lIGRvbWljaWxl
+attributeDisplayNames:: aG9tZURyaXZlLExlY3RldXIgZGUgYmFzZQ==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxEb3NzaWVyIGRlIGJhc2U=
+attributeDisplayNames:: Z2l2ZW5OYW1lLFByw6lub20=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZmaXhlIGRlIGfDqW7DqXJhdGlvbg==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bcOpcm8gZGUgdMOpbMOpY29waWV1csKg
+attributeDisplayNames:: ZW1wbG95ZWVJRCxOdW3DqXJvIGQnZW1wbG95w6k=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb24=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tIHVuaXF1ZSBYNTAw
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxDb2xsYWJvcmF0ZXVycyBkaXJlY3Rz
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcHRpb24=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEw6lwYXJ0ZW1lbnQ=
+attributeDisplayNames:: Y29tcGFueSxTb2Npw6l0w6k=
+attributeDisplayNames:: Y29tbWVudCxDb21tZW50YWlyZQ==
+attributeDisplayNames:: Y28sUGF5cw==
+attributeDisplayNames:: YyxBYnLDqXZpYXRpb24gZHUgcGF5cw==
+attributeDisplayNames:: Y24sTm9t
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGFudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Groupe
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBkZSBwYWdlIFZi
+attributeDisplayNames:: dXJsLEFkcmVzc2UgZGUgcGFnZSBXZWIgKEF1dHJlcyk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tIGRlIGdyb3VwZSAoYW50w6lyaWV1ciDDoCBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQWRyZXNzZSBkdSBidXJlYXU=
+attributeDisplayNames:: aW5mbyxSZW1hcnF1ZXM=
+attributeDisplayNames:: bWVtYmVyLE1lbWJyZXM=
+attributeDisplayNames:: bWFuYWdlZEJ5LEfDqXLDqSBwYXI=
+attributeDisplayNames:: bCxWaWxsZQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tIHVuaXF1ZSBYNTAw
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcHRpb24=
+attributeDisplayNames:: YyxBYnLDqXZpYXRpb24gZHUgcGF5cw==
+attributeDisplayNames:: Y24sTm9t
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Domaine
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Description
+attributeDisplayNames: dc,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contact
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBkZSBwYWdlIFZi
+attributeDisplayNames:: dXJsLEFkcmVzc2UgZGUgcGFnZSBXZWIgKEF1dHJlcyk=
+attributeDisplayNames:: dGl0bGUsSW50aXR1bMOpIGRlIGxhIGZvbmN0aW9u
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtw6lybyBkZSB0w6lsZXggKEF1dHJlcyk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bcOpcm8gZGUgdMOpbMOpcGhvbmU=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc3NlIHBvc3RhbGU=
+attributeDisplayNames:: c3Qsw4l0YXQvUsOpZ2lvbg==
+attributeDisplayNames:: c24sTm9tIGRlIGZhbWlsbGU=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bcOpcm8gZGUgdMOpbGV4
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE51bcOpcm8gUk5JUyBpbnRlcm5hdGlvbmFs
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxCb8OudGUgcG9zdGFsZQ==
+attributeDisplayNames:: cG9zdGFsQ29kZSxDb2RlIHBvc3RhbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQWRyZXNzZSBkdSBidXJlYXU=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRyZQ==
+attributeDisplayNames:: cGFnZXIsTnVtw6lybyBkZSByw6ljZXB0ZXVyIGRlIHJhZGlvLW1lc3NhZ2VyaWU=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW3DqXJvIGRlIHLDqWNlcHRldXIgZGUgcmFkaW8tbWVzc2FnZXJpZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSBtb2JpbGUgKEF1dHJlcyk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEFkcmVzc2UgZGUgbWVzc2FnZXJpZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bcOpcm8gZGUgdMOpbMOpcGhvbmUgSVAgKEF1dHJlcyk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSBkb21pY2lsZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtw6lybyBkZSB0w6lsw6ljb3BpZXVyIChBdXRyZXMp
+attributeDisplayNames:: bW9iaWxlLE51bcOpcm8gZGUgdMOpbMOpcGhvbmUgbW9iaWxl
+attributeDisplayNames:: bWlkZGxlTmFtZSxEZXV4acOobWUgcHLDqW5vbQ==
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJlIGRl
+attributeDisplayNames:: bWFuYWdlcixTdXDDqXJpZXVyIGRpcmVjdA==
+attributeDisplayNames:: bWFpbCxBZHJlc3NlIGRlIG1lc3NhZ2VyaWU=
+attributeDisplayNames:: bCxWaWxsZQ==
+attributeDisplayNames:: aXBQaG9uZSxOdW3DqXJvIGRlIHTDqWzDqXBob25lIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTnVtw6lybyBSTklTIGludGVybmF0aW9uYWwgKEF1dHJlcyk=
+attributeDisplayNames:: aW5mbyxSZW1hcnF1ZXM=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVzwqA=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzZSBkb21pY2lsZQ==
+attributeDisplayNames:: aG9tZVBob25lLFTDqWzDqXBob25lIGRvbWljaWxl
+attributeDisplayNames:: Z2l2ZW5OYW1lLFByw6lub20=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZmaXhlIGRlIGfDqW7DqXJhdGlvbg==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bcOpcm8gZGUgdMOpbMOpY29waWV1csKg
+attributeDisplayNames:: ZW1wbG95ZWVJRCxOdW3DqXJvIGQnZW1wbG95w6k=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb24=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tIHVuaXF1ZSBYNTAw
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tIGNvbXBsZXQ=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxDb2xsYWJvcmF0ZXVycyBkaXJlY3Rz
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcHRpb24=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEw6lwYXJ0ZW1lbnQ=
+attributeDisplayNames:: Y29tcGFueSxTb2Npw6l0w6k=
+attributeDisplayNames:: Y29tbWVudCxDb21tZW50YWlyZQ==
+attributeDisplayNames:: Y24sTm9t
+attributeDisplayNames:: Y28sUGF5cw==
+attributeDisplayNames:: YyxBYnLDqXZpYXRpb24gZHUgcGF5cw==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGFudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U3RyYXTDqWdpZSBkZSBkb21haW5l
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U3RyYXTDqWdpZSBsb2NhbGU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Service
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Ordinateur
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tIGQnb3JkaW5hdGV1ciAoYW50w6lyaWV1ciDDoCBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixWZXJzaW9uIGR1IHN5c3TDqG1lIGQnZXhwbG9pdGF0aW9u
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLFN5c3TDqG1lIGQnZXhwbG9pdGF0aW9u
+attributeDisplayNames:: bWFuYWdlZEJ5LEfDqXLDqSBwYXI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcHRpb24=
+attributeDisplayNames:: Y24sTm9t
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Imprimante
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixWZXJzaW9uIGRlIGwnb2JqZXQ=
+attributeDisplayNames:: dXJsLEFkcmVzc2UgZGUgcGFnZSBWYg==
+attributeDisplayNames:: c2VydmVyTmFtZSxOb20gZGUgc2VydmV1cg==
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxQcmVuZCBlbiBjaGFyZ2UgbCdhZ3JhZmFnZQ==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTm9tIGR1IHBhcnRhZ2U=
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxQYWdlcyBwYXIgbWludXRl
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxVbml0w6lzIGRlIHZpdGVzc2U=
+attributeDisplayNames:: cHJpbnRSYXRlLFZpdGVzc2U=
+attributeDisplayNames:: cHJpbnRPd25lcixOb20gZHUgcHJvcHJpw6l0YWlyZQ==
+attributeDisplayNames:: cHJpbnRNZW1vcnksTcOpbW9pcmUgaW5zdGFsbMOpZQ==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxUeXBlcyBkZSBwYXBpZXIgcHJpcyBlbiBjaGFyZ2U=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFBhcGllciBkaXNwb25pYmxlwqA=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLFLDqXNvbHV0aW9uIG1heGltYWxl
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxMYW5nYWdlIGRlIGwnaW1wcmltYW50ZQ==
+attributeDisplayNames:: cHJpbnRlck5hbWUsTm9t
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsUHJlbmQgZW4gY2hhcmdlIGwnaW1wcmVzc2lvbiByZWN0byB2ZXJzbw==
+attributeDisplayNames:: cHJpbnRDb2xvcixQcmVuZCBlbiBjaGFyZ2UgbCdpbXByZXNzaW9uIGVuIGNvdWxldXI=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFByZW5kIGVuIGNoYXJnZSBsJ2Fzc2VtYmxhZ2U=
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxCYWNzIGQnZW50csOpZQ==
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydA==
+attributeDisplayNames:: bG9jYXRpb24sRW1wbGFjZW1lbnQ=
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2TDqGxl
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQ29tbWVudGFpcmU=
+attributeDisplayNames:: Y29udGFjdE5hbWUsQ29udGFjdA==
+attributeDisplayNames:: YXNzZXROdW1iZXIsTnVtw6lybyBkZSBjb250csO0bGU=
+attributeDisplayNames:: dU5DTmFtZSxOb20gcsOpc2VhdQ==
+attributeDisplayNames:: Y24sTm9tIGR1IHNlcnZpY2UgZCdhbm51YWlyZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Site
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Serveur
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: UGFyYW3DqHRyZXM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: UGFyYW3DqHRyZXMgZHUgY29udHLDtGxldXIgZGUgZG9tYWluZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Connexion
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: UGFyYW3DqHRyZXMgRlJT
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: SmV1IGRlIHLDqXBsaWNhcyBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: U291cy1yw6lzZWF1wqA=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Lien du site
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Pont de la liaison du site
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contacto
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIGRlIHDDoWdpbmEgZGEgV2Vi
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkYSBww6FnaW5hIFdFQiAob3V0cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTsO6bWVybyBkZSB0ZWxleCAob3V0cm9zKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgdGVsZWZvbmU=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxSdWE=
+attributeDisplayNames:: c3QsRGlzdHJpdG8=
+attributeDisplayNames:: c24sQXBlbGlkbw==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE7Dum1lcm8gZGUgdGVsZXg=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE7Dum1lcm8gUkRJUyBpbnRlcm5hY2lvbmFs
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxBcGFydGFkbw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxDw7NkaWdvIHBvc3RhbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9jYWxpemHDp8OjbyBkbyBlc2NyaXTDs3Jpbw==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGFnZXIsTsO6bWVybyBkZSBwYWdlcg==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTsO6bWVybyBkZSB0ZWxlZm9uZSAob3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOw7ptZXJvIGRlIHBhZ2VyIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTsO6bWVybyBkZSB0ZWxlbcOzdmVsIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVuZGVyZcOnbyBkZSBjb3JyZWlvIGVsZWN0csOzbmljbyAob3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLE7Dum1lcm8gZGUgdGVsZWZvbmUgSVAgKG91dHJvcyk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTsO6bWVybyBkZSB0ZWxlZm9uZSBkYSByZXNpZMOqbmNpYSAob3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTsO6bWVyb3MgZGUgZmF4IChvdXRyb3Mp
+attributeDisplayNames:: bW9iaWxlLE7Dum1lcm8gZGUgdGVsZW3Ds3ZlbA==
+attributeDisplayNames:: bWlkZGxlTmFtZSwywrogbm9tZQ==
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJvIGRl
+attributeDisplayNames:: bWFuYWdlcixHZXN0b3I=
+attributeDisplayNames:: bWFpbCxFbmRlcmXDp28gZGUgY29ycmVpbyBlbGVjdHLDs25pY28=
+attributeDisplayNames:: bCxMb2NhbGlkYWRl
+attributeDisplayNames:: aXBQaG9uZSxOw7ptZXJvIGRlIHRlbGVmb25lIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTsO6bWVybyBSRElTIGludGVybmFjaW9uYWwgKG91dHJvcyk=
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhaXM=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRW5kZXJlw6dvIGRhIHJlc2lkw6puY2lh
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25lIGRhIHJlc2lkw6puY2lh
+attributeDisplayNames:: Z2l2ZW5OYW1lLE5vbWUgcHLDs3ByaW8=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpeG8gZGUgZ2VyYcOnw6Nv
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZG8gZmF4
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJRCBkbyBlbXByZWdhZG8=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXPDo28=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBYNTAwIGRpc3RpbnRv
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tZSBhIGFwcmVzZW50YXI=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxDb2xhYm9yYWRvcmVzIGRpcmVjdG9z
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: Y29tcGFueSxFbXByZXNh
+attributeDisplayNames:: Y29tbWVudCxDb21lbnTDoXJpbw==
+attributeDisplayNames:: Y24sTm9tZQ==
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkbyBwYcOtcw==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: UG9sw610aWNhIGRlIGRvbcOtbmlv
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: UG9sw610aWNhIGxvY2Fs
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U2VydmnDp28=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Computador
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkbyBjb21wdXRhZG9yIChhbnRlcmlvciBhbyBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixWZXJzw6NvIGRvIHNpc3RlbWEgb3BlcmF0aXZv
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLFNpc3RlbWEgb3BlcmF0aXZv
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmlkbyBwb3I=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Impressora
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixWZXJzw6NvIGRvIG9iamVjdG8=
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkZSBww6FnaW5hIGRhIFdlYg==
+attributeDisplayNames:: c2VydmVyTmFtZSxOb21lIGRvIHNlcnZpZG9y
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxTdXBvcnRhIGFncmFmYW1lbnRv
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTm9tZSBkZSBwYXJ0aWxoYQ==
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxQw6FnaW5hcyBwb3IgbWludXRv
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxVbmlkYWRlcyBkZSB2ZWxvY2lkYWRl
+attributeDisplayNames:: cHJpbnRSYXRlLFZlbG9jaWRhZGU=
+attributeDisplayNames:: cHJpbnRPd25lcixOb21lIGRvIHByb3ByaWV0w6FyaW8=
+attributeDisplayNames:: cHJpbnRNZW1vcnksTWVtw7NyaWEgaW5zdGFsYWRh
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxUaXBvcyBkZSBwYXBlbCBzdXBvcnRhZG9z
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFBhcGVsIGRpc3BvbsOtdmVs
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLFJlc29sdcOnw6NvIG3DoXhpbWE=
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxMaW5ndWFnZW0gZGEgaW1wcmVzc29yYQ==
+attributeDisplayNames:: cHJpbnRlck5hbWUsTm9tZQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsU3Vwb3J0YSBpbXByZXNzw6NvIGRvcyBkb2lzIGxhZG9z
+attributeDisplayNames:: cHJpbnRDb2xvcixTdXBvcnRhIGltcHJlc3PDo28gYSBjb3Jlcw==
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFN1cG9ydGEgY8OzcGlhcyBhZ3J1cGFkYXM=
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxUYWJ1bGVpcm8gZGUgZW50cmFkYQ==
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydGE=
+attributeDisplayNames:: bG9jYXRpb24sTG9jYWxpemHDp8Ojbw==
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQ29tZW50w6FyaW8=
+attributeDisplayNames:: Y29udGFjdE5hbWUsQ29udGFjdG8=
+attributeDisplayNames:: YXNzZXROdW1iZXIsTsO6bWVybyBkZSBjb250cm9sbw==
+attributeDisplayNames:: dU5DTmFtZSxOb21lIGRlIHJlZGU=
+attributeDisplayNames:: Y24sTm9tZSBkbyBzZXJ2acOnbyBkZSBkaXJlY3TDs3Jpbw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Local
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Servidor
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: RGVmaW5pw6fDtWVz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: RGVmaW5pw6fDtWVzIGRvIGNvbnRyb2xhZG9yIGRlIGRvbcOtbmlv
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: TGlnYcOnw6Nv
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RGVmaW5pw6fDtWVzIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: Q29uanVudG8gZGUgcsOpcGxpY2FzIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Subrede
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLink-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: TGlnYcOnw6NvIHBhcmEgbyBzaXRl
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: QnJpZGdlIGRlIGxpZ2HDp8OjbyBwYXJhIG8gc2l0ZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Transporte entre sites
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: RGVmaW5pw6fDtWVzIGRvIHNpdGUgZGUgbGljZW5jaWFtZW50bw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: RGVmaW5pw6fDtWVzIGRvIHNpdGU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Membro FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Subscritor FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: U3Vic2NyacOnw7VlcyBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Unidade organizacional
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmlkbyBwb3I=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: b3UsTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contentor
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: U2VydmnDp29zIFJQQw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RG9tw61uaW8gZmlkZWRpZ25v
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Pasta partilhada
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxDYW1pbmhvIGRlIHJlZGU=
+attributeDisplayNames:: a2V5d29yZHMsUGFsYXZyYXMtY2hhdmU=
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmlkbyBwb3I=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: Fila MSMQ
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: Q29uZmlndXJhw6fDo28gTVNNUQ==
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: Empresa MSMQ
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: VXRpbGl6YWRvciBjb20gYWN0dWFsaXphw6fDo28gTVNNUQ==
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TGlnYcOnw6NvIGRlIGVuY2FtaW5oYW1lbnRvIE1TTVE=
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: RGVmaW5pw6fDtWVzIE1TTVE=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: Alias de fila MSMQ
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSxOb21lIGRvIGZvcm1hdG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: Grupo MSMQ
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLEZpbGFzIGRlIG1lbWJyb3M=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2VydmnDp28gZGUgYXJtYXplbmFtZW50byByZW1vdG8=
+adminContextMenu: 0,&Gerir...,RsAdmin.msc
+attributeDisplayNames: cn,Nome
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=default-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: cG9zdGFsQ29kZSxDw7NkaWdvIHBvc3RhbCwwLDEwMCww
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsRW5kZXJlw6dvIGRlIGNvcnJlaW8gZWxlY3Ryw7NuaWNvIFguNDAwLDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBkZSBpbsOtY2lvIGRlIHNlc3PDo28gZG8gdXRpbGl6YWRvciwwLDIwMCww
+extraColumns:: dGl0bGUsQ2FyZ28sMCwxMDAsMA==
+extraColumns:: dGFyZ2V0QWRkcmVzcyxFbmRlcmXDp28gZGUgZGVzdGlubywwLDEwMCww
+extraColumns:: c3QsUmVnacOjbywwLDEwMCww
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsRXNjcml0w7NyaW8sMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQsTW9kaWZpY2FkbywwLDEzMCww
+extraColumns:: c24sQXBlbGlkbywwLDEwMCww
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMIGRlIG1lbnNhZ2VucyBpbnN0YW50w6JuZWFzLDAsMTQwLDA=
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxTZXJ2aWRvciBpbmljaWFsIGRlIG1lbnNhZ2VucyBpbnN0YW50w6JuZWFzLDAsMTcwLDA=
+extraColumns:: Z2l2ZW5OYW1lLE5vbWUgcHLDs3ByaW8sMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixBcm1hesOpbSBkZSBjYWl4YSBkZSBjb3JyZWlvIGRlIEV4Y2hhbmdlLDAsMTAwLDA=
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlIEFsaWFzLDAsMTc1LDA=
+extraColumns:: bWFpbCxFbmRlcmXDp28gZGUgY29ycmVpbyBlbGVjdHLDs25pY28sMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsTm9tZSBkZSBpbsOtY2lvIGRlIHNlc3PDo28gcHLDqS1XaW5kb3dzIDIwMDAsMCwxMjAsMA==
+extraColumns:: ZGlzcGxheU5hbWUsTm9tZSBhIGFwcmVzZW50YXIsMCwxMDAsMA==
+extraColumns:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8sMCwxNTAsMA==
+extraColumns:: YyxQYcOtcywwLC0xLDA=
+extraColumns:: Y29tcGFueSxFbXByZXNhLDAsMTUwLDA=
+extraColumns:: bCxMb2NhbGlkYWRlLDAsMTUwLDA=
+extraColumns:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25lIG5hIGVtcHJlc2EsMCwxMDAsMA==
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=sitesContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contentor de sites
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contentor de transporte entre sites
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contentor de subredes
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: Q29udGVudG9yIGRlIHNlcnZpw6dvcw==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2VydmnDp28gZG8gQWN0aXZlIERpcmVjdG9yeQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: UG9sw610aWNhIGRlIGNvbnN1bHRh
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: U2VndXJhbsOnYSBleHRlcm5hIHByaW5jaXBhbA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Modelo de certificado
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LMOabHRpbW8gcHJpbmNpcGFsIGNvbmhlY2lkbywxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+attributeDisplayNames:: Y24sTm9tZQ==
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkbyBwYcOtcw==
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: Y29tbWVudCxDb21lbnTDoXJpbw==
+attributeDisplayNames:: Y29tcGFueSxFbXByZXNh
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxDb2xhYm9yYWRvcmVzIGRpcmVjdG9z
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBYNTAwIGRpc3RpbnRv
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXPDo28=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJRCBkbyBlbXByZWdhZG8=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZG8gZmF4
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpeG8gZGUgZ2VyYcOnw6Nv
+attributeDisplayNames:: Z2l2ZW5OYW1lLE5vbWUgcHLDs3ByaW8=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxQYXN0YSByYWl6
+attributeDisplayNames:: aG9tZURyaXZlLFVuaWRhZGUgcmFpeg==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25lIGRhIHJlc2lkw6puY2lh
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRW5kZXJlw6dvIGRhIHJlc2lkw6puY2lh
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhaXM=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTsO6bWVybyBSRElTIGludGVybmFjaW9uYWwgKG91dHJvcyk=
+attributeDisplayNames:: aXBQaG9uZSxOw7ptZXJvIGRlIHRlbGVmb25lIElQ
+attributeDisplayNames:: bCxMb2NhbGlkYWRl
+attributeDisplayNames:: bWFpbCxFbmRlcmXDp28gZGUgY29ycmVpbyBlbGVjdHLDs25pY28=
+attributeDisplayNames:: bWFuYWdlcixHZXN0b3I=
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJvIGRl
+attributeDisplayNames:: bWlkZGxlTmFtZSwywrogbm9tZQ==
+attributeDisplayNames:: bW9iaWxlLE7Dum1lcm8gZGUgdGVsZW3Ds3ZlbA==
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTsO6bWVyb3MgZGUgZmF4IChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTsO6bWVybyBkZSB0ZWxlZm9uZSBkYSByZXNpZMOqbmNpYSAob3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLE7Dum1lcm8gZGUgdGVsZWZvbmUgSVAgKG91dHJvcyk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVuZGVyZcOnbyBkZSBjb3JyZWlvIGVsZWN0csOzbmljbyAob3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTsO6bWVybyBkZSB0ZWxlbcOzdmVsIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJQYWdlcixOw7ptZXJvIGRlIHBhZ2VyIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTsO6bWVybyBkZSB0ZWxlZm9uZSAob3V0cm9zKQ==
+attributeDisplayNames:: cGFnZXIsTsO6bWVybyBkZSBwYWdlcg==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9jYWxpemHDp8OjbyBkbyBlc2NyaXTDs3Jpbw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxDw7NkaWdvIHBvc3RhbA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxBcGFydGFkbw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE7Dum1lcm8gUkRJUyBpbnRlcm5hY2lvbmFs
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE7Dum1lcm8gZGUgdGVsZXg=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkZSBpbsOtY2lvIGRlIHNlc3PDo28gKGFudGVyaW9yIGFvIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: c24sQXBlbGlkbw==
+attributeDisplayNames:: c3QsRGlzdHJpdG8=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxSdWE=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgdGVsZWZvbmU=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTsO6bWVybyBkZSB0ZWxleCAob3V0cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkYSBww6FnaW5hIFdFQiAob3V0cm9zKQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tZSBhIGFwcmVzZW50YXI=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxFc3Rhw6fDtWVzIGRlIHRyYWJhbGhvIGFjZXNzw612ZWlz
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBkZSBpbsOtY2lvIGRlIHNlc3PDo28=
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIGRlIHDDoWdpbmEgZGEgV2Vi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=DS-UI-Default-Settings,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Custom-Recipient
+msDS-Non-Security-Group-Extra-Classes: MSMQ-Queue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Grupo IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: U2VydmnDp28gSW50ZWxsaU1pcnJvcg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Utilizador
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIGRlIHDDoWdpbmEgZGEgV2Vi
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBkZSBpbsOtY2lvIGRlIHNlc3PDo28=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxFc3Rhw6fDtWVzIGRlIHRyYWJhbGhvIGFjZXNzw612ZWlz
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tZSBhIGFwcmVzZW50YXI=
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkYSBww6FnaW5hIFdFQiAob3V0cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTsO6bWVybyBkZSB0ZWxleCAob3V0cm9zKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgdGVsZWZvbmU=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxSdWE=
+attributeDisplayNames:: c3QsRGlzdHJpdG8=
+attributeDisplayNames:: c24sQXBlbGlkbw==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkZSBpbsOtY2lvIGRlIHNlc3PDo28gKGFudGVyaW9yIGFvIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE7Dum1lcm8gZGUgdGVsZXg=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE7Dum1lcm8gUkRJUyBpbnRlcm5hY2lvbmFs
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxBcGFydGFkbw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxDw7NkaWdvIHBvc3RhbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9jYWxpemHDp8OjbyBkbyBlc2NyaXTDs3Jpbw==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGFnZXIsTsO6bWVybyBkZSBwYWdlcg==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTsO6bWVybyBkZSB0ZWxlZm9uZSAob3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOw7ptZXJvIGRlIHBhZ2VyIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTsO6bWVybyBkZSB0ZWxlbcOzdmVsIChvdXRyb3Mp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVuZGVyZcOnbyBkZSBjb3JyZWlvIGVsZWN0csOzbmljbyAob3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLE7Dum1lcm8gZGUgdGVsZWZvbmUgSVAgKG91dHJvcyk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTsO6bWVybyBkZSB0ZWxlZm9uZSBkYSByZXNpZMOqbmNpYSAob3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTsO6bWVyb3MgZGUgZmF4IChvdXRyb3Mp
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: bW9iaWxlLE7Dum1lcm8gZGUgdGVsZW3Ds3ZlbA==
+attributeDisplayNames:: bWlkZGxlTmFtZSwywrogbm9tZQ==
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJvIGRl
+attributeDisplayNames:: bWFuYWdlcixHZXN0b3I=
+attributeDisplayNames:: bWFpbCxFbmRlcmXDp28gZGUgY29ycmVpbyBlbGVjdHLDs25pY28=
+attributeDisplayNames:: bCxMb2NhbGlkYWRl
+attributeDisplayNames:: aXBQaG9uZSxOw7ptZXJvIGRlIHRlbGVmb25lIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTsO6bWVybyBSRElTIGludGVybmFjaW9uYWwgKG91dHJvcyk=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhaXM=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRW5kZXJlw6dvIGRhIHJlc2lkw6puY2lh
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25lIGRhIHJlc2lkw6puY2lh
+attributeDisplayNames:: aG9tZURyaXZlLFVuaWRhZGUgcmFpeg==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxQYXN0YSByYWl6
+attributeDisplayNames:: Z2l2ZW5OYW1lLE5vbWUgcHLDs3ByaW8=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpeG8gZGUgZ2VyYcOnw6Nv
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZG8gZmF4
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJRCBkbyBlbXByZWdhZG8=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXPDo28=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBYNTAwIGRpc3RpbnRv
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxDb2xhYm9yYWRvcmVzIGRpcmVjdG9z
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: Y29tcGFueSxFbXByZXNh
+attributeDisplayNames:: Y29tbWVudCxDb21lbnTDoXJpbw==
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkbyBwYcOtcw==
+attributeDisplayNames:: Y24sTm9tZQ==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Grupo
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIGRlIHDDoWdpbmEgZGEgV2Vi
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkYSBww6FnaW5hIFdFQiAob3V0cm9zKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkbyBncnVwbyAoYW50ZXJpb3IgYW8gV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9jYWxpemHDp8OjbyBkbyBlc2NyaXTDs3Jpbw==
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: bWVtYmVyLE1lbWJyb3M=
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmlkbyBwb3I=
+attributeDisplayNames:: bCxMb2NhbGlkYWRl
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBYNTAwIGRpc3RpbnRv
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkbyBwYcOtcw==
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9tw61uaW8=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: ZGMsTm9tZQ==
diff --git a/source4/setup/display-specifiers/DisplaySpecifiers-Win2k8.txt b/source4/setup/display-specifiers/DisplaySpecifiers-Win2k8.txt
new file mode 100644
index 0000000..8aa5003
--- /dev/null
+++ b/source4/setup/display-specifiers/DisplaySpecifiers-Win2k8.txt
@@ -0,0 +1,32733 @@
+#Intellectual Property Rights Notice for Open Specifications Documentation
+#
+#- Technical Documentation. Microsoft publishes Open Specifications documentation for protocols, file formats, languages, standards as well as overviews of the interaction among each of these technologies. 
+#
+#- Copyrights. This documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you may make copies of it in order to develop implementations of the technologies described in the Open Specifications and may distribute portions of it in your implementations using these technologies or your documentation as necessary to properly document the implementation. You may also distribute in your implementation, with or without modification, any schema, IDL’s, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the Open Specifications. 
+#
+#- No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation. 
+#
+#- Patents. Microsoft has patents that may cover your implementations of the technologies described in the Open Specifications. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, a given Open Specification may be covered by Microsoft's Open Specification Promise (available here: http://www.microsoft.com/interop/osp) or the Community Promise (available here:  http://www.microsoft.com/interop/cp/default.mspx). If you would prefer a written license, or if the technologies described n the Open Specifications are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting iplg@microsoft.com. 
+#
+#- Trademarks. The names of companies and products contained in this documentation may be covered by trademarks or similar intellectual property rights. This notice does not grant any licenses under those rights. 
+#
+#- Reservation of Rights. All other rights are reserved, and this notice does not grant any rights other than specifically described above, whether by implication, estoppel, or otherwise. 
+#
+#- Tools. The Open Specifications do not require the use of Microsoft programming tools or programming environments in order for you to develop an implementation. If you have access to Microsoft programming tools and environments you are free to take advantage of them. Certain Open Specifications are intended for use in conjunction with publicly available standard specifications and network programming art, and assumes that the reader either is familiar with the aforementioned material or has immediate access to it.
+#
+#- Preliminary Documentation. This Open Specification is preliminary documentation for this technology.  Since the documentation may change between this preliminary version and the final version, there are risks in relying on preliminary documentation. To the extent that you incur additional development obligations or any other costs as a result of relying on this preliminary documentation, you do so at your own risk.
+
+dn: CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+cn: DisplaySpecifiers
+distinguishedName: CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectVersion: 1
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DisplaySpecifiers
+systemFlags: -2147483648
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror-Gruppe
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror-Dienst
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Benutzer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2Vic2VpdGVuYWRyZXNzZQ==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsQW5tZWxkZW5hbWU=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxBbm1lbGRlYXJiZWl0c3N0YXRpb25lbg==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsQW56ZWlnZW5hbWU=
+attributeDisplayNames:: dXJsLFdlYnNlaXRlbmFkcmVzc2UgKEFuZGVyZSk=
+attributeDisplayNames:: dGl0bGUsUG9zaXRpb24=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhudW1tZXIgKEFuZGVyZSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFJ1Zm51bW1lcg==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxTdHJhw59l
+attributeDisplayNames:: c3QsQnVuZGVzbGFuZC9LYW50b24=
+attributeDisplayNames:: c24sTmFjaG5hbWU=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsQW5tZWxkZW5hbWUgKFByw6QtV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4bnVtbWVy
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGwuIElTRE4tTnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0ZmFjaA==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQTFo=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQsO8cm8=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxBbnJlZGU=
+attributeDisplayNames:: cGFnZXIsUGFnZXJudW1tZXI=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsUnVmbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJQYWdlcixQYWdlcm51bW1lciAoQW5kZXJlKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWxmdW5rbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtTWFpbC1BZHJlc3NlIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLVJ1Zm51bW1lciAoQW5kZXJlKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsUHJpdmF0cnVmbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: aW5mbyxIaW53ZWlzZQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsQWJ0ZWlsdW5nIChwaG9uZXRpc2NoKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZpcm1hIChwaG9uZXRpc2NoKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEFuemVpZ2VuYW1lIChwaG9uZXRpc2NoKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLE5hY2huYW1lIChwaG9uZXRpc2NoKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxWb3JuYW1lIChwaG9uZXRpc2NoKQ==
+attributeDisplayNames:: bW9iaWxlLE1vYmlsZnVua251bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxad2VpdGVyIFZvcm5hbWU=
+attributeDisplayNames:: bWVtYmVyT2YsTWl0Z2xpZWQgdm9u
+attributeDisplayNames:: bWFuYWdlcixWb3JnZXNldHp0ZShyKQ==
+attributeDisplayNames:: bWFpbCxFLU1haWwtQWRyZXNzZQ==
+attributeDisplayNames:: bCxPcnQ=
+attributeDisplayNames:: aXBQaG9uZSxJUC1SdWZudW1tZXI=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50bC4gSVNETi1OdW1tZXIgKEFuZGVyZSk=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVu
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsUHJpdmF0YWRyZXNzZQ==
+attributeDisplayNames:: aG9tZVBob25lLFByaXZhdHJ1Zm51bW1lcg==
+attributeDisplayNames:: aG9tZURyaXZlLEJhc2lzbGF1Zndlcms=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxCYXNpc29yZG5lcg==
+attributeDisplayNames:: Z2l2ZW5OYW1lLFZvcm5hbWU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYW1lbnN6dXNhdHo=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBcmJlaXRuZWhtZXJrZW5udW5n
+attributeDisplayNames:: ZGl2aXNpb24sSGF1cHRhYnRlaWx1bmc=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsRGVmaW5pZXJ0ZXIgTmFtZQ==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxNaXRhcmJlaXRlcg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVzY2hyZWlidW5n
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBYnRlaWx1bmc=
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y28sTGFuZC9SZWdpb24=
+attributeDisplayNames:: YyxMYW5kZXNhYmvDvHJ6dW5n
+attributeDisplayNames:: Y24sTmFtZQ==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Gruppe
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2Vic2VpdGVuYWRyZXNzZQ==
+attributeDisplayNames:: dXJsLFdlYnNlaXRlbmFkcmVzc2UgKEFuZGVyZSk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsR3J1cHBlbm5hbWUgKFByw6QtV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQsO8cm8=
+attributeDisplayNames:: aW5mbyxIaW53ZWlzZQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEFuemVpZ2VuYW1lIChwaG9uZXRpc2NoKQ==
+attributeDisplayNames:: bWVtYmVyLE1pdGdsaWVkZXI=
+attributeDisplayNames:: bWFuYWdlZEJ5LFZlcndhbHRldCB2b24=
+attributeDisplayNames:: bCxPcnQ=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsRGVmaW5pZXJ0ZXIgTmFtZQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVzY2hyZWlidW5n
+attributeDisplayNames:: YyxMYW5kZXNhYmvDvHJ6dW5n
+attributeDisplayNames:: Y24sTmFtZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9tw6RuZQ==
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: dc,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Kontakt
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2Vic2VpdGVuYWRyZXNzZQ==
+attributeDisplayNames:: dXJsLFdlYnNlaXRlbmFkcmVzc2UgKEFuZGVyZSk=
+attributeDisplayNames:: dGl0bGUsUG9zaXRpb24=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhudW1tZXIgKEFuZGVyZSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFJ1Zm51bW1lcg==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxTdHJhw59l
+attributeDisplayNames:: c3QsQnVuZGVzbGFuZC9LYW50b24=
+attributeDisplayNames:: c24sTmFjaG5hbWU=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4bnVtbWVy
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGwuIElTRE4tTnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0ZmFjaA==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQTFo=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQsO8cm8=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxBbnJlZGU=
+attributeDisplayNames:: cGFnZXIsUGFnZXJudW1tZXI=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsUnVmbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJQYWdlcixQYWdlcm51bW1lciAoQW5kZXJlKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWxmdW5rbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtTWFpbC1BZHJlc3NlIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLVJ1Zm51bW1lciAoQW5kZXJlKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsUHJpdmF0cnVmbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsQWJ0ZWlsdW5nIChwaG9uZXRpc2NoKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZpcm1hIChwaG9uZXRpc2NoKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEFuemVpZ2VuYW1lIChwaG9uZXRpc2NoKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLE5hY2huYW1lIChwaG9uZXRpc2NoKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxWb3JuYW1lIChwaG9uZXRpc2NoKQ==
+attributeDisplayNames:: bW9iaWxlLE1vYmlsZnVua251bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxad2VpdGVyIFZvcm5hbWU=
+attributeDisplayNames:: bWVtYmVyT2YsTWl0Z2xpZWQgdm9u
+attributeDisplayNames:: bWFuYWdlcixWb3JnZXNldHp0ZShyKQ==
+attributeDisplayNames:: bWFpbCxFLU1haWwtQWRyZXNzZQ==
+attributeDisplayNames:: bCxPcnQ=
+attributeDisplayNames:: aXBQaG9uZSxJUC1SdWZudW1tZXI=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50bC4gSVNETi1OdW1tZXIgKEFuZGVyZSk=
+attributeDisplayNames:: aW5mbyxIaW53ZWlzZQ==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVu
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsUHJpdmF0YWRyZXNzZQ==
+attributeDisplayNames:: aG9tZVBob25lLFByaXZhdHJ1Zm51bW1lcg==
+attributeDisplayNames:: Z2l2ZW5OYW1lLFZvcm5hbWU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYW1lbnN6dXNhdHo=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBcmJlaXRuZWhtZXJrZW5udW5n
+attributeDisplayNames:: ZGl2aXNpb24sSGF1cHRhYnRlaWx1bmc=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsRGVmaW5pZXJ0ZXIgTmFtZQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsQW56ZWlnZW5hbWU=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxNaXRhcmJlaXRlcg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVzY2hyZWlidW5n
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBYnRlaWx1bmc=
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y24sTmFtZQ==
+attributeDisplayNames:: Y28sTGFuZC9SZWdpb24=
+attributeDisplayNames:: YyxMYW5kZXNhYmvDvHJ6dW5n
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9tw6RuZW5yaWNodGxpbmll
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Lokale Richtlinie
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Freigegebener Ordner
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxOZXR6d2Vya3BmYWQ=
+attributeDisplayNames:: a2V5d29yZHMsU2NobMO8c3NlbHfDtnJ0ZXI=
+attributeDisplayNames:: bWFuYWdlZEJ5LFZlcndhbHRldCB2b24=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVzY2hyZWlidW5n
+attributeDisplayNames:: Y24sTmFtZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Dienst
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Computer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEFuemVpZ2VuYW1lIChwaG9uZXRpc2NoKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsQ29tcHV0ZXJuYW1lIChQcsOkLVdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixCZXRyaWVic3N5c3RlbXZlcnNpb24=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLEJldHJpZWJzc3lzdGVt
+attributeDisplayNames:: bWFuYWdlZEJ5LFZlcndhbHRldCB2b24=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVzY2hyZWlidW5n
+attributeDisplayNames:: Y24sTmFtZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Drucker
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixPYmpla3R2ZXJzaW9u
+attributeDisplayNames:: dXJsLFdlYnNlaXRlbmFkcmVzc2U=
+attributeDisplayNames:: c2VydmVyTmFtZSxTZXJ2ZXJuYW1l
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxVbnRlcnN0w7x0enQgSGVmdGVu
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsRnJlaWdhYmVuYW1l
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxTZWl0ZW4gcHJvIE1pbnV0ZQ==
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxHZXNjaHdpbmRpZ2tlaXRzZWluaGVpdGVu
+attributeDisplayNames:: cHJpbnRSYXRlLEdlc2Nod2luZGlna2VpdA==
+attributeDisplayNames:: cHJpbnRPd25lcixCZXNpdHplcg==
+attributeDisplayNames:: cHJpbnRNZW1vcnksSW5zdGFsbGllcnRlciBTcGVpY2hlcg==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxVbnRlcnN0w7x0enRlIFBhcGllcnR5cGVu
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFZlcmbDvGdiYXJlcyBQYXBpZXI=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLE1heGltYWxlIEF1ZmzDtnN1bmc=
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxEcnVja2Vyc3ByYWNoZQ==
+attributeDisplayNames:: cHJpbnRlck5hbWUsTmFtZQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsVW50ZXJzdMO8dHp0IGJlaWRzZWl0aWdlcyBEcnVja2Vu
+attributeDisplayNames:: cHJpbnRDb2xvcixVbnRlcnN0w7x0enQgZmFyYmlnZXMgRHJ1Y2tlbg==
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFVudGVyc3TDvHR6dCBTb3J0aWVyZW4=
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxFaW5nYWJlc2Now6RjaHRl
+attributeDisplayNames:: cG9ydE5hbWUsQW5zY2hsdXNz
+attributeDisplayNames:: bG9jYXRpb24sRHJ1Y2tlcnN0YW5kb3J0
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbGw=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS29tbWVudGFy
+attributeDisplayNames:: Y29udGFjdE5hbWUsS29udGFrdA==
+attributeDisplayNames:: YXNzZXROdW1iZXIsR2Vyw6R0ZW51bW1lcg==
+attributeDisplayNames:: dU5DTmFtZSxOZXR6d2Vya25hbWU=
+attributeDisplayNames:: Y24sVmVyemVpY2huaXNkaWVuc3RuYW1l
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Standort
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Einstellungen
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-Einstellungen
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-Replikatsatz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: RG9tw6RuZW5jb250cm9sbGVyZWluc3RlbGx1bmdlbg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Verbindung
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Subnetz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Organisationseinheit
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: managedBy,Verwaltet von
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: ou,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Container
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: VmVydHJhdXRlIERvbcOkbmU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQsQWJ0ZWlsdW5nIChwaG9uZXRpc2NoKSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZpcm1hIChwaG9uZXRpc2NoKSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLE5hY2huYW1lIChwaG9uZXRpc2NoKSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSxWb3JuYW1lIChwaG9uZXRpc2NoKSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEFuemVpZ2VuYW1lIChwaG9uZXRpc2NoKSwwLDEwMCww
+extraColumns:: cG9zdGFsQ29kZSxQTFosMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAtRS1NYWlsLUFkcmVzc2UsMCwxMzAsMA==
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsQmVudXR6ZXJhbm1lbGRlbmFtZSwwLDIwMCww
+extraColumns:: dGl0bGUsUG9zaXRpb24sMCwxMDAsMA==
+extraColumns:: dGFyZ2V0QWRkcmVzcyxaaWVsYWRyZXNzZSwwLDEwMCww
+extraColumns:: c3QsQnVuZGVzbGFuZC9LYW50b24sMCwxMDAsMA==
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQsO8cm8sMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQsR2XDpG5kZXJ0LDAsMTMwLDA=
+extraColumns:: c24sTmFjaG5hbWUsMCwxMDAsMA==
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsSW5zdGFudCBNZXNzYWdpbmctVVJMLDAsMTQwLDA=
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxJbnN0YW50IE1lc3NhZ2luZy1Ib21lc2VydmVyLDAsMTcwLDA=
+extraColumns:: Z2l2ZW5OYW1lLFZvcm5hbWUsMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixFeGNoYW5nZS1Qb3N0ZmFjaHNwZWljaGVyLDAsMTAwLDA=
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlLUFsaWFzLDAsMTc1LDA=
+extraColumns:: bWFpbCxFLU1haWwtQWRyZXNzZSwwLDEwMCww
+extraColumns:: c0FNQWNjb3VudE5hbWUsQW5tZWxkZW5hbWUgZsO8ciBQcsOkLVdpbmRvd3MgMjAwMCwwLDEyMCww
+extraColumns:: ZGlzcGxheU5hbWUsQW56ZWlnZW5hbWUsMCwxMDAsMA==
+extraColumns:: ZGVwYXJ0bWVudCxBYnRlaWx1bmcsMCwxNTAsMA==
+extraColumns:: YyxMYW5kL1JlZ2lvbiwwLC0xLDA=
+extraColumns:: Y29tcGFueSxGaXJtYSwwLDE1MCww
+extraColumns:: bCxPcnQsMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLFJ1Zm51bW1lciAoZ2VzY2jDpGZ0bGljaCksMCwxMDAsMA==
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: U3RhbmRvcnR2ZXJrbsO8cGZ1bmc=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: U3RhbmRvcnR2ZXJrbsO8cGZ1bmdzYnLDvGNrZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: U3RhbmRvcnTDvGJlcmdyZWlmZW5kZXIgVHJhbnNwb3J0
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Lizenzierungsstandorteinstellungen
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName: Standorteinstellungen
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-Mitglied
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-Abonnent
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-Abonnements
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: RPC-Dienste
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-Warteschlange
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-Konfiguration
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ-Unternehmen
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName: Aktualisierter MSMQ-Benutzer
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-Routingverbindung
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-Einstellungen
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: MSMQ-Warteschlangenalias
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Formatname
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: MSMQ-Gruppe
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames: member,Mitgliedswarteschlagen
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Remotespeicherdienst
+adminContextMenu: 0,&Verwalten...,RsAdmin.msc
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Standortcontainer
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U3RhbmRvcnTDvGJlcmdyZWlmZW5kZXIgVHJhbnNwb3J0Y29udGFpbmVy
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Subnetzcontainer
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Servercontainer
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeS1Eb23DpG5lbmRpZW5zdGU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Abfragerichtlinie
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Fremder Sicherheitsprinzipal
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Zertifikatsvorlage
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LExldHp0ZSBiZWthbm50ZSDDvGJlcmdlb3JkbmV0ZSBJbnN0YW56LDEsMzAwLDA=
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+attributeDisplayNames:: Y24sTmFtZQ==
+attributeDisplayNames:: YyxMYW5kZXNhYmvDvHJ6dW5n
+attributeDisplayNames:: Y28sTGFuZC9SZWdpb24=
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBYnRlaWx1bmc=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVzY2hyZWlidW5n
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxNaXRhcmJlaXRlcg==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsRGVmaW5pZXJ0ZXIgTmFtZQ==
+attributeDisplayNames:: ZGl2aXNpb24sSGF1cHRhYnRlaWx1bmc=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBcmJlaXRuZWhtZXJrZW5udW5n
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYW1lbnN6dXNhdHo=
+attributeDisplayNames:: Z2l2ZW5OYW1lLFZvcm5hbWU=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxCYXNpc29yZG5lcg==
+attributeDisplayNames:: aG9tZURyaXZlLEJhc2lzbGF1Zndlcms=
+attributeDisplayNames:: aG9tZVBob25lLFByaXZhdHJ1Zm51bW1lcg==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsUHJpdmF0YWRyZXNzZQ==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVu
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50bC4gSVNETi1OdW1tZXIgKEFuZGVyZSk=
+attributeDisplayNames:: aXBQaG9uZSxJUC1SdWZudW1tZXI=
+attributeDisplayNames:: bCxPcnQ=
+attributeDisplayNames:: bWFpbCxFLU1haWwtQWRyZXNzZQ==
+attributeDisplayNames:: bWFuYWdlcixWb3JnZXNldHp0ZShyKQ==
+attributeDisplayNames:: bWVtYmVyT2YsTWl0Z2xpZWQgdm9u
+attributeDisplayNames:: bWlkZGxlTmFtZSxad2VpdGVyIFZvcm5hbWU=
+attributeDisplayNames:: bW9iaWxlLE1vYmlsZnVua251bW1lcg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsQWJ0ZWlsdW5nIChwaG9uZXRpc2NoKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZpcm1hIChwaG9uZXRpc2NoKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEFuemVpZ2VuYW1lIChwaG9uZXRpc2NoKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLE5hY2huYW1lIChwaG9uZXRpc2NoKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxWb3JuYW1lIChwaG9uZXRpc2NoKQ==
+attributeDisplayNames:: aW5mbyxIaW53ZWlzZQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsUHJpdmF0ZSBSdWZudW1tZXIgKEFuZGVyZSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLVJ1Zm51bW1lciAoQW5kZXJlKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtTWFpbC1BZHJlc3NlIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWxmdW5rbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJQYWdlcixQYWdlcm51bW1lciAoQW5kZXJlKQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsUnVmbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: cGFnZXIsUGFnZXJudW1tZXI=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxBbnJlZGU=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQsO8cm8=
+attributeDisplayNames:: cG9zdGFsQ29kZSxQTFo=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0ZmFjaA==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGwuIElTRE4tTnVtbWVy
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4bnVtbWVy
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsQW5tZWxkZW5hbWUgKFByw6QtV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: c24sTmFjaG5hbWU=
+attributeDisplayNames:: c3QsQnVuZGVzbGFuZC9LYW50b24=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxTdHJhw59l
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFJ1Zm51bW1lcg==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhudW1tZXIgKEFuZGVyZSk=
+attributeDisplayNames:: dGl0bGUsUG9zaXRpb24=
+attributeDisplayNames:: dXJsLFdlYnNlaXRlbmFkcmVzc2UgKEFuZGVyZSk=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsQW56ZWlnZW5hbWU=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxBbm1lbGRlYXJiZWl0c3N0YXRpb25lbg==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsQW5tZWxkZW5hbWU=
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2Vic2VpdGVuYWRyZXNzZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Grupo IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: U2VydmnDp28gSW50ZWxsaU1pcnJvcg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Utilizador
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIGRlIFDDoWdpbmEgV2Vi
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBkZSBJbsOtY2lvIGRlIFNlc3PDo28=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxFc3Rhw6fDtWVzIGRlIFRyYWJhbGhvIGRlIEluw61jaW8gZGUgU2Vzc8Ojbw==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tZSBhIEFwcmVzZW50YXI=
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkZSBQw6FnaW5hIFdlYiAoT3V0cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTi7CuiBkZSBUZWxleCAoT3V0cm9zKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE4uwrogZGUgVGVsZWZvbmU=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxSdWE=
+attributeDisplayNames:: c3QsRGlzdHJpdG8=
+attributeDisplayNames:: c24sQXBlbGlkbw==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkZSBJbsOtY2lvIGRlIFNlc3PDo28gKHByw6ktV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE4uwrogZGUgVGVsZXg=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE4uwrogUkRJUyBJbnRlcm5hY2lvbmFs
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxBcGFydGFkbw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxDw7NkaWdvIFBvc3RhbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9jYWxpemHDp8OjbyBkbyBFc2NyaXTDs3Jpbw==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGFnZXIsTi7CuiBkZSBQYWdlcg==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTi7CuiBkZSBUZWxlZm9uZSAoT3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOLsK6IGRlIFBhZ2VyIChPdXRyb3Mp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTi7CuiBkZSBUZWxlbcOzdmVsIChPdXRyb3Mp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVuZGVyZcOnbyBkZSBDb3JyZWlvIEVsZWN0csOzbmljbyAoT3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLE4uwrogZGUgVGVsZWZvbmUgSVAgKE91dHJvcyk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTi7CuiBUZWxlZm9uZSBkYSBSZXNpZMOqbmNpYSAoT3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTi7CuiBkZSBGYXggKE91dHJvcyk=
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uw6l0aWNhIGRvIERlcGFydGFtZW50bw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbsOpdGljYSBkbyBOb21lIGRhIEVtcHJlc2E=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbsOpdGljYSBkbyBOb21lIGEgQXByZXNlbnRhcg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEZvbsOpdGljYSBkbyBBcGVsaWRv
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxGb27DqXRpY2EgZG8gTm9tZSBQcsOzcHJpbw==
+attributeDisplayNames:: bW9iaWxlLE4uwrogZGUgVGVsZW3Ds3ZlbA==
+attributeDisplayNames:: bWlkZGxlTmFtZSxPdXRybyBOb21l
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJvIERl
+attributeDisplayNames:: bWFuYWdlcixHZXN0b3I=
+attributeDisplayNames:: bWFpbCxFbmRlcmXDp28gZGUgQ29ycmVpbyBFbGVjdHLDs25pY28=
+attributeDisplayNames:: bCxMb2NhbGlkYWRl
+attributeDisplayNames:: aXBQaG9uZSxOLsK6IGRlIFRlbGVmb25lIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTi7CuiBSRElTIEludGVybmFjaW9uYWwgKE91dHJvcyk=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhaXM=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRW5kZXJlw6dvIGRhIFJlc2lkw6puY2lh
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25lIGRhIFJlc2lkw6puY2lh
+attributeDisplayNames:: aG9tZURyaXZlLFVuaWRhZGUgUmFpeg==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxQYXN0YSBSYWl6
+attributeDisplayNames:: Z2l2ZW5OYW1lLE5vbWUgUHLDs3ByaW8=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpeG8gR2VyYWNpb25hbA==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgRmF4
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJRCBkbyBGdW5jaW9uw6FyaW8=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXPDo28=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSDDmm5pY28=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxDb2xhYm9yYWRvcmVzIERpcmVjdG9z
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: Y29tcGFueSxFbXByZXNh
+attributeDisplayNames:: Y29tbWVudCxDb21lbnTDoXJpbw==
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkZSBQYcOtcw==
+attributeDisplayNames:: Y24sTm9tZQ==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Grupo
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIGRlIFDDoWdpbmEgV2Vi
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkZSBQw6FnaW5hIFdlYiAoT3V0cm9zKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkZSBHcnVwbyAocHLDqS1XaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9jYWxpemHDp8OjbyBkbyBFc2NyaXTDs3Jpbw==
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbsOpdGljYSBkbyBOb21lIGEgQXByZXNlbnRhcg==
+attributeDisplayNames:: bWVtYmVyLE1lbWJyb3M=
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmlkbyBQb3I=
+attributeDisplayNames:: bCxMb2NhbGlkYWRl
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSDDmm5pY28=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkZSBQYcOtcw==
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9tw61uaW8=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: ZGMsTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contacto
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIGRlIFDDoWdpbmEgV2Vi
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkZSBQw6FnaW5hIFdlYiAoT3V0cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTi7CuiBkZSBUZWxleCAoT3V0cm9zKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE4uwrogZGUgVGVsZWZvbmU=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxSdWE=
+attributeDisplayNames:: c3QsRGlzdHJpdG8=
+attributeDisplayNames:: c24sQXBlbGlkbw==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE4uwrogZGUgVGVsZXg=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE4uwrogUkRJUyBJbnRlcm5hY2lvbmFs
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxBcGFydGFkbw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxDw7NkaWdvIFBvc3RhbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9jYWxpemHDp8OjbyBkbyBFc2NyaXTDs3Jpbw==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGFnZXIsTi7CuiBkZSBQYWdlcg==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTi7CuiBkZSBUZWxlZm9uZSAoT3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOLsK6IGRlIFBhZ2VyIChPdXRyb3Mp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTi7CuiBkZSBUZWxlbcOzdmVsIChPdXRyb3Mp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVuZGVyZcOnbyBkZSBDb3JyZWlvIEVsZWN0csOzbmljbyAoT3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLE4uwrogZGUgVGVsZWZvbmUgSVAgKE91dHJvcyk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTi7CuiBUZWxlZm9uZSBkYSBSZXNpZMOqbmNpYSAoT3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTi7CuiBkZSBGYXggKE91dHJvcyk=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uw6l0aWNhIGRvIERlcGFydGFtZW50bw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbsOpdGljYSBkbyBOb21lIGRhIEVtcHJlc2E=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbsOpdGljYSBkbyBOb21lIGEgQXByZXNlbnRhcg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEZvbsOpdGljYSBkbyBBcGVsaWRv
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxGb27DqXRpY2EgZG8gTm9tZSBQcsOzcHJpbw==
+attributeDisplayNames:: bW9iaWxlLE4uwrogZGUgVGVsZW3Ds3ZlbA==
+attributeDisplayNames:: bWlkZGxlTmFtZSxPdXRybyBOb21l
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJvIERl
+attributeDisplayNames:: bWFuYWdlcixHZXN0b3I=
+attributeDisplayNames:: bWFpbCxFbmRlcmXDp28gZGUgQ29ycmVpbyBFbGVjdHLDs25pY28=
+attributeDisplayNames:: bCxMb2NhbGlkYWRl
+attributeDisplayNames:: aXBQaG9uZSxOLsK6IGRlIFRlbGVmb25lIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTi7CuiBSRElTIEludGVybmFjaW9uYWwgKE91dHJvcyk=
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhaXM=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRW5kZXJlw6dvIGRhIFJlc2lkw6puY2lh
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25lIGRhIFJlc2lkw6puY2lh
+attributeDisplayNames:: Z2l2ZW5OYW1lLE5vbWUgUHLDs3ByaW8=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpeG8gR2VyYWNpb25hbA==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgRmF4
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJRCBkbyBGdW5jaW9uw6FyaW8=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXPDo28=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSDDmm5pY28=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tZSBhIEFwcmVzZW50YXI=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxDb2xhYm9yYWRvcmVzIERpcmVjdG9z
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: Y29tcGFueSxFbXByZXNh
+attributeDisplayNames:: Y29tbWVudCxDb21lbnTDoXJpbw==
+attributeDisplayNames:: Y24sTm9tZQ==
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkZSBQYcOtcw==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: UG9sw610aWNhIGRlIERvbcOtbmlv
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: UG9sw610aWNhIExvY2Fs
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Pasta partilhada
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxDYW1pbmhvIGRlIFJlZGU=
+attributeDisplayNames:: a2V5d29yZHMsUGFsYXZyYXMtY2hhdmU=
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmlkbyBQb3I=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U2VydmnDp28=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Computador
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbsOpdGljYSBkbyBOb21lIGEgQXByZXNlbnRhcg==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkZSBjb21wdXRhZG9yIChwcsOpLVdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixWZXJzw6NvIGRlIFNpc3RlbWEgT3BlcmF0aXZv
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLFNpc3RlbWEgT3BlcmF0aXZv
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmlkbyBQb3I=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Impressora
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixWZXJzw6NvIGRvIE9iamVjdG8=
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkZSBQw6FnaW5hIFdlYg==
+attributeDisplayNames:: c2VydmVyTmFtZSxOb21lIGRvIFNlcnZpZG9y
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxTdXBvcnRhIEFncmFmYW1lbnRv
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTm9tZSBkYSBQYXJ0aWxoYQ==
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxQw6FnaW5hcyBwb3IgTWludXRv
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxVbmlkYWRlcyBkZSBWZWxvY2lkYWRl
+attributeDisplayNames:: cHJpbnRSYXRlLFZlbG9jaWRhZGU=
+attributeDisplayNames:: cHJpbnRPd25lcixOb21lIGRvIFByb3ByaWV0w6FyaW8=
+attributeDisplayNames:: cHJpbnRNZW1vcnksTWVtw7NyaWEgSW5zdGFsYWRh
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxUaXBvcyBkZSBQYXBlbCBTdXBvcnRhZG9z
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFBhcGVsIERpc3BvbsOtdmVs
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLFJlc29sdcOnw6NvIE3DoXhpbWE=
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxJZGlvbWEgZGEgSW1wcmVzc29yYQ==
+attributeDisplayNames:: cHJpbnRlck5hbWUsTm9tZQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsU3Vwb3J0YSBJbXByZXNzw6NvIEZyZW50ZSBlIFZlcnNv
+attributeDisplayNames:: cHJpbnRDb2xvcixTdXBvcnRhIEltcHJlc3PDo28gYSBDb3Jlcw==
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFN1cG9ydGEgQWdydXBhbWVudG8=
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxUYWJ1bGVpcm9zIGRlIEVudHJhZGE=
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydGE=
+attributeDisplayNames:: bG9jYXRpb24sTG9jYWxpemHDp8Ojbw==
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQ29tZW50w6FyaW8=
+attributeDisplayNames:: Y29udGFjdE5hbWUsQ29udGFjdG8=
+attributeDisplayNames:: YXNzZXROdW1iZXIsTi7CuiBkZSBSZWN1cnNv
+attributeDisplayNames:: dU5DTmFtZSxOb21lIGRhIFJlZGU=
+attributeDisplayNames:: Y24sTm9tZSBkZSBTZXJ2acOnbyBkZSBEaXJlY3TDs3Jpbw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Site
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Servidor
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: RGVmaW5pw6fDtWVz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RGVmaW5pw6fDtWVzIGRlIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: Q29uanVudG8gZGUgUsOpcGxpY2FzIGRlIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: RGVmaW5pw6fDtWVzIGRvIENvbnRyb2xhZG9yIGRlIERvbcOtbmlv
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: TGlnYcOnw6Nv
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Sub-rede
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Unidade Organizacional
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmlkbyBQb3I=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: b3UsTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contentor
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RG9tw61uaW8gRmlkZWRpZ25v
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uw6l0aWNhIGRvIERlcGFydGFtZW50bywwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbsOpdGljYSBkbyBOb21lIGRhIEVtcHJlc2EsMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLEZvbsOpdGljYSBkbyBBcGVsaWRvLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSxGb27DqXRpY2EgZG8gTm9tZSBQcsOzcHJpbywwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbsOpdGljYSBkbyBOb21lIGEgQXByZXNlbnRhciwwLDEwMCww
+extraColumns:: cG9zdGFsQ29kZSxDw7NkaWdvIFBvc3RhbCwwLDEwMCww
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsRW5kZXJlw6dvIGRlIENvcnJlaW8gRWxlY3Ryw7NuaWNvIFguNDAwLDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBkZSBJbsOtY2lvIGRlIFNlc3PDo28gZGUgVXRpbGl6YWRvciwwLDIwMCww
+extraColumns:: dGl0bGUsQ2FyZ28sMCwxMDAsMA==
+extraColumns:: dGFyZ2V0QWRkcmVzcyxFbmRlcmXDp28gZGUgRGVzdGlubywwLDEwMCww
+extraColumns:: c3QsRXN0YWRvLDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsRXNjcml0w7NyaW8sMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQsTW9kaWZpY2FkbywwLDEzMCww
+extraColumns:: c24sQXBlbGlkbywwLDEwMCww
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMIGRlIEluc3RhbnQgTWVzc2FnaW5nLDAsMTQwLDA=
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxTZXJ2aWRvciBQcmltw6FyaW8gZGUgSW5zdGFudCBNZXNzYWdpbmcsMCwxNzAsMA==
+extraColumns:: Z2l2ZW5OYW1lLE5vbWUgUHLDs3ByaW8sMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixBcnF1aXZvIGRhIENhaXhhcyBkZSBDb3JyZWlvIGRvIEV4Y2hhbmdlLDAsMTAwLDA=
+extraColumns:: bWFpbE5pY2tuYW1lLEFsaWFzIGRvIEV4Y2hhbmdlLDAsMTc1LDA=
+extraColumns:: bWFpbCxFbmRlcmXDp28gZGUgQ29ycmVpbyBFbGVjdHLDs25pY28sMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsTm9tZSBkZSBJbsOtY2lvIGRlIFNlc3PDo28gUHLDqS1XaW5kb3dzIDIwMDAsMCwxMjAsMA==
+extraColumns:: ZGlzcGxheU5hbWUsTm9tZSBhIEFwcmVzZW50YXIsMCwxMDAsMA==
+extraColumns:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8sMCwxNTAsMA==
+extraColumns:: YyxQYcOtcywwLC0xLDA=
+extraColumns:: Y29tcGFueSxFbXByZXNhLDAsMTUwLDA=
+extraColumns:: bCxMb2NhbGlkYWRlLDAsMTUwLDA=
+extraColumns:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25lIGRhIEVtcHJlc2EsMCwxMDAsMA==
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: TGlnYcOnw6NvIGVudHJlIExvY2Fpcw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: QnJpZGdlIGRlIExpZ2HDp8OjbyBlbnRyZSBMb2NhaXM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Transporte entre Locais
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: RGVmaW5pw6fDtWVzIGRlIExvY2FpcyBkZSBMaWNlbmNpYW1lbnRv
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: RGVmaW5pw6fDtWVzIGRlIExvY2Fpcw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Membro de FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Subscritor de FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: U3Vic2NyacOnw7VlcyBkZSBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: U2VydmnDp29zIGRlIFJQQw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: Fila MSMQ
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: Q29uZmlndXJhw6fDo28gTVNNUQ==
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: Empresa MSMQ
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: VXRpbGl6YWRvciBjb20gQWN0dWFsaXphw6fDo28gTVNNUQ==
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TGlnYcOnw6NvIGRlIEVuY2FtaW5oYW1lbnRvIE1TTVE=
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: RGVmaW5pw6fDtWVzIE1TTVE=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: Alias de Fila MSMQ
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSxOb21lIGRvIEZvcm1hdG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: Grupo MSMQ
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLEZpbGFzIGRlIE1lbWJyb3M=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2VydmnDp28gZGUgQXJtYXplbmFtZW50byBSZW1vdG8=
+adminContextMenu: 0,&Gerir...,RsAdmin.msc
+attributeDisplayNames: cn,Nome
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contentor de Locais
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contentor de Transportes entre Locais
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contentor de Sub-redes
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contentor de Servidores
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2VydmnDp29zIGRlIERvbcOtbmlvIGRvIEFjdGl2ZSBEaXJlY3RvcnkgKEFEIERTKQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: UG9sw610aWNhIGRlIENvbnN1bHRh
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: UHJpbmNpcGFsIGRlIFNlZ3VyYW7Dp2EgRXh0ZXJuYQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Modelo de Certificado
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LMOabHRpbW8gUHJpbmNpcGFsIENvbmhlY2lkbywxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+attributeDisplayNames:: Y24sTm9tZQ==
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkZSBQYcOtcw==
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: Y29tbWVudCxDb21lbnTDoXJpbw==
+attributeDisplayNames:: Y29tcGFueSxFbXByZXNh
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxDb2xhYm9yYWRvcmVzIERpcmVjdG9z
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSDDmm5pY28=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXPDo28=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJRCBkbyBGdW5jaW9uw6FyaW8=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgRmF4
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpeG8gR2VyYWNpb25hbA==
+attributeDisplayNames:: Z2l2ZW5OYW1lLE5vbWUgUHLDs3ByaW8=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxQYXN0YSBSYWl6
+attributeDisplayNames:: aG9tZURyaXZlLFVuaWRhZGUgUmFpeg==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25lIGRhIFJlc2lkw6puY2lh
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRW5kZXJlw6dvIGRhIFJlc2lkw6puY2lh
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhaXM=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTi7CuiBSRElTIEludGVybmFjaW9uYWwgKE91dHJvcyk=
+attributeDisplayNames:: aXBQaG9uZSxOLsK6IGRlIFRlbGVmb25lIElQ
+attributeDisplayNames:: bCxMb2NhbGlkYWRl
+attributeDisplayNames:: bWFpbCxFbmRlcmXDp28gZGUgQ29ycmVpbyBFbGVjdHLDs25pY28=
+attributeDisplayNames:: bWFuYWdlcixHZXN0b3I=
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJvIERl
+attributeDisplayNames:: bWlkZGxlTmFtZSxPdXRybyBOb21l
+attributeDisplayNames:: bW9iaWxlLE4uwrogZGUgVGVsZW3Ds3ZlbA==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uw6l0aWNhIGRvIERlcGFydGFtZW50bw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbsOpdGljYSBkbyBOb21lIGRhIEVtcHJlc2E=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbsOpdGljYSBkbyBOb21lIGEgQXByZXNlbnRhcg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEZvbsOpdGljYSBkbyBBcGVsaWRv
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxGb27DqXRpY2EgZG8gTm9tZSBQcsOzcHJpbw==
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTi7CuiBkZSBGYXggKE91dHJvcyk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbmUgZGEgUmVzaWTDqm5jaWEgKE91dHJvcyk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLE4uwrogZGUgVGVsZWZvbmUgSVAgKE91dHJvcyk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVuZGVyZcOnbyBkZSBDb3JyZWlvIEVsZWN0csOzbmljbyAoT3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTi7CuiBkZSBUZWxlbcOzdmVsIChPdXRyb3Mp
+attributeDisplayNames:: b3RoZXJQYWdlcixOLsK6IGRlIFBhZ2VyIChPdXRyb3Mp
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTi7CuiBkZSBUZWxlZm9uZSAoT3V0cm9zKQ==
+attributeDisplayNames:: cGFnZXIsTi7CuiBkZSBQYWdlcg==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9jYWxpemHDp8OjbyBkbyBFc2NyaXTDs3Jpbw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxDw7NkaWdvIFBvc3RhbA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxBcGFydGFkbw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE4uwrogUkRJUyBJbnRlcm5hY2lvbmFs
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE4uwrogZGUgVGVsZXg=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkZSBJbsOtY2lvIGRlIFNlc3PDo28gKHByw6ktV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: c24sQXBlbGlkbw==
+attributeDisplayNames:: c3QsRGlzdHJpdG8=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxSdWE=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE4uwrogZGUgVGVsZWZvbmU=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTi7CuiBkZSBUZWxleCAoT3V0cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkZSBQw6FnaW5hIFdlYiAoT3V0cm9zKQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tZSBhIEFwcmVzZW50YXI=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxFc3Rhw6fDtWVzIGRlIFRyYWJhbGhvIGRlIEluw61jaW8gZGUgU2Vzc8Ojbw==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBkZSBJbsOtY2lvIGRlIFNlc3PDo28=
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIGRlIFDDoWdpbmEgV2Vi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: 16fXkdeV16bXqiBJbnRlbGxpTWlycm9y
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: 16nXmdeo15XXqiBJbnRlbGxpTWlycm9y
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 157Xqdeq157XqQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us15vXqteV15HXqiDXk9ejINeQ15nXoNeY16jXoNeY
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs16nXnSDXnNeb16DXmdeh15Q=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzXqteX16DXldeqINei15HXldeT15Qg15zXm9eg15nXodeU
+attributeDisplayNames:: ZGlzcGxheU5hbWUs16nXnSDXnNeq16bXldeS15Q=
+attributeDisplayNames:: dXJsLNeb16rXldeR16og15PXoyDXkNeZ16DXmNeo16DXmCAo15DXl9eo15nXnSk=
+attributeDisplayNames:: dGl0bGUs16rXpNen15nXkw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIs157Xodek16gg15jXnNen16EgKNeQ15fXqNeZ150p
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNee16HXpNeoINeY15zXpNeV158=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzXqNeX15XXkQ==
+attributeDisplayNames:: c3Qs157Xk9eZ16DXlC/XnteX15XXlg==
+attributeDisplayNames:: c24s16nXnSDXntep16TXl9eU
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs16nXnSDXnNeb16DXmdeh15QgKNec16TXoNeZIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNee16HXpNeoINeY15zXp9eh
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNee16HXpNeoIElTRE4g15HXmdeg15zXkNeV157XmQ==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzXqteQINeT15XXkNeo
+attributeDisplayNames:: cG9zdGFsQ29kZSzXnteZ16fXldeT
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs157Xmden15XXnSDXlNee16nXqNeT
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzXqteV15DXqA==
+attributeDisplayNames:: cGFnZXIs157Xodek16gg15bXmdee15XXoNeZ16o=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs157Xodek16gg15jXnNek15XXnyAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJQYWdlcizXnteh16TXqCDXlteZ157Xldeg15nXqiAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs157Xodek16gg15jXnNek15XXnyDXoNeZ15nXkyAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNeb16rXldeR16og15PXldeQ16gt15DXnNen15jXqNeV16DXmSAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLNee16HXpNeoINeY15zXpNeV158gSVAgKNeQ15fXqNeZ150p
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs157Xodek16gg15jXnNek15XXnyDXkdeR15nXqiAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs157Xodek16gg16TXp9ehICjXkNeX16jXmdedKQ==
+attributeDisplayNames:: aW5mbyzXlNei16jXldeq
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs157Xl9ec16fXlCDXpNeV16DXmNeZ16o=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLNep150g15fXkdeo15Qg16TXldeg15jXmQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLNep150g16rXpteV15LXlCDXpNeV16DXmNeZ
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLNep150g157Xqdek15fXlCDXpNeV16DXmNeZ
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzXqdedINek16jXmNeZINek15XXoNeY15k=
+attributeDisplayNames:: bW9iaWxlLNee16HXpNeoINeY15zXpNeV158g16DXmdeZ15M=
+attributeDisplayNames:: bWlkZGxlTmFtZSzXqdedINeQ157Xptei15k=
+attributeDisplayNames:: bWVtYmVyT2Ys15fXkdeoINeRLQ==
+attributeDisplayNames:: bWFuYWdlcizXnteg15TXnA==
+attributeDisplayNames:: bWFpbCzXm9eq15XXkdeqINeT15XXkNeoLdeQ15zXp9eY16jXldeg15k=
+attributeDisplayNames:: bCzXoteZ16g=
+attributeDisplayNames:: aXBQaG9uZSzXnteh16TXqCDXmNec16TXldefIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs157Xodek16ggSVNETiDXkdeZ16DXnNeQ15XXnteZICjXkNeX16jXmdedKQ==
+attributeDisplayNames:: aW5pdGlhbHMs16jXkNep15kg16rXmdeR15XXqg==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms15vXqteV15HXqiDXlNeR15nXqg==
+attributeDisplayNames:: aG9tZVBob25lLNeY15zXpNeV158g15HXkdeZ16o=
+attributeDisplayNames:: aG9tZURyaXZlLNeb15XXoNefINeU15HXmdeq
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzXqteZ16fXmdeZ16og15TXkdeZ16o=
+attributeDisplayNames:: Z2l2ZW5OYW1lLNep150g16TXqNeY15k=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizXodeZ15XXnteqINeU15PXldeo
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNee16HXpNeoINek16fXoQ==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzXlteZ15TXldeZINei15XXkdeT
+attributeDisplayNames:: ZGl2aXNpb24s157Xl9ec16fXlA==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs16nXnSDXmdeZ15fXldeT15k=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzXk9eZ15XXldeXINeZ16nXmdeo
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: ZGVwYXJ0bWVudCzXnteX15zXp9eU
+attributeDisplayNames:: Y29tcGFueSzXl9eR16jXlA==
+attributeDisplayNames:: Y29tbWVudCzXlNei16jXldeq
+attributeDisplayNames:: Y28s15DXqNel
+attributeDisplayNames:: YyzXqNeQ16nXmSDXqteZ15HXldeqINeU15DXqNel
+attributeDisplayNames:: Y24s16nXnQ==
+attributeDisplayNames:: YXNzaXN0YW50LNee16HXmdeZ16I=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 16fXkdeV16bXlA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us15vXqteV15HXqiDXk9ejINeQ15nXoNeY16jXoNeY
+attributeDisplayNames:: dXJsLNeb16rXldeR16og15PXoyDXkNeZ16DXmNeo16DXmCAo15DXl9eo15nXnSk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs16nXnSDXp9eR15XXpteUICjXnNek16DXmSBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs157Xmden15XXnSDXlNee16nXqNeT
+attributeDisplayNames:: aW5mbyzXlNei16jXldeq
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLNep150g16rXpteV15LXlCDXpNeV16DXmNeZ
+attributeDisplayNames:: bWVtYmVyLNeX15HXqNeZ150=
+attributeDisplayNames:: bWFuYWdlZEJ5LNee16DXlNec
+attributeDisplayNames:: bCzXoteZ16g=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs16nXnSDXmdeZ15fXldeT15k=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: YyzXqNeQ16nXmSDXqteZ15HXldeqINeU15DXqNel
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 16fXkdeV16bXqiDXnteX16nXkdeZ150=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: ZGMs16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 15DXmdepINen16nXqA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us15vXqteV15HXqiDXk9ejINeQ15nXoNeY16jXoNeY
+attributeDisplayNames:: dXJsLNeb16rXldeR16og15PXoyDXkNeZ16DXmNeo16DXmCAo15DXl9eo15nXnSk=
+attributeDisplayNames:: dGl0bGUs16rXpNen15nXkw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIs157Xodek16gg15jXnNen16EgKNeQ15fXqNeZ150p
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNee16HXpNeoINeY15zXpNeV158=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzXqNeX15XXkQ==
+attributeDisplayNames:: c3Qs157Xk9eZ16DXlC/XnteX15XXlg==
+attributeDisplayNames:: c24s16nXnSDXntep16TXl9eU
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNee16HXpNeoINeY15zXp9eh
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNee16HXpNeoIElTRE4g15HXmdeg15zXkNeV157XmQ==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzXqteQINeT15XXkNeo
+attributeDisplayNames:: cG9zdGFsQ29kZSzXnteZ16fXldeT
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs157Xmden15XXnSDXlNee16nXqNeT
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzXqteV15DXqA==
+attributeDisplayNames:: cGFnZXIs157Xodek16gg15bXmdee15XXoNeZ16o=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs157Xodek16gg15jXnNek15XXnyAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJQYWdlcizXnteh16TXqCDXlteZ157Xldeg15nXqiAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs157Xodek16gg15jXnNek15XXnyDXoNeZ15nXkyAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNeb16rXldeR16og15PXldeQ16gt15DXnNen15jXqNeV16DXmSAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLNee16HXpNeoINeY15zXpNeV158gSVAgKNeQ15fXqNeZ150p
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs157Xodek16gg15jXnNek15XXnyDXkdeR15nXqiAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs157Xodek16gg16TXp9ehICjXkNeX16jXmdedKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs157Xl9ec16fXlCDXpNeV16DXmNeZ16o=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLNep150g15fXkdeo15Qg16TXldeg15jXmQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLNep150g16rXpteV15LXlCDXpNeV16DXmNeZ
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLNep150g157Xqdek15fXlCDXpNeV16DXmNeZ
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzXqdedINek16jXmNeZINek15XXoNeY15k=
+attributeDisplayNames:: bW9iaWxlLNee16HXpNeoINeY15zXpNeV158g16DXmdeZ15M=
+attributeDisplayNames:: bWlkZGxlTmFtZSzXqdedINeQ157Xptei15k=
+attributeDisplayNames:: bWVtYmVyT2Ys15fXkdeoINeRLQ==
+attributeDisplayNames:: bWFuYWdlcizXnteg15TXnA==
+attributeDisplayNames:: bWFpbCzXm9eq15XXkdeqINeT15XXkNeoLdeQ15zXp9eY16jXldeg15k=
+attributeDisplayNames:: bCzXoteZ16g=
+attributeDisplayNames:: aXBQaG9uZSzXnteh16TXqCDXmNec16TXldefIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs157Xodek16ggSVNETiDXkdeZ16DXnNeQ15XXnteZICjXkNeX16jXmdedKQ==
+attributeDisplayNames:: aW5mbyzXlNei16jXldeq
+attributeDisplayNames:: aW5pdGlhbHMs16jXkNep15kg16rXmdeR15XXqg==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms15vXqteV15HXqiDXlNeR15nXqg==
+attributeDisplayNames:: aG9tZVBob25lLNeY15zXpNeV158g15HXkdeZ16o=
+attributeDisplayNames:: Z2l2ZW5OYW1lLNep150g16TXqNeY15k=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizXodeZ15XXnteqINeU15PXldeo
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNee16HXpNeoINek16fXoQ==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzXlteZ15TXldeZINei15XXkdeT
+attributeDisplayNames:: ZGl2aXNpb24s157Xl9ec16fXlA==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs16nXnSDXmdeZ15fXldeT15k=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs16nXnSDXnNeq16bXldeS15Q=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzXk9eZ15XXldeXINeZ16nXmdeo
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: ZGVwYXJ0bWVudCzXnteX15zXp9eU
+attributeDisplayNames:: Y29tcGFueSzXl9eR16jXlA==
+attributeDisplayNames:: Y29tbWVudCzXlNei16jXldeq
+attributeDisplayNames:: Y24s16nXnQ==
+attributeDisplayNames:: Y28s15DXqNel
+attributeDisplayNames:: YyzXqNeQ16nXmSDXqteZ15HXldeqINeU15DXqNel
+attributeDisplayNames:: YXNzaXN0YW50LNee16HXmdeZ16I=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 157Xk9eZ16DXmdeV16og16fXkdeV16bXqiDXnteX16nXkdeZ150=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 157Xk9eZ16DXmdeV16og157Xp9eV157Xmdeq
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 16rXmden15nXmdeUINee16nXldeq16TXqg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSzXoNeq15nXkSDXlNeo16nXqg==
+attributeDisplayNames:: a2V5d29yZHMs157Xmdec15XXqiDXntek16rXlw==
+attributeDisplayNames:: bWFuYWdlZEJ5LNee16DXlNec
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 16nXmdeo15XXqg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 157Xl9ep15E=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLNep150g16rXpteV15LXlCDXpNeV16DXmNeZ
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs16nXnSDXnteX16nXkSAo15zXpNeg15kgV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizXkteZ16jXodeqINee16LXqNeb16og15TXpNei15zXlA==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLNee16LXqNeb16og15TXpNei15zXlA==
+attributeDisplayNames:: bWFuYWdlZEJ5LNee16DXlNec
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 157Xk9ek16HXqg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcizXkteZ16jXodeqINeU15DXldeR15nXmden15g=
+attributeDisplayNames:: dXJsLNeb16rXldeR16og15PXoyDXkNeZ16DXmNeo16DXmA==
+attributeDisplayNames:: c2VydmVyTmFtZSzXqdedINeU16nXqNeq
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzXqtee15nXm9eUINeR15TXmdeT15XXpw==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUs16nXnSDXntep15XXqtej
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzXk9ek15nXnSDXkdeT16fXlA==
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzXmdeX15nXk9eV16og157XlNeZ16jXldeq
+attributeDisplayNames:: cHJpbnRSYXRlLNee15TXmdeo15XXqg==
+attributeDisplayNames:: cHJpbnRPd25lcizXqdedINeR16LXnNeZ150=
+attributeDisplayNames:: cHJpbnRNZW1vcnks15bXmdeb16jXldefINee15XXqten158=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzXodeV15LXmSDXoNeZ15nXqCDXoNeq157Xm9eZ150=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LNeg15nXmdeoINeW157Xmdef
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLNeo15bXldec15XXpteZ15Qg157XqNeR15nXqg==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSzXqdek16og15TXnteT16TXodeq
+attributeDisplayNames:: cHJpbnRlck5hbWUs16nXnQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQs16rXnteZ15vXlCDXkdeU15PXpNeh15Qg15PXlS3XpteT15PXmdeq
+attributeDisplayNames:: cHJpbnRDb2xvcizXqtee15nXm9eUINeR15TXk9ek16HXqiDXpteR16I=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLNeq157Xmdeb15Qg15HXkNeZ16HXldej
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzXnteS16nXmSDXp9ec15g=
+attributeDisplayNames:: cG9ydE5hbWUs15nXpteZ15DXlA==
+attributeDisplayNames:: bG9jYXRpb24s157Xmden15XXnQ==
+attributeDisplayNames:: ZHJpdmVyTmFtZSzXnteV15PXnA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s15TXoteo15XXqg==
+attributeDisplayNames:: Y29udGFjdE5hbWUs15DXmdepINen16nXqA==
+attributeDisplayNames:: YXNzZXROdW1iZXIs157Xodek16gg16DXm9eh
+attributeDisplayNames:: dU5DTmFtZSzXqdedINeo16nXqg==
+attributeDisplayNames:: Y24s16nXnSDXqdeZ16jXldeqINeh16TXqNeZ15nXlA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 15DXqteo
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 16nXqNeq
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 15TXkteT16jXldeq
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 15TXkteT16jXldeqIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 16LXqNeb16og16LXldeq16fXmdedINee16nXldeb16TXnNeZ150g16nXnCBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 15TXkteT16jXldeqINeR16fXqCDXp9eR15XXpteqINee15fXqdeR15nXnQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 15fXmdeR15XXqA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 16jXqdeqINee16nXoNeZ16ogU3VibmV0
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 15nXl9eZ15PXlCDXkNeo15LXldeg15nXqg==
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LNee16DXlNec
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: b3Us16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 15LXldeo150g157Xm9eZ15w=
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 16fXkdeV16bXqiDXnteX16nXkdeZ150g15DXnteZ16DXlA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQs157Xl9ec16fXlCDXpNeV16DXmNeZ16osMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLNep150g15fXkdeo15Qg16TXldeg15jXmSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLNep150g157Xqdek15fXlCDXpNeV16DXmNeZLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSzXqdedINek16jXmNeZINek15XXoNeY15ksMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLNep150g16rXpteV15LXlCDXpNeV16DXmNeZLDAsMTAwLDA=
+extraColumns:: cG9zdGFsQ29kZSzXnteZ16fXldeTLDAsMTAwLDA=
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3Ms15vXqteV15HXqiDXk9eV15DXqCDXkNec16fXmNeo15XXoNeZINep15wgWC40MDAsMCwxMzAsMA==
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUs16nXnSDXm9eg15nXodeUINep15wg15TXntep16rXntepLDAsMjAwLDA=
+extraColumns:: dGl0bGUs16rXpNen15nXkywwLDEwMCww
+extraColumns:: dGFyZ2V0QWRkcmVzcyzXm9eq15XXkdeqINeZ16LXkywwLDEwMCww
+extraColumns:: c3Qs15DXlteV16gsMCwxMDAsMA==
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs157Xqdeo15MsMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQs16nXldeg15QsMCwxMzAsMA==
+extraColumns:: c24s16nXnSDXntep16TXl9eULDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkws15vXqteV15HXqiBVUkwg16nXnCDXnteh16jXmdedINee15nXk9eZ15nXnSwwLDE0MCww
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCzXqdeo16og16jXkNep15kg16nXnCDXnteh16jXmdedINee15nXmdeT15nXmdedLDAsMTcwLDA=
+extraColumns:: Z2l2ZW5OYW1lLNep150g16TXqNeY15ksMCwxMDAsMA==
+extraColumns:: aG9tZU1EQizXnteQ15LXqCDXqteZ15HXqiDXlNeT15XXkNeoINep15wgRXhjaGFuZ2UsMCwxMDAsMA==
+extraColumns:: bWFpbE5pY2tuYW1lLNeb15nXoNeV15kgRXhjaGFuZ2UsMCwxNzUsMA==
+extraColumns:: bWFpbCzXm9eq15XXkdeqINeT15XXkNeoLdeQ15zXp9eY16jXldeg15ksMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUs16nXnSDXm9eg15nXodeUINep15zXpNeg15kgV2luZG93cyAyMDAwLDAsMTIwLDA=
+extraColumns:: ZGlzcGxheU5hbWUs16nXnSDXnNeq16bXldeS15QsMCwxMDAsMA==
+extraColumns:: ZGVwYXJ0bWVudCzXnteX15zXp9eULDAsMTUwLDA=
+extraColumns:: YyzXkNeo16UsMCwtMSww
+extraColumns:: Y29tcGFueSzXl9eR16jXlCwwLDE1MCww
+extraColumns:: bCzXoteZ16gsMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLNeY15zXpNeV158g15HXoteR15XXk9eULDAsMTAwLDA=
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 16fXmdep15XXqCDXnNeQ16rXqA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 15LXqdeoINen15nXqdeV16gg15zXkNeq16g=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 16rXoteR15XXqNeUINeR15nXny3XkNeq16jXmded
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 16jXqdeZ15XXnyDXnNeU15LXk9eo15XXqiDXkNeq16g=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: 15TXkteT16jXldeqINeQ16rXqA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 15fXkdeoIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 157XoNeV15kgRlJT
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 157XoNeV15nXmdedINecLUZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 16nXmdeo15XXqteZIFJQQw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: 16rXldeoIE1TTVE=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: 16rXpteV16jXqiBNU01R
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: 15DXqNeS15XXnyBNU01R
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: 157Xqdeq157XqSDXntep15XXk9eo15Ig15EtTVNNUQ==
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: 16fXmdep15XXqCDXnteg16rXkSBNU01R
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: 15TXkteT16jXldeqIE1TTVE=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: 15vXmdeg15XXmSDXqteV16ggTVNNUQ==
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSzXqdedINeq15HXoNeZ16o=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: 16fXkdeV16bXqiBNU01R
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLNeq15XXqNeZINeX15HXqNeZ150=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 16nXmdeo15XXqiDXkNeZ15fXodeV158g157XqNeV15fXpw==
+adminContextMenu:: MCwm16DXmdeU15XXnC4uLixSc0FkbWluLm1zYw==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 15LXldeo150g157Xm9eZ15wg16nXnCDXkNeq16jXmded
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 15LXldeo150g157Xm9eZ15wg16nXnCDXntei15HXldeo15Qg15HXmdefLdeQ16rXqNeZ150=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 15LXldeo150g157Xm9eZ15wg16nXnCDXqNep16rXldeqINee16nXoNeUIChTdWJuZXRzKQ==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 15LXldeo150g157Xm9eZ15wg16nXnCDXqdeo16rXmded
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Active Directory Domain Services
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 157Xk9eZ16DXmdeV16og16nXkNeZ15zXqteU
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 16fXqNefINeR15jXl9eV16DXldeqINeW16jXmded
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: 16rXkdeg15nXqiDXkNeZ16nXldeo
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LNeQ15Eg15nXk9eV16Ig15DXl9eo15XXnywxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LNee16HXmdeZ16I=
+attributeDisplayNames:: Y24s16nXnQ==
+attributeDisplayNames:: YyzXqNeQ16nXmSDXqteZ15HXldeqINeU15DXqNel
+attributeDisplayNames:: Y28s15DXqNel
+attributeDisplayNames:: Y29tbWVudCzXlNei16jXldeq
+attributeDisplayNames:: Y29tcGFueSzXl9eR16jXlA==
+attributeDisplayNames:: ZGVwYXJ0bWVudCzXnteX15zXp9eU
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzXk9eZ15XXldeXINeZ16nXmdeo
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs16nXnSDXmdeZ15fXldeT15k=
+attributeDisplayNames:: ZGl2aXNpb24s157Xl9ec16fXlA==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzXlteZ15TXldeZINei15XXkdeT
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNee16HXpNeoINek16fXoQ==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizXodeZ15XXnteqINeU15PXldeo
+attributeDisplayNames:: Z2l2ZW5OYW1lLNep150g16TXqNeY15k=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzXqteZ16fXmdeZ16og15TXkdeZ16o=
+attributeDisplayNames:: aG9tZURyaXZlLNeb15XXoNefINeU15HXmdeq
+attributeDisplayNames:: aG9tZVBob25lLNeY15zXpNeV158g15HXkdeZ16o=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms15vXqteV15HXqiDXlNeR15nXqg==
+attributeDisplayNames:: aW5pdGlhbHMs16jXkNep15kg16rXmdeR15XXqg==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs157Xodek16ggSVNETiDXkdeZ16DXnNeQ15XXnteZICjXkNeX16jXmdedKQ==
+attributeDisplayNames:: aXBQaG9uZSzXnteh16TXqCDXmNec16TXldefIElQ
+attributeDisplayNames:: bCzXoteZ16g=
+attributeDisplayNames:: bWFpbCzXm9eq15XXkdeqINeT15XXkNeoLdeQ15zXp9eY16jXldeg15k=
+attributeDisplayNames:: bWFuYWdlcizXnteg15TXnA==
+attributeDisplayNames:: bWVtYmVyT2Ys15fXkdeoINeRLQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSzXqdedINeQ157Xptei15k=
+attributeDisplayNames:: bW9iaWxlLNee16HXpNeoINeY15zXpNeV158g16DXmdeZ15M=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs157Xl9ec16fXlCDXpNeV16DXmNeZ16o=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLNep150g15fXkdeo15Qg16TXldeg15jXmQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLNep150g16rXpteV15LXlCDXpNeV16DXmNeZ
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLNep150g157Xqdek15fXlCDXpNeV16DXmNeZ
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzXqdedINek16jXmNeZINek15XXoNeY15k=
+attributeDisplayNames:: aW5mbyzXlNei16jXldeq
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs157Xodek16gg16TXp9ehICjXkNeX16jXmdedKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs15jXnNek15XXnyDXkdeR15nXqiAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLNee16HXpNeoINeY15zXpNeV158gSVAgKNeQ15fXqNeZ150p
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNeb16rXldeR16og15PXldeQ16gt15DXnNen15jXqNeV16DXmSAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs157Xodek16gg15jXnNek15XXnyDXoNeZ15nXkyAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJQYWdlcizXnteh16TXqCDXlteZ157Xldeg15nXqiAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs157Xodek16gg15jXnNek15XXnyAo15DXl9eo15nXnSk=
+attributeDisplayNames:: cGFnZXIs157Xodek16gg15bXmdee15XXoNeZ16o=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzXqteV15DXqA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs157Xmden15XXnSDXlNee16nXqNeT
+attributeDisplayNames:: cG9zdGFsQ29kZSzXnteZ16fXldeT
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzXqteQINeT15XXkNeo
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNee16HXpNeoIElTRE4g15HXmdeg15zXkNeV157XmQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNee16HXpNeoINeY15zXp9eh
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs16nXnSDXnNeb16DXmdeh15QgKNec16TXoNeZIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: c24s16nXnSDXntep16TXl9eU
+attributeDisplayNames:: c3Qs157Xk9eZ16DXlC/XnteX15XXlg==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzXqNeX15XXkQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNee16HXpNeoINeY15zXpNeV158=
+attributeDisplayNames:: dGVsZXhOdW1iZXIs157Xodek16gg15jXnNen16EgKNeQ15fXqNeZ150p
+attributeDisplayNames:: dGl0bGUs16rXpNen15nXkw==
+attributeDisplayNames:: dXJsLNeb16rXldeR16og15PXoyDXkNeZ16DXmNeo16DXmCAo15DXl9eo15nXnSk=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs16nXnSDXnNeq16bXldeS15Q=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzXqteX16DXldeqINei15HXldeT15Qg15zXm9eg15nXodeU
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs16nXnSDXnNeb16DXmdeh15Q=
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us15vXqteV15HXqiDXk9ejINeQ15nXoNeY16jXoNeY
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvciDnvqTntYQ=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvciDmnI3li5k=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5L2/55So6ICF
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us57ay5Z2A
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs55m75YWl5ZCN56ix
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyznmbvlhaXlt6XkvZznq5k=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs6aGv56S65ZCN56ix
+attributeDisplayNames:: dXJsLOe2suWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: dGl0bGUs5bel5L2c6IG356ix
+attributeDisplayNames:: dGVsZXhOdW1iZXIs6Zu75YKz6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOmbu+ipseiZn+eivA==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzooZfpgZPlnLDlnYA=
+attributeDisplayNames:: c3Qs55yB
+attributeDisplayNames:: c24s5aeT5rCP
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs55m75YWl5ZCN56ixIChXaW5kb3dzIDIwMDAg5YmN54mIKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOmbu+WCs+iZn+eivA==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWci+mamyBJU0ROIOiZn+eivA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzpg7XmlL/kv6HnrrE=
+attributeDisplayNames:: cG9zdGFsQ29kZSzpg7XpgZ7ljYDomZ8=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs6L6m5YWs5Zyw6bue
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSznqLHorII=
+attributeDisplayNames:: cGFnZXIs5ZG85Y+r5Zmo6Jmf56K8
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJQYWdlcizlkbzlj6vlmajomZ/norwgKOWFtuS7lik=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs6KGM5YuV6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOmbu+WtkOmDteS7tuWcsOWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOmbu+ipseiZn+eivCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs5L2P5a6F6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs5YKz55yf6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: aW5mbyzms6jmhI/kuovpoIU=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs5rOo6Z+z5qiZ56S66YOo6ZaA
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLOazqOmfs+aomeekuuWFrOWPuOWQjeeosQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOazqOmfs+mhr+ekuuWQjeeosQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLOazqOmfs+aomeekuuWnk+awjw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzms6jpn7PmqJnnpLrlkI3lrZc=
+attributeDisplayNames:: bW9iaWxlLOihjOWLlembu+ipseiZn+eivA==
+attributeDisplayNames:: bWlkZGxlTmFtZSzkuK3plpPlkI3lrZc=
+attributeDisplayNames:: bWVtYmVyT2Ys6Zq45bGs5pa8
+attributeDisplayNames:: bWFuYWdlcizkuLvnrqE=
+attributeDisplayNames:: bWFpbCzpm7vlrZDpg7Xku7blnLDlnYA=
+attributeDisplayNames:: bCznuKMv5biC
+attributeDisplayNames:: aXBQaG9uZSxJUCDpm7voqbHomZ/norw=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5ZyL6ZqbIElTRE4g6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: aW5pdGlhbHMs57iu5a+r5ZCN
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms5L2P5a625Zyw5Z2A
+attributeDisplayNames:: aG9tZVBob25lLOS9j+Wuhembu+ipsQ==
+attributeDisplayNames:: aG9tZURyaXZlLOS4u+ebrumMhOejgeeinw==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzkuLvnm67pjITos4fmlpnlpL4=
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjeWtlw==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizkuJbopbLnqLHorII=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLOWCs+ecn+iZn+eivA==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzlk6Hlt6XorZjliKXnorw=
+attributeDisplayNames:: ZGl2aXNpb24s6JmV
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs5YiG6L6o5ZCN56ix
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXpg6jlsaw=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jploA=
+attributeDisplayNames:: Y29tcGFueSzlhazlj7g=
+attributeDisplayNames:: Y29tbWVudCzoqLvop6M=
+attributeDisplayNames:: Y28s5ZyL5a62KOWcsOWNgCk=
+attributeDisplayNames:: YyzlnIvlrrYo5Zyw5Y2AKee4ruWvqw==
+attributeDisplayNames:: Y24s5ZCN56ix
+attributeDisplayNames:: YXNzaXN0YW50LOWKqeeQhg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 576k57WE
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us57ay5Z2A
+attributeDisplayNames:: dXJsLOe2suWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs576k57WE5ZCN56ixIChXaW5kb3dzIDIwMDAg5YmN54mIKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs6L6m5YWs5Zyw6bue
+attributeDisplayNames:: aW5mbyzms6jmhI/kuovpoIU=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOazqOmfs+mhr+ekuuWQjeeosQ==
+attributeDisplayNames:: bWVtYmVyLOaIkOWToQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: bCznuKMv5biC
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs5YiG6L6o5ZCN56ix
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: YyzlnIvlrrYo5Zyw5Y2AKee4ruWvqw==
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 57ay5Z+f
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGMs5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 6YCj57Wh5Lq6
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us57ay5Z2A
+attributeDisplayNames:: dXJsLOe2suWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: dGl0bGUs5bel5L2c6IG356ix
+attributeDisplayNames:: dGVsZXhOdW1iZXIs6Zu75YKz6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOmbu+ipseiZn+eivA==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzooZfpgZPlnLDlnYA=
+attributeDisplayNames:: c3Qs55yB
+attributeDisplayNames:: c24s5aeT5rCP
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOmbu+WCs+iZn+eivA==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWci+mamyBJU0ROIOiZn+eivA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzpg7XmlL/kv6HnrrE=
+attributeDisplayNames:: cG9zdGFsQ29kZSzpg7XpgZ7ljYDomZ8=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs6L6m5YWs5Zyw6bue
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSznqLHorII=
+attributeDisplayNames:: cGFnZXIs5ZG85Y+r5Zmo6Jmf56K8
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJQYWdlcizlkbzlj6vlmajomZ/norwgKOWFtuS7lik=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs6KGM5YuV6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOmbu+WtkOmDteS7tuWcsOWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOmbu+ipseiZn+eivCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs5L2P5a6F6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs5YKz55yf6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs5rOo6Z+z5qiZ56S66YOo6ZaA
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLOazqOmfs+aomeekuuWFrOWPuOWQjeeosQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOazqOmfs+mhr+ekuuWQjeeosQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLOazqOmfs+aomeekuuWnk+awjw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzms6jpn7PmqJnnpLrlkI3lrZc=
+attributeDisplayNames:: bW9iaWxlLOihjOWLlembu+ipseiZn+eivA==
+attributeDisplayNames:: bWlkZGxlTmFtZSzkuK3plpPlkI3lrZc=
+attributeDisplayNames:: bWVtYmVyT2Ys6Zq45bGs5pa8
+attributeDisplayNames:: bWFuYWdlcizkuLvnrqE=
+attributeDisplayNames:: bWFpbCzpm7vlrZDpg7Xku7blnLDlnYA=
+attributeDisplayNames:: bCznuKMv5biC
+attributeDisplayNames:: aXBQaG9uZSxJUCDpm7voqbHomZ/norw=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5ZyL6ZqbIElTRE4g6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: aW5mbyzms6jmhI/kuovpoIU=
+attributeDisplayNames:: aW5pdGlhbHMs57iu5a+r5ZCN
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms5L2P5a625Zyw5Z2A
+attributeDisplayNames:: aG9tZVBob25lLOS9j+Wuhembu+ipsQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjeWtlw==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizkuJbopbLnqLHorII=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLOWCs+ecn+iZn+eivA==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzlk6Hlt6XorZjliKXnorw=
+attributeDisplayNames:: ZGl2aXNpb24s6JmV
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs5YiG6L6o5ZCN56ix
+attributeDisplayNames:: ZGlzcGxheU5hbWUs6aGv56S65ZCN56ix
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXpg6jlsaw=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jploA=
+attributeDisplayNames:: Y29tcGFueSzlhazlj7g=
+attributeDisplayNames:: Y29tbWVudCzoqLvop6M=
+attributeDisplayNames:: Y24s5ZCN56ix
+attributeDisplayNames:: Y28s5ZyL5a62KOWcsOWNgCk=
+attributeDisplayNames:: YyzlnIvlrrYo5Zyw5Y2AKee4ruWvqw==
+attributeDisplayNames:: YXNzaXN0YW50LOWKqeeQhg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 57ay5Z+f5Y6f5YmH
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5pys5qmf5Y6f5YmH
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5YWx55So6LOH5paZ5aS+
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSzntrLot6/ot6/lvpE=
+attributeDisplayNames:: a2V5d29yZHMs6Zec6Y215a2X
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5pyN5YuZ
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 6Zu76IWm
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOazqOmfs+mhr+ekuuWQjeeosQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs6Zu76IWm5ZCN56ixIChXaW5kb3dzIDIwMDAg5YmN54mIKQ==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizkvZzmpa3ns7vntbHniYjmnKw=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLOS9nOalreezu+e1sQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5Y2w6KGo5qmf
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlciznianku7bniYjmnKw=
+attributeDisplayNames:: dXJsLOe2suWdgA==
+attributeDisplayNames:: c2VydmVyTmFtZSzkvLrmnI3lmajlkI3nqLE=
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzmlK/mj7Too53oqII=
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUs5YWx55So5ZCN56ix
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzpoIEv5YiG6ZCY
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzpgJ/luqbllq7kvY0=
+attributeDisplayNames:: cHJpbnRSYXRlLOmAn+W6pg==
+attributeDisplayNames:: cHJpbnRPd25lcizmk4HmnInogIXlkI3nqLE=
+attributeDisplayNames:: cHJpbnRNZW1vcnks5bey5a6J6KOd55qE6KiY5oa26auU
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzmlK/mj7TnmoTntJnlvLXpoZ7lnos=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LOWPr+S9v+eUqOe0meW8tQ==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLOacgOWkp+ino+aekOW6pg==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSzljbDooajmqZ/oqp7oqIA=
+attributeDisplayNames:: cHJpbnRlck5hbWUs5ZCN56ix
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQs5pSv5o+06ZuZ6Z2i5YiX5Y2w
+attributeDisplayNames:: cHJpbnRDb2xvcizmlK/mj7TlvanoibLliJfljbA=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLOaUr+aPtOagoeWwjQ==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzpgIHntJnljKM=
+attributeDisplayNames:: cG9ydE5hbWUs6YCj5o6l5Z+g
+attributeDisplayNames:: bG9jYXRpb24s5L2N572u
+attributeDisplayNames:: ZHJpdmVyTmFtZSzlnovomZ8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Ki76Kej
+attributeDisplayNames:: Y29udGFjdE5hbWUs6YCj57Wh5Lq6
+attributeDisplayNames:: YXNzZXROdW1iZXIs6LOH55Si57eo6Jmf
+attributeDisplayNames:: dU5DTmFtZSzntrLot6/lkI3nqLE=
+attributeDisplayNames:: Y24s55uu6YyE5pyN5YuZ5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 56uZ5Y+w
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 5Ly65pyN5Zmo
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 6Kit5a6a5YC8
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOioreWumuWAvA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOikh+Wvq+e1hA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 57ay5Z+f5o6n5Yi256uZ6Kit5a6a
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 6YCj57ea
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 5a2Q57ay6Lev
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 57WE57mU5Zau5L2N
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: b3Us5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5a655Y2A
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 5Y+X5L+h5Lu755qE57ay5Z+f
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQs5rOo6Z+z5qiZ56S66YOo6ZaALDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLOazqOmfs+aomeekuuWFrOWPuOWQjeeosSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLOazqOmfs+aomeekuuWnk+awjywwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSzms6jpn7PmqJnnpLrlkI3lrZcsMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOazqOmfs+mhr+ekuuWQjeeosSwwLDEwMCww
+extraColumns:: cG9zdGFsQ29kZSzpg7XpgZ7ljYDomZ8sMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAg6Zu75a2Q6YO15Lu25Zyw5Z2ALDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUs5L2/55So6ICF55m75YWl5ZCN56ixLDAsMjAwLDA=
+extraColumns:: dGl0bGUs5bel5L2c6IG356ixLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyznm67mqJnkvY3lnYAsMCwxMDAsMA==
+extraColumns:: c3Qs55yBLDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs6L6m5YWs5a6kLDAsMTAwLDA=
+extraColumns:: d2hlbkNoYW5nZWQs5L+u5pS55pel5pyfLDAsMTMwLDA=
+extraColumns:: c24s5aeT5rCPLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkws56uL5Y2z6KiK5oGvIFVSTCwwLDE0MCww
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCznq4vljbPoqIrmga/kuLvkvLrmnI3lmagsMCwxNzAsMA==
+extraColumns:: Z2l2ZW5OYW1lLOWQjeWtlywwLDEwMCww
+extraColumns:: aG9tZU1EQixFeGNoYW5nZSDkv6HnrrHlrZjmlL7ljYAsMCwxMDAsMA==
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlIOWIpeWQjSwwLDE3NSww
+extraColumns:: bWFpbCzpm7vlrZDpg7Xku7blnLDlnYAsMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsV2luZG93cyAyMDAwIOWJjeeJiOeZu+WFpeWQjeeosSwwLDEyMCww
+extraColumns:: ZGlzcGxheU5hbWUs6aGv56S65ZCN56ixLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCzpg6jploAsMCwxNTAsMA==
+extraColumns:: YyzlnIvlrrYo5Zyw5Y2AKSwwLC0xLDA=
+extraColumns:: Y29tcGFueSzlhazlj7gsMCwxNTAsMA==
+extraColumns:: bCznuKMv5biCLDAsMTUwLDA=
+extraColumns:: dGVsZXBob25lTnVtYmVyLOWFrOWPuOmbu+ipsSwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 57ay56uZ6YCj57WQ
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 57ay56uZ6YCj57WQ5qmL5o6l5Zmo
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 56uZ5Y+w6ZaT5YKz6Ly4
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 5o6I5qyK57ay56uZ6Kit5a6a5YC8
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: 56uZ5Y+w6Kit5a6a5YC8
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOaIkOWToQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOioguaItg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOiogumWsQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UlBDIOacjeWLmQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDkvYfliJc=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDntYTmhYs=
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ Enterprise
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUSDljYfntJrkvb/nlKjogIU=
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDot6/nlLHpgKPntZA=
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDoqK3lrprlgLw=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUSDot6/nlLHliKXlkI0=
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSzmoLzlvI/lkI3nqLE=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: TVNNUSDnvqTntYQ=
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLOaIkOWToeS9h+WIlw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 6YGg56uv5a2Y5pS+5pyN5YuZ
+adminContextMenu:: MCznrqHnkIYoJk0pLi4uLFJzQWRtaW4ubXNj
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 57ay56uZ5a655Y2A
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 56uZ5Y+w6ZaT5YKz6Ly45a655Y2A
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 5a2Q57ay6Lev5a655Y2A
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 5Ly65pyN5Zmo5a655Y2A
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeSDntrLln5/mnI3li5k=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 5p+l6Kmi5Y6f5YmH
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 5aSW6YOo5a6J5YWo5oCn5Y6f5YmH
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: 5oaR6K2J56+E5pys
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LOS4iuasoeW3suefpeeItuezuywxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LOWKqeeQhg==
+attributeDisplayNames:: Y24s5ZCN56ix
+attributeDisplayNames:: YyzlnIvlrrYo5Zyw5Y2AKee4ruWvqw==
+attributeDisplayNames:: Y28s5ZyL5a62KOWcsOWNgCk=
+attributeDisplayNames:: Y29tbWVudCzoqLvop6M=
+attributeDisplayNames:: Y29tcGFueSzlhazlj7g=
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jploA=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXpg6jlsaw=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs5YiG6L6o5ZCN56ix
+attributeDisplayNames:: ZGl2aXNpb24s6JmV
+attributeDisplayNames:: ZW1wbG95ZWVJRCzlk6Hlt6XorZjliKXnorw=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLOWCs+ecn+iZn+eivA==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizkuJbopbLnqLHorII=
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjeWtlw==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzkuLvnm67pjITos4fmlpnlpL4=
+attributeDisplayNames:: aG9tZURyaXZlLOS4u+ebrumMhOejgeeinw==
+attributeDisplayNames:: aG9tZVBob25lLOS9j+Wuhembu+ipsQ==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms5L2P5a625Zyw5Z2A
+attributeDisplayNames:: aW5pdGlhbHMs57iu5a+r5ZCN
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5ZyL6ZqbIElTRE4g6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: aXBQaG9uZSxJUCDpm7voqbHomZ/norw=
+attributeDisplayNames:: bCznuKMv5biC
+attributeDisplayNames:: bWFpbCzpm7vlrZDpg7Xku7blnLDlnYA=
+attributeDisplayNames:: bWFuYWdlcizkuLvnrqE=
+attributeDisplayNames:: bWVtYmVyT2Ys6Zq45bGs5pa8
+attributeDisplayNames:: bWlkZGxlTmFtZSzkuK3plpPlkI3lrZc=
+attributeDisplayNames:: bW9iaWxlLOihjOWLlembu+ipseiZn+eivA==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs5rOo6Z+z5qiZ56S66YOo6ZaA
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLOazqOmfs+aomeekuuWFrOWPuOWQjeeosQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOazqOmfs+mhr+ekuuWQjeeosQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLOazqOmfs+aomeekuuWnk+awjw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzms6jpn7PmqJnnpLrlkI3lrZc=
+attributeDisplayNames:: aW5mbyzms6jmhI/kuovpoIU=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs5YKz55yf6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs5L2P5a6F6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOmbu+ipseiZn+eivCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOmbu+WtkOmDteS7tuWcsOWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUs6KGM5YuV6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJQYWdlcizlkbzlj6vlmajomZ/norwgKOWFtuS7lik=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: cGFnZXIs5ZG85Y+r5Zmo6Jmf56K8
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSznqLHorII=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs6L6m5YWs5Zyw6bue
+attributeDisplayNames:: cG9zdGFsQ29kZSzpg7XpgZ7ljYDomZ8=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzpg7XmlL/kv6HnrrE=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWci+mamyBJU0ROIOiZn+eivA==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOmbu+WCs+iZn+eivA==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs55m75YWl5ZCN56ixIChXaW5kb3dzIDIwMDAg5YmN54mIKQ==
+attributeDisplayNames:: c24s5aeT5rCP
+attributeDisplayNames:: c3Qs55yB
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzooZfpgZPlnLDlnYA=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOmbu+ipseiZn+eivA==
+attributeDisplayNames:: dGVsZXhOdW1iZXIs6Zu75YKz6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: dGl0bGUs5bel5L2c6IG356ix
+attributeDisplayNames:: dXJsLOe2suWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUs6aGv56S65ZCN56ix
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyznmbvlhaXlt6XkvZznq5k=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs55m75YWl5ZCN56ix
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us57ay5Z2A
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror-gruppe
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror-tjeneste
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Bruker
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViLWFkcmVzc2U=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsUMOlbG9nZ2luZ3NuYXZu
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxBcmJlaWRzc3Rhc2pvbmVyIHNvbSBrYW4gbG9nZ2VzIHDDpQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzbmluZ3NuYXZu
+attributeDisplayNames:: dXJsLEFkcmVzc2UgdGlsIFdlYi1zaWRlIChhbmRyZSk=
+attributeDisplayNames:: dGl0bGUsU3RpbGxpbmc=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzbnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxHYXRlYWRyZXNzZQ==
+attributeDisplayNames:: c3QsRGVsc3RhdC9yZWdpb24=
+attributeDisplayNames:: c24sRXR0ZXJuYXZu
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsUMOlbG9nZ2luZ3NuYXZuIChwcmUtV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrc251bW1lcg==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGVybmFzam9uYWx0IElTRE4tbnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0Ym9rcw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9y
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXR0ZWw=
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O4a2VybnVtbWVy
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm51bW1lciAoYW5kcmUp
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7hrZXJudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtcG9zdGFkcmVzc2UgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgcHJpdmF0IChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsVGVsZWZha3NudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: aW5mbyxNZXJrbmFkZXI=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsQXZkZWxpbmcsIGZvbmV0aXNr
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZpcm1hbmF2biwgZm9uZXRpc2s=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLFZpc25pbmdzbmF2biwgZm9uZXRpc2s=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEV0dGVybmF2biwgZm9uZXRpc2s=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxGb3JuYXZuLCBmb25ldGlzaw==
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsb21uYXZu
+attributeDisplayNames:: bWVtYmVyT2YsTWVkbGVtIGF2
+attributeDisplayNames:: bWFuYWdlcixMZWRlcg==
+attributeDisplayNames:: bWFpbCxFLXBvc3RhZHJlc3Nl
+attributeDisplayNames:: bCxQb3N0c3RlZA==
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50ZXJuYXNqb25hbHQgSVNETi1udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: aW5pdGlhbHMsRm9yYm9rc3RhdmVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsUHJpdmF0YWRyZXNzZQ==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24sIHByaXZhdA==
+attributeDisplayNames:: aG9tZURyaXZlLEhqZW1tZXN0YXNqb24=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxIamVtbWVtYXBwZQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEZvcm5hdm4=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixHZW5lcmFzam9uc3N1ZmZpa3M=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLFRlbGVmYWtzbnVtbWVy
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnNhdHQtSUQ=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNqb24=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsVW5pa3QgbmF2bg==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEaXJla3RlIHVuZGVyb3JkbmVkZQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBdmRlbGluZw==
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kc2ZvcmtvcnRlbHNl
+attributeDisplayNames:: Y24sTmF2bg==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Gruppe
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: wWWHomePage,Web-adresse
+attributeDisplayNames: url,Adresse til Web-side (andre)
+attributeDisplayNames: samAccountName,Gruppenavn (pre-Windows 2000)
+attributeDisplayNames: physicalDeliveryOfficeName,Kontor
+attributeDisplayNames: info,Merknader
+attributeDisplayNames: mSDS-PhoneticDisplayName,Visningsnavn, fonetisk
+attributeDisplayNames: member,Medlemmer
+attributeDisplayNames: managedBy,Behandles av
+attributeDisplayNames: l,Poststed
+attributeDisplayNames: distinguishedName,Unikt navn
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: c,Landsforkortelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Domene
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: dc,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Kontakt
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViLWFkcmVzc2U=
+attributeDisplayNames:: dXJsLEFkcmVzc2UgdGlsIFdlYi1zaWRlIChhbmRyZSk=
+attributeDisplayNames:: dGl0bGUsU3RpbGxpbmc=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzbnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxHYXRlYWRyZXNzZQ==
+attributeDisplayNames:: c3QsRGVsc3RhdC9yZWdpb24=
+attributeDisplayNames:: c24sRXR0ZXJuYXZu
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrc251bW1lcg==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGVybmFzam9uYWx0IElTRE4tbnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0Ym9rcw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9y
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXR0ZWw=
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O4a2VybnVtbWVy
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm51bW1lciAoYW5kcmUp
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7hrZXJudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtcG9zdGFkcmVzc2UgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgcHJpdmF0IChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsVGVsZWZha3NudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsQXZkZWxpbmcsIGZvbmV0aXNr
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZpcm1hbmF2biwgZm9uZXRpc2s=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLFZpc25pbmdzbmF2biwgZm9uZXRpc2s=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEV0dGVybmF2biwgZm9uZXRpc2s=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxGb3JuYXZuLCBmb25ldGlzaw==
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsb21uYXZu
+attributeDisplayNames:: bWVtYmVyT2YsTWVkbGVtIGF2
+attributeDisplayNames:: bWFuYWdlcixMZWRlcg==
+attributeDisplayNames:: bWFpbCxFLXBvc3RhZHJlc3Nl
+attributeDisplayNames:: bCxQb3N0c3RlZA==
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50ZXJuYXNqb25hbHQgSVNETi1udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: aW5mbyxNZXJrbmFkZXI=
+attributeDisplayNames:: aW5pdGlhbHMsRm9yYm9rc3RhdmVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsUHJpdmF0YWRyZXNzZQ==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24sIHByaXZhdA==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEZvcm5hdm4=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixHZW5lcmFzam9uc3N1ZmZpa3M=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLFRlbGVmYWtzbnVtbWVy
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnNhdHQtSUQ=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNqb24=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsVW5pa3QgbmF2bg==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzbmluZ3NuYXZu
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEaXJla3RlIHVuZGVyb3JkbmVkZQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBdmRlbGluZw==
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y24sTmF2bg==
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kc2ZvcmtvcnRlbHNl
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Domenepolicy
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Lokal policy
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Delt mappe
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxOZXR0dmVya3NiYW5l
+attributeDisplayNames:: a2V5d29yZHMsTsO4a2tlbG9yZA==
+attributeDisplayNames:: bWFuYWdlZEJ5LEJlaGFuZGxlcyBhdg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: Y24sTmF2bg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Tjeneste
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Datamaskin
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: MSDS-PhoneticDisplayName,Visningsnavn, fonetisk
+attributeDisplayNames: samAccountName,Datamaskinnavn (pre-Windows 2000)
+attributeDisplayNames: operatingSystemVersion,Operativsystemversjon
+attributeDisplayNames: operatingSystem,Operativsystem
+attributeDisplayNames: managedBy,Behandles av
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Skriver
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixPYmpla3R2ZXJzam9u
+attributeDisplayNames:: dXJsLFdlYi1hZHJlc3Nl
+attributeDisplayNames:: c2VydmVyTmFtZSxTZXJ2ZXJuYXZu
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxTdMO4dHRlciBzdGlmdGluZw==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTmF2biBww6UgZGVsdCByZXNzdXJz
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxTaWRlciBwZXIgbWludXR0
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxIYXN0aWdoZXRzZW5oZXRlcg==
+attributeDisplayNames:: cHJpbnRSYXRlLEhhc3RpZ2hldA==
+attributeDisplayNames:: cHJpbnRPd25lcixFaWVybmF2bg==
+attributeDisplayNames:: cHJpbnRNZW1vcnksTWlubmUgaW5zdGFsbGVydA==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxTdMO4dHRlZGUgcGFwaXJ0eXBlcg==
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFRpbGdqZW5nZWxpZ2UgcGFwaXJ0eXBlcg==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLE1ha3NpbWFsIG9wcGzDuHNuaW5n
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxTa3JpdmVyc3Byw6Vr
+attributeDisplayNames:: cHJpbnRlck5hbWUsTmF2bg==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsU3TDuHR0ZXIgZG9iYmVsdHNpZGlnIHV0c2tyaWZ0
+attributeDisplayNames:: cHJpbnRDb2xvcixTdMO4dHRlciBmYXJnZXV0c2tyaWZ0
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFN0w7h0dGVyIHNvcnRlcmluZw==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxJbm5za3VmZmVy
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydA==
+attributeDisplayNames:: bG9jYXRpb24sUGxhc3NlcmluZw==
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbGw=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS29tbWVudGFy
+attributeDisplayNames:: Y29udGFjdE5hbWUsS29udGFrdA==
+attributeDisplayNames:: YXNzZXROdW1iZXIsR2plbnN0YW5kc251bW1lcg==
+attributeDisplayNames:: dU5DTmFtZSxOZXR0dmVya3NuYXZu
+attributeDisplayNames:: Y24sTmF2biBww6Uga2F0YWxvZ3RqZW5lc3Rl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: T21yw6VkZQ==
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Innstillinger
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-innstillinger
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-replikasett
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Innstillinger for domenekontroller
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Tilkobling
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Delnett
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Organisasjonsenhet
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: managedBy,Behandles av
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: ou,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Beholder
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Klarert domene
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQsQXZkZWxpbmcsIGZvbmV0aXNrLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZpcm1hbmF2biwgZm9uZXRpc2ssMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLEV0dGVybmF2biwgZm9uZXRpc2ssMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSxGb3JuYXZuLCBmb25ldGlzaywwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLFZpc25pbmdzbmF2biwgZm9uZXRpc2ssMCwxMDAsMA==
+extraColumns:: cG9zdGFsQ29kZSxQb3N0bnVtbWVyLDAsMTAwLDA=
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAtZS1wb3N0YWRyZXNzZSwwLDEzMCww
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsQnJ1a2VycMOlbG9nZ2luZ3NuYXZuLDAsMjAwLDA=
+extraColumns:: dGl0bGUsU3RpbGxpbmcsMCwxMDAsMA==
+extraColumns:: dGFyZ2V0QWRkcmVzcyxNw6VsYWRyZXNzZSwwLDEwMCww
+extraColumns:: c3QsVGlsc3RhbmQsMCwxMDAsMA==
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9yLDAsMTAwLDA=
+extraColumns:: d2hlbkNoYW5nZWQsRW5kcmV0LDAsMTMwLDA=
+extraColumns:: c24sRXR0ZXJuYXZuLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsV2ViLWFkcmVzc2UgZm9yIMO4eWVibGlra2VsaWdlIG1lbGRpbmdlciwwLDE0MCww
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxIamVtbWVzZXJ2ZXIgZm9yIMO4eWVibGlra2VsaWdlIG1lbGRpbmdlciwwLDE3MCww
+extraColumns:: Z2l2ZW5OYW1lLEZvcm5hdm4sMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixFeGNoYW5nZS1lLXBvc3RiZWhvbGRlciwwLDEwMCww
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlLWFsaWFzLDAsMTc1LDA=
+extraColumns:: bWFpbCxFLXBvc3RhZHJlc3NlLDAsMTAwLDA=
+extraColumns:: c0FNQWNjb3VudE5hbWUsUMOlbG9nZ2luZ3NuYXZuLCBwcmUtV2luZG93cyAyMDAwLDAsMTIwLDA=
+extraColumns:: ZGlzcGxheU5hbWUsVmlzbmluZ3NuYXZuLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCxBdmRlbGluZywwLDE1MCww
+extraColumns:: YyxMYW5kLDAsLTEsMA==
+extraColumns:: Y29tcGFueSxGaXJtYSwwLDE1MCww
+extraColumns:: bCxQb3N0c3RlZCwwLDE1MCww
+extraColumns:: dGVsZXBob25lTnVtYmVyLFRlbGVmb24sIGFyYmVpZCwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: T21yw6VkZWtvYmxpbmc=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: T21yw6VkZWtvYmxpbmdzYnJv
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: VHJhbnNwb3J0IG1lbGxvbSBvbXLDpWRlcg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: SW5uc3RpbGxpbmdlciBmb3IgbGlzZW5zaWVyaW5nc29tcsOlZGU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: T21yw6VkZWlubnN0aWxsaW5nZXI=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-medlem
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-abonnent
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-abonnement
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: RPC-tjenester
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUS1rw7g=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-konfigurasjon
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ-organisasjon
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName: MSMQ-oppgradert bruker
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-rutingskobling
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-innstillinger
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUS1rw7hhbGlhcw==
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Formater navn
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: MSMQ-gruppe
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLE1lZGxlbXNrw7hlcg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: Y24sTmF2bg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Ekstern lagringstjeneste
+adminContextMenu: 0,&Behandle...,RsAdmin.msc
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVob2xkZXIgZm9yIG9tcsOlZGVy
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVob2xkZXIgZm9yIHRyYW5zcG9ydGVyIG1lbGxvbSBvbXLDpWRlcg==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Beholder for delnett
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Beholder for servere
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Active Directory Domain Services
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U3DDuHJyaW5nc3BvbGljeQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Eksternt sikkerhetsobjekt
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Sertifikatmal
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns: lastKnownParent,Siste kjente overordnede,1,300,0
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+attributeDisplayNames:: Y24sTmF2bg==
+attributeDisplayNames:: YyxMYW5kc2ZvcmtvcnRlbHNl
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBdmRlbGluZw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEaXJla3RlIHVuZGVyb3JkbmVkZQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsVW5pa3QgbmF2bg==
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNqb24=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnNhdHQtSUQ=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLFRlbGVmYWtzbnVtbWVy
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixHZW5lcmFzam9uc3N1ZmZpa3M=
+attributeDisplayNames:: Z2l2ZW5OYW1lLEZvcm5hdm4=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxIamVtbWVtYXBwZQ==
+attributeDisplayNames:: aG9tZURyaXZlLEhqZW1tZXN0YXNqb24=
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24sIHByaXZhdA==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsUHJpdmF0YWRyZXNzZQ==
+attributeDisplayNames:: aW5pdGlhbHMsRm9yYm9rc3RhdmVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50ZXJuYXNqb25hbHQgSVNETi1udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: bCxQb3N0c3RlZA==
+attributeDisplayNames:: bWFpbCxFLXBvc3RhZHJlc3Nl
+attributeDisplayNames:: bWFuYWdlcixMZWRlcg==
+attributeDisplayNames:: bWVtYmVyT2YsTWVkbGVtIGF2
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsb21uYXZu
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsQXZkZWxpbmcsIGZvbmV0aXNr
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZpcm1hbmF2biwgZm9uZXRpc2s=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLFZpc25pbmdzbmF2biwgZm9uZXRpc2s=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEV0dGVybmF2biwgZm9uZXRpc2s=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxGb3JuYXZuLCBmb25ldGlzaw==
+attributeDisplayNames:: aW5mbyxNZXJrbmFkZXI=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsVGVsZWZha3NudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciAoYW5kcmUp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtcG9zdGFkcmVzc2UgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7hrZXJudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm51bW1lciAoYW5kcmUp
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O4a2VybnVtbWVy
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXR0ZWw=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9y
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0Ym9rcw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGVybmFzam9uYWx0IElTRE4tbnVtbWVy
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrc251bW1lcg==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsUMOlbG9nZ2luZ3NuYXZuIChwcmUtV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: c24sRXR0ZXJuYXZu
+attributeDisplayNames:: c3QsRGVsc3RhdC9yZWdpb24=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxHYXRlYWRyZXNzZQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzbnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: dGl0bGUsU3RpbGxpbmc=
+attributeDisplayNames:: dXJsLEFkcmVzc2UgdGlsIFdlYi1zaWRlIChhbmRyZSk=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzbmluZ3NuYXZu
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxBcmJlaWRzc3Rhc2pvbmVyIHNvbSBrYW4gbG9nZ2VzIHDDpQ==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsUMOlbG9nZ2luZ3NuYXZu
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViLWFkcmVzc2U=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: zp/OvM6szrTOsSBJbnRlbGxpTWlycm9y
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: zqXPgM63z4HOtc+Dzq/OsSBJbnRlbGxpTWlycm9y
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zqfPgc6uz4PPhM63z4I=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UszpTOuc61z43OuM+Fzr3Pg863IM65z4PPhM6/z4POtc67zq/OtM6xz4I=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUszozOvc6/zrzOsSDPg8+Nzr3OtM61z4POt8+C
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzOo8+EzrHOuM68zr/OryDOtc+BzrPOsc+Dzq/Osc+CIM+Dz43Ovc60zrXPg863z4I=
+attributeDisplayNames:: ZGlzcGxheU5hbWUszpXOvM+GzrHOvc65zrbPjM68zrXOvc6/IM+Mzr3Ov868zrE=
+attributeDisplayNames:: dXJsLM6UzrnOtc+NzrjPhc69z4POtyDOuc+Dz4TOv8+DzrXOu86vzrTOsc+CICjOhs67zrvOtc+CKQ==
+attributeDisplayNames:: dGl0bGUszqTOr8+EzrvOv8+CIM61z4HOs86xz4POr86xz4I=
+attributeDisplayNames:: dGVsZXhOdW1iZXIszpHPgc65zrjOvM+Mz4Igz4TOrc67zrXOviAozobOu867zr/OuSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+EzrfOu861z4bPjs69zr/PhQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzOlM65zrXPjc64z4XOvc+Dzrc=
+attributeDisplayNames:: c3Qszp3Ov868z4zPgg==
+attributeDisplayNames:: c24szpXPgM+Ozr3Phc68zr8=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUszozOvc6/zrzOsSDPg8+Nzr3OtM61z4POt8+CICjPgM+BzrnOvSDPhM6xIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+Ezq3Ou861zr4=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLM6UzrnOtc64zr3Ors+CIM6xz4HOuc64zrzPjM+CIElTRE4=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzOpM6xz4fPhc60z4HOv868zrnOus6uIM64z4XPgc6vzrTOsQ==
+attributeDisplayNames:: cG9zdGFsQ29kZSzOpM6xz4cuIM66z47OtM65zrrOsc+C
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUszqTOv8+Azr/OuM61z4POr86xIM6zz4HOsc+GzrXOr86/z4U=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzOpM6vz4TOu86/z4I=
+attributeDisplayNames:: cGFnZXIszpHPgc65zrjOvM+Mz4Igz4TOt867zrXOtc65zrTOv8+Azr/Or863z4POt8+C
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUszpHPgc65zrjOvM+Mz4Igz4TOt867zrXPhs+Ozr3Ov8+FICjOhs67zrvOv865KQ==
+attributeDisplayNames:: b3RoZXJQYWdlcizOkc+BzrnOuM68z4zPgiDPhM63zrvOtc61zrnOtM6/z4DOv86vzrfPg863z4IgKM6GzrvOu86/zrkp
+attributeDisplayNames:: b3RoZXJNb2JpbGUszpHPgc65zrjOvM+Mz4IgzrrOuc69zrfPhM6/z40gKM6GzrvOu86/zrkp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LM6UzrnOtc+NzrjPhc69z4POtyDOt867zrXOus+Ez4HOv869zrnOus6/z40gz4TOsc+Hz4XOtM+Bzr/OvM61zq/Ov8+FICjOhs67zrvOtc+CKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLM6Rz4HOuc64zrzPjM+CIM+EzrfOu861z4bPjs69zr/PhSBJUCAozobOu867zr/OuSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUszpHPgc65zrjOvM+Mz4Igz4TOt867zrXPhs+Ozr3Ov8+FIM6/zrnOus6vzrHPgiAozobOu867zr/OuSk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIszpHPgc65zrjOvM+Mz4Igz4bOsc6+ICjOhs67zrvOv865KQ==
+attributeDisplayNames:: aW5mbyzOo863zrzOtc65z47Pg861zrnPgg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQszqbPic69zrfPhM65zrrOriDOs8+BzrHPhs6uIM+EzrzOrs68zrHPhM6/z4I=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLM6mz4nOvc63z4TOuc66zq4gzrPPgc6xz4bOriDOtc+Az4nOvc+FzrzOr86xz4IgzrXPhM6xzrnPgc61zq/Osc+C
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLM6mz4nOvc63z4TOuc66zq4gzrPPgc6xz4bOriDOtc68z4bOsc69zrnOts+MzrzOtc69zr/PhSDOv869z4zOvM6xz4TOv8+C
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLM6mz4nOvc63z4TOuc66zq4gzrPPgc6xz4bOriDOtc+Az4nOvc+NzrzOv8+F
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzOps+Jzr3Ot8+EzrnOus6uIM6zz4HOsc+Gzq4gzr/Ovc+MzrzOsc+Ezr/Pgg==
+attributeDisplayNames:: bW9iaWxlLM6Rz4HOuc64zrzPjM+CIM66zrnOvc63z4TOv8+N
+attributeDisplayNames:: bWlkZGxlTmFtZSzOoM6xz4TPgc+Ozr3Phc68zr8=
+attributeDisplayNames:: bWVtYmVyT2YszpzOrc67zr/PgiDPhM6/z4U=
+attributeDisplayNames:: bWFuYWdlcizOpc+AzrXPjc64z4XOvc6/z4I=
+attributeDisplayNames:: bWFpbCzOlM65zrXPjc64z4XOvc+DzrcgzrfOu861zrrPhM+Bzr/Ovc65zrrOv8+NIM+EzrHPh8+FzrTPgc6/zrzOtc6vzr/PhQ==
+attributeDisplayNames:: bCzOoM+MzrvOtw==
+attributeDisplayNames:: aXBQaG9uZSzOkc+BzrnOuM68z4zPgiDPhM63zrvOtc+Gz47Ovc6/z4UgSVA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIszpTOuc61zrjOvc6uz4IgzrHPgc65zrjOvM+Mz4IgSVNETiAozobOu867zr/OuSk=
+attributeDisplayNames:: aW5pdGlhbHMszpHPgc+HzrnOus6s
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MszpTOuc61z43OuM+Fzr3Pg863IM6/zrnOus6vzrHPgg==
+attributeDisplayNames:: aG9tZVBob25lLM6kzrfOu86tz4bPic69zr8gzr/Ouc66zq/Osc+C
+attributeDisplayNames:: aG9tZURyaXZlLM6azrXOvc+Ez4HOuc66zq4gzrzOv869zqzOtM6xIM60zq/Pg866zr/PhQ==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzOms61zr3PhM+BzrnOus+Mz4Igz4bOrM66zrXOu86/z4I=
+attributeDisplayNames:: Z2l2ZW5OYW1lLM6Mzr3Ov868zrE=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizOlc+Azq/OuM63zrzOsSDOtM63zrzOuc6/z4XPgc6zzq/Osc+C
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+GzrHOvg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzOkc69zrHOs869z4nPgc65z4PPhM65zrrPjCDOtc+BzrPOsc62zr/OvM6tzr3Ov8+F
+attributeDisplayNames:: ZGl2aXNpb24szqTOv868zq3Osc+C
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUszpHPgM6/zrrOu861zrnPg8+EzrnOus+MIM+Mzr3Ov868zrE=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzOhs68zrXPg86xIM+Fz4DOtc+NzrjPhc69zr/OuQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: ZGVwYXJ0bWVudCzOpM68zq7OvM6x
+attributeDisplayNames:: Y29tcGFueSzOlc+EzrHOuc+BzrXOr86x
+attributeDisplayNames:: Y29tbWVudCzOo8+Hz4zOu865zr8=
+attributeDisplayNames:: Y28szqfPjs+BzrE=
+attributeDisplayNames:: YyzOo8+Fzr3PhM6/zrzOv86zz4HOsc+Gzq/OsSDPh8+Oz4HOsc+C
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+attributeDisplayNames:: YXNzaXN0YW50LM6Szr/Ot864z4zPgg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zp/OvM6szrTOsQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UszpTOuc61z43OuM+Fzr3Pg863IM65z4PPhM6/z4POtc67zq/OtM6xz4I=
+attributeDisplayNames:: dXJsLM6UzrnOtc+NzrjPhc69z4POtyDOuc+Dz4TOv8+DzrXOu86vzrTOsc+CICjOhs67zrvOtc+CKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUszozOvc6/zrzOsSDOv868zqzOtM6xz4IgKM+Az4HOuc69IM+EzrEgV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUszqTOv8+Azr/OuM61z4POr86xIM6zz4HOsc+GzrXOr86/z4U=
+attributeDisplayNames:: aW5mbyzOo863zrzOtc65z47Pg861zrnPgg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLM6mz4nOvc63z4TOuc66zq4gzrPPgc6xz4bOriDOtc68z4bOsc69zrnOts+MzrzOtc69zr/PhSDOv869z4zOvM6xz4TOv8+C
+attributeDisplayNames:: bWVtYmVyLM6czq3Ou863
+attributeDisplayNames:: bWFuYWdlZEJ5LM6UzrnOsc+HzrXOuc+Bzq/Ots61z4TOsc65IM6xz4DPjA==
+attributeDisplayNames:: bCzOoM+MzrvOtw==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUszpHPgM6/zrrOu861zrnPg8+EzrnOus+MIM+Mzr3Ov868zrE=
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: YyzOo8+Fzr3PhM6/zrzOv86zz4HOsc+Gzq/OsSDPh8+Oz4HOsc+C
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zqTOv868zq3Osc+C
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: ZGMszozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zpXPgM6xz4bOrg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UszpTOuc61z43OuM+Fzr3Pg863IM65z4PPhM6/z4POtc67zq/OtM6xz4I=
+attributeDisplayNames:: dXJsLM6UzrnOtc+NzrjPhc69z4POtyDOuc+Dz4TOv8+DzrXOu86vzrTOsc+CICjOhs67zrvOtc+CKQ==
+attributeDisplayNames:: dGl0bGUszqTOr8+EzrvOv8+CIM61z4HOs86xz4POr86xz4I=
+attributeDisplayNames:: dGVsZXhOdW1iZXIszpHPgc65zrjOvM+Mz4Igz4TOrc67zrXOviAozobOu867zr/OuSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+EzrfOu861z4bPjs69zr/PhQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzOlM65zrXPjc64z4XOvc+Dzrc=
+attributeDisplayNames:: c3Qszp3Ov868z4zPgg==
+attributeDisplayNames:: c24szpXPgM+Ozr3Phc68zr8=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+Ezq3Ou861zr4=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLM6UzrnOtc64zr3Ors+CIM6xz4HOuc64zrzPjM+CIElTRE4=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzOpM6xz4fPhc60z4HOv868zrnOus6uIM64z4XPgc6vzrTOsQ==
+attributeDisplayNames:: cG9zdGFsQ29kZSzOpM6xz4cuIM66z47OtM65zrrOsc+C
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUszqTOv8+Azr/OuM61z4POr86xIM6zz4HOsc+GzrXOr86/z4U=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzOpM6vz4TOu86/z4I=
+attributeDisplayNames:: cGFnZXIszpHPgc65zrjOvM+Mz4Igz4TOt867zrXOtc65zrTOv8+Azr/Or863z4POt8+C
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUszpHPgc65zrjOvM+Mz4Igz4TOt867zrXPhs+Ozr3Ov8+FICjOhs67zrvOv865KQ==
+attributeDisplayNames:: b3RoZXJQYWdlcizOkc+BzrnOuM68z4zPgiDPhM63zrvOtc61zrnOtM6/z4DOv86vzrfPg863z4IgKM6GzrvOu86/zrkp
+attributeDisplayNames:: b3RoZXJNb2JpbGUszpHPgc65zrjOvM+Mz4IgzrrOuc69zrfPhM6/z40gKM6GzrvOu86/zrkp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LM6UzrnOtc+NzrjPhc69z4POtyDOt867zrXOus+Ez4HOv869zrnOus6/z40gz4TOsc+Hz4XOtM+Bzr/OvM61zq/Ov8+FICjOhs67zrvOtc+CKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLM6Rz4HOuc64zrzPjM+CIM+EzrfOu861z4bPjs69zr/PhSBJUCAozobOu867zr/OuSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUszpHPgc65zrjOvM+Mz4Igz4TOt867zrXPhs+Ozr3Ov8+FIM6/zrnOus6vzrHPgiAozobOu867zr/OuSk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIszpHPgc65zrjOvM+Mz4Igz4bOsc6+ICjOhs67zrvOv865KQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQszqbPic69zrfPhM65zrrOriDOs8+BzrHPhs6uIM+EzrzOrs68zrHPhM6/z4I=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLM6mz4nOvc63z4TOuc66zq4gzrPPgc6xz4bOriDOtc+Az4nOvc+FzrzOr86xz4IgzrXPhM6xzrnPgc61zq/Osc+C
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLM6mz4nOvc63z4TOuc66zq4gzrPPgc6xz4bOriDOtc68z4bOsc69zrnOts+MzrzOtc69zr/PhSDOv869z4zOvM6xz4TOv8+C
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLM6mz4nOvc63z4TOuc66zq4gzrPPgc6xz4bOriDOtc+Az4nOvc+NzrzOv8+F
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzOps+Jzr3Ot8+EzrnOus6uIM6zz4HOsc+Gzq4gzr/Ovc+MzrzOsc+Ezr/Pgg==
+attributeDisplayNames:: bW9iaWxlLM6Rz4HOuc64zrzPjM+CIM66zrnOvc63z4TOv8+N
+attributeDisplayNames:: bWlkZGxlTmFtZSzOoM6xz4TPgc+Ozr3Phc68zr8=
+attributeDisplayNames:: bWVtYmVyT2YszpzOrc67zr/PgiDPhM6/z4U=
+attributeDisplayNames:: bWFuYWdlcizOpc+AzrXPjc64z4XOvc6/z4I=
+attributeDisplayNames:: bWFpbCzOlM65zrXPjc64z4XOvc+DzrcgzrfOu861zrrPhM+Bzr/Ovc65zrrOv8+NIM+EzrHPh8+FzrTPgc6/zrzOtc6vzr/PhQ==
+attributeDisplayNames:: bCzOoM+MzrvOtw==
+attributeDisplayNames:: aXBQaG9uZSzOkc+BzrnOuM68z4zPgiDPhM63zrvOtc+Gz47Ovc6/z4UgSVA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIszpTOuc61zrjOvc6uz4IgzrHPgc65zrjOvM+Mz4IgSVNETiAozobOu867zr/OuSk=
+attributeDisplayNames:: aW5mbyzOo863zrzOtc65z47Pg861zrnPgg==
+attributeDisplayNames:: aW5pdGlhbHMszpHPgc+HzrnOus6s
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MszpTOuc61z43OuM+Fzr3Pg863IM6/zrnOus6vzrHPgg==
+attributeDisplayNames:: aG9tZVBob25lLM6kzrfOu86tz4bPic69zr8gzr/Ouc66zq/Osc+C
+attributeDisplayNames:: Z2l2ZW5OYW1lLM6Mzr3Ov868zrE=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizOlc+Azq/OuM63zrzOsSDOtM63zrzOuc6/z4XPgc6zzq/Osc+C
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+GzrHOvg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzOkc69zrHOs869z4nPgc65z4PPhM65zrrPjCDOtc+BzrPOsc62zr/OvM6tzr3Ov8+F
+attributeDisplayNames:: ZGl2aXNpb24szqTOv868zq3Osc+C
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUszpHPgM6/zrrOu861zrnPg8+EzrnOus+MIM+Mzr3Ov868zrE=
+attributeDisplayNames:: ZGlzcGxheU5hbWUszpXOvM+GzrHOvc65zrbPjM68zrXOvc6/IM+Mzr3Ov868zrE=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzOhs68zrXPg86xIM+Fz4DOtc+NzrjPhc69zr/OuQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: ZGVwYXJ0bWVudCzOpM68zq7OvM6x
+attributeDisplayNames:: Y29tcGFueSzOlc+EzrHOuc+BzrXOr86x
+attributeDisplayNames:: Y29tbWVudCzOo8+Hz4zOu865zr8=
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+attributeDisplayNames:: Y28szqfPjs+BzrE=
+attributeDisplayNames:: YyzOo8+Fzr3PhM6/zrzOv86zz4HOsc+Gzq/OsSDPh8+Oz4HOsc+C
+attributeDisplayNames:: YXNzaXN0YW50LM6Szr/Ot864z4zPgg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zqDOv867zrnPhM65zrrOriDPhM6/zrzOrc6x
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zqTOv8+AzrnOus6uIM+Azr/Ou865z4TOuc66zq4=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zprOv865zr3PjM+Hz4HOt8+Dz4TOv8+CIM+GzqzOus61zrvOv8+C
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSzOlM65zrHOtM+Bzr/OvM6uIM60zrnOus+Ez43Ov8+F
+attributeDisplayNames:: a2V5d29yZHMszpvOrc6+zrXOuc+CLc66zrvOtc65zrTOuc6s
+attributeDisplayNames:: bWFuYWdlZEJ5LM6UzrnOsc+HzrXOuc+Bzq/Ots61z4TOsc65IM6xz4DPjA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zqXPgM63z4HOtc+Dzq/OsQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zqXPgM6/zrvOv86zzrnPg8+Ezq7Pgg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLM6mz4nOvc63z4TOuc66zq4gzrPPgc6xz4bOriDOtc68z4bOsc69zrnOts+MzrzOtc69zr/PhSDOv869z4zOvM6xz4TOv8+C
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUszozOvc6/zrzOsSDPhc+Azr/Ou86/zrPOuc+Dz4TOriAoz4DPgc65zr0gz4TOsSBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizOiM66zrTOv8+DzrcgzrvOtc65z4TOv8+Fz4HOs865zrrOv8+NIM+Dz4XPg8+Ezq7OvM6xz4TOv8+C
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLM6bzrXOuc+Ezr/Phc+BzrPOuc66z4wgz4PPjc+Dz4TOt868zrE=
+attributeDisplayNames:: bWFuYWdlZEJ5LM6UzrnOsc+HzrXOuc+Bzq/Ots61z4TOsc65IM6xz4DPjA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zpXOus+Ez4XPgM+Jz4TOrs+C
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcizOiM66zrTOv8+DzrcgzrHOvc+EzrnOus61zrnOvM6tzr3Ov8+F
+attributeDisplayNames:: dXJsLM6UzrnOtc+NzrjPhc69z4POtyDOuc+Dz4TOv8+DzrXOu86vzrTOsc+C
+attributeDisplayNames:: c2VydmVyTmFtZSzOjM69zr/OvM6xIM60zrnOsc66zr/OvM65z4PPhM6u
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzOpc+Azr/Pg8+Ezq7Pgc65zr7OtyDPg8+Fz4HPgc6xz4bOrs+C
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUszozOvc6/zrzOsSDOus6/zrnOvc+Mz4fPgc63z4PPhM6/z4Ugz4PPhM6/zrnPh861zq/Ov8+F
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzOo861zrvOr860zrXPgiDOsc69zqwgzrvOtc+Az4TPjA==
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzOnM6/zr3OrM60zrXPgiDPhM6xz4fPjc+EzrfPhM6xz4I=
+attributeDisplayNames:: cHJpbnRSYXRlLM6kzrHPh8+Nz4TOt8+EzrE=
+attributeDisplayNames:: cHJpbnRPd25lcizOjM69zr/OvM6xIM66zrHPhM+Mz4fOv8+F
+attributeDisplayNames:: cHJpbnRNZW1vcnkszpXOs866zrHPhM61z4PPhM63zrzOrc69zrcgzrzOvc6uzrzOtw==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzOpM+Nz4DOv865IM+HzrHPgc+EzrnOv8+NIM+Azr/PhSDPhc+Azr/Pg8+EzrfPgc6vzrbOv869z4TOsc65
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LM6UzrnOsc64zq3Pg865zrzOvyDPh86xz4HPhM6v
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLM6czq3Os865z4PPhM63IM6xzr3OrM67z4XPg863
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSzOk867z47Pg8+DzrEgzrXOus+Ez4XPgM+Jz4TOrg==
+attributeDisplayNames:: cHJpbnRlck5hbWUszozOvc6/zrzOsQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQszqXPgM6/z4PPhM63z4HOr862zrXOuSDOtc66z4TPjc+Az4nPg863IM60zrnPgM67zq7PgiDPjM+IzrXPic+C
+attributeDisplayNames:: cHJpbnRDb2xvcizOpc+Azr/Pg8+EzrfPgc6vzrbOtc65IM6tzrPPh8+Bz4nOvM63IM61zrrPhM+Nz4DPic+Dzrc=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLM6lz4DOv8+Dz4TOt8+Bzq/Ots61zrkgz4TOsc6+zrnOvc+MzrzOt8+Dzrc=
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzOms6xz4POrc+EzrXPgiDOtc65z4PPjM60zr/PhQ==
+attributeDisplayNames:: cG9ydE5hbWUszpjPjc+BzrE=
+attributeDisplayNames:: bG9jYXRpb24szpjOrc+Dzrc=
+attributeDisplayNames:: ZHJpdmVyTmFtZSzOnM6/zr3PhM6tzrvOvw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqPPh8+MzrvOuc6/
+attributeDisplayNames:: Y29udGFjdE5hbWUszpXPgM6xz4bOrg==
+attributeDisplayNames:: YXNzZXROdW1iZXIszpHPgc65zrjOvM+Mz4Igz4PPhM6/zrnPh861zq/Ov8+F
+attributeDisplayNames:: dU5DTmFtZSzOjM69zr/OvM6xIM60zrnOus+Ez43Ov8+F
+attributeDisplayNames:: Y24szozOvc6/zrzOsSDPhc+AzrfPgc61z4POr86xz4IgzrrOsc+EzrHOu8+MzrPOv8+F
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: zqTOv8+Azr/OuM61z4POr86x
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: zpTOuc6xzrrOv868zrnPg8+Ezq7Pgg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: zqHPhc64zrzOr8+DzrXOuc+C
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: zqHPhc64zrzOr8+DzrXOuc+CIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: zqPPjc69zr/Ou86/IM+BzrXPgM67zq/Ous6xz4IgRlJT
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: zqHPhc64zrzOr8+DzrXOuc+CIM61zrvOtc6zzrrPhM6uIM+Ezr/OvM6tzrE=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: zqPPjc69zrTOtc+Dzrc=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: zqXPgM6/zrTOr866z4TPhc6/
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zp/Pgc6zzrHOvc65zrrOriDOvM6/zr3OrM60zrE=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LM6UzrnOsc+HzrXOuc+Bzq/Ots61z4TOsc65IM6xz4DPjA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: b3UszozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zprOv869z4TOrc65zr3Otc+B
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: zpHOvs65z4zPgM65z4PPhM6/z4Igz4TOv868zq3Osc+C
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQszqbPic69zrfPhM65zrrOriDOs8+BzrHPhs6uIM+EzrzOrs68zrHPhM6/z4IsMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLM6mz4nOvc63z4TOuc66zq4gzrPPgc6xz4bOriDOtc+Az4nOvc+FzrzOr86xz4IgzrXPhM6xzrnPgc61zq/Osc+CLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLM6mz4nOvc63z4TOuc66zq4gzrPPgc6xz4bOriDOtc+Az4nOvc+NzrzOv8+FLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSzOps+Jzr3Ot8+EzrnOus6uIM6zz4HOsc+Gzq4gzr/Ovc+MzrzOsc+Ezr/PgiwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLM6mz4nOvc63z4TOuc66zq4gzrPPgc6xz4bOriDOtc68z4bOsc69zrnOts+MzrzOtc69zr/PhSDOv869z4zOvM6xz4TOv8+CLDAsMTAwLDA=
+extraColumns:: cG9zdGFsQ29kZSzOpM6xz4fPhc60z4HOv868zrnOus+Mz4IgzrrPjs60zrnOus6xz4IsMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MszpTOuc61z43OuM+Fzr3Pg863IM63zrvOtc66z4TPgc6/zr3Ouc66zr/PjSDPhM6xz4fPhc60z4HOv868zrXOr86/z4UgWC40MDAsMCwxMzAsMA==
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUszozOvc6/zrzOsSDPg8+Nzr3OtM61z4POt8+CIM+Hz4HOrs+Dz4TOtywwLDIwMCww
+extraColumns:: dGl0bGUszqTOr8+EzrvOv8+CIM61z4HOs86xz4POr86xz4IsMCwxMDAsMA==
+extraColumns:: dGFyZ2V0QWRkcmVzcyzOlM65zrXPjc64z4XOvc+Dzrcgz4DPgc6/zr/Pgc65z4POvM6/z40sMCwxMDAsMA==
+extraColumns:: c3QszprOsc+EzqzPg8+EzrHPg863LDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUszpPPgc6xz4bOtc6vzr8sMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQszqTPgc6/z4DOv8+Azr/Ouc6uzrjOt866zrUsMCwxMzAsMA==
+extraColumns:: c24szpXPgM+Ozr3Phc68zr8sMCwxMDAsMA==
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMIM6szrzOtc+Dz4nOvSDOvM63zr3Phc68zqzPhM+Jzr0sMCwxNDAsMA==
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCzOlM65zrHOus6/zrzOuc+Dz4TOrs+CIM66zrXOvc+Ez4HOuc66zq7PgiDPg861zrvOr860zrHPgiDOrM68zrXPg8+Jzr0gzrzOt869z4XOvM6sz4TPic69LDAsMTcwLDA=
+extraColumns:: Z2l2ZW5OYW1lLM6Mzr3Ov868zrEsMCwxMDAsMA==
+extraColumns:: aG9tZU1EQizOp8+Oz4HOv8+CIM6xz4DOv864zq7Ous61z4XPg863z4IgzrPPgc6xzrzOvM6xz4TOv866zrnOss+Jz4TOr86/z4UgRXhjaGFuZ2UsMCwxMDAsMA==
+extraColumns:: bWFpbE5pY2tuYW1lLM6ozrXPhc60z47Ovc+FzrzOvyBFeGNoYW5nZSwwLDE3NSww
+extraColumns:: bWFpbCzOlM65zrXPjc64z4XOvc+DzrcgzrfOu861zrrPhM+Bzr/Ovc65zrrOv8+NIM+EzrHPh8+FzrTPgc6/zrzOtc6vzr/PhSwwLDEwMCww
+extraColumns:: c0FNQWNjb3VudE5hbWUszozOvc6/zrzOsSDPg8+Nzr3OtM61z4POt8+CIM+Az4HOuc69IM+EzrEgV2luZG93cyAyMDAwLDAsMTIwLDA=
+extraColumns:: ZGlzcGxheU5hbWUszpXOvM+GzrHOvc65zrbPjM68zrXOvc6/IM+Mzr3Ov868zrEsMCwxMDAsMA==
+extraColumns:: ZGVwYXJ0bWVudCzOpM68zq7OvM6xLDAsMTUwLDA=
+extraColumns:: YyzOp8+Oz4HOsSwwLC0xLDA=
+extraColumns:: Y29tcGFueSzOlc+EzrHOuc+BzrXOr86xLDAsMTUwLDA=
+extraColumns:: bCzOoM+MzrvOtywwLDE1MCww
+extraColumns:: dGVsZXBob25lTnVtYmVyLM6kzrfOu86tz4bPic69zr8gzrXPgc6zzrHPg86vzrHPgiwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: zqPPjc69zrTOtc+Dzrcgz4TOv8+Azr/OuM61z4POr86xz4I=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: zpPOrc+Gz4XPgc6xIM+Dz43Ovc60zrXPg863z4Igz4TOv8+Azr/OuM61z4POr86xz4I=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: zpzOtc+EzrHPhs6/z4HOrCDOvM61z4TOsc6+z40gzrHPgM6/zrzOsc66z4HPhc+DzrzOrc69z4nOvSDPhM6/z4DOv864zrXPg865z47OvQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: zqHPhc64zrzOr8+DzrXOuc+CIM6szrTOtc65zrHPgiDPh8+Bzq7Pg863z4Igz4TOv8+Azr/OuM61z4POr86xz4I=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: zqHPhc64zrzOr8+DzrXOuc+CIM+Ezr/PgM6/zrjOtc+Dzq/Osc+C
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: zpzOrc67zr/PgiBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: zqPPhc69zrTPgc6/zrzOt8+Ezq7PgiBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: zqPPhc69zrTPgc6/zrzOrc+CIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: zqXPgM63z4HOtc+Dzq/Otc+CIFJQQw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: zp/Phc+BzqwgTVNNUQ==
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: zqHPjc64zrzOuc+Dzrcgz4DOsc+BzrHOvM6tz4TPgc+Jzr0gTVNNUQ==
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: zpXPhM6xzrnPgc61zq/OsSBNU01R
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: zpHOvc6xzrLOsc64zrzOuc+DzrzOrc69zr/PgiDPh8+Bzq7Pg8+EzrfPgiBNU01R
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: zqPPjc69zrTOtc+DzrcgzrTPgc6/zrzOv867z4zOs863z4POt8+CIE1TTVE=
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: zqHPhc64zrzOr8+DzrXOuc+CIE1TTVE=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: zqjOtc+FzrTPjs69z4XOvM6xIM6/z4XPgc6sz4IgTVNNUQ==
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSzOjM69zr/OvM6xIM68zr/Pgc+Gzq7Pgg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: zozOvc6/zrzOsSBNU01R
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLM6fz4XPgc6tz4ItzrzOrc67zrc=
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: zqXPgM63z4HOtc+Dzq/OsSDOsc+Azr/OvM6xzrrPgc+Fz4POvM6tzr3Ot8+CIM6xz4DOv864zq7Ous61z4XPg863z4I=
+adminContextMenu:: MCzOlM65zrEmz4fOtc6vz4HOuc+DzrcuLi4sUnNBZG1pbi5tc2M=
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: zprOv869z4TOrc65zr3Otc+BIM+Ezr/PgM6/zrjOtc+DzrnPjs69
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: zprOv869z4TOrc65zr3Otc+BIM68zrXPhM6xz4bOv8+Bz47OvSDOvM61z4TOsc6+z40gzrHPgM6/zrzOsc66z4HPhc+DzrzOrc69z4nOvSDPhM6/z4DOv864zrXPg865z47OvQ==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: zprOv869z4TOrc65zr3Otc+BIM+Fz4DOv860zrnOus+Ez43Pic69
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: zprOv869z4TOrc65zr3Otc+BIM60zrnOsc66zr/OvM65z4PPhM+Ozr0=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: zqXPgM63z4HOtc+Dzq/Otc+CIM+Ezr/OvM6tzrEgQWN0aXZlIERpcmVjdG9yeQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: zqDOv867zrnPhM65zrrOriDOtc+Bz4nPhM6uzrzOsc+Ezr/Pgg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: zpHPgc+Hzq4gzrXOvs+Jz4TOtc+BzrnOus6uz4IgzrHPg8+GzqzOu861zrnOsc+C
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: zqDPgc+Mz4TPhc+Azr8gz4DOuc+Dz4TOv8+Azr/Ouc63z4TOuc66z47OvQ==
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LM6kzrXOu861z4XPhM6xzq/Ov8+CIM6zzr3Pic+Dz4TPjM+CIM6zzr/Ovc6tzrHPgiwxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LM6Szr/Ot864z4zPgg==
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+attributeDisplayNames:: YyzOo8+Fzr3PhM6/zrzOv86zz4HOsc+Gzq/OsSDPh8+Oz4HOsc+C
+attributeDisplayNames:: Y28szqfPjs+BzrE=
+attributeDisplayNames:: Y29tbWVudCzOo8+Hz4zOu865zr8=
+attributeDisplayNames:: Y29tcGFueSzOlc+EzrHOuc+BzrXOr86x
+attributeDisplayNames:: ZGVwYXJ0bWVudCzOpM68zq7OvM6x
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzOhs68zrXPg86xIM+Fz4DOtc+NzrjPhc69zr/OuQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUszpHPgM6/zrrOu861zrnPg8+EzrnOus+MIM+Mzr3Ov868zrE=
+attributeDisplayNames:: ZGl2aXNpb24szqTOv868zq3Osc+C
+attributeDisplayNames:: ZW1wbG95ZWVJRCzOkc69zrHOs869z4nPgc65z4PPhM65zrrPjCDOtc+BzrPOsc62zr/OvM6tzr3Ov8+F
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+GzrHOvg==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizOlc+Azq/OuM63zrzOsSDOtM63zrzOuc6/z4XPgc6zzq/Osc+C
+attributeDisplayNames:: Z2l2ZW5OYW1lLM6Mzr3Ov868zrE=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzOms61zr3PhM+BzrnOus+Mz4Igz4bOrM66zrXOu86/z4I=
+attributeDisplayNames:: aG9tZURyaXZlLM6azrXOvc+Ez4HOuc66zq4gzrzOv869zqzOtM6xIM60zq/Pg866zr/PhQ==
+attributeDisplayNames:: aG9tZVBob25lLM6kzrfOu86tz4bPic69zr8gzr/Ouc66zq/Osc+C
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MszpTOuc61z43OuM+Fzr3Pg863IM6/zrnOus6vzrHPgg==
+attributeDisplayNames:: aW5pdGlhbHMszpHPgc+HzrnOus6s
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIszpTOuc61zrjOvc6uz4IgzrHPgc65zrjOvM+Mz4IgSVNETiAozobOu867zr/OuSk=
+attributeDisplayNames:: aXBQaG9uZSzOkc+BzrnOuM68z4zPgiDPhM63zrvOtc+Gz47Ovc6/z4UgSVA=
+attributeDisplayNames:: bCzOoM+MzrvOtw==
+attributeDisplayNames:: bWFpbCzOlM65zrXPjc64z4XOvc+DzrcgzrfOu861zrrPhM+Bzr/Ovc65zrrOv8+NIM+EzrHPh8+FzrTPgc6/zrzOtc6vzr/PhQ==
+attributeDisplayNames:: bWFuYWdlcizOpc+AzrXPjc64z4XOvc6/z4I=
+attributeDisplayNames:: bWVtYmVyT2YszpzOrc67zr/PgiDPhM6/z4U=
+attributeDisplayNames:: bWlkZGxlTmFtZSzOoM6xz4TPgc+Ozr3Phc68zr8=
+attributeDisplayNames:: bW9iaWxlLM6Rz4HOuc64zrzPjM+CIM66zrnOvc63z4TOv8+N
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQszqbPic69zrfPhM65zrrOriDOs8+BzrHPhs6uIM+EzrzOrs68zrHPhM6/z4I=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLM6mz4nOvc63z4TOuc66zq4gzrPPgc6xz4bOriDOtc+Az4nOvc+FzrzOr86xz4IgzrXPhM6xzrnPgc61zq/Osc+C
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLM6mz4nOvc63z4TOuc66zq4gzrPPgc6xz4bOriDOtc68z4bOsc69zrnOts+MzrzOtc69zr/PhSDOv869z4zOvM6xz4TOv8+C
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLM6mz4nOvc63z4TOuc66zq4gzrPPgc6xz4bOriDOtc+Az4nOvc+NzrzOv8+F
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzOps+Jzr3Ot8+EzrnOus6uIM6zz4HOsc+Gzq4gzr/Ovc+MzrzOsc+Ezr/Pgg==
+attributeDisplayNames:: aW5mbyzOo863zrzOtc65z47Pg861zrnPgg==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIszpHPgc65zrjOvM+Mz4Igz4bOsc6+ICjOhs67zrvOv865KQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUszqTOt867zq3Phs+Jzr3OvyDOv865zrrOr86xz4IgKM6GzrvOu86xKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLM6Rz4HOuc64zrzPjM+CIM+EzrfOu861z4bPjs69zr/PhSBJUCAozobOu867zr/OuSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LM6UzrnOtc+NzrjPhc69z4POtyDOt867zrXOus+Ez4HOv869zrnOus6/z40gz4TOsc+Hz4XOtM+Bzr/OvM61zq/Ov8+FICjOhs67zrvOtc+CKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUszpHPgc65zrjOvM+Mz4IgzrrOuc69zrfPhM6/z40gKM6GzrvOu86/zrkp
+attributeDisplayNames:: b3RoZXJQYWdlcizOkc+BzrnOuM68z4zPgiDPhM63zrvOtc61zrnOtM6/z4DOv86vzrfPg863z4IgKM6GzrvOu86/zrkp
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUszpHPgc65zrjOvM+Mz4Igz4TOt867zrXPhs+Ozr3Ov8+FICjOhs67zrvOv865KQ==
+attributeDisplayNames:: cGFnZXIszpHPgc65zrjOvM+Mz4Igz4TOt867zrXOtc65zrTOv8+Azr/Or863z4POt8+C
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzOpM6vz4TOu86/z4I=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUszqTOv8+Azr/OuM61z4POr86xIM6zz4HOsc+GzrXOr86/z4U=
+attributeDisplayNames:: cG9zdGFsQ29kZSzOpM6xz4cuIM66z47OtM65zrrOsc+C
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzOpM6xz4fPhc60z4HOv868zrnOus6uIM64z4XPgc6vzrTOsQ==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLM6UzrnOtc64zr3Ors+CIM6xz4HOuc64zrzPjM+CIElTRE4=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+Ezq3Ou861zr4=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUszozOvc6/zrzOsSDPg8+Nzr3OtM61z4POt8+CICjPgM+BzrnOvSDPhM6xIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: c24szpXPgM+Ozr3Phc68zr8=
+attributeDisplayNames:: c3Qszp3Ov868z4zPgg==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzOlM65zrXPjc64z4XOvc+Dzrc=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+EzrfOu861z4bPjs69zr/PhQ==
+attributeDisplayNames:: dGVsZXhOdW1iZXIszpHPgc65zrjOvM+Mz4Igz4TOrc67zrXOviAozobOu867zr/OuSk=
+attributeDisplayNames:: dGl0bGUszqTOr8+EzrvOv8+CIM61z4HOs86xz4POr86xz4I=
+attributeDisplayNames:: dXJsLM6UzrnOtc+NzrjPhc69z4POtyDOuc+Dz4TOv8+DzrXOu86vzrTOsc+CICjOhs67zrvOtc+CKQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUszpXOvM+GzrHOvc65zrbPjM68zrXOvc6/IM+Mzr3Ov868zrE=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzOo8+EzrHOuM68zr/OryDOtc+BzrPOsc+Dzq/Osc+CIM+Dz43Ovc60zrXPg863z4I=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUszozOvc6/zrzOsSDPg8+Nzr3OtM61z4POt8+C
+attributeDisplayNames:: d1dXSG9tZVBhZ2UszpTOuc61z43OuM+Fzr3Pg863IM65z4PPhM6/z4POtc67zq/OtM6xz4I=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: 0JPRgNGD0L/Qv9CwIEludGVsbGlNaXJyb3I=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: 0KHQu9GD0LbQsdCwIEludGVsbGlNaXJyb3I=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0J/QvtC70YzQt9C+0LLQsNGC0LXQu9GM
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us0JDQtNGA0LXRgSDRgdGC0YDQsNC90LjRhtGLINCyINCY0L3RgtC10YDQvdC10YLQtQ==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs0JjQvNGPINC00LvRjyDQstGF0L7QtNCw
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzQoNCw0LHQvtGH0LjQtSDRgdGC0LDQvdGG0LjQuCDQtNC70Y8g0LLRhdC+0LTQsCDQsiDRgdC40YHRgtC10LzRgw==
+attributeDisplayNames:: ZGlzcGxheU5hbWUs0JLRi9Cy0L7QtNC40LzQvtC1INC40LzRjw==
+attributeDisplayNames:: dXJsLNCQ0LTRgNC10YEg0YHRgtGA0LDQvdC40YbRiyDQsiDQmNC90YLQtdGA0L3QtdGC0LUgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: dGl0bGUs0JTQvtC70LbQvdC+0YHRgtGM
+attributeDisplayNames:: dGVsZXhOdW1iZXIs0J3QvtC80LXRgCDRgtC10LvQtdC60YHQsCAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNCd0L7QvNC10YAg0YLQtdC70LXRhNC+0L3QsA==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzQkNC00YDQtdGBLCDRg9C70LjRhtCw
+attributeDisplayNames:: c3Qs0J7QsdC70LDRgdGC0Yw=
+attributeDisplayNames:: c24s0KTQsNC80LjQu9C40Y8=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs0JjQvNGPINCy0YXQvtC00LAgKNC/0YDQtdC0LVdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNCd0L7QvNC10YAg0YLQtdC70LXQutGB0LA=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNCc0LXQttC00YPQvdCw0YDQvtC00L3Ri9C5INC90L7QvNC10YAgSVNETg==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzQn9C+0YfRgtC+0LLRi9C5INGP0YnQuNC6
+attributeDisplayNames:: cG9zdGFsQ29kZSzQn9C+0YfRgtC+0LLRi9C5INC40L3QtNC10LrRgQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs0JrQvtC80L3QsNGC0LA=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzQotC40YLRg9C7LCDQt9Cy0LDQvdC40LU=
+attributeDisplayNames:: cGFnZXIs0J3QvtC80LXRgCDQv9C10LnQtNC20LXRgNCw
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs0J3QvtC80LXRgCDRgtC10LvQtdGE0L7QvdCwICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: b3RoZXJQYWdlcizQndC+0LzQtdGAINC/0LXQudC00LbQtdGA0LAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs0J3QvtC80LXRgCDRgdC+0YLQvtCy0L7Qs9C+INGC0LXQu9C10YTQvtC90LAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNCt0LvQtdC60YLRgNC+0L3QvdCw0Y8g0L/QvtGH0YLQsCAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLNCi0LXQu9C10YTQvtC90L3Ri9C5INC90L7QvNC10YAgSVAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs0JTQvtC80LDRiNC90LjQuSDRgtC10LvQtdGE0L7QvSAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs0J3QvtC80LXRgCDRhNCw0LrRgdCwICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: aW5mbyzQn9GA0LjQvNC10YfQsNC90LjRjw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs0J7RgtC00LXQuyDRhNC+0L3QtdGC0LjQutC4
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLNCe0YDQs9Cw0L3QuNC30LDRhtC40Y8gKNGE0L7QvdC10YLQuNC60LAp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLNCe0YLQvtCx0YDQsNC20LDQtdC80L7QtSDQuNC80Y8gKNC/0YDQvtC40LfQvdC+0YjQtdC90LjQtSk=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLNCk0LDQvNC40LvQuNGPICjRhNC+0L3QtdGC0LjQutCwKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzQmNC80Y8gKNGE0L7QvdC10YLQuNC60LAp
+attributeDisplayNames:: bW9iaWxlLNCd0L7QvNC10YAg0YHQvtGC0L7QstC+0LPQviDRgtC10LvQtdGE0L7QvdCw
+attributeDisplayNames:: bWlkZGxlTmFtZSzQodGA0LXQtNC90Y/RjyDRh9Cw0YHRgtGMINC40LzQtdC90LgsINC+0YLRh9C10YHRgtCy0L4=
+attributeDisplayNames:: bWVtYmVyT2Ys0KfQu9C10L0g0LPRgNGD0L/Qvw==
+attributeDisplayNames:: bWFuYWdlcizQoNGD0LrQvtCy0L7QtNC40YLQtdC70Yw=
+attributeDisplayNames:: bWFpbCzQrdC70LXQutGC0YDQvtC90L3QsNGPINC/0L7Rh9GC0LA=
+attributeDisplayNames:: bCzQk9C+0YDQvtC0
+attributeDisplayNames:: aXBQaG9uZSzQotC10LvQtdGE0L7QvdC90YvQuSDQvdC+0LzQtdGAIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs0JzQtdC20LTRg9C90LDRgNC+0LTQvdGL0Lkg0L3QvtC80LXRgCBJU0ROICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: aW5pdGlhbHMs0JjQvdC40YbQuNCw0LvRiw==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms0JTQvtC80LDRiNC90LjQuSDQsNC00YDQtdGB
+attributeDisplayNames:: aG9tZVBob25lLNCU0L7QvNCw0YjQvdC40Lkg0YLQtdC70LXRhNC+0L0=
+attributeDisplayNames:: aG9tZURyaXZlLNCU0LjRgdC6INC00L7QvNCw0YjQvdC10Lkg0L/QsNC/0LrQuA==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzQlNC+0LzQsNGI0L3Rj9GPINC/0LDQv9C60LA=
+attributeDisplayNames:: Z2l2ZW5OYW1lLNCY0LzRjw==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizQodGD0YTRhNC40LrRgSDQv9C+0LrQvtC70LXQvdC40Y8=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNCd0L7QvNC10YAg0YTQsNC60YHQsA==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzQmtC+0LQg0YHQvtGC0YDRg9C00L3QuNC60LA=
+attributeDisplayNames:: ZGl2aXNpb24s0J7RgtC00LXQuw==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs0KDQsNC30LvQuNGH0LDRjtGJ0LXQtdGB0Y8g0LjQvNGP
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzQn9GA0Y/QvNGL0LUg0L/QvtC00YfQuNC90LXQvdC90YvQtQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCzQntGC0LTQtdC7
+attributeDisplayNames:: Y29tcGFueSzQntGA0LPQsNC90LjQt9Cw0YbQuNGP
+attributeDisplayNames:: Y29tbWVudCzQmtC+0LzQvNC10L3RgtCw0YDQuNC5
+attributeDisplayNames:: Y28s0KHRgtGA0LDQvdCw
+attributeDisplayNames:: YyzQodC+0LrRgNCw0YnQtdC90L3QvtC1INC+0LHQvtC30L3QsNGH0LXQvdC40LUg0YHRgtGA0LDQvdGL
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+attributeDisplayNames:: YXNzaXN0YW50LNCf0L7QvNC+0YnQvdC40Lo=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0JPRgNGD0L/Qv9Cw
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us0JDQtNGA0LXRgSDRgdGC0YDQsNC90LjRhtGLINCyINCY0L3RgtC10YDQvdC10YLQtQ==
+attributeDisplayNames:: dXJsLNCQ0LTRgNC10YEg0YHRgtGA0LDQvdC40YbRiyDQsiDQmNC90YLQtdGA0L3QtdGC0LUgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs0JjQvNGPINCz0YDRg9C/0L/RiyAo0L/RgNC10LQtV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs0JrQvtC80L3QsNGC0LA=
+attributeDisplayNames:: aW5mbyzQn9GA0LjQvNC10YfQsNC90LjRjw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLNCe0YLQvtCx0YDQsNC20LDQtdC80L7QtSDQuNC80Y8gKNC/0YDQvtC40LfQvdC+0YjQtdC90LjQtSk=
+attributeDisplayNames:: bWVtYmVyLNCn0LvQtdC90Ysg0LPRgNGD0L/Qv9GL
+attributeDisplayNames:: bWFuYWdlZEJ5LNCj0L/RgNCw0LLQu9GP0LXRgtGB0Y8=
+attributeDisplayNames:: bCzQk9C+0YDQvtC0
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs0KDQsNC30LvQuNGH0LDRjtGJ0LXQtdGB0Y8g0LjQvNGP
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: YyzQodC+0LrRgNCw0YnQtdC90L3QvtC1INC+0LHQvtC30L3QsNGH0LXQvdC40LUg0YHRgtGA0LDQvdGL
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0JTQvtC80LXQvQ==
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: ZGMs0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0JrQvtC90YLQsNC60YI=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us0JDQtNGA0LXRgSDRgdGC0YDQsNC90LjRhtGLINCyINCY0L3RgtC10YDQvdC10YLQtQ==
+attributeDisplayNames:: dXJsLNCQ0LTRgNC10YEg0YHRgtGA0LDQvdC40YbRiyDQsiDQmNC90YLQtdGA0L3QtdGC0LUgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: dGl0bGUs0JTQvtC70LbQvdC+0YHRgtGM
+attributeDisplayNames:: dGVsZXhOdW1iZXIs0J3QvtC80LXRgCDRgtC10LvQtdC60YHQsCAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNCd0L7QvNC10YAg0YLQtdC70LXRhNC+0L3QsA==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzQkNC00YDQtdGBLCDRg9C70LjRhtCw
+attributeDisplayNames:: c3Qs0J7QsdC70LDRgdGC0Yw=
+attributeDisplayNames:: c24s0KTQsNC80LjQu9C40Y8=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNCd0L7QvNC10YAg0YLQtdC70LXQutGB0LA=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNCc0LXQttC00YPQvdCw0YDQvtC00L3Ri9C5INC90L7QvNC10YAgSVNETg==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzQn9C+0YfRgtC+0LLRi9C5INGP0YnQuNC6
+attributeDisplayNames:: cG9zdGFsQ29kZSzQn9C+0YfRgtC+0LLRi9C5INC40L3QtNC10LrRgQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs0JrQvtC80L3QsNGC0LA=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzQotC40YLRg9C7LCDQt9Cy0LDQvdC40LU=
+attributeDisplayNames:: cGFnZXIs0J3QvtC80LXRgCDQv9C10LnQtNC20LXRgNCw
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs0J3QvtC80LXRgCDRgtC10LvQtdGE0L7QvdCwICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: b3RoZXJQYWdlcizQndC+0LzQtdGAINC/0LXQudC00LbQtdGA0LAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs0J3QvtC80LXRgCDRgdC+0YLQvtCy0L7Qs9C+INGC0LXQu9C10YTQvtC90LAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNCt0LvQtdC60YLRgNC+0L3QvdCw0Y8g0L/QvtGH0YLQsCAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLNCi0LXQu9C10YTQvtC90L3Ri9C5INC90L7QvNC10YAgSVAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs0JTQvtC80LDRiNC90LjQuSDRgtC10LvQtdGE0L7QvSAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs0J3QvtC80LXRgCDRhNCw0LrRgdCwICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs0J7RgtC00LXQuyDRhNC+0L3QtdGC0LjQutC4
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLNCe0YDQs9Cw0L3QuNC30LDRhtC40Y8gKNGE0L7QvdC10YLQuNC60LAp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLNCe0YLQvtCx0YDQsNC20LDQtdC80L7QtSDQuNC80Y8gKNC/0YDQvtC40LfQvdC+0YjQtdC90LjQtSk=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLNCk0LDQvNC40LvQuNGPICjRhNC+0L3QtdGC0LjQutCwKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzQmNC80Y8gKNGE0L7QvdC10YLQuNC60LAp
+attributeDisplayNames:: bW9iaWxlLNCd0L7QvNC10YAg0YHQvtGC0L7QstC+0LPQviDRgtC10LvQtdGE0L7QvdCw
+attributeDisplayNames:: bWlkZGxlTmFtZSzQodGA0LXQtNC90Y/RjyDRh9Cw0YHRgtGMINC40LzQtdC90LgsINC+0YLRh9C10YHRgtCy0L4=
+attributeDisplayNames:: bWVtYmVyT2Ys0KfQu9C10L0g0LPRgNGD0L/Qvw==
+attributeDisplayNames:: bWFuYWdlcizQoNGD0LrQvtCy0L7QtNC40YLQtdC70Yw=
+attributeDisplayNames:: bWFpbCzQrdC70LXQutGC0YDQvtC90L3QsNGPINC/0L7Rh9GC0LA=
+attributeDisplayNames:: bCzQk9C+0YDQvtC0
+attributeDisplayNames:: aXBQaG9uZSzQotC10LvQtdGE0L7QvdC90YvQuSDQvdC+0LzQtdGAIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs0JzQtdC20LTRg9C90LDRgNC+0LTQvdGL0Lkg0L3QvtC80LXRgCBJU0ROICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: aW5mbyzQn9GA0LjQvNC10YfQsNC90LjRjw==
+attributeDisplayNames:: aW5pdGlhbHMs0JjQvdC40YbQuNCw0LvRiw==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms0JTQvtC80LDRiNC90LjQuSDQsNC00YDQtdGB
+attributeDisplayNames:: aG9tZVBob25lLNCU0L7QvNCw0YjQvdC40Lkg0YLQtdC70LXRhNC+0L0=
+attributeDisplayNames:: Z2l2ZW5OYW1lLNCY0LzRjw==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizQodGD0YTRhNC40LrRgSDQv9C+0LrQvtC70LXQvdC40Y8=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNCd0L7QvNC10YAg0YTQsNC60YHQsA==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzQmtC+0LQg0YHQvtGC0YDRg9C00L3QuNC60LA=
+attributeDisplayNames:: ZGl2aXNpb24s0J7RgtC00LXQuw==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs0KDQsNC30LvQuNGH0LDRjtGJ0LXQtdGB0Y8g0LjQvNGP
+attributeDisplayNames:: ZGlzcGxheU5hbWUs0JLRi9Cy0L7QtNC40LzQvtC1INC40LzRjw==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzQn9GA0Y/QvNGL0LUg0L/QvtC00YfQuNC90LXQvdC90YvQtQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCzQntGC0LTQtdC7
+attributeDisplayNames:: Y29tcGFueSzQntGA0LPQsNC90LjQt9Cw0YbQuNGP
+attributeDisplayNames:: Y29tbWVudCzQmtC+0LzQvNC10L3RgtCw0YDQuNC5
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+attributeDisplayNames:: Y28s0KHRgtGA0LDQvdCw
+attributeDisplayNames:: YyzQodC+0LrRgNCw0YnQtdC90L3QvtC1INC+0LHQvtC30L3QsNGH0LXQvdC40LUg0YHRgtGA0LDQvdGL
+attributeDisplayNames:: YXNzaXN0YW50LNCf0L7QvNC+0YnQvdC40Lo=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0J/QvtC70LjRgtC40LrQsCDQtNC+0LzQtdC90LA=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0JvQvtC60LDQu9GM0L3QsNGPINC/0L7Qu9C40YLQuNC60LA=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0J7QsdGJ0LDRjyDQv9Cw0L/QutCw
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSzQodC10YLQtdCy0L7QuSDQv9GD0YLRjA==
+attributeDisplayNames:: a2V5d29yZHMs0JrQu9GO0YfQtdCy0YvQtSDRgdC70L7QstCw
+attributeDisplayNames:: bWFuYWdlZEJ5LNCj0L/RgNCw0LLQu9GP0LXRgtGB0Y8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0KHQu9GD0LbQsdCw
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0JrQvtC80L/RjNGO0YLQtdGA
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLNCe0YLQvtCx0YDQsNC20LDQtdC80L7QtSDQuNC80Y8gKNC/0YDQvtC40LfQvdC+0YjQtdC90LjQtSk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs0JjQvNGPINC60L7QvNC/0YzRjtGC0LXRgNCwICjQv9GA0LXQtC1XaW5kb3dzIDIwMDAp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizQktC10YDRgdC40Y8g0L7Qv9C10YDQsNGG0LjQvtC90L3QvtC5INGB0LjRgdGC0LXQvNGL
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLNCe0L/QtdGA0LDRhtC40L7QvdC90LDRjyDRgdC40YHRgtC10LzQsA==
+attributeDisplayNames:: bWFuYWdlZEJ5LNCj0L/RgNCw0LLQu9GP0LXRgtGB0Y8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0J/RgNC40L3RgtC10YA=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcizQktC10YDRgdC40Y8g0L7QsdGK0LXQutGC0LA=
+attributeDisplayNames:: dXJsLNCQ0LTRgNC10YEg0YHRgtGA0LDQvdC40YbRiyDQsiDQmNC90YLQtdGA0L3QtdGC0LU=
+attributeDisplayNames:: c2VydmVyTmFtZSzQmNC80Y8g0YHQtdGA0LLQtdGA0LA=
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzQn9C+0LTQtNC10YDQttC60LAg0YHRiNC40LLQsNC90LjRjw==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUs0JjQvNGPINC+0LHRidC10LPQviDRgNC10YHRg9GA0YHQsA==
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzQodGC0YDQsNC90LjRhiDQsiDQvNC40L3Rg9GC0YM=
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzQldC00LjQvdC40YbRiyDRgdC60L7RgNC+0YHRgtC4
+attributeDisplayNames:: cHJpbnRSYXRlLNCh0LrQvtGA0L7RgdGC0Yw=
+attributeDisplayNames:: cHJpbnRPd25lcizQmNC80Y8g0LLQu9Cw0LTQtdC70YzRhtCw
+attributeDisplayNames:: cHJpbnRNZW1vcnks0KPRgdGC0LDQvdC+0LLQu9C10L3QvdCw0Y8g0L/QsNC80Y/RgtGM
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzQn9C+0LTQtNC10YDQttC40LLQsNC10LzRi9C1INCy0LjQtNGLINCx0YPQvNCw0LPQuA==
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LNCY0YHQv9C+0LvRjNC30YPQtdC80LDRjyDQsdGD0LzQsNCz0LA=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLNCc0LDQutGB0LjQvNCw0LvRjNC90L7QtSDRgNCw0LfRgNC10YjQtdC90LjQtQ==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSzQo9C/0YDQsNCy0LvRj9GO0YnQuNC5INGP0LfRi9C6INC/0YDQuNC90YLQtdGA0LA=
+attributeDisplayNames:: cHJpbnRlck5hbWUs0J/QvtC70L3QvtC1INC40LzRjw==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQs0J/QvtC00LTQtdGA0LbQutCwINC00LLRg9GB0YLQvtGA0L7QvdC90LXQuSDQv9C10YfQsNGC0Lg=
+attributeDisplayNames:: cHJpbnRDb2xvcizQn9C+0LTQtNC10YDQttC60LAg0YbQstC10YLQvdC+0Lkg0L/QtdGH0LDRgtC4
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLNCf0L7QtNC00LXRgNC20LrQsCDRgNCw0LfQsdC+0YDQsCDQv9C+INC60L7Qv9C40Y/QvA==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzQn9C+0LTQsNGO0YnQuNC1INC70L7RgtC60Lg=
+attributeDisplayNames:: cG9ydE5hbWUs0J/QvtGA0YI=
+attributeDisplayNames:: bG9jYXRpb24s0KDQsNC30LzQtdGJ0LXQvdC40LU=
+attributeDisplayNames:: ZHJpdmVyTmFtZSzQnNC+0LTQtdC70Yw=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0JrQvtC80LzQtdC90YLQsNGA0LjQuQ==
+attributeDisplayNames:: Y29udGFjdE5hbWUs0JrQvtC90YLQsNC60YI=
+attributeDisplayNames:: YXNzZXROdW1iZXIs0JDRgNGC0LjQutGD0Ls=
+attributeDisplayNames:: dU5DTmFtZSzQodC10YLQtdCy0L7QtSDQuNC80Y8=
+attributeDisplayNames:: Y24s0JjQvNGPINGB0LvRg9C20LHRiyDQutCw0YLQsNC70L7Qs9C+0LI=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 0KHQsNC50YI=
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 0KHQtdGA0LLQtdGA
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 0J/QsNGA0LDQvNC10YLRgNGL
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 0J/QsNGA0LDQvNC10YLRgNGLIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 0J3QsNCx0L7RgCDRgNC10L/Qu9C40LrQsNGG0LjQuCBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 0J/QsNGA0LDQvNC10YLRgNGLINC60L7QvdGC0YDQvtC70LvQtdGA0LAg0LTQvtC80LXQvdCw
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 0J/QvtC00LrQu9GO0YfQtdC90LjQtQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 0J/QvtC00YHQtdGC0Yw=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0J/QvtC00YDQsNC30LTQtdC70LXQvdC40LU=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LNCj0L/RgNCw0LLQu9GP0LXRgtGB0Y8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: b3Us0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0JrQvtC90YLQtdC50L3QtdGA
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 0JTQvtCy0LXRgNC10L3QvdGL0Lkg0LTQvtC80LXQvQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQs0J7RgtC00LXQuyDRhNC+0L3QtdGC0LjQutC4LDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLNCe0YDQs9Cw0L3QuNC30LDRhtC40Y8gKNGE0L7QvdC10YLQuNC60LApLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLNCk0LDQvNC40LvQuNGPICjRhNC+0L3QtdGC0LjQutCwKSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSzQmNC80Y8gKNGE0L7QvdC10YLQuNC60LApLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLNCe0YLQvtCx0YDQsNC20LDQtdC80L7QtSDQuNC80Y8gKNC/0YDQvtC40LfQvdC+0YjQtdC90LjQtSksMCwxMDAsMA==
+extraColumns:: cG9zdGFsQ29kZSzQmNC90LTQtdC60YEsMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAg0Y3Quy4g0L/QvtGH0YLQsCwwLDEzMCww
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUs0JjQvNGPINCy0YXQvtC00LAg0L/QvtC70YzQt9C+0LLQsNGC0LXQu9GPLDAsMjAwLDA=
+extraColumns:: dGl0bGUs0JTQvtC70LbQvdC+0YHRgtGMLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyzQmtC+0L3QtdGH0L3Ri9C5INCw0LTRgNC10YEsMCwxMDAsMA==
+extraColumns:: c3Qs0KHQvtGB0YLQvtGP0L3QuNC1LDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs0JrQvtC80L3QsNGC0LAsMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQs0JjQt9C80LXQvdC10L0sMCwxMzAsMA==
+extraColumns:: c24s0KTQsNC80LjQu9C40Y8sMCwxMDAsMA==
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMLdCw0LTRgNC10YEgSW5zdGFudCBNZXNzYWdpbmcsMCwxNDAsMA==
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCzQntGB0L3QvtCy0L3QvtC5INGB0LXRgNCy0LXRgCBJbnN0YW50IE1lc3NhZ2luZywwLDE3MCww
+extraColumns:: Z2l2ZW5OYW1lLNCY0LzRjywwLDEwMCww
+extraColumns:: aG9tZU1EQizQpdGA0LDQvdC40LvQuNGJ0LUg0L/QvtGH0YLQvtCy0YvRhSDRj9GJ0LjQutC+0LIgRXhjaGFuZ2UsMCwxMDAsMA==
+extraColumns:: bWFpbE5pY2tuYW1lLNCf0YHQtdCy0LTQvtC90LjQvCBFeGNoYW5nZSwwLDE3NSww
+extraColumns:: bWFpbCzQrdC70LXQutGC0YDQvtC90L3QsNGPINC/0L7Rh9GC0LAsMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUs0J/RgNC10LQtV2luZG93cyAyMDAwINC40LzRjyDQstGF0L7QtNCwLDAsMTIwLDA=
+extraColumns:: ZGlzcGxheU5hbWUs0JLRi9Cy0L7QtNC40LzQvtC1INC40LzRjywwLDEwMCww
+extraColumns:: ZGVwYXJ0bWVudCzQntGC0LTQtdC7LDAsMTUwLDA=
+extraColumns:: YyzQodGC0YDQsNC90LAsMCwtMSww
+extraColumns:: Y29tcGFueSzQntGA0LPQsNC90LjQt9Cw0YbQuNGPLDAsMTUwLDA=
+extraColumns:: bCzQk9C+0YDQvtC0LDAsMTUwLDA=
+extraColumns:: dGVsZXBob25lTnVtYmVyLNCh0LvRg9C20LXQsdC90YvQuSDRgtC10LvQtdGE0L7QvSwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 0KHQstGP0LfRjCDRgdCw0LnRgtC+0LI=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 0JzQvtGB0YIg0YHQstGP0LfQtdC5INGB0LDQudGC0L7Qsg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 0JzQtdC20YHQsNC50YLQvtCy0YvQuSDRgtGA0LDQvdGB0L/QvtGA0YI=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 0J/QsNGA0LDQvNC10YLRgNGLINC70LjRhtC10L3Qt9C40YDQvtCy0LDQvdC40Y8g0YHQsNC50YLQsA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: 0J/QsNGA0LDQvNC10YLRgNGLINGB0LDQudGC0LA=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 0KfQu9C10L0gRlJT
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 0J/QvtC00L/QuNGB0YfQuNC6IEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 0J/QvtC00L/QuNGB0LrQsCDQvdCwIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 0KHQu9GD0LbQsdGLIFJQQw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: 0J7Rh9C10YDQtdC00YwgTVNNUQ==
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: 0J3QsNGB0YLRgNC+0LnQutCwIE1TTVE=
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUSDQv9GA0LXQtNC/0YDQuNGP0YLQuNGP
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: 0J7QsdC90L7QstC70LXQvdC90YvQuSDQv9C+0LvRjNC30L7QstCw0YLQtdC70YwgTVNNUQ==
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: 0JzQsNGA0YjRgNGD0YIgTVNNUQ==
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: 0J/QsNGA0LDQvNC10YLRgNGLIE1TTVE=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: 0J/RgdC10LLQtNC+0L3QuNC8INC+0YfQtdGA0LXQtNC4IE1TTVE=
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSzQpNC+0YDQvNCw0YI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: 0JPRgNGD0L/Qv9CwIE1TTVE=
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLNCe0YfQtdGA0LXQtNC4INGH0LvQtdC90L7Qsg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 0KHQu9GD0LbQsdCwINCy0L3QtdGI0L3QuNGFINGF0YDQsNC90LjQu9C40Yk=
+adminContextMenu:: MCwm0KPQv9GA0LDQstC70LXQvdC40LUuLi4sUnNBZG1pbi5tc2M=
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 0JrQvtC90YLQtdC50L3QtdGAINGB0LDQudGC0L7Qsg==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 0JrQvtC90YLQtdC50L3QtdGAINC80LXQttGB0LDQudGC0L7QstC+0LPQviDRgtGA0LDQvdGB0L/QvtGA0YLQsA==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 0JrQvtC90YLQtdC50L3QtdGAINC/0L7QtNGB0LXRgtC10Lk=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 0JrQvtC90YLQtdC50L3QtdGAINGB0LXRgNCy0LXRgNC+0LI=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 0KHQu9GD0LbQsdGLINC00L7QvNC10L3QvtCyIEFjdGl2ZSBEaXJlY3Rvcnk=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 0J/QvtC70LjRgtC40LrQsCDQt9Cw0L/RgNC+0YHQvtCy
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 0JDQtNC80LjQvdC40YHRgtGA0LDRgtC+0YAg0LLQvdC10YjQvdC10Lkg0LHQtdC30L7Qv9Cw0YHQvdC+0YHRgtC4
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: 0KjQsNCx0LvQvtC9INGB0LXRgNGC0LjRhNC40LrQsNGC0LA=
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LNCf0L7RgdC70LXQtNC90LjQuSDQuNC30LLQtdGB0YLQvdGL0Lkg0YDQvtC00LjRgtC10LvRjNGB0LrQuNC5INC+0LHRitC10LrRgiwxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LNCf0L7QvNC+0YnQvdC40Lo=
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+attributeDisplayNames:: YyzQodC+0LrRgNCw0YnQtdC90L3QvtC1INC+0LHQvtC30L3QsNGH0LXQvdC40LUg0YHRgtGA0LDQvdGL
+attributeDisplayNames:: Y28s0KHRgtGA0LDQvdCw
+attributeDisplayNames:: Y29tbWVudCzQmtC+0LzQvNC10L3RgtCw0YDQuNC5
+attributeDisplayNames:: Y29tcGFueSzQntGA0LPQsNC90LjQt9Cw0YbQuNGP
+attributeDisplayNames:: ZGVwYXJ0bWVudCzQntGC0LTQtdC7
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzQn9GA0Y/QvNGL0LUg0L/QvtC00YfQuNC90LXQvdC90YvQtQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs0KDQsNC30LvQuNGH0LDRjtGJ0LXQtdGB0Y8g0LjQvNGP
+attributeDisplayNames:: ZGl2aXNpb24s0J7RgtC00LXQuw==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzQmtC+0LQg0YHQvtGC0YDRg9C00L3QuNC60LA=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNCd0L7QvNC10YAg0YTQsNC60YHQsA==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizQodGD0YTRhNC40LrRgSDQv9C+0LrQvtC70LXQvdC40Y8=
+attributeDisplayNames:: Z2l2ZW5OYW1lLNCY0LzRjw==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzQlNC+0LzQsNGI0L3Rj9GPINC/0LDQv9C60LA=
+attributeDisplayNames:: aG9tZURyaXZlLNCU0LjRgdC6INC00L7QvNCw0YjQvdC10Lkg0L/QsNC/0LrQuA==
+attributeDisplayNames:: aG9tZVBob25lLNCU0L7QvNCw0YjQvdC40Lkg0YLQtdC70LXRhNC+0L0=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms0JTQvtC80LDRiNC90LjQuSDQsNC00YDQtdGB
+attributeDisplayNames:: aW5pdGlhbHMs0JjQvdC40YbQuNCw0LvRiw==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs0JzQtdC20LTRg9C90LDRgNC+0LTQvdGL0Lkg0L3QvtC80LXRgCBJU0ROICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: aXBQaG9uZSzQotC10LvQtdGE0L7QvdC90YvQuSDQvdC+0LzQtdGAIElQ
+attributeDisplayNames:: bCzQk9C+0YDQvtC0
+attributeDisplayNames:: bWFpbCzQrdC70LXQutGC0YDQvtC90L3QsNGPINC/0L7Rh9GC0LA=
+attributeDisplayNames:: bWFuYWdlcizQoNGD0LrQvtCy0L7QtNC40YLQtdC70Yw=
+attributeDisplayNames:: bWVtYmVyT2Ys0KfQu9C10L0g0LPRgNGD0L/Qvw==
+attributeDisplayNames:: bWlkZGxlTmFtZSzQodGA0LXQtNC90Y/RjyDRh9Cw0YHRgtGMINC40LzQtdC90LgsINC+0YLRh9C10YHRgtCy0L4=
+attributeDisplayNames:: bW9iaWxlLNCd0L7QvNC10YAg0YHQvtGC0L7QstC+0LPQviDRgtC10LvQtdGE0L7QvdCw
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs0J7RgtC00LXQuyDRhNC+0L3QtdGC0LjQutC4
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLNCe0YDQs9Cw0L3QuNC30LDRhtC40Y8gKNGE0L7QvdC10YLQuNC60LAp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLNCe0YLQvtCx0YDQsNC20LDQtdC80L7QtSDQuNC80Y8gKNC/0YDQvtC40LfQvdC+0YjQtdC90LjQtSk=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLNCk0LDQvNC40LvQuNGPICjRhNC+0L3QtdGC0LjQutCwKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzQmNC80Y8gKNGE0L7QvdC10YLQuNC60LAp
+attributeDisplayNames:: aW5mbyzQn9GA0LjQvNC10YfQsNC90LjRjw==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs0J3QvtC80LXRgCDRhNCw0LrRgdCwICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs0JTQvtC80LDRiNC90LjQuSDRgtC10LvQtdGE0L7QvSAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLNCi0LXQu9C10YTQvtC90L3Ri9C5INC90L7QvNC10YAgSVAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNCt0LvQtdC60YLRgNC+0L3QvdCw0Y8g0L/QvtGH0YLQsCAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUs0J3QvtC80LXRgCDRgdC+0YLQvtCy0L7Qs9C+INGC0LXQu9C10YTQvtC90LAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJQYWdlcizQndC+0LzQtdGAINC/0LXQudC00LbQtdGA0LAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs0J3QvtC80LXRgCDRgtC10LvQtdGE0L7QvdCwICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: cGFnZXIs0J3QvtC80LXRgCDQv9C10LnQtNC20LXRgNCw
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzQotC40YLRg9C7LCDQt9Cy0LDQvdC40LU=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs0JrQvtC80L3QsNGC0LA=
+attributeDisplayNames:: cG9zdGFsQ29kZSzQn9C+0YfRgtC+0LLRi9C5INC40L3QtNC10LrRgQ==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzQn9C+0YfRgtC+0LLRi9C5INGP0YnQuNC6
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNCc0LXQttC00YPQvdCw0YDQvtC00L3Ri9C5INC90L7QvNC10YAgSVNETg==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNCd0L7QvNC10YAg0YLQtdC70LXQutGB0LA=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs0JjQvNGPINCy0YXQvtC00LAgKNC/0YDQtdC0LVdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: c24s0KTQsNC80LjQu9C40Y8=
+attributeDisplayNames:: c3Qs0J7QsdC70LDRgdGC0Yw=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzQkNC00YDQtdGBLCDRg9C70LjRhtCw
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNCd0L7QvNC10YAg0YLQtdC70LXRhNC+0L3QsA==
+attributeDisplayNames:: dGVsZXhOdW1iZXIs0J3QvtC80LXRgCDRgtC10LvQtdC60YHQsCAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: dGl0bGUs0JTQvtC70LbQvdC+0YHRgtGM
+attributeDisplayNames:: dXJsLNCQ0LTRgNC10YEg0YHRgtGA0LDQvdC40YbRiyDQsiDQmNC90YLQtdGA0L3QtdGC0LUgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs0JLRi9Cy0L7QtNC40LzQvtC1INC40LzRjw==
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzQoNCw0LHQvtGH0LjQtSDRgdGC0LDQvdGG0LjQuCDQtNC70Y8g0LLRhdC+0LTQsCDQsiDRgdC40YHRgtC10LzRgw==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs0JjQvNGPINC00LvRjyDQstGF0L7QtNCw
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us0JDQtNGA0LXRgSDRgdGC0YDQsNC90LjRhtGLINCyINCY0L3RgtC10YDQvdC10YLQtQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror csoport
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvciBzem9sZ8OhbHRhdMOhcw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RmVsaGFzem7DoWzDsw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2VibGFwIGPDrW1l
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsQmVqZWxlbnRrZXrDqXNpIG7DqXY=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxCZWplbGVudGtlesOpc2kgbXVua2HDoWxsb23DoXNvaw==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTWVnamVsZW7DrXTDqXNpIG7DqXY=
+attributeDisplayNames:: dXJsLFdlYmxhcCBjw61tZSAoZWd5w6liKQ==
+attributeDisplayNames:: dGl0bGUsQmVvc3p0w6Fz
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhzesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25zesOhbQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxVdGNhbsOpdg==
+attributeDisplayNames:: c3Qsw4FsbGFtL21lZ3ll
+attributeDisplayNames:: c24sQ3NhbMOhZG7DqXY=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsQmVqZWxlbnRrZXrDqXNpIG7DqXYgKFdpbmRvd3MgMjAwMCBlbMWRdHRpIHJlbmRzemVyKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4c3rDoW0=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE5lbXpldGvDtnppIElTRE4tc3rDoW0=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0YWZpw7NrIHN6w6FtYQ==
+attributeDisplayNames:: cG9zdGFsQ29kZSxJcsOhbnnDrXTDs3N6w6Ft
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsSXJvZGEgaGVseWU=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxDw61t
+attributeDisplayNames:: cGFnZXIsU3plbcOpbHlpIGjDrXbDsyBzesOhbWE=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbnN6w6FtIChlZ3nDqWIp
+attributeDisplayNames:: b3RoZXJQYWdlcixTemVtw6lseWkgaMOtdsOzIHN6w6FtYSAoZWd5w6liKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWxzesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtbWFpbCBjw61tIChlZ3nDqWIp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25zesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsT3R0aG9uaSB0ZWxlZm9uc3rDoW0gKGVnecOpYik=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4c3rDoW0gKGVnecOpYik=
+attributeDisplayNames:: aW5mbyxNZWdqZWd5esOpc2Vr
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsT3N6dMOhbHkgbmV2ZSBmb25ldGlrdXNhbg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLE11bmthaGVseSBuZXZlIGtpZWp0dmU=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE1lZ2plbGVuw610ZW5kxZEgbsOpdiBmb25ldGlrdXNhbg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLENzYWzDoWRuw6l2IGtpZWp0dmU=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxVdMOzbsOpdiBraWVqdHZl
+attributeDisplayNames:: bW9iaWxlLE1vYmlsc3rDoW0=
+attributeDisplayNames:: bWlkZGxlTmFtZSxLw7Z6w6lwc8WRIG7DqXY=
+attributeDisplayNames:: bWVtYmVyT2YsQSBrw7Z2ZXRrZXrFkSBjc29wb3J0b2sgdGFnamE=
+attributeDisplayNames:: bWFuYWdlcixGZWxldHRlcw==
+attributeDisplayNames:: bWFpbCxFLW1haWwgY8OtbQ==
+attributeDisplayNames:: bCxWw6Fyb3M=
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9uc3rDoW0=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTmVtemV0a8O2emkgSVNETi1zesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: aW5pdGlhbHMsTW9ub2dyYW0=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsT3R0aG9uaSBjw61t
+attributeDisplayNames:: aG9tZVBob25lLE90dGhvbmkgdGVsZWZvbg==
+attributeDisplayNames:: aG9tZURyaXZlLEtlemTFkW1lZ2hhanTDsw==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxLZXpkxZFtYXBwYQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLFV0w7Nuw6l2
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixLaWVnw6lzesOtdMWRIGVsZW0=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheHN6w6Ft
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbGthbG1hem90dCBhem9ub3PDrXTDs2ph
+attributeDisplayNames:: ZGl2aXNpb24sUsOpc3psZWc=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTWVna8O8bMO2bmLDtnp0ZXTFkSBuw6l2
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxLw7Z6dmV0bGVuIGJlb3N6dG90dGFr
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPc3p0w6FseQ==
+attributeDisplayNames:: Y29tcGFueSxDw6ln
+attributeDisplayNames:: Y29tbWVudCxNZWdqZWd5esOpcw==
+attributeDisplayNames:: Y28sT3JzesOhZw==
+attributeDisplayNames:: YyxPcnN6w6FnIHLDtnZpZMOtdMOpc2U=
+attributeDisplayNames:: Y24sTsOpdg==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc3ppc3p0ZW5z
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Csoport
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2VibGFwIGPDrW1l
+attributeDisplayNames:: dXJsLFdlYmxhcCBjw61tZSAoZWd5w6liKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsQ3NvcG9ydG7DqXYgKFdpbmRvd3MgMjAwMCBlbMWRdHRpIHJlbmRzemVyKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsSXJvZGEgaGVseWU=
+attributeDisplayNames:: aW5mbyxNZWdqZWd5esOpc2Vr
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE1lZ2plbGVuw610ZW5kxZEgbsOpdiBmb25ldGlrdXNhbg==
+attributeDisplayNames:: bWVtYmVyLFRhZ29r
+attributeDisplayNames:: bWFuYWdlZEJ5LEtlemVsaQ==
+attributeDisplayNames:: bCxWw6Fyb3M=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTWVna8O8bMO2bmLDtnp0ZXTFkSBuw6l2
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: YyxPcnN6w6FnIHLDtnZpZMOtdMOpc2U=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VGFydG9tw6FueQ==
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: ZGMsTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: S2FwY3NvbGF0dGFydMOz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2VibGFwIGPDrW1l
+attributeDisplayNames:: dXJsLFdlYmxhcCBjw61tZSAoZWd5w6liKQ==
+attributeDisplayNames:: dGl0bGUsQmVvc3p0w6Fz
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhzesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25zesOhbQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxVdGNhbsOpdg==
+attributeDisplayNames:: c3Qsw4FsbGFtL21lZ3ll
+attributeDisplayNames:: c24sQ3NhbMOhZG7DqXY=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4c3rDoW0=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE5lbXpldGvDtnppIElTRE4tc3rDoW0=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0YWZpw7NrIHN6w6FtYQ==
+attributeDisplayNames:: cG9zdGFsQ29kZSxJcsOhbnnDrXTDs3N6w6Ft
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsSXJvZGEgaGVseWU=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxDw61t
+attributeDisplayNames:: cGFnZXIsU3plbcOpbHlpIGjDrXbDsyBzesOhbWE=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbnN6w6FtIChlZ3nDqWIp
+attributeDisplayNames:: b3RoZXJQYWdlcixTemVtw6lseWkgaMOtdsOzIHN6w6FtYSAoZWd5w6liKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWxzesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtbWFpbCBjw61tIChlZ3nDqWIp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25zesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsT3R0aG9uaSB0ZWxlZm9uc3rDoW0gKGVnecOpYik=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4c3rDoW0gKGVnecOpYik=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsT3N6dMOhbHkgbmV2ZSBmb25ldGlrdXNhbg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLE11bmthaGVseSBuZXZlIGtpZWp0dmU=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE1lZ2plbGVuw610ZW5kxZEgbsOpdiBmb25ldGlrdXNhbg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLENzYWzDoWRuw6l2IGtpZWp0dmU=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxVdMOzbsOpdiBraWVqdHZl
+attributeDisplayNames:: bW9iaWxlLE1vYmlsc3rDoW0=
+attributeDisplayNames:: bWlkZGxlTmFtZSxLw7Z6w6lwc8WRIG7DqXY=
+attributeDisplayNames:: bWVtYmVyT2YsQSBrw7Z2ZXRrZXrFkSBjc29wb3J0b2sgdGFnamE=
+attributeDisplayNames:: bWFuYWdlcixGZWxldHRlcw==
+attributeDisplayNames:: bWFpbCxFLW1haWwgY8OtbQ==
+attributeDisplayNames:: bCxWw6Fyb3M=
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9uc3rDoW0=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTmVtemV0a8O2emkgSVNETi1zesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: aW5mbyxNZWdqZWd5esOpc2Vr
+attributeDisplayNames:: aW5pdGlhbHMsTW9ub2dyYW0=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsT3R0aG9uaSBjw61t
+attributeDisplayNames:: aG9tZVBob25lLE90dGhvbmkgdGVsZWZvbg==
+attributeDisplayNames:: Z2l2ZW5OYW1lLFV0w7Nuw6l2
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixLaWVnw6lzesOtdMWRIGVsZW0=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheHN6w6Ft
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbGthbG1hem90dCBhem9ub3PDrXTDs2ph
+attributeDisplayNames:: ZGl2aXNpb24sUsOpc3psZWc=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTWVna8O8bMO2bmLDtnp0ZXTFkSBuw6l2
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTWVnamVsZW7DrXTDqXNpIG7DqXY=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxLw7Z6dmV0bGVuIGJlb3N6dG90dGFr
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPc3p0w6FseQ==
+attributeDisplayNames:: Y29tcGFueSxDw6ln
+attributeDisplayNames:: Y29tbWVudCxNZWdqZWd5esOpcw==
+attributeDisplayNames:: Y24sTsOpdg==
+attributeDisplayNames:: Y28sT3JzesOhZw==
+attributeDisplayNames:: YyxPcnN6w6FnIHLDtnZpZMOtdMOpc2U=
+attributeDisplayNames:: YXNzaXN0YW50LEFzc3ppc3p0ZW5z
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VGFydG9tw6FueWkgaMOhemlyZW5k
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: SGVseWkgaMOhemlyZW5k
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Megosztott mappa
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxIw6Fsw7N6YXRpIGVsw6lyw6lzaSDDunQ=
+attributeDisplayNames:: a2V5d29yZHMsS3VsY3NzemF2YWs=
+attributeDisplayNames:: bWFuYWdlZEJ5LEtlemVsaQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U3pvbGfDoWx0YXTDoXM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U3rDoW3DrXTDs2fDqXA=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE1lZ2plbGVuw610ZW5kxZEgbsOpdiBmb25ldGlrdXNhbg==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsU3rDoW3DrXTDs2fDqXBuw6l2IChXaW5kb3dzIDIwMDAgZWzFkXR0aSByZW5kc3plcik=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixBeiBvcGVyw6FjacOzcyByZW5kc3plciB2ZXJ6acOzamE=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLE9wZXLDoWNpw7NzIHJlbmRzemVy
+attributeDisplayNames:: bWFuYWdlZEJ5LEtlemVsaQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: TnlvbXRhdMOz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixPYmpla3R1bSB2ZXJ6acOzamE=
+attributeDisplayNames:: dXJsLFdlYmxhcCBjw61tZQ==
+attributeDisplayNames:: c2VydmVyTmFtZSxLaXN6b2xnw6Fsw7MgbmV2ZQ==
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxGxbF6w6lzIHTDoW1vZ2F0w6FzYQ==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTWVnb3N6dMOhcyBuZXZl
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxQZXJjZW5rw6ludGkgb2xkYWxzesOhbQ==
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxTZWJlc3PDqWcgZWd5c8OpZ2U=
+attributeDisplayNames:: cHJpbnRSYXRlLFNlYmVzc8OpZw==
+attributeDisplayNames:: cHJpbnRPd25lcixUdWxhamRvbm9zIG5ldmU=
+attributeDisplayNames:: cHJpbnRNZW1vcnksVGVsZXDDrXRldHQgbWVtw7NyaWE=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxUw6Ftb2dhdG90dCBwYXDDrXJ0w61wdXNvaw==
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFJlbmRlbGtlesOpc3JlIMOhbGzDsyBwYXDDrXI=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLE1heGltw6FsaXMgZmVsYm9udMOhcw==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxOeW9tdGF0w7MgbnllbHZl
+attributeDisplayNames:: cHJpbnRlck5hbWUsTsOpdg==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsS8OpdG9sZGFsYXMgbnlvbXRhdMOhcyB0w6Ftb2dhdMOhc2E=
+attributeDisplayNames:: cHJpbnRDb2xvcixTesOtbmVzIG55b210YXTDoXMgdMOhbW9nYXTDoXNh
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFN6w6l0dsOhbG9nYXTDoXMgdMOhbW9nYXTDoXNh
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxCZW1lbmV0aSB0w6FsY8Ohaw==
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydA==
+attributeDisplayNames:: bG9jYXRpb24sSGVseQ==
+attributeDisplayNames:: ZHJpdmVyTmFtZSxUw61wdXM=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTWVnamVneXrDqXM=
+attributeDisplayNames:: Y29udGFjdE5hbWUsS2FwY3NvbGF0dGFydMOz
+attributeDisplayNames:: YXNzZXROdW1iZXIsRXN6a8O2eiBzesOhbWE=
+attributeDisplayNames:: dU5DTmFtZSxIw6Fsw7N6YXRuw6l2
+attributeDisplayNames:: Y24sQ8OtbXTDoXJzem9sZ8OhbHRhdMOhcyBuZXZl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Hely
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: S2lzem9sZ8OhbMOz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: QmXDoWxsw610w6Fz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RsOhamxyZXBsaWvDoWNpw7NzIHN6b2xnw6FsdGF0w6FzIGJlw6FsbMOtdMOhc2Fp
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RsOhamxyZXBsaWvDoWNpw7NzIHN6b2xnw6FsdGF0w6FzIHJlcGxpa2Frw6lzemxldGU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: VGFydG9tw6FueXZlesOpcmzFkSBiZcOhbGzDrXTDoXNhaQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Kapcsolat
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: QWxow6Fsw7N6YXQ=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U3plcnZlemV0aSBlZ3lzw6ln
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LEtlemVsaQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: b3UsTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VMOhcm9sw7M=
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: TWVnYsOtemhhdMOzIHRhcnRvbcOhbnk=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQsT3N6dMOhbHkgbmV2ZSBmb25ldGlrdXNhbiwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLE11bmthaGVseSBuZXZlIGtpZWp0dmUsMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLENzYWzDoWRuw6l2IGtpZWp0dmUsMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSxVdMOzbsOpdiBraWVqdHZlLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE1lZ2plbGVuw610ZW5kxZEgbsOpdiBmb25ldGlrdXNhbiwwLDEwMCww
+extraColumns:: cG9zdGFsQ29kZSxJcsOhbnnDrXTDs3N6w6FtLDAsMTAwLDA=
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAgZS1tYWlsIGPDrW0sMCwxMzAsMA==
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsQmVqZWxlbnRrZXrDqXNpIG7DqXYsMCwyMDAsMA==
+extraColumns:: dGl0bGUsQmVvc3p0w6FzLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyxDw6lsIGPDrW1lLDAsMTAwLDA=
+extraColumns:: c3Qsw4FsbGFwb3QsMCwxMDAsMA==
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsSXJvZGEsMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQsTcOzZG9zw610w6FzLDAsMTMwLDA=
+extraColumns:: c24sQ3NhbMOhZG7DqXYsMCwxMDAsMA==
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsSW5zdGFudCBNZXNzYWdpbmcgVVJMLWplLDAsMTQwLDA=
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxJbnN0YW50IE1lc3NhZ2luZyBraXN6b2xnw6Fsw7NqYSwwLDE3MCww
+extraColumns:: Z2l2ZW5OYW1lLFV0w7Nuw6l2LDAsMTAwLDA=
+extraColumns:: aG9tZU1EQixFeGNoYW5nZSBwb3N0YWZpw7NrLXTDoXJvbMOzLDAsMTAwLDA=
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlIGFsaWFzLDAsMTc1LDA=
+extraColumns:: bWFpbCxFLW1haWwgY8OtbSwwLDEwMCww
+extraColumns:: c0FNQWNjb3VudE5hbWUsQmVqZWxlbnRrZXrDqXNpIG7DqXYgKFdpbmRvd3MgMjAwMCBlbMWRdHRpIHJlbmRzemVyKSwwLDEyMCww
+extraColumns:: ZGlzcGxheU5hbWUsTWVnamVsZW7DrXTDqXNpIG7DqXYsMCwxMDAsMA==
+extraColumns:: ZGVwYXJ0bWVudCxPc3p0w6FseSwwLDE1MCww
+extraColumns:: YyxPcnN6w6FnLDAsLTEsMA==
+extraColumns:: Y29tcGFueSxDw6lnLDAsMTUwLDA=
+extraColumns:: bCxWw6Fyb3MsMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLE11bmthaGVseWkgdGVsZWZvbnN6w6FtLDAsMTAwLDA=
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Helykapcsolat
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: SGVseWthcGNzb2xhdGkgaMOtZA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: SGVseWvDtnppIMOhdHZpdGVs
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: TGljZW5jZWzDqXNpIGhlbHkgYmXDoWxsw610w6FzYWk=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: SGVseSBiZcOhbGzDrXTDoXNhaQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RsOhamxyZXBsaWvDoWNpw7NzIHN6b2xnw6FsdGF0w6FzIHRhZ2ph
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RsOhamxyZXBsaWvDoWNpw7NzIHN6b2xnw6FsdGF0w6FzIGVsxZFmaXpldMWRamU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RsOhamxyZXBsaWvDoWNpw7NzIHN6b2xnw6FsdGF0w6FzIGVsxZFmaXpldMOpc2Vp
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: VMOhdm9saSBlbGrDoXLDoXNow612w6FzaSBzem9sZ8OhbHRhdMOhc29r
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUS12w6Fyw7NsaXN0YQ==
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSAtIGtvbmZpZ3Vyw6FjacOz
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUSAtIHbDoWxsYWxhdA==
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUSAtIGZyaXNzw610ZXR0IGZlbGhhc3puw6Fsw7M=
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSAtIMO6dHbDoWxhc3p0w6FzaSBrYXBjc29sYXQ=
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSAtIGJlw6FsbMOtdMOhc29r
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUSAtIHbDoXLDs2xpc3RhIGFsaWFzYQ==
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSxGb3Jtw6F0dW1uw6l2
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: MSMQ - csoport
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLFRhZ3bDoXLDs2xpc3TDoWs=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: VMOhdnTDoXJvbMOzIHN6b2xnw6FsdGF0w6Fz
+adminContextMenu:: MCwmS2V6ZWzDqXMuLi4sUnNBZG1pbi5tc2M=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: SGVseWVrIHTDoXJvbMOzamE=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: SGVseWvDtnppIMOhdHZpdGVsIHTDoXJvbMOzamE=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWxow6Fsw7N6YXRvayB0w6Fyb2zDs2ph
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: S2lzem9sZ8OhbMOzayB0w6Fyb2zDs2ph
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeSBUYXJ0b23DoW55aSBzem9sZ8OhbHRhdMOhcw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: TGVrw6lyZGV6w6lzaSBzemFiw6FseW9r
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: SWRlZ2VuIHJlbmRzemVyYml6dG9uc8OhZ2kgdGFn
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: VGFuw7pzw610dsOhbnlzYWJsb24=
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LFV0b2xzw7MgaXNtZXJ0IHN6w7xsxZEsMSwzMDAsMA==
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzc3ppc3p0ZW5z
+attributeDisplayNames:: Y24sTsOpdg==
+attributeDisplayNames:: YyxPcnN6w6FnIHLDtnZpZMOtdMOpc2U=
+attributeDisplayNames:: Y28sT3JzesOhZw==
+attributeDisplayNames:: Y29tbWVudCxNZWdqZWd5esOpcw==
+attributeDisplayNames:: Y29tcGFueSxDw6ln
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPc3p0w6FseQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxLw7Z6dmV0bGVuIGJlb3N6dG90dGFr
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTWVna8O8bMO2bmLDtnp0ZXTFkSBuw6l2
+attributeDisplayNames:: ZGl2aXNpb24sUsOpc3psZWc=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbGthbG1hem90dCBhem9ub3PDrXTDs2ph
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheHN6w6Ft
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixLaWVnw6lzesOtdMWRIGVsZW0=
+attributeDisplayNames:: Z2l2ZW5OYW1lLFV0w7Nuw6l2
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxLZXpkxZFtYXBwYQ==
+attributeDisplayNames:: aG9tZURyaXZlLEtlemTFkW1lZ2hhanTDsw==
+attributeDisplayNames:: aG9tZVBob25lLE90dGhvbmkgdGVsZWZvbg==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsT3R0aG9uaSBjw61t
+attributeDisplayNames:: aW5pdGlhbHMsTW9ub2dyYW0=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTmVtemV0a8O2emkgSVNETi1zesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9uc3rDoW0=
+attributeDisplayNames:: bCxWw6Fyb3M=
+attributeDisplayNames:: bWFpbCxFLW1haWwgY8OtbQ==
+attributeDisplayNames:: bWFuYWdlcixGZWxldHRlcw==
+attributeDisplayNames:: bWVtYmVyT2YsQSBrw7Z2ZXRrZXrFkSBjc29wb3J0b2sgdGFnamE=
+attributeDisplayNames:: bWlkZGxlTmFtZSxLw7Z6w6lwc8WRIG7DqXY=
+attributeDisplayNames:: bW9iaWxlLE1vYmlsc3rDoW0=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsT3N6dMOhbHkgbmV2ZSBmb25ldGlrdXNhbg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLE11bmthaGVseSBuZXZlIGtpZWp0dmU=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE1lZ2plbGVuw610ZW5kxZEgbsOpdiBmb25ldGlrdXNhbg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLENzYWzDoWRuw6l2IGtpZWp0dmU=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxVdMOzbsOpdiBraWVqdHZl
+attributeDisplayNames:: aW5mbyxNZWdqZWd5esOpc2Vr
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4c3rDoW0gKGVnecOpYik=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsT3R0aG9uaSB0ZWxlZm9uc3rDoW0gKGVnecOpYik=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25zesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtbWFpbCBjw61tIChlZ3nDqWIp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWxzesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixTemVtw6lseWkgaMOtdsOzIHN6w6FtYSAoZWd5w6liKQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbnN6w6FtIChlZ3nDqWIp
+attributeDisplayNames:: cGFnZXIsU3plbcOpbHlpIGjDrXbDsyBzesOhbWE=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxDw61t
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsSXJvZGEgaGVseWU=
+attributeDisplayNames:: cG9zdGFsQ29kZSxJcsOhbnnDrXTDs3N6w6Ft
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0YWZpw7NrIHN6w6FtYQ==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE5lbXpldGvDtnppIElTRE4tc3rDoW0=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4c3rDoW0=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsQmVqZWxlbnRrZXrDqXNpIG7DqXYgKFdpbmRvd3MgMjAwMCBlbMWRdHRpIHJlbmRzemVyKQ==
+attributeDisplayNames:: c24sQ3NhbMOhZG7DqXY=
+attributeDisplayNames:: c3Qsw4FsbGFtL21lZ3ll
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxVdGNhbsOpdg==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25zesOhbQ==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhzesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: dGl0bGUsQmVvc3p0w6Fz
+attributeDisplayNames:: dXJsLFdlYmxhcCBjw61tZSAoZWd5w6liKQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTWVnamVsZW7DrXTDqXNpIG7DqXY=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxCZWplbGVudGtlesOpc2kgbXVua2HDoWxsb23DoXNvaw==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsQmVqZWxlbnRrZXrDqXNpIG7DqXY=
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2VibGFwIGPDrW1l
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: 2YXYrNmF2YjYudipIEludGVsbGlNaXJyb3I=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: 2K7Yr9mF2KkgSW50ZWxsaU1pcnJvcg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfZhNmF2LPYqtiu2K/ZhQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us2LnZhtmI2KfZhiDYtdmB2K3YqSDZiNmK2Kg=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs2KfYs9mFINiq2LPYrNmK2YQg2KfZhNiv2K7ZiNmE
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzZhdit2LfYp9iqINiq2LPYrNmK2YQg2KfZhNiv2K7ZiNmE
+attributeDisplayNames:: ZGlzcGxheU5hbWUs2KfYs9mFINin2YTYudix2LY=
+attributeDisplayNames:: dXJsLNi52YbZiNin2YYg2LXZgdit2Kkg2YjZitioICjYotiu2LEp
+attributeDisplayNames:: dGl0bGUs2KfZhNmF2LPZhdmJINin2YTZiNi42YrZgdmK
+attributeDisplayNames:: dGVsZXhOdW1iZXIs2LHZgtmFINin2YTYqtmE2YrZg9izICjYotiu2LEp
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNix2YLZhSDYp9mE2YfYp9iq2YE=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzYp9mE2LnZhtmI2KfZhg==
+attributeDisplayNames:: c3Qs2KfZhNmI2YTYp9mK2Kkv2KfZhNmF2YLYp9i32LnYqQ==
+attributeDisplayNames:: c24s2KfYs9mFINin2YTYudin2KbZhNip
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs2KfYs9mFINiq2LPYrNmK2YQg2KfZhNiv2K7ZiNmEICjZhdinINmC2KjZhCBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNix2YLZhSDYp9mE2KrZhNmK2YPYsw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNix2YLZhSBJU0ROINin2YTYr9mI2YTZig==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzYtdmG2K/ZiNmCINin2YTYqNix2YrYrw==
+attributeDisplayNames:: cG9zdGFsQ29kZSzYp9mE2LHZhdiyINin2YTYqNix2YrYr9mK
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs2YXZiNmC2Lkg2KfZhNmF2YPYqtio
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzYp9mE2YTZgtio
+attributeDisplayNames:: cGFnZXIs2LHZgtmFINin2YTZhtiv2ZHYp9ih
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs2LHZgtmFINin2YTZh9in2KrZgSAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcizYsdmC2YUg2KfZhNmG2K/Zkdin2KEgKNii2K7YsSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs2LHZgtmFINin2YTZh9in2KrZgSDYp9mE2KzZiNmR2KfZhCAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNi52YbZiNin2YYg2KfZhNio2LHZitivINin2YTYpdmE2YPYqtix2YjZhtmKICjYotiu2LEp
+attributeDisplayNames:: b3RoZXJJcFBob25lLNi52YbZiNin2YYg2YfYp9iq2YEgSVAgKNii2K7YsSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs2LHZgtmFINmH2KfYqtmBINin2YTZhdmG2LLZhCAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs2LHZgtmFINin2YTZgdin2YPYsyAo2KLYrtixKQ==
+attributeDisplayNames:: aW5mbyzZhdmE2KfYrdi42KfYqg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs2KfZhNmC2LPZhSDYp9mE2LXZiNiq2Yo=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLNin2LPZhSDYp9mE2LTYsdmD2Kkg2KfZhNi12YjYqtmK
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLNin2LPZhSDYp9mE2LnYsdi2INin2YTYtdmI2KrZig==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLNin2LPZhSDYp9mE2LnYp9im2YTYqSDYp9mE2LXZiNiq2Yo=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzYp9mE2KfYs9mFINin2YTYo9mI2YQg2KfZhNi12YjYqtmK
+attributeDisplayNames:: bW9iaWxlLNix2YLZhSDYp9mE2YfYp9iq2YEg2KfZhNis2YjZkdin2YQ=
+attributeDisplayNames:: bWlkZGxlTmFtZSzYp9mE2KfYs9mFINin2YTYo9mI2LPYtw==
+attributeDisplayNames:: bWVtYmVyT2Ys2LnYttmIINmB2Yo=
+attributeDisplayNames:: bWFuYWdlcizYp9mE2YXYr9mK2LE=
+attributeDisplayNames:: bWFpbCzYudmG2YjYp9mGINin2YTYqNix2YrYryDYp9mE2KXZhNmD2KrYsdmI2YbZig==
+attributeDisplayNames:: bCzYp9mE2YXYr9mK2YbYqQ==
+attributeDisplayNames:: aXBQaG9uZSzYsdmC2YUg2YfYp9iq2YEgSVA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs2LHZgtmFIElTRE4g2KfZhNiv2YjZhNmKICjYotiu2LEp
+attributeDisplayNames:: aW5pdGlhbHMs2KfZhNij2K3YsdmBINin2YTYo9mI2YTZiSDZhdmGINin2YTYo9iz2YXYp9ih
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms2LnZhtmI2KfZhiDYp9mE2YXZhtiy2YQ=
+attributeDisplayNames:: aG9tZVBob25lLNmH2KfYqtmBINin2YTZhdmG2LLZhA==
+attributeDisplayNames:: aG9tZURyaXZlLNmF2K3YsdmDINin2YTYo9mC2LHYp9i1INin2YTYsdim2YrYs9mK
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzYp9mE2K/ZhNmK2YQg2KfZhNix2KbZitiz2Yo=
+attributeDisplayNames:: Z2l2ZW5OYW1lLNin2YTYp9iz2YUg2KfZhNij2YjZhA==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizZhNin2K3ZgtipINin2YTYp9iz2YU=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNix2YLZhSDYp9mE2YHYp9mD2LM=
+attributeDisplayNames:: ZW1wbG95ZWVJRCzYp9mE2LHZgtmFINin2YTZhdi52LHZgSDZhNmE2YXZiNi42YE=
+attributeDisplayNames:: ZGl2aXNpb24s2KfZhNmB2LHYuQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs2KfZhNin2LPZhSDYp9mE2YXZhdmK2LI=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzYp9mE2KrZgtin2LHZitixINin2YTZhdio2KfYtNix2Kk=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCzYp9mE2YLYs9mF
+attributeDisplayNames:: Y29tcGFueSzYp9mE2LTYsdmD2Kk=
+attributeDisplayNames:: Y29tbWVudCzYp9mE2KrYudmE2YrZgg==
+attributeDisplayNames:: Y28s2KfZhNio2YTYrw==
+attributeDisplayNames:: YyzYp9iu2KrYtdin2LEg2KfZhNio2YTYrw==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+attributeDisplayNames:: YXNzaXN0YW50LNin2YTZhdiz2KfYudiv
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2YXYrNmF2YjYudip
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us2LnZhtmI2KfZhiDYtdmB2K3YqSDZiNmK2Kg=
+attributeDisplayNames:: dXJsLNi52YbZiNin2YYg2LXZgdit2Kkg2YjZitioICjYotiu2LEp
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs2KfYs9mFINin2YTZhdis2YXZiNi52KkgKNmF2Kcg2YLYqNmEIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs2YXZiNmC2Lkg2KfZhNmF2YPYqtio
+attributeDisplayNames:: aW5mbyzZhdmE2KfYrdi42KfYqg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLNin2LPZhSDYp9mE2LnYsdi2INin2YTYtdmI2KrZig==
+attributeDisplayNames:: bWVtYmVyLNin2YTYo9i52LbYp9ih
+attributeDisplayNames:: bWFuYWdlZEJ5LNmK2KrZhSDYpdiv2KfYsdiq2Ycg2YXZhiDZgtio2YQ=
+attributeDisplayNames:: bCzYp9mE2YXYr9mK2YbYqQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs2KfZhNin2LPZhSDYp9mE2YXZhdmK2LI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: YyzYp9iu2KrYtdin2LEg2KfZhNio2YTYrw==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfZhNmF2KzYp9mE
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: ZGMs2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfYqti12KfZhA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us2LnZhtmI2KfZhiDYtdmB2K3YqSDZiNmK2Kg=
+attributeDisplayNames:: dXJsLNi52YbZiNin2YYg2LXZgdit2Kkg2YjZitioICjYotiu2LEp
+attributeDisplayNames:: dGl0bGUs2KfZhNmF2LPZhdmJINin2YTZiNi42YrZgdmK
+attributeDisplayNames:: dGVsZXhOdW1iZXIs2LHZgtmFINin2YTYqtmE2YrZg9izICjYotiu2LEp
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNix2YLZhSDYp9mE2YfYp9iq2YE=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzYp9mE2LnZhtmI2KfZhg==
+attributeDisplayNames:: c3Qs2KfZhNmI2YTYp9mK2Kkv2KfZhNmF2YLYp9i32LnYqQ==
+attributeDisplayNames:: c24s2KfYs9mFINin2YTYudin2KbZhNip
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNix2YLZhSDYp9mE2KrZhNmK2YPYsw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNix2YLZhSBJU0ROINin2YTYr9mI2YTZig==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzYtdmG2K/ZiNmCINin2YTYqNix2YrYrw==
+attributeDisplayNames:: cG9zdGFsQ29kZSzYp9mE2LHZhdiyINin2YTYqNix2YrYr9mK
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs2YXZiNmC2Lkg2KfZhNmF2YPYqtio
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzYp9mE2YTZgtio
+attributeDisplayNames:: cGFnZXIs2LHZgtmFINin2YTZhtiv2ZHYp9ih
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs2LHZgtmFINin2YTZh9in2KrZgSAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcizYsdmC2YUg2KfZhNmG2K/Zkdin2KEgKNii2K7YsSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs2LHZgtmFINin2YTZh9in2KrZgSDYp9mE2KzZiNmR2KfZhCAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNi52YbZiNin2YYg2KfZhNio2LHZitivINin2YTYpdmE2YPYqtix2YjZhtmKICjYotiu2LEp
+attributeDisplayNames:: b3RoZXJJcFBob25lLNi52YbZiNin2YYg2YfYp9iq2YEgSVAgKNii2K7YsSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs2LHZgtmFINmH2KfYqtmBINin2YTZhdmG2LLZhCAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs2LHZgtmFINin2YTZgdin2YPYsyAo2KLYrtixKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs2KfZhNmC2LPZhSDYp9mE2LXZiNiq2Yo=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLNin2LPZhSDYp9mE2LTYsdmD2Kkg2KfZhNi12YjYqtmK
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLNin2LPZhSDYp9mE2LnYsdi2INin2YTYtdmI2KrZig==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLNin2LPZhSDYp9mE2LnYp9im2YTYqSDYp9mE2LXZiNiq2Yo=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzYp9mE2KfYs9mFINin2YTYo9mI2YQg2KfZhNi12YjYqtmK
+attributeDisplayNames:: bW9iaWxlLNix2YLZhSDYp9mE2YfYp9iq2YEg2KfZhNis2YjZkdin2YQ=
+attributeDisplayNames:: bWlkZGxlTmFtZSzYp9mE2KfYs9mFINin2YTYo9mI2LPYtw==
+attributeDisplayNames:: bWVtYmVyT2Ys2LnYttmIINmB2Yo=
+attributeDisplayNames:: bWFuYWdlcizYp9mE2YXYr9mK2LE=
+attributeDisplayNames:: bWFpbCzYudmG2YjYp9mGINin2YTYqNix2YrYryDYp9mE2KXZhNmD2KrYsdmI2YbZig==
+attributeDisplayNames:: bCzYp9mE2YXYr9mK2YbYqQ==
+attributeDisplayNames:: aXBQaG9uZSzYsdmC2YUg2YfYp9iq2YEgSVA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs2LHZgtmFIElTRE4g2KfZhNiv2YjZhNmKICjYotiu2LEp
+attributeDisplayNames:: aW5mbyzZhdmE2KfYrdi42KfYqg==
+attributeDisplayNames:: aW5pdGlhbHMs2KfZhNij2K3YsdmBINin2YTYo9mI2YTZiSDZhdmGINin2YTYo9iz2YXYp9ih
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms2LnZhtmI2KfZhiDYp9mE2YXZhtiy2YQ=
+attributeDisplayNames:: aG9tZVBob25lLNmH2KfYqtmBINin2YTZhdmG2LLZhA==
+attributeDisplayNames:: Z2l2ZW5OYW1lLNin2YTYp9iz2YUg2KfZhNij2YjZhA==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizZhNin2K3ZgtipINin2YTYp9iz2YU=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNix2YLZhSDYp9mE2YHYp9mD2LM=
+attributeDisplayNames:: ZW1wbG95ZWVJRCzYp9mE2LHZgtmFINin2YTZhdi52LHZgSDZhNmE2YXZiNi42YE=
+attributeDisplayNames:: ZGl2aXNpb24s2KfZhNmB2LHYuQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs2KfZhNin2LPZhSDYp9mE2YXZhdmK2LI=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs2KfYs9mFINin2YTYudix2LY=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzYp9mE2KrZgtin2LHZitixINin2YTZhdio2KfYtNix2Kk=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCzYp9mE2YLYs9mF
+attributeDisplayNames:: Y29tcGFueSzYp9mE2LTYsdmD2Kk=
+attributeDisplayNames:: Y29tbWVudCzYp9mE2KrYudmE2YrZgg==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+attributeDisplayNames:: Y28s2KfZhNio2YTYrw==
+attributeDisplayNames:: YyzYp9iu2KrYtdin2LEg2KfZhNio2YTYrw==
+attributeDisplayNames:: YXNzaXN0YW50LNin2YTZhdiz2KfYudiv
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2YbZh9isINin2YTZhdis2KfZhA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfZhNmG2YfYrCDYp9mE2YXYrdmE2Yo=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfZhNmF2KzZhNivINin2YTZhdi02KrYsdmD
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSzZhdiz2KfYsSDYtNio2YPYqSDYp9mE2KfYqti12KfZhA==
+attributeDisplayNames:: a2V5d29yZHMs2KfZhNmD2YTZhdin2Kog2KfZhNij2LPYp9iz2YrYqQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LNmK2KrZhSDYpdiv2KfYsdiq2Ycg2YXZhiDZgtio2YQ=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfZhNiu2K/Zhdip
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfZhNmD2YXYqNmK2YjYqtix
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLNin2LPZhSDYp9mE2LnYsdi2INin2YTYtdmI2KrZig==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs2KfYs9mFINin2YTZg9mF2KjZitmI2KrYsSAo2YXYpyDZgtio2YQgV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizYpdi12K/Yp9ixINmG2LjYp9mFINin2YTYqti02LrZitmE
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLNmG2LjYp9mFINin2YTYqti02LrZitmE
+attributeDisplayNames:: bWFuYWdlZEJ5LNmK2KrZhSDYpdiv2KfYsdiq2Ycg2YXZhiDZgtio2YQ=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfZhNi32KfYqNi52Kk=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcizYpdi12K/Yp9ixINin2YTZg9in2KbZhg==
+attributeDisplayNames:: dXJsLNi52YbZiNin2YYg2LXZgdit2Kkg2YjZitio
+attributeDisplayNames:: c2VydmVyTmFtZSzYp9iz2YUg2KfZhNmF2YTZgtmF
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzYqtiv2LnZhSDYp9mE2KrYr9io2YrYsw==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUs2KfYs9mFINin2YTZhdi02KfYsdmD2Kk=
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzYtdmB2K3YqSDYqNin2YTYr9mC2YrZgtip
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzZiNit2K/Yp9iqINin2YTYs9ix2LnYqQ==
+attributeDisplayNames:: cHJpbnRSYXRlLNin2YTYs9ix2LnYqQ==
+attributeDisplayNames:: cHJpbnRPd25lcizYp9iz2YUg2KfZhNmF2KfZhNmD
+attributeDisplayNames:: cHJpbnRNZW1vcnks2KfZhNiw2KfZg9ix2Kkg2KfZhNmF2KvYqNiq2Kk=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzYo9mG2YjYp9i5INin2YTZiNix2YIg2KfZhNmF2LnYqtmF2K/YqQ==
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LNin2YTZiNix2YIg2KfZhNmF2KrZiNmB2LE=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLNin2YTYrdivINin2YTYo9mC2LXZiSDZhNmE2K/Zgtip
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSzZhNi62Kkg2KfZhNi32KfYqNi52Kk=
+attributeDisplayNames:: cHJpbnRlck5hbWUs2KfZhNin2LPZhQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQs2KrYr9i52YUg2KfZhNi32KjYp9i52Kkg2LnZhNmJINin2YTZiNis2YfZitmG
+attributeDisplayNames:: cHJpbnRDb2xvcizYqtiv2LnZhSDYp9mE2LfYqNin2LnYqSDYqNin2YTYo9mE2YjYp9mG
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLNiq2K/YudmFINiq2LHYqtmK2Kgg2KfZhNmG2LPYrg==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzYudmE2Kgg2KfZhNil2K/Yrtin2YQ=
+attributeDisplayNames:: cG9ydE5hbWUs2KfZhNmF2YbZgdiw
+attributeDisplayNames:: bG9jYXRpb24s2KfZhNmF2YjZgti5
+attributeDisplayNames:: ZHJpdmVyTmFtZSzYp9mE2LfYsdin2LI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNiq2LnZhNmK2YI=
+attributeDisplayNames:: Y29udGFjdE5hbWUs2KfYqti12KfZhA==
+attributeDisplayNames:: YXNzZXROdW1iZXIs2LHZgtmFINin2YTYo9i12YQ=
+attributeDisplayNames:: dU5DTmFtZSzYp9iz2YUg2LTYqNmD2Kkg2KfZhNin2KrYtdin2YQ=
+attributeDisplayNames:: Y24s2KfYs9mFINiu2K/ZhdipINin2YTYr9mE2YrZhA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 2KfZhNmF2YjZgti5
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 2KfZhNmF2YTZgtmF
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 2KXYudiv2KfYr9in2Ko=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 2KXYudiv2KfYr9in2KogRlJT
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 2YXYrNmF2YjYudipINin2YTZhtiz2K4g2KfZhNmF2KrZhdin2KvZhNipINmE2YAgRlJT
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 2KXYudiv2KfYr9in2Kog2YjYrdiv2Kkg2KrYrdmD2YUg2KfZhNmF2KzYp9mE
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 2KfZhNin2KrYtdin2YQ=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 2KfZhNi02KjZg9ipINin2YTZgdix2LnZitip
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfZhNmI2K3Yr9ipINin2YTYqtmG2LjZitmF2YrYqQ==
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LNmK2KrZhSDYpdiv2KfYsdiq2Ycg2YXZhiDZgtio2YQ=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: b3Us2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfZhNit2KfZiNmK2Kk=
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 2KfZhNmF2KzYp9mEINin2YTZhdmI2KvZiNmC
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQs2KfZhNmC2LPZhSDYp9mE2LXZiNiq2YosMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLNin2LPZhSDYp9mE2LTYsdmD2Kkg2KfZhNi12YjYqtmKLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLNin2LPZhSDYp9mE2LnYp9im2YTYqSDYp9mE2LXZiNiq2YosMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSzYp9mE2KfYs9mFINin2YTYo9mI2YQg2KfZhNi12YjYqtmKLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLNin2LPZhSDYp9mE2LnYsdi2INin2YTYtdmI2KrZiiwwLDEwMCww
+extraColumns:: cG9zdGFsQ29kZSzYsdmF2LIg2KjYsdmK2K/ZiiwwLDEwMCww
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3Ms2LnZhtmI2KfZhiDYp9mE2KjYsdmK2K8g2KfZhNil2YTZg9iq2LHZiNmG2YogWC40MDAsMCwxMzAsMA==
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUs4oCP4oCP2KfYs9mFINiq2LPYrNmK2YQg2K/YrtmI2YQg2KfZhNmF2LPYqtiu2K/ZhSwwLDIwMCww
+extraColumns:: dGl0bGUs2KfZhNmF2LPZhdmJINin2YTZiNi42YrZgdmKLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyzYp9mE2LnZhtmI2KfZhiDYp9mE2YfYr9mBLDAsMTAwLDA=
+extraColumns:: c3Qs2KfZhNmI2YTYp9mK2KksMCwxMDAsMA==
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs2KfZhNmF2YPYqtioLDAsMTAwLDA=
+extraColumns:: d2hlbkNoYW5nZWQs2KrZhSDYqti52K/ZitmE2YcsMCwxMzAsMA==
+extraColumns:: c24s2KfYs9mFINin2YTYudin2KbZhNipLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMINin2YTYsdiz2KfYptmEINin2YTZgdmI2LHZitipLDAsMTQwLDA=
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCzYp9mE2YXZhNmC2YUg2KfZhNix2KbZitiz2Yog2YTZhNix2LPYp9im2YQg2KfZhNmB2YjYsdmK2KksMCwxNzAsMA==
+extraColumns:: Z2l2ZW5OYW1lLNin2YTYp9iz2YUg2KfZhNij2YjZhCwwLDEwMCww
+extraColumns:: aG9tZU1EQizYqtio2KfYr9mEINmF2K7YstmGINi52YTYqNipINin2YTYqNix2YrYrywwLDEwMCww
+extraColumns:: bWFpbE5pY2tuYW1lLNiq2KjYp9iv2YQg2KfZhNin2LPZhSDYp9mE2YXYs9iq2LnYp9ixLDAsMTc1LDA=
+extraColumns:: bWFpbCzYudmG2YjYp9mGINin2YTYqNix2YrYryDYp9mE2KXZhNmD2KrYsdmI2YbZiiwwLDEwMCww
+extraColumns:: c0FNQWNjb3VudE5hbWUs4oCP4oCP2KfYs9mFINiq2LPYrNmK2YQg2KfZhNiv2K7ZiNmEINin2YTYs9in2KjZgiDZhNmAIFdpbmRvd3MgMjAwMCwwLDEyMCww
+extraColumns:: ZGlzcGxheU5hbWUs2KfYs9mFINin2YTYudix2LYsMCwxMDAsMA==
+extraColumns:: ZGVwYXJ0bWVudCzYp9mE2YLYs9mFLDAsMTUwLDA=
+extraColumns:: YyzYp9mE2KjZhNivLDAsLTEsMA==
+extraColumns:: Y29tcGFueSzYp9mE2LTYsdmD2KksMCwxNTAsMA==
+extraColumns:: bCzYp9mE2YXYr9mK2YbYqSwwLDE1MCww
+extraColumns:: dGVsZXBob25lTnVtYmVyLNmH2KfYqtmBINin2YTYudmF2YQsMCwxMDAsMA==
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 2KfYsdiq2KjYp9i3INin2YTZhdmI2YLYuQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 2KzYs9ixINin2LHYqtio2KfYtyDYp9mE2YXZiNmC2Lk=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 2YbZgtmEINio2YrZhiDYp9mE2YXZiNin2YLYuQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 2KXYudiv2KfYr9in2Kog2KrYsdiu2YrYtSDYp9mE2YXZiNmC2Lk=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: 2KXYudiv2KfYr9in2Kog2KfZhNmF2YjZgti5
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 2LnYttmIIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 2YXYtNiq2LHZgyBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 2KfYtNiq2LHYp9mD2KfYqiBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 2K7Yr9mF2KfYqiBSUEM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: 2YLYp9im2YXYqSDYp9mG2KrYuNin2LEgTVNNUQ==
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: 2KrZg9mI2YrZhiBNU01R
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: 2YXYtNix2YjYuSBNU01R
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: 2YXYs9iq2K7Yr9mFINiq2LHZgtmK2Kkg2YTZgCBNU01R
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: 2KfYsdiq2KjYp9i3INiq2YjYrNmK2YcgTVNNUQ==
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: 2KXYudiv2KfYr9in2KogTVNNUQ==
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: 2KfZhNin2LPZhSDYp9mE2YXYs9iq2LnYp9ixINmE2YLYp9im2YXYqSDYp9mG2KrYuNin2LEgTVNNUQ==
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSzYp9iz2YUg2KfZhNiq2YbYs9mK2YI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: 2YXYrNmF2YjYudipIE1TTVE=
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLNi52LbZiCDZgtmI2KfYptmFINin2YbYqti42KfYsQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 2K7Yr9mF2Kkg2KfZhNiq2K7YstmK2YYg2KfZhNio2LnZitiv
+adminContextMenu:: MCwm2KXYr9in2LHYqS4uLixSc0FkbWluLm1zYw==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 2K3Yp9mI2YrYqSDYp9mE2YXZiNin2YLYuQ==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 2K3Yp9mI2YrYqSDYp9mE2YbZgtmEINio2YrZhiDYp9mE2YXZiNin2YLYuQ==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 2K3Yp9mI2YrYqSDYp9mE2LTYqNmD2KfYqiDYp9mE2YHYsdi52YrYqQ==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 2K3Yp9mI2YrYqSDYp9mE2YXZhNmC2YXYp9iq
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 4oCP4oCP2K7Yr9mF2KfYqiDZhdis2KfZhCDYrtiv2YXYqSBBY3RpdmUgRGlyZWN0b3J5
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 2YbZh9isINin2YTYp9iz2KrYudmE2KfZhQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 2KPYs9in2LMg2KfZhNij2YXYp9mGINin2YTYrtin2LHYrNmK
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: 2YLYp9mE2Kgg2KfZhNi02YfYp9iv2Kk=
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LNin2YTYo9i12YQg2KfZhNij2K7ZitixINin2YTZhdi52LHZiNmBLDEsMzAwLDA=
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LNin2YTZhdiz2KfYudiv
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+attributeDisplayNames:: YyzYp9iu2KrYtdin2LEg2KfZhNio2YTYrw==
+attributeDisplayNames:: Y28s2KfZhNio2YTYrw==
+attributeDisplayNames:: Y29tbWVudCzYp9mE2KrYudmE2YrZgg==
+attributeDisplayNames:: Y29tcGFueSzYp9mE2LTYsdmD2Kk=
+attributeDisplayNames:: ZGVwYXJ0bWVudCzYp9mE2YLYs9mF
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzYp9mE2KrZgtin2LHZitixINin2YTZhdio2KfYtNix2Kk=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs2KfZhNin2LPZhSDYp9mE2YXZhdmK2LI=
+attributeDisplayNames:: ZGl2aXNpb24s2KfZhNmB2LHYuQ==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzYp9mE2LHZgtmFINin2YTZhdi52LHZgSDZhNmE2YXZiNi42YE=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNix2YLZhSDYp9mE2YHYp9mD2LM=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizZhNin2K3ZgtipINin2YTYp9iz2YU=
+attributeDisplayNames:: Z2l2ZW5OYW1lLNin2YTYp9iz2YUg2KfZhNij2YjZhA==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzYp9mE2K/ZhNmK2YQg2KfZhNix2KbZitiz2Yo=
+attributeDisplayNames:: aG9tZURyaXZlLNmF2K3YsdmDINin2YTYo9mC2LHYp9i1INin2YTYsdim2YrYs9mK
+attributeDisplayNames:: aG9tZVBob25lLNmH2KfYqtmBINin2YTZhdmG2LLZhA==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms2LnZhtmI2KfZhiDYp9mE2YXZhtiy2YQ=
+attributeDisplayNames:: aW5pdGlhbHMs2KfZhNij2K3YsdmBINin2YTYo9mI2YTZiSDZhdmGINin2YTYo9iz2YXYp9ih
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs2LHZgtmFIElTRE4g2KfZhNiv2YjZhNmKICjYotiu2LEp
+attributeDisplayNames:: aXBQaG9uZSzYsdmC2YUg2YfYp9iq2YEgSVA=
+attributeDisplayNames:: bCzYp9mE2YXYr9mK2YbYqQ==
+attributeDisplayNames:: bWFpbCzYudmG2YjYp9mGINin2YTYqNix2YrYryDYp9mE2KXZhNmD2KrYsdmI2YbZig==
+attributeDisplayNames:: bWFuYWdlcizYp9mE2YXYr9mK2LE=
+attributeDisplayNames:: bWVtYmVyT2Ys2LnYttmIINmB2Yo=
+attributeDisplayNames:: bWlkZGxlTmFtZSzYp9mE2KfYs9mFINin2YTYo9mI2LPYtw==
+attributeDisplayNames:: bW9iaWxlLNix2YLZhSDYp9mE2YfYp9iq2YEg2KfZhNis2YjZkdin2YQ=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs2KfZhNmC2LPZhSDYp9mE2LXZiNiq2Yo=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLNin2LPZhSDYp9mE2LTYsdmD2Kkg2KfZhNi12YjYqtmK
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLNin2LPZhSDYp9mE2LnYsdi2INin2YTYtdmI2KrZig==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLNin2LPZhSDYp9mE2LnYp9im2YTYqSDYp9mE2LXZiNiq2Yo=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzYp9mE2KfYs9mFINin2YTYo9mI2YQg2KfZhNi12YjYqtmK
+attributeDisplayNames:: aW5mbyzZhdmE2KfYrdi42KfYqg==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs2LHZgtmFINin2YTZgdin2YPYsyAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs2LHZgtmFINmH2KfYqtmBINin2YTZhdmG2LLZhCAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLNi52YbZiNin2YYg2YfYp9iq2YEgSVAgKNii2K7YsSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNi52YbZiNin2YYg2KfZhNio2LHZitivINin2YTYpdmE2YPYqtix2YjZhtmKICjYotiu2LEp
+attributeDisplayNames:: b3RoZXJNb2JpbGUs2LHZgtmFINin2YTZh9in2KrZgSDYp9mE2KzZiNmR2KfZhCAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcizYsdmC2YUg2KfZhNmG2K/Zkdin2KEgKNii2K7YsSk=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs2LHZgtmFINin2YTZh9in2KrZgSAo2KLYrtixKQ==
+attributeDisplayNames:: cGFnZXIs2LHZgtmFINin2YTZhtiv2ZHYp9ih
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzYp9mE2YTZgtio
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs2YXZiNmC2Lkg2KfZhNmF2YPYqtio
+attributeDisplayNames:: cG9zdGFsQ29kZSzYp9mE2LHZhdiyINin2YTYqNix2YrYr9mK
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzYtdmG2K/ZiNmCINin2YTYqNix2YrYrw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNix2YLZhSBJU0ROINin2YTYr9mI2YTZig==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNix2YLZhSDYp9mE2KrZhNmK2YPYsw==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs2KfYs9mFINiq2LPYrNmK2YQg2KfZhNiv2K7ZiNmEICjZhdinINmC2KjZhCBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: c24s2KfYs9mFINin2YTYudin2KbZhNip
+attributeDisplayNames:: c3Qs2KfZhNmI2YTYp9mK2Kkv2KfZhNmF2YLYp9i32LnYqQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzYp9mE2LnZhtmI2KfZhg==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNix2YLZhSDYp9mE2YfYp9iq2YE=
+attributeDisplayNames:: dGVsZXhOdW1iZXIs2LHZgtmFINin2YTYqtmE2YrZg9izICjYotiu2LEp
+attributeDisplayNames:: dGl0bGUs2KfZhNmF2LPZhdmJINin2YTZiNi42YrZgdmK
+attributeDisplayNames:: dXJsLNi52YbZiNin2YYg2LXZgdit2Kkg2YjZitioICjYotiu2LEp
+attributeDisplayNames:: ZGlzcGxheU5hbWUs2KfYs9mFINin2YTYudix2LY=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzZhdit2LfYp9iqINiq2LPYrNmK2YQg2KfZhNiv2K7ZiNmE
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs2KfYs9mFINiq2LPYrNmK2YQg2KfZhNiv2K7ZiNmE
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us2LnZhtmI2KfZhiDYtdmB2K3YqSDZiNmK2Kg=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvciDnvqTntYQ=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvciDmnI3li5k=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5L2/55So6ICF
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us57ay5Z2A
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs55m75YWl5ZCN56ix
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyznmbvlhaXlt6XkvZznq5k=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs6aGv56S65ZCN56ix
+attributeDisplayNames:: dXJsLOe2suWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: dGl0bGUs5bel5L2c6IG356ix
+attributeDisplayNames:: dGVsZXhOdW1iZXIs6Zu75YKz6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOmbu+ipseiZn+eivA==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzooZfpgZPlnLDlnYA=
+attributeDisplayNames:: c3Qs55yB
+attributeDisplayNames:: c24s5aeT5rCP
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs55m75YWl5ZCN56ixIChXaW5kb3dzIDIwMDAg5YmN54mIKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOmbu+WCs+iZn+eivA==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWci+mamyBJU0ROIOiZn+eivA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzpg7XmlL/kv6HnrrE=
+attributeDisplayNames:: cG9zdGFsQ29kZSzpg7XpgZ7ljYDomZ8=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs6L6m5YWs5Zyw6bue
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSznqLHorII=
+attributeDisplayNames:: cGFnZXIs5ZG85Y+r5Zmo6Jmf56K8
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJQYWdlcizlkbzlj6vlmajomZ/norwgKOWFtuS7lik=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs6KGM5YuV6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOmbu+WtkOmDteS7tuWcsOWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOmbu+ipseiZn+eivCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs5L2P5a6F6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs5YKz55yf6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: aW5mbyzms6jmhI/kuovpoIU=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs5rOo6Z+z5qiZ56S66YOo6ZaA
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLOazqOmfs+aomeekuuWFrOWPuOWQjeeosQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOazqOmfs+mhr+ekuuWQjeeosQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLOazqOmfs+aomeekuuWnk+awjw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzms6jpn7PmqJnnpLrlkI3lrZc=
+attributeDisplayNames:: bW9iaWxlLOihjOWLlembu+ipseiZn+eivA==
+attributeDisplayNames:: bWlkZGxlTmFtZSzkuK3plpPlkI3lrZc=
+attributeDisplayNames:: bWVtYmVyT2Ys6Zq45bGs5pa8
+attributeDisplayNames:: bWFuYWdlcizkuLvnrqE=
+attributeDisplayNames:: bWFpbCzpm7vlrZDpg7Xku7blnLDlnYA=
+attributeDisplayNames:: bCznuKMv5biC
+attributeDisplayNames:: aXBQaG9uZSxJUCDpm7voqbHomZ/norw=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5ZyL6ZqbIElTRE4g6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: aW5pdGlhbHMs57iu5a+r5ZCN
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms5L2P5a625Zyw5Z2A
+attributeDisplayNames:: aG9tZVBob25lLOS9j+Wuhembu+ipsQ==
+attributeDisplayNames:: aG9tZURyaXZlLOS4u+ebrumMhOejgeeinw==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzkuLvnm67pjITos4fmlpnlpL4=
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjeWtlw==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizkuJbopbLnqLHorII=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLOWCs+ecn+iZn+eivA==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzlk6Hlt6XorZjliKXnorw=
+attributeDisplayNames:: ZGl2aXNpb24s6JmV
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs5YiG6L6o5ZCN56ix
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXpg6jlsaw=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jploA=
+attributeDisplayNames:: Y29tcGFueSzlhazlj7g=
+attributeDisplayNames:: Y29tbWVudCzoqLvop6M=
+attributeDisplayNames:: Y28s5ZyL5a62KOWcsOWNgCk=
+attributeDisplayNames:: YyzlnIvlrrYo5Zyw5Y2AKee4ruWvqw==
+attributeDisplayNames:: Y24s5ZCN56ix
+attributeDisplayNames:: YXNzaXN0YW50LOWKqeeQhg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 576k57WE
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us57ay5Z2A
+attributeDisplayNames:: dXJsLOe2suWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs576k57WE5ZCN56ixIChXaW5kb3dzIDIwMDAg5YmN54mIKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs6L6m5YWs5Zyw6bue
+attributeDisplayNames:: aW5mbyzms6jmhI/kuovpoIU=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOazqOmfs+mhr+ekuuWQjeeosQ==
+attributeDisplayNames:: bWVtYmVyLOaIkOWToQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: bCznuKMv5biC
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs5YiG6L6o5ZCN56ix
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: YyzlnIvlrrYo5Zyw5Y2AKee4ruWvqw==
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 57ay5Z+f
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGMs5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 6YCj57Wh5Lq6
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us57ay5Z2A
+attributeDisplayNames:: dXJsLOe2suWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: dGl0bGUs5bel5L2c6IG356ix
+attributeDisplayNames:: dGVsZXhOdW1iZXIs6Zu75YKz6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOmbu+ipseiZn+eivA==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzooZfpgZPlnLDlnYA=
+attributeDisplayNames:: c3Qs55yB
+attributeDisplayNames:: c24s5aeT5rCP
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOmbu+WCs+iZn+eivA==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWci+mamyBJU0ROIOiZn+eivA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzpg7XmlL/kv6HnrrE=
+attributeDisplayNames:: cG9zdGFsQ29kZSzpg7XpgZ7ljYDomZ8=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs6L6m5YWs5Zyw6bue
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSznqLHorII=
+attributeDisplayNames:: cGFnZXIs5ZG85Y+r5Zmo6Jmf56K8
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJQYWdlcizlkbzlj6vlmajomZ/norwgKOWFtuS7lik=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs6KGM5YuV6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOmbu+WtkOmDteS7tuWcsOWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOmbu+ipseiZn+eivCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs5L2P5a6F6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs5YKz55yf6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs5rOo6Z+z5qiZ56S66YOo6ZaA
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLOazqOmfs+aomeekuuWFrOWPuOWQjeeosQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOazqOmfs+mhr+ekuuWQjeeosQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLOazqOmfs+aomeekuuWnk+awjw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzms6jpn7PmqJnnpLrlkI3lrZc=
+attributeDisplayNames:: bW9iaWxlLOihjOWLlembu+ipseiZn+eivA==
+attributeDisplayNames:: bWlkZGxlTmFtZSzkuK3plpPlkI3lrZc=
+attributeDisplayNames:: bWVtYmVyT2Ys6Zq45bGs5pa8
+attributeDisplayNames:: bWFuYWdlcizkuLvnrqE=
+attributeDisplayNames:: bWFpbCzpm7vlrZDpg7Xku7blnLDlnYA=
+attributeDisplayNames:: bCznuKMv5biC
+attributeDisplayNames:: aXBQaG9uZSxJUCDpm7voqbHomZ/norw=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5ZyL6ZqbIElTRE4g6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: aW5mbyzms6jmhI/kuovpoIU=
+attributeDisplayNames:: aW5pdGlhbHMs57iu5a+r5ZCN
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms5L2P5a625Zyw5Z2A
+attributeDisplayNames:: aG9tZVBob25lLOS9j+Wuhembu+ipsQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjeWtlw==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizkuJbopbLnqLHorII=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLOWCs+ecn+iZn+eivA==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzlk6Hlt6XorZjliKXnorw=
+attributeDisplayNames:: ZGl2aXNpb24s6JmV
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs5YiG6L6o5ZCN56ix
+attributeDisplayNames:: ZGlzcGxheU5hbWUs6aGv56S65ZCN56ix
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXpg6jlsaw=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jploA=
+attributeDisplayNames:: Y29tcGFueSzlhazlj7g=
+attributeDisplayNames:: Y29tbWVudCzoqLvop6M=
+attributeDisplayNames:: Y24s5ZCN56ix
+attributeDisplayNames:: Y28s5ZyL5a62KOWcsOWNgCk=
+attributeDisplayNames:: YyzlnIvlrrYo5Zyw5Y2AKee4ruWvqw==
+attributeDisplayNames:: YXNzaXN0YW50LOWKqeeQhg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 57ay5Z+f5Y6f5YmH
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5pys5qmf5Y6f5YmH
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5YWx55So6LOH5paZ5aS+
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSzntrLot6/ot6/lvpE=
+attributeDisplayNames:: a2V5d29yZHMs6Zec6Y215a2X
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5pyN5YuZ
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 6Zu76IWm
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOazqOmfs+mhr+ekuuWQjeeosQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs6Zu76IWm5ZCN56ixIChXaW5kb3dzIDIwMDAg5YmN54mIKQ==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizkvZzmpa3ns7vntbHniYjmnKw=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLOS9nOalreezu+e1sQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5Y2w6KGo5qmf
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlciznianku7bniYjmnKw=
+attributeDisplayNames:: dXJsLOe2suWdgA==
+attributeDisplayNames:: c2VydmVyTmFtZSzkvLrmnI3lmajlkI3nqLE=
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzmlK/mj7Too53oqII=
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUs5YWx55So5ZCN56ix
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzpoIEv5YiG6ZCY
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzpgJ/luqbllq7kvY0=
+attributeDisplayNames:: cHJpbnRSYXRlLOmAn+W6pg==
+attributeDisplayNames:: cHJpbnRPd25lcizmk4HmnInogIXlkI3nqLE=
+attributeDisplayNames:: cHJpbnRNZW1vcnks5bey5a6J6KOd55qE6KiY5oa26auU
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzmlK/mj7TnmoTntJnlvLXpoZ7lnos=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LOWPr+S9v+eUqOe0meW8tQ==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLOacgOWkp+ino+aekOW6pg==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSzljbDooajmqZ/oqp7oqIA=
+attributeDisplayNames:: cHJpbnRlck5hbWUs5ZCN56ix
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQs5pSv5o+06ZuZ6Z2i5YiX5Y2w
+attributeDisplayNames:: cHJpbnRDb2xvcizmlK/mj7TlvanoibLliJfljbA=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLOaUr+aPtOagoeWwjQ==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzpgIHntJnljKM=
+attributeDisplayNames:: cG9ydE5hbWUs6YCj5o6l5Z+g
+attributeDisplayNames:: bG9jYXRpb24s5L2N572u
+attributeDisplayNames:: ZHJpdmVyTmFtZSzlnovomZ8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Ki76Kej
+attributeDisplayNames:: Y29udGFjdE5hbWUs6YCj57Wh5Lq6
+attributeDisplayNames:: YXNzZXROdW1iZXIs6LOH55Si57eo6Jmf
+attributeDisplayNames:: dU5DTmFtZSzntrLot6/lkI3nqLE=
+attributeDisplayNames:: Y24s55uu6YyE5pyN5YuZ5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 56uZ5Y+w
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 5Ly65pyN5Zmo
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 6Kit5a6a5YC8
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOioreWumuWAvA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOikh+Wvq+e1hA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 57ay5Z+f5o6n5Yi256uZ6Kit5a6a
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 6YCj57ea
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 5a2Q57ay6Lev
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 57WE57mU5Zau5L2N
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: b3Us5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5a655Y2A
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 5Y+X5L+h5Lu755qE57ay5Z+f
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQs5rOo6Z+z5qiZ56S66YOo6ZaALDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLOazqOmfs+aomeekuuWFrOWPuOWQjeeosSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLOazqOmfs+aomeekuuWnk+awjywwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSzms6jpn7PmqJnnpLrlkI3lrZcsMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOazqOmfs+mhr+ekuuWQjeeosSwwLDEwMCww
+extraColumns:: cG9zdGFsQ29kZSzpg7XpgZ7ljYDomZ8sMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAg6Zu75a2Q6YO15Lu25Zyw5Z2ALDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUs5L2/55So6ICF55m75YWl5ZCN56ixLDAsMjAwLDA=
+extraColumns:: dGl0bGUs5bel5L2c6IG356ixLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyznm67mqJnkvY3lnYAsMCwxMDAsMA==
+extraColumns:: c3Qs55yBLDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs6L6m5YWs5a6kLDAsMTAwLDA=
+extraColumns:: d2hlbkNoYW5nZWQs5L+u5pS55pel5pyfLDAsMTMwLDA=
+extraColumns:: c24s5aeT5rCPLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkws56uL5Y2z6KiK5oGvIFVSTCwwLDE0MCww
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCznq4vljbPoqIrmga/kuLvkvLrmnI3lmagsMCwxNzAsMA==
+extraColumns:: Z2l2ZW5OYW1lLOWQjeWtlywwLDEwMCww
+extraColumns:: aG9tZU1EQixFeGNoYW5nZSDkv6HnrrHlrZjmlL7ljYAsMCwxMDAsMA==
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlIOWIpeWQjSwwLDE3NSww
+extraColumns:: bWFpbCzpm7vlrZDpg7Xku7blnLDlnYAsMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsV2luZG93cyAyMDAwIOWJjeeJiOeZu+WFpeWQjeeosSwwLDEyMCww
+extraColumns:: ZGlzcGxheU5hbWUs6aGv56S65ZCN56ixLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCzpg6jploAsMCwxNTAsMA==
+extraColumns:: YyzlnIvlrrYo5Zyw5Y2AKSwwLC0xLDA=
+extraColumns:: Y29tcGFueSzlhazlj7gsMCwxNTAsMA==
+extraColumns:: bCznuKMv5biCLDAsMTUwLDA=
+extraColumns:: dGVsZXBob25lTnVtYmVyLOWFrOWPuOmbu+ipsSwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 57ay56uZ6YCj57WQ
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 57ay56uZ6YCj57WQ5qmL5o6l5Zmo
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 56uZ5Y+w6ZaT5YKz6Ly4
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 5o6I5qyK57ay56uZ6Kit5a6a5YC8
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: 56uZ5Y+w6Kit5a6a5YC8
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOaIkOWToQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOioguaItg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOiogumWsQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UlBDIOacjeWLmQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDkvYfliJc=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDntYTmhYs=
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ Enterprise
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUSDljYfntJrkvb/nlKjogIU=
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDot6/nlLHpgKPntZA=
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDoqK3lrprlgLw=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUSDot6/nlLHliKXlkI0=
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSzmoLzlvI/lkI3nqLE=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: TVNNUSDnvqTntYQ=
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLOaIkOWToeS9h+WIlw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 6YGg56uv5a2Y5pS+5pyN5YuZ
+adminContextMenu:: MCznrqHnkIYoJk0pLi4uLFJzQWRtaW4ubXNj
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 57ay56uZ5a655Y2A
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 56uZ5Y+w6ZaT5YKz6Ly45a655Y2A
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 5a2Q57ay6Lev5a655Y2A
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 5Ly65pyN5Zmo5a655Y2A
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeSDntrLln5/mnI3li5k=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 5p+l6Kmi5Y6f5YmH
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 5aSW6YOo5a6J5YWo5oCn5Y6f5YmH
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: 5oaR6K2J56+E5pys
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LOS4iuasoeW3suefpeeItuezuywxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LOWKqeeQhg==
+attributeDisplayNames:: Y24s5ZCN56ix
+attributeDisplayNames:: YyzlnIvlrrYo5Zyw5Y2AKee4ruWvqw==
+attributeDisplayNames:: Y28s5ZyL5a62KOWcsOWNgCk=
+attributeDisplayNames:: Y29tbWVudCzoqLvop6M=
+attributeDisplayNames:: Y29tcGFueSzlhazlj7g=
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jploA=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXpg6jlsaw=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs5YiG6L6o5ZCN56ix
+attributeDisplayNames:: ZGl2aXNpb24s6JmV
+attributeDisplayNames:: ZW1wbG95ZWVJRCzlk6Hlt6XorZjliKXnorw=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLOWCs+ecn+iZn+eivA==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizkuJbopbLnqLHorII=
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjeWtlw==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzkuLvnm67pjITos4fmlpnlpL4=
+attributeDisplayNames:: aG9tZURyaXZlLOS4u+ebrumMhOejgeeinw==
+attributeDisplayNames:: aG9tZVBob25lLOS9j+Wuhembu+ipsQ==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms5L2P5a625Zyw5Z2A
+attributeDisplayNames:: aW5pdGlhbHMs57iu5a+r5ZCN
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5ZyL6ZqbIElTRE4g6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: aXBQaG9uZSxJUCDpm7voqbHomZ/norw=
+attributeDisplayNames:: bCznuKMv5biC
+attributeDisplayNames:: bWFpbCzpm7vlrZDpg7Xku7blnLDlnYA=
+attributeDisplayNames:: bWFuYWdlcizkuLvnrqE=
+attributeDisplayNames:: bWVtYmVyT2Ys6Zq45bGs5pa8
+attributeDisplayNames:: bWlkZGxlTmFtZSzkuK3plpPlkI3lrZc=
+attributeDisplayNames:: bW9iaWxlLOihjOWLlembu+ipseiZn+eivA==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs5rOo6Z+z5qiZ56S66YOo6ZaA
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLOazqOmfs+aomeekuuWFrOWPuOWQjeeosQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOazqOmfs+mhr+ekuuWQjeeosQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLOazqOmfs+aomeekuuWnk+awjw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzms6jpn7PmqJnnpLrlkI3lrZc=
+attributeDisplayNames:: aW5mbyzms6jmhI/kuovpoIU=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs5YKz55yf6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs5L2P5a6F6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOmbu+ipseiZn+eivCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOmbu+WtkOmDteS7tuWcsOWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUs6KGM5YuV6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJQYWdlcizlkbzlj6vlmajomZ/norwgKOWFtuS7lik=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: cGFnZXIs5ZG85Y+r5Zmo6Jmf56K8
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSznqLHorII=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs6L6m5YWs5Zyw6bue
+attributeDisplayNames:: cG9zdGFsQ29kZSzpg7XpgZ7ljYDomZ8=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzpg7XmlL/kv6HnrrE=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWci+mamyBJU0ROIOiZn+eivA==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOmbu+WCs+iZn+eivA==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs55m75YWl5ZCN56ixIChXaW5kb3dzIDIwMDAg5YmN54mIKQ==
+attributeDisplayNames:: c24s5aeT5rCP
+attributeDisplayNames:: c3Qs55yB
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzooZfpgZPlnLDlnYA=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOmbu+ipseiZn+eivA==
+attributeDisplayNames:: dGVsZXhOdW1iZXIs6Zu75YKz6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: dGl0bGUs5bel5L2c6IG356ix
+attributeDisplayNames:: dXJsLOe2suWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUs6aGv56S65ZCN56ix
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyznmbvlhaXlt6XkvZznq5k=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs55m75YWl5ZCN56ix
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us57ay5Z2A
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror-groep
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror-service
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Gebruiker
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: wWWHomePage,Adres van website
+attributeDisplayNames: userPrincipalName,Aanmeldingsnaam
+attributeDisplayNames: userWorkstations,Aanmeldingswerkstations
+attributeDisplayNames: displayName,Weergegeven naam
+attributeDisplayNames: url,Adres van website (overige)
+attributeDisplayNames: title,Functie
+attributeDisplayNames: telexNumber,Telexnummer (overige)
+attributeDisplayNames: telephoneNumber,Telefoonnummer
+attributeDisplayNames: streetAddress,Adres
+attributeDisplayNames: st,Provincie
+attributeDisplayNames: sn,Achternaam
+attributeDisplayNames: samAccountName,Aanmeldingsnaam (van voor Windows 2000)
+attributeDisplayNames: primaryTelexNumber,Telexnummer
+attributeDisplayNames: primaryInternationalISDNNumber,Internationaal ISDN-nummer
+attributeDisplayNames: postOfficeBox,Postbus
+attributeDisplayNames: postalCode,Postcode
+attributeDisplayNames: physicalDeliveryOfficeName,Kantoorlocatie
+attributeDisplayNames: personalTitle,titel
+attributeDisplayNames: pager,Pagernummer
+attributeDisplayNames: otherTelephone,Telefoonnummer (overige)
+attributeDisplayNames: otherPager,Pagernummer (overige)
+attributeDisplayNames: otherMobile,Mobiel nummer (overige)
+attributeDisplayNames: otherMailbox,E-mailadres (overige)
+attributeDisplayNames: otherIpPhone,IP-telefoonnummer (overige)
+attributeDisplayNames: otherHomePhone,Telefoonnummer thuis (overige)
+attributeDisplayNames: otherFacsimileTelephoneNumber,Faxnummer (overige)
+attributeDisplayNames: info,Notities
+attributeDisplayNames: mSDS-PhoneticDepartment,Fonetische afdeling
+attributeDisplayNames: mSDS-PhoneticCompanyName,Bedrijfsnaam (fonetisch)
+attributeDisplayNames: mSDS-PhoneticDisplayName,Fonetische weergavenaam
+attributeDisplayNames: mSDS-PhoneticLastName,Achternaam (fonetisch)
+attributeDisplayNames: mSDS-PhoneticFirstName,Voornaam (fonetisch)
+attributeDisplayNames: mobile,Mobiel nummer
+attributeDisplayNames: middleName,Middelste naam
+attributeDisplayNames: memberOf,Lid van
+attributeDisplayNames: manager,Manager
+attributeDisplayNames: mail,E-mailadres
+attributeDisplayNames: l,Plaats
+attributeDisplayNames: ipPhone,IP-telefoonnummer
+attributeDisplayNames: internationalISDNNumber,Internationaal ISDN-nummer (overige)
+attributeDisplayNames: initials,Initialen
+attributeDisplayNames: homePostalAddress,Thuisadres
+attributeDisplayNames: homePhone,Telefoon (thuis)
+attributeDisplayNames: homeDrive,Basisstation
+attributeDisplayNames: homeDirectory,Basismap
+attributeDisplayNames: givenName,Voornaam
+attributeDisplayNames: generationQualifier,Generatieachtervoegsel
+attributeDisplayNames: facsimileTelephoneNumber,Faxnummer
+attributeDisplayNames: employeeID,Medewerkers-id
+attributeDisplayNames: division,Afdeling
+attributeDisplayNames: distinguishedName,DN-naam
+attributeDisplayNames: directReports,Directe ondergeschikten
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: department,Afdeling
+attributeDisplayNames: company,Bedrijf
+attributeDisplayNames: comment,Opmerking
+attributeDisplayNames: co,Land
+attributeDisplayNames: c,Landafkorting
+attributeDisplayNames: cn,Naam
+attributeDisplayNames: assistant,Assistent
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: GROEP
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: wWWHomePage,Adres van website
+attributeDisplayNames: url,Adres van website (overige)
+attributeDisplayNames: samAccountName,Groepsnaam (pre-Windows 2000)
+attributeDisplayNames: physicalDeliveryOfficeName,Kantoorlocatie
+attributeDisplayNames: info,Notities
+attributeDisplayNames: mSDS-PhoneticDisplayName,Fonetische weergavenaam
+attributeDisplayNames: member,Leden
+attributeDisplayNames: managedBy,Beheerd door
+attributeDisplayNames: l,Plaats
+attributeDisplayNames: distinguishedName,DN-naam
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: c,Landafkorting
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: domein
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: dc,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contactpersoon
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: wWWHomePage,Adres van website
+attributeDisplayNames: url,Adres van website (overige)
+attributeDisplayNames: title,Functie
+attributeDisplayNames: telexNumber,Telexnummer (overige)
+attributeDisplayNames: telephoneNumber,Telefoonnummer
+attributeDisplayNames: streetAddress,Adres
+attributeDisplayNames: st,Provincie
+attributeDisplayNames: sn,Achternaam
+attributeDisplayNames: primaryTelexNumber,Telexnummer
+attributeDisplayNames: primaryInternationalISDNNumber,Internationaal ISDN-nummer
+attributeDisplayNames: postOfficeBox,Postbus
+attributeDisplayNames: postalCode,Postcode
+attributeDisplayNames: physicalDeliveryOfficeName,Kantoorlocatie
+attributeDisplayNames: personalTitle,titel
+attributeDisplayNames: pager,Pagernummer
+attributeDisplayNames: otherTelephone,Telefoonnummer (overige)
+attributeDisplayNames: otherPager,Pagernummer (overige)
+attributeDisplayNames: otherMobile,Mobiel nummer (overige)
+attributeDisplayNames: otherMailbox,E-mailadres (overige)
+attributeDisplayNames: otherIpPhone,IP-telefoonnummer (overige)
+attributeDisplayNames: otherHomePhone,Telefoonnummer thuis (overige)
+attributeDisplayNames: otherFacsimileTelephoneNumber,Faxnummer (overige)
+attributeDisplayNames: mSDS-PhoneticDepartment,Fonetische afdeling
+attributeDisplayNames: mSDS-PhoneticCompanyName,Bedrijfsnaam (fonetisch)
+attributeDisplayNames: mSDS-PhoneticDisplayName,Fonetische weergavenaam
+attributeDisplayNames: mSDS-PhoneticLastName,Achternaam (fonetisch)
+attributeDisplayNames: mSDS-PhoneticFirstName,Voornaam (fonetisch)
+attributeDisplayNames: mobile,Mobiel nummer
+attributeDisplayNames: middleName,Middelste naam
+attributeDisplayNames: memberOf,Lid van
+attributeDisplayNames: manager,Manager
+attributeDisplayNames: mail,E-mailadres
+attributeDisplayNames: l,Plaats
+attributeDisplayNames: ipPhone,IP-telefoonnummer
+attributeDisplayNames: internationalISDNNumber,Internationaal ISDN-nummer (overige)
+attributeDisplayNames: info,Notities
+attributeDisplayNames: initials,Initialen
+attributeDisplayNames: homePostalAddress,Thuisadres
+attributeDisplayNames: homePhone,Telefoon (thuis)
+attributeDisplayNames: givenName,Voornaam
+attributeDisplayNames: generationQualifier,Generatieachtervoegsel
+attributeDisplayNames: facsimileTelephoneNumber,Faxnummer
+attributeDisplayNames: employeeID,Medewerkers-id
+attributeDisplayNames: division,Afdeling
+attributeDisplayNames: distinguishedName,DN-naam
+attributeDisplayNames: displayName,Weergegeven naam
+attributeDisplayNames: directReports,Directe ondergeschikten
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: department,Afdeling
+attributeDisplayNames: company,Bedrijf
+attributeDisplayNames: comment,Opmerking
+attributeDisplayNames: cn,Naam
+attributeDisplayNames: co,Land
+attributeDisplayNames: c,Landafkorting
+attributeDisplayNames: assistant,Assistent
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Domeinbeleid
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Lokaal beleid
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Gedeelde map
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: uNCName,Netwerkpad
+attributeDisplayNames: keywords,Trefwoorden
+attributeDisplayNames: managedBy,Beheerd door
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Service
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Computer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: MSDS-PhoneticDisplayName,Fonetische weergavenaam
+attributeDisplayNames: samAccountName,Computernaam (pre-Windows 2000)
+attributeDisplayNames: operatingSystemVersion,Operating System Version
+attributeDisplayNames: operatingSystem,Besturingssysteem
+attributeDisplayNames: managedBy,Beheerd door
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Printer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixPYmplY3R2ZXJzaWU=
+attributeDisplayNames:: dXJsLEFkcmVzIHZhbiB3ZWJzaXRl
+attributeDisplayNames:: c2VydmVyTmFtZSxTZXJ2ZXJuYWFt
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxPbmRlcnN0ZXVudCBuaWV0ZW4=
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsU2hhcmUtbmFhbQ==
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxQYWdpbmEncyBwZXIgbWludXV0
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxTbmVsaGVpZHNlZW5oZWRlbg==
+attributeDisplayNames:: cHJpbnRSYXRlLFNuZWxoZWlk
+attributeDisplayNames:: cHJpbnRPd25lcixOYWFtIGVpZ2VuYWFy
+attributeDisplayNames:: cHJpbnRNZW1vcnksR2XDr25zdGFsbGVlcmQgZ2VoZXVnZW4=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxPbmRlcnN0ZXVuZGUgcGFwaWVyc29vcnRlbg==
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LEJlc2NoaWtiYWFyIHBhcGllcg==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLE1heGltYWxlIHJlc29sdXRpZQ==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxQcmludGVydGFhbA==
+attributeDisplayNames:: cHJpbnRlck5hbWUsTmFhbQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsT25kZXJzdGV1bnQgZHViYmVsemlqZGlnIGFmZHJ1a2tlbg==
+attributeDisplayNames:: cHJpbnRDb2xvcixPbmRlcnN0ZXVudCBhZmRydWtrZW4gaW4ga2xldXI=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLE9uZGVyc3RldW50IHNvcnRlcmVu
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxJbnZvZXJsYWRl
+attributeDisplayNames:: cG9ydE5hbWUsUG9vcnQ=
+attributeDisplayNames:: bG9jYXRpb24sTG9jYXRpZQ==
+attributeDisplayNames:: ZHJpdmVyTmFtZSxtb2RlbA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3BtZXJraW5n
+attributeDisplayNames:: Y29udGFjdE5hbWUsQ29udGFjdHBlcnNvb24=
+attributeDisplayNames:: YXNzZXROdW1iZXIsRWlnZW5zY2hhcHNudW1tZXI=
+attributeDisplayNames:: dU5DTmFtZSxOZXR3ZXJrbmFhbQ==
+attributeDisplayNames:: Y24sTmFhbSB2YW4gYWRyZXNsaWpzdHNlcnZpY2U=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Website
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Instellingen
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-instellingen
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-replicaset
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Instellingen van domeincontroller
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Verbinding
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Subnet
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Afdeling
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: managedBy,Beheerd door
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: ou,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Container
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Vertrouwd domein
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns: msds-PhoneticDepartment,Fonetische afdeling,0,100,0
+extraColumns: msds-PhoneticCompanyName,Bedrijfsnaam (fonetisch),0,100,0
+extraColumns: msds-PhoneticLastName,Achternaam (fonetisch),0,100,0
+extraColumns: msds-PhoneticFirstName,Voornaam (fonetisch),0,100,0
+extraColumns: msds-PhoneticDisplayName,Fonetische weergavenaam,0,100,0
+extraColumns: postalCode,Postcode,0,100,0
+extraColumns: textEncodedORAddress,X.400-e-mailadres,0,130,0
+extraColumns: userPrincipalName,Aanmeldingsnaam van gebruiker,0,200,0
+extraColumns: title,Functie,0,100,0
+extraColumns: targetAddress,Doeladres,0,100,0
+extraColumns: st,Status,0,100,0
+extraColumns: physicalDeliveryOfficeName,Kantoor,0,100,0
+extraColumns: whenChanged,Gewijzigd,0,130,0
+extraColumns: sn,Achternaam,0,100,0
+extraColumns: msExchIMMetaPhysicalURL,URL van Instant Messaging,0,140,0
+extraColumns: msExchIMPhysicalURL,Basisserver voor Instant Messaging,0,170,0
+extraColumns: givenName,Voornaam,0,100,0
+extraColumns: homeMDB,Exchange-bostbusarchief,0,100,0
+extraColumns: mailNickname,Exchange-alias,0,175,0
+extraColumns: mail,E-mailadres,0,100,0
+extraColumns: sAMAccountName,Aanmeldingsnaam van voor Windows 2000,0,120,0
+extraColumns: displayName,Weergegeven naam,0,100,0
+extraColumns: department,Afdeling,0,150,0
+extraColumns: c,Land,0,-1,0
+extraColumns: company,Bedrijf,0,150,0
+extraColumns: l,Plaats,0,150,0
+extraColumns: telephoneNumber,Zakelijke telefoon,0,100,0
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Koppeling naar site
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Sitekoppelingsbrug
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Intersitetransport
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Instellingen van licentiesite
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName: Site-instellingen
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-lid
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-abonnee
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-abonnementen
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: RPC-services
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-wachtrij
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-configuratie
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ-onderneming
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName: Bijgewerkte MSMQ-gebruiker
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: Koppeling van MSMQ-routering
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-instellingen
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: MSMQ-wachtrij-alias
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Indelingsnaam
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: MSMQ-groep
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames: member,Wachtrijen voor leden
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Remote Storage-service
+adminContextMenu: 0,&Beheren...,RsAdmin.msc
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Sitecontainer
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Intersite-transportcontainer
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Subnetcontainer
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Servercontainer
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Active Directory Domain Services
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Query-beleid
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Afwijkende beveiligings-principal
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Certificaatsjabloon
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns: lastKnownParent,Laatst bekende bovenligger,1,300,0
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: assistant,Assistent
+attributeDisplayNames: cn,Naam
+attributeDisplayNames: c,Landafkorting
+attributeDisplayNames: co,Land
+attributeDisplayNames: comment,Opmerking
+attributeDisplayNames: company,Bedrijf
+attributeDisplayNames: department,Afdeling
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: directReports,Directe ondergeschikten
+attributeDisplayNames: distinguishedName,DN-naam
+attributeDisplayNames: division,Afdeling
+attributeDisplayNames: employeeID,Medewerkers-id
+attributeDisplayNames: facsimileTelephoneNumber,Faxnummer
+attributeDisplayNames: generationQualifier,Generatieachtervoegsel
+attributeDisplayNames: givenName,Voornaam
+attributeDisplayNames: homeDirectory,Basismap
+attributeDisplayNames: homeDrive,Basisstation
+attributeDisplayNames: homePhone,Telefoon (thuis)
+attributeDisplayNames: homePostalAddress,Thuisadres
+attributeDisplayNames: initials,Initialen
+attributeDisplayNames: internationalISDNNumber,Internationaal ISDN-nummer (overige)
+attributeDisplayNames: ipPhone,IP-telefoonnummer
+attributeDisplayNames: l,Plaats
+attributeDisplayNames: mail,E-mailadres
+attributeDisplayNames: manager,Manager
+attributeDisplayNames: memberOf,Lid van
+attributeDisplayNames: middleName,Middelste naam
+attributeDisplayNames: mobile,Mobiel nummer
+attributeDisplayNames: mSDS-PhoneticDepartment,Fonetische afdeling
+attributeDisplayNames: mSDS-PhoneticCompanyName,Bedrijfsnaam (fonetisch)
+attributeDisplayNames: mSDS-PhoneticDisplayName,Fonetische weergavenaam
+attributeDisplayNames: mSDS-PhoneticLastName,Achternaam (fonetisch)
+attributeDisplayNames: mSDS-PhoneticFirstName,Voornaam (fonetisch)
+attributeDisplayNames: info,Notities
+attributeDisplayNames: otherFacsimileTelephoneNumber,Faxnummer (overige)
+attributeDisplayNames: otherHomePhone,Telefoon thuis (overige)
+attributeDisplayNames: otherIpPhone,IP-telefoonnummer (overige)
+attributeDisplayNames: otherMailbox,E-mailadres (overige)
+attributeDisplayNames: otherMobile,Mobiel nummer (overige)
+attributeDisplayNames: otherPager,Pagernummer (overige)
+attributeDisplayNames: otherTelephone,Telefoonnummer (overige)
+attributeDisplayNames: pager,Pagernummer
+attributeDisplayNames: personalTitle,titel
+attributeDisplayNames: physicalDeliveryOfficeName,Kantoorlocatie
+attributeDisplayNames: postalCode,Postcode
+attributeDisplayNames: postOfficeBox,Postbus
+attributeDisplayNames: primaryInternationalISDNNumber,Internationaal ISDN-nummer
+attributeDisplayNames: primaryTelexNumber,Telexnummer
+attributeDisplayNames: samAccountName,Aanmeldingsnaam (van voor Windows 2000)
+attributeDisplayNames: sn,Achternaam
+attributeDisplayNames: st,Provincie
+attributeDisplayNames: streetAddress,Adres
+attributeDisplayNames: telephoneNumber,Telefoonnummer
+attributeDisplayNames: telexNumber,Telexnummer (overige)
+attributeDisplayNames: title,Functie
+attributeDisplayNames: url,Adres van website (overige)
+attributeDisplayNames: displayName,Weergegeven naam
+attributeDisplayNames: userWorkstations,Aanmeldingswerkstations
+attributeDisplayNames: userPrincipalName,Aanmeldingsnaam
+attributeDisplayNames: wWWHomePage,Adres van website
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Grupo IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: Servicio IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Usuario
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRGlyZWNjacOzbiBkZSBww6FnaW5hIFdlYg==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tYnJlIGRlIGluaWNpbyBkZSBzZXNpw7Nu
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxFc3RhY2lvbmVzIGRlIHRyYWJham8gZGUgaW5pY2lvIGRlIHNlc2nDs24=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tYnJlIHBhcmEgbW9zdHJhcg==
+attributeDisplayNames:: dXJsLERpcmVjY2nDs24gZGUgcMOhZ2luYSBXZWIgKG90cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTsO6bWVybyBkZSB0w6lsZXggKG90cm9zKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgdGVsw6lmb25v
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxDYWxsZQ==
+attributeDisplayNames:: c3QsRXN0YWRvL1Byb3ZpbmNpYQ==
+attributeDisplayNames:: c24sQXBlbGxpZG9z
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tYnJlIGRlIGluaWNpbyBkZSBzZXNpw7NuIChhbnRlcmlvciBhIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE7Dum1lcm8gZGUgdMOpbGV4
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE7Dum1lcm8gSVNETiAoUkRTSSkgaW50ZXJuYWNpb25hbA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxBcGFydGFkbyBkZSBjb3JyZW9z
+attributeDisplayNames:: cG9zdGFsQ29kZSxDw7NkaWdvIHBvc3RhbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWJpY2FjacOzbiBkZSBsYSBvZmljaW5h
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGFnZXIsTsO6bWVybyBkZSBsb2NhbGl6YWRvcg==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTsO6bWVybyBkZSB0ZWzDqWZvbm8gKG90cm9zKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOw7ptZXJvIGRlIGxvY2FsaXphZG9yIChvdHJvcyk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTsO6bS4gZGUgdGVsw6lmb25vIG3Ds3ZpbCAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LERpcmVjY2nDs24gZGUgY29ycmVvIGVsZWN0csOzbmljbyAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJJcFBob25lLE7Dum0uIGRlIHRlbMOpZm9ubyBkZSBQSSAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTsO6bWVybyBkZSB0ZWzDqWZvbm8gcGFydGljdWxhciAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTsO6bWVybyBkZSBmYXggKG90cm9zKQ==
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRGVwYXJ0YW1lbnRvIGZvbsOpdGljbw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLE5vbWJyZSBkZSBlbXByZXNhIGZvbsOpdGljbw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbWJyZSBmb27DqXRpY28gcGFyYSBtb3N0cmFy
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEFwZWxsaWRvIGZvbsOpdGljbw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxOb21icmUgZm9uw6l0aWNv
+attributeDisplayNames:: bW9iaWxlLE7Dum1lcm8gZGUgdGVsw6lmb25vIG3Ds3ZpbA==
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWd1bmRvIG5vbWJyZQ==
+attributeDisplayNames:: bWVtYmVyT2YsTWllbWJybyBkZQ==
+attributeDisplayNames:: bWFuYWdlcixBZG1pbmlzdHJhZG9y
+attributeDisplayNames:: bWFpbCxEaXJlY2Npw7NuIGRlIGNvcnJlbyBlbGVjdHLDs25pY28=
+attributeDisplayNames:: bCxDaXVkYWQ=
+attributeDisplayNames:: aXBQaG9uZSxOw7ptLiBkZSB0ZWzDqWZvbm8gZGVsIFBJ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTsO6bWVybyBJU0ROIChSRFNJKSBpbnRlcm5hY2lvbmFsIChvdHJvcyk=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhbGVz
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRGlyZWNjacOzbiBwZXJzb25hbA==
+attributeDisplayNames:: aG9tZVBob25lLFRlbMOpZm9ubyBwYXJ0aWN1bGFy
+attributeDisplayNames:: aG9tZURyaXZlLFVuaWRhZCBwYXJ0aWN1bGFy
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxDYXJwZXRhIHBhcnRpY3VsYXI=
+attributeDisplayNames:: Z2l2ZW5OYW1lLFByaW1lciBub21icmU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpam8gZ2VuZXJhY2lvbmFs
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgZmF4
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZC4gZGUgZW1wbGVhZG8=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpw7Nu
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tYnJlIGRpc3RpbnRpdm8=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxTdXBlcnZpc2EgYQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: Y29tcGFueSxDb21wYcOxw61h
+attributeDisplayNames:: Y29tbWVudCxDb21lbnRhcmlv
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkZSBwYcOtcw==
+attributeDisplayNames:: Y24sTm9tYnJl
+attributeDisplayNames:: YXNzaXN0YW50LEF5dWRhbnRl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Grupo
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRGlyZWNjacOzbiBkZSBww6FnaW5hIFdlYg==
+attributeDisplayNames:: dXJsLERpcmVjY2nDs24gZGUgcMOhZ2luYSBXZWIgKG90cm9zKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tYnJlIGRlbCBncnVwbyAoYW50ZXJpb3IgYSBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWJpY2FjacOzbiBkZSBsYSBvZmljaW5h
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbWJyZSBmb27DqXRpY28gcGFyYSBtb3N0cmFy
+attributeDisplayNames:: bWVtYmVyLE1pZW1icm9z
+attributeDisplayNames:: bWFuYWdlZEJ5LEFkbWluaXN0cmFkbyBwb3I=
+attributeDisplayNames:: bCxDaXVkYWQ=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tYnJlIGRpc3RpbnRpdm8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkZSBwYcOtcw==
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Dominio
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: ZGMsTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contacto
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRGlyZWNjacOzbiBkZSBww6FnaW5hIFdlYg==
+attributeDisplayNames:: dXJsLERpcmVjY2nDs24gZGUgcMOhZ2luYSBXZWIgKG90cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTsO6bWVybyBkZSB0w6lsZXggKG90cm9zKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgdGVsw6lmb25v
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxDYWxsZQ==
+attributeDisplayNames:: c3QsRXN0YWRvL1Byb3ZpbmNpYQ==
+attributeDisplayNames:: c24sQXBlbGxpZG9z
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE7Dum1lcm8gZGUgdMOpbGV4
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE7Dum1lcm8gSVNETiAoUkRTSSkgaW50ZXJuYWNpb25hbA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxBcGFydGFkbyBkZSBjb3JyZW9z
+attributeDisplayNames:: cG9zdGFsQ29kZSxDw7NkaWdvIHBvc3RhbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWJpY2FjacOzbiBkZSBsYSBvZmljaW5h
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGFnZXIsTsO6bWVybyBkZSBsb2NhbGl6YWRvcg==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTsO6bWVybyBkZSB0ZWzDqWZvbm8gKG90cm9zKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOw7ptZXJvIGRlIGxvY2FsaXphZG9yIChvdHJvcyk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTsO6bS4gZGUgdGVsw6lmb25vIG3Ds3ZpbCAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LERpcmVjY2nDs24gZGUgY29ycmVvIGVsZWN0csOzbmljbyAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJJcFBob25lLE7Dum0uIGRlIHRlbMOpZm9ubyBkZSBQSSAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTsO6bWVybyBkZSB0ZWzDqWZvbm8gcGFydGljdWxhciAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTsO6bWVybyBkZSBmYXggKG90cm9zKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRGVwYXJ0YW1lbnRvIGZvbsOpdGljbw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLE5vbWJyZSBkZSBlbXByZXNhIGZvbsOpdGljbw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbWJyZSBmb27DqXRpY28gcGFyYSBtb3N0cmFy
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEFwZWxsaWRvIGZvbsOpdGljbw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxOb21icmUgZm9uw6l0aWNv
+attributeDisplayNames:: bW9iaWxlLE7Dum1lcm8gZGUgdGVsw6lmb25vIG3Ds3ZpbA==
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWd1bmRvIG5vbWJyZQ==
+attributeDisplayNames:: bWVtYmVyT2YsTWllbWJybyBkZQ==
+attributeDisplayNames:: bWFuYWdlcixBZG1pbmlzdHJhZG9y
+attributeDisplayNames:: bWFpbCxEaXJlY2Npw7NuIGRlIGNvcnJlbyBlbGVjdHLDs25pY28=
+attributeDisplayNames:: bCxDaXVkYWQ=
+attributeDisplayNames:: aXBQaG9uZSxOw7ptLiBkZSB0ZWzDqWZvbm8gZGVsIFBJ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTsO6bWVybyBJU0ROIChSRFNJKSBpbnRlcm5hY2lvbmFsIChvdHJvcyk=
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhbGVz
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRGlyZWNjacOzbiBwZXJzb25hbA==
+attributeDisplayNames:: aG9tZVBob25lLFRlbMOpZm9ubyBwYXJ0aWN1bGFy
+attributeDisplayNames:: Z2l2ZW5OYW1lLFByaW1lciBub21icmU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpam8gZ2VuZXJhY2lvbmFs
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgZmF4
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZC4gZGUgZW1wbGVhZG8=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpw7Nu
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tYnJlIGRpc3RpbnRpdm8=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tYnJlIHBhcmEgbW9zdHJhcg==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxTdXBlcnZpc2EgYQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: Y29tcGFueSxDb21wYcOxw61h
+attributeDisplayNames:: Y29tbWVudCxDb21lbnRhcmlv
+attributeDisplayNames:: Y24sTm9tYnJl
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkZSBwYcOtcw==
+attributeDisplayNames:: YXNzaXN0YW50LEF5dWRhbnRl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Directiva de dominio
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Directiva local
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Carpeta compartida
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxSdXRhIGRlIGFjY2VzbyBhIGxhIHJlZA==
+attributeDisplayNames:: a2V5d29yZHMsUGFsYWJyYXMgY2xhdmU=
+attributeDisplayNames:: bWFuYWdlZEJ5LEFkbWluaXN0cmFkbyBwb3I=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Servicio
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Equipo
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbWJyZSBmb27DqXRpY28gcGFyYSBtb3N0cmFy
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tYnJlIGRlbCBlcXVpcG8gKGFudGVyaW9yIGEgV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixWZXJzacOzbiBkZWwgc2lzdGVtYSBvcGVyYXRpdm8=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLFNpc3RlbWEgb3BlcmF0aXZv
+attributeDisplayNames:: bWFuYWdlZEJ5LEFkbWluaXN0cmFkbyBwb3I=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Impresora
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixWZXJzacOzbiBkZWwgb2JqZXRv
+attributeDisplayNames:: dXJsLERpcmVjY2nDs24gZGUgcMOhZ2luYSBXZWI=
+attributeDisplayNames:: c2VydmVyTmFtZSxOb21icmUgZGVsIHNlcnZpZG9y
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxQZXJtaXRlIGdyYXBhZG8=
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTm9tYnJlIGRlbCByZWN1cnNvIGNvbXBhcnRpZG8=
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxQw6FnaW5hcyBwb3IgbWludXRv
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxVbmlkYWRlcyBkZSB2ZWxvY2lkYWQ=
+attributeDisplayNames:: cHJpbnRSYXRlLFZlbG9jaWRhZA==
+attributeDisplayNames:: cHJpbnRPd25lcixOb21icmUgZGVsIHByb3BpZXRhcmlv
+attributeDisplayNames:: cHJpbnRNZW1vcnksTWVtb3JpYSBpbnN0YWxhZGE=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxUaXBvcyBkZSBwYXBlbCBhZG1pdGlkb3M=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFBhcGVsIGRpc3BvbmlibGU=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLFJlc29sdWNpw7NuIG3DoXhpbWE=
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxJZGlvbWEgZGUgaW1wcmVzacOzbg==
+attributeDisplayNames:: cHJpbnRlck5hbWUsTm9tYnJl
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsQWRtaXRlIGltcHJlc2nDs24gYSBkb2JsZSBjYXJh
+attributeDisplayNames:: cHJpbnRDb2xvcixBZG1pdGUgaW1wcmVzacOzbiBlbiBjb2xvcmVz
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLEFkbWl0ZSBpbnRlcmNhbGFkbw==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxCYW5kZWphcyBkZSBlbnRyYWRh
+attributeDisplayNames:: cG9ydE5hbWUsUHVlcnRv
+attributeDisplayNames:: bG9jYXRpb24sVWJpY2FjacOzbg==
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQ29tZW50YXJpbw==
+attributeDisplayNames:: Y29udGFjdE5hbWUsQ29udGFjdG8=
+attributeDisplayNames:: YXNzZXROdW1iZXIsTsO6bWVybyBkZSBpbnZlbnRhcmlv
+attributeDisplayNames:: dU5DTmFtZSxOb21icmUgZGUgcmVk
+attributeDisplayNames:: Y24sTm9tYnJlIGRlIHNlcnZpY2lvIGRlIGRpcmVjdG9yaW8=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Sitio
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Servidor
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: Q29uZmlndXJhY2nDs24=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: Q29uZmlndXJhY2nDs24gRlJT
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: Q29uanVudG8gZGUgcsOpcGxpY2FzIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: Q29uZmlndXJhY2nDs24gZGVsIGNvbnRyb2xhZG9yIGRlIGRvbWluaW8=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: Q29uZXhpw7Nu
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Subred
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Unidad organizativa
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LEFkbWluaXN0cmFkbyBwb3I=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: b3UsTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contenedor
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Dominio de confianza
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQsRGVwYXJ0YW1lbnRvIGZvbsOpdGljbywwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLE5vbWJyZSBkZSBlbXByZXNhIGZvbsOpdGljbywwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLEFwZWxsaWRvIGZvbsOpdGljbywwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSxOb21icmUgZm9uw6l0aWNvLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbWJyZSBmb27DqXRpY28gcGFyYSBtb3N0cmFyLDAsMTAwLDA=
+extraColumns:: cG9zdGFsQ29kZSxDLiBwb3N0YWwsMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsRGlyZWNjacOzbiBkZSBjb3JyZW8gZWxlY3Ryw7NuaWNvIFguNDAwLDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsTm9tYnJlIGRlIGluaWNpbyBkZSBzZXNpw7NuIGRlbCB1c3VhcmlvLDAsMjAwLDA=
+extraColumns:: dGl0bGUsQ2FyZ28sMCwxMDAsMA==
+extraColumns:: dGFyZ2V0QWRkcmVzcyxEaXJlY2Npw7NuIGRlIGRlc3Rpbm8sMCwxMDAsMA==
+extraColumns:: c3QsRXN0YWRvLDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsT2ZpY2luYSwwLDEwMCww
+extraColumns:: d2hlbkNoYW5nZWQsTW9kaWZpY2FkbywwLDEzMCww
+extraColumns:: c24sQXBlbGxpZG9zLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMIGRlIG1lbnNhamUgaW5zdGFudMOhbmVvLDAsMTQwLDA=
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxTZXJ2aWRvciBwcmluY2lwYWwgZGUgbWVuc2FqZXMgaW5zdGFudMOhbmVvcywwLDE3MCww
+extraColumns:: Z2l2ZW5OYW1lLFByaW1lciBub21icmUsMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixBbG1hY8OpbiBkZSBsYSBCYW5kZWphIGRlIGVudHJhZGEgZGUgRXhjaGFuZ2UsMCwxMDAsMA==
+extraColumns:: bWFpbE5pY2tuYW1lLEFsaWFzIGRlIEV4Y2hhbmdlLDAsMTc1LDA=
+extraColumns:: bWFpbCxEaXJlY2Npw7NuIGRlIGNvcnJlbyBlbGVjdHLDs25pY28sMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsTm9tYnJlIGRlIGluaWNpbyBkZSBzZXNpw7NuIGFudGVyaW9yIGEgV2luZG93cyAyMDAwLDAsMTIwLDA=
+extraColumns:: ZGlzcGxheU5hbWUsTm9tYnJlIHBhcmEgbW9zdHJhciwwLDEwMCww
+extraColumns:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8sMCwxNTAsMA==
+extraColumns:: YyxQYcOtcywwLC0xLDA=
+extraColumns:: Y29tcGFueSxDb21wYcOxw61hLDAsMTUwLDA=
+extraColumns:: bCxDaXVkYWQsMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLFRlbMOpZm9ubyBkZWwgdHJhYmFqbywwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: VsOtbmN1bG8gZGUgc2l0aW8=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UHVlbnRlIGRlIHbDrW5jdWxvIGEgc2l0aW8=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Transporte entre sitios
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: Q29uZmlndXJhY2nDs24gZGVsIHNpdGlvIGRlIGxpY2VuY2lh
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: Q29uZmlndXJhY2nDs24gZGVsIHNpdGlv
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Miembro de FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Suscriptor de FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Suscripciones a FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Servicios RPC
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: Cola de MSMQ
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: Q29uZmlndXJhY2nDs24gZGUgTVNNUQ==
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: Empresa de MSMQ
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName: Usuario actualizado de MSMQ
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: VsOtbmN1bG8gZGUgZW5ydXRhbWllbnRvIGRlIE1TTVE=
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: UGFyw6FtZXRyb3MgZGUgTVNNUQ==
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: Alias de cola de MSMQ
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSxOb21icmUgZGUgZm9ybWF0bw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: Grupo de MSMQ
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLENvbGFzIGRlIGVzcGVyYSBkZWwgbWllbWJybw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Servicio de almacenamiento remoto
+adminContextMenu: 0,&Administrar...,RsAdmin.msc
+attributeDisplayNames: cn,Nombre
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenedor de sitios
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenedor de transportes entre sitios
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenedor de subredes
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenedor de servidores
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Servicios de dominio de Active Directory
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Directiva de consulta
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Entidad principal de seguridad externa
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Plantilla de certificado
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LFByaW5jaXBhbCDDumx0aW1vIGNvbm9jaWRvLDEsMzAwLDA=
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEF5dWRhbnRl
+attributeDisplayNames:: Y24sTm9tYnJl
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkZSBwYcOtcw==
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: Y29tbWVudCxDb21lbnRhcmlv
+attributeDisplayNames:: Y29tcGFueSxDb21wYcOxw61h
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxTdXBlcnZpc2EgYQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tYnJlIGRpc3RpbnRpdm8=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpw7Nu
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZC4gZGUgZW1wbGVhZG8=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgZmF4
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpam8gZ2VuZXJhY2lvbmFs
+attributeDisplayNames:: Z2l2ZW5OYW1lLFByaW1lciBub21icmU=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxDYXJwZXRhIHBhcnRpY3VsYXI=
+attributeDisplayNames:: aG9tZURyaXZlLFVuaWRhZCBwYXJ0aWN1bGFy
+attributeDisplayNames:: aG9tZVBob25lLFRlbMOpZm9ubyBwYXJ0aWN1bGFy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRGlyZWNjacOzbiBwZXJzb25hbA==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhbGVz
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTsO6bWVybyBJU0ROIChSRFNJKSBpbnRlcm5hY2lvbmFsIChvdHJvcyk=
+attributeDisplayNames:: aXBQaG9uZSxOw7ptLiBkZSB0ZWzDqWZvbm8gZGVsIFBJ
+attributeDisplayNames:: bCxDaXVkYWQ=
+attributeDisplayNames:: bWFpbCxEaXJlY2Npw7NuIGRlIGNvcnJlbyBlbGVjdHLDs25pY28=
+attributeDisplayNames:: bWFuYWdlcixBZG1pbmlzdHJhZG9y
+attributeDisplayNames:: bWVtYmVyT2YsTWllbWJybyBkZQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWd1bmRvIG5vbWJyZQ==
+attributeDisplayNames:: bW9iaWxlLE7Dum1lcm8gZGUgdGVsw6lmb25vIG3Ds3ZpbA==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRGVwYXJ0YW1lbnRvIGZvbsOpdGljbw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLE5vbWJyZSBkZSBlbXByZXNhIGZvbsOpdGljbw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbWJyZSBmb27DqXRpY28gcGFyYSBtb3N0cmFy
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEFwZWxsaWRvIGZvbsOpdGljbw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxOb21icmUgZm9uw6l0aWNv
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTsO6bWVybyBkZSBmYXggKG90cm9zKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTsO6bWVybyBkZSB0ZWzDqWZvbm8gcGFydGljdWxhciAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJJcFBob25lLE7Dum0uIGRlIHRlbMOpZm9ubyBkZSBQSSAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LERpcmVjY2nDs24gZGUgY29ycmVvIGVsZWN0csOzbmljbyAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTsO6bS4gZGUgdGVsw6lmb25vIG3Ds3ZpbCAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJQYWdlcixOw7ptZXJvIGRlIGxvY2FsaXphZG9yIChvdHJvcyk=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTsO6bWVybyBkZSB0ZWzDqWZvbm8gKG90cm9zKQ==
+attributeDisplayNames:: cGFnZXIsTsO6bWVybyBkZSBsb2NhbGl6YWRvcg==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWJpY2FjacOzbiBkZSBsYSBvZmljaW5h
+attributeDisplayNames:: cG9zdGFsQ29kZSxDw7NkaWdvIHBvc3RhbA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxBcGFydGFkbyBkZSBjb3JyZW9z
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE7Dum1lcm8gSVNETiAoUkRTSSkgaW50ZXJuYWNpb25hbA==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE7Dum1lcm8gZGUgdMOpbGV4
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tYnJlIGRlIGluaWNpbyBkZSBzZXNpw7NuIChhbnRlcmlvciBhIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: c24sQXBlbGxpZG9z
+attributeDisplayNames:: c3QsRXN0YWRvL1Byb3ZpbmNpYQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxDYWxsZQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgdGVsw6lmb25v
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTsO6bWVybyBkZSB0w6lsZXggKG90cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dXJsLERpcmVjY2nDs24gZGUgcMOhZ2luYSBXZWIgKG90cm9zKQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tYnJlIHBhcmEgbW9zdHJhcg==
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxFc3RhY2lvbmVzIGRlIHRyYWJham8gZGUgaW5pY2lvIGRlIHNlc2nDs24=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tYnJlIGRlIGluaWNpbyBkZSBzZXNpw7Nu
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRGlyZWNjacOzbiBkZSBww6FnaW5hIFdlYg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror-grupp
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvci10asOkbnN0
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: QW52w6RuZGFyZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViYnNpZGVzYWRyZXNz
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsSW5sb2dnbmluZ3NuYW1u
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxJbmxvZ2duaW5nc2FyYmV0c3N0YXRpb25lcg==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzbmluZ3NuYW1u
+attributeDisplayNames:: dXJsLFdlYmJzaWRlc2FkcmVzcyAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: dGl0bGUsQmVmYXR0bmluZw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXgtbnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxHYXR1YWRyZXNz
+attributeDisplayNames:: c3QsUmVnaW9u
+attributeDisplayNames:: c24sRWZ0ZXJuYW1u
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsSW5sb2dnbmluZ3NuYW1uIChmw7ZyZSBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4LW51bW1lcg==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLElTRE4tbnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxCb3g=
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQXJiZXRzcGxhdHM=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRlbA==
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O2a2FybnVtbWVy
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm51bW1lciAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7ZrYXJudW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtcG9zdGFkcmVzcyAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgaGVtIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: aW5mbyxLb21tZW50YXJlcg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uZXRpc2sgYXZkZWxuaW5n
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbmV0aXNrdCBmw7ZyZXRhZ3NuYW1u
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmV0aXNrdCB2aXNuaW5nc25hbW4=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEZvbmV0aXNrdCBlZnRlcm5hbW4=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxGb25ldGlza3QgZsO2cm5hbW4=
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsYW5uYW1u
+attributeDisplayNames:: bWVtYmVyT2YsTWVkbGVtIGk=
+attributeDisplayNames:: bWFuYWdlcixDaGVm
+attributeDisplayNames:: bWFpbCxFLXBvc3RhZHJlc3M=
+attributeDisplayNames:: bCxPcnQ=
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSVNETi1udW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzLCBoZW0=
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24sIGhlbQ==
+attributeDisplayNames:: aG9tZURyaXZlLEFyYmV0c2VuaGV0
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxBcmJldHNtYXBw
+attributeDisplayNames:: Z2l2ZW5OYW1lLEbDtnJuYW1u
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYW1uc3VmZml4
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnN0w6RsbG5pbmdzLUlE
+attributeDisplayNames:: ZGl2aXNpb24sQXZkZWxuaW5n
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsVW5pa3QgbmFtbg==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxVbmRlcnN0w6RsbGRh
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3Jpdm5pbmc=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBdmRlbG5pbmc=
+attributeDisplayNames:: Y29tcGFueSxPcmdhbmlzYXRpb24=
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kc2bDtnJrb3J0bmluZw==
+attributeDisplayNames:: Y24sTmFtbg==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Grupp
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViYnNpZGVzYWRyZXNz
+attributeDisplayNames:: dXJsLFdlYmJzaWRlc2FkcmVzcyAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsR3J1cHBuYW1uIChmw7ZyZSBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQXJiZXRzcGxhdHM=
+attributeDisplayNames:: aW5mbyxLb21tZW50YXJlcg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmV0aXNrdCB2aXNuaW5nc25hbW4=
+attributeDisplayNames:: bWVtYmVyLE1lZGxlbW1hcg==
+attributeDisplayNames:: bWFuYWdlZEJ5LEhhbnRlcmFkIGF2
+attributeDisplayNames:: bCxPcnQ=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsVW5pa3QgbmFtbg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3Jpdm5pbmc=
+attributeDisplayNames:: YyxMYW5kc2bDtnJrb3J0bmluZw==
+attributeDisplayNames:: Y24sTmFtbg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9tw6Ru
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: dc,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Kontakt
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViYnNpZGVzYWRyZXNz
+attributeDisplayNames:: dXJsLFdlYmJzaWRlc2FkcmVzcyAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: dGl0bGUsQmVmYXR0bmluZw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXgtbnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxHYXR1YWRyZXNz
+attributeDisplayNames:: c3QsUmVnaW9u
+attributeDisplayNames:: c24sRWZ0ZXJuYW1u
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4LW51bW1lcg==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLElTRE4tbnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxCb3g=
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQXJiZXRzcGxhdHM=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRlbA==
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O2a2FybnVtbWVy
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm51bW1lciAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7ZrYXJudW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtcG9zdGFkcmVzcyAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgaGVtIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uZXRpc2sgYXZkZWxuaW5n
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbmV0aXNrdCBmw7ZyZXRhZ3NuYW1u
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmV0aXNrdCB2aXNuaW5nc25hbW4=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEZvbmV0aXNrdCBlZnRlcm5hbW4=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxGb25ldGlza3QgZsO2cm5hbW4=
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsYW5uYW1u
+attributeDisplayNames:: bWVtYmVyT2YsTWVkbGVtIGk=
+attributeDisplayNames:: bWFuYWdlcixDaGVm
+attributeDisplayNames:: bWFpbCxFLXBvc3RhZHJlc3M=
+attributeDisplayNames:: bCxPcnQ=
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSVNETi1udW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: aW5mbyxLb21tZW50YXJlcg==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzLCBoZW0=
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24sIGhlbQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEbDtnJuYW1u
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYW1uc3VmZml4
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnN0w6RsbG5pbmdzLUlE
+attributeDisplayNames:: ZGl2aXNpb24sQXZkZWxuaW5n
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsVW5pa3QgbmFtbg==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzbmluZ3NuYW1u
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxVbmRlcnN0w6RsbGRh
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3Jpdm5pbmc=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBdmRlbG5pbmc=
+attributeDisplayNames:: Y29tcGFueSxPcmdhbmlzYXRpb24=
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y24sTmFtbg==
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kc2bDtnJrb3J0bmluZw==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9tw6RucHJpbmNpcA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Lokal princip
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Delad mapp
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxOw6R0dmVya3Nzw7ZrdsOkZw==
+attributeDisplayNames:: a2V5d29yZHMsTnlja2Vsb3Jk
+attributeDisplayNames:: bWFuYWdlZEJ5LEhhbnRlcmFkIGF2
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3Jpdm5pbmc=
+attributeDisplayNames:: Y24sTmFtbg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VGrDpG5zdA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Dator
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmV0aXNrdCB2aXNuaW5nc25hbW4=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsRGF0b3JuYW1uIChmw7ZyZSBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixPcGVyYXRpdnN5c3RlbXZlcnNpb24=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLE9wZXJhdGl2c3lzdGVt
+attributeDisplayNames:: bWFuYWdlZEJ5LEhhbnRlcmFkIGF2
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3Jpdm5pbmc=
+attributeDisplayNames:: Y24sTmFtbg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Skrivare
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixPYmpla3R2ZXJzaW9u
+attributeDisplayNames:: dXJsLFdlYmJzaWRlc2FkcmVzcw==
+attributeDisplayNames:: c2VydmVyTmFtZSxTZXJ2ZXJuYW1u
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxTdMO2ZGVyIGjDpGZ0bmluZw==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsUmVzdXJzbmFtbg==
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxTaWRvciBwZXIgbWludXQ=
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxFbmhldGVyIGbDtnIgaGFzdGlnaGV0
+attributeDisplayNames:: cHJpbnRSYXRlLEhhc3RpZ2hldA==
+attributeDisplayNames:: cHJpbnRPd25lcixOYW1uIHDDpSDDpGdhcmU=
+attributeDisplayNames:: cHJpbnRNZW1vcnksSW5zdGFsbGVyYXQgbWlubmU=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxQYXBwZXJzdHlwZXIgc29tIHN0w7Zkcw==
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFRpbGxnw6RuZ2xpZ2EgcGFwcGVy
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLE1heGltYWwgdXBwbMO2c25pbmc=
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxTa3JpdmFyc3Byw6Vr
+attributeDisplayNames:: cHJpbnRlck5hbWUsTmFtbg==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsU3TDtmRlciBkdWJiZWxzaWRpZyB1dHNrcmlmdA==
+attributeDisplayNames:: cHJpbnRDb2xvcixTdMO2ZGVyIGbDpHJndXRza3JpZnQ=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFN0w7ZkZXIgc29ydGVyaW5n
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxJbm1hdG5pbmdzZmFjaw==
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydA==
+attributeDisplayNames:: bG9jYXRpb24sU2tyaXZhcmVucyBwbGF0cw==
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbGw=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS29tbWVudGFy
+attributeDisplayNames:: Y29udGFjdE5hbWUsS29udGFrdA==
+attributeDisplayNames:: YXNzZXROdW1iZXIsSW52ZW50YXJpZW51bW1lcg==
+attributeDisplayNames:: dU5DTmFtZSxOw6R0dmVya3NuYW1u
+attributeDisplayNames:: Y24sS2F0YWxvZ3Rqw6Ruc3RuYW1u
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Plats
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: SW5zdMOkbGxuaW5nYXI=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTLWluc3TDpGxsbmluZ2Fy
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTLXJlcGxpa3VwcHPDpHR0bmluZw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: SW5zdMOkbGxuaW5nYXIgZsO2ciBkb23DpG5rb250cm9sbGFudA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Anslutning
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: VW5kZXJuw6R0
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Organisationsenhet
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: managedBy,Hanterad av
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: ou,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: QmVow6VsbGFyZQ==
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: QmV0cm9kZCBkb23DpG4=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uZXRpc2sgYXZkZWxuaW5nLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbmV0aXNrdCBmw7ZyZXRhZ3NuYW1uLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLEZvbmV0aXNrdCBlZnRlcm5hbW4sMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSxGb25ldGlza3QgZsO2cm5hbW4sMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmV0aXNrdCB2aXNuaW5nc25hbW4sMCwxMDAsMA==
+extraColumns:: cG9zdGFsQ29kZSxQb3N0bnVtbWVyLDAsMTAwLDA=
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAtZS1wb3N0YWRyZXNzLDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsQW52w6RuZGFyZW5zIGlubG9nZ25pbmdzbmFtbiwwLDIwMCww
+extraColumns:: dGl0bGUsQmVmYXR0bmluZywwLDEwMCww
+extraColumns:: dGFyZ2V0QWRkcmVzcyxNw6VsYWRyZXNzLDAsMTAwLDA=
+extraColumns:: c3QsVGlsbHN0w6VuZCwwLDEwMCww
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9yLDAsMTAwLDA=
+extraColumns:: d2hlbkNoYW5nZWQsw4RuZHJhZCwwLDEzMCww
+extraColumns:: c24sRWZ0ZXJuYW1uLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMIGbDtnIgc25hYmJtZWRkZWxhbmRlbiwwLDE0MCww
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxIZW1zZXJ2ZXIgZsO2ciBzbmFiYm1lZGRlbGFuZGVuLDAsMTcwLDA=
+extraColumns:: Z2l2ZW5OYW1lLEbDtnJuYW1uLDAsMTAwLDA=
+extraColumns:: aG9tZU1EQixFeGNoYW5nZS1wb3N0bMOlZGVzYXJraXYsMCwxMDAsMA==
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlLWFsaWFzLDAsMTc1LDA=
+extraColumns:: bWFpbCxFLXBvc3RhZHJlc3MsMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsSW5sb2dnbmluZ3NuYW1uIChmw7ZyZSBXaW5kb3dzIDIwMDApLDAsMTIwLDA=
+extraColumns:: ZGlzcGxheU5hbWUsVmlzbmluZ3NuYW1uLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCxBdmRlbG5pbmcsMCwxNTAsMA==
+extraColumns:: YyxMYW5kLDAsLTEsMA==
+extraColumns:: Y29tcGFueSxPcmdhbmlzYXRpb24sMCwxNTAsMA==
+extraColumns:: bCxPcnQsMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLFRlbGVmb24sIGFyYmV0ZSwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UGxhdHNsw6Ruaw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UGxhdHNsw6Rua2JyeWdnYQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Transport mellan platser
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: UGxhdHNpbnN0w6RsbG5pbmdhciBmw7ZyIGxpY2Vuc2llcmluZw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: UGxhdHNpbnN0w6RsbG5pbmdhcg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-medlem
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-prenumerant
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-prenumerationer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UlBDLXRqw6Ruc3Rlcg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUS1rw7Y=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-konfiguration
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUS1mw7ZyZXRhZw==
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUS11cHBncmFkZXJhZCBhbnbDpG5kYXJl
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUS1yb3V0bmluZ2zDpG5r
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUS1pbnN0w6RsbG5pbmdhcg==
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUS1rw7ZhbGlhcw==
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Formatnamn
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: MSMQ-grupp
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLE1lZGxlbXNrw7Zlcg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3Jpdm5pbmc=
+attributeDisplayNames:: Y24sTmFtbg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: VGrDpG5zdGVuIFJlbW90ZSBTdG9yYWdl
+adminContextMenu: 0,&Hantera...,RsAdmin.msc
+attributeDisplayNames: cn,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVow6VsbGFyZSBmw7ZyIHBsYXRzZXI=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVow6VsbGFyZSBmw7ZyIHRyYW5zcG9ydGVyIG1lbGxhbiBwbGF0c2Vy
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVow6VsbGFyZSBmw7ZyIHVuZGVybsOkdA==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVow6VsbGFyZSBmw7ZyIHNlcnZyYXI=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Active Directory Domain Services
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: RnLDpWdlcHJpbmNpcA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: RXh0ZXJudCBzw6RrZXJoZXRzb2JqZWt0
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Certifikatmall
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LFNlbmFzdCBrw6RuZGEgw7Z2ZXJvcmRuYWQsMSwzMDAsMA==
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+attributeDisplayNames:: Y24sTmFtbg==
+attributeDisplayNames:: YyxMYW5kc2bDtnJrb3J0bmluZw==
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y29tcGFueSxPcmdhbmlzYXRpb24=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBdmRlbG5pbmc=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3Jpdm5pbmc=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxVbmRlcnN0w6RsbGRh
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsVW5pa3QgbmFtbg==
+attributeDisplayNames:: ZGl2aXNpb24sQXZkZWxuaW5n
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnN0w6RsbG5pbmdzLUlE
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYW1uc3VmZml4
+attributeDisplayNames:: Z2l2ZW5OYW1lLEbDtnJuYW1u
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxBcmJldHNtYXBw
+attributeDisplayNames:: aG9tZURyaXZlLEFyYmV0c2VuaGV0
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24sIGhlbQ==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzLCBoZW0=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSVNETi1udW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: bCxPcnQ=
+attributeDisplayNames:: bWFpbCxFLXBvc3RhZHJlc3M=
+attributeDisplayNames:: bWFuYWdlcixDaGVm
+attributeDisplayNames:: bWVtYmVyT2YsTWVkbGVtIGk=
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsYW5uYW1u
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uZXRpc2sgYXZkZWxuaW5n
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbmV0aXNrdCBmw7ZyZXRhZ3NuYW1u
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmV0aXNrdCB2aXNuaW5nc25hbW4=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEZvbmV0aXNrdCBlZnRlcm5hbW4=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxGb25ldGlza3QgZsO2cm5hbW4=
+attributeDisplayNames:: aW5mbyxLb21tZW50YXJlcg==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgaGVtIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtcG9zdGFkcmVzcyAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7ZrYXJudW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm51bW1lciAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O2a2FybnVtbWVy
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRlbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQXJiZXRzcGxhdHM=
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxCb3g=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLElTRE4tbnVtbWVy
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4LW51bW1lcg==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsSW5sb2dnbmluZ3NuYW1uIChmw7ZyZSBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: c24sRWZ0ZXJuYW1u
+attributeDisplayNames:: c3QsUmVnaW9u
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxHYXR1YWRyZXNz
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXgtbnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: dGl0bGUsQmVmYXR0bmluZw==
+attributeDisplayNames:: dXJsLFdlYmJzaWRlc2FkcmVzcyAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzbmluZ3NuYW1u
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxJbmxvZ2duaW5nc2FyYmV0c3N0YXRpb25lcg==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsSW5sb2dnbmluZ3NuYW1u
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViYnNpZGVzYWRyZXNz
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Gruppo IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: Servizio IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Utente
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsSW5kaXJpenpvIHBhZ2luYSBXZWI=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBkaSBhY2Nlc3Nv
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxXb3Jrc3RhdGlvbiBkaSBhY2Nlc3Nv
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tZSB2aXN1YWxpenphdG8=
+attributeDisplayNames:: dXJsLEluZGlyaXp6byBwYWdpbmEgV2ViIChhbHRyaSk=
+attributeDisplayNames:: dGl0bGUsUG9zaXppb25l
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtZXJvIHRlbGV4IChhbHRyaSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bWVybyBkaSB0ZWxlZm9ubw==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxWaWEgZSBudW1lcm8gY2l2aWNv
+attributeDisplayNames:: c3QsUHJvdmluY2lh
+attributeDisplayNames:: c24sQ29nbm9tZQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkaSBhY2Nlc3NvIChwcmVjZWRlbnRlIGEgV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bWVybyB0ZWxleA==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE51bWVybyBJU0ROIGludGVybmF6aW9uYWxl
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxDYXNlbGxhIHBvc3RhbGU=
+attributeDisplayNames:: cG9zdGFsQ29kZSxDQVA=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWZmaWNpbw==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRvbG8=
+attributeDisplayNames:: cGFnZXIsTnVtZXJvIGNlcmNhcGVyc29uZQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtZXJvIGRpIHRlbGVmb25vIChhbHRyaSk=
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW1lcm8gY2VyY2FwZXJzb25lIChhbHRyaSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtZXJvIGNlbGx1bGFyZSAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEluZGlyaXp6byBwb3N0YSBlbGV0dHJvbmljYSAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bWVybyBkaSB0ZWxlZm9ubyBJUCAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtZXJvIGRpIHRlbGVmb25vIGFiaXRhemlvbmUgKGFsdHJpKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtZXJvIGZheCAoYWx0cmkp
+attributeDisplayNames:: aW5mbyxOb3Rl
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsUmVwYXJ0byAoZm9uZXRpY28p
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLE5vbWUgc29jaWV0w6AgKGZvbmV0aWNvKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbWUgdmlzdWFsaXp6YXRvIChmb25ldGljbyk=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLENvZ25vbWUgKGZvbmV0aWNvKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxOb21lIChmb25ldGljbyk=
+attributeDisplayNames:: bW9iaWxlLE51bWVybyBjZWxsdWxhcmU=
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWNvbmRvIG5vbWU=
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJvIGRp
+attributeDisplayNames:: bWFuYWdlcixNYW5hZ2Vy
+attributeDisplayNames:: bWFpbCxJbmRpcml6em8gcG9zdGEgZWxldHRyb25pY2E=
+attributeDisplayNames:: bCxDaXR0w6A=
+attributeDisplayNames:: aXBQaG9uZSxOdW1lcm8gZGkgdGVsZWZvbm8gSVA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTnVtZXJvIElTRE4gaW50ZXJuYXppb25hbGUgKGFsdHJpKQ==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pemlhbGk=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsSW5kaXJpenpvIChhYi4p
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25vIChhYi4p
+attributeDisplayNames:: aG9tZURyaXZlLFVuaXTDoCBob21l
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxIb21lIGRpcmVjdG9yeQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLE5vbWU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZmaXNzbyBnZW5lcmF6aW9uYWxl
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bWVybyBmYXg=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJRCBkaXBlbmRlbnRl
+attributeDisplayNames:: ZGl2aXNpb24sRGlwYXJ0aW1lbnRv
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBkaXN0aW50bw==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxTdWJhbHRlcm5p
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpemlvbmU=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxSZXBhcnRv
+attributeDisplayNames:: Y29tcGFueSxTb2NpZXTDoA==
+attributeDisplayNames:: Y29tbWVudCxDb21tZW50bw==
+attributeDisplayNames:: Y28sUGFlc2U=
+attributeDisplayNames:: YyxBYmJyZXZpYXppb25lIHBhZXNl
+attributeDisplayNames:: Y24sTm9tZQ==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Gruppo
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsSW5kaXJpenpvIHBhZ2luYSBXZWI=
+attributeDisplayNames:: dXJsLEluZGlyaXp6byBwYWdpbmEgV2ViIChhbHRyaSk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBncnVwcG8gKHByZWNlZGVudGUgYSBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWZmaWNpbw==
+attributeDisplayNames:: aW5mbyxOb3Rl
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbWUgdmlzdWFsaXp6YXRvIChmb25ldGljbyk=
+attributeDisplayNames:: bWVtYmVyLE1lbWJyaQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlc3RpdG8gZGE=
+attributeDisplayNames:: bCxDaXR0w6A=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBkaXN0aW50bw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpemlvbmU=
+attributeDisplayNames:: YyxBYmJyZXZpYXppb25lIHBhZXNl
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Dominio
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: dc,Nome
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contatto
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsSW5kaXJpenpvIHBhZ2luYSBXZWI=
+attributeDisplayNames:: dXJsLEluZGlyaXp6byBwYWdpbmEgV2ViIChhbHRyaSk=
+attributeDisplayNames:: dGl0bGUsUG9zaXppb25l
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtZXJvIHRlbGV4IChhbHRyaSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bWVybyBkaSB0ZWxlZm9ubw==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxWaWEgZSBudW1lcm8gY2l2aWNv
+attributeDisplayNames:: c3QsUHJvdmluY2lh
+attributeDisplayNames:: c24sQ29nbm9tZQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bWVybyB0ZWxleA==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE51bWVybyBJU0ROIGludGVybmF6aW9uYWxl
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxDYXNlbGxhIHBvc3RhbGU=
+attributeDisplayNames:: cG9zdGFsQ29kZSxDQVA=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWZmaWNpbw==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRvbG8=
+attributeDisplayNames:: cGFnZXIsTnVtZXJvIGNlcmNhcGVyc29uZQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtZXJvIGRpIHRlbGVmb25vIChhbHRyaSk=
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW1lcm8gY2VyY2FwZXJzb25lIChhbHRyaSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtZXJvIGNlbGx1bGFyZSAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEluZGlyaXp6byBwb3N0YSBlbGV0dHJvbmljYSAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bWVybyBkaSB0ZWxlZm9ubyBJUCAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtZXJvIGRpIHRlbGVmb25vIGFiaXRhemlvbmUgKGFsdHJpKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtZXJvIGZheCAoYWx0cmkp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsUmVwYXJ0byAoZm9uZXRpY28p
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLE5vbWUgc29jaWV0w6AgKGZvbmV0aWNvKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbWUgdmlzdWFsaXp6YXRvIChmb25ldGljbyk=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLENvZ25vbWUgKGZvbmV0aWNvKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxOb21lIChmb25ldGljbyk=
+attributeDisplayNames:: bW9iaWxlLE51bWVybyBjZWxsdWxhcmU=
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWNvbmRvIG5vbWU=
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJvIGRp
+attributeDisplayNames:: bWFuYWdlcixNYW5hZ2Vy
+attributeDisplayNames:: bWFpbCxJbmRpcml6em8gcG9zdGEgZWxldHRyb25pY2E=
+attributeDisplayNames:: bCxDaXR0w6A=
+attributeDisplayNames:: aXBQaG9uZSxOdW1lcm8gZGkgdGVsZWZvbm8gSVA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTnVtZXJvIElTRE4gaW50ZXJuYXppb25hbGUgKGFsdHJpKQ==
+attributeDisplayNames:: aW5mbyxOb3Rl
+attributeDisplayNames:: aW5pdGlhbHMsSW5pemlhbGk=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsSW5kaXJpenpvIChhYi4p
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25vIChhYi4p
+attributeDisplayNames:: Z2l2ZW5OYW1lLE5vbWU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZmaXNzbyBnZW5lcmF6aW9uYWxl
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bWVybyBmYXg=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJRCBkaXBlbmRlbnRl
+attributeDisplayNames:: ZGl2aXNpb24sRGlwYXJ0aW1lbnRv
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBkaXN0aW50bw==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tZSB2aXN1YWxpenphdG8=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxTdWJhbHRlcm5p
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpemlvbmU=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxSZXBhcnRv
+attributeDisplayNames:: Y29tcGFueSxTb2NpZXTDoA==
+attributeDisplayNames:: Y29tbWVudCxDb21tZW50bw==
+attributeDisplayNames:: Y24sTm9tZQ==
+attributeDisplayNames:: Y28sUGFlc2U=
+attributeDisplayNames:: YyxBYmJyZXZpYXppb25lIHBhZXNl
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Criteri dominio
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Criteri locali
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Cartella condivisa
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: uNCName,Percorso di rete
+attributeDisplayNames: keywords,Parole chiave
+attributeDisplayNames: managedBy,Gestito da
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Servizio
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Computer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: MSDS-PhoneticDisplayName,Nome visualizzato (fonetico)
+attributeDisplayNames: samAccountName,Nome computer (precedente a Windows 2000)
+attributeDisplayNames: operatingSystemVersion,Versione sistema operativo
+attributeDisplayNames: operatingSystem,Sistema operativo
+attributeDisplayNames: managedBy,Gestito da
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Stampante
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixWZXJzaW9uZSBvZ2dldHRv
+attributeDisplayNames:: dXJsLEluZGlyaXp6byBwYWdpbmEgV2Vi
+attributeDisplayNames:: c2VydmVyTmFtZSxOb21lIHNlcnZlcg==
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxTdXBwb3J0YSBsYSBncmFmZmF0dXJh
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTm9tZSBjb25kaXZpc2lvbmU=
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxQYWdpbmUgYWwgbWludXRv
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxVbml0w6AgdmVsb2NpdMOg
+attributeDisplayNames:: cHJpbnRSYXRlLFZlbG9jaXTDoA==
+attributeDisplayNames:: cHJpbnRPd25lcixOb21lIHByb3ByaWV0YXJpbw==
+attributeDisplayNames:: cHJpbnRNZW1vcnksTWVtb3JpYSBpbnN0YWxsYXRh
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxUaXBpIGRpIGNhcnRhIHN1cHBvcnRhdGk=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LENhcnRhIGRpc3BvbmliaWxl
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLFJpc29sdXppb25lIG1hc3NpbWE=
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxMaW5ndWFnZ2lvIHN0YW1wYW50ZQ==
+attributeDisplayNames:: cHJpbnRlck5hbWUsTm9tZQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsU3VwcG9ydGEgbGEgc3RhbXBhIGZyb250ZS1yZXRybw==
+attributeDisplayNames:: cHJpbnRDb2xvcixTdXBwb3J0YSBsYSBzdGFtcGEgYSBjb2xvcmk=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFN1cHBvcnRhIGxhIGZhc2NpY29sYXppb25l
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxDYXNzZXR0aSBkaSBpbnB1dA==
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydGE=
+attributeDisplayNames:: bG9jYXRpb24sUG9zaXppb25l
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbGxv
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQ29tbWVudG8=
+attributeDisplayNames:: Y29udGFjdE5hbWUsQ29udGF0dG8=
+attributeDisplayNames:: YXNzZXROdW1iZXIsTnVtZXJvIGFzc2V0
+attributeDisplayNames:: dU5DTmFtZSxOb21lIHJldGU=
+attributeDisplayNames:: Y24sTm9tZSBzZXJ2aXppbyBkaXJlY3Rvcnk=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Sito
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Impostazioni
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Impostazioni FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Set di repliche FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Impostazioni controller di dominio
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Connessione
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Subnet
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VW5pdMOgIG9yZ2FuaXp6YXRpdmE=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: managedBy,Gestito da
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: ou,Nome
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contenitore
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Dominio trusted
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQsUmVwYXJ0byAoZm9uZXRpY28pLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLE5vbWUgc29jaWV0w6AgKGZvbmV0aWNvKSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLENvZ25vbWUgKGZvbmV0aWNvKSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSxOb21lIChmb25ldGljbyksMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbWUgdmlzdWFsaXp6YXRvIChmb25ldGljbyksMCwxMDAsMA==
+extraColumns:: cG9zdGFsQ29kZSxDQVAsMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsSW5kaXJpenpvIHBvc3RhIGVsZXR0cm9uaWNhIFguNDAwLDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBhY2Nlc3NvIHV0ZW50ZSwwLDIwMCww
+extraColumns:: dGl0bGUsUG9zaXppb25lLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyxJbmRpcml6em8gZGkgZGVzdGluYXppb25lLDAsMTAwLDA=
+extraColumns:: c3QsU3RhdG8sMCwxMDAsMA==
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWZmaWNpbywwLDEwMCww
+extraColumns:: d2hlbkNoYW5nZWQsVWx0aW1hIG1vZGlmaWNhLDAsMTMwLDA=
+extraColumns:: c24sQ29nbm9tZSwwLDEwMCww
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMIG1lc3NhZ2dpc3RpY2EgaW1tZWRpYXRhLDAsMTQwLDA=
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxIb21lIHNlcnZlciBtZXNzYWdnaXN0aWNhIGltbWVkaWF0YSwwLDE3MCww
+extraColumns:: Z2l2ZW5OYW1lLE5vbWUsMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixBcmNoaXZpbyBjYXNzZXR0ZSBwb3N0YWxpIEV4Y2hhbmdlLDAsMTAwLDA=
+extraColumns:: bWFpbE5pY2tuYW1lLEFsaWFzIEV4Y2hhbmdlLDAsMTc1LDA=
+extraColumns:: bWFpbCxJbmRpcml6em8gcG9zdGEgZWxldHRyb25pY2EsMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsTm9tZSBkaSBhY2Nlc3NvIHByZWNlZGVudGUgYSBXaW5kb3dzIDIwMDAsMCwxMjAsMA==
+extraColumns:: ZGlzcGxheU5hbWUsTm9tZSB2aXN1YWxpenphdG8sMCwxMDAsMA==
+extraColumns:: ZGVwYXJ0bWVudCxSZXBhcnRvLDAsMTUwLDA=
+extraColumns:: YyxQYWVzZSwwLC0xLDA=
+extraColumns:: Y29tcGFueSxTb2NpZXTDoCwwLDE1MCww
+extraColumns:: bCxDaXR0w6AsMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25vICh1ZmYuKSwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Collegamento di sito
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Bridge collegamento di sito
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Trasporto tra siti
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Impostazioni sito gestione licenze
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName: Impostazioni sito
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Membro FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Sottoscrittore FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Sottoscrizioni FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Servizi RPC
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: Coda MSMQ
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: Configurazione MSMQ
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ Enterprise
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName: Utente aggiornato MSMQ
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: Collegamento routing MSMQ
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName: Impostazioni MSMQ
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: Alias coda MSMQ
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Nome formato
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: Gruppo MSMQ
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames: member,Code membri
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Servizio di archiviazione remota
+adminContextMenu: 0,&Gestisci...,RsAdmin.msc
+attributeDisplayNames: cn,Nome
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenitore siti
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenitore trasporti tra siti
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenitore subnet
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenitore server
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Servizi di dominio Active Directory
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Criteri query
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: RW50aXTDoCBkaSBwcm90ZXppb25lIGVzdGVybmE=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Modello di certificato
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns: lastKnownParent,Ultimo padre noto,1,300,0
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+attributeDisplayNames:: Y24sTm9tZQ==
+attributeDisplayNames:: YyxBYmJyZXZpYXppb25lIHBhZXNl
+attributeDisplayNames:: Y28sUGFlc2U=
+attributeDisplayNames:: Y29tbWVudCxDb21tZW50bw==
+attributeDisplayNames:: Y29tcGFueSxTb2NpZXTDoA==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxSZXBhcnRv
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpemlvbmU=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxTdWJhbHRlcm5p
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBkaXN0aW50bw==
+attributeDisplayNames:: ZGl2aXNpb24sRGlwYXJ0aW1lbnRv
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJRCBkaXBlbmRlbnRl
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bWVybyBmYXg=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZmaXNzbyBnZW5lcmF6aW9uYWxl
+attributeDisplayNames:: Z2l2ZW5OYW1lLE5vbWU=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxIb21lIGRpcmVjdG9yeQ==
+attributeDisplayNames:: aG9tZURyaXZlLFVuaXTDoCBob21l
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25vIChhYi4p
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsSW5kaXJpenpvIChhYi4p
+attributeDisplayNames:: aW5pdGlhbHMsSW5pemlhbGk=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTnVtZXJvIElTRE4gaW50ZXJuYXppb25hbGUgKGFsdHJpKQ==
+attributeDisplayNames:: aXBQaG9uZSxOdW1lcm8gZGkgdGVsZWZvbm8gSVA=
+attributeDisplayNames:: bCxDaXR0w6A=
+attributeDisplayNames:: bWFpbCxJbmRpcml6em8gcG9zdGEgZWxldHRyb25pY2E=
+attributeDisplayNames:: bWFuYWdlcixNYW5hZ2Vy
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJvIGRp
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWNvbmRvIG5vbWU=
+attributeDisplayNames:: bW9iaWxlLE51bWVybyBjZWxsdWxhcmU=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsUmVwYXJ0byAoZm9uZXRpY28p
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLE5vbWUgc29jaWV0w6AgKGZvbmV0aWNvKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbWUgdmlzdWFsaXp6YXRvIChmb25ldGljbyk=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLENvZ25vbWUgKGZvbmV0aWNvKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxOb21lIChmb25ldGljbyk=
+attributeDisplayNames:: aW5mbyxOb3Rl
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtZXJvIGZheCAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm8gYWJpdGF6aW9uZSAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bWVybyBkaSB0ZWxlZm9ubyBJUCAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEluZGlyaXp6byBwb3N0YSBlbGV0dHJvbmljYSAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtZXJvIGNlbGx1bGFyZSAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW1lcm8gY2VyY2FwZXJzb25lIChhbHRyaSk=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtZXJvIGRpIHRlbGVmb25vIChhbHRyaSk=
+attributeDisplayNames:: cGFnZXIsTnVtZXJvIGNlcmNhcGVyc29uZQ==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRvbG8=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWZmaWNpbw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxDQVA=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxDYXNlbGxhIHBvc3RhbGU=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE51bWVybyBJU0ROIGludGVybmF6aW9uYWxl
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bWVybyB0ZWxleA==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkaSBhY2Nlc3NvIChwcmVjZWRlbnRlIGEgV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: c24sQ29nbm9tZQ==
+attributeDisplayNames:: c3QsUHJvdmluY2lh
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxWaWEgZSBudW1lcm8gY2l2aWNv
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bWVybyBkaSB0ZWxlZm9ubw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtZXJvIHRlbGV4IChhbHRyaSk=
+attributeDisplayNames:: dGl0bGUsUG9zaXppb25l
+attributeDisplayNames:: dXJsLEluZGlyaXp6byBwYWdpbmEgV2ViIChhbHRyaSk=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tZSB2aXN1YWxpenphdG8=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxXb3Jrc3RhdGlvbiBkaSBhY2Nlc3Nv
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBkaSBhY2Nlc3Nv
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsSW5kaXJpenpvIHBhZ2luYSBXZWI=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Skupina IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: U2x1xb5iYSBJbnRlbGxpTWlycm9y
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VcW+aXZhdGVs
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNhIHN0csOhbmt5IFdXVw==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsUMWZaWhsYcWhb3ZhY8OtIGptw6lubw==
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxQxZlpaGxhxaFvdmFjw60gcHJhY292bsOtIHN0YW5pY2U=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsWm9icmF6b3ZhbsO9IG7DoXpldg==
+attributeDisplayNames:: dXJsLFdlYm92w6EgYWRyZXNhIChvc3RhdG7DrSk=
+attributeDisplayNames:: dGl0bGUsRnVua2Nl
+attributeDisplayNames:: dGVsZXhOdW1iZXIsRMOhbG5vcGlzIChvc3RhdG7DrSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25uw60gxI3DrXNsbw==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc2E=
+attributeDisplayNames:: c3QsT2tyZXM=
+attributeDisplayNames:: c24sUMWZw61qbWVuw60=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsUMWZaWhsYcWhb3ZhY8OtIGptw6lubyAocHJvIHN5c3TDqW15IHN0YXLFocOtIG5lxb4gV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLETDoWxub3Bpcw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE1lemluw6Fyb2Ruw60gxI3DrXNsbyBJU0RO
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb8WhdG92bsOtIHDFmWlocsOhZGth
+attributeDisplayNames:: cG9zdGFsQ29kZSxQU8SM
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVW3DrXN0xJtuw60gcHJhY292acWhdMSb
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxOw6F6ZXY=
+attributeDisplayNames:: cGFnZXIsxIzDrXNsbyBvcGVyw6F0b3J1
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm7DrSDEjcOtc2xvIChvc3RhdG7DrSk=
+attributeDisplayNames:: b3RoZXJQYWdlcizEjMOtc2xvIG9wZXLDoXRvcnUgKG9zdGF0bsOtKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWxuw60gdGVsZWZvbiAob3N0YXRuw60p
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtbWFpbG92w6EgYWRyZXNhIChvc3RhdG7DrSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLFRlbGVmb25uw60gxI3DrXNsbyBJUCAob3N0YXRuw60p
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbiBkb23FryAob3N0YXRuw60p
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4b3bDqSDEjcOtc2xvIChvc3RhdG7DrSk=
+attributeDisplayNames:: aW5mbyxQb3puw6Fta3k=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsT2RkxJtsZW7DrSBmb25ldGlja3k=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLE7DoXpldiBzcG9sZcSNbm9zdGkgZm9uZXRpY2t5
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLFpvYnJhem92YW7DvSBuw6F6ZXYgZm9uZXRpY2t5
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLFDFmcOtam1lbsOtIGZvbmV0aWNreQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxKbcOpbm8gZm9uZXRpY2t5
+attributeDisplayNames:: bW9iaWxlLE1vYmlsbsOtIHRlbGVmb24=
+attributeDisplayNames:: bWlkZGxlTmFtZSwyLiBrxZllc3Ruw60gam3DqW5v
+attributeDisplayNames:: bWVtYmVyT2YsSmUgxI1sZW5lbQ==
+attributeDisplayNames:: bWFuYWdlcixOYWTFmcOtemVuw70=
+attributeDisplayNames:: bWFpbCxFLW1haWxvdsOhIGFkcmVzYQ==
+attributeDisplayNames:: bCxNxJtzdG8=
+attributeDisplayNames:: aXBQaG9uZSxUZWxlZm9ubsOtIMSNw61zbG8gSVA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTWV6aW7DoXJvZG7DrSDEjcOtc2xvIElTRE4gKG9zdGF0bsOtKQ==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2nDoWx5IGRhbMWhw61jaCBqbWVu
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNhIGRvbcWv
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gKGRvbcWvKQ==
+attributeDisplayNames:: aG9tZURyaXZlLERvbW92c2vDoSBqZWRub3RrYQ==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxEb21vdnNrw6Egc2xvxb5rYQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEptw6lubw==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixQxZnDrXBvbmEgemEgam3DqW5lbQ==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG92w6kgxI3DrXNsbw==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZGVudGlmaWthxI1uw60gxI3DrXNsbyB6YW3Em3N0bmFuY2U=
+attributeDisplayNames:: ZGl2aXNpb24sT2RkxJtsZW7DrQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsUm96bGnFoXVqw61jw60gbsOhemV2
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxQxZnDrW3DrSBwb2TFmcOtemVuw60=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPZGTEm2xlbsOt
+attributeDisplayNames:: Y29tcGFueSxTcG9sZcSNbm9zdA==
+attributeDisplayNames:: Y29tbWVudCxLb21lbnTDocWZ
+attributeDisplayNames:: Y28sWmVtxJs=
+attributeDisplayNames:: Yyxaa3JhdGthIHplbcSb
+attributeDisplayNames:: Y24sSm3DqW5v
+attributeDisplayNames:: YXNzaXN0YW50LEFzaXN0ZW50
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Skupina
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNhIHN0csOhbmt5IFdXVw==
+attributeDisplayNames:: dXJsLFdlYm92w6EgYWRyZXNhIChvc3RhdG7DrSk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTsOhemV2IHNrdXBpbnkgKHBybyBzeXN0w6lteSBzdGFyxaHDrSBuZcW+IFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVW3DrXN0xJtuw60gcHJhY292acWhdMSb
+attributeDisplayNames:: aW5mbyxQb3puw6Fta3k=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLFpvYnJhem92YW7DvSBuw6F6ZXYgZm9uZXRpY2t5
+attributeDisplayNames:: bWVtYmVyLMSMbGVub3bDqQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LFNwcsOhdmNlIG9iamVrdHU=
+attributeDisplayNames:: bCxNxJtzdG8=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsUm96bGnFoXVqw61jw60gbsOhemV2
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Yyxaa3JhdGthIHplbcSb
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9tw6luYQ==
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: ZGMsSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Kontakt
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNhIHN0csOhbmt5IFdXVw==
+attributeDisplayNames:: dXJsLFdlYm92w6EgYWRyZXNhIChvc3RhdG7DrSk=
+attributeDisplayNames:: dGl0bGUsRnVua2Nl
+attributeDisplayNames:: dGVsZXhOdW1iZXIsRMOhbG5vcGlzIChvc3RhdG7DrSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25uw60gxI3DrXNsbw==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc2E=
+attributeDisplayNames:: c3QsT2tyZXM=
+attributeDisplayNames:: c24sUMWZw61qbWVuw60=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLETDoWxub3Bpcw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE1lemluw6Fyb2Ruw60gxI3DrXNsbyBJU0RO
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb8WhdG92bsOtIHDFmWlocsOhZGth
+attributeDisplayNames:: cG9zdGFsQ29kZSxQU8SM
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVW3DrXN0xJtuw60gcHJhY292acWhdMSb
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxOw6F6ZXY=
+attributeDisplayNames:: cGFnZXIsxIzDrXNsbyBvcGVyw6F0b3J1
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm7DrSDEjcOtc2xvIChvc3RhdG7DrSk=
+attributeDisplayNames:: b3RoZXJQYWdlcizEjMOtc2xvIG9wZXLDoXRvcnUgKG9zdGF0bsOtKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWxuw60gdGVsZWZvbiAob3N0YXRuw60p
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtbWFpbG92w6EgYWRyZXNhIChvc3RhdG7DrSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLFRlbGVmb25uw60gxI3DrXNsbyBJUCAob3N0YXRuw60p
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbiBkb23FryAob3N0YXRuw60p
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4b3bDqSDEjcOtc2xvIChvc3RhdG7DrSk=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsT2RkxJtsZW7DrSBmb25ldGlja3k=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLE7DoXpldiBzcG9sZcSNbm9zdGkgZm9uZXRpY2t5
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLFpvYnJhem92YW7DvSBuw6F6ZXYgZm9uZXRpY2t5
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLFDFmcOtam1lbsOtIGZvbmV0aWNreQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxKbcOpbm8gZm9uZXRpY2t5
+attributeDisplayNames:: bW9iaWxlLE1vYmlsbsOtIHRlbGVmb24=
+attributeDisplayNames:: bWlkZGxlTmFtZSwyLiBrxZllc3Ruw60gam3DqW5v
+attributeDisplayNames:: bWVtYmVyT2YsSmUgxI1sZW5lbQ==
+attributeDisplayNames:: bWFuYWdlcixOYWTFmcOtemVuw70=
+attributeDisplayNames:: bWFpbCxFLW1haWxvdsOhIGFkcmVzYQ==
+attributeDisplayNames:: bCxNxJtzdG8=
+attributeDisplayNames:: aXBQaG9uZSxUZWxlZm9ubsOtIMSNw61zbG8gSVA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTWV6aW7DoXJvZG7DrSDEjcOtc2xvIElTRE4gKG9zdGF0bsOtKQ==
+attributeDisplayNames:: aW5mbyxQb3puw6Fta3k=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2nDoWx5IGRhbMWhw61jaCBqbWVu
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNhIGRvbcWv
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gKGRvbcWvKQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEptw6lubw==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixQxZnDrXBvbmEgemEgam3DqW5lbQ==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG92w6kgxI3DrXNsbw==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZGVudGlmaWthxI1uw60gxI3DrXNsbyB6YW3Em3N0bmFuY2U=
+attributeDisplayNames:: ZGl2aXNpb24sT2RkxJtsZW7DrQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsUm96bGnFoXVqw61jw60gbsOhemV2
+attributeDisplayNames:: ZGlzcGxheU5hbWUsWm9icmF6b3ZhbsO9IG7DoXpldg==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxQxZnDrW3DrSBwb2TFmcOtemVuw60=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPZGTEm2xlbsOt
+attributeDisplayNames:: Y29tcGFueSxTcG9sZcSNbm9zdA==
+attributeDisplayNames:: Y29tbWVudCxLb21lbnTDocWZ
+attributeDisplayNames:: Y24sSm3DqW5v
+attributeDisplayNames:: Y28sWmVtxJs=
+attributeDisplayNames:: Yyxaa3JhdGthIHplbcSb
+attributeDisplayNames:: YXNzaXN0YW50LEFzaXN0ZW50
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: WsOhc2FkeSBkb23DqW55
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: TcOtc3Ruw60gesOhc2FkeQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U2TDrWxlbsOhIHNsb8W+a2E=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxTw63FpW92w6EgY2VzdGE=
+attributeDisplayNames:: a2V5d29yZHMsS2zDrcSNb3bDoSBzbG92YQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LFNwcsOhdmNlIG9iamVrdHU=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U2x1xb5iYQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: UG/EjcOtdGHEjQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLFpvYnJhem92YW7DvSBuw6F6ZXYgZm9uZXRpY2t5
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTsOhemV2IHBvxI3DrXRhxI1lIChwcm8gc3lzdMOpbXkgc3RhcsWhw60gbmXFviBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixWZXJ6ZSBvcGVyYcSNbsOtaG8gc3lzdMOpbXU=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLE9wZXJhxI1uw60gc3lzdMOpbQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LFNwcsOhdmNlIG9iamVrdHU=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VGlza8Ohcm5h
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixWZXJ6ZSBvYmpla3R1
+attributeDisplayNames:: dXJsLEFkcmVzYSBzdHLDoW5reSBXV1c=
+attributeDisplayNames:: c2VydmVyTmFtZSxOw6F6ZXYgc2VydmVydQ==
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxQb2Rwb3J1amUgc2XFocOtdsOhbsOt
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTsOhemV2IHNkw61sZW7DqSBwb2xvxb5reQ==
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxTdHLDoW5reSB6YSBtaW51dHU=
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxKZWRub3RreSByeWNobG9zdGk=
+attributeDisplayNames:: cHJpbnRSYXRlLFJ5Y2hsb3N0
+attributeDisplayNames:: cHJpbnRPd25lcixKbcOpbm8gdmxhc3Ruw61rYQ==
+attributeDisplayNames:: cHJpbnRNZW1vcnksSW5zdGFsb3ZhbsOhIHBhbcSbxaU=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxQb2Rwb3JvdmFuw6kgdHlweSBwYXDDrXJ1
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFBhcMOtciBrIGRpc3BvemljaQ==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLE1heGltw6FsbsOtIHJvemxpxaFlbsOt
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxKYXp5ayB0aXNrw6Fybnk=
+attributeDisplayNames:: cHJpbnRlck5hbWUsSm3DqW5v
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsUG9kcG9ydWplIG9ib3VzdHJhbm7DvSB0aXNr
+attributeDisplayNames:: cHJpbnRDb2xvcixQb2Rwb3J1amUgYmFyZXZuw70gdGlzaw==
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFBvZHBvcnVqZSBza2zDoWTDoW7DrQ==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxWc3R1cG7DrSB6w6Fzb2Juw61reQ==
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydA==
+attributeDisplayNames:: bG9jYXRpb24sVW3DrXN0xJtuw60=
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS29tZW50w6HFmQ==
+attributeDisplayNames:: Y29udGFjdE5hbWUsS29udGFrdA==
+attributeDisplayNames:: YXNzZXROdW1iZXIsRXZpZGVuxI1uw60gxI3DrXNsbw==
+attributeDisplayNames:: dU5DTmFtZSxTw63FpW92w70gbsOhemV2
+attributeDisplayNames:: Y24sTsOhemV2IGFkcmVzw6HFmW92w6kgc2x1xb5ieQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: U8OtxaU=
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: TmFzdGF2ZW7DrQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: TmFzdGF2ZW7DrSBzbHXFvmJ5IEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: U2FkYSByZXBsaWsgc2x1xb5ieSBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: TmFzdGF2ZW7DrSDFmWFkacSNZSBkb23DqW55
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: UMWZaXBvamVuw60=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: UG9kc8OtxaU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: T3JnYW5pemHEjW7DrSBqZWRub3RrYQ==
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LFNwcsOhdmNlIG9iamVrdHU=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: b3UsSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Kontejner
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RMWvdsSbcnlob2Ruw6EgZG9tw6luYQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQsT2RkxJtsZW7DrSBmb25ldGlja3ksMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLE7DoXpldiBzcG9sZcSNbm9zdGkgZm9uZXRpY2t5LDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLFDFmcOtam1lbsOtIGZvbmV0aWNreSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSxKbcOpbm8gZm9uZXRpY2t5LDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLFpvYnJhem92YW7DvSBuw6F6ZXYgZm9uZXRpY2t5LDAsMTAwLDA=
+extraColumns:: cG9zdGFsQ29kZSxQU8SMLDAsMTAwLDA=
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsQWRyZXNhIGVsZWt0cm9uaWNrw6kgcG/FoXR5IFguNDAwLDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsUMWZaWhsYcWhb3ZhY8OtIHXFvml2YXRlbHNrw6kgam3DqW5vLDAsMjAwLDA=
+extraColumns:: dGl0bGUsRnVua2NlLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyxDw61sb3bDoSBhZHJlc2EsMCwxMDAsMA==
+extraColumns:: c3QsU3RhdiwwLDEwMCww
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS2FuY2Vsw6HFmSwwLDEwMCww
+extraColumns:: d2hlbkNoYW5nZWQsWm3Em27Em25vLDAsMTMwLDA=
+extraColumns:: c24sUMWZw61qbWVuw60sMCwxMDAsMA==
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsQWRyZXNhIFVSTCBzbHXFvmJ5IHJ5Y2hsw6lobyB6YXPDrWzDoW7DrSB6cHLDoXYsMCwxNDAsMA==
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxEb21vdnNrw70gc2VydmVyIHJ5Y2hsw6lobyB6YXPDrWzDoW7DrSB6cHLDoXYsMCwxNzAsMA==
+extraColumns:: Z2l2ZW5OYW1lLEptw6lubywwLDEwMCww
+extraColumns:: aG9tZU1EQizDmmxvxb5pxaF0xJsgcG/FoXRvdm7DrWNoIHNjaHLDoW5layBhcGxpa2FjZSBFeGNoYW5nZSwwLDEwMCww
+extraColumns:: bWFpbE5pY2tuYW1lLEFsaWFzIGFwbGlrYWNlIEV4Y2hhbmdlLDAsMTc1LDA=
+extraColumns:: bWFpbCxFLW1haWxvdsOhIGFkcmVzYSwwLDEwMCww
+extraColumns:: c0FNQWNjb3VudE5hbWUsUMWZaWhsYcWhb3ZhY8OtIGptw6lubyB6ZSBzdGFyxaHDrSB2ZXJ6ZSBzeXN0w6ltdSBXaW5kb3dzLDAsMTIwLDA=
+extraColumns:: ZGlzcGxheU5hbWUsWm9icmF6b3ZhbsO9IG7DoXpldiwwLDEwMCww
+extraColumns:: ZGVwYXJ0bWVudCxPZGTEm2xlbsOtLDAsMTUwLDA=
+extraColumns:: YyxaZW3EmywwLC0xLDA=
+extraColumns:: Y29tcGFueSxTcG9sZcSNbm9zdCwwLDE1MCww
+extraColumns:: bCxNxJtzdG8sMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLFRlbGVmb24gKHphbS4pLDAsMTAwLDA=
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: U3BvamVuw60gc8OtdMOt
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: TW9zdCBzcG9qZW7DrSBzw610w60=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: UMWZZW5vcyBtZXppIHPDrXTEm21p
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: TmFzdGF2ZW7DrSBsaWNlbmNvdsOhbsOtIHPDrXTEmw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: TmFzdGF2ZW7DrSBzw610xJs=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: xIxsZW4gc2x1xb5ieSBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: w5rEjWFzdG7DrWsgc2x1xb5ieSBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: T2RixJtyeSBzbHXFvmJ5IEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: U2x1xb5ieSBSUEM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: Fronta MSMQ
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: Konfigurace MSMQ
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: Um96bGVobMOhIHPDrcWlIE1TTVE=
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: QWt0dWFsaXpvdmFuw70gdcW+aXZhdGVsIE1TTVE=
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: UHJvcG9qZW7DrSBzbcSbcm92w6Fuw60gZnJvbnR5IE1TTVE=
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TmFzdGF2ZW7DrSBNU01R
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: Alias fronty MSMQ
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSxOw6F6ZXYgZm9ybcOhdHU=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: Skupina MSMQ
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLMSMbGVuc2vDqSBmcm9udHk=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2x1xb5iYSBSZW1vdGUgU3RvcmFnZQ==
+adminContextMenu: 0,&Spravovat...,RsAdmin.msc
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: S29udGVqbmVyIHPDrXTEmw==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: S29udGVqbmVyIG1lemlzw63FpW92w6lobyBwxZllbm9zdQ==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: S29udGVqbmVyIHBvZHPDrXTDrQ==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: S29udGVqbmVyIHNlcnZlcsWv
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2x1xb5iYSBBRCBEUyAoQWN0aXZlIERpcmVjdG9yeSBEb21haW4gU2VydmljZXMp
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: WsOhc2FkeSBkb3Rhem92w6Fuw60=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: Q2l6w60gb2JqZWt0eSB6YWJlenBlxI1lbsOt
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: xaBhYmxvbmEgY2VydGlmaWvDoXR1
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LFBvc2xlZG7DrSB6bsOhbcO9IG5hZMWZYXplbsO9IG9iamVrdCwxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzaXN0ZW50
+attributeDisplayNames:: Y24sSm3DqW5v
+attributeDisplayNames:: Yyxaa3JhdGthIHplbcSb
+attributeDisplayNames:: Y28sWmVtxJs=
+attributeDisplayNames:: Y29tbWVudCxLb21lbnTDocWZ
+attributeDisplayNames:: Y29tcGFueSxTcG9sZcSNbm9zdA==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPZGTEm2xlbsOt
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxQxZnDrW3DrSBwb2TFmcOtemVuw60=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsUm96bGnFoXVqw61jw60gbsOhemV2
+attributeDisplayNames:: ZGl2aXNpb24sT2RkxJtsZW7DrQ==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZGVudGlmaWthxI1uw60gxI3DrXNsbyB6YW3Em3N0bmFuY2U=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG92w6kgxI3DrXNsbw==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixQxZnDrXBvbmEgemEgam3DqW5lbQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEptw6lubw==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxEb21vdnNrw6Egc2xvxb5rYQ==
+attributeDisplayNames:: aG9tZURyaXZlLERvbW92c2vDoSBqZWRub3RrYQ==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gKGRvbcWvKQ==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNhIGRvbcWv
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2nDoWx5IGRhbMWhw61jaCBqbWVu
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTWV6aW7DoXJvZG7DrSDEjcOtc2xvIElTRE4gKG9zdGF0bsOtKQ==
+attributeDisplayNames:: aXBQaG9uZSxUZWxlZm9ubsOtIMSNw61zbG8gSVA=
+attributeDisplayNames:: bCxNxJtzdG8=
+attributeDisplayNames:: bWFpbCxFLW1haWxvdsOhIGFkcmVzYQ==
+attributeDisplayNames:: bWFuYWdlcixOYWTFmcOtemVuw70=
+attributeDisplayNames:: bWVtYmVyT2YsSmUgxI1sZW5lbQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSwyLiBrxZllc3Ruw60gam3DqW5v
+attributeDisplayNames:: bW9iaWxlLE1vYmlsbsOtIHRlbGVmb24=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsT2RkxJtsZW7DrSBmb25ldGlja3k=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLE7DoXpldiBzcG9sZcSNbm9zdGkgZm9uZXRpY2t5
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLFpvYnJhem92YW7DvSBuw6F6ZXYgZm9uZXRpY2t5
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLFDFmcOtam1lbsOtIGZvbmV0aWNreQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxKbcOpbm8gZm9uZXRpY2t5
+attributeDisplayNames:: aW5mbyxQb3puw6Fta3k=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4b3bDqSDEjcOtc2xvIChvc3RhdG7DrSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbiBkb23FryAob3N0YXRuw60p
+attributeDisplayNames:: b3RoZXJJcFBob25lLFRlbGVmb25uw60gxI3DrXNsbyBJUCAob3N0YXRuw60p
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtbWFpbG92w6EgYWRyZXNhIChvc3RhdG7DrSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWxuw60gdGVsZWZvbiAob3N0YXRuw60p
+attributeDisplayNames:: b3RoZXJQYWdlcizEjMOtc2xvIG9wZXLDoXRvcnUgKG9zdGF0bsOtKQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm7DrSDEjcOtc2xvIChvc3RhdG7DrSk=
+attributeDisplayNames:: cGFnZXIsxIzDrXNsbyBvcGVyw6F0b3J1
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxOw6F6ZXY=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVW3DrXN0xJtuw60gcHJhY292acWhdMSb
+attributeDisplayNames:: cG9zdGFsQ29kZSxQU8SM
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb8WhdG92bsOtIHDFmWlocsOhZGth
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE1lemluw6Fyb2Ruw60gxI3DrXNsbyBJU0RO
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLETDoWxub3Bpcw==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsUMWZaWhsYcWhb3ZhY8OtIGptw6lubyAocHJvIHN5c3TDqW15IHN0YXLFocOtIG5lxb4gV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: c24sUMWZw61qbWVuw60=
+attributeDisplayNames:: c3QsT2tyZXM=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc2E=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25uw60gxI3DrXNsbw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsRMOhbG5vcGlzIChvc3RhdG7DrSk=
+attributeDisplayNames:: dGl0bGUsRnVua2Nl
+attributeDisplayNames:: dXJsLFdlYm92w6EgYWRyZXNhIChvc3RhdG7DrSk=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsWm9icmF6b3ZhbsO9IG7DoXpldg==
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxQxZlpaGxhxaFvdmFjw60gcHJhY292bsOtIHN0YW5pY2U=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsUMWZaWhsYcWhb3ZhY8OtIGptw6lubw==
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNhIHN0csOhbmt5IFdXVw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror Group
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror Service
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: User
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: wWWHomePage,Web Page Address
+attributeDisplayNames: userPrincipalName,Logon Name
+attributeDisplayNames: userWorkstations,Logon Workstations
+attributeDisplayNames: displayName,Display Name
+attributeDisplayNames: url,Web Page Address (Others)
+attributeDisplayNames: title,Job Title
+attributeDisplayNames: telexNumber,Telex Number (Others)
+attributeDisplayNames: telephoneNumber,Telephone Number
+attributeDisplayNames: streetAddress,Street Address
+attributeDisplayNames: st,State/Province
+attributeDisplayNames: sn,Last Name
+attributeDisplayNames: samAccountName,Logon Name (pre-Windows 2000)
+attributeDisplayNames: primaryTelexNumber,Telex Number
+attributeDisplayNames: primaryInternationalISDNNumber,International ISDN Number
+attributeDisplayNames: postOfficeBox,Post Office Box
+attributeDisplayNames: postalCode,ZIP/Postal Code
+attributeDisplayNames: physicalDeliveryOfficeName,Office Location
+attributeDisplayNames: personalTitle,Title
+attributeDisplayNames: pager,Pager Number
+attributeDisplayNames: otherTelephone,Phone Number (Others)
+attributeDisplayNames: otherPager,Pager Number (Others)
+attributeDisplayNames: otherMobile,Mobile Number (Others)
+attributeDisplayNames: otherMailbox,E-Mail Address (Others)
+attributeDisplayNames: otherIpPhone,IP Phone Number (Others)
+attributeDisplayNames: otherHomePhone,Home Phone Number (Others)
+attributeDisplayNames: otherFacsimileTelephoneNumber,Fax Number (Others)
+attributeDisplayNames: info,Notes
+attributeDisplayNames: mSDS-PhoneticDepartment,Phonetic Department
+attributeDisplayNames: mSDS-PhoneticCompanyName,Phonetic Company Name
+attributeDisplayNames: mSDS-PhoneticDisplayName,Phonetic Display Name
+attributeDisplayNames: mSDS-PhoneticLastName,Phonetic Last Name
+attributeDisplayNames: mSDS-PhoneticFirstName,Phonetic First Name
+attributeDisplayNames: mobile,Mobile Number
+attributeDisplayNames: middleName,Middle Name
+attributeDisplayNames: memberOf,Member Of
+attributeDisplayNames: manager,Manager
+attributeDisplayNames: mail,E-Mail Address
+attributeDisplayNames: l,City
+attributeDisplayNames: ipPhone,IP Phone Number
+attributeDisplayNames: internationalISDNNumber,International ISDN Number (Others)
+attributeDisplayNames: initials,Initials
+attributeDisplayNames: homePostalAddress,Home Address
+attributeDisplayNames: homePhone,Home Phone
+attributeDisplayNames: homeDrive,Home Drive
+attributeDisplayNames: homeDirectory,Home Folder
+attributeDisplayNames: givenName,First Name
+attributeDisplayNames: generationQualifier,Generational Suffix
+attributeDisplayNames: facsimileTelephoneNumber,Fax Number
+attributeDisplayNames: employeeID,Employee ID
+attributeDisplayNames: division,Division
+attributeDisplayNames: distinguishedName,Distinguished Name
+attributeDisplayNames: directReports,Direct Reports
+attributeDisplayNames: description,Description
+attributeDisplayNames: department,Department
+attributeDisplayNames: company,Company
+attributeDisplayNames: comment,Comment
+attributeDisplayNames: co,Country
+attributeDisplayNames: c,Country Abbreviation
+attributeDisplayNames: cn,Name
+attributeDisplayNames: assistant,Assistant
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Group
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: wWWHomePage,Web Page Address
+attributeDisplayNames: url,Web Page Address (Others)
+attributeDisplayNames: samAccountName,Group name (pre-Windows 2000)
+attributeDisplayNames: physicalDeliveryOfficeName,Office Location
+attributeDisplayNames: info,Notes
+attributeDisplayNames: mSDS-PhoneticDisplayName,Phonetic Display Name
+attributeDisplayNames: member,Members
+attributeDisplayNames: managedBy,Managed By
+attributeDisplayNames: l,City
+attributeDisplayNames: distinguishedName,Distinguished Name
+attributeDisplayNames: description,Description
+attributeDisplayNames: c,Country Abbreviation
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Domain
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Description
+attributeDisplayNames: dc,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contact
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: wWWHomePage,Web Page Address
+attributeDisplayNames: url,Web Page Address (Others)
+attributeDisplayNames: title,Job Title
+attributeDisplayNames: telexNumber,Telex Number (Others)
+attributeDisplayNames: telephoneNumber,Telephone Number
+attributeDisplayNames: streetAddress,Street Address
+attributeDisplayNames: st,State/Province
+attributeDisplayNames: sn,Last Name
+attributeDisplayNames: primaryTelexNumber,Telex Number
+attributeDisplayNames: primaryInternationalISDNNumber,International ISDN Number
+attributeDisplayNames: postOfficeBox,Post Office Box
+attributeDisplayNames: postalCode,ZIP/Postal Code
+attributeDisplayNames: physicalDeliveryOfficeName,Office Location
+attributeDisplayNames: personalTitle,Title
+attributeDisplayNames: pager,Pager Number
+attributeDisplayNames: otherTelephone,Phone Number (Others)
+attributeDisplayNames: otherPager,Pager Number (Others)
+attributeDisplayNames: otherMobile,Mobile Number (Others)
+attributeDisplayNames: otherMailbox,E-Mail Address (Others)
+attributeDisplayNames: otherIpPhone,IP Phone Number (Others)
+attributeDisplayNames: otherHomePhone,Home Phone Number (Others)
+attributeDisplayNames: otherFacsimileTelephoneNumber,Fax Number (Others)
+attributeDisplayNames: mSDS-PhoneticDepartment,Phonetic Department
+attributeDisplayNames: mSDS-PhoneticCompanyName,Phonetic Company Name
+attributeDisplayNames: mSDS-PhoneticDisplayName,Phonetic Display Name
+attributeDisplayNames: mSDS-PhoneticLastName,Phonetic Last Name
+attributeDisplayNames: mSDS-PhoneticFirstName,Phonetic First Name
+attributeDisplayNames: mobile,Mobile Number
+attributeDisplayNames: middleName,Middle Name
+attributeDisplayNames: memberOf,Member Of
+attributeDisplayNames: manager,Manager
+attributeDisplayNames: mail,E-Mail Address
+attributeDisplayNames: l,City
+attributeDisplayNames: ipPhone,IP Phone Number
+attributeDisplayNames: internationalISDNNumber,International ISDN Number (Others)
+attributeDisplayNames: info,Notes
+attributeDisplayNames: initials,Initials
+attributeDisplayNames: homePostalAddress,Home Address
+attributeDisplayNames: homePhone,Home Phone
+attributeDisplayNames: givenName,First Name
+attributeDisplayNames: generationQualifier,Generational Suffix
+attributeDisplayNames: facsimileTelephoneNumber,Fax Number
+attributeDisplayNames: employeeID,Employee ID
+attributeDisplayNames: division,Division
+attributeDisplayNames: distinguishedName,Distinguished Name
+attributeDisplayNames: displayName,Display Name
+attributeDisplayNames: directReports,Direct Reports
+attributeDisplayNames: description,Description
+attributeDisplayNames: department,Department
+attributeDisplayNames: company,Company
+attributeDisplayNames: comment,Comment
+attributeDisplayNames: cn,Name
+attributeDisplayNames: co,Country
+attributeDisplayNames: c,Country Abbreviation
+attributeDisplayNames: assistant,Assistant
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Domain Policy
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Local Policy
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Shared Folder
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: uNCName,Network Path
+attributeDisplayNames: keywords,Keywords
+attributeDisplayNames: managedBy,Managed By
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Service
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Computer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: MSDS-PhoneticDisplayName,Phonetic Display Name
+attributeDisplayNames: samAccountName,Computer name (pre-Windows 2000)
+attributeDisplayNames: operatingSystemVersion,Operating System Version
+attributeDisplayNames: operatingSystem,Operating System
+attributeDisplayNames: managedBy,Managed By
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Printer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: versionNumber,Object Version
+attributeDisplayNames: url,Web Page Address
+attributeDisplayNames: serverName,Server Name
+attributeDisplayNames: printStaplingSupported,Supports Stapling
+attributeDisplayNames: printShareName,Share Name
+attributeDisplayNames: printPagesPerMinute,Pages per Minute
+attributeDisplayNames: printRateUnit,Speed Units
+attributeDisplayNames: printRate,Speed
+attributeDisplayNames: printOwner,Owner Name
+attributeDisplayNames: printMemory,Installed Memory
+attributeDisplayNames: printMediaSupported,Paper Types Supported
+attributeDisplayNames: printMediaReady,Paper Available
+attributeDisplayNames: printMaxResolutionSupported,Maximum Resolution
+attributeDisplayNames: printLanguage,Printer Language
+attributeDisplayNames: printerName,Name
+attributeDisplayNames: printDuplexSupported,Supports Double-sided Printing
+attributeDisplayNames: printColor,Supports Color Printing
+attributeDisplayNames: printCollate,Supports Collation
+attributeDisplayNames: printBinNames,Input Trays
+attributeDisplayNames: portName,Port
+attributeDisplayNames: location,Location
+attributeDisplayNames: driverName,Model
+attributeDisplayNames: description,Comment
+attributeDisplayNames: contactName,Contact
+attributeDisplayNames: assetNumber,Asset Number
+attributeDisplayNames: uNCName,Network Name
+attributeDisplayNames: cn,Directory Service Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Site
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Settings
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS Settings
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS Replica Set
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Domain Controller Settings
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Connection
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Subnet
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Organizational Unit
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: managedBy,Managed By
+attributeDisplayNames: description,Description
+attributeDisplayNames: ou,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Container
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Trusted Domain
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns: msds-PhoneticDepartment,Phonetic Department,0,100,0
+extraColumns: msds-PhoneticCompanyName,Phonetic Company Name,0,100,0
+extraColumns: msds-PhoneticLastName,Phonetic Last Name,0,100,0
+extraColumns: msds-PhoneticFirstName,Phonetic First Name,0,100,0
+extraColumns: msds-PhoneticDisplayName,Phonetic Display Name,0,100,0
+extraColumns: postalCode,Zip Code,0,100,0
+extraColumns: textEncodedORAddress,X.400 E-Mail Address,0,130,0
+extraColumns: userPrincipalName,User Logon Name,0,200,0
+extraColumns: title,Job Title,0,100,0
+extraColumns: targetAddress,Target Address,0,100,0
+extraColumns: st,State,0,100,0
+extraColumns: physicalDeliveryOfficeName,Office,0,100,0
+extraColumns: whenChanged,Modified,0,130,0
+extraColumns: sn,Last Name,0,100,0
+extraColumns: msExchIMMetaPhysicalURL,Instant Messaging URL,0,140,0
+extraColumns: msExchIMPhysicalURL,Instant Messaging Home Server,0,170,0
+extraColumns: givenName,First Name,0,100,0
+extraColumns: homeMDB,Exchange Mailbox Store,0,100,0
+extraColumns: mailNickname,Exchange Alias,0,175,0
+extraColumns: mail,E-Mail Address,0,100,0
+extraColumns: sAMAccountName,Pre-Windows 2000 Logon Name,0,120,0
+extraColumns: displayName,Display Name,0,100,0
+extraColumns: department,Department,0,150,0
+extraColumns: c,Country,0,-1,0
+extraColumns: company,Company,0,150,0
+extraColumns: l,City,0,150,0
+extraColumns: telephoneNumber,Business Phone,0,100,0
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Site Link
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Site Link Bridge
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Inter-Site Transport
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Licensing Site Settings
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName: Site Settings
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS Member
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS Subscriber
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS Subscriptions
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: RPC Services
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ Queue
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ Configuration
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ Enterprise
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName: MSMQ Upgraded User
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: MSMQ Routing Link
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName: MSMQ Settings
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: MSMQ Queue Alias
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Format Name
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: MSMQ Group
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames: member,Member Queues
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Remote Storage Service
+adminContextMenu: 0,&Manage...,RsAdmin.msc
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Sites Container
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Inter-Site Transports Container
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Subnets Container
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Servers Container
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Active Directory Domain Services
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Query Policy
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Foreign Security Principal
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Certificate Template
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns: lastKnownParent,Last Known Parent,1,300,0
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: assistant,Assistant
+attributeDisplayNames: cn,Name
+attributeDisplayNames: c,Country Abbreviation
+attributeDisplayNames: co,Country
+attributeDisplayNames: comment,Comment
+attributeDisplayNames: company,Company
+attributeDisplayNames: department,Department
+attributeDisplayNames: description,Description
+attributeDisplayNames: directReports,Direct Reports
+attributeDisplayNames: distinguishedName,Distinguished Name
+attributeDisplayNames: division,Division
+attributeDisplayNames: employeeID,Employee ID
+attributeDisplayNames: facsimileTelephoneNumber,Fax Number
+attributeDisplayNames: generationQualifier,Generational Suffix
+attributeDisplayNames: givenName,First Name
+attributeDisplayNames: homeDirectory,Home Folder
+attributeDisplayNames: homeDrive,Home Drive
+attributeDisplayNames: homePhone,Home Phone
+attributeDisplayNames: homePostalAddress,Home Address
+attributeDisplayNames: initials,Initials
+attributeDisplayNames: internationalISDNNumber,International ISDN Number (Others)
+attributeDisplayNames: ipPhone,IP Phone Number
+attributeDisplayNames: l,City
+attributeDisplayNames: mail,E-Mail Address
+attributeDisplayNames: manager,Manager
+attributeDisplayNames: memberOf,Member Of
+attributeDisplayNames: middleName,Middle Name
+attributeDisplayNames: mobile,Mobile Number
+attributeDisplayNames: mSDS-PhoneticDepartment,Phonetic Department
+attributeDisplayNames: mSDS-PhoneticCompanyName,Phonetic Company Name
+attributeDisplayNames: mSDS-PhoneticDisplayName,Phonetic Display Name
+attributeDisplayNames: mSDS-PhoneticLastName,Phonetic Last Name
+attributeDisplayNames: mSDS-PhoneticFirstName,Phonetic First Name
+attributeDisplayNames: info,Notes
+attributeDisplayNames: otherFacsimileTelephoneNumber,Fax Number (Others)
+attributeDisplayNames: otherHomePhone,Home Phone (Others)
+attributeDisplayNames: otherIpPhone,IP Phone Number (Others)
+attributeDisplayNames: otherMailbox,E-Mail Address (Others)
+attributeDisplayNames: otherMobile,Mobile Number (Others)
+attributeDisplayNames: otherPager,Pager Number (Others)
+attributeDisplayNames: otherTelephone,Phone Number (Others)
+attributeDisplayNames: pager,Pager Number
+attributeDisplayNames: personalTitle,Title
+attributeDisplayNames: physicalDeliveryOfficeName,Office Location
+attributeDisplayNames: postalCode,ZIP/Postal Code
+attributeDisplayNames: postOfficeBox,Post Office Box
+attributeDisplayNames: primaryInternationalISDNNumber,International ISDN Number
+attributeDisplayNames: primaryTelexNumber,Telex Number
+attributeDisplayNames: samAccountName,Logon Name (pre-Windows 2000)
+attributeDisplayNames: sn,Last Name
+attributeDisplayNames: st,State/Province
+attributeDisplayNames: streetAddress,Street Address
+attributeDisplayNames: telephoneNumber,Telephone Number
+attributeDisplayNames: telexNumber,Telex Number (Others)
+attributeDisplayNames: title,Job Title
+attributeDisplayNames: url,Web Page Address (Others)
+attributeDisplayNames: displayName,Display Name
+attributeDisplayNames: userWorkstations,Logon Workstations
+attributeDisplayNames: userPrincipalName,Logon Name
+attributeDisplayNames: wWWHomePage,Web Page Address
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Grupa IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: VXPFgnVnYSBJbnRlbGxpTWlycm9y
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VcW8eXRrb3duaWs=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXMgc3Ryb255IHNpZWNpIFdlYg==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTmF6d2EgbG9nb3dhbmlh
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxMb2dvd2FuaWUgbmEgc3RhY2phY2ggcm9ib2N6eWNo
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTmF6d2Egd3nFm3dpZXRsYW5h
+attributeDisplayNames:: dXJsLEFkcmVzIHN0cm9ueSBzaWVjaSBXZWIgKGlubmUp
+attributeDisplayNames:: dGl0bGUsU3Rhbm93aXNrbw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtZXIgdGVsZWtzdSAoaW5uZSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bWVyIHRlbGVmb251
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxVbGljYQ==
+attributeDisplayNames:: c3QsV29qZXfDs2R6dHdvL1JlZ2lvbg==
+attributeDisplayNames:: c24sTmF6d2lza28=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTmF6d2EgbG9nb3dhbmlhIChzeXN0ZW15IHN0YXJzemUgbmnFvCBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bWVyIHRlbGVrc3U=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE1pxJlkenluYXJvZG93eSBudW1lciBJU0RO
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxOdW1lciBza3J6eW5raSBwb2N6dG93ZWo=
+attributeDisplayNames:: cG9zdGFsQ29kZSxLb2QgcG9jenRvd3k=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9rYWxpemFjamEgYml1cmE=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUeXR1xYI=
+attributeDisplayNames:: cGFnZXIsTnVtZXIgcGFnZXJh
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtZXIgdGVsZWZvbnUgKGlubmUp
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW1lciBwYWdlcmEgKGlubmUp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtZXIgdGVsZWZvbnUga29tw7Nya293ZWdvIChpbm5lKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEFkcmVzIGUtbWFpbCAoaW5uZSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bWVyIHRlbGVmb251IElQIChpbm5lKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtZXIgdGVsZWZvbnUgZG9tb3dlZ28gKGlubmUp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtZXIgZmFrc3UgKGlubmUp
+attributeDisplayNames:: aW5mbyxOb3RhdGtp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsV3ltb3dhIG5hend5IGR6aWHFgnU=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLFd5bW93YSBuYXp3eSBmaXJteQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLFd5bW93YSBuYXp3eSB3ecWbd2lldGxhbmVq
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLFd5bW93YSBuYXp3aXNrYQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxXeW1vd2EgaW1pZW5pYQ==
+attributeDisplayNames:: bW9iaWxlLE51bWVyIHRlbGVmb251IGtvbcOzcmtvd2Vnbw==
+attributeDisplayNames:: bWlkZGxlTmFtZSxEcnVnaWUgaW1pxJk=
+attributeDisplayNames:: bWVtYmVyT2YsQ3rFgm9uZWsgZ3J1cHk=
+attributeDisplayNames:: bWFuYWdlcixNZW5lZMW8ZXI=
+attributeDisplayNames:: bWFpbCxBZHJlcyBlLW1haWw=
+attributeDisplayNames:: bCxNaWFzdG8=
+attributeDisplayNames:: aXBQaG9uZSxOdW1lciB0ZWxlZm9udSBJUA==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTWnEmWR6eW5hcm9kb3d5IG51bWVyIElTRE4gKGlubmUp
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2phxYJ5
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXMgZG9tb3d5
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gZG9tb3d5
+attributeDisplayNames:: aG9tZURyaXZlLER5c2sgbWFjaWVyenlzdHk=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxGb2xkZXIgbWFjaWVyenlzdHk=
+attributeDisplayNames:: Z2l2ZW5OYW1lLEltacSZ
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpa3MgcG9rb2xlbmlvd3k=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bWVyIGZha3N1
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZGVudHlmaWthdG9yIHByYWNvd25pa2E=
+attributeDisplayNames:: ZGl2aXNpb24sV3lkemlhxYI=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTmF6d2Egd3lyw7PFvG5pYWrEhWNh
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxCZXpwb8WbcmVkbmkgcG9kd8WCYWRuaQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEemlhxYI=
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21lbnRhcno=
+attributeDisplayNames:: Y28sS3Jhag==
+attributeDisplayNames:: YyxTeW1ib2wga3JhanU=
+attributeDisplayNames:: Y24sTmF6d2E=
+attributeDisplayNames:: YXNzaXN0YW50LEFzeXN0ZW50
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Grupa
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXMgc3Ryb255IHNpZWNpIFdlYg==
+attributeDisplayNames:: dXJsLEFkcmVzIHN0cm9ueSBzaWVjaSBXZWIgKGlubmUp
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTmF6d2EgZ3J1cHkgKHN5c3RlbXkgc3RhcnN6ZSBuacW8IFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9rYWxpemFjamEgYml1cmE=
+attributeDisplayNames:: aW5mbyxOb3RhdGtp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLFd5bW93YSBuYXp3eSB3ecWbd2lldGxhbmVq
+attributeDisplayNames:: bWVtYmVyLEN6xYJvbmtvd2ll
+attributeDisplayNames:: bWFuYWdlZEJ5LFphcnrEhWR6YW55IHByemV6
+attributeDisplayNames:: bCxNaWFzdG8=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTmF6d2Egd3lyw7PFvG5pYWrEhWNh
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: YyxTeW1ib2wga3JhanU=
+attributeDisplayNames:: Y24sTmF6d2E=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Domena
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: dc,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Kontakt
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXMgc3Ryb255IHNpZWNpIFdlYg==
+attributeDisplayNames:: dXJsLEFkcmVzIHN0cm9ueSBzaWVjaSBXZWIgKGlubmUp
+attributeDisplayNames:: dGl0bGUsU3Rhbm93aXNrbw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtZXIgdGVsZWtzdSAoaW5uZSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bWVyIHRlbGVmb251
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxVbGljYQ==
+attributeDisplayNames:: c3QsV29qZXfDs2R6dHdvL1JlZ2lvbg==
+attributeDisplayNames:: c24sTmF6d2lza28=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bWVyIHRlbGVrc3U=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE1pxJlkenluYXJvZG93eSBudW1lciBJU0RO
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxOdW1lciBza3J6eW5raSBwb2N6dG93ZWo=
+attributeDisplayNames:: cG9zdGFsQ29kZSxLb2QgcG9jenRvd3k=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9rYWxpemFjamEgYml1cmE=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUeXR1xYI=
+attributeDisplayNames:: cGFnZXIsTnVtZXIgcGFnZXJh
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtZXIgdGVsZWZvbnUgKGlubmUp
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW1lciBwYWdlcmEgKGlubmUp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtZXIgdGVsZWZvbnUga29tw7Nya293ZWdvIChpbm5lKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEFkcmVzIGUtbWFpbCAoaW5uZSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bWVyIHRlbGVmb251IElQIChpbm5lKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtZXIgdGVsZWZvbnUgZG9tb3dlZ28gKGlubmUp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtZXIgZmFrc3UgKGlubmUp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsV3ltb3dhIG5hend5IGR6aWHFgnU=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLFd5bW93YSBuYXp3eSBmaXJteQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLFd5bW93YSBuYXp3eSB3ecWbd2lldGxhbmVq
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLFd5bW93YSBuYXp3aXNrYQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxXeW1vd2EgaW1pZW5pYQ==
+attributeDisplayNames:: bW9iaWxlLE51bWVyIHRlbGVmb251IGtvbcOzcmtvd2Vnbw==
+attributeDisplayNames:: bWlkZGxlTmFtZSxEcnVnaWUgaW1pxJk=
+attributeDisplayNames:: bWVtYmVyT2YsQ3rFgm9uZWsgZ3J1cHk=
+attributeDisplayNames:: bWFuYWdlcixNZW5lZMW8ZXI=
+attributeDisplayNames:: bWFpbCxBZHJlcyBlLW1haWw=
+attributeDisplayNames:: bCxNaWFzdG8=
+attributeDisplayNames:: aXBQaG9uZSxOdW1lciB0ZWxlZm9udSBJUA==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTWnEmWR6eW5hcm9kb3d5IG51bWVyIElTRE4gKGlubmUp
+attributeDisplayNames:: aW5mbyxOb3RhdGtp
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2phxYJ5
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXMgZG9tb3d5
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gZG9tb3d5
+attributeDisplayNames:: Z2l2ZW5OYW1lLEltacSZ
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpa3MgcG9rb2xlbmlvd3k=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bWVyIGZha3N1
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZGVudHlmaWthdG9yIHByYWNvd25pa2E=
+attributeDisplayNames:: ZGl2aXNpb24sV3lkemlhxYI=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTmF6d2Egd3lyw7PFvG5pYWrEhWNh
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTmF6d2Egd3nFm3dpZXRsYW5h
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxCZXpwb8WbcmVkbmkgcG9kd8WCYWRuaQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEemlhxYI=
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21lbnRhcno=
+attributeDisplayNames:: Y24sTmF6d2E=
+attributeDisplayNames:: Y28sS3Jhag==
+attributeDisplayNames:: YyxTeW1ib2wga3JhanU=
+attributeDisplayNames:: YXNzaXN0YW50LEFzeXN0ZW50
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Zasady domeny
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Zasada lokalna
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: Rm9sZGVyIHVkb3N0xJlwbmlvbnk=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSzFmmNpZcW8a2Egc2llY2lvd2E=
+attributeDisplayNames:: a2V5d29yZHMsU8WCb3dhIGtsdWN6b3dl
+attributeDisplayNames:: bWFuYWdlZEJ5LFphcnrEhWR6YW55IHByemV6
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: Y24sTmF6d2E=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VXPFgnVnYQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Komputer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLFd5bW93YSBuYXp3eSB3ecWbd2lldGxhbmVq
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTmF6d2Ega29tcHV0ZXJhIChzeXN0ZW15IHN0YXJzemUgbmnFvCBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixXZXJzamEgc3lzdGVtdSBvcGVyYWN5am5lZ28=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLFN5c3RlbSBvcGVyYWN5am55
+attributeDisplayNames:: bWFuYWdlZEJ5LFphcnrEhWR6YW55IHByemV6
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: Y24sTmF6d2E=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Drukarka
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixXZXJzamEgb2JpZWt0dQ==
+attributeDisplayNames:: dXJsLEFkcmVzIHN0cm9ueSBzaWVjaSBXZWI=
+attributeDisplayNames:: c2VydmVyTmFtZSxOYXp3YSBzZXJ3ZXJh
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxPYnPFgnVndWplIHpzenl3YW5pZQ==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTmF6d2EgdWR6aWHFgnU=
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxTdHJvbiBuYSBtaW51dMSZ
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxKZWRub3N0a2kgc3p5YmtvxZtjaQ==
+attributeDisplayNames:: cHJpbnRSYXRlLFN6eWJrb8WbxIc=
+attributeDisplayNames:: cHJpbnRPd25lcixOYXp3YSB3xYJhxZtjaWNpZWxh
+attributeDisplayNames:: cHJpbnRNZW1vcnksWmFpbnN0YWxvd2FuYSBwYW1pxJnEhw==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxPYnPFgnVnaXdhbmUgdHlweSBwYXBpZXJ1
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFBhcGllciBkb3N0xJlwbnk=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLFJvemR6aWVsY3pvxZvEhyBtYWtzeW1hbG5h
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxKxJl6eWsgZHJ1a2Fya2k=
+attributeDisplayNames:: cHJpbnRlck5hbWUsTmF6d2E=
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsT2JzxYJ1Z3VqZSBkcnVrb3dhbmllIGR3dXN0cm9ubmU=
+attributeDisplayNames:: cHJpbnRDb2xvcixPYnPFgnVndWplIGRydWtvd2FuaWUgdyBrb2xvcnpl
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLE9ic8WCdWd1amUgc29ydG93YW5pZQ==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxaYXNvYm5pa2kgd2VqxZtjaW93ZQ==
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydA==
+attributeDisplayNames:: bG9jYXRpb24sTG9rYWxpemFjamE=
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS29tZW50YXJ6
+attributeDisplayNames:: Y29udGFjdE5hbWUsS29udGFrdA==
+attributeDisplayNames:: YXNzZXROdW1iZXIsTnVtZXIgxZtyb2RrYSB0cndhxYJlZ28=
+attributeDisplayNames:: dU5DTmFtZSxOYXp3YSBzaWVjaW93YQ==
+attributeDisplayNames:: Y24sTmF6d2EgdXPFgnVnaSBrYXRhbG9nb3dlag==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Lokacja
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Serwer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Ustawienia
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: VXN0YXdpZW5pYSB1c8WCdWdpIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: WmVzdGF3IHJlcGxpayB1c8WCdWdpIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Ustawienia kontrolera domeny
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: UG/FgsSFY3plbmll
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: UG9kc2llxIc=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Jednostka organizacyjna
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LFphcnrEhWR6YW55IHByemV6
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: b3UsTmF6d2E=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Kontener
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Domena zaufana
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQsV3ltb3dhIG5hend5IGR6aWHFgnUsMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLFd5bW93YSBuYXp3eSBmaXJteSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLFd5bW93YSBuYXp3aXNrYSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSxXeW1vd2EgaW1pZW5pYSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLFd5bW93YSBuYXp3eSB3ecWbd2lldGxhbmVqLDAsMTAwLDA=
+extraColumns:: cG9zdGFsQ29kZSxLb2QgcG9jenRvd3ksMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsQWRyZXMgZS1tYWlsIFguNDAwLDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsTmF6d2EgbG9nb3dhbmlhIHXFvHl0a293bmlrYSwwLDIwMCww
+extraColumns:: dGl0bGUsU3Rhbm93aXNrbywwLDEwMCww
+extraColumns:: dGFyZ2V0QWRkcmVzcyxBZHJlcyBkb2NlbG93eSwwLDEwMCww
+extraColumns:: c3QsU3RhbiwwLDEwMCww
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQml1cm8sMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQsWm1vZHlmaWtvd2FueSwwLDEzMCww
+extraColumns:: c24sTmF6d2lza28sMCwxMDAsMA==
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsQWRyZXMgVVJMIHdpYWRvbW/Fm2NpIGLFgnlza2F3aWN6bnljaCwwLDE0MCww
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxTZXJ3ZXIgbWFjaWVyenlzdHkgd2lhZG9tb8WbY2kgYsWCeXNrYXdpY3pueWNoLDAsMTcwLDA=
+extraColumns:: Z2l2ZW5OYW1lLEltacSZLDAsMTAwLDA=
+extraColumns:: aG9tZU1EQixNYWdhenluIHNrcnp5bmtpIHBvY3p0b3dlaiBwcm9ncmFtdSBFeGNoYW5nZSwwLDEwMCww
+extraColumns:: bWFpbE5pY2tuYW1lLEFsaWFzIHByb2dyYW11IEV4Y2hhbmdlLDAsMTc1LDA=
+extraColumns:: bWFpbCxBZHJlcyBlLW1haWwsMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsTmF6d2EgbG9nb3dhbmlhIHcgc3lzdGVtaWUgc3RhcnN6eW0gbmnFvCBXaW5kb3dzIDIwMDAsMCwxMjAsMA==
+extraColumns:: ZGlzcGxheU5hbWUsTmF6d2Egd3nFm3dpZXRsYW5hLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCxEemlhxYIsMCwxNTAsMA==
+extraColumns:: YyxLcmFqLDAsLTEsMA==
+extraColumns:: Y29tcGFueSxGaXJtYSwwLDE1MCww
+extraColumns:: bCxNaWFzdG8sMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLFRlbGVmb24gc8WCdcW8Ym93eSwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: xYHEhWN6ZSBsb2thY2pp
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: TW9zdGVrIMWCxIVjenkgbG9rYWNqaQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: VHJhbnNwb3J0IG1pxJlkenlsb2thY3lqbnk=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Ustawienia lokacji licencjonowania
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName: Ustawienia lokacji
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RWxlbWVudCBjesWCb25rb3dza2kgdXPFgnVnaSBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: U3Vic2tyeWJlbnQgdXPFgnVnaSBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: U3Vic2tyeXBjamUgdXPFgnVnaSBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: VXPFgnVnaSBSUEM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: S29sZWprYSB1c8WCdWdpIE1TTVE=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: S29uZmlndXJhY2phIHVzxYJ1Z2kga29sZWprb3dhbmlhIHdpYWRvbW/Fm2Np
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: UHJ6ZWRzacSZYmlvcnN0d28gdXPFgnVnaSBrb2xlamtvd2FuaWEgd2lhZG9tb8WbY2k=
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: VWFrdHVhbG5pb255IHXFvHl0a293bmlrIHVzxYJ1Z2kga29sZWprb3dhbmlhIHdpYWRvbW/Fm2Np
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: xYHEhWN6ZSByb3V0aW5ndSB1c8WCdWdpIGtvbGVqa293YW5pYSB3aWFkb21vxZtjaQ==
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: VXN0YXdpZW5pYSB1c8WCdWdpIGtvbGVqa293YW5pYSB3aWFkb21vxZtjaQ==
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: QWxpYXMga29sZWpraSB1c8WCdWdpIGtvbGVqa293YW5pYSB3aWFkb21vxZtjaQ==
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Nazwa formatu
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: R3J1cGEgdXPFgnVnaSBrb2xlamtvd2FuaWEgd2lhZG9tb8WbY2k=
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLEtvbGVqa2kgZWxlbWVudMOzdyBjesWCb25rb3dza2ljaA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: Y24sTmF6d2E=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: VXPFgnVnYSBNYWdhenluIHpkYWxueQ==
+adminContextMenu:: MCwmWmFyesSFZHphai4uLixSc0FkbWluLm1zYw==
+attributeDisplayNames: cn,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Kontener lokacji
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: S29udGVuZXIgdHJhbnNwb3J0dSBtacSZZHp5bG9rYWN5am5lZ28=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Kontener podsieci
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: S29udGVuZXIgc2Vyd2Vyw7N3
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: VXPFgnVnaSBkb21lbm93ZSB3IHVzxYJ1ZHplIEFjdGl2ZSBEaXJlY3Rvcnk=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Zasady kwerend
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: T2JjeSBwb2RtaW90IHphYmV6cGllY3plxYQ=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Szablon certyfikatu
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LE9zdGF0bmkgem5hbnkgb2JpZWt0IG5hZHJ6xJlkbnksMSwzMDAsMA==
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzeXN0ZW50
+attributeDisplayNames:: Y24sTmF6d2E=
+attributeDisplayNames:: YyxTeW1ib2wga3JhanU=
+attributeDisplayNames:: Y28sS3Jhag==
+attributeDisplayNames:: Y29tbWVudCxLb21lbnRhcno=
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEemlhxYI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxCZXpwb8WbcmVkbmkgcG9kd8WCYWRuaQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTmF6d2Egd3lyw7PFvG5pYWrEhWNh
+attributeDisplayNames:: ZGl2aXNpb24sV3lkemlhxYI=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZGVudHlmaWthdG9yIHByYWNvd25pa2E=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bWVyIGZha3N1
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpa3MgcG9rb2xlbmlvd3k=
+attributeDisplayNames:: Z2l2ZW5OYW1lLEltacSZ
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxGb2xkZXIgbWFjaWVyenlzdHk=
+attributeDisplayNames:: aG9tZURyaXZlLER5c2sgbWFjaWVyenlzdHk=
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gZG9tb3d5
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXMgZG9tb3d5
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2phxYJ5
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTWnEmWR6eW5hcm9kb3d5IG51bWVyIElTRE4gKGlubmUp
+attributeDisplayNames:: aXBQaG9uZSxOdW1lciB0ZWxlZm9udSBJUA==
+attributeDisplayNames:: bCxNaWFzdG8=
+attributeDisplayNames:: bWFpbCxBZHJlcyBlLW1haWw=
+attributeDisplayNames:: bWFuYWdlcixNZW5lZMW8ZXI=
+attributeDisplayNames:: bWVtYmVyT2YsQ3rFgm9uZWsgZ3J1cHk=
+attributeDisplayNames:: bWlkZGxlTmFtZSxEcnVnaWUgaW1pxJk=
+attributeDisplayNames:: bW9iaWxlLE51bWVyIHRlbGVmb251IGtvbcOzcmtvd2Vnbw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsV3ltb3dhIG5hend5IGR6aWHFgnU=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLFd5bW93YSBuYXp3eSBmaXJteQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLFd5bW93YSBuYXp3eSB3ecWbd2lldGxhbmVq
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLFd5bW93YSBuYXp3aXNrYQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxXeW1vd2EgaW1pZW5pYQ==
+attributeDisplayNames:: aW5mbyxOb3RhdGtp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtZXIgZmFrc3UgKGlubmUp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbiBkb21vd3kgKGlubmUp
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bWVyIHRlbGVmb251IElQIChpbm5lKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEFkcmVzIGUtbWFpbCAoaW5uZSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtZXIgdGVsZWZvbnUga29tw7Nya293ZWdvIChpbm5lKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW1lciBwYWdlcmEgKGlubmUp
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtZXIgdGVsZWZvbnUgKGlubmUp
+attributeDisplayNames:: cGFnZXIsTnVtZXIgcGFnZXJh
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUeXR1xYI=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9rYWxpemFjamEgYml1cmE=
+attributeDisplayNames:: cG9zdGFsQ29kZSxLb2QgcG9jenRvd3k=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxOdW1lciBza3J6eW5raSBwb2N6dG93ZWo=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE1pxJlkenluYXJvZG93eSBudW1lciBJU0RO
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bWVyIHRlbGVrc3U=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTmF6d2EgbG9nb3dhbmlhIChzeXN0ZW15IHN0YXJzemUgbmnFvCBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: c24sTmF6d2lza28=
+attributeDisplayNames:: c3QsV29qZXfDs2R6dHdvL1JlZ2lvbg==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxVbGljYQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bWVyIHRlbGVmb251
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtZXIgdGVsZWtzdSAoaW5uZSk=
+attributeDisplayNames:: dGl0bGUsU3Rhbm93aXNrbw==
+attributeDisplayNames:: dXJsLEFkcmVzIHN0cm9ueSBzaWVjaSBXZWIgKGlubmUp
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTmF6d2Egd3nFm3dpZXRsYW5h
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxMb2dvd2FuaWUgbmEgc3RhY2phY2ggcm9ib2N6eWNo
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTmF6d2EgbG9nb3dhbmlh
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXMgc3Ryb255IHNpZWNpIFdlYg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvci1yeWhtw6Q=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror-palvelu
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: S8OkeXR0w6Rqw6Q=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViLW9zb2l0ZQ==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsS2lyamF1dHVtaXNuaW1p
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxLaXJqYXV0dW1pc3R5w7Zhc2VtYXQ=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTsOkeXR0w7ZuaW1p
+attributeDisplayNames:: dXJsLFdlYi1zaXZ1biBvc29pdGUgKG11dXQp
+attributeDisplayNames:: dGl0bGUsVGVodMOkdsOkbmltaWtl
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzaSAobXV1dCk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFB1aGVsaW5udW1lcm8=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxLYXR1b3NvaXRl
+attributeDisplayNames:: c3QsT3NhdmFsdGlvIHRhaSBwcm92aW5zc2k=
+attributeDisplayNames:: c24sU3VrdW5pbWk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsS2lyamF1dHVtaXNuaW1pIChXaW5kb3dzIDIwMDA6dGEgZWRlbHTDpHbDpHQgdmVyc2lvdCk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrc2k=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEthbnNhaW52w6RsaW5lbiBJU0ROLW51bWVybw==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0aWxva2Vybw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0aW51bWVybw==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVG9pbWlzdG9uIHNpamFpbnRp
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUZWh0w6R2w6Q=
+attributeDisplayNames:: cGFnZXIsSGFrdWxhaXR0ZWVuIG51bWVybw==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsUHVoZWxpbm51bWVybyAobXV1dCk=
+attributeDisplayNames:: b3RoZXJQYWdlcixIYWt1bGFpdHRlZW4gbnVtZXJvIChtdXV0KQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTWF0a2FwdWhlbGluIChtdXV0KQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LFPDpGhrw7Zwb3N0aW9zb2l0ZSAobXV1dCk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXB1aGVsaW5udW1lcm8gKG11dXQp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsS290aXB1aGVsaW5udW1lcm8gKG11dXQp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmFrc2ludW1lcm8gKG11dXQp
+attributeDisplayNames:: aW5mbyxIdW9tYXV0dWtzaWE=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uZWV0dGluZW4gb3Nhc3Rv
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbmVldHRpbmVuIHlyaXR5a3NlbiBuaW1p
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmVldHRpbmVuIG7DpHl0dMO2bmltaQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEZvbmVldHRpbmVuIHN1a3VuaW1p
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxGb25lZXR0aW5lbiBldHVuaW1p
+attributeDisplayNames:: bW9iaWxlLE1hdGthcHVoZWxpbg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxUb2luZW4gbmltaQ==
+attributeDisplayNames:: bWVtYmVyT2YsSsOkc2VueXlz
+attributeDisplayNames:: bWFuYWdlcixFc2ltaWVz
+attributeDisplayNames:: bWFpbCxTw6Roa8O2cG9zdGlvc29pdGU=
+attributeDisplayNames:: bCxLYXVwdW5raQ==
+attributeDisplayNames:: aXBQaG9uZSxJUC1wdWhlbGlubnVtZXJv
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsS2Fuc2FpbnbDpGxpbmVuIElTRE4tbnVtZXJvIChtdXV0KQ==
+attributeDisplayNames:: aW5pdGlhbHMsTmltaWtpcmphaW1ldA==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsS290aW9zb2l0ZQ==
+attributeDisplayNames:: aG9tZVBob25lLEtvdGlwdWhlbGlu
+attributeDisplayNames:: aG9tZURyaXZlLEtvdGlhc2VtYQ==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxLb3Rpa2Fuc2lv
+attributeDisplayNames:: Z2l2ZW5OYW1lLEV0dW5pbWk=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOaW1lbiBsaWl0ZQ==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZha3NpbnVtZXJv
+attributeDisplayNames:: ZW1wbG95ZWVJRCxUecO2bnRla2lqw6R0dW5udXM=
+attributeDisplayNames:: ZGl2aXNpb24sSmFvc3Rv
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsRE4tbmltaQ==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxBbGFpc2V0
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPc2FzdG8=
+attributeDisplayNames:: Y29tcGFueSxZcml0eXM=
+attributeDisplayNames:: Y29tbWVudCxIdW9tYXV0dXM=
+attributeDisplayNames:: Y28sTWFh
+attributeDisplayNames:: YyxNYWFuIGx5aGVubmU=
+attributeDisplayNames:: Y24sTmltaQ==
+attributeDisplayNames:: YXNzaXN0YW50LEF2dXN0YWph
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: UnlobcOk
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViLW9zb2l0ZQ==
+attributeDisplayNames:: dXJsLFdlYi1zaXZ1biBvc29pdGUgKG11dXQp
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsUnlobcOkbiBuaW1pIChXaW5kb3dzIDIwMDA6dGEgZWRlbHTDpHbDpHQgdmVyc2lvdCk=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVG9pbWlzdG9uIHNpamFpbnRp
+attributeDisplayNames:: aW5mbyxIdW9tYXV0dWtzaWE=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmVldHRpbmVuIG7DpHl0dMO2bmltaQ==
+attributeDisplayNames:: bWVtYmVyLErDpHNlbmV0
+attributeDisplayNames:: bWFuYWdlZEJ5LFlsbMOkcGl0w6Rqw6Q=
+attributeDisplayNames:: bCxLYXVwdW5raQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsRE4tbmltaQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: YyxNYWFuIGx5aGVubmU=
+attributeDisplayNames:: Y24sTmltaQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Toimialue
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: dc,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: WWh0ZXlzaGVua2lsw7Y=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViLW9zb2l0ZQ==
+attributeDisplayNames:: dXJsLFdlYi1zaXZ1biBvc29pdGUgKG11dXQp
+attributeDisplayNames:: dGl0bGUsVGVodMOkdsOkbmltaWtl
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzaSAobXV1dCk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFB1aGVsaW5udW1lcm8=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxLYXR1b3NvaXRl
+attributeDisplayNames:: c3QsT3NhdmFsdGlvIHRhaSBwcm92aW5zc2k=
+attributeDisplayNames:: c24sU3VrdW5pbWk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrc2k=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEthbnNhaW52w6RsaW5lbiBJU0ROLW51bWVybw==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0aWxva2Vybw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0aW51bWVybw==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVG9pbWlzdG9uIHNpamFpbnRp
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUZWh0w6R2w6Q=
+attributeDisplayNames:: cGFnZXIsSGFrdWxhaXR0ZWVuIG51bWVybw==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsUHVoZWxpbm51bWVybyAobXV1dCk=
+attributeDisplayNames:: b3RoZXJQYWdlcixIYWt1bGFpdHRlZW4gbnVtZXJvIChtdXV0KQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTWF0a2FwdWhlbGluIChtdXV0KQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LFPDpGhrw7Zwb3N0aW9zb2l0ZSAobXV1dCk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXB1aGVsaW5udW1lcm8gKG11dXQp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsS290aXB1aGVsaW5udW1lcm8gKG11dXQp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmFrc2ludW1lcm8gKG11dXQp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uZWV0dGluZW4gb3Nhc3Rv
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbmVldHRpbmVuIHlyaXR5a3NlbiBuaW1p
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmVldHRpbmVuIG7DpHl0dMO2bmltaQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEZvbmVldHRpbmVuIHN1a3VuaW1p
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxGb25lZXR0aW5lbiBldHVuaW1p
+attributeDisplayNames:: bW9iaWxlLE1hdGthcHVoZWxpbg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxUb2luZW4gbmltaQ==
+attributeDisplayNames:: bWVtYmVyT2YsSsOkc2VueXlz
+attributeDisplayNames:: bWFuYWdlcixFc2ltaWVz
+attributeDisplayNames:: bWFpbCxTw6Roa8O2cG9zdGlvc29pdGU=
+attributeDisplayNames:: bCxLYXVwdW5raQ==
+attributeDisplayNames:: aXBQaG9uZSxJUC1wdWhlbGlubnVtZXJv
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsS2Fuc2FpbnbDpGxpbmVuIElTRE4tbnVtZXJvIChtdXV0KQ==
+attributeDisplayNames:: aW5mbyxIdW9tYXV0dWtzaWE=
+attributeDisplayNames:: aW5pdGlhbHMsTmltaWtpcmphaW1ldA==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsS290aW9zb2l0ZQ==
+attributeDisplayNames:: aG9tZVBob25lLEtvdGlwdWhlbGlu
+attributeDisplayNames:: Z2l2ZW5OYW1lLEV0dW5pbWk=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOaW1lbiBsaWl0ZQ==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZha3NpbnVtZXJv
+attributeDisplayNames:: ZW1wbG95ZWVJRCxUecO2bnRla2lqw6R0dW5udXM=
+attributeDisplayNames:: ZGl2aXNpb24sSmFvc3Rv
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsRE4tbmltaQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTsOkeXR0w7ZuaW1p
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxBbGFpc2V0
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPc2FzdG8=
+attributeDisplayNames:: Y29tcGFueSxZcml0eXM=
+attributeDisplayNames:: Y29tbWVudCxIdW9tYXV0dXM=
+attributeDisplayNames:: Y24sTmltaQ==
+attributeDisplayNames:: Y28sTWFh
+attributeDisplayNames:: YyxNYWFuIGx5aGVubmU=
+attributeDisplayNames:: YXNzaXN0YW50LEF2dXN0YWph
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VG9pbWlhbHVlZW4ga8OkeXTDpG50w7Y=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: UGFpa2FsbGluZW4ga8OkeXTDpG50w7Y=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Jaettu kansio
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxWZXJra29wb2xrdQ==
+attributeDisplayNames:: a2V5d29yZHMsQXZhaW5zYW5hdA==
+attributeDisplayNames:: bWFuYWdlZEJ5LFlsbMOkcGl0w6Rqw6Q=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: Y24sTmltaQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Palvelu
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Tietokone
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmVldHRpbmVuIG7DpHl0dMO2bmltaQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsVGlldG9rb25lZW4gbmltaSAoV2luZG93cyAyMDAwOnRhIGVkZWx0w6R2w6R0IHZlcnNpb3Qp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixLw6R5dHTDtmrDpHJqZXN0ZWxtw6R2ZXJzaW8=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLEvDpHl0dMO2asOkcmplc3RlbG3DpA==
+attributeDisplayNames:: bWFuYWdlZEJ5LFlsbMOkcGl0w6Rqw6Q=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: Y24sTmltaQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Kirjoitin
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixPYmpla3RpbiB2ZXJzaW8=
+attributeDisplayNames:: dXJsLFdlYi1vc29pdGU=
+attributeDisplayNames:: c2VydmVyTmFtZSxQYWx2ZWxpbm5pbWk=
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxUdWtlZSBuaWRvbnRhYQ==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsSmFrb25pbWk=
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxTaXZ1amEgbWludXV0aXNzYQ==
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxOb3BldXN5a3Npa8O2dA==
+attributeDisplayNames:: cHJpbnRSYXRlLE5vcGV1cw==
+attributeDisplayNames:: cHJpbnRPd25lcixPbWlzdGFqYW4gbmltaQ==
+attributeDisplayNames:: cHJpbnRNZW1vcnksQXNlbm5ldHR1IG11aXN0aQ==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxUdWV0dXQgcGFwZXJpdHl5cGl0
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LEvDpHl0ZXR0w6R2aXNzw6Qgb2xldmF0IHBhcGVyaXQ=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLEVuaW1tw6Rpc3RhcmtrdXVz
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxUdWxvc3R1c2tpZWxp
+attributeDisplayNames:: cHJpbnRlck5hbWUsTmltaQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsVHVrZWUga2Frc2lwdW9saXN0YSB0dWxvc3RhbWlzdGE=
+attributeDisplayNames:: cHJpbnRDb2xvcixUdWtlZSB2w6RyaXR1bG9zdGFtaXN0YQ==
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFR1a2VlIGxhaml0dGVsdWE=
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxTecO2dHTDtmxva2Vyb3Q=
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydHRp
+attributeDisplayNames:: bG9jYXRpb24sU2lqYWludGk=
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNYWxsaQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sSHVvbWF1dHVz
+attributeDisplayNames:: Y29udGFjdE5hbWUsWWh0ZXlzaGVua2lsw7Y=
+attributeDisplayNames:: YXNzZXROdW1iZXIsS2FsdXN0b251bWVybw==
+attributeDisplayNames:: dU5DTmFtZSxWZXJra29uaW1p
+attributeDisplayNames:: Y24sSGFrZW1pc3RvcGFsdmVsdW5pbWk=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Saitti
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Palvelin
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Asetukset
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-asetukset
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-replikointisarja
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Toimialueen ohjauskoneen asetukset
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Yhteys
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Aliverkko
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: T3JnYW5pc2FhdGlveWtzaWtrw7YgKE9VKQ==
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LFlsbMOkcGl0w6Rqw6Q=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: b3UsTmltaQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U8OkaWzDtg==
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Luotettu toimialue
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uZWV0dGluZW4gb3Nhc3RvLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbmVldHRpbmVuIHlyaXR5a3NlbiBuaW1pLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLEZvbmVldHRpbmVuIHN1a3VuaW1pLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSxGb25lZXR0aW5lbiBldHVuaW1pLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmVldHRpbmVuIG7DpHl0dMO2bmltaSwwLDEwMCww
+extraColumns:: cG9zdGFsQ29kZSxQb3N0aW51bWVybywwLDEwMCww
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAtc8OkaGvDtnBvc3Rpb3NvaXRlLDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsS8OkeXR0w6Rqw6RuIGtpcmphdXR1bWlzbmltaSwwLDIwMCww
+extraColumns:: dGl0bGUsVGVodMOkdsOkbmltaWtlLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyxLb2hkZW9zb2l0ZSwwLDEwMCww
+extraColumns:: c3QsVmFsdGlvLDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVG9pbWlzdG8sMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQsTXVva2F0dHUsMCwxMzAsMA==
+extraColumns:: c24sU3VrdW5pbWksMCwxMDAsMA==
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsUGlrYXZpZXN0aXR5a3NlbiBVUkwsMCwxNDAsMA==
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxQaWthdmllc3RpdHlrc2VuIGtvdGlwYWx2ZWxpbiwwLDE3MCww
+extraColumns:: Z2l2ZW5OYW1lLEV0dW5pbWksMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixFeGNoYW5nZS1zw6Roa8O2cG9zdGlzw6RpbMO2LDAsMTAwLDA=
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlLWFsaWFzLDAsMTc1LDA=
+extraColumns:: bWFpbCxTw6Roa8O2cG9zdGlvc29pdGUsMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsV2luZG93cyAyMDAwOnRhIGVkZWx0w6R2w6Qga2lyamF1dHVtaXNuaW1pLDAsMTIwLDA=
+extraColumns:: ZGlzcGxheU5hbWUsTsOkeXR0w7ZuaW1pLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCxPc2FzdG8sMCwxNTAsMA==
+extraColumns:: YyxNYWEsMCwtMSww
+extraColumns:: Y29tcGFueSxZcml0eXMsMCwxNTAsMA==
+extraColumns:: bCxLYXVwdW5raSwwLDE1MCww
+extraColumns:: dGVsZXBob25lTnVtYmVyLFR5w7ZwdWhlbGlubnVtZXJvLDAsMTAwLDA=
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Saitin linkki
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Saitin linkkisilta
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: U2FpdHRpZW4gdsOkbGluZW4gdGllZG9uc2lpcnRv
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: U2FpdGluIGvDpHl0dMO2b2lrZXVzYXNldHVrc2V0
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName: Saitin asetukset
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTLWrDpHNlbg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-tilaaja
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-tilaukset
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: RPC-palvelut
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-jono
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-kokoonpano
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ-organisaatio
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUS1ww6Rpdml0ZXR0eSBrw6R5dHTDpGrDpA==
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-reitityslinkki
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-asetukset
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: MSMQ-jonoalias
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Nimimuoto
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: TVNNUS1yeWhtw6Q=
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLErDpHNlbmpvbm90
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: Y24sTmltaQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: RXTDpHRhbGxlbm51c3BhbHZlbHU=
+adminContextMenu: 0,&Hallitse...,RsAdmin.msc
+attributeDisplayNames: cn,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2FpdGluIHPDpGlsw7Y=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2FpdHRpZW4gdsOkbGlzZW4gdGllZG9uc2lpcnJvbiBzw6RpbMO2
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWxpdmVya29uIHPDpGlsw7Y=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: UGFsdmVsaW1lbiBzw6RpbMO2
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Active Directory -toimialueen palvelut
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: SGFrdWvDpHl0w6RudMO2
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Ulkoinen suojausobjekti
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Sertifikaattimalli
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LFZpaW1laXNpbiB0dW5uZXR0dSBpc8OkbnTDpCwxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEF2dXN0YWph
+attributeDisplayNames:: Y24sTmltaQ==
+attributeDisplayNames:: YyxNYWFuIGx5aGVubmU=
+attributeDisplayNames:: Y28sTWFh
+attributeDisplayNames:: Y29tbWVudCxIdW9tYXV0dXM=
+attributeDisplayNames:: Y29tcGFueSxZcml0eXM=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPc2FzdG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxBbGFpc2V0
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsRE4tbmltaQ==
+attributeDisplayNames:: ZGl2aXNpb24sSmFvc3Rv
+attributeDisplayNames:: ZW1wbG95ZWVJRCxUecO2bnRla2lqw6R0dW5udXM=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZha3NpbnVtZXJv
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOaW1lbiBsaWl0ZQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEV0dW5pbWk=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxLb3Rpa2Fuc2lv
+attributeDisplayNames:: aG9tZURyaXZlLEtvdGlhc2VtYQ==
+attributeDisplayNames:: aG9tZVBob25lLEtvdGlwdWhlbGlu
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsS290aW9zb2l0ZQ==
+attributeDisplayNames:: aW5pdGlhbHMsTmltaWtpcmphaW1ldA==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsS2Fuc2FpbnbDpGxpbmVuIElTRE4tbnVtZXJvIChtdXV0KQ==
+attributeDisplayNames:: aXBQaG9uZSxJUC1wdWhlbGlubnVtZXJv
+attributeDisplayNames:: bCxLYXVwdW5raQ==
+attributeDisplayNames:: bWFpbCxTw6Roa8O2cG9zdGlvc29pdGU=
+attributeDisplayNames:: bWFuYWdlcixFc2ltaWVz
+attributeDisplayNames:: bWVtYmVyT2YsSsOkc2VueXlz
+attributeDisplayNames:: bWlkZGxlTmFtZSxUb2luZW4gbmltaQ==
+attributeDisplayNames:: bW9iaWxlLE1hdGthcHVoZWxpbg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uZWV0dGluZW4gb3Nhc3Rv
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbmVldHRpbmVuIHlyaXR5a3NlbiBuaW1p
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmVldHRpbmVuIG7DpHl0dMO2bmltaQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEZvbmVldHRpbmVuIHN1a3VuaW1p
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxGb25lZXR0aW5lbiBldHVuaW1p
+attributeDisplayNames:: aW5mbyxIdW9tYXV0dWtzaWE=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmFrc2ludW1lcm8gKG11dXQp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsS290aXB1aGVsaW5udW1lcm8gKG11dXQp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXB1aGVsaW5udW1lcm8gKG11dXQp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LFPDpGhrw7Zwb3N0aW9zb2l0ZSAobXV1dCk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTWF0a2FwdWhlbGluIChtdXV0KQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixIYWt1bGFpdHRlZW4gbnVtZXJvIChtdXV0KQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsUHVoZWxpbm51bWVybyAobXV1dCk=
+attributeDisplayNames:: cGFnZXIsSGFrdWxhaXR0ZWVuIG51bWVybw==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUZWh0w6R2w6Q=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVG9pbWlzdG9uIHNpamFpbnRp
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0aW51bWVybw==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0aWxva2Vybw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEthbnNhaW52w6RsaW5lbiBJU0ROLW51bWVybw==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrc2k=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsS2lyamF1dHVtaXNuaW1pIChXaW5kb3dzIDIwMDA6dGEgZWRlbHTDpHbDpHQgdmVyc2lvdCk=
+attributeDisplayNames:: c24sU3VrdW5pbWk=
+attributeDisplayNames:: c3QsT3NhdmFsdGlvIHRhaSBwcm92aW5zc2k=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxLYXR1b3NvaXRl
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFB1aGVsaW5udW1lcm8=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzaSAobXV1dCk=
+attributeDisplayNames:: dGl0bGUsVGVodMOkdsOkbmltaWtl
+attributeDisplayNames:: dXJsLFdlYi1zaXZ1biBvc29pdGUgKG11dXQp
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTsOkeXR0w7ZuaW1p
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxLaXJqYXV0dW1pc3R5w7Zhc2VtYXQ=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsS2lyamF1dHVtaXNuaW1p
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViLW9zb2l0ZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror Grup
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror Hizmeti
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: S3VsbGFuxLFjxLE=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIFNheWZhc8SxIEFkcmVzaQ==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsT3R1cnVtIEHDp21hIEFkxLE=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxPdHVydW0gQcOnbWEgxLDFnyDEsHN0YXN5b25sYXLEsQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsR8O2csO8bmVuIEFk
+attributeDisplayNames:: dXJsLFdlYiBTYXlmYXPEsSBBZHJlc2kgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: dGl0bGUsxLDFnyBVbnZhbsSx
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb24gTnVtYXJhc8Sx
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlcw==
+attributeDisplayNames:: c3QsxLBsw6dl
+attributeDisplayNames:: c24sU295YWTEsQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsT3R1cnVtIEHDp21hIEFkxLEgKFdpbmRvd3MgMjAwMCDDtm5jZXNpKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrcyBOdW1hcmFzxLE=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLFVsdXNsYXJhcmFzxLEgSVNETiBOdW1hcmFzxLE=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0YSBLdXR1c3U=
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0YSBLb2R1
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsxLDFn3llcmkgS29udW11
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxVbnZhbg==
+attributeDisplayNames:: cGFnZXIsw4dhxJ9yxLEgQ2loYXrEsSBOdW1hcmFzxLE=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbiBOdW1hcmFzxLEgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: b3RoZXJQYWdlcizDh2HEn3LEsSBDaWhhesSxIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsQ2VwIFRlbGVmb251IE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtUG9zdGEgQWRyZXNpIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIFRlbGVmb24gTnVtYXJhc8SxIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsRXYgVGVsZWZvbnUgTnVtYXJhc8SxIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmFrcyBOdW1hcmFzxLEgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: aW5mbyxOb3RsYXI=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uZXRpayBCw7Zsw7xtw7w=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbmV0aWsgxZ5pcmtldCBBZMSx
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmV0aWsgR8O2csO8bmVuIEFk
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEZvbmV0aWsgU295YWTEsQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxGb25ldGlrIEFk
+attributeDisplayNames:: bW9iaWxlLENlcCBUZWxlZm9udSBOdW1hcmFzxLE=
+attributeDisplayNames:: bWlkZGxlTmFtZSzEsGtpbmNpIEFk
+attributeDisplayNames:: bWVtYmVyT2Ysw5x5ZXNpIG9sdW5hbiBncnVwbGFy
+attributeDisplayNames:: bWFuYWdlcixZw7ZuZXRpY2k=
+attributeDisplayNames:: bWFpbCxFLVBvc3RhIEFkcmVzaQ==
+attributeDisplayNames:: bCzFnmVoaXI=
+attributeDisplayNames:: aXBQaG9uZSxJUCBUZWxlZm9uIE51bWFyYXPEsQ==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsVWx1c2xhcmFyYXPEsSBJU0ROIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: aW5pdGlhbHMsQmHFnyBIYXJmbGVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRXYgQWRyZXNp
+attributeDisplayNames:: aG9tZVBob25lLEV2IFRlbGVmb251
+attributeDisplayNames:: aG9tZURyaXZlLEFuYSBTw7xyw7xjw7w=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxBbmEgS2xhc8O2cg==
+attributeDisplayNames:: Z2l2ZW5OYW1lLMSwbGsgQWQ=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizDnHJldGltc2VsIFNvbmVr
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZha3MgTnVtYXJhc8Sx
+attributeDisplayNames:: ZW1wbG95ZWVJRCzDh2FsxLHFn2FuIEtpbWxpayBOdW1hcmFzxLE=
+attributeDisplayNames:: ZGl2aXNpb24sQsO2bMO8bQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsQXnEsXJ0IEVkaWNpIEFk
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEb8SfcnVkYW4gUmFwb3JsYXI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxCw7Zsw7xt
+attributeDisplayNames:: Y29tcGFueSzFnmlya2V0
+attributeDisplayNames:: Y29tbWVudCxBw6fEsWtsYW1h
+attributeDisplayNames:: Y28sw5xsa2U=
+attributeDisplayNames:: YyzDnGxrZSBLxLFzYWx0bWFzxLE=
+attributeDisplayNames:: Y24sQWTEsQ==
+attributeDisplayNames:: YXNzaXN0YW50LFlhcmTEsW1jxLE=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Grup
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIFNheWZhc8SxIEFkcmVzaQ==
+attributeDisplayNames:: dXJsLFdlYiBTYXlmYXPEsSBBZHJlc2kgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsR3J1cCBhZMSxIChXaW5kb3dzIDIwMDAgw7ZuY2VzaSk=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsxLDFn3llcmkgS29udW11
+attributeDisplayNames:: aW5mbyxOb3RsYXI=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmV0aWsgR8O2csO8bmVuIEFk
+attributeDisplayNames:: bWVtYmVyLMOceWVsZXI=
+attributeDisplayNames:: bWFuYWdlZEJ5LFnDtm5ldGVu
+attributeDisplayNames:: bCzFnmVoaXI=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsQXnEsXJ0IEVkaWNpIEFk
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: YyzDnGxrZSBLxLFzYWx0bWFzxLE=
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RXRraSBBbGFuxLE=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: ZGMsQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: QmHFn3Z1cnU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIFNheWZhc8SxIEFkcmVzaQ==
+attributeDisplayNames:: dXJsLFdlYiBTYXlmYXPEsSBBZHJlc2kgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: dGl0bGUsxLDFnyBVbnZhbsSx
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb24gTnVtYXJhc8Sx
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlcw==
+attributeDisplayNames:: c3QsxLBsw6dl
+attributeDisplayNames:: c24sU295YWTEsQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrcyBOdW1hcmFzxLE=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLFVsdXNsYXJhcmFzxLEgSVNETiBOdW1hcmFzxLE=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0YSBLdXR1c3U=
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0YSBLb2R1
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsxLDFn3llcmkgS29udW11
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxVbnZhbg==
+attributeDisplayNames:: cGFnZXIsw4dhxJ9yxLEgQ2loYXrEsSBOdW1hcmFzxLE=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbiBOdW1hcmFzxLEgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: b3RoZXJQYWdlcizDh2HEn3LEsSBDaWhhesSxIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsQ2VwIFRlbGVmb251IE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtUG9zdGEgQWRyZXNpIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIFRlbGVmb24gTnVtYXJhc8SxIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsRXYgVGVsZWZvbnUgTnVtYXJhc8SxIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmFrcyBOdW1hcmFzxLEgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uZXRpayBCw7Zsw7xtw7w=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbmV0aWsgxZ5pcmtldCBBZMSx
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmV0aWsgR8O2csO8bmVuIEFk
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEZvbmV0aWsgU295YWTEsQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxGb25ldGlrIEFk
+attributeDisplayNames:: bW9iaWxlLENlcCBUZWxlZm9udSBOdW1hcmFzxLE=
+attributeDisplayNames:: bWlkZGxlTmFtZSzEsGtpbmNpIEFk
+attributeDisplayNames:: bWVtYmVyT2Ysw5x5ZXNpIG9sdW5hbiBncnVwbGFy
+attributeDisplayNames:: bWFuYWdlcixZw7ZuZXRpY2k=
+attributeDisplayNames:: bWFpbCxFLVBvc3RhIEFkcmVzaQ==
+attributeDisplayNames:: bCzFnmVoaXI=
+attributeDisplayNames:: aXBQaG9uZSxJUCBUZWxlZm9uIE51bWFyYXPEsQ==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsVWx1c2xhcmFyYXPEsSBJU0ROIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: aW5mbyxOb3RsYXI=
+attributeDisplayNames:: aW5pdGlhbHMsQmHFnyBIYXJmbGVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRXYgQWRyZXNp
+attributeDisplayNames:: aG9tZVBob25lLEV2IFRlbGVmb251
+attributeDisplayNames:: Z2l2ZW5OYW1lLMSwbGsgQWQ=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizDnHJldGltc2VsIFNvbmVr
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZha3MgTnVtYXJhc8Sx
+attributeDisplayNames:: ZW1wbG95ZWVJRCzDh2FsxLHFn2FuIEtpbWxpayBOdW1hcmFzxLE=
+attributeDisplayNames:: ZGl2aXNpb24sQsO2bMO8bQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsQXnEsXJ0IEVkaWNpIEFk
+attributeDisplayNames:: ZGlzcGxheU5hbWUsR8O2csO8bmVuIEFk
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEb8SfcnVkYW4gUmFwb3JsYXI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxCw7Zsw7xt
+attributeDisplayNames:: Y29tcGFueSzFnmlya2V0
+attributeDisplayNames:: Y29tbWVudCxBw6fEsWtsYW1h
+attributeDisplayNames:: Y24sQWTEsQ==
+attributeDisplayNames:: Y28sw5xsa2U=
+attributeDisplayNames:: YyzDnGxrZSBLxLFzYWx0bWFzxLE=
+attributeDisplayNames:: YXNzaXN0YW50LFlhcmTEsW1jxLE=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RXRraSBBbGFuxLEgxLBsa2VzaQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: WWVyZWwgxLBsa2U=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: UGF5bGHFn3TEsXLEsWxtxLHFnyBLbGFzw7Zy
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxBxJ8gWW9sdQ==
+attributeDisplayNames:: a2V5d29yZHMsQW5haHRhciBTw7Z6Y8O8a2xlcg==
+attributeDisplayNames:: bWFuYWdlZEJ5LFnDtm5ldGVu
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Hizmet
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Bilgisayar
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmV0aWsgR8O2csO8bmVuIEFk
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsQmlsZ2lzYXlhciBhZMSxIChXaW5kb3dzIDIwMDAgw7ZuY2VzaSk=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizEsMWfbGV0aW0gU2lzdGVtaSBTw7xyw7xtw7w=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLMSwxZ9sZXRpbSBTaXN0ZW1p
+attributeDisplayNames:: bWFuYWdlZEJ5LFnDtm5ldGVu
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: WWF6xLFjxLE=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixOZXNuZSBTw7xyw7xtw7w=
+attributeDisplayNames:: dXJsLFdlYiBTYXlmYXPEsSBBZHJlc2k=
+attributeDisplayNames:: c2VydmVyTmFtZSxTdW51Y3UgQWTEsQ==
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxaxLFtYmFsYW1hIERlc3Rla2xlbml5b3I=
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsUGF5bGHFn8SxbSBBZMSx
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxEYWtpa2FkYWtpIFNheWZhIFNhecSxc8Sx
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxIxLF6IEJpcmltbGVyaQ==
+attributeDisplayNames:: cHJpbnRSYXRlLEjEsXo=
+attributeDisplayNames:: cHJpbnRPd25lcixTYWhpYmluaW4gQWTEsQ==
+attributeDisplayNames:: cHJpbnRNZW1vcnksWcO8a2zDvCBCZWxsZWs=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxEZXN0ZWtsZW5lbiBLYcSfxLF0IFTDvHJsZXJp
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LEt1bGxhbsSxbGFiaWxpciBLYcSfxLF0
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLEVuIELDvHnDvGsgw4fDtnrDvG7DvHJsw7xr
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxZYXrEsWPEsSBEaWxp
+attributeDisplayNames:: cHJpbnRlck5hbWUsQWTEsQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsw4dpZnQgVGFyYWZsxLEgWWF6ZMSxcm1hIERlc3Rla2xlbml5b3I=
+attributeDisplayNames:: cHJpbnRDb2xvcixSZW5rbGkgWWF6ZMSxcm1hIERlc3Rla2xlbml5b3I=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLEhhcm1hbmxhbWEgRGVzdGVrbGVuaXlvcg==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxHaXJpxZ8gVGVwc2lsZXJp
+attributeDisplayNames:: cG9ydE5hbWUsQmHEn2xhbnTEsSBOb2t0YXPEsQ==
+attributeDisplayNames:: bG9jYXRpb24sS29udW0=
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbGk=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: Y29udGFjdE5hbWUsQmHFn3Z1cnU=
+attributeDisplayNames:: YXNzZXROdW1iZXIsTWFsIE51bWFyYXPEsQ==
+attributeDisplayNames:: dU5DTmFtZSxBxJ8gQWTEsQ==
+attributeDisplayNames:: Y24sRGl6aW4gSGl6bWV0aSBBZMSx
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Site
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Sunucu
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Ayarlar
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIEF5YXJsYXLEsQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIFlpbmVsZW1lIMOceWVzaQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: RXRraSBBbGFuxLEgRGVuZXRsZXlpY2lzaSBBeWFybGFyxLE=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: QmHEn2xhbnTEsQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: QWx0IEHEnw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: WWFwxLFzYWwgQmlyaW0=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LFnDtm5ldGVu
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: b3UsQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: S2Fwc2F5xLFjxLE=
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: R8O8dmVuaWxlbiBFdGtpIEFsYW7EsQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uZXRpayBCw7Zsw7xtw7wsMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbmV0aWsgxZ5pcmtldCBBZMSxLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLEZvbmV0aWsgU295YWTEsSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSxGb25ldGlrIEFkLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmV0aWsgR8O2csO8bmVuIEFkLDAsMTAwLDA=
+extraColumns:: cG9zdGFsQ29kZSxQb3N0YSBLb2R1LDAsMTAwLDA=
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAgRS1Qb3N0YSBBZHJlc2ksMCwxMzAsMA==
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsS3VsbGFuxLFjxLEgb3R1cnVtIGHDp21hIGFkxLEsMCwyMDAsMA==
+extraColumns:: dGl0bGUsxLDFnyBVbnZhbsSxLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyxIZWRlZiBBZHJlc2ksMCwxMDAsMA==
+extraColumns:: c3QsZHVydW0sMCwxMDAsMA==
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsxLDFn3llcmksMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQsRGXEn2nFn3Rpcm1lLDAsMTMwLDA=
+extraColumns:: c24sU295YWTEsSwwLDEwMCww
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsQW5sxLFrIMSwbGV0aSBVUkwsMCwxNDAsMA==
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxBbmzEsWsgxLBsZXRpIEFuYSBTdW51Y3VzdSwwLDE3MCww
+extraColumns:: Z2l2ZW5OYW1lLMSwbGsgQWQsMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixFeGNoYW5nZSBQb3N0YSBLdXR1c3UgRGVwb3N1LDAsMTAwLDA=
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlIERpxJ9lciBBZMSxLDAsMTc1LDA=
+extraColumns:: bWFpbCxFLVBvc3RhIEFkcmVzaSwwLDEwMCww
+extraColumns:: c0FNQWNjb3VudE5hbWUsV2luZG93cyAyMDAwIMOWbmNlc2kgT3R1cnVtIEHDp21hIEFkxLEsMCwxMjAsMA==
+extraColumns:: ZGlzcGxheU5hbWUsR8O2csO8bmVuIEFkLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCxCw7Zsw7xtLDAsMTUwLDA=
+extraColumns:: YyzDnGxrZSwwLC0xLDA=
+extraColumns:: Y29tcGFueSzFnmlya2V0LDAsMTUwLDA=
+extraColumns:: bCzFnmVoaXIsMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLMSwxZ8gVGVsZWZvbnUsMCwxMDAsMA==
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: U2l0ZSBCYcSfbGFudMSxc8Sx
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: QsO2bGdlIEJhxJ9sYW50xLFzxLEgS8O2cHLDvHPDvA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: QsO2bGdlbGVyIEFyYXPEsSBBa3RhcsSxbQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: WWV0a2kgVmVybWUgQsO2bGdlc2kgQXlhcmxhcsSx
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: U2l0ZSBBeWFybGFyxLE=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIMOceWVzaQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS Abonesi
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS Abonelikleri
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: RPC Hizmetleri
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSBLdXlydcSfdQ==
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSBZYXDEsWxhbmTEsXJtYXPEsQ==
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUSBLdXJ1bHXFnw==
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUSBZw7xrc2VsdGlsbWnFnyBLdWxsYW7EsWPEsQ==
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSBZw7ZubGVuZGlybWUgQmHEn2xhbnTEsXPEsQ==
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSBBeWFybGFyxLE=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUSBLdXlydWsgRGnEn2VyIEFkxLE=
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSxCacOnaW0gQWTEsQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: MSMQ Grubu
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLMOceWUgS3V5cnVrbGFyxLE=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Uzakta Depolama Hizmeti
+adminContextMenu:: MCwmWcO2bmV0Li4uLFJzQWRtaW4ubXNj
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QsO2bGdlbGVyIEthcHNhecSxY8Sxc8Sx
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QsO2bGdlbGVyIEFyYXPEsSBBa3RhcsSxbWxhciBLYXBzYXnEsWPEsXPEsQ==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWx0IEHEn2xhciBLYXBzYXnEsWPEsXPEsQ==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U3VudWN1bGFyIEthcHNhecSxY8Sxc8Sx
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeSBFdGtpIEFsYW7EsSBIaXptZXRsZXJp
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U29yZ3UgxLBsa2VzaQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: WWFiYW5jxLEgR8O8dmVubGlrIFNvcnVtbHVzdQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: U2VydGlmaWthIMWeYWJsb251
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LEJpbGluZW4gU29uIMOcc3Qgw5bEn2UsMSwzMDAsMA==
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LFlhcmTEsW1jxLE=
+attributeDisplayNames:: Y24sQWTEsQ==
+attributeDisplayNames:: YyzDnGxrZSBLxLFzYWx0bWFzxLE=
+attributeDisplayNames:: Y28sw5xsa2U=
+attributeDisplayNames:: Y29tbWVudCxBw6fEsWtsYW1h
+attributeDisplayNames:: Y29tcGFueSzFnmlya2V0
+attributeDisplayNames:: ZGVwYXJ0bWVudCxCw7Zsw7xt
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEb8SfcnVkYW4gUmFwb3JsYXI=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsQXnEsXJ0IEVkaWNpIEFk
+attributeDisplayNames:: ZGl2aXNpb24sQsO2bMO8bQ==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzDh2FsxLHFn2FuIEtpbWxpayBOdW1hcmFzxLE=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZha3MgTnVtYXJhc8Sx
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizDnHJldGltc2VsIFNvbmVr
+attributeDisplayNames:: Z2l2ZW5OYW1lLMSwbGsgQWQ=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxBbmEgS2xhc8O2cg==
+attributeDisplayNames:: aG9tZURyaXZlLEFuYSBTw7xyw7xjw7w=
+attributeDisplayNames:: aG9tZVBob25lLEV2IFRlbGVmb251
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRXYgQWRyZXNp
+attributeDisplayNames:: aW5pdGlhbHMsQmHFnyBIYXJmbGVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsVWx1c2xhcmFyYXPEsSBJU0ROIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: aXBQaG9uZSxJUCBUZWxlZm9uIE51bWFyYXPEsQ==
+attributeDisplayNames:: bCzFnmVoaXI=
+attributeDisplayNames:: bWFpbCxFLVBvc3RhIEFkcmVzaQ==
+attributeDisplayNames:: bWFuYWdlcixZw7ZuZXRpY2k=
+attributeDisplayNames:: bWVtYmVyT2Ysw5x5ZXNpIG9sdW5hbiBncnVwbGFy
+attributeDisplayNames:: bWlkZGxlTmFtZSzEsGtpbmNpIEFk
+attributeDisplayNames:: bW9iaWxlLENlcCBUZWxlZm9udSBOdW1hcmFzxLE=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uZXRpayBCw7Zsw7xtw7w=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbmV0aWsgxZ5pcmtldCBBZMSx
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmV0aWsgR8O2csO8bmVuIEFk
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEZvbmV0aWsgU295YWTEsQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxGb25ldGlrIEFk
+attributeDisplayNames:: aW5mbyxOb3RsYXI=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmFrcyBOdW1hcmFzxLEgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsRXYgVGVsZWZvbnUgTnVtYXJhc8SxIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIFRlbGVmb24gTnVtYXJhc8SxIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtUG9zdGEgQWRyZXNpIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsQ2VwIFRlbGVmb251IE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: b3RoZXJQYWdlcizDh2HEn3LEsSBDaWhhesSxIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbiBOdW1hcmFzxLEgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: cGFnZXIsw4dhxJ9yxLEgQ2loYXrEsSBOdW1hcmFzxLE=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxVbnZhbg==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsxLDFn3llcmkgS29udW11
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0YSBLb2R1
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0YSBLdXR1c3U=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLFVsdXNsYXJhcmFzxLEgSVNETiBOdW1hcmFzxLE=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrcyBOdW1hcmFzxLE=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsT3R1cnVtIEHDp21hIEFkxLEgKFdpbmRvd3MgMjAwMCDDtm5jZXNpKQ==
+attributeDisplayNames:: c24sU295YWTEsQ==
+attributeDisplayNames:: c3QsxLBsw6dl
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlcw==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb24gTnVtYXJhc8Sx
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: dGl0bGUsxLDFnyBVbnZhbsSx
+attributeDisplayNames:: dXJsLFdlYiBTYXlmYXPEsSBBZHJlc2kgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: ZGlzcGxheU5hbWUsR8O2csO8bmVuIEFk
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxPdHVydW0gQcOnbWEgxLDFnyDEsHN0YXN5b25sYXLEsQ==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsT3R1cnVtIEHDp21hIEFkxLE=
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIFNheWZhc8SxIEFkcmVzaQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror Group
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror Service
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{2B36667C-0729-4e7f-840A-E2E546D9D99C}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 44Om44O844K244O8
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIOODmuODvOOCuCDjgqLjg4njg6zjgrk=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs44Ot44Kw44Kq44Oz5ZCN
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzjg63jgrDjgqrjg7PjgafjgY3jgovjg6/jg7zjgq/jgrnjg4bjg7zjgrfjg6fjg7M=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs6KGo56S65ZCN
+attributeDisplayNames:: dXJsLFdlYiDjg5rjg7zjgrgg44Ki44OJ44Os44K5ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: dGl0bGUs5b256IG3
+attributeDisplayNames:: dGVsZXhOdW1iZXIs44OG44Os44OD44Kv44K555Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOmbu+ipseeVquWPtw==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyznlarlnLA=
+attributeDisplayNames:: c3Qs6YO96YGT5bqc55yM
+attributeDisplayNames:: c24s5aeT
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs44Ot44Kw44Kq44Oz5ZCNIChXaW5kb3dzIDIwMDAg5Lul5YmNKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOODhuODrOODg+OCr+OCueeVquWPtw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWbvemamyBJU0ROIOeVquWPtw==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCznp4Hmm7jnrrE=
+attributeDisplayNames:: cG9zdGFsQ29kZSzpg7Xkvr/nlarlj7c=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5LqL5qWt5omA
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzmlaznp7A=
+attributeDisplayNames:: cGFnZXIs44Od44Kx44OD44OI44OZ44Or55Wq5Y+3
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJQYWdlcizjg53jgrHjg4Pjg4jjg5njg6vnlarlj7cgKOOBneOBruS7lik=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs5pC65biv6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOmbu+WtkOODoeODvOODqyDjgqLjg4njg6zjgrkgKOOBneOBruS7lik=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOmbu+ipseeVquWPtyAo44Gd44Gu5LuWKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs6Ieq5a6F6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRkFYIOeVquWPtyAo44Gd44Gu5LuWKQ==
+attributeDisplayNames:: aW5mbyzjg6Hjg6I=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs44OV44Oq44Ks44OKICjpg6jnvbIp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLOODleODquOCrOODiiAo5Lya56S+5ZCNKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOODleODquOCrOODiiAo6KGo56S65ZCNKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLOODleODquOCrOODiiAo5aeTKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzjg5Xjg6rjgqzjg4ogKOWQjSk=
+attributeDisplayNames:: bW9iaWxlLOaQuuW4r+mbu+ipseeVquWPtw==
+attributeDisplayNames:: bWlkZGxlTmFtZSzjg5/jg4njg6sg44ON44O844Og
+attributeDisplayNames:: bWVtYmVyT2Ys5omA5bGe44GZ44KL44Kw44Or44O844OX
+attributeDisplayNames:: bWFuYWdlcizkuIrlj7g=
+attributeDisplayNames:: bWFpbCzpm7vlrZDjg6Hjg7zjg6sg44Ki44OJ44Os44K5
+attributeDisplayNames:: bCzluILljLrnlLrmnZE=
+attributeDisplayNames:: aXBQaG9uZSxJUCDpm7voqbHnlarlj7c=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5Zu96ZqbIElTRE4g55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: aW5pdGlhbHMs44Kk44OL44K344Oj44Or
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms6Ieq5a6F5L2P5omA
+attributeDisplayNames:: aG9tZVBob25lLOiHquWuhembu+ipseeVquWPtw==
+attributeDisplayNames:: aG9tZURyaXZlLOODm+ODvOODoCDjg4njg6njgqTjg5Y=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzjg5vjg7zjg6Ag44OV44Kp44Or44OA
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjQ==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizlkI3liY3jgrXjg5XjgqPjg4Pjgq/jgrk=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZBWCDnlarlj7c=
+attributeDisplayNames:: ZW1wbG95ZWVJRCznpL7lk6EgSUQ=
+attributeDisplayNames:: ZGl2aXNpb24s5pys6YOo
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs6K2Y5Yil5ZCN
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXloLHlkYrogIU=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jnvbI=
+attributeDisplayNames:: Y29tcGFueSzkvJrnpL7lkI0=
+attributeDisplayNames:: Y29tbWVudCzjgrPjg6Hjg7Pjg4g=
+attributeDisplayNames:: Y28s5Zu9
+attributeDisplayNames:: Yyzlm73jga7nlaXlkI0=
+attributeDisplayNames:: Y24s5ZCN5YmN
+attributeDisplayNames:: YXNzaXN0YW50LOOCouOCt+OCueOCv+ODs+ODiA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 44Kw44Or44O844OX
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIOODmuODvOOCuCDjgqLjg4njg6zjgrk=
+attributeDisplayNames:: dXJsLFdlYiDjg5rjg7zjgrgg44Ki44OJ44Os44K5ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs44Kw44Or44O844OX5ZCNIChXaW5kb3dzIDIwMDAg5Lul5YmNKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5LqL5qWt5omA
+attributeDisplayNames:: aW5mbyzjg6Hjg6I=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOODleODquOCrOODiiAo6KGo56S65ZCNKQ==
+attributeDisplayNames:: bWVtYmVyLOODoeODs+ODkA==
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: bCzluILljLrnlLrmnZE=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs6K2Y5Yil5ZCN
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Yyzlm73jga7nlaXlkI0=
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 44OJ44Oh44Kk44Oz
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: ZGMs5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{2B36667C-0729-4e7f-840A-E2E546D9D99C}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 6YCj57Wh5YWI
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIOODmuODvOOCuCDjgqLjg4njg6zjgrk=
+attributeDisplayNames:: dXJsLFdlYiDjg5rjg7zjgrgg44Ki44OJ44Os44K5ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: dGl0bGUs5b256IG3
+attributeDisplayNames:: dGVsZXhOdW1iZXIs44OG44Os44OD44Kv44K555Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOmbu+ipseeVquWPtw==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyznlarlnLA=
+attributeDisplayNames:: c3Qs6YO96YGT5bqc55yM
+attributeDisplayNames:: c24s5aeT
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOODhuODrOODg+OCr+OCueeVquWPtw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWbvemamyBJU0ROIOeVquWPtw==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCznp4Hmm7jnrrE=
+attributeDisplayNames:: cG9zdGFsQ29kZSzpg7Xkvr/nlarlj7c=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5LqL5qWt5omA
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzmlaznp7A=
+attributeDisplayNames:: cGFnZXIs44Od44Kx44OD44OI44OZ44Or55Wq5Y+3
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJQYWdlcizjg53jgrHjg4Pjg4jjg5njg6vnlarlj7cgKOOBneOBruS7lik=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs5pC65biv6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOmbu+WtkOODoeODvOODqyDjgqLjg4njg6zjgrkgKOOBneOBruS7lik=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOmbu+ipseeVquWPtyAo44Gd44Gu5LuWKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs6Ieq5a6F6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRkFYIOeVquWPtyAo44Gd44Gu5LuWKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs44OV44Oq44Ks44OKICjpg6jnvbIp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLOODleODquOCrOODiiAo5Lya56S+5ZCNKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOODleODquOCrOODiiAo6KGo56S65ZCNKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLOODleODquOCrOODiiAo5aeTKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzjg5Xjg6rjgqzjg4ogKOWQjSk=
+attributeDisplayNames:: bW9iaWxlLOaQuuW4r+mbu+ipseeVquWPtw==
+attributeDisplayNames:: bWlkZGxlTmFtZSzjg5/jg4njg6sg44ON44O844Og
+attributeDisplayNames:: bWVtYmVyT2Ys5omA5bGe44GZ44KL44Kw44Or44O844OX
+attributeDisplayNames:: bWFuYWdlcizkuIrlj7g=
+attributeDisplayNames:: bWFpbCzpm7vlrZDjg6Hjg7zjg6sg44Ki44OJ44Os44K5
+attributeDisplayNames:: bCzluILljLrnlLrmnZE=
+attributeDisplayNames:: aXBQaG9uZSxJUCDpm7voqbHnlarlj7c=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5Zu96ZqbIElTRE4g55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: aW5mbyzjg6Hjg6I=
+attributeDisplayNames:: aW5pdGlhbHMs44Kk44OL44K344Oj44Or
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms6Ieq5a6F5L2P5omA
+attributeDisplayNames:: aG9tZVBob25lLOiHquWuhembu+ipseeVquWPtw==
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjQ==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizlkI3liY3jgrXjg5XjgqPjg4Pjgq/jgrk=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZBWCDnlarlj7c=
+attributeDisplayNames:: ZW1wbG95ZWVJRCznpL7lk6EgSUQ=
+attributeDisplayNames:: ZGl2aXNpb24s5pys6YOo
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs6K2Y5Yil5ZCN
+attributeDisplayNames:: ZGlzcGxheU5hbWUs6KGo56S65ZCN
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXloLHlkYrogIU=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jnvbI=
+attributeDisplayNames:: Y29tcGFueSzkvJrnpL7lkI0=
+attributeDisplayNames:: Y29tbWVudCzjgrPjg6Hjg7Pjg4g=
+attributeDisplayNames:: Y24s5ZCN5YmN
+attributeDisplayNames:: Y28s5Zu9
+attributeDisplayNames:: Yyzlm73jga7nlaXlkI0=
+attributeDisplayNames:: YXNzaXN0YW50LOOCouOCt+OCueOCv+ODs+ODiA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 44OJ44Oh44Kk44OzIOODneODquOCt+ODvA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 44Ot44O844Kr44OrIOODneODquOCt+ODvA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5YWx5pyJ44OV44Kp44Or44OA
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSzjg43jg4Pjg4jjg6/jg7zjgq8g44OR44K5
+attributeDisplayNames:: a2V5d29yZHMs44Kt44O844Ov44O844OJ
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 44K144O844OT44K5
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 44Kz44Oz44OU44Ol44O844K/
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOODleODquOCrOODiiAo6KGo56S65ZCNKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs44Kz44Oz44OU44Ol44O844K/5ZCNIChXaW5kb3dzIDIwMDAg5Lul5YmNKQ==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizjgqrjg5rjg6zjg7zjg4bjgqPjg7PjgrAg44K344K544OG44Og44Gu44OQ44O844K444On44Oz
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLOOCquODmuODrOODvOODhuOCo+ODs+OCsCDjgrfjgrnjg4bjg6A=
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 44OX44Oq44Oz44K/
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcizjgqrjg5bjgrjjgqfjgq/jg4jjga7jg5Djg7zjgrjjg6fjg7M=
+attributeDisplayNames:: dXJsLFdlYiDjg5rjg7zjgrgg44Ki44OJ44Os44K5
+attributeDisplayNames:: c2VydmVyTmFtZSzjgrXjg7zjg5Djg7zlkI0=
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzjg5vjg4Hjgq3jgrnmraLjgoHjgpLjgrXjg53jg7zjg4g=
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUs5YWx5pyJ5ZCN
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzjg5rjg7zjgrgv5YiG
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzpgJ/luqbjga7ljZjkvY0=
+attributeDisplayNames:: cHJpbnRSYXRlLOmAn+W6pg==
+attributeDisplayNames:: cHJpbnRPd25lcizmiYDmnInogIXlkI0=
+attributeDisplayNames:: cHJpbnRNZW1vcnks44Kk44Oz44K544OI44O844Or44GV44KM44Gf44Oh44Oi44Oq
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzjgrXjg53jg7zjg4jjgZXjgozjgovnlKjntJnjga7nqK7poZ4=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LOWIqeeUqOWPr+iDveOBqueUqOe0mQ==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLOacgOmrmOino+WDj+W6pg==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSzjg5fjg6rjg7Pjgr/oqIDoqp4=
+attributeDisplayNames:: cHJpbnRlck5hbWUs5ZCN5YmN
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQs5Lih6Z2i5Y2w5Yi344KS44K144Od44O844OI
+attributeDisplayNames:: cHJpbnRDb2xvcizjgqvjg6njg7zljbDliLfjgpLjgrXjg53jg7zjg4g=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLOS4geWQiOOBhOOCkuOCteODneODvOODiA==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzlhaXlipvjg4jjg6zjgqQ=
+attributeDisplayNames:: cG9ydE5hbWUs44Od44O844OI
+attributeDisplayNames:: bG9jYXRpb24s5aC05omA
+attributeDisplayNames:: ZHJpdmVyTmFtZSzjg6Ljg4fjg6s=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s44Kz44Oh44Oz44OI
+attributeDisplayNames:: Y29udGFjdE5hbWUs6YCj57Wh5YWI
+attributeDisplayNames:: YXNzZXROdW1iZXIs6LOH55Sj55Wq5Y+3
+attributeDisplayNames:: dU5DTmFtZSzjg43jg4Pjg4jjg6/jg7zjgq/lkI0=
+attributeDisplayNames:: Y24s44OH44Kj44Os44Kv44OI44OqIOOCteODvOODk+OCueWQjQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 44K144Kk44OI
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 44K144O844OQ44O8
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 6Kit5a6a
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOioreWumg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOikh+ijveeJqeOCu+ODg+ODiA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 44OJ44Oh44Kk44OzIOOCs+ODs+ODiOODreODvOODqeOBruioreWumg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 5o6l57aa
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 44K144OW44ON44OD44OI
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 57WE57mU5Y2Y5L2NIChPVSk=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: b3Us5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 44Kz44Oz44OG44OK
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 5L+h6aC844GV44KM44KL5YG044Gu44OJ44Oh44Kk44Oz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQs44OV44Oq44Ks44OKICjpg6jnvbIpLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLOODleODquOCrOODiiAo5Lya56S+5ZCNKSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLOODleODquOCrOODiiAo5aeTKSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSzjg5Xjg6rjgqzjg4ogKOWQjSksMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOODleODquOCrOODiiAo6KGo56S65ZCNKSwwLDEwMCww
+extraColumns:: cG9zdGFsQ29kZSzpg7Xkvr/nlarlj7csMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAg6Zu75a2Q44Oh44O844OrIOOCouODieODrOOCuSwwLDEzMCww
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUs44Om44O844K244O8IOODreOCsOOCquODs+WQjSwwLDIwMCww
+extraColumns:: dGl0bGUs5b256IG3LDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyzjgr/jg7zjgrLjg4Pjg4gg44Ki44OJ44Os44K5LDAsMTAwLDA=
+extraColumns:: c3Qs6YO96YGT5bqc55yMLDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5LqL5qWt5omALDAsMTAwLDA=
+extraColumns:: d2hlbkNoYW5nZWQs5pu05paw5pel5pmCLDAsMTMwLDA=
+extraColumns:: c24s5aeTLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkws44Kk44Oz44K544K/44Oz44OIIOODoeODg+OCu+ODvOOCuOODs+OCsCBVUkwsMCwxNDAsMA==
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCzjgqTjg7Pjgrnjgr/jg7Pjg4gg44Oh44OD44K744O844K444Oz44KwIOODm+ODvOODoCDjgrXjg7zjg5Djg7wsMCwxNzAsMA==
+extraColumns:: Z2l2ZW5OYW1lLOWQjSwwLDEwMCww
+extraColumns:: aG9tZU1EQixFeGNoYW5nZSDjg6Hjg7zjg6vjg5zjg4Pjgq/jgrkg44K544OI44KiLDAsMTAwLDA=
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlIOOCqOOCpOODquOCouOCuSwwLDE3NSww
+extraColumns:: bWFpbCzpm7vlrZDjg6Hjg7zjg6sg44Ki44OJ44Os44K5LDAsMTAwLDA=
+extraColumns:: c0FNQWNjb3VudE5hbWUsV2luZG93cyAyMDAwIOS7peWJjeOBruODreOCsOOCquODs+WQjSwwLDEyMCww
+extraColumns:: ZGlzcGxheU5hbWUs6KGo56S65ZCNLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCzpg6jnvbIsMCwxNTAsMA==
+extraColumns:: Yyzlm70sMCwtMSww
+extraColumns:: Y29tcGFueSzkvJrnpL7lkI0sMCwxNTAsMA==
+extraColumns:: bCzluILljLrnlLrmnZEsMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLOWLpOWLmeWFiOmbu+ipsSwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 44K144Kk44OIIOODquODs+OCrw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 44K144Kk44OIIOODquODs+OCryDjg5bjg6rjg4Pjgrg=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 44K144Kk44OI6ZaT44OI44Op44Oz44K544Od44O844OI
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 44Op44Kk44K744Oz44K5IOOCteOCpOODiOOBruioreWumg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: 44K144Kk44OI44Gu6Kit5a6a
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOODoeODs+ODkA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOOCteODluOCueOCr+ODqeOCpOODkA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOOCteODluOCueOCr+ODquODl+OCt+ODp+ODsw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UlBDIOOCteODvOODk+OCuQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDjgq3jg6Xjg7w=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDmp4vmiJA=
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUSDjgqjjg7Pjgr/jg7zjg5fjg6njgqTjgro=
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUSDjgqLjg4Pjg5fjgrDjg6zjg7zjg4nmuIjjgb/jg6bjg7zjgrbjg7w=
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDjg6vjg7zjg4bjgqPjg7PjgrAg44Oq44Oz44Kv
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDoqK3lrpo=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUSDjgq3jg6Xjg7wg44Ko44Kk44Oq44Ki44K5
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSzlvaLlvI/lkI0=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: TVNNUSDjgrDjg6vjg7zjg5c=
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLOODoeODs+ODkCDjgq3jg6Xjg7w=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 44Oq44Oi44O844OI6KiY5oa25Z+f44K144O844OT44K5
+adminContextMenu:: MCznrqHnkIYoJk0pLi4uLFJzQWRtaW4ubXNj
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 44K144Kk44OIIOOCs+ODs+ODhuODig==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 44K144Kk44OI6ZaT44OI44Op44Oz44K544Od44O844OIIOOCs+ODs+ODhuODig==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 44K144OW44ON44OD44OIIOOCs+ODs+ODhuODig==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 44K144O844OQ44O8IOOCs+ODs+ODhuODig==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeSDjg4njg6HjgqTjg7Mg44K144O844OT44K5
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 44Kv44Ko44OqIOODneODquOCt+ODvA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 5aSW6YOo44Gu44K744Kt44Ol44Oq44OG44KjIOODl+ODquODs+OCt+ODkeODqw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: 6Ki85piO5pu444OG44Oz44OX44Os44O844OI
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LOacgOW+jOOBq+eiuuiqjeOBleOCjOOBn+imqiwxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{2B36667C-0729-4e7f-840A-E2E546D9D99C}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LOOCouOCt+OCueOCv+ODs+ODiA==
+attributeDisplayNames:: Y24s5ZCN5YmN
+attributeDisplayNames:: Yyzlm73jga7nlaXlkI0=
+attributeDisplayNames:: Y28s5Zu9
+attributeDisplayNames:: Y29tbWVudCzjgrPjg6Hjg7Pjg4g=
+attributeDisplayNames:: Y29tcGFueSzkvJrnpL7lkI0=
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jnvbI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXloLHlkYrogIU=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs6K2Y5Yil5ZCN
+attributeDisplayNames:: ZGl2aXNpb24s5pys6YOo
+attributeDisplayNames:: ZW1wbG95ZWVJRCznpL7lk6EgSUQ=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZBWCDnlarlj7c=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizlkI3liY3jgrXjg5XjgqPjg4Pjgq/jgrk=
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjQ==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzjg5vjg7zjg6Ag44OV44Kp44Or44OA
+attributeDisplayNames:: aG9tZURyaXZlLOODm+ODvOODoCDjg4njg6njgqTjg5Y=
+attributeDisplayNames:: aG9tZVBob25lLOiHquWuhembu+ipseeVquWPtw==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms6Ieq5a6F5L2P5omA
+attributeDisplayNames:: aW5pdGlhbHMs44Kk44OL44K344Oj44Or
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5Zu96ZqbIElTRE4g55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: aXBQaG9uZSxJUCDpm7voqbHnlarlj7c=
+attributeDisplayNames:: bCzluILljLrnlLrmnZE=
+attributeDisplayNames:: bWFpbCzpm7vlrZDjg6Hjg7zjg6sg44Ki44OJ44Os44K5
+attributeDisplayNames:: bWFuYWdlcizkuIrlj7g=
+attributeDisplayNames:: bWVtYmVyT2Ys5omA5bGe44GZ44KL44Kw44Or44O844OX
+attributeDisplayNames:: bWlkZGxlTmFtZSzjg5/jg4njg6sg44ON44O844Og
+attributeDisplayNames:: bW9iaWxlLOaQuuW4r+mbu+ipseeVquWPtw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs44OV44Oq44Ks44OKICjpg6jnvbIp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLOODleODquOCrOODiiAo5Lya56S+5ZCNKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOODleODquOCrOODiiAo6KGo56S65ZCNKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLOODleODquOCrOODiiAo5aeTKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzjg5Xjg6rjgqzjg4ogKOWQjSk=
+attributeDisplayNames:: aW5mbyzjg6Hjg6I=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRkFYIOeVquWPtyAo44Gd44Gu5LuWKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs6Ieq5a6F6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOmbu+ipseeVquWPtyAo44Gd44Gu5LuWKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOmbu+WtkOODoeODvOODqyDjgqLjg4njg6zjgrkgKOOBneOBruS7lik=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs5pC65biv6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJQYWdlcizjg53jgrHjg4Pjg4jjg5njg6vnlarlj7cgKOOBneOBruS7lik=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: cGFnZXIs44Od44Kx44OD44OI44OZ44Or55Wq5Y+3
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzmlaznp7A=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5LqL5qWt5omA
+attributeDisplayNames:: cG9zdGFsQ29kZSzpg7Xkvr/nlarlj7c=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCznp4Hmm7jnrrE=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWbvemamyBJU0ROIOeVquWPtw==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOODhuODrOODg+OCr+OCueeVquWPtw==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs44Ot44Kw44Kq44Oz5ZCNIChXaW5kb3dzIDIwMDAg5Lul5YmNKQ==
+attributeDisplayNames:: c24s5aeT
+attributeDisplayNames:: c3Qs6YO96YGT5bqc55yM
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyznlarlnLA=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOmbu+ipseeVquWPtw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIs44OG44Os44OD44Kv44K555Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: dGl0bGUs5b256IG3
+attributeDisplayNames:: dXJsLFdlYiDjg5rjg7zjgrgg44Ki44OJ44Os44K5ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: ZGlzcGxheU5hbWUs6KGo56S65ZCN
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzjg63jgrDjgqrjg7PjgafjgY3jgovjg6/jg7zjgq/jgrnjg4bjg7zjgrfjg6fjg7M=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs44Ot44Kw44Kq44Oz5ZCN
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIOODmuODvOOCuCDjgqLjg4njg6zjgrk=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=inetOrgPerson-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+attributeDisplayNames:: Y24sTmF2bg==
+attributeDisplayNames:: YyxMYW5kZWZvcmtvcnRlbHNl
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBZmRlbGluZw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEaXJla3RlIHVuZGVyb3JkbmVkZQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsRW50eWRpZ3QgbmF2bg==
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb24=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnNhdHRlcyBJRC1udW1tZXI=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYXZuZXN1ZmZpa3MgKGYuZWtzLiBTci4sIEpyLiwgSUlJKQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEZvcm5hdm4=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxIamVtbWVtYXBwZQ==
+attributeDisplayNames:: aG9tZURyaXZlLEhqZW1tZWRyZXY=
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gKHByaXZhdCk=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzZSAocHJpdmF0KQ==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50ZXJuYXRpb25hbHQgSVNETi1udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: bCxCeQ==
+attributeDisplayNames:: bWFpbCxFLW1haWwtYWRyZXNzZQ==
+attributeDisplayNames:: bWFuYWdlcixPdmVyb3JkbmV0
+attributeDisplayNames:: bWVtYmVyT2YsTWVkbGVtIGFm
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsZW1uYXZu
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uZXRpc2sgYWZkZWxpbmc=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbmV0aXNrIGZpcm1hbmF2bg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmV0aXNrIHZpc3QgbmF2bg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEZvbmV0aXNrIGVmdGVybmF2bg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxGb25ldGlzayBmb3JuYXZu
+attributeDisplayNames:: aW5mbyxOb3Rlcg==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgcHJpdmF0IChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtbWFpbC1hZHJlc3NlIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7hnZXJudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbiwgYXJiZWpkZSAoYW5kcmUp
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O4Z2VybnVtbWVy
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRlbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9yYWRyZXNzZQ==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0Ym9rcw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGVybmF0aW9uYWx0IElTRE4tbnVtbWVy
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4bnVtbWVy
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTG9nb25uYXZuIChmw7hyIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: c24sRWZ0ZXJuYXZu
+attributeDisplayNames:: c3QsT21yw6VkZS9yZWdpb24=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc3Nl
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: dGl0bGUsU3RpbGxpbmc=
+attributeDisplayNames:: dXJsLEFkcmVzc2UgcMOlIHdlYnNpZGUgKGFuZHJlKQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzdCBuYXZu
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxMb2cgcMOlIGFyYmVqZHNzdGF0aW9uZXI=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTG9nb25uYXZu
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBww6Ugd2Vic3RlZA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=DS-UI-Default-Settings,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Gruppen IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: Tjenesten IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Bruger
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBww6Ugd2Vic3RlZA==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTG9nb25uYXZu
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxMb2cgcMOlIGFyYmVqZHNzdGF0aW9uZXI=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzdCBuYXZu
+attributeDisplayNames:: dXJsLEFkcmVzc2UgcMOlIHdlYnNpZGUgKGFuZHJlKQ==
+attributeDisplayNames:: dGl0bGUsU3RpbGxpbmc=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc3Nl
+attributeDisplayNames:: c3QsT21yw6VkZS9yZWdpb24=
+attributeDisplayNames:: c24sRWZ0ZXJuYXZu
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTG9nb25uYXZuIChmw7hyIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4bnVtbWVy
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGVybmF0aW9uYWx0IElTRE4tbnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0Ym9rcw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9yYWRyZXNzZQ==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRlbA==
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O4Z2VybnVtbWVy
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbiwgYXJiZWpkZSAoYW5kcmUp
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7hnZXJudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtbWFpbC1hZHJlc3NlIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgcHJpdmF0IChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: aW5mbyxOb3Rlcg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uZXRpc2sgYWZkZWxpbmc=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbmV0aXNrIGZpcm1hbmF2bg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmV0aXNrIHZpc3QgbmF2bg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEZvbmV0aXNrIGVmdGVybmF2bg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxGb25ldGlzayBmb3JuYXZu
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsZW1uYXZu
+attributeDisplayNames:: bWVtYmVyT2YsTWVkbGVtIGFm
+attributeDisplayNames:: bWFuYWdlcixPdmVyb3JkbmV0
+attributeDisplayNames:: bWFpbCxFLW1haWwtYWRyZXNzZQ==
+attributeDisplayNames:: bCxCeQ==
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50ZXJuYXRpb25hbHQgSVNETi1udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzZSAocHJpdmF0KQ==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gKHByaXZhdCk=
+attributeDisplayNames:: aG9tZURyaXZlLEhqZW1tZWRyZXY=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxIamVtbWVtYXBwZQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEZvcm5hdm4=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYXZuZXN1ZmZpa3MgKGYuZWtzLiBTci4sIEpyLiwgSUlJKQ==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnNhdHRlcyBJRC1udW1tZXI=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb24=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsRW50eWRpZ3QgbmF2bg==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEaXJla3RlIHVuZGVyb3JkbmVkZQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBZmRlbGluZw==
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kZWZvcmtvcnRlbHNl
+attributeDisplayNames:: Y24sTmF2bg==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Gruppe
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBww6Ugd2Vic3RlZA==
+attributeDisplayNames:: dXJsLEFkcmVzc2UgcMOlIHdlYnNpZGUgKGFuZHJlKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsR3J1cHBlbmF2biAoZsO4ciBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9yYWRyZXNzZQ==
+attributeDisplayNames:: aW5mbyxOb3Rlcg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmV0aXNrIHZpc3QgbmF2bg==
+attributeDisplayNames:: bWVtYmVyLE1lZGxlbW1lcg==
+attributeDisplayNames:: bWFuYWdlZEJ5LEFkbWluaXN0cmVyZXQgYWY=
+attributeDisplayNames:: bCxCeQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsRW50eWRpZ3QgbmF2bg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: YyxMYW5kZWZvcmtvcnRlbHNl
+attributeDisplayNames:: Y24sTmF2bg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9tw6ZuZQ==
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: dc,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Kontaktperson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBww6Ugd2Vic3RlZA==
+attributeDisplayNames:: dXJsLEFkcmVzc2UgcMOlIHdlYnNpZGUgKGFuZHJlKQ==
+attributeDisplayNames:: dGl0bGUsU3RpbGxpbmc=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc3Nl
+attributeDisplayNames:: c3QsT21yw6VkZS9yZWdpb24=
+attributeDisplayNames:: c24sRWZ0ZXJuYXZu
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4bnVtbWVy
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGVybmF0aW9uYWx0IElTRE4tbnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0Ym9rcw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9yYWRyZXNzZQ==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRlbA==
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O4Z2VybnVtbWVy
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbiwgYXJiZWpkZSAoYW5kcmUp
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7hnZXJudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtbWFpbC1hZHJlc3NlIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgcHJpdmF0IChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uZXRpc2sgYWZkZWxpbmc=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbmV0aXNrIGZpcm1hbmF2bg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmV0aXNrIHZpc3QgbmF2bg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEZvbmV0aXNrIGVmdGVybmF2bg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxGb25ldGlzayBmb3JuYXZu
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsZW1uYXZu
+attributeDisplayNames:: bWVtYmVyT2YsTWVkbGVtIGFm
+attributeDisplayNames:: bWFuYWdlcixPdmVyb3JkbmV0
+attributeDisplayNames:: bWFpbCxFLW1haWwtYWRyZXNzZQ==
+attributeDisplayNames:: bCxCeQ==
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50ZXJuYXRpb25hbHQgSVNETi1udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: aW5mbyxOb3Rlcg==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzZSAocHJpdmF0KQ==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gKHByaXZhdCk=
+attributeDisplayNames:: Z2l2ZW5OYW1lLEZvcm5hdm4=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYXZuZXN1ZmZpa3MgKGYuZWtzLiBTci4sIEpyLiwgSUlJKQ==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnNhdHRlcyBJRC1udW1tZXI=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb24=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsRW50eWRpZ3QgbmF2bg==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzdCBuYXZu
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEaXJla3RlIHVuZGVyb3JkbmVkZQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBZmRlbGluZw==
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y24sTmF2bg==
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kZWZvcmtvcnRlbHNl
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9tw6ZuZXBvbGl0aWs=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Lokal politik
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Delt mappe
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxOZXR2w6Zya3NzdGk=
+attributeDisplayNames:: a2V5d29yZHMsTsO4Z2xlb3Jk
+attributeDisplayNames:: bWFuYWdlZEJ5LEFkbWluaXN0cmVyZXQgYWY=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: Y24sTmF2bg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Tjeneste
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Computer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmV0aXNrIHZpc3QgbmF2bg==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsQ29tcHV0ZXJuYXZuIChmw7hyIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixPcGVyYXRpdnN5c3RlbSAtIHZlcnNpb24=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLE9wZXJhdGl2c3lzdGVt
+attributeDisplayNames:: bWFuYWdlZEJ5LEFkbWluaXN0cmVyZXQgYWY=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: Y24sTmF2bg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Printer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixPYmpla3R2ZXJzaW9u
+attributeDisplayNames:: dXJsLEFkcmVzc2UgcMOlIHdlYnN0ZWQ=
+attributeDisplayNames:: c2VydmVyTmFtZSxTZXJ2ZXJuYXZu
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxVbmRlcnN0w7h0dGVyIGjDpmZ0bmluZw==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsU2hhcmVuYXZu
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxTaWRlciBwci4gbWludXQ=
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxIYXN0aWdoZWRzZW5oZWRlcg==
+attributeDisplayNames:: cHJpbnRSYXRlLEhhc3RpZ2hlZA==
+attributeDisplayNames:: cHJpbnRPd25lcixOYXZuIHDDpSBlamVy
+attributeDisplayNames:: cHJpbnRNZW1vcnksSW5zdGFsbGVyZXQgaHVrb21tZWxzZQ==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxVbmRlcnN0w7h0dGVkZSBwYXBpcnR5cGVy
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFRpbGfDpm5nZWxpZ2UgcGFwaXJ0eXBlcg==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLE1ha3NpbXVtb3Bsw7hzbmluZw==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxQcmludGVyc3Byb2c=
+attributeDisplayNames:: cHJpbnRlck5hbWUsTmF2bg==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsVW5kZXJzdMO4dHRlciBkb2JiZWx0c2lkZXQgdWRza3Jpdm5pbmc=
+attributeDisplayNames:: cHJpbnRDb2xvcixVbmRlcnN0w7h0dGVyIGZhcnZldWRza3Jpdm5pbmc=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFVuZGVyc3TDuHR0ZXIgc8OmdHZpcyBzb3J0ZXJpbmc=
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxQcmludGVyYmFra2Vy
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydA==
+attributeDisplayNames:: bG9jYXRpb24sUGxhY2VyaW5n
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS29tbWVudGFy
+attributeDisplayNames:: Y29udGFjdE5hbWUsS29udGFrdHBlcnNvbg==
+attributeDisplayNames:: YXNzZXROdW1iZXIsVWRzdHlyc251bW1lcg==
+attributeDisplayNames:: dU5DTmFtZSxOZXR2w6Zya3NuYXZu
+attributeDisplayNames:: Y24sTmF2biBww6Uga2F0YWxvZ3RqZW5lc3Rl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Websted
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Indstillinger
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Indstillinger for FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: UmVwbGlrZXJpbmdzc8OmdCBmb3IgRlJT
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: SW5kc3RpbGxpbmdlciBmb3IgZG9tw6ZuZWNvbnRyb2xsZXI=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Forbindelse
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Undernet
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Organisationsenhed
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: managedBy,Administreret af
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: ou,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Objektbeholder
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RG9tw6ZuZSwgZGVyIG55ZGVyIHRpbGxpZA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uZXRpc2sgYWZkZWxpbmcsMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbmV0aXNrIGZpcm1hbmF2biwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLEZvbmV0aXNrIGVmdGVybmF2biwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSxGb25ldGlzayBmb3JuYXZuLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmV0aXNrIHZpc3QgbmF2biwwLDEwMCww
+extraColumns:: cG9zdGFsQ29kZSxQb3N0bnVtbWVyLDAsMTAwLDA=
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAtZS1tYWlsLWFkcmVzc2UsMCwxMzAsMA==
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsTG9nb25uYXZuIGZvciBicnVnZXIsMCwyMDAsMA==
+extraColumns:: dGl0bGUsU3RpbGxpbmcsMCwxMDAsMA==
+extraColumns:: dGFyZ2V0QWRkcmVzcyxEZXN0aW5hdGlvbnNhZHJlc3NlLDAsMTAwLDA=
+extraColumns:: c3QsU3RhdCwwLDEwMCww
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9yLDAsMTAwLDA=
+extraColumns:: d2hlbkNoYW5nZWQsw4ZuZHJldCwwLDEzMCww
+extraColumns:: c24sRWZ0ZXJuYXZuLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMLWFkcmVzc2UgdGlsIG9ubGluZW1lZGRlbGVsc2VyLDAsMTQwLDA=
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxIamVtbWVzZXJ2ZXIgdGlsIG9ubGluZW1lZGRlbGVsc2VyLDAsMTcwLDA=
+extraColumns:: Z2l2ZW5OYW1lLEZvcm5hdm4sMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixFeGNoYW5nZS1wb3N0a2Fzc2VsYWdlciwwLDEwMCww
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlLWFsaWFzLDAsMTc1LDA=
+extraColumns:: bWFpbCxFLW1haWwtYWRyZXNzZSwwLDEwMCww
+extraColumns:: c0FNQWNjb3VudE5hbWUsTG9nb25uYXZuIChmw7hyIFdpbmRvd3MgMjAwMCksMCwxMjAsMA==
+extraColumns:: ZGlzcGxheU5hbWUsVmlzdCBuYXZuLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCxBZmRlbGluZywwLDE1MCww
+extraColumns:: YyxMYW5kLDAsLTEsMA==
+extraColumns:: Y29tcGFueSxGaXJtYSwwLDE1MCww
+extraColumns:: bCxCeSwwLDE1MCww
+extraColumns:: dGVsZXBob25lTnVtYmVyLFRlbGVmb24gKGFyYmVqZGUpLDAsMTAwLDA=
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: TGluayB0aWwgb21yw6VkZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: TGlua2JybyB0aWwgb21yw6VkZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: VHJhbnNwb3J0IGluZGVuZm9yIG9tcsOlZGU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: TGljZW5zaW5kc3RpbGxpbmdlciBmb3Igb21yw6VkZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: SW5kc3RpbGxpbmdlciBmb3Igb21yw6VkZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-medlem
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-abonnent
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-abonnementer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: RPC-tjenester
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUS1rw7g=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-konfiguration
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUS1uZXR2w6Zyaw==
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName: MSMQ-opgraderet bruger
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-routing-link
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName: Indstillinger for MSMQ
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUS1rw7gtYWxpYXM=
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Formatnavn
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: MSMQ-gruppe
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLE1lZGxlbXNrw7hlcg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: Y24sTmF2bg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Tjenesten Storage Service
+adminContextMenu: 0,&Administrer...,RsAdmin.msc
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVob2xkZXIgZm9yIG9tcsOlZGU=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVob2xkZXIgZm9yIHRyYW5zcG9ydCBpbmRlbmZvciBvbXLDpWRl
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Undernetbeholder
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Serverbeholder
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeS1kb23Dpm5ldGplbmVzdGVy
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: Rm9yZXNww7hyZ3NlbHNwb2xpdGlr
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: RWtzdGVybiBkb23Dpm5la29udG8sIGRlciBueWRlciB0aWxsaWQ=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Certifikatskabelon
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns: lastKnownParent,Senest kendte overordnede,1,300,0
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: Link de Roteamento do MSMQ
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: Q29uZmlndXJhw6fDtWVzIGRvIE1TTVE=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: Alias da Fila do MSMQ
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSxOb21lIGRlIEZvcm1hdG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: Grupo do MSMQ
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLEZpbGFzIGRlIE1lbWJyb3M=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2VydmnDp28gZGUgQXJtYXplbmFtZW50byBSZW1vdG8=
+adminContextMenu: 0,&Gerenciar...,RsAdmin.msc
+attributeDisplayNames: cn,Nome
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: Q29udMOqaW5lciBkZSBTaXRlcw==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: Q29udMOqaW5lciBkZSBUcmFuc3BvcnRlcyBFbnRyZSBTaXRlcw==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: Q29udMOqaW5lciBkZSBTdWItcmVkZXM=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: Q29udMOqaW5lciBkZSBTZXJ2aWRvcmVz
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2VydmnDp29zIGRlIERvbcOtbmlvIGRvIEFjdGl2ZSBEaXJlY3Rvcnk=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Diretiva de Consulta
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: RW50aWRhZGUgZGUgU2VndXJhbsOnYSBFeHRlcm5h
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Modelo de Certificado
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LMOabHRpbW8gUGFpIENvbmhlY2lkbywxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+attributeDisplayNames:: Y24sTm9tZQ==
+attributeDisplayNames:: YyxBYnJldmlhw6fDo28gZGUgUGHDrXM=
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: Y29tbWVudCxDb21lbnTDoXJpbw==
+attributeDisplayNames:: Y29tcGFueSxFbXByZXNh
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxSZWxhdMOzcmlvcyBEaXJldG9z
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBEaXN0aW50bw==
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXPDo28=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZGVudGlmaWNhw6fDo28gZGUgRnVuY2lvbsOhcmlv
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheA==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpeG8gR2VyYXRpdm8=
+attributeDisplayNames:: Z2l2ZW5OYW1lLFByaW1laXJvIE5vbWU=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxQYXN0YSBJbmljaWFs
+attributeDisplayNames:: aG9tZURyaXZlLFVuaWRhZGUgSW5pY2lhbA==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25lIFJlc2lkZW5jaWFs
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRW5kZXJlw6dvIFJlc2lkZW5jaWFs
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhaXM=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSVNETiBJbnRlcm5hY2lvbmFsIChPdXRyb3Mp
+attributeDisplayNames:: aXBQaG9uZSxUZWxlZm9uZSBJUA==
+attributeDisplayNames:: bCxDaWRhZGU=
+attributeDisplayNames:: bWFpbCxFbWFpbA==
+attributeDisplayNames:: bWFuYWdlcixHZXJlbnRl
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJvIGRl
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWd1bmRvIE5vbWU=
+attributeDisplayNames:: bW9iaWxlLENlbHVsYXI=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRGVwYXJ0YW1lbnRvIEZvbsOpdGljbw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLE5vbWUgRm9uw6l0aWNvIGRhIEVtcHJlc2E=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbWUgcGFyYSBFeGliacOnw6NvIEZvbsOpdGljbw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLFNvYnJlbm9tZSBGb27DqXRpY28=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxOb21lIEZvbsOpdGljbw==
+attributeDisplayNames:: aW5mbyxBbm90YcOnw7Vlcw==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4IChPdXRyb3Mp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbmUgUmVzaWRlbmNpYWwgKE91dHJvcyk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLFRlbGVmb25lIElQIChPdXRyb3Mp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVtYWlsIChPdXRyb3Mp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsQ2VsdWxhciAoT3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixQYWdlciAoT3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbmUgKE91dHJvcyk=
+attributeDisplayNames:: cGFnZXIsUGFnZXI=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsRW5kZXJlw6dvIGNvbWVyY2lhbA==
+attributeDisplayNames:: cG9zdGFsQ29kZSxDRVAvQ8OzZGlnbyBQb3N0YWw=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxDYWl4YSBQb3N0YWw=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLElTRE4gSW50ZXJuYWNpb25hbA==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkZSBMb2dvbiAoYW50ZXJpb3IgYW8gV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: c24sU29icmVub21l
+attributeDisplayNames:: c3QsRXN0YWRv
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxFbmRlcmXDp28=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25l
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXggKE91dHJvcyk=
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkYSBQw6FnaW5hIGRhIFdlYiAoT3V0cm9zKQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tZSBwYXJhIEV4aWJpw6fDo28=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxFc3Rhw6fDtWVzIGRlIFRyYWJhbGhvIGRlIExvZ29u
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBkZSBMb2dvbg==
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIGRhIFDDoWdpbmEgZGEgV2Vi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=DS-UI-Default-Settings,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Grupo IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: U2VydmnDp28gSW50ZWxsaU1pcnJvcg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VXN1w6FyaW8=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIGRhIFDDoWdpbmEgZGEgV2Vi
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBkZSBMb2dvbg==
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxFc3Rhw6fDtWVzIGRlIFRyYWJhbGhvIGRlIExvZ29u
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tZSBwYXJhIEV4aWJpw6fDo28=
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkYSBQw6FnaW5hIGRhIFdlYiAoT3V0cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXggKE91dHJvcyk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25l
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxFbmRlcmXDp28=
+attributeDisplayNames:: c3QsRXN0YWRv
+attributeDisplayNames:: c24sU29icmVub21l
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkZSBMb2dvbiAoYW50ZXJpb3IgYW8gV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLElTRE4gSW50ZXJuYWNpb25hbA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxDYWl4YSBQb3N0YWw=
+attributeDisplayNames:: cG9zdGFsQ29kZSxDRVAvQ8OzZGlnbyBQb3N0YWw=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsRW5kZXJlw6dvIGNvbWVyY2lhbA==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGFnZXIsUGFnZXI=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbmUgKE91dHJvcyk=
+attributeDisplayNames:: b3RoZXJQYWdlcixQYWdlciAoT3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsQ2VsdWxhciAoT3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVtYWlsIChPdXRyb3Mp
+attributeDisplayNames:: b3RoZXJJcFBob25lLFRlbGVmb25lIElQIChPdXRyb3Mp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbmUgUmVzaWRlbmNpYWwgKE91dHJvcyk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4IChPdXRyb3Mp
+attributeDisplayNames:: aW5mbyxBbm90YcOnw7Vlcw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRGVwYXJ0YW1lbnRvIEZvbsOpdGljbw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLE5vbWUgRm9uw6l0aWNvIGRhIEVtcHJlc2E=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbWUgcGFyYSBFeGliacOnw6NvIEZvbsOpdGljbw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLFNvYnJlbm9tZSBGb27DqXRpY28=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxOb21lIEZvbsOpdGljbw==
+attributeDisplayNames:: bW9iaWxlLENlbHVsYXI=
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWd1bmRvIE5vbWU=
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJvIGRl
+attributeDisplayNames:: bWFuYWdlcixHZXJlbnRl
+attributeDisplayNames:: bWFpbCxFbWFpbA==
+attributeDisplayNames:: bCxDaWRhZGU=
+attributeDisplayNames:: aXBQaG9uZSxUZWxlZm9uZSBJUA==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSVNETiBJbnRlcm5hY2lvbmFsIChPdXRyb3Mp
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhaXM=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRW5kZXJlw6dvIFJlc2lkZW5jaWFs
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25lIFJlc2lkZW5jaWFs
+attributeDisplayNames:: aG9tZURyaXZlLFVuaWRhZGUgSW5pY2lhbA==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxQYXN0YSBJbmljaWFs
+attributeDisplayNames:: Z2l2ZW5OYW1lLFByaW1laXJvIE5vbWU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpeG8gR2VyYXRpdm8=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheA==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZGVudGlmaWNhw6fDo28gZGUgRnVuY2lvbsOhcmlv
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXPDo28=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBEaXN0aW50bw==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxSZWxhdMOzcmlvcyBEaXJldG9z
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: Y29tcGFueSxFbXByZXNh
+attributeDisplayNames:: Y29tbWVudCxDb21lbnTDoXJpbw==
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: YyxBYnJldmlhw6fDo28gZGUgUGHDrXM=
+attributeDisplayNames:: Y24sTm9tZQ==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Grupo
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIGRhIFDDoWdpbmEgZGEgV2Vi
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkYSBQw6FnaW5hIGRhIFdlYiAoT3V0cm9zKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkbyBncnVwbyAoYW50ZXJpb3IgYW8gV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsRW5kZXJlw6dvIGNvbWVyY2lhbA==
+attributeDisplayNames:: aW5mbyxBbm90YcOnw7Vlcw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbWUgcGFyYSBFeGliacOnw6NvIEZvbsOpdGljbw==
+attributeDisplayNames:: bWVtYmVyLE1lbWJyb3M=
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmVuY2lhZG8gcG9y
+attributeDisplayNames:: bCxDaWRhZGU=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBEaXN0aW50bw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: YyxBYnJldmlhw6fDo28gZGUgUGHDrXM=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9tw61uaW8=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: ZGMsTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contato
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIGRhIFDDoWdpbmEgZGEgV2Vi
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkYSBQw6FnaW5hIGRhIFdlYiAoT3V0cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXggKE91dHJvcyk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25l
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxFbmRlcmXDp28=
+attributeDisplayNames:: c3QsRXN0YWRv
+attributeDisplayNames:: c24sU29icmVub21l
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLElTRE4gSW50ZXJuYWNpb25hbA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxDYWl4YSBQb3N0YWw=
+attributeDisplayNames:: cG9zdGFsQ29kZSxDRVAvQ8OzZGlnbyBQb3N0YWw=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsRW5kZXJlw6dvIGNvbWVyY2lhbA==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGFnZXIsUGFnZXI=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbmUgKE91dHJvcyk=
+attributeDisplayNames:: b3RoZXJQYWdlcixQYWdlciAoT3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsQ2VsdWxhciAoT3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVtYWlsIChPdXRyb3Mp
+attributeDisplayNames:: b3RoZXJJcFBob25lLFRlbGVmb25lIElQIChPdXRyb3Mp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbmUgUmVzaWRlbmNpYWwgKE91dHJvcyk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4IChPdXRyb3Mp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRGVwYXJ0YW1lbnRvIEZvbsOpdGljbw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLE5vbWUgRm9uw6l0aWNvIGRhIEVtcHJlc2E=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbWUgcGFyYSBFeGliacOnw6NvIEZvbsOpdGljbw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLFNvYnJlbm9tZSBGb27DqXRpY28=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxOb21lIEZvbsOpdGljbw==
+attributeDisplayNames:: bW9iaWxlLENlbHVsYXI=
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWd1bmRvIE5vbWU=
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJvIGRl
+attributeDisplayNames:: bWFuYWdlcixHZXJlbnRl
+attributeDisplayNames:: bWFpbCxFbWFpbA==
+attributeDisplayNames:: bCxDaWRhZGU=
+attributeDisplayNames:: aXBQaG9uZSxUZWxlZm9uZSBJUA==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSVNETiBJbnRlcm5hY2lvbmFsIChPdXRyb3Mp
+attributeDisplayNames:: aW5mbyxBbm90YcOnw7Vlcw==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhaXM=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRW5kZXJlw6dvIFJlc2lkZW5jaWFs
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25lIFJlc2lkZW5jaWFs
+attributeDisplayNames:: Z2l2ZW5OYW1lLFByaW1laXJvIE5vbWU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpeG8gR2VyYXRpdm8=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheA==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZGVudGlmaWNhw6fDo28gZGUgRnVuY2lvbsOhcmlv
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXPDo28=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBEaXN0aW50bw==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tZSBwYXJhIEV4aWJpw6fDo28=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxSZWxhdMOzcmlvcyBEaXJldG9z
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: Y29tcGFueSxFbXByZXNh
+attributeDisplayNames:: Y29tbWVudCxDb21lbnTDoXJpbw==
+attributeDisplayNames:: Y24sTm9tZQ==
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: YyxBYnJldmlhw6fDo28gZGUgUGHDrXM=
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RGlyZXRpdmEgZG8gRG9tw61uaW8=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Diretiva Local
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Pasta Compartilhada
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxDYW1pbmhvIGRlIFJlZGU=
+attributeDisplayNames:: a2V5d29yZHMsUGFsYXZyYXMtY2hhdmU=
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmVuY2lhZG8gcG9y
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U2VydmnDp28=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Computador
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbWUgcGFyYSBFeGliacOnw6NvIEZvbsOpdGljbw==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkbyBjb21wdXRhZG9yIChhbnRlcmlvciBhbyBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixWZXJzw6NvIGRvIFNpc3RlbWEgT3BlcmFjaW9uYWw=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLFNpc3RlbWEgT3BlcmFjaW9uYWw=
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmVuY2lhZG8gcG9y
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Impressora
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixWZXJzw6NvIGRvIE9iamV0bw==
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkYSBQw6FnaW5hIGRhIFdlYg==
+attributeDisplayNames:: c2VydmVyTmFtZSxOb21lIGRvIFNlcnZpZG9y
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxEw6EgU3Vwb3J0ZSBhIEdyYW1wZWFtZW50bw==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTm9tZSBkZSBDb21wYXJ0aWxoYW1lbnRv
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxQw6FnaW5hcyBwb3IgTWludXRv
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxVbmlkYWRlcyBkZSBWZWxvY2lkYWRl
+attributeDisplayNames:: cHJpbnRSYXRlLFZlbG9jaWRhZGU=
+attributeDisplayNames:: cHJpbnRPd25lcixOb21lIGRvIFByb3ByaWV0w6FyaW8=
+attributeDisplayNames:: cHJpbnRNZW1vcnksTWVtw7NyaWEgSW5zdGFsYWRh
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxUaXBvcyBkZSBQYXBlbCBjb20gU3Vwb3J0ZQ==
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFBhcGVsIERpc3BvbsOtdmVs
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLFJlc29sdcOnw6NvIE3DoXhpbWE=
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxJZGlvbWEgZGEgSW1wcmVzc29yYQ==
+attributeDisplayNames:: cHJpbnRlck5hbWUsTm9tZQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsRMOhIFN1cG9ydGUgw6AgSW1wcmVzc8OjbyBlbSBGcmVudGUgZSBWZXJzbw==
+attributeDisplayNames:: cHJpbnRDb2xvcixEw6EgU3Vwb3J0ZSDDoCBJbXByZXNzw6NvIGVtIENvcmVz
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLETDoSBTdXBvcnRlIGEgQWdydXBhbWVudG8=
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxCYW5kZWphcyBkZSBFbnRyYWRh
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydGE=
+attributeDisplayNames:: bG9jYXRpb24sTG9jYWw=
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQ29tZW50w6FyaW8=
+attributeDisplayNames:: Y29udGFjdE5hbWUsQ29udGF0bw==
+attributeDisplayNames:: YXNzZXROdW1iZXIsTsO6bWVybyBkbyBBdGl2bw==
+attributeDisplayNames:: dU5DTmFtZSxOb21lIGRlIFJlZGU=
+attributeDisplayNames:: Y24sTm9tZSBkbyBTZXJ2acOnbyBkZSBEaXJldMOzcmlv
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Site
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: Q29uZmlndXJhw6fDtWVz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: Q29uZmlndXJhw6fDtWVzIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: Q29uanVudG8gZGUgUsOpcGxpY2FzIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: Q29uZmlndXJhw6fDtWVzIGRvIENvbnRyb2xhZG9yIGRlIERvbcOtbmlv
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: Q29uZXjDo28=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Sub-rede
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Unidade Organizacional
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmVuY2lhZG8gcG9y
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: b3UsTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: Q29udMOqaW5lcg==
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RG9tw61uaW8gQ29uZmnDoXZlbA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQsRGVwYXJ0YW1lbnRvIEZvbsOpdGljbywwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLE5vbWUgRm9uw6l0aWNvIGRhIEVtcHJlc2EsMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLFNvYnJlbm9tZSBGb27DqXRpY28sMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSxOb21lIEZvbsOpdGljbywwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbWUgcGFyYSBFeGliacOnw6NvIEZvbsOpdGljbywwLDEwMCww
+extraColumns:: cG9zdGFsQ29kZSxDRVAsMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsRW5kZXJlw6dvIGRlIEVtYWlsIFguNDAwLDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBkZSBMb2dvbiBkbyBVc3XDoXJpbywwLDIwMCww
+extraColumns:: dGl0bGUsQ2FyZ28sMCwxMDAsMA==
+extraColumns:: dGFyZ2V0QWRkcmVzcyxFbmRlcmXDp28gZGUgRGVzdGlubywwLDEwMCww
+extraColumns:: c3QsRXN0YWRvLDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsRXNjcml0w7NyaW8sMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQsTW9kaWZpY2FkbywwLDEzMCww
+extraColumns:: c24sU29icmVub21lLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMIGRvIFNpc3RlbWEgZGUgTWVuc2FnZW5zIEluc3RhbnTDom5lYXMsMCwxNDAsMA==
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxTZXJ2aWRvciBJbmljaWFsIGRvIFNpc3RlbWEgZGUgTWVuc2FnZW5zIEluc3RhbnTDom5lYXMsMCwxNzAsMA==
+extraColumns:: Z2l2ZW5OYW1lLFByaW1laXJvIE5vbWUsMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixBcm1hemVuYW1lbnRvIGRlIENhaXhhIGRlIENvcnJlaW8gZG8gRXhjaGFuZ2UsMCwxMDAsMA==
+extraColumns:: bWFpbE5pY2tuYW1lLEFsaWFzIGRvIEV4Y2hhbmdlLDAsMTc1LDA=
+extraColumns:: bWFpbCxFbWFpbCwwLDEwMCww
+extraColumns:: c0FNQWNjb3VudE5hbWUsTm9tZSBkZSBMb2dvbiBBbnRlcmlvciBhbyBXaW5kb3dzIDIwMDAsMCwxMjAsMA==
+extraColumns:: ZGlzcGxheU5hbWUsTm9tZSBwYXJhIEV4aWJpw6fDo28sMCwxMDAsMA==
+extraColumns:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8sMCwxNTAsMA==
+extraColumns:: YyxQYcOtcywwLC0xLDA=
+extraColumns:: Y29tcGFueSxFbXByZXNhLDAsMTUwLDA=
+extraColumns:: bCxDaWRhZGUsMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25lIENvbWVyY2lhbCwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Link de Site
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Ponte de Link de Site
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Transporte Entre Sites
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: Q29uZmlndXJhw6fDtWVzIGRlIExpY2VuY2lhbWVudG8gZGUgU2l0ZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: Q29uZmlndXJhw6fDtWVzIGRlIFNpdGU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Membro do FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Assinante do FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Assinaturas do FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: U2VydmnDp29zIFJQQw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: Fila MSMQ
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: Q29uZmlndXJhw6fDo28gZG8gTVNNUQ==
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: Empresa do MSMQ
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: VXN1w6FyaW8gQXR1YWxpemFkbyBkbyBNU01R
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Membre FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: QWJvbm7DqSBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Abonnements FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Services RPC
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: File d'attente MSMQ
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: Configuration MSMQ
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: Entreprise MSMQ
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: VXRpbGlzYXRldXIgYXlhbnQgdW5lIG1pc2Ugw6Agbml2ZWF1IE1TTVE=
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: Liaison de routage MSMQ
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: UGFyYW3DqHRyZXMgTVNNUQ==
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: Alias de file d'attente MSMQ
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Nom de format
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: Groupe MSMQ
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames: member,Files d'attente de membres
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2VydmljZSBkZSBzdG9ja2FnZSDDqXRlbmR1
+adminContextMenu:: MCwmR8OpcmVyLi4uLFJzQWRtaW4ubXNj
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Conteneur de sites
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Conteneur de transports inter-sites
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: Q29udGVuZXVyIGRlIHNvdXMtcsOpc2VhdXg=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Conteneur de serveurs
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Services de domaine Active Directory
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U3RyYXTDqWdpZSBkZSByZXF1w6p0ZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: U8OpY3VyaXTDqSBleHTDqXJpZXVyZSBwcmluY2lwYWxl
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: TW9kw6hsZSBkZSBjZXJ0aWZpY2F0
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns: lastKnownParent,Dernier parent connu,1,300,0
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGFudA==
+attributeDisplayNames:: Y24sTm9t
+attributeDisplayNames:: YyxBYnLDqXZpYXRpb24gZHUgcGF5cw==
+attributeDisplayNames:: Y28sUGF5cw==
+attributeDisplayNames:: Y29tbWVudCxDb21tZW50YWlyZQ==
+attributeDisplayNames:: Y29tcGFueSxTb2Npw6l0w6k=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEw6lwYXJ0ZW1lbnQ=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcHRpb24=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxDb2xsYWJvcmF0ZXVycyBkaXJlY3Rz
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tIHVuaXF1ZQ==
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb24=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxOdW3DqXJvIGQnZW1wbG95w6k=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bcOpcm8gZGUgdMOpbMOpY29waWV1csKg
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZmaXhlIGRlIGfDqW7DqXJhdGlvbg==
+attributeDisplayNames:: Z2l2ZW5OYW1lLFByw6lub20=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxEb3NzaWVyIGRlIGJhc2U=
+attributeDisplayNames:: aG9tZURyaXZlLExlY3RldXIgZGUgYmFzZQ==
+attributeDisplayNames:: aG9tZVBob25lLFTDqWzDqXBob25lIGRvbWljaWxl
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzZSBkb21pY2lsZQ==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVzwqA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTnVtw6lybyBSTklTIGludGVybmF0aW9uYWwgKEF1dHJlcyk=
+attributeDisplayNames:: aXBQaG9uZSxOdW3DqXJvIGRlIHTDqWzDqXBob25lIElQ
+attributeDisplayNames:: bCxWaWxsZQ==
+attributeDisplayNames:: bWFpbCxBZHJlc3NlIGRlIG1lc3NhZ2VyaWU=
+attributeDisplayNames:: bWFuYWdlcixTdXDDqXJpZXVyIGRpcmVjdA==
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJlIGRl
+attributeDisplayNames:: bWlkZGxlTmFtZSxEZXV4acOobWUgcHLDqW5vbQ==
+attributeDisplayNames:: bW9iaWxlLE51bcOpcm8gZGUgdMOpbMOpcGhvbmUgbW9iaWxl
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsU2VydmljZSBwaG9uw6l0aXF1ZQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLE5vbSBwaG9uw6l0aXF1ZSBkZSBsYSBzb2Npw6l0w6k=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbSBjb21wbGV0IHBob27DqXRpcXVl
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLE5vbSBwaG9uw6l0aXF1ZQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxQcsOpbm9tIHBob27DqXRpcXVl
+attributeDisplayNames:: aW5mbyxSZW1hcnF1ZXM=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtw6lybyBkZSB0w6lsw6ljb3BpZXVyIChBdXRyZXMp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSBkb21pY2lsZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bcOpcm8gZGUgdMOpbMOpcGhvbmUgSVAgKEF1dHJlcyk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEFkcmVzc2UgZGUgbWVzc2FnZXJpZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSBtb2JpbGUgKEF1dHJlcyk=
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW3DqXJvIGRlIHLDqWNlcHRldXIgZGUgcmFkaW8tbWVzc2FnZXJpZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSAoQXV0cmVzKQ==
+attributeDisplayNames:: cGFnZXIsTnVtw6lybyBkZSByw6ljZXB0ZXVyIGRlIHJhZGlvLW1lc3NhZ2VyaWU=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRyZQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQWRyZXNzZSBkdSBidXJlYXU=
+attributeDisplayNames:: cG9zdGFsQ29kZSxDb2RlIHBvc3RhbA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxCb8OudGUgcG9zdGFsZQ==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE51bcOpcm8gUk5JUyBpbnRlcm5hdGlvbmFs
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bcOpcm8gZGUgdMOpbGV4
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tIGQnb3V2ZXJ0dXJlIGRlIHNlc3Npb24gKGFudMOpcmlldXIgw6AgV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: c24sTm9tIGRlIGZhbWlsbGU=
+attributeDisplayNames:: c3Qsw4l0YXQvUsOpZ2lvbg==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc3NlIHBvc3RhbGU=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bcOpcm8gZGUgdMOpbMOpcGhvbmU=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtw6lybyBkZSB0w6lsZXggKEF1dHJlcyk=
+attributeDisplayNames:: dGl0bGUsSW50aXR1bMOpIGRlIGxhIGZvbmN0aW9u
+attributeDisplayNames:: dXJsLEFkcmVzc2UgZGUgcGFnZSBXZWIgKEF1dHJlcyk=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tIGNvbXBsZXQ=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxTdGF0aW9ucyBkZSB0cmF2YWlsIGFjY2Vzc2libGVz
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tIGQnb3V2ZXJ0dXJlIGRlIHNlc3Npb24=
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBkZSBwYWdlIFZi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=DS-UI-Default-Settings,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Groupe IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: Service IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Utilisateur
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBkZSBwYWdlIFZi
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tIGQnb3V2ZXJ0dXJlIGRlIHNlc3Npb24=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxTdGF0aW9ucyBkZSB0cmF2YWlsIGFjY2Vzc2libGVz
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tIGNvbXBsZXQ=
+attributeDisplayNames:: dXJsLEFkcmVzc2UgZGUgcGFnZSBXZWIgKEF1dHJlcyk=
+attributeDisplayNames:: dGl0bGUsSW50aXR1bMOpIGRlIGxhIGZvbmN0aW9u
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtw6lybyBkZSB0w6lsZXggKEF1dHJlcyk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bcOpcm8gZGUgdMOpbMOpcGhvbmU=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc3NlIHBvc3RhbGU=
+attributeDisplayNames:: c3Qsw4l0YXQvUsOpZ2lvbg==
+attributeDisplayNames:: c24sTm9tIGRlIGZhbWlsbGU=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tIGQnb3V2ZXJ0dXJlIGRlIHNlc3Npb24gKGFudMOpcmlldXIgw6AgV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bcOpcm8gZGUgdMOpbGV4
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE51bcOpcm8gUk5JUyBpbnRlcm5hdGlvbmFs
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxCb8OudGUgcG9zdGFsZQ==
+attributeDisplayNames:: cG9zdGFsQ29kZSxDb2RlIHBvc3RhbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQWRyZXNzZSBkdSBidXJlYXU=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRyZQ==
+attributeDisplayNames:: cGFnZXIsTnVtw6lybyBkZSByw6ljZXB0ZXVyIGRlIHJhZGlvLW1lc3NhZ2VyaWU=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW3DqXJvIGRlIHLDqWNlcHRldXIgZGUgcmFkaW8tbWVzc2FnZXJpZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSBtb2JpbGUgKEF1dHJlcyk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEFkcmVzc2UgZGUgbWVzc2FnZXJpZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bcOpcm8gZGUgdMOpbMOpcGhvbmUgSVAgKEF1dHJlcyk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSBkb21pY2lsZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtw6lybyBkZSB0w6lsw6ljb3BpZXVyIChBdXRyZXMp
+attributeDisplayNames:: aW5mbyxSZW1hcnF1ZXM=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsU2VydmljZSBwaG9uw6l0aXF1ZQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLE5vbSBwaG9uw6l0aXF1ZSBkZSBsYSBzb2Npw6l0w6k=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbSBjb21wbGV0IHBob27DqXRpcXVl
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLE5vbSBwaG9uw6l0aXF1ZQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxQcsOpbm9tIHBob27DqXRpcXVl
+attributeDisplayNames:: bW9iaWxlLE51bcOpcm8gZGUgdMOpbMOpcGhvbmUgbW9iaWxl
+attributeDisplayNames:: bWlkZGxlTmFtZSxEZXV4acOobWUgcHLDqW5vbQ==
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJlIGRl
+attributeDisplayNames:: bWFuYWdlcixTdXDDqXJpZXVyIGRpcmVjdA==
+attributeDisplayNames:: bWFpbCxBZHJlc3NlIGRlIG1lc3NhZ2VyaWU=
+attributeDisplayNames:: bCxWaWxsZQ==
+attributeDisplayNames:: aXBQaG9uZSxOdW3DqXJvIGRlIHTDqWzDqXBob25lIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTnVtw6lybyBSTklTIGludGVybmF0aW9uYWwgKEF1dHJlcyk=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVzwqA=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzZSBkb21pY2lsZQ==
+attributeDisplayNames:: aG9tZVBob25lLFTDqWzDqXBob25lIGRvbWljaWxl
+attributeDisplayNames:: aG9tZURyaXZlLExlY3RldXIgZGUgYmFzZQ==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxEb3NzaWVyIGRlIGJhc2U=
+attributeDisplayNames:: Z2l2ZW5OYW1lLFByw6lub20=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZmaXhlIGRlIGfDqW7DqXJhdGlvbg==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bcOpcm8gZGUgdMOpbMOpY29waWV1csKg
+attributeDisplayNames:: ZW1wbG95ZWVJRCxOdW3DqXJvIGQnZW1wbG95w6k=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb24=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tIHVuaXF1ZQ==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxDb2xsYWJvcmF0ZXVycyBkaXJlY3Rz
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcHRpb24=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEw6lwYXJ0ZW1lbnQ=
+attributeDisplayNames:: Y29tcGFueSxTb2Npw6l0w6k=
+attributeDisplayNames:: Y29tbWVudCxDb21tZW50YWlyZQ==
+attributeDisplayNames:: Y28sUGF5cw==
+attributeDisplayNames:: YyxBYnLDqXZpYXRpb24gZHUgcGF5cw==
+attributeDisplayNames:: Y24sTm9t
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGFudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Groupe
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBkZSBwYWdlIFZi
+attributeDisplayNames:: dXJsLEFkcmVzc2UgZGUgcGFnZSBXZWIgKEF1dHJlcyk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tIGRlIGdyb3VwZSAoYW50w6lyaWV1ciDDoCBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQWRyZXNzZSBkdSBidXJlYXU=
+attributeDisplayNames:: aW5mbyxSZW1hcnF1ZXM=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbSBjb21wbGV0IHBob27DqXRpcXVl
+attributeDisplayNames:: bWVtYmVyLE1lbWJyZXM=
+attributeDisplayNames:: bWFuYWdlZEJ5LEfDqXLDqSBwYXI=
+attributeDisplayNames:: bCxWaWxsZQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tIHVuaXF1ZQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcHRpb24=
+attributeDisplayNames:: YyxBYnLDqXZpYXRpb24gZHUgcGF5cw==
+attributeDisplayNames:: Y24sTm9t
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Domaine
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Description
+attributeDisplayNames: dc,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contact
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBkZSBwYWdlIFZi
+attributeDisplayNames:: dXJsLEFkcmVzc2UgZGUgcGFnZSBXZWIgKEF1dHJlcyk=
+attributeDisplayNames:: dGl0bGUsSW50aXR1bMOpIGRlIGxhIGZvbmN0aW9u
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtw6lybyBkZSB0w6lsZXggKEF1dHJlcyk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bcOpcm8gZGUgdMOpbMOpcGhvbmU=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc3NlIHBvc3RhbGU=
+attributeDisplayNames:: c3Qsw4l0YXQvUsOpZ2lvbg==
+attributeDisplayNames:: c24sTm9tIGRlIGZhbWlsbGU=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bcOpcm8gZGUgdMOpbGV4
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE51bcOpcm8gUk5JUyBpbnRlcm5hdGlvbmFs
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxCb8OudGUgcG9zdGFsZQ==
+attributeDisplayNames:: cG9zdGFsQ29kZSxDb2RlIHBvc3RhbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQWRyZXNzZSBkdSBidXJlYXU=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRyZQ==
+attributeDisplayNames:: cGFnZXIsTnVtw6lybyBkZSByw6ljZXB0ZXVyIGRlIHJhZGlvLW1lc3NhZ2VyaWU=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW3DqXJvIGRlIHLDqWNlcHRldXIgZGUgcmFkaW8tbWVzc2FnZXJpZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSBtb2JpbGUgKEF1dHJlcyk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEFkcmVzc2UgZGUgbWVzc2FnZXJpZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bcOpcm8gZGUgdMOpbMOpcGhvbmUgSVAgKEF1dHJlcyk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSBkb21pY2lsZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtw6lybyBkZSB0w6lsw6ljb3BpZXVyIChBdXRyZXMp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsU2VydmljZSBwaG9uw6l0aXF1ZQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLE5vbSBwaG9uw6l0aXF1ZSBkZSBsYSBzb2Npw6l0w6k=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbSBjb21wbGV0IHBob27DqXRpcXVl
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLE5vbSBwaG9uw6l0aXF1ZQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxQcsOpbm9tIHBob27DqXRpcXVl
+attributeDisplayNames:: bW9iaWxlLE51bcOpcm8gZGUgdMOpbMOpcGhvbmUgbW9iaWxl
+attributeDisplayNames:: bWlkZGxlTmFtZSxEZXV4acOobWUgcHLDqW5vbQ==
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJlIGRl
+attributeDisplayNames:: bWFuYWdlcixTdXDDqXJpZXVyIGRpcmVjdA==
+attributeDisplayNames:: bWFpbCxBZHJlc3NlIGRlIG1lc3NhZ2VyaWU=
+attributeDisplayNames:: bCxWaWxsZQ==
+attributeDisplayNames:: aXBQaG9uZSxOdW3DqXJvIGRlIHTDqWzDqXBob25lIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTnVtw6lybyBSTklTIGludGVybmF0aW9uYWwgKEF1dHJlcyk=
+attributeDisplayNames:: aW5mbyxSZW1hcnF1ZXM=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVzwqA=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzZSBkb21pY2lsZQ==
+attributeDisplayNames:: aG9tZVBob25lLFTDqWzDqXBob25lIGRvbWljaWxl
+attributeDisplayNames:: Z2l2ZW5OYW1lLFByw6lub20=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZmaXhlIGRlIGfDqW7DqXJhdGlvbg==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bcOpcm8gZGUgdMOpbMOpY29waWV1csKg
+attributeDisplayNames:: ZW1wbG95ZWVJRCxOdW3DqXJvIGQnZW1wbG95w6k=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb24=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tIHVuaXF1ZQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tIGNvbXBsZXQ=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxDb2xsYWJvcmF0ZXVycyBkaXJlY3Rz
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcHRpb24=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEw6lwYXJ0ZW1lbnQ=
+attributeDisplayNames:: Y29tcGFueSxTb2Npw6l0w6k=
+attributeDisplayNames:: Y29tbWVudCxDb21tZW50YWlyZQ==
+attributeDisplayNames:: Y24sTm9t
+attributeDisplayNames:: Y28sUGF5cw==
+attributeDisplayNames:: YyxBYnLDqXZpYXRpb24gZHUgcGF5cw==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGFudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U3RyYXTDqWdpZSBkZSBkb21haW5l
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U3RyYXTDqWdpZSBsb2NhbGU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9zc2llciBwYXJ0YWfDqcKg
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxDaGVtaW4gcsOpc2VhdQ==
+attributeDisplayNames:: a2V5d29yZHMsTW90cyBjbMOpcw==
+attributeDisplayNames:: bWFuYWdlZEJ5LEfDqXLDqSBwYXI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcHRpb24=
+attributeDisplayNames:: Y24sTm9t
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Service
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Ordinateur
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbSBjb21wbGV0IHBob27DqXRpcXVl
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tIGQnb3JkaW5hdGV1ciAoYW50w6lyaWV1ciDDoCBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixWZXJzaW9uIGR1IHN5c3TDqG1lIGQnZXhwbG9pdGF0aW9u
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLFN5c3TDqG1lIGQnZXhwbG9pdGF0aW9u
+attributeDisplayNames:: bWFuYWdlZEJ5LEfDqXLDqSBwYXI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcHRpb24=
+attributeDisplayNames:: Y24sTm9t
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Imprimante
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixWZXJzaW9uIGRlIGwnb2JqZXQ=
+attributeDisplayNames:: dXJsLEFkcmVzc2UgZGUgcGFnZSBWYg==
+attributeDisplayNames:: c2VydmVyTmFtZSxOb20gZGUgc2VydmV1cg==
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxQcmVuZCBlbiBjaGFyZ2UgbCdhZ3JhZmFnZQ==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTm9tIGR1IHBhcnRhZ2U=
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxQYWdlcyBwYXIgbWludXRl
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxVbml0w6lzIGRlIHZpdGVzc2U=
+attributeDisplayNames:: cHJpbnRSYXRlLFZpdGVzc2U=
+attributeDisplayNames:: cHJpbnRPd25lcixOb20gZHUgcHJvcHJpw6l0YWlyZQ==
+attributeDisplayNames:: cHJpbnRNZW1vcnksTcOpbW9pcmUgaW5zdGFsbMOpZQ==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxUeXBlcyBkZSBwYXBpZXIgcHJpcyBlbiBjaGFyZ2U=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFBhcGllciBkaXNwb25pYmxlwqA=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLFLDqXNvbHV0aW9uIG1heGltYWxl
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxMYW5nYWdlIGRlIGwnaW1wcmltYW50ZQ==
+attributeDisplayNames:: cHJpbnRlck5hbWUsTm9t
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsUHJlbmQgZW4gY2hhcmdlIGwnaW1wcmVzc2lvbiByZWN0byB2ZXJzbw==
+attributeDisplayNames:: cHJpbnRDb2xvcixQcmVuZCBlbiBjaGFyZ2UgbCdpbXByZXNzaW9uIGVuIGNvdWxldXI=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFByZW5kIGVuIGNoYXJnZSBsJ2Fzc2VtYmxhZ2U=
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxCYWNzIGQnZW50csOpZQ==
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydA==
+attributeDisplayNames:: bG9jYXRpb24sRW1wbGFjZW1lbnQ=
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2TDqGxl
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQ29tbWVudGFpcmU=
+attributeDisplayNames:: Y29udGFjdE5hbWUsQ29udGFjdA==
+attributeDisplayNames:: YXNzZXROdW1iZXIsTnVtw6lybyBkZSBjb250csO0bGU=
+attributeDisplayNames:: dU5DTmFtZSxOb20gcsOpc2VhdQ==
+attributeDisplayNames:: Y24sTm9tIGR1IHNlcnZpY2UgZCdhbm51YWlyZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Site
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Serveur
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: UGFyYW3DqHRyZXM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: UGFyYW3DqHRyZXMgRlJT
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: SmV1IGRlIHLDqXBsaWNhcyBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: UGFyYW3DqHRyZXMgZHUgY29udHLDtGxldXIgZGUgZG9tYWluZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Connexion
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: U291cy1yw6lzZWF1wqA=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VW5pdMOpIGQnb3JnYW5pc2F0aW9uwqA=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LEfDqXLDqSBwYXI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcHRpb24=
+attributeDisplayNames:: b3UsTm9t
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Conteneur
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RG9tYWluZSBhcHByb3V2w6k=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQsU2VydmljZSBwaG9uw6l0aXF1ZSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLE5vbSBwaG9uw6l0aXF1ZSBkZSBsYSBzb2Npw6l0w6ksMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLE5vbSBwaG9uw6l0aXF1ZSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSxQcsOpbm9tIHBob27DqXRpcXVlLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbSBjb21wbGV0IHBob27DqXRpcXVlLDAsMTAwLDA=
+extraColumns:: cG9zdGFsQ29kZSxDb2RlIHBvc3RhbCwwLDEwMCww
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsQWRyZXNzZSBkZSBtZXNzYWdlcmllIFguNDAwLDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsTm9tIGQnb3V2ZXJ0dXJlIGRlIHNlc3Npb24gZGUgbCd1dGlsaXNhdGV1ciwwLDIwMCww
+extraColumns:: dGl0bGUsSW50aXR1bMOpIGRlIGxhIGZvbmN0aW9uLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyxBZHJlc3NlIGRlIGRlc3RpbmF0aW9uLDAsMTAwLDA=
+extraColumns:: c3Qsw4l0YXQsMCwxMDAsMA==
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQnVyZWF1LDAsMTAwLDA=
+extraColumns:: d2hlbkNoYW5nZWQsTW9kaWZpw6ksMCwxMzAsMA==
+extraColumns:: c24sTm9tIGRlIGZhbWlsbGUsMCwxMDAsMA==
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMIGRlIG1lc3NhZ2VyaWUgaW5zdGFudGFuw6llLDAsMTQwLDA=
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxTZXJ2ZXVyIGRlIGJhc2UgZGUgbWVzc2FnZXJpZSBpbnN0YW50YW7DqWUsMCwxNzAsMA==
+extraColumns:: Z2l2ZW5OYW1lLFByw6lub20sMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixNYWdhc2luIGJvw650ZSBhdXggbGV0dHJlcyBFeGNoYW5nZSwwLDEwMCww
+extraColumns:: bWFpbE5pY2tuYW1lLEFsaWFzIEV4Y2hhbmdlLDAsMTc1LDA=
+extraColumns:: bWFpbCxBZHJlc3NlIGRlIG1lc3NhZ2VyaWUsMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsTm9tIGQnb3V2ZXJ0dXJlIGRlIHNlc3Npb24gYW50w6lyaWV1ciDDoCBXaW5kb3dzIDIwMDAsMCwxMjAsMA==
+extraColumns:: ZGlzcGxheU5hbWUsTm9tIGNvbXBsZXQsMCwxMDAsMA==
+extraColumns:: ZGVwYXJ0bWVudCxEw6lwYXJ0ZW1lbnQsMCwxNTAsMA==
+extraColumns:: YyxQYXlzLDAsLTEsMA==
+extraColumns:: Y29tcGFueSxTb2Npw6l0w6ksMCwxNTAsMA==
+extraColumns:: bCxWaWxsZSwwLDE1MCww
+extraColumns:: dGVsZXBob25lTnVtYmVyLFTDqWzDqXBob25lIHByb2Zlc3Npb25uZWwsMCwxMDAsMA==
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Lien du site
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Pont de la liaison du site
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Transport inter-sites
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: UGFyYW3DqHRyZSBkdSBzaXRlIGRlIGdlc3Rpb24gZGVzIGxpY2VuY2Vz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: UGFyYW3DqHRyZXMgZHUgc2l0ZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 5pyN5Yqh5Zmo
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 6K6+572u
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOiuvue9rg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOWkjeWItumbhg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 5Z+f5o6n5Yi25Zmo6K6+572u
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 6L+e5o6l
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 5a2Q572R
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 57uE57uH5Y2V5L2N
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: b3Us5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5a655Zmo
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 5Y+X5L+h5Lu75Z+f
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQs5rOo6Z+z6YOo6ZeoLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLOaLvOmfs+WFrOWPuOWQjSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLOaLvOmfs+WnkywwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSzmi7zpn7PlkI0sMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOazqOmfs+aYvuekuuWQjeensCwwLDEwMCww
+extraColumns:: cG9zdGFsQ29kZSzpgq7mlL/nvJbnoIEsMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAg55S15a2Q6YKu5Lu25Zyw5Z2ALDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUs55So5oi355m75b2V5ZCN56ewLDAsMjAwLDA=
+extraColumns:: dGl0bGUs6IGM5YqhLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyznm67moIflnLDlnYAsMCwxMDAsMA==
+extraColumns:: c3Qs55yBL+iHquayu+WMuiwwLDEwMCww
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5Yqe5YWs5a6kLDAsMTAwLDA=
+extraColumns:: d2hlbkNoYW5nZWQs5bey5pu05pS5LDAsMTMwLDA=
+extraColumns:: c24s5aeTLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkws5Y2z5pe25raI5oGvIFVSTCwwLDE0MCww
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCzljbPml7bmtojmga/kuLvmnI3liqHlmagsMCwxNzAsMA==
+extraColumns:: Z2l2ZW5OYW1lLOWQjSwwLDEwMCww
+extraColumns:: aG9tZU1EQixFeGNoYW5nZSDpgq7nrrHlrZjlgqgsMCwxMDAsMA==
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlIOWIq+WQjSwwLDE3NSww
+extraColumns:: bWFpbCznlLXlrZDpgq7ku7blnLDlnYAsMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsV2luZG93cyAyMDAwIOS7peWJjeeahOeZu+W9leWQjeensCwwLDEyMCww
+extraColumns:: ZGlzcGxheU5hbWUs5pi+56S65ZCN56ewLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCzpg6jpl6gsMCwxNTAsMA==
+extraColumns:: Yyzlm73lrrYo5Zyw5Yy6KSwwLC0xLDA=
+extraColumns:: Y29tcGFueSzlhazlj7gsMCwxNTAsMA==
+extraColumns:: bCzljr8v5biCLDAsMTUwLDA=
+extraColumns:: dGVsZXBob25lTnVtYmVyLOWVhuWKoeeUteivnSwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 56uZ54K56ZO+5o6l
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 56uZ54K56ZO+5o6l5qGl
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 56uZ6Ze05Lyg6L6T
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 5o6I5p2D56uZ54K56K6+572u
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: 56uZ54K56K6+572u
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOaIkOWRmA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOiuoumYheiAhQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOiuoumYhQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UlBDIOacjeWKoQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDpmJ/liJc=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDphY3nva4=
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUSDkvIHkuJrnuqc=
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUSDljYfnuqfnlKjmiLc=
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDot6/nlLHpk77mjqU=
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDorr7nva4=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUSDpmJ/liJfliKvlkI0=
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSzmoLzlvI/lkI0=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: TVNNUSDnu4Q=
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLOaIkOWRmOmYn+WIlw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 6L+c56iL5a2Y5YKo5pyN5Yqh
+adminContextMenu:: MCznrqHnkIYoJk0pLi4uLFJzQWRtaW4ubXNj
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 56uZ54K55a655Zmo
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 56uZ6Ze05Lyg6L6T5a655Zmo
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 5a2Q572R5a655Zmo
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 5pyN5Yqh5Zmo5a655Zmo
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeSDln5/mnI3liqE=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 5p+l6K+i562W55Wl
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 5aSW6YOo5a6J5YWo6KeE6IyD
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: 6K+B5Lmm5qih5p2/
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LOacgOi/keS4gOasoeW3suefpeeahOeItiwxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LOWKqeaJiw==
+attributeDisplayNames:: Y24s5ZCN56ew
+attributeDisplayNames:: Yyzlm73lrrYo5Zyw5Yy6Kee8qeWGmQ==
+attributeDisplayNames:: Y28s5Zu95a62KOWcsOWMuik=
+attributeDisplayNames:: Y29tbWVudCzlpIfms6g=
+attributeDisplayNames:: Y29tcGFueSzlhazlj7g=
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jpl6g=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXkuIvlsZ4=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs5Y+v5YiG6L6o5ZCN56ew
+attributeDisplayNames:: ZGl2aXNpb24s5YiG6YOo
+attributeDisplayNames:: ZW1wbG95ZWVJRCzogYzlkZjnvJblj7c=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLOS8oOecn+WPt+eggQ==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizkuJbooq3np7DosJM=
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjQ==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzkuLvmlofku7blpLk=
+attributeDisplayNames:: aG9tZURyaXZlLOS4u+mpseWKqOWZqA==
+attributeDisplayNames:: aG9tZVBob25lLOWutuW6reeUteivnQ==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms5a625bqt5Zyw5Z2A
+attributeDisplayNames:: aW5pdGlhbHMs6Iux5paH57yp5YaZ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5Zu96ZmFIElTRE4g5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: aXBQaG9uZSxJUCDnlLXor53lj7fnoIE=
+attributeDisplayNames:: bCzljr8v5biC
+attributeDisplayNames:: bWFpbCznlLXlrZDpgq7ku7blnLDlnYA=
+attributeDisplayNames:: bWFuYWdlciznu4/nkIY=
+attributeDisplayNames:: bWVtYmVyT2Ys5oiQ5ZGY6Lqr5Lu95bGe5LqO
+attributeDisplayNames:: bWlkZGxlTmFtZSzkuK3pl7TlkI0=
+attributeDisplayNames:: bW9iaWxlLOenu+WKqOeUteivneWPt+eggQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs5rOo6Z+z6YOo6Zeo
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLOaLvOmfs+WFrOWPuOWQjQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOazqOmfs+aYvuekuuWQjeensA==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLOaLvOmfs+Wnkw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzmi7zpn7PlkI0=
+attributeDisplayNames:: aW5mbyzor7TmmI4=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs5Lyg55yf5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs5a625bqt55S16K+dKOWFtuWugyk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOeUteivneWPt+eggSjlhbblroMp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOeUteWtkOmCruS7tuWcsOWdgCjlhbblroMp
+attributeDisplayNames:: b3RoZXJNb2JpbGUs56e75Yqo55S16K+d5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: b3RoZXJQYWdlcizlkbzmnLrlj7fnoIEo5YW25a6DKQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs55S16K+d5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: cGFnZXIs5ZG85py65Y+356CB
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzlpLTooZQ=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5Yqe5YWs5a6k5L2N572u
+attributeDisplayNames:: cG9zdGFsQ29kZSzpgq7mlL/nvJbnoIE=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzpgq7nrrE=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWbvemZhSBJU0ROIOWPt+eggQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOeUteaKpeWPt+eggQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs55m75b2V5ZCNKFdpbmRvd3MgMjAwMCDku6XliY3niYjmnKwp
+attributeDisplayNames:: c24s5aeT
+attributeDisplayNames:: c3Qs55yBL+ebtOi+luW4gi/oh6rmsrvljLo=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzooZfpgZPlnLDlnYA=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOeUteivneWPt+eggQ==
+attributeDisplayNames:: dGVsZXhOdW1iZXIs55S15oql5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: dGl0bGUs6IGM5Yqh
+attributeDisplayNames:: dXJsLOe9kemhteWcsOWdgCjlhbblroMp
+attributeDisplayNames:: ZGlzcGxheU5hbWUs5pi+56S65ZCN56ew
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyznmbvlvZXlt6XkvZznq5k=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs55m75b2V5ZCN
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us572R6aG15Zyw5Z2A
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=DS-UI-Default-Settings,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvciDnu4Q=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvciDmnI3liqE=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 55So5oi3
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us572R6aG15Zyw5Z2A
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs55m75b2V5ZCN
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyznmbvlvZXlt6XkvZznq5k=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs5pi+56S65ZCN56ew
+attributeDisplayNames:: dXJsLOe9kemhteWcsOWdgCjlhbblroMp
+attributeDisplayNames:: dGl0bGUs6IGM5Yqh
+attributeDisplayNames:: dGVsZXhOdW1iZXIs55S15oql5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOeUteivneWPt+eggQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzooZfpgZPlnLDlnYA=
+attributeDisplayNames:: c3Qs55yBL+ebtOi+luW4gi/oh6rmsrvljLo=
+attributeDisplayNames:: c24s5aeT
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs55m75b2V5ZCNKFdpbmRvd3MgMjAwMCDku6XliY3niYjmnKwp
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOeUteaKpeWPt+eggQ==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWbvemZhSBJU0ROIOWPt+eggQ==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzpgq7nrrE=
+attributeDisplayNames:: cG9zdGFsQ29kZSzpgq7mlL/nvJbnoIE=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5Yqe5YWs5a6k5L2N572u
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzlpLTooZQ=
+attributeDisplayNames:: cGFnZXIs5ZG85py65Y+356CB
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs55S16K+d5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: b3RoZXJQYWdlcizlkbzmnLrlj7fnoIEo5YW25a6DKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUs56e75Yqo55S16K+d5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOeUteWtkOmCruS7tuWcsOWdgCjlhbblroMp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOeUteivneWPt+eggSjlhbblroMp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs5a625bqt55S16K+d5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs5Lyg55yf5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: aW5mbyzor7TmmI4=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs5rOo6Z+z6YOo6Zeo
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLOaLvOmfs+WFrOWPuOWQjQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOazqOmfs+aYvuekuuWQjeensA==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLOaLvOmfs+Wnkw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzmi7zpn7PlkI0=
+attributeDisplayNames:: bW9iaWxlLOenu+WKqOeUteivneWPt+eggQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSzkuK3pl7TlkI0=
+attributeDisplayNames:: bWVtYmVyT2Ys5oiQ5ZGY6Lqr5Lu95bGe5LqO
+attributeDisplayNames:: bWFuYWdlciznu4/nkIY=
+attributeDisplayNames:: bWFpbCznlLXlrZDpgq7ku7blnLDlnYA=
+attributeDisplayNames:: bCzljr8v5biC
+attributeDisplayNames:: aXBQaG9uZSxJUCDnlLXor53lj7fnoIE=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5Zu96ZmFIElTRE4g5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: aW5pdGlhbHMs6Iux5paH57yp5YaZ
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms5a625bqt5Zyw5Z2A
+attributeDisplayNames:: aG9tZVBob25lLOWutuW6reeUteivnQ==
+attributeDisplayNames:: aG9tZURyaXZlLOS4u+mpseWKqOWZqA==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzkuLvmlofku7blpLk=
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjQ==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizkuJbooq3np7DosJM=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLOS8oOecn+WPt+eggQ==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzogYzlkZjnvJblj7c=
+attributeDisplayNames:: ZGl2aXNpb24s5YiG6YOo
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs5Y+v5YiG6L6o5ZCN56ew
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXkuIvlsZ4=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jpl6g=
+attributeDisplayNames:: Y29tcGFueSzlhazlj7g=
+attributeDisplayNames:: Y29tbWVudCzlpIfms6g=
+attributeDisplayNames:: Y28s5Zu95a62KOWcsOWMuik=
+attributeDisplayNames:: Yyzlm73lrrYo5Zyw5Yy6Kee8qeWGmQ==
+attributeDisplayNames:: Y24s5ZCN56ew
+attributeDisplayNames:: YXNzaXN0YW50LOWKqeaJiw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 57uE
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us572R6aG15Zyw5Z2A
+attributeDisplayNames:: dXJsLOe9kemhteWcsOWdgCjlhbblroMp
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs57uE5ZCNKFdpbmRvd3MgMjAwMCDku6XliY3niYjmnKwp
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5Yqe5YWs5a6k5L2N572u
+attributeDisplayNames:: aW5mbyzor7TmmI4=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOazqOmfs+aYvuekuuWQjeensA==
+attributeDisplayNames:: bWVtYmVyLOaIkOWRmA==
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: bCzljr8v5biC
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs5Y+v5YiG6L6o5ZCN56ew
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Yyzlm73lrrYo5Zyw5Yy6Kee8qeWGmQ==
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5Z+f
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGMs5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 6IGU57O75Lq6
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us572R6aG15Zyw5Z2A
+attributeDisplayNames:: dXJsLOe9kemhteWcsOWdgCjlhbblroMp
+attributeDisplayNames:: dGl0bGUs6IGM5Yqh
+attributeDisplayNames:: dGVsZXhOdW1iZXIs55S15oql5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOeUteivneWPt+eggQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzooZfpgZPlnLDlnYA=
+attributeDisplayNames:: c3Qs55yBL+ebtOi+luW4gi/oh6rmsrvljLo=
+attributeDisplayNames:: c24s5aeT
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOeUteaKpeWPt+eggQ==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWbvemZhSBJU0ROIOWPt+eggQ==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzpgq7nrrE=
+attributeDisplayNames:: cG9zdGFsQ29kZSzpgq7mlL/nvJbnoIE=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5Yqe5YWs5a6k5L2N572u
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzlpLTooZQ=
+attributeDisplayNames:: cGFnZXIs5ZG85py65Y+356CB
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs55S16K+d5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: b3RoZXJQYWdlcizlkbzmnLrlj7fnoIEo5YW25a6DKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUs56e75Yqo55S16K+d5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOeUteWtkOmCruS7tuWcsOWdgCjlhbblroMp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOeUteivneWPt+eggSjlhbblroMp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs5a625bqt55S16K+d5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs5Lyg55yf5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs5rOo6Z+z6YOo6Zeo
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLOaLvOmfs+WFrOWPuOWQjQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOazqOmfs+aYvuekuuWQjeensA==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLOaLvOmfs+Wnkw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzmi7zpn7PlkI0=
+attributeDisplayNames:: bW9iaWxlLOenu+WKqOeUteivneWPt+eggQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSzkuK3pl7TlkI0=
+attributeDisplayNames:: bWVtYmVyT2Ys5oiQ5ZGY6Lqr5Lu95bGe5LqO
+attributeDisplayNames:: bWFuYWdlciznu4/nkIY=
+attributeDisplayNames:: bWFpbCznlLXlrZDpgq7ku7blnLDlnYA=
+attributeDisplayNames:: bCzljr8v5biC
+attributeDisplayNames:: aXBQaG9uZSxJUCDnlLXor53lj7fnoIE=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5Zu96ZmFIElTRE4g5Y+356CBKOWFtuWugyk=
+attributeDisplayNames:: aW5mbyzor7TmmI4=
+attributeDisplayNames:: aW5pdGlhbHMs6Iux5paH57yp5YaZ
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms5a625bqt5Zyw5Z2A
+attributeDisplayNames:: aG9tZVBob25lLOWutuW6reeUteivnQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjQ==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizkuJbooq3np7DosJM=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLOS8oOecn+WPt+eggQ==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzogYzlkZjnvJblj7c=
+attributeDisplayNames:: ZGl2aXNpb24s5YiG6YOo
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs5Y+v5YiG6L6o5ZCN56ew
+attributeDisplayNames:: ZGlzcGxheU5hbWUs5pi+56S65ZCN56ew
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXkuIvlsZ4=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jpl6g=
+attributeDisplayNames:: Y29tcGFueSzlhazlj7g=
+attributeDisplayNames:: Y29tbWVudCzlpIfms6g=
+attributeDisplayNames:: Y24s5ZCN56ew
+attributeDisplayNames:: Y28s5Zu95a62KOWcsOWMuik=
+attributeDisplayNames:: Yyzlm73lrrYo5Zyw5Yy6Kee8qeWGmQ==
+attributeDisplayNames:: YXNzaXN0YW50LOWKqeaJiw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5Z+f562W55Wl
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5pys5Zyw562W55Wl
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5YWx5Lqr5paH5Lu25aS5
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSznvZHnu5zot6/lvoQ=
+attributeDisplayNames:: a2V5d29yZHMs5YWz6ZSu5a2X
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5pyN5Yqh
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 6K6h566X5py6
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOazqOmfs+aYvuekuuWQjeensA==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs6K6h566X5py65ZCNKFdpbmRvd3MgMjAwMCDku6XliY3niYjmnKwp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizmk43kvZzns7vnu5/niYjmnKw=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLOaTjeS9nOezu+e7nw==
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5omT5Y2w5py6
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcizlr7nosaHniYjmnKw=
+attributeDisplayNames:: dXJsLOe9kemhteWcsOWdgA==
+attributeDisplayNames:: c2VydmVyTmFtZSzmnI3liqHlmajlkI0=
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzmlK/mjIHoo4XorqI=
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUs5YWx5Lqr5ZCN
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzmr4/liIbpkp/pobXmlbA=
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzpgJ/luqbljZXkvY0=
+attributeDisplayNames:: cHJpbnRSYXRlLOmAn+W6pg==
+attributeDisplayNames:: cHJpbnRPd25lcizmiYDmnInogIXlkI3np7A=
+attributeDisplayNames:: cHJpbnRNZW1vcnks5bey6KOF5YaF5a2Y
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzmlK/mjIHnmoTnurjlvKDnsbvlnos=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LOWPr+eUqOe6uOW8oA==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLOacgOWkp+WIhui+qOeOhw==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSzmiZPljbDmnLror63oqIA=
+attributeDisplayNames:: cHJpbnRlck5hbWUs5ZCN56ew
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQs5pSv5oyB5Y+M6Z2i5omT5Y2w
+attributeDisplayNames:: cHJpbnRDb2xvcizmlK/mjIHlvanoibLmiZPljbA=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLOaUr+aMgeWvueeFpw==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzov5vnurjlmag=
+attributeDisplayNames:: cG9ydE5hbWUs56uv5Y+j
+attributeDisplayNames:: bG9jYXRpb24s5L2N572u
+attributeDisplayNames:: ZHJpdmVyTmFtZSzlnovlj7c=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5aSH5rOo
+attributeDisplayNames:: Y29udGFjdE5hbWUs6IGU57O75Lq6
+attributeDisplayNames:: YXNzZXROdW1iZXIs6LWE5Lqn5Y+356CB
+attributeDisplayNames:: dU5DTmFtZSznvZHnu5zlkI0=
+attributeDisplayNames:: Y24s55uu5b2V5pyN5Yqh5ZCN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 56uZ54K5
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 7Jew65297LKY
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us7Ju5IO2OmOydtOyngCDso7zshow=
+attributeDisplayNames:: dXJsLOybuSDtjpjsnbTsp4Ag7KO87IaMKOq4sO2DgCk=
+attributeDisplayNames:: dGl0bGUs7KeB7ZWo
+attributeDisplayNames:: dGVsZXhOdW1iZXIs7YWU66CJ7IqkIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOyghO2ZlCDrsojtmLg=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzso7zshow=
+attributeDisplayNames:: c3Qs7IucL+uPhA==
+attributeDisplayNames:: c24s7ISx
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLO2FlOugieyKpCDrsojtmLg=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOq1reygnCBJU0ROIOuyiO2YuA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzsgqzshJztlag=
+attributeDisplayNames:: cG9zdGFsQ29kZSzsmrDtjrgg67KI7Zi4
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs7IKs66y07IukIOychOy5mA==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzsoJzrqqk=
+attributeDisplayNames:: cGFnZXIs7Zi47Lac6riwIOuyiO2YuA==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs7KCE7ZmUIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: b3RoZXJQYWdlciztmLjstpzquLAg67KI7Zi4KOq4sO2DgCk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs7Zy064yA7Y+wIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOyghOyekCDrqZTsnbwg7KO87IaMKOq4sO2DgCk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOyghO2ZlCDrsojtmLgo6riw7YOAKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs7KeRIOyghO2ZlCDrsojtmLgo6riw7YOAKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs7Yyp7IqkIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs67aA7IScKO2VnOq4gCDtkZzquLAp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLO2ajOyCrCDsnbTrpoQo7ZWc6riAIO2RnOq4sCk=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLO2RnOyLnCDsnbTrpoQo7ZWc6riAIO2RnOq4sCk=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLOyEsSjtlZzquIAg7ZGc6riwKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzsnbTrpoQo7ZWc6riAIO2RnOq4sCk=
+attributeDisplayNames:: bW9iaWxlLO2ctOuMgO2PsCDrsojtmLg=
+attributeDisplayNames:: bWlkZGxlTmFtZSzspJHqsIQg7J2066aE
+attributeDisplayNames:: bWVtYmVyT2Ys7IaM7IaNIOq3uOujuQ==
+attributeDisplayNames:: bWFuYWdlcizqtIDrpqzsnpA=
+attributeDisplayNames:: bWFpbCzsoITsnpAg66mU7J28IOyjvOyGjA==
+attributeDisplayNames:: bCzqtawv6rWwL+yLnA==
+attributeDisplayNames:: aXBQaG9uZSxJUCDsoITtmZQg67KI7Zi4
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs6rWt7KCcIElTRE4g67KI7Zi4KOq4sO2DgCk=
+attributeDisplayNames:: aW5mbyzrqZTrqqg=
+attributeDisplayNames:: aW5pdGlhbHMs7J2064uI7IWc
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms7KeRIOyjvOyGjA==
+attributeDisplayNames:: aG9tZVBob25lLOynkSDsoITtmZQ=
+attributeDisplayNames:: Z2l2ZW5OYW1lLOydtOumhA==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizshLjrjIAg7KCR66+47IKs
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLO2MqeyKpCDrsojtmLg=
+attributeDisplayNames:: ZW1wbG95ZWVJRCzsp4Hsm5AgSUQ=
+attributeDisplayNames:: ZGl2aXNpb24s6rWtKOu2gOyEnCk=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs6rOg7JygIOydtOumhA==
+attributeDisplayNames:: ZGlzcGxheU5hbWUs7ZGc7IucIOydtOumhA==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzrtoDtlZgg7KeB7JuQ
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: ZGVwYXJ0bWVudCzrtoDshJw=
+attributeDisplayNames:: Y29tcGFueSztmozsgqw=
+attributeDisplayNames:: Y29tbWVudCzshKTrqoU=
+attributeDisplayNames:: Y24s7J2066aE
+attributeDisplayNames:: Y28s6rWt6rCA
+attributeDisplayNames:: Yyzqta3qsIAg7JW97Ja0
+attributeDisplayNames:: YXNzaXN0YW50LOuPhOyasOuvuA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=domainPolicy-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 64+E66mU7J24IOygleyxhQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 66Gc7LusIOygleyxhQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 6rO17JygIO2PtOuNlA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSzrhKTtirjsm4ztgawg6rK966Gc
+attributeDisplayNames:: a2V5d29yZHMs7YKk7JuM65Oc
+attributeDisplayNames:: bWFuYWdlZEJ5LOq0gOumrOyekA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 7ISc67mE7Iqk
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 7Lu07ZOo7YSw
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLO2RnOyLnCDsnbTrpoQo7ZWc6riAIO2RnOq4sCk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs7Lu07ZOo7YSwIOydtOumhChXaW5kb3dzIDIwMDAg7J207KCEIOuyhOyghCk=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizsmrTsmIEg7LK07KCcIOuyhOyghA==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLOyatOyYgSDssrTsoJw=
+attributeDisplayNames:: bWFuYWdlZEJ5LOq0gOumrOyekA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 7ZSE66aw7YSw
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcizqsJzssrQg67KE7KCE
+attributeDisplayNames:: dXJsLOybuSDtjpjsnbTsp4Ag7KO87IaM
+attributeDisplayNames:: c2VydmVyTmFtZSzshJzrsoQg7J2066aE
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzsiqTthYzsnbTtlIwg7KeA7JuQ
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUs6rO17JygIOydtOumhA==
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzrtoTri7kg7Y6Y7J207KeAIOyImA==
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzsho3rj4Qg64uo7JyE
+attributeDisplayNames:: cHJpbnRSYXRlLOyGjeuPhA==
+attributeDisplayNames:: cHJpbnRPd25lcizshozsnKDsnpAg7J2066aE
+attributeDisplayNames:: cHJpbnRNZW1vcnks7ISk7LmY65CcIOuplOuqqOumrA==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzsp4Dsm5DrkJjripQg7Jqp7KeAIOyiheulmA==
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LOyCrOyaqSDqsIDriqXtlZwg7Jqp7KeA
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLOy1nOuMgCDtlbTsg4Hrj4Q=
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSztlITrprDthLAg7Ja47Ja0
+attributeDisplayNames:: cHJpbnRlck5hbWUs7J2066aE
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQs7JaR66m0IOyduOyHhCDsp4Dsm5A=
+attributeDisplayNames:: cHJpbnRDb2xvcizsu6zrn6wg7J247IeEIOyngOybkA==
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLO2VnCDrtoDslKkg7J247IeEIOyngOybkA==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzsnoXroKUg7Jqp7KeA7ZWo
+attributeDisplayNames:: cG9ydE5hbWUs7Y+s7Yq4
+attributeDisplayNames:: bG9jYXRpb24s7JyE7LmY
+attributeDisplayNames:: ZHJpdmVyTmFtZSzrqqjrjbg=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y29udGFjdE5hbWUs7Jew65297LKY
+attributeDisplayNames:: YXNzZXROdW1iZXIs7J6Q7IKwIOuyiO2YuA==
+attributeDisplayNames:: dU5DTmFtZSzrhKTtirjsm4ztgawg7J2066aE
+attributeDisplayNames:: Y24s65SU66CJ7YSw66asIOyEnOu5hOyKpCDsnbTrpoQ=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 7IKs7J207Yq4
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 7ISc67KE
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 7ISk7KCV
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOyEpOyglQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOuzteygnCDshLjtirg=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 64+E66mU7J24IOy7qO2KuOuhpOufrCDshKTsoJU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 7Jew6rKw
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 7ISc67iM64S3
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 7KGw7KeBIOq1rOyEsSDri6jsnIQ=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LOq0gOumrOyekA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: b3Us7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 7Luo7YWM7J2064SI
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 7Yq465+s7Iqk7Yq465CcIOuPhOuplOyduA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQs67aA7IScKO2VnOq4gCDtkZzquLApLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLO2ajOyCrCDsnbTrpoQo7ZWc6riAIO2RnOq4sCksMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLOyEsSjtlZzquIAg7ZGc6riwKSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSzsnbTrpoQo7ZWc6riAIO2RnOq4sCksMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLO2RnOyLnCDsnbTrpoQo7ZWc6riAIO2RnOq4sCksMCwxMDAsMA==
+extraColumns:: cG9zdGFsQ29kZSzsmrDtjrgg67KI7Zi4LDAsMTAwLDA=
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAg7KCE7J6QIOuplOydvCDso7zshowsMCwxMzAsMA==
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUs7IKs7Jqp7J6QIOuhnOq3uOyYqCDsnbTrpoQsMCwyMDAsMA==
+extraColumns:: dGl0bGUs7KeB7ZWoLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyzrjIDsg4Eg7KO87IaMLDAsMTAwLDA=
+extraColumns:: c3Qs7IOB7YOcLDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs7IKs66y07IukLDAsMTAwLDA=
+extraColumns:: d2hlbkNoYW5nZWQs7IiY7KCV7ZWcIOuCoOynnCwwLDEzMCww
+extraColumns:: c24s7ISxLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkws7J247Iqk7YS07Yq4IOuplOyLnOynlSBVUkwsMCwxNDAsMA==
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCzsnbjsiqTthLTtirgg66mU7Iuc7KeVIO2ZiCDshJzrsoQsMCwxNzAsMA==
+extraColumns:: Z2l2ZW5OYW1lLOydtOumhCwwLDEwMCww
+extraColumns:: aG9tZU1EQixFeGNoYW5nZSDsgqzshJztlagg7KCA7J6l7IaMLDAsMTAwLDA=
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlIOuzhOy5rSwwLDE3NSww
+extraColumns:: bWFpbCzsoITsnpAg66mU7J28IOyjvOyGjCwwLDEwMCww
+extraColumns:: c0FNQWNjb3VudE5hbWUsV2luZG93cyAyMDAwIOydtOyghCDrsoTsoIQg66Gc6re47JioIOydtOumhCwwLDEyMCww
+extraColumns:: ZGlzcGxheU5hbWUs7ZGc7IucIOydtOumhCwwLDEwMCww
+extraColumns:: ZGVwYXJ0bWVudCzrtoDshJwsMCwxNTAsMA==
+extraColumns:: Yyzqta3qsIAsMCwtMSww
+extraColumns:: Y29tcGFueSztmozsgqwsMCwxNTAsMA==
+extraColumns:: bCzqtawv6rWwL+yLnCwwLDE1MCww
+extraColumns:: dGVsZXBob25lTnVtYmVyLO2ajOyCrCDsoITtmZQsMCwxMDAsMA==
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 7IKs7J207Yq4IOunge2BrA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 7IKs7J207Yq4IOunge2BrCDruIzrpqzsp4A=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 7IKs7J207Yq4IOqwhCDsoITshqE=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 65287J207ISg7IqkIOyCrOydtO2KuCDshKTsoJU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: 7IKs7J207Yq4IOyEpOyglQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOq1rOyEseybkA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOq1rOuPheyekA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOq1rOuPhQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UlBDIOyEnOu5hOyKpA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDtgZA=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDqtazshLE=
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUSDsl5TthLDtlITrnbzsnbTspog=
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUSDsl4Xqt7jroIjsnbTrk5ztlZwg7IKs7Jqp7J6Q
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDrnbzsmrDtjIUg66eB7YGs
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDshKTsoJU=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUSDtgZAg67OE7Lmt
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSztmJXsi50g7J2066aE
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: TVNNUSDqt7jro7k=
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLOq1rOyEseybkCDtgZA=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 7JuQ6rKpIOyggOyepeyGjCDshJzruYTsiqQ=
+adminContextMenu:: MCzqtIDrpqwoJk0pLi4uLFJzQWRtaW4ubXNj
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 7IKs7J207Yq4IOy7qO2FjOydtOuEiA==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 7IKs7J207Yq4IOqwhCDsoITshqEg7Luo7YWM7J2064SI
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 7ISc67iM64S3IOy7qO2FjOydtOuEiA==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 7ISc67KEIOy7qO2FjOydtOuEiA==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeSDrj4TrqZTsnbgg7ISc67mE7Iqk
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 7L+866asIOygleyxhQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 7Jm467aAIOuztOyViCDqsJzssrQ=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: 7J247Kad7IScIO2FnO2UjOumvw==
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LOuniOyngOunieycvOuhnCDslYzroKTsp4Qg67aA66qoLDEsMzAwLDA=
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LOuPhOyasOuvuA==
+attributeDisplayNames:: Y24s7J2066aE
+attributeDisplayNames:: Yyzqta3qsIAg7JW97Ja0
+attributeDisplayNames:: Y28s6rWt6rCA
+attributeDisplayNames:: Y29tbWVudCzshKTrqoU=
+attributeDisplayNames:: Y29tcGFueSztmozsgqw=
+attributeDisplayNames:: ZGVwYXJ0bWVudCzrtoDshJw=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzrtoDtlZgg7KeB7JuQ
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs6rOg7JygIOydtOumhA==
+attributeDisplayNames:: ZGl2aXNpb24s6rWtKOu2gOyEnCk=
+attributeDisplayNames:: ZW1wbG95ZWVJRCzsp4Hsm5AgSUQ=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLO2MqeyKpCDrsojtmLg=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizshLjrjIAg7KCR66+47IKs
+attributeDisplayNames:: Z2l2ZW5OYW1lLOydtOumhA==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSztmYgg7Y+0642U
+attributeDisplayNames:: aG9tZURyaXZlLO2ZiCDrk5zrnbzsnbTruIw=
+attributeDisplayNames:: aG9tZVBob25lLOynkSDsoITtmZQ=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms7KeRIOyjvOyGjA==
+attributeDisplayNames:: aW5pdGlhbHMs7J2064uI7IWc
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs6rWt7KCcIElTRE4g67KI7Zi4KOq4sO2DgCk=
+attributeDisplayNames:: aXBQaG9uZSxJUCDsoITtmZQg67KI7Zi4
+attributeDisplayNames:: bCzqtawv6rWwL+yLnA==
+attributeDisplayNames:: bWFpbCzsoITsnpAg66mU7J28IOyjvOyGjA==
+attributeDisplayNames:: bWFuYWdlcizqtIDrpqzsnpA=
+attributeDisplayNames:: bWVtYmVyT2Ys7IaM7IaNIOq3uOujuQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSzspJHqsIQg7J2066aE
+attributeDisplayNames:: bW9iaWxlLO2ctOuMgO2PsCDrsojtmLg=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs67aA7IScKO2VnOq4gCDtkZzquLAp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLO2ajOyCrCDsnbTrpoQo7ZWc6riAIO2RnOq4sCk=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLO2RnOyLnCDsnbTrpoQo7ZWc6riAIO2RnOq4sCk=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLOyEsSjtlZzquIAg7ZGc6riwKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzsnbTrpoQo7ZWc6riAIO2RnOq4sCk=
+attributeDisplayNames:: aW5mbyzrqZTrqqg=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs7Yyp7IqkIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs7KeRIOyghO2ZlCjquLDtg4Ap
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOyghO2ZlCDrsojtmLgo6riw7YOAKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOyghOyekCDrqZTsnbwg7KO87IaMKOq4sO2DgCk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs7Zy064yA7Y+wIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: b3RoZXJQYWdlciztmLjstpzquLAg67KI7Zi4KOq4sO2DgCk=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs7KCE7ZmUIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: cGFnZXIs7Zi47Lac6riwIOuyiO2YuA==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzsoJzrqqk=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs7IKs66y07IukIOychOy5mA==
+attributeDisplayNames:: cG9zdGFsQ29kZSzsmrDtjrgg67KI7Zi4
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzsgqzshJztlag=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOq1reygnCBJU0ROIOuyiO2YuA==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLO2FlOugieyKpCDrsojtmLg=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs66Gc6re47JioIOydtOumhChXaW5kb3dzIDIwMDAg7J207KCEIOuyhOyghCk=
+attributeDisplayNames:: c24s7ISx
+attributeDisplayNames:: c3Qs7IucL+uPhA==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzso7zshow=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOyghO2ZlCDrsojtmLg=
+attributeDisplayNames:: dGVsZXhOdW1iZXIs7YWU66CJ7IqkIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: dGl0bGUs7KeB7ZWo
+attributeDisplayNames:: dXJsLOybuSDtjpjsnbTsp4Ag7KO87IaMKOq4sO2DgCk=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs7ZGc7IucIOydtOumhA==
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzroZzqt7jsmKgg7JuM7YGs7Iqk7YWM7J207IWY
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs66Gc6re47JioIOydtOumhA==
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us7Ju5IO2OmOydtOyngCDso7zshow=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=DS-UI-Default-Settings,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvciDqt7jro7k=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvciDqt7jro7k=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 7IKs7Jqp7J6Q
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us7Ju5IO2OmOydtOyngCDso7zshow=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs66Gc6re47JioIOydtOumhA==
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzroZzqt7jsmKgg7JuM7YGs7Iqk7YWM7J207IWY
+attributeDisplayNames:: ZGlzcGxheU5hbWUs7ZGc7IucIOydtOumhA==
+attributeDisplayNames:: dXJsLOybuSDtjpjsnbTsp4Ag7KO87IaMKOq4sO2DgCk=
+attributeDisplayNames:: dGl0bGUs7KeB7ZWo
+attributeDisplayNames:: dGVsZXhOdW1iZXIs7YWU66CJ7IqkIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOyghO2ZlCDrsojtmLg=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzso7zshow=
+attributeDisplayNames:: c3Qs7IucL+uPhA==
+attributeDisplayNames:: c24s7ISx
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs66Gc6re47JioIOydtOumhChXaW5kb3dzIDIwMDAg7J207KCEIOuyhOyghCk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLO2FlOugieyKpCDrsojtmLg=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOq1reygnCBJU0ROIOuyiO2YuA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzsgqzshJztlag=
+attributeDisplayNames:: cG9zdGFsQ29kZSzsmrDtjrgg67KI7Zi4
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs7IKs66y07IukIOychOy5mA==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzsoJzrqqk=
+attributeDisplayNames:: cGFnZXIs7Zi47Lac6riwIOuyiO2YuA==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs7KCE7ZmUIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: b3RoZXJQYWdlciztmLjstpzquLAg67KI7Zi4KOq4sO2DgCk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs7Zy064yA7Y+wIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOyghOyekCDrqZTsnbwg7KO87IaMKOq4sO2DgCk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOyghO2ZlCDrsojtmLgo6riw7YOAKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs7KeRIOyghO2ZlCDrsojtmLgo6riw7YOAKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs7Yyp7IqkIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: aW5mbyzrqZTrqqg=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs67aA7IScKO2VnOq4gCDtkZzquLAp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLO2ajOyCrCDsnbTrpoQo7ZWc6riAIO2RnOq4sCk=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLO2RnOyLnCDsnbTrpoQo7ZWc6riAIO2RnOq4sCk=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLOyEsSjtlZzquIAg7ZGc6riwKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzsnbTrpoQo7ZWc6riAIO2RnOq4sCk=
+attributeDisplayNames:: bW9iaWxlLO2ctOuMgO2PsCDrsojtmLg=
+attributeDisplayNames:: bWlkZGxlTmFtZSzspJHqsIQg7J2066aE
+attributeDisplayNames:: bWVtYmVyT2Ys7IaM7IaNIOq3uOujuQ==
+attributeDisplayNames:: bWFuYWdlcizqtIDrpqzsnpA=
+attributeDisplayNames:: bWFpbCzsoITsnpAg66mU7J28IOyjvOyGjA==
+attributeDisplayNames:: bCzqtawv6rWwL+yLnA==
+attributeDisplayNames:: aXBQaG9uZSxJUCDsoITtmZQg67KI7Zi4
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs6rWt7KCcIElTRE4g67KI7Zi4KOq4sO2DgCk=
+attributeDisplayNames:: aW5pdGlhbHMs7J2064uI7IWc
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms7KeRIOyjvOyGjA==
+attributeDisplayNames:: aG9tZVBob25lLOynkSDsoITtmZQ=
+attributeDisplayNames:: aG9tZURyaXZlLO2ZiCDrk5zrnbzsnbTruIw=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSztmYgg7Y+0642U
+attributeDisplayNames:: Z2l2ZW5OYW1lLOydtOumhA==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizshLjrjIAg7KCR66+47IKs
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLO2MqeyKpCDrsojtmLg=
+attributeDisplayNames:: ZW1wbG95ZWVJRCzsp4Hsm5AgSUQ=
+attributeDisplayNames:: ZGl2aXNpb24s6rWtKOu2gOyEnCk=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs6rOg7JygIOydtOumhA==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzrtoDtlZgg7KeB7JuQ
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: ZGVwYXJ0bWVudCzrtoDshJw=
+attributeDisplayNames:: Y29tcGFueSztmozsgqw=
+attributeDisplayNames:: Y29tbWVudCzshKTrqoU=
+attributeDisplayNames:: Y28s6rWt6rCA
+attributeDisplayNames:: Yyzqta3qsIAg7JW97Ja0
+attributeDisplayNames:: Y24s7J2066aE
+attributeDisplayNames:: YXNzaXN0YW50LOuPhOyasOuvuA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 6re466O5
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us7Ju5IO2OmOydtOyngCDso7zshow=
+attributeDisplayNames:: dXJsLOybuSDtjpjsnbTsp4Ag7KO87IaMKOq4sO2DgCk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs6re466O5IOydtOumhChXaW5kb3dzIDIwMDAg7J207KCEIOuyhOyghCk=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs7IKs66y07IukIOychOy5mA==
+attributeDisplayNames:: aW5mbyzrqZTrqqg=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLO2RnOyLnCDsnbTrpoQo7ZWc6riAIO2RnOq4sCk=
+attributeDisplayNames:: bWVtYmVyLOq1rOyEseybkA==
+attributeDisplayNames:: bWFuYWdlZEJ5LOq0gOumrOyekA==
+attributeDisplayNames:: bCzqtawv6rWwL+yLnA==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs6rOg7JygIOydtOumhA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Yyzqta3qsIAg7JW97Ja0
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 64+E66mU7J24
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: ZGMs7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
diff --git a/source4/setup/display-specifiers/DisplaySpecifiers-Win2k8R2.txt b/source4/setup/display-specifiers/DisplaySpecifiers-Win2k8R2.txt
new file mode 100644
index 0000000..a171c75
--- /dev/null
+++ b/source4/setup/display-specifiers/DisplaySpecifiers-Win2k8R2.txt
@@ -0,0 +1,32758 @@
+#Intellectual Property Rights Notice for Open Specifications Documentation
+#
+#- Technical Documentation. Microsoft publishes Open Specifications documentation for protocols, file formats, languages, standards as well as overviews of the interaction among each of these technologies. 
+#
+#- Copyrights. This documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you may make copies of it in order to develop implementations of the technologies described in the Open Specifications and may distribute portions of it in your implementations using these technologies or your documentation as necessary to properly document the implementation. You may also distribute in your implementation, with or without modification, any schema, IDL’s, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the Open Specifications. 
+#
+#- No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation. 
+#
+#- Patents. Microsoft has patents that may cover your implementations of the technologies described in the Open Specifications. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, a given Open Specification may be covered by Microsoft's Open Specification Promise (available here: http://www.microsoft.com/interop/osp) or the Community Promise (available here:  http://www.microsoft.com/interop/cp/default.mspx). If you would prefer a written license, or if the technologies described n the Open Specifications are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting iplg@microsoft.com. 
+#
+#- Trademarks. The names of companies and products contained in this documentation may be covered by trademarks or similar intellectual property rights. This notice does not grant any licenses under those rights. 
+#
+#- Reservation of Rights. All other rights are reserved, and this notice does not grant any rights other than specifically described above, whether by implication, estoppel, or otherwise. 
+#
+#- Tools. The Open Specifications do not require the use of Microsoft programming tools or programming environments in order for you to develop an implementation. If you have access to Microsoft programming tools and environments you are free to take advantage of them. Certain Open Specifications are intended for use in conjunction with publicly available standard specifications and network programming art, and assumes that the reader either is familiar with the aforementioned material or has immediate access to it.
+#
+#- Preliminary Documentation. This Open Specification is preliminary documentation for this technology.  Since the documentation may change between this preliminary version and the final version, there are risks in relying on preliminary documentation. To the extent that you incur additional development obligations or any other costs as a result of relying on this preliminary documentation, you do so at your own risk.
+
+dn: CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+cn: DisplaySpecifiers
+distinguishedName: CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+objectVersion: 1
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DisplaySpecifiers
+systemFlags: -2147483648
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Grupo IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: U2VydmnDp28gSW50ZWxsaU1pcnJvcg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VXN1w6FyaW8=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIGRhIFDDoWdpbmEgZGEgV2Vi
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBkZSBMb2dvbg==
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxFc3Rhw6fDtWVzIGRlIFRyYWJhbGhvIGRlIExvZ29u
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tZSBwYXJhIEV4aWJpw6fDo28=
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkYSBQw6FnaW5hIGRhIFdlYiAoT3V0cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXggKE91dHJvcyk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25l
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxFbmRlcmXDp28=
+attributeDisplayNames:: c3QsRXN0YWRv
+attributeDisplayNames:: c24sU29icmVub21l
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkZSBMb2dvbiAoYW50ZXJpb3IgYW8gV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLElTRE4gSW50ZXJuYWNpb25hbA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxDYWl4YSBQb3N0YWw=
+attributeDisplayNames:: cG9zdGFsQ29kZSxDRVAvQ8OzZGlnbyBQb3N0YWw=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsRW5kZXJlw6dvIGNvbWVyY2lhbA==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGFnZXIsUGFnZXI=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbmUgKE91dHJvcyk=
+attributeDisplayNames:: b3RoZXJQYWdlcixQYWdlciAoT3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsQ2VsdWxhciAoT3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVtYWlsIChPdXRyb3Mp
+attributeDisplayNames:: b3RoZXJJcFBob25lLFRlbGVmb25lIElQIChPdXRyb3Mp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbmUgUmVzaWRlbmNpYWwgKE91dHJvcyk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4IChPdXRyb3Mp
+attributeDisplayNames:: aW5mbyxBbm90YcOnw7Vlcw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRGVwYXJ0YW1lbnRvIEZvbsOpdGljbw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLE5vbWUgRm9uw6l0aWNvIGRhIEVtcHJlc2E=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbWUgcGFyYSBFeGliacOnw6NvIEZvbsOpdGljbw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLFNvYnJlbm9tZSBGb27DqXRpY28=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxOb21lIEZvbsOpdGljbw==
+attributeDisplayNames:: bW9iaWxlLENlbHVsYXI=
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWd1bmRvIE5vbWU=
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJvIGRl
+attributeDisplayNames:: bWFuYWdlcixHZXJlbnRl
+attributeDisplayNames:: bWFpbCxFbWFpbA==
+attributeDisplayNames:: bCxDaWRhZGU=
+attributeDisplayNames:: aXBQaG9uZSxUZWxlZm9uZSBJUA==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSVNETiBJbnRlcm5hY2lvbmFsIChPdXRyb3Mp
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhaXM=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRW5kZXJlw6dvIFJlc2lkZW5jaWFs
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25lIFJlc2lkZW5jaWFs
+attributeDisplayNames:: aG9tZURyaXZlLFVuaWRhZGUgSW5pY2lhbA==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxQYXN0YSBJbmljaWFs
+attributeDisplayNames:: Z2l2ZW5OYW1lLFByaW1laXJvIE5vbWU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpeG8gR2VyYXRpdm8=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheA==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZGVudGlmaWNhw6fDo28gZGUgRnVuY2lvbsOhcmlv
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXPDo28=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBEaXN0aW50bw==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxSZWxhdMOzcmlvcyBEaXJldG9z
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: Y29tcGFueSxFbXByZXNh
+attributeDisplayNames:: Y29tbWVudCxDb21lbnTDoXJpbw==
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: YyxBYnJldmlhw6fDo28gZGUgUGHDrXM=
+attributeDisplayNames:: Y24sTm9tZQ==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Grupo
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIGRhIFDDoWdpbmEgZGEgV2Vi
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkYSBQw6FnaW5hIGRhIFdlYiAoT3V0cm9zKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkbyBncnVwbyAoYW50ZXJpb3IgYW8gV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsRW5kZXJlw6dvIGNvbWVyY2lhbA==
+attributeDisplayNames:: aW5mbyxBbm90YcOnw7Vlcw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbWUgcGFyYSBFeGliacOnw6NvIEZvbsOpdGljbw==
+attributeDisplayNames:: bWVtYmVyLE1lbWJyb3M=
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmVuY2lhZG8gcG9y
+attributeDisplayNames:: bCxDaWRhZGU=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBEaXN0aW50bw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: YyxBYnJldmlhw6fDo28gZGUgUGHDrXM=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9tw61uaW8=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: ZGMsTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contato
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIGRhIFDDoWdpbmEgZGEgV2Vi
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkYSBQw6FnaW5hIGRhIFdlYiAoT3V0cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXggKE91dHJvcyk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25l
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxFbmRlcmXDp28=
+attributeDisplayNames:: c3QsRXN0YWRv
+attributeDisplayNames:: c24sU29icmVub21l
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLElTRE4gSW50ZXJuYWNpb25hbA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxDYWl4YSBQb3N0YWw=
+attributeDisplayNames:: cG9zdGFsQ29kZSxDRVAvQ8OzZGlnbyBQb3N0YWw=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsRW5kZXJlw6dvIGNvbWVyY2lhbA==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGFnZXIsUGFnZXI=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbmUgKE91dHJvcyk=
+attributeDisplayNames:: b3RoZXJQYWdlcixQYWdlciAoT3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsQ2VsdWxhciAoT3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVtYWlsIChPdXRyb3Mp
+attributeDisplayNames:: b3RoZXJJcFBob25lLFRlbGVmb25lIElQIChPdXRyb3Mp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbmUgUmVzaWRlbmNpYWwgKE91dHJvcyk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4IChPdXRyb3Mp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRGVwYXJ0YW1lbnRvIEZvbsOpdGljbw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLE5vbWUgRm9uw6l0aWNvIGRhIEVtcHJlc2E=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbWUgcGFyYSBFeGliacOnw6NvIEZvbsOpdGljbw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLFNvYnJlbm9tZSBGb27DqXRpY28=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxOb21lIEZvbsOpdGljbw==
+attributeDisplayNames:: bW9iaWxlLENlbHVsYXI=
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWd1bmRvIE5vbWU=
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJvIGRl
+attributeDisplayNames:: bWFuYWdlcixHZXJlbnRl
+attributeDisplayNames:: bWFpbCxFbWFpbA==
+attributeDisplayNames:: bCxDaWRhZGU=
+attributeDisplayNames:: aXBQaG9uZSxUZWxlZm9uZSBJUA==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSVNETiBJbnRlcm5hY2lvbmFsIChPdXRyb3Mp
+attributeDisplayNames:: aW5mbyxBbm90YcOnw7Vlcw==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhaXM=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRW5kZXJlw6dvIFJlc2lkZW5jaWFs
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25lIFJlc2lkZW5jaWFs
+attributeDisplayNames:: Z2l2ZW5OYW1lLFByaW1laXJvIE5vbWU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpeG8gR2VyYXRpdm8=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheA==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZGVudGlmaWNhw6fDo28gZGUgRnVuY2lvbsOhcmlv
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXPDo28=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBEaXN0aW50bw==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tZSBwYXJhIEV4aWJpw6fDo28=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxSZWxhdMOzcmlvcyBEaXJldG9z
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: Y29tcGFueSxFbXByZXNh
+attributeDisplayNames:: Y29tbWVudCxDb21lbnTDoXJpbw==
+attributeDisplayNames:: Y24sTm9tZQ==
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: YyxBYnJldmlhw6fDo28gZGUgUGHDrXM=
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainPolicy-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RGlyZXRpdmEgZG8gRG9tw61uaW8=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Diretiva Local
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Pasta Compartilhada
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxDYW1pbmhvIGRlIFJlZGU=
+attributeDisplayNames:: a2V5d29yZHMsUGFsYXZyYXMtY2hhdmU=
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmVuY2lhZG8gcG9y
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U2VydmnDp28=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Computador
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbWUgcGFyYSBFeGliacOnw6NvIEZvbsOpdGljbw==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkbyBjb21wdXRhZG9yIChhbnRlcmlvciBhbyBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixWZXJzw6NvIGRvIFNpc3RlbWEgT3BlcmFjaW9uYWw=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLFNpc3RlbWEgT3BlcmFjaW9uYWw=
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmVuY2lhZG8gcG9y
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Impressora
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixWZXJzw6NvIGRvIE9iamV0bw==
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkYSBQw6FnaW5hIGRhIFdlYg==
+attributeDisplayNames:: c2VydmVyTmFtZSxOb21lIGRvIFNlcnZpZG9y
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxEw6EgU3Vwb3J0ZSBhIEdyYW1wZWFtZW50bw==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTm9tZSBkZSBDb21wYXJ0aWxoYW1lbnRv
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxQw6FnaW5hcyBwb3IgTWludXRv
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxVbmlkYWRlcyBkZSBWZWxvY2lkYWRl
+attributeDisplayNames:: cHJpbnRSYXRlLFZlbG9jaWRhZGU=
+attributeDisplayNames:: cHJpbnRPd25lcixOb21lIGRvIFByb3ByaWV0w6FyaW8=
+attributeDisplayNames:: cHJpbnRNZW1vcnksTWVtw7NyaWEgSW5zdGFsYWRh
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxUaXBvcyBkZSBQYXBlbCBjb20gU3Vwb3J0ZQ==
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFBhcGVsIERpc3BvbsOtdmVs
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLFJlc29sdcOnw6NvIE3DoXhpbWE=
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxJZGlvbWEgZGEgSW1wcmVzc29yYQ==
+attributeDisplayNames:: cHJpbnRlck5hbWUsTm9tZQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsRMOhIFN1cG9ydGUgw6AgSW1wcmVzc8OjbyBlbSBGcmVudGUgZSBWZXJzbw==
+attributeDisplayNames:: cHJpbnRDb2xvcixEw6EgU3Vwb3J0ZSDDoCBJbXByZXNzw6NvIGVtIENvcmVz
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLETDoSBTdXBvcnRlIGEgQWdydXBhbWVudG8=
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxCYW5kZWphcyBkZSBFbnRyYWRh
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydGE=
+attributeDisplayNames:: bG9jYXRpb24sTG9jYWw=
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQ29tZW50w6FyaW8=
+attributeDisplayNames:: Y29udGFjdE5hbWUsQ29udGF0bw==
+attributeDisplayNames:: YXNzZXROdW1iZXIsTsO6bWVybyBkbyBBdGl2bw==
+attributeDisplayNames:: dU5DTmFtZSxOb21lIGRlIFJlZGU=
+attributeDisplayNames:: Y24sTm9tZSBkbyBTZXJ2acOnbyBkZSBEaXJldMOzcmlv
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Site
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: Q29uZmlndXJhw6fDtWVz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: Q29uZmlndXJhw6fDtWVzIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: Q29uanVudG8gZGUgUsOpcGxpY2FzIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: Q29uZmlndXJhw6fDtWVzIGRvIENvbnRyb2xhZG9yIGRlIERvbcOtbmlv
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: Q29uZXjDo28=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Sub-rede
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Unidade Organizacional
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmVuY2lhZG8gcG9y
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: b3UsTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: Q29udMOqaW5lcg==
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RG9tw61uaW8gQ29uZmnDoXZlbA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQsRGVwYXJ0YW1lbnRvIEZvbsOpdGljbywwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLE5vbWUgRm9uw6l0aWNvIGRhIEVtcHJlc2EsMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLFNvYnJlbm9tZSBGb27DqXRpY28sMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSxOb21lIEZvbsOpdGljbywwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbWUgcGFyYSBFeGliacOnw6NvIEZvbsOpdGljbywwLDEwMCww
+extraColumns:: cG9zdGFsQ29kZSxDRVAsMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsRW5kZXJlw6dvIGRlIEVtYWlsIFguNDAwLDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBkZSBMb2dvbiBkbyBVc3XDoXJpbywwLDIwMCww
+extraColumns:: dGl0bGUsQ2FyZ28sMCwxMDAsMA==
+extraColumns:: dGFyZ2V0QWRkcmVzcyxFbmRlcmXDp28gZGUgRGVzdGlubywwLDEwMCww
+extraColumns:: c3QsRXN0YWRvLDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsRXNjcml0w7NyaW8sMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQsTW9kaWZpY2FkbywwLDEzMCww
+extraColumns:: c24sU29icmVub21lLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMIGRvIFNpc3RlbWEgZGUgTWVuc2FnZW5zIEluc3RhbnTDom5lYXMsMCwxNDAsMA==
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxTZXJ2aWRvciBJbmljaWFsIGRvIFNpc3RlbWEgZGUgTWVuc2FnZW5zIEluc3RhbnTDom5lYXMsMCwxNzAsMA==
+extraColumns:: Z2l2ZW5OYW1lLFByaW1laXJvIE5vbWUsMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixBcm1hemVuYW1lbnRvIGRlIENhaXhhIGRlIENvcnJlaW8gZG8gRXhjaGFuZ2UsMCwxMDAsMA==
+extraColumns:: bWFpbE5pY2tuYW1lLEFsaWFzIGRvIEV4Y2hhbmdlLDAsMTc1LDA=
+extraColumns:: bWFpbCxFbWFpbCwwLDEwMCww
+extraColumns:: c0FNQWNjb3VudE5hbWUsTm9tZSBkZSBMb2dvbiBBbnRlcmlvciBhbyBXaW5kb3dzIDIwMDAsMCwxMjAsMA==
+extraColumns:: ZGlzcGxheU5hbWUsTm9tZSBwYXJhIEV4aWJpw6fDo28sMCwxMDAsMA==
+extraColumns:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8sMCwxNTAsMA==
+extraColumns:: YyxQYcOtcywwLC0xLDA=
+extraColumns:: Y29tcGFueSxFbXByZXNhLDAsMTUwLDA=
+extraColumns:: bCxDaWRhZGUsMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25lIENvbWVyY2lhbCwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Link de Site
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Ponte de Link de Site
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Transporte Entre Sites
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: Q29uZmlndXJhw6fDtWVzIGRlIExpY2VuY2lhbWVudG8gZGUgU2l0ZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: Q29uZmlndXJhw6fDtWVzIGRlIFNpdGU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Membro do FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Assinante do FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Assinaturas do FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: U2VydmnDp29zIFJQQw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: Fila MSMQ
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: Q29uZmlndXJhw6fDo28gZG8gTVNNUQ==
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: Empresa do MSMQ
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: VXN1w6FyaW8gQXR1YWxpemFkbyBkbyBNU01R
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: Link de Roteamento do MSMQ
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: Q29uZmlndXJhw6fDtWVzIGRvIE1TTVE=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: Alias da Fila do MSMQ
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSxOb21lIGRlIEZvcm1hdG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: Grupo do MSMQ
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLEZpbGFzIGRlIE1lbWJyb3M=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2VydmnDp28gZGUgQXJtYXplbmFtZW50byBSZW1vdG8=
+adminContextMenu: 0,&Gerenciar...,RsAdmin.msc
+attributeDisplayNames: cn,Nome
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: Q29udMOqaW5lciBkZSBTaXRlcw==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: Q29udMOqaW5lciBkZSBUcmFuc3BvcnRlcyBFbnRyZSBTaXRlcw==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: Q29udMOqaW5lciBkZSBTdWItcmVkZXM=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: Q29udMOqaW5lciBkZSBTZXJ2aWRvcmVz
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2VydmnDp29zIGRlIERvbcOtbmlvIGRvIEFjdGl2ZSBEaXJlY3Rvcnk=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Diretiva de Consulta
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: RW50aWRhZGUgZGUgU2VndXJhbsOnYSBFeHRlcm5h
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Modelo de Certificado
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LMOabHRpbW8gUGFpIENvbmhlY2lkbywxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=416,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+attributeDisplayNames:: Y24sTm9tZQ==
+attributeDisplayNames:: YyxBYnJldmlhw6fDo28gZGUgUGHDrXM=
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: Y29tbWVudCxDb21lbnTDoXJpbw==
+attributeDisplayNames:: Y29tcGFueSxFbXByZXNh
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxSZWxhdMOzcmlvcyBEaXJldG9z
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBEaXN0aW50bw==
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXPDo28=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZGVudGlmaWNhw6fDo28gZGUgRnVuY2lvbsOhcmlv
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheA==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpeG8gR2VyYXRpdm8=
+attributeDisplayNames:: Z2l2ZW5OYW1lLFByaW1laXJvIE5vbWU=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxQYXN0YSBJbmljaWFs
+attributeDisplayNames:: aG9tZURyaXZlLFVuaWRhZGUgSW5pY2lhbA==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25lIFJlc2lkZW5jaWFs
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRW5kZXJlw6dvIFJlc2lkZW5jaWFs
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhaXM=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSVNETiBJbnRlcm5hY2lvbmFsIChPdXRyb3Mp
+attributeDisplayNames:: aXBQaG9uZSxUZWxlZm9uZSBJUA==
+attributeDisplayNames:: bCxDaWRhZGU=
+attributeDisplayNames:: bWFpbCxFbWFpbA==
+attributeDisplayNames:: bWFuYWdlcixHZXJlbnRl
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJvIGRl
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWd1bmRvIE5vbWU=
+attributeDisplayNames:: bW9iaWxlLENlbHVsYXI=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRGVwYXJ0YW1lbnRvIEZvbsOpdGljbw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLE5vbWUgRm9uw6l0aWNvIGRhIEVtcHJlc2E=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbWUgcGFyYSBFeGliacOnw6NvIEZvbsOpdGljbw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLFNvYnJlbm9tZSBGb27DqXRpY28=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxOb21lIEZvbsOpdGljbw==
+attributeDisplayNames:: aW5mbyxBbm90YcOnw7Vlcw==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4IChPdXRyb3Mp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbmUgUmVzaWRlbmNpYWwgKE91dHJvcyk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLFRlbGVmb25lIElQIChPdXRyb3Mp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVtYWlsIChPdXRyb3Mp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsQ2VsdWxhciAoT3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixQYWdlciAoT3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbmUgKE91dHJvcyk=
+attributeDisplayNames:: cGFnZXIsUGFnZXI=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsRW5kZXJlw6dvIGNvbWVyY2lhbA==
+attributeDisplayNames:: cG9zdGFsQ29kZSxDRVAvQ8OzZGlnbyBQb3N0YWw=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxDYWl4YSBQb3N0YWw=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLElTRE4gSW50ZXJuYWNpb25hbA==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkZSBMb2dvbiAoYW50ZXJpb3IgYW8gV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: c24sU29icmVub21l
+attributeDisplayNames:: c3QsRXN0YWRv
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxFbmRlcmXDp28=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25l
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXggKE91dHJvcyk=
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkYSBQw6FnaW5hIGRhIFdlYiAoT3V0cm9zKQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tZSBwYXJhIEV4aWJpw6fDo28=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxFc3Rhw6fDtWVzIGRlIFRyYWJhbGhvIGRlIExvZ29u
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBkZSBMb2dvbg==
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIGRhIFDDoWdpbmEgZGEgV2Vi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Groupe IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: Service IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Utilisateur
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBkZSBwYWdlIFZi
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tIGQnb3V2ZXJ0dXJlIGRlIHNlc3Npb24=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxTdGF0aW9ucyBkZSB0cmF2YWlsIGFjY2Vzc2libGVz
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tIGNvbXBsZXQ=
+attributeDisplayNames:: dXJsLEFkcmVzc2UgZGUgcGFnZSBXZWIgKEF1dHJlcyk=
+attributeDisplayNames:: dGl0bGUsSW50aXR1bMOpIGRlIGxhIGZvbmN0aW9u
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtw6lybyBkZSB0w6lsZXggKEF1dHJlcyk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bcOpcm8gZGUgdMOpbMOpcGhvbmU=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc3NlIHBvc3RhbGU=
+attributeDisplayNames:: c3Qsw4l0YXQvUsOpZ2lvbg==
+attributeDisplayNames:: c24sTm9tIGRlIGZhbWlsbGU=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tIGQnb3V2ZXJ0dXJlIGRlIHNlc3Npb24gKGFudMOpcmlldXIgw6AgV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bcOpcm8gZGUgdMOpbGV4
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE51bcOpcm8gUk5JUyBpbnRlcm5hdGlvbmFs
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxCb8OudGUgcG9zdGFsZQ==
+attributeDisplayNames:: cG9zdGFsQ29kZSxDb2RlIHBvc3RhbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQWRyZXNzZSBkdSBidXJlYXU=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRyZQ==
+attributeDisplayNames:: cGFnZXIsTnVtw6lybyBkZSByw6ljZXB0ZXVyIGRlIHJhZGlvLW1lc3NhZ2VyaWU=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW3DqXJvIGRlIHLDqWNlcHRldXIgZGUgcmFkaW8tbWVzc2FnZXJpZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSBtb2JpbGUgKEF1dHJlcyk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEFkcmVzc2UgZGUgbWVzc2FnZXJpZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bcOpcm8gZGUgdMOpbMOpcGhvbmUgSVAgKEF1dHJlcyk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSBkb21pY2lsZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtw6lybyBkZSB0w6lsw6ljb3BpZXVyIChBdXRyZXMp
+attributeDisplayNames:: aW5mbyxSZW1hcnF1ZXM=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsU2VydmljZSBwaG9uw6l0aXF1ZQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLE5vbSBwaG9uw6l0aXF1ZSBkZSBsYSBzb2Npw6l0w6k=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbSBjb21wbGV0IHBob27DqXRpcXVl
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLE5vbSBwaG9uw6l0aXF1ZQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxQcsOpbm9tIHBob27DqXRpcXVl
+attributeDisplayNames:: bW9iaWxlLE51bcOpcm8gZGUgdMOpbMOpcGhvbmUgbW9iaWxl
+attributeDisplayNames:: bWlkZGxlTmFtZSxEZXV4acOobWUgcHLDqW5vbQ==
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJlIGRl
+attributeDisplayNames:: bWFuYWdlcixTdXDDqXJpZXVyIGRpcmVjdA==
+attributeDisplayNames:: bWFpbCxBZHJlc3NlIGRlIG1lc3NhZ2VyaWU=
+attributeDisplayNames:: bCxWaWxsZQ==
+attributeDisplayNames:: aXBQaG9uZSxOdW3DqXJvIGRlIHTDqWzDqXBob25lIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTnVtw6lybyBSTklTIGludGVybmF0aW9uYWwgKEF1dHJlcyk=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVzwqA=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzZSBkb21pY2lsZQ==
+attributeDisplayNames:: aG9tZVBob25lLFTDqWzDqXBob25lIGRvbWljaWxl
+attributeDisplayNames:: aG9tZURyaXZlLExlY3RldXIgZGUgYmFzZQ==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxEb3NzaWVyIGRlIGJhc2U=
+attributeDisplayNames:: Z2l2ZW5OYW1lLFByw6lub20=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZmaXhlIGRlIGfDqW7DqXJhdGlvbg==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bcOpcm8gZGUgdMOpbMOpY29waWV1csKg
+attributeDisplayNames:: ZW1wbG95ZWVJRCxOdW3DqXJvIGQnZW1wbG95w6k=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb24=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tIHVuaXF1ZQ==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxDb2xsYWJvcmF0ZXVycyBkaXJlY3Rz
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcHRpb24=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEw6lwYXJ0ZW1lbnQ=
+attributeDisplayNames:: Y29tcGFueSxTb2Npw6l0w6k=
+attributeDisplayNames:: Y29tbWVudCxDb21tZW50YWlyZQ==
+attributeDisplayNames:: Y28sUGF5cw==
+attributeDisplayNames:: YyxBYnLDqXZpYXRpb24gZHUgcGF5cw==
+attributeDisplayNames:: Y24sTm9t
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGFudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Groupe
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBkZSBwYWdlIFZi
+attributeDisplayNames:: dXJsLEFkcmVzc2UgZGUgcGFnZSBXZWIgKEF1dHJlcyk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tIGRlIGdyb3VwZSAoYW50w6lyaWV1ciDDoCBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQWRyZXNzZSBkdSBidXJlYXU=
+attributeDisplayNames:: aW5mbyxSZW1hcnF1ZXM=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbSBjb21wbGV0IHBob27DqXRpcXVl
+attributeDisplayNames:: bWVtYmVyLE1lbWJyZXM=
+attributeDisplayNames:: bWFuYWdlZEJ5LEfDqXLDqSBwYXI=
+attributeDisplayNames:: bCxWaWxsZQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tIHVuaXF1ZQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcHRpb24=
+attributeDisplayNames:: YyxBYnLDqXZpYXRpb24gZHUgcGF5cw==
+attributeDisplayNames:: Y24sTm9t
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Domaine
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Description
+attributeDisplayNames: dc,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contact
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBkZSBwYWdlIFZi
+attributeDisplayNames:: dXJsLEFkcmVzc2UgZGUgcGFnZSBXZWIgKEF1dHJlcyk=
+attributeDisplayNames:: dGl0bGUsSW50aXR1bMOpIGRlIGxhIGZvbmN0aW9u
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtw6lybyBkZSB0w6lsZXggKEF1dHJlcyk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bcOpcm8gZGUgdMOpbMOpcGhvbmU=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc3NlIHBvc3RhbGU=
+attributeDisplayNames:: c3Qsw4l0YXQvUsOpZ2lvbg==
+attributeDisplayNames:: c24sTm9tIGRlIGZhbWlsbGU=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bcOpcm8gZGUgdMOpbGV4
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE51bcOpcm8gUk5JUyBpbnRlcm5hdGlvbmFs
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxCb8OudGUgcG9zdGFsZQ==
+attributeDisplayNames:: cG9zdGFsQ29kZSxDb2RlIHBvc3RhbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQWRyZXNzZSBkdSBidXJlYXU=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRyZQ==
+attributeDisplayNames:: cGFnZXIsTnVtw6lybyBkZSByw6ljZXB0ZXVyIGRlIHJhZGlvLW1lc3NhZ2VyaWU=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW3DqXJvIGRlIHLDqWNlcHRldXIgZGUgcmFkaW8tbWVzc2FnZXJpZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSBtb2JpbGUgKEF1dHJlcyk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEFkcmVzc2UgZGUgbWVzc2FnZXJpZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bcOpcm8gZGUgdMOpbMOpcGhvbmUgSVAgKEF1dHJlcyk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSBkb21pY2lsZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtw6lybyBkZSB0w6lsw6ljb3BpZXVyIChBdXRyZXMp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsU2VydmljZSBwaG9uw6l0aXF1ZQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLE5vbSBwaG9uw6l0aXF1ZSBkZSBsYSBzb2Npw6l0w6k=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbSBjb21wbGV0IHBob27DqXRpcXVl
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLE5vbSBwaG9uw6l0aXF1ZQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxQcsOpbm9tIHBob27DqXRpcXVl
+attributeDisplayNames:: bW9iaWxlLE51bcOpcm8gZGUgdMOpbMOpcGhvbmUgbW9iaWxl
+attributeDisplayNames:: bWlkZGxlTmFtZSxEZXV4acOobWUgcHLDqW5vbQ==
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJlIGRl
+attributeDisplayNames:: bWFuYWdlcixTdXDDqXJpZXVyIGRpcmVjdA==
+attributeDisplayNames:: bWFpbCxBZHJlc3NlIGRlIG1lc3NhZ2VyaWU=
+attributeDisplayNames:: bCxWaWxsZQ==
+attributeDisplayNames:: aXBQaG9uZSxOdW3DqXJvIGRlIHTDqWzDqXBob25lIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTnVtw6lybyBSTklTIGludGVybmF0aW9uYWwgKEF1dHJlcyk=
+attributeDisplayNames:: aW5mbyxSZW1hcnF1ZXM=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVzwqA=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzZSBkb21pY2lsZQ==
+attributeDisplayNames:: aG9tZVBob25lLFTDqWzDqXBob25lIGRvbWljaWxl
+attributeDisplayNames:: Z2l2ZW5OYW1lLFByw6lub20=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZmaXhlIGRlIGfDqW7DqXJhdGlvbg==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bcOpcm8gZGUgdMOpbMOpY29waWV1csKg
+attributeDisplayNames:: ZW1wbG95ZWVJRCxOdW3DqXJvIGQnZW1wbG95w6k=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb24=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tIHVuaXF1ZQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tIGNvbXBsZXQ=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxDb2xsYWJvcmF0ZXVycyBkaXJlY3Rz
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcHRpb24=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEw6lwYXJ0ZW1lbnQ=
+attributeDisplayNames:: Y29tcGFueSxTb2Npw6l0w6k=
+attributeDisplayNames:: Y29tbWVudCxDb21tZW50YWlyZQ==
+attributeDisplayNames:: Y24sTm9t
+attributeDisplayNames:: Y28sUGF5cw==
+attributeDisplayNames:: YyxBYnLDqXZpYXRpb24gZHUgcGF5cw==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGFudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainPolicy-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U3RyYXTDqWdpZSBkZSBkb21haW5l
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U3RyYXTDqWdpZSBsb2NhbGU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9zc2llciBwYXJ0YWfDqcKg
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxDaGVtaW4gcsOpc2VhdQ==
+attributeDisplayNames:: a2V5d29yZHMsTW90cyBjbMOpcw==
+attributeDisplayNames:: bWFuYWdlZEJ5LEfDqXLDqSBwYXI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcHRpb24=
+attributeDisplayNames:: Y24sTm9t
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Service
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Ordinateur
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbSBjb21wbGV0IHBob27DqXRpcXVl
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tIGQnb3JkaW5hdGV1ciAoYW50w6lyaWV1ciDDoCBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixWZXJzaW9uIGR1IHN5c3TDqG1lIGQnZXhwbG9pdGF0aW9u
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLFN5c3TDqG1lIGQnZXhwbG9pdGF0aW9u
+attributeDisplayNames:: bWFuYWdlZEJ5LEfDqXLDqSBwYXI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcHRpb24=
+attributeDisplayNames:: Y24sTm9t
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Imprimante
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixWZXJzaW9uIGRlIGwnb2JqZXQ=
+attributeDisplayNames:: dXJsLEFkcmVzc2UgZGUgcGFnZSBWYg==
+attributeDisplayNames:: c2VydmVyTmFtZSxOb20gZGUgc2VydmV1cg==
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxQcmVuZCBlbiBjaGFyZ2UgbCdhZ3JhZmFnZQ==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTm9tIGR1IHBhcnRhZ2U=
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxQYWdlcyBwYXIgbWludXRl
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxVbml0w6lzIGRlIHZpdGVzc2U=
+attributeDisplayNames:: cHJpbnRSYXRlLFZpdGVzc2U=
+attributeDisplayNames:: cHJpbnRPd25lcixOb20gZHUgcHJvcHJpw6l0YWlyZQ==
+attributeDisplayNames:: cHJpbnRNZW1vcnksTcOpbW9pcmUgaW5zdGFsbMOpZQ==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxUeXBlcyBkZSBwYXBpZXIgcHJpcyBlbiBjaGFyZ2U=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFBhcGllciBkaXNwb25pYmxlwqA=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLFLDqXNvbHV0aW9uIG1heGltYWxl
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxMYW5nYWdlIGRlIGwnaW1wcmltYW50ZQ==
+attributeDisplayNames:: cHJpbnRlck5hbWUsTm9t
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsUHJlbmQgZW4gY2hhcmdlIGwnaW1wcmVzc2lvbiByZWN0byB2ZXJzbw==
+attributeDisplayNames:: cHJpbnRDb2xvcixQcmVuZCBlbiBjaGFyZ2UgbCdpbXByZXNzaW9uIGVuIGNvdWxldXI=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFByZW5kIGVuIGNoYXJnZSBsJ2Fzc2VtYmxhZ2U=
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxCYWNzIGQnZW50csOpZQ==
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydA==
+attributeDisplayNames:: bG9jYXRpb24sRW1wbGFjZW1lbnQ=
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2TDqGxl
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQ29tbWVudGFpcmU=
+attributeDisplayNames:: Y29udGFjdE5hbWUsQ29udGFjdA==
+attributeDisplayNames:: YXNzZXROdW1iZXIsTnVtw6lybyBkZSBjb250csO0bGU=
+attributeDisplayNames:: dU5DTmFtZSxOb20gcsOpc2VhdQ==
+attributeDisplayNames:: Y24sTm9tIGR1IHNlcnZpY2UgZCdhbm51YWlyZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Site
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Serveur
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: UGFyYW3DqHRyZXM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: UGFyYW3DqHRyZXMgRlJT
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: SmV1IGRlIHLDqXBsaWNhcyBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: UGFyYW3DqHRyZXMgZHUgY29udHLDtGxldXIgZGUgZG9tYWluZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Connexion
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: U291cy1yw6lzZWF1wqA=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VW5pdMOpIGQnb3JnYW5pc2F0aW9uwqA=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LEfDqXLDqSBwYXI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcHRpb24=
+attributeDisplayNames:: b3UsTm9t
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Conteneur
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RG9tYWluZSBhcHByb3V2w6k=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQsU2VydmljZSBwaG9uw6l0aXF1ZSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLE5vbSBwaG9uw6l0aXF1ZSBkZSBsYSBzb2Npw6l0w6ksMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLE5vbSBwaG9uw6l0aXF1ZSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSxQcsOpbm9tIHBob27DqXRpcXVlLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbSBjb21wbGV0IHBob27DqXRpcXVlLDAsMTAwLDA=
+extraColumns:: cG9zdGFsQ29kZSxDb2RlIHBvc3RhbCwwLDEwMCww
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsQWRyZXNzZSBkZSBtZXNzYWdlcmllIFguNDAwLDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsTm9tIGQnb3V2ZXJ0dXJlIGRlIHNlc3Npb24gZGUgbCd1dGlsaXNhdGV1ciwwLDIwMCww
+extraColumns:: dGl0bGUsSW50aXR1bMOpIGRlIGxhIGZvbmN0aW9uLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyxBZHJlc3NlIGRlIGRlc3RpbmF0aW9uLDAsMTAwLDA=
+extraColumns:: c3Qsw4l0YXQsMCwxMDAsMA==
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQnVyZWF1LDAsMTAwLDA=
+extraColumns:: d2hlbkNoYW5nZWQsTW9kaWZpw6ksMCwxMzAsMA==
+extraColumns:: c24sTm9tIGRlIGZhbWlsbGUsMCwxMDAsMA==
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMIGRlIG1lc3NhZ2VyaWUgaW5zdGFudGFuw6llLDAsMTQwLDA=
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxTZXJ2ZXVyIGRlIGJhc2UgZGUgbWVzc2FnZXJpZSBpbnN0YW50YW7DqWUsMCwxNzAsMA==
+extraColumns:: Z2l2ZW5OYW1lLFByw6lub20sMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixNYWdhc2luIGJvw650ZSBhdXggbGV0dHJlcyBFeGNoYW5nZSwwLDEwMCww
+extraColumns:: bWFpbE5pY2tuYW1lLEFsaWFzIEV4Y2hhbmdlLDAsMTc1LDA=
+extraColumns:: bWFpbCxBZHJlc3NlIGRlIG1lc3NhZ2VyaWUsMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsTm9tIGQnb3V2ZXJ0dXJlIGRlIHNlc3Npb24gYW50w6lyaWV1ciDDoCBXaW5kb3dzIDIwMDAsMCwxMjAsMA==
+extraColumns:: ZGlzcGxheU5hbWUsTm9tIGNvbXBsZXQsMCwxMDAsMA==
+extraColumns:: ZGVwYXJ0bWVudCxEw6lwYXJ0ZW1lbnQsMCwxNTAsMA==
+extraColumns:: YyxQYXlzLDAsLTEsMA==
+extraColumns:: Y29tcGFueSxTb2Npw6l0w6ksMCwxNTAsMA==
+extraColumns:: bCxWaWxsZSwwLDE1MCww
+extraColumns:: dGVsZXBob25lTnVtYmVyLFTDqWzDqXBob25lIHByb2Zlc3Npb25uZWwsMCwxMDAsMA==
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Lien du site
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Pont de la liaison du site
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Transport inter-sites
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: UGFyYW3DqHRyZSBkdSBzaXRlIGRlIGdlc3Rpb24gZGVzIGxpY2VuY2Vz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: UGFyYW3DqHRyZXMgZHUgc2l0ZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Membre FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: QWJvbm7DqSBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Abonnements FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Services RPC
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: File d'attente MSMQ
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: Configuration MSMQ
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: Entreprise MSMQ
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: VXRpbGlzYXRldXIgYXlhbnQgdW5lIG1pc2Ugw6Agbml2ZWF1IE1TTVE=
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: Liaison de routage MSMQ
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: UGFyYW3DqHRyZXMgTVNNUQ==
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: Alias de file d'attente MSMQ
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Nom de format
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: Groupe MSMQ
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames: member,Files d'attente de membres
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2VydmljZSBkZSBzdG9ja2FnZSDDqXRlbmR1
+adminContextMenu:: MCwmR8OpcmVyLi4uLFJzQWRtaW4ubXNj
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Conteneur de sites
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Conteneur de transports inter-sites
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: Q29udGVuZXVyIGRlIHNvdXMtcsOpc2VhdXg=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Conteneur de serveurs
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Services de domaine Active Directory
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U3RyYXTDqWdpZSBkZSByZXF1w6p0ZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: U8OpY3VyaXTDqSBleHTDqXJpZXVyZSBwcmluY2lwYWxl
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: TW9kw6hsZSBkZSBjZXJ0aWZpY2F0
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Nom
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns: lastKnownParent,Dernier parent connu,1,300,0
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=40C,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGFudA==
+attributeDisplayNames:: Y24sTm9t
+attributeDisplayNames:: YyxBYnLDqXZpYXRpb24gZHUgcGF5cw==
+attributeDisplayNames:: Y28sUGF5cw==
+attributeDisplayNames:: Y29tbWVudCxDb21tZW50YWlyZQ==
+attributeDisplayNames:: Y29tcGFueSxTb2Npw6l0w6k=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEw6lwYXJ0ZW1lbnQ=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcHRpb24=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxDb2xsYWJvcmF0ZXVycyBkaXJlY3Rz
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tIHVuaXF1ZQ==
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb24=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxOdW3DqXJvIGQnZW1wbG95w6k=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bcOpcm8gZGUgdMOpbMOpY29waWV1csKg
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZmaXhlIGRlIGfDqW7DqXJhdGlvbg==
+attributeDisplayNames:: Z2l2ZW5OYW1lLFByw6lub20=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxEb3NzaWVyIGRlIGJhc2U=
+attributeDisplayNames:: aG9tZURyaXZlLExlY3RldXIgZGUgYmFzZQ==
+attributeDisplayNames:: aG9tZVBob25lLFTDqWzDqXBob25lIGRvbWljaWxl
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzZSBkb21pY2lsZQ==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVzwqA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTnVtw6lybyBSTklTIGludGVybmF0aW9uYWwgKEF1dHJlcyk=
+attributeDisplayNames:: aXBQaG9uZSxOdW3DqXJvIGRlIHTDqWzDqXBob25lIElQ
+attributeDisplayNames:: bCxWaWxsZQ==
+attributeDisplayNames:: bWFpbCxBZHJlc3NlIGRlIG1lc3NhZ2VyaWU=
+attributeDisplayNames:: bWFuYWdlcixTdXDDqXJpZXVyIGRpcmVjdA==
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJlIGRl
+attributeDisplayNames:: bWlkZGxlTmFtZSxEZXV4acOobWUgcHLDqW5vbQ==
+attributeDisplayNames:: bW9iaWxlLE51bcOpcm8gZGUgdMOpbMOpcGhvbmUgbW9iaWxl
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsU2VydmljZSBwaG9uw6l0aXF1ZQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLE5vbSBwaG9uw6l0aXF1ZSBkZSBsYSBzb2Npw6l0w6k=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbSBjb21wbGV0IHBob27DqXRpcXVl
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLE5vbSBwaG9uw6l0aXF1ZQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxQcsOpbm9tIHBob27DqXRpcXVl
+attributeDisplayNames:: aW5mbyxSZW1hcnF1ZXM=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtw6lybyBkZSB0w6lsw6ljb3BpZXVyIChBdXRyZXMp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSBkb21pY2lsZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bcOpcm8gZGUgdMOpbMOpcGhvbmUgSVAgKEF1dHJlcyk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEFkcmVzc2UgZGUgbWVzc2FnZXJpZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSBtb2JpbGUgKEF1dHJlcyk=
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW3DqXJvIGRlIHLDqWNlcHRldXIgZGUgcmFkaW8tbWVzc2FnZXJpZSAoQXV0cmVzKQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtw6lybyBkZSB0w6lsw6lwaG9uZSAoQXV0cmVzKQ==
+attributeDisplayNames:: cGFnZXIsTnVtw6lybyBkZSByw6ljZXB0ZXVyIGRlIHJhZGlvLW1lc3NhZ2VyaWU=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRyZQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQWRyZXNzZSBkdSBidXJlYXU=
+attributeDisplayNames:: cG9zdGFsQ29kZSxDb2RlIHBvc3RhbA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxCb8OudGUgcG9zdGFsZQ==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE51bcOpcm8gUk5JUyBpbnRlcm5hdGlvbmFs
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bcOpcm8gZGUgdMOpbGV4
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tIGQnb3V2ZXJ0dXJlIGRlIHNlc3Npb24gKGFudMOpcmlldXIgw6AgV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: c24sTm9tIGRlIGZhbWlsbGU=
+attributeDisplayNames:: c3Qsw4l0YXQvUsOpZ2lvbg==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc3NlIHBvc3RhbGU=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bcOpcm8gZGUgdMOpbMOpcGhvbmU=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtw6lybyBkZSB0w6lsZXggKEF1dHJlcyk=
+attributeDisplayNames:: dGl0bGUsSW50aXR1bMOpIGRlIGxhIGZvbmN0aW9u
+attributeDisplayNames:: dXJsLEFkcmVzc2UgZGUgcGFnZSBXZWIgKEF1dHJlcyk=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tIGNvbXBsZXQ=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxTdGF0aW9ucyBkZSB0cmF2YWlsIGFjY2Vzc2libGVz
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tIGQnb3V2ZXJ0dXJlIGRlIHNlc3Npb24=
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBkZSBwYWdlIFZi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvciDnu4Q=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvciDmnI3liqE=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 55So5oi3
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us572R6aG15Zyw5Z2A
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs55m75b2V5ZCN
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyznmbvlvZXlt6XkvZznq5k=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs5pi+56S65ZCN56ew
+attributeDisplayNames:: dXJsLOe9kemhteWcsOWdgCjlhbbku5Yp
+attributeDisplayNames:: dGl0bGUs6IGM5Yqh
+attributeDisplayNames:: dGVsZXhOdW1iZXIs55S15oql5Y+356CBKOWFtuS7lik=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOeUteivneWPt+eggQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzooZfpgZPlnLDlnYA=
+attributeDisplayNames:: c3Qs55yBL+ebtOi+luW4gi/oh6rmsrvljLo=
+attributeDisplayNames:: c24s5aeT
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs55m75b2V5ZCNKFdpbmRvd3MgMjAwMCDku6XliY3niYjmnKwp
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOeUteaKpeWPt+eggQ==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWbvemZhSBJU0ROIOWPt+eggQ==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzpgq7nrrE=
+attributeDisplayNames:: cG9zdGFsQ29kZSzpgq7mlL/nvJbnoIE=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5Yqe5YWs5a6k5L2N572u
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzlpLTooZQ=
+attributeDisplayNames:: cGFnZXIs5ZG85py65Y+356CB
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs55S16K+d5Y+356CBKOWFtuS7lik=
+attributeDisplayNames:: b3RoZXJQYWdlcizlkbzmnLrlj7fnoIEo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUs56e75Yqo55S16K+d5Y+356CBKOWFtuS7lik=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOeUteWtkOmCruS7tuWcsOWdgCjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOeUteivneWPt+eggSjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs5a625bqt55S16K+d5Y+356CBKOWFtuS7lik=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs5Lyg55yf5Y+356CBKOWFtuS7lik=
+attributeDisplayNames:: aW5mbyzor7TmmI4=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs5rOo6Z+z6YOo6Zeo
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLOaLvOmfs+WFrOWPuOWQjeensA==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOaLvOmfs+aYvuekuuWQjeensA==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLOaLvOmfs+Wnkw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzmi7zpn7PlkI0=
+attributeDisplayNames:: bW9iaWxlLOenu+WKqOeUteivneWPt+eggQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSzkuK3pl7TlkI0=
+attributeDisplayNames:: bWVtYmVyT2Ys5oiQ5ZGY6Lqr5Lu95bGe5LqO
+attributeDisplayNames:: bWFuYWdlciznu4/nkIY=
+attributeDisplayNames:: bWFpbCznlLXlrZDpgq7ku7blnLDlnYA=
+attributeDisplayNames:: bCzljr8v5biC
+attributeDisplayNames:: aXBQaG9uZSxJUCDnlLXor53lj7fnoIE=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5Zu96ZmFIElTRE4g5Y+356CBKOWFtuS7lik=
+attributeDisplayNames:: aW5pdGlhbHMs6Iux5paH57yp5YaZ
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms5a625bqt5Zyw5Z2A
+attributeDisplayNames:: aG9tZVBob25lLOWutuW6reeUteivnQ==
+attributeDisplayNames:: aG9tZURyaXZlLOS4u+mpseWKqOWZqA==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzkuLvmlofku7blpLk=
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjQ==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizkuJbooq3np7DosJM=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLOS8oOecn+WPt+eggQ==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzogYzlkZjnvJblj7c=
+attributeDisplayNames:: ZGl2aXNpb24s5YiG6YOo
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs5Y+v5YiG6L6o5ZCN56ew
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXkuIvlsZ4=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jpl6g=
+attributeDisplayNames:: Y29tcGFueSzlhazlj7g=
+attributeDisplayNames:: Y29tbWVudCzlpIfms6g=
+attributeDisplayNames:: Y28s5Zu95a62KOWcsOWMuik=
+attributeDisplayNames:: Yyzlm73lrrYo5Zyw5Yy6Kee8qeWGmQ==
+attributeDisplayNames:: Y24s5ZCN56ew
+attributeDisplayNames:: YXNzaXN0YW50LOWKqeaJiw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 57uE
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us572R6aG15Zyw5Z2A
+attributeDisplayNames:: dXJsLOe9kemhteWcsOWdgCjlhbbku5Yp
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs57uE5ZCNKFdpbmRvd3MgMjAwMCDku6XliY3niYjmnKwp
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5Yqe5YWs5a6k5L2N572u
+attributeDisplayNames:: aW5mbyzor7TmmI4=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOaLvOmfs+aYvuekuuWQjeensA==
+attributeDisplayNames:: bWVtYmVyLOaIkOWRmA==
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: bCzljr8v5biC
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs5Y+v5YiG6L6o5ZCN56ew
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Yyzlm73lrrYo5Zyw5Yy6Kee8qeWGmQ==
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5Z+f
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGMs5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 6IGU57O75Lq6
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us572R6aG15Zyw5Z2A
+attributeDisplayNames:: dXJsLOe9kemhteWcsOWdgCjlhbbku5Yp
+attributeDisplayNames:: dGl0bGUs6IGM5Yqh
+attributeDisplayNames:: dGVsZXhOdW1iZXIs55S15oql5Y+356CBKOWFtuS7lik=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOeUteivneWPt+eggQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzooZfpgZPlnLDlnYA=
+attributeDisplayNames:: c3Qs55yBL+ebtOi+luW4gi/oh6rmsrvljLo=
+attributeDisplayNames:: c24s5aeT
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOeUteaKpeWPt+eggQ==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWbvemZhSBJU0ROIOWPt+eggQ==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzpgq7nrrE=
+attributeDisplayNames:: cG9zdGFsQ29kZSzpgq7mlL/nvJbnoIE=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5Yqe5YWs5a6k5L2N572u
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzlpLTooZQ=
+attributeDisplayNames:: cGFnZXIs5ZG85py65Y+356CB
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs55S16K+d5Y+356CBKOWFtuS7lik=
+attributeDisplayNames:: b3RoZXJQYWdlcizlkbzmnLrlj7fnoIEo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUs56e75Yqo55S16K+d5Y+356CBKOWFtuS7lik=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOeUteWtkOmCruS7tuWcsOWdgCjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOeUteivneWPt+eggSjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs5a625bqt55S16K+d5Y+356CBKOWFtuS7lik=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs5Lyg55yf5Y+356CBKOWFtuS7lik=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs5rOo6Z+z6YOo6Zeo
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLOaLvOmfs+WFrOWPuOWQjeensA==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOaLvOmfs+aYvuekuuWQjeensA==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLOaLvOmfs+Wnkw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzmi7zpn7PlkI0=
+attributeDisplayNames:: bW9iaWxlLOenu+WKqOeUteivneWPt+eggQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSzkuK3pl7TlkI0=
+attributeDisplayNames:: bWVtYmVyT2Ys5oiQ5ZGY6Lqr5Lu95bGe5LqO
+attributeDisplayNames:: bWFuYWdlciznu4/nkIY=
+attributeDisplayNames:: bWFpbCznlLXlrZDpgq7ku7blnLDlnYA=
+attributeDisplayNames:: bCzljr8v5biC
+attributeDisplayNames:: aXBQaG9uZSxJUCDnlLXor53lj7fnoIE=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5Zu96ZmFIElTRE4g5Y+356CBKOWFtuS7lik=
+attributeDisplayNames:: aW5mbyzor7TmmI4=
+attributeDisplayNames:: aW5pdGlhbHMs6Iux5paH57yp5YaZ
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms5a625bqt5Zyw5Z2A
+attributeDisplayNames:: aG9tZVBob25lLOWutuW6reeUteivnQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjQ==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizkuJbooq3np7DosJM=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLOS8oOecn+WPt+eggQ==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzogYzlkZjnvJblj7c=
+attributeDisplayNames:: ZGl2aXNpb24s5YiG6YOo
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs5Y+v5YiG6L6o5ZCN56ew
+attributeDisplayNames:: ZGlzcGxheU5hbWUs5pi+56S65ZCN56ew
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXkuIvlsZ4=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jpl6g=
+attributeDisplayNames:: Y29tcGFueSzlhazlj7g=
+attributeDisplayNames:: Y29tbWVudCzlpIfms6g=
+attributeDisplayNames:: Y24s5ZCN56ew
+attributeDisplayNames:: Y28s5Zu95a62KOWcsOWMuik=
+attributeDisplayNames:: Yyzlm73lrrYo5Zyw5Yy6Kee8qeWGmQ==
+attributeDisplayNames:: YXNzaXN0YW50LOWKqeaJiw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainPolicy-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5Z+f562W55Wl
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5pys5Zyw562W55Wl
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5YWx5Lqr5paH5Lu25aS5
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSznvZHnu5zot6/lvoQ=
+attributeDisplayNames:: a2V5d29yZHMs5YWz6ZSu5a2X
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5pyN5Yqh
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 6K6h566X5py6
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOaLvOmfs+aYvuekuuWQjeensA==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs6K6h566X5py65ZCNKFdpbmRvd3MgMjAwMCDku6XliY3niYjmnKwp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizmk43kvZzns7vnu5/niYjmnKw=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLOaTjeS9nOezu+e7nw==
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5omT5Y2w5py6
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcizlr7nosaHniYjmnKw=
+attributeDisplayNames:: dXJsLOe9kemhteWcsOWdgA==
+attributeDisplayNames:: c2VydmVyTmFtZSzmnI3liqHlmajlkI0=
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzmlK/mjIHoo4XorqI=
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUs5YWx5Lqr5ZCN
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzmr4/liIbpkp/pobXmlbA=
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzpgJ/luqbljZXkvY0=
+attributeDisplayNames:: cHJpbnRSYXRlLOmAn+W6pg==
+attributeDisplayNames:: cHJpbnRPd25lcizmiYDmnInogIXlkI3np7A=
+attributeDisplayNames:: cHJpbnRNZW1vcnks5bey6KOF5YaF5a2Y
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzmlK/mjIHnmoTnurjlvKDnsbvlnos=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LOWPr+eUqOe6uOW8oA==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLOacgOWkp+WIhui+qOeOhw==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSzmiZPljbDmnLror63oqIA=
+attributeDisplayNames:: cHJpbnRlck5hbWUs5ZCN56ew
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQs5pSv5oyB5Y+M6Z2i5omT5Y2w
+attributeDisplayNames:: cHJpbnRDb2xvcizmlK/mjIHlvanoibLmiZPljbA=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLOaUr+aMgeWvueeFpw==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzov5vnurjlmag=
+attributeDisplayNames:: cG9ydE5hbWUs56uv5Y+j
+attributeDisplayNames:: bG9jYXRpb24s5L2N572u
+attributeDisplayNames:: ZHJpdmVyTmFtZSzlnovlj7c=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5aSH5rOo
+attributeDisplayNames:: Y29udGFjdE5hbWUs6IGU57O75Lq6
+attributeDisplayNames:: YXNzZXROdW1iZXIs6LWE5Lqn5Y+356CB
+attributeDisplayNames:: dU5DTmFtZSznvZHnu5zlkI0=
+attributeDisplayNames:: Y24s55uu5b2V5pyN5Yqh5ZCN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 56uZ54K5
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 5pyN5Yqh5Zmo
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 6K6+572u
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOiuvue9rg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOWkjeWItumbhg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 5Z+f5o6n5Yi25Zmo6K6+572u
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 6L+e5o6l
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 5a2Q572R
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 57uE57uH5Y2V5L2N
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: b3Us5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5a655Zmo
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 5Y+X5L+h5Lu75Z+f
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQs5rOo6Z+z6YOo6ZeoLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLOaLvOmfs+WFrOWPuOWQjeensCwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLOaLvOmfs+WnkywwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSzmi7zpn7PlkI0sMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOaLvOmfs+aYvuekuuWQjeensCwwLDEwMCww
+extraColumns:: cG9zdGFsQ29kZSzpgq7mlL/nvJbnoIEsMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAg55S15a2Q6YKu5Lu25Zyw5Z2ALDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUs55So5oi355m75b2V5ZCN56ewLDAsMjAwLDA=
+extraColumns:: dGl0bGUs6IGM5YqhLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyznm67moIflnLDlnYAsMCwxMDAsMA==
+extraColumns:: c3Qs55yBL+iHquayu+WMuiwwLDEwMCww
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5Yqe5YWs5a6kLDAsMTAwLDA=
+extraColumns:: d2hlbkNoYW5nZWQs5bey5pu05pS5LDAsMTMwLDA=
+extraColumns:: c24s5aeTLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkws5Y2z5pe25raI5oGvIFVSTCwwLDE0MCww
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCzljbPml7bmtojmga/kuLvmnI3liqHlmagsMCwxNzAsMA==
+extraColumns:: Z2l2ZW5OYW1lLOWQjSwwLDEwMCww
+extraColumns:: aG9tZU1EQixFeGNoYW5nZSDpgq7nrrHlrZjlgqgsMCwxMDAsMA==
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlIOWIq+WQjSwwLDE3NSww
+extraColumns:: bWFpbCznlLXlrZDpgq7ku7blnLDlnYAsMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsV2luZG93cyAyMDAwIOS7peWJjeeJiOacrOeahOeZu+W9leWQjeensCwwLDEyMCww
+extraColumns:: ZGlzcGxheU5hbWUs5pi+56S65ZCN56ewLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCzpg6jpl6gsMCwxNTAsMA==
+extraColumns:: Yyzlm73lrrYo5Zyw5Yy6KSwwLC0xLDA=
+extraColumns:: Y29tcGFueSzlhazlj7gsMCwxNTAsMA==
+extraColumns:: bCzljr8v5biCLDAsMTUwLDA=
+extraColumns:: dGVsZXBob25lTnVtYmVyLOWVhuWKoeeUteivnSwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 56uZ54K56ZO+5o6l
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 56uZ54K56ZO+5o6l5qGl
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 56uZ6Ze05Lyg6L6T
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 5o6I5p2D56uZ54K56K6+572u
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: 56uZ54K56K6+572u
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOaIkOWRmA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOiuoumYheiAhQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOiuoumYhQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UlBDIOacjeWKoQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDpmJ/liJc=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDphY3nva4=
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUSDkvIHkuJrnuqc=
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUSDljYfnuqfnlKjmiLc=
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDot6/nlLHpk77mjqU=
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDorr7nva4=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUSDpmJ/liJfliKvlkI0=
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSzmoLzlvI/lkI0=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: TVNNUSDnu4Q=
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLOaIkOWRmOmYn+WIlw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 6L+c56iL5a2Y5YKo5pyN5Yqh
+adminContextMenu:: MCznrqHnkIYoJk0pLi4uLFJzQWRtaW4ubXNj
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 56uZ54K55a655Zmo
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 56uZ6Ze05Lyg6L6T5a655Zmo
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 5a2Q572R5a655Zmo
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 5pyN5Yqh5Zmo5a655Zmo
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeSDln5/mnI3liqE=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 5p+l6K+i562W55Wl
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 5aSW6YOo5a6J5YWo6KeE6IyD
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: 6K+B5Lmm5qih5p2/
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ew
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LOacgOi/keS4gOasoeW3suefpeeahOeItiwxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=804,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LOWKqeaJiw==
+attributeDisplayNames:: Y24s5ZCN56ew
+attributeDisplayNames:: Yyzlm73lrrYo5Zyw5Yy6Kee8qeWGmQ==
+attributeDisplayNames:: Y28s5Zu95a62KOWcsOWMuik=
+attributeDisplayNames:: Y29tbWVudCzlpIfms6g=
+attributeDisplayNames:: Y29tcGFueSzlhazlj7g=
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jpl6g=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXkuIvlsZ4=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs5Y+v5YiG6L6o5ZCN56ew
+attributeDisplayNames:: ZGl2aXNpb24s5YiG6YOo
+attributeDisplayNames:: ZW1wbG95ZWVJRCzogYzlkZjnvJblj7c=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLOS8oOecn+WPt+eggQ==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizkuJbooq3np7DosJM=
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjQ==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzkuLvmlofku7blpLk=
+attributeDisplayNames:: aG9tZURyaXZlLOS4u+mpseWKqOWZqA==
+attributeDisplayNames:: aG9tZVBob25lLOWutuW6reeUteivnQ==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms5a625bqt5Zyw5Z2A
+attributeDisplayNames:: aW5pdGlhbHMs6Iux5paH57yp5YaZ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5Zu96ZmFIElTRE4g5Y+356CBKOWFtuS7lik=
+attributeDisplayNames:: aXBQaG9uZSxJUCDnlLXor53lj7fnoIE=
+attributeDisplayNames:: bCzljr8v5biC
+attributeDisplayNames:: bWFpbCznlLXlrZDpgq7ku7blnLDlnYA=
+attributeDisplayNames:: bWFuYWdlciznu4/nkIY=
+attributeDisplayNames:: bWVtYmVyT2Ys5oiQ5ZGY6Lqr5Lu95bGe5LqO
+attributeDisplayNames:: bWlkZGxlTmFtZSzkuK3pl7TlkI0=
+attributeDisplayNames:: bW9iaWxlLOenu+WKqOeUteivneWPt+eggQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs5rOo6Z+z6YOo6Zeo
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLOaLvOmfs+WFrOWPuOWQjeensA==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOaLvOmfs+aYvuekuuWQjeensA==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLOaLvOmfs+Wnkw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzmi7zpn7PlkI0=
+attributeDisplayNames:: aW5mbyzor7TmmI4=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs5Lyg55yf5Y+356CBKOWFtuS7lik=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs5a625bqt55S16K+dKOWFtuS7lik=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOeUteivneWPt+eggSjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOeUteWtkOmCruS7tuWcsOWdgCjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJNb2JpbGUs56e75Yqo55S16K+d5Y+356CBKOWFtuS7lik=
+attributeDisplayNames:: b3RoZXJQYWdlcizlkbzmnLrlj7fnoIEo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs55S16K+d5Y+356CBKOWFtuS7lik=
+attributeDisplayNames:: cGFnZXIs5ZG85py65Y+356CB
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzlpLTooZQ=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5Yqe5YWs5a6k5L2N572u
+attributeDisplayNames:: cG9zdGFsQ29kZSzpgq7mlL/nvJbnoIE=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzpgq7nrrE=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWbvemZhSBJU0ROIOWPt+eggQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOeUteaKpeWPt+eggQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs55m75b2V5ZCNKFdpbmRvd3MgMjAwMCDku6XliY3niYjmnKwp
+attributeDisplayNames:: c24s5aeT
+attributeDisplayNames:: c3Qs55yBL+ebtOi+luW4gi/oh6rmsrvljLo=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzooZfpgZPlnLDlnYA=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOeUteivneWPt+eggQ==
+attributeDisplayNames:: dGVsZXhOdW1iZXIs55S15oql5Y+356CBKOWFtuS7lik=
+attributeDisplayNames:: dGl0bGUs6IGM5Yqh
+attributeDisplayNames:: dXJsLOe9kemhteWcsOWdgCjlhbbku5Yp
+attributeDisplayNames:: ZGlzcGxheU5hbWUs5pi+56S65ZCN56ew
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyznmbvlvZXlt6XkvZznq5k=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs55m75b2V5ZCN
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us572R6aG15Zyw5Z2A
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvciDqt7jro7k=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvciDqt7jro7k=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 7IKs7Jqp7J6Q
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us7Ju5IO2OmOydtOyngCDso7zshow=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs66Gc6re47JioIOydtOumhA==
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzroZzqt7jsmKgg7JuM7YGs7Iqk7YWM7J207IWY
+attributeDisplayNames:: ZGlzcGxheU5hbWUs7ZGc7IucIOydtOumhA==
+attributeDisplayNames:: dXJsLOybuSDtjpjsnbTsp4Ag7KO87IaMKOq4sO2DgCk=
+attributeDisplayNames:: dGl0bGUs7KeB7ZWo
+attributeDisplayNames:: dGVsZXhOdW1iZXIs7YWU66CJ7IqkIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOyghO2ZlCDrsojtmLg=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzso7zshow=
+attributeDisplayNames:: c3Qs7IucL+uPhA==
+attributeDisplayNames:: c24s7ISx
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs66Gc6re47JioIOydtOumhChXaW5kb3dzIDIwMDAg7J207KCEIOuyhOyghCk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLO2FlOugieyKpCDrsojtmLg=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOq1reygnCBJU0ROIOuyiO2YuA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzsgqzshJztlag=
+attributeDisplayNames:: cG9zdGFsQ29kZSzsmrDtjrgg67KI7Zi4
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs7IKs66y07IukIOychOy5mA==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzsoJzrqqk=
+attributeDisplayNames:: cGFnZXIs7Zi47Lac6riwIOuyiO2YuA==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs7KCE7ZmUIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: b3RoZXJQYWdlciztmLjstpzquLAg67KI7Zi4KOq4sO2DgCk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs7Zy064yA7Y+wIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOyghOyekCDrqZTsnbwg7KO87IaMKOq4sO2DgCk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOyghO2ZlCDrsojtmLgo6riw7YOAKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs7KeRIOyghO2ZlCDrsojtmLgo6riw7YOAKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs7Yyp7IqkIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: aW5mbyzrqZTrqqg=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs67aA7IScKO2VnOq4gCDtkZzquLAp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLO2ajOyCrCDsnbTrpoQo7ZWc6riAIO2RnOq4sCk=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLO2RnOyLnCDsnbTrpoQo7ZWc6riAIO2RnOq4sCk=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLOyEsSjtlZzquIAg7ZGc6riwKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzsnbTrpoQo7ZWc6riAIO2RnOq4sCk=
+attributeDisplayNames:: bW9iaWxlLO2ctOuMgO2PsCDrsojtmLg=
+attributeDisplayNames:: bWlkZGxlTmFtZSzspJHqsIQg7J2066aE
+attributeDisplayNames:: bWVtYmVyT2Ys7IaM7IaNIOq3uOujuQ==
+attributeDisplayNames:: bWFuYWdlcizqtIDrpqzsnpA=
+attributeDisplayNames:: bWFpbCzsoITsnpAg66mU7J28IOyjvOyGjA==
+attributeDisplayNames:: bCzqtawv6rWwL+yLnA==
+attributeDisplayNames:: aXBQaG9uZSxJUCDsoITtmZQg67KI7Zi4
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs6rWt7KCcIElTRE4g67KI7Zi4KOq4sO2DgCk=
+attributeDisplayNames:: aW5pdGlhbHMs7J2064uI7IWc
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms7KeRIOyjvOyGjA==
+attributeDisplayNames:: aG9tZVBob25lLOynkSDsoITtmZQ=
+attributeDisplayNames:: aG9tZURyaXZlLO2ZiCDrk5zrnbzsnbTruIw=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSztmYgg7Y+0642U
+attributeDisplayNames:: Z2l2ZW5OYW1lLOydtOumhA==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizshLjrjIAg7KCR66+47IKs
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLO2MqeyKpCDrsojtmLg=
+attributeDisplayNames:: ZW1wbG95ZWVJRCzsp4Hsm5AgSUQ=
+attributeDisplayNames:: ZGl2aXNpb24s6rWtKOu2gOyEnCk=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs6rOg7JygIOydtOumhA==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzrtoDtlZgg7KeB7JuQ
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: ZGVwYXJ0bWVudCzrtoDshJw=
+attributeDisplayNames:: Y29tcGFueSztmozsgqw=
+attributeDisplayNames:: Y29tbWVudCzshKTrqoU=
+attributeDisplayNames:: Y28s6rWt6rCA
+attributeDisplayNames:: Yyzqta3qsIAg7JW97Ja0
+attributeDisplayNames:: Y24s7J2066aE
+attributeDisplayNames:: YXNzaXN0YW50LOuPhOyasOuvuA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 6re466O5
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us7Ju5IO2OmOydtOyngCDso7zshow=
+attributeDisplayNames:: dXJsLOybuSDtjpjsnbTsp4Ag7KO87IaMKOq4sO2DgCk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs6re466O5IOydtOumhChXaW5kb3dzIDIwMDAg7J207KCEIOuyhOyghCk=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs7IKs66y07IukIOychOy5mA==
+attributeDisplayNames:: aW5mbyzrqZTrqqg=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLO2RnOyLnCDsnbTrpoQo7ZWc6riAIO2RnOq4sCk=
+attributeDisplayNames:: bWVtYmVyLOq1rOyEseybkA==
+attributeDisplayNames:: bWFuYWdlZEJ5LOq0gOumrOyekA==
+attributeDisplayNames:: bCzqtawv6rWwL+yLnA==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs6rOg7JygIOydtOumhA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Yyzqta3qsIAg7JW97Ja0
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 64+E66mU7J24
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: ZGMs7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 7Jew65297LKY
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us7Ju5IO2OmOydtOyngCDso7zshow=
+attributeDisplayNames:: dXJsLOybuSDtjpjsnbTsp4Ag7KO87IaMKOq4sO2DgCk=
+attributeDisplayNames:: dGl0bGUs7KeB7ZWo
+attributeDisplayNames:: dGVsZXhOdW1iZXIs7YWU66CJ7IqkIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOyghO2ZlCDrsojtmLg=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzso7zshow=
+attributeDisplayNames:: c3Qs7IucL+uPhA==
+attributeDisplayNames:: c24s7ISx
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLO2FlOugieyKpCDrsojtmLg=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOq1reygnCBJU0ROIOuyiO2YuA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzsgqzshJztlag=
+attributeDisplayNames:: cG9zdGFsQ29kZSzsmrDtjrgg67KI7Zi4
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs7IKs66y07IukIOychOy5mA==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzsoJzrqqk=
+attributeDisplayNames:: cGFnZXIs7Zi47Lac6riwIOuyiO2YuA==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs7KCE7ZmUIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: b3RoZXJQYWdlciztmLjstpzquLAg67KI7Zi4KOq4sO2DgCk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs7Zy064yA7Y+wIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOyghOyekCDrqZTsnbwg7KO87IaMKOq4sO2DgCk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOyghO2ZlCDrsojtmLgo6riw7YOAKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs7KeRIOyghO2ZlCDrsojtmLgo6riw7YOAKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs7Yyp7IqkIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs67aA7IScKO2VnOq4gCDtkZzquLAp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLO2ajOyCrCDsnbTrpoQo7ZWc6riAIO2RnOq4sCk=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLO2RnOyLnCDsnbTrpoQo7ZWc6riAIO2RnOq4sCk=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLOyEsSjtlZzquIAg7ZGc6riwKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzsnbTrpoQo7ZWc6riAIO2RnOq4sCk=
+attributeDisplayNames:: bW9iaWxlLO2ctOuMgO2PsCDrsojtmLg=
+attributeDisplayNames:: bWlkZGxlTmFtZSzspJHqsIQg7J2066aE
+attributeDisplayNames:: bWVtYmVyT2Ys7IaM7IaNIOq3uOujuQ==
+attributeDisplayNames:: bWFuYWdlcizqtIDrpqzsnpA=
+attributeDisplayNames:: bWFpbCzsoITsnpAg66mU7J28IOyjvOyGjA==
+attributeDisplayNames:: bCzqtawv6rWwL+yLnA==
+attributeDisplayNames:: aXBQaG9uZSxJUCDsoITtmZQg67KI7Zi4
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs6rWt7KCcIElTRE4g67KI7Zi4KOq4sO2DgCk=
+attributeDisplayNames:: aW5mbyzrqZTrqqg=
+attributeDisplayNames:: aW5pdGlhbHMs7J2064uI7IWc
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms7KeRIOyjvOyGjA==
+attributeDisplayNames:: aG9tZVBob25lLOynkSDsoITtmZQ=
+attributeDisplayNames:: Z2l2ZW5OYW1lLOydtOumhA==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizshLjrjIAg7KCR66+47IKs
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLO2MqeyKpCDrsojtmLg=
+attributeDisplayNames:: ZW1wbG95ZWVJRCzsp4Hsm5AgSUQ=
+attributeDisplayNames:: ZGl2aXNpb24s6rWtKOu2gOyEnCk=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs6rOg7JygIOydtOumhA==
+attributeDisplayNames:: ZGlzcGxheU5hbWUs7ZGc7IucIOydtOumhA==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzrtoDtlZgg7KeB7JuQ
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: ZGVwYXJ0bWVudCzrtoDshJw=
+attributeDisplayNames:: Y29tcGFueSztmozsgqw=
+attributeDisplayNames:: Y29tbWVudCzshKTrqoU=
+attributeDisplayNames:: Y24s7J2066aE
+attributeDisplayNames:: Y28s6rWt6rCA
+attributeDisplayNames:: Yyzqta3qsIAg7JW97Ja0
+attributeDisplayNames:: YXNzaXN0YW50LOuPhOyasOuvuA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainPolicy-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 64+E66mU7J24IOygleyxhQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 66Gc7LusIOygleyxhQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 6rO17JygIO2PtOuNlA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSzrhKTtirjsm4ztgawg6rK966Gc
+attributeDisplayNames:: a2V5d29yZHMs7YKk7JuM65Oc
+attributeDisplayNames:: bWFuYWdlZEJ5LOq0gOumrOyekA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 7ISc67mE7Iqk
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 7Lu07ZOo7YSw
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLO2RnOyLnCDsnbTrpoQo7ZWc6riAIO2RnOq4sCk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs7Lu07ZOo7YSwIOydtOumhChXaW5kb3dzIDIwMDAg7J207KCEIOuyhOyghCk=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizsmrTsmIEg7LK07KCcIOuyhOyghA==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLOyatOyYgSDssrTsoJw=
+attributeDisplayNames:: bWFuYWdlZEJ5LOq0gOumrOyekA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 7ZSE66aw7YSw
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcizqsJzssrQg67KE7KCE
+attributeDisplayNames:: dXJsLOybuSDtjpjsnbTsp4Ag7KO87IaM
+attributeDisplayNames:: c2VydmVyTmFtZSzshJzrsoQg7J2066aE
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzsiqTthYzsnbTtlIwg7KeA7JuQ
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUs6rO17JygIOydtOumhA==
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzrtoTri7kg7Y6Y7J207KeAIOyImA==
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzsho3rj4Qg64uo7JyE
+attributeDisplayNames:: cHJpbnRSYXRlLOyGjeuPhA==
+attributeDisplayNames:: cHJpbnRPd25lcizshozsnKDsnpAg7J2066aE
+attributeDisplayNames:: cHJpbnRNZW1vcnks7ISk7LmY65CcIOuplOuqqOumrA==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzsp4Dsm5DrkJjripQg7Jqp7KeAIOyiheulmA==
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LOyCrOyaqSDqsIDriqXtlZwg7Jqp7KeA
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLOy1nOuMgCDtlbTsg4Hrj4Q=
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSztlITrprDthLAg7Ja47Ja0
+attributeDisplayNames:: cHJpbnRlck5hbWUs7J2066aE
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQs7JaR66m0IOyduOyHhCDsp4Dsm5A=
+attributeDisplayNames:: cHJpbnRDb2xvcizsu6zrn6wg7J247IeEIOyngOybkA==
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLO2VnCDrtoDslKkg7J247IeEIOyngOybkA==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzsnoXroKUg7Jqp7KeA7ZWo
+attributeDisplayNames:: cG9ydE5hbWUs7Y+s7Yq4
+attributeDisplayNames:: bG9jYXRpb24s7JyE7LmY
+attributeDisplayNames:: ZHJpdmVyTmFtZSzrqqjrjbg=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y29udGFjdE5hbWUs7Jew65297LKY
+attributeDisplayNames:: YXNzZXROdW1iZXIs7J6Q7IKwIOuyiO2YuA==
+attributeDisplayNames:: dU5DTmFtZSzrhKTtirjsm4ztgawg7J2066aE
+attributeDisplayNames:: Y24s65SU66CJ7YSw66asIOyEnOu5hOyKpCDsnbTrpoQ=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 7IKs7J207Yq4
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 7ISc67KE
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 7ISk7KCV
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOyEpOyglQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOuzteygnCDshLjtirg=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 64+E66mU7J24IOy7qO2KuOuhpOufrCDshKTsoJU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 7Jew6rKw
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 7ISc67iM64S3
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 7KGw7KeBIOq1rOyEsSDri6jsnIQ=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LOq0gOumrOyekA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: b3Us7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 7Luo7YWM7J2064SI
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 7Yq465+s7Iqk7Yq465CcIOuPhOuplOyduA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQs67aA7IScKO2VnOq4gCDtkZzquLApLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLO2ajOyCrCDsnbTrpoQo7ZWc6riAIO2RnOq4sCksMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLOyEsSjtlZzquIAg7ZGc6riwKSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSzsnbTrpoQo7ZWc6riAIO2RnOq4sCksMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLO2RnOyLnCDsnbTrpoQo7ZWc6riAIO2RnOq4sCksMCwxMDAsMA==
+extraColumns:: cG9zdGFsQ29kZSzsmrDtjrgg67KI7Zi4LDAsMTAwLDA=
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAg7KCE7J6QIOuplOydvCDso7zshowsMCwxMzAsMA==
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUs7IKs7Jqp7J6QIOuhnOq3uOyYqCDsnbTrpoQsMCwyMDAsMA==
+extraColumns:: dGl0bGUs7KeB7ZWoLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyzrjIDsg4Eg7KO87IaMLDAsMTAwLDA=
+extraColumns:: c3Qs7IOB7YOcLDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs7IKs66y07IukLDAsMTAwLDA=
+extraColumns:: d2hlbkNoYW5nZWQs7IiY7KCV7ZWcIOuCoOynnCwwLDEzMCww
+extraColumns:: c24s7ISxLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkws7J247Iqk7YS07Yq4IOuplOyLnOynlSBVUkwsMCwxNDAsMA==
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCzsnbjsiqTthLTtirgg66mU7Iuc7KeVIO2ZiCDshJzrsoQsMCwxNzAsMA==
+extraColumns:: Z2l2ZW5OYW1lLOydtOumhCwwLDEwMCww
+extraColumns:: aG9tZU1EQixFeGNoYW5nZSDsgqzshJztlagg7KCA7J6l7IaMLDAsMTAwLDA=
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlIOuzhOy5rSwwLDE3NSww
+extraColumns:: bWFpbCzsoITsnpAg66mU7J28IOyjvOyGjCwwLDEwMCww
+extraColumns:: c0FNQWNjb3VudE5hbWUsV2luZG93cyAyMDAwIOydtOyghCDrsoTsoIQg66Gc6re47JioIOydtOumhCwwLDEyMCww
+extraColumns:: ZGlzcGxheU5hbWUs7ZGc7IucIOydtOumhCwwLDEwMCww
+extraColumns:: ZGVwYXJ0bWVudCzrtoDshJwsMCwxNTAsMA==
+extraColumns:: Yyzqta3qsIAsMCwtMSww
+extraColumns:: Y29tcGFueSztmozsgqwsMCwxNTAsMA==
+extraColumns:: bCzqtawv6rWwL+yLnCwwLDE1MCww
+extraColumns:: dGVsZXBob25lTnVtYmVyLO2ajOyCrCDsoITtmZQsMCwxMDAsMA==
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 7IKs7J207Yq4IOunge2BrA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 7IKs7J207Yq4IOunge2BrCDruIzrpqzsp4A=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 7IKs7J207Yq4IOqwhCDsoITshqE=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 65287J207ISg7IqkIOyCrOydtO2KuCDshKTsoJU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: 7IKs7J207Yq4IOyEpOyglQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOq1rOyEseybkA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOq1rOuPheyekA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOq1rOuPhQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UlBDIOyEnOu5hOyKpA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDtgZA=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDqtazshLE=
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUSDsl5TthLDtlITrnbzsnbTspog=
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUSDsl4Xqt7jroIjsnbTrk5ztlZwg7IKs7Jqp7J6Q
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDrnbzsmrDtjIUg66eB7YGs
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDshKTsoJU=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUSDtgZAg67OE7Lmt
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSztmJXsi50g7J2066aE
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: TVNNUSDqt7jro7k=
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLOq1rOyEseybkCDtgZA=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 7JuQ6rKpIOyggOyepeyGjCDshJzruYTsiqQ=
+adminContextMenu:: MCzqtIDrpqwoJk0pLi4uLFJzQWRtaW4ubXNj
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 7IKs7J207Yq4IOy7qO2FjOydtOuEiA==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 7IKs7J207Yq4IOqwhCDsoITshqEg7Luo7YWM7J2064SI
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 7ISc67iM64S3IOy7qO2FjOydtOuEiA==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 7ISc67KEIOy7qO2FjOydtOuEiA==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeSDrj4TrqZTsnbgg7ISc67mE7Iqk
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 7L+866asIOygleyxhQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 7Jm467aAIOuztOyViCDso7zssrQ=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: 7J247Kad7IScIO2FnO2UjOumvw==
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: Y24s7J2066aE
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LOuniOyngOunieycvOuhnCDslYzroKTsp4Qg67aA66qoLDEsMzAwLDA=
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=412,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LOuPhOyasOuvuA==
+attributeDisplayNames:: Y24s7J2066aE
+attributeDisplayNames:: Yyzqta3qsIAg7JW97Ja0
+attributeDisplayNames:: Y28s6rWt6rCA
+attributeDisplayNames:: Y29tbWVudCzshKTrqoU=
+attributeDisplayNames:: Y29tcGFueSztmozsgqw=
+attributeDisplayNames:: ZGVwYXJ0bWVudCzrtoDshJw=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s7ISk66qF
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzrtoDtlZgg7KeB7JuQ
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs6rOg7JygIOydtOumhA==
+attributeDisplayNames:: ZGl2aXNpb24s6rWtKOu2gOyEnCk=
+attributeDisplayNames:: ZW1wbG95ZWVJRCzsp4Hsm5AgSUQ=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLO2MqeyKpCDrsojtmLg=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizshLjrjIAg7KCR66+47IKs
+attributeDisplayNames:: Z2l2ZW5OYW1lLOydtOumhA==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSztmYgg7Y+0642U
+attributeDisplayNames:: aG9tZURyaXZlLO2ZiCDrk5zrnbzsnbTruIw=
+attributeDisplayNames:: aG9tZVBob25lLOynkSDsoITtmZQ=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms7KeRIOyjvOyGjA==
+attributeDisplayNames:: aW5pdGlhbHMs7J2064uI7IWc
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs6rWt7KCcIElTRE4g67KI7Zi4KOq4sO2DgCk=
+attributeDisplayNames:: aXBQaG9uZSxJUCDsoITtmZQg67KI7Zi4
+attributeDisplayNames:: bCzqtawv6rWwL+yLnA==
+attributeDisplayNames:: bWFpbCzsoITsnpAg66mU7J28IOyjvOyGjA==
+attributeDisplayNames:: bWFuYWdlcizqtIDrpqzsnpA=
+attributeDisplayNames:: bWVtYmVyT2Ys7IaM7IaNIOq3uOujuQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSzspJHqsIQg7J2066aE
+attributeDisplayNames:: bW9iaWxlLO2ctOuMgO2PsCDrsojtmLg=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs67aA7IScKO2VnOq4gCDtkZzquLAp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLO2ajOyCrCDsnbTrpoQo7ZWc6riAIO2RnOq4sCk=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLO2RnOyLnCDsnbTrpoQo7ZWc6riAIO2RnOq4sCk=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLOyEsSjtlZzquIAg7ZGc6riwKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzsnbTrpoQo7ZWc6riAIO2RnOq4sCk=
+attributeDisplayNames:: aW5mbyzrqZTrqqg=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs7Yyp7IqkIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs7KeRIOyghO2ZlCjquLDtg4Ap
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOyghO2ZlCDrsojtmLgo6riw7YOAKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOyghOyekCDrqZTsnbwg7KO87IaMKOq4sO2DgCk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs7Zy064yA7Y+wIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: b3RoZXJQYWdlciztmLjstpzquLAg67KI7Zi4KOq4sO2DgCk=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs7KCE7ZmUIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: cGFnZXIs7Zi47Lac6riwIOuyiO2YuA==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzsoJzrqqk=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs7IKs66y07IukIOychOy5mA==
+attributeDisplayNames:: cG9zdGFsQ29kZSzsmrDtjrgg67KI7Zi4
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzsgqzshJztlag=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOq1reygnCBJU0ROIOuyiO2YuA==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLO2FlOugieyKpCDrsojtmLg=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs66Gc6re47JioIOydtOumhChXaW5kb3dzIDIwMDAg7J207KCEIOuyhOyghCk=
+attributeDisplayNames:: c24s7ISx
+attributeDisplayNames:: c3Qs7IucL+uPhA==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzso7zshow=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOyghO2ZlCDrsojtmLg=
+attributeDisplayNames:: dGVsZXhOdW1iZXIs7YWU66CJ7IqkIOuyiO2YuCjquLDtg4Ap
+attributeDisplayNames:: dGl0bGUs7KeB7ZWo
+attributeDisplayNames:: dXJsLOybuSDtjpjsnbTsp4Ag7KO87IaMKOq4sO2DgCk=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs7ZGc7IucIOydtOumhA==
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzroZzqt7jsmKgg7JuM7YGs7Iqk7YWM7J207IWY
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs66Gc6re47JioIOydtOumhA==
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us7Ju5IO2OmOydtOyngCDso7zshow=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror-Gruppe
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror-Dienst
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Benutzer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2Vic2VpdGVuYWRyZXNzZQ==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsQW5tZWxkZW5hbWU=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxBbm1lbGRlYXJiZWl0c3N0YXRpb25lbg==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsQW56ZWlnZW5hbWU=
+attributeDisplayNames:: dXJsLFdlYnNlaXRlbmFkcmVzc2UgKEFuZGVyZSk=
+attributeDisplayNames:: dGl0bGUsUG9zaXRpb24=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhudW1tZXIgKEFuZGVyZSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFJ1Zm51bW1lcg==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxTdHJhw59l
+attributeDisplayNames:: c3QsQnVuZGVzbGFuZC9LYW50b24=
+attributeDisplayNames:: c24sTmFjaG5hbWU=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsQW5tZWxkZW5hbWUgKFByw6QtV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4bnVtbWVy
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGwuIElTRE4tTnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0ZmFjaA==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQTFo=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQsO8cm8=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxBbnJlZGU=
+attributeDisplayNames:: cGFnZXIsUGFnZXJudW1tZXI=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsUnVmbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJQYWdlcixQYWdlcm51bW1lciAoQW5kZXJlKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWxmdW5rbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtTWFpbC1BZHJlc3NlIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLVJ1Zm51bW1lciAoQW5kZXJlKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsUHJpdmF0cnVmbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: aW5mbyxIaW53ZWlzZQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsQWJ0ZWlsdW5nIChwaG9uZXRpc2NoKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZpcm1hIChwaG9uZXRpc2NoKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEFuemVpZ2VuYW1lIChwaG9uZXRpc2NoKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLE5hY2huYW1lIChwaG9uZXRpc2NoKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxWb3JuYW1lIChwaG9uZXRpc2NoKQ==
+attributeDisplayNames:: bW9iaWxlLE1vYmlsZnVua251bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxad2VpdGVyIFZvcm5hbWU=
+attributeDisplayNames:: bWVtYmVyT2YsTWl0Z2xpZWQgdm9u
+attributeDisplayNames:: bWFuYWdlcixWb3JnZXNldHp0ZShyKQ==
+attributeDisplayNames:: bWFpbCxFLU1haWwtQWRyZXNzZQ==
+attributeDisplayNames:: bCxPcnQ=
+attributeDisplayNames:: aXBQaG9uZSxJUC1SdWZudW1tZXI=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50bC4gSVNETi1OdW1tZXIgKEFuZGVyZSk=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVu
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsUHJpdmF0YWRyZXNzZQ==
+attributeDisplayNames:: aG9tZVBob25lLFByaXZhdHJ1Zm51bW1lcg==
+attributeDisplayNames:: aG9tZURyaXZlLEJhc2lzbGF1Zndlcms=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxCYXNpc29yZG5lcg==
+attributeDisplayNames:: Z2l2ZW5OYW1lLFZvcm5hbWU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYW1lbnN6dXNhdHo=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBcmJlaXRuZWhtZXJrZW5udW5n
+attributeDisplayNames:: ZGl2aXNpb24sSGF1cHRhYnRlaWx1bmc=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsRGlzdGluZ3Vpc2hlZCBOYW1l
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxNaXRhcmJlaXRlcg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVzY2hyZWlidW5n
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBYnRlaWx1bmc=
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y28sTGFuZC9SZWdpb24=
+attributeDisplayNames:: YyxMYW5kZXNhYmvDvHJ6dW5n
+attributeDisplayNames:: Y24sTmFtZQ==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Gruppe
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2Vic2VpdGVuYWRyZXNzZQ==
+attributeDisplayNames:: dXJsLFdlYnNlaXRlbmFkcmVzc2UgKEFuZGVyZSk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsR3J1cHBlbm5hbWUgKFByw6QtV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQsO8cm8=
+attributeDisplayNames:: aW5mbyxIaW53ZWlzZQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEFuemVpZ2VuYW1lIChwaG9uZXRpc2NoKQ==
+attributeDisplayNames:: bWVtYmVyLE1pdGdsaWVkZXI=
+attributeDisplayNames:: bWFuYWdlZEJ5LFZlcndhbHRldCB2b24=
+attributeDisplayNames:: bCxPcnQ=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsRGlzdGluZ3Vpc2hlZCBOYW1l
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVzY2hyZWlidW5n
+attributeDisplayNames:: YyxMYW5kZXNhYmvDvHJ6dW5n
+attributeDisplayNames:: Y24sTmFtZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9tw6RuZQ==
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: dc,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Kontakt
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2Vic2VpdGVuYWRyZXNzZQ==
+attributeDisplayNames:: dXJsLFdlYnNlaXRlbmFkcmVzc2UgKEFuZGVyZSk=
+attributeDisplayNames:: dGl0bGUsUG9zaXRpb24=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhudW1tZXIgKEFuZGVyZSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFJ1Zm51bW1lcg==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxTdHJhw59l
+attributeDisplayNames:: c3QsQnVuZGVzbGFuZC9LYW50b24=
+attributeDisplayNames:: c24sTmFjaG5hbWU=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4bnVtbWVy
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGwuIElTRE4tTnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0ZmFjaA==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQTFo=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQsO8cm8=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxBbnJlZGU=
+attributeDisplayNames:: cGFnZXIsUGFnZXJudW1tZXI=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsUnVmbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJQYWdlcixQYWdlcm51bW1lciAoQW5kZXJlKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWxmdW5rbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtTWFpbC1BZHJlc3NlIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLVJ1Zm51bW1lciAoQW5kZXJlKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsUHJpdmF0cnVmbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsQWJ0ZWlsdW5nIChwaG9uZXRpc2NoKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZpcm1hIChwaG9uZXRpc2NoKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEFuemVpZ2VuYW1lIChwaG9uZXRpc2NoKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLE5hY2huYW1lIChwaG9uZXRpc2NoKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxWb3JuYW1lIChwaG9uZXRpc2NoKQ==
+attributeDisplayNames:: bW9iaWxlLE1vYmlsZnVua251bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxad2VpdGVyIFZvcm5hbWU=
+attributeDisplayNames:: bWVtYmVyT2YsTWl0Z2xpZWQgdm9u
+attributeDisplayNames:: bWFuYWdlcixWb3JnZXNldHp0ZShyKQ==
+attributeDisplayNames:: bWFpbCxFLU1haWwtQWRyZXNzZQ==
+attributeDisplayNames:: bCxPcnQ=
+attributeDisplayNames:: aXBQaG9uZSxJUC1SdWZudW1tZXI=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50bC4gSVNETi1OdW1tZXIgKEFuZGVyZSk=
+attributeDisplayNames:: aW5mbyxIaW53ZWlzZQ==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVu
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsUHJpdmF0YWRyZXNzZQ==
+attributeDisplayNames:: aG9tZVBob25lLFByaXZhdHJ1Zm51bW1lcg==
+attributeDisplayNames:: Z2l2ZW5OYW1lLFZvcm5hbWU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYW1lbnN6dXNhdHo=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBcmJlaXRuZWhtZXJrZW5udW5n
+attributeDisplayNames:: ZGl2aXNpb24sSGF1cHRhYnRlaWx1bmc=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsRGlzdGluZ3Vpc2hlZCBOYW1l
+attributeDisplayNames:: ZGlzcGxheU5hbWUsQW56ZWlnZW5hbWU=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxNaXRhcmJlaXRlcg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVzY2hyZWlidW5n
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBYnRlaWx1bmc=
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y24sTmFtZQ==
+attributeDisplayNames:: Y28sTGFuZC9SZWdpb24=
+attributeDisplayNames:: YyxMYW5kZXNhYmvDvHJ6dW5n
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainPolicy-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9tw6RuZW5yaWNodGxpbmll
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Lokale Richtlinie
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Freigegebener Ordner
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxOZXR6d2Vya3BmYWQ=
+attributeDisplayNames:: a2V5d29yZHMsU2NobMO8c3NlbHfDtnJ0ZXI=
+attributeDisplayNames:: bWFuYWdlZEJ5LFZlcndhbHRldCB2b24=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVzY2hyZWlidW5n
+attributeDisplayNames:: Y24sTmFtZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Dienst
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Computer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEFuemVpZ2VuYW1lIChwaG9uZXRpc2NoKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsQ29tcHV0ZXJuYW1lIChQcsOkLVdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixCZXRyaWVic3N5c3RlbXZlcnNpb24=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLEJldHJpZWJzc3lzdGVt
+attributeDisplayNames:: bWFuYWdlZEJ5LFZlcndhbHRldCB2b24=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVzY2hyZWlidW5n
+attributeDisplayNames:: Y24sTmFtZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Drucker
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixPYmpla3R2ZXJzaW9u
+attributeDisplayNames:: dXJsLFdlYnNlaXRlbmFkcmVzc2U=
+attributeDisplayNames:: c2VydmVyTmFtZSxTZXJ2ZXJuYW1l
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxVbnRlcnN0w7x0enQgSGVmdGVu
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsRnJlaWdhYmVuYW1l
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxTZWl0ZW4gcHJvIE1pbnV0ZQ==
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxHZXNjaHdpbmRpZ2tlaXRzZWluaGVpdGVu
+attributeDisplayNames:: cHJpbnRSYXRlLEdlc2Nod2luZGlna2VpdA==
+attributeDisplayNames:: cHJpbnRPd25lcixCZXNpdHplcg==
+attributeDisplayNames:: cHJpbnRNZW1vcnksSW5zdGFsbGllcnRlciBTcGVpY2hlcg==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxVbnRlcnN0w7x0enRlIFBhcGllcnR5cGVu
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFZlcmbDvGdiYXJlcyBQYXBpZXI=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLE1heGltYWxlIEF1ZmzDtnN1bmc=
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxEcnVja2Vyc3ByYWNoZQ==
+attributeDisplayNames:: cHJpbnRlck5hbWUsTmFtZQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsVW50ZXJzdMO8dHp0IGJlaWRzZWl0aWdlcyBEcnVja2Vu
+attributeDisplayNames:: cHJpbnRDb2xvcixVbnRlcnN0w7x0enQgZmFyYmlnZXMgRHJ1Y2tlbg==
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFVudGVyc3TDvHR6dCBTb3J0aWVyZW4=
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxFaW5nYWJlc2Now6RjaHRl
+attributeDisplayNames:: cG9ydE5hbWUsQW5zY2hsdXNz
+attributeDisplayNames:: bG9jYXRpb24sRHJ1Y2tlcnN0YW5kb3J0
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbGw=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS29tbWVudGFy
+attributeDisplayNames:: Y29udGFjdE5hbWUsS29udGFrdA==
+attributeDisplayNames:: YXNzZXROdW1iZXIsR2Vyw6R0ZW51bW1lcg==
+attributeDisplayNames:: dU5DTmFtZSxOZXR6d2Vya25hbWU=
+attributeDisplayNames:: Y24sVmVyemVpY2huaXNkaWVuc3RuYW1l
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Standort
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Einstellungen
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-Einstellungen
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-Replikatsatz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: RG9tw6RuZW5jb250cm9sbGVyZWluc3RlbGx1bmdlbg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Verbindung
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Subnetz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Organisationseinheit
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: managedBy,Verwaltet von
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: ou,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Container
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: VmVydHJhdXRlIERvbcOkbmU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQsQWJ0ZWlsdW5nIChwaG9uZXRpc2NoKSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZpcm1hIChwaG9uZXRpc2NoKSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLE5hY2huYW1lIChwaG9uZXRpc2NoKSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSxWb3JuYW1lIChwaG9uZXRpc2NoKSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEFuemVpZ2VuYW1lIChwaG9uZXRpc2NoKSwwLDEwMCww
+extraColumns:: cG9zdGFsQ29kZSxQTFosMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAtRS1NYWlsLUFkcmVzc2UsMCwxMzAsMA==
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsQmVudXR6ZXJhbm1lbGRlbmFtZSwwLDIwMCww
+extraColumns:: dGl0bGUsUG9zaXRpb24sMCwxMDAsMA==
+extraColumns:: dGFyZ2V0QWRkcmVzcyxaaWVsYWRyZXNzZSwwLDEwMCww
+extraColumns:: c3QsQnVuZGVzbGFuZC9LYW50b24sMCwxMDAsMA==
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQsO8cm8sMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQsR2XDpG5kZXJ0LDAsMTMwLDA=
+extraColumns:: c24sTmFjaG5hbWUsMCwxMDAsMA==
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsSW5zdGFudCBNZXNzYWdpbmctVVJMLDAsMTQwLDA=
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxJbnN0YW50IE1lc3NhZ2luZy1Ib21lc2VydmVyLDAsMTcwLDA=
+extraColumns:: Z2l2ZW5OYW1lLFZvcm5hbWUsMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixFeGNoYW5nZS1Qb3N0ZmFjaHNwZWljaGVyLDAsMTAwLDA=
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlLUFsaWFzLDAsMTc1LDA=
+extraColumns:: bWFpbCxFLU1haWwtQWRyZXNzZSwwLDEwMCww
+extraColumns:: c0FNQWNjb3VudE5hbWUsQW5tZWxkZW5hbWUgZsO8ciBQcsOkLVdpbmRvd3MgMjAwMCwwLDEyMCww
+extraColumns:: ZGlzcGxheU5hbWUsQW56ZWlnZW5hbWUsMCwxMDAsMA==
+extraColumns:: ZGVwYXJ0bWVudCxBYnRlaWx1bmcsMCwxNTAsMA==
+extraColumns:: YyxMYW5kL1JlZ2lvbiwwLC0xLDA=
+extraColumns:: Y29tcGFueSxGaXJtYSwwLDE1MCww
+extraColumns:: bCxPcnQsMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLFJ1Zm51bW1lciAoZ2VzY2jDpGZ0bGljaCksMCwxMDAsMA==
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: U3RhbmRvcnR2ZXJrbsO8cGZ1bmc=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: U3RhbmRvcnR2ZXJrbsO8cGZ1bmdzYnLDvGNrZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: U3RhbmRvcnTDvGJlcmdyZWlmZW5kZXIgVHJhbnNwb3J0
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Lizenzierungsstandorteinstellungen
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName: Standorteinstellungen
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-Mitglied
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-Abonnent
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-Abonnements
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: RPC-Dienste
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-Warteschlange
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-Konfiguration
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ-Unternehmen
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName: Aktualisierter MSMQ-Benutzer
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-Routingverbindung
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-Einstellungen
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: MSMQ-Warteschlangenalias
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Formatname
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: MSMQ-Gruppe
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames: member,Mitgliedswarteschlagen
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Remotespeicherdienst
+adminContextMenu: 0,&Verwalten...,RsAdmin.msc
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Standortcontainer
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U3RhbmRvcnTDvGJlcmdyZWlmZW5kZXIgVHJhbnNwb3J0Y29udGFpbmVy
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Subnetzcontainer
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Servercontainer
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeS1Eb23DpG5lbmRpZW5zdGU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Abfragerichtlinie
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Fremder Sicherheitsprinzipal
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Zertifikatsvorlage
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschreibung
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LExldHp0ZSBiZWthbm50ZSDDvGJlcmdlb3JkbmV0ZSBJbnN0YW56LDEsMzAwLDA=
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=407,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+attributeDisplayNames:: Y24sTmFtZQ==
+attributeDisplayNames:: YyxMYW5kZXNhYmvDvHJ6dW5n
+attributeDisplayNames:: Y28sTGFuZC9SZWdpb24=
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBYnRlaWx1bmc=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVzY2hyZWlidW5n
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxNaXRhcmJlaXRlcg==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsRGlzdGluZ3Vpc2hlZCBOYW1l
+attributeDisplayNames:: ZGl2aXNpb24sSGF1cHRhYnRlaWx1bmc=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBcmJlaXRuZWhtZXJrZW5udW5n
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYW1lbnN6dXNhdHo=
+attributeDisplayNames:: Z2l2ZW5OYW1lLFZvcm5hbWU=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxCYXNpc29yZG5lcg==
+attributeDisplayNames:: aG9tZURyaXZlLEJhc2lzbGF1Zndlcms=
+attributeDisplayNames:: aG9tZVBob25lLFByaXZhdHJ1Zm51bW1lcg==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsUHJpdmF0YWRyZXNzZQ==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVu
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50bC4gSVNETi1OdW1tZXIgKEFuZGVyZSk=
+attributeDisplayNames:: aXBQaG9uZSxJUC1SdWZudW1tZXI=
+attributeDisplayNames:: bCxPcnQ=
+attributeDisplayNames:: bWFpbCxFLU1haWwtQWRyZXNzZQ==
+attributeDisplayNames:: bWFuYWdlcixWb3JnZXNldHp0ZShyKQ==
+attributeDisplayNames:: bWVtYmVyT2YsTWl0Z2xpZWQgdm9u
+attributeDisplayNames:: bWlkZGxlTmFtZSxad2VpdGVyIFZvcm5hbWU=
+attributeDisplayNames:: bW9iaWxlLE1vYmlsZnVua251bW1lcg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsQWJ0ZWlsdW5nIChwaG9uZXRpc2NoKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZpcm1hIChwaG9uZXRpc2NoKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEFuemVpZ2VuYW1lIChwaG9uZXRpc2NoKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLE5hY2huYW1lIChwaG9uZXRpc2NoKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxWb3JuYW1lIChwaG9uZXRpc2NoKQ==
+attributeDisplayNames:: aW5mbyxIaW53ZWlzZQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsUHJpdmF0ZSBSdWZudW1tZXIgKEFuZGVyZSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLVJ1Zm51bW1lciAoQW5kZXJlKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtTWFpbC1BZHJlc3NlIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWxmdW5rbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: b3RoZXJQYWdlcixQYWdlcm51bW1lciAoQW5kZXJlKQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsUnVmbnVtbWVyIChBbmRlcmUp
+attributeDisplayNames:: cGFnZXIsUGFnZXJudW1tZXI=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxBbnJlZGU=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQsO8cm8=
+attributeDisplayNames:: cG9zdGFsQ29kZSxQTFo=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0ZmFjaA==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGwuIElTRE4tTnVtbWVy
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4bnVtbWVy
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsQW5tZWxkZW5hbWUgKFByw6QtV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: c24sTmFjaG5hbWU=
+attributeDisplayNames:: c3QsQnVuZGVzbGFuZC9LYW50b24=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxTdHJhw59l
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFJ1Zm51bW1lcg==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhudW1tZXIgKEFuZGVyZSk=
+attributeDisplayNames:: dGl0bGUsUG9zaXRpb24=
+attributeDisplayNames:: dXJsLFdlYnNlaXRlbmFkcmVzc2UgKEFuZGVyZSk=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsQW56ZWlnZW5hbWU=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxBbm1lbGRlYXJiZWl0c3N0YXRpb25lbg==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsQW5tZWxkZW5hbWU=
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2Vic2VpdGVuYWRyZXNzZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Grupo IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: U2VydmnDp28gSW50ZWxsaU1pcnJvcg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Utilizador
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIGRlIFDDoWdpbmEgV2Vi
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBkZSBJbsOtY2lvIGRlIFNlc3PDo28=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxFc3Rhw6fDtWVzIGRlIFRyYWJhbGhvIGRlIEluw61jaW8gZGUgU2Vzc8Ojbw==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tZSBhIEFwcmVzZW50YXI=
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkZSBQw6FnaW5hIFdlYiAoT3V0cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTi7CuiBkZSBUZWxleCAoT3V0cm9zKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE4uwrogZGUgVGVsZWZvbmU=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxSdWE=
+attributeDisplayNames:: c3QsRGlzdHJpdG8=
+attributeDisplayNames:: c24sQXBlbGlkbw==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkZSBJbsOtY2lvIGRlIFNlc3PDo28gKHByw6ktV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE4uwrogZGUgVGVsZXg=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE4uwrogUkRJUyBJbnRlcm5hY2lvbmFs
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxBcGFydGFkbw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxDw7NkaWdvIFBvc3RhbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9jYWxpemHDp8OjbyBkbyBFc2NyaXTDs3Jpbw==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGFnZXIsTi7CuiBkZSBQYWdlcg==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTi7CuiBkZSBUZWxlZm9uZSAoT3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOLsK6IGRlIFBhZ2VyIChPdXRyb3Mp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTi7CuiBkZSBUZWxlbcOzdmVsIChPdXRyb3Mp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVuZGVyZcOnbyBkZSBDb3JyZWlvIEVsZWN0csOzbmljbyAoT3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLE4uwrogZGUgVGVsZWZvbmUgSVAgKE91dHJvcyk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTi7CuiBUZWxlZm9uZSBkYSBSZXNpZMOqbmNpYSAoT3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTi7CuiBkZSBGYXggKE91dHJvcyk=
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uw6l0aWNhIGRvIERlcGFydGFtZW50bw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbsOpdGljYSBkbyBOb21lIGRhIEVtcHJlc2E=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbsOpdGljYSBkbyBOb21lIGEgQXByZXNlbnRhcg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEZvbsOpdGljYSBkbyBBcGVsaWRv
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxGb27DqXRpY2EgZG8gTm9tZSBQcsOzcHJpbw==
+attributeDisplayNames:: bW9iaWxlLE4uwrogZGUgVGVsZW3Ds3ZlbA==
+attributeDisplayNames:: bWlkZGxlTmFtZSxPdXRybyBOb21l
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJvIERl
+attributeDisplayNames:: bWFuYWdlcixHZXN0b3I=
+attributeDisplayNames:: bWFpbCxFbmRlcmXDp28gZGUgQ29ycmVpbyBFbGVjdHLDs25pY28=
+attributeDisplayNames:: bCxMb2NhbGlkYWRl
+attributeDisplayNames:: aXBQaG9uZSxOLsK6IGRlIFRlbGVmb25lIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTi7CuiBSRElTIEludGVybmFjaW9uYWwgKE91dHJvcyk=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhaXM=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRW5kZXJlw6dvIGRhIFJlc2lkw6puY2lh
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25lIGRhIFJlc2lkw6puY2lh
+attributeDisplayNames:: aG9tZURyaXZlLFVuaWRhZGUgUmFpeg==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxQYXN0YSBSYWl6
+attributeDisplayNames:: Z2l2ZW5OYW1lLE5vbWUgUHLDs3ByaW8=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpeG8gR2VyYWNpb25hbA==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgRmF4
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJRCBkbyBGdW5jaW9uw6FyaW8=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXPDo28=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSDDmm5pY28=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxDb2xhYm9yYWRvcmVzIERpcmVjdG9z
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: Y29tcGFueSxFbXByZXNh
+attributeDisplayNames:: Y29tbWVudCxDb21lbnTDoXJpbw==
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkZSBQYcOtcw==
+attributeDisplayNames:: Y24sTm9tZQ==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Grupo
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIGRlIFDDoWdpbmEgV2Vi
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkZSBQw6FnaW5hIFdlYiAoT3V0cm9zKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkZSBHcnVwbyAocHLDqS1XaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9jYWxpemHDp8OjbyBkbyBFc2NyaXTDs3Jpbw==
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbsOpdGljYSBkbyBOb21lIGEgQXByZXNlbnRhcg==
+attributeDisplayNames:: bWVtYmVyLE1lbWJyb3M=
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmlkbyBQb3I=
+attributeDisplayNames:: bCxMb2NhbGlkYWRl
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSDDmm5pY28=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkZSBQYcOtcw==
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9tw61uaW8=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: ZGMsTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contacto
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIGRlIFDDoWdpbmEgV2Vi
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkZSBQw6FnaW5hIFdlYiAoT3V0cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTi7CuiBkZSBUZWxleCAoT3V0cm9zKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE4uwrogZGUgVGVsZWZvbmU=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxSdWE=
+attributeDisplayNames:: c3QsRGlzdHJpdG8=
+attributeDisplayNames:: c24sQXBlbGlkbw==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE4uwrogZGUgVGVsZXg=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE4uwrogUkRJUyBJbnRlcm5hY2lvbmFs
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxBcGFydGFkbw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxDw7NkaWdvIFBvc3RhbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9jYWxpemHDp8OjbyBkbyBFc2NyaXTDs3Jpbw==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGFnZXIsTi7CuiBkZSBQYWdlcg==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTi7CuiBkZSBUZWxlZm9uZSAoT3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOLsK6IGRlIFBhZ2VyIChPdXRyb3Mp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTi7CuiBkZSBUZWxlbcOzdmVsIChPdXRyb3Mp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVuZGVyZcOnbyBkZSBDb3JyZWlvIEVsZWN0csOzbmljbyAoT3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLE4uwrogZGUgVGVsZWZvbmUgSVAgKE91dHJvcyk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTi7CuiBUZWxlZm9uZSBkYSBSZXNpZMOqbmNpYSAoT3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTi7CuiBkZSBGYXggKE91dHJvcyk=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uw6l0aWNhIGRvIERlcGFydGFtZW50bw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbsOpdGljYSBkbyBOb21lIGRhIEVtcHJlc2E=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbsOpdGljYSBkbyBOb21lIGEgQXByZXNlbnRhcg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEZvbsOpdGljYSBkbyBBcGVsaWRv
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxGb27DqXRpY2EgZG8gTm9tZSBQcsOzcHJpbw==
+attributeDisplayNames:: bW9iaWxlLE4uwrogZGUgVGVsZW3Ds3ZlbA==
+attributeDisplayNames:: bWlkZGxlTmFtZSxPdXRybyBOb21l
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJvIERl
+attributeDisplayNames:: bWFuYWdlcixHZXN0b3I=
+attributeDisplayNames:: bWFpbCxFbmRlcmXDp28gZGUgQ29ycmVpbyBFbGVjdHLDs25pY28=
+attributeDisplayNames:: bCxMb2NhbGlkYWRl
+attributeDisplayNames:: aXBQaG9uZSxOLsK6IGRlIFRlbGVmb25lIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTi7CuiBSRElTIEludGVybmFjaW9uYWwgKE91dHJvcyk=
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhaXM=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRW5kZXJlw6dvIGRhIFJlc2lkw6puY2lh
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25lIGRhIFJlc2lkw6puY2lh
+attributeDisplayNames:: Z2l2ZW5OYW1lLE5vbWUgUHLDs3ByaW8=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpeG8gR2VyYWNpb25hbA==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgRmF4
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJRCBkbyBGdW5jaW9uw6FyaW8=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXPDo28=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSDDmm5pY28=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tZSBhIEFwcmVzZW50YXI=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxDb2xhYm9yYWRvcmVzIERpcmVjdG9z
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: Y29tcGFueSxFbXByZXNh
+attributeDisplayNames:: Y29tbWVudCxDb21lbnTDoXJpbw==
+attributeDisplayNames:: Y24sTm9tZQ==
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkZSBQYcOtcw==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainPolicy-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: UG9sw610aWNhIGRlIERvbcOtbmlv
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: UG9sw610aWNhIExvY2Fs
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Pasta partilhada
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxDYW1pbmhvIGRlIFJlZGU=
+attributeDisplayNames:: a2V5d29yZHMsUGFsYXZyYXMtY2hhdmU=
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmlkbyBQb3I=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U2VydmnDp28=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Computador
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbsOpdGljYSBkbyBOb21lIGEgQXByZXNlbnRhcg==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkZSBjb21wdXRhZG9yIChwcsOpLVdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixWZXJzw6NvIGRlIFNpc3RlbWEgT3BlcmF0aXZv
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLFNpc3RlbWEgT3BlcmF0aXZv
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmlkbyBQb3I=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Impressora
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixWZXJzw6NvIGRvIE9iamVjdG8=
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkZSBQw6FnaW5hIFdlYg==
+attributeDisplayNames:: c2VydmVyTmFtZSxOb21lIGRvIFNlcnZpZG9y
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxTdXBvcnRhIEFncmFmYW1lbnRv
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTm9tZSBkYSBQYXJ0aWxoYQ==
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxQw6FnaW5hcyBwb3IgTWludXRv
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxVbmlkYWRlcyBkZSBWZWxvY2lkYWRl
+attributeDisplayNames:: cHJpbnRSYXRlLFZlbG9jaWRhZGU=
+attributeDisplayNames:: cHJpbnRPd25lcixOb21lIGRvIFByb3ByaWV0w6FyaW8=
+attributeDisplayNames:: cHJpbnRNZW1vcnksTWVtw7NyaWEgSW5zdGFsYWRh
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxUaXBvcyBkZSBQYXBlbCBTdXBvcnRhZG9z
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFBhcGVsIERpc3BvbsOtdmVs
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLFJlc29sdcOnw6NvIE3DoXhpbWE=
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxJZGlvbWEgZGEgSW1wcmVzc29yYQ==
+attributeDisplayNames:: cHJpbnRlck5hbWUsTm9tZQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsU3Vwb3J0YSBJbXByZXNzw6NvIEZyZW50ZSBlIFZlcnNv
+attributeDisplayNames:: cHJpbnRDb2xvcixTdXBvcnRhIEltcHJlc3PDo28gYSBDb3Jlcw==
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFN1cG9ydGEgQWdydXBhbWVudG8=
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxUYWJ1bGVpcm9zIGRlIEVudHJhZGE=
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydGE=
+attributeDisplayNames:: bG9jYXRpb24sTG9jYWxpemHDp8Ojbw==
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQ29tZW50w6FyaW8=
+attributeDisplayNames:: Y29udGFjdE5hbWUsQ29udGFjdG8=
+attributeDisplayNames:: YXNzZXROdW1iZXIsTi7CuiBkZSBSZWN1cnNv
+attributeDisplayNames:: dU5DTmFtZSxOb21lIGRhIFJlZGU=
+attributeDisplayNames:: Y24sTm9tZSBkZSBTZXJ2acOnbyBkZSBEaXJlY3TDs3Jpbw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Site
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Servidor
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: RGVmaW5pw6fDtWVz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RGVmaW5pw6fDtWVzIGRlIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: Q29uanVudG8gZGUgUsOpcGxpY2FzIGRlIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: RGVmaW5pw6fDtWVzIGRvIENvbnRyb2xhZG9yIGRlIERvbcOtbmlv
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: TGlnYcOnw6Nv
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Sub-rede
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Unidade Organizacional
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlcmlkbyBQb3I=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: b3UsTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contentor
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RG9tw61uaW8gRmlkZWRpZ25v
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uw6l0aWNhIGRvIERlcGFydGFtZW50bywwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbsOpdGljYSBkbyBOb21lIGRhIEVtcHJlc2EsMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLEZvbsOpdGljYSBkbyBBcGVsaWRvLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSxGb27DqXRpY2EgZG8gTm9tZSBQcsOzcHJpbywwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbsOpdGljYSBkbyBOb21lIGEgQXByZXNlbnRhciwwLDEwMCww
+extraColumns:: cG9zdGFsQ29kZSxDw7NkaWdvIFBvc3RhbCwwLDEwMCww
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsRW5kZXJlw6dvIGRlIENvcnJlaW8gRWxlY3Ryw7NuaWNvIFguNDAwLDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBkZSBJbsOtY2lvIGRlIFNlc3PDo28gZGUgVXRpbGl6YWRvciwwLDIwMCww
+extraColumns:: dGl0bGUsQ2FyZ28sMCwxMDAsMA==
+extraColumns:: dGFyZ2V0QWRkcmVzcyxFbmRlcmXDp28gZGUgRGVzdGlubywwLDEwMCww
+extraColumns:: c3QsRXN0YWRvLDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsRXNjcml0w7NyaW8sMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQsTW9kaWZpY2FkbywwLDEzMCww
+extraColumns:: c24sQXBlbGlkbywwLDEwMCww
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMIGRlIEluc3RhbnQgTWVzc2FnaW5nLDAsMTQwLDA=
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxTZXJ2aWRvciBQcmltw6FyaW8gZGUgSW5zdGFudCBNZXNzYWdpbmcsMCwxNzAsMA==
+extraColumns:: Z2l2ZW5OYW1lLE5vbWUgUHLDs3ByaW8sMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixBcnF1aXZvIGRhIENhaXhhcyBkZSBDb3JyZWlvIGRvIEV4Y2hhbmdlLDAsMTAwLDA=
+extraColumns:: bWFpbE5pY2tuYW1lLEFsaWFzIGRvIEV4Y2hhbmdlLDAsMTc1LDA=
+extraColumns:: bWFpbCxFbmRlcmXDp28gZGUgQ29ycmVpbyBFbGVjdHLDs25pY28sMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsTm9tZSBkZSBJbsOtY2lvIGRlIFNlc3PDo28gUHLDqS1XaW5kb3dzIDIwMDAsMCwxMjAsMA==
+extraColumns:: ZGlzcGxheU5hbWUsTm9tZSBhIEFwcmVzZW50YXIsMCwxMDAsMA==
+extraColumns:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8sMCwxNTAsMA==
+extraColumns:: YyxQYcOtcywwLC0xLDA=
+extraColumns:: Y29tcGFueSxFbXByZXNhLDAsMTUwLDA=
+extraColumns:: bCxMb2NhbGlkYWRlLDAsMTUwLDA=
+extraColumns:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25lIGRhIEVtcHJlc2EsMCwxMDAsMA==
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: TGlnYcOnw6NvIGVudHJlIExvY2Fpcw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: QnJpZGdlIGRlIExpZ2HDp8OjbyBlbnRyZSBMb2NhaXM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Transporte entre Locais
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: RGVmaW5pw6fDtWVzIGRlIExvY2FpcyBkZSBMaWNlbmNpYW1lbnRv
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: RGVmaW5pw6fDtWVzIGRvIExvY2Fs
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Membro de FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Subscritor de FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: U3Vic2NyacOnw7VlcyBkZSBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: U2VydmnDp29zIGRlIFJQQw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: Fila MSMQ
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: Q29uZmlndXJhw6fDo28gTVNNUQ==
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: Empresa MSMQ
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: VXRpbGl6YWRvciBjb20gQWN0dWFsaXphw6fDo28gTVNNUQ==
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TGlnYcOnw6NvIGRlIEVuY2FtaW5oYW1lbnRvIE1TTVE=
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: RGVmaW5pw6fDtWVzIE1TTVE=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: Alias de Fila MSMQ
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSxOb21lIGRvIEZvcm1hdG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: Grupo MSMQ
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLEZpbGFzIGRlIE1lbWJyb3M=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2VydmnDp28gZGUgQXJtYXplbmFtZW50byBSZW1vdG8=
+adminContextMenu: 0,&Gerir...,RsAdmin.msc
+attributeDisplayNames: cn,Nome
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contentor de Locais
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contentor de Transportes entre Locais
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contentor de Sub-redes
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contentor de Servidores
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2VydmnDp29zIGRlIERvbcOtbmlvIGRvIEFjdGl2ZSBEaXJlY3RvcnkgKEFEIERTKQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: UG9sw610aWNhIGRlIENvbnN1bHRh
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: UHJpbmNpcGFsIGRlIFNlZ3VyYW7Dp2EgRXh0ZXJuYQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Modelo de Certificado
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LMOabHRpbW8gUHJpbmNpcGFsIENvbmhlY2lkbywxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=816,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+attributeDisplayNames:: Y24sTm9tZQ==
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkZSBQYcOtcw==
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: Y29tbWVudCxDb21lbnTDoXJpbw==
+attributeDisplayNames:: Y29tcGFueSxFbXByZXNh
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3Jpw6fDo28=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxDb2xhYm9yYWRvcmVzIERpcmVjdG9z
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSDDmm5pY28=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXPDo28=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJRCBkbyBGdW5jaW9uw6FyaW8=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgRmF4
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpeG8gR2VyYWNpb25hbA==
+attributeDisplayNames:: Z2l2ZW5OYW1lLE5vbWUgUHLDs3ByaW8=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxQYXN0YSBSYWl6
+attributeDisplayNames:: aG9tZURyaXZlLFVuaWRhZGUgUmFpeg==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25lIGRhIFJlc2lkw6puY2lh
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRW5kZXJlw6dvIGRhIFJlc2lkw6puY2lh
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhaXM=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTi7CuiBSRElTIEludGVybmFjaW9uYWwgKE91dHJvcyk=
+attributeDisplayNames:: aXBQaG9uZSxOLsK6IGRlIFRlbGVmb25lIElQ
+attributeDisplayNames:: bCxMb2NhbGlkYWRl
+attributeDisplayNames:: bWFpbCxFbmRlcmXDp28gZGUgQ29ycmVpbyBFbGVjdHLDs25pY28=
+attributeDisplayNames:: bWFuYWdlcixHZXN0b3I=
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJvIERl
+attributeDisplayNames:: bWlkZGxlTmFtZSxPdXRybyBOb21l
+attributeDisplayNames:: bW9iaWxlLE4uwrogZGUgVGVsZW3Ds3ZlbA==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uw6l0aWNhIGRvIERlcGFydGFtZW50bw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbsOpdGljYSBkbyBOb21lIGRhIEVtcHJlc2E=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbsOpdGljYSBkbyBOb21lIGEgQXByZXNlbnRhcg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEZvbsOpdGljYSBkbyBBcGVsaWRv
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxGb27DqXRpY2EgZG8gTm9tZSBQcsOzcHJpbw==
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTi7CuiBkZSBGYXggKE91dHJvcyk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbmUgZGEgUmVzaWTDqm5jaWEgKE91dHJvcyk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLE4uwrogZGUgVGVsZWZvbmUgSVAgKE91dHJvcyk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEVuZGVyZcOnbyBkZSBDb3JyZWlvIEVsZWN0csOzbmljbyAoT3V0cm9zKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTi7CuiBkZSBUZWxlbcOzdmVsIChPdXRyb3Mp
+attributeDisplayNames:: b3RoZXJQYWdlcixOLsK6IGRlIFBhZ2VyIChPdXRyb3Mp
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTi7CuiBkZSBUZWxlZm9uZSAoT3V0cm9zKQ==
+attributeDisplayNames:: cGFnZXIsTi7CuiBkZSBQYWdlcg==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9jYWxpemHDp8OjbyBkbyBFc2NyaXTDs3Jpbw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxDw7NkaWdvIFBvc3RhbA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxBcGFydGFkbw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE4uwrogUkRJUyBJbnRlcm5hY2lvbmFs
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE4uwrogZGUgVGVsZXg=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkZSBJbsOtY2lvIGRlIFNlc3PDo28gKHByw6ktV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: c24sQXBlbGlkbw==
+attributeDisplayNames:: c3QsRGlzdHJpdG8=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxSdWE=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE4uwrogZGUgVGVsZWZvbmU=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTi7CuiBkZSBUZWxleCAoT3V0cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dXJsLEVuZGVyZcOnbyBkZSBQw6FnaW5hIFdlYiAoT3V0cm9zKQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tZSBhIEFwcmVzZW50YXI=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxFc3Rhw6fDtWVzIGRlIFRyYWJhbGhvIGRlIEluw61jaW8gZGUgU2Vzc8Ojbw==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBkZSBJbsOtY2lvIGRlIFNlc3PDo28=
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRW5kZXJlw6dvIGRlIFDDoWdpbmEgV2Vi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: 16fXkdeV16bXqiBJbnRlbGxpTWlycm9y
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: 16nXmdeo15XXqiBJbnRlbGxpTWlycm9y
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 157Xqdeq157XqQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us15vXqteV15HXqiDXk9ejINeQ15nXoNeY16jXoNeY
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs16nXnSDXnNeb16DXmdeh15Q=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzXqteX16DXldeqINei15HXldeT15Qg15zXm9eg15nXodeU
+attributeDisplayNames:: ZGlzcGxheU5hbWUs16nXnSDXnNeq16bXldeS15Q=
+attributeDisplayNames:: dXJsLNeb16rXldeR16og15PXoyDXkNeZ16DXmNeo16DXmCAo15DXl9eo15nXnSk=
+attributeDisplayNames:: dGl0bGUs16rXpNen15nXkw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIs157Xodek16gg15jXnNen16EgKNeQ15fXqNeZ150p
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNee16HXpNeoINeY15zXpNeV158=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzXqNeX15XXkQ==
+attributeDisplayNames:: c3Qs157Xk9eZ16DXlC/XnteX15XXlg==
+attributeDisplayNames:: c24s16nXnSDXntep16TXl9eU
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs16nXnSDXnNeb16DXmdeh15QgKNec16TXoNeZIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNee16HXpNeoINeY15zXp9eh
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNee16HXpNeoIElTRE4g15HXmdeg15zXkNeV157XmQ==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzXqteQINeT15XXkNeo
+attributeDisplayNames:: cG9zdGFsQ29kZSzXnteZ16fXldeT
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs157Xmden15XXnSDXlNee16nXqNeT
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzXqteV15DXqA==
+attributeDisplayNames:: cGFnZXIs157Xodek16gg15bXmdee15XXoNeZ16o=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs157Xodek16gg15jXnNek15XXnyAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJQYWdlcizXnteh16TXqCDXlteZ157Xldeg15nXqiAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs157Xodek16gg15jXnNek15XXnyDXoNeZ15nXkyAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNeb16rXldeR16og15PXldeQ16gt15DXnNen15jXqNeV16DXmSAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLNee16HXpNeoINeY15zXpNeV158gSVAgKNeQ15fXqNeZ150p
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs157Xodek16gg15jXnNek15XXnyDXkdeR15nXqiAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs157Xodek16gg16TXp9ehICjXkNeX16jXmdedKQ==
+attributeDisplayNames:: aW5mbyzXlNei16jXldeq
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs157Xl9ec16fXlCDXpNeV16DXmNeZ16o=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLNep150g15fXkdeo15Qg16TXldeg15jXmQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLNep150g16rXpteV15LXlCDXpNeV16DXmNeZ
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLNep150g157Xqdek15fXlCDXpNeV16DXmNeZ
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzXqdedINek16jXmNeZINek15XXoNeY15k=
+attributeDisplayNames:: bW9iaWxlLNee16HXpNeoINeY15zXpNeV158g16DXmdeZ15M=
+attributeDisplayNames:: bWlkZGxlTmFtZSzXqdedINeQ157Xptei15k=
+attributeDisplayNames:: bWVtYmVyT2Ys15fXkdeoINeRLQ==
+attributeDisplayNames:: bWFuYWdlcizXnteg15TXnA==
+attributeDisplayNames:: bWFpbCzXm9eq15XXkdeqINeT15XXkNeoLdeQ15zXp9eY16jXldeg15k=
+attributeDisplayNames:: bCzXoteZ16g=
+attributeDisplayNames:: aXBQaG9uZSzXnteh16TXqCDXmNec16TXldefIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs157Xodek16ggSVNETiDXkdeZ16DXnNeQ15XXnteZICjXkNeX16jXmdedKQ==
+attributeDisplayNames:: aW5pdGlhbHMs16jXkNep15kg16rXmdeR15XXqg==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms15vXqteV15HXqiDXlNeR15nXqg==
+attributeDisplayNames:: aG9tZVBob25lLNeY15zXpNeV158g15HXkdeZ16o=
+attributeDisplayNames:: aG9tZURyaXZlLNeb15XXoNefINeU15HXmdeq
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzXqteZ16fXmdeZ16og15TXkdeZ16o=
+attributeDisplayNames:: Z2l2ZW5OYW1lLNep150g16TXqNeY15k=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizXodeZ15XXnteqINeU15PXldeo
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNee16HXpNeoINek16fXoQ==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzXlteZ15TXldeZINei15XXkdeT
+attributeDisplayNames:: ZGl2aXNpb24s157Xl9ec16fXlA==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs16nXnSDXmdeZ15fXldeT15k=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzXk9eZ15XXldeXINeZ16nXmdeo
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: ZGVwYXJ0bWVudCzXnteX15zXp9eU
+attributeDisplayNames:: Y29tcGFueSzXl9eR16jXlA==
+attributeDisplayNames:: Y29tbWVudCzXlNei16jXldeq
+attributeDisplayNames:: Y28s15DXqNel
+attributeDisplayNames:: YyzXqNeQ16nXmSDXqteZ15HXldeqINeU15DXqNel
+attributeDisplayNames:: Y24s16nXnQ==
+attributeDisplayNames:: YXNzaXN0YW50LNee16HXmdeZ16I=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 16fXkdeV16bXlA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us15vXqteV15HXqiDXk9ejINeQ15nXoNeY16jXoNeY
+attributeDisplayNames:: dXJsLNeb16rXldeR16og15PXoyDXkNeZ16DXmNeo16DXmCAo15DXl9eo15nXnSk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs16nXnSDXp9eR15XXpteUICjXnNek16DXmSBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs157Xmden15XXnSDXlNee16nXqNeT
+attributeDisplayNames:: aW5mbyzXlNei16jXldeq
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLNep150g16rXpteV15LXlCDXpNeV16DXmNeZ
+attributeDisplayNames:: bWVtYmVyLNeX15HXqNeZ150=
+attributeDisplayNames:: bWFuYWdlZEJ5LNee16DXlNec
+attributeDisplayNames:: bCzXoteZ16g=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs16nXnSDXmdeZ15fXldeT15k=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: YyzXqNeQ16nXmSDXqteZ15HXldeqINeU15DXqNel
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 16fXkdeV16bXqiDXnteX16nXkdeZ150=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: ZGMs16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 15DXmdepINen16nXqA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us15vXqteV15HXqiDXk9ejINeQ15nXoNeY16jXoNeY
+attributeDisplayNames:: dXJsLNeb16rXldeR16og15PXoyDXkNeZ16DXmNeo16DXmCAo15DXl9eo15nXnSk=
+attributeDisplayNames:: dGl0bGUs16rXpNen15nXkw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIs157Xodek16gg15jXnNen16EgKNeQ15fXqNeZ150p
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNee16HXpNeoINeY15zXpNeV158=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzXqNeX15XXkQ==
+attributeDisplayNames:: c3Qs157Xk9eZ16DXlC/XnteX15XXlg==
+attributeDisplayNames:: c24s16nXnSDXntep16TXl9eU
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNee16HXpNeoINeY15zXp9eh
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNee16HXpNeoIElTRE4g15HXmdeg15zXkNeV157XmQ==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzXqteQINeT15XXkNeo
+attributeDisplayNames:: cG9zdGFsQ29kZSzXnteZ16fXldeT
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs157Xmden15XXnSDXlNee16nXqNeT
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzXqteV15DXqA==
+attributeDisplayNames:: cGFnZXIs157Xodek16gg15bXmdee15XXoNeZ16o=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs157Xodek16gg15jXnNek15XXnyAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJQYWdlcizXnteh16TXqCDXlteZ157Xldeg15nXqiAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs157Xodek16gg15jXnNek15XXnyDXoNeZ15nXkyAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNeb16rXldeR16og15PXldeQ16gt15DXnNen15jXqNeV16DXmSAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLNee16HXpNeoINeY15zXpNeV158gSVAgKNeQ15fXqNeZ150p
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs157Xodek16gg15jXnNek15XXnyDXkdeR15nXqiAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs157Xodek16gg16TXp9ehICjXkNeX16jXmdedKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs157Xl9ec16fXlCDXpNeV16DXmNeZ16o=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLNep150g15fXkdeo15Qg16TXldeg15jXmQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLNep150g16rXpteV15LXlCDXpNeV16DXmNeZ
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLNep150g157Xqdek15fXlCDXpNeV16DXmNeZ
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzXqdedINek16jXmNeZINek15XXoNeY15k=
+attributeDisplayNames:: bW9iaWxlLNee16HXpNeoINeY15zXpNeV158g16DXmdeZ15M=
+attributeDisplayNames:: bWlkZGxlTmFtZSzXqdedINeQ157Xptei15k=
+attributeDisplayNames:: bWVtYmVyT2Ys15fXkdeoINeRLQ==
+attributeDisplayNames:: bWFuYWdlcizXnteg15TXnA==
+attributeDisplayNames:: bWFpbCzXm9eq15XXkdeqINeT15XXkNeoLdeQ15zXp9eY16jXldeg15k=
+attributeDisplayNames:: bCzXoteZ16g=
+attributeDisplayNames:: aXBQaG9uZSzXnteh16TXqCDXmNec16TXldefIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs157Xodek16ggSVNETiDXkdeZ16DXnNeQ15XXnteZICjXkNeX16jXmdedKQ==
+attributeDisplayNames:: aW5mbyzXlNei16jXldeq
+attributeDisplayNames:: aW5pdGlhbHMs16jXkNep15kg16rXmdeR15XXqg==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms15vXqteV15HXqiDXlNeR15nXqg==
+attributeDisplayNames:: aG9tZVBob25lLNeY15zXpNeV158g15HXkdeZ16o=
+attributeDisplayNames:: Z2l2ZW5OYW1lLNep150g16TXqNeY15k=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizXodeZ15XXnteqINeU15PXldeo
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNee16HXpNeoINek16fXoQ==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzXlteZ15TXldeZINei15XXkdeT
+attributeDisplayNames:: ZGl2aXNpb24s157Xl9ec16fXlA==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs16nXnSDXmdeZ15fXldeT15k=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs16nXnSDXnNeq16bXldeS15Q=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzXk9eZ15XXldeXINeZ16nXmdeo
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: ZGVwYXJ0bWVudCzXnteX15zXp9eU
+attributeDisplayNames:: Y29tcGFueSzXl9eR16jXlA==
+attributeDisplayNames:: Y29tbWVudCzXlNei16jXldeq
+attributeDisplayNames:: Y24s16nXnQ==
+attributeDisplayNames:: Y28s15DXqNel
+attributeDisplayNames:: YyzXqNeQ16nXmSDXqteZ15HXldeqINeU15DXqNel
+attributeDisplayNames:: YXNzaXN0YW50LNee16HXmdeZ16I=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainPolicy-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 157Xk9eZ16DXmdeV16og16fXkdeV16bXqiDXnteX16nXkdeZ150=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 157Xk9eZ16DXmdeV16og157Xp9eV157Xmdeq
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 16rXmden15nXmdeUINee16nXldeq16TXqg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSzXoNeq15nXkSDXlNeo16nXqg==
+attributeDisplayNames:: a2V5d29yZHMs157Xmdec15XXqiDXntek16rXlw==
+attributeDisplayNames:: bWFuYWdlZEJ5LNee16DXlNec
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 16nXmdeo15XXqg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 157Xl9ep15E=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLNep150g16rXpteV15LXlCDXpNeV16DXmNeZ
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs16nXnSDXnteX16nXkSAo15zXpNeg15kgV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizXkteZ16jXodeqINee16LXqNeb16og15TXpNei15zXlA==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLNee16LXqNeb16og15TXpNei15zXlA==
+attributeDisplayNames:: bWFuYWdlZEJ5LNee16DXlNec
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 157Xk9ek16HXqg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcizXkteZ16jXodeqINeU15DXldeR15nXmden15g=
+attributeDisplayNames:: dXJsLNeb16rXldeR16og15PXoyDXkNeZ16DXmNeo16DXmA==
+attributeDisplayNames:: c2VydmVyTmFtZSzXqdedINeU16nXqNeq
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzXqtee15nXm9eUINeR15TXmdeT15XXpw==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUs16nXnSDXntep15XXqtej
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzXk9ek15nXnSDXkdeT16fXlA==
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzXmdeX15nXk9eV16og157XlNeZ16jXldeq
+attributeDisplayNames:: cHJpbnRSYXRlLNee15TXmdeo15XXqg==
+attributeDisplayNames:: cHJpbnRPd25lcizXqdedINeR16LXnNeZ150=
+attributeDisplayNames:: cHJpbnRNZW1vcnks15bXmdeb16jXldefINee15XXqten158=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzXodeV15LXmSDXoNeZ15nXqCDXoNeq157Xm9eZ150=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LNeg15nXmdeoINeW157Xmdef
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLNeo15bXldec15XXpteZ15Qg157XqNeR15nXqg==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSzXqdek16og15TXnteT16TXodeq
+attributeDisplayNames:: cHJpbnRlck5hbWUs16nXnQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQs16rXnteZ15vXlCDXkdeU15PXpNeh15Qg15PXlS3XpteT15PXmdeq
+attributeDisplayNames:: cHJpbnRDb2xvcizXqtee15nXm9eUINeR15TXk9ek16HXqiDXpteR16I=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLNeq157Xmdeb15Qg15HXkNeZ16HXldej
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzXnteS16nXmSDXp9ec15g=
+attributeDisplayNames:: cG9ydE5hbWUs15nXpteZ15DXlA==
+attributeDisplayNames:: bG9jYXRpb24s157Xmden15XXnQ==
+attributeDisplayNames:: ZHJpdmVyTmFtZSzXnteV15PXnA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s15TXoteo15XXqg==
+attributeDisplayNames:: Y29udGFjdE5hbWUs15DXmdepINen16nXqA==
+attributeDisplayNames:: YXNzZXROdW1iZXIs157Xodek16gg16DXm9eh
+attributeDisplayNames:: dU5DTmFtZSzXqdedINeo16nXqg==
+attributeDisplayNames:: Y24s16nXnSDXqdeZ16jXldeqINeh16TXqNeZ15nXlA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 15DXqteo
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 16nXqNeq
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 15TXkteT16jXldeq
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 15TXkteT16jXldeqIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 16LXqNeb16og16LXldeq16fXmdedINee16nXldeb16TXnNeZ150g16nXnCBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 15TXkteT16jXldeqINeR16fXqCDXp9eR15XXpteqINee15fXqdeR15nXnQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 15fXmdeR15XXqA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 16jXqdeqINee16nXoNeZ16ogU3VibmV0
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 15nXl9eZ15PXlCDXkNeo15LXldeg15nXqg==
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LNee16DXlNec
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: b3Us16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 15LXldeo150g157Xm9eZ15w=
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 16fXkdeV16bXqiDXnteX16nXkdeZ150g15DXnteZ16DXlA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQs157Xl9ec16fXlCDXpNeV16DXmNeZ16osMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLNep150g15fXkdeo15Qg16TXldeg15jXmSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLNep150g157Xqdek15fXlCDXpNeV16DXmNeZLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSzXqdedINek16jXmNeZINek15XXoNeY15ksMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLNep150g16rXpteV15LXlCDXpNeV16DXmNeZLDAsMTAwLDA=
+extraColumns:: cG9zdGFsQ29kZSzXnteZ16fXldeTLDAsMTAwLDA=
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3Ms15vXqteV15HXqiDXk9eV15DXqCDXkNec16fXmNeo15XXoNeZINep15wgWC40MDAsMCwxMzAsMA==
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUs16nXnSDXm9eg15nXodeUINep15wg15TXntep16rXntepLDAsMjAwLDA=
+extraColumns:: dGl0bGUs16rXpNen15nXkywwLDEwMCww
+extraColumns:: dGFyZ2V0QWRkcmVzcyzXm9eq15XXkdeqINeZ16LXkywwLDEwMCww
+extraColumns:: c3Qs15DXlteV16gsMCwxMDAsMA==
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs157Xqdeo15MsMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQs16nXldeg15QsMCwxMzAsMA==
+extraColumns:: c24s16nXnSDXntep16TXl9eULDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkws15vXqteV15HXqiBVUkwg16nXnCDXnteh16jXmdedINee15nXk9eZ15nXnSwwLDE0MCww
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCzXqdeo16og16jXkNep15kg16nXnCDXnteh16jXmdedINee15nXmdeT15nXmdedLDAsMTcwLDA=
+extraColumns:: Z2l2ZW5OYW1lLNep150g16TXqNeY15ksMCwxMDAsMA==
+extraColumns:: aG9tZU1EQizXnteQ15LXqCDXqteZ15HXqiDXlNeT15XXkNeoINep15wgRXhjaGFuZ2UsMCwxMDAsMA==
+extraColumns:: bWFpbE5pY2tuYW1lLNeb15nXoNeV15kgRXhjaGFuZ2UsMCwxNzUsMA==
+extraColumns:: bWFpbCzXm9eq15XXkdeqINeT15XXkNeoLdeQ15zXp9eY16jXldeg15ksMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUs16nXnSDXm9eg15nXodeUINep15zXpNeg15kgV2luZG93cyAyMDAwLDAsMTIwLDA=
+extraColumns:: ZGlzcGxheU5hbWUs16nXnSDXnNeq16bXldeS15QsMCwxMDAsMA==
+extraColumns:: ZGVwYXJ0bWVudCzXnteX15zXp9eULDAsMTUwLDA=
+extraColumns:: YyzXkNeo16UsMCwtMSww
+extraColumns:: Y29tcGFueSzXl9eR16jXlCwwLDE1MCww
+extraColumns:: bCzXoteZ16gsMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLNeY15zXpNeV158g15HXoteR15XXk9eULDAsMTAwLDA=
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 16fXmdep15XXqCDXnNeQ16rXqA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 15LXqdeoINen15nXqdeV16gg15zXkNeq16g=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 16rXoteR15XXqNeUINeR15nXny3XkNeq16jXmded
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 16jXqdeZ15XXnyDXnNeU15LXk9eo15XXqiDXkNeq16g=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: 15TXkteT16jXldeqINeQ16rXqA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 15fXkdeoIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 157XoNeV15kgRlJT
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 157XoNeV15nXmdedINecLUZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 16nXmdeo15XXqteZIFJQQw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: 16rXldeoIE1TTVE=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: 16rXpteV16jXqiBNU01R
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: 15DXqNeS15XXnyBNU01R
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: 157Xqdeq157XqSDXntep15XXk9eo15Ig15EtTVNNUQ==
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: 16fXmdep15XXqCDXnteg16rXkSBNU01R
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: 15TXkteT16jXldeqIE1TTVE=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: 15vXmdeg15XXmSDXqteV16ggTVNNUQ==
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSzXqdedINeq15HXoNeZ16o=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: 16fXkdeV16bXqiBNU01R
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLNeq15XXqNeZINeX15HXqNeZ150=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 16nXmdeo15XXqiDXkNeZ15fXodeV158g157XqNeV15fXpw==
+adminContextMenu:: MCwm16DXmdeU15XXnC4uLixSc0FkbWluLm1zYw==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 15LXldeo150g157Xm9eZ15wg16nXnCDXkNeq16jXmded
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 15LXldeo150g157Xm9eZ15wg16nXnCDXntei15HXldeo15Qg15HXmdefLdeQ16rXqNeZ150=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 15LXldeo150g157Xm9eZ15wg16nXnCDXqNep16rXldeqINee16nXoNeUIChTdWJuZXRzKQ==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 15LXldeo150g157Xm9eZ15wg16nXnCDXqdeo16rXmded
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Active Directory Domain Services
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 157Xk9eZ16DXmdeV16og16nXkNeZ15zXqteU
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 16fXqNefINeR15jXl9eV16DXldeqINeW16jXmded
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: 16rXkdeg15nXqiDXkNeZ16nXldeo
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: Y24s16nXnQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LNeQ15Eg15nXk9eV16Ig15DXl9eo15XXnywxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=40D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LNee16HXmdeZ16I=
+attributeDisplayNames:: Y24s16nXnQ==
+attributeDisplayNames:: YyzXqNeQ16nXmSDXqteZ15HXldeqINeU15DXqNel
+attributeDisplayNames:: Y28s15DXqNel
+attributeDisplayNames:: Y29tbWVudCzXlNei16jXldeq
+attributeDisplayNames:: Y29tcGFueSzXl9eR16jXlA==
+attributeDisplayNames:: ZGVwYXJ0bWVudCzXnteX15zXp9eU
+attributeDisplayNames:: ZGVzY3JpcHRpb24s16rXmdeQ15XXqA==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzXk9eZ15XXldeXINeZ16nXmdeo
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs16nXnSDXmdeZ15fXldeT15k=
+attributeDisplayNames:: ZGl2aXNpb24s157Xl9ec16fXlA==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzXlteZ15TXldeZINei15XXkdeT
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNee16HXpNeoINek16fXoQ==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizXodeZ15XXnteqINeU15PXldeo
+attributeDisplayNames:: Z2l2ZW5OYW1lLNep150g16TXqNeY15k=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzXqteZ16fXmdeZ16og15TXkdeZ16o=
+attributeDisplayNames:: aG9tZURyaXZlLNeb15XXoNefINeU15HXmdeq
+attributeDisplayNames:: aG9tZVBob25lLNeY15zXpNeV158g15HXkdeZ16o=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms15vXqteV15HXqiDXlNeR15nXqg==
+attributeDisplayNames:: aW5pdGlhbHMs16jXkNep15kg16rXmdeR15XXqg==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs157Xodek16ggSVNETiDXkdeZ16DXnNeQ15XXnteZICjXkNeX16jXmdedKQ==
+attributeDisplayNames:: aXBQaG9uZSzXnteh16TXqCDXmNec16TXldefIElQ
+attributeDisplayNames:: bCzXoteZ16g=
+attributeDisplayNames:: bWFpbCzXm9eq15XXkdeqINeT15XXkNeoLdeQ15zXp9eY16jXldeg15k=
+attributeDisplayNames:: bWFuYWdlcizXnteg15TXnA==
+attributeDisplayNames:: bWVtYmVyT2Ys15fXkdeoINeRLQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSzXqdedINeQ157Xptei15k=
+attributeDisplayNames:: bW9iaWxlLNee16HXpNeoINeY15zXpNeV158g16DXmdeZ15M=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs157Xl9ec16fXlCDXpNeV16DXmNeZ16o=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLNep150g15fXkdeo15Qg16TXldeg15jXmQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLNep150g16rXpteV15LXlCDXpNeV16DXmNeZ
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLNep150g157Xqdek15fXlCDXpNeV16DXmNeZ
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzXqdedINek16jXmNeZINek15XXoNeY15k=
+attributeDisplayNames:: aW5mbyzXlNei16jXldeq
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs157Xodek16gg16TXp9ehICjXkNeX16jXmdedKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs15jXnNek15XXnyDXkdeR15nXqiAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLNee16HXpNeoINeY15zXpNeV158gSVAgKNeQ15fXqNeZ150p
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNeb16rXldeR16og15PXldeQ16gt15DXnNen15jXqNeV16DXmSAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs157Xodek16gg15jXnNek15XXnyDXoNeZ15nXkyAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJQYWdlcizXnteh16TXqCDXlteZ157Xldeg15nXqiAo15DXl9eo15nXnSk=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs157Xodek16gg15jXnNek15XXnyAo15DXl9eo15nXnSk=
+attributeDisplayNames:: cGFnZXIs157Xodek16gg15bXmdee15XXoNeZ16o=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzXqteV15DXqA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs157Xmden15XXnSDXlNee16nXqNeT
+attributeDisplayNames:: cG9zdGFsQ29kZSzXnteZ16fXldeT
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzXqteQINeT15XXkNeo
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNee16HXpNeoIElTRE4g15HXmdeg15zXkNeV157XmQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNee16HXpNeoINeY15zXp9eh
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs16nXnSDXnNeb16DXmdeh15QgKNec16TXoNeZIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: c24s16nXnSDXntep16TXl9eU
+attributeDisplayNames:: c3Qs157Xk9eZ16DXlC/XnteX15XXlg==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzXqNeX15XXkQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNee16HXpNeoINeY15zXpNeV158=
+attributeDisplayNames:: dGVsZXhOdW1iZXIs157Xodek16gg15jXnNen16EgKNeQ15fXqNeZ150p
+attributeDisplayNames:: dGl0bGUs16rXpNen15nXkw==
+attributeDisplayNames:: dXJsLNeb16rXldeR16og15PXoyDXkNeZ16DXmNeo16DXmCAo15DXl9eo15nXnSk=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs16nXnSDXnNeq16bXldeS15Q=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzXqteX16DXldeqINei15HXldeT15Qg15zXm9eg15nXodeU
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs16nXnSDXnNeb16DXmdeh15Q=
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us15vXqteV15HXqiDXk9ejINeQ15nXoNeY16jXoNeY
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvciDnvqTntYQ=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvciDmnI3li5k=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5L2/55So6ICF
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us57ay5Z2A
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs55m75YWl5ZCN56ix
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyznmbvlhaXlt6XkvZznq5k=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs6aGv56S65ZCN56ix
+attributeDisplayNames:: dXJsLOe2suWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: dGl0bGUs5bel5L2c6IG356ix
+attributeDisplayNames:: dGVsZXhOdW1iZXIs6Zu75YKz6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOmbu+ipseiZn+eivA==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzooZfpgZPlnLDlnYA=
+attributeDisplayNames:: c3Qs55yB
+attributeDisplayNames:: c24s5aeT5rCP
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs55m75YWl5ZCN56ixIChXaW5kb3dzIDIwMDAg5YmN54mIKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOmbu+WCs+iZn+eivA==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWci+mamyBJU0ROIOiZn+eivA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzpg7XmlL/kv6HnrrE=
+attributeDisplayNames:: cG9zdGFsQ29kZSzpg7XpgZ7ljYDomZ8=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs6L6m5YWs5Zyw6bue
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSznqLHorII=
+attributeDisplayNames:: cGFnZXIs5ZG85Y+r5Zmo6Jmf56K8
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJQYWdlcizlkbzlj6vlmajomZ/norwgKOWFtuS7lik=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs6KGM5YuV6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOmbu+WtkOmDteS7tuWcsOWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOmbu+ipseiZn+eivCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs5L2P5a6F6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs5YKz55yf6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: aW5mbyzpmYToqLs=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs5rOo6Z+z5qiZ56S66YOo6ZaA
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLOazqOmfs+aomeekuuWFrOWPuOWQjeeosQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOazqOmfs+aomeekuumhr+ekuuWQjeeosQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLOazqOmfs+aomeekuuWnk+awjw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzms6jpn7PmqJnnpLrlkI3lrZc=
+attributeDisplayNames:: bW9iaWxlLOihjOWLlembu+ipseiZn+eivA==
+attributeDisplayNames:: bWlkZGxlTmFtZSzkuK3plpPlkI3lrZc=
+attributeDisplayNames:: bWVtYmVyT2Ys6Zq45bGs5pa8
+attributeDisplayNames:: bWFuYWdlcizkuLvnrqE=
+attributeDisplayNames:: bWFpbCzpm7vlrZDpg7Xku7blnLDlnYA=
+attributeDisplayNames:: bCznuKMv5biC
+attributeDisplayNames:: aXBQaG9uZSxJUCDpm7voqbHomZ/norw=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5ZyL6ZqbIElTRE4g6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: aW5pdGlhbHMs57iu5a+r5ZCN
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms5L2P5a625Zyw5Z2A
+attributeDisplayNames:: aG9tZVBob25lLOS9j+Wuhembu+ipsQ==
+attributeDisplayNames:: aG9tZURyaXZlLOS4u+ebrumMhOejgeeinw==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzkuLvnm67pjITos4fmlpnlpL4=
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjeWtlw==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizkuJbopbLnqLHorII=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLOWCs+ecn+iZn+eivA==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzlk6Hlt6XorZjliKXnorw=
+attributeDisplayNames:: ZGl2aXNpb24s6JmV
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs6L6o5Yil5ZCN56ix
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzlsazkuIs=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jploA=
+attributeDisplayNames:: Y29tcGFueSzlhazlj7g=
+attributeDisplayNames:: Y29tbWVudCzoqLvop6M=
+attributeDisplayNames:: Y28s5ZyL5a62KOWcsOWNgCk=
+attributeDisplayNames:: YyzlnIvlrrYo5Zyw5Y2AKee4ruWvqw==
+attributeDisplayNames:: Y24s5ZCN56ix
+attributeDisplayNames:: YXNzaXN0YW50LOWKqeeQhg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 576k57WE
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us57ay5Z2A
+attributeDisplayNames:: dXJsLOe2suWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs576k57WE5ZCN56ixIChXaW5kb3dzIDIwMDAg5YmN54mIKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs6L6m5YWs5Zyw6bue
+attributeDisplayNames:: aW5mbyzpmYToqLs=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOazqOmfs+aomeekuumhr+ekuuWQjeeosQ==
+attributeDisplayNames:: bWVtYmVyLOaIkOWToQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: bCznuKMv5biC
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs6L6o5Yil5ZCN56ix
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: YyzlnIvlrrYo5Zyw5Y2AKee4ruWvqw==
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 57ay5Z+f
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGMs5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 6YCj57Wh5Lq6
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us57ay5Z2A
+attributeDisplayNames:: dXJsLOe2suWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: dGl0bGUs5bel5L2c6IG356ix
+attributeDisplayNames:: dGVsZXhOdW1iZXIs6Zu75YKz6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOmbu+ipseiZn+eivA==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzooZfpgZPlnLDlnYA=
+attributeDisplayNames:: c3Qs55yB
+attributeDisplayNames:: c24s5aeT5rCP
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOmbu+WCs+iZn+eivA==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWci+mamyBJU0ROIOiZn+eivA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzpg7XmlL/kv6HnrrE=
+attributeDisplayNames:: cG9zdGFsQ29kZSzpg7XpgZ7ljYDomZ8=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs6L6m5YWs5Zyw6bue
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSznqLHorII=
+attributeDisplayNames:: cGFnZXIs5ZG85Y+r5Zmo6Jmf56K8
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJQYWdlcizlkbzlj6vlmajomZ/norwgKOWFtuS7lik=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs6KGM5YuV6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOmbu+WtkOmDteS7tuWcsOWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOmbu+ipseiZn+eivCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs5L2P5a6F6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs5YKz55yf6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs5rOo6Z+z5qiZ56S66YOo6ZaA
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLOazqOmfs+aomeekuuWFrOWPuOWQjeeosQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOazqOmfs+aomeekuumhr+ekuuWQjeeosQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLOazqOmfs+aomeekuuWnk+awjw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzms6jpn7PmqJnnpLrlkI3lrZc=
+attributeDisplayNames:: bW9iaWxlLOihjOWLlembu+ipseiZn+eivA==
+attributeDisplayNames:: bWlkZGxlTmFtZSzkuK3plpPlkI3lrZc=
+attributeDisplayNames:: bWVtYmVyT2Ys6Zq45bGs5pa8
+attributeDisplayNames:: bWFuYWdlcizkuLvnrqE=
+attributeDisplayNames:: bWFpbCzpm7vlrZDpg7Xku7blnLDlnYA=
+attributeDisplayNames:: bCznuKMv5biC
+attributeDisplayNames:: aXBQaG9uZSxJUCDpm7voqbHomZ/norw=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5ZyL6ZqbIElTRE4g6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: aW5mbyzpmYToqLs=
+attributeDisplayNames:: aW5pdGlhbHMs57iu5a+r5ZCN
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms5L2P5a625Zyw5Z2A
+attributeDisplayNames:: aG9tZVBob25lLOS9j+Wuhembu+ipsQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjeWtlw==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizkuJbopbLnqLHorII=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLOWCs+ecn+iZn+eivA==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzlk6Hlt6XorZjliKXnorw=
+attributeDisplayNames:: ZGl2aXNpb24s6JmV
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs6L6o5Yil5ZCN56ix
+attributeDisplayNames:: ZGlzcGxheU5hbWUs6aGv56S65ZCN56ix
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzlsazkuIs=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jploA=
+attributeDisplayNames:: Y29tcGFueSzlhazlj7g=
+attributeDisplayNames:: Y29tbWVudCzoqLvop6M=
+attributeDisplayNames:: Y24s5ZCN56ix
+attributeDisplayNames:: Y28s5ZyL5a62KOWcsOWNgCk=
+attributeDisplayNames:: YyzlnIvlrrYo5Zyw5Y2AKee4ruWvqw==
+attributeDisplayNames:: YXNzaXN0YW50LOWKqeeQhg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainPolicy-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 57ay5Z+f5Y6f5YmH
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5pys5qmf5Y6f5YmH
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5YWx55So6LOH5paZ5aS+
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSzntrLot6/ot6/lvpE=
+attributeDisplayNames:: a2V5d29yZHMs6Zec6Y215a2X
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5pyN5YuZ
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 6Zu76IWm
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOazqOmfs+aomeekuumhr+ekuuWQjeeosQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs6Zu76IWm5ZCN56ixIChXaW5kb3dzIDIwMDAg5YmN54mIKQ==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizkvZzmpa3ns7vntbHniYjmnKw=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLOS9nOalreezu+e1sQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5Y2w6KGo5qmf
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlciznianku7bniYjmnKw=
+attributeDisplayNames:: dXJsLOe2suWdgA==
+attributeDisplayNames:: c2VydmVyTmFtZSzkvLrmnI3lmajlkI3nqLE=
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzmlK/mj7Too53oqII=
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUs5YWx55So5ZCN56ix
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzpoIEv5YiG6ZCY
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzpgJ/luqbllq7kvY0=
+attributeDisplayNames:: cHJpbnRSYXRlLOmAn+W6pg==
+attributeDisplayNames:: cHJpbnRPd25lcizmk4HmnInogIXlkI3nqLE=
+attributeDisplayNames:: cHJpbnRNZW1vcnks5bey5a6J6KOd55qE6KiY5oa26auU
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzmlK/mj7TnmoTntJnlvLXpoZ7lnos=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LOWPr+S9v+eUqOe0meW8tQ==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLOacgOWkp+ino+aekOW6pg==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSzljbDooajmqZ/oqp7oqIA=
+attributeDisplayNames:: cHJpbnRlck5hbWUs5ZCN56ix
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQs5pSv5o+06ZuZ6Z2i5YiX5Y2w
+attributeDisplayNames:: cHJpbnRDb2xvcizmlK/mj7TlvanoibLliJfljbA=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLOaUr+aPtOagoeWwjQ==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzpgIHntJnljKM=
+attributeDisplayNames:: cG9ydE5hbWUs6YCj5o6l5Z+g
+attributeDisplayNames:: bG9jYXRpb24s5L2N572u
+attributeDisplayNames:: ZHJpdmVyTmFtZSzlnovomZ8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Ki76Kej
+attributeDisplayNames:: Y29udGFjdE5hbWUs6YCj57Wh5Lq6
+attributeDisplayNames:: YXNzZXROdW1iZXIs6LOH55Si57eo6Jmf
+attributeDisplayNames:: dU5DTmFtZSzntrLot6/lkI3nqLE=
+attributeDisplayNames:: Y24s55uu6YyE5pyN5YuZ5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 56uZ5Y+w
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 5Ly65pyN5Zmo
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 6Kit5a6a5YC8
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOioreWumuWAvA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOikh+Wvq+e1hA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 57ay5Z+f5o6n5Yi256uZ6Kit5a6a
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 6YCj57ea
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 5a2Q57ay6Lev
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 57WE57mU5Zau5L2N
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: b3Us5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5a655Y2A
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 5Y+X5L+h5Lu755qE57ay5Z+f
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQs5rOo6Z+z5qiZ56S66YOo6ZaALDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLOazqOmfs+aomeekuuWFrOWPuOWQjeeosSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLOazqOmfs+aomeekuuWnk+awjywwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSzms6jpn7PmqJnnpLrlkI3lrZcsMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOazqOmfs+aomeekuumhr+ekuuWQjeeosSwwLDEwMCww
+extraColumns:: cG9zdGFsQ29kZSzpg7XpgZ7ljYDomZ8sMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAg6Zu75a2Q6YO15Lu25Zyw5Z2ALDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUs5L2/55So6ICF55m75YWl5ZCN56ixLDAsMjAwLDA=
+extraColumns:: dGl0bGUs5bel5L2c6IG356ixLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyznm67mqJnkvY3lnYAsMCwxMDAsMA==
+extraColumns:: c3Qs55yBLDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs6L6m5YWs5a6kLDAsMTAwLDA=
+extraColumns:: d2hlbkNoYW5nZWQs5L+u5pS55pel5pyfLDAsMTMwLDA=
+extraColumns:: c24s5aeT5rCPLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkws56uL5Y2z6KiK5oGvIFVSTCwwLDE0MCww
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCznq4vljbPoqIrmga/kuLvkvLrmnI3lmagsMCwxNzAsMA==
+extraColumns:: Z2l2ZW5OYW1lLOWQjeWtlywwLDEwMCww
+extraColumns:: aG9tZU1EQixFeGNoYW5nZSDkv6HnrrHlrZjmlL7ljYAsMCwxMDAsMA==
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlIOWIpeWQjSwwLDE3NSww
+extraColumns:: bWFpbCzpm7vlrZDpg7Xku7blnLDlnYAsMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsV2luZG93cyAyMDAwIOWJjeeJiOeZu+WFpeWQjeeosSwwLDEyMCww
+extraColumns:: ZGlzcGxheU5hbWUs6aGv56S65ZCN56ixLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCzpg6jploAsMCwxNTAsMA==
+extraColumns:: YyzlnIvlrrYo5Zyw5Y2AKSwwLC0xLDA=
+extraColumns:: Y29tcGFueSzlhazlj7gsMCwxNTAsMA==
+extraColumns:: bCznuKMv5biCLDAsMTUwLDA=
+extraColumns:: dGVsZXBob25lTnVtYmVyLOWFrOWPuOmbu+ipsSwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 57ay56uZ6YCj57WQ
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 57ay56uZ6YCj57WQ5qmL5o6l5Zmo
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 56uZ5Y+w6ZaT5YKz6Ly4
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 5o6I5qyK57ay56uZ6Kit5a6a5YC8
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: 56uZ5Y+w6Kit5a6a5YC8
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOaIkOWToQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOioguaItg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOiogumWsQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UlBDIOacjeWLmQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDkvYfliJc=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDntYTmhYs=
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ Enterprise
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUSDljYfntJrkvb/nlKjogIU=
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDot6/nlLHpgKPntZA=
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDoqK3lrprlgLw=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUSDkvYfliJfliKXlkI0=
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSzmoLzlvI/lkI3nqLE=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: TVNNUSDnvqTntYQ=
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLOaIkOWToeS9h+WIlw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 6YGg56uv5a2Y5pS+5pyN5YuZ
+adminContextMenu:: MCznrqHnkIYoJk0pLi4uLFJzQWRtaW4ubXNj
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 57ay56uZ5a655Y2A
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 56uZ5Y+w6ZaT5YKz6Ly45a655Y2A
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 5a2Q57ay6Lev5a655Y2A
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 5Ly65pyN5Zmo5a655Y2A
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeSDntrLln5/mnI3li5k=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 5p+l6Kmi5Y6f5YmH
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 5aSW6YOo5a6J5YWo5oCn5Li76auU
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: 5oaR6K2J56+E5pys
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LOS4iuasoeW3suefpeeItuezuywxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=C04,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LOWKqeeQhg==
+attributeDisplayNames:: Y24s5ZCN56ix
+attributeDisplayNames:: YyzlnIvlrrYo5Zyw5Y2AKee4ruWvqw==
+attributeDisplayNames:: Y28s5ZyL5a62KOWcsOWNgCk=
+attributeDisplayNames:: Y29tbWVudCzoqLvop6M=
+attributeDisplayNames:: Y29tcGFueSzlhazlj7g=
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jploA=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzlsazkuIs=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs6L6o5Yil5ZCN56ix
+attributeDisplayNames:: ZGl2aXNpb24s6JmV
+attributeDisplayNames:: ZW1wbG95ZWVJRCzlk6Hlt6XorZjliKXnorw=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLOWCs+ecn+iZn+eivA==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizkuJbopbLnqLHorII=
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjeWtlw==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzkuLvnm67pjITos4fmlpnlpL4=
+attributeDisplayNames:: aG9tZURyaXZlLOS4u+ebrumMhOejgeeinw==
+attributeDisplayNames:: aG9tZVBob25lLOS9j+Wuhembu+ipsQ==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms5L2P5a625Zyw5Z2A
+attributeDisplayNames:: aW5pdGlhbHMs57iu5a+r5ZCN
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5ZyL6ZqbIElTRE4g6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: aXBQaG9uZSxJUCDpm7voqbHomZ/norw=
+attributeDisplayNames:: bCznuKMv5biC
+attributeDisplayNames:: bWFpbCzpm7vlrZDpg7Xku7blnLDlnYA=
+attributeDisplayNames:: bWFuYWdlcizkuLvnrqE=
+attributeDisplayNames:: bWVtYmVyT2Ys6Zq45bGs5pa8
+attributeDisplayNames:: bWlkZGxlTmFtZSzkuK3plpPlkI3lrZc=
+attributeDisplayNames:: bW9iaWxlLOihjOWLlembu+ipseiZn+eivA==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs5rOo6Z+z5qiZ56S66YOo6ZaA
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLOazqOmfs+aomeekuuWFrOWPuOWQjeeosQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOazqOmfs+aomeekuumhr+ekuuWQjeeosQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLOazqOmfs+aomeekuuWnk+awjw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzms6jpn7PmqJnnpLrlkI3lrZc=
+attributeDisplayNames:: aW5mbyzpmYToqLs=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs5YKz55yf6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs5L2P5a6F6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOmbu+ipseiZn+eivCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOmbu+WtkOmDteS7tuWcsOWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUs6KGM5YuV6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJQYWdlcizlkbzlj6vlmajomZ/norwgKOWFtuS7lik=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: cGFnZXIs5ZG85Y+r5Zmo6Jmf56K8
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSznqLHorII=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs6L6m5YWs5Zyw6bue
+attributeDisplayNames:: cG9zdGFsQ29kZSzpg7XpgZ7ljYDomZ8=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzpg7XmlL/kv6HnrrE=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWci+mamyBJU0ROIOiZn+eivA==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOmbu+WCs+iZn+eivA==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs55m75YWl5ZCN56ixIChXaW5kb3dzIDIwMDAg5YmN54mIKQ==
+attributeDisplayNames:: c24s5aeT5rCP
+attributeDisplayNames:: c3Qs55yB
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzooZfpgZPlnLDlnYA=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOmbu+ipseiZn+eivA==
+attributeDisplayNames:: dGVsZXhOdW1iZXIs6Zu75YKz6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: dGl0bGUs5bel5L2c6IG356ix
+attributeDisplayNames:: dXJsLOe2suWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUs6aGv56S65ZCN56ix
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyznmbvlhaXlt6XkvZznq5k=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs55m75YWl5ZCN56ix
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us57ay5Z2A
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror-gruppe
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror-tjeneste
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Bruker
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViLWFkcmVzc2U=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsUMOlbG9nZ2luZ3NuYXZu
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxBcmJlaWRzc3Rhc2pvbmVyIHNvbSBrYW4gbG9nZ2VzIHDDpQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzbmluZ3NuYXZu
+attributeDisplayNames:: dXJsLEFkcmVzc2UgdGlsIFdlYi1zaWRlIChhbmRyZSk=
+attributeDisplayNames:: dGl0bGUsU3RpbGxpbmc=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzbnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxHYXRlYWRyZXNzZQ==
+attributeDisplayNames:: c3QsRGVsc3RhdC9yZWdpb24=
+attributeDisplayNames:: c24sRXR0ZXJuYXZu
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsUMOlbG9nZ2luZ3NuYXZuIChwcmUtV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrc251bW1lcg==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGVybmFzam9uYWx0IElTRE4tbnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0Ym9rcw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9y
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXR0ZWw=
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O4a2VybnVtbWVy
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm51bW1lciAoYW5kcmUp
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7hrZXJudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtcG9zdGFkcmVzc2UgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgcHJpdmF0IChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsVGVsZWZha3NudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: aW5mbyxNZXJrbmFkZXI=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsQXZkZWxpbmcsIGZvbmV0aXNr
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZpcm1hbmF2biwgZm9uZXRpc2s=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLFZpc25pbmdzbmF2biwgZm9uZXRpc2s=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEV0dGVybmF2biwgZm9uZXRpc2s=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxGb3JuYXZuLCBmb25ldGlzaw==
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsb21uYXZu
+attributeDisplayNames:: bWVtYmVyT2YsTWVkbGVtIGF2
+attributeDisplayNames:: bWFuYWdlcixMZWRlcg==
+attributeDisplayNames:: bWFpbCxFLXBvc3RhZHJlc3Nl
+attributeDisplayNames:: bCxQb3N0c3RlZA==
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50ZXJuYXNqb25hbHQgSVNETi1udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: aW5pdGlhbHMsRm9yYm9rc3RhdmVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsUHJpdmF0YWRyZXNzZQ==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24sIHByaXZhdA==
+attributeDisplayNames:: aG9tZURyaXZlLEhqZW1tZXN0YXNqb24=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxIamVtbWVtYXBwZQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEZvcm5hdm4=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixHZW5lcmFzam9uc3N1ZmZpa3M=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLFRlbGVmYWtzbnVtbWVy
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnNhdHQtSUQ=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNqb24=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsVW5pa3QgbmF2bg==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEaXJla3RlIHVuZGVyb3JkbmVkZQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBdmRlbGluZw==
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kc2ZvcmtvcnRlbHNl
+attributeDisplayNames:: Y24sTmF2bg==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Gruppe
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: wWWHomePage,Web-adresse
+attributeDisplayNames: url,Adresse til Web-side (andre)
+attributeDisplayNames: samAccountName,Gruppenavn (pre-Windows 2000)
+attributeDisplayNames: physicalDeliveryOfficeName,Kontor
+attributeDisplayNames: info,Merknader
+attributeDisplayNames: mSDS-PhoneticDisplayName,Visningsnavn, fonetisk
+attributeDisplayNames: member,Medlemmer
+attributeDisplayNames: managedBy,Behandles av
+attributeDisplayNames: l,Poststed
+attributeDisplayNames: distinguishedName,Unikt navn
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: c,Landsforkortelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Domene
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: dc,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Kontakt
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViLWFkcmVzc2U=
+attributeDisplayNames:: dXJsLEFkcmVzc2UgdGlsIFdlYi1zaWRlIChhbmRyZSk=
+attributeDisplayNames:: dGl0bGUsU3RpbGxpbmc=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzbnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxHYXRlYWRyZXNzZQ==
+attributeDisplayNames:: c3QsRGVsc3RhdC9yZWdpb24=
+attributeDisplayNames:: c24sRXR0ZXJuYXZu
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrc251bW1lcg==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGVybmFzam9uYWx0IElTRE4tbnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0Ym9rcw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9y
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXR0ZWw=
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O4a2VybnVtbWVy
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm51bW1lciAoYW5kcmUp
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7hrZXJudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtcG9zdGFkcmVzc2UgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgcHJpdmF0IChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsVGVsZWZha3NudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsQXZkZWxpbmcsIGZvbmV0aXNr
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZpcm1hbmF2biwgZm9uZXRpc2s=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLFZpc25pbmdzbmF2biwgZm9uZXRpc2s=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEV0dGVybmF2biwgZm9uZXRpc2s=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxGb3JuYXZuLCBmb25ldGlzaw==
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsb21uYXZu
+attributeDisplayNames:: bWVtYmVyT2YsTWVkbGVtIGF2
+attributeDisplayNames:: bWFuYWdlcixMZWRlcg==
+attributeDisplayNames:: bWFpbCxFLXBvc3RhZHJlc3Nl
+attributeDisplayNames:: bCxQb3N0c3RlZA==
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50ZXJuYXNqb25hbHQgSVNETi1udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: aW5mbyxNZXJrbmFkZXI=
+attributeDisplayNames:: aW5pdGlhbHMsRm9yYm9rc3RhdmVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsUHJpdmF0YWRyZXNzZQ==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24sIHByaXZhdA==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEZvcm5hdm4=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixHZW5lcmFzam9uc3N1ZmZpa3M=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLFRlbGVmYWtzbnVtbWVy
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnNhdHQtSUQ=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNqb24=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsVW5pa3QgbmF2bg==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzbmluZ3NuYXZu
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEaXJla3RlIHVuZGVyb3JkbmVkZQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBdmRlbGluZw==
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y24sTmF2bg==
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kc2ZvcmtvcnRlbHNl
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainPolicy-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Domenepolicy
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Lokal policy
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Delt mappe
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxOZXR0dmVya3NiYW5l
+attributeDisplayNames:: a2V5d29yZHMsTsO4a2tlbG9yZA==
+attributeDisplayNames:: bWFuYWdlZEJ5LEJlaGFuZGxlcyBhdg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: Y24sTmF2bg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Tjeneste
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Datamaskin
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: MSDS-PhoneticDisplayName,Visningsnavn, fonetisk
+attributeDisplayNames: samAccountName,Datamaskinnavn (pre-Windows 2000)
+attributeDisplayNames: operatingSystemVersion,Operativsystemversjon
+attributeDisplayNames: operatingSystem,Operativsystem
+attributeDisplayNames: managedBy,Behandles av
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Skriver
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixPYmpla3R2ZXJzam9u
+attributeDisplayNames:: dXJsLFdlYi1hZHJlc3Nl
+attributeDisplayNames:: c2VydmVyTmFtZSxTZXJ2ZXJuYXZu
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxTdMO4dHRlciBzdGlmdGluZw==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTmF2biBww6UgZGVsdCByZXNzdXJz
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxTaWRlciBwZXIgbWludXR0
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxIYXN0aWdoZXRzZW5oZXRlcg==
+attributeDisplayNames:: cHJpbnRSYXRlLEhhc3RpZ2hldA==
+attributeDisplayNames:: cHJpbnRPd25lcixFaWVybmF2bg==
+attributeDisplayNames:: cHJpbnRNZW1vcnksTWlubmUgaW5zdGFsbGVydA==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxTdMO4dHRlZGUgcGFwaXJ0eXBlcg==
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFRpbGdqZW5nZWxpZ2UgcGFwaXJ0eXBlcg==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLE1ha3NpbWFsIG9wcGzDuHNuaW5n
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxTa3JpdmVyc3Byw6Vr
+attributeDisplayNames:: cHJpbnRlck5hbWUsTmF2bg==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsU3TDuHR0ZXIgZG9iYmVsdHNpZGlnIHV0c2tyaWZ0
+attributeDisplayNames:: cHJpbnRDb2xvcixTdMO4dHRlciBmYXJnZXV0c2tyaWZ0
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFN0w7h0dGVyIHNvcnRlcmluZw==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxJbm5za3VmZmVy
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydA==
+attributeDisplayNames:: bG9jYXRpb24sUGxhc3NlcmluZw==
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbGw=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS29tbWVudGFy
+attributeDisplayNames:: Y29udGFjdE5hbWUsS29udGFrdA==
+attributeDisplayNames:: YXNzZXROdW1iZXIsR2plbnN0YW5kc251bW1lcg==
+attributeDisplayNames:: dU5DTmFtZSxOZXR0dmVya3NuYXZu
+attributeDisplayNames:: Y24sTmF2biBww6Uga2F0YWxvZ3RqZW5lc3Rl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: T21yw6VkZQ==
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Innstillinger
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-innstillinger
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-replikasett
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Innstillinger for domenekontroller
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Tilkobling
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Delnett
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Organisasjonsenhet
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: managedBy,Behandles av
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: ou,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Beholder
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Klarert domene
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQsQXZkZWxpbmcsIGZvbmV0aXNrLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZpcm1hbmF2biwgZm9uZXRpc2ssMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLEV0dGVybmF2biwgZm9uZXRpc2ssMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSxGb3JuYXZuLCBmb25ldGlzaywwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLFZpc25pbmdzbmF2biwgZm9uZXRpc2ssMCwxMDAsMA==
+extraColumns:: cG9zdGFsQ29kZSxQb3N0bnVtbWVyLDAsMTAwLDA=
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAtZS1wb3N0YWRyZXNzZSwwLDEzMCww
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsQnJ1a2VycMOlbG9nZ2luZ3NuYXZuLDAsMjAwLDA=
+extraColumns:: dGl0bGUsU3RpbGxpbmcsMCwxMDAsMA==
+extraColumns:: dGFyZ2V0QWRkcmVzcyxNw6VsYWRyZXNzZSwwLDEwMCww
+extraColumns:: c3QsVGlsc3RhbmQsMCwxMDAsMA==
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9yLDAsMTAwLDA=
+extraColumns:: d2hlbkNoYW5nZWQsRW5kcmV0LDAsMTMwLDA=
+extraColumns:: c24sRXR0ZXJuYXZuLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsV2ViLWFkcmVzc2UgZm9yIMO4eWVibGlra2VsaWdlIG1lbGRpbmdlciwwLDE0MCww
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxIamVtbWVzZXJ2ZXIgZm9yIMO4eWVibGlra2VsaWdlIG1lbGRpbmdlciwwLDE3MCww
+extraColumns:: Z2l2ZW5OYW1lLEZvcm5hdm4sMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixFeGNoYW5nZS1lLXBvc3RiZWhvbGRlciwwLDEwMCww
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlLWFsaWFzLDAsMTc1LDA=
+extraColumns:: bWFpbCxFLXBvc3RhZHJlc3NlLDAsMTAwLDA=
+extraColumns:: c0FNQWNjb3VudE5hbWUsUMOlbG9nZ2luZ3NuYXZuLCBwcmUtV2luZG93cyAyMDAwLDAsMTIwLDA=
+extraColumns:: ZGlzcGxheU5hbWUsVmlzbmluZ3NuYXZuLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCxBdmRlbGluZywwLDE1MCww
+extraColumns:: YyxMYW5kLDAsLTEsMA==
+extraColumns:: Y29tcGFueSxGaXJtYSwwLDE1MCww
+extraColumns:: bCxQb3N0c3RlZCwwLDE1MCww
+extraColumns:: dGVsZXBob25lTnVtYmVyLFRlbGVmb24sIGFyYmVpZCwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: T21yw6VkZWtvYmxpbmc=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: T21yw6VkZWtvYmxpbmdzYnJv
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: VHJhbnNwb3J0IG1lbGxvbSBvbXLDpWRlcg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: SW5uc3RpbGxpbmdlciBmb3IgbGlzZW5zaWVyaW5nc29tcsOlZGU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: T21yw6VkZWlubnN0aWxsaW5nZXI=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-medlem
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-abonnent
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-abonnement
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: RPC-tjenester
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUS1rw7g=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-konfigurasjon
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ-organisasjon
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName: MSMQ-oppgradert bruker
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-rutingskobling
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-innstillinger
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUS1rw7hhbGlhcw==
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Formater navn
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: MSMQ-gruppe
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLE1lZGxlbXNrw7hlcg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: Y24sTmF2bg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Ekstern lagringstjeneste
+adminContextMenu: 0,&Behandle...,RsAdmin.msc
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVob2xkZXIgZm9yIG9tcsOlZGVy
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVob2xkZXIgZm9yIHRyYW5zcG9ydGVyIG1lbGxvbSBvbXLDpWRlcg==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Beholder for delnett
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Beholder for servere
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Active Directory Domain Services
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U3DDuHJyaW5nc3BvbGljeQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Eksternt sikkerhetsobjekt
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Sertifikatmal
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns: lastKnownParent,Siste kjente overordnede,1,300,0
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=414,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+attributeDisplayNames:: Y24sTmF2bg==
+attributeDisplayNames:: YyxMYW5kc2ZvcmtvcnRlbHNl
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBdmRlbGluZw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEaXJla3RlIHVuZGVyb3JkbmVkZQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsVW5pa3QgbmF2bg==
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNqb24=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnNhdHQtSUQ=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLFRlbGVmYWtzbnVtbWVy
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixHZW5lcmFzam9uc3N1ZmZpa3M=
+attributeDisplayNames:: Z2l2ZW5OYW1lLEZvcm5hdm4=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxIamVtbWVtYXBwZQ==
+attributeDisplayNames:: aG9tZURyaXZlLEhqZW1tZXN0YXNqb24=
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24sIHByaXZhdA==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsUHJpdmF0YWRyZXNzZQ==
+attributeDisplayNames:: aW5pdGlhbHMsRm9yYm9rc3RhdmVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50ZXJuYXNqb25hbHQgSVNETi1udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: bCxQb3N0c3RlZA==
+attributeDisplayNames:: bWFpbCxFLXBvc3RhZHJlc3Nl
+attributeDisplayNames:: bWFuYWdlcixMZWRlcg==
+attributeDisplayNames:: bWVtYmVyT2YsTWVkbGVtIGF2
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsb21uYXZu
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsQXZkZWxpbmcsIGZvbmV0aXNr
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZpcm1hbmF2biwgZm9uZXRpc2s=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLFZpc25pbmdzbmF2biwgZm9uZXRpc2s=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEV0dGVybmF2biwgZm9uZXRpc2s=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxGb3JuYXZuLCBmb25ldGlzaw==
+attributeDisplayNames:: aW5mbyxNZXJrbmFkZXI=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsVGVsZWZha3NudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciAoYW5kcmUp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtcG9zdGFkcmVzc2UgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7hrZXJudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm51bW1lciAoYW5kcmUp
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O4a2VybnVtbWVy
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXR0ZWw=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9y
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0Ym9rcw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGVybmFzam9uYWx0IElTRE4tbnVtbWVy
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrc251bW1lcg==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsUMOlbG9nZ2luZ3NuYXZuIChwcmUtV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: c24sRXR0ZXJuYXZu
+attributeDisplayNames:: c3QsRGVsc3RhdC9yZWdpb24=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxHYXRlYWRyZXNzZQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzbnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: dGl0bGUsU3RpbGxpbmc=
+attributeDisplayNames:: dXJsLEFkcmVzc2UgdGlsIFdlYi1zaWRlIChhbmRyZSk=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzbmluZ3NuYXZu
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxBcmJlaWRzc3Rhc2pvbmVyIHNvbSBrYW4gbG9nZ2VzIHDDpQ==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsUMOlbG9nZ2luZ3NuYXZu
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViLWFkcmVzc2U=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: zp/OvM6szrTOsSBJbnRlbGxpTWlycm9y
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: zqXPgM63z4HOtc+Dzq/OsSBJbnRlbGxpTWlycm9y
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zqfPgc6uz4PPhM63z4I=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UszpTOuc61z43OuM+Fzr3Pg863IM65z4PPhM6/z4POtc67zq/OtM6xz4I=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUszozOvc6/zrzOsSDPg8+Nzr3OtM61z4POt8+C
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzOo8+EzrHOuM68zr/OryDOtc+BzrPOsc+Dzq/Osc+CIM+Dz43Ovc60zrXPg863z4I=
+attributeDisplayNames:: ZGlzcGxheU5hbWUszpXOvM+GzrHOvc65zrbPjM68zrXOvc6/IM+Mzr3Ov868zrE=
+attributeDisplayNames:: dXJsLM6UzrnOtc+NzrjPhc69z4POtyDOuc+Dz4TOv8+DzrXOu86vzrTOsc+CICjOhs67zrvOtc+CKQ==
+attributeDisplayNames:: dGl0bGUszqTOr8+EzrvOv8+CIM61z4HOs86xz4POr86xz4I=
+attributeDisplayNames:: dGVsZXhOdW1iZXIszpHPgc65zrjOvM+Mz4Igz4TOrc67zrXOviAozobOu867zr/OuSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+EzrfOu861z4bPjs69zr/PhQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzOlM65zrXPjc64z4XOvc+Dzrc=
+attributeDisplayNames:: c3Qszp3Ov868z4zPgg==
+attributeDisplayNames:: c24szpXPgM+Ozr3Phc68zr8=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUszozOvc6/zrzOsSDPg8+Nzr3OtM61z4POt8+CICjPgM+BzrnOvSDPhM6xIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+Ezq3Ou861zr4=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLM6UzrnOtc64zr3Ors+CIM6xz4HOuc64zrzPjM+CIElTRE4=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzOpM6xz4fPhc60z4HOv868zrnOus6uIM64z4XPgc6vzrTOsQ==
+attributeDisplayNames:: cG9zdGFsQ29kZSzOpM6xz4cuIM66z47OtM65zrrOsc+C
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUszqTOv8+Azr/OuM61z4POr86xIM6zz4HOsc+GzrXOr86/z4U=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzOpM6vz4TOu86/z4I=
+attributeDisplayNames:: cGFnZXIszpHPgc65zrjOvM+Mz4Igz4TOt867zrXOtc65zrTOv8+Azr/Or863z4POt8+C
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUszpHPgc65zrjOvM+Mz4Igz4TOt867zrXPhs+Ozr3Ov8+FICjOhs67zrvOv865KQ==
+attributeDisplayNames:: b3RoZXJQYWdlcizOkc+BzrnOuM68z4zPgiDPhM63zrvOtc61zrnOtM6/z4DOv86vzrfPg863z4IgKM6GzrvOu86/zrkp
+attributeDisplayNames:: b3RoZXJNb2JpbGUszpHPgc65zrjOvM+Mz4IgzrrOuc69zrfPhM6/z40gKM6GzrvOu86/zrkp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LM6UzrnOtc+NzrjPhc69z4POtyDOt867zrXOus+Ez4HOv869zrnOus6/z40gz4TOsc+Hz4XOtM+Bzr/OvM61zq/Ov8+FICjOhs67zrvOtc+CKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLM6Rz4HOuc64zrzPjM+CIM+EzrfOu861z4bPjs69zr/PhSBJUCAozobOu867zr/OuSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUszpHPgc65zrjOvM+Mz4Igz4TOt867zrXPhs+Ozr3Ov8+FIM6/zrnOus6vzrHPgiAozobOu867zr/OuSk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIszpHPgc65zrjOvM+Mz4Igz4bOsc6+ICjOhs67zrvOv865KQ==
+attributeDisplayNames:: aW5mbyzOo863zrzOtc65z47Pg861zrnPgg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQszqbPic69zrfPhM65zrrOriDOs8+BzrHPhs6uIM+EzrzOrs68zrHPhM6/z4I=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLM6mz4nOvc63z4TOuc66zq4gzrPPgc6xz4bOriDOtc+Az4nOvc+FzrzOr86xz4IgzrXPhM6xzrnPgc61zq/Osc+C
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLM6mz4nOvc63z4TOuc66zq4gzrPPgc6xz4bOriDOtc68z4bOsc69zrnOts+MzrzOtc69zr/PhSDOv869z4zOvM6xz4TOv8+C
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLM6mz4nOvc63z4TOuc66zq4gzrPPgc6xz4bOriDOtc+Az4nOvc+NzrzOv8+F
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzOps+Jzr3Ot8+EzrnOus6uIM6zz4HOsc+Gzq4gzr/Ovc+MzrzOsc+Ezr/Pgg==
+attributeDisplayNames:: bW9iaWxlLM6Rz4HOuc64zrzPjM+CIM66zrnOvc63z4TOv8+N
+attributeDisplayNames:: bWlkZGxlTmFtZSzOoM6xz4TPgc+Ozr3Phc68zr8=
+attributeDisplayNames:: bWVtYmVyT2YszpzOrc67zr/PgiDPhM6/z4U=
+attributeDisplayNames:: bWFuYWdlcizOpc+AzrXPjc64z4XOvc6/z4I=
+attributeDisplayNames:: bWFpbCzOlM65zrXPjc64z4XOvc+DzrcgzrfOu861zrrPhM+Bzr/Ovc65zrrOv8+NIM+EzrHPh8+FzrTPgc6/zrzOtc6vzr/PhQ==
+attributeDisplayNames:: bCzOoM+MzrvOtw==
+attributeDisplayNames:: aXBQaG9uZSzOkc+BzrnOuM68z4zPgiDPhM63zrvOtc+Gz47Ovc6/z4UgSVA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIszpTOuc61zrjOvc6uz4IgzrHPgc65zrjOvM+Mz4IgSVNETiAozobOu867zr/OuSk=
+attributeDisplayNames:: aW5pdGlhbHMszpHPgc+HzrnOus6s
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MszpTOuc61z43OuM+Fzr3Pg863IM6/zrnOus6vzrHPgg==
+attributeDisplayNames:: aG9tZVBob25lLM6kzrfOu86tz4bPic69zr8gzr/Ouc66zq/Osc+C
+attributeDisplayNames:: aG9tZURyaXZlLM6azrXOvc+Ez4HOuc66zq4gzrzOv869zqzOtM6xIM60zq/Pg866zr/PhQ==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzOms61zr3PhM+BzrnOus+Mz4Igz4bOrM66zrXOu86/z4I=
+attributeDisplayNames:: Z2l2ZW5OYW1lLM6Mzr3Ov868zrE=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizOlc+Azq/OuM63zrzOsSDOtM63zrzOuc6/z4XPgc6zzq/Osc+C
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+GzrHOvg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzOkc69zrHOs869z4nPgc65z4PPhM65zrrPjCDOtc+BzrPOsc62zr/OvM6tzr3Ov8+F
+attributeDisplayNames:: ZGl2aXNpb24szqTOv868zq3Osc+C
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUszpHPgM6/zrrOu861zrnPg8+EzrnOus+MIM+Mzr3Ov868zrE=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzOhs68zrXPg86xIM+Fz4DOtc+NzrjPhc69zr/OuQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: ZGVwYXJ0bWVudCzOpM68zq7OvM6x
+attributeDisplayNames:: Y29tcGFueSzOlc+EzrHOuc+BzrXOr86x
+attributeDisplayNames:: Y29tbWVudCzOo8+Hz4zOu865zr8=
+attributeDisplayNames:: Y28szqfPjs+BzrE=
+attributeDisplayNames:: YyzOo8+Fzr3PhM6/zrzOv86zz4HOsc+Gzq/OsSDPh8+Oz4HOsc+C
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+attributeDisplayNames:: YXNzaXN0YW50LM6Szr/Ot864z4zPgg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zp/OvM6szrTOsQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UszpTOuc61z43OuM+Fzr3Pg863IM65z4PPhM6/z4POtc67zq/OtM6xz4I=
+attributeDisplayNames:: dXJsLM6UzrnOtc+NzrjPhc69z4POtyDOuc+Dz4TOv8+DzrXOu86vzrTOsc+CICjOhs67zrvOtc+CKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUszozOvc6/zrzOsSDOv868zqzOtM6xz4IgKM+Az4HOuc69IM+EzrEgV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUszqTOv8+Azr/OuM61z4POr86xIM6zz4HOsc+GzrXOr86/z4U=
+attributeDisplayNames:: aW5mbyzOo863zrzOtc65z47Pg861zrnPgg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLM6mz4nOvc63z4TOuc66zq4gzrPPgc6xz4bOriDOtc68z4bOsc69zrnOts+MzrzOtc69zr/PhSDOv869z4zOvM6xz4TOv8+C
+attributeDisplayNames:: bWVtYmVyLM6czq3Ou863
+attributeDisplayNames:: bWFuYWdlZEJ5LM6UzrnOsc+HzrXOuc+Bzq/Ots61z4TOsc65IM6xz4DPjA==
+attributeDisplayNames:: bCzOoM+MzrvOtw==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUszpHPgM6/zrrOu861zrnPg8+EzrnOus+MIM+Mzr3Ov868zrE=
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: YyzOo8+Fzr3PhM6/zrzOv86zz4HOsc+Gzq/OsSDPh8+Oz4HOsc+C
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zqTOv868zq3Osc+C
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: ZGMszozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zpXPgM6xz4bOrg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UszpTOuc61z43OuM+Fzr3Pg863IM65z4PPhM6/z4POtc67zq/OtM6xz4I=
+attributeDisplayNames:: dXJsLM6UzrnOtc+NzrjPhc69z4POtyDOuc+Dz4TOv8+DzrXOu86vzrTOsc+CICjOhs67zrvOtc+CKQ==
+attributeDisplayNames:: dGl0bGUszqTOr8+EzrvOv8+CIM61z4HOs86xz4POr86xz4I=
+attributeDisplayNames:: dGVsZXhOdW1iZXIszpHPgc65zrjOvM+Mz4Igz4TOrc67zrXOviAozobOu867zr/OuSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+EzrfOu861z4bPjs69zr/PhQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzOlM65zrXPjc64z4XOvc+Dzrc=
+attributeDisplayNames:: c3Qszp3Ov868z4zPgg==
+attributeDisplayNames:: c24szpXPgM+Ozr3Phc68zr8=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+Ezq3Ou861zr4=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLM6UzrnOtc64zr3Ors+CIM6xz4HOuc64zrzPjM+CIElTRE4=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzOpM6xz4fPhc60z4HOv868zrnOus6uIM64z4XPgc6vzrTOsQ==
+attributeDisplayNames:: cG9zdGFsQ29kZSzOpM6xz4cuIM66z47OtM65zrrOsc+C
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUszqTOv8+Azr/OuM61z4POr86xIM6zz4HOsc+GzrXOr86/z4U=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzOpM6vz4TOu86/z4I=
+attributeDisplayNames:: cGFnZXIszpHPgc65zrjOvM+Mz4Igz4TOt867zrXOtc65zrTOv8+Azr/Or863z4POt8+C
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUszpHPgc65zrjOvM+Mz4Igz4TOt867zrXPhs+Ozr3Ov8+FICjOhs67zrvOv865KQ==
+attributeDisplayNames:: b3RoZXJQYWdlcizOkc+BzrnOuM68z4zPgiDPhM63zrvOtc61zrnOtM6/z4DOv86vzrfPg863z4IgKM6GzrvOu86/zrkp
+attributeDisplayNames:: b3RoZXJNb2JpbGUszpHPgc65zrjOvM+Mz4IgzrrOuc69zrfPhM6/z40gKM6GzrvOu86/zrkp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LM6UzrnOtc+NzrjPhc69z4POtyDOt867zrXOus+Ez4HOv869zrnOus6/z40gz4TOsc+Hz4XOtM+Bzr/OvM61zq/Ov8+FICjOhs67zrvOtc+CKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLM6Rz4HOuc64zrzPjM+CIM+EzrfOu861z4bPjs69zr/PhSBJUCAozobOu867zr/OuSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUszpHPgc65zrjOvM+Mz4Igz4TOt867zrXPhs+Ozr3Ov8+FIM6/zrnOus6vzrHPgiAozobOu867zr/OuSk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIszpHPgc65zrjOvM+Mz4Igz4bOsc6+ICjOhs67zrvOv865KQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQszqbPic69zrfPhM65zrrOriDOs8+BzrHPhs6uIM+EzrzOrs68zrHPhM6/z4I=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLM6mz4nOvc63z4TOuc66zq4gzrPPgc6xz4bOriDOtc+Az4nOvc+FzrzOr86xz4IgzrXPhM6xzrnPgc61zq/Osc+C
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLM6mz4nOvc63z4TOuc66zq4gzrPPgc6xz4bOriDOtc68z4bOsc69zrnOts+MzrzOtc69zr/PhSDOv869z4zOvM6xz4TOv8+C
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLM6mz4nOvc63z4TOuc66zq4gzrPPgc6xz4bOriDOtc+Az4nOvc+NzrzOv8+F
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzOps+Jzr3Ot8+EzrnOus6uIM6zz4HOsc+Gzq4gzr/Ovc+MzrzOsc+Ezr/Pgg==
+attributeDisplayNames:: bW9iaWxlLM6Rz4HOuc64zrzPjM+CIM66zrnOvc63z4TOv8+N
+attributeDisplayNames:: bWlkZGxlTmFtZSzOoM6xz4TPgc+Ozr3Phc68zr8=
+attributeDisplayNames:: bWVtYmVyT2YszpzOrc67zr/PgiDPhM6/z4U=
+attributeDisplayNames:: bWFuYWdlcizOpc+AzrXPjc64z4XOvc6/z4I=
+attributeDisplayNames:: bWFpbCzOlM65zrXPjc64z4XOvc+DzrcgzrfOu861zrrPhM+Bzr/Ovc65zrrOv8+NIM+EzrHPh8+FzrTPgc6/zrzOtc6vzr/PhQ==
+attributeDisplayNames:: bCzOoM+MzrvOtw==
+attributeDisplayNames:: aXBQaG9uZSzOkc+BzrnOuM68z4zPgiDPhM63zrvOtc+Gz47Ovc6/z4UgSVA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIszpTOuc61zrjOvc6uz4IgzrHPgc65zrjOvM+Mz4IgSVNETiAozobOu867zr/OuSk=
+attributeDisplayNames:: aW5mbyzOo863zrzOtc65z47Pg861zrnPgg==
+attributeDisplayNames:: aW5pdGlhbHMszpHPgc+HzrnOus6s
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MszpTOuc61z43OuM+Fzr3Pg863IM6/zrnOus6vzrHPgg==
+attributeDisplayNames:: aG9tZVBob25lLM6kzrfOu86tz4bPic69zr8gzr/Ouc66zq/Osc+C
+attributeDisplayNames:: Z2l2ZW5OYW1lLM6Mzr3Ov868zrE=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizOlc+Azq/OuM63zrzOsSDOtM63zrzOuc6/z4XPgc6zzq/Osc+C
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+GzrHOvg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzOkc69zrHOs869z4nPgc65z4PPhM65zrrPjCDOtc+BzrPOsc62zr/OvM6tzr3Ov8+F
+attributeDisplayNames:: ZGl2aXNpb24szqTOv868zq3Osc+C
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUszpHPgM6/zrrOu861zrnPg8+EzrnOus+MIM+Mzr3Ov868zrE=
+attributeDisplayNames:: ZGlzcGxheU5hbWUszpXOvM+GzrHOvc65zrbPjM68zrXOvc6/IM+Mzr3Ov868zrE=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzOhs68zrXPg86xIM+Fz4DOtc+NzrjPhc69zr/OuQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: ZGVwYXJ0bWVudCzOpM68zq7OvM6x
+attributeDisplayNames:: Y29tcGFueSzOlc+EzrHOuc+BzrXOr86x
+attributeDisplayNames:: Y29tbWVudCzOo8+Hz4zOu865zr8=
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+attributeDisplayNames:: Y28szqfPjs+BzrE=
+attributeDisplayNames:: YyzOo8+Fzr3PhM6/zrzOv86zz4HOsc+Gzq/OsSDPh8+Oz4HOsc+C
+attributeDisplayNames:: YXNzaXN0YW50LM6Szr/Ot864z4zPgg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainPolicy-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zqDOv867zrnPhM65zrrOriDPhM6/zrzOrc6x
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zqTOv8+AzrnOus6uIM+Azr/Ou865z4TOuc66zq4=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zprOv865zr3PjM+Hz4HOt8+Dz4TOv8+CIM+GzqzOus61zrvOv8+C
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSzOlM65zrHOtM+Bzr/OvM6uIM60zrnOus+Ez43Ov8+F
+attributeDisplayNames:: a2V5d29yZHMszpvOrc6+zrXOuc+CLc66zrvOtc65zrTOuc6s
+attributeDisplayNames:: bWFuYWdlZEJ5LM6UzrnOsc+HzrXOuc+Bzq/Ots61z4TOsc65IM6xz4DPjA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zqXPgM63z4HOtc+Dzq/OsQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zqXPgM6/zrvOv86zzrnPg8+Ezq7Pgg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLM6mz4nOvc63z4TOuc66zq4gzrPPgc6xz4bOriDOtc68z4bOsc69zrnOts+MzrzOtc69zr/PhSDOv869z4zOvM6xz4TOv8+C
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUszozOvc6/zrzOsSDPhc+Azr/Ou86/zrPOuc+Dz4TOriAoz4DPgc65zr0gz4TOsSBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizOiM66zrTOv8+DzrcgzrvOtc65z4TOv8+Fz4HOs865zrrOv8+NIM+Dz4XPg8+Ezq7OvM6xz4TOv8+C
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLM6bzrXOuc+Ezr/Phc+BzrPOuc66z4wgz4PPjc+Dz4TOt868zrE=
+attributeDisplayNames:: bWFuYWdlZEJ5LM6UzrnOsc+HzrXOuc+Bzq/Ots61z4TOsc65IM6xz4DPjA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zpXOus+Ez4XPgM+Jz4TOrs+C
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcizOiM66zrTOv8+DzrcgzrHOvc+EzrnOus61zrnOvM6tzr3Ov8+F
+attributeDisplayNames:: dXJsLM6UzrnOtc+NzrjPhc69z4POtyDOuc+Dz4TOv8+DzrXOu86vzrTOsc+C
+attributeDisplayNames:: c2VydmVyTmFtZSzOjM69zr/OvM6xIM60zrnOsc66zr/OvM65z4PPhM6u
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzOpc+Azr/Pg8+Ezq7Pgc65zr7OtyDPg8+Fz4HPgc6xz4bOrs+C
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUszozOvc6/zrzOsSDOus6/zrnOvc+Mz4fPgc63z4PPhM6/z4Ugz4PPhM6/zrnPh861zq/Ov8+F
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzOo861zrvOr860zrXPgiDOsc69zqwgzrvOtc+Az4TPjA==
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzOnM6/zr3OrM60zrXPgiDPhM6xz4fPjc+EzrfPhM6xz4I=
+attributeDisplayNames:: cHJpbnRSYXRlLM6kzrHPh8+Nz4TOt8+EzrE=
+attributeDisplayNames:: cHJpbnRPd25lcizOjM69zr/OvM6xIM66zrHPhM+Mz4fOv8+F
+attributeDisplayNames:: cHJpbnRNZW1vcnkszpXOs866zrHPhM61z4PPhM63zrzOrc69zrcgzrzOvc6uzrzOtw==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzOpM+Nz4DOv865IM+HzrHPgc+EzrnOv8+NIM+Azr/PhSDPhc+Azr/Pg8+EzrfPgc6vzrbOv869z4TOsc65
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LM6UzrnOsc64zq3Pg865zrzOvyDPh86xz4HPhM6v
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLM6czq3Os865z4PPhM63IM6xzr3OrM67z4XPg863
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSzOk867z47Pg8+DzrEgzrXOus+Ez4XPgM+Jz4TOrg==
+attributeDisplayNames:: cHJpbnRlck5hbWUszozOvc6/zrzOsQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQszqXPgM6/z4PPhM63z4HOr862zrXOuSDOtc66z4TPjc+Az4nPg863IM60zrnPgM67zq7PgiDPjM+IzrXPic+C
+attributeDisplayNames:: cHJpbnRDb2xvcizOpc+Azr/Pg8+EzrfPgc6vzrbOtc65IM6tzrPPh8+Bz4nOvM63IM61zrrPhM+Nz4DPic+Dzrc=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLM6lz4DOv8+Dz4TOt8+Bzq/Ots61zrkgz4TOsc6+zrnOvc+MzrzOt8+Dzrc=
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzOms6xz4POrc+EzrXPgiDOtc65z4PPjM60zr/PhQ==
+attributeDisplayNames:: cG9ydE5hbWUszpjPjc+BzrE=
+attributeDisplayNames:: bG9jYXRpb24szpjOrc+Dzrc=
+attributeDisplayNames:: ZHJpdmVyTmFtZSzOnM6/zr3PhM6tzrvOvw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqPPh8+MzrvOuc6/
+attributeDisplayNames:: Y29udGFjdE5hbWUszpXPgM6xz4bOrg==
+attributeDisplayNames:: YXNzZXROdW1iZXIszpHPgc65zrjOvM+Mz4Igz4PPhM6/zrnPh861zq/Ov8+F
+attributeDisplayNames:: dU5DTmFtZSzOjM69zr/OvM6xIM60zrnOus+Ez43Ov8+F
+attributeDisplayNames:: Y24szozOvc6/zrzOsSDPhc+AzrfPgc61z4POr86xz4IgzrrOsc+EzrHOu8+MzrPOv8+F
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: zqTOv8+Azr/OuM61z4POr86x
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: zpTOuc6xzrrOv868zrnPg8+Ezq7Pgg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: zqHPhc64zrzOr8+DzrXOuc+C
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: zqHPhc64zrzOr8+DzrXOuc+CIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: zqPPjc69zr/Ou86/IM+BzrXPgM67zq/Ous6xz4IgRlJT
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: zqHPhc64zrzOr8+DzrXOuc+CIM61zrvOtc6zzrrPhM6uIM+Ezr/OvM6tzrE=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: zqPPjc69zrTOtc+Dzrc=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: zqXPgM6/zrTOr866z4TPhc6/
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zp/Pgc6zzrHOvc65zrrOriDOvM6/zr3OrM60zrE=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LM6UzrnOsc+HzrXOuc+Bzq/Ots61z4TOsc65IM6xz4DPjA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: b3UszozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: zprOv869z4TOrc65zr3Otc+B
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: zpHOvs65z4zPgM65z4PPhM6/z4Igz4TOv868zq3Osc+C
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQszqbPic69zrfPhM65zrrOriDOs8+BzrHPhs6uIM+EzrzOrs68zrHPhM6/z4IsMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLM6mz4nOvc63z4TOuc66zq4gzrPPgc6xz4bOriDOtc+Az4nOvc+FzrzOr86xz4IgzrXPhM6xzrnPgc61zq/Osc+CLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLM6mz4nOvc63z4TOuc66zq4gzrPPgc6xz4bOriDOtc+Az4nOvc+NzrzOv8+FLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSzOps+Jzr3Ot8+EzrnOus6uIM6zz4HOsc+Gzq4gzr/Ovc+MzrzOsc+Ezr/PgiwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLM6mz4nOvc63z4TOuc66zq4gzrPPgc6xz4bOriDOtc68z4bOsc69zrnOts+MzrzOtc69zr/PhSDOv869z4zOvM6xz4TOv8+CLDAsMTAwLDA=
+extraColumns:: cG9zdGFsQ29kZSzOpM6xz4fPhc60z4HOv868zrnOus+Mz4IgzrrPjs60zrnOus6xz4IsMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MszpTOuc61z43OuM+Fzr3Pg863IM63zrvOtc66z4TPgc6/zr3Ouc66zr/PjSDPhM6xz4fPhc60z4HOv868zrXOr86/z4UgWC40MDAsMCwxMzAsMA==
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUszozOvc6/zrzOsSDPg8+Nzr3OtM61z4POt8+CIM+Hz4HOrs+Dz4TOtywwLDIwMCww
+extraColumns:: dGl0bGUszqTOr8+EzrvOv8+CIM61z4HOs86xz4POr86xz4IsMCwxMDAsMA==
+extraColumns:: dGFyZ2V0QWRkcmVzcyzOlM65zrXPjc64z4XOvc+Dzrcgz4DPgc6/zr/Pgc65z4POvM6/z40sMCwxMDAsMA==
+extraColumns:: c3QszprOsc+EzqzPg8+EzrHPg863LDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUszpPPgc6xz4bOtc6vzr8sMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQszqTPgc6/z4DOv8+Azr/Ouc6uzrjOt866zrUsMCwxMzAsMA==
+extraColumns:: c24szpXPgM+Ozr3Phc68zr8sMCwxMDAsMA==
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMIM6szrzOtc+Dz4nOvSDOvM63zr3Phc68zqzPhM+Jzr0sMCwxNDAsMA==
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCzOlM65zrHOus6/zrzOuc+Dz4TOrs+CIM66zrXOvc+Ez4HOuc66zq7PgiDPg861zrvOr860zrHPgiDOrM68zrXPg8+Jzr0gzrzOt869z4XOvM6sz4TPic69LDAsMTcwLDA=
+extraColumns:: Z2l2ZW5OYW1lLM6Mzr3Ov868zrEsMCwxMDAsMA==
+extraColumns:: aG9tZU1EQizOp8+Oz4HOv8+CIM6xz4DOv864zq7Ous61z4XPg863z4IgzrPPgc6xzrzOvM6xz4TOv866zrnOss+Jz4TOr86/z4UgRXhjaGFuZ2UsMCwxMDAsMA==
+extraColumns:: bWFpbE5pY2tuYW1lLM6ozrXPhc60z47Ovc+FzrzOvyBFeGNoYW5nZSwwLDE3NSww
+extraColumns:: bWFpbCzOlM65zrXPjc64z4XOvc+DzrcgzrfOu861zrrPhM+Bzr/Ovc65zrrOv8+NIM+EzrHPh8+FzrTPgc6/zrzOtc6vzr/PhSwwLDEwMCww
+extraColumns:: c0FNQWNjb3VudE5hbWUszozOvc6/zrzOsSDPg8+Nzr3OtM61z4POt8+CIM+Az4HOuc69IM+EzrEgV2luZG93cyAyMDAwLDAsMTIwLDA=
+extraColumns:: ZGlzcGxheU5hbWUszpXOvM+GzrHOvc65zrbPjM68zrXOvc6/IM+Mzr3Ov868zrEsMCwxMDAsMA==
+extraColumns:: ZGVwYXJ0bWVudCzOpM68zq7OvM6xLDAsMTUwLDA=
+extraColumns:: YyzOp8+Oz4HOsSwwLC0xLDA=
+extraColumns:: Y29tcGFueSzOlc+EzrHOuc+BzrXOr86xLDAsMTUwLDA=
+extraColumns:: bCzOoM+MzrvOtywwLDE1MCww
+extraColumns:: dGVsZXBob25lTnVtYmVyLM6kzrfOu86tz4bPic69zr8gzrXPgc6zzrHPg86vzrHPgiwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: zqPPjc69zrTOtc+Dzrcgz4TOv8+Azr/OuM61z4POr86xz4I=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: zpPOrc+Gz4XPgc6xIM+Dz43Ovc60zrXPg863z4Igz4TOv8+Azr/OuM61z4POr86xz4I=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: zpzOtc+EzrHPhs6/z4HOrCDOvM61z4TOsc6+z40gzrHPgM6/zrzOsc66z4HPhc+DzrzOrc69z4nOvSDPhM6/z4DOv864zrXPg865z47OvQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: zqHPhc64zrzOr8+DzrXOuc+CIM6szrTOtc65zrHPgiDPh8+Bzq7Pg863z4Igz4TOv8+Azr/OuM61z4POr86xz4I=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: zqHPhc64zrzOr8+DzrXOuc+CIM+Ezr/PgM6/zrjOtc+Dzq/Osc+C
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: zpzOrc67zr/PgiBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: zqPPhc69zrTPgc6/zrzOt8+Ezq7PgiBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: zqPPhc69zrTPgc6/zrzOrc+CIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: zqXPgM63z4HOtc+Dzq/Otc+CIFJQQw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: zp/Phc+BzqwgTVNNUQ==
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: zqHPjc64zrzOuc+Dzrcgz4DOsc+BzrHOvM6tz4TPgc+Jzr0gTVNNUQ==
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: zpXPhM6xzrnPgc61zq/OsSBNU01R
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: zpHOvc6xzrLOsc64zrzOuc+DzrzOrc69zr/PgiDPh8+Bzq7Pg8+EzrfPgiBNU01R
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: zqPPjc69zrTOtc+DzrcgzrTPgc6/zrzOv867z4zOs863z4POt8+CIE1TTVE=
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: zqHPhc64zrzOr8+DzrXOuc+CIE1TTVE=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: zqjOtc+FzrTPjs69z4XOvM6xIM6/z4XPgc6sz4IgTVNNUQ==
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSzOjM69zr/OvM6xIM68zr/Pgc+Gzq7Pgg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: zozOvc6/zrzOsSBNU01R
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLM6fz4XPgc6tz4ItzrzOrc67zrc=
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: zqXPgM63z4HOtc+Dzq/OsSDOsc+Azr/OvM6xzrrPgc+Fz4POvM6tzr3Ot8+CIM6xz4DOv864zq7Ous61z4XPg863z4I=
+adminContextMenu:: MCzOlM65zrEmz4fOtc6vz4HOuc+DzrcuLi4sUnNBZG1pbi5tc2M=
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: zprOv869z4TOrc65zr3Otc+BIM+Ezr/PgM6/zrjOtc+DzrnPjs69
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: zprOv869z4TOrc65zr3Otc+BIM68zrXPhM6xz4bOv8+Bz47OvSDOvM61z4TOsc6+z40gzrHPgM6/zrzOsc66z4HPhc+DzrzOrc69z4nOvSDPhM6/z4DOv864zrXPg865z47OvQ==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: zprOv869z4TOrc65zr3Otc+BIM+Fz4DOv860zrnOus+Ez43Pic69
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: zprOv869z4TOrc65zr3Otc+BIM60zrnOsc66zr/OvM65z4PPhM+Ozr0=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: zqXPgM63z4HOtc+Dzq/Otc+CIM+Ezr/OvM6tzrEgQWN0aXZlIERpcmVjdG9yeQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: zqDOv867zrnPhM65zrrOriDOtc+Bz4nPhM6uzrzOsc+Ezr/Pgg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: zpHPgc+Hzq4gzrXOvs+Jz4TOtc+BzrnOus6uz4IgzrHPg8+GzqzOu861zrnOsc+C
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: zqDPgc+Mz4TPhc+Azr8gz4DOuc+Dz4TOv8+Azr/Ouc63z4TOuc66z47OvQ==
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LM6kzrXOu861z4XPhM6xzq/Ov8+CIM6zzr3Pic+Dz4TPjM+CIM6zzr/Ovc6tzrHPgiwxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=408,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LM6Szr/Ot864z4zPgg==
+attributeDisplayNames:: Y24szozOvc6/zrzOsQ==
+attributeDisplayNames:: YyzOo8+Fzr3PhM6/zrzOv86zz4HOsc+Gzq/OsSDPh8+Oz4HOsc+C
+attributeDisplayNames:: Y28szqfPjs+BzrE=
+attributeDisplayNames:: Y29tbWVudCzOo8+Hz4zOu865zr8=
+attributeDisplayNames:: Y29tcGFueSzOlc+EzrHOuc+BzrXOr86x
+attributeDisplayNames:: ZGVwYXJ0bWVudCzOpM68zq7OvM6x
+attributeDisplayNames:: ZGVzY3JpcHRpb24szqDOtc+BzrnOs8+BzrHPhs6u
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzOhs68zrXPg86xIM+Fz4DOtc+NzrjPhc69zr/OuQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUszpHPgM6/zrrOu861zrnPg8+EzrnOus+MIM+Mzr3Ov868zrE=
+attributeDisplayNames:: ZGl2aXNpb24szqTOv868zq3Osc+C
+attributeDisplayNames:: ZW1wbG95ZWVJRCzOkc69zrHOs869z4nPgc65z4PPhM65zrrPjCDOtc+BzrPOsc62zr/OvM6tzr3Ov8+F
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+GzrHOvg==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizOlc+Azq/OuM63zrzOsSDOtM63zrzOuc6/z4XPgc6zzq/Osc+C
+attributeDisplayNames:: Z2l2ZW5OYW1lLM6Mzr3Ov868zrE=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzOms61zr3PhM+BzrnOus+Mz4Igz4bOrM66zrXOu86/z4I=
+attributeDisplayNames:: aG9tZURyaXZlLM6azrXOvc+Ez4HOuc66zq4gzrzOv869zqzOtM6xIM60zq/Pg866zr/PhQ==
+attributeDisplayNames:: aG9tZVBob25lLM6kzrfOu86tz4bPic69zr8gzr/Ouc66zq/Osc+C
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MszpTOuc61z43OuM+Fzr3Pg863IM6/zrnOus6vzrHPgg==
+attributeDisplayNames:: aW5pdGlhbHMszpHPgc+HzrnOus6s
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIszpTOuc61zrjOvc6uz4IgzrHPgc65zrjOvM+Mz4IgSVNETiAozobOu867zr/OuSk=
+attributeDisplayNames:: aXBQaG9uZSzOkc+BzrnOuM68z4zPgiDPhM63zrvOtc+Gz47Ovc6/z4UgSVA=
+attributeDisplayNames:: bCzOoM+MzrvOtw==
+attributeDisplayNames:: bWFpbCzOlM65zrXPjc64z4XOvc+DzrcgzrfOu861zrrPhM+Bzr/Ovc65zrrOv8+NIM+EzrHPh8+FzrTPgc6/zrzOtc6vzr/PhQ==
+attributeDisplayNames:: bWFuYWdlcizOpc+AzrXPjc64z4XOvc6/z4I=
+attributeDisplayNames:: bWVtYmVyT2YszpzOrc67zr/PgiDPhM6/z4U=
+attributeDisplayNames:: bWlkZGxlTmFtZSzOoM6xz4TPgc+Ozr3Phc68zr8=
+attributeDisplayNames:: bW9iaWxlLM6Rz4HOuc64zrzPjM+CIM66zrnOvc63z4TOv8+N
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQszqbPic69zrfPhM65zrrOriDOs8+BzrHPhs6uIM+EzrzOrs68zrHPhM6/z4I=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLM6mz4nOvc63z4TOuc66zq4gzrPPgc6xz4bOriDOtc+Az4nOvc+FzrzOr86xz4IgzrXPhM6xzrnPgc61zq/Osc+C
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLM6mz4nOvc63z4TOuc66zq4gzrPPgc6xz4bOriDOtc68z4bOsc69zrnOts+MzrzOtc69zr/PhSDOv869z4zOvM6xz4TOv8+C
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLM6mz4nOvc63z4TOuc66zq4gzrPPgc6xz4bOriDOtc+Az4nOvc+NzrzOv8+F
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzOps+Jzr3Ot8+EzrnOus6uIM6zz4HOsc+Gzq4gzr/Ovc+MzrzOsc+Ezr/Pgg==
+attributeDisplayNames:: aW5mbyzOo863zrzOtc65z47Pg861zrnPgg==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIszpHPgc65zrjOvM+Mz4Igz4bOsc6+ICjOhs67zrvOv865KQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUszqTOt867zq3Phs+Jzr3OvyDOv865zrrOr86xz4IgKM6GzrvOu86xKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLM6Rz4HOuc64zrzPjM+CIM+EzrfOu861z4bPjs69zr/PhSBJUCAozobOu867zr/OuSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LM6UzrnOtc+NzrjPhc69z4POtyDOt867zrXOus+Ez4HOv869zrnOus6/z40gz4TOsc+Hz4XOtM+Bzr/OvM61zq/Ov8+FICjOhs67zrvOtc+CKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUszpHPgc65zrjOvM+Mz4IgzrrOuc69zrfPhM6/z40gKM6GzrvOu86/zrkp
+attributeDisplayNames:: b3RoZXJQYWdlcizOkc+BzrnOuM68z4zPgiDPhM63zrvOtc61zrnOtM6/z4DOv86vzrfPg863z4IgKM6GzrvOu86/zrkp
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUszpHPgc65zrjOvM+Mz4Igz4TOt867zrXPhs+Ozr3Ov8+FICjOhs67zrvOv865KQ==
+attributeDisplayNames:: cGFnZXIszpHPgc65zrjOvM+Mz4Igz4TOt867zrXOtc65zrTOv8+Azr/Or863z4POt8+C
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzOpM6vz4TOu86/z4I=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUszqTOv8+Azr/OuM61z4POr86xIM6zz4HOsc+GzrXOr86/z4U=
+attributeDisplayNames:: cG9zdGFsQ29kZSzOpM6xz4cuIM66z47OtM65zrrOsc+C
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzOpM6xz4fPhc60z4HOv868zrnOus6uIM64z4XPgc6vzrTOsQ==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLM6UzrnOtc64zr3Ors+CIM6xz4HOuc64zrzPjM+CIElTRE4=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+Ezq3Ou861zr4=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUszozOvc6/zrzOsSDPg8+Nzr3OtM61z4POt8+CICjPgM+BzrnOvSDPhM6xIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: c24szpXPgM+Ozr3Phc68zr8=
+attributeDisplayNames:: c3Qszp3Ov868z4zPgg==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzOlM65zrXPjc64z4XOvc+Dzrc=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLM6Rz4HOuc64zrzPjM+CIM+EzrfOu861z4bPjs69zr/PhQ==
+attributeDisplayNames:: dGVsZXhOdW1iZXIszpHPgc65zrjOvM+Mz4Igz4TOrc67zrXOviAozobOu867zr/OuSk=
+attributeDisplayNames:: dGl0bGUszqTOr8+EzrvOv8+CIM61z4HOs86xz4POr86xz4I=
+attributeDisplayNames:: dXJsLM6UzrnOtc+NzrjPhc69z4POtyDOuc+Dz4TOv8+DzrXOu86vzrTOsc+CICjOhs67zrvOtc+CKQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUszpXOvM+GzrHOvc65zrbPjM68zrXOvc6/IM+Mzr3Ov868zrE=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzOo8+EzrHOuM68zr/OryDOtc+BzrPOsc+Dzq/Osc+CIM+Dz43Ovc60zrXPg863z4I=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUszozOvc6/zrzOsSDPg8+Nzr3OtM61z4POt8+C
+attributeDisplayNames:: d1dXSG9tZVBhZ2UszpTOuc61z43OuM+Fzr3Pg863IM65z4PPhM6/z4POtc67zq/OtM6xz4I=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: 0JPRgNGD0L/Qv9CwIEludGVsbGlNaXJyb3I=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: 0KHQu9GD0LbQsdCwIEludGVsbGlNaXJyb3I=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0J/QvtC70YzQt9C+0LLQsNGC0LXQu9GM
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us0JDQtNGA0LXRgSDRgdGC0YDQsNC90LjRhtGLINCyINCY0L3RgtC10YDQvdC10YLQtQ==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs0JjQvNGPINC00LvRjyDQstGF0L7QtNCw
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzQoNCw0LHQvtGH0LjQtSDRgdGC0LDQvdGG0LjQuCDQtNC70Y8g0LLRhdC+0LTQsCDQsiDRgdC40YHRgtC10LzRgw==
+attributeDisplayNames:: ZGlzcGxheU5hbWUs0JLRi9Cy0L7QtNC40LzQvtC1INC40LzRjw==
+attributeDisplayNames:: dXJsLNCQ0LTRgNC10YEg0YHRgtGA0LDQvdC40YbRiyDQsiDQmNC90YLQtdGA0L3QtdGC0LUgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: dGl0bGUs0JTQvtC70LbQvdC+0YHRgtGM
+attributeDisplayNames:: dGVsZXhOdW1iZXIs0J3QvtC80LXRgCDRgtC10LvQtdC60YHQsCAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNCd0L7QvNC10YAg0YLQtdC70LXRhNC+0L3QsA==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzQkNC00YDQtdGBLCDRg9C70LjRhtCw
+attributeDisplayNames:: c3Qs0J7QsdC70LDRgdGC0Yw=
+attributeDisplayNames:: c24s0KTQsNC80LjQu9C40Y8=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs0JjQvNGPINCy0YXQvtC00LAgKNC/0YDQtdC0LVdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNCd0L7QvNC10YAg0YLQtdC70LXQutGB0LA=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNCc0LXQttC00YPQvdCw0YDQvtC00L3Ri9C5INC90L7QvNC10YAgSVNETg==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzQn9C+0YfRgtC+0LLRi9C5INGP0YnQuNC6
+attributeDisplayNames:: cG9zdGFsQ29kZSzQn9C+0YfRgtC+0LLRi9C5INC40L3QtNC10LrRgQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs0JrQvtC80L3QsNGC0LA=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzQotC40YLRg9C7LCDQt9Cy0LDQvdC40LU=
+attributeDisplayNames:: cGFnZXIs0J3QvtC80LXRgCDQv9C10LnQtNC20LXRgNCw
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs0J3QvtC80LXRgCDRgtC10LvQtdGE0L7QvdCwICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: b3RoZXJQYWdlcizQndC+0LzQtdGAINC/0LXQudC00LbQtdGA0LAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs0J3QvtC80LXRgCDRgdC+0YLQvtCy0L7Qs9C+INGC0LXQu9C10YTQvtC90LAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNCt0LvQtdC60YLRgNC+0L3QvdCw0Y8g0L/QvtGH0YLQsCAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLNCi0LXQu9C10YTQvtC90L3Ri9C5INC90L7QvNC10YAgSVAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs0JTQvtC80LDRiNC90LjQuSDRgtC10LvQtdGE0L7QvSAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs0J3QvtC80LXRgCDRhNCw0LrRgdCwICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: aW5mbyzQn9GA0LjQvNC10YfQsNC90LjRjw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs0J7RgtC00LXQuyDRhNC+0L3QtdGC0LjQutC4
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLNCe0YDQs9Cw0L3QuNC30LDRhtC40Y8gKNGE0L7QvdC10YLQuNC60LAp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLNCe0YLQvtCx0YDQsNC20LDQtdC80L7QtSDQuNC80Y8gKNC/0YDQvtC40LfQvdC+0YjQtdC90LjQtSk=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLNCk0LDQvNC40LvQuNGPICjRhNC+0L3QtdGC0LjQutCwKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzQmNC80Y8gKNGE0L7QvdC10YLQuNC60LAp
+attributeDisplayNames:: bW9iaWxlLNCd0L7QvNC10YAg0YHQvtGC0L7QstC+0LPQviDRgtC10LvQtdGE0L7QvdCw
+attributeDisplayNames:: bWlkZGxlTmFtZSzQodGA0LXQtNC90Y/RjyDRh9Cw0YHRgtGMINC40LzQtdC90LgsINC+0YLRh9C10YHRgtCy0L4=
+attributeDisplayNames:: bWVtYmVyT2Ys0KfQu9C10L0g0LPRgNGD0L/Qvw==
+attributeDisplayNames:: bWFuYWdlcizQoNGD0LrQvtCy0L7QtNC40YLQtdC70Yw=
+attributeDisplayNames:: bWFpbCzQrdC70LXQutGC0YDQvtC90L3QsNGPINC/0L7Rh9GC0LA=
+attributeDisplayNames:: bCzQk9C+0YDQvtC0
+attributeDisplayNames:: aXBQaG9uZSzQotC10LvQtdGE0L7QvdC90YvQuSDQvdC+0LzQtdGAIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs0JzQtdC20LTRg9C90LDRgNC+0LTQvdGL0Lkg0L3QvtC80LXRgCBJU0ROICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: aW5pdGlhbHMs0JjQvdC40YbQuNCw0LvRiw==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms0JTQvtC80LDRiNC90LjQuSDQsNC00YDQtdGB
+attributeDisplayNames:: aG9tZVBob25lLNCU0L7QvNCw0YjQvdC40Lkg0YLQtdC70LXRhNC+0L0=
+attributeDisplayNames:: aG9tZURyaXZlLNCU0LjRgdC6INC00L7QvNCw0YjQvdC10Lkg0L/QsNC/0LrQuA==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzQlNC+0LzQsNGI0L3Rj9GPINC/0LDQv9C60LA=
+attributeDisplayNames:: Z2l2ZW5OYW1lLNCY0LzRjw==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizQodGD0YTRhNC40LrRgSDQv9C+0LrQvtC70LXQvdC40Y8=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNCd0L7QvNC10YAg0YTQsNC60YHQsA==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzQmtC+0LQg0YHQvtGC0YDRg9C00L3QuNC60LA=
+attributeDisplayNames:: ZGl2aXNpb24s0J7RgtC00LXQuw==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs0KDQsNC30LvQuNGH0LDRjtGJ0LXQtdGB0Y8g0LjQvNGP
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzQn9GA0Y/QvNGL0LUg0L/QvtC00YfQuNC90LXQvdC90YvQtQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCzQntGC0LTQtdC7
+attributeDisplayNames:: Y29tcGFueSzQntGA0LPQsNC90LjQt9Cw0YbQuNGP
+attributeDisplayNames:: Y29tbWVudCzQmtC+0LzQvNC10L3RgtCw0YDQuNC5
+attributeDisplayNames:: Y28s0KHRgtGA0LDQvdCw
+attributeDisplayNames:: YyzQodC+0LrRgNCw0YnQtdC90L3QvtC1INC+0LHQvtC30L3QsNGH0LXQvdC40LUg0YHRgtGA0LDQvdGL
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+attributeDisplayNames:: YXNzaXN0YW50LNCf0L7QvNC+0YnQvdC40Lo=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0JPRgNGD0L/Qv9Cw
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us0JDQtNGA0LXRgSDRgdGC0YDQsNC90LjRhtGLINCyINCY0L3RgtC10YDQvdC10YLQtQ==
+attributeDisplayNames:: dXJsLNCQ0LTRgNC10YEg0YHRgtGA0LDQvdC40YbRiyDQsiDQmNC90YLQtdGA0L3QtdGC0LUgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs0JjQvNGPINCz0YDRg9C/0L/RiyAo0L/RgNC10LQtV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs0JrQvtC80L3QsNGC0LA=
+attributeDisplayNames:: aW5mbyzQn9GA0LjQvNC10YfQsNC90LjRjw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLNCe0YLQvtCx0YDQsNC20LDQtdC80L7QtSDQuNC80Y8gKNC/0YDQvtC40LfQvdC+0YjQtdC90LjQtSk=
+attributeDisplayNames:: bWVtYmVyLNCn0LvQtdC90Ysg0LPRgNGD0L/Qv9GL
+attributeDisplayNames:: bWFuYWdlZEJ5LNCj0L/RgNCw0LLQu9GP0LXRgtGB0Y8=
+attributeDisplayNames:: bCzQk9C+0YDQvtC0
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs0KDQsNC30LvQuNGH0LDRjtGJ0LXQtdGB0Y8g0LjQvNGP
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: YyzQodC+0LrRgNCw0YnQtdC90L3QvtC1INC+0LHQvtC30L3QsNGH0LXQvdC40LUg0YHRgtGA0LDQvdGL
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0JTQvtC80LXQvQ==
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: ZGMs0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0JrQvtC90YLQsNC60YI=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us0JDQtNGA0LXRgSDRgdGC0YDQsNC90LjRhtGLINCyINCY0L3RgtC10YDQvdC10YLQtQ==
+attributeDisplayNames:: dXJsLNCQ0LTRgNC10YEg0YHRgtGA0LDQvdC40YbRiyDQsiDQmNC90YLQtdGA0L3QtdGC0LUgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: dGl0bGUs0JTQvtC70LbQvdC+0YHRgtGM
+attributeDisplayNames:: dGVsZXhOdW1iZXIs0J3QvtC80LXRgCDRgtC10LvQtdC60YHQsCAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNCd0L7QvNC10YAg0YLQtdC70LXRhNC+0L3QsA==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzQkNC00YDQtdGBLCDRg9C70LjRhtCw
+attributeDisplayNames:: c3Qs0J7QsdC70LDRgdGC0Yw=
+attributeDisplayNames:: c24s0KTQsNC80LjQu9C40Y8=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNCd0L7QvNC10YAg0YLQtdC70LXQutGB0LA=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNCc0LXQttC00YPQvdCw0YDQvtC00L3Ri9C5INC90L7QvNC10YAgSVNETg==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzQn9C+0YfRgtC+0LLRi9C5INGP0YnQuNC6
+attributeDisplayNames:: cG9zdGFsQ29kZSzQn9C+0YfRgtC+0LLRi9C5INC40L3QtNC10LrRgQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs0JrQvtC80L3QsNGC0LA=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzQotC40YLRg9C7LCDQt9Cy0LDQvdC40LU=
+attributeDisplayNames:: cGFnZXIs0J3QvtC80LXRgCDQv9C10LnQtNC20LXRgNCw
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs0J3QvtC80LXRgCDRgtC10LvQtdGE0L7QvdCwICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: b3RoZXJQYWdlcizQndC+0LzQtdGAINC/0LXQudC00LbQtdGA0LAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs0J3QvtC80LXRgCDRgdC+0YLQvtCy0L7Qs9C+INGC0LXQu9C10YTQvtC90LAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNCt0LvQtdC60YLRgNC+0L3QvdCw0Y8g0L/QvtGH0YLQsCAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLNCi0LXQu9C10YTQvtC90L3Ri9C5INC90L7QvNC10YAgSVAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs0JTQvtC80LDRiNC90LjQuSDRgtC10LvQtdGE0L7QvSAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs0J3QvtC80LXRgCDRhNCw0LrRgdCwICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs0J7RgtC00LXQuyDRhNC+0L3QtdGC0LjQutC4
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLNCe0YDQs9Cw0L3QuNC30LDRhtC40Y8gKNGE0L7QvdC10YLQuNC60LAp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLNCe0YLQvtCx0YDQsNC20LDQtdC80L7QtSDQuNC80Y8gKNC/0YDQvtC40LfQvdC+0YjQtdC90LjQtSk=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLNCk0LDQvNC40LvQuNGPICjRhNC+0L3QtdGC0LjQutCwKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzQmNC80Y8gKNGE0L7QvdC10YLQuNC60LAp
+attributeDisplayNames:: bW9iaWxlLNCd0L7QvNC10YAg0YHQvtGC0L7QstC+0LPQviDRgtC10LvQtdGE0L7QvdCw
+attributeDisplayNames:: bWlkZGxlTmFtZSzQodGA0LXQtNC90Y/RjyDRh9Cw0YHRgtGMINC40LzQtdC90LgsINC+0YLRh9C10YHRgtCy0L4=
+attributeDisplayNames:: bWVtYmVyT2Ys0KfQu9C10L0g0LPRgNGD0L/Qvw==
+attributeDisplayNames:: bWFuYWdlcizQoNGD0LrQvtCy0L7QtNC40YLQtdC70Yw=
+attributeDisplayNames:: bWFpbCzQrdC70LXQutGC0YDQvtC90L3QsNGPINC/0L7Rh9GC0LA=
+attributeDisplayNames:: bCzQk9C+0YDQvtC0
+attributeDisplayNames:: aXBQaG9uZSzQotC10LvQtdGE0L7QvdC90YvQuSDQvdC+0LzQtdGAIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs0JzQtdC20LTRg9C90LDRgNC+0LTQvdGL0Lkg0L3QvtC80LXRgCBJU0ROICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: aW5mbyzQn9GA0LjQvNC10YfQsNC90LjRjw==
+attributeDisplayNames:: aW5pdGlhbHMs0JjQvdC40YbQuNCw0LvRiw==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms0JTQvtC80LDRiNC90LjQuSDQsNC00YDQtdGB
+attributeDisplayNames:: aG9tZVBob25lLNCU0L7QvNCw0YjQvdC40Lkg0YLQtdC70LXRhNC+0L0=
+attributeDisplayNames:: Z2l2ZW5OYW1lLNCY0LzRjw==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizQodGD0YTRhNC40LrRgSDQv9C+0LrQvtC70LXQvdC40Y8=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNCd0L7QvNC10YAg0YTQsNC60YHQsA==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzQmtC+0LQg0YHQvtGC0YDRg9C00L3QuNC60LA=
+attributeDisplayNames:: ZGl2aXNpb24s0J7RgtC00LXQuw==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs0KDQsNC30LvQuNGH0LDRjtGJ0LXQtdGB0Y8g0LjQvNGP
+attributeDisplayNames:: ZGlzcGxheU5hbWUs0JLRi9Cy0L7QtNC40LzQvtC1INC40LzRjw==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzQn9GA0Y/QvNGL0LUg0L/QvtC00YfQuNC90LXQvdC90YvQtQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCzQntGC0LTQtdC7
+attributeDisplayNames:: Y29tcGFueSzQntGA0LPQsNC90LjQt9Cw0YbQuNGP
+attributeDisplayNames:: Y29tbWVudCzQmtC+0LzQvNC10L3RgtCw0YDQuNC5
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+attributeDisplayNames:: Y28s0KHRgtGA0LDQvdCw
+attributeDisplayNames:: YyzQodC+0LrRgNCw0YnQtdC90L3QvtC1INC+0LHQvtC30L3QsNGH0LXQvdC40LUg0YHRgtGA0LDQvdGL
+attributeDisplayNames:: YXNzaXN0YW50LNCf0L7QvNC+0YnQvdC40Lo=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainPolicy-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0J/QvtC70LjRgtC40LrQsCDQtNC+0LzQtdC90LA=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0JvQvtC60LDQu9GM0L3QsNGPINC/0L7Qu9C40YLQuNC60LA=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0J7QsdGJ0LDRjyDQv9Cw0L/QutCw
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSzQodC10YLQtdCy0L7QuSDQv9GD0YLRjA==
+attributeDisplayNames:: a2V5d29yZHMs0JrQu9GO0YfQtdCy0YvQtSDRgdC70L7QstCw
+attributeDisplayNames:: bWFuYWdlZEJ5LNCj0L/RgNCw0LLQu9GP0LXRgtGB0Y8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0KHQu9GD0LbQsdCw
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0JrQvtC80L/RjNGO0YLQtdGA
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLNCe0YLQvtCx0YDQsNC20LDQtdC80L7QtSDQuNC80Y8gKNC/0YDQvtC40LfQvdC+0YjQtdC90LjQtSk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs0JjQvNGPINC60L7QvNC/0YzRjtGC0LXRgNCwICjQv9GA0LXQtC1XaW5kb3dzIDIwMDAp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizQktC10YDRgdC40Y8g0L7Qv9C10YDQsNGG0LjQvtC90L3QvtC5INGB0LjRgdGC0LXQvNGL
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLNCe0L/QtdGA0LDRhtC40L7QvdC90LDRjyDRgdC40YHRgtC10LzQsA==
+attributeDisplayNames:: bWFuYWdlZEJ5LNCj0L/RgNCw0LLQu9GP0LXRgtGB0Y8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0J/RgNC40L3RgtC10YA=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcizQktC10YDRgdC40Y8g0L7QsdGK0LXQutGC0LA=
+attributeDisplayNames:: dXJsLNCQ0LTRgNC10YEg0YHRgtGA0LDQvdC40YbRiyDQsiDQmNC90YLQtdGA0L3QtdGC0LU=
+attributeDisplayNames:: c2VydmVyTmFtZSzQmNC80Y8g0YHQtdGA0LLQtdGA0LA=
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzQn9C+0LTQtNC10YDQttC60LAg0YHRiNC40LLQsNC90LjRjw==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUs0JjQvNGPINC+0LHRidC10LPQviDRgNC10YHRg9GA0YHQsA==
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzQodGC0YDQsNC90LjRhiDQsiDQvNC40L3Rg9GC0YM=
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzQldC00LjQvdC40YbRiyDRgdC60L7RgNC+0YHRgtC4
+attributeDisplayNames:: cHJpbnRSYXRlLNCh0LrQvtGA0L7RgdGC0Yw=
+attributeDisplayNames:: cHJpbnRPd25lcizQmNC80Y8g0LLQu9Cw0LTQtdC70YzRhtCw
+attributeDisplayNames:: cHJpbnRNZW1vcnks0KPRgdGC0LDQvdC+0LLQu9C10L3QvdCw0Y8g0L/QsNC80Y/RgtGM
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzQn9C+0LTQtNC10YDQttC40LLQsNC10LzRi9C1INCy0LjQtNGLINCx0YPQvNCw0LPQuA==
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LNCY0YHQv9C+0LvRjNC30YPQtdC80LDRjyDQsdGD0LzQsNCz0LA=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLNCc0LDQutGB0LjQvNCw0LvRjNC90L7QtSDRgNCw0LfRgNC10YjQtdC90LjQtQ==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSzQo9C/0YDQsNCy0LvRj9GO0YnQuNC5INGP0LfRi9C6INC/0YDQuNC90YLQtdGA0LA=
+attributeDisplayNames:: cHJpbnRlck5hbWUs0J/QvtC70L3QvtC1INC40LzRjw==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQs0J/QvtC00LTQtdGA0LbQutCwINC00LLRg9GB0YLQvtGA0L7QvdC90LXQuSDQv9C10YfQsNGC0Lg=
+attributeDisplayNames:: cHJpbnRDb2xvcizQn9C+0LTQtNC10YDQttC60LAg0YbQstC10YLQvdC+0Lkg0L/QtdGH0LDRgtC4
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLNCf0L7QtNC00LXRgNC20LrQsCDRgNCw0LfQsdC+0YDQsCDQv9C+INC60L7Qv9C40Y/QvA==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzQn9C+0LTQsNGO0YnQuNC1INC70L7RgtC60Lg=
+attributeDisplayNames:: cG9ydE5hbWUs0J/QvtGA0YI=
+attributeDisplayNames:: bG9jYXRpb24s0KDQsNC30LzQtdGJ0LXQvdC40LU=
+attributeDisplayNames:: ZHJpdmVyTmFtZSzQnNC+0LTQtdC70Yw=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0JrQvtC80LzQtdC90YLQsNGA0LjQuQ==
+attributeDisplayNames:: Y29udGFjdE5hbWUs0JrQvtC90YLQsNC60YI=
+attributeDisplayNames:: YXNzZXROdW1iZXIs0JDRgNGC0LjQutGD0Ls=
+attributeDisplayNames:: dU5DTmFtZSzQodC10YLQtdCy0L7QtSDQuNC80Y8=
+attributeDisplayNames:: Y24s0JjQvNGPINGB0LvRg9C20LHRiyDQutCw0YLQsNC70L7Qs9C+0LI=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 0KHQsNC50YI=
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 0KHQtdGA0LLQtdGA
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 0J/QsNGA0LDQvNC10YLRgNGL
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 0J/QsNGA0LDQvNC10YLRgNGLIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 0J3QsNCx0L7RgCDRgNC10L/Qu9C40LrQsNGG0LjQuCBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 0J/QsNGA0LDQvNC10YLRgNGLINC60L7QvdGC0YDQvtC70LvQtdGA0LAg0LTQvtC80LXQvdCw
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 0J/QvtC00LrQu9GO0YfQtdC90LjQtQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 0J/QvtC00YHQtdGC0Yw=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0J/QvtC00YDQsNC30LTQtdC70LXQvdC40LU=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LNCj0L/RgNCw0LLQu9GP0LXRgtGB0Y8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: b3Us0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 0JrQvtC90YLQtdC50L3QtdGA
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 0JTQvtCy0LXRgNC10L3QvdGL0Lkg0LTQvtC80LXQvQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQs0J7RgtC00LXQuyDRhNC+0L3QtdGC0LjQutC4LDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLNCe0YDQs9Cw0L3QuNC30LDRhtC40Y8gKNGE0L7QvdC10YLQuNC60LApLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLNCk0LDQvNC40LvQuNGPICjRhNC+0L3QtdGC0LjQutCwKSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSzQmNC80Y8gKNGE0L7QvdC10YLQuNC60LApLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLNCe0YLQvtCx0YDQsNC20LDQtdC80L7QtSDQuNC80Y8gKNC/0YDQvtC40LfQvdC+0YjQtdC90LjQtSksMCwxMDAsMA==
+extraColumns:: cG9zdGFsQ29kZSzQmNC90LTQtdC60YEsMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAg0Y3Quy4g0L/QvtGH0YLQsCwwLDEzMCww
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUs0JjQvNGPINCy0YXQvtC00LAg0L/QvtC70YzQt9C+0LLQsNGC0LXQu9GPLDAsMjAwLDA=
+extraColumns:: dGl0bGUs0JTQvtC70LbQvdC+0YHRgtGMLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyzQmtC+0L3QtdGH0L3Ri9C5INCw0LTRgNC10YEsMCwxMDAsMA==
+extraColumns:: c3Qs0KHQvtGB0YLQvtGP0L3QuNC1LDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs0JrQvtC80L3QsNGC0LAsMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQs0JjQt9C80LXQvdC10L0sMCwxMzAsMA==
+extraColumns:: c24s0KTQsNC80LjQu9C40Y8sMCwxMDAsMA==
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMLdCw0LTRgNC10YEgSW5zdGFudCBNZXNzYWdpbmcsMCwxNDAsMA==
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCzQntGB0L3QvtCy0L3QvtC5INGB0LXRgNCy0LXRgCBJbnN0YW50IE1lc3NhZ2luZywwLDE3MCww
+extraColumns:: Z2l2ZW5OYW1lLNCY0LzRjywwLDEwMCww
+extraColumns:: aG9tZU1EQizQpdGA0LDQvdC40LvQuNGJ0LUg0L/QvtGH0YLQvtCy0YvRhSDRj9GJ0LjQutC+0LIgRXhjaGFuZ2UsMCwxMDAsMA==
+extraColumns:: bWFpbE5pY2tuYW1lLNCf0YHQtdCy0LTQvtC90LjQvCBFeGNoYW5nZSwwLDE3NSww
+extraColumns:: bWFpbCzQrdC70LXQutGC0YDQvtC90L3QsNGPINC/0L7Rh9GC0LAsMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUs0J/RgNC10LQtV2luZG93cyAyMDAwINC40LzRjyDQstGF0L7QtNCwLDAsMTIwLDA=
+extraColumns:: ZGlzcGxheU5hbWUs0JLRi9Cy0L7QtNC40LzQvtC1INC40LzRjywwLDEwMCww
+extraColumns:: ZGVwYXJ0bWVudCzQntGC0LTQtdC7LDAsMTUwLDA=
+extraColumns:: YyzQodGC0YDQsNC90LAsMCwtMSww
+extraColumns:: Y29tcGFueSzQntGA0LPQsNC90LjQt9Cw0YbQuNGPLDAsMTUwLDA=
+extraColumns:: bCzQk9C+0YDQvtC0LDAsMTUwLDA=
+extraColumns:: dGVsZXBob25lTnVtYmVyLNCh0LvRg9C20LXQsdC90YvQuSDRgtC10LvQtdGE0L7QvSwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 0KHQstGP0LfRjCDRgdCw0LnRgtC+0LI=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 0JzQvtGB0YIg0YHQstGP0LfQtdC5INGB0LDQudGC0L7Qsg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 0JzQtdC20YHQsNC50YLQvtCy0YvQuSDRgtGA0LDQvdGB0L/QvtGA0YI=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 0J/QsNGA0LDQvNC10YLRgNGLINC70LjRhtC10L3Qt9C40YDQvtCy0LDQvdC40Y8g0YHQsNC50YLQsA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: 0J/QsNGA0LDQvNC10YLRgNGLINGB0LDQudGC0LA=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 0KfQu9C10L0gRlJT
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 0J/QvtC00L/QuNGB0YfQuNC6IEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 0J/QvtC00L/QuNGB0LrQsCDQvdCwIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 0KHQu9GD0LbQsdGLIFJQQw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: 0J7Rh9C10YDQtdC00YwgTVNNUQ==
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: 0J3QsNGB0YLRgNC+0LnQutCwIE1TTVE=
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUSDQv9GA0LXQtNC/0YDQuNGP0YLQuNGP
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: 0J7QsdC90L7QstC70LXQvdC90YvQuSDQv9C+0LvRjNC30L7QstCw0YLQtdC70YwgTVNNUQ==
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: 0JzQsNGA0YjRgNGD0YIgTVNNUQ==
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: 0J/QsNGA0LDQvNC10YLRgNGLIE1TTVE=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: 0J/RgdC10LLQtNC+0L3QuNC8INC+0YfQtdGA0LXQtNC4IE1TTVE=
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSzQpNC+0YDQvNCw0YI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: 0JPRgNGD0L/Qv9CwIE1TTVE=
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLNCe0YfQtdGA0LXQtNC4INGH0LvQtdC90L7Qsg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 0KHQu9GD0LbQsdCwINCy0L3QtdGI0L3QuNGFINGF0YDQsNC90LjQu9C40Yk=
+adminContextMenu:: MCwm0KPQv9GA0LDQstC70LXQvdC40LUuLi4sUnNBZG1pbi5tc2M=
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 0JrQvtC90YLQtdC50L3QtdGAINGB0LDQudGC0L7Qsg==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 0JrQvtC90YLQtdC50L3QtdGAINC80LXQttGB0LDQudGC0L7QstC+0LPQviDRgtGA0LDQvdGB0L/QvtGA0YLQsA==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 0JrQvtC90YLQtdC50L3QtdGAINC/0L7QtNGB0LXRgtC10Lk=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 0JrQvtC90YLQtdC50L3QtdGAINGB0LXRgNCy0LXRgNC+0LI=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 0KHQu9GD0LbQsdGLINC00L7QvNC10L3QvtCyIEFjdGl2ZSBEaXJlY3Rvcnk=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 0J/QvtC70LjRgtC40LrQsCDQt9Cw0L/RgNC+0YHQvtCy
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 0JDQtNC80LjQvdC40YHRgtGA0LDRgtC+0YAg0LLQvdC10YjQvdC10Lkg0LHQtdC30L7Qv9Cw0YHQvdC+0YHRgtC4
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: 0KjQsNCx0LvQvtC9INGB0LXRgNGC0LjRhNC40LrQsNGC0LA=
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LNCf0L7RgdC70LXQtNC90LjQuSDQuNC30LLQtdGB0YLQvdGL0Lkg0YDQvtC00LjRgtC10LvRjNGB0LrQuNC5INC+0LHRitC10LrRgiwxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=419,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LNCf0L7QvNC+0YnQvdC40Lo=
+attributeDisplayNames:: Y24s0J/QvtC70L3QvtC1INC40LzRjw==
+attributeDisplayNames:: YyzQodC+0LrRgNCw0YnQtdC90L3QvtC1INC+0LHQvtC30L3QsNGH0LXQvdC40LUg0YHRgtGA0LDQvdGL
+attributeDisplayNames:: Y28s0KHRgtGA0LDQvdCw
+attributeDisplayNames:: Y29tbWVudCzQmtC+0LzQvNC10L3RgtCw0YDQuNC5
+attributeDisplayNames:: Y29tcGFueSzQntGA0LPQsNC90LjQt9Cw0YbQuNGP
+attributeDisplayNames:: ZGVwYXJ0bWVudCzQntGC0LTQtdC7
+attributeDisplayNames:: ZGVzY3JpcHRpb24s0J7Qv9C40YHQsNC90LjQtQ==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzQn9GA0Y/QvNGL0LUg0L/QvtC00YfQuNC90LXQvdC90YvQtQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs0KDQsNC30LvQuNGH0LDRjtGJ0LXQtdGB0Y8g0LjQvNGP
+attributeDisplayNames:: ZGl2aXNpb24s0J7RgtC00LXQuw==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzQmtC+0LQg0YHQvtGC0YDRg9C00L3QuNC60LA=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNCd0L7QvNC10YAg0YTQsNC60YHQsA==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizQodGD0YTRhNC40LrRgSDQv9C+0LrQvtC70LXQvdC40Y8=
+attributeDisplayNames:: Z2l2ZW5OYW1lLNCY0LzRjw==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzQlNC+0LzQsNGI0L3Rj9GPINC/0LDQv9C60LA=
+attributeDisplayNames:: aG9tZURyaXZlLNCU0LjRgdC6INC00L7QvNCw0YjQvdC10Lkg0L/QsNC/0LrQuA==
+attributeDisplayNames:: aG9tZVBob25lLNCU0L7QvNCw0YjQvdC40Lkg0YLQtdC70LXRhNC+0L0=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms0JTQvtC80LDRiNC90LjQuSDQsNC00YDQtdGB
+attributeDisplayNames:: aW5pdGlhbHMs0JjQvdC40YbQuNCw0LvRiw==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs0JzQtdC20LTRg9C90LDRgNC+0LTQvdGL0Lkg0L3QvtC80LXRgCBJU0ROICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: aXBQaG9uZSzQotC10LvQtdGE0L7QvdC90YvQuSDQvdC+0LzQtdGAIElQ
+attributeDisplayNames:: bCzQk9C+0YDQvtC0
+attributeDisplayNames:: bWFpbCzQrdC70LXQutGC0YDQvtC90L3QsNGPINC/0L7Rh9GC0LA=
+attributeDisplayNames:: bWFuYWdlcizQoNGD0LrQvtCy0L7QtNC40YLQtdC70Yw=
+attributeDisplayNames:: bWVtYmVyT2Ys0KfQu9C10L0g0LPRgNGD0L/Qvw==
+attributeDisplayNames:: bWlkZGxlTmFtZSzQodGA0LXQtNC90Y/RjyDRh9Cw0YHRgtGMINC40LzQtdC90LgsINC+0YLRh9C10YHRgtCy0L4=
+attributeDisplayNames:: bW9iaWxlLNCd0L7QvNC10YAg0YHQvtGC0L7QstC+0LPQviDRgtC10LvQtdGE0L7QvdCw
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs0J7RgtC00LXQuyDRhNC+0L3QtdGC0LjQutC4
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLNCe0YDQs9Cw0L3QuNC30LDRhtC40Y8gKNGE0L7QvdC10YLQuNC60LAp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLNCe0YLQvtCx0YDQsNC20LDQtdC80L7QtSDQuNC80Y8gKNC/0YDQvtC40LfQvdC+0YjQtdC90LjQtSk=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLNCk0LDQvNC40LvQuNGPICjRhNC+0L3QtdGC0LjQutCwKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzQmNC80Y8gKNGE0L7QvdC10YLQuNC60LAp
+attributeDisplayNames:: aW5mbyzQn9GA0LjQvNC10YfQsNC90LjRjw==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs0J3QvtC80LXRgCDRhNCw0LrRgdCwICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs0JTQvtC80LDRiNC90LjQuSDRgtC10LvQtdGE0L7QvSAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLNCi0LXQu9C10YTQvtC90L3Ri9C5INC90L7QvNC10YAgSVAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNCt0LvQtdC60YLRgNC+0L3QvdCw0Y8g0L/QvtGH0YLQsCAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUs0J3QvtC80LXRgCDRgdC+0YLQvtCy0L7Qs9C+INGC0LXQu9C10YTQvtC90LAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJQYWdlcizQndC+0LzQtdGAINC/0LXQudC00LbQtdGA0LAgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs0J3QvtC80LXRgCDRgtC10LvQtdGE0L7QvdCwICjQv9GA0L7Rh9C40LUp
+attributeDisplayNames:: cGFnZXIs0J3QvtC80LXRgCDQv9C10LnQtNC20LXRgNCw
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzQotC40YLRg9C7LCDQt9Cy0LDQvdC40LU=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs0JrQvtC80L3QsNGC0LA=
+attributeDisplayNames:: cG9zdGFsQ29kZSzQn9C+0YfRgtC+0LLRi9C5INC40L3QtNC10LrRgQ==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzQn9C+0YfRgtC+0LLRi9C5INGP0YnQuNC6
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNCc0LXQttC00YPQvdCw0YDQvtC00L3Ri9C5INC90L7QvNC10YAgSVNETg==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNCd0L7QvNC10YAg0YLQtdC70LXQutGB0LA=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs0JjQvNGPINCy0YXQvtC00LAgKNC/0YDQtdC0LVdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: c24s0KTQsNC80LjQu9C40Y8=
+attributeDisplayNames:: c3Qs0J7QsdC70LDRgdGC0Yw=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzQkNC00YDQtdGBLCDRg9C70LjRhtCw
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNCd0L7QvNC10YAg0YLQtdC70LXRhNC+0L3QsA==
+attributeDisplayNames:: dGVsZXhOdW1iZXIs0J3QvtC80LXRgCDRgtC10LvQtdC60YHQsCAo0L/RgNC+0YfQuNC1KQ==
+attributeDisplayNames:: dGl0bGUs0JTQvtC70LbQvdC+0YHRgtGM
+attributeDisplayNames:: dXJsLNCQ0LTRgNC10YEg0YHRgtGA0LDQvdC40YbRiyDQsiDQmNC90YLQtdGA0L3QtdGC0LUgKNC/0YDQvtGH0LjQtSk=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs0JLRi9Cy0L7QtNC40LzQvtC1INC40LzRjw==
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzQoNCw0LHQvtGH0LjQtSDRgdGC0LDQvdGG0LjQuCDQtNC70Y8g0LLRhdC+0LTQsCDQsiDRgdC40YHRgtC10LzRgw==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs0JjQvNGPINC00LvRjyDQstGF0L7QtNCw
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us0JDQtNGA0LXRgSDRgdGC0YDQsNC90LjRhtGLINCyINCY0L3RgtC10YDQvdC10YLQtQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror csoport
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvciBzem9sZ8OhbHRhdMOhcw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RmVsaGFzem7DoWzDsw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2VibGFwIGPDrW1l
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsQmVqZWxlbnRrZXrDqXNpIG7DqXY=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxCZWplbGVudGtlesOpc2kgbXVua2HDoWxsb23DoXNvaw==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTWVnamVsZW7DrXTDqXNpIG7DqXY=
+attributeDisplayNames:: dXJsLFdlYmxhcCBjw61tZSAoZWd5w6liKQ==
+attributeDisplayNames:: dGl0bGUsQmVvc3p0w6Fz
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhzesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25zesOhbQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxVdGNhbsOpdg==
+attributeDisplayNames:: c3Qsw4FsbGFtL21lZ3ll
+attributeDisplayNames:: c24sQ3NhbMOhZG7DqXY=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsQmVqZWxlbnRrZXrDqXNpIG7DqXYgKFdpbmRvd3MgMjAwMCBlbMWRdHRpIHJlbmRzemVyKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4c3rDoW0=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE5lbXpldGvDtnppIElTRE4tc3rDoW0=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0YWZpw7NrIHN6w6FtYQ==
+attributeDisplayNames:: cG9zdGFsQ29kZSxJcsOhbnnDrXTDs3N6w6Ft
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsSXJvZGEgaGVseWU=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxDw61t
+attributeDisplayNames:: cGFnZXIsU3plbcOpbHlpIGjDrXbDsyBzesOhbWE=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbnN6w6FtIChlZ3nDqWIp
+attributeDisplayNames:: b3RoZXJQYWdlcixTemVtw6lseWkgaMOtdsOzIHN6w6FtYSAoZWd5w6liKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWxzesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtbWFpbCBjw61tIChlZ3nDqWIp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25zesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsT3R0aG9uaSB0ZWxlZm9uc3rDoW0gKGVnecOpYik=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4c3rDoW0gKGVnecOpYik=
+attributeDisplayNames:: aW5mbyxNZWdqZWd5esOpc2Vr
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsT3N6dMOhbHkgbmV2ZSBmb25ldGlrdXNhbg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLE11bmthaGVseSBuZXZlIGtpZWp0dmU=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE1lZ2plbGVuw610ZW5kxZEgbsOpdiBmb25ldGlrdXNhbg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLENzYWzDoWRuw6l2IGtpZWp0dmU=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxVdMOzbsOpdiBraWVqdHZl
+attributeDisplayNames:: bW9iaWxlLE1vYmlsc3rDoW0=
+attributeDisplayNames:: bWlkZGxlTmFtZSxLw7Z6w6lwc8WRIG7DqXY=
+attributeDisplayNames:: bWVtYmVyT2YsQSBrw7Z2ZXRrZXrFkSBjc29wb3J0b2sgdGFnamE=
+attributeDisplayNames:: bWFuYWdlcixGZWxldHRlcw==
+attributeDisplayNames:: bWFpbCxFLW1haWwgY8OtbQ==
+attributeDisplayNames:: bCxWw6Fyb3M=
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9uc3rDoW0=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTmVtemV0a8O2emkgSVNETi1zesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: aW5pdGlhbHMsTW9ub2dyYW0=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsT3R0aG9uaSBjw61t
+attributeDisplayNames:: aG9tZVBob25lLE90dGhvbmkgdGVsZWZvbg==
+attributeDisplayNames:: aG9tZURyaXZlLEtlemTFkW1lZ2hhanTDsw==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxLZXpkxZFtYXBwYQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLFV0w7Nuw6l2
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixLaWVnw6lzesOtdMWRIGVsZW0=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheHN6w6Ft
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbGthbG1hem90dCBhem9ub3PDrXTDs2ph
+attributeDisplayNames:: ZGl2aXNpb24sUsOpc3psZWc=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTWVna8O8bMO2bmLDtnp0ZXTFkSBuw6l2
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxLw7Z6dmV0bGVuIGJlb3N6dG90dGFr
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPc3p0w6FseQ==
+attributeDisplayNames:: Y29tcGFueSxDw6ln
+attributeDisplayNames:: Y29tbWVudCxNZWdqZWd5esOpcw==
+attributeDisplayNames:: Y28sT3JzesOhZw==
+attributeDisplayNames:: YyxPcnN6w6FnIHLDtnZpZMOtdMOpc2U=
+attributeDisplayNames:: Y24sTsOpdg==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc3ppc3p0ZW5z
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Csoport
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2VibGFwIGPDrW1l
+attributeDisplayNames:: dXJsLFdlYmxhcCBjw61tZSAoZWd5w6liKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsQ3NvcG9ydG7DqXYgKFdpbmRvd3MgMjAwMCBlbMWRdHRpIHJlbmRzemVyKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsSXJvZGEgaGVseWU=
+attributeDisplayNames:: aW5mbyxNZWdqZWd5esOpc2Vr
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE1lZ2plbGVuw610ZW5kxZEgbsOpdiBmb25ldGlrdXNhbg==
+attributeDisplayNames:: bWVtYmVyLFRhZ29r
+attributeDisplayNames:: bWFuYWdlZEJ5LEtlemVsaQ==
+attributeDisplayNames:: bCxWw6Fyb3M=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTWVna8O8bMO2bmLDtnp0ZXTFkSBuw6l2
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: YyxPcnN6w6FnIHLDtnZpZMOtdMOpc2U=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VGFydG9tw6FueQ==
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: ZGMsTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: S2FwY3NvbGF0dGFydMOz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2VibGFwIGPDrW1l
+attributeDisplayNames:: dXJsLFdlYmxhcCBjw61tZSAoZWd5w6liKQ==
+attributeDisplayNames:: dGl0bGUsQmVvc3p0w6Fz
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhzesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25zesOhbQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxVdGNhbsOpdg==
+attributeDisplayNames:: c3Qsw4FsbGFtL21lZ3ll
+attributeDisplayNames:: c24sQ3NhbMOhZG7DqXY=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4c3rDoW0=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE5lbXpldGvDtnppIElTRE4tc3rDoW0=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0YWZpw7NrIHN6w6FtYQ==
+attributeDisplayNames:: cG9zdGFsQ29kZSxJcsOhbnnDrXTDs3N6w6Ft
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsSXJvZGEgaGVseWU=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxDw61t
+attributeDisplayNames:: cGFnZXIsU3plbcOpbHlpIGjDrXbDsyBzesOhbWE=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbnN6w6FtIChlZ3nDqWIp
+attributeDisplayNames:: b3RoZXJQYWdlcixTemVtw6lseWkgaMOtdsOzIHN6w6FtYSAoZWd5w6liKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWxzesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtbWFpbCBjw61tIChlZ3nDqWIp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25zesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsT3R0aG9uaSB0ZWxlZm9uc3rDoW0gKGVnecOpYik=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4c3rDoW0gKGVnecOpYik=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsT3N6dMOhbHkgbmV2ZSBmb25ldGlrdXNhbg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLE11bmthaGVseSBuZXZlIGtpZWp0dmU=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE1lZ2plbGVuw610ZW5kxZEgbsOpdiBmb25ldGlrdXNhbg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLENzYWzDoWRuw6l2IGtpZWp0dmU=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxVdMOzbsOpdiBraWVqdHZl
+attributeDisplayNames:: bW9iaWxlLE1vYmlsc3rDoW0=
+attributeDisplayNames:: bWlkZGxlTmFtZSxLw7Z6w6lwc8WRIG7DqXY=
+attributeDisplayNames:: bWVtYmVyT2YsQSBrw7Z2ZXRrZXrFkSBjc29wb3J0b2sgdGFnamE=
+attributeDisplayNames:: bWFuYWdlcixGZWxldHRlcw==
+attributeDisplayNames:: bWFpbCxFLW1haWwgY8OtbQ==
+attributeDisplayNames:: bCxWw6Fyb3M=
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9uc3rDoW0=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTmVtemV0a8O2emkgSVNETi1zesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: aW5mbyxNZWdqZWd5esOpc2Vr
+attributeDisplayNames:: aW5pdGlhbHMsTW9ub2dyYW0=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsT3R0aG9uaSBjw61t
+attributeDisplayNames:: aG9tZVBob25lLE90dGhvbmkgdGVsZWZvbg==
+attributeDisplayNames:: Z2l2ZW5OYW1lLFV0w7Nuw6l2
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixLaWVnw6lzesOtdMWRIGVsZW0=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheHN6w6Ft
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbGthbG1hem90dCBhem9ub3PDrXTDs2ph
+attributeDisplayNames:: ZGl2aXNpb24sUsOpc3psZWc=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTWVna8O8bMO2bmLDtnp0ZXTFkSBuw6l2
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTWVnamVsZW7DrXTDqXNpIG7DqXY=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxLw7Z6dmV0bGVuIGJlb3N6dG90dGFr
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPc3p0w6FseQ==
+attributeDisplayNames:: Y29tcGFueSxDw6ln
+attributeDisplayNames:: Y29tbWVudCxNZWdqZWd5esOpcw==
+attributeDisplayNames:: Y24sTsOpdg==
+attributeDisplayNames:: Y28sT3JzesOhZw==
+attributeDisplayNames:: YyxPcnN6w6FnIHLDtnZpZMOtdMOpc2U=
+attributeDisplayNames:: YXNzaXN0YW50LEFzc3ppc3p0ZW5z
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainPolicy-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VGFydG9tw6FueWkgaMOhemlyZW5k
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: SGVseWkgaMOhemlyZW5k
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Megosztott mappa
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxIw6Fsw7N6YXRpIGVsw6lyw6lzaSDDunQ=
+attributeDisplayNames:: a2V5d29yZHMsS3VsY3NzemF2YWs=
+attributeDisplayNames:: bWFuYWdlZEJ5LEtlemVsaQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U3pvbGfDoWx0YXTDoXM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U3rDoW3DrXTDs2fDqXA=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE1lZ2plbGVuw610ZW5kxZEgbsOpdiBmb25ldGlrdXNhbg==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsU3rDoW3DrXTDs2fDqXBuw6l2IChXaW5kb3dzIDIwMDAgZWzFkXR0aSByZW5kc3plcik=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixBeiBvcGVyw6FjacOzcyByZW5kc3plciB2ZXJ6acOzamE=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLE9wZXLDoWNpw7NzIHJlbmRzemVy
+attributeDisplayNames:: bWFuYWdlZEJ5LEtlemVsaQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: TnlvbXRhdMOz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixPYmpla3R1bSB2ZXJ6acOzamE=
+attributeDisplayNames:: dXJsLFdlYmxhcCBjw61tZQ==
+attributeDisplayNames:: c2VydmVyTmFtZSxLaXN6b2xnw6Fsw7MgbmV2ZQ==
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxGxbF6w6lzIHTDoW1vZ2F0w6FzYQ==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTWVnb3N6dMOhcyBuZXZl
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxQZXJjZW5rw6ludGkgb2xkYWxzesOhbQ==
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxTZWJlc3PDqWcgZWd5c8OpZ2U=
+attributeDisplayNames:: cHJpbnRSYXRlLFNlYmVzc8OpZw==
+attributeDisplayNames:: cHJpbnRPd25lcixUdWxhamRvbm9zIG5ldmU=
+attributeDisplayNames:: cHJpbnRNZW1vcnksVGVsZXDDrXRldHQgbWVtw7NyaWE=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxUw6Ftb2dhdG90dCBwYXDDrXJ0w61wdXNvaw==
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFJlbmRlbGtlesOpc3JlIMOhbGzDsyBwYXDDrXI=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLE1heGltw6FsaXMgZmVsYm9udMOhcw==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxOeW9tdGF0w7MgbnllbHZl
+attributeDisplayNames:: cHJpbnRlck5hbWUsTsOpdg==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsS8OpdG9sZGFsYXMgbnlvbXRhdMOhcyB0w6Ftb2dhdMOhc2E=
+attributeDisplayNames:: cHJpbnRDb2xvcixTesOtbmVzIG55b210YXTDoXMgdMOhbW9nYXTDoXNh
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFN6w6l0dsOhbG9nYXTDoXMgdMOhbW9nYXTDoXNh
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxCZW1lbmV0aSB0w6FsY8Ohaw==
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydA==
+attributeDisplayNames:: bG9jYXRpb24sSGVseQ==
+attributeDisplayNames:: ZHJpdmVyTmFtZSxUw61wdXM=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTWVnamVneXrDqXM=
+attributeDisplayNames:: Y29udGFjdE5hbWUsS2FwY3NvbGF0dGFydMOz
+attributeDisplayNames:: YXNzZXROdW1iZXIsRXN6a8O2eiBzesOhbWE=
+attributeDisplayNames:: dU5DTmFtZSxIw6Fsw7N6YXRuw6l2
+attributeDisplayNames:: Y24sQ8OtbXTDoXJzem9sZ8OhbHRhdMOhcyBuZXZl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Hely
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: S2lzem9sZ8OhbMOz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: QmXDoWxsw610w6Fz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RsOhamxyZXBsaWvDoWNpw7NzIHN6b2xnw6FsdGF0w6FzIGJlw6FsbMOtdMOhc2Fp
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RsOhamxyZXBsaWvDoWNpw7NzIHN6b2xnw6FsdGF0w6FzIHJlcGxpa2Frw6lzemxldGU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: VGFydG9tw6FueXZlesOpcmzFkSBiZcOhbGzDrXTDoXNhaQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Kapcsolat
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: QWxow6Fsw7N6YXQ=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U3plcnZlemV0aSBlZ3lzw6ln
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LEtlemVsaQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: b3UsTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VMOhcm9sw7M=
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: TWVnYsOtemhhdMOzIHRhcnRvbcOhbnk=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQsT3N6dMOhbHkgbmV2ZSBmb25ldGlrdXNhbiwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLE11bmthaGVseSBuZXZlIGtpZWp0dmUsMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLENzYWzDoWRuw6l2IGtpZWp0dmUsMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSxVdMOzbsOpdiBraWVqdHZlLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE1lZ2plbGVuw610ZW5kxZEgbsOpdiBmb25ldGlrdXNhbiwwLDEwMCww
+extraColumns:: cG9zdGFsQ29kZSxJcsOhbnnDrXTDs3N6w6FtLDAsMTAwLDA=
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAgZS1tYWlsIGPDrW0sMCwxMzAsMA==
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsQmVqZWxlbnRrZXrDqXNpIG7DqXYsMCwyMDAsMA==
+extraColumns:: dGl0bGUsQmVvc3p0w6FzLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyxDw6lsIGPDrW1lLDAsMTAwLDA=
+extraColumns:: c3Qsw4FsbGFwb3QsMCwxMDAsMA==
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsSXJvZGEsMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQsTcOzZG9zw610w6FzLDAsMTMwLDA=
+extraColumns:: c24sQ3NhbMOhZG7DqXYsMCwxMDAsMA==
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsSW5zdGFudCBNZXNzYWdpbmcgVVJMLWplLDAsMTQwLDA=
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxJbnN0YW50IE1lc3NhZ2luZyBraXN6b2xnw6Fsw7NqYSwwLDE3MCww
+extraColumns:: Z2l2ZW5OYW1lLFV0w7Nuw6l2LDAsMTAwLDA=
+extraColumns:: aG9tZU1EQixFeGNoYW5nZSBwb3N0YWZpw7NrLXTDoXJvbMOzLDAsMTAwLDA=
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlIGFsaWFzLDAsMTc1LDA=
+extraColumns:: bWFpbCxFLW1haWwgY8OtbSwwLDEwMCww
+extraColumns:: c0FNQWNjb3VudE5hbWUsQmVqZWxlbnRrZXrDqXNpIG7DqXYgKFdpbmRvd3MgMjAwMCBlbMWRdHRpIHJlbmRzemVyKSwwLDEyMCww
+extraColumns:: ZGlzcGxheU5hbWUsTWVnamVsZW7DrXTDqXNpIG7DqXYsMCwxMDAsMA==
+extraColumns:: ZGVwYXJ0bWVudCxPc3p0w6FseSwwLDE1MCww
+extraColumns:: YyxPcnN6w6FnLDAsLTEsMA==
+extraColumns:: Y29tcGFueSxDw6lnLDAsMTUwLDA=
+extraColumns:: bCxWw6Fyb3MsMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLE11bmthaGVseWkgdGVsZWZvbnN6w6FtLDAsMTAwLDA=
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Helykapcsolat
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: SGVseWthcGNzb2xhdGkgaMOtZA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: SGVseWvDtnppIMOhdHZpdGVs
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: TGljZW5jZWzDqXNpIGhlbHkgYmXDoWxsw610w6FzYWk=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: SGVseSBiZcOhbGzDrXTDoXNhaQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RsOhamxyZXBsaWvDoWNpw7NzIHN6b2xnw6FsdGF0w6FzIHRhZ2ph
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RsOhamxyZXBsaWvDoWNpw7NzIHN6b2xnw6FsdGF0w6FzIGVsxZFmaXpldMWRamU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RsOhamxyZXBsaWvDoWNpw7NzIHN6b2xnw6FsdGF0w6FzIGVsxZFmaXpldMOpc2Vp
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: VMOhdm9saSBlbGrDoXLDoXNow612w6FzaSBzem9sZ8OhbHRhdMOhc29r
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUS12w6Fyw7NsaXN0YQ==
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSAtIGtvbmZpZ3Vyw6FjacOz
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUSAtIHbDoWxsYWxhdA==
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUSAtIGZyaXNzw610ZXR0IGZlbGhhc3puw6Fsw7M=
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSAtIMO6dHbDoWxhc3p0w6FzaSBrYXBjc29sYXQ=
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSAtIGJlw6FsbMOtdMOhc29r
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUSAtIHbDoXLDs2xpc3RhIGFsaWFzYQ==
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSxGb3Jtw6F0dW1uw6l2
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: MSMQ - csoport
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLFRhZ3bDoXLDs2xpc3TDoWs=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: VMOhdnTDoXJvbMOzIHN6b2xnw6FsdGF0w6Fz
+adminContextMenu:: MCwmS2V6ZWzDqXMuLi4sUnNBZG1pbi5tc2M=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: SGVseWVrIHTDoXJvbMOzamE=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: SGVseWvDtnppIMOhdHZpdGVsIHTDoXJvbMOzamE=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWxow6Fsw7N6YXRvayB0w6Fyb2zDs2ph
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: S2lzem9sZ8OhbMOzayB0w6Fyb2zDs2ph
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeSBUYXJ0b23DoW55aSBzem9sZ8OhbHRhdMOhcw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: TGVrw6lyZGV6w6lzaSBzemFiw6FseW9r
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: SWRlZ2VuIHJlbmRzemVyYml6dG9uc8OhZ2kgdGFn
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: VGFuw7pzw610dsOhbnlzYWJsb24=
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: Y24sTsOpdg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LFV0b2xzw7MgaXNtZXJ0IHN6w7xsxZEsMSwzMDAsMA==
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=40E,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzc3ppc3p0ZW5z
+attributeDisplayNames:: Y24sTsOpdg==
+attributeDisplayNames:: YyxPcnN6w6FnIHLDtnZpZMOtdMOpc2U=
+attributeDisplayNames:: Y28sT3JzesOhZw==
+attributeDisplayNames:: Y29tbWVudCxNZWdqZWd5esOpcw==
+attributeDisplayNames:: Y29tcGFueSxDw6ln
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPc3p0w6FseQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sTGXDrXLDoXM=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxLw7Z6dmV0bGVuIGJlb3N6dG90dGFr
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTWVna8O8bMO2bmLDtnp0ZXTFkSBuw6l2
+attributeDisplayNames:: ZGl2aXNpb24sUsOpc3psZWc=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbGthbG1hem90dCBhem9ub3PDrXTDs2ph
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheHN6w6Ft
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixLaWVnw6lzesOtdMWRIGVsZW0=
+attributeDisplayNames:: Z2l2ZW5OYW1lLFV0w7Nuw6l2
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxLZXpkxZFtYXBwYQ==
+attributeDisplayNames:: aG9tZURyaXZlLEtlemTFkW1lZ2hhanTDsw==
+attributeDisplayNames:: aG9tZVBob25lLE90dGhvbmkgdGVsZWZvbg==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsT3R0aG9uaSBjw61t
+attributeDisplayNames:: aW5pdGlhbHMsTW9ub2dyYW0=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTmVtemV0a8O2emkgSVNETi1zesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9uc3rDoW0=
+attributeDisplayNames:: bCxWw6Fyb3M=
+attributeDisplayNames:: bWFpbCxFLW1haWwgY8OtbQ==
+attributeDisplayNames:: bWFuYWdlcixGZWxldHRlcw==
+attributeDisplayNames:: bWVtYmVyT2YsQSBrw7Z2ZXRrZXrFkSBjc29wb3J0b2sgdGFnamE=
+attributeDisplayNames:: bWlkZGxlTmFtZSxLw7Z6w6lwc8WRIG7DqXY=
+attributeDisplayNames:: bW9iaWxlLE1vYmlsc3rDoW0=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsT3N6dMOhbHkgbmV2ZSBmb25ldGlrdXNhbg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLE11bmthaGVseSBuZXZlIGtpZWp0dmU=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE1lZ2plbGVuw610ZW5kxZEgbsOpdiBmb25ldGlrdXNhbg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLENzYWzDoWRuw6l2IGtpZWp0dmU=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxVdMOzbsOpdiBraWVqdHZl
+attributeDisplayNames:: aW5mbyxNZWdqZWd5esOpc2Vr
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4c3rDoW0gKGVnecOpYik=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsT3R0aG9uaSB0ZWxlZm9uc3rDoW0gKGVnecOpYik=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25zesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtbWFpbCBjw61tIChlZ3nDqWIp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWxzesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixTemVtw6lseWkgaMOtdsOzIHN6w6FtYSAoZWd5w6liKQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbnN6w6FtIChlZ3nDqWIp
+attributeDisplayNames:: cGFnZXIsU3plbcOpbHlpIGjDrXbDsyBzesOhbWE=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxDw61t
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsSXJvZGEgaGVseWU=
+attributeDisplayNames:: cG9zdGFsQ29kZSxJcsOhbnnDrXTDs3N6w6Ft
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0YWZpw7NrIHN6w6FtYQ==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE5lbXpldGvDtnppIElTRE4tc3rDoW0=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4c3rDoW0=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsQmVqZWxlbnRrZXrDqXNpIG7DqXYgKFdpbmRvd3MgMjAwMCBlbMWRdHRpIHJlbmRzemVyKQ==
+attributeDisplayNames:: c24sQ3NhbMOhZG7DqXY=
+attributeDisplayNames:: c3Qsw4FsbGFtL21lZ3ll
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxVdGNhbsOpdg==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25zesOhbQ==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhzesOhbSAoZWd5w6liKQ==
+attributeDisplayNames:: dGl0bGUsQmVvc3p0w6Fz
+attributeDisplayNames:: dXJsLFdlYmxhcCBjw61tZSAoZWd5w6liKQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTWVnamVsZW7DrXTDqXNpIG7DqXY=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxCZWplbGVudGtlesOpc2kgbXVua2HDoWxsb23DoXNvaw==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsQmVqZWxlbnRrZXrDqXNpIG7DqXY=
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2VibGFwIGPDrW1l
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: 2YXYrNmF2YjYudipIEludGVsbGlNaXJyb3I=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: 2K7Yr9mF2KkgSW50ZWxsaU1pcnJvcg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfZhNmF2LPYqtiu2K/ZhQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us2LnZhtmI2KfZhiDYtdmB2K3YqSDZiNmK2Kg=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs2KfYs9mFINiq2LPYrNmK2YQg2KfZhNiv2K7ZiNmE
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzZhdit2LfYp9iqINiq2LPYrNmK2YQg2KfZhNiv2K7ZiNmE
+attributeDisplayNames:: ZGlzcGxheU5hbWUs2KfYs9mFINin2YTYudix2LY=
+attributeDisplayNames:: dXJsLNi52YbZiNin2YYg2LXZgdit2Kkg2YjZitioICjYotiu2LEp
+attributeDisplayNames:: dGl0bGUs2KfZhNmF2LPZhdmJINin2YTZiNi42YrZgdmK
+attributeDisplayNames:: dGVsZXhOdW1iZXIs2LHZgtmFINin2YTYqtmE2YrZg9izICjYotiu2LEp
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNix2YLZhSDYp9mE2YfYp9iq2YE=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzYp9mE2LnZhtmI2KfZhg==
+attributeDisplayNames:: c3Qs2KfZhNmI2YTYp9mK2Kkv2KfZhNmF2YLYp9i32LnYqQ==
+attributeDisplayNames:: c24s2KfYs9mFINin2YTYudin2KbZhNip
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs2KfYs9mFINiq2LPYrNmK2YQg2KfZhNiv2K7ZiNmEICjZhdinINmC2KjZhCBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNix2YLZhSDYp9mE2KrZhNmK2YPYsw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNix2YLZhSBJU0ROINin2YTYr9mI2YTZig==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzYtdmG2K/ZiNmCINin2YTYqNix2YrYrw==
+attributeDisplayNames:: cG9zdGFsQ29kZSzYp9mE2LHZhdiyINin2YTYqNix2YrYr9mK
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs2YXZiNmC2Lkg2KfZhNmF2YPYqtio
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzYp9mE2YTZgtio
+attributeDisplayNames:: cGFnZXIs2LHZgtmFINin2YTZhtiv2ZHYp9ih
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs2LHZgtmFINin2YTZh9in2KrZgSAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcizYsdmC2YUg2KfZhNmG2K/Zkdin2KEgKNii2K7YsSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs2LHZgtmFINin2YTZh9in2KrZgSDYp9mE2KzZiNmR2KfZhCAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNi52YbZiNin2YYg2KfZhNio2LHZitivINin2YTYpdmE2YPYqtix2YjZhtmKICjYotiu2LEp
+attributeDisplayNames:: b3RoZXJJcFBob25lLNi52YbZiNin2YYg2YfYp9iq2YEgSVAgKNii2K7YsSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs2LHZgtmFINmH2KfYqtmBINin2YTZhdmG2LLZhCAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs2LHZgtmFINin2YTZgdin2YPYsyAo2KLYrtixKQ==
+attributeDisplayNames:: aW5mbyzZhdmE2KfYrdi42KfYqg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs2KfZhNmC2LPZhSDYp9mE2LXZiNiq2Yo=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLNin2LPZhSDYp9mE2LTYsdmD2Kkg2KfZhNi12YjYqtmK
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLNin2LPZhSDYp9mE2LnYsdi2INin2YTYtdmI2KrZig==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLNin2LPZhSDYp9mE2LnYp9im2YTYqSDYp9mE2LXZiNiq2Yo=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzYp9mE2KfYs9mFINin2YTYo9mI2YQg2KfZhNi12YjYqtmK
+attributeDisplayNames:: bW9iaWxlLNix2YLZhSDYp9mE2YfYp9iq2YEg2KfZhNis2YjZkdin2YQ=
+attributeDisplayNames:: bWlkZGxlTmFtZSzYp9mE2KfYs9mFINin2YTYo9mI2LPYtw==
+attributeDisplayNames:: bWVtYmVyT2Ys2LnYttmIINmB2Yo=
+attributeDisplayNames:: bWFuYWdlcizYp9mE2YXYr9mK2LE=
+attributeDisplayNames:: bWFpbCzYudmG2YjYp9mGINin2YTYqNix2YrYryDYp9mE2KXZhNmD2KrYsdmI2YbZig==
+attributeDisplayNames:: bCzYp9mE2YXYr9mK2YbYqQ==
+attributeDisplayNames:: aXBQaG9uZSzYsdmC2YUg2YfYp9iq2YEgSVA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs2LHZgtmFIElTRE4g2KfZhNiv2YjZhNmKICjYotiu2LEp
+attributeDisplayNames:: aW5pdGlhbHMs2KfZhNij2K3YsdmBINin2YTYo9mI2YTZiSDZhdmGINin2YTYo9iz2YXYp9ih
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms2LnZhtmI2KfZhiDYp9mE2YXZhtiy2YQ=
+attributeDisplayNames:: aG9tZVBob25lLNmH2KfYqtmBINin2YTZhdmG2LLZhA==
+attributeDisplayNames:: aG9tZURyaXZlLNmF2K3YsdmDINin2YTYo9mC2LHYp9i1INin2YTYsdim2YrYs9mK
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzYp9mE2K/ZhNmK2YQg2KfZhNix2KbZitiz2Yo=
+attributeDisplayNames:: Z2l2ZW5OYW1lLNin2YTYp9iz2YUg2KfZhNij2YjZhA==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizZhNin2K3ZgtipINin2YTYp9iz2YU=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNix2YLZhSDYp9mE2YHYp9mD2LM=
+attributeDisplayNames:: ZW1wbG95ZWVJRCzYp9mE2LHZgtmFINin2YTZhdi52LHZgSDZhNmE2YXZiNi42YE=
+attributeDisplayNames:: ZGl2aXNpb24s2KfZhNmB2LHYuQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs2KfZhNin2LPZhSDYp9mE2YXZhdmK2LI=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzYp9mE2KrZgtin2LHZitixINin2YTZhdio2KfYtNix2Kk=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCzYp9mE2YLYs9mF
+attributeDisplayNames:: Y29tcGFueSzYp9mE2LTYsdmD2Kk=
+attributeDisplayNames:: Y29tbWVudCzYp9mE2KrYudmE2YrZgg==
+attributeDisplayNames:: Y28s2KfZhNio2YTYrw==
+attributeDisplayNames:: YyzYp9iu2KrYtdin2LEg2KfZhNio2YTYrw==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+attributeDisplayNames:: YXNzaXN0YW50LNin2YTZhdiz2KfYudiv
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2YXYrNmF2YjYudip
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us2LnZhtmI2KfZhiDYtdmB2K3YqSDZiNmK2Kg=
+attributeDisplayNames:: dXJsLNi52YbZiNin2YYg2LXZgdit2Kkg2YjZitioICjYotiu2LEp
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs2KfYs9mFINin2YTZhdis2YXZiNi52KkgKNmF2Kcg2YLYqNmEIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs2YXZiNmC2Lkg2KfZhNmF2YPYqtio
+attributeDisplayNames:: aW5mbyzZhdmE2KfYrdi42KfYqg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLNin2LPZhSDYp9mE2LnYsdi2INin2YTYtdmI2KrZig==
+attributeDisplayNames:: bWVtYmVyLNin2YTYo9i52LbYp9ih
+attributeDisplayNames:: bWFuYWdlZEJ5LNmK2KrZhSDYpdiv2KfYsdiq2Ycg2YXZhiDZgtio2YQ=
+attributeDisplayNames:: bCzYp9mE2YXYr9mK2YbYqQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs2KfZhNin2LPZhSDYp9mE2YXZhdmK2LI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: YyzYp9iu2KrYtdin2LEg2KfZhNio2YTYrw==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfZhNmF2KzYp9mE
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: ZGMs2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfYqti12KfZhA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us2LnZhtmI2KfZhiDYtdmB2K3YqSDZiNmK2Kg=
+attributeDisplayNames:: dXJsLNi52YbZiNin2YYg2LXZgdit2Kkg2YjZitioICjYotiu2LEp
+attributeDisplayNames:: dGl0bGUs2KfZhNmF2LPZhdmJINin2YTZiNi42YrZgdmK
+attributeDisplayNames:: dGVsZXhOdW1iZXIs2LHZgtmFINin2YTYqtmE2YrZg9izICjYotiu2LEp
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNix2YLZhSDYp9mE2YfYp9iq2YE=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzYp9mE2LnZhtmI2KfZhg==
+attributeDisplayNames:: c3Qs2KfZhNmI2YTYp9mK2Kkv2KfZhNmF2YLYp9i32LnYqQ==
+attributeDisplayNames:: c24s2KfYs9mFINin2YTYudin2KbZhNip
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNix2YLZhSDYp9mE2KrZhNmK2YPYsw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNix2YLZhSBJU0ROINin2YTYr9mI2YTZig==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzYtdmG2K/ZiNmCINin2YTYqNix2YrYrw==
+attributeDisplayNames:: cG9zdGFsQ29kZSzYp9mE2LHZhdiyINin2YTYqNix2YrYr9mK
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs2YXZiNmC2Lkg2KfZhNmF2YPYqtio
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzYp9mE2YTZgtio
+attributeDisplayNames:: cGFnZXIs2LHZgtmFINin2YTZhtiv2ZHYp9ih
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs2LHZgtmFINin2YTZh9in2KrZgSAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcizYsdmC2YUg2KfZhNmG2K/Zkdin2KEgKNii2K7YsSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs2LHZgtmFINin2YTZh9in2KrZgSDYp9mE2KzZiNmR2KfZhCAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNi52YbZiNin2YYg2KfZhNio2LHZitivINin2YTYpdmE2YPYqtix2YjZhtmKICjYotiu2LEp
+attributeDisplayNames:: b3RoZXJJcFBob25lLNi52YbZiNin2YYg2YfYp9iq2YEgSVAgKNii2K7YsSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs2LHZgtmFINmH2KfYqtmBINin2YTZhdmG2LLZhCAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs2LHZgtmFINin2YTZgdin2YPYsyAo2KLYrtixKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs2KfZhNmC2LPZhSDYp9mE2LXZiNiq2Yo=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLNin2LPZhSDYp9mE2LTYsdmD2Kkg2KfZhNi12YjYqtmK
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLNin2LPZhSDYp9mE2LnYsdi2INin2YTYtdmI2KrZig==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLNin2LPZhSDYp9mE2LnYp9im2YTYqSDYp9mE2LXZiNiq2Yo=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzYp9mE2KfYs9mFINin2YTYo9mI2YQg2KfZhNi12YjYqtmK
+attributeDisplayNames:: bW9iaWxlLNix2YLZhSDYp9mE2YfYp9iq2YEg2KfZhNis2YjZkdin2YQ=
+attributeDisplayNames:: bWlkZGxlTmFtZSzYp9mE2KfYs9mFINin2YTYo9mI2LPYtw==
+attributeDisplayNames:: bWVtYmVyT2Ys2LnYttmIINmB2Yo=
+attributeDisplayNames:: bWFuYWdlcizYp9mE2YXYr9mK2LE=
+attributeDisplayNames:: bWFpbCzYudmG2YjYp9mGINin2YTYqNix2YrYryDYp9mE2KXZhNmD2KrYsdmI2YbZig==
+attributeDisplayNames:: bCzYp9mE2YXYr9mK2YbYqQ==
+attributeDisplayNames:: aXBQaG9uZSzYsdmC2YUg2YfYp9iq2YEgSVA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs2LHZgtmFIElTRE4g2KfZhNiv2YjZhNmKICjYotiu2LEp
+attributeDisplayNames:: aW5mbyzZhdmE2KfYrdi42KfYqg==
+attributeDisplayNames:: aW5pdGlhbHMs2KfZhNij2K3YsdmBINin2YTYo9mI2YTZiSDZhdmGINin2YTYo9iz2YXYp9ih
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms2LnZhtmI2KfZhiDYp9mE2YXZhtiy2YQ=
+attributeDisplayNames:: aG9tZVBob25lLNmH2KfYqtmBINin2YTZhdmG2LLZhA==
+attributeDisplayNames:: Z2l2ZW5OYW1lLNin2YTYp9iz2YUg2KfZhNij2YjZhA==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizZhNin2K3ZgtipINin2YTYp9iz2YU=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNix2YLZhSDYp9mE2YHYp9mD2LM=
+attributeDisplayNames:: ZW1wbG95ZWVJRCzYp9mE2LHZgtmFINin2YTZhdi52LHZgSDZhNmE2YXZiNi42YE=
+attributeDisplayNames:: ZGl2aXNpb24s2KfZhNmB2LHYuQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs2KfZhNin2LPZhSDYp9mE2YXZhdmK2LI=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs2KfYs9mFINin2YTYudix2LY=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzYp9mE2KrZgtin2LHZitixINin2YTZhdio2KfYtNix2Kk=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCzYp9mE2YLYs9mF
+attributeDisplayNames:: Y29tcGFueSzYp9mE2LTYsdmD2Kk=
+attributeDisplayNames:: Y29tbWVudCzYp9mE2KrYudmE2YrZgg==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+attributeDisplayNames:: Y28s2KfZhNio2YTYrw==
+attributeDisplayNames:: YyzYp9iu2KrYtdin2LEg2KfZhNio2YTYrw==
+attributeDisplayNames:: YXNzaXN0YW50LNin2YTZhdiz2KfYudiv
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainPolicy-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2YbZh9isINin2YTZhdis2KfZhA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfZhNmG2YfYrCDYp9mE2YXYrdmE2Yo=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfZhNmF2KzZhNivINin2YTZhdi02KrYsdmD
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSzZhdiz2KfYsSDYtNio2YPYqSDYp9mE2KfYqti12KfZhA==
+attributeDisplayNames:: a2V5d29yZHMs2KfZhNmD2YTZhdin2Kog2KfZhNij2LPYp9iz2YrYqQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LNmK2KrZhSDYpdiv2KfYsdiq2Ycg2YXZhiDZgtio2YQ=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfZhNiu2K/Zhdip
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfZhNmD2YXYqNmK2YjYqtix
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLNin2LPZhSDYp9mE2LnYsdi2INin2YTYtdmI2KrZig==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs2KfYs9mFINin2YTZg9mF2KjZitmI2KrYsSAo2YXYpyDZgtio2YQgV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizYpdi12K/Yp9ixINmG2LjYp9mFINin2YTYqti02LrZitmE
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLNmG2LjYp9mFINin2YTYqti02LrZitmE
+attributeDisplayNames:: bWFuYWdlZEJ5LNmK2KrZhSDYpdiv2KfYsdiq2Ycg2YXZhiDZgtio2YQ=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfZhNi32KfYqNi52Kk=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcizYpdi12K/Yp9ixINin2YTZg9in2KbZhg==
+attributeDisplayNames:: dXJsLNi52YbZiNin2YYg2LXZgdit2Kkg2YjZitio
+attributeDisplayNames:: c2VydmVyTmFtZSzYp9iz2YUg2KfZhNmF2YTZgtmF
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzYqtiv2LnZhSDYp9mE2KrYr9io2YrYsw==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUs2KfYs9mFINin2YTZhdi02KfYsdmD2Kk=
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzYtdmB2K3YqSDYqNin2YTYr9mC2YrZgtip
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzZiNit2K/Yp9iqINin2YTYs9ix2LnYqQ==
+attributeDisplayNames:: cHJpbnRSYXRlLNin2YTYs9ix2LnYqQ==
+attributeDisplayNames:: cHJpbnRPd25lcizYp9iz2YUg2KfZhNmF2KfZhNmD
+attributeDisplayNames:: cHJpbnRNZW1vcnks2KfZhNiw2KfZg9ix2Kkg2KfZhNmF2KvYqNiq2Kk=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzYo9mG2YjYp9i5INin2YTZiNix2YIg2KfZhNmF2LnYqtmF2K/YqQ==
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LNin2YTZiNix2YIg2KfZhNmF2KrZiNmB2LE=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLNin2YTYrdivINin2YTYo9mC2LXZiSDZhNmE2K/Zgtip
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSzZhNi62Kkg2KfZhNi32KfYqNi52Kk=
+attributeDisplayNames:: cHJpbnRlck5hbWUs2KfZhNin2LPZhQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQs2KrYr9i52YUg2KfZhNi32KjYp9i52Kkg2LnZhNmJINin2YTZiNis2YfZitmG
+attributeDisplayNames:: cHJpbnRDb2xvcizYqtiv2LnZhSDYp9mE2LfYqNin2LnYqSDYqNin2YTYo9mE2YjYp9mG
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLNiq2K/YudmFINiq2LHYqtmK2Kgg2KfZhNmG2LPYrg==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzYudmE2Kgg2KfZhNil2K/Yrtin2YQ=
+attributeDisplayNames:: cG9ydE5hbWUs2KfZhNmF2YbZgdiw
+attributeDisplayNames:: bG9jYXRpb24s2KfZhNmF2YjZgti5
+attributeDisplayNames:: ZHJpdmVyTmFtZSzYp9mE2LfYsdin2LI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNiq2LnZhNmK2YI=
+attributeDisplayNames:: Y29udGFjdE5hbWUs2KfYqti12KfZhA==
+attributeDisplayNames:: YXNzZXROdW1iZXIs2LHZgtmFINin2YTYo9i12YQ=
+attributeDisplayNames:: dU5DTmFtZSzYp9iz2YUg2LTYqNmD2Kkg2KfZhNin2KrYtdin2YQ=
+attributeDisplayNames:: Y24s2KfYs9mFINiu2K/ZhdipINin2YTYr9mE2YrZhA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 2KfZhNmF2YjZgti5
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 2KfZhNmF2YTZgtmF
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 2KXYudiv2KfYr9in2Ko=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 2KXYudiv2KfYr9in2KogRlJT
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 2YXYrNmF2YjYudipINin2YTZhtiz2K4g2KfZhNmF2KrZhdin2KvZhNipINmE2YAgRlJT
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 2KXYudiv2KfYr9in2Kog2YjYrdiv2Kkg2KrYrdmD2YUg2KfZhNmF2KzYp9mE
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 2KfZhNin2KrYtdin2YQ=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 2KfZhNi02KjZg9ipINin2YTZgdix2LnZitip
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfZhNmI2K3Yr9ipINin2YTYqtmG2LjZitmF2YrYqQ==
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LNmK2KrZhSDYpdiv2KfYsdiq2Ycg2YXZhiDZgtio2YQ=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: b3Us2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 2KfZhNit2KfZiNmK2Kk=
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 2KfZhNmF2KzYp9mEINin2YTZhdmI2KvZiNmC
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQs2KfZhNmC2LPZhSDYp9mE2LXZiNiq2YosMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLNin2LPZhSDYp9mE2LTYsdmD2Kkg2KfZhNi12YjYqtmKLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLNin2LPZhSDYp9mE2LnYp9im2YTYqSDYp9mE2LXZiNiq2YosMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSzYp9mE2KfYs9mFINin2YTYo9mI2YQg2KfZhNi12YjYqtmKLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLNin2LPZhSDYp9mE2LnYsdi2INin2YTYtdmI2KrZiiwwLDEwMCww
+extraColumns:: cG9zdGFsQ29kZSzYsdmF2LIg2KjYsdmK2K/ZiiwwLDEwMCww
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3Ms2LnZhtmI2KfZhiDYp9mE2KjYsdmK2K8g2KfZhNil2YTZg9iq2LHZiNmG2YogWC40MDAsMCwxMzAsMA==
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUs4oCP4oCP2KfYs9mFINiq2LPYrNmK2YQg2K/YrtmI2YQg2KfZhNmF2LPYqtiu2K/ZhSwwLDIwMCww
+extraColumns:: dGl0bGUs2KfZhNmF2LPZhdmJINin2YTZiNi42YrZgdmKLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyzYp9mE2LnZhtmI2KfZhiDYp9mE2YfYr9mBLDAsMTAwLDA=
+extraColumns:: c3Qs2KfZhNmI2YTYp9mK2KksMCwxMDAsMA==
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs2KfZhNmF2YPYqtioLDAsMTAwLDA=
+extraColumns:: d2hlbkNoYW5nZWQs2KrZhSDYqti52K/ZitmE2YcsMCwxMzAsMA==
+extraColumns:: c24s2KfYs9mFINin2YTYudin2KbZhNipLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMINin2YTYsdiz2KfYptmEINin2YTZgdmI2LHZitipLDAsMTQwLDA=
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCzYp9mE2YXZhNmC2YUg2KfZhNix2KbZitiz2Yog2YTZhNix2LPYp9im2YQg2KfZhNmB2YjYsdmK2KksMCwxNzAsMA==
+extraColumns:: Z2l2ZW5OYW1lLNin2YTYp9iz2YUg2KfZhNij2YjZhCwwLDEwMCww
+extraColumns:: aG9tZU1EQizYqtio2KfYr9mEINmF2K7YstmGINi52YTYqNipINin2YTYqNix2YrYrywwLDEwMCww
+extraColumns:: bWFpbE5pY2tuYW1lLNiq2KjYp9iv2YQg2KfZhNin2LPZhSDYp9mE2YXYs9iq2LnYp9ixLDAsMTc1LDA=
+extraColumns:: bWFpbCzYudmG2YjYp9mGINin2YTYqNix2YrYryDYp9mE2KXZhNmD2KrYsdmI2YbZiiwwLDEwMCww
+extraColumns:: c0FNQWNjb3VudE5hbWUs4oCP4oCP2KfYs9mFINiq2LPYrNmK2YQg2KfZhNiv2K7ZiNmEINin2YTYs9in2KjZgiDZhNmAIFdpbmRvd3MgMjAwMCwwLDEyMCww
+extraColumns:: ZGlzcGxheU5hbWUs2KfYs9mFINin2YTYudix2LYsMCwxMDAsMA==
+extraColumns:: ZGVwYXJ0bWVudCzYp9mE2YLYs9mFLDAsMTUwLDA=
+extraColumns:: YyzYp9mE2KjZhNivLDAsLTEsMA==
+extraColumns:: Y29tcGFueSzYp9mE2LTYsdmD2KksMCwxNTAsMA==
+extraColumns:: bCzYp9mE2YXYr9mK2YbYqSwwLDE1MCww
+extraColumns:: dGVsZXBob25lTnVtYmVyLNmH2KfYqtmBINin2YTYudmF2YQsMCwxMDAsMA==
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 2KfYsdiq2KjYp9i3INin2YTZhdmI2YLYuQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 2KzYs9ixINin2LHYqtio2KfYtyDYp9mE2YXZiNmC2Lk=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 2YbZgtmEINio2YrZhiDYp9mE2YXZiNin2YLYuQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 2KXYudiv2KfYr9in2Kog2KrYsdiu2YrYtSDYp9mE2YXZiNmC2Lk=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: 2KXYudiv2KfYr9in2Kog2KfZhNmF2YjZgti5
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 2LnYttmIIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 2YXYtNiq2LHZgyBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 2KfYtNiq2LHYp9mD2KfYqiBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 2K7Yr9mF2KfYqiBSUEM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: 2YLYp9im2YXYqSDYp9mG2KrYuNin2LEgTVNNUQ==
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: 2KrZg9mI2YrZhiBNU01R
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: 2YXYtNix2YjYuSBNU01R
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: 2YXYs9iq2K7Yr9mFINiq2LHZgtmK2Kkg2YTZgCBNU01R
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: 2KfYsdiq2KjYp9i3INiq2YjYrNmK2YcgTVNNUQ==
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: 2KXYudiv2KfYr9in2KogTVNNUQ==
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: 2KfZhNin2LPZhSDYp9mE2YXYs9iq2LnYp9ixINmE2YLYp9im2YXYqSDYp9mG2KrYuNin2LEgTVNNUQ==
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSzYp9iz2YUg2KfZhNiq2YbYs9mK2YI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: 2YXYrNmF2YjYudipIE1TTVE=
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLNi52LbZiCDZgtmI2KfYptmFINin2YbYqti42KfYsQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 2K7Yr9mF2Kkg2KfZhNiq2K7YstmK2YYg2KfZhNio2LnZitiv
+adminContextMenu:: MCwm2KXYr9in2LHYqS4uLixSc0FkbWluLm1zYw==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 2K3Yp9mI2YrYqSDYp9mE2YXZiNin2YLYuQ==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 2K3Yp9mI2YrYqSDYp9mE2YbZgtmEINio2YrZhiDYp9mE2YXZiNin2YLYuQ==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 2K3Yp9mI2YrYqSDYp9mE2LTYqNmD2KfYqiDYp9mE2YHYsdi52YrYqQ==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 2K3Yp9mI2YrYqSDYp9mE2YXZhNmC2YXYp9iq
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 4oCP4oCP2K7Yr9mF2KfYqiDZhdis2KfZhCDYrtiv2YXYqSBBY3RpdmUgRGlyZWN0b3J5
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 2YbZh9isINin2YTYp9iz2KrYudmE2KfZhQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 2KPYs9in2LMg2KfZhNij2YXYp9mGINin2YTYrtin2LHYrNmK
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: 2YLYp9mE2Kgg2KfZhNi02YfYp9iv2Kk=
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LNin2YTYo9i12YQg2KfZhNij2K7ZitixINin2YTZhdi52LHZiNmBLDEsMzAwLDA=
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=401,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LNin2YTZhdiz2KfYudiv
+attributeDisplayNames:: Y24s2KfZhNin2LPZhQ==
+attributeDisplayNames:: YyzYp9iu2KrYtdin2LEg2KfZhNio2YTYrw==
+attributeDisplayNames:: Y28s2KfZhNio2YTYrw==
+attributeDisplayNames:: Y29tbWVudCzYp9mE2KrYudmE2YrZgg==
+attributeDisplayNames:: Y29tcGFueSzYp9mE2LTYsdmD2Kk=
+attributeDisplayNames:: ZGVwYXJ0bWVudCzYp9mE2YLYs9mF
+attributeDisplayNames:: ZGVzY3JpcHRpb24s2KfZhNmI2LXZgQ==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzYp9mE2KrZgtin2LHZitixINin2YTZhdio2KfYtNix2Kk=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs2KfZhNin2LPZhSDYp9mE2YXZhdmK2LI=
+attributeDisplayNames:: ZGl2aXNpb24s2KfZhNmB2LHYuQ==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzYp9mE2LHZgtmFINin2YTZhdi52LHZgSDZhNmE2YXZiNi42YE=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLNix2YLZhSDYp9mE2YHYp9mD2LM=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizZhNin2K3ZgtipINin2YTYp9iz2YU=
+attributeDisplayNames:: Z2l2ZW5OYW1lLNin2YTYp9iz2YUg2KfZhNij2YjZhA==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzYp9mE2K/ZhNmK2YQg2KfZhNix2KbZitiz2Yo=
+attributeDisplayNames:: aG9tZURyaXZlLNmF2K3YsdmDINin2YTYo9mC2LHYp9i1INin2YTYsdim2YrYs9mK
+attributeDisplayNames:: aG9tZVBob25lLNmH2KfYqtmBINin2YTZhdmG2LLZhA==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms2LnZhtmI2KfZhiDYp9mE2YXZhtiy2YQ=
+attributeDisplayNames:: aW5pdGlhbHMs2KfZhNij2K3YsdmBINin2YTYo9mI2YTZiSDZhdmGINin2YTYo9iz2YXYp9ih
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs2LHZgtmFIElTRE4g2KfZhNiv2YjZhNmKICjYotiu2LEp
+attributeDisplayNames:: aXBQaG9uZSzYsdmC2YUg2YfYp9iq2YEgSVA=
+attributeDisplayNames:: bCzYp9mE2YXYr9mK2YbYqQ==
+attributeDisplayNames:: bWFpbCzYudmG2YjYp9mGINin2YTYqNix2YrYryDYp9mE2KXZhNmD2KrYsdmI2YbZig==
+attributeDisplayNames:: bWFuYWdlcizYp9mE2YXYr9mK2LE=
+attributeDisplayNames:: bWVtYmVyT2Ys2LnYttmIINmB2Yo=
+attributeDisplayNames:: bWlkZGxlTmFtZSzYp9mE2KfYs9mFINin2YTYo9mI2LPYtw==
+attributeDisplayNames:: bW9iaWxlLNix2YLZhSDYp9mE2YfYp9iq2YEg2KfZhNis2YjZkdin2YQ=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs2KfZhNmC2LPZhSDYp9mE2LXZiNiq2Yo=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLNin2LPZhSDYp9mE2LTYsdmD2Kkg2KfZhNi12YjYqtmK
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLNin2LPZhSDYp9mE2LnYsdi2INin2YTYtdmI2KrZig==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLNin2LPZhSDYp9mE2LnYp9im2YTYqSDYp9mE2LXZiNiq2Yo=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzYp9mE2KfYs9mFINin2YTYo9mI2YQg2KfZhNi12YjYqtmK
+attributeDisplayNames:: aW5mbyzZhdmE2KfYrdi42KfYqg==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs2LHZgtmFINin2YTZgdin2YPYsyAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs2LHZgtmFINmH2KfYqtmBINin2YTZhdmG2LLZhCAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLNi52YbZiNin2YYg2YfYp9iq2YEgSVAgKNii2K7YsSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LNi52YbZiNin2YYg2KfZhNio2LHZitivINin2YTYpdmE2YPYqtix2YjZhtmKICjYotiu2LEp
+attributeDisplayNames:: b3RoZXJNb2JpbGUs2LHZgtmFINin2YTZh9in2KrZgSDYp9mE2KzZiNmR2KfZhCAo2KLYrtixKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcizYsdmC2YUg2KfZhNmG2K/Zkdin2KEgKNii2K7YsSk=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs2LHZgtmFINin2YTZh9in2KrZgSAo2KLYrtixKQ==
+attributeDisplayNames:: cGFnZXIs2LHZgtmFINin2YTZhtiv2ZHYp9ih
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzYp9mE2YTZgtio
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs2YXZiNmC2Lkg2KfZhNmF2YPYqtio
+attributeDisplayNames:: cG9zdGFsQ29kZSzYp9mE2LHZhdiyINin2YTYqNix2YrYr9mK
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzYtdmG2K/ZiNmCINin2YTYqNix2YrYrw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLNix2YLZhSBJU0ROINin2YTYr9mI2YTZig==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLNix2YLZhSDYp9mE2KrZhNmK2YPYsw==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs2KfYs9mFINiq2LPYrNmK2YQg2KfZhNiv2K7ZiNmEICjZhdinINmC2KjZhCBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: c24s2KfYs9mFINin2YTYudin2KbZhNip
+attributeDisplayNames:: c3Qs2KfZhNmI2YTYp9mK2Kkv2KfZhNmF2YLYp9i32LnYqQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzYp9mE2LnZhtmI2KfZhg==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLNix2YLZhSDYp9mE2YfYp9iq2YE=
+attributeDisplayNames:: dGVsZXhOdW1iZXIs2LHZgtmFINin2YTYqtmE2YrZg9izICjYotiu2LEp
+attributeDisplayNames:: dGl0bGUs2KfZhNmF2LPZhdmJINin2YTZiNi42YrZgdmK
+attributeDisplayNames:: dXJsLNi52YbZiNin2YYg2LXZgdit2Kkg2YjZitioICjYotiu2LEp
+attributeDisplayNames:: ZGlzcGxheU5hbWUs2KfYs9mFINin2YTYudix2LY=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzZhdit2LfYp9iqINiq2LPYrNmK2YQg2KfZhNiv2K7ZiNmE
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs2KfYs9mFINiq2LPYrNmK2YQg2KfZhNiv2K7ZiNmE
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us2LnZhtmI2KfZhiDYtdmB2K3YqSDZiNmK2Kg=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvciDnvqTntYQ=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvciDmnI3li5k=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5L2/55So6ICF
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us57ay5Z2A
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs55m75YWl5ZCN56ix
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyznmbvlhaXlt6XkvZznq5k=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs6aGv56S65ZCN56ix
+attributeDisplayNames:: dXJsLOe2suWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: dGl0bGUs5bel5L2c6IG356ix
+attributeDisplayNames:: dGVsZXhOdW1iZXIs6Zu75YKz6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOmbu+ipseiZn+eivA==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzooZfpgZPlnLDlnYA=
+attributeDisplayNames:: c3Qs55yB
+attributeDisplayNames:: c24s5aeT5rCP
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs55m75YWl5ZCN56ixIChXaW5kb3dzIDIwMDAg5YmN54mIKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOmbu+WCs+iZn+eivA==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWci+mamyBJU0ROIOiZn+eivA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzpg7XmlL/kv6HnrrE=
+attributeDisplayNames:: cG9zdGFsQ29kZSzpg7XpgZ7ljYDomZ8=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs6L6m5YWs5Zyw6bue
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSznqLHorII=
+attributeDisplayNames:: cGFnZXIs5ZG85Y+r5Zmo6Jmf56K8
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJQYWdlcizlkbzlj6vlmajomZ/norwgKOWFtuS7lik=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs6KGM5YuV6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOmbu+WtkOmDteS7tuWcsOWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOmbu+ipseiZn+eivCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs5L2P5a6F6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs5YKz55yf6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: aW5mbyzpmYToqLs=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs5rOo6Z+z5qiZ56S66YOo6ZaA
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLOazqOmfs+aomeekuuWFrOWPuOWQjeeosQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOazqOmfs+aomeekuumhr+ekuuWQjeeosQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLOazqOmfs+aomeekuuWnk+awjw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzms6jpn7PmqJnnpLrlkI3lrZc=
+attributeDisplayNames:: bW9iaWxlLOihjOWLlembu+ipseiZn+eivA==
+attributeDisplayNames:: bWlkZGxlTmFtZSzkuK3plpPlkI3lrZc=
+attributeDisplayNames:: bWVtYmVyT2Ys6Zq45bGs5pa8
+attributeDisplayNames:: bWFuYWdlcizkuLvnrqE=
+attributeDisplayNames:: bWFpbCzpm7vlrZDpg7Xku7blnLDlnYA=
+attributeDisplayNames:: bCznuKMv5biC
+attributeDisplayNames:: aXBQaG9uZSxJUCDpm7voqbHomZ/norw=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5ZyL6ZqbIElTRE4g6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: aW5pdGlhbHMs57iu5a+r5ZCN
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms5L2P5a625Zyw5Z2A
+attributeDisplayNames:: aG9tZVBob25lLOS9j+Wuhembu+ipsQ==
+attributeDisplayNames:: aG9tZURyaXZlLOS4u+ebrumMhOejgeeinw==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzkuLvnm67pjITos4fmlpnlpL4=
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjeWtlw==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizkuJbopbLnqLHorII=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLOWCs+ecn+iZn+eivA==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzlk6Hlt6XorZjliKXnorw=
+attributeDisplayNames:: ZGl2aXNpb24s6JmV
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs6L6o5Yil5ZCN56ix
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzlsazkuIs=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jploA=
+attributeDisplayNames:: Y29tcGFueSzlhazlj7g=
+attributeDisplayNames:: Y29tbWVudCzoqLvop6M=
+attributeDisplayNames:: Y28s5ZyL5a62KOWcsOWNgCk=
+attributeDisplayNames:: YyzlnIvlrrYo5Zyw5Y2AKee4ruWvqw==
+attributeDisplayNames:: Y24s5ZCN56ix
+attributeDisplayNames:: YXNzaXN0YW50LOWKqeeQhg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 576k57WE
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us57ay5Z2A
+attributeDisplayNames:: dXJsLOe2suWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs576k57WE5ZCN56ixIChXaW5kb3dzIDIwMDAg5YmN54mIKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs6L6m5YWs5Zyw6bue
+attributeDisplayNames:: aW5mbyzpmYToqLs=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOazqOmfs+aomeekuumhr+ekuuWQjeeosQ==
+attributeDisplayNames:: bWVtYmVyLOaIkOWToQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: bCznuKMv5biC
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs6L6o5Yil5ZCN56ix
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: YyzlnIvlrrYo5Zyw5Y2AKee4ruWvqw==
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 57ay5Z+f
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGMs5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 6YCj57Wh5Lq6
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us57ay5Z2A
+attributeDisplayNames:: dXJsLOe2suWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: dGl0bGUs5bel5L2c6IG356ix
+attributeDisplayNames:: dGVsZXhOdW1iZXIs6Zu75YKz6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOmbu+ipseiZn+eivA==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzooZfpgZPlnLDlnYA=
+attributeDisplayNames:: c3Qs55yB
+attributeDisplayNames:: c24s5aeT5rCP
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOmbu+WCs+iZn+eivA==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWci+mamyBJU0ROIOiZn+eivA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzpg7XmlL/kv6HnrrE=
+attributeDisplayNames:: cG9zdGFsQ29kZSzpg7XpgZ7ljYDomZ8=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs6L6m5YWs5Zyw6bue
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSznqLHorII=
+attributeDisplayNames:: cGFnZXIs5ZG85Y+r5Zmo6Jmf56K8
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJQYWdlcizlkbzlj6vlmajomZ/norwgKOWFtuS7lik=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs6KGM5YuV6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOmbu+WtkOmDteS7tuWcsOWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOmbu+ipseiZn+eivCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs5L2P5a6F6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs5YKz55yf6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs5rOo6Z+z5qiZ56S66YOo6ZaA
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLOazqOmfs+aomeekuuWFrOWPuOWQjeeosQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOazqOmfs+aomeekuumhr+ekuuWQjeeosQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLOazqOmfs+aomeekuuWnk+awjw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzms6jpn7PmqJnnpLrlkI3lrZc=
+attributeDisplayNames:: bW9iaWxlLOihjOWLlembu+ipseiZn+eivA==
+attributeDisplayNames:: bWlkZGxlTmFtZSzkuK3plpPlkI3lrZc=
+attributeDisplayNames:: bWVtYmVyT2Ys6Zq45bGs5pa8
+attributeDisplayNames:: bWFuYWdlcizkuLvnrqE=
+attributeDisplayNames:: bWFpbCzpm7vlrZDpg7Xku7blnLDlnYA=
+attributeDisplayNames:: bCznuKMv5biC
+attributeDisplayNames:: aXBQaG9uZSxJUCDpm7voqbHomZ/norw=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5ZyL6ZqbIElTRE4g6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: aW5mbyzpmYToqLs=
+attributeDisplayNames:: aW5pdGlhbHMs57iu5a+r5ZCN
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms5L2P5a625Zyw5Z2A
+attributeDisplayNames:: aG9tZVBob25lLOS9j+Wuhembu+ipsQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjeWtlw==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizkuJbopbLnqLHorII=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLOWCs+ecn+iZn+eivA==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzlk6Hlt6XorZjliKXnorw=
+attributeDisplayNames:: ZGl2aXNpb24s6JmV
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs6L6o5Yil5ZCN56ix
+attributeDisplayNames:: ZGlzcGxheU5hbWUs6aGv56S65ZCN56ix
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzlsazkuIs=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jploA=
+attributeDisplayNames:: Y29tcGFueSzlhazlj7g=
+attributeDisplayNames:: Y29tbWVudCzoqLvop6M=
+attributeDisplayNames:: Y24s5ZCN56ix
+attributeDisplayNames:: Y28s5ZyL5a62KOWcsOWNgCk=
+attributeDisplayNames:: YyzlnIvlrrYo5Zyw5Y2AKee4ruWvqw==
+attributeDisplayNames:: YXNzaXN0YW50LOWKqeeQhg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainPolicy-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 57ay5Z+f5Y6f5YmH
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5pys5qmf5Y6f5YmH
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5YWx55So6LOH5paZ5aS+
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSzntrLot6/ot6/lvpE=
+attributeDisplayNames:: a2V5d29yZHMs6Zec6Y215a2X
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5pyN5YuZ
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 6Zu76IWm
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOazqOmfs+aomeekuumhr+ekuuWQjeeosQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs6Zu76IWm5ZCN56ixIChXaW5kb3dzIDIwMDAg5YmN54mIKQ==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizkvZzmpa3ns7vntbHniYjmnKw=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLOS9nOalreezu+e1sQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5Y2w6KGo5qmf
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlciznianku7bniYjmnKw=
+attributeDisplayNames:: dXJsLOe2suWdgA==
+attributeDisplayNames:: c2VydmVyTmFtZSzkvLrmnI3lmajlkI3nqLE=
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzmlK/mj7Too53oqII=
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUs5YWx55So5ZCN56ix
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzpoIEv5YiG6ZCY
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzpgJ/luqbllq7kvY0=
+attributeDisplayNames:: cHJpbnRSYXRlLOmAn+W6pg==
+attributeDisplayNames:: cHJpbnRPd25lcizmk4HmnInogIXlkI3nqLE=
+attributeDisplayNames:: cHJpbnRNZW1vcnks5bey5a6J6KOd55qE6KiY5oa26auU
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzmlK/mj7TnmoTntJnlvLXpoZ7lnos=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LOWPr+S9v+eUqOe0meW8tQ==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLOacgOWkp+ino+aekOW6pg==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSzljbDooajmqZ/oqp7oqIA=
+attributeDisplayNames:: cHJpbnRlck5hbWUs5ZCN56ix
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQs5pSv5o+06ZuZ6Z2i5YiX5Y2w
+attributeDisplayNames:: cHJpbnRDb2xvcizmlK/mj7TlvanoibLliJfljbA=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLOaUr+aPtOagoeWwjQ==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzpgIHntJnljKM=
+attributeDisplayNames:: cG9ydE5hbWUs6YCj5o6l5Z+g
+attributeDisplayNames:: bG9jYXRpb24s5L2N572u
+attributeDisplayNames:: ZHJpdmVyTmFtZSzlnovomZ8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Ki76Kej
+attributeDisplayNames:: Y29udGFjdE5hbWUs6YCj57Wh5Lq6
+attributeDisplayNames:: YXNzZXROdW1iZXIs6LOH55Si57eo6Jmf
+attributeDisplayNames:: dU5DTmFtZSzntrLot6/lkI3nqLE=
+attributeDisplayNames:: Y24s55uu6YyE5pyN5YuZ5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 56uZ5Y+w
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 5Ly65pyN5Zmo
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 6Kit5a6a5YC8
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOioreWumuWAvA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOikh+Wvq+e1hA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 57ay5Z+f5o6n5Yi256uZ6Kit5a6a
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 6YCj57ea
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 5a2Q57ay6Lev
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 57WE57mU5Zau5L2N
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: b3Us5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5a655Y2A
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 5Y+X5L+h5Lu755qE57ay5Z+f
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQs5rOo6Z+z5qiZ56S66YOo6ZaALDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLOazqOmfs+aomeekuuWFrOWPuOWQjeeosSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLOazqOmfs+aomeekuuWnk+awjywwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSzms6jpn7PmqJnnpLrlkI3lrZcsMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOazqOmfs+aomeekuumhr+ekuuWQjeeosSwwLDEwMCww
+extraColumns:: cG9zdGFsQ29kZSzpg7XpgZ7ljYDomZ8sMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAg6Zu75a2Q6YO15Lu25Zyw5Z2ALDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUs5L2/55So6ICF55m75YWl5ZCN56ixLDAsMjAwLDA=
+extraColumns:: dGl0bGUs5bel5L2c6IG356ixLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyznm67mqJnkvY3lnYAsMCwxMDAsMA==
+extraColumns:: c3Qs55yBLDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs6L6m5YWs5a6kLDAsMTAwLDA=
+extraColumns:: d2hlbkNoYW5nZWQs5L+u5pS55pel5pyfLDAsMTMwLDA=
+extraColumns:: c24s5aeT5rCPLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkws56uL5Y2z6KiK5oGvIFVSTCwwLDE0MCww
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCznq4vljbPoqIrmga/kuLvkvLrmnI3lmagsMCwxNzAsMA==
+extraColumns:: Z2l2ZW5OYW1lLOWQjeWtlywwLDEwMCww
+extraColumns:: aG9tZU1EQixFeGNoYW5nZSDkv6HnrrHlrZjmlL7ljYAsMCwxMDAsMA==
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlIOWIpeWQjSwwLDE3NSww
+extraColumns:: bWFpbCzpm7vlrZDpg7Xku7blnLDlnYAsMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsV2luZG93cyAyMDAwIOWJjeeJiOeZu+WFpeWQjeeosSwwLDEyMCww
+extraColumns:: ZGlzcGxheU5hbWUs6aGv56S65ZCN56ixLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCzpg6jploAsMCwxNTAsMA==
+extraColumns:: YyzlnIvlrrYo5Zyw5Y2AKSwwLC0xLDA=
+extraColumns:: Y29tcGFueSzlhazlj7gsMCwxNTAsMA==
+extraColumns:: bCznuKMv5biCLDAsMTUwLDA=
+extraColumns:: dGVsZXBob25lTnVtYmVyLOWFrOWPuOmbu+ipsSwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 57ay56uZ6YCj57WQ
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 57ay56uZ6YCj57WQ5qmL5o6l5Zmo
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 56uZ5Y+w6ZaT5YKz6Ly4
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 5o6I5qyK57ay56uZ6Kit5a6a5YC8
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: 56uZ5Y+w6Kit5a6a5YC8
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOaIkOWToQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOioguaItg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOiogumWsQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UlBDIOacjeWLmQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDkvYfliJc=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDntYTmhYs=
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ Enterprise
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUSDljYfntJrkvb/nlKjogIU=
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDot6/nlLHpgKPntZA=
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDoqK3lrprlgLw=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUSDkvYfliJfliKXlkI0=
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSzmoLzlvI/lkI3nqLE=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: TVNNUSDnvqTntYQ=
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLOaIkOWToeS9h+WIlw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 6YGg56uv5a2Y5pS+5pyN5YuZ
+adminContextMenu:: MCznrqHnkIYoJk0pLi4uLFJzQWRtaW4ubXNj
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 57ay56uZ5a655Y2A
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 56uZ5Y+w6ZaT5YKz6Ly45a655Y2A
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 5a2Q57ay6Lev5a655Y2A
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 5Ly65pyN5Zmo5a655Y2A
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeSDntrLln5/mnI3li5k=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 5p+l6Kmi5Y6f5YmH
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 5aSW6YOo5a6J5YWo5oCn5Li76auU
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: 5oaR6K2J56+E5pys
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: Y24s5ZCN56ix
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LOS4iuasoeW3suefpeeItuezuywxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=404,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LOWKqeeQhg==
+attributeDisplayNames:: Y24s5ZCN56ix
+attributeDisplayNames:: YyzlnIvlrrYo5Zyw5Y2AKee4ruWvqw==
+attributeDisplayNames:: Y28s5ZyL5a62KOWcsOWNgCk=
+attributeDisplayNames:: Y29tbWVudCzoqLvop6M=
+attributeDisplayNames:: Y29tcGFueSzlhazlj7g=
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jploA=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s5o+P6L+w
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyzlsazkuIs=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs6L6o5Yil5ZCN56ix
+attributeDisplayNames:: ZGl2aXNpb24s6JmV
+attributeDisplayNames:: ZW1wbG95ZWVJRCzlk6Hlt6XorZjliKXnorw=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLOWCs+ecn+iZn+eivA==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizkuJbopbLnqLHorII=
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjeWtlw==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzkuLvnm67pjITos4fmlpnlpL4=
+attributeDisplayNames:: aG9tZURyaXZlLOS4u+ebrumMhOejgeeinw==
+attributeDisplayNames:: aG9tZVBob25lLOS9j+Wuhembu+ipsQ==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms5L2P5a625Zyw5Z2A
+attributeDisplayNames:: aW5pdGlhbHMs57iu5a+r5ZCN
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5ZyL6ZqbIElTRE4g6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: aXBQaG9uZSxJUCDpm7voqbHomZ/norw=
+attributeDisplayNames:: bCznuKMv5biC
+attributeDisplayNames:: bWFpbCzpm7vlrZDpg7Xku7blnLDlnYA=
+attributeDisplayNames:: bWFuYWdlcizkuLvnrqE=
+attributeDisplayNames:: bWVtYmVyT2Ys6Zq45bGs5pa8
+attributeDisplayNames:: bWlkZGxlTmFtZSzkuK3plpPlkI3lrZc=
+attributeDisplayNames:: bW9iaWxlLOihjOWLlembu+ipseiZn+eivA==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs5rOo6Z+z5qiZ56S66YOo6ZaA
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLOazqOmfs+aomeekuuWFrOWPuOWQjeeosQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOazqOmfs+aomeekuumhr+ekuuWQjeeosQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLOazqOmfs+aomeekuuWnk+awjw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzms6jpn7PmqJnnpLrlkI3lrZc=
+attributeDisplayNames:: aW5mbyzpmYToqLs=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIs5YKz55yf6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs5L2P5a6F6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOmbu+ipseiZn+eivCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOmbu+WtkOmDteS7tuWcsOWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUs6KGM5YuV6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: b3RoZXJQYWdlcizlkbzlj6vlmajomZ/norwgKOWFtuS7lik=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs6Zu76Kmx6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: cGFnZXIs5ZG85Y+r5Zmo6Jmf56K8
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSznqLHorII=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs6L6m5YWs5Zyw6bue
+attributeDisplayNames:: cG9zdGFsQ29kZSzpg7XpgZ7ljYDomZ8=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCzpg7XmlL/kv6HnrrE=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWci+mamyBJU0ROIOiZn+eivA==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOmbu+WCs+iZn+eivA==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs55m75YWl5ZCN56ixIChXaW5kb3dzIDIwMDAg5YmN54mIKQ==
+attributeDisplayNames:: c24s5aeT5rCP
+attributeDisplayNames:: c3Qs55yB
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyzooZfpgZPlnLDlnYA=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOmbu+ipseiZn+eivA==
+attributeDisplayNames:: dGVsZXhOdW1iZXIs6Zu75YKz6Jmf56K8ICjlhbbku5Yp
+attributeDisplayNames:: dGl0bGUs5bel5L2c6IG356ix
+attributeDisplayNames:: dXJsLOe2suWdgCAo5YW25LuWKQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUs6aGv56S65ZCN56ix
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyznmbvlhaXlt6XkvZznq5k=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs55m75YWl5ZCN56ix
+attributeDisplayNames:: d1dXSG9tZVBhZ2Us57ay5Z2A
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror-groep
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror-service
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Gebruiker
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: wWWHomePage,Adres van website
+attributeDisplayNames: userPrincipalName,Aanmeldingsnaam
+attributeDisplayNames: userWorkstations,Aanmeldingswerkstations
+attributeDisplayNames: displayName,Weergegeven naam
+attributeDisplayNames: url,Adres van website (overige)
+attributeDisplayNames: title,Functie
+attributeDisplayNames: telexNumber,Telexnummer (overige)
+attributeDisplayNames: telephoneNumber,Telefoonnummer
+attributeDisplayNames: streetAddress,Adres
+attributeDisplayNames: st,Provincie
+attributeDisplayNames: sn,Achternaam
+attributeDisplayNames: samAccountName,Aanmeldingsnaam (van voor Windows 2000)
+attributeDisplayNames: primaryTelexNumber,Telexnummer
+attributeDisplayNames: primaryInternationalISDNNumber,Internationaal ISDN-nummer
+attributeDisplayNames: postOfficeBox,Postbus
+attributeDisplayNames: postalCode,Postcode
+attributeDisplayNames: physicalDeliveryOfficeName,Kantoorlocatie
+attributeDisplayNames: personalTitle,titel
+attributeDisplayNames: pager,Pagernummer
+attributeDisplayNames: otherTelephone,Telefoonnummer (overige)
+attributeDisplayNames: otherPager,Pagernummer (overige)
+attributeDisplayNames: otherMobile,Mobiel nummer (overige)
+attributeDisplayNames: otherMailbox,E-mailadres (overige)
+attributeDisplayNames: otherIpPhone,IP-telefoonnummer (overige)
+attributeDisplayNames: otherHomePhone,Telefoonnummer thuis (overige)
+attributeDisplayNames: otherFacsimileTelephoneNumber,Faxnummer (overige)
+attributeDisplayNames: info,Notities
+attributeDisplayNames: mSDS-PhoneticDepartment,Fonetische afdeling
+attributeDisplayNames: mSDS-PhoneticCompanyName,Bedrijfsnaam (fonetisch)
+attributeDisplayNames: mSDS-PhoneticDisplayName,Fonetische weergavenaam
+attributeDisplayNames: mSDS-PhoneticLastName,Achternaam (fonetisch)
+attributeDisplayNames: mSDS-PhoneticFirstName,Voornaam (fonetisch)
+attributeDisplayNames: mobile,Mobiel nummer
+attributeDisplayNames: middleName,Middelste naam
+attributeDisplayNames: memberOf,Lid van
+attributeDisplayNames: manager,Manager
+attributeDisplayNames: mail,E-mailadres
+attributeDisplayNames: l,Plaats
+attributeDisplayNames: ipPhone,IP-telefoonnummer
+attributeDisplayNames: internationalISDNNumber,Internationaal ISDN-nummer (overige)
+attributeDisplayNames: initials,Initialen
+attributeDisplayNames: homePostalAddress,Thuisadres
+attributeDisplayNames: homePhone,Telefoon (thuis)
+attributeDisplayNames: homeDrive,Basisstation
+attributeDisplayNames: homeDirectory,Basismap
+attributeDisplayNames: givenName,Voornaam
+attributeDisplayNames: generationQualifier,Generatieachtervoegsel
+attributeDisplayNames: facsimileTelephoneNumber,Faxnummer
+attributeDisplayNames: employeeID,Medewerkers-id
+attributeDisplayNames: division,Afdeling
+attributeDisplayNames: distinguishedName,DN-naam
+attributeDisplayNames: directReports,Directe ondergeschikten
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: department,Afdeling
+attributeDisplayNames: company,Bedrijf
+attributeDisplayNames: comment,Opmerking
+attributeDisplayNames: co,Land
+attributeDisplayNames: c,Landafkorting
+attributeDisplayNames: cn,Naam
+attributeDisplayNames: assistant,Assistent
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: GROEP
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: wWWHomePage,Adres van website
+attributeDisplayNames: url,Adres van website (overige)
+attributeDisplayNames: samAccountName,Groepsnaam (van voor Windows 2000)
+attributeDisplayNames: physicalDeliveryOfficeName,Kantoorlocatie
+attributeDisplayNames: info,Notities
+attributeDisplayNames: mSDS-PhoneticDisplayName,Fonetische weergavenaam
+attributeDisplayNames: member,Leden
+attributeDisplayNames: managedBy,Beheerd door
+attributeDisplayNames: l,Plaats
+attributeDisplayNames: distinguishedName,DN-naam
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: c,Landafkorting
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: domein
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: dc,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contactpersoon
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: wWWHomePage,Adres van website
+attributeDisplayNames: url,Adres van website (overige)
+attributeDisplayNames: title,Functie
+attributeDisplayNames: telexNumber,Telexnummer (overige)
+attributeDisplayNames: telephoneNumber,Telefoonnummer
+attributeDisplayNames: streetAddress,Adres
+attributeDisplayNames: st,Provincie
+attributeDisplayNames: sn,Achternaam
+attributeDisplayNames: primaryTelexNumber,Telexnummer
+attributeDisplayNames: primaryInternationalISDNNumber,Internationaal ISDN-nummer
+attributeDisplayNames: postOfficeBox,Postbus
+attributeDisplayNames: postalCode,Postcode
+attributeDisplayNames: physicalDeliveryOfficeName,Kantoorlocatie
+attributeDisplayNames: personalTitle,titel
+attributeDisplayNames: pager,Pagernummer
+attributeDisplayNames: otherTelephone,Telefoonnummer (overige)
+attributeDisplayNames: otherPager,Pagernummer (overige)
+attributeDisplayNames: otherMobile,Mobiel nummer (overige)
+attributeDisplayNames: otherMailbox,E-mailadres (overige)
+attributeDisplayNames: otherIpPhone,IP-telefoonnummer (overige)
+attributeDisplayNames: otherHomePhone,Telefoonnummer thuis (overige)
+attributeDisplayNames: otherFacsimileTelephoneNumber,Faxnummer (overige)
+attributeDisplayNames: mSDS-PhoneticDepartment,Fonetische afdeling
+attributeDisplayNames: mSDS-PhoneticCompanyName,Bedrijfsnaam (fonetisch)
+attributeDisplayNames: mSDS-PhoneticDisplayName,Fonetische weergavenaam
+attributeDisplayNames: mSDS-PhoneticLastName,Achternaam (fonetisch)
+attributeDisplayNames: mSDS-PhoneticFirstName,Voornaam (fonetisch)
+attributeDisplayNames: mobile,Mobiel nummer
+attributeDisplayNames: middleName,Middelste naam
+attributeDisplayNames: memberOf,Lid van
+attributeDisplayNames: manager,Manager
+attributeDisplayNames: mail,E-mailadres
+attributeDisplayNames: l,Plaats
+attributeDisplayNames: ipPhone,IP-telefoonnummer
+attributeDisplayNames: internationalISDNNumber,Internationaal ISDN-nummer (overige)
+attributeDisplayNames: info,Notities
+attributeDisplayNames: initials,Initialen
+attributeDisplayNames: homePostalAddress,Thuisadres
+attributeDisplayNames: homePhone,Telefoon (thuis)
+attributeDisplayNames: givenName,Voornaam
+attributeDisplayNames: generationQualifier,Generatieachtervoegsel
+attributeDisplayNames: facsimileTelephoneNumber,Faxnummer
+attributeDisplayNames: employeeID,Medewerkers-id
+attributeDisplayNames: division,Afdeling
+attributeDisplayNames: distinguishedName,DN-naam
+attributeDisplayNames: displayName,Weergegeven naam
+attributeDisplayNames: directReports,Directe ondergeschikten
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: department,Afdeling
+attributeDisplayNames: company,Bedrijf
+attributeDisplayNames: comment,Opmerking
+attributeDisplayNames: cn,Naam
+attributeDisplayNames: co,Land
+attributeDisplayNames: c,Landafkorting
+attributeDisplayNames: assistant,Assistent
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainPolicy-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Domeinbeleid
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Lokaal beleid
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Gedeelde map
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: uNCName,Netwerkpad
+attributeDisplayNames: keywords,Trefwoorden
+attributeDisplayNames: managedBy,Beheerd door
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Service
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Computer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: MSDS-PhoneticDisplayName,Fonetische weergavenaam
+attributeDisplayNames: samAccountName,Computernaam (van voor Windows 2000)
+attributeDisplayNames: operatingSystemVersion,Operating System Version
+attributeDisplayNames: operatingSystem,Besturingssysteem
+attributeDisplayNames: managedBy,Beheerd door
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Printer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixPYmplY3R2ZXJzaWU=
+attributeDisplayNames:: dXJsLEFkcmVzIHZhbiB3ZWJzaXRl
+attributeDisplayNames:: c2VydmVyTmFtZSxTZXJ2ZXJuYWFt
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxPbmRlcnN0ZXVudCBuaWV0ZW4=
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsU2hhcmUtbmFhbQ==
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxQYWdpbmEncyBwZXIgbWludXV0
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxTbmVsaGVpZHNlZW5oZWRlbg==
+attributeDisplayNames:: cHJpbnRSYXRlLFNuZWxoZWlk
+attributeDisplayNames:: cHJpbnRPd25lcixOYWFtIGVpZ2VuYWFy
+attributeDisplayNames:: cHJpbnRNZW1vcnksR2XDr25zdGFsbGVlcmQgZ2VoZXVnZW4=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxPbmRlcnN0ZXVuZGUgcGFwaWVyc29vcnRlbg==
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LEJlc2NoaWtiYWFyIHBhcGllcg==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLE1heGltYWxlIHJlc29sdXRpZQ==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxQcmludGVydGFhbA==
+attributeDisplayNames:: cHJpbnRlck5hbWUsTmFhbQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsT25kZXJzdGV1bnQgZHViYmVsemlqZGlnIGFmZHJ1a2tlbg==
+attributeDisplayNames:: cHJpbnRDb2xvcixPbmRlcnN0ZXVudCBhZmRydWtrZW4gaW4ga2xldXI=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLE9uZGVyc3RldW50IHNvcnRlcmVu
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxJbnZvZXJsYWRl
+attributeDisplayNames:: cG9ydE5hbWUsUG9vcnQ=
+attributeDisplayNames:: bG9jYXRpb24sTG9jYXRpZQ==
+attributeDisplayNames:: ZHJpdmVyTmFtZSxtb2RlbA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3BtZXJraW5n
+attributeDisplayNames:: Y29udGFjdE5hbWUsQ29udGFjdHBlcnNvb24=
+attributeDisplayNames:: YXNzZXROdW1iZXIsRWlnZW5zY2hhcHNudW1tZXI=
+attributeDisplayNames:: dU5DTmFtZSxOZXR3ZXJrbmFhbQ==
+attributeDisplayNames:: Y24sTmFhbSB2YW4gYWRyZXNsaWpzdHNlcnZpY2U=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Website
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Instellingen
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-instellingen
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-replicaset
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Instellingen van domeincontroller
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Verbinding
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Subnet
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Afdeling
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: managedBy,Beheerd door
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: ou,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Container
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Vertrouwd domein
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns: msds-PhoneticDepartment,Fonetische afdeling,0,100,0
+extraColumns: msds-PhoneticCompanyName,Bedrijfsnaam (fonetisch),0,100,0
+extraColumns: msds-PhoneticLastName,Achternaam (fonetisch),0,100,0
+extraColumns: msds-PhoneticFirstName,Voornaam (fonetisch),0,100,0
+extraColumns: msds-PhoneticDisplayName,Fonetische weergavenaam,0,100,0
+extraColumns: postalCode,Postcode,0,100,0
+extraColumns: textEncodedORAddress,X.400-e-mailadres,0,130,0
+extraColumns: userPrincipalName,Aanmeldingsnaam van gebruiker,0,200,0
+extraColumns: title,Functie,0,100,0
+extraColumns: targetAddress,Doeladres,0,100,0
+extraColumns: st,Status,0,100,0
+extraColumns: physicalDeliveryOfficeName,Kantoor,0,100,0
+extraColumns: whenChanged,Gewijzigd,0,130,0
+extraColumns: sn,Achternaam,0,100,0
+extraColumns: msExchIMMetaPhysicalURL,URL van Instant Messaging,0,140,0
+extraColumns: msExchIMPhysicalURL,Basisserver voor Instant Messaging,0,170,0
+extraColumns: givenName,Voornaam,0,100,0
+extraColumns: homeMDB,Exchange-bostbusarchief,0,100,0
+extraColumns: mailNickname,Exchange-alias,0,175,0
+extraColumns: mail,E-mailadres,0,100,0
+extraColumns: sAMAccountName,Aanmeldingsnaam van voor Windows 2000,0,120,0
+extraColumns: displayName,Weergegeven naam,0,100,0
+extraColumns: department,Afdeling,0,150,0
+extraColumns: c,Land,0,-1,0
+extraColumns: company,Bedrijf,0,150,0
+extraColumns: l,Plaats,0,150,0
+extraColumns: telephoneNumber,Zakelijke telefoon,0,100,0
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Koppeling naar site
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Sitekoppelingsbrug
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Intersitetransport
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Instellingen van licentiesite
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName: Site-instellingen
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-lid
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-abonnee
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-abonnementen
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: RPC-services
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-wachtrij
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-configuratie
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ-onderneming
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName: Bijgewerkte MSMQ-gebruiker
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: Koppeling van MSMQ-routering
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-instellingen
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: MSMQ-wachtrij-alias
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Indelingsnaam
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: MSMQ-groep
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames: member,Wachtrijen voor leden
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Remote Storage-service
+adminContextMenu: 0,&Beheren...,RsAdmin.msc
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Sitecontainer
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Intersite-transportcontainer
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Subnetcontainer
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Servercontainer
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Active Directory Domain Services
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Query-beleid
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Afwijkende beveiligings-principal
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Certificaatsjabloon
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: cn,Naam
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns: lastKnownParent,Laatst bekende bovenligger,1,300,0
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=413,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: assistant,Assistent
+attributeDisplayNames: cn,Naam
+attributeDisplayNames: c,Landafkorting
+attributeDisplayNames: co,Land
+attributeDisplayNames: comment,Opmerking
+attributeDisplayNames: company,Bedrijf
+attributeDisplayNames: department,Afdeling
+attributeDisplayNames: description,Beschrijving
+attributeDisplayNames: directReports,Directe ondergeschikten
+attributeDisplayNames: distinguishedName,DN-naam
+attributeDisplayNames: division,Afdeling
+attributeDisplayNames: employeeID,Medewerkers-id
+attributeDisplayNames: facsimileTelephoneNumber,Faxnummer
+attributeDisplayNames: generationQualifier,Generatieachtervoegsel
+attributeDisplayNames: givenName,Voornaam
+attributeDisplayNames: homeDirectory,Basismap
+attributeDisplayNames: homeDrive,Basisstation
+attributeDisplayNames: homePhone,Telefoon (thuis)
+attributeDisplayNames: homePostalAddress,Thuisadres
+attributeDisplayNames: initials,Initialen
+attributeDisplayNames: internationalISDNNumber,Internationaal ISDN-nummer (overige)
+attributeDisplayNames: ipPhone,IP-telefoonnummer
+attributeDisplayNames: l,Plaats
+attributeDisplayNames: mail,E-mailadres
+attributeDisplayNames: manager,Manager
+attributeDisplayNames: memberOf,Lid van
+attributeDisplayNames: middleName,Middelste naam
+attributeDisplayNames: mobile,Mobiel nummer
+attributeDisplayNames: mSDS-PhoneticDepartment,Fonetische afdeling
+attributeDisplayNames: mSDS-PhoneticCompanyName,Bedrijfsnaam (fonetisch)
+attributeDisplayNames: mSDS-PhoneticDisplayName,Fonetische weergavenaam
+attributeDisplayNames: mSDS-PhoneticLastName,Achternaam (fonetisch)
+attributeDisplayNames: mSDS-PhoneticFirstName,Voornaam (fonetisch)
+attributeDisplayNames: info,Notities
+attributeDisplayNames: otherFacsimileTelephoneNumber,Faxnummer (overige)
+attributeDisplayNames: otherHomePhone,Telefoon thuis (overige)
+attributeDisplayNames: otherIpPhone,IP-telefoonnummer (overige)
+attributeDisplayNames: otherMailbox,E-mailadres (overige)
+attributeDisplayNames: otherMobile,Mobiel nummer (overige)
+attributeDisplayNames: otherPager,Pagernummer (overige)
+attributeDisplayNames: otherTelephone,Telefoonnummer (overige)
+attributeDisplayNames: pager,Pagernummer
+attributeDisplayNames: personalTitle,titel
+attributeDisplayNames: physicalDeliveryOfficeName,Kantoorlocatie
+attributeDisplayNames: postalCode,Postcode
+attributeDisplayNames: postOfficeBox,Postbus
+attributeDisplayNames: primaryInternationalISDNNumber,Internationaal ISDN-nummer
+attributeDisplayNames: primaryTelexNumber,Telexnummer
+attributeDisplayNames: samAccountName,Aanmeldingsnaam (van voor Windows 2000)
+attributeDisplayNames: sn,Achternaam
+attributeDisplayNames: st,Provincie
+attributeDisplayNames: streetAddress,Adres
+attributeDisplayNames: telephoneNumber,Telefoonnummer
+attributeDisplayNames: telexNumber,Telexnummer (overige)
+attributeDisplayNames: title,Functie
+attributeDisplayNames: url,Adres van website (overige)
+attributeDisplayNames: displayName,Weergegeven naam
+attributeDisplayNames: userWorkstations,Aanmeldingswerkstations
+attributeDisplayNames: userPrincipalName,Aanmeldingsnaam
+attributeDisplayNames: wWWHomePage,Adres van website
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Grupo IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: Servicio IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Usuario
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRGlyZWNjacOzbiBkZSBww6FnaW5hIHdlYg==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tYnJlIGRlIGluaWNpbyBkZSBzZXNpw7Nu
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxFc3RhY2lvbmVzIGRlIHRyYWJham8gZGUgaW5pY2lvIGRlIHNlc2nDs24=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tYnJlIHBhcmEgbW9zdHJhcg==
+attributeDisplayNames:: dXJsLERpcmVjY2nDs24gZGUgcMOhZ2luYSB3ZWIgKG90cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTsO6bWVybyBkZSB0w6lsZXggKG90cm9zKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgdGVsw6lmb25v
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxDYWxsZQ==
+attributeDisplayNames:: c3QsRXN0YWRvL1Byb3ZpbmNpYQ==
+attributeDisplayNames:: c24sQXBlbGxpZG9z
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tYnJlIGRlIGluaWNpbyBkZSBzZXNpw7NuIChhbnRlcmlvciBhIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE7Dum1lcm8gZGUgdMOpbGV4
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE7Dum1lcm8gSVNETiAoUkRTSSkgaW50ZXJuYWNpb25hbA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxBcGFydGFkbyBkZSBjb3JyZW9z
+attributeDisplayNames:: cG9zdGFsQ29kZSxDw7NkaWdvIHBvc3RhbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWJpY2FjacOzbiBkZSBsYSBvZmljaW5h
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGFnZXIsTsO6bWVybyBkZSBidXNjYXBlcnNvbmFz
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTsO6bWVybyBkZSB0ZWzDqWZvbm8gKG90cm9zKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOw7ptZXJvIGRlIGJ1c2NhcGVyc29uYXMgKG90cm9zKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTsO6bS4gZGUgdGVsw6lmb25vIG3Ds3ZpbCAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LERpcmVjY2nDs24gZGUgY29ycmVvIGVsZWN0csOzbmljbyAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJJcFBob25lLE7Dum0uIGRlIHRlbMOpZm9ubyBkZSBJUCAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTsO6bWVybyBkZSB0ZWzDqWZvbm8gcGFydGljdWxhciAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTsO6bWVybyBkZSBmYXggKG90cm9zKQ==
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRGVwYXJ0YW1lbnRvIGZvbsOpdGljbw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLE5vbWJyZSBkZSBlbXByZXNhIGZvbsOpdGljbw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbWJyZSBmb27DqXRpY28gcGFyYSBtb3N0cmFy
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEFwZWxsaWRvIGZvbsOpdGljbw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxOb21icmUgZm9uw6l0aWNv
+attributeDisplayNames:: bW9iaWxlLE7Dum1lcm8gZGUgdGVsw6lmb25vIG3Ds3ZpbA==
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWd1bmRvIG5vbWJyZQ==
+attributeDisplayNames:: bWVtYmVyT2YsTWllbWJybyBkZQ==
+attributeDisplayNames:: bWFuYWdlcixBZG1pbmlzdHJhZG9y
+attributeDisplayNames:: bWFpbCxEaXJlY2Npw7NuIGRlIGNvcnJlbyBlbGVjdHLDs25pY28=
+attributeDisplayNames:: bCxDaXVkYWQ=
+attributeDisplayNames:: aXBQaG9uZSxOw7ptLiBkZSB0ZWzDqWZvbm8gZGVsIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTsO6bWVybyBJU0ROIChSRFNJKSBpbnRlcm5hY2lvbmFsIChvdHJvcyk=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhbGVz
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRGlyZWNjacOzbiBwZXJzb25hbA==
+attributeDisplayNames:: aG9tZVBob25lLFRlbMOpZm9ubyBwYXJ0aWN1bGFy
+attributeDisplayNames:: aG9tZURyaXZlLFVuaWRhZCBwYXJ0aWN1bGFy
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxDYXJwZXRhIHBhcnRpY3VsYXI=
+attributeDisplayNames:: Z2l2ZW5OYW1lLFByaW1lciBub21icmU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpam8gZ2VuZXJhY2lvbmFs
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgZmF4
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZC4gZGUgZW1wbGVhZG8=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpw7Nu
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tYnJlIGRpc3RpbnRpdm8=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxTdXBlcnZpc2EgYQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: Y29tcGFueSxDb21wYcOxw61h
+attributeDisplayNames:: Y29tbWVudCxDb21lbnRhcmlv
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkZSBwYcOtcw==
+attributeDisplayNames:: Y24sTm9tYnJl
+attributeDisplayNames:: YXNzaXN0YW50LEF5dWRhbnRl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Grupo
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRGlyZWNjacOzbiBkZSBww6FnaW5hIHdlYg==
+attributeDisplayNames:: dXJsLERpcmVjY2nDs24gZGUgcMOhZ2luYSB3ZWIgKG90cm9zKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tYnJlIGRlbCBncnVwbyAoYW50ZXJpb3IgYSBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWJpY2FjacOzbiBkZSBsYSBvZmljaW5h
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbWJyZSBmb27DqXRpY28gcGFyYSBtb3N0cmFy
+attributeDisplayNames:: bWVtYmVyLE1pZW1icm9z
+attributeDisplayNames:: bWFuYWdlZEJ5LEFkbWluaXN0cmFkbyBwb3I=
+attributeDisplayNames:: bCxDaXVkYWQ=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tYnJlIGRpc3RpbnRpdm8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkZSBwYcOtcw==
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Dominio
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: ZGMsTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contacto
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRGlyZWNjacOzbiBkZSBww6FnaW5hIHdlYg==
+attributeDisplayNames:: dXJsLERpcmVjY2nDs24gZGUgcMOhZ2luYSB3ZWIgKG90cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTsO6bWVybyBkZSB0w6lsZXggKG90cm9zKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgdGVsw6lmb25v
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxDYWxsZQ==
+attributeDisplayNames:: c3QsRXN0YWRvL1Byb3ZpbmNpYQ==
+attributeDisplayNames:: c24sQXBlbGxpZG9z
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE7Dum1lcm8gZGUgdMOpbGV4
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE7Dum1lcm8gSVNETiAoUkRTSSkgaW50ZXJuYWNpb25hbA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxBcGFydGFkbyBkZSBjb3JyZW9z
+attributeDisplayNames:: cG9zdGFsQ29kZSxDw7NkaWdvIHBvc3RhbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWJpY2FjacOzbiBkZSBsYSBvZmljaW5h
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGFnZXIsTsO6bWVybyBkZSBidXNjYXBlcnNvbmFz
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTsO6bWVybyBkZSB0ZWzDqWZvbm8gKG90cm9zKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOw7ptZXJvIGRlIGJ1c2NhcGVyc29uYXMgKG90cm9zKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTsO6bS4gZGUgdGVsw6lmb25vIG3Ds3ZpbCAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LERpcmVjY2nDs24gZGUgY29ycmVvIGVsZWN0csOzbmljbyAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJJcFBob25lLE7Dum0uIGRlIHRlbMOpZm9ubyBkZSBJUCAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTsO6bWVybyBkZSB0ZWzDqWZvbm8gcGFydGljdWxhciAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTsO6bWVybyBkZSBmYXggKG90cm9zKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRGVwYXJ0YW1lbnRvIGZvbsOpdGljbw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLE5vbWJyZSBkZSBlbXByZXNhIGZvbsOpdGljbw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbWJyZSBmb27DqXRpY28gcGFyYSBtb3N0cmFy
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEFwZWxsaWRvIGZvbsOpdGljbw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxOb21icmUgZm9uw6l0aWNv
+attributeDisplayNames:: bW9iaWxlLE7Dum1lcm8gZGUgdGVsw6lmb25vIG3Ds3ZpbA==
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWd1bmRvIG5vbWJyZQ==
+attributeDisplayNames:: bWVtYmVyT2YsTWllbWJybyBkZQ==
+attributeDisplayNames:: bWFuYWdlcixBZG1pbmlzdHJhZG9y
+attributeDisplayNames:: bWFpbCxEaXJlY2Npw7NuIGRlIGNvcnJlbyBlbGVjdHLDs25pY28=
+attributeDisplayNames:: bCxDaXVkYWQ=
+attributeDisplayNames:: aXBQaG9uZSxOw7ptLiBkZSB0ZWzDqWZvbm8gZGVsIElQ
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTsO6bWVybyBJU0ROIChSRFNJKSBpbnRlcm5hY2lvbmFsIChvdHJvcyk=
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhbGVz
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRGlyZWNjacOzbiBwZXJzb25hbA==
+attributeDisplayNames:: aG9tZVBob25lLFRlbMOpZm9ubyBwYXJ0aWN1bGFy
+attributeDisplayNames:: Z2l2ZW5OYW1lLFByaW1lciBub21icmU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpam8gZ2VuZXJhY2lvbmFs
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgZmF4
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZC4gZGUgZW1wbGVhZG8=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpw7Nu
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tYnJlIGRpc3RpbnRpdm8=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tYnJlIHBhcmEgbW9zdHJhcg==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxTdXBlcnZpc2EgYQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: Y29tcGFueSxDb21wYcOxw61h
+attributeDisplayNames:: Y29tbWVudCxDb21lbnRhcmlv
+attributeDisplayNames:: Y24sTm9tYnJl
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkZSBwYcOtcw==
+attributeDisplayNames:: YXNzaXN0YW50LEF5dWRhbnRl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainPolicy-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Directiva de dominio
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Directiva local
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Carpeta compartida
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxSdXRhIGRlIGFjY2VzbyBhIGxhIHJlZA==
+attributeDisplayNames:: a2V5d29yZHMsUGFsYWJyYXMgY2xhdmU=
+attributeDisplayNames:: bWFuYWdlZEJ5LEFkbWluaXN0cmFkbyBwb3I=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Servicio
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Equipo
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbWJyZSBmb27DqXRpY28gcGFyYSBtb3N0cmFy
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tYnJlIGRlbCBlcXVpcG8gKGFudGVyaW9yIGEgV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixWZXJzacOzbiBkZWwgc2lzdGVtYSBvcGVyYXRpdm8=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLFNpc3RlbWEgb3BlcmF0aXZv
+attributeDisplayNames:: bWFuYWdlZEJ5LEFkbWluaXN0cmFkbyBwb3I=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Impresora
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixWZXJzacOzbiBkZWwgb2JqZXRv
+attributeDisplayNames:: dXJsLERpcmVjY2nDs24gZGUgcMOhZ2luYSB3ZWI=
+attributeDisplayNames:: c2VydmVyTmFtZSxOb21icmUgZGVsIHNlcnZpZG9y
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxQZXJtaXRlIGdyYXBhZG8=
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTm9tYnJlIGRlbCByZWN1cnNvIGNvbXBhcnRpZG8=
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxQw6FnaW5hcyBwb3IgbWludXRv
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxVbmlkYWRlcyBkZSB2ZWxvY2lkYWQ=
+attributeDisplayNames:: cHJpbnRSYXRlLFZlbG9jaWRhZA==
+attributeDisplayNames:: cHJpbnRPd25lcixOb21icmUgZGVsIHByb3BpZXRhcmlv
+attributeDisplayNames:: cHJpbnRNZW1vcnksTWVtb3JpYSBpbnN0YWxhZGE=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxUaXBvcyBkZSBwYXBlbCBhZG1pdGlkb3M=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFBhcGVsIGRpc3BvbmlibGU=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLFJlc29sdWNpw7NuIG3DoXhpbWE=
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxJZGlvbWEgZGUgaW1wcmVzacOzbg==
+attributeDisplayNames:: cHJpbnRlck5hbWUsTm9tYnJl
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsQWRtaXRlIGltcHJlc2nDs24gYSBkb2JsZSBjYXJh
+attributeDisplayNames:: cHJpbnRDb2xvcixBZG1pdGUgaW1wcmVzacOzbiBlbiBjb2xvcmVz
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLEFkbWl0ZSBpbnRlcmNhbGFkbw==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxCYW5kZWphcyBkZSBlbnRyYWRh
+attributeDisplayNames:: cG9ydE5hbWUsUHVlcnRv
+attributeDisplayNames:: bG9jYXRpb24sVWJpY2FjacOzbg==
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQ29tZW50YXJpbw==
+attributeDisplayNames:: Y29udGFjdE5hbWUsQ29udGFjdG8=
+attributeDisplayNames:: YXNzZXROdW1iZXIsTsO6bWVybyBkZSBpbnZlbnRhcmlv
+attributeDisplayNames:: dU5DTmFtZSxOb21icmUgZGUgcmVk
+attributeDisplayNames:: Y24sTm9tYnJlIGRlIHNlcnZpY2lvIGRlIGRpcmVjdG9yaW8=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Sitio
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Servidor
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: Q29uZmlndXJhY2nDs24=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: Q29uZmlndXJhY2nDs24gRlJT
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: Q29uanVudG8gZGUgcsOpcGxpY2FzIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: Q29uZmlndXJhY2nDs24gZGVsIGNvbnRyb2xhZG9yIGRlIGRvbWluaW8=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: Q29uZXhpw7Nu
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Subred
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Unidad organizativa
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LEFkbWluaXN0cmFkbyBwb3I=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: b3UsTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contenedor
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Dominio de confianza
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQsRGVwYXJ0YW1lbnRvIGZvbsOpdGljbywwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLE5vbWJyZSBkZSBlbXByZXNhIGZvbsOpdGljbywwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLEFwZWxsaWRvIGZvbsOpdGljbywwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSxOb21icmUgZm9uw6l0aWNvLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbWJyZSBmb27DqXRpY28gcGFyYSBtb3N0cmFyLDAsMTAwLDA=
+extraColumns:: cG9zdGFsQ29kZSxDLiBwb3N0YWwsMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsRGlyZWNjacOzbiBkZSBjb3JyZW8gZWxlY3Ryw7NuaWNvIFguNDAwLDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsTm9tYnJlIGRlIGluaWNpbyBkZSBzZXNpw7NuIGRlbCB1c3VhcmlvLDAsMjAwLDA=
+extraColumns:: dGl0bGUsQ2FyZ28sMCwxMDAsMA==
+extraColumns:: dGFyZ2V0QWRkcmVzcyxEaXJlY2Npw7NuIGRlIGRlc3Rpbm8sMCwxMDAsMA==
+extraColumns:: c3QsRXN0YWRvLDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsT2ZpY2luYSwwLDEwMCww
+extraColumns:: d2hlbkNoYW5nZWQsTW9kaWZpY2FkbywwLDEzMCww
+extraColumns:: c24sQXBlbGxpZG9zLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMIGRlIG1lbnNhamUgaW5zdGFudMOhbmVvLDAsMTQwLDA=
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxTZXJ2aWRvciBwcmluY2lwYWwgZGUgbWVuc2FqZXMgaW5zdGFudMOhbmVvcywwLDE3MCww
+extraColumns:: Z2l2ZW5OYW1lLFByaW1lciBub21icmUsMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixBbG1hY8OpbiBkZSBsYSBCYW5kZWphIGRlIGVudHJhZGEgZGUgRXhjaGFuZ2UsMCwxMDAsMA==
+extraColumns:: bWFpbE5pY2tuYW1lLEFsaWFzIGRlIEV4Y2hhbmdlLDAsMTc1LDA=
+extraColumns:: bWFpbCxEaXJlY2Npw7NuIGRlIGNvcnJlbyBlbGVjdHLDs25pY28sMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsTm9tYnJlIGRlIGluaWNpbyBkZSBzZXNpw7NuIGFudGVyaW9yIGEgV2luZG93cyAyMDAwLDAsMTIwLDA=
+extraColumns:: ZGlzcGxheU5hbWUsTm9tYnJlIHBhcmEgbW9zdHJhciwwLDEwMCww
+extraColumns:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8sMCwxNTAsMA==
+extraColumns:: YyxQYcOtcywwLC0xLDA=
+extraColumns:: Y29tcGFueSxDb21wYcOxw61hLDAsMTUwLDA=
+extraColumns:: bCxDaXVkYWQsMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLFRlbMOpZm9ubyBkZWwgdHJhYmFqbywwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: VsOtbmN1bG8gZGUgc2l0aW8=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UHVlbnRlIGRlIHbDrW5jdWxvIGEgc2l0aW8=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Transporte entre sitios
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: Q29uZmlndXJhY2nDs24gZGVsIHNpdGlvIGRlIGxpY2VuY2lh
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: Q29uZmlndXJhY2nDs24gZGVsIHNpdGlv
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Miembro de FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Suscriptor de FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Suscripciones a FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Servicios RPC
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: Cola de MSMQ
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: Q29uZmlndXJhY2nDs24gZGUgTVNNUQ==
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: Empresa de MSMQ
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName: Usuario actualizado de MSMQ
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: VsOtbmN1bG8gZGUgZW5ydXRhbWllbnRvIGRlIE1TTVE=
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: UGFyw6FtZXRyb3MgZGUgTVNNUQ==
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: Alias de cola de MSMQ
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSxOb21icmUgZGUgZm9ybWF0bw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: Grupo de MSMQ
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLENvbGFzIGRlIGVzcGVyYSBkZWwgbWllbWJybw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Servicio de almacenamiento remoto
+adminContextMenu: 0,&Administrar...,RsAdmin.msc
+attributeDisplayNames: cn,Nombre
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenedor de sitios
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenedor de transportes entre sitios
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenedor de subredes
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenedor de servidores
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Servicios de dominio de Active Directory
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Directiva de consulta
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Entidad de seguridad externa
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Plantilla de certificado
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: Y24sTm9tYnJl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LFByaW5jaXBhbCDDumx0aW1vIGNvbm9jaWRvLDEsMzAwLDA=
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=C0A,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEF5dWRhbnRl
+attributeDisplayNames:: Y24sTm9tYnJl
+attributeDisplayNames:: YyxBYnJldmlhdHVyYSBkZSBwYcOtcw==
+attributeDisplayNames:: Y28sUGHDrXM=
+attributeDisplayNames:: Y29tbWVudCxDb21lbnRhcmlv
+attributeDisplayNames:: Y29tcGFueSxDb21wYcOxw61h
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEZXBhcnRhbWVudG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpcGNpw7Nu
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxTdXBlcnZpc2EgYQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tYnJlIGRpc3RpbnRpdm8=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpw7Nu
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZC4gZGUgZW1wbGVhZG8=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgZmF4
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpam8gZ2VuZXJhY2lvbmFs
+attributeDisplayNames:: Z2l2ZW5OYW1lLFByaW1lciBub21icmU=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxDYXJwZXRhIHBhcnRpY3VsYXI=
+attributeDisplayNames:: aG9tZURyaXZlLFVuaWRhZCBwYXJ0aWN1bGFy
+attributeDisplayNames:: aG9tZVBob25lLFRlbMOpZm9ubyBwYXJ0aWN1bGFy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRGlyZWNjacOzbiBwZXJzb25hbA==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2lhbGVz
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTsO6bWVybyBJU0ROIChSRFNJKSBpbnRlcm5hY2lvbmFsIChvdHJvcyk=
+attributeDisplayNames:: aXBQaG9uZSxOw7ptLiBkZSB0ZWzDqWZvbm8gZGVsIElQ
+attributeDisplayNames:: bCxDaXVkYWQ=
+attributeDisplayNames:: bWFpbCxEaXJlY2Npw7NuIGRlIGNvcnJlbyBlbGVjdHLDs25pY28=
+attributeDisplayNames:: bWFuYWdlcixBZG1pbmlzdHJhZG9y
+attributeDisplayNames:: bWVtYmVyT2YsTWllbWJybyBkZQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWd1bmRvIG5vbWJyZQ==
+attributeDisplayNames:: bW9iaWxlLE7Dum1lcm8gZGUgdGVsw6lmb25vIG3Ds3ZpbA==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRGVwYXJ0YW1lbnRvIGZvbsOpdGljbw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLE5vbWJyZSBkZSBlbXByZXNhIGZvbsOpdGljbw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbWJyZSBmb27DqXRpY28gcGFyYSBtb3N0cmFy
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEFwZWxsaWRvIGZvbsOpdGljbw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxOb21icmUgZm9uw6l0aWNv
+attributeDisplayNames:: aW5mbyxOb3Rhcw==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTsO6bWVybyBkZSBmYXggKG90cm9zKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTsO6bWVybyBkZSB0ZWzDqWZvbm8gcGFydGljdWxhciAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJJcFBob25lLE7Dum0uIGRlIHRlbMOpZm9ubyBkZSBJUCAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LERpcmVjY2nDs24gZGUgY29ycmVvIGVsZWN0csOzbmljbyAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTsO6bS4gZGUgdGVsw6lmb25vIG3Ds3ZpbCAob3Ryb3Mp
+attributeDisplayNames:: b3RoZXJQYWdlcixOw7ptZXJvIGRlIGJ1c2NhcGVyc29uYXMgKG90cm9zKQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTsO6bWVybyBkZSB0ZWzDqWZvbm8gKG90cm9zKQ==
+attributeDisplayNames:: cGFnZXIsTsO6bWVybyBkZSBidXNjYXBlcnNvbmFz
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUw610dWxv
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWJpY2FjacOzbiBkZSBsYSBvZmljaW5h
+attributeDisplayNames:: cG9zdGFsQ29kZSxDw7NkaWdvIHBvc3RhbA==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxBcGFydGFkbyBkZSBjb3JyZW9z
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE7Dum1lcm8gSVNETiAoUkRTSSkgaW50ZXJuYWNpb25hbA==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE7Dum1lcm8gZGUgdMOpbGV4
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tYnJlIGRlIGluaWNpbyBkZSBzZXNpw7NuIChhbnRlcmlvciBhIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: c24sQXBlbGxpZG9z
+attributeDisplayNames:: c3QsRXN0YWRvL1Byb3ZpbmNpYQ==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxDYWxsZQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE7Dum1lcm8gZGUgdGVsw6lmb25v
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTsO6bWVybyBkZSB0w6lsZXggKG90cm9zKQ==
+attributeDisplayNames:: dGl0bGUsQ2FyZ28=
+attributeDisplayNames:: dXJsLERpcmVjY2nDs24gZGUgcMOhZ2luYSB3ZWIgKG90cm9zKQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tYnJlIHBhcmEgbW9zdHJhcg==
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxFc3RhY2lvbmVzIGRlIHRyYWJham8gZGUgaW5pY2lvIGRlIHNlc2nDs24=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tYnJlIGRlIGluaWNpbyBkZSBzZXNpw7Nu
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsRGlyZWNjacOzbiBkZSBww6FnaW5hIHdlYg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror-grupp
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvci10asOkbnN0
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: QW52w6RuZGFyZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViYnNpZGVzYWRyZXNz
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsSW5sb2dnbmluZ3NuYW1u
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxJbmxvZ2duaW5nc2FyYmV0c3N0YXRpb25lcg==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzbmluZ3NuYW1u
+attributeDisplayNames:: dXJsLFdlYmJzaWRlc2FkcmVzcyAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: dGl0bGUsQmVmYXR0bmluZw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXgtbnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxHYXR1YWRyZXNz
+attributeDisplayNames:: c3QsUmVnaW9u
+attributeDisplayNames:: c24sRWZ0ZXJuYW1u
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsSW5sb2dnbmluZ3NuYW1uIChmw7ZyZSBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4LW51bW1lcg==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLElTRE4tbnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxCb3g=
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQXJiZXRzcGxhdHM=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRlbA==
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O2a2FybnVtbWVy
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm51bW1lciAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7ZrYXJudW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtcG9zdGFkcmVzcyAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgaGVtIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: aW5mbyxLb21tZW50YXJlcg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uZXRpc2sgYXZkZWxuaW5n
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbmV0aXNrdCBmw7ZyZXRhZ3NuYW1u
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmV0aXNrdCB2aXNuaW5nc25hbW4=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEZvbmV0aXNrdCBlZnRlcm5hbW4=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxGb25ldGlza3QgZsO2cm5hbW4=
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsYW5uYW1u
+attributeDisplayNames:: bWVtYmVyT2YsTWVkbGVtIGk=
+attributeDisplayNames:: bWFuYWdlcixDaGVm
+attributeDisplayNames:: bWFpbCxFLXBvc3RhZHJlc3M=
+attributeDisplayNames:: bCxPcnQ=
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSVNETi1udW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzLCBoZW0=
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24sIGhlbQ==
+attributeDisplayNames:: aG9tZURyaXZlLEFyYmV0c2VuaGV0
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxBcmJldHNtYXBw
+attributeDisplayNames:: Z2l2ZW5OYW1lLEbDtnJuYW1u
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYW1uc3VmZml4
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnN0w6RsbG5pbmdzLUlE
+attributeDisplayNames:: ZGl2aXNpb24sQXZkZWxuaW5n
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsVW5pa3QgbmFtbg==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxVbmRlcnN0w6RsbGRh
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3Jpdm5pbmc=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBdmRlbG5pbmc=
+attributeDisplayNames:: Y29tcGFueSxPcmdhbmlzYXRpb24=
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kc2bDtnJrb3J0bmluZw==
+attributeDisplayNames:: Y24sTmFtbg==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Grupp
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViYnNpZGVzYWRyZXNz
+attributeDisplayNames:: dXJsLFdlYmJzaWRlc2FkcmVzcyAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsR3J1cHBuYW1uIChmw7ZyZSBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQXJiZXRzcGxhdHM=
+attributeDisplayNames:: aW5mbyxLb21tZW50YXJlcg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmV0aXNrdCB2aXNuaW5nc25hbW4=
+attributeDisplayNames:: bWVtYmVyLE1lZGxlbW1hcg==
+attributeDisplayNames:: bWFuYWdlZEJ5LEhhbnRlcmFkIGF2
+attributeDisplayNames:: bCxPcnQ=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsVW5pa3QgbmFtbg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3Jpdm5pbmc=
+attributeDisplayNames:: YyxMYW5kc2bDtnJrb3J0bmluZw==
+attributeDisplayNames:: Y24sTmFtbg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9tw6Ru
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: dc,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Kontakt
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViYnNpZGVzYWRyZXNz
+attributeDisplayNames:: dXJsLFdlYmJzaWRlc2FkcmVzcyAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: dGl0bGUsQmVmYXR0bmluZw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXgtbnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxHYXR1YWRyZXNz
+attributeDisplayNames:: c3QsUmVnaW9u
+attributeDisplayNames:: c24sRWZ0ZXJuYW1u
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4LW51bW1lcg==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLElTRE4tbnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxCb3g=
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQXJiZXRzcGxhdHM=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRlbA==
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O2a2FybnVtbWVy
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm51bW1lciAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7ZrYXJudW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtcG9zdGFkcmVzcyAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgaGVtIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uZXRpc2sgYXZkZWxuaW5n
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbmV0aXNrdCBmw7ZyZXRhZ3NuYW1u
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmV0aXNrdCB2aXNuaW5nc25hbW4=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEZvbmV0aXNrdCBlZnRlcm5hbW4=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxGb25ldGlza3QgZsO2cm5hbW4=
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsYW5uYW1u
+attributeDisplayNames:: bWVtYmVyT2YsTWVkbGVtIGk=
+attributeDisplayNames:: bWFuYWdlcixDaGVm
+attributeDisplayNames:: bWFpbCxFLXBvc3RhZHJlc3M=
+attributeDisplayNames:: bCxPcnQ=
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSVNETi1udW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: aW5mbyxLb21tZW50YXJlcg==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzLCBoZW0=
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24sIGhlbQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEbDtnJuYW1u
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYW1uc3VmZml4
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnN0w6RsbG5pbmdzLUlE
+attributeDisplayNames:: ZGl2aXNpb24sQXZkZWxuaW5n
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsVW5pa3QgbmFtbg==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzbmluZ3NuYW1u
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxVbmRlcnN0w6RsbGRh
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3Jpdm5pbmc=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBdmRlbG5pbmc=
+attributeDisplayNames:: Y29tcGFueSxPcmdhbmlzYXRpb24=
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y24sTmFtbg==
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kc2bDtnJrb3J0bmluZw==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainPolicy-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9tw6RucHJpbmNpcA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Lokal princip
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Delad mapp
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxOw6R0dmVya3Nzw7ZrdsOkZw==
+attributeDisplayNames:: a2V5d29yZHMsTnlja2Vsb3Jk
+attributeDisplayNames:: bWFuYWdlZEJ5LEhhbnRlcmFkIGF2
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3Jpdm5pbmc=
+attributeDisplayNames:: Y24sTmFtbg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VGrDpG5zdA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Dator
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmV0aXNrdCB2aXNuaW5nc25hbW4=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsRGF0b3JuYW1uIChmw7ZyZSBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixPcGVyYXRpdnN5c3RlbXZlcnNpb24=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLE9wZXJhdGl2c3lzdGVt
+attributeDisplayNames:: bWFuYWdlZEJ5LEhhbnRlcmFkIGF2
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3Jpdm5pbmc=
+attributeDisplayNames:: Y24sTmFtbg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Skrivare
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixPYmpla3R2ZXJzaW9u
+attributeDisplayNames:: dXJsLFdlYmJzaWRlc2FkcmVzcw==
+attributeDisplayNames:: c2VydmVyTmFtZSxTZXJ2ZXJuYW1u
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxTdMO2ZGVyIGjDpGZ0bmluZw==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsUmVzdXJzbmFtbg==
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxTaWRvciBwZXIgbWludXQ=
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxFbmhldGVyIGbDtnIgaGFzdGlnaGV0
+attributeDisplayNames:: cHJpbnRSYXRlLEhhc3RpZ2hldA==
+attributeDisplayNames:: cHJpbnRPd25lcixOYW1uIHDDpSDDpGdhcmU=
+attributeDisplayNames:: cHJpbnRNZW1vcnksSW5zdGFsbGVyYXQgbWlubmU=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxQYXBwZXJzdHlwZXIgc29tIHN0w7Zkcw==
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFRpbGxnw6RuZ2xpZ2EgcGFwcGVy
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLE1heGltYWwgdXBwbMO2c25pbmc=
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxTa3JpdmFyc3Byw6Vr
+attributeDisplayNames:: cHJpbnRlck5hbWUsTmFtbg==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsU3TDtmRlciBkdWJiZWxzaWRpZyB1dHNrcmlmdA==
+attributeDisplayNames:: cHJpbnRDb2xvcixTdMO2ZGVyIGbDpHJndXRza3JpZnQ=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFN0w7ZkZXIgc29ydGVyaW5n
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxJbm1hdG5pbmdzZmFjaw==
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydA==
+attributeDisplayNames:: bG9jYXRpb24sU2tyaXZhcmVucyBwbGF0cw==
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbGw=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS29tbWVudGFy
+attributeDisplayNames:: Y29udGFjdE5hbWUsS29udGFrdA==
+attributeDisplayNames:: YXNzZXROdW1iZXIsSW52ZW50YXJpZW51bW1lcg==
+attributeDisplayNames:: dU5DTmFtZSxOw6R0dmVya3NuYW1u
+attributeDisplayNames:: Y24sS2F0YWxvZ3Rqw6Ruc3RuYW1u
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Plats
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: SW5zdMOkbGxuaW5nYXI=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTLWluc3TDpGxsbmluZ2Fy
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTLXJlcGxpa3VwcHPDpHR0bmluZw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: SW5zdMOkbGxuaW5nYXIgZsO2ciBkb23DpG5rb250cm9sbGFudA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Anslutning
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: VW5kZXJuw6R0
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Organisationsenhet
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: managedBy,Hanterad av
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: ou,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: QmVow6VsbGFyZQ==
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: QmV0cm9kZCBkb23DpG4=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uZXRpc2sgYXZkZWxuaW5nLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbmV0aXNrdCBmw7ZyZXRhZ3NuYW1uLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLEZvbmV0aXNrdCBlZnRlcm5hbW4sMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSxGb25ldGlza3QgZsO2cm5hbW4sMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmV0aXNrdCB2aXNuaW5nc25hbW4sMCwxMDAsMA==
+extraColumns:: cG9zdGFsQ29kZSxQb3N0bnVtbWVyLDAsMTAwLDA=
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAtZS1wb3N0YWRyZXNzLDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsQW52w6RuZGFyZW5zIGlubG9nZ25pbmdzbmFtbiwwLDIwMCww
+extraColumns:: dGl0bGUsQmVmYXR0bmluZywwLDEwMCww
+extraColumns:: dGFyZ2V0QWRkcmVzcyxNw6VsYWRyZXNzLDAsMTAwLDA=
+extraColumns:: c3QsVGlsbHN0w6VuZCwwLDEwMCww
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9yLDAsMTAwLDA=
+extraColumns:: d2hlbkNoYW5nZWQsw4RuZHJhZCwwLDEzMCww
+extraColumns:: c24sRWZ0ZXJuYW1uLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMIGbDtnIgc25hYmJtZWRkZWxhbmRlbiwwLDE0MCww
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxIZW1zZXJ2ZXIgZsO2ciBzbmFiYm1lZGRlbGFuZGVuLDAsMTcwLDA=
+extraColumns:: Z2l2ZW5OYW1lLEbDtnJuYW1uLDAsMTAwLDA=
+extraColumns:: aG9tZU1EQixFeGNoYW5nZS1wb3N0bMOlZGVzYXJraXYsMCwxMDAsMA==
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlLWFsaWFzLDAsMTc1LDA=
+extraColumns:: bWFpbCxFLXBvc3RhZHJlc3MsMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsSW5sb2dnbmluZ3NuYW1uIChmw7ZyZSBXaW5kb3dzIDIwMDApLDAsMTIwLDA=
+extraColumns:: ZGlzcGxheU5hbWUsVmlzbmluZ3NuYW1uLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCxBdmRlbG5pbmcsMCwxNTAsMA==
+extraColumns:: YyxMYW5kLDAsLTEsMA==
+extraColumns:: Y29tcGFueSxPcmdhbmlzYXRpb24sMCwxNTAsMA==
+extraColumns:: bCxPcnQsMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLFRlbGVmb24sIGFyYmV0ZSwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UGxhdHNsw6Ruaw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UGxhdHNsw6Rua2JyeWdnYQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Transport mellan platser
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: UGxhdHNpbnN0w6RsbG5pbmdhciBmw7ZyIGxpY2Vuc2llcmluZw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: UGxhdHNpbnN0w6RsbG5pbmdhcg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-medlem
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-prenumerant
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-prenumerationer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UlBDLXRqw6Ruc3Rlcg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUS1rw7Y=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-konfiguration
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUS1mw7ZyZXRhZw==
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUS11cHBncmFkZXJhZCBhbnbDpG5kYXJl
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUS1yb3V0bmluZ2zDpG5r
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUS1pbnN0w6RsbG5pbmdhcg==
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUS1rw7ZhbGlhcw==
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Formatnamn
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: MSMQ-grupp
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLE1lZGxlbXNrw7Zlcg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3Jpdm5pbmc=
+attributeDisplayNames:: Y24sTmFtbg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: VGrDpG5zdGVuIFJlbW90ZSBTdG9yYWdl
+adminContextMenu: 0,&Hantera...,RsAdmin.msc
+attributeDisplayNames: cn,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVow6VsbGFyZSBmw7ZyIHBsYXRzZXI=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVow6VsbGFyZSBmw7ZyIHRyYW5zcG9ydGVyIG1lbGxhbiBwbGF0c2Vy
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVow6VsbGFyZSBmw7ZyIHVuZGVybsOkdA==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVow6VsbGFyZSBmw7ZyIHNlcnZyYXI=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Active Directory Domain Services
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: RnLDpWdlcHJpbmNpcA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: RXh0ZXJudCBzw6RrZXJoZXRzb2JqZWt0
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Certifikatmall
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivning
+attributeDisplayNames: cn,Namn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LFNlbmFzdCBrw6RuZGEgw7Z2ZXJvcmRuYWQsMSwzMDAsMA==
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=41D,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+attributeDisplayNames:: Y24sTmFtbg==
+attributeDisplayNames:: YyxMYW5kc2bDtnJrb3J0bmluZw==
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y29tcGFueSxPcmdhbmlzYXRpb24=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBdmRlbG5pbmc=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3Jpdm5pbmc=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxVbmRlcnN0w6RsbGRh
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsVW5pa3QgbmFtbg==
+attributeDisplayNames:: ZGl2aXNpb24sQXZkZWxuaW5n
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnN0w6RsbG5pbmdzLUlE
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYW1uc3VmZml4
+attributeDisplayNames:: Z2l2ZW5OYW1lLEbDtnJuYW1u
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxBcmJldHNtYXBw
+attributeDisplayNames:: aG9tZURyaXZlLEFyYmV0c2VuaGV0
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24sIGhlbQ==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzLCBoZW0=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSVNETi1udW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: bCxPcnQ=
+attributeDisplayNames:: bWFpbCxFLXBvc3RhZHJlc3M=
+attributeDisplayNames:: bWFuYWdlcixDaGVm
+attributeDisplayNames:: bWVtYmVyT2YsTWVkbGVtIGk=
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsYW5uYW1u
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uZXRpc2sgYXZkZWxuaW5n
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbmV0aXNrdCBmw7ZyZXRhZ3NuYW1u
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmV0aXNrdCB2aXNuaW5nc25hbW4=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEZvbmV0aXNrdCBlZnRlcm5hbW4=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxGb25ldGlza3QgZsO2cm5hbW4=
+attributeDisplayNames:: aW5mbyxLb21tZW50YXJlcg==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgaGVtIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtcG9zdGFkcmVzcyAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7ZrYXJudW1tZXIgKGFsdGVybmF0aXYp
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm51bW1lciAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O2a2FybnVtbWVy
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRlbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQXJiZXRzcGxhdHM=
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxCb3g=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLElTRE4tbnVtbWVy
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4LW51bW1lcg==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsSW5sb2dnbmluZ3NuYW1uIChmw7ZyZSBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: c24sRWZ0ZXJuYW1u
+attributeDisplayNames:: c3QsUmVnaW9u
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxHYXR1YWRyZXNz
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXgtbnVtbWVyIChhbHRlcm5hdGl2KQ==
+attributeDisplayNames:: dGl0bGUsQmVmYXR0bmluZw==
+attributeDisplayNames:: dXJsLFdlYmJzaWRlc2FkcmVzcyAoYWx0ZXJuYXRpdik=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzbmluZ3NuYW1u
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxJbmxvZ2duaW5nc2FyYmV0c3N0YXRpb25lcg==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsSW5sb2dnbmluZ3NuYW1u
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViYnNpZGVzYWRyZXNz
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Gruppo IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: Servizio IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Utente
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsSW5kaXJpenpvIHBhZ2luYSBXZWI=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBkaSBhY2Nlc3Nv
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxXb3Jrc3RhdGlvbiBkaSBhY2Nlc3Nv
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tZSB2aXN1YWxpenphdG8=
+attributeDisplayNames:: dXJsLEluZGlyaXp6byBwYWdpbmEgV2ViIChhbHRyaSk=
+attributeDisplayNames:: dGl0bGUsUG9zaXppb25l
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtZXJvIHRlbGV4IChhbHRyaSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bWVybyBkaSB0ZWxlZm9ubw==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxWaWEgZSBudW1lcm8gY2l2aWNv
+attributeDisplayNames:: c3QsUHJvdmluY2lh
+attributeDisplayNames:: c24sQ29nbm9tZQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkaSBhY2Nlc3NvIChwcmVjZWRlbnRlIGEgV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bWVybyB0ZWxleA==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE51bWVybyBJU0ROIGludGVybmF6aW9uYWxl
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxDYXNlbGxhIHBvc3RhbGU=
+attributeDisplayNames:: cG9zdGFsQ29kZSxDQVA=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWZmaWNpbw==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRvbG8=
+attributeDisplayNames:: cGFnZXIsTnVtZXJvIGNlcmNhcGVyc29uZQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtZXJvIGRpIHRlbGVmb25vIChhbHRyaSk=
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW1lcm8gY2VyY2FwZXJzb25lIChhbHRyaSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtZXJvIGNlbGx1bGFyZSAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEluZGlyaXp6byBwb3N0YSBlbGV0dHJvbmljYSAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bWVybyBkaSB0ZWxlZm9ubyBJUCAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtZXJvIGRpIHRlbGVmb25vIGFiaXRhemlvbmUgKGFsdHJpKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtZXJvIGZheCAoYWx0cmkp
+attributeDisplayNames:: aW5mbyxOb3Rl
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsUmVwYXJ0byAoZm9uZXRpY28p
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLE5vbWUgc29jaWV0w6AgKGZvbmV0aWNvKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbWUgdmlzdWFsaXp6YXRvIChmb25ldGljbyk=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLENvZ25vbWUgKGZvbmV0aWNvKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxOb21lIChmb25ldGljbyk=
+attributeDisplayNames:: bW9iaWxlLE51bWVybyBjZWxsdWxhcmU=
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWNvbmRvIG5vbWU=
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJvIGRp
+attributeDisplayNames:: bWFuYWdlcixNYW5hZ2Vy
+attributeDisplayNames:: bWFpbCxJbmRpcml6em8gcG9zdGEgZWxldHRyb25pY2E=
+attributeDisplayNames:: bCxDaXR0w6A=
+attributeDisplayNames:: aXBQaG9uZSxOdW1lcm8gZGkgdGVsZWZvbm8gSVA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTnVtZXJvIElTRE4gaW50ZXJuYXppb25hbGUgKGFsdHJpKQ==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pemlhbGk=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsSW5kaXJpenpvIChhYi4p
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25vIChhYi4p
+attributeDisplayNames:: aG9tZURyaXZlLFVuaXTDoCBob21l
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxIb21lIGRpcmVjdG9yeQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLE5vbWU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZmaXNzbyBnZW5lcmF6aW9uYWxl
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bWVybyBmYXg=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJRCBkaXBlbmRlbnRl
+attributeDisplayNames:: ZGl2aXNpb24sRGlwYXJ0aW1lbnRv
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBkaXN0aW50bw==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxTdWJhbHRlcm5p
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpemlvbmU=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxSZXBhcnRv
+attributeDisplayNames:: Y29tcGFueSxTb2NpZXTDoA==
+attributeDisplayNames:: Y29tbWVudCxDb21tZW50bw==
+attributeDisplayNames:: Y28sUGFlc2U=
+attributeDisplayNames:: YyxBYmJyZXZpYXppb25lIHBhZXNl
+attributeDisplayNames:: Y24sTm9tZQ==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Gruppo
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsSW5kaXJpenpvIHBhZ2luYSBXZWI=
+attributeDisplayNames:: dXJsLEluZGlyaXp6byBwYWdpbmEgV2ViIChhbHRyaSk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBncnVwcG8gKHByZWNlZGVudGUgYSBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWZmaWNpbw==
+attributeDisplayNames:: aW5mbyxOb3Rl
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbWUgdmlzdWFsaXp6YXRvIChmb25ldGljbyk=
+attributeDisplayNames:: bWVtYmVyLE1lbWJyaQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LEdlc3RpdG8gZGE=
+attributeDisplayNames:: bCxDaXR0w6A=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBkaXN0aW50bw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpemlvbmU=
+attributeDisplayNames:: YyxBYmJyZXZpYXppb25lIHBhZXNl
+attributeDisplayNames:: Y24sTm9tZQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Dominio
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: dc,Nome
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contatto
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsSW5kaXJpenpvIHBhZ2luYSBXZWI=
+attributeDisplayNames:: dXJsLEluZGlyaXp6byBwYWdpbmEgV2ViIChhbHRyaSk=
+attributeDisplayNames:: dGl0bGUsUG9zaXppb25l
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtZXJvIHRlbGV4IChhbHRyaSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bWVybyBkaSB0ZWxlZm9ubw==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxWaWEgZSBudW1lcm8gY2l2aWNv
+attributeDisplayNames:: c3QsUHJvdmluY2lh
+attributeDisplayNames:: c24sQ29nbm9tZQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bWVybyB0ZWxleA==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE51bWVybyBJU0ROIGludGVybmF6aW9uYWxl
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxDYXNlbGxhIHBvc3RhbGU=
+attributeDisplayNames:: cG9zdGFsQ29kZSxDQVA=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWZmaWNpbw==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRvbG8=
+attributeDisplayNames:: cGFnZXIsTnVtZXJvIGNlcmNhcGVyc29uZQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtZXJvIGRpIHRlbGVmb25vIChhbHRyaSk=
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW1lcm8gY2VyY2FwZXJzb25lIChhbHRyaSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtZXJvIGNlbGx1bGFyZSAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEluZGlyaXp6byBwb3N0YSBlbGV0dHJvbmljYSAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bWVybyBkaSB0ZWxlZm9ubyBJUCAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtZXJvIGRpIHRlbGVmb25vIGFiaXRhemlvbmUgKGFsdHJpKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtZXJvIGZheCAoYWx0cmkp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsUmVwYXJ0byAoZm9uZXRpY28p
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLE5vbWUgc29jaWV0w6AgKGZvbmV0aWNvKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbWUgdmlzdWFsaXp6YXRvIChmb25ldGljbyk=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLENvZ25vbWUgKGZvbmV0aWNvKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxOb21lIChmb25ldGljbyk=
+attributeDisplayNames:: bW9iaWxlLE51bWVybyBjZWxsdWxhcmU=
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWNvbmRvIG5vbWU=
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJvIGRp
+attributeDisplayNames:: bWFuYWdlcixNYW5hZ2Vy
+attributeDisplayNames:: bWFpbCxJbmRpcml6em8gcG9zdGEgZWxldHRyb25pY2E=
+attributeDisplayNames:: bCxDaXR0w6A=
+attributeDisplayNames:: aXBQaG9uZSxOdW1lcm8gZGkgdGVsZWZvbm8gSVA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTnVtZXJvIElTRE4gaW50ZXJuYXppb25hbGUgKGFsdHJpKQ==
+attributeDisplayNames:: aW5mbyxOb3Rl
+attributeDisplayNames:: aW5pdGlhbHMsSW5pemlhbGk=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsSW5kaXJpenpvIChhYi4p
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25vIChhYi4p
+attributeDisplayNames:: Z2l2ZW5OYW1lLE5vbWU=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZmaXNzbyBnZW5lcmF6aW9uYWxl
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bWVybyBmYXg=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJRCBkaXBlbmRlbnRl
+attributeDisplayNames:: ZGl2aXNpb24sRGlwYXJ0aW1lbnRv
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBkaXN0aW50bw==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tZSB2aXN1YWxpenphdG8=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxTdWJhbHRlcm5p
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpemlvbmU=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxSZXBhcnRv
+attributeDisplayNames:: Y29tcGFueSxTb2NpZXTDoA==
+attributeDisplayNames:: Y29tbWVudCxDb21tZW50bw==
+attributeDisplayNames:: Y24sTm9tZQ==
+attributeDisplayNames:: Y28sUGFlc2U=
+attributeDisplayNames:: YyxBYmJyZXZpYXppb25lIHBhZXNl
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainPolicy-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Criteri dominio
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Criteri locali
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Cartella condivisa
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: uNCName,Percorso di rete
+attributeDisplayNames: keywords,Parole chiave
+attributeDisplayNames: managedBy,Gestito da
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Servizio
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Computer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: MSDS-PhoneticDisplayName,Nome visualizzato (fonetico)
+attributeDisplayNames: samAccountName,Nome computer (precedente a Windows 2000)
+attributeDisplayNames: operatingSystemVersion,Versione sistema operativo
+attributeDisplayNames: operatingSystem,Sistema operativo
+attributeDisplayNames: managedBy,Gestito da
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Stampante
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixWZXJzaW9uZSBvZ2dldHRv
+attributeDisplayNames:: dXJsLEluZGlyaXp6byBwYWdpbmEgV2Vi
+attributeDisplayNames:: c2VydmVyTmFtZSxOb21lIHNlcnZlcg==
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxTdXBwb3J0YSBsYSBncmFmZmF0dXJh
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTm9tZSBjb25kaXZpc2lvbmU=
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxQYWdpbmUgYWwgbWludXRv
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxVbml0w6AgdmVsb2NpdMOg
+attributeDisplayNames:: cHJpbnRSYXRlLFZlbG9jaXTDoA==
+attributeDisplayNames:: cHJpbnRPd25lcixOb21lIHByb3ByaWV0YXJpbw==
+attributeDisplayNames:: cHJpbnRNZW1vcnksTWVtb3JpYSBpbnN0YWxsYXRh
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxUaXBpIGRpIGNhcnRhIHN1cHBvcnRhdGk=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LENhcnRhIGRpc3BvbmliaWxl
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLFJpc29sdXppb25lIG1hc3NpbWE=
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxMaW5ndWFnZ2lvIHN0YW1wYW50ZQ==
+attributeDisplayNames:: cHJpbnRlck5hbWUsTm9tZQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsU3VwcG9ydGEgbGEgc3RhbXBhIGZyb250ZS1yZXRybw==
+attributeDisplayNames:: cHJpbnRDb2xvcixTdXBwb3J0YSBsYSBzdGFtcGEgYSBjb2xvcmk=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFN1cHBvcnRhIGxhIGZhc2NpY29sYXppb25l
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxDYXNzZXR0aSBkaSBpbnB1dA==
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydGE=
+attributeDisplayNames:: bG9jYXRpb24sUG9zaXppb25l
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbGxv
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQ29tbWVudG8=
+attributeDisplayNames:: Y29udGFjdE5hbWUsQ29udGF0dG8=
+attributeDisplayNames:: YXNzZXROdW1iZXIsTnVtZXJvIGFzc2V0
+attributeDisplayNames:: dU5DTmFtZSxOb21lIHJldGU=
+attributeDisplayNames:: Y24sTm9tZSBzZXJ2aXppbyBkaXJlY3Rvcnk=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Sito
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Impostazioni
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Impostazioni FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Set di repliche FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Impostazioni controller di dominio
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Connessione
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Subnet
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VW5pdMOgIG9yZ2FuaXp6YXRpdmE=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: managedBy,Gestito da
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: ou,Nome
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contenitore
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Dominio trusted
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQsUmVwYXJ0byAoZm9uZXRpY28pLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLE5vbWUgc29jaWV0w6AgKGZvbmV0aWNvKSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLENvZ25vbWUgKGZvbmV0aWNvKSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSxOb21lIChmb25ldGljbyksMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbWUgdmlzdWFsaXp6YXRvIChmb25ldGljbyksMCwxMDAsMA==
+extraColumns:: cG9zdGFsQ29kZSxDQVAsMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsSW5kaXJpenpvIHBvc3RhIGVsZXR0cm9uaWNhIFguNDAwLDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBhY2Nlc3NvIHV0ZW50ZSwwLDIwMCww
+extraColumns:: dGl0bGUsUG9zaXppb25lLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyxJbmRpcml6em8gZGkgZGVzdGluYXppb25lLDAsMTAwLDA=
+extraColumns:: c3QsU3RhdG8sMCwxMDAsMA==
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWZmaWNpbywwLDEwMCww
+extraColumns:: d2hlbkNoYW5nZWQsVWx0aW1hIG1vZGlmaWNhLDAsMTMwLDA=
+extraColumns:: c24sQ29nbm9tZSwwLDEwMCww
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMIG1lc3NhZ2dpc3RpY2EgaW1tZWRpYXRhLDAsMTQwLDA=
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxIb21lIHNlcnZlciBtZXNzYWdnaXN0aWNhIGltbWVkaWF0YSwwLDE3MCww
+extraColumns:: Z2l2ZW5OYW1lLE5vbWUsMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixBcmNoaXZpbyBjYXNzZXR0ZSBwb3N0YWxpIEV4Y2hhbmdlLDAsMTAwLDA=
+extraColumns:: bWFpbE5pY2tuYW1lLEFsaWFzIEV4Y2hhbmdlLDAsMTc1LDA=
+extraColumns:: bWFpbCxJbmRpcml6em8gcG9zdGEgZWxldHRyb25pY2EsMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsTm9tZSBkaSBhY2Nlc3NvIHByZWNlZGVudGUgYSBXaW5kb3dzIDIwMDAsMCwxMjAsMA==
+extraColumns:: ZGlzcGxheU5hbWUsTm9tZSB2aXN1YWxpenphdG8sMCwxMDAsMA==
+extraColumns:: ZGVwYXJ0bWVudCxSZXBhcnRvLDAsMTUwLDA=
+extraColumns:: YyxQYWVzZSwwLC0xLDA=
+extraColumns:: Y29tcGFueSxTb2NpZXTDoCwwLDE1MCww
+extraColumns:: bCxDaXR0w6AsMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25vICh1ZmYuKSwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Collegamento di sito
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Bridge collegamento di sito
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Trasporto tra siti
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Impostazioni sito gestione licenze
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName: Impostazioni sito
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Membro FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Sottoscrittore FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Sottoscrizioni FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Servizi RPC
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: Coda MSMQ
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: Configurazione MSMQ
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ Enterprise
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName: Utente aggiornato MSMQ
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: Collegamento routing MSMQ
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName: Impostazioni MSMQ
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: Alias coda MSMQ
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Nome formato
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: Gruppo MSMQ
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames: member,Code membri
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Servizio di archiviazione remota
+adminContextMenu: 0,&Gestisci...,RsAdmin.msc
+attributeDisplayNames: cn,Nome
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenitore siti
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenitore trasporti tra siti
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenitore subnet
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Contenitore server
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Servizi di dominio Active Directory
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Criteri query
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: RW50aXTDoCBkaSBwcm90ZXppb25lIGVzdGVybmE=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Modello di certificato
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Descrizione
+attributeDisplayNames: cn,Nome
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns: lastKnownParent,Ultimo padre noto,1,300,0
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=410,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudGU=
+attributeDisplayNames:: Y24sTm9tZQ==
+attributeDisplayNames:: YyxBYmJyZXZpYXppb25lIHBhZXNl
+attributeDisplayNames:: Y28sUGFlc2U=
+attributeDisplayNames:: Y29tbWVudCxDb21tZW50bw==
+attributeDisplayNames:: Y29tcGFueSxTb2NpZXTDoA==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxSZXBhcnRv
+attributeDisplayNames:: ZGVzY3JpcHRpb24sRGVzY3JpemlvbmU=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxTdWJhbHRlcm5p
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTm9tZSBkaXN0aW50bw==
+attributeDisplayNames:: ZGl2aXNpb24sRGlwYXJ0aW1lbnRv
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJRCBkaXBlbmRlbnRl
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bWVybyBmYXg=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZmaXNzbyBnZW5lcmF6aW9uYWxl
+attributeDisplayNames:: Z2l2ZW5OYW1lLE5vbWU=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxIb21lIGRpcmVjdG9yeQ==
+attributeDisplayNames:: aG9tZURyaXZlLFVuaXTDoCBob21l
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb25vIChhYi4p
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsSW5kaXJpenpvIChhYi4p
+attributeDisplayNames:: aW5pdGlhbHMsSW5pemlhbGk=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTnVtZXJvIElTRE4gaW50ZXJuYXppb25hbGUgKGFsdHJpKQ==
+attributeDisplayNames:: aXBQaG9uZSxOdW1lcm8gZGkgdGVsZWZvbm8gSVA=
+attributeDisplayNames:: bCxDaXR0w6A=
+attributeDisplayNames:: bWFpbCxJbmRpcml6em8gcG9zdGEgZWxldHRyb25pY2E=
+attributeDisplayNames:: bWFuYWdlcixNYW5hZ2Vy
+attributeDisplayNames:: bWVtYmVyT2YsTWVtYnJvIGRp
+attributeDisplayNames:: bWlkZGxlTmFtZSxTZWNvbmRvIG5vbWU=
+attributeDisplayNames:: bW9iaWxlLE51bWVybyBjZWxsdWxhcmU=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsUmVwYXJ0byAoZm9uZXRpY28p
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLE5vbWUgc29jaWV0w6AgKGZvbmV0aWNvKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLE5vbWUgdmlzdWFsaXp6YXRvIChmb25ldGljbyk=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLENvZ25vbWUgKGZvbmV0aWNvKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxOb21lIChmb25ldGljbyk=
+attributeDisplayNames:: aW5mbyxOb3Rl
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtZXJvIGZheCAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm8gYWJpdGF6aW9uZSAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bWVybyBkaSB0ZWxlZm9ubyBJUCAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEluZGlyaXp6byBwb3N0YSBlbGV0dHJvbmljYSAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtZXJvIGNlbGx1bGFyZSAoYWx0cmkp
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW1lcm8gY2VyY2FwZXJzb25lIChhbHRyaSk=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtZXJvIGRpIHRlbGVmb25vIChhbHRyaSk=
+attributeDisplayNames:: cGFnZXIsTnVtZXJvIGNlcmNhcGVyc29uZQ==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRvbG8=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVWZmaWNpbw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxDQVA=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxDYXNlbGxhIHBvc3RhbGU=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE51bWVybyBJU0ROIGludGVybmF6aW9uYWxl
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bWVybyB0ZWxleA==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTm9tZSBkaSBhY2Nlc3NvIChwcmVjZWRlbnRlIGEgV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: c24sQ29nbm9tZQ==
+attributeDisplayNames:: c3QsUHJvdmluY2lh
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxWaWEgZSBudW1lcm8gY2l2aWNv
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bWVybyBkaSB0ZWxlZm9ubw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtZXJvIHRlbGV4IChhbHRyaSk=
+attributeDisplayNames:: dGl0bGUsUG9zaXppb25l
+attributeDisplayNames:: dXJsLEluZGlyaXp6byBwYWdpbmEgV2ViIChhbHRyaSk=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTm9tZSB2aXN1YWxpenphdG8=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxXb3Jrc3RhdGlvbiBkaSBhY2Nlc3Nv
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTm9tZSBkaSBhY2Nlc3Nv
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsSW5kaXJpenpvIHBhZ2luYSBXZWI=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Skupina IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: U2x1xb5iYSBJbnRlbGxpTWlycm9y
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VcW+aXZhdGVs
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNhIHN0csOhbmt5IFdXVw==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsUMWZaWhsYcWhb3ZhY8OtIGptw6lubw==
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxQxZlpaGxhxaFvdmFjw60gcHJhY292bsOtIHN0YW5pY2U=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsWm9icmF6b3ZhbsO9IG7DoXpldg==
+attributeDisplayNames:: dXJsLFdlYm92w6EgYWRyZXNhIChvc3RhdG7DrSk=
+attributeDisplayNames:: dGl0bGUsRnVua2Nl
+attributeDisplayNames:: dGVsZXhOdW1iZXIsRMOhbG5vcGlzIChvc3RhdG7DrSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25uw60gxI3DrXNsbw==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc2E=
+attributeDisplayNames:: c3QsT2tyZXM=
+attributeDisplayNames:: c24sUMWZw61qbWVuw60=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsUMWZaWhsYcWhb3ZhY8OtIGptw6lubyAocHJvIHN5c3TDqW15IHN0YXLFocOtIG5lxb4gV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLETDoWxub3Bpcw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE1lemluw6Fyb2Ruw60gxI3DrXNsbyBJU0RO
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb8WhdG92bsOtIHDFmWlocsOhZGth
+attributeDisplayNames:: cG9zdGFsQ29kZSxQU8SM
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVW3DrXN0xJtuw60gcHJhY292acWhdMSb
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxOw6F6ZXY=
+attributeDisplayNames:: cGFnZXIsxIzDrXNsbyBvcGVyw6F0b3J1
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm7DrSDEjcOtc2xvIChvc3RhdG7DrSk=
+attributeDisplayNames:: b3RoZXJQYWdlcizEjMOtc2xvIG9wZXLDoXRvcnUgKG9zdGF0bsOtKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWxuw60gdGVsZWZvbiAob3N0YXRuw60p
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtbWFpbG92w6EgYWRyZXNhIChvc3RhdG7DrSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLFRlbGVmb25uw60gxI3DrXNsbyBJUCAob3N0YXRuw60p
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbiBkb23FryAob3N0YXRuw60p
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4b3bDqSDEjcOtc2xvIChvc3RhdG7DrSk=
+attributeDisplayNames:: aW5mbyxQb3puw6Fta3k=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsT2RkxJtsZW7DrSBmb25ldGlja3k=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLE7DoXpldiBzcG9sZcSNbm9zdGkgZm9uZXRpY2t5
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLFpvYnJhem92YW7DvSBuw6F6ZXYgZm9uZXRpY2t5
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLFDFmcOtam1lbsOtIGZvbmV0aWNreQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxKbcOpbm8gZm9uZXRpY2t5
+attributeDisplayNames:: bW9iaWxlLE1vYmlsbsOtIHRlbGVmb24=
+attributeDisplayNames:: bWlkZGxlTmFtZSwyLiBrxZllc3Ruw60gam3DqW5v
+attributeDisplayNames:: bWVtYmVyT2YsSmUgxI1sZW5lbQ==
+attributeDisplayNames:: bWFuYWdlcixOYWTFmcOtemVuw70=
+attributeDisplayNames:: bWFpbCxFLW1haWxvdsOhIGFkcmVzYQ==
+attributeDisplayNames:: bCxNxJtzdG8=
+attributeDisplayNames:: aXBQaG9uZSxUZWxlZm9ubsOtIMSNw61zbG8gSVA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTWV6aW7DoXJvZG7DrSDEjcOtc2xvIElTRE4gKG9zdGF0bsOtKQ==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2nDoWx5IGRhbMWhw61jaCBqbWVu
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNhIGRvbcWv
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gKGRvbcWvKQ==
+attributeDisplayNames:: aG9tZURyaXZlLERvbW92c2vDoSBqZWRub3RrYQ==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxEb21vdnNrw6Egc2xvxb5rYQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEptw6lubw==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixQxZnDrXBvbmEgemEgam3DqW5lbQ==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG92w6kgxI3DrXNsbw==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZGVudGlmaWthxI1uw60gxI3DrXNsbyB6YW3Em3N0bmFuY2U=
+attributeDisplayNames:: ZGl2aXNpb24sT2RkxJtsZW7DrQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsUm96bGnFoXVqw61jw60gbsOhemV2
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxQxZnDrW3DrSBwb2TFmcOtemVuw60=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPZGTEm2xlbsOt
+attributeDisplayNames:: Y29tcGFueSxTcG9sZcSNbm9zdA==
+attributeDisplayNames:: Y29tbWVudCxLb21lbnTDocWZ
+attributeDisplayNames:: Y28sWmVtxJs=
+attributeDisplayNames:: Yyxaa3JhdGthIHplbcSb
+attributeDisplayNames:: Y24sSm3DqW5v
+attributeDisplayNames:: YXNzaXN0YW50LEFzaXN0ZW50
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Skupina
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNhIHN0csOhbmt5IFdXVw==
+attributeDisplayNames:: dXJsLFdlYm92w6EgYWRyZXNhIChvc3RhdG7DrSk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTsOhemV2IHNrdXBpbnkgKHBybyBzeXN0w6lteSBzdGFyxaHDrSBuZcW+IFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVW3DrXN0xJtuw60gcHJhY292acWhdMSb
+attributeDisplayNames:: aW5mbyxQb3puw6Fta3k=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLFpvYnJhem92YW7DvSBuw6F6ZXYgZm9uZXRpY2t5
+attributeDisplayNames:: bWVtYmVyLMSMbGVub3bDqQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LFNwcsOhdmNlIG9iamVrdHU=
+attributeDisplayNames:: bCxNxJtzdG8=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsUm96bGnFoXVqw61jw60gbsOhemV2
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Yyxaa3JhdGthIHplbcSb
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9tw6luYQ==
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: ZGMsSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Kontakt
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNhIHN0csOhbmt5IFdXVw==
+attributeDisplayNames:: dXJsLFdlYm92w6EgYWRyZXNhIChvc3RhdG7DrSk=
+attributeDisplayNames:: dGl0bGUsRnVua2Nl
+attributeDisplayNames:: dGVsZXhOdW1iZXIsRMOhbG5vcGlzIChvc3RhdG7DrSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25uw60gxI3DrXNsbw==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc2E=
+attributeDisplayNames:: c3QsT2tyZXM=
+attributeDisplayNames:: c24sUMWZw61qbWVuw60=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLETDoWxub3Bpcw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE1lemluw6Fyb2Ruw60gxI3DrXNsbyBJU0RO
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb8WhdG92bsOtIHDFmWlocsOhZGth
+attributeDisplayNames:: cG9zdGFsQ29kZSxQU8SM
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVW3DrXN0xJtuw60gcHJhY292acWhdMSb
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxOw6F6ZXY=
+attributeDisplayNames:: cGFnZXIsxIzDrXNsbyBvcGVyw6F0b3J1
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm7DrSDEjcOtc2xvIChvc3RhdG7DrSk=
+attributeDisplayNames:: b3RoZXJQYWdlcizEjMOtc2xvIG9wZXLDoXRvcnUgKG9zdGF0bsOtKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWxuw60gdGVsZWZvbiAob3N0YXRuw60p
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtbWFpbG92w6EgYWRyZXNhIChvc3RhdG7DrSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLFRlbGVmb25uw60gxI3DrXNsbyBJUCAob3N0YXRuw60p
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbiBkb23FryAob3N0YXRuw60p
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4b3bDqSDEjcOtc2xvIChvc3RhdG7DrSk=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsT2RkxJtsZW7DrSBmb25ldGlja3k=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLE7DoXpldiBzcG9sZcSNbm9zdGkgZm9uZXRpY2t5
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLFpvYnJhem92YW7DvSBuw6F6ZXYgZm9uZXRpY2t5
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLFDFmcOtam1lbsOtIGZvbmV0aWNreQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxKbcOpbm8gZm9uZXRpY2t5
+attributeDisplayNames:: bW9iaWxlLE1vYmlsbsOtIHRlbGVmb24=
+attributeDisplayNames:: bWlkZGxlTmFtZSwyLiBrxZllc3Ruw60gam3DqW5v
+attributeDisplayNames:: bWVtYmVyT2YsSmUgxI1sZW5lbQ==
+attributeDisplayNames:: bWFuYWdlcixOYWTFmcOtemVuw70=
+attributeDisplayNames:: bWFpbCxFLW1haWxvdsOhIGFkcmVzYQ==
+attributeDisplayNames:: bCxNxJtzdG8=
+attributeDisplayNames:: aXBQaG9uZSxUZWxlZm9ubsOtIMSNw61zbG8gSVA=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTWV6aW7DoXJvZG7DrSDEjcOtc2xvIElTRE4gKG9zdGF0bsOtKQ==
+attributeDisplayNames:: aW5mbyxQb3puw6Fta3k=
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2nDoWx5IGRhbMWhw61jaCBqbWVu
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNhIGRvbcWv
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gKGRvbcWvKQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEptw6lubw==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixQxZnDrXBvbmEgemEgam3DqW5lbQ==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG92w6kgxI3DrXNsbw==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZGVudGlmaWthxI1uw60gxI3DrXNsbyB6YW3Em3N0bmFuY2U=
+attributeDisplayNames:: ZGl2aXNpb24sT2RkxJtsZW7DrQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsUm96bGnFoXVqw61jw60gbsOhemV2
+attributeDisplayNames:: ZGlzcGxheU5hbWUsWm9icmF6b3ZhbsO9IG7DoXpldg==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxQxZnDrW3DrSBwb2TFmcOtemVuw60=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPZGTEm2xlbsOt
+attributeDisplayNames:: Y29tcGFueSxTcG9sZcSNbm9zdA==
+attributeDisplayNames:: Y29tbWVudCxLb21lbnTDocWZ
+attributeDisplayNames:: Y24sSm3DqW5v
+attributeDisplayNames:: Y28sWmVtxJs=
+attributeDisplayNames:: Yyxaa3JhdGthIHplbcSb
+attributeDisplayNames:: YXNzaXN0YW50LEFzaXN0ZW50
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainPolicy-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: WsOhc2FkeSBkb23DqW55
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: TcOtc3Ruw60gesOhc2FkeQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U2TDrWxlbsOhIHNsb8W+a2E=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxTw63FpW92w6EgY2VzdGE=
+attributeDisplayNames:: a2V5d29yZHMsS2zDrcSNb3bDoSBzbG92YQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LFNwcsOhdmNlIG9iamVrdHU=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U2x1xb5iYQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: UG/EjcOtdGHEjQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLFpvYnJhem92YW7DvSBuw6F6ZXYgZm9uZXRpY2t5
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTsOhemV2IHBvxI3DrXRhxI1lIChwcm8gc3lzdMOpbXkgc3RhcsWhw60gbmXFviBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixWZXJ6ZSBvcGVyYcSNbsOtaG8gc3lzdMOpbXU=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLE9wZXJhxI1uw60gc3lzdMOpbQ==
+attributeDisplayNames:: bWFuYWdlZEJ5LFNwcsOhdmNlIG9iamVrdHU=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VGlza8Ohcm5h
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixWZXJ6ZSBvYmpla3R1
+attributeDisplayNames:: dXJsLEFkcmVzYSBzdHLDoW5reSBXV1c=
+attributeDisplayNames:: c2VydmVyTmFtZSxOw6F6ZXYgc2VydmVydQ==
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxQb2Rwb3J1amUgc2XFocOtdsOhbsOt
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTsOhemV2IHNkw61sZW7DqSBwb2xvxb5reQ==
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxTdHLDoW5reSB6YSBtaW51dHU=
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxKZWRub3RreSByeWNobG9zdGk=
+attributeDisplayNames:: cHJpbnRSYXRlLFJ5Y2hsb3N0
+attributeDisplayNames:: cHJpbnRPd25lcixKbcOpbm8gdmxhc3Ruw61rYQ==
+attributeDisplayNames:: cHJpbnRNZW1vcnksSW5zdGFsb3ZhbsOhIHBhbcSbxaU=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxQb2Rwb3JvdmFuw6kgdHlweSBwYXDDrXJ1
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFBhcMOtciBrIGRpc3BvemljaQ==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLE1heGltw6FsbsOtIHJvemxpxaFlbsOt
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxKYXp5ayB0aXNrw6Fybnk=
+attributeDisplayNames:: cHJpbnRlck5hbWUsSm3DqW5v
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsUG9kcG9ydWplIG9ib3VzdHJhbm7DvSB0aXNr
+attributeDisplayNames:: cHJpbnRDb2xvcixQb2Rwb3J1amUgYmFyZXZuw70gdGlzaw==
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFBvZHBvcnVqZSBza2zDoWTDoW7DrQ==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxWc3R1cG7DrSB6w6Fzb2Juw61reQ==
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydA==
+attributeDisplayNames:: bG9jYXRpb24sVW3DrXN0xJtuw60=
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS29tZW50w6HFmQ==
+attributeDisplayNames:: Y29udGFjdE5hbWUsS29udGFrdA==
+attributeDisplayNames:: YXNzZXROdW1iZXIsRXZpZGVuxI1uw60gxI3DrXNsbw==
+attributeDisplayNames:: dU5DTmFtZSxTw63FpW92w70gbsOhemV2
+attributeDisplayNames:: Y24sTsOhemV2IGFkcmVzw6HFmW92w6kgc2x1xb5ieQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: U8OtxaU=
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: TmFzdGF2ZW7DrQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: TmFzdGF2ZW7DrSBzbHXFvmJ5IEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: U2FkYSByZXBsaWsgc2x1xb5ieSBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: TmFzdGF2ZW7DrSDFmWFkacSNZSBkb23DqW55
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: UMWZaXBvamVuw60=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: UG9kc8OtxaU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: T3JnYW5pemHEjW7DrSBqZWRub3RrYQ==
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LFNwcsOhdmNlIG9iamVrdHU=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: b3UsSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Kontejner
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RMWvdsSbcnlob2Ruw6EgZG9tw6luYQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQsT2RkxJtsZW7DrSBmb25ldGlja3ksMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLE7DoXpldiBzcG9sZcSNbm9zdGkgZm9uZXRpY2t5LDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLFDFmcOtam1lbsOtIGZvbmV0aWNreSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSxKbcOpbm8gZm9uZXRpY2t5LDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLFpvYnJhem92YW7DvSBuw6F6ZXYgZm9uZXRpY2t5LDAsMTAwLDA=
+extraColumns:: cG9zdGFsQ29kZSxQU8SMLDAsMTAwLDA=
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsQWRyZXNhIGVsZWt0cm9uaWNrw6kgcG/FoXR5IFguNDAwLDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsUMWZaWhsYcWhb3ZhY8OtIHXFvml2YXRlbHNrw6kgam3DqW5vLDAsMjAwLDA=
+extraColumns:: dGl0bGUsRnVua2NlLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyxDw61sb3bDoSBhZHJlc2EsMCwxMDAsMA==
+extraColumns:: c3QsU3RhdiwwLDEwMCww
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS2FuY2Vsw6HFmSwwLDEwMCww
+extraColumns:: d2hlbkNoYW5nZWQsWm3Em27Em25vLDAsMTMwLDA=
+extraColumns:: c24sUMWZw61qbWVuw60sMCwxMDAsMA==
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsQWRyZXNhIFVSTCBzbHXFvmJ5IHJ5Y2hsw6lobyB6YXPDrWzDoW7DrSB6cHLDoXYsMCwxNDAsMA==
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxEb21vdnNrw70gc2VydmVyIHJ5Y2hsw6lobyB6YXPDrWzDoW7DrSB6cHLDoXYsMCwxNzAsMA==
+extraColumns:: Z2l2ZW5OYW1lLEptw6lubywwLDEwMCww
+extraColumns:: aG9tZU1EQizDmmxvxb5pxaF0xJsgcG/FoXRvdm7DrWNoIHNjaHLDoW5layBhcGxpa2FjZSBFeGNoYW5nZSwwLDEwMCww
+extraColumns:: bWFpbE5pY2tuYW1lLEFsaWFzIGFwbGlrYWNlIEV4Y2hhbmdlLDAsMTc1LDA=
+extraColumns:: bWFpbCxFLW1haWxvdsOhIGFkcmVzYSwwLDEwMCww
+extraColumns:: c0FNQWNjb3VudE5hbWUsUMWZaWhsYcWhb3ZhY8OtIGptw6lubyB6ZSBzdGFyxaHDrSB2ZXJ6ZSBzeXN0w6ltdSBXaW5kb3dzLDAsMTIwLDA=
+extraColumns:: ZGlzcGxheU5hbWUsWm9icmF6b3ZhbsO9IG7DoXpldiwwLDEwMCww
+extraColumns:: ZGVwYXJ0bWVudCxPZGTEm2xlbsOtLDAsMTUwLDA=
+extraColumns:: YyxaZW3EmywwLC0xLDA=
+extraColumns:: Y29tcGFueSxTcG9sZcSNbm9zdCwwLDE1MCww
+extraColumns:: bCxNxJtzdG8sMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLFRlbGVmb24gKHphbS4pLDAsMTAwLDA=
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: U3BvamVuw60gc8OtdMOt
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: TW9zdCBzcG9qZW7DrSBzw610w60=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: UMWZZW5vcyBtZXppIHPDrXTEm21p
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: TmFzdGF2ZW7DrSBsaWNlbmNvdsOhbsOtIHPDrXTEmw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: TmFzdGF2ZW7DrSBzw610xJs=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: xIxsZW4gc2x1xb5ieSBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: w5rEjWFzdG7DrWsgc2x1xb5ieSBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: T2RixJtyeSBzbHXFvmJ5IEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: U2x1xb5ieSBSUEM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: Fronta MSMQ
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: Konfigurace MSMQ
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: Um96bGVobMOhIHPDrcWlIE1TTVE=
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: QWt0dWFsaXpvdmFuw70gdcW+aXZhdGVsIE1TTVE=
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: UHJvcG9qZW7DrSBzbcSbcm92w6Fuw60gZnJvbnR5IE1TTVE=
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TmFzdGF2ZW7DrSBNU01R
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: Alias fronty MSMQ
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSxOw6F6ZXYgZm9ybcOhdHU=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: Skupina MSMQ
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLMSMbGVuc2vDqSBmcm9udHk=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2x1xb5iYSBSZW1vdGUgU3RvcmFnZQ==
+adminContextMenu: 0,&Spravovat...,RsAdmin.msc
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Kontejner lokalit
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: S29udGVqbmVyIG1lemlzw63FpW92w6lobyBwxZllbm9zdQ==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: S29udGVqbmVyIHBvZHPDrXTDrQ==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: S29udGVqbmVyIHNlcnZlcsWv
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2x1xb5iYSBBRCBEUyAoQWN0aXZlIERpcmVjdG9yeSBEb21haW4gU2VydmljZXMp
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: WsOhc2FkeSBkb3Rhem92w6Fuw60=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: Q2l6w60gb2JqZWt0eSB6YWJlenBlxI1lbsOt
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: xaBhYmxvbmEgY2VydGlmaWvDoXR1
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: Y24sSm3DqW5v
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LFBvc2xlZG7DrSB6bsOhbcO9IG5hZMWZYXplbsO9IG9iamVrdCwxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=405,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzaXN0ZW50
+attributeDisplayNames:: Y24sSm3DqW5v
+attributeDisplayNames:: Yyxaa3JhdGthIHplbcSb
+attributeDisplayNames:: Y28sWmVtxJs=
+attributeDisplayNames:: Y29tbWVudCxLb21lbnTDocWZ
+attributeDisplayNames:: Y29tcGFueSxTcG9sZcSNbm9zdA==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPZGTEm2xlbsOt
+attributeDisplayNames:: ZGVzY3JpcHRpb24sUG9waXM=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxQxZnDrW3DrSBwb2TFmcOtemVuw60=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsUm96bGnFoXVqw61jw60gbsOhemV2
+attributeDisplayNames:: ZGl2aXNpb24sT2RkxJtsZW7DrQ==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZGVudGlmaWthxI1uw60gxI3DrXNsbyB6YW3Em3N0bmFuY2U=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG92w6kgxI3DrXNsbw==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixQxZnDrXBvbmEgemEgam3DqW5lbQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEptw6lubw==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxEb21vdnNrw6Egc2xvxb5rYQ==
+attributeDisplayNames:: aG9tZURyaXZlLERvbW92c2vDoSBqZWRub3RrYQ==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gKGRvbcWvKQ==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNhIGRvbcWv
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2nDoWx5IGRhbMWhw61jaCBqbWVu
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTWV6aW7DoXJvZG7DrSDEjcOtc2xvIElTRE4gKG9zdGF0bsOtKQ==
+attributeDisplayNames:: aXBQaG9uZSxUZWxlZm9ubsOtIMSNw61zbG8gSVA=
+attributeDisplayNames:: bCxNxJtzdG8=
+attributeDisplayNames:: bWFpbCxFLW1haWxvdsOhIGFkcmVzYQ==
+attributeDisplayNames:: bWFuYWdlcixOYWTFmcOtemVuw70=
+attributeDisplayNames:: bWVtYmVyT2YsSmUgxI1sZW5lbQ==
+attributeDisplayNames:: bWlkZGxlTmFtZSwyLiBrxZllc3Ruw60gam3DqW5v
+attributeDisplayNames:: bW9iaWxlLE1vYmlsbsOtIHRlbGVmb24=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsT2RkxJtsZW7DrSBmb25ldGlja3k=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLE7DoXpldiBzcG9sZcSNbm9zdGkgZm9uZXRpY2t5
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLFpvYnJhem92YW7DvSBuw6F6ZXYgZm9uZXRpY2t5
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLFDFmcOtam1lbsOtIGZvbmV0aWNreQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxKbcOpbm8gZm9uZXRpY2t5
+attributeDisplayNames:: aW5mbyxQb3puw6Fta3k=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4b3bDqSDEjcOtc2xvIChvc3RhdG7DrSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbiBkb23FryAob3N0YXRuw60p
+attributeDisplayNames:: b3RoZXJJcFBob25lLFRlbGVmb25uw60gxI3DrXNsbyBJUCAob3N0YXRuw60p
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtbWFpbG92w6EgYWRyZXNhIChvc3RhdG7DrSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWxuw60gdGVsZWZvbiAob3N0YXRuw60p
+attributeDisplayNames:: b3RoZXJQYWdlcizEjMOtc2xvIG9wZXLDoXRvcnUgKG9zdGF0bsOtKQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbm7DrSDEjcOtc2xvIChvc3RhdG7DrSk=
+attributeDisplayNames:: cGFnZXIsxIzDrXNsbyBvcGVyw6F0b3J1
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxOw6F6ZXY=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVW3DrXN0xJtuw60gcHJhY292acWhdMSb
+attributeDisplayNames:: cG9zdGFsQ29kZSxQU8SM
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb8WhdG92bsOtIHDFmWlocsOhZGth
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE1lemluw6Fyb2Ruw60gxI3DrXNsbyBJU0RO
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLETDoWxub3Bpcw==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsUMWZaWhsYcWhb3ZhY8OtIGptw6lubyAocHJvIHN5c3TDqW15IHN0YXLFocOtIG5lxb4gV2luZG93cyAyMDAwKQ==
+attributeDisplayNames:: c24sUMWZw61qbWVuw60=
+attributeDisplayNames:: c3QsT2tyZXM=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc2E=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25uw60gxI3DrXNsbw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsRMOhbG5vcGlzIChvc3RhdG7DrSk=
+attributeDisplayNames:: dGl0bGUsRnVua2Nl
+attributeDisplayNames:: dXJsLFdlYm92w6EgYWRyZXNhIChvc3RhdG7DrSk=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsWm9icmF6b3ZhbsO9IG7DoXpldg==
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxQxZlpaGxhxaFvdmFjw60gcHJhY292bsOtIHN0YW5pY2U=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsUMWZaWhsYcWhb3ZhY8OtIGptw6lubw==
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNhIHN0csOhbmt5IFdXVw==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=DS-UI-Default-Settings,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror Group
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror Service
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: User
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: wWWHomePage,Web Page Address
+attributeDisplayNames: userPrincipalName,Logon Name
+attributeDisplayNames: userWorkstations,Logon Workstations
+attributeDisplayNames: displayName,Display Name
+attributeDisplayNames: url,Web Page Address (Others)
+attributeDisplayNames: title,Job Title
+attributeDisplayNames: telexNumber,Telex Number (Others)
+attributeDisplayNames: telephoneNumber,Telephone Number
+attributeDisplayNames: streetAddress,Street Address
+attributeDisplayNames: st,State/Province
+attributeDisplayNames: sn,Last Name
+attributeDisplayNames: samAccountName,Logon Name (pre-Windows 2000)
+attributeDisplayNames: primaryTelexNumber,Telex Number
+attributeDisplayNames: primaryInternationalISDNNumber,International ISDN Number
+attributeDisplayNames: postOfficeBox,Post Office Box
+attributeDisplayNames: postalCode,ZIP/Postal Code
+attributeDisplayNames: physicalDeliveryOfficeName,Office Location
+attributeDisplayNames: personalTitle,Title
+attributeDisplayNames: pager,Pager Number
+attributeDisplayNames: otherTelephone,Phone Number (Others)
+attributeDisplayNames: otherPager,Pager Number (Others)
+attributeDisplayNames: otherMobile,Mobile Number (Others)
+attributeDisplayNames: otherMailbox,E-Mail Address (Others)
+attributeDisplayNames: otherIpPhone,IP Phone Number (Others)
+attributeDisplayNames: otherHomePhone,Home Phone Number (Others)
+attributeDisplayNames: otherFacsimileTelephoneNumber,Fax Number (Others)
+attributeDisplayNames: info,Notes
+attributeDisplayNames: mSDS-PhoneticDepartment,Phonetic Department
+attributeDisplayNames: mSDS-PhoneticCompanyName,Phonetic Company Name
+attributeDisplayNames: mSDS-PhoneticDisplayName,Phonetic Display Name
+attributeDisplayNames: mSDS-PhoneticLastName,Phonetic Last Name
+attributeDisplayNames: mSDS-PhoneticFirstName,Phonetic First Name
+attributeDisplayNames: mobile,Mobile Number
+attributeDisplayNames: middleName,Middle Name
+attributeDisplayNames: memberOf,Member Of
+attributeDisplayNames: manager,Manager
+attributeDisplayNames: mail,E-Mail Address
+attributeDisplayNames: l,City
+attributeDisplayNames: ipPhone,IP Phone Number
+attributeDisplayNames: internationalISDNNumber,International ISDN Number (Others)
+attributeDisplayNames: initials,Initials
+attributeDisplayNames: homePostalAddress,Home Address
+attributeDisplayNames: homePhone,Home Phone
+attributeDisplayNames: homeDrive,Home Drive
+attributeDisplayNames: homeDirectory,Home Folder
+attributeDisplayNames: givenName,First Name
+attributeDisplayNames: generationQualifier,Generational Suffix
+attributeDisplayNames: facsimileTelephoneNumber,Fax Number
+attributeDisplayNames: employeeID,Employee ID
+attributeDisplayNames: division,Division
+attributeDisplayNames: distinguishedName,Distinguished Name
+attributeDisplayNames: directReports,Direct Reports
+attributeDisplayNames: description,Description
+attributeDisplayNames: department,Department
+attributeDisplayNames: company,Company
+attributeDisplayNames: comment,Comment
+attributeDisplayNames: co,Country
+attributeDisplayNames: c,Country Abbreviation
+attributeDisplayNames: cn,Name
+attributeDisplayNames: assistant,Assistant
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Group
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: wWWHomePage,Web Page Address
+attributeDisplayNames: url,Web Page Address (Others)
+attributeDisplayNames: samAccountName,Group name (pre-Windows 2000)
+attributeDisplayNames: physicalDeliveryOfficeName,Office Location
+attributeDisplayNames: info,Notes
+attributeDisplayNames: mSDS-PhoneticDisplayName,Phonetic Display Name
+attributeDisplayNames: member,Members
+attributeDisplayNames: managedBy,Managed By
+attributeDisplayNames: l,City
+attributeDisplayNames: distinguishedName,Distinguished Name
+attributeDisplayNames: description,Description
+attributeDisplayNames: c,Country Abbreviation
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Domain
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Description
+attributeDisplayNames: dc,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Contact
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: wWWHomePage,Web Page Address
+attributeDisplayNames: url,Web Page Address (Others)
+attributeDisplayNames: title,Job Title
+attributeDisplayNames: telexNumber,Telex Number (Others)
+attributeDisplayNames: telephoneNumber,Telephone Number
+attributeDisplayNames: streetAddress,Street Address
+attributeDisplayNames: st,State/Province
+attributeDisplayNames: sn,Last Name
+attributeDisplayNames: primaryTelexNumber,Telex Number
+attributeDisplayNames: primaryInternationalISDNNumber,International ISDN Number
+attributeDisplayNames: postOfficeBox,Post Office Box
+attributeDisplayNames: postalCode,ZIP/Postal Code
+attributeDisplayNames: physicalDeliveryOfficeName,Office Location
+attributeDisplayNames: personalTitle,Title
+attributeDisplayNames: pager,Pager Number
+attributeDisplayNames: otherTelephone,Phone Number (Others)
+attributeDisplayNames: otherPager,Pager Number (Others)
+attributeDisplayNames: otherMobile,Mobile Number (Others)
+attributeDisplayNames: otherMailbox,E-Mail Address (Others)
+attributeDisplayNames: otherIpPhone,IP Phone Number (Others)
+attributeDisplayNames: otherHomePhone,Home Phone Number (Others)
+attributeDisplayNames: otherFacsimileTelephoneNumber,Fax Number (Others)
+attributeDisplayNames: mSDS-PhoneticDepartment,Phonetic Department
+attributeDisplayNames: mSDS-PhoneticCompanyName,Phonetic Company Name
+attributeDisplayNames: mSDS-PhoneticDisplayName,Phonetic Display Name
+attributeDisplayNames: mSDS-PhoneticLastName,Phonetic Last Name
+attributeDisplayNames: mSDS-PhoneticFirstName,Phonetic First Name
+attributeDisplayNames: mobile,Mobile Number
+attributeDisplayNames: middleName,Middle Name
+attributeDisplayNames: memberOf,Member Of
+attributeDisplayNames: manager,Manager
+attributeDisplayNames: mail,E-Mail Address
+attributeDisplayNames: l,City
+attributeDisplayNames: ipPhone,IP Phone Number
+attributeDisplayNames: internationalISDNNumber,International ISDN Number (Others)
+attributeDisplayNames: info,Notes
+attributeDisplayNames: initials,Initials
+attributeDisplayNames: homePostalAddress,Home Address
+attributeDisplayNames: homePhone,Home Phone
+attributeDisplayNames: givenName,First Name
+attributeDisplayNames: generationQualifier,Generational Suffix
+attributeDisplayNames: facsimileTelephoneNumber,Fax Number
+attributeDisplayNames: employeeID,Employee ID
+attributeDisplayNames: division,Division
+attributeDisplayNames: distinguishedName,Distinguished Name
+attributeDisplayNames: displayName,Display Name
+attributeDisplayNames: directReports,Direct Reports
+attributeDisplayNames: description,Description
+attributeDisplayNames: department,Department
+attributeDisplayNames: company,Company
+attributeDisplayNames: comment,Comment
+attributeDisplayNames: cn,Name
+attributeDisplayNames: co,Country
+attributeDisplayNames: c,Country Abbreviation
+attributeDisplayNames: assistant,Assistant
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainPolicy-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Domain Policy
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Local Policy
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Shared Folder
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: uNCName,Network Path
+attributeDisplayNames: keywords,Keywords
+attributeDisplayNames: managedBy,Managed By
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Service
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Computer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: MSDS-PhoneticDisplayName,Phonetic Display Name
+attributeDisplayNames: samAccountName,Computer name (pre-Windows 2000)
+attributeDisplayNames: operatingSystemVersion,Operating System Version
+attributeDisplayNames: operatingSystem,Operating System
+attributeDisplayNames: managedBy,Managed By
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Printer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: versionNumber,Object Version
+attributeDisplayNames: url,Web Page Address
+attributeDisplayNames: serverName,Server Name
+attributeDisplayNames: printStaplingSupported,Supports Stapling
+attributeDisplayNames: printShareName,Share Name
+attributeDisplayNames: printPagesPerMinute,Pages per Minute
+attributeDisplayNames: printRateUnit,Speed Units
+attributeDisplayNames: printRate,Speed
+attributeDisplayNames: printOwner,Owner Name
+attributeDisplayNames: printMemory,Installed Memory
+attributeDisplayNames: printMediaSupported,Paper Types Supported
+attributeDisplayNames: printMediaReady,Paper Available
+attributeDisplayNames: printMaxResolutionSupported,Maximum Resolution
+attributeDisplayNames: printLanguage,Printer Language
+attributeDisplayNames: printerName,Name
+attributeDisplayNames: printDuplexSupported,Supports Double-sided Printing
+attributeDisplayNames: printColor,Supports Color Printing
+attributeDisplayNames: printCollate,Supports Collation
+attributeDisplayNames: printBinNames,Input Trays
+attributeDisplayNames: portName,Port
+attributeDisplayNames: location,Location
+attributeDisplayNames: driverName,Model
+attributeDisplayNames: description,Comment
+attributeDisplayNames: contactName,Contact
+attributeDisplayNames: assetNumber,Asset Number
+attributeDisplayNames: uNCName,Network Name
+attributeDisplayNames: cn,Directory Service Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Site
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Settings
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS Settings
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS Replica Set
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Domain Controller Settings
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Connection
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Subnet
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Organizational Unit
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: managedBy,Managed By
+attributeDisplayNames: description,Description
+attributeDisplayNames: ou,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Container
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Trusted Domain
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns: msds-PhoneticDepartment,Phonetic Department,0,100,0
+extraColumns: msds-PhoneticCompanyName,Phonetic Company Name,0,100,0
+extraColumns: msds-PhoneticLastName,Phonetic Last Name,0,100,0
+extraColumns: msds-PhoneticFirstName,Phonetic First Name,0,100,0
+extraColumns: msds-PhoneticDisplayName,Phonetic Display Name,0,100,0
+extraColumns: postalCode,Zip Code,0,100,0
+extraColumns: textEncodedORAddress,X.400 E-Mail Address,0,130,0
+extraColumns: userPrincipalName,User Logon Name,0,200,0
+extraColumns: title,Job Title,0,100,0
+extraColumns: targetAddress,Target Address,0,100,0
+extraColumns: st,State,0,100,0
+extraColumns: physicalDeliveryOfficeName,Office,0,100,0
+extraColumns: whenChanged,Modified,0,130,0
+extraColumns: sn,Last Name,0,100,0
+extraColumns: msExchIMMetaPhysicalURL,Instant Messaging URL,0,140,0
+extraColumns: msExchIMPhysicalURL,Instant Messaging Home Server,0,170,0
+extraColumns: givenName,First Name,0,100,0
+extraColumns: homeMDB,Exchange Mailbox Store,0,100,0
+extraColumns: mailNickname,Exchange Alias,0,175,0
+extraColumns: mail,E-Mail Address,0,100,0
+extraColumns: sAMAccountName,Pre-Windows 2000 Logon Name,0,120,0
+extraColumns: displayName,Display Name,0,100,0
+extraColumns: department,Department,0,150,0
+extraColumns: c,Country,0,-1,0
+extraColumns: company,Company,0,150,0
+extraColumns: l,City,0,150,0
+extraColumns: telephoneNumber,Business Phone,0,100,0
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Site Link
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Site Link Bridge
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Inter-Site Transport
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Licensing Site Settings
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName: Site Settings
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS Member
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS Subscriber
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS Subscriptions
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: RPC Services
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ Queue
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ Configuration
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ Enterprise
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName: MSMQ Upgraded User
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: MSMQ Routing Link
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName: MSMQ Settings
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: MSMQ Queue Alias
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Format Name
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: MSMQ Group
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames: member,Member Queues
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Remote Storage Service
+adminContextMenu: 0,&Manage...,RsAdmin.msc
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Sites Container
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Inter-Site Transports Container
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Subnets Container
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Servers Container
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Active Directory Domain Services
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Query Policy
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Foreign Security Principal
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Certificate Template
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Description
+attributeDisplayNames: cn,Name
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns: lastKnownParent,Last Known Parent,1,300,0
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=409,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: assistant,Assistant
+attributeDisplayNames: cn,Name
+attributeDisplayNames: c,Country Abbreviation
+attributeDisplayNames: co,Country
+attributeDisplayNames: comment,Comment
+attributeDisplayNames: company,Company
+attributeDisplayNames: department,Department
+attributeDisplayNames: description,Description
+attributeDisplayNames: directReports,Direct Reports
+attributeDisplayNames: distinguishedName,Distinguished Name
+attributeDisplayNames: division,Division
+attributeDisplayNames: employeeID,Employee ID
+attributeDisplayNames: facsimileTelephoneNumber,Fax Number
+attributeDisplayNames: generationQualifier,Generational Suffix
+attributeDisplayNames: givenName,First Name
+attributeDisplayNames: homeDirectory,Home Folder
+attributeDisplayNames: homeDrive,Home Drive
+attributeDisplayNames: homePhone,Home Phone
+attributeDisplayNames: homePostalAddress,Home Address
+attributeDisplayNames: initials,Initials
+attributeDisplayNames: internationalISDNNumber,International ISDN Number (Others)
+attributeDisplayNames: ipPhone,IP Phone Number
+attributeDisplayNames: l,City
+attributeDisplayNames: mail,E-Mail Address
+attributeDisplayNames: manager,Manager
+attributeDisplayNames: memberOf,Member Of
+attributeDisplayNames: middleName,Middle Name
+attributeDisplayNames: mobile,Mobile Number
+attributeDisplayNames: mSDS-PhoneticDepartment,Phonetic Department
+attributeDisplayNames: mSDS-PhoneticCompanyName,Phonetic Company Name
+attributeDisplayNames: mSDS-PhoneticDisplayName,Phonetic Display Name
+attributeDisplayNames: mSDS-PhoneticLastName,Phonetic Last Name
+attributeDisplayNames: mSDS-PhoneticFirstName,Phonetic First Name
+attributeDisplayNames: info,Notes
+attributeDisplayNames: otherFacsimileTelephoneNumber,Fax Number (Others)
+attributeDisplayNames: otherHomePhone,Home Phone (Others)
+attributeDisplayNames: otherIpPhone,IP Phone Number (Others)
+attributeDisplayNames: otherMailbox,E-Mail Address (Others)
+attributeDisplayNames: otherMobile,Mobile Number (Others)
+attributeDisplayNames: otherPager,Pager Number (Others)
+attributeDisplayNames: otherTelephone,Phone Number (Others)
+attributeDisplayNames: pager,Pager Number
+attributeDisplayNames: personalTitle,Title
+attributeDisplayNames: physicalDeliveryOfficeName,Office Location
+attributeDisplayNames: postalCode,ZIP/Postal Code
+attributeDisplayNames: postOfficeBox,Post Office Box
+attributeDisplayNames: primaryInternationalISDNNumber,International ISDN Number
+attributeDisplayNames: primaryTelexNumber,Telex Number
+attributeDisplayNames: samAccountName,Logon Name (pre-Windows 2000)
+attributeDisplayNames: sn,Last Name
+attributeDisplayNames: st,State/Province
+attributeDisplayNames: streetAddress,Street Address
+attributeDisplayNames: telephoneNumber,Telephone Number
+attributeDisplayNames: telexNumber,Telex Number (Others)
+attributeDisplayNames: title,Job Title
+attributeDisplayNames: url,Web Page Address (Others)
+attributeDisplayNames: displayName,Display Name
+attributeDisplayNames: userWorkstations,Logon Workstations
+attributeDisplayNames: userPrincipalName,Logon Name
+attributeDisplayNames: wWWHomePage,Web Page Address
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LE9zdGF0bmkgem5hbnkgb2JpZWt0IG5hZHJ6xJlkbnksMSwzMDAsMA==
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzeXN0ZW50
+attributeDisplayNames:: Y24sTmF6d2E=
+attributeDisplayNames:: YyxTeW1ib2wga3JhanU=
+attributeDisplayNames:: Y28sS3Jhag==
+attributeDisplayNames:: Y29tbWVudCxLb21lbnRhcno=
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEemlhxYI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxCZXpwb8WbcmVkbmkgcG9kd8WCYWRuaQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTmF6d2Egd3lyw7PFvG5pYWrEhWNh
+attributeDisplayNames:: ZGl2aXNpb24sV3lkemlhxYI=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZGVudHlmaWthdG9yIHByYWNvd25pa2E=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bWVyIGZha3N1
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpa3MgcG9rb2xlbmlvd3k=
+attributeDisplayNames:: Z2l2ZW5OYW1lLEltacSZ
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxGb2xkZXIgbWFjaWVyenlzdHk=
+attributeDisplayNames:: aG9tZURyaXZlLER5c2sgbWFjaWVyenlzdHk=
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gZG9tb3d5
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXMgZG9tb3d5
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2phxYJ5
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTWnEmWR6eW5hcm9kb3d5IG51bWVyIElTRE4gKGlubmUp
+attributeDisplayNames:: aXBQaG9uZSxOdW1lciB0ZWxlZm9udSBJUA==
+attributeDisplayNames:: bCxNaWFzdG8=
+attributeDisplayNames:: bWFpbCxBZHJlcyBlLW1haWw=
+attributeDisplayNames:: bWFuYWdlcixNZW5lZMW8ZXI=
+attributeDisplayNames:: bWVtYmVyT2YsQ3rFgm9uZWsgZ3J1cHk=
+attributeDisplayNames:: bWlkZGxlTmFtZSxEcnVnaWUgaW1pxJk=
+attributeDisplayNames:: bW9iaWxlLE51bWVyIHRlbGVmb251IGtvbcOzcmtvd2Vnbw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsV3ltb3dhIG5hend5IGR6aWHFgnU=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLFd5bW93YSBuYXp3eSBmaXJteQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLFd5bW93YSB3ecWbd2lldGxhbmVqIG5hend5
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLFd5bW93YSBuYXp3aXNrYQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxXeW1vd2EgaW1pZW5pYQ==
+attributeDisplayNames:: aW5mbyxOb3RhdGtp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtZXIgZmFrc3UgKGlubmUp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbiBkb21vd3kgKGlubmUp
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bWVyIHRlbGVmb251IElQIChpbm5lKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEFkcmVzIGUtbWFpbCAoaW5uZSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtZXIgdGVsZWZvbnUga29tw7Nya293ZWdvIChpbm5lKQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW1lciBwYWdlcmEgKGlubmUp
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtZXIgdGVsZWZvbnUgKGlubmUp
+attributeDisplayNames:: cGFnZXIsTnVtZXIgcGFnZXJh
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUeXR1xYI=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9rYWxpemFjamEgYml1cmE=
+attributeDisplayNames:: cG9zdGFsQ29kZSxLb2QgcG9jenRvd3k=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxOdW1lciBza3J6eW5raSBwb2N6dG93ZWo=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE1pxJlkenluYXJvZG93eSBudW1lciBJU0RO
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bWVyIHRlbGVrc3U=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTmF6d2EgbG9nb3dhbmlhIChzeXN0ZW15IHN0YXJzemUgbmnFvCBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: c24sTmF6d2lza28=
+attributeDisplayNames:: c3QsV29qZXfDs2R6dHdvL1JlZ2lvbg==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxVbGljYQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bWVyIHRlbGVmb251
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtZXIgdGVsZWtzdSAoaW5uZSk=
+attributeDisplayNames:: dGl0bGUsU3Rhbm93aXNrbw==
+attributeDisplayNames:: dXJsLEFkcmVzIHN0cm9ueSBzaWVjaSBXZWIgKGlubmUp
+attributeDisplayNames:: ZGlzcGxheU5hbWUsV3nFm3dpZXRsYW5hIG5hendh
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxMb2dvd2FuaWUgbmEgc3RhY2phY2ggcm9ib2N6eWNo
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTmF6d2EgbG9nb3dhbmlh
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXMgc3Ryb255IHNpZWNpIFdlYg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=DS-UI-Default-Settings,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Grupa IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName:: VXPFgnVnYSBJbnRlbGxpTWlycm9y
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VcW8eXRrb3duaWs=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXMgc3Ryb255IHNpZWNpIFdlYg==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTmF6d2EgbG9nb3dhbmlh
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxMb2dvd2FuaWUgbmEgc3RhY2phY2ggcm9ib2N6eWNo
+attributeDisplayNames:: ZGlzcGxheU5hbWUsV3nFm3dpZXRsYW5hIG5hendh
+attributeDisplayNames:: dXJsLEFkcmVzIHN0cm9ueSBzaWVjaSBXZWIgKGlubmUp
+attributeDisplayNames:: dGl0bGUsU3Rhbm93aXNrbw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtZXIgdGVsZWtzdSAoaW5uZSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bWVyIHRlbGVmb251
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxVbGljYQ==
+attributeDisplayNames:: c3QsV29qZXfDs2R6dHdvL1JlZ2lvbg==
+attributeDisplayNames:: c24sTmF6d2lza28=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTmF6d2EgbG9nb3dhbmlhIChzeXN0ZW15IHN0YXJzemUgbmnFvCBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bWVyIHRlbGVrc3U=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE1pxJlkenluYXJvZG93eSBudW1lciBJU0RO
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxOdW1lciBza3J6eW5raSBwb2N6dG93ZWo=
+attributeDisplayNames:: cG9zdGFsQ29kZSxLb2QgcG9jenRvd3k=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9rYWxpemFjamEgYml1cmE=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUeXR1xYI=
+attributeDisplayNames:: cGFnZXIsTnVtZXIgcGFnZXJh
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtZXIgdGVsZWZvbnUgKGlubmUp
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW1lciBwYWdlcmEgKGlubmUp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtZXIgdGVsZWZvbnUga29tw7Nya293ZWdvIChpbm5lKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEFkcmVzIGUtbWFpbCAoaW5uZSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bWVyIHRlbGVmb251IElQIChpbm5lKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtZXIgdGVsZWZvbnUgZG9tb3dlZ28gKGlubmUp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtZXIgZmFrc3UgKGlubmUp
+attributeDisplayNames:: aW5mbyxOb3RhdGtp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsV3ltb3dhIG5hend5IGR6aWHFgnU=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLFd5bW93YSBuYXp3eSBmaXJteQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLFd5bW93YSB3ecWbd2lldGxhbmVqIG5hend5
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLFd5bW93YSBuYXp3aXNrYQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxXeW1vd2EgaW1pZW5pYQ==
+attributeDisplayNames:: bW9iaWxlLE51bWVyIHRlbGVmb251IGtvbcOzcmtvd2Vnbw==
+attributeDisplayNames:: bWlkZGxlTmFtZSxEcnVnaWUgaW1pxJk=
+attributeDisplayNames:: bWVtYmVyT2YsQ3rFgm9uZWsgZ3J1cHk=
+attributeDisplayNames:: bWFuYWdlcixNZW5lZMW8ZXI=
+attributeDisplayNames:: bWFpbCxBZHJlcyBlLW1haWw=
+attributeDisplayNames:: bCxNaWFzdG8=
+attributeDisplayNames:: aXBQaG9uZSxOdW1lciB0ZWxlZm9udSBJUA==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTWnEmWR6eW5hcm9kb3d5IG51bWVyIElTRE4gKGlubmUp
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2phxYJ5
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXMgZG9tb3d5
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gZG9tb3d5
+attributeDisplayNames:: aG9tZURyaXZlLER5c2sgbWFjaWVyenlzdHk=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxGb2xkZXIgbWFjaWVyenlzdHk=
+attributeDisplayNames:: Z2l2ZW5OYW1lLEltacSZ
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpa3MgcG9rb2xlbmlvd3k=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bWVyIGZha3N1
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZGVudHlmaWthdG9yIHByYWNvd25pa2E=
+attributeDisplayNames:: ZGl2aXNpb24sV3lkemlhxYI=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTmF6d2Egd3lyw7PFvG5pYWrEhWNh
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxCZXpwb8WbcmVkbmkgcG9kd8WCYWRuaQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEemlhxYI=
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21lbnRhcno=
+attributeDisplayNames:: Y28sS3Jhag==
+attributeDisplayNames:: YyxTeW1ib2wga3JhanU=
+attributeDisplayNames:: Y24sTmF6d2E=
+attributeDisplayNames:: YXNzaXN0YW50LEFzeXN0ZW50
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Grupa
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXMgc3Ryb255IHNpZWNpIFdlYg==
+attributeDisplayNames:: dXJsLEFkcmVzIHN0cm9ueSBzaWVjaSBXZWIgKGlubmUp
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTmF6d2EgZ3J1cHkgKHN5c3RlbXkgc3RhcnN6ZSBuacW8IFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9rYWxpemFjamEgYml1cmE=
+attributeDisplayNames:: aW5mbyxOb3RhdGtp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLFd5bW93YSB3ecWbd2lldGxhbmVqIG5hend5
+attributeDisplayNames:: bWVtYmVyLEN6xYJvbmtvd2ll
+attributeDisplayNames:: bWFuYWdlZEJ5LFphcnrEhWR6YW55IHByemV6
+attributeDisplayNames:: bCxNaWFzdG8=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTmF6d2Egd3lyw7PFvG5pYWrEhWNh
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: YyxTeW1ib2wga3JhanU=
+attributeDisplayNames:: Y24sTmF6d2E=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Domena
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: dc,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Kontakt
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXMgc3Ryb255IHNpZWNpIFdlYg==
+attributeDisplayNames:: dXJsLEFkcmVzIHN0cm9ueSBzaWVjaSBXZWIgKGlubmUp
+attributeDisplayNames:: dGl0bGUsU3Rhbm93aXNrbw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIsTnVtZXIgdGVsZWtzdSAoaW5uZSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLE51bWVyIHRlbGVmb251
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxVbGljYQ==
+attributeDisplayNames:: c3QsV29qZXfDs2R6dHdvL1JlZ2lvbg==
+attributeDisplayNames:: c24sTmF6d2lza28=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLE51bWVyIHRlbGVrc3U=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLE1pxJlkenluYXJvZG93eSBudW1lciBJU0RO
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxOdW1lciBza3J6eW5raSBwb2N6dG93ZWo=
+attributeDisplayNames:: cG9zdGFsQ29kZSxLb2QgcG9jenRvd3k=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsTG9rYWxpemFjamEgYml1cmE=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUeXR1xYI=
+attributeDisplayNames:: cGFnZXIsTnVtZXIgcGFnZXJh
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsTnVtZXIgdGVsZWZvbnUgKGlubmUp
+attributeDisplayNames:: b3RoZXJQYWdlcixOdW1lciBwYWdlcmEgKGlubmUp
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTnVtZXIgdGVsZWZvbnUga29tw7Nya293ZWdvIChpbm5lKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEFkcmVzIGUtbWFpbCAoaW5uZSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLE51bWVyIHRlbGVmb251IElQIChpbm5lKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsTnVtZXIgdGVsZWZvbnUgZG9tb3dlZ28gKGlubmUp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsTnVtZXIgZmFrc3UgKGlubmUp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsV3ltb3dhIG5hend5IGR6aWHFgnU=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLFd5bW93YSBuYXp3eSBmaXJteQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLFd5bW93YSB3ecWbd2lldGxhbmVqIG5hend5
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLFd5bW93YSBuYXp3aXNrYQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxXeW1vd2EgaW1pZW5pYQ==
+attributeDisplayNames:: bW9iaWxlLE51bWVyIHRlbGVmb251IGtvbcOzcmtvd2Vnbw==
+attributeDisplayNames:: bWlkZGxlTmFtZSxEcnVnaWUgaW1pxJk=
+attributeDisplayNames:: bWVtYmVyT2YsQ3rFgm9uZWsgZ3J1cHk=
+attributeDisplayNames:: bWFuYWdlcixNZW5lZMW8ZXI=
+attributeDisplayNames:: bWFpbCxBZHJlcyBlLW1haWw=
+attributeDisplayNames:: bCxNaWFzdG8=
+attributeDisplayNames:: aXBQaG9uZSxOdW1lciB0ZWxlZm9udSBJUA==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsTWnEmWR6eW5hcm9kb3d5IG51bWVyIElTRE4gKGlubmUp
+attributeDisplayNames:: aW5mbyxOb3RhdGtp
+attributeDisplayNames:: aW5pdGlhbHMsSW5pY2phxYJ5
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXMgZG9tb3d5
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gZG9tb3d5
+attributeDisplayNames:: Z2l2ZW5OYW1lLEltacSZ
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixTdWZpa3MgcG9rb2xlbmlvd3k=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLE51bWVyIGZha3N1
+attributeDisplayNames:: ZW1wbG95ZWVJRCxJZGVudHlmaWthdG9yIHByYWNvd25pa2E=
+attributeDisplayNames:: ZGl2aXNpb24sV3lkemlhxYI=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsTmF6d2Egd3lyw7PFvG5pYWrEhWNh
+attributeDisplayNames:: ZGlzcGxheU5hbWUsV3nFm3dpZXRsYW5hIG5hendh
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxCZXpwb8WbcmVkbmkgcG9kd8WCYWRuaQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxEemlhxYI=
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21lbnRhcno=
+attributeDisplayNames:: Y24sTmF6d2E=
+attributeDisplayNames:: Y28sS3Jhag==
+attributeDisplayNames:: YyxTeW1ib2wga3JhanU=
+attributeDisplayNames:: YXNzaXN0YW50LEFzeXN0ZW50
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainPolicy-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Zasady domeny
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Zasada lokalna
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: Rm9sZGVyIHVkb3N0xJlwbmlvbnk=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSzFmmNpZcW8a2Egc2llY2lvd2E=
+attributeDisplayNames:: a2V5d29yZHMsU8WCb3dhIGtsdWN6b3dl
+attributeDisplayNames:: bWFuYWdlZEJ5LFphcnrEhWR6YW55IHByemV6
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: Y24sTmF6d2E=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VXPFgnVnYQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Komputer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLFd5bW93YSB3ecWbd2lldGxhbmVqIG5hend5
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTmF6d2Ega29tcHV0ZXJhIChzeXN0ZW15IHN0YXJzemUgbmnFvCBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixXZXJzamEgc3lzdGVtdSBvcGVyYWN5am5lZ28=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLFN5c3RlbSBvcGVyYWN5am55
+attributeDisplayNames:: bWFuYWdlZEJ5LFphcnrEhWR6YW55IHByemV6
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: Y24sTmF6d2E=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Drukarka
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixXZXJzamEgb2JpZWt0dQ==
+attributeDisplayNames:: dXJsLEFkcmVzIHN0cm9ueSBzaWVjaSBXZWI=
+attributeDisplayNames:: c2VydmVyTmFtZSxOYXp3YSBzZXJ3ZXJh
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxPYnPFgnVndWplIHpzenl3YW5pZQ==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsTmF6d2EgdWR6aWHFgnU=
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxTdHJvbiBuYSBtaW51dMSZ
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxKZWRub3N0a2kgc3p5YmtvxZtjaQ==
+attributeDisplayNames:: cHJpbnRSYXRlLFN6eWJrb8WbxIc=
+attributeDisplayNames:: cHJpbnRPd25lcixOYXp3YSB3xYJhxZtjaWNpZWxh
+attributeDisplayNames:: cHJpbnRNZW1vcnksWmFpbnN0YWxvd2FuYSBwYW1pxJnEhw==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxPYnPFgnVnaXdhbmUgdHlweSBwYXBpZXJ1
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFBhcGllciBkb3N0xJlwbnk=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLFJvemR6aWVsY3pvxZvEhyBtYWtzeW1hbG5h
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxKxJl6eWsgZHJ1a2Fya2k=
+attributeDisplayNames:: cHJpbnRlck5hbWUsTmF6d2E=
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsT2JzxYJ1Z3VqZSBkcnVrb3dhbmllIGR3dXN0cm9ubmU=
+attributeDisplayNames:: cHJpbnRDb2xvcixPYnPFgnVndWplIGRydWtvd2FuaWUgdyBrb2xvcnpl
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLE9ic8WCdWd1amUgc29ydG93YW5pZQ==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxaYXNvYm5pa2kgd2VqxZtjaW93ZQ==
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydA==
+attributeDisplayNames:: bG9jYXRpb24sTG9rYWxpemFjamE=
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS29tZW50YXJ6
+attributeDisplayNames:: Y29udGFjdE5hbWUsS29udGFrdA==
+attributeDisplayNames:: YXNzZXROdW1iZXIsTnVtZXIgxZtyb2RrYSB0cndhxYJlZ28=
+attributeDisplayNames:: dU5DTmFtZSxOYXp3YSBzaWVjaW93YQ==
+attributeDisplayNames:: Y24sTmF6d2EgdXPFgnVnaSBrYXRhbG9nb3dlag==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Lokacja
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Serwer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Ustawienia
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: VXN0YXdpZW5pYSB1c8WCdWdpIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: WmVzdGF3IHJlcGxpayB1c8WCdWdpIEZSUw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Ustawienia kontrolera domeny
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: UG/FgsSFY3plbmll
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: UG9kc2llxIc=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Jednostka organizacyjna
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LFphcnrEhWR6YW55IHByemV6
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: b3UsTmF6d2E=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Kontener
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Domena zaufana
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQsV3ltb3dhIG5hend5IGR6aWHFgnUsMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLFd5bW93YSBuYXp3eSBmaXJteSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLFd5bW93YSBuYXp3aXNrYSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSxXeW1vd2EgaW1pZW5pYSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLFd5bW93YSB3ecWbd2lldGxhbmVqIG5hend5LDAsMTAwLDA=
+extraColumns:: cG9zdGFsQ29kZSxLb2QgcG9jenRvd3ksMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsQWRyZXMgZS1tYWlsIFguNDAwLDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsTmF6d2EgbG9nb3dhbmlhIHXFvHl0a293bmlrYSwwLDIwMCww
+extraColumns:: dGl0bGUsU3Rhbm93aXNrbywwLDEwMCww
+extraColumns:: dGFyZ2V0QWRkcmVzcyxBZHJlcyBkb2NlbG93eSwwLDEwMCww
+extraColumns:: c3QsU3RhbiwwLDEwMCww
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsQml1cm8sMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQsWm1vZHlmaWtvd2FueSwwLDEzMCww
+extraColumns:: c24sTmF6d2lza28sMCwxMDAsMA==
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsQWRyZXMgVVJMIHdpYWRvbW/Fm2NpIGLFgnlza2F3aWN6bnljaCwwLDE0MCww
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxTZXJ3ZXIgbWFjaWVyenlzdHkgd2lhZG9tb8WbY2kgYsWCeXNrYXdpY3pueWNoLDAsMTcwLDA=
+extraColumns:: Z2l2ZW5OYW1lLEltacSZLDAsMTAwLDA=
+extraColumns:: aG9tZU1EQixNYWdhenluIHNrcnp5bmtpIHBvY3p0b3dlaiBwcm9ncmFtdSBFeGNoYW5nZSwwLDEwMCww
+extraColumns:: bWFpbE5pY2tuYW1lLEFsaWFzIHByb2dyYW11IEV4Y2hhbmdlLDAsMTc1LDA=
+extraColumns:: bWFpbCxBZHJlcyBlLW1haWwsMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsTmF6d2EgbG9nb3dhbmlhIHcgc3lzdGVtaWUgc3RhcnN6eW0gbmnFvCBXaW5kb3dzIDIwMDAsMCwxMjAsMA==
+extraColumns:: ZGlzcGxheU5hbWUsV3nFm3dpZXRsYW5hIG5hendhLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCxEemlhxYIsMCwxNTAsMA==
+extraColumns:: YyxLcmFqLDAsLTEsMA==
+extraColumns:: Y29tcGFueSxGaXJtYSwwLDE1MCww
+extraColumns:: bCxNaWFzdG8sMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLFRlbGVmb24gc8WCdcW8Ym93eSwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: xYHEhWN6ZSBsb2thY2pp
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: TW9zdGVrIMWCxIVjenkgbG9rYWNqaQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: VHJhbnNwb3J0IG1pxJlkenlsb2thY3lqbnk=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Ustawienia lokacji licencjonowania
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName: Ustawienia lokacji
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RWxlbWVudCBjesWCb25rb3dza2kgdXPFgnVnaSBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: U3Vic2tyeWJlbnQgdXPFgnVnaSBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: U3Vic2tyeXBjamUgdXPFgnVnaSBGUlM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: VXPFgnVnaSBSUEM=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: S29sZWprYSB1c8WCdWdpIE1TTVE=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: S29uZmlndXJhY2phIHVzxYJ1Z2kga29sZWprb3dhbmlhIHdpYWRvbW/Fm2Np
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: UHJ6ZWRzacSZYmlvcnN0d28gdXPFgnVnaSBrb2xlamtvd2FuaWEgd2lhZG9tb8WbY2k=
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: VWFrdHVhbG5pb255IHXFvHl0a293bmlrIHVzxYJ1Z2kga29sZWprb3dhbmlhIHdpYWRvbW/Fm2Np
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: xYHEhWN6ZSByb3V0aW5ndSB1c8WCdWdpIGtvbGVqa293YW5pYSB3aWFkb21vxZtjaQ==
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: VXN0YXdpZW5pYSB1c8WCdWdpIGtvbGVqa293YW5pYSB3aWFkb21vxZtjaQ==
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: QWxpYXMga29sZWpraSB1c8WCdWdpIGtvbGVqa293YW5pYSB3aWFkb21vxZtjaQ==
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Nazwa formatu
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: R3J1cGEgdXPFgnVnaSBrb2xlamtvd2FuaWEgd2lhZG9tb8WbY2k=
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLEtvbGVqa2kgZWxlbWVudMOzdyBjesWCb25rb3dza2ljaA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sT3Bpcw==
+attributeDisplayNames:: Y24sTmF6d2E=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: VXPFgnVnYSBNYWdhenluIHpkYWxueQ==
+adminContextMenu:: MCwmWmFyesSFZHphai4uLixSc0FkbWluLm1zYw==
+attributeDisplayNames: cn,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Kontener lokacji
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: S29udGVuZXIgdHJhbnNwb3J0dSBtacSZZHp5bG9rYWN5am5lZ28=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Kontener podsieci
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: S29udGVuZXIgc2Vyd2Vyw7N3
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: VXPFgnVnaSBkb21lbm93ZSB3IHVzxYJ1ZHplIEFjdGl2ZSBEaXJlY3Rvcnk=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: WmFzYWR5IHphcHl0YcWE
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: T2JjeSBwb2RtaW90IHphYmV6cGllY3plxYQ=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Szablon certyfikatu
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Opis
+attributeDisplayNames: cn,Nazwa
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=415,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWxpdmVya29uIHPDpGlsw7Y=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: UGFsdmVsaW1lbiBzw6RpbMO2
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Active Directory -toimialueen palvelut
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: SGFrdWvDpHl0w6RudMO2
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Ulkoinen suojausobjekti
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Varmennemalli
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LFZpaW1laXNpbiB0dW5uZXR0dSBpc8OkbnTDpCwxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEF2dXN0YWph
+attributeDisplayNames:: Y24sTmltaQ==
+attributeDisplayNames:: YyxNYWFuIGx5aGVubmU=
+attributeDisplayNames:: Y28sTWFh
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50dGk=
+attributeDisplayNames:: Y29tcGFueSxZcml0eXM=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPc2FzdG8=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxBbGFpc2V0
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsRE4tbmltaQ==
+attributeDisplayNames:: ZGl2aXNpb24sSmFvc3Rv
+attributeDisplayNames:: ZW1wbG95ZWVJRCxUecO2bnRla2lqw6R0dW5udXM=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZha3NpbnVtZXJv
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOaW1lbiBsaWl0ZQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEV0dW5pbWk=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxLb3Rpa2Fuc2lv
+attributeDisplayNames:: aG9tZURyaXZlLEtvdGlhc2VtYQ==
+attributeDisplayNames:: aG9tZVBob25lLEtvdGlwdWhlbGlu
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsS290aW9zb2l0ZQ==
+attributeDisplayNames:: aW5pdGlhbHMsTmltaWtpcmphaW1ldA==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsS2Fuc2FpbnbDpGxpbmVuIElTRE4tbnVtZXJvIChtdXV0KQ==
+attributeDisplayNames:: aXBQaG9uZSxJUC1wdWhlbGlubnVtZXJv
+attributeDisplayNames:: bCxLYXVwdW5raQ==
+attributeDisplayNames:: bWFpbCxTw6Roa8O2cG9zdGlvc29pdGU=
+attributeDisplayNames:: bWFuYWdlcixFc2ltaWVz
+attributeDisplayNames:: bWVtYmVyT2YsSsOkc2VueXlz
+attributeDisplayNames:: bWlkZGxlTmFtZSxUb2luZW4gbmltaQ==
+attributeDisplayNames:: bW9iaWxlLE1hdGthcHVoZWxpbg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uZWV0dGluZW4gb3Nhc3Rv
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbmVldHRpbmVuIHlyaXR5a3NlbiBuaW1p
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmVldHRpbmVuIG7DpHl0dMO2bmltaQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEZvbmVldHRpbmVuIHN1a3VuaW1p
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxGb25lZXR0aW5lbiBldHVuaW1p
+attributeDisplayNames:: aW5mbyxIdW9tYXV0dWtzaWE=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmFrc2ludW1lcm8gKG11dXQp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsS290aXB1aGVsaW5udW1lcm8gKG11dXQp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXB1aGVsaW5udW1lcm8gKG11dXQp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LFPDpGhrw7Zwb3N0aW9zb2l0ZSAobXV1dCk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTWF0a2FwdWhlbGluIChtdXV0KQ==
+attributeDisplayNames:: b3RoZXJQYWdlcixIYWt1bGFpdHRlZW4gbnVtZXJvIChtdXV0KQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsUHVoZWxpbm51bWVybyAobXV1dCk=
+attributeDisplayNames:: cGFnZXIsSGFrdWxhaXR0ZWVuIG51bWVybw==
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUZWh0w6R2w6Q=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVG9pbWlzdG9uIHNpamFpbnRp
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0aW51bWVybw==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0aWxva2Vybw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEthbnNhaW52w6RsaW5lbiBJU0ROLW51bWVybw==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrc2k=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsS2lyamF1dHVtaXNuaW1pIChXaW5kb3dzIDIwMDA6dGEgZWRlbHTDpHbDpHQgdmVyc2lvdCk=
+attributeDisplayNames:: c24sU3VrdW5pbWk=
+attributeDisplayNames:: c3QsT3NhdmFsdGlvIHRhaSBwcm92aW5zc2k=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxLYXR1b3NvaXRl
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFB1aGVsaW5udW1lcm8=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzaSAobXV1dCk=
+attributeDisplayNames:: dGl0bGUsVGVodMOkdsOkbmltaWtl
+attributeDisplayNames:: dXJsLFZlcmtrb3NpdnVuIG9zb2l0ZSAobXV1dCk=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTsOkeXR0w7ZuaW1p
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxLaXJqYXV0dW1pc3R5w7Zhc2VtYXQ=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsS2lyamF1dHVtaXNuaW1p
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsVmVya2tvc2l2dW4gb3NvaXRl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=DS-UI-Default-Settings,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName:: SW50ZWxsaU1pcnJvci1yeWhtw6Q=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror-palvelu
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: S8OkeXR0w6Rqw6Q=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsVmVya2tvc2l2dW4gb3NvaXRl
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsS2lyamF1dHVtaXNuaW1p
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxLaXJqYXV0dW1pc3R5w7Zhc2VtYXQ=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTsOkeXR0w7ZuaW1p
+attributeDisplayNames:: dXJsLFZlcmtrb3NpdnVuIG9zb2l0ZSAobXV1dCk=
+attributeDisplayNames:: dGl0bGUsVGVodMOkdsOkbmltaWtl
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzaSAobXV1dCk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFB1aGVsaW5udW1lcm8=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxLYXR1b3NvaXRl
+attributeDisplayNames:: c3QsT3NhdmFsdGlvIHRhaSBwcm92aW5zc2k=
+attributeDisplayNames:: c24sU3VrdW5pbWk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsS2lyamF1dHVtaXNuaW1pIChXaW5kb3dzIDIwMDA6dGEgZWRlbHTDpHbDpHQgdmVyc2lvdCk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrc2k=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEthbnNhaW52w6RsaW5lbiBJU0ROLW51bWVybw==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0aWxva2Vybw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0aW51bWVybw==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVG9pbWlzdG9uIHNpamFpbnRp
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUZWh0w6R2w6Q=
+attributeDisplayNames:: cGFnZXIsSGFrdWxhaXR0ZWVuIG51bWVybw==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsUHVoZWxpbm51bWVybyAobXV1dCk=
+attributeDisplayNames:: b3RoZXJQYWdlcixIYWt1bGFpdHRlZW4gbnVtZXJvIChtdXV0KQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTWF0a2FwdWhlbGluIChtdXV0KQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LFPDpGhrw7Zwb3N0aW9zb2l0ZSAobXV1dCk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXB1aGVsaW5udW1lcm8gKG11dXQp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsS290aXB1aGVsaW5udW1lcm8gKG11dXQp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmFrc2ludW1lcm8gKG11dXQp
+attributeDisplayNames:: aW5mbyxIdW9tYXV0dWtzaWE=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uZWV0dGluZW4gb3Nhc3Rv
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbmVldHRpbmVuIHlyaXR5a3NlbiBuaW1p
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmVldHRpbmVuIG7DpHl0dMO2bmltaQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEZvbmVldHRpbmVuIHN1a3VuaW1p
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxGb25lZXR0aW5lbiBldHVuaW1p
+attributeDisplayNames:: bW9iaWxlLE1hdGthcHVoZWxpbg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxUb2luZW4gbmltaQ==
+attributeDisplayNames:: bWVtYmVyT2YsSsOkc2VueXlz
+attributeDisplayNames:: bWFuYWdlcixFc2ltaWVz
+attributeDisplayNames:: bWFpbCxTw6Roa8O2cG9zdGlvc29pdGU=
+attributeDisplayNames:: bCxLYXVwdW5raQ==
+attributeDisplayNames:: aXBQaG9uZSxJUC1wdWhlbGlubnVtZXJv
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsS2Fuc2FpbnbDpGxpbmVuIElTRE4tbnVtZXJvIChtdXV0KQ==
+attributeDisplayNames:: aW5pdGlhbHMsTmltaWtpcmphaW1ldA==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsS290aW9zb2l0ZQ==
+attributeDisplayNames:: aG9tZVBob25lLEtvdGlwdWhlbGlu
+attributeDisplayNames:: aG9tZURyaXZlLEtvdGlhc2VtYQ==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxLb3Rpa2Fuc2lv
+attributeDisplayNames:: Z2l2ZW5OYW1lLEV0dW5pbWk=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOaW1lbiBsaWl0ZQ==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZha3NpbnVtZXJv
+attributeDisplayNames:: ZW1wbG95ZWVJRCxUecO2bnRla2lqw6R0dW5udXM=
+attributeDisplayNames:: ZGl2aXNpb24sSmFvc3Rv
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsRE4tbmltaQ==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxBbGFpc2V0
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPc2FzdG8=
+attributeDisplayNames:: Y29tcGFueSxZcml0eXM=
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50dGk=
+attributeDisplayNames:: Y28sTWFh
+attributeDisplayNames:: YyxNYWFuIGx5aGVubmU=
+attributeDisplayNames:: Y24sTmltaQ==
+attributeDisplayNames:: YXNzaXN0YW50LEF2dXN0YWph
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: UnlobcOk
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsVmVya2tvc2l2dW4gb3NvaXRl
+attributeDisplayNames:: dXJsLFZlcmtrb3NpdnVuIG9zb2l0ZSAobXV1dCk=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsUnlobcOkbiBuaW1pIChXaW5kb3dzIDIwMDA6dGEgZWRlbHTDpHbDpHQgdmVyc2lvdCk=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVG9pbWlzdG9uIHNpamFpbnRp
+attributeDisplayNames:: aW5mbyxIdW9tYXV0dWtzaWE=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmVldHRpbmVuIG7DpHl0dMO2bmltaQ==
+attributeDisplayNames:: bWVtYmVyLErDpHNlbmV0
+attributeDisplayNames:: bWFuYWdlZEJ5LFlsbMOkcGl0w6Rqw6Q=
+attributeDisplayNames:: bCxLYXVwdW5raQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsRE4tbmltaQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: YyxNYWFuIGx5aGVubmU=
+attributeDisplayNames:: Y24sTmltaQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Toimialue
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: dc,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: WWh0ZXlzaGVua2lsw7Y=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsVmVya2tvc2l2dW4gb3NvaXRl
+attributeDisplayNames:: dXJsLFZlcmtrb3NpdnVuIG9zb2l0ZSAobXV1dCk=
+attributeDisplayNames:: dGl0bGUsVGVodMOkdsOkbmltaWtl
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzaSAobXV1dCk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFB1aGVsaW5udW1lcm8=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxLYXR1b3NvaXRl
+attributeDisplayNames:: c3QsT3NhdmFsdGlvIHRhaSBwcm92aW5zc2k=
+attributeDisplayNames:: c24sU3VrdW5pbWk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrc2k=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEthbnNhaW52w6RsaW5lbiBJU0ROLW51bWVybw==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0aWxva2Vybw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0aW51bWVybw==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVG9pbWlzdG9uIHNpamFpbnRp
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUZWh0w6R2w6Q=
+attributeDisplayNames:: cGFnZXIsSGFrdWxhaXR0ZWVuIG51bWVybw==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsUHVoZWxpbm51bWVybyAobXV1dCk=
+attributeDisplayNames:: b3RoZXJQYWdlcixIYWt1bGFpdHRlZW4gbnVtZXJvIChtdXV0KQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTWF0a2FwdWhlbGluIChtdXV0KQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LFPDpGhrw7Zwb3N0aW9zb2l0ZSAobXV1dCk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXB1aGVsaW5udW1lcm8gKG11dXQp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsS290aXB1aGVsaW5udW1lcm8gKG11dXQp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmFrc2ludW1lcm8gKG11dXQp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uZWV0dGluZW4gb3Nhc3Rv
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbmVldHRpbmVuIHlyaXR5a3NlbiBuaW1p
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmVldHRpbmVuIG7DpHl0dMO2bmltaQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEZvbmVldHRpbmVuIHN1a3VuaW1p
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxGb25lZXR0aW5lbiBldHVuaW1p
+attributeDisplayNames:: bW9iaWxlLE1hdGthcHVoZWxpbg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxUb2luZW4gbmltaQ==
+attributeDisplayNames:: bWVtYmVyT2YsSsOkc2VueXlz
+attributeDisplayNames:: bWFuYWdlcixFc2ltaWVz
+attributeDisplayNames:: bWFpbCxTw6Roa8O2cG9zdGlvc29pdGU=
+attributeDisplayNames:: bCxLYXVwdW5raQ==
+attributeDisplayNames:: aXBQaG9uZSxJUC1wdWhlbGlubnVtZXJv
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsS2Fuc2FpbnbDpGxpbmVuIElTRE4tbnVtZXJvIChtdXV0KQ==
+attributeDisplayNames:: aW5mbyxIdW9tYXV0dWtzaWE=
+attributeDisplayNames:: aW5pdGlhbHMsTmltaWtpcmphaW1ldA==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsS290aW9zb2l0ZQ==
+attributeDisplayNames:: aG9tZVBob25lLEtvdGlwdWhlbGlu
+attributeDisplayNames:: Z2l2ZW5OYW1lLEV0dW5pbWk=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOaW1lbiBsaWl0ZQ==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZha3NpbnVtZXJv
+attributeDisplayNames:: ZW1wbG95ZWVJRCxUecO2bnRla2lqw6R0dW5udXM=
+attributeDisplayNames:: ZGl2aXNpb24sSmFvc3Rv
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsRE4tbmltaQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsTsOkeXR0w7ZuaW1p
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxBbGFpc2V0
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: ZGVwYXJ0bWVudCxPc2FzdG8=
+attributeDisplayNames:: Y29tcGFueSxZcml0eXM=
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50dGk=
+attributeDisplayNames:: Y24sTmltaQ==
+attributeDisplayNames:: Y28sTWFh
+attributeDisplayNames:: YyxNYWFuIGx5aGVubmU=
+attributeDisplayNames:: YXNzaXN0YW50LEF2dXN0YWph
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainPolicy-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: VG9pbWlhbHVlZW4ga8OkeXTDpG50w7Y=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: UGFpa2FsbGluZW4ga8OkeXTDpG50w7Y=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Jaettu kansio
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxWZXJra29wb2xrdQ==
+attributeDisplayNames:: a2V5d29yZHMsQXZhaW5zYW5hdA==
+attributeDisplayNames:: bWFuYWdlZEJ5LFlsbMOkcGl0w6Rqw6Q=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: Y24sTmltaQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Palvelu
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Tietokone
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmVldHRpbmVuIG7DpHl0dMO2bmltaQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsVGlldG9rb25lZW4gbmltaSAoV2luZG93cyAyMDAwOnRhIGVkZWx0w6R2w6R0IHZlcnNpb3Qp
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixLw6R5dHTDtmrDpHJqZXN0ZWxtw6R2ZXJzaW8=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLEvDpHl0dMO2asOkcmplc3RlbG3DpA==
+attributeDisplayNames:: bWFuYWdlZEJ5LFlsbMOkcGl0w6Rqw6Q=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: Y24sTmltaQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Tulostin
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixPYmpla3RpbiB2ZXJzaW8=
+attributeDisplayNames:: dXJsLFZlcmtrb3NpdnVuIG9zb2l0ZQ==
+attributeDisplayNames:: c2VydmVyTmFtZSxQYWx2ZWxpbm5pbWk=
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxUdWtlZSBuaWRvbnRhYQ==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsSmFrb25pbWk=
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxTaXZ1amEgbWludXV0aXNzYQ==
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxOb3BldXN5a3Npa8O2dA==
+attributeDisplayNames:: cHJpbnRSYXRlLE5vcGV1cw==
+attributeDisplayNames:: cHJpbnRPd25lcixPbWlzdGFqYW4gbmltaQ==
+attributeDisplayNames:: cHJpbnRNZW1vcnksQXNlbm5ldHR1IG11aXN0aQ==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxUdWV0dXQgcGFwZXJpdHl5cGl0
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LEvDpHl0ZXR0w6R2aXNzw6Qgb2xldmF0IHBhcGVyaXQ=
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLEVuaW1tw6Rpc3RhcmtrdXVz
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxUdWxvc3R1c2tpZWxp
+attributeDisplayNames:: cHJpbnRlck5hbWUsTmltaQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsVHVrZWUga2Frc2lwdW9saXN0YSB0dWxvc3RhbWlzdGE=
+attributeDisplayNames:: cHJpbnRDb2xvcixUdWtlZSB2w6RyaXR1bG9zdGFtaXN0YQ==
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFR1a2VlIGxhaml0dGVsdWE=
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxTecO2dHTDtmxva2Vyb3Q=
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydHRp
+attributeDisplayNames:: bG9jYXRpb24sU2lqYWludGk=
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNYWxsaQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS29tbWVudHRp
+attributeDisplayNames:: Y29udGFjdE5hbWUsWWh0ZXlzaGVua2lsw7Y=
+attributeDisplayNames:: YXNzZXROdW1iZXIsS2FsdXN0b251bWVybw==
+attributeDisplayNames:: dU5DTmFtZSxWZXJra29uaW1p
+attributeDisplayNames:: Y24sSGFrZW1pc3RvcGFsdmVsdW5pbWk=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Saitti
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Palvelin
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Asetukset
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-asetukset
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-replikointisarja
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Toimialueen ohjauskoneen asetukset
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Yhteys
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Aliverkko
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: T3JnYW5pc2FhdGlveWtzaWtrw7YgKE9VKQ==
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LFlsbMOkcGl0w6Rqw6Q=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: b3UsTmltaQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: U8OkaWzDtg==
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Luotettu toimialue
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uZWV0dGluZW4gb3Nhc3RvLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbmVldHRpbmVuIHlyaXR5a3NlbiBuaW1pLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLEZvbmVldHRpbmVuIHN1a3VuaW1pLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSxGb25lZXR0aW5lbiBldHVuaW1pLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmVldHRpbmVuIG7DpHl0dMO2bmltaSwwLDEwMCww
+extraColumns:: cG9zdGFsQ29kZSxQb3N0aW51bWVybywwLDEwMCww
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAtc8OkaGvDtnBvc3Rpb3NvaXRlLDAsMTMwLDA=
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsS8OkeXR0w6Rqw6RuIGtpcmphdXR1bWlzbmltaSwwLDIwMCww
+extraColumns:: dGl0bGUsVGVodMOkdsOkbmltaWtlLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyxLb2hkZW9zb2l0ZSwwLDEwMCww
+extraColumns:: c3QsVmFsdGlvLDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsVG9pbWlzdG8sMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQsTXVva2F0dHUsMCwxMzAsMA==
+extraColumns:: c24sU3VrdW5pbWksMCwxMDAsMA==
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsUGlrYXZpZXN0aXR5a3NlbiBVUkwsMCwxNDAsMA==
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxQaWthdmllc3RpdHlrc2VuIGtvdGlwYWx2ZWxpbiwwLDE3MCww
+extraColumns:: Z2l2ZW5OYW1lLEV0dW5pbWksMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixFeGNoYW5nZS1zw6Roa8O2cG9zdGlzw6RpbMO2LDAsMTAwLDA=
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlLWFsaWFzLDAsMTc1LDA=
+extraColumns:: bWFpbCxTw6Roa8O2cG9zdGlvc29pdGUsMCwxMDAsMA==
+extraColumns:: c0FNQWNjb3VudE5hbWUsV2luZG93cyAyMDAwOnRhIGVkZWx0w6R2w6Qga2lyamF1dHVtaXNuaW1pLDAsMTIwLDA=
+extraColumns:: ZGlzcGxheU5hbWUsTsOkeXR0w7ZuaW1pLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCxPc2FzdG8sMCwxNTAsMA==
+extraColumns:: YyxNYWEsMCwtMSww
+extraColumns:: Y29tcGFueSxZcml0eXMsMCwxNTAsMA==
+extraColumns:: bCxLYXVwdW5raSwwLDE1MCww
+extraColumns:: dGVsZXBob25lTnVtYmVyLFR5w7ZwdWhlbGlubnVtZXJvLDAsMTAwLDA=
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Saitin linkki
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: Saitin linkkisilta
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: U2FpdHRpZW4gdsOkbGluZW4gdGllZG9uc2lpcnRv
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: U2FpdGluIGvDpHl0dMO2b2lrZXVzYXNldHVrc2V0
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName: Saitin asetukset
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTLWrDpHNlbg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-tilaaja
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-tilaukset
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: RPC-palvelut
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-jono
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-kokoonpano
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName: MSMQ-organisaatio
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUS1ww6Rpdml0ZXR0eSBrw6R5dHTDpGrDpA==
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-reitityslinkki
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-asetukset
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName: MSMQ-jonoalias
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Nimimuoto
+attributeDisplayNames: description,Kuvaus
+attributeDisplayNames: cn,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: TVNNUS1yeWhtw6Q=
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLErDpHNlbmpvbm90
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS3V2YXVz
+attributeDisplayNames:: Y24sTmltaQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: RXTDpHRhbGxlbm51c3BhbHZlbHU=
+adminContextMenu: 0,&Hallitse...,RsAdmin.msc
+attributeDisplayNames: cn,Nimi
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2FpdGluIHPDpGlsw7Y=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=40B,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U2FpdHRpZW4gdsOkbGlzZW4gdGllZG9uc2lpcnJvbiBzw6RpbMO2
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: U2l0ZSBBeWFybGFyxLE=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIMOceWVzaQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS Abonesi
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS Abonelikleri
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: RPC Hizmetleri
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSBLdXlydcSfdQ==
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSBZYXDEsWxhbmTEsXJtYXPEsQ==
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUSBLdXJ1bHXFnw==
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUSBZw7xrc2VsdGlsbWnFnyBLdWxsYW7EsWPEsQ==
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSBZw7ZubGVuZGlybWUgQmHEn2xhbnTEsXPEsQ==
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSBBeWFybGFyxLE=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUSBLdXlydWsgRGnEn2VyIEFkxLE=
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSxCacOnaW0gQWTEsQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: MSMQ Grubu
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLMOceWUgS3V5cnVrbGFyxLE=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Uzakta Depolama Hizmeti
+adminContextMenu:: MCwmWcO2bmV0Li4uLFJzQWRtaW4ubXNj
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QsO2bGdlbGVyIEthcHNhecSxY8Sxc8Sx
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QsO2bGdlbGVyIEFyYXPEsSBBa3RhcsSxbWxhciBLYXBzYXnEsWPEsXPEsQ==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWx0IEHEn2xhciBLYXBzYXnEsWPEsXPEsQ==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U3VudWN1bGFyIEthcHNhecSxY8Sxc8Sx
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeSBFdGtpIEFsYW7EsSBIaXptZXRsZXJp
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: U29yZ3UgxLBsa2VzaQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: WWFiYW5jxLEgR8O8dmVubGlrIFNvcnVtbHVzdQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: U2VydGlmaWthIMWeYWJsb251
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LEJpbGluZW4gU29uIMOcc3Qgw5bEn2UsMSwzMDAsMA==
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LFlhcmTEsW1jxLE=
+attributeDisplayNames:: Y24sQWTEsQ==
+attributeDisplayNames:: YyzDnGxrZSBLxLFzYWx0bWFzxLE=
+attributeDisplayNames:: Y28sw5xsa2U=
+attributeDisplayNames:: Y29tbWVudCxBw6fEsWtsYW1h
+attributeDisplayNames:: Y29tcGFueSzFnmlya2V0
+attributeDisplayNames:: ZGVwYXJ0bWVudCxCw7Zsw7xt
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEb8SfcnVkYW4gUmFwb3JsYXI=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsQXnEsXJ0IEVkaWNpIEFk
+attributeDisplayNames:: ZGl2aXNpb24sQsO2bMO8bQ==
+attributeDisplayNames:: ZW1wbG95ZWVJRCzDh2FsxLHFn2FuIEtpbWxpayBOdW1hcmFzxLE=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZha3MgTnVtYXJhc8Sx
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizDnHJldGltc2VsIFNvbmVr
+attributeDisplayNames:: Z2l2ZW5OYW1lLMSwbGsgQWQ=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxBbmEgS2xhc8O2cg==
+attributeDisplayNames:: aG9tZURyaXZlLEFuYSBTw7xyw7xjw7w=
+attributeDisplayNames:: aG9tZVBob25lLEV2IFRlbGVmb251
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRXYgQWRyZXNp
+attributeDisplayNames:: aW5pdGlhbHMsQmHFnyBIYXJmbGVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsVWx1c2xhcmFyYXPEsSBJU0ROIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: aXBQaG9uZSxJUCBUZWxlZm9uIE51bWFyYXPEsQ==
+attributeDisplayNames:: bCzFnmVoaXI=
+attributeDisplayNames:: bWFpbCxFLVBvc3RhIEFkcmVzaQ==
+attributeDisplayNames:: bWFuYWdlcixZw7ZuZXRpY2k=
+attributeDisplayNames:: bWVtYmVyT2Ysw5x5ZXNpIG9sdW5hbiBncnVwbGFy
+attributeDisplayNames:: bWlkZGxlTmFtZSzEsGtpbmNpIEFk
+attributeDisplayNames:: bW9iaWxlLENlcCBUZWxlZm9udSBOdW1hcmFzxLE=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uZXRpayBCw7Zsw7xtw7w=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbmV0aWsgxZ5pcmtldCBBZMSx
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmV0aWsgR8O2csO8bmVuIEFk
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEZvbmV0aWsgU295YWTEsQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxGb25ldGlrIEFk
+attributeDisplayNames:: aW5mbyxOb3RsYXI=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmFrcyBOdW1hcmFzxLEgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsRXYgVGVsZWZvbnUgTnVtYXJhc8SxIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIFRlbGVmb24gTnVtYXJhc8SxIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtUG9zdGEgQWRyZXNpIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsQ2VwIFRlbGVmb251IE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: b3RoZXJQYWdlcizDh2HEn3LEsSBDaWhhesSxIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbiBOdW1hcmFzxLEgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: cGFnZXIsw4dhxJ9yxLEgQ2loYXrEsSBOdW1hcmFzxLE=
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxVbnZhbg==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsxLDFn3llcmkgS29udW11
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0YSBLb2R1
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0YSBLdXR1c3U=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLFVsdXNsYXJhcmFzxLEgSVNETiBOdW1hcmFzxLE=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrcyBOdW1hcmFzxLE=
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsT3R1cnVtIEHDp21hIEFkxLEgKFdpbmRvd3MgMjAwMCDDtm5jZXNpKQ==
+attributeDisplayNames:: c24sU295YWTEsQ==
+attributeDisplayNames:: c3QsxLBsw6dl
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlcw==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb24gTnVtYXJhc8Sx
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: dGl0bGUsxLDFnyBVbnZhbsSx
+attributeDisplayNames:: dXJsLFdlYiBTYXlmYXPEsSBBZHJlc2kgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: ZGlzcGxheU5hbWUsR8O2csO8bmVuIEFk
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxPdHVydW0gQcOnbWEgxLDFnyDEsHN0YXN5b25sYXLEsQ==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsT3R1cnVtIEHDp21hIEFkxLE=
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIFNheWZhc8SxIEFkcmVzaQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=DS-UI-Default-Settings,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror Grup
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror Hizmeti
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: S3VsbGFuxLFjxLE=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIFNheWZhc8SxIEFkcmVzaQ==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsT3R1cnVtIEHDp21hIEFkxLE=
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxPdHVydW0gQcOnbWEgxLDFnyDEsHN0YXN5b25sYXLEsQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsR8O2csO8bmVuIEFk
+attributeDisplayNames:: dXJsLFdlYiBTYXlmYXPEsSBBZHJlc2kgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: dGl0bGUsxLDFnyBVbnZhbsSx
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb24gTnVtYXJhc8Sx
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlcw==
+attributeDisplayNames:: c3QsxLBsw6dl
+attributeDisplayNames:: c24sU295YWTEsQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsT3R1cnVtIEHDp21hIEFkxLEgKFdpbmRvd3MgMjAwMCDDtm5jZXNpKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrcyBOdW1hcmFzxLE=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLFVsdXNsYXJhcmFzxLEgSVNETiBOdW1hcmFzxLE=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0YSBLdXR1c3U=
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0YSBLb2R1
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsxLDFn3llcmkgS29udW11
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxVbnZhbg==
+attributeDisplayNames:: cGFnZXIsw4dhxJ9yxLEgQ2loYXrEsSBOdW1hcmFzxLE=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbiBOdW1hcmFzxLEgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: b3RoZXJQYWdlcizDh2HEn3LEsSBDaWhhesSxIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsQ2VwIFRlbGVmb251IE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtUG9zdGEgQWRyZXNpIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIFRlbGVmb24gTnVtYXJhc8SxIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsRXYgVGVsZWZvbnUgTnVtYXJhc8SxIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmFrcyBOdW1hcmFzxLEgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: aW5mbyxOb3RsYXI=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uZXRpayBCw7Zsw7xtw7w=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbmV0aWsgxZ5pcmtldCBBZMSx
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmV0aWsgR8O2csO8bmVuIEFk
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEZvbmV0aWsgU295YWTEsQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxGb25ldGlrIEFk
+attributeDisplayNames:: bW9iaWxlLENlcCBUZWxlZm9udSBOdW1hcmFzxLE=
+attributeDisplayNames:: bWlkZGxlTmFtZSzEsGtpbmNpIEFk
+attributeDisplayNames:: bWVtYmVyT2Ysw5x5ZXNpIG9sdW5hbiBncnVwbGFy
+attributeDisplayNames:: bWFuYWdlcixZw7ZuZXRpY2k=
+attributeDisplayNames:: bWFpbCxFLVBvc3RhIEFkcmVzaQ==
+attributeDisplayNames:: bCzFnmVoaXI=
+attributeDisplayNames:: aXBQaG9uZSxJUCBUZWxlZm9uIE51bWFyYXPEsQ==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsVWx1c2xhcmFyYXPEsSBJU0ROIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: aW5pdGlhbHMsQmHFnyBIYXJmbGVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRXYgQWRyZXNp
+attributeDisplayNames:: aG9tZVBob25lLEV2IFRlbGVmb251
+attributeDisplayNames:: aG9tZURyaXZlLEFuYSBTw7xyw7xjw7w=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxBbmEgS2xhc8O2cg==
+attributeDisplayNames:: Z2l2ZW5OYW1lLMSwbGsgQWQ=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizDnHJldGltc2VsIFNvbmVr
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZha3MgTnVtYXJhc8Sx
+attributeDisplayNames:: ZW1wbG95ZWVJRCzDh2FsxLHFn2FuIEtpbWxpayBOdW1hcmFzxLE=
+attributeDisplayNames:: ZGl2aXNpb24sQsO2bMO8bQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsQXnEsXJ0IEVkaWNpIEFk
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEb8SfcnVkYW4gUmFwb3JsYXI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxCw7Zsw7xt
+attributeDisplayNames:: Y29tcGFueSzFnmlya2V0
+attributeDisplayNames:: Y29tbWVudCxBw6fEsWtsYW1h
+attributeDisplayNames:: Y28sw5xsa2U=
+attributeDisplayNames:: YyzDnGxrZSBLxLFzYWx0bWFzxLE=
+attributeDisplayNames:: Y24sQWTEsQ==
+attributeDisplayNames:: YXNzaXN0YW50LFlhcmTEsW1jxLE=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Grup
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIFNheWZhc8SxIEFkcmVzaQ==
+attributeDisplayNames:: dXJsLFdlYiBTYXlmYXPEsSBBZHJlc2kgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsR3J1cCBhZMSxIChXaW5kb3dzIDIwMDAgw7ZuY2VzaSk=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsxLDFn3llcmkgS29udW11
+attributeDisplayNames:: aW5mbyxOb3RsYXI=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmV0aWsgR8O2csO8bmVuIEFk
+attributeDisplayNames:: bWVtYmVyLMOceWVsZXI=
+attributeDisplayNames:: bWFuYWdlZEJ5LFnDtm5ldGVu
+attributeDisplayNames:: bCzFnmVoaXI=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsQXnEsXJ0IEVkaWNpIEFk
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: YyzDnGxrZSBLxLFzYWx0bWFzxLE=
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RXRraSBBbGFuxLE=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: ZGMsQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: QmHFn3Z1cnU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIFNheWZhc8SxIEFkcmVzaQ==
+attributeDisplayNames:: dXJsLFdlYiBTYXlmYXPEsSBBZHJlc2kgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: dGl0bGUsxLDFnyBVbnZhbsSx
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZWtzIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb24gTnVtYXJhc8Sx
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlcw==
+attributeDisplayNames:: c3QsxLBsw6dl
+attributeDisplayNames:: c24sU295YWTEsQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGVrcyBOdW1hcmFzxLE=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLFVsdXNsYXJhcmFzxLEgSVNETiBOdW1hcmFzxLE=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0YSBLdXR1c3U=
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0YSBLb2R1
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsxLDFn3llcmkgS29udW11
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxVbnZhbg==
+attributeDisplayNames:: cGFnZXIsw4dhxJ9yxLEgQ2loYXrEsSBOdW1hcmFzxLE=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbiBOdW1hcmFzxLEgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: b3RoZXJQYWdlcizDh2HEn3LEsSBDaWhhesSxIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsQ2VwIFRlbGVmb251IE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtUG9zdGEgQWRyZXNpIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIFRlbGVmb24gTnVtYXJhc8SxIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsRXYgVGVsZWZvbnUgTnVtYXJhc8SxIChEacSfZXJsZXJpKQ==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmFrcyBOdW1hcmFzxLEgKERpxJ9lcmxlcmkp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uZXRpayBCw7Zsw7xtw7w=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbmV0aWsgxZ5pcmtldCBBZMSx
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmV0aWsgR8O2csO8bmVuIEFk
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEZvbmV0aWsgU295YWTEsQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxGb25ldGlrIEFk
+attributeDisplayNames:: bW9iaWxlLENlcCBUZWxlZm9udSBOdW1hcmFzxLE=
+attributeDisplayNames:: bWlkZGxlTmFtZSzEsGtpbmNpIEFk
+attributeDisplayNames:: bWVtYmVyT2Ysw5x5ZXNpIG9sdW5hbiBncnVwbGFy
+attributeDisplayNames:: bWFuYWdlcixZw7ZuZXRpY2k=
+attributeDisplayNames:: bWFpbCxFLVBvc3RhIEFkcmVzaQ==
+attributeDisplayNames:: bCzFnmVoaXI=
+attributeDisplayNames:: aXBQaG9uZSxJUCBUZWxlZm9uIE51bWFyYXPEsQ==
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsVWx1c2xhcmFyYXPEsSBJU0ROIE51bWFyYXPEsSAoRGnEn2VybGVyaSk=
+attributeDisplayNames:: aW5mbyxOb3RsYXI=
+attributeDisplayNames:: aW5pdGlhbHMsQmHFnyBIYXJmbGVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsRXYgQWRyZXNp
+attributeDisplayNames:: aG9tZVBob25lLEV2IFRlbGVmb251
+attributeDisplayNames:: Z2l2ZW5OYW1lLMSwbGsgQWQ=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizDnHJldGltc2VsIFNvbmVr
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZha3MgTnVtYXJhc8Sx
+attributeDisplayNames:: ZW1wbG95ZWVJRCzDh2FsxLHFn2FuIEtpbWxpayBOdW1hcmFzxLE=
+attributeDisplayNames:: ZGl2aXNpb24sQsO2bMO8bQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsQXnEsXJ0IEVkaWNpIEFk
+attributeDisplayNames:: ZGlzcGxheU5hbWUsR8O2csO8bmVuIEFk
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEb8SfcnVkYW4gUmFwb3JsYXI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxCw7Zsw7xt
+attributeDisplayNames:: Y29tcGFueSzFnmlya2V0
+attributeDisplayNames:: Y29tbWVudCxBw6fEsWtsYW1h
+attributeDisplayNames:: Y24sQWTEsQ==
+attributeDisplayNames:: Y28sw5xsa2U=
+attributeDisplayNames:: YyzDnGxrZSBLxLFzYWx0bWFzxLE=
+attributeDisplayNames:: YXNzaXN0YW50LFlhcmTEsW1jxLE=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainPolicy-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RXRraSBBbGFuxLEgxLBsa2VzaQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: WWVyZWwgxLBsa2U=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: UGF5bGHFn3TEsXLEsWxtxLHFnyBLbGFzw7Zy
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxBxJ8gWW9sdQ==
+attributeDisplayNames:: a2V5d29yZHMsQW5haHRhciBTw7Z6Y8O8a2xlcg==
+attributeDisplayNames:: bWFuYWdlZEJ5LFnDtm5ldGVu
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Hizmet
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Bilgisayar
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmV0aWsgR8O2csO8bmVuIEFk
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsQmlsZ2lzYXlhciBhZMSxIChXaW5kb3dzIDIwMDAgw7ZuY2VzaSk=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizEsMWfbGV0aW0gU2lzdGVtaSBTw7xyw7xtw7w=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLMSwxZ9sZXRpbSBTaXN0ZW1p
+attributeDisplayNames:: bWFuYWdlZEJ5LFnDtm5ldGVu
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: WWF6xLFjxLE=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixOZXNuZSBTw7xyw7xtw7w=
+attributeDisplayNames:: dXJsLFdlYiBTYXlmYXPEsSBBZHJlc2k=
+attributeDisplayNames:: c2VydmVyTmFtZSxTdW51Y3UgQWTEsQ==
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxaxLFtYmFsYW1hIERlc3Rla2xlbml5b3I=
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsUGF5bGHFn8SxbSBBZMSx
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxEYWtpa2FkYWtpIFNheWZhIFNhecSxc8Sx
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxIxLF6IEJpcmltbGVyaQ==
+attributeDisplayNames:: cHJpbnRSYXRlLEjEsXo=
+attributeDisplayNames:: cHJpbnRPd25lcixTYWhpYmluaW4gQWTEsQ==
+attributeDisplayNames:: cHJpbnRNZW1vcnksWcO8a2zDvCBCZWxsZWs=
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxEZXN0ZWtsZW5lbiBLYcSfxLF0IFTDvHJsZXJp
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LEt1bGxhbsSxbGFiaWxpciBLYcSfxLF0
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLEVuIELDvHnDvGsgw4fDtnrDvG7DvHJsw7xr
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxZYXrEsWPEsSBEaWxp
+attributeDisplayNames:: cHJpbnRlck5hbWUsQWTEsQ==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsw4dpZnQgVGFyYWZsxLEgWWF6ZMSxcm1hIERlc3Rla2xlbml5b3I=
+attributeDisplayNames:: cHJpbnRDb2xvcixSZW5rbGkgWWF6ZMSxcm1hIERlc3Rla2xlbml5b3I=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLEhhcm1hbmxhbWEgRGVzdGVrbGVuaXlvcg==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxHaXJpxZ8gVGVwc2lsZXJp
+attributeDisplayNames:: cG9ydE5hbWUsQmHEn2xhbnTEsSBOb2t0YXPEsQ==
+attributeDisplayNames:: bG9jYXRpb24sS29udW0=
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbGk=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: Y29udGFjdE5hbWUsQmHFn3Z1cnU=
+attributeDisplayNames:: YXNzZXROdW1iZXIsTWFsIE51bWFyYXPEsQ==
+attributeDisplayNames:: dU5DTmFtZSxBxJ8gQWTEsQ==
+attributeDisplayNames:: Y24sRGl6aW4gSGl6bWV0aSBBZMSx
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Site
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Sunucu
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Ayarlar
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIEF5YXJsYXLEsQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIFlpbmVsZW1lIMOceWVzaQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: RXRraSBBbGFuxLEgRGVuZXRsZXlpY2lzaSBBeWFybGFyxLE=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: QmHEn2xhbnTEsQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: QWx0IEHEnw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: WWFwxLFzYWwgQmlyaW0=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LFnDtm5ldGVu
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: b3UsQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: S2Fwc2F5xLFjxLE=
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: R8O8dmVuaWxlbiBFdGtpIEFsYW7EsQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQcOnxLFrbGFtYQ==
+attributeDisplayNames:: Y24sQWTEsQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uZXRpayBCw7Zsw7xtw7wsMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbmV0aWsgxZ5pcmtldCBBZMSxLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLEZvbmV0aWsgU295YWTEsSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSxGb25ldGlrIEFkLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmV0aWsgR8O2csO8bmVuIEFkLDAsMTAwLDA=
+extraColumns:: cG9zdGFsQ29kZSxQb3N0YSBLb2R1LDAsMTAwLDA=
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAgRS1Qb3N0YSBBZHJlc2ksMCwxMzAsMA==
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsS3VsbGFuxLFjxLEgb3R1cnVtIGHDp21hIGFkxLEsMCwyMDAsMA==
+extraColumns:: dGl0bGUsxLDFnyBVbnZhbsSxLDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyxIZWRlZiBBZHJlc2ksMCwxMDAsMA==
+extraColumns:: c3QsZHVydW0sMCwxMDAsMA==
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsxLDFn3llcmksMCwxMDAsMA==
+extraColumns:: d2hlbkNoYW5nZWQsRGXEn2nFn3Rpcm1lLDAsMTMwLDA=
+extraColumns:: c24sU295YWTEsSwwLDEwMCww
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsQW5sxLFrIMSwbGV0aSBVUkwsMCwxNDAsMA==
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxBbmzEsWsgxLBsZXRpIEFuYSBTdW51Y3VzdSwwLDE3MCww
+extraColumns:: Z2l2ZW5OYW1lLMSwbGsgQWQsMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixFeGNoYW5nZSBQb3N0YSBLdXR1c3UgRGVwb3N1LDAsMTAwLDA=
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlIERpxJ9lciBBZMSxLDAsMTc1LDA=
+extraColumns:: bWFpbCxFLVBvc3RhIEFkcmVzaSwwLDEwMCww
+extraColumns:: c0FNQWNjb3VudE5hbWUsV2luZG93cyAyMDAwIMOWbmNlc2kgT3R1cnVtIEHDp21hIEFkxLEsMCwxMjAsMA==
+extraColumns:: ZGlzcGxheU5hbWUsR8O2csO8bmVuIEFkLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCxCw7Zsw7xtLDAsMTUwLDA=
+extraColumns:: YyzDnGxrZSwwLC0xLDA=
+extraColumns:: Y29tcGFueSzFnmlya2V0LDAsMTUwLDA=
+extraColumns:: bCzFnmVoaXIsMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLMSwxZ8gVGVsZWZvbnUsMCwxMDAsMA==
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: U2l0ZSBCYcSfbGFudMSxc8Sx
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: QsO2bGdlIEJhxJ9sYW50xLFzxLEgS8O2cHLDvHPDvA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: QsO2bGdlbGVyIEFyYXPEsSBBa3RhcsSxbQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=41F,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: WWV0a2kgVmVybWUgQsO2bGdlc2kgQXlhcmxhcsSx
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 57WE57mU5Y2Y5L2NIChPVSk=
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: b3Us5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 44Kz44Oz44OG44OK44O8
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 5L+h6aC844GV44KM44KL5YG044Gu44OJ44Oh44Kk44Oz
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQs44OV44Oq44Ks44OKICjpg6jnvbIpLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLOODleODquOCrOODiiAo5Lya56S+5ZCNKSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLOODleODquOCrOODiiAo5aeTKSwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSzjg5Xjg6rjgqzjg4ogKOWQjSksMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOODleODquOCrOODiiAo6KGo56S65ZCNKSwwLDEwMCww
+extraColumns:: cG9zdGFsQ29kZSzpg7Xkvr/nlarlj7csMCwxMDAsMA==
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAg6Zu75a2Q44Oh44O844OrIOOCouODieODrOOCuSwwLDEzMCww
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUs44Om44O844K244O8IOODreOCsOOCquODs+WQjSwwLDIwMCww
+extraColumns:: dGl0bGUs5b256IG3LDAsMTAwLDA=
+extraColumns:: dGFyZ2V0QWRkcmVzcyzjgr/jg7zjgrLjg4Pjg4gg44Ki44OJ44Os44K5LDAsMTAwLDA=
+extraColumns:: c3Qs6YO96YGT5bqc55yMLDAsMTAwLDA=
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5LqL5qWt5omALDAsMTAwLDA=
+extraColumns:: d2hlbkNoYW5nZWQs5pu05paw5pel5pmCLDAsMTMwLDA=
+extraColumns:: c24s5aeTLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkws44Kk44Oz44K544K/44Oz44OIIOODoeODg+OCu+ODvOOCuOODs+OCsCBVUkwsMCwxNDAsMA==
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCzjgqTjg7Pjgrnjgr/jg7Pjg4gg44Oh44OD44K744O844K444Oz44KwIOODm+ODvOODoCDjgrXjg7zjg5Djg7wsMCwxNzAsMA==
+extraColumns:: Z2l2ZW5OYW1lLOWQjSwwLDEwMCww
+extraColumns:: aG9tZU1EQixFeGNoYW5nZSDjg6Hjg7zjg6vjg5zjg4Pjgq/jgrkg44K544OI44KiLDAsMTAwLDA=
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlIOOCqOOCpOODquOCouOCuSwwLDE3NSww
+extraColumns:: bWFpbCzpm7vlrZDjg6Hjg7zjg6sg44Ki44OJ44Os44K5LDAsMTAwLDA=
+extraColumns:: c0FNQWNjb3VudE5hbWUsV2luZG93cyAyMDAwIOOCiOOCiuWJjeOBruODreOCsOOCquODs+WQjSwwLDEyMCww
+extraColumns:: ZGlzcGxheU5hbWUs6KGo56S65ZCNLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCzpg6jnvbIsMCwxNTAsMA==
+extraColumns:: Yyzlm70sMCwtMSww
+extraColumns:: Y29tcGFueSzkvJrnpL7lkI0sMCwxNTAsMA==
+extraColumns:: bCzluILljLrnlLrmnZEsMCwxNTAsMA==
+extraColumns:: dGVsZXBob25lTnVtYmVyLOWLpOWLmeWFiOmbu+ipsSwwLDEwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 44K144Kk44OIIOODquODs+OCrw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: 44K144Kk44OIIOODquODs+OCryDjg5bjg6rjg4Pjgrg=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 44K144Kk44OI6ZaT44OI44Op44Oz44K544Od44O844OI
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 44Op44Kk44K744Oz44K5IOOCteOCpOODiOOBruioreWumg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: 44K144Kk44OI44Gu6Kit5a6a
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOODoeODs+ODkOODvA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOOCteODluOCueOCr+ODqeOCpOODkOODvA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: RlJTIOOCteODluOCueOCr+ODquODl+OCt+ODp+ODsw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: UlBDIOOCteODvOODk+OCuQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDjgq3jg6Xjg7w=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUSDmp4vmiJA=
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUSDjgqjjg7Pjgr/jg7zjg5fjg6njgqTjgro=
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName:: TVNNUSDjgqLjg4Pjg5fjgrDjg6zjg7zjg4nmuIjjgb/jg6bjg7zjgrbjg7w=
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDjg6vjg7zjg4bjgqPjg7PjgrAg44Oq44Oz44Kv
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName:: TVNNUSDoqK3lrpo=
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUSDjgq3jg6Xjg7wg44Ko44Kk44Oq44Ki44K5
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames:: bXNNUS1SZWNpcGllbnQtRm9ybWF0TmFtZSzlvaLlvI/lkI0=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName:: TVNNUSDjgrDjg6vjg7zjg5c=
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLOODoeODs+ODkOODvCDjgq3jg6Xjg7w=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 44Oq44Oi44O844OI6KiY5oa25Z+f44K144O844OT44K5
+adminContextMenu:: MCznrqHnkIYoJk0pLi4uLFJzQWRtaW4ubXNj
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 44K144Kk44OIIOOCs+ODs+ODhuODiuODvA==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 44K144Kk44OI6ZaT44OI44Op44Oz44K544Od44O844OIIOOCs+ODs+ODhuODiuODvA==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 44K144OW44ON44OD44OIIOOCs+ODs+ODhuODiuODvA==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 44K144O844OQ44O8IOOCs+ODs+ODhuODiuODvA==
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeSDjg4njg6HjgqTjg7Mg44K144O844OT44K5
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: 44Kv44Ko44OqIOODneODquOCt+ODvA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 5aSW6YOo44Gu44K744Kt44Ol44Oq44OG44KjIOODl+ODquODs+OCt+ODkeODqw==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName:: 6Ki85piO5pu444OG44Oz44OX44Os44O844OI
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bGFzdEtub3duUGFyZW50LOacgOW+jOOBq+eiuuiqjeOBleOCjOOBn+imqiwxLDMwMCww
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{2B36667C-0729-4e7f-840A-E2E546D9D99C}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LOOCouOCt+OCueOCv+ODs+ODiA==
+attributeDisplayNames:: Y24s5ZCN5YmN
+attributeDisplayNames:: Yyzlm73jga7nlaXlkI0=
+attributeDisplayNames:: Y28s5Zu9
+attributeDisplayNames:: Y29tbWVudCzjgrPjg6Hjg7Pjg4g=
+attributeDisplayNames:: Y29tcGFueSzkvJrnpL7lkI0=
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jnvbI=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXloLHlkYrogIU=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs6K2Y5Yil5ZCN
+attributeDisplayNames:: ZGl2aXNpb24s5pys6YOo
+attributeDisplayNames:: ZW1wbG95ZWVJRCznpL7lk6EgSUQ=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZBWCDnlarlj7c=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizlkI3liY3jgrXjg5XjgqPjg4Pjgq/jgrk=
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjQ==
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzjg5vjg7zjg6Ag44OV44Kp44Or44OA44O8
+attributeDisplayNames:: aG9tZURyaXZlLOODm+ODvOODoCDjg4njg6njgqTjg5Y=
+attributeDisplayNames:: aG9tZVBob25lLOiHquWuhembu+ipseeVquWPtw==
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms6Ieq5a6F5L2P5omA
+attributeDisplayNames:: aW5pdGlhbHMs44Kk44OL44K344Oj44Or
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5Zu96ZqbIElTRE4g55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: aXBQaG9uZSxJUCDpm7voqbHnlarlj7c=
+attributeDisplayNames:: bCzluILljLrnlLrmnZE=
+attributeDisplayNames:: bWFpbCzpm7vlrZDjg6Hjg7zjg6sg44Ki44OJ44Os44K5
+attributeDisplayNames:: bWFuYWdlcizkuIrlj7g=
+attributeDisplayNames:: bWVtYmVyT2Ys5omA5bGe44GZ44KL44Kw44Or44O844OX
+attributeDisplayNames:: bWlkZGxlTmFtZSzjg5/jg4njg6sg44ON44O844Og
+attributeDisplayNames:: bW9iaWxlLOaQuuW4r+mbu+ipseeVquWPtw==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs44OV44Oq44Ks44OKICjpg6jnvbIp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLOODleODquOCrOODiiAo5Lya56S+5ZCNKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOODleODquOCrOODiiAo6KGo56S65ZCNKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLOODleODquOCrOODiiAo5aeTKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzjg5Xjg6rjgqzjg4ogKOWQjSk=
+attributeDisplayNames:: aW5mbyzjg6Hjg6I=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRkFYIOeVquWPtyAo44Gd44Gu5LuWKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs6Ieq5a6F6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOmbu+ipseeVquWPtyAo44Gd44Gu5LuWKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOmbu+WtkOODoeODvOODqyDjgqLjg4njg6zjgrkgKOOBneOBruS7lik=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs5pC65biv6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJQYWdlcizjg53jgrHjg4Pjg4jjg5njg6vnlarlj7cgKOOBneOBruS7lik=
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: cGFnZXIs44Od44Kx44OD44OI44OZ44Or55Wq5Y+3
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzmlaznp7A=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5LqL5qWt5omA
+attributeDisplayNames:: cG9zdGFsQ29kZSzpg7Xkvr/nlarlj7c=
+attributeDisplayNames:: cG9zdE9mZmljZUJveCznp4Hmm7jnrrE=
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWbvemamyBJU0ROIOeVquWPtw==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOODhuODrOODg+OCr+OCueeVquWPtw==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs44Ot44Kw44Kq44Oz5ZCNIChXaW5kb3dzIDIwMDAg44KI44KK5YmNKQ==
+attributeDisplayNames:: c24s5aeT
+attributeDisplayNames:: c3Qs6YO96YGT5bqc55yM
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyznlarlnLA=
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOmbu+ipseeVquWPtw==
+attributeDisplayNames:: dGVsZXhOdW1iZXIs44OG44Os44OD44Kv44K555Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: dGl0bGUs5b256IG3
+attributeDisplayNames:: dXJsLFdlYiDjg5rjg7zjgrgg44Ki44OJ44Os44K5ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: ZGlzcGxheU5hbWUs6KGo56S65ZCN
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzjg63jgrDjgqrjg7PjgafjgY3jgovjg6/jg7zjgq/jgrnjg4bjg7zjgrfjg6fjg7M=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs44Ot44Kw44Kq44Oz5ZCN
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIOODmuODvOOCuCDjgqLjg4njg6zjgrk=
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=DS-UI-Default-Settings,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: IntelliMirror Group
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: IntelliMirror Service
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{2B36667C-0729-4e7f-840A-E2E546D9D99C}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 44Om44O844K244O8
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIOODmuODvOOCuCDjgqLjg4njg6zjgrk=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUs44Ot44Kw44Kq44Oz5ZCN
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyzjg63jgrDjgqrjg7PjgafjgY3jgovjg6/jg7zjgq/jgrnjg4bjg7zjgrfjg6fjg7M=
+attributeDisplayNames:: ZGlzcGxheU5hbWUs6KGo56S65ZCN
+attributeDisplayNames:: dXJsLFdlYiDjg5rjg7zjgrgg44Ki44OJ44Os44K5ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: dGl0bGUs5b256IG3
+attributeDisplayNames:: dGVsZXhOdW1iZXIs44OG44Os44OD44Kv44K555Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOmbu+ipseeVquWPtw==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyznlarlnLA=
+attributeDisplayNames:: c3Qs6YO96YGT5bqc55yM
+attributeDisplayNames:: c24s5aeT
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs44Ot44Kw44Kq44Oz5ZCNIChXaW5kb3dzIDIwMDAg44KI44KK5YmNKQ==
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOODhuODrOODg+OCr+OCueeVquWPtw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWbvemamyBJU0ROIOeVquWPtw==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCznp4Hmm7jnrrE=
+attributeDisplayNames:: cG9zdGFsQ29kZSzpg7Xkvr/nlarlj7c=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5LqL5qWt5omA
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzmlaznp7A=
+attributeDisplayNames:: cGFnZXIs44Od44Kx44OD44OI44OZ44Or55Wq5Y+3
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJQYWdlcizjg53jgrHjg4Pjg4jjg5njg6vnlarlj7cgKOOBneOBruS7lik=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs5pC65biv6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOmbu+WtkOODoeODvOODqyDjgqLjg4njg6zjgrkgKOOBneOBruS7lik=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOmbu+ipseeVquWPtyAo44Gd44Gu5LuWKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs6Ieq5a6F6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRkFYIOeVquWPtyAo44Gd44Gu5LuWKQ==
+attributeDisplayNames:: aW5mbyzjg6Hjg6I=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs44OV44Oq44Ks44OKICjpg6jnvbIp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLOODleODquOCrOODiiAo5Lya56S+5ZCNKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOODleODquOCrOODiiAo6KGo56S65ZCNKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLOODleODquOCrOODiiAo5aeTKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzjg5Xjg6rjgqzjg4ogKOWQjSk=
+attributeDisplayNames:: bW9iaWxlLOaQuuW4r+mbu+ipseeVquWPtw==
+attributeDisplayNames:: bWlkZGxlTmFtZSzjg5/jg4njg6sg44ON44O844Og
+attributeDisplayNames:: bWVtYmVyT2Ys5omA5bGe44GZ44KL44Kw44Or44O844OX
+attributeDisplayNames:: bWFuYWdlcizkuIrlj7g=
+attributeDisplayNames:: bWFpbCzpm7vlrZDjg6Hjg7zjg6sg44Ki44OJ44Os44K5
+attributeDisplayNames:: bCzluILljLrnlLrmnZE=
+attributeDisplayNames:: aXBQaG9uZSxJUCDpm7voqbHnlarlj7c=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5Zu96ZqbIElTRE4g55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: aW5pdGlhbHMs44Kk44OL44K344Oj44Or
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms6Ieq5a6F5L2P5omA
+attributeDisplayNames:: aG9tZVBob25lLOiHquWuhembu+ipseeVquWPtw==
+attributeDisplayNames:: aG9tZURyaXZlLOODm+ODvOODoCDjg4njg6njgqTjg5Y=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSzjg5vjg7zjg6Ag44OV44Kp44Or44OA44O8
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjQ==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizlkI3liY3jgrXjg5XjgqPjg4Pjgq/jgrk=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZBWCDnlarlj7c=
+attributeDisplayNames:: ZW1wbG95ZWVJRCznpL7lk6EgSUQ=
+attributeDisplayNames:: ZGl2aXNpb24s5pys6YOo
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs6K2Y5Yil5ZCN
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXloLHlkYrogIU=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jnvbI=
+attributeDisplayNames:: Y29tcGFueSzkvJrnpL7lkI0=
+attributeDisplayNames:: Y29tbWVudCzjgrPjg6Hjg7Pjg4g=
+attributeDisplayNames:: Y28s5Zu9
+attributeDisplayNames:: Yyzlm73jga7nlaXlkI0=
+attributeDisplayNames:: Y24s5ZCN5YmN
+attributeDisplayNames:: YXNzaXN0YW50LOOCouOCt+OCueOCv+ODs+ODiA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 44Kw44Or44O844OX
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIOODmuODvOOCuCDjgqLjg4njg6zjgrk=
+attributeDisplayNames:: dXJsLFdlYiDjg5rjg7zjgrgg44Ki44OJ44Os44K5ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs44Kw44Or44O844OX5ZCNIChXaW5kb3dzIDIwMDAg44KI44KK5YmNKQ==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5LqL5qWt5omA
+attributeDisplayNames:: aW5mbyzjg6Hjg6I=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOODleODquOCrOODiiAo6KGo56S65ZCNKQ==
+attributeDisplayNames:: bWVtYmVyLOODoeODs+ODkOODvA==
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: bCzluILljLrnlLrmnZE=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs6K2Y5Yil5ZCN
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Yyzlm73jga7nlaXlkI0=
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 44OJ44Oh44Kk44Oz
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: ZGMs5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{2B36667C-0729-4e7f-840A-E2E546D9D99C}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 6YCj57Wh5YWI
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsV2ViIOODmuODvOOCuCDjgqLjg4njg6zjgrk=
+attributeDisplayNames:: dXJsLFdlYiDjg5rjg7zjgrgg44Ki44OJ44Os44K5ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: dGl0bGUs5b256IG3
+attributeDisplayNames:: dGVsZXhOdW1iZXIs44OG44Os44OD44Kv44K555Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLOmbu+ipseeVquWPtw==
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyznlarlnLA=
+attributeDisplayNames:: c3Qs6YO96YGT5bqc55yM
+attributeDisplayNames:: c24s5aeT
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLOODhuODrOODg+OCr+OCueeVquWPtw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLOWbvemamyBJU0ROIOeVquWPtw==
+attributeDisplayNames:: cG9zdE9mZmljZUJveCznp4Hmm7jnrrE=
+attributeDisplayNames:: cG9zdGFsQ29kZSzpg7Xkvr/nlarlj7c=
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUs5LqL5qWt5omA
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSzmlaznp7A=
+attributeDisplayNames:: cGFnZXIs44Od44Kx44OD44OI44OZ44Or55Wq5Y+3
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUs6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJQYWdlcizjg53jgrHjg4Pjg4jjg5njg6vnlarlj7cgKOOBneOBruS7lik=
+attributeDisplayNames:: b3RoZXJNb2JpbGUs5pC65biv6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJNYWlsYm94LOmbu+WtkOODoeODvOODqyDjgqLjg4njg6zjgrkgKOOBneOBruS7lik=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQIOmbu+ipseeVquWPtyAo44Gd44Gu5LuWKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUs6Ieq5a6F6Zu76Kmx55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRkFYIOeVquWPtyAo44Gd44Gu5LuWKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQs44OV44Oq44Ks44OKICjpg6jnvbIp
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLOODleODquOCrOODiiAo5Lya56S+5ZCNKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOODleODquOCrOODiiAo6KGo56S65ZCNKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLOODleODquOCrOODiiAo5aeTKQ==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSzjg5Xjg6rjgqzjg4ogKOWQjSk=
+attributeDisplayNames:: bW9iaWxlLOaQuuW4r+mbu+ipseeVquWPtw==
+attributeDisplayNames:: bWlkZGxlTmFtZSzjg5/jg4njg6sg44ON44O844Og
+attributeDisplayNames:: bWVtYmVyT2Ys5omA5bGe44GZ44KL44Kw44Or44O844OX
+attributeDisplayNames:: bWFuYWdlcizkuIrlj7g=
+attributeDisplayNames:: bWFpbCzpm7vlrZDjg6Hjg7zjg6sg44Ki44OJ44Os44K5
+attributeDisplayNames:: bCzluILljLrnlLrmnZE=
+attributeDisplayNames:: aXBQaG9uZSxJUCDpm7voqbHnlarlj7c=
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIs5Zu96ZqbIElTRE4g55Wq5Y+3ICjjgZ3jga7ku5Yp
+attributeDisplayNames:: aW5mbyzjg6Hjg6I=
+attributeDisplayNames:: aW5pdGlhbHMs44Kk44OL44K344Oj44Or
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3Ms6Ieq5a6F5L2P5omA
+attributeDisplayNames:: aG9tZVBob25lLOiHquWuhembu+ipseeVquWPtw==
+attributeDisplayNames:: Z2l2ZW5OYW1lLOWQjQ==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcizlkI3liY3jgrXjg5XjgqPjg4Pjgq/jgrk=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZBWCDnlarlj7c=
+attributeDisplayNames:: ZW1wbG95ZWVJRCznpL7lk6EgSUQ=
+attributeDisplayNames:: ZGl2aXNpb24s5pys6YOo
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUs6K2Y5Yil5ZCN
+attributeDisplayNames:: ZGlzcGxheU5hbWUs6KGo56S65ZCN
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyznm7TmjqXloLHlkYrogIU=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: ZGVwYXJ0bWVudCzpg6jnvbI=
+attributeDisplayNames:: Y29tcGFueSzkvJrnpL7lkI0=
+attributeDisplayNames:: Y29tbWVudCzjgrPjg6Hjg7Pjg4g=
+attributeDisplayNames:: Y24s5ZCN5YmN
+attributeDisplayNames:: Y28s5Zu9
+attributeDisplayNames:: Yyzlm73jga7nlaXlkI0=
+attributeDisplayNames:: YXNzaXN0YW50LOOCouOCt+OCueOCv+ODs+ODiA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainPolicy-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 44OJ44Oh44Kk44OzIOODneODquOCt+ODvA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 44Ot44O844Kr44OrIOODneODquOCt+ODvA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 5YWx5pyJ44OV44Kp44Or44OA44O8
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSzjg43jg4Pjg4jjg6/jg7zjgq8g44OR44K5
+attributeDisplayNames:: a2V5d29yZHMs44Kt44O844Ov44O844OJ
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 44K144O844OT44K5
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 44Kz44Oz44OU44Ol44O844K/44O8
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLOODleODquOCrOODiiAo6KGo56S65ZCNKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUs44Kz44Oz44OU44Ol44O844K/44O85ZCNIChXaW5kb3dzIDIwMDAg44KI44KK5YmNKQ==
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbizjgqrjg5rjg6zjg7zjg4bjgqPjg7PjgrAg44K344K544OG44Og44Gu44OQ44O844K444On44Oz
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLOOCquODmuODrOODvOODhuOCo+ODs+OCsCDjgrfjgrnjg4bjg6A=
+attributeDisplayNames:: bWFuYWdlZEJ5LOeuoeeQhuiAhQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24s6Kqs5piO
+attributeDisplayNames:: Y24s5ZCN5YmN
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: 44OX44Oq44Oz44K/44O8
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcizjgqrjg5bjgrjjgqfjgq/jg4jjga7jg5Djg7zjgrjjg6fjg7M=
+attributeDisplayNames:: dXJsLFdlYiDjg5rjg7zjgrgg44Ki44OJ44Os44K5
+attributeDisplayNames:: c2VydmVyTmFtZSzjgrXjg7zjg5Djg7zlkI0=
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCzjg5vjg4Hjgq3jgrnmraLjgoHjgpLjgrXjg53jg7zjg4g=
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUs5YWx5pyJ5ZCN
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSzjg5rjg7zjgrgv5YiG
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCzpgJ/luqbjga7ljZjkvY0=
+attributeDisplayNames:: cHJpbnRSYXRlLOmAn+W6pg==
+attributeDisplayNames:: cHJpbnRPd25lcizmiYDmnInogIXlkI0=
+attributeDisplayNames:: cHJpbnRNZW1vcnks44Kk44Oz44K544OI44O844Or44GV44KM44Gf44Oh44Oi44Oq
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCzjgrXjg53jg7zjg4jjgZXjgozjgovnlKjntJnjga7nqK7poZ4=
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LOWIqeeUqOWPr+iDveOBqueUqOe0mQ==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLOacgOmrmOino+WDj+W6pg==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSzjg5fjg6rjg7Pjgr/jg7zoqIDoqp4=
+attributeDisplayNames:: cHJpbnRlck5hbWUs5ZCN5YmN
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQs5Lih6Z2i5Y2w5Yi344KS44K144Od44O844OI
+attributeDisplayNames:: cHJpbnRDb2xvcizjgqvjg6njg7zljbDliLfjgpLjgrXjg53jg7zjg4g=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLOS4geWQiOOBhOOCkuOCteODneODvOODiA==
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyzlhaXlipvjg4jjg6zjgqQ=
+attributeDisplayNames:: cG9ydE5hbWUs44Od44O844OI
+attributeDisplayNames:: bG9jYXRpb24s5aC05omA
+attributeDisplayNames:: ZHJpdmVyTmFtZSzjg6Ljg4fjg6s=
+attributeDisplayNames:: ZGVzY3JpcHRpb24s44Kz44Oh44Oz44OI
+attributeDisplayNames:: Y29udGFjdE5hbWUs6YCj57Wh5YWI
+attributeDisplayNames:: YXNzZXROdW1iZXIs6LOH55Sj55Wq5Y+3
+attributeDisplayNames:: dU5DTmFtZSzjg43jg4Pjg4jjg6/jg7zjgq/lkI0=
+attributeDisplayNames:: Y24s44OH44Kj44Os44Kv44OI44OqIOOCteODvOODk+OCueWQjQ==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 44K144Kk44OI
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: 44K144O844OQ44O8
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 6Kit5a6a
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOioreWumg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RlJTIOikh+ijveeJqeOCu+ODg+ODiA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: 44OJ44Oh44Kk44OzIOOCs+ODs+ODiOODreODvOODqeODvOOBruioreWumg==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: 5o6l57aa
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=411,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: 44K144OW44ON44OD44OI
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: container
+distinguishedName: CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=site-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: site-Display
+distinguishedName: CN=site-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: site-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{717EF4FA-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Websted
+adminContextMenu: 3,{bc019ba0-d46d-11d1-8091-00a024c48131}
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=server-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: server-Display
+distinguishedName: CN=server-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: server-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6494-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName: Server
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSettings-Display
+distinguishedName: CN=nTDSSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FB-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName: Indstillinger
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSettings-Display
+distinguishedName: CN=nTFRSSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd68-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Indstillinger for FRS
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSReplicaSet-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSReplicaSet-Display
+distinguishedName: CN=nTFRSReplicaSet-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSReplicaSet-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd69-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: UmVwbGlrZXJpbmdzc8OmdCBmb3IgRlJT
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSDSA-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSDSA-Display
+distinguishedName: CN=nTDSDSA-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSDSA-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717EF4FC-AC8D-11D0-B945-00C04FD8D5B0}
+classDisplayName:: SW5kc3RpbGxpbmdlciBmb3IgZG9tw6ZuZWNvbnRyb2xsZXI=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSConnection-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSConnection-Display
+distinguishedName: CN=nTDSConnection-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSConnection-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef4fd-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName: Forbindelse
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnet-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnet-Display
+distinguishedName: CN=subnet-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnet-Display
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{9da6fd62-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: Undernet
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=organizationalUnit-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: organizationalUnit-Display
+distinguishedName: CN=organizationalUnit-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: organizationalUnit-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 7,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Organisationsenhed
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: managedBy,Administreret af
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: ou,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=container-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: container-Display
+distinguishedName: CN=container-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: container-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Objektbeholder
+adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09}
+adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=trustedDomain-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: trustedDomain-Display
+distinguishedName: CN=trustedDomain-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: trustedDomain-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd67-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName:: RG9tw6ZuZSwgZGVyIG55ZGVyIHRpbGxpZA==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=default-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: default-Display
+distinguishedName: CN=default-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: default-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns:: bXNkcy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uZXRpc2sgYWZkZWxpbmcsMCwxMDAsMA==
+extraColumns:: bXNkcy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbmV0aXNrIGZpcm1hbmF2biwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0xhc3ROYW1lLEZvbmV0aXNrIGVmdGVybmF2biwwLDEwMCww
+extraColumns:: bXNkcy1QaG9uZXRpY0ZpcnN0TmFtZSxGb25ldGlzayBmb3JuYXZuLDAsMTAwLDA=
+extraColumns:: bXNkcy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmV0aXNrIHZpc3QgbmF2biwwLDEwMCww
+extraColumns:: cG9zdGFsQ29kZSxQb3N0bnVtbWVyLDAsMTAwLDA=
+extraColumns:: dGV4dEVuY29kZWRPUkFkZHJlc3MsWC40MDAtZS1tYWlsLWFkcmVzc2UsMCwxMzAsMA==
+extraColumns:: dXNlclByaW5jaXBhbE5hbWUsTG9nb25uYXZuIGZvciBicnVnZXIsMCwyMDAsMA==
+extraColumns:: dGl0bGUsU3RpbGxpbmcsMCwxMDAsMA==
+extraColumns:: dGFyZ2V0QWRkcmVzcyxEZXN0aW5hdGlvbnNhZHJlc3NlLDAsMTAwLDA=
+extraColumns:: c3QsU3RhdCwwLDEwMCww
+extraColumns:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9yLDAsMTAwLDA=
+extraColumns:: d2hlbkNoYW5nZWQsw4ZuZHJldCwwLDEzMCww
+extraColumns:: c24sRWZ0ZXJuYXZuLDAsMTAwLDA=
+extraColumns:: bXNFeGNoSU1NZXRhUGh5c2ljYWxVUkwsVVJMLWFkcmVzc2UgdGlsIG9ubGluZW1lZGRlbGVsc2VyLDAsMTQwLDA=
+extraColumns:: bXNFeGNoSU1QaHlzaWNhbFVSTCxIamVtbWVzZXJ2ZXIgdGlsIG9ubGluZW1lZGRlbGVsc2VyLDAsMTcwLDA=
+extraColumns:: Z2l2ZW5OYW1lLEZvcm5hdm4sMCwxMDAsMA==
+extraColumns:: aG9tZU1EQixFeGNoYW5nZS1wb3N0a2Fzc2VsYWdlciwwLDEwMCww
+extraColumns:: bWFpbE5pY2tuYW1lLEV4Y2hhbmdlLWFsaWFzLDAsMTc1LDA=
+extraColumns:: bWFpbCxFLW1haWwtYWRyZXNzZSwwLDEwMCww
+extraColumns:: c0FNQWNjb3VudE5hbWUsTG9nb25uYXZuIChmw7hyIFdpbmRvd3MgMjAwMCksMCwxMjAsMA==
+extraColumns:: ZGlzcGxheU5hbWUsVmlzdCBuYXZuLDAsMTAwLDA=
+extraColumns:: ZGVwYXJ0bWVudCxBZmRlbGluZywwLDE1MCww
+extraColumns:: YyxMYW5kLDAsLTEsMA==
+extraColumns:: Y29tcGFueSxGaXJtYSwwLDE1MCww
+extraColumns:: bCxCeSwwLDE1MCww
+extraColumns:: dGVsZXBob25lTnVtYmVyLFRlbGVmb24gKGFyYmVqZGUpLDAsMTAwLDA=
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=siteLink-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLink-Display
+distinguishedName: CN=siteLink-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLink-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30561-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: TGluayB0aWwgb21yw6VkZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=siteLinkBridge-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: siteLinkBridge-Display
+distinguishedName: CN=siteLinkBridge-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: siteLinkBridge-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30562-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName:: TGlua2JybyB0aWwgb21yw6VkZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransport-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransport-Display
+distinguishedName: CN=interSiteTransport-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransport-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6491-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: VHJhbnNwb3J0IGluZGVuZm9yIG9tcsOlZGU=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=licensingSiteSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: licensingSiteSettings-Display
+distinguishedName: CN=licensingSiteSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: licensingSiteSettings-Display
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{717ef500-ac8d-11d0-b945-00c04fd8d5b0}
+classDisplayName:: TGljZW5zaW5kc3RpbGxpbmdlciBmb3Igb21yw6VkZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSSiteSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSSiteSettings-Display
+distinguishedName: CN=nTDSSiteSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSSiteSettings-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2f280288-bb6d-11d0-b948-00c04fd8d5b0}
+classDisplayName:: SW5kc3RpbGxpbmdlciBmb3Igb21yw6VkZQ==
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSMember-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSMember-Display
+distinguishedName: CN=nTFRSMember-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSMember-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{9da6fd6a-c63b-11d0-b94d-00c04fd8d5b0}
+classDisplayName: FRS-medlem
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriber-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriber-Display
+distinguishedName: CN=nTFRSSubscriber-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriber-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d3055f-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-abonnent
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTFRSSubscriptions-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTFRSSubscriptions-Display
+distinguishedName: CN=nTFRSSubscriptions-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTFRSSubscriptions-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30560-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: FRS-abonnementer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=rpcContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: rpcContainer-Display
+distinguishedName: CN=rpcContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: rpcContainer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{50d30572-9911-11d1-b9af-00c04fd8d5b0}
+classDisplayName: RPC-tjenester
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQQueue-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQQueue-Display
+distinguishedName: CN=mSMQQueue-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQQueue-Display
+iconPath: 0,mqsnap.dll,-251
+creationWizard: {E62F8206-B71C-11D1-808D-00A024C48131}
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+classDisplayName:: TVNNUS1rw7g=
+adminContextMenu: 1,{e62f8206-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=mSMQConfiguration-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQConfiguration-Display
+distinguishedName: CN=mSMQConfiguration-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQConfiguration-Display
+iconPath: 0,mqsnap.dll,-252
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+classDisplayName: MSMQ-konfiguration
+adminContextMenu: 1,{e62f8208-b71c-11d1-808d-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQEnterpriseSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQEnterpriseSettings-Display
+distinguishedName: CN=mSMQEnterpriseSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQEnterpriseSettings-Display
+iconPath: 0,mqsnap.dll,-253
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+classDisplayName:: TVNNUS1uZXR2w6Zyaw==
+adminContextMenu: 1,{2E4B37AB-CC8B-11D1-9C85-006008764D0E}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQMigratedUser-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQMigratedUser-Display
+distinguishedName: CN=mSMQMigratedUser-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQMigratedUser-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+classDisplayName: MSMQ-opgraderet bruger
+adminContextMenu: 1,{fc5bf656-0b7f-11d3-883f-006094eb6406}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSiteLink-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSiteLink-Display
+distinguishedName: CN=mSMQSiteLink-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSiteLink-Display
+iconPath: 0,mqsnap.dll,-254
+creationWizard: {87b31390-d46d-11d1-8091-00a024c48131}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+classDisplayName: MSMQ-routing-link
+adminContextMenu: 1,{87b31390-d46d-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=mSMQSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: mSMQSettings-Display
+distinguishedName: CN=mSMQSettings-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: mSMQSettings-Display
+iconPath: 0,mqsnap.dll,-255
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+classDisplayName: Indstillinger for MSMQ
+adminContextMenu: 1,{d251b000-d46e-11d1-8091-00a024c48131}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Custom-Recipient-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Custom-Recipient-Display
+distinguishedName: CN=msMQ-Custom-Recipient-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Custom-Recipient-Display
+iconPath: 0,mqsnap.dll,-437
+creationWizard: {9e4ab987-3cca-4de0-ae36-3d163df44d36}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+classDisplayName:: TVNNUS1rw7gtYWxpYXM=
+adminContextMenu: 1,{9e4ab987-3cca-4de0-ae36-3d163df44d36}
+attributeDisplayNames: msMQ-Recipient-FormatName,Formatnavn
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msMQ-Group-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msMQ-Group-Display
+distinguishedName: CN=msMQ-Group-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msMQ-Group-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+classDisplayName: MSMQ-gruppe
+adminContextMenu: 1,{7e93454a-976a-4228-90f1-f7648010b8e6}
+attributeDisplayNames:: bWVtYmVyLE1lZGxlbXNrw7hlcg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: Y24sTmF2bg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=remoteStorageServicePoint-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: remoteStorageServicePoint-Display
+distinguishedName: CN=remoteStorageServicePoint-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: remoteStorageServicePoint-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Tjenesten Storage Service
+adminContextMenu: 0,&Administrer...,RsAdmin.msc
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=sitesContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: sitesContainer-Display
+distinguishedName: CN=sitesContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: sitesContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVob2xkZXIgZm9yIG9tcsOlZGU=
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=interSiteTransportContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: interSiteTransportContainer-Display
+distinguishedName: CN=interSiteTransportContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: interSiteTransportContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QmVob2xkZXIgZm9yIHRyYW5zcG9ydCBpbmRlbmZvciBvbXLDpWRl
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=subnetContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: subnetContainer-Display
+distinguishedName: CN=subnetContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: subnetContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Undernetbeholder
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serversContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serversContainer-Display
+distinguishedName: CN=serversContainer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serversContainer-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName: Serverbeholder
+adminContextMenu: 2,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=nTDSService-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: nTDSService-Display
+distinguishedName: CN=nTDSService-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: nTDSService-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: QWN0aXZlIERpcmVjdG9yeS1kb23Dpm5ldGplbmVzdGVy
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=queryPolicy-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: queryPolicy-Display
+distinguishedName: CN=queryPolicy-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: queryPolicy-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+classDisplayName:: Rm9yZXNww7hyZ3NlbHNwb2xpdGlr
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=foreignSecurityPrincipal-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: foreignSecurityPrincipal-Display
+distinguishedName: CN=foreignSecurityPrincipal-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: foreignSecurityPrincipal-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6486-a212-11d0-bcd5-00c04fd8d5b6}
+classDisplayName:: RWtzdGVybiBkb23Dpm5la29udG8sIGRlciBueWRlciB0aWxsaWQ=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=pKICertificateTemplate-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: pKICertificateTemplate-Display
+distinguishedName: CN=pKICertificateTemplate-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: pKICertificateTemplate-Display
+iconPath: 0,certtmpl.dll,-144
+contextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+adminPropertyPages: 3,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+shellPropertyPages: 1,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+classDisplayName: Certifikatskabelon
+adminContextMenu: 0,{11BDCE06-D55C-44e9-BC0B-8655F89E8CC5}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-PartitionSet-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-PartitionSet-Display
+distinguishedName: CN=msCOM-PartitionSet-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-PartitionSet-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{9305969B-F45F-47E5-A954-6EA879E874CC}
+adminContextMenu: 1,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=msCOM-Partition-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: msCOM-Partition-Display
+distinguishedName: CN=msCOM-Partition-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: msCOM-Partition-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{2797CF92-415A-43E6-A8F7-A5FAAB783719}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=lostAndFound-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: lostAndFound-Display
+distinguishedName: CN=lostAndFound-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: lostAndFound-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6}
+shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6}
+adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: cn,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+extraColumns: lastKnownParent,Senest kendte overordnede,1,300,0
+adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=inetOrgPerson-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: inetOrgPerson-Display
+distinguishedName: CN=inetOrgPerson-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: inetOrgPerson-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 10,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 9,{FA3E1D55-16DF-446D-872E-BD04D4F39C93}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: InetOrgPerson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+attributeDisplayNames:: Y24sTmF2bg==
+attributeDisplayNames:: YyxMYW5kZWZvcmtvcnRlbHNl
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBZmRlbGluZw==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEaXJla3RlIHVuZGVyb3JkbmVkZQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsRW50eWRpZ3QgbmF2bg==
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb24=
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnNhdHRlcyBJRC1udW1tZXI=
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYXZuZXN1ZmZpa3MgKGYuZWtzLiBTci4sIEpyLiwgSUlJKQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEZvcm5hdm4=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxIamVtbWVtYXBwZQ==
+attributeDisplayNames:: aG9tZURyaXZlLEhqZW1tZWRyZXY=
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gKHByaXZhdCk=
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzZSAocHJpdmF0KQ==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50ZXJuYXRpb25hbHQgSVNETi1udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: bCxCeQ==
+attributeDisplayNames:: bWFpbCxFLW1haWwtYWRyZXNzZQ==
+attributeDisplayNames:: bWFuYWdlcixPdmVyb3JkbmV0
+attributeDisplayNames:: bWVtYmVyT2YsTWVkbGVtIGFm
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsZW1uYXZu
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uZXRpc2sgYWZkZWxpbmc=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbmV0aXNrIGZpcm1hbmF2bg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmV0aXNrIHZpc3QgbmF2bg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEZvbmV0aXNrIGVmdGVybmF2bg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxGb25ldGlzayBmb3JuYXZu
+attributeDisplayNames:: aW5mbyxOb3Rlcg==
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgcHJpdmF0IChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtbWFpbC1hZHJlc3NlIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7hnZXJudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbiwgYXJiZWpkZSAoYW5kcmUp
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O4Z2VybnVtbWVy
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRlbA==
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9ycGxhY2VyaW5n
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0Ym9rcw==
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGVybmF0aW9uYWx0IElTRE4tbnVtbWVy
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4bnVtbWVy
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTG9nb25uYXZuIChmw7hyIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: c24sRWZ0ZXJuYXZu
+attributeDisplayNames:: c3QsT21yw6VkZS9yZWdpb24=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc3Nl
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: dGl0bGUsU3RpbGxpbmc=
+attributeDisplayNames:: dXJsLEFkcmVzc2UgcMOlIHdlYnNpZGUgKGFuZHJlKQ==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzdCBuYXZu
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxMb2cgcMOlIGFyYmVqZHNzdGF0aW9uZXI=
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTG9nb25uYXZu
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBww6Ugd2Vic3RlZA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50D30564-9911-11D1-B9AF-00C04FD8D5B0}
+
+dn: CN=DS-UI-Default-Settings,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: dSUISettings
+cn: DS-UI-Default-Settings
+distinguishedName: CN=DS-UI-Default-Settings,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: DS-UI-Default-Settings
+objectCategory: CN=DS-UI-Settings,CN=Schema,<Configuration NC Distinguished Name>
+dSUIAdminNotification: 2,{a00e1768-4a9b-4d97-afc6-99d329f605f2}
+dSUIAdminNotification: 1,{E62F8206-B71C-11D1-808D-00A024C48131}
+msDS-Non-Security-Group-Extra-Classes: mSMQCustomRecipient
+msDS-Non-Security-Group-Extra-Classes: mSMQQueue
+msDS-FilterContainers: dns-Zone
+msDS-FilterContainers: Container
+msDS-FilterContainers: Lost-And-Found
+msDS-FilterContainers: Builtin-Domain
+msDS-FilterContainers: Organizational-Unit
+
+dn: CN=IntellimirrorGroup-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorGroup-Display
+distinguishedName: CN=IntellimirrorGroup-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorGroup-Display
+adminPropertyPages: 2,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+shellPropertyPages: 1,{C641CF88-892F-11d1-BBEB-0060081692B3}
+classDisplayName: Gruppen IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=IntellimirrorSCP-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: IntellimirrorSCP-Display
+distinguishedName: CN=IntellimirrorSCP-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: IntellimirrorSCP-Display
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4e40f770-369c-11d0-8922-00a024ab2dbb}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+shellPropertyPages: 1,{AC409538-741C-11d1-BBE6-0060081692B3}
+classDisplayName: Tjenesten IntelliMirror
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=user-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: user-Display
+distinguishedName: CN=user-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: user-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 11,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 10,{4c796c30-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93}
+adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813}
+adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3}
+adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Bruger
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBww6Ugd2Vic3RlZA==
+attributeDisplayNames:: dXNlclByaW5jaXBhbE5hbWUsTG9nb25uYXZu
+attributeDisplayNames:: dXNlcldvcmtzdGF0aW9ucyxMb2cgcMOlIGFyYmVqZHNzdGF0aW9uZXI=
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzdCBuYXZu
+attributeDisplayNames:: dXJsLEFkcmVzc2UgcMOlIHdlYnNpZGUgKGFuZHJlKQ==
+attributeDisplayNames:: dGl0bGUsU3RpbGxpbmc=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc3Nl
+attributeDisplayNames:: c3QsT21yw6VkZS9yZWdpb24=
+attributeDisplayNames:: c24sRWZ0ZXJuYXZu
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsTG9nb25uYXZuIChmw7hyIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4bnVtbWVy
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGVybmF0aW9uYWx0IElTRE4tbnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0Ym9rcw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9ycGxhY2VyaW5n
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRlbA==
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O4Z2VybnVtbWVy
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbiwgYXJiZWpkZSAoYW5kcmUp
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7hnZXJudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtbWFpbC1hZHJlc3NlIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgcHJpdmF0IChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: aW5mbyxOb3Rlcg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uZXRpc2sgYWZkZWxpbmc=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbmV0aXNrIGZpcm1hbmF2bg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmV0aXNrIHZpc3QgbmF2bg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEZvbmV0aXNrIGVmdGVybmF2bg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxGb25ldGlzayBmb3JuYXZu
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsZW1uYXZu
+attributeDisplayNames:: bWVtYmVyT2YsTWVkbGVtIGFm
+attributeDisplayNames:: bWFuYWdlcixPdmVyb3JkbmV0
+attributeDisplayNames:: bWFpbCxFLW1haWwtYWRyZXNzZQ==
+attributeDisplayNames:: bCxCeQ==
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50ZXJuYXRpb25hbHQgSVNETi1udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzZSAocHJpdmF0KQ==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gKHByaXZhdCk=
+attributeDisplayNames:: aG9tZURyaXZlLEhqZW1tZWRyZXY=
+attributeDisplayNames:: aG9tZURpcmVjdG9yeSxIamVtbWVtYXBwZQ==
+attributeDisplayNames:: Z2l2ZW5OYW1lLEZvcm5hdm4=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYXZuZXN1ZmZpa3MgKGYuZWtzLiBTci4sIEpyLiwgSUlJKQ==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnNhdHRlcyBJRC1udW1tZXI=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb24=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsRW50eWRpZ3QgbmF2bg==
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEaXJla3RlIHVuZGVyb3JkbmVkZQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBZmRlbGluZw==
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kZWZvcmtvcnRlbHNl
+attributeDisplayNames:: Y24sTmF2bg==
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0}
+
+dn: CN=group-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: group-Display
+distinguishedName: CN=group-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: group-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{9a899a50-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Gruppe
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBww6Ugd2Vic3RlZA==
+attributeDisplayNames:: dXJsLEFkcmVzc2UgcMOlIHdlYnNpZGUgKGFuZHJlKQ==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsR3J1cHBlbmF2biAoZsO4ciBXaW5kb3dzIDIwMDAp
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9ycGxhY2VyaW5n
+attributeDisplayNames:: aW5mbyxOb3Rlcg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmV0aXNrIHZpc3QgbmF2bg==
+attributeDisplayNames:: bWVtYmVyLE1lZGxlbW1lcg==
+attributeDisplayNames:: bWFuYWdlZEJ5LEFkbWluaXN0cmVyZXQgYWY=
+attributeDisplayNames:: bCxCeQ==
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsRW50eWRpZ3QgbmF2bg==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: YyxMYW5kZWZvcmtvcnRlbHNl
+attributeDisplayNames:: Y24sTmF2bg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainDNS-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainDNS-Display
+distinguishedName: CN=domainDNS-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainDNS-Display
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9tw6ZuZQ==
+adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D}
+attributeDisplayNames: description,Beskrivelse
+attributeDisplayNames: dc,Navn
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=contact-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: contact-Display
+distinguishedName: CN=contact-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: contact-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645c-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f0-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Kontaktperson
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: d1dXSG9tZVBhZ2UsQWRyZXNzZSBww6Ugd2Vic3RlZA==
+attributeDisplayNames:: dXJsLEFkcmVzc2UgcMOlIHdlYnNpZGUgKGFuZHJlKQ==
+attributeDisplayNames:: dGl0bGUsU3RpbGxpbmc=
+attributeDisplayNames:: dGVsZXhOdW1iZXIsVGVsZXhudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: dGVsZXBob25lTnVtYmVyLFRlbGVmb25udW1tZXI=
+attributeDisplayNames:: c3RyZWV0QWRkcmVzcyxBZHJlc3Nl
+attributeDisplayNames:: c3QsT21yw6VkZS9yZWdpb24=
+attributeDisplayNames:: c24sRWZ0ZXJuYXZu
+attributeDisplayNames:: cHJpbWFyeVRlbGV4TnVtYmVyLFRlbGV4bnVtbWVy
+attributeDisplayNames:: cHJpbWFyeUludGVybmF0aW9uYWxJU0ROTnVtYmVyLEludGVybmF0aW9uYWx0IElTRE4tbnVtbWVy
+attributeDisplayNames:: cG9zdE9mZmljZUJveCxQb3N0Ym9rcw==
+attributeDisplayNames:: cG9zdGFsQ29kZSxQb3N0bnVtbWVy
+attributeDisplayNames:: cGh5c2ljYWxEZWxpdmVyeU9mZmljZU5hbWUsS29udG9ycGxhY2VyaW5n
+attributeDisplayNames:: cGVyc29uYWxUaXRsZSxUaXRlbA==
+attributeDisplayNames:: cGFnZXIsUGVyc29uc8O4Z2VybnVtbWVy
+attributeDisplayNames:: b3RoZXJUZWxlcGhvbmUsVGVsZWZvbiwgYXJiZWpkZSAoYW5kcmUp
+attributeDisplayNames:: b3RoZXJQYWdlcixQZXJzb25zw7hnZXJudW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJNb2JpbGUsTW9iaWx0ZWxlZm9ubnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJNYWlsYm94LEUtbWFpbC1hZHJlc3NlIChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJJcFBob25lLElQLXRlbGVmb25udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: b3RoZXJIb21lUGhvbmUsVGVsZWZvbm51bW1lciwgcHJpdmF0IChhbmRyZSk=
+attributeDisplayNames:: b3RoZXJGYWNzaW1pbGVUZWxlcGhvbmVOdW1iZXIsRmF4bnVtbWVyIChhbmRyZSk=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0RlcGFydG1lbnQsRm9uZXRpc2sgYWZkZWxpbmc=
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0NvbXBhbnlOYW1lLEZvbmV0aXNrIGZpcm1hbmF2bg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmV0aXNrIHZpc3QgbmF2bg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0xhc3ROYW1lLEZvbmV0aXNrIGVmdGVybmF2bg==
+attributeDisplayNames:: bVNEUy1QaG9uZXRpY0ZpcnN0TmFtZSxGb25ldGlzayBmb3JuYXZu
+attributeDisplayNames:: bW9iaWxlLE1vYmlsdGVsZWZvbm51bW1lcg==
+attributeDisplayNames:: bWlkZGxlTmFtZSxNZWxsZW1uYXZu
+attributeDisplayNames:: bWVtYmVyT2YsTWVkbGVtIGFm
+attributeDisplayNames:: bWFuYWdlcixPdmVyb3JkbmV0
+attributeDisplayNames:: bWFpbCxFLW1haWwtYWRyZXNzZQ==
+attributeDisplayNames:: bCxCeQ==
+attributeDisplayNames:: aXBQaG9uZSxJUC10ZWxlZm9ubnVtbWVy
+attributeDisplayNames:: aW50ZXJuYXRpb25hbElTRE5OdW1iZXIsSW50ZXJuYXRpb25hbHQgSVNETi1udW1tZXIgKGFuZHJlKQ==
+attributeDisplayNames:: aW5mbyxOb3Rlcg==
+attributeDisplayNames:: aW5pdGlhbHMsSW5pdGlhbGVy
+attributeDisplayNames:: aG9tZVBvc3RhbEFkZHJlc3MsQWRyZXNzZSAocHJpdmF0KQ==
+attributeDisplayNames:: aG9tZVBob25lLFRlbGVmb24gKHByaXZhdCk=
+attributeDisplayNames:: Z2l2ZW5OYW1lLEZvcm5hdm4=
+attributeDisplayNames:: Z2VuZXJhdGlvblF1YWxpZmllcixOYXZuZXN1ZmZpa3MgKGYuZWtzLiBTci4sIEpyLiwgSUlJKQ==
+attributeDisplayNames:: ZmFjc2ltaWxlVGVsZXBob25lTnVtYmVyLEZheG51bW1lcg==
+attributeDisplayNames:: ZW1wbG95ZWVJRCxBbnNhdHRlcyBJRC1udW1tZXI=
+attributeDisplayNames:: ZGl2aXNpb24sRGl2aXNpb24=
+attributeDisplayNames:: ZGlzdGluZ3Vpc2hlZE5hbWUsRW50eWRpZ3QgbmF2bg==
+attributeDisplayNames:: ZGlzcGxheU5hbWUsVmlzdCBuYXZu
+attributeDisplayNames:: ZGlyZWN0UmVwb3J0cyxEaXJla3RlIHVuZGVyb3JkbmVkZQ==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: ZGVwYXJ0bWVudCxBZmRlbGluZw==
+attributeDisplayNames:: Y29tcGFueSxGaXJtYQ==
+attributeDisplayNames:: Y29tbWVudCxLb21tZW50YXI=
+attributeDisplayNames:: Y24sTmF2bg==
+attributeDisplayNames:: Y28sTGFuZA==
+attributeDisplayNames:: YyxMYW5kZWZvcmtvcnRlbHNl
+attributeDisplayNames:: YXNzaXN0YW50LEFzc2lzdGVudA==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+
+dn: CN=domainPolicy-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: domainPolicy-Display
+distinguishedName: CN=domainPolicy-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: domainPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 2,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 1,{6dfe648e-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f1-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName:: RG9tw6ZuZXBvbGl0aWs=
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=localPolicy-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: localPolicy-Display
+distinguishedName: CN=localPolicy-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: localPolicy-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 5,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 4,{AAD30A04-E1D0-11d0-B859-00A024CDD4DE}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe648f-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f2-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Lokal politik
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=volume-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: volume-Display
+distinguishedName: CN=volume-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: volume-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6490-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f3-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Delt mappe
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dU5DTmFtZSxOZXR2w6Zya3NzdGk=
+attributeDisplayNames:: a2V5d29yZHMsTsO4Z2xlb3Jk
+attributeDisplayNames:: bWFuYWdlZEJ5LEFkbWluaXN0cmVyZXQgYWY=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: Y24sTmF2bg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=serviceAdministrationPoint-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: serviceAdministrationPoint-Display
+distinguishedName: CN=serviceAdministrationPoint-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: serviceAdministrationPoint-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 6,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{c5f1645d-c8c9-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{c5f1645e-c8c9-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Tjeneste
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+
+dn: CN=computer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: computer-Display
+distinguishedName: CN=computer-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: computer-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 12,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 11,{c7499700-f96b-11d2-ac78-0008c7726cf7}
+adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3}
+adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}
+adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03}
+adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Computer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: TVNEUy1QaG9uZXRpY0Rpc3BsYXlOYW1lLEZvbmV0aXNrIHZpc3QgbmF2bg==
+attributeDisplayNames:: c2FtQWNjb3VudE5hbWUsQ29tcHV0ZXJuYXZuIChmw7hyIFdpbmRvd3MgMjAwMCk=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtVmVyc2lvbixPcGVyYXRpdnN5c3RlbSAtIHZlcnNpb24=
+attributeDisplayNames:: b3BlcmF0aW5nU3lzdGVtLE9wZXJhdGl2c3lzdGVt
+attributeDisplayNames:: bWFuYWdlZEJ5LEFkbWluaXN0cmVyZXQgYWY=
+attributeDisplayNames:: ZGVzY3JpcHRpb24sQmVza3JpdmVsc2U=
+attributeDisplayNames:: Y24sTmF2bg==
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
+treatAsLeaf: TRUE
+createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4}
+
+dn: CN=printQueue-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+changetype: add
+objectClass: top
+objectClass: displaySpecifier
+cn: printQueue-Display
+distinguishedName: CN=printQueue-Display,CN=406,CN=DisplaySpecifiers,<Configuration NC Distinguished Name>
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+name: printQueue-Display
+contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103}
+adminPropertyPages: 4,{C7436F12-A27F-4cab-AACA-2BD27ED1B773}
+adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB}
+adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6}
+adminPropertyPages: 1,{6dfe6493-a212-11d0-bcd5-00c04fd8d5b6}
+shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6}
+shellPropertyPages: 1,{f5d121f5-c8ac-11d0-bcdb-00c04fd8d5b6}
+classDisplayName: Printer
+adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6}
+attributeDisplayNames:: dmVyc2lvbk51bWJlcixPYmpla3R2ZXJzaW9u
+attributeDisplayNames:: dXJsLEFkcmVzc2UgcMOlIHdlYnN0ZWQ=
+attributeDisplayNames:: c2VydmVyTmFtZSxTZXJ2ZXJuYXZu
+attributeDisplayNames:: cHJpbnRTdGFwbGluZ1N1cHBvcnRlZCxVbmRlcnN0w7h0dGVyIGjDpmZ0bmluZw==
+attributeDisplayNames:: cHJpbnRTaGFyZU5hbWUsU2hhcmVuYXZu
+attributeDisplayNames:: cHJpbnRQYWdlc1Blck1pbnV0ZSxTaWRlciBwci4gbWludXQ=
+attributeDisplayNames:: cHJpbnRSYXRlVW5pdCxIYXN0aWdoZWRzZW5oZWRlcg==
+attributeDisplayNames:: cHJpbnRSYXRlLEhhc3RpZ2hlZA==
+attributeDisplayNames:: cHJpbnRPd25lcixOYXZuIHDDpSBlamVy
+attributeDisplayNames:: cHJpbnRNZW1vcnksSW5zdGFsbGVyZXQgaHVrb21tZWxzZQ==
+attributeDisplayNames:: cHJpbnRNZWRpYVN1cHBvcnRlZCxVbmRlcnN0w7h0dGVkZSBwYXBpcnR5cGVy
+attributeDisplayNames:: cHJpbnRNZWRpYVJlYWR5LFRpbGfDpm5nZWxpZ2UgcGFwaXJ0eXBlcg==
+attributeDisplayNames:: cHJpbnRNYXhSZXNvbHV0aW9uU3VwcG9ydGVkLE1ha3NpbXVtb3Bsw7hzbmluZw==
+attributeDisplayNames:: cHJpbnRMYW5ndWFnZSxQcmludGVyc3Byb2c=
+attributeDisplayNames:: cHJpbnRlck5hbWUsTmF2bg==
+attributeDisplayNames:: cHJpbnREdXBsZXhTdXBwb3J0ZWQsVW5kZXJzdMO4dHRlciBkb2JiZWx0c2lkZXQgdWRza3Jpdm5pbmc=
+attributeDisplayNames:: cHJpbnRDb2xvcixVbmRlcnN0w7h0dGVyIGZhcnZldWRza3Jpdm5pbmc=
+attributeDisplayNames:: cHJpbnRDb2xsYXRlLFVuZGVyc3TDuHR0ZXIgc8OmdHZpcyBzb3J0ZXJpbmc=
+attributeDisplayNames:: cHJpbnRCaW5OYW1lcyxQcmludGVyYmFra2Vy
+attributeDisplayNames:: cG9ydE5hbWUsUG9ydA==
+attributeDisplayNames:: bG9jYXRpb24sUGxhY2VyaW5n
+attributeDisplayNames:: ZHJpdmVyTmFtZSxNb2RlbA==
+attributeDisplayNames:: ZGVzY3JpcHRpb24sS29tbWVudGFy
+attributeDisplayNames:: Y29udGFjdE5hbWUsS29udGFrdHBlcnNvbg==
+attributeDisplayNames:: YXNzZXROdW1iZXIsVWRzdHlyc251bW1lcg==
+attributeDisplayNames:: dU5DTmFtZSxOZXR2w6Zya3NuYXZu
+attributeDisplayNames:: Y24sTmF2biBww6Uga2F0YWxvZ3RqZW5lc3Rl
+objectCategory: CN=Display-Specifier,CN=Schema,<Configuration NC Distinguished Name>
diff --git a/source4/setup/dns_update_list b/source4/setup/dns_update_list
new file mode 100644
index 0000000..a14327a
--- /dev/null
+++ b/source4/setup/dns_update_list
@@ -0,0 +1,56 @@
+# this is a list of DNS entries which will be put into DNS using
+# dynamic DNS update. It is processed by the samba_dnsupdate script
+A                      ${HOSTNAME}                                           $IP
+AAAA                   ${HOSTNAME}                                           $IP
+${IF_DC}CNAME          ${NTDSGUID}._msdcs.${DNSFOREST}                       ${HOSTNAME}
+${IF_RWDNS_DOMAIN}NS   ${DNSDOMAIN}                                          ${HOSTNAME}
+${IF_RWDNS_FOREST}NS   ${DNSFOREST}                                          ${HOSTNAME}
+${IF_RWDNS_FOREST}NS   _msdcs.${DNSFOREST}                                   ${HOSTNAME}
+
+# Stub entries in the parent zone
+${IF_RWDNS_DOMAIN}RPC ${DNSFOREST}   NS ${DNSDOMAIN}                         ${HOSTNAME}
+${IF_RWDNS_FOREST}RPC ${DNSFOREST}   NS _msdcs.${DNSFOREST}                  ${HOSTNAME}
+
+# RW domain controller
+${IF_RWDC}A            ${DNSDOMAIN}                                          $IP
+${IF_RWDC}AAAA         ${DNSDOMAIN}                                          $IP
+${IF_RWDC}SRV          _ldap._tcp.${DNSDOMAIN}                               ${HOSTNAME} 389
+${IF_RWDC}SRV          _ldap._tcp.dc._msdcs.${DNSDOMAIN}                     ${HOSTNAME} 389
+${IF_RWDC}SRV          _ldap._tcp.${DOMAINGUID}.domains._msdcs.${DNSFOREST}  ${HOSTNAME} 389
+${IF_RWDC}SRV          _kerberos._tcp.${DNSDOMAIN}                           ${HOSTNAME} 88
+${IF_RWDC}SRV          _kerberos._udp.${DNSDOMAIN}                           ${HOSTNAME} 88
+${IF_RWDC}SRV          _kerberos._tcp.dc._msdcs.${DNSDOMAIN}                 ${HOSTNAME} 88
+${IF_RWDC}SRV          _kpasswd._tcp.${DNSDOMAIN}                            ${HOSTNAME} 464
+${IF_RWDC}SRV          _kpasswd._udp.${DNSDOMAIN}                            ${HOSTNAME} 464
+# RW and RO domain controller
+${IF_DC}SRV            _ldap._tcp.${SITE}._sites.${DNSDOMAIN}                ${HOSTNAME} 389
+${IF_DC}SRV            _ldap._tcp.${SITE}._sites.dc._msdcs.${DNSDOMAIN}      ${HOSTNAME} 389
+${IF_DC}SRV            _kerberos._tcp.${SITE}._sites.${DNSDOMAIN}            ${HOSTNAME} 88
+${IF_DC}SRV            _kerberos._tcp.${SITE}._sites.dc._msdcs.${DNSDOMAIN}  ${HOSTNAME} 88
+
+# The PDC emulator
+${IF_PDC}SRV           _ldap._tcp.pdc._msdcs.${DNSDOMAIN}                    ${HOSTNAME} 389
+
+# RW GC servers
+${IF_RWGC}A            gc._msdcs.${DNSFOREST}                                $IP
+${IF_RWGC}AAAA         gc._msdcs.${DNSFOREST}                                $IP
+${IF_RWGC}SRV          _gc._tcp.${DNSFOREST}                                 ${HOSTNAME} 3268
+${IF_RWGC}SRV          _ldap._tcp.gc._msdcs.${DNSFOREST}                     ${HOSTNAME} 3268
+# RW and RO GC servers
+${IF_GC}SRV            _gc._tcp.${SITE}._sites.${DNSFOREST}                  ${HOSTNAME} 3268
+${IF_GC}SRV            _ldap._tcp.${SITE}._sites.gc._msdcs.${DNSFOREST}      ${HOSTNAME} 3268
+
+# RW DNS servers
+${IF_RWDNS_DOMAIN}A    DomainDnsZones.${DNSDOMAIN}                           $IP
+${IF_RWDNS_DOMAIN}AAAA DomainDnsZones.${DNSDOMAIN}                           $IP
+${IF_RWDNS_DOMAIN}SRV  _ldap._tcp.DomainDnsZones.${DNSDOMAIN}                ${HOSTNAME} 389
+# RW and RO DNS servers
+${IF_DNS_DOMAIN}SRV    _ldap._tcp.${SITE}._sites.DomainDnsZones.${DNSDOMAIN} ${HOSTNAME} 389
+
+# RW DNS servers
+${IF_RWDNS_FOREST}A    ForestDnsZones.${DNSFOREST}                           $IP
+${IF_RWDNS_FOREST}AAAA ForestDnsZones.${DNSFOREST}                           $IP
+${IF_RWDNS_FOREST}SRV  _ldap._tcp.ForestDnsZones.${DNSFOREST}                ${HOSTNAME} 389
+# RW and RO DNS servers
+${IF_DNS_FOREST}SRV    _ldap._tcp.${SITE}._sites.ForestDnsZones.${DNSFOREST} ${HOSTNAME} 389
+
diff --git a/source4/setup/extended-rights.ldif b/source4/setup/extended-rights.ldif
new file mode 100644
index 0000000..67417b7
--- /dev/null
+++ b/source4/setup/extended-rights.ldif
@@ -0,0 +1,835 @@
+# This is the schema of the extended rights built in to Active Directory
+#
+# This file is needed to document the rights that are available and to
+# create the appropritate objects in the AD database, which are used
+# by the administrative tools.
+#
+# The primary source is MS-ADTS 12/1/2017 v47.0 under 6.1.1.2.7
+# That document is licenced thusly:
+#
+# Intellectual Property Rights Notice for Open Specifications Documentation
+#
+
+# Technical Documentation. Microsoft publishes Open Specifications
+# documentation ("this documentation") for protocols, file formats,
+# data portability, computer languages, and standards
+# support. Additionally, overview documents cover inter-protocol
+# relationships and interactions.
+
+# Copyrights. This documentation is covered by Microsoft
+# copyrights. Regardless of any other terms that are contained in the
+# terms of use for the Microsoft website that hosts this
+# documentation, you can make copies of it in order to develop
+# implementations of the technologies that are described in this
+# documentation and can distribute portions of it in your
+# implementations that use these technologies or in your documentation
+# as necessary to properly document the implementation. You can also
+# distribute in your implementation, with or without modification, any
+# schemas, IDLs, or code samples that are included in the
+# documentation. This permission also applies to any documents that
+# are referenced in the Open Specifications documentation.
+
+# No Trade Secrets. Microsoft does not claim any trade secret rights
+# in this documentation.
+
+# Patents. Microsoft has patents that might cover your implementations
+# of the technologies described in the Open Specifications
+# documentation. Neither this notice nor Microsoft's delivery of this
+# documentation grants any licenses under those patents or any other
+# Microsoft patents. However, a given Open Specifications document
+# might be covered by the Microsoft Open Specifications Promise or the
+# Microsoft Community Promise. If you would prefer a written license,
+# or if the technologies described in this documentation are not
+# covered by the Open Specifications Promise or Community Promise, as
+# applicable, patent licenses are available by contacting
+# iplg@microsoft.com.
+
+# License Programs. To see all of the protocols in scope under a
+# specific license program and the associated patents, visit the
+# Patent Map.
+
+# Trademarks. The names of companies and products contained in this
+# documentation might be covered by trademarks or similar intellectual
+# property rights. This notice does not grant any licenses under those
+# rights. For a list of Microsoft trademarks, visit
+# www.microsoft.com/trademarks.
+
+# Fictitious Names. The example companies, organizations, products,
+# domain names, email addresses, logos, people, places, and events
+# that are depicted in this documentation are fictitious. No
+# association with any real company, organization, product, domain
+# name, email address, logo, person, place, or event is intended or
+# should be inferred.
+
+# Reservation of Rights. All other rights are reserved, and this
+# notice does not grant any rights other than as specifically
+# described above, whether by implication, estoppel, or otherwise.
+
+# Tools. The Open Specifications documentation does not require the
+# use of Microsoft programming tools or programming environments in
+# order for you to develop an implementation. If you have access to
+# Microsoft programming tools and environments, you are free to take
+# advantage of them. Certain Open Specifications documents are
+# intended for use in conjunction with publicly available standards
+# specifications and network programming art and, as such, assume that
+# the reader either is familiar with the aforementioned material or
+# has immediate access to it.
+
+# Support. For questions and support, please contact dochelp@microsoft.com.
+
+#
+# Additionally, changes for Windows 2012 and above are sourced from
+#
+# https://github.com/MicrosoftDocs/windowsserverdocs/blob/master/WindowsServerDocs/identity/ad-ds/deploy/Schema-Updates.md
+#
+# in this repoo this is kept in
+# source4/setup/adprep/WindowsServerDocs/Schema-Updates.md
+# and is licenced under the MIT licence
+#
+# The MIT License (MIT)
+#  Copyright (c) Microsoft Corporation
+
+# Permission is hereby granted, free of charge, to any person
+# obtaining a copy of this software and associated documentation files
+# (the "Software"), to deal in the Software without restriction,
+# including without limitation the rights to use, copy, modify, merge,
+# publish, distribute, sublicense, and/or sell copies of the Software,
+# and to permit persons to whom the Software is furnished to do so,
+# subject to the following conditions:
+
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+
+# 6.1.1.2.7.1 controlAccessRight objects
+# All controlAccessRight objects have:
+# objectClass: controlAccessRight
+# rightsGuid: This value is the identifier of the control access right
+#             used for security descriptors and SDDL.
+# appliesTo: Each value in this attribute is a GUID, with each GUID
+#            equaling an attribute schemaIDGUID on a schema object
+#            defining a class in the schema NC. This class defines the
+#            objects in which the control access right can be a
+#            security descriptor for. The appliesTo values on the
+#            controlAccessRight are not enforced by the directory
+#            server; that is, the controlAccessRight can be included
+#            in security descriptors of objects of classes not
+#            specified in the appliesTo attribute.
+# localizationDisplayId: This is implementation-specific information
+#                        for the administrative application.
+# validAccesses: This is implementation-specific information for the
+#                administrative application.
+#
+# NOTE: while it is claimed that validAccesses is implementation-specfic
+# it can be determined by careful reading of other parts of MS-ADTS
+
+dn: CN=Change-Rid-Master,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Change Rid Master
+rightsGuid: d58d5f36-0a98-11d1-adbb-00c04fd8d5cd
+appliesTo: 6617188d-8f3c-11d0-afda-00c04fd930c9
+validAccesses: 256
+
+dn: CN=Do-Garbage-Collection,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Do Garbage Collection
+rightsGuid: fec364e0-0a98-11d1-adbb-00c04fd8d5cd
+appliesTo: f0f8ffab-1191-11d0-a060-00aa006c33ed
+validAccesses: 256
+
+dn: CN=Recalculate-Hierarchy,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Recalculate Hierarchy
+rightsGuid: 0bc1554e-0a99-11d1-adbb-00c04fd8d5cd
+appliesTo: f0f8ffab-1191-11d0-a060-00aa006c33ed
+validAccesses: 256
+
+dn: CN=Allocate-Rids,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Allocate Rids
+rightsGuid: 1abd7cf8-0a99-11d1-adbb-00c04fd8d5cd
+appliesTo: f0f8ffab-1191-11d0-a060-00aa006c33ed
+validAccesses: 256
+
+dn: CN=Change-PDC,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Change PDC
+rightsGuid: bae50096-4752-11d1-9052-00c04fc2d4cf
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+validAccesses: 256
+
+dn: CN=Add-GUID,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Add GUID
+rightsGuid: 440820ad-65b4-11d1-a3da-0000f875ae0d
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+validAccesses: 256
+
+dn: CN=Change-Domain-Master,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Change Domain Master
+rightsGuid: 014bf69c-7b3b-11d1-85f6-08002be74fab
+appliesTo: ef9e60e0-56f7-11d1-a9c6-0000f80367c1
+validAccesses: 256
+
+dn: CN=Public-Information,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Public Information
+rightsGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+appliesTo: 4828CC14-1437-45bc-9B07-AD6F015E5F28
+appliesTo: bf967a86-0de6-11d0-a285-00aa003049e2
+appliesTo: bf967aba-0de6-11d0-a285-00aa003049e2
+appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64
+validAccesses: 48
+
+dn: CN=msmq-Receive-Dead-Letter,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: msmq Receive Dead Letter
+rightsGuid: 4b6e08c0-df3c-11d1-9c86-006008764d0e
+appliesTo: 9a0dc344-c100-11d1-bbc5-0080c76670c0
+validAccesses: 256
+
+dn: CN=msmq-Peek-Dead-Letter,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: msmq Peek Dead Letter
+rightsGuid: 4b6e08c1-df3c-11d1-9c86-006008764d0e
+appliesTo: 9a0dc344-c100-11d1-bbc5-0080c76670c0
+validAccesses: 256
+
+dn: CN=msmq-Receive-computer-Journal,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: msmq Receive computer Journal
+rightsGuid: 4b6e08c2-df3c-11d1-9c86-006008764d0e
+appliesTo: 9a0dc344-c100-11d1-bbc5-0080c76670c0
+validAccesses: 256
+
+dn: CN=msmq-Peek-computer-Journal,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: msmq Peek computer Journal
+rightsGuid: 4b6e08c3-df3c-11d1-9c86-006008764d0e
+appliesTo: 9a0dc344-c100-11d1-bbc5-0080c76670c0
+validAccesses: 256
+
+dn: CN=msmq-Receive,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: msmq Receive
+rightsGuid: 06bd3200-df3e-11d1-9c86-006008764d0e
+appliesTo: 9a0dc343-c100-11d1-bbc5-0080c76670c0
+validAccesses: 256
+
+dn: CN=msmq-Peek,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: msmq Peek
+rightsGuid: 06bd3201-df3e-11d1-9c86-006008764d0e
+appliesTo: 9a0dc343-c100-11d1-bbc5-0080c76670c0
+validAccesses: 256
+
+dn: CN=msmq-Send,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: msmq Send
+rightsGuid: 06bd3202-df3e-11d1-9c86-006008764d0e
+appliesTo: 9a0dc343-c100-11d1-bbc5-0080c76670c0
+appliesTo: 46b27aac-aafa-4ffb-b773-e5bf621ee87b
+validAccesses: 256
+
+dn: CN=msmq-Receive-journal,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: msmq Receive journal
+rightsGuid: 06bd3203-df3e-11d1-9c86-006008764d0e
+appliesTo: 9a0dc343-c100-11d1-bbc5-0080c76670c0
+validAccesses: 256
+
+dn: CN=msmq-Open-Connector,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: msmq Open Connector
+rightsGuid: b4e60130-df3f-11d1-9c86-006008764d0e
+appliesTo: bf967ab3-0de6-11d0-a285-00aa003049e2
+validAccesses: 256
+
+dn: CN=Apply-Group-Policy,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Apply Group Policy
+rightsGuid: edacfd8f-ffb3-11d1-b41d-00a0c968f939
+appliesTo: f30e3bc2-9ff0-11d1-b603-0000f80367c1
+validAccesses: 256
+
+dn: CN=RAS-Information,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Remote Access Information
+rightsGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
+appliesTo: 4828CC14-1437-45bc-9B07-AD6F015E5F28
+appliesTo: bf967aba-0de6-11d0-a285-00aa003049e2
+validAccesses: 48
+
+dn: CN=DS-Install-Replica,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: DS Install Replica
+rightsGuid: 9923a32a-3607-11d2-b9be-0000f87a36b2
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+validAccesses: 256
+
+dn: CN=Change-Infrastructure-Master,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Change Infrastructure Master
+rightsGuid: cc17b1fb-33d9-11d2-97d4-00c04fd8d5cd
+appliesTo: 2df90d89-009f-11d2-aa4c-00c04fd7d83a
+validAccesses: 256
+
+dn: CN=Update-Schema-Cache,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Update Schema Cache
+rightsGuid: be2bb760-7f46-11d2-b9ad-00c04f79f805
+appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2
+validAccesses: 256
+
+dn: CN=Recalculate-Security-Inheritance,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Recalculate Security Inheritance
+rightsGuid: 62dd28a8-7f46-11d2-b9ad-00c04f79f805
+appliesTo: f0f8ffab-1191-11d0-a060-00aa006c33ed
+validAccesses: 256
+
+dn: CN=DS-Check-Stale-Phantoms,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: DS Check Stale Phantoms
+rightsGuid: 69ae6200-7f46-11d2-b9ad-00c04f79f805
+appliesTo: f0f8ffab-1191-11d0-a060-00aa006c33ed
+validAccesses: 256
+
+dn: CN=Certificate-Enrollment,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Certificate Enrollment
+rightsGuid: 0e10c968-78fb-11d2-90d4-00c04f79dc55
+appliesTo: e5209ca2-3bba-11d2-90cc-00c04fd91ab1
+validAccesses: 256
+
+dn: CN=Self-Membership,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Self Membership
+rightsGuid: bf9679c0-0de6-11d0-a285-00aa003049e2
+appliesTo: bf967a9c-0de6-11d0-a285-00aa003049e2
+validAccesses: 8
+
+dn: CN=Validated-DNS-Host-Name,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Validated DNS Host Name
+rightsGuid: 72e39547-7b18-11d1-adef-00c04fd8d5cd
+appliesTo: bf967a86-0de6-11d0-a285-00aa003049e2
+appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64
+${INC2012}appliesTo: 7b8b558a-93a5-4af7-adca-c017e67f1057
+validAccesses: 8
+
+dn: CN=Validated-SPN,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Validated SPN
+rightsGuid: f3a64788-5306-11d1-a9c5-0000f80367c1
+appliesTo: bf967a86-0de6-11d0-a285-00aa003049e2
+appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64
+validAccesses: 8
+
+dn: CN=Generate-RSoP-Planning,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Generate RSoP Planning
+rightsGuid: b7b1b3dd-ab09-4242-9e30-9980e5d322f7
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+appliesTo: bf967aa5-0de6-11d0-a285-00aa003049e2
+validAccesses: 256
+
+dn: CN=Refresh-Group-Cache,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Refresh Group Cache
+rightsGuid: 9432c620-033c-4db7-8b58-14ef6d0bf477
+appliesTo: f0f8ffab-1191-11d0-a060-00aa006c33ed
+validAccesses: 256
+
+dn: CN=Reload-SSL-Certificate,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Reload SSL Certificate
+rightsGuid: 1a60ea8d-58a6-4b20-bcdc-fb71eb8a9ff8
+appliesTo: f0f8ffab-1191-11d0-a060-00aa006c33ed
+validAccesses: 256
+
+dn: CN=SAM-Enumerate-Entire-Domain,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: SAM Enumerate Entire Domain
+rightsGuid: 91d67418-0135-4acc-8d79-c08e857cfbec
+appliesTo: bf967aad-0de6-11d0-a285-00aa003049e2
+validAccesses: 256
+
+dn: CN=Generate-RSoP-Logging,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Generate RSoP Logging
+rightsGuid: b7b1b3de-ab09-4242-9e30-9980e5d322f7
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+appliesTo: bf967aa5-0de6-11d0-a285-00aa003049e2
+validAccesses: 256
+
+dn: CN=Domain-Other-Parameters,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Other Domain Parameters (for use by SAM)
+rightsGuid: b8119fd0-04f6-4762-ab7a-4986c76b3f9a
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+validAccesses: 48
+
+dn: CN=DNS-Host-Name-Attributes,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: DNS Host Name Attributes
+rightsGuid: 72e39547-7b18-11d1-adef-00c04fd8d5cd
+appliesTo: bf967a86-0de6-11d0-a285-00aa003049e2
+appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64
+${INC2012}appliesTo: 7b8b558a-93a5-4af7-adca-c017e67f1057
+validAccesses: 48
+
+dn: CN=Create-Inbound-Forest-Trust,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Create Inbound Forest Trust
+rightsGuid: e2a36dc9-ae17-47c3-b58b-be34c55ba633
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+validAccesses: 256
+
+dn: CN=DS-Replication-Get-Changes-All,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: DS Replication Get Changes All
+rightsGuid: 1131f6ad-9c07-11d1-f79f-00c04fc2dcd2
+appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2
+appliesTo: bf967a87-0de6-11d0-a285-00aa003049e2
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+validAccesses: 256
+
+dn: CN=Migrate-SID-History,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Migrate SID History
+rightsGuid: BA33815A-4F93-4c76-87F3-57574BFF8109
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+validAccesses: 256
+
+dn: CN=Reanimate-Tombstones,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Reanimate Tombstones
+rightsGuid: 45EC5156-DB7E-47bb-B53F-DBEB2D03C40F
+appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2
+appliesTo: bf967a87-0de6-11d0-a285-00aa003049e2
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+validAccesses: 256
+
+dn: CN=Allowed-To-Authenticate,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Allowed To Authenticate
+rightsGuid: 68B1D179-0D15-4d4f-AB71-46152E79A7BC
+appliesTo: 4828cc14-1437-45bc-9b07-ad6f015e5f28
+appliesTo: bf967aba-0de6-11d0-a285-00aa003049e2
+appliesTo: bf967a86-0de6-11d0-a285-00aa003049e2
+appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64
+validAccesses: 256
+
+dn: CN=DS-Execute-Intentions-Script,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: DS Execute Intentions Script
+rightsGuid: 2f16c4a5-b98e-432c-952a-cb388ba33f2e
+appliesTo: ef9e60e0-56f7-11d1-a9c6-0000f80367c1
+validAccesses: 256
+
+dn: CN=DS-Replication-Monitor-Topology,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: DS Replication Monitor Topology
+rightsGuid: f98340fb-7c5b-4cdb-a00b-2ebdfa115a96
+appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2
+appliesTo: bf967a87-0de6-11d0-a285-00aa003049e2
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+validAccesses: 256
+
+dn: CN=Update-Password-Not-Required-Bit,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Update Password Not Required Bit
+rightsGuid: 280f369c-67c7-438e-ae98-1d46f3c6f541
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+validAccesses: 256
+
+dn: CN=Unexpire-Password,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Unexpire Password
+rightsGuid: ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+validAccesses: 256
+
+dn: CN=Enable-Per-User-Reversibly-Encrypted-Password,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Enable Per User Reversibly Encrypted Password
+rightsGuid: 05c74c5e-4deb-43b4-bd9f-86664c2a7fd5
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+validAccesses: 256
+
+dn: CN=DS-Query-Self-Quota,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: DS Query Self Quota
+rightsGuid: 4ecc03fe-ffc0-4947-b630-eb672a8a9dbc
+appliesTo: da83fc4f-076f-4aea-b4dc-8f4dab9b5993
+validAccesses: 256
+
+dn: CN=Private-Information,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Private Information
+rightsGuid: 91e647de-d96f-4b70-9557-d63ff4f3ccd8
+appliesTo: bf967aba-0de6-11d0-a285-00aa003049e2
+appliesTo: 4828cc14-1437-45bc-9b07-ad6f015e5f28
+validAccesses: 48
+
+dn: CN=MS-TS-GatewayAccess,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: MS-TS-GatewayAccess
+rightsGuid: ffa6f046-ca4b-4feb-b40d-04dfee722543
+appliesTo: bf967a86-0de6-11d0-a285-00aa003049e2
+appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64
+validAccesses: 48
+
+dn: CN=Terminal-Server-License-Server,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Terminal Server License Server
+rightsGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+appliesTo: bf967aba-0de6-11d0-a285-00aa003049e2
+appliesTo: 4828cc14-1437-45bc-9b07-ad6f015e5f28
+validAccesses: 48
+
+dn: CN=Domain-Administer-Server,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Domain Administer Server
+rightsGuid: ab721a52-1e2f-11d0-9819-00aa0040529b
+appliesTo: bf967aad-0de6-11d0-a285-00aa003049e2
+validAccesses: 256
+
+dn: CN=User-Change-Password,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: User Change Password
+rightsGuid: ab721a53-1e2f-11d0-9819-00aa0040529b
+appliesTo: bf967a86-0de6-11d0-a285-00aa003049e2
+appliesTo: bf967aba-0de6-11d0-a285-00aa003049e2
+appliesTo: 4828CC14-1437-45bc-9B07-AD6F015E5F28
+appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64
+validAccesses: 256
+
+dn: CN=User-Force-Change-Password,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: User Force Change Password
+rightsGuid: 00299570-246d-11d0-a768-00aa006e0529
+appliesTo: bf967a86-0de6-11d0-a285-00aa003049e2
+appliesTo: bf967aba-0de6-11d0-a285-00aa003049e2
+appliesTo: 4828CC14-1437-45bc-9B07-AD6F015E5F28
+appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64
+validAccesses: 256
+
+dn: CN=Send-As,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Send As
+rightsGuid: ab721a54-1e2f-11d0-9819-00aa0040529b
+appliesTo: bf967a86-0de6-11d0-a285-00aa003049e2
+appliesTo: bf967aba-0de6-11d0-a285-00aa003049e2
+appliesTo: 4828CC14-1437-45bc-9B07-AD6F015E5F28
+appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64
+validAccesses: 256
+
+dn: CN=Receive-As,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Receive As
+rightsGuid: ab721a56-1e2f-11d0-9819-00aa0040529b
+appliesTo: bf967a86-0de6-11d0-a285-00aa003049e2
+appliesTo: bf967aba-0de6-11d0-a285-00aa003049e2
+appliesTo: 4828CC14-1437-45bc-9B07-AD6F015E5F28
+appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64
+validAccesses: 256
+
+dn: CN=Send-To,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Send To
+rightsGuid: ab721a55-1e2f-11d0-9819-00aa0040529b
+appliesTo: bf967a9c-0de6-11d0-a285-00aa003049e2
+validAccesses: 256
+
+dn: CN=Domain-Password,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Domain Password & Lockout Policies
+rightsGuid: c7407360-20bf-11d0-a768-00aa006e0529
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+appliesTo: 19195a5a-6da0-11d0-afd3-00c04fd930c9
+validAccesses: 48
+
+dn: CN=General-Information,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: General Information
+rightsGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+appliesTo: 4828CC14-1437-45bc-9B07-AD6F015E5F28
+appliesTo: bf967aba-0de6-11d0-a285-00aa003049e2
+validAccesses: 48
+
+dn: CN=User-Account-Restrictions,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Account Restrictions
+rightsGuid: 4c164200-20c0-11d0-a768-00aa006e0529
+appliesTo: 4828CC14-1437-45bc-9B07-AD6F015E5F28
+appliesTo: bf967a86-0de6-11d0-a285-00aa003049e2
+appliesTo: bf967aba-0de6-11d0-a285-00aa003049e2
+appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64
+${INC2012}appliesTo: 7b8b558a-93a5-4af7-adca-c017e67f1057
+validAccesses: 48
+
+dn: CN=User-Logon,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Logon Information
+rightsGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+appliesTo: 4828CC14-1437-45bc-9B07-AD6F015E5F28
+appliesTo: bf967aba-0de6-11d0-a285-00aa003049e2
+validAccesses: 48
+
+dn: CN=Membership,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Group Membership
+rightsGuid: bc0ac240-79a9-11d0-9020-00c04fc2d4cf
+appliesTo: 4828CC14-1437-45bc-9B07-AD6F015E5F28
+appliesTo: bf967aba-0de6-11d0-a285-00aa003049e2
+validAccesses: 48
+
+dn: CN=Open-Address-Book,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Open Address Book
+rightsGuid: a1990816-4298-11d1-ade2-00c04fd8d5cd
+appliesTo: 3e74f60f-3e73-11d1-a9c0-0000f80367c1
+validAccesses: 256
+
+dn: CN=Personal-Information,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Personal Information
+rightsGuid: 77B5B886-944A-11d1-AEBD-0000F80367C1
+appliesTo: 4828CC14-1437-45bc-9B07-AD6F015E5F28
+appliesTo: bf967a86-0de6-11d0-a285-00aa003049e2
+appliesTo: 5cb41ed0-0e4c-11d0-a286-00aa003049e2
+appliesTo: bf967aba-0de6-11d0-a285-00aa003049e2
+appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64
+${INC2012}appliesTo: 641E87A4-8326-4771-BA2D-C706DF35E35A
+validAccesses: 48
+
+dn: CN=Email-Information,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Phone and Mail Options
+rightsGuid: E45795B2-9455-11d1-AEBD-0000F80367C1
+appliesTo: 4828CC14-1437-45bc-9B07-AD6F015E5F28
+appliesTo: bf967a9c-0de6-11d0-a285-00aa003049e2
+appliesTo: bf967aba-0de6-11d0-a285-00aa003049e2
+validAccesses: 48
+
+dn: CN=Web-Information,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Web Information
+rightsGuid: E45795B3-9455-11d1-AEBD-0000F80367C1
+appliesTo: 4828CC14-1437-45bc-9B07-AD6F015E5F28
+appliesTo: 5cb41ed0-0e4c-11d0-a286-00aa003049e2
+appliesTo: bf967aba-0de6-11d0-a285-00aa003049e2
+validAccesses: 48
+
+dn: CN=DS-Replication-Get-Changes,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: DS Replication Get Changes
+rightsGuid: 1131f6aa-9c07-11d1-f79f-00c04fc2dcd2
+appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2
+appliesTo: bf967a87-0de6-11d0-a285-00aa003049e2
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+validAccesses: 256
+
+dn: CN=DS-Replication-Synchronize,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: DS Replication Synchronize
+rightsGuid: 1131f6ab-9c07-11d1-f79f-00c04fc2dcd2
+appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2
+appliesTo: bf967a87-0de6-11d0-a285-00aa003049e2
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+validAccesses: 256
+
+dn: CN=DS-Replication-Manage-Topology,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: DS Replication Manage Topology
+rightsGuid: 1131f6ac-9c07-11d1-f79f-00c04fc2dcd2
+appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2
+appliesTo: bf967a87-0de6-11d0-a285-00aa003049e2
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+validAccesses: 256
+
+dn: CN=Change-Schema-Master,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Change Schema Master
+rightsGuid: e12b56b6-0a95-11d1-adbb-00c04fd8d5cd
+appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2
+validAccesses: 256
+
+dn: CN=DS-Replication-Get-Changes-In-Filtered-Set,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: DS Replication Get Changes In Filtered Set
+rightsGuid: 89e95b76-444d-4c62-991a-0facbeda640c
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+appliesTo: bf967a87-0de6-11d0-a285-00aa003049e2
+appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2
+validAccesses: 256
+
+dn: CN=Run-Protect-Admin-Groups-Task,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Run Protect Admin Groups Task
+rightsGuid: 7726b9d5-a4b4-4288-a6b2-dce952e80a7f
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+validAccesses: 256
+
+dn: CN=Manage-Optional-Features,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Manage Optional Features
+rightsGuid: 7c0e2a7c-a419-48e4-a995-10180aad54dd
+appliesTo: ef9e60e0-56f7-11d1-a9c6-0000f80367c1
+validAccesses: 256
+
+dn: CN=Read-Only-Replication-Secret-Synchronization,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Read Only Replication Secret Synchronization
+rightsGuid: 1131f6ae-9c07-11d1-f79f-00c04fc2dcd2
+appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2
+appliesTo: bf967a87-0de6-11d0-a285-00aa003049e2
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+validAccesses: 256
+${INC2012}
+${INC2012}dn: CN=Validated-MS-DS-Behavior-Version,CN=Extended-Rights,${CONFIGDN}
+${INC2012}objectClass: controlAccessRight
+${INC2012}rightsGuid: d31a8757-2447-4545-8081-3bb610cacbf2
+${INC2012}appliesTo: f0f8ffab-1191-11d0-a060-00aa006c33ed
+${INC2012}displayName: Validated write to MS DS behavior version
+${INC2012}localizationDisplayId: 81
+${INC2012}validAccesses: 8
+${INC2012}showInAdvancedViewOnly: TRUE
+${INC2012}
+${INC2012}dn: CN=Validated-MS-DS-Additional-DNS-Host-Name,CN=Extended-Rights,${CONFIGDN}
+${INC2012}objectClass: controlAccessRight
+${INC2012}rightsGuid: 80863791-dbe9-4eb8-837e-7f0ab55d9ac7
+${INC2012}appliesTo: bf967a86-0de6-11d0-a285-00aa003049e2
+${INC2012}displayName: Validated write to MS DS Additional DNS Host Name
+${INC2012}localizationDisplayId: 82
+${INC2012}validAccesses: 8
+${INC2012}showInAdvancedViewOnly: TRUE
+${INC2012}
+${INC2012}dn: CN=DS-Clone-Domain-Controller,CN=Extended-Rights,${CONFIGDN}
+${INC2012}objectClass: controlAccessRight
+${INC2012}displayName: Allow a DC to create a clone of itself
+${INC2012}rightsGuid: 3e0f7e18-2c7a-4c10-ba82-4d926db99a3e
+${INC2012}appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
+${INC2012}validAccesses: 256
+${INC2012}localizationDisplayId: 80
+${INC2012}
+${INC2012}dn: CN=Certificate-AutoEnrollment,CN=Extended-Rights,${CONFIGDN}
+${INC2012}objectClass: controlAccessRight
+${INC2012}showInAdvancedViewOnly: TRUE
+${INC2012}appliesTo: e5209ca2-3bba-11d2-90cc-00c04fd91ab1
+${INC2012}displayname: AutoEnrollment
+${INC2012}localizationDisplayId: 83
+${INC2012}rightsGuid: a05b8cc2-17bc-4802-a710-e7c15ab866a2
+${INC2012}validAccesses: 256
+${INC2012}
+${INC2012}dn: CN=DS-Set-Owner,CN=Extended-Rights,${CONFIGDN}
+${INC2012}objectClass: controlAccessRight
+${INC2012}displayName: Set Owner of an object during creation.
+${INC2012}rightsGuid: 4125c71f-7fac-4ff0-bcb7-f09a41325286
+${INC2012}appliesTo: 26f11b08-a29d-4869-99bb-ef0b99fd883e
+${INC2012}validAccesses: 256
+${INC2012}
+${INC2012}dn: CN=DS-Bypass-Quota,CN=Extended-Rights,${CONFIGDN}
+${INC2012}objectClass: controlAccessRight
+${INC2012}displayName: Bypass the quota restrictions during creation.
+${INC2012}rightsGuid: 88a9933e-e5c8-4f2a-9dd7-2527416b8092
+${INC2012}appliesTo: 26f11b08-a29d-4869-99bb-ef0b99fd883e
+${INC2012}validAccesses: 256
+${INC2012}
+${INC2012}dn: CN=DS-Read-Partition-Secrets,CN=Extended-Rights,${CONFIGDN}
+${INC2012}objectClass: controlAccessRight
+${INC2012}displayName: Read secret attributes of objects in a Partition
+${INC2012}rightsGuid: 084c93a2-620d-4879-a836-f0ae47de0e89
+${INC2012}appliesTo: 26f11b08-a29d-4869-99bb-ef0b99fd883e
+${INC2012}validAccesses: 256
+${INC2012}
+${INC2012}dn: CN=DS-Write-Partition-Secrets,CN=Extended-Rights,${CONFIGDN}
+${INC2012}objectClass: controlAccessRight
+${INC2012}displayName: Write secret attributes of objects in a Partition
+${INC2012}rightsGuid: 94825A8D-B171-4116-8146-1E34D8F54401
+${INC2012}appliesTo: 26f11b08-a29d-4869-99bb-ef0b99fd883e
+${INC2012}validAccesses: 256
+
diff --git a/source4/setup/idmap_init.ldif b/source4/setup/idmap_init.ldif
new file mode 100644
index 0000000..8c143c1
--- /dev/null
+++ b/source4/setup/idmap_init.ldif
@@ -0,0 +1,8 @@
+dn: CN=CONFIG
+cn: CONFIG
+lowerBound: 3000000
+upperBound: 4000000
+
+dn: @INDEXLIST
+@IDXATTR: xidNumber
+@IDXATTR: objectSid
diff --git a/source4/setup/krb5.conf b/source4/setup/krb5.conf
new file mode 100644
index 0000000..ad6f281
--- /dev/null
+++ b/source4/setup/krb5.conf
@@ -0,0 +1,12 @@
+[libdefaults]
+	default_realm = ${REALM}
+	dns_lookup_realm = false
+	dns_lookup_kdc = true
+
+[realms]
+${REALM} = {
+	default_domain = ${DNSDOMAIN}
+}
+
+[domain_realm]
+	${HOSTNAME} = ${REALM}
diff --git a/source4/setup/named.conf b/source4/setup/named.conf
new file mode 100644
index 0000000..a36f781
--- /dev/null
+++ b/source4/setup/named.conf
@@ -0,0 +1,39 @@
+# This file should be included in your main BIND configuration file
+#
+# For example with
+# include "${NAMED_CONF}";
+
+zone "${DNSDOMAIN}." IN {
+	type master;
+	file "${ZONE_FILE}";
+	/*
+	 * the list of principals and what they can change is created
+	 * dynamically by Samba, based on the membership of the domain controllers
+	 * group. The provision just creates this file as an empty file.
+	 */
+	include "${NAMED_CONF_UPDATE}";
+
+	/* we need to use check-names ignore so _msdcs A records can be created */
+	check-names ignore;
+};
+
+# The reverse zone configuration is optional.  The following example assumes a
+# subnet of 192.168.123.0/24:
+
+/*
+zone "123.168.192.in-addr.arpa" in {
+	type master;
+	file "123.168.192.in-addr.arpa.zone";
+	update-policy {
+		grant ${REALM_WC} wildcard *.123.168.192.in-addr.arpa. PTR;
+	};
+};
+*/
+
+# Note that the reverse zone file is not created during the provision process.
+
+# The most recent BIND versions (9.8 or later) support secure GSS-TSIG
+# updates.  If you are running an earlier version of BIND, or if you do not wish
+# to use secure GSS-TSIG updates, you may remove the update-policy sections in
+# both examples above.
+
diff --git a/source4/setup/named.conf.dlz b/source4/setup/named.conf.dlz
new file mode 100644
index 0000000..cbe7d80
--- /dev/null
+++ b/source4/setup/named.conf.dlz
@@ -0,0 +1,37 @@
+# This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen support.
+#
+# This file should be included in your main BIND configuration file
+#
+# For example with
+# include "${NAMED_CONF}";
+
+#
+# This configures dynamically loadable zones (DLZ) from AD schema
+# Uncomment only single database line, depending on your BIND version
+#
+dlz "AD DNS Zone" {
+    # For BIND 9.8.x
+    ${BIND9_8} database "dlopen ${MODULESDIR}/bind9/dlz_bind9.so";
+
+    # For BIND 9.9.x
+    ${BIND9_9} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_9.so";
+
+    # For BIND 9.10.x
+    ${BIND9_10} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_10.so";
+
+    # For BIND 9.11.x
+    ${BIND9_11} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_11.so";
+
+    # For BIND 9.12.x
+    ${BIND9_12} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_12.so";
+
+    # For BIND 9.14.x
+    ${BIND9_14} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_14.so";
+
+    # For BIND 9.16.x
+    ${BIND9_16} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_16.so";
+    #
+    # For BIND 9.18.x
+    ${BIND9_18} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_18.so";
+};
+
diff --git a/source4/setup/named.conf.update b/source4/setup/named.conf.update
new file mode 100644
index 0000000..13cb29e
--- /dev/null
+++ b/source4/setup/named.conf.update
@@ -0,0 +1,4 @@
+/*
+	this file will be automatically replaced with the correct
+	'grant' rules by samba at runtime
+*/
diff --git a/source4/setup/named.txt b/source4/setup/named.txt
new file mode 100644
index 0000000..ab284ed
--- /dev/null
+++ b/source4/setup/named.txt
@@ -0,0 +1,49 @@
+# Additional information for DNS setup using BIND
+
+# You must make the following configuration changes to BIND to support
+# Samba's AD DC:
+
+#
+# Steps for BIND 9.8.x and 9.9.x -----------------------------------------
+#
+
+# 1. Insert following lines into the options {} section of your named.conf 
+#    file:
+tkey-gssapi-keytab "${DNS_KEYTAB_ABS}";
+minimal-responses yes;
+
+# 2. If SELinux is enabled, ensure that all files have the appropriate 
+#    SELinux file contexts.  The ${DNS_KEYTAB} file must be accessible by the 
+#    BIND daemon and should have a SELinux type of named_conf_t.  This can be 
+#    set with the following command:
+chcon -t named_conf_t ${DNS_KEYTAB_ABS}
+
+#    Even if not using SELinux, do confirm (only) BIND can access this file as the 
+#    user it becomes (generally not root).
+
+#
+# Steps for BIND 9.x.x using BIND9_DLZ ------------------------------
+#
+
+# 3. Disable chroot support in BIND.  
+#    BIND is often configured to run in a chroot, but this is not
+#    compatible with access to the dns/sam.ldb files that database
+#    access and updates require.  Additionally, the DLZ plugin is
+#    linked to a large number of Samba shared libraries and loads
+#    additional plugins.
+
+#
+# Steps for BIND 9.x.x using BIND9_FLATFILE ------------------------------
+#
+
+# 3. Ensure the BIND zone file(s) that will be dynamically updated are in 
+#    a directory where the BIND daemon can write.  When BIND performs 
+#    dynamic updates, it not only needs to update the zone file itself but 
+#    it must also create a journal (.jnl) file to track the dynamic updates 
+#    as they occur.  Under Fedora 9, the /var/named directory can not be 
+#    written to by the "named" user.  However, the directory /var/named/dynamic 
+#    directory does provide write access.  Therefore the zone files were 
+#    placed under the /var/named/dynamic directory.  The file directives in 
+#    both example zone statements at the beginning of this file were changed 
+#    by prepending the directory "dynamic/".
+
diff --git a/source4/setup/prefixMap.txt b/source4/setup/prefixMap.txt
new file mode 100644
index 0000000..2670980
--- /dev/null
+++ b/source4/setup/prefixMap.txt
@@ -0,0 +1,41 @@
+0:2.5.4
+1:2.5.6
+2:1.2.840.113556.1.2
+3:1.2.840.113556.1.3
+4:2.16.840.1.101.2.2.1
+5:2.16.840.1.101.2.2.3
+6:2.16.840.1.101.2.1.5
+7:2.16.840.1.101.2.1.4
+8:2.5.5
+9:1.2.840.113556.1.4
+10:1.2.840.113556.1.5
+19:0.9.2342.19200300.100
+20:2.16.840.1.113730.3
+21:0.9.2342.19200300.100.1
+22:2.16.840.1.113730.3.1
+23:1.2.840.113556.1.5.7000
+24:2.5.21
+25:2.5.18
+26:2.5.20
+11:1.2.840.113556.1.4.260
+12:1.2.840.113556.1.5.56
+13:1.2.840.113556.1.4.262
+14:1.2.840.113556.1.5.57
+15:1.2.840.113556.1.4.263
+16:1.2.840.113556.1.5.58
+17:1.2.840.113556.1.5.73
+18:1.2.840.113556.1.4.305
+27:1.3.6.1.4.1.1466.101.119
+28:2.16.840.1.113730.3.2
+29:1.3.6.1.4.1.250.1
+30:1.2.840.113549.1.9
+31:0.9.2342.19200300.100.4
+32:1.2.840.113556.1.6.23
+33:1.2.840.113556.1.6.18.1
+34:1.2.840.113556.1.6.18.2
+35:1.2.840.113556.1.6.13.3
+36:1.2.840.113556.1.6.13.4
+37:1.3.6.1.1.1.1
+38:1.3.6.1.1.1.2
+39:1.3.6.1.4.1.7165.4.1
+40:1.3.6.1.4.1.7165.4.2
diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
new file mode 100644
index 0000000..7f966fd
--- /dev/null
+++ b/source4/setup/provision.ldif
@@ -0,0 +1,871 @@
+###############################
+# Default Naming Context
+###############################
+
+dn: CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: builtinDomain
+creationTime: ${CREATTIME}
+forceLogoff: -9223372036854775808
+isCriticalSystemObject: TRUE
+lockoutDuration: -18000000000
+lockOutObservationWindow: -18000000000
+lockoutThreshold: 0
+maxPwdAge: -37108517437440
+minPwdAge: 0
+minPwdLength: 0
+modifiedCount: 1
+modifiedCountAtLastProm: 0
+nextRid: 1000
+objectSid: S-1-5-32
+pwdHistoryLength: 0
+pwdProperties: 0
+serverState: 1
+showInAdvancedViewOnly: FALSE
+systemFlags: -1946157056
+uASCompat: 1
+nTSecurityDescriptor:: ${BUILTIN_DESCRIPTOR}
+
+dn: CN=Deleted Objects,${DOMAINDN}
+objectClass: top
+objectClass: container
+description: Container for deleted objects
+isDeleted: TRUE
+isCriticalSystemObject: TRUE
+showInAdvancedViewOnly: TRUE
+systemFlags: -1946157056
+nTSecurityDescriptor:: ${DELETEDOBJECTS_DESCRIPTOR}
+
+# Computers located in "provision_computers*.ldif"
+# Users/Groups located in "provision_users*.ldif"
+
+dn: OU=Domain Controllers,${DOMAINDN}
+objectClass: top
+objectClass: organizationalUnit
+description: Default container for domain controllers
+systemFlags: -1946157056
+isCriticalSystemObject: TRUE
+showInAdvancedViewOnly: FALSE
+gPLink: [LDAP://CN={${POLICYGUID_DC}},CN=Policies,CN=System,${DOMAINDN};0]
+nTSecurityDescriptor:: ${DOMAIN_CONTROLLERS_DESCRIPTOR}
+
+# Joined DC located in "provision_self_join.ldif"
+
+dn: CN=ForeignSecurityPrincipals,${DOMAINDN}
+objectClass: top
+objectClass: container
+description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains
+systemFlags: -1946157056
+isCriticalSystemObject: TRUE
+showInAdvancedViewOnly: FALSE
+
+# Foreign security principals located in "provision_users.ldif"
+
+dn: CN=Infrastructure,${DOMAINDN}
+objectClass: top
+objectClass: infrastructureUpdate
+systemFlags: -1946157056
+isCriticalSystemObject: TRUE
+nTSecurityDescriptor:: ${INFRASTRUCTURE_DESCRIPTOR}
+
+dn: CN=LostAndFound,${DOMAINDN}
+objectClass: top
+objectClass: lostAndFound
+description: Default container for orphaned objects
+systemFlags: -1946157056
+isCriticalSystemObject: TRUE
+nTSecurityDescriptor:: ${LOSTANDFOUND_DESCRIPTOR}
+
+dn: CN=NTDS Quotas,${DOMAINDN}
+objectClass: top
+objectClass: msDS-QuotaContainer
+description: Quota specifications container
+msDS-TombstoneQuotaFactor: 100
+systemFlags: -2147483648
+isCriticalSystemObject: TRUE
+
+dn: CN=Program Data,${DOMAINDN}
+objectClass: top
+objectClass: container
+description: Default location for storage of application data.
+
+dn: CN=Microsoft,CN=Program Data,${DOMAINDN}
+objectClass: top
+objectClass: container
+description: Default location for storage of Microsoft application data.
+
+dn: CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+description: Builtin system settings
+systemFlags: -1946157056
+isCriticalSystemObject: TRUE
+nTSecurityDescriptor:: ${SYSTEM_DESCRIPTOR}
+
+dn: CN=AdminSDHolder,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+systemFlags: -1946157056
+isCriticalSystemObject: TRUE
+
+dn: CN=ComPartitions,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+systemFlags: -1946157056
+isCriticalSystemObject: TRUE
+
+dn: CN=ComPartitionSets,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+systemFlags: -1946157056
+isCriticalSystemObject: TRUE
+
+dn: CN=Default Domain Policy,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: leaf
+objectClass: domainPolicy
+isCriticalSystemObject: TRUE
+
+dn: CN=AppCategories,CN=Default Domain Policy,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: classStore
+isCriticalSystemObject: TRUE
+
+dn: CN=Dfs-Configuration,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: dfsConfiguration
+isCriticalSystemObject: TRUE
+showInAdvancedViewOnly: FALSE
+
+dn: CN=DFSR-GlobalSettings,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msDFSR-GlobalSettings
+msDFSR-Flags: 48
+
+dn: CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msDFSR-ReplicationGroup
+msDFSR-ReplicationGroupType: 1
+
+dn: CN=Content,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msDFSR-Content
+
+dn: CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msDFSR-Topology
+
+# Here are missing the DFSR objects since we don't support this technique yet
+
+# Domain updates
+
+dn: CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=ActiveDirectoryUpdate,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+revision: 5
+
+dn: CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=ab402345-d3c3-455d-9ff7-40268a1099b6,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=bab5f54d-06c8-48de-9b87-d78b796564e4,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=f3dd09dd-25e8-4f9c-85df-12d6d2f2f2f5,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=2416c60a-fe15-4d7a-a61e-dffd5df864d3,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=7868d4c8-ac41-4e05-b401-776280e8e9f1,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=860c36ed-5241-4c62-a18b-cf6ff9994173,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=0e660ea3-8a5e-4495-9ad7-ca1bd4638f9e,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=a86fe12a-0f62-4e2a-b271-d27f601f8182,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=d85c0bfd-094f-4cad-a2b5-82ac9268475d,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=6ada9ff7-c9df-45c1-908e-9fef2fab008a,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=10b3ad2a-6883-4fa7-90fc-6377cbdc1b26,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=98de1d3e-6611-443b-8b4e-f4337f1ded0b,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=f607fd87-80cf-45e2-890b-6cf97ec0e284,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=9cac1f66-2167-47ad-a472-2a13251310e4,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=6ff880d6-11e7-4ed1-a20f-aac45da48650,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=446f24ea-cfd5-4c52-8346-96e170bcb912,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=51cba88b-99cf-4e16-bef2-c427b38d0767,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=293f0798-ea5c-4455-9f5d-45f33a30703b,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=5c82b233-75fc-41b3-ac71-c69592e6bf15,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=7ffef925-405b-440a-8d58-35e8cd6e98c3,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=4dfbb973-8a62-4310-a90c-776e00f83222,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=8437C3D8-7689-4200-BF38-79E4AC33DFA0,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=7cfb016c-4f87-4406-8166-bd9df943947f,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=f7ed4553-d82b-49ef-a839-2f38a36bb069,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=8ca38317-13a4-4bd4-806f-ebed6acb5d0c,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=3c784009-1f57-4e2a-9b04-6915c9e71961,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=6bcd5678-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=6bcd5679-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=6bcd567a-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=6bcd567b-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=6bcd567c-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=6bcd567d-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=6bcd567e-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=6bcd567f-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=6bcd5680-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=6bcd5681-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=6bcd5682-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=6bcd5683-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=6bcd5684-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=6bcd5685-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=6bcd5686-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=6bcd5687-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=6bcd5688-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=6bcd5689-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=6bcd568a-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=6bcd568b-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=6bcd568c-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=6bcd568d-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=3051c66f-b332-4a73-9a20-2d6a7d6e6a1c,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=3e4f4182-ac5d-4378-b760-0eab2de593e2,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=c4f17608-e611-11d6-9793-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=13d15cf0-e6c8-11d6-9793-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=8ddf6913-1c7b-4c59-a5af-b9ca3b3d2c4c,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=6E157EDF-4E72-4052-A82A-EC3F91021A22,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=0b7fb422-3609-4587-8c2e-94b10f67d1bf,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=231fb90b-c92a-40c9-9379-bacfc313a3e3,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=2951353e-d102-4ea5-906c-54247eeec741,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=4aaabc3a-c416-4b9c-a6bb-4b453ab1c1f0,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=4c93ad42-178a-4275-8600-16811d28f3aa,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=57428d75-bef7-43e1-938b-2e749f5a8d56,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=61b34cb0-55ee-4be9-b595-97810b92b017,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=71482d49-8870-4cb3-a438-b6fc9ec35d70,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=9738c400-7795-4d6e-b19d-c16cd6486166,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=a1789bfb-e0a2-4739-8cc0-e77d892d080a,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=a3dac986-80e7-4e59-a059-54cb1ab43cb9,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=aed72870-bf16-4788-8ac7-22299c8207f1,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=b96ed344-545a-4172-aa0c-68118202f125,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=c88227bc-fcca-4b58-8d8a-cd3d64528a02,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=dda1d01d-4bd7-4c49-a184-46f9241b560e,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=de10d491-909f-4fb0-9abb-4b7865c0fe80,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=ebad865a-d649-416f-9922-456b53bbb5b8,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=f58300d1-b71a-4DB6-88a1-a8b9538beaca,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+revision: 9
+
+dn: CN=5e1574f6-55df-493e-a671-aaeffca6a100,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=d262aae8-41f7-48ed-9f35-56bbb677573d,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=82112ba0-7e4c-4a44-89d9-d46c9612bf91,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+# End domain updates
+
+dn: CN=File Replication Service,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: applicationSettings
+objectClass: nTFRSSettings
+systemFlags: -1946157056
+isCriticalSystemObject: TRUE
+
+dn: CN=FileLinks,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: fileLinkTracking
+systemFlags: -1946157056
+isCriticalSystemObject: TRUE
+
+dn: CN=ObjectMoveTable,CN=FileLinks,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: fileLinkTracking
+objectClass: linkTrackObjectMoveTable
+systemFlags: -1946157056
+isCriticalSystemObject: TRUE
+
+dn: CN=VolumeTable,CN=FileLinks,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: fileLinkTracking
+objectClass: linkTrackVolumeTable
+systemFlags: -1946157056
+isCriticalSystemObject: TRUE
+
+# IP security objects
+
+dn: CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecPolicy{72385230-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecPolicy
+description: For all IP traffic, always request security using Kerberos trust. Allow unsecured communication with clients that do not respond to request.
+ipsecName: Server (Request Security)
+ipsecID: {72385230-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: YyEgIkxP0RGGOwCgJI0wIQQAAAAwKgAAAA==
+ipsecISAKMPReference: CN=ipsecISAKMPPolicy{72385231-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNFAReference: CN=ipsecNFA{594272E2-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNFAReference: CN=ipsecNFA{59319BE2-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNFAReference: CN=ipsecNFA{72385232-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecISAKMPPolicy{72385231-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecISAKMPPolicy
+ipsecID: {72385231-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: uCDcgMgu0RGongCgJI0wIUABAABo0hlRHQfTEa0iAGCw7MoXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAADNzQMAAABAAAAACAAAAAIAAABAAAAAAAAAAAAAAAAAAAAAAAAAAADNzc0CAAAAAAAAAAAAAACAcAAAzc3NzQAAzc0DAAAAQAAAAAgAAAABAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAzc3NAgAAAAAAAAAAAAAAgHAAAM3Nzc0AAM3NAQAAAEAAAAAIAAAAAgAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAM3NzQEAAAAAAAAAAAAAAIBwAADNzc3NAADNzQEAAABAAAAACAAAAAEAAABAAAAAAAAAAAAAAAAAAAAAAAAAAADNzc0BAAAAAAAAAAAAAACAcAAAzc3NzQA=
+ipsecOwnersReference: CN=ipsecPolicy{72385230-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecNFA{72385232-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNFA
+description: For all IP traffic, always request security using Kerberos trust. Allow unsecured communication with clients that do not respond to request.
+ipsecName: Request Security (Optional) Rule
+ipsecID: {72385232-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: AKy7EY1J0RGGOQCgJI0wISoAAAABAAAABQAAAAIAAAAAAP3///8CAAAAAAAAAAAAAAAAAAEAAAACAAAAAAAA
+ipsecOwnersReference: CN=ipsecPolicy{72385230-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNegotiationPolicyReference: CN=ipsecNegotiationPolicy{72385233-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecFilterReference: CN=ipsecFilter{7238523A-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecNFA{59319BE2-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNFA
+ipsecID: {59319BE2-5EE3-11D2-ACE8-0060B0ECCA17}
+ipsecDataType: 598
+ipsecData:: AKy7EY1J0RGGOQCgJI0wISoAAAABAAAABQAAAAIAAAAAAP3///8CAAAAAAAAAAAAAAAAAAEAAAACAAAAAAAA
+ipsecOwnersReference: CN=ipsecPolicy{72385230-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNegotiationPolicyReference: CN=ipsecNegotiationPolicy{59319BDF-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecNFA{594272E2-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNFA
+description: Permit unsecure ICMP packets to pass through.
+ipsecName: Permit unsecure ICMP packets to pass through.
+ipsecID: {594272E2-071D-11D3-AD22-0060B0ECCA17}
+ipsecDataType: 598
+ipsecData:: AKy7EY1J0RGGOQCgJI0wISoAAAABAAAABQAAAAIAAAAAAP3///8CAAAAAAAAAAAAAAAAAAEAAAACAAAAAAAA
+ipsecOwnersReference: CN=ipsecPolicy{72385230-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNegotiationPolicyReference: CN=ipsecNegotiationPolicy{7238523B-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecFilterReference: CN=ipsecFilter{72385235-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecNegotiationPolicy{72385233-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNegotiationPolicy
+description: Accepts unsecured communication, but requests clients to establish trust and security methods.  Will communicate insecurely to untrusted clients if they do not respond to request.
+ipsecName: Request Security (Optional)
+ipsecID: {72385233-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: uSDcgMgu0RGongCgJI0wIZQBAAAFAAAAhAMAAKCGAQAAAAAAAAAAAAEAAAADAAAAAgAAAAIAAABAAAAACAAAAFwAUwBlAHIAdgBpAGMAZQBzAFwAUABvAGwAaQBjAHkAQQBnAGUAbgCEAwAAoIYBAAAAAAAAAAAAAQAAAAEAAAACAAAAAgAAAEAAAAAIAAAAAAAAAFX0sjdcAEwAbwBjABUADwABAAgAIAJlACACZQBYxHYF+M54BSwBAACghgEAAAAAAAAAAAABAAAAAgAAAAAAAAABAAAAQAAAAAgAAAAtADkAQQBDADEALQA0AEQANgBEAC0AQQAxAEIAMAAtADEANQA4ADcALAEAAKCGAQAAAAAAAAAAAAEAAAABAAAAAAAAAAEAAABAAAAACAAAAGUAdABcAFMAZQByAHYAaQBjAGUAcwBcAFAAbwBsAGkAYwB5AEEAZwAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAgAAAEAAAAAIAAAANgBDAC0AMwBCADkANwAtADQANQA1ADIALQA4AEUANAA1AC0AOQA5AAA=
+ipsecOwnersReference: CN=ipsecNFA{72385232-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+iPSECNegotiationPolicyType: {62F49E10-6C37-11D1-864C-14A300000000}
+iPSECNegotiationPolicyAction: {3F91A81A-7647-11D1-864D-D46A00000000}
+
+dn: CN=ipsecFilter{7238523A-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecFilter
+description: Matches all IP packets from this computer to any other computer, except broadcast, multicast, Kerberos, RSVP and ISAKMP (IKE).
+ipsecName: All IP Traffic
+ipsecID: {7238523A-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: tSDcgMgu0RGongCgJI0wIUoAAAABAAAAAgAAAAAAAgAAAAAAAgAAAAAA3ZsxWeNe0hGs6ABgsOzKFwEAAAAAAAAA/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
+ipsecOwnersReference: CN=ipsecNFA{72385232-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecOwnersReference: CN=ipsecNFA{7238523E-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecNegotiationPolicy{59319BDF-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNegotiationPolicy
+ipsecID: {59319BDF-5EE3-11D2-ACE8-0060B0ECCA17}
+ipsecDataType: 598
+ipsecData:: uSDcgMgu0RGongCgJI0wIeQBAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAADAAAAAgAAAAIAAABAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAMAAAABAAAAAgAAAEAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQAAAAIAAAACAAAAQAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAQAAAAIAAABAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAIAAAAAAAAAAQAAAEAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQAAAAAAAAABAAAAQAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
+ipsecOwnersReference: CN=ipsecNFA{59319BE2-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+iPSECNegotiationPolicyType: {62F49E13-6C37-11D1-864C-14A300000000}
+iPSECNegotiationPolicyAction: {8A171DD3-77E3-11D1-8659-A04F00000000}
+
+dn: CN=ipsecNegotiationPolicy{7238523B-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNegotiationPolicy
+description: Permit unsecured IP packets to pass through.
+ipsecName: Permit
+ipsecID: {7238523B-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: uSDcgMgu0RGongCgJI0wIQQAAAAAAAAAAA==
+ipsecOwnersReference: CN=ipsecNFA{594272E2-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+ipsecOwnersReference: CN=ipsecNFA{594272FD-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+iPSECNegotiationPolicyType: {62F49E10-6C37-11D1-864C-14A300000000}
+iPSECNegotiationPolicyAction: {8A171DD2-77E3-11D1-8659-A04F00000000}
+
+dn: CN=ipsecFilter{72385235-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecFilter
+description: Matches all ICMP packets between this computer and any other computer.
+ipsecName: All ICMP Traffic
+ipsecID: {72385235-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: tSDcgMgu0RGongCgJI0wIVIAAAABAAAAAgAAAAAAAgAAAAAACgAAAEkAQwBNAFAAAABj0hlRHQfTEa0iAGCw7MoXAQAAAAAAAAD/////AAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAA==
+ipsecOwnersReference: CN=ipsecNFA{594272E2-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+ipsecOwnersReference: CN=ipsecNFA{594272FD-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecPolicy{72385236-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecPolicy
+description: Communicate normally (unsecured). Use the default response rule to negotiate with servers that request security. Only the requested protocol and port traffic with that server is secured.
+ipsecName: Client (Respond Only)
+ipsecID: {72385236-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: YyEgIkxP0RGGOwCgJI0wIQQAAAAwKgAAAA==
+ipsecISAKMPReference: CN=ipsecISAKMPPolicy{72385237-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNFAReference: CN=ipsecNFA{59319C04-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecISAKMPPolicy{72385237-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecISAKMPPolicy
+ipsecID: {72385237-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: uCDcgMgu0RGongCgJI0wIUABAABz7EFfHQfTEa0iAGCw7MoXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAADNzQMAAABAAAAACAAAAAIAAABAAAAAAAAAAAAAAAAAAAAAAAAAAADNzc0CAAAAAAAAAAAAAACAcAAAzc3NzQAAzc0DAAAAQAAAAAgAAAABAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAzc3NAgAAAAAAAAAAAAAAgHAAAM3Nzc0AAM3NAQAAAEAAAAAIAAAAAgAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAM3NzQEAAAAAAAAAAAAAAIBwAADNzc3NAADNzQEAAABAAAAACAAAAAEAAABAAAAAAAAAAAAAAAAAAAAAAAAAAADNzc0BAAAAAAAAAAAAAACAcAAAzc3NzQA=
+ipsecOwnersReference: CN=ipsecPolicy{72385236-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecNFA{59319C04-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNFA
+ipsecID: {59319C04-5EE3-11D2-ACE8-0060B0ECCA17}
+ipsecDataType: 598
+ipsecData:: AKy7EY1J0RGGOQCgJI0wISoAAAABAAAABQAAAAIAAAAAAP3///8CAAAAAAAAAAAAAAAAAAEAAAACAAAAAAAA
+ipsecOwnersReference: CN=ipsecPolicy{72385236-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNegotiationPolicyReference: CN=ipsecNegotiationPolicy{59319C01-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecNegotiationPolicy{59319C01-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNegotiationPolicy
+ipsecID: {59319C01-5EE3-11D2-ACE8-0060B0ECCA17}
+ipsecDataType: 598
+ipsecData:: uSDcgMgu0RGongCgJI0wIeQBAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAADAAAAAgAAAAIAAABAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAMAAAABAAAAAgAAAEAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQAAAAIAAAACAAAAQAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAQAAAAIAAABAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAIAAAAAAAAAAQAAAEAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQAAAAAAAAABAAAAQAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
+ipsecOwnersReference: CN=ipsecNFA{59319C04-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+iPSECNegotiationPolicyType: {62F49E13-6C37-11D1-864C-14A300000000}
+iPSECNegotiationPolicyAction: {8A171DD3-77E3-11D1-8659-A04F00000000}
+
+dn: CN=ipsecPolicy{7238523C-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecPolicy
+description: For all IP traffic, always require security using Kerberos trust. Do NOT allow unsecured communication with untrusted clients.
+ipsecName: Secure Server (Require Security)
+ipsecID: {7238523C-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: YyEgIkxP0RGGOwCgJI0wIQQAAAAwKgAAAA==
+ipsecISAKMPReference: CN=ipsecISAKMPPolicy{7238523D-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNFAReference: CN=ipsecNFA{594272FD-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNFAReference: CN=ipsecNFA{59319BF3-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNFAReference: CN=ipsecNFA{7238523E-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecISAKMPPolicy{7238523D-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecISAKMPPolicy
+ipsecID: {7238523D-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: uCDcgMgu0RGongCgJI0wIUABAAD5ckJZHQfTEa0iAGCw7MoXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAADNzQMAAABAAAAACAAAAAIAAABAAAAAAAAAAAAAAAAAAAAAAAAAAADNzc0CAAAAAAAAAAAAAACAcAAAzc3NzQAAzc0DAAAAQAAAAAgAAAABAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAzc3NAgAAAAAAAAAAAAAAgHAAAM3Nzc0AAM3NAQAAAEAAAAAIAAAAAgAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAM3NzQEAAAAAAAAAAAAAAIBwAADNzc3NAADNzQEAAABAAAAACAAAAAEAAABAAAAAAAAAAAAAAAAAAAAAAAAAAADNzc0BAAAAAAAAAAAAAACAcAAAzc3NzQA=
+ipsecOwnersReference: CN=ipsecPolicy{7238523C-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecNFA{7238523E-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNFA
+description: Accepts unsecured communication, but always requires clients to establish trust and security methods.  Will NOT communicate with untrusted clients.
+ipsecName: Require Security
+ipsecID: {7238523E-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: AKy7EY1J0RGGOQCgJI0wISoAAAABAAAABQAAAAIAAAAAAP3///8CAAAAAAAAAAAAAAAAAAEAAAACAAAAAAAA
+ipsecOwnersReference: CN=ipsecPolicy{7238523C-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNegotiationPolicyReference: CN=ipsecNegotiationPolicy{7238523F-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecFilterReference: CN=ipsecFilter{7238523A-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecNFA{59319BF3-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNFA
+ipsecID: {59319BF3-5EE3-11D2-ACE8-0060B0ECCA17}
+ipsecDataType: 598
+ipsecData:: AKy7EY1J0RGGOQCgJI0wISoAAAABAAAABQAAAAIAAAAAAP3///8CAAAAAAAAAAAAAAAAAAEAAAACAAAAAAAA
+ipsecOwnersReference: CN=ipsecPolicy{7238523C-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNegotiationPolicyReference: CN=ipsecNegotiationPolicy{59319BF0-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecNFA{594272FD-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNFA
+description: Permit unsecure ICMP packets to pass through.
+ipsecName: Permit unsecure ICMP packets to pass through.
+ipsecID: {594272FD-071D-11D3-AD22-0060B0ECCA17}
+ipsecDataType: 598
+ipsecData:: AKy7EY1J0RGGOQCgJI0wISoAAAABAAAABQAAAAIAAAAAAP3///8CAAAAAAAAAAAAAAAAAAEAAAACAAAAAAAA
+ipsecOwnersReference: CN=ipsecPolicy{7238523C-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNegotiationPolicyReference: CN=ipsecNegotiationPolicy{7238523B-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecFilterReference: CN=ipsecFilter{72385235-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecNegotiationPolicy{7238523F-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNegotiationPolicy
+description: Accepts unsecured communication, but always requires clients to establish trust and security methods.  Will NOT communicate with untrusted clients.
+ipsecName: Require Security
+ipsecID: {7238523F-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: uSDcgMgu0RGongCgJI0wIUQBAAAEAAAAhAMAAKCGAQAAAAAAAAAAAAEAAAADAAAAAgAAAAIAAABAAAAACAAAAHUAcgByAGUAbgB0AEMAbwBuAHQAcgBvAGwAUwBlAHQAXABTAGUAcgCEAwAAoIYBAAAAAAAAAAAAAQAAAAMAAAABAAAAAgAAAEAAAAAIAAAAcABzAGUAYwBOAEYAQQB7ADcAMgAzADgANQAyADMARQAtADcAMABGAIQDAACghgEAAAAAAAAAAAABAAAAAQAAAAIAAAACAAAAQAAAAAgAAABsAGkAYwB5AFwATABvAGMAYQBsAFwAaQBwAHMAZQBjAE4ARgBBAHsAhAMAAKCGAQAAAAAAAAAAAAEAAAABAAAAAQAAAAIAAABAAAAACAAAAGUAYwBOAEYAQQB7AEIARgBDADcAQwAzADUAQQAtAEIANQA5ADIALQAA
+ipsecOwnersReference: CN=ipsecNFA{7238523E-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+iPSECNegotiationPolicyType: {62F49E10-6C37-11D1-864C-14A300000000}
+iPSECNegotiationPolicyAction: {3F91A81A-7647-11D1-864D-D46A00000000}
+
+dn: CN=ipsecNegotiationPolicy{59319BF0-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNegotiationPolicy
+ipsecID: {59319BF0-5EE3-11D2-ACE8-0060B0ECCA17}
+ipsecDataType: 598
+ipsecData:: uSDcgMgu0RGongCgJI0wIeQBAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAADAAAAAgAAAAIAAABAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAMAAAABAAAAAgAAAEAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQAAAAIAAAACAAAAQAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAQAAAAIAAABAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAIAAAAAAAAAAQAAAEAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQAAAAAAAAABAAAAQAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
+ipsecOwnersReference: CN=ipsecNFA{59319BF3-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+iPSECNegotiationPolicyType: {62F49E13-6C37-11D1-864C-14A300000000}
+iPSECNegotiationPolicyAction: {8A171DD3-77E3-11D1-8659-A04F00000000}
+
+dn: CN=ipsecNFA{6A1F5C6F-72B7-11D2-ACF0-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNFA
+description: Version Information Object
+ipsecName: Version Information Object
+ipsecID: {6A1F5C6F-72B7-11D2-ACF0-0060B0ECCA17}
+ipsecDataType: 598
+ipsecData:: b1wfardy0hGs8ABgsOzKF1AAAAAAAAEApmamNhoAAABXAGkAbgBkAG8AdwBzACAAMgAwADAAMAAAABwAAABBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAAAABgAAAA0ACgAAAACsuxGNSdERhjkAoCSNMCEqAAAAAQAAAAUAAAACAAAAAAD9////AgAAAAAAAAAAAAAAAAABAAAAAgAAAAAAAA==
+isCriticalSystemObject: TRUE
+
+# End IP security objects
+
+dn: CN=Meetings,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+isCriticalSystemObject: TRUE
+
+dn: CN=Password Settings Container,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msDS-PasswordSettingsContainer
+systemFlags: -1946157056
+showInAdvancedViewOnly: TRUE
+
+dn: CN=Policies,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+systemFlags: -1946157056
+isCriticalSystemObject: TRUE
+
+# Group policies located in "provision_group_policy.ldif"
+
+dn: CN=RAS and IAS Servers Access Check,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+systemFlags: -1946157056
+isCriticalSystemObject: TRUE
+
+dn: CN=RID Manager$,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: rIDManager
+systemFlags: -1946157056
+rIDAvailablePool: ${RIDAVAILABLESTART}-1073741823
+isCriticalSystemObject: TRUE
+
+dn: CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+objectClass: rpcContainer
+systemFlags: -1946157056
+isCriticalSystemObject: TRUE
+
+dn: CN=Server,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: securityObject
+objectClass: samServer
+systemFlags: -1946157056
+revision: 65543
+isCriticalSystemObject: TRUE
+
+dn: CN=WinsockServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+isCriticalSystemObject: TRUE
+
+dn: CN=WMIPolicy,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=PolicyTemplate,CN=WMIPolicy,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=PolicyType,CN=WMIPolicy,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=SOM,CN=WMIPolicy,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=WMIGPO,CN=WMIPolicy,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=PSPs,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+objectClass: msImaging-PSPs
diff --git a/source4/setup/provision.reg b/source4/setup/provision.reg
new file mode 100644
index 0000000..1e309da
--- /dev/null
+++ b/source4/setup/provision.reg
@@ -0,0 +1,45 @@
+REGEDIT4
+
+[HKEY_LOCAL_MACHINE]
+
+[HKEY_LOCAL_MACHINE\SOFTWARE]
+
+[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft]
+
+[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT]
+
+[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion]
+"CurrentVersion"="6.1"
+
+[HKEY_LOCAL_MACHINE\SYSTEM]
+
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet]
+
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
+
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions]
+"ProductType"="LanmanNT"
+
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print]
+
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]
+
+[HKEY_LOCAL_MACHINE\SYSTEM]
+
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet]
+
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
+
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon]
+
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
+"RefusePasswordChange"=dword:00000000
+
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Alerter]
+
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Alerter\Parameters]
+
+[HKEY_USERS]
+
+[HKEY_CLASSES_ROOT]
+
diff --git a/source4/setup/provision.zone b/source4/setup/provision.zone
new file mode 100644
index 0000000..8a609d1
--- /dev/null
+++ b/source4/setup/provision.zone
@@ -0,0 +1,50 @@
+; -*- zone -*-
+; generated by provision.pl
+$ORIGIN ${DNSDOMAIN}.
+$TTL 1W
+@               IN SOA  ${HOSTNAME}   hostmaster (
+                                ${DATESTRING}   ; serial
+                                2D              ; refresh
+                                4H              ; retry
+                                6W              ; expiry
+                                1W )            ; minimum
+			IN NS	${HOSTNAME}
+${HOSTIP6_BASE_LINE}
+${HOSTIP_BASE_LINE}
+;
+${HOSTIP6_HOST_LINE}
+${HOSTIP_HOST_LINE}
+${GC_MSDCS_IP_LINE}
+${GC_MSDCS_IP6_LINE}
+${NTDSGUID}._msdcs	IN CNAME	${HOSTNAME}
+;
+; global catalog servers
+_gc._tcp		IN SRV 0 100 3268	${HOSTNAME}
+_gc._tcp.${DEFAULTSITE}._sites	IN SRV 0 100 3268	${HOSTNAME}
+_ldap._tcp.gc._msdcs	IN SRV 0 100 3268	${HOSTNAME}
+_ldap._tcp.${DEFAULTSITE}._sites.gc._msdcs	IN SRV 0 100 3268 ${HOSTNAME}
+;
+; ldap servers
+_ldap._tcp		IN SRV 0 100 389	${HOSTNAME}
+_ldap._tcp.dc._msdcs	IN SRV 0 100 389	${HOSTNAME}
+_ldap._tcp.pdc._msdcs	IN SRV 0 100 389	${HOSTNAME}
+_ldap._tcp.${DOMAINGUID}.domains._msdcs		IN SRV 0 100 389 ${HOSTNAME}
+_ldap._tcp.${DEFAULTSITE}._sites		IN SRV 0 100 389 ${HOSTNAME}
+_ldap._tcp.${DEFAULTSITE}._sites.dc._msdcs	IN SRV 0 100 389 ${HOSTNAME}
+;
+; krb5 servers
+_kerberos._tcp		IN SRV 0 100 88		${HOSTNAME}
+_kerberos._tcp.dc._msdcs	IN SRV 0 100 88	${HOSTNAME}
+_kerberos._tcp.${DEFAULTSITE}._sites	IN SRV 0 100 88	${HOSTNAME}
+_kerberos._tcp.${DEFAULTSITE}._sites.dc._msdcs	IN SRV 0 100 88 ${HOSTNAME}
+_kerberos._udp		IN SRV 0 100 88		${HOSTNAME}
+; MIT kpasswd likes to lookup this name on password change
+_kerberos-master._tcp		IN SRV 0 100 88		${HOSTNAME}
+_kerberos-master._udp		IN SRV 0 100 88		${HOSTNAME}
+;
+; kpasswd
+_kpasswd._tcp		IN SRV 0 100 464	${HOSTNAME}
+_kpasswd._udp		IN SRV 0 100 464 	${HOSTNAME}
+;
+; heimdal 'find realm for host' hack
+_kerberos		IN TXT	${REALM}
diff --git a/source4/setup/provision_basedn.ldif b/source4/setup/provision_basedn.ldif
new file mode 100644
index 0000000..cb91738
--- /dev/null
+++ b/source4/setup/provision_basedn.ldif
@@ -0,0 +1,10 @@
+################################
+## Domain Naming Context
+################################
+dn: ${DOMAINDN}
+objectClass: top
+objectClass: domaindns
+instanceType: 5
+objectSid: ${DOMAINSID}
+nTSecurityDescriptor:: ${DESCRIPTOR}
+${DOMAINGUID}
diff --git a/source4/setup/provision_basedn_modify.ldif b/source4/setup/provision_basedn_modify.ldif
new file mode 100644
index 0000000..7d852ba
--- /dev/null
+++ b/source4/setup/provision_basedn_modify.ldif
@@ -0,0 +1,94 @@
+###############################
+# Domain Naming Context
+###############################
+dn: ${DOMAINDN}
+changetype: modify
+-
+# This should be 0x0001, but the 0 byte is not allowed - therefore encoded
+replace: auditingPolicy
+auditingPolicy:: AAE=
+-
+replace: creationTime
+creationTime: ${CREATTIME}
+-
+# "dSCorePropagationDate" should contain the provision data
+replace: forceLogoff
+forceLogoff: -9223372036854775808
+-
+# "fSMORoleOwner" filled in later
+replace: gPLink
+gPLink: [LDAP://CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN};0]
+-
+replace: isCriticalSystemObject
+isCriticalSystemObject: TRUE
+-
+replace: lockoutDuration
+lockoutDuration: -18000000000
+-
+replace: lockOutObservationWindow
+lockOutObservationWindow: -18000000000
+-
+replace: lockoutThreshold
+lockoutThreshold: 0
+-
+# "masteredBy" filled in later
+replace: maxPwdAge
+maxPwdAge: -36288000000000
+-
+replace: minPwdAge
+minPwdAge: -864000000000
+-
+replace: minPwdLength
+minPwdLength: ${MIN_PWD_LENGTH}
+-
+replace: modifiedCount
+modifiedCount: 1
+-
+replace: modifiedCountAtLastProm
+modifiedCountAtLastProm: 0
+-
+replace: msDS-AllUsersTrustQuota
+msDS-AllUsersTrustQuota: 1000
+-
+replace: msDS-Behavior-Version
+msDS-Behavior-Version: ${DOMAIN_FUNCTIONALITY}
+-
+replace: ms-DS-MachineAccountQuota
+ms-DS-MachineAccountQuota: 10
+-
+# "msDs-masteredBy" filled in later
+replace: msDS-NcType
+msDS-NcType: 0
+-
+replace: msDS-PerUserTrustQuota
+msDS-PerUserTrustQuota: 1
+-
+replace: msDS-PerUserTrustTombstonesQuota
+msDS-PerUserTrustTombstonesQuota: 10
+-
+replace: nextRid
+nextRid: ${NEXTRID}
+-
+replace: nTMixedDomain
+nTMixedDomain: 0
+-
+# This does only exist in SAMBA
+replace: oEMInformation
+oEMInformation: Provisioned by SAMBA ${SAMBA_VERSION_STRING}
+-
+replace: pwdProperties
+pwdProperties: 1
+-
+replace: pwdHistoryLength
+pwdHistoryLength: 24
+-
+replace: serverState
+serverState: 1
+-
+replace: systemFlags
+systemFlags: -1946157056
+-
+replace: uASCompat
+uASCompat: 1
+-
+
diff --git a/source4/setup/provision_basedn_options.ldif b/source4/setup/provision_basedn_options.ldif
new file mode 100644
index 0000000..a4788aa
--- /dev/null
+++ b/source4/setup/provision_basedn_options.ldif
@@ -0,0 +1,2 @@
+dn: @OPTIONS
+checkBaseOnSearch: TRUE
diff --git a/source4/setup/provision_basedn_references.ldif b/source4/setup/provision_basedn_references.ldif
new file mode 100644
index 0000000..7eda88d
--- /dev/null
+++ b/source4/setup/provision_basedn_references.ldif
@@ -0,0 +1,30 @@
+###############################
+# Domain Naming Context
+###############################
+dn: CN=Managed Service Accounts,${DOMAINDN}
+changetype: add
+objectClass: container
+description: Default container for managed service accounts
+showInAdvancedViewOnly: FALSE
+nTSecurityDescriptor:: ${MANAGEDSERVICE_DESCRIPTOR}
+
+dn: ${DOMAINDN}
+changetype: modify
+-
+replace: rIDManagerReference
+rIDManagerReference: CN=RID Manager$,CN=System,${DOMAINDN}
+-
+add: wellKnownObjects
+wellKnownObjects: B:32:6227f0af1fc2410d8e3bb10615bb5b0f:CN=NTDS Quotas,${DOMAINDN}
+wellKnownObjects: B:32:f4be92a4c777485e878e9421d53087db:CN=Microsoft,CN=Program Data,${DOMAINDN}
+wellKnownObjects: B:32:09460c08ae1e4a4ea0f64aee7daa1e5a:CN=Program Data,${DOMAINDN}
+wellKnownObjects: B:32:22b70c67d56e4efb91e9300fca3dc1aa:CN=ForeignSecurityPrincipals,${DOMAINDN}
+wellKnownObjects: B:32:18e2ea80684f11d2b9aa00c04f79f805:CN=Deleted Objects,${DOMAINDN}
+wellKnownObjects: B:32:2fbac1870ade11d297c400c04fd8d5cd:CN=Infrastructure,${DOMAINDN}
+wellKnownObjects: B:32:ab8153b7768811d1aded00c04fd8d5cd:CN=LostAndFound,${DOMAINDN}
+wellKnownObjects: B:32:ab1d30f3768811d1aded00c04fd8d5cd:CN=System,${DOMAINDN}
+wellKnownObjects: B:32:a361b2ffffd211d1aa4b00c04fd7d83a:OU=Domain Controllers,${DOMAINDN}
+wellKnownObjects: B:32:aa312825768811d1aded00c04fd8d5cd:CN=Computers,${DOMAINDN}
+wellKnownObjects: B:32:a9d1ca15768811d1aded00c04fd8d5cd:CN=Users,${DOMAINDN}
+otherWellKnownObjects: B:32:1EB93889E40C45DF9F0C64D23BBB6237:CN=Managed Service Accounts,${DOMAINDN}
+-
diff --git a/source4/setup/provision_computers_add.ldif b/source4/setup/provision_computers_add.ldif
new file mode 100644
index 0000000..45e2aa4
--- /dev/null
+++ b/source4/setup/provision_computers_add.ldif
@@ -0,0 +1,4 @@
+dn: CN=Computers,${DOMAINDN}
+objectClass: top
+objectClass: container
+nTSecurityDescriptor:: ${COMPUTERS_DESCRIPTOR}
diff --git a/source4/setup/provision_computers_modify.ldif b/source4/setup/provision_computers_modify.ldif
new file mode 100644
index 0000000..b3d9dc1
--- /dev/null
+++ b/source4/setup/provision_computers_modify.ldif
@@ -0,0 +1,13 @@
+dn: CN=Computers,${DOMAINDN}
+changetype: modify
+replace: description
+description: Default container for upgraded computer accounts
+-
+replace: systemFlags
+systemFlags: -1946157056
+-
+replace: isCriticalSystemObject
+isCriticalSystemObject: TRUE
+-
+replace: showInAdvancedViewOnly
+showInAdvancedViewOnly: FALSE
diff --git a/source4/setup/provision_configuration.ldif b/source4/setup/provision_configuration.ldif
new file mode 100644
index 0000000..8fcbddb
--- /dev/null
+++ b/source4/setup/provision_configuration.ldif
@@ -0,0 +1,576 @@
+###############################
+# Configuration Naming Context
+###############################
+
+# Display specifiers are located in
+# display-specifiers/DisplaySpecifiers-Win2k8R2.txt"
+# This file is parsed during provision using the ms_display_specifiers.py
+# script.
+
+dn: CN=Deleted Objects,${CONFIGDN}
+objectClass: top
+objectClass: container
+description: Container for deleted objects
+isDeleted: TRUE
+isCriticalSystemObject: TRUE
+systemFlags: -1946157056
+nTSecurityDescriptor:: ${DELETEDOBJECTS_DESCRIPTOR}
+
+# Extended rights
+
+dn: CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: container
+systemFlags: -2147483648
+nTSecurityDescriptor:: ${EXTENDEDRIGHTS_DESCRIPTOR}
+
+# Forest updates
+
+dn: CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+nTSecurityDescriptor:: ${FORESTUPDATES_DESCRIPTOR}
+
+dn: CN=ActiveDirectoryRodcUpdate,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+revision: 2
+
+dn: CN=ActiveDirectoryUpdate,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+revision: 5
+
+dn: CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=6b800a81-affe-4a15-8e41-6ea0c7aa89e4,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=dd07182c-3174-4c95-902a-d64fee285bbf,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=ffa5ee3c-1405-476d-b344-7ad37d69cc25,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=099f1587-af70-49c6-ab6c-7b3e82be0fe2,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=94fdebc6-8eeb-4640-80de-ec52b9ca17fa,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+objectVersion: 3
+
+dn: CN=1a3f6b15-55f2-4752-ba27-3d38a8232c4d,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=dee21a17-4e8e-4f40-a58c-c0c009b685a7,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=9bd98bb4-4047-4de5-bf4c-7bd1d0f6d21d,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=3fe80fbf-bf39-4773-b5bd-3e5767a30d2d,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=f02915e2-9141-4f73-b8e7-2804662782da,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=39902c52-ef24-4b4b-8033-2c9dfdd173a2,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=20bf09b4-6d0b-4cd1-9c09-4231edf1209b,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=94f238bb-831c-11d6-977b-00c04f613221,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=94f238bc-831c-11d6-977b-00c04f613221,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=94f238bd-831c-11d6-977b-00c04f613221,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=94f238be-831c-11d6-977b-00c04f613221,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=94f238bf-831c-11d6-977b-00c04f613221,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=94f238c0-831c-11d6-977b-00c04f613221,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=eda27b47-e610-11d6-9793-00c04f613221,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=eda27b48-e610-11d6-9793-00c04f613221,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=eda27b49-e610-11d6-9793-00c04f613221,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=eda27b4a-e610-11d6-9793-00c04f613221,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=26d9c510-e61a-11d6-9793-00c04f613221,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=26d9c511-e61a-11d6-9793-00c04f613221,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=3467dae5-dedd-4648-9066-f48ac186b20a,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=33b7ee33-1386-47cf-baa1-b03e06473253,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=e9ee8d55-c2fb-4723-a333-c80ff4dfbf45,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=ccfae63a-7fb5-454c-83ab-0e8e1214974e,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=ad3c7909-b154-4c16-8bf7-2c3a7870bb3d,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=26ad2ebf-f8f5-44a4-b97c-a616c8b9d09a,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=4444c516-f43a-4c12-9c4b-b5c064941d61,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=436a1a4b-f41a-46e6-ac86-427720ef29f3,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=b2b7fb45-f50d-41bc-a73b-8f580f3b636a,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=1bdf6366-c3db-4d0b-b8cb-f99ba9bce20f,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=63c0f51a-067c-4640-8a4f-044fb33f1049,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=dae441c0-366e-482e-98d9-60a99a1898cc,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=7dd09ca6-f0d6-43bf-b7f8-ef348f435617,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=002fb291-0d00-4b0c-8c00-fe7f50ce6f8d,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=07e57d28-ad40-44fc-8334-8a0dc119b3f4,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=0fc5a978-0059-4b0a-9dc2-9896e8e389a1,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=10338d31-2423-4dff-b4b5-ef025144b01f,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=2a858903-5696-4364-b4e5-4cac027ca7a6,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=2b9e0609-6d75-498a-9727-c9fcc93f0e42,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=3b3adbdb-4485-4559-aed8-9811c4bf90e4,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=429a6334-1a00-4515-bf48-676deb55954a,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=4c022fd1-adab-4d84-a7f1-9580f03da856,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=4c0672a2-437c-4944-b953-5db8f111d665,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=4d753a29-26ac-4d1a-bc80-311f947e4f0a,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=56040c71-fe93-4037-8fe9-1a4d1a283009,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=560cf82d-9572-48a3-9024-6f2b56f1f866,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=613bd063-e8e9-4a62-8f4c-cda566f7eb6f,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=6eb8eaf9-3403-4ba5-8b4b-ce349a4680ad,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=6fd48655-1698-497a-ac8d-8267ce01c80b,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=782370ce-3d38-438d-8b0c-464220a3039d,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=8f86b825-c322-4101-adc4-579f12d445db,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=96541a16-910a-4b66-acde-720a0dff03c7,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=9fea28ff-387f-4d57-866d-3893c50f373f,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=a96e2ed5-7a7c-4d5c-9d5d-965eca0051da,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=abd97102-88dd-4013-a009-0e2c2f967ff6,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=bd3413c0-9559-469b-9f3d-51d7faabd81a,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=c03b1f37-c240-4910-93c8-1544a452b4b5,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=caa2bfad-0cca-483b-8d00-347f943292a8,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=d668ad1f-cedd-4565-ab02-9385926ce4f5,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=dcb3c95d-deb7-4c51-ad13-43a7d5d06fc7,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=ea08c04c-f474-4212-b19e-5e754f9210d4,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=ef010a1e-bd88-48c8-a7af-2affd250d77d,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=f814097b-3e3d-49ba-8a3a-092c25085f06,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=Windows2003Update,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+revision: 10
+
+# End forest updates
+
+dn: CN=LostAndFoundConfig,${CONFIGDN}
+objectClass: top
+objectClass: lostAndFound
+systemFlags: -2147483648
+nTSecurityDescriptor:: ${LOSTANDFOUND_DESCRIPTOR}
+
+dn: CN=NTDS Quotas,${CONFIGDN}
+objectClass: top
+objectClass: msDS-QuotaContainer
+description: Quota specifications container
+isCriticalSystemObject: TRUE
+msDS-TombstoneQuotaFactor: 100
+systemFlags: -2147483648
+nTSecurityDescriptor:: ${NTDSQUOTAS_DESCRIPTOR}
+
+# Partitions
+
+dn: CN=Partitions,${CONFIGDN}
+objectClass: top
+objectClass: crossRefContainer
+systemFlags: -2147483648
+msDS-Behavior-Version: ${FOREST_FUNCTIONALITY}
+showInAdvancedViewOnly: TRUE
+nTSecurityDescriptor:: ${PARTITIONS_DESCRIPTOR}
+
+# Partitions for DNS are missing here, they are added from provision_dnszones.ldif
+
+dn: CN=Enterprise Configuration,CN=Partitions,${CONFIGDN}
+objectClass: top
+objectClass: crossRef
+dnsRoot: ${DNSDOMAIN}
+nCName: ${CONFIGDN}
+systemFlags: 1
+
+dn: CN=Enterprise Schema,CN=Partitions,${CONFIGDN}
+objectClass: top
+objectClass: crossRef
+dnsRoot: ${DNSDOMAIN}
+nCName: ${SCHEMADN}
+systemFlags: 1
+
+dn: CN=${DOMAIN},CN=Partitions,${CONFIGDN}
+objectClass: top
+objectClass: crossRef
+dnsRoot: ${DNSDOMAIN}
+msDS-Behavior-Version: ${DOMAIN_FUNCTIONALITY}
+nCName: ${DOMAINDN}
+nETBIOSName: ${DOMAIN}
+nTMixedDomain: 0
+systemFlags: 3
+
+# End partitions
+
+dn: CN=Physical Locations,${CONFIGDN}
+objectClass: top
+objectClass: locality
+objectClass: physicalLocation
+l: Physical Locations tree root
+nTSecurityDescriptor:: ${PHYSICALLOCATIONS_DESCRIPTOR}
+
+# Schema located in "ad-schema/*.txt"
+
+# Services
+
+dn: CN=Services,${CONFIGDN}
+objectClass: top
+objectClass: container
+systemFlags: -2147483648
+nTSecurityDescriptor:: ${SERVICES_DESCRIPTOR}
+
+dn: CN=MsmqServices,CN=Services,${CONFIGDN}
+objectClass: top
+objectClass: mSMQEnterpriseSettings
+mSMQVersion: 200
+
+dn: CN=NetServices,CN=Services,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=Public Key Services,CN=Services,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=Certificate Templates,CN=Public Key Services,CN=Services,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=Enrollment Services,CN=Public Key Services,CN=Services,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=Certification Authorities,CN=Public Key Services,CN=Services,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=AIA,CN=Public Key Services,CN=Services,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=CDP,CN=Public Key Services,CN=Services,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=KRA,CN=Public Key Services,CN=Services,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=OID,CN=Public Key Services,CN=Services,${CONFIGDN}
+objectClass: top
+objectClass: msPKI-Enterprise-Oid
+
+dn: CN=RRAS,CN=Services,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=IdentityDictionary,CN=RRAS,CN=Services,${CONFIGDN}
+objectClass: top
+objectClass: rRASAdministrationDictionary
+msRRASVendorAttributeEntry: 311:6:803:RADIUS Accouting
+msRRASVendorAttributeEntry: 311:6:802:RADIUS Authentication
+msRRASVendorAttributeEntry: 311:6:801:NT Domain Authentication
+msRRASVendorAttributeEntry: 311:6:714:Point to point parallel connection
+msRRASVendorAttributeEntry: 311:6:713:Point to point serial connection
+msRRASVendorAttributeEntry: 311:6:712:Generic LAN
+msRRASVendorAttributeEntry: 311:6:711:Generic WAN
+msRRASVendorAttributeEntry: 311:6:710:X.25
+msRRASVendorAttributeEntry: 311:6:709:IrDA
+msRRASVendorAttributeEntry: 311:6:708:Switched 56
+msRRASVendorAttributeEntry: 311:6:707:SONET
+msRRASVendorAttributeEntry: 311:6:706:Modem
+msRRASVendorAttributeEntry: 311:6:705:ISDN
+msRRASVendorAttributeEntry: 311:6:704:ATM
+msRRASVendorAttributeEntry: 311:6:703:Frame Relay
+msRRASVendorAttributeEntry: 311:6:702:Layer 2 Tunneling Protocol
+msRRASVendorAttributeEntry: 311:6:701:Point-to-Point Tunneling Protocol
+msRRASVendorAttributeEntry: 311:6:604:Network Address and Port Translation
+msRRASVendorAttributeEntry: 311:6:603:Demand Dial Router
+msRRASVendorAttributeEntry: 311:6:602:Remote Access Server
+msRRASVendorAttributeEntry: 311:6:601:LAN-to- LAN Router
+msRRASVendorAttributeEntry: 311:6:503:AppleTalk Forwarding Enabled
+msRRASVendorAttributeEntry: 311:6:502:IPX Forwarding Enabled
+msRRASVendorAttributeEntry: 311:6:501:IP Forwarding Enabled
+msRRASVendorAttributeEntry: 311:5:2:IPX SAP
+msRRASVendorAttributeEntry: 311::5:1:IPX RIP
+msRRASVendorAttributeEntry: 311:1:10:IGMP Only
+msRRASVendorAttributeEntry: 311:0:13:OSPF
+msRRASVendorAttributeEntry: 311:0:8:RIP (version 1 or 2)
+
+dn: CN=Windows NT,CN=Services,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=Directory Service,CN=Windows NT,CN=Services,${CONFIGDN}
+objectClass: top
+objectClass: nTDSService
+msDS-Other-Settings: DisableVLVSupport=0
+msDS-Other-Settings: DynamicObjectMinTTL=900
+msDS-Other-Settings: DynamicObjectDefaultTTL=86400
+sPNMappings: host=alerter,appmgmt,cisvc,clipsrv,browser,dhcp,dnscache,replicator,eventlog,eventsystem,policyagent,oakley,dmserver,dns,mcsvc,fax,msiserver,ias,messenger,netlogon,netman,netdde,netddedsm,nmagent,plugplay,protectedstorage,rasman,rpclocator,rpc,rpcss,remoteaccess,rsvp,samss,scardsvr,scesrv,seclogon,scm,dcom,cifs,spooler,snmp,schedule,tapisrv,trksvr,trkwks,ups,time,wins,www,http,w3svc,iisadmin,msdtc
+tombstoneLifetime: 180
+
+dn: CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,${CONFIGDN}
+objectClass: top
+objectClass: container
+systemFlags: -1946157056
+
+dn: CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,${CONFIGDN}
+objectClass: top
+objectClass: msDS-OptionalFeature
+msDS-OptionalFeatureGUID: 766ddcd8-acd0-445e-f3b9-a7f9b6744f2a
+msDS-OptionalFeatureFlags: 1
+msDS-RequiredForestBehaviorVersion: 4
+systemFlags: -1946157056
+
+dn: CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,${CONFIGDN}
+objectClass: top
+objectClass: queryPolicy
+lDAPAdminLimits: MaxValRange=1500
+lDAPAdminLimits: MaxReceiveBuffer=10485760
+lDAPAdminLimits: MaxDatagramRecv=4096
+lDAPAdminLimits: MaxPoolThreads=4
+lDAPAdminLimits: MaxResultSetSize=262144
+lDAPAdminLimits: MaxTempTableSize=10000
+lDAPAdminLimits: MaxQueryDuration=120
+lDAPAdminLimits: MaxPageSize=1000
+lDAPAdminLimits: MaxNotificationPerConn=5
+lDAPAdminLimits: MaxActiveQueries=20
+lDAPAdminLimits: MaxConnIdleTime=900
+lDAPAdminLimits: InitRecvTimeout=120
+lDAPAdminLimits: MaxConnections=5000
+
+# End services
+
+# Sites
+
+dn: CN=Sites,${CONFIGDN}
+objectClass: top
+objectClass: sitesContainer
+systemFlags: -2113929216
+ntSecurityDescriptor:: ${SITES_DESCRIPTOR}
+
+dn: CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
+objectClass: top
+objectClass: site
+systemFlags: 1107296256
+
+dn: CN=Inter-Site Transports,CN=Sites,${CONFIGDN}
+objectClass: top
+objectClass: interSiteTransportContainer
+systemFlags: -2147483648
+
+dn: CN=IP,CN=Inter-Site Transports,CN=Sites,${CONFIGDN}
+objectClass: top
+objectClass: interSiteTransport
+transportAddressAttribute: dNSHostName
+transportDLLName: ismip.dll
+systemFlags: -2147483648
+
+dn: CN=DEFAULTIPSITELINK,CN=IP,CN=Inter-Site Transports,CN=Sites,${CONFIGDN}
+objectClass: top
+objectClass: siteLink
+cost: 100
+replInterval: 180
+showInAdvancedViewOnly: TRUE
+siteList: CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
+systemFlags: 1073741824
+
+dn: CN=SMTP,CN=Inter-Site Transports,CN=Sites,${CONFIGDN}
+objectClass: top
+objectClass: interSiteTransport
+transportAddressAttribute: mailAddress
+transportDLLName: ismsmtp.dll
+options: 1
+
+dn: CN=NTDS Site Settings,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
+objectClass: top
+objectClass: applicationSiteSettings
+objectClass: nTDSSiteSettings
+schedule:: vAAAAAAAAAABAAAAAAAAABQAAAABAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQE=
+
+dn: CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
+objectClass: top
+objectClass: serversContainer
+systemFlags: 33554432
+
+dn: CN=Subnets,CN=Sites,${CONFIGDN}
+objectClass: top
+objectClass: subnetContainer
+systemFlags: -2147483648
diff --git a/source4/setup/provision_configuration_basedn.ldif b/source4/setup/provision_configuration_basedn.ldif
new file mode 100644
index 0000000..710dac2
--- /dev/null
+++ b/source4/setup/provision_configuration_basedn.ldif
@@ -0,0 +1,9 @@
+###############################
+# Configuration Naming Context
+###############################
+dn: ${CONFIGDN}
+objectClass: top
+objectClass: configuration
+msDS-NcType: 0
+nTSecurityDescriptor:: ${DESCRIPTOR}
+instanceType: 13
diff --git a/source4/setup/provision_configuration_modify.ldif b/source4/setup/provision_configuration_modify.ldif
new file mode 100644
index 0000000..1361d6b
--- /dev/null
+++ b/source4/setup/provision_configuration_modify.ldif
@@ -0,0 +1,509 @@
+dn: CN=DisplaySpecifiers,${CONFIGDN}
+changetype: modify
+-
+replace: nTSecurityDescriptor
+nTSecurityDescriptor:: ${DISPLAYSPECIFIERS_DESCRIPTOR}
+-
+
+dn: CN=Change-Rid-Master,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 29
+
+dn: CN=Do-Garbage-Collection,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 31
+-
+
+dn: CN=Recalculate-Hierarchy,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 32
+-
+
+dn: CN=Allocate-Rids,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 33
+-
+
+dn: CN=Change-PDC,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 34
+-
+
+dn: CN=Add-GUID,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 35
+-
+
+dn: CN=Change-Domain-Master,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 36
+-
+
+dn: CN=Public-Information,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 37
+-
+
+dn: CN=msmq-Receive-Dead-Letter,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 38
+-
+
+dn: CN=msmq-Peek-Dead-Letter,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 39
+-
+
+dn: CN=msmq-Receive-computer-Journal,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 40
+-
+
+dn: CN=msmq-Peek-computer-Journal,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 41
+-
+
+dn: CN=msmq-Receive,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 42
+-
+
+dn: CN=msmq-Peek,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 43
+-
+
+dn: CN=msmq-Send,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 44
+-
+
+dn: CN=msmq-Receive-journal,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 45
+-
+
+dn: CN=msmq-Open-Connector,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 46
+-
+
+dn: CN=Apply-Group-Policy,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 47
+-
+
+dn: CN=RAS-Information,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 48
+-
+
+dn: CN=DS-Install-Replica,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 49
+-
+
+dn: CN=Change-Infrastructure-Master,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 50
+-
+
+dn: CN=Update-Schema-Cache,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 51
+-
+
+dn: CN=Recalculate-Security-Inheritance,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 52
+-
+
+dn: CN=DS-Check-Stale-Phantoms,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 53
+-
+
+dn: CN=Certificate-Enrollment,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 54
+-
+
+dn: CN=Self-Membership,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 12
+-
+
+dn: CN=Validated-DNS-Host-Name,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 13
+-
+
+dn: CN=Validated-SPN,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 14
+-
+
+dn: CN=Generate-RSoP-Planning,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 55
+-
+
+dn: CN=Refresh-Group-Cache,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 56
+-
+
+dn: CN=SAM-Enumerate-Entire-Domain,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 57
+-
+
+dn: CN=Generate-RSoP-Logging,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 58
+-
+
+dn: CN=Domain-Other-Parameters,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 59
+-
+
+dn: CN=DNS-Host-Name-Attributes,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 60
+-
+
+dn: CN=Create-Inbound-Forest-Trust,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 61
+-
+
+dn: CN=DS-Replication-Get-Changes-All,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 62
+-
+
+dn: CN=Migrate-SID-History,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 63
+-
+
+dn: CN=Reanimate-Tombstones,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 64
+-
+
+dn: CN=Allowed-To-Authenticate,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 65
+-
+
+dn: CN=DS-Execute-Intentions-Script,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 66
+-
+
+dn: CN=DS-Replication-Monitor-Topology,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 67
+-
+
+dn: CN=Update-Password-Not-Required-Bit,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 68
+-
+
+dn: CN=Unexpire-Password,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 69
+-
+
+dn: CN=Enable-Per-User-Reversibly-Encrypted-Password,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 70
+-
+
+dn: CN=DS-Query-Self-Quota,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 71
+-
+
+dn: CN=Domain-Administer-Server,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 1
+-
+
+dn: CN=User-Change-Password,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 2
+-
+
+dn: CN=User-Force-Change-Password,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 3
+-
+
+dn: CN=Send-As,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 4
+-
+
+dn: CN=Receive-As,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 5
+-
+
+dn: CN=Send-To,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 6
+-
+
+dn: CN=Domain-Password,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 7
+-
+
+dn: CN=General-Information,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 8
+-
+
+dn: CN=User-Account-Restrictions,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 9
+-
+
+dn: CN=User-Logon,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 10
+-
+
+dn: CN=Membership,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 11
+-
+
+dn: CN=Open-Address-Book,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 21
+-
+
+dn: CN=Personal-Information,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 23
+-
+
+dn: CN=Email-Information,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 22
+-
+
+dn: CN=Web-Information,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 24
+-
+
+dn: CN=DS-Replication-Get-Changes,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 25
+-
+
+dn: CN=DS-Replication-Synchronize,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 26
+-
+
+dn: CN=DS-Replication-Manage-Topology,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 27
+-
+
+dn: CN=Change-Schema-Master,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 28
+-
+
+dn: CN=DS-Replication-Get-Changes-In-Filtered-Set,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 77
+-
+
+dn: CN=MS-TS-GatewayAccess,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 74
+-
+
+dn: CN=Private-Information,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 72
+-
+
+dn: CN=Read-Only-Replication-Secret-Synchronization,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 73
+-
+
+dn: CN=Reload-SSL-Certificate,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 76
+-
+
+dn: CN=Terminal-Server-License-Server,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 75
+-
+
+dn: CN=Manage-Optional-Features,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 79
+-
+
+dn: CN=Run-Protect-Admin-Groups-Task,CN=Extended-Rights,${CONFIGDN}
+changetype: modify
+-
+replace: localizationDisplayId
+localizationDisplayId: 78
+-
diff --git a/source4/setup/provision_configuration_references.ldif b/source4/setup/provision_configuration_references.ldif
new file mode 100644
index 0000000..febe436
--- /dev/null
+++ b/source4/setup/provision_configuration_references.ldif
@@ -0,0 +1,14 @@
+###############################
+# Configuration Naming Context
+###############################
+dn: ${CONFIGDN}
+changetype: modify
+-
+# "masteredBy", "msDs-masteredBy" filled in later
+replace: subRefs
+subRefs: ${SCHEMADN}
+-
+add: wellKnownObjects
+wellKnownObjects: B:32:6227f0af1fc2410d8e3bb10615bb5b0f:CN=NTDS Quotas,${CONFIGDN}
+wellKnownObjects: B:32:ab8153b7768811d1aded00c04fd8d5cd:CN=LostAndFoundConfig,${CONFIGDN}
+wellKnownObjects: B:32:18e2ea80684f11d2b9aa00c04f79f805:CN=Deleted Objects,${CONFIGDN}
diff --git a/source4/setup/provision_dns_accounts_add.ldif b/source4/setup/provision_dns_accounts_add.ldif
new file mode 100644
index 0000000..4309624
--- /dev/null
+++ b/source4/setup/provision_dns_accounts_add.ldif
@@ -0,0 +1,12 @@
+dn: CN=DnsAdmins,CN=Users,${DOMAINDN}
+objectClass: group
+description: DNS Administrators Group
+sAMAccountName: DnsAdmins
+groupType: -2147483644
+
+dn: CN=DnsUpdateProxy,CN=Users,${DOMAINDN}
+objectClass: group
+description: DNS clients who are permitted to perform dynamic updates on behal
+ f of some other clients (such as DHCP servers).
+sAMAccountName: DnsUpdateProxy
+groupType: -2147483646
diff --git a/source4/setup/provision_dns_add_samba.ldif b/source4/setup/provision_dns_add_samba.ldif
new file mode 100644
index 0000000..7fb2e78
--- /dev/null
+++ b/source4/setup/provision_dns_add_samba.ldif
@@ -0,0 +1,16 @@
+# NOTE: This account is SAMBA4 specific!
+# we have it to avoid the need for the bind daemon to
+# have access to the whole secrets.keytab for the domain,
+# otherwise bind could impersonate any user
+dn: CN=dns-${HOSTNAME},CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: user
+description: DNS Service Account for ${HOSTNAME}
+userAccountControl: 512
+accountExpires: 9223372036854775807
+sAMAccountName: dns-${HOSTNAME}
+servicePrincipalName: DNS/${DNSNAME}
+clearTextPassword:: ${DNSPASS_B64}
+isCriticalSystemObject: TRUE
diff --git a/source4/setup/provision_dnszones_add.ldif b/source4/setup/provision_dnszones_add.ldif
new file mode 100644
index 0000000..a2d6b6b
--- /dev/null
+++ b/source4/setup/provision_dnszones_add.ldif
@@ -0,0 +1,43 @@
+#################################
+# Required objectclasses
+#################################
+dn: CN=Deleted Objects,${ZONE_DN}
+objectClass: top
+objectClass: container
+description: Deleted objects
+isDeleted: TRUE
+isCriticalSystemObject: TRUE
+systemFlags: -1946157056
+nTSecurityDescriptor:: ${DELETEDOBJECTS_DESCRIPTOR}
+
+dn: CN=LostAndFound,${ZONE_DN}
+objectClass: top
+objectClass: lostAndFound
+isCriticalSystemObject: TRUE
+systemFlags: -1946157056
+nTSecurityDescriptor:: ${LOSTANDFOUND_DESCRIPTOR}
+
+dn: CN=Infrastructure,${ZONE_DN}
+objectClass: top
+objectClass: infrastructureUpdate
+isCriticalSystemObject: TRUE
+systemFlags: -1946157056
+nTSecurityDescriptor:: ${INFRASTRUCTURE_DESCRIPTOR}
+
+dn: CN=NTDS Quotas,${ZONE_DN}
+objectClass: top
+objectClass: msDS-QuotaContainer
+isCriticalSystemObject: TRUE
+systemFlags: -1946157056
+
+
+#################################
+# Configure partitions
+#################################
+dn: CN=${ZONE_GUID},CN=Partitions,${CONFIGDN}
+objectClass: top
+objectClass: crossRef
+nCName: ${ZONE_DN}
+dnsRoot: ${ZONE_DNS}
+systemFlags: 5
+msDS-NC-Replica-Locations: CN=NTDS Settings,${SERVERDN}
diff --git a/source4/setup/provision_dnszones_modify.ldif b/source4/setup/provision_dnszones_modify.ldif
new file mode 100644
index 0000000..108d8b8
--- /dev/null
+++ b/source4/setup/provision_dnszones_modify.ldif
@@ -0,0 +1,21 @@
+dn: ${ZONE_DN}
+changetype: modify
+add: wellKnownObjects
+wellKnownObjects: B:32:6227f0af1fc2410d8e3bb10615bb5b0f:CN=NTDS Quotas,${ZONE_DN}
+wellKnownObjects: B:32:18e2ea80684f11d2b9aa00c04f79f805:CN=Deleted Objects,${ZONE_DN}
+wellKnownObjects: B:32:2fbac1870ade11d297c400c04fd8d5cd:CN=Infrastructure,${ZONE_DN}
+wellKnownObjects: B:32:ab8153b7768811d1aded00c04fd8d5cd:CN=LostAndFound,${ZONE_DN}
+
+dn: CN=Infrastructure,${ZONE_DN}
+changetype: modify
+add: fSMORoleOwner
+fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
+
+dn: CN=NTDS Settings,${SERVERDN}
+changetype: modify
+add: msDS-HasInstantiatedNCs
+msDS-HasInstantiatedNCs: B:8:0000000D:${ZONE_DN}
+-
+add: msDS-hasMasterNCs
+msDS-hasMasterNCs: ${ZONE_DN}
+-
diff --git a/source4/setup/provision_dnszones_partitions.ldif b/source4/setup/provision_dnszones_partitions.ldif
new file mode 100644
index 0000000..c022bd0
--- /dev/null
+++ b/source4/setup/provision_dnszones_partitions.ldif
@@ -0,0 +1,11 @@
+################################
+## DNSZones Naming Context
+################################
+dn: ${ZONE_DN}
+objectClass: top
+objectClass: domainDNS
+description: Microsoft DNS Directory
+msDS-NcType: 0
+instanceType: 13
+ntSecurityDescriptor:: ${SECDESC}
+
diff --git a/source4/setup/provision_group_policy.ldif b/source4/setup/provision_group_policy.ldif
new file mode 100644
index 0000000..02dfe52
--- /dev/null
+++ b/source4/setup/provision_group_policy.ldif
@@ -0,0 +1,57 @@
+dn: CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+objectClass: groupPolicyContainer
+displayName: Default Domain Policy
+gPCFunctionalityVersion: 2
+gPCFileSysPath: \\${DNSDOMAIN}\sysvol\${DNSDOMAIN}\Policies\{${POLICYGUID}}
+versionNumber: 0
+flags: 0
+gPCMachineExtensionNames: [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1B-248
+ 8-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4
+ FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1B-2
+ 488-11D1-A28C-00C04FB94F17}]
+gPCUserExtensionNames: [{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-1
+ 1D2-842D-00C04FA372D4}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-
+ 11D1-A7CC-0000F87571E3}]
+isCriticalSystemObject: TRUE
+systemFlags: -1946157056
+
+dn: CN=User,CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+isCriticalSystemObject: TRUE
+systemFlags: -1946157056
+
+dn: CN=Machine,CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+isCriticalSystemObject: TRUE
+systemFlags: -1946157056
+
+dn: CN={${POLICYGUID_DC}},CN=Policies,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+objectClass: groupPolicyContainer
+displayName: Default Domain Controllers Policy
+gPCFunctionalityVersion: 2
+gPCFileSysPath: \\${DNSDOMAIN}\sysvol\${DNSDOMAIN}\Policies\{${POLICYGUID_DC}}
+versionNumber: 0
+flags: 0
+gPCMachineExtensionNames: [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4
+ FB-11D0-A0D0-00A0C90F574B}]
+isCriticalSystemObject: TRUE
+systemFlags: -1946157056
+
+dn: CN=User,CN={${POLICYGUID_DC}},CN=Policies,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+isCriticalSystemObject: TRUE
+systemFlags: -1946157056
+
+dn: CN=Machine,CN={${POLICYGUID_DC}},CN=Policies,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+isCriticalSystemObject: TRUE
+systemFlags: -1946157056
+
diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif
new file mode 100644
index 0000000..1d08687
--- /dev/null
+++ b/source4/setup/provision_init.ldif
@@ -0,0 +1,34 @@
+dn: @KLUDGEACL
+passwordAttribute: clearTextPassword
+passwordAttribute: userPassword
+passwordAttribute: ntPwdHash
+passwordAttribute: sambaNTPwdHistory
+passwordAttribute: lmPwdHash
+passwordAttribute: sambaLMPwdHistory
+passwordAttribute: krb5key
+passwordAttribute: dBCSPwd
+passwordAttribute: unicodePwd
+passwordAttribute: ntPwdHistory
+passwordAttribute: lmPwdHistory
+passwordAttribute: supplementalCredentials
+passwordAttribute: priorValue
+passwordAttribute: currentValue
+passwordAttribute: trustAuthOutgoing
+passwordAttribute: trustAuthIncoming
+passwordAttribute: initialAuthOutgoing
+passwordAttribute: initialAuthIncoming
+passwordAttribute: pekList
+passwordAttribute: msDS-ExecuteScriptPassword
+
+dn: @OPTIONS
+checkBaseOnSearch: TRUE
+disallowDNFilter: TRUE
+
+dn: @SAMBA_DSDB
+backendType: ${BACKEND_TYPE}
+serverRole: ${SERVER_ROLE}
+compatibleFeatures: sortedLinks
+${REQUIRED_FEATURES}
+
+dn: @MODULES
+@LIST: samba_dsdb
diff --git a/source4/setup/provision_partitions.ldif b/source4/setup/provision_partitions.ldif
new file mode 100644
index 0000000..4cd5794
--- /dev/null
+++ b/source4/setup/provision_partitions.ldif
@@ -0,0 +1,7 @@
+dn: @PARTITION
+replicateEntries: @ATTRIBUTES
+replicateEntries: @INDEXLIST
+replicateEntries: @OPTIONS
+${BACKEND_STORE}
+${LDAP_BACKEND_LINE}
+
diff --git a/source4/setup/provision_privilege.ldif b/source4/setup/provision_privilege.ldif
new file mode 100644
index 0000000..0916c59
--- /dev/null
+++ b/source4/setup/provision_privilege.ldif
@@ -0,0 +1,78 @@
+# default privileges - more can be added via LSA or ldbedit
+dn: @ATTRIBUTES
+comment: CASE_INSENSITIVE
+privilege: CASE_INSENSITIVE
+
+dn: @INDEXLIST
+@IDXATTR: objectSid
+@IDXATTR: privilege
+
+dn: sid=S-1-5-32-544
+objectClass: privilege
+comment: Administrators
+objectSid: S-1-5-32-544
+privilege: SeSecurityPrivilege
+privilege: SeBackupPrivilege
+privilege: SeRestorePrivilege
+privilege: SeSystemtimePrivilege
+privilege: SeShutdownPrivilege
+privilege: SeRemoteShutdownPrivilege
+privilege: SeTakeOwnershipPrivilege
+privilege: SeDebugPrivilege
+privilege: SeSystemEnvironmentPrivilege
+privilege: SeSystemProfilePrivilege
+privilege: SeProfileSingleProcessPrivilege
+privilege: SeIncreaseBasePriorityPrivilege
+privilege: SeLoadDriverPrivilege
+privilege: SeCreatePagefilePrivilege
+privilege: SeIncreaseQuotaPrivilege
+privilege: SeChangeNotifyPrivilege
+privilege: SeUndockPrivilege
+privilege: SeManageVolumePrivilege
+privilege: SeImpersonatePrivilege
+privilege: SeCreateGlobalPrivilege
+privilege: SeEnableDelegationPrivilege
+privilege: SeInteractiveLogonRight
+privilege: SeNetworkLogonRight
+privilege: SeRemoteInteractiveLogonRight
+
+dn: sid=S-1-5-32-550
+objectClass: privilege
+comment: Print Operators
+objectSid: S-1-5-32-550
+privilege: SeLoadDriverPrivilege
+privilege: SeShutdownPrivilege
+privilege: SeInteractiveLogonRight
+
+dn: sid=S-1-5-32-551
+objectClass: privilege
+comment: Backup Operators
+objectSid: S-1-5-32-551
+privilege: SeBackupPrivilege
+privilege: SeRestorePrivilege
+privilege: SeShutdownPrivilege
+privilege: SeInteractiveLogonRight
+
+dn: sid=S-1-5-32-549
+objectClass: privilege
+comment: Server Operators
+objectSid: S-1-5-32-549
+privilege: SeBackupPrivilege
+privilege: SeSystemtimePrivilege
+privilege: SeRemoteShutdownPrivilege
+privilege: SeRestorePrivilege
+privilege: SeShutdownPrivilege
+privilege: SeInteractiveLogonRight
+
+dn: sid=S-1-5-32-548
+objectClass: privilege
+comment: Account Operators
+objectSid: S-1-5-32-548
+privilege: SeInteractiveLogonRight
+
+dn: sid=S-1-5-32-554
+objectClass: privilege
+comment: Pre-Windows 2000 Compatible Access
+objectSid: S-1-5-32-554
+privilege: SeRemoteInteractiveLogonRight
+privilege: SeChangeNotifyPrivilege
diff --git a/source4/setup/provision_rootdse_add.ldif b/source4/setup/provision_rootdse_add.ldif
new file mode 100644
index 0000000..70390d2
--- /dev/null
+++ b/source4/setup/provision_rootdse_add.ldif
@@ -0,0 +1,29 @@
+# the rootDSE module looks in this record for its base data
+dn: @ROOTDSE
+subschemaSubentry: CN=Aggregate,${SCHEMADN}
+dsServiceName: CN=NTDS Settings,${SERVERDN}
+defaultNamingContext: ${DOMAINDN}
+rootDomainNamingContext: ${ROOTDN}
+configurationNamingContext: ${CONFIGDN}
+schemaNamingContext: ${SCHEMADN}
+#supportedLDAPPolicies: MaxPoolThreads
+#supportedLDAPPolicies: MaxDatagramRecv
+#supportedLDAPPolicies: MaxReceiveBuffer
+#supportedLDAPPolicies: InitRecvTimeout
+#supportedLDAPPolicies: MaxConnections
+#supportedLDAPPolicies: MaxConnIdleTime
+#supportedLDAPPolicies: MaxPageSize
+#supportedLDAPPolicies: MaxQueryDuration
+#supportedLDAPPolicies: MaxTempTableSize
+#supportedLDAPPolicies: MaxResultSetSize
+#supportedLDAPPolicies: MaxNotificationPerConn
+#supportedLDAPPolicies: MaxValRange
+supportedLDAPVersion: 2
+supportedLDAPVersion: 3
+isSynchronized: FALSE
+vendorName: Samba Team (https://www.samba.org)
+supportedCapabilities: 1.2.840.113556.1.4.800
+supportedCapabilities: 1.2.840.113556.1.4.1670
+supportedCapabilities: 1.2.840.113556.1.4.1791
+supportedCapabilities: 1.2.840.113556.1.4.1935
+supportedCapabilities: 1.2.840.113556.1.4.2080
diff --git a/source4/setup/provision_rootdse_modify.ldif b/source4/setup/provision_rootdse_modify.ldif
new file mode 100644
index 0000000..f6b803b
--- /dev/null
+++ b/source4/setup/provision_rootdse_modify.ldif
@@ -0,0 +1,7 @@
+# mark the database as syncronized
+dn: @ROOTDSE
+changetype: modify
+replace: isSynchronized
+isSynchronized: TRUE
+replace: dsServiceName
+dsServiceName: <GUID=${NTDSGUID}>
diff --git a/source4/setup/provision_schema_basedn.ldif b/source4/setup/provision_schema_basedn.ldif
new file mode 100644
index 0000000..deb80dd
--- /dev/null
+++ b/source4/setup/provision_schema_basedn.ldif
@@ -0,0 +1,9 @@
+###############################
+# Schema Naming Context
+###############################
+dn: ${SCHEMADN}
+objectClass: top
+objectClass: dMD
+msDS-NcType: 0
+nTSecurityDescriptor:: ${DESCRIPTOR}
+instanceType: 13
diff --git a/source4/setup/provision_schema_basedn_modify.ldif b/source4/setup/provision_schema_basedn_modify.ldif
new file mode 100644
index 0000000..e4057c3
--- /dev/null
+++ b/source4/setup/provision_schema_basedn_modify.ldif
@@ -0,0 +1,10 @@
+###############################
+# Schema Naming Context
+###############################
+dn: ${SCHEMADN}
+changetype: modify
+-
+# "masteredBy", "msDs-masteredBy" filled in later
+replace: objectVersion
+objectVersion: ${OBJVERSION}
+
diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif
new file mode 100644
index 0000000..e7a711f
--- /dev/null
+++ b/source4/setup/provision_self_join.ldif
@@ -0,0 +1,34 @@
+# Accounts for selfjoin (joins DC to itself)
+
+# Object under "Domain Controllers"
+dn: CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: user
+objectClass: computer
+accountExpires: 9223372036854775807
+dNSHostName: ${DNSNAME}
+# "MSDFSR-ComputerReferenceBL" doesn't exist since we still miss DFSR support
+# "isCritcalSystemObject" is now filled in by the samldb LDB module
+localPolicyFlags: 0
+operatingSystem: ${OPERATING_SYSTEM}
+operatingSystemVersion: ${OPERATING_SYSTEM_VERSION}
+sAMAccountName: ${NETBIOSNAME}$
+userAccountControl: 532480
+clearTextPassword:: ${MACHINEPASS_B64}
+objectSid: ${DOMAINSID}-${DCRID}
+# While some "servicePrincipalName" updates might be handled by the
+# "samba_spnupdate" script, we need to get the basics in here before
+# we add any others.
+servicePrincipalName: HOST/${DNSNAME}
+servicePrincipalName: HOST/${NETBIOSNAME}
+servicePrincipalName: HOST/${DNSNAME}/${DNSNAME}
+
+
+dn: CN=RID Set,CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
+objectClass: rIDSet
+rIDAllocationPool: ${RIDALLOCATIONSTART}-${RIDALLOCATIONEND}
+rIDPreviousAllocationPool: ${RIDALLOCATIONSTART}-${RIDALLOCATIONEND}
+rIDUsedPool: 0
+rIDNextRID: ${RIDALLOCATIONSTART}
diff --git a/source4/setup/provision_self_join_config.ldif b/source4/setup/provision_self_join_config.ldif
new file mode 100644
index 0000000..e0f1a5a
--- /dev/null
+++ b/source4/setup/provision_self_join_config.ldif
@@ -0,0 +1,33 @@
+# Here are missing the objects for the NTFRS subscription since we don't
+# support this technique yet.
+
+# Objects under "Configuration/Sites/<Default sitename>/Servers"
+
+dn: ${SERVERDN}
+objectClass: top
+objectClass: server
+systemFlags: 1375731712
+dNSHostName: ${DNSNAME}
+
+dn: CN=NTDS Settings,${SERVERDN}
+objectClass: top
+objectClass: applicationSettings
+objectClass: nTDSDSA
+dMDLocation: ${SCHEMADN}
+hasMasterNCs: ${CONFIGDN}
+hasMasterNCs: ${SCHEMADN}
+hasMasterNCs: ${DOMAINDN}
+invocationId: ${INVOCATIONID}
+msDS-Behavior-Version: ${DOMAIN_CONTROLLER_FUNCTIONALITY}
+msDS-HasDomainNCs: ${DOMAINDN}
+# "msDS-HasInstantiatedNCs"s for DNS is added from provision_dnszones_modify.ldif
+msDS-HasInstantiatedNCs: B:8:0000000D:${CONFIGDN}
+msDS-HasInstantiatedNCs: B:8:0000000D:${SCHEMADN}
+msDS-HasInstantiatedNCs: B:8:00000005:${DOMAINDN}
+# "msDS-hasMasterNCs"s for DNS is added from provision_dnszones_modify.ldif
+msDS-hasMasterNCs: ${CONFIGDN}
+msDS-hasMasterNCs: ${SCHEMADN}
+msDS-hasMasterNCs: ${DOMAINDN}
+options: 1
+systemFlags: 33554432
+${NTDSGUID}
diff --git a/source4/setup/provision_self_join_modify.ldif b/source4/setup/provision_self_join_modify.ldif
new file mode 100644
index 0000000..dcdeee3
--- /dev/null
+++ b/source4/setup/provision_self_join_modify.ldif
@@ -0,0 +1,26 @@
+dn: ${DOMAINDN}
+changetype: modify
+replace: fSMORoleOwner
+fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
+replace: rIDManagerReference
+rIDManagerReference: CN=RID Manager$,CN=System,${DOMAINDN}
+
+dn: CN=Infrastructure,${DOMAINDN}
+changetype: modify
+replace: fSMORoleOwner
+fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
+
+dn: CN=RID Manager$,CN=System,${DOMAINDN}
+changetype: modify
+replace: fSMORoleOwner
+fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
+
+dn: CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
+changetype: modify
+add: rIDSetReferences
+rIDSetReferences: CN=RID Set,CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
+
+dn: ${SERVERDN}
+changetype: modify
+add: serverReference
+serverReference: CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
diff --git a/source4/setup/provision_self_join_modify_config.ldif b/source4/setup/provision_self_join_modify_config.ldif
new file mode 100644
index 0000000..2d8e4c9
--- /dev/null
+++ b/source4/setup/provision_self_join_modify_config.ldif
@@ -0,0 +1,9 @@
+dn: CN=Partitions,${CONFIGDN}
+changetype: modify
+replace: fSMORoleOwner
+fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
+
+dn: CN=NTDS Site Settings,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
+changetype: modify
+replace: interSiteTopologyGenerator
+interSiteTopologyGenerator: CN=NTDS Settings,${SERVERDN}
diff --git a/source4/setup/provision_self_join_modify_schema.ldif b/source4/setup/provision_self_join_modify_schema.ldif
new file mode 100644
index 0000000..edb0620
--- /dev/null
+++ b/source4/setup/provision_self_join_modify_schema.ldif
@@ -0,0 +1,4 @@
+dn: ${SCHEMADN}
+changetype: modify
+replace: fSMORoleOwner
+fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif
new file mode 100644
index 0000000..efdf756
--- /dev/null
+++ b/source4/setup/provision_users.ldif
@@ -0,0 +1,443 @@
+# Add default primary groups (domain users, domain guests, domain computers &
+# domain controllers) - needed for the users to find valid primary groups
+# (samldb module)
+
+dn: CN=Domain Users,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: All domain users
+objectSid: ${DOMAINSID}-513
+sAMAccountName: Domain Users
+isCriticalSystemObject: TRUE
+
+dn: CN=Domain Guests,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: All domain guests
+objectSid: ${DOMAINSID}-514
+sAMAccountName: Domain Guests
+isCriticalSystemObject: TRUE
+
+dn: CN=Domain Computers,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: All workstations and servers joined to the domain
+objectSid: ${DOMAINSID}-515
+sAMAccountName: Domain Computers
+isCriticalSystemObject: TRUE
+
+dn: CN=Domain Controllers,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: All domain controllers in the domain
+objectSid: ${DOMAINSID}-516
+adminCount: 1
+sAMAccountName: Domain Controllers
+isCriticalSystemObject: TRUE
+
+# Add users
+
+dn: CN=Administrator,CN=Users,${DOMAINDN}
+objectClass: user
+description: Built-in account for administering the computer/domain
+userAccountControl: 512
+objectSid: ${DOMAINSID}-500
+adminCount: 1
+accountExpires: 9223372036854775807
+sAMAccountName: Administrator
+clearTextPassword:: ${ADMINPASS_B64}
+isCriticalSystemObject: TRUE
+
+dn: CN=Guest,CN=Users,${DOMAINDN}
+objectClass: user
+description: Built-in account for guest access to the computer/domain
+userAccountControl: 66082
+primaryGroupID: 514
+objectSid: ${DOMAINSID}-501
+sAMAccountName: Guest
+isCriticalSystemObject: TRUE
+
+dn: CN=krbtgt,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: user
+description: Key Distribution Center Service Account
+showInAdvancedViewOnly: TRUE
+userAccountControl: 514
+objectSid: ${DOMAINSID}-502
+adminCount: 1
+accountExpires: 9223372036854775807
+sAMAccountName: krbtgt
+servicePrincipalName: kadmin/changepw
+clearTextPassword:: ${KRBTGTPASS_B64}
+isCriticalSystemObject: TRUE
+
+# Add other groups
+
+dn: CN=Enterprise Read-only Domain Controllers,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Members of this group are Read-Only Domain Controllers in the enterprise
+objectSid: ${DOMAINSID}-498
+sAMAccountName: Enterprise Read-only Domain Controllers
+groupType: -2147483640
+isCriticalSystemObject: TRUE
+
+dn: CN=Domain Admins,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Designated administrators of the domain
+member: CN=Administrator,CN=Users,${DOMAINDN}
+objectSid: ${DOMAINSID}-512
+adminCount: 1
+sAMAccountName: Domain Admins
+isCriticalSystemObject: TRUE
+
+dn: CN=Cert Publishers,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Members of this group are permitted to publish certificates to the directory
+objectSid: ${DOMAINSID}-517
+sAMAccountName: Cert Publishers
+groupType: -2147483644
+isCriticalSystemObject: TRUE
+
+dn: CN=Schema Admins,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Designated administrators of the schema
+member: CN=Administrator,CN=Users,${DOMAINDN}
+objectSid: ${DOMAINSID}-518
+adminCount: 1
+sAMAccountName: Schema Admins
+groupType: -2147483640
+isCriticalSystemObject: TRUE
+
+dn: CN=Enterprise Admins,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Designated administrators of the enterprise
+member: CN=Administrator,CN=Users,${DOMAINDN}
+objectSid: ${DOMAINSID}-519
+adminCount: 1
+sAMAccountName: Enterprise Admins
+groupType: -2147483640
+isCriticalSystemObject: TRUE
+
+dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Members in this group can modify group policy for the domain
+member: CN=Administrator,CN=Users,${DOMAINDN}
+objectSid: ${DOMAINSID}-520
+sAMAccountName: Group Policy Creator Owners
+isCriticalSystemObject: TRUE
+
+dn: CN=Read-only Domain Controllers,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Members of this group are Read-Only Domain Controllers in the domain
+objectSid: ${DOMAINSID}-521
+adminCount: 1
+sAMAccountName: Read-only Domain Controllers
+isCriticalSystemObject: TRUE
+
+dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Servers in this group can access remote access properties of users
+objectSid: ${DOMAINSID}-553
+sAMAccountName: RAS and IAS Servers
+groupType: -2147483644
+isCriticalSystemObject: TRUE
+
+dn: CN=Allowed RODC Password Replication Group,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Members in this group can have their passwords replicated to all read-only domain controllers in the domain
+objectSid: ${DOMAINSID}-571
+sAMAccountName: Allowed RODC Password Replication Group
+groupType: -2147483644
+isCriticalSystemObject: TRUE
+
+dn: CN=Denied RODC Password Replication Group,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Members in this group cannot have their passwords replicated to any read-only domain controllers in the domain
+member: CN=Read-only Domain Controllers,CN=Users,${DOMAINDN}
+member: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
+member: CN=Domain Admins,CN=Users,${DOMAINDN}
+member: CN=Cert Publishers,CN=Users,${DOMAINDN}
+member: CN=Enterprise Admins,CN=Users,${DOMAINDN}
+member: CN=Schema Admins,CN=Users,${DOMAINDN}
+member: CN=Domain Controllers,CN=Users,${DOMAINDN}
+member: CN=krbtgt,CN=Users,${DOMAINDN}
+objectSid: ${DOMAINSID}-572
+sAMAccountName: Denied RODC Password Replication Group
+groupType: -2147483644
+isCriticalSystemObject: TRUE
+
+dn: CN=Protected Users,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Members of this group are afforded additional protections against authentication security threats
+objectSid: ${DOMAINSID}-525
+sAMAccountName: Protected Users
+groupType: -2147483646
+isCriticalSystemObject: TRUE
+
+# NOTICE: Some other users and groups which rely on automatic SIDs are located
+# in "provision_self_join_modify.ldif"
+
+# Add foreign security principals
+
+dn: CN=S-1-5-4,CN=ForeignSecurityPrincipals,${DOMAINDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-4
+
+dn: CN=S-1-5-9,CN=ForeignSecurityPrincipals,${DOMAINDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-9
+
+dn: CN=S-1-5-11,CN=ForeignSecurityPrincipals,${DOMAINDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-11
+
+dn: CN=S-1-5-17,CN=ForeignSecurityPrincipals,${DOMAINDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-17
+
+# Add builtin objects
+
+dn: CN=Administrators,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Administrators have complete and unrestricted access to the computer/domain
+member: CN=Domain Admins,CN=Users,${DOMAINDN}
+member: CN=Enterprise Admins,CN=Users,${DOMAINDN}
+member: CN=Administrator,CN=Users,${DOMAINDN}
+objectSid: S-1-5-32-544
+adminCount: 1
+sAMAccountName: Administrators
+systemFlags: -1946157056
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+
+dn: CN=Users,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Users are prevented from making accidental or intentional system-wide changes and can run most applications
+member: CN=Domain Users,CN=Users,${DOMAINDN}
+member: CN=S-1-5-4,CN=ForeignSecurityPrincipals,${DOMAINDN}
+member: CN=S-1-5-11,CN=ForeignSecurityPrincipals,${DOMAINDN}
+objectSid: S-1-5-32-545
+sAMAccountName: Users
+systemFlags: -1946157056
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+
+dn: CN=Guests,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
+member: CN=Domain Guests,CN=Users,${DOMAINDN}
+member: CN=Guest,CN=Users,${DOMAINDN}
+objectSid: S-1-5-32-546
+sAMAccountName: Guests
+systemFlags: -1946157056
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+
+dn: CN=Account Operators,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Members can administer domain user and group accounts
+objectSid: S-1-5-32-548
+adminCount: 1
+sAMAccountName: Account Operators
+systemFlags: -1946157056
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+
+dn: CN=Server Operators,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Members can administer domain servers
+objectSid: S-1-5-32-549
+adminCount: 1
+sAMAccountName: Server Operators
+systemFlags: -1946157056
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+
+dn: CN=Print Operators,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Members can administer domain printers
+objectSid: S-1-5-32-550
+adminCount: 1
+sAMAccountName: Print Operators
+systemFlags: -1946157056
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+
+dn: CN=Backup Operators,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
+objectSid: S-1-5-32-551
+adminCount: 1
+sAMAccountName: Backup Operators
+systemFlags: -1946157056
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+
+dn: CN=Replicator,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Supports file replication in a domain
+objectSid: S-1-5-32-552
+adminCount: 1
+sAMAccountName: Replicator
+systemFlags: -1946157056
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+
+dn: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: A backward compatibility group which allows read access on all users and groups in the domain
+member: CN=S-1-5-11,CN=ForeignSecurityPrincipals,${DOMAINDN}
+objectSid: S-1-5-32-554
+sAMAccountName: Pre-Windows 2000 Compatible Access
+systemFlags: -1946157056
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+
+dn: CN=Remote Desktop Users,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Members in this group are granted the right to logon remotely
+objectSid: S-1-5-32-555
+sAMAccountName: Remote Desktop Users
+systemFlags: -1946157056
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+
+dn: CN=Network Configuration Operators,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Members in this group can have some administrative privileges to manage configuration of networking features
+objectSid: S-1-5-32-556
+sAMAccountName: Network Configuration Operators
+systemFlags: -1946157056
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+
+dn: CN=Incoming Forest Trust Builders,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Members of this group can create incoming, one-way trusts to this forest
+objectSid: S-1-5-32-557
+sAMAccountName: Incoming Forest Trust Builders
+systemFlags: -1946157056
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+
+dn: CN=Performance Monitor Users,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Members of this group can access performance counter data locally and remotely
+objectSid: S-1-5-32-558
+sAMAccountName: Performance Monitor Users
+systemFlags: -1946157056
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+
+dn: CN=Performance Log Users,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Members of this group may schedule logging of performance counters, enable trace providers, and collect event traces both locally and via remote access to this computer
+objectSid: S-1-5-32-559
+sAMAccountName: Performance Log Users
+systemFlags: -1946157056
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+
+dn: CN=Windows Authorization Access Group,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects
+member: CN=S-1-5-9,CN=ForeignSecurityPrincipals,${DOMAINDN}
+objectSid: S-1-5-32-560
+sAMAccountName: Windows Authorization Access Group
+systemFlags: -1946157056
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+
+dn: CN=Terminal Server License Servers,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Members of this group can update user accounts in Active Directory with information about license issuance, for the purpose of tracking and reporting TS Per User CAL usage
+objectSid: S-1-5-32-561
+sAMAccountName: Terminal Server License Servers
+systemFlags: -1946157056
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+
+dn: CN=Distributed COM Users,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Members are allowed to launch, activate and use Distributed COM objects on this machine.
+objectSid: S-1-5-32-562
+sAMAccountName: Distributed COM Users
+systemFlags: -1946157056
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+
+dn: CN=IIS_IUSRS,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Built-in group used by Internet Information Services.
+member: CN=S-1-5-17,CN=ForeignSecurityPrincipals,${DOMAINDN}
+objectSid: S-1-5-32-568
+sAMAccountName: IIS_IUSRS
+systemFlags: -1946157056
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+
+dn: CN=Cryptographic Operators,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Members are authorized to perform cryptographic operations.
+objectSid: S-1-5-32-569
+sAMAccountName: Cryptographic Operators
+systemFlags: -1946157056
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+
+dn: CN=Event Log Readers,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Members of this group can read event logs from local machine
+objectSid: S-1-5-32-573
+sAMAccountName: Event Log Readers
+systemFlags: -1946157056
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+
+dn: CN=Certificate Service DCOM Access,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Members of this group are allowed to connect to Certification Authorities in the enterprise
+objectSid: S-1-5-32-574
+sAMAccountName: Certificate Service DCOM Access
+systemFlags: -1946157056
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+
diff --git a/source4/setup/provision_users_add.ldif b/source4/setup/provision_users_add.ldif
new file mode 100644
index 0000000..d5f76ed
--- /dev/null
+++ b/source4/setup/provision_users_add.ldif
@@ -0,0 +1,4 @@
+dn: CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: container
+nTSecurityDescriptor:: ${USERS_DESCRIPTOR}
diff --git a/source4/setup/provision_users_modify.ldif b/source4/setup/provision_users_modify.ldif
new file mode 100644
index 0000000..6a2e180
--- /dev/null
+++ b/source4/setup/provision_users_modify.ldif
@@ -0,0 +1,13 @@
+dn: CN=Users,${DOMAINDN}
+changetype: modify
+replace: description
+description: Default container for upgraded user accounts
+-
+replace: systemFlags
+systemFlags: -1946157056
+-
+replace: isCriticalSystemObject
+isCriticalSystemObject: TRUE
+-
+replace: showInAdvancedViewOnly
+showInAdvancedViewOnly: FALSE
diff --git a/source4/setup/provision_well_known_sec_princ.ldif b/source4/setup/provision_well_known_sec_princ.ldif
new file mode 100644
index 0000000..1817382
--- /dev/null
+++ b/source4/setup/provision_well_known_sec_princ.ldif
@@ -0,0 +1,137 @@
+# Add well known security principals
+
+dn: CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: container
+systemFlags: -2147483648
+nTSecurityDescriptor:: ${WELLKNOWNPRINCIPALS_DESCRIPTOR}
+
+dn: CN=Anonymous Logon,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-7
+
+dn: CN=Authenticated Users,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-11
+
+dn: CN=Batch,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-3
+
+dn: CN=Creator Group,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-3-1
+
+dn: CN=Creator Owner,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-3-0
+
+dn: CN=Dialup,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-1
+
+dn: CN=Digest Authentication,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-64-21
+
+dn: CN=Enterprise Domain Controllers,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-9
+
+dn: CN=Everyone,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-1-0
+
+dn: CN=Interactive,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-4
+
+dn: CN=IUSR,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-17
+
+dn: CN=Local Service,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-19
+
+dn: CN=Network,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-2
+
+dn: CN=Network Service,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-20
+
+dn: CN=NTLM Authentication,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-64-10
+
+dn: CN=Other Organization,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-1000
+
+dn: CN=Owner Rights,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-3-4
+
+dn: CN=Proxy,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-8
+
+dn: CN=Remote Interactive Logon,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-14
+
+dn: CN=Restricted,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-12
+
+dn: CN=SChannel Authentication,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-64-14
+
+dn: CN=Self,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-10
+
+dn: CN=Service,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-6
+
+dn: CN=System,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-18
+
+dn: CN=Terminal Server User,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-13
+
+dn: CN=This Organization,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+objectSid: S-1-5-15
diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif
new file mode 100644
index 0000000..0a7f064
--- /dev/null
+++ b/source4/setup/schema_samba4.ldif
@@ -0,0 +1,405 @@
+#
+# Schema elements which do not exist in AD, but which we use in Samba4
+#
+## Samba4 OID allocation from Samba3's examples/LDAP/samba.schema
+## 1.3.6.1.4.1.7165.4.1.x - attributetypes
+
+## 1.3.6.1.4.1.7165.4.2.x - objectclasses
+
+## 1.3.6.1.4.1.7165.4.3.x - LDB/LDAP Controls
+### see dsdb/samdb/samdb.h
+
+## 1.3.6.1.4.1.7165.4.4.x - LDB/LDAP Extended Operations
+### see dsdb/samdb/samdb.h
+
+## 1.3.6.1.4.1.7165.4.5.x - ldap extended matches
+
+## 1.3.6.1.4.1.7165.4.6.1.x - SELFTEST random attributes
+## 1.3.6.1.4.1.7165.4.6.1.1.x - ldap_syntaxes.py
+## 1.3.6.1.4.1.7165.4.6.1.2.x - ldap_syntaxes.py
+## 1.3.6.1.4.1.7165.4.6.1.4.x - urgent_replication.py
+## 1.3.6.1.4.1.7165.4.6.1.5.x - repl_schema.py
+## 1.3.6.1.4.1.7165.4.6.1.6.x - ldap_schema.py
+## 1.3.6.1.4.1.7165.4.6.1.7.x - dsdb_schema_info.py
+## 1.3.6.1.4.1.7165.4.6.1.8.x - dsdb_schema_attributes.py
+
+## 1.3.6.1.4.1.7165.4.6.2.x - SELFTEST random classes
+## 1.3.6.1.4.1.7165.4.6.2.1.x - ldap_syntaxes.py
+## 1.3.6.1.4.1.7165.4.6.2.2.x - ldap_syntaxes.py
+## 1.3.6.1.4.1.7165.4.6.2.3.x - sec_descriptor.py
+## 1.3.6.1.4.1.7165.4.6.2.4.x - urgent_replication.py
+## 1.3.6.1.4.1.7165.4.6.2.5.x - repl_schema.py
+## 1.3.6.1.4.1.7165.4.6.2.6.x - ldap_schema.py
+## 1.3.6.1.4.1.7165.4.6.2.7.x - dsdb_schema_info.py
+## 1.3.6.1.4.1.7165.4.6.2.8.x - getnc_schema.py
+## 1.3.6.1.4.1.7165.4.6.2.9.x - sid_strings.py
+
+## 1.3.6.1.4.1.7165.4.255.x - mapped OIDs due to conflicts between AD and standards-track
+#
+#
+
+
+#
+# Not used anymore
+#
+#dn: cn=ntpwdHash,${SCHEMADN}
+#cn: ntpwdHash
+#name: NTPWDHash
+#objectClass: top
+#objectClass: attributeSchema
+#lDAPDisplayName: ntpwdhash
+#isSingleValued: TRUE
+#systemFlags: 17
+#systemOnly: TRUE
+#schemaIDGUID: E961130F-5084-458C-9E9C-DEC16DA08592
+#adminDisplayName: NT-PWD-Hash
+#attributeID: 1.3.6.1.4.1.7165.4.1.1
+#attributeSyntax: 2.5.5.10
+#oMSyntax: 4
+
+#
+# Not used anymore
+#
+#dn: cn=lmpwdHash,${SCHEMADN}
+#cn: lmpwdHash
+#name: lmpwdHash
+#objectClass: top
+#objectClass: attributeSchema
+#lDAPDisplayName: lmpwdhash
+#isSingleValued: TRUE
+#systemFlags: 17
+#systemOnly: TRUE
+#schemaIDGUID: CBD0D18C-9C54-4A77-87C4-5CEEAF781253
+#adminDisplayName: LM-PWD-Hash
+#attributeID: 1.3.6.1.4.1.7165.4.1.2
+#attributeSyntax: 2.5.5.10
+#oMSyntax: 4
+
+#
+# Not used anymore
+#
+#dn: cn=sambaNtPwdHistory,${SCHEMADN}
+#cn: sambaNtPwdHistory
+#name: sambaNtPwdHistory
+#objectClass: top
+#objectClass: attributeSchema
+#lDAPDisplayName: sambaNtPwdHistory
+#isSingleValued: TRUE
+#systemFlags: 17
+#systemOnly: TRUE
+#schemaIDGUID: 8CCD7658-C574-4435-A38C-99572E349E6B
+#adminDisplayName: SAMBA-NT-PWD-History
+#attributeID: 1.3.6.1.4.1.7165.4.1.3
+#attributeSyntax: 2.5.5.10
+#oMSyntax: 4
+
+#
+# Not used anymore
+#
+#dn: cn=sambaLmPwdHistory,${SCHEMADN}
+#cn: sambaLmPwdHistory
+#name: sambaLmPwdHistory
+#objectClass: top
+#objectClass: attributeSchema
+#lDAPDisplayName: sambaLmPwdHistory
+#isSingleValued: FALSE
+#systemFlags: 17
+#systemOnly: TRUE
+#schemaIDGUID: 0EAFE3DD-0F53-495E-8A34-97BB28AF17A4
+#adminDisplayName: SAMBA-LM-PWDHistory
+#attributeID: 1.3.6.1.4.1.7165.4.1.4
+#attributeSyntax: 2.5.5.10
+#oMSyntax: 4
+
+#
+# Not used anymore
+#
+#dn: CN=sambaPassword,${SCHEMADN}
+#objectClass: top
+#objectClass: attributeSchema
+#lDAPDisplayName: sambaPassword
+#isSingleValued: FALSE
+#systemFlags: 17
+#systemOnly: TRUE
+#schemaIDGUID: 87F10301-229A-4E69-B63A-998339ADA37A
+#adminDisplayName: SAMBA-Password
+#attributeID: 1.3.6.1.4.1.7165.4.1.5
+#attributeSyntax: 2.5.5.5
+#oMSyntax: 22
+
+#
+# Not used anymore
+#
+#dn: cn=dnsDomain,${SCHEMADN}
+#objectClass: top
+#objectClass: attributeSchema
+#lDAPDisplayName: dnsDomain
+#isSingleValued: FALSE
+#systemFlags: 17
+#systemOnly: TRUE
+#schemaIDGUID: A40165E6-5E45-44A7-A8FA-186C94333018
+#adminDisplayName: DNS-Domain
+#attributeID: 1.3.6.1.4.1.7165.4.1.6
+#attributeSyntax: 2.5.5.4
+#oMSyntax: 20
+
+# not used anymore
+#dn: cn=privilege,${SCHEMADN}
+#objectClass: top
+#objectClass: attributeSchema
+#cn: privilege
+#lDAPDisplayName: privilege
+#isSingleValued: FALSE
+#systemFlags: 17
+#systemOnly: TRUE
+#schemaIDGUID: 7429BC94-CC6A-4481-8B2C-A97E316EB182
+#adminDisplayName: Privilege
+#attributeID: 1.3.6.1.4.1.7165.4.1.7
+#attributeSyntax: 2.5.5.4
+#oMSyntax: 20
+
+#
+# Not used anymore
+#
+#dn: CN=unixName,${SCHEMADN}
+#cn: unixName
+#name: unixName
+#objectClass: top
+#objectClass: attributeSchema
+#lDAPDisplayName: unixName
+#isSingleValued: TRUE
+#systemFlags: 16
+#systemOnly: FALSE
+#schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2
+#adminDisplayName: Unix-Name
+#attributeID: 1.3.6.1.4.1.7165.4.1.9
+#attributeSyntax: 2.5.5.4
+#oMSyntax: 20
+
+#
+# Not used anymore
+#
+#dn: cn=krb5Key,${SCHEMADN}
+#cn: krb5Key
+#name: krb5Key
+#objectClass: top
+#objectClass: attributeSchema
+#lDAPDisplayName: krb5Key
+#isSingleValued: FALSE
+#systemFlags: 17
+#systemOnly: TRUE
+#schemaIDGUID: 0EAFE3DD-0F53-495E-8A34-97BB28AF17A4
+#adminDisplayName: krb5-Key
+#attributeID: 1.3.6.1.4.1.5322.10.1.10
+#attributeSyntax: 2.5.5.10
+#oMSyntax: 4
+
+# Controls 1.3.6.1.4.1.7165.4.3.x
+#Allocated: (not used anymore) DSDB_CONTROL_REPLICATED_OBJECT_OID 1.3.6.1.4.1.7165.4.3.1
+#Allocated: DSDB_CONTROL_CURRENT_PARTITION_OID 1.3.6.1.4.1.7165.4.3.2
+#Allocated: DSDB_CONTROL_REPLICATED_UPDATE_OID 1.3.6.1.4.1.7165.4.3.3
+#Allocated: DSDB_CONTROL_DN_STORAGE_FORMAT_OID 1.3.6.1.4.1.7165.4.3.4
+#Allocated: LDB_CONTROL_RECALCULATE_SD_OID 1.3.6.1.4.1.7165.4.3.5
+#Allocated: LDB_CONTROL_REVEAL_INTERNALS 1.3.6.1.4.1.7165.4.3.6
+#Allocated: LDB_CONTROL_AS_SYSTEM_OID 1.3.6.1.4.1.7165.4.3.7
+#Allocated: DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID 1.3.6.1.4.1.7165.4.3.8
+#Allocated: DSDB_CONTROL_PASSWORD_HASH_VALUES_OID 1.3.6.1.4.1.7165.4.3.9
+#Allocated: DSDB_CONTROL_PASSWORD_CHANGE_OID 1.3.6.1.4.1.7165.4.3.10
+#Allocated: DSDB_CONTROL_APPLY_LINKS 1.3.6.1.4.1.7165.4.3.11
+#Allocated: DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID 1.3.6.1.4.1.7165.4.3.12
+#Allocated: LDB_CONTROL_BYPASS_OPERATIONAL_OID 1.3.6.1.4.1.7165.4.3.13
+#Allocated: DSDB_CONTROL_CHANGEREPLMETADATA_OID 1.3.6.1.4.1.7165.4.3.14
+#Allocated: (not used anymore) DSDB_CONTROL_SEARCH_APPLY_ACCESS 1.3.6.1.4.1.7165.4.3.15
+#Allocated: LDB_CONTROL_PROVISION_OID 1.3.6.1.4.1.7165.4.3.16
+#Allocated: DSDB_CONTROL_NO_GLOBAL_CATALOG 1.3.6.1.4.1.7165.4.3.17
+#Allocated: DSDB_CONTROL_PARTIAL_REPLICA 1.3.6.1.4.1.7165.4.3.18
+#Allocated: DSDB_CONTROL_DBCHECK 1.3.6.1.4.1.7165.4.3.19
+#Allocated: DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA 1.3.6.1.4.1.7165.4.3.19.1
+#Allocated: DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS 1.3.6.1.4.1.7165.4.3.19.2
+#Allocated: DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME 1.3.6.1.4.1.7165.4.3.19.3
+#Allocated: DSDB_CONTROL_DBCHECK_FIX_LINK_DN_SID 1.3.6.1.4.1.7165.4.3.19.4
+#Allocated: DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID 1.3.6.1.4.1.7165.4.3.20
+#Allocated: DSDB_CONTROL_SEC_DESC_PROPAGATION_OID 1.3.6.1.4.1.7165.4.3.21
+#Allocated: DSDB_CONTROL_PERMIT_INTERDOMAIN_TRUST_UAC_OID 1.3.6.1.4.1.7165.4.3.23
+#Allocated: DSDB_CONTROL_RESTORE_TOMBSTONE_OID 1.3.6.1.4.1.7165.4.3.24
+#Allocated: DSDB_CONTROL_CHANGEREPLMETADATA_RESORT_OID 1.3.6.1.4.1.7165.4.3.25
+#Allocated: DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET_OID 1.3.6.1.4.1.7165.4.3.26
+#Allocated: DSDB_CONTROL_PASSWORD_USER_ACCOUNT_CONTROL_OID 1.3.6.1.4.1.7165.4.3.27
+#Allocated: DSDB_CONTROL_SKIP_DUPLICATES_CHECK_OID 1.3.6.1.4.1.7165.4.3.28
+#Allocated: DSDB_CONTROL_REPLMD_VANISH_LINKS 1.3.6.1.4.1.7165.4.3.29
+#Allocated: LDB_CONTROL_RECALCULATE_RDN_OID 1.3.6.1.4.1.7165.4.3.30
+#Allocated: DSDB_CONTROL_FORCE_RODC_LOCAL_CHANGE 1.3.6.1.4.1.7165.4.3.31
+#Allocated: DSDB_CONTROL_INVALID_NOT_IMPLEMENTED 1.3.6.1.4.1.7165.4.3.32
+#Allocated: DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID 1.3.6.1.4.1.7165.4.3.33
+#Allocated: DSDB_CONTROL_TRANSACTION_IDENTIFIER_OID 1.3.6.1.4.1.7165.4.3.34
+#Allocated: DSDB_CONTROL_FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE_OID 1.3.6.1.4.1.7165.4.3.35
+#Allocated: DSDB_CONTROL_CALCULATED_DEFAULT_SD_OID 1.3.6.1.4.1.7165.4.3.36
+#Allocated: DSDB_CONTROL_ACL_READ_OID 1.3.6.1.4.1.7165.4.3.37
+
+
+# Extended 1.3.6.1.4.1.7165.4.4.x
+#Allocated: DSDB_EXTENDED_REPLICATED_OBJECTS_OID 1.3.6.1.4.1.7165.4.4.1
+#Allocated: DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID 1.3.6.1.4.1.7165.4.4.2
+#Allocated: LDB_EXTENDED_SEQUENCE_NUMBER 1.3.6.1.4.1.7165.4.4.3
+#Allocated: DSDB_EXTENDED_CREATE_PARTITION_OID 1.3.6.1.4.1.7165.4.4.4
+#Allocated: DSDB_EXTENDED_ALLOCATE_RID_POOL 1.3.6.1.4.1.7165.4.4.5
+#Allocated: DSDB_EXTENDED_SCHEMA_UPGRADE_IN_PROGRESS_OID 1.3.6.1.4.1.7165.4.4.6
+#Allocated: DSDB_EXTENDED_SEC_DESC_PROPAGATION_OID 1.3.6.1.4.1.7165.4.4.7
+#Allocated: DSDB_EXTENDED_CREATE_OWN_RID_SET 1.3.6.1.4.1.7165.4.4.8
+#Allocated: DSDB_EXTENDED_ALLOCATE_RID 1.3.6.1.4.1.7165.4.4.9
+#Allocated: DSDB_EXTENDED_SCHEMA_LOAD 1.3.6.1.4.1.7165.4.4.10
+
+
+############
+# ldap extended matches
+#Allocated: SAMBA_LDAP_MATCH_ALWAYS_FALSE 1.3.6.1.4.1.7165.4.5.1
+#Allocated: DSDB_MATCH_FOR_EXPUNGE 1.3.6.1.4.1.7165.4.5.2
+#Allocated: DSDB_MATCH_FOR_DNS_TO_TOMBSTONE_TIME 1.3.6.1.4.1.7165.4.5.3
+
+
+#Allocated: (middleName) attributeID: 1.3.6.1.4.1.7165.4.255.1
+
+#Allocated: (defaultGroup) attributeID: 1.3.6.1.4.1.7165.4.255.2
+
+#Allocated: (modifyTimestamp) samba4ModifyTimestamp: 1.3.6.1.4.1.7165.4.255.3
+#Allocated: (subSchema) samba4SubSchema: 1.3.6.1.4.1.7165.4.255.4
+#Allocated: (objectClasses) samba4ObjectClasses: 1.3.6.1.4.1.7165.4.255.5
+#Allocated: (ditContentRules) samba4DitContentRules: 1.3.6.1.4.1.7165.4.255.6
+#Allocated: (attributeTypes) samba4AttributeTypes: 1.3.6.1.4.1.7165.4.255.7
+#Allocated: (dynamicObject) samba4DynamicObject: 1.3.6.1.4.1.7165.4.255.8
+#Allocated: (entryTTL) samba4EntryTTL: 1.3.6.1.4.1.7165.4.255.9
+
+#Allocated: (thumbnailPhoto) attributeID: 1.3.6.1.4.1.7165.4.255.10
+#Allocated: (thumbnailLogo) attributeID: 1.3.6.1.4.1.7165.4.255.11
+
+#
+# Based on domainDNS, but without the DNS bits.
+#
+
+#
+# Not used anymore
+#
+#dn: CN=Samba4-Local-Domain,${SCHEMADN}
+#objectClass: top
+#objectClass: classSchema
+#cn: Samba4-Local-Domain
+#subClassOf: top
+#governsID: 1.3.6.1.4.1.7165.4.2.2
+#rDNAttID: cn
+#adminDisplayName: Samba4-Local-Domain
+#adminDescription: Samba4-Local-Domain
+#systemMayContain: msDS-Behavior-Version
+#systemMayContain: managedBy
+#objectClassCategory: 1
+#lDAPDisplayName: samba4LocalDomain
+#schemaIDGUID: 07be1647-8310-4fba-91ae-34e55d5a8293
+#systemOnly: FALSE
+#systemAuxiliaryClass: samDomain
+#defaultSecurityDescriptor: D:(A;;RPLCLORC;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+#systemFlags: 16
+#defaultHidingValue: TRUE
+#defaultObjectCategory: CN=Samba4-Local-Domain,${SCHEMADN}
+
+
+dn: CN=Samba4Top,${SCHEMADN}
+objectClass: top
+objectClass: classSchema
+cn: Samba4Top
+subClassOf: top
+objectGUID: 4af54ff0-ff3c-4f17-8fb0-611ec83ddfb4
+governsID: 1.3.6.1.4.1.7165.4.2.1
+mayContain: msDS-ObjectReferenceBL
+rDNAttID: cn
+adminDisplayName: Samba4TopTop
+adminDescription: Attributes used in top in Samba4 that OpenLDAP does not
+objectClassCategory: 3
+lDAPDisplayName: samba4Top
+schemaIDGUID: 073598d0-635b-4685-a929-da731b98d84e
+systemOnly: TRUE
+systemPossSuperiors: lostAndFound
+systemMayContain: url
+systemMayContain: wWWHomePage
+systemMayContain: wellKnownObjects
+systemMayContain: wbemPath
+systemMayContain: uSNSource
+systemMayContain: uSNLastObjRem
+systemMayContain: USNIntersite
+systemMayContain: uSNDSALastObjRemoved
+systemMayContain: systemFlags
+systemMayContain: subRefs
+systemMayContain: siteObjectBL
+systemMayContain: serverReferenceBL
+systemMayContain: sDRightsEffective
+systemMayContain: revision
+systemMayContain: repsTo
+systemMayContain: repsFrom
+systemMayContain: directReports
+systemMayContain: replUpToDateVector
+systemMayContain: replPropertyMetaData
+systemMayContain: name
+systemMayContain: queryPolicyBL
+systemMayContain: parentGUID
+systemMayContain: proxyAddresses
+systemMayContain: proxiedObjectName
+systemMayContain: possibleInferiors
+systemMayContain: partialAttributeSet
+systemMayContain: partialAttributeDeletionList
+systemMayContain: otherWellKnownObjects
+systemMayContain: objectVersion
+systemMayContain: nonSecurityMemberBL
+systemMayContain: netbootSCPBL
+systemMayContain: ownerBL
+systemMayContain: msDS-ReplValueMetaData
+systemMayContain: msDS-ReplAttributeMetaData
+systemMayContain: msDS-NcType
+systemMayContain: msDS-NonMembersBL
+systemMayContain: msDS-NCReplOutboundNeighbors
+systemMayContain: msDS-NCReplInboundNeighbors
+systemMayContain: msDS-NCReplCursors
+systemMayContain: msDS-TasksForAzRoleBL
+systemMayContain: msDS-TasksForAzTaskBL
+systemMayContain: msDS-OperationsForAzRoleBL
+systemMayContain: msDS-OperationsForAzTaskBL
+systemMayContain: msDS-MembersForAzRoleBL
+systemMayContain: msDs-masteredBy
+systemMayContain: mS-DS-ConsistencyGuid
+systemMayContain: mS-DS-ConsistencyChildCount
+systemMayContain: msDS-Approx-Immed-Subordinates
+systemMayContain: msCOM-PartitionSetLink
+systemMayContain: msCOM-UserLink
+systemMayContain: masteredBy
+systemMayContain: managedObjects
+systemMayContain: lastKnownParent
+systemMayContain: isPrivilegeHolder
+systemMayContain: isDeleted
+systemMayContain: isCriticalSystemObject
+systemMayContain: showInAdvancedViewOnly
+systemMayContain: fSMORoleOwner
+systemMayContain: fRSMemberReferenceBL
+systemMayContain: frsComputerReferenceBL
+systemMayContain: fromEntry
+systemMayContain: flags
+systemMayContain: extensionName
+systemMayContain: dSASignature
+systemMayContain: dSCorePropagationData
+systemMayContain: displayNamePrintable
+systemMayContain: displayName
+systemMayContain: description
+systemMayContain: cn
+systemMayContain: canonicalName
+systemMayContain: bridgeheadServerListBL
+systemMayContain: allowedChildClassesEffective
+systemMayContain: allowedChildClasses
+systemMayContain: allowedAttributesEffective
+systemMayContain: allowedAttributes
+systemMayContain: adminDisplayName
+systemMayContain: adminDescription
+systemMustContain: objectCategory
+systemMustContain: nTSecurityDescriptor
+systemMustContain: instanceType
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,${SCHEMADN}
+defaultObjectCategory: CN=Samba4Top,${SCHEMADN}
+
diff --git a/source4/setup/secrets.ldif b/source4/setup/secrets.ldif
new file mode 100644
index 0000000..95cbe20
--- /dev/null
+++ b/source4/setup/secrets.ldif
@@ -0,0 +1,10 @@
+dn: CN=LSA Secrets
+objectClass: top
+objectClass: container
+cn: LSA Secrets
+
+dn: CN=Primary Domains
+objectClass: top
+objectClass: container
+cn: Primary Domains
+
diff --git a/source4/setup/secrets_dns.ldif b/source4/setup/secrets_dns.ldif
new file mode 100644
index 0000000..3c35990
--- /dev/null
+++ b/source4/setup/secrets_dns.ldif
@@ -0,0 +1,12 @@
+#Update a keytab for the external DNS server to use 
+dn: samAccountName=dns-${HOSTNAME},CN=Principals
+objectClass: top
+objectClass: secret
+objectClass: kerberosSecret
+realm: ${REALM}
+saltPrincipal: dns-${HOSTNAME}@${REALM}
+servicePrincipalName: DNS/${DNSNAME}
+msDS-KeyVersionNumber: ${KEY_VERSION_NUMBER}
+privateKeytab: ${DNS_KEYTAB}
+secret:: ${DNSPASS_B64}
+samAccountName: dns-${HOSTNAME}
diff --git a/source4/setup/secrets_init.ldif b/source4/setup/secrets_init.ldif
new file mode 100644
index 0000000..3044d3e
--- /dev/null
+++ b/source4/setup/secrets_init.ldif
@@ -0,0 +1,16 @@
+dn: @INDEXLIST
+@IDXATTR: cn
+@IDXATTR: flatname
+@IDXATTR: realm
+
+dn: @ATTRIBUTES
+cn: CASE_INSENSITIVE
+realm: CASE_INSENSITIVE
+flatname: CASE_INSENSITIVE
+sAMAccountName: CASE_INSENSITIVE
+
+#Add modules to the list to activate them by default
+#beware often order is important
+dn: @MODULES
+@LIST: samba_secrets
+
diff --git a/source4/setup/share.ldif b/source4/setup/share.ldif
new file mode 100644
index 0000000..750a070
--- /dev/null
+++ b/source4/setup/share.ldif
@@ -0,0 +1,46 @@
+dn: @INDEXLIST
+@IDXATTR: name
+
+dn: @ATTRIBUTES
+cn: CASE_INSENSITIVE
+dc: CASE_INSENSITIVE
+name: CASE_INSENSITIVE
+dn: CASE_INSENSITIVE
+objectClass: CASE_INSENSITIVE
+
+### Shares basedn
+dn: CN=Shares
+objectClass: top
+objectClass: organizationalUnit
+cn: Shares
+
+### Default IPC$ Share
+dn: CN=IPC$,CN=Shares
+objectClass: top
+objectClass: share
+cn: IPC$
+name: IPC$
+type: IPC
+path: /tmp
+comment: Remote IPC
+max-connections: -1
+available: True
+readonly: True
+browseable: False
+ntvfs-handler: default
+
+### Default ADMIN$ Share
+dn: CN=ADMIN$,CN=Shares
+objectClass: top
+objectClass: share
+cn: ADMIN$
+name: ADMIN$
+type: DISK
+path: /tmp
+comment: Remote Admin
+max-connections: -1
+available: True
+readonly: True
+browseable: False
+ntvfs-handler: default
+
diff --git a/source4/setup/spn_update_list b/source4/setup/spn_update_list
new file mode 100644
index 0000000..ceefd23
--- /dev/null
+++ b/source4/setup/spn_update_list
@@ -0,0 +1,30 @@
+# this is a list of servicePrincipalName entries
+# that we need to add on our account. It is processed by
+# the samba_spnupdate script
+
+HOST/${HOSTNAME}
+HOST/${HOSTNAME}/${WORKGROUP}
+ldap/${HOSTNAME}/${WORKGROUP}
+GC/${HOSTNAME}/${DNSFOREST}
+ldap/${HOSTNAME}
+HOST/${HOSTNAME}/${DNSDOMAIN}
+ldap/${HOSTNAME}/${DNSDOMAIN}
+HOST/${NETBIOSNAME}
+E3514235-4B06-11D1-AB04-00C04FC2DCD2/${NTDSGUID}/${DNSDOMAIN}
+ldap/${NTDSGUID}._msdcs.${DNSFOREST}
+ldap/${NETBIOSNAME}
+RestrictedKrbHost/${NETBIOSNAME}
+RestrictedKrbHost/${HOSTNAME}
+ldap/${HOSTNAME}/DomainDnsZones.${DNSDOMAIN}
+ldap/${HOSTNAME}/ForestDnsZones.${DNSDOMAIN}
+
+# These are not supported yet:
+# NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/${HOSTNAME}
+# Dfsr-12F9A27C-BF97-4787-9364-D31B6C55EB04/${HOSTNAME}
+#
+# Only used in DNS mode: (This is added on dns-${HOSTNAME} account, should not be added here)
+# DNS/${HOSTNAME}
+#
+# Only used on Terminal Server mode:
+# TERMSRV/${HOSTNAME}
+# TERMSRV/${NETBIOSNAME}
diff --git a/source4/setup/tests/blackbox_group.sh b/source4/setup/tests/blackbox_group.sh
new file mode 100755
index 0000000..2f48037
--- /dev/null
+++ b/source4/setup/tests/blackbox_group.sh
@@ -0,0 +1,261 @@
+#!/bin/sh
+
+if [ $# -lt 1 ]; then
+	cat <<EOF
+Usage: blackbox_group.sh PREFIX
+EOF
+	exit 1
+fi
+
+PREFIX="$1"
+shift 1
+
+. $(dirname $0)/../../../testprogs/blackbox/subunit.sh
+
+rm -rf $PREFIX/simple-dc
+mkdir -p $PREFIX
+testit "simple-dc" $PYTHON $BINDIR/samba-tool domain provision --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/simple-dc --use-ntvfs
+samba_tool="./bin/samba-tool"
+
+CONFIG="--configfile=$PREFIX/simple-dc/etc/smb.conf"
+
+#creation of two test users
+testit "user add" $PYTHON $samba_tool user create $CONFIG --given-name="User" --surname="Tester" --initial="UT" testuser testp@ssw0Rd
+testit "user add" $PYTHON $samba_tool user create $CONFIG --given-name="User1" --surname="Tester" --initial="UT" testuser1 testp@ssw0Rd
+
+# test samba-tool user getgroups command
+user_getgroups_primary_only()
+{
+	res=$($PYTHON $samba_tool user getgroups $CONFIG testuser)
+
+	primary_group=$(echo $res)
+	echo $primary_group | grep -q "^Domain Users$" || return 1
+}
+testit "user getgroups primary only" user_getgroups_primary_only
+
+#test creation of six different groups
+testit "group add" $PYTHON $samba_tool group add $CONFIG --group-scope='Domain' --group-type='Security' --description='DomainSecurityGroup' --mail-address='dsg@samba.org' --notes='Notes' dsg
+testit "group add" $PYTHON $samba_tool group add $CONFIG --group-scope='Global' --group-type='Security' --description='GlobalSecurityGroup' --mail-address='gsg@samba.org' --notes='Notes' gsg
+testit "group add" $PYTHON $samba_tool group add $CONFIG --group-scope='Universal' --group-type='Security' --description='UniversalSecurityGroup' --mail-address='usg@samba.org' --notes='Notes' usg
+testit "group add" $PYTHON $samba_tool group add $CONFIG --group-scope='Domain' --group-type='Distribution' --description='DomainDistributionGroup' --mail-address='ddg@samba.org' --notes='Notes' ddg
+testit "group add" $PYTHON $samba_tool group add $CONFIG --group-scope='Global' --group-type='Distribution' --description='GlobalDistributionGroup' --mail-address='gdg@samba.org' --notes='Notes' gdg
+testit "group add" $PYTHON $samba_tool group add $CONFIG --group-scope='Universal' --group-type='Distribution' --description='UniversalDistributionGroup' --mail-address='udg@samba.org' --notes='Notes' udg
+
+#test adding test users to all groups by their username
+testit "group addmembers" $PYTHON $samba_tool group addmembers $CONFIG dsg testuser,testuser1
+testit "group addmembers" $PYTHON $samba_tool group addmembers $CONFIG gsg testuser,testuser1
+testit "group addmembers" $PYTHON $samba_tool group addmembers $CONFIG usg testuser,testuser1
+testit "group addmembers" $PYTHON $samba_tool group addmembers $CONFIG ddg testuser,testuser1
+testit "group addmembers" $PYTHON $samba_tool group addmembers $CONFIG gdg testuser,testuser1
+testit "group addmembers" $PYTHON $samba_tool group addmembers $CONFIG udg testuser,testuser1
+
+# test samba-tool user getgroups command
+user_getgroups()
+{
+	groups="dsg gsg usg ddg gdg udg"
+
+	res=$($PYTHON $samba_tool user getgroups $CONFIG testuser)
+	for g in $groups; do
+		echo "$res" | grep -q "^${g}$" || return 1
+	done
+
+	# the users primary group is expected in the first line
+	primary_group=$(echo "$res" | head -1)
+	echo $primary_group | grep -q "^Domain Users$" || return 1
+}
+testit "user getgroups" user_getgroups
+
+# test samba-tool user getgroups --full-dn command
+user_getgroups_full_dn()
+{
+	groups="dsg gsg usg ddg gdg udg"
+
+	res=$($PYTHON $samba_tool user getgroups --full-dn $CONFIG testuser)
+	for g in $groups; do
+		group_dn=$($PYTHON $samba_tool group show $CONFIG $g --attributes=dn)
+		echo "$res" | grep -q "^${group_dn}$" || return 1
+	done
+
+	# the users primary group is expected in the first line
+	primary_group=$(echo "$res" | head -1)
+	group_dn=$($PYTHON $samba_tool group show $CONFIG "Domain Users" --attributes=dn)
+	echo $primary_group | grep -q "^${group_dn}$" || return 1
+}
+testit "user getgroups full-dn" user_getgroups
+
+# test settings a users primary group
+user_getgroups_primary_first()
+{
+	expected_primary_group=$1
+	res=$($PYTHON $samba_tool user getgroups $CONFIG testuser)
+
+	# the users primary group is expected in the first line
+	primary_group=$(echo "$res" | head -1)
+	echo $primary_group | grep -q "^${expected_primary_group}$" || return 1
+}
+testit_expect_failure_grep "user setprimarygroup domain-local" "ERROR: Failed to set primary group 'dsg' for user 'testuser'.*may not set resource group as primary group!" $PYTHON $samba_tool user setprimarygroup $CONFIG testuser dsg
+testit "user setprimarygroup" $PYTHON $samba_tool user setprimarygroup $CONFIG testuser gsg
+testit "user getgroups primary first" user_getgroups_primary_first gsg
+
+# reset group (without testit, because I do not know how to quote the groupname)
+$PYTHON $samba_tool user setprimarygroup $CONFIG testuser 'Domain Users'
+
+#test removing test users from all groups by their username
+testit "group removemembers" $PYTHON $samba_tool group removemembers $CONFIG dsg testuser,testuser1
+testit "group removemembers" $PYTHON $samba_tool group removemembers $CONFIG gsg testuser,testuser1
+testit "group removemembers" $PYTHON $samba_tool group removemembers $CONFIG usg testuser,testuser1
+testit "group removemembers" $PYTHON $samba_tool group removemembers $CONFIG ddg testuser,testuser1
+testit "group removemembers" $PYTHON $samba_tool group removemembers $CONFIG gdg testuser,testuser1
+testit "group removemembers" $PYTHON $samba_tool group removemembers $CONFIG udg testuser,testuser1
+
+# creation of two test contacts
+testit "contact create" $PYTHON $samba_tool contact create $CONFIG --given-name="Con" --surname="Tester" --initial="CT" testcontact
+testit "contact create" $PYTHON $samba_tool contact create $CONFIG --given-name="Con1" --surname="Tester" --initial="CT" testcontact1
+
+# test adding test contacts to all groups by their cn
+testit "group addmembers contact" $PYTHON $samba_tool group addmembers $CONFIG dsg testcontact,testcontact1 --object-types=contact
+testit "group addmembers contact" $PYTHON $samba_tool group addmembers $CONFIG gsg testcontact,testcontact1 --object-types=contact
+testit "group addmembers contact" $PYTHON $samba_tool group addmembers $CONFIG usg testcontact,testcontact1 --object-types=contact
+testit "group addmembers contact" $PYTHON $samba_tool group addmembers $CONFIG ddg testcontact,testcontact1 --object-types=contact
+testit "group addmembers contact" $PYTHON $samba_tool group addmembers $CONFIG gdg testcontact,testcontact1 --object-types=contact
+testit "group addmembers contact" $PYTHON $samba_tool group addmembers $CONFIG udg testcontact,testcontact1 --object-types=contact
+
+# test removing test contacts from all groups by their cn
+testit "group removemembers contact" $PYTHON $samba_tool group removemembers $CONFIG dsg testcontact,testcontact1 --object-types=contact
+testit "group removemembers contact" $PYTHON $samba_tool group removemembers $CONFIG gsg testcontact,testcontact1 --object-types=contact
+testit "group removemembers contact" $PYTHON $samba_tool group removemembers $CONFIG usg testcontact,testcontact1 --object-types=contact
+testit "group removemembers contact" $PYTHON $samba_tool group removemembers $CONFIG ddg testcontact,testcontact1 --object-types=contact
+testit "group removemembers contact" $PYTHON $samba_tool group removemembers $CONFIG gdg testcontact,testcontact1 --object-types=contact
+testit "group removemembers contact" $PYTHON $samba_tool group removemembers $CONFIG udg testcontact,testcontact1 --object-types=contact
+
+# should not find test contact, because --object-types=user is specified
+testit_expect_failure "group addmembers contact failure" $PYTHON $samba_tool group addmembers $CONFIG dsg testcontact --object-types=user
+
+# test add contact with --object-types=all
+testit "group addmembers contact object-type all" $PYTHON $samba_tool group addmembers $CONFIG dsg testcontact --object-types=all
+
+# test listing contacts as group members
+testit_grep "group listmembers contact" "^testcontact" $PYTHON $samba_tool group listmembers $CONFIG dsg
+
+# test listing contacts as group members
+# Make sure that the test contact is listed, because it does not have the
+# accountExpires attribute and can not expire.
+testit_grep "group listmembers contact hide-expired" "^testcontact" $PYTHON $samba_tool group listmembers $CONFIG dsg --hide-expired
+testit_grep "group listmembers contact hide-disabled" "^testcontact" $PYTHON $samba_tool group listmembers $CONFIG dsg --hide-disabled
+
+# test remove contact with --object-types=all
+testit "group removemembers contact object-type all" $PYTHON $samba_tool group removemembers $CONFIG dsg testcontact --object-types=all
+
+# add test contact by DN
+testit "group addmembers contact dn" $PYTHON $samba_tool group addmembers $CONFIG dsg --member-dn=CN=testcontact,DC=foo,DC=example,DC=com
+
+# remove test contact by DN
+testit "group removemembers contact dn" $PYTHON $samba_tool group removemembers $CONFIG dsg --member-dn=CN=testcontact,DC=foo,DC=example,DC=com
+
+# delete test contacts
+testit "contact delete" $PYTHON $samba_tool contact delete $CONFIG testcontact
+testit "contact delete" $PYTHON $samba_tool contact delete $CONFIG testcontact1
+
+# creation of two test contacts with the same name in different OUs
+testit "ou create" $PYTHON $samba_tool ou create $CONFIG OU=tconou1
+testit "ou create" $PYTHON $samba_tool ou create $CONFIG OU=tconou2
+testit "contact create ou" $PYTHON $samba_tool contact create $CONFIG testcontact --ou=OU=tconou1
+testit "contact create ou" $PYTHON $samba_tool contact create $CONFIG testcontact --ou=OU=tconou2
+
+# expect failure here, since there are multiple results for testcontact
+testit_expect_failure "group addmembers contact same name failure" $PYTHON $samba_tool group addmembers $CONFIG dsg testcontact
+
+# add both contacts by DN
+testit "group addmembers contact dn" $PYTHON $samba_tool group addmembers $CONFIG dsg --member-dn=CN=testcontact,OU=tconou1,DC=foo,DC=example,DC=com --member-dn=CN=testcontact,OU=tconou2,DC=foo,DC=example,DC=com
+
+# remove both contacts by DN
+testit "group removemembers contact dn" $PYTHON $samba_tool group removemembers $CONFIG dsg --member-dn=CN=testcontact,OU=tconou1,DC=foo,DC=example,DC=com --member-dn=CN=testcontact,OU=tconou2,DC=foo,DC=example,DC=com
+
+# delete both contacts by DN
+testit "contact delete" $PYTHON $samba_tool contact delete $CONFIG CN=testcontact,OU=tconou1
+testit "contact delete" $PYTHON $samba_tool contact delete $CONFIG CN=testcontact,OU=tconou2
+
+#test adding test users to all groups by their cn
+#testit "group addmembers" $samba_tool group addmembers $CONFIG dsg "User UT. Tester,User1 UT. Tester"
+#testit "group addmembers" $samba_tool group addmembers $CONFIG gsg "User UT. Tester,User1 UT. Tester"
+#testit "group addmembers" $samba_tool group addmembers $CONFIG usg "User UT. Tester,User1 UT. Tester"
+#testit "group addmembers" $samba_tool group addmembers $CONFIG ddg "User UT. Tester,User1 UT. Tester"
+#testit "group addmembers" $samba_tool group addmembers $CONFIG gdg "User UT. Tester,User1 UT. Tester"
+#testit "group addmembers" $samba_tool group addmembers $CONFIG udg "User UT. Tester,User1 UT. Tester"
+
+#test removing test users from all groups by their cn
+#testit "group removemembers" $samba_tool group removemembers $CONFIG dsg "User UT. Tester,User1 UT. Tester"
+#testit "group removemembers" $samba_tool group removemembers $CONFIG gsg "User UT. Tester,User1 UT. Tester"
+#testit "group removemembers" $samba_tool group removemembers $CONFIG usg "User UT. Tester,User1 UT. Tester"
+#testit "group removemembers" $samba_tool group removemembers $CONFIG ddg "User UT. Tester,User1 UT. Tester"
+#testit "group removemembers" $samba_tool group removemembers $CONFIG gdg "User UT. Tester,User1 UT. Tester"
+#testit "group removemembers" $samba_tool group removemembers $CONFIG ugg "User UT. Tester,User1 UT. Tester"
+
+# delete test users
+testit "user delete" $PYTHON $samba_tool user delete $CONFIG testuser
+testit "user delete" $PYTHON $samba_tool user delete $CONFIG testuser1
+
+# creation of two new test users without spaces in cn
+# testit fails when spaces are used in arguments
+testit "user add" $PYTHON $samba_tool user create $CONFIG --given-name="User" --surname="Tester" --initial="UT" --use-username-as-cn testuser testp@ssw0Rd
+testit "user add" $PYTHON $samba_tool user create $CONFIG --given-name="User1" --surname="Tester" --initial="UT" --use-username-as-cn testuser1 testp@ssw0Rd
+
+# test adding test users to all groups by their DN
+testit "group addmembers" $PYTHON $samba_tool group addmembers $CONFIG dsg --member-dn=CN=testuser,CN=Users,DC=foo,DC=example,DC=com
+
+testit "group addmembers" $PYTHON $samba_tool group addmembers $CONFIG dsg --member-dn=CN=testuser1,CN=Users,DC=foo,DC=example,DC=com
+testit "group addmembers" $PYTHON $samba_tool group addmembers $CONFIG gsg --member-dn=CN=testuser,CN=Users,DC=foo,DC=example,DC=com
+testit "group addmembers" $PYTHON $samba_tool group addmembers $CONFIG gsg --member-dn=CN=testuser1,CN=Users,DC=foo,DC=example,DC=com
+testit "group addmembers" $PYTHON $samba_tool group addmembers $CONFIG usg --member-dn=CN=testuser,CN=Users,DC=foo,DC=example,DC=com
+testit "group addmembers" $PYTHON $samba_tool group addmembers $CONFIG usg --member-dn=CN=testuser1,CN=Users,DC=foo,DC=example,DC=com
+testit "group addmembers" $PYTHON $samba_tool group addmembers $CONFIG ddg --member-dn=CN=testuser,CN=Users,DC=foo,DC=example,DC=com
+testit "group addmembers" $PYTHON $samba_tool group addmembers $CONFIG ddg --member-dn=CN=testuser1,CN=Users,DC=foo,DC=example,DC=com
+
+# add two members by DN and listofmembers in one call
+testit "group addmembers" $PYTHON $samba_tool group addmembers $CONFIG gdg --member-dn=CN=testuser,CN=Users,DC=foo,DC=example,DC=com testuser1
+
+# add two members by DN with one call
+testit "group addmembers" $PYTHON $samba_tool group addmembers $CONFIG udg --member-dn=CN=testuser,CN=Users,DC=foo,DC=example,DC=com --member-dn=CN=testuser1,CN=Users,DC=foo,DC=example,DC=com
+
+# test removing test users from all groups by their DN
+testit "group removemembers" $PYTHON $samba_tool group removemembers $CONFIG dsg --member-dn=CN=testuser,CN=Users,DC=foo,DC=example,DC=com
+testit "group removemembers" $PYTHON $samba_tool group removemembers $CONFIG dsg --member-dn=CN=testuser1,CN=Users,DC=foo,DC=example,DC=com
+testit "group removemembers" $PYTHON $samba_tool group removemembers $CONFIG gsg --member-dn=CN=testuser,CN=Users,DC=foo,DC=example,DC=com
+testit "group removemembers" $PYTHON $samba_tool group removemembers $CONFIG gsg --member-dn=CN=testuser1,CN=Users,DC=foo,DC=example,DC=com
+testit "group removemembers" $PYTHON $samba_tool group removemembers $CONFIG usg --member-dn=CN=testuser,CN=Users,DC=foo,DC=example,DC=com
+testit "group removemembers" $PYTHON $samba_tool group removemembers $CONFIG usg --member-dn=CN=testuser1,CN=Users,DC=foo,DC=example,DC=com
+testit "group removemembers" $PYTHON $samba_tool group removemembers $CONFIG ddg --member-dn=CN=testuser,CN=Users,DC=foo,DC=example,DC=com
+testit "group removemembers" $PYTHON $samba_tool group removemembers $CONFIG ddg --member-dn=CN=testuser1,CN=Users,DC=foo,DC=example,DC=com
+
+# remove two members by DN and listofmembers in one call
+testit "group removemembers" $PYTHON $samba_tool group removemembers $CONFIG gdg --member-dn=CN=testuser,CN=Users,DC=foo,DC=example,DC=com testuser1
+
+# remove two members by DN with one call
+testit "group removemembers" $PYTHON $samba_tool group removemembers $CONFIG udg --member-dn=CN=testuser,CN=Users,DC=foo,DC=example,DC=com --member-dn=CN=testuser1,CN=Users,DC=foo,DC=example,DC=com
+
+# test --member-base-dn option - expect failure here, due to invalid base
+testit_expect_failure "group addmembers with invalid search member base" $PYTHON $samba_tool group addmembers $CONFIG dsg testcontact --member-base-dn=OU=doesnotexist,DC=foo,DC=example,DC=com
+
+# test --member-base-dn option
+testit "group addmembers with member search base" $PYTHON $samba_tool group addmembers $CONFIG dsg testuser --member-base-dn=CN=Users,DC=foo,DC=example,DC=com
+testit "group removemembers with member search base" $PYTHON $samba_tool group removemembers $CONFIG dsg testuser --member-base-dn=CN=Users,DC=foo,DC=example,DC=com
+
+#test deletion of the groups
+testit "group delete" $PYTHON $samba_tool group delete $CONFIG dsg
+testit "group delete" $PYTHON $samba_tool group delete $CONFIG gsg
+testit "group delete" $PYTHON $samba_tool group delete $CONFIG usg
+testit "group delete" $PYTHON $samba_tool group delete $CONFIG ddg
+testit "group delete" $PYTHON $samba_tool group delete $CONFIG gdg
+testit "group delete" $PYTHON $samba_tool group delete $CONFIG udg
+
+# delete test users
+testit "user delete" $PYTHON $samba_tool user delete $CONFIG testuser
+testit "user delete" $PYTHON $samba_tool user delete $CONFIG testuser1
+
+#test listing of all groups
+testit "group list" $PYTHON $samba_tool group list $CONFIG
+
+#test listing of members of a particular group
+testit "group listmembers" $PYTHON $samba_tool group listmembers $CONFIG Users
+
+exit $failed
diff --git a/source4/setup/tests/blackbox_newuser.sh b/source4/setup/tests/blackbox_newuser.sh
new file mode 100755
index 0000000..84fa603
--- /dev/null
+++ b/source4/setup/tests/blackbox_newuser.sh
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+if [ $# -lt 1 ]; then
+	cat <<EOF
+Usage: blackbox_newuser.sh PREFIX
+EOF
+	exit 1
+fi
+
+PREFIX="$1"
+shift 1
+
+. $(dirname $0)/../../../testprogs/blackbox/subunit.sh
+
+rm -rf $PREFIX/simple-dc
+testit "simple-dc" $PYTHON $BINDIR/samba-tool domain provision --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/simple-dc --use-ntvfs
+samba_tool="./bin/samba-tool"
+
+CONFIG="--configfile=$PREFIX/simple-dc/etc/smb.conf"
+
+#two test for creating new user
+#newuser  account is created with cn=Given Name Initials. Surname
+#newuser1 account is created using cn=username
+testit "user add" $PYTHON $samba_tool user create $CONFIG --given-name="User" --surname="Tester" --initials="T" --profile-path="\\\\myserver\\my\\profile" --script-path="\\\\myserver\\my\\script" --home-directory="\\\\myserver\\my\\homedir" --job-title="Tester" --department="Testing" --company="Samba.org" --description="Description" --mail-address="tester@samba.org" --internet-address="https://www.samba.org" --telephone-number="001122334455" --physical-delivery-office="101" --home-drive="H:" NewUser testp@ssw0Rd
+testit "user add" $PYTHON $samba_tool user create $CONFIG --use-username-as-cn --given-name="User1" --surname="Tester1" --initials="UT1" --profile-path="\\\\myserver\\my\\profile" --script-path="\\\\myserver\\my\\script" --home-directory="\\\\myserver\\my\\homedir" --job-title="Tester" --department="Testing" --company="Samba.org" --description="Description" --mail-address="tester@samba.org" --internet-address="https://www.samba.org" --telephone-number="001122334455" --physical-delivery-office="101" --home-drive="H:" NewUser1 testp@ssw0Rd
+
+# check the enable account script
+testit "enableaccount" $PYTHON $samba_tool user enable $CONFIG NewUser
+testit "enableaccount" $PYTHON $samba_tool user enable $CONFIG NewUser1
+
+# check the enable account script
+testit "setpassword" $PYTHON $samba_tool user setpassword $CONFIG NewUser --newpassword=testp@ssw0Rd2
+testit "setpassword" $PYTHON $samba_tool user setpassword $CONFIG NewUser1 --newpassword=testp@ssw0Rd2
+
+# check the setexpiry script
+testit "noexpiry" $PYTHON $samba_tool user setexpiry $CONFIG NewUser --noexpiry
+testit "noexpiry" $PYTHON $samba_tool user setexpiry $CONFIG NewUser1 --noexpiry
+testit "expiry" $PYTHON $samba_tool user setexpiry $CONFIG NewUser --days=7
+testit "expiry" $PYTHON $samba_tool user setexpiry $CONFIG NewUser1 --days=7
+
+exit $failed
diff --git a/source4/setup/tests/blackbox_provision.sh b/source4/setup/tests/blackbox_provision.sh
new file mode 100755
index 0000000..4e55656
--- /dev/null
+++ b/source4/setup/tests/blackbox_provision.sh
@@ -0,0 +1,108 @@
+#!/bin/sh
+
+if [ $# -lt 1 ]; then
+	cat <<EOF
+Usage: blackbox_provision.sh PREFIX
+EOF
+	exit 1
+fi
+
+PREFIX="$1"
+shift 1
+
+. $(dirname $0)/../../../testprogs/blackbox/subunit.sh
+
+#Prepare an empty smb.conf to ensure it is overwritten
+rm -rf $PREFIX/simple-default
+mkdir -p $PREFIX/simple-default/etc
+touch $PREFIX/simple-default/etc/smb.conf
+testit "simple-default" $PYTHON $BINDIR/samba-tool domain provision --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-default --use-ntvfs
+#And try with just whitespace
+rm -rf $PREFIX/simple-dc
+mkdir -p $PREFIX/simple-dc/etc
+echo "  " >$PREFIX/simple-dc/etc/smb.conf
+testit "simple-dc" $PYTHON $BINDIR/samba-tool domain provision --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/simple-dc --use-ntvfs
+#The rest of these tests are with no smb.conf file present
+
+rm -rf $PREFIX/simple-dc
+testit "simple-dc-guids" $PYTHON $BINDIR/samba-tool domain provision --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --domain-guid=6054d36d-2bfd-44f1-a9cd-32cfbb06480b --ntds-guid=b838f255-c8aa-4fe8-9402-b7d61ca3bd1b --invocationid=6d4cff9a-2bbf-4b4c-98a2-36242ddb0bd6 --targetdir=$PREFIX/simple-dc --use-ntvfs
+rm -rf $PREFIX/simple-dc-2008r2-schema
+testit "simple-dc-2008r2-schema" $PYTHON $BINDIR/samba-tool domain provision --server-role="dc" --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-dc-2008r2-schema --use-ntvfs --base-schema=2008_R2
+rm -rf $PREFIX/simple-dc-2012-schema
+testit "simple-dc-2012-schema" $PYTHON $BINDIR/samba-tool domain provision --server-role="dc" --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-dc-2012-schema --use-ntvfs --base-schema=2012
+rm -rf $PREFIX/simple-dc-2012r2-schema
+testit "simple-dc-2012r2-schema" $PYTHON $BINDIR/samba-tool domain provision --server-role="dc" --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-dc-2012r2-schema --use-ntvfs --base-schema=2012_R2
+rm -rf $PREFIX/simple-dc-2016-schema
+testit "simple-dc-2016-schema" $PYTHON $BINDIR/samba-tool domain provision --server-role="dc" --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-dc-2016-schema --use-ntvfs --base-schema=2016
+rm -rf $PREFIX/simple-dc-2019-schema
+testit "simple-dc-2019-schema" $PYTHON $BINDIR/samba-tool domain provision --server-role="dc" --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-dc-2019-schema --use-ntvfs --base-schema=2019
+rm -rf $PREFIX/simple-member
+testit "simple-member" $PYTHON $BINDIR/samba-tool domain provision --server-role="member" --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-member --use-ntvfs
+rm -rf $PREFIX/simple-standalone
+testit "simple-standalone" $PYTHON $BINDIR/samba-tool domain provision --server-role="standalone" --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-standalone --use-ntvfs
+rm -rf $PREFIX/blank-dc
+testit "blank-dc" $PYTHON $BINDIR/samba-tool domain provision --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/blank-dc --blank --use-ntvfs
+
+reprovision()
+{
+	$PYTHON $BINDIR/samba-tool domain provision --domain=FOO --realm=foo.example.com --targetdir="$PREFIX/simple-default" --use-ntvfs
+}
+
+testit "reprovision" reprovision
+
+V_2008_R2=47
+V_2012=56
+V_2012_R2=69
+V_2016=87
+V_2019=88
+
+check_baseschema()
+{
+	ldbsearch="ldbsearch"
+	if [ -x "$BINDIR/ldbsearch" ]; then
+		ldbsearch="$BINDIR/ldbsearch"
+	fi
+
+	base=$($ldbsearch -H $PREFIX/$1/private/sam.ldb --scope=base dn)
+	dom=$(echo "$base" | grep "dn: " | cut -d " " -f 2)
+
+	if [ -z "$dom" ]; then
+		echo "Unexpected ldbsearch output: $base"
+	fi
+
+	version=$($ldbsearch -H $PREFIX/$1/private/sam.ldb --scope=base \
+		"objectVersion" -b "CN=SCHEMA,CN=CONFIGURATION,$dom")
+	version_num=$(echo "$version" | grep "objectVersion: " | cut -d " " -f 2)
+
+	if [ "$version_num" -eq "$2" ]; then
+		return 0
+	fi
+
+	echo "Fail: schema version $version_num != $2"
+	return 1
+}
+
+tname="schema version"
+testit "$tname simple-default" check_baseschema simple-default $V_2019
+testit "$tname simple-dc" check_baseschema simple-dc $V_2019
+testit "$tname simple-member" check_baseschema simple-member $V_2019
+testit "$tname simple-standalone" check_baseschema simple-standalone $V_2019
+testit "$tname simple-dc-2008r2-schema" check_baseschema simple-dc-2008r2-schema $V_2008_R2
+testit "$tname simple-dc-2012-schema" check_baseschema simple-dc-2012-schema $V_2012
+testit "$tname simple-dc-2012r2-schema" check_baseschema simple-dc-2012r2-schema $V_2012_R2
+testit "$tname simple-dc-2016-schema" check_baseschema simple-dc-2016-schema $V_2016
+testit "$tname simple-dc-2019-schema" check_baseschema simple-dc-2019-schema $V_2019
+
+rm -rf $PREFIX/simple-default
+rm -rf $PREFIX/simple-dc
+rm -rf $PREFIX/blank-dc
+rm -rf $PREFIX/simple-member
+rm -rf $PREFIX/simple-standalone
+rm -rf $PREFIX/partitions-only-dc
+rm -rf $PREFIX/simple-dc-2008r2-schema
+rm -rf $PREFIX/simple-dc-2012-schema
+rm -rf $PREFIX/simple-dc-2012r2-schema
+rm -rf $PREFIX/simple-dc-2016-schema
+rm -rf $PREFIX/simple-dc-2019-schema
+
+exit $failed
diff --git a/source4/setup/tests/blackbox_s3upgrade.sh b/source4/setup/tests/blackbox_s3upgrade.sh
new file mode 100755
index 0000000..908cb69
--- /dev/null
+++ b/source4/setup/tests/blackbox_s3upgrade.sh
@@ -0,0 +1,99 @@
+#!/bin/sh
+
+if [ $# -lt 1 ]; then
+	cat <<EOF
+Usage: blackbox_s3upgrade.sh PREFIX
+EOF
+	exit 1
+fi
+
+PREFIX=$(pwd)"/$1"
+shift 1
+
+samba4bindir="$BINDIR"
+samba_tool="$samba4bindir/samba-tool"
+samba_net="$samba4bindir/net"
+testparm="$samba4bindir/testparm"
+
+. $(dirname $0)/../../../testprogs/blackbox/subunit.sh
+
+rm -rf $PREFIX/samba3-upgrade
+mkdir -p $PREFIX/samba3-upgrade
+cp -a $SRCDIR/testdata/samba3 $PREFIX/samba3-upgrade
+
+# Test 1 (s3 member)
+cat - >$PREFIX/samba3-upgrade/samba3/smb1.conf <<EOF
+[global]
+   workgroup = SAMBA
+   security = user
+   netbiosname = S3UPGRADE
+   passdb backend = tdbsam:$PREFIX/samba3-upgrade/samba3/passdb.tdb
+   private dir = $PREFIX/samba3-upgrade/samba3
+   lock directory = $PREFIX/samba3-upgrade/samba3
+   state directory = $PREFIX/samba3-upgrade/samba3
+   cache directory = $PREFIX/samba3-upgrade/samba3
+   pid directory = $PREFIX/samba3-upgrade/samba3
+   usershare path = $PREFIX/samba3-upgrade/samba3
+   ncalrpc dir = $PREFIX/samba3-upgrade/samba3
+
+   debug level = 0
+EOF
+
+testit "samba3-upgrade-member" $PYTHON $samba_tool domain classicupgrade $PREFIX/samba3-upgrade/samba3/smb1.conf --targetdir=$PREFIX/samba3-upgrade/s4_1 --dbdir=$PREFIX/samba3-upgrade/samba3 --use-ntvfs
+testit "samba3-upgrade-member-getlocalsid" $samba_net getlocalsid s3upgrade --configfile=$PREFIX/samba3-upgrade/s4_1/etc/smb.conf
+
+# Test 2 (s3 dc)
+cat - >$PREFIX/samba3-upgrade/samba3/smb2.conf <<EOF
+[global]
+   workgroup = SAMBA
+   netbiosname = S3UPGRADE
+   security = user
+   realm = s3.samba.example.com
+   passdb backend = tdbsam:$PREFIX/samba3-upgrade/samba3/passdb.tdb
+   private dir = $PREFIX/samba3-upgrade/samba3
+   lock directory = $PREFIX/samba3-upgrade/samba3
+   state directory = $PREFIX/samba3-upgrade/samba3
+   cache directory = $PREFIX/samba3-upgrade/samba3
+   pid directory = $PREFIX/samba3-upgrade/samba3
+   usershare path = $PREFIX/samba3-upgrade/samba3
+   ncalrpc dir = $PREFIX/samba3-upgrade/samba3
+   debug level = 0
+   domain logons = yes
+EOF
+
+mv $PREFIX/samba3-upgrade/samba3/wins.dat2 $PREFIX/samba3-upgrade/samba3/wins.dat
+
+# Upgrade NT4-like domains in samba3upgrade
+testit "samba3-upgrade-dc" $PYTHON $samba_tool domain classicupgrade $PREFIX/samba3-upgrade/samba3/smb2.conf --targetdir=$PREFIX/samba3-upgrade/s4_2 --dbdir=$PREFIX/samba3-upgrade/samba3 --use-ntvfs
+testit "samba3-upgrade-dc-getlocalsid" $samba_net getlocalsid samba --configfile=$PREFIX/samba3-upgrade/s4_2/etc/smb.conf
+testit "samba3-upgrade-dc-getdomainsid" $samba_net getdomainsid --configfile=$PREFIX/samba3-upgrade/s4_2/etc/smb.conf
+
+#Run final test without a wins.dat
+rm -f $PREFIX/samba3-upgrade/samba3/wins.dat
+
+# Test 3 (s3 dc using testparm hook)
+cat - >$PREFIX/samba3-upgrade/samba3/smb3.conf <<EOF
+[global]
+   workgroup = SAMBA
+   netbiosname = S3UPGRADE
+   security = user
+   realm = s3.samba.example.com
+   passdb backend = tdbsam:$PREFIX/samba3-upgrade/samba3/passdb.tdb
+   private dir = $PREFIX/samba3-upgrade/samba3
+   lock directory = $PREFIX/samba3-upgrade/samba3
+   state directory = $PREFIX/samba3-upgrade/samba3
+   cache directory = $PREFIX/samba3-upgrade/samba3
+   pid directory = $PREFIX/samba3-upgrade/samba3
+   usershare path = $PREFIX/samba3-upgrade/samba3
+   ncalrpc dir = $PREFIX/samba3-upgrade/samba3
+   debug level = 0
+   domain logons = yes
+EOF
+
+testit "samba3-upgrade-testparm" $PYTHON $samba_tool domain classicupgrade $PREFIX/samba3-upgrade/samba3/smb2.conf --targetdir=$PREFIX/samba3-upgrade/s4_3 --testparm=$testparm --use-ntvfs
+testit "samba3-upgrade-testparm-getlocalsid" $samba_net getlocalsid samba --configfile=$PREFIX/samba3-upgrade/s4_3/etc/smb.conf
+testit "samba3-upgrade-testparm-getdomainsid" $samba_net getdomainsid --configfile=$PREFIX/samba3-upgrade/s4_3/etc/smb.conf
+
+rm -rf $PREFIX/samba3-upgrade
+
+exit $failed
diff --git a/source4/setup/tests/blackbox_setpassword.sh b/source4/setup/tests/blackbox_setpassword.sh
new file mode 100755
index 0000000..4f6fd1e
--- /dev/null
+++ b/source4/setup/tests/blackbox_setpassword.sh
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+if [ $# -lt 1 ]; then
+	cat <<EOF
+Usage: blackbox_setpassword.sh PREFIX
+EOF
+	exit 1
+fi
+
+PREFIX="$1"
+shift 1
+
+. $(dirname $0)/../../../testprogs/blackbox/subunit.sh
+
+samba_tool="./bin/samba-tool"
+
+rm -rf $PREFIX/simple-dc
+mkdir -p $PREFIX/simple-dc
+
+testit "simple-dc" $PYTHON $BINDIR/samba-tool domain provision --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/simple-dc --use-ntvfs
+
+testit "user add" $PYTHON $samba_tool user create --configfile=$PREFIX/simple-dc/etc/smb.conf testuser testp@ssw0Rd
+
+testit "setpassword" $PYTHON $samba_tool user setpassword --configfile=$PREFIX/simple-dc/etc/smb.conf testuser --newpassword=testp@ssw0Rd
+
+testit "setpassword" $PYTHON $samba_tool user setpassword --configfile=$PREFIX/simple-dc/etc/smb.conf testuser --newpassword=testp@ssw0Rd --must-change-at-next-login
+
+testit "setpassword" $PYTHON $samba_tool user setpassword --configfile=$PREFIX/simple-dc/etc/smb.conf testuser --newpassword=Täst123 --must-change-at-next-login
+
+testit "passwordsettings" $PYTHON $samba_tool domain passwordsettings set --quiet --configfile=$PREFIX/simple-dc/etc/smb.conf --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=default --max-pwd-age=default --store-plaintext=on
+
+exit $failed
diff --git a/source4/setup/tests/blackbox_spn.sh b/source4/setup/tests/blackbox_spn.sh
new file mode 100755
index 0000000..b6cfe94
--- /dev/null
+++ b/source4/setup/tests/blackbox_spn.sh
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+if [ $# -lt 1 ]; then
+	cat <<EOF
+Usage: blackbox_spn.sh PREFIX
+EOF
+	exit 1
+fi
+
+PREFIX="$1"
+shift 1
+
+. $(dirname $0)/../../../testprogs/blackbox/subunit.sh
+
+samba_tool="./bin/samba-tool"
+
+CONFIG="--configfile=$PREFIX/etc/smb.conf"
+
+#creation of two test subjects
+testit "addspn" $PYTHON $samba_tool spn add FOO/bar Administrator $CONFIG
+testit "delspn" $PYTHON $samba_tool spn delete FOO/bar $CONFIG
+testit "readdspn" $PYTHON $samba_tool spn add FOO/bar Administrator $CONFIG
+testit_expect_failure "failexistingspn" $PYTHON $samba_tool spn add FOO/bar Guest $CONFIG
+testit_expect_failure "faildelspnnotgooduser" $PYTHON $samba_tool spn delete FOO/bar krbtgt $CONFIG
+testit "deluserspn" $PYTHON $samba_tool spn delete FOO/bar $CONFIG
+testit "readd_spn_guest" $PYTHON $samba_tool spn add FOO/bar Guest $CONFIG
+testit "deluserspn_guest" $PYTHON $samba_tool spn delete FOO/bar Guest $CONFIG
+testit_expect_failure "faildelspn" $PYTHON $samba_tool spn delete FOO/bar $CONFIG
+testit_expect_failure "failaddspn" $PYTHON $samba_tool spn add FOO/bar nonexistinguser $CONFIG
+
+exit $failed
diff --git a/source4/setup/tests/blackbox_start_backup.sh b/source4/setup/tests/blackbox_start_backup.sh
new file mode 100755
index 0000000..b380c38
--- /dev/null
+++ b/source4/setup/tests/blackbox_start_backup.sh
@@ -0,0 +1,82 @@
+#!/bin/sh
+
+# Simple test that a DB from a backup file cannot be untarred and started
+# manually (you have to run the samba-tool 'backup restore' command instead).
+
+if [ $# -lt 1 ]; then
+	cat <<EOF
+Usage: $0 PREFIX
+EOF
+	exit 1
+fi
+
+PREFIX="$1"
+shift 1
+
+DBPATH=$PREFIX/start-backup
+mkdir -p $DBPATH
+
+. $(dirname $0)/../../../testprogs/blackbox/subunit.sh
+. "$(dirname ${0})/../../../testprogs/blackbox/common_test_fns.inc"
+
+ldbmodify=$(system_or_builddir_binary ldbmodify "${BINDIR}")
+
+do_provision()
+{
+	$PYTHON $BINDIR/samba-tool domain provision \
+		--domain=FOO --realm=foo.example.com --use-ntvfs \
+		--targetdir=$DBPATH --option="pid directory = $DBPATH"
+}
+
+add_backup_marker()
+{
+	# manually add the backup marker that the backup cmd usually adds
+	${ldbmodify} \
+		-H tdb://$DBPATH/private/sam.ldb <<EOF
+dn: @SAMBA_DSDB
+changetype: modify
+add: backupDate
+backupDate: who-knows-when
+-
+
+EOF
+}
+
+start_backup()
+{
+	# start samba in interactive mode (if we don't, samba daemonizes and so the
+	# command's exit status is always zero (success), regardless of whether
+	# samba actually starts up or not). However, this means if this assertion
+	# were ever to fail (i.e. samba DOES startup from a backup file), then the
+	# test case would just hang. So we use a max-run-time of 5 secs so that
+	# samba will self-destruct in the bad case (max_runtime_handler() returns
+	# zero/success in this case, which allows us to tell the good case from the
+	# bad case).
+	OPTS="--maximum-runtime=5 -i"
+
+	# redirect logs to stderr (which we'll then redirect to stdout so we can
+	# capture it in a bash variable)
+	OPTS="$OPTS --debug-stdout"
+
+	# start samba and capture the debug output
+	OUTPUT=$($BINDIR/samba --configfile=$DBPATH/etc/smb.conf $OPTS 2>&1)
+	if [ $? -eq 0 ]; then
+		echo "ERROR: Samba should not have started successfully"
+		return 1
+	fi
+
+	# check the reason we're failing is because prime_ldb_databases() is
+	# detecting that this is a backup DB (and not some other reason)
+	echo "$OUTPUT" | grep "failed to start: Database is a backup"
+}
+
+# setup a DB and manually mark it as being a "backup"
+testit "provision" do_provision
+testit "add-backup-marker" add_backup_marker
+
+# check that Samba won't start using this DB (because it's a backup)
+testit "start-samba-backup" start_backup
+
+rm -rf $DBPATH
+
+exit $failed
diff --git a/source4/setup/tests/blackbox_supported_features.sh b/source4/setup/tests/blackbox_supported_features.sh
new file mode 100755
index 0000000..9861fbc
--- /dev/null
+++ b/source4/setup/tests/blackbox_supported_features.sh
@@ -0,0 +1,86 @@
+#!/bin/sh
+
+if [ $# -lt 1 ]; then
+	cat <<EOF
+Usage: blackbox_supported_features.sh PREFIX
+EOF
+	exit 1
+fi
+
+PREFIX="$1"
+shift 1
+
+DBPATH=$PREFIX/supported-features
+
+mkdir -p $DBPATH
+
+. $(dirname $0)/../../../testprogs/blackbox/subunit.sh
+
+ldbmodify="ldbmodify"
+if [ -x "$BINDIR/ldbmodify" ]; then
+	ldbmodify="$BINDIR/ldbmodify"
+fi
+
+ldbdel="ldbdel"
+if [ -x "$BINDIR/ldbdel" ]; then
+	ldbdel="$BINDIR/ldbdel"
+fi
+
+ldbsearch="ldbsearch"
+if [ -x "$BINDIR/ldbsearch" ]; then
+	ldbsearch="$BINDIR/ldbsearch"
+fi
+
+testit "provision" $PYTHON $BINDIR/samba-tool domain provision \
+	--domain=FOO --realm=foo.example.com \
+	--targetdir=$DBPATH --use-ntvfs
+
+testit "add-compatible-feature" $ldbmodify \
+	-H tdb://$DBPATH/private/sam.ldb <<EOF
+dn: @SAMBA_DSDB
+changetype: modify
+add: compatibleFeatures
+compatibleFeatures: non-existent-feature
+-
+
+EOF
+
+# The non-existent feature is not compatible with this version, so it
+# should not be listed in compatibleFeatures even though we tried to
+# put it there.
+
+ldb_search_fail()
+{
+	$ldbsearch -H tdb://$DBPATH/private/sam.ldb \
+		-s base -b "$1" "$2" |
+		grep -q "$3"
+}
+
+testit_expect_failure "find-compatible-feature" \
+	ldb_search_fail '@SAMBA_DSDB' 'compatibleFeatures' non-existent-feature
+
+# just make sure the thing we're using is normally findable
+testit "find-test-feature" \
+	$ldbsearch -H tdb://$DBPATH/private/sam.ldb \
+	-b 'CN=LostAndFound,DC=foo,DC=example,DC=com'
+
+testit "add-required-feature" $ldbmodify \
+	-H tdb://$DBPATH/private/sam.ldb <<EOF
+dn: @SAMBA_DSDB
+changetype: modify
+add: requiredFeatures
+requiredFeatures: futuristic-feature
+-
+
+EOF
+
+# The futuristic-feature is not implemented in this version, but it is
+# required by this database. A search for anything should fail.
+
+testit_expect_failure "find-required-feature" \
+	$ldbsearch -H tdb://$DBPATH/private/sam.ldb \
+	-b 'CN=LostAndFound,DC=foo,DC=example,DC=com'
+
+rm -rf $DBPATH
+
+exit $failed
diff --git a/source4/setup/tests/blackbox_upgradeprovision.sh b/source4/setup/tests/blackbox_upgradeprovision.sh
new file mode 100755
index 0000000..7dded87
--- /dev/null
+++ b/source4/setup/tests/blackbox_upgradeprovision.sh
@@ -0,0 +1,87 @@
+#!/bin/sh
+
+if [ $# -lt 1 ]; then
+	cat <<EOF
+Usage: blackbox_upgradeprovision.sh PREFIX
+EOF
+	exit 1
+fi
+
+PREFIX="$1"
+shift 1
+
+. $(dirname $0)/../../../testprogs/blackbox/subunit.sh
+
+[ ! -d $PREFIX ] && mkdir $PREFIX
+
+upgradeprovision_reference()
+{
+	if [ -d $PREFIX/upgradeprovision_reference ]; then
+		rm -fr $PREFIX/upgradeprovision_reference
+	fi
+	$PYTHON $BINDIR/samba-tool domain provision --host-name=bar --domain=FOO --realm=foo.example.com --targetdir="$PREFIX/upgradeprovision_reference" --server-role="dc" --use-ntvfs --base-schema=2008_R2
+}
+
+upgradeprovision()
+{
+	if [ -d $PREFIX/upgradeprovision ]; then
+		rm -fr $PREFIX/upgradeprovision
+	fi
+	$PYTHON $BINDIR/samba-tool domain provision --host-name=bar --domain=FOO --realm=foo.example.com --targetdir="$PREFIX/upgradeprovision" --server-role="dc" --use-ntvfs --base-schema=2008_R2
+	$PYTHON $BINDIR/samba_upgradeprovision --configfile="$PREFIX/upgradeprovision/etc/smb.conf" --debugchange
+}
+
+upgradeprovision_full()
+{
+	if [ -d $PREFIX/upgradeprovision_full ]; then
+		rm -fr $PREFIX/upgradeprovision_full
+	fi
+	$PYTHON $BINDIR/samba-tool domain provision --host-name=bar --domain=FOO --realm=foo.example.com --targetdir="$PREFIX/upgradeprovision_full" --server-role="dc" --use-ntvfs --base-schema=2008_R2
+	$PYTHON $BINDIR/samba_upgradeprovision --configfile="$PREFIX/upgradeprovision_full/etc/smb.conf" --full --debugchange
+}
+
+# The ldapcmp runs here are to ensure that a 'null' run of
+# upgradeprovision (because we did a provision with the same template)
+# really doesn't change anything.
+
+ldapcmp()
+{
+	$PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX/upgradeprovision/private/sam.ldb tdb://$PREFIX/upgradeprovision_reference/private/sam.ldb --two --skip-missing-dn --filter=servicePrincipalName
+}
+
+ldapcmp_full()
+{
+	$PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX/upgradeprovision_full/private/sam.ldb tdb://$PREFIX/upgradeprovision_reference/private/sam.ldb --two --skip-missing-dn --filter=servicePrincipalName
+}
+
+ldapcmp_sd()
+{
+	$PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX/upgradeprovision/private/sam.ldb tdb://$PREFIX/upgradeprovision_reference/private/sam.ldb --two --sd --skip-missing-dn --filter=servicePrincipalName
+}
+
+ldapcmp_full_sd()
+{
+	$PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX/upgradeprovision_full/private/sam.ldb tdb://$PREFIX/upgradeprovision_reference/private/sam.ldb --two --sd --skip-missing-dn --filter=servicePrincipalName
+}
+
+testit "upgradeprovision" upgradeprovision
+testit "upgradeprovision_full" upgradeprovision_full
+testit "upgradeprovision_reference" upgradeprovision_reference
+testit "ldapcmp" ldapcmp
+testit "ldapcmp_full" ldapcmp_full
+testit "ldapcmp_sd" ldapcmp_sd
+testit "ldapcmp_full_sd" ldapcmp_full_sd
+
+if [ -d $PREFIX/upgradeprovision ]; then
+	rm -fr $PREFIX/upgradeprovision
+fi
+
+if [ -d $PREFIX/upgradeprovision_full ]; then
+	rm -fr $PREFIX/upgradeprovision_full
+fi
+
+if [ -d $PREFIX/upgradeprovision_reference ]; then
+	rm -fr $PREFIX/upgradeprovision_reference
+fi
+
+exit $failed
diff --git a/source4/setup/tests/provision_fileperms.sh b/source4/setup/tests/provision_fileperms.sh
new file mode 100755
index 0000000..7e917ad
--- /dev/null
+++ b/source4/setup/tests/provision_fileperms.sh
@@ -0,0 +1,68 @@
+#!/bin/sh
+
+if [ $# -lt 1 ]; then
+	cat <<EOF
+Usage: $0 PREFIX
+EOF
+	exit 1
+fi
+
+PREFIX="$1"
+shift 1
+
+. $(dirname $0)/../../../testprogs/blackbox/subunit.sh
+
+# selftest sets the umask to zero. Explicitly set it to 022 here,
+# which should mean files should never be writable for anyone else
+ORIG_UMASK=$(umask)
+umask 0022
+
+# checks that the files in the 'private' directory created are not
+# world-writable
+check_private_file_perms()
+{
+	target_dir="$1/private"
+	result=0
+
+	for file in "${target_dir}"/*; do
+		# skip directories/sockets for now
+		if [ ! -f $file ]; then
+			continue
+		fi
+
+		# use stat to get the file permissions, i.e. -rw-------
+		file_perm=$(stat -c "%A" $file)
+
+		# then use cut to drop the first 4 chars containing the file type
+		# and owner permissions. What's left is the group and other users
+		global_perm=$(echo $file_perm | cut -c4-)
+
+		# check the remainder doesn't have write permissions set
+		if [ -z "${global_perm##*w*}" ]; then
+			echo "Error: $file has $file_perm permissions"
+			result=1
+		fi
+	done
+	return $result
+}
+
+TARGET_DIR=$PREFIX/basic-dc
+rm -rf $TARGET_DIR
+
+# create a dummy smb.conf - we need to use fake ACLs for the file system here
+# (but passing --option args with spaces in it proved too difficult in bash)
+SMB_CONF=$TARGET_DIR/tmp/smb.conf
+mkdir -p $(dirname $SMB_CONF)
+echo "vfs objects = fake_acls xattr_tdb" >$SMB_CONF
+
+# provision a basic DC
+testit "basic-provision" $PYTHON $BINDIR/samba-tool domain provision --server-role="dc" --domain=FOO --realm=foo.example.com --targetdir=$TARGET_DIR --configfile=$SMB_CONF
+
+# check the file permissions in the 'private' directory really are private
+testit "provision-fileperms" check_private_file_perms $TARGET_DIR
+
+rm -rf $TARGET_DIR
+
+umask $ORIG_UMASK
+
+exit $failed
diff --git a/source4/setup/wscript_build b/source4/setup/wscript_build
new file mode 100644
index 0000000..7c40ebd
--- /dev/null
+++ b/source4/setup/wscript_build
@@ -0,0 +1,17 @@
+#!/usr/bin/env python
+
+bld.INSTALL_WILDCARD('${SETUPDIR}', 'ad-schema/*.txt')
+bld.INSTALL_WILDCARD('${SETUPDIR}', 'ad-schema/*.ldf')
+bld.INSTALL_WILDCARD('${SETUPDIR}', 'display-specifiers/*.txt')
+bld.INSTALL_WILDCARD('${SETUPDIR}', 'adprep/*.ldf')
+bld.INSTALL_WILDCARD('${SETUPDIR}', 'adprep/WindowsServerDocs/Schema-Updates.md')
+bld.INSTALL_WILDCARD('${SETUPDIR}', 'adprep/WindowsServerDocs/Forest-Wide-Updates.md')
+bld.INSTALL_WILDCARD('${SETUPDIR}', 'adprep/WindowsServerDocs/*.diff')
+
+bld.INSTALL_FILES('${SETUPDIR}', 'dns_update_list')
+bld.INSTALL_FILES('${SETUPDIR}', 'spn_update_list')
+
+for p in '''*.inf *.ldif *.reg *.zone *.conf *.php *.txt
+            named.conf.update named.conf.dlz'''.split():
+    bld.INSTALL_WILDCARD('${SETUPDIR}', p)
+
diff --git a/source4/setup/ypServ30.ldif b/source4/setup/ypServ30.ldif
new file mode 100644
index 0000000..6103266
--- /dev/null
+++ b/source4/setup/ypServ30.ldif
@@ -0,0 +1,507 @@
+dn: CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+schemaVersion: 40
+
+dn: CN=mail,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=byaddr,CN=mail,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30NISMapConfig
+msSFU30KeyAttributes: msSFU30Aliases
+msSFU30FieldSeparator:: Og==
+msSFU30IntraFieldSeparator: ,
+msSFU30SearchAttributes: msSFU30Aliases
+msSFU30SearchAttributes: msSFU30Name
+msSFU30ResultAttributes: msSFU30Aliases
+msSFU30MapFilter: (objectCategory=msSFU30MailAliases)
+
+dn: CN=aliases,CN=mail,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30NISMapConfig
+msSFU30KeyAttributes: msSFU30Name
+msSFU30FieldSeparator:: Og==
+msSFU30IntraFieldSeparator: ,
+msSFU30SearchAttributes: msSFU30Aliases
+msSFU30SearchAttributes: msSFU30Name
+msSFU30ResultAttributes: msSFU30Aliases
+msSFU30MapFilter: (objectCategory=msSFU30MailAliases)
+
+dn: CN=${NISDOMAIN},CN=mail,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30DomainInfo
+msSFU30MasterServerName: ${NETBIOSNAME}
+msSFU30OrderNumber: 10000
+msSFU30Domains: ${NISDOMAIN}
+
+dn: CN=services,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=byname,CN=services,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30NISMapConfig
+msSFU30KeyAttributes: CN
+msSFU30FieldSeparator: "        "
+msSFU30SearchAttributes: msSFU30Aliases
+msSFU30SearchAttributes: CN
+msSFU30SearchAttributes: msSFU30Name
+msSFU30ResultAttributes: msSFU30Aliases
+msSFU30ResultAttributes: CN
+msSFU30ResultAttributes: msSFU30Name
+msSFU30MapFilter: (objectCategory=ipService)
+
+dn: CN=${NISDOMAIN},CN=services,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30DomainInfo
+msSFU30MasterServerName: ${NETBIOSNAME}
+msSFU30OrderNumber: 10000
+msSFU30Domains: ${NISDOMAIN}
+
+dn: CN=bootparams,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=bydefaults,CN=bootparams,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30NISMapConfig
+msSFU30KeyAttributes: msSFU30Name
+msSFU30FieldSeparator: "        "
+msSFU30IntraFieldSeparator: "        "
+msSFU30SearchAttributes: bootParameter
+msSFU30SearchAttributes: msSFU30Name
+msSFU30ResultAttributes: bootParameter
+msSFU30ResultAttributes: msSFU30Name
+msSFU30MapFilter: (&(objectCategory=Device)(bootParameter=*))
+
+dn: CN=${NISDOMAIN},CN=bootparams,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30DomainInfo
+msSFU30MasterServerName: ${NETBIOSNAME}
+msSFU30OrderNumber: 10000
+msSFU30Domains: ${NISDOMAIN}
+
+dn: CN=netgroup,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=bydefaults,CN=netgroup,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30NISMapConfig
+msSFU30KeyAttributes: msSFU30Name
+msSFU30FieldSeparator: "        "
+msSFU30IntraFieldSeparator: ,
+msSFU30SearchAttributes: NisNetgroupTriple
+msSFU30SearchAttributes: msSFU30Name
+msSFU30ResultAttributes: NisNetgroupTriple
+msSFU30MapFilter: (objectCategory=NisNetgroup)
+
+dn: CN=byuser,CN=netgroup,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30NISMapConfig
+msSFU30KeyAttributes: msSFU30NetgroupUserAtDomain
+msSFU30FieldSeparator: "        "
+msSFU30IntraFieldSeparator: ,
+msSFU30SearchAttributes: msSFU30Name
+msSFU30SearchAttributes: MemberNisNetgroup
+msSFU30SearchAttributes: msSFU30NetgroupUserAtDomain
+msSFU30ResultAttributes: MemberNisNetgroup
+msSFU30ResultAttributes: msSFU30Name
+msSFU30MapFilter: (objectCategory=NisNetgroup)
+
+dn: CN=byhost,CN=netgroup,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30NISMapConfig
+msSFU30KeyAttributes: msSFU30NetgroupHostAtDomain
+msSFU30FieldSeparator: "        "
+msSFU30IntraFieldSeparator: ,
+msSFU30SearchAttributes: msSFU30Name
+msSFU30SearchAttributes: MemberNisNetgroup
+msSFU30SearchAttributes: msSFU30NetgroupHostAtDomain
+msSFU30ResultAttributes: MemberNisNetgroup
+msSFU30ResultAttributes: msSFU30Name
+msSFU30MapFilter: (objectCategory=NisNetgroup)
+
+dn: CN=${NISDOMAIN},CN=netgroup,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30DomainInfo
+msSFU30MasterServerName: ${NETBIOSNAME}
+msSFU30OrderNumber: 10000
+msSFU30Domains: ${NISDOMAIN}
+
+dn: CN=netmasks,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=byaddr,CN=netmasks,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30NISMapConfig
+msSFU30KeyAttributes: ipNetworkNumber
+msSFU30FieldSeparator: "        "
+msSFU30IntraFieldSeparator: "        "
+msSFU30SearchAttributes: ipNetmaskNumber
+msSFU30SearchAttributes: ipNetworkNumber
+msSFU30SearchAttributes: msSFU30Name
+msSFU30ResultAttributes: ipNetmaskNumber
+msSFU30ResultAttributes: ipNetworkNumber
+msSFU30MapFilter: (&(objectCategory=ipNetwork)(ipNetmaskNumber=*))
+
+dn: CN=${NISDOMAIN},CN=netmasks,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30DomainInfo
+msSFU30MasterServerName: ${NETBIOSNAME}
+msSFU30OrderNumber: 10000
+msSFU30Domains: ${NISDOMAIN}
+
+dn: CN=hosts,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=byaddr,CN=hosts,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30NISMapConfig
+msSFU30KeyAttributes: ipHostNumber
+msSFU30FieldSeparator: "        "
+msSFU30IntraFieldSeparator: "        "
+msSFU30SearchAttributes: msSFU30Aliases
+msSFU30SearchAttributes: msSFU30Name
+msSFU30SearchAttributes: ipHostNumber
+msSFU30ResultAttributes: msSFU30Aliases
+msSFU30ResultAttributes: msSFU30Name
+msSFU30ResultAttributes: ipHostNumber
+msSFU30MapFilter: (objectCategory=Computer)
+
+dn: CN=byname,CN=hosts,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30NISMapConfig
+msSFU30KeyAttributes: msSFU30Aliases
+msSFU30KeyAttributes: msSFU30Name
+msSFU30FieldSeparator: "        "
+msSFU30IntraFieldSeparator: "        "
+msSFU30SearchAttributes: msSFU30Aliases
+msSFU30SearchAttributes: msSFU30Name
+msSFU30SearchAttributes: ipHostNumber
+msSFU30ResultAttributes: msSFU30Aliases
+msSFU30ResultAttributes: msSFU30Name
+msSFU30ResultAttributes: ipHostNumber
+msSFU30MapFilter: (objectCategory=Computer)
+
+dn: CN=${NISDOMAIN},CN=hosts,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30DomainInfo
+msSFU30MasterServerName: ${NETBIOSNAME}
+msSFU30OrderNumber: 10000
+msSFU30Domains: ${NISDOMAIN}
+
+dn: CN=ethers,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=byaddr,CN=ethers,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30NISMapConfig
+msSFU30KeyAttributes: macAddress
+msSFU30FieldSeparator: "        "
+msSFU30SearchAttributes: msSFU30Name
+msSFU30SearchAttributes: macAddress
+msSFU30ResultAttributes: msSFU30Name
+msSFU30ResultAttributes: macAddress
+msSFU30MapFilter: (&(objectCategory=Device)(macAddress=*))
+
+dn: CN=byname,CN=ethers,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30NISMapConfig
+msSFU30KeyAttributes: msSFU30Name
+msSFU30FieldSeparator: "        "
+msSFU30SearchAttributes: msSFU30Name
+msSFU30SearchAttributes: macAddress
+msSFU30ResultAttributes: msSFU30Name
+msSFU30ResultAttributes: macAddress
+msSFU30MapFilter: (&(objectCategory=Device)(macAddress=*))
+
+dn: CN=${NISDOMAIN},CN=ethers,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30DomainInfo
+msSFU30MasterServerName: ${NETBIOSNAME}
+msSFU30OrderNumber: 10000
+msSFU30Domains: ${NISDOMAIN}
+
+dn: CN=networks,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=byaddr,CN=networks,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30NISMapConfig
+msSFU30KeyAttributes: ipNetworkNumber
+msSFU30FieldSeparator: "        "
+msSFU30IntraFieldSeparator: "        "
+msSFU30SearchAttributes: msSFU30Aliases
+msSFU30SearchAttributes: ipNetworkNumber
+msSFU30SearchAttributes: msSFU30Name
+msSFU30ResultAttributes: msSFU30Aliases
+msSFU30ResultAttributes: ipNetworkNumber
+msSFU30ResultAttributes: msSFU30Name
+msSFU30MapFilter: (objectCategory=ipNetwork)
+
+dn: CN=byname,CN=networks,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30NISMapConfig
+msSFU30KeyAttributes: msSFU30Aliases
+msSFU30KeyAttributes: msSFU30Name
+msSFU30FieldSeparator: "        "
+msSFU30IntraFieldSeparator: "        "
+msSFU30SearchAttributes: msSFU30Aliases
+msSFU30SearchAttributes: ipNetworkNumber
+msSFU30SearchAttributes: msSFU30Name
+msSFU30ResultAttributes: msSFU30Aliases
+msSFU30ResultAttributes: ipNetworkNumber
+msSFU30ResultAttributes: msSFU30Name
+msSFU30MapFilter: (objectCategory=ipNetwork)
+
+dn: CN=${NISDOMAIN},CN=networks,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30DomainInfo
+msSFU30MasterServerName: ${NETBIOSNAME}
+msSFU30OrderNumber: 10000
+msSFU30Domains: ${NISDOMAIN}
+
+dn: CN=protocols,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=bynumber,CN=protocols,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30NISMapConfig
+msSFU30KeyAttributes: ipProtocolNumber
+msSFU30FieldSeparator: "        "
+msSFU30IntraFieldSeparator: "        "
+msSFU30SearchAttributes: msSFU30Aliases
+msSFU30SearchAttributes: ipProtocolNumber
+msSFU30SearchAttributes: msSFU30Name
+msSFU30ResultAttributes: msSFU30Aliases
+msSFU30ResultAttributes: ipProtocolNumber
+msSFU30ResultAttributes: msSFU30Name
+msSFU30MapFilter: (objectCategory=ipProtocol)
+
+dn: CN=byname,CN=protocols,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30NISMapConfig
+msSFU30KeyAttributes: msSFU30Name
+msSFU30FieldSeparator: "        "
+msSFU30IntraFieldSeparator: "        "
+msSFU30SearchAttributes: msSFU30Aliases
+msSFU30SearchAttributes: ipProtocolNumber
+msSFU30SearchAttributes: msSFU30Name
+msSFU30ResultAttributes: msSFU30Aliases
+msSFU30ResultAttributes: ipProtocolNumber
+msSFU30ResultAttributes: msSFU30Name
+msSFU30MapFilter: (objectCategory=ipProtocol)
+
+dn: CN=${NISDOMAIN},CN=protocols,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30DomainInfo
+msSFU30MasterServerName: ${NETBIOSNAME}
+msSFU30OrderNumber: 10000
+msSFU30Domains: ${NISDOMAIN}
+
+dn: CN=rpc,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=bynumber,CN=rpc,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30NISMapConfig
+msSFU30KeyAttributes: oncRpcNumber
+msSFU30FieldSeparator: "        "
+msSFU30SearchAttributes: msSFU30Aliases
+msSFU30SearchAttributes: oncRpcNumber
+msSFU30SearchAttributes: msSFU30Name
+msSFU30ResultAttributes: msSFU30Aliases
+msSFU30ResultAttributes: oncRpcNumber
+msSFU30ResultAttributes: msSFU30Name
+msSFU30MapFilter: (objectCategory=oncRpc)
+
+dn: CN=${NISDOMAIN},CN=rpc,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30DomainInfo
+msSFU30MasterServerName: ${NETBIOSNAME}
+msSFU30OrderNumber: 10000
+msSFU30Domains: ${NISDOMAIN}
+
+dn: CN=netid,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=byname,CN=netid,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30NISMapConfig
+msSFU30KeyAttributes: msSFU30Name
+msSFU30FieldSeparator: "        "
+msSFU30SearchAttributes: msSFU30KeyValues
+msSFU30SearchAttributes: msSFU30Name
+msSFU30ResultAttributes: msSFU30KeyValues
+msSFU30MapFilter: (objectCategory=msSFU30NetId)
+
+dn: CN=${NISDOMAIN},CN=netid,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30DomainInfo
+msSFU30MasterServerName: ${NETBIOSNAME}
+msSFU30OrderNumber: 10000
+msSFU30Domains: ${NISDOMAIN}
+
+dn: CN=passwd,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=byuid,CN=passwd,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30NISMapConfig
+msSFU30KeyAttributes: uidNumber
+msSFU30FieldSeparator:: Og==
+msSFU30SearchAttributes: loginShell
+msSFU30SearchAttributes: unixHomeDirectory
+msSFU30SearchAttributes: gecos
+msSFU30SearchAttributes: gidNumber
+msSFU30SearchAttributes: uidNumber
+msSFU30SearchAttributes: unixUserPassword
+msSFU30SearchAttributes: msSFU30Name
+msSFU30ResultAttributes: loginShell
+msSFU30ResultAttributes: unixHomeDirectory
+msSFU30ResultAttributes: gecos
+msSFU30ResultAttributes: gidNumber
+msSFU30ResultAttributes: uidNumber
+msSFU30ResultAttributes: unixUserPassword
+msSFU30ResultAttributes: msSFU30Name
+msSFU30MapFilter: (uidNumber=*)
+
+dn: CN=byname,CN=passwd,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30NISMapConfig
+msSFU30KeyAttributes: msSFU30Name
+msSFU30FieldSeparator:: Og==
+msSFU30SearchAttributes: loginShell
+msSFU30SearchAttributes: unixHomeDirectory
+msSFU30SearchAttributes: gecos
+msSFU30SearchAttributes: gidNumber
+msSFU30SearchAttributes: uidNumber
+msSFU30SearchAttributes: unixUserPassword
+msSFU30SearchAttributes: msSFU30Name
+msSFU30ResultAttributes: loginShell
+msSFU30ResultAttributes: unixHomeDirectory
+msSFU30ResultAttributes: gecos
+msSFU30ResultAttributes: gidNumber
+msSFU30ResultAttributes: uidNumber
+msSFU30ResultAttributes: unixUserPassword
+msSFU30ResultAttributes: msSFU30Name
+msSFU30MapFilter: (uidNumber=*)
+
+dn: CN=${NISDOMAIN},CN=passwd,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30DomainInfo
+msSFU30MasterServerName: ${NETBIOSNAME}
+msSFU30OrderNumber: 10000
+msSFU30Domains: ${NISDOMAIN}
+
+dn: CN=shadow,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=bydefaults,CN=shadow,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30NISMapConfig
+msSFU30KeyAttributes: msSFU30Name
+msSFU30FieldSeparator:: Og==
+msSFU30IntraFieldSeparator:: Og==
+msSFU30SearchAttributes: shadowFlag
+msSFU30SearchAttributes: shadowExpire
+msSFU30SearchAttributes: shadowInactive
+msSFU30SearchAttributes: shadowWarning
+msSFU30SearchAttributes: shadowMax
+msSFU30SearchAttributes: shadowMin
+msSFU30SearchAttributes: shadowLastChange
+msSFU30SearchAttributes: unixUserPassword
+msSFU30SearchAttributes: msSFU30Name
+msSFU30ResultAttributes: shadowFlag
+msSFU30ResultAttributes: shadowExpire
+msSFU30ResultAttributes: shadowInactive
+msSFU30ResultAttributes: shadowWarning
+msSFU30ResultAttributes: shadowMax
+msSFU30ResultAttributes: shadowMin
+msSFU30ResultAttributes: shadowLastChange
+msSFU30ResultAttributes: unixUserPassword
+msSFU30ResultAttributes: msSFU30Name
+msSFU30MapFilter: (uidNumber=*)
+
+dn: CN=${NISDOMAIN},CN=shadow,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30DomainInfo
+msSFU30MasterServerName: ${NETBIOSNAME}
+msSFU30OrderNumber: 10000
+msSFU30Domains: ${NISDOMAIN}
+
+dn: CN=group,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=bygid,CN=group,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30NISMapConfig
+msSFU30KeyAttributes: gidNumber
+msSFU30FieldSeparator:: Og==
+msSFU30IntraFieldSeparator: ,
+msSFU30SearchAttributes: memberUid
+msSFU30SearchAttributes: gidNumber
+msSFU30SearchAttributes: unixUserPassword
+msSFU30SearchAttributes: msSFU30Name
+msSFU30ResultAttributes: memberUid
+msSFU30ResultAttributes: gidNumber
+msSFU30ResultAttributes: unixUserPassword
+msSFU30ResultAttributes: msSFU30Name
+msSFU30MapFilter: (&(objectCategory=group)(gidNumber=*))
+
+dn: CN=byname,CN=group,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30NISMapConfig
+msSFU30KeyAttributes: msSFU30Name
+msSFU30FieldSeparator:: Og==
+msSFU30IntraFieldSeparator: ,
+msSFU30SearchAttributes: memberUid
+msSFU30SearchAttributes: gidNumber
+msSFU30SearchAttributes: unixUserPassword
+msSFU30SearchAttributes: msSFU30Name
+msSFU30ResultAttributes: memberUid
+msSFU30ResultAttributes: gidNumber
+msSFU30ResultAttributes: unixUserPassword
+msSFU30ResultAttributes: msSFU30Name
+msSFU30MapFilter: (&(objectCategory=group)(gidNumber=*))
+
+dn: CN=${NISDOMAIN},CN=group,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30DomainInfo
+msSFU30MasterServerName: ${NETBIOSNAME}
+msSFU30OrderNumber: 10000
+msSFU30Domains: ${NISDOMAIN}
+
+dn: CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=bydefaults,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30NISMapConfig
+msSFU30KeyAttributes: msSFU30Name
+msSFU30FieldSeparator:: IA==
+msSFU30IntraFieldSeparator:: IA==
+msSFU30SearchAttributes: msSFU30Name
+msSFU30ResultAttributes: msSFU30Name
+msSFU30MapFilter: (objectCategory=msSFU30YpServers)
+
+dn: CN=${NISDOMAIN},CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: msSFU30DomainInfo
+msSFU30MasterServerName: ${NETBIOSNAME}
+msSFU30OrderNumber: 10000
+msSFU30Domains: ${NISDOMAIN}
diff --git a/source4/smb_server/blob.c b/source4/smb_server/blob.c
new file mode 100644
index 0000000..2489329
--- /dev/null
+++ b/source4/smb_server/blob.c
@@ -0,0 +1,810 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) Stefan Metzmacher 2006
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "smb_server/smb_server.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+
+#define BLOB_CHECK(cmd) do { \
+	NTSTATUS _status; \
+	_status = cmd; \
+	NT_STATUS_NOT_OK_RETURN(_status); \
+} while (0)
+
+#define BLOB_CHECK_MIN_SIZE(blob, size) do { \
+	if ((blob)->length < (size)) { \
+		return NT_STATUS_INVALID_PARAMETER; \
+	} \
+} while (0)
+
+
+/* align the end of the blob on an 8 byte boundary */
+#define BLOB_ALIGN(blob, alignment) do { \
+	if ((blob)->length & ((alignment)-1)) { \
+		uint8_t _pad = (alignment) - ((blob)->length & ((alignment)-1)); \
+		BLOB_CHECK(smbsrv_blob_fill_data(blob, blob, (blob)->length+_pad)); \
+	} \
+} while (0)
+
+/* grow the data size of a trans2 reply */
+NTSTATUS smbsrv_blob_grow_data(TALLOC_CTX *mem_ctx,
+			       DATA_BLOB *blob,
+			       uint32_t new_size)
+{
+	if (new_size > blob->length) {
+		uint8_t *p;
+		p = talloc_realloc(mem_ctx, blob->data, uint8_t, new_size);
+		NT_STATUS_HAVE_NO_MEMORY(p);
+		blob->data = p;
+	}
+	blob->length = new_size;
+	return NT_STATUS_OK;
+}
+
+/* grow the data, zero filling any new bytes */
+NTSTATUS smbsrv_blob_fill_data(TALLOC_CTX *mem_ctx,
+			       DATA_BLOB *blob,
+			       uint32_t new_size)
+{
+	uint32_t old_size = blob->length;
+	BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, new_size));
+	if (new_size > old_size) {
+		memset(blob->data + old_size, 0, new_size - old_size);
+	}
+	return NT_STATUS_OK;
+}
+
+/*
+  pull a string from a blob in a trans2 request
+*/
+size_t smbsrv_blob_pull_string(struct request_bufinfo *bufinfo, 
+			       const DATA_BLOB *blob,
+			       uint16_t offset,
+			       const char **str,
+			       int flags)
+{
+	*str = NULL;
+	/* we use STR_NO_RANGE_CHECK because the params are allocated
+	   separately in a DATA_BLOB, so we need to do our own range
+	   checking */
+	if (offset >= blob->length) {
+		return 0;
+	}
+	
+	return req_pull_string(bufinfo, str, 
+			       blob->data + offset, 
+			       blob->length - offset,
+			       STR_NO_RANGE_CHECK | flags);
+}
+
+/*
+  push a string into the data section of a trans2 request
+  return the number of bytes consumed in the output
+*/
+static ssize_t smbsrv_blob_push_string(TALLOC_CTX *mem_ctx,
+				       DATA_BLOB *blob,
+				       uint32_t len_offset,
+				       uint32_t offset,
+				       const char *str,
+				       int dest_len,
+				       int default_flags,
+				       int flags)
+{
+	int alignment = 0, ret = 0, pkt_len;
+
+	/* we use STR_NO_RANGE_CHECK because the params are allocated
+	   separately in a DATA_BLOB, so we need to do our own range
+	   checking */
+	if (!str || offset >= blob->length) {
+		if (flags & STR_LEN8BIT) {
+			SCVAL(blob->data, len_offset, 0);
+		} else {
+			SIVAL(blob->data, len_offset, 0);
+		}
+		return 0;
+	}
+
+	flags |= STR_NO_RANGE_CHECK;
+
+	if (dest_len == -1 || (dest_len > blob->length - offset)) {
+		dest_len = blob->length - offset;
+	}
+
+	if (!(flags & (STR_ASCII|STR_UNICODE))) {
+		flags |= default_flags;
+	}
+
+	if ((offset&1) && (flags & STR_UNICODE) && !(flags & STR_NOALIGN)) {
+		alignment = 1;
+		if (dest_len > 0) {
+			SCVAL(blob->data + offset, 0, 0);
+			ret = push_string(blob->data + offset + 1, str, dest_len-1, flags);
+		}
+	} else {
+		ret = push_string(blob->data + offset, str, dest_len, flags);
+	}
+	if (ret == -1) {
+		return -1;
+	}
+
+	/* sometimes the string needs to be terminated, but the length
+	   on the wire must not include the termination! */
+	pkt_len = ret;
+
+	if ((flags & STR_LEN_NOTERM) && (flags & STR_TERMINATE)) {
+		if ((flags & STR_UNICODE) && ret >= 2) {
+			pkt_len = ret-2;
+		}
+		if ((flags & STR_ASCII) && ret >= 1) {
+			pkt_len = ret-1;
+		}
+	}
+
+	if (flags & STR_LEN8BIT) {
+		SCVAL(blob->data, len_offset, pkt_len);
+	} else {
+		SIVAL(blob->data, len_offset, pkt_len);
+	}
+
+	return ret + alignment;
+}
+
+/*
+  append a string to the data section of a trans2 reply
+  len_offset points to the place in the packet where the length field
+  should go
+*/
+NTSTATUS smbsrv_blob_append_string(TALLOC_CTX *mem_ctx,
+				   DATA_BLOB *blob,
+				   const char *str,
+				   unsigned int len_offset,
+				   int default_flags,
+				   int flags)
+{
+	ssize_t ret;
+	uint32_t offset;
+	const int max_bytes_per_char = 3;
+
+	offset = blob->length;
+	BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, offset + (2+strlen_m(str))*max_bytes_per_char));
+	ret = smbsrv_blob_push_string(mem_ctx, blob, len_offset, offset, str, -1, default_flags, flags);
+	if (ret < 0) {
+		return NT_STATUS_FOOBAR;
+	}
+	BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, offset + ret));
+	return NT_STATUS_OK;
+}
+
+NTSTATUS smbsrv_push_passthru_fsinfo(TALLOC_CTX *mem_ctx,
+				     DATA_BLOB *blob,
+				     enum smb_fsinfo_level level,
+				     union smb_fsinfo *fsinfo,
+				     int default_str_flags)
+{
+	unsigned int i;
+	DATA_BLOB guid_blob;
+
+	switch (level) {
+	case RAW_QFS_VOLUME_INFORMATION:
+		BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, 18));
+
+		push_nttime(blob->data, 0, fsinfo->volume_info.out.create_time);
+		SIVAL(blob->data,       8, fsinfo->volume_info.out.serial_number);
+		SSVAL(blob->data,      16, 0); /* padding */
+		BLOB_CHECK(smbsrv_blob_append_string(mem_ctx, blob,
+						     fsinfo->volume_info.out.volume_name.s,
+						     12, default_str_flags,
+						     STR_UNICODE));
+
+		return NT_STATUS_OK;
+
+	case RAW_QFS_SIZE_INFORMATION:
+		BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, 24));
+
+		SBVAL(blob->data,  0, fsinfo->size_info.out.total_alloc_units);
+		SBVAL(blob->data,  8, fsinfo->size_info.out.avail_alloc_units);
+		SIVAL(blob->data, 16, fsinfo->size_info.out.sectors_per_unit);
+		SIVAL(blob->data, 20, fsinfo->size_info.out.bytes_per_sector);
+
+		return NT_STATUS_OK;
+
+	case RAW_QFS_DEVICE_INFORMATION:
+		BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, 8));
+
+		SIVAL(blob->data,      0, fsinfo->device_info.out.device_type);
+		SIVAL(blob->data,      4, fsinfo->device_info.out.characteristics);
+
+		return NT_STATUS_OK;
+
+	case RAW_QFS_ATTRIBUTE_INFORMATION:
+		BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, 12));
+
+		SIVAL(blob->data, 0, fsinfo->attribute_info.out.fs_attr);
+		SIVAL(blob->data, 4, fsinfo->attribute_info.out.max_file_component_length);
+		/* this must not be null terminated or win98 gets
+		   confused!  also note that w2k3 returns this as
+		   unicode even when ascii is negotiated */
+		BLOB_CHECK(smbsrv_blob_append_string(mem_ctx, blob,
+						     fsinfo->attribute_info.out.fs_type.s,
+						     8, default_str_flags,
+						     STR_UNICODE));
+		return NT_STATUS_OK;
+
+
+	case RAW_QFS_QUOTA_INFORMATION:
+		BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, 48));
+
+		SBVAL(blob->data,   0, fsinfo->quota_information.out.unknown[0]);
+		SBVAL(blob->data,   8, fsinfo->quota_information.out.unknown[1]);
+		SBVAL(blob->data,  16, fsinfo->quota_information.out.unknown[2]);
+		SBVAL(blob->data,  24, fsinfo->quota_information.out.quota_soft);
+		SBVAL(blob->data,  32, fsinfo->quota_information.out.quota_hard);
+		SBVAL(blob->data,  40, fsinfo->quota_information.out.quota_flags);
+
+		return NT_STATUS_OK;
+
+
+	case RAW_QFS_FULL_SIZE_INFORMATION:
+		BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, 32));
+
+		SBVAL(blob->data,  0, fsinfo->full_size_information.out.total_alloc_units);
+		SBVAL(blob->data,  8, fsinfo->full_size_information.out.call_avail_alloc_units);
+		SBVAL(blob->data, 16, fsinfo->full_size_information.out.actual_avail_alloc_units);
+		SIVAL(blob->data, 24, fsinfo->full_size_information.out.sectors_per_unit);
+		SIVAL(blob->data, 28, fsinfo->full_size_information.out.bytes_per_sector);
+
+		return NT_STATUS_OK;
+
+	case RAW_QFS_OBJECTID_INFORMATION: {
+		NTSTATUS status;
+
+		BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, 64));
+
+		status = GUID_to_ndr_blob(&fsinfo->objectid_information.out.guid, mem_ctx, &guid_blob);
+		if (!NT_STATUS_IS_OK(status)) {
+			BLOB_CHECK(status);
+		}
+
+		memcpy(blob->data, guid_blob.data, guid_blob.length);
+
+		for (i=0;i<6;i++) {
+			SBVAL(blob->data, 16 + 8*i, fsinfo->objectid_information.out.unknown[i]);
+		}
+
+		return NT_STATUS_OK;
+	}
+
+	case RAW_QFS_SECTOR_SIZE_INFORMATION:
+		BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, 28));
+		SIVAL(blob->data,  0,
+		      fsinfo->sector_size_info.out.logical_bytes_per_sector);
+		SIVAL(blob->data,  4,
+		     fsinfo->sector_size_info.out.phys_bytes_per_sector_atomic);
+		SIVAL(blob->data,  8,
+		      fsinfo->sector_size_info.out.phys_bytes_per_sector_perf);
+		SIVAL(blob->data, 12,
+		      fsinfo->sector_size_info.out.fs_effective_phys_bytes_per_sector_atomic);
+		SIVAL(blob->data, 16,
+		      fsinfo->sector_size_info.out.flags);
+		SIVAL(blob->data, 20,
+		      fsinfo->sector_size_info.out.byte_off_sector_align);
+		SIVAL(blob->data, 24,
+		      fsinfo->sector_size_info.out.byte_off_partition_align);
+
+		return NT_STATUS_OK;
+
+	default:
+		return NT_STATUS_INVALID_LEVEL;
+	}
+}
+
+NTSTATUS smbsrv_push_passthru_fileinfo(TALLOC_CTX *mem_ctx,
+				       DATA_BLOB *blob,
+				       enum smb_fileinfo_level level,
+				       union smb_fileinfo *st,
+				       int default_str_flags)
+{
+	unsigned int i;
+	size_t list_size;
+
+	switch (level) {
+	case RAW_FILEINFO_BASIC_INFORMATION:
+		BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, 40));
+
+		push_nttime(blob->data,  0, st->basic_info.out.create_time);
+		push_nttime(blob->data,  8, st->basic_info.out.access_time);
+		push_nttime(blob->data, 16, st->basic_info.out.write_time);
+		push_nttime(blob->data, 24, st->basic_info.out.change_time);
+		SIVAL(blob->data,       32, st->basic_info.out.attrib);
+		SIVAL(blob->data,       36, 0); /* padding */
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_NETWORK_OPEN_INFORMATION:
+		BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, 56));
+
+		push_nttime(blob->data,  0, st->network_open_information.out.create_time);
+		push_nttime(blob->data,  8, st->network_open_information.out.access_time);
+		push_nttime(blob->data, 16, st->network_open_information.out.write_time);
+		push_nttime(blob->data, 24, st->network_open_information.out.change_time);
+		SBVAL(blob->data,       32, st->network_open_information.out.alloc_size);
+		SBVAL(blob->data,       40, st->network_open_information.out.size);
+		SIVAL(blob->data,       48, st->network_open_information.out.attrib);
+		SIVAL(blob->data,       52, 0); /* padding */
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_STANDARD_INFORMATION:
+		BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, 24));
+
+		SBVAL(blob->data,  0, st->standard_info.out.alloc_size);
+		SBVAL(blob->data,  8, st->standard_info.out.size);
+		SIVAL(blob->data, 16, st->standard_info.out.nlink);
+		SCVAL(blob->data, 20, st->standard_info.out.delete_pending);
+		SCVAL(blob->data, 21, st->standard_info.out.directory);
+		SSVAL(blob->data, 22, 0); /* padding */
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_ATTRIBUTE_TAG_INFORMATION:
+		BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, 8));
+
+		SIVAL(blob->data,  0, st->attribute_tag_information.out.attrib);
+		SIVAL(blob->data,  4, st->attribute_tag_information.out.reparse_tag);
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_EA_INFORMATION:
+		BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, 4));
+
+		SIVAL(blob->data,  0, st->ea_info.out.ea_size);
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_MODE_INFORMATION:
+		BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, 4));
+
+		SIVAL(blob->data,  0, st->mode_information.out.mode);
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_ALIGNMENT_INFORMATION:
+		BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, 4));
+
+		SIVAL(blob->data,  0, 
+		      st->alignment_information.out.alignment_requirement);
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_ACCESS_INFORMATION:
+		BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, 4));
+
+		SIVAL(blob->data,  0, st->access_information.out.access_flags);
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_POSITION_INFORMATION:
+		BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, 8));
+
+		SBVAL(blob->data,  0, st->position_information.out.position);
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_COMPRESSION_INFORMATION:
+		BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, 16));
+
+		SBVAL(blob->data,  0, st->compression_info.out.compressed_size);
+		SSVAL(blob->data,  8, st->compression_info.out.format);
+		SCVAL(blob->data, 10, st->compression_info.out.unit_shift);
+		SCVAL(blob->data, 11, st->compression_info.out.chunk_shift);
+		SCVAL(blob->data, 12, st->compression_info.out.cluster_shift);
+		SSVAL(blob->data, 13, 0); /* 3 bytes padding */
+		SCVAL(blob->data, 15, 0);
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_INTERNAL_INFORMATION:
+		BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, 8));
+
+		SBVAL(blob->data,  0, st->internal_information.out.file_id);
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_ALL_INFORMATION:
+		BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, 72));
+
+		push_nttime(blob->data,  0, st->all_info.out.create_time);
+		push_nttime(blob->data,  8, st->all_info.out.access_time);
+		push_nttime(blob->data, 16, st->all_info.out.write_time);
+		push_nttime(blob->data, 24, st->all_info.out.change_time);
+		SIVAL(blob->data,       32, st->all_info.out.attrib);
+		SIVAL(blob->data,       36, 0); /* padding */
+		SBVAL(blob->data,       40, st->all_info.out.alloc_size);
+		SBVAL(blob->data,       48, st->all_info.out.size);
+		SIVAL(blob->data,       56, st->all_info.out.nlink);
+		SCVAL(blob->data,       60, st->all_info.out.delete_pending);
+		SCVAL(blob->data,       61, st->all_info.out.directory);
+		SSVAL(blob->data,       62, 0); /* padding */
+		SIVAL(blob->data,       64, st->all_info.out.ea_size);
+		BLOB_CHECK(smbsrv_blob_append_string(mem_ctx, blob,
+						     st->all_info.out.fname.s,
+						     68, default_str_flags,
+						     STR_UNICODE));
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_NAME_INFORMATION:
+		BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, 4));
+
+		BLOB_CHECK(smbsrv_blob_append_string(mem_ctx, blob,
+						     st->name_info.out.fname.s,
+						     0, default_str_flags,
+						     STR_UNICODE));
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_ALT_NAME_INFORMATION:
+		BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, 4));
+
+		BLOB_CHECK(smbsrv_blob_append_string(mem_ctx, blob, 
+						     st->alt_name_info.out.fname.s,
+						     0, default_str_flags,
+						     STR_UNICODE));
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_STREAM_INFORMATION:
+		for (i=0;i<st->stream_info.out.num_streams;i++) {
+			uint32_t data_size = blob->length;
+			uint8_t *data;
+
+			BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, data_size + 24));
+			data = blob->data + data_size;
+			SBVAL(data,  8, st->stream_info.out.streams[i].size);
+			SBVAL(data, 16, st->stream_info.out.streams[i].alloc_size);
+			BLOB_CHECK(smbsrv_blob_append_string(mem_ctx, blob,
+							     st->stream_info.out.streams[i].stream_name.s,
+							     data_size + 4, default_str_flags,
+							     STR_UNICODE));
+			if (i == st->stream_info.out.num_streams - 1) {
+				SIVAL(blob->data, data_size, 0);
+			} else {
+				BLOB_CHECK(smbsrv_blob_fill_data(mem_ctx, blob, (blob->length+7)&~7));
+				SIVAL(blob->data, data_size, 
+				      blob->length - data_size);
+			}
+		}
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_SMB2_ALL_EAS:
+		/* if no eas are returned the backend should
+		 * have returned NO_EAS_ON_FILE or NO_MORE_EAS
+		 *
+		 * so it's a programmer error if num_eas == 0
+		 */
+		if (st->all_eas.out.num_eas == 0) {
+			smb_panic("0 eas for SMB2_ALL_EAS - programmer error in ntvfs backend");
+		}
+
+		list_size = ea_list_size_chained(st->all_eas.out.num_eas,
+						 st->all_eas.out.eas, 4);
+		BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, list_size));
+
+		ea_put_list_chained(blob->data,
+				    st->all_eas.out.num_eas,
+				    st->all_eas.out.eas, 4);
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_SMB2_ALL_INFORMATION:
+		BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, 0x64));
+
+		push_nttime(blob->data, 0x00, st->all_info2.out.create_time);
+		push_nttime(blob->data, 0x08, st->all_info2.out.access_time);
+		push_nttime(blob->data, 0x10, st->all_info2.out.write_time);
+		push_nttime(blob->data, 0x18, st->all_info2.out.change_time);
+		SIVAL(blob->data,       0x20, st->all_info2.out.attrib);
+		SIVAL(blob->data,       0x24, st->all_info2.out.unknown1);
+		SBVAL(blob->data,       0x28, st->all_info2.out.alloc_size);
+		SBVAL(blob->data,       0x30, st->all_info2.out.size);
+		SIVAL(blob->data,       0x38, st->all_info2.out.nlink);
+		SCVAL(blob->data,       0x3C, st->all_info2.out.delete_pending);
+		SCVAL(blob->data,       0x3D, st->all_info2.out.directory);
+		SSVAL(blob->data,       0x3E, 0); /* padding */
+		SBVAL(blob->data,	0x40, st->all_info2.out.file_id);
+		SIVAL(blob->data,       0x48, st->all_info2.out.ea_size);
+		SIVAL(blob->data,	0x4C, st->all_info2.out.access_mask);
+		SBVAL(blob->data,	0x50, st->all_info2.out.position);
+		SIVAL(blob->data,	0x58, st->all_info2.out.mode);
+		SIVAL(blob->data,	0x5C, st->all_info2.out.alignment_requirement);
+		BLOB_CHECK(smbsrv_blob_append_string(mem_ctx, blob,
+						     st->all_info2.out.fname.s,
+						     0x60, default_str_flags,
+						     STR_UNICODE));
+		return NT_STATUS_OK;
+
+	default:
+		return NT_STATUS_INVALID_LEVEL;
+	}
+}
+
+NTSTATUS smbsrv_pull_passthru_sfileinfo(TALLOC_CTX *mem_ctx,
+					enum smb_setfileinfo_level level,
+					union smb_setfileinfo *st,
+					const DATA_BLOB *blob,
+					int default_str_flags,
+					struct request_bufinfo *bufinfo)
+{
+	uint32_t len, ofs;
+	DATA_BLOB str_blob;
+
+	switch (level) {
+	case SMB_SFILEINFO_BASIC_INFORMATION:
+		BLOB_CHECK_MIN_SIZE(blob, 40);
+
+		st->basic_info.in.create_time = pull_nttime(blob->data,  0);
+		st->basic_info.in.access_time = pull_nttime(blob->data,  8);
+		st->basic_info.in.write_time =  pull_nttime(blob->data, 16);
+		st->basic_info.in.change_time = pull_nttime(blob->data, 24);
+		st->basic_info.in.attrib      = IVAL(blob->data,        32);
+		st->basic_info.in.reserved    = IVAL(blob->data,        36);
+
+		return NT_STATUS_OK;
+
+	case SMB_SFILEINFO_DISPOSITION_INFORMATION:
+		BLOB_CHECK_MIN_SIZE(blob, 1);
+
+		st->disposition_info.in.delete_on_close = CVAL(blob->data, 0);
+
+		return NT_STATUS_OK;
+
+	case SMB_SFILEINFO_ALLOCATION_INFORMATION:
+		BLOB_CHECK_MIN_SIZE(blob, 8);
+
+		st->allocation_info.in.alloc_size = BVAL(blob->data, 0);
+
+		return NT_STATUS_OK;				
+
+	case RAW_SFILEINFO_END_OF_FILE_INFORMATION:
+		BLOB_CHECK_MIN_SIZE(blob, 8);
+
+		st->end_of_file_info.in.size = BVAL(blob->data, 0);
+
+		return NT_STATUS_OK;
+
+	case RAW_SFILEINFO_RENAME_INFORMATION:
+		if (!bufinfo) {
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+		BLOB_CHECK_MIN_SIZE(blob, 12);
+		st->rename_information.in.overwrite = CVAL(blob->data, 0);
+		st->rename_information.in.root_fid  = IVAL(blob->data, 4);
+		len                                 = IVAL(blob->data, 8);
+		ofs                                 = 12;
+		str_blob = *blob;
+		str_blob.length = MIN(str_blob.length, ofs+len);
+		smbsrv_blob_pull_string(bufinfo, &str_blob, ofs,
+					&st->rename_information.in.new_name,
+					STR_UNICODE);
+		if (st->rename_information.in.new_name == NULL) {
+			return NT_STATUS_FOOBAR;
+		}
+
+		return NT_STATUS_OK;
+
+
+	case RAW_SFILEINFO_LINK_INFORMATION:
+		if (!bufinfo) {
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+		BLOB_CHECK_MIN_SIZE(blob, 20);
+		st->link_information.in.overwrite = CVAL(blob->data, 0);
+		st->link_information.in.root_fid  = IVAL(blob->data, 8);
+		len                                 = IVAL(blob->data, 16);
+		ofs                                 = 20;
+		str_blob = *blob;
+		str_blob.length = MIN(str_blob.length, ofs+len);
+		smbsrv_blob_pull_string(bufinfo, &str_blob, ofs,
+					&st->link_information.in.new_name,
+					STR_UNICODE);
+		if (st->link_information.in.new_name == NULL) {
+			return NT_STATUS_FOOBAR;
+		}
+
+		return NT_STATUS_OK;
+
+	case RAW_SFILEINFO_RENAME_INFORMATION_SMB2:
+		/* SMB2 uses a different format for rename information */
+		if (!bufinfo) {
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+		BLOB_CHECK_MIN_SIZE(blob, 20);
+		st->rename_information.in.overwrite = CVAL(blob->data, 0);
+		st->rename_information.in.root_fid  = BVAL(blob->data, 8);
+		len                                 = IVAL(blob->data,16);
+		ofs                                 = 20;			
+		str_blob = *blob;
+		str_blob.length = MIN(str_blob.length, ofs+len);
+		smbsrv_blob_pull_string(bufinfo, &str_blob, ofs,
+					&st->rename_information.in.new_name,
+					STR_UNICODE);
+		if (st->rename_information.in.new_name == NULL) {
+			return NT_STATUS_FOOBAR;
+		}
+
+		return NT_STATUS_OK;
+
+	case RAW_SFILEINFO_POSITION_INFORMATION:
+		BLOB_CHECK_MIN_SIZE(blob, 8);
+
+		st->position_information.in.position = BVAL(blob->data, 0);
+
+		return NT_STATUS_OK;
+
+	case RAW_SFILEINFO_FULL_EA_INFORMATION:
+		return ea_pull_list_chained(blob,
+					    mem_ctx,
+					&st->full_ea_information.in.eas.num_eas,
+					&st->full_ea_information.in.eas.eas);
+
+	case RAW_SFILEINFO_MODE_INFORMATION:
+		BLOB_CHECK_MIN_SIZE(blob, 4);
+
+		st->mode_information.in.mode = IVAL(blob->data, 0);
+
+		return NT_STATUS_OK;
+
+	default:
+		return NT_STATUS_INVALID_LEVEL;
+	}
+}
+
+/*
+  fill a single entry in a trans2 find reply 
+*/
+NTSTATUS smbsrv_push_passthru_search(TALLOC_CTX *mem_ctx,
+				     DATA_BLOB *blob,
+				     enum smb_search_data_level level,
+				     const union smb_search_data *file,
+				     int default_str_flags)
+{
+	uint8_t *data;
+	unsigned int ofs = blob->length;
+
+	switch (level) {
+	case RAW_SEARCH_DATA_DIRECTORY_INFO:
+		BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, ofs + 64));
+		data = blob->data + ofs;
+		SIVAL(data,          4, file->directory_info.file_index);
+		push_nttime(data,    8, file->directory_info.create_time);
+		push_nttime(data,   16, file->directory_info.access_time);
+		push_nttime(data,   24, file->directory_info.write_time);
+		push_nttime(data,   32, file->directory_info.change_time);
+		SBVAL(data,         40, file->directory_info.size);
+		SBVAL(data,         48, file->directory_info.alloc_size);
+		SIVAL(data,         56, file->directory_info.attrib);
+		BLOB_CHECK(smbsrv_blob_append_string(mem_ctx, blob, file->directory_info.name.s,
+						     ofs + 60, default_str_flags,
+						     STR_TERMINATE_ASCII));
+		BLOB_ALIGN(blob, 8);
+		data = blob->data + ofs;
+		SIVAL(data,          0, blob->length - ofs);
+		return NT_STATUS_OK;
+
+	case RAW_SEARCH_DATA_FULL_DIRECTORY_INFO:
+		BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, ofs + 68));
+		data = blob->data + ofs;
+		SIVAL(data,          4, file->full_directory_info.file_index);
+		push_nttime(data,    8, file->full_directory_info.create_time);
+		push_nttime(data,   16, file->full_directory_info.access_time);
+		push_nttime(data,   24, file->full_directory_info.write_time);
+		push_nttime(data,   32, file->full_directory_info.change_time);
+		SBVAL(data,         40, file->full_directory_info.size);
+		SBVAL(data,         48, file->full_directory_info.alloc_size);
+		SIVAL(data,         56, file->full_directory_info.attrib);
+		SIVAL(data,         64, file->full_directory_info.ea_size);
+		BLOB_CHECK(smbsrv_blob_append_string(mem_ctx, blob, file->full_directory_info.name.s, 
+						     ofs + 60, default_str_flags,
+						     STR_TERMINATE_ASCII));
+		BLOB_ALIGN(blob, 8);
+		data = blob->data + ofs;
+		SIVAL(data,          0, blob->length - ofs);
+		return NT_STATUS_OK;
+
+	case RAW_SEARCH_DATA_NAME_INFO:
+		BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, ofs + 12));
+		data = blob->data + ofs;
+		SIVAL(data,          4, file->name_info.file_index);
+		BLOB_CHECK(smbsrv_blob_append_string(mem_ctx, blob, file->name_info.name.s, 
+						     ofs + 8, default_str_flags,
+						     STR_TERMINATE_ASCII));
+		BLOB_ALIGN(blob, 8);
+		data = blob->data + ofs;
+		SIVAL(data,          0, blob->length - ofs);
+		return NT_STATUS_OK;
+
+	case RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO:
+		BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, ofs + 94));
+		data = blob->data + ofs;
+		SIVAL(data,          4, file->both_directory_info.file_index);
+		push_nttime(data,    8, file->both_directory_info.create_time);
+		push_nttime(data,   16, file->both_directory_info.access_time);
+		push_nttime(data,   24, file->both_directory_info.write_time);
+		push_nttime(data,   32, file->both_directory_info.change_time);
+		SBVAL(data,         40, file->both_directory_info.size);
+		SBVAL(data,         48, file->both_directory_info.alloc_size);
+		SIVAL(data,         56, file->both_directory_info.attrib);
+		SIVAL(data,         64, file->both_directory_info.ea_size);
+		SCVAL(data,         69, 0); /* reserved */
+		memset(data+70,0,24);
+		smbsrv_blob_push_string(mem_ctx, blob, 
+					68 + ofs, 70 + ofs, 
+					file->both_directory_info.short_name.s, 
+					24, default_str_flags,
+					STR_UNICODE | STR_LEN8BIT);
+		BLOB_CHECK(smbsrv_blob_append_string(mem_ctx, blob, file->both_directory_info.name.s, 
+						     ofs + 60, default_str_flags,
+						     STR_TERMINATE_ASCII));
+		BLOB_ALIGN(blob, 8);
+		data = blob->data + ofs;
+		SIVAL(data,          0, blob->length - ofs);
+		return NT_STATUS_OK;
+
+	case RAW_SEARCH_DATA_ID_FULL_DIRECTORY_INFO:
+		BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, ofs + 80));
+		data = blob->data + ofs;
+		SIVAL(data,          4, file->id_full_directory_info.file_index);
+		push_nttime(data,    8, file->id_full_directory_info.create_time);
+		push_nttime(data,   16, file->id_full_directory_info.access_time);
+		push_nttime(data,   24, file->id_full_directory_info.write_time);
+		push_nttime(data,   32, file->id_full_directory_info.change_time);
+		SBVAL(data,         40, file->id_full_directory_info.size);
+		SBVAL(data,         48, file->id_full_directory_info.alloc_size);
+		SIVAL(data,         56, file->id_full_directory_info.attrib);
+		SIVAL(data,         64, file->id_full_directory_info.ea_size);
+		SIVAL(data,         68, 0); /* padding */
+		SBVAL(data,         72, file->id_full_directory_info.file_id);
+		BLOB_CHECK(smbsrv_blob_append_string(mem_ctx, blob, file->id_full_directory_info.name.s, 
+						     ofs + 60, default_str_flags,
+						     STR_TERMINATE_ASCII));
+		BLOB_ALIGN(blob, 8);
+		data = blob->data + ofs;
+		SIVAL(data,          0, blob->length - ofs);
+		return NT_STATUS_OK;
+
+	case RAW_SEARCH_DATA_ID_BOTH_DIRECTORY_INFO:
+		BLOB_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, ofs + 104));
+		data = blob->data + ofs;
+		SIVAL(data,          4, file->id_both_directory_info.file_index);
+		push_nttime(data,    8, file->id_both_directory_info.create_time);
+		push_nttime(data,   16, file->id_both_directory_info.access_time);
+		push_nttime(data,   24, file->id_both_directory_info.write_time);
+		push_nttime(data,   32, file->id_both_directory_info.change_time);
+		SBVAL(data,         40, file->id_both_directory_info.size);
+		SBVAL(data,         48, file->id_both_directory_info.alloc_size);
+		SIVAL(data,         56, file->id_both_directory_info.attrib);
+		SIVAL(data,         64, file->id_both_directory_info.ea_size);
+		SCVAL(data,         69, 0); /* reserved */
+		memset(data+70,0,26);
+		smbsrv_blob_push_string(mem_ctx, blob, 
+					68 + ofs, 70 + ofs, 
+					file->id_both_directory_info.short_name.s, 
+					24, default_str_flags,
+					STR_UNICODE | STR_LEN8BIT);
+		SBVAL(data,         96, file->id_both_directory_info.file_id);
+		BLOB_CHECK(smbsrv_blob_append_string(mem_ctx, blob, file->id_both_directory_info.name.s, 
+						     ofs + 60, default_str_flags,
+						     STR_TERMINATE_ASCII));
+		BLOB_ALIGN(blob, 8);
+		data = blob->data + ofs;
+		SIVAL(data,          0, blob->length - ofs);
+		return NT_STATUS_OK;
+
+	default:
+		return NT_STATUS_INVALID_LEVEL;
+	}
+}
diff --git a/source4/smb_server/handle.c b/source4/smb_server/handle.c
new file mode 100644
index 0000000..0e715ab
--- /dev/null
+++ b/source4/smb_server/handle.c
@@ -0,0 +1,142 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Manage smbsrv_handle structures
+   Copyright (C) Stefan Metzmacher 2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "smb_server/smb_server.h"
+#include "lib/util/idtree.h"
+
+/****************************************************************************
+init the handle structures
+****************************************************************************/
+NTSTATUS smbsrv_init_handles(struct smbsrv_tcon *tcon, uint32_t limit)
+{
+	/* 
+	 * the idr_* functions take 'int' as limit,
+	 * and only work with a max limit 0x00FFFFFF
+	 */
+	limit &= 0x00FFFFFF;
+
+	tcon->handles.idtree_hid	= idr_init(tcon);
+	NT_STATUS_HAVE_NO_MEMORY(tcon->handles.idtree_hid);
+	tcon->handles.idtree_limit	= limit;
+	tcon->handles.list		= NULL;
+
+	return NT_STATUS_OK;
+}
+
+/****************************************************************************
+find a handle given a handle id
+****************************************************************************/
+static struct smbsrv_handle *smbsrv_handle_find(struct smbsrv_handles_context *handles_ctx,
+						uint32_t hid, struct timeval request_time)
+{
+	void *p;
+	struct smbsrv_handle *handle;
+
+	if (hid == 0) return NULL;
+
+	if (hid > handles_ctx->idtree_limit) return NULL;
+
+	p = idr_find(handles_ctx->idtree_hid, hid);
+	if (!p) return NULL;
+
+	handle = talloc_get_type(p, struct smbsrv_handle);
+	if (!handle) return NULL;
+
+	/* only give it away when the ntvfs subsystem has made the handle valid */
+	if (!handle->ntvfs) return NULL;
+
+	handle->statistics.last_use_time = request_time;
+
+	return handle;
+}
+
+struct smbsrv_handle *smbsrv_smb_handle_find(struct smbsrv_tcon *smb_tcon,
+					     uint16_t fnum, struct timeval request_time)
+{
+	return smbsrv_handle_find(&smb_tcon->handles, fnum, request_time);
+}
+
+struct smbsrv_handle *smbsrv_smb2_handle_find(struct smbsrv_tcon *smb_tcon,
+					      uint32_t hid, struct timeval request_time)
+{
+	return smbsrv_handle_find(&smb_tcon->handles, hid, request_time);
+}
+
+/*
+  destroy a connection structure
+*/
+static int smbsrv_handle_destructor(struct smbsrv_handle *handle)
+{
+	struct smbsrv_handles_context *handles_ctx;
+
+	handles_ctx = &handle->tcon->handles;
+
+	idr_remove(handles_ctx->idtree_hid, handle->hid);
+	DLIST_REMOVE(handles_ctx->list, handle);
+	DLIST_REMOVE(handle->session->handles, &handle->session_item);
+
+	/* tell the ntvfs backend that we are disconnecting */
+	if (handle->ntvfs) {
+		talloc_free(handle->ntvfs);
+		handle->ntvfs = NULL;
+	}
+
+	return 0;
+}
+
+/*
+  find first available handle slot
+*/
+struct smbsrv_handle *smbsrv_handle_new(struct smbsrv_session *session,
+				        struct smbsrv_tcon *tcon,
+				        TALLOC_CTX *mem_ctx,
+					struct timeval request_time)
+{
+	struct smbsrv_handles_context *handles_ctx = &tcon->handles;
+	struct smbsrv_handle *handle;
+	int i;
+
+	handle = talloc_zero(mem_ctx, struct smbsrv_handle);
+	if (!handle) return NULL;
+	handle->tcon	= tcon;
+	handle->session	= session;
+	
+	i = idr_get_new_above(handles_ctx->idtree_hid, handle, 1, handles_ctx->idtree_limit);
+	if (i == -1) {
+		DEBUG(1,("ERROR! Out of handle structures\n"));
+		goto failed;
+	}
+	handle->hid = i;
+	handle->session_item.handle = handle;
+
+	DLIST_ADD(handles_ctx->list, handle);
+	DLIST_ADD(session->handles, &handle->session_item);
+	talloc_set_destructor(handle, smbsrv_handle_destructor);
+
+	/* now fill in some statistics */
+	handle->statistics.open_time		= request_time;
+	handle->statistics.last_use_time	= request_time;
+
+	return handle;
+
+failed:
+	talloc_free(handle);
+	return NULL;
+}
diff --git a/source4/smb_server/management.c b/source4/smb_server/management.c
new file mode 100644
index 0000000..5cdfff0
--- /dev/null
+++ b/source4/smb_server/management.c
@@ -0,0 +1,138 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   management calls for smb server
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "smb_server/smb_server.h"
+#include "samba/service_stream.h"
+#include "lib/messaging/irpc.h"
+#include "librpc/gen_ndr/ndr_irpc.h"
+#include "auth/auth.h"
+#include "lib/tsocket/tsocket.h"
+
+/*
+  return a list of open sessions
+*/
+static NTSTATUS smbsrv_session_information(struct irpc_message *msg, 
+					   struct smbsrv_information *r)
+{
+	struct smbsrv_connection *smb_conn = talloc_get_type(msg->private_data,
+					     struct smbsrv_connection);
+	struct tsocket_address *client_addr = smb_conn->connection->remote_address;
+	char *client_addr_string;
+	int i=0, count=0;
+	struct smbsrv_session *sess;
+
+	/* This is for debugging only! */
+	client_addr_string = tsocket_address_string(client_addr, r);
+	NT_STATUS_HAVE_NO_MEMORY(client_addr_string);
+
+	/* count the number of sessions */
+	for (sess=smb_conn->sessions.list; sess; sess=sess->next) {
+		count++;
+	}
+
+	r->out.info.sessions.num_sessions = count;
+	r->out.info.sessions.sessions = talloc_array(r, struct smbsrv_session_info, count);
+	NT_STATUS_HAVE_NO_MEMORY(r->out.info.sessions.sessions);
+
+	for (sess=smb_conn->sessions.list; sess; sess=sess->next) {
+		struct smbsrv_session_info *info = &r->out.info.sessions.sessions[i];
+
+		info->client_ip    = client_addr_string;
+
+		info->vuid         = sess->vuid;
+		info->account_name = sess->session_info->info->account_name;
+		info->domain_name  = sess->session_info->info->domain_name;
+		
+		info->connect_time = timeval_to_nttime(&sess->statistics.connect_time);
+		info->auth_time    = timeval_to_nttime(&sess->statistics.auth_time);
+		info->last_use_time= timeval_to_nttime(&sess->statistics.last_request_time);
+		i++;
+	}	
+
+	return NT_STATUS_OK;
+}
+
+/*
+  return a list of tree connects
+*/
+static NTSTATUS smbsrv_tcon_information(struct irpc_message *msg, 
+					struct smbsrv_information *r)
+{
+	struct smbsrv_connection *smb_conn = talloc_get_type(msg->private_data,
+					     struct smbsrv_connection);
+	struct tsocket_address *client_addr = smb_conn->connection->remote_address;
+	char *client_addr_string;
+	int i=0, count=0;
+	struct smbsrv_tcon *tcon;
+
+	/* This is for debugging only! */
+	client_addr_string = tsocket_address_string(client_addr, r);
+	NT_STATUS_HAVE_NO_MEMORY(client_addr_string);
+
+	/* count the number of tcons */
+	for (tcon=smb_conn->smb_tcons.list; tcon; tcon=tcon->next) {
+		count++;
+	}
+
+	r->out.info.tcons.num_tcons = count;
+	r->out.info.tcons.tcons = talloc_array(r, struct smbsrv_tcon_info, count);
+	NT_STATUS_HAVE_NO_MEMORY(r->out.info.tcons.tcons);
+
+	for (tcon=smb_conn->smb_tcons.list; tcon; tcon=tcon->next) {
+		struct smbsrv_tcon_info *info = &r->out.info.tcons.tcons[i];
+
+		info->client_ip    = client_addr_string;
+
+		info->tid          = tcon->tid;
+		info->share_name   = tcon->share_name;
+		info->connect_time = timeval_to_nttime(&tcon->statistics.connect_time);
+		info->last_use_time= timeval_to_nttime(&tcon->statistics.last_request_time);
+		i++;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  serve smbserver information via irpc
+*/
+static NTSTATUS smbsrv_information(struct irpc_message *msg, 
+				   struct smbsrv_information *r)
+{
+	switch (r->in.level) {
+	case SMBSRV_INFO_SESSIONS:
+		return smbsrv_session_information(msg, r);
+	case SMBSRV_INFO_TCONS:
+		return smbsrv_tcon_information(msg, r);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  initialise irpc management calls on a connection
+*/
+void smbsrv_management_init(struct smbsrv_connection *smb_conn)
+{
+	IRPC_REGISTER(smb_conn->connection->msg_ctx, irpc, SMBSRV_INFORMATION, 
+		      smbsrv_information, smb_conn);
+}
diff --git a/source4/smb_server/service_smb.c b/source4/smb_server/service_smb.c
new file mode 100644
index 0000000..05e2623
--- /dev/null
+++ b/source4/smb_server/service_smb.c
@@ -0,0 +1,110 @@
+/* 
+   Unix SMB/CIFS implementation.
+   process incoming packets - main loop
+   Copyright (C) Andrew Tridgell	2004-2005
+   Copyright (C) Stefan Metzmacher	2004-2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "samba/service_task.h"
+#include "samba/service_stream.h"
+#include "samba/service.h"
+#include "smb_server/smb_server.h"
+#include "smb_server/service_smb_proto.h"
+#include "lib/messaging/irpc.h"
+#include "lib/stream/packet.h"
+#include "libcli/smb2/smb2.h"
+#include "smb_server/smb2/smb2_server.h"
+#include "system/network.h"
+#include "lib/socket/netif.h"
+#include "param/share.h"
+#include "dsdb/samdb/samdb.h"
+#include "param/param.h"
+#include "ntvfs/ntvfs.h"
+#include "lib/cmdline/cmdline.h"
+
+/*
+  open the smb server sockets
+*/
+static NTSTATUS smbsrv_task_init(struct task_server *task)
+{	
+	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+
+	task_server_set_title(task, "task[smbsrv]");
+
+	if (lpcfg_interfaces(task->lp_ctx) && lpcfg_bind_interfaces_only(task->lp_ctx)) {
+		int num_interfaces;
+		int i;
+		struct interface *ifaces;
+
+		load_interface_list(task, task->lp_ctx, &ifaces);
+
+		num_interfaces = iface_list_count(ifaces);
+
+		/* We have been given an interfaces line, and been 
+		   told to only bind to those interfaces. Create a
+		   socket per interface and bind to only these.
+		*/
+		for(i = 0; i < num_interfaces; i++) {
+			const char *address = iface_list_n_ip(ifaces, i);
+			status = smbsrv_add_socket(task, task->event_ctx,
+					           task->lp_ctx,
+						   task->model_ops,
+						   address,
+						   task->process_context);
+			if (!NT_STATUS_IS_OK(status)) goto failed;
+		}
+	} else {
+		char **wcard;
+		int i;
+		wcard = iface_list_wildcard(task);
+		if (wcard == NULL) {
+			DEBUG(0,("No wildcard addresses available\n"));
+			status = NT_STATUS_UNSUCCESSFUL;
+			goto failed;
+		}
+		for (i=0; wcard[i]; i++) {
+			status = smbsrv_add_socket(task, task->event_ctx,
+						   task->lp_ctx,
+						   task->model_ops,
+						   wcard[i],
+						   task->process_context);
+			if (!NT_STATUS_IS_OK(status)) goto failed;
+		}
+		talloc_free(wcard);
+	}
+
+	irpc_add_name(task->msg_ctx, "smb_server");
+	return NT_STATUS_OK;
+failed:
+	task_server_terminate(task, "Failed to startup smb server task", true);	
+	return status;
+}
+
+/* called at smbd startup - register ourselves as a server service */
+NTSTATUS server_service_smb_init(TALLOC_CTX *ctx)
+{
+	struct loadparm_context *lp_ctx = samba_cmdline_get_lp_ctx();
+	static const struct service_details details = {
+		.inhibit_fork_on_accept = true,
+		.inhibit_pre_fork = true,
+		.task_init = smbsrv_task_init,
+		.post_fork = NULL
+	};
+	ntvfs_init(lp_ctx);
+	share_init();
+	return register_server_service(ctx, "smb", &details);
+}
diff --git a/source4/smb_server/session.c b/source4/smb_server/session.c
new file mode 100644
index 0000000..2effa78
--- /dev/null
+++ b/source4/smb_server/session.c
@@ -0,0 +1,166 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Password and authentication handling
+   Copyright (C) Andrew Tridgell 1992-2005
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
+   Copyright (C) Stefan Metzmacher 2005-2006
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "smb_server/smb_server.h"
+#include "lib/util/idtree_random.h"
+
+/*
+ * init the sessions structures
+ */
+NTSTATUS smbsrv_init_sessions(struct smbsrv_connection *smb_conn, uint64_t limit)
+{
+	/* 
+	 * the idr_* functions take 'int' as limit,
+	 * and only work with a max limit 0x00FFFFFF
+	 */
+	limit &= 0x00FFFFFF;
+
+	smb_conn->sessions.idtree_vuid	= idr_init(smb_conn);
+	NT_STATUS_HAVE_NO_MEMORY(smb_conn->sessions.idtree_vuid);
+	smb_conn->sessions.idtree_limit	= limit;
+	smb_conn->sessions.list		= NULL;
+
+	return NT_STATUS_OK;
+}
+
+/*
+ * Find the session structure associated with a VUID
+ * (not one from an in-progress session setup)
+ */
+struct smbsrv_session *smbsrv_session_find(struct smbsrv_connection *smb_conn,
+					   uint64_t vuid, struct timeval request_time)
+{
+	void *p;
+	struct smbsrv_session *sess;
+
+	if (vuid == 0) return NULL;
+
+	if (vuid > smb_conn->sessions.idtree_limit) return NULL;
+
+	p = idr_find(smb_conn->sessions.idtree_vuid, vuid);
+	if (!p) return NULL;
+
+	/* only return a finished session */
+	sess = talloc_get_type(p, struct smbsrv_session);
+	if (sess && sess->session_info) {
+		sess->statistics.last_request_time = request_time;
+		return sess;
+	}
+
+	return NULL;
+}
+
+/*
+ * Find the session structure associated with a VUID
+ * (associated with an in-progress session setup)
+ */
+struct smbsrv_session *smbsrv_session_find_sesssetup(struct smbsrv_connection *smb_conn, uint64_t vuid)
+{
+	void *p;
+	struct smbsrv_session *sess;
+
+	if (vuid == 0) return NULL;
+
+	if (vuid > smb_conn->sessions.idtree_limit) return NULL;
+
+	p = idr_find(smb_conn->sessions.idtree_vuid, vuid);
+	if (!p) return NULL;
+
+	sess = talloc_get_type_abort(p, struct smbsrv_session);
+
+	return sess;
+}
+
+/*
+ * the session will be marked as valid for usage
+ * by attaching a auth_session_info to the session.
+ *
+ * session_info will be talloc_stealed
+ */
+NTSTATUS smbsrv_session_sesssetup_finished(struct smbsrv_session *sess,
+				           struct auth_session_info *session_info)
+{
+	/* this check is to catch programmer errors */
+	if (!session_info) {
+		talloc_free(sess);
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	/* mark the session as successful authenticated */
+	sess->session_info = talloc_steal(sess, session_info);
+
+	/* now fill in some statistics */
+	sess->statistics.auth_time = timeval_current();
+
+	return NT_STATUS_OK;
+}
+
+/****************************************************************************
+destroy a session structure
+****************************************************************************/
+static int smbsrv_session_destructor(struct smbsrv_session *sess)
+{
+	struct smbsrv_connection *smb_conn = sess->smb_conn;
+
+	idr_remove(smb_conn->sessions.idtree_vuid, sess->vuid);
+	DLIST_REMOVE(smb_conn->sessions.list, sess);
+	return 0;
+}
+
+/*
+ * allocate a new session structure with a VUID.
+ * gensec_ctx is optional, but talloc_steal'ed when present
+ */
+struct smbsrv_session *smbsrv_session_new(struct smbsrv_connection *smb_conn,
+					  TALLOC_CTX *mem_ctx,
+					  struct gensec_security *gensec_ctx)
+{
+	struct smbsrv_session *sess = NULL;
+	int i;
+
+	sess = talloc_zero(mem_ctx, struct smbsrv_session);
+	if (!sess) return NULL;
+	sess->smb_conn = smb_conn;
+
+	i = idr_get_new_random(
+		smb_conn->sessions.idtree_vuid,
+		sess,
+		1,
+		smb_conn->sessions.idtree_limit);
+	if (i == -1) {
+		DEBUG(1,("ERROR! Out of connection structures\n"));
+		talloc_free(sess);
+		return NULL;
+	}
+	sess->vuid = i;
+
+	/* use this to keep tabs on all our info from the authentication */
+	sess->gensec_ctx = talloc_steal(sess, gensec_ctx);
+
+	DLIST_ADD(smb_conn->sessions.list, sess);
+	talloc_set_destructor(sess, smbsrv_session_destructor);
+
+	/* now fill in some statistics */
+	sess->statistics.connect_time = timeval_current();
+
+	return sess;
+}
diff --git a/source4/smb_server/smb/negprot.c b/source4/smb_server/smb/negprot.c
new file mode 100644
index 0000000..ad400a0
--- /dev/null
+++ b/source4/smb_server/smb/negprot.c
@@ -0,0 +1,564 @@
+/* 
+   Unix SMB/CIFS implementation.
+   negprot reply code
+   Copyright (C) Andrew Tridgell 1992-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "auth/credentials/credentials.h"
+#include "auth/gensec/gensec.h"
+#include "auth/auth.h"
+#include "smb_server/smb_server.h"
+#include "libcli/smb2/smb2.h"
+#include "smb_server/smb2/smb2_server.h"
+#include "samba/service_stream.h"
+#include "lib/stream/packet.h"
+#include "param/param.h"
+
+
+/* initialise the auth_context for this server and return the cryptkey */
+static NTSTATUS get_challenge(struct smbsrv_connection *smb_conn, uint8_t buff[8]) 
+{
+	NTSTATUS nt_status;
+
+	/* multiple negprots are not permitted */
+	if (smb_conn->negotiate.auth_context) {
+		DEBUG(3,("get challenge: is this a secondary negprot?  auth_context is non-NULL!\n"));
+		return NT_STATUS_FOOBAR;
+	}
+
+	DEBUG(10, ("get challenge: creating negprot_global_auth_context\n"));
+
+	nt_status = auth_context_create(smb_conn, 
+					smb_conn->connection->event.ctx,
+					smb_conn->connection->msg_ctx,
+					smb_conn->lp_ctx,
+					&smb_conn->negotiate.auth_context);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		DEBUG(0, ("auth_context_create() returned %s\n", nt_errstr(nt_status)));
+		return nt_status;
+	}
+
+	nt_status = auth_get_challenge(smb_conn->negotiate.auth_context, buff);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		DEBUG(0, ("auth_get_challenge() returned %s\n", nt_errstr(nt_status)));
+		return nt_status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ Reply for the core protocol.
+****************************************************************************/
+static void reply_corep(struct smbsrv_request *req, uint16_t choice)
+{
+	smbsrv_setup_reply(req, 1, 0);
+
+	SSVAL(req->out.vwv, VWV(0), choice);
+
+	req->smb_conn->negotiate.protocol = PROTOCOL_CORE;
+
+	if (req->smb_conn->signing.mandatory_signing) {
+		smbsrv_terminate_connection(req->smb_conn, 
+					    "CORE does not support SMB signing, and it is mandatory\n");
+		return;
+	}
+
+	smbsrv_send_reply(req);
+}
+
+/****************************************************************************
+ Reply for the coreplus protocol.
+this is quite incomplete - we only fill in a small part of the reply, but as nobody uses
+this any more it probably doesn't matter
+****************************************************************************/
+static void reply_coreplus(struct smbsrv_request *req, uint16_t choice)
+{
+	uint16_t raw;
+	if (lpcfg_async_smb_echo_handler(req->smb_conn->lp_ctx)) {
+		raw = 0;
+	} else {
+		raw = (lpcfg_read_raw(req->smb_conn->lp_ctx)?1:0) |
+		      (lpcfg_write_raw(req->smb_conn->lp_ctx)?2:0);
+	}
+
+	smbsrv_setup_reply(req, 13, 0);
+
+	/* Reply, SMBlockread, SMBwritelock supported. */
+	SCVAL(req->out.hdr,HDR_FLG,
+	      CVAL(req->out.hdr, HDR_FLG) | FLAG_SUPPORT_LOCKREAD);
+
+	SSVAL(req->out.vwv, VWV(0), choice);
+	SSVAL(req->out.vwv, VWV(1), 0x1); /* user level security, don't encrypt */	
+
+	/* tell redirector we support
+	   readbraw and writebraw (possibly) */
+	SSVAL(req->out.vwv, VWV(5), raw); 
+
+	req->smb_conn->negotiate.protocol = PROTOCOL_COREPLUS;
+
+	if (req->smb_conn->signing.mandatory_signing) {
+		smbsrv_terminate_connection(req->smb_conn, 
+					    "COREPLUS does not support SMB signing, and it is mandatory\n");
+		return;
+	}
+
+	smbsrv_send_reply(req);
+}
+
+/****************************************************************************
+ Reply for the lanman 1.0 protocol.
+****************************************************************************/
+static void reply_lanman1(struct smbsrv_request *req, uint16_t choice)
+{
+	int secword=0;
+	time_t t = req->request_time.tv_sec;
+	uint16_t raw;
+
+	if (lpcfg_async_smb_echo_handler(req->smb_conn->lp_ctx)) {
+		raw = 0;
+	} else {
+		raw = (lpcfg_read_raw(req->smb_conn->lp_ctx)?1:0) |
+		      (lpcfg_write_raw(req->smb_conn->lp_ctx)?2:0);
+	}
+
+	req->smb_conn->negotiate.encrypted_passwords = lpcfg_encrypt_passwords(req->smb_conn->lp_ctx);
+
+	if (req->smb_conn->negotiate.encrypted_passwords)
+		secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
+
+	req->smb_conn->negotiate.protocol = PROTOCOL_LANMAN1;
+
+	smbsrv_setup_reply(req, 13, req->smb_conn->negotiate.encrypted_passwords ? 8 : 0);
+
+	/* SMBlockread, SMBwritelock supported. */
+	SCVAL(req->out.hdr,HDR_FLG,
+	      CVAL(req->out.hdr, HDR_FLG) | FLAG_SUPPORT_LOCKREAD);
+
+	SSVAL(req->out.vwv, VWV(0), choice);
+	SSVAL(req->out.vwv, VWV(1), secword); 
+	SSVAL(req->out.vwv, VWV(2), req->smb_conn->negotiate.max_recv);
+	SSVAL(req->out.vwv, VWV(3), lpcfg_max_mux(req->smb_conn->lp_ctx));
+	SSVAL(req->out.vwv, VWV(4), 1);
+	SSVAL(req->out.vwv, VWV(5), raw); 
+	SIVAL(req->out.vwv, VWV(6), req->smb_conn->connection->server_id.pid);
+	srv_push_dos_date(req->smb_conn, req->out.vwv, VWV(8), t);
+	SSVAL(req->out.vwv, VWV(10), req->smb_conn->negotiate.zone_offset/60);
+	SIVAL(req->out.vwv, VWV(11), 0); /* reserved */
+
+	/* Create a token value and add it to the outgoing packet. */
+	if (req->smb_conn->negotiate.encrypted_passwords) {
+		NTSTATUS nt_status;
+
+		SSVAL(req->out.vwv, VWV(11), 8);
+
+		nt_status = get_challenge(req->smb_conn, req->out.data);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			smbsrv_terminate_connection(req->smb_conn, "LANMAN1 get_challenge failed\n");
+			return;
+		}
+	}
+
+	if (req->smb_conn->signing.mandatory_signing) {
+		smbsrv_terminate_connection(req->smb_conn, 
+					    "LANMAN1 does not support SMB signing, and it is mandatory\n");
+		return;
+	}
+
+	smbsrv_send_reply(req);	
+}
+
+/****************************************************************************
+ Reply for the lanman 2.0 protocol.
+****************************************************************************/
+static void reply_lanman2(struct smbsrv_request *req, uint16_t choice)
+{
+	int secword=0;
+	time_t t = req->request_time.tv_sec;
+	uint16_t raw;
+	if (lpcfg_async_smb_echo_handler(req->smb_conn->lp_ctx)) {
+		raw = 0;
+	} else {
+		raw = (lpcfg_read_raw(req->smb_conn->lp_ctx)?1:0) |
+		      (lpcfg_write_raw(req->smb_conn->lp_ctx)?2:0);
+	}
+
+	req->smb_conn->negotiate.encrypted_passwords = lpcfg_encrypt_passwords(req->smb_conn->lp_ctx);
+  
+	if (req->smb_conn->negotiate.encrypted_passwords)
+		secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
+
+	req->smb_conn->negotiate.protocol = PROTOCOL_LANMAN2;
+
+	smbsrv_setup_reply(req, 13, 0);
+
+	SSVAL(req->out.vwv, VWV(0), choice);
+	SSVAL(req->out.vwv, VWV(1), secword); 
+	SSVAL(req->out.vwv, VWV(2), req->smb_conn->negotiate.max_recv);
+	SSVAL(req->out.vwv, VWV(3), lpcfg_max_mux(req->smb_conn->lp_ctx));
+	SSVAL(req->out.vwv, VWV(4), 1);
+	SSVAL(req->out.vwv, VWV(5), raw); 
+	SIVAL(req->out.vwv, VWV(6), req->smb_conn->connection->server_id.pid);
+	srv_push_dos_date(req->smb_conn, req->out.vwv, VWV(8), t);
+	SSVAL(req->out.vwv, VWV(10), req->smb_conn->negotiate.zone_offset/60);
+	SIVAL(req->out.vwv, VWV(11), 0);
+
+	/* Create a token value and add it to the outgoing packet. */
+	if (req->smb_conn->negotiate.encrypted_passwords) {
+		SSVAL(req->out.vwv, VWV(11), 8);
+		req_grow_data(req, 8);
+		get_challenge(req->smb_conn, req->out.data);
+	}
+
+	req_push_str(req, NULL, lpcfg_workgroup(req->smb_conn->lp_ctx), -1, STR_TERMINATE);
+
+	if (req->smb_conn->signing.mandatory_signing) {
+		smbsrv_terminate_connection(req->smb_conn, 
+					    "LANMAN2 does not support SMB signing, and it is mandatory\n");
+		return;
+	}
+
+	smbsrv_send_reply(req);
+}
+
+static void reply_nt1_orig(struct smbsrv_request *req)
+{
+	/* Create a token value and add it to the outgoing packet. */
+	if (req->smb_conn->negotiate.encrypted_passwords) {
+		req_grow_data(req, 8);
+		/* note that we do not send a challenge at all if
+		   we are using plaintext */
+		get_challenge(req->smb_conn, req->out.ptr);
+		req->out.ptr += 8;
+		SCVAL(req->out.vwv+1, VWV(16), 8);
+	}
+	req_push_str(req, NULL, lpcfg_workgroup(req->smb_conn->lp_ctx), -1, STR_UNICODE|STR_TERMINATE|STR_NOALIGN);
+	req_push_str(req, NULL, lpcfg_netbios_name(req->smb_conn->lp_ctx), -1, STR_UNICODE|STR_TERMINATE|STR_NOALIGN);
+	DEBUG(3,("not using extended security (SPNEGO or NTLMSSP)\n"));
+}
+
+/*
+  try to determine if the filesystem supports large files
+*/
+static bool large_file_support(const char *path)
+{
+	int fd;
+	ssize_t ret;
+	char c;
+
+	fd = open(path, O_RDWR|O_CREAT, 0600);
+	unlink(path);
+	if (fd == -1) {
+		/* have to assume large files are OK */
+		return true;
+	}
+	ret = pread(fd, &c, 1, ((uint64_t)1)<<32);
+	close(fd);
+	return ret == 0;
+}
+
+/****************************************************************************
+ Reply for the nt protocol.
+****************************************************************************/
+static void reply_nt1(struct smbsrv_request *req, uint16_t choice)
+{
+	/* dual names + lock_and_read + nt SMBs + remote API calls */
+	int capabilities;
+	int secword=0;
+	time_t t = req->request_time.tv_sec;
+	NTTIME nttime;
+	bool negotiate_spnego = false;
+	char *large_test_path;
+
+	unix_to_nt_time(&nttime, t);
+
+	capabilities = 
+		CAP_NT_FIND | CAP_LOCK_AND_READ | 
+		CAP_LEVEL_II_OPLOCKS | CAP_NT_SMBS | CAP_RPC_REMOTE_APIS;
+
+	req->smb_conn->negotiate.encrypted_passwords = lpcfg_encrypt_passwords(req->smb_conn->lp_ctx);
+
+	/* do spnego in user level security if the client
+	   supports it and we can do encrypted passwords */
+	
+	if (req->smb_conn->negotiate.encrypted_passwords && 
+	    (req->flags2 & FLAGS2_EXTENDED_SECURITY)) {
+		negotiate_spnego = true; 
+		capabilities |= CAP_EXTENDED_SECURITY;
+	}
+	
+	if (lpcfg_large_readwrite(req->smb_conn->lp_ctx)) {
+		capabilities |= CAP_LARGE_READX | CAP_LARGE_WRITEX | CAP_W2K_SMBS;
+	}
+
+	large_test_path = lpcfg_lock_path(req, req->smb_conn->lp_ctx, "large_test.dat");
+	if (large_file_support(large_test_path)) {
+		capabilities |= CAP_LARGE_FILES;
+	}
+
+	if (!lpcfg_async_smb_echo_handler(req->smb_conn->lp_ctx) &&
+	    lpcfg_read_raw(req->smb_conn->lp_ctx) &&
+	    lpcfg_write_raw(req->smb_conn->lp_ctx)) {
+		capabilities |= CAP_RAW_MODE;
+	}
+	
+	/* allow for disabling unicode */
+	if (lpcfg_unicode(req->smb_conn->lp_ctx)) {
+		capabilities |= CAP_UNICODE;
+	}
+
+	if (lpcfg_nt_status_support(req->smb_conn->lp_ctx)) {
+		capabilities |= CAP_STATUS32;
+	}
+	
+	if (lpcfg_host_msdfs(req->smb_conn->lp_ctx)) {
+		capabilities |= CAP_DFS;
+	}
+	
+	secword |= NEGOTIATE_SECURITY_USER_LEVEL;
+
+	if (req->smb_conn->negotiate.encrypted_passwords) {
+		secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
+	}
+
+	if (req->smb_conn->signing.allow_smb_signing) {
+		secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED;
+	}
+
+	if (req->smb_conn->signing.mandatory_signing) {
+		secword |= NEGOTIATE_SECURITY_SIGNATURES_REQUIRED;
+	}
+	
+	req->smb_conn->negotiate.protocol = PROTOCOL_NT1;
+
+	smbsrv_setup_reply(req, 17, 0);
+	
+	SSVAL(req->out.vwv, VWV(0), choice);
+	SCVAL(req->out.vwv, VWV(1), secword);
+
+	/* notice the strange +1 on vwv here? That's because
+	   this is the one and only SMB packet that is malformed in
+	   the specification - all the command words after the secword
+	   are offset by 1 byte */
+	SSVAL(req->out.vwv+1, VWV(1), lpcfg_max_mux(req->smb_conn->lp_ctx));
+	SSVAL(req->out.vwv+1, VWV(2), 1); /* num vcs */
+	SIVAL(req->out.vwv+1, VWV(3), req->smb_conn->negotiate.max_recv);
+	SIVAL(req->out.vwv+1, VWV(5), 0x10000); /* raw size. full 64k */
+	SIVAL(req->out.vwv+1, VWV(7), req->smb_conn->connection->server_id.pid); /* session key */
+
+	SIVAL(req->out.vwv+1, VWV(9), capabilities);
+	push_nttime(req->out.vwv+1, VWV(11), nttime);
+	SSVALS(req->out.vwv+1,VWV(15), req->smb_conn->negotiate.zone_offset/60);
+	
+	if (!negotiate_spnego) {
+		reply_nt1_orig(req);
+	} else {
+		struct cli_credentials *server_credentials;
+		struct gensec_security *gensec_security;
+		DATA_BLOB null_data_blob = data_blob(NULL, 0);
+		DATA_BLOB blob = data_blob_null;
+		const char *oid;
+		NTSTATUS nt_status;
+
+		server_credentials =
+			cli_credentials_init_server(req, req->smb_conn->lp_ctx);
+		if (server_credentials == NULL) {
+			DBG_DEBUG("Failed to obtain server credentials, "
+				  "perhaps a standalone server?\n");
+			/*
+			 * Create anon server credentials for for the
+			 * spoolss.notify test.
+			 */
+			server_credentials = cli_credentials_init_anon(req);
+			if (server_credentials == NULL) {
+				smbsrv_terminate_connection(req->smb_conn,
+					"Failed to init server credentials\n");
+				return;
+			}
+		}
+
+		nt_status = samba_server_gensec_start(req,
+						      req->smb_conn->connection->event.ctx,
+						      req->smb_conn->connection->msg_ctx,
+						      req->smb_conn->lp_ctx,
+						      server_credentials,
+						      "cifs",
+						      &gensec_security);
+
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			DEBUG(0, ("Failed to start GENSEC: %s\n", nt_errstr(nt_status)));
+			smbsrv_terminate_connection(req->smb_conn, "Failed to start GENSEC\n");
+			return;
+		}
+
+		if (req->smb_conn->negotiate.auth_context) {
+			smbsrv_terminate_connection(req->smb_conn, "reply_nt1: is this a secondary negprot?  auth_context is non-NULL!\n");
+			return;
+		}
+		req->smb_conn->negotiate.server_credentials = talloc_reparent(req, req->smb_conn, server_credentials);
+
+		oid = GENSEC_OID_SPNEGO;
+		nt_status = gensec_start_mech_by_oid(gensec_security, oid);
+		
+		if (NT_STATUS_IS_OK(nt_status)) {
+			/* Get and push the proposed OID list into the packets */
+			nt_status = gensec_update(gensec_security, req,
+						  null_data_blob, &blob);
+
+			if (!NT_STATUS_IS_OK(nt_status) && !NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+				DEBUG(1, ("Failed to get SPNEGO to give us the first token: %s\n", nt_errstr(nt_status)));
+			}
+		}
+
+		if (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+			DEBUG(3,("using SPNEGO\n"));
+		} else {
+			DEBUG(5, ("Failed to start SPNEGO, falling back to NTLMSSP only: %s\n", nt_errstr(nt_status)));
+			oid = GENSEC_OID_NTLMSSP;
+			nt_status = gensec_start_mech_by_oid(gensec_security, oid);
+			
+			if (!NT_STATUS_IS_OK(nt_status)) {
+				DEBUG(0, ("Failed to start SPNEGO as well as NTLMSSP fallback: %s\n", nt_errstr(nt_status)));
+				reply_nt1_orig(req);
+				return;
+			}
+			/* NTLMSSP is a client-first exchange */
+			blob = data_blob(NULL, 0);
+			DEBUG(3,("using raw-NTLMSSP\n"));
+		}
+
+		req->smb_conn->negotiate.oid = oid;
+	
+		req_grow_data(req, blob.length + 16);
+		/* a NOT very random guid, perhaps we should get it
+		 * from the credentials (kitchen sink...) */
+		memset(req->out.ptr, '\0', 16);
+		req->out.ptr += 16;
+
+		memcpy(req->out.ptr, blob.data, blob.length);
+		SCVAL(req->out.vwv+1, VWV(16), blob.length + 16);
+		req->out.ptr += blob.length;
+	}
+	
+	smbsrv_send_reply_nosign(req);	
+}
+
+/****************************************************************************
+ Reply for the SMB2 2.001 protocol
+****************************************************************************/
+static void reply_smb2(struct smbsrv_request *req, uint16_t choice)
+{
+	struct smbsrv_connection *smb_conn = req->smb_conn;
+	NTSTATUS status;
+
+	talloc_free(smb_conn->sessions.idtree_vuid);
+	ZERO_STRUCT(smb_conn->sessions);
+	talloc_free(smb_conn->smb_tcons.idtree_tid);
+	ZERO_STRUCT(smb_conn->smb_tcons);
+	ZERO_STRUCT(smb_conn->signing);
+
+	/* reply with a SMB2 packet */
+	status = smbsrv_init_smb2_connection(smb_conn);
+	if (!NT_STATUS_IS_OK(status)) {
+		smbsrv_terminate_connection(smb_conn, nt_errstr(status));
+		talloc_free(req);
+		return;
+	}
+	packet_set_callback(smb_conn->packet, smbsrv_recv_smb2_request);
+	smb2srv_reply_smb_negprot(req);
+	req = NULL;
+}
+
+/* List of supported protocols, most desired first */
+static const struct {
+	const char *proto_name;
+	const char *short_name;
+	void (*proto_reply_fn)(struct smbsrv_request *req, uint16_t choice);
+	int protocol_level;
+} supported_protocols[] = {
+	{"SMB 2.002",			"SMB2",		reply_smb2,	PROTOCOL_SMB2_02},
+	{"NT LANMAN 1.0",		"NT1",		reply_nt1,	PROTOCOL_NT1},
+	{"NT LM 0.12",			"NT1",		reply_nt1,	PROTOCOL_NT1},
+	{"LANMAN2.1",			"LANMAN2",	reply_lanman2,	PROTOCOL_LANMAN2},
+	{"LM1.2X002",			"LANMAN2",	reply_lanman2,	PROTOCOL_LANMAN2},
+	{"Samba",			"LANMAN2",	reply_lanman2,	PROTOCOL_LANMAN2},
+	{"DOS LM1.2X002",		"LANMAN2",	reply_lanman2,	PROTOCOL_LANMAN2},
+	{"Windows for Workgroups 3.1a",	"LANMAN1",	reply_lanman1,	PROTOCOL_LANMAN1},
+	{"LANMAN1.0",			"LANMAN1",	reply_lanman1,	PROTOCOL_LANMAN1},
+	{"MICROSOFT NETWORKS 3.0",	"LANMAN1",	reply_lanman1,	PROTOCOL_LANMAN1},
+	{"MICROSOFT NETWORKS 1.03",	"COREPLUS",	reply_coreplus,	PROTOCOL_COREPLUS},
+	{"PC NETWORK PROGRAM 1.0",	"CORE",		reply_corep,	PROTOCOL_CORE},
+	{NULL,NULL,NULL,0},
+};
+
+/****************************************************************************
+ Reply to a negprot.
+****************************************************************************/
+
+void smbsrv_reply_negprot(struct smbsrv_request *req)
+{
+	int protocol;
+	uint8_t *p;
+	uint32_t protos_count = 0;
+	const char **protos = NULL;
+
+	if (req->smb_conn->negotiate.done_negprot) {
+		smbsrv_terminate_connection(req->smb_conn, "multiple negprot's are not permitted");
+		return;
+	}
+	req->smb_conn->negotiate.done_negprot = true;
+
+	p = req->in.data;
+	while (true) {
+		size_t len;
+
+		protos = talloc_realloc(req, protos, const char *, protos_count + 1);
+		if (!protos) {
+			smbsrv_terminate_connection(req->smb_conn, nt_errstr(NT_STATUS_NO_MEMORY));
+			return;
+		}
+		protos[protos_count] = NULL;
+		len = req_pull_ascii4(&req->in.bufinfo, &protos[protos_count], p, STR_ASCII|STR_TERMINATE);
+		p += len;
+		if (len == 0 || !protos[protos_count]) break;
+
+		DEBUG(5,("Requested protocol [%d][%s]\n", protos_count, protos[protos_count]));
+		protos_count++;
+	}
+
+	/* Check for protocols, most desirable first */
+	for (protocol = 0; supported_protocols[protocol].proto_name; protocol++) {
+		int i;
+
+		if (supported_protocols[protocol].protocol_level > lpcfg_server_max_protocol(req->smb_conn->lp_ctx))
+			continue;
+		if (supported_protocols[protocol].protocol_level < lpcfg_server_min_protocol(req->smb_conn->lp_ctx))
+			continue;
+
+		for (i = 0; i < protos_count; i++) {
+			if (strcmp(supported_protocols[protocol].proto_name, protos[i]) != 0) continue;
+
+			supported_protocols[protocol].proto_reply_fn(req, i);
+			DEBUG(3,("Selected protocol [%d][%s]\n",
+				i, supported_protocols[protocol].proto_name));
+			return;
+		}
+	}
+
+	smbsrv_terminate_connection(req->smb_conn, "No protocol supported !");
+}
diff --git a/source4/smb_server/smb/nttrans.c b/source4/smb_server/smb/nttrans.c
new file mode 100644
index 0000000..8e4d004
--- /dev/null
+++ b/source4/smb_server/smb/nttrans.c
@@ -0,0 +1,815 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NT transaction handling
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) James J Myers 2003 <myersjj@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+   This file handles the parsing of transact2 requests
+*/
+
+#include "includes.h"
+#include "smb_server/smb_server.h"
+#include "ntvfs/ntvfs.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "librpc/gen_ndr/ndr_security.h"
+
+/*
+  hold the state of a nttrans op while in progress. Needed to allow for async backend
+  functions.
+*/
+struct nttrans_op {
+	struct smb_nttrans *trans;
+	NTSTATUS (*send_fn)(struct nttrans_op *);
+	void *op_info;
+};
+
+
+/* setup a nttrans reply, given the data and params sizes */
+static NTSTATUS nttrans_setup_reply(struct nttrans_op *op, 
+				    struct smb_nttrans *trans,
+				    uint32_t param_size, uint32_t data_size,
+				    uint8_t setup_count)
+{
+	trans->out.setup_count = setup_count;
+	if (setup_count != 0) {
+		trans->out.setup = talloc_zero_array(op, uint8_t, setup_count*2);
+		NT_STATUS_HAVE_NO_MEMORY(trans->out.setup);
+	}
+	trans->out.params = data_blob_talloc(op, NULL, param_size);
+	if (param_size != 0) {
+		NT_STATUS_HAVE_NO_MEMORY(trans->out.params.data);
+	}
+	trans->out.data = data_blob_talloc(op, NULL, data_size);
+	if (data_size != 0) {
+		NT_STATUS_HAVE_NO_MEMORY(trans->out.data.data);
+	}
+	return NT_STATUS_OK;
+}
+
+/*
+  send a nttrans create reply
+*/
+static NTSTATUS nttrans_create_send(struct nttrans_op *op)
+{
+	union smb_open *io = talloc_get_type(op->op_info, union smb_open);
+	uint8_t *params;
+	NTSTATUS status;
+
+	status = nttrans_setup_reply(op, op->trans, 69, 0, 0);
+	NT_STATUS_NOT_OK_RETURN(status);
+	params = op->trans->out.params.data;
+
+	SSVAL(params,        0, io->ntcreatex.out.oplock_level);
+	smbsrv_push_fnum(params, 2, io->ntcreatex.out.file.ntvfs);
+	SIVAL(params,        4, io->ntcreatex.out.create_action);
+	SIVAL(params,        8, 0); /* ea error offset */
+	push_nttime(params, 12, io->ntcreatex.out.create_time);
+	push_nttime(params, 20, io->ntcreatex.out.access_time);
+	push_nttime(params, 28, io->ntcreatex.out.write_time);
+	push_nttime(params, 36, io->ntcreatex.out.change_time);
+	SIVAL(params,       44, io->ntcreatex.out.attrib);
+	SBVAL(params,       48, io->ntcreatex.out.alloc_size);
+	SBVAL(params,       56, io->ntcreatex.out.size);
+	SSVAL(params,       64, io->ntcreatex.out.file_type);
+	SSVAL(params,       66, io->ntcreatex.out.ipc_state);
+	SCVAL(params,       68, io->ntcreatex.out.is_directory);
+
+	return NT_STATUS_OK;
+}
+
+/* 
+   parse NTTRANS_CREATE request
+ */
+static NTSTATUS nttrans_create(struct smbsrv_request *req, 
+			       struct nttrans_op *op)
+{
+	struct smb_nttrans *trans = op->trans;
+	union smb_open *io;
+	uint16_t fname_len;
+	uint32_t sd_length, ea_length;
+	NTSTATUS status;
+	uint8_t *params;
+	enum ndr_err_code ndr_err;
+
+	if (trans->in.params.length < 54) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/* parse the request */
+	io = talloc(op, union smb_open);
+	NT_STATUS_HAVE_NO_MEMORY(io);
+
+	io->ntcreatex.level = RAW_OPEN_NTTRANS_CREATE;
+
+	params = trans->in.params.data;
+
+	io->ntcreatex.in.flags            = IVAL(params,  0);
+	io->ntcreatex.in.root_fid.ntvfs   = smbsrv_pull_fnum(req, params, 4);
+	io->ntcreatex.in.access_mask      = IVAL(params,  8);
+	io->ntcreatex.in.alloc_size       = BVAL(params, 12);
+	io->ntcreatex.in.file_attr        = IVAL(params, 20);
+	io->ntcreatex.in.share_access     = IVAL(params, 24);
+	io->ntcreatex.in.open_disposition = IVAL(params, 28);
+	io->ntcreatex.in.create_options   = IVAL(params, 32);
+	sd_length                         = IVAL(params, 36);
+	ea_length                         = IVAL(params, 40);
+	fname_len                         = IVAL(params, 44);
+	io->ntcreatex.in.impersonation    = IVAL(params, 48);
+	io->ntcreatex.in.security_flags   = CVAL(params, 52);
+	io->ntcreatex.in.sec_desc         = NULL;
+	io->ntcreatex.in.ea_list          = NULL;
+	io->ntcreatex.in.query_maximal_access = false;
+	io->ntcreatex.in.query_on_disk_id = false;
+	io->ntcreatex.in.private_flags    = 0;
+
+	req_pull_string(&req->in.bufinfo, &io->ntcreatex.in.fname, 
+			params + 53, 
+			MIN(fname_len+1, trans->in.params.length - 53),
+			STR_NO_RANGE_CHECK | STR_TERMINATE);
+	if (!io->ntcreatex.in.fname) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (sd_length > trans->in.data.length ||
+	    ea_length > trans->in.data.length ||
+	    (sd_length+ea_length) > trans->in.data.length) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/* this call has an optional security descriptor */
+	if (sd_length != 0) {
+		DATA_BLOB blob;
+		blob.data = trans->in.data.data;
+		blob.length = sd_length;
+		io->ntcreatex.in.sec_desc = talloc(io, struct security_descriptor);
+		if (io->ntcreatex.in.sec_desc == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		ndr_err = ndr_pull_struct_blob(&blob, io, 
+					       io->ntcreatex.in.sec_desc,
+					       (ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			return ndr_map_error2ntstatus(ndr_err);
+		}
+	}
+
+	/* and an optional ea_list */
+	if (ea_length > 4) {
+		DATA_BLOB blob;
+		blob.data = trans->in.data.data + sd_length;
+		blob.length = ea_length;
+		io->ntcreatex.in.ea_list = talloc(io, struct smb_ea_list);
+		if (io->ntcreatex.in.ea_list == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		status = ea_pull_list_chained(&blob, io, 
+					      &io->ntcreatex.in.ea_list->num_eas,
+					      &io->ntcreatex.in.ea_list->eas);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+	}
+
+	op->send_fn = nttrans_create_send;
+	op->op_info = io;
+
+	return ntvfs_open(req->ntvfs, io);
+}
+
+
+/* 
+   send NTTRANS_QUERY_SEC_DESC reply
+ */
+static NTSTATUS nttrans_query_sec_desc_send(struct nttrans_op *op)
+{
+	union smb_fileinfo *io = talloc_get_type(op->op_info, union smb_fileinfo);
+	uint8_t *params;
+	NTSTATUS status;
+	enum ndr_err_code ndr_err;
+
+	status = nttrans_setup_reply(op, op->trans, 4, 0, 0);
+	NT_STATUS_NOT_OK_RETURN(status);
+	params = op->trans->out.params.data;
+
+	ndr_err = ndr_push_struct_blob(&op->trans->out.data, op, 
+				       io->query_secdesc.out.sd,
+				       (ndr_push_flags_fn_t)ndr_push_security_descriptor);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+
+	SIVAL(params, 0, op->trans->out.data.length);
+
+	return NT_STATUS_OK;
+}
+
+/* 
+   parse NTTRANS_QUERY_SEC_DESC request
+ */
+static NTSTATUS nttrans_query_sec_desc(struct smbsrv_request *req, 
+				       struct nttrans_op *op)
+{
+	struct smb_nttrans *trans = op->trans;
+	union smb_fileinfo *io;
+
+	if (trans->in.params.length < 8) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/* parse the request */
+	io = talloc(op, union smb_fileinfo);
+	NT_STATUS_HAVE_NO_MEMORY(io);
+
+	io->query_secdesc.level            = RAW_FILEINFO_SEC_DESC;
+	io->query_secdesc.in.file.ntvfs    = smbsrv_pull_fnum(req, trans->in.params.data, 0);
+	io->query_secdesc.in.secinfo_flags = IVAL(trans->in.params.data, 4);
+
+	op->op_info = io;
+	op->send_fn = nttrans_query_sec_desc_send;
+
+	SMBSRV_CHECK_FILE_HANDLE_NTSTATUS(io->query_secdesc.in.file.ntvfs);
+	return ntvfs_qfileinfo(req->ntvfs, io);
+}
+
+
+/* 
+   parse NTTRANS_SET_SEC_DESC request
+ */
+static NTSTATUS nttrans_set_sec_desc(struct smbsrv_request *req, 
+				     struct nttrans_op *op)
+{
+	struct smb_nttrans *trans = op->trans;
+	union smb_setfileinfo *io;
+	enum ndr_err_code ndr_err;
+
+	if (trans->in.params.length < 8) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/* parse the request */
+	io = talloc(req, union smb_setfileinfo);
+	NT_STATUS_HAVE_NO_MEMORY(io);
+
+	io->set_secdesc.level            = RAW_SFILEINFO_SEC_DESC;
+	io->set_secdesc.in.file.ntvfs    = smbsrv_pull_fnum(req, trans->in.params.data, 0);
+	io->set_secdesc.in.secinfo_flags = IVAL(trans->in.params.data, 4);
+
+	io->set_secdesc.in.sd = talloc(io, struct security_descriptor);
+	NT_STATUS_HAVE_NO_MEMORY(io->set_secdesc.in.sd);
+
+	ndr_err = ndr_pull_struct_blob(&trans->in.data, req, 
+				       io->set_secdesc.in.sd,
+				       (ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+
+	SMBSRV_CHECK_FILE_HANDLE_NTSTATUS(io->set_secdesc.in.file.ntvfs);
+	return ntvfs_setfileinfo(req->ntvfs, io);
+}
+
+
+/* parse NTTRANS_RENAME request
+ */
+static NTSTATUS nttrans_rename(struct smbsrv_request *req, 
+			       struct nttrans_op *op)
+{
+	struct smb_nttrans *trans = op->trans;
+	union smb_rename *io;
+
+	if (trans->in.params.length < 5) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/* parse the request */
+	io = talloc(req, union smb_rename);
+	NT_STATUS_HAVE_NO_MEMORY(io);
+
+	io->nttrans.level		= RAW_RENAME_NTTRANS;
+	io->nttrans.in.file.ntvfs	= smbsrv_pull_fnum(req, trans->in.params.data, 0);
+	io->nttrans.in.flags		= SVAL(trans->in.params.data, 2);
+
+	smbsrv_blob_pull_string(&req->in.bufinfo, &trans->in.params, 4,
+				&io->nttrans.in.new_name,
+				STR_TERMINATE);
+	if (!io->nttrans.in.new_name) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	SMBSRV_CHECK_FILE_HANDLE_NTSTATUS(io->nttrans.in.file.ntvfs);
+	return ntvfs_rename(req->ntvfs, io);
+}
+
+/* 
+   parse NTTRANS_IOCTL send
+ */
+static NTSTATUS nttrans_ioctl_send(struct nttrans_op *op)
+{
+	union smb_ioctl *info = talloc_get_type(op->op_info, union smb_ioctl);
+	NTSTATUS status;
+
+	/* 
+	 * we pass 0 as data_count here,
+	 * because we reuse the DATA_BLOB from the smb_ioctl
+	 * struct
+	 */
+	status = nttrans_setup_reply(op, op->trans, 0, 0, 1);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	op->trans->out.setup[0]		= 0;
+	op->trans->out.data		= info->ntioctl.out.blob;
+
+	return NT_STATUS_OK;
+}
+
+
+/* 
+   parse NTTRANS_IOCTL request
+ */
+static NTSTATUS nttrans_ioctl(struct smbsrv_request *req, 
+			      struct nttrans_op *op)
+{
+	struct smb_nttrans *trans = op->trans;
+	union smb_ioctl *nt;
+
+	/* should have at least 4 setup words */
+	if (trans->in.setup_count != 4) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	nt = talloc(op, union smb_ioctl);
+	NT_STATUS_HAVE_NO_MEMORY(nt);
+	
+	nt->ntioctl.level		= RAW_IOCTL_NTIOCTL;
+	nt->ntioctl.in.function		= IVAL(trans->in.setup, 0);
+	nt->ntioctl.in.file.ntvfs	= smbsrv_pull_fnum(req, (uint8_t *)trans->in.setup, 4);
+	nt->ntioctl.in.fsctl		= CVAL(trans->in.setup, 6);
+	nt->ntioctl.in.filter		= CVAL(trans->in.setup, 7);
+	nt->ntioctl.in.max_data		= trans->in.max_data;
+	nt->ntioctl.in.blob		= trans->in.data;
+
+	op->op_info = nt;
+	op->send_fn = nttrans_ioctl_send;
+
+	SMBSRV_CHECK_FILE_HANDLE_NTSTATUS(nt->ntioctl.in.file.ntvfs);
+	return ntvfs_ioctl(req->ntvfs, nt);
+}
+
+
+/* 
+   send NTTRANS_NOTIFY_CHANGE reply
+ */
+static NTSTATUS nttrans_notify_change_send(struct nttrans_op *op)
+{
+	union smb_notify *info = talloc_get_type(op->op_info, union smb_notify);
+	size_t size = 0;
+	int i;
+	NTSTATUS status;
+	uint8_t *p;
+#define MAX_BYTES_PER_CHAR 3
+	
+	/* work out how big the reply buffer could be */
+	for (i=0;i<info->nttrans.out.num_changes;i++) {
+		size += 12 + 3 + (1+strlen(info->nttrans.out.changes[i].name.s)) * MAX_BYTES_PER_CHAR;
+	}
+
+	status = nttrans_setup_reply(op, op->trans, size, 0, 0);
+	NT_STATUS_NOT_OK_RETURN(status);
+	p = op->trans->out.params.data;
+
+	/* construct the changes buffer */
+	for (i=0;i<info->nttrans.out.num_changes;i++) {
+		uint32_t ofs;
+		ssize_t len;
+
+		SIVAL(p, 4, info->nttrans.out.changes[i].action);
+		len = push_string(p + 12, info->nttrans.out.changes[i].name.s, 
+				  op->trans->out.params.length - 
+				  (p+12 - op->trans->out.params.data), STR_UNICODE);
+		SIVAL(p, 8, len);
+
+		ofs = len + 12;
+
+		if (ofs & 3) {
+			int pad = 4 - (ofs & 3);
+			memset(p+ofs, 0, pad);
+			ofs += pad;
+		}
+
+		if (i == info->nttrans.out.num_changes-1) {
+			SIVAL(p, 0, 0);
+		} else {
+			SIVAL(p, 0, ofs);
+		}
+
+		p += ofs;
+	}
+
+	op->trans->out.params.length = p - op->trans->out.params.data;
+
+	return NT_STATUS_OK;
+}
+
+/* 
+   parse NTTRANS_NOTIFY_CHANGE request
+ */
+static NTSTATUS nttrans_notify_change(struct smbsrv_request *req, 
+				      struct nttrans_op *op)
+{
+	struct smb_nttrans *trans = op->trans;
+	union smb_notify *info;
+
+	/* should have at least 4 setup words */
+	if (trans->in.setup_count != 4) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	info = talloc(op, union smb_notify);
+	NT_STATUS_HAVE_NO_MEMORY(info);
+
+	info->nttrans.level			= RAW_NOTIFY_NTTRANS;
+	info->nttrans.in.completion_filter	= IVAL(trans->in.setup, 0);
+	info->nttrans.in.file.ntvfs		= smbsrv_pull_fnum(req, (uint8_t *)trans->in.setup, 4);
+	info->nttrans.in.recursive		= SVAL(trans->in.setup, 6);
+	info->nttrans.in.buffer_size		= trans->in.max_param;
+
+	op->op_info = info;
+	op->send_fn = nttrans_notify_change_send;
+
+	SMBSRV_CHECK_FILE_HANDLE_NTSTATUS(info->nttrans.in.file.ntvfs);
+	return ntvfs_notify(req->ntvfs, info);
+}
+
+/*
+  backend for nttrans requests
+*/
+static NTSTATUS nttrans_backend(struct smbsrv_request *req, 
+				struct nttrans_op *op)
+{
+	/* the nttrans command is in function */
+	switch (op->trans->in.function) {
+	case NT_TRANSACT_CREATE:
+		return nttrans_create(req, op);
+	case NT_TRANSACT_IOCTL:
+		return nttrans_ioctl(req, op);
+	case NT_TRANSACT_RENAME:
+		return nttrans_rename(req, op);
+	case NT_TRANSACT_QUERY_SECURITY_DESC:
+		return nttrans_query_sec_desc(req, op);
+	case NT_TRANSACT_SET_SECURITY_DESC:
+		return nttrans_set_sec_desc(req, op);
+	case NT_TRANSACT_NOTIFY_CHANGE:
+		return nttrans_notify_change(req, op);
+	}
+
+	/* an unknown nttrans command */
+	return NT_STATUS_DOS(ERRSRV, ERRerror);
+}
+
+
+static void reply_nttrans_send(struct ntvfs_request *ntvfs)
+{
+	struct smbsrv_request *req;
+	uint32_t params_left, data_left;
+	uint8_t *params, *data;
+	struct smb_nttrans *trans;
+	struct nttrans_op *op;
+
+	SMBSRV_CHECK_ASYNC_STATUS(op, struct nttrans_op);
+
+	trans = op->trans;
+
+	/* if this function needs work to form the nttrans reply buffer, then
+	   call that now */
+	if (op->send_fn != NULL) {
+		NTSTATUS status;
+		status = op->send_fn(op);
+		if (!NT_STATUS_IS_OK(status)) {
+			smbsrv_send_error(req, status);
+			return;
+		}
+	}
+
+	smbsrv_setup_reply(req, 18 + trans->out.setup_count, 0);
+
+	/* note that we don't check the max_setup count (matching w2k3
+	   behaviour) */
+
+	if (trans->out.params.length > trans->in.max_param) {
+		smbsrv_setup_error(req, NT_STATUS_BUFFER_TOO_SMALL);
+		trans->out.params.length = trans->in.max_param;
+	}
+	if (trans->out.data.length > trans->in.max_data) {
+		smbsrv_setup_error(req, NT_STATUS_BUFFER_TOO_SMALL);
+		trans->out.data.length = trans->in.max_data;
+	}
+
+	params_left = trans->out.params.length;
+	data_left   = trans->out.data.length;
+	params      = trans->out.params.data;
+	data        = trans->out.data.data;
+
+	/* we need to divide up the reply into chunks that fit into
+	   the negotiated buffer size */
+	do {
+		uint32_t this_data, this_param, max_bytes;
+		unsigned int align1 = 1, align2 = (params_left ? 2 : 0);
+		struct smbsrv_request *this_req;
+
+		max_bytes = req_max_data(req) - (align1 + align2);
+
+		this_param = params_left;
+		if (this_param > max_bytes) {
+			this_param = max_bytes;
+		}
+		max_bytes -= this_param;
+
+		this_data = data_left;
+		if (this_data > max_bytes) {
+			this_data = max_bytes;
+		}
+
+		/* don't destroy unless this is the last chunk */
+		if (params_left - this_param != 0 || 
+		    data_left - this_data != 0) {
+			this_req = smbsrv_setup_secondary_request(req);
+		} else {
+			this_req = req;
+		}
+
+		req_grow_data(this_req, this_param + this_data + (align1 + align2));
+
+		SSVAL(this_req->out.vwv, 0, 0); /* reserved */
+		SCVAL(this_req->out.vwv, 2, 0); /* reserved */
+		SIVAL(this_req->out.vwv, 3, trans->out.params.length);
+		SIVAL(this_req->out.vwv, 7, trans->out.data.length);
+
+		SIVAL(this_req->out.vwv, 11, this_param);
+		SIVAL(this_req->out.vwv, 15, align1 + PTR_DIFF(this_req->out.data, this_req->out.hdr));
+		SIVAL(this_req->out.vwv, 19, PTR_DIFF(params, trans->out.params.data));
+
+		SIVAL(this_req->out.vwv, 23, this_data);
+		SIVAL(this_req->out.vwv, 27, align1 + align2 + 
+		      PTR_DIFF(this_req->out.data + this_param, this_req->out.hdr));
+		SIVAL(this_req->out.vwv, 31, PTR_DIFF(data, trans->out.data.data));
+
+		SCVAL(this_req->out.vwv, 35, trans->out.setup_count);
+		if (trans->out.setup_count > 0) {
+			memcpy((char *)(this_req->out.vwv) + VWV(18),
+			       trans->out.setup,
+			       sizeof(uint16_t) * trans->out.setup_count);
+		}
+		memset(this_req->out.data, 0, align1);
+		if (this_param != 0) {
+			memcpy(this_req->out.data + align1, params, this_param);
+		}
+		memset(this_req->out.data+this_param+align1, 0, align2);
+		if (this_data != 0) {
+			memcpy(this_req->out.data+this_param+align1+align2, 
+			       data, this_data);
+		}
+
+		params_left -= this_param;
+		data_left -= this_data;
+		params += this_param;
+		data += this_data;
+
+		smbsrv_send_reply(this_req);
+	} while (params_left != 0 || data_left != 0);
+}
+
+/*
+  send a continue request
+*/
+static void reply_nttrans_continue(struct smbsrv_request *req, struct smb_nttrans *trans)
+{
+	struct smbsrv_request *req2;
+	struct smbsrv_trans_partial *tp;
+	int count;
+
+	/* make sure they don't flood us */
+	for (count=0,tp=req->smb_conn->trans_partial;tp;tp=tp->next) count++;
+	if (count > 100) {
+		smbsrv_send_error(req, NT_STATUS_INSUFFICIENT_RESOURCES);
+		return;
+	}
+
+	tp = talloc(req, struct smbsrv_trans_partial);
+
+	tp->req = req;
+	tp->u.nttrans = trans;
+	tp->command = SMBnttrans;
+
+	DLIST_ADD(req->smb_conn->trans_partial, tp);
+	talloc_set_destructor(tp, smbsrv_trans_partial_destructor);
+
+	req2 = smbsrv_setup_secondary_request(req);
+
+	/* send a 'please continue' reply */
+	smbsrv_setup_reply(req2, 0, 0);
+	smbsrv_send_reply(req2);
+}
+
+
+/*
+  answer a reconstructed trans request
+*/
+static void reply_nttrans_complete(struct smbsrv_request *req, struct smb_nttrans *trans)
+{
+	struct nttrans_op *op;
+
+	SMBSRV_TALLOC_IO_PTR(op, struct nttrans_op);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_nttrans_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	op->trans	= trans;
+	op->op_info	= NULL;
+	op->send_fn	= NULL;
+
+	/* its a full request, give it to the backend */
+	ZERO_STRUCT(trans->out);
+	SMBSRV_CALL_NTVFS_BACKEND(nttrans_backend(req, op));
+}
+
+
+/****************************************************************************
+ Reply to an SMBnttrans request
+****************************************************************************/
+void smbsrv_reply_nttrans(struct smbsrv_request *req)
+{
+	struct smb_nttrans *trans;
+	uint32_t param_ofs, data_ofs;
+	uint32_t param_count, data_count;
+	uint32_t param_total, data_total;
+
+	/* parse request */
+	if (req->in.wct < 19) {
+		smbsrv_send_error(req, NT_STATUS_FOOBAR);
+		return;
+	}
+
+	trans = talloc(req, struct smb_nttrans);
+	if (trans == NULL) {
+		smbsrv_send_error(req, NT_STATUS_NO_MEMORY);
+		return;
+	}
+
+	trans->in.max_setup  = CVAL(req->in.vwv, 0);
+	param_total          = IVAL(req->in.vwv, 3);
+	data_total           = IVAL(req->in.vwv, 7);
+	trans->in.max_param  = IVAL(req->in.vwv, 11);
+	trans->in.max_data   = IVAL(req->in.vwv, 15);
+	param_count          = IVAL(req->in.vwv, 19);
+	param_ofs            = IVAL(req->in.vwv, 23);
+	data_count           = IVAL(req->in.vwv, 27);
+	data_ofs             = IVAL(req->in.vwv, 31);
+	trans->in.setup_count= CVAL(req->in.vwv, 35);
+	trans->in.function   = SVAL(req->in.vwv, 36);
+
+	if (req->in.wct != 19 + trans->in.setup_count) {
+		smbsrv_send_error(req, NT_STATUS_DOS(ERRSRV, ERRerror));
+		return;
+	}
+
+	/* parse out the setup words */
+	trans->in.setup = talloc_array(req, uint8_t, trans->in.setup_count*2);
+	if (!trans->in.setup) {
+		smbsrv_send_error(req, NT_STATUS_NO_MEMORY);
+		return;
+	}
+	memcpy(trans->in.setup, (char *)(req->in.vwv) + VWV(19),
+	       sizeof(uint16_t) * trans->in.setup_count);
+
+	if (!req_pull_blob(&req->in.bufinfo, req->in.hdr + param_ofs, param_count, &trans->in.params) ||
+	    !req_pull_blob(&req->in.bufinfo, req->in.hdr + data_ofs, data_count, &trans->in.data)) {
+		smbsrv_send_error(req, NT_STATUS_FOOBAR);
+		return;
+	}
+
+	/* is it a partial request? if so, then send a 'send more' message */
+	if (param_total > param_count || data_total > data_count) {
+		reply_nttrans_continue(req, trans);
+		return;
+	}
+
+	reply_nttrans_complete(req, trans);
+}
+
+
+/****************************************************************************
+ Reply to an SMBnttranss request
+****************************************************************************/
+void smbsrv_reply_nttranss(struct smbsrv_request *req)
+{
+	struct smbsrv_trans_partial *tp;
+	struct smb_nttrans *trans = NULL;
+	uint32_t param_ofs, data_ofs;
+	uint32_t param_count, data_count;
+	uint32_t param_disp, data_disp;
+	uint32_t param_total, data_total;
+	DATA_BLOB params, data;
+
+	/* parse request */
+	if (req->in.wct != 18) {
+		smbsrv_send_error(req, NT_STATUS_DOS(ERRSRV, ERRerror));
+		return;
+	}
+
+	for (tp=req->smb_conn->trans_partial;tp;tp=tp->next) {
+		if (tp->command == SMBnttrans &&
+		    SVAL(tp->req->in.hdr, HDR_MID) == SVAL(req->in.hdr, HDR_MID)) {
+/* TODO: check the VUID, PID and TID too? */
+			break;
+		}
+	}
+
+	if (tp == NULL) {
+		smbsrv_send_error(req, NT_STATUS_INVALID_PARAMETER);
+		return;
+	}
+
+	trans = tp->u.nttrans;
+
+	param_total           = IVAL(req->in.vwv, 3);
+	data_total            = IVAL(req->in.vwv, 7);
+	param_count           = IVAL(req->in.vwv, 11);
+	param_ofs             = IVAL(req->in.vwv, 15);
+	param_disp            = IVAL(req->in.vwv, 19);
+	data_count            = IVAL(req->in.vwv, 23);
+	data_ofs              = IVAL(req->in.vwv, 27);
+	data_disp             = IVAL(req->in.vwv, 31);
+
+	if (!req_pull_blob(&req->in.bufinfo, req->in.hdr + param_ofs, param_count, &params) ||
+	    !req_pull_blob(&req->in.bufinfo, req->in.hdr + data_ofs, data_count, &data)) {
+		smbsrv_send_error(req, NT_STATUS_INVALID_PARAMETER);
+		return;
+	}
+
+	/* only allow contiguous requests */
+	if ((param_count != 0 &&
+	     param_disp != trans->in.params.length) ||
+	    (data_count != 0 &&
+	     data_disp != trans->in.data.length)) {
+		smbsrv_send_error(req, NT_STATUS_INVALID_PARAMETER);
+		return;
+	}
+
+	/* add to the existing request */
+	if (param_count != 0) {
+		trans->in.params.data = talloc_realloc(trans,
+						       trans->in.params.data,
+						       uint8_t,
+						       param_disp + param_count);
+		if (trans->in.params.data == NULL) {
+			smbsrv_send_error(tp->req, NT_STATUS_NO_MEMORY);
+			return;
+		}
+		trans->in.params.length = param_disp + param_count;
+	}
+
+	if (data_count != 0) {
+		trans->in.data.data = talloc_realloc(trans,
+						     trans->in.data.data,
+						     uint8_t,
+						     data_disp + data_count);
+		if (trans->in.data.data == NULL) {
+			smbsrv_send_error(tp->req, NT_STATUS_NO_MEMORY);
+			return;
+		}
+		trans->in.data.length = data_disp + data_count;
+	}
+
+	memcpy(trans->in.params.data + param_disp, params.data, params.length);
+	memcpy(trans->in.data.data + data_disp, data.data, data.length);
+
+	/* the sequence number of the reply is taken from the last secondary
+	   response */
+	tp->req->seq_num = req->seq_num;
+
+	/* we don't reply to Transs2 requests */
+	talloc_free(req);
+
+	if (trans->in.params.length == param_total &&
+	    trans->in.data.length == data_total) {
+		/* its now complete */
+		req = tp->req;
+		talloc_free(tp);
+		reply_nttrans_complete(req, trans);
+	}
+	return;
+}
diff --git a/source4/smb_server/smb/receive.c b/source4/smb_server/smb/receive.c
new file mode 100644
index 0000000..b96cdbd
--- /dev/null
+++ b/source4/smb_server/smb/receive.c
@@ -0,0 +1,679 @@
+/* 
+   Unix SMB/CIFS implementation.
+   process incoming packets - main loop
+   Copyright (C) Andrew Tridgell 1992-2005
+   Copyright (C) James J Myers 2003 <myersjj@samba.org>
+   Copyright (C) Stefan Metzmacher 2004-2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/time.h"
+#include "lib/util/server_id.h"
+#include "samba/service_stream.h"
+#include "smb_server/smb_server.h"
+#include "system/filesys.h"
+#include "param/param.h"
+#include "cluster/cluster.h"
+
+/*
+  send an oplock break request to a client
+*/
+NTSTATUS smbsrv_send_oplock_break(void *p, struct ntvfs_handle *ntvfs, uint8_t level)
+{
+	struct smbsrv_tcon *tcon = talloc_get_type(p, struct smbsrv_tcon);
+	struct smbsrv_request *req;
+
+	req = smbsrv_init_request(tcon->smb_conn);
+	NT_STATUS_HAVE_NO_MEMORY(req);
+
+	smbsrv_setup_reply(req, 8, 0);
+
+	SCVAL(req->out.hdr,HDR_COM,SMBlockingX);
+	SSVAL(req->out.hdr,HDR_TID,tcon->tid);
+	SSVAL(req->out.hdr,HDR_PID,0xFFFF);
+	SSVAL(req->out.hdr,HDR_UID,0);
+	SSVAL(req->out.hdr,HDR_MID,0xFFFF);
+	SCVAL(req->out.hdr,HDR_FLG,0);
+	SSVAL(req->out.hdr,HDR_FLG2,0);
+
+	SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
+	SSVAL(req->out.vwv, VWV(1), 0);
+	smbsrv_push_fnum(req->out.vwv, VWV(2), ntvfs);
+	SCVAL(req->out.vwv, VWV(3), LOCKING_ANDX_OPLOCK_RELEASE);
+	SCVAL(req->out.vwv, VWV(3)+1, level);
+	SIVAL(req->out.vwv, VWV(4), 0);
+	SSVAL(req->out.vwv, VWV(6), 0);
+	SSVAL(req->out.vwv, VWV(7), 0);
+
+	smbsrv_send_reply(req);
+	return NT_STATUS_OK;
+}
+
+static void switch_message(int type, struct smbsrv_request *req);
+
+/*
+  These flags determine some of the permissions required to do an operation 
+*/
+#define NEED_SESS		(1<<0)
+#define NEED_TCON		(1<<1)
+#define SIGNING_NO_REPLY	(1<<2)
+/* does VWV(0) of the request hold chaining information */
+#define AND_X			(1<<3)
+/* The 64Kb question: are requests > 64K valid? */
+#define LARGE_REQUEST	(1<<4)
+
+/* 
+   define a list of possible SMB messages and their corresponding
+   functions. Any message that has a NULL function is unimplemented -
+   please feel free to contribute implementations!
+*/
+static const struct smb_message_struct
+{
+	const char *name;
+	void (*fn)(struct smbsrv_request *);
+#define message_flags(type) smb_messages[(type) & 0xff].flags
+	int flags;
+}
+ smb_messages[256] = {
+/* 0x00 */ { "SMBmkdir",	smbsrv_reply_mkdir,		NEED_SESS|NEED_TCON },
+/* 0x01 */ { "SMBrmdir",	smbsrv_reply_rmdir,		NEED_SESS|NEED_TCON },
+/* 0x02 */ { "SMBopen",		smbsrv_reply_open,		NEED_SESS|NEED_TCON },
+/* 0x03 */ { "SMBcreate",	smbsrv_reply_mknew,		NEED_SESS|NEED_TCON },
+/* 0x04 */ { "SMBclose",	smbsrv_reply_close,		NEED_SESS|NEED_TCON },
+/* 0x05 */ { "SMBflush",	smbsrv_reply_flush,		NEED_SESS|NEED_TCON },
+/* 0x06 */ { "SMBunlink",	smbsrv_reply_unlink,		NEED_SESS|NEED_TCON },
+/* 0x07 */ { "SMBmv",		smbsrv_reply_mv,		NEED_SESS|NEED_TCON },
+/* 0x08 */ { "SMBgetatr",	smbsrv_reply_getatr,		NEED_SESS|NEED_TCON },
+/* 0x09 */ { "SMBsetatr",	smbsrv_reply_setatr,		NEED_SESS|NEED_TCON },
+/* 0x0a */ { "SMBread",		smbsrv_reply_read,		NEED_SESS|NEED_TCON },
+/* 0x0b */ { "SMBwrite",	smbsrv_reply_write,		NEED_SESS|NEED_TCON },
+/* 0x0c */ { "SMBlock",		smbsrv_reply_lock,		NEED_SESS|NEED_TCON },
+/* 0x0d */ { "SMBunlock",	smbsrv_reply_unlock,		NEED_SESS|NEED_TCON },
+/* 0x0e */ { "SMBctemp",	smbsrv_reply_ctemp,		NEED_SESS|NEED_TCON },
+/* 0x0f */ { "SMBmknew",	smbsrv_reply_mknew,		NEED_SESS|NEED_TCON }, 
+/* 0x10 */ { "SMBcheckpath",	smbsrv_reply_chkpth,		NEED_SESS|NEED_TCON },
+/* 0x11 */ { "SMBexit",		smbsrv_reply_exit,		NEED_SESS },
+/* 0x12 */ { "SMBlseek",	smbsrv_reply_lseek,		NEED_SESS|NEED_TCON },
+/* 0x13 */ { "SMBlockread",	smbsrv_reply_lockread,		NEED_SESS|NEED_TCON },
+/* 0x14 */ { "SMBwriteunlock",	smbsrv_reply_writeunlock,	NEED_SESS|NEED_TCON },
+/* 0x15 */ { NULL, NULL, 0 },
+/* 0x16 */ { NULL, NULL, 0 },
+/* 0x17 */ { NULL, NULL, 0 },
+/* 0x18 */ { NULL, NULL, 0 },
+/* 0x19 */ { NULL, NULL, 0 },
+/* 0x1a */ { "SMBreadbraw",	smbsrv_reply_readbraw,		NEED_SESS|NEED_TCON },
+/* 0x1b */ { "SMBreadBmpx",	smbsrv_reply_readbmpx,		NEED_SESS|NEED_TCON },
+/* 0x1c */ { "SMBreadBs",	NULL,				0 },
+/* 0x1d */ { "SMBwritebraw",	smbsrv_reply_writebraw,		NEED_SESS|NEED_TCON },
+/* 0x1e */ { "SMBwriteBmpx",	smbsrv_reply_writebmpx,		NEED_SESS|NEED_TCON },
+/* 0x1f */ { "SMBwriteBs",	smbsrv_reply_writebs,		NEED_SESS|NEED_TCON },
+/* 0x20 */ { "SMBwritec",	NULL,				0 },
+/* 0x21 */ { NULL, NULL, 0 },
+/* 0x22 */ { "SMBsetattrE",	smbsrv_reply_setattrE,		NEED_SESS|NEED_TCON },
+/* 0x23 */ { "SMBgetattrE",	smbsrv_reply_getattrE,		NEED_SESS|NEED_TCON },
+/* 0x24 */ { "SMBlockingX",	smbsrv_reply_lockingX,		NEED_SESS|NEED_TCON|AND_X },
+/* 0x25 */ { "SMBtrans",	smbsrv_reply_trans,		NEED_SESS|NEED_TCON },
+/* 0x26 */ { "SMBtranss",	smbsrv_reply_transs,		NEED_SESS|NEED_TCON },
+/* 0x27 */ { "SMBioctl",	smbsrv_reply_ioctl,		NEED_SESS|NEED_TCON },
+/* 0x28 */ { "SMBioctls",	NULL,				NEED_SESS|NEED_TCON },
+/* 0x29 */ { "SMBcopy",		smbsrv_reply_copy,		NEED_SESS|NEED_TCON },
+/* 0x2a */ { "SMBmove",		NULL,				NEED_SESS|NEED_TCON },
+/* 0x2b */ { "SMBecho",		smbsrv_reply_echo,		0 },
+/* 0x2c */ { "SMBwriteclose",	smbsrv_reply_writeclose,	NEED_SESS|NEED_TCON },
+/* 0x2d */ { "SMBopenX",	smbsrv_reply_open_and_X,	NEED_SESS|NEED_TCON|AND_X },
+/* 0x2e */ { "SMBreadX",	smbsrv_reply_read_and_X,	NEED_SESS|NEED_TCON|AND_X },
+/* 0x2f */ { "SMBwriteX",	smbsrv_reply_write_and_X,	NEED_SESS|NEED_TCON|AND_X|LARGE_REQUEST},
+/* 0x30 */ { NULL, NULL, 0 },
+/* 0x31 */ { NULL, NULL, 0 },
+/* 0x32 */ { "SMBtrans2",	smbsrv_reply_trans2,		NEED_SESS|NEED_TCON },
+/* 0x33 */ { "SMBtranss2",	smbsrv_reply_transs2,		NEED_SESS|NEED_TCON },
+/* 0x34 */ { "SMBfindclose",	smbsrv_reply_findclose,		NEED_SESS|NEED_TCON },
+/* 0x35 */ { "SMBfindnclose",	smbsrv_reply_findnclose,	NEED_SESS|NEED_TCON },
+/* 0x36 */ { NULL, NULL, 0 },
+/* 0x37 */ { NULL, NULL, 0 },
+/* 0x38 */ { NULL, NULL, 0 },
+/* 0x39 */ { NULL, NULL, 0 },
+/* 0x3a */ { NULL, NULL, 0 },
+/* 0x3b */ { NULL, NULL, 0 },
+/* 0x3c */ { NULL, NULL, 0 },
+/* 0x3d */ { NULL, NULL, 0 },
+/* 0x3e */ { NULL, NULL, 0 },
+/* 0x3f */ { NULL, NULL, 0 },
+/* 0x40 */ { NULL, NULL, 0 },
+/* 0x41 */ { NULL, NULL, 0 },
+/* 0x42 */ { NULL, NULL, 0 },
+/* 0x43 */ { NULL, NULL, 0 },
+/* 0x44 */ { NULL, NULL, 0 },
+/* 0x45 */ { NULL, NULL, 0 },
+/* 0x46 */ { NULL, NULL, 0 },
+/* 0x47 */ { NULL, NULL, 0 },
+/* 0x48 */ { NULL, NULL, 0 },
+/* 0x49 */ { NULL, NULL, 0 },
+/* 0x4a */ { NULL, NULL, 0 },
+/* 0x4b */ { NULL, NULL, 0 },
+/* 0x4c */ { NULL, NULL, 0 },
+/* 0x4d */ { NULL, NULL, 0 },
+/* 0x4e */ { NULL, NULL, 0 },
+/* 0x4f */ { NULL, NULL, 0 },
+/* 0x50 */ { NULL, NULL, 0 },
+/* 0x51 */ { NULL, NULL, 0 },
+/* 0x52 */ { NULL, NULL, 0 },
+/* 0x53 */ { NULL, NULL, 0 },
+/* 0x54 */ { NULL, NULL, 0 },
+/* 0x55 */ { NULL, NULL, 0 },
+/* 0x56 */ { NULL, NULL, 0 },
+/* 0x57 */ { NULL, NULL, 0 },
+/* 0x58 */ { NULL, NULL, 0 },
+/* 0x59 */ { NULL, NULL, 0 },
+/* 0x5a */ { NULL, NULL, 0 },
+/* 0x5b */ { NULL, NULL, 0 },
+/* 0x5c */ { NULL, NULL, 0 },
+/* 0x5d */ { NULL, NULL, 0 },
+/* 0x5e */ { NULL, NULL, 0 },
+/* 0x5f */ { NULL, NULL, 0 },
+/* 0x60 */ { NULL, NULL, 0 },
+/* 0x61 */ { NULL, NULL, 0 },
+/* 0x62 */ { NULL, NULL, 0 },
+/* 0x63 */ { NULL, NULL, 0 },
+/* 0x64 */ { NULL, NULL, 0 },
+/* 0x65 */ { NULL, NULL, 0 },
+/* 0x66 */ { NULL, NULL, 0 },
+/* 0x67 */ { NULL, NULL, 0 },
+/* 0x68 */ { NULL, NULL, 0 },
+/* 0x69 */ { NULL, NULL, 0 },
+/* 0x6a */ { NULL, NULL, 0 },
+/* 0x6b */ { NULL, NULL, 0 },
+/* 0x6c */ { NULL, NULL, 0 },
+/* 0x6d */ { NULL, NULL, 0 },
+/* 0x6e */ { NULL, NULL, 0 },
+/* 0x6f */ { NULL, NULL, 0 },
+/* 0x70 */ { "SMBtcon",		smbsrv_reply_tcon,		NEED_SESS },
+/* 0x71 */ { "SMBtdis",		smbsrv_reply_tdis,		NEED_TCON },
+/* 0x72 */ { "SMBnegprot",	smbsrv_reply_negprot,		0 },
+/* 0x73 */ { "SMBsesssetupX",	smbsrv_reply_sesssetup,		AND_X },
+/* 0x74 */ { "SMBulogoffX",	smbsrv_reply_ulogoffX,		NEED_SESS|AND_X }, /* ulogoff doesn't give a valid TID */
+/* 0x75 */ { "SMBtconX",	smbsrv_reply_tcon_and_X,	NEED_SESS|AND_X },
+/* 0x76 */ { NULL, NULL, 0 },
+/* 0x77 */ { NULL, NULL, 0 },
+/* 0x78 */ { NULL, NULL, 0 },
+/* 0x79 */ { NULL, NULL, 0 },
+/* 0x7a */ { NULL, NULL, 0 },
+/* 0x7b */ { NULL, NULL, 0 },
+/* 0x7c */ { NULL, NULL, 0 },
+/* 0x7d */ { NULL, NULL, 0 },
+/* 0x7e */ { NULL, NULL, 0 },
+/* 0x7f */ { NULL, NULL, 0 },
+/* 0x80 */ { "SMBdskattr",	smbsrv_reply_dskattr,		NEED_SESS|NEED_TCON },
+/* 0x81 */ { "SMBsearch",	smbsrv_reply_search,		NEED_SESS|NEED_TCON },
+/* 0x82 */ { "SMBffirst",	smbsrv_reply_search,		NEED_SESS|NEED_TCON },
+/* 0x83 */ { "SMBfunique",	smbsrv_reply_search,		NEED_SESS|NEED_TCON },
+/* 0x84 */ { "SMBfclose",	smbsrv_reply_fclose,		NEED_SESS|NEED_TCON },
+/* 0x85 */ { NULL, NULL, 0 },
+/* 0x86 */ { NULL, NULL, 0 },
+/* 0x87 */ { NULL, NULL, 0 },
+/* 0x88 */ { NULL, NULL, 0 },
+/* 0x89 */ { NULL, NULL, 0 },
+/* 0x8a */ { NULL, NULL, 0 },
+/* 0x8b */ { NULL, NULL, 0 },
+/* 0x8c */ { NULL, NULL, 0 },
+/* 0x8d */ { NULL, NULL, 0 },
+/* 0x8e */ { NULL, NULL, 0 },
+/* 0x8f */ { NULL, NULL, 0 },
+/* 0x90 */ { NULL, NULL, 0 },
+/* 0x91 */ { NULL, NULL, 0 },
+/* 0x92 */ { NULL, NULL, 0 },
+/* 0x93 */ { NULL, NULL, 0 },
+/* 0x94 */ { NULL, NULL, 0 },
+/* 0x95 */ { NULL, NULL, 0 },
+/* 0x96 */ { NULL, NULL, 0 },
+/* 0x97 */ { NULL, NULL, 0 },
+/* 0x98 */ { NULL, NULL, 0 },
+/* 0x99 */ { NULL, NULL, 0 },
+/* 0x9a */ { NULL, NULL, 0 },
+/* 0x9b */ { NULL, NULL, 0 },
+/* 0x9c */ { NULL, NULL, 0 },
+/* 0x9d */ { NULL, NULL, 0 },
+/* 0x9e */ { NULL, NULL, 0 },
+/* 0x9f */ { NULL, NULL, 0 },
+/* 0xa0 */ { "SMBnttrans",	smbsrv_reply_nttrans,		NEED_SESS|NEED_TCON|LARGE_REQUEST },
+/* 0xa1 */ { "SMBnttranss",	smbsrv_reply_nttranss,		NEED_SESS|NEED_TCON },
+/* 0xa2 */ { "SMBntcreateX",	smbsrv_reply_ntcreate_and_X,	NEED_SESS|NEED_TCON|AND_X },
+/* 0xa3 */ { NULL, NULL, 0 },
+/* 0xa4 */ { "SMBntcancel",	smbsrv_reply_ntcancel,		NEED_SESS|NEED_TCON|SIGNING_NO_REPLY },
+/* 0xa5 */ { "SMBntrename",	smbsrv_reply_ntrename,		NEED_SESS|NEED_TCON },
+/* 0xa6 */ { NULL, NULL, 0 },
+/* 0xa7 */ { NULL, NULL, 0 },
+/* 0xa8 */ { NULL, NULL, 0 },
+/* 0xa9 */ { NULL, NULL, 0 },
+/* 0xaa */ { NULL, NULL, 0 },
+/* 0xab */ { NULL, NULL, 0 },
+/* 0xac */ { NULL, NULL, 0 },
+/* 0xad */ { NULL, NULL, 0 },
+/* 0xae */ { NULL, NULL, 0 },
+/* 0xaf */ { NULL, NULL, 0 },
+/* 0xb0 */ { NULL, NULL, 0 },
+/* 0xb1 */ { NULL, NULL, 0 },
+/* 0xb2 */ { NULL, NULL, 0 },
+/* 0xb3 */ { NULL, NULL, 0 },
+/* 0xb4 */ { NULL, NULL, 0 },
+/* 0xb5 */ { NULL, NULL, 0 },
+/* 0xb6 */ { NULL, NULL, 0 },
+/* 0xb7 */ { NULL, NULL, 0 },
+/* 0xb8 */ { NULL, NULL, 0 },
+/* 0xb9 */ { NULL, NULL, 0 },
+/* 0xba */ { NULL, NULL, 0 },
+/* 0xbb */ { NULL, NULL, 0 },
+/* 0xbc */ { NULL, NULL, 0 },
+/* 0xbd */ { NULL, NULL, 0 },
+/* 0xbe */ { NULL, NULL, 0 },
+/* 0xbf */ { NULL, NULL, 0 },
+/* 0xc0 */ { "SMBsplopen",	smbsrv_reply_printopen,		NEED_SESS|NEED_TCON },
+/* 0xc1 */ { "SMBsplwr",	smbsrv_reply_printwrite,	NEED_SESS|NEED_TCON },
+/* 0xc2 */ { "SMBsplclose",	smbsrv_reply_printclose,	NEED_SESS|NEED_TCON },
+/* 0xc3 */ { "SMBsplretq",	smbsrv_reply_printqueue,	NEED_SESS|NEED_TCON },
+/* 0xc4 */ { NULL, NULL, 0 },
+/* 0xc5 */ { NULL, NULL, 0 },
+/* 0xc6 */ { NULL, NULL, 0 },
+/* 0xc7 */ { NULL, NULL, 0 },
+/* 0xc8 */ { NULL, NULL, 0 },
+/* 0xc9 */ { NULL, NULL, 0 },
+/* 0xca */ { NULL, NULL, 0 },
+/* 0xcb */ { NULL, NULL, 0 },
+/* 0xcc */ { NULL, NULL, 0 },
+/* 0xcd */ { NULL, NULL, 0 },
+/* 0xce */ { NULL, NULL, 0 },
+/* 0xcf */ { NULL, NULL, 0 },
+/* 0xd0 */ { "SMBsends",	NULL,				0 },
+/* 0xd1 */ { "SMBsendb",	NULL,				0 },
+/* 0xd2 */ { "SMBfwdname",	NULL,				0 },
+/* 0xd3 */ { "SMBcancelf",	NULL,				0 },
+/* 0xd4 */ { "SMBgetmac",	NULL,				0 },
+/* 0xd5 */ { "SMBsendstrt",	NULL,				0 },
+/* 0xd6 */ { "SMBsendend",	NULL,				0 },
+/* 0xd7 */ { "SMBsendtxt",	NULL,				0 },
+/* 0xd8 */ { NULL, NULL, 0 },
+/* 0xd9 */ { NULL, NULL, 0 },
+/* 0xda */ { NULL, NULL, 0 },
+/* 0xdb */ { NULL, NULL, 0 },
+/* 0xdc */ { NULL, NULL, 0 },
+/* 0xdd */ { NULL, NULL, 0 },
+/* 0xde */ { NULL, NULL, 0 },
+/* 0xdf */ { NULL, NULL, 0 },
+/* 0xe0 */ { NULL, NULL, 0 },
+/* 0xe1 */ { NULL, NULL, 0 },
+/* 0xe2 */ { NULL, NULL, 0 },
+/* 0xe3 */ { NULL, NULL, 0 },
+/* 0xe4 */ { NULL, NULL, 0 },
+/* 0xe5 */ { NULL, NULL, 0 },
+/* 0xe6 */ { NULL, NULL, 0 },
+/* 0xe7 */ { NULL, NULL, 0 },
+/* 0xe8 */ { NULL, NULL, 0 },
+/* 0xe9 */ { NULL, NULL, 0 },
+/* 0xea */ { NULL, NULL, 0 },
+/* 0xeb */ { NULL, NULL, 0 },
+/* 0xec */ { NULL, NULL, 0 },
+/* 0xed */ { NULL, NULL, 0 },
+/* 0xee */ { NULL, NULL, 0 },
+/* 0xef */ { NULL, NULL, 0 },
+/* 0xf0 */ { NULL, NULL, 0 },
+/* 0xf1 */ { NULL, NULL, 0 },
+/* 0xf2 */ { NULL, NULL, 0 },
+/* 0xf3 */ { NULL, NULL, 0 },
+/* 0xf4 */ { NULL, NULL, 0 },
+/* 0xf5 */ { NULL, NULL, 0 },
+/* 0xf6 */ { NULL, NULL, 0 },
+/* 0xf7 */ { NULL, NULL, 0 },
+/* 0xf8 */ { NULL, NULL, 0 },
+/* 0xf9 */ { NULL, NULL, 0 },
+/* 0xfa */ { NULL, NULL, 0 },
+/* 0xfb */ { NULL, NULL, 0 },
+/* 0xfc */ { NULL, NULL, 0 },
+/* 0xfd */ { NULL, NULL, 0 },
+/* 0xfe */ { NULL, NULL, 0 },
+/* 0xff */ { NULL, NULL, 0 }
+};
+
+/****************************************************************************
+receive a SMB request header from the wire, forming a request_context
+from the result
+****************************************************************************/
+NTSTATUS smbsrv_recv_smb_request(void *private_data, DATA_BLOB blob)
+{
+	struct smbsrv_connection *smb_conn = talloc_get_type(private_data, struct smbsrv_connection);
+	struct smbsrv_request *req;
+	struct timeval cur_time = timeval_current();
+	uint8_t command;
+
+	smb_conn->statistics.last_request_time = cur_time;
+
+	/* see if its a special NBT packet */
+	if (CVAL(blob.data, 0) != 0) {
+		req = smbsrv_init_request(smb_conn);
+		NT_STATUS_HAVE_NO_MEMORY(req);
+
+		ZERO_STRUCT(req->in);
+
+		req->in.buffer = talloc_steal(req, blob.data);
+		req->in.size = blob.length;
+		req->request_time = cur_time;
+
+		smbsrv_reply_special(req);
+		return NT_STATUS_OK;
+	}
+
+	if ((NBT_HDR_SIZE + MIN_SMB_SIZE) > blob.length) {
+		DEBUG(2,("Invalid SMB packet: length %ld\n", (long)blob.length));
+		smbsrv_terminate_connection(smb_conn, "Invalid SMB packet");
+		return NT_STATUS_OK;
+	}
+
+	/* Make sure this is an SMB packet */
+	if (IVAL(blob.data, NBT_HDR_SIZE) != SMB_MAGIC) {
+		DEBUG(2,("Non-SMB packet of length %ld. Terminating connection\n",
+			 (long)blob.length));
+		smbsrv_terminate_connection(smb_conn, "Non-SMB packet");
+		return NT_STATUS_OK;
+	}
+
+	req = smbsrv_init_request(smb_conn);
+	NT_STATUS_HAVE_NO_MEMORY(req);
+
+	req->in.buffer = talloc_steal(req, blob.data);
+	req->in.size = blob.length;
+	req->request_time = cur_time;
+	req->chained_fnum = -1;
+	req->in.allocated = req->in.size;
+	req->in.hdr = req->in.buffer + NBT_HDR_SIZE;
+	req->in.vwv = req->in.hdr + HDR_VWV;
+	req->in.wct = CVAL(req->in.hdr, HDR_WCT);
+
+	command = CVAL(req->in.hdr, HDR_COM);
+
+	if (req->in.vwv + VWV(req->in.wct) <= req->in.buffer + req->in.size) {
+		req->in.data = req->in.vwv + VWV(req->in.wct) + 2;
+		req->in.data_size = SVAL(req->in.vwv, VWV(req->in.wct));
+
+		/* special handling for oversize calls. Windows seems
+		   to take the maximum of the BCC value and the
+		   computed buffer size. This handles oversized writeX
+		   calls, and possibly oversized SMBtrans calls */
+		if ((message_flags(command) & LARGE_REQUEST) &&
+		    ( !(message_flags(command) & AND_X) ||
+		      (req->in.wct < 1 || SVAL(req->in.vwv, VWV(0)) == SMB_CHAIN_NONE)) &&
+		    req->in.data_size < req->in.size - PTR_DIFF(req->in.data,req->in.buffer)) {
+			req->in.data_size = req->in.size - PTR_DIFF(req->in.data,req->in.buffer);
+		}
+	}
+
+	if (NBT_HDR_SIZE + MIN_SMB_SIZE + 2*req->in.wct > req->in.size) {
+		DEBUG(2,("Invalid SMB word count %d\n", req->in.wct));
+		smbsrv_terminate_connection(req->smb_conn, "Invalid SMB packet");
+		return NT_STATUS_OK;
+	}
+ 
+	if (NBT_HDR_SIZE + MIN_SMB_SIZE + 2*req->in.wct + req->in.data_size > req->in.size) {
+		DEBUG(2,("Invalid SMB buffer length count %d\n", 
+			 (int)req->in.data_size));
+		smbsrv_terminate_connection(req->smb_conn, "Invalid SMB packet");
+		return NT_STATUS_OK;
+	}
+
+	req->flags2	= SVAL(req->in.hdr, HDR_FLG2);
+
+	/* fix the bufinfo */
+	smbsrv_setup_bufinfo(req);
+
+	if (!smbsrv_signing_check_incoming(req)) {
+		smbsrv_send_error(req, NT_STATUS_ACCESS_DENIED);
+		return NT_STATUS_OK;
+	}
+
+	command = CVAL(req->in.hdr, HDR_COM);
+	switch_message(command, req);
+	return NT_STATUS_OK;
+}
+
+/****************************************************************************
+return a string containing the function name of a SMB command
+****************************************************************************/
+static const char *smb_fn_name(uint8_t type)
+{
+	const char *unknown_name = "SMBunknown";
+
+	if (smb_messages[type].name == NULL)
+		return unknown_name;
+
+	return smb_messages[type].name;
+}
+
+
+/****************************************************************************
+ Do a switch on the message type and call the specific reply function for this 
+message. Unlike earlier versions of Samba the reply functions are responsible
+for sending the reply themselves, rather than returning a size to this function
+The reply functions may also choose to delay the processing by pushing the message
+onto the message queue
+****************************************************************************/
+static void switch_message(int type, struct smbsrv_request *req)
+{
+	int flags;
+	struct smbsrv_connection *smb_conn = req->smb_conn;
+	NTSTATUS status;
+	struct server_id_buf idbuf;
+
+	type &= 0xff;
+
+	errno = 0;
+
+	if (smb_messages[type].fn == NULL) {
+		DEBUG(0,("Unknown message type %d!\n",type));
+		smbsrv_reply_unknown(req);
+		return;
+	}
+
+	flags = smb_messages[type].flags;
+
+	req->tcon = smbsrv_smb_tcon_find(smb_conn, SVAL(req->in.hdr,HDR_TID), req->request_time);
+
+	if (!req->session) {
+		/* setup the user context for this request if it
+		   hasn't already been initialised (to cope with SMB
+		   chaining) */
+
+		req->session = smbsrv_session_find(req->smb_conn, SVAL(req->in.hdr,HDR_UID), req->request_time);
+	}
+
+	DEBUG(5, ("switch message %s (task_id %s)\n",
+		  smb_fn_name(type),
+		  server_id_str_buf(req->smb_conn->connection->server_id,
+				    &idbuf)));
+
+	/* this must be called before we do any reply */
+	if (flags & SIGNING_NO_REPLY) {
+		smbsrv_signing_no_reply(req);
+	}
+
+	/* see if the vuid is valid */
+	if ((flags & NEED_SESS) && !req->session) {
+		status = NT_STATUS_DOS(ERRSRV, ERRbaduid);
+		/* amazingly, the error code depends on the command */
+		switch (type) {
+		case SMBntcreateX:
+		case SMBntcancel:
+		case SMBulogoffX:
+			break;
+		default:
+			if (req->smb_conn->config.nt_status_support &&
+			    req->smb_conn->negotiate.client_caps & CAP_STATUS32) {
+				status = NT_STATUS_INVALID_HANDLE;
+			}
+			break;
+		}
+		/* 
+		 * TODO:
+		 * don't know how to handle smb signing for this case 
+		 * so just skip the reply
+		 */
+		if ((flags & SIGNING_NO_REPLY) &&
+		    (req->smb_conn->signing.signing_state != SMB_SIGNING_ENGINE_OFF)) {
+			DEBUG(1,("SKIP ERROR REPLY: %s %s because of unknown smb signing case\n",
+				smb_fn_name(type), nt_errstr(status)));
+			talloc_free(req);
+			return;
+		}
+		smbsrv_send_error(req, status);
+		return;
+	}
+
+	/* does this protocol need a valid tree connection? */
+	if ((flags & NEED_TCON) && !req->tcon) {
+		status = NT_STATUS_DOS(ERRSRV, ERRinvnid);
+		/* amazingly, the error code depends on the command */
+		switch (type) {
+		case SMBntcreateX:
+		case SMBntcancel:
+		case SMBtdis:
+			break;
+		default:
+			if (req->smb_conn->config.nt_status_support &&
+			    req->smb_conn->negotiate.client_caps & CAP_STATUS32) {
+				status = NT_STATUS_INVALID_HANDLE;
+			}
+			break;
+		}
+		/* 
+		 * TODO:
+		 * don't know how to handle smb signing for this case 
+		 * so just skip the reply
+		 */
+		if ((flags & SIGNING_NO_REPLY) &&
+		    (req->smb_conn->signing.signing_state != SMB_SIGNING_ENGINE_OFF)) {
+			DEBUG(1,("SKIP ERROR REPLY: %s %s because of unknown smb signing case\n",
+				smb_fn_name(type), nt_errstr(status)));
+			talloc_free(req);
+			return;
+		}
+		smbsrv_send_error(req, status);
+		return;
+	}
+
+	smb_messages[type].fn(req);
+}
+
+/*
+  we call this when first first part of a possibly chained request has been completed
+  and we need to call the 2nd part, if any
+*/
+void smbsrv_chain_reply(struct smbsrv_request *req)
+{
+	uint16_t chain_cmd, chain_offset;
+	uint8_t *vwv, *data;
+	uint16_t wct;
+	uint16_t data_size;
+
+	if (req->in.wct < 2 || req->out.wct < 2) {
+		smbsrv_send_error(req, NT_STATUS_DOS(ERRSRV, ERRerror));
+		return;
+	}
+
+	chain_cmd    = CVAL(req->in.vwv, VWV(0));
+	chain_offset = SVAL(req->in.vwv, VWV(1));
+
+	if (chain_cmd == SMB_CHAIN_NONE) {
+		/* end of chain */
+		SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
+		SSVAL(req->out.vwv, VWV(1), 0);
+		smbsrv_send_reply(req);
+		return;
+	}
+
+	if (chain_offset + req->in.hdr >= req->in.buffer + req->in.size) {
+		goto error;
+	}
+
+	wct = CVAL(req->in.hdr, chain_offset);
+	vwv = req->in.hdr + chain_offset + 1;
+
+	if (vwv + VWV(wct) + 2 > req->in.buffer + req->in.size) {
+		goto error;
+	}
+
+	data_size = SVAL(vwv, VWV(wct));
+	data = vwv + VWV(wct) + 2;
+
+	if (data + data_size > req->in.buffer + req->in.size) {
+		goto error;
+	}
+
+	/* all seems legit */
+	req->in.vwv = vwv;
+	req->in.wct = wct;
+	req->in.data = data;
+	req->in.data_size = data_size;
+	req->in.ptr = data;
+
+	/* fix the bufinfo */
+	smbsrv_setup_bufinfo(req);
+
+	req->chain_count++;
+
+	SSVAL(req->out.vwv, VWV(0), chain_cmd);
+	SSVAL(req->out.vwv, VWV(1), req->out.size - NBT_HDR_SIZE);
+
+	/* cleanup somestuff for the next request */
+	DLIST_REMOVE(req->smb_conn->requests, req);
+	talloc_unlink(req, req->ntvfs);
+	req->ntvfs = NULL;
+	talloc_free(req->io_ptr);
+	req->io_ptr = NULL;
+
+	switch_message(chain_cmd, req);
+	return;
+
+error:
+	SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
+	SSVAL(req->out.vwv, VWV(1), 0);
+	smbsrv_send_error(req, NT_STATUS_DOS(ERRSRV, ERRerror));
+}
+
+/*
+ * init the SMB protocol related stuff
+ */
+NTSTATUS smbsrv_init_smb_connection(struct smbsrv_connection *smb_conn, struct loadparm_context *lp_ctx)
+{
+	NTSTATUS status;
+
+	/* now initialise a few default values associated with this smb socket */
+	smb_conn->negotiate.max_send = 0xFFFF;
+
+	/* this is the size that w2k uses, and it appears to be important for
+	   good performance */
+	smb_conn->negotiate.max_recv = lpcfg_max_xmit(lp_ctx);
+
+	smb_conn->negotiate.zone_offset = get_time_zone(time(NULL));
+
+	smb_conn->config.nt_status_support = lpcfg_nt_status_support(lp_ctx);
+
+	status = smbsrv_init_sessions(smb_conn, UINT16_MAX);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	status = smbsrv_smb_init_tcons(smb_conn);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	smbsrv_init_signing(smb_conn);
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/smb_server/smb/reply.c b/source4/smb_server/smb/reply.c
new file mode 100644
index 0000000..8511b8f
--- /dev/null
+++ b/source4/smb_server/smb/reply.c
@@ -0,0 +1,2379 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Main SMB reply routines
+   Copyright (C) Andrew Tridgell 1992-2003
+   Copyright (C) James J Myers 2003 <myersjj@samba.org>
+   Copyright (C) Stefan Metzmacher 2006
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+   This file handles most of the reply_ calls that the server
+   makes to handle specific SMB commands
+*/
+
+#include "includes.h"
+#include "smb_server/smb_server.h"
+#include "ntvfs/ntvfs.h"
+#include "librpc/gen_ndr/ndr_nbt.h"
+#include "libcli/nbt/libnbt.h"
+
+
+/****************************************************************************
+ Reply to a simple request (async send)
+****************************************************************************/
+static void reply_simple_send(struct ntvfs_request *ntvfs)
+{
+	struct smbsrv_request *req;
+
+	SMBSRV_CHECK_ASYNC_STATUS_SIMPLE;
+
+	smbsrv_setup_reply(req, 0, 0);
+	smbsrv_send_reply(req);
+}
+
+
+/****************************************************************************
+ Reply to a tcon (async reply)
+****************************************************************************/
+static void reply_tcon_send(struct ntvfs_request *ntvfs)
+{
+	struct smbsrv_request *req;
+	union smb_tcon *con;
+
+	SMBSRV_CHECK_ASYNC_STATUS(con, union smb_tcon);
+
+	/* construct reply */
+	smbsrv_setup_reply(req, 2, 0);
+
+	SSVAL(req->out.vwv, VWV(0), con->tcon.out.max_xmit);
+	SSVAL(req->out.vwv, VWV(1), con->tcon.out.tid);
+	SSVAL(req->out.hdr, HDR_TID, req->tcon->tid);
+
+	smbsrv_send_reply(req);
+}
+
+/****************************************************************************
+ Reply to a tcon.
+****************************************************************************/
+void smbsrv_reply_tcon(struct smbsrv_request *req)
+{
+	union smb_tcon *con;
+	NTSTATUS status;
+	uint8_t *p;
+	
+	/* parse request */
+	SMBSRV_CHECK_WCT(req, 0);
+
+	SMBSRV_TALLOC_IO_PTR(con, union smb_tcon);
+
+	con->tcon.level = RAW_TCON_TCON;
+
+	p = req->in.data;	
+	p += req_pull_ascii4(&req->in.bufinfo, &con->tcon.in.service, p, STR_TERMINATE);
+	p += req_pull_ascii4(&req->in.bufinfo, &con->tcon.in.password, p, STR_TERMINATE);
+	p += req_pull_ascii4(&req->in.bufinfo, &con->tcon.in.dev, p, STR_TERMINATE);
+
+	if (!con->tcon.in.service || !con->tcon.in.password || !con->tcon.in.dev) {
+		smbsrv_send_error(req, NT_STATUS_INVALID_PARAMETER);
+		return;
+	}
+
+	/* Instantiate backend */
+	status = smbsrv_tcon_backend(req, con);
+	if (!NT_STATUS_IS_OK(status)) {
+		smbsrv_send_error(req, status);
+		return;
+	}
+
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_tcon_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	/* Invoke NTVFS connection hook */
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_connect(req->ntvfs, con));
+}
+
+
+/****************************************************************************
+ Reply to a tcon and X (async reply)
+****************************************************************************/
+static void reply_tcon_and_X_send(struct ntvfs_request *ntvfs)
+{
+	struct smbsrv_request *req;
+	union smb_tcon *con;
+
+	SMBSRV_CHECK_ASYNC_STATUS(con, union smb_tcon);
+
+	/* construct reply - two variants */
+	if (req->smb_conn->negotiate.protocol < PROTOCOL_NT1) {
+		smbsrv_setup_reply(req, 2, 0);
+
+		SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
+		SSVAL(req->out.vwv, VWV(1), 0);
+
+		req_push_str(req, NULL, con->tconx.out.dev_type, -1, STR_TERMINATE|STR_ASCII);
+	} else {
+		smbsrv_setup_reply(req, 3, 0);
+
+		SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
+		SSVAL(req->out.vwv, VWV(1), 0);
+		SSVAL(req->out.vwv, VWV(2), con->tconx.out.options);
+
+		req_push_str(req, NULL, con->tconx.out.dev_type, -1, STR_TERMINATE|STR_ASCII);
+		req_push_str(req, NULL, con->tconx.out.fs_type, -1, STR_TERMINATE);
+	}
+
+	/* set the incoming and outgoing tid to the just created one */
+	SSVAL(req->in.hdr, HDR_TID, con->tconx.out.tid);
+	SSVAL(req->out.hdr,HDR_TID, con->tconx.out.tid);
+
+	smbsrv_chain_reply(req);
+}
+
+/****************************************************************************
+ Reply to a tcon and X.
+****************************************************************************/
+void smbsrv_reply_tcon_and_X(struct smbsrv_request *req)
+{
+	NTSTATUS status;
+	union smb_tcon *con;
+	uint8_t *p;
+	uint16_t passlen;
+
+	SMBSRV_TALLOC_IO_PTR(con, union smb_tcon);
+
+	con->tconx.level = RAW_TCON_TCONX;
+
+	/* parse request */
+	SMBSRV_CHECK_WCT(req, 4);
+
+	con->tconx.in.flags  = SVAL(req->in.vwv, VWV(2));
+	passlen              = SVAL(req->in.vwv, VWV(3));
+
+	p = req->in.data;
+
+	if (!req_pull_blob(&req->in.bufinfo, p, passlen, &con->tconx.in.password)) {
+		smbsrv_send_error(req, NT_STATUS_ILL_FORMED_PASSWORD);
+		return;
+	}
+	p += passlen;
+
+	p += req_pull_string(&req->in.bufinfo, &con->tconx.in.path, p, -1, STR_TERMINATE);
+	p += req_pull_string(&req->in.bufinfo, &con->tconx.in.device, p, -1, STR_ASCII);
+
+	if (!con->tconx.in.path || !con->tconx.in.device) {
+		smbsrv_send_error(req, NT_STATUS_BAD_DEVICE_TYPE);
+		return;
+	}
+
+	/* Instantiate backend */
+	status = smbsrv_tcon_backend(req, con);
+	if (!NT_STATUS_IS_OK(status)) {
+		smbsrv_send_error(req, status);
+		return;
+	}
+
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_tcon_and_X_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	/* Invoke NTVFS connection hook */
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_connect(req->ntvfs, con));
+}
+
+
+/****************************************************************************
+ Reply to an unknown request
+****************************************************************************/
+void smbsrv_reply_unknown(struct smbsrv_request *req)
+{
+	int type;
+
+	type = CVAL(req->in.hdr, HDR_COM);
+  
+	DEBUG(0,("unknown command type %d (0x%X)\n", type, type));
+
+	smbsrv_send_error(req, NT_STATUS_DOS(ERRSRV, ERRunknownsmb));
+}
+
+
+/****************************************************************************
+ Reply to an ioctl (async reply)
+****************************************************************************/
+static void reply_ioctl_send(struct ntvfs_request *ntvfs)
+{
+	struct smbsrv_request *req;
+	union smb_ioctl *io;
+
+	SMBSRV_CHECK_ASYNC_STATUS(io, union smb_ioctl);
+
+	/* the +1 is for nicer alignment */
+	smbsrv_setup_reply(req, 8, io->ioctl.out.blob.length+1);
+	SSVAL(req->out.vwv, VWV(1), io->ioctl.out.blob.length);
+	SSVAL(req->out.vwv, VWV(5), io->ioctl.out.blob.length);
+	SSVAL(req->out.vwv, VWV(6), PTR_DIFF(req->out.data, req->out.hdr) + 1);
+
+	memcpy(req->out.data+1, io->ioctl.out.blob.data, io->ioctl.out.blob.length);
+
+	smbsrv_send_reply(req);
+}
+
+/****************************************************************************
+ Reply to an ioctl.
+****************************************************************************/
+void smbsrv_reply_ioctl(struct smbsrv_request *req)
+{
+	union smb_ioctl *io;
+
+	/* parse request */
+	SMBSRV_CHECK_WCT(req, 3);
+	SMBSRV_TALLOC_IO_PTR(io, union smb_ioctl);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_ioctl_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	io->ioctl.level		= RAW_IOCTL_IOCTL;
+	io->ioctl.in.file.ntvfs	= smbsrv_pull_fnum(req, req->in.vwv, VWV(0));
+	io->ioctl.in.request	= IVAL(req->in.vwv, VWV(1));
+
+	SMBSRV_CHECK_FILE_HANDLE_ERROR(io->ioctl.in.file.ntvfs,
+				       NT_STATUS_DOS(ERRSRV, ERRerror));
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_ioctl(req->ntvfs, io));
+}
+
+
+/****************************************************************************
+ Reply to a chkpth.
+****************************************************************************/
+void smbsrv_reply_chkpth(struct smbsrv_request *req)
+{
+	union smb_chkpath *io;
+
+	SMBSRV_TALLOC_IO_PTR(io, union smb_chkpath);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_simple_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	req_pull_ascii4(&req->in.bufinfo, &io->chkpath.in.path, req->in.data, STR_TERMINATE);
+
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_chkpath(req->ntvfs, io));
+}
+
+/****************************************************************************
+ Reply to a getatr (async reply)
+****************************************************************************/
+static void reply_getatr_send(struct ntvfs_request *ntvfs)
+{
+	struct smbsrv_request *req;
+	union smb_fileinfo *st;
+
+	SMBSRV_CHECK_ASYNC_STATUS(st, union smb_fileinfo);
+
+	/* construct reply */
+	smbsrv_setup_reply(req, 10, 0);
+
+	SSVAL(req->out.vwv,         VWV(0), st->getattr.out.attrib);
+	srv_push_dos_date3(req->smb_conn, req->out.vwv, VWV(1), st->getattr.out.write_time);
+	SIVAL(req->out.vwv,         VWV(3), st->getattr.out.size);
+
+	SMBSRV_VWV_RESERVED(5, 5);
+
+	smbsrv_send_reply(req);
+}
+
+
+/****************************************************************************
+ Reply to a getatr.
+****************************************************************************/
+void smbsrv_reply_getatr(struct smbsrv_request *req)
+{
+	union smb_fileinfo *st;
+
+	SMBSRV_TALLOC_IO_PTR(st, union smb_fileinfo);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_getatr_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+	
+	st->getattr.level = RAW_FILEINFO_GETATTR;
+
+	/* parse request */
+	req_pull_ascii4(&req->in.bufinfo, &st->getattr.in.file.path, req->in.data, STR_TERMINATE);
+	if (!st->getattr.in.file.path) {
+		smbsrv_send_error(req, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+		return;
+	}
+
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_qpathinfo(req->ntvfs, st));
+}
+
+
+/****************************************************************************
+ Reply to a setatr.
+****************************************************************************/
+void smbsrv_reply_setatr(struct smbsrv_request *req)
+{
+	union smb_setfileinfo *st;
+
+	/* parse request */
+	SMBSRV_CHECK_WCT(req, 8);
+	SMBSRV_TALLOC_IO_PTR(st, union smb_setfileinfo);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_simple_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	st->setattr.level = RAW_SFILEINFO_SETATTR;
+	st->setattr.in.attrib     = SVAL(req->in.vwv, VWV(0));
+	st->setattr.in.write_time = srv_pull_dos_date3(req->smb_conn, req->in.vwv + VWV(1));
+	
+	req_pull_ascii4(&req->in.bufinfo, &st->setattr.in.file.path, req->in.data, STR_TERMINATE);
+
+	if (!st->setattr.in.file.path) {
+		smbsrv_send_error(req, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+		return;
+	}
+	
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_setpathinfo(req->ntvfs, st));
+}
+
+
+/****************************************************************************
+ Reply to a dskattr (async reply)
+****************************************************************************/
+static void reply_dskattr_send(struct ntvfs_request *ntvfs)
+{
+	struct smbsrv_request *req;
+	union smb_fsinfo *fs;
+
+	SMBSRV_CHECK_ASYNC_STATUS(fs, union smb_fsinfo);
+
+	/* construct reply */
+	smbsrv_setup_reply(req, 5, 0);
+
+	SSVAL(req->out.vwv, VWV(0), fs->dskattr.out.units_total);
+	SSVAL(req->out.vwv, VWV(1), fs->dskattr.out.blocks_per_unit);
+	SSVAL(req->out.vwv, VWV(2), fs->dskattr.out.block_size);
+	SSVAL(req->out.vwv, VWV(3), fs->dskattr.out.units_free);
+
+	SMBSRV_VWV_RESERVED(4, 1);
+
+	smbsrv_send_reply(req);
+}
+
+
+/****************************************************************************
+ Reply to a dskattr.
+****************************************************************************/
+void smbsrv_reply_dskattr(struct smbsrv_request *req)
+{
+	union smb_fsinfo *fs;
+
+	SMBSRV_TALLOC_IO_PTR(fs, union smb_fsinfo);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_dskattr_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+	
+	fs->dskattr.level = RAW_QFS_DSKATTR;
+
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_fsinfo(req->ntvfs, fs));
+}
+
+
+/****************************************************************************
+ Reply to an open (async reply)
+****************************************************************************/
+static void reply_open_send(struct ntvfs_request *ntvfs)
+{
+	struct smbsrv_request *req;
+	union smb_open *oi;
+
+	SMBSRV_CHECK_ASYNC_STATUS(oi, union smb_open);
+
+	/* construct reply */
+	smbsrv_setup_reply(req, 7, 0);
+
+	smbsrv_push_fnum(req->out.vwv, VWV(0), oi->openold.out.file.ntvfs);
+	SSVAL(req->out.vwv, VWV(1), oi->openold.out.attrib);
+	srv_push_dos_date3(req->smb_conn, req->out.vwv, VWV(2), oi->openold.out.write_time);
+	SIVAL(req->out.vwv, VWV(4), oi->openold.out.size);
+	SSVAL(req->out.vwv, VWV(6), oi->openold.out.rmode);
+
+	smbsrv_send_reply(req);
+}
+
+/****************************************************************************
+ Reply to an open.
+****************************************************************************/
+void smbsrv_reply_open(struct smbsrv_request *req)
+{
+	union smb_open *oi;
+
+	/* parse request */
+	SMBSRV_CHECK_WCT(req, 2);
+	SMBSRV_TALLOC_IO_PTR(oi, union smb_open);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_open_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	oi->openold.level = RAW_OPEN_OPEN;
+	oi->openold.in.open_mode = SVAL(req->in.vwv, VWV(0));
+	oi->openold.in.search_attrs = SVAL(req->in.vwv, VWV(1));
+
+	req_pull_ascii4(&req->in.bufinfo, &oi->openold.in.fname, req->in.data, STR_TERMINATE);
+
+	if (!oi->openold.in.fname) {
+		smbsrv_send_error(req, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+		return;
+	}
+
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_open(req->ntvfs, oi));
+}
+
+
+/****************************************************************************
+ Reply to an open and X (async reply)
+****************************************************************************/
+static void reply_open_and_X_send(struct ntvfs_request *ntvfs)
+{
+	struct smbsrv_request *req;
+	union smb_open *oi;
+
+	SMBSRV_CHECK_ASYNC_STATUS(oi, union smb_open);
+
+	/* build the reply */
+	if (oi->openx.in.flags & OPENX_FLAGS_EXTENDED_RETURN) {
+		smbsrv_setup_reply(req, 19, 0);
+	} else {
+		smbsrv_setup_reply(req, 15, 0);
+	}
+
+	SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
+	SSVAL(req->out.vwv, VWV(1), 0);
+	smbsrv_push_fnum(req->out.vwv, VWV(2), oi->openx.out.file.ntvfs);
+	SSVAL(req->out.vwv, VWV(3), oi->openx.out.attrib);
+	srv_push_dos_date3(req->smb_conn, req->out.vwv, VWV(4), oi->openx.out.write_time);
+	SIVAL(req->out.vwv, VWV(6), oi->openx.out.size);
+	SSVAL(req->out.vwv, VWV(8), oi->openx.out.access);
+	SSVAL(req->out.vwv, VWV(9), oi->openx.out.ftype);
+	SSVAL(req->out.vwv, VWV(10),oi->openx.out.devstate);
+	SSVAL(req->out.vwv, VWV(11),oi->openx.out.action);
+	SIVAL(req->out.vwv, VWV(12),oi->openx.out.unique_fid);
+	SSVAL(req->out.vwv, VWV(14),0); /* reserved */
+	if (oi->openx.in.flags & OPENX_FLAGS_EXTENDED_RETURN) {
+		SIVAL(req->out.vwv, VWV(15),oi->openx.out.access_mask);
+		SMBSRV_VWV_RESERVED(17, 2);
+	}
+
+	req->chained_fnum = SVAL(req->out.vwv, VWV(2));
+
+	smbsrv_chain_reply(req);
+}
+
+
+/****************************************************************************
+ Reply to an open and X.
+****************************************************************************/
+void smbsrv_reply_open_and_X(struct smbsrv_request *req)
+{
+	union smb_open *oi;
+
+	/* parse the request */
+	SMBSRV_CHECK_WCT(req, 15);
+	SMBSRV_TALLOC_IO_PTR(oi, union smb_open);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_open_and_X_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	oi->openx.level = RAW_OPEN_OPENX;
+	oi->openx.in.flags        = SVAL(req->in.vwv, VWV(2));
+	oi->openx.in.open_mode    = SVAL(req->in.vwv, VWV(3));
+	oi->openx.in.search_attrs = SVAL(req->in.vwv, VWV(4));
+	oi->openx.in.file_attrs   = SVAL(req->in.vwv, VWV(5));
+	oi->openx.in.write_time   = srv_pull_dos_date3(req->smb_conn, req->in.vwv + VWV(6));
+	oi->openx.in.open_func    = SVAL(req->in.vwv, VWV(8));
+	oi->openx.in.size         = IVAL(req->in.vwv, VWV(9));
+	oi->openx.in.timeout      = IVAL(req->in.vwv, VWV(11));
+
+	req_pull_ascii4(&req->in.bufinfo, &oi->openx.in.fname, req->in.data, STR_TERMINATE);
+
+	if (!oi->openx.in.fname) {
+		smbsrv_send_error(req, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+		return;
+	}
+
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_open(req->ntvfs, oi));
+}
+
+
+/****************************************************************************
+ Reply to a mknew or a create.
+****************************************************************************/
+static void reply_mknew_send(struct ntvfs_request *ntvfs)
+{
+	struct smbsrv_request *req;
+	union smb_open *oi;
+
+	SMBSRV_CHECK_ASYNC_STATUS(oi, union smb_open);
+
+	/* build the reply */
+	smbsrv_setup_reply(req, 1, 0);
+
+	smbsrv_push_fnum(req->out.vwv, VWV(0), oi->mknew.out.file.ntvfs);
+
+	smbsrv_send_reply(req);
+}
+
+
+/****************************************************************************
+ Reply to a mknew or a create.
+****************************************************************************/
+void smbsrv_reply_mknew(struct smbsrv_request *req)
+{
+	union smb_open *oi;
+
+	/* parse the request */
+	SMBSRV_CHECK_WCT(req, 3);
+	SMBSRV_TALLOC_IO_PTR(oi, union smb_open);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_mknew_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	if (CVAL(req->in.hdr, HDR_COM) == SMBmknew) {
+		oi->mknew.level = RAW_OPEN_MKNEW;
+	} else {
+		oi->mknew.level = RAW_OPEN_CREATE;
+	}
+	oi->mknew.in.attrib  = SVAL(req->in.vwv, VWV(0));
+	oi->mknew.in.write_time  = srv_pull_dos_date3(req->smb_conn, req->in.vwv + VWV(1));
+
+	req_pull_ascii4(&req->in.bufinfo, &oi->mknew.in.fname, req->in.data, STR_TERMINATE);
+
+	if (!oi->mknew.in.fname) {
+		smbsrv_send_error(req, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+		return;
+	}
+
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_open(req->ntvfs, oi));
+}
+
+/****************************************************************************
+ Reply to a create temporary file (async reply)
+****************************************************************************/
+static void reply_ctemp_send(struct ntvfs_request *ntvfs)
+{
+	struct smbsrv_request *req;
+	union smb_open *oi;
+
+	SMBSRV_CHECK_ASYNC_STATUS(oi, union smb_open);
+
+	/* build the reply */
+	smbsrv_setup_reply(req, 1, 0);
+
+	smbsrv_push_fnum(req->out.vwv, VWV(0), oi->ctemp.out.file.ntvfs);
+
+	/* the returned filename is relative to the directory */
+	req_push_str(req, NULL, oi->ctemp.out.name, -1, STR_TERMINATE | STR_ASCII);
+
+	smbsrv_send_reply(req);
+}
+
+/****************************************************************************
+ Reply to a create temporary file.
+****************************************************************************/
+void smbsrv_reply_ctemp(struct smbsrv_request *req)
+{
+	union smb_open *oi;
+
+	/* parse the request */
+	SMBSRV_CHECK_WCT(req, 3);
+	SMBSRV_TALLOC_IO_PTR(oi, union smb_open);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_ctemp_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	oi->ctemp.level = RAW_OPEN_CTEMP;
+	oi->ctemp.in.attrib = SVAL(req->in.vwv, VWV(0));
+	oi->ctemp.in.write_time = srv_pull_dos_date3(req->smb_conn, req->in.vwv + VWV(1));
+
+	/* the filename is actually a directory name, the server provides a filename
+	   in that directory */
+	req_pull_ascii4(&req->in.bufinfo, &oi->ctemp.in.directory, req->in.data, STR_TERMINATE);
+
+	if (!oi->ctemp.in.directory) {
+		smbsrv_send_error(req, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+		return;
+	}
+
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_open(req->ntvfs, oi));
+}
+
+
+/****************************************************************************
+ Reply to a unlink
+****************************************************************************/
+void smbsrv_reply_unlink(struct smbsrv_request *req)
+{
+	union smb_unlink *unl;
+
+	/* parse the request */
+	SMBSRV_CHECK_WCT(req, 1);
+	SMBSRV_TALLOC_IO_PTR(unl, union smb_unlink);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_simple_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+	
+	unl->unlink.in.attrib = SVAL(req->in.vwv, VWV(0));
+
+	req_pull_ascii4(&req->in.bufinfo, &unl->unlink.in.pattern, req->in.data, STR_TERMINATE);
+	
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_unlink(req->ntvfs, unl));
+}
+
+
+/****************************************************************************
+ Reply to a readbraw (core+ protocol).
+ this is a strange packet because it doesn't use a standard SMB header in the reply,
+ only the 4 byte NBT header
+ This command must be replied to synchronously
+****************************************************************************/
+void smbsrv_reply_readbraw(struct smbsrv_request *req)
+{
+	NTSTATUS status;
+	union smb_read io;
+
+	io.readbraw.level = RAW_READ_READBRAW;
+
+	/* there are two variants, one with 10 and one with 8 command words */
+	if (req->in.wct < 8) {
+		goto failed;
+	}
+
+	io.readbraw.in.file.ntvfs = smbsrv_pull_fnum(req, req->in.vwv, VWV(0));
+	io.readbraw.in.offset  = IVAL(req->in.vwv, VWV(1));
+	io.readbraw.in.maxcnt  = SVAL(req->in.vwv, VWV(3));
+	io.readbraw.in.mincnt  = SVAL(req->in.vwv, VWV(4));
+	io.readbraw.in.timeout = IVAL(req->in.vwv, VWV(5));
+
+	if (!io.readbraw.in.file.ntvfs) {
+		goto failed;
+	}
+
+	/* the 64 bit variant */
+	if (req->in.wct == 10) {
+		uint32_t offset_high = IVAL(req->in.vwv, VWV(8));
+		io.readbraw.in.offset |= (((off_t)offset_high) << 32);
+	}
+
+	/* before calling the backend we setup the raw buffer. This
+	 * saves a copy later */
+	req->out.size = io.readbraw.in.maxcnt + NBT_HDR_SIZE;
+	req->out.buffer = talloc_size(req, req->out.size);
+	if (req->out.buffer == NULL) {
+		goto failed;
+	}
+	SIVAL(req->out.buffer, 0, 0); /* init NBT header */
+
+	/* tell the backend where to put the data */
+	io.readbraw.out.data = req->out.buffer + NBT_HDR_SIZE;
+
+	/* prepare the ntvfs request */
+	req->ntvfs = ntvfs_request_create(req->tcon->ntvfs, req,
+					  req->session->session_info,
+					  SVAL(req->in.hdr,HDR_PID),
+					  req->request_time,
+					  req, NULL, 0);
+	if (!req->ntvfs) {
+		goto failed;
+	}
+
+	/* call the backend */
+	status = ntvfs_read(req->ntvfs, &io);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto failed;
+	}
+
+	req->out.size = io.readbraw.out.nread + NBT_HDR_SIZE;
+
+	smbsrv_send_reply_nosign(req);
+	return;
+
+failed:
+	/* any failure in readbraw is equivalent to reading zero bytes */
+	req->out.size = 4;
+	req->out.buffer = talloc_size(req, req->out.size);
+	SIVAL(req->out.buffer, 0, 0); /* init NBT header */
+
+	smbsrv_send_reply_nosign(req);
+}
+
+
+/****************************************************************************
+ Reply to a lockread (async reply)
+****************************************************************************/
+static void reply_lockread_send(struct ntvfs_request *ntvfs)
+{
+	struct smbsrv_request *req;
+	union smb_read *io;
+
+	SMBSRV_CHECK_ASYNC_STATUS(io, union smb_read);
+
+	/* trim packet */
+	io->lockread.out.nread = MIN(io->lockread.out.nread,
+		req_max_data(req) - 3);
+	req_grow_data(req, 3 + io->lockread.out.nread);
+
+	/* construct reply */
+	SSVAL(req->out.vwv, VWV(0), io->lockread.out.nread);
+	SMBSRV_VWV_RESERVED(1, 4);
+
+	SCVAL(req->out.data, 0, SMB_DATA_BLOCK);
+	SSVAL(req->out.data, 1, io->lockread.out.nread);
+
+	smbsrv_send_reply(req);
+}
+
+
+/****************************************************************************
+ Reply to a lockread (core+ protocol).
+ note that the lock is a write lock, not a read lock!
+****************************************************************************/
+void smbsrv_reply_lockread(struct smbsrv_request *req)
+{
+	union smb_read *io;
+	
+	/* parse request */
+	SMBSRV_CHECK_WCT(req, 5);
+	SMBSRV_TALLOC_IO_PTR(io, union smb_read);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_lockread_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	io->lockread.level = RAW_READ_LOCKREAD;
+	io->lockread.in.file.ntvfs= smbsrv_pull_fnum(req, req->in.vwv, VWV(0));
+	io->lockread.in.count     = SVAL(req->in.vwv, VWV(1));
+	io->lockread.in.offset    = IVAL(req->in.vwv, VWV(2));
+	io->lockread.in.remaining = SVAL(req->in.vwv, VWV(4));
+
+	/* setup the reply packet assuming the maximum possible read */
+	smbsrv_setup_reply(req, 5, 3 + io->lockread.in.count);
+
+	/* tell the backend where to put the data */
+	io->lockread.out.data = req->out.data + 3;
+
+	SMBSRV_CHECK_FILE_HANDLE(io->lockread.in.file.ntvfs);
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_read(req->ntvfs, io));
+}
+
+
+
+/****************************************************************************
+ Reply to a read (async reply)
+****************************************************************************/
+static void reply_read_send(struct ntvfs_request *ntvfs)
+{
+	struct smbsrv_request *req;
+	union smb_read *io;
+
+	SMBSRV_CHECK_ASYNC_STATUS(io, union smb_read);
+
+	/* trim packet */
+	io->read.out.nread = MIN(io->read.out.nread,
+		req_max_data(req) - 3);
+	req_grow_data(req, 3 + io->read.out.nread);
+
+	/* construct reply */
+	SSVAL(req->out.vwv, VWV(0), io->read.out.nread);
+	SMBSRV_VWV_RESERVED(1, 4);
+
+	SCVAL(req->out.data, 0, SMB_DATA_BLOCK);
+	SSVAL(req->out.data, 1, io->read.out.nread);
+
+	smbsrv_send_reply(req);
+}
+
+/****************************************************************************
+ Reply to a read.
+****************************************************************************/
+void smbsrv_reply_read(struct smbsrv_request *req)
+{
+	union smb_read *io;
+
+	/* parse request */
+	SMBSRV_CHECK_WCT(req, 5);
+	SMBSRV_TALLOC_IO_PTR(io, union smb_read);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_read_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	io->read.level = RAW_READ_READ;
+	io->read.in.file.ntvfs    = smbsrv_pull_fnum(req, req->in.vwv, VWV(0));
+	io->read.in.count         = SVAL(req->in.vwv, VWV(1));
+	io->read.in.offset        = IVAL(req->in.vwv, VWV(2));
+	io->read.in.remaining     = SVAL(req->in.vwv, VWV(4));
+
+	/* setup the reply packet assuming the maximum possible read */
+	smbsrv_setup_reply(req, 5, 3 + io->read.in.count);
+
+	/* tell the backend where to put the data */
+	io->read.out.data = req->out.data + 3;
+
+	SMBSRV_CHECK_FILE_HANDLE(io->read.in.file.ntvfs);
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_read(req->ntvfs, io));
+}
+
+/****************************************************************************
+ Reply to a read and X (async reply)
+****************************************************************************/
+static void reply_read_and_X_send(struct ntvfs_request *ntvfs)
+{
+	struct smbsrv_request *req;
+	union smb_read *io;
+
+	SMBSRV_CHECK_ASYNC_STATUS_ERR(io, union smb_read);
+
+	/* readx reply packets can be over-sized */
+	req->control_flags |= SMBSRV_REQ_CONTROL_LARGE;
+	if (io->readx.in.maxcnt != 0xFFFF &&
+	    io->readx.in.mincnt != 0xFFFF) {
+		req_grow_data(req, 1 + io->readx.out.nread);
+		SCVAL(req->out.data, 0, 0); /* padding */
+	} else {
+		req_grow_data(req, io->readx.out.nread);
+	}
+
+	/* construct reply */
+	SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
+	SSVAL(req->out.vwv, VWV(1), 0);
+	SSVAL(req->out.vwv, VWV(2), io->readx.out.remaining);
+	SSVAL(req->out.vwv, VWV(3), io->readx.out.compaction_mode);
+	SMBSRV_VWV_RESERVED(4, 1);
+	SSVAL(req->out.vwv, VWV(5), io->readx.out.nread);
+	SSVAL(req->out.vwv, VWV(6), PTR_DIFF(io->readx.out.data, req->out.hdr));
+	SSVAL(req->out.vwv, VWV(7), (io->readx.out.nread>>16));
+	SMBSRV_VWV_RESERVED(8, 4);
+
+	if (!NT_STATUS_IS_OK(req->ntvfs->async_states->status)) {
+		smbsrv_setup_error(req, req->ntvfs->async_states->status);
+	}
+
+	smbsrv_chain_reply(req);
+}
+
+/****************************************************************************
+ Reply to a read and X.
+****************************************************************************/
+void smbsrv_reply_read_and_X(struct smbsrv_request *req)
+{
+	union smb_read *io;
+	uint16_t high_part = 0;
+
+	/* parse request */
+	if (req->in.wct != 12) {
+		SMBSRV_CHECK_WCT(req, 10);
+	}
+
+	SMBSRV_TALLOC_IO_PTR(io, union smb_read);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_read_and_X_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	io->readx.level = RAW_READ_READX;
+	io->readx.in.file.ntvfs    = smbsrv_pull_fnum(req, req->in.vwv, VWV(2));
+	io->readx.in.offset        = IVAL(req->in.vwv, VWV(3));
+	io->readx.in.maxcnt        = SVAL(req->in.vwv, VWV(5));
+	io->readx.in.mincnt        = SVAL(req->in.vwv, VWV(6));
+	io->readx.in.remaining     = SVAL(req->in.vwv, VWV(9));
+	if (req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) {
+		io->readx.in.read_for_execute = true;
+	} else {
+		io->readx.in.read_for_execute = false;
+	}
+
+	if (req->smb_conn->negotiate.protocol == PROTOCOL_NT1) {
+		high_part = SVAL(req->in.vwv, VWV(7));
+	}
+	if (high_part != UINT16_MAX) {
+		io->readx.in.maxcnt |= high_part << 16;
+	}
+
+	/*
+	 * Windows truncates the length to 0x10000
+	 */
+	io->readx.in.maxcnt = MIN(io->readx.in.maxcnt, 0x10000);
+
+	/* the 64 bit variant */
+	if (req->in.wct == 12) {
+		uint32_t offset_high = IVAL(req->in.vwv, VWV(10));
+		io->readx.in.offset |= (((uint64_t)offset_high) << 32);
+	}
+
+	/* setup the reply packet assuming the maximum possible read */
+	smbsrv_setup_reply(req, 12, 1 + io->readx.in.maxcnt);
+
+	/* tell the backend where to put the data. Notice the pad byte. */
+	if (io->readx.in.maxcnt != 0xFFFF &&
+	    io->readx.in.mincnt != 0xFFFF) {
+		io->readx.out.data = req->out.data + 1;
+	} else {
+		io->readx.out.data = req->out.data;
+	}
+
+	SMBSRV_CHECK_FILE_HANDLE(io->readx.in.file.ntvfs);
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_read(req->ntvfs, io));
+}
+
+
+/****************************************************************************
+ Reply to a writebraw (core+ or LANMAN1.0 protocol).
+****************************************************************************/
+void smbsrv_reply_writebraw(struct smbsrv_request *req)
+{
+	smbsrv_send_error(req, NT_STATUS_DOS(ERRSRV, ERRuseSTD));
+}
+
+
+/****************************************************************************
+ Reply to a writeunlock (async reply)
+****************************************************************************/
+static void reply_writeunlock_send(struct ntvfs_request *ntvfs)
+{
+	struct smbsrv_request *req;
+	union smb_write *io;
+
+	SMBSRV_CHECK_ASYNC_STATUS(io, union smb_write);
+
+	/* construct reply */
+	smbsrv_setup_reply(req, 1, 0);
+
+	SSVAL(req->out.vwv, VWV(0), io->writeunlock.out.nwritten);
+
+	smbsrv_send_reply(req);
+}
+
+/****************************************************************************
+ Reply to a writeunlock (core+).
+****************************************************************************/
+void smbsrv_reply_writeunlock(struct smbsrv_request *req)
+{
+	union smb_write *io;
+
+	SMBSRV_CHECK_WCT(req, 5);
+	SMBSRV_TALLOC_IO_PTR(io, union smb_write);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_writeunlock_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	io->writeunlock.level = RAW_WRITE_WRITEUNLOCK;
+	io->writeunlock.in.file.ntvfs  = smbsrv_pull_fnum(req, req->in.vwv, VWV(0));
+	io->writeunlock.in.count       = SVAL(req->in.vwv, VWV(1));
+	io->writeunlock.in.offset      = IVAL(req->in.vwv, VWV(2));
+	io->writeunlock.in.remaining   = SVAL(req->in.vwv, VWV(4));
+	io->writeunlock.in.data        = req->in.data + 3;
+
+	/* make sure they gave us the data they promised */
+	if (io->writeunlock.in.count+3 > req->in.data_size) {
+		smbsrv_send_error(req, NT_STATUS_FOOBAR);
+		return;
+	}
+
+	/* make sure the data block is big enough */
+	if (SVAL(req->in.data, 1) < io->writeunlock.in.count) {
+		smbsrv_send_error(req, NT_STATUS_FOOBAR);
+		return;
+	}
+
+	SMBSRV_CHECK_FILE_HANDLE(io->writeunlock.in.file.ntvfs);
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_write(req->ntvfs, io));
+}
+
+
+
+/****************************************************************************
+ Reply to a write (async reply)
+****************************************************************************/
+static void reply_write_send(struct ntvfs_request *ntvfs)
+{
+	struct smbsrv_request *req;
+	union smb_write *io;
+	
+	SMBSRV_CHECK_ASYNC_STATUS(io, union smb_write);
+
+	/* construct reply */
+	smbsrv_setup_reply(req, 1, 0);
+
+	SSVAL(req->out.vwv, VWV(0), io->write.out.nwritten);
+
+	smbsrv_send_reply(req);
+}
+
+/****************************************************************************
+ Reply to a write
+****************************************************************************/
+void smbsrv_reply_write(struct smbsrv_request *req)
+{
+	union smb_write *io;
+
+	SMBSRV_CHECK_WCT(req, 5);
+	SMBSRV_TALLOC_IO_PTR(io, union smb_write);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_write_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	io->write.level = RAW_WRITE_WRITE;
+	io->write.in.file.ntvfs  = smbsrv_pull_fnum(req, req->in.vwv, VWV(0));
+	io->write.in.count       = SVAL(req->in.vwv, VWV(1));
+	io->write.in.offset      = IVAL(req->in.vwv, VWV(2));
+	io->write.in.remaining   = SVAL(req->in.vwv, VWV(4));
+	io->write.in.data        = req->in.data + 3;
+
+	/* make sure they gave us the data they promised */
+	if (req_data_oob(&req->in.bufinfo, io->write.in.data, io->write.in.count)) {
+		smbsrv_send_error(req, NT_STATUS_FOOBAR);
+		return;
+	}
+
+	/* make sure the data block is big enough */
+	if (SVAL(req->in.data, 1) < io->write.in.count) {
+		smbsrv_send_error(req, NT_STATUS_FOOBAR);
+		return;
+	}
+
+	SMBSRV_CHECK_FILE_HANDLE(io->write.in.file.ntvfs);
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_write(req->ntvfs, io));
+}
+
+
+/****************************************************************************
+ Reply to a write and X (async reply)
+****************************************************************************/
+static void reply_write_and_X_send(struct ntvfs_request *ntvfs)
+{
+	struct smbsrv_request *req;
+	union smb_write *io;
+
+	SMBSRV_CHECK_ASYNC_STATUS(io, union smb_write);
+
+	/* construct reply */
+	smbsrv_setup_reply(req, 6, 0);
+
+	SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
+	SSVAL(req->out.vwv, VWV(1), 0);
+	SSVAL(req->out.vwv, VWV(2), io->writex.out.nwritten & 0xFFFF);
+	SSVAL(req->out.vwv, VWV(3), io->writex.out.remaining);
+	SSVAL(req->out.vwv, VWV(4), io->writex.out.nwritten >> 16);
+	SMBSRV_VWV_RESERVED(5, 1);
+
+	smbsrv_chain_reply(req);
+}
+
+/****************************************************************************
+ Reply to a write and X.
+****************************************************************************/
+void smbsrv_reply_write_and_X(struct smbsrv_request *req)
+{
+	union smb_write *io;
+	
+	if (req->in.wct != 14) {
+		SMBSRV_CHECK_WCT(req, 12);
+	}
+
+	SMBSRV_TALLOC_IO_PTR(io, union smb_write);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_write_and_X_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	io->writex.level = RAW_WRITE_WRITEX;
+	io->writex.in.file.ntvfs= smbsrv_pull_fnum(req, req->in.vwv, VWV(2));
+	io->writex.in.offset    = IVAL(req->in.vwv, VWV(3));
+	io->writex.in.wmode     = SVAL(req->in.vwv, VWV(7));
+	io->writex.in.remaining = SVAL(req->in.vwv, VWV(8));
+	io->writex.in.count     = SVAL(req->in.vwv, VWV(10));
+	io->writex.in.data      = req->in.hdr + SVAL(req->in.vwv, VWV(11));
+
+	if (req->in.wct == 14) {
+		uint32_t offset_high = IVAL(req->in.vwv, VWV(12));
+		uint16_t count_high = SVAL(req->in.vwv, VWV(9));
+		io->writex.in.offset |= (((uint64_t)offset_high) << 32);
+		io->writex.in.count |= ((uint32_t)count_high) << 16;
+	}
+
+	/* make sure the data is in bounds */
+	if (req_data_oob(&req->in.bufinfo, io->writex.in.data, io->writex.in.count)) {
+		smbsrv_send_error(req, NT_STATUS_DOS(ERRSRV, ERRerror));
+		return;
+	}
+
+	SMBSRV_CHECK_FILE_HANDLE(io->writex.in.file.ntvfs);
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_write(req->ntvfs, io));
+}
+
+
+/****************************************************************************
+ Reply to a lseek (async reply)
+****************************************************************************/
+static void reply_lseek_send(struct ntvfs_request *ntvfs)
+{
+	struct smbsrv_request *req;
+	union smb_seek *io;
+
+	SMBSRV_CHECK_ASYNC_STATUS(io, union smb_seek);
+
+	/* construct reply */
+	smbsrv_setup_reply(req, 2, 0);
+
+	SIVALS(req->out.vwv, VWV(0), io->lseek.out.offset);
+
+	smbsrv_send_reply(req);
+}
+
+/****************************************************************************
+ Reply to a lseek.
+****************************************************************************/
+void smbsrv_reply_lseek(struct smbsrv_request *req)
+{
+	union smb_seek *io;
+
+	SMBSRV_CHECK_WCT(req, 4);
+	SMBSRV_TALLOC_IO_PTR(io, union smb_seek);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_lseek_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	io->lseek.in.file.ntvfs	= smbsrv_pull_fnum(req, req->in.vwv,  VWV(0));
+	io->lseek.in.mode	= SVAL(req->in.vwv,  VWV(1));
+	io->lseek.in.offset	= IVALS(req->in.vwv, VWV(2));
+
+	SMBSRV_CHECK_FILE_HANDLE(io->lseek.in.file.ntvfs);
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_seek(req->ntvfs, io));
+}
+
+/****************************************************************************
+ Reply to a flush.
+****************************************************************************/
+void smbsrv_reply_flush(struct smbsrv_request *req)
+{
+	union smb_flush *io;
+	uint16_t fnum;
+
+	/* parse request */
+	SMBSRV_CHECK_WCT(req, 1);
+	SMBSRV_TALLOC_IO_PTR(io, union smb_flush);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_simple_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	fnum = SVAL(req->in.vwv,  VWV(0));
+	if (fnum == 0xFFFF) {
+		io->flush_all.level	= RAW_FLUSH_ALL;
+	} else {
+		io->flush.level		= RAW_FLUSH_FLUSH;
+		io->flush.in.file.ntvfs = smbsrv_pull_fnum(req, req->in.vwv,  VWV(0));
+		SMBSRV_CHECK_FILE_HANDLE(io->flush.in.file.ntvfs);
+	}
+
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_flush(req->ntvfs, io));
+}
+
+/****************************************************************************
+ Reply to a close 
+
+ Note that this has to deal with closing a directory opened by NT SMB's.
+****************************************************************************/
+void smbsrv_reply_close(struct smbsrv_request *req)
+{
+	union smb_close *io;
+
+	/* parse request */
+	SMBSRV_CHECK_WCT(req, 3);
+	SMBSRV_TALLOC_IO_PTR(io, union smb_close);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_simple_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	io->close.level = RAW_CLOSE_CLOSE;
+	io->close.in.file.ntvfs = smbsrv_pull_fnum(req, req->in.vwv,  VWV(0));
+	io->close.in.write_time = srv_pull_dos_date3(req->smb_conn, req->in.vwv + VWV(1));
+
+	SMBSRV_CHECK_FILE_HANDLE(io->close.in.file.ntvfs);
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_close(req->ntvfs, io));
+}
+
+
+/****************************************************************************
+ Reply to a writeclose (async reply)
+****************************************************************************/
+static void reply_writeclose_send(struct ntvfs_request *ntvfs)
+{
+	struct smbsrv_request *req;
+	union smb_write *io;
+
+	SMBSRV_CHECK_ASYNC_STATUS(io, union smb_write);
+
+	/* construct reply */
+	smbsrv_setup_reply(req, 1, 0);
+
+	SSVAL(req->out.vwv, VWV(0), io->write.out.nwritten);
+
+	smbsrv_send_reply(req);
+}
+
+/****************************************************************************
+ Reply to a writeclose (Core+ protocol).
+****************************************************************************/
+void smbsrv_reply_writeclose(struct smbsrv_request *req)
+{
+	union smb_write *io;
+
+	/* this one is pretty weird - the wct can be 6 or 12 */
+	if (req->in.wct != 12) {
+		SMBSRV_CHECK_WCT(req, 6);
+	}
+
+	SMBSRV_TALLOC_IO_PTR(io, union smb_write);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_writeclose_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	io->writeclose.level		= RAW_WRITE_WRITECLOSE;
+	io->writeclose.in.file.ntvfs	= smbsrv_pull_fnum(req, req->in.vwv, VWV(0));
+	io->writeclose.in.count		= SVAL(req->in.vwv, VWV(1));
+	io->writeclose.in.offset	= IVAL(req->in.vwv, VWV(2));
+	io->writeclose.in.mtime		= srv_pull_dos_date3(req->smb_conn, req->in.vwv + VWV(4));
+	io->writeclose.in.data		= req->in.data + 1;
+
+	/* make sure they gave us the data they promised */
+	if (req_data_oob(&req->in.bufinfo, io->writeclose.in.data, io->writeclose.in.count)) {
+		smbsrv_send_error(req, NT_STATUS_FOOBAR);
+		return;
+	}
+
+	SMBSRV_CHECK_FILE_HANDLE(io->writeclose.in.file.ntvfs);
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_write(req->ntvfs, io));
+}
+
+/****************************************************************************
+ Reply to a lock.
+****************************************************************************/
+void smbsrv_reply_lock(struct smbsrv_request *req)
+{
+	union smb_lock *lck;
+
+	/* parse request */
+	SMBSRV_CHECK_WCT(req, 5);
+	SMBSRV_TALLOC_IO_PTR(lck, union smb_lock);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_simple_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	lck->lock.level		= RAW_LOCK_LOCK;
+	lck->lock.in.file.ntvfs	= smbsrv_pull_fnum(req, req->in.vwv, VWV(0));
+	lck->lock.in.count	= IVAL(req->in.vwv, VWV(1));
+	lck->lock.in.offset	= IVAL(req->in.vwv, VWV(3));
+
+	SMBSRV_CHECK_FILE_HANDLE(lck->lock.in.file.ntvfs);
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_lock(req->ntvfs, lck));
+}
+
+
+/****************************************************************************
+ Reply to a unlock.
+****************************************************************************/
+void smbsrv_reply_unlock(struct smbsrv_request *req)
+{
+	union smb_lock *lck;
+
+	/* parse request */
+	SMBSRV_CHECK_WCT(req, 5);
+	SMBSRV_TALLOC_IO_PTR(lck, union smb_lock);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_simple_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	lck->unlock.level		= RAW_LOCK_UNLOCK;
+	lck->unlock.in.file.ntvfs	= smbsrv_pull_fnum(req, req->in.vwv, VWV(0));
+	lck->unlock.in.count 		= IVAL(req->in.vwv, VWV(1));
+	lck->unlock.in.offset		= IVAL(req->in.vwv, VWV(3));
+
+	SMBSRV_CHECK_FILE_HANDLE(lck->unlock.in.file.ntvfs);
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_lock(req->ntvfs, lck));
+}
+
+
+/****************************************************************************
+ Reply to a tdis.
+****************************************************************************/
+void smbsrv_reply_tdis(struct smbsrv_request *req)
+{
+	struct smbsrv_handle *h, *nh;
+
+	SMBSRV_CHECK_WCT(req, 0);
+
+	/*
+	 * TODO: cancel all pending requests on this tcon
+	 */
+
+	/*
+	 * close all handles on this tcon
+	 */
+	for (h=req->tcon->handles.list; h; h=nh) {
+		nh = h->next;
+		talloc_free(h);
+	}
+
+	/* finally destroy the tcon */
+	talloc_free(req->tcon);
+	req->tcon = NULL;
+
+	smbsrv_setup_reply(req, 0, 0);
+	smbsrv_send_reply(req);
+}
+
+
+/****************************************************************************
+ Reply to a echo. This is one of the few calls that is handled directly (the
+ backends don't see it at all)
+****************************************************************************/
+void smbsrv_reply_echo(struct smbsrv_request *req)
+{
+	uint16_t count;
+	int i;
+
+	SMBSRV_CHECK_WCT(req, 1);
+
+	count = SVAL(req->in.vwv, VWV(0));
+
+	smbsrv_setup_reply(req, 1, req->in.data_size);
+
+	memcpy(req->out.data, req->in.data, req->in.data_size);
+
+	for (i=1; i <= count;i++) {
+		struct smbsrv_request *this_req;
+		
+		if (i != count) {
+			this_req = smbsrv_setup_secondary_request(req);
+		} else {
+			this_req = req;
+		}
+
+		SSVAL(this_req->out.vwv, VWV(0), i);
+		smbsrv_send_reply(this_req);
+	}
+}
+
+
+
+/****************************************************************************
+ Reply to a printopen (async reply)
+****************************************************************************/
+static void reply_printopen_send(struct ntvfs_request *ntvfs)
+{
+	struct smbsrv_request *req;
+	union smb_open *oi;
+
+	SMBSRV_CHECK_ASYNC_STATUS(oi, union smb_open);
+
+	/* construct reply */
+	smbsrv_setup_reply(req, 1, 0);
+
+	smbsrv_push_fnum(req->out.vwv, VWV(0), oi->openold.out.file.ntvfs);
+
+	smbsrv_send_reply(req);
+}
+
+/****************************************************************************
+ Reply to a printopen.
+****************************************************************************/
+void smbsrv_reply_printopen(struct smbsrv_request *req)
+{
+	union smb_open *oi;
+
+	/* parse request */
+	SMBSRV_CHECK_WCT(req, 2);
+	SMBSRV_TALLOC_IO_PTR(oi, union smb_open);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_printopen_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	oi->splopen.level = RAW_OPEN_SPLOPEN;
+	oi->splopen.in.setup_length = SVAL(req->in.vwv, VWV(0));
+	oi->splopen.in.mode         = SVAL(req->in.vwv, VWV(1));
+
+	req_pull_ascii4(&req->in.bufinfo, &oi->splopen.in.ident, req->in.data, STR_TERMINATE);
+
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_open(req->ntvfs, oi));
+}
+
+/****************************************************************************
+ Reply to a printclose.
+****************************************************************************/
+void smbsrv_reply_printclose(struct smbsrv_request *req)
+{
+	union smb_close *io;
+
+	/* parse request */
+	SMBSRV_CHECK_WCT(req, 3);
+	SMBSRV_TALLOC_IO_PTR(io, union smb_close);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_simple_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	io->splclose.level		= RAW_CLOSE_SPLCLOSE;
+	io->splclose.in.file.ntvfs	= smbsrv_pull_fnum(req, req->in.vwv,  VWV(0));
+
+	SMBSRV_CHECK_FILE_HANDLE(io->splclose.in.file.ntvfs);
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_close(req->ntvfs, io));
+}
+
+/****************************************************************************
+ Reply to a printqueue.
+****************************************************************************/
+static void reply_printqueue_send(struct ntvfs_request *ntvfs)
+{
+	struct smbsrv_request *req;
+	union smb_lpq *lpq;
+	int i, maxcount;
+	const unsigned int el_size = 28;
+
+	SMBSRV_CHECK_ASYNC_STATUS(lpq,union smb_lpq);
+
+	/* construct reply */
+	smbsrv_setup_reply(req, 2, 0);
+
+	/* truncate the returned list to fit in the negotiated buffer size */
+	maxcount = (req_max_data(req) - 3) / el_size;
+	if (maxcount < lpq->retq.out.count) {
+		lpq->retq.out.count = maxcount;
+	}
+
+	/* setup enough space in the reply */
+	req_grow_data(req, 3 + el_size*lpq->retq.out.count);
+	
+	/* and fill it in */
+	SSVAL(req->out.vwv, VWV(0), lpq->retq.out.count);
+	SSVAL(req->out.vwv, VWV(1), lpq->retq.out.restart_idx);
+
+	SCVAL(req->out.data, 0, SMB_DATA_BLOCK);
+	SSVAL(req->out.data, 1, el_size*lpq->retq.out.count);
+
+	req->out.ptr = req->out.data + 3;
+
+	for (i=0;i<lpq->retq.out.count;i++) {
+		srv_push_dos_date2(req->smb_conn, req->out.ptr, 0 , lpq->retq.out.queue[i].time);
+		SCVAL(req->out.ptr,  4, lpq->retq.out.queue[i].status);
+		SSVAL(req->out.ptr,  5, lpq->retq.out.queue[i].job);
+		SIVAL(req->out.ptr,  7, lpq->retq.out.queue[i].size);
+		SCVAL(req->out.ptr, 11, 0); /* reserved */
+		req_push_str(req, req->out.ptr+12, lpq->retq.out.queue[i].user, 16, STR_ASCII);
+		req->out.ptr += el_size;
+	}
+
+	smbsrv_send_reply(req);
+}
+
+/****************************************************************************
+ Reply to a printqueue.
+****************************************************************************/
+void smbsrv_reply_printqueue(struct smbsrv_request *req)
+{
+	union smb_lpq *lpq;
+
+	/* parse request */
+	SMBSRV_CHECK_WCT(req, 2);
+	SMBSRV_TALLOC_IO_PTR(lpq, union smb_lpq);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_printqueue_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	lpq->retq.level = RAW_LPQ_RETQ;
+	lpq->retq.in.maxcount = SVAL(req->in.vwv,  VWV(0));
+	lpq->retq.in.startidx = SVAL(req->in.vwv,  VWV(1));
+
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_lpq(req->ntvfs, lpq));
+}
+
+
+/****************************************************************************
+ Reply to a printwrite.
+****************************************************************************/
+void smbsrv_reply_printwrite(struct smbsrv_request *req)
+{
+	union smb_write *io;
+
+	/* parse request */
+	SMBSRV_CHECK_WCT(req, 1);
+	SMBSRV_TALLOC_IO_PTR(io, union smb_write);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_simple_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	if (req->in.data_size < 3) {
+		smbsrv_send_error(req, NT_STATUS_FOOBAR);
+		return;
+	}
+
+	io->splwrite.level		= RAW_WRITE_SPLWRITE;
+	io->splwrite.in.file.ntvfs	= smbsrv_pull_fnum(req, req->in.vwv, VWV(0));
+	io->splwrite.in.count		= SVAL(req->in.data, 1);
+	io->splwrite.in.data		= req->in.data + 3;
+
+	/* make sure they gave us the data they promised */
+	if (req_data_oob(&req->in.bufinfo, io->splwrite.in.data, io->splwrite.in.count)) {
+		smbsrv_send_error(req, NT_STATUS_FOOBAR);
+		return;
+	}
+
+	SMBSRV_CHECK_FILE_HANDLE(io->splwrite.in.file.ntvfs);
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_write(req->ntvfs, io));
+}
+
+
+/****************************************************************************
+ Reply to a mkdir.
+****************************************************************************/
+void smbsrv_reply_mkdir(struct smbsrv_request *req)
+{
+	union smb_mkdir *io;
+
+	/* parse the request */
+	SMBSRV_CHECK_WCT(req, 0);
+	SMBSRV_TALLOC_IO_PTR(io, union smb_mkdir);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_simple_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	io->generic.level = RAW_MKDIR_MKDIR;
+	req_pull_ascii4(&req->in.bufinfo, &io->mkdir.in.path, req->in.data, STR_TERMINATE);
+
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_mkdir(req->ntvfs, io));
+}
+
+
+/****************************************************************************
+ Reply to a rmdir.
+****************************************************************************/
+void smbsrv_reply_rmdir(struct smbsrv_request *req)
+{
+	struct smb_rmdir *io;
+ 
+	/* parse the request */
+	SMBSRV_CHECK_WCT(req, 0);
+	SMBSRV_TALLOC_IO_PTR(io, struct smb_rmdir);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_simple_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	req_pull_ascii4(&req->in.bufinfo, &io->in.path, req->in.data, STR_TERMINATE);
+
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_rmdir(req->ntvfs, io));
+}
+
+
+/****************************************************************************
+ Reply to a mv.
+****************************************************************************/
+void smbsrv_reply_mv(struct smbsrv_request *req)
+{
+	union smb_rename *io;
+	uint8_t *p;
+ 
+	/* parse the request */
+	SMBSRV_CHECK_WCT(req, 1);
+	SMBSRV_TALLOC_IO_PTR(io, union smb_rename);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_simple_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	io->generic.level = RAW_RENAME_RENAME;
+	io->rename.in.attrib = SVAL(req->in.vwv, VWV(0));
+
+	p = req->in.data;
+	p += req_pull_ascii4(&req->in.bufinfo, &io->rename.in.pattern1, p, STR_TERMINATE);
+	p += req_pull_ascii4(&req->in.bufinfo, &io->rename.in.pattern2, p, STR_TERMINATE);
+
+	if (!io->rename.in.pattern1 || !io->rename.in.pattern2) {
+		smbsrv_send_error(req, NT_STATUS_FOOBAR);
+		return;
+	}
+
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_rename(req->ntvfs, io));
+}
+
+
+/****************************************************************************
+ Reply to an NT rename.
+****************************************************************************/
+void smbsrv_reply_ntrename(struct smbsrv_request *req)
+{
+	union smb_rename *io;
+	uint8_t *p;
+ 
+	/* parse the request */
+	SMBSRV_CHECK_WCT(req, 4);
+	SMBSRV_TALLOC_IO_PTR(io, union smb_rename);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_simple_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	io->generic.level = RAW_RENAME_NTRENAME;
+	io->ntrename.in.attrib  = SVAL(req->in.vwv, VWV(0));
+	io->ntrename.in.flags   = SVAL(req->in.vwv, VWV(1));
+	io->ntrename.in.cluster_size = IVAL(req->in.vwv, VWV(2));
+
+	p = req->in.data;
+	p += req_pull_ascii4(&req->in.bufinfo, &io->ntrename.in.old_name, p, STR_TERMINATE);
+	p += req_pull_ascii4(&req->in.bufinfo, &io->ntrename.in.new_name, p, STR_TERMINATE);
+
+	if (!io->ntrename.in.old_name || !io->ntrename.in.new_name) {
+		smbsrv_send_error(req, NT_STATUS_FOOBAR);
+		return;
+	}
+
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_rename(req->ntvfs, io));
+}
+
+/****************************************************************************
+ Reply to a file copy (async reply)
+****************************************************************************/
+static void reply_copy_send(struct ntvfs_request *ntvfs)
+{
+	struct smbsrv_request *req;
+	struct smb_copy *cp;
+
+	SMBSRV_CHECK_ASYNC_STATUS(cp, struct smb_copy);
+
+	/* build the reply */
+	smbsrv_setup_reply(req, 1, 0);
+
+	SSVAL(req->out.vwv, VWV(0), cp->out.count);
+
+	smbsrv_send_reply(req);
+}
+
+/****************************************************************************
+ Reply to a file copy.
+****************************************************************************/
+void smbsrv_reply_copy(struct smbsrv_request *req)
+{
+	struct smb_copy *cp;
+	uint8_t *p;
+
+	/* parse request */
+	SMBSRV_CHECK_WCT(req, 3);
+	SMBSRV_TALLOC_IO_PTR(cp, struct smb_copy);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_copy_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	cp->in.tid2  = SVAL(req->in.vwv, VWV(0));
+	cp->in.ofun  = SVAL(req->in.vwv, VWV(1));
+	cp->in.flags = SVAL(req->in.vwv, VWV(2));
+
+	p = req->in.data;
+	p += req_pull_ascii4(&req->in.bufinfo, &cp->in.path1, p, STR_TERMINATE);
+	p += req_pull_ascii4(&req->in.bufinfo, &cp->in.path2, p, STR_TERMINATE);
+
+	if (!cp->in.path1 || !cp->in.path2) {
+		smbsrv_send_error(req, NT_STATUS_FOOBAR);
+		return;
+	}
+
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_copy(req->ntvfs, cp));
+}
+
+/****************************************************************************
+ Reply to a lockingX request (async send)
+****************************************************************************/
+static void reply_lockingX_send(struct ntvfs_request *ntvfs)
+{
+	struct smbsrv_request *req;
+	union smb_lock *lck;
+
+	SMBSRV_CHECK_ASYNC_STATUS(lck, union smb_lock);
+
+	/* if it was an oplock break ack then we only send a reply if
+	   there was an error */
+	if (lck->lockx.in.ulock_cnt + lck->lockx.in.lock_cnt == 0) {
+		talloc_free(req);
+		return;
+	}
+
+	/* construct reply */
+	smbsrv_setup_reply(req, 2, 0);
+	
+	SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
+	SSVAL(req->out.vwv, VWV(1), 0);
+
+	smbsrv_chain_reply(req);
+}
+
+
+/****************************************************************************
+ Reply to a lockingX request.
+****************************************************************************/
+void smbsrv_reply_lockingX(struct smbsrv_request *req)
+{
+	union smb_lock *lck;
+	unsigned int total_locks, i;
+	unsigned int lck_size;
+	uint8_t *p;
+
+	/* parse request */
+	SMBSRV_CHECK_WCT(req, 8);
+	SMBSRV_TALLOC_IO_PTR(lck, union smb_lock);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_lockingX_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	lck->lockx.level = RAW_LOCK_LOCKX;
+	lck->lockx.in.file.ntvfs= smbsrv_pull_fnum(req, req->in.vwv, VWV(2));
+	lck->lockx.in.mode      = SVAL(req->in.vwv, VWV(3));
+	lck->lockx.in.timeout   = IVAL(req->in.vwv, VWV(4));
+	lck->lockx.in.ulock_cnt = SVAL(req->in.vwv, VWV(6));
+	lck->lockx.in.lock_cnt  = SVAL(req->in.vwv, VWV(7));
+
+	total_locks = lck->lockx.in.ulock_cnt + lck->lockx.in.lock_cnt;
+
+	/* there are two variants, one with 64 bit offsets and counts */
+	if (lck->lockx.in.mode & LOCKING_ANDX_LARGE_FILES) {
+		lck_size = 20;
+	} else {
+		lck_size = 10;		
+	}
+
+	/* make sure we got the promised data */
+	if (req_data_oob(&req->in.bufinfo, req->in.data, total_locks * lck_size)) {
+		smbsrv_send_error(req, NT_STATUS_FOOBAR);
+		return;
+	}
+
+	/* allocate the locks array */
+	if (total_locks) {
+		lck->lockx.in.locks = talloc_array(req, struct smb_lock_entry, 
+						   total_locks);
+		if (lck->lockx.in.locks == NULL) {
+			smbsrv_send_error(req, NT_STATUS_NO_MEMORY);
+			return;
+		}
+	}
+
+	p = req->in.data;
+
+	/* construct the locks array */
+	for (i=0;i<total_locks;i++) {
+		uint32_t ofs_high=0, count_high=0;
+
+		lck->lockx.in.locks[i].pid = SVAL(p, 0);
+
+		if (lck->lockx.in.mode & LOCKING_ANDX_LARGE_FILES) {
+			ofs_high   = IVAL(p, 4);
+			lck->lockx.in.locks[i].offset = IVAL(p, 8);
+			count_high = IVAL(p, 12);
+			lck->lockx.in.locks[i].count  = IVAL(p, 16);
+		} else {
+			lck->lockx.in.locks[i].offset = IVAL(p, 2);
+			lck->lockx.in.locks[i].count  = IVAL(p, 6);
+		}
+		if (ofs_high != 0 || count_high != 0) {
+			lck->lockx.in.locks[i].count  |= ((uint64_t)count_high) << 32;
+			lck->lockx.in.locks[i].offset |= ((uint64_t)ofs_high) << 32;
+		}
+		p += lck_size;
+	}
+
+	SMBSRV_CHECK_FILE_HANDLE(lck->lockx.in.file.ntvfs);
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_lock(req->ntvfs, lck));
+}
+
+/****************************************************************************
+ Reply to a SMBreadbmpx (read block multiplex) request.
+****************************************************************************/
+void smbsrv_reply_readbmpx(struct smbsrv_request *req)
+{
+	/* tell the client to not use a multiplexed read - its too broken to use */
+	smbsrv_send_error(req, NT_STATUS_DOS(ERRSRV, ERRuseSTD));
+}
+
+
+/****************************************************************************
+ Reply to a SMBsetattrE.
+****************************************************************************/
+void smbsrv_reply_setattrE(struct smbsrv_request *req)
+{
+	union smb_setfileinfo *info;
+
+	/* parse request */
+	SMBSRV_CHECK_WCT(req, 7);
+	SMBSRV_TALLOC_IO_PTR(info, union smb_setfileinfo);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_simple_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	info->setattre.level = RAW_SFILEINFO_SETATTRE;
+	info->setattre.in.file.ntvfs  = smbsrv_pull_fnum(req, req->in.vwv,    VWV(0));
+	info->setattre.in.create_time = srv_pull_dos_date2(req->smb_conn, req->in.vwv + VWV(1));
+	info->setattre.in.access_time = srv_pull_dos_date2(req->smb_conn, req->in.vwv + VWV(3));
+	info->setattre.in.write_time  = srv_pull_dos_date2(req->smb_conn, req->in.vwv + VWV(5));
+
+	SMBSRV_CHECK_FILE_HANDLE(info->setattre.in.file.ntvfs);
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_setfileinfo(req->ntvfs, info));
+}
+
+
+/****************************************************************************
+ Reply to a SMBwritebmpx (write block multiplex primary) request.
+****************************************************************************/
+void smbsrv_reply_writebmpx(struct smbsrv_request *req)
+{
+	smbsrv_send_error(req, NT_STATUS_DOS(ERRSRV, ERRuseSTD));
+}
+
+
+/****************************************************************************
+ Reply to a SMBwritebs (write block multiplex secondary) request.
+****************************************************************************/
+void smbsrv_reply_writebs(struct smbsrv_request *req)
+{
+	smbsrv_send_error(req, NT_STATUS_DOS(ERRSRV, ERRuseSTD));
+}
+
+
+
+/****************************************************************************
+ Reply to a SMBgetattrE (async reply)
+****************************************************************************/
+static void reply_getattrE_send(struct ntvfs_request *ntvfs)
+{
+	struct smbsrv_request *req;
+	union smb_fileinfo *info;
+
+	SMBSRV_CHECK_ASYNC_STATUS(info, union smb_fileinfo);
+
+	/* setup reply */
+	smbsrv_setup_reply(req, 11, 0);
+
+	srv_push_dos_date2(req->smb_conn, req->out.vwv, VWV(0), info->getattre.out.create_time);
+	srv_push_dos_date2(req->smb_conn, req->out.vwv, VWV(2), info->getattre.out.access_time);
+	srv_push_dos_date2(req->smb_conn, req->out.vwv, VWV(4), info->getattre.out.write_time);
+	SIVAL(req->out.vwv,         VWV(6), info->getattre.out.size);
+	SIVAL(req->out.vwv,         VWV(8), info->getattre.out.alloc_size);
+	SSVAL(req->out.vwv,        VWV(10), info->getattre.out.attrib);
+
+	smbsrv_send_reply(req);
+}
+
+/****************************************************************************
+ Reply to a SMBgetattrE.
+****************************************************************************/
+void smbsrv_reply_getattrE(struct smbsrv_request *req)
+{
+	union smb_fileinfo *info;
+
+	/* parse request */
+	SMBSRV_CHECK_WCT(req, 1);
+	SMBSRV_TALLOC_IO_PTR(info, union smb_fileinfo);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_getattrE_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	info->getattr.level		= RAW_FILEINFO_GETATTRE;
+	info->getattr.in.file.ntvfs	= smbsrv_pull_fnum(req, req->in.vwv, VWV(0));
+
+	SMBSRV_CHECK_FILE_HANDLE(info->getattr.in.file.ntvfs);
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_qfileinfo(req->ntvfs, info));
+}
+
+void smbsrv_reply_sesssetup_send(struct smbsrv_request *req,
+				 union smb_sesssetup *io,
+				 NTSTATUS status)
+{
+	switch (io->old.level) {
+	case RAW_SESSSETUP_OLD:
+		if (!NT_STATUS_IS_OK(status)) {
+			smbsrv_send_error(req, status);
+			return;
+		}
+
+		/* construct reply */
+		smbsrv_setup_reply(req, 3, 0);
+
+		SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
+		SSVAL(req->out.vwv, VWV(1), 0);
+		SSVAL(req->out.vwv, VWV(2), io->old.out.action);
+
+		SSVAL(req->out.hdr, HDR_UID, io->old.out.vuid);
+
+		smbsrv_chain_reply(req);
+		return;
+
+	case RAW_SESSSETUP_NT1:
+		if (!NT_STATUS_IS_OK(status)) {
+			smbsrv_send_error(req, status);
+			return;
+		}
+
+		/* construct reply */
+		smbsrv_setup_reply(req, 3, 0);
+
+		SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
+		SSVAL(req->out.vwv, VWV(1), 0);
+		SSVAL(req->out.vwv, VWV(2), io->nt1.out.action);
+
+		SSVAL(req->out.hdr, HDR_UID, io->nt1.out.vuid);
+
+		req_push_str(req, NULL, io->nt1.out.os, -1, STR_TERMINATE);
+		req_push_str(req, NULL, io->nt1.out.lanman, -1, STR_TERMINATE);
+		req_push_str(req, NULL, io->nt1.out.domain, -1, STR_TERMINATE);
+
+		smbsrv_chain_reply(req);
+		return;
+
+	case RAW_SESSSETUP_SPNEGO:
+		if (!NT_STATUS_IS_OK(status) && 
+		    !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+			smbsrv_send_error(req, status);
+			return;
+		}
+
+		/* construct reply */
+		smbsrv_setup_reply(req, 4, io->spnego.out.secblob.length);
+
+		if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+			smbsrv_setup_error(req, status);
+		}
+
+		SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
+		SSVAL(req->out.vwv, VWV(1), 0);
+		SSVAL(req->out.vwv, VWV(2), io->spnego.out.action);
+		SSVAL(req->out.vwv, VWV(3), io->spnego.out.secblob.length);
+
+		SSVAL(req->out.hdr, HDR_UID, io->spnego.out.vuid);
+
+		memcpy(req->out.data, io->spnego.out.secblob.data, io->spnego.out.secblob.length);
+		req_push_str(req, NULL, io->spnego.out.os,        -1, STR_TERMINATE);
+		req_push_str(req, NULL, io->spnego.out.lanman,    -1, STR_TERMINATE);
+		req_push_str(req, NULL, io->spnego.out.workgroup, -1, STR_TERMINATE);
+
+		smbsrv_chain_reply(req);
+		return;
+
+	case RAW_SESSSETUP_SMB2:
+		break;
+	}
+
+	smbsrv_send_error(req, NT_STATUS_INTERNAL_ERROR);
+}
+
+/****************************************************************************
+reply to an old style session setup command
+****************************************************************************/
+static void reply_sesssetup_old(struct smbsrv_request *req)
+{
+	uint8_t *p;
+	uint16_t passlen;
+	union smb_sesssetup *io;
+
+	SMBSRV_TALLOC_IO_PTR(io, union smb_sesssetup);
+
+	io->old.level = RAW_SESSSETUP_OLD;
+
+	/* parse request */
+	io->old.in.bufsize = SVAL(req->in.vwv, VWV(2));
+	io->old.in.mpx_max = SVAL(req->in.vwv, VWV(3));
+	io->old.in.vc_num  = SVAL(req->in.vwv, VWV(4));
+	io->old.in.sesskey = IVAL(req->in.vwv, VWV(5));
+	passlen            = SVAL(req->in.vwv, VWV(7));
+
+	/* check the request isn't malformed */
+	if (req_data_oob(&req->in.bufinfo, req->in.data, passlen)) {
+		smbsrv_send_error(req, NT_STATUS_FOOBAR);
+		return;
+	}
+	
+	p = req->in.data;
+	if (!req_pull_blob(&req->in.bufinfo, p, passlen, &io->old.in.password)) {
+		smbsrv_send_error(req, NT_STATUS_FOOBAR);
+		return;
+	}
+	p += passlen;
+	
+	p += req_pull_string(&req->in.bufinfo, &io->old.in.user,   p, -1, STR_TERMINATE);
+	p += req_pull_string(&req->in.bufinfo, &io->old.in.domain, p, -1, STR_TERMINATE);
+	p += req_pull_string(&req->in.bufinfo, &io->old.in.os,     p, -1, STR_TERMINATE);
+	p += req_pull_string(&req->in.bufinfo, &io->old.in.lanman, p, -1, STR_TERMINATE);
+
+	/* call the generic handler */
+	smbsrv_sesssetup_backend(req, io);
+}
+
+/****************************************************************************
+reply to an NT1 style session setup command
+****************************************************************************/
+static void reply_sesssetup_nt1(struct smbsrv_request *req)
+{
+	uint8_t *p;
+	uint16_t passlen1, passlen2;
+	union smb_sesssetup *io;
+
+	SMBSRV_TALLOC_IO_PTR(io, union smb_sesssetup);
+
+	io->nt1.level = RAW_SESSSETUP_NT1;
+
+	/* parse request */
+	io->nt1.in.bufsize      = SVAL(req->in.vwv, VWV(2));
+	io->nt1.in.mpx_max      = SVAL(req->in.vwv, VWV(3));
+	io->nt1.in.vc_num       = SVAL(req->in.vwv, VWV(4));
+	io->nt1.in.sesskey      = IVAL(req->in.vwv, VWV(5));
+	passlen1                = SVAL(req->in.vwv, VWV(7));
+	passlen2                = SVAL(req->in.vwv, VWV(8));
+	io->nt1.in.capabilities = IVAL(req->in.vwv, VWV(11));
+
+	/* check the request isn't malformed */
+	if (req_data_oob(&req->in.bufinfo, req->in.data, passlen1) ||
+	    req_data_oob(&req->in.bufinfo, req->in.data + passlen1, passlen2)) {
+		smbsrv_send_error(req, NT_STATUS_FOOBAR);
+		return;
+	}
+	
+	p = req->in.data;
+	if (!req_pull_blob(&req->in.bufinfo, p, passlen1, &io->nt1.in.password1)) {
+		smbsrv_send_error(req, NT_STATUS_FOOBAR);
+		return;
+	}
+	p += passlen1;
+	if (!req_pull_blob(&req->in.bufinfo, p, passlen2, &io->nt1.in.password2)) {
+		smbsrv_send_error(req, NT_STATUS_FOOBAR);
+		return;
+	}
+	p += passlen2;
+	
+	p += req_pull_string(&req->in.bufinfo, &io->nt1.in.user,   p, -1, STR_TERMINATE);
+	p += req_pull_string(&req->in.bufinfo, &io->nt1.in.domain, p, -1, STR_TERMINATE);
+	p += req_pull_string(&req->in.bufinfo, &io->nt1.in.os,     p, -1, STR_TERMINATE);
+	p += req_pull_string(&req->in.bufinfo, &io->nt1.in.lanman, p, -1, STR_TERMINATE);
+
+	/* call the generic handler */
+	smbsrv_sesssetup_backend(req, io);
+}
+
+
+/****************************************************************************
+reply to an SPNEGO style session setup command
+****************************************************************************/
+static void reply_sesssetup_spnego(struct smbsrv_request *req)
+{
+	uint8_t *p;
+	uint16_t blob_len;
+	union smb_sesssetup *io;
+
+	SMBSRV_TALLOC_IO_PTR(io, union smb_sesssetup);
+
+	io->spnego.level = RAW_SESSSETUP_SPNEGO;
+
+	/* parse request */
+	io->spnego.in.bufsize      = SVAL(req->in.vwv, VWV(2));
+	io->spnego.in.mpx_max      = SVAL(req->in.vwv, VWV(3));
+	io->spnego.in.vc_num       = SVAL(req->in.vwv, VWV(4));
+	io->spnego.in.sesskey      = IVAL(req->in.vwv, VWV(5));
+	blob_len                   = SVAL(req->in.vwv, VWV(7));
+	io->spnego.in.capabilities = IVAL(req->in.vwv, VWV(10));
+
+	p = req->in.data;
+	if (!req_pull_blob(&req->in.bufinfo, p, blob_len, &io->spnego.in.secblob)) {
+		smbsrv_send_error(req, NT_STATUS_FOOBAR);
+		return;
+	}
+	p += blob_len;
+	
+	p += req_pull_string(&req->in.bufinfo, &io->spnego.in.os,        p, -1, STR_TERMINATE);
+	p += req_pull_string(&req->in.bufinfo, &io->spnego.in.lanman,    p, -1, STR_TERMINATE);
+	p += req_pull_string(&req->in.bufinfo, &io->spnego.in.workgroup, p, -1, STR_TERMINATE);
+
+	/* call the generic handler */
+	smbsrv_sesssetup_backend(req, io);
+}
+
+
+/****************************************************************************
+reply to a session setup command
+****************************************************************************/
+void smbsrv_reply_sesssetup(struct smbsrv_request *req)
+{
+	switch (req->in.wct) {
+	case 10:
+		/* a pre-NT1 call */
+		reply_sesssetup_old(req);
+		return;
+	case 13:
+		/* a NT1 call */
+		reply_sesssetup_nt1(req);
+		return;
+	case 12:
+		/* a SPNEGO call */
+		reply_sesssetup_spnego(req);
+		return;
+	}
+
+	/* unsupported variant */
+	smbsrv_send_error(req, NT_STATUS_FOOBAR);
+}
+
+/****************************************************************************
+ Reply to a exit. This closes all files open by a smbpid
+****************************************************************************/
+void smbsrv_reply_exit(struct smbsrv_request *req)
+{
+	struct smbsrv_handle_session_item *i, *ni;
+	struct smbsrv_handle *h;
+	struct smbsrv_tcon *tcon;
+	uint16_t smbpid;
+
+	SMBSRV_CHECK_WCT(req, 0);
+
+	smbpid = SVAL(req->in.hdr,HDR_PID);
+
+	/* first destroy all handles, which have the same PID as the request */
+	for (i=req->session->handles; i; i=ni) {
+		ni = i->next;
+		h = i->handle;
+		if (h->smbpid != smbpid) continue;
+
+		talloc_free(h);
+	}
+
+	/*
+	 * then let the ntvfs backends proxy the call if they want to,
+	 * but we didn't check the return value of the backends,
+	 * as for the SMB client the call succeed
+	 */
+	for (tcon=req->smb_conn->smb_tcons.list;tcon;tcon=tcon->next) {
+		req->tcon = tcon;
+		SMBSRV_SETUP_NTVFS_REQUEST(NULL,0);
+		ntvfs_exit(req->ntvfs);
+		talloc_free(req->ntvfs);
+		req->ntvfs = NULL;
+		req->tcon = NULL;
+	}
+
+	smbsrv_setup_reply(req, 0, 0);
+	smbsrv_send_reply(req);
+}
+
+/****************************************************************************
+ Reply to a SMBulogoffX.
+****************************************************************************/
+void smbsrv_reply_ulogoffX(struct smbsrv_request *req)
+{
+	struct smbsrv_handle_session_item *i, *ni;
+	struct smbsrv_handle *h;
+	struct smbsrv_tcon *tcon;
+
+	SMBSRV_CHECK_WCT(req, 2);
+
+	/*
+	 * TODO: cancel all pending requests
+	 */
+	
+
+	/* destroy all handles */
+	for (i=req->session->handles; i; i=ni) {
+		ni = i->next;
+		h = i->handle;
+		talloc_free(h);
+	}
+
+	/*
+	 * then let the ntvfs backends proxy the call if they want to,
+	 * but we didn't check the return value of the backends,
+	 * as for the SMB client the call succeed
+	 */
+	for (tcon=req->smb_conn->smb_tcons.list;tcon;tcon=tcon->next) {
+		req->tcon = tcon;
+		SMBSRV_SETUP_NTVFS_REQUEST(NULL,0);
+		ntvfs_logoff(req->ntvfs);
+		talloc_free(req->ntvfs);
+		req->ntvfs = NULL;
+		req->tcon = NULL;
+	}
+
+	talloc_free(req->session);
+	req->session = NULL; /* it is now invalid, don't use on 
+				any chained packets */
+
+	smbsrv_setup_reply(req, 2, 0);
+
+	SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
+	SSVAL(req->out.vwv, VWV(1), 0);	
+
+	smbsrv_chain_reply(req);
+}
+
+/****************************************************************************
+ Reply to an SMBfindclose request
+****************************************************************************/
+void smbsrv_reply_findclose(struct smbsrv_request *req)
+{
+	union smb_search_close *io;
+
+	/* parse request */
+	SMBSRV_CHECK_WCT(req, 1);
+	SMBSRV_TALLOC_IO_PTR(io, union smb_search_close);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_simple_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	io->findclose.level	= RAW_FINDCLOSE_FINDCLOSE;
+	io->findclose.in.handle	= SVAL(req->in.vwv, VWV(0));
+
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_search_close(req->ntvfs, io));
+}
+
+/****************************************************************************
+ Reply to an SMBfindnclose request
+****************************************************************************/
+void smbsrv_reply_findnclose(struct smbsrv_request *req)
+{
+	smbsrv_send_error(req, NT_STATUS_FOOBAR);
+}
+
+
+/****************************************************************************
+ Reply to an SMBntcreateX request (async send)
+****************************************************************************/
+static void reply_ntcreate_and_X_send(struct ntvfs_request *ntvfs)
+{
+	struct smbsrv_request *req;
+	union smb_open *io;
+
+	SMBSRV_CHECK_ASYNC_STATUS(io, union smb_open);
+
+	/* construct reply */
+	smbsrv_setup_reply(req, 34, 0);
+
+	SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
+	SSVAL(req->out.vwv, VWV(1), 0);	
+	SCVAL(req->out.vwv, VWV(2), io->ntcreatex.out.oplock_level);
+
+	/* the rest of the parameters are not aligned! */
+	smbsrv_push_fnum(req->out.vwv, 5, io->ntcreatex.out.file.ntvfs);
+	SIVAL(req->out.vwv,        7, io->ntcreatex.out.create_action);
+	push_nttime(req->out.vwv, 11, io->ntcreatex.out.create_time);
+	push_nttime(req->out.vwv, 19, io->ntcreatex.out.access_time);
+	push_nttime(req->out.vwv, 27, io->ntcreatex.out.write_time);
+	push_nttime(req->out.vwv, 35, io->ntcreatex.out.change_time);
+	SIVAL(req->out.vwv,       43, io->ntcreatex.out.attrib);
+	SBVAL(req->out.vwv,       47, io->ntcreatex.out.alloc_size);
+	SBVAL(req->out.vwv,       55, io->ntcreatex.out.size);
+	SSVAL(req->out.vwv,       63, io->ntcreatex.out.file_type);
+	SSVAL(req->out.vwv,       65, io->ntcreatex.out.ipc_state);
+	SCVAL(req->out.vwv,       67, io->ntcreatex.out.is_directory);
+
+	req->chained_fnum = SVAL(req->out.vwv, 5);
+
+	smbsrv_chain_reply(req);
+}
+
+/****************************************************************************
+ Reply to an SMBntcreateX request
+****************************************************************************/
+void smbsrv_reply_ntcreate_and_X(struct smbsrv_request *req)
+{
+	union smb_open *io;
+	uint16_t fname_len;
+
+	/* parse the request */
+	SMBSRV_CHECK_WCT(req, 24);
+	SMBSRV_TALLOC_IO_PTR(io, union smb_open);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_ntcreate_and_X_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	io->ntcreatex.level = RAW_OPEN_NTCREATEX;
+
+	/* notice that the word parameters are not word aligned, so we don't use VWV() */
+	fname_len =                         SVAL(req->in.vwv, 5);
+	io->ntcreatex.in.flags =            IVAL(req->in.vwv, 7);
+	io->ntcreatex.in.root_fid.ntvfs =   smbsrv_pull_fnum(req, req->in.vwv, 11);
+	io->ntcreatex.in.access_mask =      IVAL(req->in.vwv, 15);
+	io->ntcreatex.in.alloc_size =       BVAL(req->in.vwv, 19);
+	io->ntcreatex.in.file_attr =        IVAL(req->in.vwv, 27);
+	io->ntcreatex.in.share_access =     IVAL(req->in.vwv, 31);
+	io->ntcreatex.in.open_disposition = IVAL(req->in.vwv, 35);
+	io->ntcreatex.in.create_options =   IVAL(req->in.vwv, 39);
+	io->ntcreatex.in.impersonation =    IVAL(req->in.vwv, 43);
+	io->ntcreatex.in.security_flags =   CVAL(req->in.vwv, 47);
+	io->ntcreatex.in.ea_list          = NULL;
+	io->ntcreatex.in.sec_desc         = NULL;
+	io->ntcreatex.in.query_maximal_access = false;
+	io->ntcreatex.in.query_on_disk_id = false;
+	io->ntcreatex.in.private_flags    = 0;
+
+	/* we need a neater way to handle this alignment */
+	if ((req->flags2 & FLAGS2_UNICODE_STRINGS) && 
+	    ucs2_align(req->in.buffer, req->in.data, STR_TERMINATE|STR_UNICODE)) {
+		fname_len++;
+	}
+
+	req_pull_string(&req->in.bufinfo, &io->ntcreatex.in.fname, req->in.data, fname_len, STR_TERMINATE);
+	if (!io->ntcreatex.in.fname) {
+		smbsrv_send_error(req, NT_STATUS_FOOBAR);
+		return;
+	}
+
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_open(req->ntvfs, io));
+}
+
+
+/****************************************************************************
+ Reply to an SMBntcancel request
+****************************************************************************/
+void smbsrv_reply_ntcancel(struct smbsrv_request *req)
+{
+	struct smbsrv_request *r;
+	uint16_t tid = SVAL(req->in.hdr,HDR_TID);
+	uint16_t uid = SVAL(req->in.hdr,HDR_UID);
+	uint16_t mid = SVAL(req->in.hdr,HDR_MID);
+	uint16_t pid = SVAL(req->in.hdr,HDR_PID);
+
+	for (r = req->smb_conn->requests; r; r = r->next) {
+		if (tid != SVAL(r->in.hdr,HDR_TID)) continue;
+		if (uid != SVAL(r->in.hdr,HDR_UID)) continue;
+		if (mid != SVAL(r->in.hdr,HDR_MID)) continue;
+		if (pid != SVAL(r->in.hdr,HDR_PID)) continue;
+
+		SMBSRV_CHECK(ntvfs_cancel(r->ntvfs));
+
+		/* NOTE: this request does not generate a reply */
+		talloc_free(req);
+		return;
+	}
+
+	/* TODO: workout the correct error code,
+	 *       until we know how the smb signing works
+	 *       for ntcancel replies, don't send an error
+	 */
+	/*smbsrv_send_error(req, NT_STATUS_FOOBAR);*/
+	talloc_free(req);
+}
+
+/*
+  parse the called/calling names from session request
+*/
+static NTSTATUS parse_session_request(struct smbsrv_request *req)
+{
+	DATA_BLOB blob;
+	NTSTATUS status;
+	
+	blob.data = req->in.buffer + 4;
+	blob.length = ascii_len_n((const char *)blob.data, req->in.size - PTR_DIFF(blob.data, req->in.buffer));
+	if (blob.length == 0) return NT_STATUS_BAD_NETWORK_NAME;
+
+	req->smb_conn->negotiate.called_name  = talloc(req->smb_conn, struct nbt_name);
+	req->smb_conn->negotiate.calling_name = talloc(req->smb_conn, struct nbt_name);
+	if (req->smb_conn->negotiate.called_name == NULL ||
+	    req->smb_conn->negotiate.calling_name == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	status = nbt_name_from_blob(req->smb_conn, &blob,
+				    req->smb_conn->negotiate.called_name);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	blob.data += blob.length;
+	blob.length = ascii_len_n((const char *)blob.data, req->in.size - PTR_DIFF(blob.data, req->in.buffer));
+	if (blob.length == 0) return NT_STATUS_BAD_NETWORK_NAME;
+
+	status = nbt_name_from_blob(req->smb_conn, &blob,
+				    req->smb_conn->negotiate.calling_name);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	req->smb_conn->negotiate.done_nbt_session = true;
+
+	return NT_STATUS_OK;
+}	
+
+
+
+/****************************************************************************
+ Reply to a special message - a SMB packet with non zero NBT message type
+****************************************************************************/
+void smbsrv_reply_special(struct smbsrv_request *req)
+{
+	uint8_t msg_type;
+	uint8_t *buf = talloc_zero_array(req, uint8_t, 4);
+
+	msg_type = CVAL(req->in.buffer,0);
+
+	SIVAL(buf, 0, 0);
+	
+	switch (msg_type) {
+	case NBSSrequest: /* session request */
+		if (req->smb_conn->negotiate.done_nbt_session) {
+			DEBUG(0,("Warning: ignoring secondary session request\n"));
+			return;
+		}
+		
+		SCVAL(buf,0,0x82);
+		SCVAL(buf,3,0);
+
+		/* we don't check the status - samba always accepts session
+		   requests for any name */
+		parse_session_request(req);
+
+		req->out.buffer = buf;
+		req->out.size = 4;
+		smbsrv_send_reply_nosign(req);
+		return;
+		
+	case 0x89: /* session keepalive request 
+		      (some old clients produce this?) */
+		SCVAL(buf, 0, NBSSkeepalive);
+		SCVAL(buf, 3, 0);
+		req->out.buffer = buf;
+		req->out.size = 4;
+		smbsrv_send_reply_nosign(req);
+		return;
+		
+	case NBSSkeepalive:
+		/* session keepalive - swallow it */
+		talloc_free(req);
+		return;
+	}
+
+	DEBUG(0,("Unexpected NBT session packet (%d)\n", msg_type));
+	talloc_free(req);
+}
diff --git a/source4/smb_server/smb/request.c b/source4/smb_server/smb/request.c
new file mode 100644
index 0000000..47cfd32
--- /dev/null
+++ b/source4/smb_server/smb/request.c
@@ -0,0 +1,779 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Andrew Tridgell              2003
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+  this file implements functions for manipulating the 'struct smbsrv_request' structure in smbd
+*/
+
+#include "includes.h"
+#include "smb_server/smb_server.h"
+#include "samba/service_stream.h"
+#include "lib/stream/packet.h"
+#include "ntvfs/ntvfs.h"
+
+
+/* we over allocate the data buffer to prevent too many realloc calls */
+#define REQ_OVER_ALLOCATION 0
+
+/* setup the bufinfo used for strings and range checking */
+void smbsrv_setup_bufinfo(struct smbsrv_request *req)
+{
+	req->in.bufinfo.mem_ctx    = req;
+	req->in.bufinfo.flags      = 0;
+	if (req->flags2 & FLAGS2_UNICODE_STRINGS) {
+		req->in.bufinfo.flags |= BUFINFO_FLAG_UNICODE;
+	}
+	req->in.bufinfo.align_base = req->in.buffer;
+	req->in.bufinfo.data       = req->in.data;
+	req->in.bufinfo.data_size  = req->in.data_size;
+}
+
+
+static int smbsrv_request_destructor(struct smbsrv_request *req)
+{
+	DLIST_REMOVE(req->smb_conn->requests, req);
+	return 0;
+}
+
+/****************************************************************************
+construct a basic request packet, mostly used to construct async packets
+such as change notify and oplock break requests
+****************************************************************************/
+struct smbsrv_request *smbsrv_init_request(struct smbsrv_connection *smb_conn)
+{
+	struct smbsrv_request *req;
+
+	req = talloc_zero(smb_conn, struct smbsrv_request);
+	if (!req) {
+		return NULL;
+	}
+
+	/* setup the request context */
+	req->smb_conn = smb_conn;
+
+	talloc_set_destructor(req, smbsrv_request_destructor);
+
+	return req;
+}
+
+
+/*
+  setup a chained reply in req->out with the given word count and initial data buffer size.
+*/
+static void req_setup_chain_reply(struct smbsrv_request *req, unsigned int wct, unsigned int buflen)
+{
+	uint32_t chain_base_size = req->out.size;
+
+	/* we need room for the wct value, the words, the buffer length and the buffer */
+	req->out.size += 1 + VWV(wct) + 2 + buflen;
+
+	/* over allocate by a small amount */
+	req->out.allocated = req->out.size + REQ_OVER_ALLOCATION;
+
+	req->out.buffer = talloc_realloc(req, req->out.buffer,
+					 uint8_t, req->out.allocated);
+	if (!req->out.buffer) {
+		smbsrv_terminate_connection(req->smb_conn, "allocation failed");
+		return;
+	}
+
+	req->out.hdr = req->out.buffer + NBT_HDR_SIZE;
+	req->out.vwv = req->out.buffer + chain_base_size + 1;
+	req->out.wct = wct;
+	req->out.data = req->out.vwv + VWV(wct) + 2;
+	req->out.data_size = buflen;
+	req->out.ptr = req->out.data;
+
+	SCVAL(req->out.buffer, chain_base_size, wct);
+	SSVAL(req->out.vwv, VWV(wct), buflen);
+}
+
+
+/*
+  setup a reply in req->out with the given word count and initial data buffer size.
+  the caller will then fill in the command words and data before calling req_send_reply() to
+  send the reply on its way
+*/
+void smbsrv_setup_reply(struct smbsrv_request *req, unsigned int wct, size_t buflen)
+{
+	uint16_t flags2;
+
+	if (req->chain_count != 0) {
+		req_setup_chain_reply(req, wct, buflen);
+		return;
+	}
+
+	req->out.size = NBT_HDR_SIZE + MIN_SMB_SIZE + VWV(wct) + buflen;
+
+	/* over allocate by a small amount */
+	req->out.allocated = req->out.size + REQ_OVER_ALLOCATION;
+
+	req->out.buffer = talloc_size(req, req->out.allocated);
+	if (!req->out.buffer) {
+		smbsrv_terminate_connection(req->smb_conn, "allocation failed");
+		return;
+	}
+
+	flags2 = FLAGS2_LONG_PATH_COMPONENTS |
+		FLAGS2_EXTENDED_ATTRIBUTES |
+		FLAGS2_IS_LONG_NAME;
+#define _SMB_FLAGS2_ECHOED_FLAGS ( \
+	FLAGS2_UNICODE_STRINGS | \
+	FLAGS2_EXTENDED_SECURITY | \
+	FLAGS2_SMB_SECURITY_SIGNATURES \
+)
+	flags2 |= (req->flags2 & _SMB_FLAGS2_ECHOED_FLAGS);
+	if (req->smb_conn->negotiate.client_caps & CAP_STATUS32) {
+		flags2 |= FLAGS2_32_BIT_ERROR_CODES;
+	}
+
+	req->out.hdr = req->out.buffer + NBT_HDR_SIZE;
+	req->out.vwv = req->out.hdr + HDR_VWV;
+	req->out.wct = wct;
+	req->out.data = req->out.vwv + VWV(wct) + 2;
+	req->out.data_size = buflen;
+	req->out.ptr = req->out.data;
+
+	SIVAL(req->out.hdr, HDR_RCLS, 0);
+
+	SCVAL(req->out.hdr, HDR_WCT, wct);
+	SSVAL(req->out.vwv, VWV(wct), buflen);
+
+	memcpy(req->out.hdr, "\377SMB", 4);
+	SCVAL(req->out.hdr,HDR_FLG, FLAG_REPLY | FLAG_CASELESS_PATHNAMES);
+	SSVAL(req->out.hdr,HDR_FLG2, flags2);
+	SSVAL(req->out.hdr,HDR_PIDHIGH,0);
+	memset(req->out.hdr + HDR_SS_FIELD, 0, 10);
+
+	if (req->in.hdr) {
+		/* copy the cmd, tid, pid, uid and mid from the request */
+		SCVAL(req->out.hdr,HDR_COM,CVAL(req->in.hdr,HDR_COM));
+		SSVAL(req->out.hdr,HDR_TID,SVAL(req->in.hdr,HDR_TID));
+		SSVAL(req->out.hdr,HDR_PID,SVAL(req->in.hdr,HDR_PID));
+		SSVAL(req->out.hdr,HDR_UID,SVAL(req->in.hdr,HDR_UID));
+		SSVAL(req->out.hdr,HDR_MID,SVAL(req->in.hdr,HDR_MID));
+	} else {
+		SCVAL(req->out.hdr,HDR_COM,0);
+		SSVAL(req->out.hdr,HDR_TID,0);
+		SSVAL(req->out.hdr,HDR_PID,0);
+		SSVAL(req->out.hdr,HDR_UID,0);
+		SSVAL(req->out.hdr,HDR_MID,0);
+	}
+}
+
+
+/*
+  setup a copy of a request, used when the server needs to send
+  more than one reply for a single request packet
+*/
+struct smbsrv_request *smbsrv_setup_secondary_request(struct smbsrv_request *old_req)
+{
+	struct smbsrv_request *req;
+	ptrdiff_t diff;
+
+	req = talloc_memdup(old_req, old_req, sizeof(struct smbsrv_request));
+	if (req == NULL) {
+		return NULL;
+	}
+
+	req->out.buffer = talloc_memdup(req, req->out.buffer, req->out.allocated);
+	if (req->out.buffer == NULL) {
+		talloc_free(req);
+		return NULL;
+	}
+
+	diff = req->out.buffer - old_req->out.buffer;
+
+	req->out.hdr  += diff;
+	req->out.vwv  += diff;
+	req->out.data += diff;
+	req->out.ptr  += diff;
+
+	return req;
+}
+
+/*
+  work out the maximum data size we will allow for this reply, given
+  the negotiated max_xmit. The basic reply packet must be setup before
+  this call
+
+  note that this is deliberately a signed integer reply
+*/
+int req_max_data(struct smbsrv_request *req)
+{
+	int ret;
+	ret = req->smb_conn->negotiate.max_send;
+	ret -= PTR_DIFF(req->out.data, req->out.hdr);
+	if (ret < 0) ret = 0;
+	return ret;
+}
+
+
+/*
+  grow the allocation of the data buffer portion of a reply
+  packet. Note that as this can reallocate the packet buffer this
+  invalidates any local pointers into the packet.
+
+  To cope with this req->out.ptr is supplied. This will be updated to
+  point at the same offset into the packet as before this call
+*/
+static void req_grow_allocation(struct smbsrv_request *req, unsigned int new_size)
+{
+	int delta;
+	uint8_t *buf2;
+
+	delta = new_size - req->out.data_size;
+	if (delta + req->out.size <= req->out.allocated) {
+		/* it fits in the preallocation */
+		return;
+	}
+
+	/* we need to realloc */
+	req->out.allocated = req->out.size + delta + REQ_OVER_ALLOCATION;
+	buf2 = talloc_realloc(req, req->out.buffer, uint8_t, req->out.allocated);
+	if (buf2 == NULL) {
+		smb_panic("out of memory in req_grow_allocation");
+	}
+
+	if (buf2 == req->out.buffer) {
+		/* the malloc library gave us the same pointer */
+		return;
+	}
+
+	/* update the pointers into the packet */
+	req->out.data = buf2 + PTR_DIFF(req->out.data, req->out.buffer);
+	req->out.ptr  = buf2 + PTR_DIFF(req->out.ptr,  req->out.buffer);
+	req->out.vwv  = buf2 + PTR_DIFF(req->out.vwv,  req->out.buffer);
+	req->out.hdr  = buf2 + PTR_DIFF(req->out.hdr,  req->out.buffer);
+
+	req->out.buffer = buf2;
+}
+
+
+/*
+  grow the data buffer portion of a reply packet. Note that as this
+  can reallocate the packet buffer this invalidates any local pointers
+  into the packet.
+
+  To cope with this req->out.ptr is supplied. This will be updated to
+  point at the same offset into the packet as before this call
+*/
+void req_grow_data(struct smbsrv_request *req, size_t new_size)
+{
+	int delta;
+
+	if (!(req->control_flags & SMBSRV_REQ_CONTROL_LARGE) && new_size > req_max_data(req)) {
+		smb_panic("reply buffer too large!");
+	}
+
+	req_grow_allocation(req, new_size);
+
+	delta = new_size - req->out.data_size;
+
+	req->out.size += delta;
+	req->out.data_size += delta;
+
+	/* set the BCC to the new data size */
+	SSVAL(req->out.vwv, VWV(req->out.wct), new_size);
+}
+
+/*
+  send a reply and destroy the request buffer
+
+  note that this only looks at req->out.buffer and req->out.size, allowing manually
+  constructed packets to be sent
+*/
+void smbsrv_send_reply_nosign(struct smbsrv_request *req)
+{
+	DATA_BLOB blob;
+	NTSTATUS status;
+
+	if (req->smb_conn->connection->event.fde == NULL) {
+		/* we are in the process of shutting down this connection */
+		talloc_free(req);
+		return;
+	}
+
+	if (req->out.size > NBT_HDR_SIZE) {
+		_smb_setlen_nbt(req->out.buffer, req->out.size - NBT_HDR_SIZE);
+	}
+
+	blob = data_blob_const(req->out.buffer, req->out.size);
+	status = packet_send(req->smb_conn->packet, blob);
+	if (!NT_STATUS_IS_OK(status)) {
+		smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
+	}
+	talloc_free(req);
+}
+
+/*
+  possibly sign a message then send a reply and destroy the request buffer
+
+  note that this only looks at req->out.buffer and req->out.size, allowing manually
+  constructed packets to be sent
+*/
+void smbsrv_send_reply(struct smbsrv_request *req)
+{
+	if (req->smb_conn->connection->event.fde == NULL) {
+		/* we are in the process of shutting down this connection */
+		talloc_free(req);
+		return;
+	}
+	smbsrv_sign_packet(req);
+
+	smbsrv_send_reply_nosign(req);
+}
+
+/*
+   setup the header of a reply to include an NTSTATUS code
+*/
+void smbsrv_setup_error(struct smbsrv_request *req, NTSTATUS status)
+{
+	if (!req->smb_conn->config.nt_status_support || !(req->smb_conn->negotiate.client_caps & CAP_STATUS32)) {
+		/* convert to DOS error codes */
+		uint8_t eclass;
+		uint32_t ecode;
+		ntstatus_to_dos(status, &eclass, &ecode);
+		SCVAL(req->out.hdr, HDR_RCLS, eclass);
+		SSVAL(req->out.hdr, HDR_ERR, ecode);
+		SSVAL(req->out.hdr, HDR_FLG2, SVAL(req->out.hdr, HDR_FLG2) & ~FLAGS2_32_BIT_ERROR_CODES);
+		return;
+	}
+
+	if (NT_STATUS_IS_DOS(status)) {
+		/* its a encoded DOS error, using the reserved range */
+		SSVAL(req->out.hdr, HDR_RCLS, NT_STATUS_DOS_CLASS(status));
+		SSVAL(req->out.hdr, HDR_ERR,  NT_STATUS_DOS_CODE(status));
+		SSVAL(req->out.hdr, HDR_FLG2, SVAL(req->out.hdr, HDR_FLG2) & ~FLAGS2_32_BIT_ERROR_CODES);
+	} else {
+		SIVAL(req->out.hdr, HDR_RCLS, NT_STATUS_V(status));
+		SSVAL(req->out.hdr, HDR_FLG2, SVAL(req->out.hdr, HDR_FLG2) | FLAGS2_32_BIT_ERROR_CODES);
+	}
+}
+
+/*
+   construct and send an error packet, then destroy the request
+   auto-converts to DOS error format when appropriate
+*/
+void smbsrv_send_error(struct smbsrv_request *req, NTSTATUS status)
+{
+	if (req->smb_conn->connection->event.fde == NULL) {
+		/* the socket has been destroyed - no point trying to send an error! */
+		talloc_free(req);
+		return;
+	}
+	smbsrv_setup_reply(req, 0, 0);
+
+	/* error returns never have any data */
+	req_grow_data(req, 0);
+
+	smbsrv_setup_error(req, status);
+	smbsrv_send_reply(req);
+}
+
+
+/*
+  push a string into the data portion of the request packet, growing it if necessary
+  this gets quite tricky - please be very careful to cover all cases when modifying this
+
+  if dest is NULL, then put the string at the end of the data portion of the packet
+
+  if dest_len is -1 then no limit applies
+*/
+size_t req_push_str(struct smbsrv_request *req, uint8_t *dest, const char *str, int dest_len, size_t flags)
+{
+	size_t len;
+	unsigned int grow_size;
+	uint8_t *buf0;
+	const int max_bytes_per_char = 3;
+
+	if (!(flags & (STR_ASCII|STR_UNICODE))) {
+		flags |= (req->flags2 & FLAGS2_UNICODE_STRINGS) ? STR_UNICODE : STR_ASCII;
+	}
+
+	if (dest == NULL) {
+		dest = req->out.data + req->out.data_size;
+	}
+
+	if (dest_len != -1) {
+		len = dest_len;
+	} else {
+		len = (strlen(str)+2) * max_bytes_per_char;
+	}
+
+	grow_size = len + PTR_DIFF(dest, req->out.data);
+	buf0 = req->out.buffer;
+
+	req_grow_allocation(req, grow_size);
+
+	if (buf0 != req->out.buffer) {
+		dest = req->out.buffer + PTR_DIFF(dest, buf0);
+	}
+
+	len = push_string(dest, str, len, flags);
+
+	grow_size = len + PTR_DIFF(dest, req->out.data);
+
+	if (grow_size > req->out.data_size) {
+		req_grow_data(req, grow_size);
+	}
+
+	return len;
+}
+
+/*
+  append raw bytes into the data portion of the request packet
+  return the number of bytes added
+*/
+size_t req_append_bytes(struct smbsrv_request *req,
+			const uint8_t *bytes, size_t byte_len)
+{
+	req_grow_allocation(req, byte_len + req->out.data_size);
+	memcpy(req->out.data + req->out.data_size, bytes, byte_len);
+	req_grow_data(req, byte_len + req->out.data_size);
+	return byte_len;
+}
+/*
+  append variable block (type 5 buffer) into the data portion of the request packet
+  return the number of bytes added
+*/
+size_t req_append_var_block(struct smbsrv_request *req,
+		const uint8_t *bytes, uint16_t byte_len)
+{
+	req_grow_allocation(req, byte_len + 3 + req->out.data_size);
+	SCVAL(req->out.data + req->out.data_size, 0, 5);
+	SSVAL(req->out.data + req->out.data_size, 1, byte_len);		/* add field length */
+	if (byte_len > 0) {
+		memcpy(req->out.data + req->out.data_size + 3, bytes, byte_len);
+	}
+	req_grow_data(req, byte_len + 3 + req->out.data_size);
+	return byte_len + 3;
+}
+/**
+  pull a UCS2 string from a request packet, returning a talloced unix string
+
+  the string length is limited by the 3 things:
+   - the data size in the request (end of packet)
+   - the passed 'byte_len' if it is not -1
+   - the end of string (null termination)
+
+  Note that 'byte_len' is the number of bytes in the packet
+
+  on failure zero is returned and *dest is set to NULL, otherwise the number
+  of bytes consumed in the packet is returned
+*/
+static size_t req_pull_ucs2(struct request_bufinfo *bufinfo, const char **dest, const uint8_t *src, int byte_len, unsigned int flags)
+{
+	int src_len, src_len2, alignment=0;
+	bool ret;
+	char *dest2;
+	size_t converted_size = 0;
+
+	if (!(flags & STR_NOALIGN) && ucs2_align(bufinfo->align_base, src, flags)) {
+		src++;
+		alignment=1;
+		if (byte_len != -1) {
+			byte_len--;
+		}
+	}
+
+	if (flags & STR_NO_RANGE_CHECK) {
+		src_len = byte_len;
+	} else {
+		src_len = bufinfo->data_size - PTR_DIFF(src, bufinfo->data);
+		if (byte_len != -1 && src_len > byte_len) {
+			src_len = byte_len;
+		}
+	}
+
+	if (src_len < 0) {
+		*dest = NULL;
+		return 0;
+	}
+
+	src_len2 = utf16_null_terminated_len_n(src, src_len);
+	if (src_len2 == 0) {
+		*dest = talloc_strdup(bufinfo->mem_ctx, "");
+		return src_len2 + alignment;
+	}
+
+	ret = convert_string_talloc(bufinfo->mem_ctx, CH_UTF16, CH_UNIX, src, src_len2, (void **)&dest2, &converted_size);
+
+	if (!ret) {
+		*dest = NULL;
+		return 0;
+	}
+	*dest = dest2;
+
+	return src_len2 + alignment;
+}
+
+/**
+  pull a ascii string from a request packet, returning a talloced string
+
+  the string length is limited by the 3 things:
+   - the data size in the request (end of packet)
+   - the passed 'byte_len' if it is not -1
+   - the end of string (null termination)
+
+  Note that 'byte_len' is the number of bytes in the packet
+
+  on failure zero is returned and *dest is set to NULL, otherwise the number
+  of bytes consumed in the packet is returned
+*/
+static size_t req_pull_ascii(struct request_bufinfo *bufinfo, const char **dest, const uint8_t *src, int byte_len, unsigned int flags)
+{
+	int src_len, src_len2;
+	bool ret;
+	char *dest2;
+	size_t converted_size = 0;
+
+	if (flags & STR_NO_RANGE_CHECK) {
+		src_len = byte_len;
+	} else {
+		src_len = bufinfo->data_size - PTR_DIFF(src, bufinfo->data);
+		if (src_len < 0) {
+			*dest = NULL;
+			return 0;
+		}
+		if (byte_len != -1 && src_len > byte_len) {
+			src_len = byte_len;
+		}
+	}
+
+	src_len2 = strnlen((const char *)src, src_len);
+	if (src_len2 <= src_len - 1) {
+		/* include the termination if we didn't reach the end of the packet */
+		src_len2++;
+	}
+
+	ret = convert_string_talloc(bufinfo->mem_ctx, CH_DOS, CH_UNIX, src, src_len2, (void **)&dest2, &converted_size);
+
+	if (!ret) {
+		*dest = NULL;
+		return 0;
+	}
+	*dest = dest2;
+
+	return src_len2;
+}
+
+/**
+  pull a string from a request packet, returning a talloced string
+
+  the string length is limited by the 3 things:
+   - the data size in the request (end of packet)
+   - the passed 'byte_len' if it is not -1
+   - the end of string (null termination)
+
+  Note that 'byte_len' is the number of bytes in the packet
+
+  on failure zero is returned and *dest is set to NULL, otherwise the number
+  of bytes consumed in the packet is returned
+*/
+size_t req_pull_string(struct request_bufinfo *bufinfo, const char **dest, const uint8_t *src, int byte_len, unsigned int flags)
+{
+	if (!(flags & STR_ASCII) &&
+	    (((flags & STR_UNICODE) || (bufinfo->flags & BUFINFO_FLAG_UNICODE)))) {
+		return req_pull_ucs2(bufinfo, dest, src, byte_len, flags);
+	}
+
+	return req_pull_ascii(bufinfo, dest, src, byte_len, flags);
+}
+
+
+/**
+  pull a ASCII4 string buffer from a request packet, returning a talloced string
+
+  an ASCII4 buffer is a null terminated string that has a prefix
+  of the character 0x4. It tends to be used in older parts of the protocol.
+
+  on failure *dest is set to the zero length string. This seems to
+  match win2000 behaviour
+*/
+size_t req_pull_ascii4(struct request_bufinfo *bufinfo, const char **dest, const uint8_t *src, unsigned int flags)
+{
+	ssize_t ret;
+
+	if (PTR_DIFF(src, bufinfo->data) + 1 > bufinfo->data_size) {
+		/* win2000 treats this as the empty string! */
+		(*dest) = talloc_strdup(bufinfo->mem_ctx, "");
+		return 0;
+	}
+
+	/* this consumes the 0x4 byte. We don't check whether the byte
+	   is actually 0x4 or not. This matches win2000 server
+	   behaviour */
+	src++;
+
+	ret = req_pull_string(bufinfo, dest, src, -1, flags);
+	if (ret == -1) {
+		(*dest) = talloc_strdup(bufinfo->mem_ctx, "");
+		return 1;
+	}
+
+	return ret + 1;
+}
+
+/**
+  pull a DATA_BLOB from a request packet, returning a talloced blob
+
+  return false if any part is outside the data portion of the packet
+*/
+bool req_pull_blob(struct request_bufinfo *bufinfo, const uint8_t *src, int len, DATA_BLOB *blob)
+{
+	if (len != 0 && req_data_oob(bufinfo, src, len)) {
+		return false;
+	}
+
+	(*blob) = data_blob_talloc(bufinfo->mem_ctx, src, len);
+
+	return true;
+}
+
+/* check that a lump of data in a request is within the bounds of the data section of
+   the packet */
+bool req_data_oob(struct request_bufinfo *bufinfo, const uint8_t *ptr, uint32_t count)
+{
+	if (count == 0) {
+		return false;
+	}
+
+	/* be careful with wraparound! */
+	if ((uintptr_t)ptr < (uintptr_t)bufinfo->data ||
+	    (uintptr_t)ptr >= (uintptr_t)bufinfo->data + bufinfo->data_size ||
+	    count > bufinfo->data_size ||
+	    (uintptr_t)ptr + count > (uintptr_t)bufinfo->data + bufinfo->data_size) {
+		return true;
+	}
+	return false;
+}
+
+
+/*
+   pull an open file handle from a packet, taking account of the chained_fnum
+*/
+static uint16_t req_fnum(struct smbsrv_request *req, const uint8_t *base, unsigned int offset)
+{
+	if (req->chained_fnum != -1) {
+		return req->chained_fnum;
+	}
+	return SVAL(base, offset);
+}
+
+struct ntvfs_handle *smbsrv_pull_fnum(struct smbsrv_request *req, const uint8_t *base, unsigned int offset)
+{
+	struct smbsrv_handle *handle;
+	uint16_t fnum = req_fnum(req, base, offset);
+
+	handle = smbsrv_smb_handle_find(req->tcon, fnum, req->request_time);
+	if (!handle) {
+		return NULL;
+	}
+
+	/*
+	 * For SMB tcons and sessions can be mixed!
+	 * But we need to make sure that file handles
+	 * are only accessed by the opening session!
+	 *
+	 * So check if the handle is valid for the given session!
+	 */
+	if (handle->session != req->session) {
+		return NULL;
+	}
+
+	return handle->ntvfs;
+}
+
+void smbsrv_push_fnum(uint8_t *base, unsigned int offset, struct ntvfs_handle *ntvfs)
+{
+	struct smbsrv_handle *handle = talloc_get_type(ntvfs->frontend_data.private_data,
+				       struct smbsrv_handle);
+	SSVAL(base, offset, handle->hid);
+}
+
+NTSTATUS smbsrv_handle_create_new(void *private_data, struct ntvfs_request *ntvfs, struct ntvfs_handle **_h)
+{
+	struct smbsrv_request *req = talloc_get_type(ntvfs->frontend_data.private_data,
+				     struct smbsrv_request);
+	struct smbsrv_handle *handle;
+	struct ntvfs_handle *h;
+
+	handle = smbsrv_handle_new(req->session, req->tcon, req, req->request_time);
+	if (!handle) return NT_STATUS_INSUFFICIENT_RESOURCES;
+
+	h = talloc_zero(handle, struct ntvfs_handle);
+	if (!h) goto nomem;
+
+	/*
+	 * note: we don't set handle->ntvfs yet,
+	 *       this will be done by smbsrv_handle_make_valid()
+	 *       this makes sure the handle is invalid for clients
+	 *       until the ntvfs subsystem has made it valid
+	 */
+	h->ctx		= ntvfs->ctx;
+	h->session_info	= ntvfs->session_info;
+	h->smbpid	= ntvfs->smbpid;
+
+	h->frontend_data.private_data = handle;
+
+	*_h = h;
+	return NT_STATUS_OK;
+nomem:
+	talloc_free(handle);
+	return NT_STATUS_NO_MEMORY;
+}
+
+NTSTATUS smbsrv_handle_make_valid(void *private_data, struct ntvfs_handle *h)
+{
+	struct smbsrv_tcon *tcon = talloc_get_type(private_data, struct smbsrv_tcon);
+	struct smbsrv_handle *handle = talloc_get_type(h->frontend_data.private_data,
+						       struct smbsrv_handle);
+	/* this tells the frontend that the handle is valid */
+	handle->ntvfs = h;
+	/* this moves the smbsrv_request to the smbsrv_tcon memory context */
+	talloc_steal(tcon, handle);
+	return NT_STATUS_OK;
+}
+
+void smbsrv_handle_destroy(void *private_data, struct ntvfs_handle *h)
+{
+	struct smbsrv_handle *handle = talloc_get_type(h->frontend_data.private_data,
+						       struct smbsrv_handle);
+	talloc_free(handle);
+}
+
+struct ntvfs_handle *smbsrv_handle_search_by_wire_key(void *private_data, struct ntvfs_request *ntvfs, const DATA_BLOB *key)
+{
+	struct smbsrv_request *req = talloc_get_type(ntvfs->frontend_data.private_data,
+				     struct smbsrv_request);
+
+	if (key->length != 2) return NULL;
+
+	return smbsrv_pull_fnum(req, key->data, 0);
+}
+
+DATA_BLOB smbsrv_handle_get_wire_key(void *private_data, struct ntvfs_handle *handle, TALLOC_CTX *mem_ctx)
+{
+	uint8_t key[2];
+
+	smbsrv_push_fnum(key, 0, handle);
+
+	return data_blob_talloc(mem_ctx, key, sizeof(key));
+}
diff --git a/source4/smb_server/smb/search.c b/source4/smb_server/smb/search.c
new file mode 100644
index 0000000..bf47217
--- /dev/null
+++ b/source4/smb_server/smb/search.c
@@ -0,0 +1,283 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMBsearch handling
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) James J Myers 2003 <myersjj@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+   This file handles the parsing of transact2 requests
+*/
+
+#include "includes.h"
+#include "smb_server/smb_server.h"
+#include "ntvfs/ntvfs.h"
+
+
+/* a structure to encapsulate the state information about 
+ * an in-progress search first/next operation */
+struct search_state {
+	struct smbsrv_request *req;
+	union smb_search_data *file;
+	uint16_t last_entry_offset;
+};
+
+/*
+  fill a single entry in a search find reply 
+*/
+static bool find_fill_info(struct smbsrv_request *req,
+			   const union smb_search_data *file)
+{
+	uint8_t *p;
+
+	if (req->out.data_size + 43 > req_max_data(req)) {
+		return false;
+	}
+	
+	req_grow_data(req, req->out.data_size + 43);
+	p = req->out.data + req->out.data_size - 43;
+
+	SCVAL(p,  0, file->search.id.reserved);
+	memcpy(p+1, file->search.id.name, 11);
+	SCVAL(p, 12, file->search.id.handle);
+	SIVAL(p, 13, file->search.id.server_cookie);
+	SIVAL(p, 17, file->search.id.client_cookie);
+	SCVAL(p, 21, file->search.attrib);
+	srv_push_dos_date(req->smb_conn, p, 22, file->search.write_time);
+	SIVAL(p, 26, file->search.size);
+	memset(p+30, ' ', 12);
+	memcpy(p+30, file->search.name, MIN(strlen(file->search.name)+1, 12));
+	SCVAL(p,42,0);
+
+	return true;
+}
+
+/* callback function for search first/next */
+static bool find_callback(void *private_data, const union smb_search_data *file)
+{
+	struct search_state *state = (struct search_state *)private_data;
+
+	return find_fill_info(state->req, file);
+}
+
+/****************************************************************************
+ Reply to a search first (async reply)
+****************************************************************************/
+static void reply_search_first_send(struct ntvfs_request *ntvfs)
+{
+	struct smbsrv_request *req;
+	union smb_search_first *sf;
+
+	SMBSRV_CHECK_ASYNC_STATUS(sf, union smb_search_first);
+
+	SSVAL(req->out.vwv, VWV(0), sf->search_first.out.count);
+
+	smbsrv_send_reply(req);
+}
+
+/****************************************************************************
+ Reply to a search next (async reply)
+****************************************************************************/
+static void reply_search_next_send(struct ntvfs_request *ntvfs)
+{
+	struct smbsrv_request *req;
+	union smb_search_next *sn;
+	
+	SMBSRV_CHECK_ASYNC_STATUS(sn, union smb_search_next);
+
+	SSVAL(req->out.vwv, VWV(0), sn->search_next.out.count);
+
+	smbsrv_send_reply(req);
+}
+
+/****************************************************************************
+ Reply to a search.
+****************************************************************************/
+void smbsrv_reply_search(struct smbsrv_request *req)
+{
+	union smb_search_first *sf;
+	uint16_t resume_key_length;
+	struct search_state *state;
+	uint8_t *p;
+	enum smb_search_level level = RAW_SEARCH_SEARCH;
+	uint8_t op = CVAL(req->in.hdr,HDR_COM);
+
+	if (op == SMBffirst) {
+		level = RAW_SEARCH_FFIRST;
+	} else if (op == SMBfunique) {
+		level = RAW_SEARCH_FUNIQUE;
+	}
+
+	/* parse request */
+	if (req->in.wct != 2) {
+		smbsrv_send_error(req, NT_STATUS_INVALID_PARAMETER);
+		return;
+	}
+
+	SMBSRV_TALLOC_IO_PTR(sf, union smb_search_first);
+
+	p = req->in.data;
+	p += req_pull_ascii4(&req->in.bufinfo, &sf->search_first.in.pattern, 
+			     p, STR_TERMINATE);
+	if (!sf->search_first.in.pattern) {
+		smbsrv_send_error(req, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+		return;
+	}
+
+	if (req_data_oob(&req->in.bufinfo, p, 3)) {
+		smbsrv_send_error(req, NT_STATUS_INVALID_PARAMETER);
+		return;
+	}
+	if (*p != 5) {
+		smbsrv_send_error(req, NT_STATUS_INVALID_PARAMETER);
+		return;
+	}
+	resume_key_length = SVAL(p, 1);
+	p += 3;
+	
+	/* setup state for callback */
+	state = talloc(req, struct search_state);
+	if (!state) {
+		smbsrv_send_error(req, NT_STATUS_NO_MEMORY);
+		return;
+	}
+
+	state->req = req;
+	state->file = NULL;
+	state->last_entry_offset = 0;
+
+	/* construct reply */
+	smbsrv_setup_reply(req, 1, 0);
+	SSVAL(req->out.vwv, VWV(0), 0);
+	req_append_var_block(req, NULL, 0);
+
+	if (resume_key_length != 0) {
+		union smb_search_next *sn;
+
+		if (resume_key_length != 21 || 
+		    req_data_oob(&req->in.bufinfo, p, 21) ||
+		    level == RAW_SEARCH_FUNIQUE) {
+			smbsrv_send_error(req, NT_STATUS_INVALID_PARAMETER);
+			return;
+		}
+
+		/* do a search next operation */
+		SMBSRV_TALLOC_IO_PTR(sn, union smb_search_next);
+		SMBSRV_SETUP_NTVFS_REQUEST(reply_search_next_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+		sn->search_next.in.id.reserved      = CVAL(p, 0);
+		memcpy(sn->search_next.in.id.name,    p+1, 11);
+		sn->search_next.in.id.handle        = CVAL(p, 12);
+		sn->search_next.in.id.server_cookie = IVAL(p, 13);
+		sn->search_next.in.id.client_cookie = IVAL(p, 17);
+
+		sn->search_next.level = level;
+		sn->search_next.data_level = RAW_SEARCH_DATA_SEARCH;
+		sn->search_next.in.max_count     = SVAL(req->in.vwv, VWV(0));
+		sn->search_next.in.search_attrib = SVAL(req->in.vwv, VWV(1));
+
+		/* call backend */
+		SMBSRV_CALL_NTVFS_BACKEND(ntvfs_search_next(req->ntvfs, sn, state, find_callback));
+	} else {
+		SMBSRV_SETUP_NTVFS_REQUEST(reply_search_first_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+		/* do a search first operation */
+		sf->search_first.level = level;
+		sf->search_first.data_level = RAW_SEARCH_DATA_SEARCH;
+		sf->search_first.in.search_attrib = SVAL(req->in.vwv, VWV(1));
+		sf->search_first.in.max_count     = SVAL(req->in.vwv, VWV(0));
+
+		SMBSRV_CALL_NTVFS_BACKEND(ntvfs_search_first(req->ntvfs, sf, state, find_callback));
+	}
+}
+
+
+/****************************************************************************
+ Reply to a fclose (async reply)
+****************************************************************************/
+static void reply_fclose_send(struct ntvfs_request *ntvfs)
+{
+	struct smbsrv_request *req;
+
+	SMBSRV_CHECK_ASYNC_STATUS_SIMPLE;
+
+	/* construct reply */
+	smbsrv_setup_reply(req, 1, 0);
+
+	SSVAL(req->out.vwv, VWV(0), 0);
+
+	smbsrv_send_reply(req);
+}
+
+
+/****************************************************************************
+ Reply to fclose (stop directory search).
+****************************************************************************/
+void smbsrv_reply_fclose(struct smbsrv_request *req)
+{
+	union smb_search_close *sc;
+	uint16_t resume_key_length;
+	uint8_t *p;
+	const char *pattern;
+
+	/* parse request */
+	if (req->in.wct != 2) {
+		smbsrv_send_error(req, NT_STATUS_INVALID_PARAMETER);
+		return;
+	}
+
+	SMBSRV_TALLOC_IO_PTR(sc, union smb_search_close);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_fclose_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	p = req->in.data;
+	p += req_pull_ascii4(&req->in.bufinfo, &pattern, p, STR_TERMINATE);
+	if (pattern && *pattern) {
+		smbsrv_send_error(req, NT_STATUS_INVALID_PARAMETER);
+		return;
+	}
+	
+	if (req_data_oob(&req->in.bufinfo, p, 3)) {
+		smbsrv_send_error(req, NT_STATUS_INVALID_PARAMETER);
+		return;
+	}
+	if (*p != 5) {
+		smbsrv_send_error(req, NT_STATUS_INVALID_PARAMETER);
+		return;
+	}
+	resume_key_length = SVAL(p, 1);
+	p += 3;
+
+	if (resume_key_length != 21) {
+		smbsrv_send_error(req, NT_STATUS_INVALID_PARAMETER);
+		return;
+	}
+
+	if (req_data_oob(&req->in.bufinfo, p, 21)) {
+		smbsrv_send_error(req, NT_STATUS_INVALID_PARAMETER);
+		return;
+	}
+
+	sc->fclose.level               = RAW_FINDCLOSE_FCLOSE;
+	sc->fclose.in.max_count        = SVAL(req->in.vwv, VWV(0));
+	sc->fclose.in.search_attrib    = SVAL(req->in.vwv, VWV(1));
+	sc->fclose.in.id.reserved      = CVAL(p, 0);
+	memcpy(sc->fclose.in.id.name,    p+1, 11);
+	sc->fclose.in.id.handle        = CVAL(p, 12);
+	sc->fclose.in.id.server_cookie = IVAL(p, 13);
+	sc->fclose.in.id.client_cookie = IVAL(p, 17);
+
+	SMBSRV_CALL_NTVFS_BACKEND(ntvfs_search_close(req->ntvfs, sc));
+
+}
diff --git a/source4/smb_server/smb/service.c b/source4/smb_server/smb/service.c
new file mode 100644
index 0000000..eb1874c
--- /dev/null
+++ b/source4/smb_server/smb/service.c
@@ -0,0 +1,202 @@
+/* 
+   Unix SMB/CIFS implementation.
+   service (connection) handling
+   Copyright (C) Andrew Tridgell 1992-2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "smb_server/smb_server.h"
+#include "samba/service_stream.h"
+#include "ntvfs/ntvfs.h"
+#include "param/param.h"
+
+#undef strcasecmp
+
+/****************************************************************************
+  Make a connection, given the snum to connect to, and the vuser of the
+  connecting user if appropriate.
+  Does note invoke the NTVFS connection hook
+****************************************************************************/
+static NTSTATUS make_connection_scfg(struct smbsrv_request *req,
+				     struct share_config *scfg,
+				     enum ntvfs_type type,
+				     DATA_BLOB password, 
+				     const char *dev)
+{
+	struct smbsrv_tcon *tcon;
+	NTSTATUS status;
+	uint64_t ntvfs_caps = 0;
+
+	tcon = smbsrv_smb_tcon_new(req->smb_conn, scfg->name);
+	if (!tcon) {
+		DEBUG(0,("Couldn't find free connection.\n"));
+		return NT_STATUS_INSUFFICIENT_RESOURCES;
+	}
+	req->tcon = tcon;
+
+	if (req->smb_conn->negotiate.client_caps & CAP_LEVEL_II_OPLOCKS) {
+		ntvfs_caps |= NTVFS_CLIENT_CAP_LEVEL_II_OPLOCKS;
+	}
+
+	/* init ntvfs function pointers */
+	status = ntvfs_init_connection(tcon, scfg, type,
+				       req->smb_conn->negotiate.protocol,
+				       ntvfs_caps,
+				       req->smb_conn->connection->event.ctx,
+				       req->smb_conn->connection->msg_ctx,
+				       req->smb_conn->lp_ctx,
+				       req->smb_conn->connection->server_id,
+				       &tcon->ntvfs);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("make_connection_scfg: connection failed for service %s\n", 
+			  scfg->name));
+		goto failed;
+	}
+
+	status = ntvfs_set_oplock_handler(tcon->ntvfs, smbsrv_send_oplock_break, tcon);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("make_connection: NTVFS failed to set the oplock handler!\n"));
+		goto failed;
+	}
+
+	status = ntvfs_set_addresses(tcon->ntvfs,
+				     req->smb_conn->connection->local_address,
+				     req->smb_conn->connection->remote_address);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("make_connection: NTVFS failed to set the addresses!\n"));
+		goto failed;
+	}
+
+	status = ntvfs_set_handle_callbacks(tcon->ntvfs,
+					    smbsrv_handle_create_new,
+					    smbsrv_handle_make_valid,
+					    smbsrv_handle_destroy,
+					    smbsrv_handle_search_by_wire_key,
+					    smbsrv_handle_get_wire_key,
+					    tcon);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("make_connection: NTVFS failed to set the handle callbacks!\n"));
+		goto failed;
+	}
+
+	return NT_STATUS_OK;
+
+failed:
+	req->tcon = NULL;
+	talloc_free(tcon);
+	return status;
+}
+
+/****************************************************************************
+ Make a connection to a service.
+ *
+ * @param service 
+****************************************************************************/
+static NTSTATUS make_connection(struct smbsrv_request *req,
+				const char *service, DATA_BLOB password, 
+				const char *dev)
+{
+	NTSTATUS status;
+	enum ntvfs_type type;
+	const char *type_str;
+	struct share_config *scfg;
+	char *sharetype;
+
+	/* the service might be of the form \\SERVER\SHARE. Should we put
+	   the server name we get from this somewhere? */
+	if (strncmp(service, "\\\\", 2) == 0) {
+		char *p = strchr(service+2, '\\');
+		if (p) {
+			service = p + 1;
+		}
+	}
+
+	status = share_get_config(req, req->smb_conn->share_context, service, &scfg);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("make_connection: couldn't find service %s: %s\n", service, nt_errstr(status)));
+		return NT_STATUS_BAD_NETWORK_NAME;
+	}
+
+	/* TODO: check the password, when it's share level security! */
+
+	if (!socket_check_access(req->smb_conn->connection->socket, 
+				 scfg->name, 
+				 share_string_list_option(req, scfg, SHARE_HOSTS_ALLOW), 
+				 share_string_list_option(req, scfg, SHARE_HOSTS_DENY))) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	/* work out what sort of connection this is */
+	sharetype = share_string_option(req, scfg, "type", "DISK");
+	if (sharetype && strcmp(sharetype, "IPC") == 0) {
+		type = NTVFS_IPC;
+		type_str = "IPC";
+	} else if (sharetype && strcmp(sharetype, "PRINTER") == 0) {
+		type = NTVFS_PRINT;
+		type_str = "LPT:";
+	} else {
+		type = NTVFS_DISK;
+		type_str = "A:";
+	}
+	TALLOC_FREE(sharetype);
+
+	if (strcmp(dev, "?????") != 0 && strcasecmp(type_str, dev) != 0) {
+		/* the client gave us the wrong device type */
+		return NT_STATUS_BAD_DEVICE_TYPE;
+	}
+
+	return make_connection_scfg(req, scfg, type, password, dev);
+}
+
+/*
+  backend for tree connect call, in preparation for calling ntvfs_connect()
+*/
+NTSTATUS smbsrv_tcon_backend(struct smbsrv_request *req, union smb_tcon *con)
+{
+	NTSTATUS status;
+
+	if (con->generic.level == RAW_TCON_TCON) {
+		DATA_BLOB password;
+		password = data_blob_string_const(con->tcon.in.password);
+
+		status = make_connection(req, con->tcon.in.service, password, con->tcon.in.dev);
+		
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+
+		con->tcon.out.max_xmit = req->smb_conn->negotiate.max_recv;
+		con->tcon.out.tid = req->tcon->tid;
+
+		return status;
+	} 
+
+	/* TODO: take a look at tconx.in.flags! */
+
+	status = make_connection(req, con->tconx.in.path, con->tconx.in.password, 
+				 con->tconx.in.device);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	con->tconx.out.tid = req->tcon->tid;
+	con->tconx.out.options = SMB_SUPPORT_SEARCH_BITS | (share_int_option(req->tcon->ntvfs->config, SHARE_CSC_POLICY, SHARE_CSC_POLICY_DEFAULT) << 2);
+	if (share_bool_option(req->tcon->ntvfs->config, SHARE_MSDFS_ROOT, SHARE_MSDFS_ROOT_DEFAULT) && lpcfg_host_msdfs(req->smb_conn->lp_ctx)) {
+		con->tconx.out.options |= SMB_SHARE_IN_DFS;
+	}
+
+	return status;
+}
diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c
new file mode 100644
index 0000000..69cbdca
--- /dev/null
+++ b/source4/smb_server/smb/sesssetup.c
@@ -0,0 +1,646 @@
+
+/* 
+   Unix SMB/CIFS implementation.
+   handle SMBsessionsetup
+   Copyright (C) Andrew Tridgell                      1998-2001
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2001-2005
+   Copyright (C) Jim McDonough                        2002
+   Copyright (C) Luke Howard                          2003
+   Copyright (C) Stefan Metzmacher                    2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <tevent.h>
+#include "version.h"
+#include "auth/gensec/gensec.h"
+#include "auth/auth.h"
+#include "smb_server/smb_server.h"
+#include "samba/service_stream.h"
+#include "param/param.h"
+#include "../lib/tsocket/tsocket.h"
+#include "lib/stream/packet.h"
+
+struct sesssetup_context {
+	struct auth4_context *auth_context;
+	struct smbsrv_request *req;
+};
+
+/*
+ * Log the SMB authentication, as by not calling GENSEC we won't log
+ * it during the gensec_session_info().
+ */
+void smbsrv_not_spengo_sesssetup_authz_log(struct smbsrv_request *req,
+					       struct auth_session_info *session_info)
+{
+	struct tsocket_address *local_address;
+	struct tsocket_address *remote_address;
+	TALLOC_CTX *frame = talloc_stackframe();
+
+	remote_address = socket_get_remote_addr(req->smb_conn->connection->socket,
+						frame);
+	local_address = socket_get_local_addr(req->smb_conn->connection->socket,
+					      frame);
+
+	log_successful_authz_event(req->smb_conn->connection->msg_ctx,
+				   req->smb_conn->lp_ctx,
+				   remote_address,
+				   local_address,
+				   "SMB",
+				   "bare-NTLM",
+				   AUTHZ_TRANSPORT_PROTECTION_SMB,
+				   session_info,
+				   NULL /* client_audit_info */,
+				   NULL /* server_audit_info */);
+
+	talloc_free(frame);
+	return;
+}
+
+
+/*
+  setup the OS, Lanman and domain portions of a session setup reply
+*/
+static void sesssetup_common_strings(struct smbsrv_request *req,
+				     char **os, char **lanman, char **domain)
+{
+	(*os) = talloc_asprintf(req, "Unix");
+	(*lanman) = talloc_asprintf(req, "Samba %s", SAMBA_VERSION_STRING);
+	(*domain) = talloc_asprintf(req, "%s", 
+				    lpcfg_workgroup(req->smb_conn->lp_ctx));
+}
+
+static void smbsrv_sesssetup_backend_send(struct smbsrv_request *req,
+					  union smb_sesssetup *sess,
+					  NTSTATUS status)
+{
+	if (NT_STATUS_IS_OK(status)) {
+		req->smb_conn->negotiate.done_sesssetup = true;
+		/* we need to keep the session long term */
+		req->session = talloc_steal(req->smb_conn, req->session);
+	}
+	smbsrv_reply_sesssetup_send(req, sess, status);
+}
+
+static void sesssetup_old_send(struct tevent_req *subreq)
+{
+	struct sesssetup_context *state = tevent_req_callback_data(subreq, struct sesssetup_context);
+	struct smbsrv_request *req = state->req;
+
+	union smb_sesssetup *sess = talloc_get_type(req->io_ptr, union smb_sesssetup);
+	struct auth_user_info_dc *user_info_dc = NULL;
+	struct auth_session_info *session_info;
+	struct smbsrv_session *smb_sess;
+	NTSTATUS status;
+	uint8_t authoritative = 1;
+	uint32_t flags;
+
+	status = auth_check_password_recv(subreq, req, &user_info_dc,
+					  &authoritative);
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(status)) goto failed;
+
+	flags = AUTH_SESSION_INFO_DEFAULT_GROUPS;
+	if (!(user_info_dc->info->user_flags & NETLOGON_GUEST)) {
+		flags |= AUTH_SESSION_INFO_AUTHENTICATED;
+	}
+	/* This references user_info_dc into session_info */
+	status = req->smb_conn->negotiate.auth_context->generate_session_info(req->smb_conn->negotiate.auth_context,
+									      req,
+									      user_info_dc, sess->old.in.user, 
+									      flags, &session_info);
+	if (!NT_STATUS_IS_OK(status)) goto failed;
+
+	/* allocate a new session */
+	smb_sess = smbsrv_session_new(req->smb_conn, req, NULL);
+	if (!smb_sess) {
+		status = NT_STATUS_INSUFFICIENT_RESOURCES;
+		goto failed;
+	}
+
+	smbsrv_not_spengo_sesssetup_authz_log(req, session_info);
+
+	/* Ensure this is marked as a 'real' vuid, not one
+	 * simply valid for the session setup leg */
+	status = smbsrv_session_sesssetup_finished(smb_sess, session_info);
+	if (!NT_STATUS_IS_OK(status)) goto failed;
+
+	/* To correctly process any AndX packet (like a tree connect)
+	 * we need to fill in the session on the request here */
+	req->session = smb_sess;
+	sess->old.out.vuid = smb_sess->vuid;
+
+failed:
+	status = nt_status_squash(status);
+	smbsrv_sesssetup_backend_send(req, sess, status);
+}
+
+/*
+  handler for old style session setup
+*/
+static void sesssetup_old(struct smbsrv_request *req, union smb_sesssetup *sess)
+{
+	struct auth_usersupplied_info *user_info = NULL;
+	struct tsocket_address *remote_address, *local_address;
+	const char *remote_machine = NULL;
+	struct tevent_req *subreq;
+	struct sesssetup_context *state;
+
+	sess->old.out.vuid = 0;
+	sess->old.out.action = 0;
+
+	sesssetup_common_strings(req, 
+				 &sess->old.out.os,
+				 &sess->old.out.lanman,
+				 &sess->old.out.domain);
+
+	if (!req->smb_conn->negotiate.done_sesssetup) {
+		req->smb_conn->negotiate.max_send = sess->old.in.bufsize;
+	}
+
+	if (req->smb_conn->negotiate.calling_name) {
+		remote_machine = req->smb_conn->negotiate.calling_name->name;
+	}
+	
+	remote_address = socket_get_remote_addr(req->smb_conn->connection->socket, req);
+	if (!remote_address) goto nomem;
+
+	if (!remote_machine) {
+		remote_machine = tsocket_address_inet_addr_string(remote_address, req);
+		if (!remote_machine) goto nomem;
+	}
+
+	local_address = socket_get_local_addr(req->smb_conn->connection->socket, req);
+	if (!local_address) goto nomem;
+
+	user_info = talloc_zero(req, struct auth_usersupplied_info);
+	if (!user_info) goto nomem;
+
+	user_info->service_description = "SMB";
+	
+	user_info->logon_parameters = 0;
+	user_info->flags = 0;
+	user_info->client.account_name = sess->old.in.user;
+	user_info->client.domain_name = sess->old.in.domain;
+	user_info->workstation_name = remote_machine;
+
+	user_info->remote_host = talloc_steal(user_info, remote_address);
+	user_info->local_host = talloc_steal(user_info, local_address);
+	
+	user_info->password_state = AUTH_PASSWORD_RESPONSE;
+	user_info->password.response.lanman = sess->old.in.password;
+	user_info->password.response.lanman.data = talloc_steal(user_info, sess->old.in.password.data);
+	user_info->password.response.nt = data_blob(NULL, 0);
+
+	state = talloc(req, struct sesssetup_context);
+	if (!state) goto nomem;
+
+	if (req->smb_conn->negotiate.auth_context) {
+		state->auth_context = req->smb_conn->negotiate.auth_context;
+	} else {
+		/* TODO: should we use just "anonymous" here? */
+		NTSTATUS status = auth_context_create(state,
+						      req->smb_conn->connection->event.ctx,
+						      req->smb_conn->connection->msg_ctx,
+						      req->smb_conn->lp_ctx,
+						      &state->auth_context);
+		if (!NT_STATUS_IS_OK(status)) {
+			smbsrv_sesssetup_backend_send(req, sess, status);
+			return;
+		}
+	}
+
+	state->req = req;
+
+	subreq = auth_check_password_send(state,
+					  req->smb_conn->connection->event.ctx,
+					  req->smb_conn->negotiate.auth_context,
+					  user_info);
+	if (!subreq) goto nomem;
+	tevent_req_set_callback(subreq, sesssetup_old_send, state);
+	return;
+
+nomem:
+	smbsrv_sesssetup_backend_send(req, sess, NT_STATUS_NO_MEMORY);
+}
+
+static void sesssetup_nt1_send(struct tevent_req *subreq)
+{
+	struct sesssetup_context *state = tevent_req_callback_data(subreq, struct sesssetup_context);
+	struct smbsrv_request *req = state->req;
+	union smb_sesssetup *sess = talloc_get_type(req->io_ptr, union smb_sesssetup);
+	struct auth_user_info_dc *user_info_dc = NULL;
+	struct auth_session_info *session_info;
+	struct smbsrv_session *smb_sess;
+	uint8_t authoritative = 1;
+	uint32_t flags;
+	NTSTATUS status;
+
+	status = auth_check_password_recv(subreq, req, &user_info_dc,
+					  &authoritative);
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(status)) goto failed;
+
+	flags = AUTH_SESSION_INFO_DEFAULT_GROUPS;
+	if (!(user_info_dc->info->user_flags & NETLOGON_GUEST)) {
+		flags |= AUTH_SESSION_INFO_AUTHENTICATED;
+	}
+	/* This references user_info_dc into session_info */
+	status = state->auth_context->generate_session_info(state->auth_context,
+							    req,
+							    user_info_dc,
+							    sess->nt1.in.user,
+							    flags,
+							    &session_info);
+	if (!NT_STATUS_IS_OK(status)) goto failed;
+
+	/* allocate a new session */
+	smb_sess = smbsrv_session_new(req->smb_conn, req, NULL);
+	if (!smb_sess) {
+		status = NT_STATUS_INSUFFICIENT_RESOURCES;
+		goto failed;
+	}
+
+	smbsrv_not_spengo_sesssetup_authz_log(req, session_info);
+
+	/* Ensure this is marked as a 'real' vuid, not one
+	 * simply valid for the session setup leg */
+	status = smbsrv_session_sesssetup_finished(smb_sess, session_info);
+	if (!NT_STATUS_IS_OK(status)) goto failed;
+
+	/* To correctly process any AndX packet (like a tree connect)
+	 * we need to fill in the session on the request here */
+	req->session = smb_sess;
+	sess->nt1.out.vuid = smb_sess->vuid;
+
+ 	if (!smbsrv_setup_signing(req->smb_conn, &session_info->session_key, &sess->nt1.in.password2)) {
+		/* Already signing, or disabled */
+		goto done;
+	}
+
+done:
+	status = NT_STATUS_OK;
+failed:
+	status = nt_status_squash(status);
+	smbsrv_sesssetup_backend_send(req, sess, status);
+}
+
+/*
+  handler for NT1 style session setup
+*/
+static void sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *sess)
+{
+	NTSTATUS status;
+	struct auth_usersupplied_info *user_info = NULL;
+	struct tsocket_address *remote_address, *local_address;
+	const char *remote_machine = NULL;
+	struct tevent_req *subreq;
+	struct sesssetup_context *state;
+	bool allow_raw = lpcfg_raw_ntlmv2_auth(req->smb_conn->lp_ctx);
+
+	sess->nt1.out.vuid = 0;
+	sess->nt1.out.action = 0;
+
+	sesssetup_common_strings(req, 
+				 &sess->nt1.out.os,
+				 &sess->nt1.out.lanman,
+				 &sess->nt1.out.domain);
+
+	if (!req->smb_conn->negotiate.done_sesssetup) {
+		req->smb_conn->negotiate.max_send = sess->nt1.in.bufsize;
+		req->smb_conn->negotiate.client_caps = sess->nt1.in.capabilities;
+	}
+
+	state = talloc(req, struct sesssetup_context);
+	if (!state) goto nomem;
+
+	state->req = req;
+
+	if (req->smb_conn->negotiate.oid) {
+		if (sess->nt1.in.user && *sess->nt1.in.user) {
+			/* We can't accept a normal login, because we
+			 * don't have a challenge */
+			status = NT_STATUS_LOGON_FAILURE;
+			goto failed;
+		}
+
+		/* TODO: should we use just "anonymous" here? */
+		status = auth_context_create(state,
+					     req->smb_conn->connection->event.ctx,
+					     req->smb_conn->connection->msg_ctx,
+					     req->smb_conn->lp_ctx,
+					     &state->auth_context);
+		if (!NT_STATUS_IS_OK(status)) goto failed;
+	} else if (req->smb_conn->negotiate.auth_context) {
+		state->auth_context = req->smb_conn->negotiate.auth_context;
+	} else {
+		/* TODO: should we use just "anonymous" here? */
+		status = auth_context_create(state,
+					     req->smb_conn->connection->event.ctx,
+					     req->smb_conn->connection->msg_ctx,
+					     req->smb_conn->lp_ctx,
+					     &state->auth_context);
+		if (!NT_STATUS_IS_OK(status)) goto failed;
+	}
+
+	if (req->smb_conn->negotiate.calling_name) {
+		remote_machine = req->smb_conn->negotiate.calling_name->name;
+	}
+
+	remote_address = socket_get_remote_addr(req->smb_conn->connection->socket, req);
+	if (!remote_address) goto nomem;
+
+	if (!remote_machine) {
+		remote_machine = tsocket_address_inet_addr_string(remote_address, req);
+		if (!remote_machine) goto nomem;
+	}
+
+	local_address = socket_get_local_addr(req->smb_conn->connection->socket, req);
+	if (!local_address) goto nomem;
+
+	user_info = talloc_zero(req, struct auth_usersupplied_info);
+	if (!user_info) goto nomem;
+
+	user_info->service_description = "SMB";
+	user_info->auth_description = "bare-NTLM";
+
+	user_info->logon_parameters = 0;
+	user_info->flags = 0;
+	user_info->client.account_name = sess->nt1.in.user;
+	user_info->client.domain_name = sess->nt1.in.domain;
+	user_info->workstation_name = remote_machine;
+	user_info->remote_host = talloc_steal(user_info, remote_address);
+	user_info->local_host = talloc_steal(user_info, local_address);
+	
+	user_info->password_state = AUTH_PASSWORD_RESPONSE;
+	user_info->password.response.lanman = sess->nt1.in.password1;
+	user_info->password.response.lanman.data = talloc_steal(user_info, sess->nt1.in.password1.data);
+	user_info->password.response.nt = sess->nt1.in.password2;
+	user_info->password.response.nt.data = talloc_steal(user_info, sess->nt1.in.password2.data);
+
+	if (!allow_raw && user_info->password.response.nt.length >= 48) {
+		/*
+		 * NTLMv2_RESPONSE has at least 48 bytes
+		 * and should only be supported via NTLMSSP.
+		 */
+		status = NT_STATUS_INVALID_PARAMETER;
+		goto failed;
+	}
+
+	subreq = auth_check_password_send(state,
+					  req->smb_conn->connection->event.ctx,
+					  state->auth_context,
+					  user_info);
+	if (!subreq) goto nomem;
+	tevent_req_set_callback(subreq, sesssetup_nt1_send, state);
+
+	return;
+
+nomem:
+	status = NT_STATUS_NO_MEMORY;
+failed:
+	status = nt_status_squash(status);
+	smbsrv_sesssetup_backend_send(req, sess, status);
+}
+
+struct sesssetup_spnego_state {
+	struct smbsrv_request *req;
+	union smb_sesssetup *sess;
+	struct smbsrv_session *smb_sess;
+};
+
+static void sesssetup_spnego_send(struct tevent_req *subreq)
+{
+	struct sesssetup_spnego_state *s = tevent_req_callback_data(subreq,
+					   struct sesssetup_spnego_state);
+	struct smbsrv_request *req = s->req;
+	union smb_sesssetup *sess = s->sess;
+	struct smbsrv_session *smb_sess = s->smb_sess;
+	struct auth_session_info *session_info = NULL;
+	NTSTATUS status;
+	NTSTATUS skey_status;
+	DATA_BLOB session_key;
+
+	status = gensec_update_recv(subreq, req, &sess->spnego.out.secblob);
+	packet_recv_enable(req->smb_conn->packet);
+	TALLOC_FREE(subreq);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+		goto done;
+	} else if (!NT_STATUS_IS_OK(status)) {
+		goto failed;
+	}
+
+	status = gensec_session_info(smb_sess->gensec_ctx, smb_sess, &session_info);
+	if (!NT_STATUS_IS_OK(status)) goto failed;
+
+	/* The session_key is only needed until the end of the smbsrv_setup_signing() call */
+	skey_status = gensec_session_key(smb_sess->gensec_ctx, req, &session_key);
+	if (NT_STATUS_IS_OK(skey_status)) {
+		smbsrv_setup_signing(req->smb_conn, &session_key, NULL);
+	}
+
+	/* Ensure this is marked as a 'real' vuid, not one
+	 * simply valid for the session setup leg */
+	status = smbsrv_session_sesssetup_finished(smb_sess, session_info);
+	if (!NT_STATUS_IS_OK(status)) goto failed;
+
+	req->session = smb_sess;
+
+done:
+	sess->spnego.out.vuid = smb_sess->vuid;
+failed:
+	status = nt_status_squash(status);
+	smbsrv_sesssetup_backend_send(req, sess, status);
+	if (!NT_STATUS_IS_OK(status) && 
+	    !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+		talloc_free(smb_sess);
+	}
+}
+
+/*
+  handler for SPNEGO style session setup
+*/
+static void sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *sess)
+{
+	NTSTATUS status;
+	struct smbsrv_session *smb_sess = NULL;
+	bool is_smb_sess_new = false;
+	struct sesssetup_spnego_state *s = NULL;
+	uint16_t vuid;
+	struct tevent_req *subreq;
+
+	sess->spnego.out.vuid = 0;
+	sess->spnego.out.action = 0;
+
+	sesssetup_common_strings(req, 
+				 &sess->spnego.out.os,
+				 &sess->spnego.out.lanman,
+				 &sess->spnego.out.workgroup);
+
+	if (!req->smb_conn->negotiate.done_sesssetup) {
+		req->smb_conn->negotiate.max_send = sess->spnego.in.bufsize;
+		req->smb_conn->negotiate.client_caps = sess->spnego.in.capabilities;
+	}
+
+	vuid = SVAL(req->in.hdr,HDR_UID);
+
+	/* lookup an existing session */
+	if (vuid == 0) {
+		struct gensec_security *gensec_ctx;
+		struct tsocket_address *remote_address, *local_address;
+		status = samba_server_gensec_start(req,
+						   req->smb_conn->connection->event.ctx,
+						   req->smb_conn->connection->msg_ctx,
+						   req->smb_conn->lp_ctx,
+						   req->smb_conn->negotiate.server_credentials,
+						   "cifs",
+						   &gensec_ctx);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status)));
+			goto failed;
+		}
+
+		gensec_want_feature(gensec_ctx, GENSEC_FEATURE_SESSION_KEY);
+		gensec_want_feature(gensec_ctx, GENSEC_FEATURE_SMB_TRANSPORT);
+
+		remote_address = socket_get_remote_addr(req->smb_conn->connection->socket,
+							req);
+		if (!remote_address) {
+			status = NT_STATUS_INTERNAL_ERROR;
+			DBG_ERR("Failed to obtain remote address\n");
+			goto failed;
+		}
+
+		status = gensec_set_remote_address(gensec_ctx,
+						   remote_address);
+		if (!NT_STATUS_IS_OK(status)) {
+			DBG_ERR("Failed to set remote address\n");
+			goto failed;
+		}
+
+		local_address = socket_get_local_addr(req->smb_conn->connection->socket,
+							req);
+		if (!local_address) {
+			status = NT_STATUS_INTERNAL_ERROR;
+			DBG_ERR("Failed to obtain local address\n");
+			goto failed;
+		}
+
+		status = gensec_set_local_address(gensec_ctx,
+						   local_address);
+		if (!NT_STATUS_IS_OK(status)) {
+			DBG_ERR("Failed to set local address\n");
+			goto failed;
+		}
+
+		status = gensec_set_target_service_description(gensec_ctx,
+							       "SMB");
+
+		if (!NT_STATUS_IS_OK(status)) {
+			DBG_ERR("Failed to set service description\n");
+			goto failed;
+		}
+
+		status = gensec_start_mech_by_oid(gensec_ctx, req->smb_conn->negotiate.oid);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(1, ("Failed to start GENSEC %s server code: %s\n", 
+				  gensec_get_name_by_oid(gensec_ctx, req->smb_conn->negotiate.oid), nt_errstr(status)));
+			goto failed;
+		}
+
+		/* allocate a new session */
+		smb_sess = smbsrv_session_new(req->smb_conn, req->smb_conn, gensec_ctx);
+		if (!smb_sess) {
+			status = NT_STATUS_INSUFFICIENT_RESOURCES;
+			goto failed;
+		}
+		is_smb_sess_new = true;
+	} else {
+		smb_sess = smbsrv_session_find_sesssetup(req->smb_conn, vuid);
+	}
+
+	if (!smb_sess) {
+		status = NT_STATUS_DOS(ERRSRV, ERRbaduid);
+		goto failed;
+	}
+
+	if (smb_sess->session_info) {
+		status = NT_STATUS_INVALID_PARAMETER;
+		goto failed;
+	}
+
+	if (!smb_sess->gensec_ctx) {
+		status = NT_STATUS_INTERNAL_ERROR;
+		DEBUG(1, ("Internal ERROR: no gensec_ctx on session: %s\n", nt_errstr(status)));
+		goto failed;
+	}
+
+	s = talloc(req, struct sesssetup_spnego_state);
+	if (!s) goto nomem;
+	s->req		= req;
+	s->sess		= sess;
+	s->smb_sess	= smb_sess;
+
+	subreq = gensec_update_send(s,
+				    req->smb_conn->connection->event.ctx,
+				    smb_sess->gensec_ctx,
+				    sess->spnego.in.secblob);
+	if (!subreq) {
+		goto nomem;
+	}
+	/* disable receipt of more packets on this socket until we've
+	   finished with the session setup. This avoids a problem with
+	   crashes if we get EOF on the socket while processing a session
+	   setup */
+	packet_recv_disable(req->smb_conn->packet);
+	tevent_req_set_callback(subreq, sesssetup_spnego_send, s);
+
+	return;
+
+nomem:
+	status = NT_STATUS_NO_MEMORY;
+failed:
+	if (is_smb_sess_new) {
+		talloc_free(smb_sess);
+	}
+	status = nt_status_squash(status);
+	smbsrv_sesssetup_backend_send(req, sess, status);
+}
+
+/*
+  backend for sessionsetup call - this takes all 3 variants of the call
+*/
+void smbsrv_sesssetup_backend(struct smbsrv_request *req,
+			      union smb_sesssetup *sess)
+{
+	switch (sess->old.level) {
+		case RAW_SESSSETUP_OLD:
+			sesssetup_old(req, sess);
+			return;
+
+		case RAW_SESSSETUP_NT1:
+			sesssetup_nt1(req, sess);
+			return;
+
+		case RAW_SESSSETUP_SPNEGO:
+			sesssetup_spnego(req, sess);
+			return;
+
+		case RAW_SESSSETUP_SMB2:
+			break;
+	}
+
+	smbsrv_sesssetup_backend_send(req, sess, NT_STATUS_INVALID_LEVEL);
+}
diff --git a/source4/smb_server/smb/signing.c b/source4/smb_server/smb/signing.c
new file mode 100644
index 0000000..3fe7cff
--- /dev/null
+++ b/source4/smb_server/smb/signing.c
@@ -0,0 +1,147 @@
+/* 
+   Unix SMB/CIFS implementation.
+   
+   Copyright (C) Andrew Tridgell              2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "smb_server/smb_server.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "param/param.h"
+
+
+/*
+  sign an outgoing packet
+*/
+void smbsrv_sign_packet(struct smbsrv_request *req)
+{
+#if 0
+	/* enable this when packet signing is preventing you working out why valgrind 
+	   says that data is uninitialised */
+	file_save("pkt.dat", req->out.buffer, req->out.size);
+#endif
+
+	switch (req->smb_conn->signing.signing_state) {
+	case SMB_SIGNING_ENGINE_OFF:
+		break;
+
+	case SMB_SIGNING_ENGINE_BSRSPYL:
+		/* mark the packet as signed - BEFORE we sign it...*/
+		mark_packet_signed(&req->out);
+		
+		/* I wonder what BSRSPYL stands for - but this is what MS 
+		   actually sends! */
+		memcpy((req->out.hdr + HDR_SS_FIELD), "BSRSPYL ", 8);
+		break;
+
+	case SMB_SIGNING_ENGINE_ON:
+			
+		sign_outgoing_message(&req->out, 
+				      &req->smb_conn->signing.mac_key, 
+				      req->seq_num+1);
+		break;
+	}
+	return;
+}
+
+
+
+/*
+  setup the signing key for a connection. Called after authentication succeeds
+  in a session setup
+*/
+bool smbsrv_setup_signing(struct smbsrv_connection *smb_conn,
+			  DATA_BLOB *session_key,
+			  DATA_BLOB *response)
+{
+	if (!set_smb_signing_common(&smb_conn->signing)) {
+		return false;
+	}
+	return smbcli_simple_set_signing(smb_conn,
+					 &smb_conn->signing, session_key, response);
+}
+
+bool smbsrv_init_signing(struct smbsrv_connection *smb_conn)
+{
+	smb_conn->signing.mac_key = data_blob(NULL, 0);
+	if (!smbcli_set_signing_off(&smb_conn->signing)) {
+		return false;
+	}
+
+	smb_conn->signing.allow_smb_signing
+		= lpcfg_server_signing_allowed(smb_conn->lp_ctx,
+					       &smb_conn->signing.mandatory_signing);
+	return true;
+}
+
+/*
+  allocate a sequence number to a request
+*/
+static void req_signing_alloc_seq_num(struct smbsrv_request *req)
+{
+	req->seq_num = req->smb_conn->signing.next_seq_num;
+
+	if (req->smb_conn->signing.signing_state != SMB_SIGNING_ENGINE_OFF) {
+		req->smb_conn->signing.next_seq_num += 2;
+	}
+}
+
+/*
+  called for requests that do not produce a reply of their own
+*/
+void smbsrv_signing_no_reply(struct smbsrv_request *req)
+{
+	if (req->smb_conn->signing.signing_state != SMB_SIGNING_ENGINE_OFF) {
+		req->smb_conn->signing.next_seq_num--;
+	}
+}
+
+/***********************************************************
+ SMB signing - Simple implementation - check a MAC sent by client
+************************************************************/
+/**
+ * Check a packet supplied by the server.
+ * @return false if we had an established signing connection
+ *         which had a back checksum, true otherwise
+ */
+bool smbsrv_signing_check_incoming(struct smbsrv_request *req)
+{
+	bool good;
+
+	req_signing_alloc_seq_num(req);
+
+	switch (req->smb_conn->signing.signing_state) 
+	{
+	case SMB_SIGNING_ENGINE_OFF:
+		return true;
+	case SMB_SIGNING_ENGINE_BSRSPYL:
+	case SMB_SIGNING_ENGINE_ON:
+	{			
+		if (req->in.size < (HDR_SS_FIELD + 8)) {
+			return false;
+		} else {
+			good = check_signed_incoming_message(&req->in, 
+							     &req->smb_conn->signing.mac_key, 
+							     req->seq_num);
+			
+			return signing_good(&req->smb_conn->signing, 
+					    req->seq_num+1, good);
+		}
+	}
+	}
+	return false;
+}
diff --git a/source4/smb_server/smb/srvtime.c b/source4/smb_server/smb/srvtime.c
new file mode 100644
index 0000000..7aee907
--- /dev/null
+++ b/source4/smb_server/smb/srvtime.c
@@ -0,0 +1,82 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   server side time handling
+
+   Copyright (C) Andrew Tridgell 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "smb_server/smb_server.h"
+
+
+/*******************************************************************
+put a dos date into a buffer (time/date format)
+This takes GMT time and puts local time for zone_offset in the buffer
+********************************************************************/
+void srv_push_dos_date(struct smbsrv_connection *smb_server,
+		      uint8_t *buf, int offset, time_t unixdate)
+{
+	push_dos_date(buf, offset, unixdate, smb_server->negotiate.zone_offset);
+}
+
+/*******************************************************************
+put a dos date into a buffer (date/time format)
+This takes GMT time and puts local time in the buffer
+********************************************************************/
+void srv_push_dos_date2(struct smbsrv_connection *smb_server,
+		       uint8_t *buf, int offset, time_t unixdate)
+{
+	push_dos_date2(buf, offset, unixdate, smb_server->negotiate.zone_offset);
+}
+
+/*******************************************************************
+put a dos 32 bit "unix like" date into a buffer. This routine takes
+GMT and converts it to LOCAL time in zone_offset before putting it
+********************************************************************/
+void srv_push_dos_date3(struct smbsrv_connection *smb_server,
+		       uint8_t *buf, int offset, time_t unixdate)
+{
+	push_dos_date3(buf, offset, unixdate, smb_server->negotiate.zone_offset);
+}
+
+/*******************************************************************
+convert a dos date
+********************************************************************/
+time_t srv_pull_dos_date(struct smbsrv_connection *smb_server, 
+			 const uint8_t *date_ptr)
+{
+	return pull_dos_date(date_ptr, smb_server->negotiate.zone_offset);
+}
+
+/*******************************************************************
+like srv_pull_dos_date() but the words are reversed
+********************************************************************/
+time_t srv_pull_dos_date2(struct smbsrv_connection *smb_server, 
+			  const uint8_t *date_ptr)
+{
+	return pull_dos_date2(date_ptr, smb_server->negotiate.zone_offset);
+}
+
+/*******************************************************************
+  create a unix GMT date from a dos date in 32 bit "unix like" format
+  these arrive in server zone, with corresponding DST
+  ******************************************************************/
+time_t srv_pull_dos_date3(struct smbsrv_connection *smb_server,
+			  const uint8_t *date_ptr)
+{
+	return pull_dos_date3(date_ptr, smb_server->negotiate.zone_offset);
+}
diff --git a/source4/smb_server/smb/trans2.c b/source4/smb_server/smb/trans2.c
new file mode 100644
index 0000000..9e016ff
--- /dev/null
+++ b/source4/smb_server/smb/trans2.c
@@ -0,0 +1,1562 @@
+/* 
+   Unix SMB/CIFS implementation.
+   transaction2 handling
+   Copyright (C) Andrew Tridgell 2003
+   Copyright Matthieu Patou <mat@matws.net> 2010-2011
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+   This file handles the parsing of transact2 requests
+*/
+
+#include "includes.h"
+#include "samba/service_stream.h"
+#include "smb_server/smb_server.h"
+#include "ntvfs/ntvfs.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "librpc/gen_ndr/dfsblobs.h"
+#include "librpc/gen_ndr/ndr_dfsblobs.h"
+#include "dsdb/samdb/samdb.h"
+#include "auth/session.h"
+#include "param/param.h"
+#include "lib/tsocket/tsocket.h"
+#include "dfs_server/dfs_server_ad.h"
+
+#define MAX_DFS_RESPONSE 56*1024 /* 56 Kb */
+
+#define TRANS2_CHECK_ASYNC_STATUS_SIMPLE do { \
+	if (!NT_STATUS_IS_OK(req->ntvfs->async_states->status)) { \
+		trans2_setup_reply(trans, 0, 0, 0);\
+		return req->ntvfs->async_states->status; \
+	} \
+} while (0)
+#define TRANS2_CHECK_ASYNC_STATUS(ptr, type) do { \
+	TRANS2_CHECK_ASYNC_STATUS_SIMPLE; \
+	ptr = talloc_get_type(op->op_info, type); \
+} while (0)
+#define TRANS2_CHECK(cmd) do { \
+	NTSTATUS _status; \
+	_status = cmd; \
+	NT_STATUS_NOT_OK_RETURN(_status); \
+} while (0)
+
+/*
+  hold the state of a nttrans op while in progress. Needed to allow for async backend
+  functions.
+*/
+struct trans_op {
+	struct smbsrv_request *req;
+	struct smb_trans2 *trans;
+	uint8_t command;
+	NTSTATUS (*send_fn)(struct trans_op *);
+	void *op_info;
+};
+
+#define CHECK_MIN_BLOB_SIZE(blob, size) do { \
+	if ((blob)->length < (size)) { \
+		return NT_STATUS_INFO_LENGTH_MISMATCH; \
+	}} while (0)
+
+/* setup a trans2 reply, given the data and params sizes */
+static NTSTATUS trans2_setup_reply(struct smb_trans2 *trans,
+				   uint16_t param_size, uint16_t data_size,
+				   uint8_t setup_count)
+{
+	trans->out.setup_count = setup_count;
+	if (setup_count > 0) {
+		trans->out.setup = talloc_zero_array(trans, uint16_t, setup_count);
+		NT_STATUS_HAVE_NO_MEMORY(trans->out.setup);
+	}
+	trans->out.params = data_blob_talloc(trans, NULL, param_size);
+	if (param_size > 0) NT_STATUS_HAVE_NO_MEMORY(trans->out.params.data);
+
+	trans->out.data = data_blob_talloc(trans, NULL, data_size);
+	if (data_size > 0) NT_STATUS_HAVE_NO_MEMORY(trans->out.data.data);
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS trans2_push_fsinfo(struct smbsrv_connection *smb_conn,
+				   TALLOC_CTX *mem_ctx,
+				   DATA_BLOB *blob,
+				   union smb_fsinfo *fsinfo,
+				   int default_str_flags)
+{
+	enum smb_fsinfo_level passthru_level;
+
+	switch (fsinfo->generic.level) {
+	case RAW_QFS_ALLOCATION:
+		TRANS2_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, 18));
+
+		SIVAL(blob->data,  0, fsinfo->allocation.out.fs_id);
+		SIVAL(blob->data,  4, fsinfo->allocation.out.sectors_per_unit);
+		SIVAL(blob->data,  8, fsinfo->allocation.out.total_alloc_units);
+		SIVAL(blob->data, 12, fsinfo->allocation.out.avail_alloc_units);
+		SSVAL(blob->data, 16, fsinfo->allocation.out.bytes_per_sector);
+
+		return NT_STATUS_OK;
+
+	case RAW_QFS_VOLUME:
+		TRANS2_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, 5));
+
+		SIVAL(blob->data,       0, fsinfo->volume.out.serial_number);
+		/* w2k3 implements this incorrectly for unicode - it
+		 * leaves the last byte off the string */
+		TRANS2_CHECK(smbsrv_blob_append_string(mem_ctx, blob,
+						       fsinfo->volume.out.volume_name.s,
+						       4, default_str_flags,
+						       STR_LEN8BIT|STR_NOALIGN));
+
+		return NT_STATUS_OK;
+
+	case RAW_QFS_VOLUME_INFO:
+		passthru_level = RAW_QFS_VOLUME_INFORMATION;
+		break;
+
+	case RAW_QFS_SIZE_INFO:
+		passthru_level = RAW_QFS_SIZE_INFORMATION;
+		break;
+
+	case RAW_QFS_DEVICE_INFO:
+		passthru_level = RAW_QFS_DEVICE_INFORMATION;
+		break;
+
+	case RAW_QFS_ATTRIBUTE_INFO:
+		passthru_level = RAW_QFS_ATTRIBUTE_INFORMATION;
+		break;
+
+	default:
+		passthru_level = fsinfo->generic.level;
+		break;
+	}
+
+	return smbsrv_push_passthru_fsinfo(mem_ctx, blob,
+					   passthru_level, fsinfo,
+					   default_str_flags);
+}
+
+/*
+  trans2 qfsinfo implementation send
+*/
+static NTSTATUS trans2_qfsinfo_send(struct trans_op *op)
+{
+	struct smbsrv_request *req = op->req;
+	struct smb_trans2 *trans = op->trans;
+	union smb_fsinfo *fsinfo;
+
+	TRANS2_CHECK_ASYNC_STATUS(fsinfo, union smb_fsinfo);
+
+	TRANS2_CHECK(trans2_setup_reply(trans, 0, 0, 0));
+
+	TRANS2_CHECK(trans2_push_fsinfo(req->smb_conn, trans,
+					&trans->out.data, fsinfo,
+					SMBSRV_REQ_DEFAULT_STR_FLAGS(req)));
+
+	return NT_STATUS_OK;
+}
+
+/*
+  trans2 qfsinfo implementation
+*/
+static NTSTATUS trans2_qfsinfo(struct smbsrv_request *req, struct trans_op *op)
+{
+	struct smb_trans2 *trans = op->trans;
+	union smb_fsinfo *fsinfo;
+	uint16_t level;
+
+	/* make sure we got enough parameters */
+	if (trans->in.params.length != 2) {
+		return NT_STATUS_FOOBAR;
+	}
+
+	fsinfo = talloc(op, union smb_fsinfo);
+	NT_STATUS_HAVE_NO_MEMORY(fsinfo);
+
+	level = SVAL(trans->in.params.data, 0);
+
+	/* work out the backend level - we make it 1-1 in the header */
+	fsinfo->generic.level = (enum smb_fsinfo_level)level;
+	if (fsinfo->generic.level >= RAW_QFS_GENERIC) {
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	op->op_info = fsinfo;
+	op->send_fn = trans2_qfsinfo_send;
+
+	return ntvfs_fsinfo(req->ntvfs, fsinfo);
+}
+
+
+/*
+  trans2 open implementation send
+*/
+static NTSTATUS trans2_open_send(struct trans_op *op)
+{
+	struct smbsrv_request *req = op->req;
+	struct smb_trans2 *trans = op->trans;
+	union smb_open *io;
+
+	TRANS2_CHECK_ASYNC_STATUS(io, union smb_open);
+
+	TRANS2_CHECK(trans2_setup_reply(trans, 30, 0, 0));
+
+	smbsrv_push_fnum(trans->out.params.data, VWV(0), io->t2open.out.file.ntvfs);
+	SSVAL(trans->out.params.data, VWV(1), io->t2open.out.attrib);
+	srv_push_dos_date3(req->smb_conn, trans->out.params.data,
+			   VWV(2), io->t2open.out.write_time);
+	SIVAL(trans->out.params.data, VWV(4), io->t2open.out.size);
+	SSVAL(trans->out.params.data, VWV(6), io->t2open.out.access);
+	SSVAL(trans->out.params.data, VWV(7), io->t2open.out.ftype);
+	SSVAL(trans->out.params.data, VWV(8), io->t2open.out.devstate);
+	SSVAL(trans->out.params.data, VWV(9), io->t2open.out.action);
+	SIVAL(trans->out.params.data, VWV(10), 0); /* reserved */
+	SSVAL(trans->out.params.data, VWV(12), 0); /* EaErrorOffset */
+	SIVAL(trans->out.params.data, VWV(13), 0); /* EaLength */
+
+	return NT_STATUS_OK;
+}
+
+/*
+  trans2 open implementation
+*/
+static NTSTATUS trans2_open(struct smbsrv_request *req, struct trans_op *op)
+{
+	struct smb_trans2 *trans = op->trans;
+	union smb_open *io;
+
+	/* make sure we got enough parameters */
+	if (trans->in.params.length < 29) {
+		return NT_STATUS_FOOBAR;
+	}
+
+	io = talloc(op, union smb_open);
+	NT_STATUS_HAVE_NO_MEMORY(io);
+
+	io->t2open.level           = RAW_OPEN_T2OPEN;
+	io->t2open.in.flags        = SVAL(trans->in.params.data, VWV(0));
+	io->t2open.in.open_mode    = SVAL(trans->in.params.data, VWV(1));
+	io->t2open.in.search_attrs = SVAL(trans->in.params.data, VWV(2));
+	io->t2open.in.file_attrs   = SVAL(trans->in.params.data, VWV(3));
+	io->t2open.in.write_time   = srv_pull_dos_date(req->smb_conn,
+						    trans->in.params.data + VWV(4));
+	io->t2open.in.open_func    = SVAL(trans->in.params.data, VWV(6));
+	io->t2open.in.size         = IVAL(trans->in.params.data, VWV(7));
+	io->t2open.in.timeout      = IVAL(trans->in.params.data, VWV(9));
+	io->t2open.in.num_eas      = 0;
+	io->t2open.in.eas          = NULL;
+
+	smbsrv_blob_pull_string(&req->in.bufinfo, &trans->in.params, 28, &io->t2open.in.fname, 0);
+	if (io->t2open.in.fname == NULL) {
+		return NT_STATUS_FOOBAR;
+	}
+
+	TRANS2_CHECK(ea_pull_list(&trans->in.data, io, &io->t2open.in.num_eas, &io->t2open.in.eas));
+
+	op->op_info = io;
+	op->send_fn = trans2_open_send;
+
+	return ntvfs_open(req->ntvfs, io);
+}
+
+
+/*
+  trans2 simple send
+*/
+static NTSTATUS trans2_simple_send(struct trans_op *op)
+{
+	struct smbsrv_request *req = op->req;
+	struct smb_trans2 *trans = op->trans;
+
+	TRANS2_CHECK_ASYNC_STATUS_SIMPLE;
+
+	TRANS2_CHECK(trans2_setup_reply(trans, 2, 0, 0));
+
+	SSVAL(trans->out.params.data, VWV(0), 0);
+
+	return NT_STATUS_OK;
+}
+
+/*
+  trans2 mkdir implementation
+*/
+static NTSTATUS trans2_mkdir(struct smbsrv_request *req, struct trans_op *op)
+{
+	struct smb_trans2 *trans = op->trans;
+	union smb_mkdir *io;
+
+	/* make sure we got enough parameters */
+	if (trans->in.params.length < 5) {
+		return NT_STATUS_FOOBAR;
+	}
+
+	io = talloc(op, union smb_mkdir);
+	NT_STATUS_HAVE_NO_MEMORY(io);
+
+	io->t2mkdir.level = RAW_MKDIR_T2MKDIR;
+	smbsrv_blob_pull_string(&req->in.bufinfo, &trans->in.params, 4, &io->t2mkdir.in.path, 0);
+	if (io->t2mkdir.in.path == NULL) {
+		return NT_STATUS_FOOBAR;
+	}
+
+	TRANS2_CHECK(ea_pull_list(&trans->in.data, io,
+				  &io->t2mkdir.in.num_eas,
+				  &io->t2mkdir.in.eas));
+
+	op->op_info = io;
+	op->send_fn = trans2_simple_send;
+
+	return ntvfs_mkdir(req->ntvfs, io);
+}
+
+static NTSTATUS trans2_push_fileinfo(struct smbsrv_connection *smb_conn,
+				     TALLOC_CTX *mem_ctx,
+				     DATA_BLOB *blob,
+				     union smb_fileinfo *st,
+				     int default_str_flags)
+{
+	uint32_t list_size;
+	enum smb_fileinfo_level passthru_level;
+
+	switch (st->generic.level) {
+	case RAW_FILEINFO_GENERIC:
+	case RAW_FILEINFO_GETATTR:
+	case RAW_FILEINFO_GETATTRE:
+	case RAW_FILEINFO_SEC_DESC:
+	case RAW_FILEINFO_SMB2_ALL_EAS:
+	case RAW_FILEINFO_SMB2_ALL_INFORMATION:
+		/* handled elsewhere */
+		return NT_STATUS_INVALID_LEVEL;
+
+	case RAW_FILEINFO_UNIX_BASIC:
+	case RAW_FILEINFO_UNIX_LINK:
+		/* not implemented yet */
+		return NT_STATUS_INVALID_LEVEL;
+
+	case RAW_FILEINFO_STANDARD:
+		TRANS2_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, 22));
+
+		srv_push_dos_date2(smb_conn, blob->data, 0, st->standard.out.create_time);
+		srv_push_dos_date2(smb_conn, blob->data, 4, st->standard.out.access_time);
+		srv_push_dos_date2(smb_conn, blob->data, 8, st->standard.out.write_time);
+		SIVAL(blob->data,        12, st->standard.out.size);
+		SIVAL(blob->data,        16, st->standard.out.alloc_size);
+		SSVAL(blob->data,        20, st->standard.out.attrib);
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_EA_SIZE:
+		TRANS2_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, 26));
+
+		srv_push_dos_date2(smb_conn, blob->data, 0, st->ea_size.out.create_time);
+		srv_push_dos_date2(smb_conn, blob->data, 4, st->ea_size.out.access_time);
+		srv_push_dos_date2(smb_conn, blob->data, 8, st->ea_size.out.write_time);
+		SIVAL(blob->data,        12, st->ea_size.out.size);
+		SIVAL(blob->data,        16, st->ea_size.out.alloc_size);
+		SSVAL(blob->data,        20, st->ea_size.out.attrib);
+		SIVAL(blob->data,        22, st->ea_size.out.ea_size);
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_EA_LIST:
+		list_size = ea_list_size(st->ea_list.out.num_eas,
+					 st->ea_list.out.eas);
+		TRANS2_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, list_size));
+
+		ea_put_list(blob->data,
+			    st->ea_list.out.num_eas, st->ea_list.out.eas);
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_ALL_EAS:
+		list_size = ea_list_size(st->all_eas.out.num_eas,
+						  st->all_eas.out.eas);
+		TRANS2_CHECK(smbsrv_blob_grow_data(mem_ctx, blob, list_size));
+
+		ea_put_list(blob->data,
+			    st->all_eas.out.num_eas, st->all_eas.out.eas);
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_IS_NAME_VALID:
+		return NT_STATUS_OK;
+
+	case RAW_FILEINFO_BASIC_INFO:
+		passthru_level = RAW_FILEINFO_BASIC_INFORMATION;
+		break;
+
+	case RAW_FILEINFO_STANDARD_INFO:
+		passthru_level = RAW_FILEINFO_STANDARD_INFORMATION;
+		break;
+
+	case RAW_FILEINFO_EA_INFO:
+		passthru_level = RAW_FILEINFO_EA_INFORMATION;
+		break;
+
+	case RAW_FILEINFO_COMPRESSION_INFO:
+		passthru_level = RAW_FILEINFO_COMPRESSION_INFORMATION;
+		break;
+
+	case RAW_FILEINFO_ALL_INFO:
+		passthru_level = RAW_FILEINFO_ALL_INFORMATION;
+		break;
+
+	case RAW_FILEINFO_NAME_INFO:
+		passthru_level = RAW_FILEINFO_NAME_INFORMATION;
+		break;
+
+	case RAW_FILEINFO_ALT_NAME_INFO:
+		passthru_level = RAW_FILEINFO_ALT_NAME_INFORMATION;
+		break;
+
+	case RAW_FILEINFO_STREAM_INFO:
+		passthru_level = RAW_FILEINFO_STREAM_INFORMATION;
+		break;
+
+	default:
+		passthru_level = st->generic.level;
+		break;
+	}
+
+	return smbsrv_push_passthru_fileinfo(mem_ctx, blob,
+					     passthru_level, st,
+					     default_str_flags);
+}
+
+/*
+  fill in the reply from a qpathinfo or qfileinfo call
+*/
+static NTSTATUS trans2_fileinfo_send(struct trans_op *op)
+{
+	struct smbsrv_request *req = op->req;
+	struct smb_trans2 *trans = op->trans;
+	union smb_fileinfo *st;
+
+	TRANS2_CHECK_ASYNC_STATUS(st, union smb_fileinfo);
+
+	TRANS2_CHECK(trans2_setup_reply(trans, 2, 0, 0));
+	SSVAL(trans->out.params.data, 0, 0);
+
+	TRANS2_CHECK(trans2_push_fileinfo(req->smb_conn, trans,
+					  &trans->out.data, st,
+					  SMBSRV_REQ_DEFAULT_STR_FLAGS(req)));
+
+	return NT_STATUS_OK;
+}
+
+/*
+  trans2 qpathinfo implementation
+*/
+static NTSTATUS trans2_qpathinfo(struct smbsrv_request *req, struct trans_op *op)
+{
+	struct smb_trans2 *trans = op->trans;
+	union smb_fileinfo *st;
+	uint16_t level;
+
+	/* make sure we got enough parameters */
+	if (trans->in.params.length < 2) {
+		return NT_STATUS_FOOBAR;
+	}
+
+	st = talloc(op, union smb_fileinfo);
+	NT_STATUS_HAVE_NO_MEMORY(st);
+
+	level = SVAL(trans->in.params.data, 0);
+
+	smbsrv_blob_pull_string(&req->in.bufinfo, &trans->in.params, 6, &st->generic.in.file.path, 0);
+	if (st->generic.in.file.path == NULL) {
+		return NT_STATUS_FOOBAR;
+	}
+
+	/* work out the backend level - we make it 1-1 in the header */
+	st->generic.level = (enum smb_fileinfo_level)level;
+	if (st->generic.level >= RAW_FILEINFO_GENERIC) {
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	if (st->generic.level == RAW_FILEINFO_EA_LIST) {
+		TRANS2_CHECK(ea_pull_name_list(&trans->in.data, req,
+					       &st->ea_list.in.num_names,
+					       &st->ea_list.in.ea_names));
+	}
+
+	op->op_info = st;
+	op->send_fn = trans2_fileinfo_send;
+
+	return ntvfs_qpathinfo(req->ntvfs, st);
+}
+
+
+/*
+  trans2 qpathinfo implementation
+*/
+static NTSTATUS trans2_qfileinfo(struct smbsrv_request *req, struct trans_op *op)
+{
+	struct smb_trans2 *trans = op->trans;
+	union smb_fileinfo *st;
+	uint16_t level;
+	struct ntvfs_handle *h;
+
+	/* make sure we got enough parameters */
+	if (trans->in.params.length < 4) {
+		return NT_STATUS_FOOBAR;
+	}
+
+	st = talloc(op, union smb_fileinfo);
+	NT_STATUS_HAVE_NO_MEMORY(st);
+
+	h     = smbsrv_pull_fnum(req, trans->in.params.data, 0);
+	level = SVAL(trans->in.params.data, 2);
+
+	st->generic.in.file.ntvfs = h;
+	/* work out the backend level - we make it 1-1 in the header */
+	st->generic.level = (enum smb_fileinfo_level)level;
+	if (st->generic.level >= RAW_FILEINFO_GENERIC) {
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	if (st->generic.level == RAW_FILEINFO_EA_LIST) {
+		TRANS2_CHECK(ea_pull_name_list(&trans->in.data, req,
+					       &st->ea_list.in.num_names,
+					       &st->ea_list.in.ea_names));
+	}
+
+	op->op_info = st;
+	op->send_fn = trans2_fileinfo_send;
+
+	SMBSRV_CHECK_FILE_HANDLE_NTSTATUS(st->generic.in.file.ntvfs);
+	return ntvfs_qfileinfo(req->ntvfs, st);
+}
+
+
+/*
+  parse a trans2 setfileinfo/setpathinfo data blob
+*/
+static NTSTATUS trans2_parse_sfileinfo(struct smbsrv_request *req,
+				       union smb_setfileinfo *st,
+				       const DATA_BLOB *blob)
+{
+	enum smb_setfileinfo_level passthru_level;
+
+	switch (st->generic.level) {
+	case RAW_SFILEINFO_GENERIC:
+	case RAW_SFILEINFO_SETATTR:
+	case RAW_SFILEINFO_SETATTRE:
+	case RAW_SFILEINFO_SEC_DESC:
+		/* handled elsewhere */
+		return NT_STATUS_INVALID_LEVEL;
+
+	case RAW_SFILEINFO_STANDARD:
+		CHECK_MIN_BLOB_SIZE(blob, 12);
+
+		st->standard.in.create_time = srv_pull_dos_date2(req->smb_conn, blob->data + 0);
+		st->standard.in.access_time = srv_pull_dos_date2(req->smb_conn, blob->data + 4);
+		st->standard.in.write_time  = srv_pull_dos_date2(req->smb_conn, blob->data + 8);
+
+		return NT_STATUS_OK;
+
+	case RAW_SFILEINFO_EA_SET:
+		return ea_pull_list(blob, req,
+				    &st->ea_set.in.num_eas,
+				    &st->ea_set.in.eas);
+
+	case SMB_SFILEINFO_BASIC_INFO:
+	case SMB_SFILEINFO_BASIC_INFORMATION:
+		passthru_level = SMB_SFILEINFO_BASIC_INFORMATION;
+		break;
+
+	case SMB_SFILEINFO_DISPOSITION_INFO:
+	case SMB_SFILEINFO_DISPOSITION_INFORMATION:
+		passthru_level = SMB_SFILEINFO_DISPOSITION_INFORMATION;
+		break;
+
+	case SMB_SFILEINFO_ALLOCATION_INFO:
+	case SMB_SFILEINFO_ALLOCATION_INFORMATION:
+		passthru_level = SMB_SFILEINFO_ALLOCATION_INFORMATION;
+		break;
+
+	case RAW_SFILEINFO_END_OF_FILE_INFO:
+	case RAW_SFILEINFO_END_OF_FILE_INFORMATION:
+		passthru_level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
+		break;
+
+	case RAW_SFILEINFO_RENAME_INFORMATION:
+	case RAW_SFILEINFO_POSITION_INFORMATION:
+	case RAW_SFILEINFO_MODE_INFORMATION:
+		passthru_level = st->generic.level;
+		break;
+
+	case RAW_SFILEINFO_UNIX_BASIC:
+	case RAW_SFILEINFO_UNIX_LINK:
+	case RAW_SFILEINFO_UNIX_HLINK:
+	case RAW_SFILEINFO_PIPE_INFORMATION:
+	case RAW_SFILEINFO_VALID_DATA_INFORMATION:
+	case RAW_SFILEINFO_SHORT_NAME_INFORMATION:
+	case RAW_SFILEINFO_1025:
+	case RAW_SFILEINFO_1027:
+	case RAW_SFILEINFO_1029:
+	case RAW_SFILEINFO_1030:
+	case RAW_SFILEINFO_1031:
+	case RAW_SFILEINFO_1032:
+	case RAW_SFILEINFO_1036:
+	case RAW_SFILEINFO_1041:
+	case RAW_SFILEINFO_1042:
+	case RAW_SFILEINFO_1043:
+	case RAW_SFILEINFO_1044:
+		return NT_STATUS_INVALID_LEVEL;
+
+	default:
+		/* we need a default here to cope with invalid values on the wire */
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	return smbsrv_pull_passthru_sfileinfo(st, passthru_level, st,
+					      blob, SMBSRV_REQ_DEFAULT_STR_FLAGS(req),
+					      &req->in.bufinfo);
+}
+
+/*
+  trans2 setfileinfo implementation
+*/
+static NTSTATUS trans2_setfileinfo(struct smbsrv_request *req, struct trans_op *op)
+{
+	struct smb_trans2 *trans = op->trans;
+	union smb_setfileinfo *st;
+	uint16_t level;
+	struct ntvfs_handle *h;
+
+	/* make sure we got enough parameters */
+	if (trans->in.params.length < 4) {
+		return NT_STATUS_FOOBAR;
+	}
+
+	st = talloc(op, union smb_setfileinfo);
+	NT_STATUS_HAVE_NO_MEMORY(st);
+
+	h     = smbsrv_pull_fnum(req, trans->in.params.data, 0);
+	level = SVAL(trans->in.params.data, 2);
+
+	st->generic.in.file.ntvfs = h;
+	/* work out the backend level - we make it 1-1 in the header */
+	st->generic.level = (enum smb_setfileinfo_level)level;
+	if (st->generic.level >= RAW_SFILEINFO_GENERIC) {
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	TRANS2_CHECK(trans2_parse_sfileinfo(req, st, &trans->in.data));
+
+	op->op_info = st;
+	op->send_fn = trans2_simple_send;
+
+	SMBSRV_CHECK_FILE_HANDLE_NTSTATUS(st->generic.in.file.ntvfs);
+	return ntvfs_setfileinfo(req->ntvfs, st);
+}
+
+/*
+  trans2 setpathinfo implementation
+*/
+static NTSTATUS trans2_setpathinfo(struct smbsrv_request *req, struct trans_op *op)
+{
+	struct smb_trans2 *trans = op->trans;
+	union smb_setfileinfo *st;
+	uint16_t level;
+
+	/* make sure we got enough parameters */
+	if (trans->in.params.length < 4) {
+		return NT_STATUS_FOOBAR;
+	}
+
+	st = talloc(op, union smb_setfileinfo);
+	NT_STATUS_HAVE_NO_MEMORY(st);
+
+	level = SVAL(trans->in.params.data, 0);
+
+	smbsrv_blob_pull_string(&req->in.bufinfo, &trans->in.params, 6, &st->generic.in.file.path, 0);
+	if (st->generic.in.file.path == NULL) {
+		return NT_STATUS_FOOBAR;
+	}
+
+	/* work out the backend level - we make it 1-1 in the header */
+	st->generic.level = (enum smb_setfileinfo_level)level;
+	if (st->generic.level >= RAW_SFILEINFO_GENERIC) {
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	TRANS2_CHECK(trans2_parse_sfileinfo(req, st, &trans->in.data));
+
+	op->op_info = st;
+	op->send_fn = trans2_simple_send;
+
+	return ntvfs_setpathinfo(req->ntvfs, st);
+}
+
+
+/* a structure to encapsulate the state information about an in-progress ffirst/fnext operation */
+struct find_state {
+	struct trans_op *op;
+	void *search;
+	enum smb_search_data_level data_level;
+	uint16_t last_entry_offset;
+	uint16_t flags;
+};
+
+/*
+  fill a single entry in a trans2 find reply
+*/
+static NTSTATUS find_fill_info(struct find_state *state,
+			       const union smb_search_data *file)
+{
+	struct smbsrv_request *req = state->op->req;
+	struct smb_trans2 *trans = state->op->trans;
+	uint8_t *data;
+	unsigned int ofs = trans->out.data.length;
+	uint32_t ea_size;
+
+	switch (state->data_level) {
+	case RAW_SEARCH_DATA_GENERIC:
+	case RAW_SEARCH_DATA_SEARCH:
+		/* handled elsewhere */
+		return NT_STATUS_INVALID_LEVEL;
+
+	case RAW_SEARCH_DATA_STANDARD:
+		if (state->flags & FLAG_TRANS2_FIND_REQUIRE_RESUME) {
+			TRANS2_CHECK(smbsrv_blob_grow_data(trans, &trans->out.data, ofs + 27));
+			SIVAL(trans->out.data.data, ofs, file->standard.resume_key);
+			ofs += 4;
+		} else {
+			TRANS2_CHECK(smbsrv_blob_grow_data(trans, &trans->out.data, ofs + 23));
+		}
+		data = trans->out.data.data + ofs;
+		srv_push_dos_date2(req->smb_conn, data, 0, file->standard.create_time);
+		srv_push_dos_date2(req->smb_conn, data, 4, file->standard.access_time);
+		srv_push_dos_date2(req->smb_conn, data, 8, file->standard.write_time);
+		SIVAL(data, 12, file->standard.size);
+		SIVAL(data, 16, file->standard.alloc_size);
+		SSVAL(data, 20, file->standard.attrib);
+		TRANS2_CHECK(smbsrv_blob_append_string(trans, &trans->out.data, file->standard.name.s,
+						       ofs + 22, SMBSRV_REQ_DEFAULT_STR_FLAGS(req),
+						       STR_LEN8BIT | STR_TERMINATE | STR_LEN_NOTERM));
+		break;
+
+	case RAW_SEARCH_DATA_EA_SIZE:
+		if (state->flags & FLAG_TRANS2_FIND_REQUIRE_RESUME) {
+			TRANS2_CHECK(smbsrv_blob_grow_data(trans, &trans->out.data, ofs + 31));
+			SIVAL(trans->out.data.data, ofs, file->ea_size.resume_key);
+			ofs += 4;
+		} else {
+			TRANS2_CHECK(smbsrv_blob_grow_data(trans, &trans->out.data, ofs + 27));
+		}
+		data = trans->out.data.data + ofs;
+		srv_push_dos_date2(req->smb_conn, data, 0, file->ea_size.create_time);
+		srv_push_dos_date2(req->smb_conn, data, 4, file->ea_size.access_time);
+		srv_push_dos_date2(req->smb_conn, data, 8, file->ea_size.write_time);
+		SIVAL(data, 12, file->ea_size.size);
+		SIVAL(data, 16, file->ea_size.alloc_size);
+		SSVAL(data, 20, file->ea_size.attrib);
+		SIVAL(data, 22, file->ea_size.ea_size);
+		TRANS2_CHECK(smbsrv_blob_append_string(trans, &trans->out.data, file->ea_size.name.s,
+						       ofs + 26, SMBSRV_REQ_DEFAULT_STR_FLAGS(req),
+						       STR_LEN8BIT | STR_NOALIGN));
+		TRANS2_CHECK(smbsrv_blob_fill_data(trans, &trans->out.data, trans->out.data.length + 1));
+		break;
+
+	case RAW_SEARCH_DATA_EA_LIST:
+		ea_size = ea_list_size(file->ea_list.eas.num_eas, file->ea_list.eas.eas);
+		if (state->flags & FLAG_TRANS2_FIND_REQUIRE_RESUME) {
+			TRANS2_CHECK(smbsrv_blob_grow_data(trans, &trans->out.data, ofs + 27 + ea_size));
+			SIVAL(trans->out.data.data, ofs, file->ea_list.resume_key);
+			ofs += 4;
+		} else {
+			TRANS2_CHECK(smbsrv_blob_grow_data(trans, &trans->out.data, ofs + 23 + ea_size));
+		}
+		data = trans->out.data.data + ofs;
+		srv_push_dos_date2(req->smb_conn, data, 0, file->ea_list.create_time);
+		srv_push_dos_date2(req->smb_conn, data, 4, file->ea_list.access_time);
+		srv_push_dos_date2(req->smb_conn, data, 8, file->ea_list.write_time);
+		SIVAL(data, 12, file->ea_list.size);
+		SIVAL(data, 16, file->ea_list.alloc_size);
+		SSVAL(data, 20, file->ea_list.attrib);
+		ea_put_list(data+22, file->ea_list.eas.num_eas, file->ea_list.eas.eas);
+		TRANS2_CHECK(smbsrv_blob_append_string(trans, &trans->out.data, file->ea_list.name.s,
+						       ofs + 22 + ea_size, SMBSRV_REQ_DEFAULT_STR_FLAGS(req),
+						       STR_LEN8BIT | STR_NOALIGN));
+		TRANS2_CHECK(smbsrv_blob_fill_data(trans, &trans->out.data, trans->out.data.length + 1));
+		break;
+
+	case RAW_SEARCH_DATA_DIRECTORY_INFO:
+	case RAW_SEARCH_DATA_FULL_DIRECTORY_INFO:
+	case RAW_SEARCH_DATA_NAME_INFO:
+	case RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO:
+	case RAW_SEARCH_DATA_ID_FULL_DIRECTORY_INFO:
+	case RAW_SEARCH_DATA_ID_BOTH_DIRECTORY_INFO:
+		return smbsrv_push_passthru_search(trans, &trans->out.data, state->data_level, file,
+						   SMBSRV_REQ_DEFAULT_STR_FLAGS(req));
+
+	case RAW_SEARCH_DATA_UNIX_INFO:
+	case RAW_SEARCH_DATA_UNIX_INFO2:
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/* callback function for trans2 findfirst/findnext */
+static bool find_callback(void *private_data, const union smb_search_data *file)
+{
+	struct find_state *state = talloc_get_type(private_data, struct find_state);
+	struct smb_trans2 *trans = state->op->trans;
+	unsigned int old_length;
+
+	old_length = trans->out.data.length;
+
+	if (!NT_STATUS_IS_OK(find_fill_info(state, file)) ||
+	    trans->out.data.length > trans->in.max_data) {
+		/* restore the old length and tell the backend to stop */
+		smbsrv_blob_grow_data(trans, &trans->out.data, old_length);
+		return false;
+	}
+
+	state->last_entry_offset = old_length;	
+	return true;
+}
+
+/*
+  trans2 findfirst send
+ */
+static NTSTATUS trans2_findfirst_send(struct trans_op *op)
+{
+	struct smbsrv_request *req = op->req;
+	struct smb_trans2 *trans = op->trans;
+	union smb_search_first *search;
+	struct find_state *state;
+	uint8_t *param;
+
+	TRANS2_CHECK_ASYNC_STATUS(state, struct find_state);
+	search = talloc_get_type(state->search, union smb_search_first);
+
+	/* fill in the findfirst reply header */
+	param = trans->out.params.data;
+	SSVAL(param, VWV(0), search->t2ffirst.out.handle);
+	SSVAL(param, VWV(1), search->t2ffirst.out.count);
+	SSVAL(param, VWV(2), search->t2ffirst.out.end_of_search);
+	SSVAL(param, VWV(3), 0);
+	SSVAL(param, VWV(4), state->last_entry_offset);
+
+	return NT_STATUS_OK;
+}
+
+/*
+  trans2 getdfsreferral implementation
+*/
+static NTSTATUS trans2_getdfsreferral(struct smbsrv_request *req,
+				      struct trans_op *op)
+{
+	enum ndr_err_code ndr_err;
+	struct smb_trans2 *trans = op->trans;
+	struct ldb_context *ldb;
+	struct loadparm_context *lp_ctx;
+	NTSTATUS status;
+	struct dfs_GetDFSReferral *r;
+	DATA_BLOB outblob = data_blob_null;
+	uint16_t nb_referrals = 0;
+
+	lp_ctx = req->tcon->ntvfs->lp_ctx;
+	if (!lpcfg_host_msdfs(lp_ctx)) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	r = talloc_zero(req, struct dfs_GetDFSReferral);
+	NT_STATUS_HAVE_NO_MEMORY(r);
+
+	ldb = samdb_connect(r,
+			    req->tcon->ntvfs->event_ctx,
+			    lp_ctx,
+			    system_session(lp_ctx),
+			    NULL,
+			    0);
+	if (ldb == NULL) {
+		DEBUG(2,(__location__ ": Failed to open samdb\n"));
+		talloc_free(r);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	ndr_err = ndr_pull_struct_blob(&trans->in.params, r,
+				       &r->in.req,
+				       (ndr_pull_flags_fn_t)ndr_pull_dfs_GetDFSReferral_in);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		status = ndr_map_error2ntstatus(ndr_err);
+		DEBUG(2,(__location__ ": Failed to parse GetDFSReferral_in - %s\n",
+			 nt_errstr(status)));
+		talloc_free(r);
+		return status;
+	}
+
+	DEBUG(8, ("Requested DFS name: %s length: %u\n",
+		   r->in.req.servername,
+		   (unsigned int)strlen_m(r->in.req.servername)*2));
+
+	status = dfs_server_ad_get_referrals(lp_ctx, ldb,
+				req->smb_conn->connection->remote_address, r);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(r);
+		return status;
+	}
+
+	ndr_err = ndr_push_struct_blob(&outblob, trans,
+				r->out.resp,
+				(ndr_push_flags_fn_t)ndr_push_dfs_referral_resp);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		DEBUG(2,(__location__ ":NDR marshalling of domain referral response failed\n"));
+		talloc_free(r);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	nb_referrals = r->out.resp->nb_referrals;
+
+	if (outblob.length > trans->in.max_data) {
+		bool ok = false;
+
+		DEBUG(3, ("Blob is too big for the output buffer "
+			  "size %u max %u\n",
+			  (unsigned int)outblob.length, trans->in.max_data));
+
+		if (trans->in.max_data != MAX_DFS_RESPONSE) {
+			/* As specified in MS-DFSC.pdf 3.3.5.2 */
+			talloc_free(r);
+			return STATUS_BUFFER_OVERFLOW;
+		}
+
+		/*
+		 * The answer is too big, so let's remove some answers
+		 */
+		while (!ok && r->out.resp->nb_referrals > 2) {
+			data_blob_free(&outblob);
+
+			/*
+			 * Let's scrap the last referral (for now)
+			 */
+			r->out.resp->nb_referrals -= 1;
+
+			ndr_err = ndr_push_struct_blob(&outblob, trans,
+				r->out.resp,
+				(ndr_push_flags_fn_t)ndr_push_dfs_referral_resp);
+			if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+				talloc_free(r);
+				return NT_STATUS_INTERNAL_ERROR;
+			}
+
+			if (outblob.length <= MAX_DFS_RESPONSE) {
+				DEBUG(10,("DFS: managed to reduce the size of referral initial "
+					  "number of referral %d, actual count: %d\n",
+					  nb_referrals, r->out.resp->nb_referrals));
+				ok = true;
+				break;
+			}
+		}
+
+		if (!ok && r->out.resp->nb_referrals <= 2) {
+			DEBUG(8, (__location__ "; Not able to fit the domain and realm in DFS a "
+				  " 56K buffer, something must be broken\n"));
+			talloc_free(r);
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+	}
+
+	TRANS2_CHECK(trans2_setup_reply(trans, 0, outblob.length, 0));
+
+	trans->out.data = outblob;
+	talloc_free(r);
+	return NT_STATUS_OK;
+}
+
+/*
+  trans2 findfirst implementation
+*/
+static NTSTATUS trans2_findfirst(struct smbsrv_request *req, struct trans_op *op)
+{
+	struct smb_trans2 *trans = op->trans;
+	union smb_search_first *search;
+	uint16_t level;
+	struct find_state *state;
+
+	/* make sure we got all the parameters */
+	if (trans->in.params.length < 14) {
+		return NT_STATUS_FOOBAR;
+	}
+
+	search = talloc(op, union smb_search_first);
+	NT_STATUS_HAVE_NO_MEMORY(search);
+
+	search->t2ffirst.in.search_attrib = SVAL(trans->in.params.data, 0);
+	search->t2ffirst.in.max_count     = SVAL(trans->in.params.data, 2);
+	search->t2ffirst.in.flags         = SVAL(trans->in.params.data, 4);
+	level                             = SVAL(trans->in.params.data, 6);
+	search->t2ffirst.in.storage_type  = IVAL(trans->in.params.data, 8);
+
+	smbsrv_blob_pull_string(&req->in.bufinfo, &trans->in.params, 12, &search->t2ffirst.in.pattern, 0);
+	if (search->t2ffirst.in.pattern == NULL) {
+		return NT_STATUS_FOOBAR;
+	}
+
+	search->t2ffirst.level = RAW_SEARCH_TRANS2;
+	search->t2ffirst.data_level = (enum smb_search_data_level)level;
+	if (search->t2ffirst.data_level >= RAW_SEARCH_DATA_GENERIC) {
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	if (search->t2ffirst.data_level == RAW_SEARCH_DATA_EA_LIST) {
+		TRANS2_CHECK(ea_pull_name_list(&trans->in.data, req,
+					       &search->t2ffirst.in.num_names,
+					       &search->t2ffirst.in.ea_names));
+	}
+
+	/* setup the private state structure that the backend will
+	   give us in the callback */
+	state = talloc(op, struct find_state);
+	NT_STATUS_HAVE_NO_MEMORY(state);
+	state->op		= op;
+	state->search		= search;
+	state->data_level	= search->t2ffirst.data_level;
+	state->last_entry_offset= 0;
+	state->flags		= search->t2ffirst.in.flags;
+
+	/* setup for just a header in the reply */
+	TRANS2_CHECK(trans2_setup_reply(trans, 10, 0, 0));
+
+	op->op_info = state;
+	op->send_fn = trans2_findfirst_send;
+
+	return ntvfs_search_first(req->ntvfs, search, state, find_callback);
+}
+
+
+/*
+  trans2 findnext send
+*/
+static NTSTATUS trans2_findnext_send(struct trans_op *op)
+{
+	struct smbsrv_request *req = op->req;
+	struct smb_trans2 *trans = op->trans;
+	union smb_search_next *search;
+	struct find_state *state;
+	uint8_t *param;
+
+	TRANS2_CHECK_ASYNC_STATUS(state, struct find_state);
+	search = talloc_get_type(state->search, union smb_search_next);
+
+	/* fill in the findfirst reply header */
+	param = trans->out.params.data;
+	SSVAL(param, VWV(0), search->t2fnext.out.count);
+	SSVAL(param, VWV(1), search->t2fnext.out.end_of_search);
+	SSVAL(param, VWV(2), 0);
+	SSVAL(param, VWV(3), state->last_entry_offset);
+	
+	return NT_STATUS_OK;
+}
+
+
+/*
+  trans2 findnext implementation
+*/
+static NTSTATUS trans2_findnext(struct smbsrv_request *req, struct trans_op *op)
+{
+	struct smb_trans2 *trans = op->trans;
+	union smb_search_next *search;
+	uint16_t level;
+	struct find_state *state;
+
+	/* make sure we got all the parameters */
+	if (trans->in.params.length < 12) {
+		return NT_STATUS_FOOBAR;
+	}
+
+	search = talloc(op, union smb_search_next);
+	NT_STATUS_HAVE_NO_MEMORY(search);
+
+	search->t2fnext.in.handle        = SVAL(trans->in.params.data, 0);
+	search->t2fnext.in.max_count     = SVAL(trans->in.params.data, 2);
+	level                            = SVAL(trans->in.params.data, 4);
+	search->t2fnext.in.resume_key    = IVAL(trans->in.params.data, 6);
+	search->t2fnext.in.flags         = SVAL(trans->in.params.data, 10);
+
+	smbsrv_blob_pull_string(&req->in.bufinfo, &trans->in.params, 12, &search->t2fnext.in.last_name, 0);
+	if (search->t2fnext.in.last_name == NULL) {
+		return NT_STATUS_FOOBAR;
+	}
+
+	search->t2fnext.level = RAW_SEARCH_TRANS2;
+	search->t2fnext.data_level = (enum smb_search_data_level)level;
+	if (search->t2fnext.data_level >= RAW_SEARCH_DATA_GENERIC) {
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	if (search->t2fnext.data_level == RAW_SEARCH_DATA_EA_LIST) {
+		TRANS2_CHECK(ea_pull_name_list(&trans->in.data, req,
+					       &search->t2fnext.in.num_names,
+					       &search->t2fnext.in.ea_names));
+	}
+
+	/* setup the private state structure that the backend will give us in the callback */
+	state = talloc(op, struct find_state);
+	NT_STATUS_HAVE_NO_MEMORY(state);
+	state->op		= op;
+	state->search		= search;
+	state->data_level	= search->t2fnext.data_level;
+	state->last_entry_offset= 0;
+	state->flags		= search->t2fnext.in.flags;
+
+	/* setup for just a header in the reply */
+	TRANS2_CHECK(trans2_setup_reply(trans, 8, 0, 0));
+
+	op->op_info = state;
+	op->send_fn = trans2_findnext_send;
+
+	return ntvfs_search_next(req->ntvfs, search, state, find_callback);
+}
+
+
+/*
+  backend for trans2 requests
+*/
+static NTSTATUS trans2_backend(struct smbsrv_request *req, struct trans_op *op)
+{
+	struct smb_trans2 *trans = op->trans;
+	NTSTATUS status;
+
+	/* direct trans2 pass thru */
+	status = ntvfs_trans2(req->ntvfs, trans);
+	if (!NT_STATUS_EQUAL(NT_STATUS_NOT_IMPLEMENTED, status)) {
+		return status;
+	}
+
+	/* must have at least one setup word */
+	if (trans->in.setup_count < 1) {
+		return NT_STATUS_FOOBAR;
+	}
+
+	/* the trans2 command is in setup[0] */
+	switch (trans->in.setup[0]) {
+	case TRANSACT2_GET_DFS_REFERRAL:
+		return trans2_getdfsreferral(req, op);
+	case TRANSACT2_FINDFIRST:
+		return trans2_findfirst(req, op);
+	case TRANSACT2_FINDNEXT:
+		return trans2_findnext(req, op);
+	case TRANSACT2_QPATHINFO:
+		return trans2_qpathinfo(req, op);
+	case TRANSACT2_QFILEINFO:
+		return trans2_qfileinfo(req, op);
+	case TRANSACT2_SETFILEINFO:
+		return trans2_setfileinfo(req, op);
+	case TRANSACT2_SETPATHINFO:
+		return trans2_setpathinfo(req, op);
+	case TRANSACT2_QFSINFO:
+		return trans2_qfsinfo(req, op);
+	case TRANSACT2_OPEN:
+		return trans2_open(req, op);
+	case TRANSACT2_MKDIR:
+		return trans2_mkdir(req, op);
+	}
+
+	/* an unknown trans2 command */
+	return NT_STATUS_FOOBAR;
+}
+
+int smbsrv_trans_partial_destructor(struct smbsrv_trans_partial *tp)
+{
+	DLIST_REMOVE(tp->req->smb_conn->trans_partial, tp);
+	return 0;
+}
+
+
+/*
+  send a continue request
+*/
+static void reply_trans_continue(struct smbsrv_request *req, uint8_t command,
+				 struct smb_trans2 *trans)
+{
+	struct smbsrv_request *req2;
+	struct smbsrv_trans_partial *tp;
+	int count;
+
+	/* make sure they don't flood us */
+	for (count=0,tp=req->smb_conn->trans_partial;tp;tp=tp->next) count++;
+	if (count > 100) {
+		smbsrv_send_error(req, NT_STATUS_INSUFFICIENT_RESOURCES);
+		return;
+	}
+
+	tp = talloc(req, struct smbsrv_trans_partial);
+
+	tp->req = req;
+	tp->u.trans = trans;
+	tp->command = command;
+
+	DLIST_ADD(req->smb_conn->trans_partial, tp);
+	talloc_set_destructor(tp, smbsrv_trans_partial_destructor);
+
+	req2 = smbsrv_setup_secondary_request(req);
+
+	/* send a 'please continue' reply */
+	smbsrv_setup_reply(req2, 0, 0);
+	smbsrv_send_reply(req2);
+}
+
+
+/*
+  answer a reconstructed trans request
+*/
+static void reply_trans_send(struct ntvfs_request *ntvfs)
+{
+	struct smbsrv_request *req;
+	struct trans_op *op;
+	struct smb_trans2 *trans;
+	uint16_t params_left, data_left;
+	uint8_t *params, *data;
+	int i;
+
+	SMBSRV_CHECK_ASYNC_STATUS_ERR(op, struct trans_op);
+	trans = op->trans;
+
+	/* if this function needs work to form the nttrans reply buffer, then
+	   call that now */
+	if (op->send_fn != NULL) {
+		NTSTATUS status;
+		status = op->send_fn(op);
+		if (!NT_STATUS_IS_OK(status)) {
+			smbsrv_send_error(req, status);
+			return;
+		}
+	}
+
+	params_left = trans->out.params.length;
+	data_left   = trans->out.data.length;
+	params      = trans->out.params.data;
+	data        = trans->out.data.data;
+
+	smbsrv_setup_reply(req, 10 + trans->out.setup_count, 0);
+
+	if (!NT_STATUS_IS_OK(req->ntvfs->async_states->status)) {
+		smbsrv_setup_error(req, req->ntvfs->async_states->status);
+	}
+
+	/* we need to divide up the reply into chunks that fit into
+	   the negotiated buffer size */
+	do {
+		uint16_t this_data, this_param, max_bytes;
+		unsigned int align1 = 1, align2 = (params_left ? 2 : 0);
+		struct smbsrv_request *this_req;
+
+		max_bytes = req_max_data(req) - (align1 + align2);
+
+		this_param = params_left;
+		if (this_param > max_bytes) {
+			this_param = max_bytes;
+		}
+		max_bytes -= this_param;
+
+		this_data = data_left;
+		if (this_data > max_bytes) {
+			this_data = max_bytes;
+		}
+
+		/* don't destroy unless this is the last chunk */
+		if (params_left - this_param != 0 ||
+		    data_left - this_data != 0) {
+			this_req = smbsrv_setup_secondary_request(req);
+		} else {
+			this_req = req;
+		}
+
+		req_grow_data(this_req, this_param + this_data + (align1 + align2));
+
+		SSVAL(this_req->out.vwv, VWV(0), trans->out.params.length);
+		SSVAL(this_req->out.vwv, VWV(1), trans->out.data.length);
+		SSVAL(this_req->out.vwv, VWV(2), 0);
+
+		SSVAL(this_req->out.vwv, VWV(3), this_param);
+		SSVAL(this_req->out.vwv, VWV(4), align1 + PTR_DIFF(this_req->out.data, this_req->out.hdr));
+		SSVAL(this_req->out.vwv, VWV(5), PTR_DIFF(params, trans->out.params.data));
+
+		SSVAL(this_req->out.vwv, VWV(6), this_data);
+		SSVAL(this_req->out.vwv, VWV(7), align1 + align2 +
+		      PTR_DIFF(this_req->out.data + this_param, this_req->out.hdr));
+		SSVAL(this_req->out.vwv, VWV(8), PTR_DIFF(data, trans->out.data.data));
+
+		SCVAL(this_req->out.vwv, VWV(9), trans->out.setup_count);
+		SCVAL(this_req->out.vwv, VWV(9)+1, 0); /* reserved */
+		for (i=0;i<trans->out.setup_count;i++) {
+			SSVAL(this_req->out.vwv, VWV(10+i), trans->out.setup[i]);
+		}
+
+		memset(this_req->out.data, 0, align1);
+		if (this_param != 0) {
+			memcpy(this_req->out.data + align1, params, this_param);
+		}
+		memset(this_req->out.data+this_param+align1, 0, align2);
+		if (this_data != 0) {
+			memcpy(this_req->out.data+this_param+align1+align2, data, this_data);
+		}
+
+		params_left -= this_param;
+		data_left -= this_data;
+		params += this_param;
+		data += this_data;
+
+		smbsrv_send_reply(this_req);
+	} while (params_left != 0 || data_left != 0);
+}
+
+
+/*
+  answer a reconstructed trans request
+*/
+static void reply_trans_complete(struct smbsrv_request *req, uint8_t command,
+				 struct smb_trans2 *trans)
+{
+	struct trans_op *op;
+
+	SMBSRV_TALLOC_IO_PTR(op, struct trans_op);
+	SMBSRV_SETUP_NTVFS_REQUEST(reply_trans_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	op->req		= req;
+	op->trans	= trans;
+	op->command	= command;
+	op->op_info	= NULL;
+	op->send_fn	= NULL;
+
+	/* its a full request, give it to the backend */
+	if (command == SMBtrans) {
+		SMBSRV_CALL_NTVFS_BACKEND(ntvfs_trans(req->ntvfs, trans));
+		return;
+	} else {
+		SMBSRV_CALL_NTVFS_BACKEND(trans2_backend(req, op));
+		return;
+	}
+}
+
+/*
+  Reply to an SMBtrans or SMBtrans2 request
+*/
+static void reply_trans_generic(struct smbsrv_request *req, uint8_t command)
+{
+	struct smb_trans2 *trans;
+	int i;
+	uint16_t param_ofs, data_ofs;
+	uint16_t param_count, data_count;
+	uint16_t param_total, data_total;
+
+	/* parse request */
+	if (req->in.wct < 14) {
+		smbsrv_send_error(req, NT_STATUS_INVALID_PARAMETER);
+		return;
+	}
+
+	trans = talloc(req, struct smb_trans2);
+	if (trans == NULL) {
+		smbsrv_send_error(req, NT_STATUS_NO_MEMORY);
+		return;
+	}
+
+	param_total           = SVAL(req->in.vwv, VWV(0));
+	data_total            = SVAL(req->in.vwv, VWV(1));
+	trans->in.max_param   = SVAL(req->in.vwv, VWV(2));
+	trans->in.max_data    = SVAL(req->in.vwv, VWV(3));
+	trans->in.max_setup   = CVAL(req->in.vwv, VWV(4));
+	trans->in.flags       = SVAL(req->in.vwv, VWV(5));
+	trans->in.timeout     = IVAL(req->in.vwv, VWV(6));
+	param_count           = SVAL(req->in.vwv, VWV(9));
+	param_ofs             = SVAL(req->in.vwv, VWV(10));
+	data_count            = SVAL(req->in.vwv, VWV(11));
+	data_ofs              = SVAL(req->in.vwv, VWV(12));
+	trans->in.setup_count = CVAL(req->in.vwv, VWV(13));
+
+	if (req->in.wct != 14 + trans->in.setup_count) {
+		smbsrv_send_error(req, NT_STATUS_DOS(ERRSRV, ERRerror));
+		return;
+	}
+
+	/* parse out the setup words */
+	trans->in.setup = talloc_array(trans, uint16_t, trans->in.setup_count);
+	if (trans->in.setup_count && !trans->in.setup) {
+		smbsrv_send_error(req, NT_STATUS_NO_MEMORY);
+		return;
+	}
+	for (i=0;i<trans->in.setup_count;i++) {
+		trans->in.setup[i] = SVAL(req->in.vwv, VWV(14+i));
+	}
+
+	if (command == SMBtrans) {
+		req_pull_string(&req->in.bufinfo, &trans->in.trans_name, req->in.data, -1, STR_TERMINATE);
+	}
+
+	if (!req_pull_blob(&req->in.bufinfo, req->in.hdr + param_ofs, param_count, &trans->in.params) ||
+	    !req_pull_blob(&req->in.bufinfo, req->in.hdr + data_ofs, data_count, &trans->in.data)) {
+		smbsrv_send_error(req, NT_STATUS_FOOBAR);
+		return;
+	}
+
+	/* is it a partial request? if so, then send a 'send more' message */
+	if (param_total > param_count || data_total > data_count) {
+		reply_trans_continue(req, command, trans);
+		return;
+	}
+
+	reply_trans_complete(req, command, trans);
+}
+
+
+/*
+  Reply to an SMBtranss2 request
+*/
+static void reply_transs_generic(struct smbsrv_request *req, uint8_t command)
+{
+	struct smbsrv_trans_partial *tp;
+	struct smb_trans2 *trans = NULL;
+	uint16_t param_ofs, data_ofs;
+	uint16_t param_count, data_count;
+	uint16_t param_disp, data_disp;
+	uint16_t param_total, data_total;
+	DATA_BLOB params, data;
+	uint8_t wct;
+
+	if (command == SMBtrans2) {
+		wct = 9;
+	} else {
+		wct = 8;
+	}
+
+	/* parse request */
+	if (req->in.wct != wct) {
+		/*
+		 * TODO: add some error code tests
+		 *       w2k3 returns NT_STATUS_DOS(ERRSRV, ERRerror) here
+		 */
+		smbsrv_send_error(req, NT_STATUS_INVALID_PARAMETER);
+		return;
+	}
+
+	for (tp=req->smb_conn->trans_partial;tp;tp=tp->next) {
+		if (tp->command == command &&
+		    SVAL(tp->req->in.hdr, HDR_MID) == SVAL(req->in.hdr, HDR_MID)) {
+/* TODO: check the VUID, PID and TID too? */
+			break;
+		}
+	}
+
+	if (tp == NULL) {
+		smbsrv_send_error(req, NT_STATUS_INVALID_PARAMETER);
+		return;
+	}
+
+	trans = tp->u.trans;
+
+	param_total           = SVAL(req->in.vwv, VWV(0));
+	data_total            = SVAL(req->in.vwv, VWV(1));
+	param_count           = SVAL(req->in.vwv, VWV(2));
+	param_ofs             = SVAL(req->in.vwv, VWV(3));
+	param_disp            = SVAL(req->in.vwv, VWV(4));
+	data_count            = SVAL(req->in.vwv, VWV(5));
+	data_ofs              = SVAL(req->in.vwv, VWV(6));
+	data_disp             = SVAL(req->in.vwv, VWV(7));
+
+	if (!req_pull_blob(&req->in.bufinfo, req->in.hdr + param_ofs, param_count, &params) ||
+	    !req_pull_blob(&req->in.bufinfo, req->in.hdr + data_ofs, data_count, &data)) {
+		smbsrv_send_error(req, NT_STATUS_INVALID_PARAMETER);
+		return;
+	}
+
+	/* only allow contiguous requests */
+	if ((param_count != 0 &&
+	     param_disp != trans->in.params.length) ||
+	    (data_count != 0 &&
+	     data_disp != trans->in.data.length)) {
+		smbsrv_send_error(req, NT_STATUS_INVALID_PARAMETER);
+		return;		
+	}
+
+	/* add to the existing request */
+	if (param_count != 0) {
+		trans->in.params.data = talloc_realloc(trans,
+							 trans->in.params.data,
+							 uint8_t,
+							 param_disp + param_count);
+		if (trans->in.params.data == NULL) {
+			smbsrv_send_error(tp->req, NT_STATUS_NO_MEMORY);
+			return;
+		}
+		trans->in.params.length = param_disp + param_count;
+	}
+
+	if (data_count != 0) {
+		trans->in.data.data = talloc_realloc(trans,
+						       trans->in.data.data,
+						       uint8_t,
+						       data_disp + data_count);
+		if (trans->in.data.data == NULL) {
+			smbsrv_send_error(tp->req, NT_STATUS_NO_MEMORY);
+			return;
+		}
+		trans->in.data.length = data_disp + data_count;
+	}
+
+	memcpy(trans->in.params.data + param_disp, params.data, params.length);
+	memcpy(trans->in.data.data + data_disp, data.data, data.length);
+
+	/* the sequence number of the reply is taken from the last secondary
+	   response */
+	tp->req->seq_num = req->seq_num;
+
+	/* we don't reply to Transs2 requests */
+	talloc_free(req);
+
+	if (trans->in.params.length == param_total &&
+	    trans->in.data.length == data_total) {
+		/* its now complete */
+		req = tp->req;
+		talloc_free(tp);
+		reply_trans_complete(req, command, trans);
+	}
+	return;
+}
+
+
+/*
+  Reply to an SMBtrans2
+*/
+void smbsrv_reply_trans2(struct smbsrv_request *req)
+{
+	reply_trans_generic(req, SMBtrans2);
+}
+
+/*
+  Reply to an SMBtrans
+*/
+void smbsrv_reply_trans(struct smbsrv_request *req)
+{
+	reply_trans_generic(req, SMBtrans);
+}
+
+/*
+  Reply to an SMBtranss request
+*/
+void smbsrv_reply_transs(struct smbsrv_request *req)
+{
+	reply_transs_generic(req, SMBtrans);
+}
+
+/*
+  Reply to an SMBtranss2 request
+*/
+void smbsrv_reply_transs2(struct smbsrv_request *req)
+{
+	reply_transs_generic(req, SMBtrans2);
+}
diff --git a/source4/smb_server/smb/wscript_build b/source4/smb_server/smb/wscript_build
new file mode 100644
index 0000000..3e3df21
--- /dev/null
+++ b/source4/smb_server/smb/wscript_build
@@ -0,0 +1,10 @@
+#!/usr/bin/env python
+
+bld.SAMBA_SUBSYSTEM('SMB_PROTOCOL',
+	source='receive.c negprot.c nttrans.c reply.c request.c search.c service.c sesssetup.c srvtime.c trans2.c signing.c',
+	autoproto='smb_proto.h',
+	deps='dfs_server_ad',
+	public_deps='ntvfs LIBPACKET samba-credentials samba_server_gensec',
+	enabled=bld.CONFIG_SET('WITH_NTVFS_FILESERVER')
+	)
+
diff --git a/source4/smb_server/smb2/fileinfo.c b/source4/smb_server/smb2/fileinfo.c
new file mode 100644
index 0000000..a90c41a
--- /dev/null
+++ b/source4/smb_server/smb2/fileinfo.c
@@ -0,0 +1,377 @@
+/* 
+   Unix SMB2 implementation.
+   
+   Copyright (C) Stefan Metzmacher	2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "smb_server/smb_server.h"
+#include "smb_server/smb2/smb2_server.h"
+#include "ntvfs/ntvfs.h"
+#include "librpc/gen_ndr/ndr_security.h"
+
+struct smb2srv_getinfo_op {
+	struct smb2srv_request *req;
+	struct smb2_getinfo *info;
+	void *io_ptr;
+	NTSTATUS (*send_fn)(struct smb2srv_getinfo_op *op);
+};
+
+static void smb2srv_getinfo_send(struct ntvfs_request *ntvfs)
+{
+	struct smb2srv_getinfo_op *op;
+	struct smb2srv_request *req;
+
+	/*
+	 * SMB2 uses NT_STATUS_INVALID_INFO_CLASS
+	 * so we need to translated it here
+	 */
+	if (NT_STATUS_EQUAL(NT_STATUS_INVALID_LEVEL, ntvfs->async_states->status)) {
+		ntvfs->async_states->status = NT_STATUS_INVALID_INFO_CLASS;
+	}
+
+	SMB2SRV_CHECK_ASYNC_STATUS(op, struct smb2srv_getinfo_op);
+
+	ZERO_STRUCT(op->info->out);
+	if (op->send_fn) {
+		SMB2SRV_CHECK(op->send_fn(op));
+	}
+
+	if (op->info->in.output_buffer_length < op->info->out.blob.length) {
+		smb2srv_send_error(req,  NT_STATUS_INFO_LENGTH_MISMATCH);
+		return;
+	}
+
+	SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x08, true, op->info->out.blob.length));
+
+	SMB2SRV_CHECK(smb2_push_o16s32_blob(&req->out, 0x02, op->info->out.blob));
+	SSVAL(req->out.body,	0x06,	0);
+
+	smb2srv_send_reply(req);
+}
+
+static NTSTATUS smb2srv_getinfo_file_send(struct smb2srv_getinfo_op *op)
+{
+	union smb_fileinfo *io = talloc_get_type(op->io_ptr, union smb_fileinfo);
+	NTSTATUS status;
+
+	status = smbsrv_push_passthru_fileinfo(op->req,
+					       &op->info->out.blob,
+					       io->generic.level, io,
+					       STR_UNICODE);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS smb2srv_getinfo_file(struct smb2srv_getinfo_op *op, uint8_t smb2_level)
+{
+	union smb_fileinfo *io;
+	uint16_t level;
+
+	io = talloc(op, union smb_fileinfo);
+	NT_STATUS_HAVE_NO_MEMORY(io);
+
+	level = op->info->in.info_type | (op->info->in.info_class << 8);
+	switch (level) {
+	case RAW_FILEINFO_SMB2_ALL_EAS:
+		io->all_eas.level		= level;
+		io->all_eas.in.file.ntvfs	= op->info->in.file.ntvfs;
+		io->all_eas.in.continue_flags	= op->info->in.getinfo_flags;
+		break;
+
+	case RAW_FILEINFO_SMB2_ALL_INFORMATION:
+		io->all_info2.level		= level;
+		io->all_info2.in.file.ntvfs	= op->info->in.file.ntvfs;
+		break;
+
+	default:
+		/* the rest directly maps to the passthru levels */
+		io->generic.level		= smb2_level + 1000;
+		io->generic.in.file.ntvfs	= op->info->in.file.ntvfs;
+		break;
+	}
+
+	op->io_ptr	= io;
+	op->send_fn	= smb2srv_getinfo_file_send;
+
+	return ntvfs_qfileinfo(op->req->ntvfs, io);
+}
+
+static NTSTATUS smb2srv_getinfo_fs_send(struct smb2srv_getinfo_op *op)
+{
+	union smb_fsinfo *io = talloc_get_type(op->io_ptr, union smb_fsinfo);
+	NTSTATUS status;
+
+	status = smbsrv_push_passthru_fsinfo(op->req,
+					     &op->info->out.blob,
+					     io->generic.level, io,
+					     STR_UNICODE);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS smb2srv_getinfo_fs(struct smb2srv_getinfo_op *op, uint8_t smb2_level)
+{
+	union smb_fsinfo *io;
+
+	io = talloc(op, union smb_fsinfo);
+	NT_STATUS_HAVE_NO_MEMORY(io);
+
+	/* the rest directly maps to the passthru levels */
+	io->generic.level	= smb2_level + 1000;
+
+	/* TODO: allow qfsinfo only the share root directory handle */
+
+	op->io_ptr	= io;
+	op->send_fn	= smb2srv_getinfo_fs_send;
+
+	return ntvfs_fsinfo(op->req->ntvfs, io);
+}
+
+static NTSTATUS smb2srv_getinfo_security_send(struct smb2srv_getinfo_op *op)
+{
+	union smb_fileinfo *io = talloc_get_type(op->io_ptr, union smb_fileinfo);
+	enum ndr_err_code ndr_err;
+
+	ndr_err = ndr_push_struct_blob(&op->info->out.blob, op->req, 
+				       io->query_secdesc.out.sd,
+				       (ndr_push_flags_fn_t)ndr_push_security_descriptor);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS smb2srv_getinfo_security(struct smb2srv_getinfo_op *op, uint8_t smb2_level)
+{
+	union smb_fileinfo *io;
+
+	switch (smb2_level) {
+	case 0x00:
+		io = talloc(op, union smb_fileinfo);
+		NT_STATUS_HAVE_NO_MEMORY(io);
+
+		io->query_secdesc.level			= RAW_FILEINFO_SEC_DESC;
+		io->query_secdesc.in.file.ntvfs		= op->info->in.file.ntvfs;
+		io->query_secdesc.in.secinfo_flags	= op->info->in.additional_information;
+
+		op->io_ptr	= io;
+		op->send_fn	= smb2srv_getinfo_security_send;
+
+		return ntvfs_qfileinfo(op->req->ntvfs, io);
+	}
+
+	return NT_STATUS_INVALID_PARAMETER;
+}
+
+static NTSTATUS smb2srv_getinfo_backend(struct smb2srv_getinfo_op *op)
+{
+	switch (op->info->in.info_type) {
+	case SMB2_0_INFO_FILE:
+		return smb2srv_getinfo_file(op, op->info->in.info_class);
+
+	case SMB2_0_INFO_FILESYSTEM:
+		return smb2srv_getinfo_fs(op, op->info->in.info_class);
+
+	case SMB2_0_INFO_SECURITY:
+		return smb2srv_getinfo_security(op, op->info->in.info_class);
+
+	case SMB2_0_INFO_QUOTA:
+		return NT_STATUS_NOT_SUPPORTED;
+	}
+
+	return NT_STATUS_INVALID_PARAMETER;
+}
+
+void smb2srv_getinfo_recv(struct smb2srv_request *req)
+{
+	struct smb2_getinfo *info;
+	struct smb2srv_getinfo_op *op;
+
+	SMB2SRV_CHECK_BODY_SIZE(req, 0x28, true);
+	SMB2SRV_TALLOC_IO_PTR(info, struct smb2_getinfo);
+	/* this overwrites req->io_ptr !*/
+	SMB2SRV_TALLOC_IO_PTR(op, struct smb2srv_getinfo_op);
+	op->req		= req;
+	op->info	= info;
+	op->io_ptr	= NULL;
+	op->send_fn	= NULL;
+	SMB2SRV_SETUP_NTVFS_REQUEST(smb2srv_getinfo_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	info->in.info_type		= CVAL(req->in.body, 0x02);
+	info->in.info_class		= CVAL(req->in.body, 0x03);
+	info->in.output_buffer_length	= IVAL(req->in.body, 0x04);
+	info->in.reserved		= IVAL(req->in.body, 0x0C);
+	info->in.additional_information	= IVAL(req->in.body, 0x10);
+	info->in.getinfo_flags		= IVAL(req->in.body, 0x14);
+	info->in.file.ntvfs		= smb2srv_pull_handle(req, req->in.body, 0x18);
+	SMB2SRV_CHECK(smb2_pull_o16As32_blob(&req->in, op, 
+					    req->in.body+0x08, &info->in.input_buffer));
+
+	SMB2SRV_CHECK_FILE_HANDLE(info->in.file.ntvfs);
+	SMB2SRV_CALL_NTVFS_BACKEND(smb2srv_getinfo_backend(op));
+}
+
+struct smb2srv_setinfo_op {
+	struct smb2srv_request *req;
+	struct smb2_setinfo *info;
+};
+
+static void smb2srv_setinfo_send(struct ntvfs_request *ntvfs)
+{
+	struct smb2srv_setinfo_op *op;
+	struct smb2srv_request *req;
+
+	/*
+	 * SMB2 uses NT_STATUS_INVALID_INFO_CLASS
+	 * so we need to translated it here
+	 */
+	if (NT_STATUS_EQUAL(NT_STATUS_INVALID_LEVEL, ntvfs->async_states->status)) {
+		ntvfs->async_states->status = NT_STATUS_INVALID_INFO_CLASS;
+	}
+
+	SMB2SRV_CHECK_ASYNC_STATUS(op, struct smb2srv_setinfo_op);
+
+	SMB2SRV_CHECK(smb2srv_setup_reply(op->req, 0x02, false, 0));
+
+	smb2srv_send_reply(req);
+}
+
+static NTSTATUS smb2srv_setinfo_file(struct smb2srv_setinfo_op *op, uint8_t smb2_level)
+{
+	union smb_setfileinfo *io;
+	NTSTATUS status;
+
+	io = talloc(op, union smb_setfileinfo);
+	NT_STATUS_HAVE_NO_MEMORY(io);
+
+	/* the levels directly map to the passthru levels */
+	io->generic.level		= smb2_level + 1000;
+	io->generic.in.file.ntvfs	= op->info->in.file.ntvfs;
+
+	/* handle cases that don't map directly */
+	if (io->generic.level == RAW_SFILEINFO_RENAME_INFORMATION) {
+		io->generic.level = RAW_SFILEINFO_RENAME_INFORMATION_SMB2;
+	}
+
+	status = smbsrv_pull_passthru_sfileinfo(io, io->generic.level, io,
+						&op->info->in.blob,
+						STR_UNICODE, &op->req->in.bufinfo);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	return ntvfs_setfileinfo(op->req->ntvfs, io);
+}
+
+static NTSTATUS smb2srv_setinfo_fs(struct smb2srv_setinfo_op *op, uint8_t smb2_level)
+{
+	switch (smb2_level) {
+	case 0x02:
+		return NT_STATUS_NOT_IMPLEMENTED;
+
+	case 0x06:
+		return NT_STATUS_ACCESS_DENIED;
+
+	case 0x08:
+		return NT_STATUS_ACCESS_DENIED;
+
+	case 0x0A:
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	return NT_STATUS_INVALID_INFO_CLASS;
+}
+
+static NTSTATUS smb2srv_setinfo_security(struct smb2srv_setinfo_op *op, uint8_t smb2_level)
+{
+	union smb_setfileinfo *io;
+	enum ndr_err_code ndr_err;
+
+	switch (smb2_level) {
+	case 0x00:
+		io = talloc(op, union smb_setfileinfo);
+		NT_STATUS_HAVE_NO_MEMORY(io);
+
+		io->set_secdesc.level            = RAW_SFILEINFO_SEC_DESC;
+		io->set_secdesc.in.file.ntvfs    = op->info->in.file.ntvfs;
+		io->set_secdesc.in.secinfo_flags = op->info->in.flags;
+
+		io->set_secdesc.in.sd = talloc(io, struct security_descriptor);
+		NT_STATUS_HAVE_NO_MEMORY(io->set_secdesc.in.sd);
+
+		ndr_err = ndr_pull_struct_blob(&op->info->in.blob, io, 
+					       io->set_secdesc.in.sd,
+					       (ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			return ndr_map_error2ntstatus(ndr_err);
+		}
+
+		return ntvfs_setfileinfo(op->req->ntvfs, io);
+	}
+
+	return NT_STATUS_INVALID_INFO_CLASS;
+}
+
+static NTSTATUS smb2srv_setinfo_backend(struct smb2srv_setinfo_op *op)
+{
+	uint8_t smb2_class;
+	uint8_t smb2_level;
+
+	smb2_class = 0xFF & op->info->in.level;
+	smb2_level = 0xFF & (op->info->in.level>>8);
+
+	switch (smb2_class) {
+	case SMB2_0_INFO_FILE:
+		return smb2srv_setinfo_file(op, smb2_level);
+
+	case SMB2_0_INFO_FILESYSTEM:
+		return smb2srv_setinfo_fs(op, smb2_level);
+
+	case SMB2_0_INFO_SECURITY:
+		return smb2srv_setinfo_security(op, smb2_level);
+
+	case SMB2_0_INFO_QUOTA:
+		return NT_STATUS_NOT_SUPPORTED;
+	}
+
+	return NT_STATUS_INVALID_PARAMETER;
+}
+
+void smb2srv_setinfo_recv(struct smb2srv_request *req)
+{
+	struct smb2_setinfo *info;
+	struct smb2srv_setinfo_op *op;
+
+	SMB2SRV_CHECK_BODY_SIZE(req, 0x20, true);
+	SMB2SRV_TALLOC_IO_PTR(info, struct smb2_setinfo);
+	/* this overwrites req->io_ptr !*/
+	SMB2SRV_TALLOC_IO_PTR(op, struct smb2srv_setinfo_op);
+	op->req		= req;
+	op->info	= info;
+	SMB2SRV_SETUP_NTVFS_REQUEST(smb2srv_setinfo_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	info->in.level			= SVAL(req->in.body, 0x02);
+	SMB2SRV_CHECK(smb2_pull_s32o16_blob(&req->in, info, req->in.body+0x04, &info->in.blob));
+	info->in.flags			= IVAL(req->in.body, 0x0C);
+	info->in.file.ntvfs		= smb2srv_pull_handle(req, req->in.body, 0x10);
+
+	SMB2SRV_CHECK_FILE_HANDLE(info->in.file.ntvfs);
+	SMB2SRV_CALL_NTVFS_BACKEND(smb2srv_setinfo_backend(op));
+}
diff --git a/source4/smb_server/smb2/fileio.c b/source4/smb_server/smb2/fileio.c
new file mode 100644
index 0000000..4153a42
--- /dev/null
+++ b/source4/smb_server/smb2/fileio.c
@@ -0,0 +1,547 @@
+/* 
+   Unix SMB2 implementation.
+   
+   Copyright (C) Stefan Metzmacher	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "smb_server/smb_server.h"
+#include "smb_server/smb2/smb2_server.h"
+#include "ntvfs/ntvfs.h"
+#include "libcli/raw/raw_proto.h"
+#include "librpc/gen_ndr/ndr_security.h"
+
+static void smb2srv_create_send(struct ntvfs_request *ntvfs)
+{
+	struct smb2srv_request *req;
+	union smb_open *io;
+	DATA_BLOB blob;
+
+	SMB2SRV_CHECK_ASYNC_STATUS(io, union smb_open);
+
+	/* setup the blobs we should give in the reply */
+	if (io->smb2.out.maximal_access != 0) {
+		uint32_t data[2];
+		SIVAL(data, 0, 0);
+		SIVAL(data, 4, io->smb2.out.maximal_access);
+		SMB2SRV_CHECK(smb2_create_blob_add(req, &io->smb2.out.blobs,
+						   SMB2_CREATE_TAG_MXAC, 
+						   data_blob_const(data, 8)));
+	}
+	
+	if (IVAL(io->smb2.out.on_disk_id, 0) != 0) {
+		SMB2SRV_CHECK(smb2_create_blob_add(req, &io->smb2.out.blobs,
+						   SMB2_CREATE_TAG_QFID,
+						   data_blob_const(io->smb2.out.on_disk_id, 32)));
+	}
+
+	SMB2SRV_CHECK(smb2_create_blob_push(req, &blob, io->smb2.out.blobs));
+	SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x58, true, blob.length));
+
+	SCVAL(req->out.body,	0x02,	io->smb2.out.oplock_level);
+	SCVAL(req->out.body,	0x03,	io->smb2.out.reserved);
+	SIVAL(req->out.body,	0x04,	io->smb2.out.create_action);
+	SBVAL(req->out.body,	0x08,	io->smb2.out.create_time);
+	SBVAL(req->out.body,	0x10,	io->smb2.out.access_time);
+	SBVAL(req->out.body,	0x18,	io->smb2.out.write_time);
+	SBVAL(req->out.body,	0x20,	io->smb2.out.change_time);
+	SBVAL(req->out.body,	0x28,	io->smb2.out.alloc_size);
+	SBVAL(req->out.body,	0x30,	io->smb2.out.size);
+	SIVAL(req->out.body,	0x38,	io->smb2.out.file_attr);
+	SIVAL(req->out.body,	0x3C,	io->smb2.out.reserved2);
+	smb2srv_push_handle(req->out.body, 0x40, io->smb2.out.file.ntvfs);
+	SMB2SRV_CHECK(smb2_push_o32s32_blob(&req->out, 0x50, blob));
+
+	/* also setup the chained file handle */
+	req->chained_file_handle = req->_chained_file_handle;
+	smb2srv_push_handle(req->chained_file_handle, 0, io->smb2.out.file.ntvfs);
+
+	smb2srv_send_reply(req);
+}
+
+void smb2srv_create_recv(struct smb2srv_request *req)
+{
+	union smb_open *io;
+	DATA_BLOB blob;
+	int i;
+
+	SMB2SRV_CHECK_BODY_SIZE(req, 0x38, true);
+	SMB2SRV_TALLOC_IO_PTR(io, union smb_open);
+	SMB2SRV_SETUP_NTVFS_REQUEST(smb2srv_create_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	ZERO_STRUCT(io->smb2.in);
+	io->smb2.level			= RAW_OPEN_SMB2;
+	io->smb2.in.security_flags	= CVAL(req->in.body, 0x02);
+	io->smb2.in.oplock_level	= CVAL(req->in.body, 0x03);
+	io->smb2.in.impersonation_level	= IVAL(req->in.body, 0x04);
+	io->smb2.in.create_flags	= BVAL(req->in.body, 0x08);
+	io->smb2.in.reserved		= BVAL(req->in.body, 0x10);
+	io->smb2.in.desired_access	= IVAL(req->in.body, 0x18);
+	io->smb2.in.file_attributes	= IVAL(req->in.body, 0x1C);
+	io->smb2.in.share_access	= IVAL(req->in.body, 0x20);
+	io->smb2.in.create_disposition	= IVAL(req->in.body, 0x24);
+	io->smb2.in.create_options	= IVAL(req->in.body, 0x28);
+	SMB2SRV_CHECK(smb2_pull_o16s16_string(&req->in, io, req->in.body+0x2C, &io->smb2.in.fname));
+	SMB2SRV_CHECK(smb2_pull_o32s32_blob(&req->in, io, req->in.body+0x30, &blob));
+	SMB2SRV_CHECK(smb2_create_blob_parse(io, blob, &io->smb2.in.blobs));
+
+	/* interpret the parsed tags that a server needs to respond to */
+	for (i=0;i<io->smb2.in.blobs.num_blobs;i++) {
+		if (strcmp(io->smb2.in.blobs.blobs[i].tag, SMB2_CREATE_TAG_EXTA) == 0) {
+			SMB2SRV_CHECK(ea_pull_list_chained(&io->smb2.in.blobs.blobs[i].data, io, 
+							   &io->smb2.in.eas.num_eas,
+							   &io->smb2.in.eas.eas));
+		}
+		if (strcmp(io->smb2.in.blobs.blobs[i].tag, SMB2_CREATE_TAG_SECD) == 0) {
+			enum ndr_err_code ndr_err;
+			io->smb2.in.sec_desc = talloc(io, struct security_descriptor);
+			if (io->smb2.in.sec_desc == NULL) {
+				smb2srv_send_error(req,  NT_STATUS_NO_MEMORY);
+				return;
+			}
+			ndr_err = ndr_pull_struct_blob(&io->smb2.in.blobs.blobs[i].data, io, 
+						       io->smb2.in.sec_desc,
+						       (ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
+			if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+				smb2srv_send_error(req,  ndr_map_error2ntstatus(ndr_err));
+				return;
+			}
+		}
+		if (strcmp(io->smb2.in.blobs.blobs[i].tag, SMB2_CREATE_TAG_DHNQ) == 0) {
+			io->smb2.in.durable_open = true;
+		}
+		if (strcmp(io->smb2.in.blobs.blobs[i].tag, SMB2_CREATE_TAG_DHNC) == 0) {
+			if (io->smb2.in.blobs.blobs[i].data.length != 16) {
+				smb2srv_send_error(req,  NT_STATUS_INVALID_PARAMETER);
+				return;				
+			}
+			io->smb2.in.durable_handle = talloc(io, struct smb2_handle);
+			if (io->smb2.in.durable_handle == NULL) {
+				smb2srv_send_error(req,  NT_STATUS_NO_MEMORY);
+				return;
+			}
+			smb2_pull_handle(io->smb2.in.blobs.blobs[i].data.data, io->smb2.in.durable_handle);
+		}
+		if (strcmp(io->smb2.in.blobs.blobs[i].tag, SMB2_CREATE_TAG_ALSI) == 0) {
+			if (io->smb2.in.blobs.blobs[i].data.length != 8) {
+				smb2srv_send_error(req,  NT_STATUS_INVALID_PARAMETER);
+				return;				
+			}
+			io->smb2.in.alloc_size = BVAL(io->smb2.in.blobs.blobs[i].data.data, 0);
+		}
+		if (strcmp(io->smb2.in.blobs.blobs[i].tag, SMB2_CREATE_TAG_MXAC) == 0) {
+			io->smb2.in.query_maximal_access = true;
+		}
+		if (strcmp(io->smb2.in.blobs.blobs[i].tag, SMB2_CREATE_TAG_TWRP) == 0) {
+			if (io->smb2.in.blobs.blobs[i].data.length != 8) {
+				smb2srv_send_error(req,  NT_STATUS_INVALID_PARAMETER);
+				return;				
+			}
+			io->smb2.in.timewarp = BVAL(io->smb2.in.blobs.blobs[i].data.data, 0);			
+		}
+		if (strcmp(io->smb2.in.blobs.blobs[i].tag, SMB2_CREATE_TAG_QFID) == 0) {
+			io->smb2.in.query_on_disk_id = true;
+		}
+	}
+		
+	/* the VFS backend does not yet handle NULL filenames */
+	if (io->smb2.in.fname == NULL) {
+		io->smb2.in.fname = "";
+	}
+
+	SMB2SRV_CALL_NTVFS_BACKEND(ntvfs_open(req->ntvfs, io));
+}
+
+static void smb2srv_close_send(struct ntvfs_request *ntvfs)
+{
+	struct smb2srv_request *req;
+	union smb_close *io;
+
+	SMB2SRV_CHECK_ASYNC_STATUS(io, union smb_close);
+	SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x3C, false, 0));
+
+	SSVAL(req->out.body,	0x02,	io->smb2.out.flags);
+	SIVAL(req->out.body,	0x04,	io->smb2.out._pad);
+	SBVAL(req->out.body,	0x08,	io->smb2.out.create_time);
+	SBVAL(req->out.body,	0x10,	io->smb2.out.access_time);
+	SBVAL(req->out.body,	0x18,	io->smb2.out.write_time);
+	SBVAL(req->out.body,	0x20,	io->smb2.out.change_time);
+	SBVAL(req->out.body,	0x28,	io->smb2.out.alloc_size);
+	SBVAL(req->out.body,	0x30,	io->smb2.out.size);
+	SIVAL(req->out.body,	0x38,	io->smb2.out.file_attr);
+
+	/* also destroy the chained file handle */
+	req->chained_file_handle = NULL;
+	memset(req->_chained_file_handle, 0, sizeof(req->_chained_file_handle));
+
+	smb2srv_send_reply(req);
+}
+
+void smb2srv_close_recv(struct smb2srv_request *req)
+{
+	union smb_close *io;
+
+	SMB2SRV_CHECK_BODY_SIZE(req, 0x18, false);
+	SMB2SRV_TALLOC_IO_PTR(io, union smb_close);
+	SMB2SRV_SETUP_NTVFS_REQUEST(smb2srv_close_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	io->smb2.level			= RAW_CLOSE_SMB2;
+	io->smb2.in.flags		= SVAL(req->in.body, 0x02);
+	io->smb2.in._pad		= IVAL(req->in.body, 0x04);
+	io->smb2.in.file.ntvfs		= smb2srv_pull_handle(req, req->in.body, 0x08);
+
+	SMB2SRV_CHECK_FILE_HANDLE(io->smb2.in.file.ntvfs);
+	SMB2SRV_CALL_NTVFS_BACKEND(ntvfs_close(req->ntvfs, io));
+}
+
+static void smb2srv_flush_send(struct ntvfs_request *ntvfs)
+{
+	struct smb2srv_request *req;
+	union smb_flush *io;
+
+	SMB2SRV_CHECK_ASYNC_STATUS(io, union smb_flush);
+	SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x04, false, 0));
+
+	SSVAL(req->out.body,	0x02,	io->smb2.out.reserved);
+
+	smb2srv_send_reply(req);
+}
+
+void smb2srv_flush_recv(struct smb2srv_request *req)
+{
+	union smb_flush *io;
+
+	SMB2SRV_CHECK_BODY_SIZE(req, 0x18, false);
+	SMB2SRV_TALLOC_IO_PTR(io, union smb_flush);
+	SMB2SRV_SETUP_NTVFS_REQUEST(smb2srv_flush_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	io->smb2.level			= RAW_FLUSH_SMB2;
+	io->smb2.in.reserved1		= SVAL(req->in.body, 0x02);
+	io->smb2.in.reserved2		= IVAL(req->in.body, 0x04);
+	io->smb2.in.file.ntvfs		= smb2srv_pull_handle(req, req->in.body, 0x08);
+
+	SMB2SRV_CHECK_FILE_HANDLE(io->smb2.in.file.ntvfs);
+	SMB2SRV_CALL_NTVFS_BACKEND(ntvfs_flush(req->ntvfs, io));
+}
+
+static void smb2srv_read_send(struct ntvfs_request *ntvfs)
+{
+	struct smb2srv_request *req;
+	union smb_read *io;
+
+	SMB2SRV_CHECK_ASYNC_STATUS(io, union smb_read);
+	SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x10, true, io->smb2.out.data.length));
+
+	/* TODO: avoid the memcpy */
+	SMB2SRV_CHECK(smb2_push_o16s32_blob(&req->out, 0x02, io->smb2.out.data));
+	SIVAL(req->out.body,	0x08,	io->smb2.out.remaining);
+	SIVAL(req->out.body,	0x0C,	io->smb2.out.reserved);
+
+	smb2srv_send_reply(req);
+}
+
+void smb2srv_read_recv(struct smb2srv_request *req)
+{
+	union smb_read *io;
+
+	SMB2SRV_CHECK_BODY_SIZE(req, 0x30, true);
+
+	/* MS-SMB2 2.2.19 read must have a single byte of zero */
+	if (req->in.body_size - req->in.body_fixed < 1) {
+		smb2srv_send_error(req,  NT_STATUS_INVALID_PARAMETER);
+		return;
+	}
+	SMB2SRV_TALLOC_IO_PTR(io, union smb_read);
+	SMB2SRV_SETUP_NTVFS_REQUEST(smb2srv_read_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	io->smb2.level			= RAW_READ_SMB2;
+	io->smb2.in._pad		= SVAL(req->in.body, 0x02);
+	io->smb2.in.length		= IVAL(req->in.body, 0x04);
+	io->smb2.in.offset		= BVAL(req->in.body, 0x08);
+	io->smb2.in.file.ntvfs		= smb2srv_pull_handle(req, req->in.body, 0x10);
+	io->smb2.in.min_count		= IVAL(req->in.body, 0x20);
+	io->smb2.in.channel		= IVAL(req->in.body, 0x24);
+	io->smb2.in.remaining		= IVAL(req->in.body, 0x28);
+	io->smb2.in.channel_offset      = SVAL(req->in.body, 0x2C);
+	io->smb2.in.channel_length      = SVAL(req->in.body, 0x2E);
+
+	SMB2SRV_CHECK_FILE_HANDLE(io->smb2.in.file.ntvfs);
+
+	/* preallocate the buffer for the backends */
+	io->smb2.out.data = data_blob_talloc(io, NULL, io->smb2.in.length);
+	if (io->smb2.out.data.length != io->smb2.in.length) {
+		SMB2SRV_CHECK(NT_STATUS_NO_MEMORY);
+	}
+
+	SMB2SRV_CALL_NTVFS_BACKEND(ntvfs_read(req->ntvfs, io));
+}
+
+static void smb2srv_write_send(struct ntvfs_request *ntvfs)
+{
+	struct smb2srv_request *req;
+	union smb_write *io;
+
+	SMB2SRV_CHECK_ASYNC_STATUS(io, union smb_write);
+	SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x10, true, 0));
+
+	SSVAL(req->out.body,	0x02,	io->smb2.out._pad);
+	SIVAL(req->out.body,	0x04,	io->smb2.out.nwritten);
+	SBVAL(req->out.body,	0x08,	io->smb2.out.unknown1);
+
+	smb2srv_send_reply(req);
+}
+
+void smb2srv_write_recv(struct smb2srv_request *req)
+{
+	union smb_write *io;
+
+	SMB2SRV_CHECK_BODY_SIZE(req, 0x30, true);
+	SMB2SRV_TALLOC_IO_PTR(io, union smb_write);
+	SMB2SRV_SETUP_NTVFS_REQUEST(smb2srv_write_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	/* TODO: avoid the memcpy */
+	io->smb2.level			= RAW_WRITE_SMB2;
+	SMB2SRV_CHECK(smb2_pull_o16s32_blob(&req->in, io, req->in.body+0x02, &io->smb2.in.data));
+	io->smb2.in.offset		= BVAL(req->in.body, 0x08);
+	io->smb2.in.file.ntvfs		= smb2srv_pull_handle(req, req->in.body, 0x10);
+	io->smb2.in.unknown1		= BVAL(req->in.body, 0x20);
+	io->smb2.in.unknown2		= BVAL(req->in.body, 0x28);
+
+	SMB2SRV_CHECK_FILE_HANDLE(io->smb2.in.file.ntvfs);
+	SMB2SRV_CALL_NTVFS_BACKEND(ntvfs_write(req->ntvfs, io));
+}
+
+static void smb2srv_lock_send(struct ntvfs_request *ntvfs)
+{
+	struct smb2srv_request *req;
+	union smb_lock *io;
+
+	SMB2SRV_CHECK_ASYNC_STATUS_ERR(io, union smb_lock);
+	SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x04, false, 0));
+
+	SSVAL(req->out.body,	0x02,	io->smb2.out.reserved);
+
+	smb2srv_send_reply(req);
+}
+
+void smb2srv_lock_recv(struct smb2srv_request *req)
+{
+	union smb_lock *io;
+	int i;
+
+	SMB2SRV_CHECK_BODY_SIZE(req, 0x30, false);
+	SMB2SRV_TALLOC_IO_PTR(io, union smb_lock);
+	SMB2SRV_SETUP_NTVFS_REQUEST(smb2srv_lock_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	io->smb2.level			= RAW_LOCK_SMB2;
+	io->smb2.in.lock_count		= SVAL(req->in.body, 0x02);
+	io->smb2.in.lock_sequence	= IVAL(req->in.body, 0x04);
+	io->smb2.in.file.ntvfs		= smb2srv_pull_handle(req, req->in.body, 0x08);
+	if (req->in.body_size < 24 + 24*(uint64_t)io->smb2.in.lock_count) {
+		DEBUG(0,("%s: lock buffer too small\n", __location__));
+		smb2srv_send_error(req,  NT_STATUS_FOOBAR);
+		return;
+	}
+	io->smb2.in.locks = talloc_array(io, struct smb2_lock_element, 
+					 io->smb2.in.lock_count);
+	if (io->smb2.in.locks == NULL) {
+		smb2srv_send_error(req, NT_STATUS_NO_MEMORY);
+		return;
+	}
+
+	for (i=0;i<io->smb2.in.lock_count;i++) {
+		io->smb2.in.locks[i].offset	= BVAL(req->in.body, 24 + i*24);
+		io->smb2.in.locks[i].length	= BVAL(req->in.body, 32 + i*24);
+		io->smb2.in.locks[i].flags	= IVAL(req->in.body, 40 + i*24);
+		io->smb2.in.locks[i].reserved	= IVAL(req->in.body, 44 + i*24);
+	}
+
+	SMB2SRV_CHECK_FILE_HANDLE(io->smb2.in.file.ntvfs);
+	SMB2SRV_CALL_NTVFS_BACKEND(ntvfs_lock(req->ntvfs, io));
+}
+
+static void smb2srv_ioctl_send(struct ntvfs_request *ntvfs)
+{
+	struct smb2srv_request *req;
+	union smb_ioctl *io;
+
+	SMB2SRV_CHECK_ASYNC_STATUS_ERR(io, union smb_ioctl);
+	SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x30, true, 0));
+
+	SSVAL(req->out.body,	0x02,	io->smb2.out.reserved);
+	SIVAL(req->out.body,	0x04,	io->smb2.out.function);
+	if (io->smb2.level == RAW_IOCTL_SMB2_NO_HANDLE) {
+		struct smb2_handle h;
+		h.data[0] = UINT64_MAX;
+		h.data[1] = UINT64_MAX;
+		smb2_push_handle(req->out.body + 0x08, &h);
+	} else {
+		smb2srv_push_handle(req->out.body, 0x08,io->smb2.in.file.ntvfs);
+	}
+	SMB2SRV_CHECK(smb2_push_o32s32_blob(&req->out, 0x18, io->smb2.out.in));
+	SMB2SRV_CHECK(smb2_push_o32s32_blob(&req->out, 0x20, io->smb2.out.out));
+	SIVAL(req->out.body,	0x28,	io->smb2.out.flags);
+	SIVAL(req->out.body,	0x2C,	io->smb2.out.reserved2);
+
+	smb2srv_send_reply(req);
+}
+
+void smb2srv_ioctl_recv(struct smb2srv_request *req)
+{
+	union smb_ioctl *io;
+	struct smb2_handle h;
+
+	SMB2SRV_CHECK_BODY_SIZE(req, 0x38, true);
+	SMB2SRV_TALLOC_IO_PTR(io, union smb_ioctl);
+	SMB2SRV_SETUP_NTVFS_REQUEST(smb2srv_ioctl_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	/* TODO: avoid the memcpy */
+	io->smb2.in.reserved		= SVAL(req->in.body, 0x02);
+	io->smb2.in.function		= IVAL(req->in.body, 0x04);
+	/* file handle ... */
+	SMB2SRV_CHECK(smb2_pull_o32s32_blob(&req->in, io, req->in.body+0x18, &io->smb2.in.out));
+	io->smb2.in.max_input_response	= IVAL(req->in.body, 0x20);
+	SMB2SRV_CHECK(smb2_pull_o32s32_blob(&req->in, io, req->in.body+0x24, &io->smb2.in.in));
+	io->smb2.in.max_output_response	= IVAL(req->in.body, 0x2C);
+	io->smb2.in.flags		= IVAL(req->in.body, 0x30);
+	io->smb2.in.reserved2		= IVAL(req->in.body, 0x34);
+
+	smb2_pull_handle(req->in.body + 0x08, &h);
+	if (h.data[0] == UINT64_MAX && h.data[1] == UINT64_MAX) {
+		io->smb2.level		= RAW_IOCTL_SMB2_NO_HANDLE;
+	} else {
+		io->smb2.level		= RAW_IOCTL_SMB2;
+		io->smb2.in.file.ntvfs	= smb2srv_pull_handle(req, req->in.body, 0x08);
+		SMB2SRV_CHECK_FILE_HANDLE(io->smb2.in.file.ntvfs);
+	}
+
+	SMB2SRV_CALL_NTVFS_BACKEND(ntvfs_ioctl(req->ntvfs, io));
+}
+
+static void smb2srv_notify_send(struct ntvfs_request *ntvfs)
+{
+	struct smb2srv_request *req;
+	union smb_notify *io;
+	size_t size = 0;
+	int i;
+	uint8_t *p;
+	DATA_BLOB blob = data_blob(NULL, 0);
+
+	SMB2SRV_CHECK_ASYNC_STATUS(io, union smb_notify);
+	SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x08, true, 0));
+
+#define MAX_BYTES_PER_CHAR 3
+	
+	/* work out how big the reply buffer could be */
+	for (i=0;i<io->smb2.out.num_changes;i++) {
+		size += 12 + 3 + (1+strlen(io->smb2.out.changes[i].name.s)) * MAX_BYTES_PER_CHAR;
+	}
+
+	blob = data_blob_talloc(req, NULL, size);
+	if (size > 0 && !blob.data) {
+		SMB2SRV_CHECK(NT_STATUS_NO_MEMORY);
+	}
+
+	p = blob.data;
+
+	/* construct the changes buffer */
+	for (i=0;i<io->smb2.out.num_changes;i++) {
+		uint32_t ofs;
+		ssize_t len;
+
+		SIVAL(p, 4, io->smb2.out.changes[i].action);
+		len = push_string(p + 12, io->smb2.out.changes[i].name.s, 
+				  blob.length - (p+12 - blob.data), STR_UNICODE);
+		SIVAL(p, 8, len);
+
+		ofs = len + 12;
+
+		if (ofs & 3) {
+			int pad = 4 - (ofs & 3);
+			memset(p+ofs, 0, pad);
+			ofs += pad;
+		}
+
+		if (i == io->smb2.out.num_changes-1) {
+			SIVAL(p, 0, 0);
+		} else {
+			SIVAL(p, 0, ofs);
+		}
+
+		p += ofs;
+	}
+
+	blob.length = p - blob.data;
+
+	SMB2SRV_CHECK(smb2_push_o16s32_blob(&req->out, 0x02, blob));
+
+	smb2srv_send_reply(req);
+}
+
+void smb2srv_notify_recv(struct smb2srv_request *req)
+{
+	union smb_notify *io;
+
+	SMB2SRV_CHECK_BODY_SIZE(req, 0x20, false);
+	SMB2SRV_TALLOC_IO_PTR(io, union smb_notify);
+	SMB2SRV_SETUP_NTVFS_REQUEST(smb2srv_notify_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	io->smb2.level			= RAW_NOTIFY_SMB2;
+	io->smb2.in.recursive		= SVAL(req->in.body, 0x02);
+	io->smb2.in.buffer_size		= IVAL(req->in.body, 0x04);
+	io->smb2.in.file.ntvfs		= smb2srv_pull_handle(req, req->in.body, 0x08);
+	io->smb2.in.completion_filter	= IVAL(req->in.body, 0x18);
+	io->smb2.in.unknown		= BVAL(req->in.body, 0x1C);
+
+	SMB2SRV_CHECK_FILE_HANDLE(io->smb2.in.file.ntvfs);
+	SMB2SRV_CALL_NTVFS_BACKEND(ntvfs_notify(req->ntvfs, io));
+}
+
+static void smb2srv_break_send(struct ntvfs_request *ntvfs)
+{
+	struct smb2srv_request *req;
+	union smb_lock *io;
+
+	SMB2SRV_CHECK_ASYNC_STATUS_ERR(io, union smb_lock);
+	SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x18, false, 0));
+
+	SCVAL(req->out.body,	0x02,	io->smb2_break.out.oplock_level);
+	SCVAL(req->out.body,	0x03,	io->smb2_break.out.reserved);
+	SIVAL(req->out.body,	0x04,	io->smb2_break.out.reserved2);
+	smb2srv_push_handle(req->out.body, 0x08,io->smb2_break.out.file.ntvfs);
+
+	smb2srv_send_reply(req);
+}
+
+void smb2srv_break_recv(struct smb2srv_request *req)
+{
+	union smb_lock *io;
+
+	SMB2SRV_CHECK_BODY_SIZE(req, 0x18, false);
+	SMB2SRV_TALLOC_IO_PTR(io, union smb_lock);
+	SMB2SRV_SETUP_NTVFS_REQUEST(smb2srv_break_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	io->smb2_break.level		= RAW_LOCK_SMB2_BREAK;
+	io->smb2_break.in.oplock_level	= CVAL(req->in.body, 0x02);
+	io->smb2_break.in.reserved	= CVAL(req->in.body, 0x03);
+	io->smb2_break.in.reserved2	= IVAL(req->in.body, 0x04);
+	io->smb2_break.in.file.ntvfs	= smb2srv_pull_handle(req, req->in.body, 0x08);
+
+	SMB2SRV_CHECK_FILE_HANDLE(io->smb2_break.in.file.ntvfs);
+	SMB2SRV_CALL_NTVFS_BACKEND(ntvfs_lock(req->ntvfs, io));
+}
diff --git a/source4/smb_server/smb2/find.c b/source4/smb_server/smb2/find.c
new file mode 100644
index 0000000..17f09e1
--- /dev/null
+++ b/source4/smb_server/smb2/find.c
@@ -0,0 +1,167 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB2 Find
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (c) Stefan Metzmacher 2006
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+   This file handles the parsing of transact2 requests
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "smb_server/smb_server.h"
+#include "smb_server/smb2/smb2_server.h"
+#include "ntvfs/ntvfs.h"
+
+
+/* a structure to encapsulate the state information about an in-progress ffirst/fnext operation */
+struct smb2srv_find_state {
+	struct smb2srv_request *req;
+	struct smb2_find *info;
+	union smb_search_first *ff;
+	union smb_search_next *fn;
+	uint32_t last_entry_offset;
+};
+
+/* callback function for SMB2 Find */
+static bool smb2srv_find_callback(void *private_data, const union smb_search_data *file)
+{
+	struct smb2srv_find_state *state = talloc_get_type(private_data, struct smb2srv_find_state);
+	struct smb2_find *info = state->info;
+	uint32_t old_length;
+	NTSTATUS status;
+
+	old_length = info->out.blob.length;
+
+	status = smbsrv_push_passthru_search(state, &info->out.blob, info->data_level, file, STR_UNICODE);
+	if (!NT_STATUS_IS_OK(status) ||
+	    info->out.blob.length > info->in.max_response_size) {
+		/* restore the old length and tell the backend to stop */
+		smbsrv_blob_grow_data(state, &info->out.blob, old_length);
+		return false;
+	}
+
+	state->last_entry_offset = old_length;
+
+	return true;
+}
+
+static void smb2srv_find_send(struct ntvfs_request *ntvfs)
+{
+	struct smb2srv_request *req;
+	struct smb2srv_find_state *state;
+
+	SMB2SRV_CHECK_ASYNC_STATUS(state, struct smb2srv_find_state);
+	SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x08, true, state->info->out.blob.length));
+
+	if (state->info->out.blob.length > 0) {
+		SIVAL(state->info->out.blob.data + state->last_entry_offset, 0, 0);
+	}
+
+	SMB2SRV_CHECK(smb2_push_o16s32_blob(&req->out, 0x02, state->info->out.blob));
+
+	smb2srv_send_reply(req);
+}
+
+static NTSTATUS smb2srv_find_backend(struct smb2srv_find_state *state)
+{
+	struct smb2_find *info = state->info;
+
+	switch (info->in.level) {
+	case SMB2_FIND_DIRECTORY_INFO:
+		info->data_level = RAW_SEARCH_DATA_DIRECTORY_INFO;
+		break;
+
+	case SMB2_FIND_FULL_DIRECTORY_INFO:
+		info->data_level = RAW_SEARCH_DATA_FULL_DIRECTORY_INFO;
+		break;
+
+	case SMB2_FIND_BOTH_DIRECTORY_INFO:
+		info->data_level = RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO;
+		break;
+
+	case SMB2_FIND_NAME_INFO:
+		info->data_level = RAW_SEARCH_DATA_NAME_INFO;
+		break;
+
+	case SMB2_FIND_ID_BOTH_DIRECTORY_INFO:
+		info->data_level = RAW_SEARCH_DATA_ID_BOTH_DIRECTORY_INFO;
+		break;
+
+	case SMB2_FIND_ID_FULL_DIRECTORY_INFO:
+		info->data_level = RAW_SEARCH_DATA_ID_FULL_DIRECTORY_INFO;
+		break;
+
+	default:
+		return NT_STATUS_FOOBAR;
+	}
+
+	if (info->in.continue_flags & SMB2_CONTINUE_FLAG_REOPEN) {
+		state->ff = talloc(state, union smb_search_first);
+		NT_STATUS_HAVE_NO_MEMORY(state->ff);
+
+		state->ff->smb2 = *info;
+		state->info = &state->ff->smb2;
+		ZERO_STRUCT(state->ff->smb2.out);
+
+		return ntvfs_search_first(state->req->ntvfs, state->ff, state, smb2srv_find_callback);
+	} else {
+		state->fn = talloc(state, union smb_search_next);
+		NT_STATUS_HAVE_NO_MEMORY(state->fn);
+
+		state->fn->smb2 = *info;
+		state->info = &state->fn->smb2;
+		ZERO_STRUCT(state->fn->smb2.out);
+
+		return ntvfs_search_next(state->req->ntvfs, state->fn, state, smb2srv_find_callback);
+	}
+}
+
+void smb2srv_find_recv(struct smb2srv_request *req)
+{
+	struct smb2srv_find_state *state;
+	struct smb2_find *info;
+
+	SMB2SRV_CHECK_BODY_SIZE(req, 0x20, true);
+	SMB2SRV_TALLOC_IO_PTR(info, struct smb2_find);
+	/* this overwrites req->io_ptr !*/
+	SMB2SRV_TALLOC_IO_PTR(state, struct smb2srv_find_state);
+	state->req		= req;
+	state->info		= info;
+	state->ff		= NULL;
+	state->fn		= NULL;
+	state->last_entry_offset= 0;
+	SMB2SRV_SETUP_NTVFS_REQUEST(smb2srv_find_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
+
+	info->level			= RAW_SEARCH_SMB2;
+	info->data_level		= RAW_SEARCH_DATA_GENERIC;/* will be overwritten later */
+	info->in.level			= CVAL(req->in.body, 0x02);
+	info->in.continue_flags		= CVAL(req->in.body, 0x03);
+	info->in.file_index		= IVAL(req->in.body, 0x04);
+	info->in.file.ntvfs		= smb2srv_pull_handle(req, req->in.body, 0x08);
+	SMB2SRV_CHECK(smb2_pull_o16s16_string(&req->in, info, req->in.body+0x18, &info->in.pattern));
+	info->in.max_response_size	= IVAL(req->in.body, 0x1C);
+
+	/* the VFS backend does not yet handle NULL patterns */
+	if (info->in.pattern == NULL) {
+		info->in.pattern = "";
+	}
+
+	SMB2SRV_CHECK_FILE_HANDLE(info->in.file.ntvfs);
+	SMB2SRV_CALL_NTVFS_BACKEND(smb2srv_find_backend(state));
+}
diff --git a/source4/smb_server/smb2/keepalive.c b/source4/smb_server/smb2/keepalive.c
new file mode 100644
index 0000000..cd53778
--- /dev/null
+++ b/source4/smb_server/smb2/keepalive.c
@@ -0,0 +1,71 @@
+/* 
+   Unix SMB2 implementation.
+   
+   Copyright (C) Stefan Metzmacher	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "smb_server/smb_server.h"
+#include "smb_server/smb2/smb2_server.h"
+
+static NTSTATUS smb2srv_keepalive_backend(struct smb2srv_request *req)
+{
+	/* TODO: maybe update some flags on the connection struct */
+	return NT_STATUS_OK;
+}
+
+static void smb2srv_keepalive_send(struct smb2srv_request *req)
+{
+	NTSTATUS status;
+
+	if (NT_STATUS_IS_ERR(req->status)) {
+		smb2srv_send_error(req, req->status);
+		return;
+	}
+
+	status = smb2srv_setup_reply(req, 0x04, false, 0);
+	if (!NT_STATUS_IS_OK(status)) {
+		smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
+		talloc_free(req);
+		return;
+	}
+
+	SSVAL(req->out.body, 0x02, 0);
+
+	smb2srv_send_reply(req);
+}
+
+void smb2srv_keepalive_recv(struct smb2srv_request *req)
+{
+	if (req->in.body_size != 0x04) {
+		smb2srv_send_error(req,  NT_STATUS_INVALID_PARAMETER);
+		return;
+	}
+
+	if (SVAL(req->in.body, 0x00) != 0x04) {
+		smb2srv_send_error(req,  NT_STATUS_INVALID_PARAMETER);
+		return;
+	}
+
+	req->status = smb2srv_keepalive_backend(req);
+
+	if (req->control_flags & SMB2SRV_REQ_CTRL_FLAG_NOT_REPLY) {
+		talloc_free(req);
+		return;
+	}
+	smb2srv_keepalive_send(req);
+}
diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c
new file mode 100644
index 0000000..048d7b4
--- /dev/null
+++ b/source4/smb_server/smb2/negprot.c
@@ -0,0 +1,327 @@
+/* 
+   Unix SMB2 implementation.
+   
+   Copyright (C) Andrew Bartlett	2001-2005
+   Copyright (C) Stefan Metzmacher	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "auth/credentials/credentials.h"
+#include "auth/auth.h"
+#include "auth/gensec/gensec.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "smb_server/smb_server.h"
+#include "smb_server/smb2/smb2_server.h"
+#include "samba/service_stream.h"
+#include "param/param.h"
+
+static NTSTATUS smb2srv_negprot_secblob(struct smb2srv_request *req, DATA_BLOB *_blob)
+{
+	struct gensec_security *gensec_security;
+	DATA_BLOB null_data_blob = data_blob(NULL, 0);
+	DATA_BLOB blob;
+	NTSTATUS nt_status;
+	struct cli_credentials *server_credentials;
+
+	server_credentials =
+		cli_credentials_init_server(req, req->smb_conn->lp_ctx);
+	if (server_credentials == NULL) {
+		DBG_DEBUG("Failed to obtain server credentials, "
+			  "perhaps a standalone server?\n");
+		/*
+		 * Create anon server credentials for for the
+		 * spoolss.notify test.
+		 */
+		server_credentials = cli_credentials_init_anon(req);
+		if (server_credentials == NULL) {
+			smbsrv_terminate_connection(req->smb_conn,
+				"Failed to init server credentials\n");
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
+	req->smb_conn->negotiate.server_credentials = talloc_steal(req->smb_conn, server_credentials);
+
+	nt_status = samba_server_gensec_start(req,
+					      req->smb_conn->connection->event.ctx,
+					      req->smb_conn->connection->msg_ctx,
+					      req->smb_conn->lp_ctx,
+					      server_credentials,
+					      "cifs",
+					      &gensec_security);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		DEBUG(0, ("Failed to start GENSEC: %s\n", nt_errstr(nt_status)));
+		smbsrv_terminate_connection(req->smb_conn, "Failed to start GENSEC\n");
+		return nt_status;
+	}
+
+	gensec_set_target_service(gensec_security, "cifs");
+
+	gensec_set_credentials(gensec_security, server_credentials);
+
+	nt_status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_SPNEGO);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		DEBUG(0, ("Failed to start SPNEGO: %s\n", nt_errstr(nt_status)));
+		smbsrv_terminate_connection(req->smb_conn, "Failed to start SPNEGO\n");
+		return nt_status;
+	}
+
+	nt_status = gensec_update(gensec_security, req,
+				  null_data_blob, &blob);
+	if (!NT_STATUS_IS_OK(nt_status) && !NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+		DEBUG(0, ("Failed to get SPNEGO to give us the first token: %s\n", nt_errstr(nt_status)));
+		smbsrv_terminate_connection(req->smb_conn, "Failed to start SPNEGO - no first token\n");
+		return nt_status;
+	}
+
+	*_blob = blob;
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2_negprot *io)
+{
+	NTSTATUS status;
+	struct timeval current_time;
+	struct timeval boot_time;
+	uint16_t i;
+	uint16_t dialect = 0;
+	enum smb_signing_setting signing_setting;
+	struct loadparm_context *lp_ctx = req->smb_conn->lp_ctx;
+
+	/* we only do one dialect for now */
+	if (io->in.dialect_count < 1) {
+		return NT_STATUS_NOT_SUPPORTED;
+	}
+	for (i=0; i < io->in.dialect_count; i++) {
+		dialect = io->in.dialects[i];
+		if (dialect == SMB2_DIALECT_REVISION_202) {
+			break;
+		}
+	}
+	if (dialect != SMB2_DIALECT_REVISION_202) {
+		DEBUG(0,("Got unexpected SMB2 dialect %u\n", dialect));
+		return NT_STATUS_NOT_SUPPORTED;
+	}
+
+	req->smb_conn->negotiate.protocol = PROTOCOL_SMB2_02;
+
+	current_time = timeval_current(); /* TODO: handle timezone?! */
+	boot_time = timeval_current(); /* TODO: fix me */
+
+	ZERO_STRUCT(io->out);
+
+	signing_setting = lpcfg_server_signing(lp_ctx);
+	if (signing_setting == SMB_SIGNING_DEFAULT) {
+		/*
+		 * If we are a domain controller, SMB signing is
+		 * really important, as it can prevent a number of
+		 * attacks on communications between us and the
+		 * clients
+		 *
+		 * However, it really sucks (no sendfile, CPU
+		 * overhead) performance-wise when used on a
+		 * file server, so disable it by default
+		 * on non-DCs
+		 */
+
+		if (lpcfg_server_role(lp_ctx) >= ROLE_ACTIVE_DIRECTORY_DC) {
+			signing_setting = SMB_SIGNING_REQUIRED;
+		} else {
+			signing_setting = SMB_SIGNING_OFF;
+		}
+	}
+
+	switch (signing_setting) {
+	case SMB_SIGNING_DEFAULT:
+	case SMB_SIGNING_IPC_DEFAULT:
+		smb_panic(__location__);
+		break;
+	case SMB_SIGNING_OFF:
+		io->out.security_mode = 0;
+		break;
+	case SMB_SIGNING_DESIRED:
+	case SMB_SIGNING_IF_REQUIRED:
+		io->out.security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED;
+		break;
+	case SMB_SIGNING_REQUIRED:
+		io->out.security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED | SMB2_NEGOTIATE_SIGNING_REQUIRED;
+		/* force signing on immediately */
+		req->smb_conn->smb2_signing_required = true;
+		break;
+	}
+	io->out.dialect_revision   = dialect;
+	io->out.capabilities       = 0;
+	io->out.max_transact_size  = lpcfg_parm_ulong(req->smb_conn->lp_ctx, NULL,
+						   "smb2", "max transaction size", 0x10000);
+	io->out.max_read_size      = lpcfg_parm_ulong(req->smb_conn->lp_ctx, NULL,
+						   "smb2", "max read size", 0x10000);
+	io->out.max_write_size     = lpcfg_parm_ulong(req->smb_conn->lp_ctx, NULL,
+						   "smb2", "max write size", 0x10000);
+	io->out.system_time	   = timeval_to_nttime(&current_time);
+	io->out.server_start_time  = timeval_to_nttime(&boot_time);
+	io->out.reserved2          = 0;
+	status = smb2srv_negprot_secblob(req, &io->out.secblob);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	return NT_STATUS_OK;
+}
+
+static void smb2srv_negprot_send(struct smb2srv_request *req, struct smb2_negprot *io)
+{
+	NTSTATUS status;
+
+	if (NT_STATUS_IS_ERR(req->status)) {
+		smb2srv_send_error(req, req->status); /* TODO: is this correct? */
+		return;
+	}
+
+	status = smb2srv_setup_reply(req, 0x40, true, io->out.secblob.length);
+	if (!NT_STATUS_IS_OK(status)) {
+		smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
+		talloc_free(req);
+		return;
+	}
+
+	SSVAL(req->out.body, 0x02, io->out.security_mode);
+	SIVAL(req->out.body, 0x04, io->out.dialect_revision);
+	SIVAL(req->out.body, 0x06, io->out.reserved);
+	status = smbcli_push_guid(req->out.body, 0x08, &io->out.server_guid);
+	if (!NT_STATUS_IS_OK(status)) {
+		smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
+		talloc_free(req);
+		return;
+	}
+	SIVAL(req->out.body, 0x18, io->out.capabilities);
+	SIVAL(req->out.body, 0x1C, io->out.max_transact_size);
+	SIVAL(req->out.body, 0x20, io->out.max_read_size);
+	SIVAL(req->out.body, 0x24, io->out.max_write_size);
+	push_nttime(req->out.body, 0x28, io->out.system_time);
+	push_nttime(req->out.body, 0x30, io->out.server_start_time);
+	SIVAL(req->out.body, 0x3C, io->out.reserved2);
+	status = smb2_push_o16s16_blob(&req->out, 0x38, io->out.secblob);
+	if (!NT_STATUS_IS_OK(status)) {
+		smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
+		talloc_free(req);
+		return;
+	}
+
+	smb2srv_send_reply(req);
+}
+
+void smb2srv_negprot_recv(struct smb2srv_request *req)
+{
+	struct smb2_negprot *io;
+	int i;
+
+	if (req->in.body_size < 0x26) {
+		smbsrv_terminate_connection(req->smb_conn, "Bad body size in SMB2 negprot");
+		return;
+	}
+
+	io = talloc(req, struct smb2_negprot);
+	if (!io) {
+		smbsrv_terminate_connection(req->smb_conn, nt_errstr(NT_STATUS_NO_MEMORY));
+		talloc_free(req);
+		return;
+	}
+
+	io->in.dialect_count = SVAL(req->in.body, 0x02);
+	io->in.security_mode = SVAL(req->in.body, 0x04);
+	io->in.reserved      = SVAL(req->in.body, 0x06);
+	io->in.capabilities  = IVAL(req->in.body, 0x08);
+	req->status = smbcli_pull_guid(req->in.body, 0xC, &io->in.client_guid);
+	if (!NT_STATUS_IS_OK(req->status)) {
+		smbsrv_terminate_connection(req->smb_conn, "Bad GUID in SMB2 negprot");
+		talloc_free(req);
+		return;
+	}
+	io->in.start_time = smbcli_pull_nttime(req->in.body, 0x1C);
+
+	io->in.dialects = talloc_array(req, uint16_t, io->in.dialect_count);
+	if (io->in.dialects == NULL) {
+		smbsrv_terminate_connection(req->smb_conn, nt_errstr(NT_STATUS_NO_MEMORY));
+		talloc_free(req);
+		return;
+	}
+	for (i=0;i<io->in.dialect_count;i++) {
+		io->in.dialects[i] = SVAL(req->in.body, 0x24+i*2);
+	}
+
+	req->status = smb2srv_negprot_backend(req, io);
+
+	if (req->control_flags & SMB2SRV_REQ_CTRL_FLAG_NOT_REPLY) {
+		talloc_free(req);
+		return;
+	}
+	smb2srv_negprot_send(req, io);
+}
+
+/*
+ * reply to a SMB negprot request with dialect "SMB 2.002"
+ */
+void smb2srv_reply_smb_negprot(struct smbsrv_request *smb_req)
+{
+	struct smb2srv_request *req;
+	uint32_t body_fixed_size = 0x26;
+
+	req = talloc_zero(smb_req->smb_conn, struct smb2srv_request);
+	if (!req) goto nomem;
+	req->smb_conn		= smb_req->smb_conn;
+	req->request_time	= smb_req->request_time;
+	talloc_steal(req, smb_req);
+
+	req->in.size      = NBT_HDR_SIZE+SMB2_HDR_BODY+body_fixed_size;
+	req->in.allocated = req->in.size;
+	req->in.buffer    = talloc_array(req, uint8_t, req->in.allocated);
+	if (!req->in.buffer) goto nomem;
+	req->in.hdr       = req->in.buffer + NBT_HDR_SIZE;
+	req->in.body      = req->in.hdr + SMB2_HDR_BODY;
+	req->in.body_size = body_fixed_size;
+	req->in.dynamic   = NULL;
+
+	smb2srv_setup_bufinfo(req);
+
+	SIVAL(req->in.hdr, 0,				SMB2_MAGIC);
+	SSVAL(req->in.hdr, SMB2_HDR_LENGTH,		SMB2_HDR_BODY);
+	SSVAL(req->in.hdr, SMB2_HDR_EPOCH,		0);
+	SIVAL(req->in.hdr, SMB2_HDR_STATUS,		0);
+	SSVAL(req->in.hdr, SMB2_HDR_OPCODE,		SMB2_OP_NEGPROT);
+	SSVAL(req->in.hdr, SMB2_HDR_CREDIT,		0);
+	SIVAL(req->in.hdr, SMB2_HDR_FLAGS,		0);
+	SIVAL(req->in.hdr, SMB2_HDR_NEXT_COMMAND,	0);
+	SBVAL(req->in.hdr, SMB2_HDR_MESSAGE_ID,		0);
+	SIVAL(req->in.hdr, SMB2_HDR_PID,		0);
+	SIVAL(req->in.hdr, SMB2_HDR_TID,		0);
+	SBVAL(req->in.hdr, SMB2_HDR_SESSION_ID,		0);
+	memset(req->in.hdr+SMB2_HDR_SIGNATURE, 0, 16);
+
+	/* this seems to be a bug, they use 0x24 but the length is 0x26 */
+	SSVAL(req->in.body, 0x00, 0x24);
+
+	SSVAL(req->in.body, 0x02, 1);
+	memset(req->in.body+0x04, 0, 32);
+	SSVAL(req->in.body, 0x24, SMB2_DIALECT_REVISION_202);
+
+	smb2srv_negprot_recv(req);
+	return;
+nomem:
+	smbsrv_terminate_connection(smb_req->smb_conn, nt_errstr(NT_STATUS_NO_MEMORY));
+	talloc_free(req);
+	return;
+}
diff --git a/source4/smb_server/smb2/receive.c b/source4/smb_server/smb2/receive.c
new file mode 100644
index 0000000..7818fdc
--- /dev/null
+++ b/source4/smb_server/smb2/receive.c
@@ -0,0 +1,710 @@
+/* 
+   Unix SMB2 implementation.
+   
+   Copyright (C) Andrew Tridgell	2005
+   Copyright (C) Stefan Metzmacher	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/time.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "smb_server/smb_server.h"
+#include "smb_server/smb2/smb2_server.h"
+#include "samba/service_stream.h"
+#include "lib/stream/packet.h"
+#include "ntvfs/ntvfs.h"
+#include "param/param.h"
+#include "auth/auth.h"
+#include "lib/util/idtree.h"
+
+/* fill in the bufinfo */
+void smb2srv_setup_bufinfo(struct smb2srv_request *req)
+{
+	req->in.bufinfo.mem_ctx    = req;
+	req->in.bufinfo.flags      = BUFINFO_FLAG_UNICODE | BUFINFO_FLAG_SMB2;
+	req->in.bufinfo.align_base = req->in.buffer;
+	if (req->in.dynamic) {
+		req->in.bufinfo.data       = req->in.dynamic;
+		req->in.bufinfo.data_size  = req->in.body_size - req->in.body_fixed;
+	} else {
+		req->in.bufinfo.data       = NULL;
+		req->in.bufinfo.data_size  = 0;
+	}
+}
+
+static int smb2srv_request_destructor(struct smb2srv_request *req)
+{
+	DLIST_REMOVE(req->smb_conn->requests2.list, req);
+	if (req->pending_id) {
+		idr_remove(req->smb_conn->requests2.idtree_req, req->pending_id);
+	}
+	return 0;
+}
+
+static int smb2srv_request_deny_destructor(struct smb2srv_request *req)
+{
+	return -1;
+}
+
+struct smb2srv_request *smb2srv_init_request(struct smbsrv_connection *smb_conn)
+{
+	struct smb2srv_request *req;
+
+	req = talloc_zero(smb_conn, struct smb2srv_request);
+	if (!req) return NULL;
+
+	req->smb_conn = smb_conn;
+
+	req->chained_session_id = UINT64_MAX;
+	req->chained_tree_id = UINT32_MAX;
+
+	talloc_set_destructor(req, smb2srv_request_destructor);
+
+	return req;
+}
+
+NTSTATUS smb2srv_setup_reply(struct smb2srv_request *req, uint16_t body_fixed_size,
+			     bool body_dynamic_present, uint32_t body_dynamic_size)
+{
+	uint32_t flags = IVAL(req->in.hdr, SMB2_HDR_FLAGS);
+	uint32_t pid = IVAL(req->in.hdr, SMB2_HDR_PID);
+	uint32_t tid = IVAL(req->in.hdr, SMB2_HDR_TID);
+	uint16_t credits = SVAL(req->in.hdr, SMB2_HDR_CREDIT);
+
+	if (credits == 0) {
+		credits = 1;
+	}
+
+	flags |= SMB2_HDR_FLAG_REDIRECT;
+
+	if (req->pending_id) {
+		flags |= SMB2_HDR_FLAG_ASYNC;
+		pid = req->pending_id;
+		tid = 0;
+		credits = 0;
+	}
+
+	if (body_dynamic_present) {
+		if (body_dynamic_size == 0) {
+			body_dynamic_size = 1;
+		}
+	} else {
+		body_dynamic_size = 0;
+	}
+
+	req->out.size		= SMB2_HDR_BODY+NBT_HDR_SIZE+body_fixed_size;
+
+	req->out.allocated	= req->out.size + body_dynamic_size;
+	req->out.buffer		= talloc_array(req, uint8_t, 
+					       req->out.allocated);
+	NT_STATUS_HAVE_NO_MEMORY(req->out.buffer);
+
+	req->out.hdr		= req->out.buffer	+ NBT_HDR_SIZE;
+	req->out.body		= req->out.hdr		+ SMB2_HDR_BODY;
+	req->out.body_fixed	= body_fixed_size;
+	req->out.body_size	= body_fixed_size;
+	req->out.dynamic	= (body_dynamic_size ? req->out.body + body_fixed_size : NULL);
+
+	SIVAL(req->out.hdr, 0,				SMB2_MAGIC);
+	SSVAL(req->out.hdr, SMB2_HDR_LENGTH,		SMB2_HDR_BODY);
+	SSVAL(req->out.hdr, SMB2_HDR_CREDIT_CHARGE,
+	      SVAL(req->in.hdr, SMB2_HDR_CREDIT_CHARGE));
+	SIVAL(req->out.hdr, SMB2_HDR_STATUS,		NT_STATUS_V(req->status));
+	SSVAL(req->out.hdr, SMB2_HDR_OPCODE,		SVAL(req->in.hdr, SMB2_HDR_OPCODE));
+	SSVAL(req->out.hdr, SMB2_HDR_CREDIT,		credits);
+	SIVAL(req->out.hdr, SMB2_HDR_FLAGS,		flags);
+	SIVAL(req->out.hdr, SMB2_HDR_NEXT_COMMAND,	0);
+	SBVAL(req->out.hdr, SMB2_HDR_MESSAGE_ID,	req->seqnum);
+	SIVAL(req->out.hdr, SMB2_HDR_PID,		pid);
+	SIVAL(req->out.hdr, SMB2_HDR_TID,		tid);
+	SBVAL(req->out.hdr, SMB2_HDR_SESSION_ID,	BVAL(req->in.hdr, SMB2_HDR_SESSION_ID));
+	memcpy(req->out.hdr+SMB2_HDR_SIGNATURE,
+	       req->in.hdr+SMB2_HDR_SIGNATURE, 16);
+
+	/* set the length of the fixed body part and +1 if there's a dynamic part also */
+	SSVAL(req->out.body, 0, body_fixed_size + (body_dynamic_size?1:0));
+
+	/* 
+	 * if we have a dynamic part, make sure the first byte
+	 * which is always be part of the packet is initialized
+	 */
+	if (body_dynamic_size) {
+		req->out.size += 1;
+		SCVAL(req->out.dynamic, 0, 0);
+	}
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS smb2srv_reply(struct smb2srv_request *req);
+
+static void smb2srv_chain_reply(struct smb2srv_request *p_req)
+{
+	NTSTATUS status;
+	struct smbsrv_connection *smb_conn = p_req->smb_conn;
+	struct smb2srv_request *req;
+	uint32_t chain_offset;
+	uint32_t protocol_version;
+	uint16_t buffer_code;
+	uint32_t dynamic_size;
+	uint32_t flags;
+	uint32_t last_hdr_offset;
+
+	last_hdr_offset = p_req->in.hdr - p_req->in.buffer;
+
+	chain_offset = p_req->chain_offset;
+	p_req->chain_offset = 0;
+
+	if (p_req->in.size < (last_hdr_offset + chain_offset + SMB2_MIN_SIZE_NO_BODY)) {
+		DEBUG(2,("Invalid SMB2 chained packet at offset 0x%X from last hdr 0x%X\n",
+			chain_offset, last_hdr_offset));
+		smbsrv_terminate_connection(smb_conn, "Invalid SMB2 chained packet");
+		return;
+	}
+
+	protocol_version = IVAL(p_req->in.buffer, last_hdr_offset + chain_offset);
+	if (protocol_version != SMB2_MAGIC) {
+		DEBUG(2,("Invalid SMB chained packet: protocol prefix: 0x%08X\n",
+			 protocol_version));
+		smbsrv_terminate_connection(smb_conn, "NON-SMB2 chained packet");
+		return;
+	}
+
+	req = smb2srv_init_request(smb_conn);
+	if (!req) {
+		smbsrv_terminate_connection(smb_conn, "SMB2 chained packet - no memory");
+		return;
+	}
+
+	talloc_steal(req, p_req);
+
+	req->in.buffer		= talloc_steal(req, p_req->in.buffer);
+	req->in.size		= p_req->in.size;
+	req->request_time	= p_req->request_time;
+	req->in.allocated	= req->in.size;
+
+	req->in.hdr		= req->in.buffer+ last_hdr_offset + chain_offset;
+	req->in.body		= req->in.hdr	+ SMB2_HDR_BODY;
+	req->in.body_size	= req->in.size	- (last_hdr_offset+ chain_offset + SMB2_HDR_BODY);
+	req->in.dynamic 	= NULL;
+
+	req->seqnum		= BVAL(req->in.hdr, SMB2_HDR_MESSAGE_ID);
+
+	if (req->in.body_size < 2) {
+		/* error handling for this is different for negprot to 
+		   other packet types */
+		uint16_t opcode	= SVAL(req->in.hdr, SMB2_HDR_OPCODE);
+		if (opcode == SMB2_OP_NEGPROT) {
+			smbsrv_terminate_connection(smb_conn, "Bad body size in SMB2 negprot");
+			return;
+		} else {
+			smb2srv_send_error(req, NT_STATUS_INVALID_PARAMETER);
+			return;
+		}
+	}
+
+	buffer_code		= SVAL(req->in.body, 0);
+	req->in.body_fixed	= (buffer_code & ~1);
+	dynamic_size		= req->in.body_size - req->in.body_fixed;
+
+	if (dynamic_size != 0 && (buffer_code & 1)) {
+		req->in.dynamic = req->in.body + req->in.body_fixed;
+		if (smb2_oob(&req->in, req->in.dynamic, dynamic_size)) {
+			DEBUG(1,("SMB2 chained request invalid dynamic size 0x%x\n", 
+				 dynamic_size));
+			smb2srv_send_error(req, NT_STATUS_INVALID_PARAMETER);
+			return;
+		}
+	}
+
+	smb2srv_setup_bufinfo(req);
+
+	flags = IVAL(req->in.hdr, SMB2_HDR_FLAGS);
+	if (flags & SMB2_HDR_FLAG_CHAINED) {
+		if (p_req->chained_file_handle) {
+			memcpy(req->_chained_file_handle,
+			       p_req->_chained_file_handle,
+			       sizeof(req->_chained_file_handle));
+			req->chained_file_handle = req->_chained_file_handle;
+		}
+		req->chained_session_id = p_req->chained_session_id;
+		req->chained_tree_id = p_req->chained_tree_id;
+		req->chain_status = p_req->chain_status;
+	}
+
+	/* 
+	 * TODO: - make sure the length field is 64
+	 *       - make sure it's a request
+	 */
+
+	status = smb2srv_reply(req);
+	if (!NT_STATUS_IS_OK(status)) {
+		smbsrv_terminate_connection(smb_conn, nt_errstr(status));
+		return;
+	}
+}
+
+void smb2srv_send_reply(struct smb2srv_request *req)
+{
+	DATA_BLOB blob;
+	NTSTATUS status;
+
+	if (req->smb_conn->connection->event.fde == NULL) {
+		/* the socket has been destroyed - no point trying to send a reply! */
+		talloc_free(req);
+		return;
+	}
+
+	if (req->out.size > NBT_HDR_SIZE) {
+		_smb_setlen_tcp(req->out.buffer, req->out.size - NBT_HDR_SIZE);
+	}
+
+	/* if signing is active on the session then sign the packet */
+	if (req->is_signed) {
+		status = smb2_sign_message(&req->out, 
+					   req->session->session_info->session_key);
+		if (!NT_STATUS_IS_OK(status)) {
+			smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
+			return;
+		}		
+	}
+
+
+	blob = data_blob_const(req->out.buffer, req->out.size);
+	status = packet_send(req->smb_conn->packet, blob);
+	if (!NT_STATUS_IS_OK(status)) {
+		smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
+		return;
+	}
+	if (req->chain_offset) {
+		smb2srv_chain_reply(req);
+		return;
+	}
+	talloc_free(req);
+}
+
+void smb2srv_send_error(struct smb2srv_request *req, NTSTATUS error)
+{
+	NTSTATUS status;
+
+	if (req->smb_conn->connection->event.fde == NULL) {
+		/* the socket has been destroyed - no point trying to send an error! */
+		talloc_free(req);
+		return;
+	}
+
+	status = smb2srv_setup_reply(req, 8, true, 0);
+	if (!NT_STATUS_IS_OK(status)) {
+		smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
+		talloc_free(req);
+		return;
+	}
+
+	SIVAL(req->out.hdr, SMB2_HDR_STATUS, NT_STATUS_V(error));
+
+	SSVAL(req->out.body, 0x02, 0);
+	SIVAL(req->out.body, 0x04, 0);
+
+	req->chain_status = NT_STATUS_INVALID_PARAMETER;
+
+	smb2srv_send_reply(req);
+}
+
+static NTSTATUS smb2srv_reply(struct smb2srv_request *req)
+{
+	uint16_t opcode;
+	uint32_t tid;
+	uint64_t uid;
+	uint32_t flags;
+
+	if (SVAL(req->in.hdr, SMB2_HDR_LENGTH) != SMB2_HDR_BODY) {
+		smbsrv_terminate_connection(req->smb_conn, "Invalid SMB2 header length");
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+	opcode			= SVAL(req->in.hdr, SMB2_HDR_OPCODE);
+	req->chain_offset	= IVAL(req->in.hdr, SMB2_HDR_NEXT_COMMAND);
+	req->seqnum		= BVAL(req->in.hdr, SMB2_HDR_MESSAGE_ID);
+	tid			= IVAL(req->in.hdr, SMB2_HDR_TID);
+	uid			= BVAL(req->in.hdr, SMB2_HDR_SESSION_ID);
+	flags			= IVAL(req->in.hdr, SMB2_HDR_FLAGS);
+
+	if (opcode != SMB2_OP_CANCEL &&
+	    req->smb_conn->highest_smb2_seqnum != 0 &&
+	    req->seqnum <= req->smb_conn->highest_smb2_seqnum) {
+		smbsrv_terminate_connection(req->smb_conn, "Invalid SMB2 sequence number");
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+	if (opcode != SMB2_OP_CANCEL) {
+		req->smb_conn->highest_smb2_seqnum = req->seqnum;
+	}
+
+	if (flags & SMB2_HDR_FLAG_CHAINED) {
+		uid = req->chained_session_id;
+		tid = req->chained_tree_id;
+	}
+
+	req->session	= smbsrv_session_find(req->smb_conn, uid, req->request_time);
+	req->tcon	= smbsrv_smb2_tcon_find(req->session, tid, req->request_time);
+
+	req->chained_session_id = uid;
+	req->chained_tree_id = tid;
+
+	errno = 0;
+
+	/* supporting signing is mandatory in SMB2, and is per-packet. So we 
+	   should check the signature on any incoming packet that is signed, and 
+	   should give a signed reply to any signed request */
+	if (flags & SMB2_HDR_FLAG_SIGNED) {
+		NTSTATUS status;
+
+		if (!req->session) goto nosession;
+
+		req->is_signed = true;
+		status = smb2_check_signature(&req->in, 
+					      req->session->session_info->session_key);
+		if (!NT_STATUS_IS_OK(status)) {
+			smb2srv_send_error(req, status);
+			return NT_STATUS_OK;			
+		}
+	} else if (req->session && req->session->smb2_signing.active) {
+		/* we require signing and this request was not signed */
+		smb2srv_send_error(req, NT_STATUS_ACCESS_DENIED);
+		return NT_STATUS_OK;					
+	}
+
+	if (!NT_STATUS_IS_OK(req->chain_status)) {
+		smb2srv_send_error(req, req->chain_status);
+		return NT_STATUS_OK;
+	}
+
+	switch (opcode) {
+	case SMB2_OP_NEGPROT:
+		smb2srv_negprot_recv(req);
+		return NT_STATUS_OK;
+	case SMB2_OP_SESSSETUP:
+		smb2srv_sesssetup_recv(req);
+		return NT_STATUS_OK;
+	case SMB2_OP_LOGOFF:
+		if (!req->session) goto nosession;
+		smb2srv_logoff_recv(req);
+		return NT_STATUS_OK;
+	case SMB2_OP_TCON:
+		if (!req->session) goto nosession;
+		smb2srv_tcon_recv(req);
+		return NT_STATUS_OK;
+	case SMB2_OP_TDIS:
+		if (!req->session) goto nosession;
+		if (!req->tcon)	goto notcon;
+		smb2srv_tdis_recv(req);
+		return NT_STATUS_OK;
+	case SMB2_OP_CREATE:
+		if (!req->session) goto nosession;
+		if (!req->tcon)	goto notcon;
+		smb2srv_create_recv(req);
+		return NT_STATUS_OK;
+	case SMB2_OP_CLOSE:
+		if (!req->session) goto nosession;
+		if (!req->tcon)	goto notcon;
+		smb2srv_close_recv(req);
+		return NT_STATUS_OK;
+	case SMB2_OP_FLUSH:
+		if (!req->session) goto nosession;
+		if (!req->tcon)	goto notcon;
+		smb2srv_flush_recv(req);
+		return NT_STATUS_OK;
+	case SMB2_OP_READ:
+		if (!req->session) goto nosession;
+		if (!req->tcon)	goto notcon;
+		smb2srv_read_recv(req);
+		return NT_STATUS_OK;
+	case SMB2_OP_WRITE:
+		if (!req->session) goto nosession;
+		if (!req->tcon)	goto notcon;
+		smb2srv_write_recv(req);
+		return NT_STATUS_OK;
+	case SMB2_OP_LOCK:
+		if (!req->session) goto nosession;
+		if (!req->tcon)	goto notcon;
+		smb2srv_lock_recv(req);
+		return NT_STATUS_OK;
+	case SMB2_OP_IOCTL:
+		if (!req->session) goto nosession;
+		if (!req->tcon)	goto notcon;
+		smb2srv_ioctl_recv(req);
+		return NT_STATUS_OK;
+	case SMB2_OP_CANCEL:
+		smb2srv_cancel_recv(req);
+		return NT_STATUS_OK;
+	case SMB2_OP_KEEPALIVE:
+		smb2srv_keepalive_recv(req);
+		return NT_STATUS_OK;
+	case SMB2_OP_QUERY_DIRECTORY:
+		if (!req->session) goto nosession;
+		if (!req->tcon)	goto notcon;
+		smb2srv_find_recv(req);
+		return NT_STATUS_OK;
+	case SMB2_OP_NOTIFY:
+		if (!req->session) goto nosession;
+		if (!req->tcon)	goto notcon;
+		smb2srv_notify_recv(req);
+		return NT_STATUS_OK;
+	case SMB2_OP_GETINFO:
+		if (!req->session) goto nosession;
+		if (!req->tcon)	goto notcon;
+		smb2srv_getinfo_recv(req);
+		return NT_STATUS_OK;
+	case SMB2_OP_SETINFO:
+		if (!req->session) goto nosession;
+		if (!req->tcon)	goto notcon;
+		smb2srv_setinfo_recv(req);
+		return NT_STATUS_OK;
+	case SMB2_OP_BREAK:
+		if (!req->session) goto nosession;
+		if (!req->tcon)	goto notcon;
+		smb2srv_break_recv(req);
+		return NT_STATUS_OK;
+	}
+
+	DEBUG(1,("Invalid SMB2 opcode: 0x%04X\n", opcode));
+	smbsrv_terminate_connection(req->smb_conn, "Invalid SMB2 opcode");
+	return NT_STATUS_OK;
+
+nosession:
+	smb2srv_send_error(req, NT_STATUS_USER_SESSION_DELETED);
+	return NT_STATUS_OK;
+notcon:
+	smb2srv_send_error(req, NT_STATUS_NETWORK_NAME_DELETED);
+	return NT_STATUS_OK;
+}
+
+NTSTATUS smbsrv_recv_smb2_request(void *private_data, DATA_BLOB blob)
+{
+	struct smbsrv_connection *smb_conn = talloc_get_type(private_data, struct smbsrv_connection);
+	struct smb2srv_request *req;
+	struct timeval cur_time = timeval_current();
+	uint32_t protocol_version;
+	uint16_t buffer_code;
+	uint32_t dynamic_size;
+	uint32_t flags;
+
+	smb_conn->statistics.last_request_time = cur_time;
+
+	/* see if its a special NBT packet */
+	if (CVAL(blob.data,0) != 0) {
+		DEBUG(2,("Special NBT packet on SMB2 connection\n"));
+		smbsrv_terminate_connection(smb_conn, "Special NBT packet on SMB2 connection");
+		return NT_STATUS_OK;
+	}
+
+	if (blob.length < (NBT_HDR_SIZE + SMB2_MIN_SIZE_NO_BODY)) {
+		DEBUG(2,("Invalid SMB2 packet length count %ld\n", (long)blob.length));
+		smbsrv_terminate_connection(smb_conn, "Invalid SMB2 packet");
+		return NT_STATUS_OK;
+	}
+
+	protocol_version = IVAL(blob.data, NBT_HDR_SIZE);
+	if (protocol_version != SMB2_MAGIC) {
+		DEBUG(2,("Invalid SMB packet: protocol prefix: 0x%08X\n",
+			 protocol_version));
+		smbsrv_terminate_connection(smb_conn, "NON-SMB2 packet");
+		return NT_STATUS_OK;
+	}
+
+	req = smb2srv_init_request(smb_conn);
+	NT_STATUS_HAVE_NO_MEMORY(req);
+
+	req->in.buffer		= talloc_steal(req, blob.data);
+	req->in.size		= blob.length;
+	req->request_time	= cur_time;
+	req->in.allocated	= req->in.size;
+
+	req->in.hdr		= req->in.buffer+ NBT_HDR_SIZE;
+	req->in.body		= req->in.hdr	+ SMB2_HDR_BODY;
+	req->in.body_size	= req->in.size	- (SMB2_HDR_BODY+NBT_HDR_SIZE);
+	req->in.dynamic 	= NULL;
+
+	req->seqnum		= BVAL(req->in.hdr, SMB2_HDR_MESSAGE_ID);
+
+	if (req->in.body_size < 2) {
+		/* error handling for this is different for negprot to 
+		   other packet types */
+		uint16_t opcode	= SVAL(req->in.hdr, SMB2_HDR_OPCODE);
+		if (opcode == SMB2_OP_NEGPROT) {
+			smbsrv_terminate_connection(req->smb_conn, "Bad body size in SMB2 negprot");			
+			return NT_STATUS_OK;
+		} else {
+			smb2srv_send_error(req, NT_STATUS_INVALID_PARAMETER);
+			return NT_STATUS_OK;
+		}
+	}
+
+	buffer_code		= SVAL(req->in.body, 0);
+	req->in.body_fixed	= (buffer_code & ~1);
+	dynamic_size		= req->in.body_size - req->in.body_fixed;
+
+	if (dynamic_size != 0 && (buffer_code & 1)) {
+		req->in.dynamic = req->in.body + req->in.body_fixed;
+		if (smb2_oob(&req->in, req->in.dynamic, dynamic_size)) {
+			DEBUG(1,("SMB2 request invalid dynamic size 0x%x\n", 
+				 dynamic_size));
+			smb2srv_send_error(req, NT_STATUS_INVALID_PARAMETER);
+			return NT_STATUS_OK;
+		}
+	}
+
+	smb2srv_setup_bufinfo(req);
+
+	/* 
+	 * TODO: - make sure the length field is 64
+	 *       - make sure it's a request
+	 */
+
+	flags = IVAL(req->in.hdr, SMB2_HDR_FLAGS);
+	/* the first request should never have the related flag set */
+	if (flags & SMB2_HDR_FLAG_CHAINED) {
+		req->chain_status = NT_STATUS_INVALID_PARAMETER;
+	}
+
+	return smb2srv_reply(req);
+}
+
+static NTSTATUS smb2srv_init_pending(struct smbsrv_connection *smb_conn)
+{
+	smb_conn->requests2.idtree_req = idr_init(smb_conn);
+	NT_STATUS_HAVE_NO_MEMORY(smb_conn->requests2.idtree_req);
+	smb_conn->requests2.idtree_limit	= 0x00FFFFFF & (UINT32_MAX - 1);
+	smb_conn->requests2.list		= NULL;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS smb2srv_queue_pending(struct smb2srv_request *req)
+{
+	NTSTATUS status;
+	bool signing_used = false;
+	int id;
+	uint16_t credits = SVAL(req->in.hdr, SMB2_HDR_CREDIT);
+
+	if (credits == 0) {
+		credits = 1;
+	}
+
+	if (req->pending_id) {
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	if (req->smb_conn->connection->event.fde == NULL) {
+		/* the socket has been destroyed - no point trying to send an error! */
+		return NT_STATUS_REMOTE_DISCONNECT;
+	}
+
+	id = idr_get_new_above(req->smb_conn->requests2.idtree_req, req, 
+			       1, req->smb_conn->requests2.idtree_limit);
+	if (id == -1) {
+		return NT_STATUS_INSUFFICIENT_RESOURCES;
+	}
+
+	DLIST_ADD_END(req->smb_conn->requests2.list, req);
+	req->pending_id = id;
+
+	talloc_set_destructor(req, smb2srv_request_deny_destructor);
+
+	status = smb2srv_setup_reply(req, 8, true, 0);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	SIVAL(req->out.hdr, SMB2_HDR_STATUS, NT_STATUS_V(NT_STATUS_PENDING));
+	SSVAL(req->out.hdr, SMB2_HDR_CREDIT, credits);
+
+	SSVAL(req->out.body, 0x02, 0);
+	SIVAL(req->out.body, 0x04, 0);
+
+	/* if the real reply will be signed set the signed flags, but don't sign */
+	if (req->is_signed) {
+		SIVAL(req->out.hdr, SMB2_HDR_FLAGS, IVAL(req->out.hdr, SMB2_HDR_FLAGS) | SMB2_HDR_FLAG_SIGNED);
+		signing_used = req->is_signed;
+		req->is_signed = false;
+	}
+
+	smb2srv_send_reply(req);
+
+	req->is_signed = signing_used;
+
+	talloc_set_destructor(req, smb2srv_request_destructor);
+	return NT_STATUS_OK;
+}
+
+void smb2srv_cancel_recv(struct smb2srv_request *req)
+{
+	uint32_t pending_id;
+	uint32_t flags;
+	void *p;
+	struct smb2srv_request *r;
+
+	if (!req->session) goto done;
+
+	flags		= IVAL(req->in.hdr, SMB2_HDR_FLAGS);
+	pending_id	= IVAL(req->in.hdr, SMB2_HDR_PID);
+
+	if (!(flags & SMB2_HDR_FLAG_ASYNC)) {
+		/* TODO: what to do here? */
+		goto done;
+	}
+ 
+ 	p = idr_find(req->smb_conn->requests2.idtree_req, pending_id);
+	if (!p) goto done;
+
+	r = talloc_get_type(p, struct smb2srv_request);
+	if (!r) goto done;
+
+	if (!r->ntvfs) goto done;
+
+	ntvfs_cancel(r->ntvfs);
+
+done:
+	/* we never generate a reply for a SMB2 Cancel */
+	talloc_free(req);
+}
+
+/*
+ * init the SMB2 protocol related stuff
+ */
+NTSTATUS smbsrv_init_smb2_connection(struct smbsrv_connection *smb_conn)
+{
+	NTSTATUS status;
+
+	/* now initialise a few default values associated with this smb socket */
+	smb_conn->negotiate.max_send = 0xFFFF;
+
+	/* this is the size that w2k uses, and it appears to be important for
+	   good performance */
+	smb_conn->negotiate.max_recv = lpcfg_max_xmit(smb_conn->lp_ctx);
+
+	smb_conn->negotiate.zone_offset = get_time_zone(time(NULL));
+
+	smb_conn->config.nt_status_support = true;
+
+	status = smbsrv_init_sessions(smb_conn, UINT64_MAX);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	status = smb2srv_init_pending(smb_conn);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	return NT_STATUS_OK;
+	
+}
diff --git a/source4/smb_server/smb2/sesssetup.c b/source4/smb_server/smb2/sesssetup.c
new file mode 100644
index 0000000..852218d
--- /dev/null
+++ b/source4/smb_server/smb2/sesssetup.c
@@ -0,0 +1,326 @@
+/* 
+   Unix SMB2 implementation.
+   
+   Copyright (C) Andrew Bartlett	2001-2005
+   Copyright (C) Stefan Metzmacher	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <tevent.h>
+#include "auth/gensec/gensec.h"
+#include "auth/auth.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "smb_server/smb_server.h"
+#include "smb_server/smb2/smb2_server.h"
+#include "samba/service_stream.h"
+#include "lib/stream/packet.h"
+
+static void smb2srv_sesssetup_send(struct smb2srv_request *req, union smb_sesssetup *io)
+{
+	if (NT_STATUS_IS_OK(req->status)) {
+		/* nothing */
+	} else if (NT_STATUS_EQUAL(req->status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+		/* nothing */
+	} else {
+		smb2srv_send_error(req, req->status);
+		return;
+	}
+
+	SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x08, true, io->smb2.out.secblob.length));
+
+	SBVAL(req->out.hdr, SMB2_HDR_SESSION_ID,	io->smb2.out.uid);
+
+	SSVAL(req->out.body, 0x02, io->smb2.out.session_flags);
+	SMB2SRV_CHECK(smb2_push_o16s16_blob(&req->out, 0x04, io->smb2.out.secblob));
+
+	smb2srv_send_reply(req);
+}
+
+struct smb2srv_sesssetup_callback_ctx {
+	struct smb2srv_request *req;
+	union smb_sesssetup *io;
+	struct smbsrv_session *smb_sess;
+};
+
+static void smb2srv_sesssetup_callback(struct tevent_req *subreq)
+{
+	struct smb2srv_sesssetup_callback_ctx *ctx = tevent_req_callback_data(subreq,
+						     struct smb2srv_sesssetup_callback_ctx);
+	struct smb2srv_request *req = ctx->req;
+	union smb_sesssetup *io = ctx->io;
+	struct smbsrv_session *smb_sess = ctx->smb_sess;
+	struct auth_session_info *session_info = NULL;
+	enum security_user_level user_level;
+	NTSTATUS status;
+
+	packet_recv_enable(req->smb_conn->packet);
+
+	status = gensec_update_recv(subreq, req, &io->smb2.out.secblob);
+	TALLOC_FREE(subreq);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+		goto done;
+	} else if (!NT_STATUS_IS_OK(status)) {
+		goto failed;
+	}
+
+	status = gensec_session_info(smb_sess->gensec_ctx, smb_sess, &session_info);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto failed;
+	}
+
+	/* Ensure this is marked as a 'real' vuid, not one
+	 * simply valid for the session setup leg */
+	status = smbsrv_session_sesssetup_finished(smb_sess, session_info);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto failed;
+	}
+	req->session = smb_sess;
+
+	user_level = security_session_user_level(smb_sess->session_info, NULL);
+	if (user_level >= SECURITY_USER) {
+		if (smb_sess->smb2_signing.required) {
+			/* activate smb2 signing on the session */
+			smb_sess->smb2_signing.active = true;
+		}
+		/* we need to sign the session setup response */
+		req->is_signed = true;
+	}
+
+done:
+	io->smb2.out.uid = smb_sess->vuid;
+failed:
+	req->status = nt_status_squash(status);
+	smb2srv_sesssetup_send(req, io);
+	if (!NT_STATUS_IS_OK(status) && !
+	    NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+		talloc_free(smb_sess);
+	}
+}
+
+static void smb2srv_sesssetup_backend(struct smb2srv_request *req, union smb_sesssetup *io)
+{
+	NTSTATUS status;
+	struct smb2srv_sesssetup_callback_ctx *callback_ctx;
+	struct smbsrv_session *smb_sess = NULL;
+	uint64_t vuid;
+	struct tevent_req *subreq;
+
+	io->smb2.out.session_flags = 0;
+	io->smb2.out.uid	= 0;
+	io->smb2.out.secblob = data_blob(NULL, 0);
+
+	vuid = BVAL(req->in.hdr, SMB2_HDR_SESSION_ID);
+
+	/*
+	 * only when we got '0' we should allocate a new session
+	 */
+	if (vuid == 0) {
+		struct gensec_security *gensec_ctx;
+		struct tsocket_address *remote_address, *local_address;
+
+		status = samba_server_gensec_start(req,
+						   req->smb_conn->connection->event.ctx,
+						   req->smb_conn->connection->msg_ctx,
+						   req->smb_conn->lp_ctx,
+						   req->smb_conn->negotiate.server_credentials,
+						   "cifs",
+						   &gensec_ctx);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status)));
+			goto failed;
+		}
+
+		gensec_want_feature(gensec_ctx, GENSEC_FEATURE_SESSION_KEY);
+		gensec_want_feature(gensec_ctx, GENSEC_FEATURE_SMB_TRANSPORT);
+
+		remote_address = socket_get_remote_addr(req->smb_conn->connection->socket,
+							req);
+		if (!remote_address) {
+			status = NT_STATUS_INTERNAL_ERROR;
+			DBG_ERR("Failed to obtain remote address\n");
+			goto failed;
+		}
+
+		status = gensec_set_remote_address(gensec_ctx,
+						   remote_address);
+		if (!NT_STATUS_IS_OK(status)) {
+			DBG_ERR("Failed to set remote address\n");
+			goto failed;
+		}
+
+		local_address = socket_get_local_addr(req->smb_conn->connection->socket,
+						      req);
+		if (!local_address) {
+			status = NT_STATUS_INTERNAL_ERROR;
+			DBG_ERR("Failed to obtain local address\n");
+			goto failed;
+		}
+
+		status = gensec_set_local_address(gensec_ctx,
+						  local_address);
+		if (!NT_STATUS_IS_OK(status)) {
+			DBG_ERR("Failed to set local address\n");
+			goto failed;
+		}
+
+		status = gensec_set_target_service_description(gensec_ctx,
+							       "SMB2");
+
+		if (!NT_STATUS_IS_OK(status)) {
+			DBG_ERR("Failed to set service description\n");
+			goto failed;
+		}
+
+		status = gensec_start_mech_by_oid(gensec_ctx, GENSEC_OID_SPNEGO);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(1, ("Failed to start GENSEC SPNEGO server code: %s\n", nt_errstr(status)));
+			goto failed;
+		}
+
+		/* allocate a new session */
+		smb_sess = smbsrv_session_new(req->smb_conn, req->smb_conn, gensec_ctx);
+		if (!smb_sess) {
+			status = NT_STATUS_INSUFFICIENT_RESOURCES;
+			goto failed;
+		}
+		status = smbsrv_smb2_init_tcons(smb_sess);
+		if (!NT_STATUS_IS_OK(status)) {
+			goto failed;
+		}
+	} else {
+		/* lookup an existing session */
+		smb_sess = smbsrv_session_find_sesssetup(req->smb_conn, vuid);
+	}
+
+	if (!smb_sess) {
+		status = NT_STATUS_USER_SESSION_DELETED;
+		goto failed;
+	}
+
+	if (smb_sess->session_info) {
+		/* see WSPP test suite - test 11 */
+		status = NT_STATUS_REQUEST_NOT_ACCEPTED;
+		goto failed;
+	}
+
+	if (!smb_sess->gensec_ctx) {
+		status = NT_STATUS_INTERNAL_ERROR;
+		DEBUG(1, ("Internal ERROR: no gensec_ctx on session: %s\n", nt_errstr(status)));
+		goto failed;
+	}
+
+	callback_ctx = talloc(req, struct smb2srv_sesssetup_callback_ctx);
+	if (!callback_ctx) goto nomem;
+	callback_ctx->req	= req;
+	callback_ctx->io	= io;
+	callback_ctx->smb_sess	= smb_sess;
+
+	subreq = gensec_update_send(callback_ctx,
+				    req->smb_conn->connection->event.ctx,
+				    smb_sess->gensec_ctx,
+				    io->smb2.in.secblob);
+	if (!subreq) goto nomem;
+	tevent_req_set_callback(subreq, smb2srv_sesssetup_callback, callback_ctx);
+
+	/* note that we ignore SMB2_NEGOTIATE_SIGNING_ENABLED from the client.
+	   This is deliberate as windows does not set it even when it does 
+	   set SMB2_NEGOTIATE_SIGNING_REQUIRED */
+	if (io->smb2.in.security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) {
+		smb_sess->smb2_signing.required = true;
+	}
+
+	/* disable receipt of more packets on this socket until we've
+	   finished with the session setup. This avoids a problem with
+	   crashes if we get EOF on the socket while processing a session
+	   setup */
+	packet_recv_disable(req->smb_conn->packet);
+
+	return;
+nomem:
+	status = NT_STATUS_NO_MEMORY;
+failed:
+	talloc_free(smb_sess);
+	req->status = nt_status_squash(status);
+	smb2srv_sesssetup_send(req, io);
+}
+
+void smb2srv_sesssetup_recv(struct smb2srv_request *req)
+{
+	union smb_sesssetup *io;
+
+	SMB2SRV_CHECK_BODY_SIZE(req, 0x18, true);
+	SMB2SRV_TALLOC_IO_PTR(io, union smb_sesssetup);
+
+	io->smb2.level		       = RAW_SESSSETUP_SMB2;
+	io->smb2.in.vc_number	       = CVAL(req->in.body, 0x02);
+	io->smb2.in.security_mode      = CVAL(req->in.body, 0x03);
+	io->smb2.in.capabilities       = IVAL(req->in.body, 0x04);
+	io->smb2.in.channel            = IVAL(req->in.body, 0x08);
+	io->smb2.in.previous_sessionid = BVAL(req->in.body, 0x10);
+	SMB2SRV_CHECK(smb2_pull_o16s16_blob(&req->in, io, req->in.body+0x0C, &io->smb2.in.secblob));
+
+	smb2srv_sesssetup_backend(req, io);
+}
+
+static int smb2srv_cleanup_session_destructor(struct smbsrv_session **session)
+{
+	/* TODO: call ntvfs backends to close file of this session */
+	DEBUG(0,("free session[%p]\n", *session));
+	talloc_free(*session);
+	return 0;
+}
+
+static NTSTATUS smb2srv_logoff_backend(struct smb2srv_request *req)
+{
+	struct smbsrv_session **session_ptr;
+
+	/* we need to destroy the session after sending the reply */
+	session_ptr = talloc(req, struct smbsrv_session *);
+	NT_STATUS_HAVE_NO_MEMORY(session_ptr);
+
+	*session_ptr = req->session;
+	talloc_set_destructor(session_ptr, smb2srv_cleanup_session_destructor);
+
+	return NT_STATUS_OK;
+}
+
+static void smb2srv_logoff_send(struct smb2srv_request *req)
+{
+	if (NT_STATUS_IS_ERR(req->status)) {
+		smb2srv_send_error(req, req->status);
+		return;
+	}
+
+	SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x04, false, 0));
+
+	SSVAL(req->out.body, 0x02, 0);
+
+	smb2srv_send_reply(req);
+}
+
+void smb2srv_logoff_recv(struct smb2srv_request *req)
+{
+	SMB2SRV_CHECK_BODY_SIZE(req, 0x04, false);
+
+	req->status = smb2srv_logoff_backend(req);
+
+	if (req->control_flags & SMB2SRV_REQ_CTRL_FLAG_NOT_REPLY) {
+		talloc_free(req);
+		return;
+	}
+	smb2srv_logoff_send(req);
+}
diff --git a/source4/smb_server/smb2/smb2_server.h b/source4/smb_server/smb2/smb2_server.h
new file mode 100644
index 0000000..5fe12fe
--- /dev/null
+++ b/source4/smb_server/smb2/smb2_server.h
@@ -0,0 +1,192 @@
+/* 
+   Unix SMB2 implementation.
+   
+   Copyright (C) Stefan Metzmacher            2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/* the context for a single SMB2 request. This is passed to any request-context 
+   functions */
+struct smb2srv_request {
+	/* the smbsrv_connection needs a list of requests queued for send */
+	struct smb2srv_request *next, *prev;
+
+	/* the server_context contains all context specific to this SMB socket */
+	struct smbsrv_connection *smb_conn;
+
+	/* conn is only set for operations that have a valid TID */
+	struct smbsrv_tcon *tcon;
+
+	/* the session context is derived from the vuid */
+	struct smbsrv_session *session;
+
+#define SMB2SRV_REQ_CTRL_FLAG_NOT_REPLY (1<<0)
+	uint32_t control_flags;
+
+	/* the system time when the request arrived */
+	struct timeval request_time;
+
+	/* a pointer to the per request union smb_* io structure */
+	void *io_ptr;
+
+	/* the ntvfs_request */
+	struct ntvfs_request *ntvfs;
+
+	/* Now the SMB2 specific stuff */
+
+	/* the status the backend returned */
+	NTSTATUS status;
+
+	/* for matching request and reply */
+	uint64_t seqnum;
+
+	/* the id that can be used to cancel the request */
+	uint32_t pending_id;
+
+	/* the offset to the next SMB2 Header for chained requests */
+	uint32_t chain_offset;
+
+	/* the status we return for following chained requests */
+	NTSTATUS chain_status;
+
+	/* chained file handle */
+	uint8_t _chained_file_handle[16];
+	uint8_t *chained_file_handle;
+	uint64_t chained_session_id;
+	uint32_t chained_tree_id;
+
+	bool is_signed;
+
+	struct smb2_request_buffer in;
+	struct smb2_request_buffer out;
+};
+
+struct smbsrv_request;
+
+#include "smb_server/smb2/smb2_proto.h"
+
+/* useful way of catching field size errors with file and line number */
+#define SMB2SRV_CHECK_BODY_SIZE(req, size, dynamic) do { \
+	size_t is_size = req->in.body_size; \
+	uint16_t field_size; \
+	uint16_t want_size = ((dynamic)?(size)+1:(size)); \
+	if (is_size < (size)) { \
+		DEBUG(0,("%s: buffer too small 0x%x. Expected 0x%x\n", \
+			 __location__, (unsigned)is_size, (unsigned)want_size)); \
+		smb2srv_send_error(req,  NT_STATUS_INVALID_PARAMETER); \
+		return; \
+	}\
+	field_size = SVAL(req->in.body, 0);       \
+	if (field_size != want_size) { \
+		DEBUG(0,("%s: unexpected fixed body size 0x%x. Expected 0x%x\n", \
+			 __location__, (unsigned)field_size, (unsigned)want_size)); \
+		smb2srv_send_error(req,  NT_STATUS_INVALID_PARAMETER); \
+		return; \
+	} \
+} while (0)
+
+#define SMB2SRV_CHECK(cmd) do {\
+	NTSTATUS _status; \
+	_status = cmd; \
+	if (!NT_STATUS_IS_OK(_status)) { \
+		smb2srv_send_error(req,  _status); \
+		return; \
+	} \
+} while (0)
+
+/* useful wrapper for talloc with NO_MEMORY reply */
+#define SMB2SRV_TALLOC_IO_PTR(ptr, type) do { \
+	ptr = talloc(req, type); \
+	if (!ptr) { \
+		smb2srv_send_error(req, NT_STATUS_NO_MEMORY); \
+		return; \
+	} \
+	req->io_ptr = ptr; \
+} while (0)
+
+#define SMB2SRV_SETUP_NTVFS_REQUEST(send_fn, state) do { \
+	req->ntvfs = ntvfs_request_create(req->tcon->ntvfs, req, \
+					  req->session->session_info,\
+					  0, \
+					  req->request_time, \
+					  req, send_fn, state); \
+	if (!req->ntvfs) { \
+		smb2srv_send_error(req, NT_STATUS_NO_MEMORY); \
+		return; \
+	} \
+	(void)talloc_steal(req->tcon->ntvfs, req); \
+	req->ntvfs->frontend_data.private_data = req; \
+} while (0)
+
+#define SMB2SRV_CHECK_FILE_HANDLE(handle) do { \
+	if (!handle) { \
+		smb2srv_send_error(req, NT_STATUS_FILE_CLOSED); \
+		return; \
+	} \
+} while (0)
+
+/* 
+   check if the backend wants to handle the request asynchronously.
+   if it wants it handled synchronously then call the send function
+   immediately
+*/
+#define SMB2SRV_CALL_NTVFS_BACKEND(cmd) do { \
+	req->ntvfs->async_states->status = cmd; \
+	if (req->ntvfs->async_states->state & NTVFS_ASYNC_STATE_ASYNC) { \
+		NTSTATUS _status; \
+		_status = smb2srv_queue_pending(req); \
+		if (!NT_STATUS_IS_OK(_status)) { \
+			ntvfs_cancel(req->ntvfs); \
+		} \
+	} else { \
+		req->ntvfs->async_states->send_fn(req->ntvfs); \
+	} \
+} while (0)
+
+/* check req->ntvfs->async_states->status and if not OK then send an error reply */
+#define SMB2SRV_CHECK_ASYNC_STATUS_ERR_SIMPLE do { \
+	req = talloc_get_type(ntvfs->async_states->private_data, struct smb2srv_request); \
+	if (ntvfs->async_states->state & NTVFS_ASYNC_STATE_CLOSE || NT_STATUS_EQUAL(ntvfs->async_states->status, NT_STATUS_NET_WRITE_FAULT)) { \
+		smbsrv_terminate_connection(req->smb_conn, get_friendly_nt_error_msg (ntvfs->async_states->status)); \
+		talloc_free(req); \
+		return; \
+	} \
+	req->status = ntvfs->async_states->status; \
+	if (NT_STATUS_IS_ERR(ntvfs->async_states->status)) { \
+		smb2srv_send_error(req, ntvfs->async_states->status); \
+		return; \
+	} \
+} while (0)
+#define SMB2SRV_CHECK_ASYNC_STATUS_ERR(ptr, type) do { \
+	SMB2SRV_CHECK_ASYNC_STATUS_ERR_SIMPLE; \
+	ptr = talloc_get_type(req->io_ptr, type); \
+} while (0)
+#define SMB2SRV_CHECK_ASYNC_STATUS_SIMPLE do { \
+	req = talloc_get_type(ntvfs->async_states->private_data, struct smb2srv_request); \
+	if (ntvfs->async_states->state & NTVFS_ASYNC_STATE_CLOSE || NT_STATUS_EQUAL(ntvfs->async_states->status, NT_STATUS_NET_WRITE_FAULT)) { \
+		smbsrv_terminate_connection(req->smb_conn, get_friendly_nt_error_msg (ntvfs->async_states->status)); \
+		talloc_free(req); \
+		return; \
+	} \
+	req->status = ntvfs->async_states->status; \
+	if (!NT_STATUS_IS_OK(ntvfs->async_states->status)) { \
+		smb2srv_send_error(req, ntvfs->async_states->status); \
+		return; \
+	} \
+} while (0)
+#define SMB2SRV_CHECK_ASYNC_STATUS(ptr, type) do { \
+	SMB2SRV_CHECK_ASYNC_STATUS_SIMPLE; \
+	ptr = talloc_get_type(req->io_ptr, type); \
+} while (0)
diff --git a/source4/smb_server/smb2/tcon.c b/source4/smb_server/smb2/tcon.c
new file mode 100644
index 0000000..0c56420
--- /dev/null
+++ b/source4/smb_server/smb2/tcon.c
@@ -0,0 +1,446 @@
+/* 
+   Unix SMB2 implementation.
+   
+   Copyright (C) Stefan Metzmacher	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "smb_server/smb_server.h"
+#include "smb_server/smb2/smb2_server.h"
+#include "samba/service_stream.h"
+#include "ntvfs/ntvfs.h"
+
+/*
+  send an oplock break request to a client
+*/
+static NTSTATUS smb2srv_send_oplock_break(void *p, struct ntvfs_handle *h, uint8_t level)
+{
+	struct smbsrv_handle *handle = talloc_get_type(h->frontend_data.private_data,
+						       struct smbsrv_handle);
+	struct smb2srv_request *req;
+	NTSTATUS status;
+
+	/* setup a dummy request structure */
+	req = smb2srv_init_request(handle->tcon->smb_conn);
+	NT_STATUS_HAVE_NO_MEMORY(req);
+
+	req->in.buffer		= talloc_array(req, uint8_t, 
+					       NBT_HDR_SIZE + SMB2_MIN_SIZE);
+	NT_STATUS_HAVE_NO_MEMORY(req->in.buffer);
+	req->in.size		= NBT_HDR_SIZE + SMB2_MIN_SIZE;
+	req->in.allocated	= req->in.size;
+
+	req->in.hdr		= req->in.buffer+ NBT_HDR_SIZE;
+	req->in.body		= req->in.hdr	+ SMB2_HDR_BODY;
+	req->in.body_size	= req->in.size	- (SMB2_HDR_BODY+NBT_HDR_SIZE);
+	req->in.dynamic 	= NULL;
+
+	req->seqnum		= UINT64_MAX;
+
+	smb2srv_setup_bufinfo(req);
+
+	SIVAL(req->in.hdr, 0,				SMB2_MAGIC);
+	SSVAL(req->in.hdr, SMB2_HDR_LENGTH,		SMB2_HDR_BODY);
+	SSVAL(req->in.hdr, SMB2_HDR_EPOCH,		0);
+	SIVAL(req->in.hdr, SMB2_HDR_STATUS,		0);
+	SSVAL(req->in.hdr, SMB2_HDR_OPCODE,		SMB2_OP_BREAK);
+	SSVAL(req->in.hdr, SMB2_HDR_CREDIT,		0);
+	SIVAL(req->in.hdr, SMB2_HDR_FLAGS,		0);
+	SIVAL(req->in.hdr, SMB2_HDR_NEXT_COMMAND,	0);
+	SBVAL(req->in.hdr, SMB2_HDR_MESSAGE_ID,		0);
+	SIVAL(req->in.hdr, SMB2_HDR_PID,		0);
+	SIVAL(req->in.hdr, SMB2_HDR_TID,		0);
+	SBVAL(req->in.hdr, SMB2_HDR_SESSION_ID,		0);
+	memset(req->in.hdr+SMB2_HDR_SIGNATURE, 0, 16);
+
+	SSVAL(req->in.body, 0, 2);
+
+	status = smb2srv_setup_reply(req, 0x18, false, 0);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	SSVAL(req->out.hdr, SMB2_HDR_CREDIT,	0x0000);
+
+	SSVAL(req->out.body, 0x02, 0x0001);
+	SIVAL(req->out.body, 0x04, 0x00000000);
+	smb2srv_push_handle(req->out.body, 0x08, h);
+
+	smb2srv_send_reply(req);
+
+	return NT_STATUS_OK;
+}
+
+struct ntvfs_handle *smb2srv_pull_handle(struct smb2srv_request *req, const uint8_t *base, unsigned int offset)
+{
+	struct smbsrv_tcon *tcon;
+	struct smbsrv_handle *handle;
+	uint32_t hid;
+	uint32_t tid;
+	uint64_t uid;
+
+	/*
+	 * if there're chained requests used the cached handle
+	 *
+	 * TODO: check if this also correct when the given handle
+	 *       isn't all 0xFF.
+	 */
+	if (req->chained_file_handle) {
+		base = req->chained_file_handle;
+		offset = 0;
+	}
+
+	hid = IVAL(base, offset);
+	tid = IVAL(base, offset + 4);
+	uid = BVAL(base, offset + 8);
+
+	/* if it's the wildcard handle, don't waste time to search it... */
+	if (hid == UINT32_MAX && tid == UINT32_MAX && uid == UINT64_MAX) {
+		return NULL;
+	}
+
+	/*
+	 * if the (v)uid part doesn't match the given session the handle isn't
+	 * valid
+	 */
+	if (uid != req->session->vuid) {
+		return NULL;
+	}
+
+	/*
+	 * the handle can belong to a different tcon
+	 * as that TID in the SMB2 header says, but
+	 * the request should succeed nevertheless!
+	 *
+	 * because of this we put the 32 bit TID into the
+	 * 128 bit handle, so that we can extract the tcon from the
+	 * handle
+	 */
+	tcon = req->tcon;
+	if (tid != req->tcon->tid) {
+		tcon = smbsrv_smb2_tcon_find(req->session, tid, req->request_time);
+		if (!tcon) {
+			return NULL;
+		}
+	}
+
+	handle = smbsrv_smb2_handle_find(tcon, hid, req->request_time);
+	if (!handle) {
+		return NULL;
+	}
+
+	/*
+	 * as the smb2srv_tcon is a child object of the smb2srv_session
+	 * the handle belongs to the correct session!
+	 *
+	 * Note: no check is needed here for SMB2
+	 */
+
+	/*
+	 * as the handle may have overwritten the tcon
+	 * we need to set it on the request so that the
+	 * correct ntvfs context will be used for the ntvfs_*() request
+	 *
+	 * TODO: check if that's correct for chained requests as well!
+	 */
+	req->tcon = tcon;
+	return handle->ntvfs;
+}
+
+void smb2srv_push_handle(uint8_t *base, unsigned int offset, struct ntvfs_handle *ntvfs)
+{
+	struct smbsrv_handle *handle = talloc_get_type(ntvfs->frontend_data.private_data,
+				       struct smbsrv_handle);
+
+	/* 
+	 * the handle is 128 bit on the wire
+	 */
+	SIVAL(base, offset,	handle->hid);
+	SIVAL(base, offset + 4,	handle->tcon->tid);
+	SBVAL(base, offset + 8,	handle->session->vuid);
+}
+
+static NTSTATUS smb2srv_handle_create_new(void *private_data, struct ntvfs_request *ntvfs, struct ntvfs_handle **_h)
+{
+	struct smb2srv_request *req = talloc_get_type(ntvfs->frontend_data.private_data,
+				      struct smb2srv_request);
+	struct smbsrv_handle *handle;
+	struct ntvfs_handle *h;
+
+	handle = smbsrv_handle_new(req->session, req->tcon, req, req->request_time);
+	if (!handle) return NT_STATUS_INSUFFICIENT_RESOURCES;
+
+	h = talloc_zero(handle, struct ntvfs_handle);
+	if (!h) goto nomem;
+
+	/* 
+	 * note: we don't set handle->ntvfs yet,
+	 *       this will be done by smbsrv_handle_make_valid()
+	 *       this makes sure the handle is invalid for clients
+	 *       until the ntvfs subsystem has made it valid
+	 */
+	h->ctx		= ntvfs->ctx;
+	h->session_info	= ntvfs->session_info;
+	h->smbpid	= ntvfs->smbpid;
+
+	h->frontend_data.private_data = handle;
+
+	*_h = h;
+	return NT_STATUS_OK;
+nomem:
+	talloc_free(handle);
+	return NT_STATUS_NO_MEMORY;
+}
+
+static NTSTATUS smb2srv_handle_make_valid(void *private_data, struct ntvfs_handle *h)
+{
+	struct smbsrv_tcon *tcon = talloc_get_type(private_data, struct smbsrv_tcon);
+	struct smbsrv_handle *handle = talloc_get_type(h->frontend_data.private_data,
+						       struct smbsrv_handle);
+	/* this tells the frontend that the handle is valid */
+	handle->ntvfs = h;
+	/* this moves the smbsrv_request to the smbsrv_tcon memory context */
+	talloc_steal(tcon, handle);
+	return NT_STATUS_OK;
+}
+
+static void smb2srv_handle_destroy(void *private_data, struct ntvfs_handle *h)
+{
+	struct smbsrv_handle *handle = talloc_get_type(h->frontend_data.private_data,
+						       struct smbsrv_handle);
+	talloc_free(handle);
+}
+
+static struct ntvfs_handle *smb2srv_handle_search_by_wire_key(void *private_data, struct ntvfs_request *ntvfs, const DATA_BLOB *key)
+{
+	return NULL;
+}
+
+static DATA_BLOB smb2srv_handle_get_wire_key(void *private_data, struct ntvfs_handle *handle, TALLOC_CTX *mem_ctx)
+{
+	return data_blob(NULL, 0);
+}
+
+static NTSTATUS smb2srv_tcon_backend(struct smb2srv_request *req, union smb_tcon *io)
+{
+	struct smbsrv_tcon *tcon;
+	NTSTATUS status;
+	enum ntvfs_type type;
+	const char *service = io->smb2.in.path;
+	struct share_config *scfg;
+	char *sharetype;
+	uint64_t ntvfs_caps = 0;
+
+	if (strncmp(service, "\\\\", 2) == 0) {
+		const char *p = strchr(service+2, '\\');
+		if (p) {
+			service = p + 1;
+		}
+	}
+
+	status = share_get_config(req, req->smb_conn->share_context, service, &scfg);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("smb2srv_tcon_backend: couldn't find service %s\n", service));
+		return NT_STATUS_BAD_NETWORK_NAME;
+	}
+
+	if (!socket_check_access(req->smb_conn->connection->socket, 
+				 scfg->name, 
+				 share_string_list_option(req, scfg, SHARE_HOSTS_ALLOW), 
+				 share_string_list_option(req, scfg, SHARE_HOSTS_DENY))) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	/* work out what sort of connection this is */
+	sharetype = share_string_option(req, scfg, SHARE_TYPE, "DISK");
+	if (sharetype && strcmp(sharetype, "IPC") == 0) {
+		type = NTVFS_IPC;
+	} else if (sharetype && strcmp(sharetype, "PRINTER") == 0) {
+		type = NTVFS_PRINT;
+	} else {
+		type = NTVFS_DISK;
+	}
+	TALLOC_FREE(sharetype);
+
+	tcon = smbsrv_smb2_tcon_new(req->session, scfg->name);
+	if (!tcon) {
+		DEBUG(0,("smb2srv_tcon_backend: Couldn't find free connection.\n"));
+		return NT_STATUS_INSUFFICIENT_RESOURCES;
+	}
+	req->tcon = tcon;
+
+	ntvfs_caps = NTVFS_CLIENT_CAP_LEVEL_II_OPLOCKS;
+
+	/* init ntvfs function pointers */
+	status = ntvfs_init_connection(tcon, scfg, type,
+				       req->smb_conn->negotiate.protocol,
+				       ntvfs_caps,
+				       req->smb_conn->connection->event.ctx,
+				       req->smb_conn->connection->msg_ctx,
+				       req->smb_conn->lp_ctx,
+				       req->smb_conn->connection->server_id,
+				       &tcon->ntvfs);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("smb2srv_tcon_backend: ntvfs_init_connection failed for service %s\n", 
+			  scfg->name));
+		goto failed;
+	}
+
+	status = ntvfs_set_oplock_handler(tcon->ntvfs, smb2srv_send_oplock_break, tcon);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("smb2srv_tcon_backend: NTVFS failed to set the oplock handler!\n"));
+		goto failed;
+	}
+
+	status = ntvfs_set_addresses(tcon->ntvfs,
+				     req->smb_conn->connection->local_address,
+				     req->smb_conn->connection->remote_address);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("smb2srv_tcon_backend: NTVFS failed to set the address!\n"));
+		goto failed;
+	}
+
+	status = ntvfs_set_handle_callbacks(tcon->ntvfs,
+					    smb2srv_handle_create_new,
+					    smb2srv_handle_make_valid,
+					    smb2srv_handle_destroy,
+					    smb2srv_handle_search_by_wire_key,
+					    smb2srv_handle_get_wire_key,
+					    tcon);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("smb2srv_tcon_backend: NTVFS failed to set the handle callbacks!\n"));
+		goto failed;
+	}
+
+	req->ntvfs = ntvfs_request_create(req->tcon->ntvfs, req,
+					  req->session->session_info,
+					  SVAL(req->in.hdr, SMB2_HDR_PID),
+					  req->request_time,
+					  req, NULL, 0);
+	if (!req->ntvfs) {
+		status = NT_STATUS_NO_MEMORY;
+		goto failed;
+	}
+
+	io->smb2.out.share_type	  = (unsigned)type; /* 1 - DISK, 2 - Print, 3 - IPC */
+	io->smb2.out.reserved	  = 0;
+	io->smb2.out.flags	  = 0x00000000;
+	io->smb2.out.capabilities = 0;
+	io->smb2.out.access_mask  = SEC_RIGHTS_FILE_ALL;
+
+	io->smb2.out.tid	= tcon->tid;
+
+	/* Invoke NTVFS connection hook */
+	status = ntvfs_connect(req->ntvfs, io);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("smb2srv_tcon_backend: NTVFS ntvfs_connect() failed: %s!\n", nt_errstr(status)));
+		goto failed;
+	}
+
+	return NT_STATUS_OK;
+
+failed:
+	req->tcon = NULL;
+	talloc_free(tcon);
+	return status;
+}
+
+static void smb2srv_tcon_send(struct smb2srv_request *req, union smb_tcon *io)
+{
+	if (!NT_STATUS_IS_OK(req->status)) {
+		smb2srv_send_error(req, req->status);
+		return;
+	}
+
+	SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x10, false, 0));
+
+	SIVAL(req->out.hdr,	SMB2_HDR_TID,	io->smb2.out.tid);
+
+	SCVAL(req->out.body,	0x02,		io->smb2.out.share_type);
+	SCVAL(req->out.body,	0x03,		io->smb2.out.reserved);
+	SIVAL(req->out.body,	0x04,		io->smb2.out.flags);
+	SIVAL(req->out.body,	0x08,		io->smb2.out.capabilities);
+	SIVAL(req->out.body,	0x0C,		io->smb2.out.access_mask);
+
+	smb2srv_send_reply(req);
+}
+
+void smb2srv_tcon_recv(struct smb2srv_request *req)
+{
+	union smb_tcon *io;
+
+	SMB2SRV_CHECK_BODY_SIZE(req, 0x08, true);
+	SMB2SRV_TALLOC_IO_PTR(io, union smb_tcon);
+
+	io->smb2.level		= RAW_TCON_SMB2;
+	io->smb2.in.reserved	= SVAL(req->in.body, 0x02);
+	SMB2SRV_CHECK(smb2_pull_o16s16_string(&req->in, io, req->in.body+0x04, &io->smb2.in.path));
+
+	/* the VFS backend does not yet handle NULL paths */
+	if (io->smb2.in.path == NULL) {
+		io->smb2.in.path = "";
+	}
+
+	req->status = smb2srv_tcon_backend(req, io);
+
+	if (req->control_flags & SMB2SRV_REQ_CTRL_FLAG_NOT_REPLY) {
+		talloc_free(req);
+		return;
+	}
+	smb2srv_tcon_send(req, io);
+}
+
+static NTSTATUS smb2srv_tdis_backend(struct smb2srv_request *req)
+{
+	/* TODO: call ntvfs backends to close file of this tcon */
+	talloc_free(req->tcon);
+	req->tcon = NULL;
+	return NT_STATUS_OK;
+}
+
+static void smb2srv_tdis_send(struct smb2srv_request *req)
+{
+	NTSTATUS status;
+
+	if (NT_STATUS_IS_ERR(req->status)) {
+		smb2srv_send_error(req, req->status);
+		return;
+	}
+
+	status = smb2srv_setup_reply(req, 0x04, false, 0);
+	if (!NT_STATUS_IS_OK(status)) {
+		smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
+		talloc_free(req);
+		return;
+	}
+
+	SSVAL(req->out.body, 0x02, 0);
+
+	smb2srv_send_reply(req);
+}
+
+void smb2srv_tdis_recv(struct smb2srv_request *req)
+{
+	SMB2SRV_CHECK_BODY_SIZE(req, 0x04, false);
+
+	req->status = smb2srv_tdis_backend(req);
+
+	if (req->control_flags & SMB2SRV_REQ_CTRL_FLAG_NOT_REPLY) {
+		talloc_free(req);
+		return;
+	}
+	smb2srv_tdis_send(req);
+}
diff --git a/source4/smb_server/smb2/wscript_build b/source4/smb_server/smb2/wscript_build
new file mode 100644
index 0000000..7866ee9
--- /dev/null
+++ b/source4/smb_server/smb2/wscript_build
@@ -0,0 +1,9 @@
+#!/usr/bin/env python
+
+bld.SAMBA_SUBSYSTEM('SMB2_PROTOCOL',
+	source='receive.c negprot.c sesssetup.c tcon.c fileio.c fileinfo.c find.c keepalive.c',
+	autoproto='smb2_proto.h',
+	public_deps='ntvfs LIBPACKET LIBCLI_SMB2 samba_server_gensec NDR_DFSBLOBS',
+	enabled=bld.CONFIG_SET('WITH_NTVFS_FILESERVER')
+	)
+
diff --git a/source4/smb_server/smb_server.c b/source4/smb_server/smb_server.c
new file mode 100644
index 0000000..c45df70
--- /dev/null
+++ b/source4/smb_server/smb_server.c
@@ -0,0 +1,203 @@
+/* 
+   Unix SMB/CIFS implementation.
+   process incoming packets - main loop
+   Copyright (C) Andrew Tridgell	2004-2005
+   Copyright (C) Stefan Metzmacher	2004-2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "samba/service_task.h"
+#include "samba/service_stream.h"
+#include "samba/service.h"
+#include "smb_server/smb_server.h"
+#include "smb_server/service_smb_proto.h"
+#include "lib/messaging/irpc.h"
+#include "lib/stream/packet.h"
+#include "libcli/smb2/smb2.h"
+#include "smb_server/smb2/smb2_server.h"
+#include "system/network.h"
+#include "lib/socket/netif.h"
+#include "param/share.h"
+#include "dsdb/samdb/samdb.h"
+#include "param/param.h"
+
+static NTSTATUS smbsrv_recv_generic_request(void *private_data, DATA_BLOB blob)
+{
+	NTSTATUS status;
+	struct smbsrv_connection *smb_conn = talloc_get_type(private_data, struct smbsrv_connection);
+	uint32_t protocol_version;
+
+	/* see if its a special NBT packet */
+	if (CVAL(blob.data,0) != 0) {
+		status = smbsrv_init_smb_connection(smb_conn, smb_conn->lp_ctx);
+		NT_STATUS_NOT_OK_RETURN(status);
+		return smbsrv_recv_smb_request(smb_conn, blob);
+	}
+
+	if (blob.length < (NBT_HDR_SIZE + MIN_SMB_SIZE)) {
+		DEBUG(2,("Invalid SMB packet length count %ld\n", (long)blob.length));
+		smbsrv_terminate_connection(smb_conn, "Invalid SMB packet");
+		return NT_STATUS_OK;
+	}
+
+	protocol_version = IVAL(blob.data, NBT_HDR_SIZE);
+
+	switch (protocol_version) {
+	case SMB_MAGIC:
+		status = smbsrv_init_smb_connection(smb_conn, smb_conn->lp_ctx);
+		NT_STATUS_NOT_OK_RETURN(status);
+		packet_set_callback(smb_conn->packet, smbsrv_recv_smb_request);
+		return smbsrv_recv_smb_request(smb_conn, blob);
+	case SMB2_MAGIC:
+		if (lpcfg_server_max_protocol(smb_conn->lp_ctx) < PROTOCOL_SMB2_02) break;
+		status = smbsrv_init_smb2_connection(smb_conn);
+		NT_STATUS_NOT_OK_RETURN(status);
+		packet_set_callback(smb_conn->packet, smbsrv_recv_smb2_request);
+		return smbsrv_recv_smb2_request(smb_conn, blob);
+	}
+
+	DEBUG(2,("Invalid SMB packet: protocol prefix: 0x%08X\n", protocol_version));
+	smbsrv_terminate_connection(smb_conn, "NON-SMB packet");
+	return NT_STATUS_OK;
+}
+
+/*
+  close the socket and shutdown a server_context
+*/
+void smbsrv_terminate_connection(struct smbsrv_connection *smb_conn, const char *reason)
+{
+	stream_terminate_connection(smb_conn->connection, reason);
+}
+
+/*
+  called when a SMB socket becomes readable
+*/
+static void smbsrv_recv(struct stream_connection *conn, uint16_t flags)
+{
+	struct smbsrv_connection *smb_conn = talloc_get_type(conn->private_data,
+							     struct smbsrv_connection);
+
+	DEBUG(10,("smbsrv_recv\n"));
+
+	packet_recv(smb_conn->packet);
+}
+
+/*
+  called when a SMB socket becomes writable
+*/
+static void smbsrv_send(struct stream_connection *conn, uint16_t flags)
+{
+	struct smbsrv_connection *smb_conn = talloc_get_type(conn->private_data,
+							     struct smbsrv_connection);
+	packet_queue_run(smb_conn->packet);
+}
+
+/*
+  handle socket recv errors
+*/
+static void smbsrv_recv_error(void *private_data, NTSTATUS status)
+{
+	struct smbsrv_connection *smb_conn = talloc_get_type(private_data, struct smbsrv_connection);
+	
+	smbsrv_terminate_connection(smb_conn, nt_errstr(status));
+}
+
+/*
+  initialise a server_context from a open socket and register a event handler
+  for reading from that socket
+*/
+static void smbsrv_accept(struct stream_connection *conn)
+{
+	struct smbsrv_connection *smb_conn;
+
+	DEBUG(5,("smbsrv_accept\n"));
+
+	smb_conn = talloc_zero(conn, struct smbsrv_connection);
+	if (!smb_conn) {
+		stream_terminate_connection(conn, "out of memory");
+		return;
+	}
+
+	smb_conn->packet = packet_init(smb_conn);
+	if (!smb_conn->packet) {
+		smbsrv_terminate_connection(smb_conn, "out of memory");
+		return;
+	}
+	packet_set_private(smb_conn->packet, smb_conn);
+	packet_set_socket(smb_conn->packet, conn->socket);
+	packet_set_callback(smb_conn->packet, smbsrv_recv_generic_request);
+	packet_set_full_request(smb_conn->packet, packet_full_request_nbt);
+	packet_set_error_handler(smb_conn->packet, smbsrv_recv_error);
+	packet_set_event_context(smb_conn->packet, conn->event.ctx);
+	packet_set_fde(smb_conn->packet, conn->event.fde);
+	packet_set_serialise(smb_conn->packet);
+	packet_set_initial_read(smb_conn->packet, 4);
+
+	smb_conn->lp_ctx = conn->lp_ctx;
+	smb_conn->connection = conn;
+	conn->private_data = smb_conn;
+
+	smb_conn->statistics.connect_time = timeval_current();
+
+	smbsrv_management_init(smb_conn);
+
+	irpc_add_name(conn->msg_ctx, "smb_server");
+
+	if (!NT_STATUS_IS_OK(share_get_context(smb_conn,
+					       smb_conn->lp_ctx,
+					       &(smb_conn->share_context)))) {
+		smbsrv_terminate_connection(smb_conn, "share_init failed!");
+		return;
+	}
+}
+
+static const struct stream_server_ops smb_stream_ops = {
+	.name			= "smbsrv",
+	.accept_connection	= smbsrv_accept,
+	.recv_handler		= smbsrv_recv,
+	.send_handler		= smbsrv_send,
+};
+
+/*
+  setup a listening socket on all the SMB ports for a particular address
+*/
+_PUBLIC_ NTSTATUS smbsrv_add_socket(TALLOC_CTX *mem_ctx,
+				    struct tevent_context *event_context,
+				    struct loadparm_context *lp_ctx,
+				    const struct model_ops *model_ops,
+				    const char *address,
+				    void *process_context)
+{
+	const char **ports = lpcfg_smb_ports(lp_ctx);
+	int i;
+	NTSTATUS status;
+
+	for (i=0;ports[i];i++) {
+		uint16_t port = atoi(ports[i]);
+		if (port == 0) continue;
+		status = stream_setup_socket(mem_ctx, event_context, lp_ctx,
+					     model_ops, &smb_stream_ops, 
+					     "ip", address, &port,
+					     lpcfg_socket_options(lp_ctx),
+					     NULL, process_context);
+		NT_STATUS_NOT_OK_RETURN(status);
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+
diff --git a/source4/smb_server/smb_server.h b/source4/smb_server/smb_server.h
new file mode 100644
index 0000000..be99ad6
--- /dev/null
+++ b/source4/smb_server/smb_server.h
@@ -0,0 +1,522 @@
+/* 
+   Unix SMB/CIFS implementation.
+   
+   Copyright (C) Andrew Tridgell              2003
+   Copyright (C) James J Myers 		      2003 <myersjj@samba.org>
+   Copyright (C) Stefan Metzmacher            2004-2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "libcli/raw/request.h"
+#include "libcli/raw/interfaces.h"
+#include "lib/socket/socket.h"
+#include "libds/common/roles.h"
+#include "../lib/util/dlinklist.h"
+#include "../librpc/gen_ndr/nbt.h"
+
+struct tevent_context;
+
+/*
+  this header declares the core context structures associated with smb
+  sockets, tree connects, requests etc
+
+  the idea is that we will eventually get rid of all our global
+  variables and instead store our state from structures hanging off
+  these basic elements
+*/
+
+struct smbsrv_tcons_context {
+	/* an id tree used to allocate tids */
+	struct idr_context *idtree_tid;
+
+	/* this is the limit of vuid values for this connection */
+	uint32_t idtree_limit;
+
+	/* list of open tree connects */
+	struct smbsrv_tcon *list;
+};
+
+struct smbsrv_sessions_context {
+	/* an id tree used to allocate vuids */
+	/* this holds info on session vuids that are already
+	 * validated for this VC */
+	struct idr_context *idtree_vuid;
+
+	/* this is the limit of vuid values for this connection */
+	uint64_t idtree_limit;
+
+	/* also kept as a link list so it can be enumerated by
+	   the management code */
+	struct smbsrv_session *list;
+};
+
+struct smbsrv_handles_context {
+	/* an id tree used to allocate file handles */
+	struct idr_context *idtree_hid;
+
+	/* this is the limit of handle values for this context */
+	uint64_t idtree_limit;
+
+	/* also kept as a link list so it can be enumerated by
+	   the management code */
+	struct smbsrv_handle *list;
+};
+
+/* the current user context for a request */
+struct smbsrv_session {
+	struct smbsrv_session *prev, *next;
+
+	struct smbsrv_connection *smb_conn;
+
+	/*
+	 * in SMB2 tcons belong to just one session
+	 * and not to the whole connection
+	 */
+	struct smbsrv_tcons_context smb2_tcons;
+
+	/*
+	 * the open file handles for this session,
+	 * used for SMBexit, SMBulogoff and SMB2 SessionLogoff
+	 */
+	struct smbsrv_handle_session_item *handles;
+
+	/* 
+	 * an index passed over the wire:
+	 * - 16 bit for smb
+	 * - 64 bit for smb2
+	 */
+	uint64_t vuid;
+
+	struct gensec_security *gensec_ctx;
+
+	struct auth_session_info *session_info;
+
+	struct {
+		bool required;
+		bool active;
+	} smb2_signing;
+
+	/* some statistics for the management tools */
+	struct {
+		/* the time when the session setup started */
+		struct timeval connect_time;
+		/* the time when the session setup was finished */
+		struct timeval auth_time;
+		/* the time when the last request comes in */
+		struct timeval last_request_time;
+	} statistics;
+};
+
+/* we need a forward declaration of the ntvfs_ops structure to prevent
+   include recursion */
+struct ntvfs_context;
+
+struct smbsrv_tcon {
+	struct smbsrv_tcon *next, *prev;
+
+	/* the server context that this was created on */
+	struct smbsrv_connection *smb_conn;
+
+	/* the open file handles on this tcon */
+	struct smbsrv_handles_context handles;
+
+	/* 
+	 * an index passed over the wire:
+	 * - 16 bit for smb
+	 * - 32 bit for smb2
+	 */
+	uint32_t tid; /* an index passed over the wire (the TID) */
+
+	/* the share name */
+	const char *share_name;
+
+	/* the NTVFS context - see source/ntvfs/ for details */
+	struct ntvfs_context *ntvfs;
+
+	/* some stuff to support share level security */
+	struct {
+		/* in share level security we need to fake up a session */
+		struct smbsrv_session *session;
+	} sec_share;
+
+	/* some stuff to support share level security */
+	struct {
+		/* in SMB2 a tcon always belongs to one session */
+		struct smbsrv_session *session;
+	} smb2;
+
+	/* some statistics for the management tools */
+	struct {
+		/* the time when the tree connect started */
+		struct timeval connect_time;
+		/* the time when the last request comes in */
+		struct timeval last_request_time;
+	} statistics;
+};
+
+struct smbsrv_handle {
+	struct smbsrv_handle *next, *prev;
+
+	/* the tcon the handle belongs to */
+	struct smbsrv_tcon *tcon;
+
+	/* the session the handle was opened on */
+	struct smbsrv_session *session;
+
+	/* the smbpid used on the open, used for SMBexit */
+	uint16_t smbpid;
+
+	/*
+	 * this is for adding the handle into a linked list
+	 * on the smbsrv_session, we can't use *next,*prev
+	 * for this because they're used for the linked list on the 
+	 * smbsrv_tcon
+	 */
+	struct smbsrv_handle_session_item {
+		struct smbsrv_handle_session_item *prev, *next;
+		struct smbsrv_handle *handle;
+	} session_item;
+
+	/*
+	 * the value passed over the wire
+	 * - 16 bit for smb
+	 * - 32 bit for smb2
+	 *   Note: for SMB2 handles are 128 bit
+	 *         we'll fill them with
+	 *	   - 32 bit HID
+	 *         - 32 bit TID
+	 *	   - 64 bit VUID
+	 */
+	uint32_t hid;
+
+	/*
+	 * the ntvfs handle passed to the ntvfs backend
+	 */
+	struct ntvfs_handle *ntvfs;
+
+	/* some statistics for the management tools */
+	struct {
+		/* the time when the tree connect started */
+		struct timeval open_time;
+		/* the time when the last request comes in */
+		struct timeval last_use_time;
+	} statistics;
+};
+
+/* a set of flags to control handling of request structures */
+#define SMBSRV_REQ_CONTROL_LARGE     (1<<1) /* allow replies larger than max_xmit */
+
+#define SMBSRV_REQ_DEFAULT_STR_FLAGS(req) (((req)->flags2 & FLAGS2_UNICODE_STRINGS) ? STR_UNICODE : STR_ASCII)
+
+/* the context for a single SMB request. This is passed to any request-context 
+   functions */
+struct smbsrv_request {
+	/* the smbsrv_connection needs a list of requests queued for send */
+	struct smbsrv_request *next, *prev;
+
+	/* the server_context contains all context specific to this SMB socket */
+	struct smbsrv_connection *smb_conn;
+
+	/* conn is only set for operations that have a valid TID */
+	struct smbsrv_tcon *tcon;
+
+	/* the session context is derived from the vuid */
+	struct smbsrv_session *session;
+
+	/* a set of flags to control usage of the request. See SMBSRV_REQ_CONTROL_* */
+	uint32_t control_flags;
+
+	/* the system time when the request arrived */
+	struct timeval request_time;
+
+	/* a pointer to the per request union smb_* io structure */
+	void *io_ptr;
+
+	/* the ntvfs_request */
+	struct ntvfs_request *ntvfs;
+
+	/* Now the SMB specific stuff */
+
+	/* the flags from the SMB request, in raw form (host byte order) */
+	uint16_t flags2;
+
+	/* this can contain a fnum from an earlier part of a chained
+	 * message (such as an SMBOpenX), or -1 */
+	int chained_fnum;
+
+	/* how far through the chain of SMB commands have we gone? */
+	unsigned chain_count;
+
+	/* the sequence number for signing */
+	uint64_t seq_num;
+
+	struct smb_request_buffer in;
+	struct smb_request_buffer out;
+};
+
+/* smb server context structure. This should contain all the state
+ * information associated with a SMB server connection 
+ */
+struct smbsrv_connection {
+	/* context that has been negotiated between the client and server */
+	struct {
+		/* have we already done the NBT session establishment? */
+		bool done_nbt_session;
+	
+		/* only one negprot per connection is allowed */
+		bool done_negprot;
+	
+		/* multiple session setups are allowed, but some parameters are
+		   ignored in any but the first */
+		bool done_sesssetup;
+		
+		/* 
+		 * Size of data we can send to client. Set
+		 *  by the client for all protocols above CORE.
+		 *  Set by us for CORE protocol.
+		 */
+		unsigned max_send; /* init to BUFFER_SIZE */
+	
+		/*
+		 * Size of the data we can receive. Set by us.
+		 * Can be modified by the max xmit parameter.
+		 */
+		unsigned max_recv; /* init to BUFFER_SIZE */
+	
+		/* the negotiatiated protocol */
+		enum protocol_types protocol;
+
+		/* authentication context for multi-part negprot */
+		struct auth4_context *auth_context;
+	
+		/* reference to the kerberos keytab, or machine trust account */
+		struct cli_credentials *server_credentials;
+	
+		/* did we tell the client we support encrypted passwords? */
+		bool encrypted_passwords;
+	
+		/* Did we choose SPNEGO, or perhaps raw NTLMSSP, or even no extended security at all? */
+		const char *oid;
+	
+		/* client capabilities */
+		uint32_t client_caps;
+	
+		/* the timezone we sent to the client */
+		int zone_offset;
+
+		/* NBT names only set when done_nbt_session is true */
+		struct nbt_name *called_name;
+		struct nbt_name *calling_name;
+	} negotiate;
+
+	/* the context associated with open tree connects on a smb socket, not for SMB2 */
+	struct smbsrv_tcons_context smb_tcons;
+
+	/* context associated with currently valid session setups */
+	struct smbsrv_sessions_context sessions;
+
+	/*
+	 * the server_context holds a linked list of pending requests,
+	 * this is used for finding the request structures on ntcancel requests
+	 * For SMB only
+	 */
+	struct smbsrv_request *requests;
+
+	/*
+	 * the server_context holds a linked list of pending requests,
+	 * and an idtree for finding the request structures on SMB2 Cancel
+	 * For SMB2 only
+	 */
+	struct {
+		/* an id tree used to allocate ids */
+		struct idr_context *idtree_req;
+
+		/* this is the limit of pending requests values for this connection */
+		uint32_t idtree_limit;
+
+		/* list of open tree connects */
+		struct smb2srv_request *list;
+	} requests2;
+
+	struct smb_signing_context signing;
+
+	struct stream_connection *connection;
+
+	/* this holds a partially received request */
+	struct packet_context *packet;
+
+	/* a list of partially received transaction requests */
+	struct smbsrv_trans_partial {
+		struct smbsrv_trans_partial *next, *prev;
+		struct smbsrv_request *req;
+		uint8_t command;
+		union {
+			struct smb_trans2 *trans;
+			struct smb_nttrans *nttrans;
+		} u;
+	} *trans_partial;
+
+	/* configuration parameters */
+	struct {
+		bool nt_status_support;
+	} config;
+
+	/* some statistics for the management tools */
+	struct {
+		/* the time when the client connects */
+		struct timeval connect_time;
+		/* the time when the last request comes in */
+		struct timeval last_request_time;
+	} statistics;
+
+	struct share_context *share_context;
+
+	struct loadparm_context *lp_ctx;
+
+	bool smb2_signing_required;
+
+	uint64_t highest_smb2_seqnum;
+};
+
+struct model_ops;
+struct loadparm_context;
+
+NTSTATUS smbsrv_add_socket(TALLOC_CTX *mem_ctx,
+			   struct tevent_context *event_context,
+			   struct loadparm_context *lp_ctx,
+			   const struct model_ops *model_ops,
+			   const char *address,
+			   void *process_context);
+
+struct loadparm_context;
+
+#include "smb_server/smb_server_proto.h"
+#include "smb_server/smb/smb_proto.h"
+
+/* useful way of catching wct errors with file and line number */
+#define SMBSRV_CHECK_WCT(req, wcount) do { \
+	if ((req)->in.wct != (wcount)) { \
+		DEBUG(1,("Unexpected WCT %u at %s(%d) - expected %d\n", \
+			 (req)->in.wct, __FILE__, __LINE__, wcount)); \
+		smbsrv_send_error(req, NT_STATUS_DOS(ERRSRV, ERRerror)); \
+		return; \
+	} \
+} while (0)
+	
+/* useful wrapper for talloc with NO_MEMORY reply */
+#define SMBSRV_TALLOC_IO_PTR(ptr, type) do { \
+	ptr = talloc(req, type); \
+	if (!ptr) { \
+		smbsrv_send_error(req, NT_STATUS_NO_MEMORY); \
+		return; \
+	} \
+	req->io_ptr = ptr; \
+} while (0)
+
+#define SMBSRV_SETUP_NTVFS_REQUEST(send_fn, state) do { \
+	req->ntvfs = ntvfs_request_create(req->tcon->ntvfs, req, \
+					  req->session->session_info,\
+					  SVAL(req->in.hdr,HDR_PID), \
+					  req->request_time, \
+					  req, send_fn, state); \
+	if (!req->ntvfs) { \
+		smbsrv_send_error(req, NT_STATUS_NO_MEMORY); \
+		return; \
+	} \
+	(void)talloc_steal(req->tcon->ntvfs, req); \
+	req->ntvfs->frontend_data.private_data = req; \
+} while (0)
+
+#define SMBSRV_CHECK_FILE_HANDLE(handle) do { \
+	if (!handle) { \
+		smbsrv_send_error(req, NT_STATUS_INVALID_HANDLE); \
+		return; \
+	} \
+} while (0)
+
+#define SMBSRV_CHECK_FILE_HANDLE_ERROR(handle, _status) do { \
+	if (!handle) { \
+		smbsrv_send_error(req, _status); \
+		return; \
+	} \
+} while (0)
+
+#define SMBSRV_CHECK_FILE_HANDLE_NTSTATUS(handle) do { \
+	if (!handle) { \
+		return NT_STATUS_INVALID_HANDLE; \
+	} \
+} while (0)
+
+#define SMBSRV_CHECK(cmd) do {\
+	NTSTATUS _status; \
+	_status = cmd; \
+	if (!NT_STATUS_IS_OK(_status)) { \
+		smbsrv_send_error(req,  _status); \
+		return; \
+	} \
+} while (0)
+
+/* 
+   check if the backend wants to handle the request asynchronously.
+   if it wants it handled synchronously then call the send function
+   immediately
+*/
+#define SMBSRV_CALL_NTVFS_BACKEND(cmd) do { \
+	req->ntvfs->async_states->status = cmd; \
+	if (req->ntvfs->async_states->state & NTVFS_ASYNC_STATE_ASYNC) { \
+		DLIST_ADD_END(req->smb_conn->requests, req); \
+	} else { \
+		req->ntvfs->async_states->send_fn(req->ntvfs); \
+	} \
+} while (0)
+
+/* check req->ntvfs->async_states->status and if not OK then send an error reply */
+#define SMBSRV_CHECK_ASYNC_STATUS_ERR_SIMPLE do { \
+	req = talloc_get_type(ntvfs->async_states->private_data, struct smbsrv_request); \
+	if (ntvfs->async_states->state & NTVFS_ASYNC_STATE_CLOSE || NT_STATUS_EQUAL(ntvfs->async_states->status, NT_STATUS_NET_WRITE_FAULT)) { \
+		smbsrv_terminate_connection(req->smb_conn, get_friendly_nt_error_msg (ntvfs->async_states->status)); \
+		talloc_free(req); \
+		return; \
+	} \
+	if (NT_STATUS_IS_ERR(ntvfs->async_states->status)) { \
+		smbsrv_send_error(req, ntvfs->async_states->status); \
+		return; \
+	} \
+} while (0)
+#define SMBSRV_CHECK_ASYNC_STATUS_ERR(ptr, type) do { \
+	SMBSRV_CHECK_ASYNC_STATUS_ERR_SIMPLE; \
+	ptr = talloc_get_type(req->io_ptr, type); \
+} while (0)
+#define SMBSRV_CHECK_ASYNC_STATUS_SIMPLE do { \
+	req = talloc_get_type(ntvfs->async_states->private_data, struct smbsrv_request); \
+	if (ntvfs->async_states->state & NTVFS_ASYNC_STATE_CLOSE || NT_STATUS_EQUAL(ntvfs->async_states->status, NT_STATUS_NET_WRITE_FAULT)) { \
+		smbsrv_terminate_connection(req->smb_conn, get_friendly_nt_error_msg (ntvfs->async_states->status)); \
+		talloc_free(req); \
+		return; \
+	} \
+	if (!NT_STATUS_IS_OK(ntvfs->async_states->status)) { \
+		smbsrv_send_error(req, ntvfs->async_states->status); \
+		return; \
+	} \
+} while (0)
+#define SMBSRV_CHECK_ASYNC_STATUS(ptr, type) do { \
+	SMBSRV_CHECK_ASYNC_STATUS_SIMPLE; \
+	ptr = talloc_get_type(req->io_ptr, type); \
+} while (0)
+
+/* zero out some reserved fields in a reply */
+#define SMBSRV_VWV_RESERVED(start, count) memset(req->out.vwv + VWV(start), 0, (count)*2)
+
+#include "smb_server/service_smb_proto.h"
diff --git a/source4/smb_server/tcon.c b/source4/smb_server/tcon.c
new file mode 100644
index 0000000..04dc7fe
--- /dev/null
+++ b/source4/smb_server/tcon.c
@@ -0,0 +1,196 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Manage smbsrv_tcon structures
+   Copyright (C) Andrew Tridgell 1998
+   Copyright (C) Alexander Bokovoy 2002
+   Copyright (C) Stefan Metzmacher 2005-2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "smb_server/smb_server.h"
+#include "samba/service_stream.h"
+#include "lib/tsocket/tsocket.h"
+#include "ntvfs/ntvfs.h"
+#include "lib/util/idtree_random.h"
+
+/****************************************************************************
+init the tcon structures
+****************************************************************************/
+static NTSTATUS smbsrv_init_tcons(struct smbsrv_tcons_context *tcons_ctx, TALLOC_CTX *mem_ctx, uint32_t limit)
+{
+	/* 
+	 * the idr_* functions take 'int' as limit,
+	 * and only work with a max limit 0x00FFFFFF
+	 */
+	limit &= 0x00FFFFFF;
+
+	tcons_ctx->idtree_tid	= idr_init(mem_ctx);
+	NT_STATUS_HAVE_NO_MEMORY(tcons_ctx->idtree_tid);
+	tcons_ctx->idtree_limit	= limit;
+	tcons_ctx->list		= NULL;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS smbsrv_smb_init_tcons(struct smbsrv_connection *smb_conn)
+{
+	return smbsrv_init_tcons(&smb_conn->smb_tcons, smb_conn, UINT16_MAX);
+}
+
+NTSTATUS smbsrv_smb2_init_tcons(struct smbsrv_session *smb_sess)
+{
+	return smbsrv_init_tcons(&smb_sess->smb2_tcons, smb_sess, UINT32_MAX);
+}
+
+/****************************************************************************
+find a tcon given a tid for SMB
+****************************************************************************/
+static struct smbsrv_tcon *smbsrv_tcon_find(struct smbsrv_tcons_context *tcons_ctx,
+					    uint32_t tid, struct timeval request_time)
+{
+	void *p;
+	struct smbsrv_tcon *tcon;
+
+	if (tid == 0) return NULL;
+
+	if (tid > tcons_ctx->idtree_limit) return NULL;
+
+	p = idr_find(tcons_ctx->idtree_tid, tid);
+	if (!p) return NULL;
+
+	tcon = talloc_get_type(p, struct smbsrv_tcon);
+	if (!tcon) return NULL;
+
+	tcon->statistics.last_request_time = request_time;
+
+	return tcon;
+}
+
+struct smbsrv_tcon *smbsrv_smb_tcon_find(struct smbsrv_connection *smb_conn,
+					 uint32_t tid, struct timeval request_time)
+{
+	return smbsrv_tcon_find(&smb_conn->smb_tcons, tid, request_time);
+}
+
+struct smbsrv_tcon *smbsrv_smb2_tcon_find(struct smbsrv_session *smb_sess,
+					  uint32_t tid, struct timeval request_time)
+{
+	if (!smb_sess) return NULL;
+	return smbsrv_tcon_find(&smb_sess->smb2_tcons, tid, request_time);
+}
+
+/*
+  destroy a connection structure
+*/
+static int smbsrv_tcon_destructor(struct smbsrv_tcon *tcon)
+{
+	struct smbsrv_tcons_context *tcons_ctx;
+	struct tsocket_address *client_addr;
+
+	client_addr = tcon->smb_conn->connection->remote_address;
+
+	DEBUG(3,("%s closed connection to service %s\n",
+		 tsocket_address_string(client_addr, tcon),
+		 tcon->share_name));
+
+	/* tell the ntvfs backend that we are disconnecting */
+	if (tcon->ntvfs) {
+		ntvfs_disconnect(tcon->ntvfs);
+		tcon->ntvfs = NULL;
+	}
+
+	if (tcon->smb2.session) {
+		tcons_ctx = &tcon->smb2.session->smb2_tcons;
+	} else {
+		tcons_ctx = &tcon->smb_conn->smb_tcons;
+	}
+
+	idr_remove(tcons_ctx->idtree_tid, tcon->tid);
+	DLIST_REMOVE(tcons_ctx->list, tcon);
+	return 0;
+}
+
+/*
+  find first available connection slot
+*/
+static struct smbsrv_tcon *smbsrv_tcon_new(struct smbsrv_connection *smb_conn,
+					   struct smbsrv_session *smb_sess,
+					   const char *share_name)
+{
+	TALLOC_CTX *mem_ctx;
+	struct smbsrv_tcons_context *tcons_ctx;
+	uint32_t handle_uint_max;
+	struct smbsrv_tcon *tcon;
+	NTSTATUS status;
+	int i;
+
+	if (smb_sess) {
+		mem_ctx = smb_sess;
+		tcons_ctx = &smb_sess->smb2_tcons;
+		handle_uint_max = UINT32_MAX;
+	} else {
+		mem_ctx = smb_conn;
+		tcons_ctx = &smb_conn->smb_tcons;
+		handle_uint_max = UINT16_MAX;
+	}
+
+	tcon = talloc_zero(mem_ctx, struct smbsrv_tcon);
+	if (!tcon) return NULL;
+	tcon->smb_conn		= smb_conn;
+	tcon->smb2.session	= smb_sess;
+	tcon->share_name	= talloc_strdup(tcon, share_name);
+	if (!tcon->share_name) goto failed;
+
+	/*
+	 * the use -1 here, because we don't want to give away the wildcard
+	 * fnum used in SMBflush
+	 */
+	status = smbsrv_init_handles(tcon, handle_uint_max - 1);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(1,("ERROR! failed to init handles: %s\n", nt_errstr(status)));
+		goto failed;
+	}
+
+	i = idr_get_new_random(
+		tcons_ctx->idtree_tid, tcon, 1, tcons_ctx->idtree_limit);
+	if (i == -1) {
+		DEBUG(1,("ERROR! Out of connection structures\n"));
+		goto failed;
+	}
+	tcon->tid = i;
+
+	DLIST_ADD(tcons_ctx->list, tcon);
+	talloc_set_destructor(tcon, smbsrv_tcon_destructor);
+
+	/* now fill in some statistics */
+	tcon->statistics.connect_time = timeval_current();
+
+	return tcon;
+
+failed:
+	talloc_free(tcon);
+	return NULL;
+}
+
+struct smbsrv_tcon *smbsrv_smb_tcon_new(struct smbsrv_connection *smb_conn, const char *share_name)
+{
+	return smbsrv_tcon_new(smb_conn, NULL, share_name);
+}
+
+struct smbsrv_tcon *smbsrv_smb2_tcon_new(struct smbsrv_session *smb_sess, const char *share_name)
+{
+	return smbsrv_tcon_new(smb_sess->smb_conn, smb_sess, share_name);
+}
diff --git a/source4/smb_server/wscript_build b/source4/smb_server/wscript_build
new file mode 100644
index 0000000..0ae499e
--- /dev/null
+++ b/source4/smb_server/wscript_build
@@ -0,0 +1,21 @@
+#!/usr/bin/env python
+
+bld.SAMBA_MODULE('service_smb',
+	source='service_smb.c',
+	autoproto='service_smb_proto.h',
+	subsystem='service',
+	init_function='server_service_smb_init',
+	deps='SMB_SERVER netif shares samba-hostconfig cmdline',
+	internal_module=False,
+	enabled=bld.CONFIG_SET('WITH_NTVFS_FILESERVER')
+	)
+
+bld.SAMBA_SUBSYSTEM('SMB_SERVER',
+	source='handle.c tcon.c session.c blob.c management.c smb_server.c',
+	autoproto='smb_server_proto.h',
+	public_deps='share LIBPACKET SMB_PROTOCOL SMB2_PROTOCOL',
+	enabled=bld.CONFIG_SET('WITH_NTVFS_FILESERVER')
+	)
+
+bld.RECURSE('smb')
+bld.RECURSE('smb2')
diff --git a/source4/torture/auth/ntlmssp.c b/source4/torture/auth/ntlmssp.c
new file mode 100644
index 0000000..e549671
--- /dev/null
+++ b/source4/torture/auth/ntlmssp.c
@@ -0,0 +1,163 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Small self-tests for the NTLMSSP code
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "auth/gensec/gensec.h"
+#include "auth/gensec/gensec_internal.h"
+#include "auth/ntlmssp/ntlmssp.h"
+#include "auth/ntlmssp/ntlmssp_private.h"
+#include "lib/cmdline/cmdline.h"
+#include "torture/torture.h"
+#include "param/param.h"
+#include "torture/auth/proto.h"
+
+static bool torture_ntlmssp_self_check(struct torture_context *tctx)
+{
+	struct gensec_security *gensec_security;
+	struct gensec_ntlmssp_context *gensec_ntlmssp;
+	struct ntlmssp_state *ntlmssp_state;
+	DATA_BLOB data;
+	DATA_BLOB sig, expected_sig;
+	TALLOC_CTX *mem_ctx = tctx;
+
+	torture_assert_ntstatus_ok(tctx, 
+		gensec_client_start(mem_ctx, &gensec_security,
+				    lpcfg_gensec_settings(tctx, tctx->lp_ctx)),
+		"gensec client start");
+
+	gensec_set_credentials(gensec_security, samba_cmdline_get_creds());
+
+	gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN);
+	gensec_want_feature(gensec_security, GENSEC_FEATURE_SEAL);
+
+	torture_assert_ntstatus_ok(tctx, 
+			gensec_start_mech_by_oid(gensec_security, GENSEC_OID_NTLMSSP),
+			"Failed to start GENSEC for NTLMSSP");
+
+	gensec_ntlmssp = talloc_get_type_abort(gensec_security->private_data,
+					       struct gensec_ntlmssp_context);
+	ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
+
+	ntlmssp_state->session_key = strhex_to_data_blob(tctx, "0102030405060708090a0b0c0d0e0f00");
+	dump_data_pw("NTLMSSP session key: \n", 
+		     ntlmssp_state->session_key.data,
+		     ntlmssp_state->session_key.length);
+
+	ntlmssp_state->neg_flags = NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_KEY_EXCH | NTLMSSP_NEGOTIATE_NTLM2;
+
+	torture_assert_ntstatus_ok(tctx,  
+		ntlmssp_sign_init(ntlmssp_state),
+		"Failed to sign_init");
+
+	data = strhex_to_data_blob(tctx, "6a43494653");
+	gensec_ntlmssp_sign_packet(gensec_security, gensec_security,
+				   data.data, data.length, data.data, data.length, &sig);
+
+	expected_sig = strhex_to_data_blob(tctx, "01000000e37f97f2544f4d7e00000000");
+
+	dump_data_pw("NTLMSSP calc sig:     ", sig.data, sig.length);
+	dump_data_pw("NTLMSSP expected sig: ", expected_sig.data, expected_sig.length);
+
+	torture_assert_int_equal(tctx, sig.length, expected_sig.length, "Wrong sig length");
+
+	torture_assert_mem_equal(tctx, sig.data, expected_sig.data, sig.length,
+				   "data mismatch");
+
+	torture_assert_ntstatus_equal(tctx, 
+				      gensec_ntlmssp_check_packet(gensec_security,
+								  data.data, data.length, data.data, data.length, &sig),
+				      NT_STATUS_ACCESS_DENIED, "Check of just signed packet (should fail, wrong end)");
+
+	ntlmssp_state->session_key = data_blob(NULL, 0);
+
+	torture_assert_ntstatus_equal(tctx, 
+				      gensec_ntlmssp_check_packet(gensec_security,
+								  data.data, data.length, data.data, data.length, &sig),
+				      NT_STATUS_NO_USER_SESSION_KEY, "Check of just signed packet without a session key should fail");
+
+	talloc_free(gensec_security);
+
+	torture_assert_ntstatus_ok(tctx, 
+		gensec_client_start(mem_ctx, &gensec_security,
+				    lpcfg_gensec_settings(tctx, tctx->lp_ctx)),
+		"Failed to start GENSEC for NTLMSSP");
+
+	gensec_set_credentials(gensec_security, samba_cmdline_get_creds());
+
+	gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN);
+	gensec_want_feature(gensec_security, GENSEC_FEATURE_SEAL);
+
+	torture_assert_ntstatus_ok(tctx, 
+		gensec_start_mech_by_oid(gensec_security, GENSEC_OID_NTLMSSP),
+		"GENSEC start mech by oid");
+
+	gensec_ntlmssp = talloc_get_type_abort(gensec_security->private_data,
+					       struct gensec_ntlmssp_context);
+	ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
+
+	ntlmssp_state->session_key = strhex_to_data_blob(tctx, "0102030405e538b0");
+	dump_data_pw("NTLMSSP session key: \n", 
+		     ntlmssp_state->session_key.data,
+		     ntlmssp_state->session_key.length);
+
+	ntlmssp_state->neg_flags = NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_KEY_EXCH;
+
+	torture_assert_ntstatus_ok(tctx,  
+		ntlmssp_sign_init(ntlmssp_state),
+		"Failed to sign_init");
+
+	data = strhex_to_data_blob(tctx, "6a43494653");
+	gensec_ntlmssp_sign_packet(gensec_security, gensec_security,
+			    data.data, data.length, data.data, data.length, &sig);
+
+	expected_sig = strhex_to_data_blob(tctx, "0100000078010900397420fe0e5a0f89");
+
+	dump_data_pw("NTLMSSP calc sig:     ", sig.data, sig.length);
+	dump_data_pw("NTLMSSP expected sig: ", expected_sig.data, expected_sig.length);
+
+	torture_assert_int_equal(tctx, sig.length, expected_sig.length, "Wrong sig length");
+
+	torture_assert_mem_equal(tctx, sig.data+8, expected_sig.data+8, sig.length-8,
+				   "data mismatch");
+
+	torture_assert_ntstatus_equal(tctx, 
+				      gensec_ntlmssp_check_packet(gensec_security,
+								  data.data, data.length, data.data, data.length, &sig),
+				      NT_STATUS_ACCESS_DENIED, "Check of just signed packet (should fail, wrong end)");
+
+	sig.length /= 2;
+
+	torture_assert_ntstatus_equal(tctx, 
+				      gensec_ntlmssp_check_packet(gensec_security,
+								  data.data, data.length, data.data, data.length, &sig),
+				      NT_STATUS_ACCESS_DENIED, "Check of just signed packet with short sig");
+
+	talloc_free(gensec_security);
+	return true;
+}
+
+struct torture_suite *torture_ntlmssp(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "ntlmssp");
+
+	torture_suite_add_simple_test(suite, "NTLMSSP self check",
+								   torture_ntlmssp_self_check);
+
+	return suite;
+}
diff --git a/source4/torture/auth/pac.c b/source4/torture/auth/pac.c
new file mode 100644
index 0000000..8ba8ed4
--- /dev/null
+++ b/source4/torture/auth/pac.c
@@ -0,0 +1,741 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Validate the krb5 pac generation routines
+   
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/kerberos.h"
+#include "auth/auth.h"
+#include "auth/kerberos/kerberos.h"
+#include "samba3/samba3.h"
+#include "libcli/security/security.h"
+#include "torture/torture.h"
+#include "auth/auth_sam_reply.h"
+#include "param/param.h"
+#include "librpc/gen_ndr/ndr_krb5pac.h"
+#include "torture/auth/proto.h"
+#include "auth/kerberos/pac_utils.h"
+
+static bool torture_pac_self_check(struct torture_context *tctx)
+{
+	NTSTATUS nt_status;
+	DATA_BLOB tmp_blob;
+	struct PAC_DATA *pac_data;
+	struct PAC_LOGON_INFO *logon_info;
+	union netr_Validation validation;
+
+	/* Generate a nice, arbitrary keyblock */
+	uint8_t server_bytes[16];
+	uint8_t krbtgt_bytes[16];
+	krb5_keyblock server_keyblock;
+	krb5_keyblock krbtgt_keyblock;
+	
+	krb5_error_code ret;
+
+	struct smb_krb5_context *smb_krb5_context;
+
+	struct auth_user_info_dc *user_info_dc;
+	struct auth_user_info_dc *user_info_dc_out;
+
+	krb5_principal client_principal;
+	time_t logon_time = time(NULL);
+
+	TALLOC_CTX *mem_ctx = tctx;
+
+	torture_assert(tctx, 0 == smb_krb5_init_context(mem_ctx, 
+							tctx->lp_ctx,
+							&smb_krb5_context), 
+		       "smb_krb5_init_context");
+
+	generate_random_buffer(server_bytes, 16);
+	generate_random_buffer(krbtgt_bytes, 16);
+
+	ret = smb_krb5_keyblock_init_contents(smb_krb5_context->krb5_context,
+				 ENCTYPE_ARCFOUR_HMAC,
+				 server_bytes, sizeof(server_bytes),
+				 &server_keyblock);
+	torture_assert(tctx, !ret, talloc_asprintf(tctx, 
+						   "(self test) Server Keyblock encoding failed: %s", 
+						   smb_get_krb5_error_message(smb_krb5_context->krb5_context, 
+									      ret, mem_ctx)));
+
+	ret = smb_krb5_keyblock_init_contents(smb_krb5_context->krb5_context,
+				 ENCTYPE_ARCFOUR_HMAC,
+				 krbtgt_bytes, sizeof(krbtgt_bytes),
+				 &krbtgt_keyblock);
+	if (ret) {
+		char *err = smb_get_krb5_error_message(smb_krb5_context->krb5_context, 
+						       ret, mem_ctx);
+	
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    &server_keyblock);
+
+		torture_fail(tctx, talloc_asprintf(tctx, 
+						   "(self test) KRBTGT Keyblock encoding failed: %s", err));
+	}
+
+	/* We need an input, and this one requires no underlying database */
+	nt_status = auth_anonymous_user_info_dc(mem_ctx, lpcfg_netbios_name(tctx->lp_ctx), &user_info_dc);
+
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    &server_keyblock);
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    &krbtgt_keyblock);
+		torture_fail(tctx, "auth_anonymous_user_info_dc");
+	}
+
+	ret = krb5_parse_name_flags(smb_krb5_context->krb5_context, 
+				    user_info_dc->info->account_name,
+				    KRB5_PRINCIPAL_PARSE_NO_REALM, 
+				    &client_principal);
+	if (ret) {
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    &server_keyblock);
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    &krbtgt_keyblock);
+		torture_fail(tctx, "krb5_parse_name_flags(norealm)");
+	}
+
+	/* OK, go ahead and make a PAC */
+	ret = kerberos_create_pac(mem_ctx, 
+				  user_info_dc,
+				  smb_krb5_context->krb5_context,  
+				  &krbtgt_keyblock,
+				  &server_keyblock,
+				  client_principal,
+				  logon_time,
+				  &tmp_blob);
+	
+	if (ret) {
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    &krbtgt_keyblock);
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    &server_keyblock);
+		krb5_free_principal(smb_krb5_context->krb5_context, 
+				    client_principal);
+
+		torture_fail(tctx, talloc_asprintf(tctx,
+						   "(self test) PAC encoding failed: %s", 
+						   smb_get_krb5_error_message(smb_krb5_context->krb5_context, 
+									      ret, mem_ctx)));
+	}
+
+	dump_data(10,tmp_blob.data,tmp_blob.length);
+
+	/* Now check that we can read it back (using full decode and validate) */
+	nt_status = kerberos_decode_pac(mem_ctx, 
+					tmp_blob,
+					smb_krb5_context->krb5_context,
+					&krbtgt_keyblock,
+					&server_keyblock,
+					client_principal, 
+					logon_time,
+ 					&pac_data);
+
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    &krbtgt_keyblock);
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    &server_keyblock);
+		krb5_free_principal(smb_krb5_context->krb5_context, 
+				    client_principal);
+
+		torture_fail(tctx, talloc_asprintf(tctx,
+						   "(self test) PAC decoding failed: %s", 
+						   nt_errstr(nt_status)));
+	}
+
+	/* Now check we can read it back (using Heimdal's pac parsing) */
+	nt_status = kerberos_pac_blob_to_user_info_dc(mem_ctx,
+						     tmp_blob, 
+						     smb_krb5_context->krb5_context,
+						      &user_info_dc_out, NULL, NULL);
+
+	/* The user's SID is the first element in the list */
+	if (!dom_sid_equal(&user_info_dc->sids[PRIMARY_USER_SID_INDEX].sid,
+			   &user_info_dc_out->sids[PRIMARY_USER_SID_INDEX].sid)) {
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    &krbtgt_keyblock);
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    &server_keyblock);
+		krb5_free_principal(smb_krb5_context->krb5_context, 
+				    client_principal);
+
+		torture_fail(tctx,  
+			     talloc_asprintf(tctx, 
+					     "(self test) PAC Decode resulted in *different* domain SID: %s != %s",
+					     dom_sid_string(mem_ctx, &user_info_dc->sids[PRIMARY_USER_SID_INDEX].sid),
+					     dom_sid_string(mem_ctx, &user_info_dc_out->sids[PRIMARY_USER_SID_INDEX].sid)));
+	}
+	talloc_free(user_info_dc_out);
+
+	/* Now check that we can read it back (yet again) */
+	nt_status = kerberos_pac_logon_info(mem_ctx, 
+					    tmp_blob,
+					    smb_krb5_context->krb5_context,
+					    &krbtgt_keyblock,
+					    &server_keyblock,
+					    client_principal, 
+					    logon_time, 
+					    &logon_info);
+	
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    &krbtgt_keyblock);
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    &server_keyblock);
+		krb5_free_principal(smb_krb5_context->krb5_context, 
+				    client_principal);
+		
+		torture_fail(tctx,  
+			     talloc_asprintf(tctx, 
+					     "(self test) PAC decoding (for logon info) failed: %s", 
+					     nt_errstr(nt_status)));
+	}
+	
+	krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+				    &krbtgt_keyblock);
+	krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+				    &server_keyblock);
+	krb5_free_principal(smb_krb5_context->krb5_context, 
+			    client_principal);
+
+	/* And make a server info from the samba-parsed PAC */
+	validation.sam3 = &logon_info->info3;
+	nt_status = make_user_info_dc_netlogon_validation(mem_ctx,
+							 "",
+							 3, &validation,
+							  true, /* This user was authenticated */
+						 &user_info_dc_out);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		torture_fail(tctx, 
+			     talloc_asprintf(tctx, 
+					     "(self test) PAC decoding (make server info) failed: %s", 
+					     nt_errstr(nt_status)));
+	}
+	
+	if (!dom_sid_equal(&user_info_dc->sids[PRIMARY_USER_SID_INDEX].sid,
+			   &user_info_dc_out->sids[PRIMARY_USER_SID_INDEX].sid)) {
+		torture_fail(tctx,  
+			     talloc_asprintf(tctx, 
+					     "(self test) PAC Decode resulted in *different* domain SID: %s != %s",
+					     dom_sid_string(mem_ctx, &user_info_dc->sids[PRIMARY_USER_SID_INDEX].sid),
+					     dom_sid_string(mem_ctx, &user_info_dc_out->sids[PRIMARY_USER_SID_INDEX].sid)));
+	}
+	return true;
+}
+
+
+/* This is the PAC generated on my test network, by my test Win2k3 server.
+   -- abartlet 2005-07-04
+*/
+
+static const uint8_t saved_pac[] = {
+	0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0xd8, 0x01, 0x00, 0x00, 
+	0x48, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00,
+	0x20, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
+	0x40, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
+	0x58, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc,
+	0xc8, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x30, 0xdf, 0xa6, 0xcb, 
+	0x4f, 0x7d, 0xc5, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff, 
+	0xff, 0xff, 0xff, 0x7f, 0xc0, 0x3c, 0x4e, 0x59, 0x62, 0x73, 0xc5, 0x01, 0xc0, 0x3c, 0x4e, 0x59,
+	0x62, 0x73, 0xc5, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0x16, 0x00, 0x16, 0x00,
+	0x04, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x0c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 
+	0x14, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x02, 0x00, 0x65, 0x00, 0x00, 0x00, 
+	0xed, 0x03, 0x00, 0x00, 0x04, 0x02, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x02, 0x00,
+	0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0x16, 0x00, 0x20, 0x00, 0x02, 0x00, 0x16, 0x00, 0x18, 0x00,
+	0x24, 0x00, 0x02, 0x00, 0x28, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x2c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00,
+	0x57, 0x00, 0x32, 0x00, 0x30, 0x00, 0x30, 0x00, 0x33, 0x00, 0x46, 0x00, 0x49, 0x00, 0x4e, 0x00,
+	0x41, 0x00, 0x4c, 0x00, 0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x04, 0x02, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
+	0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x57, 0x00, 0x32, 0x00,
+	0x30, 0x00, 0x30, 0x00, 0x33, 0x00, 0x46, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x41, 0x00, 0x4c, 0x00,
+	0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x57, 0x00, 0x49, 0x00,
+	0x4e, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x33, 0x00, 0x54, 0x00, 0x48, 0x00, 0x49, 0x00, 0x4e, 0x00,
+	0x4b, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+	0x15, 0x00, 0x00, 0x00, 0x11, 0x2f, 0xaf, 0xb5, 0x90, 0x04, 0x1b, 0xec, 0x50, 0x3b, 0xec, 0xdc,
+	0x01, 0x00, 0x00, 0x00, 0x30, 0x00, 0x02, 0x00, 0x07, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+	0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x80, 0x66, 0x28, 0xea, 0x37, 0x80, 0xc5, 0x01, 0x16, 0x00, 0x77, 0x00, 0x32, 0x00, 0x30, 0x00,
+	0x30, 0x00, 0x33, 0x00, 0x66, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x24, 0x00,
+	0x76, 0xff, 0xff, 0xff, 0x37, 0xd5, 0xb0, 0xf7, 0x24, 0xf0, 0xd6, 0xd4, 0xec, 0x09, 0x86, 0x5a,
+	0xa0, 0xe8, 0xc3, 0xa9, 0x00, 0x00, 0x00, 0x00, 0x76, 0xff, 0xff, 0xff, 0xb4, 0xd8, 0xb8, 0xfe,
+	0x83, 0xb3, 0x13, 0x3f, 0xfc, 0x5c, 0x41, 0xad, 0xe2, 0x64, 0x83, 0xe0, 0x00, 0x00, 0x00, 0x00
+};
+
+/* Check with a known 'well formed' PAC, from my test server */
+static bool torture_pac_saved_check(struct torture_context *tctx)
+{
+	NTSTATUS nt_status;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB tmp_blob, validate_blob;
+	struct PAC_DATA *pac_data, pac_data2;
+	struct PAC_LOGON_INFO *logon_info;
+	union netr_Validation validation;
+	const char *pac_file, *pac_kdc_key, *pac_member_key;
+	struct auth_user_info_dc *user_info_dc_out;
+
+	krb5_keyblock server_keyblock;
+	krb5_keyblock krbtgt_keyblock, *krbtgt_keyblock_p;
+	struct samr_Password *krbtgt_bytes, *krbsrv_bytes;
+	
+	krb5_error_code ret;
+	struct smb_krb5_context *smb_krb5_context;
+
+	const char *principal_string;
+	char *broken_principal_string;
+	krb5_principal client_principal;
+	const char *authtime_string;
+	time_t authtime;
+	TALLOC_CTX *mem_ctx = tctx;
+
+	torture_assert(tctx, 0 == smb_krb5_init_context(mem_ctx,
+							tctx->lp_ctx,
+							&smb_krb5_context),
+		       "smb_krb5_init_context");
+
+	pac_kdc_key = torture_setting_string(tctx, "pac_kdc_key", 
+					     "B286757148AF7FD252C53603A150B7E7");
+
+	pac_member_key = torture_setting_string(tctx, "pac_member_key", 
+						"D217FAEAE5E6B5F95CCC94077AB8A5FC");
+
+	torture_comment(tctx, "Using pac_kdc_key '%s'\n", pac_kdc_key);
+	torture_comment(tctx, "Using pac_member_key '%s'\n", pac_member_key);
+
+	/* The krbtgt key in use when the above PAC was generated.
+	 * This is an arcfour-hmac-md5 key, extracted with our 'net
+	 * samdump' tool. */
+	if (*pac_kdc_key == 0) {
+		krbtgt_bytes = NULL;
+	} else {
+		krbtgt_bytes = smbpasswd_gethexpwd(mem_ctx, pac_kdc_key);
+		if (!krbtgt_bytes) {
+			torture_fail(tctx, "(saved test) Could not interpret krbtgt key");
+		}
+	}
+
+	krbsrv_bytes = smbpasswd_gethexpwd(mem_ctx, pac_member_key);
+	if (!krbsrv_bytes) {
+		torture_fail(tctx, "(saved test) Could not interpret krbsrv key");
+	}
+
+	ret = smb_krb5_keyblock_init_contents(smb_krb5_context->krb5_context,
+				 ENCTYPE_ARCFOUR_HMAC,
+				 krbsrv_bytes->hash, sizeof(krbsrv_bytes->hash),
+				 &server_keyblock);
+	torture_assert(tctx, !ret,
+		       talloc_asprintf(tctx,
+				       "(saved test) Server Keyblock encoding failed: %s", 
+				       smb_get_krb5_error_message(smb_krb5_context->krb5_context, 
+								  ret, mem_ctx)));
+
+	if (krbtgt_bytes) {
+		ret = smb_krb5_keyblock_init_contents(smb_krb5_context->krb5_context,
+					 ENCTYPE_ARCFOUR_HMAC,
+					 krbtgt_bytes->hash, sizeof(krbtgt_bytes->hash),
+					 &krbtgt_keyblock);
+		if (ret) {
+			krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+						    &server_keyblock);
+			torture_fail(tctx, 
+				     talloc_asprintf(tctx, 
+						     "(saved test) Server Keyblock encoding failed: %s", 
+						     smb_get_krb5_error_message(smb_krb5_context->krb5_context, 
+										ret, mem_ctx)));
+		}
+		krbtgt_keyblock_p = &krbtgt_keyblock;
+	} else {
+		krbtgt_keyblock_p = NULL;
+	}
+
+	pac_file = torture_setting_string(tctx, "pac_file", NULL);
+	if (pac_file) {
+		tmp_blob.data = (uint8_t *)file_load(pac_file, &tmp_blob.length, 0, mem_ctx);
+		torture_comment(tctx, "(saved test) Loaded pac of size %ld from %s\n", (long)tmp_blob.length, pac_file);
+	} else {
+		tmp_blob = data_blob_talloc(mem_ctx, saved_pac, sizeof(saved_pac));
+	}
+	
+	dump_data(10,tmp_blob.data,tmp_blob.length);
+
+	principal_string = torture_setting_string(tctx, "pac_client_principal", 
+						  "w2003final$@WIN2K3.THINKER.LOCAL");
+
+	authtime_string = torture_setting_string(tctx, "pac_authtime", "1120440609");
+	authtime = strtoull(authtime_string, NULL, 0);
+
+	ret = krb5_parse_name(smb_krb5_context->krb5_context, principal_string, 
+			      &client_principal);
+	if (ret) {
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    krbtgt_keyblock_p);
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    &server_keyblock);
+		torture_fail(tctx,  
+			     talloc_asprintf(tctx, 
+					     "(saved test) parsing of client principal [%s] failed: %s", 
+					     principal_string, 
+					     smb_get_krb5_error_message(smb_krb5_context->krb5_context, ret, mem_ctx)));
+	}
+
+	/* Decode and verify the signaure on the PAC */
+	nt_status = kerberos_decode_pac(mem_ctx, 
+					tmp_blob,
+					smb_krb5_context->krb5_context,
+					krbtgt_keyblock_p,
+					&server_keyblock, 
+					client_principal, authtime, &pac_data);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    krbtgt_keyblock_p);
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    &server_keyblock);
+		krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
+		
+		torture_fail(tctx, talloc_asprintf(tctx, 
+						   "(saved test) PAC decoding failed: %s", 
+						   nt_errstr(nt_status)));
+	}
+
+	/* Now check we can read it back (using Heimdal's pac parsing) */
+	nt_status = kerberos_pac_blob_to_user_info_dc(mem_ctx,
+						     tmp_blob, 
+						     smb_krb5_context->krb5_context,
+						      &user_info_dc_out,
+						      NULL, NULL);
+
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    krbtgt_keyblock_p);
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    &server_keyblock);
+		krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
+		
+		torture_fail(tctx, talloc_asprintf(tctx, 
+						   "(saved test) Heimdal PAC decoding failed: %s", 
+						   nt_errstr(nt_status)));
+	}
+
+	if (!pac_file &&
+	    !dom_sid_equal(dom_sid_parse_talloc(mem_ctx, 
+						"S-1-5-21-3048156945-3961193616-3706469200-1005"), 
+			   &user_info_dc_out->sids[PRIMARY_USER_SID_INDEX].sid)) {
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    krbtgt_keyblock_p);
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    &server_keyblock);
+		krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
+
+		torture_fail(tctx,  
+			     talloc_asprintf(tctx, 
+					     "(saved test) Heimdal PAC Decode resulted in *different* domain SID: %s != %s",
+					     "S-1-5-21-3048156945-3961193616-3706469200-1005", 
+					     dom_sid_string(mem_ctx, &user_info_dc_out->sids[PRIMARY_USER_SID_INDEX].sid)));
+	}
+
+	talloc_free(user_info_dc_out);
+
+	/* Parse the PAC again, for the logon info this time (using Samba4's parsing) */
+	nt_status = kerberos_pac_logon_info(mem_ctx, 
+					    tmp_blob,
+					    smb_krb5_context->krb5_context,
+					    krbtgt_keyblock_p,
+					    &server_keyblock,
+					    client_principal, authtime, &logon_info);
+
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    krbtgt_keyblock_p);
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    &server_keyblock);
+		krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
+	
+		torture_fail(tctx,  
+			     talloc_asprintf(tctx, 
+					     "(saved test) PAC decoding (for logon info) failed: %s", 
+					     nt_errstr(nt_status)));
+	}
+
+	validation.sam3 = &logon_info->info3;
+	nt_status = make_user_info_dc_netlogon_validation(mem_ctx,
+							 "",
+							 3, &validation,
+							  true, /* This user was authenticated */
+							 &user_info_dc_out);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    krbtgt_keyblock_p);
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    &server_keyblock);
+		krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
+
+		torture_fail(tctx,  
+			     talloc_asprintf(tctx, 
+					     "(saved test) PAC decoding (make server info) failed: %s", 
+					     nt_errstr(nt_status)));
+	}
+
+	if (!pac_file &&
+	    !dom_sid_equal(dom_sid_parse_talloc(mem_ctx, 
+						"S-1-5-21-3048156945-3961193616-3706469200-1005"), 
+			   &user_info_dc_out->sids[PRIMARY_USER_SID_INDEX].sid)) {
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    krbtgt_keyblock_p);
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    &server_keyblock);
+		krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
+
+		torture_fail(tctx,  
+			     talloc_asprintf(tctx, 
+					     "(saved test) PAC Decode resulted in *different* domain SID: %s != %s",
+					     "S-1-5-21-3048156945-3961193616-3706469200-1005", 
+					     dom_sid_string(mem_ctx, &user_info_dc_out->sids[PRIMARY_USER_SID_INDEX].sid)));
+	}
+
+	if (krbtgt_bytes == NULL) {
+		torture_comment(tctx, "skipping PAC encoding tests as non kdc key\n");
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    &server_keyblock);
+		krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
+		return true;
+	}
+
+	ret = kerberos_encode_pac(mem_ctx, 
+				  pac_data,
+				  smb_krb5_context->krb5_context,
+				  krbtgt_keyblock_p,
+				  &server_keyblock,
+				  &validate_blob);
+
+	if (ret != 0) {
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    krbtgt_keyblock_p);
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    &server_keyblock);
+		krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
+
+		torture_fail(tctx, "(saved test) PAC push failed");
+	}
+
+	dump_data(10, validate_blob.data, validate_blob.length);
+
+	/* compare both the length and the data bytes after a
+	 * pull/push cycle.  This ensures we use the exact same
+	 * pointer, padding etc algorithms as win2k3.
+	 */
+	if (tmp_blob.length != validate_blob.length) {
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    krbtgt_keyblock_p);
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    &server_keyblock);
+		krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
+
+		torture_fail(tctx, 
+			     talloc_asprintf(tctx, 
+					     "(saved test) PAC push failed: original buffer length[%u] != created buffer length[%u]",
+					     (unsigned)tmp_blob.length, (unsigned)validate_blob.length));
+	}
+
+	if (memcmp(tmp_blob.data, validate_blob.data, tmp_blob.length) != 0) {
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    krbtgt_keyblock_p);
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    &server_keyblock);
+		krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
+
+		DEBUG(0, ("tmp_data:\n"));
+		dump_data(0, tmp_blob.data, tmp_blob.length);
+		DEBUG(0, ("validate_blob:\n"));
+		dump_data(0, validate_blob.data, validate_blob.length);
+
+		torture_fail(tctx, talloc_asprintf(tctx, "(saved test) PAC push failed: length[%u] matches, but data does not", (unsigned)tmp_blob.length));
+	}
+
+	ret = kerberos_create_pac(mem_ctx, 
+				  user_info_dc_out,
+				  smb_krb5_context->krb5_context,
+				  krbtgt_keyblock_p,
+				  &server_keyblock,
+				  client_principal, authtime,
+				  &validate_blob);
+
+	if (ret != 0) {
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    krbtgt_keyblock_p);
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    &server_keyblock);
+		krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
+
+		torture_fail(tctx, "(saved test) regnerated PAC create failed");
+	}
+
+	dump_data(10,validate_blob.data,validate_blob.length);
+
+	/* compare both the length and the data bytes after a
+	 * pull/push cycle.  This ensures we use the exact same
+	 * pointer, padding etc algorithms as win2k3.
+	 */
+	if (tmp_blob.length != validate_blob.length) {
+		ndr_err = ndr_pull_struct_blob(&validate_blob, mem_ctx, 
+					       &pac_data2,
+					       (ndr_pull_flags_fn_t)ndr_pull_PAC_DATA);
+		nt_status = ndr_map_error2ntstatus(ndr_err);
+		torture_assert_ntstatus_ok(tctx, nt_status, "can't parse the PAC");
+		
+		NDR_PRINT_DEBUG(PAC_DATA, pac_data);
+
+		NDR_PRINT_DEBUG(PAC_DATA, &pac_data2);
+
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    krbtgt_keyblock_p);
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    &server_keyblock);
+		krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
+
+		torture_fail(tctx, talloc_asprintf(tctx, 
+						   "(saved test) PAC regenerate failed: original buffer length[%u] != created buffer length[%u]",
+						   (unsigned)tmp_blob.length, (unsigned)validate_blob.length));
+	}
+
+	if (memcmp(tmp_blob.data, validate_blob.data, tmp_blob.length) != 0) {
+		ndr_err = ndr_pull_struct_blob(&validate_blob, mem_ctx, 
+					       &pac_data2,
+					       (ndr_pull_flags_fn_t)ndr_pull_PAC_DATA);
+		nt_status = ndr_map_error2ntstatus(ndr_err);
+		torture_assert_ntstatus_ok(tctx, nt_status, "can't parse the PAC");
+		
+		NDR_PRINT_DEBUG(PAC_DATA, pac_data);
+
+		NDR_PRINT_DEBUG(PAC_DATA, &pac_data2);
+
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    krbtgt_keyblock_p);
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    &server_keyblock);
+		krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
+
+		DEBUG(0, ("tmp_data:\n"));
+		dump_data(0, tmp_blob.data, tmp_blob.length);
+		DEBUG(0, ("validate_blob:\n"));
+		dump_data(0, validate_blob.data, validate_blob.length);
+
+		torture_fail(tctx, talloc_asprintf(tctx, 
+						   "(saved test) PAC regenerate failed: length[%u] matches, but data does not", (unsigned)tmp_blob.length));
+	}
+
+	/* Break the auth time, to ensure we check this vital detail (not setting this caused all the pain in the first place... */
+	nt_status = kerberos_decode_pac(mem_ctx, 
+					tmp_blob,
+					smb_krb5_context->krb5_context,
+					krbtgt_keyblock_p,
+					&server_keyblock,
+					client_principal, 
+					authtime + 1, &pac_data);
+	if (NT_STATUS_IS_OK(nt_status)) {
+
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    krbtgt_keyblock_p);
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    &server_keyblock);
+		krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
+		torture_fail(tctx, "(saved test) PAC decoding DID NOT fail on broken auth time (time + 1)");
+	}
+
+	/* Break the client principal */
+	krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
+
+	broken_principal_string = talloc_strdup(mem_ctx, principal_string);
+	broken_principal_string[0]++;
+
+	ret = krb5_parse_name(smb_krb5_context->krb5_context,
+			      broken_principal_string, &client_principal);
+	if (ret) {
+
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    krbtgt_keyblock_p);
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    &server_keyblock);
+		torture_fail(tctx, talloc_asprintf(tctx, 
+						   "(saved test) parsing of broken client principal failed: %s", 
+						   smb_get_krb5_error_message(smb_krb5_context->krb5_context, ret, mem_ctx)));
+	}
+
+	nt_status = kerberos_decode_pac(mem_ctx, 
+					tmp_blob,
+					smb_krb5_context->krb5_context,
+					krbtgt_keyblock_p,
+					&server_keyblock,
+					client_principal, 
+					authtime, &pac_data);
+	if (NT_STATUS_IS_OK(nt_status)) {
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    krbtgt_keyblock_p);
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    &server_keyblock);
+		torture_fail(tctx, "(saved test) PAC decoding DID NOT fail on modified principal");
+	}
+
+	/* Finally...  Bugger up the signature, and check we fail the checksum */
+	tmp_blob.data[tmp_blob.length - 2]++;
+
+	nt_status = kerberos_decode_pac(mem_ctx, 
+					tmp_blob,
+					smb_krb5_context->krb5_context,
+					krbtgt_keyblock_p,
+					&server_keyblock,
+					client_principal, 
+					authtime,
+					&pac_data);
+	if (NT_STATUS_IS_OK(nt_status)) {
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    krbtgt_keyblock_p);
+		krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+					    &server_keyblock);
+		torture_fail(tctx, "(saved test) PAC decoding DID NOT fail on broken checksum");
+	}
+
+	krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+				    krbtgt_keyblock_p);
+	krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
+				    &server_keyblock);
+	return true;
+}
+
+struct torture_suite *torture_pac(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "pac");
+
+	torture_suite_add_simple_test(suite, "self check", 
+				      torture_pac_self_check);
+	torture_suite_add_simple_test(suite, "saved check",
+				      torture_pac_saved_check);
+	return suite;
+}
diff --git a/source4/torture/auth/smbencrypt.c b/source4/torture/auth/smbencrypt.c
new file mode 100644
index 0000000..79c90eb
--- /dev/null
+++ b/source4/torture/auth/smbencrypt.c
@@ -0,0 +1,70 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   tests for smbencrypt code
+
+   Copyright (C) Andrew Tridgell 2011
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2011
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/auth/libcli_auth.h"
+#include "torture/torture.h"
+#include "torture/auth/proto.h"
+
+static bool torture_deshash(struct torture_context *tctx)
+{
+	struct {
+		const char *input;
+		uint8_t output[16];
+		bool should_pass;
+	} testcases[] = {
+		{ "",
+		  { 0xAA, 0xD3, 0xB4, 0x35, 0xB5, 0x14, 0x04, 0xEE,
+		    0xAA, 0xD3, 0xB4, 0x35, 0xB5, 0x14, 0x04, 0xEE }, true},
+		{ "abcdefgh",
+		  { 0xE0, 0xC5, 0x10, 0x19, 0x9C, 0xC6, 0x6A, 0xBD,
+		    0x5A, 0xCD, 0xCD, 0x7C, 0x24, 0x7F, 0xA8, 0x3A }, true},
+		{ "0123456789abc",
+		  { 0x56, 0x45, 0xF1, 0x3F, 0x50, 0x08, 0x82, 0xB2,
+		    0x50, 0x79, 0x8A, 0xE6, 0x33, 0x38, 0xAF, 0xE9 }, true},
+		{ "0123456789abcd",
+		  { 0x56, 0x45, 0xF1, 0x3F, 0x50, 0x08, 0x82, 0xB2,
+		    0x1A, 0xC3, 0x88, 0x4B, 0x83, 0x32, 0x45, 0x40 }, true},
+		{ "0123456789abcde",
+		  { 0x56, 0x45, 0xF1, 0x3F, 0x50, 0x08, 0x82, 0xB2,
+		    0x1A, 0xC3, 0x88, 0x4B, 0x83, 0x32, 0x45, 0x40 }, false},
+	};
+	int i;
+	for (i=0; i<ARRAY_SIZE(testcases); i++) {
+		uint8_t res[16];
+		bool ret;
+		ret = E_deshash(testcases[i].input, res);
+		torture_assert(tctx, ret == testcases[i].should_pass,
+			       "E_deshash bad result");
+		torture_assert_mem_equal(tctx, res, testcases[i].output, 16, "E_deshash bad return data");
+	}
+	return true;
+}
+
+struct torture_suite *torture_smbencrypt(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "smbencrypt");
+
+	torture_suite_add_simple_test(suite, "deshash check", torture_deshash);
+
+	return suite;
+}
diff --git a/source4/torture/basic/aliases.c b/source4/torture/basic/aliases.c
new file mode 100644
index 0000000..ee3ea50
--- /dev/null
+++ b/source4/torture/basic/aliases.c
@@ -0,0 +1,397 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB trans2 alias scanner
+   Copyright (C) Andrew Tridgell 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "../lib/util/dlinklist.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "torture/basic/proto.h"
+
+int create_complex_file(struct smbcli_state *cli, TALLOC_CTX *mem_ctx, const char *fname);
+
+struct trans2_blobs {
+	struct trans2_blobs *next, *prev;
+	uint16_t level;
+	DATA_BLOB params, data;
+};
+
+/* look for aliases for a query */
+static bool gen_aliases(struct torture_context *tctx, 
+						struct smbcli_state *cli, struct smb_trans2 *t2, 
+						int level_offset)
+{
+	uint16_t level;
+	struct trans2_blobs *alias_blobs = NULL;
+	struct trans2_blobs *t2b, *t2b2;
+	int count=0, alias_count=0;
+
+	for (level=0;level<2000;level++) {
+		NTSTATUS status;
+
+		SSVAL(t2->in.params.data, level_offset, level);
+		
+		status = smb_raw_trans2(cli->tree, tctx, t2);
+		if (!NT_STATUS_IS_OK(status)) continue;
+
+		t2b = talloc(tctx, struct trans2_blobs);
+		t2b->level = level;
+		t2b->params = t2->out.params;
+		t2b->data = t2->out.data;
+		DLIST_ADD(alias_blobs, t2b);
+		torture_comment(tctx, 
+						"\tFound level %4u (0x%03x) of size %3d (0x%02x)\n", 
+			 level, level,
+			 (int)t2b->data.length, (int)t2b->data.length);
+		count++;
+	}
+
+	torture_comment(tctx, "Found %d levels with success status\n", count);
+
+	for (t2b=alias_blobs; t2b; t2b=t2b->next) {
+		for (t2b2=alias_blobs; t2b2; t2b2=t2b2->next) {
+			if (t2b->level >= t2b2->level) continue;
+			if (data_blob_cmp(&t2b->params, &t2b2->params) == 0 &&
+			    data_blob_cmp(&t2b->data, &t2b2->data) == 0) {
+				torture_comment(tctx, 
+				"\tLevel %u (0x%x) and level %u (0x%x) are possible aliases\n", 
+				       t2b->level, t2b->level, t2b2->level, t2b2->level);
+				alias_count++;
+			}
+		}
+	}
+
+	torture_comment(tctx, "Found %d aliased levels\n", alias_count);
+
+	return true;
+}
+
+/* look for qfsinfo aliases */
+static bool qfsinfo_aliases(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	struct smb_trans2 t2;
+	uint16_t setup = TRANSACT2_QFSINFO;
+
+	t2.in.max_param = 0;
+	t2.in.max_data = UINT16_MAX;
+	t2.in.max_setup = 0;
+	t2.in.flags = 0;
+	t2.in.timeout = 0;
+	t2.in.setup_count = 1;
+	t2.in.setup = &setup;
+	t2.in.params = data_blob_talloc_zero(tctx, 2);
+	t2.in.data = data_blob(NULL, 0);
+	ZERO_STRUCT(t2.out);
+
+	return gen_aliases(tctx, cli, &t2, 0);
+}
+
+/* look for qfileinfo aliases */
+static bool qfileinfo_aliases(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	struct smb_trans2 t2;
+	uint16_t setup = TRANSACT2_QFILEINFO;
+	const char *fname = "\\qfileinfo_aliases.txt";
+	int fnum;
+
+	t2.in.max_param = 2;
+	t2.in.max_data = UINT16_MAX;
+	t2.in.max_setup = 0;
+	t2.in.flags = 0;
+	t2.in.timeout = 0;
+	t2.in.setup_count = 1;
+	t2.in.setup = &setup;
+	t2.in.params = data_blob_talloc_zero(tctx, 4);
+	t2.in.data = data_blob(NULL, 0);
+	ZERO_STRUCT(t2.out);
+
+	smbcli_unlink(cli->tree, fname);
+	fnum = create_complex_file(cli, cli, fname);
+	torture_assert(tctx, fnum != -1, talloc_asprintf(tctx, 
+					"open of %s failed (%s)", fname, 
+				   smbcli_errstr(cli->tree)));
+
+	smbcli_write(cli->tree, fnum, 0, &t2, 0, sizeof(t2));
+
+	SSVAL(t2.in.params.data, 0, fnum);
+
+	if (!gen_aliases(tctx, cli, &t2, 2))
+		return false;
+
+	smbcli_close(cli->tree, fnum);
+	smbcli_unlink(cli->tree, fname);
+
+	return true;
+}
+
+
+/* look for qpathinfo aliases */
+static bool qpathinfo_aliases(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	struct smb_trans2 t2;
+	uint16_t setup = TRANSACT2_QPATHINFO;
+	const char *fname = "\\qpathinfo_aliases.txt";
+	int fnum;
+
+	ZERO_STRUCT(t2);
+	t2.in.max_param = 2;
+	t2.in.max_data = UINT16_MAX;
+	t2.in.max_setup = 0;
+	t2.in.flags = 0;
+	t2.in.timeout = 0;
+	t2.in.setup_count = 1;
+	t2.in.setup = &setup;
+	t2.in.params = data_blob_talloc_zero(tctx, 6);
+	t2.in.data = data_blob(NULL, 0);
+
+	smbcli_unlink(cli->tree, fname);
+	fnum = create_complex_file(cli, cli, fname);
+	torture_assert(tctx, fnum != -1, talloc_asprintf(tctx, 
+					"open of %s failed (%s)", fname, 
+				   smbcli_errstr(cli->tree)));
+
+	smbcli_write(cli->tree, fnum, 0, &t2, 0, sizeof(t2));
+	smbcli_close(cli->tree, fnum);
+
+	SIVAL(t2.in.params.data, 2, 0);
+
+	smbcli_blob_append_string(cli->session, tctx, &t2.in.params, 
+			       fname, STR_TERMINATE);
+
+	if (!gen_aliases(tctx, cli, &t2, 0))
+		return false;
+
+	smbcli_unlink(cli->tree, fname);
+
+	return true;
+}
+
+
+/* look for trans2 findfirst aliases */
+static bool findfirst_aliases(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	struct smb_trans2 t2;
+	uint16_t setup = TRANSACT2_FINDFIRST;
+	const char *fname = "\\findfirst_aliases.txt";
+	int fnum;
+
+	ZERO_STRUCT(t2);
+	t2.in.max_param = 16;
+	t2.in.max_data = UINT16_MAX;
+	t2.in.max_setup = 0;
+	t2.in.flags = 0;
+	t2.in.timeout = 0;
+	t2.in.setup_count = 1;
+	t2.in.setup = &setup;
+	t2.in.params = data_blob_talloc_zero(tctx, 12);
+	t2.in.data = data_blob(NULL, 0);
+
+	smbcli_unlink(cli->tree, fname);
+	fnum = create_complex_file(cli, cli, fname);
+	torture_assert(tctx, fnum != -1, talloc_asprintf(tctx, 
+					"open of %s failed (%s)", fname, 
+				   smbcli_errstr(cli->tree)));
+
+	smbcli_write(cli->tree, fnum, 0, &t2, 0, sizeof(t2));
+	smbcli_close(cli->tree, fnum);
+
+	SSVAL(t2.in.params.data, 0, 0);
+	SSVAL(t2.in.params.data, 2, 1);
+	SSVAL(t2.in.params.data, 4, FLAG_TRANS2_FIND_CLOSE);
+	SSVAL(t2.in.params.data, 6, 0);
+	SIVAL(t2.in.params.data, 8, 0);
+
+	smbcli_blob_append_string(cli->session, tctx, &t2.in.params, 
+			       fname, STR_TERMINATE);
+
+	if (!gen_aliases(tctx, cli, &t2, 6))
+		return false;
+
+	smbcli_unlink(cli->tree, fname);
+
+	return true;
+}
+
+
+
+/* look for aliases for a set function */
+static bool gen_set_aliases(struct torture_context *tctx, 
+							struct smbcli_state *cli, 
+							struct smb_trans2 *t2, int level_offset)
+{
+	uint16_t level;
+	struct trans2_blobs *alias_blobs = NULL;
+	struct trans2_blobs *t2b;
+	int count=0, dsize;
+
+	for (level=1;level<1100;level++) {
+		NTSTATUS status, status1;
+		SSVAL(t2->in.params.data, level_offset, level);
+
+		status1 = NT_STATUS_OK;
+
+		for (dsize=2; dsize<1024; dsize += 2) {
+			data_blob_free(&t2->in.data);
+			t2->in.data = data_blob(NULL, dsize);
+			data_blob_clear(&t2->in.data);
+			status = smb_raw_trans2(cli->tree, tctx, t2);
+			/* some error codes mean that this whole level doesn't exist */
+			if (NT_STATUS_EQUAL(NT_STATUS_INVALID_LEVEL, status) ||
+			    NT_STATUS_EQUAL(NT_STATUS_INVALID_INFO_CLASS, status) ||
+			    NT_STATUS_EQUAL(NT_STATUS_NOT_SUPPORTED, status)) {
+				break;
+			}
+			if (NT_STATUS_IS_OK(status)) break;
+
+			/* invalid parameter means that the level exists at this 
+			   size, but the contents are wrong (not surprising with
+			   all zeros!) */
+			if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) break;
+
+			/* this is the usual code for 'wrong size' */
+			if (NT_STATUS_EQUAL(status, NT_STATUS_INFO_LENGTH_MISMATCH)) {
+				continue;
+			}
+
+			if (!NT_STATUS_EQUAL(status, status1)) {
+				torture_comment(tctx, "level=%d size=%d %s\n", level, dsize, nt_errstr(status));
+			}
+			status1 = status;
+		}
+
+		if (!NT_STATUS_IS_OK(status) &&
+		    !NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) continue;
+
+		t2b = talloc(tctx, struct trans2_blobs);
+		t2b->level = level;
+		t2b->params = t2->out.params;
+		t2b->data = t2->out.data;
+		DLIST_ADD(alias_blobs, t2b);
+		torture_comment(tctx, 
+					"\tFound level %4u (0x%03x) of size %3d (0x%02x)\n", 
+			 level, level,
+			 (int)t2->in.data.length, (int)t2->in.data.length);
+		count++;
+	}
+
+	torture_comment(tctx, "Found %d valid levels\n", count);
+
+	return true;
+}
+
+
+
+/* look for setfileinfo aliases */
+static bool setfileinfo_aliases(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	struct smb_trans2 t2;
+	uint16_t setup = TRANSACT2_SETFILEINFO;
+	const char *fname = "\\setfileinfo_aliases.txt";
+	int fnum;
+
+	ZERO_STRUCT(t2);
+	t2.in.max_param = 2;
+	t2.in.max_data = 0;
+	t2.in.max_setup = 0;
+	t2.in.flags = 0;
+	t2.in.timeout = 0;
+	t2.in.setup_count = 1;
+	t2.in.setup = &setup;
+	t2.in.params = data_blob_talloc_zero(tctx, 6);
+	t2.in.data = data_blob(NULL, 0);
+
+	smbcli_unlink(cli->tree, fname);
+	fnum = create_complex_file(cli, cli, fname);
+	torture_assert(tctx, fnum != -1, talloc_asprintf(tctx, 
+				   "open of %s failed (%s)", fname, 
+				   smbcli_errstr(cli->tree)));
+
+	smbcli_write(cli->tree, fnum, 0, &t2, 0, sizeof(t2));
+
+	SSVAL(t2.in.params.data, 0, fnum);
+	SSVAL(t2.in.params.data, 4, 0);
+
+	gen_set_aliases(tctx, cli, &t2, 2);
+
+	smbcli_close(cli->tree, fnum);
+	smbcli_unlink(cli->tree, fname);
+
+	return true;
+}
+
+/* look for setpathinfo aliases */
+static bool setpathinfo_aliases(struct torture_context *tctx, 
+								struct smbcli_state *cli)
+{
+	struct smb_trans2 t2;
+	uint16_t setup = TRANSACT2_SETPATHINFO;
+	const char *fname = "\\setpathinfo_aliases.txt";
+	int fnum;
+
+	ZERO_STRUCT(t2);
+	t2.in.max_param = 32;
+	t2.in.max_data = UINT16_MAX;
+	t2.in.max_setup = 0;
+	t2.in.flags = 0;
+	t2.in.timeout = 0;
+	t2.in.setup_count = 1;
+	t2.in.setup = &setup;
+	t2.in.params = data_blob_talloc_zero(tctx, 4);
+	t2.in.data = data_blob(NULL, 0);
+
+	smbcli_unlink(cli->tree, fname);
+
+	fnum = create_complex_file(cli, cli, fname);
+	torture_assert(tctx, fnum != -1, talloc_asprintf(tctx, 
+					"open of %s failed (%s)", fname, 
+				   smbcli_errstr(cli->tree)));
+
+	smbcli_write(cli->tree, fnum, 0, &t2, 0, sizeof(t2));
+	smbcli_close(cli->tree, fnum);
+
+	SSVAL(t2.in.params.data, 2, 0);
+
+	smbcli_blob_append_string(cli->session, tctx, &t2.in.params, 
+			       fname, STR_TERMINATE);
+
+	if (!gen_set_aliases(tctx, cli, &t2, 0))
+		return false;
+
+	torture_assert_ntstatus_ok(tctx, smbcli_unlink(cli->tree, fname),
+		talloc_asprintf(tctx, "unlink: %s", smbcli_errstr(cli->tree)));
+
+	return true;
+}
+
+
+/* look for aliased info levels in trans2 calls */
+struct torture_suite *torture_trans2_aliases(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "aliases");
+
+	torture_suite_add_1smb_test(suite, "QFSINFO aliases", qfsinfo_aliases);
+	torture_suite_add_1smb_test(suite, "QFILEINFO aliases", qfileinfo_aliases);
+	torture_suite_add_1smb_test(suite, "QPATHINFO aliases", qpathinfo_aliases);
+	torture_suite_add_1smb_test(suite, "FINDFIRST aliases", findfirst_aliases);
+	torture_suite_add_1smb_test(suite, "setfileinfo_aliases", setfileinfo_aliases);
+	torture_suite_add_1smb_test(suite, "setpathinfo_aliases", setpathinfo_aliases);
+
+	return suite;
+}
diff --git a/source4/torture/basic/attr.c b/source4/torture/basic/attr.c
new file mode 100644
index 0000000..f2a554d
--- /dev/null
+++ b/source4/torture/basic/attr.c
@@ -0,0 +1,437 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   openattr tester
+
+   Copyright (C) Andrew Tridgell 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "system/filesys.h"
+#include "libcli/security/security_descriptor.h"
+#include "torture/basic/proto.h"
+
+extern int torture_failures;
+
+#define CHECK_MAX_FAILURES(label) do { if (++failures >= torture_failures) goto label; } while (0)
+
+
+static const uint32_t open_attrs_table[] = {
+		FILE_ATTRIBUTE_NORMAL,
+		FILE_ATTRIBUTE_ARCHIVE,
+		FILE_ATTRIBUTE_READONLY,
+		FILE_ATTRIBUTE_HIDDEN,
+		FILE_ATTRIBUTE_SYSTEM,
+
+		FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY,
+		FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN,
+		FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM,
+		FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN,
+		FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM,
+		FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM,
+
+		FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN,
+		FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM,
+		FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM,
+		FILE_ATTRIBUTE_HIDDEN,FILE_ATTRIBUTE_SYSTEM,
+};
+
+struct trunc_open_results {
+	unsigned int num;
+	uint32_t init_attr;
+	uint32_t trunc_attr;
+	uint32_t result_attr;
+};
+
+static const struct trunc_open_results attr_results[] = {
+	{ 0, FILE_ATTRIBUTE_NORMAL, FILE_ATTRIBUTE_NORMAL, FILE_ATTRIBUTE_ARCHIVE },
+	{ 1, FILE_ATTRIBUTE_NORMAL, FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_ARCHIVE },
+	{ 2, FILE_ATTRIBUTE_NORMAL, FILE_ATTRIBUTE_READONLY, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY },
+	{ 16, FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NORMAL, FILE_ATTRIBUTE_ARCHIVE },
+	{ 17, FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_ARCHIVE },
+	{ 18, FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_READONLY, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY },
+	{ 51, FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN },
+	{ 54, FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN },
+	{ 56, FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN },
+	{ 68, FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM },
+	{ 71, FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM },
+	{ 73, FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM },
+	{ 99, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_HIDDEN,FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN },
+	{ 102, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN },
+	{ 104, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN },
+	{ 116, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM },
+	{ 119,  FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM,  FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM },
+	{ 121, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM },
+	{ 170, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM|FILE_ATTRIBUTE_HIDDEN },
+	{ 173, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM },
+	{ 227, FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN },
+	{ 230, FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN },
+	{ 232, FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN },
+	{ 244, FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM },
+	{ 247, FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM },
+	{ 249, FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM }
+};
+
+
+bool torture_openattrtest(struct torture_context *tctx, 
+			  struct smbcli_state *cli1)
+{
+	const char *fname = "\\openattr.file";
+	int fnum1;
+	uint16_t attr;
+	unsigned int i, j, k, l;
+	int failures = 0;
+
+	for (k = 0, i = 0; i < sizeof(open_attrs_table)/sizeof(uint32_t); i++) {
+		smbcli_setatr(cli1->tree, fname, 0, 0);
+		smbcli_unlink(cli1->tree, fname);
+		fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, 
+					      SEC_FILE_WRITE_DATA, 
+					      open_attrs_table[i],
+					      NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
+		
+		torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open %d (1) of %s failed (%s)", i, 
+					   fname, smbcli_errstr(cli1->tree)));
+
+		torture_assert_ntstatus_ok(tctx, 
+							smbcli_close(cli1->tree, fnum1),
+							talloc_asprintf(tctx, "close %d (1) of %s failed (%s)", i, fname, 
+							smbcli_errstr(cli1->tree)));
+
+		for (j = 0; j < ARRAY_SIZE(open_attrs_table); j++) {
+			fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, 
+						      SEC_FILE_READ_DATA|
+						      SEC_FILE_WRITE_DATA, 
+						      open_attrs_table[j],
+						      NTCREATEX_SHARE_ACCESS_NONE, 
+						      NTCREATEX_DISP_OVERWRITE, 0, 0);
+
+			if (fnum1 == -1) {
+				for (l = 0; l < ARRAY_SIZE(attr_results); l++) {
+					if (attr_results[l].num == k) {
+						torture_result(tctx, TORTURE_FAIL,
+								"[%d] trunc open 0x%x -> 0x%x of %s failed - should have succeeded !(%s)",
+								k, open_attrs_table[i],
+								open_attrs_table[j],
+								fname, smbcli_errstr(cli1->tree));
+						CHECK_MAX_FAILURES(error_exit);
+					}
+				}
+				if (!NT_STATUS_EQUAL(smbcli_nt_error(cli1->tree), NT_STATUS_ACCESS_DENIED)) {
+					torture_result(tctx, TORTURE_FAIL,
+							"[%d] trunc open 0x%x -> 0x%x failed with wrong error code %s",
+							k, open_attrs_table[i], open_attrs_table[j],
+							smbcli_errstr(cli1->tree));
+					CHECK_MAX_FAILURES(error_exit);
+				}
+#if 0
+				torture_comment(tctx, "[%d] trunc open 0x%x -> 0x%x failed\n", k, open_attrs_table[i], open_attrs_table[j]);
+#endif
+				k++;
+				continue;
+			}
+
+			torture_assert_ntstatus_ok(tctx, 
+									   smbcli_close(cli1->tree, fnum1),
+									talloc_asprintf(tctx, "close %d (2) of %s failed (%s)", j, 
+									fname, smbcli_errstr(cli1->tree)));
+
+			torture_assert_ntstatus_ok(tctx, 
+						smbcli_getatr(cli1->tree, fname, &attr, NULL, NULL),
+						talloc_asprintf(tctx, "getatr(2) failed (%s)", smbcli_errstr(cli1->tree)));
+
+#if 0
+			torture_comment(tctx, "[%d] getatr check [0x%x] trunc [0x%x] got attr 0x%x\n",
+					k,  open_attrs_table[i],  open_attrs_table[j], attr );
+#endif
+
+			for (l = 0; l < ARRAY_SIZE(attr_results); l++) {
+				if (attr_results[l].num == k) {
+					if (attr != attr_results[l].result_attr ||
+					    open_attrs_table[i] != attr_results[l].init_attr ||
+					    open_attrs_table[j] != attr_results[l].trunc_attr) {
+						torture_result(tctx, TORTURE_FAIL,
+							"[%d] getatr check failed. [0x%x] trunc [0x%x] got attr 0x%x, should be 0x%x",
+						       k, open_attrs_table[i],
+						       open_attrs_table[j],
+						       (unsigned int)attr,
+						       attr_results[l].result_attr);
+						CHECK_MAX_FAILURES(error_exit);
+					}
+					break;
+				}
+			}
+			k++;
+		}
+	}
+error_exit:
+	smbcli_setatr(cli1->tree, fname, 0, 0);
+	smbcli_unlink(cli1->tree, fname);
+
+	if (failures) {
+		return false;
+	}
+	return true;
+}
+
+bool torture_winattrtest(struct torture_context *tctx,
+			  struct smbcli_state *cli1)
+{
+	const char *fname = "\\winattr1.file";
+	const char *dname = "\\winattr1.dir";
+	int fnum1;
+	uint16_t attr;
+	uint16_t j;
+	uint32_t aceno;
+	int failures = 0;
+	union smb_fileinfo query, query_org;
+	NTSTATUS status;
+	struct security_descriptor *sd1, *sd2;
+	ZERO_STRUCT(query);
+	ZERO_STRUCT(query_org);
+
+	/* Test winattrs for file */
+	smbcli_unlink(cli1->tree, fname);
+
+	/* Open a file*/
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDWR | O_CREAT | O_TRUNC,
+			DENY_NONE);
+	torture_assert(tctx, fnum1 != -1,
+		       talloc_asprintf(tctx, "open(1) of %s failed (%s)\n",
+		       fname, smbcli_errstr(cli1->tree)));
+
+
+	/* Get security descriptor and store it*/
+	query_org.generic.level = RAW_FILEINFO_SEC_DESC;
+	query_org.generic.in.file.fnum = fnum1;
+	status = smb_raw_fileinfo(cli1->tree, tctx, &query_org);
+	if(!NT_STATUS_IS_OK(status)){
+		torture_comment(tctx, "smb_raw_fileinfo(1) of %s failed (%s)\n",
+				fname, nt_errstr(status));
+		torture_assert_ntstatus_ok(tctx,
+				smbcli_close(cli1->tree, fnum1),
+				talloc_asprintf(tctx,
+					"close(1) of %s failed (%s)\n",
+			                fname, smbcli_errstr(cli1->tree)));
+		CHECK_MAX_FAILURES(error_exit_file);
+	}
+	sd1 = query_org.query_secdesc.out.sd;
+
+	torture_assert_ntstatus_ok(tctx, smbcli_close(cli1->tree, fnum1),
+	               talloc_asprintf(tctx, "close(1) of %s failed (%s)\n",
+			               fname, smbcli_errstr(cli1->tree)));
+
+	/*Set and get attributes*/
+	for (j = 0; j < ARRAY_SIZE(open_attrs_table); j++) {
+		torture_assert_ntstatus_ok(tctx,
+			smbcli_setatr(cli1->tree, fname, open_attrs_table[j],0),
+			talloc_asprintf(tctx, "setatr(2) failed (%s)",
+				smbcli_errstr(cli1->tree)));
+
+		torture_assert_ntstatus_ok(tctx,
+			smbcli_getatr(cli1->tree, fname, &attr, NULL, NULL),
+			talloc_asprintf(tctx, "getatr(2) failed (%s)",
+			smbcli_errstr(cli1->tree)));
+
+		/* Check the result */
+		if((j == 0)&&(attr != FILE_ATTRIBUTE_ARCHIVE)){
+			torture_comment(tctx, "getatr check failed. \
+					Attr applied [0x%x], got attr [0x%x], \
+					should be [0x%x]",
+					open_attrs_table[j],
+					(uint16_t)attr,open_attrs_table[j +1]);
+			CHECK_MAX_FAILURES(error_exit_file);
+		}else{
+
+			if((j != 0) &&(attr != open_attrs_table[j])){
+				torture_comment(tctx, "getatr check failed. \
+					Attr applied [0x%x],got attr 0x%x, \
+					should be 0x%x ",
+					open_attrs_table[j], (uint16_t)attr,
+					open_attrs_table[j]);
+				CHECK_MAX_FAILURES(error_exit_file);
+			}
+
+		}
+
+		fnum1 = smbcli_open(cli1->tree, fname, O_RDONLY | O_CREAT,
+				DENY_NONE);
+		torture_assert(tctx, fnum1 != -1,
+		       talloc_asprintf(tctx, "open(2) of %s failed (%s)\n",
+		       fname, smbcli_errstr(cli1->tree)));
+		/*Get security descriptor */
+		query.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+		query.query_secdesc.in.file.fnum = fnum1;
+		status = smb_raw_fileinfo(cli1->tree, tctx, &query);
+		if(!NT_STATUS_IS_OK(status)){
+			torture_comment(tctx,
+				"smb_raw_fileinfo(2) of %s failed (%s)\n",
+				fname, nt_errstr(status));
+			torture_assert_ntstatus_ok(tctx,
+				smbcli_close(cli1->tree, fnum1),
+				talloc_asprintf(tctx,
+					"close(2) of %s failed (%s)\n",
+					fname, smbcli_errstr(cli1->tree)));
+			CHECK_MAX_FAILURES(error_exit_file);
+		}
+		sd2 = query.query_secdesc.out.sd;
+
+		torture_assert_ntstatus_ok(tctx,smbcli_close(cli1->tree,fnum1),
+	               talloc_asprintf(tctx, "close(2) of %s failed (%s)\n",
+			               fname, smbcli_errstr(cli1->tree)));
+
+		/*Compare security descriptors -- Must be same*/
+		for (aceno=0;(sd1->dacl&&aceno < sd1->dacl->num_aces);aceno++){
+			struct security_ace *ace1 = &sd1->dacl->aces[aceno];
+			struct security_ace *ace2 = &sd2->dacl->aces[aceno];
+
+			if (!security_ace_equal(ace1, ace2)) {
+				torture_comment(tctx,
+					"ACLs changed! Not expected!\n");
+				CHECK_MAX_FAILURES(error_exit_file);
+			}
+		}
+
+		torture_comment(tctx, "[%d] setattr = [0x%x] got attr 0x%x\n",
+			j,  open_attrs_table[j], attr );
+
+	}
+
+error_exit_file:
+	smbcli_setatr(cli1->tree, fname, 0, 0);
+	smbcli_unlink(cli1->tree, fname);
+
+/* Check for Directory. */
+
+	smbcli_deltree(cli1->tree, dname);
+	smbcli_rmdir(cli1->tree,dname);
+
+	/* Open a directory */
+	fnum1 = smbcli_nt_create_full(cli1->tree, dname, 0,
+				      SEC_RIGHTS_DIR_ALL,
+				      FILE_ATTRIBUTE_DIRECTORY,
+				      NTCREATEX_SHARE_ACCESS_NONE,
+				      NTCREATEX_DISP_OPEN_IF,
+				      NTCREATEX_OPTIONS_DIRECTORY, 0);
+	/*smbcli_mkdir(cli1->tree,dname);*/
+
+	torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx,
+			"open (1) of %s failed (%s)",
+			  dname, smbcli_errstr(cli1->tree)));
+
+
+	/* Get Security Descriptor */
+	query_org.generic.level = RAW_FILEINFO_SEC_DESC;
+        query_org.generic.in.file.fnum = fnum1;
+        status = smb_raw_fileinfo(cli1->tree, tctx, &query_org);
+	if(!NT_STATUS_IS_OK(status)){
+		torture_comment(tctx, "smb_raw_fileinfo(1) of %s failed (%s)\n",
+				dname, nt_errstr(status));
+		torture_assert_ntstatus_ok(tctx,
+				smbcli_close(cli1->tree, fnum1),
+				talloc_asprintf(tctx,
+					"close(1) of %s failed (%s)\n",
+			                dname, smbcli_errstr(cli1->tree)));
+		CHECK_MAX_FAILURES(error_exit_dir);
+	}
+	sd1 = query_org.query_secdesc.out.sd;
+
+	torture_assert_ntstatus_ok(tctx,
+				smbcli_close(cli1->tree, fnum1),
+				talloc_asprintf(tctx,
+				"close (1) of %s failed (%s)", dname,
+				smbcli_errstr(cli1->tree)));
+
+	/* Set and get win attributes*/
+	for (j = 1; j < ARRAY_SIZE(open_attrs_table); j++) {
+
+		torture_assert_ntstatus_ok(tctx,
+		smbcli_setatr(cli1->tree, dname, open_attrs_table[j], 0),
+		talloc_asprintf(tctx, "setatr(2) failed (%s)",
+		smbcli_errstr(cli1->tree)));
+
+		torture_assert_ntstatus_ok(tctx,
+		smbcli_getatr(cli1->tree, dname, &attr, NULL, NULL),
+		talloc_asprintf(tctx, "getatr(2) failed (%s)",
+		smbcli_errstr(cli1->tree)));
+
+		torture_comment(tctx, "[%d] setatt = [0x%x] got attr 0x%x\n",
+			j,  open_attrs_table[j], attr );
+
+		/* Check the result */
+		if(attr != (open_attrs_table[j]|FILE_ATTRIBUTE_DIRECTORY)){
+			torture_comment(tctx, "getatr check failed. set attr \
+				[0x%x], got attr 0x%x, should be 0x%x\n",
+			        open_attrs_table[j],
+			        (uint16_t)attr,
+			        (unsigned int)(open_attrs_table[j]|FILE_ATTRIBUTE_DIRECTORY));
+			CHECK_MAX_FAILURES(error_exit_dir);
+		}
+
+		fnum1 = smbcli_nt_create_full(cli1->tree, dname, 0,
+				      SEC_RIGHTS_DIR_READ,
+				      FILE_ATTRIBUTE_DIRECTORY,
+				      NTCREATEX_SHARE_ACCESS_NONE,
+				      NTCREATEX_DISP_OPEN,
+				      0,0);
+
+		torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx,
+			"open (2) of %s failed (%s)",
+			  dname, smbcli_errstr(cli1->tree)));
+		/* Get security descriptor */
+		query.generic.level = RAW_FILEINFO_SEC_DESC;
+		query.generic.in.file.fnum = fnum1;
+		status = smb_raw_fileinfo(cli1->tree, tctx, &query);
+		if(!NT_STATUS_IS_OK(status)){
+			torture_comment(tctx, "smb_raw_fileinfo(2) of %s failed\
+					(%s)\n", dname, nt_errstr(status));
+			torture_assert_ntstatus_ok(tctx,
+					smbcli_close(cli1->tree, fnum1),
+					talloc_asprintf(tctx,
+					"close (2) of %s failed (%s)", dname,
+					smbcli_errstr(cli1->tree)));
+			CHECK_MAX_FAILURES(error_exit_dir);
+		}
+		sd2 = query.query_secdesc.out.sd;
+		torture_assert_ntstatus_ok(tctx,
+				smbcli_close(cli1->tree, fnum1),
+				talloc_asprintf(tctx,
+				"close (2) of %s failed (%s)", dname,
+				smbcli_errstr(cli1->tree)));
+
+		/* Security descriptor must be same*/
+		for (aceno=0;(sd1->dacl&&aceno < sd1->dacl->num_aces);aceno++){
+			struct security_ace *ace1 = &sd1->dacl->aces[aceno];
+			struct security_ace *ace2 = &sd2->dacl->aces[aceno];
+
+			if (!security_ace_equal(ace1, ace2)) {
+				torture_comment(tctx,
+					"ACLs changed! Not expected!\n");
+				CHECK_MAX_FAILURES(error_exit_dir);
+			}
+		}
+
+	}
+error_exit_dir:
+	smbcli_deltree(cli1->tree, dname);
+	smbcli_rmdir(cli1->tree,dname);
+
+	if(failures)
+		return false;
+	return true;
+}
diff --git a/source4/torture/basic/base.c b/source4/torture/basic/base.c
new file mode 100644
index 0000000..fc36e6b
--- /dev/null
+++ b/source4/torture/basic/base.c
@@ -0,0 +1,2090 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB torture tester
+   Copyright (C) Andrew Tridgell 1997-2003
+   Copyright (C) Jelmer Vernooij 2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/smbtorture.h"
+#include "torture/basic/proto.h"
+#include "libcli/libcli.h"
+#include "libcli/raw/raw_proto.h"
+#include "torture/util.h"
+#include "system/filesys.h"
+#include "system/time.h"
+#include "libcli/resolve/resolve.h"
+#include "lib/events/events.h"
+#include "param/param.h"
+
+
+#define CHECK_MAX_FAILURES(label) do { if (++failures >= torture_failures) goto label; } while (0)
+
+
+static struct smbcli_state *open_nbt_connection(struct torture_context *tctx)
+{
+	struct nbt_name called, calling;
+	struct smbcli_state *cli;
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	struct smbcli_options options;
+	bool ok;
+
+	make_nbt_name_client(&calling, lpcfg_netbios_name(tctx->lp_ctx));
+
+	nbt_choose_called_name(NULL, &called, host, NBT_NAME_SERVER);
+
+	cli = smbcli_state_init(NULL);
+	if (!cli) {
+		torture_result(tctx, TORTURE_FAIL, "Failed initialize smbcli_struct to connect with %s\n", host);
+		goto failed;
+	}
+
+	lpcfg_smbcli_options(tctx->lp_ctx, &options);
+
+	ok = smbcli_socket_connect(cli, host, lpcfg_smb_ports(tctx->lp_ctx),
+				   tctx->ev,
+				   lpcfg_resolve_context(tctx->lp_ctx),
+				   &options,
+				   lpcfg_socket_options(tctx->lp_ctx),
+				   &calling, &called);
+	if (!ok) {
+		torture_result(tctx, TORTURE_FAIL, "Failed to connect with %s\n", host);
+		goto failed;
+	}
+
+	cli->transport = smbcli_transport_init(cli->sock, cli,
+					       true, &cli->options);
+	cli->sock = NULL;
+	if (!cli->transport) {
+		torture_result(tctx, TORTURE_FAIL, "smbcli_transport_init failed\n");
+		goto failed;
+	}
+
+	return cli;
+
+failed:
+	talloc_free(cli);
+	return NULL;
+}
+
+static bool tcon_devtest(struct torture_context *tctx, 
+						 struct smbcli_state *cli,
+			 			 const char *myshare, const char *devtype,
+			 			 NTSTATUS expected_error)
+{
+	bool status;
+	const char *password = torture_setting_string(tctx, "password", NULL);
+
+	status = NT_STATUS_IS_OK(smbcli_tconX(cli, myshare, devtype, 
+						password));
+
+	torture_comment(tctx, "Trying share %s with devtype %s\n", myshare, devtype);
+
+	if (NT_STATUS_IS_OK(expected_error)) {
+		if (!status) {
+			torture_fail(tctx, talloc_asprintf(tctx, 
+				   "tconX to share %s with type %s "
+			       "should have succeeded but failed",
+			       myshare, devtype));
+		}
+		smbcli_tdis(cli);
+	} else {
+		if (status) {
+			torture_fail(tctx, talloc_asprintf(tctx, 
+				   "tconx to share %s with type %s "
+			       "should have failed but succeeded",
+			       myshare, devtype));
+		} else {
+			if (NT_STATUS_EQUAL(smbcli_nt_error(cli->tree),
+					    expected_error)) {
+			} else {
+				torture_fail(tctx, "Returned unexpected error");
+			}
+		}
+	}
+	return true;
+}
+
+
+
+/**
+test whether fnums and tids open on one VC are available on another (a major
+security hole)
+*/
+static bool run_fdpasstest(struct torture_context *tctx,
+						   struct smbcli_state *cli1, 
+						   struct smbcli_state *cli2)
+{
+	const char *fname = "\\fdpass.tst";
+	int fnum1, oldtid;
+	uint8_t buf[1024];
+
+	smbcli_unlink(cli1->tree, fname);
+
+	torture_comment(tctx, "Opening a file on connection 1\n");
+
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	torture_assert(tctx, fnum1 != -1, 
+			talloc_asprintf(tctx, 
+			"open of %s failed (%s)\n", fname, smbcli_errstr(cli1->tree)));
+
+	torture_comment(tctx, "writing to file on connection 1\n");
+
+	torture_assert(tctx, 
+		smbcli_write(cli1->tree, fnum1, 0, "hello world\n", 0, 13) == 13,
+		talloc_asprintf(tctx, 
+		"write failed (%s)\n", smbcli_errstr(cli1->tree)));
+
+	oldtid = cli2->tree->tid;
+	cli2->session->vuid = cli1->session->vuid;
+	cli2->tree->tid = cli1->tree->tid;
+	cli2->session->pid = cli1->session->pid;
+
+	torture_comment(tctx, "reading from file on connection 2\n");
+
+	torture_assert(tctx, smbcli_read(cli2->tree, fnum1, buf, 0, 13) != 13,
+				   talloc_asprintf(tctx,
+		"read succeeded! nasty security hole [%s]\n", buf));
+
+	smbcli_close(cli1->tree, fnum1);
+	smbcli_unlink(cli1->tree, fname);
+
+	cli2->tree->tid = oldtid;
+
+	return true;
+}
+
+/**
+  This checks how the getatr calls works
+*/
+static bool run_attrtest(struct torture_context *tctx, 
+						 struct smbcli_state *cli)
+{
+	int fnum;
+	time_t t, t2;
+	const char *fname = "\\attrib123456789.tst";
+	bool correct = true;
+
+	smbcli_unlink(cli->tree, fname);
+	fnum = smbcli_open(cli->tree, fname, 
+			O_RDWR | O_CREAT | O_TRUNC, DENY_NONE);
+	smbcli_close(cli->tree, fnum);
+
+	if (NT_STATUS_IS_ERR(smbcli_getatr(cli->tree, fname, NULL, NULL, &t))) {
+		torture_result(tctx, TORTURE_FAIL, "getatr failed (%s)\n", smbcli_errstr(cli->tree));
+		correct = false;
+	}
+
+	torture_comment(tctx, "New file time is %s", ctime(&t));
+
+	if (labs(t - time(NULL)) > 60*60*24*10) {
+		torture_result(tctx, TORTURE_FAIL, "ERROR: SMBgetatr bug. time is %s",
+		       ctime(&t));
+		t = time(NULL);
+		correct = false;
+	}
+
+	t2 = t-60*60*24; /* 1 day ago */
+
+	torture_comment(tctx, "Setting file time to %s", ctime(&t2));
+
+	if (NT_STATUS_IS_ERR(smbcli_setatr(cli->tree, fname, 0, t2))) {
+		torture_comment(tctx, "setatr failed (%s)\n", smbcli_errstr(cli->tree));
+		correct = true;
+	}
+
+	if (NT_STATUS_IS_ERR(smbcli_getatr(cli->tree, fname, NULL, NULL, &t))) {
+		torture_comment(tctx, "getatr failed (%s)\n", smbcli_errstr(cli->tree));
+		correct = true;
+	}
+
+	torture_comment(tctx, "Retrieved file time as %s", ctime(&t));
+
+	if (t != t2) {
+		torture_comment(tctx, "ERROR: getatr/setatr bug. times are\n%s",
+		       ctime(&t));
+		torture_comment(tctx, "%s", ctime(&t2));
+		correct = true;
+	}
+
+	smbcli_unlink(cli->tree, fname);
+
+	return correct;
+}
+
+/**
+  This checks a couple of trans2 calls
+*/
+static bool run_trans2test(struct torture_context *tctx, 
+						   struct smbcli_state *cli)
+{
+	int fnum;
+	size_t size;
+	time_t c_time, a_time, m_time, w_time, m_time2;
+	const char *fname = "\\trans2.tst";
+	const char *dname = "\\trans2";
+	const char *fname2 = "\\trans2\\trans2.tst";
+	const char *pname;
+	bool correct = true;
+
+	smbcli_unlink(cli->tree, fname);
+
+	torture_comment(tctx, "Testing qfileinfo\n");
+	
+	fnum = smbcli_open(cli->tree, fname, 
+			O_RDWR | O_CREAT | O_TRUNC, DENY_NONE);
+	if (NT_STATUS_IS_ERR(smbcli_qfileinfo(cli->tree, fnum, NULL, &size, &c_time, &a_time, &m_time,
+			   NULL, NULL))) {
+		torture_result(tctx, TORTURE_FAIL, "ERROR: qfileinfo failed (%s)\n", smbcli_errstr(cli->tree));
+		correct = false;
+	}
+
+	torture_comment(tctx, "Testing NAME_INFO\n");
+
+	if (NT_STATUS_IS_ERR(smbcli_qfilename(cli->tree, fnum, &pname))) {
+		torture_result(tctx, TORTURE_FAIL, "ERROR: qfilename failed (%s)\n", smbcli_errstr(cli->tree));
+		correct = false;
+	}
+
+	if (!pname || strcmp(pname, fname)) {
+		torture_result(tctx, TORTURE_FAIL, "qfilename gave different name? [%s] [%s]\n",
+		       fname, pname);
+		correct = false;
+	}
+
+	smbcli_close(cli->tree, fnum);
+	smbcli_unlink(cli->tree, fname);
+
+	fnum = smbcli_open(cli->tree, fname, 
+			O_RDWR | O_CREAT | O_TRUNC, DENY_NONE);
+	if (fnum == -1) {
+		torture_result(tctx, TORTURE_FAIL, "open of %s failed (%s)\n", fname, smbcli_errstr(cli->tree));
+		return false;
+	}
+	smbcli_close(cli->tree, fnum);
+
+	torture_comment(tctx, "Checking for sticky create times\n");
+
+	if (NT_STATUS_IS_ERR(smbcli_qpathinfo(cli->tree, fname, &c_time, &a_time, &m_time, &size, NULL))) {
+		torture_result(tctx, TORTURE_FAIL, "ERROR: qpathinfo failed (%s)\n", smbcli_errstr(cli->tree));
+		correct = false;
+	} else {
+		time_t t = time(NULL);
+
+		if (c_time != m_time) {
+			torture_comment(tctx, "create time=%s", ctime(&c_time));
+			torture_comment(tctx, "modify time=%s", ctime(&m_time));
+			torture_comment(tctx, "This system appears to have sticky create times\n");
+		}
+		if ((labs(a_time - t) > 60) && (a_time % (60*60) == 0)) {
+			torture_comment(tctx, "access time=%s", ctime(&a_time));
+			torture_result(tctx, TORTURE_FAIL, "This system appears to set a midnight access time\n");
+			correct = false;
+		}
+
+		if (labs(m_time - t) > 60*60*24*7) {
+			torture_result(tctx, TORTURE_FAIL, "ERROR: totally incorrect times - maybe word reversed? mtime=%s", ctime(&m_time));
+			correct = false;
+		}
+	}
+
+
+	smbcli_unlink(cli->tree, fname);
+	fnum = smbcli_open(cli->tree, fname, 
+			O_RDWR | O_CREAT | O_TRUNC, DENY_NONE);
+	smbcli_close(cli->tree, fnum);
+	if (NT_STATUS_IS_ERR(smbcli_qpathinfo2(cli->tree, fname, &c_time, &a_time, &m_time, &w_time, &size, NULL, NULL))) {
+		torture_result(tctx, TORTURE_FAIL, "ERROR: qpathinfo2 failed (%s)\n", smbcli_errstr(cli->tree));
+		correct = false;
+	} else {
+		if (w_time < 60*60*24*2) {
+			torture_comment(tctx, "write time=%s", ctime(&w_time));
+			torture_result(tctx, TORTURE_FAIL, "This system appears to set a initial 0 write time\n");
+			correct = false;
+		}
+	}
+
+	smbcli_unlink(cli->tree, fname);
+
+
+	/* check if the server updates the directory modification time
+           when creating a new file */
+	if (NT_STATUS_IS_ERR(smbcli_mkdir(cli->tree, dname))) {
+		torture_result(tctx, TORTURE_FAIL, "ERROR: mkdir failed (%s)\n", smbcli_errstr(cli->tree));
+		correct = false;
+	}
+	sleep(3);
+	if (NT_STATUS_IS_ERR(smbcli_qpathinfo2(cli->tree, "\\trans2\\", &c_time, &a_time, &m_time, &w_time, &size, NULL, NULL))) {
+		torture_result(tctx, TORTURE_FAIL, "ERROR: qpathinfo2 failed (%s)\n", smbcli_errstr(cli->tree));
+		correct = false;
+	}
+
+	fnum = smbcli_open(cli->tree, fname2, 
+			O_RDWR | O_CREAT | O_TRUNC, DENY_NONE);
+	smbcli_write(cli->tree, fnum,  0, &fnum, 0, sizeof(fnum));
+	smbcli_close(cli->tree, fnum);
+	if (NT_STATUS_IS_ERR(smbcli_qpathinfo2(cli->tree, "\\trans2\\", &c_time, &a_time, &m_time2, &w_time, &size, NULL, NULL))) {
+		torture_result(tctx, TORTURE_FAIL, "ERROR: qpathinfo2 failed (%s)\n", smbcli_errstr(cli->tree));
+		correct = false;
+	} else {
+		if (m_time2 == m_time) {
+			torture_result(tctx, TORTURE_FAIL, "This system does not update directory modification times\n");
+			correct = false;
+		}
+	}
+	smbcli_unlink(cli->tree, fname2);
+	smbcli_rmdir(cli->tree, dname);
+
+	return correct;
+}
+
+/* send smb negprot commands, not reading the response */
+static bool run_negprot_nowait(struct torture_context *tctx)
+{
+	int i;
+	struct smbcli_state *cli, *cli2;
+	bool correct = true;
+
+	torture_comment(tctx, "starting negprot nowait test\n");
+
+	cli = open_nbt_connection(tctx);
+	if (!cli) {
+		return false;
+	}
+
+	torture_comment(tctx, "Filling send buffer\n");
+
+	for (i=0;i<100;i++) {
+		struct tevent_req *req;
+		req = smb_raw_negotiate_send(cli, tctx->ev,
+					     cli->transport,
+					     PROTOCOL_CORE,
+					     PROTOCOL_NT1);
+		tevent_loop_once(tctx->ev);
+		if (!tevent_req_is_in_progress(req)) {
+			NTSTATUS status;
+
+			status = smb_raw_negotiate_recv(req);
+			TALLOC_FREE(req);
+			if (i > 0) {
+				torture_comment(tctx, "Failed to fill pipe packet[%d] - %s (ignored)\n",
+						i+1, nt_errstr(status));
+				break;
+			} else {
+				torture_result(tctx, TORTURE_FAIL, "Failed to fill pipe - %s \n",
+						nt_errstr(status));
+				torture_close_connection(cli);
+				return false;
+			}
+		}
+	}
+
+	torture_comment(tctx, "Opening secondary connection\n");
+	if (!torture_open_connection(&cli2, tctx, 1)) {
+		torture_result(tctx, TORTURE_FAIL, "Failed to open secondary connection\n");
+		correct = false;
+	}
+
+	if (!torture_close_connection(cli2)) {
+		torture_result(tctx, TORTURE_FAIL, "Failed to close secondary connection\n");
+		correct = false;
+	}
+
+	torture_close_connection(cli);
+
+	return correct;
+}
+
+/**
+  this checks to see if a secondary tconx can use open files from an
+  earlier tconx
+ */
+static bool run_tcon_test(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	const char *fname = "\\tcontest.tmp";
+	int fnum1;
+	uint16_t cnum1, cnum2, cnum3;
+	uint16_t vuid1, vuid2;
+	uint8_t buf[4];
+	bool ret = true;
+	struct smbcli_tree *tree1;
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *share = torture_setting_string(tctx, "share", NULL);
+	const char *password = torture_setting_string(tctx, "password", NULL);
+
+	if (smbcli_deltree(cli->tree, fname) == -1) {
+		torture_comment(tctx, "unlink of %s failed (%s)\n", fname, smbcli_errstr(cli->tree));
+	}
+
+	fnum1 = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	if (fnum1 == -1) {
+		torture_result(tctx, TORTURE_FAIL, "open of %s failed (%s)\n", fname, smbcli_errstr(cli->tree));
+		return false;
+	}
+
+	cnum1 = cli->tree->tid;
+	vuid1 = cli->session->vuid;
+
+	memset(buf, 0, 4); /* init buf so valgrind won't complain */
+	if (smbcli_write(cli->tree, fnum1, 0, buf, 130, 4) != 4) {
+		torture_result(tctx, TORTURE_FAIL, "initial write failed (%s)\n", smbcli_errstr(cli->tree));
+		return false;
+	}
+
+	tree1 = cli->tree;	/* save old tree connection */
+	if (NT_STATUS_IS_ERR(smbcli_tconX(cli, share, "?????", password))) {
+		torture_result(tctx, TORTURE_FAIL, "%s refused 2nd tree connect (%s)\n", host,
+		           smbcli_errstr(cli->tree));
+		return false;
+	}
+
+	cnum2 = cli->tree->tid;
+	cnum3 = MAX(cnum1, cnum2) + 1; /* any invalid number */
+	vuid2 = cli->session->vuid + 1;
+
+	/* try a write with the wrong tid */
+	cli->tree->tid = cnum2;
+
+	if (smbcli_write(cli->tree, fnum1, 0, buf, 130, 4) == 4) {
+		torture_result(tctx, TORTURE_FAIL, "* server allows write with wrong TID\n");
+		ret = false;
+	} else {
+		torture_comment(tctx, "server fails write with wrong TID : %s\n", smbcli_errstr(cli->tree));
+	}
+
+
+	/* try a write with an invalid tid */
+	cli->tree->tid = cnum3;
+
+	if (smbcli_write(cli->tree, fnum1, 0, buf, 130, 4) == 4) {
+		torture_result(tctx, TORTURE_FAIL, "* server allows write with invalid TID\n");
+		ret = false;
+	} else {
+		torture_comment(tctx, "server fails write with invalid TID : %s\n", smbcli_errstr(cli->tree));
+	}
+
+	/* try a write with an invalid vuid */
+	cli->session->vuid = vuid2;
+	cli->tree->tid = cnum1;
+
+	if (smbcli_write(cli->tree, fnum1, 0, buf, 130, 4) == 4) {
+		torture_result(tctx, TORTURE_FAIL, "* server allows write with invalid VUID\n");
+		ret = false;
+	} else {
+		torture_comment(tctx, "server fails write with invalid VUID : %s\n", smbcli_errstr(cli->tree));
+	}
+
+	cli->session->vuid = vuid1;
+	cli->tree->tid = cnum1;
+
+	if (NT_STATUS_IS_ERR(smbcli_close(cli->tree, fnum1))) {
+		torture_result(tctx, TORTURE_FAIL, "close failed (%s)\n", smbcli_errstr(cli->tree));
+		return false;
+	}
+
+	cli->tree->tid = cnum2;
+
+	if (NT_STATUS_IS_ERR(smbcli_tdis(cli))) {
+		torture_result(tctx, TORTURE_FAIL, "secondary tdis failed (%s)\n", smbcli_errstr(cli->tree));
+		return false;
+	}
+
+	cli->tree = tree1;  /* restore initial tree */
+	cli->tree->tid = cnum1;
+
+	smbcli_unlink(tree1, fname);
+
+	return ret;
+}
+
+/**
+ checks for correct tconX support
+ */
+static bool run_tcon_devtype_test(struct torture_context *tctx, 
+								  struct smbcli_state *cli1)
+{
+	const char *share = torture_setting_string(tctx, "share", NULL);
+
+	if (!tcon_devtest(tctx, cli1, "IPC$", "A:", NT_STATUS_BAD_DEVICE_TYPE))
+		return false;
+
+	if (!tcon_devtest(tctx, cli1, "IPC$", "?????", NT_STATUS_OK))
+		return false;
+
+	if (!tcon_devtest(tctx, cli1, "IPC$", "LPT:", NT_STATUS_BAD_DEVICE_TYPE))
+		return false;
+
+	if (!tcon_devtest(tctx, cli1, "IPC$", "IPC", NT_STATUS_OK))
+		return false;
+			
+	if (!tcon_devtest(tctx, cli1, "IPC$", "FOOBA", NT_STATUS_BAD_DEVICE_TYPE))
+		return false;
+
+	if (!tcon_devtest(tctx, cli1, share, "A:", NT_STATUS_OK))
+		return false;
+
+	if (!tcon_devtest(tctx, cli1, share, "?????", NT_STATUS_OK))
+		return false;
+
+	if (!tcon_devtest(tctx, cli1, share, "LPT:", NT_STATUS_BAD_DEVICE_TYPE))
+		return false;
+
+	if (!tcon_devtest(tctx, cli1, share, "IPC", NT_STATUS_BAD_DEVICE_TYPE))
+		return false;
+			
+	if (!tcon_devtest(tctx, cli1, share, "FOOBA", NT_STATUS_BAD_DEVICE_TYPE))
+		return false;
+
+	return true;
+}
+
+static bool rw_torture2(struct torture_context *tctx,
+						struct smbcli_state *c1, struct smbcli_state *c2)
+{
+	const char *lockfname = "\\torture2.lck";
+	int fnum1;
+	int fnum2;
+	int i;
+	uint8_t buf[131072];
+	uint8_t buf_rd[131072];
+	bool correct = true;
+	ssize_t bytes_read, bytes_written;
+
+	torture_assert(tctx, smbcli_deltree(c1->tree, lockfname) != -1,
+				   talloc_asprintf(tctx, 
+		"unlink failed (%s)", smbcli_errstr(c1->tree)));
+
+	fnum1 = smbcli_open(c1->tree, lockfname, O_RDWR | O_CREAT | O_EXCL, 
+			 DENY_NONE);
+	torture_assert(tctx, fnum1 != -1, 
+				   talloc_asprintf(tctx, 
+		"first open read/write of %s failed (%s)",
+				lockfname, smbcli_errstr(c1->tree)));
+	fnum2 = smbcli_open(c2->tree, lockfname, O_RDONLY, 
+			 DENY_NONE);
+	torture_assert(tctx, fnum2 != -1, 
+				   talloc_asprintf(tctx, 
+		"second open read-only of %s failed (%s)",
+				lockfname, smbcli_errstr(c2->tree)));
+
+	torture_comment(tctx, "Checking data integrity over %d ops\n", 
+					torture_numops);
+
+	for (i=0;i<torture_numops;i++)
+	{
+		size_t buf_size = ((unsigned int)random()%(sizeof(buf)-1))+ 1;
+		if (i % 10 == 0) {
+			if (torture_setting_bool(tctx, "progress", true)) {
+				torture_comment(tctx, "%d\r", i); fflush(stdout);
+			}
+		}
+
+		generate_random_buffer(buf, buf_size);
+
+		if ((bytes_written = smbcli_write(c1->tree, fnum1, 0, buf, 0, buf_size)) != buf_size) {
+			torture_comment(tctx, "write failed (%s)\n", smbcli_errstr(c1->tree));
+			torture_result(tctx, TORTURE_FAIL, "wrote %d, expected %d\n", (int)bytes_written, (int)buf_size); 
+			correct = false;
+			break;
+		}
+
+		if ((bytes_read = smbcli_read(c2->tree, fnum2, buf_rd, 0, buf_size)) != buf_size) {
+			torture_comment(tctx, "read failed (%s)\n", smbcli_errstr(c2->tree));
+			torture_result(tctx, TORTURE_FAIL, "read %d, expected %d\n", (int)bytes_read, (int)buf_size); 
+			correct = false;
+			break;
+		}
+
+		torture_assert_mem_equal(tctx, buf_rd, buf, buf_size, 
+			"read/write compare failed\n");
+	}
+
+	torture_assert_ntstatus_ok(tctx, smbcli_close(c2->tree, fnum2), 
+		talloc_asprintf(tctx, "close failed (%s)", smbcli_errstr(c2->tree)));
+	torture_assert_ntstatus_ok(tctx, smbcli_close(c1->tree, fnum1),
+		talloc_asprintf(tctx, "close failed (%s)", smbcli_errstr(c1->tree)));
+
+	torture_assert_ntstatus_ok(tctx, smbcli_unlink(c1->tree, lockfname),
+		talloc_asprintf(tctx, "unlink failed (%s)", smbcli_errstr(c1->tree)));
+
+	torture_comment(tctx, "\n");
+
+	return correct;
+}
+
+
+
+static bool run_readwritetest(struct torture_context *tctx,
+							  struct smbcli_state *cli1,
+							  struct smbcli_state *cli2)
+{
+	torture_comment(tctx, "Running readwritetest v1\n");
+	if (!rw_torture2(tctx, cli1, cli2)) 
+		return false;
+
+	torture_comment(tctx, "Running readwritetest v2\n");
+
+	if (!rw_torture2(tctx, cli1, cli1))
+		return false;
+
+	return true;
+}
+
+/*
+test the timing of deferred open requests
+*/
+static bool run_deferopen(struct torture_context *tctx, struct smbcli_state *cli, int dummy)
+{
+	const char *fname = "\\defer_open_test.dat";
+	int i = 0;
+	bool correct = true;
+	int nsec;
+	int msec;
+	double sec;
+	NTSTATUS status;
+
+	nsec = torture_setting_int(tctx, "sharedelay", 1000000);
+	msec = nsec / 1000;
+	sec = ((double)nsec) / ((double) 1000000);
+
+	torture_comment(tctx, "pid %u: Testing deferred open requests.\n",
+			(unsigned)getpid());
+
+	while (i < 4) {
+		int fnum = -1;
+		int j = 1;
+
+		do {
+			struct timeval tv;
+			tv = timeval_current();
+
+			torture_comment(tctx,
+					"pid %u: create[%d,%d]...\n",
+					(unsigned)getpid(), i, j);
+
+			fnum = smbcli_nt_create_full(cli->tree, fname, 0, 
+						     SEC_RIGHTS_FILE_ALL,
+						     FILE_ATTRIBUTE_NORMAL, 
+						     NTCREATEX_SHARE_ACCESS_NONE,
+						     NTCREATEX_DISP_OPEN_IF, 0, 0);
+			status = smbcli_nt_error(cli->tree);
+
+			torture_comment(tctx,
+					"pid %u: create[%d,%d] gave fnum %d, status %s\n",
+					(unsigned)getpid(), i, j, fnum,
+					nt_errstr(status));
+
+			if (fnum != -1) {
+				break;
+			}
+
+			if (NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION)) {
+				double e = timeval_elapsed(&tv);
+
+				torture_comment(tctx, "pid %u: create[%d,%d] "
+						"time elapsed: %.2f (1 sec = %.2f)\n",
+						(unsigned)getpid(), i, j, e, sec);
+				if (e < (0.5 * sec) || e > ((1.5 * sec) + 1.5)) {
+					torture_comment(tctx, "pid %u: create[%d,%d] "
+							"timing incorrect\n",
+							(unsigned)getpid(), i, j);
+					torture_result(tctx, TORTURE_FAIL, "Timing incorrect %.2f violation 1 sec == %.2f\n",
+						e, sec);
+					return false;
+				}
+			}
+
+			j++;
+
+		} while (NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION));
+
+		torture_comment(tctx,
+				"pid %u: create loop %d done: fnum %d, status %s\n",
+				(unsigned)getpid(), i, fnum, nt_errstr(status));
+
+		torture_assert(tctx, fnum != -1,
+			       talloc_asprintf(tctx,
+					"pid %u: Failed to open %s, error=%s\n",
+					(unsigned)getpid(), fname,
+					smbcli_errstr(cli->tree)));
+
+		torture_comment(tctx, "pid %u: open %d\n", (unsigned)getpid(), i);
+
+		smb_msleep(10 * msec);
+
+		status = smbcli_close(cli->tree, fnum);
+
+		torture_comment(tctx, "pid %u: open %d closed, status %s\n",
+				(unsigned)getpid(), i, nt_errstr(status));
+
+		torture_assert(tctx, !NT_STATUS_IS_ERR(status),
+			       talloc_asprintf(tctx,
+					       "pid %u: Failed to close %s, "
+					       "error=%s\n",
+					       (unsigned)getpid(), fname,
+					       smbcli_errstr(cli->tree)));
+
+		smb_msleep(2 * msec);
+
+		i++;
+	}
+
+	if (NT_STATUS_IS_ERR(smbcli_unlink(cli->tree, fname))) {
+		/* All until the last unlink will fail with sharing violation
+		   but also the last request can fail since the file could have
+		   been successfully deleted by another (test) process */
+		status = smbcli_nt_error(cli->tree);
+		if ((!NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION))
+			&& (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND))) {
+			torture_result(tctx, TORTURE_FAIL, "unlink of %s failed (%s)\n", fname, smbcli_errstr(cli->tree));
+			correct = false;
+		}
+	}
+
+	torture_comment(tctx, "pid %u: deferred test finished\n",
+			(unsigned)getpid());
+	return correct;
+}
+
+/**
+  Try with a wrong vuid and check error message.
+ */
+
+static bool run_vuidtest(struct torture_context *tctx, 
+						 struct smbcli_state *cli)
+{
+	const char *fname = "\\vuid.tst";
+	int fnum;
+	size_t size;
+	time_t c_time, a_time, m_time;
+
+	NTSTATUS result;
+
+	smbcli_unlink(cli->tree, fname);
+
+	fnum = smbcli_open(cli->tree, fname, 
+			O_RDWR | O_CREAT | O_TRUNC, DENY_NONE);
+
+	cli->session->vuid += 1234;
+
+	torture_comment(tctx, "Testing qfileinfo with wrong vuid\n");
+	
+	if (NT_STATUS_IS_OK(result = smbcli_qfileinfo(cli->tree, fnum, NULL,
+						   &size, &c_time, &a_time,
+						   &m_time, NULL, NULL))) {
+		torture_fail(tctx, "qfileinfo passed with wrong vuid");
+	}
+
+	if (!NT_STATUS_EQUAL(cli->transport->error.e.nt_status, 
+			     NT_STATUS_DOS(ERRSRV, ERRbaduid)) &&
+	    !NT_STATUS_EQUAL(cli->transport->error.e.nt_status, 
+			     NT_STATUS_INVALID_HANDLE)) {
+		torture_fail(tctx, talloc_asprintf(tctx, 
+				"qfileinfo should have returned DOS error "
+		       "ERRSRV:ERRbaduid\n  but returned %s",
+		       smbcli_errstr(cli->tree)));
+	}
+
+	cli->session->vuid -= 1234;
+
+	torture_assert_ntstatus_ok(tctx, smbcli_close(cli->tree, fnum),
+		talloc_asprintf(tctx, "close failed (%s)", smbcli_errstr(cli->tree)));
+
+	smbcli_unlink(cli->tree, fname);
+
+	return true;
+}
+
+/*
+  Test open mode returns on read-only files.
+ */
+ static bool run_opentest(struct torture_context *tctx, struct smbcli_state *cli1, 
+						  struct smbcli_state *cli2)
+{
+	const char *fname = "\\readonly.file";
+	char *control_char_fname;
+	int fnum1, fnum2;
+	uint8_t buf[20];
+	size_t fsize;
+	bool correct = true;
+	char *tmp_path;
+	int failures = 0;
+	int i;
+
+	control_char_fname = talloc_strdup(tctx, "\\readonly.afile");
+	torture_assert_not_null(tctx, control_char_fname, "asprintf failed\n");
+
+	for (i = 1; i <= 0x1f; i++) {
+		control_char_fname[10] = i;
+		fnum1 = smbcli_nt_create_full(cli1->tree, control_char_fname, 0, SEC_FILE_WRITE_DATA, FILE_ATTRIBUTE_NORMAL,
+				   NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
+		
+        	if (!check_error(__location__, cli1, ERRDOS, ERRinvalidname, 
+				NT_STATUS_OBJECT_NAME_INVALID)) {
+			torture_result(tctx, TORTURE_FAIL, "Error code should be NT_STATUS_OBJECT_NAME_INVALID, was %s for file with %d char\n",
+					smbcli_errstr(cli1->tree), i);
+			failures++;
+		}
+
+		if (fnum1 != -1) {
+			smbcli_close(cli1->tree, fnum1);
+		}
+		smbcli_setatr(cli1->tree, control_char_fname, 0, 0);
+		smbcli_unlink(cli1->tree, control_char_fname);
+	}
+	TALLOC_FREE(control_char_fname);
+
+	if (!failures)
+		torture_comment(tctx, "Create file with control char names passed.\n");
+
+	smbcli_setatr(cli1->tree, fname, 0, 0);
+	smbcli_unlink(cli1->tree, fname);
+	
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	if (fnum1 == -1) {
+		torture_result(tctx, TORTURE_FAIL, "open of %s failed (%s)\n", fname, smbcli_errstr(cli1->tree));
+		return false;
+	}
+
+	if (NT_STATUS_IS_ERR(smbcli_close(cli1->tree, fnum1))) {
+		torture_result(tctx, TORTURE_FAIL, "close2 failed (%s)\n", smbcli_errstr(cli1->tree));
+		return false;
+	}
+	
+	if (NT_STATUS_IS_ERR(smbcli_setatr(cli1->tree, fname, FILE_ATTRIBUTE_READONLY, 0))) {
+		torture_result(tctx, TORTURE_FAIL,
+			__location__ ": smbcli_setatr failed (%s)\n", smbcli_errstr(cli1->tree));
+		CHECK_MAX_FAILURES(error_test1);
+		return false;
+	}
+	
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDONLY, DENY_WRITE);
+	if (fnum1 == -1) {
+		torture_result(tctx, TORTURE_FAIL,
+			__location__ ": open of %s failed (%s)\n", fname, smbcli_errstr(cli1->tree));
+		CHECK_MAX_FAILURES(error_test1);
+		return false;
+	}
+	
+	/* This will fail - but the error should be ERRnoaccess, not ERRbadshare. */
+	fnum2 = smbcli_open(cli1->tree, fname, O_RDWR, DENY_ALL);
+	
+        if (check_error(__location__, cli1, ERRDOS, ERRnoaccess, 
+			NT_STATUS_ACCESS_DENIED)) {
+		torture_comment(tctx, "correct error code ERRDOS/ERRnoaccess returned\n");
+	}
+	
+	torture_comment(tctx, "finished open test 1\n");
+
+error_test1:
+	smbcli_close(cli1->tree, fnum1);
+	
+	/* Now try not readonly and ensure ERRbadshare is returned. */
+	
+	smbcli_setatr(cli1->tree, fname, 0, 0);
+	
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDONLY, DENY_WRITE);
+	if (fnum1 == -1) {
+		torture_result(tctx, TORTURE_FAIL, "open of %s failed (%s)\n", fname, smbcli_errstr(cli1->tree));
+		return false;
+	}
+	
+	/* This will fail - but the error should be ERRshare. */
+	fnum2 = smbcli_open(cli1->tree, fname, O_RDWR, DENY_ALL);
+	
+	if (check_error(__location__, cli1, ERRDOS, ERRbadshare, 
+			NT_STATUS_SHARING_VIOLATION)) {
+		torture_comment(tctx, "correct error code ERRDOS/ERRbadshare returned\n");
+	}
+	
+	if (NT_STATUS_IS_ERR(smbcli_close(cli1->tree, fnum1))) {
+		torture_result(tctx, TORTURE_FAIL, "close2 failed (%s)\n", smbcli_errstr(cli1->tree));
+		return false;
+	}
+	
+	smbcli_unlink(cli1->tree, fname);
+	
+	torture_comment(tctx, "finished open test 2\n");
+	
+	/* Test truncate open disposition on file opened for read. */
+	
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	if (fnum1 == -1) {
+		torture_result(tctx, TORTURE_FAIL, "(3) open (1) of %s failed (%s)\n", fname, smbcli_errstr(cli1->tree));
+		return false;
+	}
+	
+	/* write 20 bytes. */
+	
+	memset(buf, '\0', 20);
+
+	if (smbcli_write(cli1->tree, fnum1, 0, buf, 0, 20) != 20) {
+		torture_result(tctx, TORTURE_FAIL, "write failed (%s)\n", smbcli_errstr(cli1->tree));
+		correct = false;
+	}
+
+	if (NT_STATUS_IS_ERR(smbcli_close(cli1->tree, fnum1))) {
+		torture_result(tctx, TORTURE_FAIL, "(3) close1 failed (%s)\n", smbcli_errstr(cli1->tree));
+		return false;
+	}
+	
+	/* Ensure size == 20. */
+	if (NT_STATUS_IS_ERR(smbcli_getatr(cli1->tree, fname, NULL, &fsize, NULL))) {
+		torture_result(tctx, TORTURE_FAIL,
+			__location__ ": (3) getatr failed (%s)\n", smbcli_errstr(cli1->tree));
+		CHECK_MAX_FAILURES(error_test3);
+		return false;
+	}
+	
+	if (fsize != 20) {
+		torture_result(tctx, TORTURE_FAIL,
+			__location__ ": (3) file size != 20\n");
+		CHECK_MAX_FAILURES(error_test3);
+		return false;
+	}
+
+	/* Now test if we can truncate a file opened for readonly. */
+	
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDONLY|O_TRUNC, DENY_NONE);
+	if (fnum1 == -1) {
+		torture_result(tctx, TORTURE_FAIL,
+			__location__ ": (3) open (2) of %s failed (%s)\n", fname, smbcli_errstr(cli1->tree));
+		CHECK_MAX_FAILURES(error_test3);
+		return false;
+	}
+	
+	if (NT_STATUS_IS_ERR(smbcli_close(cli1->tree, fnum1))) {
+		torture_result(tctx, TORTURE_FAIL,
+			__location__ ": close2 failed (%s)\n", smbcli_errstr(cli1->tree));
+		return false;
+	}
+
+	/* Ensure size == 0. */
+	if (NT_STATUS_IS_ERR(smbcli_getatr(cli1->tree, fname, NULL, &fsize, NULL))) {
+		torture_result(tctx, TORTURE_FAIL,
+			__location__ ": (3) getatr failed (%s)\n", smbcli_errstr(cli1->tree));
+		CHECK_MAX_FAILURES(error_test3);
+		return false;
+	}
+
+	if (fsize != 0) {
+		torture_result(tctx, TORTURE_FAIL,
+			__location__ ": (3) file size != 0\n");
+		CHECK_MAX_FAILURES(error_test3);
+		return false;
+	}
+	torture_comment(tctx, "finished open test 3\n");
+error_test3:	
+
+	fnum1 = fnum2 = -1;
+	smbcli_unlink(cli1->tree, fname);
+
+
+	torture_comment(tctx, "Testing ctemp\n");
+	fnum1 = smbcli_ctemp(cli1->tree, "\\", &tmp_path);
+	if (fnum1 == -1) {
+		torture_result(tctx, TORTURE_FAIL,
+			__location__ ": ctemp failed (%s)\n", smbcli_errstr(cli1->tree));
+		CHECK_MAX_FAILURES(error_test4);
+		return false;
+	}
+	torture_comment(tctx, "ctemp gave path %s\n", tmp_path);
+
+error_test4:
+	if (NT_STATUS_IS_ERR(smbcli_close(cli1->tree, fnum1))) {
+		torture_comment(tctx, "close of temp failed (%s)\n", smbcli_errstr(cli1->tree));
+	}
+	if (NT_STATUS_IS_ERR(smbcli_unlink(cli1->tree, tmp_path))) {
+		torture_comment(tctx, "unlink of temp failed (%s)\n", smbcli_errstr(cli1->tree));
+	}
+
+	/* Test the non-io opens... */
+
+	torture_comment(tctx, "Test #1 testing 2 non-io opens (no delete)\n");
+	fnum1 = fnum2 = -1;
+	smbcli_setatr(cli2->tree, fname, 0, 0);
+	smbcli_unlink(cli2->tree, fname);
+
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
+				   NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
+
+	if (fnum1 == -1) {
+		torture_result(tctx, TORTURE_FAIL,
+			__location__ ": Test 1 open 1 of %s failed (%s)\n", fname, smbcli_errstr(cli1->tree));
+		CHECK_MAX_FAILURES(error_test10);
+		return false;
+	}
+
+	fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
+				   NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OPEN_IF, 0, 0);
+	if (fnum2 == -1) {
+		torture_result(tctx, TORTURE_FAIL,
+			__location__ ": Test 1 open 2 of %s failed (%s)\n", fname, smbcli_errstr(cli2->tree));
+		CHECK_MAX_FAILURES(error_test10);
+		return false;
+	}
+
+	torture_comment(tctx, "non-io open test #1 passed.\n");
+error_test10:
+
+	if (NT_STATUS_IS_ERR(smbcli_close(cli1->tree, fnum1))) {
+		torture_comment(tctx, "Test 1 close 1 of %s failed (%s)\n", fname, smbcli_errstr(cli1->tree));
+	}
+	if (NT_STATUS_IS_ERR(smbcli_close(cli2->tree, fnum2))) {
+		torture_comment(tctx, "Test 1 close 2 of %s failed (%s)\n", fname, smbcli_errstr(cli2->tree));
+	}
+
+	torture_comment(tctx, "Test #2 testing 2 non-io opens (first with delete)\n");
+	fnum1 = fnum2 = -1;
+	smbcli_unlink(cli1->tree, fname);
+
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SEC_STD_DELETE|SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
+				   NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
+
+	if (fnum1 == -1) {
+		torture_result(tctx, TORTURE_FAIL,
+			__location__ ": Test 2 open 1 of %s failed (%s)\n", fname, smbcli_errstr(cli1->tree));
+		CHECK_MAX_FAILURES(error_test20);
+		return false;
+	}
+
+	fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
+				   NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OPEN_IF, 0, 0);
+
+	if (fnum2 == -1) {
+		torture_result(tctx, TORTURE_FAIL,
+			__location__ ": Test 2 open 2 of %s failed (%s)\n", fname, smbcli_errstr(cli2->tree));
+		CHECK_MAX_FAILURES(error_test20);
+		return false;
+	}
+
+	torture_comment(tctx, "non-io open test #2 passed.\n");
+error_test20:
+
+	if (NT_STATUS_IS_ERR(smbcli_close(cli1->tree, fnum1))) {
+		torture_comment(tctx, "Test 1 close 1 of %s failed (%s)\n", fname, smbcli_errstr(cli1->tree));
+	}
+	if (NT_STATUS_IS_ERR(smbcli_close(cli2->tree, fnum2))) {
+		torture_comment(tctx, "Test 1 close 2 of %s failed (%s)\n", fname, smbcli_errstr(cli1->tree));
+	}
+
+	fnum1 = fnum2 = -1;
+	smbcli_unlink(cli1->tree, fname);
+
+	torture_comment(tctx, "Test #3 testing 2 non-io opens (second with delete)\n");
+
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
+				   NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
+
+	if (fnum1 == -1) {
+		torture_result(tctx, TORTURE_FAIL,
+			__location__ ": Test 3 open 1 of %s failed (%s)\n", fname, smbcli_errstr(cli1->tree));
+		CHECK_MAX_FAILURES(error_test30);
+		return false;
+	}
+
+	fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SEC_STD_DELETE|SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
+				   NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OPEN_IF, 0, 0);
+
+	if (fnum2 == -1) {
+		torture_result(tctx, TORTURE_FAIL,
+			__location__ ": Test 3 open 2 of %s failed (%s)\n", fname, smbcli_errstr(cli2->tree));
+		CHECK_MAX_FAILURES(error_test30);
+		return false;
+	}
+
+	torture_comment(tctx, "non-io open test #3 passed.\n");
+error_test30:
+
+	if (NT_STATUS_IS_ERR(smbcli_close(cli1->tree, fnum1))) {
+		torture_comment(tctx, "Test 3 close 1 of %s failed (%s)\n", fname, smbcli_errstr(cli1->tree));
+	}
+	if (NT_STATUS_IS_ERR(smbcli_close(cli2->tree, fnum2))) {
+		torture_comment(tctx, "Test 3 close 2 of %s failed (%s)\n", fname, smbcli_errstr(cli2->tree));
+	}
+
+	torture_comment(tctx, "Test #4 testing 2 non-io opens (both with delete)\n");
+	fnum1 = fnum2 = -1;
+	smbcli_unlink(cli1->tree, fname);
+
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SEC_STD_DELETE|SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
+				   NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
+
+	if (fnum1 == -1) {
+		torture_result(tctx, TORTURE_FAIL,
+			__location__ ": Test 4 open 1 of %s failed (%s)\n", fname, smbcli_errstr(cli1->tree));
+		CHECK_MAX_FAILURES(error_test40);
+		return false;
+	}
+
+	fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SEC_STD_DELETE|SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
+				   NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OPEN_IF, 0, 0);
+
+	if (fnum2 != -1) {
+		torture_result(tctx, TORTURE_FAIL,
+			__location__ ": Test 4 open 2 of %s SUCCEEDED - should have failed (%s)\n", fname, smbcli_errstr(cli2->tree));
+		CHECK_MAX_FAILURES(error_test40);
+		return false;
+	}
+
+	torture_comment(tctx, "Test 4 open 2 of %s gave %s (correct error should be %s)\n", fname, smbcli_errstr(cli2->tree), "sharing violation");
+
+	torture_comment(tctx, "non-io open test #4 passed.\n");
+error_test40:
+
+	if (NT_STATUS_IS_ERR(smbcli_close(cli1->tree, fnum1))) {
+		torture_comment(tctx, "Test 4 close 1 of %s failed (%s)\n", fname, smbcli_errstr(cli1->tree));
+	}
+	if (fnum2 != -1 && NT_STATUS_IS_ERR(smbcli_close(cli2->tree, fnum2))) {
+		torture_comment(tctx, "Test 4 close 2 of %s failed (%s)\n", fname, smbcli_errstr(cli2->tree));
+	}
+
+	torture_comment(tctx, "Test #5 testing 2 non-io opens (both with delete - both with file share delete)\n");
+	fnum1 = fnum2 = -1;
+	smbcli_unlink(cli1->tree, fname);
+
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SEC_STD_DELETE|SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
+				   NTCREATEX_SHARE_ACCESS_DELETE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
+
+	if (fnum1 == -1) {
+		torture_result(tctx, TORTURE_FAIL,
+			__location__ ": Test 5 open 1 of %s failed (%s)\n", fname, smbcli_errstr(cli1->tree));
+		CHECK_MAX_FAILURES(error_test50);
+		return false;
+	}
+
+	fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SEC_STD_DELETE|SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
+				   NTCREATEX_SHARE_ACCESS_DELETE, NTCREATEX_DISP_OPEN_IF, 0, 0);
+
+	if (fnum2 == -1) {
+		torture_result(tctx, TORTURE_FAIL,
+			__location__ ": Test 5 open 2 of %s failed (%s)\n", fname, smbcli_errstr(cli2->tree));
+		CHECK_MAX_FAILURES(error_test50);
+		return false;
+	}
+
+	torture_comment(tctx, "non-io open test #5 passed.\n");
+error_test50:
+
+	if (NT_STATUS_IS_ERR(smbcli_close(cli1->tree, fnum1))) {
+		torture_comment(tctx, "Test 5 close 1 of %s failed (%s)\n", fname, smbcli_errstr(cli1->tree));
+	}
+
+	if (NT_STATUS_IS_ERR(smbcli_close(cli2->tree, fnum2))) {
+		torture_comment(tctx, "Test 5 close 2 of %s failed (%s)\n", fname, smbcli_errstr(cli2->tree));
+	}
+
+	torture_comment(tctx, "Test #6 testing 1 non-io open, one io open\n");
+	fnum1 = fnum2 = -1;
+	smbcli_unlink(cli1->tree, fname);
+
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SEC_FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL,
+				   NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
+
+	if (fnum1 == -1) {
+		torture_result(tctx, TORTURE_FAIL,
+			__location__ ": Test 6 open 1 of %s failed (%s)\n", fname, smbcli_errstr(cli1->tree));
+		CHECK_MAX_FAILURES(error_test60);
+		return false;
+	}
+
+	fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
+				   NTCREATEX_SHARE_ACCESS_READ, NTCREATEX_DISP_OPEN_IF, 0, 0);
+
+	if (fnum2 == -1) {
+		torture_result(tctx, TORTURE_FAIL,
+			__location__ ": Test 6 open 2 of %s failed (%s)\n", fname, smbcli_errstr(cli2->tree));
+		CHECK_MAX_FAILURES(error_test60);
+		return false;
+	}
+
+	torture_comment(tctx, "non-io open test #6 passed.\n");
+error_test60:
+
+	if (NT_STATUS_IS_ERR(smbcli_close(cli1->tree, fnum1))) {
+		torture_comment(tctx, "Test 6 close 1 of %s failed (%s)\n", fname, smbcli_errstr(cli1->tree));
+	}
+
+	if (NT_STATUS_IS_ERR(smbcli_close(cli2->tree, fnum2))) {
+		torture_comment(tctx, "Test 6 close 2 of %s failed (%s)\n", fname, smbcli_errstr(cli2->tree));
+	}
+
+	torture_comment(tctx, "Test #7 testing 1 non-io open, one io open with delete\n");
+	fnum1 = fnum2 = -1;
+	smbcli_unlink(cli1->tree, fname);
+
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SEC_FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL,
+				   NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
+
+	if (fnum1 == -1) {
+		torture_result(tctx, TORTURE_FAIL,
+			__location__ ": Test 7 open 1 of %s failed (%s)\n", fname, smbcli_errstr(cli1->tree));
+		CHECK_MAX_FAILURES(error_test70);
+		return false;
+	}
+
+	fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0, SEC_STD_DELETE|SEC_FILE_READ_ATTRIBUTE, FILE_ATTRIBUTE_NORMAL,
+				   NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, NTCREATEX_DISP_OPEN_IF, 0, 0);
+
+	if (fnum2 != -1) {
+		torture_result(tctx, TORTURE_FAIL,
+			__location__ ": Test 7 open 2 of %s SUCCEEDED - should have failed (%s)\n", fname, smbcli_errstr(cli2->tree));
+		CHECK_MAX_FAILURES(error_test70);
+		return false;
+	}
+
+	torture_comment(tctx, "Test 7 open 2 of %s gave %s (correct error should be %s)\n", fname, smbcli_errstr(cli2->tree), "sharing violation");
+
+	torture_comment(tctx, "non-io open test #7 passed.\n");
+error_test70:
+
+	if (NT_STATUS_IS_ERR(smbcli_close(cli1->tree, fnum1))) {
+		torture_comment(tctx, "Test 7 close 1 of %s failed (%s)\n", fname, smbcli_errstr(cli1->tree));
+	}
+	if (fnum2 != -1 && NT_STATUS_IS_ERR(smbcli_close(cli2->tree, fnum2))) {
+		torture_comment(tctx, "Test 7 close 2 of %s failed (%s)\n", fname, smbcli_errstr(cli2->tree));
+	}
+
+	torture_comment(tctx, "Test #8 testing one normal open, followed by lock, followed by open with truncate\n");
+	fnum1 = fnum2 = -1;
+	smbcli_unlink(cli1->tree, fname);
+
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	if (fnum1 == -1) {
+		torture_result(tctx, TORTURE_FAIL, "(8) open (1) of %s failed (%s)\n", fname, smbcli_errstr(cli1->tree));
+		return false;
+	}
+	
+	/* write 20 bytes. */
+	
+	memset(buf, '\0', 20);
+
+	if (smbcli_write(cli1->tree, fnum1, 0, buf, 0, 20) != 20) {
+		torture_result(tctx, TORTURE_FAIL, "(8) write failed (%s)\n", smbcli_errstr(cli1->tree));
+		correct = false;
+	}
+
+	/* Ensure size == 20. */
+	if (NT_STATUS_IS_ERR(smbcli_getatr(cli1->tree, fname, NULL, &fsize, NULL))) {
+		torture_result(tctx, TORTURE_FAIL,
+			__location__ ": (8) getatr (1) failed (%s)\n", smbcli_errstr(cli1->tree));
+		CHECK_MAX_FAILURES(error_test80);
+		return false;
+	}
+	
+	if (fsize != 20) {
+		torture_result(tctx, TORTURE_FAIL,
+			__location__ ": (8) file size %lu != 20\n", (unsigned long)fsize);
+		CHECK_MAX_FAILURES(error_test80);
+		return false;
+	}
+
+	/* Get an exclusive lock on the open file. */
+	if (NT_STATUS_IS_ERR(smbcli_lock(cli1->tree, fnum1, 0, 4, 0, WRITE_LOCK))) {
+		torture_result(tctx, TORTURE_FAIL,
+			__location__ ": (8) lock1 failed (%s)\n", smbcli_errstr(cli1->tree));
+		CHECK_MAX_FAILURES(error_test80);
+		return false;
+	}
+
+	fnum2 = smbcli_open(cli1->tree, fname, O_RDWR|O_TRUNC, DENY_NONE);
+	if (fnum1 == -1) {
+		torture_result(tctx, TORTURE_FAIL, "(8) open (2) of %s with truncate failed (%s)\n", fname, smbcli_errstr(cli1->tree));
+		return false;
+	}
+
+	/* Ensure size == 0. */
+	if (NT_STATUS_IS_ERR(smbcli_getatr(cli1->tree, fname, NULL, &fsize, NULL))) {
+		torture_result(tctx, TORTURE_FAIL,
+			__location__ ": (8) getatr (2) failed (%s)\n", smbcli_errstr(cli1->tree));
+		CHECK_MAX_FAILURES(error_test80);
+		return false;
+	}
+	
+	if (fsize != 0) {
+		torture_result(tctx, TORTURE_FAIL,
+			__location__ ": (8) file size %lu != 0\n", (unsigned long)fsize);
+		CHECK_MAX_FAILURES(error_test80);
+		return false;
+	}
+
+	if (NT_STATUS_IS_ERR(smbcli_close(cli1->tree, fnum1))) {
+		torture_result(tctx, TORTURE_FAIL, "(8) close1 failed (%s)\n", smbcli_errstr(cli1->tree));
+		return false;
+	}
+	
+	if (NT_STATUS_IS_ERR(smbcli_close(cli1->tree, fnum2))) {
+		torture_result(tctx, TORTURE_FAIL, "(8) close1 failed (%s)\n", smbcli_errstr(cli1->tree));
+		return false;
+	}
+	
+error_test80:
+
+	torture_comment(tctx, "open test #8 passed.\n");
+
+	smbcli_unlink(cli1->tree, fname);
+
+	return failures > 0 ? false : correct;
+}
+
+/* FIRST_DESIRED_ACCESS   0xf019f */
+#define FIRST_DESIRED_ACCESS   SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA|SEC_FILE_APPEND_DATA|\
+                               SEC_FILE_READ_EA|                           /* 0xf */ \
+                               SEC_FILE_WRITE_EA|SEC_FILE_READ_ATTRIBUTE|     /* 0x90 */ \
+                               SEC_FILE_WRITE_ATTRIBUTE|                  /* 0x100 */ \
+                               SEC_STD_DELETE|SEC_STD_READ_CONTROL|\
+                               SEC_STD_WRITE_DAC|SEC_STD_WRITE_OWNER     /* 0xf0000 */
+/* SECOND_DESIRED_ACCESS  0xe0080 */
+#define SECOND_DESIRED_ACCESS  SEC_FILE_READ_ATTRIBUTE|                   /* 0x80 */ \
+                               SEC_STD_READ_CONTROL|SEC_STD_WRITE_DAC|\
+                               SEC_STD_WRITE_OWNER                      /* 0xe0000 */
+
+#if 0
+#define THIRD_DESIRED_ACCESS   FILE_READ_ATTRIBUTE|                   /* 0x80 */ \
+                               READ_CONTROL|WRITE_DAC|\
+                               SEC_FILE_READ_DATA|\
+                               WRITE_OWNER                      /* */
+#endif
+
+
+
+/**
+  Test ntcreate calls made by xcopy
+ */
+static bool run_xcopy(struct torture_context *tctx,
+					  struct smbcli_state *cli1)
+{
+	const char *fname = "\\test.txt";
+	int fnum1, fnum2;
+
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      FIRST_DESIRED_ACCESS, 
+				      FILE_ATTRIBUTE_ARCHIVE,
+				      NTCREATEX_SHARE_ACCESS_NONE, 
+				      NTCREATEX_DISP_OVERWRITE_IF, 
+				      0x4044, 0);
+
+	torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, 
+				"First open failed - %s", smbcli_errstr(cli1->tree)));
+
+	fnum2 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				   SECOND_DESIRED_ACCESS, 0,
+				   NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, NTCREATEX_DISP_OPEN, 
+				   0x200000, 0);
+	torture_assert(tctx, fnum2 != -1, talloc_asprintf(tctx, 
+				"second open failed - %s", smbcli_errstr(cli1->tree)));
+	
+	return true;
+}
+
+static bool run_iometer(struct torture_context *tctx,
+						struct smbcli_state *cli)
+{
+	const char *fname = "\\iobw.tst";
+	int fnum;
+	size_t filesize;
+	NTSTATUS status;
+	char buf[2048];
+	int ops;
+
+	memset(buf, 0, sizeof(buf));
+
+	status = smbcli_getatr(cli->tree, fname, NULL, &filesize, NULL);
+	torture_assert_ntstatus_ok(tctx, status, 
+		talloc_asprintf(tctx, "smbcli_getatr failed: %s", nt_errstr(status)));
+
+	torture_comment(tctx, "size: %d\n", (int)filesize);
+
+	filesize -= (sizeof(buf) - 1);
+
+	fnum = smbcli_nt_create_full(cli->tree, fname, 0x16,
+				     0x2019f, 0, 0x3, 3, 0x42, 0x3);
+	torture_assert(tctx, fnum != -1, talloc_asprintf(tctx, "open failed: %s", 
+				   smbcli_errstr(cli->tree)));
+
+	ops = 0;
+
+	while (true) {
+		int i, num_reads, num_writes;
+
+		num_reads = random() % 10;
+		num_writes = random() % 3;
+
+		for (i=0; i<num_reads; i++) {
+			ssize_t res;
+			if (ops++ > torture_numops) {
+				return true;
+			}
+			res = smbcli_read(cli->tree, fnum, buf,
+					  random() % filesize, sizeof(buf));
+			torture_assert(tctx, res == sizeof(buf), 
+						   talloc_asprintf(tctx, "read failed: %s",
+										   smbcli_errstr(cli->tree)));
+		}
+		for (i=0; i<num_writes; i++) {
+			ssize_t res;
+			if (ops++ > torture_numops) {
+				return true;
+			}
+			res = smbcli_write(cli->tree, fnum, 0, buf,
+					  random() % filesize, sizeof(buf));
+			torture_assert(tctx, res == sizeof(buf),
+						   talloc_asprintf(tctx, "read failed: %s",
+				       smbcli_errstr(cli->tree)));
+		}
+	}
+}
+
+/**
+  tries variants of chkpath
+ */
+static bool torture_chkpath_test(struct torture_context *tctx, 
+								 struct smbcli_state *cli)
+{
+	int fnum;
+	bool ret;
+
+	torture_comment(tctx, "Testing valid and invalid paths\n");
+
+	/* cleanup from an old run */
+	smbcli_rmdir(cli->tree, "\\chkpath.dir\\dir2");
+	smbcli_unlink_wcard(cli->tree, "\\chkpath.dir\\*");
+	smbcli_rmdir(cli->tree, "\\chkpath.dir");
+
+	if (NT_STATUS_IS_ERR(smbcli_mkdir(cli->tree, "\\chkpath.dir"))) {
+		torture_result(tctx, TORTURE_FAIL, "mkdir1 failed : %s\n", smbcli_errstr(cli->tree));
+		return false;
+	}
+
+	if (NT_STATUS_IS_ERR(smbcli_mkdir(cli->tree, "\\chkpath.dir\\dir2"))) {
+		torture_result(tctx, TORTURE_FAIL, "mkdir2 failed : %s\n", smbcli_errstr(cli->tree));
+		return false;
+	}
+
+	fnum = smbcli_open(cli->tree, "\\chkpath.dir\\foo.txt", O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	if (fnum == -1) {
+		torture_result(tctx, TORTURE_FAIL, "open1 failed (%s)\n", smbcli_errstr(cli->tree));
+		return false;
+	}
+	smbcli_close(cli->tree, fnum);
+
+	if (NT_STATUS_IS_ERR(smbcli_chkpath(cli->tree, "\\chkpath.dir"))) {
+		torture_result(tctx, TORTURE_FAIL, "chkpath1 failed: %s\n", smbcli_errstr(cli->tree));
+		ret = false;
+	}
+
+	if (NT_STATUS_IS_ERR(smbcli_chkpath(cli->tree, "\\chkpath.dir\\dir2"))) {
+		torture_result(tctx, TORTURE_FAIL, "chkpath2 failed: %s\n", smbcli_errstr(cli->tree));
+		ret = false;
+	}
+
+	if (NT_STATUS_IS_ERR(smbcli_chkpath(cli->tree, "\\chkpath.dir\\foo.txt"))) {
+		ret = check_error(__location__, cli, ERRDOS, ERRbadpath, 
+				  NT_STATUS_NOT_A_DIRECTORY);
+	} else {
+		torture_result(tctx, TORTURE_FAIL, "* chkpath on a file should fail\n");
+		ret = false;
+	}
+
+	if (NT_STATUS_IS_ERR(smbcli_chkpath(cli->tree, "\\chkpath.dir\\bar.txt"))) {
+		ret = check_error(__location__, cli, ERRDOS, ERRbadpath, 
+				  NT_STATUS_OBJECT_NAME_NOT_FOUND);
+	} else {
+		torture_result(tctx, TORTURE_FAIL, "* chkpath on a non existent file should fail\n");
+		ret = false;
+	}
+
+	if (NT_STATUS_IS_ERR(smbcli_chkpath(cli->tree, "\\chkpath.dir\\dirxx\\bar.txt"))) {
+		ret = check_error(__location__, cli, ERRDOS, ERRbadpath, 
+				  NT_STATUS_OBJECT_PATH_NOT_FOUND);
+	} else {
+		torture_result(tctx, TORTURE_FAIL, "* chkpath on a non existent component should fail\n");
+		ret = false;
+	}
+
+	smbcli_rmdir(cli->tree, "\\chkpath.dir\\dir2");
+	smbcli_unlink_wcard(cli->tree, "\\chkpath.dir\\*");
+	smbcli_rmdir(cli->tree, "\\chkpath.dir");
+
+	return ret;
+}
+
+/*
+ * This is a test to exercise some weird Samba3 error paths.
+ */
+
+static bool torture_samba3_errorpaths(struct torture_context *tctx)
+{
+	bool nt_status_support;
+	bool client_ntlmv2_auth;
+	struct smbcli_state *cli_nt = NULL, *cli_dos = NULL;
+	bool result = false;
+	int fnum;
+	const char *os2_fname = ".+,;=[].";
+	const char *dname = "samba3_errordir";
+	union smb_open io;
+	NTSTATUS status;
+
+	nt_status_support = lpcfg_nt_status_support(tctx->lp_ctx);
+	client_ntlmv2_auth = lpcfg_client_ntlmv2_auth(tctx->lp_ctx);
+
+	if (!lpcfg_set_cmdline(tctx->lp_ctx, "nt status support", "yes")) {
+		torture_result(tctx, TORTURE_FAIL, "Could not set 'nt status support = yes'\n");
+		goto fail;
+	}
+	if (!lpcfg_set_cmdline(tctx->lp_ctx, "client ntlmv2 auth", "yes")) {
+		torture_result(tctx, TORTURE_FAIL, "Could not set 'client ntlmv2 auth = yes'\n");
+		goto fail;
+	}
+
+	if (!torture_open_connection(&cli_nt, tctx, 0)) {
+		goto fail;
+	}
+
+	if (!lpcfg_set_cmdline(tctx->lp_ctx, "nt status support", "no")) {
+		torture_result(tctx, TORTURE_FAIL, "Could not set 'nt status support = no'\n");
+		goto fail;
+	}
+	if (!lpcfg_set_cmdline(tctx->lp_ctx, "client ntlmv2 auth", "no")) {
+		torture_result(tctx, TORTURE_FAIL, "Could not set 'client ntlmv2 auth = no'\n");
+		goto fail;
+	}
+
+	if (!torture_open_connection(&cli_dos, tctx, 1)) {
+		goto fail;
+	}
+
+	if (!lpcfg_set_cmdline(tctx->lp_ctx, "nt status support",
+			    nt_status_support ? "yes":"no")) {
+		torture_result(tctx, TORTURE_FAIL, "Could not reset 'nt status support'");
+		goto fail;
+	}
+	if (!lpcfg_set_cmdline(tctx->lp_ctx, "client ntlmv2 auth",
+			       client_ntlmv2_auth ? "yes":"no")) {
+		torture_result(tctx, TORTURE_FAIL, "Could not reset 'client ntlmv2 auth'");
+		goto fail;
+	}
+
+	smbcli_unlink(cli_nt->tree, os2_fname);
+	smbcli_rmdir(cli_nt->tree, dname);
+
+	if (!NT_STATUS_IS_OK(smbcli_mkdir(cli_nt->tree, dname))) {
+		torture_result(tctx, TORTURE_FAIL, "smbcli_mkdir(%s) failed: %s\n", dname,
+		       smbcli_errstr(cli_nt->tree));
+		goto fail;
+	}
+
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 1024*1024;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_DIRECTORY;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = dname;
+
+	status = smb_raw_open(cli_nt->tree, tctx, &io);
+	if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_COLLISION)) {
+		torture_result(tctx, TORTURE_FAIL, "(%s) incorrect status %s should be %s\n",
+		       __location__, nt_errstr(status),
+		       nt_errstr(NT_STATUS_OBJECT_NAME_COLLISION));
+		goto fail;
+	}
+	status = smb_raw_open(cli_dos->tree, tctx, &io);
+	if (!NT_STATUS_EQUAL(status, NT_STATUS_DOS(ERRDOS, ERRfilexists))) {
+		torture_result(tctx, TORTURE_FAIL, "(%s) incorrect status %s should be %s\n",
+		       __location__, nt_errstr(status),
+		       nt_errstr(NT_STATUS_DOS(ERRDOS, ERRfilexists)));
+		goto fail;
+	}
+
+	status = smbcli_mkdir(cli_nt->tree, dname);
+	if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_COLLISION)) {
+		torture_result(tctx, TORTURE_FAIL, "(%s) incorrect status %s should be %s\n",
+		       __location__, nt_errstr(status),
+		       nt_errstr(NT_STATUS_OBJECT_NAME_COLLISION));
+		goto fail;
+	}
+	status = smbcli_mkdir(cli_dos->tree, dname);
+	if (!NT_STATUS_EQUAL(status, NT_STATUS_DOS(ERRDOS, ERRnoaccess))) {
+		torture_result(tctx, TORTURE_FAIL, "(%s) incorrect status %s should be %s\n",
+		       __location__, nt_errstr(status),
+		       nt_errstr(NT_STATUS_DOS(ERRDOS, ERRnoaccess)));
+		goto fail;
+	}
+
+	{
+		union smb_mkdir md;
+		md.t2mkdir.level = RAW_MKDIR_T2MKDIR;
+		md.t2mkdir.in.path = dname;
+		md.t2mkdir.in.num_eas = 0;
+		md.t2mkdir.in.eas = NULL;
+
+		status = smb_raw_mkdir(cli_nt->tree, &md);
+		if (!NT_STATUS_EQUAL(status,
+				     NT_STATUS_OBJECT_NAME_COLLISION)) {
+			torture_comment(
+				tctx, "(%s) incorrect status %s should be "
+				"NT_STATUS_OBJECT_NAME_COLLISION\n",
+				__location__, nt_errstr(status));
+			goto fail;
+		}
+		status = smb_raw_mkdir(cli_dos->tree, &md);
+		if (!NT_STATUS_EQUAL(status,
+				     NT_STATUS_DOS(ERRDOS, ERRrename))) {
+			torture_result(tctx, TORTURE_FAIL, "(%s) incorrect status %s "
+					"should be ERRDOS:ERRrename\n",
+					__location__, nt_errstr(status));
+			goto fail;
+		}
+	}
+
+	io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	status = smb_raw_open(cli_nt->tree, tctx, &io);
+	if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_COLLISION)) {
+		torture_result(tctx, TORTURE_FAIL, "(%s) incorrect status %s should be %s\n",
+		       __location__, nt_errstr(status),
+		       nt_errstr(NT_STATUS_OBJECT_NAME_COLLISION));
+		goto fail;
+	}
+
+	status = smb_raw_open(cli_dos->tree, tctx, &io);
+	if (!NT_STATUS_EQUAL(status, NT_STATUS_DOS(ERRDOS, ERRfilexists))) {
+		torture_result(tctx, TORTURE_FAIL, "(%s) incorrect status %s should be %s\n",
+		       __location__, nt_errstr(status),
+		       nt_errstr(NT_STATUS_DOS(ERRDOS, ERRfilexists)));
+		goto fail;
+	}
+
+	{
+		/* Test an invalid DOS deny mode */
+		const char *fname = "test.txt";
+
+		fnum = smbcli_open(cli_nt->tree, fname, O_RDWR | O_CREAT, 5);
+		if (fnum != -1) {
+			torture_result(tctx, TORTURE_FAIL, "Open(%s) with invalid deny mode succeeded -- "
+			       "expected failure\n", fname);
+			smbcli_close(cli_nt->tree, fnum);
+			goto fail;
+		}
+		if (!NT_STATUS_EQUAL(smbcli_nt_error(cli_nt->tree),
+				     NT_STATUS_DOS(ERRDOS,ERRbadaccess))) {
+			torture_result(tctx, TORTURE_FAIL, "Expected DOS error ERRDOS/ERRbadaccess, "
+			       "got %s\n", smbcli_errstr(cli_nt->tree));
+			goto fail;
+		}
+
+		fnum = smbcli_open(cli_dos->tree, fname, O_RDWR | O_CREAT, 5);
+		if (fnum != -1) {
+			torture_result(tctx, TORTURE_FAIL, "Open(%s) with invalid deny mode succeeded -- "
+			       "expected failure\n", fname);
+			smbcli_close(cli_nt->tree, fnum);
+			goto fail;
+		}
+		if (!NT_STATUS_EQUAL(smbcli_nt_error(cli_nt->tree),
+				     NT_STATUS_DOS(ERRDOS,ERRbadaccess))) {
+			torture_result(tctx, TORTURE_FAIL, "Expected DOS error ERRDOS:ERRbadaccess, "
+			       "got %s\n", smbcli_errstr(cli_nt->tree));
+			goto fail;
+		}
+	}
+
+	{
+		/*
+		 * Samba 3.0.23 has a bug that an existing file can be opened
+		 * as a directory using ntcreate&x. Test this.
+		 */
+
+		const char *fname = "\\test_dir.txt";
+
+		fnum = smbcli_open(cli_nt->tree, fname, O_RDWR|O_CREAT,
+				   DENY_NONE);
+		if (fnum == -1) {
+			d_printf("(%s) smbcli_open failed: %s\n", __location__,
+				 smbcli_errstr(cli_nt->tree));
+		}
+		smbcli_close(cli_nt->tree, fnum);
+
+		io.generic.level = RAW_OPEN_NTCREATEX;
+		io.ntcreatex.in.root_fid.fnum = 0;
+		io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+		io.ntcreatex.in.alloc_size = 0;
+		io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_DIRECTORY;
+		io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+			NTCREATEX_SHARE_ACCESS_WRITE|
+			NTCREATEX_SHARE_ACCESS_DELETE;
+		io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+		io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+		io.ntcreatex.in.impersonation =
+			NTCREATEX_IMPERSONATION_ANONYMOUS;
+		io.ntcreatex.in.security_flags = 0;
+		io.ntcreatex.in.fname = fname;
+		io.ntcreatex.in.flags = 0;
+
+		status = smb_raw_open(cli_nt->tree, tctx, &io);
+		if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_A_DIRECTORY)) {
+			torture_result(tctx, TORTURE_FAIL, "ntcreate as dir gave %s, "
+					"expected NT_STATUS_NOT_A_DIRECTORY\n",
+					nt_errstr(status));
+			result = false;
+		}
+
+		if (NT_STATUS_IS_OK(status)) {
+			smbcli_close(cli_nt->tree, io.ntcreatex.out.file.fnum);
+		}
+
+		status = smb_raw_open(cli_dos->tree, tctx, &io);
+		if (!NT_STATUS_EQUAL(status, NT_STATUS_DOS(ERRDOS,
+							   ERRbaddirectory))) {
+			torture_result(tctx, TORTURE_FAIL, "ntcreate as dir gave %s, "
+					"expected NT_STATUS_NOT_A_DIRECTORY\n",
+					nt_errstr(status));
+			result = false;
+		}
+
+		if (NT_STATUS_IS_OK(status)) {
+			smbcli_close(cli_dos->tree,
+				     io.ntcreatex.out.file.fnum);
+		}
+
+		smbcli_unlink(cli_nt->tree, fname);
+	}
+
+	if (!torture_setting_bool(tctx, "samba3", false)) {
+		goto done;
+	}
+
+	fnum = smbcli_open(cli_dos->tree, os2_fname, 
+			   O_RDWR | O_CREAT | O_TRUNC,
+			   DENY_NONE);
+	if (fnum != -1) {
+		torture_result(tctx, TORTURE_FAIL, "Open(%s) succeeded -- expected failure\n",
+		       os2_fname);
+		smbcli_close(cli_dos->tree, fnum);
+		goto fail;
+	}
+
+	if (!NT_STATUS_EQUAL(smbcli_nt_error(cli_dos->tree),
+			     NT_STATUS_DOS(ERRDOS, ERRcannotopen))) {
+		torture_result(tctx, TORTURE_FAIL, "Expected DOS error ERRDOS/ERRcannotopen, got %s\n",
+		       smbcli_errstr(cli_dos->tree));
+		goto fail;
+	}
+
+	fnum = smbcli_open(cli_nt->tree, os2_fname, 
+			   O_RDWR | O_CREAT | O_TRUNC,
+			   DENY_NONE);
+	if (fnum != -1) {
+		torture_result(tctx, TORTURE_FAIL, "Open(%s) succeeded -- expected failure\n",
+		       os2_fname);
+		smbcli_close(cli_nt->tree, fnum);
+		goto fail;
+	}
+
+	if (!NT_STATUS_EQUAL(smbcli_nt_error(cli_nt->tree),
+			     NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+		torture_result(tctx, TORTURE_FAIL, "Expected error NT_STATUS_OBJECT_NAME_NOT_FOUND, "
+		       "got %s\n", smbcli_errstr(cli_nt->tree));
+		goto fail;
+	}
+
+ done:
+	result = true;
+
+ fail:
+	if (cli_dos != NULL) {
+		torture_close_connection(cli_dos);
+	}
+	if (cli_nt != NULL) {
+		torture_close_connection(cli_nt);
+	}
+	
+	return result;
+}
+
+/**
+  This checks file/dir birthtime
+*/
+static void list_fn(struct clilist_file_info *finfo, const char *name,
+			void *state){
+
+	/* Just to change dir access time*/
+	sleep(5);
+
+}
+
+static bool run_birthtimetest(struct torture_context *tctx,
+						   struct smbcli_state *cli)
+{
+	int fnum;
+	size_t size;
+	time_t c_time, a_time, m_time, w_time, c_time1;
+	const char *fname = "\\birthtime.tst";
+	const char *dname = "\\birthtime";
+	const char *fname2 = "\\birthtime\\birthtime.tst";
+	bool correct = true;
+	uint8_t buf[16];
+
+
+	smbcli_unlink(cli->tree, fname);
+
+	torture_comment(tctx, "Testing Birthtime for File\n");
+
+	/* Save File birthtime/creationtime */
+	fnum = smbcli_open(cli->tree, fname, O_RDWR | O_CREAT | O_TRUNC,
+				DENY_NONE);
+	if (NT_STATUS_IS_ERR(smbcli_qfileinfo(cli->tree, fnum, NULL, &size,
+				&c_time, &a_time, &m_time, NULL, NULL))) {
+		torture_result(tctx, TORTURE_FAIL, "ERROR: qfileinfo failed (%s)\n",
+				smbcli_errstr(cli->tree));
+		correct = false;
+	}
+	smbcli_close(cli->tree, fnum);
+
+	sleep(10);
+
+	/* Change in File attribute changes file change time*/
+	smbcli_setatr(cli->tree, fname, FILE_ATTRIBUTE_SYSTEM, 0);
+
+	fnum = smbcli_open(cli->tree, fname, O_RDWR | O_CREAT , DENY_NONE);
+	/* Writing updates modification time*/
+	smbcli_smbwrite(cli->tree, fnum,  &fname, 0, sizeof(fname));
+	/*Reading updates access time */
+	smbcli_read(cli->tree, fnum, buf, 0, 13);
+	smbcli_close(cli->tree, fnum);
+
+	if (NT_STATUS_IS_ERR(smbcli_qpathinfo2(cli->tree, fname, &c_time1,
+			&a_time, &m_time, &w_time, &size, NULL, NULL))) {
+		torture_result(tctx, TORTURE_FAIL, "ERROR: qpathinfo2 failed (%s)\n",
+			smbcli_errstr(cli->tree));
+		correct = false;
+	} else {
+		fprintf(stdout, "c_time = %li, c_time1 = %li\n",
+			(long) c_time, (long) c_time1);
+		if (c_time1 != c_time) {
+			torture_result(tctx, TORTURE_FAIL, "This system updated file \
+					birth times! Not expected!\n");
+			correct = false;
+		}
+	}
+	smbcli_unlink(cli->tree, fname);
+
+	torture_comment(tctx, "Testing Birthtime for Directory\n");
+
+	/* check if the server does not update the directory birth time
+          when creating a new file */
+	if (NT_STATUS_IS_ERR(smbcli_mkdir(cli->tree, dname))) {
+		torture_result(tctx, TORTURE_FAIL, "ERROR: mkdir failed (%s)\n",
+				smbcli_errstr(cli->tree));
+		correct = false;
+	}
+	sleep(3);
+	if (NT_STATUS_IS_ERR(smbcli_qpathinfo2(cli->tree, "\\birthtime\\",
+			&c_time,&a_time,&m_time,&w_time, &size, NULL, NULL))){
+		torture_result(tctx, TORTURE_FAIL, "ERROR: qpathinfo2 failed (%s)\n",
+				smbcli_errstr(cli->tree));
+		correct = false;
+	}
+
+	/* Creating a new file changes dir modification time and change time*/
+	smbcli_unlink(cli->tree, fname2);
+	fnum = smbcli_open(cli->tree, fname2, O_RDWR | O_CREAT | O_TRUNC,
+			DENY_NONE);
+	smbcli_smbwrite(cli->tree, fnum,  &fnum, 0, sizeof(fnum));
+	smbcli_read(cli->tree, fnum, buf, 0, 13);
+	smbcli_close(cli->tree, fnum);
+
+	/* dir listing changes dir access time*/
+	smbcli_list(cli->tree, "\\birthtime\\*", 0, list_fn, cli );
+
+	if (NT_STATUS_IS_ERR(smbcli_qpathinfo2(cli->tree, "\\birthtime\\",
+			&c_time1, &a_time, &m_time,&w_time,&size,NULL,NULL))){
+		torture_result(tctx, TORTURE_FAIL, "ERROR: qpathinfo2 failed (%s)\n",
+				smbcli_errstr(cli->tree));
+		correct = false;
+	} else {
+		fprintf(stdout, "c_time = %li, c_time1 = %li\n",
+			(long) c_time, (long) c_time1);
+		if (c_time1 != c_time) {
+			torture_result(tctx, TORTURE_FAIL, "This system  updated directory \
+					birth times! Not Expected!\n");
+			correct = false;
+		}
+	}
+	smbcli_unlink(cli->tree, fname2);
+	smbcli_rmdir(cli->tree, dname);
+
+	return correct;
+}
+
+/**
+  SMB1 TWRP open on root of share.
+ */
+static bool torture_smb1_twrp_openroot(struct torture_context *tctx,
+			struct smbcli_state *cli)
+{
+	const char *snapshot = NULL;
+	const char *p = NULL;
+	NTSTATUS status;
+	struct tm tm = {};
+	bool ret = true;
+
+	snapshot = torture_setting_string(tctx, "twrp_snapshot", NULL);
+	if (snapshot == NULL) {
+		torture_skip(tctx, "missing 'twrp_snapshot' option\n");
+	}
+
+	torture_comment(tctx, "Testing open of root of "
+		"share with timewarp (%s)\n",
+		snapshot);
+
+	setenv("TZ", "GMT", 1);
+
+	p = strptime(snapshot, "@GMT-%Y.%m.%d-%H.%M.%S", &tm);
+	torture_assert_goto(tctx, p != NULL, ret, done, "strptime\n");
+	torture_assert_goto(tctx, *p == '\0', ret, done, "strptime\n");
+
+	cli->session->flags2 |= FLAGS2_REPARSE_PATH;
+	status = smbcli_chkpath(cli->tree, snapshot);
+	cli->session->flags2 &= ~FLAGS2_REPARSE_PATH;
+
+	if (NT_STATUS_IS_ERR(status)) {
+		torture_result(tctx,
+			TORTURE_FAIL,
+			"smbcli_chkpath on %s : %s\n",
+			snapshot,
+			smbcli_errstr(cli->tree));
+		return false;
+	}
+
+  done:
+
+	return ret;
+}
+
+static void torture_smb1_find_gmt_mask_list_fn(struct clilist_file_info *finfo,
+					       const char *name,
+					       void *state)
+{
+}
+
+/**
+ * SMB1 @GMT token as search mask is valid
+ */
+static bool torture_smb1_find_gmt_mask(struct torture_context *tctx,
+				       struct smbcli_state *cli)
+{
+	const char *dname = "\\torture_smb1_find_gmt_mask";
+	const char *path = "\\torture_smb1_find_gmt_mask\\@GMT-2022.11.24-16.24.00";
+	int fnum;
+	int n;
+	NTSTATUS status;
+	bool ret = true;
+
+	smbcli_unlink(cli->tree, path);
+	smbcli_rmdir(cli->tree, dname);
+
+	status = smbcli_mkdir(cli->tree, dname);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smbcli_mkdir() failed\n");
+	fnum = smbcli_open(cli->tree, path, O_RDWR | O_CREAT, DENY_NONE);
+	smbcli_close(cli->tree, fnum);
+
+	/* Note: we don't set FLAGS2_REPARSE_PATH, so this is just a path */
+	n = smbcli_list(cli->tree, path, 0, torture_smb1_find_gmt_mask_list_fn, cli);
+	torture_assert_int_equal_goto(tctx, n, 1, ret, done, "Wrong count\n");
+
+done:
+	smbcli_unlink(cli->tree, path);
+	smbcli_rmdir(cli->tree, dname);
+	return ret;
+}
+
+NTSTATUS torture_base_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "base");
+
+	torture_suite_add_2smb_test(suite, "fdpass", run_fdpasstest);
+	torture_suite_add_suite(suite, torture_base_locktest(suite));
+	torture_suite_add_1smb_test(suite, "unlink", torture_unlinktest);
+	torture_suite_add_1smb_test(suite, "attr",   run_attrtest);
+	torture_suite_add_1smb_test(suite, "trans2", run_trans2test);
+	torture_suite_add_1smb_test(suite, "birthtime", run_birthtimetest);
+	torture_suite_add_simple_test(suite, "negnowait", run_negprot_nowait);
+	torture_suite_add_1smb_test(suite, "dir1",  torture_dirtest1);
+	torture_suite_add_1smb_test(suite, "dir2",  torture_dirtest2);
+	torture_suite_add_1smb_test(suite, "deny1",  torture_denytest1);
+	torture_suite_add_2smb_test(suite, "deny2",  torture_denytest2);
+	torture_suite_add_2smb_test(suite, "deny3",  torture_denytest3);
+	torture_suite_add_1smb_test(suite, "denydos",  torture_denydos_sharing);
+	torture_suite_add_smb_multi_test(suite, "ntdeny1", torture_ntdenytest1);
+	torture_suite_add_2smb_test(suite, "ntdeny2",  torture_ntdenytest2);
+	torture_suite_add_1smb_test(suite, "tcon",  run_tcon_test);
+	torture_suite_add_1smb_test(suite, "tcondev",  run_tcon_devtype_test);
+	torture_suite_add_1smb_test(suite, "vuid", run_vuidtest);
+	torture_suite_add_2smb_test(suite, "rw1",  run_readwritetest);
+	torture_suite_add_2smb_test(suite, "open", run_opentest);
+	torture_suite_add_smb_multi_test(suite, "defer_open", run_deferopen);
+	torture_suite_add_1smb_test(suite, "xcopy", run_xcopy);
+	torture_suite_add_1smb_test(suite, "iometer", run_iometer);
+	torture_suite_add_1smb_test(suite, "rename", torture_test_rename);
+	torture_suite_add_suite(suite, torture_test_delete(suite));
+	torture_suite_add_1smb_test(suite, "properties", torture_test_properties);
+	torture_suite_add_1smb_test(suite, "mangle", torture_mangle);
+	torture_suite_add_1smb_test(suite, "openattr", torture_openattrtest);
+	torture_suite_add_1smb_test(suite, "winattr", torture_winattrtest);
+	torture_suite_add_suite(suite, torture_charset(suite));
+	torture_suite_add_1smb_test(suite, "chkpath",  torture_chkpath_test);
+	torture_suite_add_1smb_test(suite, "secleak",  torture_sec_leak);
+	torture_suite_add_simple_test(suite, "disconnect",  torture_disconnect);
+	torture_suite_add_suite(suite, torture_delay_write(suite));
+	torture_suite_add_simple_test(suite, "samba3error", torture_samba3_errorpaths);
+	torture_suite_add_1smb_test(suite, "casetable", torture_casetable);
+	torture_suite_add_1smb_test(suite, "utable", torture_utable);
+	torture_suite_add_simple_test(suite, "smb", torture_smb_scan);
+	torture_suite_add_suite(suite, torture_trans2_aliases(suite));
+	torture_suite_add_1smb_test(suite, "trans2-scan", torture_trans2_scan);
+	torture_suite_add_1smb_test(suite, "nttrans", torture_nttrans_scan);
+	torture_suite_add_1smb_test(suite, "createx_access", torture_createx_access);
+	torture_suite_add_2smb_test(suite, "createx_sharemodes_file", torture_createx_sharemodes_file);
+	torture_suite_add_2smb_test(suite, "createx_sharemodes_dir", torture_createx_sharemodes_dir);
+	torture_suite_add_1smb_test(suite, "maximum_allowed", torture_maximum_allowed);
+
+	torture_suite_add_simple_test(suite, "bench-holdcon", torture_holdcon);
+	torture_suite_add_1smb_test(suite, "bench-holdopen", torture_holdopen);
+	torture_suite_add_simple_test(suite, "bench-readwrite", run_benchrw);
+	torture_suite_add_smb_multi_test(suite, "bench-torture", run_torture);
+	torture_suite_add_1smb_test(suite, "scan-pipe_number", run_pipe_number);
+	torture_suite_add_1smb_test(suite, "scan-ioctl", torture_ioctl_test);
+	torture_suite_add_1smb_test(suite, "scan-maxfid", torture_maxfid_test);
+	torture_suite_add_1smb_test(suite,
+			"smb1-twrp-openroot",
+			torture_smb1_twrp_openroot);
+	torture_suite_add_1smb_test(suite,
+			"smb1-find-gmt-mask",
+			torture_smb1_find_gmt_mask);
+
+	suite->description = talloc_strdup(suite, 
+					"Basic SMB tests (imported from the original smbtorture)");
+
+	torture_register_suite(ctx, suite);
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/torture/basic/charset.c b/source4/torture/basic/charset.c
new file mode 100644
index 0000000..e497489
--- /dev/null
+++ b/source4/torture/basic/charset.c
@@ -0,0 +1,209 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   SMB torture tester - charset test routines
+
+   Copyright (C) Andrew Tridgell 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "param/param.h"
+#include "torture/basic/proto.h"
+
+#define BASEDIR "\\chartest\\"
+
+/* 
+   open a file using a set of unicode code points for the name
+
+   the prefix BASEDIR is added before the name
+*/
+static NTSTATUS unicode_open(struct torture_context *tctx,
+			     struct smbcli_tree *tree,
+			     TALLOC_CTX *mem_ctx,
+			     uint32_t open_disposition, 
+			     const uint32_t *u_name, 
+			     size_t u_name_len)
+{
+	union smb_open io;
+	char *fname, *fname2=NULL, *ucs_name;
+	size_t i;
+	NTSTATUS status;
+
+	ucs_name = talloc_size(mem_ctx, (1+u_name_len)*2);
+	if (!ucs_name) {
+		printf("Failed to create UCS2 Name - talloc() failure\n");
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i=0;i<u_name_len;i++) {
+		SSVAL(ucs_name, i*2, u_name[i]);
+	}
+	SSVAL(ucs_name, i*2, 0);
+
+	if (!convert_string_talloc_handle(ucs_name, lpcfg_iconv_handle(tctx->lp_ctx), CH_UTF16, CH_UNIX, ucs_name, (1+u_name_len)*2, (void **)&fname, &i)) {
+		torture_comment(tctx, "Failed to convert UCS2 Name into unix - convert_string_talloc() failure\n");
+		talloc_free(ucs_name);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	fname2 = talloc_asprintf(ucs_name, "%s%s", BASEDIR, fname);
+	if (!fname2) {
+		talloc_free(ucs_name);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname2;
+	io.ntcreatex.in.open_disposition = open_disposition;
+
+	status = smb_raw_open(tree, tctx, &io);
+
+	talloc_free(ucs_name);
+
+	return status;
+}
+
+
+/*
+  see if the server recognises composed characters
+*/
+static bool test_composed(struct torture_context *tctx, 
+			  struct smbcli_state *cli)
+{
+	const uint32_t name1[] = {0x61, 0x308};
+	const uint32_t name2[] = {0xe4};
+	NTSTATUS status1, status2;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), 
+		       "setting up basedir");
+
+	status1 = unicode_open(tctx, cli->tree, tctx, NTCREATEX_DISP_CREATE, name1, 2);
+	torture_assert_ntstatus_ok(tctx, status1, "Failed to create composed name");
+
+	status2 = unicode_open(tctx, cli->tree, tctx, NTCREATEX_DISP_CREATE, name2, 1);
+
+	torture_assert_ntstatus_ok(tctx, status2, "Failed to create accented character");
+
+	return true;
+}
+
+/*
+  see if the server recognises a naked diacritical
+*/
+static bool test_diacritical(struct torture_context *tctx, 
+			     struct smbcli_state *cli)
+{
+	const uint32_t name1[] = {0x308};
+	const uint32_t name2[] = {0x308, 0x308};
+	NTSTATUS status1, status2;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), 
+		       "setting up basedir");
+
+	status1 = unicode_open(tctx, cli->tree, tctx, NTCREATEX_DISP_CREATE, name1, 1);
+
+	torture_assert_ntstatus_ok(tctx, status1, "Failed to create naked diacritical");
+
+	/* try a double diacritical */
+	status2 = unicode_open(tctx, cli->tree, tctx, NTCREATEX_DISP_CREATE, name2, 2);
+
+	torture_assert_ntstatus_ok(tctx, status2, "Failed to create double naked diacritical");
+
+	return true;
+}
+
+/*
+  see if the server recognises a partial surrogate pair
+*/
+static bool test_surrogate(struct torture_context *tctx, 
+			   struct smbcli_state *cli)
+{
+	const uint32_t name1[] = {0xd800};
+	const uint32_t name2[] = {0xdc00};
+	const uint32_t name3[] = {0xd800, 0xdc00};
+	NTSTATUS status;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), 
+		       "setting up basedir");
+
+	status = unicode_open(tctx, cli->tree, tctx, NTCREATEX_DISP_CREATE, name1, 1);
+
+	torture_assert_ntstatus_ok(tctx, status, "Failed to create partial surrogate 1");
+
+	status = unicode_open(tctx, cli->tree, tctx, NTCREATEX_DISP_CREATE, name2, 1);
+
+	torture_assert_ntstatus_ok(tctx, status, "Failed to create partial surrogate 2");
+
+	status = unicode_open(tctx, cli->tree, tctx, NTCREATEX_DISP_CREATE, name3, 2);
+
+	torture_assert_ntstatus_ok(tctx, status, "Failed to create full surrogate");
+
+	return true;
+}
+
+/*
+  see if the server recognises wide-a characters
+*/
+static bool test_widea(struct torture_context *tctx, 
+		       struct smbcli_state *cli)
+{
+	const uint32_t name1[] = {'a'};
+	const uint32_t name2[] = {0xff41};
+	const uint32_t name3[] = {0xff21};
+	NTSTATUS status;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), 
+		       "setting up basedir");
+
+	status = unicode_open(tctx, cli->tree, tctx, NTCREATEX_DISP_CREATE, name1, 1);
+
+	torture_assert_ntstatus_ok(tctx, status, "Failed to create 'a'");
+
+	status = unicode_open(tctx, cli->tree, tctx, NTCREATEX_DISP_CREATE, name2, 1);
+
+	torture_assert_ntstatus_ok(tctx, status, "Failed to create wide-a");
+
+	status = unicode_open(tctx, cli->tree, tctx, NTCREATEX_DISP_CREATE, name3, 1);
+
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OBJECT_NAME_COLLISION, 
+		"Failed to create wide-A");
+
+	return true;
+}
+
+struct torture_suite *torture_charset(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "charset");
+
+	torture_suite_add_1smb_test(suite, "Testing composite character (a umlaut)", test_composed); 
+	torture_suite_add_1smb_test(suite, "Testing naked diacritical (umlaut)", test_diacritical);
+	torture_suite_add_1smb_test(suite, "Testing partial surrogate", test_surrogate);
+	torture_suite_add_1smb_test(suite, "Testing wide-a", test_widea);
+
+	return suite;
+}
diff --git a/source4/torture/basic/cxd_known.h b/source4/torture/basic/cxd_known.h
new file mode 100644
index 0000000..2fc0928
--- /dev/null
+++ b/source4/torture/basic/cxd_known.h
@@ -0,0 +1,8670 @@
+/**
+ * Results file used for BASE-CREATEX_* TESTS.
+ */
+
+enum {
+	CXD_CREATEX = 0,
+	CXD_FILE_READ = 1,
+	CXD_DIR_ENUMERATE = 1,
+	CXD_FILE_WRITE = 2,
+	CXD_DIR_CREATE_CHILD = 2,
+	CXD_FILE_EXECUTE = 3,
+	CXD_DIR_TRAVERSE = 3,
+	CXD_MAX,
+} cxd_results;
+
+enum cxd_test {
+	CXD_TEST_CREATEX_ACCESS            = 0,
+	CXD_TEST_CREATEX_ACCESS_EXHAUSTIVE = 1,
+	CXD_TEST_CREATEX_SHAREMODE         = 2,
+	CXD_TEST_CREATEX_SHAREMODE_EXTENDED = 3,
+};
+
+enum cxd_flags {
+	CXD_FLAGS_DIRECTORY             = 0x1,
+	CXD_FLAGS_MAKE_BEFORE_CREATEX   = 0x2,
+
+	CXD_FLAGS_MASK                  = 0x3,
+	CXD_FLAGS_COUNT                 = CXD_FLAGS_MASK + 1,
+};
+
+/**
+ * CXD.
+ */
+struct createx_data {
+	/* In. */
+	enum cxd_test   cxd_test;
+	enum cxd_flags  cxd_flags;
+	uint32_t        cxd_access1;
+	uint32_t        cxd_sharemode1;
+	uint32_t        cxd_access2;
+	uint32_t        cxd_sharemode2;
+
+	/* Out. */
+	NTSTATUS        cxd_result[CXD_MAX];
+	NTSTATUS        cxd_result2[CXD_MAX];
+};
+
+/**
+ * Known CXD results, for CREATEX_ACCESS and CREATEX_SHAREMODE.
+ * Taken by running against a Windows XP Pro 2002 Edition, Service Pack 2.
+ */
+static const struct createx_data cxd_known[] = {
+/**
+ * CXD_TEST_CREATEX_ACCESS data.
+ */
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =        0x1, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x2000001, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x3000001, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =        0x2, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x2000002, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x3000002, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =        0x4, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x2000004, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x3000004, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =        0x8, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x2000008, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x3000008, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =       0x10, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x2000010, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x3000010, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =       0x20, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x2000020, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x3000020, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =       0x40, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x2000040, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x3000040, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =       0x80, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x2000080, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x3000080, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =      0x100, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x2000100, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x3000100, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =      0x200, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x2000200, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x3000200, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =      0x400, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x2000400, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x3000400, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =      0x800, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x2000800, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x3000800, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =     0x1000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x2001000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x3001000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =     0x2000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x2002000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x3002000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =     0x4000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x2004000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x3004000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =     0x8000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x2008000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x3008000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =    0x10000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x2010000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x3010000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =    0x20000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x2020000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x3020000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =    0x40000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x2040000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x3040000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =    0x80000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x2080000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x3080000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =   0x100000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x2100000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x3100000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =   0x200000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x2200000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x3200000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =   0x400000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x2400000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x3400000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =   0x800000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x2800000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x3800000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x1000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x3000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x3000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x2000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x2000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x3000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x4000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x6000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x7000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0x8000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0xa000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 =  0xb000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 = 0x10000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 = 0x12000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 = 0x13000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 = 0x20000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 = 0x22000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 = 0x23000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 = 0x40000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 = 0x42000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 = 0x43000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 = 0x80000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 = 0x82000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags =   0, .cxd_access1 = 0x83000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =        0x1, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x2000001, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x3000001, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =        0x2, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x2000002, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x3000002, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =        0x4, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x2000004, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x3000004, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =        0x8, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x2000008, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x3000008, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =       0x10, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x2000010, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x3000010, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =       0x20, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x2000020, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x3000020, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =       0x40, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x2000040, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x3000040, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =       0x80, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x2000080, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x3000080, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =      0x100, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x2000100, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x3000100, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =      0x200, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x2000200, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x3000200, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =      0x400, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x2000400, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x3000400, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =      0x800, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x2000800, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x3000800, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =     0x1000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x2001000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x3001000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =     0x2000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x2002000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x3002000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =     0x4000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x2004000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x3004000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =     0x8000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x2008000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x3008000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =    0x10000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x2010000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x3010000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =    0x20000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x2020000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x3020000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =    0x40000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x2040000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x3040000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =    0x80000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x2080000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x3080000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =   0x100000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x2100000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x3100000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =   0x200000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x2200000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x3200000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =   0x400000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x2400000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x3400000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =   0x800000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x2800000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x3800000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x1000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x3000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x3000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x2000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x2000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x3000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x4000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x6000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x7000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0x8000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0xa000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 =  0xb000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 = 0x10000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 = 0x12000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 = 0x13000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 = 0x20000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 = 0x22000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 = 0x23000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 = 0x40000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 = 0x42000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 = 0x43000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 = 0x80000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 = 0x82000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x1, .cxd_access1 = 0x83000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =        0x1, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x2000001, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x3000001, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =        0x2, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x2000002, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x3000002, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =        0x4, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x2000004, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x3000004, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =        0x8, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x2000008, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x3000008, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =       0x10, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x2000010, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x3000010, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =       0x20, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x2000020, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x3000020, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =       0x40, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x2000040, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x3000040, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =       0x80, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x2000080, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x3000080, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =      0x100, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x2000100, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x3000100, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =      0x200, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x2000200, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x3000200, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =      0x400, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x2000400, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x3000400, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =      0x800, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x2000800, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x3000800, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =     0x1000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x2001000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x3001000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =     0x2000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x2002000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x3002000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =     0x4000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x2004000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x3004000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =     0x8000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x2008000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x3008000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =    0x10000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x2010000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x3010000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =    0x20000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x2020000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x3020000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =    0x40000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x2040000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x3040000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =    0x80000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x2080000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x3080000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =   0x100000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x2100000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x3100000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =   0x200000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x2200000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x3200000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =   0x400000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x2400000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x3400000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =   0x800000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x2800000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x3800000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x1000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x3000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x3000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x2000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x2000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x3000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x4000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x6000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x7000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0x8000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0xa000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 =  0xb000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 = 0x10000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 = 0x12000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 = 0x13000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 = 0x20000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 = 0x22000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 = 0x23000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 = 0x40000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 = 0x42000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 = 0x43000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 = 0x80000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 = 0x82000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x2, .cxd_access1 = 0x83000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =        0x1, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x2000001, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x3000001, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =        0x2, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x2000002, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x3000002, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =        0x4, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x2000004, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x3000004, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =        0x8, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x2000008, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x3000008, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =       0x10, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x2000010, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x3000010, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =       0x20, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x2000020, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x3000020, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =       0x40, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x2000040, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x3000040, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =       0x80, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x2000080, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x3000080, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =      0x100, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x2000100, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x3000100, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =      0x200, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x2000200, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x3000200, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =      0x400, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x2000400, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x3000400, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =      0x800, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x2000800, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x3000800, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =     0x1000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x2001000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x3001000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =     0x2000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x2002000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x3002000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =     0x4000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x2004000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x3004000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =     0x8000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x2008000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x3008000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =    0x10000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x2010000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x3010000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =    0x20000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x2020000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x3020000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =    0x40000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x2040000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x3040000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =    0x80000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x2080000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x3080000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =   0x100000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x2100000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x3100000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =   0x200000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x2200000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x3200000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =   0x400000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x2400000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x3400000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =   0x800000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x2800000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x3800000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x1000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x3000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x3000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x2000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x2000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x3000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x4000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x6000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x7000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0x8000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0xa000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 =  0xb000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 = 0x10000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 = 0x12000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 = 0x13000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 = 0x20000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 = 0x22000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 = 0x23000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 = 0x40000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 = 0x42000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 = 0x43000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 = 0x80000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 = 0x82000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 0, .cxd_flags = 0x3, .cxd_access1 = 0x83000000, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+/**
+ * CXD_TEST_CREATEX_SHAREMODE (file, non extended)
+ */
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags =   0, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+/**
+ * CXD_TEST_CREATEX_SHAREMODE (dir, non extended)
+ */
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=0, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=1, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=2, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=3, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=4, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=5, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=6, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=0, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=1, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=2, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=3, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=4, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=5, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=6, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =          0, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120089, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x120116, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x12019f, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a0, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1200a9, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201b6, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=         0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x120089, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x120116, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x12019f, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1200a0, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1200a9, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1201b6, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+  { .cxd_test = 2, .cxd_flags = 0x1, .cxd_access1 =   0x1201bf, .cxd_sharemode1=7, .cxd_access2=  0x1201bf, .cxd_sharemode2=7, .cxd_result = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }, .cxd_result2 = { NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, NT_STATUS_OK, }},
+};
diff --git a/source4/torture/basic/delaywrite.c b/source4/torture/basic/delaywrite.c
new file mode 100644
index 0000000..b9d4a06
--- /dev/null
+++ b/source4/torture/basic/delaywrite.c
@@ -0,0 +1,3095 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   test suite for delayed write update 
+
+   Copyright (C) Volker Lendecke 2004
+   Copyright (C) Andrew Tridgell 2004
+   Copyright (C) Jeremy Allison 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/torture.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "system/time.h"
+#include "system/filesys.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "torture/basic/proto.h"
+
+#define BASEDIR "\\delaywrite"
+
+static bool test_delayed_write_update(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	union smb_fileinfo finfo1, finfo2;
+	const char *fname = BASEDIR "\\torture_file.txt";
+	NTSTATUS status;
+	int fnum1 = -1;
+	bool ret = true;
+	ssize_t written;
+	struct timeval start;
+	struct timeval end;
+	double used_delay = torture_setting_int(tctx, "writetimeupdatedelay", 2000000);
+	int normal_delay = 2000000;
+	double sec = ((double)used_delay) / ((double)normal_delay);
+	int msec = 1000 * sec;
+
+	torture_comment(tctx, "\nRunning test_delayed_write_update\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	fnum1 = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	torture_assert_int_not_equal(tctx, fnum1, -1, talloc_asprintf(tctx,
+				     "Failed to open %s", fname));
+
+	finfo1.basic_info.level = RAW_FILEINFO_BASIC_INFO;
+	finfo1.basic_info.in.file.fnum = fnum1;
+	finfo2 = finfo1;
+
+	status = smb_raw_fileinfo(cli->tree, tctx, &finfo1);
+	torture_assert_ntstatus_ok(tctx, status, "fileinfo failed");
+
+	torture_comment(tctx, "Initial write time %s\n",
+			nt_time_string(tctx, finfo1.basic_info.out.write_time));
+
+	written =  smbcli_write(cli->tree, fnum1, 0, "x", 0, 1);
+	torture_assert_int_equal(tctx, written, 1,
+				 "unexpected number of bytes written");
+
+	start = timeval_current();
+	end = timeval_add(&start, (120 * sec), 0);
+	while (!timeval_expired(&end)) {
+		status = smb_raw_fileinfo(cli->tree, tctx, &finfo2);
+
+		torture_assert_ntstatus_ok(tctx, status, "fileinfo failed");
+
+		torture_comment(tctx, "write time %s\n",
+			nt_time_string(tctx, finfo2.basic_info.out.write_time));
+
+		if (finfo1.basic_info.out.write_time !=
+		    finfo2.basic_info.out.write_time)
+		{
+			double diff = timeval_elapsed(&start);
+
+			torture_assert(tctx,
+				       diff >= (used_delay / (double)1000000),
+				       talloc_asprintf(tctx,
+					"Server updated write_time after %.2f "
+					"seconds (expected >= %.2f)\n",
+					diff, used_delay/(double)1000000));
+
+			torture_comment(tctx, "Server updated write_time after %.2f seconds (correct)\n",
+					diff);
+			break;
+		}
+		fflush(stdout);
+		smb_msleep(1 * msec);
+	}
+
+	torture_assert_u64_not_equal(tctx,
+				     finfo2.basic_info.out.write_time,
+				     finfo1.basic_info.out.write_time,
+				     "Server did not update write time within "
+				     "120 seconds");
+
+	if (fnum1 != -1)
+		smbcli_close(cli->tree, fnum1);
+	smbcli_unlink(cli->tree, fname);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+static bool test_delayed_write_update1(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	union smb_fileinfo finfo1, finfo2, finfo3, pinfo4;
+	const char *fname = BASEDIR "\\torture_file1.txt";
+	NTSTATUS status;
+	int fnum1 = -1;
+	bool ret = true;
+	ssize_t written;
+	struct timeval start;
+	struct timeval end;
+	double used_delay = torture_setting_int(tctx, "writetimeupdatedelay", 2000000);
+	int normal_delay = 2000000;
+	double sec = ((double)used_delay) / ((double)normal_delay);
+	int msec = 1000 * sec;
+	char buf[2048];
+	bool first;
+	bool updated;
+
+	torture_comment(tctx, "\nRunning test_delayed_write_update1\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	fnum1 = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	torture_assert_int_not_equal(tctx, fnum1, -1, talloc_asprintf(tctx,
+				     "Failed to open %s", fname));
+
+	memset(buf, 'x', 2048);
+	written =  smbcli_write(cli->tree, fnum1, 0, buf, 0, 2048);
+
+	/* 3 second delay to ensure we get past any 2 second time
+	   granularity (older systems may have that) */
+	smb_msleep(3 * msec);
+
+	finfo1.all_info.level = RAW_FILEINFO_ALL_INFO;
+	finfo1.all_info.in.file.fnum = fnum1;
+	finfo2 = finfo1;
+	finfo3 = finfo1;
+	pinfo4.all_info.level = RAW_FILEINFO_ALL_INFO;
+	pinfo4.all_info.in.file.path = fname;
+
+	status = smb_raw_fileinfo(cli->tree, tctx, &finfo1);
+
+	torture_assert_ntstatus_ok(tctx, status, "fileinfo failed");
+
+	torture_assert_u64_equal(tctx, finfo1.all_info.out.size, 2048,
+				 "file size not as expected after write(2048)");
+
+	torture_comment(tctx, "Initial write time %s\n",
+			nt_time_string(tctx, finfo1.all_info.out.write_time));
+
+	/* 3 second delay to ensure we get past any 2 second time
+	   granularity (older systems may have that) */
+	smb_msleep(3 * msec);
+
+	/* Do a zero length SMBwrite call to truncate. */
+	written = smbcli_smbwrite(cli->tree, fnum1, "x", 1024, 0);
+	torture_assert_int_equal(tctx, written, 0,
+				 "unexpected number of bytes written");
+
+	start = timeval_current();
+	end = timeval_add(&start, (120 * sec), 0);
+	first = true;
+	updated = false;
+	while (!timeval_expired(&end)) {
+		status = smb_raw_fileinfo(cli->tree, tctx, &finfo2);
+
+		torture_assert_ntstatus_ok(tctx, status, "fileinfo failed");
+
+		torture_assert_u64_equal(tctx, finfo2.all_info.out.size, 1024,
+					 "file not truncated to expected size "
+					 "(1024)");
+
+		torture_comment(tctx, "write time %s\n",
+			nt_time_string(tctx, finfo2.all_info.out.write_time));
+
+		if (finfo1.all_info.out.write_time !=
+		    finfo2.all_info.out.write_time)
+		{
+			updated = true;
+			break;
+		}
+
+		fflush(stdout);
+		smb_msleep(1 * msec);
+		first = false;
+	}
+
+	torture_assert(tctx, updated,
+		       "Server did not update write time within 120 seconds");
+
+	torture_assert(tctx, first, talloc_asprintf(tctx,
+		       "Server did not update write time immediately but only "
+		       "after %.2f seconds!", timeval_elapsed(&start)));
+
+	torture_comment(tctx, "Server updated write time immediately. Good!\n");
+
+	fflush(stdout);
+	smb_msleep(2 * msec);
+
+	/* Do a non-zero length SMBwrite and make sure it doesn't update the write time. */
+	written = smbcli_smbwrite(cli->tree, fnum1, "x", 0, 1);
+	torture_assert_int_equal(tctx, written, 1,
+				 "unexpected number of bytes written");
+
+	start = timeval_current();
+	end = timeval_add(&start, (10*sec), 0);
+	while (!timeval_expired(&end)) {
+		status = smb_raw_fileinfo(cli->tree, tctx, &finfo3);
+
+		torture_assert_ntstatus_ok(tctx, status, "fileinfo failed");
+
+		torture_assert_u64_equal(tctx, finfo3.all_info.out.size, 1024,
+					 "file not truncated to expected size "
+					 "(1024)");
+
+		torture_comment(tctx, "write time %s\n",
+			nt_time_string(tctx, finfo3.all_info.out.write_time));
+
+		torture_assert_u64_equal(tctx,
+					 finfo3.all_info.out.write_time,
+					 finfo2.all_info.out.write_time,
+					 talloc_asprintf(tctx,
+						"Server updated write time "
+						"after %.2f seconds (wrong!)",
+						timeval_elapsed(&start)));
+
+		fflush(stdout);
+		smb_msleep(1 * msec);
+	}
+
+	torture_comment(tctx, "Server did not update write time within 10 "
+			"seconds. Good!\n");
+
+	fflush(stdout);
+	smb_msleep(2 * msec);
+
+	/* the close should trigger an write time update */
+	smbcli_close(cli->tree, fnum1);
+	fnum1 = -1;
+
+	status = smb_raw_pathinfo(cli->tree, tctx, &pinfo4);
+	torture_assert_ntstatus_ok(tctx, status, "pathinfo failed");
+
+	torture_assert_u64_not_equal(tctx,
+				     pinfo4.all_info.out.write_time,
+				     finfo3.all_info.out.write_time,
+				     "Server did not update write time on "
+				     "close (wrong!)");
+	torture_assert(tctx,
+		pinfo4.all_info.out.write_time > finfo3.all_info.out.write_time,
+		"Server updated write time on close, but to an earlier point "
+		"in time");
+
+	torture_comment(tctx, "Server updated write time on close (correct)\n");
+
+	if (fnum1 != -1)
+		smbcli_close(cli->tree, fnum1);
+	smbcli_unlink(cli->tree, fname);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+/* Updating with a SMBwrite of zero length
+ * changes the write time immediately - even on expand. */
+
+static bool test_delayed_write_update1a(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	union smb_fileinfo finfo1, finfo2, finfo3, pinfo4;
+	const char *fname = BASEDIR "\\torture_file1a.txt";
+	NTSTATUS status;
+	int fnum1 = -1;
+	bool ret = true;
+	ssize_t written;
+	struct timeval start;
+	struct timeval end;
+	double used_delay = torture_setting_int(tctx, "writetimeupdatedelay", 2000000);
+	int normal_delay = 2000000;
+	double sec = ((double)used_delay) / ((double)normal_delay);
+	int msec = 1000 * sec;
+	char buf[2048];
+	bool first;
+	bool updated;
+
+	torture_comment(tctx, "\nRunning test_delayed_write_update1a\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	fnum1 = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	torture_assert_int_not_equal(tctx, fnum1, -1, talloc_asprintf(tctx,
+				     "Failed to open %s", fname));
+
+	memset(buf, 'x', 2048);
+	written =  smbcli_write(cli->tree, fnum1, 0, buf, 0, 2048);
+
+	/* 3 second delay to ensure we get past any 2 second time
+	   granularity (older systems may have that) */
+	smb_msleep(3 * msec);
+
+	finfo1.all_info.level = RAW_FILEINFO_ALL_INFO;
+	finfo1.all_info.in.file.fnum = fnum1;
+	finfo2 = finfo1;
+	finfo3 = finfo1;
+	pinfo4.all_info.level = RAW_FILEINFO_ALL_INFO;
+	pinfo4.all_info.in.file.path = fname;
+
+	status = smb_raw_fileinfo(cli->tree, tctx, &finfo1);
+
+	torture_assert_ntstatus_ok(tctx, status, "fileinfo failed");
+
+	torture_assert_u64_equal(tctx, finfo1.all_info.out.size, 2048,
+				 "file size not as expected after write(2048)");
+
+	torture_comment(tctx, "Initial write time %s\n",
+			nt_time_string(tctx, finfo1.all_info.out.write_time));
+
+	/* Do a zero length SMBwrite call to truncate. */
+	written = smbcli_smbwrite(cli->tree, fnum1, "x", 10240, 0);
+
+	torture_assert_int_equal(tctx, written, 0,
+				 "unexpected number of bytes written");
+
+	start = timeval_current();
+	end = timeval_add(&start, (120*sec), 0);
+	first = true;
+	updated = false;
+	while (!timeval_expired(&end)) {
+		status = smb_raw_fileinfo(cli->tree, tctx, &finfo2);
+
+		torture_assert_ntstatus_ok(tctx, status, "fileinfo failed");
+
+		torture_assert_u64_equal(tctx, finfo2.all_info.out.size, 10240,
+					 "file not truncated to expected size "
+					 "(10240)");
+
+		torture_comment(tctx, "write time %s\n",
+			nt_time_string(tctx, finfo2.all_info.out.write_time));
+
+		if (finfo1.all_info.out.write_time !=
+		    finfo2.all_info.out.write_time)
+		{
+			updated = true;
+			break;
+		}
+
+		fflush(stdout);
+		smb_msleep(1 * msec);
+		first = false;
+	}
+
+	torture_assert(tctx, updated,
+		       "Server did not update write time within 120 seconds");
+
+	torture_assert(tctx, first, talloc_asprintf(tctx,
+		       "Server did not update write time immediately but only "
+		       "after %.2f seconds!", timeval_elapsed(&start)));
+
+	torture_comment(tctx, "Server updated write time immediately. Good!\n");
+
+	fflush(stdout);
+	smb_msleep(2 * msec);
+
+	/* Do a non-zero length SMBwrite and make sure it doesn't update the write time. */
+	written = smbcli_smbwrite(cli->tree, fnum1, "x", 0, 1);
+
+	torture_assert_int_equal(tctx, written, 1,
+				 "unexpected number of bytes written");
+
+	start = timeval_current();
+	end = timeval_add(&start, (10*sec), 0);
+	while (!timeval_expired(&end)) {
+		status = smb_raw_fileinfo(cli->tree, tctx, &finfo3);
+
+		torture_assert_ntstatus_ok(tctx, status, "fileinfo failed");
+
+		torture_assert_u64_equal(tctx, finfo3.all_info.out.size, 10240,
+					 "file not truncated to expected size "
+					 "(10240)");
+
+		torture_comment(tctx, "write time %s\n",
+			nt_time_string(tctx, finfo3.all_info.out.write_time));
+
+		torture_assert_u64_equal(tctx,
+					 finfo3.all_info.out.write_time,
+					 finfo2.all_info.out.write_time,
+					 talloc_asprintf(tctx,
+						"Server updated write time "
+						"after %.2f seconds (wrong!)",
+						timeval_elapsed(&start)));
+
+		fflush(stdout);
+		smb_msleep(1 * msec);
+	}
+
+	torture_comment(tctx, "Server did not update write time within 10 "
+			"seconds. Good!\n");
+
+	/* the close should trigger an write time update */
+	smbcli_close(cli->tree, fnum1);
+	fnum1 = -1;
+
+	status = smb_raw_pathinfo(cli->tree, tctx, &pinfo4);
+	torture_assert_ntstatus_ok(tctx, status, "pathinfo failed");
+
+	torture_assert_u64_not_equal(tctx,
+				     pinfo4.all_info.out.write_time,
+				     finfo3.all_info.out.write_time,
+				     "Server did not update write time on "
+				     "close (wrong!)");
+	torture_assert(tctx,
+		pinfo4.all_info.out.write_time > finfo3.all_info.out.write_time,
+		"Server updated write time on close, but to an earlier point "
+		"in time");
+
+	torture_comment(tctx, "Server updated write time on close (correct)\n");
+
+	if (fnum1 != -1)
+		smbcli_close(cli->tree, fnum1);
+	smbcli_unlink(cli->tree, fname);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+/* Updating with a SET_FILE_END_OF_FILE_INFO
+ * changes the write time immediately - even on expand. */
+
+static bool test_delayed_write_update1b(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	union smb_fileinfo finfo1, finfo2, finfo3, pinfo4;
+	const char *fname = BASEDIR "\\torture_file1b.txt";
+	NTSTATUS status;
+	int fnum1 = -1;
+	bool ret = true;
+	ssize_t written;
+	struct timeval start;
+	struct timeval end;
+	double used_delay = torture_setting_int(tctx, "writetimeupdatedelay", 2000000);
+	int normal_delay = 2000000;
+	double sec = ((double)used_delay) / ((double)normal_delay);
+	int msec = 1000 * sec;
+	char buf[2048];
+	bool first;
+	bool updated;
+
+	torture_comment(tctx, "\nRunning test_delayed_write_update1b\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	fnum1 = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	torture_assert_int_not_equal(tctx, fnum1, -1, talloc_asprintf(tctx,
+				     "Failed to open %s", fname));
+
+	memset(buf, 'x', 2048);
+	written =  smbcli_write(cli->tree, fnum1, 0, buf, 0, 2048);
+
+	/* 3 second delay to ensure we get past any 2 second time
+	   granularity (older systems may have that) */
+	smb_msleep(3 * msec);
+
+	finfo1.all_info.level = RAW_FILEINFO_ALL_INFO;
+	finfo1.all_info.in.file.fnum = fnum1;
+	finfo2 = finfo1;
+	finfo3 = finfo1;
+	pinfo4.all_info.level = RAW_FILEINFO_ALL_INFO;
+	pinfo4.all_info.in.file.path = fname;
+
+	status = smb_raw_fileinfo(cli->tree, tctx, &finfo1);
+
+	torture_assert_ntstatus_ok(tctx, status, "fileinfo failed");
+
+	torture_assert_u64_equal(tctx, finfo1.all_info.out.size, 2048,
+				 "file size not as expected after write(2048)");
+
+	torture_comment(tctx, "Initial write time %s\n",
+		nt_time_string(tctx, finfo1.all_info.out.write_time));
+
+	/* Do a SET_END_OF_FILE_INFO call to truncate. */
+	status = smbcli_ftruncate(cli->tree, fnum1, (uint64_t)10240);
+
+	torture_assert_ntstatus_ok(tctx, status, "SET_END_OF_FILE failed");
+
+	start = timeval_current();
+	end = timeval_add(&start, (120*sec), 0);
+	first = true;
+	updated = false;
+	while (!timeval_expired(&end)) {
+		status = smb_raw_fileinfo(cli->tree, tctx, &finfo2);
+
+		torture_assert_ntstatus_ok(tctx, status, "fileinfo failed");
+
+		torture_assert_u64_equal(tctx, finfo2.all_info.out.size, 10240,
+					 "file not truncated to expected size "
+					 "(10240)");
+
+		torture_comment(tctx, "write time %s\n",
+			nt_time_string(tctx, finfo2.all_info.out.write_time));
+
+		if (finfo1.all_info.out.write_time !=
+		    finfo2.all_info.out.write_time)
+		{
+			updated = true;
+			break;
+		}
+
+		fflush(stdout);
+		smb_msleep(1 * msec);
+		first = false;
+	}
+
+	torture_assert(tctx, updated,
+		       "Server did not update write time within 120 seconds");
+
+	torture_assert(tctx, first, talloc_asprintf(tctx,
+		       "Server did not update write time immediately but only "
+		       "after %.2f seconds!", timeval_elapsed(&start)));
+
+	torture_comment(tctx, "Server updated write time immediately. Good!\n");
+
+	fflush(stdout);
+	smb_msleep(2 * msec);
+
+	/* Do a non-zero length SMBwrite and make sure it doesn't update the write time. */
+	written = smbcli_smbwrite(cli->tree, fnum1, "x", 0, 1);
+
+	torture_assert_int_equal(tctx, written, 1,
+				 "unexpected number of bytes written");
+
+	start = timeval_current();
+	end = timeval_add(&start, (10*sec), 0);
+	while (!timeval_expired(&end)) {
+		status = smb_raw_fileinfo(cli->tree, tctx, &finfo3);
+
+		torture_assert_ntstatus_ok(tctx, status, "fileinfo failed");
+
+		torture_assert_u64_equal(tctx, finfo3.all_info.out.size, 10240,
+					 "file not truncated to expected size "
+					 "(10240)");
+
+		torture_comment(tctx, "write time %s\n",
+			nt_time_string(tctx, finfo3.all_info.out.write_time));
+
+		torture_assert_u64_equal(tctx,
+					 finfo3.all_info.out.write_time,
+					 finfo2.all_info.out.write_time,
+					 talloc_asprintf(tctx,
+						"Server updated write time "
+						"after %.2f seconds (wrong!)",
+						timeval_elapsed(&start)));
+
+		fflush(stdout);
+		smb_msleep(1 * msec);
+	}
+
+	torture_comment(tctx, "Server did not update write time within 10 "
+			"seconds. Good!\n");
+
+	/* the close should trigger an write time update */
+	smbcli_close(cli->tree, fnum1);
+	fnum1 = -1;
+
+	status = smb_raw_pathinfo(cli->tree, tctx, &pinfo4);
+	torture_assert_ntstatus_ok(tctx, status, "pathinfo failed");
+
+	torture_assert_u64_not_equal(tctx,
+				     pinfo4.all_info.out.write_time,
+				     finfo3.all_info.out.write_time,
+				     "Server did not update write time on "
+				     "close (wrong!)");
+	torture_assert(tctx,
+		pinfo4.all_info.out.write_time > finfo3.all_info.out.write_time,
+		"Server updated write time on close, but to an earlier point "
+		"in time");
+
+	torture_comment(tctx, "Server updated write time on close (correct)\n");
+
+	if (fnum1 != -1)
+		smbcli_close(cli->tree, fnum1);
+	smbcli_unlink(cli->tree, fname);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+/* Updating with a SET_ALLOCATION_INFO (truncate) does so immediately. */
+
+static bool test_delayed_write_update1c(struct torture_context *tctx, struct smbcli_state *cli)
+{
+        union smb_setfileinfo parms;
+	union smb_fileinfo finfo1, finfo2, finfo3, pinfo4;
+	const char *fname = BASEDIR "\\torture_file1c.txt";
+	NTSTATUS status;
+	int fnum1 = -1;
+	bool ret = true;
+	ssize_t written;
+	struct timeval start;
+	struct timeval end;
+	double used_delay = torture_setting_int(tctx, "writetimeupdatedelay", 2000000);
+	int normal_delay = 2000000;
+	double sec = ((double)used_delay) / ((double)normal_delay);
+	int msec = 1000 * sec;
+	char buf[2048];
+	bool first;
+	bool updated;
+
+	torture_comment(tctx, "\nRunning test_delayed_write_update1c\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	fnum1 = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	torture_assert_int_not_equal(tctx, fnum1, -1, talloc_asprintf(tctx,
+				     "Failed to open %s", fname));
+
+	memset(buf, 'x', 2048);
+	written =  smbcli_write(cli->tree, fnum1, 0, buf, 0, 2048);
+
+	/* 3 second delay to ensure we get past any 2 second time
+	   granularity (older systems may have that) */
+	smb_msleep(3 * msec);
+
+	finfo1.all_info.level = RAW_FILEINFO_ALL_INFO;
+	finfo1.all_info.in.file.fnum = fnum1;
+	finfo2 = finfo1;
+	finfo3 = finfo1;
+	pinfo4.all_info.level = RAW_FILEINFO_ALL_INFO;
+	pinfo4.all_info.in.file.path = fname;
+
+	status = smb_raw_fileinfo(cli->tree, tctx, &finfo1);
+
+	torture_assert_ntstatus_ok(tctx, status, "fileinfo failed");
+
+	torture_assert_u64_equal(tctx, finfo1.all_info.out.size, 2048,
+				 "file size not as expected after write(2048)");
+
+	torture_comment(tctx, "Initial write time %s\n",
+		nt_time_string(tctx, finfo1.all_info.out.write_time));
+
+	/* Do a SET_ALLOCATION_SIZE call to truncate. */
+	parms.allocation_info.level = RAW_SFILEINFO_ALLOCATION_INFO;
+	parms.allocation_info.in.file.fnum = fnum1;
+	parms.allocation_info.in.alloc_size = 0;
+
+	status = smb_raw_setfileinfo(cli->tree, &parms);
+
+	torture_assert_ntstatus_ok(tctx, status,
+				   "RAW_SFILEINFO_ALLOCATION_INFO failed");
+
+	start = timeval_current();
+	end = timeval_add(&start, (120*sec), 0);
+	first = true;
+	updated = false;
+	while (!timeval_expired(&end)) {
+		status = smb_raw_fileinfo(cli->tree, tctx, &finfo2);
+
+		torture_assert_ntstatus_ok(tctx, status, "fileinfo failed");
+
+		torture_assert_u64_equal(tctx, finfo2.all_info.out.size, 0,
+					 "file not truncated to expected size "
+					 "(0)");
+
+		torture_comment(tctx, "write time %s\n",
+			nt_time_string(tctx, finfo2.all_info.out.write_time));
+
+		if (finfo1.all_info.out.write_time !=
+		    finfo2.all_info.out.write_time)
+		{
+			updated = true;
+			break;
+		}
+
+		fflush(stdout);
+		smb_msleep(1 * msec);
+		first = false;
+	}
+
+	torture_assert(tctx, updated,
+		       "Server did not update write time within 120 seconds");
+
+	torture_assert(tctx, first, talloc_asprintf(tctx,
+		       "Server did not update write time immediately but only "
+		       "after %.2f seconds!", timeval_elapsed(&start)));
+
+	torture_comment(tctx, "Server updated write time immediately. Good!\n");
+
+	fflush(stdout);
+	smb_msleep(2 * msec);
+
+	/* Do a non-zero length SMBwrite and make sure it doesn't update the write time. */
+	written = smbcli_smbwrite(cli->tree, fnum1, "x", 0, 1);
+	torture_assert_int_equal(tctx, written, 1,
+				 "Unexpected number of bytes written");
+
+	start = timeval_current();
+	end = timeval_add(&start, (10*sec), 0);
+	while (!timeval_expired(&end)) {
+		status = smb_raw_fileinfo(cli->tree, tctx, &finfo3);
+
+		torture_assert_ntstatus_ok(tctx, status, "fileinfo failed");
+
+		torture_assert_u64_equal(tctx, finfo3.all_info.out.size, 1,
+					 "file not expaneded");
+
+		torture_comment(tctx, "write time %s\n",
+			nt_time_string(tctx, finfo3.all_info.out.write_time));
+
+		torture_assert_u64_equal(tctx,
+					 finfo3.all_info.out.write_time,
+					 finfo2.all_info.out.write_time,
+					 talloc_asprintf(tctx,
+						"Server updated write time "
+						"after %.2f seconds (wrong!)",
+						timeval_elapsed(&start)));
+
+		fflush(stdout);
+		smb_msleep(1 * msec);
+	}
+
+	torture_comment(tctx, "Server did not update write time within 10 "
+			"seconds. Good!\n");
+
+	/* the close should trigger an write time update */
+	smbcli_close(cli->tree, fnum1);
+	fnum1 = -1;
+
+	status = smb_raw_pathinfo(cli->tree, tctx, &pinfo4);
+	torture_assert_ntstatus_ok(tctx, status, "pathinfo failed");
+
+	torture_assert_u64_not_equal(tctx,
+				     pinfo4.all_info.out.write_time,
+				     finfo3.all_info.out.write_time,
+				     "Server did not update write time on "
+				     "close (wrong!)");
+	torture_assert(tctx,
+		pinfo4.all_info.out.write_time > finfo3.all_info.out.write_time,
+		"Server updated write time on close, but to an earlier point "
+		"in time");
+
+	if (fnum1 != -1)
+		smbcli_close(cli->tree, fnum1);
+	smbcli_unlink(cli->tree, fname);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+/*
+ * Do as above, but using 2 connections.
+ */
+
+static bool test_delayed_write_update2(struct torture_context *tctx, struct smbcli_state *cli, 
+									   struct smbcli_state *cli2)
+{
+	union smb_fileinfo finfo1, finfo2;
+	const char *fname = BASEDIR "\\torture_file.txt";
+	NTSTATUS status;
+	int fnum1 = -1;
+	int fnum2 = -1;
+	bool ret = true;
+	ssize_t written;
+	struct timeval start;
+	struct timeval end;
+	double used_delay = torture_setting_int(tctx, "writetimeupdatedelay", 2000000);
+	int normal_delay = 2000000;
+	double sec = ((double)used_delay) / ((double)normal_delay);
+	int msec = 1000 * sec;
+	union smb_flush flsh;
+
+	torture_comment(tctx, "\nRunning test_delayed_write_update2\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	fnum1 = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	if (fnum1 == -1) {
+		torture_comment(tctx, "Failed to open %s\n", fname);
+		return false;
+	}
+
+	finfo1.basic_info.level = RAW_FILEINFO_BASIC_INFO;
+	finfo1.basic_info.in.file.fnum = fnum1;
+	finfo2 = finfo1;
+
+	status = smb_raw_fileinfo(cli->tree, tctx, &finfo1);
+
+	torture_assert_ntstatus_ok(tctx, status, "fileinfo failed");
+	
+	torture_comment(tctx, "Initial write time %s\n", 
+	       nt_time_string(tctx, finfo1.basic_info.out.write_time));
+
+	/* 3 second delay to ensure we get past any 2 second time
+	   granularity (older systems may have that) */
+	smb_msleep(3 * msec);
+
+	{
+		/* Try using setfileinfo instead of write to update write time. */
+		union smb_setfileinfo sfinfo;
+		time_t t_set = time(NULL);
+		sfinfo.basic_info.level = RAW_SFILEINFO_BASIC_INFO;
+		sfinfo.basic_info.in.file.fnum = fnum1;
+		sfinfo.basic_info.in.create_time = finfo1.basic_info.out.create_time;
+		sfinfo.basic_info.in.access_time = finfo1.basic_info.out.access_time;
+
+		/* I tried this with both + and - ve to see if it makes a different.
+		   It doesn't - once the filetime is set via setfileinfo it stays that way. */
+#if 1
+		unix_to_nt_time(&sfinfo.basic_info.in.write_time, t_set - 30000);
+#else
+		unix_to_nt_time(&sfinfo.basic_info.in.write_time, t_set + 30000);
+#endif
+		sfinfo.basic_info.in.change_time = finfo1.basic_info.out.change_time;
+		sfinfo.basic_info.in.attrib = finfo1.basic_info.out.attrib;
+
+		status = smb_raw_setfileinfo(cli->tree, &sfinfo);
+
+		torture_assert_ntstatus_ok(tctx, status, "sfileinfo failed");
+	}
+
+	finfo2.basic_info.in.file.path = fname;
+	
+	status = smb_raw_pathinfo(cli2->tree, tctx, &finfo2);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("fileinfo failed: %s\n", nt_errstr(status)));
+		return false;
+	}
+	torture_comment(tctx, "write time %s\n",
+	       nt_time_string(tctx, finfo2.basic_info.out.write_time));
+
+	if (finfo1.basic_info.out.write_time != finfo2.basic_info.out.write_time) {
+		torture_comment(tctx, "Server updated write_time (correct)\n");
+	} else {
+		torture_result(tctx, TORTURE_FAIL, "Server did not update write time (wrong!)\n");
+		ret = false;
+	}
+
+	/* Now try a write to see if the write time gets reset. */
+
+	finfo1.basic_info.level = RAW_FILEINFO_BASIC_INFO;
+	finfo1.basic_info.in.file.fnum = fnum1;
+	finfo2 = finfo1;
+
+	status = smb_raw_fileinfo(cli->tree, tctx, &finfo1);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("fileinfo failed: %s\n", nt_errstr(status)));
+		return false;
+	}
+	
+	torture_comment(tctx, "Modified write time %s\n", 
+	       nt_time_string(tctx, finfo1.basic_info.out.write_time));
+
+
+	torture_comment(tctx, "Doing a 10 byte write to extend the file and see if this changes the last write time.\n");
+
+	written =  smbcli_write(cli->tree, fnum1, 0, "0123456789", 1, 10);
+
+	if (written != 10) {
+		torture_result(tctx, TORTURE_FAIL, "write failed - wrote %d bytes (%s)\n",
+		       (int)written, __location__);
+		return false;
+	}
+
+	/* Just to prove to tridge that the an smbflush has no effect on
+	   the write time :-). The setfileinfo IS STICKY. JRA. */
+
+	torture_comment(tctx, "Doing flush after write\n");
+
+	flsh.flush.level	= RAW_FLUSH_FLUSH;
+	flsh.flush.in.file.fnum = fnum1;
+	status = smb_raw_flush(cli->tree, &flsh);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("smbflush failed: %s\n", nt_errstr(status)));
+		return false;
+	}
+
+	/* Once the time was set using setfileinfo then it stays set - writes
+	   don't have any effect. But make sure. */
+	start = timeval_current();
+	end = timeval_add(&start, (15*sec), 0);
+	while (!timeval_expired(&end)) {
+		status = smb_raw_fileinfo(cli->tree, tctx, &finfo2);
+
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0, ("fileinfo failed: %s\n", nt_errstr(status)));
+			ret = false;
+			break;
+		}
+		torture_comment(tctx, "write time %s\n", 
+		       nt_time_string(tctx, finfo2.basic_info.out.write_time));
+		if (finfo1.basic_info.out.write_time != finfo2.basic_info.out.write_time) {
+			double diff = timeval_elapsed(&start);
+			torture_result(tctx, TORTURE_FAIL, "Server updated write_time after %.2f seconds"
+					"(wrong!)\n",
+					diff);
+			ret = false;
+			break;
+		}
+		fflush(stdout);
+		smb_msleep(1 * msec);
+	}
+	
+	if (finfo1.basic_info.out.write_time == finfo2.basic_info.out.write_time) {
+		torture_comment(tctx, "Server did not update write time (correct)\n");
+	}
+
+	fflush(stdout);
+	smb_msleep(2 * msec);
+
+	fnum2 = smbcli_open(cli->tree, fname, O_RDWR, DENY_NONE);
+	if (fnum2 == -1) {
+		torture_result(tctx, TORTURE_FAIL, "Failed to open %s\n", fname);
+		return false;
+	}
+	
+	torture_comment(tctx, "Doing a 10 byte write to extend the file via second fd and see if this changes the last write time.\n");
+
+	written =  smbcli_write(cli->tree, fnum2, 0, "0123456789", 11, 10);
+
+	if (written != 10) {
+		torture_result(tctx, TORTURE_FAIL, "write failed - wrote %d bytes (%s)\n",
+		       (int)written, __location__);
+		return false;
+	}
+
+	status = smb_raw_fileinfo(cli->tree, tctx, &finfo2);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("fileinfo failed: %s\n", nt_errstr(status)));
+		return false;
+	}
+	torture_comment(tctx, "write time %s\n", 
+	       nt_time_string(tctx, finfo2.basic_info.out.write_time));
+	if (finfo1.basic_info.out.write_time != finfo2.basic_info.out.write_time) {
+		torture_result(tctx, TORTURE_FAIL, "Server updated write_time (wrong!)\n");
+		ret = false;
+	}
+
+	torture_comment(tctx, "Closing the first fd to see if write time updated.\n");
+	smbcli_close(cli->tree, fnum1);
+	fnum1 = -1;
+
+	torture_comment(tctx, "Doing a 10 byte write to extend the file via second fd and see if this changes the last write time.\n");
+
+	written =  smbcli_write(cli->tree, fnum2, 0, "0123456789", 21, 10);
+
+	if (written != 10) {
+		torture_result(tctx, TORTURE_FAIL, "write failed - wrote %d bytes (%s)\n",
+		       (int)written, __location__);
+		return false;
+	}
+
+	finfo1.basic_info.level = RAW_FILEINFO_BASIC_INFO;
+	finfo1.basic_info.in.file.fnum = fnum2;
+	finfo2 = finfo1;
+	status = smb_raw_fileinfo(cli->tree, tctx, &finfo2);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("fileinfo failed: %s\n", nt_errstr(status)));
+		return false;
+	}
+	torture_comment(tctx, "write time %s\n", 
+	       nt_time_string(tctx, finfo2.basic_info.out.write_time));
+	if (finfo1.basic_info.out.write_time != finfo2.basic_info.out.write_time) {
+		torture_result(tctx, TORTURE_FAIL, "Server updated write_time (wrong!)\n");
+		ret = false;
+	}
+
+	/* Once the time was set using setfileinfo then it stays set - writes
+	   don't have any effect. But make sure. */
+	start = timeval_current();
+	end = timeval_add(&start, (15*sec), 0);
+	while (!timeval_expired(&end)) {
+		status = smb_raw_fileinfo(cli->tree, tctx, &finfo2);
+
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0, ("fileinfo failed: %s\n", nt_errstr(status)));
+			ret = false;
+			break;
+		}
+		torture_comment(tctx, "write time %s\n", 
+		       nt_time_string(tctx, finfo2.basic_info.out.write_time));
+		if (finfo1.basic_info.out.write_time != finfo2.basic_info.out.write_time) {
+			double diff = timeval_elapsed(&start);
+			torture_result(tctx, TORTURE_FAIL, "Server updated write_time after %.2f seconds "
+					"(wrong!)\n",
+					diff);
+			ret = false;
+			break;
+		}
+		fflush(stdout);
+		smb_msleep(1 * msec);
+	}
+	
+	if (finfo1.basic_info.out.write_time == finfo2.basic_info.out.write_time) {
+		torture_comment(tctx, "Server did not update write time (correct)\n");
+	}
+
+	torture_comment(tctx, "Closing second fd to see if write time updated.\n");
+
+	smbcli_close(cli->tree, fnum2);
+	fnum2 = -1;
+
+	fnum1 = smbcli_open(cli->tree, fname, O_RDWR, DENY_NONE);
+	if (fnum1 == -1) {
+		torture_comment(tctx, "Failed to open %s\n", fname);
+		return false;
+	}
+
+	finfo1.basic_info.level = RAW_FILEINFO_BASIC_INFO;
+	finfo1.basic_info.in.file.fnum = fnum1;
+	finfo2 = finfo1;
+
+	status = smb_raw_fileinfo(cli->tree, tctx, &finfo1);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("fileinfo failed: %s\n", nt_errstr(status)));
+		return false;
+	}
+	
+	torture_comment(tctx, "Second open initial write time %s\n", 
+	       nt_time_string(tctx, finfo1.basic_info.out.write_time));
+
+	smb_msleep(10 * msec);
+	torture_comment(tctx, "Doing a 10 byte write to extend the file to see if this changes the last write time.\n");
+
+	written =  smbcli_write(cli->tree, fnum1, 0, "0123456789", 31, 10);
+
+	if (written != 10) {
+		torture_result(tctx, TORTURE_FAIL, "write failed - wrote %d bytes (%s)\n",
+		       (int)written, __location__);
+		return false;
+	}
+
+	finfo1.basic_info.level = RAW_FILEINFO_BASIC_INFO;
+	finfo1.basic_info.in.file.fnum = fnum1;
+	finfo2 = finfo1;
+	status = smb_raw_fileinfo(cli->tree, tctx, &finfo2);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("fileinfo failed: %s\n", nt_errstr(status)));
+		return false;
+	}
+	torture_comment(tctx, "write time %s\n", 
+	       nt_time_string(tctx, finfo2.basic_info.out.write_time));
+	if (finfo1.basic_info.out.write_time != finfo2.basic_info.out.write_time) {
+		torture_result(tctx, TORTURE_FAIL, "Server updated write_time (wrong!)\n");
+		ret = false;
+	}
+
+	/* Now the write time should be updated again */
+	start = timeval_current();
+	end = timeval_add(&start, (15*sec), 0);
+	while (!timeval_expired(&end)) {
+		status = smb_raw_fileinfo(cli->tree, tctx, &finfo2);
+
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0, ("fileinfo failed: %s\n", nt_errstr(status)));
+			ret = false;
+			break;
+		}
+		torture_comment(tctx, "write time %s\n", 
+		       nt_time_string(tctx, finfo2.basic_info.out.write_time));
+		if (finfo1.basic_info.out.write_time != finfo2.basic_info.out.write_time) {
+			double diff = timeval_elapsed(&start);
+			if (diff < (used_delay / (double)1000000)) {
+				torture_result(tctx, TORTURE_FAIL, "Server updated write_time after %.2f seconds"
+						"(expected > %.2f) (wrong!)\n",
+						diff, used_delay / (double)1000000);
+				ret = false;
+				break;
+			}
+
+			torture_comment(tctx, "Server updated write_time after %.2f seconds"
+					"(correct)\n",
+					diff);
+			break;
+		}
+		fflush(stdout);
+		smb_msleep(1*msec);
+	}
+	
+	if (finfo1.basic_info.out.write_time == finfo2.basic_info.out.write_time) {
+		torture_result(tctx, TORTURE_FAIL, "Server did not update write time (wrong!)\n");
+		ret = false;
+	}
+
+
+	/* One more test to do. We should read the filetime via findfirst on the
+	   second connection to ensure it's the same. This is very easy for a Windows
+	   server but a bastard to get right on a POSIX server. JRA. */
+
+	if (fnum1 != -1)
+		smbcli_close(cli->tree, fnum1);
+	smbcli_unlink(cli->tree, fname);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+
+/* Windows does obviously not update the stat info during a write call. I
+ * *think* this is the problem causing a spurious Excel 2003 on XP error
+ * message when saving a file. Excel does a setfileinfo, writes, and then does
+ * a getpath(!)info. Or so... For Samba sometimes it displays an error message
+ * that the file might have been changed in between. What i've been able to
+ * trace down is that this happens if the getpathinfo after the write shows a
+ * different last write time than the setfileinfo showed. This is really
+ * nasty....
+ */
+
+static bool test_finfo_after_write(struct torture_context *tctx, struct smbcli_state *cli, 
+								   struct smbcli_state *cli2)
+{
+	union smb_fileinfo finfo1, finfo2;
+	const char *fname = BASEDIR "\\torture_file.txt";
+	NTSTATUS status;
+	int fnum1 = -1;
+	int fnum2;
+	bool ret = true;
+	ssize_t written;
+	double used_delay = torture_setting_int(tctx, "writetimeupdatedelay", 2000000);
+	int normal_delay = 2000000;
+	double sec = ((double)used_delay) / ((double)normal_delay);
+	int msec = 1000 * sec;
+
+	torture_comment(tctx, "\nRunning test_finfo_after_write\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	fnum1 = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	if (fnum1 == -1) {
+		ret = false;
+		torture_result(tctx, TORTURE_FAIL, __location__": unable to open %s", fname);
+		goto done;
+	}
+
+	finfo1.basic_info.level = RAW_FILEINFO_BASIC_INFO;
+	finfo1.basic_info.in.file.fnum = fnum1;
+
+	status = smb_raw_fileinfo(cli->tree, tctx, &finfo1);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		ret = false;
+		torture_result(tctx, TORTURE_FAIL, __location__": fileinfo failed: %s", nt_errstr(status));
+		goto done;
+	}
+
+	smb_msleep(1 * msec);
+
+	written =  smbcli_write(cli->tree, fnum1, 0, "x", 0, 1);
+
+	if (written != 1) {
+		torture_result(tctx, TORTURE_FAIL, __location__": written gave %d - should have been 1", (int)written);
+		ret = false;
+		goto done;
+	}
+
+	fnum2 = smbcli_open(cli2->tree, fname, O_RDWR, DENY_NONE);
+	if (fnum2 == -1) {
+		torture_result(tctx, TORTURE_FAIL, __location__": failed to open 2nd time - %s", 
+		       smbcli_errstr(cli2->tree));
+		ret = false;
+		goto done;
+	}
+
+	written =  smbcli_write(cli2->tree, fnum2, 0, "x", 0, 1);
+
+	if (written != 1) {
+		torture_result(tctx, TORTURE_FAIL, __location__": written gave %d - should have been 1", 
+		       (int)written);
+		ret = false;
+		goto done;
+	}
+
+	finfo2.basic_info.level = RAW_FILEINFO_BASIC_INFO;
+	finfo2.basic_info.in.file.path = fname;
+
+	status = smb_raw_pathinfo(cli2->tree, tctx, &finfo2);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_result(tctx, TORTURE_FAIL, __location__": fileinfo failed: %s", 
+			  nt_errstr(status));
+		ret = false;
+		goto done;
+	}
+
+	if (finfo1.basic_info.out.create_time !=
+	    finfo2.basic_info.out.create_time) {
+		torture_result(tctx, TORTURE_FAIL, __location__": create_time changed");
+		ret = false;
+		goto done;
+	}
+
+	if (finfo1.basic_info.out.access_time !=
+	    finfo2.basic_info.out.access_time) {
+		torture_result(tctx, TORTURE_FAIL, __location__": access_time changed");
+		ret = false;
+		goto done;
+	}
+
+	if (finfo1.basic_info.out.write_time !=
+	    finfo2.basic_info.out.write_time) {
+		torture_result(tctx, TORTURE_FAIL, __location__": write_time changed:\n"
+					   "write time conn 1 = %s, conn 2 = %s", 
+		       nt_time_string(tctx, finfo1.basic_info.out.write_time),
+		       nt_time_string(tctx, finfo2.basic_info.out.write_time));
+		ret = false;
+		goto done;
+	}
+
+	if (finfo1.basic_info.out.change_time !=
+	    finfo2.basic_info.out.change_time) {
+		torture_result(tctx, TORTURE_FAIL, __location__": change_time changed");
+		ret = false;
+		goto done;
+	}
+
+	/* One of the two following calls updates the qpathinfo. */
+
+	/* If you had skipped the smbcli_write on fnum2, it would
+	 * *not* have updated the stat on disk */
+
+	smbcli_close(cli2->tree, fnum2);
+	cli2 = NULL;
+
+	/* This call is only for the people looking at ethereal :-) */
+	finfo2.basic_info.level = RAW_FILEINFO_BASIC_INFO;
+	finfo2.basic_info.in.file.path = fname;
+
+	status = smb_raw_pathinfo(cli->tree, tctx, &finfo2);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_result(tctx, TORTURE_FAIL, __location__": fileinfo failed: %s", nt_errstr(status));
+		ret = false;
+		goto done;
+	}
+
+ done:
+	if (fnum1 != -1)
+		smbcli_close(cli->tree, fnum1);
+	smbcli_unlink(cli->tree, fname);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+#define COMPARE_WRITE_TIME_CMP(given, correct, cmp) do { \
+	uint64_t r = 10*1000*1000; \
+	NTTIME g = (given).basic_info.out.write_time; \
+	NTTIME gr = (g / r) * r; \
+	NTTIME c = (correct).basic_info.out.write_time; \
+	NTTIME cr = (c / r) * r; \
+	bool strict = torture_setting_bool(tctx, "strict mode", false); \
+	bool err = false; \
+	if (strict && (g cmp c)) { \
+		err = true; \
+	} else if ((g cmp c) && (gr cmp cr)) { \
+		/* handle filesystem without high resolution timestamps */ \
+		err = true; \
+	} \
+	if (err) { \
+		torture_result(tctx, TORTURE_FAIL, __location__": wrong write_time (%s)%s(%llu) %s (%s)%s(%llu)", \
+				#given, nt_time_string(tctx, g), (unsigned long long)g, \
+				#cmp, #correct, nt_time_string(tctx, c), (unsigned long long)c); \
+		ret = false; \
+		goto done; \
+	} \
+} while (0)
+#define COMPARE_WRITE_TIME_EQUAL(given,correct) \
+	COMPARE_WRITE_TIME_CMP(given,correct,!=)
+#define COMPARE_WRITE_TIME_GREATER(given,correct) \
+	COMPARE_WRITE_TIME_CMP(given,correct,<=)
+#define COMPARE_WRITE_TIME_LESS(given,correct) \
+	COMPARE_WRITE_TIME_CMP(given,correct,>=)
+
+#define COMPARE_ACCESS_TIME_CMP(given, correct, cmp) do { \
+	NTTIME g = (given).basic_info.out.access_time; \
+	NTTIME c = (correct).basic_info.out.access_time; \
+	if (g cmp c) { \
+		torture_result(tctx, TORTURE_FAIL, __location__": wrong access_time (%s)%s %s (%s)%s", \
+				#given, nt_time_string(tctx, g), \
+				#cmp, #correct, nt_time_string(tctx, c)); \
+		ret = false; \
+		goto done; \
+	} \
+} while (0)
+#define COMPARE_ACCESS_TIME_EQUAL(given,correct) \
+	COMPARE_ACCESS_TIME_CMP(given,correct,!=)
+
+#define COMPARE_BOTH_TIMES_EQUAL(given,correct) do { \
+	COMPARE_ACCESS_TIME_EQUAL(given,correct); \
+	COMPARE_WRITE_TIME_EQUAL(given,correct); \
+} while (0)
+
+#define GET_INFO_FILE(finfo) do { \
+	NTSTATUS _status; \
+	_status = smb_raw_fileinfo(cli->tree, tctx, &finfo); \
+	if (!NT_STATUS_IS_OK(_status)) { \
+		ret = false; \
+		torture_result(tctx, TORTURE_FAIL, __location__": fileinfo failed: %s", \
+			       nt_errstr(_status)); \
+		goto done; \
+	} \
+	torture_comment(tctx, "fileinfo: Access(%s) Write(%s)\n", \
+			nt_time_string(tctx, finfo.basic_info.out.access_time), \
+			nt_time_string(tctx, finfo.basic_info.out.write_time)); \
+} while (0)
+#define GET_INFO_FILE2(finfo) do { \
+	NTSTATUS _status; \
+	_status = smb_raw_fileinfo(cli2->tree, tctx, &finfo); \
+	if (!NT_STATUS_IS_OK(_status)) { \
+		ret = false; \
+		torture_result(tctx, TORTURE_FAIL, __location__": fileinfo failed: %s", \
+			       nt_errstr(_status)); \
+		goto done; \
+	} \
+	torture_comment(tctx, "fileinfo: Access(%s) Write(%s)\n", \
+			nt_time_string(tctx, finfo.basic_info.out.access_time), \
+			nt_time_string(tctx, finfo.basic_info.out.write_time)); \
+} while (0)
+#define GET_INFO_PATH(pinfo) do { \
+	NTSTATUS _status; \
+	_status = smb_raw_pathinfo(cli2->tree, tctx, &pinfo); \
+	if (!NT_STATUS_IS_OK(_status)) { \
+		torture_result(tctx, TORTURE_FAIL, __location__": pathinfo failed: %s", \
+			       nt_errstr(_status)); \
+		ret = false; \
+		goto done; \
+	} \
+	torture_comment(tctx, "pathinfo: Access(%s) Write(%s)\n", \
+			nt_time_string(tctx, pinfo.basic_info.out.access_time), \
+			nt_time_string(tctx, pinfo.basic_info.out.write_time)); \
+} while (0)
+#define GET_INFO_BOTH(finfo,pinfo) do { \
+	GET_INFO_FILE(finfo); \
+	GET_INFO_PATH(pinfo); \
+	COMPARE_BOTH_TIMES_EQUAL(finfo,pinfo); \
+} while (0)
+
+#define SET_INFO_FILE_EX(finfo, wrtime, tree, tfnum) do { \
+	NTSTATUS _status; \
+	union smb_setfileinfo sfinfo; \
+	sfinfo.basic_info.level = RAW_SFILEINFO_BASIC_INFO; \
+	sfinfo.basic_info.in.file.fnum = tfnum; \
+	sfinfo.basic_info.in.create_time = 0; \
+	sfinfo.basic_info.in.access_time = 0; \
+	unix_to_nt_time(&sfinfo.basic_info.in.write_time, (wrtime)); \
+	sfinfo.basic_info.in.change_time = 0; \
+	sfinfo.basic_info.in.attrib = finfo.basic_info.out.attrib; \
+	_status = smb_raw_setfileinfo(tree, &sfinfo); \
+	if (!NT_STATUS_IS_OK(_status)) { \
+		torture_result(tctx, TORTURE_FAIL, __location__": setfileinfo failed: %s", \
+			       nt_errstr(_status)); \
+		ret = false; \
+		goto done; \
+	} \
+} while (0)
+#define SET_INFO_FILE(finfo, wrtime) \
+	SET_INFO_FILE_EX(finfo, wrtime, cli->tree, fnum1)
+
+#define SET_INFO_FILE_NS(finfo, wrtime, ns, tree, tfnum) do { \
+	NTSTATUS _status; \
+	union smb_setfileinfo sfinfo; \
+	sfinfo.basic_info.level = RAW_SFILEINFO_BASIC_INFO; \
+	sfinfo.basic_info.in.file.fnum = tfnum; \
+	sfinfo.basic_info.in.create_time = 0; \
+	sfinfo.basic_info.in.access_time = 0; \
+	unix_to_nt_time(&sfinfo.basic_info.in.write_time, (wrtime)); \
+	sfinfo.basic_info.in.write_time += (ns); \
+	sfinfo.basic_info.in.change_time = 0; \
+	sfinfo.basic_info.in.attrib = finfo.basic_info.out.attrib; \
+	_status = smb_raw_setfileinfo(tree, &sfinfo); \
+	if (!NT_STATUS_IS_OK(_status)) { \
+		torture_result(tctx, TORTURE_FAIL, __location__": setfileinfo failed: %s", \
+			       nt_errstr(_status)); \
+		ret = false; \
+		goto done; \
+	} \
+} while (0)
+
+static bool test_delayed_write_update3(struct torture_context *tctx,
+				       struct smbcli_state *cli,
+				       struct smbcli_state *cli2)
+{
+	union smb_fileinfo finfo0, finfo1, finfo2, finfo3;
+	union smb_fileinfo pinfo0, pinfo1, pinfo2, pinfo3, pinfo4;
+	const char *fname = BASEDIR "\\torture_file3.txt";
+	int fnum1 = -1;
+	bool ret = true;
+	ssize_t written;
+	struct timeval start;
+	struct timeval end;
+	double used_delay = torture_setting_int(tctx, "writetimeupdatedelay", 2000000);
+	int normal_delay = 2000000;
+	double sec = ((double)used_delay) / ((double)normal_delay);
+	int msec = 1000 * sec;
+
+	torture_comment(tctx, "\nRunning test_delayed_write_update3\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	torture_comment(tctx, "Open the file handle\n");
+	fnum1 = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	if (fnum1 == -1) {
+		ret = false;
+		torture_result(tctx, TORTURE_FAIL, __location__": unable to open %s", fname);
+		goto done;
+	}
+
+	finfo0.basic_info.level = RAW_FILEINFO_BASIC_INFO;
+	finfo0.basic_info.in.file.fnum = fnum1;
+	finfo1 = finfo0;
+	finfo2 = finfo0;
+	finfo3 = finfo0;
+	pinfo0.basic_info.level = RAW_FILEINFO_BASIC_INFO;
+	pinfo0.basic_info.in.file.path = fname;
+	pinfo1 = pinfo0;
+	pinfo2 = pinfo0;
+	pinfo3 = pinfo0;
+	pinfo4 = pinfo0;
+
+	/* get the initial times */
+	GET_INFO_BOTH(finfo0,pinfo0);
+
+	/*
+	 * make sure the write time is updated 2 seconds later
+	 * calculated from the first write
+	 * (but expect up to 5 seconds extra time for a busy server)
+	 */
+	start = timeval_current();
+	end = timeval_add(&start, 7 * sec, 0);
+	while (!timeval_expired(&end)) {
+		/* do a write */
+		torture_comment(tctx, "Do a write on the file handle\n");
+		written = smbcli_write(cli->tree, fnum1, 0, "x", 0, 1);
+		if (written != 1) {
+			torture_result(tctx, TORTURE_FAIL, __location__": written gave %d - should have been 1", (int)written);
+			ret = false;
+			goto done;
+		}
+		/* get the times after the write */
+		GET_INFO_FILE(finfo1);
+
+		if (finfo1.basic_info.out.write_time > finfo0.basic_info.out.write_time) {
+			double diff = timeval_elapsed(&start);
+			if (diff < (used_delay / (double)1000000)) {
+				torture_result(tctx, TORTURE_FAIL, "Server updated write_time after %.2f seconds "
+						"(write time update delay == %.2f) (wrong!)\n",
+						diff, used_delay / (double)1000000);
+				ret = false;
+				break;
+			}
+
+			torture_comment(tctx, "Server updated write_time after %.2f seconds "
+					"(correct)\n",
+					diff);
+			break;
+		}
+		smb_msleep(0.5 * msec);
+	}
+
+	GET_INFO_BOTH(finfo1,pinfo1);
+	COMPARE_WRITE_TIME_GREATER(pinfo1, pinfo0);
+
+	/* sure any further write doesn't update the write time */
+	start = timeval_current();
+	end = timeval_add(&start, 15 * sec, 0);
+	while (!timeval_expired(&end)) {
+		/* do a write */
+		torture_comment(tctx, "Do a write on the file handle\n");
+		written = smbcli_write(cli->tree, fnum1, 0, "x", 0, 1);
+		if (written != 1) {
+			torture_result(tctx, TORTURE_FAIL, __location__": written gave %d - should have been 1", (int)written);
+			ret = false;
+			goto done;
+		}
+		/* get the times after the write */
+		GET_INFO_BOTH(finfo2,pinfo2);
+
+		if (finfo2.basic_info.out.write_time > finfo1.basic_info.out.write_time) {
+			double diff = timeval_elapsed(&start);
+			torture_result(tctx, TORTURE_FAIL, "Server updated write_time after %.2f seconds "
+					"(wrong!)\n",
+					diff);
+			ret = false;
+			break;
+		}
+		smb_msleep(1 * msec);
+	}
+
+	GET_INFO_BOTH(finfo2,pinfo2);
+	COMPARE_WRITE_TIME_EQUAL(finfo2, finfo1);
+	if (finfo2.basic_info.out.write_time == finfo1.basic_info.out.write_time) {
+		torture_comment(tctx, "Server did not update write_time (correct)\n");
+	}
+
+	/* sleep */
+	smb_msleep(5 * msec);
+
+	GET_INFO_BOTH(finfo3,pinfo3);
+	COMPARE_WRITE_TIME_EQUAL(finfo3, finfo2);
+
+	/*
+	 * the close updates the write time to the time of the close
+	 * and not to the time of the last write!
+	 */
+	torture_comment(tctx, "Close the file handle\n");
+	smbcli_close(cli->tree, fnum1);
+	fnum1 = -1;
+
+	GET_INFO_PATH(pinfo4);
+	COMPARE_WRITE_TIME_GREATER(pinfo4, pinfo3);
+
+	if (pinfo4.basic_info.out.write_time > pinfo3.basic_info.out.write_time) {
+		torture_comment(tctx, "Server updated the write_time on close (correct)\n");
+	}
+
+ done:
+	if (fnum1 != -1)
+		smbcli_close(cli->tree, fnum1);
+	smbcli_unlink(cli->tree, fname);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+/*
+ * Show that a truncate write always updates the write time even
+ * if an initial write has already updated the write time.
+ */
+
+static bool test_delayed_write_update3a(struct torture_context *tctx,
+				        struct smbcli_state *cli,
+				        struct smbcli_state *cli2)
+{
+	union smb_fileinfo finfo0, finfo1, finfo2, finfo3;
+	union smb_fileinfo pinfo0, pinfo1, pinfo2, pinfo3, pinfo4;
+	const char *fname = BASEDIR "\\torture_file3a.txt";
+	int fnum1 = -1;
+	bool ret = true;
+	ssize_t written;
+	int i;
+	struct timeval start;
+	struct timeval end;
+	double used_delay = torture_setting_int(tctx, "writetimeupdatedelay", 2000000);
+	int normal_delay = 2000000;
+	double sec = ((double)used_delay) / ((double)normal_delay);
+	int msec = 1000 * sec;
+
+	torture_comment(tctx, "\nRunning test_delayed_write_update3a\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	torture_comment(tctx, "Open the file handle\n");
+	fnum1 = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	if (fnum1 == -1) {
+		ret = false;
+		torture_result(tctx, TORTURE_FAIL, __location__": unable to open %s", fname);
+		goto done;
+	}
+
+	finfo0.basic_info.level = RAW_FILEINFO_BASIC_INFO;
+	finfo0.basic_info.in.file.fnum = fnum1;
+	finfo1 = finfo0;
+	finfo2 = finfo0;
+	finfo3 = finfo0;
+	pinfo0.basic_info.level = RAW_FILEINFO_BASIC_INFO;
+	pinfo0.basic_info.in.file.path = fname;
+	pinfo1 = pinfo0;
+	pinfo2 = pinfo0;
+	pinfo3 = pinfo0;
+	pinfo4 = pinfo0;
+
+	/* get the initial times */
+	GET_INFO_BOTH(finfo0,pinfo0);
+
+	/*
+	 * sleep some time, to demonstrate the handling of write times
+	 * doesn't depend on the time since the open
+	 */
+	smb_msleep(5 * msec);
+
+	/* get the initial times */
+	GET_INFO_BOTH(finfo1,pinfo1);
+	COMPARE_WRITE_TIME_EQUAL(finfo1, finfo0);
+
+	/*
+	 * make sure the write time is updated 2 seconds later
+	 * calculated from the first write
+	 * (but expect up to 5 seconds extra time for a busy server)
+	 */
+	start = timeval_current();
+	end = timeval_add(&start, 7 * sec, 0);
+	while (!timeval_expired(&end)) {
+		/* do a write */
+		torture_comment(tctx, "Do a write on the file handle\n");
+		written = smbcli_write(cli->tree, fnum1, 0, "x", 0, 1);
+		if (written != 1) {
+			torture_result(tctx, TORTURE_FAIL, __location__": written gave %d - should have been 1", (int)written);
+			ret = false;
+			goto done;
+		}
+		/* get the times after the write */
+		GET_INFO_FILE(finfo1);
+
+		if (finfo1.basic_info.out.write_time > finfo0.basic_info.out.write_time) {
+			double diff = timeval_elapsed(&start);
+			if (diff < (used_delay / (double)1000000)) {
+				torture_result(tctx, TORTURE_FAIL, "Server updated write_time after %.2f seconds "
+						"(1sec == %.2f) (wrong!)\n",
+						diff, sec);
+				ret = false;
+				break;
+			}
+
+			torture_comment(tctx, "Server updated write_time after %.2f seconds "
+					"(correct)\n",
+					diff);
+			break;
+		}
+		smb_msleep(0.5 * msec);
+	}
+
+	GET_INFO_BOTH(finfo1,pinfo1);
+	COMPARE_WRITE_TIME_GREATER(pinfo1, pinfo0);
+
+	smb_msleep(3 * msec);
+
+	/*
+	 * demonstrate that a truncate write always
+	 * updates the write time immediately
+	 */
+	for (i=0; i < 3; i++) {
+		smb_msleep(2 * msec);
+		/* do a write */
+		torture_comment(tctx, "Do a truncate SMBwrite [%d] on the file handle\n", i);
+		written = smbcli_smbwrite(cli->tree, fnum1, "x", 10240, 0);
+		if (written != 0) {
+			torture_result(tctx, TORTURE_FAIL, __location__": written gave %d - should have been 0", (int)written);
+			ret = false;
+			goto done;
+		}
+		/* get the times after the write */
+		GET_INFO_BOTH(finfo2,pinfo2);
+		COMPARE_WRITE_TIME_GREATER(finfo2, finfo1);
+		finfo1 = finfo2;
+	}
+
+	smb_msleep(3 * msec);
+
+	/* sure any further write doesn't update the write time */
+	start = timeval_current();
+	end = timeval_add(&start, 15 * sec, 0);
+	while (!timeval_expired(&end)) {
+		/* do a write */
+		torture_comment(tctx, "Do a write on the file handle\n");
+		written = smbcli_write(cli->tree, fnum1, 0, "x", 0, 1);
+		if (written != 1) {
+			torture_result(tctx, TORTURE_FAIL, __location__": written gave %d - should have been 1", (int)written);
+			ret = false;
+			goto done;
+		}
+		/* get the times after the write */
+		GET_INFO_BOTH(finfo2,pinfo2);
+
+		if (finfo2.basic_info.out.write_time > finfo1.basic_info.out.write_time) {
+			double diff = timeval_elapsed(&start);
+			torture_result(tctx, TORTURE_FAIL, "Server updated write_time after %.2f seconds "
+					"(wrong!)\n",
+					diff);
+			ret = false;
+			break;
+		}
+		smb_msleep(1 * msec);
+	}
+
+	GET_INFO_BOTH(finfo2,pinfo2);
+	COMPARE_WRITE_TIME_EQUAL(finfo2, finfo1);
+	if (finfo2.basic_info.out.write_time == finfo1.basic_info.out.write_time) {
+		torture_comment(tctx, "Server did not update write_time (correct)\n");
+	}
+
+	/* sleep */
+	smb_msleep(3 * msec);
+
+	/* get the initial times */
+	GET_INFO_BOTH(finfo1,pinfo1);
+	COMPARE_WRITE_TIME_EQUAL(finfo1, finfo2);
+
+	/*
+	 * demonstrate that a truncate write always
+	 * updates the write time immediately
+	 */
+	for (i=0; i < 3; i++) {
+		smb_msleep(2 * msec);
+		/* do a write */
+		torture_comment(tctx, "Do a truncate SMBwrite [%d] on the file handle\n", i);
+		written = smbcli_smbwrite(cli->tree, fnum1, "x", 512, 0);
+		if (written != 0) {
+			torture_result(tctx, TORTURE_FAIL, __location__": written gave %d - should have been 0", (int)written);
+			ret = false;
+			goto done;
+		}
+		/* get the times after the write */
+		GET_INFO_BOTH(finfo2,pinfo2);
+		COMPARE_WRITE_TIME_GREATER(finfo2, finfo1);
+		finfo1 = finfo2;
+	}
+
+	/* sleep */
+	smb_msleep(3 * msec);
+
+	GET_INFO_BOTH(finfo3,pinfo3);
+	COMPARE_WRITE_TIME_EQUAL(finfo3, finfo2);
+
+	/*
+	 * the close doesn't update the write time
+	 */
+	torture_comment(tctx, "Close the file handle\n");
+	smbcli_close(cli->tree, fnum1);
+	fnum1 = -1;
+
+	GET_INFO_PATH(pinfo4);
+	COMPARE_WRITE_TIME_EQUAL(pinfo4, pinfo3);
+
+	if (pinfo4.basic_info.out.write_time == pinfo3.basic_info.out.write_time) {
+		torture_comment(tctx, "Server did not update the write_time on close (correct)\n");
+	}
+
+ done:
+	if (fnum1 != -1)
+		smbcli_close(cli->tree, fnum1);
+	smbcli_unlink(cli->tree, fname);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+/*
+ * Show a close after write updates the write timestamp to
+ * the close time, not the last write time.
+ */
+
+static bool test_delayed_write_update3b(struct torture_context *tctx,
+				        struct smbcli_state *cli,
+				        struct smbcli_state *cli2)
+{
+	union smb_fileinfo finfo0, finfo1, finfo2, finfo3;
+	union smb_fileinfo pinfo0, pinfo1, pinfo2, pinfo3, pinfo4;
+	const char *fname = BASEDIR "\\torture_file3b.txt";
+	int fnum1 = -1;
+	bool ret = true;
+	ssize_t written;
+	struct timeval start;
+	struct timeval end;
+	double used_delay = torture_setting_int(tctx, "writetimeupdatedelay", 2000000);
+	int normal_delay = 2000000;
+	double sec = ((double)used_delay) / ((double)normal_delay);
+	int msec = 1000 * sec;
+
+	torture_comment(tctx, "\nRunning test_delayed_write_update3b\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	torture_comment(tctx, "Open the file handle\n");
+	fnum1 = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	if (fnum1 == -1) {
+		ret = false;
+		torture_result(tctx, TORTURE_FAIL, __location__": unable to open %s", fname);
+		goto done;
+	}
+
+	finfo0.basic_info.level = RAW_FILEINFO_BASIC_INFO;
+	finfo0.basic_info.in.file.fnum = fnum1;
+	finfo1 = finfo0;
+	finfo2 = finfo0;
+	finfo3 = finfo0;
+	pinfo0.basic_info.level = RAW_FILEINFO_BASIC_INFO;
+	pinfo0.basic_info.in.file.path = fname;
+	pinfo1 = pinfo0;
+	pinfo2 = pinfo0;
+	pinfo3 = pinfo0;
+	pinfo4 = pinfo0;
+
+	/* get the initial times */
+	GET_INFO_BOTH(finfo0,pinfo0);
+
+	/*
+	 * sleep some time, to demonstrate the handling of write times
+	 * doesn't depend on the time since the open
+	 */
+	smb_msleep(5 * msec);
+
+	/* get the initial times */
+	GET_INFO_BOTH(finfo1,pinfo1);
+	COMPARE_WRITE_TIME_EQUAL(finfo1, finfo0);
+
+	/*
+	 * make sure the write time is updated 2 seconds later
+	 * calculated from the first write
+	 * (but expect up to 5 seconds extra time for a busy server)
+	 */
+	start = timeval_current();
+	end = timeval_add(&start, 7 * sec, 0);
+	while (!timeval_expired(&end)) {
+		/* do a write */
+		torture_comment(tctx, "Do a write on the file handle\n");
+		written = smbcli_write(cli->tree, fnum1, 0, "x", 0, 1);
+		if (written != 1) {
+			torture_result(tctx, TORTURE_FAIL, __location__": written gave %d - should have been 1", (int)written);
+			ret = false;
+			goto done;
+		}
+		/* get the times after the write */
+		GET_INFO_FILE(finfo1);
+
+		if (finfo1.basic_info.out.write_time > finfo0.basic_info.out.write_time) {
+			double diff = timeval_elapsed(&start);
+			if (diff < (used_delay / (double)1000000)) {
+				torture_result(tctx, TORTURE_FAIL, "Server updated write_time after %.2f seconds"
+						"(expected > %.2f) (wrong!)\n",
+						diff, used_delay / (double)1000000);
+				ret = false;
+				break;
+			}
+
+			torture_comment(tctx, "Server updated write_time after %.2f seconds "
+					"(write time update delay == %.2f) (correct)\n",
+					diff, used_delay / (double)1000000);
+			break;
+		}
+		smb_msleep(0.5 * msec);
+	}
+
+	GET_INFO_BOTH(finfo1,pinfo1);
+	COMPARE_WRITE_TIME_GREATER(pinfo1, pinfo0);
+
+	/* sure any further write doesn't update the write time */
+	start = timeval_current();
+	end = timeval_add(&start, 15 * sec, 0);
+	while (!timeval_expired(&end)) {
+		/* do a write */
+		torture_comment(tctx, "Do a write on the file handle\n");
+		written = smbcli_write(cli->tree, fnum1, 0, "x", 0, 1);
+		if (written != 1) {
+			torture_result(tctx, TORTURE_FAIL, __location__": written gave %d - should have been 1", (int)written);
+			ret = false;
+			goto done;
+		}
+		/* get the times after the write */
+		GET_INFO_BOTH(finfo2,pinfo2);
+
+		if (finfo2.basic_info.out.write_time > finfo1.basic_info.out.write_time) {
+			double diff = timeval_elapsed(&start);
+			torture_result(tctx, TORTURE_FAIL, "Server updated write_time after %.2f seconds "
+					"(wrong!)\n",
+					diff);
+			ret = false;
+			break;
+		}
+		smb_msleep(1 * msec);
+	}
+
+	GET_INFO_BOTH(finfo2,pinfo2);
+	COMPARE_WRITE_TIME_EQUAL(finfo2, finfo1);
+	if (finfo2.basic_info.out.write_time == finfo1.basic_info.out.write_time) {
+		torture_comment(tctx, "Server did not update write_time (correct)\n");
+	}
+
+	/* sleep */
+	smb_msleep(5 * msec);
+
+	GET_INFO_BOTH(finfo3,pinfo3);
+	COMPARE_WRITE_TIME_EQUAL(finfo3, finfo2);
+
+	/*
+	 * the close updates the write time to the time of the close
+	 * and not to the time of the last write!
+	 */
+	torture_comment(tctx, "Close the file handle\n");
+	smbcli_close(cli->tree, fnum1);
+	fnum1 = -1;
+
+	GET_INFO_PATH(pinfo4);
+	COMPARE_WRITE_TIME_GREATER(pinfo4, pinfo3);
+
+	if (pinfo4.basic_info.out.write_time > pinfo3.basic_info.out.write_time) {
+		torture_comment(tctx, "Server updated the write_time on close (correct)\n");
+	}
+
+ done:
+	if (fnum1 != -1)
+		smbcli_close(cli->tree, fnum1);
+	smbcli_unlink(cli->tree, fname);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+/*
+ * Check that a write after a truncate write doesn't update
+ * the timestamp, but a truncate write after a write does.
+ * Also prove that a close after a truncate write updates the
+ * timestamp to current, not the time of last write.
+ */
+
+static bool test_delayed_write_update3c(struct torture_context *tctx,
+				        struct smbcli_state *cli,
+				        struct smbcli_state *cli2)
+{
+	union smb_fileinfo finfo0, finfo1, finfo2, finfo3;
+	union smb_fileinfo pinfo0, pinfo1, pinfo2, pinfo3, pinfo4;
+	const char *fname = BASEDIR "\\torture_file3c.txt";
+	int fnum1 = -1;
+	bool ret = true;
+	ssize_t written;
+	int i;
+	struct timeval start;
+	struct timeval end;
+	double used_delay = torture_setting_int(tctx, "writetimeupdatedelay", 2000000);
+	int normal_delay = 2000000;
+	double sec = ((double)used_delay) / ((double)normal_delay);
+	int msec = 1000 * sec;
+
+	torture_comment(tctx, "\nRunning test_delayed_write_update3c\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	torture_comment(tctx, "Open the file handle\n");
+	fnum1 = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	if (fnum1 == -1) {
+		ret = false;
+		torture_result(tctx, TORTURE_FAIL, __location__": unable to open %s", fname);
+		goto done;
+	}
+
+	finfo0.basic_info.level = RAW_FILEINFO_BASIC_INFO;
+	finfo0.basic_info.in.file.fnum = fnum1;
+	finfo1 = finfo0;
+	finfo2 = finfo0;
+	finfo3 = finfo0;
+	pinfo0.basic_info.level = RAW_FILEINFO_BASIC_INFO;
+	pinfo0.basic_info.in.file.path = fname;
+	pinfo1 = pinfo0;
+	pinfo2 = pinfo0;
+	pinfo3 = pinfo0;
+	pinfo4 = pinfo0;
+
+	/* get the initial times */
+	GET_INFO_BOTH(finfo0,pinfo0);
+
+	/*
+	 * sleep some time, to demonstrate the handling of write times
+	 * doesn't depend on the time since the open
+	 */
+	smb_msleep(5 * msec);
+
+	/* get the initial times */
+	GET_INFO_BOTH(finfo1,pinfo1);
+	COMPARE_WRITE_TIME_EQUAL(finfo1, finfo0);
+
+	/*
+	 * demonstrate that a truncate write always
+	 * updates the write time immediately
+	 */
+	for (i=0; i < 3; i++) {
+		smb_msleep(2 * msec);
+		/* do a write */
+		torture_comment(tctx, "Do a truncate SMBwrite [%d] on the file handle\n", i);
+		written = smbcli_smbwrite(cli->tree, fnum1, "x", 512, 0);
+		if (written != 0) {
+			torture_result(tctx, TORTURE_FAIL, __location__": written gave %d - should have been 0", (int)written);
+			ret = false;
+			goto done;
+		}
+		/* get the times after the write */
+		GET_INFO_BOTH(finfo2,pinfo2);
+		COMPARE_WRITE_TIME_GREATER(finfo2, finfo1);
+		finfo1 = finfo2;
+	}
+
+	start = timeval_current();
+	end = timeval_add(&start, 7 * sec, 0);
+	while (!timeval_expired(&end)) {
+		/* do a write */
+		torture_comment(tctx, "Do a write on the file handle\n");
+		written = smbcli_write(cli->tree, fnum1, 0, "x", 0, 1);
+		if (written != 1) {
+			torture_result(tctx, TORTURE_FAIL, __location__": written gave %d - should have been 1", (int)written);
+			ret = false;
+			goto done;
+		}
+		/* get the times after the write */
+		GET_INFO_FILE(finfo2);
+
+		if (finfo2.basic_info.out.write_time > finfo1.basic_info.out.write_time) {
+			double diff = timeval_elapsed(&start);
+			torture_result(tctx, TORTURE_FAIL, "Server updated write_time after %.2f seconds "
+					"(wrong!)\n",
+					diff);
+			ret = false;
+			break;
+		}
+		smb_msleep(1 * msec);
+	}
+
+	GET_INFO_BOTH(finfo2,pinfo2);
+	COMPARE_WRITE_TIME_EQUAL(finfo2, finfo1);
+	if (finfo2.basic_info.out.write_time == finfo1.basic_info.out.write_time) {
+		torture_comment(tctx, "Server did not update write_time (correct)\n");
+	}
+
+	/* sleep */
+	smb_msleep(5 * msec);
+
+	/* get the initial times */
+	GET_INFO_BOTH(finfo1,pinfo1);
+	COMPARE_WRITE_TIME_EQUAL(finfo1, finfo2);
+
+	/*
+	 * demonstrate that a truncate write always
+	 * updates the write time immediately
+	 */
+	for (i=0; i < 3; i++) {
+		smb_msleep(2 * msec);
+		/* do a write */
+		torture_comment(tctx, "Do a truncate write [%d] on the file handle\n", i);
+		written = smbcli_smbwrite(cli->tree, fnum1, "x", 512, 0);
+		if (written != 0) {
+			torture_result(tctx, TORTURE_FAIL, __location__": written gave %d - should have been 0", (int)written);
+			ret = false;
+			goto done;
+		}
+		/* get the times after the write */
+		GET_INFO_BOTH(finfo2,pinfo2);
+		COMPARE_WRITE_TIME_GREATER(finfo2, finfo1);
+		finfo1 = finfo2;
+	}
+
+	/* sleep */
+	smb_msleep(5 * msec);
+
+	GET_INFO_BOTH(finfo2,pinfo2);
+	COMPARE_WRITE_TIME_EQUAL(finfo2, finfo1);
+
+	/* sure any further write doesn't update the write time */
+	start = timeval_current();
+	end = timeval_add(&start, 15 * sec, 0);
+	while (!timeval_expired(&end)) {
+		/* do a write */
+		torture_comment(tctx, "Do a write on the file handle\n");
+		written = smbcli_write(cli->tree, fnum1, 0, "x", 0, 1);
+		if (written != 1) {
+			torture_result(tctx, TORTURE_FAIL, __location__": written gave %d - should have been 1", (int)written);
+			ret = false;
+			goto done;
+		}
+		/* get the times after the write */
+		GET_INFO_BOTH(finfo2,pinfo2);
+
+		if (finfo2.basic_info.out.write_time > finfo1.basic_info.out.write_time) {
+			double diff = timeval_elapsed(&start);
+			torture_result(tctx, TORTURE_FAIL, "Server updated write_time after %.2f seconds "
+					"(wrong!)\n",
+					diff);
+			ret = false;
+			break;
+		}
+		smb_msleep(1 * msec);
+	}
+
+	GET_INFO_BOTH(finfo2,pinfo2);
+	COMPARE_WRITE_TIME_EQUAL(finfo2, finfo1);
+	if (finfo2.basic_info.out.write_time == finfo1.basic_info.out.write_time) {
+		torture_comment(tctx, "Server did not update write_time (correct)\n");
+	}
+
+	/* sleep */
+	smb_msleep(5 * msec);
+
+	GET_INFO_BOTH(finfo3,pinfo3);
+	COMPARE_WRITE_TIME_EQUAL(finfo3, finfo2);
+
+	/*
+	 * the close updates the write time to the time of the close
+	 * and not to the time of the last write!
+	 */
+	torture_comment(tctx, "Close the file handle\n");
+	smbcli_close(cli->tree, fnum1);
+	fnum1 = -1;
+
+	GET_INFO_PATH(pinfo4);
+	COMPARE_WRITE_TIME_GREATER(pinfo4, pinfo3);
+
+	if (pinfo4.basic_info.out.write_time > pinfo3.basic_info.out.write_time) {
+		torture_comment(tctx, "Server updated the write_time on close (correct)\n");
+	}
+
+ done:
+	if (fnum1 != -1)
+		smbcli_close(cli->tree, fnum1);
+	smbcli_unlink(cli->tree, fname);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+/*
+ * Show only the first write updates the timestamp, and a close
+ * after writes updates to current (I think this is the same
+ * as test 3b. JRA).
+ */
+
+static bool test_delayed_write_update4(struct torture_context *tctx,
+				       struct smbcli_state *cli,
+				       struct smbcli_state *cli2)
+{
+	union smb_fileinfo finfo0, finfo1, finfo2, finfo3;
+	union smb_fileinfo pinfo0, pinfo1, pinfo2, pinfo3, pinfo4;
+	const char *fname = BASEDIR "\\torture_file4.txt";
+	int fnum1 = -1;
+	bool ret = true;
+	ssize_t written;
+	struct timeval start;
+	struct timeval end;
+	double used_delay = torture_setting_int(tctx, "writetimeupdatedelay", 2000000);
+	int normal_delay = 2000000;
+	double sec = ((double)used_delay) / ((double)normal_delay);
+	int msec = 1000 * sec;
+
+	torture_comment(tctx, "\nRunning test_delayed_write_update4\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	torture_comment(tctx, "Open the file handle\n");
+	fnum1 = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	if (fnum1 == -1) {
+		ret = false;
+		torture_result(tctx, TORTURE_FAIL, __location__": unable to open %s", fname);
+		goto done;
+	}
+
+	finfo0.basic_info.level = RAW_FILEINFO_BASIC_INFO;
+	finfo0.basic_info.in.file.fnum = fnum1;
+	finfo1 = finfo0;
+	finfo2 = finfo0;
+	finfo3 = finfo0;
+	pinfo0.basic_info.level = RAW_FILEINFO_BASIC_INFO;
+	pinfo0.basic_info.in.file.path = fname;
+	pinfo1 = pinfo0;
+	pinfo2 = pinfo0;
+	pinfo3 = pinfo0;
+	pinfo4 = pinfo0;
+
+	/* get the initial times */
+	GET_INFO_BOTH(finfo0,pinfo0);
+
+	/* sleep a bit */
+	smb_msleep(5 * msec);
+
+	/* do a write */
+	torture_comment(tctx, "Do a write on the file handle\n");
+	written = smbcli_write(cli->tree, fnum1, 0, "x", 0, 1);
+	if (written != 1) {
+		torture_result(tctx, TORTURE_FAIL, __location__": written gave %d - should have been 1", (int)written);
+		ret = false;
+		goto done;
+	}
+
+	GET_INFO_BOTH(finfo1,pinfo1);
+	COMPARE_WRITE_TIME_EQUAL(finfo1,finfo0);
+
+	/*
+	 * make sure the write time is updated 2 seconds later
+	 * calculated from the first write
+	 * (but expect up to 3 seconds extra time for a busy server)
+	 */
+	start = timeval_current();
+	end = timeval_add(&start, 5 * sec, 0);
+	while (!timeval_expired(&end)) {
+		/* get the times after the first write */
+		GET_INFO_FILE(finfo1);
+
+		if (finfo1.basic_info.out.write_time > finfo0.basic_info.out.write_time) {
+			double diff = timeval_elapsed(&start);
+			if (diff < (used_delay / (double)1000000)) {
+				torture_result(tctx, TORTURE_FAIL, "Server updated write_time after %.2f seconds"
+						"(expected > %.2f) (wrong!)\n",
+						diff, used_delay / (double)1000000);
+				ret = false;
+				break;
+			}
+
+			torture_comment(tctx, "Server updated write_time after %.2f seconds "
+					"(write time update delay == %.2f) (correct)\n",
+					diff, used_delay / (double)1000000);
+			break;
+		}
+		smb_msleep(0.5 * msec);
+	}
+
+	GET_INFO_BOTH(finfo1,pinfo1);
+	COMPARE_WRITE_TIME_GREATER(pinfo1, pinfo0);
+
+	/* sure any further write doesn't update the write time */
+	start = timeval_current();
+	end = timeval_add(&start, 15 * sec, 0);
+	while (!timeval_expired(&end)) {
+		/* do a write */
+		torture_comment(tctx, "Do a write on the file handle\n");
+		written = smbcli_write(cli->tree, fnum1, 0, "x", 0, 1);
+		if (written != 1) {
+			torture_result(tctx, TORTURE_FAIL, __location__": written gave %d - should have been 1", (int)written);
+			ret = false;
+			goto done;
+		}
+		/* get the times after the write */
+		GET_INFO_BOTH(finfo2,pinfo2);
+
+		if (finfo2.basic_info.out.write_time > finfo1.basic_info.out.write_time) {
+			double diff = timeval_elapsed(&start);
+			torture_result(tctx, TORTURE_FAIL, "Server updated write_time after %.2f seconds "
+					"(wrong!)\n",
+					diff);
+			ret = false;
+			break;
+		}
+		smb_msleep(1 * msec);
+	}
+
+	GET_INFO_BOTH(finfo2,pinfo2);
+	COMPARE_WRITE_TIME_EQUAL(finfo2, finfo1);
+	if (finfo2.basic_info.out.write_time == finfo1.basic_info.out.write_time) {
+		torture_comment(tctx, "Server did not updatewrite_time (correct)\n");
+	}
+
+	/* sleep */
+	smb_msleep(5 * msec);
+
+	GET_INFO_BOTH(finfo3,pinfo3);
+	COMPARE_WRITE_TIME_EQUAL(finfo3, finfo2);
+
+	/*
+	 * the close updates the write time to the time of the close
+	 * and not to the time of the last write!
+	 */
+	torture_comment(tctx, "Close the file handle\n");
+	smbcli_close(cli->tree, fnum1);
+	fnum1 = -1;
+
+	GET_INFO_PATH(pinfo4);
+	COMPARE_WRITE_TIME_GREATER(pinfo4, pinfo3);
+
+	if (pinfo4.basic_info.out.write_time > pinfo3.basic_info.out.write_time) {
+		torture_comment(tctx, "Server updated the write_time on close (correct)\n");
+	}
+
+ done:
+	if (fnum1 != -1)
+		smbcli_close(cli->tree, fnum1);
+	smbcli_unlink(cli->tree, fname);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+/*
+ * Show writes and closes have no effect on updating times once a SETWRITETIME is done.
+ */
+
+static bool test_delayed_write_update5(struct torture_context *tctx,
+				       struct smbcli_state *cli,
+				       struct smbcli_state *cli2)
+{
+	union smb_fileinfo finfo0, finfo1, finfo2, finfo3, finfo4, finfo5;
+	union smb_fileinfo pinfo0, pinfo1, pinfo2, pinfo3, pinfo4, pinfo5, pinfo6;
+	const char *fname = BASEDIR "\\torture_file5.txt";
+	int fnum1 = -1;
+	bool ret = true;
+	ssize_t written;
+	struct timeval start;
+	struct timeval end;
+	double used_delay = torture_setting_int(tctx, "writetimeupdatedelay", 2000000);
+	int normal_delay = 2000000;
+	double sec = ((double)used_delay) / ((double)normal_delay);
+	int msec = 1000 * sec;
+
+	torture_comment(tctx, "\nRunning test_delayed_write_update5\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	torture_comment(tctx, "Open the file handle\n");
+	fnum1 = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	if (fnum1 == -1) {
+		ret = false;
+		torture_result(tctx, TORTURE_FAIL, __location__": unable to open %s", fname);
+		goto done;
+	}
+
+	finfo0.basic_info.level = RAW_FILEINFO_BASIC_INFO;
+	finfo0.basic_info.in.file.fnum = fnum1;
+	finfo1 = finfo0;
+	finfo2 = finfo0;
+	finfo3 = finfo0;
+	finfo4 = finfo0;
+	finfo5 = finfo0;
+	pinfo0.basic_info.level = RAW_FILEINFO_BASIC_INFO;
+	pinfo0.basic_info.in.file.path = fname;
+	pinfo1 = pinfo0;
+	pinfo2 = pinfo0;
+	pinfo3 = pinfo0;
+	pinfo4 = pinfo0;
+	pinfo5 = pinfo0;
+	pinfo6 = pinfo0;
+
+	/* get the initial times */
+	GET_INFO_BOTH(finfo0,pinfo0);
+
+	/* do a write */
+	torture_comment(tctx, "Do a write on the file handle\n");
+	written = smbcli_write(cli->tree, fnum1, 0, "x", 0, 1);
+	if (written != 1) {
+		torture_result(tctx, TORTURE_FAIL, __location__": written gave %d - should have been 1", (int)written);
+		ret = false;
+		goto done;
+	}
+
+	GET_INFO_BOTH(finfo1,pinfo1);
+	COMPARE_WRITE_TIME_EQUAL(finfo1, finfo0);
+
+	torture_comment(tctx, "Set write time in the future on the file handle\n");
+	SET_INFO_FILE(finfo0, time(NULL) + 86400);
+	GET_INFO_BOTH(finfo2,pinfo2);
+	COMPARE_WRITE_TIME_GREATER(finfo2, finfo1);
+
+	torture_comment(tctx, "Set write time in the past on the file handle\n");
+	SET_INFO_FILE(finfo0, time(NULL) - 86400);
+	GET_INFO_BOTH(finfo2,pinfo2);
+	COMPARE_WRITE_TIME_LESS(finfo2, finfo1);
+
+	/* make sure the 2 second delay from the first write are canceled */
+	start = timeval_current();
+	end = timeval_add(&start, 15 * sec, 0);
+	while (!timeval_expired(&end)) {
+
+		/* get the times after the first write */
+		GET_INFO_BOTH(finfo3,pinfo3);
+
+		if (finfo3.basic_info.out.write_time > finfo2.basic_info.out.write_time) {
+			double diff = timeval_elapsed(&start);
+			torture_result(tctx, TORTURE_FAIL, "Server updated write_time after %.2f seconds "
+					"(wrong!)\n",
+					diff);
+			ret = false;
+			break;
+		}
+		smb_msleep(1 * msec);
+	}
+
+	GET_INFO_BOTH(finfo3,pinfo3);
+	COMPARE_WRITE_TIME_EQUAL(finfo3, finfo2);
+	if (finfo3.basic_info.out.write_time == finfo2.basic_info.out.write_time) {
+		torture_comment(tctx, "Server did not update write_time (correct)\n");
+	}
+
+	/* sure any further write doesn't update the write time */
+	start = timeval_current();
+	end = timeval_add(&start, 15 * sec, 0);
+	while (!timeval_expired(&end)) {
+		/* do a write */
+		torture_comment(tctx, "Do a write on the file handle\n");
+		written = smbcli_write(cli->tree, fnum1, 0, "x", 0, 1);
+		if (written != 1) {
+			torture_result(tctx, TORTURE_FAIL, __location__": written gave %d - should have been 1", (int)written);
+			ret = false;
+			goto done;
+		}
+		/* get the times after the write */
+		GET_INFO_BOTH(finfo4,pinfo4);
+
+		if (finfo4.basic_info.out.write_time > finfo3.basic_info.out.write_time) {
+			double diff = timeval_elapsed(&start);
+			torture_result(tctx, TORTURE_FAIL, "Server updated write_time after %.2f seconds "
+					"(wrong!)\n",
+					diff);
+			ret = false;
+			break;
+		}
+		smb_msleep(1 * msec);
+	}
+
+	GET_INFO_BOTH(finfo4,pinfo4);
+	COMPARE_WRITE_TIME_EQUAL(finfo4, finfo3);
+	if (finfo4.basic_info.out.write_time == finfo3.basic_info.out.write_time) {
+		torture_comment(tctx, "Server did not update write_time (correct)\n");
+	}
+
+	/* sleep */
+	smb_msleep(5 * msec);
+
+	GET_INFO_BOTH(finfo5,pinfo5);
+	COMPARE_WRITE_TIME_EQUAL(finfo5, finfo4);
+
+	/*
+	 * the close doesn't update the write time
+	 */
+	torture_comment(tctx, "Close the file handle\n");
+	smbcli_close(cli->tree, fnum1);
+	fnum1 = -1;
+
+	GET_INFO_PATH(pinfo6);
+	COMPARE_WRITE_TIME_EQUAL(pinfo6, pinfo5);
+
+	if (pinfo6.basic_info.out.write_time == pinfo5.basic_info.out.write_time) {
+		torture_comment(tctx, "Server did not update the write_time on close (correct)\n");
+	}
+
+ done:
+	if (fnum1 != -1)
+		smbcli_close(cli->tree, fnum1);
+	smbcli_unlink(cli->tree, fname);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+/*
+ * Show truncate writes and closes have no effect on updating times once a SETWRITETIME is done.
+ */
+
+static bool test_delayed_write_update5b(struct torture_context *tctx,
+				        struct smbcli_state *cli,
+				        struct smbcli_state *cli2)
+{
+	union smb_fileinfo finfo0, finfo1, finfo2, finfo3, finfo4, finfo5;
+	union smb_fileinfo pinfo0, pinfo1, pinfo2, pinfo3, pinfo4, pinfo5, pinfo6;
+	const char *fname = BASEDIR "\\torture_fileb.txt";
+	int fnum1 = -1;
+	bool ret = true;
+	ssize_t written;
+	struct timeval start;
+	struct timeval end;
+	double used_delay = torture_setting_int(tctx, "writetimeupdatedelay", 2000000);
+	int normal_delay = 2000000;
+	double sec = ((double)used_delay) / ((double)normal_delay);
+	int msec = 1000 * sec;
+
+	torture_comment(tctx, "\nRunning test_delayed_write_update5b\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	torture_comment(tctx, "Open the file handle\n");
+	fnum1 = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	if (fnum1 == -1) {
+		ret = false;
+		torture_result(tctx, TORTURE_FAIL, __location__": unable to open %s", fname);
+		goto done;
+	}
+
+	finfo0.basic_info.level = RAW_FILEINFO_BASIC_INFO;
+	finfo0.basic_info.in.file.fnum = fnum1;
+	finfo1 = finfo0;
+	finfo2 = finfo0;
+	finfo3 = finfo0;
+	finfo4 = finfo0;
+	finfo5 = finfo0;
+	pinfo0.basic_info.level = RAW_FILEINFO_BASIC_INFO;
+	pinfo0.basic_info.in.file.path = fname;
+	pinfo1 = pinfo0;
+	pinfo2 = pinfo0;
+	pinfo3 = pinfo0;
+	pinfo4 = pinfo0;
+	pinfo5 = pinfo0;
+	pinfo6 = pinfo0;
+
+	/* get the initial times */
+	GET_INFO_BOTH(finfo0,pinfo0);
+
+	/* do a write */
+	torture_comment(tctx, "Do a write on the file handle\n");
+	written = smbcli_write(cli->tree, fnum1, 0, "x", 0, 1);
+	if (written != 1) {
+		torture_result(tctx, TORTURE_FAIL, __location__": written gave %d - should have been 1", (int)written);
+		ret = false;
+		goto done;
+	}
+
+	GET_INFO_BOTH(finfo1,pinfo1);
+	COMPARE_WRITE_TIME_EQUAL(finfo1, finfo0);
+
+	torture_comment(tctx, "Set write time in the future on the file handle\n");
+	SET_INFO_FILE(finfo0, time(NULL) + 86400);
+	GET_INFO_BOTH(finfo2,pinfo2);
+	COMPARE_WRITE_TIME_GREATER(finfo2, finfo1);
+
+	torture_comment(tctx, "Set write time in the past on the file handle\n");
+	SET_INFO_FILE(finfo0, time(NULL) - 86400);
+	GET_INFO_BOTH(finfo2,pinfo2);
+	COMPARE_WRITE_TIME_LESS(finfo2, finfo1);
+
+	/* make sure the 2 second delay from the first write are canceled */
+	start = timeval_current();
+	end = timeval_add(&start, 15 * sec, 0);
+	while (!timeval_expired(&end)) {
+
+		/* get the times after the first write */
+		GET_INFO_BOTH(finfo3,pinfo3);
+
+		if (finfo3.basic_info.out.write_time > finfo2.basic_info.out.write_time) {
+			double diff = timeval_elapsed(&start);
+			torture_result(tctx, TORTURE_FAIL, "Server updated write_time after %.2f seconds "
+					"(wrong!)\n",
+					diff);
+			ret = false;
+			break;
+		}
+		smb_msleep(1 * msec);
+	}
+
+	GET_INFO_BOTH(finfo3,pinfo3);
+	COMPARE_WRITE_TIME_EQUAL(finfo3, finfo2);
+	if (finfo3.basic_info.out.write_time == finfo2.basic_info.out.write_time) {
+		torture_comment(tctx, "Server did not update write_time (correct)\n");
+	}
+
+	/* Do any further write (truncates) update the write time ? */
+	start = timeval_current();
+	end = timeval_add(&start, 15 * sec, 0);
+	while (!timeval_expired(&end)) {
+		/* do a write */
+		torture_comment(tctx, "Do a truncate write on the file handle\n");
+		written = smbcli_smbwrite(cli->tree, fnum1, "x", 1024, 0);
+		if (written != 0) {
+			torture_result(tctx, TORTURE_FAIL, __location__": written gave %d - should have been 1", (int)written);
+			ret = false;
+			goto done;
+		}
+		/* get the times after the write */
+		GET_INFO_BOTH(finfo4,pinfo4);
+
+		if (finfo4.basic_info.out.write_time > finfo3.basic_info.out.write_time) {
+			double diff = timeval_elapsed(&start);
+			torture_result(tctx, TORTURE_FAIL, "Server updated write_time after %.2f seconds "
+					"(wrong!)\n",
+					diff);
+			ret = false;
+			break;
+		}
+		smb_msleep(1 * msec);
+	}
+
+	GET_INFO_BOTH(finfo4,pinfo4);
+	COMPARE_WRITE_TIME_EQUAL(finfo4, finfo3);
+	if (finfo4.basic_info.out.write_time == finfo3.basic_info.out.write_time) {
+		torture_comment(tctx, "Server did not update write_time (correct)\n");
+	}
+
+	/* sleep */
+	smb_msleep(5 * msec);
+
+	GET_INFO_BOTH(finfo5,pinfo5);
+	COMPARE_WRITE_TIME_EQUAL(finfo5, finfo4);
+
+	/*
+	 * the close doesn't update the write time
+	 */
+	torture_comment(tctx, "Close the file handle\n");
+	smbcli_close(cli->tree, fnum1);
+	fnum1 = -1;
+
+	GET_INFO_PATH(pinfo6);
+	COMPARE_WRITE_TIME_EQUAL(pinfo6, pinfo5);
+
+	if (pinfo6.basic_info.out.write_time == pinfo5.basic_info.out.write_time) {
+		torture_comment(tctx, "Server did not update the write_time on close (correct)\n");
+	}
+
+ done:
+	if (fnum1 != -1)
+		smbcli_close(cli->tree, fnum1);
+	smbcli_unlink(cli->tree, fname);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+/*
+ * Open 2 handles on a file. Write one one and then set the
+ * WRITE TIME explicitly on the other. Ensure the write time
+ * update is cancelled. Ensure the write time is updated to
+ * the close time when the non-explicit set handle is closed.
+ *
+ */
+
+static bool test_delayed_write_update6(struct torture_context *tctx,
+				       struct smbcli_state *cli,
+				       struct smbcli_state *cli2)
+{
+	union smb_fileinfo finfo0, finfo1, finfo2, finfo3, finfo4, finfo5;
+	union smb_fileinfo pinfo0, pinfo1, pinfo2, pinfo3, pinfo4, pinfo5, pinfo6, pinfo7;
+	const char *fname = BASEDIR "\\torture_file6.txt";
+	int fnum1 = -1;
+	int fnum2 = -1;
+	bool ret = true;
+	ssize_t written;
+	struct timeval start;
+	struct timeval end;
+	double used_delay = torture_setting_int(tctx, "writetimeupdatedelay", 2000000);
+	int normal_delay = 2000000;
+	double sec = ((double)used_delay) / ((double)normal_delay);
+	int msec = 1000 * sec;
+	bool first = true;
+
+	torture_comment(tctx, "\nRunning test_delayed_write_update6\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+again:
+	torture_comment(tctx, "Open the file handle\n");
+	fnum1 = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	if (fnum1 == -1) {
+		ret = false;
+		torture_result(tctx, TORTURE_FAIL, __location__": unable to open %s", fname);
+		goto done;
+	}
+
+	if (fnum2 == -1) {
+		torture_comment(tctx, "Open the 2nd file handle on 2nd connection\n");
+		fnum2 = smbcli_open(cli2->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+		if (fnum2 == -1) {
+			ret = false;
+			torture_result(tctx, TORTURE_FAIL, __location__": unable to open %s", fname);
+			goto done;
+		}
+	}
+
+	finfo0.basic_info.level = RAW_FILEINFO_BASIC_INFO;
+	finfo0.basic_info.in.file.fnum = fnum1;
+	finfo1 = finfo0;
+	finfo2 = finfo0;
+	finfo3 = finfo0;
+	finfo4 = finfo0;
+	finfo5 = finfo0;
+	pinfo0.basic_info.level = RAW_FILEINFO_BASIC_INFO;
+	pinfo0.basic_info.in.file.path = fname;
+	pinfo1 = pinfo0;
+	pinfo2 = pinfo0;
+	pinfo3 = pinfo0;
+	pinfo4 = pinfo0;
+	pinfo5 = pinfo0;
+	pinfo6 = pinfo0;
+	pinfo7 = pinfo0;
+
+	/* get the initial times */
+	GET_INFO_BOTH(finfo0,pinfo0);
+
+	/* do a write */
+	torture_comment(tctx, "Do a write on the file handle\n");
+	written = smbcli_write(cli->tree, fnum1, 0, "x", 0, 1);
+	if (written != 1) {
+		torture_result(tctx, TORTURE_FAIL, __location__": written gave %d - should have been 1", (int)written);
+		ret = false;
+		goto done;
+	}
+
+	GET_INFO_BOTH(finfo1,pinfo1);
+	COMPARE_WRITE_TIME_EQUAL(finfo1, finfo0);
+
+	torture_comment(tctx, "Set write time in the future on the 2nd file handle\n");
+	SET_INFO_FILE_EX(finfo0, time(NULL) + 86400, cli2->tree, fnum2);
+	GET_INFO_BOTH(finfo2,pinfo2);
+	COMPARE_WRITE_TIME_GREATER(finfo2, finfo1);
+
+	torture_comment(tctx, "Set write time in the past on the 2nd file handle\n");
+	SET_INFO_FILE_EX(finfo0, time(NULL) - 86400, cli2->tree, fnum2);
+	GET_INFO_BOTH(finfo2,pinfo2);
+	COMPARE_WRITE_TIME_LESS(finfo2, finfo1);
+
+	/* make sure the 2 second delay from the first write are canceled */
+	start = timeval_current();
+	end = timeval_add(&start, 10 * sec, 0);
+	while (!timeval_expired(&end)) {
+
+		/* get the times after the first write */
+		GET_INFO_BOTH(finfo3,pinfo3);
+
+		if (finfo3.basic_info.out.write_time > finfo2.basic_info.out.write_time) {
+			double diff = timeval_elapsed(&start);
+			torture_result(tctx, TORTURE_FAIL, "Server updated write_time after %.2f seconds "
+					"(wrong!)\n",
+					diff);
+			ret = false;
+			break;
+		}
+		smb_msleep(1 * msec);
+	}
+
+	GET_INFO_BOTH(finfo3,pinfo3);
+	COMPARE_WRITE_TIME_EQUAL(finfo3, finfo2);
+	if (finfo3.basic_info.out.write_time == finfo2.basic_info.out.write_time) {
+		torture_comment(tctx, "Server did not update write_time (correct)\n");
+	}
+
+	/* sure any further write doesn't update the write time */
+	start = timeval_current();
+	end = timeval_add(&start, 10 * sec, 0);
+	while (!timeval_expired(&end)) {
+		/* do a write */
+		torture_comment(tctx, "Do a write on the file handle\n");
+		written = smbcli_write(cli->tree, fnum1, 0, "x", 0, 1);
+		if (written != 1) {
+			torture_result(tctx, TORTURE_FAIL, __location__": written gave %d - should have been 1", (int)written);
+			ret = false;
+			goto done;
+		}
+		/* get the times after the write */
+		GET_INFO_BOTH(finfo4,pinfo4);
+
+		if (finfo4.basic_info.out.write_time > finfo3.basic_info.out.write_time) {
+			double diff = timeval_elapsed(&start);
+			torture_result(tctx, TORTURE_FAIL, "Server updated write_time after %.2f seconds "
+					"(wrong!)\n",
+					diff);
+			ret = false;
+			break;
+		}
+		smb_msleep(1 * msec);
+	}
+
+	GET_INFO_BOTH(finfo4,pinfo4);
+	COMPARE_WRITE_TIME_EQUAL(finfo4, finfo3);
+	if (finfo4.basic_info.out.write_time == finfo3.basic_info.out.write_time) {
+		torture_comment(tctx, "Server did not update write_time (correct)\n");
+	}
+
+	/* sleep */
+	smb_msleep(5 * msec);
+
+	GET_INFO_BOTH(finfo5,pinfo5);
+	COMPARE_WRITE_TIME_EQUAL(finfo5, finfo4);
+
+	/*
+	 * the close updates the write time to the time of the close
+	 * as the write time was set on the 2nd handle
+	 */
+	torture_comment(tctx, "Close the file handle\n");
+	smbcli_close(cli->tree, fnum1);
+	fnum1 = -1;
+
+	GET_INFO_PATH(pinfo6);
+	COMPARE_WRITE_TIME_GREATER(pinfo6, pinfo5);
+
+	if (pinfo6.basic_info.out.write_time > pinfo5.basic_info.out.write_time) {
+		torture_comment(tctx, "Server updated the write_time on close (correct)\n");
+	}
+
+	/* See what the second write handle thinks the time is ? */
+	finfo5.basic_info.in.file.fnum = fnum2;
+	GET_INFO_FILE2(finfo5);
+	COMPARE_WRITE_TIME_EQUAL(finfo5, pinfo6);
+
+	/* See if we have lost the sticky write time on handle2 */
+	smb_msleep(3 * msec);
+	torture_comment(tctx, "Have we lost the sticky write time ?\n");
+
+	/* Make sure any further normal write doesn't update the write time */
+	start = timeval_current();
+	end = timeval_add(&start, 10 * sec, 0);
+	while (!timeval_expired(&end)) {
+		/* do a write */
+		torture_comment(tctx, "Do a write on the second file handle\n");
+		written = smbcli_write(cli2->tree, fnum2, 0, "x", 0, 1);
+		if (written != 1) {
+			torture_result(tctx, TORTURE_FAIL, __location__": written gave %d - should have been 1", (int)written);
+			ret = false;
+			goto done;
+		}
+		/* get the times after the write */
+		GET_INFO_FILE2(finfo5);
+		GET_INFO_PATH(pinfo6);
+
+		if (finfo5.basic_info.out.write_time > pinfo6.basic_info.out.write_time) {
+			double diff = timeval_elapsed(&start);
+			torture_result(tctx, TORTURE_FAIL, "Server updated write_time after %.2f seconds "
+					"(wrong!)\n",
+					diff);
+			ret = false;
+			break;
+		}
+		smb_msleep(1 * msec);
+	}
+
+	/* What about a truncate write ? */
+	start = timeval_current();
+	end = timeval_add(&start, 10 * sec, 0);
+	while (!timeval_expired(&end)) {
+		/* do a write */
+		torture_comment(tctx, "Do a truncate write on the second file handle\n");
+		written = smbcli_write(cli2->tree, fnum2, 0, "x", 0, 0);
+		if (written != 0) {
+			torture_result(tctx, TORTURE_FAIL, __location__": written gave %d - should have been 1", (int)written);
+			ret = false;
+			goto done;
+		}
+		/* get the times after the write */
+		GET_INFO_FILE2(finfo5);
+		GET_INFO_PATH(pinfo6);
+
+		if (finfo5.basic_info.out.write_time > pinfo6.basic_info.out.write_time) {
+			double diff = timeval_elapsed(&start);
+			torture_result(tctx, TORTURE_FAIL, "Server updated write_time after %.2f seconds "
+					"(wrong!)\n",
+					diff);
+			ret = false;
+			break;
+		}
+		smb_msleep(1 * msec);
+	}
+
+
+	/* keep the 2nd handle open and rerun tests */
+	if (first) {
+		first = false;
+		goto again;
+	}
+
+	/*
+	 * closing the 2nd handle will cause no write time update
+	 * as the write time was explicit set on this handle
+	 */
+	torture_comment(tctx, "Close the 2nd file handle\n");
+	smbcli_close(cli2->tree, fnum2);
+	fnum2 = -1;
+
+	GET_INFO_PATH(pinfo7);
+	COMPARE_WRITE_TIME_EQUAL(pinfo7, pinfo6);
+
+	if (pinfo7.basic_info.out.write_time == pinfo6.basic_info.out.write_time) {
+		torture_comment(tctx, "Server did not update the write_time on close (correct)\n");
+	}
+
+ done:
+	if (fnum1 != -1)
+		smbcli_close(cli->tree, fnum1);
+	if (fnum2 != -1)
+		smbcli_close(cli2->tree, fnum2);
+	smbcli_unlink(cli->tree, fname);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+static bool test_delayed_write_update7(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	union smb_open open_parms;
+	union smb_fileinfo finfo1, finfo2, finfo3;
+	const char *fname = BASEDIR "\\torture_file7.txt";
+	NTSTATUS status;
+	int fnum1 = -1;
+	bool ret = true;
+	TALLOC_CTX *mem_ctx; 
+
+	torture_comment(tctx, "\nRunning test_delayed_write_update7 (timestamp resolution test)\n");
+
+        mem_ctx = talloc_init("test_delayed_write_update7");
+        if (!mem_ctx) return false;
+
+	ZERO_STRUCT(finfo1);
+	ZERO_STRUCT(finfo2);
+	ZERO_STRUCT(finfo3);
+	ZERO_STRUCT(open_parms);
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	/* Create the file. */
+	fnum1 = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	if (fnum1 == -1) {
+		torture_result(tctx, TORTURE_FAIL, "Failed to open %s", fname);
+		return false;
+	}
+
+	finfo1.basic_info.level = RAW_FILEINFO_BASIC_INFO;
+	finfo1.basic_info.in.file.fnum = fnum1;
+	finfo2 = finfo1;
+	finfo3 = finfo1;
+
+	/* Get the initial timestamps. */
+	status = smb_raw_fileinfo(cli->tree, tctx, &finfo1);
+
+	torture_assert_ntstatus_ok(tctx, status, "fileinfo failed");
+
+	/* Set the pending write time to a value with non zero msec. */
+	SET_INFO_FILE_NS(finfo1, time(NULL) + 86400, 103 * NTTIME_MSEC,
+			 cli->tree, fnum1);
+
+	/* Get the current pending write time by fnum. */
+	status = smb_raw_fileinfo(cli->tree, tctx, &finfo2);
+
+	torture_assert_ntstatus_ok(tctx, status, "fileinfo failed");
+
+	/* Ensure the time is actually different. */
+	if (finfo1.basic_info.out.write_time == finfo2.basic_info.out.write_time) {
+		torture_result(tctx, TORTURE_FAIL,
+			"setfileinfo time matches original fileinfo time");
+		ret = false;
+	}
+
+	/* Get the current pending write time by path. */
+	finfo3.basic_info.in.file.path = fname;
+	status = smb_raw_pathinfo(cli->tree, tctx, &finfo3);
+
+	if (finfo2.basic_info.out.write_time != finfo3.basic_info.out.write_time) {
+		torture_result(tctx, TORTURE_FAIL, 
+			"qpathinfo time doesn't match fileinfo time");
+		ret = false;
+	}
+
+	/* Now close the file. Re-open and check that the write
+	   time is identical to the one we wrote. */
+
+	smbcli_close(cli->tree, fnum1);
+
+	open_parms.ntcreatex.level = RAW_OPEN_NTCREATEX;
+	open_parms.ntcreatex.in.flags = 0;
+	open_parms.ntcreatex.in.access_mask = SEC_GENERIC_READ;
+	open_parms.ntcreatex.in.file_attr = 0;
+	open_parms.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_DELETE|
+					NTCREATEX_SHARE_ACCESS_READ|
+					NTCREATEX_SHARE_ACCESS_WRITE;
+	open_parms.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	open_parms.ntcreatex.in.create_options = 0;
+	open_parms.ntcreatex.in.fname = fname;
+
+	status = smb_raw_open(cli->tree, mem_ctx, &open_parms);
+	talloc_free(mem_ctx);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_result(tctx, TORTURE_FAIL,
+			"setfileinfo time matches original fileinfo time");
+		ret = false;
+	}
+
+	fnum1 = open_parms.ntcreatex.out.file.fnum;
+
+	/* Check the returned time matches. */
+        if (open_parms.ntcreatex.out.write_time != finfo2.basic_info.out.write_time) {
+		torture_result(tctx, TORTURE_FAIL,
+			"final open time does not match set time");
+		ret = false;
+	}
+
+ done:
+
+	smbcli_close(cli->tree, fnum1);
+
+	smbcli_unlink(cli->tree, fname);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+/*
+   Test if creating a file in a directory with an open handle updates the
+   write timestamp (it should).
+*/
+static bool test_directory_update8(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	union smb_fileinfo dir_info1, dir_info2;
+	union smb_open open_parms;
+	const char *fname = BASEDIR "\\torture_file.txt";
+	NTSTATUS status;
+	int fnum1 = -1;
+	int fnum2 = -1;
+	bool ret = true;
+	double used_delay = torture_setting_int(tctx, "writetimeupdatedelay", 2000000);
+	int normal_delay = 2000000;
+	double sec = ((double)used_delay) / ((double)normal_delay);
+	int msec = 1000 * sec;
+	TALLOC_CTX *mem_ctx = talloc_init("test_delayed_write_update8");
+
+        if (!mem_ctx) return false;
+
+	torture_comment(tctx, "\nRunning test directory write update\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	/* Open a handle on the directory - and leave it open. */
+	ZERO_STRUCT(open_parms);
+        open_parms.ntcreatex.level = RAW_OPEN_NTCREATEX;
+        open_parms.ntcreatex.in.flags = 0;
+        open_parms.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_READ;
+        open_parms.ntcreatex.in.file_attr = 0;
+        open_parms.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_DELETE|
+                                        NTCREATEX_SHARE_ACCESS_READ|
+                                        NTCREATEX_SHARE_ACCESS_WRITE;
+        open_parms.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+        open_parms.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+        open_parms.ntcreatex.in.fname = BASEDIR;
+
+        status = smb_raw_open(cli->tree, mem_ctx, &open_parms);
+        talloc_free(mem_ctx);
+
+        if (!NT_STATUS_IS_OK(status)) {
+                torture_result(tctx, TORTURE_FAIL,
+                        "failed to open directory handle");
+                ret = false;
+		goto done;
+        }
+
+        fnum1 = open_parms.ntcreatex.out.file.fnum;
+
+        /* Store the returned write time. */
+	ZERO_STRUCT(dir_info1);
+	dir_info1.basic_info.out.write_time = open_parms.ntcreatex.out.write_time;
+
+	torture_comment(tctx, "Initial write time %s\n",
+	       nt_time_string(tctx, dir_info1.basic_info.out.write_time));
+
+	/* sleep */
+	smb_msleep(3 * msec);
+
+	/* Now create a file within the directory. */
+	fnum2 = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	if (fnum2 == -1) {
+		torture_result(tctx, TORTURE_FAIL, "Failed to open %s", fname);
+                ret = false;
+		goto done;
+	}
+	smbcli_close(cli->tree, fnum2);
+
+	/* Read the directory write time again. */
+	ZERO_STRUCT(dir_info2);
+	dir_info2.basic_info.level = RAW_FILEINFO_BASIC_INFO;
+	dir_info2.basic_info.in.file.fnum = fnum1;
+
+	status = smb_raw_fileinfo(cli->tree, tctx, &dir_info2);
+
+	torture_assert_ntstatus_ok(tctx, status, "fileinfo failed");
+
+	/* Ensure it's been incremented. */
+	COMPARE_WRITE_TIME_GREATER(dir_info2, dir_info1);
+
+	torture_comment(tctx, "Updated write time %s\n",
+	       nt_time_string(tctx, dir_info2.basic_info.out.write_time));
+
+ done:
+
+	if (fnum1 != -1)
+		smbcli_close(cli->tree, fnum1);
+	smbcli_unlink(cli->tree, fname);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+/*
+   testing of delayed update of write_time
+*/
+struct torture_suite *torture_delay_write(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "delaywrite");
+
+	torture_suite_add_2smb_test(suite, "finfo update on close", test_finfo_after_write);
+	torture_suite_add_1smb_test(suite, "delayed update of write time", test_delayed_write_update);
+	torture_suite_add_1smb_test(suite, "update of write time and SMBwrite truncate", test_delayed_write_update1);
+	torture_suite_add_1smb_test(suite, "update of write time and SMBwrite truncate expand", test_delayed_write_update1a);
+	torture_suite_add_1smb_test(suite, "update of write time using SET_END_OF_FILE", test_delayed_write_update1b);
+	torture_suite_add_1smb_test(suite, "update of write time using SET_ALLOCATION_SIZE", test_delayed_write_update1c);
+	torture_suite_add_2smb_test(suite, "delayed update of write time using 2 connections", test_delayed_write_update2);
+	torture_suite_add_2smb_test(suite, "delayed update of write time 3", test_delayed_write_update3);
+	torture_suite_add_2smb_test(suite, "delayed update of write time 3a", test_delayed_write_update3a);
+	torture_suite_add_2smb_test(suite, "delayed update of write time 3b", test_delayed_write_update3b);
+	torture_suite_add_2smb_test(suite, "delayed update of write time 3c", test_delayed_write_update3c);
+	torture_suite_add_2smb_test(suite, "delayed update of write time 4", test_delayed_write_update4);
+	torture_suite_add_2smb_test(suite, "delayed update of write time 5", test_delayed_write_update5);
+	torture_suite_add_2smb_test(suite, "delayed update of write time 5b", test_delayed_write_update5b);
+	torture_suite_add_2smb_test(suite, "delayed update of write time 6", test_delayed_write_update6);
+	torture_suite_add_1smb_test(suite, "timestamp resolution test", test_delayed_write_update7);
+	torture_suite_add_1smb_test(suite, "directory timestamp update test", test_directory_update8);
+
+	return suite;
+}
diff --git a/source4/torture/basic/delete.c b/source4/torture/basic/delete.c
new file mode 100644
index 0000000..647f5e0
--- /dev/null
+++ b/source4/torture/basic/delete.c
@@ -0,0 +1,2624 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   delete on close testing
+
+   Copyright (C) Andrew Tridgell 2003
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	 See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "system/filesys.h"
+#include "libcli/raw/raw_proto.h"
+
+#include "torture/raw/proto.h"
+#include "torture/basic/proto.h"
+
+static bool check_delete_on_close(struct torture_context *tctx,
+				  struct smbcli_state *cli, int fnum,
+				  const char *fname, bool expect_it,
+				  const char *where)
+{
+	union smb_search_data data;
+	NTSTATUS status;
+
+	time_t c_time, a_time, m_time;
+	size_t size;
+	uint16_t mode;
+
+	status = torture_single_search(cli, tctx,
+				       fname,
+				       RAW_SEARCH_TRANS2,
+				       RAW_SEARCH_DATA_FULL_DIRECTORY_INFO,
+				       FILE_ATTRIBUTE_DIRECTORY,
+				       &data);
+	torture_assert_ntstatus_ok(tctx, status,
+		talloc_asprintf(tctx, "single_search failed (%s)", where));
+
+	if (fnum != -1) {
+		union smb_fileinfo io;
+		int nlink = expect_it ? 0 : 1;
+
+		io.all_info.level = RAW_FILEINFO_ALL_INFO;
+		io.all_info.in.file.fnum = fnum;
+
+		status = smb_raw_fileinfo(cli->tree, tctx, &io);
+		torture_assert_ntstatus_ok(tctx, status, talloc_asprintf(tctx,
+					"qfileinfo failed (%s)", where));
+
+		torture_assert(tctx, expect_it == io.all_info.out.delete_pending,
+			talloc_asprintf(tctx,
+			"%s - Expected del_on_close flag %d, qfileinfo/all_info gave %d",
+			       where, expect_it, io.all_info.out.delete_pending));
+
+		torture_assert(tctx, nlink == io.all_info.out.nlink,
+			talloc_asprintf(tctx,
+				"%s - Expected nlink %d, qfileinfo/all_info gave %d",
+			       where, nlink, io.all_info.out.nlink));
+
+		io.standard_info.level = RAW_FILEINFO_STANDARD_INFO;
+		io.standard_info.in.file.fnum = fnum;
+
+		status = smb_raw_fileinfo(cli->tree, tctx, &io);
+		torture_assert_ntstatus_ok(tctx, status, talloc_asprintf(tctx, "qpathinfo failed (%s)", where));
+
+		torture_assert(tctx, expect_it == io.standard_info.out.delete_pending,
+			talloc_asprintf(tctx, "%s - Expected del_on_close flag %d, qfileinfo/standard_info gave %d\n",
+			       where, expect_it, io.standard_info.out.delete_pending));
+
+		torture_assert(tctx, nlink == io.standard_info.out.nlink,
+			talloc_asprintf(tctx, "%s - Expected nlink %d, qfileinfo/standard_info gave %d",
+			       where, nlink, io.all_info.out.nlink));
+	}
+
+	status = smbcli_qpathinfo(cli->tree, fname,
+				  &c_time, &a_time, &m_time,
+				  &size, &mode);
+
+	if (expect_it) {
+		torture_assert_ntstatus_equal(tctx, status, NT_STATUS_DELETE_PENDING,
+			"qpathinfo did not give correct error code");
+	} else {
+		torture_assert_ntstatus_ok(tctx, status,
+			talloc_asprintf(tctx, "qpathinfo failed (%s)", where));
+	}
+
+	return true;
+}
+
+#define CHECK_STATUS(_cli, _expected) \
+	torture_assert_ntstatus_equal(tctx, _cli->tree->session->transport->error.e.nt_status, _expected, \
+		 "Incorrect status")
+
+static const char *fname = "\\delete.file";
+static const char *fname_new = "\\delete.new";
+static const char *dname = "\\delete.dir";
+
+static void del_clean_area(struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+
+	smbcli_deltree(cli1->tree, dname);
+	smbcli_setatr(cli1->tree, fname, 0, 0);
+	smbcli_unlink(cli1->tree, fname);
+	smbcli_setatr(cli1->tree, fname_new, 0, 0);
+	smbcli_unlink(cli1->tree, fname_new);
+}
+
+/* Test 1 - this should delete the file on close. */
+
+static bool deltest1(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	int fnum1 = -1;
+
+	del_clean_area(cli1, cli2);
+
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_ALL,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_DELETE, NTCREATEX_DISP_OVERWRITE_IF,
+				      NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 0);
+
+	torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	torture_assert_ntstatus_ok(tctx, smbcli_close(cli1->tree, fnum1),
+		talloc_asprintf(tctx, "close failed (%s)", smbcli_errstr(cli1->tree)));
+
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDWR, DENY_NONE);
+	torture_assert(tctx, fnum1 == -1, talloc_asprintf(tctx, "open of %s succeeded (should fail)",
+		       fname));
+
+	return true;
+}
+
+/* Test 2 - this should delete the file on close. */
+static bool deltest2(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	int fnum1 = -1;
+
+	del_clean_area(cli1, cli2);
+
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_ALL,
+				      FILE_ATTRIBUTE_NORMAL, NTCREATEX_SHARE_ACCESS_NONE,
+				      NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
+
+	torture_assert(tctx, fnum1 != -1,
+		talloc_asprintf(tctx, "open of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	torture_assert_ntstatus_ok(tctx, smbcli_nt_delete_on_close(cli1->tree, fnum1, true),
+		talloc_asprintf(tctx, "setting delete_on_close failed (%s)",
+		       smbcli_errstr(cli1->tree)));
+
+	torture_assert_ntstatus_ok(tctx, smbcli_close(cli1->tree, fnum1),
+		talloc_asprintf(tctx, "close failed (%s)",
+		       smbcli_errstr(cli1->tree)));
+
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDONLY, DENY_NONE);
+	if (fnum1 != -1) {
+		printf("(%s) open of %s succeeded should have been deleted on close !\n",
+		       __location__, fname);
+		if (NT_STATUS_IS_ERR(smbcli_close(cli1->tree, fnum1))) {
+			printf("(%s) close failed (%s)\n",
+			       __location__, smbcli_errstr(cli1->tree));
+			return false;
+		}
+		smbcli_unlink(cli1->tree, fname);
+	}
+	return true;
+}
+
+/* Test 3 - ... */
+static bool deltest3(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	int fnum1 = -1;
+	int fnum2 = -1;
+
+	del_clean_area(cli1, cli2);
+
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_ALL,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE,
+				      NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
+
+	torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open - 1 of %s failed (%s)",
+			fname, smbcli_errstr(cli1->tree)));
+
+	/* This should fail with a sharing violation - open for delete is only compatible
+	   with SHARE_DELETE. */
+
+	fnum2 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_READ,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE,
+				      NTCREATEX_DISP_OPEN, 0, 0);
+
+	torture_assert(tctx, fnum2 == -1,
+		talloc_asprintf(tctx, "open  - 2 of %s succeeded - should have failed.",
+		       fname));
+
+	/* This should succeed. */
+
+	fnum2 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_READ,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN, 0, 0);
+
+	torture_assert(tctx, fnum2 != -1, talloc_asprintf(tctx, "open  - 2 of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	torture_assert_ntstatus_ok(tctx,
+							   smbcli_nt_delete_on_close(cli1->tree, fnum1, true),
+							   talloc_asprintf(tctx, "setting delete_on_close failed (%s)",
+						   smbcli_errstr(cli1->tree)));
+
+	torture_assert_ntstatus_ok(tctx, smbcli_close(cli1->tree, fnum1),
+		talloc_asprintf(tctx, "close 1 failed (%s)",
+		       smbcli_errstr(cli1->tree)));
+
+	torture_assert_ntstatus_ok(tctx, smbcli_close(cli1->tree, fnum2),
+		talloc_asprintf(tctx, "close 2 failed (%s)",
+		       smbcli_errstr(cli1->tree)));
+
+	/* This should fail - file should no longer be there. */
+
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDONLY, DENY_NONE);
+	if (fnum1 != -1) {
+		printf("(%s) open of %s succeeded should have been deleted on close !\n",
+		       __location__, fname);
+		if (NT_STATUS_IS_ERR(smbcli_close(cli1->tree, fnum1))) {
+			printf("(%s) close failed (%s)\n",
+			       __location__, smbcli_errstr(cli1->tree));
+		}
+		smbcli_unlink(cli1->tree, fname);
+		return false;
+	}
+	return true;
+}
+
+/* Test 4 ... */
+static bool deltest4(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	int fnum1 = -1;
+	int fnum2 = -1;
+	bool correct = true;
+
+	del_clean_area(cli1, cli2);
+
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_FILE_READ_DATA  |
+				      SEC_FILE_WRITE_DATA |
+				      SEC_STD_DELETE,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE,
+				      NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
+
+	torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	/* This should succeed. */
+	fnum2 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_READ,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ  |
+				      NTCREATEX_SHARE_ACCESS_WRITE |
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN, 0, 0);
+	torture_assert(tctx, fnum2 != -1, talloc_asprintf(tctx, "open  - 2 of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	torture_assert_ntstatus_ok(tctx,
+					smbcli_close(cli1->tree, fnum2),
+					talloc_asprintf(tctx, "close - 1 failed (%s)",
+					smbcli_errstr(cli1->tree)));
+
+	torture_assert_ntstatus_ok(tctx,
+				smbcli_nt_delete_on_close(cli1->tree, fnum1, true),
+				talloc_asprintf(tctx, "setting delete_on_close failed (%s)",
+			smbcli_errstr(cli1->tree)));
+
+	/* This should fail - no more opens once delete on close set. */
+	fnum2 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_READ,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN, 0, 0);
+	torture_assert(tctx, fnum2 == -1,
+		 talloc_asprintf(tctx, "open  - 3 of %s succeeded ! Should have failed.",
+		       fname ));
+
+	CHECK_STATUS(cli1, NT_STATUS_DELETE_PENDING);
+
+	torture_assert_ntstatus_ok(tctx, smbcli_close(cli1->tree, fnum1),
+		 talloc_asprintf(tctx, "close - 2 failed (%s)",
+		       smbcli_errstr(cli1->tree)));
+
+	return correct;
+}
+
+/* Test 5 ... */
+static bool deltest5(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	int fnum1 = -1;
+
+	del_clean_area(cli1, cli2);
+
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	/* This should fail - only allowed on NT opens with DELETE access. */
+
+	torture_assert(tctx, !NT_STATUS_IS_OK(smbcli_nt_delete_on_close(cli1->tree, fnum1, true)),
+		 "setting delete_on_close on OpenX file succeeded - should fail !");
+
+	torture_assert_ntstatus_ok(tctx, smbcli_close(cli1->tree, fnum1),
+		talloc_asprintf(tctx, "close - 2 failed (%s)", smbcli_errstr(cli1->tree)));
+
+	return true;
+}
+
+/* Test 6 ... */
+static bool deltest6(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	int fnum1 = -1;
+
+	del_clean_area(cli1, cli2);
+
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				   SEC_FILE_READ_DATA | SEC_FILE_WRITE_DATA,
+				   FILE_ATTRIBUTE_NORMAL,
+				   NTCREATEX_SHARE_ACCESS_READ	|
+				   NTCREATEX_SHARE_ACCESS_WRITE |
+				   NTCREATEX_SHARE_ACCESS_DELETE,
+				   NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
+
+	torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	/* This should fail - only allowed on NT opens with DELETE access. */
+
+	torture_assert(tctx,
+		!NT_STATUS_IS_OK(smbcli_nt_delete_on_close(cli1->tree, fnum1, true)),
+		"setting delete_on_close on file with no delete access succeeded - should fail !");
+
+	torture_assert_ntstatus_ok(tctx,
+				   smbcli_close(cli1->tree, fnum1),
+				   talloc_asprintf(tctx,
+						   "close - 2 failed (%s)",
+						    smbcli_errstr(cli1->tree)));
+
+	return true;
+}
+
+/* Test 7 ... */
+static bool deltest7(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	int fnum1 = -1;
+	bool correct = true;
+
+	del_clean_area(cli1, cli2);
+
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_FILE_READ_DATA  |
+				      SEC_FILE_WRITE_DATA |
+				      SEC_STD_DELETE,
+				      FILE_ATTRIBUTE_NORMAL, 0,
+				      NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
+
+	torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	torture_assert_ntstatus_ok(tctx, smbcli_nt_delete_on_close(cli1->tree, fnum1, true),
+			"setting delete_on_close on file failed !");
+
+	correct &= check_delete_on_close(tctx, cli1, fnum1, fname, true, __location__);
+
+	torture_assert_ntstatus_ok(tctx,
+					smbcli_nt_delete_on_close(cli1->tree, fnum1, false),
+					"unsetting delete_on_close on file failed !");
+
+	correct &= check_delete_on_close(tctx, cli1, fnum1, fname, false, __location__);
+
+	torture_assert_ntstatus_ok(tctx, smbcli_close(cli1->tree, fnum1),
+		talloc_asprintf(tctx, "close - 2 failed (%s)", smbcli_errstr(cli1->tree)));
+
+	/* This next open should succeed - we reset the flag. */
+
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDONLY, DENY_NONE);
+	torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	torture_assert_ntstatus_ok(tctx, smbcli_close(cli1->tree, fnum1),
+						       talloc_asprintf(tctx, "close - 2 failed (%s)",
+						   smbcli_errstr(cli1->tree)));
+
+	return correct;
+}
+
+/* Test 8 ... */
+static bool deltest8(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	int fnum1 = -1;
+	int fnum2 = -1;
+	bool correct = true;
+
+	del_clean_area(cli1, cli2);
+
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_FILE_READ_DATA|
+				      SEC_FILE_WRITE_DATA|
+				      SEC_STD_DELETE,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
+
+	torture_assert(tctx, fnum1 != -1,
+		talloc_asprintf(tctx, "open of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0,
+				      SEC_FILE_READ_DATA|
+				      SEC_FILE_WRITE_DATA|
+				      SEC_STD_DELETE,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN, 0, 0);
+
+	torture_assert(tctx, fnum2 != -1, talloc_asprintf(tctx, "open of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	torture_assert_ntstatus_ok(tctx,
+					smbcli_nt_delete_on_close(cli1->tree, fnum1, true),
+		"setting delete_on_close on file failed !");
+
+	correct &= check_delete_on_close(tctx, cli1, fnum1, fname, true, __location__);
+	correct &= check_delete_on_close(tctx, cli2, fnum2, fname, true, __location__);
+
+	torture_assert_ntstatus_ok(tctx, smbcli_close(cli1->tree, fnum1),
+		talloc_asprintf(tctx, "close - 1 failed (%s)",
+		       smbcli_errstr(cli1->tree)));
+
+	correct &= check_delete_on_close(tctx, cli1, -1, fname, true, __location__);
+	correct &= check_delete_on_close(tctx, cli2, fnum2, fname, true, __location__);
+
+	torture_assert_ntstatus_ok(tctx, smbcli_close(cli2->tree, fnum2),
+		talloc_asprintf(tctx, "close - 2 failed (%s)", smbcli_errstr(cli2->tree)));
+
+	/* This should fail.. */
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDONLY, DENY_NONE);
+	torture_assert(tctx, fnum1 == -1,
+		talloc_asprintf(tctx, "open of %s succeeded should have been deleted on close !\n", fname));
+
+	return correct;
+}
+
+/* Test 9 ... */
+static bool deltest9(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	int fnum1 = -1;
+	NTSTATUS status;
+	uint32_t disps[4] = {
+			NTCREATEX_DISP_SUPERSEDE,
+			NTCREATEX_DISP_OVERWRITE_IF,
+			NTCREATEX_DISP_CREATE,
+			NTCREATEX_DISP_OPEN_IF};
+	unsigned int i;
+
+	del_clean_area(cli1, cli2);
+
+	for (i = 0; i < sizeof(disps)/sizeof(disps[0]); i++) {
+		/* This should fail - we need to set DELETE_ACCESS. */
+
+		/*
+		 * A file or directory create with DELETE_ON_CLOSE but
+		 * without DELETE_ACCESS should fail with
+		 * NT_STATUS_INVALID_PARAMETER.
+		 */
+
+		fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA,
+				FILE_ATTRIBUTE_NORMAL,
+				NTCREATEX_SHARE_ACCESS_NONE,
+				disps[i],
+				NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 0);
+
+		torture_assert(tctx, fnum1 == -1,
+			talloc_asprintf(tctx, "open of %s succeeded "
+				"should have failed!",
+			fname));
+
+		/* Must fail with NT_STATUS_INVALID_PARAMETER. */
+		status = smbcli_nt_error(cli1->tree);
+		torture_assert_ntstatus_equal(tctx,
+			status,
+			NT_STATUS_INVALID_PARAMETER,
+			talloc_asprintf(tctx, "create of %s should return "
+				"NT_STATUS_INVALID_PARAMETER, got %s",
+			fname,
+			smbcli_errstr(cli1->tree)));
+
+		/* This should fail - the file should not have been created. */
+		status = smbcli_getatr(cli1->tree, fname, NULL, NULL, NULL);
+		torture_assert_ntstatus_equal(tctx,
+			status,
+			NT_STATUS_OBJECT_NAME_NOT_FOUND,
+			talloc_asprintf(tctx, "getattr of %s succeeded should "
+				"not have been created !",
+			fname));
+	}
+
+	return true;
+}
+
+/* Test 9a ... */
+static bool deltest9a(struct torture_context *tctx,
+			struct smbcli_state *cli1,
+			struct smbcli_state *cli2)
+{
+	int fnum1 = -1;
+	NTSTATUS status;
+	uint32_t disps[4] = {
+			NTCREATEX_DISP_OVERWRITE_IF,
+			NTCREATEX_DISP_OPEN,
+			NTCREATEX_DISP_OVERWRITE,
+			NTCREATEX_DISP_OPEN_IF};
+
+	unsigned int i;
+
+	del_clean_area(cli1, cli2);
+
+	/* Create the file, and try with open calls. */
+	fnum1 = smbcli_open(cli1->tree, fname, O_CREAT|O_RDWR, DENY_NONE);
+	torture_assert(tctx,
+			fnum1 != -1,
+			talloc_asprintf(tctx, "open of %s failed (%s)",
+			fname,
+			smbcli_errstr(cli1->tree)));
+	status = smbcli_close(cli1->tree, fnum1);
+	torture_assert_ntstatus_ok(tctx,
+				status,
+				talloc_asprintf(tctx, "close failed"));
+
+	for (i = 0; i < sizeof(disps)/sizeof(disps[0]); i++) {
+		fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA,
+				FILE_ATTRIBUTE_NORMAL,
+				NTCREATEX_SHARE_ACCESS_NONE,
+				disps[i],
+				NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 0);
+
+		torture_assert(tctx, fnum1 == -1,
+			talloc_asprintf(tctx, "open of %s succeeded "
+				"should have failed!",
+			fname));
+
+		/* Must fail with NT_STATUS_INVALID_PARAMETER. */
+		status = smbcli_nt_error(cli1->tree);
+		torture_assert_ntstatus_equal(tctx,
+			status,
+			NT_STATUS_INVALID_PARAMETER,
+			talloc_asprintf(tctx, "create of %s should return "
+				"NT_STATUS_INVALID_PARAMETER, got %s",
+			fname,
+			smbcli_errstr(cli1->tree)));
+
+		/*
+		 * This should succeed - the file should not have been deleted.
+		 */
+		status = smbcli_getatr(cli1->tree, fname, NULL, NULL, NULL);
+		torture_assert_ntstatus_ok(tctx,
+			status,
+			talloc_asprintf(tctx, "getattr of %s failed %s",
+			fname,
+			smbcli_errstr(cli1->tree)));
+	}
+
+	del_clean_area(cli1, cli2);
+	return true;
+}
+
+/* Test 10 ... */
+static bool deltest10(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	int fnum1 = -1;
+
+	del_clean_area(cli1, cli2);
+
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_FILE_READ_DATA|
+				      SEC_FILE_WRITE_DATA|
+				      SEC_STD_DELETE,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_NONE,
+				      NTCREATEX_DISP_OVERWRITE_IF,
+				      NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 0);
+	torture_assert(tctx, fnum1 != -1,
+		talloc_asprintf(tctx, "open of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	/* This should delete the file. */
+	torture_assert_ntstatus_ok(tctx, smbcli_close(cli1->tree, fnum1),
+		talloc_asprintf(tctx, "close failed (%s)",
+		       smbcli_errstr(cli1->tree)));
+
+	/* This should fail.. */
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDONLY, DENY_NONE);
+	torture_assert(tctx, fnum1 == -1,
+				talloc_asprintf(tctx, "open of %s succeeded should have been deleted on close !",
+		       fname));
+	return true;
+}
+
+/* Test 11 ... */
+static bool deltest11(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	int fnum1 = -1;
+	NTSTATUS status;
+
+	del_clean_area(cli1, cli2);
+
+	/* test 11 - does having read only attribute still allow delete on close. */
+
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_ALL,
+				      FILE_ATTRIBUTE_READONLY,
+				      NTCREATEX_SHARE_ACCESS_NONE,
+				      NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
+
+	torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	status = smbcli_nt_delete_on_close(cli1->tree, fnum1, true);
+
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_CANNOT_DELETE,
+		talloc_asprintf(tctx, "setting delete_on_close should fail with NT_STATUS_CANNOT_DELETE. Got %s instead)", smbcli_errstr(cli1->tree)));
+
+	torture_assert_ntstatus_ok(tctx, smbcli_close(cli1->tree, fnum1),
+		talloc_asprintf(tctx, "close failed (%s)",
+		       smbcli_errstr(cli1->tree)));
+
+	return true;
+}
+
+/* Test 12 ... */
+static bool deltest12(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	int fnum1 = -1;
+	NTSTATUS status;
+
+	del_clean_area(cli1, cli2);
+
+	/* test 12 - does having read only attribute still allow delete on
+	 * close at time of open. */
+
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_ALL,
+				      FILE_ATTRIBUTE_READONLY,
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OVERWRITE_IF,
+				      NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 0);
+
+	torture_assert(tctx, fnum1 == -1,
+		 talloc_asprintf(tctx, "open of %s succeeded. Should fail with "
+		       "NT_STATUS_CANNOT_DELETE.\n", fname));
+
+	status = smbcli_nt_error(cli1->tree);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_CANNOT_DELETE,
+			 talloc_asprintf(tctx, "setting delete_on_close on open should "
+			       "fail with NT_STATUS_CANNOT_DELETE. Got %s "
+			       "instead)",
+			       smbcli_errstr(cli1->tree)));
+
+	return true;
+}
+
+/* Test 13 ... */
+static bool deltest13(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	int fnum1 = -1;
+	int fnum2 = -1;
+	bool correct = true;
+
+	del_clean_area(cli1, cli2);
+
+	/* Test 13: Does resetting the delete on close flag affect a second
+	 * fd? */
+
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_FILE_READ_DATA|
+				      SEC_FILE_WRITE_DATA|
+				      SEC_STD_DELETE,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OVERWRITE_IF,
+				      0, 0);
+
+	torture_assert(tctx, fnum1 != -1,
+		talloc_asprintf(tctx, "open of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0,
+				      SEC_FILE_READ_DATA|
+				      SEC_FILE_WRITE_DATA|
+				      SEC_STD_DELETE,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN, 0, 0);
+
+	torture_assert(tctx, fnum2 != -1, talloc_asprintf(tctx,
+				"open of %s failed (%s)",
+		       fname, smbcli_errstr(cli2->tree)));
+
+	torture_assert_ntstatus_ok(tctx,
+						smbcli_nt_delete_on_close(cli1->tree, fnum1,
+						       true),
+		 "setting delete_on_close on file failed !");
+
+	correct &= check_delete_on_close(tctx, cli1, fnum1, fname, true, __location__);
+	correct &= check_delete_on_close(tctx, cli2, fnum2, fname, true, __location__);
+
+	torture_assert_ntstatus_ok(tctx, smbcli_nt_delete_on_close(cli2->tree, fnum2,
+						       false),
+		 "unsetting delete_on_close on file failed !");
+
+	correct &= check_delete_on_close(tctx, cli1, fnum1, fname, false, __location__);
+	correct &= check_delete_on_close(tctx, cli2, fnum2, fname, false, __location__);
+
+	torture_assert_ntstatus_ok(tctx, smbcli_close(cli1->tree, fnum1),
+		talloc_asprintf(tctx, "close - 1 failed (%s)",
+		       smbcli_errstr(cli1->tree)));
+
+	torture_assert_ntstatus_ok(tctx, smbcli_close(cli2->tree, fnum2),
+			talloc_asprintf(tctx, "close - 2 failed (%s)",
+		       smbcli_errstr(cli2->tree)));
+
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDONLY, DENY_NONE);
+
+	torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open of %s failed!",
+		       fname));
+
+	smbcli_close(cli1->tree, fnum1);
+
+	return correct;
+}
+
+/* Test 14 ... */
+static bool deltest14(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	int dnum1 = -1;
+	bool correct = true;
+
+	del_clean_area(cli1, cli2);
+
+	/* Test 14 -- directory */
+
+	dnum1 = smbcli_nt_create_full(cli1->tree, dname, 0,
+				      SEC_FILE_READ_DATA|
+				      SEC_FILE_WRITE_DATA|
+				      SEC_STD_DELETE,
+				      FILE_ATTRIBUTE_DIRECTORY,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_CREATE, 0, 0);
+	torture_assert(tctx, dnum1 != -1, talloc_asprintf(tctx, "open of %s failed: %s!",
+		       dname, smbcli_errstr(cli1->tree)));
+
+	correct &= check_delete_on_close(tctx, cli1, dnum1, dname, false, __location__);
+	torture_assert_ntstatus_ok(tctx, smbcli_nt_delete_on_close(cli1->tree, dnum1, true),
+			"setting delete_on_close on file failed !");
+	correct &= check_delete_on_close(tctx, cli1, dnum1, dname, true, __location__);
+	smbcli_close(cli1->tree, dnum1);
+
+	/* Now it should be gone... */
+
+	dnum1 = smbcli_nt_create_full(cli1->tree, dname, 0,
+				      SEC_FILE_READ_DATA|
+				      SEC_FILE_WRITE_DATA|
+				      SEC_STD_DELETE,
+				      FILE_ATTRIBUTE_DIRECTORY,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN, 0, 0);
+	torture_assert(tctx, dnum1 == -1, "setting delete_on_close on file succeeded !");
+
+	return correct;
+}
+
+/* Test 15 ... */
+static bool deltest15(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	int fnum1 = -1;
+	bool correct = true;
+	int fnum2 = -1;
+	NTSTATUS status;
+
+	del_clean_area(cli1, cli2);
+
+	/* Test 15: delete on close under rename */
+
+	smbcli_setatr(cli1->tree, fname, 0, 0);
+	smbcli_unlink(cli1->tree, fname);
+	smbcli_unlink(cli1->tree, fname_new);
+
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_FILE_READ_DATA,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OVERWRITE_IF,
+				      0, 0);
+
+	torture_assert(tctx, fnum1 != -1,
+		talloc_asprintf(tctx, "open - 1 of %s failed (%s)", fname, smbcli_errstr(cli1->tree)));
+
+	status = smbcli_rename(cli2->tree, fname, fname_new);
+
+	torture_assert_ntstatus_ok(tctx, status, "renaming failed!");
+
+	fnum2 = smbcli_nt_create_full(cli2->tree, fname_new, 0,
+				      SEC_GENERIC_ALL,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OVERWRITE_IF,
+				      0, 0);
+
+	torture_assert(tctx, fnum2 != -1,
+		talloc_asprintf(tctx, "open - 1 of %s failed (%s)",
+		       fname_new, smbcli_errstr(cli1->tree)));
+
+	status = smbcli_nt_delete_on_close(cli2->tree, fnum2, true);
+
+	torture_assert_ntstatus_ok(tctx, status,
+		"setting delete_on_close on file failed !");
+
+	smbcli_close(cli2->tree, fnum2);
+
+	/* The file should be around under the new name, there's a second
+	 * handle open */
+
+	correct &= check_delete_on_close(tctx, cli1, fnum1, fname_new, true, __location__);
+
+	fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0,
+				      SEC_GENERIC_ALL,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OVERWRITE_IF,
+				      0, 0);
+
+	torture_assert(tctx, fnum2 != -1, talloc_asprintf(tctx, "open - 1 of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	correct &= check_delete_on_close(tctx, cli2, fnum2, fname, false, __location__);
+
+	smbcli_close(cli2->tree, fnum2);
+	smbcli_close(cli1->tree, fnum1);
+
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_FILE_READ_EA,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN,
+				      0, 0);
+
+	torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open - 1 of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	smbcli_close(cli1->tree, fnum1);
+
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname_new, 0,
+				      SEC_FILE_READ_EA,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN,
+				      0, 0);
+
+	torture_assert(tctx, fnum1 == -1,
+		"smbcli_open succeeded, should have "
+		       "failed");
+
+	return correct;
+}
+
+/* Test 16 ... */
+static bool deltest16(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	int fnum1 = -1;
+	int fnum2 = -1;
+	bool correct = true;
+
+	del_clean_area(cli1, cli2);
+
+	/* Test 16. */
+
+	/* Ensure the file doesn't already exist. */
+	smbcli_close(cli1->tree, fnum1);
+	smbcli_close(cli1->tree, fnum2);
+	smbcli_setatr(cli1->tree, fname, 0, 0);
+	smbcli_unlink(cli1->tree, fname);
+
+	/* Firstly create with all access, but delete on close. */
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_ALL,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_CREATE,
+				      NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 0);
+
+	torture_assert (tctx, fnum1 != -1, talloc_asprintf(tctx, "open - 1 of %s failed (%s)", fname, smbcli_errstr(cli1->tree)));
+
+	/* The delete on close bit is *not* reported as being set. */
+	correct &= check_delete_on_close(tctx, cli1, fnum1, fname, false, __location__);
+
+	/* The delete on close bit is *not* reported as being set. */
+	correct &= check_delete_on_close(tctx, cli1, -1, fname, false, __location__);
+	correct &= check_delete_on_close(tctx, cli2, -1, fname, false, __location__);
+
+	/* Now try opening again for read-only. */
+	fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0,
+				      SEC_RIGHTS_FILE_READ,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN,
+				      0, 0);
+
+	/* Should work. */
+	torture_assert(tctx, fnum2 != -1, talloc_asprintf(tctx, "open - 1 of %s failed (%s)",
+		      fname, smbcli_errstr(cli1->tree)));
+
+	correct &= check_delete_on_close(tctx, cli1, fnum1, fname, false, __location__);
+	correct &= check_delete_on_close(tctx, cli1, -1, fname, false, __location__);
+	correct &= check_delete_on_close(tctx, cli2, fnum2, fname, false, __location__);
+	correct &= check_delete_on_close(tctx, cli2, -1, fname, false, __location__);
+
+	smbcli_close(cli1->tree, fnum1);
+
+	correct &= check_delete_on_close(tctx, cli2, fnum2, fname, true, __location__);
+	correct &= check_delete_on_close(tctx, cli2, -1, fname, true, __location__);
+
+	smbcli_close(cli2->tree, fnum2);
+
+	/* And the file should be deleted ! */
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDWR, DENY_NONE);
+	torture_assert(tctx, fnum1 == -1, talloc_asprintf(tctx, "open of %s succeeded (should fail)",
+		       fname));
+
+	CHECK_STATUS(cli1, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	return correct;
+}
+
+/* Test 16 ... */
+static bool deltest16a(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	int fnum1 = -1;
+	int fnum2 = -1;
+	bool correct = true;
+
+	del_clean_area(cli1, cli2);
+
+	/* Test 16. */
+
+	/* Ensure the file doesn't already exist. */
+	smbcli_close(cli1->tree, fnum1);
+	smbcli_close(cli1->tree, fnum2);
+	smbcli_setatr(cli1->tree, fname, 0, 0);
+	smbcli_unlink(cli1->tree, fname);
+
+	/* Firstly open and create with all access */
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_ALL,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_CREATE,
+				      0, 0);
+	torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open - 1 of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	/* And close - just to create the file. */
+	smbcli_close(cli1->tree, fnum1);
+
+	/* Firstly create with all access, but delete on close. */
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_ALL,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN,
+				      NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 0);
+
+	torture_assert (tctx, fnum1 != -1, talloc_asprintf(tctx, "open - 1 of %s failed (%s)", fname, smbcli_errstr(cli1->tree)));
+
+	/* The delete on close bit is *not* reported as being set. */
+	correct &= check_delete_on_close(tctx, cli1, fnum1, fname, false, __location__);
+
+	/* The delete on close bit is *not* reported as being set. */
+	correct &= check_delete_on_close(tctx, cli1, -1, fname, false, __location__);
+	correct &= check_delete_on_close(tctx, cli2, -1, fname, false, __location__);
+
+	/* Now try opening again for read-only. */
+	fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0,
+				      SEC_RIGHTS_FILE_READ,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN,
+				      0, 0);
+
+	/* Should work. */
+	torture_assert(tctx, fnum2 != -1, talloc_asprintf(tctx, "open - 1 of %s failed (%s)",
+		      fname, smbcli_errstr(cli1->tree)));
+
+	correct &= check_delete_on_close(tctx, cli1, fnum1, fname, false, __location__);
+	correct &= check_delete_on_close(tctx, cli1, -1, fname, false, __location__);
+	correct &= check_delete_on_close(tctx, cli2, fnum2, fname, false, __location__);
+	correct &= check_delete_on_close(tctx, cli2, -1, fname, false, __location__);
+
+	smbcli_close(cli1->tree, fnum1);
+
+	correct &= check_delete_on_close(tctx, cli2, fnum2, fname, false, __location__);
+	correct &= check_delete_on_close(tctx, cli2, -1, fname, false, __location__);
+
+	smbcli_close(cli2->tree, fnum2);
+
+	/* And the file should be deleted ! */
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDWR, DENY_NONE);
+	torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	smbcli_close(cli1->tree, fnum1);
+	smbcli_setatr(cli1->tree, fname, 0, 0);
+	smbcli_unlink(cli1->tree, fname);
+
+	return correct;
+}
+
+/* Test 17 ... */
+static bool deltest17(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	int fnum1 = -1;
+	int fnum2 = -1;
+	bool correct = true;
+
+	del_clean_area(cli1, cli2);
+
+	/* Test 17. */
+
+	/* Ensure the file doesn't already exist. */
+	smbcli_close(cli1->tree, fnum1);
+	smbcli_close(cli1->tree, fnum2);
+	smbcli_setatr(cli1->tree, fname, 0, 0);
+	smbcli_unlink(cli1->tree, fname);
+
+	/* Firstly open and create with all access */
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_ALL,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_CREATE,
+				      0, 0);
+	torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open - 1 of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	/* And close - just to create the file. */
+	smbcli_close(cli1->tree, fnum1);
+
+	/* Next open with all access, but add delete on close. */
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_ALL,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN,
+				      NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 0);
+
+	torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open - 1 of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	/* The delete on close bit is *not* reported as being set. */
+	correct &= check_delete_on_close(tctx, cli1, fnum1, fname, false, __location__);
+
+	/* Now try opening again for read-only. */
+	fnum2 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_READ|
+				      SEC_STD_DELETE,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN,
+				      0, 0);
+
+	/* Should work. */
+	torture_assert(tctx, fnum2 != -1, talloc_asprintf(tctx, "open - 2 of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	/* still not reported as being set on either */
+	correct &= check_delete_on_close(tctx, cli1, fnum1, fname, false, __location__);
+	correct &= check_delete_on_close(tctx, cli1, fnum2, fname, false, __location__);
+
+	smbcli_close(cli1->tree, fnum1);
+
+	/* After the first close, the files has the delete on close bit set. */
+	correct &= check_delete_on_close(tctx, cli1, fnum2, fname, true, __location__);
+
+	smbcli_close(cli1->tree, fnum2);
+
+	/* Make sure the file has been deleted */
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDWR, DENY_NONE);
+	torture_assert(tctx, fnum1 == -1, talloc_asprintf(tctx, "open of %s failed (should succeed) - %s",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	CHECK_STATUS(cli1, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	return correct;
+}
+
+/* Test 17a - like 17, but the delete on close handle is closed last */
+static bool deltest17a(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	int fnum1 = -1;
+	int fnum2 = -1;
+	bool correct = true;
+
+	del_clean_area(cli1, cli2);
+
+	/* Ensure the file doesn't already exist. */
+	smbcli_close(cli1->tree, fnum1);
+	smbcli_close(cli1->tree, fnum2);
+	smbcli_setatr(cli1->tree, fname, 0, 0);
+	smbcli_unlink(cli1->tree, fname);
+
+	/* Firstly open and create with all access */
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_ALL,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_CREATE,
+				      0, 0);
+	torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open - 1 of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	/* And close - just to create the file. */
+	smbcli_close(cli1->tree, fnum1);
+
+	/* Next open with all access, but add delete on close. */
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_ALL,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN,
+				      NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 0);
+
+	torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open - 1 of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	/* The delete on close bit is *not* reported as being set. */
+	correct &= check_delete_on_close(tctx, cli1, fnum1, fname, false, __location__);
+
+	/* Now try opening again for read-only. */
+	fnum2 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_READ|
+				      SEC_STD_DELETE,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN,
+				      0, 0);
+
+	/* Should work. */
+	torture_assert(tctx, fnum2 != -1, talloc_asprintf(tctx, "open - 2 of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	/* still not reported as being set on either */
+	correct &= check_delete_on_close(tctx, cli1, fnum1, fname, false, __location__);
+	correct &= check_delete_on_close(tctx, cli1, fnum2, fname, false, __location__);
+
+	smbcli_close(cli1->tree, fnum2);
+
+	correct &= check_delete_on_close(tctx, cli1, fnum1, fname, false, __location__);
+
+	smbcli_close(cli1->tree, fnum1);
+
+	/*
+	 * The file is still there:
+	 * The second open seems to have removed the initial
+	 * delete on close flag from the first handle
+	 */
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDWR, DENY_NONE);
+	torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open - 3 of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	smbcli_close(cli1->tree, fnum1);
+	smbcli_setatr(cli1->tree, fname, 0, 0);
+	smbcli_unlink(cli1->tree, fname);
+
+	return correct;
+}
+
+/* Test 17b - like 17a, but the initial delete on close is set on the second handle */
+static bool deltest17b(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	int fnum1 = -1;
+	int fnum2 = -1;
+	bool correct = true;
+
+	del_clean_area(cli1, cli2);
+
+	/* Ensure the file doesn't already exist. */
+	smbcli_close(cli1->tree, fnum1);
+	smbcli_close(cli1->tree, fnum2);
+	smbcli_setatr(cli1->tree, fname, 0, 0);
+	smbcli_unlink(cli1->tree, fname);
+
+	/* Firstly open and create with all access */
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_ALL,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_CREATE,
+				      0, 0);
+	torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open - 1 of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	/* And close - just to create the file. */
+	smbcli_close(cli1->tree, fnum1);
+
+	/* Next open with all access, but add delete on close. */
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_ALL,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN,
+				      0, 0);
+
+	torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open - 1 of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	/* The delete on close bit is *not* reported as being set. */
+	correct &= check_delete_on_close(tctx, cli1, fnum1, fname, false, __location__);
+
+	/* Now try opening again for read-only. */
+	fnum2 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_READ|
+				      SEC_STD_DELETE,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN,
+				      NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 0);
+
+	/* Should work. */
+	torture_assert(tctx, fnum2 != -1, talloc_asprintf(tctx, "open - 2 of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	/* still not reported as being set on either */
+	correct &= check_delete_on_close(tctx, cli1, fnum1, fname, false, __location__);
+	correct &= check_delete_on_close(tctx, cli1, fnum2, fname, false, __location__);
+
+	smbcli_close(cli1->tree, fnum1);
+
+	correct &= check_delete_on_close(tctx, cli1, fnum2, fname, false, __location__);
+
+	smbcli_close(cli1->tree, fnum2);
+
+	/* Make sure the file has been deleted */
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDWR, DENY_NONE);
+	torture_assert(tctx, fnum1 == -1, talloc_asprintf(tctx, "open - 3 of %s succeeded (should fail)",
+		       fname));
+
+	CHECK_STATUS(cli1, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	return correct;
+}
+
+/* Test 17c - like 17, but the initial delete on close is set on the second handle */
+static bool deltest17c(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	int fnum1 = -1;
+	int fnum2 = -1;
+	bool correct = true;
+
+	del_clean_area(cli1, cli2);
+
+	/* Ensure the file doesn't already exist. */
+	smbcli_close(cli1->tree, fnum1);
+	smbcli_close(cli1->tree, fnum2);
+	smbcli_setatr(cli1->tree, fname, 0, 0);
+	smbcli_unlink(cli1->tree, fname);
+
+	/* Firstly open and create with all access */
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_ALL,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_CREATE,
+				      0, 0);
+	torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open - 1 of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	/* And close - just to create the file. */
+	smbcli_close(cli1->tree, fnum1);
+
+	/* Next open with all access, but add delete on close. */
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_ALL,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN,
+				      0, 0);
+
+	torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open - 1 of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	/* The delete on close bit is *not* reported as being set. */
+	correct &= check_delete_on_close(tctx, cli1, fnum1, fname, false, __location__);
+
+	/* Now try opening again for read-only. */
+	fnum2 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_READ|
+				      SEC_STD_DELETE,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN,
+				      NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 0);
+
+	/* Should work. */
+	torture_assert(tctx, fnum2 != -1, talloc_asprintf(tctx, "open - 2 of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	/* still not reported as being set on either */
+	correct &= check_delete_on_close(tctx, cli1, fnum1, fname, false, __location__);
+	correct &= check_delete_on_close(tctx, cli1, fnum2, fname, false, __location__);
+
+	smbcli_close(cli1->tree, fnum2);
+
+	correct &= check_delete_on_close(tctx, cli1, fnum1, fname, true, __location__);
+
+	fnum2 = smbcli_open(cli1->tree, fname, O_RDWR, DENY_NONE);
+	torture_assert(tctx, fnum2 == -1, talloc_asprintf(tctx, "open - 3 of %s succeeded (should fail)",
+		       fname));
+
+	CHECK_STATUS(cli1, NT_STATUS_DELETE_PENDING);
+
+	smbcli_close(cli1->tree, fnum1);
+
+	/* Make sure the file has been deleted */
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDWR, DENY_NONE);
+	torture_assert(tctx, fnum1 == -1, talloc_asprintf(tctx, "open - 4 of %s succeeded (should fail)",
+		       fname));
+
+	CHECK_STATUS(cli1, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	return correct;
+}
+
+/* Test 17d - like 17a, but the first delete-on-close opener creates the file */
+static bool deltest17d(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	int fnum1 = -1;
+	int fnum2 = -1;
+	bool correct = true;
+
+	del_clean_area(cli1, cli2);
+
+	/* Ensure the file doesn't already exist. */
+	smbcli_close(cli1->tree, fnum1);
+	smbcli_close(cli1->tree, fnum2);
+	smbcli_setatr(cli1->tree, fname, 0, 0);
+	smbcli_unlink(cli1->tree, fname);
+
+
+	/* Create the file with delete on close. */
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_ALL,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_CREATE,
+				      NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 0);
+
+	torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open - 1 of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	/* The delete on close bit is *not* reported as being set. */
+	correct &= check_delete_on_close(tctx, cli1, fnum1, fname, false, __location__);
+
+	/* Now try opening again for read-only. */
+	fnum2 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_READ|
+				      SEC_STD_DELETE,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN,
+				      0, 0);
+
+	/* Should work. */
+	torture_assert(tctx, fnum2 != -1, talloc_asprintf(tctx, "open - 2 of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	/* still not reported as being set on either */
+	correct &= check_delete_on_close(tctx, cli1, fnum1, fname, false, __location__);
+	correct &= check_delete_on_close(tctx, cli1, fnum2, fname, false, __location__);
+
+	smbcli_close(cli1->tree, fnum2);
+
+	correct &= check_delete_on_close(tctx, cli1, fnum1, fname, false, __location__);
+
+	smbcli_close(cli1->tree, fnum1);
+
+	/*
+	 * The file is still there:
+	 * The second open seems to have removed the initial
+	 * delete on close flag from the first handle
+	 */
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDWR, DENY_NONE);
+	torture_assert(tctx, fnum1 == -1, talloc_asprintf(tctx, "open - 3 of %s succeed (should fail)",
+		       fname));
+
+	CHECK_STATUS(cli1, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	return correct;
+}
+
+static bool deltest17e(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	int fnum1 = -1;
+	int fnum2 = -1;
+	int fnum3 = -1;
+	bool correct = true;
+
+	del_clean_area(cli1, cli2);
+
+	/* Ensure the file doesn't already exist. */
+	smbcli_close(cli1->tree, fnum1);
+	smbcli_close(cli1->tree, fnum2);
+	smbcli_setatr(cli1->tree, fname, 0, 0);
+	smbcli_unlink(cli1->tree, fname);
+
+	/* Firstly open and create with all access */
+	fnum3 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_ALL,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_CREATE,
+				      0, 0);
+	torture_assert(tctx, fnum3 != -1, talloc_asprintf(tctx, "open - 1 of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	/* Next open with all access, but add delete on close. */
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_ALL,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN,
+				      NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 0);
+
+	torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open - 2 of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	/* The delete on close bit is *not* reported as being set. */
+	correct &= check_delete_on_close(tctx, cli1, fnum1, fname, false, __location__);
+	correct &= check_delete_on_close(tctx, cli1, fnum3, fname, false, __location__);
+
+	/* Now try opening again for read-only. */
+	fnum2 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_READ|
+				      SEC_STD_DELETE,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN,
+				      0, 0);
+
+	/* Should work. */
+	torture_assert(tctx, fnum2 != -1, talloc_asprintf(tctx, "open - 3 of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	/* still not reported as being set on either */
+	correct &= check_delete_on_close(tctx, cli1, fnum1, fname, false, __location__);
+	correct &= check_delete_on_close(tctx, cli1, fnum2, fname, false, __location__);
+	correct &= check_delete_on_close(tctx, cli1, fnum3, fname, false, __location__);
+
+	smbcli_close(cli1->tree, fnum1);
+
+	/*
+	 * closing the handle that has delete_on_close set
+	 * inherits the flag to the global context
+	 */
+	correct &= check_delete_on_close(tctx, cli1, fnum2, fname, true, __location__);
+	correct &= check_delete_on_close(tctx, cli1, fnum3, fname, true, __location__);
+
+	smbcli_close(cli1->tree, fnum2);
+
+	correct &= check_delete_on_close(tctx, cli1, fnum3, fname, true, __location__);
+
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDWR, DENY_NONE);
+	torture_assert(tctx, fnum1 == -1, talloc_asprintf(tctx, "open - 4 of %s succeeded (should fail)",
+		       fname));
+
+	CHECK_STATUS(cli1, NT_STATUS_DELETE_PENDING);
+
+	smbcli_close(cli1->tree, fnum3);
+
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDWR, DENY_NONE);
+	torture_assert(tctx, fnum1 == -1, talloc_asprintf(tctx, "open - 5 of %s succeeded (should fail)",
+		       fname));
+
+	CHECK_STATUS(cli1, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	return correct;
+}
+
+static bool deltest17f(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	int fnum1 = -1;
+	int fnum2 = -1;
+	int fnum3 = -1;
+	bool correct = true;
+	NTSTATUS status;
+
+	del_clean_area(cli1, cli2);
+
+	/* Ensure the file doesn't already exist. */
+	smbcli_close(cli1->tree, fnum1);
+	smbcli_close(cli1->tree, fnum2);
+	smbcli_setatr(cli1->tree, fname, 0, 0);
+	smbcli_unlink(cli1->tree, fname);
+
+	/* Firstly open and create with all access */
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_ALL,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_CREATE,
+				      NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 0);
+	torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open - 1 of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	/* The delete on close bit is *not* reported as being set. */
+	correct &= check_delete_on_close(tctx, cli1, fnum1, fname, false, __location__);
+
+	/* Next open with all access, but add delete on close. */
+	fnum2 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_ALL,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN,
+				      NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 0);
+
+	torture_assert(tctx, fnum2 != -1, talloc_asprintf(tctx, "open - 2 of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	/* still not reported as being set on either */
+	correct &= check_delete_on_close(tctx, cli1, fnum1, fname, false, __location__);
+	correct &= check_delete_on_close(tctx, cli1, fnum2, fname, false, __location__);
+
+	/* Now try opening again for read-only. */
+	fnum3 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_READ|
+				      SEC_STD_DELETE,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN,
+				      NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 0);
+
+	/* Should work. */
+	torture_assert(tctx, fnum3 != -1, talloc_asprintf(tctx, "open - 3 of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	/* still not reported as being set on either */
+	correct &= check_delete_on_close(tctx, cli1, fnum1, fname, false, __location__);
+	correct &= check_delete_on_close(tctx, cli1, fnum2, fname, false, __location__);
+	correct &= check_delete_on_close(tctx, cli1, fnum3, fname, false, __location__);
+
+	smbcli_close(cli1->tree, fnum1);
+
+	/*
+	 * closing the handle that has delete_on_close set
+	 * inherits the flag to the global context
+	 */
+	correct &= check_delete_on_close(tctx, cli1, fnum2, fname, true, __location__);
+	correct &= check_delete_on_close(tctx, cli1, fnum3, fname, true, __location__);
+
+
+	status = smbcli_nt_delete_on_close(cli1->tree, fnum2, false);
+	torture_assert_ntstatus_ok(tctx, status,
+					"clearing delete_on_close on file failed !");
+
+	correct &= check_delete_on_close(tctx, cli1, fnum2, fname, false, __location__);
+	correct &= check_delete_on_close(tctx, cli1, fnum3, fname, false, __location__);
+
+	smbcli_close(cli1->tree, fnum2);
+
+	correct &= check_delete_on_close(tctx, cli1, fnum3, fname, true, __location__);
+
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDWR, DENY_NONE);
+	torture_assert(tctx, fnum1 == -1, talloc_asprintf(tctx, "open - 4 of %s succeeded (should fail)",
+		       fname));
+
+	CHECK_STATUS(cli1, NT_STATUS_DELETE_PENDING);
+
+	smbcli_close(cli1->tree, fnum3);
+
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDWR, DENY_NONE);
+	torture_assert(tctx, fnum1 == -1, talloc_asprintf(tctx, "open - 5 of %s succeeded (should fail)",
+		       fname));
+
+	CHECK_STATUS(cli1, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	return correct;
+}
+
+/* Test 18 ... */
+static bool deltest18(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	int fnum1 = -1;
+	int fnum2 = -1;
+	bool correct = true;
+
+	del_clean_area(cli1, cli2);
+
+	/* Test 18. With directories. */
+
+	/* Ensure the file doesn't already exist. */
+	smbcli_close(cli1->tree, fnum1);
+	smbcli_close(cli1->tree, fnum2);
+
+	smbcli_deltree(cli1->tree, dname);
+
+	/* Firstly create with all access, but delete on close. */
+	fnum1 = smbcli_nt_create_full(cli1->tree, dname, 0,
+				      SEC_FILE_READ_DATA|
+				      SEC_FILE_WRITE_DATA|
+				      SEC_STD_DELETE,
+				      FILE_ATTRIBUTE_DIRECTORY,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_CREATE,
+				      NTCREATEX_OPTIONS_DIRECTORY|NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 0);
+
+	torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open - 1 of %s failed (%s)",
+		       dname, smbcli_errstr(cli1->tree)));
+
+	/*
+	 * The delete on close bit is *not* reported as being set.
+	 * Win2k3/win2k8 should pass this check, but WinXPsp2 reports delete on
+	 * close as being set.	This causes the subsequent create to fail with
+	 * NT_STATUS_DELETE_PENDING.
+	 */
+	correct &= check_delete_on_close(tctx, cli1, fnum1, dname, false, __location__);
+
+	/* Now try opening again for read-only. */
+	fnum2 = smbcli_nt_create_full(cli1->tree, dname, 0,
+				      SEC_RIGHTS_FILE_READ,
+				      FILE_ATTRIBUTE_DIRECTORY,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN,
+				      NTCREATEX_OPTIONS_DIRECTORY, 0);
+
+
+	/* Should work. */
+	torture_assert(tctx, fnum2 != -1, talloc_asprintf(tctx, "open - 1 of %s failed (%s)",
+		       dname, smbcli_errstr(cli1->tree)));
+
+	correct &= check_delete_on_close(tctx, cli1, fnum1, dname, false, __location__);
+	correct &= check_delete_on_close(tctx, cli1, fnum2, dname, false, __location__);
+
+	smbcli_close(cli1->tree, fnum1);
+
+	correct &= check_delete_on_close(tctx, cli1, fnum2, dname, true, __location__);
+
+	smbcli_close(cli1->tree, fnum2);
+
+	/* And the directory should be deleted ! */
+	fnum1 = smbcli_nt_create_full(cli1->tree, dname, 0,
+				      SEC_RIGHTS_FILE_READ,
+				      FILE_ATTRIBUTE_DIRECTORY,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN,
+				      NTCREATEX_OPTIONS_DIRECTORY, 0);
+	torture_assert(tctx, fnum1 == -1, talloc_asprintf(tctx, "open of %s succeeded (should fail)",
+		       dname));
+
+	return correct;
+}
+
+/* Test 19 ... */
+static bool deltest19(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	int fnum1 = -1;
+	int fnum2 = -1;
+	bool correct = true;
+
+	del_clean_area(cli1, cli2);
+
+	/* Test 19. */
+
+	smbcli_deltree(cli1->tree, dname);
+
+	/* Firstly open and create with all access */
+	fnum1 = smbcli_nt_create_full(cli1->tree, dname, 0,
+				      SEC_FILE_READ_DATA|
+				      SEC_FILE_WRITE_DATA|
+				      SEC_STD_DELETE,
+				      FILE_ATTRIBUTE_DIRECTORY,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_CREATE,
+				      NTCREATEX_OPTIONS_DIRECTORY, 0);
+
+	torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open - 1 of %s failed (%s)",
+		       dname, smbcli_errstr(cli1->tree)));
+
+	/* And close - just to create the directory. */
+	smbcli_close(cli1->tree, fnum1);
+
+	/* Next open with all access, but add delete on close. */
+	fnum1 = smbcli_nt_create_full(cli1->tree, dname, 0,
+				      SEC_FILE_READ_DATA|
+				      SEC_FILE_WRITE_DATA|
+				      SEC_STD_DELETE,
+				      FILE_ATTRIBUTE_DIRECTORY,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN,
+				      NTCREATEX_OPTIONS_DIRECTORY|NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 0);
+
+	torture_assert(tctx, fnum1 != -1,
+		talloc_asprintf(tctx, "open - 1 of %s failed (%s)", fname, smbcli_errstr(cli1->tree)));
+
+	/*
+	 * The delete on close bit is *not* reported as being set.
+	 * Win2k3/win2k8 should pass this check, but WinXPsp2 reports delete on
+	 * close as being set.	This causes the subsequent create to fail with
+	 * NT_STATUS_DELETE_PENDING.
+	 */
+	correct &= check_delete_on_close(tctx, cli1, fnum1, dname, false, __location__);
+
+	/* Now try opening again for read-only. */
+	fnum2 = smbcli_nt_create_full(cli1->tree, dname, 0,
+				      SEC_RIGHTS_FILE_READ,
+				      FILE_ATTRIBUTE_DIRECTORY,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN,
+				      NTCREATEX_OPTIONS_DIRECTORY, 0);
+
+	/* Should work. */
+	torture_assert(tctx, fnum2 != -1, talloc_asprintf(tctx, "open - 1 of %s failed (%s)",
+		       dname, smbcli_errstr(cli1->tree)));
+
+	smbcli_close(cli1->tree, fnum1);
+
+	correct &= check_delete_on_close(tctx, cli1, fnum2, dname, true, __location__);
+
+	smbcli_close(cli1->tree, fnum2);
+
+	/* See if the file is deleted - for a directory this seems to be true ! */
+	fnum1 = smbcli_nt_create_full(cli1->tree, dname, 0,
+				      SEC_RIGHTS_FILE_READ,
+				      FILE_ATTRIBUTE_DIRECTORY,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN,
+				      NTCREATEX_OPTIONS_DIRECTORY, 0);
+
+	CHECK_STATUS(cli1, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	torture_assert(tctx, fnum1 == -1,
+		talloc_asprintf(tctx, "open of %s succeeded (should fail)", dname));
+
+	return correct;
+}
+
+/* Test 20 ... */
+static bool deltest20(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	int fnum1 = -1;
+	int dnum1 = -1;
+	bool correct = true;
+	NTSTATUS status;
+	int ret;
+
+	if (geteuid() == 0) {
+		torture_skip(tctx, "This test doesn't work as user root.");
+	}
+
+	del_clean_area(cli1, cli2);
+
+	/* Test 20 -- non-empty directory hardest to get right... */
+
+	smbcli_deltree(cli1->tree, dname);
+
+	dnum1 = smbcli_nt_create_full(cli1->tree, dname, 0,
+				      SEC_FILE_READ_DATA|
+				      SEC_FILE_WRITE_DATA|
+				      SEC_STD_DELETE,
+				      FILE_ATTRIBUTE_DIRECTORY,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_CREATE,
+				      NTCREATEX_OPTIONS_DIRECTORY, 0);
+	torture_assert(tctx, dnum1 != -1, talloc_asprintf(tctx, "open of %s failed: %s!",
+		       dname, smbcli_errstr(cli1->tree)));
+
+	correct &= check_delete_on_close(tctx, cli1, dnum1, dname, false, __location__);
+	status = smbcli_nt_delete_on_close(cli1->tree, dnum1, true);
+
+	{
+		char *fullname;
+		ret = asprintf(&fullname, "\\%s%s", dname, fname);
+		torture_assert(tctx, ret != -1, "asprintf failed");
+		fnum1 = smbcli_open(cli1->tree, fullname, O_CREAT|O_RDWR,
+				    DENY_NONE);
+		torture_assert(tctx, fnum1 == -1,
+				"smbcli_open succeeded, should have "
+			       "failed with NT_STATUS_DELETE_PENDING"
+			       );
+
+		torture_assert_ntstatus_equal(tctx,
+					 smbcli_nt_error(cli1->tree),
+				     NT_STATUS_DELETE_PENDING,
+					"smbcli_open failed");
+	}
+
+	status = smbcli_nt_delete_on_close(cli1->tree, dnum1, false);
+	torture_assert_ntstatus_ok(tctx, status,
+					"unsetting delete_on_close on file failed !");
+
+	{
+		char *fullname;
+		ret = asprintf(&fullname, "\\%s%s", dname, fname);
+		torture_assert(tctx, ret != -1, "asprintf failed");
+		fnum1 = smbcli_open(cli1->tree, fullname, O_CREAT|O_RDWR,
+				    DENY_NONE);
+		torture_assert(tctx, fnum1 != -1,
+				talloc_asprintf(tctx, "smbcli_open failed: %s\n",
+			       smbcli_errstr(cli1->tree)));
+		smbcli_close(cli1->tree, fnum1);
+	}
+
+	status = smbcli_nt_delete_on_close(cli1->tree, dnum1, true);
+
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_DIRECTORY_NOT_EMPTY,
+		 "setting delete_on_close failed");
+	smbcli_close(cli1->tree, dnum1);
+
+	return correct;
+}
+
+/* Test 20a ... */
+static bool deltest20a(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	int fnum1 = -1;
+	int fnum2 = -1;
+	bool correct = true;
+
+	del_clean_area(cli1, cli2);
+
+	/* Test 20a. */
+
+	/* Ensure the file doesn't already exist. */
+	smbcli_close(cli1->tree, fnum1);
+	smbcli_close(cli1->tree, fnum2);
+	smbcli_setatr(cli1->tree, fname, 0, 0);
+	smbcli_unlink(cli1->tree, fname);
+
+	/* Firstly open and create with all access */
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_ALL,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_CREATE,
+				      0, 0);
+	torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open - 1 of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	/* Next open with all access, but add delete on close. */
+	fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0,
+				      SEC_RIGHTS_FILE_ALL,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN,
+				      NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 0);
+
+	torture_assert(tctx, fnum2 != -1, talloc_asprintf(tctx, "open - 2 of %s failed (%s)",
+		       fname, smbcli_errstr(cli2->tree)));
+
+	/* The delete on close bit is *not* reported as being set. */
+	correct &= check_delete_on_close(tctx, cli1, fnum1, fname, false, __location__);
+	correct &= check_delete_on_close(tctx, cli2, fnum2, fname, false, __location__);
+
+	smbcli_close(cli1->tree, fnum1);
+
+	correct &= check_delete_on_close(tctx, cli2, fnum2, fname, false, __location__);
+
+	smbcli_close(cli2->tree, fnum2);
+
+	/* See if the file is deleted - should be.... */
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDWR, DENY_NONE);
+	torture_assert(tctx, fnum1 == -1, talloc_asprintf(tctx, "open of %s succeeded (should fail) - %s",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	return correct;
+}
+
+/* Test 20b ... */
+/* This is the delete semantics that the cifsfs client depends on when
+ * trying to delete an open file on a Windows server. It
+ * opens a file with initial delete on close set, renames it then closes
+ * all open handles. The file goes away on Windows.
+ */
+
+static bool deltest20b(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	int fnum1 = -1;
+	int fnum2 = -1;
+	bool correct = true;
+
+	del_clean_area(cli1, cli2);
+
+	/* Test 20b. */
+
+	/* Ensure the file doesn't already exist. */
+	smbcli_close(cli1->tree, fnum1);
+	smbcli_close(cli1->tree, fnum2);
+	smbcli_setatr(cli1->tree, fname, 0, 0);
+	smbcli_unlink(cli1->tree, fname);
+	smbcli_setatr(cli1->tree, fname_new, 0, 0);
+	smbcli_unlink(cli1->tree, fname_new);
+
+	/* Firstly open and create with all access */
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_ALL,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_CREATE,
+				      0, 0);
+	torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open - 1 of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	/* And close - just to create the file. */
+	smbcli_close(cli1->tree, fnum1);
+
+	/* Firstly open and create with all access */
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_ALL,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN,
+				      0, 0);
+	torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open - 1 of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	/* Next open with all access, but add delete on close. */
+	fnum2 = smbcli_nt_create_full(cli2->tree, fname, 0,
+				      SEC_RIGHTS_FILE_ALL,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN,
+				      NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 0);
+
+	torture_assert(tctx, fnum2 != -1, talloc_asprintf(tctx, "open - 2 of %s failed (%s)",
+		       fname, smbcli_errstr(cli2->tree)));
+
+	/* The delete on close bit is *not* reported as being set. */
+	correct &= check_delete_on_close(tctx, cli1, fnum1, fname, false, __location__);
+	correct &= check_delete_on_close(tctx, cli2, fnum2, fname, false, __location__);
+
+	smbcli_close(cli1->tree, fnum1);
+
+	correct &= check_delete_on_close(tctx, cli2, fnum2, fname, false, __location__);
+
+	/* Rename the file by handle. */
+
+	{
+		union smb_setfileinfo sfinfo;
+		NTSTATUS status;
+
+		memset(&sfinfo, '\0', sizeof(sfinfo));
+		sfinfo.generic.level = RAW_SFILEINFO_RENAME_INFORMATION;
+		sfinfo.generic.in.file.fnum = fnum2;
+		sfinfo.rename_information.in.root_fid  = 0;
+		/* Don't start the filename with '\\', we get NT_STATUS_NOT_SUPPORTED if so. */
+		sfinfo.rename_information.in.new_name  = fname_new + 1;
+		sfinfo.rename_information.in.overwrite = 1;
+
+		status = smb_raw_setfileinfo(cli2->tree, &sfinfo);
+
+		torture_assert_ntstatus_equal(tctx,status,NT_STATUS_OK,talloc_asprintf(tctx, "rename of %s to %s failed (%s)",
+			fname, fname_new, smbcli_errstr(cli2->tree)));
+	}
+
+	correct &= check_delete_on_close(tctx, cli2, fnum2, fname_new, false, __location__);
+
+	smbcli_close(cli2->tree, fnum2);
+
+	/* See if the file is deleted - should be.... */
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDWR, DENY_NONE);
+	torture_assert(tctx, fnum1 == -1, talloc_asprintf(tctx, "open of %s succeeded (should fail) - %s",
+		       fname, smbcli_errstr(cli1->tree)));
+	fnum1 = smbcli_open(cli1->tree, fname_new, O_RDWR, DENY_NONE);
+	torture_assert(tctx, fnum1 == -1, talloc_asprintf(tctx, "open of %s succeeded (should fail) - %s",
+		       fname_new, smbcli_errstr(cli1->tree)));
+
+	return correct;
+}
+
+/* Test 20c */
+/* Along the lines of deltest20 we try to open a non-empty directory with delete
+ * on close set and subsequent close to verify its presence in the tree.
+ */
+static bool deltest20c(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	int fnum1 = -1;
+	int dnum1 = -1;
+	int ret;
+	char *fullname;
+
+	del_clean_area(cli1, cli2);
+
+	smbcli_deltree(cli1->tree, dname);
+
+	/* Firstly open and create with all access */
+	dnum1 = smbcli_nt_create_full(cli1->tree, dname, 0,
+				      SEC_FILE_READ_DATA|
+				      SEC_FILE_WRITE_DATA|
+				      SEC_STD_DELETE,
+				      FILE_ATTRIBUTE_DIRECTORY,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_CREATE,
+				      NTCREATEX_OPTIONS_DIRECTORY, 0);
+	torture_assert(tctx, dnum1 != -1, talloc_asprintf(tctx, "open of %s failed: %s",
+		       dname, smbcli_errstr(cli1->tree)));
+
+	/* And close - just to create the directory */
+	smbcli_close(cli1->tree, dnum1);
+
+	ret = asprintf(&fullname, "\\%s%s", dname, fname);
+	torture_assert(tctx, ret != -1, "asprintf failed");
+
+	/* Open and create with all access */
+	fnum1 = smbcli_nt_create_full(cli1->tree, fullname, 0,
+				      SEC_RIGHTS_FILE_ALL,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_CREATE,
+				      0, 0);
+	torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open of %s failed: %s",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	/* And close - just to create the file. */
+	smbcli_close(cli1->tree, fnum1);
+
+	/* Open with all access, but add delete on close */
+	dnum1 = smbcli_nt_create_full(cli1->tree, dname, 0,
+				      SEC_FILE_READ_DATA|
+				      SEC_FILE_WRITE_DATA|
+				      SEC_STD_DELETE,
+				      FILE_ATTRIBUTE_DIRECTORY,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN,
+				      NTCREATEX_OPTIONS_DIRECTORY|NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 0);
+	/* Should work */
+	torture_assert(tctx, dnum1 != -1, talloc_asprintf(tctx, "open of %s failed: %s",
+		       dname, smbcli_errstr(cli1->tree)));
+
+	smbcli_close(cli1->tree, dnum1);
+
+	/* Try to open again */
+	dnum1 = smbcli_nt_create_full(cli1->tree, dname, 0,
+				      SEC_FILE_READ_DATA|
+				      SEC_FILE_WRITE_DATA|
+				      SEC_STD_DELETE,
+				      FILE_ATTRIBUTE_DIRECTORY,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN,
+				      NTCREATEX_OPTIONS_DIRECTORY, 0);
+	/* Directory should be still present*/
+	torture_assert(tctx, dnum1 != -1, talloc_asprintf(tctx, "open of %s failed: %s",
+		       dname, smbcli_errstr(cli1->tree)));
+
+	smbcli_close(cli1->tree, dnum1);
+
+	return true;
+}
+
+/* Test 21 ... */
+static bool deltest21(struct torture_context *tctx)
+{
+	int fnum1 = -1;
+	struct smbcli_state *cli1;
+	struct smbcli_state *cli2;
+	bool correct = true;
+
+	if (!torture_open_connection(&cli1, tctx, 0))
+		return false;
+
+	if (!torture_open_connection(&cli2, tctx, 1))
+		return false;
+
+	del_clean_area(cli1, cli2);
+
+	/* Test 21 -- Test removal of file after socket close. */
+
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_ALL,
+				      FILE_ATTRIBUTE_NORMAL, NTCREATEX_SHARE_ACCESS_NONE,
+				      NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
+
+	torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open of %s failed (%s)",
+		       fname, smbcli_errstr(cli1->tree)));
+
+	torture_assert_ntstatus_ok(tctx,
+				smbcli_nt_delete_on_close(cli1->tree, fnum1, true),
+				talloc_asprintf(tctx, "setting delete_on_close failed (%s)",
+		       smbcli_errstr(cli1->tree)));
+
+	/* Ensure delete on close is set. */
+	correct &= check_delete_on_close(tctx, cli1, fnum1, fname, true, __location__);
+
+	/* Now yank the rug from under cli1. */
+	smbcli_transport_dead(cli1->transport, NT_STATUS_LOCAL_DISCONNECT);
+
+	fnum1 = -1;
+
+	if (!torture_open_connection(&cli1, tctx, 0)) {
+		return false;
+	}
+
+	/* On slow build farm machines it might happen that they are not fast
+	 * enough to delete the file for this test */
+	smb_msleep(200);
+
+	/* File should not be there. */
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_READ,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN,
+				      0, 0);
+
+	CHECK_STATUS(cli1, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	return correct;
+}
+
+/* Test 22 ... */
+
+/*
+ * Test whether a second *directory* handle inhibits delete if the first has
+ * del-on-close set and is closed
+ */
+static bool deltest22(struct torture_context *tctx)
+{
+	int dnum1 = -1;
+	int dnum2 = -1;
+	struct smbcli_state *cli1;
+	bool correct = true;
+
+	if (!torture_open_connection(&cli1, tctx, 0))
+		return false;
+
+	smbcli_deltree(cli1->tree, dname);
+
+	torture_assert_ntstatus_ok(
+		tctx, smbcli_mkdir(cli1->tree, dname),
+		talloc_asprintf(tctx, "smbcli_mdir failed: (%s)\n",
+				smbcli_errstr(cli1->tree)));
+
+	dnum1 = smbcli_nt_create_full(cli1->tree, dname, 0,
+				      SEC_FILE_READ_DATA|
+				      SEC_FILE_WRITE_DATA|
+				      SEC_STD_DELETE,
+				      FILE_ATTRIBUTE_DIRECTORY,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN,
+				      NTCREATEX_OPTIONS_DIRECTORY, 0);
+
+	torture_assert(tctx, dnum1 != -1,
+		       talloc_asprintf(tctx, "open of %s failed: %s!",
+				       dname, smbcli_errstr(cli1->tree)));
+
+	dnum2 = smbcli_nt_create_full(cli1->tree, dname, 0,
+				      SEC_FILE_READ_DATA|
+				      SEC_FILE_WRITE_DATA,
+				      FILE_ATTRIBUTE_DIRECTORY,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN,
+				      NTCREATEX_OPTIONS_DIRECTORY, 0);
+
+	torture_assert(tctx, dnum2 != -1,
+		       talloc_asprintf(tctx, "open of %s failed: %s!",
+				       dname, smbcli_errstr(cli1->tree)));
+
+	torture_assert_ntstatus_ok(
+		tctx, smbcli_nt_delete_on_close(cli1->tree, dnum1, true),
+		talloc_asprintf(tctx, "setting delete_on_close failed (%s)",
+				smbcli_errstr(cli1->tree)));
+
+	smbcli_close(cli1->tree, dnum1);
+
+	dnum1 = smbcli_nt_create_full(cli1->tree, dname, 0,
+				      SEC_FILE_READ_DATA|
+				      SEC_FILE_WRITE_DATA|
+				      SEC_STD_DELETE,
+				      FILE_ATTRIBUTE_DIRECTORY,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN,
+				      NTCREATEX_OPTIONS_DIRECTORY, 0);
+
+	torture_assert(tctx, dnum1 == -1,
+		       talloc_asprintf(tctx, "open of %s succeeded!\n",
+				       dname));
+
+	CHECK_STATUS(cli1, NT_STATUS_DELETE_PENDING);
+
+	smbcli_close(cli1->tree, dnum2);
+	CHECK_STATUS(cli1, NT_STATUS_OK);
+
+	return correct;
+}
+
+/* Test 23 - Second directory open fails when delete is pending. */
+static bool deltest23(struct torture_context *tctx,
+			struct smbcli_state *cli1,
+			struct smbcli_state *cli2)
+{
+	int dnum1 = -1;
+	int dnum2 = -1;
+	bool correct = true;
+
+	del_clean_area(cli1, cli2);
+
+	/* Test 23 -- Basic delete on close for directories. */
+
+	/* Open a directory */
+	dnum1 = smbcli_nt_create_full(cli1->tree, dname, 0,
+				      SEC_FILE_READ_DATA|
+				      SEC_FILE_WRITE_DATA|
+				      SEC_STD_DELETE,
+				      FILE_ATTRIBUTE_DIRECTORY,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_CREATE,
+				      NTCREATEX_OPTIONS_DIRECTORY, 0);
+
+	torture_assert(tctx, dnum1 != -1, talloc_asprintf(tctx,
+			   "open of %s failed: %s!",
+			   dname, smbcli_errstr(cli1->tree)));
+
+	correct &= check_delete_on_close(tctx, cli1, dnum1, dname, false,
+	    __location__);
+
+	/* Set delete on close */
+	(void)smbcli_nt_delete_on_close(cli1->tree, dnum1, true);
+
+	/* Attempt opening the directory again.	 It should fail. */
+	dnum2 = smbcli_nt_create_full(cli1->tree, dname, 0,
+				      SEC_FILE_READ_DATA|
+				      SEC_FILE_WRITE_DATA|
+				      SEC_STD_DELETE,
+				      FILE_ATTRIBUTE_DIRECTORY,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN,
+				      NTCREATEX_OPTIONS_DIRECTORY, 0);
+
+	torture_assert(tctx, dnum2 == -1, talloc_asprintf(tctx,
+			   "open of %s succeeded: %s. It should have failed "
+			   "with NT_STATUS_DELETE_PENDING",
+			   dname, smbcli_errstr(cli1->tree)));
+
+	torture_assert_ntstatus_equal(tctx, smbcli_nt_error(cli1->tree),
+	    NT_STATUS_DELETE_PENDING, "smbcli_open failed");
+
+	return correct;
+}
+
+/* Test 24 ... */
+
+/*
+ * Test whether unsetting delete-on-close before the close has any effect.
+ * It should be ignored.
+ */
+static bool deltest24(struct torture_context *tctx)
+{
+	int fnum1 = -1;
+	struct smbcli_state *cli1;
+	bool correct = true;
+
+	if (!torture_open_connection(&cli1, tctx, 0))
+		return false;
+
+	smbcli_deltree(cli1->tree, fname);
+
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_FILE_READ_DATA|
+				      SEC_FILE_WRITE_DATA|
+				      SEC_STD_DELETE,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_CREATE,
+				      NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 0);
+
+	torture_assert(tctx, fnum1 != -1,
+		       talloc_asprintf(tctx, "open of %s failed: %s!",
+				       fname, smbcli_errstr(cli1->tree)));
+
+	/* Now, unset Delete-On-Close, but it should have no effect */
+	torture_assert_ntstatus_ok(
+		tctx, smbcli_nt_delete_on_close(cli1->tree, fnum1, false),
+		talloc_asprintf(tctx, "unsetting delete_on_close failed (%s)",
+				smbcli_errstr(cli1->tree)));
+
+	smbcli_close(cli1->tree, fnum1);
+
+	/* File should not be there. */
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0,
+				      SEC_RIGHTS_FILE_READ,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE|
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN,
+				      0, 0);
+
+	CHECK_STATUS(cli1, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	return correct;
+}
+
+/* Test 25 ... */
+static bool deltest25(struct torture_context *tctx,
+			struct smbcli_state *cli1,
+			struct smbcli_state *cli2)
+{
+	int fnum1 = -1;
+	NTSTATUS status;
+	uint32_t disps[4] = {
+			NTCREATEX_DISP_SUPERSEDE,
+			NTCREATEX_DISP_OVERWRITE_IF,
+			NTCREATEX_DISP_CREATE,
+			NTCREATEX_DISP_OPEN_IF};
+	unsigned int i;
+
+	del_clean_area(cli1, cli2);
+
+	for (i = 0; i < sizeof(disps)/sizeof(disps[0]); i++) {
+		/* This should fail - we need to set DELETE_ACCESS. */
+
+		/*
+		 * A file or directory create with DELETE_ON_CLOSE but
+		 * without DELETE_ACCESS should fail with
+		 * NT_STATUS_INVALID_PARAMETER.
+		 */
+
+		fnum1 = smbcli_nt_create_full(cli1->tree, dname, 0,
+				SEC_FILE_READ_DATA,
+				FILE_ATTRIBUTE_DIRECTORY,
+				NTCREATEX_SHARE_ACCESS_NONE,
+				disps[i],
+				NTCREATEX_OPTIONS_DIRECTORY|
+				NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 0);
+
+		torture_assert(tctx, fnum1 == -1,
+			talloc_asprintf(tctx, "open of %s succeeded "
+				"should have failed!",
+			dname));
+
+		/* Must fail with NT_STATUS_INVALID_PARAMETER. */
+		status = smbcli_nt_error(cli1->tree);
+		torture_assert_ntstatus_equal(tctx,
+			status,
+			NT_STATUS_INVALID_PARAMETER,
+			talloc_asprintf(tctx, "create of %s should return "
+				"NT_STATUS_INVALID_PARAMETER, got %s",
+			dname,
+			smbcli_errstr(cli1->tree)));
+
+		/*
+		 * This should fail - the directory
+		 * should not have been created.
+		 */
+		status = smbcli_getatr(cli1->tree, dname, NULL, NULL, NULL);
+		torture_assert_ntstatus_equal(tctx,
+			status,
+			NT_STATUS_OBJECT_NAME_NOT_FOUND,
+			talloc_asprintf(tctx, "getattr of %s succeeded should "
+				"not have been created !",
+			dname));
+	}
+
+	return true;
+}
+
+/* Test 25a... */
+static bool deltest25a(struct torture_context *tctx,
+		struct smbcli_state *cli1,
+		struct smbcli_state *cli2)
+{
+	int fnum1 = -1;
+	NTSTATUS status;
+	uint32_t disps[4] = {
+			NTCREATEX_DISP_OVERWRITE_IF,
+			NTCREATEX_DISP_OPEN,
+			NTCREATEX_DISP_OVERWRITE,
+			NTCREATEX_DISP_OPEN_IF};
+
+	unsigned int i;
+
+	del_clean_area(cli1, cli2);
+
+	/* Create the directory, and try with open calls. */
+	status = smbcli_mkdir(cli1->tree, dname);
+	torture_assert_ntstatus_ok(tctx,
+		status,
+		talloc_asprintf(tctx, "mkdir of %s failed %s",
+		dname,
+		smbcli_errstr(cli1->tree)));
+
+	for (i = 0; i < sizeof(disps)/sizeof(disps[0]); i++) {
+		fnum1 = smbcli_nt_create_full(cli1->tree, dname, 0,
+				SEC_FILE_READ_DATA,
+				FILE_ATTRIBUTE_DIRECTORY,
+				NTCREATEX_SHARE_ACCESS_NONE,
+				disps[i],
+				NTCREATEX_OPTIONS_DIRECTORY|
+				NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 0);
+
+		torture_assert(tctx, fnum1 == -1,
+			talloc_asprintf(tctx, "open of %s succeeded "
+				"should have failed!",
+			dname));
+
+		/* Must fail with NT_STATUS_INVALID_PARAMETER. */
+		status = smbcli_nt_error(cli1->tree);
+		torture_assert_ntstatus_equal(tctx,
+			status,
+			NT_STATUS_INVALID_PARAMETER,
+			talloc_asprintf(tctx, "create of %s should return "
+				"NT_STATUS_INVALID_PARAMETER, got %s",
+			dname,
+			smbcli_errstr(cli1->tree)));
+
+		/*
+		 * This should succeed - the directory
+		 * should not have been deleted.
+		 */
+		status = smbcli_getatr(cli1->tree, dname, NULL, NULL, NULL);
+		torture_assert_ntstatus_ok(tctx,
+			status,
+			talloc_asprintf(tctx, "getattr of %s failed %s",
+			fname,
+			smbcli_errstr(cli1->tree)));
+	}
+
+	del_clean_area(cli1, cli2);
+	return true;
+}
+
+/*
+  Test delete on close semantics.
+ */
+struct torture_suite *torture_test_delete(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(
+		ctx, "delete");
+
+	torture_suite_add_2smb_test(suite, "deltest1", deltest1);
+	torture_suite_add_2smb_test(suite, "deltest2", deltest2);
+	torture_suite_add_2smb_test(suite, "deltest3", deltest3);
+	torture_suite_add_2smb_test(suite, "deltest4", deltest4);
+	torture_suite_add_2smb_test(suite, "deltest5", deltest5);
+	torture_suite_add_2smb_test(suite, "deltest6", deltest6);
+	torture_suite_add_2smb_test(suite, "deltest7", deltest7);
+	torture_suite_add_2smb_test(suite, "deltest8", deltest8);
+	torture_suite_add_2smb_test(suite, "deltest9", deltest9);
+	torture_suite_add_2smb_test(suite, "deltest9a", deltest9a);
+	torture_suite_add_2smb_test(suite, "deltest10", deltest10);
+	torture_suite_add_2smb_test(suite, "deltest11", deltest11);
+	torture_suite_add_2smb_test(suite, "deltest12", deltest12);
+	torture_suite_add_2smb_test(suite, "deltest13", deltest13);
+	torture_suite_add_2smb_test(suite, "deltest14", deltest14);
+	torture_suite_add_2smb_test(suite, "deltest15", deltest15);
+	torture_suite_add_2smb_test(suite, "deltest16", deltest16);
+	torture_suite_add_2smb_test(suite, "deltest16a", deltest16a);
+	torture_suite_add_2smb_test(suite, "deltest17", deltest17);
+	torture_suite_add_2smb_test(suite, "deltest17a", deltest17a);
+	torture_suite_add_2smb_test(suite, "deltest17b", deltest17b);
+	torture_suite_add_2smb_test(suite, "deltest17c", deltest17c);
+	torture_suite_add_2smb_test(suite, "deltest17d", deltest17d);
+	torture_suite_add_2smb_test(suite, "deltest17e", deltest17e);
+	torture_suite_add_2smb_test(suite, "deltest17f", deltest17f);
+	torture_suite_add_2smb_test(suite, "deltest18", deltest18);
+	torture_suite_add_2smb_test(suite, "deltest19", deltest19);
+	torture_suite_add_2smb_test(suite, "deltest20", deltest20);
+	torture_suite_add_2smb_test(suite, "deltest20a", deltest20a);
+	torture_suite_add_2smb_test(suite, "deltest20b", deltest20b);
+	torture_suite_add_2smb_test(suite, "deltest20c", deltest20c);
+	torture_suite_add_simple_test(suite, "deltest21", deltest21);
+	torture_suite_add_simple_test(suite, "deltest22", deltest22);
+	torture_suite_add_2smb_test(suite, "deltest23", deltest23);
+	torture_suite_add_simple_test(suite, "deltest24", deltest24);
+	torture_suite_add_2smb_test(suite, "deltest25", deltest25);
+	torture_suite_add_2smb_test(suite, "deltest25a", deltest25a);
+
+	return suite;
+}
diff --git a/source4/torture/basic/denytest.c b/source4/torture/basic/denytest.c
new file mode 100644
index 0000000..c9f4a97
--- /dev/null
+++ b/source4/torture/basic/denytest.c
@@ -0,0 +1,2819 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB torture tester - deny mode scanning functions
+   Copyright (C) Andrew Tridgell 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "libcli/libcli.h"
+#include "libcli/security/security.h"
+#include "torture/util.h"
+#include "cxd_known.h"
+#include "torture/basic/proto.h"
+
+extern int torture_failures;
+
+#define CHECK_MAX_FAILURES(label) do { if (++failures >= torture_failures) goto label; } while (0)
+
+enum deny_result {A_0=0, A_X=1, A_R=2, A_W=3, A_RW=5};
+
+static const char *denystr(int denymode)
+{
+	const struct {
+		int v;
+		const char *name; 
+	} deny_modes[] = {
+		{DENY_DOS, "DENY_DOS"},
+		{DENY_ALL, "DENY_ALL"},
+		{DENY_WRITE, "DENY_WRITE"},
+		{DENY_READ, "DENY_READ"},
+		{DENY_NONE, "DENY_NONE"},
+		{DENY_FCB, "DENY_FCB"},
+		{-1, NULL}};
+	int i;
+	for (i=0;deny_modes[i].name;i++) {
+		if (deny_modes[i].v == denymode) return deny_modes[i].name;
+	}
+	return "DENY_XXX";
+}
+
+static const char *openstr(int mode)
+{
+	const struct {
+		int v;
+		const char *name; 
+	} open_modes[] = {
+		{O_RDWR, "O_RDWR"},
+		{O_RDONLY, "O_RDONLY"},
+		{O_WRONLY, "O_WRONLY"},
+		{-1, NULL}};
+	int i;
+	for (i=0;open_modes[i].name;i++) {
+		if (open_modes[i].v == mode) return open_modes[i].name;
+	}
+	return "O_XXX";
+}
+
+static const char *resultstr(enum deny_result res)
+{
+	const struct {
+		enum deny_result res;
+		const char *name; 
+	} results[] = {
+		{A_X, "X"},
+		{A_0, "-"},
+		{A_R, "R"},
+		{A_W, "W"},
+		{A_RW,"RW"}};
+	int i;
+	for (i=0;i<ARRAY_SIZE(results);i++) {
+		if (results[i].res == res) return results[i].name;
+	}
+	return "*";
+}
+
+static const struct {
+	int isexe;
+	int mode1, deny1;
+	int mode2, deny2;
+	enum deny_result result;
+} denytable2[] = {
+{1,   O_RDWR,   DENY_DOS,      O_RDWR,   DENY_DOS,     A_RW},
+{1,   O_RDWR,   DENY_DOS,    O_RDONLY,   DENY_DOS,     A_R},
+{1,   O_RDWR,   DENY_DOS,    O_WRONLY,   DENY_DOS,     A_W},
+{1,   O_RDWR,   DENY_DOS,      O_RDWR,   DENY_ALL,     A_0},
+{1,   O_RDWR,   DENY_DOS,    O_RDONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,   DENY_DOS,    O_WRONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,   DENY_DOS,      O_RDWR, DENY_WRITE,     A_0},
+{1,   O_RDWR,   DENY_DOS,    O_RDONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,   DENY_DOS,    O_WRONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,   DENY_DOS,      O_RDWR,  DENY_READ,     A_0},
+{1,   O_RDWR,   DENY_DOS,    O_RDONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,   DENY_DOS,    O_WRONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,   DENY_DOS,      O_RDWR,  DENY_NONE,     A_RW},
+{1,   O_RDWR,   DENY_DOS,    O_RDONLY,  DENY_NONE,     A_R},
+{1,   O_RDWR,   DENY_DOS,    O_WRONLY,  DENY_NONE,     A_W},
+{1,   O_RDWR,   DENY_DOS,      O_RDWR,   DENY_FCB,     A_0},
+{1,   O_RDWR,   DENY_DOS,    O_RDONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR,   DENY_DOS,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY,   DENY_DOS,      O_RDWR,   DENY_DOS,     A_RW},
+{1, O_RDONLY,   DENY_DOS,    O_RDONLY,   DENY_DOS,     A_R},
+{1, O_RDONLY,   DENY_DOS,    O_WRONLY,   DENY_DOS,     A_W},
+{1, O_RDONLY,   DENY_DOS,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_RDONLY,   DENY_DOS,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,   DENY_DOS,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,   DENY_DOS,      O_RDWR, DENY_WRITE,     A_RW},
+{1, O_RDONLY,   DENY_DOS,    O_RDONLY, DENY_WRITE,     A_R},
+{1, O_RDONLY,   DENY_DOS,    O_WRONLY, DENY_WRITE,     A_W},
+{1, O_RDONLY,   DENY_DOS,      O_RDWR,  DENY_READ,     A_0},
+{1, O_RDONLY,   DENY_DOS,    O_RDONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,   DENY_DOS,    O_WRONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,   DENY_DOS,      O_RDWR,  DENY_NONE,     A_RW},
+{1, O_RDONLY,   DENY_DOS,    O_RDONLY,  DENY_NONE,     A_R},
+{1, O_RDONLY,   DENY_DOS,    O_WRONLY,  DENY_NONE,     A_W},
+{1, O_RDONLY,   DENY_DOS,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_RDONLY,   DENY_DOS,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY,   DENY_DOS,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY,   DENY_DOS,      O_RDWR,   DENY_DOS,     A_RW},
+{1, O_WRONLY,   DENY_DOS,    O_RDONLY,   DENY_DOS,     A_R},
+{1, O_WRONLY,   DENY_DOS,    O_WRONLY,   DENY_DOS,     A_W},
+{1, O_WRONLY,   DENY_DOS,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_WRONLY,   DENY_DOS,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,   DENY_DOS,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,   DENY_DOS,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_WRONLY,   DENY_DOS,    O_RDONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,   DENY_DOS,    O_WRONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,   DENY_DOS,      O_RDWR,  DENY_READ,     A_RW},
+{1, O_WRONLY,   DENY_DOS,    O_RDONLY,  DENY_READ,     A_R},
+{1, O_WRONLY,   DENY_DOS,    O_WRONLY,  DENY_READ,     A_W},
+{1, O_WRONLY,   DENY_DOS,      O_RDWR,  DENY_NONE,     A_RW},
+{1, O_WRONLY,   DENY_DOS,    O_RDONLY,  DENY_NONE,     A_R},
+{1, O_WRONLY,   DENY_DOS,    O_WRONLY,  DENY_NONE,     A_W},
+{1, O_WRONLY,   DENY_DOS,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_WRONLY,   DENY_DOS,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY,   DENY_DOS,    O_WRONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR,   DENY_ALL,      O_RDWR,   DENY_DOS,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_RDONLY,   DENY_DOS,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_WRONLY,   DENY_DOS,     A_0},
+{1,   O_RDWR,   DENY_ALL,      O_RDWR,   DENY_ALL,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_RDONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_WRONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,   DENY_ALL,      O_RDWR, DENY_WRITE,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_RDONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_WRONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,   DENY_ALL,      O_RDWR,  DENY_READ,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_RDONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_WRONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,   DENY_ALL,      O_RDWR,  DENY_NONE,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_RDONLY,  DENY_NONE,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_WRONLY,  DENY_NONE,     A_0},
+{1,   O_RDWR,   DENY_ALL,      O_RDWR,   DENY_FCB,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_RDONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY,   DENY_ALL,      O_RDWR,   DENY_DOS,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_RDONLY,   DENY_DOS,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_WRONLY,   DENY_DOS,     A_0},
+{1, O_RDONLY,   DENY_ALL,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,   DENY_ALL,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_RDONLY, DENY_WRITE,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_WRONLY, DENY_WRITE,     A_0},
+{1, O_RDONLY,   DENY_ALL,      O_RDWR,  DENY_READ,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_RDONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_WRONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,   DENY_ALL,      O_RDWR,  DENY_NONE,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_RDONLY,  DENY_NONE,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_WRONLY,  DENY_NONE,     A_0},
+{1, O_RDONLY,   DENY_ALL,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY,   DENY_ALL,      O_RDWR,   DENY_DOS,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_RDONLY,   DENY_DOS,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_WRONLY,   DENY_DOS,     A_0},
+{1, O_WRONLY,   DENY_ALL,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,   DENY_ALL,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_RDONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_WRONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,   DENY_ALL,      O_RDWR,  DENY_READ,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_RDONLY,  DENY_READ,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_WRONLY,  DENY_READ,     A_0},
+{1, O_WRONLY,   DENY_ALL,      O_RDWR,  DENY_NONE,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_RDONLY,  DENY_NONE,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_WRONLY,  DENY_NONE,     A_0},
+{1, O_WRONLY,   DENY_ALL,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_WRONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR, DENY_WRITE,      O_RDWR,   DENY_DOS,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_RDONLY,   DENY_DOS,     A_R},
+{1,   O_RDWR, DENY_WRITE,    O_WRONLY,   DENY_DOS,     A_0},
+{1,   O_RDWR, DENY_WRITE,      O_RDWR,   DENY_ALL,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_RDONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_WRONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR, DENY_WRITE,      O_RDWR, DENY_WRITE,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_RDONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_WRONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR, DENY_WRITE,      O_RDWR,  DENY_READ,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_RDONLY,  DENY_READ,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_WRONLY,  DENY_READ,     A_0},
+{1,   O_RDWR, DENY_WRITE,      O_RDWR,  DENY_NONE,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_RDONLY,  DENY_NONE,     A_R},
+{1,   O_RDWR, DENY_WRITE,    O_WRONLY,  DENY_NONE,     A_0},
+{1,   O_RDWR, DENY_WRITE,      O_RDWR,   DENY_FCB,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_RDONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY, DENY_WRITE,      O_RDWR,   DENY_DOS,     A_0},
+{1, O_RDONLY, DENY_WRITE,    O_RDONLY,   DENY_DOS,     A_R},
+{1, O_RDONLY, DENY_WRITE,    O_WRONLY,   DENY_DOS,     A_0},
+{1, O_RDONLY, DENY_WRITE,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_RDONLY, DENY_WRITE,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY, DENY_WRITE,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY, DENY_WRITE,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_RDONLY, DENY_WRITE,    O_RDONLY, DENY_WRITE,     A_R},
+{1, O_RDONLY, DENY_WRITE,    O_WRONLY, DENY_WRITE,     A_0},
+{1, O_RDONLY, DENY_WRITE,      O_RDWR,  DENY_READ,     A_0},
+{1, O_RDONLY, DENY_WRITE,    O_RDONLY,  DENY_READ,     A_0},
+{1, O_RDONLY, DENY_WRITE,    O_WRONLY,  DENY_READ,     A_0},
+{1, O_RDONLY, DENY_WRITE,      O_RDWR,  DENY_NONE,     A_0},
+{1, O_RDONLY, DENY_WRITE,    O_RDONLY,  DENY_NONE,     A_R},
+{1, O_RDONLY, DENY_WRITE,    O_WRONLY,  DENY_NONE,     A_0},
+{1, O_RDONLY, DENY_WRITE,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_RDONLY, DENY_WRITE,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY, DENY_WRITE,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY, DENY_WRITE,      O_RDWR,   DENY_DOS,     A_0},
+{1, O_WRONLY, DENY_WRITE,    O_RDONLY,   DENY_DOS,     A_R},
+{1, O_WRONLY, DENY_WRITE,    O_WRONLY,   DENY_DOS,     A_0},
+{1, O_WRONLY, DENY_WRITE,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_WRONLY, DENY_WRITE,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY, DENY_WRITE,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY, DENY_WRITE,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_WRONLY, DENY_WRITE,    O_RDONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY, DENY_WRITE,    O_WRONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY, DENY_WRITE,      O_RDWR,  DENY_READ,     A_0},
+{1, O_WRONLY, DENY_WRITE,    O_RDONLY,  DENY_READ,     A_R},
+{1, O_WRONLY, DENY_WRITE,    O_WRONLY,  DENY_READ,     A_0},
+{1, O_WRONLY, DENY_WRITE,      O_RDWR,  DENY_NONE,     A_0},
+{1, O_WRONLY, DENY_WRITE,    O_RDONLY,  DENY_NONE,     A_R},
+{1, O_WRONLY, DENY_WRITE,    O_WRONLY,  DENY_NONE,     A_0},
+{1, O_WRONLY, DENY_WRITE,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_WRONLY, DENY_WRITE,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY, DENY_WRITE,    O_WRONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR,  DENY_READ,      O_RDWR,   DENY_DOS,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_RDONLY,   DENY_DOS,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_WRONLY,   DENY_DOS,     A_W},
+{1,   O_RDWR,  DENY_READ,      O_RDWR,   DENY_ALL,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_RDONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_WRONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,  DENY_READ,      O_RDWR, DENY_WRITE,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_RDONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_WRONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,  DENY_READ,      O_RDWR,  DENY_READ,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_RDONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_WRONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,  DENY_READ,      O_RDWR,  DENY_NONE,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_RDONLY,  DENY_NONE,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_WRONLY,  DENY_NONE,     A_W},
+{1,   O_RDWR,  DENY_READ,      O_RDWR,   DENY_FCB,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_RDONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY,  DENY_READ,      O_RDWR,   DENY_DOS,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_RDONLY,   DENY_DOS,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_WRONLY,   DENY_DOS,     A_W},
+{1, O_RDONLY,  DENY_READ,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,  DENY_READ,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_RDONLY, DENY_WRITE,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_WRONLY, DENY_WRITE,     A_W},
+{1, O_RDONLY,  DENY_READ,      O_RDWR,  DENY_READ,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_RDONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_WRONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,  DENY_READ,      O_RDWR,  DENY_NONE,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_RDONLY,  DENY_NONE,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_WRONLY,  DENY_NONE,     A_W},
+{1, O_RDONLY,  DENY_READ,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY,  DENY_READ,      O_RDWR,   DENY_DOS,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_RDONLY,   DENY_DOS,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_WRONLY,   DENY_DOS,     A_W},
+{1, O_WRONLY,  DENY_READ,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,  DENY_READ,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_RDONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_WRONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,  DENY_READ,      O_RDWR,  DENY_READ,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_RDONLY,  DENY_READ,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_WRONLY,  DENY_READ,     A_W},
+{1, O_WRONLY,  DENY_READ,      O_RDWR,  DENY_NONE,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_RDONLY,  DENY_NONE,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_WRONLY,  DENY_NONE,     A_W},
+{1, O_WRONLY,  DENY_READ,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_WRONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR,  DENY_NONE,      O_RDWR,   DENY_DOS,     A_RW},
+{1,   O_RDWR,  DENY_NONE,    O_RDONLY,   DENY_DOS,     A_R},
+{1,   O_RDWR,  DENY_NONE,    O_WRONLY,   DENY_DOS,     A_W},
+{1,   O_RDWR,  DENY_NONE,      O_RDWR,   DENY_ALL,     A_0},
+{1,   O_RDWR,  DENY_NONE,    O_RDONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,  DENY_NONE,    O_WRONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,  DENY_NONE,      O_RDWR, DENY_WRITE,     A_0},
+{1,   O_RDWR,  DENY_NONE,    O_RDONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,  DENY_NONE,    O_WRONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,  DENY_NONE,      O_RDWR,  DENY_READ,     A_0},
+{1,   O_RDWR,  DENY_NONE,    O_RDONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,  DENY_NONE,    O_WRONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,  DENY_NONE,      O_RDWR,  DENY_NONE,     A_RW},
+{1,   O_RDWR,  DENY_NONE,    O_RDONLY,  DENY_NONE,     A_R},
+{1,   O_RDWR,  DENY_NONE,    O_WRONLY,  DENY_NONE,     A_W},
+{1,   O_RDWR,  DENY_NONE,      O_RDWR,   DENY_FCB,     A_0},
+{1,   O_RDWR,  DENY_NONE,    O_RDONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR,  DENY_NONE,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY,  DENY_NONE,      O_RDWR,   DENY_DOS,     A_RW},
+{1, O_RDONLY,  DENY_NONE,    O_RDONLY,   DENY_DOS,     A_R},
+{1, O_RDONLY,  DENY_NONE,    O_WRONLY,   DENY_DOS,     A_W},
+{1, O_RDONLY,  DENY_NONE,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_RDONLY,  DENY_NONE,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,  DENY_NONE,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,  DENY_NONE,      O_RDWR, DENY_WRITE,     A_RW},
+{1, O_RDONLY,  DENY_NONE,    O_RDONLY, DENY_WRITE,     A_R},
+{1, O_RDONLY,  DENY_NONE,    O_WRONLY, DENY_WRITE,     A_W},
+{1, O_RDONLY,  DENY_NONE,      O_RDWR,  DENY_READ,     A_0},
+{1, O_RDONLY,  DENY_NONE,    O_RDONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,  DENY_NONE,    O_WRONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,  DENY_NONE,      O_RDWR,  DENY_NONE,     A_RW},
+{1, O_RDONLY,  DENY_NONE,    O_RDONLY,  DENY_NONE,     A_R},
+{1, O_RDONLY,  DENY_NONE,    O_WRONLY,  DENY_NONE,     A_W},
+{1, O_RDONLY,  DENY_NONE,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_RDONLY,  DENY_NONE,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY,  DENY_NONE,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY,  DENY_NONE,      O_RDWR,   DENY_DOS,     A_RW},
+{1, O_WRONLY,  DENY_NONE,    O_RDONLY,   DENY_DOS,     A_R},
+{1, O_WRONLY,  DENY_NONE,    O_WRONLY,   DENY_DOS,     A_W},
+{1, O_WRONLY,  DENY_NONE,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_WRONLY,  DENY_NONE,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,  DENY_NONE,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,  DENY_NONE,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_WRONLY,  DENY_NONE,    O_RDONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,  DENY_NONE,    O_WRONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,  DENY_NONE,      O_RDWR,  DENY_READ,     A_RW},
+{1, O_WRONLY,  DENY_NONE,    O_RDONLY,  DENY_READ,     A_R},
+{1, O_WRONLY,  DENY_NONE,    O_WRONLY,  DENY_READ,     A_W},
+{1, O_WRONLY,  DENY_NONE,      O_RDWR,  DENY_NONE,     A_RW},
+{1, O_WRONLY,  DENY_NONE,    O_RDONLY,  DENY_NONE,     A_R},
+{1, O_WRONLY,  DENY_NONE,    O_WRONLY,  DENY_NONE,     A_W},
+{1, O_WRONLY,  DENY_NONE,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_WRONLY,  DENY_NONE,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY,  DENY_NONE,    O_WRONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR,   DENY_FCB,      O_RDWR,   DENY_DOS,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_RDONLY,   DENY_DOS,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_WRONLY,   DENY_DOS,     A_0},
+{1,   O_RDWR,   DENY_FCB,      O_RDWR,   DENY_ALL,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_RDONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_WRONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,   DENY_FCB,      O_RDWR, DENY_WRITE,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_RDONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_WRONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,   DENY_FCB,      O_RDWR,  DENY_READ,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_RDONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_WRONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,   DENY_FCB,      O_RDWR,  DENY_NONE,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_RDONLY,  DENY_NONE,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_WRONLY,  DENY_NONE,     A_0},
+{1,   O_RDWR,   DENY_FCB,      O_RDWR,   DENY_FCB,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_RDONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY,   DENY_FCB,      O_RDWR,   DENY_DOS,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_RDONLY,   DENY_DOS,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_WRONLY,   DENY_DOS,     A_0},
+{1, O_RDONLY,   DENY_FCB,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,   DENY_FCB,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_RDONLY, DENY_WRITE,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_WRONLY, DENY_WRITE,     A_0},
+{1, O_RDONLY,   DENY_FCB,      O_RDWR,  DENY_READ,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_RDONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_WRONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,   DENY_FCB,      O_RDWR,  DENY_NONE,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_RDONLY,  DENY_NONE,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_WRONLY,  DENY_NONE,     A_0},
+{1, O_RDONLY,   DENY_FCB,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY,   DENY_FCB,      O_RDWR,   DENY_DOS,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_RDONLY,   DENY_DOS,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_WRONLY,   DENY_DOS,     A_0},
+{1, O_WRONLY,   DENY_FCB,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,   DENY_FCB,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_RDONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_WRONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,   DENY_FCB,      O_RDWR,  DENY_READ,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_RDONLY,  DENY_READ,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_WRONLY,  DENY_READ,     A_0},
+{1, O_WRONLY,   DENY_FCB,      O_RDWR,  DENY_NONE,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_RDONLY,  DENY_NONE,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_WRONLY,  DENY_NONE,     A_0},
+{1, O_WRONLY,   DENY_FCB,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_WRONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR,   DENY_DOS,      O_RDWR,   DENY_DOS,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_RDONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_WRONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR,   DENY_DOS,      O_RDWR,   DENY_ALL,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_RDONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_WRONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,   DENY_DOS,      O_RDWR, DENY_WRITE,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_RDONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_WRONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,   DENY_DOS,      O_RDWR,  DENY_READ,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_RDONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_WRONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,   DENY_DOS,      O_RDWR,  DENY_NONE,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_RDONLY,  DENY_NONE,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_WRONLY,  DENY_NONE,     A_0},
+{0,   O_RDWR,   DENY_DOS,      O_RDWR,   DENY_FCB,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_RDONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY,   DENY_DOS,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_RDONLY,   DENY_DOS,    O_RDONLY,   DENY_DOS,     A_R},
+{0, O_RDONLY,   DENY_DOS,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_RDONLY,   DENY_DOS,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_RDONLY,   DENY_DOS,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,   DENY_DOS,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,   DENY_DOS,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_RDONLY,   DENY_DOS,    O_RDONLY, DENY_WRITE,     A_R},
+{0, O_RDONLY,   DENY_DOS,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_RDONLY,   DENY_DOS,      O_RDWR,  DENY_READ,     A_0},
+{0, O_RDONLY,   DENY_DOS,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,   DENY_DOS,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,   DENY_DOS,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_RDONLY,   DENY_DOS,    O_RDONLY,  DENY_NONE,     A_R},
+{0, O_RDONLY,   DENY_DOS,    O_WRONLY,  DENY_NONE,     A_0},
+{0, O_RDONLY,   DENY_DOS,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_RDONLY,   DENY_DOS,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY,   DENY_DOS,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY,   DENY_DOS,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_RDONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY,   DENY_DOS,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,   DENY_DOS,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_RDONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,   DENY_DOS,      O_RDWR,  DENY_READ,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_WRONLY,   DENY_DOS,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_RDONLY,  DENY_NONE,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_WRONLY,  DENY_NONE,     A_0},
+{0, O_WRONLY,   DENY_DOS,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_WRONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR,   DENY_ALL,      O_RDWR,   DENY_DOS,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_RDONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_WRONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR,   DENY_ALL,      O_RDWR,   DENY_ALL,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_RDONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_WRONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,   DENY_ALL,      O_RDWR, DENY_WRITE,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_RDONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_WRONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,   DENY_ALL,      O_RDWR,  DENY_READ,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_RDONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_WRONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,   DENY_ALL,      O_RDWR,  DENY_NONE,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_RDONLY,  DENY_NONE,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_WRONLY,  DENY_NONE,     A_0},
+{0,   O_RDWR,   DENY_ALL,      O_RDWR,   DENY_FCB,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_RDONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY,   DENY_ALL,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_RDONLY,   DENY_DOS,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_RDONLY,   DENY_ALL,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,   DENY_ALL,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_RDONLY, DENY_WRITE,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_RDONLY,   DENY_ALL,      O_RDWR,  DENY_READ,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,   DENY_ALL,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_RDONLY,  DENY_NONE,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_WRONLY,  DENY_NONE,     A_0},
+{0, O_RDONLY,   DENY_ALL,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY,   DENY_ALL,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_RDONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY,   DENY_ALL,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,   DENY_ALL,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_RDONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,   DENY_ALL,      O_RDWR,  DENY_READ,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_WRONLY,   DENY_ALL,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_RDONLY,  DENY_NONE,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_WRONLY,  DENY_NONE,     A_0},
+{0, O_WRONLY,   DENY_ALL,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_WRONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR, DENY_WRITE,      O_RDWR,   DENY_DOS,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_RDONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_WRONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR, DENY_WRITE,      O_RDWR,   DENY_ALL,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_RDONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_WRONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR, DENY_WRITE,      O_RDWR, DENY_WRITE,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_RDONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_WRONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR, DENY_WRITE,      O_RDWR,  DENY_READ,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_RDONLY,  DENY_READ,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_WRONLY,  DENY_READ,     A_0},
+{0,   O_RDWR, DENY_WRITE,      O_RDWR,  DENY_NONE,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_RDONLY,  DENY_NONE,     A_R},
+{0,   O_RDWR, DENY_WRITE,    O_WRONLY,  DENY_NONE,     A_0},
+{0,   O_RDWR, DENY_WRITE,      O_RDWR,   DENY_FCB,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_RDONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY, DENY_WRITE,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_RDONLY, DENY_WRITE,    O_RDONLY,   DENY_DOS,     A_R},
+{0, O_RDONLY, DENY_WRITE,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_RDONLY, DENY_WRITE,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_RDONLY, DENY_WRITE,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY, DENY_WRITE,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY, DENY_WRITE,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_RDONLY, DENY_WRITE,    O_RDONLY, DENY_WRITE,     A_R},
+{0, O_RDONLY, DENY_WRITE,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_RDONLY, DENY_WRITE,      O_RDWR,  DENY_READ,     A_0},
+{0, O_RDONLY, DENY_WRITE,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_RDONLY, DENY_WRITE,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_RDONLY, DENY_WRITE,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_RDONLY, DENY_WRITE,    O_RDONLY,  DENY_NONE,     A_R},
+{0, O_RDONLY, DENY_WRITE,    O_WRONLY,  DENY_NONE,     A_0},
+{0, O_RDONLY, DENY_WRITE,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_RDONLY, DENY_WRITE,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY, DENY_WRITE,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY, DENY_WRITE,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_RDONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY, DENY_WRITE,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY, DENY_WRITE,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_RDONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY, DENY_WRITE,      O_RDWR,  DENY_READ,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_RDONLY,  DENY_READ,     A_R},
+{0, O_WRONLY, DENY_WRITE,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_WRONLY, DENY_WRITE,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_RDONLY,  DENY_NONE,     A_R},
+{0, O_WRONLY, DENY_WRITE,    O_WRONLY,  DENY_NONE,     A_0},
+{0, O_WRONLY, DENY_WRITE,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_WRONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR,  DENY_READ,      O_RDWR,   DENY_DOS,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_RDONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_WRONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR,  DENY_READ,      O_RDWR,   DENY_ALL,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_RDONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_WRONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,  DENY_READ,      O_RDWR, DENY_WRITE,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_RDONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_WRONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,  DENY_READ,      O_RDWR,  DENY_READ,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_RDONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_WRONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,  DENY_READ,      O_RDWR,  DENY_NONE,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_RDONLY,  DENY_NONE,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_WRONLY,  DENY_NONE,     A_W},
+{0,   O_RDWR,  DENY_READ,      O_RDWR,   DENY_FCB,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_RDONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY,  DENY_READ,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_RDONLY,   DENY_DOS,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_RDONLY,  DENY_READ,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,  DENY_READ,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_RDONLY, DENY_WRITE,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_WRONLY, DENY_WRITE,     A_W},
+{0, O_RDONLY,  DENY_READ,      O_RDWR,  DENY_READ,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,  DENY_READ,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_RDONLY,  DENY_NONE,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_WRONLY,  DENY_NONE,     A_W},
+{0, O_RDONLY,  DENY_READ,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY,  DENY_READ,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_RDONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY,  DENY_READ,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,  DENY_READ,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_RDONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,  DENY_READ,      O_RDWR,  DENY_READ,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_WRONLY,  DENY_READ,     A_W},
+{0, O_WRONLY,  DENY_READ,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_RDONLY,  DENY_NONE,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_WRONLY,  DENY_NONE,     A_W},
+{0, O_WRONLY,  DENY_READ,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_WRONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR,  DENY_NONE,      O_RDWR,   DENY_DOS,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_RDONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_WRONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR,  DENY_NONE,      O_RDWR,   DENY_ALL,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_RDONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_WRONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,  DENY_NONE,      O_RDWR, DENY_WRITE,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_RDONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_WRONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,  DENY_NONE,      O_RDWR,  DENY_READ,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_RDONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_WRONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,  DENY_NONE,      O_RDWR,  DENY_NONE,     A_RW},
+{0,   O_RDWR,  DENY_NONE,    O_RDONLY,  DENY_NONE,     A_R},
+{0,   O_RDWR,  DENY_NONE,    O_WRONLY,  DENY_NONE,     A_W},
+{0,   O_RDWR,  DENY_NONE,      O_RDWR,   DENY_FCB,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_RDONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY,  DENY_NONE,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_RDONLY,  DENY_NONE,    O_RDONLY,   DENY_DOS,     A_R},
+{0, O_RDONLY,  DENY_NONE,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_RDONLY,  DENY_NONE,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_RDONLY,  DENY_NONE,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,  DENY_NONE,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,  DENY_NONE,      O_RDWR, DENY_WRITE,     A_RW},
+{0, O_RDONLY,  DENY_NONE,    O_RDONLY, DENY_WRITE,     A_R},
+{0, O_RDONLY,  DENY_NONE,    O_WRONLY, DENY_WRITE,     A_W},
+{0, O_RDONLY,  DENY_NONE,      O_RDWR,  DENY_READ,     A_0},
+{0, O_RDONLY,  DENY_NONE,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,  DENY_NONE,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,  DENY_NONE,      O_RDWR,  DENY_NONE,     A_RW},
+{0, O_RDONLY,  DENY_NONE,    O_RDONLY,  DENY_NONE,     A_R},
+{0, O_RDONLY,  DENY_NONE,    O_WRONLY,  DENY_NONE,     A_W},
+{0, O_RDONLY,  DENY_NONE,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_RDONLY,  DENY_NONE,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY,  DENY_NONE,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY,  DENY_NONE,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_WRONLY,  DENY_NONE,    O_RDONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY,  DENY_NONE,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY,  DENY_NONE,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_WRONLY,  DENY_NONE,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,  DENY_NONE,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,  DENY_NONE,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_WRONLY,  DENY_NONE,    O_RDONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,  DENY_NONE,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,  DENY_NONE,      O_RDWR,  DENY_READ,     A_RW},
+{0, O_WRONLY,  DENY_NONE,    O_RDONLY,  DENY_READ,     A_R},
+{0, O_WRONLY,  DENY_NONE,    O_WRONLY,  DENY_READ,     A_W},
+{0, O_WRONLY,  DENY_NONE,      O_RDWR,  DENY_NONE,     A_RW},
+{0, O_WRONLY,  DENY_NONE,    O_RDONLY,  DENY_NONE,     A_R},
+{0, O_WRONLY,  DENY_NONE,    O_WRONLY,  DENY_NONE,     A_W},
+{0, O_WRONLY,  DENY_NONE,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_WRONLY,  DENY_NONE,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY,  DENY_NONE,    O_WRONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR,   DENY_FCB,      O_RDWR,   DENY_DOS,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_RDONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_WRONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR,   DENY_FCB,      O_RDWR,   DENY_ALL,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_RDONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_WRONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,   DENY_FCB,      O_RDWR, DENY_WRITE,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_RDONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_WRONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,   DENY_FCB,      O_RDWR,  DENY_READ,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_RDONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_WRONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,   DENY_FCB,      O_RDWR,  DENY_NONE,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_RDONLY,  DENY_NONE,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_WRONLY,  DENY_NONE,     A_0},
+{0,   O_RDWR,   DENY_FCB,      O_RDWR,   DENY_FCB,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_RDONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY,   DENY_FCB,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_RDONLY,   DENY_DOS,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_RDONLY,   DENY_FCB,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,   DENY_FCB,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_RDONLY, DENY_WRITE,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_RDONLY,   DENY_FCB,      O_RDWR,  DENY_READ,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,   DENY_FCB,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_RDONLY,  DENY_NONE,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_WRONLY,  DENY_NONE,     A_0},
+{0, O_RDONLY,   DENY_FCB,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY,   DENY_FCB,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_RDONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY,   DENY_FCB,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,   DENY_FCB,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_RDONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,   DENY_FCB,      O_RDWR,  DENY_READ,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_WRONLY,   DENY_FCB,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_RDONLY,  DENY_NONE,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_WRONLY,  DENY_NONE,     A_0},
+{0, O_WRONLY,   DENY_FCB,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_WRONLY,   DENY_FCB,     A_0}
+};
+
+
+static const struct {
+	int isexe;
+	int mode1, deny1;
+	int mode2, deny2;
+	enum deny_result result;
+} denytable1[] = {
+{1,   O_RDWR,   DENY_DOS,      O_RDWR,   DENY_DOS,     A_RW},
+{1,   O_RDWR,   DENY_DOS,    O_RDONLY,   DENY_DOS,     A_R},
+{1,   O_RDWR,   DENY_DOS,    O_WRONLY,   DENY_DOS,     A_W},
+{1,   O_RDWR,   DENY_DOS,      O_RDWR,   DENY_ALL,     A_0},
+{1,   O_RDWR,   DENY_DOS,    O_RDONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,   DENY_DOS,    O_WRONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,   DENY_DOS,      O_RDWR, DENY_WRITE,     A_0},
+{1,   O_RDWR,   DENY_DOS,    O_RDONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,   DENY_DOS,    O_WRONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,   DENY_DOS,      O_RDWR,  DENY_READ,     A_0},
+{1,   O_RDWR,   DENY_DOS,    O_RDONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,   DENY_DOS,    O_WRONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,   DENY_DOS,      O_RDWR,  DENY_NONE,     A_RW},
+{1,   O_RDWR,   DENY_DOS,    O_RDONLY,  DENY_NONE,     A_R},
+{1,   O_RDWR,   DENY_DOS,    O_WRONLY,  DENY_NONE,     A_W},
+{1,   O_RDWR,   DENY_DOS,      O_RDWR,   DENY_FCB,     A_0},
+{1,   O_RDWR,   DENY_DOS,    O_RDONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR,   DENY_DOS,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY,   DENY_DOS,      O_RDWR,   DENY_DOS,     A_RW},
+{1, O_RDONLY,   DENY_DOS,    O_RDONLY,   DENY_DOS,     A_R},
+{1, O_RDONLY,   DENY_DOS,    O_WRONLY,   DENY_DOS,     A_W},
+{1, O_RDONLY,   DENY_DOS,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_RDONLY,   DENY_DOS,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,   DENY_DOS,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,   DENY_DOS,      O_RDWR, DENY_WRITE,     A_RW},
+{1, O_RDONLY,   DENY_DOS,    O_RDONLY, DENY_WRITE,     A_R},
+{1, O_RDONLY,   DENY_DOS,    O_WRONLY, DENY_WRITE,     A_W},
+{1, O_RDONLY,   DENY_DOS,      O_RDWR,  DENY_READ,     A_0},
+{1, O_RDONLY,   DENY_DOS,    O_RDONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,   DENY_DOS,    O_WRONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,   DENY_DOS,      O_RDWR,  DENY_NONE,     A_RW},
+{1, O_RDONLY,   DENY_DOS,    O_RDONLY,  DENY_NONE,     A_R},
+{1, O_RDONLY,   DENY_DOS,    O_WRONLY,  DENY_NONE,     A_W},
+{1, O_RDONLY,   DENY_DOS,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_RDONLY,   DENY_DOS,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY,   DENY_DOS,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY,   DENY_DOS,      O_RDWR,   DENY_DOS,     A_RW},
+{1, O_WRONLY,   DENY_DOS,    O_RDONLY,   DENY_DOS,     A_R},
+{1, O_WRONLY,   DENY_DOS,    O_WRONLY,   DENY_DOS,     A_W},
+{1, O_WRONLY,   DENY_DOS,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_WRONLY,   DENY_DOS,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,   DENY_DOS,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,   DENY_DOS,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_WRONLY,   DENY_DOS,    O_RDONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,   DENY_DOS,    O_WRONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,   DENY_DOS,      O_RDWR,  DENY_READ,     A_RW},
+{1, O_WRONLY,   DENY_DOS,    O_RDONLY,  DENY_READ,     A_R},
+{1, O_WRONLY,   DENY_DOS,    O_WRONLY,  DENY_READ,     A_W},
+{1, O_WRONLY,   DENY_DOS,      O_RDWR,  DENY_NONE,     A_RW},
+{1, O_WRONLY,   DENY_DOS,    O_RDONLY,  DENY_NONE,     A_R},
+{1, O_WRONLY,   DENY_DOS,    O_WRONLY,  DENY_NONE,     A_W},
+{1, O_WRONLY,   DENY_DOS,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_WRONLY,   DENY_DOS,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY,   DENY_DOS,    O_WRONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR,   DENY_ALL,      O_RDWR,   DENY_DOS,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_RDONLY,   DENY_DOS,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_WRONLY,   DENY_DOS,     A_0},
+{1,   O_RDWR,   DENY_ALL,      O_RDWR,   DENY_ALL,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_RDONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_WRONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,   DENY_ALL,      O_RDWR, DENY_WRITE,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_RDONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_WRONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,   DENY_ALL,      O_RDWR,  DENY_READ,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_RDONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_WRONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,   DENY_ALL,      O_RDWR,  DENY_NONE,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_RDONLY,  DENY_NONE,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_WRONLY,  DENY_NONE,     A_0},
+{1,   O_RDWR,   DENY_ALL,      O_RDWR,   DENY_FCB,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_RDONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY,   DENY_ALL,      O_RDWR,   DENY_DOS,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_RDONLY,   DENY_DOS,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_WRONLY,   DENY_DOS,     A_0},
+{1, O_RDONLY,   DENY_ALL,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,   DENY_ALL,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_RDONLY, DENY_WRITE,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_WRONLY, DENY_WRITE,     A_0},
+{1, O_RDONLY,   DENY_ALL,      O_RDWR,  DENY_READ,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_RDONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_WRONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,   DENY_ALL,      O_RDWR,  DENY_NONE,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_RDONLY,  DENY_NONE,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_WRONLY,  DENY_NONE,     A_0},
+{1, O_RDONLY,   DENY_ALL,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY,   DENY_ALL,      O_RDWR,   DENY_DOS,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_RDONLY,   DENY_DOS,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_WRONLY,   DENY_DOS,     A_0},
+{1, O_WRONLY,   DENY_ALL,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,   DENY_ALL,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_RDONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_WRONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,   DENY_ALL,      O_RDWR,  DENY_READ,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_RDONLY,  DENY_READ,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_WRONLY,  DENY_READ,     A_0},
+{1, O_WRONLY,   DENY_ALL,      O_RDWR,  DENY_NONE,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_RDONLY,  DENY_NONE,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_WRONLY,  DENY_NONE,     A_0},
+{1, O_WRONLY,   DENY_ALL,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_WRONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR, DENY_WRITE,      O_RDWR,   DENY_DOS,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_RDONLY,   DENY_DOS,     A_R},
+{1,   O_RDWR, DENY_WRITE,    O_WRONLY,   DENY_DOS,     A_0},
+{1,   O_RDWR, DENY_WRITE,      O_RDWR,   DENY_ALL,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_RDONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_WRONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR, DENY_WRITE,      O_RDWR, DENY_WRITE,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_RDONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_WRONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR, DENY_WRITE,      O_RDWR,  DENY_READ,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_RDONLY,  DENY_READ,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_WRONLY,  DENY_READ,     A_0},
+{1,   O_RDWR, DENY_WRITE,      O_RDWR,  DENY_NONE,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_RDONLY,  DENY_NONE,     A_R},
+{1,   O_RDWR, DENY_WRITE,    O_WRONLY,  DENY_NONE,     A_0},
+{1,   O_RDWR, DENY_WRITE,      O_RDWR,   DENY_FCB,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_RDONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY, DENY_WRITE,      O_RDWR,   DENY_DOS,     A_0},
+{1, O_RDONLY, DENY_WRITE,    O_RDONLY,   DENY_DOS,     A_R},
+{1, O_RDONLY, DENY_WRITE,    O_WRONLY,   DENY_DOS,     A_0},
+{1, O_RDONLY, DENY_WRITE,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_RDONLY, DENY_WRITE,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY, DENY_WRITE,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY, DENY_WRITE,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_RDONLY, DENY_WRITE,    O_RDONLY, DENY_WRITE,     A_R},
+{1, O_RDONLY, DENY_WRITE,    O_WRONLY, DENY_WRITE,     A_0},
+{1, O_RDONLY, DENY_WRITE,      O_RDWR,  DENY_READ,     A_0},
+{1, O_RDONLY, DENY_WRITE,    O_RDONLY,  DENY_READ,     A_0},
+{1, O_RDONLY, DENY_WRITE,    O_WRONLY,  DENY_READ,     A_0},
+{1, O_RDONLY, DENY_WRITE,      O_RDWR,  DENY_NONE,     A_0},
+{1, O_RDONLY, DENY_WRITE,    O_RDONLY,  DENY_NONE,     A_R},
+{1, O_RDONLY, DENY_WRITE,    O_WRONLY,  DENY_NONE,     A_0},
+{1, O_RDONLY, DENY_WRITE,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_RDONLY, DENY_WRITE,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY, DENY_WRITE,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY, DENY_WRITE,      O_RDWR,   DENY_DOS,     A_0},
+{1, O_WRONLY, DENY_WRITE,    O_RDONLY,   DENY_DOS,     A_R},
+{1, O_WRONLY, DENY_WRITE,    O_WRONLY,   DENY_DOS,     A_0},
+{1, O_WRONLY, DENY_WRITE,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_WRONLY, DENY_WRITE,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY, DENY_WRITE,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY, DENY_WRITE,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_WRONLY, DENY_WRITE,    O_RDONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY, DENY_WRITE,    O_WRONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY, DENY_WRITE,      O_RDWR,  DENY_READ,     A_0},
+{1, O_WRONLY, DENY_WRITE,    O_RDONLY,  DENY_READ,     A_R},
+{1, O_WRONLY, DENY_WRITE,    O_WRONLY,  DENY_READ,     A_0},
+{1, O_WRONLY, DENY_WRITE,      O_RDWR,  DENY_NONE,     A_0},
+{1, O_WRONLY, DENY_WRITE,    O_RDONLY,  DENY_NONE,     A_R},
+{1, O_WRONLY, DENY_WRITE,    O_WRONLY,  DENY_NONE,     A_0},
+{1, O_WRONLY, DENY_WRITE,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_WRONLY, DENY_WRITE,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY, DENY_WRITE,    O_WRONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR,  DENY_READ,      O_RDWR,   DENY_DOS,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_RDONLY,   DENY_DOS,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_WRONLY,   DENY_DOS,     A_W},
+{1,   O_RDWR,  DENY_READ,      O_RDWR,   DENY_ALL,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_RDONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_WRONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,  DENY_READ,      O_RDWR, DENY_WRITE,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_RDONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_WRONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,  DENY_READ,      O_RDWR,  DENY_READ,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_RDONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_WRONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,  DENY_READ,      O_RDWR,  DENY_NONE,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_RDONLY,  DENY_NONE,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_WRONLY,  DENY_NONE,     A_W},
+{1,   O_RDWR,  DENY_READ,      O_RDWR,   DENY_FCB,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_RDONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY,  DENY_READ,      O_RDWR,   DENY_DOS,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_RDONLY,   DENY_DOS,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_WRONLY,   DENY_DOS,     A_W},
+{1, O_RDONLY,  DENY_READ,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,  DENY_READ,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_RDONLY, DENY_WRITE,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_WRONLY, DENY_WRITE,     A_W},
+{1, O_RDONLY,  DENY_READ,      O_RDWR,  DENY_READ,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_RDONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_WRONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,  DENY_READ,      O_RDWR,  DENY_NONE,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_RDONLY,  DENY_NONE,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_WRONLY,  DENY_NONE,     A_W},
+{1, O_RDONLY,  DENY_READ,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY,  DENY_READ,      O_RDWR,   DENY_DOS,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_RDONLY,   DENY_DOS,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_WRONLY,   DENY_DOS,     A_W},
+{1, O_WRONLY,  DENY_READ,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,  DENY_READ,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_RDONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_WRONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,  DENY_READ,      O_RDWR,  DENY_READ,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_RDONLY,  DENY_READ,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_WRONLY,  DENY_READ,     A_W},
+{1, O_WRONLY,  DENY_READ,      O_RDWR,  DENY_NONE,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_RDONLY,  DENY_NONE,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_WRONLY,  DENY_NONE,     A_W},
+{1, O_WRONLY,  DENY_READ,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_WRONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR,  DENY_NONE,      O_RDWR,   DENY_DOS,     A_RW},
+{1,   O_RDWR,  DENY_NONE,    O_RDONLY,   DENY_DOS,     A_R},
+{1,   O_RDWR,  DENY_NONE,    O_WRONLY,   DENY_DOS,     A_W},
+{1,   O_RDWR,  DENY_NONE,      O_RDWR,   DENY_ALL,     A_0},
+{1,   O_RDWR,  DENY_NONE,    O_RDONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,  DENY_NONE,    O_WRONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,  DENY_NONE,      O_RDWR, DENY_WRITE,     A_0},
+{1,   O_RDWR,  DENY_NONE,    O_RDONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,  DENY_NONE,    O_WRONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,  DENY_NONE,      O_RDWR,  DENY_READ,     A_0},
+{1,   O_RDWR,  DENY_NONE,    O_RDONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,  DENY_NONE,    O_WRONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,  DENY_NONE,      O_RDWR,  DENY_NONE,     A_RW},
+{1,   O_RDWR,  DENY_NONE,    O_RDONLY,  DENY_NONE,     A_R},
+{1,   O_RDWR,  DENY_NONE,    O_WRONLY,  DENY_NONE,     A_W},
+{1,   O_RDWR,  DENY_NONE,      O_RDWR,   DENY_FCB,     A_0},
+{1,   O_RDWR,  DENY_NONE,    O_RDONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR,  DENY_NONE,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY,  DENY_NONE,      O_RDWR,   DENY_DOS,     A_RW},
+{1, O_RDONLY,  DENY_NONE,    O_RDONLY,   DENY_DOS,     A_R},
+{1, O_RDONLY,  DENY_NONE,    O_WRONLY,   DENY_DOS,     A_W},
+{1, O_RDONLY,  DENY_NONE,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_RDONLY,  DENY_NONE,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,  DENY_NONE,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,  DENY_NONE,      O_RDWR, DENY_WRITE,     A_RW},
+{1, O_RDONLY,  DENY_NONE,    O_RDONLY, DENY_WRITE,     A_R},
+{1, O_RDONLY,  DENY_NONE,    O_WRONLY, DENY_WRITE,     A_W},
+{1, O_RDONLY,  DENY_NONE,      O_RDWR,  DENY_READ,     A_0},
+{1, O_RDONLY,  DENY_NONE,    O_RDONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,  DENY_NONE,    O_WRONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,  DENY_NONE,      O_RDWR,  DENY_NONE,     A_RW},
+{1, O_RDONLY,  DENY_NONE,    O_RDONLY,  DENY_NONE,     A_R},
+{1, O_RDONLY,  DENY_NONE,    O_WRONLY,  DENY_NONE,     A_W},
+{1, O_RDONLY,  DENY_NONE,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_RDONLY,  DENY_NONE,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY,  DENY_NONE,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY,  DENY_NONE,      O_RDWR,   DENY_DOS,     A_RW},
+{1, O_WRONLY,  DENY_NONE,    O_RDONLY,   DENY_DOS,     A_R},
+{1, O_WRONLY,  DENY_NONE,    O_WRONLY,   DENY_DOS,     A_W},
+{1, O_WRONLY,  DENY_NONE,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_WRONLY,  DENY_NONE,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,  DENY_NONE,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,  DENY_NONE,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_WRONLY,  DENY_NONE,    O_RDONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,  DENY_NONE,    O_WRONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,  DENY_NONE,      O_RDWR,  DENY_READ,     A_RW},
+{1, O_WRONLY,  DENY_NONE,    O_RDONLY,  DENY_READ,     A_R},
+{1, O_WRONLY,  DENY_NONE,    O_WRONLY,  DENY_READ,     A_W},
+{1, O_WRONLY,  DENY_NONE,      O_RDWR,  DENY_NONE,     A_RW},
+{1, O_WRONLY,  DENY_NONE,    O_RDONLY,  DENY_NONE,     A_R},
+{1, O_WRONLY,  DENY_NONE,    O_WRONLY,  DENY_NONE,     A_W},
+{1, O_WRONLY,  DENY_NONE,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_WRONLY,  DENY_NONE,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY,  DENY_NONE,    O_WRONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR,   DENY_FCB,      O_RDWR,   DENY_DOS,     A_RW},
+{1,   O_RDWR,   DENY_FCB,    O_RDONLY,   DENY_DOS,     A_R},
+{1,   O_RDWR,   DENY_FCB,    O_WRONLY,   DENY_DOS,     A_W},
+{1,   O_RDWR,   DENY_FCB,      O_RDWR,   DENY_ALL,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_RDONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_WRONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,   DENY_FCB,      O_RDWR, DENY_WRITE,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_RDONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_WRONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,   DENY_FCB,      O_RDWR,  DENY_READ,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_RDONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_WRONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,   DENY_FCB,      O_RDWR,  DENY_NONE,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_RDONLY,  DENY_NONE,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_WRONLY,  DENY_NONE,     A_0},
+{1,   O_RDWR,   DENY_FCB,      O_RDWR,   DENY_FCB,     A_RW},
+{1,   O_RDWR,   DENY_FCB,    O_RDONLY,   DENY_FCB,     A_RW},
+{1,   O_RDWR,   DENY_FCB,    O_WRONLY,   DENY_FCB,     A_RW},
+{1, O_RDONLY,   DENY_FCB,      O_RDWR,   DENY_DOS,     A_RW},
+{1, O_RDONLY,   DENY_FCB,    O_RDONLY,   DENY_DOS,     A_R},
+{1, O_RDONLY,   DENY_FCB,    O_WRONLY,   DENY_DOS,     A_W},
+{1, O_RDONLY,   DENY_FCB,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,   DENY_FCB,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_RDONLY, DENY_WRITE,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_WRONLY, DENY_WRITE,     A_0},
+{1, O_RDONLY,   DENY_FCB,      O_RDWR,  DENY_READ,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_RDONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_WRONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,   DENY_FCB,      O_RDWR,  DENY_NONE,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_RDONLY,  DENY_NONE,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_WRONLY,  DENY_NONE,     A_0},
+{1, O_RDONLY,   DENY_FCB,      O_RDWR,   DENY_FCB,     A_RW},
+{1, O_RDONLY,   DENY_FCB,    O_RDONLY,   DENY_FCB,     A_RW},
+{1, O_RDONLY,   DENY_FCB,    O_WRONLY,   DENY_FCB,     A_RW},
+{1, O_WRONLY,   DENY_FCB,      O_RDWR,   DENY_DOS,     A_RW},
+{1, O_WRONLY,   DENY_FCB,    O_RDONLY,   DENY_DOS,     A_R},
+{1, O_WRONLY,   DENY_FCB,    O_WRONLY,   DENY_DOS,     A_W},
+{1, O_WRONLY,   DENY_FCB,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,   DENY_FCB,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_RDONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_WRONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,   DENY_FCB,      O_RDWR,  DENY_READ,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_RDONLY,  DENY_READ,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_WRONLY,  DENY_READ,     A_0},
+{1, O_WRONLY,   DENY_FCB,      O_RDWR,  DENY_NONE,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_RDONLY,  DENY_NONE,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_WRONLY,  DENY_NONE,     A_0},
+{1, O_WRONLY,   DENY_FCB,      O_RDWR,   DENY_FCB,     A_RW},
+{1, O_WRONLY,   DENY_FCB,    O_RDONLY,   DENY_FCB,     A_RW},
+{1, O_WRONLY,   DENY_FCB,    O_WRONLY,   DENY_FCB,     A_RW},
+{0,   O_RDWR,   DENY_DOS,      O_RDWR,   DENY_DOS,     A_RW},
+{0,   O_RDWR,   DENY_DOS,    O_RDONLY,   DENY_DOS,     A_R},
+{0,   O_RDWR,   DENY_DOS,    O_WRONLY,   DENY_DOS,     A_W},
+{0,   O_RDWR,   DENY_DOS,      O_RDWR,   DENY_ALL,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_RDONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_WRONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,   DENY_DOS,      O_RDWR, DENY_WRITE,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_RDONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_WRONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,   DENY_DOS,      O_RDWR,  DENY_READ,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_RDONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_WRONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,   DENY_DOS,      O_RDWR,  DENY_NONE,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_RDONLY,  DENY_NONE,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_WRONLY,  DENY_NONE,     A_0},
+{0,   O_RDWR,   DENY_DOS,      O_RDWR,   DENY_FCB,     A_RW},
+{0,   O_RDWR,   DENY_DOS,    O_RDONLY,   DENY_FCB,     A_RW},
+{0,   O_RDWR,   DENY_DOS,    O_WRONLY,   DENY_FCB,     A_RW},
+{0, O_RDONLY,   DENY_DOS,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_RDONLY,   DENY_DOS,    O_RDONLY,   DENY_DOS,     A_R},
+{0, O_RDONLY,   DENY_DOS,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_RDONLY,   DENY_DOS,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_RDONLY,   DENY_DOS,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,   DENY_DOS,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,   DENY_DOS,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_RDONLY,   DENY_DOS,    O_RDONLY, DENY_WRITE,     A_R},
+{0, O_RDONLY,   DENY_DOS,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_RDONLY,   DENY_DOS,      O_RDWR,  DENY_READ,     A_0},
+{0, O_RDONLY,   DENY_DOS,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,   DENY_DOS,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,   DENY_DOS,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_RDONLY,   DENY_DOS,    O_RDONLY,  DENY_NONE,     A_R},
+{0, O_RDONLY,   DENY_DOS,    O_WRONLY,  DENY_NONE,     A_0},
+{0, O_RDONLY,   DENY_DOS,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_RDONLY,   DENY_DOS,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY,   DENY_DOS,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY,   DENY_DOS,      O_RDWR,   DENY_DOS,     A_RW},
+{0, O_WRONLY,   DENY_DOS,    O_RDONLY,   DENY_DOS,     A_R},
+{0, O_WRONLY,   DENY_DOS,    O_WRONLY,   DENY_DOS,     A_W},
+{0, O_WRONLY,   DENY_DOS,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,   DENY_DOS,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_RDONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,   DENY_DOS,      O_RDWR,  DENY_READ,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_WRONLY,   DENY_DOS,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_RDONLY,  DENY_NONE,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_WRONLY,  DENY_NONE,     A_0},
+{0, O_WRONLY,   DENY_DOS,      O_RDWR,   DENY_FCB,     A_RW},
+{0, O_WRONLY,   DENY_DOS,    O_RDONLY,   DENY_FCB,     A_RW},
+{0, O_WRONLY,   DENY_DOS,    O_WRONLY,   DENY_FCB,     A_RW},
+{0,   O_RDWR,   DENY_ALL,      O_RDWR,   DENY_DOS,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_RDONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_WRONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR,   DENY_ALL,      O_RDWR,   DENY_ALL,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_RDONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_WRONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,   DENY_ALL,      O_RDWR, DENY_WRITE,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_RDONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_WRONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,   DENY_ALL,      O_RDWR,  DENY_READ,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_RDONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_WRONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,   DENY_ALL,      O_RDWR,  DENY_NONE,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_RDONLY,  DENY_NONE,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_WRONLY,  DENY_NONE,     A_0},
+{0,   O_RDWR,   DENY_ALL,      O_RDWR,   DENY_FCB,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_RDONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY,   DENY_ALL,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_RDONLY,   DENY_DOS,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_RDONLY,   DENY_ALL,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,   DENY_ALL,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_RDONLY, DENY_WRITE,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_RDONLY,   DENY_ALL,      O_RDWR,  DENY_READ,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,   DENY_ALL,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_RDONLY,  DENY_NONE,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_WRONLY,  DENY_NONE,     A_0},
+{0, O_RDONLY,   DENY_ALL,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY,   DENY_ALL,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_RDONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY,   DENY_ALL,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,   DENY_ALL,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_RDONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,   DENY_ALL,      O_RDWR,  DENY_READ,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_WRONLY,   DENY_ALL,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_RDONLY,  DENY_NONE,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_WRONLY,  DENY_NONE,     A_0},
+{0, O_WRONLY,   DENY_ALL,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_WRONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR, DENY_WRITE,      O_RDWR,   DENY_DOS,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_RDONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_WRONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR, DENY_WRITE,      O_RDWR,   DENY_ALL,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_RDONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_WRONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR, DENY_WRITE,      O_RDWR, DENY_WRITE,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_RDONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_WRONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR, DENY_WRITE,      O_RDWR,  DENY_READ,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_RDONLY,  DENY_READ,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_WRONLY,  DENY_READ,     A_0},
+{0,   O_RDWR, DENY_WRITE,      O_RDWR,  DENY_NONE,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_RDONLY,  DENY_NONE,     A_R},
+{0,   O_RDWR, DENY_WRITE,    O_WRONLY,  DENY_NONE,     A_0},
+{0,   O_RDWR, DENY_WRITE,      O_RDWR,   DENY_FCB,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_RDONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY, DENY_WRITE,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_RDONLY, DENY_WRITE,    O_RDONLY,   DENY_DOS,     A_R},
+{0, O_RDONLY, DENY_WRITE,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_RDONLY, DENY_WRITE,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_RDONLY, DENY_WRITE,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY, DENY_WRITE,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY, DENY_WRITE,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_RDONLY, DENY_WRITE,    O_RDONLY, DENY_WRITE,     A_R},
+{0, O_RDONLY, DENY_WRITE,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_RDONLY, DENY_WRITE,      O_RDWR,  DENY_READ,     A_0},
+{0, O_RDONLY, DENY_WRITE,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_RDONLY, DENY_WRITE,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_RDONLY, DENY_WRITE,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_RDONLY, DENY_WRITE,    O_RDONLY,  DENY_NONE,     A_R},
+{0, O_RDONLY, DENY_WRITE,    O_WRONLY,  DENY_NONE,     A_0},
+{0, O_RDONLY, DENY_WRITE,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_RDONLY, DENY_WRITE,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY, DENY_WRITE,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY, DENY_WRITE,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_RDONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY, DENY_WRITE,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY, DENY_WRITE,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_RDONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY, DENY_WRITE,      O_RDWR,  DENY_READ,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_RDONLY,  DENY_READ,     A_R},
+{0, O_WRONLY, DENY_WRITE,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_WRONLY, DENY_WRITE,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_RDONLY,  DENY_NONE,     A_R},
+{0, O_WRONLY, DENY_WRITE,    O_WRONLY,  DENY_NONE,     A_0},
+{0, O_WRONLY, DENY_WRITE,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_WRONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR,  DENY_READ,      O_RDWR,   DENY_DOS,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_RDONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_WRONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR,  DENY_READ,      O_RDWR,   DENY_ALL,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_RDONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_WRONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,  DENY_READ,      O_RDWR, DENY_WRITE,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_RDONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_WRONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,  DENY_READ,      O_RDWR,  DENY_READ,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_RDONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_WRONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,  DENY_READ,      O_RDWR,  DENY_NONE,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_RDONLY,  DENY_NONE,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_WRONLY,  DENY_NONE,     A_W},
+{0,   O_RDWR,  DENY_READ,      O_RDWR,   DENY_FCB,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_RDONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY,  DENY_READ,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_RDONLY,   DENY_DOS,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_RDONLY,  DENY_READ,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,  DENY_READ,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_RDONLY, DENY_WRITE,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_WRONLY, DENY_WRITE,     A_W},
+{0, O_RDONLY,  DENY_READ,      O_RDWR,  DENY_READ,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,  DENY_READ,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_RDONLY,  DENY_NONE,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_WRONLY,  DENY_NONE,     A_W},
+{0, O_RDONLY,  DENY_READ,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY,  DENY_READ,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_RDONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY,  DENY_READ,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,  DENY_READ,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_RDONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,  DENY_READ,      O_RDWR,  DENY_READ,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_WRONLY,  DENY_READ,     A_W},
+{0, O_WRONLY,  DENY_READ,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_RDONLY,  DENY_NONE,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_WRONLY,  DENY_NONE,     A_W},
+{0, O_WRONLY,  DENY_READ,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_WRONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR,  DENY_NONE,      O_RDWR,   DENY_DOS,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_RDONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_WRONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR,  DENY_NONE,      O_RDWR,   DENY_ALL,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_RDONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_WRONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,  DENY_NONE,      O_RDWR, DENY_WRITE,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_RDONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_WRONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,  DENY_NONE,      O_RDWR,  DENY_READ,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_RDONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_WRONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,  DENY_NONE,      O_RDWR,  DENY_NONE,     A_RW},
+{0,   O_RDWR,  DENY_NONE,    O_RDONLY,  DENY_NONE,     A_R},
+{0,   O_RDWR,  DENY_NONE,    O_WRONLY,  DENY_NONE,     A_W},
+{0,   O_RDWR,  DENY_NONE,      O_RDWR,   DENY_FCB,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_RDONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY,  DENY_NONE,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_RDONLY,  DENY_NONE,    O_RDONLY,   DENY_DOS,     A_R},
+{0, O_RDONLY,  DENY_NONE,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_RDONLY,  DENY_NONE,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_RDONLY,  DENY_NONE,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,  DENY_NONE,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,  DENY_NONE,      O_RDWR, DENY_WRITE,     A_RW},
+{0, O_RDONLY,  DENY_NONE,    O_RDONLY, DENY_WRITE,     A_R},
+{0, O_RDONLY,  DENY_NONE,    O_WRONLY, DENY_WRITE,     A_W},
+{0, O_RDONLY,  DENY_NONE,      O_RDWR,  DENY_READ,     A_0},
+{0, O_RDONLY,  DENY_NONE,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,  DENY_NONE,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,  DENY_NONE,      O_RDWR,  DENY_NONE,     A_RW},
+{0, O_RDONLY,  DENY_NONE,    O_RDONLY,  DENY_NONE,     A_R},
+{0, O_RDONLY,  DENY_NONE,    O_WRONLY,  DENY_NONE,     A_W},
+{0, O_RDONLY,  DENY_NONE,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_RDONLY,  DENY_NONE,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY,  DENY_NONE,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY,  DENY_NONE,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_WRONLY,  DENY_NONE,    O_RDONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY,  DENY_NONE,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY,  DENY_NONE,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_WRONLY,  DENY_NONE,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,  DENY_NONE,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,  DENY_NONE,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_WRONLY,  DENY_NONE,    O_RDONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,  DENY_NONE,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,  DENY_NONE,      O_RDWR,  DENY_READ,     A_RW},
+{0, O_WRONLY,  DENY_NONE,    O_RDONLY,  DENY_READ,     A_R},
+{0, O_WRONLY,  DENY_NONE,    O_WRONLY,  DENY_READ,     A_W},
+{0, O_WRONLY,  DENY_NONE,      O_RDWR,  DENY_NONE,     A_RW},
+{0, O_WRONLY,  DENY_NONE,    O_RDONLY,  DENY_NONE,     A_R},
+{0, O_WRONLY,  DENY_NONE,    O_WRONLY,  DENY_NONE,     A_W},
+{0, O_WRONLY,  DENY_NONE,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_WRONLY,  DENY_NONE,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY,  DENY_NONE,    O_WRONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR,   DENY_FCB,      O_RDWR,   DENY_DOS,     A_RW},
+{0,   O_RDWR,   DENY_FCB,    O_RDONLY,   DENY_DOS,     A_R},
+{0,   O_RDWR,   DENY_FCB,    O_WRONLY,   DENY_DOS,     A_W},
+{0,   O_RDWR,   DENY_FCB,      O_RDWR,   DENY_ALL,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_RDONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_WRONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,   DENY_FCB,      O_RDWR, DENY_WRITE,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_RDONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_WRONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,   DENY_FCB,      O_RDWR,  DENY_READ,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_RDONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_WRONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,   DENY_FCB,      O_RDWR,  DENY_NONE,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_RDONLY,  DENY_NONE,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_WRONLY,  DENY_NONE,     A_0},
+{0,   O_RDWR,   DENY_FCB,      O_RDWR,   DENY_FCB,     A_RW},
+{0,   O_RDWR,   DENY_FCB,    O_RDONLY,   DENY_FCB,     A_RW},
+{0,   O_RDWR,   DENY_FCB,    O_WRONLY,   DENY_FCB,     A_RW},
+{0, O_RDONLY,   DENY_FCB,      O_RDWR,   DENY_DOS,     A_RW},
+{0, O_RDONLY,   DENY_FCB,    O_RDONLY,   DENY_DOS,     A_R},
+{0, O_RDONLY,   DENY_FCB,    O_WRONLY,   DENY_DOS,     A_W},
+{0, O_RDONLY,   DENY_FCB,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,   DENY_FCB,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_RDONLY, DENY_WRITE,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_RDONLY,   DENY_FCB,      O_RDWR,  DENY_READ,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,   DENY_FCB,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_RDONLY,  DENY_NONE,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_WRONLY,  DENY_NONE,     A_0},
+{0, O_RDONLY,   DENY_FCB,      O_RDWR,   DENY_FCB,     A_RW},
+{0, O_RDONLY,   DENY_FCB,    O_RDONLY,   DENY_FCB,     A_RW},
+{0, O_RDONLY,   DENY_FCB,    O_WRONLY,   DENY_FCB,     A_RW},
+{0, O_WRONLY,   DENY_FCB,      O_RDWR,   DENY_DOS,     A_RW},
+{0, O_WRONLY,   DENY_FCB,    O_RDONLY,   DENY_DOS,     A_R},
+{0, O_WRONLY,   DENY_FCB,    O_WRONLY,   DENY_DOS,     A_W},
+{0, O_WRONLY,   DENY_FCB,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,   DENY_FCB,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_RDONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,   DENY_FCB,      O_RDWR,  DENY_READ,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_WRONLY,   DENY_FCB,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_RDONLY,  DENY_NONE,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_WRONLY,  DENY_NONE,     A_0},
+{0, O_WRONLY,   DENY_FCB,      O_RDWR,   DENY_FCB,     A_RW},
+{0, O_WRONLY,   DENY_FCB,    O_RDONLY,   DENY_FCB,     A_RW},
+{0, O_WRONLY,   DENY_FCB,    O_WRONLY,   DENY_FCB,     A_RW}
+};
+
+
+static void progress_bar(struct torture_context *tctx, unsigned int i, unsigned int total)
+{
+	if (torture_setting_bool(tctx, "progress", true)) {
+		torture_comment(tctx, "%5d/%5d\r", i, total);
+		fflush(stdout);
+	}
+}
+
+/*
+  this produces a matrix of deny mode behaviour for 1 connection
+ */
+bool torture_denytest1(struct torture_context *tctx, 
+		       struct smbcli_state *cli1)
+{
+	int fnum1, fnum2;
+	int i;
+	bool correct = true;
+	struct timespec tv, tv_start;
+	const char *fnames[2] = {"\\denytest1.dat", "\\denytest1.exe"};
+	int failures=0;
+
+	torture_comment(tctx, "Testing deny modes with 1 connection\n");
+
+	for (i=0;i<2;i++) {
+		smbcli_unlink(cli1->tree, fnames[i]);
+		fnum1 = smbcli_open(cli1->tree, fnames[i], O_RDWR|O_CREAT, DENY_NONE);
+		smbcli_write(cli1->tree, fnum1, 0, fnames[i], 0, strlen(fnames[i]));
+		smbcli_close(cli1->tree, fnum1);
+	}
+
+	torture_comment(tctx, "Testing %d entries\n", (int)ARRAY_SIZE(denytable1));
+
+	clock_gettime_mono(&tv_start);
+
+	for (i=0; i<ARRAY_SIZE(denytable1); i++) {
+		enum deny_result res;
+		const char *fname = fnames[denytable1[i].isexe];
+
+		progress_bar(tctx, i, ARRAY_SIZE(denytable1));
+
+		if (!torture_setting_bool(tctx, "deny_fcb_support", true) &&
+		    (denytable1[i].deny1 == DENY_FCB ||
+			denytable1[i].deny2 == DENY_FCB))
+			continue;
+
+		if (!torture_setting_bool(tctx, "deny_dos_support", true) &&
+		    (denytable1[i].deny1 == DENY_DOS ||
+			denytable1[i].deny2 == DENY_DOS))
+			continue;
+
+		fnum1 = smbcli_open(cli1->tree, fname, 
+				 denytable1[i].mode1,
+				 denytable1[i].deny1);
+		fnum2 = smbcli_open(cli1->tree, fname, 
+				 denytable1[i].mode2,
+				 denytable1[i].deny2);
+
+		if (fnum1 == -1) {
+			res = A_X;
+		} else if (fnum2 == -1) {
+			res = A_0;
+		} else {
+			uint8_t x = 1;
+			res = A_0;
+			if (smbcli_read(cli1->tree, fnum2, &x, 0, 1) == 1) {
+				res += A_R;
+			}
+			if (smbcli_write(cli1->tree, fnum2, 0, &x, 0, 1) == 1) {
+				res += A_W;
+			}
+		}
+
+		if (torture_setting_bool(tctx, "showall", false) || 
+			res != denytable1[i].result) {
+			int64_t tdif;
+			clock_gettime_mono(&tv);
+			tdif = nsec_time_diff(&tv, &tv_start);
+			tdif /= 1000000;
+			torture_comment(tctx, "%lld: %s %8s %10s    %8s %10s    %s (correct=%s)\n",
+			       (long long)tdif,
+			       fname,
+			       denystr(denytable1[i].deny1),
+			       openstr(denytable1[i].mode1),
+			       denystr(denytable1[i].deny2),
+			       openstr(denytable1[i].mode2),
+			       resultstr(res),
+			       resultstr(denytable1[i].result));
+		}
+
+		if (res != denytable1[i].result) {
+			correct = false;
+			CHECK_MAX_FAILURES(failed);
+		}
+
+		smbcli_close(cli1->tree, fnum1);
+		smbcli_close(cli1->tree, fnum2);
+	}
+
+failed:
+	for (i=0;i<2;i++) {
+		smbcli_unlink(cli1->tree, fnames[i]);
+	}
+		
+	torture_comment(tctx, "finished denytest1 (%d failures)\n", failures);
+	return correct;
+}
+
+
+/*
+  this produces a matrix of deny mode behaviour with 2 connections
+ */
+bool torture_denytest2(struct torture_context *tctx, 
+		       struct smbcli_state *cli1, 
+		       struct smbcli_state *cli2)
+{
+	int fnum1, fnum2;
+	int i;
+	bool correct = true;
+	const char *fnames[2] = {"\\denytest2.dat", "\\denytest2.exe"};
+	struct timespec tv, tv_start;
+	int failures=0;
+
+	for (i=0;i<2;i++) {
+		smbcli_unlink(cli1->tree, fnames[i]);
+		fnum1 = smbcli_open(cli1->tree, fnames[i], O_RDWR|O_CREAT, DENY_NONE);
+		smbcli_write(cli1->tree, fnum1, 0, fnames[i], 0, strlen(fnames[i]));
+		smbcli_close(cli1->tree, fnum1);
+	}
+
+	clock_gettime_mono(&tv_start);
+
+	for (i=0; i<ARRAY_SIZE(denytable2); i++) {
+		enum deny_result res;
+		const char *fname = fnames[denytable2[i].isexe];
+
+		progress_bar(tctx, i, ARRAY_SIZE(denytable1));
+
+		if (!torture_setting_bool(tctx, "deny_fcb_support", true) &&
+		    (denytable1[i].deny1 == DENY_FCB ||
+			denytable1[i].deny2 == DENY_FCB))
+			continue;
+
+		if (!torture_setting_bool(tctx, "deny_dos_support", true) &&
+		    (denytable1[i].deny1 == DENY_DOS ||
+			denytable1[i].deny2 == DENY_DOS))
+			continue;
+
+		fnum1 = smbcli_open(cli1->tree, fname, 
+				 denytable2[i].mode1,
+				 denytable2[i].deny1);
+		fnum2 = smbcli_open(cli2->tree, fname, 
+				 denytable2[i].mode2,
+				 denytable2[i].deny2);
+
+		if (fnum1 == -1) {
+			res = A_X;
+		} else if (fnum2 == -1) {
+			res = A_0;
+		} else {
+			uint8_t x = 1;
+			res = A_0;
+			if (smbcli_read(cli2->tree, fnum2, &x, 0, 1) == 1) {
+				res += A_R;
+			}
+			if (smbcli_write(cli2->tree, fnum2, 0, &x, 0, 1) == 1) {
+				res += A_W;
+			}
+		}
+
+		if (torture_setting_bool(tctx, "showall", false) || 
+			res != denytable2[i].result) {
+			int64_t tdif;
+			clock_gettime_mono(&tv);
+			tdif = nsec_time_diff(&tv, &tv_start);
+			tdif /= 1000000;
+			torture_comment(tctx, "%lld: %s %8s %10s    %8s %10s    %s (correct=%s)\n",
+			       (long long)tdif,
+			       fname,
+			       denystr(denytable2[i].deny1),
+			       openstr(denytable2[i].mode1),
+			       denystr(denytable2[i].deny2),
+			       openstr(denytable2[i].mode2),
+			       resultstr(res),
+			       resultstr(denytable2[i].result));
+		}
+
+		if (res != denytable2[i].result) {
+			correct = false;
+			CHECK_MAX_FAILURES(failed);
+		}
+
+		smbcli_close(cli1->tree, fnum1);
+		smbcli_close(cli2->tree, fnum2);
+	}
+
+failed:		
+	for (i=0;i<2;i++) {
+		smbcli_unlink(cli1->tree, fnames[i]);
+	}
+
+	torture_comment(tctx, "finished denytest2 (%d failures)\n", failures);
+	return correct;
+}
+
+
+
+/*
+   simple test harness for playing with deny modes
+ */
+bool torture_denytest3(struct torture_context *tctx, 
+		       struct smbcli_state *cli1,
+		       struct smbcli_state *cli2)
+{
+	int fnum1, fnum2;
+	const char *fname;
+
+	fname = "\\deny_dos1.dat";
+
+	smbcli_unlink(cli1->tree, fname);
+	fnum1 = smbcli_open(cli1->tree, fname, O_CREAT|O_TRUNC|O_WRONLY, DENY_DOS);
+	fnum2 = smbcli_open(cli1->tree, fname, O_CREAT|O_TRUNC|O_WRONLY, DENY_DOS);
+	if (fnum1 != -1) smbcli_close(cli1->tree, fnum1);
+	if (fnum2 != -1) smbcli_close(cli1->tree, fnum2);
+	smbcli_unlink(cli1->tree, fname);
+	torture_comment(tctx, "fnum1=%d fnum2=%d\n", fnum1, fnum2);
+
+
+	fname = "\\deny_dos2.dat";
+
+	smbcli_unlink(cli1->tree, fname);
+	fnum1 = smbcli_open(cli1->tree, fname, O_CREAT|O_TRUNC|O_WRONLY, DENY_DOS);
+	fnum2 = smbcli_open(cli2->tree, fname, O_CREAT|O_TRUNC|O_WRONLY, DENY_DOS);
+	if (fnum1 != -1) smbcli_close(cli1->tree, fnum1);
+	if (fnum2 != -1) smbcli_close(cli2->tree, fnum2);
+	smbcli_unlink(cli1->tree, fname);
+	torture_comment(tctx, "fnum1=%d fnum2=%d\n", fnum1, fnum2);
+
+	return true;
+}
+
+struct bit_value {
+	uint32_t value;
+	const char *name;
+};
+
+static uint32_t map_bits(const struct bit_value *bv, int b, int nbits)
+{
+	int i;
+	uint32_t ret = 0;
+	for (i=0;i<nbits;i++) {
+		if (b & (1<<i)) {
+			ret |= bv[i].value;
+		}
+	}
+	return ret;
+}
+
+static const char *bit_string(TALLOC_CTX *mem_ctx, const struct bit_value *bv, int b, int nbits)
+{
+	char *ret = NULL;
+	int i;
+	for (i=0;i<nbits;i++) {
+		if (b & (1<<i)) {
+			if (ret == NULL) {
+				ret = talloc_asprintf(mem_ctx, "%s", bv[i].name);
+			} else {
+				ret = talloc_asprintf_append_buffer(ret, " | %s", bv[i].name);
+			}
+		}
+	}
+	if (ret == NULL) ret = talloc_strdup(mem_ctx, "(NONE)");
+	return ret;
+}
+
+
+/*
+  determine if two opens conflict
+*/
+static NTSTATUS predict_share_conflict(uint32_t sa1, uint32_t am1, uint32_t sa2, uint32_t am2,
+				       bool read_for_execute, enum deny_result *res)
+{
+#define CHECK_MASK(am, sa, right, share) do { \
+	if (((am) & (right)) && !((sa) & (share))) { \
+		*res = A_0; \
+		return NT_STATUS_SHARING_VIOLATION; \
+	}} while (0)
+
+	*res = A_0;
+	if (am2 & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA)) {
+		*res += A_W;
+	}
+	if (am2 & SEC_FILE_READ_DATA) {
+		*res += A_R;
+	} else if ((am2 & SEC_FILE_EXECUTE) && read_for_execute) {
+		*res += A_R;
+	}
+
+	/* if either open involves no read.write or delete access then
+	   it can't conflict */
+	if (!(am1 & (SEC_FILE_WRITE_DATA | 
+		     SEC_FILE_APPEND_DATA |
+		     SEC_FILE_READ_DATA | 
+		     SEC_FILE_EXECUTE | 
+		     SEC_STD_DELETE))) {
+		return NT_STATUS_OK;
+	}
+	if (!(am2 & (SEC_FILE_WRITE_DATA | 
+		     SEC_FILE_APPEND_DATA |
+		     SEC_FILE_READ_DATA | 
+		     SEC_FILE_EXECUTE | 
+		     SEC_STD_DELETE))) {
+		return NT_STATUS_OK;
+	}
+
+	/* check the basic share access */
+	CHECK_MASK(am1, sa2, 
+		   SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA, 
+		   NTCREATEX_SHARE_ACCESS_WRITE);
+	CHECK_MASK(am2, sa1, 
+		   SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA, 
+		   NTCREATEX_SHARE_ACCESS_WRITE);
+
+	CHECK_MASK(am1, sa2, 
+		   SEC_FILE_READ_DATA | SEC_FILE_EXECUTE, 
+		   NTCREATEX_SHARE_ACCESS_READ);
+	CHECK_MASK(am2, sa1, 
+		   SEC_FILE_READ_DATA | SEC_FILE_EXECUTE, 
+		   NTCREATEX_SHARE_ACCESS_READ);
+
+	CHECK_MASK(am1, sa2, 
+		   SEC_STD_DELETE, 
+		   NTCREATEX_SHARE_ACCESS_DELETE);
+	CHECK_MASK(am2, sa1, 
+		   SEC_STD_DELETE, 
+		   NTCREATEX_SHARE_ACCESS_DELETE);
+
+	return NT_STATUS_OK;
+}
+
+/*
+  a denytest for ntcreatex
+ */
+static bool torture_ntdenytest(struct torture_context *tctx, 
+			       struct smbcli_state *cli1,
+			       struct smbcli_state *cli2, int client)
+{
+	const struct bit_value share_access_bits[] = {
+		{ NTCREATEX_SHARE_ACCESS_READ,   "S_R" },
+		{ NTCREATEX_SHARE_ACCESS_WRITE,  "S_W" },
+		{ NTCREATEX_SHARE_ACCESS_DELETE, "S_D" }
+	};
+	const struct bit_value access_mask_bits[] = {
+		{ SEC_FILE_READ_DATA,        "R_DATA" },
+		{ SEC_FILE_WRITE_DATA,       "W_DATA" },
+		{ SEC_FILE_READ_ATTRIBUTE,   "R_ATTR" },
+		{ SEC_FILE_WRITE_ATTRIBUTE,  "W_ATTR" },
+		{ SEC_FILE_READ_EA,          "R_EAS " },
+		{ SEC_FILE_WRITE_EA,         "W_EAS " },
+		{ SEC_FILE_APPEND_DATA,      "A_DATA" },
+		{ SEC_FILE_EXECUTE,          "EXEC  " }
+	};
+	int fnum1;
+	int i;
+	bool correct = true;
+	struct timespec tv, tv_start;
+	const char *fname;
+	int nbits1 = ARRAY_SIZE(share_access_bits);
+	int nbits2 = ARRAY_SIZE(access_mask_bits);
+	union smb_open io1, io2;
+	extern int torture_numops;
+	int failures = 0;
+	uint8_t buf[1];
+
+	torture_comment(tctx, "format: server correct\n");
+
+	ZERO_STRUCT(buf);
+
+	fname = talloc_asprintf(cli1, "\\ntdeny_%d.dll", client);
+
+	smbcli_unlink(cli1->tree, fname);
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	smbcli_write(cli1->tree, fnum1, 0, buf, 0, sizeof(buf));
+	smbcli_close(cli1->tree, fnum1);
+
+	clock_gettime_mono(&tv_start);
+
+	io1.ntcreatex.level = RAW_OPEN_NTCREATEX;
+	io1.ntcreatex.in.root_fid.fnum = 0;
+	io1.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
+	io1.ntcreatex.in.create_options = NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+	io1.ntcreatex.in.file_attr = 0;
+	io1.ntcreatex.in.alloc_size = 0;
+	io1.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io1.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_IMPERSONATION;
+	io1.ntcreatex.in.security_flags = 0;
+	io1.ntcreatex.in.fname = fname;
+	io2 = io1;
+
+	torture_comment(tctx, "Testing %d entries on %s\n", torture_numops, fname);
+
+	for (i=0;i<torture_numops;i++) {
+		NTSTATUS status1, status2, status2_p;
+		TALLOC_CTX *mem_ctx = talloc_new(NULL);
+		enum deny_result res, res2;
+		int b_sa1 = random() & ((1<<nbits1)-1);
+		int b_am1 = random() & ((1<<nbits2)-1);
+		int b_sa2 = random() & ((1<<nbits1)-1);
+		int b_am2 = random() & ((1<<nbits2)-1);
+		bool read_for_execute;
+
+		progress_bar(tctx, i, torture_numops);
+		
+		io1.ntcreatex.in.share_access = map_bits(share_access_bits, b_sa1, nbits1);
+		io1.ntcreatex.in.access_mask  = map_bits(access_mask_bits,  b_am1, nbits2);
+		
+		io2.ntcreatex.in.share_access = map_bits(share_access_bits, b_sa2, nbits1);
+		io2.ntcreatex.in.access_mask  = map_bits(access_mask_bits,  b_am2, nbits2);
+
+		status1 = smb_raw_open(cli1->tree, mem_ctx, &io1);
+		status2 = smb_raw_open(cli2->tree, mem_ctx, &io2);
+
+		if (random() % 2 == 0) {
+			read_for_execute = true;
+		} else {
+			read_for_execute = false;
+		}
+		
+		if (!NT_STATUS_IS_OK(status1)) {
+			res = A_X;
+		} else if (!NT_STATUS_IS_OK(status2)) {
+			res = A_0;
+		} else {
+			union smb_read r;
+			NTSTATUS status;
+
+			/* we can't use smbcli_read() as we need to
+			   set read_for_execute */
+			r.readx.level = RAW_READ_READX;
+			r.readx.in.file.fnum = io2.ntcreatex.out.file.fnum;
+			r.readx.in.offset = 0;
+			r.readx.in.mincnt = sizeof(buf);
+			r.readx.in.maxcnt = sizeof(buf);
+			r.readx.in.remaining = 0;
+			r.readx.in.read_for_execute = read_for_execute;
+			r.readx.out.data = buf;
+
+			res = A_0;
+			status = smb_raw_read(cli2->tree, &r);
+			if (NT_STATUS_IS_OK(status)) {
+				res += A_R;
+			}
+			if (smbcli_write(cli2->tree, io2.ntcreatex.out.file.fnum,
+					 0, buf, 0, sizeof(buf)) >= 1) {
+				res += A_W;
+			}
+		}
+		
+		if (NT_STATUS_IS_OK(status1)) {
+			smbcli_close(cli1->tree, io1.ntcreatex.out.file.fnum);
+		}
+		if (NT_STATUS_IS_OK(status2)) {
+			smbcli_close(cli2->tree, io2.ntcreatex.out.file.fnum);
+		}
+		
+		status2_p = predict_share_conflict(io1.ntcreatex.in.share_access,
+						   io1.ntcreatex.in.access_mask,
+						   io2.ntcreatex.in.share_access,
+						   io2.ntcreatex.in.access_mask, 
+						   read_for_execute,
+						   &res2);
+		
+		clock_gettime_mono(&tv);
+		if (torture_setting_bool(tctx, "showall", false) || 
+		    !NT_STATUS_EQUAL(status2, status2_p) ||
+		    res != res2) {
+			torture_comment(tctx, "\n%-20s %-70s\n%-20s %-70s %4s %4s  %s/%s\n",
+			       bit_string(mem_ctx, share_access_bits, b_sa1, nbits1),
+			       bit_string(mem_ctx, access_mask_bits,  b_am1, nbits2),
+			       bit_string(mem_ctx, share_access_bits, b_sa2, nbits1),
+			       bit_string(mem_ctx, access_mask_bits,  b_am2, nbits2),
+			       resultstr(res),
+			       resultstr(res2),
+			       nt_errstr(status2),
+			       nt_errstr(status2_p));
+			fflush(stdout);
+		}
+		
+		if (res != res2 ||
+		    !NT_STATUS_EQUAL(status2, status2_p)) {
+			CHECK_MAX_FAILURES(failed);
+			correct = false;
+		}
+		
+		talloc_free(mem_ctx);
+	}
+
+failed:
+	smbcli_unlink(cli1->tree, fname);
+	
+	torture_comment(tctx, "finished ntdenytest (%d failures)\n", failures);
+	return correct;
+}
+
+
+
+/*
+  a denytest for ntcreatex
+ */
+bool torture_ntdenytest1(struct torture_context *tctx, 
+			 struct smbcli_state *cli, int client)
+{
+	extern int torture_seed;
+
+	srandom(torture_seed + client);
+
+	torture_comment(tctx, "starting ntdenytest1 client %d\n", client);
+
+	return torture_ntdenytest(tctx, cli, cli, client);
+}
+
+/*
+  a denytest for ntcreatex
+ */
+bool torture_ntdenytest2(struct torture_context *torture, 
+			 struct smbcli_state *cli1,
+			 struct smbcli_state *cli2)
+{
+	return torture_ntdenytest(torture, cli1, cli2, 0);
+}
+
+#define COMPARE_STATUS(status, correct) do { \
+	if (!NT_STATUS_EQUAL(status, correct)) { \
+		torture_result(tctx, TORTURE_FAIL, \
+			"(%s) Incorrect status %s - should be %s\n", \
+			__location__, nt_errstr(status), nt_errstr(correct)); \
+		ret = false; \
+		failed = true; \
+	}} while (0)
+
+#define CHECK_STATUS(status, correct) do { \
+	if (!NT_STATUS_EQUAL(status, correct)) { \
+		torture_result(tctx, TORTURE_FAIL, \
+			"(%s) Incorrect status %s - should be %s\n", \
+		       __location__, nt_errstr(status), nt_errstr(correct)); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+#define CHECK_VAL(v, correct) do { \
+	if ((v) != (correct)) { \
+		torture_result(tctx, TORTURE_FAIL, \
+		      "(%s) wrong value for %s  0x%x - should be 0x%x\n", \
+		       __location__, #v, (int)(v), (int)correct); \
+		ret = false; \
+	}} while (0)
+
+/*
+  test sharing of handles with DENY_DOS on a single connection
+*/
+bool torture_denydos_sharing(struct torture_context *tctx, 
+			     struct smbcli_state *cli)
+{
+	union smb_open io;
+	union smb_fileinfo finfo;
+	const char *fname = "\\torture_denydos.txt";
+	NTSTATUS status;
+	int fnum1 = -1, fnum2 = -1;
+	bool ret = true;
+	union smb_setfileinfo sfinfo;
+	TALLOC_CTX *mem_ctx;
+
+	mem_ctx = talloc_new(cli);
+
+	torture_comment(tctx, "Checking DENY_DOS shared handle semantics\n");
+	smbcli_unlink(cli->tree, fname);
+
+	io.openx.level = RAW_OPEN_OPENX;
+	io.openx.in.fname = fname;
+	io.openx.in.flags = OPENX_FLAGS_ADDITIONAL_INFO;
+	io.openx.in.open_mode = OPENX_MODE_ACCESS_RDWR | OPENX_MODE_DENY_DOS;
+	io.openx.in.open_func = OPENX_OPEN_FUNC_OPEN | OPENX_OPEN_FUNC_CREATE;
+	io.openx.in.search_attrs = 0;
+	io.openx.in.file_attrs = 0;
+	io.openx.in.write_time = 0;
+	io.openx.in.size = 0;
+	io.openx.in.timeout = 0;
+
+	torture_comment(tctx, "openx twice with RDWR/DENY_DOS\n");
+	status = smb_raw_open(cli->tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum1 = io.openx.out.file.fnum;
+
+	status = smb_raw_open(cli->tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum2 = io.openx.out.file.fnum;
+
+	torture_comment(tctx, "fnum1=%d fnum2=%d\n", fnum1, fnum2);
+
+	sfinfo.generic.level = RAW_SFILEINFO_POSITION_INFORMATION;
+	sfinfo.position_information.in.file.fnum = fnum1;
+	sfinfo.position_information.in.position = 1000;
+	status = smb_raw_setfileinfo(cli->tree, &sfinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "two handles should be same file handle\n");
+	finfo.position_information.level = RAW_FILEINFO_POSITION_INFORMATION;
+	finfo.position_information.in.file.fnum = fnum1;
+	status = smb_raw_fileinfo(cli->tree, mem_ctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(finfo.position_information.out.position, 1000);
+
+	finfo.position_information.in.file.fnum = fnum2;
+	status = smb_raw_fileinfo(cli->tree, mem_ctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(finfo.position_information.out.position, 1000);
+
+
+	smbcli_close(cli->tree, fnum1);
+	smbcli_close(cli->tree, fnum2);
+
+	torture_comment(tctx, "openx twice with RDWR/DENY_NONE\n");
+	io.openx.in.open_mode = OPENX_MODE_ACCESS_RDWR | OPENX_MODE_DENY_NONE;
+	status = smb_raw_open(cli->tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum1 = io.openx.out.file.fnum;
+
+	io.openx.in.open_func = OPENX_OPEN_FUNC_OPEN;
+	status = smb_raw_open(cli->tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum2 = io.openx.out.file.fnum;
+
+	torture_comment(tctx, "fnum1=%d fnum2=%d\n", fnum1, fnum2);
+
+	torture_comment(tctx, "two handles should be separate\n");
+	sfinfo.generic.level = RAW_SFILEINFO_POSITION_INFORMATION;
+	sfinfo.position_information.in.file.fnum = fnum1;
+	sfinfo.position_information.in.position = 1000;
+	status = smb_raw_setfileinfo(cli->tree, &sfinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	finfo.position_information.level = RAW_FILEINFO_POSITION_INFORMATION;
+	finfo.position_information.in.file.fnum = fnum1;
+	status = smb_raw_fileinfo(cli->tree, mem_ctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(finfo.position_information.out.position, 1000);
+
+	finfo.position_information.in.file.fnum = fnum2;
+	status = smb_raw_fileinfo(cli->tree, mem_ctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(finfo.position_information.out.position, 0);
+
+done:
+	smbcli_close(cli->tree, fnum1);
+	smbcli_close(cli->tree, fnum2);
+	smbcli_unlink(cli->tree, fname);
+
+	return ret;
+}
+
+#define CXD_MATCHES(_cxd, i)                                            \
+	((cxd_known[i].cxd_test == (_cxd)->cxd_test) &&                 \
+	 (cxd_known[i].cxd_flags == (_cxd)->cxd_flags) &&               \
+	 (cxd_known[i].cxd_access1 == (_cxd)->cxd_access1) &&           \
+	 (cxd_known[i].cxd_sharemode1 == (_cxd)->cxd_sharemode1) &&     \
+	 (cxd_known[i].cxd_access2 == (_cxd)->cxd_access2) &&           \
+	 (cxd_known[i].cxd_sharemode2 == (_cxd)->cxd_sharemode2))
+
+static int cxd_find_known(struct createx_data *cxd)
+{
+	static int i = -1;
+
+	/* Optimization for tests which we don't have results saved for. */
+	if ((cxd->cxd_test == CXD_TEST_CREATEX_ACCESS_EXHAUSTIVE) ||
+	    (cxd->cxd_test == CXD_TEST_CREATEX_SHAREMODE_EXTENDED))
+		return -1;
+
+	/* Optimization: If our cxd_known table is too large, it hurts test
+	 * performance to search through the entire table each time. If the
+	 * caller can pass in the previous result, we can try the next entry.
+	 * This works if results are taken directly from the same code. */
+	i++;
+	if ((i >= 0) && (i < sizeof(cxd_known) / sizeof(cxd_known[0])) &&
+	    CXD_MATCHES(cxd, i))
+		return i;
+
+	for (i = 0; i < (sizeof(cxd_known) / sizeof(cxd_known[0])); i++) {
+		if (CXD_MATCHES(cxd, i))
+			return i;
+	}
+
+	return -1;
+}
+
+#define CREATEX_NAME "\\createx_dir"
+
+static bool createx_make_dir(struct torture_context *tctx,
+    struct smbcli_tree *tree, TALLOC_CTX *mem_ctx, const char *fname)
+{
+	bool ret = true;
+	NTSTATUS status;
+
+	status = smbcli_mkdir(tree, fname);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+ done:
+	return ret;
+}
+
+static bool createx_make_file(struct torture_context *tctx,
+    struct smbcli_tree *tree, TALLOC_CTX *mem_ctx, const char *fname)
+{
+	union smb_open open_parms;
+	bool ret = true;
+	NTSTATUS status;
+
+	ZERO_STRUCT(open_parms);
+	open_parms.generic.level = RAW_OPEN_NTCREATEX;
+	open_parms.ntcreatex.in.flags = 0;
+	open_parms.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	open_parms.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	open_parms.ntcreatex.in.share_access = 0;
+	open_parms.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	open_parms.ntcreatex.in.create_options = 0;
+	open_parms.ntcreatex.in.fname = fname;
+
+	status = smb_raw_open(tree, mem_ctx, &open_parms);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smbcli_close(tree, open_parms.ntcreatex.out.file.fnum);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+ done:
+	return ret;
+}
+
+static void createx_fill_dir(union smb_open *open_parms, int accessmode,
+    int sharemode, const char *fname)
+{
+	ZERO_STRUCTP(open_parms);
+	open_parms->generic.level = RAW_OPEN_NTCREATEX;
+	open_parms->ntcreatex.in.flags = 0;
+	open_parms->ntcreatex.in.access_mask = accessmode;
+	open_parms->ntcreatex.in.file_attr = FILE_ATTRIBUTE_DIRECTORY;
+	open_parms->ntcreatex.in.share_access = sharemode;
+	open_parms->ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	open_parms->ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	open_parms->ntcreatex.in.fname = fname;
+}
+
+static void createx_fill_file(union smb_open *open_parms, int accessmode,
+    int sharemode, const char *fname)
+{
+	ZERO_STRUCTP(open_parms);
+	open_parms->generic.level = RAW_OPEN_NTCREATEX;
+	open_parms->ntcreatex.in.flags = 0;
+	open_parms->ntcreatex.in.access_mask = accessmode;
+	open_parms->ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	open_parms->ntcreatex.in.share_access = sharemode;
+	open_parms->ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	open_parms->ntcreatex.in.create_options = 0;
+	open_parms->ntcreatex.in.fname = fname;
+	open_parms->ntcreatex.in.root_fid.fnum = 0;
+}
+
+static int data_file_fd = -1;
+
+#define KNOWN   "known"
+#define CHILD   "child"
+static bool createx_test_dir(struct torture_context *tctx,
+    struct smbcli_tree *tree, int fnum, TALLOC_CTX *mem_ctx, NTSTATUS *result)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_open open_parms;
+
+	/* bypass original handle to guarantee creation */
+	ZERO_STRUCT(open_parms);
+	open_parms.generic.level = RAW_OPEN_NTCREATEX;
+	open_parms.ntcreatex.in.flags = 0;
+	open_parms.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	open_parms.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	open_parms.ntcreatex.in.share_access = 0;
+	open_parms.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	open_parms.ntcreatex.in.create_options = 0;
+	open_parms.ntcreatex.in.fname = CREATEX_NAME "\\" KNOWN;
+
+	status = smb_raw_open(tree, mem_ctx, &open_parms);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smbcli_close(tree, open_parms.ntcreatex.out.file.fnum);
+
+	result[CXD_DIR_ENUMERATE] = NT_STATUS_OK;
+
+	/* try to create a child */
+	ZERO_STRUCT(open_parms);
+	open_parms.generic.level = RAW_OPEN_NTCREATEX;
+	open_parms.ntcreatex.in.flags = 0;
+	open_parms.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	open_parms.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	open_parms.ntcreatex.in.share_access = 0;
+	open_parms.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	open_parms.ntcreatex.in.create_options = 0;
+	open_parms.ntcreatex.in.fname = CHILD;
+	open_parms.ntcreatex.in.root_fid.fnum = fnum;
+
+	result[CXD_DIR_CREATE_CHILD] =
+	    smb_raw_open(tree, mem_ctx, &open_parms);
+	smbcli_close(tree, open_parms.ntcreatex.out.file.fnum);
+
+	/* try to traverse dir to known good file */
+	ZERO_STRUCT(open_parms);
+	open_parms.generic.level = RAW_OPEN_NTCREATEX;
+	open_parms.ntcreatex.in.flags = 0;
+	open_parms.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	open_parms.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	open_parms.ntcreatex.in.share_access = 0;
+	open_parms.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	open_parms.ntcreatex.in.create_options = 0;
+	open_parms.ntcreatex.in.fname = KNOWN;
+	open_parms.ntcreatex.in.root_fid.fnum = fnum;
+
+	result[CXD_DIR_TRAVERSE] =
+	    smb_raw_open(tree, mem_ctx, &open_parms);
+
+
+	smbcli_close(tree, open_parms.ntcreatex.out.file.fnum);
+	smbcli_unlink(tree, CREATEX_NAME "\\" KNOWN);
+	smbcli_unlink(tree, CREATEX_NAME "\\" CHILD);
+
+ done:
+	return ret;
+}
+
+static bool createx_test_file(struct torture_context *tctx,
+    struct smbcli_tree *tree, int fnum, TALLOC_CTX *mem_ctx, NTSTATUS *result)
+{
+	union smb_read rd;
+	union smb_write wr;
+	char buf[256] = "";
+
+	memset(&rd, 0, sizeof(rd));
+	rd.readx.level = RAW_READ_READX;
+	rd.readx.in.file.fnum = fnum;
+	rd.readx.in.mincnt = sizeof(buf);
+	rd.readx.in.maxcnt = sizeof(buf);
+	rd.readx.out.data = (uint8_t *)buf;
+
+	result[CXD_FILE_READ] = smb_raw_read(tree, &rd);
+
+	memset(&wr, 0, sizeof(wr));
+	wr.writex.level = RAW_WRITE_WRITEX;
+	wr.writex.in.file.fnum = fnum;
+	wr.writex.in.count = sizeof(buf);
+	wr.writex.in.data = (uint8_t *)buf;
+
+	result[CXD_FILE_WRITE] = smb_raw_write(tree, &wr);
+
+	memset(&rd, 0, sizeof(rd));
+	rd.readx.level = RAW_READ_READX;
+	rd.readx.in.file.fnum = fnum;
+	rd.readx.in.mincnt = sizeof(buf);
+	rd.readx.in.maxcnt = sizeof(buf);
+	rd.readx.in.read_for_execute = 1;
+	rd.readx.out.data = (uint8_t *)buf;
+
+	result[CXD_FILE_EXECUTE] = smb_raw_read(tree, &rd);
+
+	return true;
+}
+
+/* TODO When redirecting stdout to a file, the progress bar really screws up
+ * the output. Could use a switch "--noprogress", or direct the progress bar to
+ * stderr? No other solution? */
+static void createx_progress_bar(struct torture_context *tctx, unsigned int i,
+    unsigned int total, unsigned int skipped)
+{
+	if (torture_setting_bool(tctx, "progress", true)) {
+		torture_comment(tctx, "%5d/%5d (%d skipped)\r", i, total,
+		    skipped);
+		fflush(stdout);
+	}
+}
+
+static bool torture_createx_specific(struct torture_context *tctx, struct
+    smbcli_state *cli, struct smbcli_state *cli2, TALLOC_CTX *mem_ctx, struct
+    createx_data *cxd, int estimated_count)
+{
+	static int call_count = 1;
+	static int unskipped_call_count = 1;
+	const char *fname = CREATEX_NAME;
+	int fnum = -1, fnum2 = -1, res, i;
+	union smb_open open_parms1, open_parms2;
+	bool ret = true;
+	bool is_dir = cxd->cxd_flags & CXD_FLAGS_DIRECTORY;
+	NTSTATUS *result = &cxd->cxd_result[0];
+	NTSTATUS *result2 = &cxd->cxd_result2[0];
+	bool found = false, failed = false;
+
+	bool (*make_func)(struct torture_context *,
+	    struct smbcli_tree *, TALLOC_CTX *, const char *);
+	void (*fill_func)(union smb_open *, int, int, const char *);
+	bool (*test_func)(struct torture_context *,
+	    struct smbcli_tree *, int, TALLOC_CTX *, NTSTATUS *);
+	NTSTATUS (*destroy_func)(struct smbcli_tree *, const char *);
+
+	if (is_dir) {
+		make_func = createx_make_dir;
+		fill_func = createx_fill_dir;
+		test_func = createx_test_dir;
+		destroy_func = smbcli_rmdir;
+	} else {
+		make_func = createx_make_file;
+		fill_func = createx_fill_file;
+		test_func = createx_test_file;
+		destroy_func = smbcli_unlink;
+	}
+
+	/* Skip all SACL related tests. */
+	if ((!torture_setting_bool(tctx, "sacl_support", true)) &&
+	    ((cxd->cxd_access1 & SEC_FLAG_SYSTEM_SECURITY) ||
+	     (cxd->cxd_access2 & SEC_FLAG_SYSTEM_SECURITY)))
+		goto done;
+
+	if (cxd->cxd_flags & CXD_FLAGS_MAKE_BEFORE_CREATEX) {
+		ret = make_func(tctx, cli->tree, mem_ctx, fname);
+		if (!ret) {
+			torture_result(tctx, TORTURE_FAIL,
+				"Initial creation failed\n");
+			goto done;
+		}
+	}
+
+	/* Initialize. */
+	fill_func(&open_parms1, cxd->cxd_access1, cxd->cxd_sharemode1, fname);
+
+	if (cxd->cxd_test == CXD_TEST_CREATEX_SHAREMODE) {
+		fill_func(&open_parms2, cxd->cxd_access2, cxd->cxd_sharemode2,
+		    fname);
+	}
+
+	for (i = CXD_CREATEX + 1; i < CXD_MAX; i++) {
+		result[i] = NT_STATUS_UNSUCCESSFUL;
+		result2[i] = NT_STATUS_UNSUCCESSFUL;
+	}
+
+	/* Perform open(s). */
+	result[CXD_CREATEX] = smb_raw_open(cli->tree, mem_ctx, &open_parms1);
+	if (NT_STATUS_IS_OK(result[CXD_CREATEX])) {
+		fnum = open_parms1.ntcreatex.out.file.fnum;
+		ret = test_func(tctx, cli->tree, fnum, mem_ctx, result);
+		smbcli_close(cli->tree, fnum);
+	}
+
+	if (cxd->cxd_test == CXD_TEST_CREATEX_SHAREMODE) {
+		result2[CXD_CREATEX] = smb_raw_open(cli2->tree, mem_ctx,
+		    &open_parms2);
+		if (NT_STATUS_IS_OK(result2[CXD_CREATEX])) {
+			fnum2 = open_parms2.ntcreatex.out.file.fnum;
+			ret = test_func(tctx, cli2->tree, fnum2, mem_ctx,
+			    result2);
+			smbcli_close(cli2->tree, fnum2);
+		}
+	}
+
+	if (data_file_fd >= 0) {
+		size_t cxd_len = sizeof(struct createx_data);
+		found = true;
+		res = write(data_file_fd, cxd, cxd_len);
+		if (res != cxd_len) {
+			torture_result(tctx, TORTURE_FAIL,
+				"(%s): write failed: %s!",
+				__location__, strerror(errno));
+			ret = false;
+		}
+	} else if ((res = cxd_find_known(cxd)) >= 0) {
+		found = true;
+		for (i = 0; i < CXD_MAX; i++) {
+			/* Note: COMPARE_STATUS will set the "failed" bool. */
+			COMPARE_STATUS(result[i], cxd_known[res].cxd_result[i]);
+			if (i == 0 && !NT_STATUS_IS_OK(result[i]))
+				break;
+
+			if (cxd->cxd_test == CXD_TEST_CREATEX_SHAREMODE) {
+				COMPARE_STATUS(result2[i],
+				    cxd_known[res].cxd_result2[i]);
+				if (i == 0 && !NT_STATUS_IS_OK(result2[i]))
+					break;
+			}
+		}
+	}
+
+	/* We print if its not in the "cxd_known" list or if we fail. */
+	if (!found || failed) {
+		torture_comment(tctx,
+		    "  { .cxd_test = %d, .cxd_flags = %#3x, "
+		    ".cxd_access1 = %#10x, .cxd_sharemode1=%1x, "
+		    ".cxd_access2=%#10x, .cxd_sharemode2=%1x, "
+		    ".cxd_result = { ", cxd->cxd_test, cxd->cxd_flags,
+		    cxd->cxd_access1, cxd->cxd_sharemode1, cxd->cxd_access2,
+		    cxd->cxd_sharemode2);
+		for (i = 0; i < CXD_MAX; i++) {
+			torture_comment(tctx, "%s, ", nt_errstr(result[i]));
+			if (i == 0 && !NT_STATUS_IS_OK(result[i]))
+				break;
+		}
+		torture_comment(tctx, "}");
+		if (cxd->cxd_test == CXD_TEST_CREATEX_SHAREMODE) {
+			torture_comment(tctx, ", .cxd_result2 = { ");
+			for (i = 0; i < CXD_MAX; i++) {
+				torture_comment(tctx, "%s, ",
+						nt_errstr(result2[i]));
+				if (i == 0 && !NT_STATUS_IS_OK(result2[i]))
+					break;
+			}
+			torture_comment(tctx, "}");
+		}
+		torture_comment(tctx, "}, \n");
+	} else {
+		createx_progress_bar(tctx, call_count, estimated_count,
+		    call_count - unskipped_call_count);
+	}
+	/* Count tests that we didn't skip. */
+	unskipped_call_count++;
+ done:
+	call_count++;
+
+	destroy_func(cli->tree, fname);
+	return ret;
+}
+
+uint32_t sec_access_bit_groups[] = {
+	SEC_RIGHTS_FILE_READ,
+	SEC_RIGHTS_FILE_WRITE,
+	SEC_RIGHTS_FILE_EXECUTE
+};
+#define NUM_ACCESS_GROUPS     (sizeof(sec_access_bit_groups) / sizeof(uint32_t))
+#define ACCESS_GROUPS_COUNT   ((1 << NUM_ACCESS_GROUPS))
+#define BITSINBYTE 8
+
+/* Note: See NTCREATEX_SHARE_ACCESS_{NONE,READ,WRITE,DELETE} for share mode
+ * declarations. */
+#define NUM_SHAREMODE_PERMUTATIONS 8
+
+/**
+ * NTCREATEX and SHARE MODE test.
+ *
+ * Open with combinations of (access_mode, share_mode).
+ *  - Check status
+ * Open 2nd time with combination of (access_mode2, share_mode2).
+ *  - Check status
+ * Perform operations to verify?
+ *  - Read
+ *  - Write
+ *  - Delete
+ */
+bool torture_createx_sharemodes(struct torture_context *tctx,
+				struct smbcli_state *cli,
+				struct smbcli_state *cli2,
+				bool dir,
+				bool extended)
+{
+	TALLOC_CTX *mem_ctx;
+	bool ret = true;
+	int i, j, est;
+	int gp1, gp2; /* group permuters */
+	struct createx_data cxd = {0};
+	int num_access_bits1 = sizeof(cxd.cxd_access1) * BITSINBYTE;
+	int num_access_bits2 = sizeof(cxd.cxd_access2) * BITSINBYTE;
+
+	mem_ctx = talloc_init("createx_sharemodes");
+	if (!mem_ctx)
+		return false;
+
+	if (!torture_setting_bool(tctx, "sacl_support", true))
+		torture_warning(tctx, "Skipping SACL related tests!\n");
+
+	cxd.cxd_test = extended ? CXD_TEST_CREATEX_SHAREMODE_EXTENDED :
+	    CXD_TEST_CREATEX_SHAREMODE;
+	cxd.cxd_flags = dir ? CXD_FLAGS_DIRECTORY: 0;
+
+	/* HACK for progress bar: figure out estimated count. */
+	est = (NUM_SHAREMODE_PERMUTATIONS * NUM_SHAREMODE_PERMUTATIONS) *
+	    ((ACCESS_GROUPS_COUNT * ACCESS_GROUPS_COUNT) +
+	     (extended ? num_access_bits1 * num_access_bits2 : 0));
+
+	/* Blank slate. */
+	smbcli_deltree(cli->tree, CREATEX_NAME);
+	smbcli_unlink(cli->tree, CREATEX_NAME);
+
+	/* Choose 2 random share modes. */
+	for (cxd.cxd_sharemode1 = 0;
+	     cxd.cxd_sharemode1 < NUM_SHAREMODE_PERMUTATIONS;
+	     cxd.cxd_sharemode1++) {
+		for (cxd.cxd_sharemode2 = 0;
+		     cxd.cxd_sharemode2 < NUM_SHAREMODE_PERMUTATIONS;
+		     cxd.cxd_sharemode2++) {
+
+			/* Permutate through our access_bit_groups. */
+			for (gp1 = 0; gp1 < ACCESS_GROUPS_COUNT; gp1++) {
+				for (gp2 = 0; gp2 < ACCESS_GROUPS_COUNT; gp2++)
+				{
+					cxd.cxd_access1 = cxd.cxd_access2 = 0;
+
+					for (i = 0; i < NUM_ACCESS_GROUPS; i++)
+					{
+						cxd.cxd_access1 |=
+						    (gp1 & (1 << i)) ?
+						    sec_access_bit_groups[i]:0;
+						cxd.cxd_access2 |=
+						    (gp2 & (1 << i)) ?
+						    sec_access_bit_groups[i]:0;
+					}
+
+					torture_createx_specific(tctx, cli,
+					   cli2, mem_ctx, &cxd, est);
+				}
+			}
+
+			/* Only do the single access bits on an extended run. */
+			if (!extended)
+				continue;
+
+			for (i = 0; i < num_access_bits1; i++) {
+				for (j = 0; j < num_access_bits2; j++) {
+					cxd.cxd_access1 = 1ull << i;
+					cxd.cxd_access2 = 1ull << j;
+
+					torture_createx_specific(tctx, cli,
+					    cli2, mem_ctx, &cxd, est);
+				}
+			}
+		}
+	}
+	torture_comment(tctx, "\n");
+
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+bool torture_createx_sharemodes_file(struct torture_context *tctx,
+    struct smbcli_state *cli, struct smbcli_state *cli2)
+{
+	return torture_createx_sharemodes(tctx, cli, cli2, false, false);
+}
+
+bool torture_createx_sharemodes_dir(struct torture_context *tctx,
+    struct smbcli_state *cli, struct smbcli_state *cli2)
+{
+	return torture_createx_sharemodes(tctx, cli, cli2, true, false);
+}
+
+bool torture_createx_access(struct torture_context *tctx,
+    struct smbcli_state *cli)
+{
+	TALLOC_CTX *mem_ctx;
+	bool ret = true;
+	uint32_t group_permuter;
+	uint32_t i;
+	struct createx_data cxd = {0};
+	int est;
+	int num_access_bits = sizeof(cxd.cxd_access1) * BITSINBYTE;
+
+	mem_ctx = talloc_init("createx_dir");
+	if (!mem_ctx)
+		return false;
+
+	if (!torture_setting_bool(tctx, "sacl_support", true))
+		torture_warning(tctx, "Skipping SACL related tests!\n");
+
+	cxd.cxd_test = CXD_TEST_CREATEX_ACCESS;
+
+	/* HACK for progress bar: figure out estimated count. */
+	est = CXD_FLAGS_COUNT * (ACCESS_GROUPS_COUNT + (num_access_bits * 3));
+
+	/* Blank slate. */
+	smbcli_deltree(cli->tree, CREATEX_NAME);
+	smbcli_unlink(cli->tree, CREATEX_NAME);
+
+	for (cxd.cxd_flags = 0; cxd.cxd_flags <= CXD_FLAGS_MASK;
+	     cxd.cxd_flags++) {
+		/**
+		 * This implements a basic permutation of all elements of
+		 * 'bit_group'.  group_permuter is a bit field representing
+		 * which groups to turn on.
+		*/
+		for (group_permuter = 0; group_permuter < (1 <<
+			NUM_ACCESS_GROUPS); group_permuter++) {
+			for (i = 0, cxd.cxd_access1 = 0;
+			     i < NUM_ACCESS_GROUPS; i++) {
+				cxd.cxd_access1 |= (group_permuter & (1 << i))
+				    ? sec_access_bit_groups[i] : 0;
+			}
+
+			torture_createx_specific(tctx, cli, NULL, mem_ctx,
+			    &cxd, est);
+		}
+		for (i = 0; i < num_access_bits; i++) {
+			/* And now run through the single access bits. */
+			cxd.cxd_access1 = 1 << i;
+			torture_createx_specific(tctx, cli, NULL, mem_ctx,
+			    &cxd, est);
+
+			/* Does SEC_FLAG_MAXIMUM_ALLOWED override? */
+			cxd.cxd_access1 |= SEC_FLAG_MAXIMUM_ALLOWED;
+			torture_createx_specific(tctx, cli, NULL, mem_ctx,
+			    &cxd, est);
+
+			/* What about SEC_FLAG_SYSTEM_SECURITY? */
+			cxd.cxd_access1 |= SEC_FLAG_SYSTEM_SECURITY;
+			torture_createx_specific(tctx, cli, NULL, mem_ctx,
+			    &cxd, est);
+		}
+	}
+
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+#define ACCESS_KNOWN_MASK 0xF31F01FFull
+
+bool torture_createx_access_exhaustive(struct torture_context *tctx,
+    struct smbcli_state *cli)
+{
+	char *data_file;
+	TALLOC_CTX *mem_ctx;
+	bool ret = true, first;
+	uint32_t i;
+	struct createx_data cxd = {0};
+
+	mem_ctx = talloc_init("createx_dir");
+	if (!mem_ctx)
+		return false;
+
+	if (!torture_setting_bool(tctx, "sacl_support", true))
+		torture_warning(tctx, "Skipping SACL related tests!\n");
+
+	data_file = getenv("CREATEX_DATA");
+	if (data_file) {
+		data_file_fd = open(data_file, O_WRONLY|O_CREAT|O_TRUNC, 0666);
+		if (data_file_fd < 0) {
+			torture_result(tctx, TORTURE_FAIL,
+				"(%s): data file open failed: %s!",
+				__location__, strerror(errno));
+			ret = false;
+			goto done;
+		}
+	}
+
+	/* Blank slate. */
+	smbcli_deltree(cli->tree, CREATEX_NAME);
+	smbcli_unlink(cli->tree, CREATEX_NAME);
+
+	cxd.cxd_test = CXD_TEST_CREATEX_ACCESS_EXHAUSTIVE;
+
+	for (cxd.cxd_flags = 0; cxd.cxd_flags <= CXD_FLAGS_MASK;
+	     cxd.cxd_flags++) {
+		for (i = 0, first = true; (i != 0) || first; first = false,
+		     i = ((i | ~ACCESS_KNOWN_MASK) + 1) & ACCESS_KNOWN_MASK) {
+			cxd.cxd_access1 = i;
+			ret = torture_createx_specific(tctx, cli, NULL,
+			    mem_ctx, &cxd, 0);
+			if (!ret)
+				break;
+		}
+	}
+
+	close(data_file_fd);
+	data_file_fd = -1;
+
+ done:
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+#define MAXIMUM_ALLOWED_FILE    "torture_maximum_allowed"
+bool torture_maximum_allowed(struct torture_context *tctx,
+    struct smbcli_state *cli)
+{
+	struct security_descriptor *sd, *sd_orig;
+	union smb_open io;
+	static TALLOC_CTX *mem_ctx;
+	int fnum, i;
+	bool ret = true;
+	NTSTATUS status;
+	union smb_fileinfo q;
+	const char *owner_sid;
+	bool has_restore_privilege, has_backup_privilege, has_system_security_privilege;
+
+	mem_ctx = talloc_init("torture_maximum_allowed");
+
+	if (!torture_setting_bool(tctx, "sacl_support", true))
+		torture_warning(tctx, "Skipping SACL related tests!\n");
+
+	sd = security_descriptor_dacl_create(mem_ctx,
+	    0, NULL, NULL,
+	    SID_NT_AUTHENTICATED_USERS,
+	    SEC_ACE_TYPE_ACCESS_ALLOWED,
+	    SEC_RIGHTS_FILE_READ,
+	    0, NULL);
+
+	/* Blank slate */
+	smbcli_unlink(cli->tree, MAXIMUM_ALLOWED_FILE);
+
+	/* create initial file with restrictive SD */
+	memset(&io, 0, sizeof(io));
+	io.generic.level = RAW_OPEN_NTTRANS_CREATE;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.fname = MAXIMUM_ALLOWED_FILE;
+	io.ntcreatex.in.sec_desc = sd;
+
+	status = smb_raw_open(cli->tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	/* the correct answers for this test depends on whether the
+	   user has restore privileges. To find that out we first need
+	   to know our SID - get it from the owner_sid of the file we
+	   just created */
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.fnum = fnum;
+	q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+	status = smb_raw_fileinfo(cli->tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	sd_orig = q.query_secdesc.out.sd;
+
+	owner_sid = dom_sid_string(tctx, sd_orig->owner_sid);
+
+	status = torture_check_privilege(cli, 
+					 owner_sid, 
+					 sec_privilege_name(SEC_PRIV_RESTORE));
+	has_restore_privilege = NT_STATUS_IS_OK(status);
+	torture_comment(tctx, "Checked SEC_PRIV_RESTORE for %s - %s\n", 
+			owner_sid,
+			has_restore_privilege?"Yes":"No");
+
+	status = torture_check_privilege(cli, 
+					 owner_sid, 
+					 sec_privilege_name(SEC_PRIV_BACKUP));
+	has_backup_privilege = NT_STATUS_IS_OK(status);
+	torture_comment(tctx, "Checked SEC_PRIV_BACKUP for %s - %s\n", 
+			owner_sid,
+			has_backup_privilege?"Yes":"No");
+
+	status = torture_check_privilege(cli,
+					 owner_sid,
+					 sec_privilege_name(SEC_PRIV_SECURITY));
+	has_system_security_privilege = NT_STATUS_IS_OK(status);
+	torture_comment(tctx, "Checked SEC_PRIV_SECURITY for %s - %s\n",
+			owner_sid,
+			has_system_security_privilege?"Yes":"No");
+
+	smbcli_close(cli->tree, fnum);
+
+	for (i = 0; i < 32; i++) {
+		uint32_t mask = SEC_FLAG_MAXIMUM_ALLOWED | (1u << i);
+		/*
+		 * SEC_GENERIC_EXECUTE is a complete subset of
+		 * SEC_GENERIC_READ when mapped to specific bits,
+		 * so we need to include it in the basic OK mask.
+		 */
+		uint32_t ok_mask = SEC_RIGHTS_FILE_READ | SEC_GENERIC_READ | SEC_GENERIC_EXECUTE |
+			SEC_STD_DELETE | SEC_STD_WRITE_DAC;
+
+		/*
+		 * Now SEC_RIGHTS_PRIV_RESTORE and SEC_RIGHTS_PRIV_BACKUP
+		 * don't include any generic bits (they're used directly
+		 * in the fileserver where the generic bits have already
+		 * been mapped into file specific bits) we need to add the
+		 * generic bits to the ok_mask when we have these privileges.
+		 */
+		if (has_restore_privilege) {
+			ok_mask |= SEC_RIGHTS_PRIV_RESTORE|SEC_GENERIC_WRITE;
+		}
+		if (has_backup_privilege) {
+			ok_mask |= SEC_RIGHTS_PRIV_BACKUP|SEC_GENERIC_READ;
+		}
+		if (has_system_security_privilege) {
+			ok_mask |= SEC_FLAG_SYSTEM_SECURITY;
+		}
+
+		/* Skip all SACL related tests. */
+		if ((!torture_setting_bool(tctx, "sacl_support", true)) &&
+		    (mask & SEC_FLAG_SYSTEM_SECURITY))
+			continue;
+
+		memset(&io, 0, sizeof(io));
+		io.generic.level = RAW_OPEN_NTTRANS_CREATE;
+		io.ntcreatex.in.access_mask = mask;
+		io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+		io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+		io.ntcreatex.in.impersonation =
+		    NTCREATEX_IMPERSONATION_ANONYMOUS;
+		io.ntcreatex.in.fname = MAXIMUM_ALLOWED_FILE;
+
+		status = smb_raw_open(cli->tree, mem_ctx, &io);
+		if (mask & ok_mask ||
+		    mask == SEC_FLAG_MAXIMUM_ALLOWED) {
+			CHECK_STATUS(status, NT_STATUS_OK);
+		} else {
+			if (mask & SEC_FLAG_SYSTEM_SECURITY) {
+				CHECK_STATUS(status, NT_STATUS_PRIVILEGE_NOT_HELD);
+			} else {
+				CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+			}
+		}
+
+		fnum = io.ntcreatex.out.file.fnum;
+
+		smbcli_close(cli->tree, fnum);
+	}
+
+ done:
+	smbcli_unlink(cli->tree, MAXIMUM_ALLOWED_FILE);
+	return ret;
+}
diff --git a/source4/torture/basic/dir.c b/source4/torture/basic/dir.c
new file mode 100644
index 0000000..2a3d136
--- /dev/null
+++ b/source4/torture/basic/dir.c
@@ -0,0 +1,171 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   directory scanning tests
+
+   Copyright (C) Andrew Tridgell 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "system/filesys.h"
+#include "torture/basic/proto.h"
+
+static void list_fn(struct clilist_file_info *finfo, const char *name, void *state)
+{
+	
+}
+
+/*
+  test directory listing speed
+ */
+bool torture_dirtest1(struct torture_context *tctx, 
+		      struct smbcli_state *cli)
+{
+	int i;
+	int fnum;
+	bool correct = true;
+	extern int torture_numops;
+	struct timeval tv;
+	int ret;
+
+	torture_comment(tctx, "Creating %d random filenames\n", torture_numops);
+
+	srandom(0);
+	tv = timeval_current();
+	for (i=0;i<torture_numops;i++) {
+		char *fname;
+		ret = asprintf(&fname, "\\%x", (int)random());
+		torture_assert(tctx, ret != -1, "asprintf failed");
+		fnum = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+		if (fnum == -1) {
+			fprintf(stderr,"(%s) Failed to open %s\n", 
+				__location__, fname);
+			return false;
+		}
+		smbcli_close(cli->tree, fnum);
+		free(fname);
+	}
+
+	torture_comment(tctx, "Matched %d\n", smbcli_list(cli->tree, "a*.*", 0, list_fn, NULL));
+	torture_comment(tctx, "Matched %d\n", smbcli_list(cli->tree, "b*.*", 0, list_fn, NULL));
+	torture_comment(tctx, "Matched %d\n", smbcli_list(cli->tree, "xyzabc", 0, list_fn, NULL));
+
+	torture_comment(tctx, "dirtest core %g seconds\n", timeval_elapsed(&tv));
+
+	srandom(0);
+	for (i=0;i<torture_numops;i++) {
+		char *fname;
+		ret = asprintf(&fname, "\\%x", (int)random());
+		torture_assert(tctx, ret != -1, "asprintf failed");
+		smbcli_unlink(cli->tree, fname);
+		free(fname);
+	}
+
+	return correct;
+}
+
+bool torture_dirtest2(struct torture_context *tctx, 
+		      struct smbcli_state *cli)
+{
+	int i;
+	int fnum, num_seen;
+	bool correct = true;
+	extern int torture_entries;
+	int ret;
+
+	if (!torture_setup_dir(cli, "\\LISTDIR")) {
+		return false;
+	}
+
+	torture_comment(tctx, "Creating %d files\n", torture_entries);
+
+	/* Create torture_entries files and torture_entries directories. */
+	for (i=0;i<torture_entries;i++) {
+		char *fname;
+		ret = asprintf(&fname, "\\LISTDIR\\f%d", i);
+		torture_assert(tctx, ret != -1, "asprintf failed");
+		fnum = smbcli_nt_create_full(cli->tree, fname, 0, 
+					     SEC_RIGHTS_FILE_ALL,
+					     FILE_ATTRIBUTE_ARCHIVE,
+					     NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE, 
+					     NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
+		if (fnum == -1) {
+			fprintf(stderr,"(%s) Failed to open %s, error=%s\n", 
+				__location__, fname, smbcli_errstr(cli->tree));
+			return false;
+		}
+		free(fname);
+		smbcli_close(cli->tree, fnum);
+	}
+	for (i=0;i<torture_entries;i++) {
+		char *fname;
+		ret = asprintf(&fname, "\\LISTDIR\\d%d", i);
+		torture_assert(tctx, ret != -1, "asprintf failed");
+		if (NT_STATUS_IS_ERR(smbcli_mkdir(cli->tree, fname))) {
+			fprintf(stderr,"(%s) Failed to open %s, error=%s\n", 
+				__location__, fname, smbcli_errstr(cli->tree));
+			return false;
+		}
+		free(fname);
+	}
+
+	/* Now ensure that doing an old list sees both files and directories. */
+	num_seen = smbcli_list_old(cli->tree, "\\LISTDIR\\*", FILE_ATTRIBUTE_DIRECTORY, list_fn, NULL);
+	torture_comment(tctx, "num_seen = %d\n", num_seen );
+	/* We should see (torture_entries) each of files & directories + . and .. */
+	if (num_seen != (2*torture_entries)+2) {
+		correct = false;
+		fprintf(stderr,"(%s) entry count mismatch, should be %d, was %d\n",
+			__location__, (2*torture_entries)+2, num_seen);
+	}
+		
+
+	/* Ensure if we have the "must have" bits we only see the
+	 * relevant entries.
+	 */
+	num_seen = smbcli_list_old(cli->tree, "\\LISTDIR\\*", (FILE_ATTRIBUTE_DIRECTORY<<8)|FILE_ATTRIBUTE_DIRECTORY, list_fn, NULL);
+	torture_comment(tctx, "num_seen = %d\n", num_seen );
+	if (num_seen != torture_entries+2) {
+		correct = false;
+		fprintf(stderr,"(%s) entry count mismatch, should be %d, was %d\n",
+			__location__, torture_entries+2, num_seen);
+	}
+
+	num_seen = smbcli_list_old(cli->tree, "\\LISTDIR\\*", (FILE_ATTRIBUTE_ARCHIVE<<8)|FILE_ATTRIBUTE_DIRECTORY, list_fn, NULL);
+	torture_comment(tctx, "num_seen = %d\n", num_seen );
+	if (num_seen != torture_entries) {
+		correct = false;
+		fprintf(stderr,"(%s) entry count mismatch, should be %d, was %d\n",
+			__location__, torture_entries, num_seen);
+	}
+
+	/* Delete everything. */
+	if (smbcli_deltree(cli->tree, "\\LISTDIR") == -1) {
+		fprintf(stderr,"(%s) Failed to deltree %s, error=%s\n", "\\LISTDIR", 
+			__location__, smbcli_errstr(cli->tree));
+		return false;
+	}
+
+#if 0
+	torture_comment(tctx, "Matched %d\n", smbcli_list(cli->tree, "a*.*", 0, list_fn, NULL));
+	torture_comment(tctx, "Matched %d\n", smbcli_list(cli->tree, "b*.*", 0, list_fn, NULL));
+	torture_comment(tctx, "Matched %d\n", smbcli_list(cli->tree, "xyzabc", 0, list_fn, NULL));
+#endif
+
+	return correct;
+}
diff --git a/source4/torture/basic/disconnect.c b/source4/torture/basic/disconnect.c
new file mode 100644
index 0000000..7fb87d8
--- /dev/null
+++ b/source4/torture/basic/disconnect.c
@@ -0,0 +1,182 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   test server handling of unexpected client disconnects
+
+   Copyright (C) Andrew Tridgell 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "torture/basic/proto.h"
+
+#define BASEDIR "\\test_disconnect"
+
+#define CHECK_STATUS(status, correct) do { \
+	if (!NT_STATUS_EQUAL(status, correct)) { \
+		printf("(%s) Incorrect status %s - should be %s\n", \
+		       __location__, nt_errstr(status), nt_errstr(correct)); \
+		talloc_free(cli); \
+		return false; \
+	}} while (0)
+
+/*
+  test disconnect after async open
+*/
+static bool test_disconnect_open(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
+{
+	union smb_open io;
+	struct smbcli_request *req1, *req2;
+	NTSTATUS status;
+
+	printf("trying open/disconnect\n");
+
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FILE_READ_DATA;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = BASEDIR "\\open.dat";
+	status = smb_raw_open(cli->tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	io.ntcreatex.in.share_access = 0;
+	req1 = smb_raw_open_send(cli->tree, &io);
+	req2 = smb_raw_open_send(cli->tree, &io);
+	if (!req1 || !req2) {
+		printf("test_disconnect_open: smb_raw_open_send() "
+			"returned NULL\n");
+		return false;
+	}
+
+	status = smbcli_chkpath(cli->tree, "\\");
+	CHECK_STATUS(status, NT_STATUS_OK);
+	
+	talloc_free(cli);
+
+	return true;
+}
+
+
+/*
+  test disconnect with timed lock
+*/
+static bool test_disconnect_lock(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
+{
+	union smb_lock io;
+	NTSTATUS status;
+	int fnum;
+	struct smbcli_request *req;
+	struct smb_lock_entry lock[1];
+
+	printf("trying disconnect with async lock\n");
+
+	fnum = smbcli_open(cli->tree, BASEDIR "\\write.dat", 
+			   O_RDWR | O_CREAT, DENY_NONE);
+	if (fnum == -1) {
+		printf("open failed in mux_write - %s\n", smbcli_errstr(cli->tree));
+		return false;
+	}
+
+	io.lockx.level = RAW_LOCK_LOCKX;
+	io.lockx.in.file.fnum = fnum;
+	io.lockx.in.mode = 0;
+	io.lockx.in.timeout = 0;
+	io.lockx.in.lock_cnt = 1;
+	io.lockx.in.ulock_cnt = 0;
+	lock[0].pid = 1;
+	lock[0].offset = 0;
+	lock[0].count = 4;
+	io.lockx.in.locks = &lock[0];
+
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	lock[0].pid = 2;
+	io.lockx.in.timeout = 3000;
+	req = smb_raw_lock_send(cli->tree, &io);
+	if (!req) {
+		printf("test_disconnect_lock: smb_raw_lock_send() "
+			"returned NULL\n");
+		return false;
+	}
+
+	status = smbcli_chkpath(cli->tree, "\\");
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	talloc_free(cli);
+
+	return true;
+}
+
+
+
+/* 
+   basic testing of disconnects
+*/
+bool torture_disconnect(struct torture_context *torture)
+{
+	bool ret = true;
+	TALLOC_CTX *mem_ctx;
+	int i;
+	extern int torture_numops;
+	struct smbcli_state *cli;
+
+	mem_ctx = talloc_init("torture_raw_mux");
+
+	if (!torture_open_connection(&cli, torture, 0)) {
+		return false;
+	}
+
+	torture_assert(torture, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	for (i=0;i<torture_numops;i++) {
+		ret &= test_disconnect_lock(cli, mem_ctx);
+		if (!torture_open_connection(&cli, torture, 0)) {
+			return false;
+		}
+
+		ret &= test_disconnect_open(cli, mem_ctx);
+		if (!torture_open_connection(&cli, torture, 0)) {
+			return false;
+		}
+
+		if (torture_setting_bool(torture, "samba3", false)) {
+			/*
+			 * In Samba3 it might happen that the old smbd from
+			 * test_disconnect_lock is not scheduled before the
+			 * new process comes in. Try to get rid of the random
+			 * failures in the build farm.
+			 */
+			smb_msleep(200);
+		}
+	}
+
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	talloc_free(mem_ctx);
+	return ret;
+}
diff --git a/source4/torture/basic/locking.c b/source4/torture/basic/locking.c
new file mode 100644
index 0000000..e0e2971
--- /dev/null
+++ b/source4/torture/basic/locking.c
@@ -0,0 +1,811 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   basic locking tests
+
+   Copyright (C) Andrew Tridgell 2000-2004
+   Copyright (C) Jeremy Allison 2000-2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "system/time.h"
+#include "system/filesys.h"
+#include "torture/basic/proto.h"
+
+#define BASEDIR "\\locktest"
+
+/*
+  This test checks for two things:
+
+  1) correct support for retaining locks over a close (ie. the server
+     must not use posix semantics)
+  2) support for lock timeouts
+ */
+static bool torture_locktest1(struct torture_context *tctx, 
+			      struct smbcli_state *cli1,
+			      struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\lockt1.lck";
+	int fnum1, fnum2, fnum3;
+	time_t t1, t2;
+	unsigned int lock_timeout;
+
+	torture_assert(tctx, torture_setup_dir(cli1, BASEDIR),
+		       talloc_asprintf(tctx, "Unable to set up %s", BASEDIR));
+
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	torture_assert(tctx, fnum1 != -1,
+				   talloc_asprintf(tctx, 
+		"open of %s failed (%s)\n", fname, smbcli_errstr(cli1->tree)));
+	fnum2 = smbcli_open(cli1->tree, fname, O_RDWR, DENY_NONE);
+	torture_assert(tctx, fnum2 != -1, talloc_asprintf(tctx, 
+		"open2 of %s failed (%s)\n", fname, smbcli_errstr(cli1->tree)));
+	fnum3 = smbcli_open(cli2->tree, fname, O_RDWR, DENY_NONE);
+	torture_assert(tctx, fnum3 != -1, talloc_asprintf(tctx, 
+		"open3 of %s failed (%s)\n", fname, smbcli_errstr(cli2->tree)));
+
+	torture_assert_ntstatus_ok(tctx, 
+		smbcli_lock(cli1->tree, fnum1, 0, 4, 0, WRITE_LOCK),
+		talloc_asprintf(tctx, "lock1 failed (%s)", smbcli_errstr(cli1->tree)));
+
+	torture_assert(tctx, 
+		!NT_STATUS_IS_OK(smbcli_lock(cli2->tree, fnum3, 0, 4, 0, WRITE_LOCK)),
+		"lock2 succeeded! This is a locking bug\n");
+
+	if (!check_error(__location__, cli2, ERRDOS, ERRlock, 
+			 NT_STATUS_LOCK_NOT_GRANTED)) return false;
+
+	torture_assert(tctx,
+		!NT_STATUS_IS_OK(smbcli_lock(cli2->tree, fnum3, 0, 4, 0, WRITE_LOCK)),
+		"lock2 succeeded! This is a locking bug\n");
+
+	if (!check_error(__location__, cli2, ERRDOS, ERRlock, 
+				 NT_STATUS_FILE_LOCK_CONFLICT)) return false;
+
+	torture_assert_ntstatus_ok(tctx, 
+		smbcli_lock(cli1->tree, fnum1, 5, 9, 0, WRITE_LOCK),
+		talloc_asprintf(tctx, 
+		"lock1 failed (%s)", smbcli_errstr(cli1->tree)));
+
+	torture_assert(tctx, 
+		!NT_STATUS_IS_OK(smbcli_lock(cli2->tree, fnum3, 5, 9, 0, WRITE_LOCK)),
+		"lock2 succeeded! This is a locking bug");
+	
+	if (!check_error(__location__, cli2, ERRDOS, ERRlock, 
+				 NT_STATUS_LOCK_NOT_GRANTED)) return false;
+
+	torture_assert(tctx, 
+		!NT_STATUS_IS_OK(smbcli_lock(cli2->tree, fnum3, 0, 4, 0, WRITE_LOCK)),
+		"lock2 succeeded! This is a locking bug");
+	
+	if (!check_error(__location__, cli2, ERRDOS, ERRlock, 
+				 NT_STATUS_LOCK_NOT_GRANTED)) return false;
+
+	torture_assert(tctx, 
+		!NT_STATUS_IS_OK(smbcli_lock(cli2->tree, fnum3, 0, 4, 0, WRITE_LOCK)),
+		"lock2 succeeded! This is a locking bug");
+
+	if (!check_error(__location__, cli2, ERRDOS, ERRlock, 
+			 NT_STATUS_FILE_LOCK_CONFLICT)) return false;
+
+	lock_timeout = (6 + (random() % 20));
+	torture_comment(tctx, "Testing lock timeout with timeout=%u\n", 
+					lock_timeout);
+	t1 = time_mono(NULL);
+	torture_assert(tctx, 
+		!NT_STATUS_IS_OK(smbcli_lock(cli2->tree, fnum3, 0, 4, lock_timeout * 1000, WRITE_LOCK)),
+		"lock3 succeeded! This is a locking bug\n");
+
+	if (!check_error(__location__, cli2, ERRDOS, ERRlock, 
+				 NT_STATUS_FILE_LOCK_CONFLICT)) return false;
+	t2 = time_mono(NULL);
+
+	if (t2 - t1 < 5) {
+		torture_fail(tctx, 
+			"error: This server appears not to support timed lock requests");
+	}
+	torture_comment(tctx, "server slept for %u seconds for a %u second timeout\n",
+	       (unsigned int)(t2-t1), lock_timeout);
+
+	torture_assert_ntstatus_ok(tctx, smbcli_close(cli1->tree, fnum2),
+		talloc_asprintf(tctx, "close1 failed (%s)", smbcli_errstr(cli1->tree)));
+
+	torture_assert(tctx, 
+		!NT_STATUS_IS_OK(smbcli_lock(cli2->tree, fnum3, 0, 4, 0, WRITE_LOCK)),
+		"lock4 succeeded! This is a locking bug");
+		
+	if (!check_error(__location__, cli2, ERRDOS, ERRlock, 
+			 NT_STATUS_FILE_LOCK_CONFLICT)) return false;
+
+	torture_assert_ntstatus_ok(tctx, smbcli_close(cli1->tree, fnum1),
+		talloc_asprintf(tctx, "close2 failed (%s)", smbcli_errstr(cli1->tree)));
+
+	torture_assert_ntstatus_ok(tctx, smbcli_close(cli2->tree, fnum3),
+		talloc_asprintf(tctx, "close3 failed (%s)", smbcli_errstr(cli2->tree)));
+
+	torture_assert_ntstatus_ok(tctx, smbcli_unlink(cli1->tree, fname),
+		talloc_asprintf(tctx, "unlink failed (%s)", smbcli_errstr(cli1->tree)));
+
+	return true;
+}
+
+
+/*
+  This test checks that 
+
+  1) the server supports multiple locking contexts on the one SMB
+  connection, distinguished by PID.  
+
+  2) the server correctly fails overlapping locks made by the same PID (this
+     goes against POSIX behaviour, which is why it is tricky to implement)
+
+  3) the server denies unlock requests by an incorrect client PID
+*/
+static bool torture_locktest2(struct torture_context *tctx,
+			      struct smbcli_state *cli)
+{
+	const char *fname = BASEDIR "\\lockt2.lck";
+	int fnum1, fnum2, fnum3;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR),
+		       talloc_asprintf(tctx, "Unable to set up %s", BASEDIR));
+
+	torture_comment(tctx, "Testing pid context\n");
+	
+	cli->session->pid = 1;
+
+	fnum1 = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	torture_assert(tctx, fnum1 != -1, 
+		talloc_asprintf(tctx, 
+		"open of %s failed (%s)", fname, smbcli_errstr(cli->tree)));
+
+	fnum2 = smbcli_open(cli->tree, fname, O_RDWR, DENY_NONE);
+	torture_assert(tctx, fnum2 != -1,
+		talloc_asprintf(tctx, "open2 of %s failed (%s)", 
+		       fname, smbcli_errstr(cli->tree)));
+
+	cli->session->pid = 2;
+
+	fnum3 = smbcli_open(cli->tree, fname, O_RDWR, DENY_NONE);
+	torture_assert(tctx, fnum3 != -1,
+		talloc_asprintf(tctx, 
+		"open3 of %s failed (%s)\n", fname, smbcli_errstr(cli->tree)));
+
+	cli->session->pid = 1;
+
+	torture_assert_ntstatus_ok(tctx, 
+		smbcli_lock(cli->tree, fnum1, 0, 4, 0, WRITE_LOCK),
+		talloc_asprintf(tctx, 
+		"lock1 failed (%s)", smbcli_errstr(cli->tree)));
+
+	torture_assert(tctx, 
+		!NT_STATUS_IS_OK(smbcli_lock(cli->tree, fnum1, 0, 4, 0, WRITE_LOCK)),
+		"WRITE lock1 succeeded! This is a locking bug");
+		
+	if (!check_error(__location__, cli, ERRDOS, ERRlock, 
+			 NT_STATUS_LOCK_NOT_GRANTED)) return false;
+
+	torture_assert(tctx, 
+		!NT_STATUS_IS_OK(smbcli_lock(cli->tree, fnum2, 0, 4, 0, WRITE_LOCK)),
+		"WRITE lock2 succeeded! This is a locking bug");
+
+	if (!check_error(__location__, cli, ERRDOS, ERRlock, 
+			 NT_STATUS_LOCK_NOT_GRANTED)) return false;
+
+	torture_assert(tctx, 
+		!NT_STATUS_IS_OK(smbcli_lock(cli->tree, fnum2, 0, 4, 0, READ_LOCK)),
+		"READ lock2 succeeded! This is a locking bug");
+
+	if (!check_error(__location__, cli, ERRDOS, ERRlock, 
+			 NT_STATUS_FILE_LOCK_CONFLICT)) return false;
+
+	torture_assert_ntstatus_ok(tctx, 
+		smbcli_lock(cli->tree, fnum1, 100, 4, 0, WRITE_LOCK),
+		talloc_asprintf(tctx, 
+		"lock at 100 failed (%s)", smbcli_errstr(cli->tree)));
+
+	cli->session->pid = 2;
+
+	torture_assert(tctx, 
+		!NT_STATUS_IS_OK(smbcli_unlock(cli->tree, fnum1, 100, 4)),
+		"unlock at 100 succeeded! This is a locking bug");
+
+	torture_assert(tctx, 
+		!NT_STATUS_IS_OK(smbcli_unlock(cli->tree, fnum1, 0, 4)),
+		"unlock1 succeeded! This is a locking bug");
+
+	if (!check_error(__location__, cli, 
+				 ERRDOS, ERRnotlocked, 
+				 NT_STATUS_RANGE_NOT_LOCKED)) return false;
+
+	torture_assert(tctx, 
+		!NT_STATUS_IS_OK(smbcli_unlock(cli->tree, fnum1, 0, 8)),
+		"unlock2 succeeded! This is a locking bug");
+
+	if (!check_error(__location__, cli, 
+			 ERRDOS, ERRnotlocked, 
+			 NT_STATUS_RANGE_NOT_LOCKED)) return false;
+
+	torture_assert(tctx, 
+		!NT_STATUS_IS_OK(smbcli_lock(cli->tree, fnum3, 0, 4, 0, WRITE_LOCK)),
+		"lock3 succeeded! This is a locking bug");
+
+	if (!check_error(__location__, cli, ERRDOS, ERRlock, NT_STATUS_LOCK_NOT_GRANTED)) return false;
+
+	cli->session->pid = 1;
+
+	torture_assert_ntstatus_ok(tctx, smbcli_close(cli->tree, fnum1), 
+		talloc_asprintf(tctx, "close1 failed (%s)", smbcli_errstr(cli->tree)));
+
+	torture_assert_ntstatus_ok(tctx, smbcli_close(cli->tree, fnum2),
+		talloc_asprintf(tctx, "close2 failed (%s)", smbcli_errstr(cli->tree)));
+
+	torture_assert_ntstatus_ok(tctx, smbcli_close(cli->tree, fnum3),
+		talloc_asprintf(tctx, "close3 failed (%s)", smbcli_errstr(cli->tree)));
+
+	return true;
+}
+
+
+/*
+  This test checks that 
+
+  1) the server supports the full offset range in lock requests
+*/
+static bool torture_locktest3(struct torture_context *tctx, 
+			      struct smbcli_state *cli1,
+			      struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\lockt3.lck";
+	int fnum1, fnum2, i;
+	uint32_t offset;
+	extern int torture_numops;
+
+#define NEXT_OFFSET offset += (~(uint32_t)0) / torture_numops
+
+	torture_comment(tctx, "Testing 32 bit offset ranges");
+
+	torture_assert(tctx, torture_setup_dir(cli1, BASEDIR),
+		       talloc_asprintf(tctx, "Unable to set up %s", BASEDIR));
+
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	torture_assert(tctx, fnum1 != -1, 
+		talloc_asprintf(tctx, "open of %s failed (%s)\n", fname, smbcli_errstr(cli1->tree)));
+	fnum2 = smbcli_open(cli2->tree, fname, O_RDWR, DENY_NONE);
+	torture_assert(tctx, fnum2 != -1,
+		talloc_asprintf(tctx, "open2 of %s failed (%s)\n", fname, smbcli_errstr(cli2->tree)));
+
+	torture_comment(tctx, "Establishing %d locks\n", torture_numops);
+
+	for (offset=i=0;i<torture_numops;i++) {
+		NEXT_OFFSET;
+		torture_assert_ntstatus_ok(tctx, 
+			smbcli_lock(cli1->tree, fnum1, offset-1, 1, 0, WRITE_LOCK),
+			talloc_asprintf(tctx, "lock1 %d failed (%s)", i, smbcli_errstr(cli1->tree)));
+
+		torture_assert_ntstatus_ok(tctx, 
+			smbcli_lock(cli2->tree, fnum2, offset-2, 1, 0, WRITE_LOCK),
+			talloc_asprintf(tctx, "lock2 %d failed (%s)", 
+			       i, smbcli_errstr(cli1->tree)));
+	}
+
+	torture_comment(tctx, "Testing %d locks\n", torture_numops);
+
+	for (offset=i=0;i<torture_numops;i++) {
+		NEXT_OFFSET;
+
+		torture_assert(tctx, 
+			!NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum1, offset-2, 1, 0, WRITE_LOCK)),
+			talloc_asprintf(tctx, "error: lock1 %d succeeded!", i));
+
+		torture_assert(tctx, 
+			!NT_STATUS_IS_OK(smbcli_lock(cli2->tree, fnum2, offset-1, 1, 0, WRITE_LOCK)),
+			talloc_asprintf(tctx, "error: lock2 %d succeeded!", i));
+
+		torture_assert(tctx, 
+			!NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum1, offset-1, 1, 0, WRITE_LOCK)),
+			talloc_asprintf(tctx, "error: lock3 %d succeeded!", i));
+
+		torture_assert(tctx, 
+			!NT_STATUS_IS_OK(smbcli_lock(cli2->tree, fnum2, offset-2, 1, 0, WRITE_LOCK)),
+			talloc_asprintf(tctx, "error: lock4 %d succeeded!", i));
+	}
+
+	torture_comment(tctx, "Removing %d locks\n", torture_numops);
+
+	for (offset=i=0;i<torture_numops;i++) {
+		NEXT_OFFSET;
+
+		torture_assert_ntstatus_ok(tctx, 
+					smbcli_unlock(cli1->tree, fnum1, offset-1, 1),
+					talloc_asprintf(tctx, "unlock1 %d failed (%s)", 
+			       i,
+			       smbcli_errstr(cli1->tree)));
+
+		torture_assert_ntstatus_ok(tctx, 
+			smbcli_unlock(cli2->tree, fnum2, offset-2, 1),
+			talloc_asprintf(tctx, "unlock2 %d failed (%s)", 
+			       i,
+			       smbcli_errstr(cli1->tree)));
+	}
+
+	torture_assert_ntstatus_ok(tctx, smbcli_close(cli1->tree, fnum1),
+		talloc_asprintf(tctx, "close1 failed (%s)", smbcli_errstr(cli1->tree)));
+
+	torture_assert_ntstatus_ok(tctx, smbcli_close(cli2->tree, fnum2),
+		talloc_asprintf(tctx, "close2 failed (%s)", smbcli_errstr(cli2->tree)));
+
+	torture_assert_ntstatus_ok(tctx, smbcli_unlink(cli1->tree, fname),
+		talloc_asprintf(tctx, "unlink failed (%s)", smbcli_errstr(cli1->tree)));
+
+	return true;
+}
+
+#define EXPECTED(ret, v) if ((ret) != (v)) { \
+        torture_comment(tctx, "** "); correct = false; \
+        }
+
+/*
+  looks at overlapping locks
+*/
+static bool torture_locktest4(struct torture_context *tctx, 
+			      struct smbcli_state *cli1,
+			      struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\lockt4.lck";
+	int fnum1, fnum2, f;
+	bool ret;
+	uint8_t buf[1000];
+	bool correct = true;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	fnum2 = smbcli_open(cli2->tree, fname, O_RDWR, DENY_NONE);
+
+	memset(buf, 0, sizeof(buf));
+
+	if (smbcli_write(cli1->tree, fnum1, 0, buf, 0, sizeof(buf)) != sizeof(buf)) {
+		torture_comment(tctx, "Failed to create file\n");
+		correct = false;
+		goto fail;
+	}
+
+	ret = NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum1, 0, 4, 0, WRITE_LOCK)) &&
+	      NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum1, 2, 4, 0, WRITE_LOCK));
+	EXPECTED(ret, false);
+	torture_comment(tctx, "the same process %s set overlapping write locks\n", ret?"can":"cannot");
+	    
+	ret = NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum1, 10, 4, 0, READ_LOCK)) &&
+	      NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum1, 12, 4, 0, READ_LOCK));
+	EXPECTED(ret, true);
+	torture_comment(tctx, "the same process %s set overlapping read locks\n", ret?"can":"cannot");
+
+	ret = NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum1, 20, 4, 0, WRITE_LOCK)) &&
+	      NT_STATUS_IS_OK(smbcli_lock(cli2->tree, fnum2, 22, 4, 0, WRITE_LOCK));
+	EXPECTED(ret, false);
+	torture_comment(tctx, "a different connection %s set overlapping write locks\n", ret?"can":"cannot");
+	    
+	ret = NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum1, 30, 4, 0, READ_LOCK)) &&
+		NT_STATUS_IS_OK(smbcli_lock(cli2->tree, fnum2, 32, 4, 0, READ_LOCK));
+	EXPECTED(ret, true);
+	torture_comment(tctx, "a different connection %s set overlapping read locks\n", ret?"can":"cannot");
+	
+	ret = NT_STATUS_IS_OK((cli1->session->pid = 1, smbcli_lock(cli1->tree, fnum1, 40, 4, 0, WRITE_LOCK))) &&
+	      NT_STATUS_IS_OK((cli1->session->pid = 2, smbcli_lock(cli1->tree, fnum1, 42, 4, 0, WRITE_LOCK)));
+	EXPECTED(ret, false);
+	torture_comment(tctx, "a different pid %s set overlapping write locks\n", ret?"can":"cannot");
+	    
+	ret = NT_STATUS_IS_OK((cli1->session->pid = 1, smbcli_lock(cli1->tree, fnum1, 50, 4, 0, READ_LOCK))) &&
+	      NT_STATUS_IS_OK((cli1->session->pid = 2, smbcli_lock(cli1->tree, fnum1, 52, 4, 0, READ_LOCK)));
+	EXPECTED(ret, true);
+	torture_comment(tctx, "a different pid %s set overlapping read locks\n", ret?"can":"cannot");
+
+	ret = NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum1, 60, 4, 0, READ_LOCK)) &&
+	      NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum1, 60, 4, 0, READ_LOCK));
+	EXPECTED(ret, true);
+	torture_comment(tctx, "the same process %s set the same read lock twice\n", ret?"can":"cannot");
+
+	ret = NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum1, 70, 4, 0, WRITE_LOCK)) &&
+	      NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum1, 70, 4, 0, WRITE_LOCK));
+	EXPECTED(ret, false);
+	torture_comment(tctx, "the same process %s set the same write lock twice\n", ret?"can":"cannot");
+
+	ret = NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum1, 80, 4, 0, READ_LOCK)) &&
+	      NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum1, 80, 4, 0, WRITE_LOCK));
+	EXPECTED(ret, false);
+	torture_comment(tctx, "the same process %s overlay a read lock with a write lock\n", ret?"can":"cannot");
+
+	ret = NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum1, 90, 4, 0, WRITE_LOCK)) &&
+	      NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum1, 90, 4, 0, READ_LOCK));
+	EXPECTED(ret, true);
+	torture_comment(tctx, "the same process %s overlay a write lock with a read lock\n", ret?"can":"cannot");
+
+	ret = NT_STATUS_IS_OK((cli1->session->pid = 1, smbcli_lock(cli1->tree, fnum1, 100, 4, 0, WRITE_LOCK))) &&
+	      NT_STATUS_IS_OK((cli1->session->pid = 2, smbcli_lock(cli1->tree, fnum1, 100, 4, 0, READ_LOCK)));
+	EXPECTED(ret, false);
+	torture_comment(tctx, "a different pid %s overlay a write lock with a read lock\n", ret?"can":"cannot");
+
+	ret = NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum1, 110, 4, 0, READ_LOCK)) &&
+	      NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum1, 112, 4, 0, READ_LOCK)) &&
+	      NT_STATUS_IS_OK(smbcli_unlock(cli1->tree, fnum1, 110, 6));
+	EXPECTED(ret, false);
+	torture_comment(tctx, "the same process %s coalesce read locks\n", ret?"can":"cannot");
+
+
+	ret = NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum1, 120, 4, 0, WRITE_LOCK)) &&
+	      (smbcli_read(cli2->tree, fnum2, buf, 120, 4) == 4);
+	EXPECTED(ret, false);
+	torture_comment(tctx, "this server %s strict write locking\n", ret?"doesn't do":"does");
+
+	ret = NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum1, 130, 4, 0, READ_LOCK)) &&
+	      (smbcli_write(cli2->tree, fnum2, 0, buf, 130, 4) == 4);
+	EXPECTED(ret, false);
+	torture_comment(tctx, "this server %s strict read locking\n", ret?"doesn't do":"does");
+
+
+	ret = NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum1, 140, 4, 0, READ_LOCK)) &&
+	      NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum1, 140, 4, 0, READ_LOCK)) &&
+	      NT_STATUS_IS_OK(smbcli_unlock(cli1->tree, fnum1, 140, 4)) &&
+	      NT_STATUS_IS_OK(smbcli_unlock(cli1->tree, fnum1, 140, 4));
+	EXPECTED(ret, true);
+	torture_comment(tctx, "this server %s do recursive read locking\n", ret?"does":"doesn't");
+
+
+	ret = NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum1, 150, 4, 0, WRITE_LOCK)) &&
+	      NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum1, 150, 4, 0, READ_LOCK)) &&
+	      NT_STATUS_IS_OK(smbcli_unlock(cli1->tree, fnum1, 150, 4)) &&
+	      (smbcli_read(cli2->tree, fnum2, buf, 150, 4) == 4) &&
+	      !(smbcli_write(cli2->tree, fnum2, 0, buf, 150, 4) == 4) &&
+	      NT_STATUS_IS_OK(smbcli_unlock(cli1->tree, fnum1, 150, 4));
+	EXPECTED(ret, true);
+	torture_comment(tctx, "this server %s do recursive lock overlays\n", ret?"does":"doesn't");
+
+	ret = NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum1, 160, 4, 0, READ_LOCK)) &&
+	      NT_STATUS_IS_OK(smbcli_unlock(cli1->tree, fnum1, 160, 4)) &&
+	      (smbcli_write(cli2->tree, fnum2, 0, buf, 160, 4) == 4) &&		
+	      (smbcli_read(cli2->tree, fnum2, buf, 160, 4) == 4);		
+	EXPECTED(ret, true);
+	torture_comment(tctx, "the same process %s remove a read lock using write locking\n", ret?"can":"cannot");
+
+	ret = NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum1, 170, 4, 0, WRITE_LOCK)) &&
+	      NT_STATUS_IS_OK(smbcli_unlock(cli1->tree, fnum1, 170, 4)) &&
+	      (smbcli_write(cli2->tree, fnum2, 0, buf, 170, 4) == 4) &&		
+	      (smbcli_read(cli2->tree, fnum2, buf, 170, 4) == 4);		
+	EXPECTED(ret, true);
+	torture_comment(tctx, "the same process %s remove a write lock using read locking\n", ret?"can":"cannot");
+
+	ret = NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum1, 190, 4, 0, WRITE_LOCK)) &&
+	      NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum1, 190, 4, 0, READ_LOCK)) &&
+	      NT_STATUS_IS_OK(smbcli_unlock(cli1->tree, fnum1, 190, 4)) &&
+	      !(smbcli_write(cli2->tree, fnum2, 0, buf, 190, 4) == 4) &&		
+	      (smbcli_read(cli2->tree, fnum2, buf, 190, 4) == 4);		
+	EXPECTED(ret, true);
+	torture_comment(tctx, "the same process %s remove the first lock first\n", ret?"does":"doesn't");
+
+	smbcli_close(cli1->tree, fnum1);
+	smbcli_close(cli2->tree, fnum2);
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDWR, DENY_NONE);
+	f = smbcli_open(cli1->tree, fname, O_RDWR, DENY_NONE);
+	ret = NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum1, 0, 8, 0, READ_LOCK)) &&
+	      NT_STATUS_IS_OK(smbcli_lock(cli1->tree, f, 0, 1, 0, READ_LOCK)) &&
+	      NT_STATUS_IS_OK(smbcli_close(cli1->tree, fnum1)) &&
+	      ((fnum1 = smbcli_open(cli1->tree, fname, O_RDWR, DENY_NONE)) != -1) &&
+	      NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum1, 7, 1, 0, WRITE_LOCK));
+        smbcli_close(cli1->tree, f);
+	smbcli_close(cli1->tree, fnum1);
+	EXPECTED(ret, true);
+	torture_comment(tctx, "the server %s have the NT byte range lock bug\n", !ret?"does":"doesn't");
+
+ fail:
+	smbcli_close(cli1->tree, fnum1);
+	smbcli_close(cli2->tree, fnum2);
+	smbcli_unlink(cli1->tree, fname);
+
+	return correct;
+}
+
+/*
+  looks at lock upgrade/downgrade.
+*/
+static bool torture_locktest5(struct torture_context *tctx, struct smbcli_state *cli1, 
+			      struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\lockt5.lck";
+	int fnum1, fnum2, fnum3;
+	bool ret;
+	uint8_t buf[1000];
+	bool correct = true;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	fnum2 = smbcli_open(cli2->tree, fname, O_RDWR, DENY_NONE);
+	fnum3 = smbcli_open(cli1->tree, fname, O_RDWR, DENY_NONE);
+
+	memset(buf, 0, sizeof(buf));
+
+	torture_assert(tctx, smbcli_write(cli1->tree, fnum1, 0, buf, 0, sizeof(buf)) == sizeof(buf),
+		"Failed to create file");
+
+	/* Check for NT bug... */
+	ret = NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum1, 0, 8, 0, READ_LOCK)) &&
+		  NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum3, 0, 1, 0, READ_LOCK));
+	smbcli_close(cli1->tree, fnum1);
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDWR, DENY_NONE);
+	ret = NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum1, 7, 1, 0, WRITE_LOCK));
+	EXPECTED(ret, true);
+	torture_comment(tctx, "this server %s the NT locking bug\n", ret ? "doesn't have" : "has");
+	smbcli_close(cli1->tree, fnum1);
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDWR, DENY_NONE);
+	smbcli_unlock(cli1->tree, fnum3, 0, 1);
+
+	ret = NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum1, 0, 4, 0, WRITE_LOCK)) &&
+	      NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum1, 1, 1, 0, READ_LOCK));
+	EXPECTED(ret, true);
+	torture_comment(tctx, "the same process %s overlay a write with a read lock\n", ret?"can":"cannot");
+
+	ret = NT_STATUS_IS_OK(smbcli_lock(cli2->tree, fnum2, 0, 4, 0, READ_LOCK));
+	EXPECTED(ret, false);
+
+	torture_comment(tctx, "a different process %s get a read lock on the first process lock stack\n", ret?"can":"cannot");
+
+	/* Unlock the process 2 lock. */
+	smbcli_unlock(cli2->tree, fnum2, 0, 4);
+
+	ret = NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum3, 0, 4, 0, READ_LOCK));
+	EXPECTED(ret, false);
+
+	torture_comment(tctx, "the same process on a different fnum %s get a read lock\n", ret?"can":"cannot");
+
+	/* Unlock the process 1 fnum3 lock. */
+	smbcli_unlock(cli1->tree, fnum3, 0, 4);
+
+	/* Stack 2 more locks here. */
+	ret = NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum1, 0, 4, 0, READ_LOCK)) &&
+		  NT_STATUS_IS_OK(smbcli_lock(cli1->tree, fnum1, 0, 4, 0, READ_LOCK));
+
+	EXPECTED(ret, true);
+	torture_comment(tctx, "the same process %s stack read locks\n", ret?"can":"cannot");
+
+	/* Unlock the first process lock, then check this was the WRITE lock that was
+		removed. */
+
+ret = NT_STATUS_IS_OK(smbcli_unlock(cli1->tree, fnum1, 0, 4)) &&
+	NT_STATUS_IS_OK(smbcli_lock(cli2->tree, fnum2, 0, 4, 0, READ_LOCK));
+
+	EXPECTED(ret, true);
+	torture_comment(tctx, "the first unlock removes the %s lock\n", ret?"WRITE":"READ");
+
+	/* Unlock the process 2 lock. */
+	smbcli_unlock(cli2->tree, fnum2, 0, 4);
+
+	/* We should have 3 stacked locks here. Ensure we need to do 3 unlocks. */
+
+	ret = NT_STATUS_IS_OK(smbcli_unlock(cli1->tree, fnum1, 1, 1)) &&
+		  NT_STATUS_IS_OK(smbcli_unlock(cli1->tree, fnum1, 0, 4)) &&
+		  NT_STATUS_IS_OK(smbcli_unlock(cli1->tree, fnum1, 0, 4));
+
+	EXPECTED(ret, true);
+	torture_comment(tctx, "the same process %s unlock the stack of 3 locks\n", ret?"can":"cannot");
+
+	/* Ensure the next unlock fails. */
+	ret = NT_STATUS_IS_OK(smbcli_unlock(cli1->tree, fnum1, 0, 4));
+	EXPECTED(ret, false);
+	torture_comment(tctx, "the same process %s count the lock stack\n", !ret?"can":"cannot"); 
+
+	/* Ensure connection 2 can get a write lock. */
+	ret = NT_STATUS_IS_OK(smbcli_lock(cli2->tree, fnum2, 0, 4, 0, WRITE_LOCK));
+	EXPECTED(ret, true);
+
+	torture_comment(tctx, "a different process %s get a write lock on the unlocked stack\n", ret?"can":"cannot");
+
+
+	torture_assert_ntstatus_ok(tctx, smbcli_close(cli1->tree, fnum1),
+		talloc_asprintf(tctx, "close1 failed (%s)", smbcli_errstr(cli1->tree)));
+
+	torture_assert_ntstatus_ok(tctx, smbcli_close(cli2->tree, fnum2),
+		talloc_asprintf(tctx, "close2 failed (%s)", smbcli_errstr(cli2->tree)));
+
+	torture_assert_ntstatus_ok(tctx, smbcli_close(cli1->tree, fnum3),
+		talloc_asprintf(tctx, "close2 failed (%s)", smbcli_errstr(cli2->tree)));
+
+	torture_assert_ntstatus_ok(tctx, smbcli_unlink(cli1->tree, fname),
+		talloc_asprintf(tctx, "unlink failed (%s)", smbcli_errstr(cli1->tree)));
+
+	return correct;
+}
+
+/*
+  tries the unusual lockingX locktype bits
+*/
+static bool torture_locktest6(struct torture_context *tctx, 
+			      struct smbcli_state *cli)
+{
+	const char *fname[1] = { "\\lock6.txt" };
+	int i;
+	int fnum;
+	NTSTATUS status;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	for (i=0;i<1;i++) {
+		torture_comment(tctx, "Testing %s\n", fname[i]);
+
+		smbcli_unlink(cli->tree, fname[i]);
+
+		fnum = smbcli_open(cli->tree, fname[i], O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+		status = smbcli_locktype(cli->tree, fnum, 0, 8, 0, LOCKING_ANDX_CHANGE_LOCKTYPE);
+		smbcli_close(cli->tree, fnum);
+		torture_comment(tctx, "CHANGE_LOCKTYPE gave %s\n", nt_errstr(status));
+
+		fnum = smbcli_open(cli->tree, fname[i], O_RDWR, DENY_NONE);
+		status = smbcli_locktype(cli->tree, fnum, 0, 8, 0, LOCKING_ANDX_CANCEL_LOCK);
+		smbcli_close(cli->tree, fnum);
+		torture_comment(tctx, "CANCEL_LOCK gave %s\n", nt_errstr(status));
+
+		smbcli_unlink(cli->tree, fname[i]);
+	}
+
+	return true;
+}
+
+static bool torture_locktest7(struct torture_context *tctx, 
+			      struct smbcli_state *cli1)
+{
+	const char *fname = BASEDIR "\\lockt7.lck";
+	int fnum1;
+	int fnum2 = -1;
+	size_t size;
+	uint8_t buf[200];
+	bool correct = false;
+
+	torture_assert(tctx, torture_setup_dir(cli1, BASEDIR),
+				   talloc_asprintf(tctx, "Unable to set up %s", BASEDIR));
+
+	fnum1 = smbcli_open(cli1->tree, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+
+	memset(buf, 0, sizeof(buf));
+
+	torture_assert(tctx, smbcli_write(cli1->tree, fnum1, 0, buf, 0, sizeof(buf)) == sizeof(buf),
+		"Failed to create file");
+
+	cli1->session->pid = 1;
+
+	torture_assert_ntstatus_ok(tctx, smbcli_lock(cli1->tree, fnum1, 130, 4, 0, READ_LOCK),
+		talloc_asprintf(tctx, "Unable to apply read lock on range 130:4, error was %s", 
+		       smbcli_errstr(cli1->tree)));
+
+	torture_comment(tctx, "pid1 successfully locked range 130:4 for READ\n");
+
+	torture_assert(tctx, smbcli_read(cli1->tree, fnum1, buf, 130, 4) == 4, 
+		 	talloc_asprintf(tctx, "pid1 unable to read the range 130:4, error was %s)", 
+		       smbcli_errstr(cli1->tree)));
+
+	torture_comment(tctx, "pid1 successfully read the range 130:4\n");
+
+	if (smbcli_write(cli1->tree, fnum1, 0, buf, 130, 4) != 4) {
+		torture_comment(tctx, "pid1 unable to write to the range 130:4, error was %s\n", smbcli_errstr(cli1->tree));
+		torture_assert_ntstatus_equal(tctx, smbcli_nt_error(cli1->tree), NT_STATUS_FILE_LOCK_CONFLICT,
+			"Incorrect error (should be NT_STATUS_FILE_LOCK_CONFLICT)");
+	} else {
+		torture_fail(tctx, "pid1 successfully wrote to the range 130:4 (should be denied)");
+	}
+
+	cli1->session->pid = 2;
+
+	if (smbcli_read(cli1->tree, fnum1, buf, 130, 4) != 4) {
+		torture_comment(tctx, "pid2 unable to read the range 130:4, error was %s\n", smbcli_errstr(cli1->tree));
+	} else {
+		torture_comment(tctx, "pid2 successfully read the range 130:4\n");
+	}
+
+	if (smbcli_write(cli1->tree, fnum1, 0, buf, 130, 4) != 4) {
+		torture_comment(tctx, "pid2 unable to write to the range 130:4, error was %s\n", smbcli_errstr(cli1->tree));
+		torture_assert_ntstatus_equal(tctx, smbcli_nt_error(cli1->tree), NT_STATUS_FILE_LOCK_CONFLICT, 
+			"Incorrect error (should be NT_STATUS_FILE_LOCK_CONFLICT)");
+	} else {
+		torture_fail(tctx, "pid2 successfully wrote to the range 130:4 (should be denied)"); 
+	}
+
+	cli1->session->pid = 1;
+	smbcli_unlock(cli1->tree, fnum1, 130, 4);
+
+	torture_assert_ntstatus_ok(tctx, smbcli_lock(cli1->tree, fnum1, 130, 4, 0, WRITE_LOCK),
+		talloc_asprintf(tctx, "Unable to apply write lock on range 130:4, error was %s", 
+		       smbcli_errstr(cli1->tree)));
+	torture_comment(tctx, "pid1 successfully locked range 130:4 for WRITE\n");
+
+	torture_assert(tctx, smbcli_read(cli1->tree, fnum1, buf, 130, 4) == 4, 
+		talloc_asprintf(tctx, "pid1 unable to read the range 130:4, error was %s", 
+		       smbcli_errstr(cli1->tree)));
+	torture_comment(tctx, "pid1 successfully read the range 130:4\n");
+
+	torture_assert(tctx, smbcli_write(cli1->tree, fnum1, 0, buf, 130, 4) == 4, 
+		talloc_asprintf(tctx, "pid1 unable to write to the range 130:4, error was %s",
+		       smbcli_errstr(cli1->tree)));
+	torture_comment(tctx, "pid1 successfully wrote to the range 130:4\n");
+
+	cli1->session->pid = 2;
+
+	if (smbcli_read(cli1->tree, fnum1, buf, 130, 4) != 4) {
+		torture_comment(tctx, "pid2 unable to read the range 130:4, error was %s\n", 
+		       smbcli_errstr(cli1->tree));
+		torture_assert_ntstatus_equal(tctx, smbcli_nt_error(cli1->tree), NT_STATUS_FILE_LOCK_CONFLICT, 
+			"Incorrect error (should be NT_STATUS_FILE_LOCK_CONFLICT)");
+	} else {
+		torture_fail(tctx, "pid2 successfully read the range 130:4 (should be denied)");
+	}
+
+	if (smbcli_write(cli1->tree, fnum1, 0, buf, 130, 4) != 4) {
+		torture_comment(tctx, "pid2 unable to write to the range 130:4, error was %s\n", 
+		       smbcli_errstr(cli1->tree));
+		if (!NT_STATUS_EQUAL(smbcli_nt_error(cli1->tree), NT_STATUS_FILE_LOCK_CONFLICT)) {
+			torture_comment(tctx, "Incorrect error (should be NT_STATUS_FILE_LOCK_CONFLICT) (%s)\n",
+			       __location__);
+			goto fail;
+		}
+	} else {
+		torture_comment(tctx, "pid2 successfully wrote to the range 130:4 (should be denied) (%s)\n", 
+		       __location__);
+		goto fail;
+	}
+
+	torture_comment(tctx, "Testing truncate of locked file.\n");
+
+	fnum2 = smbcli_open(cli1->tree, fname, O_RDWR|O_TRUNC, DENY_NONE);
+
+	torture_assert(tctx, fnum2 != -1, "Unable to truncate locked file");
+
+	torture_comment(tctx, "Truncated locked file.\n");
+
+	torture_assert_ntstatus_ok(tctx, smbcli_getatr(cli1->tree, fname, NULL, &size, NULL), 
+		talloc_asprintf(tctx, "getatr failed (%s)", smbcli_errstr(cli1->tree)));
+
+	torture_assert(tctx, size == 0, talloc_asprintf(tctx, "Unable to truncate locked file. Size was %u", (unsigned)size));
+
+	cli1->session->pid = 1;
+
+	smbcli_unlock(cli1->tree, fnum1, 130, 4);
+	correct = true;
+
+fail:
+	smbcli_close(cli1->tree, fnum1);
+	smbcli_close(cli1->tree, fnum2);
+	smbcli_unlink(cli1->tree, fname);
+
+	return correct;
+}
+
+struct torture_suite *torture_base_locktest(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "lock");
+	torture_suite_add_2smb_test(suite, "LOCK1", torture_locktest1);
+	torture_suite_add_1smb_test(suite, "LOCK2", torture_locktest2);
+	torture_suite_add_2smb_test(suite, "LOCK3", torture_locktest3);
+	torture_suite_add_2smb_test(suite, "LOCK4",  torture_locktest4);
+	torture_suite_add_2smb_test(suite, "LOCK5",  torture_locktest5);
+	torture_suite_add_1smb_test(suite, "LOCK6",  torture_locktest6);
+	torture_suite_add_1smb_test(suite, "LOCK7",  torture_locktest7);
+
+	return suite;
+}
diff --git a/source4/torture/basic/mangle_test.c b/source4/torture/basic/mangle_test.c
new file mode 100644
index 0000000..9bd3cf5
--- /dev/null
+++ b/source4/torture/basic/mangle_test.c
@@ -0,0 +1,208 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB torture tester - mangling test
+   Copyright (C) Andrew Tridgell 2002
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "system/dir.h"
+#include <tdb.h>
+#include "../lib/util/util_tdb.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "torture/basic/proto.h"
+
+#undef strcasecmp
+
+static TDB_CONTEXT *tdb;
+
+#define NAME_LENGTH 20
+
+static unsigned int total, collisions, failures;
+
+static bool test_one(struct torture_context *tctx ,struct smbcli_state *cli, 
+		     const char *name)
+{
+	int fnum;
+	const char *shortname;
+	const char *name2;
+	NTSTATUS status;
+	TDB_DATA data;
+
+	total++;
+
+	fnum = smbcli_open(cli->tree, name, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	if (fnum == -1) {
+		printf("open of %s failed (%s)\n", name, smbcli_errstr(cli->tree));
+		return false;
+	}
+
+	if (NT_STATUS_IS_ERR(smbcli_close(cli->tree, fnum))) {
+		printf("close of %s failed (%s)\n", name, smbcli_errstr(cli->tree));
+		return false;
+	}
+
+	/* get the short name */
+	status = smbcli_qpathinfo_alt_name(cli->tree, name, &shortname);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("query altname of %s failed (%s)\n", name, smbcli_errstr(cli->tree));
+		return false;
+	}
+
+	name2 = talloc_asprintf(tctx, "\\mangle_test\\%s", shortname);
+	if (NT_STATUS_IS_ERR(smbcli_unlink(cli->tree, name2))) {
+		printf("unlink of %s  (%s) failed (%s)\n", 
+		       name2, name, smbcli_errstr(cli->tree));
+		return false;
+	}
+
+	/* recreate by short name */
+	fnum = smbcli_open(cli->tree, name2, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	if (fnum == -1) {
+		printf("open2 of %s failed (%s)\n", name2, smbcli_errstr(cli->tree));
+		return false;
+	}
+	if (NT_STATUS_IS_ERR(smbcli_close(cli->tree, fnum))) {
+		printf("close of %s failed (%s)\n", name, smbcli_errstr(cli->tree));
+		return false;
+	}
+
+	/* and unlink by long name */
+	if (NT_STATUS_IS_ERR(smbcli_unlink(cli->tree, name))) {
+		printf("unlink2 of %s  (%s) failed (%s)\n", 
+		       name, name2, smbcli_errstr(cli->tree));
+		failures++;
+		smbcli_unlink(cli->tree, name2);
+		return true;
+	}
+
+	/* see if the short name is already in the tdb */
+	data = tdb_fetch_bystring(tdb, shortname);
+	if (data.dptr) {
+		/* maybe its a duplicate long name? */
+		if (strcasecmp(name, (const char *)data.dptr) != 0) {
+			/* we have a collision */
+			collisions++;
+			printf("Collision between %s and %s   ->  %s "
+				" (coll/tot: %u/%u)\n", 
+				name, data.dptr, shortname, collisions, total);
+		}
+		free(data.dptr);
+	} else {
+		TDB_DATA namedata;
+		/* store it for later */
+		namedata.dptr = discard_const_p(uint8_t, name);
+		namedata.dsize = strlen(name)+1;
+		tdb_store_bystring(tdb, shortname, namedata, TDB_REPLACE);
+	}
+
+	return true;
+}
+
+
+static char *gen_name(TALLOC_CTX *mem_ctx)
+{
+	const char *chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz._-$~...";
+	unsigned int max_idx = strlen(chars);
+	unsigned int len;
+	int i;
+	char *p;
+	char *name;
+
+	name = talloc_strdup(mem_ctx, "\\mangle_test\\");
+
+	len = 1 + random() % NAME_LENGTH;
+
+	name = talloc_realloc(mem_ctx, name, char, strlen(name) + len + 6);
+	p = name + strlen(name);
+	
+	for (i=0;i<len;i++) {
+		p[i] = chars[random() % max_idx];
+	}
+
+	p[i] = 0;
+
+	if (ISDOT(p) || ISDOTDOT(p)) {
+		p[0] = '_';
+	}
+
+	/* have a high probability of a common lead char */
+	if (random() % 2 == 0) {
+		p[0] = 'A';
+	}
+
+	/* and a medium probability of a common lead string */
+	if ((len > 5) && (random() % 10 == 0)) {
+		strlcpy(p, "ABCDE", 6);
+	}
+
+	/* and a high probability of a good extension length */
+	if (random() % 2 == 0) {
+		char *s = strrchr(p, '.');
+		if (s) {
+			s[4] = 0;
+		}
+	}
+
+	return name;
+}
+
+
+bool torture_mangle(struct torture_context *torture, 
+		    struct smbcli_state *cli)
+{
+	extern int torture_numops;
+	int i;
+
+	/* we will use an internal tdb to store the names we have used */
+	tdb = tdb_open(NULL, 100000, TDB_INTERNAL, 0, 0);
+	if (!tdb) {
+		printf("ERROR: Failed to open tdb\n");
+		return false;
+	}
+
+	if (!torture_setup_dir(cli, "\\mangle_test")) {
+		return false;
+	}
+
+	for (i=0;i<torture_numops;i++) {
+		char *name;
+
+		name = gen_name(torture);
+
+		if (!test_one(torture, cli, name)) {
+			break;
+		}
+		if (total && total % 100 == 0) {
+			if (torture_setting_bool(torture, "progress", true)) {
+				printf("collisions %u/%u  - %.2f%%   (%u failures)\r",
+				       collisions, total, (100.0*collisions) / total, failures);
+			}
+		}
+	}
+
+	smbcli_unlink_wcard(cli->tree, "\\mangle_test\\*");
+	if (NT_STATUS_IS_ERR(smbcli_rmdir(cli->tree, "\\mangle_test"))) {
+		printf("ERROR: Failed to remove directory\n");
+		return false;
+	}
+
+	printf("\nTotal collisions %u/%u  - %.2f%%   (%u failures)\n",
+	       collisions, total, (100.0*collisions) / total, failures);
+
+	return (failures == 0);
+}
diff --git a/source4/torture/basic/misc.c b/source4/torture/basic/misc.c
new file mode 100644
index 0000000..60af561
--- /dev/null
+++ b/source4/torture/basic/misc.c
@@ -0,0 +1,1003 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB torture tester
+   Copyright (C) Andrew Tridgell 1997-2003
+   Copyright (C) Jelmer Vernooij 2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "system/time.h"
+#include "system/wait.h"
+#include "system/filesys.h"
+#include "../libcli/smb/smb_constants.h"
+#include "libcli/libcli.h"
+#include "lib/events/events.h"
+#include "libcli/resolve/resolve.h"
+#include "torture/smbtorture.h"
+#include "torture/util.h"
+#include "libcli/smb_composite/smb_composite.h"
+#include "libcli/composite/composite.h"
+#include "param/param.h"
+#include "torture/basic/proto.h"
+#include "lib/cmdline/cmdline.h"
+
+static bool wait_lock(struct smbcli_state *c, int fnum, uint32_t offset, uint32_t len)
+{
+	while (NT_STATUS_IS_ERR(smbcli_lock(c->tree, fnum, offset, len, -1, WRITE_LOCK))) {
+		if (!check_error(__location__, c, ERRDOS, ERRlock, NT_STATUS_LOCK_NOT_GRANTED)) return false;
+	}
+	return true;
+}
+
+
+static bool rw_torture(struct torture_context *tctx, struct smbcli_state *c)
+{
+	const char *lockfname = "\\torture.lck";
+	char *fname;
+	int fnum;
+	int fnum2;
+	pid_t pid2, pid = getpid();
+	int i, j;
+	uint8_t buf[1024];
+	bool correct = true;
+
+	fnum2 = smbcli_open(c->tree, lockfname, O_RDWR | O_CREAT | O_EXCL, 
+			 DENY_NONE);
+	if (fnum2 == -1)
+		fnum2 = smbcli_open(c->tree, lockfname, O_RDWR, DENY_NONE);
+	if (fnum2 == -1) {
+		torture_comment(tctx, "open of %s failed (%s)\n", lockfname, smbcli_errstr(c->tree));
+		return false;
+	}
+
+	generate_random_buffer(buf, sizeof(buf));
+
+	for (i=0;i<torture_numops;i++) {
+		unsigned int n = (unsigned int)random()%10;
+		int ret;
+
+		if (i % 10 == 0) {
+			if (torture_setting_bool(tctx, "progress", true)) {
+				torture_comment(tctx, "%d\r", i);
+				fflush(stdout);
+			}
+		}
+		ret = asprintf(&fname, "\\torture.%u", n);
+		torture_assert(tctx, ret != -1, "asprintf failed");
+
+		if (!wait_lock(c, fnum2, n*sizeof(int), sizeof(int))) {
+			return false;
+		}
+
+		fnum = smbcli_open(c->tree, fname, O_RDWR | O_CREAT | O_TRUNC, DENY_ALL);
+		if (fnum == -1) {
+			torture_comment(tctx, "open failed (%s)\n", smbcli_errstr(c->tree));
+			correct = false;
+			break;
+		}
+
+		if (smbcli_write(c->tree, fnum, 0, &pid, 0, sizeof(pid)) != sizeof(pid)) {
+			torture_comment(tctx, "write failed (%s)\n", smbcli_errstr(c->tree));
+			correct = false;
+		}
+
+		for (j=0;j<50;j++) {
+			if (smbcli_write(c->tree, fnum, 0, buf, 
+				      sizeof(pid)+(j*sizeof(buf)), 
+				      sizeof(buf)) != sizeof(buf)) {
+				torture_comment(tctx, "write failed (%s)\n", smbcli_errstr(c->tree));
+				correct = false;
+			}
+		}
+
+		pid2 = 0;
+
+		if (smbcli_read(c->tree, fnum, &pid2, 0, sizeof(pid)) != sizeof(pid)) {
+			torture_comment(tctx, "read failed (%s)\n", smbcli_errstr(c->tree));
+			correct = false;
+		}
+
+		if (pid2 != pid) {
+			torture_comment(tctx, "data corruption!\n");
+			correct = false;
+		}
+
+		if (NT_STATUS_IS_ERR(smbcli_close(c->tree, fnum))) {
+			torture_comment(tctx, "close failed (%s)\n", smbcli_errstr(c->tree));
+			correct = false;
+		}
+
+		if (NT_STATUS_IS_ERR(smbcli_unlink(c->tree, fname))) {
+			torture_comment(tctx, "unlink failed (%s)\n", smbcli_errstr(c->tree));
+			correct = false;
+		}
+
+		if (NT_STATUS_IS_ERR(smbcli_unlock(c->tree, fnum2, n*sizeof(int), sizeof(int)))) {
+			torture_comment(tctx, "unlock failed (%s)\n", smbcli_errstr(c->tree));
+			correct = false;
+		}
+		free(fname);
+	}
+
+	smbcli_close(c->tree, fnum2);
+	smbcli_unlink(c->tree, lockfname);
+
+	torture_comment(tctx, "%d\n", i);
+
+	return correct;
+}
+
+bool run_torture(struct torture_context *tctx, struct smbcli_state *cli, int dummy)
+{
+	return rw_torture(tctx, cli);
+}
+
+
+/*
+  see how many RPC pipes we can open at once
+*/
+bool run_pipe_number(struct torture_context *tctx, 
+					 struct smbcli_state *cli1)
+{
+	const char *pipe_name = "\\WKSSVC";
+	int fnum;
+	int num_pipes = 0;
+
+	while(1) {
+		fnum = smbcli_nt_create_full(cli1->tree, pipe_name, 0, SEC_FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL,
+				   NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE, NTCREATEX_DISP_OPEN_IF, 0, 0);
+
+		if (fnum == -1) {
+			torture_comment(tctx, "Open of pipe %s failed with error (%s)\n", pipe_name, smbcli_errstr(cli1->tree));
+			break;
+		}
+		num_pipes++;
+		if (torture_setting_bool(tctx, "progress", true)) {
+			torture_comment(tctx, "%d\r", num_pipes);
+			fflush(stdout);
+		}
+	}
+
+	torture_comment(tctx, "pipe_number test - we can open %d %s pipes.\n", num_pipes, pipe_name );
+	return true;
+}
+
+
+
+
+/*
+  open N connections to the server and just hold them open
+  used for testing performance when there are N idle users
+  already connected
+ */
+bool torture_holdcon(struct torture_context *tctx)
+{
+	int i;
+	struct smbcli_state **cli;
+	int num_dead = 0;
+
+	torture_comment(tctx, "Opening %d connections\n", torture_numops);
+	
+	cli = malloc_array_p(struct smbcli_state *, torture_numops);
+
+	for (i=0;i<torture_numops;i++) {
+		if (!torture_open_connection(&cli[i], tctx, i)) {
+			return false;
+		}
+		if (torture_setting_bool(tctx, "progress", true)) {
+			torture_comment(tctx, "opened %d connections\r", i+1);
+			fflush(stdout);
+		}
+	}
+
+	torture_comment(tctx, "\nStarting pings\n");
+
+	while (1) {
+		for (i=0;i<torture_numops;i++) {
+			NTSTATUS status;
+			if (cli[i]) {
+				status = smbcli_chkpath(cli[i]->tree, "\\");
+				if (!NT_STATUS_IS_OK(status)) {
+					torture_comment(tctx, "Connection %d is dead\n", i);
+					cli[i] = NULL;
+					num_dead++;
+				}
+				usleep(100);
+			}
+		}
+
+		if (num_dead == torture_numops) {
+			torture_comment(tctx, "All connections dead - finishing\n");
+			break;
+		}
+
+		torture_comment(tctx, ".");
+		fflush(stdout);
+	}
+
+	return true;
+}
+
+/*
+  open a file N times on the server and just hold them open
+  used for testing performance when there are N file handles
+  open
+ */
+bool torture_holdopen(struct torture_context *tctx,
+		      struct smbcli_state *cli)
+{
+	int i, fnum;
+	const char *fname = "\\holdopen.dat";
+	NTSTATUS status;
+
+	smbcli_unlink(cli->tree, fname);
+
+	fnum = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	if (fnum == -1) {
+		torture_comment(tctx, "open of %s failed (%s)\n", fname, smbcli_errstr(cli->tree));
+		return false;
+	}
+
+	smbcli_close(cli->tree, fnum);
+
+	for (i=0;i<torture_numops;i++) {
+		union smb_open op;
+
+		op.generic.level = RAW_OPEN_NTCREATEX;
+		op.ntcreatex.in.root_fid.fnum = 0;
+		op.ntcreatex.in.flags = 0;
+		op.ntcreatex.in.access_mask = SEC_FILE_WRITE_DATA;
+		op.ntcreatex.in.create_options = 0;
+		op.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+		op.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+		op.ntcreatex.in.alloc_size = 0;
+		op.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+		op.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+		op.ntcreatex.in.security_flags = 0;
+		op.ntcreatex.in.fname = fname;
+		status = smb_raw_open(cli->tree, tctx, &op);
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_warning(tctx, "open %d failed\n", i);
+			continue;
+		}
+
+		if (torture_setting_bool(tctx, "progress", true)) {
+			torture_comment(tctx, "opened %d file\r", i);
+			fflush(stdout);
+		}
+	}
+
+	torture_comment(tctx, "\nStarting pings\n");
+
+	while (1) {
+		struct smb_echo ec;
+		ZERO_STRUCT(ec);
+		status = smb_raw_echo(cli->transport, &ec);
+		torture_comment(tctx, ".");
+		fflush(stdout);
+		sleep(15);
+	}
+}
+
+/*
+test how many open files this server supports on the one socket
+*/
+bool torture_maxfid_test(struct torture_context *tctx, struct smbcli_state *cli)
+{
+#define MAXFID_TEMPLATE "\\maxfid\\fid%d\\maxfid.%d.%d"
+	char *fname;
+	int fnums[0x11000], i;
+	int retries=4, maxfid;
+	bool correct = true;
+	int ret;
+
+	if (retries <= 0) {
+		torture_comment(tctx, "failed to connect\n");
+		return false;
+	}
+
+	if (smbcli_deltree(cli->tree, "\\maxfid") == -1) {
+		torture_comment(tctx, "Failed to deltree \\maxfid - %s\n",
+		       smbcli_errstr(cli->tree));
+		return false;
+	}
+	if (NT_STATUS_IS_ERR(smbcli_mkdir(cli->tree, "\\maxfid"))) {
+		torture_comment(tctx, "Failed to mkdir \\maxfid, error=%s\n", 
+		       smbcli_errstr(cli->tree));
+		return false;
+	}
+
+	torture_comment(tctx, "Testing maximum number of open files\n");
+
+	for (i=0; i<0x11000; i++) {
+		if (i % 1000 == 0) {
+			ret = asprintf(&fname, "\\maxfid\\fid%d", i/1000);
+			torture_assert(tctx, ret != -1, "asprintf failed");
+			if (NT_STATUS_IS_ERR(smbcli_mkdir(cli->tree, fname))) {
+				torture_comment(tctx, "Failed to mkdir %s, error=%s\n", 
+				       fname, smbcli_errstr(cli->tree));
+				return false;
+			}
+			free(fname);
+		}
+		ret = asprintf(&fname, MAXFID_TEMPLATE, i/1000, i,(int)getpid());
+		torture_assert(tctx, ret != -1, "asprintf failed");
+		if ((fnums[i] = smbcli_open(cli->tree, fname, 
+					O_RDWR|O_CREAT|O_TRUNC, DENY_NONE)) ==
+		    -1) {
+			torture_comment(tctx, "open of %s failed (%s)\n", 
+			       fname, smbcli_errstr(cli->tree));
+			torture_comment(tctx, "maximum fnum is %d\n", i);
+			break;
+		}
+		free(fname);
+		if (torture_setting_bool(tctx, "progress", true)) {
+			torture_comment(tctx, "%6d\r", i);
+			fflush(stdout);
+		}
+	}
+	torture_comment(tctx, "%6d\n", i);
+
+	maxfid = i;
+
+	torture_comment(tctx, "cleaning up\n");
+	for (i=0;i<maxfid;i++) {
+		ret = asprintf(&fname, MAXFID_TEMPLATE, i/1000, i,(int)getpid());
+		torture_assert(tctx, ret != -1, "asprintf failed");
+		if (NT_STATUS_IS_ERR(smbcli_close(cli->tree, fnums[i]))) {
+			torture_comment(tctx, "Close of fnum %d failed - %s\n", fnums[i], smbcli_errstr(cli->tree));
+		}
+		if (NT_STATUS_IS_ERR(smbcli_unlink(cli->tree, fname))) {
+			torture_comment(tctx, "unlink of %s failed (%s)\n", 
+			       fname, smbcli_errstr(cli->tree));
+			correct = false;
+		}
+		free(fname);
+
+		if (torture_setting_bool(tctx, "progress", true)) {
+			torture_comment(tctx, "%6d\r", i);
+			fflush(stdout);
+		}
+	}
+	torture_comment(tctx, "%6d\n", 0);
+
+	if (smbcli_deltree(cli->tree, "\\maxfid") == -1) {
+		torture_comment(tctx, "Failed to deltree \\maxfid - %s\n",
+		       smbcli_errstr(cli->tree));
+		return false;
+	}
+
+	torture_comment(tctx, "maxfid test finished\n");
+
+	return correct;
+#undef MAXFID_TEMPLATE
+}
+
+
+
+/*
+  sees what IOCTLs are supported
+ */
+bool torture_ioctl_test(struct torture_context *tctx, 
+						struct smbcli_state *cli)
+{
+	uint16_t device, function;
+	int fnum;
+	const char *fname = "\\ioctl.dat";
+	NTSTATUS status;
+	union smb_ioctl parms;
+	TALLOC_CTX *mem_ctx;
+
+	mem_ctx = talloc_named_const(tctx, 0, "ioctl_test");
+
+	smbcli_unlink(cli->tree, fname);
+
+	fnum = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	if (fnum == -1) {
+		torture_comment(tctx, "open of %s failed (%s)\n", fname, smbcli_errstr(cli->tree));
+		return false;
+	}
+
+	parms.ioctl.level = RAW_IOCTL_IOCTL;
+	parms.ioctl.in.file.fnum = fnum;
+	parms.ioctl.in.request = IOCTL_QUERY_JOB_INFO;
+	status = smb_raw_ioctl(cli->tree, mem_ctx, &parms);
+	torture_comment(tctx, "ioctl job info: %s\n", smbcli_errstr(cli->tree));
+
+	for (device=0;device<0x100;device++) {
+		torture_comment(tctx, "Testing device=0x%x\n", device);
+		for (function=0;function<0x100;function++) {
+			parms.ioctl.in.request = (device << 16) | function;
+			status = smb_raw_ioctl(cli->tree, mem_ctx, &parms);
+
+			if (NT_STATUS_IS_OK(status)) {
+				torture_comment(tctx, "ioctl device=0x%x function=0x%x OK : %d bytes\n", 
+					device, function, (int)parms.ioctl.out.blob.length);
+			}
+		}
+	}
+
+	return true;
+}
+
+static void benchrw_callback(struct smbcli_request *req);
+enum benchrw_stage {
+	START,
+	OPEN_CONNECTION,
+	CLEANUP_TESTDIR,
+	MK_TESTDIR,
+	OPEN_FILE,
+	INITIAL_WRITE,
+	READ_WRITE_DATA,
+	MAX_OPS_REACHED,
+	ERROR,
+	CLOSE_FILE,
+	CLEANUP,
+	FINISHED
+};
+
+struct bench_params {
+		struct unclist{
+			const char *host;
+			const char *share;
+		} **unc;
+		const char *workgroup;
+		int retry;
+		unsigned int writeblocks;
+		unsigned int blocksize;
+		unsigned int writeratio;
+		int num_parallel_requests;
+};
+
+struct benchrw_state {
+	struct torture_context *tctx;
+	char *dname;
+	char *fname;
+	uint16_t fnum;
+	int nr;
+	struct smbcli_tree	*cli;		
+	uint8_t *buffer;
+	int writecnt;
+	int readcnt;
+	int completed;
+	int num_parallel_requests;
+	void *req_params;
+	enum benchrw_stage mode;
+	struct bench_params *lpcfg_params;
+};
+
+/* 
+	init params using lpcfg_parm_xxx
+ 	return number of unclist entries
+*/
+static int init_benchrw_params(struct torture_context *tctx,
+			       struct bench_params *lpar)
+{
+	char **unc_list = NULL;
+	int num_unc_names = 0, conn_index=0, empty_lines=0;
+	const char *p;
+	lpar->retry = torture_setting_int(tctx, "retry",3);
+	lpar->blocksize = torture_setting_int(tctx, "blocksize",65535);
+	lpar->writeblocks = torture_setting_int(tctx, "writeblocks",15);
+	lpar->writeratio = torture_setting_int(tctx, "writeratio",5);
+	lpar->num_parallel_requests = torture_setting_int(
+		tctx, "parallel_requests", 5);
+	lpar->workgroup = lpcfg_workgroup(tctx->lp_ctx);
+	
+	p = torture_setting_string(tctx, "unclist", NULL);
+	if (p) {
+		char *h, *s;
+		unc_list = file_lines_load(p, &num_unc_names, 0, NULL);
+		if (!unc_list || num_unc_names <= 0) {
+			torture_comment(tctx, "Failed to load unc names list "
+					"from '%s'\n", p);
+			exit(1);
+		}
+		
+		lpar->unc = talloc_array(tctx, struct unclist *,
+					 (num_unc_names-empty_lines));
+		for(conn_index = 0; conn_index < num_unc_names; conn_index++) {
+			/* ignore empty lines */
+			if(strlen(unc_list[conn_index % num_unc_names])==0){
+				empty_lines++;
+				continue;
+			}
+			if (!smbcli_parse_unc(
+				    unc_list[conn_index % num_unc_names],
+				    NULL, &h, &s)) {
+				torture_comment(
+					tctx, "Failed to parse UNC "
+					"name %s\n",
+					unc_list[conn_index % num_unc_names]);
+				exit(1);
+			}
+			lpar->unc[conn_index-empty_lines] =
+				talloc(tctx, struct unclist);
+			lpar->unc[conn_index-empty_lines]->host = h;
+			lpar->unc[conn_index-empty_lines]->share = s;	
+		}
+		return num_unc_names-empty_lines;
+	}else{
+		lpar->unc = talloc_array(tctx, struct unclist *, 1);
+		lpar->unc[0] = talloc(tctx,struct unclist);
+		lpar->unc[0]->host  = torture_setting_string(tctx, "host",
+							     NULL);
+		lpar->unc[0]->share = torture_setting_string(tctx, "share",
+							     NULL);
+		return 1;
+	}
+}
+
+/*
+ Called when the reads & writes are finished. closes the file.
+*/
+static NTSTATUS benchrw_close(struct torture_context *tctx,
+			      struct smbcli_request *req,
+			      struct benchrw_state *state)
+{
+	union smb_close close_parms;
+	
+	NT_STATUS_NOT_OK_RETURN(req->status);
+	
+	torture_comment(tctx, "Close file %d (%d)\n",state->nr,state->fnum);
+	close_parms.close.level = RAW_CLOSE_CLOSE;
+	close_parms.close.in.file.fnum = state->fnum ;
+	close_parms.close.in.write_time = 0;
+	state->mode=CLOSE_FILE;
+	
+	req = smb_raw_close_send(state->cli, &close_parms);
+	NT_STATUS_HAVE_NO_MEMORY(req);
+	/*register the callback function!*/
+	req->async.fn = benchrw_callback;
+	req->async.private_data = state;
+	
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS benchrw_readwrite(struct torture_context *tctx,
+				  struct benchrw_state *state);
+static void benchrw_callback(struct smbcli_request *req);
+
+static void benchrw_rw_callback(struct smbcli_request *req)
+{
+	struct benchrw_state *state = req->async.private_data;
+	struct torture_context *tctx = state->tctx;
+
+	if (!NT_STATUS_IS_OK(req->status)) {
+		state->mode = ERROR;
+		return;
+	}
+
+	state->completed++;
+	state->num_parallel_requests--;
+
+	if ((state->completed >= torture_numops)
+	    && (state->num_parallel_requests == 0)) {
+		benchrw_callback(req);
+		talloc_free(req);
+		return;
+	}
+
+	talloc_free(req);
+
+	if (state->completed + state->num_parallel_requests
+	    < torture_numops) {
+		benchrw_readwrite(tctx, state);
+	}
+}
+
+/*
+ Called when the initial write is completed is done. write or read a file.
+*/
+static NTSTATUS benchrw_readwrite(struct torture_context *tctx,
+				  struct benchrw_state *state)
+{
+	struct smbcli_request *req;
+	union smb_read	rd;
+	union smb_write	wr;
+	
+	/* randomize between writes and reads*/
+	if (random() % state->lpcfg_params->writeratio == 0) {
+		torture_comment(tctx, "Callback WRITE file:%d (%d/%d)\n",
+				state->nr,state->completed,torture_numops);
+		wr.generic.level = RAW_WRITE_WRITEX  ;
+		wr.writex.in.file.fnum  = state->fnum ;
+		wr.writex.in.offset     = 0;
+		wr.writex.in.wmode	= 0		;
+		wr.writex.in.remaining  = 0;
+		wr.writex.in.count      = state->lpcfg_params->blocksize;
+		wr.writex.in.data       = state->buffer;
+		state->readcnt=0;
+		req = smb_raw_write_send(state->cli,&wr);
+	}
+	else {
+		torture_comment(tctx,
+				"Callback READ file:%d (%d/%d) Offset:%d\n",
+				state->nr,state->completed,torture_numops,
+				(state->readcnt*state->lpcfg_params->blocksize));
+		rd.generic.level = RAW_READ_READX;
+		rd.readx.in.file.fnum	= state->fnum 	;
+		rd.readx.in.offset	= state->readcnt*state->lpcfg_params->blocksize;
+		rd.readx.in.mincnt	= state->lpcfg_params->blocksize;
+		rd.readx.in.maxcnt	= rd.readx.in.mincnt;
+		rd.readx.in.remaining	= 0	;
+		rd.readx.out.data	= state->buffer;
+		rd.readx.in.read_for_execute = false;
+		if(state->readcnt < state->lpcfg_params->writeblocks){
+			state->readcnt++;	
+		}else{
+			/*start reading from beginning of file*/
+			state->readcnt=0;
+		}
+		req = smb_raw_read_send(state->cli,&rd);
+	}
+	state->num_parallel_requests += 1;
+	NT_STATUS_HAVE_NO_MEMORY(req);
+	/*register the callback function!*/
+	req->async.fn = benchrw_rw_callback;
+	req->async.private_data = state;
+	
+	return NT_STATUS_OK;
+}
+
+/*
+ Called when the open is done. writes to the file.
+*/
+static NTSTATUS benchrw_open(struct torture_context *tctx,
+			     struct smbcli_request *req,
+			     struct benchrw_state *state)
+{
+	union smb_write	wr;
+	if(state->mode == OPEN_FILE){
+		NTSTATUS status;
+		status = smb_raw_open_recv(req,tctx,(
+					union smb_open*)state->req_params);
+		NT_STATUS_NOT_OK_RETURN(status);
+	
+		state->fnum = ((union smb_open*)state->req_params)
+						->openx.out.file.fnum;
+		torture_comment(tctx, "File opened (%d)\n",state->fnum);
+		state->mode=INITIAL_WRITE;
+	}
+		
+	torture_comment(tctx, "Write initial test file:%d (%d/%d)\n",state->nr,
+		(state->writecnt+1)*state->lpcfg_params->blocksize,
+		(state->lpcfg_params->writeblocks*state->lpcfg_params->blocksize));
+	wr.generic.level = RAW_WRITE_WRITEX  ;
+	wr.writex.in.file.fnum  = state->fnum ;
+	wr.writex.in.offset     = state->writecnt * 
+					state->lpcfg_params->blocksize;
+	wr.writex.in.wmode	= 0		;
+	wr.writex.in.remaining  = (state->lpcfg_params->writeblocks *
+						state->lpcfg_params->blocksize)-
+						((state->writecnt+1)*state->
+						lpcfg_params->blocksize);
+	wr.writex.in.count      = state->lpcfg_params->blocksize;
+	wr.writex.in.data       = state->buffer;
+	state->writecnt++;
+	if(state->writecnt == state->lpcfg_params->writeblocks){
+		state->mode=READ_WRITE_DATA;
+	}
+	req = smb_raw_write_send(state->cli,&wr);
+	NT_STATUS_HAVE_NO_MEMORY(req);
+	
+	/*register the callback function!*/
+	req->async.fn = benchrw_callback;
+	req->async.private_data = state;
+	return NT_STATUS_OK;
+} 
+
+/*
+ Called when the mkdir is done. Opens a file.
+*/
+static NTSTATUS benchrw_mkdir(struct torture_context *tctx,
+			      struct smbcli_request *req,
+			      struct benchrw_state *state)
+{
+	union smb_open *open_parms;	
+	uint8_t *writedata;	
+		
+	NT_STATUS_NOT_OK_RETURN(req->status);
+	
+	/* open/create the files */
+	torture_comment(tctx, "Open File %d/%d\n",state->nr+1,
+			torture_setting_int(tctx, "nprocs", 4));
+	open_parms=talloc_zero(tctx, union smb_open);
+	NT_STATUS_HAVE_NO_MEMORY(open_parms);
+	open_parms->openx.level = RAW_OPEN_OPENX;
+	open_parms->openx.in.flags = 0;
+	open_parms->openx.in.open_mode = OPENX_MODE_ACCESS_RDWR;
+	open_parms->openx.in.search_attrs = 
+			FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN;
+	open_parms->openx.in.file_attrs = 0;
+	open_parms->openx.in.write_time = 0;
+	open_parms->openx.in.open_func = OPENX_OPEN_FUNC_CREATE;
+	open_parms->openx.in.size = 0;
+	open_parms->openx.in.timeout = 0;
+	open_parms->openx.in.fname = state->fname;
+		
+	writedata = talloc_size(tctx,state->lpcfg_params->blocksize);
+	NT_STATUS_HAVE_NO_MEMORY(writedata);
+	generate_random_buffer(writedata,state->lpcfg_params->blocksize);
+	state->buffer=writedata;
+	state->writecnt=1;
+	state->readcnt=0;
+	state->req_params=open_parms;		
+	state->mode=OPEN_FILE;	
+			
+	req = smb_raw_open_send(state->cli,open_parms);
+	NT_STATUS_HAVE_NO_MEMORY(req);
+	
+	/*register the callback function!*/
+	req->async.fn = benchrw_callback;
+	req->async.private_data = state;
+		
+	return NT_STATUS_OK;
+}
+
+/*
+ handler for completion of a sub-request of the bench-rw test
+*/
+static void benchrw_callback(struct smbcli_request *req)
+{
+	struct benchrw_state *state = req->async.private_data;
+	struct torture_context *tctx = state->tctx;
+	
+	/*don't send new requests when torture_numops is reached*/
+	if ((state->mode == READ_WRITE_DATA)
+	    && (state->completed >= torture_numops)) {
+		state->mode=MAX_OPS_REACHED;
+	}
+	
+	switch (state->mode) {
+	
+	case MK_TESTDIR:
+		if (!NT_STATUS_IS_OK(benchrw_mkdir(tctx, req,state))) {
+			torture_comment(tctx, "Failed to create the test "
+					"directory - %s\n", 
+					nt_errstr(req->status));
+			state->mode=ERROR;
+			return;
+		}
+		break;	
+	case OPEN_FILE:
+	case INITIAL_WRITE:
+		if (!NT_STATUS_IS_OK(benchrw_open(tctx, req,state))){
+			torture_comment(tctx, "Failed to open/write the "
+					"file - %s\n", 
+					nt_errstr(req->status));
+			state->mode=ERROR;
+			state->readcnt=0;
+			return;
+		}
+		break;
+	case READ_WRITE_DATA:
+		while (state->num_parallel_requests
+		       < state->lpcfg_params->num_parallel_requests) {
+			NTSTATUS status;
+			status = benchrw_readwrite(tctx,state);
+			if (!NT_STATUS_IS_OK(status)){
+				torture_comment(tctx, "Failed to read/write "
+						"the file - %s\n", 
+						nt_errstr(req->status));
+				state->mode=ERROR;
+				return;
+			}
+		}
+		break;
+	case MAX_OPS_REACHED:
+		if (!NT_STATUS_IS_OK(benchrw_close(tctx,req,state))){
+			torture_comment(tctx, "Failed to read/write/close "
+					"the file - %s\n", 
+					nt_errstr(req->status));
+			state->mode=ERROR;
+			return;
+		}
+		break;
+	case CLOSE_FILE:
+		torture_comment(tctx, "File %d closed\n",state->nr);
+		if (!NT_STATUS_IS_OK(req->status)) {
+			torture_comment(tctx, "Failed to close the "
+					"file - %s\n",
+					nt_errstr(req->status));
+			state->mode=ERROR;
+			return;
+		}
+		state->mode=CLEANUP;
+		return;	
+	default:
+		break;
+	}
+	
+}
+
+/* open connection async callback function*/
+static void async_open_callback(struct composite_context *con)
+{
+	struct benchrw_state *state = con->async.private_data;
+	struct torture_context *tctx = state->tctx;
+	int retry = state->lpcfg_params->retry;
+	 	
+	if (NT_STATUS_IS_OK(con->status)) {
+		state->cli=((struct smb_composite_connect*)
+					state->req_params)->out.tree;
+		state->mode=CLEANUP_TESTDIR;
+	}else{
+		if(state->writecnt < retry){
+			torture_comment(tctx, "Failed to open connection: "
+					"%d, Retry (%d/%d)\n",
+					state->nr,state->writecnt,retry);
+			state->writecnt++;
+			state->mode=START;
+			usleep(1000);	
+		}else{
+			torture_comment(tctx, "Failed to open connection "
+					"(%d) - %s\n",
+					state->nr, nt_errstr(con->status));
+			state->mode=ERROR;
+		}
+		return;
+	}	
+}
+
+/*
+ establishes a smbcli_tree from scratch (async)
+*/
+static struct composite_context *torture_connect_async(
+				struct torture_context *tctx,
+				struct smb_composite_connect *smb,
+				TALLOC_CTX *mem_ctx,
+				struct tevent_context *ev,
+				const char *host,
+				const char *share,
+				const char *workgroup)
+{
+	torture_comment(tctx, "Open Connection to %s/%s\n",host,share);
+	smb->in.dest_host=talloc_strdup(mem_ctx,host);
+	smb->in.service=talloc_strdup(mem_ctx,share);
+	smb->in.dest_ports=lpcfg_smb_ports(tctx->lp_ctx);
+	smb->in.socket_options = lpcfg_socket_options(tctx->lp_ctx);
+	smb->in.called_name = strupper_talloc(mem_ctx, host);
+	smb->in.service_type=NULL;
+	smb->in.credentials = samba_cmdline_get_creds();
+	smb->in.fallback_to_anonymous=false;
+	smb->in.gensec_settings = lpcfg_gensec_settings(mem_ctx, tctx->lp_ctx);
+	smb->in.workgroup=workgroup;
+	lpcfg_smbcli_options(tctx->lp_ctx, &smb->in.options);
+	lpcfg_smbcli_session_options(tctx->lp_ctx, &smb->in.session_options);
+	
+	return smb_composite_connect_send(smb,mem_ctx,
+					  lpcfg_resolve_context(tctx->lp_ctx),ev);
+}
+
+bool run_benchrw(struct torture_context *tctx)
+{
+	struct smb_composite_connect *smb_con;
+	const char *fname = "\\rwtest.dat";
+	struct smbcli_request *req;
+	struct benchrw_state **state;
+	int i , num_unc_names;
+	struct tevent_context 	*ev	;	
+	struct composite_context *req1;
+	struct bench_params lpparams;
+	union smb_mkdir parms;
+	int finished = 0;
+	bool success=true;
+	int torture_nprocs = torture_setting_int(tctx, "nprocs", 4);
+	
+	torture_comment(tctx, "Start BENCH-READWRITE num_ops=%d "
+			"num_nprocs=%d\n",
+			torture_numops, torture_nprocs);
+
+	/*init talloc context*/
+	ev = tctx->ev;
+	state = talloc_array(tctx, struct benchrw_state *, torture_nprocs);
+
+	/* init params using lpcfg_parm_xxx */
+	num_unc_names = init_benchrw_params(tctx,&lpparams);
+	
+	/* init private data structs*/
+	for(i = 0; i<torture_nprocs;i++){
+		state[i]=talloc(tctx,struct benchrw_state);
+		state[i]->tctx = tctx;
+		state[i]->completed=0;
+		state[i]->num_parallel_requests=0;
+		state[i]->lpcfg_params=&lpparams;
+		state[i]->nr=i;
+		state[i]->dname=talloc_asprintf(tctx,"benchrw%d",i);
+		state[i]->fname=talloc_asprintf(tctx,"%s%s",
+						state[i]->dname,fname);	
+		state[i]->mode=START;
+		state[i]->writecnt=0;
+	}
+	
+	torture_comment(tctx, "Starting async requests\n");	
+	while(finished != torture_nprocs){
+		finished=0;
+		for(i = 0; i<torture_nprocs;i++){
+			switch (state[i]->mode){
+			/*open multiple connections with the same userid */
+			case START:
+				smb_con = talloc_zero(
+					tctx,struct smb_composite_connect);
+				state[i]->req_params=smb_con; 
+				state[i]->mode=OPEN_CONNECTION;
+				req1 = torture_connect_async(
+					tctx, smb_con, tctx,ev,
+					lpparams.unc[i % num_unc_names]->host,
+					lpparams.unc[i % num_unc_names]->share,
+					lpparams.workgroup);
+				/* register callback fn + private data */
+				req1->async.fn = async_open_callback;
+				req1->async.private_data=state[i];
+				break;
+			/*setup test dirs (sync)*/
+			case CLEANUP_TESTDIR:
+				torture_comment(tctx, "Setup test dir %d\n",i);
+				smb_raw_exit(state[i]->cli->session);
+				if (smbcli_deltree(state[i]->cli, 
+						state[i]->dname) == -1) {
+					torture_comment(
+						tctx,
+						"Unable to delete %s - %s\n", 
+						state[i]->dname,
+						smbcli_errstr(state[i]->cli));
+					state[i]->mode=ERROR;
+					break;
+				}
+				state[i]->mode=MK_TESTDIR;
+				parms.mkdir.level = RAW_MKDIR_MKDIR;
+				parms.mkdir.in.path = state[i]->dname;
+				req = smb_raw_mkdir_send(state[i]->cli,&parms);
+				/* register callback fn + private data */
+				req->async.fn = benchrw_callback;
+				req->async.private_data=state[i];
+				break;
+			/* error occurred , finish */
+			case ERROR:
+				finished++;
+				success=false;
+				break;
+			/* cleanup , close connection */
+			case CLEANUP:
+				torture_comment(tctx, "Deleting test dir %s "
+						"%d/%d\n",state[i]->dname,
+						i+1,torture_nprocs);
+				smbcli_deltree(state[i]->cli,state[i]->dname);
+				if (NT_STATUS_IS_ERR(smb_tree_disconnect(
+							     state[i]->cli))) {
+					torture_comment(tctx, "ERROR: Tree "
+							"disconnect failed");
+					state[i]->mode=ERROR;
+					break;
+				}
+				state[i]->mode=FINISHED;
+
+				FALL_THROUGH;
+			case FINISHED:
+				finished++;
+				break;
+			default:
+				tevent_loop_once(ev);
+			}
+		}
+	}
+				
+	return success;	
+}
+
diff --git a/source4/torture/basic/properties.c b/source4/torture/basic/properties.c
new file mode 100644
index 0000000..b63acc7
--- /dev/null
+++ b/source4/torture/basic/properties.c
@@ -0,0 +1,118 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   show server properties
+
+   Copyright (C) Andrew Tridgell 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "torture/basic/proto.h"
+
+struct bitmapping {
+	const char *name;
+	uint32_t value;
+};
+
+#define BIT_NAME(x) { #x, x }
+
+const static struct bitmapping fs_attr_bits[] = {
+	BIT_NAME(FS_ATTR_CASE_SENSITIVE_SEARCH),
+	BIT_NAME(FS_ATTR_CASE_PRESERVED_NAMES),
+	BIT_NAME(FS_ATTR_UNICODE_ON_DISK),
+	BIT_NAME(FS_ATTR_PERSISTANT_ACLS),
+	BIT_NAME(FS_ATTR_COMPRESSION),
+	BIT_NAME(FS_ATTR_QUOTAS),
+	BIT_NAME(FS_ATTR_SPARSE_FILES),
+	BIT_NAME(FS_ATTR_REPARSE_POINTS),
+	BIT_NAME(FS_ATTR_REMOTE_STORAGE),
+	BIT_NAME(FS_ATTR_LFN_SUPPORT),
+	BIT_NAME(FS_ATTR_IS_COMPRESSED),
+	BIT_NAME(FS_ATTR_OBJECT_IDS),
+	BIT_NAME(FS_ATTR_ENCRYPTION),
+	BIT_NAME(FS_ATTR_NAMED_STREAMS),
+	{ NULL, 0 }
+};
+
+const static struct bitmapping capability_bits[] = {
+	BIT_NAME(CAP_RAW_MODE),
+	BIT_NAME(CAP_MPX_MODE),
+	BIT_NAME(CAP_UNICODE),
+	BIT_NAME(CAP_LARGE_FILES),
+	BIT_NAME(CAP_NT_SMBS),
+	BIT_NAME(CAP_RPC_REMOTE_APIS),
+	BIT_NAME(CAP_STATUS32),
+	BIT_NAME(CAP_LEVEL_II_OPLOCKS),
+	BIT_NAME(CAP_LOCK_AND_READ),
+	BIT_NAME(CAP_NT_FIND),
+	BIT_NAME(CAP_DFS),
+	BIT_NAME(CAP_W2K_SMBS),
+	BIT_NAME(CAP_LARGE_READX),
+	BIT_NAME(CAP_LARGE_WRITEX),
+	BIT_NAME(CAP_UNIX),
+	BIT_NAME(CAP_EXTENDED_SECURITY),
+	{ NULL, 0 }
+};
+
+static void show_bits(const struct bitmapping *bm, uint32_t value)
+{
+	int i;
+	for (i=0;bm[i].name;i++) {
+		if (value & bm[i].value) {
+			d_printf("\t%s\n", bm[i].name);
+			value &= ~bm[i].value;
+		}
+	}
+	if (value != 0) {
+		d_printf("\tunknown bits: 0x%08x\n", value);
+	}
+}
+
+
+/*
+  print out server properties
+ */
+bool torture_test_properties(struct torture_context *torture, 
+			     struct smbcli_state *cli)
+{
+	bool correct = true;
+	union smb_fsinfo fs;
+	NTSTATUS status;
+	
+	d_printf("Capabilities: 0x%08x\n", cli->transport->negotiate.capabilities);
+	show_bits(capability_bits, cli->transport->negotiate.capabilities);
+	d_printf("\n");
+
+	fs.attribute_info.level = RAW_QFS_ATTRIBUTE_INFO;
+	status = smb_raw_fsinfo(cli->tree, cli, &fs);
+	if (!NT_STATUS_IS_OK(status)) {
+		d_printf("qfsinfo failed - %s\n", nt_errstr(status));
+		correct = false;
+	} else {
+		d_printf("Filesystem attributes: 0x%08x\n", 
+			 fs.attribute_info.out.fs_attr);
+		show_bits(fs_attr_bits, fs.attribute_info.out.fs_attr);
+		d_printf("max_file_component_length: %d\n", 
+			 fs.attribute_info.out.max_file_component_length);
+		d_printf("fstype: %s\n", fs.attribute_info.out.fs_type.s);
+	}
+
+	return correct;
+}
+
+
diff --git a/source4/torture/basic/rename.c b/source4/torture/basic/rename.c
new file mode 100644
index 0000000..a80dd6e
--- /dev/null
+++ b/source4/torture/basic/rename.c
@@ -0,0 +1,98 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   rename testing
+
+   Copyright (C) Andrew Tridgell 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "torture/basic/proto.h"
+
+/*
+  Test rename on files open with share delete and no share delete.
+ */
+bool torture_test_rename(struct torture_context *tctx, 
+			 struct smbcli_state *cli1)
+{
+	const char *fname = "\\test.txt";
+	const char *fname1 = "\\test1.txt";
+	int fnum1;
+
+	smbcli_unlink(cli1->tree, fname);
+	smbcli_unlink(cli1->tree, fname1);
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, 
+				      SEC_RIGHTS_FILE_READ, 
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_READ, 
+				      NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
+
+	torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "First open failed - %s", 
+		       smbcli_errstr(cli1->tree)));
+
+	torture_assert(tctx, NT_STATUS_IS_ERR(smbcli_rename(cli1->tree, fname, fname1)), 
+					"First rename succeeded - this should have failed !");
+
+	torture_assert_ntstatus_ok(tctx, smbcli_close(cli1->tree, fnum1),
+		talloc_asprintf(tctx, "close - 1 failed (%s)", smbcli_errstr(cli1->tree)));
+
+	smbcli_unlink(cli1->tree, fname);
+	smbcli_unlink(cli1->tree, fname1);
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, 
+				      SEC_RIGHTS_FILE_READ, 
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_DELETE|NTCREATEX_SHARE_ACCESS_READ, 
+				      NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
+
+	torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, 
+				   "Second open failed - %s", smbcli_errstr(cli1->tree)));
+
+	torture_assert_ntstatus_ok(tctx, smbcli_rename(cli1->tree, fname, fname1),
+		talloc_asprintf(tctx, 
+				"Second rename failed - this should have succeeded - %s", 
+		       smbcli_errstr(cli1->tree)));
+
+	torture_assert_ntstatus_ok(tctx, smbcli_close(cli1->tree, fnum1),
+		talloc_asprintf(tctx, 
+		"close - 2 failed (%s)", smbcli_errstr(cli1->tree)));
+
+	smbcli_unlink(cli1->tree, fname);
+	smbcli_unlink(cli1->tree, fname1);
+
+	fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, 
+				      SEC_STD_READ_CONTROL, 
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_NONE, 
+				      NTCREATEX_DISP_OVERWRITE_IF, 0, 0);
+
+	torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "Third open failed - %s", 
+			smbcli_errstr(cli1->tree)));
+
+	torture_assert_ntstatus_ok(tctx, smbcli_rename(cli1->tree, fname, fname1),
+		talloc_asprintf(tctx, "Third rename failed - this should have succeeded - %s", 
+		       smbcli_errstr(cli1->tree)));
+
+	torture_assert_ntstatus_ok(tctx, smbcli_close(cli1->tree, fnum1), 
+		talloc_asprintf(tctx, "close - 3 failed (%s)", smbcli_errstr(cli1->tree)));
+
+	smbcli_unlink(cli1->tree, fname);
+	smbcli_unlink(cli1->tree, fname1);
+
+	return true;
+}
+
diff --git a/source4/torture/basic/scanner.c b/source4/torture/basic/scanner.c
new file mode 100644
index 0000000..144b7d0
--- /dev/null
+++ b/source4/torture/basic/scanner.c
@@ -0,0 +1,623 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB torture tester - scanning functions
+   Copyright (C) Andrew Tridgell 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "libcli/raw/raw_proto.h"
+#include "system/filesys.h"
+#include "param/param.h"
+#include "torture/basic/proto.h"
+
+#define VERBOSE 0
+#define OP_MIN 0
+#define OP_MAX 100
+#define PARAM_SIZE 1024
+
+/****************************************************************************
+look for a partial hit
+****************************************************************************/
+static void trans2_check_hit(const char *format, int op, int level, NTSTATUS status)
+{
+	if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_LEVEL) ||
+	    NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED) ||
+	    NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED) ||
+	    NT_STATUS_EQUAL(status, NT_STATUS_UNSUCCESSFUL) ||
+	    NT_STATUS_EQUAL(status, NT_STATUS_INVALID_INFO_CLASS)) {
+		return;
+	}
+#if VERBOSE
+	printf("possible %s hit op=%3d level=%5d status=%s\n",
+	       format, op, level, nt_errstr(status));
+#endif
+}
+
+/****************************************************************************
+check for existence of a trans2 call
+****************************************************************************/
+static NTSTATUS try_trans2(struct smbcli_state *cli, 
+			   int op,
+			   uint8_t *param, uint8_t *data,
+			   int param_len, int data_len,
+			   int *rparam_len, int *rdata_len)
+{
+	NTSTATUS status;
+	struct smb_trans2 t2;
+	uint16_t setup = op;
+	TALLOC_CTX *mem_ctx;
+
+	mem_ctx = talloc_init("try_trans2");
+
+	t2.in.max_param = UINT16_MAX;
+	t2.in.max_data = UINT16_MAX;
+	t2.in.max_setup = 10;
+	t2.in.flags = 0;
+	t2.in.timeout = 0;
+	t2.in.setup_count = 1;
+	t2.in.setup = &setup;
+	t2.in.params.data = param;
+	t2.in.params.length = param_len;
+	t2.in.data.data = data;
+	t2.in.data.length = data_len;
+
+	status = smb_raw_trans2(cli->tree, mem_ctx, &t2);
+
+	*rparam_len = t2.out.params.length;
+	*rdata_len = t2.out.data.length;
+
+	talloc_free(mem_ctx);
+
+	return status;
+}
+
+
+static NTSTATUS try_trans2_len(struct smbcli_state *cli,
+			     const char *format,
+			     int op, int level,
+			     uint8_t *param, uint8_t *data,
+			     int param_len, int *data_len,
+			     int *rparam_len, int *rdata_len)
+{
+	NTSTATUS ret=NT_STATUS_OK;
+
+	ret = try_trans2(cli, op, param, data, param_len,
+			 PARAM_SIZE, rparam_len, rdata_len);
+#if VERBOSE
+	printf("op=%d level=%d ret=%s\n", op, level, nt_errstr(ret));
+#endif
+	if (!NT_STATUS_IS_OK(ret)) return ret;
+
+	*data_len = 0;
+	while (*data_len < PARAM_SIZE) {
+		ret = try_trans2(cli, op, param, data, param_len,
+				 *data_len, rparam_len, rdata_len);
+		if (NT_STATUS_IS_OK(ret)) break;
+		*data_len += 2;
+	}
+	if (NT_STATUS_IS_OK(ret)) {
+		printf("found %s level=%d data_len=%d rparam_len=%d rdata_len=%d\n",
+		       format, level, *data_len, *rparam_len, *rdata_len);
+	} else {
+		trans2_check_hit(format, op, level, ret);
+	}
+	return ret;
+}
+
+
+/****************************************************************************
+check whether a trans2 opnum exists at all
+****************************************************************************/
+static bool trans2_op_exists(struct smbcli_state *cli, int op)
+{
+	int data_len = PARAM_SIZE;
+	int param_len = PARAM_SIZE;
+	int rparam_len, rdata_len;
+	uint8_t *param, *data;
+	NTSTATUS status1, status2;
+	TALLOC_CTX *mem_ctx;
+
+	mem_ctx = talloc_init("trans2_op_exists");
+
+	/* try with a info level only */
+
+	param = talloc_array(mem_ctx, uint8_t, param_len);
+	data  = talloc_array(mem_ctx, uint8_t, data_len);
+
+	memset(param, 0xFF, param_len);
+	memset(data, 0xFF, data_len);
+
+	status1 = try_trans2(cli, 0xFFFF, param, data, param_len, data_len,
+			     &rparam_len, &rdata_len);
+
+	status2 = try_trans2(cli, op, param, data, param_len, data_len,
+			     &rparam_len, &rdata_len);
+
+	if (NT_STATUS_EQUAL(status1, status2)) {
+		talloc_free(mem_ctx);
+		return false;
+	}
+
+	printf("Found op %d (status=%s)\n", op, nt_errstr(status2));
+
+	talloc_free(mem_ctx);
+	return true;
+}
+
+/****************************************************************************
+check for existence of a trans2 call
+****************************************************************************/
+static bool scan_trans2(
+			struct smbcli_state *cli, int op, int level,
+			int fnum, int dnum, int qfnum, const char *fname)
+{
+	int data_len = 0;
+	int param_len = 0;
+	int rparam_len, rdata_len;
+	uint8_t *param, *data;
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx;
+
+	mem_ctx = talloc_init("scan_trans2");
+
+	data = talloc_array(mem_ctx, uint8_t, PARAM_SIZE);
+	param = talloc_array(mem_ctx, uint8_t, PARAM_SIZE);
+
+	memset(data, 0, PARAM_SIZE);
+	data_len = 4;
+
+	/* try with a info level only */
+	param_len = 2;
+	SSVAL(param, 0, level);
+	status = try_trans2_len(cli, "void", op, level, param, data, param_len,
+			&data_len, &rparam_len, &rdata_len);
+	if (NT_STATUS_IS_OK(status)) {
+		talloc_free(mem_ctx);
+		return true;
+	}
+
+	/* try with a file descriptor */
+	param_len = 6;
+	SSVAL(param, 0, fnum);
+	SSVAL(param, 2, level);
+	SSVAL(param, 4, 0);
+	status = try_trans2_len(cli, "fnum", op, level, param, data, param_len,
+			&data_len, &rparam_len, &rdata_len);
+	if (NT_STATUS_IS_OK(status)) {
+		talloc_free(mem_ctx);
+		return true;
+	}
+
+	/* try with a quota file descriptor */
+	param_len = 6;
+	SSVAL(param, 0, qfnum);
+	SSVAL(param, 2, level);
+	SSVAL(param, 4, 0);
+	status = try_trans2_len(cli, "qfnum", op, level, param, data, param_len,
+		       	&data_len, &rparam_len, &rdata_len);
+	if (NT_STATUS_IS_OK(status)) {
+		talloc_free(mem_ctx);
+		return true;
+	}
+
+	/* try with a notify style */
+	param_len = 6;
+	SSVAL(param, 0, dnum);
+	SSVAL(param, 2, dnum);
+	SSVAL(param, 4, level);
+	status = try_trans2_len(cli, "notify", op, level, param, data,
+			param_len, &data_len, &rparam_len, &rdata_len);
+	if (NT_STATUS_IS_OK(status)) {
+		talloc_free(mem_ctx);
+		return true;
+	}
+
+	/* try with a file name */
+	param_len = 6;
+	SSVAL(param, 0, level);
+	SSVAL(param, 2, 0);
+	SSVAL(param, 4, 0);
+	param_len += push_string(
+			&param[6], fname, PARAM_SIZE-7,
+			STR_TERMINATE|STR_UNICODE);
+
+	status = try_trans2_len(cli, "fname", op, level, param, data, param_len,
+			&data_len, &rparam_len, &rdata_len);
+	if (NT_STATUS_IS_OK(status)) {
+		talloc_free(mem_ctx);
+		return true;
+	}
+
+	/* try with a new file name */
+	param_len = 6;
+	SSVAL(param, 0, level);
+	SSVAL(param, 2, 0);
+	SSVAL(param, 4, 0);
+	param_len += push_string(
+			&param[6], "\\newfile.dat", PARAM_SIZE-7,
+			STR_TERMINATE|STR_UNICODE);
+
+	status = try_trans2_len(cli, "newfile", op, level, param, data,
+			param_len, &data_len, &rparam_len, &rdata_len);
+	smbcli_unlink(cli->tree, "\\newfile.dat");
+	smbcli_rmdir(cli->tree, "\\newfile.dat");
+	if (NT_STATUS_IS_OK(status)) {
+		talloc_free(mem_ctx);
+		return true;
+	}
+
+	/* try dfs style  */
+	smbcli_mkdir(cli->tree, "\\testdir");
+	param_len = 2;
+	SSVAL(param, 0, level);
+	param_len += push_string(
+			&param[2], "\\testdir", PARAM_SIZE-3,
+			STR_TERMINATE|STR_UNICODE);
+
+	status = try_trans2_len(cli, "dfs", op, level, param, data, param_len,
+			&data_len, &rparam_len, &rdata_len);
+	smbcli_rmdir(cli->tree, "\\testdir");
+	if (NT_STATUS_IS_OK(status)) {
+		talloc_free(mem_ctx);
+		return true;
+	}
+
+	talloc_free(mem_ctx);
+	return false;
+}
+
+bool torture_trans2_scan(struct torture_context *torture,
+						 struct smbcli_state *cli)
+{
+	int op, level;
+	const char *fname = "\\scanner.dat";
+	int fnum, dnum, qfnum;
+
+	fnum = smbcli_open(cli->tree, fname, O_RDWR | O_CREAT | O_TRUNC, DENY_NONE);
+	if (fnum == -1) {
+		printf("file open failed - %s\n", smbcli_errstr(cli->tree));
+	}
+	dnum = smbcli_nt_create_full(cli->tree, "\\", 
+				     0, 
+				     SEC_RIGHTS_FILE_READ, 
+				     FILE_ATTRIBUTE_NORMAL,
+				     NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE, 
+				     NTCREATEX_DISP_OPEN, 
+				     NTCREATEX_OPTIONS_DIRECTORY, 0);
+	if (dnum == -1) {
+		printf("directory open failed - %s\n", smbcli_errstr(cli->tree));
+	}
+	qfnum = smbcli_nt_create_full(cli->tree, "\\$Extend\\$Quota:$Q:$INDEX_ALLOCATION", 
+				   NTCREATEX_FLAGS_EXTENDED, 
+				   SEC_FLAG_MAXIMUM_ALLOWED, 
+				   0,
+				   NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE, 
+				   NTCREATEX_DISP_OPEN, 
+				   0, 0);
+	if (qfnum == -1) {
+		printf("quota open failed - %s\n", smbcli_errstr(cli->tree));
+	}
+
+	for (op=OP_MIN; op<=OP_MAX; op++) {
+
+		if (!trans2_op_exists(cli, op)) {
+			continue;
+		}
+
+		for (level = 0; level <= 50; level++) {
+			scan_trans2(cli, op, level, fnum, dnum, qfnum, fname);
+		}
+
+		for (level = 0x100; level <= 0x130; level++) {
+			scan_trans2(cli, op, level, fnum, dnum, qfnum, fname);
+		}
+
+		for (level = 1000; level < 1050; level++) {
+			scan_trans2(cli, op, level, fnum, dnum, qfnum, fname);
+		}
+	}
+
+	return true;
+}
+
+
+
+
+/****************************************************************************
+look for a partial hit
+****************************************************************************/
+static void nttrans_check_hit(const char *format, int op, int level, NTSTATUS status)
+{
+	if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_LEVEL) ||
+	    NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED) ||
+	    NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED) ||
+	    NT_STATUS_EQUAL(status, NT_STATUS_UNSUCCESSFUL) ||
+	    NT_STATUS_EQUAL(status, NT_STATUS_INVALID_INFO_CLASS)) {
+		return;
+	}
+#if VERBOSE
+		printf("possible %s hit op=%3d level=%5d status=%s\n",
+		       format, op, level, nt_errstr(status));
+#endif
+}
+
+/****************************************************************************
+check for existence of a nttrans call
+****************************************************************************/
+static NTSTATUS try_nttrans(struct smbcli_state *cli, 
+			    int op,
+			    uint8_t *param, uint8_t *data,
+			    int param_len, int data_len,
+			    int *rparam_len, int *rdata_len)
+{
+	struct smb_nttrans parms;
+	DATA_BLOB ntparam_blob, ntdata_blob;
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+
+	mem_ctx = talloc_init("try_nttrans");
+
+	ntparam_blob.length = param_len;
+	ntparam_blob.data = param;
+	ntdata_blob.length = data_len;
+	ntdata_blob.data = data;
+
+	parms.in.max_param = UINT32_MAX;
+	parms.in.max_data = UINT32_MAX;
+	parms.in.max_setup = 0;
+	parms.in.setup_count = 0;
+	parms.in.function = op;
+	parms.in.params = ntparam_blob;
+	parms.in.data = ntdata_blob;
+	
+	status = smb_raw_nttrans(cli->tree, mem_ctx, &parms);
+	
+	if (NT_STATUS_IS_ERR(status)) {
+		DEBUG(1,("Failed to send NT_TRANS\n"));
+		talloc_free(mem_ctx);
+		return status;
+	}
+	*rparam_len = parms.out.params.length;
+	*rdata_len = parms.out.data.length;
+
+	talloc_free(mem_ctx);
+
+	return status;
+}
+
+
+static NTSTATUS try_nttrans_len(struct smbcli_state *cli,
+			     const char *format,
+			     int op, int level,
+			     uint8_t *param, uint8_t *data,
+			     int param_len, int *data_len,
+			     int *rparam_len, int *rdata_len)
+{
+	NTSTATUS ret=NT_STATUS_OK;
+
+	ret = try_nttrans(cli, op, param, data, param_len,
+			 PARAM_SIZE, rparam_len, rdata_len);
+#if VERBOSE
+	printf("op=%d level=%d ret=%s\n", op, level, nt_errstr(ret));
+#endif
+	if (!NT_STATUS_IS_OK(ret)) return ret;
+
+	*data_len = 0;
+	while (*data_len < PARAM_SIZE) {
+		ret = try_nttrans(cli, op, param, data, param_len,
+				 *data_len, rparam_len, rdata_len);
+		if (NT_STATUS_IS_OK(ret)) break;
+		*data_len += 2;
+	}
+	if (NT_STATUS_IS_OK(ret)) {
+		printf("found %s level=%d data_len=%d rparam_len=%d rdata_len=%d\n",
+		       format, level, *data_len, *rparam_len, *rdata_len);
+	} else {
+		nttrans_check_hit(format, op, level, ret);
+	}
+	return ret;
+}
+
+/****************************************************************************
+check for existence of a nttrans call
+****************************************************************************/
+static bool scan_nttrans(struct smbcli_state *cli, int op, int level,
+			int fnum, int dnum, const char *fname)
+{
+	int data_len = 0;
+	int param_len = 0;
+	int rparam_len, rdata_len;
+	uint8_t *param, *data;
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx;
+
+	mem_ctx = talloc_init("scan_nttrans");
+
+	param = talloc_array(mem_ctx, uint8_t, PARAM_SIZE);
+	data = talloc_array(mem_ctx, uint8_t, PARAM_SIZE);
+	memset(data, 0, PARAM_SIZE);
+	data_len = 4;
+
+	/* try with a info level only */
+	param_len = 2;
+	SSVAL(param, 0, level);
+	status = try_nttrans_len(cli, "void", op, level, param, data, param_len,
+			&data_len, &rparam_len, &rdata_len);
+	if (NT_STATUS_IS_OK(status)) {
+		talloc_free(mem_ctx);
+		return true;
+	}
+
+	/* try with a file descriptor */
+	param_len = 6;
+	SSVAL(param, 0, fnum);
+	SSVAL(param, 2, level);
+	SSVAL(param, 4, 0);
+	status = try_nttrans_len(cli, "fnum", op, level, param, data, param_len,
+			&data_len, &rparam_len, &rdata_len);
+	if (NT_STATUS_IS_OK(status)) {
+		talloc_free(mem_ctx);
+		return true;
+	}
+
+	/* try with a notify style */
+	param_len = 6;
+	SSVAL(param, 0, dnum);
+	SSVAL(param, 2, dnum);
+	SSVAL(param, 4, level);
+	status = try_nttrans_len(cli, "notify", op, level, param, data,
+			param_len, &data_len, &rparam_len, &rdata_len);
+	if (NT_STATUS_IS_OK(status)) {
+		talloc_free(mem_ctx);
+		return true;
+	}
+
+	/* try with a file name */
+	param_len = 6;
+	SSVAL(param, 0, level);
+	SSVAL(param, 2, 0);
+	SSVAL(param, 4, 0);
+	param_len += push_string(
+			&param[6], fname, PARAM_SIZE,
+			STR_TERMINATE | STR_UNICODE);
+
+	status = try_nttrans_len(cli, "fname", op, level, param, data,
+			param_len, &data_len, &rparam_len, &rdata_len);
+	if (NT_STATUS_IS_OK(status)) {
+		talloc_free(mem_ctx);
+		return true;
+	}
+
+	/* try with a new file name */
+	param_len = 6;
+	SSVAL(param, 0, level);
+	SSVAL(param, 2, 0);
+	SSVAL(param, 4, 0);
+	param_len += push_string(
+			&param[6], "\\newfile.dat", PARAM_SIZE,
+			STR_TERMINATE | STR_UNICODE);
+
+	status = try_nttrans_len(cli, "newfile", op, level, param, data,
+			param_len, &data_len, &rparam_len, &rdata_len);
+	smbcli_unlink(cli->tree, "\\newfile.dat");
+	smbcli_rmdir(cli->tree, "\\newfile.dat");
+	if (NT_STATUS_IS_OK(status)) {
+		talloc_free(mem_ctx);
+		return true;
+	}
+
+	/* try dfs style  */
+	smbcli_mkdir(cli->tree, "\\testdir");
+	param_len = 2;
+	SSVAL(param, 0, level);
+	param_len += push_string(&param[2], "\\testdir", PARAM_SIZE,
+			STR_TERMINATE | STR_UNICODE);
+
+	status = try_nttrans_len(cli, "dfs", op, level, param, data, param_len,
+			&data_len, &rparam_len, &rdata_len);
+	smbcli_rmdir(cli->tree, "\\testdir");
+	if (NT_STATUS_IS_OK(status)) {
+		talloc_free(mem_ctx);
+		return true;
+	}
+
+	talloc_free(mem_ctx);
+	return false;
+}
+
+
+bool torture_nttrans_scan(struct torture_context *torture, 
+			  struct smbcli_state *cli)
+{
+	int op, level;
+	const char *fname = "\\scanner.dat";
+	int fnum, dnum;
+
+	fnum = smbcli_open(cli->tree, fname, O_RDWR | O_CREAT | O_TRUNC, 
+			 DENY_NONE);
+	dnum = smbcli_open(cli->tree, "\\", O_RDONLY, DENY_NONE);
+
+	for (op=OP_MIN; op<=OP_MAX; op++) {
+		printf("Scanning op=%d\n", op);
+		for (level = 0; level <= 50; level++) {
+			scan_nttrans(cli, op, level, fnum, dnum, fname);
+		}
+
+		for (level = 0x100; level <= 0x130; level++) {
+			scan_nttrans(cli, op, level, fnum, dnum, fname);
+		}
+
+		for (level = 1000; level < 1050; level++) {
+			scan_nttrans(cli, op, level, fnum, dnum, fname);
+		}
+	}
+
+	printf("nttrans scan finished\n");
+	return true;
+}
+
+
+/* scan for valid base SMB requests */
+bool torture_smb_scan(struct torture_context *torture)
+{
+	static struct smbcli_state *cli;
+	int op;
+	struct smbcli_request *req;
+	NTSTATUS status;
+
+	for (op=0x0;op<=0xFF;op++) {
+		if (op == SMBreadbraw) continue;
+
+		if (!torture_open_connection(&cli, torture, 0)) {
+			return false;
+		}
+
+		req = smbcli_request_setup(cli->tree, op, 0, 0);
+
+		if (!smbcli_request_send(req)) {
+			smbcli_request_destroy(req);
+			break;
+		}
+
+		usleep(10000);
+		smbcli_transport_process(cli->transport);
+		if (req->state > SMBCLI_REQUEST_RECV) {
+			status = smbcli_request_simple_recv(req);
+			printf("op=0x%x status=%s\n", op, nt_errstr(status));
+			torture_close_connection(cli);
+			continue;
+		}
+
+		sleep(1);
+		smbcli_transport_process(cli->transport);
+		if (req->state > SMBCLI_REQUEST_RECV) {
+			status = smbcli_request_simple_recv(req);
+			printf("op=0x%x status=%s\n", op, nt_errstr(status));
+		} else {
+			printf("op=0x%x no reply\n", op);
+			smbcli_request_destroy(req);
+			continue; /* don't attempt close! */
+		}
+
+		torture_close_connection(cli);
+	}
+
+
+	printf("smb scan finished\n");
+	return true;
+}
diff --git a/source4/torture/basic/secleak.c b/source4/torture/basic/secleak.c
new file mode 100644
index 0000000..9db9f54
--- /dev/null
+++ b/source4/torture/basic/secleak.c
@@ -0,0 +1,77 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   find security related memory leaks
+
+   Copyright (C) Andrew Tridgell 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "system/time.h"
+#include "libcli/smb_composite/smb_composite.h"
+#include "auth/credentials/credentials.h"
+#include "param/param.h"
+#include "torture/basic/proto.h"
+
+static bool try_failed_login(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	NTSTATUS status;
+	struct smb_composite_sesssetup setup;
+	struct smbcli_session *session;
+	struct smbcli_session_options options;
+
+	lpcfg_smbcli_session_options(tctx->lp_ctx, &options);
+
+	session = smbcli_session_init(cli->transport, cli, false, options);
+	setup.in.sesskey = cli->transport->negotiate.sesskey;
+	setup.in.capabilities = cli->transport->negotiate.capabilities;
+	setup.in.workgroup = lpcfg_workgroup(tctx->lp_ctx);
+	setup.in.credentials = cli_credentials_init(session);
+	setup.in.gensec_settings = lpcfg_gensec_settings(tctx, tctx->lp_ctx);
+
+	cli_credentials_set_conf(setup.in.credentials, tctx->lp_ctx);
+	cli_credentials_set_domain(setup.in.credentials, "INVALID-DOMAIN", CRED_SPECIFIED);
+	cli_credentials_set_username(setup.in.credentials, "INVALID-USERNAME", CRED_SPECIFIED);
+	cli_credentials_set_password(setup.in.credentials, "INVALID-PASSWORD", CRED_SPECIFIED);
+
+	status = smb_composite_sesssetup(session, &setup);
+	talloc_free(session);
+	if (NT_STATUS_IS_OK(status)) {
+		printf("Allowed session setup with invalid credentials?!\n");
+		return false;
+	}
+
+	return true;
+}
+
+bool torture_sec_leak(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	time_t t1 = time_mono(NULL);
+	int timelimit = torture_setting_int(tctx, "timelimit", 20);
+
+	while (time_mono(NULL) < t1+timelimit) {
+		if (!try_failed_login(tctx, cli)) {
+			return false;
+		}
+		talloc_report(NULL, stdout);
+	}
+
+	return true;
+}
diff --git a/source4/torture/basic/unlink.c b/source4/torture/basic/unlink.c
new file mode 100644
index 0000000..dee71bd
--- /dev/null
+++ b/source4/torture/basic/unlink.c
@@ -0,0 +1,91 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   unlink tester
+
+   Copyright (C) Andrew Tridgell 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "torture/basic/proto.h"
+
+#define BASEDIR "\\unlinktest"
+
+/*
+  This test checks that 
+
+  1) the server does not allow an unlink on a file that is open
+*/
+bool torture_unlinktest(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	const char *fname = BASEDIR "\\unlink.tst";
+	int fnum;
+	bool correct = true;
+	union smb_open io;
+	NTSTATUS status;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), 
+				   talloc_asprintf(tctx, "Failed setting up %s", BASEDIR));
+
+	cli->session->pid = 1;
+
+	torture_comment(tctx, "Opening a file\n");
+
+	fnum = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	torture_assert(tctx, fnum != -1, talloc_asprintf(tctx, "open of %s failed (%s)", fname, smbcli_errstr(cli->tree)));
+
+	torture_comment(tctx, "Unlinking a open file\n");
+
+	torture_assert(tctx, !NT_STATUS_IS_OK(smbcli_unlink(cli->tree, fname)),
+		"server allowed unlink on an open file");
+	
+	correct = check_error(__location__, cli, ERRDOS, ERRbadshare, 
+				      NT_STATUS_SHARING_VIOLATION);
+
+	smbcli_close(cli->tree, fnum);
+	smbcli_unlink(cli->tree, fname);
+
+	torture_comment(tctx, "Testing unlink after ntcreatex with DELETE access\n");
+
+	io.ntcreatex.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
+	io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+	io.ntcreatex.in.file_attr = 0;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_IMPERSONATION;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_DELETE;
+	io.ntcreatex.in.access_mask  = SEC_RIGHTS_FILE_ALL;
+
+	status = smb_raw_open(cli->tree, cli, &io);
+	torture_assert_ntstatus_ok(tctx, status, talloc_asprintf(tctx, "failed to open %s", fname));
+
+	torture_assert(tctx, !NT_STATUS_IS_OK(smbcli_unlink(cli->tree, fname)),
+		"server allowed unlink on an open file");
+
+	correct = check_error(__location__, cli, ERRDOS, ERRbadshare, 
+				      NT_STATUS_SHARING_VIOLATION);
+
+	return correct;
+}
+
+
diff --git a/source4/torture/basic/utable.c b/source4/torture/basic/utable.c
new file mode 100644
index 0000000..a3ddf1a
--- /dev/null
+++ b/source4/torture/basic/utable.c
@@ -0,0 +1,202 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB torture tester - unicode table dumper
+   Copyright (C) Andrew Tridgell 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "system/locale.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "param/param.h"
+#include "torture/basic/proto.h"
+#include "lib/util/sys_rw.h"
+
+bool torture_utable(struct torture_context *tctx, 
+					struct smbcli_state *cli)
+{
+	char fname[256];
+	const char *alt_name;
+	int fnum;
+	uint8_t c2[4];
+	int c, fd;
+	size_t len;
+	int chars_allowed=0, alt_allowed=0;
+	uint8_t valid[0x10000];
+
+	torture_comment(tctx, "Generating valid character table\n");
+
+	memset(valid, 0, sizeof(valid));
+
+	torture_assert(tctx, torture_setup_dir(cli, "\\utable"),
+				   "Setting up dir \\utable failed");
+
+	for (c=1; c < 0x10000; c++) {
+		char *p;
+
+		SSVAL(c2, 0, c);
+		strncpy(fname, "\\utable\\x", sizeof(fname)-1);
+		p = fname+strlen(fname);
+		len = 0;
+		if (!convert_string(CH_UTF16, CH_UNIX,
+				     c2, 2, 
+				     p, sizeof(fname)-strlen(fname), &len)) {
+			torture_comment(tctx, "convert_string failed [%s]\n",
+				fname);
+			continue;
+		}
+
+		p[len] = 0;
+		strncat(fname,"_a_long_extension",sizeof(fname)-1);
+
+		fnum = smbcli_open(cli->tree, fname, O_RDWR | O_CREAT | O_TRUNC, 
+				DENY_NONE);
+		if (fnum == -1) continue;
+
+		chars_allowed++;
+
+		smbcli_qpathinfo_alt_name(cli->tree, fname, &alt_name);
+
+		if (strncmp(alt_name, "X_A_L", 5) != 0) {
+			alt_allowed++;
+			valid[c] = 1;
+			torture_comment(tctx, "fname=[%s] alt_name=[%s]\n", fname, alt_name);
+		}
+
+		smbcli_close(cli->tree, fnum);
+		smbcli_unlink(cli->tree, fname);
+
+		if (c % 100 == 0) {
+			if (torture_setting_bool(tctx, "progress", true)) {
+				torture_comment(tctx, "%d (%d/%d)\r", c, chars_allowed, alt_allowed);
+				fflush(stdout);
+			}
+		}
+	}
+	torture_comment(tctx, "%d (%d/%d)\n", c, chars_allowed, alt_allowed);
+
+	smbcli_rmdir(cli->tree, "\\utable");
+
+	torture_comment(tctx, "%d chars allowed   %d alt chars allowed\n", chars_allowed, alt_allowed);
+
+	fd = open("valid.dat", O_WRONLY|O_CREAT|O_TRUNC, 0644);
+	torture_assert(tctx, fd != -1, 
+		talloc_asprintf(tctx, 
+		"Failed to create valid.dat - %s", strerror(errno)));
+	sys_write_v(fd, valid, 0x10000);
+	close(fd);
+	torture_comment(tctx, "wrote valid.dat\n");
+
+	return true;
+}
+
+
+static char *form_name(int c)
+{
+	static char fname[256];
+	uint8_t c2[4];
+	char *p;
+	size_t len = 0;
+
+	strncpy(fname, "\\utable\\", sizeof(fname)-1);
+	p = fname+strlen(fname);
+	SSVAL(c2, 0, c);
+
+	if (!convert_string(CH_UTF16, CH_UNIX,
+			     c2, 2, 
+			     p, sizeof(fname)-strlen(fname), &len)) {
+		return NULL;
+	}
+	p[len] = 0;
+	return fname;
+}
+
+bool torture_casetable(struct torture_context *tctx, 
+					   struct smbcli_state *cli)
+{
+	char *fname;
+	int fnum;
+	int c, i;
+#define MAX_EQUIVALENCE 8
+	codepoint_t equiv[0x10000][MAX_EQUIVALENCE];
+
+	torture_comment(tctx, "Determining upper/lower case table\n");
+
+	memset(equiv, 0, sizeof(equiv));
+
+	torture_assert(tctx, torture_setup_dir(cli, "\\utable"),
+				   "Error setting up dir \\utable");
+
+	for (c=1; c < 0x10000; c++) {
+		size_t size;
+
+		if (c == '.' || c == '\\') continue;
+
+		torture_comment(tctx, "%04x (%c)\n", c, isprint(c)?c:'.');
+
+		fname = form_name(c);
+		if (fname == NULL) continue;
+		fnum = smbcli_nt_create_full(cli->tree, fname, 0,
+#if 0
+					     SEC_RIGHT_MAXIMUM_ALLOWED, 
+#else
+					     SEC_RIGHTS_FILE_ALL,
+#endif
+					     FILE_ATTRIBUTE_NORMAL,
+					     NTCREATEX_SHARE_ACCESS_NONE,
+					     NTCREATEX_DISP_OPEN_IF, 0, 0);
+
+		if (fnum == -1) {
+			torture_comment(tctx, "Failed to create file with char %04x\n", c);
+			continue;
+		}
+
+		size = 0;
+
+		if (NT_STATUS_IS_ERR(smbcli_qfileinfo(cli->tree, fnum, NULL, &size, 
+						   NULL, NULL, NULL, NULL, NULL))) continue;
+
+		if (size > 0) {
+			/* found a character equivalence! */
+			int c2[MAX_EQUIVALENCE];
+
+			if (size/sizeof(int) >= MAX_EQUIVALENCE) {
+				torture_comment(tctx, "too many chars match?? size=%d c=0x%04x\n",
+				       (int)size, c);
+				smbcli_close(cli->tree, fnum);
+				return false;
+			}
+
+			smbcli_read(cli->tree, fnum, c2, 0, size);
+			torture_comment(tctx, "%04x: ", c);
+			equiv[c][0] = c;
+			for (i=0; i<size/sizeof(int); i++) {
+				torture_comment(tctx, "%04x ", c2[i]);
+				equiv[c][i+1] = c2[i];
+			}
+			torture_comment(tctx, "\n");
+		}
+
+		smbcli_write(cli->tree, fnum, 0, &c, size, sizeof(c));
+		smbcli_close(cli->tree, fnum);
+	}
+
+	smbcli_unlink_wcard(cli->tree, "\\utable\\*");
+	smbcli_rmdir(cli->tree, "\\utable");
+
+	return true;
+}
diff --git a/source4/torture/dfs/common.c b/source4/torture/dfs/common.c
new file mode 100644
index 0000000..5772c0d
--- /dev/null
+++ b/source4/torture/dfs/common.c
@@ -0,0 +1,71 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for various Domain DFS
+   Copyright (C) Matthieu Patou 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/libcli.h"
+#include "torture/smbtorture.h"
+#include "torture/util.h"
+#include "../librpc/gen_ndr/ndr_dfsblobs.h"
+#include "librpc/ndr/libndr.h"
+#include "param/param.h"
+#include "torture/torture.h"
+#include "torture/dfs/proto.h"
+#include "libcli/raw/raw_proto.h"
+
+NTSTATUS dfs_cli_do_call(struct smbcli_tree *tree,
+			 struct dfs_GetDFSReferral *ref)
+{
+	NTSTATUS result;
+	enum ndr_err_code ndr_err;
+	uint16_t setup = TRANSACT2_GET_DFS_REFERRAL;
+	struct smb_trans2 trans;
+
+	ZERO_STRUCT(trans);
+	trans.in.max_param = 0;
+	trans.in.max_data = 4096;
+	trans.in.max_setup = 0;
+	trans.in.flags = 0;
+	trans.in.timeout = 0;
+	trans.in.setup_count = 1;
+	trans.in.setup = &setup;
+	trans.in.trans_name = NULL;
+
+	ndr_err = ndr_push_struct_blob(&trans.in.params, tree,
+			&ref->in.req,
+			(ndr_push_flags_fn_t)ndr_push_dfs_GetDFSReferral_in);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+	trans.in.data = data_blob(NULL, 0);
+
+	result = smb_raw_trans2(tree, tree, &trans);
+
+	if (!NT_STATUS_IS_OK(result))
+		return result;
+
+	ndr_err = ndr_pull_struct_blob(&trans.out.data, tree,
+			ref->out.resp,
+			(ndr_pull_flags_fn_t)ndr_pull_dfs_referral_resp);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	}
+
+	return NT_STATUS_OK;
+}
+
diff --git a/source4/torture/dfs/domaindfs.c b/source4/torture/dfs/domaindfs.c
new file mode 100644
index 0000000..e9d9ce4
--- /dev/null
+++ b/source4/torture/dfs/domaindfs.c
@@ -0,0 +1,540 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for various Domain DFS
+   Copyright (C) Matthieu Patou 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/libcli.h"
+#include "torture/smbtorture.h"
+#include "torture/util.h"
+#include "../librpc/gen_ndr/ndr_dfsblobs.h"
+#include "librpc/ndr/libndr.h"
+#include "param/param.h"
+#include "torture/torture.h"
+#include "torture/dfs/proto.h"
+
+static bool test_getdomainreferral(struct torture_context *tctx,
+			       struct smbcli_state *cli)
+{
+	struct dfs_GetDFSReferral r;
+	struct dfs_referral_resp resp;
+
+	r.in.req.max_referral_level = 3;
+	r.in.req.servername = "";
+	r.out.resp = &resp;
+
+	torture_assert_ntstatus_ok(tctx,
+		   dfs_cli_do_call(cli->tree, &r),
+		   "Get Domain referral failed");
+
+	torture_assert_int_equal(tctx, resp.path_consumed, 0,
+				 "Path consumed not equal to 0");
+	torture_assert_int_equal(tctx, resp.nb_referrals != 0, 1,
+				 "0 domains referrals returned");
+	torture_assert_int_equal(tctx, resp.header_flags, 0,
+				 "Header flag different it's not a referral server");
+	torture_assert_int_equal(tctx, resp.referral_entries[1].version, 3,
+				 talloc_asprintf(tctx,
+					"Not expected version for referral entry 1 got %d expected 3",
+					resp.referral_entries[1].version));
+	torture_assert_int_equal(tctx, resp.referral_entries[0].version, 3,
+				 talloc_asprintf(tctx,
+					"Not expected version for referral entry 0 got %d expected 3",
+					resp.referral_entries[0].version));
+	torture_assert_int_equal(tctx, resp.referral_entries[0].referral.v3.server_type,
+				 DFS_SERVER_NON_ROOT,
+				 talloc_asprintf(tctx,
+					"Wrong server type, expected non root server and got %d",
+					resp.referral_entries[0].referral.v3.server_type));
+	torture_assert_int_equal(tctx, resp.referral_entries[0].referral.v3.entry_flags,
+				 DFS_FLAG_REFERRAL_DOMAIN_RESP,
+				 talloc_asprintf(tctx,
+					"Wrong entry flag expected to have a domain response and got %d",
+					resp.referral_entries[0].referral.v3.entry_flags));
+	torture_assert_int_equal(tctx, strlen(
+				 resp.referral_entries[0].referral.v3.referrals.r2.special_name) > 0,
+				 1,
+				 "Length of domain is 0 or less");
+	torture_assert_int_equal(tctx,
+				 resp.referral_entries[0].referral.v3.referrals.r2.special_name[0] == '\\',
+				 1,
+				 "domain didn't start with a \\");
+	return true;
+}
+
+static bool test_getdcreferral(struct torture_context *tctx,
+			       struct smbcli_state *cli)
+{
+	struct dfs_GetDFSReferral r, r2, r3;
+	struct dfs_referral_resp resp, resp2, resp3;
+	const char* str;
+	const char* str2;
+
+	r.in.req.max_referral_level = 3;
+	r.in.req.servername = "";
+	r.out.resp = &resp;
+
+	torture_assert_ntstatus_ok(tctx,
+		   dfs_cli_do_call(cli->tree, &r),
+		   "Get Domain referral failed");
+
+	str = resp.referral_entries[0].referral.v3.referrals.r2.special_name;
+	if( strchr(str, '.') == NULL ) {
+		str = resp.referral_entries[1].referral.v3.referrals.r2.special_name;
+	}
+
+	r2.in.req.max_referral_level = 3;
+	r2.in.req.servername = str;
+	r2.out.resp = &resp2;
+
+	torture_assert_ntstatus_ok(tctx,
+		   dfs_cli_do_call(cli->tree, &r2),
+		   "Get DC Domain referral failed");
+
+
+	torture_assert_int_equal(tctx, resp2.path_consumed, 0,
+				 "Path consumed not equal to 0");
+	torture_assert_int_equal(tctx, resp2.nb_referrals , 1,
+				 "We do not received only 1 referral");
+	torture_assert_int_equal(tctx, resp2.header_flags, 0,
+				 "Header flag different it's not a referral server");
+	torture_assert_int_equal(tctx, resp2.referral_entries[0].version, 3,
+				 talloc_asprintf(tctx,
+					"Not expected version for referral entry 0 got %d expected 3",
+					resp2.referral_entries[0].version));
+	torture_assert_int_equal(tctx, resp2.referral_entries[0].referral.v3.server_type,
+				 DFS_SERVER_NON_ROOT,
+				 talloc_asprintf(tctx,
+					"Wrong server type, expected non root server and got %d",
+					resp2.referral_entries[0].referral.v3.server_type));
+	torture_assert_int_equal(tctx, resp2.referral_entries[0].referral.v3.entry_flags,
+				 DFS_FLAG_REFERRAL_DOMAIN_RESP,
+				 talloc_asprintf(tctx,
+					"Wrong entry flag expected to have a domain response and got %d",
+					resp2.referral_entries[0].referral.v3.entry_flags));
+	torture_assert_int_equal(tctx, strlen(
+				 resp2.referral_entries[0].referral.v3.referrals.r2.special_name) > 0,
+				 1,
+				 "Length of domain is 0 or less");
+	torture_assert_int_equal(tctx, strlen(
+				 resp2.referral_entries[0].referral.v3.referrals.r2.expanded_names[0]) > 0,
+				 1,
+				 "Length of first dc is less than 0");
+	str = strchr(resp2.referral_entries[0].referral.v3.referrals.r2.expanded_names[0], '.');
+	str2 = resp2.referral_entries[0].referral.v3.referrals.r2.special_name;
+	if (str2[0] == '\\') {
+		str2++;
+	}
+	torture_assert_int_equal(tctx, strlen(str) >0, 1 ,"Length of domain too short");
+	str++;
+	torture_assert_int_equal(tctx, strcmp(str,str2), 0,
+					talloc_asprintf(tctx, "Pb domain of the dc is not "\
+								"the same as the requested: domain was = %s got =%s",str2 ,str));
+	torture_assert_int_equal(tctx,
+				 resp.referral_entries[0].referral.v3.referrals.r2.special_name[0] == '\\',
+				 1,
+				 "dc name didn't start with a \\");
+
+	r3.in.req.max_referral_level = 3;
+	/*
+	 * Windows 7 and at least windows 2008 server sends domain.fqdn instead of \domain.fqdn
+	 * (as it is specified in the spec)
+	 * Let's check that we are able to support it too
+	 */
+	r3.in.req.servername = str;
+	r3.out.resp = &resp3;
+
+	torture_assert_ntstatus_ok(tctx,
+		   dfs_cli_do_call(cli->tree, &r3),
+		   "Get DC Domain referral failed");
+
+	torture_assert_int_equal(tctx, resp3.path_consumed, 0,
+				 "Path consumed not equal to 0");
+	torture_assert_int_equal(tctx, resp3.nb_referrals , 1,
+				 "We do not received only 1 referral");
+	torture_assert_int_equal(tctx, resp3.header_flags, 0,
+				 "Header flag different it's not a referral server");
+	torture_assert_int_equal(tctx, resp3.referral_entries[0].version, 3,
+				 talloc_asprintf(tctx,
+					"Not expected version for referral entry 0 got %d expected 3",
+					resp3.referral_entries[0].version));
+	torture_assert_int_equal(tctx, resp3.referral_entries[0].referral.v3.server_type,
+				 DFS_SERVER_NON_ROOT,
+				 talloc_asprintf(tctx,
+					"Wrong server type, expected non root server and got %d",
+					resp3.referral_entries[0].referral.v3.server_type));
+	torture_assert_int_equal(tctx, resp3.referral_entries[0].referral.v3.entry_flags,
+				 DFS_FLAG_REFERRAL_DOMAIN_RESP,
+				 talloc_asprintf(tctx,
+					"Wrong entry flag expected to have a domain response and got %d",
+					resp3.referral_entries[0].referral.v3.entry_flags));
+	torture_assert_int_equal(tctx, strlen(
+				 resp3.referral_entries[0].referral.v3.referrals.r2.special_name) > 0,
+				 1,
+				 "Length of domain is 0 or less");
+	torture_assert_int_equal(tctx, strlen(
+				 resp3.referral_entries[0].referral.v3.referrals.r2.expanded_names[0]) > 0,
+				 1,
+				 "Length of first dc is less than 0");
+	return true;
+}
+
+static bool test_getdcreferral_netbios(struct torture_context *tctx,
+			       struct smbcli_state *cli)
+{
+	struct dfs_GetDFSReferral r, r2, r3;
+	struct dfs_referral_resp resp, resp2, resp3;
+	const char* str;
+
+	r.in.req.max_referral_level = 3;
+	r.in.req.servername = "";
+	r.out.resp = &resp;
+
+	torture_assert_ntstatus_ok(tctx,
+		   dfs_cli_do_call(cli->tree, &r),
+		   "Get Domain referral failed");
+
+	r2.in.req.max_referral_level = 3;
+
+	str = resp.referral_entries[0].referral.v3.referrals.r2.special_name;
+	if( strchr(str, '.') != NULL ) {
+		str = resp.referral_entries[1].referral.v3.referrals.r2.special_name;
+	}
+
+	r2.in.req.servername = str;
+	r2.out.resp = &resp2;
+
+	torture_assert_ntstatus_ok(tctx,
+		   dfs_cli_do_call(cli->tree, &r2),
+		   "Get DC Domain referral failed");
+
+	torture_assert_int_equal(tctx, resp2.path_consumed, 0,
+				 "Path consumed not equal to 0");
+	torture_assert_int_equal(tctx, resp2.nb_referrals , 1,
+				 "We do not received only 1 referral");
+	torture_assert_int_equal(tctx, resp2.header_flags, 0,
+				 "Header flag different it's not a referral server");
+	torture_assert_int_equal(tctx, resp2.referral_entries[0].version, 3,
+				 talloc_asprintf(tctx,
+					"Not expected version for referral entry 0 got %d expected 3",
+					resp2.referral_entries[0].version));
+	torture_assert_int_equal(tctx, resp2.referral_entries[0].referral.v3.server_type,
+				 DFS_SERVER_NON_ROOT,
+				 talloc_asprintf(tctx,
+					"Wrong server type, expected non root server and got %d",
+					resp2.referral_entries[0].referral.v3.server_type));
+	torture_assert_int_equal(tctx, resp2.referral_entries[0].referral.v3.entry_flags,
+				 DFS_FLAG_REFERRAL_DOMAIN_RESP,
+				 talloc_asprintf(tctx,
+					"Wrong entry flag expected to have a domain response and got %d",
+					resp2.referral_entries[0].referral.v3.entry_flags));
+	torture_assert_int_equal(tctx, strlen(
+				 resp2.referral_entries[0].referral.v3.referrals.r2.special_name) > 0,
+				 1,
+				 "Length of domain is 0 or less");
+	torture_assert_int_equal(tctx, strlen(
+				 resp2.referral_entries[0].referral.v3.referrals.r2.expanded_names[0]) > 0,
+				 1,
+				 "Length of first dc is less than 0");
+	torture_assert(tctx, strchr(
+		       resp2.referral_entries[0].referral.v3.referrals.r2.expanded_names[0],'.') == NULL,
+		       "referral contains dots it's not a netbios name");
+
+	r3.in.req.max_referral_level = 3;
+	/*
+	 * Windows 7 and at least windows 2008 server sends domain.fqdn instead of \domain.fqdn
+	 * (as it is specified in the spec)
+	 * Let's check that we are able to support it too
+	 */
+	r3.in.req.servername = str + 1;
+	r3.out.resp = &resp3;
+
+	torture_assert_ntstatus_ok(tctx,
+		   dfs_cli_do_call(cli->tree, &r3),
+		   "Get DC Domain referral failed");
+
+	torture_assert_int_equal(tctx, resp3.path_consumed, 0,
+				 "Path consumed not equal to 0");
+	torture_assert_int_equal(tctx, resp3.nb_referrals , 1,
+				 "We do not received only 1 referral");
+	torture_assert_int_equal(tctx, resp3.header_flags, 0,
+				 "Header flag different it's not a referral server");
+	torture_assert_int_equal(tctx, resp3.referral_entries[0].version, 3,
+				 talloc_asprintf(tctx,
+					"Not expected version for referral entry 0 got %d expected 3",
+					resp3.referral_entries[0].version));
+	torture_assert_int_equal(tctx, resp3.referral_entries[0].referral.v3.server_type,
+				 DFS_SERVER_NON_ROOT,
+				 talloc_asprintf(tctx,
+					"Wrong server type, expected non root server and got %d",
+					resp3.referral_entries[0].referral.v3.server_type));
+	torture_assert_int_equal(tctx, resp3.referral_entries[0].referral.v3.entry_flags,
+				 DFS_FLAG_REFERRAL_DOMAIN_RESP,
+				 talloc_asprintf(tctx,
+					"Wrong entry flag expected to have a domain response and got %d",
+					resp3.referral_entries[0].referral.v3.entry_flags));
+	torture_assert_int_equal(tctx, strlen(
+				 resp3.referral_entries[0].referral.v3.referrals.r2.special_name) > 0,
+				 1,
+				 "Length of domain is 0 or less");
+	torture_assert_int_equal(tctx, strlen(
+				 resp3.referral_entries[0].referral.v3.referrals.r2.expanded_names[0]) > 0,
+				 1,
+				 "Length of first dc is less than 0");
+	torture_assert(tctx, strchr(
+		       resp3.referral_entries[0].referral.v3.referrals.r2.expanded_names[0],'.') == NULL,
+		       "referral contains dots it's not a netbios name");
+	return true;
+}
+
+static bool test_getsysvolreferral(struct torture_context *tctx,
+			       struct smbcli_state *cli)
+{
+	const char* str;
+	struct dfs_GetDFSReferral r, r2, r3;
+	struct dfs_referral_resp resp, resp2, resp3;
+
+	r.in.req.max_referral_level = 3;
+	r.in.req.servername = "";
+	r.out.resp = &resp;
+
+	torture_assert_ntstatus_ok(tctx,
+		   dfs_cli_do_call(cli->tree, &r),
+		   "Get Domain referral failed");
+
+	str = resp.referral_entries[0].referral.v3.referrals.r2.special_name;
+	if( strchr(str, '.') == NULL ) {
+		str = resp.referral_entries[1].referral.v3.referrals.r2.special_name;
+	}
+
+	r2.in.req.max_referral_level = 3;
+	r2.in.req.servername = str;
+	r2.out.resp = &resp2;
+
+	torture_assert_ntstatus_ok(tctx,
+		   dfs_cli_do_call(cli->tree, &r2),
+		   "Get DC Domain referral failed");
+
+	r3.in.req.max_referral_level = 3;
+	r3.in.req.servername = talloc_asprintf(tctx, "%s\\sysvol", str);
+	r3.out.resp = &resp3;
+
+	torture_assert_ntstatus_ok(tctx,
+		   dfs_cli_do_call(cli->tree, &r3),
+		   "Get sysvol Domain referral failed");
+
+	torture_assert_int_equal(tctx, resp3.path_consumed, 2*strlen(r3.in.req.servername),
+				 "Path consumed not equal to length of the request");
+	torture_assert_int_equal(tctx, resp3.nb_referrals != 0, 1,
+				 "We do not receive at least 1 referral");
+	torture_assert_int_equal(tctx, resp3.header_flags, DFS_HEADER_FLAG_STORAGE_SVR,
+				 "Header flag different it's not a referral for a storage");
+	torture_assert_int_equal(tctx, resp3.referral_entries[0].version, 3,
+				 talloc_asprintf(tctx,
+					"Not expected version for referral entry 0 got %d expected 3",
+					resp3.referral_entries[0].version));
+	torture_assert_int_equal(tctx, resp3.referral_entries[0].referral.v3.server_type,
+				 DFS_SERVER_NON_ROOT,
+				 talloc_asprintf(tctx,
+					"Wrong server type, expected non root server and got %d",
+					resp3.referral_entries[0].referral.v3.server_type));
+	torture_assert_int_equal(tctx, resp3.referral_entries[0].referral.v3.entry_flags,
+				 0,
+				 talloc_asprintf(tctx,
+					"Wrong entry flag expected to have a non domain response and got %d",
+					resp3.referral_entries[0].referral.v3.entry_flags));
+	torture_assert_int_equal(tctx, strlen(
+				 resp3.referral_entries[0].referral.v3.referrals.r1.DFS_path) > 0,
+				 1,
+				 "Length of domain is 0 or less");
+	torture_assert_int_equal(tctx, strstr(resp3.referral_entries[0].referral.v3.referrals.r1.DFS_path,
+					str+1) != NULL, 1,
+				 	talloc_asprintf(tctx,
+						"Wrong DFS_path %s unable to find substring %s in it",
+						resp3.referral_entries[0].referral.v3.referrals.r1.DFS_path,
+						str+1));
+	torture_assert_int_equal(tctx, strlen(
+				 resp3.referral_entries[0].referral.v3.referrals.r1.netw_address) > 0,
+				 1,
+				 "Length of first referral is less than 0");
+	torture_assert_int_equal(tctx, strstr(resp3.referral_entries[0].referral.v3.referrals.r1.netw_address,
+					str+1) != NULL, 1,
+				 	talloc_asprintf(tctx,
+						"Wrong DFS_path %s unable to find substring %s in it",
+						resp3.referral_entries[0].referral.v3.referrals.r1.netw_address,
+						str+1));
+	/*
+	 * Due to strange behavior with XP and level 4
+	 * we are obliged to degrade to level 3 ...
+	 */
+	r3.in.req.max_referral_level = 4;
+
+	torture_assert_ntstatus_ok(tctx,
+		   dfs_cli_do_call(cli->tree, &r3),
+		   "Get sysvol Domain referral failed");
+
+	torture_assert_int_equal(tctx, resp3.referral_entries[0].version, 4,
+				 talloc_asprintf(tctx,
+					"Not expected version for referral entry 0 got %d expected 4",
+					resp3.referral_entries[0].version));
+	torture_assert(tctx, all_zero(resp3.referral_entries[0].referral.v3.service_site_guid.value, 16),
+		       talloc_asprintf(tctx,
+					"Service_site_guid is not NULL as expected"));
+#if 0
+	/* Shouldn't be needed anymore*/
+	r3.in.req.max_referral_level = 4;
+
+	torture_assert_ntstatus_ok(tctx,
+		   dfs_cli_do_call(cli->tree, &r3),
+		   "Get sysvol Domain referral failed");
+
+	torture_assert_int_equal(tctx, resp3.referral_entries[0].version, 3,
+				 talloc_asprintf(tctx,
+					"Not expected version for referral entry 0 got %d expected 3 in degraded mode",
+					resp3.referral_entries[0].version));
+	/*
+	 * We do not support fallback indication for the moment
+	 */
+	torture_assert_int_equal(tctx, resp3.header_flags,
+					DFS_HEADER_FLAG_STORAGE_SVR | DFS_HEADER_FLAG_TARGET_BCK,
+					"Header flag different it's not a referral for a storage with fallback");
+	torture_assert_int_equal(tctx, resp3.referral_entries[0].referral.v4.entry_flags,
+				 DFS_FLAG_REFERRAL_FIRST_TARGET_SET,
+				 talloc_asprintf(tctx,
+					"Wrong entry flag expected to have a non domain response and got %d",
+					resp3.referral_entries[0].referral.v4.entry_flags));
+#endif
+	return true;
+}
+
+static bool test_unknowndomain(struct torture_context *tctx,
+			       struct smbcli_state *cli)
+{
+	struct dfs_GetDFSReferral r, r2;
+	struct dfs_referral_resp resp, resp2;
+
+	r.in.req.max_referral_level = 3;
+	r.in.req.servername = "";
+	r.out.resp = &resp;
+
+	torture_assert_ntstatus_ok(tctx,
+		   dfs_cli_do_call(cli->tree, &r),
+		   "Get Domain referral failed");
+
+	r2.in.req.max_referral_level = 3;
+	r2.in.req.servername = "foobar.none.net";
+	r2.out.resp = &resp2;
+
+	torture_assert_ntstatus_equal(tctx,
+		   dfs_cli_do_call(cli->tree, &r2),
+		   NT_STATUS_INVALID_PARAMETER,
+		   "Get DC Domain didn't return expected error code");
+
+	return true;
+}
+
+static bool test_getsysvolplusreferral(struct torture_context *tctx,
+			       struct smbcli_state *cli)
+{
+	const char* str;
+	struct dfs_GetDFSReferral r, r2, r3;
+	struct dfs_referral_resp resp, resp2, resp3;
+
+	r.in.req.max_referral_level = 3;
+	r.in.req.servername = "";
+	r.out.resp = &resp;
+
+	torture_assert_ntstatus_ok(tctx,
+		   dfs_cli_do_call(cli->tree, &r),
+		   "Get Domain referral failed");
+
+	r2.in.req.max_referral_level = 3;
+	r2.in.req.servername = resp.referral_entries[0].referral.v3.referrals.r2.special_name;
+	r2.out.resp = &resp2;
+
+	torture_assert_ntstatus_ok(tctx,
+		   dfs_cli_do_call(cli->tree, &r2),
+		   "Get DC Domain referral failed");
+
+	str = resp2.referral_entries[0].referral.v3.referrals.r2.special_name;
+	r3.in.req.max_referral_level = 3;
+	r3.in.req.servername = talloc_asprintf(tctx, "%s\\sysvol\\foo", str);
+	r3.out.resp = &resp3;
+
+	torture_assert_ntstatus_equal(tctx,
+		   dfs_cli_do_call(cli->tree, &r3),
+		   NT_STATUS_NOT_FOUND,
+		   "Bad behavior with subtree sysvol referral");
+
+	return true;
+}
+
+static bool test_low_referral_level(struct torture_context *tctx,
+			       struct smbcli_state *cli)
+{
+	struct dfs_GetDFSReferral r;
+	struct dfs_referral_resp resp;
+
+	r.in.req.max_referral_level = 2;
+	r.in.req.servername = "";
+	r.out.resp = &resp;
+
+	torture_assert_ntstatus_equal(tctx,
+		   dfs_cli_do_call(cli->tree, &r),
+		   NT_STATUS_UNSUCCESSFUL,
+		   "Unexpected STATUS for invalid referral request");
+
+	return true;
+}
+
+NTSTATUS torture_dfs_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "dfs");
+	struct torture_suite *suite_basic = torture_suite_create(suite, "domain");
+
+	torture_suite_add_suite(suite, suite_basic);
+
+	torture_suite_add_1smb_test(suite_basic, "domain referral",
+				    test_getdomainreferral);
+	torture_suite_add_1smb_test(suite_basic, "dc referral",
+				    test_getdcreferral);
+	torture_suite_add_1smb_test(suite_basic, "dc referral netbios",
+				    test_getdcreferral_netbios);
+
+	torture_suite_add_1smb_test(suite_basic, "sysvol referral",
+				    test_getsysvolreferral);
+
+	/* Non standard case */
+
+	torture_suite_add_1smb_test(suite_basic, "dc referral on unknown domain",
+				    test_unknowndomain);
+	torture_suite_add_1smb_test(suite_basic, "sysvol with subtree referral",
+				    test_getsysvolplusreferral);
+	torture_suite_add_1smb_test(suite_basic, "referral with a level 2",
+				    test_low_referral_level);
+
+	/*
+	 * test with invalid level
+	 * test with netbios
+	 */
+
+	suite->description = talloc_strdup(suite, "DFS referrals calls");
+
+	torture_register_suite(ctx, suite);
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/torture/dns/dlz_bind9.c b/source4/torture/dns/dlz_bind9.c
new file mode 100644
index 0000000..32725b7
--- /dev/null
+++ b/source4/torture/dns/dlz_bind9.c
@@ -0,0 +1,2514 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB torture tester
+   Copyright (C) Andrew Bartlett 2012
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/smbtorture.h"
+#include "system/network.h"
+#include "dns_server/dlz_minimal.h"
+#include <talloc.h>
+#include <ldb.h>
+#include "lib/param/param.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
+#include "auth/session.h"
+#include "auth/gensec/gensec.h"
+#include "auth/credentials/credentials.h"
+#include "lib/cmdline/cmdline.h"
+#include "system/network.h"
+#include "dns_server/dnsserver_common.h"
+#include "librpc/gen_ndr/ndr_dnsserver.h"
+#include "librpc/gen_ndr/ndr_dnsserver_c.h"
+#include "torture/rpc/torture_rpc.h"
+#include "librpc/gen_ndr/ndr_dnsp.h"
+
+#include "librpc/rpc/dcerpc.h"
+#include "librpc/rpc/dcerpc_proto.h"
+
+/* Tests that configure multiple DLZs will use this. Increase to add stress. */
+#define NUM_DLZS_TO_CONFIGURE 4
+
+struct torture_context *tctx_static;
+
+static void dlz_bind9_log_wrapper(int level, const char *fmt, ...)
+				  PRINTF_ATTRIBUTE(2,3);
+
+static void dlz_bind9_log_wrapper(int level, const char *fmt, ...)
+{
+	va_list ap;
+	char *msg;
+	va_start(ap, fmt);
+	msg = talloc_vasprintf(NULL, fmt, ap);
+	torture_comment(tctx_static, "%s\n", msg);
+	TALLOC_FREE(msg);
+	va_end(ap);
+}
+
+static bool test_dlz_bind9_version(struct torture_context *tctx)
+{
+	unsigned int flags = 0;
+	torture_assert_int_equal(tctx, dlz_version(&flags),
+				 DLZ_DLOPEN_VERSION, "got wrong DLZ version");
+	return true;
+}
+
+static char *dlz_bind9_binddns_dir(struct torture_context *tctx,
+				   const char *file)
+{
+	return talloc_asprintf(tctx,
+			       "ldb://%s/%s",
+			       lpcfg_binddns_dir(tctx->lp_ctx),
+			       file);
+}
+
+static bool test_dlz_bind9_create(struct torture_context *tctx)
+{
+	void *dbdata;
+	const char *argv[] = {
+		"samba_dlz",
+		"-H",
+		dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"),
+		NULL
+	};
+	tctx_static = tctx;
+	torture_assert_int_equal(tctx, dlz_create("samba_dlz", 3, argv, &dbdata,
+						  "log", dlz_bind9_log_wrapper, NULL), ISC_R_SUCCESS,
+		"Failed to create samba_dlz");
+
+	dlz_destroy(dbdata);
+
+	return true;
+}
+
+static bool calls_zone_hook = false;
+
+static isc_result_t dlz_bind9_writeable_zone_hook(dns_view_t *view,
+						  dns_dlzdb_t *dlzdb,
+						  const char *zone_name)
+{
+	struct torture_context *tctx = talloc_get_type((void *)view, struct torture_context);
+	struct ldb_context *samdb = NULL;
+	char *errstring = NULL;
+	int ret = samdb_connect_url(
+			tctx,
+			NULL,
+			tctx->lp_ctx,
+			system_session(tctx->lp_ctx),
+			0,
+			dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"),
+			NULL,
+			&samdb,
+			&errstring);
+	struct ldb_message *msg;
+	const char *attrs[] = {
+		NULL
+	};
+	if (ret != LDB_SUCCESS) {
+		torture_comment(tctx, "Failed to connect to samdb");
+		return ISC_R_FAILURE;
+	}
+
+	ret = dsdb_search_one(samdb, tctx, &msg, NULL,
+			      LDB_SCOPE_SUBTREE, attrs, DSDB_SEARCH_SEARCH_ALL_PARTITIONS,
+			      "(&(objectClass=dnsZone)(name=%s))", zone_name);
+	if (ret != LDB_SUCCESS) {
+		torture_comment(tctx,
+				"Failed to search for %s: %s",
+				zone_name,
+				ldb_errstring(samdb));
+		return ISC_R_FAILURE;
+	}
+	talloc_free(msg);
+
+	calls_zone_hook = true;
+
+	return ISC_R_SUCCESS;
+}
+
+static bool test_dlz_bind9_configure(struct torture_context *tctx)
+{
+	void *dbdata = NULL;
+	dns_dlzdb_t *dlzdb = NULL;
+	int ret;
+	const char *argv[] = {
+		"samba_dlz",
+		"-H",
+		dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"),
+		NULL
+	};
+	tctx_static = tctx;
+	ret = dlz_create("samba_dlz", 3, argv, &dbdata,
+			 "log", dlz_bind9_log_wrapper,
+			 "writeable_zone", dlz_bind9_writeable_zone_hook,
+			 NULL);
+	torture_assert_int_equal(tctx,
+				 ret,
+				 ISC_R_SUCCESS,
+				 "Failed to create samba_dlz");
+
+	calls_zone_hook = false;
+	torture_assert_int_equal(tctx, dlz_configure((void*)tctx,
+						     dlzdb,
+						     dbdata),
+						     ISC_R_SUCCESS,
+				 "Failed to configure samba_dlz");
+
+	dlz_destroy(dbdata);
+
+	torture_assert_int_equal(tctx, calls_zone_hook, 1, "Hasn't called zone hook");
+
+	return true;
+}
+
+static bool test_dlz_bind9_multiple_configure(struct torture_context *tctx)
+{
+	int i;
+	for(i = 0; i < NUM_DLZS_TO_CONFIGURE; i++){
+		test_dlz_bind9_configure(tctx);
+	}
+	return true;
+}
+
+static bool configure_multiple_dlzs(struct torture_context *tctx,
+				    void **dbdata, int count)
+{
+	int i, res;
+	dns_dlzdb_t *dlzdb = NULL;
+	const char *argv[] = {
+		"samba_dlz",
+		"-H",
+		dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"),
+		NULL
+	};
+
+	tctx_static = tctx;
+	for(i = 0; i < count; i++){
+		res = dlz_create("samba_dlz", 3, argv, &(dbdata[i]),
+				 "log", dlz_bind9_log_wrapper,
+				 "writeable_zone",
+				 dlz_bind9_writeable_zone_hook, NULL);
+		torture_assert_int_equal(tctx, res, ISC_R_SUCCESS,
+					 "Failed to create samba_dlz");
+
+		res = dlz_configure((void*)tctx, dlzdb, dbdata[i]);
+		torture_assert_int_equal(tctx, res, ISC_R_SUCCESS,
+					 "Failed to configure samba_dlz");
+	}
+
+	return true;
+}
+
+static bool test_dlz_bind9_destroy_oldest_first(struct torture_context *tctx)
+{
+	void *dbdata[NUM_DLZS_TO_CONFIGURE];
+	int i;
+	bool ret = configure_multiple_dlzs(tctx,
+					   dbdata,
+					   NUM_DLZS_TO_CONFIGURE);
+	if (ret == false) {
+		/* failure: has already been printed */
+		return false;
+	}
+
+	/* Reload faults are reported to happen on the first destroy */
+	dlz_destroy(dbdata[0]);
+
+	for(i = 1; i < NUM_DLZS_TO_CONFIGURE; i++){
+		dlz_destroy(dbdata[i]);
+	}
+
+	return true;
+}
+
+static bool test_dlz_bind9_destroy_newest_first(struct torture_context *tctx)
+{
+	void *dbdata[NUM_DLZS_TO_CONFIGURE];
+	int i;
+	bool ret = configure_multiple_dlzs(tctx,
+					   dbdata,
+					   NUM_DLZS_TO_CONFIGURE);
+	if (ret == false) {
+		/* failure: has already been printed */
+		return false;
+	}
+
+	for(i = NUM_DLZS_TO_CONFIGURE - 1; i >= 0; i--) {
+		dlz_destroy(dbdata[i]);
+	}
+
+	return true;
+}
+
+/*
+ * Test that a ticket obtained for the DNS service will be accepted on the Samba DLZ side
+ *
+ */
+static bool test_dlz_bind9_gensec(struct torture_context *tctx, const char *mech)
+{
+	NTSTATUS status;
+	dns_dlzdb_t *dlzdb = NULL;
+
+	struct gensec_security *gensec_client_context;
+
+	DATA_BLOB client_to_server, server_to_client;
+
+	void *dbdata;
+	const char *argv[] = {
+		"samba_dlz",
+		"-H",
+		dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"),
+		NULL
+	};
+	tctx_static = tctx;
+	torture_assert_int_equal(tctx, dlz_create("samba_dlz", 3, argv, &dbdata,
+						  "log", dlz_bind9_log_wrapper,
+						  "writeable_zone", dlz_bind9_writeable_zone_hook, NULL),
+				 ISC_R_SUCCESS,
+				 "Failed to create samba_dlz");
+
+	torture_assert_int_equal(tctx, dlz_configure((void*)tctx,
+						     dlzdb, dbdata),
+						     ISC_R_SUCCESS,
+				 "Failed to configure samba_dlz");
+
+	status = gensec_client_start(tctx, &gensec_client_context,
+				     lpcfg_gensec_settings(tctx, tctx->lp_ctx));
+	torture_assert_ntstatus_ok(tctx, status, "gensec_client_start (client) failed");
+
+	/*
+	 * dlz_bind9 use the special dns/host.domain account
+	 */
+	status = gensec_set_target_hostname(gensec_client_context,
+					    talloc_asprintf(tctx,
+				"%s.%s",
+				torture_setting_string(tctx, "host", NULL),
+				lpcfg_dnsdomain(tctx->lp_ctx)));
+	torture_assert_ntstatus_ok(tctx, status, "gensec_set_target_hostname (client) failed");
+
+	status = gensec_set_target_service(gensec_client_context, "dns");
+	torture_assert_ntstatus_ok(tctx, status, "gensec_set_target_service failed");
+
+	status = gensec_set_credentials(gensec_client_context,
+			samba_cmdline_get_creds());
+	torture_assert_ntstatus_ok(tctx, status, "gensec_set_credentials (client) failed");
+
+	status = gensec_start_mech_by_sasl_name(gensec_client_context, mech);
+	torture_assert_ntstatus_ok(tctx, status, "gensec_start_mech_by_sasl_name (client) failed");
+
+	server_to_client = data_blob(NULL, 0);
+
+	/* Do one step of the client-server update dance */
+	status = gensec_update(gensec_client_context, tctx, server_to_client, &client_to_server);
+	if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {;
+		torture_assert_ntstatus_ok(tctx, status, "gensec_update (client) failed");
+	}
+
+	torture_assert_int_equal(tctx, dlz_ssumatch(
+					cli_credentials_get_username(
+						samba_cmdline_get_creds()),
+					lpcfg_dnsdomain(tctx->lp_ctx),
+					"127.0.0.1", "type", "key",
+					client_to_server.length,
+					client_to_server.data,
+					dbdata),
+					ISC_TRUE,
+			 "Failed to check key for update rights samba_dlz");
+
+	dlz_destroy(dbdata);
+
+	return true;
+}
+
+static bool test_dlz_bind9_gssapi(struct torture_context *tctx)
+{
+	return test_dlz_bind9_gensec(tctx, "GSSAPI");
+}
+
+static bool test_dlz_bind9_spnego(struct torture_context *tctx)
+{
+	return test_dlz_bind9_gensec(tctx, "GSS-SPNEGO");
+}
+
+struct test_expected_record {
+	const char *name;
+	const char *type;
+	const char *data;
+	int ttl;
+	bool printed;
+	const char *rdata;
+};
+
+struct test_expected_rr {
+	struct torture_context *tctx;
+	const char *query_name;
+	size_t num_records;
+	struct test_expected_record *records;
+	size_t num_rr;
+};
+
+static bool dlz_bind9_putnamedrr_torture_hook(struct test_expected_rr *expected,
+					      const char *name,
+					      const char *type,
+					      dns_ttl_t ttl,
+					      const char *data)
+{
+	size_t i;
+
+	torture_assert(expected->tctx, name != NULL,
+		       talloc_asprintf(expected->tctx,
+		       "Got unnamed record type[%s] data[%s]\n",
+		       type, data));
+
+	expected->num_rr++;
+	torture_comment(expected->tctx, "%u: name[%s] type[%s] ttl[%u] data[%s]\n",
+			(unsigned)expected->num_rr, name, type, (unsigned)ttl, data);
+
+	for (i = 0; i < expected->num_records; i++) {
+		if (expected->records[i].name != NULL) {
+			if (strcmp(name, expected->records[i].name) != 0) {
+				continue;
+			}
+		}
+
+		if (strcmp(type, expected->records[i].type) != 0) {
+			continue;
+		}
+
+		if (expected->records[i].data != NULL) {
+			/*
+			 * For most types the data will have been reformatted
+			 * or normalised, so we need to do approximately the
+			 * same to compare.
+			 */
+			const char *data2 = expected->records[i].data;
+			if (strcmp(type, "aaaa") == 0) {
+				struct in6_addr adr1;
+				struct in6_addr adr2;
+				int ret;
+				ret = inet_pton(AF_INET6, data, &adr1);
+				if (ret != 1) {
+					continue;
+				}
+				ret = inet_pton(AF_INET6, data2, &adr2);
+				if (ret != 1) {
+					continue;
+				}
+				if (memcmp(&adr1, &adr2, sizeof(adr1)) != 0) {
+					continue;
+				}
+			} else if (strcmp(type, "cname") == 0 ||
+				 strcmp(type, "ptr") == 0   ||
+				 strcmp(type, "ns") == 0) {
+				if (!samba_dns_name_equal(data, data2)) {
+					continue;
+				}
+			} else if (strcmp(type, "mx") == 0) {
+				/*
+				 * samba_dns_name_equal works for MX records
+				 * because the space in "10 example.com." is
+				 * theoretically OK as a DNS character. And we
+				 * need it because dlz will add the trailing
+				 * dot.
+				 */
+				if (!samba_dns_name_equal(data, data2)) {
+					continue;
+				}
+			} else if (strcmp(data, data2) != 0) {
+				/* default, works for A records */
+				continue;
+			}
+		}
+
+		torture_assert_int_equal(expected->tctx, ttl,
+					 expected->records[i].ttl,
+					 talloc_asprintf(expected->tctx,
+					 "TTL did not match expectations for type %s",
+					 type));
+
+		expected->records[i].printed = true;
+	}
+
+	return true;
+}
+
+/*
+ * Lookups in these tests end up coming round to run this function.
+ */
+static isc_result_t dlz_bind9_putrr_hook(dns_sdlzlookup_t *lookup,
+					 const char *type,
+					 dns_ttl_t ttl,
+					 const char *data)
+{
+	struct test_expected_rr *expected =
+		talloc_get_type_abort(lookup, struct test_expected_rr);
+	bool ok;
+
+	ok = dlz_bind9_putnamedrr_torture_hook(expected, expected->query_name,
+					       type, ttl, data);
+	if (!ok) {
+		return ISC_R_FAILURE;
+	}
+
+	return ISC_R_SUCCESS;
+}
+
+static isc_result_t dlz_bind9_putnamedrr_hook(dns_sdlzallnodes_t *allnodes,
+					      const char *name,
+					      const char *type,
+					      dns_ttl_t ttl,
+					      const char *data)
+{
+	struct test_expected_rr *expected =
+		talloc_get_type_abort(allnodes, struct test_expected_rr);
+	bool ok;
+
+	ok = dlz_bind9_putnamedrr_torture_hook(expected, name, type, ttl, data);
+	if (!ok) {
+		return ISC_R_FAILURE;
+	}
+
+	return ISC_R_SUCCESS;
+}
+
+/*
+ * Tests some lookups
+ */
+static bool test_dlz_bind9_lookup(struct torture_context *tctx)
+{
+	size_t i;
+	void *dbdata = NULL;
+	dns_clientinfomethods_t *methods = NULL;
+	dns_clientinfo_t *clientinfo = NULL;
+	dns_dlzdb_t *dlzdb = NULL;
+	const char *argv[] = {
+		"samba_dlz",
+		"-H",
+		dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"),
+		NULL
+	};
+	struct test_expected_rr *expected1 = NULL;
+	struct test_expected_rr *expected2 = NULL;
+
+	tctx_static = tctx;
+	torture_assert_int_equal(tctx, dlz_create("samba_dlz", 3, argv, &dbdata,
+						  "log", dlz_bind9_log_wrapper,
+						  "writeable_zone", dlz_bind9_writeable_zone_hook,
+						  "putrr", dlz_bind9_putrr_hook,
+						  "putnamedrr", dlz_bind9_putnamedrr_hook,
+						  NULL),
+				 ISC_R_SUCCESS,
+				 "Failed to create samba_dlz");
+
+	torture_assert_int_equal(tctx,
+				 dlz_configure((void*)tctx, dlzdb, dbdata),
+				 ISC_R_SUCCESS,
+				 "Failed to configure samba_dlz");
+
+	expected1 = talloc_zero(tctx, struct test_expected_rr);
+	torture_assert(tctx, expected1 != NULL, "talloc failed");
+	expected1->tctx = tctx;
+
+	expected1->query_name = "@";
+
+	expected1->num_records = 4;
+	expected1->records = talloc_zero_array(expected1,
+					       struct test_expected_record,
+					       expected1->num_records);
+	torture_assert(tctx, expected1->records != NULL, "talloc failed");
+
+	expected1->records[0].name = expected1->query_name;
+	expected1->records[0].type = "soa";
+	expected1->records[0].ttl = 3600;
+	expected1->records[0].data = talloc_asprintf(expected1->records,
+				"%s.%s. hostmaster.%s. 1 900 600 86400 3600",
+				torture_setting_string(tctx, "host", NULL),
+				lpcfg_dnsdomain(tctx->lp_ctx),
+				lpcfg_dnsdomain(tctx->lp_ctx));
+	torture_assert(tctx, expected1->records[0].data != NULL, "talloc failed");
+
+	expected1->records[1].name = expected1->query_name;
+	expected1->records[1].type = "ns";
+	expected1->records[1].ttl = 900;
+	expected1->records[1].data = talloc_asprintf(expected1->records, "%s.%s.",
+				torture_setting_string(tctx, "host", NULL),
+				lpcfg_dnsdomain(tctx->lp_ctx));
+	torture_assert(tctx, expected1->records[1].data != NULL, "talloc failed");
+
+	expected1->records[2].name = expected1->query_name;
+	expected1->records[2].type = "aaaa";
+	expected1->records[2].ttl = 900;
+
+	expected1->records[3].name = expected1->query_name;
+	expected1->records[3].type = "a";
+	expected1->records[3].ttl = 900;
+
+	torture_assert_int_equal(tctx, dlz_lookup(lpcfg_dnsdomain(tctx->lp_ctx),
+						  expected1->query_name, dbdata,
+						  (dns_sdlzlookup_t *)expected1,
+						  methods, clientinfo),
+				 ISC_R_SUCCESS,
+				 "Failed to lookup @");
+	for (i = 0; i < expected1->num_records; i++) {
+		torture_assert(tctx, expected1->records[i].printed,
+			       talloc_asprintf(tctx,
+			       "Failed to have putrr callback run for type %s",
+			       expected1->records[i].type));
+	}
+	torture_assert_int_equal(tctx, expected1->num_rr,
+				 expected1->num_records,
+				 "Got too much data");
+
+	expected2 = talloc_zero(tctx, struct test_expected_rr);
+	torture_assert(tctx, expected2 != NULL, "talloc failed");
+	expected2->tctx = tctx;
+
+	expected2->query_name = torture_setting_string(tctx, "host", NULL);
+	torture_assert(tctx, expected2->query_name != NULL, "unknown host");
+
+	expected2->num_records = 2;
+	expected2->records = talloc_zero_array(expected2,
+					       struct test_expected_record,
+					       expected2->num_records);
+	torture_assert(tctx, expected2->records != NULL, "talloc failed");
+
+	expected2->records[0].name = expected2->query_name;
+	expected2->records[0].type = "aaaa";
+	expected2->records[0].ttl = 900;
+
+	expected2->records[1].name = expected2->query_name;
+	expected2->records[1].type = "a";
+	expected2->records[1].ttl = 900;
+
+	torture_assert_int_equal(tctx, dlz_lookup(lpcfg_dnsdomain(tctx->lp_ctx),
+						  expected2->query_name, dbdata,
+						  (dns_sdlzlookup_t *)expected2,
+						  methods, clientinfo),
+				 ISC_R_SUCCESS,
+				 "Failed to lookup hostname");
+	for (i = 0; i < expected2->num_records; i++) {
+		torture_assert(tctx, expected2->records[i].printed,
+			       talloc_asprintf(tctx,
+			       "Failed to have putrr callback run name[%s] for type %s",
+			       expected2->records[i].name,
+			       expected2->records[i].type));
+	}
+	torture_assert_int_equal(tctx, expected2->num_rr,
+				 expected2->num_records,
+				 "Got too much data");
+
+	dlz_destroy(dbdata);
+
+	return true;
+}
+
+/*
+ * Test some zone dumps
+ */
+static bool test_dlz_bind9_zonedump(struct torture_context *tctx)
+{
+	size_t i;
+	void *dbdata = NULL;
+	dns_dlzdb_t *dlzdb = NULL;
+	const char *argv[] = {
+		"samba_dlz",
+		"-H",
+		dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"),
+		NULL
+	};
+	struct test_expected_rr *expected1 = NULL;
+
+	tctx_static = tctx;
+	torture_assert_int_equal(tctx, dlz_create("samba_dlz", 3, argv, &dbdata,
+						  "log", dlz_bind9_log_wrapper,
+						  "writeable_zone", dlz_bind9_writeable_zone_hook,
+						  "putrr", dlz_bind9_putrr_hook,
+						  "putnamedrr", dlz_bind9_putnamedrr_hook,
+						  NULL),
+				 ISC_R_SUCCESS,
+				 "Failed to create samba_dlz");
+
+	torture_assert_int_equal(tctx, dlz_configure((void*)tctx, dlzdb, dbdata),
+						     ISC_R_SUCCESS,
+				 "Failed to configure samba_dlz");
+
+	expected1 = talloc_zero(tctx, struct test_expected_rr);
+	torture_assert(tctx, expected1 != NULL, "talloc failed");
+	expected1->tctx = tctx;
+
+	expected1->num_records = 7;
+	expected1->records = talloc_zero_array(expected1,
+					       struct test_expected_record,
+					       expected1->num_records);
+	torture_assert(tctx, expected1->records != NULL, "talloc failed");
+
+	expected1->records[0].name = talloc_asprintf(expected1->records,
+				"%s.", lpcfg_dnsdomain(tctx->lp_ctx));
+	expected1->records[0].type = "soa";
+	expected1->records[0].ttl = 3600;
+	expected1->records[0].data = talloc_asprintf(expected1->records,
+				"%s.%s. hostmaster.%s. 1 900 600 86400 3600",
+				torture_setting_string(tctx, "host", NULL),
+				lpcfg_dnsdomain(tctx->lp_ctx),
+				lpcfg_dnsdomain(tctx->lp_ctx));
+	torture_assert(tctx, expected1->records[0].data != NULL, "talloc failed");
+
+	expected1->records[1].name = talloc_asprintf(expected1->records,
+				"%s.", lpcfg_dnsdomain(tctx->lp_ctx));
+	expected1->records[1].type = "ns";
+	expected1->records[1].ttl = 900;
+	expected1->records[1].data = talloc_asprintf(expected1->records, "%s.%s.",
+				torture_setting_string(tctx, "host", NULL),
+				lpcfg_dnsdomain(tctx->lp_ctx));
+	torture_assert(tctx, expected1->records[1].data != NULL, "talloc failed");
+
+	expected1->records[2].name = talloc_asprintf(expected1->records,
+				"%s.", lpcfg_dnsdomain(tctx->lp_ctx));
+	expected1->records[2].type = "aaaa";
+	expected1->records[2].ttl = 900;
+
+	expected1->records[3].name = talloc_asprintf(expected1->records,
+				"%s.", lpcfg_dnsdomain(tctx->lp_ctx));
+	expected1->records[3].type = "a";
+	expected1->records[3].ttl = 900;
+
+	expected1->records[4].name = talloc_asprintf(expected1->records, "%s.%s.",
+				torture_setting_string(tctx, "host", NULL),
+				lpcfg_dnsdomain(tctx->lp_ctx));
+	torture_assert(tctx, expected1->records[4].name != NULL, "unknown host");
+	expected1->records[4].type = "aaaa";
+	expected1->records[4].ttl = 900;
+
+	expected1->records[5].name = talloc_asprintf(expected1->records, "%s.%s.",
+				torture_setting_string(tctx, "host", NULL),
+				lpcfg_dnsdomain(tctx->lp_ctx));
+	torture_assert(tctx, expected1->records[5].name != NULL, "unknown host");
+	expected1->records[5].type = "a";
+	expected1->records[5].ttl = 900;
+
+	/*
+	 * We expect multiple srv records
+	 */
+	expected1->records[6].name = NULL;
+	expected1->records[6].type = "srv";
+	expected1->records[6].ttl = 900;
+
+	torture_assert_int_equal(tctx, dlz_allnodes(lpcfg_dnsdomain(tctx->lp_ctx),
+						    dbdata, (dns_sdlzallnodes_t *)expected1),
+				 ISC_R_SUCCESS,
+				 "Failed to configure samba_dlz");
+	for (i = 0; i < expected1->num_records; i++) {
+		torture_assert(tctx, expected1->records[i].printed,
+			       talloc_asprintf(tctx,
+			       "Failed to have putrr callback run name[%s] for type %s",
+			       expected1->records[i].name,
+			       expected1->records[i].type));
+	}
+	torture_assert_int_equal(tctx, expected1->num_rr, 24,
+				 "Got wrong record count");
+
+	dlz_destroy(dbdata);
+
+	return true;
+}
+
+/*
+ * Test some updates
+ */
+static bool test_dlz_bind9_update01(struct torture_context *tctx)
+{
+	NTSTATUS status;
+	struct gensec_security *gensec_client_context;
+	DATA_BLOB client_to_server, server_to_client;
+	void *dbdata = NULL;
+	dns_dlzdb_t *dlzdb = NULL;
+	void *version = NULL;
+	const char *argv[] = {
+		"samba_dlz",
+		"-H",
+		dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"),
+		NULL
+	};
+	struct test_expected_rr *expected1 = NULL;
+	char *name = NULL;
+	char *data0 = NULL;
+	char *data1 = NULL;
+	char *data2 = NULL;
+	bool ret = false;
+	dns_clientinfomethods_t *methods = NULL;
+	dns_clientinfo_t *clientinfo = NULL;
+
+	tctx_static = tctx;
+	torture_assert_int_equal(tctx, dlz_create("samba_dlz", 3, argv, &dbdata,
+						  "log", dlz_bind9_log_wrapper,
+						  "writeable_zone", dlz_bind9_writeable_zone_hook,
+						  "putrr", dlz_bind9_putrr_hook,
+						  "putnamedrr", dlz_bind9_putnamedrr_hook,
+						  NULL),
+				 ISC_R_SUCCESS,
+				 "Failed to create samba_dlz");
+
+	torture_assert_int_equal(tctx, dlz_configure((void*)tctx, dlzdb, dbdata),
+						     ISC_R_SUCCESS,
+				 "Failed to configure samba_dlz");
+
+	expected1 = talloc_zero(tctx, struct test_expected_rr);
+	torture_assert(tctx, expected1 != NULL, "talloc failed");
+	expected1->tctx = tctx;
+
+	expected1->query_name = __func__;
+
+	name = talloc_asprintf(expected1, "%s.%s",
+				expected1->query_name,
+				lpcfg_dnsdomain(tctx->lp_ctx));
+	torture_assert(tctx, name != NULL, "talloc failed");
+
+	expected1->num_records = 2;
+	expected1->records = talloc_zero_array(expected1,
+					       struct test_expected_record,
+					       expected1->num_records);
+	torture_assert(tctx, expected1->records != NULL, "talloc failed");
+
+	expected1->records[0].name = expected1->query_name;
+	expected1->records[0].type = "a";
+	expected1->records[0].ttl = 3600;
+	expected1->records[0].data = "127.1.2.3";
+	expected1->records[0].printed = false;
+
+	data0 = talloc_asprintf(expected1,
+				"%s.\t" "%u\t" "%s\t" "%s\t" "%s",
+				name,
+				(unsigned)expected1->records[0].ttl,
+				"in",
+				expected1->records[0].type,
+				expected1->records[0].data);
+	torture_assert(tctx, data0 != NULL, "talloc failed");
+
+	expected1->records[1].name = expected1->query_name;
+	expected1->records[1].type = "a";
+	expected1->records[1].ttl = 3600;
+	expected1->records[1].data = "127.3.2.1";
+	expected1->records[1].printed = false;
+
+	data1 = talloc_asprintf(expected1,
+				"%s.\t" "%u\t" "%s\t" "%s\t" "%s",
+				name,
+				(unsigned)expected1->records[1].ttl,
+				"in",
+				expected1->records[1].type,
+				expected1->records[1].data);
+	torture_assert(tctx, data1 != NULL, "talloc failed");
+
+	data2 = talloc_asprintf(expected1,
+				"%s.\t" "0\t" "in\t" "a\t" "127.3.3.3",
+				name);
+	torture_assert(tctx, data2 != NULL, "talloc failed");
+
+	/*
+	 * Prepare session info
+	 */
+	status = gensec_client_start(tctx, &gensec_client_context,
+				     lpcfg_gensec_settings(tctx, tctx->lp_ctx));
+	torture_assert_ntstatus_ok(tctx, status, "gensec_client_start (client) failed");
+
+	/*
+	 * dlz_bind9 use the special dns/host.domain account
+	 */
+	status = gensec_set_target_hostname(gensec_client_context,
+					    talloc_asprintf(tctx,
+				"%s.%s",
+				torture_setting_string(tctx, "host", NULL),
+				lpcfg_dnsdomain(tctx->lp_ctx)));
+	torture_assert_ntstatus_ok(tctx, status, "gensec_set_target_hostname (client) failed");
+
+	status = gensec_set_target_service(gensec_client_context, "dns");
+	torture_assert_ntstatus_ok(tctx, status, "gensec_set_target_service failed");
+
+	status = gensec_set_credentials(gensec_client_context,
+			samba_cmdline_get_creds());
+	torture_assert_ntstatus_ok(tctx, status, "gensec_set_credentials (client) failed");
+
+	status = gensec_start_mech_by_sasl_name(gensec_client_context, "GSS-SPNEGO");
+	torture_assert_ntstatus_ok(tctx, status, "gensec_start_mech_by_sasl_name (client) failed");
+
+	server_to_client = data_blob(NULL, 0);
+
+	/* Do one step of the client-server update dance */
+	status = gensec_update(gensec_client_context, tctx, server_to_client, &client_to_server);
+	if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {;
+		torture_assert_ntstatus_ok(tctx, status, "gensec_update (client) failed");
+	}
+
+	torture_assert_int_equal(tctx, dlz_ssumatch(
+				cli_credentials_get_username(
+					samba_cmdline_get_creds()),
+				name,
+				"127.0.0.1",
+				expected1->records[0].type,
+				"key",
+				client_to_server.length,
+				client_to_server.data,
+				dbdata),
+				ISC_TRUE,
+			 "Failed to check key for update rights samba_dlz");
+
+	/*
+	 * We test the following:
+	 *
+	 *  1. lookup the records => NOT_FOUND
+	 *  2. delete all records => NOT_FOUND
+	 *  3. delete 1st record => NOT_FOUND
+	 *  4. create 1st record => SUCCESS
+	 *  5. lookup the records => found 1st
+	 *  6. create 2nd record => SUCCESS
+	 *  7. lookup the records => found 1st and 2nd
+	 *  8. delete unknown record => NOT_FOUND
+	 *  9. lookup the records => found 1st and 2nd
+	 * 10. delete 1st record => SUCCESS
+	 * 11. lookup the records => found 2nd
+	 * 12. delete 2nd record => SUCCESS
+	 * 13. lookup the records => NOT_FOUND
+	 * 14. create 1st record => SUCCESS
+	 * 15. lookup the records => found 1st
+	 * 16. create 2nd record => SUCCESS
+	 * 17. lookup the records => found 1st and 2nd
+	 * 18. update 1st record => SUCCESS
+	 * 19. lookup the records => found 1st and 2nd
+	 * 20. delete all unknown type records => NOT_FOUND
+	 * 21. lookup the records => found 1st and 2nd
+	 * 22. delete all records => SUCCESS
+	 * 23. lookup the records => NOT_FOUND
+	 */
+
+	/* Step 1. */
+	expected1->num_rr = 0;
+	expected1->records[0].printed = false;
+	expected1->records[1].printed = false;
+	torture_assert_int_equal(tctx, dlz_lookup(lpcfg_dnsdomain(tctx->lp_ctx),
+						  expected1->query_name, dbdata,
+						  (dns_sdlzlookup_t *)expected1,
+						  methods, clientinfo),
+				 ISC_R_NOTFOUND,
+				 "Found hostname");
+	torture_assert_int_equal(tctx, expected1->num_rr, 0,
+				 "Got wrong record count");
+
+	/* Step 2. */
+	torture_assert_int_equal(tctx, dlz_newversion(lpcfg_dnsdomain(tctx->lp_ctx),
+						      dbdata, &version),
+				 ISC_R_SUCCESS,
+				 "Failed to start transaction");
+	torture_assert_int_equal_goto(tctx,
+			dlz_delrdataset(name,
+					expected1->records[0].type,
+					dbdata, version),
+			ISC_R_NOTFOUND, ret, cancel_version,
+			talloc_asprintf(tctx, "Deleted name[%s] type[%s]\n",
+			name, expected1->records[0].type));
+	dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), false, dbdata, &version);
+
+	/* Step 3. */
+	torture_assert_int_equal(tctx, dlz_newversion(lpcfg_dnsdomain(tctx->lp_ctx),
+						      dbdata, &version),
+				 ISC_R_SUCCESS,
+				 "Failed to start transaction");
+	torture_assert_int_equal_goto(tctx,
+			dlz_subrdataset(name, data0, dbdata, version),
+			ISC_R_NOTFOUND, ret, cancel_version,
+			talloc_asprintf(tctx, "Deleted name[%s] data[%s]\n",
+			name, data0));
+	dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), false, dbdata, &version);
+
+	/* Step 4. */
+	torture_assert_int_equal(tctx, dlz_newversion(lpcfg_dnsdomain(tctx->lp_ctx),
+						      dbdata, &version),
+				 ISC_R_SUCCESS,
+				 "Failed to start transaction");
+	torture_assert_int_equal_goto(tctx,
+			dlz_addrdataset(name, data0, dbdata, version),
+			ISC_R_SUCCESS, ret, cancel_version,
+			talloc_asprintf(tctx, "Failed to add name[%s] data[%s]\n",
+			name, data0));
+	dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), true, dbdata, &version);
+
+	/* Step 5. */
+	expected1->num_rr = 0;
+	expected1->records[0].printed = false;
+	expected1->records[1].printed = false;
+	torture_assert_int_equal(tctx, dlz_lookup(lpcfg_dnsdomain(tctx->lp_ctx),
+						  expected1->query_name, dbdata,
+						  (dns_sdlzlookup_t *)expected1,
+						  methods, clientinfo),
+				 ISC_R_SUCCESS,
+				 "Not found hostname");
+	torture_assert(tctx, expected1->records[0].printed,
+		       talloc_asprintf(tctx,
+		       "Failed to have putrr callback run name[%s] for type %s",
+		       expected1->records[0].name,
+		       expected1->records[0].type));
+	torture_assert_int_equal(tctx, expected1->num_rr, 1,
+				 "Got wrong record count");
+
+	/* Step 6. */
+	torture_assert_int_equal(tctx, dlz_newversion(lpcfg_dnsdomain(tctx->lp_ctx),
+						      dbdata, &version),
+				 ISC_R_SUCCESS,
+				 "Failed to start transaction");
+	torture_assert_int_equal_goto(tctx,
+			dlz_addrdataset(name, data1, dbdata, version),
+			ISC_R_SUCCESS, ret, cancel_version,
+			talloc_asprintf(tctx, "Failed to add name[%s] data[%s]\n",
+			name, data1));
+	dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), true, dbdata, &version);
+
+	/* Step 7. */
+	expected1->num_rr = 0;
+	expected1->records[0].printed = false;
+	expected1->records[1].printed = false;
+	torture_assert_int_equal(tctx, dlz_lookup(lpcfg_dnsdomain(tctx->lp_ctx),
+						  expected1->query_name, dbdata,
+						  (dns_sdlzlookup_t *)expected1,
+						  methods, clientinfo),
+				 ISC_R_SUCCESS,
+				 "Not found hostname");
+	torture_assert(tctx, expected1->records[0].printed,
+		       talloc_asprintf(tctx,
+		       "Failed to have putrr callback run name[%s] for type %s",
+		       expected1->records[0].name,
+		       expected1->records[0].type));
+	torture_assert(tctx, expected1->records[1].printed,
+		       talloc_asprintf(tctx,
+		       "Failed to have putrr callback run name[%s] for type %s",
+		       expected1->records[1].name,
+		       expected1->records[1].type));
+	torture_assert_int_equal(tctx, expected1->num_rr, 2,
+				 "Got wrong record count");
+
+	/* Step 8. */
+	torture_assert_int_equal(tctx, dlz_newversion(lpcfg_dnsdomain(tctx->lp_ctx),
+						      dbdata, &version),
+				 ISC_R_SUCCESS,
+				 "Failed to start transaction");
+	torture_assert_int_equal_goto(tctx,
+			dlz_subrdataset(name, data2, dbdata, version),
+			ISC_R_NOTFOUND, ret, cancel_version,
+			talloc_asprintf(tctx, "Deleted name[%s] data[%s]\n",
+			name, data2));
+	dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), true, dbdata, &version);
+
+	/* Step 9. */
+	expected1->num_rr = 0;
+	expected1->records[0].printed = false;
+	expected1->records[1].printed = false;
+	torture_assert_int_equal(tctx, dlz_lookup(lpcfg_dnsdomain(tctx->lp_ctx),
+						  expected1->query_name, dbdata,
+						  (dns_sdlzlookup_t *)expected1,
+						  methods, clientinfo),
+				 ISC_R_SUCCESS,
+				 "Not found hostname");
+	torture_assert(tctx, expected1->records[0].printed,
+		       talloc_asprintf(tctx,
+		       "Failed to have putrr callback run name[%s] for type %s",
+		       expected1->records[0].name,
+		       expected1->records[0].type));
+	torture_assert(tctx, expected1->records[1].printed,
+		       talloc_asprintf(tctx,
+		       "Failed to have putrr callback run name[%s] for type %s",
+		       expected1->records[1].name,
+		       expected1->records[1].type));
+	torture_assert_int_equal(tctx, expected1->num_rr, 2,
+				 "Got wrong record count");
+
+	/* Step 10. */
+	torture_assert_int_equal(tctx, dlz_newversion(lpcfg_dnsdomain(tctx->lp_ctx),
+						      dbdata, &version),
+				 ISC_R_SUCCESS,
+				 "Failed to start transaction");
+	torture_assert_int_equal_goto(tctx,
+			dlz_subrdataset(name, data0, dbdata, version),
+			ISC_R_SUCCESS, ret, cancel_version,
+			talloc_asprintf(tctx, "Failed to delete name[%s] data[%s]\n",
+			name, data0));
+	dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), true, dbdata, &version);
+
+	/* Step 11. */
+	expected1->num_rr = 0;
+	expected1->records[0].printed = false;
+	expected1->records[1].printed = false;
+	torture_assert_int_equal(tctx, dlz_lookup(lpcfg_dnsdomain(tctx->lp_ctx),
+						  expected1->query_name, dbdata,
+						  (dns_sdlzlookup_t *)expected1,
+						  methods, clientinfo),
+				 ISC_R_SUCCESS,
+				 "Not found hostname");
+	torture_assert(tctx, expected1->records[1].printed,
+		       talloc_asprintf(tctx,
+		       "Failed to have putrr callback run name[%s] for type %s",
+		       expected1->records[1].name,
+		       expected1->records[1].type));
+	torture_assert_int_equal(tctx, expected1->num_rr, 1,
+				 "Got wrong record count");
+
+	/* Step 12. */
+	torture_assert_int_equal(tctx, dlz_newversion(lpcfg_dnsdomain(tctx->lp_ctx),
+						      dbdata, &version),
+				 ISC_R_SUCCESS,
+				 "Failed to start transaction");
+	torture_assert_int_equal_goto(tctx,
+			dlz_subrdataset(name, data1, dbdata, version),
+			ISC_R_SUCCESS, ret, cancel_version,
+			talloc_asprintf(tctx, "Failed to delete name[%s] data[%s]\n",
+			name, data1));
+	dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), true, dbdata, &version);
+
+	/* Step 13. */
+	expected1->num_rr = 0;
+	expected1->records[0].printed = false;
+	expected1->records[1].printed = false;
+	torture_assert_int_equal(tctx, dlz_lookup(lpcfg_dnsdomain(tctx->lp_ctx),
+						  expected1->query_name, dbdata,
+						  (dns_sdlzlookup_t *)expected1,
+						  methods, clientinfo),
+				 ISC_R_NOTFOUND,
+				 "Found hostname");
+	torture_assert_int_equal(tctx, expected1->num_rr, 0,
+				 "Got wrong record count");
+
+	/* Step 14. */
+	torture_assert_int_equal(tctx, dlz_newversion(lpcfg_dnsdomain(tctx->lp_ctx),
+						      dbdata, &version),
+				 ISC_R_SUCCESS,
+				 "Failed to start transaction");
+	torture_assert_int_equal_goto(tctx,
+			dlz_addrdataset(name, data0, dbdata, version),
+			ISC_R_SUCCESS, ret, cancel_version,
+			talloc_asprintf(tctx, "Failed to add name[%s] data[%s]\n",
+			name, data0));
+	dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), true, dbdata, &version);
+
+	/* Step 15. */
+	expected1->num_rr = 0;
+	expected1->records[0].printed = false;
+	expected1->records[1].printed = false;
+	torture_assert_int_equal(tctx, dlz_lookup(lpcfg_dnsdomain(tctx->lp_ctx),
+						  expected1->query_name, dbdata,
+						  (dns_sdlzlookup_t *)expected1,
+						  methods, clientinfo),
+				 ISC_R_SUCCESS,
+				 "Not found hostname");
+	torture_assert(tctx, expected1->records[0].printed,
+		       talloc_asprintf(tctx,
+		       "Failed to have putrr callback run name[%s] for type %s",
+		       expected1->records[0].name,
+		       expected1->records[0].type));
+	torture_assert_int_equal(tctx, expected1->num_rr, 1,
+				 "Got wrong record count");
+
+	/* Step 16. */
+	torture_assert_int_equal(tctx, dlz_newversion(lpcfg_dnsdomain(tctx->lp_ctx),
+						      dbdata, &version),
+				 ISC_R_SUCCESS,
+				 "Failed to start transaction");
+	torture_assert_int_equal_goto(tctx,
+			dlz_addrdataset(name, data1, dbdata, version),
+			ISC_R_SUCCESS, ret, cancel_version,
+			talloc_asprintf(tctx, "Failed to add name[%s] data[%s]\n",
+			name, data1));
+	dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), true, dbdata, &version);
+
+	/* Step 17. */
+	expected1->num_rr = 0;
+	expected1->records[0].printed = false;
+	expected1->records[1].printed = false;
+	torture_assert_int_equal(tctx, dlz_lookup(lpcfg_dnsdomain(tctx->lp_ctx),
+						  expected1->query_name, dbdata,
+						  (dns_sdlzlookup_t *)expected1,
+						  methods, clientinfo),
+				 ISC_R_SUCCESS,
+				 "Not found hostname");
+	torture_assert(tctx, expected1->records[0].printed,
+		       talloc_asprintf(tctx,
+		       "Failed to have putrr callback run name[%s] for type %s",
+		       expected1->records[0].name,
+		       expected1->records[0].type));
+	torture_assert(tctx, expected1->records[1].printed,
+		       talloc_asprintf(tctx,
+		       "Failed to have putrr callback run name[%s] for type %s",
+		       expected1->records[1].name,
+		       expected1->records[1].type));
+	torture_assert_int_equal(tctx, expected1->num_rr, 2,
+				 "Got wrong record count");
+
+	/* Step 18. */
+	torture_assert_int_equal(tctx, dlz_newversion(lpcfg_dnsdomain(tctx->lp_ctx),
+						      dbdata, &version),
+				 ISC_R_SUCCESS,
+				 "Failed to start transaction");
+	torture_assert_int_equal_goto(tctx,
+			dlz_addrdataset(name, data0, dbdata, version),
+			ISC_R_SUCCESS, ret, cancel_version,
+			talloc_asprintf(tctx, "Failed to update name[%s] data[%s]\n",
+			name, data0));
+	dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), true, dbdata, &version);
+
+	/* Step 19. */
+	expected1->num_rr = 0;
+	expected1->records[0].printed = false;
+	expected1->records[1].printed = false;
+	torture_assert_int_equal(tctx, dlz_lookup(lpcfg_dnsdomain(tctx->lp_ctx),
+						  expected1->query_name, dbdata,
+						  (dns_sdlzlookup_t *)expected1,
+						  methods, clientinfo),
+				 ISC_R_SUCCESS,
+				 "Not found hostname");
+	torture_assert(tctx, expected1->records[0].printed,
+		       talloc_asprintf(tctx,
+		       "Failed to have putrr callback run name[%s] for type %s",
+		       expected1->records[0].name,
+		       expected1->records[0].type));
+	torture_assert(tctx, expected1->records[1].printed,
+		       talloc_asprintf(tctx,
+		       "Failed to have putrr callback run name[%s] for type %s",
+		       expected1->records[1].name,
+		       expected1->records[1].type));
+	torture_assert_int_equal(tctx, expected1->num_rr, 2,
+				 "Got wrong record count");
+
+	/* Step 20. */
+	torture_assert_int_equal(tctx, dlz_newversion(lpcfg_dnsdomain(tctx->lp_ctx),
+						      dbdata, &version),
+				 ISC_R_SUCCESS,
+				 "Failed to start transaction");
+	torture_assert_int_equal_goto(tctx,
+			dlz_delrdataset(name, "txt", dbdata, version),
+			ISC_R_FAILURE, ret, cancel_version,
+			talloc_asprintf(tctx, "Deleted name[%s] type[%s]\n",
+			name, "txt"));
+	dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), false, dbdata, &version);
+
+	/* Step 21. */
+	expected1->num_rr = 0;
+	expected1->records[0].printed = false;
+	expected1->records[1].printed = false;
+	torture_assert_int_equal(tctx, dlz_lookup(lpcfg_dnsdomain(tctx->lp_ctx),
+						  expected1->query_name, dbdata,
+						  (dns_sdlzlookup_t *)expected1,
+						  methods, clientinfo),
+				 ISC_R_SUCCESS,
+				 "Not found hostname");
+	torture_assert(tctx, expected1->records[0].printed,
+		       talloc_asprintf(tctx,
+		       "Failed to have putrr callback run name[%s] for type %s",
+		       expected1->records[0].name,
+		       expected1->records[0].type));
+	torture_assert(tctx, expected1->records[1].printed,
+		       talloc_asprintf(tctx,
+		       "Failed to have putrr callback run name[%s] for type %s",
+		       expected1->records[1].name,
+		       expected1->records[1].type));
+	torture_assert_int_equal(tctx, expected1->num_rr, 2,
+				 "Got wrong record count");
+
+	/* Step 22. */
+	torture_assert_int_equal(tctx, dlz_newversion(lpcfg_dnsdomain(tctx->lp_ctx),
+						      dbdata, &version),
+				 ISC_R_SUCCESS,
+				 "Failed to start transaction");
+	torture_assert_int_equal_goto(tctx,
+			dlz_delrdataset(name,
+					expected1->records[0].type,
+					dbdata, version),
+			ISC_R_SUCCESS, ret, cancel_version,
+			talloc_asprintf(tctx, "Failed to delete name[%s] type[%s]\n",
+			name, expected1->records[0].type));
+	dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), true, dbdata, &version);
+
+	/* Step 23. */
+	expected1->num_rr = 0;
+	expected1->records[0].printed = false;
+	expected1->records[1].printed = false;
+	torture_assert_int_equal(tctx, dlz_lookup(lpcfg_dnsdomain(tctx->lp_ctx),
+						  expected1->query_name, dbdata,
+						  (dns_sdlzlookup_t *)expected1,
+						  methods, clientinfo),
+				 ISC_R_NOTFOUND,
+				 "Found hostname");
+	torture_assert_int_equal(tctx, expected1->num_rr, 0,
+				 "Got wrong record count");
+
+	dlz_destroy(dbdata);
+
+	return true;
+
+cancel_version:
+	dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), false, dbdata, &version);
+	return ret;
+}
+
+/*
+ * Test zone transfer requests restrictions
+ *
+ * 1: test that zone transfer is denied by default
+ * 2: with an authorized list of IPs set in smb.conf, test that zone transfer
+ *    is accepted only for selected IPs.
+ */
+static bool test_dlz_bind9_allowzonexfr(struct torture_context *tctx)
+{
+	void *dbdata;
+	const char *argv[] = {
+		"samba_dlz",
+		"-H",
+		dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"),
+		NULL
+	};
+	isc_result_t ret;
+	dns_dlzdb_t *dlzdb = NULL;
+	bool ok;
+
+	tctx_static = tctx;
+	torture_assert_int_equal(tctx, dlz_create("samba_dlz", 3, argv, &dbdata,
+						  "log", dlz_bind9_log_wrapper,
+						  "writeable_zone", dlz_bind9_writeable_zone_hook,
+						  "putrr", dlz_bind9_putrr_hook,
+						  "putnamedrr", dlz_bind9_putnamedrr_hook,
+						  NULL),
+				 ISC_R_SUCCESS,
+				 "Failed to create samba_dlz");
+
+	torture_assert_int_equal(tctx, dlz_configure((void*)tctx, dlzdb, dbdata),
+						     ISC_R_SUCCESS,
+				             "Failed to configure samba_dlz");
+
+    /* Ask for zone transfer with no specific config => expect denied */
+    ret = dlz_allowzonexfr(dbdata, lpcfg_dnsdomain(tctx->lp_ctx), "127.0.0.1");
+    torture_assert_int_equal(tctx, ret, ISC_R_NOPERM,
+                            "Zone transfer accepted with default settings");
+
+    /* Ask for zone transfer with authorizations set */
+    ok = lpcfg_set_option(tctx->lp_ctx, "dns zone transfer clients allow=127.0.0.1,1234:5678::1,192.168.0.");
+    torture_assert(tctx, ok, "Failed to set dns zone transfer clients allow option.");
+
+    ok = lpcfg_set_option(tctx->lp_ctx, "dns zone transfer clients deny=192.168.0.2");
+    torture_assert(tctx, ok, "Failed to set dns zone transfer clients deny option.");
+
+    ret = dlz_allowzonexfr(dbdata, lpcfg_dnsdomain(tctx->lp_ctx), "127.0.0.1");
+    torture_assert_int_equal(tctx, ret, ISC_R_SUCCESS,
+                            "Zone transfer refused for authorized IPv4 address");
+
+    ret = dlz_allowzonexfr(dbdata, lpcfg_dnsdomain(tctx->lp_ctx), "1234:5678::1");
+    torture_assert_int_equal(tctx, ret, ISC_R_SUCCESS,
+                             "Zone transfer refused for authorized IPv6 address.");
+
+    ret = dlz_allowzonexfr(dbdata, lpcfg_dnsdomain(tctx->lp_ctx), "10.0.0.1");
+    torture_assert_int_equal(tctx, ret, ISC_R_NOPERM,
+                            "Zone transfer accepted for unauthorized IP");
+
+    ret = dlz_allowzonexfr(dbdata, lpcfg_dnsdomain(tctx->lp_ctx), "192.168.0.1");
+    torture_assert_int_equal(tctx, ret, ISC_R_SUCCESS,
+                             "Zone transfer refused for address in authorized IPv4 subnet.");
+
+    ret = dlz_allowzonexfr(dbdata, lpcfg_dnsdomain(tctx->lp_ctx), "192.168.0.2");
+    torture_assert_int_equal(tctx, ret, ISC_R_NOPERM,
+                            "Zone transfer allowed for denied client.");
+
+    dlz_destroy(dbdata);
+    return true;
+}
+
+
+static int init_dlz(struct torture_context *tctx,
+		    void **dbdata)
+{
+	isc_result_t ret;
+	const char *argv[] = {
+		"samba_dlz",
+		"-H",
+		dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"),
+		NULL
+	};
+
+	ret = dlz_create("samba_dlz", 3, argv, dbdata,
+			 "log", dlz_bind9_log_wrapper,
+			 "writeable_zone", dlz_bind9_writeable_zone_hook,
+			 "putrr", dlz_bind9_putrr_hook,
+			 "putnamedrr", dlz_bind9_putnamedrr_hook,
+			 NULL);
+
+	torture_assert_int_equal(tctx,
+				 ret,
+				 ISC_R_SUCCESS,
+				 "Failed to create samba_dlz");
+
+	ret = dlz_configure((void*)tctx, NULL, *dbdata);
+	torture_assert_int_equal(tctx,
+				 ret,
+				 ISC_R_SUCCESS,
+				 "Failed to configure samba_dlz");
+
+	return true;
+}
+
+
+static int init_gensec(struct torture_context *tctx,
+		       struct gensec_security **gensec_client_context)
+{
+	NTSTATUS status;
+	/*
+	 * Prepare session info
+	 */
+	status = gensec_client_start(tctx, gensec_client_context,
+				     lpcfg_gensec_settings(tctx, tctx->lp_ctx));
+	torture_assert_ntstatus_ok(tctx, status,
+				   "gensec_client_start (client) failed");
+
+	/*
+	 * dlz_bind9 use the special dns/host.domain account
+	 */
+	status = gensec_set_target_hostname(*gensec_client_context,
+					    talloc_asprintf(tctx,
+				"%s.%s",
+				torture_setting_string(tctx, "host", NULL),
+				lpcfg_dnsdomain(tctx->lp_ctx)));
+	torture_assert_ntstatus_ok(tctx, status,
+				   "gensec_set_target_hostname (client) failed");
+
+	status = gensec_set_target_service(*gensec_client_context, "dns");
+	torture_assert_ntstatus_ok(tctx, status,
+				   "gensec_set_target_service failed");
+
+	status = gensec_set_credentials(*gensec_client_context,
+					samba_cmdline_get_creds());
+	torture_assert_ntstatus_ok(tctx, status,
+				   "gensec_set_credentials (client) failed");
+
+	status = gensec_start_mech_by_sasl_name(*gensec_client_context,
+						"GSS-SPNEGO");
+	torture_assert_ntstatus_ok(tctx, status,
+				   "gensec_start_mech_by_sasl_name (client) failed");
+
+
+	return true;
+}
+
+
+
+static bool expected_record(TALLOC_CTX *mem_ctx,
+			    struct test_expected_record *r,
+			    const char *name,
+			    const char *type,
+			    const char *data)
+{
+	unsigned int ttl = 3600;
+	const char *rdata = talloc_asprintf(
+		mem_ctx,
+		"%s.\t" "%u\t" "in\t" "%s\t" "%s",
+		name, ttl, type, data);
+	if (rdata == NULL) {
+		return false;
+	}
+
+	*r = (struct test_expected_record){
+		.name = name,
+		.type = type,
+		.data = data,
+		.ttl = ttl,
+		.printed = false,
+		.rdata = rdata
+	};
+	return true;
+}
+
+
+struct dlz_test_handle {
+	struct dcerpc_pipe *p;
+};
+
+
+static bool set_zone_aging(struct torture_context *tctx,
+			   const char *zone,
+			   int value)
+{
+	int ret;
+	char *cmd = talloc_asprintf(tctx,
+				    "bin/samba-tool dns zoneoptions "
+				    "$SERVER %s -U$USERNAME%%$PASSWORD "
+				    "--aging %d", zone, value);
+
+	if (cmd == NULL) {
+		return false;
+	}
+
+	ret = system(cmd);
+	if (ret != 0) {
+		TALLOC_FREE(cmd);
+		return false;
+	}
+	TALLOC_FREE(cmd);
+	return true;
+}
+
+
+static struct ldb_context* get_samdb(struct torture_context *tctx)
+{
+	struct ldb_context *samdb = NULL;
+	char *errstring;
+	int ret = samdb_connect_url(
+		tctx,
+		NULL,
+		tctx->lp_ctx,
+		system_session(tctx->lp_ctx),
+		0,
+		dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"),
+		NULL,
+		&samdb,
+		&errstring);
+	if (ret != LDB_SUCCESS) {
+		return NULL;
+	}
+	return samdb;
+}
+
+
+static void print_node_records(struct torture_context *tctx,
+			       struct ldb_context *samdb,
+			       struct ldb_dn *node_dn,
+			       const char *msg)
+{
+	int ret;
+	struct ldb_result *result = NULL;
+	struct dnsp_DnssrvRpcRecord rec;
+	struct ldb_message_element *el = NULL;
+	size_t i;
+
+	if (msg != NULL) {
+		torture_comment(tctx,
+				"\033[1;32m%s\033[0m\n",
+				msg);
+	}
+
+	ret = dsdb_search(samdb, tctx, &result, node_dn,
+			  LDB_SCOPE_SUBTREE, NULL,
+			  0, NULL);
+	if (ret != LDB_SUCCESS) {
+		torture_comment(tctx,
+				"Failed to find node: %s",
+				ldb_errstring(samdb));
+	}
+
+	el = ldb_msg_find_element(result->msgs[0], "dnsRecord");
+
+	for (i = 0; i < el->num_values; i++) {
+		ret = ndr_pull_struct_blob(
+			&(el->values[i]),
+			result,
+			&rec,
+			(ndr_pull_flags_fn_t)ndr_pull_dnsp_DnssrvRpcRecord);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ret)) {
+			DBG_ERR("Failed to pull dns rec blob [%zu].\n",
+				i);
+			TALLOC_FREE(result);
+		}
+		torture_comment(tctx, "record[%zu]:\n", i);
+		torture_comment(tctx, "type: %d\n", rec.wType);
+		torture_comment(tctx, "timestamp: %u\n", rec.dwTimeStamp);
+		torture_comment(tctx, "%s\n",
+				NDR_PRINT_STRUCT_STRING(result,
+							dnsp_DnssrvRpcRecord,
+							&rec));
+	}
+}
+
+
+
+/*
+ * Test some MORE updates, this time focussing on more record types and aging.
+ */
+static bool test_dlz_bind9_aging(struct torture_context *tctx)
+{
+	struct gensec_security *gensec_client_context = NULL;
+	DATA_BLOB client_to_server, server_to_client;
+	NTSTATUS status;
+	void *dbdata = NULL;
+	void *version = NULL;
+	struct test_expected_rr *testdata = NULL;
+	bool ok = false;
+	struct ldb_context *samdb = NULL;
+	isc_result_t ret;
+	size_t i, j;
+	const char *domain = lpcfg_dnsdomain(tctx->lp_ctx);
+	struct ldb_dn *domain_dn = NULL;
+	struct ldb_dn *node_dn = NULL;
+	struct ldb_result *result = NULL;
+	uint32_t dns_timestamp_before;
+	uint32_t dns_timestamp_after;
+	const char *name = NULL;
+	const char *attrs[] = {"dnsrecord", NULL};
+	const char *node_dn_str = NULL;
+	struct ldb_message_element *el = NULL;
+	struct ldb_message *msg = NULL;
+
+	tctx_static = tctx;
+
+	/* Step 0. set things up */
+
+	ok = init_dlz(tctx, &dbdata);
+	if (! ok) {
+		torture_fail(tctx, "Failed to init_dlz");
+	}
+	ok = init_gensec(tctx, &gensec_client_context);
+	if (! ok) {
+		torture_fail(tctx, "Failed to init_gensec");
+	}
+
+	samdb = get_samdb(tctx);
+	if (samdb == NULL) {
+		torture_fail(tctx, "Failed to connect to samdb");
+	}
+
+	domain_dn = ldb_get_default_basedn(samdb);
+	testdata = talloc_zero(tctx, struct test_expected_rr);
+	torture_assert(tctx, testdata != NULL, "talloc failed");
+	testdata->tctx = tctx;
+
+	testdata->query_name = __func__;
+
+	name = talloc_asprintf(testdata, "%s.%s",
+			       testdata->query_name,
+			       domain);
+	torture_assert(tctx, name != NULL, "talloc failed");
+
+	testdata->num_records = 6;
+	testdata->records = talloc_zero_array(testdata,
+					      struct test_expected_record,
+					      testdata->num_records);
+	torture_assert(tctx, testdata->records != NULL, "talloc failed");
+
+	torture_assert(tctx,
+		       expected_record(testdata->records,
+				       &testdata->records[0],
+				       testdata->query_name,
+				       "aaaa",
+				       "::1"),
+		       "failed to add record");
+
+	torture_assert(tctx,
+		       expected_record(testdata->records,
+				       &testdata->records[1],
+				       testdata->query_name,
+				       "a",
+				       "127.11.12.13"),
+		       "failed to add record");
+	torture_assert(tctx,
+		       expected_record(testdata->records,
+				       &testdata->records[2],
+				       testdata->query_name,
+				       "a",
+				       "127.11.12.14"),
+		       "failed to add record");
+
+	torture_assert(tctx,
+		       expected_record(testdata->records,
+				       &testdata->records[3],
+				       testdata->query_name,
+				       "ptr",
+				       "samba.example.com"),
+		       "failed to add record");
+
+	/*
+	 * NOTE: Here we add the MX record with the priority before the name,
+	 * rather than the other way around which you are more likely to see
+	 * ("samba.example.com 11" e.g. in samba-tool dns), because this is
+	 * how it goes in BIND9 configuration.
+	 */
+	torture_assert(tctx,
+		       expected_record(testdata->records,
+				       &testdata->records[4],
+				       testdata->query_name,
+				       "mx",
+				       "11 samba.example.com."),
+		       "failed to add record");
+
+	torture_assert(tctx,
+		       expected_record(testdata->records,
+				       &testdata->records[5],
+				       testdata->query_name,
+				       "cname",
+				       "samba.example.com"),
+		       "failed to add record");
+
+
+	server_to_client = data_blob(NULL, 0);
+
+	/* Do one step of the client-server update dance */
+	status = gensec_update(gensec_client_context, tctx, server_to_client,
+			       &client_to_server);
+	if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {;
+		torture_assert_ntstatus_ok(tctx, status,
+					   "gensec_update (client) failed");
+	}
+
+	torture_assert_int_equal(tctx, dlz_ssumatch(
+				cli_credentials_get_username(
+					samba_cmdline_get_creds()),
+				domain,
+				"127.0.0.1",
+				testdata->records[0].type,
+				"key",
+				client_to_server.length,
+				client_to_server.data,
+				dbdata),
+				ISC_TRUE,
+			 "Failed to check key for update rights samba_dlz");
+
+	/* remember the DN for use below */
+	node_dn = ldb_dn_copy(testdata, domain_dn);
+	if (node_dn == NULL) {
+		torture_fail(tctx, "Failed to make node dn");
+	}
+
+	ok = ldb_dn_add_child_fmt(
+		node_dn,
+		"DC=%s,DC=%s,CN=MicrosoftDNS,DC=DomainDnsZones",
+		testdata->query_name,
+		domain);
+	if (! ok) {
+		torture_fail(tctx, "Failed to make node dn");
+	}
+	node_dn_str = ldb_dn_get_linearized(node_dn);
+	if (node_dn_str == NULL) {
+		torture_fail(tctx, "Failed to linearise node dn");
+	}
+
+	/* LOOK: we are chopping off the last one (the CNAME) for now */
+	testdata->num_records = 5;
+
+	/*
+	 * We test the following:
+	 *
+	 * Step 1.  Ensure we are starting with an empty node.
+	 * Step 2.  Add all the records (with aging off).
+	 * Step 3.  Check the timestamps are now-ish.
+	 * Step 4.  Add all the records AGAIN.
+	 * Step 5:  Turn aging on.
+	 * Step 6.  Add all the records again.
+	 * Step 7.  Check the timestamps are still now-ish.
+	 * Step 8.  Wind back the timestamps in the database.
+	 * Step 9.  Do another update, changing some timestamps
+	 * Step 10. Check that the timestamps are right.
+	 * Step 11. Set one record to be static.
+	 * Step 12. Do updates on some records, zeroing their timestamps
+	 * Step 13. Check that the record timeouts are *mostly* zero.
+	 * Step 14. Turn aging off
+	 * Step 15. Update, setting timestamps to zero
+	 * Step 16. Check that the timestamps are all zero.
+	 * Step 17. Reset to non-zero via ldb, with aging still off.
+	 * Step 18. Update with aging off. Nothing should change.
+	 * Step 19. Check that the timestamps didn't change.
+	 * Step 20. Delete all the records, 1 by 1.
+	 */
+
+
+	/*
+	 * Step 1. Ensure we are starting with an empty node.
+	 */
+	torture_comment(tctx, "step 1: %s records are not there\n",
+			testdata->query_name);
+	testdata->num_rr = 0;
+	torture_assert_int_equal(tctx, dlz_lookup(domain,
+						  testdata->query_name,
+						  dbdata,
+						  (dns_sdlzlookup_t *)testdata,
+						  NULL, NULL),
+				 ISC_R_NOTFOUND,
+				 "Found hostname");
+	torture_assert_int_equal(tctx, testdata->num_rr, 0,
+				 "Got records when there should be none");
+
+
+	dns_timestamp_before = unix_to_dns_timestamp(time(NULL));
+
+	/*
+	 * Step 2. Add all the records (with aging off).
+	 * After adding each one, expect to find it and earlier ones.
+	 */
+	torture_comment(tctx,
+			"step 2: add %zu records\n",
+			testdata->num_records);
+
+	for (i = 0; i < testdata->num_records; i++) {
+		struct test_expected_record r = testdata->records[i];
+		ret = dlz_newversion(domain, dbdata, &version);
+		torture_assert_int_equal(tctx, ret, ISC_R_SUCCESS,
+					 "Failed to start transaction");
+
+		ret = dlz_addrdataset(name, r.rdata, dbdata, version);
+		torture_assert_int_equal_goto(
+			tctx, ret, ISC_R_SUCCESS, ok,
+			cancel_version,
+			talloc_asprintf(tctx,
+					"Failed to add record %zu «%s»\n",
+					i, r.rdata));
+
+		dlz_closeversion(domain, true, dbdata, &version);
+
+		testdata->num_rr = 0;
+
+		ret = dlz_lookup(domain, testdata->query_name, dbdata,
+				 (dns_sdlzlookup_t *)testdata, NULL, NULL);
+
+		torture_assert_int_equal(tctx, ret,
+					 ISC_R_SUCCESS,
+					 "Not found hostname");
+		torture_assert_int_equal(tctx, testdata->num_rr, i + 1,
+					 "Got wrong record count");
+
+		for (j = 0; j < testdata->num_records; j++) {
+			struct test_expected_record *r2 = &testdata->records[j];
+			if (j <= i) {
+				torture_assertf(
+					tctx,
+					r2->printed,
+					"putrr callback not run on %s «%s»",
+					r2->type, r2->name);
+			} else {
+				torture_assertf(
+					tctx,
+					! r2->printed,
+					"putrr callback should not see %s «%s»",
+					r2->type, r2->name);
+			}
+			r2->printed = false;
+		}
+	}
+
+	dns_timestamp_after = unix_to_dns_timestamp(time(NULL));
+	/*
+	 * Step 3. Check the timestamps are now-ish.
+	 *
+	 * Those records should have DNS timestamps between
+	 * dns_timestamp_before and dns_timestamp_after (the resolution is
+	 * hourly, so probably both are equal).
+	 */
+	ret = dsdb_search(samdb, tctx, &result, node_dn,
+			  LDB_SCOPE_SUBTREE, NULL,
+			  0, NULL);
+	if (ret != LDB_SUCCESS) {
+		torture_fail(tctx,
+			     talloc_asprintf(
+				     tctx,
+				     "Failed to find %s node: %s",
+				     name, ldb_errstring(samdb)));
+	}
+	torture_assert_int_equal(tctx, result->count, 1,
+				 "Should be one node");
+
+	el = ldb_msg_find_element(result->msgs[0], "dnsRecord");
+	torture_assert_not_null(tctx, el, "el");
+	torture_assert(tctx, dns_timestamp_before <= dns_timestamp_after, "<");
+	torture_assert_int_equal(tctx, el->num_values, testdata->num_records,
+				 "num_values != num_records");
+
+	for (i = 0; i < el->num_values; i++) {
+		struct dnsp_DnssrvRpcRecord rec;
+		ret = ndr_pull_struct_blob(
+			&(el->values[i]),
+			result,
+			&rec,
+			(ndr_pull_flags_fn_t)ndr_pull_dnsp_DnssrvRpcRecord);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ret)) {
+			DBG_ERR("Failed to pull dns rec blob [%zu].\n",
+				i);
+			TALLOC_FREE(result);
+			torture_fail(tctx, "Failed to pull dns rec blob");
+		}
+		torture_comment(tctx, "record[%zu]:\n", i);
+		torture_comment(tctx, "type: %d\n", rec.wType);
+		torture_comment(tctx, "timestamp: %u\n", rec.dwTimeStamp);
+		torture_comment(tctx, "%s\n",
+				NDR_PRINT_STRUCT_STRING(result,
+							dnsp_DnssrvRpcRecord,
+							&rec));
+
+		torture_assert(tctx, rec.dwTimeStamp >= dns_timestamp_before,
+			       "timestamp < dns_timestamp_before");
+		torture_assert(tctx, rec.dwTimeStamp <= dns_timestamp_after,
+			       "timestamp > dns_timestamp_after");
+	}
+
+	talloc_free(result);
+
+	/*
+	 * Step 4. Add all the records AGAIN.
+	 *
+	 * After adding each one, we expect no change in the number or nature
+	 * of records.
+	 */
+	torture_comment(tctx, "step 4: add the records again\n");
+	for (i = 0; i < testdata->num_records; i++) {
+		struct test_expected_record r = testdata->records[i];
+
+		ret = dlz_newversion(domain, dbdata, &version);
+		torture_assert_int_equal(tctx, ret, ISC_R_SUCCESS,
+					 "Failed to start transaction");
+
+		ret = dlz_addrdataset(name, r.rdata, dbdata, version);
+		torture_assert_int_equal_goto(
+			tctx, ret, ISC_R_SUCCESS, ok,
+			cancel_version,
+			talloc_asprintf(tctx,
+					"Failed to add record %zu «%s»\n",
+					i, r.rdata));
+
+		dlz_closeversion(domain, true, dbdata, &version);
+
+		testdata->num_rr = 0;
+
+		ret = dlz_lookup(domain, testdata->query_name, dbdata,
+				 (dns_sdlzlookup_t *)testdata, NULL, NULL);
+
+		torture_assert_int_equal(tctx, ret,
+					 ISC_R_SUCCESS,
+					 "Not found hostname");
+		torture_assert_int_equal(tctx,
+					 testdata->num_rr,
+					 testdata->num_records,
+					 "Got wrong record count");
+
+		for (j = 0; j <= i; j++) {
+			/* these ones are printed again. */
+			struct test_expected_record *r2 = &testdata->records[j];
+			torture_assert(
+				tctx,
+				r2->printed,
+				talloc_asprintf(
+					tctx,
+					"putrr callback not run on %s «%s»",
+					r2->type, r2->name));
+			r2->printed = false;
+		}
+	}
+
+	print_node_records(tctx, samdb, node_dn, "after adding again");
+
+
+	/*
+	 * Step 5: Turn aging on.
+	 */
+	torture_comment(tctx, "step 5: turn aging on\n");
+	ok = set_zone_aging(tctx, domain, 1);
+	torture_assert(tctx, ok, "failed to enable aging");
+
+	print_node_records(tctx, samdb, node_dn, "aging on");
+
+	/*
+	 * Step 6. Add all the records again.
+	 *
+	 * We expect no change in the number or nature of records, even with
+	 * aging on, because the default noRefreshInterval is 7 days (also,
+	 * there should be no change because almost no time has passed).
+	 */
+	torture_comment(tctx, "step 6: add records again\n");
+
+	for (i = 0; i < testdata->num_records; i++) {
+		struct test_expected_record r = testdata->records[i];
+
+		ret = dlz_newversion(domain, dbdata, &version);
+		torture_assert_int_equal(tctx, ret, ISC_R_SUCCESS,
+					 "Failed to start transaction");
+
+		ret = dlz_addrdataset(domain, r.rdata, dbdata, version);
+		torture_assert_int_equal_goto(
+			tctx, ret, ISC_R_SUCCESS, ok,
+			cancel_version,
+			talloc_asprintf(tctx,
+					"Failed to add record %zu «%s»\n",
+					i, r.rdata));
+
+		dlz_closeversion(domain, true, dbdata, &version);
+	}
+
+	print_node_records(tctx, samdb, node_dn, "add again");
+
+
+	/*
+	 * Step 7. Check the timestamps are still now-ish.
+	 *
+	 */
+	ret = dsdb_search(samdb, tctx, &result, node_dn,
+			  LDB_SCOPE_SUBTREE, NULL,
+			  0, NULL);
+	if (ret != LDB_SUCCESS) {
+		torture_fail(tctx,
+			     talloc_asprintf(
+				     tctx,
+				     "Failed to find %s node: %s",
+				     name, ldb_errstring(samdb)));
+	}
+	torture_assert_int_equal(tctx, result->count, 1,
+				 "Should be one node");
+
+	el = ldb_msg_find_element(result->msgs[0], "dnsRecord");
+	torture_assert_not_null(tctx, el, "el");
+	torture_assert(tctx, dns_timestamp_before <= dns_timestamp_after, "<");
+	torture_assert_int_equal(tctx, el->num_values, testdata->num_records,
+				 "num_values != num_records");
+
+	for (i = 0; i < el->num_values; i++) {
+		struct dnsp_DnssrvRpcRecord rec;
+		ret = ndr_pull_struct_blob(
+			&(el->values[i]),
+			result,
+			&rec,
+			(ndr_pull_flags_fn_t)ndr_pull_dnsp_DnssrvRpcRecord);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ret)) {
+			DBG_ERR("Failed to pull dns rec blob [%zu].\n",
+				i);
+			TALLOC_FREE(result);
+			torture_fail(tctx, "Failed to pull dns rec blob");
+		}
+		torture_comment(tctx, "record[%zu]:\n", i);
+		torture_comment(tctx, "type: %d\n", rec.wType);
+		torture_comment(tctx, "timestamp: %u\n", rec.dwTimeStamp);
+		torture_comment(tctx, "%s\n",
+				NDR_PRINT_STRUCT_STRING(result,
+							dnsp_DnssrvRpcRecord,
+							&rec));
+
+		torture_assert(tctx, rec.dwTimeStamp >= dns_timestamp_before,
+			       "timestamp < dns_timestamp_before");
+		torture_assert(tctx, rec.dwTimeStamp <= dns_timestamp_after,
+			       "timestamp > dns_timestamp_after");
+	}
+
+	talloc_free(result);
+
+	/*
+	 * Step 8. Wind back the timestamps in the database.
+	 *
+	 * We use a different number of days for each record, so that some
+	 * should be refreshed, and some shouldn't.
+	 */
+	torture_comment(tctx, "step 8: alter timestamps\n");
+	ret = dsdb_search_one(samdb, tctx, &msg, node_dn,
+			      LDB_SCOPE_BASE, attrs,
+			      0, NULL);
+	if (ret != LDB_SUCCESS) {
+		torture_fail(tctx,
+			     talloc_asprintf(
+				     tctx,
+				     "Failed to find %s node: %s",
+				     name, ldb_errstring(samdb)));
+	}
+
+	el = ldb_msg_find_element(msg, "dnsRecord");
+	torture_assert_not_null(tctx, el, "el");
+	torture_assert_int_equal(tctx, el->num_values,
+				 testdata->num_records,
+				 "num_values != num_records");
+
+	for (i = 0; i < el->num_values; i++) {
+		struct dnsp_DnssrvRpcRecord rec;
+		ret = ndr_pull_struct_blob(
+			&(el->values[i]),
+			msg,
+			&rec,
+			(ndr_pull_flags_fn_t)ndr_pull_dnsp_DnssrvRpcRecord);
+		torture_assert_ndr_success(tctx, ret, "failed to pull record");
+
+		rec.dwTimeStamp = dns_timestamp_after + 3 - 24 * (i + 5);
+
+		ret = ndr_push_struct_blob(
+			&el->values[i],
+			msg,
+			&rec,
+			(ndr_push_flags_fn_t)ndr_push_dnsp_DnssrvRpcRecord);
+		torture_assert_ndr_success(tctx, ret, "failed to PUSH record");
+	}
+	el->flags = LDB_FLAG_MOD_REPLACE;
+
+	ret = ldb_modify(samdb, msg);
+	torture_assert_int_equal(tctx, ret, 0, "failed to ldb_modify");
+	print_node_records(tctx, samdb, node_dn, "after ldb_modify");
+
+
+	/*
+	 * Step 9. Do another update, changing some timestamps
+	 */
+
+	for (i = 0; i < testdata->num_records; i++) {
+		struct test_expected_record r = testdata->records[i];
+
+		ret = dlz_newversion(domain, dbdata, &version);
+		torture_assert_int_equal(tctx, ret, ISC_R_SUCCESS,
+					 "Failed to start transaction");
+
+		ret = dlz_addrdataset(name, r.rdata, dbdata, version);
+		dlz_closeversion(domain, ret == ISC_R_SUCCESS, dbdata,
+				 &version);
+		torture_assert_int_equal(tctx, ret, ISC_R_SUCCESS,
+					 "Failed to update record\n");
+	}
+	print_node_records(tctx, samdb, node_dn, "after update");
+
+	/*
+	 * Step 10. Check that the timestamps are right.
+	 *
+	 * The formula was
+	 *    (i + 5) days + 3 hours
+	 * so 1 is 6 days + 3 hours, and should not be renewed.
+	 *    2 is 7 days + 3 hours, and should be renewed
+	 *
+	 * NOTE: the ldb record order is different from the insertion order,
+	 * but it should stay the same between searches.
+	 */
+	ret = dsdb_search_one(samdb, tctx, &msg, node_dn,
+			      LDB_SCOPE_BASE, attrs,
+			      0, NULL);
+	if (ret != LDB_SUCCESS) {
+		torture_fail(tctx,
+			     talloc_asprintf(
+				     tctx,
+				     "Failed to find %s node: %s",
+				     name, ldb_errstring(samdb)));
+	}
+
+	el = ldb_msg_find_element(msg, "dnsRecord");
+	torture_assert_not_null(tctx, el, "el");
+	torture_assert_int_equal(tctx, el->num_values,
+				 testdata->num_records,
+				 "num_values != num_records");
+
+	for (i = 0; i < el->num_values; i++) {
+		struct dnsp_DnssrvRpcRecord rec;
+		ret = ndr_pull_struct_blob(
+			&(el->values[i]),
+			msg,
+			&rec,
+			(ndr_pull_flags_fn_t)ndr_pull_dnsp_DnssrvRpcRecord);
+		torture_assert_ndr_success(tctx, ret, "failed to pull record");
+		if (i < 3) {
+			/* records 0 and 1 should not have been renewed */
+			int old_ts = dns_timestamp_after + 3 - 24 * (i + 5);
+			torture_assertf(
+				tctx,
+				rec.dwTimeStamp == old_ts,
+				"record[%zu] timestamp should not be altered."
+				" diff is %d\n",
+				i, rec.dwTimeStamp - old_ts);
+		} else {
+			/* records 3+ should have a now-ish timestamp */
+			int old_ts = dns_timestamp_after + 3 - 24 * (i + 5);
+			torture_assertf(
+				tctx,
+				rec.dwTimeStamp >= dns_timestamp_before,
+				"record[%zu] should have altered timestamp "
+				"now ~= %d, then ~= %d, has %d, diff %d\n", i,
+				dns_timestamp_before, old_ts, rec.dwTimeStamp,
+				dns_timestamp_before - rec.dwTimeStamp
+				);
+		}
+	}
+
+	/*
+	 * Step 11. Set one record to be static.
+	 *
+	 * This should make the node static, but it won't "know" that until we
+	 * force it with an update.
+	 */
+	torture_comment(tctx, "step 11: alter one timestamp to be 0\n");
+	ret = dsdb_search_one(samdb, tctx, &msg, node_dn,
+			      LDB_SCOPE_BASE, attrs,
+			      0, NULL);
+	if (ret != LDB_SUCCESS) {
+		torture_fail(tctx,
+			     talloc_asprintf(
+				     tctx,
+				     "Failed to find %s node: %s",
+				     name, ldb_errstring(samdb)));
+	}
+
+	el = ldb_msg_find_element(msg, "dnsRecord");
+	torture_assert_not_null(tctx, el, "el");
+	torture_assert_int_equal(tctx, el->num_values,
+				 testdata->num_records,
+				 "num_values != num_records");
+
+	{
+		/* we're arbitrarily picking on record 3 */
+		struct dnsp_DnssrvRpcRecord rec;
+		ret = ndr_pull_struct_blob(
+			&(el->values[3]),
+			msg,
+			&rec,
+			(ndr_pull_flags_fn_t)ndr_pull_dnsp_DnssrvRpcRecord);
+		torture_assert_ndr_success(tctx, ret, "failed to pull record");
+
+		rec.dwTimeStamp = 0;
+
+		ret = ndr_push_struct_blob(
+			&el->values[3],
+			msg,
+			&rec,
+			(ndr_push_flags_fn_t)ndr_push_dnsp_DnssrvRpcRecord);
+		torture_assert_ndr_success(tctx, ret, "failed to PUSH record");
+	}
+	el->flags = LDB_FLAG_MOD_REPLACE;
+
+	ret = ldb_modify(samdb, msg);
+	torture_assert_int_equal(tctx, ret, 0, "failed to ldb_modify");
+	print_node_records(tctx, samdb, node_dn, "after ldb_modify");
+
+
+	/*
+	 * Step 12. Do updates on some records, zeroing their timestamps
+	 *
+	 * Zero means static. A single zero timestamp is infectious, so other
+	 * records get it when they are updated.
+	 */
+
+	for (i = 0; i < testdata->num_records - 2; i++) {
+		struct test_expected_record r = testdata->records[i];
+
+		ret = dlz_newversion(domain, dbdata, &version);
+		torture_assert_int_equal(tctx, ret, ISC_R_SUCCESS,
+					 "Failed to start transaction");
+
+		ret = dlz_addrdataset(name, r.rdata, dbdata, version);
+		dlz_closeversion(domain, ret == ISC_R_SUCCESS, dbdata,
+				 &version);
+		torture_assert_int_equal(tctx, ret, ISC_R_SUCCESS,
+					 "Failed to update record\n");
+	}
+	print_node_records(tctx, samdb, node_dn, "after update to static");
+
+
+	/*
+	 * Step 13. Check that the record timeouts are *mostly* zero.
+	 *
+	 * one or two will be non-zero: we updated all but two, but one of
+	 * excluded ones might be the el->records[3] that we explicitly set to
+	 * zero.
+	 */
+	ret = dsdb_search_one(samdb, tctx, &msg, node_dn,
+			      LDB_SCOPE_BASE, attrs,
+			      0, NULL);
+	if (ret != LDB_SUCCESS) {
+		torture_fail(tctx,
+			     talloc_asprintf(
+				     tctx,
+				     "Failed to find %s node: %s",
+				     name, ldb_errstring(samdb)));
+	}
+
+	el = ldb_msg_find_element(msg, "dnsRecord");
+	{
+		unsigned n_zero = 0;
+		for (i = 0; i < el->num_values; i++) {
+			struct dnsp_DnssrvRpcRecord rec;
+			ret = ndr_pull_struct_blob(
+				&(el->values[i]),
+				msg,
+				&rec,
+				(ndr_pull_flags_fn_t)\
+				ndr_pull_dnsp_DnssrvRpcRecord);
+			torture_assert_ndr_success(tctx, ret,
+						   "failed to pull record");
+			if (rec.dwTimeStamp == 0) {
+				n_zero++;
+			}
+		}
+		if (n_zero != el->num_values - 1 &&
+		    n_zero != el->num_values - 2) {
+			torture_comment(tctx, "got %u zeros, expected %u or %u",
+					n_zero,
+					el->num_values - 2,
+					el->num_values - 1);
+			torture_fail(tctx,
+				     "static node not setting zero timestamps\n");
+
+		}
+	}
+
+
+	/*
+	 * Step 14. Turn aging off.
+	 */
+	torture_comment(tctx, "step 14: turn aging off\n");
+	ok = set_zone_aging(tctx, domain, 0);
+	torture_assert(tctx, ok, "failed to disable aging");
+	print_node_records(tctx, samdb, node_dn, "aging off");
+
+	/*
+	 * Step 15. Update, setting timestamps to zero.
+	 *
+	 * Even with aging off, timestamps are still changed to static.
+	 */
+	for (i = 0; i < testdata->num_records; i++) {
+		struct test_expected_record r = testdata->records[i];
+
+		ret = dlz_newversion(domain, dbdata, &version);
+		torture_assert_int_equal(tctx, ret, ISC_R_SUCCESS,
+					 "Failed to start transaction");
+
+		ret = dlz_addrdataset(name, r.rdata, dbdata, version);
+		dlz_closeversion(domain, ret == ISC_R_SUCCESS, dbdata,
+				 &version);
+		torture_assert_int_equal(tctx, ret, ISC_R_SUCCESS,
+					 "Failed to update record\n");
+	}
+	print_node_records(tctx, samdb, node_dn, "after update with aging off");
+
+
+	/*
+	 * Step 16. Check that the timestamps are all zero.
+	 */
+	ret = dsdb_search_one(samdb, tctx, &msg, node_dn,
+			      LDB_SCOPE_BASE, attrs,
+			      0, NULL);
+	if (ret != LDB_SUCCESS) {
+		torture_fail(tctx,
+			     talloc_asprintf(
+				     tctx,
+				     "Failed to find %s node: %s",
+				     name, ldb_errstring(samdb)));
+	}
+
+	el = ldb_msg_find_element(msg, "dnsRecord");
+	for (i = 0; i < el->num_values; i++) {
+		struct dnsp_DnssrvRpcRecord rec;
+		ret = ndr_pull_struct_blob(
+			&(el->values[i]),
+			msg,
+			&rec,
+			(ndr_pull_flags_fn_t) ndr_pull_dnsp_DnssrvRpcRecord);
+		torture_assert_ndr_success(tctx, ret,
+					   "failed to pull record");
+		torture_assertf(tctx, rec.dwTimeStamp == 0,
+				"record[%zu].dwTimeStamp is %u, expected 0\n",
+				i, rec.dwTimeStamp);
+
+	}
+
+
+	/*
+	 * Step 17. Reset to non-zero via ldb, with aging still off.
+	 *
+	 * We chose timestamps in the distant past that would all be updated
+	 * if aging was on.
+	 */
+	torture_comment(tctx, "step 17: reset to non-zero timestamps\n");
+	ret = dsdb_search_one(samdb, tctx, &msg, node_dn,
+			      LDB_SCOPE_BASE, attrs,
+			      0, NULL);
+	if (ret != LDB_SUCCESS) {
+		torture_fail(tctx,
+			     talloc_asprintf(
+				     tctx,
+				     "Failed to find %s node: %s",
+				     name, ldb_errstring(samdb)));
+	}
+
+	el = ldb_msg_find_element(msg, "dnsRecord");
+
+	for (i = 0; i < el->num_values; i++) {
+		struct dnsp_DnssrvRpcRecord rec;
+		ret = ndr_pull_struct_blob(
+			&(el->values[i]),
+			msg,
+			&rec,
+			(ndr_pull_flags_fn_t)ndr_pull_dnsp_DnssrvRpcRecord);
+		torture_assert_ndr_success(tctx, ret, "failed to pull record");
+
+		rec.dwTimeStamp = 10000 + i; /* a long time ago */
+
+		ret = ndr_push_struct_blob(
+			&el->values[i],
+			msg,
+			&rec,
+			(ndr_push_flags_fn_t)ndr_push_dnsp_DnssrvRpcRecord);
+		torture_assert_ndr_success(tctx, ret, "failed to PUSH record");
+	}
+	el->flags = LDB_FLAG_MOD_REPLACE;
+
+	ret = ldb_modify(samdb, msg);
+	torture_assert_int_equal(tctx, ret, 0, "failed to ldb_modify");
+	print_node_records(tctx, samdb, node_dn, "timestamps no-zero, aging off");
+
+
+	/*
+	 * Step 18. Update with aging off. Nothing should change.
+	 *
+	 */
+
+	/* now, with another update, some will be updated and some won't */
+	for (i = 0; i < testdata->num_records; i++) {
+		struct test_expected_record r = testdata->records[i];
+
+		ret = dlz_newversion(domain, dbdata, &version);
+		torture_assert_int_equal(tctx, ret, ISC_R_SUCCESS,
+					 "Failed to start transaction");
+
+		ret = dlz_addrdataset(name, r.rdata, dbdata, version);
+		dlz_closeversion(domain, ret == ISC_R_SUCCESS, dbdata,
+				 &version);
+		torture_assert_int_equal(tctx, ret, ISC_R_SUCCESS,
+					 "Failed to update record\n");
+	}
+	print_node_records(tctx, samdb, node_dn, "after update");
+
+
+	/*
+	 * Step 19. Check that the timestamps didn't change.
+	 */
+	el = ldb_msg_find_element(msg, "dnsRecord");
+	torture_assert_not_null(tctx, el, "el");
+	torture_assert_int_equal(tctx, el->num_values,
+				 testdata->num_records,
+				 "num_values != num_records");
+
+	for (i = 0; i < el->num_values; i++) {
+		struct dnsp_DnssrvRpcRecord rec;
+		ret = ndr_pull_struct_blob(
+			&(el->values[i]),
+			msg,
+			&rec,
+			(ndr_pull_flags_fn_t)ndr_pull_dnsp_DnssrvRpcRecord);
+		torture_assert_ndr_success(tctx, ret, "failed to pull record");
+		torture_assertf(
+			tctx,
+			rec.dwTimeStamp == 10000 + i,
+			"record[%zu] timestamp should not be altered.\n",
+			i);
+	}
+
+
+	/*
+	 * Step 20. Delete all the records, 1 by 1.
+	 *
+	 */
+	torture_comment(tctx, "step 20: delete the records\n");
+
+	for (i = 0; i < testdata->num_records; i++) {
+		struct test_expected_record r = testdata->records[i];
+
+		ret = dlz_newversion(domain, dbdata, &version);
+		torture_assert_int_equal(tctx, ret, ISC_R_SUCCESS,
+					 "Failed to start transaction");
+
+		ret = dlz_subrdataset(name, r.rdata, dbdata, version);
+		torture_assert_int_equal_goto(
+			tctx, ret, ISC_R_SUCCESS, ok,
+			cancel_version,
+			talloc_asprintf(tctx,
+					"Failed to delete record %zu «%s»\n",
+					i, r.rdata));
+
+		dlz_closeversion(domain, true, dbdata, &version);
+
+		testdata->num_rr = 0;
+
+		ret = dlz_lookup(domain, testdata->query_name, dbdata,
+				 (dns_sdlzlookup_t *)testdata, NULL, NULL);
+
+		if (i ==  testdata->num_records - 1) {
+			torture_assert_int_equal(tctx, ret,
+						 ISC_R_NOTFOUND,
+						 "no records should exist");
+		} else {
+			torture_assert_int_equal(tctx, ret,
+						 ISC_R_SUCCESS,
+						 "records not found");
+		}
+
+		torture_assert_int_equal(tctx,
+					 testdata->num_rr,
+					 testdata->num_records - 1 - i,
+					 "Got wrong record count");
+
+		for (j = 0; j < testdata->num_records; j++) {
+			struct test_expected_record *r2 = &testdata->records[j];
+			if (j > i) {
+				torture_assert(
+					tctx,
+					r2->printed,
+					talloc_asprintf(tctx,
+					    "putrr callback not run on %s «%s»",
+							r2->type, r2->name));
+			} else {
+				torture_assert(
+					tctx,
+					! r2->printed,
+					talloc_asprintf(tctx,
+					    "putrr callback should not see  %s «%s»",
+							r2->type, r2->name));
+			}
+			r2->printed = false;
+		}
+	}
+
+	dlz_destroy(dbdata);
+
+	return true;
+
+cancel_version:
+	DBG_ERR("exiting with %d\n", ret);
+	dlz_closeversion(domain, false, dbdata, &version);
+	return ret;
+}
+
+
+static struct torture_suite *dlz_bind9_suite(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "dlz_bind9");
+
+	suite->description = talloc_strdup(suite,
+	                                   "Tests for the BIND 9 DLZ module");
+	torture_suite_add_simple_test(suite, "version", test_dlz_bind9_version);
+	torture_suite_add_simple_test(suite, "create", test_dlz_bind9_create);
+	torture_suite_add_simple_test(suite, "configure", test_dlz_bind9_configure);
+	torture_suite_add_simple_test(suite, "destroyoldestfirst",
+				      test_dlz_bind9_destroy_oldest_first);
+	torture_suite_add_simple_test(suite, "destroynewestfirst",
+				      test_dlz_bind9_destroy_newest_first);
+	torture_suite_add_simple_test(suite, "multipleconfigure",
+				      test_dlz_bind9_multiple_configure);
+
+	torture_suite_add_simple_test(suite, "gssapi", test_dlz_bind9_gssapi);
+	torture_suite_add_simple_test(suite, "spnego", test_dlz_bind9_spnego);
+	torture_suite_add_simple_test(suite, "lookup", test_dlz_bind9_lookup);
+	torture_suite_add_simple_test(suite, "zonedump", test_dlz_bind9_zonedump);
+	torture_suite_add_simple_test(suite, "update01", test_dlz_bind9_update01);
+	torture_suite_add_simple_test(suite, "aging", test_dlz_bind9_aging);
+	torture_suite_add_simple_test(suite, "allowzonexfr", test_dlz_bind9_allowzonexfr);
+	return suite;
+}
+
+/**
+ * DNS torture module initialization
+ */
+NTSTATUS torture_bind_dns_init(TALLOC_CTX *);
+NTSTATUS torture_bind_dns_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite;
+
+	/* register DNS related test cases */
+	suite = dlz_bind9_suite(ctx);
+	if (!suite) return NT_STATUS_NO_MEMORY;
+	torture_register_suite(ctx, suite);
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/torture/dns/internal_dns.c b/source4/torture/dns/internal_dns.c
new file mode 100644
index 0000000..2ccc7ed
--- /dev/null
+++ b/source4/torture/dns/internal_dns.c
@@ -0,0 +1,189 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB torture tester
+   Copyright (C) Kai Blin 2012
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/smbtorture.h"
+#include <talloc.h>
+#include "lib/addns/dns.h"
+
+static struct dns_connection *setup_connection(struct torture_context *tctx)
+{
+	DNS_ERROR err;
+	struct dns_connection *conn;
+
+	err = dns_open_connection(getenv("DC_SERVER_IP"), DNS_TCP, tctx, &conn);
+	if (!ERR_DNS_IS_OK(err)) {
+		printf("Failed to open connection to DNS server\n");
+		return NULL;
+	}
+
+	return conn;
+}
+
+static char *get_dns_domain(struct torture_context *tctx)
+{
+	return strlower_talloc(tctx, getenv("REALM"));
+}
+
+static struct sockaddr_storage *str_to_sockaddr(TALLOC_CTX *mem_ctx, const char *ip_string)
+{
+	struct sockaddr_storage *ss = talloc_zero(mem_ctx, struct sockaddr_storage);
+	int ret;
+
+	if (ss == NULL) {
+		return NULL;
+	}
+
+	ss->ss_family = AF_INET;
+
+	ret = inet_pton(AF_INET, ip_string, &(((struct sockaddr_in *)ss)->sin_addr));
+	if (ret != 1) {
+		return NULL;
+	}
+
+	return ss;
+}
+
+static bool test_internal_dns_query_self(struct torture_context *tctx)
+{
+	struct dns_connection *conn;
+	struct dns_request *req, *resp;
+	char *host;
+	DNS_ERROR err;
+
+	conn = setup_connection(tctx);
+	if (conn == NULL) {
+		return false;
+	}
+
+	host = talloc_asprintf(tctx, "%s.%s", getenv("DC_SERVER"), get_dns_domain(tctx));
+	if (host == NULL) {
+		return false;
+	}
+
+	err = dns_create_query(conn, host, QTYPE_A, DNS_CLASS_IN, &req);
+	if (!ERR_DNS_IS_OK(err)) {
+		printf("Failed to create A record query\n");
+		return false;
+	}
+
+	err = dns_transaction(conn, conn, req, &resp);
+	if (!ERR_DNS_IS_OK(err)) {
+		printf("Failed to query DNS server\n");
+		return false;
+	}
+
+	if (dns_response_code(resp->flags) != DNS_NO_ERROR) {
+		printf("Query returned %u\n", dns_response_code(resp->flags));
+		return false;
+	}
+
+	/* FIXME: is there _any_ way to unmarshal the response to check this? */
+
+	return true;
+}
+
+static bool test_internal_dns_update_self(struct torture_context *tctx)
+{
+	struct dns_connection *conn;
+	struct dns_update_request *req, *resp;
+	struct dns_rrec *rec = NULL;
+	char *host;
+	DNS_ERROR err;
+	struct sockaddr_storage *ss;
+
+	conn = setup_connection(tctx);
+	if (conn == NULL) {
+		return false;
+	}
+
+	host = talloc_asprintf(tctx, "%s.%s", getenv("DC_SERVER"), get_dns_domain(tctx));
+	if (host == NULL) {
+		return false;
+	}
+
+	err = dns_create_update(conn, get_dns_domain(tctx), &req);
+	if (!ERR_DNS_IS_OK(err)) {
+		printf("Failed to update packet\n");
+		return false;
+	}
+
+	ss = str_to_sockaddr(conn, getenv("DC_SERVER_IP"));
+	if (ss == NULL) {
+		printf("Converting '%s' to sockaddr_storage failed\n", getenv("DC_SERVER_IP"));
+		return false;
+	}
+
+	err = dns_create_a_record(req, host, 300, ss, &rec);
+	if (!ERR_DNS_IS_OK(err)) {
+		printf("Failed to create A update record\n");
+		return false;
+	}
+
+	err = dns_add_rrec(req, rec, &req->num_updates, &req->updates);
+	if (!ERR_DNS_IS_OK(err)) {
+		printf("Failed to add A update record to update packet\n");
+		return false;
+	}
+
+	err = dns_update_transaction(conn, conn, req, &resp);
+	if (!ERR_DNS_IS_OK(err)) {
+		printf("Failed to send update\n");
+		return false;
+	}
+
+	if (dns_response_code(resp->flags) != DNS_REFUSED) {
+		printf("Update returned %u\n", dns_response_code(resp->flags));
+		return false;
+	}
+
+	/* FIXME: is there _any_ way to unmarshal the response to check this? */
+
+	return true;
+}
+
+static struct torture_suite *internal_dns_suite(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "dns_internal");
+
+	suite->description = talloc_strdup(suite,
+	                                   "Tests for the internal DNS server");
+	torture_suite_add_simple_test(suite, "queryself", test_internal_dns_query_self);
+	torture_suite_add_simple_test(suite, "updateself", test_internal_dns_update_self);
+	return suite;
+}
+
+
+/* Silence silly compiler warning */
+NTSTATUS torture_internal_dns_init(TALLOC_CTX *);
+
+/**
+ * DNS torture module initialization
+ */
+NTSTATUS torture_internal_dns_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite;
+
+	/* register internal DNS torture test cases */
+	suite = internal_dns_suite(ctx);
+	if (!suite) return NT_STATUS_NO_MEMORY;
+	torture_register_suite(ctx, suite);
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/torture/dns/wscript_build b/source4/torture/dns/wscript_build
new file mode 100644
index 0000000..0b40e03
--- /dev/null
+++ b/source4/torture/dns/wscript_build
@@ -0,0 +1,19 @@
+#!/usr/bin/env python
+
+if bld.AD_DC_BUILD_IS_ENABLED():
+	bld.SAMBA_MODULE('TORTURE_BIND_DNS',
+		source='dlz_bind9.c',
+		subsystem='smbtorture',
+		init_function='torture_bind_dns_init',
+		cflags='-DBIND_VERSION_9_16',
+		deps='torture talloc torturemain dlz_bind9_for_torture',
+		internal_module=True
+		)
+
+	bld.SAMBA_MODULE('TORTURE_INTERNAL_DNS',
+		source='internal_dns.c',
+		subsystem='smbtorture',
+		init_function='torture_internal_dns_init',
+		deps='torture talloc torturemain',
+		internal_module=True
+		)
diff --git a/source4/torture/drs/drs_init.c b/source4/torture/drs/drs_init.c
new file mode 100644
index 0000000..bbe246d
--- /dev/null
+++ b/source4/torture/drs/drs_init.c
@@ -0,0 +1,80 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   DRSUAPI utility functions to be used in torture tests
+
+   Copyright (C) Kamen Mazdrashki <kamen.mazdrashki@postpath.com> 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/smbtorture.h"
+#include "torture/rpc/drsuapi.h"
+#include "dsdb/samdb/samdb.h"
+#include "torture/drs/proto.h"
+
+/**
+ * DRSUAPI tests to be executed remotely
+ */
+static struct torture_suite * torture_drs_rpc_suite(TALLOC_CTX *mem_ctx,
+                                                    const char *suite_name)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, suite_name);
+
+	torture_drs_rpc_dssync_tcase(suite);
+	torture_drs_rpc_dsintid_tcase(suite);
+
+	suite->description = talloc_strdup(suite,
+	                                   "DRSUAPI RPC Tests Suite");
+
+	return suite;
+}
+
+/**
+ * DRSUAPI tests to be executed remotely
+ */
+static struct torture_suite * torture_drs_unit_suite(TALLOC_CTX *mem_ctx,
+                                                     const char *suite_name)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, suite_name);
+
+	torture_drs_unit_prefixmap(suite);
+	torture_drs_unit_schemainfo(suite);
+
+	suite->description = talloc_strdup(suite,
+	                                   "DRSUAPI Unit Tests Suite");
+
+	return suite;
+}
+
+/**
+ * DRSUAPI torture module initialization
+ */
+NTSTATUS torture_drs_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite;
+
+	/* register RPC related test cases */
+	suite = torture_drs_rpc_suite(ctx, "drs.rpc");
+	if (!suite) return NT_STATUS_NO_MEMORY;
+	torture_register_suite(ctx, suite);
+
+	/* register DRS Unit test cases */
+	suite = torture_drs_unit_suite(ctx, "drs.unit");
+	if (!suite) return NT_STATUS_NO_MEMORY;
+	torture_register_suite(ctx, suite);
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/torture/drs/drs_util.c b/source4/torture/drs/drs_util.c
new file mode 100644
index 0000000..c43836e
--- /dev/null
+++ b/source4/torture/drs/drs_util.c
@@ -0,0 +1,167 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   DRSUAPI utility functions to be used in torture tests
+
+   Copyright (C) Kamen Mazdrashki <kamen.mazdrashki@postpath.com> 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/torture.h"
+#include "dsdb/samdb/samdb.h"
+#include "torture/rpc/drsuapi.h"
+#include "../lib/util/asn1.h"
+#include "torture/drs/proto.h"
+
+/**
+ * Decode Attribute OID based on MS documentation
+ * See MS-DRSR.pdf - 5.16.4
+ *
+ * On success returns decoded OID and
+ * corresponding prefix_map index (if requested)
+ */
+bool drs_util_oid_from_attid(struct torture_context *tctx,
+			     const struct drsuapi_DsReplicaOIDMapping_Ctr *prefix_map,
+			     uint32_t attid,
+			     const char **_oid,
+			     int *map_idx)
+{
+	uint32_t i, hi_word, lo_word;
+	DATA_BLOB bin_oid = {NULL, 0};
+	char *oid;
+	struct drsuapi_DsReplicaOIDMapping *map_entry = NULL;
+	TALLOC_CTX *mem_ctx = talloc_named(tctx, 0, "util_drsuapi_oid_from_attid");
+
+	/* crack attid value */
+	hi_word = attid >> 16;
+	lo_word = attid & 0xFFFF;
+
+	/* check last entry in the prefix map is the special one */
+	map_entry = &prefix_map->mappings[prefix_map->num_mappings-1];
+	torture_assert(tctx,
+			(map_entry->id_prefix == 0)
+			&& (*map_entry->oid.binary_oid == 0xFF),
+			"Last entry in Prefix Map is not the special one!");
+
+	/* locate corresponding prefixMap entry */
+	map_entry = NULL;
+	for (i = 0; i < prefix_map->num_mappings - 1; i++) {
+
+		if (hi_word == prefix_map->mappings[i].id_prefix) {
+			map_entry = &prefix_map->mappings[i];
+			if (map_idx)	*map_idx = i;
+			break;
+		}
+	}
+
+	torture_assert(tctx, map_entry, "Unable to locate corresponding Prefix Map entry");
+
+	/* copy partial oid making enough room */
+	bin_oid.length = map_entry->oid.length + 2;
+	bin_oid.data = talloc_array(mem_ctx, uint8_t, bin_oid.length);
+	torture_assert(tctx, bin_oid.data, "Not enough memory");
+	memcpy(bin_oid.data, map_entry->oid.binary_oid, map_entry->oid.length);
+
+	if (lo_word < 128) {
+		bin_oid.length = bin_oid.length - 1;
+		bin_oid.data[bin_oid.length-1] = lo_word;
+	}
+	else {
+		if (lo_word >= 32768) {
+			lo_word -= 32768;
+		}
+		bin_oid.data[bin_oid.length-2] = ((lo_word / 128) % 128) + 128; /* (0x80 | ((lo_word>>7) & 0x7f)) */
+		bin_oid.data[bin_oid.length-1] = lo_word % 128; /* lo_word & 0x7f */
+	}
+
+	torture_assert(tctx,
+			ber_read_OID_String(tctx, bin_oid, &oid),
+			"Failed to decode binary OID");
+	talloc_free(mem_ctx);
+
+	*_oid = oid;
+
+	return true;
+}
+
+
+/**
+ * Loads dsdb_schema from ldb connection using remote prefixMap.
+ * Schema will be loaded only if:
+ *  - ldb has no attached schema
+ *  - reload_schema is true
+ *
+ * This function is to be used in tests that use GetNCChanges() function
+ */
+bool drs_util_dsdb_schema_load_ldb(struct torture_context *tctx,
+				   struct ldb_context *ldb,
+				   const struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr,
+				   bool reload_schema)
+{
+	int ret;
+	WERROR werr;
+	char *err_msg;
+	struct ldb_result *res;
+	struct ldb_dn *schema_dn;
+	struct dsdb_schema *ldap_schema;
+
+	ldap_schema = dsdb_get_schema(ldb, NULL);
+	if (ldap_schema && !reload_schema) {
+		return true;
+	}
+
+	schema_dn = ldb_get_schema_basedn(ldb);
+	torture_assert(tctx, schema_dn != NULL,
+		       talloc_asprintf(tctx, "ldb_get_schema_basedn() failed: %s", ldb_errstring(ldb)));
+
+	ldap_schema = dsdb_new_schema(ldb);
+	torture_assert(tctx, ldap_schema != NULL, "dsdb_new_schema() failed!");
+
+	werr = dsdb_load_prefixmap_from_drsuapi(ldap_schema, mapping_ctr);
+	torture_assert_werr_ok(tctx, werr,
+			       "Failed to construct prefixMap from drsuapi data");
+
+	/*
+	 * load the attribute and objectClass definitions
+	 */
+	ret = ldb_search(ldb, ldap_schema, &res,
+			 schema_dn, LDB_SCOPE_ONELEVEL, NULL,
+			 "(|(objectClass=attributeSchema)(objectClass=classSchema))");
+	if (ret != LDB_SUCCESS) {
+		err_msg = talloc_asprintf(tctx,
+					  "failed to search attributeSchema or classSchema objects: %s",
+					  ldb_errstring(ldb));
+		torture_fail(tctx, err_msg);
+	}
+
+	ret = dsdb_load_ldb_results_into_schema(tctx, ldb, ldap_schema, res, &err_msg);
+	if (ret != LDB_SUCCESS) {
+		err_msg = talloc_asprintf(tctx,
+					  "dsdb_load_ldb_results_into_schema failed: %s",
+					  err_msg);
+		torture_fail(tctx, err_msg);
+	}
+
+	talloc_free(res);
+
+	ret = dsdb_set_schema(ldb, ldap_schema, SCHEMA_WRITE);
+	if (ret != LDB_SUCCESS) {
+		torture_fail(tctx,
+			     talloc_asprintf(tctx, "dsdb_set_schema() failed: %s", ldb_strerror(ret)));
+	}
+
+	return true;
+}
diff --git a/source4/torture/drs/python/cracknames.py b/source4/torture/drs/python/cracknames.py
new file mode 100644
index 0000000..f244605
--- /dev/null
+++ b/source4/torture/drs/python/cracknames.py
@@ -0,0 +1,204 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# Copyright (C) Catalyst .Net Ltd 2017
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+import samba.tests
+import ldb
+import drs_base
+
+from samba.dcerpc import drsuapi
+
+
+class DrsCracknamesTestCase(drs_base.DrsBaseTestCase):
+    def setUp(self):
+        super(DrsCracknamesTestCase, self).setUp()
+        (self.drs, self.drs_handle) = self._ds_bind(self.dnsname_dc1)
+
+        self.ou = "ou=Cracknames_ou,%s" % self.ldb_dc1.get_default_basedn()
+        self.username = "Cracknames_user"
+        self.user = "cn=%s,%s" % (self.username, self.ou)
+
+        self.ldb_dc1.add({
+            "dn": self.ou,
+            "objectclass": "organizationalUnit"})
+
+        self.user_record = {
+            "dn": self.user,
+            "objectclass": "user",
+            "sAMAccountName": self.username,
+            "userPrincipalName": "test@test.com",
+            "servicePrincipalName": "test/%s" % self.ldb_dc1.get_default_basedn(),
+            "displayName": "test"}
+
+        self.ldb_dc1.add(self.user_record)
+        self.ldb_dc1.delete(self.user_record["dn"])
+        self.ldb_dc1.add(self.user_record)
+
+        # The formats specified in MS-DRSR 4.1.4.13; DS_NAME_FORMAT
+        # We don't support any of the ones specified in 4.1.4.1.2.
+        self.formats = {
+            drsuapi.DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+            drsuapi.DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
+            drsuapi.DRSUAPI_DS_NAME_FORMAT_DISPLAY,
+            drsuapi.DRSUAPI_DS_NAME_FORMAT_GUID,
+            drsuapi.DRSUAPI_DS_NAME_FORMAT_CANONICAL,
+            drsuapi.DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
+            drsuapi.DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
+            drsuapi.DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
+            drsuapi.DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
+            # This format is not supported by Windows (or us)
+            # drsuapi.DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN,
+        }
+
+    def tearDown(self):
+        self.ldb_dc1.delete(self.user)
+        self.ldb_dc1.delete(self.ou)
+        super(DrsCracknamesTestCase, self).tearDown()
+
+    def test_Cracknames(self):
+        """
+        Verifies that we can cracknames any of the standard formats
+        (DS_NAME_FORMAT) to a GUID, and that we can cracknames a
+        GUID to any of the standard formats.
+
+        GUID was chosen just so that we don't have to do an n^2 loop.
+        """
+        (result, ctr) = self._do_cracknames(self.user,
+                                            drsuapi.DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+                                            drsuapi.DRSUAPI_DS_NAME_FORMAT_GUID)
+
+        self.assertEqual(ctr.count, 1)
+        self.assertEqual(ctr.array[0].status,
+                          drsuapi.DRSUAPI_DS_NAME_STATUS_OK)
+
+        user_guid = ctr.array[0].result_name
+
+        for name_format in self.formats:
+            (result, ctr) = self._do_cracknames(user_guid,
+                                                drsuapi.DRSUAPI_DS_NAME_FORMAT_GUID,
+                                                name_format)
+
+            self.assertEqual(ctr.count, 1)
+            self.assertEqual(ctr.array[0].status,
+                              drsuapi.DRSUAPI_DS_NAME_STATUS_OK,
+                              "Expected 0, got %s, desired format is %s"
+                              % (ctr.array[0].status, name_format))
+
+            (result, ctr) = self._do_cracknames(ctr.array[0].result_name,
+                                                name_format,
+                                                drsuapi.DRSUAPI_DS_NAME_FORMAT_GUID)
+
+            self.assertEqual(ctr.count, 1)
+            self.assertEqual(ctr.array[0].status,
+                              drsuapi.DRSUAPI_DS_NAME_STATUS_OK,
+                              "Expected 0, got %s, offered format is %s"
+                              % (ctr.array[0].status, name_format))
+
+    def test_MultiValuedAttribute(self):
+        """
+        Verifies that, if we try and cracknames with the desired output
+        being a multi-valued attribute, it returns
+        DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE.
+        """
+        username = "Cracknames_user_MVA"
+        user = "cn=%s,%s" % (username, self.ou)
+
+        user_record = {
+            "dn": user,
+            "objectclass": "user",
+            "sAMAccountName": username,
+            "userPrincipalName": "test2@test.com",
+            "servicePrincipalName": ["test2/%s" % self.ldb_dc1.get_default_basedn(),
+                                     "test3/%s" % self.ldb_dc1.get_default_basedn()],
+            "displayName": "test2"}
+
+        self.ldb_dc1.add(user_record)
+
+        (result, ctr) = self._do_cracknames(user,
+                                            drsuapi.DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+                                            drsuapi.DRSUAPI_DS_NAME_FORMAT_GUID)
+
+        self.assertEqual(ctr.count, 1)
+        self.assertEqual(ctr.array[0].status,
+                          drsuapi.DRSUAPI_DS_NAME_STATUS_OK)
+
+        user_guid = ctr.array[0].result_name
+
+        (result, ctr) = self._do_cracknames(user_guid,
+                                            drsuapi.DRSUAPI_DS_NAME_FORMAT_GUID,
+                                            drsuapi.DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL)
+
+        self.assertEqual(ctr.count, 1)
+        self.assertEqual(ctr.array[0].status,
+                          drsuapi.DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE)
+
+        self.ldb_dc1.delete(user)
+
+    def test_NoSPNAttribute(self):
+        """
+        Verifies that, if we try and cracknames with the desired output
+        being an SPN, it returns
+        DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE.
+        """
+        username = "Cracknames_no_SPN"
+        user = "cn=%s,%s" % (username, self.ou)
+
+        user_record = {
+            "dn": user,
+            "objectclass": "user",
+            "sAMAccountName" : username,
+            "userPrincipalName" : "test4@test.com",
+            "displayName" : "test4"}
+
+        self.ldb_dc1.add(user_record)
+
+        (result, ctr) = self._do_cracknames(user,
+                                            drsuapi.DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+                                            drsuapi.DRSUAPI_DS_NAME_FORMAT_GUID)
+
+        self.assertEqual(ctr.count, 1)
+        self.assertEqual(ctr.array[0].status,
+                          drsuapi.DRSUAPI_DS_NAME_STATUS_OK)
+
+        user_guid = ctr.array[0].result_name
+
+        (result, ctr) = self._do_cracknames(user_guid,
+                                            drsuapi.DRSUAPI_DS_NAME_FORMAT_GUID,
+                                            drsuapi.DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL)
+
+        self.assertEqual(ctr.count, 1)
+        self.assertEqual(ctr.array[0].status,
+                          drsuapi.DRSUAPI_DS_NAME_STATUS_NOT_FOUND)
+
+        self.ldb_dc1.delete(user)
+
+    def _do_cracknames(self, name, format_offered, format_desired):
+        req = drsuapi.DsNameRequest1()
+        names = drsuapi.DsNameString()
+        names.str = name
+
+        req.codepage = 1252  # German, but it doesn't really matter here
+        req.language = 1033
+        req.format_flags = 0
+        req.format_offered = format_offered
+        req.format_desired = format_desired
+        req.count = 1
+        req.names = [names]
+
+        (result, ctr) = self.drs.DsCrackNames(self.drs_handle, 1, req)
+        return (result, ctr)
diff --git a/source4/torture/drs/python/delete_object.py b/source4/torture/drs/python/delete_object.py
new file mode 100644
index 0000000..5f2f703
--- /dev/null
+++ b/source4/torture/drs/python/delete_object.py
@@ -0,0 +1,376 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# Unix SMB/CIFS implementation.
+# Copyright (C) Kamen Mazdrashki <kamenim@samba.org> 2010
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+#
+# Usage:
+#  export DC1=dc1_dns_name
+#  export DC2=dc2_dns_name
+#  export SUBUNITRUN=$samba4srcdir/scripting/bin/subunitrun
+#  PYTHONPATH="$PYTHONPATH:$samba4srcdir/torture/drs/python" $SUBUNITRUN delete_object -U"$DOMAIN/$DC_USERNAME"%"$DC_PASSWORD"
+#
+
+import time
+
+
+from ldb import (
+    SCOPE_SUBTREE,
+)
+
+import drs_base
+import ldb
+
+
+class DrsDeleteObjectTestCase(drs_base.DrsBaseTestCase):
+
+    def setUp(self):
+        super(DrsDeleteObjectTestCase, self).setUp()
+        # disable automatic replication temporary
+        self._disable_all_repl(self.dnsname_dc1)
+        self._disable_all_repl(self.dnsname_dc2)
+        # make sure DCs are synchronized before the test
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True)
+
+    def tearDown(self):
+        self._enable_all_repl(self.dnsname_dc1)
+        self._enable_all_repl(self.dnsname_dc2)
+        super(DrsDeleteObjectTestCase, self).tearDown()
+
+    def _make_username(self):
+        return "DrsDelObjUser_" + time.strftime("%s", time.gmtime())
+
+    # now also used to check the group
+    def _check_obj(self, sam_ldb, obj_orig, is_deleted):
+        # search the user by guid as it may be deleted
+        guid_str = self._GUID_string(obj_orig["objectGUID"][0])
+        expression = "(objectGUID=%s)" % guid_str
+        res = sam_ldb.search(base=self.domain_dn,
+                             expression=expression,
+                             controls=["show_deleted:1"])
+        self.assertEqual(len(res), 1)
+        user_cur = res[0]
+        # Deleted Object base DN
+        dodn = self._deleted_objects_dn(sam_ldb)
+        # now check properties of the user
+        cn_orig = str(obj_orig["cn"][0])
+        cn_cur  = str(user_cur["cn"][0])
+        name_orig = str(obj_orig["name"][0])
+        name_cur  = str(user_cur["name"][0])
+        if is_deleted:
+            self.assertEqual(str(user_cur["isDeleted"][0]), "TRUE")
+            self.assertFalse("objectCategory" in user_cur)
+            self.assertFalse("sAMAccountType" in user_cur)
+            self.assertFalse("description" in user_cur)
+            self.assertFalse("memberOf" in user_cur)
+            self.assertFalse("member" in user_cur)
+            self.assertTrue(dodn in str(user_cur["dn"]),
+                            "User %s is deleted but it is not located under %s (found at %s)!" % (name_orig, dodn, user_cur["dn"]))
+            self.assertEqual(name_cur, name_orig + "\nDEL:" + guid_str)
+            self.assertEqual(name_cur, user_cur.dn.get_rdn_value())
+            self.assertEqual(cn_cur, cn_orig + "\nDEL:" + guid_str)
+            self.assertEqual(name_cur, cn_cur)
+        else:
+            self.assertFalse("isDeleted" in user_cur)
+            self.assertEqual(name_cur, name_orig)
+            self.assertEqual(name_cur, user_cur.dn.get_rdn_value())
+            self.assertEqual(cn_cur, cn_orig)
+            self.assertEqual(name_cur, cn_cur)
+            self.assertEqual(obj_orig["dn"], user_cur["dn"])
+            self.assertTrue(dodn not in str(user_cur["dn"]))
+        return user_cur
+
+    def test_ReplicateDeletedObject1(self):
+        """Verifies how a deleted-object is replicated between two DCs.
+           This test should verify that:
+            - deleted-object is replicated properly
+            - We verify that after replication,
+              object's state to conform to a tombstone-object state
+            - This test replicates the object modifications to
+              the server with the user deleted first
+
+           TODO:  It will also be great if check replPropertyMetaData.
+           TODO:  Check for deleted-object state, depending on DC's features
+                  when recycle-bin is enabled
+           """
+        # work-out unique username to test with
+        username = self._make_username()
+
+        # create user on DC1
+        self.ldb_dc1.newuser(username=username, password="P@sswOrd!")
+        ldb_res = self.ldb_dc1.search(base=self.domain_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % username)
+        self.assertEqual(len(ldb_res), 1)
+        user_orig = ldb_res[0]
+        user_dn   = ldb_res[0]["dn"]
+
+        # check user info on DC1
+        print("Testing for %s with GUID %s" % (username, self._GUID_string(user_orig["objectGUID"][0])))
+        self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=user_orig, is_deleted=False)
+
+        # trigger replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+
+        # delete user on DC1
+        self.ldb_dc1.delete(user_dn)
+        # check user info on DC1 - should be deleted
+        self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=user_orig, is_deleted=True)
+        # check user info on DC2 - should be valid user
+        user_cur = self._check_obj(sam_ldb=self.ldb_dc2, obj_orig=user_orig, is_deleted=False)
+
+        # The user should not have a description or memberOf yet
+        self.assertFalse("description" in user_cur)
+        self.assertFalse("memberOf" in user_cur)
+
+        self.ldb_dc2.newgroup("group_%s" % username)
+
+        self.ldb_dc2.newgroup("group2_%s" % username)
+
+        ldb_res = self.ldb_dc2.search(base=self.domain_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=group_%s)" % username)
+        self.assertTrue(len(ldb_res) == 1)
+        self.assertTrue("sAMAccountName" in ldb_res[0])
+        group_orig = ldb_res[0]
+        group_dn = ldb_res[0]["dn"]
+
+        # modify user on DC2 to have a description and be a member of the group
+        m = ldb.Message()
+        m.dn = user_dn
+        m["description"] = ldb.MessageElement("a description",
+                                              ldb.FLAG_MOD_ADD, "description")
+        self.ldb_dc2.modify(m)
+        m = ldb.Message()
+        m.dn = group_dn
+        m["member"] = ldb.MessageElement(str(user_dn),
+                                         ldb.FLAG_MOD_ADD, "member")
+        self.ldb_dc2.modify(m)
+
+        ldb_res = self.ldb_dc2.search(base=self.domain_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=group2_%s)" % username)
+        self.assertTrue(len(ldb_res) == 1)
+        self.assertTrue("sAMAccountName" in ldb_res[0])
+        group2_dn = ldb_res[0]["dn"]
+        group2_orig = ldb_res[0]
+
+        m = ldb.Message()
+        m.dn = group2_dn
+        m["member"] = ldb.MessageElement(str(group_dn),
+                                         ldb.FLAG_MOD_ADD, "member")
+        self.ldb_dc2.modify(m)
+
+        # check user info on DC2 - should be valid user
+        user_cur = self._check_obj(sam_ldb=self.ldb_dc2, obj_orig=user_orig, is_deleted=False)
+
+        # The user should not have a description yet
+        self.assertTrue("description" in user_cur)
+        self.assertTrue("memberOf" in user_cur)
+
+        ldb_res = self.ldb_dc2.search(base=self.domain_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=group_%s)" % username)
+        self.assertTrue(len(ldb_res) == 1)
+
+        # This group is a member of another group
+        self.assertTrue("memberOf" in ldb_res[0])
+
+        # The user was deleted on DC1, but check the modify we just did on DC2
+        self.assertTrue("member" in ldb_res[0])
+
+        # trigger replication from DC2 to DC1
+        # to check if deleted object gets restored
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True)
+        # check user info on DC1 - should be deleted
+        self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=user_orig, is_deleted=True)
+        # check user info on DC2 - should be valid user
+        self._check_obj(sam_ldb=self.ldb_dc2, obj_orig=user_orig, is_deleted=False)
+
+        ldb_res = self.ldb_dc1.search(base=self.domain_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=group_%s)" % username)
+        self.assertTrue(len(ldb_res) == 1)
+
+        # This group is a member of another group
+        self.assertTrue("memberOf" in ldb_res[0])
+
+        # The user was deleted on DC1, but the modify we did on DC2, check it never replicated in
+        self.assertFalse("member" in ldb_res[0])
+
+        # trigger replication from DC1 to DC2
+        # to check if deleted object is replicated
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+        # check user info on DC1 - should be deleted
+        self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=user_orig, is_deleted=True)
+        # check user info on DC2 - should be deleted
+        self._check_obj(sam_ldb=self.ldb_dc2, obj_orig=user_orig, is_deleted=True)
+
+        # delete group on DC1
+        self.ldb_dc1.delete(group_dn)
+
+        # trigger replication from DC1 to DC2
+        # to check if deleted object is replicated
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+
+        # check group info on DC1 - should be deleted
+        self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=group_orig, is_deleted=True)
+        # check group info on DC2 - should be deleted
+        self._check_obj(sam_ldb=self.ldb_dc2, obj_orig=group_orig, is_deleted=True)
+
+        ldb_res = self.ldb_dc2.search(base=self.domain_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=group2_%s)" % username)
+        self.assertTrue(len(ldb_res) == 1)
+        self.assertFalse("member" in ldb_res[0])
+
+        # delete group on DC1
+        self.ldb_dc1.delete(group2_dn)
+
+        # trigger replication from DC1 to DC2
+        # to check if deleted object is replicated
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+
+        # check group info on DC1 - should be deleted
+        self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=group2_orig, is_deleted=True)
+        # check group info on DC2 - should be deleted
+        self._check_obj(sam_ldb=self.ldb_dc2, obj_orig=group2_orig, is_deleted=True)
+
+    def test_ReplicateDeletedObject2(self):
+        """Verifies how a deleted-object is replicated between two DCs.
+           This test should verify that:
+            - deleted-object is replicated properly
+            - We verify that after replication,
+              object's state to conform to a tombstone-object state
+            - This test replicates the delete to the server with the
+              object modifications first
+
+           TODO:  It will also be great if check replPropertyMetaData.
+           TODO:  Check for deleted-object state, depending on DC's features
+                  when recycle-bin is enabled
+           """
+        # work-out unique username to test with
+        username = self._make_username()
+
+        # create user on DC1
+        self.ldb_dc1.newuser(username=username, password="P@sswOrd!")
+        ldb_res = self.ldb_dc1.search(base=self.domain_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % username)
+        self.assertEqual(len(ldb_res), 1)
+        user_orig = ldb_res[0]
+        user_dn   = ldb_res[0]["dn"]
+
+        # check user info on DC1
+        print("Testing for %s with GUID %s" % (username, self._GUID_string(user_orig["objectGUID"][0])))
+        self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=user_orig, is_deleted=False)
+
+        # trigger replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+
+        # delete user on DC1
+        self.ldb_dc1.delete(user_dn)
+        # check user info on DC1 - should be deleted
+        self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=user_orig, is_deleted=True)
+        # check user info on DC2 - should be valid user
+        user_cur = self._check_obj(sam_ldb=self.ldb_dc2, obj_orig=user_orig, is_deleted=False)
+
+        # The user should not have a description or memberOf yet
+        self.assertFalse("description" in user_cur)
+        self.assertFalse("memberOf" in user_cur)
+
+        self.ldb_dc2.newgroup("group_%s" % username)
+
+        self.ldb_dc2.newgroup("group2_%s" % username)
+
+        ldb_res = self.ldb_dc2.search(base=self.domain_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=group_%s)" % username)
+        self.assertTrue(len(ldb_res) == 1)
+        self.assertTrue("sAMAccountName" in ldb_res[0])
+        group_dn = ldb_res[0]["dn"]
+
+        # modify user on DC2 to have a description and be a member of the group
+        m = ldb.Message()
+        m.dn = user_dn
+        m["description"] = ldb.MessageElement("a description",
+                                              ldb.FLAG_MOD_ADD, "description")
+        self.ldb_dc2.modify(m)
+        m = ldb.Message()
+        m.dn = group_dn
+        m["member"] = ldb.MessageElement(str(user_dn),
+                                         ldb.FLAG_MOD_ADD, "member")
+        self.ldb_dc2.modify(m)
+
+        ldb_res = self.ldb_dc2.search(base=self.domain_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=group2_%s)" % username)
+        self.assertTrue(len(ldb_res) == 1)
+        self.assertTrue("sAMAccountName" in ldb_res[0])
+        group2_dn = ldb_res[0]["dn"]
+
+        m = ldb.Message()
+        m.dn = group2_dn
+        m["member"] = ldb.MessageElement(str(group_dn),
+                                         ldb.FLAG_MOD_ADD, "member")
+        self.ldb_dc2.modify(m)
+
+        # check user info on DC2 - should be valid user
+        user_cur = self._check_obj(sam_ldb=self.ldb_dc2, obj_orig=user_orig, is_deleted=False)
+
+        # The user should not have a description yet
+        self.assertTrue("description" in user_cur)
+        self.assertTrue("memberOf" in user_cur)
+
+        # trigger replication from DC1 to DC2
+        # to check if deleted object gets restored
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+        # check user info on DC1 - should be deleted
+        self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=user_orig, is_deleted=True)
+        # check user info on DC2 - should be deleted
+        self._check_obj(sam_ldb=self.ldb_dc2, obj_orig=user_orig, is_deleted=True)
+
+        ldb_res = self.ldb_dc2.search(base=self.domain_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=group_%s)" % username)
+        self.assertTrue(len(ldb_res) == 1)
+        self.assertTrue("memberOf" in ldb_res[0])
+        self.assertFalse("member" in ldb_res[0])
+
+        # trigger replication from DC2 to DC1
+        # to check if deleted object is replicated
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True)
+        # check user info on DC1 - should be deleted
+        self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=user_orig, is_deleted=True)
+        # check user info on DC2 - should be deleted
+        self._check_obj(sam_ldb=self.ldb_dc2, obj_orig=user_orig, is_deleted=True)
+
+        ldb_res = self.ldb_dc1.search(base=self.domain_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=group_%s)" % username)
+        self.assertTrue(len(ldb_res) == 1)
+        self.assertTrue("memberOf" in ldb_res[0])
+        self.assertFalse("member" in ldb_res[0])
+
+        # delete group on DC1
+        self.ldb_dc1.delete(group_dn)
+        self.ldb_dc1.delete(group2_dn)
+
+        # trigger replication from DC1 to DC2, for cleanup
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
diff --git a/source4/torture/drs/python/drs_base.py b/source4/torture/drs/python/drs_base.py
new file mode 100644
index 0000000..bf98e59
--- /dev/null
+++ b/source4/torture/drs/python/drs_base.py
@@ -0,0 +1,632 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# Unix SMB/CIFS implementation.
+# Copyright (C) Kamen Mazdrashki <kamenim@samba.org> 2011
+# Copyright (C) Andrew Bartlett <abartlet@samba.org> 2016
+# Copyright (C) Catalyst IT Ltd. 2016
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+import sys
+import time
+import os
+import ldb
+
+sys.path.insert(0, "bin/python")
+import samba.tests
+from samba.tests.samba_tool.base import SambaToolCmdTest
+from samba import dsdb
+from samba.dcerpc import drsuapi, misc, drsblobs, security
+from samba.ndr import ndr_unpack, ndr_pack
+from samba.drs_utils import drs_DsBind
+from samba import gensec
+from ldb import (
+    SCOPE_BASE,
+    Message,
+    FLAG_MOD_REPLACE,
+)
+from samba.common import cmp
+from samba.common import get_string
+
+
+class DrsBaseTestCase(SambaToolCmdTest):
+    """Base class implementation for all DRS python tests.
+       It is intended to provide common initialization and
+       and functionality used by all DRS tests in drs/python
+       test package. For instance, DC1 and DC2 are always used
+       to pass URLs for DCs to test against"""
+
+    def setUp(self):
+        super(DrsBaseTestCase, self).setUp()
+        creds = self.get_credentials()
+        creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
+
+        # connect to DCs
+        self.url_dc1 = samba.tests.env_get_var_value("DC1")
+        (self.ldb_dc1, self.info_dc1) = samba.tests.connect_samdb_ex(self.url_dc1,
+                                                                     ldap_only=True)
+        self.url_dc2 = samba.tests.env_get_var_value("DC2")
+        (self.ldb_dc2, self.info_dc2) = samba.tests.connect_samdb_ex(self.url_dc2,
+                                                                     ldap_only=True)
+        self.test_ldb_dc = self.ldb_dc1
+
+        # cache some of RootDSE props
+        self.schema_dn = str(self.info_dc1["schemaNamingContext"][0])
+        self.domain_dn = str(self.info_dc1["defaultNamingContext"][0])
+        self.config_dn = str(self.info_dc1["configurationNamingContext"][0])
+        self.forest_level = int(self.info_dc1["forestFunctionality"][0])
+
+        # we will need DCs DNS names for 'samba-tool drs' command
+        self.dnsname_dc1 = str(self.info_dc1["dnsHostName"][0])
+        self.dnsname_dc2 = str(self.info_dc2["dnsHostName"][0])
+
+        # for debugging the test code
+        self._debug = False
+
+    def tearDown(self):
+        super(DrsBaseTestCase, self).tearDown()
+
+    def set_test_ldb_dc(self, ldb_dc):
+        """Sets which DC's LDB we perform operations on during the test"""
+        self.test_ldb_dc = ldb_dc
+
+    def _GUID_string(self, guid):
+        return get_string(self.test_ldb_dc.schema_format_value("objectGUID", guid))
+
+    def _ldap_schemaUpdateNow(self, sam_db):
+        rec = {"dn": "",
+               "schemaUpdateNow": "1"}
+        m = Message.from_dict(sam_db, rec, FLAG_MOD_REPLACE)
+        sam_db.modify(m)
+
+    def _deleted_objects_dn(self, sam_ldb):
+        wkdn = "<WKGUID=18E2EA80684F11D2B9AA00C04F79F805,%s>" % self.domain_dn
+        res = sam_ldb.search(base=wkdn,
+                             scope=SCOPE_BASE,
+                             controls=["show_deleted:1"])
+        self.assertEqual(len(res), 1)
+        return str(res[0]["dn"])
+
+    def _lost_and_found_dn(self, sam_ldb, nc):
+        wkdn = "<WKGUID=%s,%s>" % (dsdb.DS_GUID_LOSTANDFOUND_CONTAINER, nc)
+        res = sam_ldb.search(base=wkdn,
+                             scope=SCOPE_BASE)
+        self.assertEqual(len(res), 1)
+        return str(res[0]["dn"])
+
+    def _make_obj_name(self, prefix):
+        return prefix + time.strftime("%s", time.gmtime())
+
+    def _samba_tool_cmd_list(self, drs_command):
+        # make command line credentials string
+
+        # If test runs on windows then it can provide its own auth string
+        if hasattr(self, 'cmdline_auth'):
+            cmdline_auth = self.cmdline_auth
+        else:
+            ccache_name = self.get_creds_ccache_name()
+
+            # Tunnel the command line credentials down to the
+            # subcommand to avoid a new kinit
+            cmdline_auth = "--use-krb5-ccache=%s" % ccache_name
+
+        # bin/samba-tool drs <drs_command> <cmdline_auth>
+        return ["drs", drs_command, cmdline_auth]
+
+    def _net_drs_replicate(self, DC, fromDC, nc_dn=None, forced=True,
+                           local=False, full_sync=False, single=False):
+        if nc_dn is None:
+            nc_dn = self.domain_dn
+        # make base command line
+        samba_tool_cmdline = self._samba_tool_cmd_list("replicate")
+        # bin/samba-tool drs replicate <Dest_DC_NAME> <Src_DC_NAME> <Naming Context>
+        samba_tool_cmdline += [DC, fromDC, nc_dn]
+
+        if forced:
+            samba_tool_cmdline += ["--sync-forced"]
+        if local:
+            samba_tool_cmdline += ["--local"]
+        if full_sync:
+            samba_tool_cmdline += ["--full-sync"]
+        if single:
+            samba_tool_cmdline += ["--single-object"]
+
+        (result, out, err) = self.runsubcmd(*samba_tool_cmdline)
+        self.assertCmdSuccess(result, out, err)
+        self.assertEqual(err, "", "Shouldn't be any error messages")
+
+    def _enable_inbound_repl(self, DC):
+        # make base command line
+        samba_tool_cmd = self._samba_tool_cmd_list("options")
+        # disable replication
+        samba_tool_cmd += [DC, "--dsa-option=-DISABLE_INBOUND_REPL"]
+        (result, out, err) = self.runsubcmd(*samba_tool_cmd)
+        self.assertCmdSuccess(result, out, err)
+        self.assertEqual(err, "", "Shouldn't be any error messages")
+
+    def _disable_inbound_repl(self, DC):
+        # make base command line
+        samba_tool_cmd = self._samba_tool_cmd_list("options")
+        # disable replication
+        samba_tool_cmd += [DC, "--dsa-option=+DISABLE_INBOUND_REPL"]
+        (result, out, err) = self.runsubcmd(*samba_tool_cmd)
+        self.assertCmdSuccess(result, out, err)
+        self.assertEqual(err, "", "Shouldn't be any error messages")
+
+    def _enable_all_repl(self, DC):
+        self._enable_inbound_repl(DC)
+        # make base command line
+        samba_tool_cmd = self._samba_tool_cmd_list("options")
+        # enable replication
+        samba_tool_cmd += [DC, "--dsa-option=-DISABLE_OUTBOUND_REPL"]
+        (result, out, err) = self.runsubcmd(*samba_tool_cmd)
+        self.assertCmdSuccess(result, out, err)
+        self.assertEqual(err, "", "Shouldn't be any error messages")
+
+    def _disable_all_repl(self, DC):
+        self._disable_inbound_repl(DC)
+        # make base command line
+        samba_tool_cmd = self._samba_tool_cmd_list("options")
+        # disable replication
+        samba_tool_cmd += [DC, "--dsa-option=+DISABLE_OUTBOUND_REPL"]
+        (result, out, err) = self.runsubcmd(*samba_tool_cmd)
+        self.assertCmdSuccess(result, out, err)
+        self.assertEqual(err, "", "Shouldn't be any error messages")
+
+    def _get_highest_hwm_utdv(self, ldb_conn):
+        res = ldb_conn.search("", scope=ldb.SCOPE_BASE, attrs=["highestCommittedUSN"])
+        hwm = drsuapi.DsReplicaHighWaterMark()
+        hwm.tmp_highest_usn = int(res[0]["highestCommittedUSN"][0])
+        hwm.reserved_usn = 0
+        hwm.highest_usn = hwm.tmp_highest_usn
+
+        utdv = drsuapi.DsReplicaCursorCtrEx()
+        cursors = []
+        c1 = drsuapi.DsReplicaCursor()
+        c1.source_dsa_invocation_id = misc.GUID(ldb_conn.get_invocation_id())
+        c1.highest_usn = hwm.highest_usn
+        cursors.append(c1)
+        utdv.count = len(cursors)
+        utdv.cursors = cursors
+        return (hwm, utdv)
+
+    def _get_identifier(self, ldb_conn, dn):
+        res = ldb_conn.search(dn, scope=ldb.SCOPE_BASE,
+                              attrs=["objectGUID", "objectSid"])
+        id = drsuapi.DsReplicaObjectIdentifier()
+        id.guid = ndr_unpack(misc.GUID, res[0]['objectGUID'][0])
+        if "objectSid" in res[0]:
+            id.sid = ndr_unpack(security.dom_sid, res[0]['objectSid'][0])
+        id.dn = str(res[0].dn)
+        return id
+
+    def _get_ctr6_links(self, ctr6):
+        """
+        Unpacks the linked attributes from a DsGetNCChanges response
+        and returns them as a list.
+        """
+        ctr6_links = []
+        for lidx in range(0, ctr6.linked_attributes_count):
+            l = ctr6.linked_attributes[lidx]
+            try:
+                target = ndr_unpack(drsuapi.DsReplicaObjectIdentifier3,
+                                    l.value.blob)
+            except:
+                target = ndr_unpack(drsuapi.DsReplicaObjectIdentifier3Binary,
+                                    l.value.blob)
+            al = AbstractLink(l.attid, l.flags,
+                              l.identifier.guid,
+                              target.guid, target.dn)
+            ctr6_links.append(al)
+
+        return ctr6_links
+
+    def _get_ctr6_object_guids(self, ctr6):
+        """Returns all the object GUIDs in a GetNCChanges response"""
+        guid_list = []
+
+        obj = ctr6.first_object
+        for i in range(0, ctr6.object_count):
+            guid_list.append(str(obj.object.identifier.guid))
+            obj = obj.next_object
+
+        return guid_list
+
+    def _ctr6_debug(self, ctr6):
+        """
+        Displays basic info contained in a DsGetNCChanges response.
+        Having this debug code allows us to see the difference in behaviour
+        between Samba and Windows easier. Turn on the self._debug flag to see it.
+        """
+
+        if self._debug:
+            print("------------ recvd CTR6 -------------")
+
+            next_object = ctr6.first_object
+            for i in range(0, ctr6.object_count):
+                print("Obj %d: %s %s" % (i, next_object.object.identifier.dn[:25],
+                                         next_object.object.identifier.guid))
+                next_object = next_object.next_object
+
+            print("Linked Attributes: %d" % ctr6.linked_attributes_count)
+            for lidx in range(0, ctr6.linked_attributes_count):
+                l = ctr6.linked_attributes[lidx]
+                try:
+                    target = ndr_unpack(drsuapi.DsReplicaObjectIdentifier3,
+                                        l.value.blob)
+                except:
+                    target = ndr_unpack(drsuapi.DsReplicaObjectIdentifier3Binary,
+                                        l.value.blob)
+
+                print("Link Tgt %s... <-- Src %s"
+                      % (target.dn[:25], l.identifier.guid))
+                state = "Del"
+                if l.flags & drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE:
+                    state = "Act"
+                print("  v%u %s changed %u" % (l.meta_data.version, state,
+                                               l.meta_data.originating_change_time))
+
+            print("HWM:     %d" % (ctr6.new_highwatermark.highest_usn))
+            print("Tmp HWM: %d" % (ctr6.new_highwatermark.tmp_highest_usn))
+            print("More data: %d" % (ctr6.more_data))
+
+    def _get_replication(self, replica_flags,
+                         drs_error=drsuapi.DRSUAPI_EXOP_ERR_NONE, drs=None, drs_handle=None,
+                         highwatermark=None, uptodateness_vector=None,
+                         more_flags=0, max_objects=133, exop=0,
+                         dest_dsa=drsuapi.DRSUAPI_DS_BIND_GUID_W2K3,
+                         source_dsa=None, invocation_id=None, nc_dn_str=None):
+        """
+        Builds a DsGetNCChanges request based on the information provided
+        and returns the response received from the DC.
+        """
+        if source_dsa is None:
+            source_dsa = self.test_ldb_dc.get_ntds_GUID()
+        if invocation_id is None:
+            invocation_id = self.test_ldb_dc.get_invocation_id()
+        if nc_dn_str is None:
+            nc_dn_str = self.test_ldb_dc.domain_dn()
+
+        if highwatermark is None:
+            if self.default_hwm is None:
+                (highwatermark, _) = self._get_highest_hwm_utdv(self.test_ldb_dc)
+            else:
+                highwatermark = self.default_hwm
+
+        if drs is None:
+            drs = self.drs
+        if drs_handle is None:
+            drs_handle = self.drs_handle
+
+        req10 = self._getnc_req10(dest_dsa=dest_dsa,
+                                  invocation_id=invocation_id,
+                                  nc_dn_str=nc_dn_str,
+                                  exop=exop,
+                                  max_objects=max_objects,
+                                  replica_flags=replica_flags,
+                                  more_flags=more_flags)
+        req10.highwatermark = highwatermark
+        if uptodateness_vector is not None:
+            uptodateness_vector_v1 = drsuapi.DsReplicaCursorCtrEx()
+            cursors = []
+            for i in range(0, uptodateness_vector.count):
+                c = uptodateness_vector.cursors[i]
+                c1 = drsuapi.DsReplicaCursor()
+                c1.source_dsa_invocation_id = c.source_dsa_invocation_id
+                c1.highest_usn = c.highest_usn
+                cursors.append(c1)
+            uptodateness_vector_v1.count = len(cursors)
+            uptodateness_vector_v1.cursors = cursors
+            req10.uptodateness_vector = uptodateness_vector_v1
+        (level, ctr) = drs.DsGetNCChanges(drs_handle, 10, req10)
+        self._ctr6_debug(ctr)
+
+        self.assertEqual(level, 6, "expected level 6 response!")
+        self.assertEqual(ctr.source_dsa_guid, misc.GUID(source_dsa))
+        self.assertEqual(ctr.source_dsa_invocation_id, misc.GUID(invocation_id))
+        self.assertEqual(ctr.extended_ret, drs_error)
+
+        return ctr
+
+    def _check_replication(self, expected_dns, replica_flags, expected_links=None,
+                           drs_error=drsuapi.DRSUAPI_EXOP_ERR_NONE, drs=None, drs_handle=None,
+                           highwatermark=None, uptodateness_vector=None,
+                           more_flags=0, more_data=False,
+                           dn_ordered=True, links_ordered=True,
+                           max_objects=133, exop=0,
+                           dest_dsa=drsuapi.DRSUAPI_DS_BIND_GUID_W2K3,
+                           source_dsa=None, invocation_id=None, nc_dn_str=None,
+                           nc_object_count=0, nc_linked_attributes_count=0):
+        """
+        Makes sure that replication returns the specific error given.
+        """
+        if expected_links is None:
+            expected_links = []
+
+        # send a DsGetNCChanges to the DC
+        ctr6 = self._get_replication(replica_flags,
+                                     drs_error, drs, drs_handle,
+                                     highwatermark, uptodateness_vector,
+                                     more_flags, max_objects, exop, dest_dsa,
+                                     source_dsa, invocation_id, nc_dn_str)
+
+        # check the response is what we expect
+        self._check_ctr6(ctr6, expected_dns, expected_links,
+                         nc_object_count=nc_object_count, more_data=more_data,
+                         dn_ordered=dn_ordered)
+        return (ctr6.new_highwatermark, ctr6.uptodateness_vector)
+
+    def _get_ctr6_dn_list(self, ctr6):
+        """
+        Returns the DNs contained in a DsGetNCChanges response.
+        """
+        dn_list = []
+        next_object = ctr6.first_object
+        for i in range(0, ctr6.object_count):
+            dn_list.append(next_object.object.identifier.dn)
+            next_object = next_object.next_object
+        self.assertEqual(next_object, None)
+
+        return dn_list
+
+    def _check_ctr6(self, ctr6, expected_dns=None, expected_links=None,
+                    dn_ordered=True, links_ordered=True,
+                    more_data=False, nc_object_count=0,
+                    nc_linked_attributes_count=0, drs_error=0):
+        """
+        Check that a ctr6 matches the specified parameters.
+        """
+        if expected_dns is None:
+            expected_dns = []
+
+        if expected_links is None:
+            expected_links = []
+
+        ctr6_raw_dns = self._get_ctr6_dn_list(ctr6)
+
+        # filter out changes to the RID Set objects, as these can happen
+        # intermittently and mess up the test assertions
+        ctr6_dns = []
+        for dn in ctr6_raw_dns:
+            if "CN=RID Set," in dn or "CN=RID Manager$," in dn:
+                print("Removing {0} from GetNCChanges reply".format(dn))
+            else:
+                ctr6_dns.append(dn)
+
+        self.assertEqual(len(ctr6_dns), len(expected_dns),
+                         "Received unexpected objects (%s)" % ctr6_dns)
+        self.assertEqual(ctr6.object_count, len(ctr6_raw_dns))
+        self.assertEqual(ctr6.linked_attributes_count, len(expected_links))
+        self.assertEqual(ctr6.more_data, more_data)
+        self.assertEqual(ctr6.nc_object_count, nc_object_count)
+        self.assertEqual(ctr6.nc_linked_attributes_count, nc_linked_attributes_count)
+        self.assertEqual(ctr6.drs_error[0], drs_error)
+
+        i = 0
+        for dn in expected_dns:
+            # Expect them back in the exact same order as specified.
+            if dn_ordered:
+                self.assertNotEqual(ctr6_dns[i], None)
+                self.assertEqual(ctr6_dns[i], dn)
+                i = i + 1
+            # Don't care what order
+            else:
+                self.assertTrue(dn in ctr6_dns, "Couldn't find DN '%s' anywhere in ctr6 response." % dn)
+
+        # Extract the links from the response
+        ctr6_links = self._get_ctr6_links(ctr6)
+        expected_links.sort()
+
+        lidx = 0
+        for el in expected_links:
+            if links_ordered:
+                self.assertEqual(el, ctr6_links[lidx])
+                lidx += 1
+            else:
+                self.assertTrue(el in ctr6_links, "Couldn't find link '%s' anywhere in ctr6 response." % el)
+
+    def _exop_req8(self, dest_dsa, invocation_id, nc_dn_str, exop,
+                   replica_flags=0, max_objects=0, partial_attribute_set=None,
+                   partial_attribute_set_ex=None, mapping_ctr=None, nc_guid=None):
+        req8 = drsuapi.DsGetNCChangesRequest8()
+
+        req8.destination_dsa_guid = misc.GUID(dest_dsa) if dest_dsa else misc.GUID()
+        req8.source_dsa_invocation_id = misc.GUID(invocation_id)
+        req8.naming_context = drsuapi.DsReplicaObjectIdentifier()
+        req8.naming_context.dn = str(nc_dn_str)
+        if nc_guid is not None:
+            req8.naming_context.guid = nc_guid
+        req8.highwatermark = drsuapi.DsReplicaHighWaterMark()
+        req8.highwatermark.tmp_highest_usn = 0
+        req8.highwatermark.reserved_usn = 0
+        req8.highwatermark.highest_usn = 0
+        req8.uptodateness_vector = None
+        req8.replica_flags = replica_flags
+        req8.max_object_count = max_objects
+        req8.max_ndr_size = 402116
+        req8.extended_op = exop
+        req8.fsmo_info = 0
+        req8.partial_attribute_set = partial_attribute_set
+        req8.partial_attribute_set_ex = partial_attribute_set_ex
+        if mapping_ctr:
+            req8.mapping_ctr = mapping_ctr
+        else:
+            req8.mapping_ctr.num_mappings = 0
+            req8.mapping_ctr.mappings = None
+
+        return req8
+
+    def _getnc_req10(self, dest_dsa, invocation_id, nc_dn_str, exop,
+                     replica_flags=0, max_objects=0, partial_attribute_set=None,
+                     partial_attribute_set_ex=None, mapping_ctr=None,
+                     more_flags=0, nc_guid=None):
+        req10 = drsuapi.DsGetNCChangesRequest10()
+
+        req10.destination_dsa_guid = misc.GUID(dest_dsa) if dest_dsa else misc.GUID()
+        req10.source_dsa_invocation_id = misc.GUID(invocation_id)
+        req10.naming_context = drsuapi.DsReplicaObjectIdentifier()
+        req10.naming_context.dn = str(nc_dn_str)
+        if nc_guid is not None:
+            req10.naming_context.guid = nc_guid
+        req10.highwatermark = drsuapi.DsReplicaHighWaterMark()
+        req10.highwatermark.tmp_highest_usn = 0
+        req10.highwatermark.reserved_usn = 0
+        req10.highwatermark.highest_usn = 0
+        req10.uptodateness_vector = None
+        req10.replica_flags = replica_flags
+        req10.max_object_count = max_objects
+        req10.max_ndr_size = 402116
+        req10.extended_op = exop
+        req10.fsmo_info = 0
+        req10.partial_attribute_set = partial_attribute_set
+        req10.partial_attribute_set_ex = partial_attribute_set_ex
+        if mapping_ctr:
+            req10.mapping_ctr = mapping_ctr
+        else:
+            req10.mapping_ctr.num_mappings = 0
+            req10.mapping_ctr.mappings = None
+        req10.more_flags = more_flags
+
+        return req10
+
+    def _ds_bind(self, server_name, creds=None, ip=None):
+        if ip is None:
+            binding_str = f"ncacn_ip_tcp:{server_name}[seal]"
+        else:
+            binding_str = f"ncacn_ip_tcp:{ip}[seal,target_hostname={server_name}]"
+
+        if creds is None:
+            creds = self.get_credentials()
+        drs = drsuapi.drsuapi(binding_str, self.get_loadparm(), creds)
+        (drs_handle, supported_extensions) = drs_DsBind(drs)
+        return (drs, drs_handle)
+
+    def get_partial_attribute_set(self, attids=None):
+        if attids is None:
+            attids = [drsuapi.DRSUAPI_ATTID_objectClass]
+        partial_attribute_set = drsuapi.DsPartialAttributeSet()
+        partial_attribute_set.attids = attids
+        partial_attribute_set.num_attids = len(attids)
+        return partial_attribute_set
+
+
+class AbstractLink:
+    def __init__(self, attid, flags, identifier, targetGUID,
+                 targetDN=""):
+        self.attid = attid
+        self.flags = flags
+        self.identifier = str(identifier)
+        self.selfGUID_blob = ndr_pack(identifier)
+        self.targetGUID = str(targetGUID)
+        self.targetGUID_blob = ndr_pack(targetGUID)
+        self.targetDN = targetDN
+
+    def __repr__(self):
+        return "AbstractLink(0x%08x, 0x%08x, %s, %s)" % (
+                self.attid, self.flags, self.identifier, self.targetGUID)
+
+    def __internal_cmp__(self, other, verbose=False):
+        """See CompareLinks() in MS-DRSR section 4.1.10.5.17"""
+        if not isinstance(other, AbstractLink):
+            if verbose:
+                print("AbstractLink.__internal_cmp__(%r, %r) => wrong type" % (self, other))
+            return NotImplemented
+
+        c = cmp(self.selfGUID_blob, other.selfGUID_blob)
+        if c != 0:
+            if verbose:
+                print("AbstractLink.__internal_cmp__(%r, %r) => %d different identifier" % (self, other, c))
+            return c
+
+        c = other.attid - self.attid
+        if c != 0:
+            if verbose:
+                print("AbstractLink.__internal_cmp__(%r, %r) => %d different attid" % (self, other, c))
+            return c
+
+        self_active = self.flags & drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE
+        other_active = other.flags & drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE
+
+        c = self_active - other_active
+        if c != 0:
+            if verbose:
+                print("AbstractLink.__internal_cmp__(%r, %r) => %d different FLAG_ACTIVE" % (self, other, c))
+            return c
+
+        c = cmp(self.targetGUID_blob, other.targetGUID_blob)
+        if c != 0:
+            if verbose:
+                print("AbstractLink.__internal_cmp__(%r, %r) => %d different target" % (self, other, c))
+            return c
+
+        c = self.flags - other.flags
+        if c != 0:
+            if verbose:
+                print("AbstractLink.__internal_cmp__(%r, %r) => %d different flags" % (self, other, c))
+            return c
+
+        return 0
+
+    def __lt__(self, other):
+        c = self.__internal_cmp__(other)
+        if c == NotImplemented:
+            return NotImplemented
+        if c < 0:
+            return True
+        return False
+
+    def __le__(self, other):
+        c = self.__internal_cmp__(other)
+        if c == NotImplemented:
+            return NotImplemented
+        if c <= 0:
+            return True
+        return False
+
+    def __eq__(self, other):
+        c = self.__internal_cmp__(other, verbose=True)
+        if c == NotImplemented:
+            return NotImplemented
+        if c == 0:
+            return True
+        return False
+
+    def __ne__(self, other):
+        c = self.__internal_cmp__(other)
+        if c == NotImplemented:
+            return NotImplemented
+        if c != 0:
+            return True
+        return False
+
+    def __gt__(self, other):
+        c = self.__internal_cmp__(other)
+        if c == NotImplemented:
+            return NotImplemented
+        if c > 0:
+            return True
+        return False
+
+    def __ge__(self, other):
+        c = self.__internal_cmp__(other)
+        if c == NotImplemented:
+            return NotImplemented
+        if c >= 0:
+            return True
+        return False
+
+    def __hash__(self):
+        return hash((self.attid, self.flags, self.identifier, self.targetGUID))
diff --git a/source4/torture/drs/python/fsmo.py b/source4/torture/drs/python/fsmo.py
new file mode 100644
index 0000000..55805b9
--- /dev/null
+++ b/source4/torture/drs/python/fsmo.py
@@ -0,0 +1,152 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# Unix SMB/CIFS implementation.
+# Copyright (C) Anatoliy Atanasov <anatoliy.atanasov@postpath.com> 2010
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#
+# Usage:
+#  export DC1=dc1_dns_name
+#  export DC2=dc2_dns_name
+#  export SUBUNITRUN=$samba4srcdir/scripting/bin/subunitrun
+#  PYTHONPATH="$PYTHONPATH:$samba4srcdir/torture/drs/python" $SUBUNITRUN fsmo -U"$DOMAIN/$DC_USERNAME"%"$DC_PASSWORD"
+#
+
+import sys
+import time
+import os
+
+sys.path.insert(0, "bin/python")
+
+from ldb import SCOPE_BASE
+
+import drs_base
+
+
+class DrsFsmoTestCase(drs_base.DrsBaseTestCase):
+
+    def setUp(self):
+        super(DrsFsmoTestCase, self).setUp()
+
+        # we have to wait for the replication before we make the check
+        self.fsmo_wait_max_time = 20
+        self.fsmo_wait_sleep_time = 0.2
+
+        # cache some of RootDSE props
+        self.dsServiceName_dc1 = self.info_dc1["dsServiceName"][0]
+        self.dsServiceName_dc2 = self.info_dc2["dsServiceName"][0]
+        self.infrastructure_dn = "CN=Infrastructure," + self.domain_dn
+        self.naming_dn = "CN=Partitions," + self.config_dn
+        self.rid_dn = "CN=RID Manager$,CN=System," + self.domain_dn
+        self.domain_dns_dn = (
+            "CN=Infrastructure,DC=DomainDnsZones, %s" % self.domain_dn )
+        self.forest_dns_dn = (
+            "CN=Infrastructure,DC=ForestDnsZones, %s" % self.domain_dn )
+
+    def tearDown(self):
+        super(DrsFsmoTestCase, self).tearDown()
+
+    def _net_fsmo_role_transfer(self, DC, role, noop=False):
+        # make command line credentials string
+        ccache_name = self.get_creds_ccache_name()
+        cmd_line_auth = "--use-krb5-ccache=%s" % ccache_name
+        (result, out, err) = self.runsubcmd("fsmo", "transfer",
+                                            "--role=%s" % role,
+                                            "-H", "ldap://%s:389" % DC,
+                                            cmd_line_auth)
+
+        self.assertCmdSuccess(result, out, err)
+        self.assertEqual(err, "", "Shouldn't be any error messages")
+        if not noop:
+            self.assertTrue("FSMO transfer of '%s' role successful" % role in out)
+        else:
+            self.assertTrue("This DC already has the '%s' FSMO role" % role in out)
+
+    def _wait_for_role_transfer(self, ldb_dc, role_dn, master):
+        """Wait for role transfer for certain amount of time
+
+        :return: (Result=True|False, CurrentMasterDnsName) tuple
+        """
+        cur_master = ''
+        retries = int(self.fsmo_wait_max_time / self.fsmo_wait_sleep_time) + 1
+        for i in range(0, retries):
+            # check if master has been transferred
+            res = ldb_dc.search(role_dn,
+                                scope=SCOPE_BASE, attrs=["fSMORoleOwner"])
+            assert len(res) == 1, "Only one fSMORoleOwner value expected!"
+            cur_master = res[0]["fSMORoleOwner"][0]
+            if master == cur_master:
+                return (True, cur_master)
+            # skip last sleep, if no need to wait anymore
+            if i != (retries - 1):
+                # wait a little bit before next retry
+                time.sleep(self.fsmo_wait_sleep_time)
+        return (False, cur_master)
+
+    def _role_transfer(self, role, role_dn):
+        """Triggers transfer of role from DC1 to DC2
+           and vice versa so the role goes back to the original dc"""
+        # dc2 gets the role from dc1
+        print("Testing for %s role transfer from %s to %s" % (role, self.dnsname_dc1, self.dnsname_dc2))
+
+        self._net_fsmo_role_transfer(DC=self.dnsname_dc2, role=role)
+        # check if the role is transferred
+        (res, master) = self._wait_for_role_transfer(ldb_dc=self.ldb_dc2,
+                                                     role_dn=role_dn,
+                                                     master=self.dsServiceName_dc2)
+        self.assertTrue(res,
+                        "Transferring %s role to %s has failed, master is: %s!" % (role, self.dsServiceName_dc2, master))
+
+        # dc1 gets back the role from dc2
+        print("Testing for %s role transfer from %s to %s" % (role, self.dnsname_dc2, self.dnsname_dc1))
+        self._net_fsmo_role_transfer(DC=self.dnsname_dc1, role=role)
+        # check if the role is transferred
+        (res, master) = self._wait_for_role_transfer(ldb_dc=self.ldb_dc1,
+                                                     role_dn=role_dn,
+                                                     master=self.dsServiceName_dc1)
+        self.assertTrue(res,
+                        "Transferring %s role to %s has failed, master is: %s!" % (role, self.dsServiceName_dc1, master))
+
+        # dc1 keeps the role
+        print("Testing for no-op %s role transfer from %s to %s" % (role, self.dnsname_dc2, self.dnsname_dc1))
+        self._net_fsmo_role_transfer(DC=self.dnsname_dc1, role=role, noop=True)
+        # check if the role is transferred
+        (res, master) = self._wait_for_role_transfer(ldb_dc=self.ldb_dc1,
+                                                     role_dn=role_dn,
+                                                     master=self.dsServiceName_dc1)
+        self.assertTrue(res,
+                        "Transferring %s role to %s has failed, master is: %s!" % (role, self.dsServiceName_dc1, master))
+
+    def test_SchemaMasterTransfer(self):
+        self._role_transfer(role="schema", role_dn=self.schema_dn)
+
+    def test_InfrastructureMasterTransfer(self):
+        self._role_transfer(role="infrastructure", role_dn=self.infrastructure_dn)
+
+    def test_PDCMasterTransfer(self):
+        self._role_transfer(role="pdc", role_dn=self.domain_dn)
+
+    def test_RIDMasterTransfer(self):
+        self._role_transfer(role="rid", role_dn=self.rid_dn)
+
+    def test_NamingMasterTransfer(self):
+        self._role_transfer(role="naming", role_dn=self.naming_dn)
+
+    def test_DomainDnsZonesMasterTransfer(self):
+        self._role_transfer(role="domaindns", role_dn=self.domain_dns_dn)
+
+    def test_ForestDnsZonesMasterTransfer(self):
+        self._role_transfer(role="forestdns", role_dn=self.forest_dns_dn)
diff --git a/source4/torture/drs/python/getnc_exop.py b/source4/torture/drs/python/getnc_exop.py
new file mode 100644
index 0000000..0f12d9b
--- /dev/null
+++ b/source4/torture/drs/python/getnc_exop.py
@@ -0,0 +1,1304 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# Tests various schema replication scenarios
+#
+# Copyright (C) Kamen Mazdrashki <kamenim@samba.org> 2011
+# Copyright (C) Andrew Bartlett <abartlet@samba.org> 2016
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+#
+# Usage:
+#  export DC1=dc1_dns_name
+#  export DC2=dc2_dns_name
+#  export SUBUNITRUN=$samba4srcdir/scripting/bin/subunitrun
+#  PYTHONPATH="$PYTHONPATH:$samba4srcdir/torture/drs/python" $SUBUNITRUN getnc_exop -U"$DOMAIN/$DC_USERNAME"%"$DC_PASSWORD"
+#
+
+import random
+
+import drs_base
+from drs_base import AbstractLink
+
+import samba.tests
+from samba import werror, WERRORError
+
+import ldb
+from ldb import SCOPE_BASE
+
+from samba.dcerpc import drsuapi, misc, drsblobs
+from samba.drs_utils import drs_DsBind
+from samba.ndr import ndr_unpack, ndr_pack
+from functools import cmp_to_key
+from samba.common import cmp
+
+
+def _linked_attribute_compare(la1, la2):
+    """See CompareLinks() in MS-DRSR section 4.1.10.5.17"""
+    la1, la1_target = la1
+    la2, la2_target = la2
+
+    # Ascending host object GUID
+    c = cmp(ndr_pack(la1.identifier.guid), ndr_pack(la2.identifier.guid))
+    if c != 0:
+        return c
+
+    # Ascending attribute ID
+    if la1.attid != la2.attid:
+        return -1 if la1.attid < la2.attid else 1
+
+    la1_active = la1.flags & drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE
+    la2_active = la2.flags & drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE
+
+    # Ascending 'is present'
+    if la1_active != la2_active:
+        return 1 if la1_active else -1
+
+    # Ascending target object GUID
+    return cmp(ndr_pack(la1_target), ndr_pack(la2_target))
+
+
+class DrsReplicaSyncTestCase(drs_base.DrsBaseTestCase):
+    """Intended as a semi-black box test case for DsGetNCChanges
+       implementation for extended operations. It should be testing
+       how DsGetNCChanges handles different input params (mostly invalid).
+       Final goal is to make DsGetNCChanges as binary compatible to
+       Windows implementation as possible"""
+
+    def setUp(self):
+        super(DrsReplicaSyncTestCase, self).setUp()
+        self.base_dn = self.ldb_dc1.get_default_basedn()
+        self.ou = "OU=test_getncchanges%d,%s" % (random.randint(0, 4294967295),
+                                                 self.base_dn)
+        self.ldb_dc1.add({
+            "dn": self.ou,
+            "objectclass": "organizationalUnit"})
+        (self.drs, self.drs_handle) = self._ds_bind(self.dnsname_dc1, ip=self.url_dc1)
+        (self.default_hwm, self.default_utdv) = self._get_highest_hwm_utdv(self.ldb_dc1)
+
+    def tearDown(self):
+        try:
+            self.ldb_dc1.delete(self.ou, ["tree_delete:1"])
+        except ldb.LdbError as e:
+            (enum, string) = e.args
+            if enum == ldb.ERR_NO_SUCH_OBJECT:
+                pass
+        super(DrsReplicaSyncTestCase, self).tearDown()
+
+    def _determine_fSMORoleOwner(self, fsmo_obj_dn):
+        """Returns (owner, not_owner) pair where:
+             owner: dns name for FSMO owner
+             not_owner: dns name for DC not owning the FSMO"""
+        # collect info to return later
+        fsmo_info_1 = {"dns_name": self.dnsname_dc1,
+                       "invocation_id": self.ldb_dc1.get_invocation_id(),
+                       "ntds_guid": self.ldb_dc1.get_ntds_GUID(),
+                       "server_dn": self.ldb_dc1.get_serverName()}
+        fsmo_info_2 = {"dns_name": self.dnsname_dc2,
+                       "invocation_id": self.ldb_dc2.get_invocation_id(),
+                       "ntds_guid": self.ldb_dc2.get_ntds_GUID(),
+                       "server_dn": self.ldb_dc2.get_serverName()}
+
+        msgs = self.ldb_dc1.search(scope=ldb.SCOPE_BASE, base=fsmo_info_1["server_dn"], attrs=["serverReference"])
+        fsmo_info_1["server_acct_dn"] = ldb.Dn(self.ldb_dc1, msgs[0]["serverReference"][0].decode('utf8'))
+        fsmo_info_1["rid_set_dn"] = ldb.Dn(self.ldb_dc1, "CN=RID Set") + fsmo_info_1["server_acct_dn"]
+
+        msgs = self.ldb_dc2.search(scope=ldb.SCOPE_BASE, base=fsmo_info_2["server_dn"], attrs=["serverReference"])
+        fsmo_info_2["server_acct_dn"] = ldb.Dn(self.ldb_dc2, msgs[0]["serverReference"][0].decode('utf8'))
+        fsmo_info_2["rid_set_dn"] = ldb.Dn(self.ldb_dc2, "CN=RID Set") + fsmo_info_2["server_acct_dn"]
+
+        # determine the owner dc
+        res = self.ldb_dc1.search(fsmo_obj_dn,
+                                  scope=SCOPE_BASE, attrs=["fSMORoleOwner"])
+        assert len(res) == 1, "Only one fSMORoleOwner value expected for %s!" % fsmo_obj_dn
+        fsmo_owner = res[0]["fSMORoleOwner"][0]
+        if fsmo_owner == self.info_dc1["dsServiceName"][0]:
+            return (fsmo_info_1, fsmo_info_2)
+        return (fsmo_info_2, fsmo_info_1)
+
+    def _check_exop_failed(self, ctr6, expected_failure):
+        self.assertEqual(ctr6.extended_ret, expected_failure)
+        #self.assertEqual(ctr6.object_count, 0)
+        #self.assertEqual(ctr6.first_object, None)
+        self.assertEqual(ctr6.more_data, False)
+        self.assertEqual(ctr6.nc_object_count, 0)
+        self.assertEqual(ctr6.nc_linked_attributes_count, 0)
+        self.assertEqual(ctr6.linked_attributes_count, 0)
+        self.assertEqual(ctr6.linked_attributes, [])
+        self.assertEqual(ctr6.drs_error[0], 0)
+
+    def test_do_single_repl(self):
+        """
+        Make sure that DRSUAPI_EXOP_REPL_OBJ never replicates more than
+        one object, even when we use DRS_GET_ANC/GET_TGT.
+        """
+
+        ou1 = "OU=get_anc1,%s" % self.ou
+        self.ldb_dc1.add({
+            "dn": ou1,
+            "objectclass": "organizationalUnit"
+        })
+        ou1_id = self._get_identifier(self.ldb_dc1, ou1)
+        ou2 = "OU=get_anc2,%s" % ou1
+        self.ldb_dc1.add({
+            "dn": ou2,
+            "objectclass": "organizationalUnit"
+        })
+        ou2_id = self._get_identifier(self.ldb_dc1, ou2)
+        dc3 = "CN=test_anc_dc_%u,%s" % (random.randint(0, 4294967295), ou2)
+        self.ldb_dc1.add({
+            "dn": dc3,
+            "objectclass": "computer",
+            "userAccountControl": "%d" % (samba.dsdb.UF_ACCOUNTDISABLE | samba.dsdb.UF_SERVER_TRUST_ACCOUNT)
+        })
+        dc3_id = self._get_identifier(self.ldb_dc1, dc3)
+
+        # Add some linked attributes (for checking GET_TGT behaviour)
+        m = ldb.Message()
+        m.dn = ldb.Dn(self.ldb_dc2, ou1)
+        m["managedBy"] = ldb.MessageElement(ou2, ldb.FLAG_MOD_ADD, "managedBy")
+        self.ldb_dc1.modify(m)
+        ou1_link = AbstractLink(drsuapi.DRSUAPI_ATTID_managedBy,
+                                drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE,
+                                ou1_id.guid, ou2_id.guid)
+
+        m.dn = ldb.Dn(self.ldb_dc2, dc3)
+        m["managedBy"] = ldb.MessageElement(ou2, ldb.FLAG_MOD_ADD, "managedBy")
+        self.ldb_dc1.modify(m)
+        dc3_link = AbstractLink(drsuapi.DRSUAPI_ATTID_managedBy,
+                                drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE,
+                                dc3_id.guid, ou2_id.guid)
+
+        req = self._getnc_req10(dest_dsa=None,
+                                invocation_id=self.ldb_dc1.get_invocation_id(),
+                                nc_dn_str=ou1,
+                                exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ,
+                                replica_flags=drsuapi.DRSUAPI_DRS_WRIT_REP,
+                                more_flags=drsuapi.DRSUAPI_DRS_GET_TGT)
+        (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, 10, req)
+        self._check_ctr6(ctr, [ou1], expected_links=[ou1_link])
+
+        # DRSUAPI_DRS_WRIT_REP means that we should only replicate the dn we give (dc3).
+        # DRSUAPI_DRS_GET_ANC means that we should also replicate its ancestors, but
+        # Windows doesn't do this if we use both.
+        req = self._getnc_req10(dest_dsa=None,
+                                invocation_id=self.ldb_dc1.get_invocation_id(),
+                                nc_dn_str=dc3,
+                                exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ,
+                                replica_flags=drsuapi.DRSUAPI_DRS_WRIT_REP |
+                                drsuapi.DRSUAPI_DRS_GET_ANC,
+                                more_flags=drsuapi.DRSUAPI_DRS_GET_TGT)
+        (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, 10, req)
+        self._check_ctr6(ctr, [dc3], expected_links=[dc3_link])
+
+        # Even though the ancestor of ou2 (ou1) has changed since last hwm, and we're
+        # sending DRSUAPI_DRS_GET_ANC, the expected response is that it will only try
+        # and replicate the single object still.
+        req = self._getnc_req10(dest_dsa=None,
+                                invocation_id=self.ldb_dc1.get_invocation_id(),
+                                nc_dn_str=ou2,
+                                exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ,
+                                replica_flags=drsuapi.DRSUAPI_DRS_CRITICAL_ONLY |
+                                drsuapi.DRSUAPI_DRS_GET_ANC,
+                                more_flags=drsuapi.DRSUAPI_DRS_GET_TGT)
+        (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, 10, req)
+        self._check_ctr6(ctr, [ou2])
+
+    def test_do_full_repl_on_ou(self):
+        """
+        Make sure that a full replication on a not-an-nc fails with
+        the right error code
+        """
+
+        non_nc_ou = "OU=not-an-NC,%s" % self.ou
+        self.ldb_dc1.add({
+            "dn": non_nc_ou,
+            "objectclass": "organizationalUnit"
+        })
+        req8 = self._exop_req8(dest_dsa=None,
+                               invocation_id=self.ldb_dc1.get_invocation_id(),
+                               nc_dn_str=non_nc_ou,
+                               exop=drsuapi.DRSUAPI_EXOP_NONE,
+                               replica_flags=drsuapi.DRSUAPI_DRS_WRIT_REP)
+
+        try:
+            (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, 8, req8)
+            self.fail("Expected DsGetNCChanges to fail with WERR_DS_CANT_FIND_EXPECTED_NC")
+        except WERRORError as e1:
+            (enum, estr) = e1.args
+            self.assertEqual(enum, werror.WERR_DS_CANT_FIND_EXPECTED_NC)
+
+    def test_InvalidNC_DummyDN_InvalidGUID_REPL_OBJ(self):
+        """Test single object replication on a totally invalid GUID fails with the right error code"""
+        fsmo_dn = self.ldb_dc1.get_schema_basedn()
+        (fsmo_owner, fsmo_not_owner) = self._determine_fSMORoleOwner(fsmo_dn)
+
+        req8 = self._exop_req8(dest_dsa="9c637462-5b8c-4467-aef2-bdb1f57bc4ef",
+                               invocation_id=fsmo_owner["invocation_id"],
+                               nc_dn_str="DummyDN",
+                               nc_guid=misc.GUID("c2d2f745-1610-4e93-964b-d4ba73eb32f8"),
+                               exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ)
+
+        (drs, drs_handle) = self._ds_bind(self.dnsname_dc1, ip=self.url_dc1)
+        try:
+            (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
+        except WERRORError as e1:
+            (enum, estr) = e1.args
+            self.assertEqual(enum, werror.WERR_DS_DRA_BAD_DN)
+
+    def test_InvalidNC_DummyDN_InvalidGUID_REPL_SECRET(self):
+        """Test single object replication on a totally invalid GUID fails with the right error code"""
+        fsmo_dn = self.ldb_dc1.get_schema_basedn()
+        (fsmo_owner, fsmo_not_owner) = self._determine_fSMORoleOwner(fsmo_dn)
+
+        req8 = self._exop_req8(dest_dsa="9c637462-5b8c-4467-aef2-bdb1f57bc4ef",
+                               invocation_id=fsmo_owner["invocation_id"],
+                               nc_dn_str="DummyDN",
+                               nc_guid=misc.GUID("c2d2f745-1610-4e93-964b-d4ba73eb32f8"),
+                               exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ)
+
+        (drs, drs_handle) = self._ds_bind(self.dnsname_dc1, ip=self.url_dc1)
+        try:
+            (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
+        except WERRORError as e1:
+            (enum, estr) = e1.args
+            self.assertEqual(enum, werror.WERR_DS_DRA_BAD_DN)
+
+    def test_InvalidNC_DummyDN_InvalidGUID_RID_ALLOC(self):
+        """Test RID Allocation on a totally invalid GUID fails with the right error code"""
+        fsmo_dn = self.ldb_dc1.get_schema_basedn()
+        (fsmo_owner, fsmo_not_owner) = self._determine_fSMORoleOwner(fsmo_dn)
+
+        req8 = self._exop_req8(dest_dsa="9c637462-5b8c-4467-aef2-bdb1f57bc4ef",
+                               invocation_id=fsmo_owner["invocation_id"],
+                               nc_dn_str="DummyDN",
+                               nc_guid=misc.GUID("c2d2f745-1610-4e93-964b-d4ba73eb32f8"),
+                               exop=drsuapi.DRSUAPI_EXOP_FSMO_RID_ALLOC)
+
+        (drs, drs_handle) = self._ds_bind(self.dnsname_dc1, ip=self.url_dc1)
+        try:
+            (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
+        except WERRORError as e1:
+            (enum, estr) = e1.args
+            self.assertEqual(enum, werror.WERR_DS_DRA_BAD_NC)
+
+    def test_valid_GUID_only_REPL_OBJ(self):
+        dc_guid_1 = self.ldb_dc1.get_invocation_id()
+        drs, drs_handle = self._ds_bind(self.dnsname_dc1, ip=self.url_dc1)
+
+        res = self.ldb_dc1.search(base=self.ou, scope=SCOPE_BASE,
+                                  attrs=["objectGUID"])
+
+        guid = misc.GUID(res[0]["objectGUID"][0])
+
+        req8 = self._exop_req8(dest_dsa=None,
+                               invocation_id=dc_guid_1,
+                               nc_dn_str="",
+                               nc_guid=guid,
+                               exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ)
+
+        try:
+            (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
+        except WERRORError as e1:
+            (enum, estr) = e1.args
+            self.fail(f"Failed to call GetNCChanges with EXOP_REPL_OBJ and a GUID: {estr}")
+
+        self.assertEqual(ctr.first_object.object.identifier.guid, guid)
+
+    def test_DummyDN_valid_GUID_REPL_OBJ(self):
+        dc_guid_1 = self.ldb_dc1.get_invocation_id()
+        drs, drs_handle = self._ds_bind(self.dnsname_dc1, ip=self.url_dc1)
+
+        res = self.ldb_dc1.search(base=self.ou, scope=SCOPE_BASE,
+                                  attrs=["objectGUID"])
+
+        guid = misc.GUID(res[0]["objectGUID"][0])
+
+        req8 = self._exop_req8(dest_dsa=None,
+                               invocation_id=dc_guid_1,
+                               nc_dn_str="DummyDN",
+                               nc_guid=guid,
+                               exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ)
+
+        try:
+            (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
+        except WERRORError as e1:
+            (enum, estr) = e1.args
+            self.fail(f"Failed to call GetNCChanges with EXOP_REPL_OBJ, DummyDN and a GUID: {estr}")
+
+        self.assertEqual(ctr.first_object.object.identifier.guid, guid)
+
+    def test_DummyDN_valid_GUID_REPL_SECRET(self):
+        dc_guid_1 = self.ldb_dc1.get_invocation_id()
+        drs, drs_handle = self._ds_bind(self.dnsname_dc1, ip=self.url_dc1)
+
+        res = self.ldb_dc1.search(base=self.ou, scope=SCOPE_BASE,
+                                  attrs=["objectGUID"])
+
+        guid = misc.GUID(res[0]["objectGUID"][0])
+
+        req8 = self._exop_req8(dest_dsa=None,
+                               invocation_id=dc_guid_1,
+                               nc_dn_str="DummyDN",
+                               nc_guid=guid,
+                               exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET)
+
+        try:
+            (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
+        except WERRORError as e1:
+            (enum, estr) = e1.args
+
+            # We expect to get as far as failing on the missing dest_dsa
+            self.assertEqual(enum, werror.WERR_DS_DRA_DB_ERROR)
+
+    def test_link_utdv_hwm(self):
+        """Test verify the DRS_GET_ANC behavior."""
+
+        ou1 = "OU=get_anc1,%s" % self.ou
+        self.ldb_dc1.add({
+            "dn": ou1,
+            "objectclass": "organizationalUnit"
+        })
+        ou1_id = self._get_identifier(self.ldb_dc1, ou1)
+        ou2 = "OU=get_anc2,%s" % ou1
+        self.ldb_dc1.add({
+            "dn": ou2,
+            "objectclass": "organizationalUnit"
+        })
+        ou2_id = self._get_identifier(self.ldb_dc1, ou2)
+        dc3 = "CN=test_anc_dc_%u,%s" % (random.randint(0, 4294967295), ou2)
+        self.ldb_dc1.add({
+            "dn": dc3,
+            "objectclass": "computer",
+            "userAccountControl": "%d" % (samba.dsdb.UF_ACCOUNTDISABLE | samba.dsdb.UF_SERVER_TRUST_ACCOUNT)
+        })
+        dc3_id = self._get_identifier(self.ldb_dc1, dc3)
+
+        (hwm1, utdv1) = self._check_replication([ou1, ou2, dc3],
+                                                drsuapi.DRSUAPI_DRS_WRIT_REP)
+
+        self._check_replication([ou1, ou2, dc3],
+                                drsuapi.DRSUAPI_DRS_WRIT_REP |
+                                drsuapi.DRSUAPI_DRS_GET_ANC)
+
+        self._check_replication([dc3],
+                                drsuapi.DRSUAPI_DRS_CRITICAL_ONLY)
+
+        self._check_replication([ou1, ou2, dc3],
+                                drsuapi.DRSUAPI_DRS_CRITICAL_ONLY |
+                                drsuapi.DRSUAPI_DRS_GET_ANC)
+
+        m = ldb.Message()
+        m.dn = ldb.Dn(self.ldb_dc1, ou1)
+        m["displayName"] = ldb.MessageElement("OU1", ldb.FLAG_MOD_ADD, "displayName")
+        self.ldb_dc1.modify(m)
+
+        (hwm2, utdv2) = self._check_replication([ou2, dc3, ou1],
+                                                drsuapi.DRSUAPI_DRS_WRIT_REP)
+
+        self._check_replication([ou1, ou2, dc3],
+                                drsuapi.DRSUAPI_DRS_WRIT_REP |
+                                drsuapi.DRSUAPI_DRS_GET_ANC)
+
+        self._check_replication([dc3],
+                                drsuapi.DRSUAPI_DRS_CRITICAL_ONLY)
+
+        self._check_replication([ou1, ou2, dc3],
+                                drsuapi.DRSUAPI_DRS_CRITICAL_ONLY |
+                                drsuapi.DRSUAPI_DRS_GET_ANC)
+
+        self._check_replication([ou1],
+                                drsuapi.DRSUAPI_DRS_WRIT_REP,
+                                highwatermark=hwm1)
+
+        self._check_replication([ou1],
+                                drsuapi.DRSUAPI_DRS_WRIT_REP |
+                                drsuapi.DRSUAPI_DRS_GET_ANC,
+                                highwatermark=hwm1)
+
+        self._check_replication([ou1],
+                                drsuapi.DRSUAPI_DRS_WRIT_REP |
+                                drsuapi.DRSUAPI_DRS_GET_ANC,
+                                uptodateness_vector=utdv1)
+
+        m = ldb.Message()
+        m.dn = ldb.Dn(self.ldb_dc1, ou2)
+        m["displayName"] = ldb.MessageElement("OU2", ldb.FLAG_MOD_ADD, "displayName")
+        self.ldb_dc1.modify(m)
+
+        (hwm3, utdv3) = self._check_replication([dc3, ou1, ou2],
+                                                drsuapi.DRSUAPI_DRS_WRIT_REP)
+
+        self._check_replication([ou1, ou2, dc3],
+                                drsuapi.DRSUAPI_DRS_WRIT_REP |
+                                drsuapi.DRSUAPI_DRS_GET_ANC)
+
+        self._check_replication([dc3],
+                                drsuapi.DRSUAPI_DRS_CRITICAL_ONLY)
+
+        self._check_replication([ou1, ou2, dc3],
+                                drsuapi.DRSUAPI_DRS_CRITICAL_ONLY |
+                                drsuapi.DRSUAPI_DRS_GET_ANC)
+
+        self._check_replication([ou1, ou2],
+                                drsuapi.DRSUAPI_DRS_WRIT_REP,
+                                highwatermark=hwm1)
+
+        self._check_replication([ou1, ou2],
+                                drsuapi.DRSUAPI_DRS_WRIT_REP |
+                                drsuapi.DRSUAPI_DRS_GET_ANC,
+                                highwatermark=hwm1)
+
+        self._check_replication([ou1, ou2],
+                                drsuapi.DRSUAPI_DRS_WRIT_REP |
+                                drsuapi.DRSUAPI_DRS_GET_ANC,
+                                uptodateness_vector=utdv1)
+
+        m = ldb.Message()
+        m.dn = ldb.Dn(self.ldb_dc1, self.ou)
+        m["displayName"] = ldb.MessageElement("OU", ldb.FLAG_MOD_ADD, "displayName")
+        self.ldb_dc1.modify(m)
+
+        (hwm4, utdv4) = self._check_replication([dc3, ou1, ou2, self.ou],
+                                                drsuapi.DRSUAPI_DRS_WRIT_REP)
+
+        self._check_replication([self.ou, ou1, ou2, dc3],
+                                drsuapi.DRSUAPI_DRS_WRIT_REP |
+                                drsuapi.DRSUAPI_DRS_GET_ANC)
+
+        self._check_replication([dc3],
+                                drsuapi.DRSUAPI_DRS_CRITICAL_ONLY)
+
+        self._check_replication([self.ou, ou1, ou2, dc3],
+                                drsuapi.DRSUAPI_DRS_CRITICAL_ONLY |
+                                drsuapi.DRSUAPI_DRS_GET_ANC)
+
+        self._check_replication([self.ou, ou2],
+                                drsuapi.DRSUAPI_DRS_WRIT_REP |
+                                drsuapi.DRSUAPI_DRS_GET_ANC,
+                                uptodateness_vector=utdv2)
+
+        cn3 = "CN=get_anc3,%s" % ou2
+        self.ldb_dc1.add({
+            "dn": cn3,
+            "objectclass": "container",
+        })
+
+        (hwm5, utdv5) = self._check_replication([dc3, ou1, ou2, self.ou, cn3],
+                                                drsuapi.DRSUAPI_DRS_WRIT_REP)
+
+        self._check_replication([self.ou, ou1, ou2, dc3, cn3],
+                                drsuapi.DRSUAPI_DRS_WRIT_REP |
+                                drsuapi.DRSUAPI_DRS_GET_ANC)
+
+        self._check_replication([dc3],
+                                drsuapi.DRSUAPI_DRS_CRITICAL_ONLY)
+
+        self._check_replication([self.ou, ou1, ou2, dc3],
+                                drsuapi.DRSUAPI_DRS_CRITICAL_ONLY |
+                                drsuapi.DRSUAPI_DRS_GET_ANC)
+
+        m = ldb.Message()
+        m.dn = ldb.Dn(self.ldb_dc1, ou2)
+        m["managedBy"] = ldb.MessageElement(dc3, ldb.FLAG_MOD_ADD, "managedBy")
+        self.ldb_dc1.modify(m)
+        ou2_managedBy_dc3 = AbstractLink(drsuapi.DRSUAPI_ATTID_managedBy,
+                                         drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE,
+                                         ou2_id.guid, dc3_id.guid)
+
+        (hwm6, utdv6) = self._check_replication([dc3, ou1, self.ou, cn3, ou2],
+                                                drsuapi.DRSUAPI_DRS_WRIT_REP,
+                                                expected_links=[ou2_managedBy_dc3])
+
+        # Can fail against Windows due to equal precedence of dc3, cn3
+        self._check_replication([self.ou, ou1, ou2, dc3, cn3],
+                                drsuapi.DRSUAPI_DRS_WRIT_REP |
+                                drsuapi.DRSUAPI_DRS_GET_ANC,
+                                expected_links=[ou2_managedBy_dc3])
+
+        self._check_replication([dc3],
+                                drsuapi.DRSUAPI_DRS_CRITICAL_ONLY)
+
+        self._check_replication([self.ou, ou1, ou2, dc3],
+                                drsuapi.DRSUAPI_DRS_CRITICAL_ONLY |
+                                drsuapi.DRSUAPI_DRS_GET_ANC)
+
+        self._check_replication([],
+                                drsuapi.DRSUAPI_DRS_WRIT_REP,
+                                uptodateness_vector=utdv5,
+                                expected_links=[ou2_managedBy_dc3])
+
+        self._check_replication([],
+                                drsuapi.DRSUAPI_DRS_CRITICAL_ONLY,
+                                uptodateness_vector=utdv5)
+
+        self._check_replication([],
+                                drsuapi.DRSUAPI_DRS_CRITICAL_ONLY,
+                                uptodateness_vector=utdv5)
+
+        m = ldb.Message()
+        m.dn = ldb.Dn(self.ldb_dc1, dc3)
+        m["managedBy"] = ldb.MessageElement(ou1, ldb.FLAG_MOD_ADD, "managedBy")
+        self.ldb_dc1.modify(m)
+        dc3_managedBy_ou1 = AbstractLink(drsuapi.DRSUAPI_ATTID_managedBy,
+                                         drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE,
+                                         dc3_id.guid, ou1_id.guid)
+
+        (hwm7, utdv7) = self._check_replication([ou1, self.ou, cn3, ou2, dc3],
+                                                drsuapi.DRSUAPI_DRS_WRIT_REP,
+                                                expected_links=[ou2_managedBy_dc3, dc3_managedBy_ou1])
+
+        # Can fail against Windows due to equal precedence of dc3, cn3
+        # self._check_replication([self.ou,ou1,ou2,dc3,cn3],
+        #    drsuapi.DRSUAPI_DRS_WRIT_REP|
+        #    drsuapi.DRSUAPI_DRS_GET_ANC,
+        #    expected_links=[ou2_managedBy_dc3,dc3_managedBy_ou1])
+
+        self._check_replication([dc3],
+                                drsuapi.DRSUAPI_DRS_CRITICAL_ONLY,
+                                expected_links=[dc3_managedBy_ou1])
+
+        self._check_replication([dc3],
+                                drsuapi.DRSUAPI_DRS_CRITICAL_ONLY,
+                                expected_links=[dc3_managedBy_ou1])
+
+        self._check_replication([self.ou, ou1, ou2, dc3],
+                                drsuapi.DRSUAPI_DRS_CRITICAL_ONLY |
+                                drsuapi.DRSUAPI_DRS_GET_ANC,
+                                expected_links=[dc3_managedBy_ou1])
+
+        # GET_TGT seems to override DRS_CRITICAL_ONLY and also returns any
+        # object(s) that relate to the linked attributes (similar to GET_ANC)
+        self._check_replication([ou1, dc3],
+                                drsuapi.DRSUAPI_DRS_CRITICAL_ONLY,
+                                more_flags=drsuapi.DRSUAPI_DRS_GET_TGT,
+                                expected_links=[dc3_managedBy_ou1], dn_ordered=False)
+
+        # Change DC3's managedBy to OU2 instead of OU1
+        # Note that the OU1 managedBy linked attribute will still exist as
+        # a tombstone object (and so will be returned in the replication still)
+        m = ldb.Message()
+        m.dn = ldb.Dn(self.ldb_dc1, dc3)
+        m["managedBy"] = ldb.MessageElement(ou2, ldb.FLAG_MOD_REPLACE, "managedBy")
+        self.ldb_dc1.modify(m)
+        dc3_managedBy_ou1.flags &= ~drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE
+        dc3_managedBy_ou2 = AbstractLink(drsuapi.DRSUAPI_ATTID_managedBy,
+                                         drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE,
+                                         dc3_id.guid, ou2_id.guid)
+
+        (hwm8, utdv8) = self._check_replication([ou1, self.ou, cn3, ou2, dc3],
+                                                drsuapi.DRSUAPI_DRS_WRIT_REP,
+                                                expected_links=[ou2_managedBy_dc3, dc3_managedBy_ou1, dc3_managedBy_ou2])
+
+        # Can fail against Windows due to equal precedence of dc3, cn3
+        # self._check_replication([self.ou,ou1,ou2,dc3,cn3],
+        #    drsuapi.DRSUAPI_DRS_WRIT_REP|
+        #    drsuapi.DRSUAPI_DRS_GET_ANC,
+        #    expected_links=[ou2_managedBy_dc3,dc3_managedBy_ou1,dc3_managedBy_ou2])
+
+        self._check_replication([dc3],
+                                drsuapi.DRSUAPI_DRS_CRITICAL_ONLY,
+                                expected_links=[dc3_managedBy_ou1, dc3_managedBy_ou2])
+
+        self._check_replication([self.ou, ou1, ou2, dc3],
+                                drsuapi.DRSUAPI_DRS_CRITICAL_ONLY |
+                                drsuapi.DRSUAPI_DRS_GET_ANC,
+                                expected_links=[dc3_managedBy_ou1, dc3_managedBy_ou2])
+
+        # GET_TGT will also return any DNs referenced by the linked attributes
+        # (including the Tombstone attribute)
+        self._check_replication([ou1, ou2, dc3],
+                                drsuapi.DRSUAPI_DRS_CRITICAL_ONLY,
+                                more_flags=drsuapi.DRSUAPI_DRS_GET_TGT,
+                                expected_links=[dc3_managedBy_ou1, dc3_managedBy_ou2], dn_ordered=False)
+
+        # Use the highwater-mark prior to changing ManagedBy - this should
+        # only return the old/Tombstone and new linked attributes (we already
+        # know all the DNs)
+        self._check_replication([],
+                                drsuapi.DRSUAPI_DRS_WRIT_REP,
+                                expected_links=[dc3_managedBy_ou1, dc3_managedBy_ou2],
+                                highwatermark=hwm7)
+
+        self._check_replication([],
+                                drsuapi.DRSUAPI_DRS_WRIT_REP |
+                                drsuapi.DRSUAPI_DRS_GET_ANC,
+                                expected_links=[dc3_managedBy_ou1, dc3_managedBy_ou2],
+                                highwatermark=hwm7)
+
+        self._check_replication([],
+                                drsuapi.DRSUAPI_DRS_CRITICAL_ONLY,
+                                expected_links=[dc3_managedBy_ou1, dc3_managedBy_ou2],
+                                highwatermark=hwm7)
+
+        self._check_replication([],
+                                drsuapi.DRSUAPI_DRS_CRITICAL_ONLY |
+                                drsuapi.DRSUAPI_DRS_GET_ANC,
+                                expected_links=[dc3_managedBy_ou1, dc3_managedBy_ou2],
+                                highwatermark=hwm7)
+
+        self._check_replication([],
+                                drsuapi.DRSUAPI_DRS_CRITICAL_ONLY,
+                                more_flags=drsuapi.DRSUAPI_DRS_GET_TGT,
+                                expected_links=[dc3_managedBy_ou1, dc3_managedBy_ou2],
+                                highwatermark=hwm7)
+
+        # Repeat the above set of tests using the uptodateness_vector
+        # instead of the highwater-mark
+        self._check_replication([],
+                                drsuapi.DRSUAPI_DRS_WRIT_REP,
+                                expected_links=[dc3_managedBy_ou1, dc3_managedBy_ou2],
+                                uptodateness_vector=utdv7)
+
+        self._check_replication([],
+                                drsuapi.DRSUAPI_DRS_WRIT_REP |
+                                drsuapi.DRSUAPI_DRS_GET_ANC,
+                                expected_links=[dc3_managedBy_ou1, dc3_managedBy_ou2],
+                                uptodateness_vector=utdv7)
+
+        self._check_replication([],
+                                drsuapi.DRSUAPI_DRS_CRITICAL_ONLY,
+                                expected_links=[dc3_managedBy_ou1, dc3_managedBy_ou2],
+                                uptodateness_vector=utdv7)
+
+        self._check_replication([],
+                                drsuapi.DRSUAPI_DRS_CRITICAL_ONLY |
+                                drsuapi.DRSUAPI_DRS_GET_ANC,
+                                expected_links=[dc3_managedBy_ou1, dc3_managedBy_ou2],
+                                uptodateness_vector=utdv7)
+
+        self._check_replication([],
+                                drsuapi.DRSUAPI_DRS_CRITICAL_ONLY,
+                                more_flags=drsuapi.DRSUAPI_DRS_GET_TGT,
+                                expected_links=[dc3_managedBy_ou1, dc3_managedBy_ou2],
+                                uptodateness_vector=utdv7)
+
+    def test_FSMONotOwner(self):
+        """Test role transfer with against DC not owner of the role"""
+        fsmo_dn = self.ldb_dc1.get_schema_basedn()
+        (fsmo_owner, fsmo_not_owner) = self._determine_fSMORoleOwner(fsmo_dn)
+
+        req8 = self._exop_req8(dest_dsa=fsmo_owner["ntds_guid"],
+                               invocation_id=fsmo_not_owner["invocation_id"],
+                               nc_dn_str=fsmo_dn,
+                               exop=drsuapi.DRSUAPI_EXOP_FSMO_REQ_ROLE)
+
+        (drs, drs_handle) = self._ds_bind(fsmo_not_owner["dns_name"])
+        (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
+        self.assertEqual(level, 6, "Expected level 6 response!")
+        self._check_exop_failed(ctr, drsuapi.DRSUAPI_EXOP_ERR_FSMO_NOT_OWNER)
+        self.assertEqual(ctr.source_dsa_guid, misc.GUID(fsmo_not_owner["ntds_guid"]))
+        self.assertEqual(ctr.source_dsa_invocation_id, misc.GUID(fsmo_not_owner["invocation_id"]))
+
+    def test_InvalidDestDSA(self):
+        """Test role transfer with invalid destination DSA guid"""
+        fsmo_dn = self.ldb_dc1.get_schema_basedn()
+        (fsmo_owner, fsmo_not_owner) = self._determine_fSMORoleOwner(fsmo_dn)
+
+        req8 = self._exop_req8(dest_dsa="9c637462-5b8c-4467-aef2-bdb1f57bc4ef",
+                               invocation_id=fsmo_owner["invocation_id"],
+                               nc_dn_str=fsmo_dn,
+                               exop=drsuapi.DRSUAPI_EXOP_FSMO_REQ_ROLE)
+
+        (drs, drs_handle) = self._ds_bind(fsmo_owner["dns_name"])
+        (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
+        self.assertEqual(level, 6, "Expected level 6 response!")
+        self._check_exop_failed(ctr, drsuapi.DRSUAPI_EXOP_ERR_UNKNOWN_CALLER)
+        self.assertEqual(ctr.source_dsa_guid, misc.GUID(fsmo_owner["ntds_guid"]))
+        self.assertEqual(ctr.source_dsa_invocation_id, misc.GUID(fsmo_owner["invocation_id"]))
+
+    def test_InvalidDestDSA_and_GUID(self):
+        """Test role transfer with invalid destination DSA guid"""
+        fsmo_dn = self.ldb_dc1.get_schema_basedn()
+        (fsmo_owner, fsmo_not_owner) = self._determine_fSMORoleOwner(fsmo_dn)
+
+        req8 = self._exop_req8(dest_dsa="9c637462-5b8c-4467-aef2-bdb1f57bc4ef",
+                               invocation_id=fsmo_owner["invocation_id"],
+                               nc_dn_str="DummyDN",
+                               nc_guid=misc.GUID("c2d2f745-1610-4e93-964b-d4ba73eb32f8"),
+                               exop=drsuapi.DRSUAPI_EXOP_FSMO_REQ_ROLE)
+
+        (drs, drs_handle) = self._ds_bind(fsmo_owner["dns_name"])
+        try:
+            (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
+        except WERRORError as e1:
+            (enum, estr) = e1.args
+            self.fail(f"DsGetNCChanges failed with {estr}")
+        self.assertEqual(level, 6, "Expected level 6 response!")
+        self._check_exop_failed(ctr, drsuapi.DRSUAPI_EXOP_ERR_UNKNOWN_CALLER)
+        self.assertEqual(ctr.source_dsa_guid, misc.GUID(fsmo_owner["ntds_guid"]))
+        self.assertEqual(ctr.source_dsa_invocation_id, misc.GUID(fsmo_owner["invocation_id"]))
+
+    def test_InvalidDestDSA_and_GUID_RID_ALLOC(self):
+        """Test role transfer with invalid destination DSA guid"""
+        fsmo_dn = self.ldb_dc1.get_schema_basedn()
+        (fsmo_owner, fsmo_not_owner) = self._determine_fSMORoleOwner(fsmo_dn)
+
+        req8 = self._exop_req8(dest_dsa="9c637462-5b8c-4467-aef2-bdb1f57bc4ef",
+                               invocation_id=fsmo_owner["invocation_id"],
+                               nc_dn_str="DummyDN",
+                               nc_guid=misc.GUID("c2d2f745-1610-4e93-964b-d4ba73eb32f8"),
+                               exop=drsuapi.DRSUAPI_EXOP_FSMO_RID_ALLOC)
+
+        (drs, drs_handle) = self._ds_bind(fsmo_owner["dns_name"])
+        try:
+            (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
+        except WERRORError as e1:
+            (enum, estr) = e1.args
+            self.fail(f"DsGetNCChanges failed with {estr}")
+        self.assertEqual(level, 6, "Expected level 6 response!")
+        self._check_exop_failed(ctr, drsuapi.DRSUAPI_EXOP_ERR_UNKNOWN_CALLER)
+        self.assertEqual(ctr.source_dsa_guid, misc.GUID(fsmo_owner["ntds_guid"]))
+        self.assertEqual(ctr.source_dsa_invocation_id, misc.GUID(fsmo_owner["invocation_id"]))
+
+
+class DrsReplicaPrefixMapTestCase(drs_base.DrsBaseTestCase):
+    def setUp(self):
+        super(DrsReplicaPrefixMapTestCase, self).setUp()
+        self.base_dn = self.ldb_dc1.get_default_basedn()
+        self.ou = "ou=pfm_exop%d,%s" % (random.randint(0, 4294967295),
+                                        self.base_dn)
+        self.ldb_dc1.add({
+            "dn": self.ou,
+            "objectclass": "organizationalUnit"})
+        self.user = "cn=testuser,%s" % self.ou
+        self.ldb_dc1.add({
+            "dn": self.user,
+            "objectclass": "user"})
+
+    def tearDown(self):
+        super(DrsReplicaPrefixMapTestCase, self).tearDown()
+        try:
+            self.ldb_dc1.delete(self.ou, ["tree_delete:1"])
+        except ldb.LdbError as e2:
+            (enum, string) = e2.args
+            if enum == ldb.ERR_NO_SUCH_OBJECT:
+                pass
+
+    def test_missing_prefix_map_dsa(self):
+        partial_attribute_set = self.get_partial_attribute_set()
+
+        dc_guid_1 = self.ldb_dc1.get_invocation_id()
+
+        drs, drs_handle = self._ds_bind(self.dnsname_dc1, ip=self.url_dc1)
+
+        req8 = self._exop_req8(dest_dsa=None,
+                               invocation_id=dc_guid_1,
+                               nc_dn_str=self.user,
+                               exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ,
+                               partial_attribute_set=partial_attribute_set)
+
+        try:
+            (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
+            self.assertEqual(ctr.extended_ret, drsuapi.DRSUAPI_EXOP_ERR_SUCCESS)
+        except RuntimeError:
+            self.fail("Missing prefixmap shouldn't have triggered an error")
+
+    def test_invalid_prefix_map_attid(self):
+        # Request for invalid attid
+        partial_attribute_set = self.get_partial_attribute_set([99999])
+
+        dc_guid_1 = self.ldb_dc1.get_invocation_id()
+        drs, drs_handle = self._ds_bind(self.dnsname_dc1, ip=self.url_dc1)
+
+        try:
+            pfm = self._samdb_fetch_pfm_and_schi()
+        except KeyError:
+            # On Windows, prefixMap isn't available over LDAP
+            req8 = self._exop_req8(dest_dsa=None,
+                                   invocation_id=dc_guid_1,
+                                   nc_dn_str=self.user,
+                                   exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ)
+            (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
+            pfm = ctr.mapping_ctr
+
+        req8 = self._exop_req8(dest_dsa=None,
+                               invocation_id=dc_guid_1,
+                               nc_dn_str=self.user,
+                               exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ,
+                               partial_attribute_set=partial_attribute_set,
+                               mapping_ctr=pfm)
+
+        try:
+            (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
+            self.fail("Invalid attid (99999) should have triggered an error")
+        except RuntimeError as e3:
+            (ecode, emsg) = e3.args
+            self.assertEqual(ecode, 0x000020E2, "Error code should have been "
+                             "WERR_DS_DRA_SCHEMA_MISMATCH")
+
+    def test_secret_prefix_map_attid(self):
+        # Request for a secret attid
+        partial_attribute_set = self.get_partial_attribute_set([drsuapi.DRSUAPI_ATTID_unicodePwd])
+
+        dc_guid_1 = self.ldb_dc1.get_invocation_id()
+        drs, drs_handle = self._ds_bind(self.dnsname_dc1, ip=self.url_dc1)
+
+        try:
+            pfm = self._samdb_fetch_pfm_and_schi()
+        except KeyError:
+            # On Windows, prefixMap isn't available over LDAP
+            req8 = self._exop_req8(dest_dsa=None,
+                                   invocation_id=dc_guid_1,
+                                   nc_dn_str=self.user,
+                                   exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ)
+            (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
+            pfm = ctr.mapping_ctr
+
+        req8 = self._exop_req8(dest_dsa=None,
+                               invocation_id=dc_guid_1,
+                               nc_dn_str=self.user,
+                               exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ,
+                               partial_attribute_set=partial_attribute_set,
+                               mapping_ctr=pfm)
+
+        (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
+
+        found = False
+        for attr in ctr.first_object.object.attribute_ctr.attributes:
+            if attr.attid == drsuapi.DRSUAPI_ATTID_unicodePwd:
+                found = True
+                break
+
+        self.assertTrue(found, "Ensure we get the unicodePwd attribute back")
+
+        for i, mapping in enumerate(pfm.mappings):
+            # OID: 2.5.4.*
+            # objectClass: 2.5.4.0
+            if mapping.oid.binary_oid == [85, 4]:
+                idx1 = i
+            # OID: 1.2.840.113556.1.4.*
+            # unicodePwd: 1.2.840.113556.1.4.90
+            elif mapping.oid.binary_oid == [42, 134, 72, 134, 247, 20, 1, 4]:
+                idx2 = i
+
+        (pfm.mappings[idx1].id_prefix,
+         pfm.mappings[idx2].id_prefix) = (pfm.mappings[idx2].id_prefix,
+                                          pfm.mappings[idx1].id_prefix)
+
+        tmp = pfm.mappings
+        tmp[idx1], tmp[idx2] = tmp[idx2], tmp[idx1]
+        pfm.mappings = tmp
+
+        # 90 for unicodePwd (with new prefix = 0)
+        # 589824, 589827 for objectClass and CN
+        # Use of three ensures sorting is correct
+        partial_attribute_set = self.get_partial_attribute_set([90, 589824, 589827])
+        req8 = self._exop_req8(dest_dsa=None,
+                               invocation_id=dc_guid_1,
+                               nc_dn_str=self.user,
+                               exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ,
+                               partial_attribute_set=partial_attribute_set,
+                               mapping_ctr=pfm)
+
+        (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
+
+        found = False
+        for attr in ctr.first_object.object.attribute_ctr.attributes:
+            if attr.attid == drsuapi.DRSUAPI_ATTID_unicodePwd:
+                found = True
+                break
+
+        self.assertTrue(found, "Ensure we get the unicodePwd attribute back")
+
+    def test_regular_prefix_map_attid(self):
+        # Request for a regular (non-secret) attid
+        partial_attribute_set = self.get_partial_attribute_set([drsuapi.DRSUAPI_ATTID_name])
+
+        dc_guid_1 = self.ldb_dc1.get_invocation_id()
+        drs, drs_handle = self._ds_bind(self.dnsname_dc1, ip=self.url_dc1)
+
+        try:
+            pfm = self._samdb_fetch_pfm_and_schi()
+        except KeyError:
+            # On Windows, prefixMap isn't available over LDAP
+            req8 = self._exop_req8(dest_dsa=None,
+                                   invocation_id=dc_guid_1,
+                                   nc_dn_str=self.user,
+                                   exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ)
+            (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
+            pfm = ctr.mapping_ctr
+
+        req8 = self._exop_req8(dest_dsa=None,
+                               invocation_id=dc_guid_1,
+                               nc_dn_str=self.user,
+                               exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ,
+                               partial_attribute_set=partial_attribute_set,
+                               mapping_ctr=pfm)
+
+        (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
+
+        found = False
+        for attr in ctr.first_object.object.attribute_ctr.attributes:
+            if attr.attid == drsuapi.DRSUAPI_ATTID_name:
+                found = True
+                break
+
+        self.assertTrue(found, "Ensure we get the name attribute back")
+
+        for i, mapping in enumerate(pfm.mappings):
+            # OID: 2.5.4.*
+            # objectClass: 2.5.4.0
+            if mapping.oid.binary_oid == [85, 4]:
+                idx1 = i
+            # OID: 1.2.840.113556.1.4.*
+            # name: 1.2.840.113556.1.4.1
+            elif mapping.oid.binary_oid == [42, 134, 72, 134, 247, 20, 1, 4]:
+                idx2 = i
+
+        (pfm.mappings[idx1].id_prefix,
+         pfm.mappings[idx2].id_prefix) = (pfm.mappings[idx2].id_prefix,
+                                          pfm.mappings[idx1].id_prefix)
+
+        tmp = pfm.mappings
+        tmp[idx1], tmp[idx2] = tmp[idx2], tmp[idx1]
+        pfm.mappings = tmp
+
+        # 1 for name (with new prefix = 0)
+        partial_attribute_set = self.get_partial_attribute_set([1])
+        req8 = self._exop_req8(dest_dsa=None,
+                               invocation_id=dc_guid_1,
+                               nc_dn_str=self.user,
+                               exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ,
+                               partial_attribute_set=partial_attribute_set,
+                               mapping_ctr=pfm)
+
+        (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
+
+        found = False
+        for attr in ctr.first_object.object.attribute_ctr.attributes:
+            if attr.attid == drsuapi.DRSUAPI_ATTID_name:
+                found = True
+                break
+
+        self.assertTrue(found, "Ensure we get the name attribute back")
+
+    def test_regular_prefix_map_ex_attid(self):
+        # Request for a regular (non-secret) attid
+        partial_attribute_set = self.get_partial_attribute_set([drsuapi.DRSUAPI_ATTID_name])
+        partial_attribute_set_ex = self.get_partial_attribute_set([drsuapi.DRSUAPI_ATTID_unicodePwd])
+
+        dc_guid_1 = self.ldb_dc1.get_invocation_id()
+        drs, drs_handle = self._ds_bind(self.dnsname_dc1, ip=self.url_dc1)
+
+        try:
+            pfm = self._samdb_fetch_pfm_and_schi()
+        except KeyError:
+            # On Windows, prefixMap isn't available over LDAP
+            req8 = self._exop_req8(dest_dsa=None,
+                                   invocation_id=dc_guid_1,
+                                   nc_dn_str=self.user,
+                                   exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ)
+            (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
+            pfm = ctr.mapping_ctr
+
+        req8 = self._exop_req8(dest_dsa=None,
+                               invocation_id=dc_guid_1,
+                               nc_dn_str=self.user,
+                               exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ,
+                               partial_attribute_set=partial_attribute_set,
+                               partial_attribute_set_ex=partial_attribute_set_ex,
+                               mapping_ctr=pfm)
+
+        (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
+
+        found = False
+        for attr in ctr.first_object.object.attribute_ctr.attributes:
+            if attr.attid == drsuapi.DRSUAPI_ATTID_name:
+                found = True
+                break
+
+        self.assertTrue(found, "Ensure we get the name attribute back")
+
+        found = False
+        for attr in ctr.first_object.object.attribute_ctr.attributes:
+            if attr.attid == drsuapi.DRSUAPI_ATTID_unicodePwd:
+                found = True
+                break
+
+        self.assertTrue(found, "Ensure we get the unicodePwd attribute back")
+
+        for i, mapping in enumerate(pfm.mappings):
+            # OID: 2.5.4.*
+            # objectClass: 2.5.4.0
+            if mapping.oid.binary_oid == [85, 4]:
+                idx1 = i
+            # OID: 1.2.840.113556.1.4.*
+            # name: 1.2.840.113556.1.4.1
+            # unicodePwd: 1.2.840.113556.1.4.90
+            elif mapping.oid.binary_oid == [42, 134, 72, 134, 247, 20, 1, 4]:
+                idx2 = i
+
+        (pfm.mappings[idx1].id_prefix,
+         pfm.mappings[idx2].id_prefix) = (pfm.mappings[idx2].id_prefix,
+                                          pfm.mappings[idx1].id_prefix)
+
+        tmp = pfm.mappings
+        tmp[idx1], tmp[idx2] = tmp[idx2], tmp[idx1]
+        pfm.mappings = tmp
+
+        # 1 for name (with new prefix = 0)
+        partial_attribute_set = self.get_partial_attribute_set([1])
+        # 90 for unicodePwd (with new prefix = 0)
+        # HOWEVER: Windows doesn't seem to respect incoming maps for PartialAttrSetEx
+        partial_attribute_set_ex = self.get_partial_attribute_set([drsuapi.DRSUAPI_ATTID_unicodePwd])
+        req8 = self._exop_req8(dest_dsa=None,
+                               invocation_id=dc_guid_1,
+                               nc_dn_str=self.user,
+                               exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ,
+                               partial_attribute_set=partial_attribute_set,
+                               partial_attribute_set_ex=partial_attribute_set_ex,
+                               mapping_ctr=pfm)
+
+        (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
+
+        found = False
+        for attr in ctr.first_object.object.attribute_ctr.attributes:
+            if attr.attid == drsuapi.DRSUAPI_ATTID_name:
+                found = True
+                break
+
+        self.assertTrue(found, "Ensure we get the name attribute back")
+
+        found = False
+        for attr in ctr.first_object.object.attribute_ctr.attributes:
+            if attr.attid == drsuapi.DRSUAPI_ATTID_unicodePwd:
+                found = True
+                break
+
+        self.assertTrue(found, "Ensure we get the unicodePwd attribute back")
+
+    def _samdb_fetch_pfm_and_schi(self):
+        """Fetch prefixMap and schemaInfo stored in SamDB using LDB connection"""
+        samdb = self.ldb_dc1
+        res = samdb.search(base=samdb.get_schema_basedn(), scope=SCOPE_BASE,
+                           attrs=["prefixMap", "schemaInfo"])
+
+        pfm = ndr_unpack(drsblobs.prefixMapBlob,
+                         res[0]['prefixMap'][0])
+
+        schi = drsuapi.DsReplicaOIDMapping()
+        schi.id_prefix = 0
+        if 'schemaInfo' in res[0]:
+            binary_oid = [x if isinstance(x, int) else ord(x) for x in res[0]['schemaInfo'][0]]
+            schi.oid.length = len(binary_oid)
+            schi.oid.binary_oid = binary_oid
+        else:
+            schema_info = drsblobs.schemaInfoBlob()
+            schema_info.revision = 0
+            schema_info.marker = 0xFF
+            schema_info.invocation_id = misc.GUID(samdb.get_invocation_id())
+
+            binary_oid = [x if isinstance(x, int) else ord(x) for x in ndr_pack(schema_info)]
+            # you have to set the length before setting binary_oid
+            schi.oid.length = len(binary_oid)
+            schi.oid.binary_oid = binary_oid
+
+        pfm.ctr.mappings = pfm.ctr.mappings + [schi]
+        pfm.ctr.num_mappings += 1
+        return pfm.ctr
+
+
+class DrsReplicaSyncSortTestCase(drs_base.DrsBaseTestCase):
+    def setUp(self):
+        super(DrsReplicaSyncSortTestCase, self).setUp()
+        self.base_dn = self.ldb_dc1.get_default_basedn()
+        self.ou = "ou=sort_exop%d,%s" % (random.randint(0, 4294967295),
+                                         self.base_dn)
+        self.ldb_dc1.add({
+            "dn": self.ou,
+            "objectclass": "organizationalUnit"})
+
+    def tearDown(self):
+        super(DrsReplicaSyncSortTestCase, self).tearDown()
+        # tidyup groups and users
+        try:
+            self.ldb_dc1.delete(self.ou, ["tree_delete:1"])
+        except ldb.LdbError as e4:
+            (enum, string) = e4.args
+            if enum == ldb.ERR_NO_SUCH_OBJECT:
+                pass
+
+    def add_linked_attribute(self, src, dest, attr='member'):
+        m = ldb.Message()
+        m.dn = ldb.Dn(self.ldb_dc1, src)
+        m[attr] = ldb.MessageElement(dest, ldb.FLAG_MOD_ADD, attr)
+        self.ldb_dc1.modify(m)
+
+    def remove_linked_attribute(self, src, dest, attr='member'):
+        m = ldb.Message()
+        m.dn = ldb.Dn(self.ldb_dc1, src)
+        m[attr] = ldb.MessageElement(dest, ldb.FLAG_MOD_DELETE, attr)
+        self.ldb_dc1.modify(m)
+
+    def test_sort_behaviour_single_object(self):
+        """Testing sorting behaviour on single objects"""
+
+        user1_dn = "cn=test_user1,%s" % self.ou
+        user2_dn = "cn=test_user2,%s" % self.ou
+        user3_dn = "cn=test_user3,%s" % self.ou
+        group_dn = "cn=test_group,%s" % self.ou
+
+        self.ldb_dc1.add({"dn": user1_dn, "objectclass": "user"})
+        self.ldb_dc1.add({"dn": user2_dn, "objectclass": "user"})
+        self.ldb_dc1.add({"dn": user3_dn, "objectclass": "user"})
+        self.ldb_dc1.add({"dn": group_dn, "objectclass": "group"})
+
+        u1_guid = misc.GUID(self.ldb_dc1.search(base=user1_dn,
+                                                attrs=["objectGUID"])[0]['objectGUID'][0])
+        u2_guid = misc.GUID(self.ldb_dc1.search(base=user2_dn,
+                                                attrs=["objectGUID"])[0]['objectGUID'][0])
+        u3_guid = misc.GUID(self.ldb_dc1.search(base=user3_dn,
+                                                attrs=["objectGUID"])[0]['objectGUID'][0])
+        g_guid = misc.GUID(self.ldb_dc1.search(base=group_dn,
+                                               attrs=["objectGUID"])[0]['objectGUID'][0])
+
+        self.add_linked_attribute(group_dn, user1_dn,
+                                  attr='member')
+        self.add_linked_attribute(group_dn, user2_dn,
+                                  attr='member')
+        self.add_linked_attribute(group_dn, user3_dn,
+                                  attr='member')
+        self.add_linked_attribute(group_dn, user1_dn,
+                                  attr='managedby')
+        self.add_linked_attribute(group_dn, user2_dn,
+                                  attr='nonSecurityMember')
+        self.add_linked_attribute(group_dn, user3_dn,
+                                  attr='nonSecurityMember')
+
+        set_inactive = AbstractLink(drsuapi.DRSUAPI_ATTID_nonSecurityMember,
+                                    drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE,
+                                    g_guid, u3_guid)
+
+        expected_links = set([set_inactive,
+                              AbstractLink(drsuapi.DRSUAPI_ATTID_member,
+                                           drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE,
+                                           g_guid,
+                                           u1_guid),
+                              AbstractLink(drsuapi.DRSUAPI_ATTID_member,
+                                           drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE,
+                                           g_guid,
+                                           u2_guid),
+                              AbstractLink(drsuapi.DRSUAPI_ATTID_member,
+                                           drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE,
+                                           g_guid,
+                                           u3_guid),
+                              AbstractLink(drsuapi.DRSUAPI_ATTID_managedBy,
+                                           drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE,
+                                           g_guid,
+                                           u1_guid),
+                              AbstractLink(drsuapi.DRSUAPI_ATTID_nonSecurityMember,
+                                           drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE,
+                                           g_guid,
+                                           u2_guid),
+                              ])
+
+        dc_guid_1 = self.ldb_dc1.get_invocation_id()
+
+        drs, drs_handle = self._ds_bind(self.dnsname_dc1, ip=self.url_dc1)
+
+        req8 = self._exop_req8(dest_dsa=None,
+                               invocation_id=dc_guid_1,
+                               nc_dn_str=group_dn,
+                               exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ)
+
+        (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
+
+        no_inactive = []
+        for link in ctr.linked_attributes:
+            target_guid = ndr_unpack(drsuapi.DsReplicaObjectIdentifier3,
+                                     link.value.blob).guid
+            no_inactive.append((link, target_guid))
+            self.assertTrue(AbstractLink(link.attid, link.flags,
+                                         link.identifier.guid,
+                                         target_guid) in expected_links)
+
+        no_inactive.sort(key=cmp_to_key(_linked_attribute_compare))
+
+        # assert the two arrays are the same
+        self.assertEqual(len(expected_links), ctr.linked_attributes_count)
+        self.assertEqual([x[0] for x in no_inactive], ctr.linked_attributes)
+
+        self.remove_linked_attribute(group_dn, user3_dn,
+                                     attr='nonSecurityMember')
+
+        # Set the link inactive
+        expected_links.remove(set_inactive)
+        set_inactive.flags = 0
+        expected_links.add(set_inactive)
+
+        has_inactive = []
+        (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
+        for link in ctr.linked_attributes:
+            target_guid = ndr_unpack(drsuapi.DsReplicaObjectIdentifier3,
+                                     link.value.blob).guid
+            has_inactive.append((link, target_guid))
+            self.assertTrue(AbstractLink(link.attid, link.flags,
+                                         link.identifier.guid,
+                                         target_guid) in expected_links)
+
+        has_inactive.sort(key=cmp_to_key(_linked_attribute_compare))
+
+        # assert the two arrays are the same
+        self.assertEqual(len(expected_links), ctr.linked_attributes_count)
+        self.assertEqual([x[0] for x in has_inactive], ctr.linked_attributes)
+
+    def test_sort_behaviour_ncchanges(self):
+        """Testing sorting behaviour on a group of objects."""
+        user1_dn = "cn=test_user1,%s" % self.ou
+        group_dn = "cn=test_group,%s" % self.ou
+        self.ldb_dc1.add({"dn": user1_dn, "objectclass": "user"})
+        self.ldb_dc1.add({"dn": group_dn, "objectclass": "group"})
+
+        self.add_linked_attribute(group_dn, user1_dn,
+                                  attr='member')
+
+        dc_guid_1 = self.ldb_dc1.get_invocation_id()
+
+        drs, drs_handle = self._ds_bind(self.dnsname_dc1, ip=self.url_dc1)
+
+        # Make sure the max objects count is high enough
+        req8 = self._exop_req8(dest_dsa=None,
+                               invocation_id=dc_guid_1,
+                               nc_dn_str=self.base_dn,
+                               replica_flags=0,
+                               max_objects=100,
+                               exop=drsuapi.DRSUAPI_EXOP_NONE)
+
+        # Loop until we get linked attributes, or we get to the end.
+        # Samba sends linked attributes at the end, unlike Windows.
+        while True:
+            (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
+            if ctr.more_data == 0 or ctr.linked_attributes_count != 0:
+                break
+            req8.highwatermark = ctr.new_highwatermark
+
+        self.assertTrue(ctr.linked_attributes_count != 0)
+
+        no_inactive = []
+        for link in ctr.linked_attributes:
+            try:
+                target_guid = ndr_unpack(drsuapi.DsReplicaObjectIdentifier3,
+                                         link.value.blob).guid
+            except:
+                target_guid = ndr_unpack(drsuapi.DsReplicaObjectIdentifier3Binary,
+                                         link.value.blob).guid
+            no_inactive.append((link, target_guid))
+
+        no_inactive.sort(key=cmp_to_key(_linked_attribute_compare))
+
+        # assert the two arrays are the same
+        self.assertEqual([x[0] for x in no_inactive], ctr.linked_attributes)
diff --git a/source4/torture/drs/python/getnc_schema.py b/source4/torture/drs/python/getnc_schema.py
new file mode 100644
index 0000000..60062f9
--- /dev/null
+++ b/source4/torture/drs/python/getnc_schema.py
@@ -0,0 +1,304 @@
+import drs_base
+import ldb
+import time
+import random
+import os
+
+break_me = os.getenv("PLEASE_BREAK_MY_WINDOWS") == "1"
+assert break_me, ("This test breaks Windows active directory after "
+                  "a few runs.  Set PLEASE_BREAK_MY_WINDOWS=1 to run.")
+
+# This test runs against Windows.  To run, set up two Windows AD DCs, join one
+# to the other, and make sure the passwords are the same.  SMB_CONF_PATH must
+# also be set to any smb.conf file. Set DC1 to the PDC's hostname, and DC2 to
+# the join'd DC's hostname. Example:
+# PLEASE_BREAK_MY_WINDOWS=1
+# DC1=pdc DC2=joindc
+# SMB_CONF_PATH=st/ad_dc/etc/smb.conf
+# PYTHONPATH=$PYTHONPATH:./source4/torture/drs/python
+# python3 ./source4/scripting/bin/subunitrun getnc_schema
+# -UAdministrator%Password
+
+class SchemaReplicationTests(drs_base.DrsBaseTestCase):
+
+    def setUp(self):
+        super(SchemaReplicationTests, self).setUp()
+        self.creds = self.get_credentials()
+        self.cmdline_auth = "-U{}%{}".format(self.creds.get_username(),
+                                             self.creds.get_password())
+
+        self.from_ldb = self.ldb_dc1
+        self.dest_ldb = self.ldb_dc2
+        self._disable_inbound_repl(self.url_dc1)
+        self._disable_all_repl(self.url_dc1)
+        self.free_offset = 0
+
+    def tearDown(self):
+        self._enable_inbound_repl(self.url_dc1)
+        self._enable_all_repl(self.url_dc1)
+
+    def do_repl(self, partition_dn):
+        self._enable_inbound_repl(self.url_dc1)
+        self._enable_all_repl(self.url_dc1)
+
+        samba_tool_cmd = ["drs", "replicate", self.url_dc2, self.url_dc1]
+        samba_tool_cmd += [partition_dn]
+        username = self.creds.get_username()
+        password = self.creds.get_password()
+        samba_tool_cmd += ["-U{0}%{1}".format(username, password)]
+
+        (result, out, err) = self.runsubcmd(*samba_tool_cmd)
+
+        try:
+            self.assertCmdSuccess(result, out, err)
+        except AssertionError:
+            print("Failed repl, retrying in 10s")
+            time.sleep(10)
+            (result, out, err) = self.runsubcmd(*samba_tool_cmd)
+
+        self._disable_inbound_repl(self.url_dc1)
+        self._disable_all_repl(self.url_dc1)
+
+        self.assertCmdSuccess(result, out, err)
+
+    # Get a unique prefix for some search expression like "([att]=[pref]{i}*)"
+    def get_unique(self, expr_templ):
+        found = True
+        while found:
+            i = random.randint(0, 65535)
+            res = self.from_ldb.search(base=self.schema_dn,
+                                       scope=ldb.SCOPE_SUBTREE,
+                                       expression=expr_templ.format(i=i))
+            found = len(res) > 0
+
+        return str(i)
+
+    def unique_gov_id_prefix(self):
+        prefix = "1.3.6.1.4.1.7165.4.6.2.8."
+        return prefix + self.get_unique("(governsId=" + prefix + "{i}.*)")
+
+    def unique_cn_prefix(self, prefix="testobj"):
+        return prefix + self.get_unique("(cn=" + prefix + "{i}x*)") + "x"
+
+    # Make test schema classes linked to each other in a line, then modify
+    # them in reverse order so when we repl, a link crosses the chunk
+    # boundary.  Chunk size is 133 by default so we do 150.
+    def test_poss_superiors_across_chunk(self):
+        num_schema_objects_to_add = 150
+        class_name = self.unique_cn_prefix()
+
+        ldif_template = """
+dn: CN={class_name}{i},{schema_dn}
+objectClass: top
+objectClass: classSchema
+adminDescription: {class_name}{i}
+adminDisplayName: {class_name}{i}
+cn: {class_name}{i}
+governsId: {gov_id}.{i}
+instanceType: 4
+objectClassCategory: 1
+systemFlags: 16
+systemOnly: FALSE
+"""
+
+        ldif_kwargs = {'class_name': class_name,
+                       'schema_dn': self.schema_dn}
+        gov_id = self.unique_gov_id_prefix()
+        ldif = ldif_template.format(i=0, gov_id=gov_id, **ldif_kwargs)
+        self.from_ldb.add_ldif(ldif)
+
+        ldif_template += "systemPossSuperiors: {possSup}\n"
+
+        ids = list(range(num_schema_objects_to_add))
+        got_no_such_attrib = False
+        for i in ids[1:]:
+            last_class_name = class_name + str(i-1)
+            ldif = ldif_template.format(i=i, gov_id=gov_id,
+                                        possSup=last_class_name,
+                                        **ldif_kwargs)
+
+            try:
+                self.from_ldb.add_ldif(ldif)
+                if got_no_such_attrib:
+                    self.from_ldb.set_schema_update_now()
+            except ldb.LdbError as e:
+                if e.args[0] != ldb.ERR_NO_SUCH_ATTRIBUTE:
+                    self.fail(e)
+                if got_no_such_attrib:
+                    self.fail(("got NO_SUCH_ATTRIB even after "
+                               "setting schemaUpdateNow", str(e)))
+                print("got NO_SUCH_ATTRIB, trying schemaUpdateNow")
+                got_no_such_attrib = True
+                self.from_ldb.set_schema_update_now()
+                self.from_ldb.add_ldif(ldif)
+                self.from_ldb.set_schema_update_now()
+
+        ldif_template = """
+dn: CN={class_name}{i},{schema_dn}
+changetype: modify
+replace: adminDescription
+adminDescription: new_description
+"""
+
+        for i in reversed(ids):
+            ldif = ldif_template.format(i=i, **ldif_kwargs)
+            self.from_ldb.modify_ldif(ldif)
+
+        self.do_repl(self.schema_dn)
+
+        dn_templ = "CN={class_name}{i},{schema_dn}"
+        for i in ids:
+            dn = dn_templ.format(i=i, **ldif_kwargs)
+            res = self.dest_ldb.search(base=dn, scope=ldb.SCOPE_BASE)
+            self.assertEqual(len(res), 1)
+
+    # Test for method of adding linked attributes in schema partition
+    # required by other tests.
+    def test_create_linked_attribute_in_schema(self):
+        # Make an object outside of the schema partition that we can link to
+        user_name = self.unique_cn_prefix("user")
+        user_dn = "CN={},CN=Users,{}".format(user_name, self.domain_dn)
+
+        ldif_template = """
+dn: {user_dn}
+objectClass: person
+objectClass: user"""
+        ldif = ldif_template.format(user_dn=user_dn)
+        self.from_ldb.add_ldif(ldif)
+
+        # Make test class name unique so test can run multiple times
+        class_name = self.unique_cn_prefix("class")
+
+        kwargs = {'class_name': class_name,
+                  'schema_dn': self.schema_dn,
+                  'user_dn': user_dn}
+
+        # Add an auxiliary schemaClass (cat 3) class and give it managedBy
+        # so we can create schema objects with linked attributes.
+        ldif_template = """
+dn: CN={class_name},{schema_dn}
+objectClass: classSchema
+governsId: {gov_id}.0
+instanceType: 4
+systemFlags: 16
+systemOnly: FALSE
+objectClassCategory: 3
+mayContain: managedBy
+"""
+
+        gov_id = self.unique_gov_id_prefix()
+        ldif = ldif_template.format(gov_id=gov_id, **kwargs)
+        self.from_ldb.add_ldif(ldif)
+
+        # Now make an instance that points back to the user with managedBy,
+        # thus creating an object in the schema with a linked attribute
+        ldif_template = """
+dn: CN=link{class_name},{schema_dn}
+objectClass: classSchema
+objectClass: {class_name}
+instanceType: 4
+governsId: {gov_id}.0
+systemFlags: 16
+managedBy: {user_dn}
+"""
+
+        gov_id = self.unique_gov_id_prefix()
+        ldif = ldif_template.format(gov_id=gov_id, **kwargs)
+        self.from_ldb.add_ldif(ldif)
+
+        # Check link exists on test schema object
+        dn_templ = "CN=link{class_name},{schema_dn}"
+        dn = dn_templ.format(**kwargs)
+        res = self.from_ldb.search(base=dn, scope=ldb.SCOPE_BASE)
+        self.assertEqual(len(res), 1)
+        self.assertIsNotNone(res[0].get("managedBy"))
+        self.assertEqual(str(res[0].get("managedBy")[0]), user_dn)
+
+        # Check backlink on user object
+        res = self.from_ldb.search(base=user_dn, scope=ldb.SCOPE_BASE)
+        self.assertEqual(len(res), 1)
+        managed_objs = res[0].get("managedObjects")
+        self.assertEqual(len(managed_objs), 1)
+        managed_objs = [str(o) for o in managed_objs]
+        self.assertEqual(managed_objs, [dn_templ.format(**kwargs)])
+
+    def test_schema_linked_attributes(self):
+        num_test_objects = 9
+
+        # Make an object outside of the schema partition that we can link to
+        user_name = self.unique_cn_prefix("user")
+        user_dn = "CN={},CN=Users,{}".format(user_name, self.domain_dn)
+
+        ldif_template = """
+dn: {user_dn}
+objectClass: person
+objectClass: user"""
+        ldif = ldif_template.format(user_dn=user_dn)
+        self.from_ldb.add_ldif(ldif)
+
+        self.do_repl(self.domain_dn)
+
+        # Make test object name prefixes unique so test can run multiple times
+        # in a single testenv (can't delete schema objects)
+        class_name = self.unique_cn_prefix("class")
+        link_class_name = self.unique_cn_prefix("linkClass")
+
+        kwargs = {'class_name': class_name,
+                  'schema_dn': self.schema_dn,
+                  'link_class_name': link_class_name,
+                  'user_dn': user_dn}
+
+        # Add an auxiliary schemaClass (cat 3) class and give it managedBy
+        # so we can create schema objects with linked attributes.
+        ldif_template = """
+dn: CN={class_name},{schema_dn}
+objectClass: classSchema
+governsId: {gov_id}.0
+instanceType: 4
+systemFlags: 16
+systemOnly: FALSE
+objectClassCategory: 3
+mayContain: managedBy
+"""
+
+        gov_id = self.unique_gov_id_prefix()
+        ldif = ldif_template.format(gov_id=gov_id, **kwargs)
+        self.from_ldb.add_ldif(ldif)
+
+        # Now make instances that point back to the user with managedBy,
+        # thus creating objects in the schema with linked attributes
+        ldif_template = """
+dn: CN={link_class_name}{i},{schema_dn}
+objectClass: classSchema
+objectClass: {class_name}
+instanceType: 4
+governsId: {gov_id}.0
+systemFlags: 16
+managedBy: {user_dn}
+"""
+
+        id_range = list(range(num_test_objects))
+        for i in id_range:
+            gov_id = self.unique_gov_id_prefix()
+            ldif = ldif_template.format(i=i, gov_id=gov_id, **kwargs)
+            self.from_ldb.add_ldif(ldif)
+
+        self.do_repl(self.schema_dn)
+
+        # Check link exists in each test schema objects at destination DC
+        dn_templ = "CN={link_class_name}{i},{schema_dn}"
+        for i in id_range:
+            dn = dn_templ.format(i=i, **kwargs)
+            res = self.dest_ldb.search(base=dn, scope=ldb.SCOPE_BASE)
+            self.assertEqual(len(res), 1)
+            self.assertIsNotNone(res[0].get("managedBy"))
+            self.assertEqual(str(res[0].get("managedBy")[0]), user_dn)
+
+        # Check backlinks list on user object contains DNs of test objects.
+        res = self.dest_ldb.search(base=user_dn, scope=ldb.SCOPE_BASE)
+        self.assertEqual(len(res), 1)
+        managed_objs = res[0].get("managedObjects")
+        self.assertIsNotNone(managed_objs)
+        managed_objs_set = {str(el) for el in managed_objs}
+        expected = {dn_templ.format(i=i, **kwargs) for i in id_range}
+        self.assertEqual(managed_objs_set, expected)
diff --git a/source4/torture/drs/python/getnc_unpriv.py b/source4/torture/drs/python/getnc_unpriv.py
new file mode 100644
index 0000000..c53906a
--- /dev/null
+++ b/source4/torture/drs/python/getnc_unpriv.py
@@ -0,0 +1,306 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# Tests replication scenarios with different user privileges.
+# We want to test every replication scenario we can think of against:
+# - users with only GET_CHANGES privileges
+# - users with only GET_ALL_CHANGES privileges
+# - users with both GET_CHANGES and GET_ALL_CHANGES privileges
+# - users with no privileges
+#
+# Copyright (C) Kamen Mazdrashki <kamenim@samba.org> 2011
+# Copyright (C) Andrew Bartlett <abartlet@samba.org> 2017
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+#
+# Usage:
+#  export DC1=dc1_dns_name
+#  export DC2=dc2_dns_name
+#  export SUBUNITRUN=$samba4srcdir/scripting/bin/subunitrun
+#  PYTHONPATH="$PYTHONPATH:$samba4srcdir/torture/drs/python" $SUBUNITRUN getnc_unpriv -U"$DOMAIN/$DC_USERNAME"%"$DC_PASSWORD"
+#
+
+import drs_base
+import samba.tests
+from samba import werror, WERRORError
+
+from samba import sd_utils
+import ldb
+from ldb import SCOPE_BASE
+import random
+
+from samba.dcerpc import drsuapi, security
+from samba.credentials import DONT_USE_KERBEROS
+
+
+class DrsReplicaSyncUnprivTestCase(drs_base.DrsBaseTestCase):
+    """Confirm the behaviour of DsGetNCChanges for unprivileged users"""
+
+    def setUp(self):
+        super(DrsReplicaSyncUnprivTestCase, self).setUp()
+        self.get_changes_user = "get-changes-user"
+        self.base_dn = self.ldb_dc1.get_default_basedn()
+        self.user_pass = samba.generate_random_password(12, 16)
+
+        # add some randomness to the test OU. (Deletion of the last test's
+        # objects can be slow to replicate out. So the OU created by a previous
+        # testenv may still exist at this point).
+        rand = random.randint(1, 10000000)
+        test_ou = "OU=test_getnc_unpriv%d" % rand
+        self.ou = "%s,%s" % (test_ou, self.base_dn)
+        self.ldb_dc1.add({
+            "dn": self.ou,
+            "objectclass": "organizationalUnit"})
+        self.ldb_dc1.newuser(self.get_changes_user, self.user_pass,
+                             userou=test_ou)
+        (self.drs, self.drs_handle) = self._ds_bind(self.dnsname_dc1)
+
+        self.sd_utils = sd_utils.SDUtils(self.ldb_dc1)
+        self.user_dn = "cn=%s,%s" % (self.get_changes_user, self.ou)
+        user_sid = self.sd_utils.get_object_sid(self.user_dn)
+        self.acl_mod_get_changes = "(OA;;CR;%s;;%s)" % (security.GUID_DRS_GET_CHANGES,
+                                                        str(user_sid))
+        self.acl_mod_get_all_changes = "(OA;;CR;%s;;%s)" % (security.GUID_DRS_GET_ALL_CHANGES,
+                                                            str(user_sid))
+        self.desc_sddl = self.sd_utils.get_sd_as_sddl(self.base_dn)
+
+        # We set DONT_USE_KERBEROS to avoid a race with getting the
+        # user replicated to our selected KDC
+        self.user_creds = self.insta_creds(template=self.get_credentials(),
+                                           username=self.get_changes_user,
+                                           userpass=self.user_pass,
+                                           kerberos_state=DONT_USE_KERBEROS)
+        (self.user_drs, self.user_drs_handle) = self._ds_bind(self.dnsname_dc1,
+                                                              self.user_creds)
+
+    def tearDown(self):
+        self.sd_utils.modify_sd_on_dn(self.base_dn, self.desc_sddl)
+        try:
+            self.ldb_dc1.delete(self.ou, ["tree_delete:1"])
+        except ldb.LdbError as e1:
+            (enum, string) = e1.args
+            if enum == ldb.ERR_NO_SUCH_OBJECT:
+                pass
+        super(DrsReplicaSyncUnprivTestCase, self).tearDown()
+
+    def _test_repl_exop(self, exop, repl_obj, expected_error, dest_dsa=None,
+                        partial_attribute_set=None):
+        """
+        Common function to send a replication request and check the result
+        matches what's expected.
+        """
+        req8 = self._exop_req8(dest_dsa=dest_dsa,
+                               invocation_id=self.ldb_dc1.get_invocation_id(),
+                               nc_dn_str=repl_obj,
+                               exop=exop,
+                               replica_flags=drsuapi.DRSUAPI_DRS_WRIT_REP,
+                               partial_attribute_set=partial_attribute_set)
+
+        if expected_error is None:
+            # user is OK, request should be accepted without throwing an error
+            (level, ctr) = self.user_drs.DsGetNCChanges(self.user_drs_handle,
+                                                        8, req8)
+        else:
+            # check the request is rejected (with the error we're expecting)
+            try:
+                (level, ctr) = self.user_drs.DsGetNCChanges(self.user_drs_handle,
+                                                            8, req8)
+                self.fail("Should have failed with user denied access")
+            except WERRORError as e:
+                (enum, estr) = e.args
+                self.assertTrue(enum in expected_error,
+                                "Got unexpected error: %s" % estr)
+
+    def _test_repl_single_obj(self, repl_obj, expected_error,
+                              partial_attribute_set=None):
+        """
+        Checks that replication on a single object either succeeds or fails as
+        expected (based on the user's access rights)
+        """
+        self._test_repl_exop(exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ,
+                             repl_obj=repl_obj,
+                             expected_error=expected_error,
+                             partial_attribute_set=partial_attribute_set)
+
+    def _test_repl_secret(self, repl_obj, expected_error, dest_dsa=None):
+        """
+        Checks that REPL_SECRET on an object either succeeds or fails as
+        expected (based on the user's access rights)
+        """
+        self._test_repl_exop(exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET,
+                             repl_obj=repl_obj,
+                             expected_error=expected_error,
+                             dest_dsa=dest_dsa)
+
+    def _test_repl_full(self, expected_error, partial_attribute_set=None):
+        """
+        Checks that a full replication either succeeds or fails as expected
+        (based on the user's access rights)
+        """
+        self._test_repl_exop(exop=drsuapi.DRSUAPI_EXOP_NONE,
+                             repl_obj=self.ldb_dc1.get_default_basedn(),
+                             expected_error=expected_error,
+                             partial_attribute_set=partial_attribute_set)
+
+    def _test_repl_full_on_ou(self, repl_obj, expected_error):
+        """
+        Full replication on a specific OU should always fail (it should be done
+        against a base NC). The error may vary based on the user's access rights
+        """
+        # Just try against the OU created in the test setup
+        self._test_repl_exop(exop=drsuapi.DRSUAPI_EXOP_NONE,
+                             repl_obj=repl_obj,
+                             expected_error=expected_error)
+
+    def test_repl_getchanges_userpriv(self):
+        """
+        Tests various replication requests made by a user with only GET_CHANGES
+        rights. Some requests will be accepted, but most will be rejected.
+        """
+
+        # Assign the user GET_CHANGES rights
+        self.sd_utils.dacl_add_ace(self.base_dn, self.acl_mod_get_changes)
+
+        self._test_repl_single_obj(repl_obj=self.ou,
+                                   expected_error=[werror.WERR_DS_DRA_ACCESS_DENIED])
+        bad_ou = "OU=bad_obj,%s" % self.ou
+        self._test_repl_single_obj(repl_obj=bad_ou,
+                                   expected_error=[werror.WERR_DS_DRA_BAD_DN,
+                                                   werror.WERR_DS_DRA_ACCESS_DENIED])
+
+        self._test_repl_secret(repl_obj=self.ou,
+                               expected_error=[werror.WERR_DS_DRA_ACCESS_DENIED])
+        self._test_repl_secret(repl_obj=self.user_dn,
+                               expected_error=[werror.WERR_DS_DRA_ACCESS_DENIED])
+        self._test_repl_secret(repl_obj=self.user_dn,
+                               dest_dsa=self.ldb_dc1.get_ntds_GUID(),
+                               expected_error=[werror.WERR_DS_DRA_ACCESS_DENIED])
+        self._test_repl_secret(repl_obj=bad_ou,
+                               expected_error=[werror.WERR_DS_DRA_BAD_DN])
+
+        self._test_repl_full(expected_error=[werror.WERR_DS_DRA_ACCESS_DENIED])
+        self._test_repl_full_on_ou(repl_obj=self.ou,
+                                   expected_error=[werror.WERR_DS_CANT_FIND_EXPECTED_NC,
+                                                   werror.WERR_DS_DRA_ACCESS_DENIED])
+        self._test_repl_full_on_ou(repl_obj=bad_ou,
+                                   expected_error=[werror.WERR_DS_DRA_BAD_NC,
+                                                   werror.WERR_DS_DRA_ACCESS_DENIED])
+
+        # Partial Attribute Sets don't require GET_ALL_CHANGES rights, so we
+        # expect the following to succeed
+        self._test_repl_single_obj(repl_obj=self.ou,
+                                   expected_error=None,
+                                   partial_attribute_set=self.get_partial_attribute_set())
+        self._test_repl_full(expected_error=None,
+                             partial_attribute_set=self.get_partial_attribute_set())
+
+    def test_repl_getallchanges_userpriv(self):
+        """
+        Tests various replication requests made by a user with only
+        GET_ALL_CHANGES rights. Note that assigning these rights is possible,
+        but doesn't make a lot of sense. We test it anyway for consistency.
+        """
+
+        # Assign the user GET_ALL_CHANGES rights
+        self.sd_utils.dacl_add_ace(self.base_dn, self.acl_mod_get_all_changes)
+
+        # We can expect to get the same responses as an unprivileged user,
+        # i.e. we have permission to see the results, but don't have permission
+        # to ask
+        self.test_repl_no_userpriv()
+
+    def test_repl_both_userpriv(self):
+        """
+        Tests various replication requests made by a privileged user (i.e. has
+        both GET_CHANGES and GET_ALL_CHANGES). We expect any valid requests
+        to be accepted.
+        """
+
+        # Assign the user both GET_CHANGES and GET_ALL_CHANGES rights
+        both_rights = self.acl_mod_get_changes + self.acl_mod_get_all_changes
+        self.sd_utils.dacl_add_ace(self.base_dn, both_rights)
+
+        self._test_repl_single_obj(repl_obj=self.ou,
+                                   expected_error=None)
+        bad_ou = "OU=bad_obj,%s" % self.ou
+        self._test_repl_single_obj(repl_obj=bad_ou,
+                                   expected_error=[werror.WERR_DS_DRA_BAD_DN])
+
+        # Microsoft returns DB_ERROR, Samba returns ACCESS_DENIED
+        self._test_repl_secret(repl_obj=self.ou,
+                               expected_error=[werror.WERR_DS_DRA_DB_ERROR,
+                                               werror.WERR_DS_DRA_ACCESS_DENIED])
+        self._test_repl_secret(repl_obj=self.user_dn,
+                               expected_error=[werror.WERR_DS_DRA_DB_ERROR,
+                                               werror.WERR_DS_DRA_ACCESS_DENIED])
+        # Note that Windows accepts this but Samba rejects it
+        self._test_repl_secret(repl_obj=self.user_dn,
+                               dest_dsa=self.ldb_dc1.get_ntds_GUID(),
+                               expected_error=[werror.WERR_DS_DRA_ACCESS_DENIED])
+
+        self._test_repl_secret(repl_obj=bad_ou,
+                               expected_error=[werror.WERR_DS_DRA_BAD_DN])
+
+        self._test_repl_full(expected_error=None)
+        self._test_repl_full_on_ou(repl_obj=self.ou,
+                                   expected_error=[werror.WERR_DS_CANT_FIND_EXPECTED_NC])
+        self._test_repl_full_on_ou(repl_obj=bad_ou,
+                                   expected_error=[werror.WERR_DS_DRA_BAD_NC,
+                                                   werror.WERR_DS_DRA_BAD_DN])
+
+        self._test_repl_single_obj(repl_obj=self.ou,
+                                   expected_error=None,
+                                   partial_attribute_set=self.get_partial_attribute_set())
+        self._test_repl_full(expected_error=None,
+                             partial_attribute_set=self.get_partial_attribute_set())
+
+    def test_repl_no_userpriv(self):
+        """
+        Tests various replication requests made by a unprivileged user.
+        We expect all these requests to be rejected.
+        """
+
+        # Microsoft usually returns BAD_DN, Samba returns ACCESS_DENIED
+        usual_error = [werror.WERR_DS_DRA_BAD_DN, werror.WERR_DS_DRA_ACCESS_DENIED]
+
+        self._test_repl_single_obj(repl_obj=self.ou,
+                                   expected_error=usual_error)
+        bad_ou = "OU=bad_obj,%s" % self.ou
+        self._test_repl_single_obj(repl_obj=bad_ou,
+                                   expected_error=usual_error)
+
+        self._test_repl_secret(repl_obj=self.ou,
+                               expected_error=usual_error)
+        self._test_repl_secret(repl_obj=self.user_dn,
+                               expected_error=usual_error)
+        self._test_repl_secret(repl_obj=self.user_dn,
+                               dest_dsa=self.ldb_dc1.get_ntds_GUID(),
+                               expected_error=usual_error)
+        self._test_repl_secret(repl_obj=bad_ou,
+                               expected_error=usual_error)
+
+        self._test_repl_full(expected_error=[werror.WERR_DS_DRA_ACCESS_DENIED])
+        self._test_repl_full_on_ou(repl_obj=self.ou,
+                                   expected_error=usual_error)
+        self._test_repl_full_on_ou(repl_obj=bad_ou,
+                                   expected_error=[werror.WERR_DS_DRA_BAD_NC,
+                                                   werror.WERR_DS_DRA_ACCESS_DENIED])
+
+        self._test_repl_single_obj(repl_obj=self.ou,
+                                   expected_error=usual_error,
+                                   partial_attribute_set=self.get_partial_attribute_set())
+        self._test_repl_full(expected_error=[werror.WERR_DS_DRA_ACCESS_DENIED],
+                             partial_attribute_set=self.get_partial_attribute_set())
diff --git a/source4/torture/drs/python/getncchanges.py b/source4/torture/drs/python/getncchanges.py
new file mode 100644
index 0000000..6b5456a
--- /dev/null
+++ b/source4/torture/drs/python/getncchanges.py
@@ -0,0 +1,1427 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# Tests various schema replication scenarios
+#
+# Copyright (C) Catalyst.Net Ltd. 2017
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+#
+# Usage:
+#  export DC1=dc1_dns_name
+#  export DC2=dc2_dns_name
+#  export SUBUNITRUN=$samba4srcdir/scripting/bin/subunitrun
+#  PYTHONPATH="$PYTHONPATH:$samba4srcdir/torture/drs/python" $SUBUNITRUN \
+#       getncchanges -U"$DOMAIN/$DC_USERNAME"%"$DC_PASSWORD"
+#
+
+import drs_base
+import samba.tests
+import ldb
+from ldb import SCOPE_BASE
+import random
+
+from samba.dcerpc import drsuapi, misc
+from samba import WERRORError
+from samba import werror
+
+class DrsReplicaSyncIntegrityTestCase(drs_base.DrsBaseTestCase):
+    def setUp(self):
+        super(DrsReplicaSyncIntegrityTestCase, self).setUp()
+
+        self.init_test_state()
+
+        # Note that DC2 is the DC with the testenv-specific quirks (e.g. it's
+        # the vampire_dc), so we point this test directly at that DC
+        self.set_test_ldb_dc(self.ldb_dc2)
+
+        self.ou = str(samba.tests.create_test_ou(self.test_ldb_dc,
+                                                 "getncchanges." + self.id().rsplit(".", 1)[1]))
+
+        self.addCleanup(self.ldb_dc2.delete, self.ou, ["tree_delete:1"])
+
+        self.base_dn = self.test_ldb_dc.get_default_basedn()
+
+        self.default_conn = DcConnection(self, self.ldb_dc2, self.dnsname_dc2)
+        self.set_dc_connection(self.default_conn)
+
+    def init_test_state(self):
+        self.rxd_dn_list = []
+        self.rxd_links = []
+        self.rxd_guids = []
+        self.last_ctr = None
+
+        # 100 is the minimum max_objects that Microsoft seems to honour
+        # (the max honoured is 400ish), so we use that in these tests
+        self.max_objects = 100
+
+        # store whether we used GET_TGT/GET_ANC flags in the requests
+        self.used_get_tgt = False
+        self.used_get_anc = False
+
+    def add_object(self, dn, objectclass="organizationalunit"):
+        """Adds an OU object"""
+        self.test_ldb_dc.add({"dn": dn, "objectclass": objectclass})
+        res = self.test_ldb_dc.search(base=dn, scope=SCOPE_BASE)
+        self.assertEqual(len(res), 1)
+
+    def modify_object(self, dn, attr, value):
+        """Modifies an object's USN by adding an attribute value to it"""
+        m = ldb.Message()
+        m.dn = ldb.Dn(self.test_ldb_dc, dn)
+        m[attr] = ldb.MessageElement(value, ldb.FLAG_MOD_ADD, attr)
+        self.test_ldb_dc.modify(m)
+
+    def delete_attribute(self, dn, attr, value):
+        """Deletes an attribute from an object"""
+        m = ldb.Message()
+        m.dn = ldb.Dn(self.test_ldb_dc, dn)
+        m[attr] = ldb.MessageElement(value, ldb.FLAG_MOD_DELETE, attr)
+        self.test_ldb_dc.modify(m)
+
+    def start_new_repl_cycle(self):
+        """Resets enough state info to start a new replication cycle"""
+        # reset rxd_links, but leave rxd_guids and rxd_dn_list alone so we know
+        # whether a parent/target is unknown and needs GET_ANC/GET_TGT to
+        # resolve
+        self.rxd_links = []
+
+        self.used_get_tgt = False
+        self.used_get_anc = False
+        # mostly preserve self.last_ctr, so that we use the last HWM
+        if self.last_ctr is not None:
+            self.last_ctr.more_data = True
+
+    def create_object_range(self, start, end, prefix="",
+                            children=None, parent_list=None):
+        """
+        Creates a block of objects. Object names are numbered sequentially,
+        using the optional prefix supplied. If the children parameter is
+        supplied it will create a parent-child hierarchy and return the
+        top-level parents separately.
+        """
+        dn_list = []
+
+        # Use dummy/empty lists if we're not creating a parent/child hierarchy
+        if children is None:
+            children = []
+
+        if parent_list is None:
+            parent_list = []
+
+        # Create the parents first, then the children.
+        # This makes it easier to see in debug when GET_ANC takes effect
+        # because the parent/children become interleaved (by default,
+        # this approach means the objects are organized into blocks of
+        # parents and blocks of children together)
+        for x in range(start, end):
+            ou = "OU=test_ou_%s%d,%s" % (prefix, x, self.ou)
+            self.add_object(ou)
+            dn_list.append(ou)
+
+            # keep track of the top-level parents (if needed)
+            parent_list.append(ou)
+
+        # create the block of children (if needed)
+        for x in range(start, end):
+            for child in children:
+                ou = "OU=test_ou_child%s%d,%s" % (child, x, parent_list[x])
+                self.add_object(ou)
+                dn_list.append(ou)
+
+        return dn_list
+
+    def assert_expected_data(self, expected_list):
+        """
+        Asserts that we received all the DNs that we expected and
+        none are missing.
+        """
+        received_list = self.rxd_dn_list
+
+        # Note that with GET_ANC Windows can end up sending the same parent
+        # object multiple times, so this might be noteworthy but doesn't
+        # warrant failing the test
+        num_received = len(received_list)
+        num_expected = len(expected_list)
+        if num_received != num_expected:
+            print("Note: received %d objects but expected %d" % (num_received,
+                                                                 num_expected))
+
+        # Check that we received every object that we were expecting
+        for dn in expected_list:
+            self.assertTrue(dn in received_list,
+                            "DN '%s' missing from replication." % dn)
+
+    def test_repl_integrity(self):
+        """
+        Modify the objects being replicated while the replication is still
+        in progress and check that no object loss occurs.
+        """
+
+        # The server behaviour differs between samba and Windows. Samba returns
+        # the objects in the original order (up to the pre-modify HWM). Windows
+        # incorporates the modified objects and returns them in the new order
+        # (i.e. modified objects last), up to the post-modify HWM. The
+        # Microsoft docs state the Windows behaviour is optional.
+
+        # Create a range of objects to replicate.
+        expected_dn_list = self.create_object_range(0, 400)
+        (orig_hwm, unused) = self._get_highest_hwm_utdv(self.test_ldb_dc)
+
+        # We ask for the first page of 100 objects.
+        # For this test, we don't care what order we receive the objects in,
+        # so long as by the end we've received everything
+        self.repl_get_next()
+
+        # Modify some of the second page of objects. This should bump the
+        # highwatermark
+        for x in range(100, 200):
+            self.modify_object(expected_dn_list[x], "displayName", "OU%d" % x)
+
+        (post_modify_hwm, _) = self._get_highest_hwm_utdv(self.test_ldb_dc)
+        self.assertTrue(post_modify_hwm.highest_usn > orig_hwm.highest_usn)
+
+        # Get the remaining blocks of data
+        while not self.replication_complete():
+            self.repl_get_next()
+
+        # Check we still receive all the objects we're expecting
+        self.assert_expected_data(expected_dn_list)
+
+    def is_parent_known(self, dn, known_dn_list):
+        """
+        Returns True if the parent of the dn specified is in known_dn_list
+        """
+
+        # we can sometimes get system objects like the RID Manager returned.
+        # Ignore anything that is not under the test OU we created
+        if self.ou not in dn:
+            return True
+
+        # Remove the child portion from the name to get the parent's DN
+        name_substrings = dn.split(",")
+        del name_substrings[0]
+
+        parent_dn = ",".join(name_substrings)
+
+        # check either this object is a parent (it's parent is the top-level
+        # test object), or its parent has been seen previously
+        return parent_dn == self.ou or parent_dn in known_dn_list
+
+    def _repl_send_request(self, get_anc=False, get_tgt=False):
+        """
+        Sends a GetNCChanges request for the next block of replication data.
+        """
+
+        # we're just trying to mimic regular client behaviour here, so just
+        # use the highwatermark in the last response we received
+        if self.last_ctr:
+            highwatermark = self.last_ctr.new_highwatermark
+            uptodateness_vector = self.last_ctr.uptodateness_vector
+        else:
+            # this is the first replication chunk
+            highwatermark = None
+            uptodateness_vector = None
+
+        # Ask for the next block of replication data
+        replica_flags = drsuapi.DRSUAPI_DRS_WRIT_REP
+        more_flags = 0
+
+        if get_anc:
+            replica_flags |= drsuapi.DRSUAPI_DRS_GET_ANC
+            self.used_get_anc = True
+
+        if get_tgt:
+            more_flags = drsuapi.DRSUAPI_DRS_GET_TGT
+            self.used_get_tgt = True
+
+        # return the response from the DC
+        return self._get_replication(replica_flags,
+                                     max_objects=self.max_objects,
+                                     highwatermark=highwatermark,
+                                     uptodateness_vector=uptodateness_vector,
+
+                                     more_flags=more_flags)
+
+    def repl_get_next(self, get_anc=False, get_tgt=False, assert_links=False):
+        """
+        Requests the next block of replication data. This tries to simulate
+        client behaviour - if we receive a replicated object that we don't know
+        the parent of, then re-request the block with the GET_ANC flag set.
+        If we don't know the target object for a linked attribute, then
+        re-request with GET_TGT.
+        """
+
+        # send a request to the DC and get the response
+        ctr6 = self._repl_send_request(get_anc=get_anc, get_tgt=get_tgt)
+
+        # extract the object DNs and their GUIDs from the response
+        rxd_dn_list = self._get_ctr6_dn_list(ctr6)
+        rxd_guid_list = self._get_ctr6_object_guids(ctr6)
+
+        # we'll add new objects as we discover them, so take a copy of the
+        # ones we already know about, so we can modify these lists safely
+        known_objects = self.rxd_dn_list[:]
+        known_guids = self.rxd_guids[:]
+
+        # check that we know the parent for every object received
+        for i in range(0, len(rxd_dn_list)):
+
+            dn = rxd_dn_list[i]
+            guid = rxd_guid_list[i]
+
+            if self.is_parent_known(dn, known_objects):
+
+                # the new DN is now known so add it to the list.
+                # It may be the parent of another child in this block
+                known_objects.append(dn)
+                known_guids.append(guid)
+            else:
+                # If we've already set the GET_ANC flag then it should mean
+                # we receive the parents before the child
+                self.assertFalse(get_anc, "Unknown parent for object %s" % dn)
+
+                print("Unknown parent for %s - try GET_ANC" % dn)
+
+                # try the same thing again with the GET_ANC flag set this time
+                return self.repl_get_next(get_anc=True, get_tgt=get_tgt,
+                                          assert_links=assert_links)
+
+        # check we know about references to any objects in the linked attrs
+        received_links = self._get_ctr6_links(ctr6)
+
+        # This is so that older versions of Samba fail - we want the links to
+        # be sent roughly with the objects, rather than getting all links at
+        # the end
+        if assert_links:
+            self.assertTrue(len(received_links) > 0,
+                            "Links were expected in the GetNCChanges response")
+
+        for link in received_links:
+
+            # skip any links that aren't part of the test
+            if self.ou not in link.targetDN:
+                continue
+
+            # check the source object is known (Windows can actually send links
+            # where we don't know the source object yet). Samba shouldn't ever
+            # hit this case because it gets the links based on the source
+            if link.identifier not in known_guids:
+
+                # If we've already set the GET_ANC flag then it should mean
+                # this case doesn't happen
+                self.assertFalse(get_anc, "Unknown source object for GUID %s"
+                                 % link.identifier)
+
+                print("Unknown source GUID %s - try GET_ANC" % link.identifier)
+
+                # try the same thing again with the GET_ANC flag set this time
+                return self.repl_get_next(get_anc=True, get_tgt=get_tgt,
+                                          assert_links=assert_links)
+
+            # check we know the target object
+            if link.targetGUID not in known_guids:
+
+                # If we've already set the GET_TGT flag then we should have
+                # already received any objects we need to know about
+                self.assertFalse(get_tgt, "Unknown linked target for object %s"
+                                 % link.targetDN)
+
+                print("Unknown target for %s - try GET_TGT" % link.targetDN)
+
+                # try the same thing again with the GET_TGT flag set this time
+                return self.repl_get_next(get_anc=get_anc, get_tgt=True,
+                                          assert_links=assert_links)
+
+        # store the last successful result so we know what HWM to request next
+        self.last_ctr = ctr6
+
+        # store the objects, GUIDs, and links we received
+        self.rxd_dn_list += self._get_ctr6_dn_list(ctr6)
+        self.rxd_links += self._get_ctr6_links(ctr6)
+        self.rxd_guids += self._get_ctr6_object_guids(ctr6)
+
+        return ctr6
+
+    def replication_complete(self):
+        """Returns True if the current/last replication cycle is complete"""
+
+        if self.last_ctr is None or self.last_ctr.more_data:
+            return False
+        else:
+            return True
+
+    def test_repl_integrity_get_anc(self):
+        """
+        Modify the parent objects being replicated while the replication is
+        still in progress (using GET_ANC) and check that no object loss occurs.
+        """
+
+        # Note that GET_ANC behaviour varies between Windows and Samba.
+        # On Samba GET_ANC results in the replication restarting from the very
+        # beginning. After that, Samba remembers GET_ANC and also sends the
+        # parents in subsequent requests (regardless of whether GET_ANC is
+        # specified in the later request).
+        # Windows only sends the parents if GET_ANC was specified in the last
+        # request. It will also resend a parent, even if it's already sent the
+        # parent in a previous response (whereas Samba doesn't).
+
+        # Create a small block of 50 parents, each with 2 children (A and B)
+        # This is so that we receive some children in the first block, so we
+        # can resend with GET_ANC before we learn too many parents
+        parent_dn_list = []
+        expected_dn_list = self.create_object_range(0, 50, prefix="parent",
+                                                    children=("A", "B"),
+                                                    parent_list=parent_dn_list)
+
+        # create the remaining parents and children
+        expected_dn_list += self.create_object_range(50, 150, prefix="parent",
+                                                     children=("A", "B"),
+                                                     parent_list=parent_dn_list)
+
+        # We've now got objects in the following order:
+        # [50 parents][100 children][100 parents][200 children]
+
+        # Modify the first parent so that it's now ordered last by USN
+        # This means we set the GET_ANC flag pretty much straight away
+        # because we receive the first child before the first parent
+        self.modify_object(parent_dn_list[0], "displayName", "OU0")
+
+        # modify a later block of parents so they also get reordered
+        for x in range(50, 100):
+            self.modify_object(parent_dn_list[x], "displayName", "OU%d" % x)
+
+        # Get the first block of objects - this should resend the request with
+        # GET_ANC set because we won't know about the first child's parent.
+        # On samba GET_ANC essentially starts the sync from scratch again, so
+        # we get this over with early before we learn too many parents
+        self.repl_get_next()
+
+        # modify the last chunk of parents. They should now have a USN higher
+        # than the highwater-mark for the replication cycle
+        for x in range(100, 150):
+            self.modify_object(parent_dn_list[x], "displayName", "OU%d" % x)
+
+        # Get the remaining blocks of data - this will resend the request with
+        # GET_ANC if it encounters an object it doesn't have the parent for.
+        while not self.replication_complete():
+            self.repl_get_next()
+
+        # The way the test objects have been created should force
+        # self.repl_get_next() to use the GET_ANC flag. If this doesn't
+        # actually happen, then the test isn't doing its job properly
+        self.assertTrue(self.used_get_anc,
+                        "Test didn't use the GET_ANC flag as expected")
+
+        # Check we get all the objects we're expecting
+        self.assert_expected_data(expected_dn_list)
+
+    def assert_expected_links(self, objects_with_links, link_attr="managedBy",
+                              num_expected=None):
+        """
+        Asserts that a GetNCChanges response contains any expected links
+        for the objects it contains.
+        """
+        received_links = self.rxd_links
+
+        if num_expected is None:
+            num_expected = len(objects_with_links)
+
+        self.assertTrue(len(received_links) == num_expected,
+                        "Received %d links but expected %d"
+                        % (len(received_links), num_expected))
+
+        for dn in objects_with_links:
+            self.assert_object_has_link(dn, link_attr, received_links)
+
+    def assert_object_has_link(self, dn, link_attr, received_links):
+        """
+        Queries the object in the DB and asserts there is a link in the
+        GetNCChanges response that matches.
+        """
+
+        # Look up the link attribute in the DB
+        # The extended_dn option will dump the GUID info for the link
+        # attribute (as a hex blob)
+        res = self.test_ldb_dc.search(ldb.Dn(self.test_ldb_dc, dn),
+                                      attrs=[link_attr],
+                                      controls=['extended_dn:1:0'],
+                                      scope=ldb.SCOPE_BASE)
+
+        # We didn't find the expected link attribute in the DB for the object.
+        # Something has gone wrong somewhere...
+        self.assertTrue(link_attr in res[0],
+                        "%s in DB doesn't have attribute %s" % (dn, link_attr))
+
+        # find the received link in the list and assert that the target and
+        # source GUIDs match what's in the DB
+        for val in [str(val) for val in res[0][link_attr]]:
+            # Work out the expected source and target GUIDs for the DB link
+            target_dn = ldb.Dn(self.test_ldb_dc, val)
+            targetGUID_blob = target_dn.get_extended_component("GUID")
+            sourceGUID_blob = res[0].dn.get_extended_component("GUID")
+
+            found = False
+
+            for link in received_links:
+                if link.selfGUID_blob == sourceGUID_blob and \
+                   link.targetGUID_blob == targetGUID_blob:
+
+                    found = True
+
+                    if self._debug:
+                        print("Link %s --> %s" % (dn[:25], link.targetDN[:25]))
+                    break
+
+            self.assertTrue(found,
+                            "Did not receive expected link for DN %s" % dn)
+
+    def test_repl_get_tgt(self):
+        """
+        Creates a scenario where we should receive the linked attribute before
+        we know about the target object, and therefore need to use GET_TGT.
+        Note: Samba currently avoids this problem by sending all its links last
+        """
+
+        # create the test objects
+        reportees = self.create_object_range(0, 100, prefix="reportee")
+        managers = self.create_object_range(0, 100, prefix="manager")
+        all_objects = managers + reportees
+        expected_links = reportees
+
+        # add a link attribute to each reportee object that points to the
+        # corresponding manager object as the target
+        for i in range(0, 100):
+            self.modify_object(reportees[i], "managedBy", managers[i])
+
+        # touch the managers (the link-target objects) again to make sure the
+        # reportees (link source objects) get returned first by the replication
+        for i in range(0, 100):
+            self.modify_object(managers[i], "displayName", "OU%d" % i)
+
+        links_expected = True
+
+        # Get all the replication data - this code should resend the requests
+        # with GET_TGT
+        while not self.replication_complete():
+
+            # get the next block of replication data (this sets GET_TGT
+            # if needed)
+            self.repl_get_next(assert_links=links_expected)
+            links_expected = len(self.rxd_links) < len(expected_links)
+
+        # The way the test objects have been created should force
+        # self.repl_get_next() to use the GET_TGT flag. If this doesn't
+        # actually happen, then the test isn't doing its job properly
+        self.assertTrue(self.used_get_tgt,
+                        "Test didn't use the GET_TGT flag as expected")
+
+        # Check we get all the objects we're expecting
+        self.assert_expected_data(all_objects)
+
+        # Check we received links for all the reportees
+        self.assert_expected_links(expected_links)
+
+    def test_repl_get_tgt_chain(self):
+        """
+        Tests the behaviour of GET_TGT with a more complicated scenario.
+        Here we create a chain of objects linked together, so if we follow
+        the link target, then we'd traverse ~200 objects each time.
+        """
+
+        # create the test objects
+        objectsA = self.create_object_range(0, 100, prefix="AAA")
+        objectsB = self.create_object_range(0, 100, prefix="BBB")
+        objectsC = self.create_object_range(0, 100, prefix="CCC")
+
+        # create a complex set of object links:
+        #   A0-->B0-->C1-->B2-->C3-->B4-->and so on...
+        # Basically each object-A should link to a circular chain of 200 B/C
+        # objects. We create the links in separate chunks here, as it makes it
+        # clearer what happens with the USN (links on Windows have their own
+        # USN, so this approach means the A->B/B->C links aren't interleaved)
+        for i in range(0, 100):
+            self.modify_object(objectsA[i], "managedBy", objectsB[i])
+
+        for i in range(0, 100):
+            self.modify_object(objectsB[i], "managedBy",
+                               objectsC[(i + 1) % 100])
+
+        for i in range(0, 100):
+            self.modify_object(objectsC[i], "managedBy",
+                               objectsB[(i + 1) % 100])
+
+        all_objects = objectsA + objectsB + objectsC
+        expected_links = all_objects
+
+        # the default order the objects now get returned in should be:
+        # [A0-A99][B0-B99][C0-C99]
+
+        links_expected = True
+
+        # Get all the replication data - this code should resend the requests
+        # with GET_TGT
+        while not self.replication_complete():
+
+            # get the next block of replication data (this sets GET_TGT
+            # if needed)
+            self.repl_get_next(assert_links=links_expected)
+            links_expected = len(self.rxd_links) < len(expected_links)
+
+        # The way the test objects have been created should force
+        # self.repl_get_next() to use the GET_TGT flag. If this doesn't
+        # actually happen, then the test isn't doing its job properly
+        self.assertTrue(self.used_get_tgt,
+                        "Test didn't use the GET_TGT flag as expected")
+
+        # Check we get all the objects we're expecting
+        self.assert_expected_data(all_objects)
+
+        # Check we received links for all the reportees
+        self.assert_expected_links(expected_links)
+
+    def test_repl_integrity_link_attr(self):
+        """
+        Tests adding links to new objects while a replication is in progress.
+        """
+
+        # create some source objects for the linked attributes, sandwiched
+        # between 2 blocks of filler objects
+        filler = self.create_object_range(0, 100, prefix="filler")
+        reportees = self.create_object_range(0, 100, prefix="reportee")
+        filler += self.create_object_range(100, 200, prefix="filler")
+
+        # Start the replication and get the first block of filler objects
+        # (We're being mean here and setting the GET_TGT flag right from the
+        # start. On earlier Samba versions, if the client encountered an
+        # unknown target object and retried with GET_TGT, it would restart the
+        # replication cycle from scratch, which avoids the problem).
+        self.repl_get_next(get_tgt=True)
+
+        # create the target objects and add the links. These objects should be
+        # outside the scope of the Samba replication cycle, but the links
+        # should still get sent with the source object
+        managers = self.create_object_range(0, 100, prefix="manager")
+
+        for i in range(0, 100):
+            self.modify_object(reportees[i], "managedBy", managers[i])
+
+        expected_objects = managers + reportees + filler
+        expected_links = reportees
+
+        # complete the replication
+        while not self.replication_complete():
+            self.repl_get_next(get_tgt=True)
+
+        # If we didn't receive the most recently created objects in the last
+        # replication cycle, then kick off another replication to get them
+        if len(self.rxd_dn_list) < len(expected_objects):
+            self.repl_get_next()
+
+            while not self.replication_complete():
+                self.repl_get_next()
+
+        # Check we get all the objects we're expecting
+        self.assert_expected_data(expected_objects)
+
+        # Check we received links for all the parents
+        self.assert_expected_links(expected_links)
+
+    def test_repl_get_anc_link_attr(self):
+        """
+        A basic GET_ANC test where the parents have linked attributes
+        """
+
+        # Create a block of 100 parents and 100 children
+        parent_dn_list = []
+        expected_dn_list = self.create_object_range(0, 100, prefix="parent",
+                                                    children=("A"),
+                                                    parent_list=parent_dn_list)
+
+        # Add links from the parents to the children
+        for x in range(0, 100):
+            self.modify_object(parent_dn_list[x], "managedBy",
+                               expected_dn_list[x + 100])
+
+        # add some filler objects at the end. This allows us to easily see
+        # which chunk the links get sent in
+        expected_dn_list += self.create_object_range(0, 100, prefix="filler")
+
+        # We've now got objects in the following order:
+        # [100 x children][100 x parents][100 x filler]
+
+        # Get the replication data - because the block of children come first,
+        # this should retry the request with GET_ANC
+        while not self.replication_complete():
+            self.repl_get_next()
+
+        self.assertTrue(self.used_get_anc,
+                        "Test didn't use the GET_ANC flag as expected")
+
+        # Check we get all the objects we're expecting
+        self.assert_expected_data(expected_dn_list)
+
+        # Check we received links for all the parents
+        self.assert_expected_links(parent_dn_list)
+
+    def test_repl_get_tgt_and_anc(self):
+        """
+        Check we can resolve an unknown ancestor when fetching the link target,
+        i.e. tests using GET_TGT and GET_ANC in combination
+        """
+
+        # Create some parent/child objects (the child will be the link target)
+        parents = []
+        all_objects = self.create_object_range(0, 100, prefix="parent",
+                                               children=["la_tgt"],
+                                               parent_list=parents)
+
+        children = [item for item in all_objects if item not in parents]
+
+        # create the link source objects and link them to the child/target
+        la_sources = self.create_object_range(0, 100, prefix="la_src")
+        all_objects += la_sources
+
+        for i in range(0, 100):
+            self.modify_object(la_sources[i], "managedBy", children[i])
+
+        expected_links = la_sources
+
+        # modify the children/targets so they come after the link source
+        for x in range(0, 100):
+            self.modify_object(children[x], "displayName", "OU%d" % x)
+
+        # modify the parents, so they now come last in the replication
+        for x in range(0, 100):
+            self.modify_object(parents[x], "displayName", "OU%d" % x)
+
+        # We've now got objects in the following order:
+        # [100 la_source][100 la_target][100 parents (of la_target)]
+
+        links_expected = True
+
+        # Get all the replication data - this code should resend the requests
+        # with GET_TGT and GET_ANC
+        while not self.replication_complete():
+
+            # get the next block of replication data (this sets
+            # GET_TGT/GET_ANC)
+            self.repl_get_next(assert_links=links_expected)
+            links_expected = len(self.rxd_links) < len(expected_links)
+
+        # The way the test objects have been created should force
+        # self.repl_get_next() to use the GET_TGT/GET_ANC flags. If this
+        # doesn't actually happen, then the test isn't doing its job properly
+        self.assertTrue(self.used_get_tgt,
+                        "Test didn't use the GET_TGT flag as expected")
+        self.assertTrue(self.used_get_anc,
+                        "Test didn't use the GET_ANC flag as expected")
+
+        # Check we get all the objects we're expecting
+        self.assert_expected_data(all_objects)
+
+        # Check we received links for all the link sources
+        self.assert_expected_links(expected_links)
+
+        # Second part of test. Add some extra objects and kick off another
+        # replication. The test code will use the HWM from the last replication
+        # so we'll only receive the objects we modify below
+        self.start_new_repl_cycle()
+
+        # add an extra level of grandchildren that hang off a child
+        # that got created last time
+        new_parent = "OU=test_new_parent,%s" % children[0]
+        self.add_object(new_parent)
+        new_children = []
+
+        for x in range(0, 50):
+            dn = "OU=test_new_la_tgt%d,%s" % (x, new_parent)
+            self.add_object(dn)
+            new_children.append(dn)
+
+        # replace half of the links to point to the new children
+        for x in range(0, 50):
+            self.delete_attribute(la_sources[x], "managedBy", children[x])
+            self.modify_object(la_sources[x], "managedBy", new_children[x])
+
+        # add some filler objects to fill up the 1st chunk
+        filler = self.create_object_range(0, 100, prefix="filler")
+
+        # modify the new children/targets so they come after the link source
+        for x in range(0, 50):
+            self.modify_object(new_children[x], "displayName", "OU-%d" % x)
+
+        # modify the parent, so it now comes last in the replication
+        self.modify_object(new_parent, "displayName", "OU%d" % x)
+
+        # We should now get the modified objects in the following order:
+        # [50 links (x 2)][100 filler][50 new children][new parent]
+        # Note that the link sources aren't actually sent (their new linked
+        # attributes are sent, but apart from that, nothing has changed)
+        all_objects = filler + new_children + [new_parent]
+        expected_links = la_sources[:50]
+
+        links_expected = True
+
+        while not self.replication_complete():
+            self.repl_get_next(assert_links=links_expected)
+            links_expected = len(self.rxd_links) < len(expected_links)
+
+        self.assertTrue(self.used_get_tgt,
+                        "Test didn't use the GET_TGT flag as expected")
+        self.assertTrue(self.used_get_anc,
+                        "Test didn't use the GET_ANC flag as expected")
+
+        # Check we get all the objects we're expecting
+        self.assert_expected_data(all_objects)
+
+        # Check we received links (50 deleted links and 50 new)
+        self.assert_expected_links(expected_links, num_expected=100)
+
+    def _repl_integrity_obj_deletion(self, delete_link_source=True):
+        """
+        Tests deleting link objects while a replication is in progress.
+        """
+
+        # create some objects and link them together, with some filler
+        # object in between the link sources
+        la_sources = self.create_object_range(0, 100, prefix="la_source")
+        la_targets = self.create_object_range(0, 100, prefix="la_targets")
+
+        for i in range(0, 50):
+            self.modify_object(la_sources[i], "managedBy", la_targets[i])
+
+        filler = self.create_object_range(0, 100, prefix="filler")
+
+        for i in range(50, 100):
+            self.modify_object(la_sources[i], "managedBy", la_targets[i])
+
+        # touch the targets so that the sources get replicated first
+        for i in range(0, 100):
+            self.modify_object(la_targets[i], "displayName", "OU%d" % i)
+
+        # objects should now be in the following USN order:
+        # [50 la_source][100 filler][50 la_source][100 la_target]
+
+        # Get the first block containing 50 link sources
+        self.repl_get_next()
+
+        # delete either the link targets or link source objects
+        if delete_link_source:
+            objects_to_delete = la_sources
+            # in GET_TGT testenvs we only receive the first 50 source objects
+            expected_objects = la_sources[:50] + la_targets + filler
+        else:
+            objects_to_delete = la_targets
+            expected_objects = la_sources + filler
+
+        for obj in objects_to_delete:
+            self.ldb_dc2.delete(obj)
+
+        # complete the replication
+        while not self.replication_complete():
+            self.repl_get_next()
+
+        # Check we get all the objects we're expecting
+        self.assert_expected_data(expected_objects)
+
+        # we can't use assert_expected_links() here because it tries to check
+        # against the deleted objects on the DC. (Although we receive some
+        # links from the first block processed, the Samba client should end up
+        # deleting these, as the source/target object involved is deleted)
+        self.assertTrue(len(self.rxd_links) == 50,
+                        "Expected 50 links, not %d" % len(self.rxd_links))
+
+    def test_repl_integrity_src_obj_deletion(self):
+        self._repl_integrity_obj_deletion(delete_link_source=True)
+
+    def test_repl_integrity_tgt_obj_deletion(self):
+        self._repl_integrity_obj_deletion(delete_link_source=False)
+
+    def restore_deleted_object(self, guid, new_dn):
+        """Re-animates a deleted object"""
+
+        guid_str = self._GUID_string(guid)
+        res = self.test_ldb_dc.search(base="<GUID=%s>" % guid_str,
+                                      attrs=["isDeleted"],
+                                      controls=['show_deleted:1'],
+                                      scope=ldb.SCOPE_BASE)
+        if len(res) != 1:
+            return
+
+        msg = ldb.Message()
+        msg.dn = res[0].dn
+        msg["isDeleted"] = ldb.MessageElement([], ldb.FLAG_MOD_DELETE,
+                                              "isDeleted")
+        msg["distinguishedName"] = ldb.MessageElement([new_dn],
+                                                      ldb.FLAG_MOD_REPLACE,
+                                                      "distinguishedName")
+        self.test_ldb_dc.modify(msg, ["show_deleted:1"])
+
+    def sync_DCs(self, nc_dn=None):
+        # make sure DC1 has all the changes we've made to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2,
+                                nc_dn=nc_dn)
+
+    def get_object_guid(self, dn):
+        res = self.test_ldb_dc.search(base=dn, attrs=["objectGUID"],
+                                      scope=ldb.SCOPE_BASE)
+        return res[0]['objectGUID'][0]
+
+    def set_dc_connection(self, conn):
+        """
+        Switches over the connection state info that the underlying drs_base
+        class uses so that we replicate with a different DC.
+        """
+        self.default_hwm = conn.default_hwm
+        self.default_utdv = conn.default_utdv
+        self.drs = conn.drs
+        self.drs_handle = conn.drs_handle
+        self.set_test_ldb_dc(conn.ldb_dc)
+
+    def assert_DCs_replication_is_consistent(self, peer_conn, all_objects,
+                                             expected_links):
+        """
+        Replicates against both the primary and secondary DCs in the testenv
+        and checks that both return the expected results.
+        """
+        print("Checking replication against primary test DC...")
+
+        # get the replication data from the test DC first
+        while not self.replication_complete():
+            self.repl_get_next()
+
+        # Check we get all the objects and links we're expecting
+        self.assert_expected_data(all_objects)
+        self.assert_expected_links(expected_links)
+
+        # switch over the DC state info so we now talk to the peer DC
+        self.set_dc_connection(peer_conn)
+        self.init_test_state()
+
+        print("Checking replication against secondary test DC...")
+
+        # check that we get the same information from the 2nd DC
+        while not self.replication_complete():
+            self.repl_get_next()
+
+        self.assert_expected_data(all_objects)
+        self.assert_expected_links(expected_links)
+
+        # switch back to using the default connection
+        self.set_dc_connection(self.default_conn)
+
+    def test_repl_integrity_obj_reanimation(self):
+        """
+        Checks receiving links for a re-animated object doesn't lose links.
+        We test this against the peer DC to make sure it doesn't drop links.
+        """
+
+        # This test is a little different in that we're particularly interested
+        # in exercising the replmd client code on the second DC.
+        # First, make sure the peer DC has the base OU, then connect to it (so
+        # we store its initial HWM)
+        self.sync_DCs()
+        peer_conn = DcConnection(self, self.ldb_dc1, self.dnsname_dc1)
+
+        # create the link source/target objects
+        la_sources = self.create_object_range(0, 100, prefix="la_src")
+        la_targets = self.create_object_range(0, 100, prefix="la_tgt")
+
+        # store the target object's GUIDs (we need to know these to
+        # reanimate them)
+        target_guids = []
+
+        for dn in la_targets:
+            target_guids.append(self.get_object_guid(dn))
+
+        # delete the link target
+        for x in range(0, 100):
+            self.ldb_dc2.delete(la_targets[x])
+
+        # sync the DCs, then disable replication. We want the peer DC to get
+        # all the following changes in a single replication cycle
+        self.sync_DCs()
+        self._disable_all_repl(self.dnsname_dc2)
+
+        # restore the target objects for the linked attributes again
+        for x in range(0, 100):
+            self.restore_deleted_object(target_guids[x], la_targets[x])
+
+        # add the links
+        for x in range(0, 100):
+            self.modify_object(la_sources[x], "managedBy", la_targets[x])
+
+        # create some additional filler objects
+        filler = self.create_object_range(0, 100, prefix="filler")
+
+        # modify the targets so they now come last
+        for x in range(0, 100):
+            self.modify_object(la_targets[x], "displayName", "OU-%d" % x)
+
+        # the objects should now be sent in the following order:
+        # [la sources + links][filler][la targets]
+        all_objects = la_sources + la_targets + filler
+        expected_links = la_sources
+
+        # Enable replication again make sure the 2 DCs are back in sync
+        self._enable_all_repl(self.dnsname_dc2)
+        self.sync_DCs()
+
+        # Get the replication data from each DC in turn.
+        # Check that both give us all the objects and links we're expecting,
+        # i.e. no links were lost
+        self.assert_DCs_replication_is_consistent(peer_conn, all_objects,
+                                                  expected_links)
+
+    def _test_repl_integrity_cross_partition_links(self, get_tgt=False):
+        """
+        Checks that a cross-partition link to an unknown target object does
+        not result in missing links.
+        """
+
+        # check the peer DC is up-to-date, then connect (storing its HWM)
+        self.sync_DCs()
+        peer_conn = DcConnection(self, self.ldb_dc1, self.dnsname_dc1)
+
+        # stop replication so the peer gets the following objects in one go
+        self._disable_all_repl(self.dnsname_dc2)
+
+        # optionally force the client-side to use GET_TGT locally, by adding a
+        # one-way link to a missing/deleted target object
+        if get_tgt:
+            missing_target = "OU=missing_tgt,%s" % self.ou
+            self.add_object(missing_target)
+            get_tgt_source = "CN=get_tgt_src,%s" % self.ou
+            self.add_object(get_tgt_source,
+                            objectclass="msExchConfigurationContainer")
+            self.modify_object(get_tgt_source, "addressBookRoots2",
+                               missing_target)
+            self.test_ldb_dc.delete(missing_target)
+
+        # create a link source object in the main NC
+        la_source = "OU=cross_nc_src,%s" % self.ou
+        self.add_object(la_source)
+
+        # create the link target (a server object) in the config NC
+        sites_dn = "CN=Sites,%s" % self.config_dn
+        servers_dn = "CN=Servers,CN=Default-First-Site-Name,%s" % sites_dn
+        rand = random.randint(1, 10000000)
+        la_target = "CN=getncchanges-%d,%s" % (rand, servers_dn)
+        self.add_object(la_target, objectclass="server")
+
+        # add a cross-partition link between the two
+        self.modify_object(la_source, "managedBy", la_target)
+
+        # First, sync to the peer the NC containing the link source object
+        self.sync_DCs()
+
+        # Now, before the peer has received the partition containing the target
+        # object, try replicating from the peer. It will only know about half
+        # of the link at this point, but it should be a valid scenario
+        self.set_dc_connection(peer_conn)
+
+        while not self.replication_complete():
+            # pretend we've received other link targets out of order and that's
+            # forced us to use GET_TGT. This checks the peer doesn't fail
+            # trying to fetch a cross-partition target object that doesn't
+            # exist
+            self.repl_get_next(get_tgt=True)
+
+        self.set_dc_connection(self.default_conn)
+
+        # delete the GET_TGT test object. We're not interested in asserting its
+        # links - it was just there to make the client use GET_TGT (and it
+        # creates an inconsistency because one DC correctly ignores the link,
+        # because it points to a deleted object)
+        if get_tgt:
+            self.test_ldb_dc.delete(get_tgt_source)
+
+        self.init_test_state()
+
+        # Now sync across the partition containing the link target object
+        self.sync_DCs(nc_dn=self.config_dn)
+        self._enable_all_repl(self.dnsname_dc2)
+
+        # Get the replication data from each DC in turn.
+        # Check that both return the cross-partition link (note we're not
+        # checking the config domain NC here for simplicity)
+        self.assert_DCs_replication_is_consistent(peer_conn,
+                                                  all_objects=[la_source],
+                                                  expected_links=[la_source])
+
+        # the cross-partition linked attribute has a missing backlink. Check
+        # that we can still delete it successfully
+        self.delete_attribute(la_source, "managedBy", la_target)
+        self.sync_DCs()
+
+        res = self.test_ldb_dc.search(ldb.Dn(self.ldb_dc1, la_source),
+                                      attrs=["managedBy"],
+                                      controls=['extended_dn:1:0'],
+                                      scope=ldb.SCOPE_BASE)
+        self.assertFalse("managedBy" in res[0],
+                         "%s in DB still has managedBy attribute" % la_source)
+        res = self.test_ldb_dc.search(ldb.Dn(self.ldb_dc2, la_source),
+                                      attrs=["managedBy"],
+                                      controls=['extended_dn:1:0'],
+                                      scope=ldb.SCOPE_BASE)
+        self.assertFalse("managedBy" in res[0],
+                         "%s in DB still has managedBy attribute" % la_source)
+
+        # Check receiving a cross-partition link to a deleted target.
+        # Delete the target and make sure the deletion is sync'd between DCs
+        target_guid = self.get_object_guid(la_target)
+        self.test_ldb_dc.delete(la_target)
+        self.sync_DCs(nc_dn=self.config_dn)
+        self._disable_all_repl(self.dnsname_dc2)
+
+        # re-animate the target
+        self.restore_deleted_object(target_guid, la_target)
+        self.modify_object(la_source, "managedBy", la_target)
+
+        # now sync the link - because the target is in another partition, the
+        # peer DC receives a link for a deleted target, which it should accept
+        self.sync_DCs()
+        res = self.test_ldb_dc.search(ldb.Dn(self.ldb_dc1, la_source),
+                                      attrs=["managedBy"],
+                                      controls=['extended_dn:1:0'],
+                                      scope=ldb.SCOPE_BASE)
+        self.assertTrue("managedBy" in res[0],
+                        "%s in DB missing managedBy attribute" % la_source)
+
+        # cleanup the server object we created in the Configuration partition
+        self.test_ldb_dc.delete(la_target)
+        self._enable_all_repl(self.dnsname_dc2)
+
+    def test_repl_integrity_cross_partition_links(self):
+        self._test_repl_integrity_cross_partition_links(get_tgt=False)
+
+    def test_repl_integrity_cross_partition_links_with_tgt(self):
+        self._test_repl_integrity_cross_partition_links(get_tgt=True)
+
+    def test_repl_get_tgt_multivalued_links(self):
+        """Tests replication with multi-valued link attributes."""
+
+        # create the target/source objects and link them together
+        la_targets = self.create_object_range(0, 500, prefix="la_tgt")
+        la_source = "CN=la_src,%s" % self.ou
+        self.add_object(la_source, objectclass="msExchConfigurationContainer")
+
+        for tgt in la_targets:
+            self.modify_object(la_source, "addressBookRoots2", tgt)
+
+        filler = self.create_object_range(0, 100, prefix="filler")
+
+        # We should receive the objects/links in the following order:
+        # [500 targets + 1 source][500 links][100 filler]
+        expected_objects = la_targets + [la_source] + filler
+        link_only_chunk = False
+
+        # First do the replication without needing GET_TGT
+        while not self.replication_complete():
+            ctr6 = self.repl_get_next()
+
+            if ctr6.object_count == 0 and ctr6.linked_attributes_count != 0:
+                link_only_chunk = True
+
+        # we should receive one chunk that contains only links
+        self.assertTrue(link_only_chunk,
+                        "Expected to receive a chunk containing only links")
+
+        # check we received all the expected objects/links
+        self.assert_expected_data(expected_objects)
+        self.assert_expected_links([la_source], link_attr="addressBookRoots2",
+                                   num_expected=500)
+
+        # Do the replication again, forcing the use of GET_TGT this time
+        self.init_test_state()
+
+        for x in range(0, 500):
+            self.modify_object(la_targets[x], "displayName", "OU-%d" % x)
+
+        # The objects/links should get sent in the following order:
+        # [1 source][500 targets][500 links][100 filler]
+
+        while not self.replication_complete():
+            ctr6 = self.repl_get_next()
+
+        self.assertTrue(self.used_get_tgt,
+                        "Test didn't use the GET_TGT flag as expected")
+
+        # check we received all the expected objects/links
+        self.assert_expected_data(expected_objects)
+        self.assert_expected_links([la_source], link_attr="addressBookRoots2",
+                                   num_expected=500)
+
+
+    def test_InvalidNC_DummyDN_InvalidGUID_full_repl(self):
+        """Test full replication on a totally invalid GUID fails with the right error code"""
+        dc_guid_1 = self.ldb_dc1.get_invocation_id()
+        drs, drs_handle = self._ds_bind(self.dnsname_dc1, ip=self.url_dc1)
+
+        req8 = self._exop_req8(dest_dsa="9c637462-5b8c-4467-aef2-bdb1f57bc4ef",
+                               invocation_id=dc_guid_1,
+                               nc_dn_str="DummyDN",
+                               nc_guid=misc.GUID("c2d2f745-1610-4e93-964b-d4ba73eb32f8"),
+                               exop=drsuapi.DRSUAPI_EXOP_NONE,
+                               max_objects=1)
+
+        (drs, drs_handle) = self._ds_bind(self.dnsname_dc1, ip=self.url_dc1)
+        try:
+            (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
+        except WERRORError as e1:
+            (enum, estr) = e1.args
+            self.assertEqual(enum, werror.WERR_DS_DRA_BAD_NC)
+
+    def test_DummyDN_valid_GUID_full_repl(self):
+        dc_guid_1 = self.ldb_dc1.get_invocation_id()
+        drs, drs_handle = self._ds_bind(self.dnsname_dc1, ip=self.url_dc1)
+
+        res = self.ldb_dc1.search(base=self.base_dn, scope=SCOPE_BASE,
+                                  attrs=["objectGUID"])
+
+        guid = misc.GUID(res[0]["objectGUID"][0])
+
+        req8 = self._exop_req8(dest_dsa=None,
+                               invocation_id=dc_guid_1,
+                               nc_dn_str="DummyDN",
+                               nc_guid=guid,
+                               replica_flags=drsuapi.DRSUAPI_DRS_WRIT_REP |
+                               drsuapi.DRSUAPI_DRS_GET_ANC,
+                               exop=drsuapi.DRSUAPI_EXOP_NONE,
+                               max_objects=1)
+
+        try:
+            (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
+        except WERRORError as e1:
+            (enum, estr) = e1.args
+            self.fail(f"Failed to call GetNCChanges with DummyDN and a GUID: {estr}")
+
+        # The NC should be the first object returned due to GET_ANC
+        self.assertEqual(ctr.first_object.object.identifier.guid, guid)
+
+    def _test_do_full_repl_no_overlap(self, mix=True, get_anc=False):
+        self.default_hwm = drsuapi.DsReplicaHighWaterMark()
+
+        # We set get_anc=True so we can assert the BASE DN will be the
+        # first object
+        ctr6 = self._repl_send_request(get_anc=get_anc)
+        guid_list_1 = self._get_ctr6_object_guids(ctr6)
+
+        if mix:
+            dc_guid_1 = self.ldb_dc1.get_invocation_id()
+
+            req8 = self._exop_req8(dest_dsa=None,
+                                   invocation_id=dc_guid_1,
+                                   nc_dn_str=self.ldb_dc1.get_default_basedn(),
+                                   exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ)
+
+            (level, ctr_repl_obj) = self.drs.DsGetNCChanges(self.drs_handle, 8, req8)
+
+            self.assertEqual(ctr_repl_obj.extended_ret, drsuapi.DRSUAPI_EXOP_ERR_SUCCESS)
+
+            repl_obj_guid_list = self._get_ctr6_object_guids(ctr_repl_obj)
+
+            self.assertEqual(len(repl_obj_guid_list), 1)
+
+            # This should be the first object in the main replication due
+            # to get_anc=True above in one case, and a rule that the NC must be first regardless otherwise
+            self.assertEqual(repl_obj_guid_list[0], guid_list_1[0])
+
+        self.last_ctr = ctr6
+        ctr6 = self._repl_send_request(get_anc=True)
+        guid_list_2 = self._get_ctr6_object_guids(ctr6)
+
+        self.assertNotEqual(guid_list_1, guid_list_2)
+
+    def test_do_full_repl_no_overlap_get_anc(self):
+        """
+        Make sure that a full replication on an nc succeeds to the goal despite needing multiple passes
+        """
+        self._test_do_full_repl_no_overlap(mix=False, get_anc=True)
+
+    def test_do_full_repl_no_overlap(self):
+        """
+        Make sure that a full replication on an nc succeeds to the goal despite needing multiple passes
+        """
+        self._test_do_full_repl_no_overlap(mix=False)
+
+    def test_do_full_repl_mix_no_overlap(self):
+        """
+        Make sure that a full replication on an nc succeeds to the goal despite needing multiple passes
+
+        Assert this is true even if we do a REPL_OBJ in between the replications
+
+        """
+        self._test_do_full_repl_no_overlap(mix=True)
+
+    def nc_change(self):
+        old_base_msg = self.default_conn.ldb_dc.search(base=self.base_dn,
+                                                       scope=SCOPE_BASE,
+                                                       attrs=["oEMInformation"])
+        rec_cleanup = {"dn": self.base_dn,
+                       "oEMInformation": old_base_msg[0]["oEMInformation"][0]}
+        m_cleanup = ldb.Message.from_dict(self.default_conn.ldb_dc,
+                                          rec_cleanup,
+                                          ldb.FLAG_MOD_REPLACE)
+
+        self.addCleanup(self.default_conn.ldb_dc.modify, m_cleanup)
+
+        rec = {"dn": self.base_dn,
+               "oEMInformation": f"Tortured by Samba's getncchanges.py {self.id()} against {self.default_conn.dnsname_dc}"}
+        m = ldb.Message.from_dict(self.default_conn.ldb_dc, rec, ldb.FLAG_MOD_REPLACE)
+        self.default_conn.ldb_dc.modify(m)
+
+    def _test_repl_nc_is_first(self, start_at_zero=True, nc_change=True, ou_change=True, mid_change=False):
+        """Tests that the NC is always replicated first, but does not move the
+           tmp_highest_usn at that point, just like 'early' GET_ANC objects.
+        """
+
+        # create objects, twice more than the page size of 133
+        objs = self.create_object_range(0, 300, prefix="obj")
+
+        if nc_change:
+            self.nc_change()
+
+        if mid_change:
+            # create even more objects
+            objs = self.create_object_range(301, 450, prefix="obj2")
+
+        base_msg = self.default_conn.ldb_dc.search(base=self.base_dn,
+                                                   scope=SCOPE_BASE,
+                                                   attrs=["uSNChanged",
+                                                          "objectGUID"])
+
+        base_guid = misc.GUID(base_msg[0]["objectGUID"][0])
+        base_usn = int(base_msg[0]["uSNChanged"][0])
+
+        if ou_change:
+            # Make one more modification.  We want to assert we have
+            # caught up to the base DN, but Windows both promotes the NC
+            # to the front and skips including it in the tmp_highest_usn,
+            # so we make a later modification that will be to show we get
+            # this change.
+            rec = {"dn": self.ou,
+                   "postalCode": "0"}
+            m = ldb.Message.from_dict(self.default_conn.ldb_dc, rec, ldb.FLAG_MOD_REPLACE)
+            self.default_conn.ldb_dc.modify(m)
+
+        ou_msg = self.default_conn.ldb_dc.search(base=self.ou,
+                                                   scope=SCOPE_BASE,
+                                                   attrs=["uSNChanged",
+                                                          "objectGUID"])
+
+        ou_guid = misc.GUID(ou_msg[0]["objectGUID"][0])
+        ou_usn = int(ou_msg[0]["uSNChanged"][0])
+
+        # Check some predicates about USN ordering that the below tests will rely on
+        if ou_change and nc_change:
+            self.assertGreater(ou_usn, base_usn)
+        elif not ou_change and nc_change:
+            self.assertGreater(base_usn, ou_usn)
+
+        ctr6 = self.repl_get_next()
+
+        guid_list_1 = self._get_ctr6_object_guids(ctr6)
+        if nc_change or start_at_zero:
+            self.assertEqual(base_guid, misc.GUID(guid_list_1[0]))
+            self.assertIn(str(base_guid), guid_list_1)
+            self.assertNotIn(str(base_guid), guid_list_1[1:])
+        else:
+            self.assertNotEqual(base_guid, misc.GUID(guid_list_1[0]))
+            self.assertNotIn(str(base_guid), guid_list_1)
+
+        self.assertTrue(ctr6.more_data)
+
+        if not ou_change and nc_change:
+            self.assertLess(ctr6.new_highwatermark.tmp_highest_usn, base_usn)
+
+        i = 0
+        while not self.replication_complete():
+            i = i + 1
+            last_tmp_highest_usn = ctr6.new_highwatermark.tmp_highest_usn
+            ctr6 = self.repl_get_next()
+            guid_list_2 = self._get_ctr6_object_guids(ctr6)
+            if len(guid_list_2) > 0:
+                self.assertNotEqual(last_tmp_highest_usn, ctr6.new_highwatermark.tmp_highest_usn)
+
+            if (nc_change or start_at_zero) and base_usn > last_tmp_highest_usn:
+                self.assertEqual(base_guid, misc.GUID(guid_list_2[0]),
+                                 f"pass={i} more_data={ctr6.more_data} base_usn={base_usn} tmp_highest_usn={ctr6.new_highwatermark.tmp_highest_usn} last_tmp_highest_usn={last_tmp_highest_usn}")
+                self.assertIn(str(base_guid), guid_list_2,
+                                 f"pass {i}·more_data={ctr6.more_data} base_usn={base_usn} tmp_highest_usn={ctr6.new_highwatermark.tmp_highest_usn} last_tmp_highest_usn={last_tmp_highest_usn}")
+            else:
+                self.assertNotIn(str(base_guid), guid_list_2,
+                                 f"pass {i}·more_data={ctr6.more_data} base_usn={base_usn} tmp_highest_usn={ctr6.new_highwatermark.tmp_highest_usn} last_tmp_highest_usn={last_tmp_highest_usn}")
+
+        if ou_change:
+            # The modification to the base OU should be in the final chunk
+            self.assertIn(str(ou_guid), guid_list_2)
+            self.assertGreaterEqual(ctr6.new_highwatermark.highest_usn,
+                                    ou_usn)
+        else:
+            # Show that the NC root change does not show up in the
+            # highest_usn.  We either get the change before or after
+            # it.
+            self.assertNotEqual(ctr6.new_highwatermark.highest_usn,
+                                base_usn)
+        self.assertEqual(ctr6.new_highwatermark.highest_usn,
+                          ctr6.new_highwatermark.tmp_highest_usn)
+
+        self.assertFalse(ctr6.more_data)
+
+    def test_repl_nc_is_first_start_zero_nc_change(self):
+        self.default_hwm = drsuapi.DsReplicaHighWaterMark()
+        self._test_repl_nc_is_first(start_at_zero=True, nc_change=True, ou_change=True)
+
+    def test_repl_nc_is_first_start_zero(self):
+        # Get the NC change in the middle of the replication stream, certainly not at the start or end
+        self.nc_change()
+        self.default_hwm = drsuapi.DsReplicaHighWaterMark()
+        self._test_repl_nc_is_first(start_at_zero=True, nc_change=False, ou_change=False)
+
+    def test_repl_nc_is_first_mid(self):
+        # This is a modification of the next test, that Samba
+        # will pass as it will always include the NC in the
+        # tmp_highest_usn at the point where it belongs
+        self._test_repl_nc_is_first(start_at_zero=False,
+                                    nc_change=True,
+                                    ou_change=True,
+                                    mid_change=True)
+
+    def test_repl_nc_is_first(self):
+        # This is a modification of the next test, that Samba
+        # will pass as it will always include the NC in the
+        # tmp_highest_usn at the point where it belongs
+        self._test_repl_nc_is_first(start_at_zero=False, nc_change=True, ou_change=True)
+
+    def test_repl_nc_is_first_nc_change_only(self):
+        # This shows that the NC change is not reflected in the tmp_highest_usn
+        self._test_repl_nc_is_first(start_at_zero=False, nc_change=True, ou_change=False)
+
+    def test_repl_nc_is_first_no_change(self):
+        # The NC should not be present in this replication
+        self._test_repl_nc_is_first(start_at_zero=False, nc_change=False, ou_change=False)
+
+class DcConnection:
+    """Helper class to track a connection to another DC"""
+
+    def __init__(self, drs_base, ldb_dc, dnsname_dc):
+        self.ldb_dc = ldb_dc
+        (self.drs, self.drs_handle) = drs_base._ds_bind(dnsname_dc)
+        (self.default_hwm, utdv) = drs_base._get_highest_hwm_utdv(ldb_dc)
+        self.default_utdv = utdv
+        self.dnsname_dc = dnsname_dc
diff --git a/source4/torture/drs/python/link_conflicts.py b/source4/torture/drs/python/link_conflicts.py
new file mode 100644
index 0000000..d344b7e
--- /dev/null
+++ b/source4/torture/drs/python/link_conflicts.py
@@ -0,0 +1,763 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# Tests replication scenarios that involve conflicting linked attribute
+# information between the 2 DCs.
+#
+# Copyright (C) Catalyst.Net Ltd. 2017
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+#
+# Usage:
+#  export DC1=dc1_dns_name
+#  export DC2=dc2_dns_name
+#  export SUBUNITRUN=$samba4srcdir/scripting/bin/subunitrun
+#  PYTHONPATH="$PYTHONPATH:$samba4srcdir/torture/drs/python" $SUBUNITRUN \
+#       link_conflicts -U"$DOMAIN/$DC_USERNAME"%"$DC_PASSWORD"
+#
+
+import drs_base
+import samba.tests
+import ldb
+from ldb import SCOPE_BASE
+import random
+import time
+
+from drs_base import AbstractLink
+from samba.dcerpc import drsuapi, misc
+from samba.dcerpc.drsuapi import DRSUAPI_EXOP_ERR_SUCCESS
+
+# specifies the order to sync DCs in
+DC1_TO_DC2 = 1
+DC2_TO_DC1 = 2
+
+
+class DrsReplicaLinkConflictTestCase(drs_base.DrsBaseTestCase):
+    def setUp(self):
+        super(DrsReplicaLinkConflictTestCase, self).setUp()
+
+        self.ou = samba.tests.create_test_ou(self.ldb_dc1,
+                                             "test_link_conflict")
+        self.base_dn = self.ldb_dc1.get_default_basedn()
+
+        (self.drs, self.drs_handle) = self._ds_bind(self.dnsname_dc1)
+        (self.drs2, self.drs2_handle) = self._ds_bind(self.dnsname_dc2)
+
+        # disable replication for the tests so we can control at what point
+        # the DCs try to replicate
+        self._disable_inbound_repl(self.dnsname_dc1)
+        self._disable_inbound_repl(self.dnsname_dc2)
+
+    def tearDown(self):
+        # re-enable replication
+        self._enable_inbound_repl(self.dnsname_dc1)
+        self._enable_inbound_repl(self.dnsname_dc2)
+        self.ldb_dc1.delete(self.ou, ["tree_delete:1"])
+        super(DrsReplicaLinkConflictTestCase, self).tearDown()
+
+    def get_guid(self, samdb, dn):
+        """Returns an object's GUID (in string format)"""
+        res = samdb.search(base=dn, attrs=["objectGUID"], scope=ldb.SCOPE_BASE)
+        return self._GUID_string(res[0]['objectGUID'][0])
+
+    def add_object(self, samdb, dn, objectclass="organizationalunit"):
+        """Adds an object"""
+        samdb.add({"dn": dn, "objectclass": objectclass})
+        return self.get_guid(samdb, dn)
+
+    def modify_object(self, samdb, dn, attr, value):
+        """Modifies an attribute for an object"""
+        m = ldb.Message()
+        m.dn = ldb.Dn(samdb, dn)
+        m[attr] = ldb.MessageElement(value, ldb.FLAG_MOD_ADD, attr)
+        samdb.modify(m)
+
+    def add_link_attr(self, samdb, source_dn, attr, target_dn):
+        """Adds a linked attribute between 2 objects"""
+        # add the specified attribute to the source object
+        self.modify_object(samdb, source_dn, attr, target_dn)
+
+    def del_link_attr(self, samdb, src, attr, target):
+        m = ldb.Message()
+        m.dn = ldb.Dn(samdb, src)
+        m[attr] = ldb.MessageElement(target, ldb.FLAG_MOD_DELETE, attr)
+        samdb.modify(m)
+
+    def sync_DCs(self, sync_order=DC1_TO_DC2):
+        """Manually syncs the 2 DCs to ensure they're in sync"""
+        if sync_order == DC1_TO_DC2:
+            # sync DC1-->DC2, then DC2-->DC1
+            self._net_drs_replicate(DC=self.dnsname_dc2,
+                                    fromDC=self.dnsname_dc1)
+            self._net_drs_replicate(DC=self.dnsname_dc1,
+                                    fromDC=self.dnsname_dc2)
+        else:
+            # sync DC2-->DC1, then DC1-->DC2
+            self._net_drs_replicate(DC=self.dnsname_dc1,
+                                    fromDC=self.dnsname_dc2)
+            self._net_drs_replicate(DC=self.dnsname_dc2,
+                                    fromDC=self.dnsname_dc1)
+
+    def ensure_unique_timestamp(self):
+        """Waits a second to ensure a unique timestamp between 2 objects"""
+        time.sleep(1)
+
+    def unique_dn(self, obj_name):
+        """Returns a unique object DN"""
+        # Because we run each test case twice, we need to create a unique DN so
+        # that the 2nd run doesn't hit objects that already exist. Add some
+        # randomness to the object DN to make it unique
+        rand = random.randint(1, 10000000)
+        return "%s-%d,%s" % (obj_name, rand, self.ou)
+
+    def assert_attrs_match(self, res1, res2, attr, expected_count):
+        """
+        Asserts that the search results contain the expected number of
+        attributes and the results match on both DCs
+        """
+        actual_len = len(res1[0][attr])
+        self.assertTrue(actual_len == expected_count,
+                        "Expected %u %s attributes, got %u" % (expected_count,
+                                                               attr,
+                                                               actual_len))
+        actual_len = len(res2[0][attr])
+        self.assertTrue(actual_len == expected_count,
+                        "Expected %u %s attributes, got %u" % (expected_count,
+                                                               attr,
+                                                               actual_len))
+
+        # check DCs both agree on the same linked attributes
+        for val in res1[0][attr]:
+            self.assertTrue(val in res2[0][attr],
+                            "%s '%s' not found on DC2" % (attr, val))
+
+    def zero_highwatermark(self):
+        """Returns a zeroed highwatermark so that all DRS data gets returned"""
+        hwm = drsuapi.DsReplicaHighWaterMark()
+        hwm.tmp_highest_usn = 0
+        hwm.reserved_usn = 0
+        hwm.highest_usn = 0
+        return hwm
+
+    def _check_replicated_links(self, src_obj_dn, expected_links):
+        """Checks that replication sends back the expected linked attributes"""
+        self._check_replication([src_obj_dn],
+                                drsuapi.DRSUAPI_DRS_WRIT_REP,
+                                dest_dsa=None,
+                                drs_error=drsuapi.DRSUAPI_EXOP_ERR_SUCCESS,
+                                nc_dn_str=src_obj_dn,
+                                exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ,
+                                expected_links=expected_links,
+                                highwatermark=self.zero_highwatermark())
+
+        # Check DC2 as well
+        self.set_test_ldb_dc(self.ldb_dc2)
+
+        self._check_replication([src_obj_dn],
+                                drsuapi.DRSUAPI_DRS_WRIT_REP,
+                                dest_dsa=None,
+                                drs_error=drsuapi.DRSUAPI_EXOP_ERR_SUCCESS,
+                                nc_dn_str=src_obj_dn,
+                                exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ,
+                                expected_links=expected_links,
+                                highwatermark=self.zero_highwatermark(),
+                                drs=self.drs2, drs_handle=self.drs2_handle)
+        self.set_test_ldb_dc(self.ldb_dc1)
+
+    def _test_conflict_single_valued_link(self, sync_order):
+        """
+        Tests a simple single-value link conflict, i.e. each DC adds a link to
+        the same source object but linking to different targets.
+        """
+        src_ou = self.unique_dn("OU=src")
+        src_guid = self.add_object(self.ldb_dc1, src_ou)
+        self.sync_DCs()
+
+        # create a unique target on each DC
+        target1_ou = self.unique_dn("OU=target1")
+        target2_ou = self.unique_dn("OU=target2")
+
+        target1_guid = self.add_object(self.ldb_dc1, target1_ou)
+        target2_guid = self.add_object(self.ldb_dc2, target2_ou)
+
+        # link the test OU to the respective targets created
+        self.add_link_attr(self.ldb_dc1, src_ou, "managedBy", target1_ou)
+        self.ensure_unique_timestamp()
+        self.add_link_attr(self.ldb_dc2, src_ou, "managedBy", target2_ou)
+
+        # sync the 2 DCs
+        self.sync_DCs(sync_order=sync_order)
+
+        res1 = self.ldb_dc1.search(base="<GUID=%s>" % src_guid,
+                                   scope=SCOPE_BASE, attrs=["managedBy"])
+        res2 = self.ldb_dc2.search(base="<GUID=%s>" % src_guid,
+                                   scope=SCOPE_BASE, attrs=["managedBy"])
+
+        # check the object has only have one occurrence of the single-valued
+        # attribute and it matches on both DCs
+        self.assert_attrs_match(res1, res2, "managedBy", 1)
+
+        self.assertTrue(str(res1[0]["managedBy"][0]) == target2_ou,
+                        "Expected most recent update to win conflict")
+
+        # we can't query the deleted links over LDAP, but we can check DRS
+        # to make sure the DC kept a copy of the conflicting link
+        link1 = AbstractLink(drsuapi.DRSUAPI_ATTID_managedBy, 0,
+                             misc.GUID(src_guid), misc.GUID(target1_guid))
+        link2 = AbstractLink(drsuapi.DRSUAPI_ATTID_managedBy,
+                             drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE,
+                             misc.GUID(src_guid), misc.GUID(target2_guid))
+        self._check_replicated_links(src_ou, [link1, link2])
+
+    def test_conflict_single_valued_link(self):
+        # repeat the test twice, to give each DC a chance to resolve
+        # the conflict
+        self._test_conflict_single_valued_link(sync_order=DC1_TO_DC2)
+        self._test_conflict_single_valued_link(sync_order=DC2_TO_DC1)
+
+    def _test_duplicate_single_valued_link(self, sync_order):
+        """
+        Adds the same single-valued link on 2 DCs and checks we don't end up
+        with 2 copies of the link.
+        """
+        # create unique objects for the link
+        target_ou = self.unique_dn("OU=target")
+        self.add_object(self.ldb_dc1, target_ou)
+        src_ou = self.unique_dn("OU=src")
+        src_guid = self.add_object(self.ldb_dc1, src_ou)
+        self.sync_DCs()
+
+        # link the same test OU to the same target on both DCs
+        self.add_link_attr(self.ldb_dc1, src_ou, "managedBy", target_ou)
+        self.ensure_unique_timestamp()
+        self.add_link_attr(self.ldb_dc2, src_ou, "managedBy", target_ou)
+
+        # sync the 2 DCs
+        self.sync_DCs(sync_order=sync_order)
+
+        res1 = self.ldb_dc1.search(base="<GUID=%s>" % src_guid,
+                                   scope=SCOPE_BASE, attrs=["managedBy"])
+        res2 = self.ldb_dc2.search(base="<GUID=%s>" % src_guid,
+                                   scope=SCOPE_BASE, attrs=["managedBy"])
+
+        # check the object has only have one occurrence of the single-valued
+        # attribute and it matches on both DCs
+        self.assert_attrs_match(res1, res2, "managedBy", 1)
+
+    def test_duplicate_single_valued_link(self):
+        # repeat the test twice, to give each DC a chance to resolve
+        # the conflict
+        self._test_duplicate_single_valued_link(sync_order=DC1_TO_DC2)
+        self._test_duplicate_single_valued_link(sync_order=DC2_TO_DC1)
+
+    def _test_conflict_multi_valued_link(self, sync_order):
+        """
+        Tests a simple multi-valued link conflict. This adds 2 objects with the
+        same username on 2 different DCs and checks their group membership is
+        preserved after the conflict is resolved.
+        """
+
+        # create a common link source
+        src_dn = self.unique_dn("CN=src")
+        src_guid = self.add_object(self.ldb_dc1, src_dn, objectclass="group")
+        self.sync_DCs()
+
+        # create the same user (link target) on each DC.
+        # Note that the GUIDs will differ between the DCs
+        target_dn = self.unique_dn("CN=target")
+        target1_guid = self.add_object(self.ldb_dc1, target_dn,
+                                       objectclass="user")
+        self.ensure_unique_timestamp()
+        target2_guid = self.add_object(self.ldb_dc2, target_dn,
+                                       objectclass="user")
+
+        # link the src group to the respective target created
+        self.add_link_attr(self.ldb_dc1, src_dn, "member", target_dn)
+        self.ensure_unique_timestamp()
+        self.add_link_attr(self.ldb_dc2, src_dn, "member", target_dn)
+
+        # sync the 2 DCs. We expect the more recent target2 object to win
+        self.sync_DCs(sync_order=sync_order)
+
+        res1 = self.ldb_dc1.search(base="<GUID=%s>" % src_guid,
+                                   scope=SCOPE_BASE, attrs=["member"])
+        res2 = self.ldb_dc2.search(base="<GUID=%s>" % src_guid,
+                                   scope=SCOPE_BASE, attrs=["member"])
+        target1_conflict = False
+
+        # we expect exactly 2 members in our test group (both DCs should agree)
+        self.assert_attrs_match(res1, res2, "member", 2)
+
+        for val in [str(val) for val in res1[0]["member"]]:
+            # check the expected conflicting object was renamed
+            self.assertFalse("CNF:%s" % target2_guid in val)
+            if "CNF:%s" % target1_guid in val:
+                target1_conflict = True
+
+        self.assertTrue(target1_conflict,
+                        "Expected link to conflicting target object not found")
+
+    def test_conflict_multi_valued_link(self):
+        # repeat the test twice, to give each DC a chance to resolve
+        # the conflict
+        self._test_conflict_multi_valued_link(sync_order=DC1_TO_DC2)
+        self._test_conflict_multi_valued_link(sync_order=DC2_TO_DC1)
+
+    def _test_duplicate_multi_valued_link(self, sync_order):
+        """
+        Adds the same multivalued link on 2 DCs and checks we don't end up
+        with 2 copies of the link.
+        """
+
+        # create the link source/target objects
+        src_dn = self.unique_dn("CN=src")
+        src_guid = self.add_object(self.ldb_dc1, src_dn, objectclass="group")
+        target_dn = self.unique_dn("CN=target")
+        self.add_object(self.ldb_dc1, target_dn, objectclass="user")
+        self.sync_DCs()
+
+        # link the src group to the same target user separately on each DC
+        self.add_link_attr(self.ldb_dc1, src_dn, "member", target_dn)
+        self.ensure_unique_timestamp()
+        self.add_link_attr(self.ldb_dc2, src_dn, "member", target_dn)
+
+        self.sync_DCs(sync_order=sync_order)
+
+        res1 = self.ldb_dc1.search(base="<GUID=%s>" % src_guid,
+                                   scope=SCOPE_BASE, attrs=["member"])
+        res2 = self.ldb_dc2.search(base="<GUID=%s>" % src_guid,
+                                   scope=SCOPE_BASE, attrs=["member"])
+
+        # we expect to still have only 1 member in our test group
+        self.assert_attrs_match(res1, res2, "member", 1)
+
+    def test_duplicate_multi_valued_link(self):
+        # repeat the test twice, to give each DC a chance to resolve
+        # the conflict
+        self._test_duplicate_multi_valued_link(sync_order=DC1_TO_DC2)
+        self._test_duplicate_multi_valued_link(sync_order=DC2_TO_DC1)
+
+    def _test_conflict_backlinks(self, sync_order):
+        """
+        Tests that resolving a source object conflict fixes up any backlinks,
+        e.g. the same user is added to a conflicting group.
+        """
+
+        # create a common link target
+        target_dn = self.unique_dn("CN=target")
+        target_guid = self.add_object(self.ldb_dc1, target_dn,
+                                      objectclass="user")
+        self.sync_DCs()
+
+        # create the same group (link source) on each DC.
+        # Note that the GUIDs will differ between the DCs
+        src_dn = self.unique_dn("CN=src")
+        src1_guid = self.add_object(self.ldb_dc1, src_dn, objectclass="group")
+        self.ensure_unique_timestamp()
+        src2_guid = self.add_object(self.ldb_dc2, src_dn, objectclass="group")
+
+        # link the src group to the respective target created
+        self.add_link_attr(self.ldb_dc1, src_dn, "member", target_dn)
+        self.ensure_unique_timestamp()
+        self.add_link_attr(self.ldb_dc2, src_dn, "member", target_dn)
+
+        # sync the 2 DCs. We expect the more recent src2 object to win
+        self.sync_DCs(sync_order=sync_order)
+
+        res1 = self.ldb_dc1.search(base="<GUID=%s>" % target_guid,
+                                   scope=SCOPE_BASE, attrs=["memberOf"])
+        res2 = self.ldb_dc2.search(base="<GUID=%s>" % target_guid,
+                                   scope=SCOPE_BASE, attrs=["memberOf"])
+        src1_backlink = False
+
+        # our test user should still be a member of 2 groups (check both
+        # DCs agree)
+        self.assert_attrs_match(res1, res2, "memberOf", 2)
+
+        for val in [str(val) for val in res1[0]["memberOf"]]:
+            # check the conflicting object was renamed
+            self.assertFalse("CNF:%s" % src2_guid in val)
+            if "CNF:%s" % src1_guid in val:
+                src1_backlink = True
+
+        self.assertTrue(src1_backlink,
+                        "Backlink to conflicting source object not found")
+
+    def test_conflict_backlinks(self):
+        # repeat the test twice, to give each DC a chance to resolve
+        # the conflict
+        self._test_conflict_backlinks(sync_order=DC1_TO_DC2)
+        self._test_conflict_backlinks(sync_order=DC2_TO_DC1)
+
+    def _test_link_deletion_conflict(self, sync_order):
+        """
+        Checks that a deleted link conflicting with an active link is
+        resolved correctly.
+        """
+
+        # Add the link objects
+        target_dn = self.unique_dn("CN=target")
+        self.add_object(self.ldb_dc1, target_dn, objectclass="user")
+        src_dn = self.unique_dn("CN=src")
+        src_guid = self.add_object(self.ldb_dc1, src_dn, objectclass="group")
+        self.sync_DCs()
+
+        # add the same link on both DCs, and resolve any conflict
+        self.add_link_attr(self.ldb_dc2, src_dn, "member", target_dn)
+        self.ensure_unique_timestamp()
+        self.add_link_attr(self.ldb_dc1, src_dn, "member", target_dn)
+        self.sync_DCs(sync_order=sync_order)
+
+        # delete and re-add the link on one DC
+        self.del_link_attr(self.ldb_dc1, src_dn, "member", target_dn)
+        self.add_link_attr(self.ldb_dc1, src_dn, "member", target_dn)
+
+        # just delete it on the other DC
+        self.ensure_unique_timestamp()
+        self.del_link_attr(self.ldb_dc2, src_dn, "member", target_dn)
+        # sanity-check the link is gone on this DC
+        res1 = self.ldb_dc2.search(base="<GUID=%s>" % src_guid,
+                                   scope=SCOPE_BASE, attrs=["member"])
+        self.assertFalse("member" in res1[0], "Couldn't delete member attr")
+
+        # sync the 2 DCs. We expect the more older DC1 attribute to win
+        # because it has a higher version number (even though it's older)
+        self.sync_DCs(sync_order=sync_order)
+
+        res1 = self.ldb_dc1.search(base="<GUID=%s>" % src_guid,
+                                   scope=SCOPE_BASE, attrs=["member"])
+        res2 = self.ldb_dc2.search(base="<GUID=%s>" % src_guid,
+                                   scope=SCOPE_BASE, attrs=["member"])
+
+        # our test user should still be a member of the group (check both
+        # DCs agree)
+        self.assertTrue("member" in res1[0],
+                        "Expected member attribute missing")
+        self.assert_attrs_match(res1, res2, "member", 1)
+
+    def test_link_deletion_conflict(self):
+        # repeat the test twice, to give each DC a chance to resolve
+        # the conflict
+        self._test_link_deletion_conflict(sync_order=DC1_TO_DC2)
+        self._test_link_deletion_conflict(sync_order=DC2_TO_DC1)
+
+    def _test_obj_deletion_conflict(self, sync_order, del_target):
+        """
+        Checks that a receiving a new link for a deleted object gets
+        resolved correctly.
+        """
+
+        target_dn = self.unique_dn("CN=target")
+        target_guid = self.add_object(self.ldb_dc1, target_dn,
+                                      objectclass="user")
+        src_dn = self.unique_dn("CN=src")
+        src_guid = self.add_object(self.ldb_dc1, src_dn, objectclass="group")
+
+        self.sync_DCs()
+
+        # delete the object on one DC
+        if del_target:
+            search_guid = src_guid
+            self.ldb_dc2.delete(target_dn)
+        else:
+            search_guid = target_guid
+            self.ldb_dc2.delete(src_dn)
+
+        # add a link on the other DC
+        self.ensure_unique_timestamp()
+        self.add_link_attr(self.ldb_dc1, src_dn, "member", target_dn)
+
+        self.sync_DCs(sync_order=sync_order)
+
+        # the object deletion should trump the link addition.
+        # Check the link no longer exists on the remaining object
+        res1 = self.ldb_dc1.search(base="<GUID=%s>" % search_guid,
+                                   scope=SCOPE_BASE,
+                                   attrs=["member", "memberOf"])
+        res2 = self.ldb_dc2.search(base="<GUID=%s>" % search_guid,
+                                   scope=SCOPE_BASE,
+                                   attrs=["member", "memberOf"])
+
+        self.assertFalse("member" in res1[0], "member attr shouldn't exist")
+        self.assertFalse("member" in res2[0], "member attr shouldn't exist")
+        self.assertFalse("memberOf" in res1[0], "member attr shouldn't exist")
+        self.assertFalse("memberOf" in res2[0], "member attr shouldn't exist")
+
+    def test_obj_deletion_conflict(self):
+        # repeat the test twice, to give each DC a chance to resolve
+        # the conflict
+        self._test_obj_deletion_conflict(sync_order=DC1_TO_DC2,
+                                         del_target=True)
+        self._test_obj_deletion_conflict(sync_order=DC2_TO_DC1,
+                                         del_target=True)
+
+        # and also try deleting the source object instead of the link target
+        self._test_obj_deletion_conflict(sync_order=DC1_TO_DC2,
+                                         del_target=False)
+        self._test_obj_deletion_conflict(sync_order=DC2_TO_DC1,
+                                         del_target=False)
+
+    def _test_full_sync_link_conflict(self, sync_order):
+        """
+        Checks that doing a full sync doesn't affect how conflicts get resolved
+        """
+
+        # create the objects for the linked attribute
+        src_dn = self.unique_dn("CN=src")
+        src_guid = self.add_object(self.ldb_dc1, src_dn, objectclass="group")
+        target_dn = self.unique_dn("CN=target")
+        self.add_object(self.ldb_dc1, target_dn, objectclass="user")
+        self.sync_DCs()
+
+        # add the same link on both DCs
+        self.add_link_attr(self.ldb_dc2, src_dn, "member", target_dn)
+        self.ensure_unique_timestamp()
+        self.add_link_attr(self.ldb_dc1, src_dn, "member", target_dn)
+
+        # Do a couple of full syncs which should resolve the conflict
+        # (but only for one DC)
+        if sync_order == DC1_TO_DC2:
+            self._net_drs_replicate(DC=self.dnsname_dc2,
+                                    fromDC=self.dnsname_dc1,
+                                    full_sync=True)
+            self._net_drs_replicate(DC=self.dnsname_dc2,
+                                    fromDC=self.dnsname_dc1,
+                                    full_sync=True)
+        else:
+            self._net_drs_replicate(DC=self.dnsname_dc1,
+                                    fromDC=self.dnsname_dc2,
+                                    full_sync=True)
+            self._net_drs_replicate(DC=self.dnsname_dc1,
+                                    fromDC=self.dnsname_dc2,
+                                    full_sync=True)
+
+        # delete and re-add the link on one DC
+        self.del_link_attr(self.ldb_dc1, src_dn, "member", target_dn)
+        self.ensure_unique_timestamp()
+        self.add_link_attr(self.ldb_dc1, src_dn, "member", target_dn)
+
+        # just delete the link on the 2nd DC
+        self.ensure_unique_timestamp()
+        self.del_link_attr(self.ldb_dc2, src_dn, "member", target_dn)
+
+        # sync the 2 DCs. We expect DC1 to win based on version number
+        self.sync_DCs(sync_order=sync_order)
+
+        res1 = self.ldb_dc1.search(base="<GUID=%s>" % src_guid,
+                                   scope=SCOPE_BASE, attrs=["member"])
+        res2 = self.ldb_dc2.search(base="<GUID=%s>" % src_guid,
+                                   scope=SCOPE_BASE, attrs=["member"])
+
+        # check the membership still exits (and both DCs agree)
+        self.assertTrue("member" in res1[0],
+                        "Expected member attribute missing")
+        self.assert_attrs_match(res1, res2, "member", 1)
+
+    def test_full_sync_link_conflict(self):
+        # repeat the test twice, to give each DC a chance to resolve
+        # the conflict
+        self._test_full_sync_link_conflict(sync_order=DC1_TO_DC2)
+        self._test_full_sync_link_conflict(sync_order=DC2_TO_DC1)
+
+    def _singleval_link_conflict_deleted_winner(self, sync_order):
+        """
+        Tests a single-value link conflict where the more-up-to-date link value
+        is deleted.
+        """
+        src_ou = self.unique_dn("OU=src")
+        src_guid = self.add_object(self.ldb_dc1, src_ou)
+        self.sync_DCs()
+
+        # create a unique target on each DC
+        target1_ou = self.unique_dn("OU=target1")
+        target2_ou = self.unique_dn("OU=target2")
+
+        target1_guid = self.add_object(self.ldb_dc1, target1_ou)
+        target2_guid = self.add_object(self.ldb_dc2, target2_ou)
+
+        # add the links for the respective targets, and delete one of the links
+        self.add_link_attr(self.ldb_dc1, src_ou, "managedBy", target1_ou)
+        self.add_link_attr(self.ldb_dc2, src_ou, "managedBy", target2_ou)
+        self.ensure_unique_timestamp()
+        self.del_link_attr(self.ldb_dc1, src_ou, "managedBy", target1_ou)
+
+        # sync the 2 DCs
+        self.sync_DCs(sync_order=sync_order)
+
+        res1 = self.ldb_dc1.search(base="<GUID=%s>" % src_guid,
+                                   scope=SCOPE_BASE, attrs=["managedBy"])
+        res2 = self.ldb_dc2.search(base="<GUID=%s>" % src_guid,
+                                   scope=SCOPE_BASE, attrs=["managedBy"])
+
+        # Although the more up-to-date link value is deleted, this shouldn't
+        # trump DC1's active link
+        self.assert_attrs_match(res1, res2, "managedBy", 1)
+
+        self.assertTrue(str(res1[0]["managedBy"][0]) == target2_ou,
+                        "Expected active link win conflict")
+
+        # we can't query the deleted links over LDAP, but we can check that
+        # the deleted links exist using DRS
+        link1 = AbstractLink(drsuapi.DRSUAPI_ATTID_managedBy, 0,
+                             misc.GUID(src_guid), misc.GUID(target1_guid))
+        link2 = AbstractLink(drsuapi.DRSUAPI_ATTID_managedBy,
+                             drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE,
+                             misc.GUID(src_guid), misc.GUID(target2_guid))
+        self._check_replicated_links(src_ou, [link1, link2])
+
+    def test_conflict_single_valued_link_deleted_winner(self):
+        # repeat the test twice, to give each DC a chance to resolve
+        # the conflict
+        self._singleval_link_conflict_deleted_winner(sync_order=DC1_TO_DC2)
+        self._singleval_link_conflict_deleted_winner(sync_order=DC2_TO_DC1)
+
+    def _singleval_link_conflict_deleted_loser(self, sync_order):
+        """
+        Tests a single-valued link conflict, where the losing link value is
+        deleted.
+        """
+        src_ou = self.unique_dn("OU=src")
+        src_guid = self.add_object(self.ldb_dc1, src_ou)
+        self.sync_DCs()
+
+        # create a unique target on each DC
+        target1_ou = self.unique_dn("OU=target1")
+        target2_ou = self.unique_dn("OU=target2")
+
+        target1_guid = self.add_object(self.ldb_dc1, target1_ou)
+        target2_guid = self.add_object(self.ldb_dc2, target2_ou)
+
+        # add the links - we want the link to end up deleted on DC2, but active
+        # on DC1. DC1 has the better version and DC2 has the better timestamp -
+        # the better version should win
+        self.add_link_attr(self.ldb_dc1, src_ou, "managedBy", target1_ou)
+        self.del_link_attr(self.ldb_dc1, src_ou, "managedBy", target1_ou)
+        self.add_link_attr(self.ldb_dc1, src_ou, "managedBy", target1_ou)
+        self.ensure_unique_timestamp()
+        self.add_link_attr(self.ldb_dc2, src_ou, "managedBy", target2_ou)
+        self.del_link_attr(self.ldb_dc2, src_ou, "managedBy", target2_ou)
+
+        self.sync_DCs(sync_order=sync_order)
+
+        res1 = self.ldb_dc1.search(base="<GUID=%s>" % src_guid,
+                                   scope=SCOPE_BASE, attrs=["managedBy"])
+        res2 = self.ldb_dc2.search(base="<GUID=%s>" % src_guid,
+                                   scope=SCOPE_BASE, attrs=["managedBy"])
+
+        # check the object has only have one occurrence of the single-valued
+        # attribute and it matches on both DCs
+        self.assert_attrs_match(res1, res2, "managedBy", 1)
+
+        self.assertTrue(str(res1[0]["managedBy"][0]) == target1_ou,
+                        "Expected most recent update to win conflict")
+
+        # we can't query the deleted links over LDAP, but we can check DRS
+        # to make sure the DC kept a copy of the conflicting link
+        link1 = AbstractLink(drsuapi.DRSUAPI_ATTID_managedBy,
+                             drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE,
+                             misc.GUID(src_guid), misc.GUID(target1_guid))
+        link2 = AbstractLink(drsuapi.DRSUAPI_ATTID_managedBy, 0,
+                             misc.GUID(src_guid), misc.GUID(target2_guid))
+        self._check_replicated_links(src_ou, [link1, link2])
+
+    def test_conflict_single_valued_link_deleted_loser(self):
+        # repeat the test twice, to give each DC a chance to resolve
+        # the conflict
+        self._singleval_link_conflict_deleted_loser(sync_order=DC1_TO_DC2)
+        self._singleval_link_conflict_deleted_loser(sync_order=DC2_TO_DC1)
+
+    def _test_conflict_existing_single_valued_link(self, sync_order):
+        """
+        Tests a single-valued link conflict, where the conflicting link value
+        already exists (as inactive) on both DCs.
+        """
+        # create the link objects
+        src_ou = self.unique_dn("OU=src")
+        src_guid = self.add_object(self.ldb_dc1, src_ou)
+
+        target1_ou = self.unique_dn("OU=target1")
+        target2_ou = self.unique_dn("OU=target2")
+        target1_guid = self.add_object(self.ldb_dc1, target1_ou)
+        target2_guid = self.add_object(self.ldb_dc1, target2_ou)
+
+        # add the links, but then delete them
+        self.add_link_attr(self.ldb_dc1, src_ou, "managedBy", target1_ou)
+        self.del_link_attr(self.ldb_dc1, src_ou, "managedBy", target1_ou)
+        self.add_link_attr(self.ldb_dc1, src_ou, "managedBy", target2_ou)
+        self.del_link_attr(self.ldb_dc1, src_ou, "managedBy", target2_ou)
+        self.sync_DCs()
+
+        # re-add the links independently on each DC
+        self.add_link_attr(self.ldb_dc1, src_ou, "managedBy", target1_ou)
+        self.ensure_unique_timestamp()
+        self.add_link_attr(self.ldb_dc2, src_ou, "managedBy", target2_ou)
+
+        # try to sync the 2 DCs
+        self.sync_DCs(sync_order=sync_order)
+
+        res1 = self.ldb_dc1.search(base="<GUID=%s>" % src_guid,
+                                   scope=SCOPE_BASE, attrs=["managedBy"])
+        res2 = self.ldb_dc2.search(base="<GUID=%s>" % src_guid,
+                                   scope=SCOPE_BASE, attrs=["managedBy"])
+
+        # check the object has only have one occurrence of the single-valued
+        # attribute and it matches on both DCs
+        self.assert_attrs_match(res1, res2, "managedBy", 1)
+
+        # here we expect DC2 to win because it has the more recent link
+        self.assertTrue(str(res1[0]["managedBy"][0]) == target2_ou,
+                        "Expected most recent update to win conflict")
+
+        # we can't query the deleted links over LDAP, but we can check DRS
+        # to make sure the DC kept a copy of the conflicting link
+        link1 = AbstractLink(drsuapi.DRSUAPI_ATTID_managedBy, 0,
+                             misc.GUID(src_guid), misc.GUID(target1_guid))
+        link2 = AbstractLink(drsuapi.DRSUAPI_ATTID_managedBy,
+                             drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE,
+                             misc.GUID(src_guid), misc.GUID(target2_guid))
+        self._check_replicated_links(src_ou, [link1, link2])
+
+    def test_conflict_existing_single_valued_link(self):
+        # repeat the test twice, to give each DC a chance to resolve
+        # the conflict
+        self._test_conflict_existing_single_valued_link(sync_order=DC1_TO_DC2)
+        self._test_conflict_existing_single_valued_link(sync_order=DC2_TO_DC1)
+
+    def test_link_attr_version(self):
+        """
+        Checks the link attribute version starts from the correct value
+        """
+        # create some objects and add a link
+        src_ou = self.unique_dn("OU=src")
+        self.add_object(self.ldb_dc1, src_ou)
+        target1_ou = self.unique_dn("OU=target1")
+        self.add_object(self.ldb_dc1, target1_ou)
+        self.add_link_attr(self.ldb_dc1, src_ou, "managedBy", target1_ou)
+
+        # get the link info via replication
+        ctr6 = self._get_replication(drsuapi.DRSUAPI_DRS_WRIT_REP,
+                                     dest_dsa=None,
+                                     drs_error=DRSUAPI_EXOP_ERR_SUCCESS,
+                                     exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ,
+                                     highwatermark=self.zero_highwatermark(),
+                                     nc_dn_str=src_ou)
+
+        self.assertTrue(ctr6.linked_attributes_count == 1,
+                        "DRS didn't return a link")
+        link = ctr6.linked_attributes[0]
+        rcvd_version = link.meta_data.version
+        self.assertTrue(rcvd_version == 1,
+                        "Link version started from %u, not 1" % rcvd_version)
diff --git a/source4/torture/drs/python/linked_attributes_drs.py b/source4/torture/drs/python/linked_attributes_drs.py
new file mode 100644
index 0000000..93ad313
--- /dev/null
+++ b/source4/torture/drs/python/linked_attributes_drs.py
@@ -0,0 +1,162 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+# Originally based on ./sam.py
+import sys
+
+sys.path.insert(0, "bin/python")
+import ldb
+
+from samba.dcerpc import drsuapi, misc
+from samba.ndr import ndr_unpack, ndr_pack
+
+import drs_base
+
+
+class LATestException(Exception):
+    pass
+
+
+class LATests(drs_base.DrsBaseTestCase):
+
+    def setUp(self):
+        super(LATests, self).setUp()
+        # DrsBaseTestCase sets up self.ldb_dc1, self.ldb_dc2
+        # we're only using one
+        self.samdb = self.ldb_dc1
+
+        self.base_dn = self.samdb.domain_dn()
+        self.ou = "OU=la,%s" % self.base_dn
+        if True:
+            try:
+                self.samdb.delete(self.ou, ['tree_delete:1'])
+            except ldb.LdbError as e:
+                pass
+        self.samdb.add({'objectclass': 'organizationalUnit',
+                        'dn': self.ou})
+
+        self.dc_guid = self.samdb.get_invocation_id()
+        self.drs, self.drs_handle = self._ds_bind(self.dnsname_dc1)
+
+    def tearDown(self):
+        super(LATests, self).tearDown()
+        try:
+            self.samdb.delete(self.ou, ['tree_delete:1'])
+        except ldb.LdbError as e:
+            pass
+
+    def delete_user(self, user):
+        self.samdb.delete(user['dn'])
+        del self.users[self.users.index(user)]
+
+    def add_object(self, cn, objectclass):
+        dn = "CN=%s,%s" % (cn, self.ou)
+        self.samdb.add({'cn': cn,
+                        'objectclass': objectclass,
+                        'dn': dn})
+
+        return dn
+
+    def add_objects(self, n, objectclass, prefix=None):
+        if prefix is None:
+            prefix = objectclass
+        dns = []
+        for i in range(n):
+            dns.append(self.add_object("%s%d" % (prefix, i + 1),
+                                       objectclass))
+        return dns
+
+    def add_linked_attribute(self, src, dest, attr='member'):
+        m = ldb.Message()
+        m.dn = ldb.Dn(self.samdb, src)
+        m[attr] = ldb.MessageElement(dest, ldb.FLAG_MOD_ADD, attr)
+        self.samdb.modify(m)
+
+    def remove_linked_attribute(self, src, dest, attr='member'):
+        m = ldb.Message()
+        m.dn = ldb.Dn(self.samdb, src)
+        m[attr] = ldb.MessageElement(dest, ldb.FLAG_MOD_DELETE, attr)
+        self.samdb.modify(m)
+
+    def attr_search(self, obj, expected, attr, scope=ldb.SCOPE_BASE):
+
+        req8 = self._exop_req8(dest_dsa=None,
+                               invocation_id=self.dc_guid,
+                               nc_dn_str=obj,
+                               exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ)
+
+        level, ctr = self.drs.DsGetNCChanges(self.drs_handle, 8, req8)
+        expected_attid = getattr(drsuapi, 'DRSUAPI_ATTID_' + attr)
+
+        links = []
+        for link in ctr.linked_attributes:
+            if link.attid == expected_attid:
+                unpacked = ndr_unpack(drsuapi.DsReplicaObjectIdentifier3,
+                                      link.value.blob)
+                active = link.flags & drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE
+                links.append((str(unpacked.dn), bool(active)))
+
+        return links
+
+    def assert_forward_links(self, obj, expected, attr='member'):
+        results = self.attr_search(obj, expected, attr)
+        self.assertEqual(len(results), len(expected))
+
+        for k, v in results:
+            self.assertTrue(k in expected)
+            self.assertEqual(expected[k], v, "%s active flag should be %d, not %d" %
+                             (k, expected[k], v))
+
+    def get_object_guid(self, dn):
+        res = self.samdb.search(dn,
+                                scope=ldb.SCOPE_BASE,
+                                attrs=['objectGUID'])
+        return str(misc.GUID(res[0]['objectGUID'][0]))
+
+    def test_links_all_delete_group(self):
+        u1, u2 = self.add_objects(2, 'user', 'u_all_del_group')
+        g1, g2 = self.add_objects(2, 'group', 'g_all_del_group')
+        g2guid = self.get_object_guid(g2)
+
+        self.add_linked_attribute(g1, u1)
+        self.add_linked_attribute(g2, u1)
+        self.add_linked_attribute(g2, u2)
+
+        self.samdb.delete(g2)
+        self.assert_forward_links(g1, {u1: True})
+        res = self.samdb.search('<GUID=%s>' % g2guid,
+                                scope=ldb.SCOPE_BASE,
+                                controls=['show_deleted:1'])
+        new_dn = res[0].dn
+        self.assert_forward_links(new_dn, {})
+
+    def test_la_links_delete_link(self):
+        u1, u2 = self.add_objects(2, 'user', 'u_del_link')
+        g1, g2 = self.add_objects(2, 'group', 'g_del_link')
+
+        self.add_linked_attribute(g1, u1)
+        self.add_linked_attribute(g2, u1)
+        self.add_linked_attribute(g2, u2)
+
+        self.remove_linked_attribute(g2, u1)
+
+        self.assert_forward_links(g1, {u1: True})
+        self.assert_forward_links(g2, {u1: False, u2: True})
+
+        self.add_linked_attribute(g2, u1)
+        self.remove_linked_attribute(g2, u2)
+        self.assert_forward_links(g2, {u1: True, u2: False})
+        self.remove_linked_attribute(g2, u1)
+        self.assert_forward_links(g2, {u1: False, u2: False})
+
+    def test_la_links_delete_user(self):
+        u1, u2 = self.add_objects(2, 'user', 'u_del_user')
+        g1, g2 = self.add_objects(2, 'group', 'g_del_user')
+
+        self.add_linked_attribute(g1, u1)
+        self.add_linked_attribute(g2, u1)
+        self.add_linked_attribute(g2, u2)
+
+        self.samdb.delete(u1)
+
+        self.assert_forward_links(g1, {})
+        self.assert_forward_links(g2, {u2: True})
diff --git a/source4/torture/drs/python/repl_move.py b/source4/torture/drs/python/repl_move.py
new file mode 100644
index 0000000..c206ab8
--- /dev/null
+++ b/source4/torture/drs/python/repl_move.py
@@ -0,0 +1,2608 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# Unix SMB/CIFS implementation.
+# Copyright (C) Kamen Mazdrashki <kamenim@samba.org> 2010
+# Copyright (C) Andrew Bartlett <abartlet@samba.org> 2016
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+#
+# Usage:
+#  export DC1=dc1_dns_name
+#  export DC2=dc2_dns_name
+#  export SUBUNITRUN=$samba4srcdir/scripting/bin/subunitrun
+#  PYTHONPATH="$PYTHONPATH:$samba4srcdir/torture/drs/python" $SUBUNITRUN repl_move -U"$DOMAIN/$DC_USERNAME"%"$DC_PASSWORD"
+#
+
+import time
+import samba.tests
+
+from samba.ndr import ndr_unpack
+from samba.dcerpc import drsblobs
+from samba.dcerpc import misc
+from samba.drs_utils import drs_DsBind
+
+from ldb import (
+    SCOPE_BASE,
+    SCOPE_SUBTREE,
+)
+
+import drs_base
+import ldb
+from samba.dcerpc.drsuapi import (
+    drsuapi,
+    DRSUAPI_ATTID_accountExpires,
+    DRSUAPI_ATTID_cn,
+    DRSUAPI_ATTID_codePage,
+    DRSUAPI_ATTID_countryCode,
+    DRSUAPI_ATTID_dBCSPwd,
+    DRSUAPI_ATTID_description,
+    DRSUAPI_ATTID_instanceType,
+    DRSUAPI_ATTID_isDeleted,
+    DRSUAPI_ATTID_isRecycled,
+    DRSUAPI_ATTID_lastKnownParent,
+    DRSUAPI_ATTID_lmPwdHistory,
+    DRSUAPI_ATTID_logonHours,
+    DRSUAPI_ATTID_name,
+    DRSUAPI_ATTID_ntPwdHistory,
+    DRSUAPI_ATTID_ntSecurityDescriptor,
+    DRSUAPI_ATTID_objectCategory,
+    DRSUAPI_ATTID_objectClass,
+    DRSUAPI_ATTID_objectSid,
+    DRSUAPI_ATTID_ou,
+    DRSUAPI_ATTID_primaryGroupID,
+    DRSUAPI_ATTID_pwdLastSet,
+    DRSUAPI_ATTID_sAMAccountName,
+    DRSUAPI_ATTID_sAMAccountType,
+    DRSUAPI_ATTID_unicodePwd,
+    DRSUAPI_ATTID_userAccountControl,
+    DRSUAPI_ATTID_userPrincipalName,
+    DRSUAPI_ATTID_whenCreated,
+    DRSUAPI_DRS_SYNC_FORCED,
+    DRSUAPI_EXOP_REPL_OBJ,
+    DsGetNCChangesRequest8,
+    DsReplicaHighWaterMark,
+    DsReplicaObjectIdentifier)
+
+
+class DrsMoveObjectTestCase(drs_base.DrsBaseTestCase):
+
+    def setUp(self):
+        super(DrsMoveObjectTestCase, self).setUp()
+        # disable automatic replication temporary
+        self._disable_all_repl(self.dnsname_dc1)
+        self._disable_all_repl(self.dnsname_dc2)
+
+        # make sure DCs are synchronized before the test
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True)
+
+        self.top_ou = samba.tests.create_test_ou(self.ldb_dc1,
+                                                 "replica_move")
+
+        self.ou1_dn = ldb.Dn(self.ldb_dc1, "OU=DrsOU1")
+        self.ou1_dn.add_base(self.top_ou)
+        ou1 = {}
+        ou1["dn"] = self.ou1_dn
+        ou1["objectclass"] = "organizationalUnit"
+        ou1["ou"] = self.ou1_dn.get_component_value(0)
+        self.ldb_dc1.add(ou1)
+
+        self.ou2_dn = ldb.Dn(self.ldb_dc1, "OU=DrsOU2")
+        self.ou2_dn.add_base(self.top_ou)
+        ou2 = {}
+        ou2["dn"] = self.ou2_dn
+        ou2["objectclass"] = "organizationalUnit"
+        ou2["ou"] = self.ou2_dn.get_component_value(0)
+        self.ldb_dc1.add(ou2)
+
+        # trigger replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+        self.dc1_guid = self.ldb_dc1.get_invocation_id()
+        self.dc2_guid = self.ldb_dc2.get_invocation_id()
+
+        self.drs_dc1 = self._ds_bind(self.dnsname_dc1, ip=self.url_dc1)
+        self.drs_dc2 = self._ds_bind(self.dnsname_dc2, ip=self.url_dc2)
+
+    def tearDown(self):
+        try:
+            self.ldb_dc1.delete(self.top_ou, ["tree_delete:1"])
+        except ldb.LdbError as e:
+            (enum, string) = e.args
+            if enum == ldb.ERR_NO_SUCH_OBJECT:
+                pass
+
+        self._enable_all_repl(self.dnsname_dc1)
+        self._enable_all_repl(self.dnsname_dc2)
+        super(DrsMoveObjectTestCase, self).tearDown()
+
+    def _make_username(self):
+        return "DrsMoveU_" + time.strftime("%s", time.gmtime())
+
+    def _check_metadata(self, user_dn, sam_ldb, drs, metadata, expected):
+        repl = ndr_unpack(drsblobs.replPropertyMetaDataBlob, metadata[0])
+
+        self.assertEqual(len(repl.ctr.array), len(expected))
+
+        i = 0
+        for o in repl.ctr.array:
+            e = expected[i]
+            (attid, orig_dsa, version) = e
+            self.assertEqual(attid, o.attid,
+                              "(LDAP) Wrong attid "
+                              "for expected value %d, wanted 0x%08x got 0x%08x"
+                              % (i, attid, o.attid))
+            self.assertEqual(o.originating_invocation_id,
+                              misc.GUID(orig_dsa),
+                              "(LDAP) Wrong originating_invocation_id "
+                              "for expected value %d, attid 0x%08x, wanted %s got %s"
+                              % (i, o.attid,
+                                 misc.GUID(orig_dsa),
+                                 o.originating_invocation_id))
+            # Allow version to be skipped when it does not matter
+            if version is not None:
+                self.assertEqual(o.version, version,
+                                  "(LDAP) Wrong version for expected value %d, "
+                                  "attid 0x%08x, "
+                                  "wanted %d got %d"
+                                  % (i, o.attid,
+                                     version, o.version))
+            i = i + 1
+
+        if drs is None:
+            return
+
+        req8 = DsGetNCChangesRequest8()
+
+        req8.source_dsa_invocation_id = misc.GUID(sam_ldb.get_invocation_id())
+        req8.naming_context = DsReplicaObjectIdentifier()
+        req8.naming_context.dn = str(user_dn)
+        req8.highwatermark = DsReplicaHighWaterMark()
+        req8.highwatermark.tmp_highest_usn = 0
+        req8.highwatermark.reserved_usn = 0
+        req8.highwatermark.highest_usn = 0
+        req8.uptodateness_vector = None
+        req8.replica_flags = DRSUAPI_DRS_SYNC_FORCED
+        req8.max_object_count = 1
+        req8.max_ndr_size = 402116
+        req8.extended_op = DRSUAPI_EXOP_REPL_OBJ
+        req8.fsmo_info = 0
+        req8.partial_attribute_set = None
+        req8.partial_attribute_set_ex = None
+        req8.mapping_ctr.num_mappings = 0
+        req8.mapping_ctr.mappings = None
+
+        (drs_conn, drs_handle) = drs
+
+        (level, drs_ctr) = drs_conn.DsGetNCChanges(drs_handle, 8, req8)
+        self.assertEqual(level, 6)
+        self.assertEqual(drs_ctr.object_count, 1)
+
+        self.assertEqual(len(drs_ctr.first_object.meta_data_ctr.meta_data), len(expected) - 1)
+        att_idx = 0
+        for o in drs_ctr.first_object.meta_data_ctr.meta_data:
+            i = 0
+            drs_attid = drs_ctr.first_object.object.attribute_ctr.attributes[att_idx]
+            e = expected[i]
+            (attid, orig_dsa, version) = e
+
+            # Skip the RDN from the expected set, it is not sent over DRS
+            if (user_dn.get_rdn_name().upper() == "CN"
+                and attid == DRSUAPI_ATTID_cn) \
+                or (user_dn.get_rdn_name().upper() == "OU"
+                    and attid == DRSUAPI_ATTID_ou):
+                i = i + 1
+                e = expected[i]
+                (attid, orig_dsa, version) = e
+
+            self.assertEqual(attid, drs_attid.attid,
+                              "(DRS) Wrong attid "
+                              "for expected value %d, wanted 0x%08x got 0x%08x"
+                              % (i, attid, drs_attid.attid))
+
+            self.assertEqual(o.originating_invocation_id,
+                              misc.GUID(orig_dsa),
+                              "(DRS) Wrong originating_invocation_id "
+                              "for expected value %d, attid 0x%08x, wanted %s got %s"
+                              % (i, attid,
+                                 misc.GUID(orig_dsa),
+                                 o.originating_invocation_id))
+            # Allow version to be skipped when it does not matter
+            if version is not None:
+                self.assertEqual(o.version, version,
+                                  "(DRS) Wrong version for expected value %d, "
+                                  "attid 0x%08x, "
+                                  "wanted %d got %d"
+                                  % (i, attid, version, o.version))
+                break
+            i = i + 1
+            att_idx = att_idx + 1
+
+    # now also used to check the group
+    def _check_obj(self, sam_ldb, obj_orig, is_deleted, expected_metadata=None, drs=None):
+        # search the user by guid as it may be deleted
+        guid_str = self._GUID_string(obj_orig["objectGUID"][0])
+        res = sam_ldb.search(base='<GUID=%s>' % guid_str,
+                             controls=["show_deleted:1"],
+                             attrs=["*", "parentGUID",
+                                    "replPropertyMetaData"])
+        self.assertEqual(len(res), 1)
+        user_cur = res[0]
+        rdn_orig = str(obj_orig[user_cur.dn.get_rdn_name()][0])
+        rdn_cur  = str(user_cur[user_cur.dn.get_rdn_name()][0])
+        name_orig = str(obj_orig["name"][0])
+        name_cur  = str(user_cur["name"][0])
+        dn_orig = obj_orig["dn"]
+        dn_cur  = user_cur["dn"]
+        # now check properties of the user
+        if is_deleted:
+            self.assertTrue("isDeleted" in user_cur)
+            self.assertEqual(rdn_cur.split('\n')[0], rdn_orig)
+            self.assertEqual(name_cur.split('\n')[0], name_orig)
+            self.assertEqual(dn_cur.get_rdn_value().split('\n')[0],
+                              dn_orig.get_rdn_value())
+            self.assertEqual(name_cur, rdn_cur)
+        else:
+            self.assertFalse("isDeleted" in user_cur)
+            self.assertEqual(rdn_cur, rdn_orig)
+            self.assertEqual(name_cur, name_orig)
+            self.assertEqual(dn_cur, dn_orig)
+            self.assertEqual(name_cur, rdn_cur)
+            parent_cur  = user_cur["parentGUID"][0]
+            try:
+                parent_orig = obj_orig["parentGUID"][0]
+                self.assertEqual(parent_orig, parent_cur)
+            except KeyError:
+                pass
+        self.assertEqual(name_cur, user_cur.dn.get_rdn_value())
+
+        if expected_metadata is not None:
+            self._check_metadata(dn_cur, sam_ldb, drs, user_cur["replPropertyMetaData"],
+                                 expected_metadata)
+
+        return user_cur
+
+    def test_ReplicateMoveObject1(self):
+        """Verifies how a moved container with a user inside is replicated between two DCs.
+           This test should verify that:
+            - the OU is replicated properly
+            - the OU is renamed
+            - We verify that after replication,
+              that the user has the correct DN (under OU2)
+            - the OU is deleted
+            - the OU is modified on DC2
+            - We verify that after replication,
+              that the user has the correct DN (deleted) and has not description
+
+           """
+        # work-out unique username to test with
+        username = self._make_username()
+
+        # create user on DC1
+        self.ldb_dc1.newuser(username=username,
+                             userou="ou=%s,ou=%s"
+                             % (self.ou1_dn.get_component_value(0),
+                                self.top_ou.get_component_value(0)),
+                             password=None, setpassword=False)
+        ldb_res = self.ldb_dc1.search(base=self.ou1_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % username,
+                                      attrs=["*", "parentGUID"])
+        self.assertEqual(len(ldb_res), 1)
+        user_orig = ldb_res[0]
+        user_dn   = ldb_res[0]["dn"]
+
+        # check user info on DC1
+        print("Testing for %s with GUID %s" % (username, self._GUID_string(user_orig["objectGUID"][0])))
+        initial_metadata = [
+            (DRSUAPI_ATTID_objectClass, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_cn, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_instanceType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_whenCreated, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntSecurityDescriptor, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_name, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_userAccountControl, self.dc1_guid, None),
+            (DRSUAPI_ATTID_codePage, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_countryCode, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_dBCSPwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_logonHours, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_unicodePwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_pwdLastSet, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_primaryGroupID, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectSid, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_accountExpires, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_lmPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_userPrincipalName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectCategory, self.dc1_guid, 1)]
+
+        self._check_obj(sam_ldb=self.ldb_dc1, drs=self.drs_dc1,
+                        obj_orig=user_orig, is_deleted=False,
+                        expected_metadata=initial_metadata)
+
+        new_dn = ldb.Dn(self.ldb_dc1, "CN=%s" % username)
+        new_dn.add_base(self.ou2_dn)
+        self.ldb_dc1.rename(user_dn, new_dn)
+        ldb_res = self.ldb_dc1.search(base=self.ou2_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % username,
+                                      attrs=["*", "parentGUID"])
+        self.assertEqual(len(ldb_res), 1)
+
+        user_moved_orig = ldb_res[0]
+
+        moved_metadata = [
+            (DRSUAPI_ATTID_objectClass, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_cn, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_instanceType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_whenCreated, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntSecurityDescriptor, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_name, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_userAccountControl, self.dc1_guid, None),
+            (DRSUAPI_ATTID_codePage, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_countryCode, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_dBCSPwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_logonHours, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_unicodePwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_pwdLastSet, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_primaryGroupID, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectSid, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_accountExpires, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_lmPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_userPrincipalName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectCategory, self.dc1_guid, 1)]
+
+        # check user info on DC1 after rename - should be valid user
+        user_cur = self._check_obj(sam_ldb=self.ldb_dc1, drs=self.drs_dc1,
+                                   obj_orig=user_moved_orig,
+                                   is_deleted=False,
+                                   expected_metadata=moved_metadata)
+
+        # trigger replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+        moved_metadata_dc2 = [
+            (DRSUAPI_ATTID_objectClass, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_cn, self.dc2_guid, 1),
+            (DRSUAPI_ATTID_instanceType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_whenCreated, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntSecurityDescriptor, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_name, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_userAccountControl, self.dc1_guid, None),
+            (DRSUAPI_ATTID_codePage, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_countryCode, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_dBCSPwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_logonHours, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_unicodePwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_pwdLastSet, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_primaryGroupID, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectSid, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_accountExpires, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_lmPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_userPrincipalName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectCategory, self.dc1_guid, 1)]
+
+        # check user info on DC2 - should be valid user
+        user_cur = self._check_obj(sam_ldb=self.ldb_dc2, drs=self.drs_dc2,
+                                   obj_orig=user_moved_orig,
+                                   is_deleted=False,
+                                   expected_metadata=moved_metadata_dc2)
+
+        # delete user on DC1
+        self.ldb_dc1.delete('<GUID=%s>' % self._GUID_string(user_orig["objectGUID"][0]))
+        deleted_metadata = [
+            (DRSUAPI_ATTID_objectClass, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_cn, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_instanceType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_whenCreated, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_isDeleted, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntSecurityDescriptor, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_name, self.dc1_guid, 3),
+            (DRSUAPI_ATTID_userAccountControl, self.dc1_guid, None),
+            (DRSUAPI_ATTID_codePage, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_countryCode, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_dBCSPwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_logonHours, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_unicodePwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_pwdLastSet, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_primaryGroupID, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_objectSid, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_accountExpires, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_lmPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountType, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_userPrincipalName, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_lastKnownParent, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectCategory, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_isRecycled, self.dc1_guid, 1)]
+
+        user_cur = self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=user_moved_orig, is_deleted=True, expected_metadata=deleted_metadata)
+
+        # Modify description on DC2.  This triggers a replication, but
+        # not of 'name' and so a bug in Samba regarding the DN.
+        msg = ldb.Message()
+        msg.dn = new_dn
+        msg["description"] = ldb.MessageElement("User Description", ldb.FLAG_MOD_REPLACE, "description")
+        self.ldb_dc2.modify(msg)
+
+        modified_metadata = [
+            (DRSUAPI_ATTID_objectClass, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_cn, self.dc2_guid, 1),
+            (DRSUAPI_ATTID_description, self.dc2_guid, 1),
+            (DRSUAPI_ATTID_instanceType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_whenCreated, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntSecurityDescriptor, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_name, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_userAccountControl, self.dc1_guid, None),
+            (DRSUAPI_ATTID_codePage, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_countryCode, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_dBCSPwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_logonHours, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_unicodePwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_pwdLastSet, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_primaryGroupID, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectSid, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_accountExpires, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_lmPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_userPrincipalName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectCategory, self.dc1_guid, 1)]
+
+        user_cur = self._check_obj(sam_ldb=self.ldb_dc2, drs=self.drs_dc2,
+                                   obj_orig=user_moved_orig,
+                                   is_deleted=False,
+                                   expected_metadata=modified_metadata)
+
+        # trigger replication from DC1 to DC2, for cleanup
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+
+        deleted_modified_metadata_dc2 = [
+            (DRSUAPI_ATTID_objectClass, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_cn, self.dc2_guid, 2),
+            (DRSUAPI_ATTID_description, self.dc2_guid, 2),
+            (DRSUAPI_ATTID_instanceType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_whenCreated, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_isDeleted, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntSecurityDescriptor, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_name, self.dc1_guid, 3),
+            (DRSUAPI_ATTID_userAccountControl, self.dc1_guid, None),
+            (DRSUAPI_ATTID_codePage, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_countryCode, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_dBCSPwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_logonHours, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_unicodePwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_pwdLastSet, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_primaryGroupID, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_objectSid, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_accountExpires, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_lmPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountType, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_userPrincipalName, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_lastKnownParent, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectCategory, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_isRecycled, self.dc1_guid, 1)]
+
+        # check user info on DC2 - should be deleted user
+        user_cur = self._check_obj(sam_ldb=self.ldb_dc2, drs=self.drs_dc2,
+                                   obj_orig=user_moved_orig,
+                                   is_deleted=True,
+                                   expected_metadata=deleted_modified_metadata_dc2)
+        self.assertFalse("description" in user_cur)
+
+        # trigger replication from DC2 to DC1, for cleanup
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True)
+
+        deleted_modified_metadata_dc1 = [
+            (DRSUAPI_ATTID_objectClass, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_cn, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_description, self.dc2_guid, 2),
+            (DRSUAPI_ATTID_instanceType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_whenCreated, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_isDeleted, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntSecurityDescriptor, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_name, self.dc1_guid, 3),
+            (DRSUAPI_ATTID_userAccountControl, self.dc1_guid, None),
+            (DRSUAPI_ATTID_codePage, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_countryCode, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_dBCSPwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_logonHours, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_unicodePwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_pwdLastSet, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_primaryGroupID, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_objectSid, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_accountExpires, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_lmPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountType, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_userPrincipalName, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_lastKnownParent, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectCategory, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_isRecycled, self.dc1_guid, 1)]
+
+        # check user info on DC1 - should be deleted user
+        user_cur = self._check_obj(sam_ldb=self.ldb_dc1, drs=self.drs_dc1,
+                                   obj_orig=user_moved_orig,
+                                   is_deleted=True,
+                                   expected_metadata=deleted_modified_metadata_dc1)
+        self.assertFalse("description" in user_cur)
+
+    def test_ReplicateMoveObject2(self):
+        """Verifies how a moved container with a user inside is not
+           replicated between two DCs as no replication is triggered
+           This test should verify that:
+            - the OU is not replicated
+            - the user is not replicated
+
+           """
+        # work-out unique username to test with
+        username = self._make_username()
+
+        # create user on DC1
+        self.ldb_dc1.newuser(username=username,
+                             userou="ou=%s,ou=%s"
+                             % (self.ou1_dn.get_component_value(0),
+                                self.top_ou.get_component_value(0)),
+                             password=None, setpassword=False)
+        ldb_res = self.ldb_dc1.search(base=self.ou1_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % username,
+                                      attrs=["*", "parentGUID"])
+        self.assertEqual(len(ldb_res), 1)
+        user_orig = ldb_res[0]
+        user_dn   = ldb_res[0]["dn"]
+
+        # check user info on DC1
+        print("Testing for %s with GUID %s" % (username, self._GUID_string(user_orig["objectGUID"][0])))
+        initial_metadata = [
+            (DRSUAPI_ATTID_objectClass, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_cn, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_instanceType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_whenCreated, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntSecurityDescriptor, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_name, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_userAccountControl, self.dc1_guid, None),
+            (DRSUAPI_ATTID_codePage, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_countryCode, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_dBCSPwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_logonHours, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_unicodePwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_pwdLastSet, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_primaryGroupID, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectSid, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_accountExpires, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_lmPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_userPrincipalName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectCategory, self.dc1_guid, 1)]
+
+        self._check_obj(sam_ldb=self.ldb_dc1, drs=self.drs_dc1,
+                        obj_orig=user_orig, is_deleted=False,
+                        expected_metadata=initial_metadata)
+
+        new_dn = ldb.Dn(self.ldb_dc1, "CN=%s" % username)
+        new_dn.add_base(self.ou2_dn)
+        self.ldb_dc1.rename(user_dn, new_dn)
+        ldb_res = self.ldb_dc1.search(base=self.ou2_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % username,
+                                      attrs=["*", "parentGUID"])
+        self.assertEqual(len(ldb_res), 1)
+        user_moved_orig = ldb_res[0]
+
+        moved_metadata = [
+            (DRSUAPI_ATTID_objectClass, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_cn, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_instanceType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_whenCreated, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntSecurityDescriptor, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_name, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_userAccountControl, self.dc1_guid, None),
+            (DRSUAPI_ATTID_codePage, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_countryCode, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_dBCSPwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_logonHours, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_unicodePwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_pwdLastSet, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_primaryGroupID, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectSid, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_accountExpires, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_lmPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_userPrincipalName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectCategory, self.dc1_guid, 1)]
+
+        # check user info on DC1 after rename - should be valid user
+        self._check_obj(sam_ldb=self.ldb_dc1, drs=self.drs_dc1,
+                        obj_orig=user_moved_orig,
+                        is_deleted=False,
+                        expected_metadata=moved_metadata)
+
+        # check user info on DC2 - should not be there, we have not done replication
+        ldb_res = self.ldb_dc2.search(base=self.ou2_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % username,
+                                      attrs=["*", "parentGUID"])
+        self.assertEqual(len(ldb_res), 0)
+
+        # delete user on DC1
+        self.ldb_dc1.delete('<GUID=%s>' % self._GUID_string(user_orig["objectGUID"][0]))
+
+        deleted_metadata_dc1 = [
+            (DRSUAPI_ATTID_objectClass, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_cn, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_instanceType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_whenCreated, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_isDeleted, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntSecurityDescriptor, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_name, self.dc1_guid, 3),
+            (DRSUAPI_ATTID_userAccountControl, self.dc1_guid, None),
+            (DRSUAPI_ATTID_codePage, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_countryCode, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_dBCSPwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_logonHours, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_unicodePwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_pwdLastSet, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_primaryGroupID, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_objectSid, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_accountExpires, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_lmPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountType, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_userPrincipalName, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_lastKnownParent, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectCategory, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_isRecycled, self.dc1_guid, 1)]
+
+        # check user info on DC1 - should be deleted user
+        self._check_obj(sam_ldb=self.ldb_dc1, drs=self.drs_dc1,
+                        obj_orig=user_moved_orig,
+                        is_deleted=True,
+                        expected_metadata=deleted_metadata_dc1)
+        # trigger replication from DC1 to DC2, for cleanup
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+
+        deleted_metadata_dc2 = [
+            (DRSUAPI_ATTID_objectClass, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_cn, self.dc2_guid, 1),
+            (DRSUAPI_ATTID_instanceType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_whenCreated, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_isDeleted, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntSecurityDescriptor, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_name, self.dc1_guid, 3),
+            (DRSUAPI_ATTID_userAccountControl, self.dc1_guid, None),
+            (DRSUAPI_ATTID_codePage, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_countryCode, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_dBCSPwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_logonHours, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_unicodePwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_pwdLastSet, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_primaryGroupID, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_objectSid, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_accountExpires, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_lmPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountType, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_userPrincipalName, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_lastKnownParent, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectCategory, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_isRecycled, self.dc1_guid, 1)]
+
+        # check user info on DC2 - should be deleted user
+        self._check_obj(sam_ldb=self.ldb_dc2, drs=self.drs_dc2,
+                        obj_orig=user_moved_orig,
+                        is_deleted=True,
+                        expected_metadata=deleted_metadata_dc2)
+
+        # trigger replication from DC2 to DC1, for cleanup
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True)
+
+        # check user info on DC1 - should be deleted user
+        self._check_obj(sam_ldb=self.ldb_dc1, drs=self.drs_dc1,
+                        obj_orig=user_moved_orig,
+                        is_deleted=True,
+                        expected_metadata=deleted_metadata_dc1)
+
+    def test_ReplicateMoveObject3(self):
+        """Verifies how a moved container with a user inside is replicated between two DCs.
+           This test should verify that:
+            - the OU is created on DC1
+            - the OU is renamed on DC1
+            - We verify that after replication,
+              that the user has the correct DN (under OU2).
+
+           """
+        # work-out unique username to test with
+        username = self._make_username()
+
+        # create user on DC1
+        self.ldb_dc1.newuser(username=username,
+                             userou="ou=%s,ou=%s"
+                             % (self.ou1_dn.get_component_value(0),
+                                self.top_ou.get_component_value(0)),
+                             password=None, setpassword=False)
+        ldb_res = self.ldb_dc1.search(base=self.ou1_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % username,
+                                      attrs=["*", "parentGUID"])
+        self.assertEqual(len(ldb_res), 1)
+        user_orig = ldb_res[0]
+        user_dn   = ldb_res[0]["dn"]
+
+        # check user info on DC1
+        print("Testing for %s with GUID %s" % (username, self._GUID_string(user_orig["objectGUID"][0])))
+        initial_metadata = [
+            (DRSUAPI_ATTID_objectClass, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_cn, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_instanceType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_whenCreated, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntSecurityDescriptor, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_name, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_userAccountControl, self.dc1_guid, None),
+            (DRSUAPI_ATTID_codePage, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_countryCode, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_dBCSPwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_logonHours, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_unicodePwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_pwdLastSet, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_primaryGroupID, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectSid, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_accountExpires, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_lmPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_userPrincipalName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectCategory, self.dc1_guid, 1)]
+
+        self._check_obj(sam_ldb=self.ldb_dc1, drs=self.drs_dc1,
+                        obj_orig=user_orig, is_deleted=False,
+                        expected_metadata=initial_metadata)
+
+        new_dn = ldb.Dn(self.ldb_dc1, "CN=%s" % username)
+        new_dn.add_base(self.ou2_dn)
+        self.ldb_dc1.rename(user_dn, new_dn)
+        ldb_res = self.ldb_dc1.search(base=self.ou2_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % username,
+                                      attrs=["*", "parentGUID"])
+        self.assertEqual(len(ldb_res), 1)
+
+        user_moved_orig = ldb_res[0]
+
+        # trigger replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+        moved_metadata = [
+            (DRSUAPI_ATTID_objectClass, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_cn, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_instanceType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_whenCreated, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntSecurityDescriptor, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_name, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_userAccountControl, self.dc1_guid, None),
+            (DRSUAPI_ATTID_codePage, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_countryCode, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_dBCSPwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_logonHours, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_unicodePwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_pwdLastSet, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_primaryGroupID, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectSid, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_accountExpires, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_lmPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_userPrincipalName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectCategory, self.dc1_guid, 1)]
+
+        # check user info on DC1 after rename - should be valid user
+        self._check_obj(sam_ldb=self.ldb_dc1, drs=self.drs_dc1,
+                        obj_orig=user_moved_orig,
+                        is_deleted=False,
+                        expected_metadata=moved_metadata)
+
+        # delete user on DC1
+        self.ldb_dc1.delete('<GUID=%s>' % self._GUID_string(user_orig["objectGUID"][0]))
+        deleted_metadata_dc1 = [
+            (DRSUAPI_ATTID_objectClass, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_cn, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_instanceType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_whenCreated, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_isDeleted, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntSecurityDescriptor, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_name, self.dc1_guid, 3),
+            (DRSUAPI_ATTID_userAccountControl, self.dc1_guid, None),
+            (DRSUAPI_ATTID_codePage, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_countryCode, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_dBCSPwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_logonHours, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_unicodePwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_pwdLastSet, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_primaryGroupID, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_objectSid, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_accountExpires, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_lmPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountType, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_userPrincipalName, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_lastKnownParent, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectCategory, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_isRecycled, self.dc1_guid, 1)]
+
+        # check user info on DC1 - should be deleted user
+        self._check_obj(sam_ldb=self.ldb_dc1, drs=self.drs_dc1,
+                        obj_orig=user_moved_orig,
+                        is_deleted=True,
+                        expected_metadata=deleted_metadata_dc1)
+
+        # trigger replication from DC2 to DC1
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True)
+
+        # check user info on DC1 - should be deleted user
+        self._check_obj(sam_ldb=self.ldb_dc1, drs=self.drs_dc1,
+                        obj_orig=user_moved_orig,
+                        is_deleted=True,
+                        expected_metadata=deleted_metadata_dc1)
+
+        # trigger replication from DC1 to DC2, for cleanup
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+
+        deleted_metadata_dc2 = [
+            (DRSUAPI_ATTID_objectClass, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_cn, self.dc2_guid, 2),
+            (DRSUAPI_ATTID_instanceType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_whenCreated, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_isDeleted, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntSecurityDescriptor, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_name, self.dc1_guid, 3),
+            (DRSUAPI_ATTID_userAccountControl, self.dc1_guid, None),
+            (DRSUAPI_ATTID_codePage, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_countryCode, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_dBCSPwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_logonHours, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_unicodePwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_pwdLastSet, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_primaryGroupID, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_objectSid, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_accountExpires, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_lmPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountType, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_userPrincipalName, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_lastKnownParent, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectCategory, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_isRecycled, self.dc1_guid, 1)]
+
+        # check user info on DC2 - should be deleted user
+        self._check_obj(sam_ldb=self.ldb_dc2, drs=self.drs_dc2,
+                        obj_orig=user_moved_orig,
+                        is_deleted=True,
+                        expected_metadata=deleted_metadata_dc2)
+
+    def test_ReplicateMoveObject3b(self):
+        """Verifies how a moved container with a user inside is replicated between two DCs.
+           This test should verify that:
+            - the OU is created on DC1
+            - the OU is renamed on DC1
+            - We verify that after replication,
+              that the user has the correct DN (under OU2).
+
+           """
+        # work-out unique username to test with
+        username = self._make_username()
+
+        # create user on DC1
+        self.ldb_dc1.newuser(username=username,
+                             userou="ou=%s,ou=%s"
+                             % (self.ou1_dn.get_component_value(0),
+                                self.top_ou.get_component_value(0)),
+                             password=None, setpassword=False)
+        ldb_res = self.ldb_dc1.search(base=self.ou1_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % username,
+                                      attrs=["*", "parentGUID"])
+        self.assertEqual(len(ldb_res), 1)
+        user_orig = ldb_res[0]
+        user_dn   = ldb_res[0]["dn"]
+
+        # check user info on DC1
+        print("Testing for %s with GUID %s" % (username, self._GUID_string(user_orig["objectGUID"][0])))
+        initial_metadata = [
+            (DRSUAPI_ATTID_objectClass, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_cn, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_instanceType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_whenCreated, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntSecurityDescriptor, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_name, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_userAccountControl, self.dc1_guid, None),
+            (DRSUAPI_ATTID_codePage, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_countryCode, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_dBCSPwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_logonHours, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_unicodePwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_pwdLastSet, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_primaryGroupID, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectSid, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_accountExpires, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_lmPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_userPrincipalName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectCategory, self.dc1_guid, 1)]
+
+        self._check_obj(sam_ldb=self.ldb_dc1, drs=self.drs_dc1,
+                        obj_orig=user_orig, is_deleted=False,
+                        expected_metadata=initial_metadata)
+
+        new_dn = ldb.Dn(self.ldb_dc1, "CN=%s" % username)
+        new_dn.add_base(self.ou2_dn)
+        self.ldb_dc1.rename(user_dn, new_dn)
+        ldb_res = self.ldb_dc1.search(base=self.ou2_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % username,
+                                      attrs=["*", "parentGUID"])
+        self.assertEqual(len(ldb_res), 1)
+
+        user_moved_orig = ldb_res[0]
+
+        # trigger replication from DC2 (Which has never seen the object) to DC1
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True)
+        moved_metadata = [
+            (DRSUAPI_ATTID_objectClass, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_cn, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_instanceType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_whenCreated, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntSecurityDescriptor, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_name, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_userAccountControl, self.dc1_guid, None),
+            (DRSUAPI_ATTID_codePage, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_countryCode, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_dBCSPwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_logonHours, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_unicodePwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_pwdLastSet, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_primaryGroupID, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectSid, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_accountExpires, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_lmPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_userPrincipalName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectCategory, self.dc1_guid, 1)]
+
+        # check user info on DC1 after rename - should be valid user
+        self._check_obj(sam_ldb=self.ldb_dc1, drs=self.drs_dc1,
+                        obj_orig=user_moved_orig,
+                        is_deleted=False,
+                        expected_metadata=moved_metadata)
+
+        # delete user on DC1
+        self.ldb_dc1.delete('<GUID=%s>' % self._GUID_string(user_orig["objectGUID"][0]))
+        deleted_metadata_dc1 = [
+            (DRSUAPI_ATTID_objectClass, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_cn, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_instanceType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_whenCreated, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_isDeleted, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntSecurityDescriptor, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_name, self.dc1_guid, 3),
+            (DRSUAPI_ATTID_userAccountControl, self.dc1_guid, None),
+            (DRSUAPI_ATTID_codePage, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_countryCode, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_dBCSPwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_logonHours, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_unicodePwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_pwdLastSet, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_primaryGroupID, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_objectSid, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_accountExpires, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_lmPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountType, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_userPrincipalName, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_lastKnownParent, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectCategory, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_isRecycled, self.dc1_guid, 1)]
+
+        # check user info on DC1 - should be deleted user
+        self._check_obj(sam_ldb=self.ldb_dc1, drs=self.drs_dc1,
+                        obj_orig=user_moved_orig,
+                        is_deleted=True,
+                        expected_metadata=deleted_metadata_dc1)
+
+        # trigger replication from DC2 to DC1
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True)
+
+        # check user info on DC1 - should be deleted user
+        self._check_obj(sam_ldb=self.ldb_dc1, drs=self.drs_dc1,
+                        obj_orig=user_moved_orig,
+                        is_deleted=True,
+                        expected_metadata=deleted_metadata_dc1)
+
+        # trigger replication from DC1 to DC2, for cleanup
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+
+        deleted_metadata_dc2 = [
+            (DRSUAPI_ATTID_objectClass, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_cn, self.dc2_guid, 1),
+            (DRSUAPI_ATTID_instanceType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_whenCreated, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_isDeleted, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntSecurityDescriptor, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_name, self.dc1_guid, 3),
+            (DRSUAPI_ATTID_userAccountControl, self.dc1_guid, None),
+            (DRSUAPI_ATTID_codePage, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_countryCode, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_dBCSPwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_logonHours, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_unicodePwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_pwdLastSet, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_primaryGroupID, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_objectSid, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_accountExpires, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_lmPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountType, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_userPrincipalName, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_lastKnownParent, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectCategory, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_isRecycled, self.dc1_guid, 1)]
+
+        # check user info on DC2 - should be deleted user
+        self._check_obj(sam_ldb=self.ldb_dc2, drs=self.drs_dc2,
+                        obj_orig=user_moved_orig,
+                        is_deleted=True,
+                        expected_metadata=deleted_metadata_dc2)
+
+    def test_ReplicateMoveObject4(self):
+        """Verifies how a moved container with a user inside is replicated between two DCs.
+           This test should verify that:
+            - the OU is replicated properly
+            - the user is modified on DC2
+            - the OU is renamed on DC1
+            - We verify that after replication DC1 -> DC2,
+              that the user has the correct DN (under OU2), and the description
+
+           """
+        # work-out unique username to test with
+        username = self._make_username()
+
+        # create user on DC1
+        self.ldb_dc1.newuser(username=username,
+                             userou="ou=%s,ou=%s"
+                             % (self.ou1_dn.get_component_value(0),
+                                self.top_ou.get_component_value(0)),
+                             password=None, setpassword=False)
+        ldb_res = self.ldb_dc1.search(base=self.ou1_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % username,
+                                      attrs=["*", "parentGUID"])
+        self.assertEqual(len(ldb_res), 1)
+        user_orig = ldb_res[0]
+        user_dn   = ldb_res[0]["dn"]
+
+        # check user info on DC1
+        print("Testing for %s with GUID %s" % (username, self._GUID_string(user_orig["objectGUID"][0])))
+        initial_metadata = [
+            (DRSUAPI_ATTID_objectClass, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_cn, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_instanceType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_whenCreated, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntSecurityDescriptor, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_name, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_userAccountControl, self.dc1_guid, None),
+            (DRSUAPI_ATTID_codePage, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_countryCode, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_dBCSPwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_logonHours, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_unicodePwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_pwdLastSet, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_primaryGroupID, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectSid, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_accountExpires, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_lmPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_userPrincipalName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectCategory, self.dc1_guid, 1)]
+
+        self._check_obj(sam_ldb=self.ldb_dc1, drs=self.drs_dc1,
+                        obj_orig=user_orig, is_deleted=False,
+                        expected_metadata=initial_metadata)
+
+        # trigger replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+
+        initial_metadata_dc2 = [
+            (DRSUAPI_ATTID_objectClass, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_cn, self.dc2_guid, 1),
+            (DRSUAPI_ATTID_instanceType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_whenCreated, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntSecurityDescriptor, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_name, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_userAccountControl, self.dc1_guid, None),
+            (DRSUAPI_ATTID_codePage, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_countryCode, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_dBCSPwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_logonHours, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_unicodePwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_pwdLastSet, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_primaryGroupID, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectSid, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_accountExpires, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_lmPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_userPrincipalName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectCategory, self.dc1_guid, 1)]
+
+        # check user info on DC2 - should still be valid user
+        user_cur = self._check_obj(sam_ldb=self.ldb_dc2, drs=self.drs_dc2,
+                                   obj_orig=user_orig, is_deleted=False,
+                                   expected_metadata=initial_metadata_dc2)
+
+        new_dn = ldb.Dn(self.ldb_dc1, "CN=%s" % username)
+        new_dn.add_base(self.ou2_dn)
+        self.ldb_dc1.rename(user_dn, new_dn)
+        ldb_res = self.ldb_dc1.search(base=self.ou2_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % username,
+                                      attrs=["*", "parentGUID"])
+        self.assertEqual(len(ldb_res), 1)
+
+        user_moved_orig = ldb_res[0]
+
+        moved_metadata = [
+            (DRSUAPI_ATTID_objectClass, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_cn, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_instanceType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_whenCreated, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntSecurityDescriptor, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_name, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_userAccountControl, self.dc1_guid, None),
+            (DRSUAPI_ATTID_codePage, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_countryCode, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_dBCSPwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_logonHours, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_unicodePwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_pwdLastSet, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_primaryGroupID, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectSid, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_accountExpires, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_lmPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_userPrincipalName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectCategory, self.dc1_guid, 1)]
+
+        # check user info on DC1 after rename - should be valid user
+        user_cur = self._check_obj(sam_ldb=self.ldb_dc1, drs=self.drs_dc1,
+                                   obj_orig=user_moved_orig,
+                                   is_deleted=False,
+                                   expected_metadata=moved_metadata)
+
+        # Modify description on DC2.  This triggers a replication, but
+        # not of 'name' and so a bug in Samba regarding the DN.
+        msg = ldb.Message()
+        msg.dn = user_dn
+        msg["description"] = ldb.MessageElement("User Description", ldb.FLAG_MOD_REPLACE, "description")
+        self.ldb_dc2.modify(msg)
+
+        modified_metadata = [
+            (DRSUAPI_ATTID_objectClass, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_cn, self.dc2_guid, 1),
+            (DRSUAPI_ATTID_description, self.dc2_guid, 1),
+            (DRSUAPI_ATTID_instanceType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_whenCreated, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntSecurityDescriptor, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_name, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_userAccountControl, self.dc1_guid, None),
+            (DRSUAPI_ATTID_codePage, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_countryCode, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_dBCSPwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_logonHours, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_unicodePwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_pwdLastSet, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_primaryGroupID, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectSid, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_accountExpires, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_lmPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_userPrincipalName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectCategory, self.dc1_guid, 1)]
+
+        user_cur = self._check_obj(sam_ldb=self.ldb_dc2, drs=self.drs_dc2,
+                                   obj_orig=user_orig,
+                                   is_deleted=False,
+                                   expected_metadata=modified_metadata)
+
+        # trigger replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+
+        modified_renamed_metadata = [
+            (DRSUAPI_ATTID_objectClass, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_cn, self.dc2_guid, 2),
+            (DRSUAPI_ATTID_description, self.dc2_guid, 1),
+            (DRSUAPI_ATTID_instanceType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_whenCreated, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntSecurityDescriptor, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_name, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_userAccountControl, self.dc1_guid, None),
+            (DRSUAPI_ATTID_codePage, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_countryCode, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_dBCSPwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_logonHours, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_unicodePwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_pwdLastSet, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_primaryGroupID, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectSid, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_accountExpires, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_lmPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_userPrincipalName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectCategory, self.dc1_guid, 1)]
+
+        # check user info on DC2 - should still be valid user
+        user_cur = self._check_obj(sam_ldb=self.ldb_dc2, drs=self.drs_dc2,
+                                   obj_orig=user_moved_orig,
+                                   is_deleted=False,
+                                   expected_metadata=modified_renamed_metadata)
+
+        self.assertTrue("description" in user_cur)
+
+        # delete user on DC1
+        self.ldb_dc1.delete('<GUID=%s>' % self._GUID_string(user_orig["objectGUID"][0]))
+        deleted_metadata_dc1 = [
+            (DRSUAPI_ATTID_objectClass, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_cn, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_instanceType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_whenCreated, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_isDeleted, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntSecurityDescriptor, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_name, self.dc1_guid, 3),
+            (DRSUAPI_ATTID_userAccountControl, self.dc1_guid, None),
+            (DRSUAPI_ATTID_codePage, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_countryCode, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_dBCSPwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_logonHours, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_unicodePwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_pwdLastSet, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_primaryGroupID, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_objectSid, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_accountExpires, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_lmPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountType, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_userPrincipalName, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_lastKnownParent, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectCategory, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_isRecycled, self.dc1_guid, 1)]
+
+        # check user info on DC1 - should be deleted user
+        user_cur = self._check_obj(sam_ldb=self.ldb_dc1, drs=self.drs_dc1,
+                                   obj_orig=user_moved_orig,
+                                   is_deleted=True,
+                                   expected_metadata=deleted_metadata_dc1)
+
+        # trigger replication from DC2 to DC1
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True)
+        # check user info on DC2 - should still be valid user
+        user_cur = self._check_obj(sam_ldb=self.ldb_dc2, drs=self.drs_dc2,
+                                   obj_orig=user_moved_orig,
+                                   is_deleted=False,
+                                   expected_metadata=modified_renamed_metadata)
+
+        self.assertTrue("description" in user_cur)
+
+        deleted_metadata_dc1 = [
+            (DRSUAPI_ATTID_objectClass, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_cn, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_description, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_instanceType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_whenCreated, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_isDeleted, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntSecurityDescriptor, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_name, self.dc1_guid, 3),
+            (DRSUAPI_ATTID_userAccountControl, self.dc1_guid, None),
+            (DRSUAPI_ATTID_codePage, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_countryCode, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_dBCSPwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_logonHours, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_unicodePwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_pwdLastSet, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_primaryGroupID, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_objectSid, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_accountExpires, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_lmPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountType, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_userPrincipalName, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_lastKnownParent, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectCategory, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_isRecycled, self.dc1_guid, 1)]
+
+        # check user info on DC1 - should be deleted user
+        user_cur = self._check_obj(sam_ldb=self.ldb_dc1, drs=self.drs_dc1,
+                                   obj_orig=user_moved_orig,
+                                   is_deleted=True,
+                                   expected_metadata=deleted_metadata_dc1)
+
+        self.assertFalse("description" in user_cur)
+
+        # trigger replication from DC1 to DC2, for cleanup
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+
+        deleted_metadata_dc2 = [
+            (DRSUAPI_ATTID_objectClass, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_cn, self.dc2_guid, 3),
+            (DRSUAPI_ATTID_description, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_instanceType, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_whenCreated, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_isDeleted, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntSecurityDescriptor, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_name, self.dc1_guid, 3),
+            (DRSUAPI_ATTID_userAccountControl, self.dc1_guid, None),
+            (DRSUAPI_ATTID_codePage, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_countryCode, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_dBCSPwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_logonHours, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_unicodePwd, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_ntPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_pwdLastSet, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_primaryGroupID, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_objectSid, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_accountExpires, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_lmPwdHistory, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountName, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_sAMAccountType, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_userPrincipalName, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_lastKnownParent, self.dc1_guid, 1),
+            (DRSUAPI_ATTID_objectCategory, self.dc1_guid, 2),
+            (DRSUAPI_ATTID_isRecycled, self.dc1_guid, 1)]
+
+        # check user info on DC2 - should be deleted user
+        user_cur = self._check_obj(sam_ldb=self.ldb_dc2, drs=self.drs_dc2,
+                                   obj_orig=user_moved_orig,
+                                   is_deleted=True,
+                                   expected_metadata=deleted_metadata_dc2)
+
+        self.assertFalse("description" in user_cur)
+
+    def test_ReplicateMoveObject5(self):
+        """Verifies how a moved container with a user inside is replicated between two DCs.
+           This test should verify that:
+            - the OU is replicated properly
+            - the user is modified on DC2
+            - the OU is renamed on DC1
+            - We verify that after replication DC2 -> DC1,
+              that the user has the correct DN (under OU2), and the description
+
+           """
+        # work-out unique username to test with
+        username = self._make_username()
+
+        # create user on DC1
+        self.ldb_dc1.newuser(username=username,
+                             userou="ou=%s,ou=%s"
+                             % (self.ou1_dn.get_component_value(0),
+                                self.top_ou.get_component_value(0)),
+                             password=None, setpassword=False)
+        ldb_res = self.ldb_dc1.search(base=self.ou1_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % username,
+                                      attrs=["*", "parentGUID"])
+        self.assertEqual(len(ldb_res), 1)
+        user_orig = ldb_res[0]
+        user_dn   = ldb_res[0]["dn"]
+
+        # trigger replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+        # check user info on DC2 - should still be valid user
+        user_cur = self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=user_orig, is_deleted=False)
+
+        # check user info on DC1
+        print("Testing for %s with GUID %s" % (username, self._GUID_string(user_orig["objectGUID"][0])))
+        self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=user_orig, is_deleted=False)
+
+        new_dn = ldb.Dn(self.ldb_dc1, "CN=%s" % username)
+        new_dn.add_base(self.ou2_dn)
+        self.ldb_dc1.rename(user_dn, new_dn)
+        ldb_res = self.ldb_dc1.search(base=self.ou2_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % username,
+                                      attrs=["*", "parentGUID"])
+        self.assertEqual(len(ldb_res), 1)
+
+        user_moved_orig = ldb_res[0]
+
+        # Modify description on DC2.  This triggers a replication, but
+        # not of 'name' and so a bug in Samba regarding the DN.
+        msg = ldb.Message()
+        msg.dn = user_dn
+        msg["description"] = ldb.MessageElement("User Description", ldb.FLAG_MOD_REPLACE, "description")
+        self.ldb_dc2.modify(msg)
+
+        # trigger replication from DC2 to DC1
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True)
+        # check user info on DC1 - should still be valid user
+        user_cur = self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=user_moved_orig, is_deleted=False)
+        self.assertTrue("description" in user_cur)
+
+        # trigger replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+        user_cur = self._check_obj(sam_ldb=self.ldb_dc2, obj_orig=user_moved_orig, is_deleted=False)
+        self.assertTrue("description" in user_cur)
+
+        # delete user on DC2
+        self.ldb_dc2.delete('<GUID=%s>' % self._GUID_string(user_orig["objectGUID"][0]))
+        # trigger replication from DC2 to DC1 for cleanup
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True)
+
+        # check user info on DC1 - should be deleted user
+        user_cur = self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=user_moved_orig, is_deleted=True)
+        self.assertFalse("description" in user_cur)
+
+    def test_ReplicateMoveObject6(self):
+        """Verifies how a moved container is replicated between two DCs.
+           This test should verify that:
+            - the OU1 is replicated properly
+            - the OU1 is modified on DC2
+            - the OU1 is renamed on DC1
+            - We verify that after replication DC1 -> DC2,
+              that the OU1 has the correct DN (under OU2), and the description
+
+           """
+        ldb_res = self.ldb_dc1.search(base=self.ou1_dn,
+                                      scope=SCOPE_BASE,
+                                      attrs=["*", "parentGUID"])
+        self.assertEqual(len(ldb_res), 1)
+        ou_orig = ldb_res[0]
+        ou_dn   = ldb_res[0]["dn"]
+
+        # check user info on DC1
+        print("Testing for %s with GUID %s" % (self.ou1_dn, self._GUID_string(ou_orig["objectGUID"][0])))
+        self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=ou_orig, is_deleted=False)
+
+        # trigger replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+        # check user info on DC2 - should still be valid user
+        ou_cur = self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=ou_orig, is_deleted=False)
+
+        new_dn = ldb.Dn(self.ldb_dc1, "OU=%s" % self.ou1_dn.get_component_value(0))
+        new_dn.add_base(self.ou2_dn)
+        self.ldb_dc1.rename(ou_dn, new_dn)
+        ldb_res = self.ldb_dc1.search(base=new_dn,
+                                      scope=SCOPE_BASE,
+                                      attrs=["*", "parentGUID"])
+        self.assertEqual(len(ldb_res), 1)
+
+        ou_moved_orig = ldb_res[0]
+
+        # Modify description on DC2.  This triggers a replication, but
+        # not of 'name' and so a bug in Samba regarding the DN.
+        msg = ldb.Message()
+        msg.dn = ou_dn
+        msg["description"] = ldb.MessageElement("OU Description", ldb.FLAG_MOD_REPLACE, "description")
+        self.ldb_dc2.modify(msg)
+
+        # trigger replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+        # check user info on DC2 - should still be valid user
+        ou_cur = self._check_obj(sam_ldb=self.ldb_dc2, obj_orig=ou_moved_orig, is_deleted=False)
+        self.assertTrue("description" in ou_cur)
+
+        # delete OU on DC1
+        self.ldb_dc1.delete('<GUID=%s>' % self._GUID_string(ou_orig["objectGUID"][0]))
+        # trigger replication from DC2 to DC1
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True)
+        # check user info on DC2 - should be deleted user
+        ou_cur = self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=ou_moved_orig, is_deleted=True)
+        self.assertFalse("description" in ou_cur)
+
+        # trigger replication from DC1 to DC2, for cleanup
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+
+        # check user info on DC2 - should be deleted user
+        ou_cur = self._check_obj(sam_ldb=self.ldb_dc2, obj_orig=ou_moved_orig, is_deleted=True)
+        self.assertFalse("description" in ou_cur)
+
+    def test_ReplicateMoveObject7(self):
+        """Verifies how a moved container is replicated between two DCs.
+           This test should verify that:
+            - the OU1 is replicated properly
+            - the OU1 is modified on DC2
+            - the OU1 is renamed on DC1 to be under OU2
+            - We verify that after replication DC2 -> DC1,
+              that the OU1 has the correct DN (under OU2), and the description
+
+           """
+        ldb_res = self.ldb_dc1.search(base=self.ou1_dn,
+                                      scope=SCOPE_BASE,
+                                      attrs=["*", "parentGUID"])
+        self.assertEqual(len(ldb_res), 1)
+        ou_orig = ldb_res[0]
+        ou_dn   = ldb_res[0]["dn"]
+
+        # check user info on DC1
+        print("Testing for %s with GUID %s" % (self.ou1_dn, self._GUID_string(ou_orig["objectGUID"][0])))
+        self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=ou_orig, is_deleted=False)
+
+        # trigger replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+        # check user info on DC2 - should still be valid user
+        ou_cur = self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=ou_orig, is_deleted=False)
+
+        new_dn = ldb.Dn(self.ldb_dc1, "OU=%s" % self.ou1_dn.get_component_value(0))
+        new_dn.add_base(self.ou2_dn)
+        self.ldb_dc1.rename(ou_dn, new_dn)
+        ldb_res = self.ldb_dc1.search(base=new_dn,
+                                      scope=SCOPE_BASE,
+                                      attrs=["*", "parentGUID"])
+        self.assertEqual(len(ldb_res), 1)
+
+        ou_moved_orig = ldb_res[0]
+
+        # Modify description on DC2.  This triggers a replication, but
+        # not of 'name' and so a bug in Samba regarding the DN.
+        msg = ldb.Message()
+        msg.dn = ou_dn
+        msg["description"] = ldb.MessageElement("OU Description", ldb.FLAG_MOD_REPLACE, "description")
+        self.ldb_dc2.modify(msg)
+
+        # trigger replication from DC2 to DC1
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True)
+        # check user info on DC1 - should still be valid user
+        ou_cur = self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=ou_moved_orig, is_deleted=False)
+        self.assertTrue("description" in ou_cur)
+
+        # delete OU on DC1
+        self.ldb_dc1.delete('<GUID=%s>' % self._GUID_string(ou_orig["objectGUID"][0]))
+        # trigger replication from DC2 to DC1
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True)
+        # check user info on DC2 - should be deleted user
+        ou_cur = self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=ou_moved_orig, is_deleted=True)
+        self.assertFalse("description" in ou_cur)
+
+        # trigger replication from DC1 to DC2, for cleanup
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+
+        # check user info on DC2 - should be deleted user
+        ou_cur = self._check_obj(sam_ldb=self.ldb_dc2, obj_orig=ou_moved_orig, is_deleted=True)
+        self.assertFalse("description" in ou_cur)
+
+    def test_ReplicateMoveObject8(self):
+        """Verifies how a moved container is replicated between two DCs.
+           This test should verify that:
+            - the OU1 is replicated properly
+            - the OU1 is modified on DC2
+            - the OU1 is renamed on DC1 to OU1-renamed
+            - We verify that after replication DC1 -> DC2,
+              that the OU1 has the correct DN (OU1-renamed), and the description
+
+           """
+        ldb_res = self.ldb_dc1.search(base=self.ou1_dn,
+                                      scope=SCOPE_BASE,
+                                      attrs=["*", "parentGUID"])
+        self.assertEqual(len(ldb_res), 1)
+        ou_orig = ldb_res[0]
+        ou_dn   = ldb_res[0]["dn"]
+
+        # check user info on DC1
+        print("Testing for %s with GUID %s" % (self.ou1_dn, self._GUID_string(ou_orig["objectGUID"][0])))
+        self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=ou_orig, is_deleted=False)
+
+        # trigger replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+        # check user info on DC2 - should still be valid user
+        ou_cur = self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=ou_orig, is_deleted=False)
+
+        new_dn = ldb.Dn(self.ldb_dc1, "OU=%s-renamed" % self.ou1_dn.get_component_value(0))
+        new_dn.add_base(self.ou1_dn.parent())
+        self.ldb_dc1.rename(ou_dn, new_dn)
+        ldb_res = self.ldb_dc1.search(base=new_dn,
+                                      scope=SCOPE_BASE,
+                                      attrs=["*", "parentGUID"])
+        self.assertEqual(len(ldb_res), 1)
+
+        ou_moved_orig = ldb_res[0]
+
+        # Modify description on DC2.  This triggers a replication, but
+        # not of 'name' and so a bug in Samba regarding the DN.
+        msg = ldb.Message()
+        msg.dn = ou_dn
+        msg["description"] = ldb.MessageElement("OU Description", ldb.FLAG_MOD_REPLACE, "description")
+        self.ldb_dc2.modify(msg)
+
+        # trigger replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+        # check user info on DC2 - should still be valid user
+        ou_cur = self._check_obj(sam_ldb=self.ldb_dc2, obj_orig=ou_moved_orig, is_deleted=False)
+        self.assertTrue("description" in ou_cur)
+
+        # delete OU on DC1
+        self.ldb_dc1.delete('<GUID=%s>' % self._GUID_string(ou_orig["objectGUID"][0]))
+        # trigger replication from DC2 to DC1
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True)
+        # check user info on DC2 - should be deleted user
+        ou_cur = self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=ou_moved_orig, is_deleted=True)
+        self.assertFalse("description" in ou_cur)
+
+        # trigger replication from DC1 to DC2, for cleanup
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+
+        # check user info on DC2 - should be deleted user
+        ou_cur = self._check_obj(sam_ldb=self.ldb_dc2, obj_orig=ou_moved_orig, is_deleted=True)
+        self.assertFalse("description" in ou_cur)
+
+    def test_ReplicateMoveObject9(self):
+        """Verifies how a moved container is replicated between two DCs.
+           This test should verify that:
+            - the OU1 is replicated properly
+            - the OU1 is modified on DC2
+            - the OU1 is renamed on DC1 to be under OU2
+            - the OU1 is renamed on DC1 to OU1-renamed
+            - We verify that after replication DC1 -> DC2,
+              that the OU1 has the correct DN (OU1-renamed), and the description
+
+           """
+        ldb_res = self.ldb_dc1.search(base=self.ou1_dn,
+                                      scope=SCOPE_BASE,
+                                      attrs=["*", "parentGUID"])
+        self.assertEqual(len(ldb_res), 1)
+        ou_orig = ldb_res[0]
+        ou_dn   = ldb_res[0]["dn"]
+
+        # check user info on DC1
+        print("Testing for %s with GUID %s" % (self.ou1_dn, self._GUID_string(ou_orig["objectGUID"][0])))
+        self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=ou_orig, is_deleted=False)
+
+        # trigger replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+        # check user info on DC2 - should still be valid user
+        ou_cur = self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=ou_orig, is_deleted=False)
+
+        new_dn = ldb.Dn(self.ldb_dc1, "OU=%s-renamed" % self.ou1_dn.get_component_value(0))
+        new_dn.add_base(self.ou1_dn.parent())
+        self.ldb_dc1.rename(ou_dn, new_dn)
+        ldb_res = self.ldb_dc1.search(base=new_dn,
+                                      scope=SCOPE_BASE,
+                                      attrs=["*", "parentGUID"])
+        self.assertEqual(len(ldb_res), 1)
+
+        ou_moved_orig = ldb_res[0]
+
+        # Modify description on DC2.  This triggers a replication, but
+        # not of 'name' and so a bug in Samba regarding the DN.
+        msg = ldb.Message()
+        msg.dn = ou_dn
+        msg["description"] = ldb.MessageElement("OU Description", ldb.FLAG_MOD_REPLACE, "description")
+        self.ldb_dc2.modify(msg)
+
+        # trigger replication from DC2 to DC1
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True)
+        # check user info on DC1 - should still be valid user
+        ou_cur = self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=ou_moved_orig, is_deleted=False)
+        self.assertTrue("description" in ou_cur)
+
+        # delete OU on DC1
+        self.ldb_dc1.delete('<GUID=%s>' % self._GUID_string(ou_orig["objectGUID"][0]))
+        # trigger replication from DC2 to DC1
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True)
+        # check user info on DC2 - should be deleted user
+        ou_cur = self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=ou_moved_orig, is_deleted=True)
+        self.assertFalse("description" in ou_cur)
+
+        # trigger replication from DC1 to DC2, for cleanup
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+
+        # check user info on DC2 - should be deleted user
+        ou_cur = self._check_obj(sam_ldb=self.ldb_dc2, obj_orig=ou_moved_orig, is_deleted=True)
+        self.assertFalse("description" in ou_cur)
+
+    def test_ReplicateMoveObject10(self):
+        """Verifies how a moved container is replicated between two DCs.
+           This test should verify that:
+            - the OU1 is replicated properly
+            - the OU1 is modified on DC2
+            - the OU1 is deleted on DC1
+            - We verify that after replication DC1 -> DC2,
+              that the OU1 is deleted, and the description has gone away
+
+           """
+        ldb_res = self.ldb_dc1.search(base=self.ou1_dn,
+                                      scope=SCOPE_BASE,
+                                      attrs=["*", "parentGUID"])
+        self.assertEqual(len(ldb_res), 1)
+        ou_orig = ldb_res[0]
+        ou_dn   = ldb_res[0]["dn"]
+
+        # check user info on DC1
+        print("Testing for %s with GUID %s" % (self.ou1_dn, self._GUID_string(ou_orig["objectGUID"][0])))
+        self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=ou_orig, is_deleted=False)
+
+        # trigger replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+        # check user info on DC2 - should still be valid user
+        ou_cur = self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=ou_orig, is_deleted=False)
+
+        # Modify description on DC2.  This triggers a replication, but
+        # not of 'name' and so a bug in Samba regarding the DN.
+        msg = ldb.Message()
+        msg.dn = ou_dn
+        msg["description"] = ldb.MessageElement("OU Description", ldb.FLAG_MOD_REPLACE, "description")
+        self.ldb_dc2.modify(msg)
+
+        # delete OU on DC1
+        self.ldb_dc1.delete('<GUID=%s>' % self._GUID_string(ou_orig["objectGUID"][0]))
+        # trigger replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+        # check user info on DC2 - should be deleted OU
+        ou_cur = self._check_obj(sam_ldb=self.ldb_dc2, obj_orig=ou_orig, is_deleted=True)
+        self.assertFalse("description" in ou_cur)
+
+        # trigger replication from DC1 to DC2, for cleanup
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True)
+
+        # check user info on DC2 - should be deleted OU
+        ou_cur = self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=ou_orig, is_deleted=True)
+        self.assertFalse("description" in ou_cur)
+
+    def test_ReplicateMoveObject11(self):
+        """Verifies how a moved container is replicated between two DCs.
+           This test should verify that:
+            - the OU1 is replicated properly
+            - the OU1 is modified on DC2
+            - the OU1 is deleted on DC1
+            - We verify that after replication DC2 -> DC1,
+              that the OU1 is deleted, and the description has gone away
+
+           """
+        ldb_res = self.ldb_dc1.search(base=self.ou1_dn,
+                                      scope=SCOPE_BASE,
+                                      attrs=["*", "parentGUID"])
+        self.assertEqual(len(ldb_res), 1)
+        ou_orig = ldb_res[0]
+        ou_dn   = ldb_res[0]["dn"]
+
+        # check user info on DC1
+        print("Testing for %s with GUID %s" % (self.ou1_dn, self._GUID_string(ou_orig["objectGUID"][0])))
+        self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=ou_orig, is_deleted=False)
+
+        # trigger replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+        # check user info on DC2 - should still be valid user
+        ou_cur = self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=ou_orig, is_deleted=False)
+
+        # Modify description on DC2.  This triggers a replication, but
+        # not of 'name' and so a bug in Samba regarding the DN.
+        msg = ldb.Message()
+        msg.dn = ou_dn
+        msg["description"] = ldb.MessageElement("OU Description", ldb.FLAG_MOD_REPLACE, "description")
+        self.ldb_dc2.modify(msg)
+
+        # delete OU on DC1
+        self.ldb_dc1.delete('<GUID=%s>' % self._GUID_string(ou_orig["objectGUID"][0]))
+        # trigger replication from DC2 to DC1
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True)
+        # check user info on DC2 - should be deleted OU
+        ou_cur = self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=ou_orig, is_deleted=True)
+        self.assertFalse("description" in ou_cur)
+
+        # trigger replication from DC1 to DC2, for cleanup
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+
+        # check user info on DC2 - should be deleted OU
+        ou_cur = self._check_obj(sam_ldb=self.ldb_dc2, obj_orig=ou_orig, is_deleted=True)
+        self.assertFalse("description" in ou_cur)
+
+
+class DrsMoveBetweenTreeOfObjectTestCase(drs_base.DrsBaseTestCase):
+
+    def setUp(self):
+        super(DrsMoveBetweenTreeOfObjectTestCase, self).setUp()
+        # disable automatic replication temporary
+        self._disable_all_repl(self.dnsname_dc1)
+        self._disable_all_repl(self.dnsname_dc2)
+
+        self.top_ou = samba.tests.create_test_ou(self.ldb_dc1,
+                                                 "replica_move")
+
+        # make sure DCs are synchronized before the test
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True)
+
+        self.ou1_dn = ldb.Dn(self.ldb_dc1, "OU=DrsOU1")
+        self.ou1_dn.add_base(self.top_ou)
+        self.ou1 = {}
+        self.ou1["dn"] = self.ou1_dn
+        self.ou1["objectclass"] = "organizationalUnit"
+        self.ou1["ou"] = self.ou1_dn.get_component_value(0)
+
+        self.ou2_dn = ldb.Dn(self.ldb_dc1, "OU=DrsOU2,OU=DrsOU1")
+        self.ou2_dn.add_base(self.top_ou)
+        self.ou2 = {}
+        self.ou2["dn"] = self.ou2_dn
+        self.ou2["objectclass"] = "organizationalUnit"
+        self.ou2["ou"] = self.ou2_dn.get_component_value(0)
+
+        self.ou2b_dn = ldb.Dn(self.ldb_dc1, "OU=DrsOU2B,OU=DrsOU1")
+        self.ou2b_dn.add_base(self.top_ou)
+        self.ou2b = {}
+        self.ou2b["dn"] = self.ou2b_dn
+        self.ou2b["objectclass"] = "organizationalUnit"
+        self.ou2b["ou"] = self.ou2b_dn.get_component_value(0)
+
+        self.ou2c_dn = ldb.Dn(self.ldb_dc1, "OU=DrsOU2C,OU=DrsOU1")
+        self.ou2c_dn.add_base(self.top_ou)
+
+        self.ou3_dn = ldb.Dn(self.ldb_dc1, "OU=DrsOU3,OU=DrsOU2,OU=DrsOU1")
+        self.ou3_dn.add_base(self.top_ou)
+        self.ou3 = {}
+        self.ou3["dn"] = self.ou3_dn
+        self.ou3["objectclass"] = "organizationalUnit"
+        self.ou3["ou"] = self.ou3_dn.get_component_value(0)
+
+        self.ou4_dn = ldb.Dn(self.ldb_dc1, "OU=DrsOU4,OU=DrsOU3,OU=DrsOU2,OU=DrsOU1")
+        self.ou4_dn.add_base(self.top_ou)
+        self.ou4 = {}
+        self.ou4["dn"] = self.ou4_dn
+        self.ou4["objectclass"] = "organizationalUnit"
+        self.ou4["ou"] = self.ou4_dn.get_component_value(0)
+
+        self.ou5_dn = ldb.Dn(self.ldb_dc1, "OU=DrsOU5,OU=DrsOU4,OU=DrsOU3,OU=DrsOU2,OU=DrsOU1")
+        self.ou5_dn.add_base(self.top_ou)
+        self.ou5 = {}
+        self.ou5["dn"] = self.ou5_dn
+        self.ou5["objectclass"] = "organizationalUnit"
+        self.ou5["ou"] = self.ou5_dn.get_component_value(0)
+
+        self.ou6_dn = ldb.Dn(self.ldb_dc1, "OU=DrsOU6,OU=DrsOU5,OU=DrsOU4,OU=DrsOU3,OU=DrsOU2,OU=DrsOU1")
+        self.ou6_dn.add_base(self.top_ou)
+        self.ou6 = {}
+        self.ou6["dn"] = self.ou6_dn
+        self.ou6["objectclass"] = "organizationalUnit"
+        self.ou6["ou"] = self.ou6_dn.get_component_value(0)
+
+    def tearDown(self):
+        self.ldb_dc1.delete(self.top_ou, ["tree_delete:1"])
+        self._enable_all_repl(self.dnsname_dc1)
+        self._enable_all_repl(self.dnsname_dc2)
+        super(DrsMoveBetweenTreeOfObjectTestCase, self).tearDown()
+
+    def _make_username(self):
+        return "DrsTreeU_" + time.strftime("%s", time.gmtime())
+
+    # now also used to check the group
+    def _check_obj(self, sam_ldb, obj_orig, is_deleted):
+        # search the user by guid as it may be deleted
+        guid_str = self._GUID_string(obj_orig["objectGUID"][0])
+        res = sam_ldb.search(base='<GUID=%s>' % guid_str,
+                             controls=["show_deleted:1"],
+                             attrs=["*", "parentGUID"])
+        self.assertEqual(len(res), 1)
+        user_cur = res[0]
+        cn_orig = str(obj_orig["cn"][0])
+        cn_cur  = str(user_cur["cn"][0])
+        name_orig = str(obj_orig["name"][0])
+        name_cur  = str(user_cur["name"][0])
+        dn_orig = obj_orig["dn"]
+        dn_cur  = user_cur["dn"]
+        # now check properties of the user
+        if is_deleted:
+            self.assertTrue("isDeleted" in user_cur)
+            self.assertEqual(cn_cur.split('\n')[0], cn_orig)
+            self.assertEqual(name_cur.split('\n')[0], name_orig)
+            self.assertEqual(dn_cur.get_rdn_value().split('\n')[0],
+                              dn_orig.get_rdn_value())
+            self.assertEqual(name_cur, cn_cur)
+        else:
+            self.assertFalse("isDeleted" in user_cur)
+            self.assertEqual(cn_cur, cn_orig)
+            self.assertEqual(name_cur, name_orig)
+            self.assertEqual(dn_cur, dn_orig)
+            self.assertEqual(name_cur, cn_cur)
+        self.assertEqual(name_cur, user_cur.dn.get_rdn_value())
+
+        return user_cur
+
+    def test_ReplicateMoveInTree1(self):
+        """Verifies how an object is replicated between two DCs.
+           This test should verify that:
+            - a complex OU tree can be replicated correctly
+            - the user is in the correct spot (renamed into) within the tree
+              on both DCs
+           """
+        # work-out unique username to test with
+        username = self._make_username()
+
+        self.ldb_dc1.add(self.ou1)
+
+        # create user on DC1
+        self.ldb_dc1.newuser(username=username,
+                             userou="ou=%s,ou=%s"
+                             % (self.ou1_dn.get_component_value(0),
+                                self.top_ou.get_component_value(0)),
+                             password=None, setpassword=False)
+        ldb_res = self.ldb_dc1.search(base=self.ou1_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % username)
+        self.assertEqual(len(ldb_res), 1)
+        user_orig = ldb_res[0]
+        user_dn   = ldb_res[0]["dn"]
+
+        # check user info on DC1
+        print("Testing for %s with GUID %s" % (username, self._GUID_string(user_orig["objectGUID"][0])))
+        self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=user_orig, is_deleted=False)
+
+        self.ldb_dc1.add(self.ou2)
+        self.ldb_dc1.add(self.ou3)
+        self.ldb_dc1.add(self.ou4)
+        self.ldb_dc1.add(self.ou5)
+
+        new_dn = ldb.Dn(self.ldb_dc1, "CN=%s" % username)
+        new_dn.add_base(self.ou5_dn)
+        self.ldb_dc1.rename(user_dn, new_dn)
+        ldb_res = self.ldb_dc1.search(base=self.ou2_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % username)
+        self.assertEqual(len(ldb_res), 1)
+
+        user_moved_orig = ldb_res[0]
+
+        # trigger replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+        # check user info on DC2 - should be valid user
+        self._check_obj(sam_ldb=self.ldb_dc2, obj_orig=user_moved_orig, is_deleted=False)
+
+        # delete user on DC1
+        self.ldb_dc1.delete('<GUID=%s>' % self._GUID_string(user_orig["objectGUID"][0]))
+
+        # trigger replication from DC1 to DC2, for cleanup
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+
+    def test_ReplicateMoveInTree2(self):
+        """Verifies how an object is replicated between two DCs.
+           This test should verify that:
+            - a complex OU tree can be replicated correctly
+            - the user is in the correct spot (renamed into) within the tree
+              on both DCs
+            - that a rename back works correctly, and is replicated
+           """
+        # work-out unique username to test with
+        username = self._make_username()
+
+        self.ldb_dc1.add(self.ou1)
+
+        # create user on DC1
+        self.ldb_dc1.newuser(username=username,
+                             userou="ou=%s,ou=%s"
+                             % (self.ou1_dn.get_component_value(0),
+                                self.top_ou.get_component_value(0)),
+                             password=None, setpassword=False)
+        ldb_res = self.ldb_dc1.search(base=self.ou1_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % username)
+        self.assertEqual(len(ldb_res), 1)
+        user_orig = ldb_res[0]
+        user_dn   = ldb_res[0]["dn"]
+
+        # check user info on DC1
+        print("Testing for %s with GUID %s" % (username, self._GUID_string(user_orig["objectGUID"][0])))
+        self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=user_orig, is_deleted=False)
+
+        self.ldb_dc1.add(self.ou2)
+        self.ldb_dc1.add(self.ou2b)
+        self.ldb_dc1.add(self.ou3)
+
+        new_dn = ldb.Dn(self.ldb_dc1, "CN=%s" % username)
+        new_dn.add_base(self.ou3_dn)
+        self.ldb_dc1.rename(user_dn, new_dn)
+
+        new_dn3 = ldb.Dn(self.ldb_dc1, "OU=%s" % self.ou3_dn.get_component_value(0))
+        new_dn3.add_base(self.ou2b_dn)
+        self.ldb_dc1.rename(self.ou3_dn, new_dn3)
+
+        ldb_res = self.ldb_dc1.search(base=new_dn3,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % username)
+        self.assertEqual(len(ldb_res), 1)
+
+        user_moved_orig = ldb_res[0]
+        user_moved_dn   = ldb_res[0]["dn"]
+
+        # trigger replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+        # check user info on DC2 - should be valid user
+        user_cur = self._check_obj(sam_ldb=self.ldb_dc2, obj_orig=user_moved_orig, is_deleted=False)
+
+        # Rename on DC1
+        new_dn = ldb.Dn(self.ldb_dc1, "CN=%s" % username)
+        new_dn.add_base(self.ou1_dn)
+        self.ldb_dc1.rename(user_moved_dn, new_dn)
+
+        # Modify description on DC2
+        msg = ldb.Message()
+        msg.dn = user_moved_dn
+        msg["description"] = ldb.MessageElement("User Description", ldb.FLAG_MOD_REPLACE, "description")
+        self.ldb_dc2.modify(msg)
+
+        ldb_res = self.ldb_dc1.search(base=self.ou1_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % username)
+        self.assertEqual(len(ldb_res), 1)
+
+        user_moved_orig = ldb_res[0]
+        user_moved_dn   = ldb_res[0]["dn"]
+
+        # trigger replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+        # check user info on DC2 - should be valid user
+        user_cur = self._check_obj(sam_ldb=self.ldb_dc2, obj_orig=user_moved_orig, is_deleted=False)
+        self.assertTrue("description" in user_cur)
+
+        # delete user on DC1
+        self.ldb_dc1.delete('<GUID=%s>' % self._GUID_string(user_orig["objectGUID"][0]))
+
+        # trigger replication from DC2 to DC1
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True)
+        # check user info on DC1 - should be deleted user
+        user_cur = self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=user_moved_orig, is_deleted=True)
+        self.assertFalse("description" in user_cur)
+
+        # trigger replication from DC1 to DC2, for cleanup
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+        # check user info on DC2 - should be deleted user
+        user_cur = self._check_obj(sam_ldb=self.ldb_dc2, obj_orig=user_moved_orig, is_deleted=True)
+        self.assertFalse("description" in user_cur)
+
+    def test_ReplicateMoveInTree3(self):
+        """Verifies how an object is replicated between two DCs.
+           This test should verify that:
+            - a complex OU tree can be replicated correctly
+            - the user is in the correct spot (renamed into) within the tree
+              on both DCs
+            - that a rename back works correctly, and is replicated
+           """
+        # work-out unique username to test with
+        username = self._make_username()
+
+        self.ldb_dc1.add(self.ou1)
+
+        # create user on DC1
+        self.ldb_dc1.newuser(username=username,
+                             userou="ou=%s,ou=%s"
+                             % (self.ou1_dn.get_component_value(0),
+                                self.top_ou.get_component_value(0)),
+                             password=None, setpassword=False)
+        ldb_res = self.ldb_dc1.search(base=self.ou1_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % username)
+        self.assertEqual(len(ldb_res), 1)
+        user_orig = ldb_res[0]
+        user_dn   = ldb_res[0]["dn"]
+
+        # check user info on DC1
+        print("Testing for %s with GUID %s" % (username, self._GUID_string(user_orig["objectGUID"][0])))
+        self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=user_orig, is_deleted=False)
+
+        self.ldb_dc1.add(self.ou2)
+        self.ldb_dc1.add(self.ou2b)
+        self.ldb_dc1.add(self.ou3)
+
+        new_dn = ldb.Dn(self.ldb_dc1, "CN=%s" % username)
+        new_dn.add_base(self.ou3_dn)
+        self.ldb_dc1.rename(user_dn, new_dn)
+
+        new_dn3 = ldb.Dn(self.ldb_dc1, "OU=%s" % self.ou3_dn.get_component_value(0))
+        new_dn3.add_base(self.ou2b_dn)
+        self.ldb_dc1.rename(self.ou3_dn, new_dn3)
+
+        ldb_res = self.ldb_dc1.search(base=new_dn3,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % username)
+        self.assertEqual(len(ldb_res), 1)
+
+        user_moved_orig = ldb_res[0]
+        user_moved_dn   = ldb_res[0]["dn"]
+
+        # trigger replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+        # check user info on DC2 - should be valid user
+        user_cur = self._check_obj(sam_ldb=self.ldb_dc2, obj_orig=user_moved_orig, is_deleted=False)
+
+        new_dn = ldb.Dn(self.ldb_dc1, "CN=%s" % username)
+        new_dn.add_base(self.ou2_dn)
+        self.ldb_dc1.rename(user_moved_dn, new_dn)
+
+        self.ldb_dc1.rename(self.ou2_dn, self.ou2c_dn)
+        self.ldb_dc1.rename(self.ou2b_dn, self.ou2_dn)
+        self.ldb_dc1.rename(self.ou2c_dn, self.ou2b_dn)
+
+        ldb_res = self.ldb_dc1.search(base=self.ou1_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % username,
+                                      attrs=["*", "parentGUID"])
+        self.assertEqual(len(ldb_res), 1)
+
+        user_moved_orig = ldb_res[0]
+        user_moved_dn   = ldb_res[0]["dn"]
+
+        # trigger replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+        # check user info on DC2 - should be valid user
+        user_cur = self._check_obj(sam_ldb=self.ldb_dc2, obj_orig=user_moved_orig, is_deleted=False)
+
+        self.assertEqual(user_cur["parentGUID"], user_moved_orig["parentGUID"])
+
+        # delete user on DC1
+        self.ldb_dc1.delete('<GUID=%s>' % self._GUID_string(user_orig["objectGUID"][0]))
+
+        # trigger replication from DC1 to DC2, for cleanup
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+
+    def test_ReplicateMoveInTree3b(self):
+        """Verifies how an object is replicated between two DCs.
+           This test should verify that:
+            - a complex OU tree can be replicated correctly
+            - the user is in the correct spot (renamed into) within the tree
+              on both DCs
+            - that a rename back works correctly, and is replicated
+            - that a complex rename suffle, combined with unrelated changes to the object,
+              is replicated correctly.  The aim here is the send the objects out-of-order
+              when sorted by usnChanged.
+            - confirm that the OU tree and (in particular the user DN) is identical between
+              the DCs once this has been replicated.
+        """
+        # work-out unique username to test with
+        username = self._make_username()
+
+        self.ldb_dc1.add(self.ou1)
+
+        # create user on DC1
+        self.ldb_dc1.newuser(username=username,
+                             userou="ou=%s,ou=%s"
+                             % (self.ou1_dn.get_component_value(0),
+                                self.top_ou.get_component_value(0)),
+                             password=None, setpassword=False)
+        ldb_res = self.ldb_dc1.search(base=self.ou1_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % username)
+        self.assertEqual(len(ldb_res), 1)
+        user_orig = ldb_res[0]
+        user_dn   = ldb_res[0]["dn"]
+
+        # check user info on DC1
+        print("Testing for %s with GUID %s" % (username, self._GUID_string(user_orig["objectGUID"][0])))
+        self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=user_orig, is_deleted=False)
+
+        self.ldb_dc1.add(self.ou2)
+        self.ldb_dc1.add(self.ou2b)
+        self.ldb_dc1.add(self.ou3)
+
+        new_dn = ldb.Dn(self.ldb_dc1, "CN=%s" % username)
+        new_dn.add_base(self.ou2_dn)
+        self.ldb_dc1.rename(user_dn, new_dn)
+
+        ldb_res = self.ldb_dc1.search(base=self.ou2_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % username)
+        self.assertEqual(len(ldb_res), 1)
+
+        user_moved_orig = ldb_res[0]
+
+        # trigger replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+        # check user info on DC2 - should be valid user
+        user_cur = self._check_obj(sam_ldb=self.ldb_dc2, obj_orig=user_moved_orig, is_deleted=False)
+
+        msg = ldb.Message()
+        msg.dn = new_dn
+        msg["description"] = ldb.MessageElement("User Description", ldb.FLAG_MOD_REPLACE, "description")
+        self.ldb_dc1.modify(msg)
+
+        # The sleep(1) calls here ensure that the name objects get a
+        # new 1-sec based timestamp, and so we select how the conflict
+        # resolution resolves.
+        self.ldb_dc1.rename(self.ou2_dn, self.ou2c_dn)
+        time.sleep(1)
+        self.ldb_dc1.rename(self.ou2b_dn, self.ou2_dn)
+        time.sleep(1)
+        self.ldb_dc1.rename(self.ou2c_dn, self.ou2b_dn)
+
+        new_dn = ldb.Dn(self.ldb_dc1, "CN=%s" % username)
+        new_dn.add_base(self.ou2_dn)
+        self.ldb_dc1.rename('<GUID=%s>' % self._GUID_string(user_orig["objectGUID"][0]), new_dn)
+
+        msg = ldb.Message()
+        msg.dn = self.ou2_dn
+        msg["description"] = ldb.MessageElement("OU2 Description", ldb.FLAG_MOD_REPLACE, "description")
+        self.ldb_dc1.modify(msg)
+
+        msg = ldb.Message()
+        msg.dn = self.ou2b_dn
+        msg["description"] = ldb.MessageElement("OU2b Description", ldb.FLAG_MOD_REPLACE, "description")
+        self.ldb_dc1.modify(msg)
+
+        ldb_res = self.ldb_dc1.search(base=self.ou2_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % username,
+                                      attrs=["*", "parentGUID"])
+        self.assertEqual(len(ldb_res), 1)
+
+        user_moved_orig = ldb_res[0]
+
+        # trigger replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+        # check user info on DC2 - should be valid user
+        user_cur = self._check_obj(sam_ldb=self.ldb_dc2, obj_orig=user_moved_orig, is_deleted=False)
+        self.assertEqual(user_cur["parentGUID"][0], user_moved_orig["parentGUID"][0])
+
+        # delete user on DC1
+        self.ldb_dc1.delete('<GUID=%s>' % self._GUID_string(user_orig["objectGUID"][0]))
+
+        # trigger replication from DC1 to DC2, for cleanup
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+
+    def test_ReplicateMoveInTree4(self):
+        """Verifies how an object is replicated between two DCs.
+           This test should verify that:
+            - an OU and user can be replicated correctly, even after a rename
+            - The creation and rename of the OU has been combined with unrelated changes to the object,
+              The aim here is the send the objects out-of-order when sorted by usnChanged.
+            - That is, the OU will be sorted by usnChanged after the user that is within that OU.
+            - That will cause the client to need to get the OU first, by use of the GET_ANC flag
+        """
+        # work-out unique username to test with
+        username = self._make_username()
+
+        self.ldb_dc1.add(self.ou1)
+
+        # create user on DC1
+        self.ldb_dc1.newuser(username=username,
+                             userou="ou=%s,ou=%s"
+                             % (self.ou1_dn.get_component_value(0),
+                                self.top_ou.get_component_value(0)),
+                             password=None, setpassword=False)
+        ldb_res = self.ldb_dc1.search(base=self.ou1_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % username)
+        self.assertEqual(len(ldb_res), 1)
+        user_orig = ldb_res[0]
+        user_dn   = ldb_res[0]["dn"]
+
+        # check user info on DC1
+        print("Testing for %s with GUID %s" % (username, self._GUID_string(user_orig["objectGUID"][0])))
+        self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=user_orig, is_deleted=False)
+
+        self.ldb_dc1.add(self.ou2)
+
+        new_dn = ldb.Dn(self.ldb_dc1, "CN=%s" % username)
+        new_dn.add_base(self.ou2_dn)
+        self.ldb_dc1.rename(user_dn, new_dn)
+
+        msg = ldb.Message()
+        msg.dn = self.ou2_dn
+        msg["description"] = ldb.MessageElement("OU2 Description", ldb.FLAG_MOD_REPLACE, "description")
+        self.ldb_dc1.modify(msg)
+
+        ldb_res = self.ldb_dc1.search(base=self.ou2_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % username)
+        self.assertEqual(len(ldb_res), 1)
+
+        user_moved_orig = ldb_res[0]
+
+        # trigger replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+        # check user info on DC2 - should be valid user
+        self._check_obj(sam_ldb=self.ldb_dc2, obj_orig=user_moved_orig, is_deleted=False)
+
+        # delete user on DC1
+        self.ldb_dc1.delete('<GUID=%s>' % self._GUID_string(user_orig["objectGUID"][0]))
+
+        # trigger replication from DC1 to DC2, for cleanup
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+
+    def test_ReplicateAddInOU(self):
+        """Verifies how an object is replicated between two DCs.
+           This test should verify that:
+            - an OU and user can be replicated correctly
+            - The creation of the OU has been combined with unrelated changes to the object,
+              The aim here is the send the objects out-of-order when sorted by usnChanged.
+            - That is, the OU will be sorted by usnChanged after the user that is within that OU.
+            - That will cause the client to need to get the OU first, by use of the GET_ANC flag
+        """
+        # work-out unique username to test with
+        username = self._make_username()
+
+        self.ldb_dc1.add(self.ou1)
+
+        # create user on DC1
+        self.ldb_dc1.newuser(username=username,
+                             userou="ou=%s,ou=%s"
+                             % (self.ou1_dn.get_component_value(0),
+                                self.top_ou.get_component_value(0)),
+                             password=None, setpassword=False)
+        ldb_res = self.ldb_dc1.search(base=self.ou1_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % username,
+                                      attrs=["*", "parentGUID"])
+        self.assertEqual(len(ldb_res), 1)
+        user_orig = ldb_res[0]
+
+        msg = ldb.Message()
+        msg.dn = self.ou1_dn
+        msg["description"] = ldb.MessageElement("OU1 Description", ldb.FLAG_MOD_REPLACE, "description")
+        self.ldb_dc1.modify(msg)
+
+        # trigger replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+        # check user info on DC2 - should be valid user
+        user_cur = self._check_obj(sam_ldb=self.ldb_dc2, obj_orig=user_orig, is_deleted=False)
+
+        self.assertEqual(user_cur["parentGUID"], user_orig["parentGUID"])
+
+        # delete user on DC1
+        self.ldb_dc1.delete('<GUID=%s>' % self._GUID_string(user_orig["objectGUID"][0]))
+
+        # trigger replication from DC1 to DC2, for cleanup
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+
+    def test_ReplicateAddInMovedOU(self):
+        """Verifies how an object is replicated between two DCs.
+           This test should verify that:
+            - an OU and user can be replicated correctly
+            - The creation of the OU has been combined with unrelated changes to the object,
+              The aim here is the send the objects out-of-order when sorted by usnChanged.
+            - That is, the OU will be sorted by usnChanged after the user that is within that OU.
+            - That will cause the client to need to get the OU first, by use of the GET_ANC flag
+        """
+        # work-out unique username to test with
+        username = self._make_username()
+
+        self.ldb_dc1.add(self.ou1)
+        self.ldb_dc1.add(self.ou2)
+
+        # create user on DC1
+        self.ldb_dc1.newuser(username=username,
+                             userou="ou=%s,ou=%s"
+                             % (self.ou1_dn.get_component_value(0),
+                                self.top_ou.get_component_value(0)),
+                             password=None, setpassword=False)
+        ldb_res = self.ldb_dc1.search(base=self.ou1_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % username,
+                                      attrs=["*", "parentGUID"])
+        self.assertEqual(len(ldb_res), 1)
+        user_orig = ldb_res[0]
+        user_dn   = ldb_res[0]["dn"]
+
+        new_dn = ldb.Dn(self.ldb_dc1, "CN=%s" % username)
+        new_dn.add_base(self.ou2_dn)
+        self.ldb_dc1.rename(user_dn, new_dn)
+
+        self.ldb_dc1.rename(self.ou2_dn, self.ou2b_dn)
+
+        ldb_res = self.ldb_dc1.search(base=self.ou1_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % username,
+                                      attrs=["*", "parentGUID"])
+        self.assertEqual(len(ldb_res), 1)
+        user_moved = ldb_res[0]
+
+        # trigger replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+        # check user info on DC2 - should be valid user
+        user_cur = self._check_obj(sam_ldb=self.ldb_dc2, obj_orig=user_moved, is_deleted=False)
+
+        self.assertEqual(user_cur["parentGUID"], user_moved["parentGUID"])
+
+        # delete user on DC1
+        self.ldb_dc1.delete('<GUID=%s>' % self._GUID_string(user_orig["objectGUID"][0]))
+
+        # trigger replication from DC1 to DC2, for cleanup
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+
+    def test_ReplicateAddInConflictOU_time(self):
+        """Verifies how an object is replicated between two DCs, when created in an ambiguous location
+           This test should verify that:
+            - Without replication, two conflicting objects can be created
+            - force the conflict resolution algorithm so we know which copy will win
+              (by sleeping while creating the objects, therefore increasing that timestamp on 'name')
+            - confirm that the user object, created on DC1, ends up in the right place on DC2
+            - therefore confirm that the conflict algorithm worked correctly, and that parentGUID was used.
+
+        """
+        # work-out unique username to test with
+        username = self._make_username()
+
+        self.ldb_dc1.add(self.ou1)
+
+        # create user on DC1
+        self.ldb_dc1.newuser(username=username,
+                             userou="ou=%s,ou=%s"
+                             % (self.ou1_dn.get_component_value(0),
+                                self.top_ou.get_component_value(0)),
+                             password=None, setpassword=False)
+        ldb_res = self.ldb_dc1.search(base=self.ou1_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % username,
+                                      attrs=["*", "parentGUID"])
+        self.assertEqual(len(ldb_res), 1)
+        user_orig = ldb_res[0]
+        user_dn   = ldb_res[0]["dn"]
+
+        # trigger replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+
+        # Now create two, conflicting objects.  This gives the user
+        # object something to be under on both DCs.
+
+        # We sleep between the two adds so that DC1 adds second, and
+        # so wins the conflict resolution due to a later creation time
+        # (modification timestamp on the name attribute).
+        self.ldb_dc2.add(self.ou2)
+        time.sleep(1)
+        self.ldb_dc1.add(self.ou2)
+
+        new_dn = ldb.Dn(self.ldb_dc1, "CN=%s" % username)
+        new_dn.add_base(self.ou2_dn)
+        self.ldb_dc1.rename(user_dn, new_dn)
+
+        # Now that we have renamed the user (and so bumped the
+        # usnChanged), bump the value on the OUs.
+        msg = ldb.Message()
+        msg.dn = self.ou2_dn
+        msg["description"] = ldb.MessageElement("OU2 Description", ldb.FLAG_MOD_REPLACE, "description")
+        self.ldb_dc1.modify(msg)
+
+        msg = ldb.Message()
+        msg.dn = self.ou2_dn
+        msg["description"] = ldb.MessageElement("OU2 Description", ldb.FLAG_MOD_REPLACE, "description")
+        self.ldb_dc2.modify(msg)
+
+        # trigger replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+        ldb_res = self.ldb_dc1.search(base=self.ou1_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % username,
+                                      attrs=["*", "parentGUID"])
+        self.assertEqual(len(ldb_res), 1)
+        user_moved = ldb_res[0]
+
+        # trigger replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+        # check user info on DC2 - should be under the OU2 from DC1
+        user_cur = self._check_obj(sam_ldb=self.ldb_dc2, obj_orig=user_moved, is_deleted=False)
+
+        self.assertEqual(user_cur["parentGUID"], user_moved["parentGUID"])
+
+        # delete user on DC1
+        self.ldb_dc1.delete('<GUID=%s>' % self._GUID_string(user_orig["objectGUID"][0]))
+
+        # trigger replication from DC1 to DC2, for cleanup
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+
+    def test_ReplicateAddInConflictOU2(self):
+        """Verifies how an object is replicated between two DCs, when created in an ambiguous location
+           This test should verify that:
+            - Without replication, two conflicting objects can be created
+            - force the conflict resolution algorithm so we know which copy will win
+              (by changing the description twice, therefore increasing that version count)
+            - confirm that the user object, created on DC1, ends up in the right place on DC2
+            - therefore confirm that the conflict algorithm worked correctly, and that parentGUID was used.
+        """
+        # work-out unique username to test with
+        username = self._make_username()
+
+        self.ldb_dc1.add(self.ou1)
+
+        # create user on DC1
+        self.ldb_dc1.newuser(username=username,
+                             userou="ou=%s,ou=%s"
+                             % (self.ou1_dn.get_component_value(0),
+                                self.top_ou.get_component_value(0)),
+                             password=None, setpassword=False)
+        ldb_res = self.ldb_dc1.search(base=self.ou1_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % username,
+                                      attrs=["*", "parentGUID"])
+        self.assertEqual(len(ldb_res), 1)
+        user_orig = ldb_res[0]
+        user_dn   = ldb_res[0]["dn"]
+
+        # trigger replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+
+        # Now create two, conflicting objects.  This gives the user
+        # object something to be under on both DCs.  We create it on
+        # DC1 1sec later so that it will win the conflict resolution.
+
+        self.ldb_dc2.add(self.ou2)
+        time.sleep(1)
+        self.ldb_dc1.add(self.ou2)
+
+        new_dn = ldb.Dn(self.ldb_dc1, "CN=%s" % username)
+        new_dn.add_base(self.ou2_dn)
+        self.ldb_dc1.rename(user_dn, new_dn)
+
+        # Now that we have renamed the user (and so bumped the
+        # usnChanged), bump the value on the OUs.
+        msg = ldb.Message()
+        msg.dn = self.ou2_dn
+        msg["description"] = ldb.MessageElement("OU2 Description", ldb.FLAG_MOD_REPLACE, "description")
+        self.ldb_dc1.modify(msg)
+
+        msg = ldb.Message()
+        msg.dn = self.ou2_dn
+        msg["description"] = ldb.MessageElement("OU2 Description", ldb.FLAG_MOD_REPLACE, "description")
+        self.ldb_dc2.modify(msg)
+
+        # trigger replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+        ldb_res = self.ldb_dc1.search(base=self.ou1_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % username,
+                                      attrs=["*", "parentGUID"])
+        self.assertEqual(len(ldb_res), 1)
+        user_moved = ldb_res[0]
+
+        # trigger replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+        # check user info on DC2 - should be under the OU2 from DC1
+        user_cur = self._check_obj(sam_ldb=self.ldb_dc2, obj_orig=user_moved, is_deleted=False)
+
+        self.assertEqual(user_cur["parentGUID"], user_moved["parentGUID"])
+
+        # delete user on DC1
+        self.ldb_dc1.delete('<GUID=%s>' % self._GUID_string(user_orig["objectGUID"][0]))
+
+        # trigger replication from DC1 to DC2, for cleanup
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
diff --git a/source4/torture/drs/python/repl_rodc.py b/source4/torture/drs/python/repl_rodc.py
new file mode 100644
index 0000000..ab3d6fa
--- /dev/null
+++ b/source4/torture/drs/python/repl_rodc.py
@@ -0,0 +1,735 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# Test replication scenarios involving an RODC
+#
+# Copyright (C) Catalyst.Net Ltd. 2017
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+#
+# Usage:
+#  export DC1=dc1_dns_name
+#  export DC2=dc1_dns_name [this is unused for the test, but it'll still try to connect]
+#  export SUBUNITRUN=$samba4srcdir/scripting/bin/subunitrun
+#  PYTHONPATH="$PYTHONPATH:$samba4srcdir/torture/drs/python" $SUBUNITRUN repl_rodc -U"$DOMAIN/$DC_USERNAME"%"$DC_PASSWORD"
+#
+
+import drs_base
+import samba.tests
+import ldb
+
+from samba import WERRORError
+from samba.join import DCJoinContext
+from samba.dcerpc import drsuapi, misc, drsblobs, security
+from samba.ndr import ndr_unpack, ndr_pack
+from samba.samdb import dsdb_Dn
+from samba.credentials import Credentials
+
+import random
+import time
+
+
+def drs_get_rodc_partial_attribute_set(samdb, samdb1, exceptions=None):
+    '''get a list of attributes for RODC replication'''
+    if exceptions is None:
+        exceptions = []
+
+    partial_attribute_set = drsuapi.DsPartialAttributeSet()
+    partial_attribute_set.version = 1
+
+    attids = []
+
+    # the exact list of attids we send is quite critical. Note that
+    # we do ask for the secret attributes, but set SPECIAL_SECRET_PROCESSING
+    # to zero them out
+    schema_dn = samdb.get_schema_basedn()
+    res = samdb.search(base=schema_dn, scope=ldb.SCOPE_SUBTREE,
+                       expression="objectClass=attributeSchema",
+                       attrs=["lDAPDisplayName", "systemFlags",
+                              "searchFlags"])
+
+    for r in res:
+        ldap_display_name = str(r["lDAPDisplayName"][0])
+        if "systemFlags" in r:
+            system_flags      = str(r["systemFlags"][0])
+            if (int(system_flags) & (samba.dsdb.DS_FLAG_ATTR_NOT_REPLICATED |
+                                     samba.dsdb.DS_FLAG_ATTR_IS_CONSTRUCTED)):
+                continue
+        if "searchFlags" in r:
+            search_flags = str(r["searchFlags"][0])
+            if (int(search_flags) & samba.dsdb.SEARCH_FLAG_RODC_ATTRIBUTE):
+                continue
+        try:
+            attid = samdb1.get_attid_from_lDAPDisplayName(ldap_display_name)
+            if attid not in exceptions:
+                attids.append(int(attid))
+        except:
+            pass
+
+    # the attids do need to be sorted, or windows doesn't return
+    # all the attributes we need
+    attids.sort()
+    partial_attribute_set.attids         = attids
+    partial_attribute_set.num_attids = len(attids)
+    return partial_attribute_set
+
+
+class DrsRodcTestCase(drs_base.DrsBaseTestCase):
+    """Intended as a semi-black box test case for replication involving
+       an RODC."""
+
+    def setUp(self):
+        super(DrsRodcTestCase, self).setUp()
+        self.base_dn = self.ldb_dc1.get_default_basedn()
+
+        self.ou = samba.tests.create_test_ou(self.ldb_dc1, "test_drs_rodc")
+        self.allowed_group = "CN=Allowed RODC Password Replication Group,CN=Users,%s" % self.base_dn
+
+        self.site = self.ldb_dc1.server_site_name()
+        self.rodc_name = "TESTRODCDRS%s" % random.randint(1, 10000000)
+        self.rodc_pass = "password12#"
+        self.computer_dn = "CN=%s,OU=Domain Controllers,%s" % (self.rodc_name, self.base_dn)
+
+        self.rodc_ctx = DCJoinContext(server=self.ldb_dc1.host_dns_name(),
+                                      creds=self.get_credentials(),
+                                      lp=self.get_loadparm(), site=self.site,
+                                      netbios_name=self.rodc_name,
+                                      targetdir=None, domain=None,
+                                      machinepass=self.rodc_pass)
+        self._create_rodc(self.rodc_ctx)
+        self.rodc_ctx.create_tmp_samdb()
+        self.tmp_samdb = self.rodc_ctx.tmp_samdb
+
+        rodc_creds = Credentials()
+        rodc_creds.guess(self.rodc_ctx.lp)
+        rodc_creds.set_username(self.rodc_name + '$')
+        rodc_creds.set_password(self.rodc_pass)
+        self.rodc_creds = rodc_creds
+
+        (self.drs, self.drs_handle) = self._ds_bind(self.dnsname_dc1)
+        (self.rodc_drs, self.rodc_drs_handle) = self._ds_bind(self.dnsname_dc1, rodc_creds)
+
+    def tearDown(self):
+        self.rodc_ctx.cleanup_old_join()
+        super(DrsRodcTestCase, self).tearDown()
+
+    def test_admin_repl_secrets(self):
+        """
+        When a secret attribute is set to be replicated to an RODC with the
+        admin credentials, it should always replicate regardless of whether
+        or not it's in the Allowed RODC Password Replication Group.
+        """
+        rand = random.randint(1, 10000000)
+        expected_user_attributes = [drsuapi.DRSUAPI_ATTID_lmPwdHistory,
+                                    drsuapi.DRSUAPI_ATTID_supplementalCredentials,
+                                    drsuapi.DRSUAPI_ATTID_ntPwdHistory,
+                                    drsuapi.DRSUAPI_ATTID_unicodePwd,
+                                    drsuapi.DRSUAPI_ATTID_dBCSPwd]
+
+        user_name = "test_rodcA_%s" % rand
+        user_dn = "CN=%s,%s" % (user_name, self.ou)
+        self.ldb_dc1.add({
+            "dn": user_dn,
+            "objectclass": "user",
+            "sAMAccountName": user_name
+        })
+
+        # Store some secret on this user
+        self.ldb_dc1.setpassword("(sAMAccountName=%s)" % user_name, 'penguin12#', False, user_name)
+
+        req10 = self._getnc_req10(dest_dsa=str(self.rodc_ctx.ntds_guid),
+                                  invocation_id=self.ldb_dc1.get_invocation_id(),
+                                  nc_dn_str=user_dn,
+                                  exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET,
+                                  partial_attribute_set=drs_get_rodc_partial_attribute_set(self.ldb_dc1, self.tmp_samdb),
+                                  max_objects=133,
+                                  replica_flags=0)
+        (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, 10, req10)
+
+        # Check that the user has been added to msDSRevealedUsers
+        self._assert_in_revealed_users(user_dn, expected_user_attributes)
+
+    def test_admin_repl_secrets_DummyDN_GUID(self):
+        """
+        When a secret attribute is set to be replicated to an RODC with the
+        admin credentials, it should always replicate regardless of whether
+        or not it's in the Allowed RODC Password Replication Group.
+        """
+        rand = random.randint(1, 10000000)
+        expected_user_attributes = [drsuapi.DRSUAPI_ATTID_lmPwdHistory,
+                                    drsuapi.DRSUAPI_ATTID_supplementalCredentials,
+                                    drsuapi.DRSUAPI_ATTID_ntPwdHistory,
+                                    drsuapi.DRSUAPI_ATTID_unicodePwd,
+                                    drsuapi.DRSUAPI_ATTID_dBCSPwd]
+
+        user_name = "test_rodcA_%s" % rand
+        user_dn = "CN=%s,%s" % (user_name, self.ou)
+        self.ldb_dc1.add({
+            "dn": user_dn,
+            "objectclass": "user",
+            "sAMAccountName": user_name
+        })
+
+        res = self.ldb_dc1.search(base=user_dn, scope=ldb.SCOPE_BASE,
+                                  attrs=["objectGUID"])
+
+        user_guid = misc.GUID(res[0]["objectGUID"][0])
+
+        # Store some secret on this user
+        self.ldb_dc1.setpassword("(sAMAccountName=%s)" % user_name, 'penguin12#', False, user_name)
+
+        req10 = self._getnc_req10(dest_dsa=str(self.rodc_ctx.ntds_guid),
+                                  invocation_id=self.ldb_dc1.get_invocation_id(),
+                                  nc_dn_str="DummyDN",
+                                  nc_guid=user_guid,
+                                  exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET,
+                                  partial_attribute_set=drs_get_rodc_partial_attribute_set(self.ldb_dc1, self.tmp_samdb),
+                                  max_objects=133,
+                                  replica_flags=0)
+        try:
+            (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, 10, req10)
+        except WERRORError as e1:
+            (enum, estr) = e1.args
+            self.fail(f"DsGetNCChanges failed with {estr}")
+
+        # Check that the user has been added to msDSRevealedUsers
+        self._assert_in_revealed_users(user_dn, expected_user_attributes)
+
+    def test_rodc_repl_secrets(self):
+        """
+        When a secret attribute is set to be replicated to an RODC with
+        the RODC account credentials, it should not replicate if it's in
+        the Allowed RODC Password Replication Group. Once it is added to
+        the group, it should replicate.
+        """
+        rand = random.randint(1, 10000000)
+        expected_user_attributes = [drsuapi.DRSUAPI_ATTID_lmPwdHistory,
+                                    drsuapi.DRSUAPI_ATTID_supplementalCredentials,
+                                    drsuapi.DRSUAPI_ATTID_ntPwdHistory,
+                                    drsuapi.DRSUAPI_ATTID_unicodePwd,
+                                    drsuapi.DRSUAPI_ATTID_dBCSPwd]
+
+        user_name = "test_rodcB_%s" % rand
+        user_dn = "CN=%s,%s" % (user_name, self.ou)
+        self.ldb_dc1.add({
+            "dn": user_dn,
+            "objectclass": "user",
+            "sAMAccountName": user_name
+        })
+
+        # Store some secret on this user
+        self.ldb_dc1.setpassword("(sAMAccountName=%s)" % user_name, 'penguin12#', False, user_name)
+
+        req10 = self._getnc_req10(dest_dsa=str(self.rodc_ctx.ntds_guid),
+                                  invocation_id=self.ldb_dc1.get_invocation_id(),
+                                  nc_dn_str=user_dn,
+                                  exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET,
+                                  partial_attribute_set=drs_get_rodc_partial_attribute_set(self.ldb_dc1, self.tmp_samdb),
+                                  max_objects=133,
+                                  replica_flags=0)
+
+        try:
+            (level, ctr) = self.rodc_drs.DsGetNCChanges(self.rodc_drs_handle, 10, req10)
+            self.fail("Successfully replicated secrets to an RODC that shouldn't have been replicated.")
+        except WERRORError as e:
+            (enum, estr) = e.args
+            self.assertEqual(enum, 8630)  # ERROR_DS_DRA_SECRETS_DENIED
+
+        # send the same request again and we should get the same response
+        try:
+            (level, ctr) = self.rodc_drs.DsGetNCChanges(self.rodc_drs_handle, 10, req10)
+            self.fail("Successfully replicated secrets to an RODC that shouldn't have been replicated.")
+        except WERRORError as e1:
+            (enum, estr) = e1.args
+            self.assertEqual(enum, 8630)  # ERROR_DS_DRA_SECRETS_DENIED
+
+        # Retry with Administrator credentials, ignores password replication groups
+        (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, 10, req10)
+
+        # Check that the user has been added to msDSRevealedUsers
+        self._assert_in_revealed_users(user_dn, expected_user_attributes)
+
+    def test_rodc_repl_secrets_follow_on_req(self):
+        """
+        Checks that an RODC can't subvert an existing (valid) GetNCChanges
+        request to reveal secrets it shouldn't have access to.
+        """
+
+        # send an acceptable request that will match as many GUIDs as possible.
+        # Here we set the SPECIAL_SECRET_PROCESSING flag so that the request gets accepted.
+        # (On the server, this builds up the getnc_state->guids array)
+        req8 = self._exop_req8(dest_dsa=str(self.rodc_ctx.ntds_guid),
+                               invocation_id=self.ldb_dc1.get_invocation_id(),
+                               nc_dn_str=self.ldb_dc1.domain_dn(),
+                               exop=drsuapi.DRSUAPI_EXOP_NONE,
+                               max_objects=1,
+                               replica_flags=drsuapi.DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING)
+        (level, ctr) = self.rodc_drs.DsGetNCChanges(self.rodc_drs_handle, 8, req8)
+
+        # Get the next replication chunk, but set REPL_SECRET this time. This
+        # is following on the the previous accepted request, but we've changed
+        # exop to now request secrets. This request should fail
+        try:
+            req8 = self._exop_req8(dest_dsa=str(self.rodc_ctx.ntds_guid),
+                                   invocation_id=self.ldb_dc1.get_invocation_id(),
+                                   nc_dn_str=self.ldb_dc1.domain_dn(),
+                                   exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET)
+            req8.highwatermark = ctr.new_highwatermark
+
+            (level, ctr) = self.rodc_drs.DsGetNCChanges(self.rodc_drs_handle, 8, req8)
+
+            self.fail("Successfully replicated secrets to an RODC that shouldn't have been replicated.")
+        except RuntimeError as e2:
+            (enum, estr) = e2.args
+            pass
+
+    def test_msDSRevealedUsers_admin(self):
+        """
+        When a secret attribute is to be replicated to an RODC, the contents
+        of the attribute should be added to the msDSRevealedUsers attribute
+        of the computer object corresponding to the RODC.
+        """
+
+        rand = random.randint(1, 10000000)
+        expected_user_attributes = [drsuapi.DRSUAPI_ATTID_lmPwdHistory,
+                                    drsuapi.DRSUAPI_ATTID_supplementalCredentials,
+                                    drsuapi.DRSUAPI_ATTID_ntPwdHistory,
+                                    drsuapi.DRSUAPI_ATTID_unicodePwd,
+                                    drsuapi.DRSUAPI_ATTID_dBCSPwd]
+
+        # Add a user on DC1, add it to allowed password replication
+        # group, and replicate to RODC with EXOP_REPL_SECRETS
+        user_name = "test_rodcC_%s" % rand
+        password = "password12#"
+        user_dn = "CN=%s,%s" % (user_name, self.ou)
+        self.ldb_dc1.add({
+            "dn": user_dn,
+            "objectclass": "user",
+            "sAMAccountName": user_name
+        })
+
+        # Store some secret on this user
+        self.ldb_dc1.setpassword("(sAMAccountName=%s)" % user_name, password, False, user_name)
+
+        self.ldb_dc1.add_remove_group_members("Allowed RODC Password Replication Group",
+                                              [user_name],
+                                              add_members_operation=True)
+
+        req10 = self._getnc_req10(dest_dsa=str(self.rodc_ctx.ntds_guid),
+                                  invocation_id=self.ldb_dc1.get_invocation_id(),
+                                  nc_dn_str=user_dn,
+                                  exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET,
+                                  partial_attribute_set=drs_get_rodc_partial_attribute_set(self.ldb_dc1, self.tmp_samdb),
+                                  max_objects=133,
+                                  replica_flags=0)
+        (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, 10, req10)
+
+        # Check that the user has been added to msDSRevealedUsers
+        (packed_attrs_1, unpacked_attrs_1) = self._assert_in_revealed_users(user_dn, expected_user_attributes)
+
+        # Change the user's password on DC1
+        self.ldb_dc1.setpassword("(sAMAccountName=%s)" % user_name, password + "1", False, user_name)
+
+        (packed_attrs_2, unpacked_attrs_2) = self._assert_in_revealed_users(user_dn, expected_user_attributes)
+        self._assert_attrlist_equals(unpacked_attrs_1, unpacked_attrs_2)
+
+        # Replicate to RODC again with EXOP_REPL_SECRETS
+        req10 = self._getnc_req10(dest_dsa=str(self.rodc_ctx.ntds_guid),
+                                  invocation_id=self.ldb_dc1.get_invocation_id(),
+                                  nc_dn_str=user_dn,
+                                  exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET,
+                                  partial_attribute_set=drs_get_rodc_partial_attribute_set(self.ldb_dc1, self.tmp_samdb),
+                                  max_objects=133,
+                                  replica_flags=0)
+        (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, 10, req10)
+
+        # This is important for Windows, because the entry won't have been
+        # updated in time if we don't have it. Even with this sleep, it only
+        # passes some of the time...
+        time.sleep(5)
+
+        # Check that the entry in msDSRevealedUsers has been updated
+        (packed_attrs_3, unpacked_attrs_3) = self._assert_in_revealed_users(user_dn, expected_user_attributes)
+        self._assert_attrlist_changed(unpacked_attrs_2, unpacked_attrs_3, expected_user_attributes)
+
+        # We should be able to delete the user
+        self.ldb_dc1.deleteuser(user_name)
+
+        res = self.ldb_dc1.search(scope=ldb.SCOPE_BASE, base=self.computer_dn,
+                                  attrs=["msDS-RevealedUsers"])
+        self.assertFalse("msDS-RevealedUsers" in res[0])
+
+    def test_msDSRevealedUsers(self):
+        """
+        When a secret attribute is to be replicated to an RODC, the contents
+        of the attribute should be added to the msDSRevealedUsers attribute
+        of the computer object corresponding to the RODC.
+        """
+
+        rand = random.randint(1, 10000000)
+        expected_user_attributes = [drsuapi.DRSUAPI_ATTID_lmPwdHistory,
+                                    drsuapi.DRSUAPI_ATTID_supplementalCredentials,
+                                    drsuapi.DRSUAPI_ATTID_ntPwdHistory,
+                                    drsuapi.DRSUAPI_ATTID_unicodePwd,
+                                    drsuapi.DRSUAPI_ATTID_dBCSPwd]
+
+        # Add a user on DC1, add it to allowed password replication
+        # group, and replicate to RODC with EXOP_REPL_SECRETS
+        user_name = "test_rodcD_%s" % rand
+        password = "password12#"
+        user_dn = "CN=%s,%s" % (user_name, self.ou)
+        self.ldb_dc1.add({
+            "dn": user_dn,
+            "objectclass": "user",
+            "sAMAccountName": user_name
+        })
+
+        # Store some secret on this user
+        self.ldb_dc1.setpassword("(sAMAccountName=%s)" % user_name, password, False, user_name)
+
+        self.ldb_dc1.add_remove_group_members("Allowed RODC Password Replication Group",
+                                              [user_name],
+                                              add_members_operation=True)
+
+        req10 = self._getnc_req10(dest_dsa=str(self.rodc_ctx.ntds_guid),
+                                  invocation_id=self.ldb_dc1.get_invocation_id(),
+                                  nc_dn_str=user_dn,
+                                  exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET,
+                                  partial_attribute_set=drs_get_rodc_partial_attribute_set(self.ldb_dc1, self.tmp_samdb),
+                                  max_objects=133,
+                                  replica_flags=0)
+        (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, 10, req10)
+
+        # Check that the user has been added to msDSRevealedUsers
+        (packed_attrs_1, unpacked_attrs_1) = self._assert_in_revealed_users(user_dn, expected_user_attributes)
+
+        # Change the user's password on DC1
+        self.ldb_dc1.setpassword("(sAMAccountName=%s)" % user_name, password + "1", False, user_name)
+
+        (packed_attrs_2, unpacked_attrs_2) = self._assert_in_revealed_users(user_dn, expected_user_attributes)
+        self._assert_attrlist_equals(unpacked_attrs_1, unpacked_attrs_2)
+
+        # Replicate to RODC again with EXOP_REPL_SECRETS
+        req10 = self._getnc_req10(dest_dsa=str(self.rodc_ctx.ntds_guid),
+                                  invocation_id=self.ldb_dc1.get_invocation_id(),
+                                  nc_dn_str=user_dn,
+                                  exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET,
+                                  partial_attribute_set=drs_get_rodc_partial_attribute_set(self.ldb_dc1, self.tmp_samdb),
+                                  max_objects=133,
+                                  replica_flags=0)
+        (level, ctr) = self.rodc_drs.DsGetNCChanges(self.rodc_drs_handle, 10, req10)
+
+        # This is important for Windows, because the entry won't have been
+        # updated in time if we don't have it. Even with this sleep, it only
+        # passes some of the time...
+        time.sleep(5)
+
+        # Check that the entry in msDSRevealedUsers has been updated
+        (packed_attrs_3, unpacked_attrs_3) = self._assert_in_revealed_users(user_dn, expected_user_attributes)
+        self._assert_attrlist_changed(unpacked_attrs_2, unpacked_attrs_3, expected_user_attributes)
+
+        # We should be able to delete the user
+        self.ldb_dc1.deleteuser(user_name)
+
+        res = self.ldb_dc1.search(scope=ldb.SCOPE_BASE, base=self.computer_dn,
+                                  attrs=["msDS-RevealedUsers"])
+        self.assertFalse("msDS-RevealedUsers" in res[0])
+
+    def test_msDSRevealedUsers_pas(self):
+        """
+        If we provide a Partial Attribute Set when replicating to an RODC,
+        we should ignore it and replicate all of the secret attributes anyway
+        msDSRevealedUsers attribute.
+        """
+        rand = random.randint(1, 10000000)
+        expected_user_attributes = [drsuapi.DRSUAPI_ATTID_lmPwdHistory,
+                                    drsuapi.DRSUAPI_ATTID_supplementalCredentials,
+                                    drsuapi.DRSUAPI_ATTID_ntPwdHistory,
+                                    drsuapi.DRSUAPI_ATTID_unicodePwd,
+                                    drsuapi.DRSUAPI_ATTID_dBCSPwd]
+        pas_exceptions = [drsuapi.DRSUAPI_ATTID_lmPwdHistory,
+                          drsuapi.DRSUAPI_ATTID_supplementalCredentials,
+                          drsuapi.DRSUAPI_ATTID_ntPwdHistory,
+                          drsuapi.DRSUAPI_ATTID_dBCSPwd]
+
+        # Add a user on DC1, add it to allowed password replication
+        # group, and replicate to RODC with EXOP_REPL_SECRETS
+        user_name = "test_rodcE_%s" % rand
+        password = "password12#"
+        user_dn = "CN=%s,%s" % (user_name, self.ou)
+        self.ldb_dc1.add({
+            "dn": user_dn,
+            "objectclass": "user",
+            "sAMAccountName": user_name
+        })
+
+        # Store some secret on this user
+        self.ldb_dc1.setpassword("(sAMAccountName=%s)" % user_name, password, False, user_name)
+
+        self.ldb_dc1.add_remove_group_members("Allowed RODC Password Replication Group",
+                                              [user_name],
+                                              add_members_operation=True)
+
+        pas = drs_get_rodc_partial_attribute_set(self.ldb_dc1, self.tmp_samdb, exceptions=pas_exceptions)
+        req10 = self._getnc_req10(dest_dsa=str(self.rodc_ctx.ntds_guid),
+                                  invocation_id=self.ldb_dc1.get_invocation_id(),
+                                  nc_dn_str=user_dn,
+                                  exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET,
+                                  partial_attribute_set=pas,
+                                  max_objects=133,
+                                  replica_flags=0)
+        (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, 10, req10)
+
+        # Make sure that we still replicate the secrets
+        for attribute in ctr.first_object.object.attribute_ctr.attributes:
+            if attribute.attid in pas_exceptions:
+                pas_exceptions.remove(attribute.attid)
+        for attribute in pas_exceptions:
+            self.fail("%d was not replicated even though the partial attribute set should be ignored."
+                      % attribute)
+
+        # Check that the user has been added to msDSRevealedUsers
+        (packed_attrs_1, unpacked_attrs_1) = self._assert_in_revealed_users(user_dn, expected_user_attributes)
+
+    def test_msDSRevealedUsers_using_other_RODC(self):
+        """
+        Ensure that the machine account is tied to the destination DSA.
+        """
+        # Create a new identical RODC with just the first letter missing
+        other_rodc_name = self.rodc_name[1:]
+        other_rodc_ctx = DCJoinContext(server=self.ldb_dc1.host_dns_name(),
+                                       creds=self.get_credentials(),
+                                       lp=self.get_loadparm(), site=self.site,
+                                       netbios_name=other_rodc_name,
+                                       targetdir=None, domain=None,
+                                       machinepass=self.rodc_pass)
+        self._create_rodc(other_rodc_ctx)
+
+        other_rodc_creds = Credentials()
+        other_rodc_creds.guess(other_rodc_ctx.lp)
+        other_rodc_creds.set_username(other_rodc_name + '$')
+        other_rodc_creds.set_password(self.rodc_pass)
+
+        (other_rodc_drs, other_rodc_drs_handle) = self._ds_bind(self.dnsname_dc1, other_rodc_creds)
+
+        rand = random.randint(1, 10000000)
+
+        user_name = "test_rodcF_%s" % rand
+        user_dn = "CN=%s,%s" % (user_name, self.ou)
+        self.ldb_dc1.add({
+            "dn": user_dn,
+            "objectclass": "user",
+            "sAMAccountName": user_name
+        })
+
+        # Store some secret on this user
+        self.ldb_dc1.setpassword("(sAMAccountName=%s)" % user_name, 'penguin12#', False, user_name)
+        self.ldb_dc1.add_remove_group_members("Allowed RODC Password Replication Group",
+                                              [user_name],
+                                              add_members_operation=True)
+
+        req10 = self._getnc_req10(dest_dsa=str(other_rodc_ctx.ntds_guid),
+                                  invocation_id=self.ldb_dc1.get_invocation_id(),
+                                  nc_dn_str=user_dn,
+                                  exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET,
+                                  partial_attribute_set=drs_get_rodc_partial_attribute_set(self.ldb_dc1, self.tmp_samdb),
+                                  max_objects=133,
+                                  replica_flags=0)
+
+        try:
+            (level, ctr) = self.rodc_drs.DsGetNCChanges(self.rodc_drs_handle, 10, req10)
+            self.fail("Successfully replicated secrets to an RODC that shouldn't have been replicated.")
+        except WERRORError as e3:
+            (enum, estr) = e3.args
+            self.assertEqual(enum, 8630)  # ERROR_DS_DRA_SECRETS_DENIED
+
+        req10 = self._getnc_req10(dest_dsa=str(self.rodc_ctx.ntds_guid),
+                                  invocation_id=self.ldb_dc1.get_invocation_id(),
+                                  nc_dn_str=user_dn,
+                                  exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET,
+                                  partial_attribute_set=drs_get_rodc_partial_attribute_set(self.ldb_dc1, self.tmp_samdb),
+                                  max_objects=133,
+                                  replica_flags=0)
+
+        try:
+            (level, ctr) = other_rodc_drs.DsGetNCChanges(other_rodc_drs_handle, 10, req10)
+            self.fail("Successfully replicated secrets to an RODC that shouldn't have been replicated.")
+        except WERRORError as e4:
+            (enum, estr) = e4.args
+            self.assertEqual(enum, 8630)  # ERROR_DS_DRA_SECRETS_DENIED
+
+    def test_msDSRevealedUsers_local_deny_allow(self):
+        """
+        Ensure that the deny trumps allow, and we can modify these
+        attributes directly instead of the global groups.
+
+        This may fail on Windows due to tokenGroup calculation caching.
+        """
+        rand = random.randint(1, 10000000)
+        expected_user_attributes = [drsuapi.DRSUAPI_ATTID_lmPwdHistory,
+                                    drsuapi.DRSUAPI_ATTID_supplementalCredentials,
+                                    drsuapi.DRSUAPI_ATTID_ntPwdHistory,
+                                    drsuapi.DRSUAPI_ATTID_unicodePwd,
+                                    drsuapi.DRSUAPI_ATTID_dBCSPwd]
+
+        # Add a user on DC1, add it to allowed password replication
+        # group, and replicate to RODC with EXOP_REPL_SECRETS
+        user_name = "test_rodcF_%s" % rand
+        password = "password12#"
+        user_dn = "CN=%s,%s" % (user_name, self.ou)
+        self.ldb_dc1.add({
+            "dn": user_dn,
+            "objectclass": "user",
+            "sAMAccountName": user_name
+        })
+
+        # Store some secret on this user
+        self.ldb_dc1.setpassword("(sAMAccountName=%s)" % user_name, password, False, user_name)
+
+        req10 = self._getnc_req10(dest_dsa=str(self.rodc_ctx.ntds_guid),
+                                  invocation_id=self.ldb_dc1.get_invocation_id(),
+                                  nc_dn_str=user_dn,
+                                  exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET,
+                                  partial_attribute_set=drs_get_rodc_partial_attribute_set(self.ldb_dc1, self.tmp_samdb),
+                                  max_objects=133,
+                                  replica_flags=0)
+
+        m = ldb.Message()
+        m.dn = ldb.Dn(self.ldb_dc1, self.computer_dn)
+
+        m["msDS-RevealOnDemandGroup"] = \
+            ldb.MessageElement(user_dn, ldb.FLAG_MOD_ADD,
+                               "msDS-RevealOnDemandGroup")
+        self.ldb_dc1.modify(m)
+
+        # In local allow, should be success
+        try:
+            (level, ctr) = self.rodc_drs.DsGetNCChanges(self.rodc_drs_handle, 10, req10)
+        except:
+            self.fail("Should have succeeded when in local allow group")
+
+        self._assert_in_revealed_users(user_dn, expected_user_attributes)
+
+        (self.rodc_drs, self.rodc_drs_handle) = self._ds_bind(self.dnsname_dc1, self.rodc_creds)
+
+        m = ldb.Message()
+        m.dn = ldb.Dn(self.ldb_dc1, self.computer_dn)
+
+        m["msDS-NeverRevealGroup"] = \
+            ldb.MessageElement(user_dn, ldb.FLAG_MOD_ADD,
+                               "msDS-NeverRevealGroup")
+        self.ldb_dc1.modify(m)
+
+        # In local allow and deny, should be failure
+        try:
+            (level, ctr) = self.rodc_drs.DsGetNCChanges(self.rodc_drs_handle, 10, req10)
+            self.fail("Successfully replicated secrets to an RODC that shouldn't have been replicated.")
+        except WERRORError as e5:
+            (enum, estr) = e5.args
+            self.assertEqual(enum, 8630)  # ERROR_DS_DRA_SECRETS_DENIED
+
+        m = ldb.Message()
+        m.dn = ldb.Dn(self.ldb_dc1, self.computer_dn)
+
+        m["msDS-RevealOnDemandGroup"] = \
+            ldb.MessageElement(user_dn, ldb.FLAG_MOD_DELETE,
+                               "msDS-RevealOnDemandGroup")
+        self.ldb_dc1.modify(m)
+
+        # In local deny, should be failure
+        (self.rodc_drs, self.rodc_drs_handle) = self._ds_bind(self.dnsname_dc1, self.rodc_creds)
+        try:
+            (level, ctr) = self.rodc_drs.DsGetNCChanges(self.rodc_drs_handle, 10, req10)
+            self.fail("Successfully replicated secrets to an RODC that shouldn't have been replicated.")
+        except WERRORError as e6:
+            (enum, estr) = e6.args
+            self.assertEqual(enum, 8630)  # ERROR_DS_DRA_SECRETS_DENIED
+
+    def _assert_in_revealed_users(self, user_dn, attrlist):
+        res = self.ldb_dc1.search(scope=ldb.SCOPE_BASE, base=self.computer_dn,
+                                  attrs=["msDS-RevealedUsers"])
+        revealed_users = res[0]["msDS-RevealedUsers"]
+        actual_attrids = []
+        packed_attrs = []
+        unpacked_attrs = []
+        for attribute in revealed_users:
+            attribute = attribute.decode('utf8')
+            dsdb_dn = dsdb_Dn(self.ldb_dc1, attribute)
+            metadata = ndr_unpack(drsblobs.replPropertyMetaData1, dsdb_dn.get_bytes())
+            if user_dn in attribute:
+                unpacked_attrs.append(metadata)
+                packed_attrs.append(dsdb_dn.get_bytes())
+                actual_attrids.append(metadata.attid)
+
+        self.assertEqual(sorted(actual_attrids), sorted(attrlist))
+
+        return (packed_attrs, unpacked_attrs)
+
+    def _assert_attrlist_equals(self, list_1, list_2):
+        return self._assert_attrlist_changed(list_1, list_2, [], num_changes=0, expected_new_usn=False)
+
+    def _assert_attrlist_changed(self, list_1, list_2, changed_attributes, num_changes=1, expected_new_usn=True):
+        for i in range(len(list_2)):
+            self.assertEqual(list_1[i].attid, list_2[i].attid)
+            self.assertEqual(list_1[i].originating_invocation_id, list_2[i].originating_invocation_id)
+            self.assertEqual(list_1[i].version + num_changes, list_2[i].version)
+
+            if expected_new_usn:
+                self.assertTrue(list_1[i].originating_usn < list_2[i].originating_usn)
+                self.assertTrue(list_1[i].local_usn < list_2[i].local_usn)
+            else:
+                self.assertEqual(list_1[i].originating_usn, list_2[i].originating_usn)
+                self.assertEqual(list_1[i].local_usn, list_2[i].local_usn)
+
+            if list_1[i].attid in changed_attributes:
+                # We do the changes too quickly, so unless we put sleeps
+                # in between calls, these remain the same. Checking the USNs
+                # is enough.
+                pass
+                #self.assertTrue(list_1[i].originating_change_time < list_2[i].originating_change_time)
+            else:
+                self.assertEqual(list_1[i].originating_change_time, list_2[i].originating_change_time)
+
+    def _create_rodc(self, ctx):
+        ctx.nc_list = [ctx.base_dn, ctx.config_dn, ctx.schema_dn]
+        ctx.full_nc_list = [ctx.base_dn, ctx.config_dn, ctx.schema_dn]
+        ctx.krbtgt_dn = "CN=krbtgt_%s,CN=Users,%s" % (ctx.myname, ctx.base_dn)
+
+        ctx.never_reveal_sid = ["<SID=%s-%s>" % (ctx.domsid, security.DOMAIN_RID_RODC_DENY),
+                                "<SID=%s>" % security.SID_BUILTIN_ADMINISTRATORS,
+                                "<SID=%s>" % security.SID_BUILTIN_SERVER_OPERATORS,
+                                "<SID=%s>" % security.SID_BUILTIN_BACKUP_OPERATORS,
+                                "<SID=%s>" % security.SID_BUILTIN_ACCOUNT_OPERATORS]
+        ctx.reveal_sid = "<SID=%s-%s>" % (ctx.domsid, security.DOMAIN_RID_RODC_ALLOW)
+
+        mysid = ctx.get_mysid()
+        admin_dn = "<SID=%s>" % mysid
+        ctx.managedby = admin_dn
+
+        ctx.userAccountControl = (samba.dsdb.UF_WORKSTATION_TRUST_ACCOUNT |
+                                  samba.dsdb.UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION |
+                                  samba.dsdb.UF_PARTIAL_SECRETS_ACCOUNT)
+
+        ctx.connection_dn = "CN=RODC Connection (FRS),%s" % ctx.ntds_dn
+        ctx.secure_channel_type = misc.SEC_CHAN_RODC
+        ctx.RODC = True
+        ctx.replica_flags = (drsuapi.DRSUAPI_DRS_INIT_SYNC |
+                             drsuapi.DRSUAPI_DRS_PER_SYNC |
+                             drsuapi.DRSUAPI_DRS_GET_ANC |
+                             drsuapi.DRSUAPI_DRS_NEVER_SYNCED |
+                             drsuapi.DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING)
+
+        ctx.join_add_objects()
diff --git a/source4/torture/drs/python/repl_schema.py b/source4/torture/drs/python/repl_schema.py
new file mode 100644
index 0000000..9c039a5
--- /dev/null
+++ b/source4/torture/drs/python/repl_schema.py
@@ -0,0 +1,444 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# Tests various schema replication scenarios
+#
+# Copyright (C) Kamen Mazdrashki <kamenim@samba.org> 2010
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+#
+# Usage:
+#  export DC1=dc1_dns_name
+#  export DC2=dc2_dns_name
+#  export SUBUNITRUN=$samba4srcdir/scripting/bin/subunitrun
+#  PYTHONPATH="$PYTHONPATH:$samba4srcdir/torture/drs/python" $SUBUNITRUN repl_schema -U"$DOMAIN/$DC_USERNAME"%"$DC_PASSWORD"
+#
+
+import time
+import random
+import ldb
+import drs_base
+
+from ldb import (
+    ERR_NO_SUCH_OBJECT,
+    LdbError,
+    SCOPE_BASE,
+    Message,
+    FLAG_MOD_ADD,
+    FLAG_MOD_REPLACE
+)
+from samba.dcerpc import drsuapi, misc
+from samba.drs_utils import drs_DsBind
+from samba import dsdb
+
+
+class DrsReplSchemaTestCase(drs_base.DrsBaseTestCase):
+
+    # prefix for all objects created
+    obj_prefix = None
+    # current Class or Attribute object id
+    obj_id = 0
+
+    def _exop_req8(self, dest_dsa, invocation_id, nc_dn_str, exop,
+                   replica_flags=0, max_objects=0):
+        req8 = drsuapi.DsGetNCChangesRequest8()
+
+        req8.destination_dsa_guid = misc.GUID(dest_dsa) if dest_dsa else misc.GUID()
+        req8.source_dsa_invocation_id = misc.GUID(invocation_id)
+        req8.naming_context = drsuapi.DsReplicaObjectIdentifier()
+        req8.naming_context.dn = str(nc_dn_str)
+        req8.highwatermark = drsuapi.DsReplicaHighWaterMark()
+        req8.highwatermark.tmp_highest_usn = 0
+        req8.highwatermark.reserved_usn = 0
+        req8.highwatermark.highest_usn = 0
+        req8.uptodateness_vector = None
+        req8.replica_flags = replica_flags
+        req8.max_object_count = max_objects
+        req8.max_ndr_size = 402116
+        req8.extended_op = exop
+        req8.fsmo_info = 0
+        req8.partial_attribute_set = None
+        req8.partial_attribute_set_ex = None
+        req8.mapping_ctr.num_mappings = 0
+        req8.mapping_ctr.mappings = None
+
+        return req8
+
+    def setUp(self):
+        super(DrsReplSchemaTestCase, self).setUp()
+
+        # disable automatic replication temporary
+        self._disable_all_repl(self.dnsname_dc1)
+        self._disable_all_repl(self.dnsname_dc2)
+
+        # make sure DCs are synchronized before the test
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True)
+        # initialize objects prefix if not done yet
+        if self.obj_prefix is None:
+            t = time.strftime("%s", time.gmtime())
+            DrsReplSchemaTestCase.obj_prefix = "DrsReplSchema-%s" % t
+
+    def tearDown(self):
+        self._enable_all_repl(self.dnsname_dc1)
+        self._enable_all_repl(self.dnsname_dc2)
+        super(DrsReplSchemaTestCase, self).tearDown()
+
+    def _make_obj_names(self, base_name):
+        '''Try to create a unique name for an object
+           that is to be added to schema'''
+        self.obj_id += 1
+        obj_name = "%s-%d-%s" % (self.obj_prefix, self.obj_id, base_name)
+        obj_ldn = obj_name.replace("-", "")
+        obj_dn = ldb.Dn(self.ldb_dc1, "CN=X")
+        obj_dn.add_base(ldb.Dn(self.ldb_dc1, self.schema_dn))
+        obj_dn.set_component(0, "CN", obj_name)
+        return (obj_dn, obj_name, obj_ldn)
+
+    def _schema_new_class(self, ldb_ctx, base_name, base_int, oc_cat=1, attrs=None):
+        (class_dn, class_name, class_ldn) = self._make_obj_names(base_name)
+        rec = {"dn": class_dn,
+               "objectClass": ["top", "classSchema"],
+               "cn": class_name,
+               "lDAPDisplayName": class_ldn,
+               "governsId": "1.3.6.1.4.1.7165.4.6.2.5."
+               + str((100000 * base_int) + random.randint(1, 100000)) + ".1.5.13",
+               "instanceType": "4",
+               "objectClassCategory": "%d" % oc_cat,
+               "subClassOf": "top",
+               "systemOnly": "FALSE"}
+        # allow overriding/adding attributes
+        if attrs is not None:
+            rec.update(attrs)
+        # add it to the Schema
+        try:
+            ldb_ctx.add(rec)
+        except LdbError as e:
+            (enum, estr) = e.args
+            self.fail("Adding record failed with %d/%s" % (enum, estr))
+
+        self._ldap_schemaUpdateNow(ldb_ctx)
+        return (rec["lDAPDisplayName"], rec["dn"])
+
+    def _schema_new_attr(self, ldb_ctx, base_name, base_int, attrs=None):
+        (attr_dn, attr_name, attr_ldn) = self._make_obj_names(base_name)
+        rec = {"dn": attr_dn,
+               "objectClass": ["top", "attributeSchema"],
+               "cn": attr_name,
+               "lDAPDisplayName": attr_ldn,
+               "attributeId": "1.3.6.1.4.1.7165.4.6.1.5."
+               + str((100000 * base_int) + random.randint(1, 100000)) + ".1.5.13",
+               "attributeSyntax": "2.5.5.12",
+               "omSyntax": "64",
+               "instanceType": "4",
+               "isSingleValued": "TRUE",
+               "systemOnly": "FALSE"}
+        # allow overriding/adding attributes
+        if attrs is not None:
+            rec.update(attrs)
+        # add it to the Schema
+        ldb_ctx.add(rec)
+        self._ldap_schemaUpdateNow(ldb_ctx)
+        return (rec["lDAPDisplayName"], rec["dn"])
+
+    def _check_object(self, obj_dn):
+        '''Check if object obj_dn exists on both DCs'''
+        res_dc1 = self.ldb_dc1.search(base=obj_dn,
+                                      scope=SCOPE_BASE,
+                                      attrs=["*"])
+        self.assertEqual(len(res_dc1), 1,
+                          "%s doesn't exists on %s" % (obj_dn, self.dnsname_dc1))
+        try:
+            res_dc2 = self.ldb_dc2.search(base=obj_dn,
+                                          scope=SCOPE_BASE,
+                                          attrs=["*"])
+        except LdbError as e1:
+            (enum, estr) = e1.args
+            if enum == ERR_NO_SUCH_OBJECT:
+                self.fail("%s doesn't exists on %s" % (obj_dn, self.dnsname_dc2))
+            raise
+        self.assertEqual(len(res_dc2), 1,
+                          "%s doesn't exists on %s" % (obj_dn, self.dnsname_dc2))
+
+    def test_class(self):
+        """Simple test for classSchema replication"""
+        # add new classSchema object
+        (c_ldn, c_dn) = self._schema_new_class(self.ldb_dc1, "cls-S", 0)
+        # force replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, nc_dn=self.schema_dn, forced=True)
+        # check object is replicated
+        self._check_object(c_dn)
+
+    def test_classInheritance(self):
+        """Test inheritance through subClassOf
+           I think 5 levels of inheritance is pretty decent for now."""
+        # add 5 levels deep hierarchy
+        c_dn_list = []
+        c_ldn_last = None
+        for i in range(1, 6):
+            base_name = "cls-I-%02d" % i
+            (c_ldn, c_dn) = self._schema_new_class(self.ldb_dc1, base_name, i)
+            c_dn_list.append(c_dn)
+            if c_ldn_last:
+                # inherit from last class added
+                m = Message.from_dict(self.ldb_dc1,
+                                      {"dn": c_dn,
+                                       "subClassOf": c_ldn_last},
+                                      FLAG_MOD_REPLACE)
+                self.ldb_dc1.modify(m)
+            # store last class ldapDisplayName
+            c_ldn_last = c_ldn
+        # force replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, nc_dn=self.schema_dn, forced=True)
+        # check objects are replicated
+        for c_dn in c_dn_list:
+            self._check_object(c_dn)
+
+    def test_classWithCustomAttribute(self):
+        """Create new Attribute and a Class,
+           that has value for newly created attribute.
+           This should check code path that searches for
+           AttributeID_id in Schema cache"""
+        # add new attributeSchema object
+        (a_ldn, a_dn) = self._schema_new_attr(self.ldb_dc1, "attr-A", 7)
+        # add a base classSchema class so we can use our new
+        # attribute in class definition in a sibling class
+        (c_ldn, c_dn) = self._schema_new_class(self.ldb_dc1, "cls-A", 8,
+                                               1,
+                                               {"systemMayContain": a_ldn,
+                                                "subClassOf": "classSchema"})
+        # add new classSchema object with value for a_ldb attribute
+        (c_ldn, c_dn) = self._schema_new_class(self.ldb_dc1, "cls-B", 9,
+                                               1,
+                                               {"objectClass": ["top", "classSchema", c_ldn],
+                                                a_ldn: "test_classWithCustomAttribute"})
+        # force replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, nc_dn=self.schema_dn, forced=True)
+        # check objects are replicated
+        self._check_object(c_dn)
+        self._check_object(a_dn)
+
+    def test_classWithCustomLinkAttribute(self):
+        """Create new Attribute and a Class,
+           that has value for newly created attribute.
+           This should check code path that searches for
+           AttributeID_id in Schema cache"""
+        # add new attributeSchema object
+        (a_ldn, a_dn) = self._schema_new_attr(self.ldb_dc1, "attr-Link-X", 10,
+                                              attrs={'linkID': "1.2.840.113556.1.2.50",
+                                                     "attributeSyntax": "2.5.5.1",
+                                                     "omSyntax": "127"})
+        # add a base classSchema class so we can use our new
+        # attribute in class definition in a sibling class
+        (c_ldn, c_dn) = self._schema_new_class(self.ldb_dc1, "cls-Link-Y", 11,
+                                               1,
+                                               {"systemMayContain": a_ldn,
+                                                "subClassOf": "classSchema"})
+        # add new classSchema object with value for a_ldb attribute
+        (c_ldn, c_dn) = self._schema_new_class(self.ldb_dc1, "cls-Link-Z", 12,
+                                               1,
+                                               {"objectClass": ["top", "classSchema", c_ldn],
+                                                a_ldn: self.schema_dn})
+        # force replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, nc_dn=self.schema_dn, forced=True)
+        # check objects are replicated
+        self._check_object(c_dn)
+        self._check_object(a_dn)
+
+        res = self.ldb_dc1.search(base="",
+                                  scope=SCOPE_BASE,
+                                  attrs=["domainFunctionality"])
+
+        if int(res[0]["domainFunctionality"][0]) > dsdb.DS_DOMAIN_FUNCTION_2000:
+            res = self.ldb_dc1.search(base=a_dn,
+                                      scope=SCOPE_BASE,
+                                      attrs=["msDS-IntId"])
+            self.assertEqual(1, len(res))
+            self.assertTrue("msDS-IntId" in res[0])
+            int_id = int(res[0]["msDS-IntId"][0])
+            if int_id < 0:
+                int_id += (1 << 32)
+
+        dc_guid_1 = self.ldb_dc1.get_invocation_id()
+
+        drs, drs_handle = self._ds_bind(self.dnsname_dc1, ip=self.url_dc1)
+
+        req8 = self._exop_req8(dest_dsa=None,
+                               invocation_id=dc_guid_1,
+                               nc_dn_str=c_dn,
+                               exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ,
+                               replica_flags=drsuapi.DRSUAPI_DRS_SYNC_FORCED)
+
+        (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
+
+        for link in ctr.linked_attributes:
+            self.assertTrue(link.attid != int_id,
+                            'Got %d for both' % link.attid)
+
+    def test_attribute(self):
+        """Simple test for attributeSchema replication"""
+        # add new attributeSchema object
+        (a_ldn, a_dn) = self._schema_new_attr(self.ldb_dc1, "attr-S", 13)
+        # force replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, nc_dn=self.schema_dn, forced=True)
+        # check object is replicated
+        self._check_object(a_dn)
+
+    def test_attribute_on_ou(self):
+        """Simple test having an OU with a custom attribute replicated correctly
+
+        This ensures that the server
+        """
+
+       # add new attributeSchema object
+        (a_ldn, a_dn) = self._schema_new_attr(self.ldb_dc1, "attr-OU-S", 14)
+        (c_ldn, c_dn) = self._schema_new_class(self.ldb_dc1, "cls-OU-A", 15,
+                                               3,
+                                               {"mayContain": a_ldn})
+        ou_dn = ldb.Dn(self.ldb_dc1, "ou=X")
+        ou_dn.add_base(self.ldb_dc1.get_default_basedn())
+        ou_dn.set_component(0, "OU", a_dn.get_component_value(0))
+        rec = {"dn": ou_dn,
+               "objectClass": ["top", "organizationalUnit", c_ldn],
+               "ou": ou_dn.get_component_value(0),
+               a_ldn: "test OU"}
+        self.ldb_dc1.add(rec)
+
+        # force replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, nc_dn=self.domain_dn, forced=True)
+        # check objects are replicated
+        self._check_object(c_dn)
+        self._check_object(a_dn)
+        self._check_object(ou_dn)
+        self.ldb_dc1.delete(ou_dn)
+
+    def test_all(self):
+        """Basic plan is to create bunch of classSchema
+           and attributeSchema objects, replicate Schema NC
+           and then check all objects are replicated correctly"""
+
+        # add new classSchema object
+        (c_ldn, c_dn) = self._schema_new_class(self.ldb_dc1, "cls-A", 16)
+        # add new attributeSchema object
+        (a_ldn, a_dn) = self._schema_new_attr(self.ldb_dc1, "attr-A", 17)
+
+        # add attribute to the class we have
+        m = Message.from_dict(self.ldb_dc1,
+                              {"dn": c_dn,
+                               "mayContain": a_ldn},
+                              FLAG_MOD_ADD)
+        self.ldb_dc1.modify(m)
+
+        # force replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, nc_dn=self.schema_dn, forced=True)
+
+        # check objects are replicated
+        self._check_object(c_dn)
+        self._check_object(a_dn)
+
+    def test_classWithCustomBinaryDNLinkAttribute(self):
+        # Add a new attribute to the schema, which has binary DN syntax (2.5.5.7)
+        (bin_ldn, bin_dn) = self._schema_new_attr(self.ldb_dc1, "attr-Link-Bin", 18,
+                                                  attrs={"linkID": "1.2.840.113556.1.2.50",
+                                                         "attributeSyntax": "2.5.5.7",
+                                                         "omSyntax": "127"})
+
+        (bin_ldn_b, bin_dn_b) = self._schema_new_attr(self.ldb_dc1, "attr-Link-Bin-Back", 19,
+                                                      attrs={"linkID": bin_ldn,
+                                                             "attributeSyntax": "2.5.5.1",
+                                                             "omSyntax": "127"})
+
+        # Add a new class to the schema which can have the binary DN attribute
+        (c_ldn, c_dn) = self._schema_new_class(self.ldb_dc1, "cls-Link-Bin", 20,
+                                               3,
+                                               {"mayContain": bin_ldn})
+        (c_ldn_b, c_dn_b) = self._schema_new_class(self.ldb_dc1, "cls-Link-Bin-Back", 21,
+                                                   3,
+                                                   {"mayContain": bin_ldn_b})
+
+        link_end_dn = ldb.Dn(self.ldb_dc1, "ou=X")
+        link_end_dn.add_base(self.ldb_dc1.get_default_basedn())
+        link_end_dn.set_component(0, "OU", bin_dn_b.get_component_value(0))
+
+        ou_dn = ldb.Dn(self.ldb_dc1, "ou=X")
+        ou_dn.add_base(self.ldb_dc1.get_default_basedn())
+        ou_dn.set_component(0, "OU", bin_dn.get_component_value(0))
+
+        # Add an instance of the class to be pointed at
+        rec = {"dn": link_end_dn,
+               "objectClass": ["top", "organizationalUnit", c_ldn_b],
+               "ou": link_end_dn.get_component_value(0)}
+        self.ldb_dc1.add(rec)
+
+        # .. and one that does, and points to the first one
+        rec = {"dn": ou_dn,
+               "objectClass": ["top", "organizationalUnit", c_ldn],
+               "ou": ou_dn.get_component_value(0)}
+        self.ldb_dc1.add(rec)
+
+        m = Message.from_dict(self.ldb_dc1,
+                              {"dn": ou_dn,
+                               bin_ldn: "B:8:1234ABCD:%s" % str(link_end_dn)},
+                              FLAG_MOD_ADD)
+        self.ldb_dc1.modify(m)
+
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1,
+                                nc_dn=self.schema_dn, forced=True)
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1,
+                                nc_dn=self.domain_dn, forced=True)
+
+        self._check_object(c_dn)
+        self._check_object(bin_dn)
+
+        # Make sure we can delete the backlink
+        self.ldb_dc1.delete(link_end_dn)
+
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1,
+                                nc_dn=self.schema_dn, forced=True)
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1,
+                                nc_dn=self.domain_dn, forced=True)
+
+    def test_rename(self):
+        """Basic plan is to create a classSchema
+           and attributeSchema objects, replicate Schema NC
+           and then check all objects are replicated correctly"""
+
+        # add new classSchema object
+        (c_ldn, c_dn) = self._schema_new_class(self.ldb_dc1, "cls-B", 20)
+
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1,
+                                nc_dn=self.schema_dn, forced=True)
+
+        # check objects are replicated
+        self._check_object(c_dn)
+
+        # rename the Class CN
+        c_dn_new = ldb.Dn(self.ldb_dc1, str(c_dn))
+        c_dn_new.set_component(0,
+                               "CN",
+                               c_dn.get_component_value(0) + "-NEW")
+        try:
+            self.ldb_dc1.rename(c_dn, c_dn_new)
+        except LdbError as e2:
+            (num, _) = e2.args
+            self.fail("failed to change CN for %s: %s" % (c_dn, _))
+
+        # force replication from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1,
+                                nc_dn=self.schema_dn, forced=True)
+
+        # check objects are replicated
+        self._check_object(c_dn_new)
diff --git a/source4/torture/drs/python/repl_secdesc.py b/source4/torture/drs/python/repl_secdesc.py
new file mode 100644
index 0000000..38ae25a
--- /dev/null
+++ b/source4/torture/drs/python/repl_secdesc.py
@@ -0,0 +1,400 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# Unix SMB/CIFS implementation.
+# Copyright (C) Catalyst.Net Ltd. 2017
+# Copyright (C) Andrew Bartlett <abartlet@samba.org> 2019
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+import drs_base
+import ldb
+import samba
+from samba import sd_utils
+from ldb import LdbError
+
+class ReplAclTestCase(drs_base.DrsBaseTestCase):
+
+    def setUp(self):
+        super(ReplAclTestCase, self).setUp()
+        self.mod = "(A;CIOI;GA;;;SY)"
+        self.mod_becomes = "(A;OICIIO;GA;;;SY)"
+        self.mod_inherits_as = "(A;OICIIOID;GA;;;SY)"
+
+        self.sd_utils_dc1 = sd_utils.SDUtils(self.ldb_dc1)
+        self.sd_utils_dc2 = sd_utils.SDUtils(self.ldb_dc2)
+
+        self.ou = samba.tests.create_test_ou(self.ldb_dc1,
+                                             "test_acl_inherit")
+
+        # disable replication for the tests so we can control at what point
+        # the DCs try to replicate
+        self._disable_all_repl(self.dnsname_dc1)
+        self._disable_all_repl(self.dnsname_dc2)
+
+        # make sure DCs are synchronized before the test
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True)
+
+    def tearDown(self):
+        self.ldb_dc1.delete(self.ou, ["tree_delete:1"])
+
+        # re-enable replication
+        self._enable_all_repl(self.dnsname_dc1)
+        self._enable_all_repl(self.dnsname_dc2)
+
+        super(ReplAclTestCase, self).tearDown()
+
+    def test_acl_inheirt_new_object_1_pass(self):
+        # Set the inherited ACL on the parent OU
+        self.sd_utils_dc1.dacl_add_ace(self.ou, self.mod)
+
+        # Assert ACL set stuck as expected
+        self.assertIn(self.mod_becomes,
+                      self.sd_utils_dc1.get_sd_as_sddl(self.ou))
+
+        # Make a new object
+        dn = ldb.Dn(self.ldb_dc1, "OU=l2,%s" % self.ou)
+        self.ldb_dc1.add({"dn": dn, "objectclass": "organizationalUnit"})
+
+        self._net_drs_replicate(DC=self.dnsname_dc2,
+                                fromDC=self.dnsname_dc1,
+                                forced=True)
+
+        # Assert ACL replicated as expected
+        self.assertIn(self.mod_becomes,
+                      self.sd_utils_dc2.get_sd_as_sddl(self.ou))
+
+        # Confirm inherited ACLs are identical and were inherited
+
+        self.assertIn(self.mod_inherits_as,
+                      self.sd_utils_dc1.get_sd_as_sddl(dn))
+        self.assertEqual(self.sd_utils_dc1.get_sd_as_sddl(dn),
+                          self.sd_utils_dc2.get_sd_as_sddl(dn))
+
+    def test_acl_inheirt_new_object(self):
+        # Set the inherited ACL on the parent OU
+        self.sd_utils_dc1.dacl_add_ace(self.ou, self.mod)
+
+        # Assert ACL set stuck as expected
+        self.assertIn(self.mod_becomes,
+                      self.sd_utils_dc1.get_sd_as_sddl(self.ou))
+
+        # Replicate to DC2
+
+        self._net_drs_replicate(DC=self.dnsname_dc2,
+                                fromDC=self.dnsname_dc1,
+                                forced=True)
+
+        # Make a new object
+        dn = ldb.Dn(self.ldb_dc1, "OU=l2,%s" % self.ou)
+        self.ldb_dc1.add({"dn": dn, "objectclass": "organizationalUnit"})
+
+        self._net_drs_replicate(DC=self.dnsname_dc2,
+                                fromDC=self.dnsname_dc1,
+                                forced=True)
+
+        # Assert ACL replicated as expected
+        self.assertIn(self.mod_becomes,
+                      self.sd_utils_dc2.get_sd_as_sddl(self.ou))
+
+        # Confirm inherited ACLs are identical and were inherited
+
+        self.assertIn(self.mod_inherits_as,
+                      self.sd_utils_dc1.get_sd_as_sddl(dn))
+        self.assertEqual(self.sd_utils_dc1.get_sd_as_sddl(dn),
+                          self.sd_utils_dc2.get_sd_as_sddl(dn))
+
+    def test_acl_inherit_existing_object(self):
+        # Make a new object
+        dn = ldb.Dn(self.ldb_dc1, "OU=l2,%s" % self.ou)
+        self.ldb_dc1.add({"dn": dn, "objectclass": "organizationalUnit"})
+
+        try:
+            self.ldb_dc2.search(scope=ldb.SCOPE_BASE,
+                                base=dn,
+                                attrs=[])
+            self.fail()
+        except LdbError as err:
+            enum = err.args[0]
+            self.assertEqual(enum, ldb.ERR_NO_SUCH_OBJECT)
+
+        self._net_drs_replicate(DC=self.dnsname_dc2,
+                                fromDC=self.dnsname_dc1,
+                                forced=True)
+
+        # Confirm it is now replicated
+        self.ldb_dc2.search(scope=ldb.SCOPE_BASE,
+                            base=dn,
+                            attrs=[])
+
+        # Set the inherited ACL on the parent OU
+        self.sd_utils_dc1.dacl_add_ace(self.ou, self.mod)
+
+        # Assert ACL set stuck as expected
+        self.assertIn(self.mod_becomes,
+                      self.sd_utils_dc1.get_sd_as_sddl(self.ou))
+
+        # Replicate to DC2
+
+        self._net_drs_replicate(DC=self.dnsname_dc2,
+                                fromDC=self.dnsname_dc1,
+                                forced=True)
+
+        # Confirm inherited ACLs are identical and were inherited
+
+        # Assert ACL replicated as expected
+        self.assertIn(self.mod_becomes,
+                      self.sd_utils_dc2.get_sd_as_sddl(self.ou))
+
+        self.assertIn(self.mod_inherits_as,
+                      self.sd_utils_dc1.get_sd_as_sddl(dn))
+        self.assertEqual(self.sd_utils_dc1.get_sd_as_sddl(dn),
+                          self.sd_utils_dc2.get_sd_as_sddl(dn))
+
+    def test_acl_inheirt_existing_object_1_pass(self):
+        # Make a new object
+        dn = ldb.Dn(self.ldb_dc1, "OU=l2,%s" % self.ou)
+        self.ldb_dc1.add({"dn": dn, "objectclass": "organizationalUnit"})
+
+        try:
+            self.ldb_dc2.search(scope=ldb.SCOPE_BASE,
+                                base=dn,
+                                attrs=[])
+            self.fail()
+        except LdbError as err:
+            enum = err.args[0]
+            self.assertEqual(enum, ldb.ERR_NO_SUCH_OBJECT)
+
+        # Set the inherited ACL on the parent OU
+        self.sd_utils_dc1.dacl_add_ace(self.ou, self.mod)
+
+        # Assert ACL set as expected
+        self.assertIn(self.mod_becomes,
+                      self.sd_utils_dc1.get_sd_as_sddl(self.ou))
+
+        # Replicate to DC2
+
+        self._net_drs_replicate(DC=self.dnsname_dc2,
+                                fromDC=self.dnsname_dc1,
+                                forced=True)
+
+        # Assert ACL replicated as expected
+        self.assertIn(self.mod_becomes,
+                      self.sd_utils_dc2.get_sd_as_sddl(self.ou))
+
+        # Confirm inherited ACLs are identical and were inherited
+
+        self.assertIn(self.mod_inherits_as,
+                      self.sd_utils_dc1.get_sd_as_sddl(dn))
+        self.assertEqual(self.sd_utils_dc1.get_sd_as_sddl(dn),
+                          self.sd_utils_dc2.get_sd_as_sddl(dn))
+
+    def test_acl_inheirt_renamed_object(self):
+        # Make a new object
+        new_ou = samba.tests.create_test_ou(self.ldb_dc1,
+                                            "acl_test_l2")
+
+        sub_ou_dn = ldb.Dn(self.ldb_dc1, "OU=l2,%s" % self.ou)
+
+        try:
+            self.ldb_dc2.search(scope=ldb.SCOPE_BASE,
+                                base=new_ou,
+                                attrs=[])
+            self.fail()
+        except LdbError as err:
+            enum = err.args[0]
+            self.assertEqual(enum, ldb.ERR_NO_SUCH_OBJECT)
+
+        self._net_drs_replicate(DC=self.dnsname_dc2,
+                                fromDC=self.dnsname_dc1,
+                                forced=True)
+
+        # Confirm it is now replicated
+        self.ldb_dc2.search(scope=ldb.SCOPE_BASE,
+                            base=new_ou,
+                            attrs=[])
+
+        # Set the inherited ACL on the parent OU on DC1
+        self.sd_utils_dc1.dacl_add_ace(self.ou, self.mod)
+
+        # Assert ACL set as expected
+        self.assertIn(self.mod_becomes,
+                      self.sd_utils_dc1.get_sd_as_sddl(self.ou))
+
+        # Replicate to DC2
+
+        self._net_drs_replicate(DC=self.dnsname_dc2,
+                                fromDC=self.dnsname_dc1,
+                                forced=True)
+
+        # Assert ACL replicated as expected
+        self.assertIn(self.mod_becomes,
+                      self.sd_utils_dc2.get_sd_as_sddl(self.ou))
+
+        # Rename to under self.ou
+
+        self.ldb_dc1.rename(new_ou, sub_ou_dn)
+
+        # Replicate to DC2
+
+        self._net_drs_replicate(DC=self.dnsname_dc2,
+                                fromDC=self.dnsname_dc1,
+                                forced=True)
+
+        # Confirm inherited ACLs are identical and were inherited
+        self.assertIn(self.mod_inherits_as,
+                      self.sd_utils_dc1.get_sd_as_sddl(sub_ou_dn))
+        self.assertEqual(self.sd_utils_dc1.get_sd_as_sddl(sub_ou_dn),
+                          self.sd_utils_dc2.get_sd_as_sddl(sub_ou_dn))
+
+
+    def test_acl_inheirt_renamed_child_object(self):
+        # Make a new OU
+        new_ou = samba.tests.create_test_ou(self.ldb_dc1,
+                                            "acl_test_l2")
+
+        # Here is where the new OU will end up at the end.
+        sub2_ou_dn_final = ldb.Dn(self.ldb_dc1, "OU=l2,%s" % self.ou)
+
+        sub3_ou_dn = ldb.Dn(self.ldb_dc1, "OU=l3,%s" % new_ou)
+        sub3_ou_dn_final = ldb.Dn(self.ldb_dc1, "OU=l3,%s" % sub2_ou_dn_final)
+
+        self.ldb_dc1.add({"dn": sub3_ou_dn,
+                          "objectclass": "organizationalUnit"})
+
+        sub4_ou_dn = ldb.Dn(self.ldb_dc1, "OU=l4,%s" % sub3_ou_dn)
+        sub4_ou_dn_final = ldb.Dn(self.ldb_dc1, "OU=l4,%s" % sub3_ou_dn_final)
+
+        self.ldb_dc1.add({"dn": sub4_ou_dn,
+                          "objectclass": "organizationalUnit"})
+
+        try:
+            self.ldb_dc2.search(scope=ldb.SCOPE_BASE,
+                                base=new_ou,
+                                attrs=[])
+            self.fail()
+        except LdbError as err:
+            enum = err.args[0]
+            self.assertEqual(enum, ldb.ERR_NO_SUCH_OBJECT)
+
+        self._net_drs_replicate(DC=self.dnsname_dc2,
+                                fromDC=self.dnsname_dc1,
+                                forced=True)
+
+        # Confirm it is now replicated
+        self.ldb_dc2.search(scope=ldb.SCOPE_BASE,
+                            base=new_ou,
+                            attrs=[])
+
+        #
+        # Given a tree new_ou -> l3 -> l4
+        #
+
+        # Set the inherited ACL on the grandchild OU (l3) on DC1
+        self.sd_utils_dc1.dacl_add_ace(sub3_ou_dn, self.mod)
+
+        # Assert ACL set stuck as expected
+        self.assertIn(self.mod_becomes,
+                      self.sd_utils_dc1.get_sd_as_sddl(sub3_ou_dn))
+
+        # Rename new_ou (l2) to under self.ou (this must happen second).  If the
+        # inheritance between l3 and l4 is name-based, this could
+        # break.
+
+        # The tree is now self.ou -> l2 -> l3 -> l4
+
+        self.ldb_dc1.rename(new_ou, sub2_ou_dn_final)
+
+        # Assert ACL set remained as expected
+        self.assertIn(self.mod_becomes,
+                      self.sd_utils_dc1.get_sd_as_sddl(sub3_ou_dn_final))
+
+        # Replicate to DC2
+
+        self._net_drs_replicate(DC=self.dnsname_dc2,
+                                fromDC=self.dnsname_dc1,
+                                forced=True)
+
+        # Confirm set ACLs (on l3 ) are identical and were inherited
+        self.assertIn(self.mod_becomes,
+                      self.sd_utils_dc2.get_sd_as_sddl(sub3_ou_dn_final))
+        self.assertEqual(self.sd_utils_dc1.get_sd_as_sddl(sub3_ou_dn_final),
+                          self.sd_utils_dc2.get_sd_as_sddl(sub3_ou_dn_final))
+
+        # Confirm inherited ACLs (from l3 to l4) are identical
+        # and were inherited
+        self.assertIn(self.mod_inherits_as,
+                      self.sd_utils_dc1.get_sd_as_sddl(sub4_ou_dn_final))
+        self.assertEqual(self.sd_utils_dc1.get_sd_as_sddl(sub4_ou_dn_final),
+                          self.sd_utils_dc2.get_sd_as_sddl(sub4_ou_dn_final))
+
+
+    def test_acl_inheirt_renamed_object_in_conflict(self):
+        # Make a new object to be renamed under self.ou
+        new_ou = samba.tests.create_test_ou(self.ldb_dc1,
+                                            "acl_test_l2")
+
+        # Make a new OU under self.ou (on DC2)
+        sub_ou_dn = ldb.Dn(self.ldb_dc2, "OU=l2,%s" % self.ou)
+        self.ldb_dc2.add({"dn": sub_ou_dn,
+                          "objectclass": "organizationalUnit"})
+
+        # Set the inherited ACL on the parent OU
+        self.sd_utils_dc1.dacl_add_ace(self.ou, self.mod)
+
+        # Assert ACL set stuck as expected
+        self.assertIn(self.mod_becomes,
+                      self.sd_utils_dc1.get_sd_as_sddl(self.ou))
+
+        # Replicate to DC2
+
+        self._net_drs_replicate(DC=self.dnsname_dc2,
+                                fromDC=self.dnsname_dc1,
+                                forced=True)
+
+        # Rename to under self.ou
+        self.ldb_dc1.rename(new_ou, sub_ou_dn)
+        self.assertIn(self.mod_inherits_as,
+                      self.sd_utils_dc1.get_sd_as_sddl(sub_ou_dn))
+
+        # Replicate to DC2 (will cause a conflict, DC1 to win, version
+        # is higher since named twice)
+
+        self._net_drs_replicate(DC=self.dnsname_dc2,
+                                fromDC=self.dnsname_dc1,
+                                forced=True)
+
+        children = self.ldb_dc2.search(scope=ldb.SCOPE_ONELEVEL,
+                                       base=self.ou,
+                                       attrs=[])
+        for child in children:
+            self.assertIn(self.mod_inherits_as,
+                          self.sd_utils_dc2.get_sd_as_sddl(child.dn))
+            self.assertEqual(self.sd_utils_dc1.get_sd_as_sddl(sub_ou_dn),
+                              self.sd_utils_dc2.get_sd_as_sddl(child.dn))
+
+        # Replicate back
+        self._net_drs_replicate(DC=self.dnsname_dc1,
+                                fromDC=self.dnsname_dc2,
+                                forced=True)
+
+        self.assertIn(self.mod_inherits_as,
+                      self.sd_utils_dc1.get_sd_as_sddl(sub_ou_dn))
+
+        for child in children:
+            self.assertIn(self.mod_inherits_as,
+                          self.sd_utils_dc1.get_sd_as_sddl(child.dn))
+            self.assertEqual(self.sd_utils_dc1.get_sd_as_sddl(child.dn),
+                              self.sd_utils_dc2.get_sd_as_sddl(child.dn))
diff --git a/source4/torture/drs/python/replica_sync.py b/source4/torture/drs/python/replica_sync.py
new file mode 100644
index 0000000..f40b16d
--- /dev/null
+++ b/source4/torture/drs/python/replica_sync.py
@@ -0,0 +1,747 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# Tests various schema replication scenarios
+#
+# Copyright (C) Kamen Mazdrashki <kamenim@samba.org> 2011
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+#
+# Usage:
+#  export DC1=dc1_dns_name
+#  export DC2=dc2_dns_name
+#  export SUBUNITRUN=$samba4srcdir/scripting/bin/subunitrun
+#  PYTHONPATH="$PYTHONPATH:$samba4srcdir/torture/drs/python" $SUBUNITRUN replica_sync -U"$DOMAIN/$DC_USERNAME"%"$DC_PASSWORD"
+#
+
+import drs_base
+import samba.tests
+import time
+import ldb
+
+from ldb import (
+    SCOPE_BASE, LdbError, ERR_NO_SUCH_OBJECT)
+
+
+class DrsReplicaSyncTestCase(drs_base.DrsBaseTestCase):
+    """Intended as a black box test case for DsReplicaSync
+       implementation. It should test the behavior of this
+       case in cases when inbound replication is disabled"""
+
+    def setUp(self):
+        super(DrsReplicaSyncTestCase, self).setUp()
+
+        # This OU avoids this test conflicting with anything
+        # that may already be in the DB
+        self.top_ou = samba.tests.create_test_ou(self.ldb_dc1,
+                                                 "replica_sync")
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True)
+        self.ou1 = None
+        self.ou2 = None
+
+    def tearDown(self):
+        self._cleanup_object(self.ou1)
+        self._cleanup_object(self.ou2)
+        self._cleanup_dn(self.top_ou)
+
+        # re-enable replication
+        self._enable_inbound_repl(self.dnsname_dc1)
+        self._enable_inbound_repl(self.dnsname_dc2)
+
+        super(DrsReplicaSyncTestCase, self).tearDown()
+
+    def _cleanup_dn(self, dn):
+        try:
+            self.ldb_dc2.delete(dn, ["tree_delete:1"])
+        except LdbError as e:
+            (num, _) = e.args
+            self.assertEqual(num, ERR_NO_SUCH_OBJECT)
+        try:
+            self.ldb_dc1.delete(dn, ["tree_delete:1"])
+        except LdbError as e1:
+            (num, _) = e1.args
+            self.assertEqual(num, ERR_NO_SUCH_OBJECT)
+
+    def _cleanup_object(self, guid):
+        """Cleans up a test object, if it still exists"""
+        if guid is not None:
+            self._cleanup_dn('<GUID=%s>' % guid)
+
+    def test_ReplEnabled(self):
+        """Tests we can replicate when replication is enabled"""
+        self._enable_inbound_repl(self.dnsname_dc1)
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=False)
+
+    def test_ReplDisabled(self):
+        """Tests we can't replicate when replication is disabled"""
+        self._disable_inbound_repl(self.dnsname_dc1)
+
+        ccache_name = self.get_creds_ccache_name()
+
+        # Tunnel the command line credentials down to the
+        # subcommand to avoid a new kinit
+        cmdline_auth = "--use-krb5-ccache=%s" % ccache_name
+
+        # bin/samba-tool drs <drs_command> <cmdline_auth>
+        cmd_list = ["drs", "replicate", cmdline_auth]
+
+        nc_dn = self.domain_dn
+        # bin/samba-tool drs replicate <Dest_DC_NAME> <Src_DC_NAME> <Naming Context>
+        cmd_list += [self.dnsname_dc1, self.dnsname_dc2, nc_dn]
+
+        (result, out, err) = self.runsubcmd(*cmd_list)
+        self.assertCmdFail(result)
+        self.assertTrue('WERR_DS_DRA_SINK_DISABLED' in err)
+
+    def test_ReplDisabledForced(self):
+        """Tests we can force replicate when replication is disabled"""
+        self._disable_inbound_repl(self.dnsname_dc1)
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True)
+
+    def test_ReplLocal(self):
+        """Tests we can replicate direct to the local db"""
+        self._enable_inbound_repl(self.dnsname_dc1)
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=False, local=True, full_sync=True)
+
+    def _create_ou(self, samdb, name):
+        ldif = """
+dn: %s,%s
+objectClass: organizationalUnit
+""" % (name, self.top_ou)
+        samdb.add_ldif(ldif)
+        res = samdb.search(base="%s,%s" % (name, self.top_ou),
+                           scope=SCOPE_BASE, attrs=["objectGUID"])
+        return self._GUID_string(res[0]["objectGUID"][0])
+
+    def _check_deleted(self, sam_ldb, guid):
+        # search the user by guid as it may be deleted
+        res = sam_ldb.search(base='<GUID=%s>' % guid,
+                             controls=["show_deleted:1"],
+                             attrs=["isDeleted", "objectCategory", "ou"])
+        self.assertEqual(len(res), 1)
+        ou_cur = res[0]
+        # Deleted Object base DN
+        dodn = self._deleted_objects_dn(sam_ldb)
+        # now check properties of the user
+        name_cur = ou_cur["ou"][0]
+        self.assertEqual(ou_cur["isDeleted"][0], b"TRUE")
+        self.assertTrue(not("objectCategory" in ou_cur))
+        self.assertTrue(dodn in str(ou_cur["dn"]),
+                        "OU %s is deleted but it is not located under %s!" % (name_cur, dodn))
+
+    def test_ReplConflictsFullSync(self):
+        """Tests that objects created in conflict become conflict DNs (honour full sync override)"""
+
+        # First confirm local replication (so when we test against windows, this fails fast without creating objects)
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, local=True, forced=True, full_sync=True)
+
+        self._disable_inbound_repl(self.dnsname_dc1)
+        self._disable_inbound_repl(self.dnsname_dc2)
+
+        # Create conflicting objects on DC1 and DC2, with DC1 object created first
+        self.ou1 = self._create_ou(self.ldb_dc1, "OU=Test Full Sync")
+        # We have to sleep to ensure that the two objects have different timestamps
+        time.sleep(1)
+        self.ou2 = self._create_ou(self.ldb_dc2, "OU=Test Full Sync")
+
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, local=True, forced=True, full_sync=True)
+
+        # Check that DC2 got the DC1 object, and OU1 was make into conflict
+        res1 = self.ldb_dc2.search(base="<GUID=%s>" % self.ou1,
+                                   scope=SCOPE_BASE, attrs=["name"])
+        res2 = self.ldb_dc2.search(base="<GUID=%s>" % self.ou2,
+                                   scope=SCOPE_BASE, attrs=["name"])
+        print(res1[0]["name"][0])
+        print(res2[0]["name"][0])
+        self.assertFalse('CNF:%s' % self.ou2 in str(res2[0]["name"][0]))
+        self.assertTrue('CNF:%s' % self.ou1 in str(res1[0]["name"][0]))
+        self.assertTrue(self._lost_and_found_dn(self.ldb_dc2, self.domain_dn) not in str(res1[0].dn))
+        self.assertTrue(self._lost_and_found_dn(self.ldb_dc2, self.domain_dn) not in str(res2[0].dn))
+        self.assertEqual(str(res1[0]["name"][0]), res1[0].dn.get_rdn_value())
+        self.assertEqual(str(res2[0]["name"][0]), res2[0].dn.get_rdn_value())
+
+        # Delete both objects by GUID on DC2
+
+        self.ldb_dc2.delete('<GUID=%s>' % self.ou1)
+        self.ldb_dc2.delete('<GUID=%s>' % self.ou2)
+
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True, full_sync=True)
+
+        self._check_deleted(self.ldb_dc1, self.ou1)
+        self._check_deleted(self.ldb_dc1, self.ou2)
+        # Check deleted on DC2
+        self._check_deleted(self.ldb_dc2, self.ou1)
+        self._check_deleted(self.ldb_dc2, self.ou2)
+
+    def test_ReplConflictsRemoteWin(self):
+        """Tests that objects created in conflict become conflict DNs"""
+        self._disable_inbound_repl(self.dnsname_dc1)
+        self._disable_inbound_repl(self.dnsname_dc2)
+
+        # Create conflicting objects on DC1 and DC2, with DC1 object created first
+        self.ou1 = self._create_ou(self.ldb_dc1, "OU=Test Remote Conflict")
+        # We have to sleep to ensure that the two objects have different timestamps
+        time.sleep(1)
+        self.ou2 = self._create_ou(self.ldb_dc2, "OU=Test Remote Conflict")
+
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True, full_sync=False)
+
+        # Check that DC2 got the DC1 object, and OU1 was make into conflict
+        res1 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou1,
+                                   scope=SCOPE_BASE, attrs=["name"])
+        res2 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou2,
+                                   scope=SCOPE_BASE, attrs=["name"])
+        print(res1[0]["name"][0])
+        print(res2[0]["name"][0])
+        self.assertTrue('CNF:%s' % self.ou1 in str(res1[0]["name"][0]))
+        self.assertTrue(self._lost_and_found_dn(self.ldb_dc1, self.domain_dn) not in str(res1[0].dn))
+        self.assertTrue(self._lost_and_found_dn(self.ldb_dc1, self.domain_dn) not in str(res2[0].dn))
+        self.assertEqual(str(res1[0]["name"][0]), res1[0].dn.get_rdn_value())
+        self.assertEqual(str(res2[0]["name"][0]), res2[0].dn.get_rdn_value())
+
+        # Delete both objects by GUID on DC1
+
+        self.ldb_dc1.delete('<GUID=%s>' % self.ou1)
+        self.ldb_dc1.delete('<GUID=%s>' % self.ou2)
+
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True, full_sync=False)
+
+        self._check_deleted(self.ldb_dc1, self.ou1)
+        self._check_deleted(self.ldb_dc1, self.ou2)
+        # Check deleted on DC2
+        self._check_deleted(self.ldb_dc2, self.ou1)
+        self._check_deleted(self.ldb_dc2, self.ou2)
+
+    def test_ReplConflictsLocalWin(self):
+        """Tests that objects created in conflict become conflict DNs"""
+        self._disable_inbound_repl(self.dnsname_dc1)
+        self._disable_inbound_repl(self.dnsname_dc2)
+
+        # Create conflicting objects on DC1 and DC2, with DC2 object created first
+        self.ou2 = self._create_ou(self.ldb_dc2, "OU=Test Local Conflict")
+        # We have to sleep to ensure that the two objects have different timestamps
+        time.sleep(1)
+        self.ou1 = self._create_ou(self.ldb_dc1, "OU=Test Local Conflict")
+
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True, full_sync=False)
+
+        # Check that DC2 got the DC1 object, and OU2 was make into conflict
+        res1 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou1,
+                                   scope=SCOPE_BASE, attrs=["name"])
+        res2 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou2,
+                                   scope=SCOPE_BASE, attrs=["name"])
+        print(res1[0]["name"][0])
+        print(res2[0]["name"][0])
+        self.assertTrue('CNF:%s' % self.ou2 in str(res2[0]["name"][0]), "Got %s for %s" % (str(res2[0]["name"][0]), self.ou2))
+        self.assertTrue(self._lost_and_found_dn(self.ldb_dc1, self.domain_dn) not in str(res1[0].dn))
+        self.assertTrue(self._lost_and_found_dn(self.ldb_dc1, self.domain_dn) not in str(res2[0].dn))
+        self.assertEqual(str(res1[0]["name"][0]), res1[0].dn.get_rdn_value())
+        self.assertEqual(str(res2[0]["name"][0]), res2[0].dn.get_rdn_value())
+
+        # Delete both objects by GUID on DC1
+
+        self.ldb_dc1.delete('<GUID=%s>' % self.ou1)
+        self.ldb_dc1.delete('<GUID=%s>' % self.ou2)
+
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True, full_sync=False)
+
+        self._check_deleted(self.ldb_dc1, self.ou1)
+        self._check_deleted(self.ldb_dc1, self.ou2)
+        # Check deleted on DC2
+        self._check_deleted(self.ldb_dc2, self.ou1)
+        self._check_deleted(self.ldb_dc2, self.ou2)
+
+    def test_ReplConflictsRemoteWin_with_child(self):
+        """Tests that objects created in conflict become conflict DNs"""
+        self._disable_inbound_repl(self.dnsname_dc1)
+        self._disable_inbound_repl(self.dnsname_dc2)
+
+        # Create conflicting objects on DC1 and DC2, with DC1 object created first
+        self.ou1 = self._create_ou(self.ldb_dc1, "OU=Test Parent Remote Conflict")
+        # We have to sleep to ensure that the two objects have different timestamps
+        time.sleep(1)
+        self.ou2 = self._create_ou(self.ldb_dc2, "OU=Test Parent Remote Conflict")
+        # Create children on DC2
+        ou1_child = self._create_ou(self.ldb_dc1, "OU=Test Child,OU=Test Parent Remote Conflict")
+        ou2_child = self._create_ou(self.ldb_dc2, "OU=Test Child,OU=Test Parent Remote Conflict")
+
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True, full_sync=False)
+
+        # Check that DC2 got the DC1 object, and SELF.OU1 was make into conflict
+        res1 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou1,
+                                   scope=SCOPE_BASE, attrs=["name"])
+        res2 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou2,
+                                   scope=SCOPE_BASE, attrs=["name"])
+        print(res1[0]["name"][0])
+        print(res2[0]["name"][0])
+        self.assertTrue('CNF:%s' % self.ou1 in str(res1[0]["name"][0]))
+        self.assertTrue(self._lost_and_found_dn(self.ldb_dc1, self.domain_dn) not in str(res1[0].dn))
+        self.assertTrue(self._lost_and_found_dn(self.ldb_dc1, self.domain_dn) not in str(res2[0].dn))
+        self.assertEqual(str(res1[0]["name"][0]), res1[0].dn.get_rdn_value())
+        self.assertEqual(str(res2[0]["name"][0]), res2[0].dn.get_rdn_value())
+
+        # Delete both objects by GUID on DC1
+
+        self.ldb_dc1.delete('<GUID=%s>' % self.ou1, ["tree_delete:1"])
+        self.ldb_dc1.delete('<GUID=%s>' % self.ou2, ["tree_delete:1"])
+
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True, full_sync=False)
+
+        self._check_deleted(self.ldb_dc1, self.ou1)
+        self._check_deleted(self.ldb_dc1, self.ou2)
+        # Check deleted on DC2
+        self._check_deleted(self.ldb_dc2, self.ou1)
+        self._check_deleted(self.ldb_dc2, self.ou2)
+
+        self._check_deleted(self.ldb_dc1, ou1_child)
+        self._check_deleted(self.ldb_dc1, ou2_child)
+        # Check deleted on DC2
+        self._check_deleted(self.ldb_dc2, ou1_child)
+        self._check_deleted(self.ldb_dc2, ou2_child)
+
+    def test_ReplConflictsRenamedVsNewRemoteWin(self):
+        """Tests resolving a DN conflict between a renamed object and a new object"""
+        self._disable_inbound_repl(self.dnsname_dc1)
+        self._disable_inbound_repl(self.dnsname_dc2)
+
+        # Create an OU and rename it on DC1
+        self.ou1 = self._create_ou(self.ldb_dc1, "OU=Test Remote Rename Conflict orig")
+        self.ldb_dc1.rename("<GUID=%s>" % self.ou1, "OU=Test Remote Rename Conflict,%s" % self.top_ou)
+
+        # We have to sleep to ensure that the two objects have different timestamps
+        time.sleep(1)
+
+        # create a conflicting object with the same DN on DC2
+        self.ou2 = self._create_ou(self.ldb_dc2, "OU=Test Remote Rename Conflict")
+
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True, full_sync=False)
+
+        # Check that DC2 got the DC1 object, and SELF.OU1 was made into conflict
+        res1 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou1,
+                                   scope=SCOPE_BASE, attrs=["name"])
+        res2 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou2,
+                                   scope=SCOPE_BASE, attrs=["name"])
+        print(res1[0]["name"][0])
+        print(res2[0]["name"][0])
+        self.assertTrue('CNF:%s' % self.ou1 in str(res1[0]["name"][0]))
+        self.assertTrue(self._lost_and_found_dn(self.ldb_dc1, self.domain_dn) not in str(res1[0].dn))
+        self.assertTrue(self._lost_and_found_dn(self.ldb_dc1, self.domain_dn) not in str(res2[0].dn))
+        self.assertEqual(str(res1[0]["name"][0]), res1[0].dn.get_rdn_value())
+        self.assertEqual(str(res2[0]["name"][0]), res2[0].dn.get_rdn_value())
+
+        # Delete both objects by GUID on DC1
+        self.ldb_dc1.delete('<GUID=%s>' % self.ou1)
+        self.ldb_dc1.delete('<GUID=%s>' % self.ou2)
+
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True, full_sync=False)
+
+        self._check_deleted(self.ldb_dc1, self.ou1)
+        self._check_deleted(self.ldb_dc1, self.ou2)
+        # Check deleted on DC2
+        self._check_deleted(self.ldb_dc2, self.ou1)
+        self._check_deleted(self.ldb_dc2, self.ou2)
+
+    def test_ReplConflictsRenamedVsNewLocalWin(self):
+        """Tests resolving a DN conflict between a renamed object and a new object"""
+        self._disable_inbound_repl(self.dnsname_dc1)
+        self._disable_inbound_repl(self.dnsname_dc2)
+
+        # Create conflicting objects on DC1 and DC2, where the DC2 object has been renamed
+        self.ou2 = self._create_ou(self.ldb_dc2, "OU=Test Rename Local Conflict orig")
+        self.ldb_dc2.rename("<GUID=%s>" % self.ou2, "OU=Test Rename Local Conflict,%s" % self.top_ou)
+        # We have to sleep to ensure that the two objects have different timestamps
+        time.sleep(1)
+        self.ou1 = self._create_ou(self.ldb_dc1, "OU=Test Rename Local Conflict")
+
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True, full_sync=False)
+
+        # Check that DC2 got the DC1 object, and OU2 was made into conflict
+        res1 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou1,
+                                   scope=SCOPE_BASE, attrs=["name"])
+        res2 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou2,
+                                   scope=SCOPE_BASE, attrs=["name"])
+        print(res1[0]["name"][0])
+        print(res2[0]["name"][0])
+        self.assertTrue('CNF:%s' % self.ou2 in str(res2[0]["name"][0]))
+        self.assertTrue(self._lost_and_found_dn(self.ldb_dc1, self.domain_dn) not in str(res1[0].dn))
+        self.assertTrue(self._lost_and_found_dn(self.ldb_dc1, self.domain_dn) not in str(res2[0].dn))
+        self.assertEqual(str(res1[0]["name"][0]), res1[0].dn.get_rdn_value())
+        self.assertEqual(str(res2[0]["name"][0]), res2[0].dn.get_rdn_value())
+
+        # Delete both objects by GUID on DC1
+        self.ldb_dc1.delete('<GUID=%s>' % self.ou1)
+        self.ldb_dc1.delete('<GUID=%s>' % self.ou2)
+
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True, full_sync=False)
+
+        self._check_deleted(self.ldb_dc1, self.ou1)
+        self._check_deleted(self.ldb_dc1, self.ou2)
+        # Check deleted on DC2
+        self._check_deleted(self.ldb_dc2, self.ou1)
+        self._check_deleted(self.ldb_dc2, self.ou2)
+
+    def test_ReplConflictsRenameRemoteWin(self):
+        """Tests that objects created in conflict become conflict DNs"""
+        self._disable_inbound_repl(self.dnsname_dc1)
+        self._disable_inbound_repl(self.dnsname_dc2)
+
+        # Create conflicting objects on DC1 and DC2, with DC1 object created first
+        self.ou1 = self._create_ou(self.ldb_dc1, "OU=Test Remote Rename Conflict")
+        self.ou2 = self._create_ou(self.ldb_dc2, "OU=Test Remote Rename Conflict 2")
+
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True, full_sync=False)
+
+        self.ldb_dc1.rename("<GUID=%s>" % self.ou1, "OU=Test Remote Rename Conflict 3,%s" % self.top_ou)
+        # We have to sleep to ensure that the two objects have different timestamps
+        time.sleep(1)
+        self.ldb_dc2.rename("<GUID=%s>" % self.ou2, "OU=Test Remote Rename Conflict 3,%s" % self.top_ou)
+
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True, full_sync=False)
+
+        # Check that DC2 got the DC1 object, and SELF.OU1 was make into conflict
+        res1 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou1,
+                                   scope=SCOPE_BASE, attrs=["name"])
+        res2 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou2,
+                                   scope=SCOPE_BASE, attrs=["name"])
+        print(res1[0]["name"][0])
+        print(res2[0]["name"][0])
+        self.assertTrue('CNF:%s' % self.ou1 in str(res1[0]["name"][0]))
+        self.assertTrue(self._lost_and_found_dn(self.ldb_dc1, self.domain_dn) not in str(res1[0].dn))
+        self.assertTrue(self._lost_and_found_dn(self.ldb_dc1, self.domain_dn) not in str(res2[0].dn))
+        self.assertEqual(str(res1[0]["name"][0]), res1[0].dn.get_rdn_value())
+        self.assertEqual(str(res2[0]["name"][0]), res2[0].dn.get_rdn_value())
+
+        # Delete both objects by GUID on DC1
+
+        self.ldb_dc1.delete('<GUID=%s>' % self.ou1)
+        self.ldb_dc1.delete('<GUID=%s>' % self.ou2)
+
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True, full_sync=False)
+
+        self._check_deleted(self.ldb_dc1, self.ou1)
+        self._check_deleted(self.ldb_dc1, self.ou2)
+        # Check deleted on DC2
+        self._check_deleted(self.ldb_dc2, self.ou1)
+        self._check_deleted(self.ldb_dc2, self.ou2)
+
+    def test_ReplConflictsRenameRemoteWin_with_child(self):
+        """Tests that objects created in conflict become conflict DNs"""
+        self._disable_inbound_repl(self.dnsname_dc1)
+        self._disable_inbound_repl(self.dnsname_dc2)
+
+        # Create conflicting objects on DC1 and DC2, with DC1 object created first
+        self.ou1 = self._create_ou(self.ldb_dc1, "OU=Test Parent Remote Rename Conflict")
+        self.ou2 = self._create_ou(self.ldb_dc2, "OU=Test Parent Remote Rename Conflict 2")
+        # Create children on DC2
+        ou1_child = self._create_ou(self.ldb_dc1, "OU=Test Child,OU=Test Parent Remote Rename Conflict")
+        ou2_child = self._create_ou(self.ldb_dc2, "OU=Test Child,OU=Test Parent Remote Rename Conflict 2")
+
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True, full_sync=False)
+
+        self.ldb_dc1.rename("<GUID=%s>" % self.ou1, "OU=Test Parent Remote Rename Conflict 3,%s" % self.top_ou)
+        # We have to sleep to ensure that the two objects have different timestamps
+        time.sleep(1)
+        self.ldb_dc2.rename("<GUID=%s>" % self.ou2, "OU=Test Parent Remote Rename Conflict 3,%s" % self.top_ou)
+
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True, full_sync=False)
+
+        # Check that DC2 got the DC1 object, and SELF.OU1 was make into conflict
+        res1 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou1,
+                                   scope=SCOPE_BASE, attrs=["name"])
+        res2 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou2,
+                                   scope=SCOPE_BASE, attrs=["name"])
+        print(res1[0]["name"][0])
+        print(res2[0]["name"][0])
+        self.assertTrue('CNF:%s' % self.ou1 in str(res1[0]["name"][0]))
+        self.assertTrue(self._lost_and_found_dn(self.ldb_dc1, self.domain_dn) not in str(res1[0].dn))
+        self.assertTrue(self._lost_and_found_dn(self.ldb_dc1, self.domain_dn) not in str(res2[0].dn))
+        self.assertEqual(str(res1[0]["name"][0]), res1[0].dn.get_rdn_value())
+        self.assertEqual(str(res2[0]["name"][0]), res2[0].dn.get_rdn_value())
+
+        # Delete both objects by GUID on DC1
+
+        self.ldb_dc1.delete('<GUID=%s>' % self.ou1, ["tree_delete:1"])
+        self.ldb_dc1.delete('<GUID=%s>' % self.ou2, ["tree_delete:1"])
+
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True, full_sync=False)
+
+        self._check_deleted(self.ldb_dc1, self.ou1)
+        self._check_deleted(self.ldb_dc1, self.ou2)
+        # Check deleted on DC2
+        self._check_deleted(self.ldb_dc2, self.ou1)
+        self._check_deleted(self.ldb_dc2, self.ou2)
+
+        self._check_deleted(self.ldb_dc1, ou1_child)
+        self._check_deleted(self.ldb_dc1, ou2_child)
+        # Check deleted on DC2
+        self._check_deleted(self.ldb_dc2, ou1_child)
+        self._check_deleted(self.ldb_dc2, ou2_child)
+
+    def test_ReplConflictsRenameLocalWin(self):
+        """Tests that objects created in conflict become conflict DNs"""
+        self._disable_inbound_repl(self.dnsname_dc1)
+        self._disable_inbound_repl(self.dnsname_dc2)
+
+        # Create conflicting objects on DC1 and DC2, with DC1 object created first
+        self.ou1 = self._create_ou(self.ldb_dc1, "OU=Test Rename Local Conflict")
+        self.ou2 = self._create_ou(self.ldb_dc2, "OU=Test Rename Local Conflict 2")
+
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True, full_sync=False)
+
+        self.ldb_dc2.rename("<GUID=%s>" % self.ou2, "OU=Test Rename Local Conflict 3,%s" % self.top_ou)
+        # We have to sleep to ensure that the two objects have different timestamps
+        time.sleep(1)
+        self.ldb_dc1.rename("<GUID=%s>" % self.ou1, "OU=Test Rename Local Conflict 3,%s" % self.top_ou)
+
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True, full_sync=False)
+
+        # Check that DC2 got the DC1 object, and OU2 was make into conflict
+        res1 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou1,
+                                   scope=SCOPE_BASE, attrs=["name"])
+        res2 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou2,
+                                   scope=SCOPE_BASE, attrs=["name"])
+        print(res1[0]["name"][0])
+        print(res2[0]["name"][0])
+        self.assertTrue('CNF:%s' % self.ou2 in str(res2[0]["name"][0]))
+        self.assertTrue(self._lost_and_found_dn(self.ldb_dc1, self.domain_dn) not in str(res1[0].dn))
+        self.assertTrue(self._lost_and_found_dn(self.ldb_dc1, self.domain_dn) not in str(res2[0].dn))
+        self.assertEqual(str(res1[0]["name"][0]), res1[0].dn.get_rdn_value())
+        self.assertEqual(str(res2[0]["name"][0]), res2[0].dn.get_rdn_value())
+
+        # Delete both objects by GUID on DC1
+
+        self.ldb_dc1.delete('<GUID=%s>' % self.ou1)
+        self.ldb_dc1.delete('<GUID=%s>' % self.ou2)
+
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True, full_sync=False)
+
+        self._check_deleted(self.ldb_dc1, self.ou1)
+        self._check_deleted(self.ldb_dc1, self.ou2)
+        # Check deleted on DC2
+        self._check_deleted(self.ldb_dc2, self.ou1)
+        self._check_deleted(self.ldb_dc2, self.ou2)
+
+    def test_ReplLostAndFound(self):
+        """Tests that objects created under a OU deleted eleswhere end up in lostAndFound"""
+        self._disable_inbound_repl(self.dnsname_dc1)
+        self._disable_inbound_repl(self.dnsname_dc2)
+
+        # Create two OUs on DC2
+        self.ou1 = self._create_ou(self.ldb_dc2, "OU=Deleted parent")
+        self.ou2 = self._create_ou(self.ldb_dc2, "OU=Deleted parent 2")
+
+        # replicate them from DC2 to DC1
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True, full_sync=False)
+
+        # Delete both objects by GUID on DC1
+
+        self.ldb_dc1.delete('<GUID=%s>' % self.ou1)
+        self.ldb_dc1.delete('<GUID=%s>' % self.ou2)
+
+        # Create children on DC2
+        ou1_child = self._create_ou(self.ldb_dc2, "OU=Test Child,OU=Deleted parent")
+        ou2_child = self._create_ou(self.ldb_dc2, "OU=Test Child,OU=Deleted parent 2")
+
+        # Replicate from DC2
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True, full_sync=False)
+
+        # Check the sub-OUs are now in lostAndFound and the first one is a conflict DN
+
+        # Check that DC2 got the DC1 object, and one or other object was make into conflict
+        res1 = self.ldb_dc1.search(base="<GUID=%s>" % ou1_child,
+                                   scope=SCOPE_BASE, attrs=["name"])
+        res2 = self.ldb_dc1.search(base="<GUID=%s>" % ou2_child,
+                                   scope=SCOPE_BASE, attrs=["name"])
+        print(res1[0]["name"][0])
+        print(res2[0]["name"][0])
+        self.assertTrue('CNF:%s' % ou1_child in str(res1[0]["name"][0]) or 'CNF:%s' % ou2_child in str(res2[0]["name"][0]))
+        self.assertTrue(self._lost_and_found_dn(self.ldb_dc1, self.domain_dn) in str(res1[0].dn))
+        self.assertTrue(self._lost_and_found_dn(self.ldb_dc1, self.domain_dn) in str(res2[0].dn))
+        self.assertEqual(str(res1[0]["name"][0]), res1[0].dn.get_rdn_value())
+        self.assertEqual(str(res2[0]["name"][0]), res2[0].dn.get_rdn_value())
+
+        # Delete all objects by GUID on DC1
+
+        self.ldb_dc1.delete('<GUID=%s>' % ou1_child)
+        self.ldb_dc1.delete('<GUID=%s>' % ou2_child)
+
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True, full_sync=False)
+
+        # Check all deleted on DC1
+        self._check_deleted(self.ldb_dc1, self.ou1)
+        self._check_deleted(self.ldb_dc1, self.ou2)
+        self._check_deleted(self.ldb_dc1, ou1_child)
+        self._check_deleted(self.ldb_dc1, ou2_child)
+        # Check all deleted on DC2
+        self._check_deleted(self.ldb_dc2, self.ou1)
+        self._check_deleted(self.ldb_dc2, self.ou2)
+        self._check_deleted(self.ldb_dc2, ou1_child)
+        self._check_deleted(self.ldb_dc2, ou2_child)
+
+    def test_ReplRenames(self):
+        """Tests that objects created under a OU deleted eleswhere end up in lostAndFound"""
+        self._disable_inbound_repl(self.dnsname_dc1)
+        self._disable_inbound_repl(self.dnsname_dc2)
+
+        # Create two OUs on DC2
+        self.ou1 = self._create_ou(self.ldb_dc2, "OU=Original parent")
+        self.ou2 = self._create_ou(self.ldb_dc2, "OU=Original parent 2")
+
+        # replicate them from DC2 to DC1
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True, full_sync=False)
+
+        # Create children on DC1
+        ou1_child = self._create_ou(self.ldb_dc1, "OU=Test Child,OU=Original parent")
+        ou2_child = self._create_ou(self.ldb_dc1, "OU=Test Child 2,OU=Original parent")
+        ou3_child = self._create_ou(self.ldb_dc1, "OU=Test Case Child,OU=Original parent")
+
+        # replicate them from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True, full_sync=False)
+
+        self.ldb_dc1.rename("<GUID=%s>" % ou2_child, "OU=Test Child 3,OU=Original parent 2,%s" % self.top_ou)
+        self.ldb_dc1.rename("<GUID=%s>" % ou1_child, "OU=Test Child 2,OU=Original parent 2,%s" % self.top_ou)
+        self.ldb_dc1.rename("<GUID=%s>" % ou2_child, "OU=Test Child,OU=Original parent 2,%s" % self.top_ou)
+        self.ldb_dc1.rename("<GUID=%s>" % ou3_child, "OU=Test CASE Child,OU=Original parent,%s" % self.top_ou)
+        self.ldb_dc2.rename("<GUID=%s>" % self.ou2, "OU=Original parent 3,%s" % self.top_ou)
+        self.ldb_dc2.rename("<GUID=%s>" % self.ou1, "OU=Original parent 2,%s" % self.top_ou)
+
+        # replicate them from DC1 to DC2
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True, full_sync=False)
+
+        # Check the sub-OUs are now under Original Parent 3 (original
+        # parent 2 for Test CASE Child), and both have the right names
+
+        # Check that DC2 got the DC1 object, and the renames are all correct
+        res1 = self.ldb_dc2.search(base="<GUID=%s>" % ou1_child,
+                                   scope=SCOPE_BASE, attrs=["name"])
+        res2 = self.ldb_dc2.search(base="<GUID=%s>" % ou2_child,
+                                   scope=SCOPE_BASE, attrs=["name"])
+        res3 = self.ldb_dc2.search(base="<GUID=%s>" % ou3_child,
+                                   scope=SCOPE_BASE, attrs=["name"])
+        print(res1[0].dn)
+        print(res2[0].dn)
+        print(res3[0].dn)
+        self.assertEqual('Test Child 2', str(res1[0]["name"][0]))
+        self.assertEqual('Test Child', str(res2[0]["name"][0]))
+        self.assertEqual('Test CASE Child', str(res3[0]["name"][0]))
+        self.assertEqual(str(res1[0].dn), "OU=Test Child 2,OU=Original parent 3,%s" % self.top_ou)
+        self.assertEqual(str(res2[0].dn), "OU=Test Child,OU=Original parent 3,%s" % self.top_ou)
+        self.assertEqual(str(res3[0].dn), "OU=Test CASE Child,OU=Original parent 2,%s" % self.top_ou)
+
+        # replicate them from DC2 to DC1
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True, full_sync=False)
+
+        # Check that DC1 got the DC2 object, and the renames are all correct
+        res1 = self.ldb_dc1.search(base="<GUID=%s>" % ou1_child,
+                                   scope=SCOPE_BASE, attrs=["name"])
+        res2 = self.ldb_dc1.search(base="<GUID=%s>" % ou2_child,
+                                   scope=SCOPE_BASE, attrs=["name"])
+        res3 = self.ldb_dc1.search(base="<GUID=%s>" % ou3_child,
+                                   scope=SCOPE_BASE, attrs=["name"])
+        print(res1[0].dn)
+        print(res2[0].dn)
+        print(res3[0].dn)
+        self.assertEqual('Test Child 2', str(res1[0]["name"][0]))
+        self.assertEqual('Test Child', str(res2[0]["name"][0]))
+        self.assertEqual('Test CASE Child', str(res3[0]["name"][0]))
+        self.assertEqual(str(res1[0].dn), "OU=Test Child 2,OU=Original parent 3,%s" % self.top_ou)
+        self.assertEqual(str(res2[0].dn), "OU=Test Child,OU=Original parent 3,%s" % self.top_ou)
+        self.assertEqual(str(res3[0].dn), "OU=Test CASE Child,OU=Original parent 2,%s" % self.top_ou)
+
+        # Delete all objects by GUID on DC1
+
+        self.ldb_dc1.delete('<GUID=%s>' % ou1_child)
+        self.ldb_dc1.delete('<GUID=%s>' % ou2_child)
+        self.ldb_dc1.delete('<GUID=%s>' % ou3_child)
+        self.ldb_dc1.delete('<GUID=%s>' % self.ou1)
+        self.ldb_dc1.delete('<GUID=%s>' % self.ou2)
+
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True, full_sync=False)
+
+        # Check all deleted on DC1
+        self._check_deleted(self.ldb_dc1, self.ou1)
+        self._check_deleted(self.ldb_dc1, self.ou2)
+        self._check_deleted(self.ldb_dc1, ou1_child)
+        self._check_deleted(self.ldb_dc1, ou2_child)
+        self._check_deleted(self.ldb_dc1, ou3_child)
+        # Check all deleted on DC2
+        self._check_deleted(self.ldb_dc2, self.ou1)
+        self._check_deleted(self.ldb_dc2, self.ou2)
+        self._check_deleted(self.ldb_dc2, ou1_child)
+        self._check_deleted(self.ldb_dc2, ou2_child)
+        self._check_deleted(self.ldb_dc2, ou3_child)
+
+    def reanimate_object(self, samdb, guid, new_dn):
+        """Re-animates a deleted object"""
+        res = samdb.search(base="<GUID=%s>" % guid, attrs=["isDeleted"],
+                           controls=['show_deleted:1'], scope=SCOPE_BASE)
+        if len(res) != 1:
+            return
+
+        msg = ldb.Message()
+        msg.dn = res[0].dn
+        msg["isDeleted"] = ldb.MessageElement([], ldb.FLAG_MOD_DELETE, "isDeleted")
+        msg["distinguishedName"] = ldb.MessageElement([new_dn], ldb.FLAG_MOD_REPLACE, "distinguishedName")
+        samdb.modify(msg, ["show_deleted:1"])
+
+    def test_ReplReanimationConflict(self):
+        """
+        Checks that if a reanimated object conflicts with a new object, then
+        the conflict is resolved correctly.
+        """
+
+        self._disable_inbound_repl(self.dnsname_dc1)
+        self._disable_inbound_repl(self.dnsname_dc2)
+
+        # create an object, "accidentally" delete it, and replicate the changes to both DCs
+        self.ou1 = self._create_ou(self.ldb_dc2, "OU=Conflict object")
+        self.ldb_dc2.delete('<GUID=%s>' % self.ou1)
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True, full_sync=False)
+
+        # Now pretend that the admin for one DC resolves the problem by
+        # re-animating the object...
+        self.reanimate_object(self.ldb_dc1, self.ou1, "OU=Conflict object,%s" % self.top_ou)
+
+        # ...whereas another admin just creates a user with the same name
+        # again on a different DC
+        time.sleep(1)
+        self.ou2 = self._create_ou(self.ldb_dc2, "OU=Conflict object")
+
+        # Now sync the DCs to resolve the conflict
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True, full_sync=False)
+
+        # Check the latest change won and SELF.OU1 was made into a conflict
+        res1 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou1,
+                                   scope=SCOPE_BASE, attrs=["name"])
+        res2 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou2,
+                                   scope=SCOPE_BASE, attrs=["name"])
+        print(res1[0]["name"][0])
+        print(res2[0]["name"][0])
+        self.assertTrue('CNF:%s' % self.ou1 in str(res1[0]["name"][0]))
+        self.assertFalse('CNF:%s' % self.ou2 in str(res2[0]["name"][0]))
+
+        # Delete both objects by GUID on DC1
+        self.ldb_dc1.delete('<GUID=%s>' % self.ou1)
+        self.ldb_dc1.delete('<GUID=%s>' % self.ou2)
+
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True, full_sync=False)
+
+        self._check_deleted(self.ldb_dc1, self.ou1)
+        self._check_deleted(self.ldb_dc1, self.ou2)
+        # Check deleted on DC2
+        self._check_deleted(self.ldb_dc2, self.ou1)
+        self._check_deleted(self.ldb_dc2, self.ou2)
diff --git a/source4/torture/drs/python/replica_sync_rodc.py b/source4/torture/drs/python/replica_sync_rodc.py
new file mode 100644
index 0000000..cbdcc12
--- /dev/null
+++ b/source4/torture/drs/python/replica_sync_rodc.py
@@ -0,0 +1,155 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# Test conflict scenarios on the RODC
+#
+# Copyright (C) Kamen Mazdrashki <kamenim@samba.org> 2011
+# Copyright (C) Catalyst.NET Ltd 2018
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+#
+# Usage:
+#  export DC1=dc1_dns_name
+#  export DC2=dc2_dns_name (RODC)
+#  export SUBUNITRUN=$samba4srcdir/scripting/bin/subunitrun
+#  PYTHONPATH="$PYTHONPATH:$samba4srcdir/torture/drs/python" $SUBUNITRUN replica_sync_rodc -U"$DOMAIN/$DC_USERNAME"%"$DC_PASSWORD"
+#
+
+import drs_base
+import samba.tests
+import time
+import ldb
+from samba.common import get_string
+
+from ldb import (
+    SCOPE_BASE, LdbError, ERR_NO_SUCH_OBJECT)
+
+
+class DrsReplicaSyncTestCase(drs_base.DrsBaseTestCase):
+    """Intended as a black box test case for DsReplicaSync
+       implementation. It should test the behavior of this
+       case in cases when inbound replication is disabled"""
+
+    def setUp(self):
+        super(DrsReplicaSyncTestCase, self).setUp()
+        self._disable_all_repl(self.dnsname_dc1)
+        self.ou1 = None
+        self.ou2 = None
+
+    def tearDown(self):
+        # re-enable replication
+        self._enable_all_repl(self.dnsname_dc1)
+
+        super(DrsReplicaSyncTestCase, self).tearDown()
+
+    def _create_ou(self, samdb, name):
+        ldif = """
+dn: %s,%s
+objectClass: organizationalUnit
+""" % (name, self.domain_dn)
+        samdb.add_ldif(ldif)
+        res = samdb.search(base="%s,%s" % (name, self.domain_dn),
+                           scope=SCOPE_BASE, attrs=["objectGUID"])
+        return get_string(self._GUID_string(res[0]["objectGUID"][0]))
+
+    def _check_deleted(self, sam_ldb, guid):
+        # search the user by guid as it may be deleted
+        res = sam_ldb.search(base='<GUID=%s>' % guid,
+                             controls=["show_deleted:1"],
+                             attrs=["isDeleted", "objectCategory", "ou"])
+        self.assertEqual(len(res), 1)
+        ou_cur = res[0]
+        # Deleted Object base DN
+        dodn = self._deleted_objects_dn(sam_ldb)
+        # now check properties of the user
+        name_cur = ou_cur["ou"][0]
+        self.assertEqual(ou_cur["isDeleted"][0], "TRUE")
+        self.assertTrue(not("objectCategory" in ou_cur))
+        self.assertTrue(dodn in str(ou_cur["dn"]),
+                        "OU %s is deleted but it is not located under %s!" % (name_cur, dodn))
+
+    def test_ReplConflictsRODC(self):
+        """Tests that objects created in conflict become conflict DNs"""
+        # Replicate all objects to RODC beforehand
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+
+        # Create conflicting objects on DC1 and DC2, with DC1 object created first
+        name = "OU=Test RODC Conflict"
+        self.ou1 = self._create_ou(self.ldb_dc1, name)
+
+        # Replicate single object
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1,
+                                nc_dn="%s,%s" % (name, self.domain_dn),
+                                local=True, single=True, forced=True)
+
+        # Delete the object, so another can be added
+        self.ldb_dc1.delete('<GUID=%s>' % self.ou1)
+
+        # Create a conflicting DN as it would appear to the RODC
+        self.ou2 = self._create_ou(self.ldb_dc1, name)
+
+        try:
+            self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1,
+                                    nc_dn="%s,%s" % (name, self.domain_dn),
+                                    local=True, single=True, forced=True)
+        except:
+            # Cleanup the object
+            self.ldb_dc1.delete('<GUID=%s>' % self.ou2)
+            return
+
+        # Replicate cannot succeed, HWM would be updated incorrectly.
+        self.fail("DRS replicate should have failed.")
+
+    def test_ReplConflictsRODCRename(self):
+        """Tests that objects created in conflict become conflict DNs"""
+        # Replicate all objects to RODC beforehand
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
+
+        # Create conflicting objects on DC1 and DC2, with DC1 object created first
+        name = "OU=Test RODC Rename Conflict"
+        self.ou1 = self._create_ou(self.ldb_dc1, name)
+
+        # Replicate single object
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1,
+                                nc_dn="%s,%s" % (name, self.domain_dn),
+                                local=True, single=True, forced=True)
+
+        # Create a non-conflicting DN to rename as conflicting
+        free_name = "OU=Test RODC Rename No Conflict"
+        self.ou2 = self._create_ou(self.ldb_dc1, free_name)
+
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1,
+                                nc_dn="%s,%s" % (free_name, self.domain_dn),
+                                local=True, single=True, forced=True)
+
+        # Delete the object, so we can rename freely
+        # DO NOT REPLICATE TO THE RODC
+        self.ldb_dc1.delete('<GUID=%s>' % self.ou1)
+
+        # Collide the name from the RODC perspective
+        self.ldb_dc1.rename("<GUID=%s>" % self.ou2, "%s,%s" % (name, self.domain_dn))
+
+        try:
+            self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1,
+                                    nc_dn="%s,%s" % (name, self.domain_dn),
+                                    local=True, single=True, forced=True)
+        except:
+            # Cleanup the object
+            self.ldb_dc1.delete('<GUID=%s>' % self.ou2)
+            return
+
+        # Replicate cannot succeed, HWM would be updated incorrectly.
+        self.fail("DRS replicate should have failed.")
diff --git a/source4/torture/drs/python/ridalloc_exop.py b/source4/torture/drs/python/ridalloc_exop.py
new file mode 100644
index 0000000..ecd5cec
--- /dev/null
+++ b/source4/torture/drs/python/ridalloc_exop.py
@@ -0,0 +1,802 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# Tests various RID allocation scenarios
+#
+# Copyright (C) Kamen Mazdrashki <kamenim@samba.org> 2011
+# Copyright (C) Andrew Bartlett <abartlet@samba.org> 2016
+# Copyright (C) Catalyst IT Ltd. 2016
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+#
+# Usage:
+#  export DC1=dc1_dns_name
+#  export DC2=dc2_dns_name
+#  export SUBUNITRUN=$samba4srcdir/scripting/bin/subunitrun
+#  PYTHONPATH="$PYTHONPATH:$samba4srcdir/torture/drs/python" $SUBUNITRUN ridalloc_exop -U"$DOMAIN/$DC_USERNAME"%"$DC_PASSWORD"
+#
+
+import drs_base
+
+import ldb
+from ldb import SCOPE_BASE
+
+from samba.dcerpc import drsuapi, misc
+from samba.samdb import SamDB
+
+import shutil
+import os
+from samba.auth import system_session, admin_session
+from samba.dbchecker import dbcheck
+from samba.ndr import ndr_pack
+from samba.dcerpc import security
+from samba import drs_utils, dsdb
+
+
+class DrsReplicaSyncTestCase(drs_base.DrsBaseTestCase):
+    """Intended as a semi-black box test case for DsGetNCChanges
+       implementation for extended operations. It should be testing
+       how DsGetNCChanges handles different input params (mostly invalid).
+       Final goal is to make DsGetNCChanges as binary compatible to
+       Windows implementation as possible"""
+
+    def setUp(self):
+        super(DrsReplicaSyncTestCase, self).setUp()
+
+    def tearDown(self):
+        super(DrsReplicaSyncTestCase, self).tearDown()
+
+    def _determine_fSMORoleOwner(self, fsmo_obj_dn):
+        """Returns (owner, not_owner) pair where:
+             owner: dns name for FSMO owner
+             not_owner: dns name for DC not owning the FSMO"""
+        # collect info to return later
+        fsmo_info_1 = {"dns_name": self.dnsname_dc1,
+                       "invocation_id": self.ldb_dc1.get_invocation_id(),
+                       "ntds_guid": self.ldb_dc1.get_ntds_GUID(),
+                       "server_dn": self.ldb_dc1.get_serverName()}
+        fsmo_info_2 = {"dns_name": self.dnsname_dc2,
+                       "invocation_id": self.ldb_dc2.get_invocation_id(),
+                       "ntds_guid": self.ldb_dc2.get_ntds_GUID(),
+                       "server_dn": self.ldb_dc2.get_serverName()}
+
+        msgs = self.ldb_dc1.search(scope=ldb.SCOPE_BASE, base=fsmo_info_1["server_dn"], attrs=["serverReference"])
+        fsmo_info_1["server_acct_dn"] = ldb.Dn(self.ldb_dc1, msgs[0]["serverReference"][0].decode('utf8'))
+        fsmo_info_1["rid_set_dn"] = ldb.Dn(self.ldb_dc1, "CN=RID Set") + fsmo_info_1["server_acct_dn"]
+
+        msgs = self.ldb_dc2.search(scope=ldb.SCOPE_BASE, base=fsmo_info_2["server_dn"], attrs=["serverReference"])
+        fsmo_info_2["server_acct_dn"] = ldb.Dn(self.ldb_dc2, msgs[0]["serverReference"][0].decode('utf8'))
+        fsmo_info_2["rid_set_dn"] = ldb.Dn(self.ldb_dc2, "CN=RID Set") + fsmo_info_2["server_acct_dn"]
+
+        # determine the owner dc
+        res = self.ldb_dc1.search(fsmo_obj_dn,
+                                  scope=SCOPE_BASE, attrs=["fSMORoleOwner"])
+        assert len(res) == 1, "Only one fSMORoleOwner value expected for %s!" % fsmo_obj_dn
+        fsmo_owner = res[0]["fSMORoleOwner"][0]
+        if fsmo_owner == self.info_dc1["dsServiceName"][0]:
+            return (fsmo_info_1, fsmo_info_2)
+        return (fsmo_info_2, fsmo_info_1)
+
+    def _check_exop_failed(self, ctr6, expected_failure):
+        self.assertEqual(ctr6.extended_ret, expected_failure)
+        #self.assertEqual(ctr6.object_count, 0)
+        #self.assertEqual(ctr6.first_object, None)
+        self.assertEqual(ctr6.more_data, False)
+        self.assertEqual(ctr6.nc_object_count, 0)
+        self.assertEqual(ctr6.nc_linked_attributes_count, 0)
+        self.assertEqual(ctr6.linked_attributes_count, 0)
+        self.assertEqual(ctr6.linked_attributes, [])
+        self.assertEqual(ctr6.drs_error[0], 0)
+
+    def test_InvalidDestDSA_ridalloc(self):
+        """Test RID allocation with invalid destination DSA guid"""
+        fsmo_dn = ldb.Dn(self.ldb_dc1, "CN=RID Manager$,CN=System," + self.ldb_dc1.domain_dn())
+        (fsmo_owner, fsmo_not_owner) = self._determine_fSMORoleOwner(fsmo_dn)
+
+        req8 = self._exop_req8(dest_dsa="9c637462-5b8c-4467-aef2-bdb1f57bc4ef",
+                               invocation_id=fsmo_owner["invocation_id"],
+                               nc_dn_str=fsmo_dn,
+                               exop=drsuapi.DRSUAPI_EXOP_FSMO_RID_ALLOC)
+
+        (drs, drs_handle) = self._ds_bind(fsmo_owner["dns_name"])
+        (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
+        self.assertEqual(level, 6, "Expected level 6 response!")
+        self._check_exop_failed(ctr, drsuapi.DRSUAPI_EXOP_ERR_UNKNOWN_CALLER)
+        self.assertEqual(ctr.source_dsa_guid, misc.GUID(fsmo_owner["ntds_guid"]))
+        self.assertEqual(ctr.source_dsa_invocation_id, misc.GUID(fsmo_owner["invocation_id"]))
+
+    def test_do_ridalloc(self):
+        """Test doing a RID allocation with a valid destination DSA guid"""
+        fsmo_dn = ldb.Dn(self.ldb_dc1, "CN=RID Manager$,CN=System," + self.ldb_dc1.domain_dn())
+        (fsmo_owner, fsmo_not_owner) = self._determine_fSMORoleOwner(fsmo_dn)
+
+        req8 = self._exop_req8(dest_dsa=fsmo_not_owner["ntds_guid"],
+                               invocation_id=fsmo_owner["invocation_id"],
+                               nc_dn_str=fsmo_dn,
+                               exop=drsuapi.DRSUAPI_EXOP_FSMO_RID_ALLOC)
+
+        (drs, drs_handle) = self._ds_bind(fsmo_owner["dns_name"])
+        (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
+        self.assertEqual(level, 6, "Expected level 6 response!")
+        self.assertEqual(ctr.source_dsa_guid, misc.GUID(fsmo_owner["ntds_guid"]))
+        self.assertEqual(ctr.source_dsa_invocation_id, misc.GUID(fsmo_owner["invocation_id"]))
+        ctr6 = ctr
+        self.assertEqual(ctr6.extended_ret, drsuapi.DRSUAPI_EXOP_ERR_SUCCESS)
+        self.assertEqual(ctr6.object_count, 3)
+        self.assertNotEqual(ctr6.first_object, None)
+        self.assertEqual(ldb.Dn(self.ldb_dc1, ctr6.first_object.object.identifier.dn), fsmo_dn)
+        self.assertNotEqual(ctr6.first_object.next_object, None)
+        self.assertNotEqual(ctr6.first_object.next_object.next_object, None)
+        second_object = ctr6.first_object.next_object.object
+        self.assertEqual(ldb.Dn(self.ldb_dc1, second_object.identifier.dn), fsmo_not_owner["rid_set_dn"])
+        third_object = ctr6.first_object.next_object.next_object.object
+        self.assertEqual(ldb.Dn(self.ldb_dc1, third_object.identifier.dn), fsmo_not_owner["server_acct_dn"])
+
+        self.assertEqual(ctr6.more_data, False)
+        self.assertEqual(ctr6.nc_object_count, 0)
+        self.assertEqual(ctr6.nc_linked_attributes_count, 0)
+        self.assertEqual(ctr6.drs_error[0], 0)
+        # We don't check the linked_attributes_count as if the domain
+        # has an RODC, it can gain links on the server account object
+
+    def test_do_ridalloc_get_anc(self):
+        """Test doing a RID allocation with a valid destination DSA guid and GET_ANC flag"""
+        fsmo_dn = ldb.Dn(self.ldb_dc1, "CN=RID Manager$,CN=System," + self.ldb_dc1.domain_dn())
+        (fsmo_owner, fsmo_not_owner) = self._determine_fSMORoleOwner(fsmo_dn)
+
+        req8 = self._exop_req8(dest_dsa=fsmo_not_owner["ntds_guid"],
+                               invocation_id=fsmo_owner["invocation_id"],
+                               nc_dn_str=fsmo_dn,
+                               exop=drsuapi.DRSUAPI_EXOP_FSMO_RID_ALLOC,
+                               replica_flags=drsuapi.DRSUAPI_DRS_GET_ANC)
+
+        (drs, drs_handle) = self._ds_bind(fsmo_owner["dns_name"])
+        (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
+        self.assertEqual(level, 6, "Expected level 6 response!")
+        self.assertEqual(ctr.source_dsa_guid, misc.GUID(fsmo_owner["ntds_guid"]))
+        self.assertEqual(ctr.source_dsa_invocation_id, misc.GUID(fsmo_owner["invocation_id"]))
+        ctr6 = ctr
+        self.assertEqual(ctr6.extended_ret, drsuapi.DRSUAPI_EXOP_ERR_SUCCESS)
+        self.assertEqual(ctr6.object_count, 3)
+        self.assertNotEqual(ctr6.first_object, None)
+        self.assertEqual(ldb.Dn(self.ldb_dc1, ctr6.first_object.object.identifier.dn), fsmo_dn)
+        self.assertNotEqual(ctr6.first_object.next_object, None)
+        self.assertNotEqual(ctr6.first_object.next_object.next_object, None)
+        second_object = ctr6.first_object.next_object.object
+        self.assertEqual(ldb.Dn(self.ldb_dc1, second_object.identifier.dn), fsmo_not_owner["rid_set_dn"])
+        third_object = ctr6.first_object.next_object.next_object.object
+        self.assertEqual(ldb.Dn(self.ldb_dc1, third_object.identifier.dn), fsmo_not_owner["server_acct_dn"])
+        self.assertEqual(ctr6.more_data, False)
+        self.assertEqual(ctr6.nc_object_count, 0)
+        self.assertEqual(ctr6.nc_linked_attributes_count, 0)
+        self.assertEqual(ctr6.drs_error[0], 0)
+        # We don't check the linked_attributes_count as if the domain
+        # has an RODC, it can gain links on the server account object
+
+    def test_edit_rid_master(self):
+        """Test doing a RID allocation after changing the RID master from the original one.
+           This should set rIDNextRID to 0 on the new RID master."""
+        # 1. a. Transfer role to non-RID master
+        #    b. Check that it succeeds correctly
+        #
+        # 2. a. Call the RID alloc against the former master.
+        #    b. Check that it succeeds.
+        fsmo_dn = ldb.Dn(self.ldb_dc1, "CN=RID Manager$,CN=System," + self.ldb_dc1.domain_dn())
+        (fsmo_owner, fsmo_not_owner) = self._determine_fSMORoleOwner(fsmo_dn)
+
+        # 1. Swap RID master role
+        m = ldb.Message()
+        m.dn = ldb.Dn(self.ldb_dc1, "")
+        m["becomeRidMaster"] = ldb.MessageElement("1", ldb.FLAG_MOD_REPLACE,
+                                                  "becomeRidMaster")
+
+        # Make sure that ldb_dc1 == RID Master
+
+        server_dn = str(ldb.Dn(self.ldb_dc1, self.ldb_dc1.get_dsServiceName()).parent())
+
+        # self.ldb_dc1 == LOCALDC
+        if server_dn == fsmo_owner['server_dn']:
+            # ldb_dc1 == VAMPIREDC
+            ldb_dc1, ldb_dc2 = self.ldb_dc2, self.ldb_dc1
+        else:
+            # Otherwise switch the two
+            ldb_dc1, ldb_dc2 = self.ldb_dc1, self.ldb_dc2
+
+        try:
+            # ldb_dc1 is now RID MASTER (as VAMPIREDC)
+            ldb_dc1.modify(m)
+        except ldb.LdbError as e1:
+            (num, msg) = e1.args
+            self.fail("Failed to reassign RID Master " + msg)
+
+        try:
+            # 2. Perform a RID alloc
+            req8 = self._exop_req8(dest_dsa=fsmo_owner["ntds_guid"],
+                                   invocation_id=fsmo_not_owner["invocation_id"],
+                                   nc_dn_str=fsmo_dn,
+                                   exop=drsuapi.DRSUAPI_EXOP_FSMO_RID_ALLOC)
+
+            (drs, drs_handle) = self._ds_bind(fsmo_not_owner["dns_name"])
+            # 3. Make sure the allocation succeeds
+            try:
+                (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
+            except RuntimeError as e:
+                self.fail("RID allocation failed: " + str(e))
+
+            fsmo_dn = ldb.Dn(self.ldb_dc1, "CN=RID Manager$,CN=System," + self.ldb_dc1.domain_dn())
+
+            self.assertEqual(level, 6, "Expected level 6 response!")
+            self.assertEqual(ctr.source_dsa_guid, misc.GUID(fsmo_not_owner["ntds_guid"]))
+            self.assertEqual(ctr.source_dsa_invocation_id, misc.GUID(fsmo_not_owner["invocation_id"]))
+            ctr6 = ctr
+            self.assertEqual(ctr6.extended_ret, drsuapi.DRSUAPI_EXOP_ERR_SUCCESS)
+            self.assertEqual(ctr6.object_count, 3)
+            self.assertNotEqual(ctr6.first_object, None)
+            self.assertEqual(ldb.Dn(ldb_dc2, ctr6.first_object.object.identifier.dn), fsmo_dn)
+            self.assertNotEqual(ctr6.first_object.next_object, None)
+            self.assertNotEqual(ctr6.first_object.next_object.next_object, None)
+            second_object = ctr6.first_object.next_object.object
+            self.assertEqual(ldb.Dn(self.ldb_dc1, second_object.identifier.dn), fsmo_owner["rid_set_dn"])
+            third_object = ctr6.first_object.next_object.next_object.object
+            self.assertEqual(ldb.Dn(self.ldb_dc1, third_object.identifier.dn), fsmo_owner["server_acct_dn"])
+        finally:
+            # Swap the RID master back for other tests
+            m = ldb.Message()
+            m.dn = ldb.Dn(ldb_dc2, "")
+            m["becomeRidMaster"] = ldb.MessageElement("1", ldb.FLAG_MOD_REPLACE, "becomeRidMaster")
+            try:
+                ldb_dc2.modify(m)
+            except ldb.LdbError as e:
+                (num, msg) = e.args
+                self.fail("Failed to restore RID Master " + msg)
+
+    def test_offline_samba_tool_seized_ridalloc(self):
+        """Perform a join against the non-RID manager and then seize the RID Manager role"""
+
+        fsmo_dn = ldb.Dn(self.ldb_dc1, "CN=RID Manager$,CN=System," + self.ldb_dc1.domain_dn())
+        (fsmo_owner, fsmo_not_owner) = self._determine_fSMORoleOwner(fsmo_dn)
+
+        targetdir = self._test_join(fsmo_not_owner['dns_name'], "RIDALLOCTEST1")
+        try:
+            # Connect to the database
+            ldb_url = "tdb://%s" % os.path.join(targetdir, "private/sam.ldb")
+            smbconf = os.path.join(targetdir, "etc/smb.conf")
+
+            lp = self.get_loadparm()
+            new_ldb = SamDB(ldb_url, credentials=self.get_credentials(),
+                            session_info=system_session(lp), lp=lp)
+
+            # 1. Get server name
+            res = new_ldb.search(base=ldb.Dn(new_ldb, new_ldb.get_serverName()),
+                                 scope=ldb.SCOPE_BASE, attrs=["serverReference"])
+            # 2. Get server reference
+            server_ref_dn = ldb.Dn(new_ldb, res[0]['serverReference'][0].decode('utf8'))
+
+            # Assert that no RID Set has been set
+            res = new_ldb.search(base=server_ref_dn,
+                                 scope=ldb.SCOPE_BASE, attrs=['rIDSetReferences'])
+
+            self.assertFalse("rIDSetReferences" in res[0])
+
+            (result, out, err) = self.runsubcmd("fsmo", "seize", "--role", "rid", "-H", ldb_url, "--configfile=%s" % (smbconf), "--force")
+            self.assertCmdSuccess(result, out, err)
+            self.assertEqual(err, "", "Shouldn't be any error messages")
+
+            # 3. Assert we get the RID Set
+            res = new_ldb.search(base=server_ref_dn,
+                                 scope=ldb.SCOPE_BASE, attrs=['rIDSetReferences'])
+
+            self.assertTrue("rIDSetReferences" in res[0])
+        finally:
+            shutil.rmtree(targetdir, ignore_errors=True)
+            self._test_force_demote(fsmo_not_owner['dns_name'], "RIDALLOCTEST1")
+
+    def _test_join(self, server, netbios_name):
+        tmpdir = os.path.join(self.tempdir, "targetdir")
+        creds = self.get_credentials()
+        (result, out, err) = self.runsubcmd("domain", "join",
+                                            creds.get_realm(),
+                                            "dc", "-U%s%%%s" % (creds.get_username(),
+                                                                creds.get_password()),
+                                            '--targetdir=%s' % tmpdir,
+                                            '--server=%s' % server,
+                                            "--option=netbios name = %s" % netbios_name)
+        self.assertCmdSuccess(result, out, err)
+        return tmpdir
+
+    def _test_force_demote(self, server, netbios_name):
+        creds = self.get_credentials()
+        (result, out, err) = self.runsubcmd("domain", "demote",
+                                            "-U%s%%%s" % (creds.get_username(),
+                                                          creds.get_password()),
+                                            '--server=%s' % server,
+                                            "--remove-other-dead-server=%s" % netbios_name)
+        self.assertCmdSuccess(result, out, err)
+
+    def test_offline_manual_seized_ridalloc_with_dbcheck(self):
+        """Perform the same actions as test_offline_samba_tool_seized_ridalloc,
+        but do not create the RID set. Confirm that dbcheck correctly creates
+        the RID Set.
+
+        Also check
+        """
+        fsmo_dn = ldb.Dn(self.ldb_dc1, "CN=RID Manager$,CN=System," + self.ldb_dc1.domain_dn())
+        (fsmo_owner, fsmo_not_owner) = self._determine_fSMORoleOwner(fsmo_dn)
+
+        targetdir = self._test_join(fsmo_not_owner['dns_name'], "RIDALLOCTEST2")
+        try:
+            # Connect to the database
+            ldb_url = "tdb://%s" % os.path.join(targetdir, "private/sam.ldb")
+            lp = self.get_loadparm()
+
+            new_ldb = SamDB(ldb_url, credentials=self.get_credentials(),
+                            session_info=system_session(lp), lp=lp)
+
+            serviceName = new_ldb.get_dsServiceName()
+            m = ldb.Message()
+            m.dn = fsmo_dn
+            m["fSMORoleOwner"] = ldb.MessageElement(serviceName,
+                                                    ldb.FLAG_MOD_REPLACE,
+                                                    "fSMORoleOwner")
+            new_ldb.modify(m)
+
+            # 1. Get server name
+            res = new_ldb.search(base=ldb.Dn(new_ldb, new_ldb.get_serverName()),
+                                 scope=ldb.SCOPE_BASE, attrs=["serverReference"])
+            # 2. Get server reference
+            server_ref_dn = ldb.Dn(new_ldb, res[0]['serverReference'][0].decode('utf8'))
+
+            # Assert that no RID Set has been set
+            res = new_ldb.search(base=server_ref_dn,
+                                 scope=ldb.SCOPE_BASE, attrs=['rIDSetReferences'])
+
+            self.assertFalse("rIDSetReferences" in res[0])
+
+            chk = dbcheck(new_ldb, verbose=False, fix=True, yes=True, quiet=True)
+
+            self.assertEqual(chk.check_database(DN=server_ref_dn, scope=ldb.SCOPE_BASE), 1, "Should have fixed one error (missing RID Set)")
+
+            # 3. Assert we get the RID Set
+            res = new_ldb.search(base=server_ref_dn,
+                                 scope=ldb.SCOPE_BASE, attrs=['rIDSetReferences'])
+
+            self.assertTrue("rIDSetReferences" in res[0])
+        finally:
+            self._test_force_demote(fsmo_not_owner['dns_name'], "RIDALLOCTEST2")
+            shutil.rmtree(targetdir, ignore_errors=True)
+
+    def test_offline_manual_seized_ridalloc_add_user(self):
+        """Perform the same actions as test_offline_samba_tool_seized_ridalloc,
+        but do not create the RID set. Confirm that user-add correctly creates
+        the RID Set."""
+        fsmo_dn = ldb.Dn(self.ldb_dc1, "CN=RID Manager$,CN=System," + self.ldb_dc1.domain_dn())
+        (fsmo_owner, fsmo_not_owner) = self._determine_fSMORoleOwner(fsmo_dn)
+
+        targetdir = self._test_join(fsmo_not_owner['dns_name'], "RIDALLOCTEST3")
+        try:
+            # Connect to the database
+            ldb_url = "tdb://%s" % os.path.join(targetdir, "private/sam.ldb")
+            lp = self.get_loadparm()
+
+            new_ldb = SamDB(ldb_url, credentials=self.get_credentials(),
+                            session_info=system_session(lp), lp=lp)
+
+            serviceName = new_ldb.get_dsServiceName()
+            m = ldb.Message()
+            m.dn = fsmo_dn
+            m["fSMORoleOwner"] = ldb.MessageElement(serviceName,
+                                                    ldb.FLAG_MOD_REPLACE,
+                                                    "fSMORoleOwner")
+            new_ldb.modify(m)
+
+            # 1. Get server name
+            res = new_ldb.search(base=ldb.Dn(new_ldb, new_ldb.get_serverName()),
+                                 scope=ldb.SCOPE_BASE, attrs=["serverReference"])
+            # 2. Get server reference
+            server_ref_dn = ldb.Dn(new_ldb, res[0]['serverReference'][0].decode('utf8'))
+
+            # Assert that no RID Set has been set
+            res = new_ldb.search(base=server_ref_dn,
+                                 scope=ldb.SCOPE_BASE, attrs=['rIDSetReferences'])
+
+            self.assertFalse("rIDSetReferences" in res[0])
+
+            new_ldb.newuser("ridalloctestuser", "P@ssword!")
+
+            # 3. Assert we get the RID Set
+            res = new_ldb.search(base=server_ref_dn,
+                                 scope=ldb.SCOPE_BASE, attrs=['rIDSetReferences'])
+
+            self.assertTrue("rIDSetReferences" in res[0])
+
+        finally:
+            self._test_force_demote(fsmo_not_owner['dns_name'], "RIDALLOCTEST3")
+            shutil.rmtree(targetdir, ignore_errors=True)
+
+    def test_offline_manual_seized_ridalloc_add_user_as_admin(self):
+        """Perform the same actions as test_offline_samba_tool_seized_ridalloc,
+        but do not create the RID set. Confirm that user-add correctly creates
+        the RID Set."""
+        fsmo_dn = ldb.Dn(self.ldb_dc1, "CN=RID Manager$,CN=System," + self.ldb_dc1.domain_dn())
+        (fsmo_owner, fsmo_not_owner) = self._determine_fSMORoleOwner(fsmo_dn)
+
+        targetdir = self._test_join(fsmo_not_owner['dns_name'], "RIDALLOCTEST4")
+        try:
+            # Connect to the database
+            ldb_url = "tdb://%s" % os.path.join(targetdir, "private/sam.ldb")
+            lp = self.get_loadparm()
+
+            new_ldb = SamDB(ldb_url, credentials=self.get_credentials(),
+                            session_info=admin_session(lp, self.ldb_dc1.get_domain_sid()), lp=lp)
+
+            serviceName = new_ldb.get_dsServiceName()
+            m = ldb.Message()
+            m.dn = fsmo_dn
+            m["fSMORoleOwner"] = ldb.MessageElement(serviceName,
+                                                    ldb.FLAG_MOD_REPLACE,
+                                                    "fSMORoleOwner")
+            new_ldb.modify(m)
+
+            # 1. Get server name
+            res = new_ldb.search(base=ldb.Dn(new_ldb, new_ldb.get_serverName()),
+                                 scope=ldb.SCOPE_BASE, attrs=["serverReference"])
+            # 2. Get server reference
+            server_ref_dn = ldb.Dn(new_ldb, res[0]['serverReference'][0].decode('utf8'))
+
+            # Assert that no RID Set has been set
+            res = new_ldb.search(base=server_ref_dn,
+                                 scope=ldb.SCOPE_BASE, attrs=['rIDSetReferences'])
+
+            self.assertFalse("rIDSetReferences" in res[0])
+
+            # Create a user to allocate a RID Set for itself (the RID master)
+            new_ldb.newuser("ridalloctestuser", "P@ssword!")
+
+            # 3. Assert we get the RID Set
+            res = new_ldb.search(base=server_ref_dn,
+                                 scope=ldb.SCOPE_BASE, attrs=['rIDSetReferences'])
+
+            self.assertTrue("rIDSetReferences" in res[0])
+
+        finally:
+            self._test_force_demote(fsmo_not_owner['dns_name'], "RIDALLOCTEST4")
+            shutil.rmtree(targetdir, ignore_errors=True)
+
+    def test_join_time_ridalloc(self):
+        """Perform a join against the RID manager and assert we have a RID Set"""
+
+        fsmo_dn = ldb.Dn(self.ldb_dc1, "CN=RID Manager$,CN=System," + self.ldb_dc1.domain_dn())
+        (fsmo_owner, fsmo_not_owner) = self._determine_fSMORoleOwner(fsmo_dn)
+
+        targetdir = self._test_join(fsmo_owner['dns_name'], "RIDALLOCTEST5")
+        try:
+            # Connect to the database
+            ldb_url = "tdb://%s" % os.path.join(targetdir, "private/sam.ldb")
+
+            lp = self.get_loadparm()
+            new_ldb = SamDB(ldb_url, credentials=self.get_credentials(),
+                            session_info=system_session(lp), lp=lp)
+
+            # 1. Get server name
+            res = new_ldb.search(base=ldb.Dn(new_ldb, new_ldb.get_serverName()),
+                                 scope=ldb.SCOPE_BASE, attrs=["serverReference"])
+            # 2. Get server reference
+            server_ref_dn = ldb.Dn(new_ldb, res[0]['serverReference'][0].decode('utf8'))
+
+            # 3. Assert we get the RID Set
+            res = new_ldb.search(base=server_ref_dn,
+                                 scope=ldb.SCOPE_BASE, attrs=['rIDSetReferences'])
+
+            self.assertTrue("rIDSetReferences" in res[0])
+        finally:
+            self._test_force_demote(fsmo_owner['dns_name'], "RIDALLOCTEST5")
+            shutil.rmtree(targetdir, ignore_errors=True)
+
+    def test_rid_set_dbcheck(self):
+        """Perform a join against the RID manager and assert we have a RID Set.
+        Using dbcheck, we assert that we can detect out of range users."""
+
+        fsmo_dn = ldb.Dn(self.ldb_dc1, "CN=RID Manager$,CN=System," + self.ldb_dc1.domain_dn())
+        (fsmo_owner, fsmo_not_owner) = self._determine_fSMORoleOwner(fsmo_dn)
+
+        targetdir = self._test_join(fsmo_owner['dns_name'], "RIDALLOCTEST6")
+        try:
+            # Connect to the database
+            ldb_url = "tdb://%s" % os.path.join(targetdir, "private/sam.ldb")
+
+            lp = self.get_loadparm()
+            new_ldb = SamDB(ldb_url, credentials=self.get_credentials(),
+                            session_info=system_session(lp), lp=lp)
+
+            # 1. Get server name
+            res = new_ldb.search(base=ldb.Dn(new_ldb, new_ldb.get_serverName()),
+                                 scope=ldb.SCOPE_BASE, attrs=["serverReference"])
+            # 2. Get server reference
+            server_ref_dn = ldb.Dn(new_ldb, res[0]['serverReference'][0].decode('utf8'))
+
+            # 3. Assert we get the RID Set
+            res = new_ldb.search(base=server_ref_dn,
+                                 scope=ldb.SCOPE_BASE, attrs=['rIDSetReferences'])
+
+            self.assertTrue("rIDSetReferences" in res[0])
+            rid_set_dn = ldb.Dn(new_ldb, res[0]["rIDSetReferences"][0].decode('utf8'))
+
+            # 4. Add a new user (triggers RID set work)
+            new_ldb.newuser("ridalloctestuser", "P@ssword!")
+
+            # 5. Now fetch the RID SET
+            rid_set_res = new_ldb.search(base=rid_set_dn,
+                                         scope=ldb.SCOPE_BASE, attrs=['rIDNextRid',
+                                                                      'rIDAllocationPool'])
+            next_pool = int(rid_set_res[0]["rIDAllocationPool"][0])
+            last_rid = (0xFFFFFFFF00000000 & next_pool) >> 32
+
+            # 6. Add user above the ridNextRid and at mid-range.
+            #
+            # We can do this with safety because this is an offline DB that will be
+            # destroyed.
+            m = ldb.Message()
+            m.dn = ldb.Dn(new_ldb, "CN=ridsettestuser1,CN=Users")
+            m.dn.add_base(new_ldb.get_default_basedn())
+            m['objectClass'] = ldb.MessageElement('user', ldb.FLAG_MOD_ADD, 'objectClass')
+            m['objectSid'] = ldb.MessageElement(ndr_pack(security.dom_sid(str(new_ldb.get_domain_sid()) + "-%d" % (last_rid - 10))),
+                                                ldb.FLAG_MOD_ADD,
+                                                'objectSid')
+            new_ldb.add(m, controls=["relax:0"])
+
+            # 7. Check the RID Set
+            chk = dbcheck(new_ldb, verbose=False, fix=True, yes=True, quiet=True)
+
+            # Should have one error (wrong rIDNextRID)
+            self.assertEqual(chk.check_database(DN=rid_set_dn, scope=ldb.SCOPE_BASE), 1)
+
+            # 8. Assert we get didn't show any other errors
+            chk = dbcheck(new_ldb, verbose=False, fix=False, quiet=True)
+
+            rid_set_res = new_ldb.search(base=rid_set_dn,
+                                         scope=ldb.SCOPE_BASE, attrs=['rIDNextRid',
+                                                                      'rIDAllocationPool'])
+            last_allocated_rid = int(rid_set_res[0]["rIDNextRid"][0])
+            self.assertEqual(last_allocated_rid, last_rid - 10)
+
+            # 9. Assert that the range wasn't thrown away
+
+            next_pool = int(rid_set_res[0]["rIDAllocationPool"][0])
+            self.assertEqual(last_rid, (0xFFFFFFFF00000000 & next_pool) >> 32, "rid pool should have changed")
+        finally:
+            self._test_force_demote(fsmo_owner['dns_name'], "RIDALLOCTEST6")
+            shutil.rmtree(targetdir, ignore_errors=True)
+
+    def test_rid_set_dbcheck_after_seize(self):
+        """Perform a join against the RID manager and assert we have a RID Set.
+        We seize the RID master role, then using dbcheck, we assert that we can
+        detect out of range users (and then bump the RID set as required)."""
+
+        fsmo_dn = ldb.Dn(self.ldb_dc1, "CN=RID Manager$,CN=System," + self.ldb_dc1.domain_dn())
+        (fsmo_owner, fsmo_not_owner) = self._determine_fSMORoleOwner(fsmo_dn)
+
+        targetdir = self._test_join(fsmo_owner['dns_name'], "RIDALLOCTEST7")
+        try:
+            # Connect to the database
+            ldb_url = "tdb://%s" % os.path.join(targetdir, "private/sam.ldb")
+            smbconf = os.path.join(targetdir, "etc/smb.conf")
+
+            lp = self.get_loadparm()
+            new_ldb = SamDB(ldb_url, credentials=self.get_credentials(),
+                            session_info=system_session(lp), lp=lp)
+
+            # 1. Get server name
+            res = new_ldb.search(base=ldb.Dn(new_ldb, new_ldb.get_serverName()),
+                                 scope=ldb.SCOPE_BASE, attrs=["serverReference"])
+            # 2. Get server reference
+            server_ref_dn = ldb.Dn(new_ldb, res[0]['serverReference'][0].decode('utf8'))
+
+            # 3. Assert we get the RID Set
+            res = new_ldb.search(base=server_ref_dn,
+                                 scope=ldb.SCOPE_BASE, attrs=['rIDSetReferences'])
+
+            self.assertTrue("rIDSetReferences" in res[0])
+            rid_set_dn = ldb.Dn(new_ldb, res[0]["rIDSetReferences"][0].decode('utf8'))
+            # 4. Seize the RID Manager role
+            (result, out, err) = self.runsubcmd("fsmo", "seize", "--role", "rid", "-H", ldb_url, "--configfile=%s" % (smbconf), "--force")
+            self.assertCmdSuccess(result, out, err)
+            self.assertEqual(err, "", "Shouldn't be any error messages")
+
+            # 5. Add a new user (triggers RID set work)
+            new_ldb.newuser("ridalloctestuser", "P@ssword!")
+
+            # 6. Now fetch the RID SET
+            rid_set_res = new_ldb.search(base=rid_set_dn,
+                                         scope=ldb.SCOPE_BASE, attrs=['rIDNextRid',
+                                                                      'rIDAllocationPool'])
+            next_pool = int(rid_set_res[0]["rIDAllocationPool"][0])
+            last_rid = (0xFFFFFFFF00000000 & next_pool) >> 32
+
+            # 7. Add user above the ridNextRid and at almost the end of the range.
+            #
+            m = ldb.Message()
+            m.dn = ldb.Dn(new_ldb, "CN=ridsettestuser2,CN=Users")
+            m.dn.add_base(new_ldb.get_default_basedn())
+            m['objectClass'] = ldb.MessageElement('user', ldb.FLAG_MOD_ADD, 'objectClass')
+            m['objectSid'] = ldb.MessageElement(ndr_pack(security.dom_sid(str(new_ldb.get_domain_sid()) + "-%d" % (last_rid - 3))),
+                                                ldb.FLAG_MOD_ADD,
+                                                'objectSid')
+            new_ldb.add(m, controls=["relax:0"])
+
+            # 8. Add user above the ridNextRid and at the end of the range
+            m = ldb.Message()
+            m.dn = ldb.Dn(new_ldb, "CN=ridsettestuser3,CN=Users")
+            m.dn.add_base(new_ldb.get_default_basedn())
+            m['objectClass'] = ldb.MessageElement('user', ldb.FLAG_MOD_ADD, 'objectClass')
+            m['objectSid'] = ldb.MessageElement(ndr_pack(security.dom_sid(str(new_ldb.get_domain_sid()) + "-%d" % last_rid)),
+                                                ldb.FLAG_MOD_ADD,
+                                                'objectSid')
+            new_ldb.add(m, controls=["relax:0"])
+
+            chk = dbcheck(new_ldb, verbose=False, fix=True, yes=True, quiet=True)
+
+            # Should have fixed two errors (wrong ridNextRid)
+            self.assertEqual(chk.check_database(DN=rid_set_dn, scope=ldb.SCOPE_BASE), 2)
+
+            # 9. Assert we get didn't show any other errors
+            chk = dbcheck(new_ldb, verbose=False, fix=False, quiet=True)
+
+            # 10. Add another user (checks RID rollover)
+            # We have seized the role, so we can do that.
+            new_ldb.newuser("ridalloctestuser3", "P@ssword!")
+
+            rid_set_res = new_ldb.search(base=rid_set_dn,
+                                         scope=ldb.SCOPE_BASE, attrs=['rIDNextRid',
+                                                                      'rIDAllocationPool'])
+            next_pool = int(rid_set_res[0]["rIDAllocationPool"][0])
+            self.assertNotEqual(last_rid, (0xFFFFFFFF00000000 & next_pool) >> 32, "rid pool should have changed")
+        finally:
+            self._test_force_demote(fsmo_owner['dns_name'], "RIDALLOCTEST7")
+            shutil.rmtree(targetdir, ignore_errors=True)
+
+    def test_replicate_against_deleted_objects_transaction(self):
+        """Not related to RID allocation, but uses the infrastructure here.
+        Do a join, create a link between two objects remotely, but
+        remove the target locally.  Show that we need to set a magic
+        opaque if there is an outer transaction.
+
+        """
+        fsmo_dn = ldb.Dn(self.ldb_dc1, "CN=RID Manager$,CN=System," + self.ldb_dc1.domain_dn())
+        (fsmo_owner, fsmo_not_owner) = self._determine_fSMORoleOwner(fsmo_dn)
+
+        test_user4 = "ridalloctestuser4"
+        test_group = "ridalloctestgroup1"
+
+        self.ldb_dc1.newuser(test_user4, "P@ssword!")
+
+        self.addCleanup(self.ldb_dc1.deleteuser, test_user4)
+
+        self.ldb_dc1.newgroup(test_group)
+        self.addCleanup(self.ldb_dc1.deletegroup, test_group)
+
+        targetdir = self._test_join(self.dnsname_dc1, "RIDALLOCTEST8")
+        try:
+            # Connect to the database
+            ldb_url = "tdb://%s" % os.path.join(targetdir, "private/sam.ldb")
+            lp = self.get_loadparm()
+
+            new_ldb = SamDB(ldb_url,
+                            session_info=system_session(lp), lp=lp)
+
+            destination_dsa_guid = misc.GUID(new_ldb.get_ntds_GUID())
+
+            repl = drs_utils.drs_Replicate(f'ncacn_ip_tcp:{self.dnsname_dc1}[seal]',
+                                           lp,
+                                           self.get_credentials(),
+                                           new_ldb,
+                                           destination_dsa_guid)
+
+            source_dsa_invocation_id = misc.GUID(self.ldb_dc1.invocation_id)
+
+            # Add the link on the remote DC
+            self.ldb_dc1.add_remove_group_members(test_group, [test_user4])
+
+            # Starting a transaction overrides, currently the logic
+            # inside repl.replicatate to retry with GET_TGT which in
+            # turn tells the repl_meta_data module that the most up to
+            # date info is already available
+            new_ldb.transaction_start()
+            repl.replicate(self.ldb_dc1.domain_dn(),
+                           source_dsa_invocation_id,
+                           destination_dsa_guid)
+
+            # Delete the user locally, before applying the links.
+            # This simulates getting the delete in the replciation
+            # stream.
+            new_ldb.deleteuser(test_user4)
+
+            # This fails as the user has been deleted locally but a remote link is sent
+            self.assertRaises(ldb.LdbError, new_ldb.transaction_commit)
+
+            new_ldb.transaction_start()
+            repl.replicate(self.ldb_dc1.domain_dn(),
+                           source_dsa_invocation_id,
+                           destination_dsa_guid)
+
+            # Delete the user locally (the previous transaction
+            # doesn't apply), before applying the links.  This
+            # simulates getting the delete in the replciation stream.
+            new_ldb.deleteuser(test_user4)
+
+            new_ldb.set_opaque_integer(dsdb.DSDB_FULL_JOIN_REPLICATION_COMPLETED_OPAQUE_NAME,
+                                       1)
+
+            # This should now work
+            try:
+                new_ldb.transaction_commit()
+            except ldb.LdbError as e:
+                self.fail(f"Failed to replicate despite setting opaque with {e.args[1]}")
+
+        finally:
+            self._test_force_demote(self.dnsname_dc1, "RIDALLOCTEST8")
+            shutil.rmtree(targetdir, ignore_errors=True)
+
+    def test_replicate_against_deleted_objects_normal(self):
+        """Not related to RID allocation, but uses the infrastructure here.
+        Do a join, create a link between two objects remotely, but
+        remove the target locally.  .
+
+        """
+        fsmo_dn = ldb.Dn(self.ldb_dc1, "CN=RID Manager$,CN=System," + self.ldb_dc1.domain_dn())
+        (fsmo_owner, fsmo_not_owner) = self._determine_fSMORoleOwner(fsmo_dn)
+
+        test_user5 = "ridalloctestuser5"
+        test_group2 = "ridalloctestgroup2"
+
+        self.ldb_dc1.newuser(test_user5, "P@ssword!")
+        self.addCleanup(self.ldb_dc1.deleteuser, test_user5)
+
+        self.ldb_dc1.newgroup(test_group2)
+        self.addCleanup(self.ldb_dc1.deletegroup, test_group2)
+
+        targetdir = self._test_join(self.dnsname_dc1, "RIDALLOCTEST9")
+        try:
+            # Connect to the database
+            ldb_url = "tdb://%s" % os.path.join(targetdir, "private/sam.ldb")
+            lp = self.get_loadparm()
+
+            new_ldb = SamDB(ldb_url,
+                            session_info=system_session(lp), lp=lp)
+
+            destination_dsa_guid = misc.GUID(new_ldb.get_ntds_GUID())
+
+            repl = drs_utils.drs_Replicate(f'ncacn_ip_tcp:{self.dnsname_dc1}[seal]',
+                                           lp,
+                                           self.get_credentials(),
+                                           new_ldb,
+                                           destination_dsa_guid)
+
+            source_dsa_invocation_id = misc.GUID(self.ldb_dc1.invocation_id)
+
+            # Add the link on the remote DC
+            self.ldb_dc1.add_remove_group_members(test_group2, [test_user5])
+
+            # Delete the user locally
+            new_ldb.deleteuser(test_user5)
+
+            # Confirm replication copes with a link to a locally deleted user
+            repl.replicate(self.ldb_dc1.domain_dn(),
+                           source_dsa_invocation_id,
+                           destination_dsa_guid)
+
+        finally:
+            self._test_force_demote(self.dnsname_dc1, "RIDALLOCTEST9")
+            shutil.rmtree(targetdir, ignore_errors=True)
diff --git a/source4/torture/drs/python/samba_tool_drs.py b/source4/torture/drs/python/samba_tool_drs.py
new file mode 100644
index 0000000..e622fe4
--- /dev/null
+++ b/source4/torture/drs/python/samba_tool_drs.py
@@ -0,0 +1,410 @@
+# Blackbox tests for "samba-tool drs" command
+# Copyright (C) Kamen Mazdrashki <kamenim@samba.org> 2011
+# Copyright (C) Andrew Bartlett <abartlet@samba.org> 2017
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+"""Blackbox tests for samba-tool drs."""
+
+import samba.tests
+import os
+import ldb
+import drs_base
+
+
+class SambaToolDrsTests(drs_base.DrsBaseTestCase):
+    """Blackbox test case for samba-tool drs."""
+
+    def setUp(self):
+        super(SambaToolDrsTests, self).setUp()
+
+        self.dc1 = samba.tests.env_get_var_value("DC1")
+        self.dc2 = samba.tests.env_get_var_value("DC2")
+
+        creds = self.get_credentials()
+        self.cmdline_creds = "-U%s/%s%%%s" % (creds.get_domain(),
+                                              creds.get_username(), creds.get_password())
+
+    def tearDown(self):
+        self._enable_inbound_repl(self.dnsname_dc1)
+        self._enable_inbound_repl(self.dnsname_dc2)
+
+        self.rm_files('names.tdb', allow_missing=True)
+        self.rm_dirs('etc', 'msg.lock', 'private', 'state', 'bind-dns',
+                     allow_missing=True)
+
+        super(SambaToolDrsTests, self).tearDown()
+
+    def _get_rootDSE(self, dc, ldap_only=True):
+        samdb = samba.tests.connect_samdb(dc, lp=self.get_loadparm(),
+                                          credentials=self.get_credentials(),
+                                          ldap_only=ldap_only)
+        return samdb.search(base="", scope=samba.tests.ldb.SCOPE_BASE)[0]
+
+    def test_samba_tool_bind(self):
+        """Tests 'samba-tool drs bind' command."""
+
+        # Output should be like:
+        #      Extensions supported:
+        #        <list-of-supported-extensions>
+        #      Site GUID: <GUID>
+        #      Repl epoch: 0
+        out = self.check_output("samba-tool drs bind %s %s" % (self.dc1,
+                                                               self.cmdline_creds))
+        self.assertTrue("Site GUID:" in out.decode('utf8'))
+        self.assertTrue("Repl epoch:" in out.decode('utf8'))
+
+    def test_samba_tool_kcc(self):
+        """Tests 'samba-tool drs kcc' command."""
+
+        # Output should be like 'Consistency check on <DC> successful.'
+        out = self.check_output("samba-tool drs kcc %s %s" % (self.dc1,
+                                                              self.cmdline_creds))
+        self.assertTrue(b"Consistency check on" in out)
+        self.assertTrue(b"successful" in out)
+
+    def test_samba_tool_options(self):
+        """Tests 'samba-tool drs options' command
+        """
+        # Output should be like 'Current DSA options: IS_GC <OTHER_FLAGS>'
+        out = self.check_output("samba-tool drs options %s %s" % (self.dc1,
+                                                                  self.cmdline_creds))
+        self.assertTrue(b"Current DSA options:" in out)
+
+    def test_samba_tool_replicate(self):
+        """Tests 'samba-tool drs replicate' command."""
+
+        # Output should be like 'Replicate from <DC-SRC> to <DC-DEST> was successful.'
+        nc_name = self._get_rootDSE(self.dc1)["defaultNamingContext"]
+        out = self.check_output("samba-tool drs replicate %s %s %s %s" % (self.dc1,
+                                                                          self.dc2,
+                                                                          nc_name,
+                                                                          self.cmdline_creds))
+        self.assertTrue(b"Replicate from" in out)
+        self.assertTrue(b"was successful" in out)
+
+    def test_samba_tool_replicate_async(self):
+        """Tests 'samba-tool drs replicate --async-op' command."""
+
+        # Output should be like 'Replicate from <DC-SRC> to <DC-DEST> was started.'
+        nc_name = self._get_rootDSE(self.dc1)["defaultNamingContext"]
+        out = self.check_output("samba-tool drs replicate --async-op %s %s %s %s" % (self.dc1,
+                                                                                     self.dc2,
+                                                                                     nc_name,
+                                                                                     self.cmdline_creds))
+        self.assertTrue(b"Replicate from" in out)
+        self.assertTrue(b"was started" in out)
+
+    def test_samba_tool_replicate_local_online(self):
+        """Tests 'samba-tool drs replicate --local-online' command."""
+
+        # Output should be like 'Replicate from <DC-SRC> to <DC-DEST> was successful.'
+        nc_name = self._get_rootDSE(self.dc1)["defaultNamingContext"]
+        out = self.check_output("samba-tool drs replicate --local-online %s %s %s" % (self.dc1,
+                                                                                      self.dc2,
+                                                                                      nc_name))
+        self.assertTrue(b"Replicate from" in out)
+        self.assertTrue(b"was successful" in out)
+
+    def test_samba_tool_replicate_local_online_async(self):
+        """Tests 'samba-tool drs replicate --local-online --async-op' command."""
+
+        # Output should be like 'Replicate from <DC-SRC> to <DC-DEST> was started.'
+        nc_name = self._get_rootDSE(self.dc1)["defaultNamingContext"]
+        out = self.check_output("samba-tool drs replicate --local-online --async-op %s %s %s" % (self.dc1,
+                                                                                                 self.dc2,
+                                                                                                 nc_name))
+        self.assertTrue(b"Replicate from" in out)
+        self.assertTrue(b"was started" in out)
+
+    def test_samba_tool_replicate_local_machine_creds(self):
+        """Tests 'samba-tool drs replicate --local -P' command (uses machine creds)."""
+
+        # Output should be like 'Replicate from <DC-SRC> to <DC-DEST> was successful.'
+        nc_name = self._get_rootDSE(self.dc1)["defaultNamingContext"]
+        out = self.check_output("samba-tool drs replicate -P --local %s %s %s" % (self.dc1,
+                                                                                  self.dc2,
+                                                                                  nc_name))
+        self.assertTrue(b"Incremental" in out)
+        self.assertTrue(b"was successful" in out)
+
+    def test_samba_tool_replicate_local(self):
+        """Tests 'samba-tool drs replicate --local' command (uses machine creds)."""
+
+        # Output should be like 'Replicate from <DC-SRC> to <DC-DEST> was successful.'
+        nc_name = self._get_rootDSE(self.dc1)["defaultNamingContext"]
+
+        def get_num_obj_links(output):
+            num_objs = None
+            num_links = None
+            for word in output.decode('utf8').split(" "):
+                try:
+                    int(word)
+                    if num_objs is None:
+                        num_objs = int(word)
+                    elif num_links is None:
+                        num_links = int(word)
+                except ValueError:
+                    pass
+
+            return (num_objs, num_links)
+
+        out = self.check_output("samba-tool drs replicate --local --full-sync %s %s %s %s"
+                                % (self.dc1, self.dc2, nc_name, self.cmdline_creds))
+        self.assertTrue(b"was successful" in out)
+        self.assertTrue(b"Full" in out)
+
+        (first_obj, _) = get_num_obj_links(out)
+
+        out = self.check_output("samba-tool drs replicate --local %s %s %s %s"
+                                % (self.dc1, self.dc2, nc_name, self.cmdline_creds))
+        self.assertTrue(b"was successful" in out)
+        self.assertTrue(b"Incremental" in out)
+
+        (second_obj, _) = get_num_obj_links(out)
+
+        self.assertTrue(first_obj > second_obj)
+
+        server_rootdse = self._get_rootDSE(self.dc1)
+        server_ldap_service_name = str(server_rootdse["ldapServiceName"][0])
+        server_realm = server_ldap_service_name.split(":")[0]
+
+        # We have to give it a different netbiosname every time
+        # it runs, otherwise the collision causes strange issues
+        # to happen. This should be different on different environments.
+        netbiosname = "test" + self.dc2
+        if len(netbiosname) > 15:
+            netbiosname = netbiosname[:15]
+
+        out = self.check_output("samba-tool domain join %s dc --server=%s %s --targetdir=%s --option=netbiosname=%s"
+                                % (server_realm, self.dc1, self.cmdline_creds, self.tempdir, netbiosname))
+
+        new_dc_config_file = "%s/etc/smb.conf" % self.tempdir
+
+        self.check_output("samba-tool drs replicate --local %s %s %s %s --configfile=%s"
+                          % ("invalid", self.dc1, nc_name,
+                             self.cmdline_creds, new_dc_config_file))
+
+        self._disable_inbound_repl(self.dnsname_dc1)
+        self._disable_inbound_repl(self.dnsname_dc2)
+
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1)
+        self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2)
+
+        # add an object with link on dc1
+        group_name = "group-repl-local-%s" % self.dc2
+        user_name = "user-repl-local-%s" % self.dc2
+
+        self.check_output("samba-tool group add %s %s -H ldap://%s"
+                          % (group_name, self.cmdline_creds, self.dc1))
+        self.check_output("samba-tool user add %s %s --random-password -H ldap://%s"
+                          % (user_name, self.cmdline_creds, self.dc1))
+        self.check_output("samba-tool group addmembers %s %s %s -H ldap://%s"
+                          % (group_name, user_name, self.cmdline_creds, self.dc1))
+
+        self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1)
+
+        # pull that change with --local into local db from dc1: should send link and some objects
+        out = self.check_output("samba-tool drs replicate --local %s %s %s %s --configfile=%s"
+                                % ("invalid", self.dc1, nc_name,
+                                   self.cmdline_creds, new_dc_config_file))
+
+        (obj_1, link_1) = get_num_obj_links(out)
+
+        self.assertGreaterEqual(obj_1, 2)
+        self.assertEqual(link_1, 1)
+
+        # pull that change with --local into local db from dc2: shouldn't send link or object
+        # as we sent an up-to-dateness vector showing that we had already synced with DC1
+        out = self.check_output("samba-tool drs replicate --local %s %s %s %s --configfile=%s"
+                                % ("invalid", self.dc2, nc_name,
+                                   self.cmdline_creds, new_dc_config_file))
+
+        (obj_2, link_2) = get_num_obj_links(out)
+
+        self.assertEqual(obj_2, 0)
+        self.assertEqual(link_2, 0)
+
+        self.check_output("samba-tool domain demote --remove-other-dead-server=%s -H ldap://%s %s --configfile=%s"
+                          % (netbiosname, self.dc1, self.cmdline_creds, new_dc_config_file))
+
+    def test_samba_tool_replicate_machine_creds_P(self):
+        """Tests 'samba-tool drs replicate -P' command with machine creds."""
+
+        # Output should be like 'Replicate from <DC-SRC> to <DC-DEST> was successful.'
+        nc_name = self._get_rootDSE(self.dc1)["defaultNamingContext"]
+        out = self.check_output("samba-tool drs replicate -P %s %s %s" % (self.dc1,
+                                                                          self.dc2,
+                                                                          nc_name))
+        self.assertTrue(b"Replicate from" in out)
+        self.assertTrue(b"was successful" in out)
+
+    def test_samba_tool_replicate_machine_creds(self):
+        """Tests 'samba-tool drs replicate' command with implicit machine creds."""
+
+        # Output should be like 'Replicate from <DC-SRC> to <DC-DEST> was successful.'
+        nc_name = self._get_rootDSE(self.dc1)["defaultNamingContext"]
+        out = self.check_output("samba-tool drs replicate %s %s %s" % (self.dc1,
+                                                                       self.dc2,
+                                                                       nc_name))
+        self.assertTrue(b"Replicate from" in out)
+        self.assertTrue(b"was successful" in out)
+
+    def test_samba_tool_drs_clone_dc(self):
+        """Tests 'samba-tool drs clone-dc-database' command."""
+        server_rootdse = self._get_rootDSE(self.dc1)
+        server_nc_name = server_rootdse["defaultNamingContext"]
+        server_ds_name = server_rootdse["dsServiceName"]
+        server_ldap_service_name = str(server_rootdse["ldapServiceName"][0])
+        server_realm = server_ldap_service_name.split(":")[0]
+        self.check_output("samba-tool drs clone-dc-database %s --server=%s %s --targetdir=%s"
+                          % (server_realm,
+                             self.dc1,
+                             self.cmdline_creds,
+                             self.tempdir))
+        ldb_rootdse = self._get_rootDSE("ldb://" + os.path.join(self.tempdir, "private", "sam.ldb"), ldap_only=False)
+        nc_name = ldb_rootdse["defaultNamingContext"]
+        ds_name = ldb_rootdse["dsServiceName"]
+        ldap_service_name = str(server_rootdse["ldapServiceName"][0])
+        self.assertEqual(nc_name, server_nc_name)
+        # The clone should pretend to be the source server
+        self.assertEqual(ds_name, server_ds_name)
+        self.assertEqual(ldap_service_name, server_ldap_service_name)
+
+        samdb = samba.tests.connect_samdb("ldb://" + os.path.join(self.tempdir, "private", "sam.ldb"),
+                                          ldap_only=False, lp=self.get_loadparm())
+
+        def get_krbtgt_pw():
+            samdb.searchone("unicodePwd", "cn=krbtgt,CN=users,%s" % nc_name)
+        self.assertRaises(KeyError, get_krbtgt_pw)
+
+        server_dn = samdb.searchone("serverReferenceBL", "cn=%s,ou=domain controllers,%s" % (self.dc2, server_nc_name)).decode('utf8')
+        ntds_guid = samdb.searchone("objectGUID", "cn=ntds settings,%s" % server_dn).decode('utf8')
+
+        res = samdb.search(base=str(server_nc_name),
+                           expression="(&(objectclass=user)(cn=dns-%s))" % (self.dc2),
+                           attrs=[], scope=ldb.SCOPE_SUBTREE)
+        if len(res) == 1:
+            dns_obj = res[0]
+        else:
+            dns_obj = None
+
+        # While we have this cloned, try demoting the other server on the clone, by GUID
+        self.check_output("samba-tool domain demote --remove-other-dead-server=%s -H %s/private/sam.ldb"
+                          % (ntds_guid,
+                             self.tempdir))
+
+        # Check some of the objects that should have been removed
+        def check_machine_obj():
+            samdb.searchone("CN", "cn=%s,ou=domain controllers,%s" % (self.dc2, server_nc_name))
+        self.assertRaises(ldb.LdbError, check_machine_obj)
+
+        def check_server_obj():
+            samdb.searchone("CN", server_dn)
+        self.assertRaises(ldb.LdbError, check_server_obj)
+
+        def check_ntds_guid():
+            samdb.searchone("CN", "<GUID=%s>" % ntds_guid)
+        self.assertRaises(ldb.LdbError, check_ntds_guid)
+
+        if dns_obj is not None:
+            # Check some of the objects that should have been removed
+            def check_dns_account_obj():
+                samdb.search(base=dns_obj.dn, scope=ldb.SCOPE_BASE,
+                             attrs=[])
+            self.assertRaises(ldb.LdbError, check_dns_account_obj)
+
+    def test_samba_tool_drs_clone_dc_secrets(self):
+        """Tests 'samba-tool drs clone-dc-database --include-secrets' command ."""
+        server_rootdse = self._get_rootDSE(self.dc1)
+        server_nc_name = server_rootdse["defaultNamingContext"]
+        server_ds_name = server_rootdse["dsServiceName"]
+        server_ldap_service_name = str(server_rootdse["ldapServiceName"][0])
+        server_realm = server_ldap_service_name.split(":")[0]
+        self.check_output("samba-tool drs clone-dc-database %s --server=%s %s --targetdir=%s --include-secrets"
+                          % (server_realm,
+                             self.dc1,
+                             self.cmdline_creds,
+                             self.tempdir))
+        ldb_rootdse = self._get_rootDSE("ldb://" + os.path.join(self.tempdir, "private", "sam.ldb"), ldap_only=False)
+        nc_name = ldb_rootdse["defaultNamingContext"]
+        ds_name = ldb_rootdse["dsServiceName"]
+        ldap_service_name = str(server_rootdse["ldapServiceName"][0])
+
+        samdb = samba.tests.connect_samdb("ldb://" + os.path.join(self.tempdir, "private", "sam.ldb"),
+                                          ldap_only=False, lp=self.get_loadparm())
+        krbtgt_pw = samdb.searchone("unicodePwd", "cn=krbtgt,CN=users,%s" % nc_name)
+        self.assertIsNotNone(krbtgt_pw)
+
+        self.assertEqual(nc_name, server_nc_name)
+        # The clone should pretend to be the source server
+        self.assertEqual(ds_name, server_ds_name)
+        self.assertEqual(ldap_service_name, server_ldap_service_name)
+
+        server_dn = samdb.searchone("serverReferenceBL", "cn=%s,ou=domain controllers,%s" % (self.dc2, server_nc_name)).decode('utf8')
+        ntds_guid = samdb.searchone("objectGUID", "cn=ntds settings,%s" % server_dn).decode('utf8')
+
+        res = samdb.search(base=str(server_nc_name),
+                           expression="(&(objectclass=user)(cn=dns-%s))" % (self.dc2),
+                           attrs=[], scope=ldb.SCOPE_SUBTREE)
+        if len(res) == 1:
+            dns_obj = res[0]
+        else:
+            dns_obj = None
+
+        def demote_self():
+            # While we have this cloned, try demoting the other server on the clone
+            self.check_output("samba-tool domain demote --remove-other-dead-server=%s -H %s/private/sam.ldb"
+                              % (self.dc1,
+                                 self.tempdir))
+        self.assertRaises(samba.tests.BlackboxProcessError, demote_self)
+
+        # While we have this cloned, try demoting the other server on the clone
+        self.check_output("samba-tool domain demote --remove-other-dead-server=%s -H ldb://%s/private/sam.ldb"
+                          % (self.dc2,
+                             self.tempdir))
+
+        # Check some of the objects that should have been removed
+        def check_machine_obj():
+            samdb.searchone("CN", "cn=%s,ou=domain controllers,%s" % (self.dc2, server_nc_name))
+        self.assertRaises(ldb.LdbError, check_machine_obj)
+
+        def check_server_obj():
+            samdb.searchone("CN", server_dn)
+        self.assertRaises(ldb.LdbError, check_server_obj)
+
+        def check_ntds_guid():
+            samdb.searchone("CN", "<GUID=%s>" % ntds_guid)
+        self.assertRaises(ldb.LdbError, check_ntds_guid)
+
+        if dns_obj is not None:
+            # Check some of the objects that should have been removed
+            def check_dns_account_obj():
+                samdb.search(base=dns_obj.dn, scope=ldb.SCOPE_BASE,
+                             attrs=[])
+            self.assertRaises(ldb.LdbError, check_dns_account_obj)
+
+    def test_samba_tool_drs_clone_dc_secrets_without_targetdir(self):
+        """Tests 'samba-tool drs clone-dc-database' command without --targetdir."""
+        server_rootdse = self._get_rootDSE(self.dc1)
+        server_ldap_service_name = str(server_rootdse["ldapServiceName"][0])
+        server_realm = server_ldap_service_name.split(":")[0]
+
+        def attempt_clone():
+            self.check_output("samba-tool drs clone-dc-database %s --server=%s %s"
+                              % (server_realm,
+                                 self.dc1,
+                                 self.cmdline_creds))
+        self.assertRaises(samba.tests.BlackboxProcessError, attempt_clone)
diff --git a/source4/torture/drs/python/samba_tool_drs_critical.py b/source4/torture/drs/python/samba_tool_drs_critical.py
new file mode 100644
index 0000000..5260e15
--- /dev/null
+++ b/source4/torture/drs/python/samba_tool_drs_critical.py
@@ -0,0 +1,98 @@
+# Blackbox tests for "samba-tool drs" command
+# Copyright (C) Kamen Mazdrashki <kamenim@samba.org> 2011
+# Copyright (C) Andrew Bartlett <abartlet@samba.org> 2017
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+"""Blackbox tests for samba-tool drs."""
+
+import samba.tests
+import os
+import ldb
+import drs_base
+import random
+
+class SambaToolDrsTests(drs_base.DrsBaseTestCase):
+    """Blackbox test case for samba-tool drs."""
+
+    def setUp(self):
+        super(SambaToolDrsTests, self).setUp()
+
+        self.dc1 = samba.tests.env_get_var_value("DC1")
+        self.dc2 = samba.tests.env_get_var_value("DC2")
+
+        creds = self.get_credentials()
+        self.cmdline_creds = "-U%s/%s%%%s" % (creds.get_domain(),
+                                              creds.get_username(), creds.get_password())
+
+    def tearDown(self):
+        self._enable_inbound_repl(self.dnsname_dc1)
+        self._enable_inbound_repl(self.dnsname_dc2)
+
+        self.rm_files('names.tdb', allow_missing=True)
+        self.rm_dirs('etc', 'msg.lock', 'private', 'state', 'bind-dns',
+                     allow_missing=True)
+
+        super(SambaToolDrsTests, self).tearDown()
+
+    # This test is for the Samba 4.5 emulation servers (but runs
+    # against a normal server as well) that fail to correctly
+    # implement DRSUAPI_DRS_GET_ANC when DRSUAPI_DRS_CRITICAL_ONLY is
+    # set.
+    def test_samba_tool_drs_clone_dc_critical_object_chain(self):
+        """Tests 'samba-tool drs clone-dc-database' command with a Critical/non-critical/critical object chain."""
+
+        samdb = samba.tests.connect_samdb(self.dc1, lp=self.get_loadparm(),
+                                          credentials=self.get_credentials(),
+                                          ldap_only=True)
+        server_rootdse = samdb.search(base="",
+                                      scope=samba.tests.ldb.SCOPE_BASE)[0]
+        nc_name = server_rootdse["defaultNamingContext"][0]
+        server_ldap_service_name = str(server_rootdse["ldapServiceName"][0])
+        server_realm = server_ldap_service_name.split(":")[0]
+
+        not_critical_dn = f"OU=not-critical{random.randint(1, 10000000)},{nc_name}"
+        samdb.create_ou(not_critical_dn)
+        self.addCleanup(samdb.delete,
+                        not_critical_dn)
+        domain_sid = samdb.get_domain_sid()
+        admin_sid = f"{domain_sid}-500"
+        samdb.rename(f"<SID={admin_sid}>",
+                     f"cn=administrator,{not_critical_dn}")
+        self.addCleanup(samdb.rename,
+                        f"<SID={admin_sid}>",
+                        f"cn=administrator,cn=users,{nc_name}")
+
+        try:
+            self.check_output("samba-tool drs clone-dc-database %s --server=%s %s --targetdir=%s"
+                              % (server_realm,
+                                 self.dc1,
+                                 self.cmdline_creds,
+                                 self.tempdir))
+        except samba.tests.BlackboxProcessError as e:
+            self.fail("Error calling samba-tool: %s" % e)
+
+        local_samdb = samba.tests.connect_samdb("ldb://" + os.path.join(self.tempdir, "private", "sam.ldb"),
+                                          ldap_only=False, lp=self.get_loadparm())
+
+        # Check administrator was replicated and is in the right place
+        res = local_samdb.search(base=str(nc_name),
+                                 expression="(&(objectclass=user)(cn=administrator))",
+                                 attrs=[], scope=ldb.SCOPE_SUBTREE)
+        self.assertEqual(len(res), 1)
+
+        admin_obj = res[0]
+
+        self.assertEqual(admin_obj.dn, ldb.Dn(samdb, f"cn=administrator,{not_critical_dn}"))
diff --git a/source4/torture/drs/python/samba_tool_drs_no_dns.py b/source4/torture/drs/python/samba_tool_drs_no_dns.py
new file mode 100644
index 0000000..aad5966
--- /dev/null
+++ b/source4/torture/drs/python/samba_tool_drs_no_dns.py
@@ -0,0 +1,174 @@
+# Blackbox tests for "samba-tool drs" command
+# Copyright (C) Kamen Mazdrashki <kamenim@samba.org> 2011
+# Copyright (C) Andrew Bartlett <abartlet@samba.org> 2017
+# Copyright (C) Catalyst.Net Ltd 2019
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+"""
+Blackbox tests for samba-tool drs with no DNS partitions
+
+Adapted from samba_tool_drs.py
+"""
+
+import samba.tests
+import os
+import ldb
+import drs_base
+
+from samba.tests import BlackboxProcessError
+from samba.common import get_string
+
+
+class SambaToolDrsNoDnsTests(drs_base.DrsBaseTestCase):
+    """Blackbox test case for samba-tool drs."""
+
+    def setUp(self):
+        super(SambaToolDrsNoDnsTests, self).setUp()
+
+        self.dc1 = samba.tests.env_get_var_value("DC1")
+
+        creds = self.get_credentials()
+        self.cmdline_creds = "-U%s/%s%%%s" % (creds.get_domain(),
+                                              creds.get_username(), creds.get_password())
+
+    def tearDown(self):
+        self._enable_inbound_repl(self.dnsname_dc1)
+        self.rm_files('names.tdb', allow_missing=True)
+        self.rm_dirs('etc', 'msg.lock', 'private', 'state', 'bind-dns',
+                     allow_missing=True)
+
+        super(SambaToolDrsNoDnsTests, self).tearDown()
+
+    def _get_rootDSE(self, dc, ldap_only=True):
+        samdb = samba.tests.connect_samdb(dc, lp=self.get_loadparm(),
+                                          credentials=self.get_credentials(),
+                                          ldap_only=ldap_only)
+        return samdb.search(base="", scope=samba.tests.ldb.SCOPE_BASE)[0], samdb
+
+    def test_samba_tool_replicate_local_no_dns_tdb(self):
+        self.backend = 'tdb'
+        self._test_samba_tool_replicate_local_no_dns()
+
+    def test_samba_tool_replicate_local_no_dns_mdb(self):
+        self.backend = 'mdb'
+        self._test_samba_tool_replicate_local_no_dns()
+
+    def _test_samba_tool_replicate_local_no_dns(self):
+        """Check we can provision a database without DNS partitions
+        (and then add them afterwards)."""
+
+        server_rootdse, _ = self._get_rootDSE(self.dc1)
+        nc_name = server_rootdse["defaultNamingContext"]
+        server_ldap_service_name = str(server_rootdse["ldapServiceName"][0])
+        server_realm = server_ldap_service_name.split(":")[0]
+
+        # We have to give it a different netbiosname every time
+        # it runs, otherwise the collision causes strange issues
+        # to happen. This should be different on different environments.
+        netbiosname = "dns" + self.backend + self.dc1
+        if len(netbiosname) > 15:
+            netbiosname = netbiosname[:15]
+
+        self.check_output("samba-tool domain join %s dc --server=%s %s --targetdir=%s --option=netbiosname=%s %s --backend-store=%s"
+                          % (server_realm, self.dc1, self.cmdline_creds,
+                             self.tempdir, netbiosname,
+                             "--dns-backend=NONE",
+                             self.backend))
+
+        new_dc_config_file = os.path.join(self.tempdir, "etc", "smb.conf")
+        new_dc_sam = os.path.join(self.tempdir, "private", "sam.ldb")
+
+        forestdns_dn = ldb.binary_encode('DC=ForestDNSZones,' + str(nc_name))
+        domaindns_dn = ldb.binary_encode('DC=DomainDNSZones,' + str(nc_name))
+
+        self.check_output("samba-tool drs replicate --local %s %s %s %s --configfile=%s --full-sync"
+                          % ("invalid", self.dc1, forestdns_dn,
+                             self.cmdline_creds, new_dc_config_file))
+
+        self.check_output("samba-tool drs replicate --local %s %s %s %s --configfile=%s --full-sync"
+                          % ("invalid", self.dc1, domaindns_dn,
+                             self.cmdline_creds, new_dc_config_file))
+
+        server_rootdse, samdb = self._get_rootDSE("ldb://" + new_dc_sam, ldap_only=False)
+        server_ds_name = ldb.binary_encode(server_rootdse["dsServiceName"][0].decode('utf-8'))
+
+        # Show that Has-Master-NCs is fixed by samba_upgradedns
+        res = samdb.search(base=server_ds_name,
+                           expression="(msds-hasmasterncs=%s)" % forestdns_dn)
+        self.assertEqual(len(res), 0)
+        res = samdb.search(base=server_ds_name,
+                           expression="(msds-hasmasterncs=%s)" % domaindns_dn)
+        self.assertEqual(len(res), 0)
+
+        self.check_output("samba_upgradedns --configfile=%s" % (new_dc_config_file))
+
+        res = samdb.search(base=server_ds_name,
+                           expression="(msds-hasmasterncs=%s)" % forestdns_dn)
+        self.assertEqual(len(res), 1)
+        res = samdb.search(base=server_ds_name,
+                           expression="(msds-hasmasterncs=%s)" % domaindns_dn)
+        self.assertEqual(len(res), 1)
+
+        # Show that replica locations is fixed by dbcheck
+        res = samdb.search(controls=["search_options:1:2"],
+                           expression="(&(msds-nc-replica-locations=%s)(ncname=%s))"
+                           % (server_ds_name, forestdns_dn))
+        self.assertEqual(len(res), 0)
+        res = samdb.search(controls=["search_options:1:2"],
+                           expression="(&(msds-nc-replica-locations=%s)(ncname=%s))"
+                           % (server_ds_name, domaindns_dn))
+        self.assertEqual(len(res), 0)
+
+        try:
+            # This fixes any forward-link-backward-link issues with the tools
+            self.check_output("samba-tool dbcheck --configfile=%s --cross-ncs --fix --yes" % (new_dc_config_file))
+        except BlackboxProcessError as e:
+            self.assertTrue("Checked " in get_string(e.stdout))
+
+        self.check_output("samba-tool dbcheck --configfile=%s --cross-ncs" % (new_dc_config_file))
+
+        # Compare the two directories
+        self.check_output("samba-tool ldapcmp ldap://%s ldb://%s %s --filter=%s" %
+                          (self.dc1, new_dc_sam, self.cmdline_creds,
+                           "msDs-masteredBy,msDS-NC-Replica-Locations,msDS-hasMasterNCs"))
+
+        # Check all ForestDNS connections and backlinks
+        res = samdb.search(base=server_ds_name,
+                           expression="(msds-hasmasterncs=%s)" % forestdns_dn)
+        self.assertEqual(len(res), 1)
+        res = samdb.search(base=forestdns_dn,
+                           expression="(msds-masteredby=%s)" % server_ds_name)
+        self.assertEqual(len(res), 1)
+        res = samdb.search(controls=["search_options:1:2"],
+                           expression="(&(msds-nc-replica-locations=%s)(ncname=%s))"
+                           % (server_ds_name, forestdns_dn))
+        self.assertEqual(len(res), 1)
+
+        # Check all DomainDNS connections and backlinks
+        res = samdb.search(base=server_ds_name,
+                           expression="(msds-hasmasterncs=%s)" % domaindns_dn)
+        self.assertEqual(len(res), 1)
+        res = samdb.search(base=domaindns_dn,
+                           expression="(msds-masteredby=%s)" % server_ds_name)
+        self.assertEqual(len(res), 1)
+        res = samdb.search(controls=["search_options:1:2"],
+                           expression="(&(msds-nc-replica-locations=%s)(ncname=%s))"
+                           % (server_ds_name, domaindns_dn))
+        self.assertEqual(len(res), 1)
+
+        # Demote the DC we created in the test
+        self.check_output("samba-tool domain demote --remove-other-dead-server=%s -H ldap://%s %s --configfile=%s"
+                          % (netbiosname, self.dc1, self.cmdline_creds, new_dc_config_file))
diff --git a/source4/torture/drs/python/samba_tool_drs_showrepl.py b/source4/torture/drs/python/samba_tool_drs_showrepl.py
new file mode 100644
index 0000000..0f0ed86
--- /dev/null
+++ b/source4/torture/drs/python/samba_tool_drs_showrepl.py
@@ -0,0 +1,377 @@
+# Blackbox tests for "samba-tool drs" command
+# Copyright (C) Kamen Mazdrashki <kamenim@samba.org> 2011
+# Copyright (C) Andrew Bartlett <abartlet@samba.org> 2017
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+"""Blackbox tests for samba-tool drs showrepl."""
+import samba.tests
+import drs_base
+from samba.dcerpc import drsuapi
+from samba import drs_utils
+import os
+import json
+import ldb
+import random
+from samba.common import get_string
+
+GUID_RE = r'[\da-f]{8}-[\da-f]{4}-[\da-f]{4}-[\da-f]{4}-[\da-f]{12}'
+HEX8_RE = r'0x[\da-f]{8}'
+DN_RE = r'(?:(?:CN|DC)=[\\:\w -]+,)+DC=com'
+
+
+class SambaToolDrsShowReplTests(drs_base.DrsBaseTestCase):
+    """Blackbox test case for samba-tool drs."""
+
+    def setUp(self):
+        super(SambaToolDrsShowReplTests, self).setUp()
+
+        self.dc1 = samba.tests.env_get_var_value("DC1")
+        self.dc2 = samba.tests.env_get_var_value("DC2")
+
+        creds = self.get_credentials()
+        self.cmdline_creds = "-U%s/%s%%%s" % (creds.get_domain(),
+                                              creds.get_username(),
+                                              creds.get_password())
+
+    def test_samba_tool_showrepl(self):
+        """Tests 'samba-tool drs showrepl' command.
+        """
+        nc_list = [self.config_dn, self.domain_dn, self.schema_dn]
+        dns_name = self.ldb_dc1.domain_dns_name()
+
+        # Manually run kcc to create a "Connection" object, so we can find
+        # this for the expected output below.
+        kcc_out = self.check_output("samba-tool drs kcc %s %s" % (self.dc1,
+                                                                  self.cmdline_creds))
+        self.assertIn(b"successful", kcc_out)
+
+        # Run replicate to ensure there are incoming and outgoing partners
+        # exist, so we can expect these in the output below.
+        for nc in nc_list:
+            self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, nc_dn=nc, forced=True)
+            self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, nc_dn=nc, forced=True)
+
+        # Output should be like:
+        #      <site-name>/<domain-name>
+        #      DSA Options: <hex-options>
+        #      DSA object GUID: <DSA-object-GUID>
+        #      DSA invocationId: <DSA-invocationId>
+        #      <Inbound-connections-list>
+        #      <Outbound-connections-list>
+        #      <KCC-objects>
+        #      ...
+        #   TODO: Perhaps we should check at least for
+        #         DSA's objectGUDI and invocationId
+        out = self.check_output("samba-tool drs showrepl "
+                                "%s %s" % (self.dc1, self.cmdline_creds))
+
+        out = get_string(out)
+        # We want to assert that we are getting the same results, but
+        # dates and GUIDs change randomly.
+        #
+        # There are sections with headers like ==== THIS ===="
+        (header,
+         _inbound, inbound,
+         _outbound, outbound,
+         _conn, conn) = out.split("====")
+
+        self.assertEqual(_inbound, ' INBOUND NEIGHBORS ')
+        self.assertEqual(_outbound, ' OUTBOUND NEIGHBORS ')
+        self.assertEqual(_conn, ' KCC CONNECTION OBJECTS ')
+
+        self.assertRegex(header,
+                         r'^Default-First-Site-Name\\%s\s+'
+                         r"DSA Options: %s\s+"
+                         r"DSA object GUID: %s\s+"
+                         r"DSA invocationId: %s" %
+                         (self.dc1.upper(), HEX8_RE, GUID_RE, GUID_RE))
+
+        # We don't assert the DomainDnsZones and ForestDnsZones are
+        # there because we don't know that they have been set up yet.
+
+        for p in nc_list:
+            self.assertRegex(
+                inbound,
+                r'%s\n'
+                r'\tDefault-First-Site-Name\\[A-Z0-9]+ via RPC\n'
+                r'\t\tDSA object GUID: %s\n'
+                r'\t\tLast attempt @ [^\n]+\n'
+                r'\t\t\d+ consecutive failure\(s\).\n'
+                r'\t\tLast success @ [^\n]+\n'
+                r'\n' % (p, GUID_RE),
+                msg="%s inbound missing" % p)
+
+            self.assertRegex(
+                outbound,
+                r'%s\n'
+                r'\tDefault-First-Site-Name\\[A-Z0-9]+ via RPC\n'
+                r'\t\tDSA object GUID: %s\n'
+                r'\t\tLast attempt @ [^\n]+\n'
+                r'\t\t\d+ consecutive failure\(s\).\n'
+                r'\t\tLast success @ [^\n]+\n'
+                r'\n' % (p, GUID_RE),
+                msg="%s outbound missing" % p)
+
+        self.assertRegex(conn,
+                         r'Connection --\n'
+                         r'\tConnection name: %s\n'
+                         r'\tEnabled        : TRUE\n'
+                         r'\tServer DNS name : \w+.%s\n'
+                         r'\tServer DN name  : %s'
+                         r'\n' % (GUID_RE, dns_name, DN_RE))
+
+    def test_samba_tool_showrepl_json(self):
+        """Tests 'samba-tool drs showrepl --json' command.
+        """
+        dns_name = self.ldb_dc1.domain_dns_name()
+        out = self.check_output("samba-tool drs showrepl %s %s --json" %
+                                (self.dc1, self.cmdline_creds))
+        d = json.loads(get_string(out))
+        self.assertEqual(set(d), set(['repsFrom',
+                                      'repsTo',
+                                      "NTDSConnections",
+                                      "dsa"]))
+
+        # dsa
+        for k in ["objectGUID", "invocationId"]:
+            self.assertRegex(d['dsa'][k], '^%s$' % GUID_RE)
+        self.assertTrue(isinstance(d['dsa']["options"], int))
+
+        # repsfrom and repsto
+        for reps in (d['repsFrom'], d['repsTo']):
+            for r in reps:
+                for k in ('NC dn', "NTDS DN"):
+                    self.assertRegex(r[k], '^%s$' % DN_RE)
+                for k in ("last attempt time",
+                          "last attempt message",
+                          "last success"):
+                    self.assertTrue(isinstance(r[k], str))
+                self.assertRegex(r["DSA objectGUID"], '^%s$' % GUID_RE)
+                self.assertTrue(isinstance(r["consecutive failures"], int))
+
+        # ntdsconnection
+        for n in d["NTDSConnections"]:
+            self.assertTrue(n["dns name"].endswith(dns_name))
+            self.assertRegex(n["name"], "^%s$" % GUID_RE)
+            self.assertTrue(isinstance(n['enabled'], bool))
+            self.assertTrue(isinstance(n['options'], int))
+            self.assertTrue(isinstance(n['replicates NC'], list))
+            self.assertRegex(n["remote DN"], "^%s$" % DN_RE)
+
+    def _force_all_reps(self, samdb, dc, direction):
+        if direction == 'inbound':
+            info_type = drsuapi.DRSUAPI_DS_REPLICA_INFO_NEIGHBORS
+        elif direction == 'outbound':
+            info_type = drsuapi.DRSUAPI_DS_REPLICA_INFO_REPSTO
+        else:
+            raise ValueError("expected 'inbound' or 'outbound'")
+
+        self._enable_all_repl(dc)
+        lp = self.get_loadparm()
+        creds = self.get_credentials()
+        drsuapi_conn, drsuapi_handle, _ = drs_utils.drsuapi_connect(dc, lp, creds)
+        req1 = drsuapi.DsReplicaGetInfoRequest1()
+        req1.info_type = info_type
+        _, info = drsuapi_conn.DsReplicaGetInfo(drsuapi_handle, 1, req1)
+        for x in info.array:
+            # you might think x.source_dsa_address was the thing, but no.
+            # and we need to filter out RODCs and deleted DCs
+
+            res = []
+            try:
+                res = samdb.search(base=x.source_dsa_obj_dn,
+                                   scope=ldb.SCOPE_BASE,
+                                   attrs=['msDS-isRODC', 'isDeleted'],
+                                   controls=['show_deleted:0'])
+            except ldb.LdbError as e:
+                if e.args[0] != ldb.ERR_NO_SUCH_OBJECT:
+                    raise
+
+            if (len(res) == 0 or
+                len(res[0].get('msDS-isRODC', '')) > 0 or
+                res[0]['isDeleted'] == 'TRUE'):
+                continue
+
+            dsa_dn = str(ldb.Dn(samdb, x.source_dsa_obj_dn).parent())
+            try:
+                res = samdb.search(base=dsa_dn,
+                                   scope=ldb.SCOPE_BASE,
+                                   attrs=['dNSHostName'])
+            except ldb.LdbError as e:
+                if e.args[0] != ldb.ERR_NO_SUCH_OBJECT:
+                    raise
+                continue
+
+            if len(res) == 0:
+                print("server %s has no dNSHostName" % dsa_dn)
+                continue
+
+            remote = res[0].get('dNSHostName', [''])[0]
+            if remote:
+                self._enable_all_repl(remote)
+
+            if direction == 'inbound':
+                src, dest = remote, dc
+            else:
+                src, dest = dc, remote
+            self._net_drs_replicate(dest, src, forced=True)
+
+    def test_samba_tool_showrepl_pull_summary_all_good(self):
+        """Tests 'samba-tool drs showrepl --pull-summary' command."""
+        # To be sure that all is good we need to force replication
+        # with everyone (because others might have it turned off), and
+        # turn replication on for them in case they suddenly decide to
+        # try again.
+        #
+        # We don't restore them to the non-auto-replication state.
+        samdb1 = self.getSamDB("-H", "ldap://%s" % self.dc1,
+                               self.cmdline_creds)
+        self._enable_all_repl(self.dc1)
+        self._force_all_reps(samdb1, self.dc1, 'inbound')
+        self._force_all_reps(samdb1, self.dc1, 'outbound')
+        old_no_color = os.environ.get('NO_COLOR')
+        all_good_green = "\033[1;32m[ALL GOOD]\033[0m\n"
+        all_good = "[ALL GOOD]\n"
+
+        try:
+            out = self.check_output(
+                "samba-tool drs showrepl --pull-summary %s %s" %
+                (self.dc1, self.cmdline_creds))
+            out = get_string(out)
+            self.assertStringsEqual(out, all_good)
+            out = get_string(out)
+
+            out = self.check_output("samba-tool drs showrepl --pull-summary "
+                                    "--color=yes %s %s" %
+                                    (self.dc1, self.cmdline_creds))
+            out = get_string(out)
+            self.assertStringsEqual(out, all_good_green)
+
+            # --verbose output is still quiet when all is good.
+            out = self.check_output(
+                "samba-tool drs showrepl --pull-summary -v %s %s" %
+                (self.dc1, self.cmdline_creds))
+            out = get_string(out)
+            self.assertStringsEqual(out, all_good)
+
+            out = self.check_output("samba-tool drs showrepl --pull-summary -v "
+                                    "--color=always %s %s" %
+                                    (self.dc1, self.cmdline_creds))
+            out = get_string(out)
+            self.assertStringsEqual(out, all_good_green)
+
+            out = self.check_output("samba-tool drs showrepl --pull-summary -v "
+                                    "--color=never %s %s" %
+                                    (self.dc1, self.cmdline_creds))
+            out = get_string(out)
+            self.assertStringsEqual(out, all_good)
+
+            os.environ['NO_COLOR'] = 'bean'
+
+            out = self.check_output("samba-tool drs showrepl --pull-summary -v "
+                                    "--color=auto %s %s" %
+                                    (self.dc1, self.cmdline_creds))
+            out = get_string(out)
+            self.assertStringsEqual(out, all_good)
+
+            os.environ['NO_COLOR'] = ''
+
+            out = self.check_output("samba-tool drs showrepl --pull-summary -v "
+                                    "--color=auto %s %s" %
+                                    (self.dc1, self.cmdline_creds))
+            out = get_string(out)
+            self.assertStringsEqual(out, all_good_green)
+
+        except samba.tests.BlackboxProcessError as e:
+            self.fail(str(e))
+        finally:
+            if old_no_color is None:
+                os.environ.pop('NO_COLOR', None)
+            else:
+                os.environ['NO_COLOR'] = old_no_color
+
+    def test_samba_tool_showrepl_summary_forced_failure(self):
+        """Tests 'samba-tool drs showrepl --summary' command when we break the
+        network on purpose.
+        """
+        self.addCleanup(self._enable_all_repl, self.dc1)
+        self._disable_all_repl(self.dc1)
+
+        samdb1 = self.getSamDB("-H", "ldap://%s" % self.dc1,
+                               self.cmdline_creds)
+        samdb2 = self.getSamDB("-H", "ldap://%s" % self.dc2,
+                               self.cmdline_creds)
+        domain_dn = samdb1.domain_dn()
+
+        # Add some things to NOT replicate
+        ou1 = "OU=dc1.%x,%s" % (random.randrange(1 << 64), domain_dn)
+        ou2 = "OU=dc2.%x,%s" % (random.randrange(1 << 64), domain_dn)
+        samdb1.add({
+            "dn": ou1,
+            "objectclass": "organizationalUnit"
+        })
+        self.addCleanup(samdb1.delete, ou1, ['tree_delete:1'])
+        samdb2.add({
+            "dn": ou2,
+            "objectclass": "organizationalUnit"
+        })
+        self.addCleanup(samdb2.delete, ou2, ['tree_delete:1'])
+
+        dn1 = 'cn=u1.%%d,%s' % (ou1)
+        dn2 = 'cn=u2.%%d,%s' % (ou2)
+
+        try:
+            for i in range(100):
+                samdb1.add({
+                    "dn": dn1 % i,
+                    "objectclass": "user"
+                })
+                samdb2.add({
+                    "dn": dn2 % i,
+                    "objectclass": "user"
+                })
+                out = self.check_output("samba-tool drs showrepl --summary -v "
+                                        "%s %s" %
+                                        (self.dc1, self.cmdline_creds))
+                out = get_string(out)
+                self.assertStringsEqual('[ALL GOOD]', out, strip=True)
+                out = self.check_output("samba-tool drs showrepl --summary -v "
+                                        "--color=yes %s %s" %
+                                        (self.dc2, self.cmdline_creds))
+                out = get_string(out)
+                self.assertIn('[ALL GOOD]', out)
+
+        except samba.tests.BlackboxProcessError as e:
+            e_stdout = get_string(e.stdout)
+            e_stderr = get_string(e.stderr)
+            print("Good, failed as expected after %d rounds: %r" % (i, e.cmd))
+            self.assertIn('There are failing connections', e_stdout,
+                          msg=('stdout: %r\nstderr: %r\nretcode: %s'
+                               '\nmessage: %r\ncmd: %r') % (e_stdout,
+                                                            e_stderr,
+                                                            e.returncode,
+                                                            e.msg,
+                                                            e.cmd))
+            self.assertRegex(
+                e_stdout,
+                r'result 845[67] '
+                r'\(WERR_DS_DRA_(SINK|SOURCE)_DISABLED\)',
+                msg=("The process should have failed "
+                     "because replication was forced off, "
+                     "but it failed for some other reason."))
+            self.assertIn('consecutive failure(s).', e_stdout)
+        else:
+            self.fail("No DRS failure noticed after 100 rounds of trying")
diff --git a/source4/torture/drs/rpc/dssync.c b/source4/torture/drs/rpc/dssync.c
new file mode 100644
index 0000000..64d0498
--- /dev/null
+++ b/source4/torture/drs/rpc/dssync.c
@@ -0,0 +1,1072 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   DsGetNCChanges replication test
+
+   Copyright (C) Stefan (metze) Metzmacher 2005
+   Copyright (C) Brad Henry 2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/cmdline/cmdline.h"
+#include "librpc/gen_ndr/ndr_drsuapi_c.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "libcli/cldap/cldap.h"
+#include "torture/torture.h"
+#include "../libcli/drsuapi/drsuapi.h"
+#include "auth/gensec/gensec.h"
+#include "param/param.h"
+#include "dsdb/samdb/samdb.h"
+#include "torture/rpc/torture_rpc.h"
+#include "torture/drs/proto.h"
+#include "lib/tsocket/tsocket.h"
+#include "libcli/resolve/resolve.h"
+#include "lib/util/util_paths.h"
+
+#undef strcasecmp
+
+struct DsSyncBindInfo {
+	struct dcerpc_pipe *drs_pipe;
+	struct dcerpc_binding_handle *drs_handle;
+	struct drsuapi_DsBind req;
+	struct GUID bind_guid;
+	struct drsuapi_DsBindInfoCtr our_bind_info_ctr;
+	struct drsuapi_DsBindInfo28 our_bind_info28;
+	struct drsuapi_DsBindInfo28 peer_bind_info28;
+	struct policy_handle bind_handle;
+};
+
+struct DsSyncLDAPInfo {
+	struct ldb_context *ldb;
+};
+
+struct DsSyncTest {
+	struct dcerpc_binding *drsuapi_binding;
+
+	const char *ldap_url;
+	const char *dest_address;
+	const char *domain_dn;
+	const char *config_dn;
+	const char *schema_dn;
+
+	/* what we need to do as 'Administrator' */
+	struct {
+		struct cli_credentials *credentials;
+		struct DsSyncBindInfo drsuapi;
+		struct DsSyncLDAPInfo ldap;
+	} admin;
+
+	/* what we need to do as the new dc machine account */
+	struct {
+		struct cli_credentials *credentials;
+		struct DsSyncBindInfo drsuapi;
+		struct drsuapi_DsGetDCInfo2 dc_info2;
+		struct GUID invocation_id;
+		struct GUID object_guid;
+	} new_dc;
+
+	/* info about the old dc */
+	struct {
+		struct drsuapi_DsGetDomainControllerInfo dc_info;
+	} old_dc;
+};
+
+static struct DsSyncTest *test_create_context(struct torture_context *tctx)
+{
+	NTSTATUS status;
+	struct DsSyncTest *ctx;
+	struct drsuapi_DsBindInfo28 *our_bind_info28;
+	struct drsuapi_DsBindInfoCtr *our_bind_info_ctr;
+	const char *binding = torture_setting_string(tctx, "binding", NULL);
+	const char *host;
+	struct nbt_name name;
+
+	ctx = talloc_zero(tctx, struct DsSyncTest);
+	if (!ctx) return NULL;
+
+	status = dcerpc_parse_binding(ctx, binding, &ctx->drsuapi_binding);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("Bad binding string %s\n", binding);
+		return NULL;
+	}
+	status = dcerpc_binding_set_flags(ctx->drsuapi_binding,
+					  DCERPC_SIGN | DCERPC_SEAL, 0);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("dcerpc_binding_set_flags - %s\n", nt_errstr(status));
+		return NULL;
+	}
+
+	host = dcerpc_binding_get_string_option(ctx->drsuapi_binding, "host");
+
+	ctx->ldap_url = talloc_asprintf(ctx, "ldap://%s", host);
+
+	make_nbt_name_server(&name, host);
+
+	/* do an initial name resolution to find its IP */
+	status = resolve_name_ex(lpcfg_resolve_context(tctx->lp_ctx),
+				 0, 0, &name, tctx,
+				 &ctx->dest_address, tctx->ev);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("Failed to resolve %s - %s\n",
+		       name.name, nt_errstr(status));
+		return NULL;
+	}
+
+	/* ctx->admin ...*/
+	ctx->admin.credentials	= samba_cmdline_get_creds();
+
+	our_bind_info28				= &ctx->admin.drsuapi.our_bind_info28;
+	our_bind_info28->supported_extensions	= 0xFFFFFFFF;
+	our_bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3;
+	our_bind_info28->site_guid		= GUID_zero();
+	our_bind_info28->pid			= 0;
+	our_bind_info28->repl_epoch		= 1;
+
+	our_bind_info_ctr			= &ctx->admin.drsuapi.our_bind_info_ctr;
+	our_bind_info_ctr->length		= 28;
+	our_bind_info_ctr->info.info28		= *our_bind_info28;
+
+	GUID_from_string(DRSUAPI_DS_BIND_GUID, &ctx->admin.drsuapi.bind_guid);
+
+	ctx->admin.drsuapi.req.in.bind_guid		= &ctx->admin.drsuapi.bind_guid;
+	ctx->admin.drsuapi.req.in.bind_info		= our_bind_info_ctr;
+	ctx->admin.drsuapi.req.out.bind_handle		= &ctx->admin.drsuapi.bind_handle;
+
+	/* ctx->new_dc ...*/
+	ctx->new_dc.credentials	= samba_cmdline_get_creds();
+
+	our_bind_info28				= &ctx->new_dc.drsuapi.our_bind_info28;
+	our_bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_BASE;
+	our_bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION;
+	our_bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI;
+	our_bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2;
+	our_bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS;
+	our_bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1;
+	our_bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION;
+	our_bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE;
+	our_bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2;
+	our_bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION;
+	our_bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2;
+	our_bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD;
+	our_bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND;
+	our_bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO;
+	our_bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION;
+	our_bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01;
+	our_bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP;
+	our_bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY;
+	our_bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3;
+	our_bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2;
+	our_bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6;
+	our_bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS;
+	our_bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8;
+	our_bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5;
+	our_bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6;
+	our_bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3;
+	our_bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7;
+	our_bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT;
+	if (lpcfg_parm_bool(tctx->lp_ctx, NULL, "dssync", "xpress", false)) {
+		our_bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS;
+	}
+	our_bind_info28->site_guid		= GUID_zero();
+	our_bind_info28->pid			= 0;
+	our_bind_info28->repl_epoch		= 0;
+
+	our_bind_info_ctr			= &ctx->new_dc.drsuapi.our_bind_info_ctr;
+	our_bind_info_ctr->length		= 28;
+	our_bind_info_ctr->info.info28		= *our_bind_info28;
+
+	GUID_from_string(DRSUAPI_DS_BIND_GUID_W2K3, &ctx->new_dc.drsuapi.bind_guid);
+
+	ctx->new_dc.drsuapi.req.in.bind_guid		= &ctx->new_dc.drsuapi.bind_guid;
+	ctx->new_dc.drsuapi.req.in.bind_info		= our_bind_info_ctr;
+	ctx->new_dc.drsuapi.req.out.bind_handle		= &ctx->new_dc.drsuapi.bind_handle;
+
+	ctx->new_dc.invocation_id			= ctx->new_dc.drsuapi.bind_guid;
+
+	/* ctx->old_dc ...*/
+
+	return ctx;
+}
+
+static bool _test_DsBind(struct torture_context *tctx,
+			 struct DsSyncTest *ctx, struct cli_credentials *credentials, struct DsSyncBindInfo *b)
+{
+	NTSTATUS status;
+	bool ret = true;
+
+	status = dcerpc_pipe_connect_b(ctx,
+				       &b->drs_pipe, ctx->drsuapi_binding,
+				       &ndr_table_drsuapi,
+				       credentials, tctx->ev, tctx->lp_ctx);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("Failed to connect to server as a BDC: %s\n", nt_errstr(status));
+		return false;
+	}
+	b->drs_handle = b->drs_pipe->binding_handle;
+
+	status = dcerpc_drsuapi_DsBind_r(b->drs_handle, ctx, &b->req);
+	if (!NT_STATUS_IS_OK(status)) {
+		const char *errstr = nt_errstr(status);
+		printf("dcerpc_drsuapi_DsBind failed - %s\n", errstr);
+		ret = false;
+	} else if (!W_ERROR_IS_OK(b->req.out.result)) {
+		printf("DsBind failed - %s\n", win_errstr(b->req.out.result));
+		ret = false;
+	}
+
+	ZERO_STRUCT(b->peer_bind_info28);
+	if (b->req.out.bind_info) {
+		switch (b->req.out.bind_info->length) {
+		case 24: {
+			struct drsuapi_DsBindInfo24 *info24;
+			info24 = &b->req.out.bind_info->info.info24;
+			b->peer_bind_info28.supported_extensions= info24->supported_extensions;
+			b->peer_bind_info28.site_guid		= info24->site_guid;
+			b->peer_bind_info28.pid			= info24->pid;
+			b->peer_bind_info28.repl_epoch		= 0;
+			break;
+		}
+		case 28: {
+			b->peer_bind_info28 = b->req.out.bind_info->info.info28;
+			break;
+		}
+		case 32: {
+			struct drsuapi_DsBindInfo32 *info32;
+			info32 = &b->req.out.bind_info->info.info32;
+			b->peer_bind_info28.supported_extensions= info32->supported_extensions;
+			b->peer_bind_info28.site_guid		= info32->site_guid;
+			b->peer_bind_info28.pid			= info32->pid;
+			b->peer_bind_info28.repl_epoch		= info32->repl_epoch;
+			break;
+		}
+		case 48: {
+			struct drsuapi_DsBindInfo48 *info48;
+			info48 = &b->req.out.bind_info->info.info48;
+			b->peer_bind_info28.supported_extensions= info48->supported_extensions;
+			b->peer_bind_info28.site_guid		= info48->site_guid;
+			b->peer_bind_info28.pid			= info48->pid;
+			b->peer_bind_info28.repl_epoch		= info48->repl_epoch;
+			break;
+		}
+		case 52: {
+			struct drsuapi_DsBindInfo52 *info52;
+			info52 = &b->req.out.bind_info->info.info52;
+			b->peer_bind_info28.supported_extensions= info52->supported_extensions;
+			b->peer_bind_info28.site_guid		= info52->site_guid;
+			b->peer_bind_info28.pid			= info52->pid;
+			b->peer_bind_info28.repl_epoch		= info52->repl_epoch;
+			break;
+		}
+		default:
+			printf("DsBind - warning: unknown BindInfo length: %u\n",
+			       b->req.out.bind_info->length);
+		}
+	}
+
+	return ret;
+}
+
+static bool test_LDAPBind(struct torture_context *tctx, struct DsSyncTest *ctx,
+			  struct cli_credentials *credentials, struct DsSyncLDAPInfo *l)
+{
+	bool ret = true;
+
+	struct ldb_context *ldb;
+
+	const char *modules_option[] = { "modules:paged_searches", NULL };
+	ctx->admin.ldap.ldb = ldb = ldb_init(ctx, tctx->ev);
+	if (ldb == NULL) {
+		return false;
+	}
+
+	/* Despite us loading the schema from the AD server, we need
+	 * the samba handlers to get the extended DN syntax stuff */
+	ret = ldb_register_samba_handlers(ldb);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(ldb);
+		return NULL;
+	}
+
+	ldb_set_modules_dir(ldb, modules_path(ldb, "ldb"));
+
+	if (ldb_set_opaque(ldb, "credentials", credentials)) {
+		talloc_free(ldb);
+		return NULL;
+	}
+
+	if (ldb_set_opaque(ldb, "loadparm", tctx->lp_ctx)) {
+		talloc_free(ldb);
+		return NULL;
+	}
+
+	ret = ldb_connect(ldb, ctx->ldap_url, 0, modules_option);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(ldb);
+		torture_assert_int_equal(tctx, ret, LDB_SUCCESS, "Failed to make LDB connection to target");
+	}
+
+	printf("connected to LDAP: %s\n", ctx->ldap_url);
+
+	return true;
+}
+
+static bool test_GetInfo(struct torture_context *tctx, struct DsSyncTest *ctx)
+{
+	struct ldb_context *ldb = ctx->admin.ldap.ldb;
+
+	/* We must have LDB connection ready by this time */
+	SMB_ASSERT(ldb != NULL);
+
+	ctx->domain_dn = ldb_dn_get_linearized(ldb_get_default_basedn(ldb));
+	torture_assert(tctx, ctx->domain_dn != NULL, "Failed to get Domain DN");
+
+	ctx->config_dn = ldb_dn_get_linearized(ldb_get_config_basedn(ldb));
+	torture_assert(tctx, ctx->config_dn != NULL, "Failed to get Domain DN");
+
+	ctx->schema_dn = ldb_dn_get_linearized(ldb_get_schema_basedn(ldb));
+	torture_assert(tctx, ctx->schema_dn != NULL, "Failed to get Domain DN");
+
+	return true;
+}
+
+static bool test_analyse_objects(struct torture_context *tctx,
+				 struct DsSyncTest *ctx,
+				 const char *partition,
+				 const struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr,
+				 uint32_t object_count,
+				 const struct drsuapi_DsReplicaObjectListItemEx *first_object,
+				 const DATA_BLOB *gensec_skey)
+{
+	static uint32_t object_id;
+	const char *save_values_dir;
+	const struct drsuapi_DsReplicaObjectListItemEx *cur;
+	struct ldb_context *ldb = ctx->admin.ldap.ldb;
+	struct ldb_dn *deleted_dn;
+	WERROR status;
+	int i, j, ret;
+	struct dsdb_extended_replicated_objects *objs;
+	struct ldb_extended_dn_control *extended_dn_ctrl;
+	struct dsdb_schema *ldap_schema;
+	struct ldb_dn *partition_dn = ldb_dn_new(tctx, ldb, partition);
+
+	torture_assert_not_null(tctx, partition_dn, "Failed to parse partition DN as as DN");
+
+	/* load dsdb_schema using remote prefixMap */
+	torture_assert(tctx,
+		       drs_util_dsdb_schema_load_ldb(tctx, ldb, mapping_ctr, false),
+		       "drs_util_dsdb_schema_load_ldb() failed");
+	ldap_schema = dsdb_get_schema(ldb, NULL);
+
+	status = dsdb_replicated_objects_convert(ldb,
+						 ldap_schema,
+						 partition_dn,
+						 mapping_ctr,
+						 object_count,
+						 first_object,
+						 0, NULL,
+						 NULL, NULL,
+						 gensec_skey,
+						 0,
+						 ctx, &objs);
+	torture_assert_werr_ok(tctx, status, "dsdb_extended_replicated_objects_convert() failed!");
+
+	extended_dn_ctrl = talloc(objs, struct ldb_extended_dn_control);
+	extended_dn_ctrl->type = 1;
+
+	deleted_dn = ldb_dn_new(objs, ldb, partition);
+	ldb_dn_add_child_fmt(deleted_dn, "CN=Deleted Objects");
+
+	for (i=0; i < objs->num_objects; i++) {
+		struct ldb_request *search_req;
+		struct ldb_result *res;
+		struct ldb_message *new_msg, *drs_msg, *ldap_msg;
+		size_t num_attrs = objs->objects[i].msg->num_elements+1;
+		const char **attrs = talloc_array(objs, const char *, num_attrs);
+		for (j=0; j < objs->objects[i].msg->num_elements; j++) {
+			attrs[j] = objs->objects[i].msg->elements[j].name;
+		}
+		attrs[j] = NULL;
+		res = talloc_zero(objs, struct ldb_result);
+		if (!res) {
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+		ret = ldb_build_search_req(&search_req, ldb, objs,
+					   objs->objects[i].msg->dn,
+					   LDB_SCOPE_BASE,
+					   NULL,
+					   attrs,
+					   NULL,
+					   res,
+					   ldb_search_default_callback,
+					   NULL);
+		if (ret != LDB_SUCCESS) {
+			return false;
+		}
+		talloc_steal(search_req, res);
+		ret = ldb_request_add_control(search_req, LDB_CONTROL_SHOW_DELETED_OID, true, NULL);
+		if (ret != LDB_SUCCESS) {
+			return false;
+		}
+
+		ret = ldb_request_add_control(search_req, LDB_CONTROL_EXTENDED_DN_OID, true, extended_dn_ctrl);
+		if (ret != LDB_SUCCESS) {
+			return false;
+		}
+
+		ret = ldb_request(ldb, search_req);
+		if (ret == LDB_SUCCESS) {
+			ret = ldb_wait(search_req->handle, LDB_WAIT_ALL);
+		}
+
+		torture_assert_int_equal(tctx, ret, LDB_SUCCESS,
+					 talloc_asprintf(tctx,
+							 "Could not re-fetch object just delivered over DRS: %s",
+							 ldb_errstring(ldb)));
+		torture_assert_int_equal(tctx, res->count, 1, "Could not re-fetch object just delivered over DRS");
+		ldap_msg = res->msgs[0];
+		for (j=0; j < ldap_msg->num_elements; j++) {
+			ldap_msg->elements[j].flags = LDB_FLAG_MOD_ADD;
+			/* For unknown reasons, there is no nTSecurityDescriptor on cn=deleted objects over LDAP, but there is over DRS!  Skip it on both transports for now here so */
+			if ((ldb_attr_cmp(ldap_msg->elements[j].name, "nTSecurityDescriptor") == 0) &&
+			    (ldb_dn_compare(ldap_msg->dn, deleted_dn) == 0)) {
+				ldb_msg_remove_element(ldap_msg, &ldap_msg->elements[j]);
+				/* Don't skip one */
+				j--;
+			}
+		}
+
+		ret = ldb_msg_normalize(ldb, search_req,
+		                        objs->objects[i].msg, &drs_msg);
+		torture_assert(tctx, ret == LDB_SUCCESS,
+			       "ldb_msg_normalize() has failed");
+
+		for (j=0; j < drs_msg->num_elements; j++) {
+			if (drs_msg->elements[j].num_values == 0) {
+				ldb_msg_remove_element(drs_msg, &drs_msg->elements[j]);
+				/* Don't skip one */
+				j--;
+
+				/* For unknown reasons, there is no nTSecurityDescriptor on cn=deleted objects over LDAP, but there is over DRS! */
+			} else if ((ldb_attr_cmp(drs_msg->elements[j].name, "nTSecurityDescriptor") == 0) &&
+				   (ldb_dn_compare(drs_msg->dn, deleted_dn) == 0)) {
+				ldb_msg_remove_element(drs_msg, &drs_msg->elements[j]);
+				/* Don't skip one */
+				j--;
+			} else if (ldb_attr_cmp(drs_msg->elements[j].name, "unicodePwd") == 0 ||
+				   ldb_attr_cmp(drs_msg->elements[j].name, "dBCSPwd") == 0 ||
+				   ldb_attr_cmp(drs_msg->elements[j].name, "userPassword") == 0 ||
+				   ldb_attr_cmp(drs_msg->elements[j].name, "ntPwdHistory") == 0 ||
+				   ldb_attr_cmp(drs_msg->elements[j].name, "lmPwdHistory") == 0 ||
+				   ldb_attr_cmp(drs_msg->elements[j].name, "supplementalCredentials") == 0 ||
+				   ldb_attr_cmp(drs_msg->elements[j].name, "priorValue") == 0 ||
+				   ldb_attr_cmp(drs_msg->elements[j].name, "currentValue") == 0 ||
+				   ldb_attr_cmp(drs_msg->elements[j].name, "trustAuthOutgoing") == 0 ||
+				   ldb_attr_cmp(drs_msg->elements[j].name, "trustAuthIncoming") == 0 ||
+				   ldb_attr_cmp(drs_msg->elements[j].name, "initialAuthOutgoing") == 0 ||
+				   ldb_attr_cmp(drs_msg->elements[j].name, "initialAuthIncoming") == 0) {
+
+				/* These are not shown over LDAP, so we need to skip them for the comparison */
+				ldb_msg_remove_element(drs_msg, &drs_msg->elements[j]);
+				/* Don't skip one */
+				j--;
+			} else {
+				drs_msg->elements[j].flags = LDB_FLAG_MOD_ADD;
+			}
+		}
+
+
+		ret = ldb_msg_difference(ldb, search_req,
+		                         drs_msg, ldap_msg, &new_msg);
+		torture_assert(tctx, ret == LDB_SUCCESS, "ldb_msg_difference() has failed");
+		if (new_msg->num_elements != 0) {
+			char *s;
+			bool is_warning = true;
+			unsigned int idx;
+			struct ldb_message_element *el;
+			const struct dsdb_attribute * a;
+			struct ldb_ldif ldif;
+			ldif.changetype = LDB_CHANGETYPE_MODIFY;
+			ldif.msg = new_msg;
+			s = ldb_ldif_write_string(ldb, new_msg, &ldif);
+			s = talloc_asprintf(tctx, "\n# Difference in between DRS and LDAP objects: \n%s", s);
+
+			ret = ldb_msg_difference(ldb, search_req,
+			                         ldap_msg, drs_msg, &ldif.msg);
+			torture_assert(tctx, ret == LDB_SUCCESS, "ldb_msg_difference() has failed");
+			s = talloc_asprintf_append(s,
+						   "\n# Difference in between LDAP and DRS objects: \n%s",
+						   ldb_ldif_write_string(ldb, new_msg, &ldif));
+
+			s = talloc_asprintf_append(s,
+						   "# Should have no objects in 'difference' message. Diff elements: %d",
+						   new_msg->num_elements);
+
+			/*
+			 * In case differences in messages are:
+			 * 1. Attributes with different values, i.e. 'replace'
+			 * 2. Those attributes are forward-link attributes
+			 * then we just warn about those differences.
+			 * It turns out windows doesn't send all of those values
+			 * in replicated_object but in linked_attributes.
+			 */
+			for (idx = 0; idx < new_msg->num_elements && is_warning; idx++) {
+				el = &new_msg->elements[idx];
+				a = dsdb_attribute_by_lDAPDisplayName(ldap_schema,
+				                                      el->name);
+				if (LDB_FLAG_MOD_TYPE(el->flags) != LDB_FLAG_MOD_ADD &&
+				    LDB_FLAG_MOD_TYPE(el->flags) != LDB_FLAG_MOD_REPLACE)
+				{
+					/* DRS only value */
+					is_warning = false;
+				} else if (a->linkID & 1) {
+					is_warning = false;
+				}
+			}
+			if (is_warning) {
+				torture_warning(tctx, "%s", s);
+			} else {
+				torture_fail(tctx, s);
+			}
+		}
+
+		/* search_req is used as a tmp talloc context in the above */
+		talloc_free(search_req);
+	}
+
+	if (!lpcfg_parm_bool(tctx->lp_ctx, NULL, "dssync", "print_pwd_blobs", false)) {
+		talloc_free(objs);
+		return true;
+	}
+
+	save_values_dir = lpcfg_parm_string(tctx->lp_ctx, NULL, "dssync", "save_pwd_blobs_dir");
+
+	for (cur = first_object; cur; cur = cur->next_object) {
+		const char *dn;
+		bool dn_printed = false;
+
+		if (!cur->object.identifier) continue;
+
+		dn = cur->object.identifier->dn;
+
+		for (i=0; i < cur->object.attribute_ctr.num_attributes; i++) {
+			const char *name = NULL;
+			DATA_BLOB plain_data;
+			struct drsuapi_DsReplicaAttribute *attr;
+			ndr_pull_flags_fn_t pull_fn = NULL;
+			ndr_print_fn_t print_fn = NULL;
+			void *ptr = NULL;
+			attr = &cur->object.attribute_ctr.attributes[i];
+
+			switch (attr->attid) {
+			case DRSUAPI_ATTID_dBCSPwd:
+				name	= "dBCSPwd";
+				break;
+			case DRSUAPI_ATTID_unicodePwd:
+				name	= "unicodePwd";
+				break;
+			case DRSUAPI_ATTID_ntPwdHistory:
+				name	= "ntPwdHistory";
+				break;
+			case DRSUAPI_ATTID_lmPwdHistory:
+				name	= "lmPwdHistory";
+				break;
+			case DRSUAPI_ATTID_supplementalCredentials:
+				name	= "supplementalCredentials";
+				pull_fn = (ndr_pull_flags_fn_t)ndr_pull_supplementalCredentialsBlob;
+				print_fn = (ndr_print_fn_t)ndr_print_supplementalCredentialsBlob;
+				ptr = talloc(ctx, struct supplementalCredentialsBlob);
+				break;
+			case DRSUAPI_ATTID_priorValue:
+				name	= "priorValue";
+				break;
+			case DRSUAPI_ATTID_currentValue:
+				name	= "currentValue";
+				break;
+			case DRSUAPI_ATTID_trustAuthOutgoing:
+				name	= "trustAuthOutgoing";
+				pull_fn = (ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob;
+				print_fn = (ndr_print_fn_t)ndr_print_trustAuthInOutBlob;
+				ptr = talloc(ctx, struct trustAuthInOutBlob);
+				break;
+			case DRSUAPI_ATTID_trustAuthIncoming:
+				name	= "trustAuthIncoming";
+				pull_fn = (ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob;
+				print_fn = (ndr_print_fn_t)ndr_print_trustAuthInOutBlob;
+				ptr = talloc(ctx, struct trustAuthInOutBlob);
+				break;
+			case DRSUAPI_ATTID_initialAuthOutgoing:
+				name	= "initialAuthOutgoing";
+				break;
+			case DRSUAPI_ATTID_initialAuthIncoming:
+				name	= "initialAuthIncoming";
+				break;
+			default:
+				continue;
+			}
+
+			if (attr->value_ctr.num_values != 1) continue;
+
+			if (!attr->value_ctr.values[0].blob) continue;
+
+			plain_data = *attr->value_ctr.values[0].blob;
+
+			if (!dn_printed) {
+				object_id++;
+				DEBUG(0,("DN[%u] %s\n", object_id, dn));
+				dn_printed = true;
+			}
+			DEBUGADD(0,("ATTR: %s plain.length=%lu\n",
+				    name, (long)plain_data.length));
+			if (plain_data.length) {
+				enum ndr_err_code ndr_err;
+				dump_data(0, plain_data.data, plain_data.length);
+				if (save_values_dir) {
+					char *fname;
+					fname = talloc_asprintf(ctx, "%s/%s%02d",
+								save_values_dir,
+								name, object_id);
+					if (fname) {
+						bool ok;
+						ok = file_save(fname, plain_data.data, plain_data.length);
+						if (!ok) {
+							DEBUGADD(0,("Failed to save '%s'\n", fname));
+						}
+					}
+					talloc_free(fname);
+				}
+
+				if (pull_fn) {
+					/* Can't use '_all' because of PIDL bugs with relative pointers */
+					ndr_err = ndr_pull_struct_blob(&plain_data, ptr,
+								       ptr, pull_fn);
+					if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+						(void)ndr_print_debug(1, print_fn, name, ptr, __location__, __func__);
+					} else {
+						DEBUG(0, ("Failed to decode %s\n", name));
+					}
+				}
+			}
+			talloc_free(ptr);
+		}
+	}
+	talloc_free(objs);
+	return true;
+}
+
+static bool test_GetNCChanges(struct torture_context *tctx,
+			      struct DsSyncTest *ctx,
+			      const char *nc_dn_str)
+{
+	NTSTATUS status;
+	bool ret = true;
+	int i, y = 0;
+	uint64_t highest_usn = 0;
+	struct drsuapi_DsGetNCChanges r;
+	union drsuapi_DsGetNCChangesRequest req;
+	struct drsuapi_DsReplicaObjectIdentifier nc;
+	struct drsuapi_DsGetNCChangesCtr1 *ctr1 = NULL;
+	struct drsuapi_DsGetNCChangesCtr6 *ctr6 = NULL;
+	uint32_t out_level = 0;
+	struct dom_sid null_sid;
+	DATA_BLOB gensec_skey;
+	struct {
+		uint32_t level;
+	} array[] = {
+/*		{
+			5
+		},
+*/		{
+			8
+		}
+	};
+
+	ZERO_STRUCT(null_sid);
+
+	highest_usn = lpcfg_parm_int(tctx->lp_ctx, NULL, "dssync", "highest_usn", 0);
+
+	array[0].level = lpcfg_parm_int(tctx->lp_ctx, NULL, "dssync", "get_nc_changes_level", array[0].level);
+
+	if (lpcfg_parm_bool(tctx->lp_ctx, NULL, "dssync", "print_pwd_blobs", false)) {
+		const struct samr_Password *nthash;
+		nthash = cli_credentials_get_nt_hash(ctx->new_dc.credentials, ctx);
+		if (nthash) {
+			dump_data_pw("CREDENTIALS nthash:", nthash->hash, sizeof(nthash->hash));
+		}
+	}
+	status = gensec_session_key(ctx->new_dc.drsuapi.drs_pipe->conn->security_state.generic_state,
+				    ctx, &gensec_skey);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("failed to get gensec session key: %s\n", nt_errstr(status));
+		return false;
+	}
+
+	for (i=0; i < ARRAY_SIZE(array); i++) {
+		printf("Testing DsGetNCChanges level %d\n",
+			array[i].level);
+
+		r.in.bind_handle	= &ctx->new_dc.drsuapi.bind_handle;
+		r.in.level		= array[i].level;
+
+		switch (r.in.level) {
+		case 5:
+			nc.guid	= GUID_zero();
+			nc.sid	= null_sid;
+			nc.dn	= nc_dn_str;
+
+			r.in.req					= &req;
+			r.in.req->req5.destination_dsa_guid		= ctx->new_dc.invocation_id;
+			r.in.req->req5.source_dsa_invocation_id = GUID_zero();
+			r.in.req->req5.naming_context			= &nc;
+			r.in.req->req5.highwatermark.tmp_highest_usn	= highest_usn;
+			r.in.req->req5.highwatermark.reserved_usn	= 0;
+			r.in.req->req5.highwatermark.highest_usn	= highest_usn;
+			r.in.req->req5.uptodateness_vector		= NULL;
+			r.in.req->req5.replica_flags			= 0;
+			if (lpcfg_parm_bool(tctx->lp_ctx, NULL, "dssync", "compression", false)) {
+				r.in.req->req5.replica_flags		|= DRSUAPI_DRS_USE_COMPRESSION;
+			}
+			if (lpcfg_parm_bool(tctx->lp_ctx, NULL, "dssync", "neighbour_writeable", true)) {
+				r.in.req->req5.replica_flags		|= DRSUAPI_DRS_WRIT_REP;
+			}
+			r.in.req->req5.replica_flags			|= DRSUAPI_DRS_INIT_SYNC
+									| DRSUAPI_DRS_PER_SYNC
+									| DRSUAPI_DRS_GET_ANC
+									| DRSUAPI_DRS_NEVER_SYNCED
+									;
+			r.in.req->req5.max_object_count			= 133;
+			r.in.req->req5.max_ndr_size			= 1336770;
+			r.in.req->req5.extended_op			= DRSUAPI_EXOP_NONE;
+			r.in.req->req5.fsmo_info			= 0;
+
+			break;
+		case 8:
+			nc.guid	= GUID_zero();
+			nc.sid	= null_sid;
+			nc.dn	= nc_dn_str;
+			/* nc.dn can be set to any other ad partition */
+
+			r.in.req					= &req;
+			r.in.req->req8.destination_dsa_guid		= ctx->new_dc.invocation_id;
+			r.in.req->req8.source_dsa_invocation_id	= GUID_zero();
+			r.in.req->req8.naming_context			= &nc;
+			r.in.req->req8.highwatermark.tmp_highest_usn	= highest_usn;
+			r.in.req->req8.highwatermark.reserved_usn	= 0;
+			r.in.req->req8.highwatermark.highest_usn	= highest_usn;
+			r.in.req->req8.uptodateness_vector		= NULL;
+			r.in.req->req8.replica_flags			= 0;
+			if (lpcfg_parm_bool(tctx->lp_ctx, NULL, "dssync", "compression", false)) {
+				r.in.req->req8.replica_flags		|= DRSUAPI_DRS_USE_COMPRESSION;
+			}
+			if (lpcfg_parm_bool(tctx->lp_ctx, NULL, "dssync", "neighbour_writeable", true)) {
+				r.in.req->req8.replica_flags		|= DRSUAPI_DRS_WRIT_REP;
+			}
+			r.in.req->req8.replica_flags			|= DRSUAPI_DRS_INIT_SYNC
+									| DRSUAPI_DRS_PER_SYNC
+									| DRSUAPI_DRS_GET_ANC
+									| DRSUAPI_DRS_NEVER_SYNCED
+									;
+			r.in.req->req8.max_object_count			= 402;
+			r.in.req->req8.max_ndr_size			= 402116;
+
+			r.in.req->req8.extended_op			= DRSUAPI_EXOP_NONE;
+			r.in.req->req8.fsmo_info			= 0;
+			r.in.req->req8.partial_attribute_set		= NULL;
+			r.in.req->req8.partial_attribute_set_ex		= NULL;
+			r.in.req->req8.mapping_ctr.num_mappings		= 0;
+			r.in.req->req8.mapping_ctr.mappings		= NULL;
+
+			break;
+		}
+
+		for (y=0; ;y++) {
+			uint32_t _level = 0;
+			union drsuapi_DsGetNCChangesCtr ctr;
+
+			ZERO_STRUCT(r.out);
+
+			r.out.level_out = &_level;
+			r.out.ctr	= &ctr;
+
+			if (r.in.level == 5) {
+				torture_comment(tctx,
+						"start[%d] tmp_higest_usn: %llu , highest_usn: %llu\n",
+						y,
+						(unsigned long long) r.in.req->req5.highwatermark.tmp_highest_usn,
+						(unsigned long long) r.in.req->req5.highwatermark.highest_usn);
+			}
+
+			if (r.in.level == 8) {
+				torture_comment(tctx,
+						"start[%d] tmp_higest_usn: %llu , highest_usn: %llu\n",
+						y,
+						(unsigned long long) r.in.req->req8.highwatermark.tmp_highest_usn,
+						(unsigned long long) r.in.req->req8.highwatermark.highest_usn);
+			}
+
+			status = dcerpc_drsuapi_DsGetNCChanges_r(ctx->new_dc.drsuapi.drs_handle, ctx, &r);
+			torture_drsuapi_assert_call(tctx, ctx->new_dc.drsuapi.drs_pipe, status,
+						    &r, "dcerpc_drsuapi_DsGetNCChanges");
+
+			if (ret == true && *r.out.level_out == 1) {
+				out_level = 1;
+				ctr1 = &r.out.ctr->ctr1;
+			} else if (ret == true && *r.out.level_out == 2 &&
+				   r.out.ctr->ctr2.mszip1.ts) {
+				out_level = 1;
+				ctr1 = &r.out.ctr->ctr2.mszip1.ts->ctr1;
+			}
+
+			if (out_level == 1) {
+				torture_comment(tctx,
+						"end[%d] tmp_highest_usn: %llu , highest_usn: %llu\n",
+						y,
+						(unsigned long long) ctr1->new_highwatermark.tmp_highest_usn,
+						(unsigned long long) ctr1->new_highwatermark.highest_usn);
+
+				if (!test_analyse_objects(tctx, ctx, nc_dn_str, &ctr1->mapping_ctr,  ctr1->object_count,
+							  ctr1->first_object, &gensec_skey)) {
+					return false;
+				}
+
+				if (ctr1->more_data) {
+					r.in.req->req5.highwatermark = ctr1->new_highwatermark;
+					continue;
+				}
+			}
+
+			if (ret == true && *r.out.level_out == 6) {
+				out_level = 6;
+				ctr6 = &r.out.ctr->ctr6;
+			} else if (ret == true && *r.out.level_out == 7
+				   && r.out.ctr->ctr7.level == 6
+				   && r.out.ctr->ctr7.type == DRSUAPI_COMPRESSION_TYPE_MSZIP
+				   && r.out.ctr->ctr7.ctr.mszip6.ts) {
+				out_level = 6;
+				ctr6 = &r.out.ctr->ctr7.ctr.mszip6.ts->ctr6;
+			} else if (ret == true && *r.out.level_out == 7
+				   && r.out.ctr->ctr7.level == 6
+				   && r.out.ctr->ctr7.type == DRSUAPI_COMPRESSION_TYPE_WIN2K3_LZ77_DIRECT2
+				   && r.out.ctr->ctr7.ctr.xpress6.ts) {
+				out_level = 6;
+				ctr6 = &r.out.ctr->ctr7.ctr.xpress6.ts->ctr6;
+			}
+
+			if (out_level == 6) {
+				torture_comment(tctx,
+						"end[%d] tmp_highest_usn: %llu , highest_usn: %llu\n",
+						y,
+						(unsigned long long) ctr6->new_highwatermark.tmp_highest_usn,
+						(unsigned long long) ctr6->new_highwatermark.highest_usn);
+
+				if (!test_analyse_objects(tctx, ctx, nc_dn_str, &ctr6->mapping_ctr,  ctr6->object_count,
+							  ctr6->first_object, &gensec_skey)) {
+					return false;
+				}
+
+				if (ctr6->more_data) {
+					r.in.req->req8.highwatermark = ctr6->new_highwatermark;
+					continue;
+				}
+			}
+
+			break;
+		}
+	}
+
+	return ret;
+}
+
+/**
+ * Test DsGetNCChanges() DRSUAPI call against one
+ * or more Naming Contexts.
+ * Specific NC to test with may be supplied
+ * in lp_ctx configuration. If no NC is specified,
+ * it will test DsGetNCChanges() on all NCs on remote DC
+ */
+static bool test_FetchData(struct torture_context *tctx, struct DsSyncTest *ctx)
+{
+	bool ret = true;
+	size_t i, count;
+	const char *nc_dn_str;
+	const char **nc_list;
+
+	nc_list = const_str_list(str_list_make_empty(ctx));
+	torture_assert(tctx, nc_list, "Not enough memory!");
+
+	/* make a list of partitions to test with */
+	nc_dn_str = lpcfg_parm_string(tctx->lp_ctx, NULL, "dssync", "partition");
+	if (nc_dn_str == NULL) {
+		nc_list = str_list_add_const(nc_list, ctx->domain_dn);
+		nc_list = str_list_add_const(nc_list, ctx->config_dn);
+		nc_list = str_list_add_const(nc_list, ctx->schema_dn);
+	} else {
+		nc_list = str_list_add_const(nc_list, nc_dn_str);
+	}
+
+	count = str_list_length(nc_list);
+	for (i = 0; i < count && ret; i++) {
+		torture_comment(tctx, "\nNaming Context: %s\n", nc_list[i]);
+		ret = test_GetNCChanges(tctx, ctx, nc_list[i]);
+	}
+
+	talloc_free(nc_list);
+	return ret;
+}
+
+
+static bool test_FetchNT4Data(struct torture_context *tctx,
+			      struct DsSyncTest *ctx)
+{
+	NTSTATUS status;
+	struct drsuapi_DsGetNT4ChangeLog r;
+	union drsuapi_DsGetNT4ChangeLogRequest req;
+	union drsuapi_DsGetNT4ChangeLogInfo info;
+	uint32_t level_out = 0;
+	DATA_BLOB cookie;
+
+	ZERO_STRUCT(cookie);
+
+	ZERO_STRUCT(r);
+	r.in.bind_handle	= &ctx->new_dc.drsuapi.bind_handle;
+	r.in.level		= 1;
+	r.out.info		= &info;
+	r.out.level_out		= &level_out;
+
+	req.req1.flags = lpcfg_parm_int(tctx->lp_ctx, NULL,
+				     "dssync", "nt4changelog_flags",
+				     DRSUAPI_NT4_CHANGELOG_GET_CHANGELOG |
+				     DRSUAPI_NT4_CHANGELOG_GET_SERIAL_NUMBERS);
+	req.req1.preferred_maximum_length = lpcfg_parm_int(tctx->lp_ctx, NULL,
+					"dssync", "nt4changelog_preferred_len",
+					0x00004000);
+
+	while (1) {
+		req.req1.restart_length = cookie.length;
+		req.req1.restart_data = cookie.data;
+
+		r.in.req = &req;
+
+		status = dcerpc_drsuapi_DsGetNT4ChangeLog_r(ctx->new_dc.drsuapi.drs_handle, ctx, &r);
+		if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) {
+			torture_skip(tctx,
+			             "DsGetNT4ChangeLog not supported: NT_STATUS_NOT_IMPLEMENTED");
+		} else if (!NT_STATUS_IS_OK(status)) {
+			const char *errstr = nt_errstr(status);
+			if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) {
+				torture_skip(tctx,
+				             "DsGetNT4ChangeLog not supported: NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE");
+			}
+			torture_fail(tctx,
+				     talloc_asprintf(tctx, "dcerpc_drsuapi_DsGetNT4ChangeLog failed - %s\n",
+						     errstr));
+		} else if (W_ERROR_EQUAL(r.out.result, WERR_INVALID_DOMAIN_ROLE)) {
+			torture_skip(tctx,
+			             "DsGetNT4ChangeLog not supported: WERR_INVALID_DOMAIN_ROLE");
+		} else if (!W_ERROR_IS_OK(r.out.result)) {
+			torture_fail(tctx,
+				     talloc_asprintf(tctx, "DsGetNT4ChangeLog failed - %s\n",
+						     win_errstr(r.out.result)));
+		} else if (*r.out.level_out != 1) {
+			torture_fail(tctx,
+				     talloc_asprintf(tctx, "DsGetNT4ChangeLog unknown level - %u\n",
+						     *r.out.level_out));
+		} else if (NT_STATUS_IS_OK(r.out.info->info1.status)) {
+		} else if (NT_STATUS_EQUAL(r.out.info->info1.status, STATUS_MORE_ENTRIES)) {
+			cookie.length	= r.out.info->info1.restart_length;
+			cookie.data	= r.out.info->info1.restart_data;
+			continue;
+		} else {
+			torture_fail(tctx,
+				     talloc_asprintf(tctx, "DsGetNT4ChangeLog failed - %s\n",
+						     nt_errstr(r.out.info->info1.status)));
+		}
+
+		break;
+	}
+
+	return true;
+}
+
+/**
+ * DSSYNC test case setup
+ */
+static bool torture_dssync_tcase_setup(struct torture_context *tctx, void **data)
+{
+	bool bret;
+	struct DsSyncTest *ctx;
+
+	*data = ctx = test_create_context(tctx);
+	torture_assert(tctx, ctx, "test_create_context() failed");
+
+	bret = _test_DsBind(tctx, ctx, ctx->admin.credentials, &ctx->admin.drsuapi);
+	torture_assert(tctx, bret, "_test_DsBind() failed");
+
+	bret = test_LDAPBind(tctx, ctx, ctx->admin.credentials, &ctx->admin.ldap);
+	torture_assert(tctx, bret, "test_LDAPBind() failed");
+
+	bret = test_GetInfo(tctx, ctx);
+	torture_assert(tctx, bret, "test_GetInfo() failed");
+
+	bret = _test_DsBind(tctx, ctx, ctx->new_dc.credentials, &ctx->new_dc.drsuapi);
+	torture_assert(tctx, bret, "_test_DsBind() failed");
+
+	return true;
+}
+
+/**
+ * DSSYNC test case cleanup
+ */
+static bool torture_dssync_tcase_teardown(struct torture_context *tctx, void *data)
+{
+	struct DsSyncTest *ctx;
+	struct drsuapi_DsUnbind r;
+	struct policy_handle bind_handle;
+
+	ctx = talloc_get_type(data, struct DsSyncTest);
+
+	ZERO_STRUCT(r);
+	r.out.bind_handle = &bind_handle;
+
+	/* Unbing admin handle */
+	r.in.bind_handle = &ctx->admin.drsuapi.bind_handle;
+	dcerpc_drsuapi_DsUnbind_r(ctx->admin.drsuapi.drs_handle, ctx, &r);
+
+	/* Unbing new_dc handle */
+	r.in.bind_handle = &ctx->new_dc.drsuapi.bind_handle;
+	dcerpc_drsuapi_DsUnbind_r(ctx->new_dc.drsuapi.drs_handle, ctx, &r);
+
+	talloc_free(ctx);
+
+	return true;
+}
+
+/**
+ * DSSYNC test case implementation
+ */
+void torture_drs_rpc_dssync_tcase(struct torture_suite *suite)
+{
+	typedef bool (*run_func) (struct torture_context *test, void *tcase_data);
+	struct torture_tcase *tcase = torture_suite_add_tcase(suite, "dssync");
+
+	torture_tcase_set_fixture(tcase,
+				  torture_dssync_tcase_setup,
+				  torture_dssync_tcase_teardown);
+
+	torture_tcase_add_simple_test(tcase, "DC_FetchData", (run_func)test_FetchData);
+	torture_tcase_add_simple_test(tcase, "FetchNT4Data", (run_func)test_FetchNT4Data);
+}
+
diff --git a/source4/torture/drs/rpc/msds_intid.c b/source4/torture/drs/rpc/msds_intid.c
new file mode 100644
index 0000000..1bc5c32
--- /dev/null
+++ b/source4/torture/drs/rpc/msds_intid.c
@@ -0,0 +1,792 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   msDS-IntId attribute replication test.
+
+   Copyright (C) Kamen Mazdrashki <kamenim@samba.org> 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/cmdline/cmdline.h"
+#include "librpc/gen_ndr/ndr_drsuapi_c.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "libcli/cldap/cldap.h"
+#include "torture/torture.h"
+#include "../libcli/drsuapi/drsuapi.h"
+#include "auth/gensec/gensec.h"
+#include "param/param.h"
+#include "dsdb/samdb/samdb.h"
+#include "torture/rpc/torture_rpc.h"
+#include "torture/drs/proto.h"
+#include "lib/tsocket/tsocket.h"
+#include "libcli/resolve/resolve.h"
+#include "lib/util/util_paths.h"
+
+struct DsSyncBindInfo {
+	struct dcerpc_pipe *drs_pipe;
+	struct dcerpc_binding_handle *drs_handle;
+	struct drsuapi_DsBind req;
+	struct GUID bind_guid;
+	struct drsuapi_DsBindInfoCtr our_bind_info_ctr;
+	struct drsuapi_DsBindInfo28 our_bind_info28;
+	struct drsuapi_DsBindInfo28 peer_bind_info28;
+	struct policy_handle bind_handle;
+};
+
+struct DsaBindInfo {
+	struct dcerpc_binding 		*server_binding;
+
+	struct dcerpc_pipe 		*drs_pipe;
+	struct dcerpc_binding_handle 	*drs_handle;
+
+	DATA_BLOB 			gensec_skey;
+	struct drsuapi_DsBindInfo48	srv_info48;
+	struct policy_handle		rpc_handle;
+};
+
+struct DsIntIdTestCtx {
+	const char *ldap_url;
+	const char *domain_dn;
+	const char *config_dn;
+	const char *schema_dn;
+
+	/* what we need to do as 'Administrator' */
+	struct cli_credentials 	*creds;
+	struct DsaBindInfo  	dsa_bind;
+	struct ldb_context 	*ldb;
+
+};
+
+/* Format string to create provision LDIF with */
+#define PROVISION_LDIF_FMT \
+		"###########################################################\n" \
+		"# Format string with positional params:\n" \
+		"#  1 - (int) Unique ID between 1 and 2^16\n" \
+		"#  2 - (string) Domain DN\n" \
+		"###########################################################\n" \
+		"\n" \
+		"###########################################################\n" \
+		"# Update schema\n" \
+		"###########################################################\n" \
+		"dn: CN=msds-intid-%1$d,CN=Schema,CN=Configuration,%2$s\n" \
+		"changetype: add\n" \
+		"objectClass: top\n" \
+		"objectClass: attributeSchema\n" \
+		"cn: msds-intid-%1$d\n" \
+		"attributeID: 1.3.6.1.4.1.7165.4.6.1.%1$d.1.5.9940\n" \
+		"attributeSyntax: 2.5.5.10\n" \
+		"omSyntax: 4\n" \
+		"instanceType: 4\n" \
+		"isSingleValued: TRUE\n" \
+		"systemOnly: FALSE\n" \
+		"\n" \
+		"# schemaUpdateNow\n" \
+		"DN:\n" \
+		"changeType: modify\n" \
+		"add: schemaUpdateNow\n" \
+		"schemaUpdateNow: 1\n" \
+		"-\n" \
+		"\n" \
+		"###########################################################\n" \
+		"# Update schema (with linked attribute)\n" \
+		"###########################################################\n" \
+		"dn: CN=msds-intid-link-%1$d,CN=Schema,CN=Configuration,%2$s\n" \
+		"changetype: add\n" \
+		"objectClass: top\n" \
+		"objectClass: attributeSchema\n" \
+		"cn: msds-intid-link-%1$d\n" \
+		"attributeID: 1.3.6.1.4.1.7165.4.6.1.%1$d.1.5.9941\n" \
+		"attributeSyntax: 2.5.5.1\n" \
+		"omSyntax: 127\n" \
+		"instanceType: 4\n" \
+		"isSingleValued: TRUE\n" \
+		"systemOnly: FALSE\n" \
+		"linkID: 1.2.840.113556.1.2.50\n" \
+		"\n" \
+		"# schemaUpdateNow\n" \
+		"DN:\n" \
+		"changeType: modify\n" \
+		"add: schemaUpdateNow\n" \
+		"schemaUpdateNow: 1\n" \
+		"-\n" \
+		"\n" \
+		"###########################################################\n" \
+		"# Update User class\n" \
+		"###########################################################\n" \
+		"dn: CN=User,CN=Schema,CN=Configuration,%2$s\n" \
+		"changetype: modify\n" \
+		"add: mayContain\n" \
+		"mayContain: msdsIntid%1$d\n" \
+		"mayContain: msdsIntidLink%1$d\n" \
+		"-\n" \
+		"\n" \
+		"# schemaUpdateNow\n" \
+		"DN:\n" \
+		"changeType: modify\n" \
+		"add: schemaUpdateNow\n" \
+		"schemaUpdateNow: 1\n" \
+		"-\n" \
+		"\n" \
+		"###########################################################\n" \
+		"# create user to test with\n" \
+		"###########################################################\n" \
+		"dn: CN=dsIntId_usr_%1$d,CN=Users,%2$s\n" \
+		"changetype: add\n" \
+		"objectClass: user\n" \
+		"cn: dsIntId_usr_%1$d\n" \
+		"name: dsIntId_usr_%1$d\n" \
+		"displayName: dsIntId_usr_%1$d\n" \
+		"sAMAccountName: dsIntId_usr_%1$d\n" \
+		"msdsIntid%1$d: msDS-IntId-%1$d attribute value\n" \
+		"msdsIntidLink%1$d: %2$s\n" \
+		"\n"
+
+
+static struct DsIntIdTestCtx *_dsintid_create_context(struct torture_context *tctx)
+{
+	NTSTATUS status;
+	struct DsIntIdTestCtx *ctx;
+	struct dcerpc_binding *server_binding;
+	const char *binding = torture_setting_string(tctx, "binding", NULL);
+
+	/* Create test suite context */
+	ctx = talloc_zero(tctx, struct DsIntIdTestCtx);
+	if (!ctx) {
+		torture_result(tctx, TORTURE_FAIL, "Not enough memory!");
+		return NULL;
+	}
+
+	/* parse binding object */
+	status = dcerpc_parse_binding(ctx, binding, &server_binding);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_result(tctx, TORTURE_FAIL,
+		               "Bad binding string '%s': %s", binding, nt_errstr(status));
+		return NULL;
+	}
+
+	status = dcerpc_binding_set_flags(server_binding,
+					  DCERPC_SIGN | DCERPC_SEAL, 0);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_result(tctx, TORTURE_FAIL,
+		               "dcerpc_binding_set_flags: %s", nt_errstr(status));
+		return NULL;
+	}
+
+	/* populate test suite context */
+	ctx->creds = samba_cmdline_get_creds();
+	ctx->dsa_bind.server_binding = server_binding;
+
+	ctx->ldap_url = talloc_asprintf(ctx, "ldap://%s",
+			dcerpc_binding_get_string_option(server_binding, "host"));
+
+	return ctx;
+}
+
+static bool _test_DsaBind(struct torture_context *tctx,
+			 TALLOC_CTX *mem_ctx,
+			 struct cli_credentials *credentials,
+			 uint32_t req_extensions,
+			 struct DsaBindInfo *bi)
+{
+	NTSTATUS status;
+	struct GUID bind_guid;
+	struct drsuapi_DsBind r;
+	struct drsuapi_DsBindInfoCtr bind_info_ctr;
+	uint32_t supported_extensions;
+
+	/* make DCE RPC connection */
+	status = dcerpc_pipe_connect_b(mem_ctx,
+				       &bi->drs_pipe,
+				       bi->server_binding,
+				       &ndr_table_drsuapi,
+				       credentials, tctx->ev, tctx->lp_ctx);
+	torture_assert_ntstatus_ok(tctx, status, "Failed to connect to server");
+
+	bi->drs_handle = bi->drs_pipe->binding_handle;
+
+	status = gensec_session_key(bi->drs_pipe->conn->security_state.generic_state,
+	                            mem_ctx, &bi->gensec_skey);
+	torture_assert_ntstatus_ok(tctx, status, "failed to get gensec session key");
+
+	/* Bind to DRSUAPI interface */
+	GUID_from_string(DRSUAPI_DS_BIND_GUID_W2K3, &bind_guid);
+
+	/*
+	 * Add flags that should be 1, according to MS docs.
+	 * It turns out DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
+	 * is actually required in order for GetNCChanges() to
+	 * return schemaInfo entry in the prefixMap returned.
+	 * Use DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION so
+	 * we are able to fetch sensitive data.
+	 */
+	supported_extensions = req_extensions
+			     | DRSUAPI_SUPPORTED_EXTENSION_BASE
+			     | DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
+			     | DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
+			     | DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
+			     | DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION;
+
+	ZERO_STRUCT(bind_info_ctr);
+	bind_info_ctr.length = 28;
+	bind_info_ctr.info.info28.supported_extensions = supported_extensions;
+
+	r.in.bind_guid = &bind_guid;
+	r.in.bind_info = &bind_info_ctr;
+	r.out.bind_handle = &bi->rpc_handle;
+
+	status = dcerpc_drsuapi_DsBind_r(bi->drs_handle, mem_ctx, &r);
+	torture_drsuapi_assert_call(tctx, bi->drs_pipe, status,
+				    &r, "dcerpc_drsuapi_DsBind_r");
+
+
+	switch (r.out.bind_info->length) {
+	case 24: {
+		struct drsuapi_DsBindInfo24 *info24;
+		info24 = &r.out.bind_info->info.info24;
+		bi->srv_info48.supported_extensions	= info24->supported_extensions;
+		bi->srv_info48.site_guid		= info24->site_guid;
+		bi->srv_info48.pid			= info24->pid;
+		break;
+	}
+	case 28: {
+		struct drsuapi_DsBindInfo28 *info28;
+		info28 = &r.out.bind_info->info.info28;
+		bi->srv_info48.supported_extensions	= info28->supported_extensions;
+		bi->srv_info48.site_guid		= info28->site_guid;
+		bi->srv_info48.pid			= info28->pid;
+		bi->srv_info48.repl_epoch		= info28->repl_epoch;
+		break;
+	}
+	case 32: {
+		struct drsuapi_DsBindInfo32 *info32;
+		info32 = &r.out.bind_info->info.info32;
+		bi->srv_info48.supported_extensions	= info32->supported_extensions;
+		bi->srv_info48.site_guid		= info32->site_guid;
+		bi->srv_info48.pid			= info32->pid;
+		bi->srv_info48.repl_epoch		= info32->repl_epoch;
+		break;
+	}
+	case 48: {
+		bi->srv_info48 = r.out.bind_info->info.info48;
+		break;
+	}
+	case 52: {
+		struct drsuapi_DsBindInfo52 *info52;
+		info52 = &r.out.bind_info->info.info52;
+		bi->srv_info48.supported_extensions	= info52->supported_extensions;
+		bi->srv_info48.site_guid		= info52->site_guid;
+		bi->srv_info48.pid			= info52->pid;
+		bi->srv_info48.repl_epoch		= info52->repl_epoch;
+		break;
+	}
+	default:
+		torture_result(tctx, TORTURE_FAIL,
+		               "DsBind: unknown BindInfo length: %u",
+		               r.out.bind_info->length);
+		return false;
+	}
+
+	/* check if server supports extensions we've requested */
+	if ((bi->srv_info48.supported_extensions & req_extensions) != req_extensions) {
+		torture_result(tctx, TORTURE_FAIL,
+		               "Server does not support requested extensions. "
+		               "Requested: 0x%08X, Supported: 0x%08X",
+		               req_extensions, bi->srv_info48.supported_extensions);
+		return false;
+	}
+
+	return true;
+}
+
+static bool _test_LDAPBind(struct torture_context *tctx,
+			   TALLOC_CTX *mem_ctx,
+			   struct cli_credentials *credentials,
+			   const char *ldap_url,
+			   struct ldb_context **_ldb)
+{
+	bool ret = true;
+
+	struct ldb_context *ldb;
+
+	const char *modules_option[] = { "modules:paged_searches", NULL };
+	ldb = ldb_init(mem_ctx, tctx->ev);
+	if (ldb == NULL) {
+		return false;
+	}
+
+	/* Despite us loading the schema from the AD server, we need
+	 * the samba handlers to get the extended DN syntax stuff */
+	ret = ldb_register_samba_handlers(ldb);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(ldb);
+		return NULL;
+	}
+
+	ldb_set_modules_dir(ldb, modules_path(ldb, "ldb"));
+
+	if (ldb_set_opaque(ldb, "credentials", credentials) != LDB_SUCCESS) {
+		talloc_free(ldb);
+		return NULL;
+	}
+
+	if (ldb_set_opaque(ldb, "loadparm", tctx->lp_ctx) != LDB_SUCCESS) {
+		talloc_free(ldb);
+		return NULL;
+	}
+
+	ret = ldb_connect(ldb, ldap_url, 0, modules_option);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(ldb);
+		torture_assert_int_equal(tctx, ret, LDB_SUCCESS, "Failed to make LDB connection to target");
+	}
+
+	*_ldb = ldb;
+
+	return true;
+}
+
+static bool _test_provision(struct torture_context *tctx, struct DsIntIdTestCtx *ctx)
+{
+	int ret;
+	char *ldif_str;
+	const char *pstr;
+	struct ldb_ldif *ldif;
+	uint32_t attr_id;
+	struct ldb_context *ldb = ctx->ldb;
+
+	/* We must have LDB connection ready by this time */
+	SMB_ASSERT(ldb != NULL);
+
+	ctx->domain_dn = ldb_dn_get_linearized(ldb_get_default_basedn(ldb));
+	torture_assert(tctx, ctx->domain_dn != NULL, "Failed to get Domain DN");
+
+	ctx->config_dn = ldb_dn_get_linearized(ldb_get_config_basedn(ldb));
+	torture_assert(tctx, ctx->config_dn != NULL, "Failed to get Domain DN");
+
+	ctx->schema_dn = ldb_dn_get_linearized(ldb_get_schema_basedn(ldb));
+	torture_assert(tctx, ctx->schema_dn != NULL, "Failed to get Domain DN");
+
+	/* prepare LDIF to provision with */
+	attr_id = generate_random() % 0xFFFF;
+	pstr = ldif_str = talloc_asprintf(ctx, PROVISION_LDIF_FMT,
+	                                  attr_id, ctx->domain_dn);
+
+	/* Provision test data */
+	while ((ldif = ldb_ldif_read_string(ldb, &pstr)) != NULL) {
+		switch (ldif->changetype) {
+		case LDB_CHANGETYPE_DELETE:
+			ret = ldb_delete(ldb, ldif->msg->dn);
+			break;
+		case LDB_CHANGETYPE_MODIFY:
+			ret = ldb_modify(ldb, ldif->msg);
+			break;
+		case LDB_CHANGETYPE_ADD:
+		default:
+			ret = ldb_add(ldb, ldif->msg);
+			break;
+		}
+		if (ret != LDB_SUCCESS) {
+			char *msg = talloc_asprintf(ctx,
+			                            "Failed to apply ldif - %s (%s): \n%s",
+			                            ldb_errstring(ldb),
+			                            ldb_strerror(ret),
+			                            ldb_ldif_write_string(ldb, ctx, ldif));
+			torture_fail(tctx, msg);
+
+		}
+		ldb_ldif_read_free(ldb, ldif);
+	}
+
+	return true;
+}
+
+
+static bool _test_GetNCChanges(struct torture_context *tctx,
+			       struct DsaBindInfo *bi,
+			       const char *nc_dn_str,
+			       TALLOC_CTX *mem_ctx,
+			       struct drsuapi_DsGetNCChangesCtr6 **_ctr6)
+{
+	NTSTATUS status;
+	struct drsuapi_DsGetNCChanges r;
+	union drsuapi_DsGetNCChangesRequest req;
+	struct drsuapi_DsReplicaObjectIdentifier nc;
+	struct drsuapi_DsGetNCChangesCtr6 *ctr6_chunk = NULL;
+	struct drsuapi_DsGetNCChangesCtr6 ctr6;
+	uint32_t _level = 0;
+	union drsuapi_DsGetNCChangesCtr ctr;
+
+	struct dom_sid null_sid;
+
+	ZERO_STRUCT(null_sid);
+
+	/* fill-in Naming Context */
+	nc.guid	= GUID_zero();
+	nc.sid	= null_sid;
+	nc.dn	= nc_dn_str;
+
+	/* fill-in request fields */
+	req.req8.destination_dsa_guid		= GUID_random();
+	req.req8.source_dsa_invocation_id	= GUID_zero();
+	req.req8.naming_context			= &nc;
+	req.req8.highwatermark.tmp_highest_usn	= 0;
+	req.req8.highwatermark.reserved_usn	= 0;
+	req.req8.highwatermark.highest_usn	= 0;
+	req.req8.uptodateness_vector		= NULL;
+	req.req8.replica_flags			= DRSUAPI_DRS_WRIT_REP
+						| DRSUAPI_DRS_INIT_SYNC
+						| DRSUAPI_DRS_PER_SYNC
+						| DRSUAPI_DRS_GET_ANC
+						| DRSUAPI_DRS_NEVER_SYNCED
+						;
+	req.req8.max_object_count		= 402;
+	req.req8.max_ndr_size			= 402116;
+
+	req.req8.extended_op			= DRSUAPI_EXOP_NONE;
+	req.req8.fsmo_info			= 0;
+	req.req8.partial_attribute_set		= NULL;
+	req.req8.partial_attribute_set_ex	= NULL;
+	req.req8.mapping_ctr.num_mappings	= 0;
+	req.req8.mapping_ctr.mappings		= NULL;
+
+	r.in.bind_handle	= &bi->rpc_handle;
+	r.in.level		= 8;
+	r.in.req		= &req;
+
+	ZERO_STRUCT(r.out);
+	r.out.level_out 	= &_level;
+	r.out.ctr		= &ctr;
+
+	ZERO_STRUCT(ctr6);
+	do {
+		ZERO_STRUCT(ctr);
+
+		status = dcerpc_drsuapi_DsGetNCChanges_r(bi->drs_handle, mem_ctx, &r);
+		torture_drsuapi_assert_call(tctx, bi->drs_pipe, status,
+					    &r, "dcerpc_drsuapi_DsGetNCChanges_r");
+
+		/* we expect to get level 6 reply */
+		torture_assert_int_equal(tctx, _level, 6, "Expected level 6 reply");
+
+		/* store this chunk for later use */
+		ctr6_chunk = &r.out.ctr->ctr6;
+
+		if (!ctr6.first_object) {
+			ctr6 = *ctr6_chunk;
+		} else {
+			struct drsuapi_DsReplicaObjectListItemEx *cur;
+
+			ctr6.object_count += ctr6_chunk->object_count;
+			for (cur = ctr6.first_object; cur->next_object; cur = cur->next_object) {}
+			cur->next_object = ctr6_chunk->first_object;
+
+			if (ctr6_chunk->linked_attributes_count != 0) {
+				uint32_t i;
+				ctr6.linked_attributes = talloc_realloc(mem_ctx, ctr6.linked_attributes,
+								       struct drsuapi_DsReplicaLinkedAttribute,
+								       ctr6.linked_attributes_count + ctr6_chunk->linked_attributes_count);
+				for (i = 0; i < ctr6_chunk->linked_attributes_count; i++) {
+					ctr6.linked_attributes[ctr6.linked_attributes_count++] = ctr6_chunk->linked_attributes[i];
+				}
+			}
+		}
+
+		/* prepare for next request */
+		r.in.req->req8.highwatermark = ctr6_chunk->new_highwatermark;
+
+	} while (ctr6_chunk->more_data);
+
+	*_ctr6 = talloc(mem_ctx, struct drsuapi_DsGetNCChangesCtr6);
+	torture_assert(mem_ctx, *_ctr6, "Not enough memory");
+	**_ctr6 = ctr6;
+
+	return true;
+}
+
+static char * _make_error_message(TALLOC_CTX *mem_ctx,
+				  enum drsuapi_DsAttributeId drs_attid,
+				  const struct dsdb_attribute *dsdb_attr,
+				  const struct drsuapi_DsReplicaObjectIdentifier *identifier)
+{
+	return talloc_asprintf(mem_ctx, "\nInvalid ATTID for %1$s (%2$s)\n"
+			       " drs_attid:      %3$11d (0x%3$08X)\n"
+			       " msDS_IntId:     %4$11d (0x%4$08X)\n"
+			       " attributeId_id: %5$11d (0x%5$08X)",
+			       dsdb_attr->lDAPDisplayName,
+			       identifier->dn,
+			       drs_attid,
+			       dsdb_attr->msDS_IntId,
+			       dsdb_attr->attributeID_id);
+}
+
+/**
+ * Fetch Schema NC and check ATTID values returned.
+ * When Schema partition is replicated, ATTID
+ * should always be made using prefixMap
+ */
+static bool test_dsintid_schema(struct torture_context *tctx, struct DsIntIdTestCtx *ctx)
+{
+	uint32_t i;
+	const struct dsdb_schema *ldap_schema;
+	struct drsuapi_DsGetNCChangesCtr6 *ctr6 = NULL;
+	const struct dsdb_attribute *dsdb_attr;
+	const struct drsuapi_DsReplicaAttribute *drs_attr;
+	const struct drsuapi_DsReplicaAttributeCtr *attr_ctr;
+	const struct drsuapi_DsReplicaObjectListItemEx *cur;
+	const struct drsuapi_DsReplicaLinkedAttribute *la;
+	TALLOC_CTX *mem_ctx;
+
+	mem_ctx = talloc_new(ctx);
+	torture_assert(tctx, mem_ctx, "Not enough memory");
+
+	/* fetch whole Schema partition */
+	torture_comment(tctx, "Fetch partition: %s\n", ctx->schema_dn);
+	if (!_test_GetNCChanges(tctx, &ctx->dsa_bind, ctx->schema_dn, mem_ctx, &ctr6)) {
+		torture_fail(tctx, "_test_GetNCChanges() failed");
+	}
+
+	/* load schema if not loaded yet */
+	torture_comment(tctx, "Loading schema...\n");
+	if (!drs_util_dsdb_schema_load_ldb(tctx, ctx->ldb, &ctr6->mapping_ctr, false)) {
+		torture_fail(tctx, "drs_util_dsdb_schema_load_ldb() failed");
+	}
+	ldap_schema = dsdb_get_schema(ctx->ldb, NULL);
+
+	/* verify ATTIDs fetched */
+	torture_comment(tctx, "Verify ATTIDs fetched\n");
+	for (cur = ctr6->first_object; cur; cur = cur->next_object) {
+		attr_ctr = &cur->object.attribute_ctr;
+		for (i = 0; i < attr_ctr->num_attributes; i++) {
+			drs_attr = &attr_ctr->attributes[i];
+			dsdb_attr = dsdb_attribute_by_attributeID_id(ldap_schema,
+			                                             drs_attr->attid);
+
+			torture_assert(tctx,
+				       drs_attr->attid == dsdb_attr->attributeID_id,
+				       _make_error_message(ctx, drs_attr->attid,
+							   dsdb_attr,
+							   cur->object.identifier));
+			if (dsdb_attr->msDS_IntId) {
+				torture_assert(tctx,
+					       drs_attr->attid != dsdb_attr->msDS_IntId,
+					       _make_error_message(ctx, drs_attr->attid,
+								   dsdb_attr,
+								   cur->object.identifier));
+			}
+		}
+	}
+
+	/* verify ATTIDs for Linked Attributes */
+	torture_comment(tctx, "Verify ATTIDs for Linked Attributes (%u)\n",
+			ctr6->linked_attributes_count);
+	for (i = 0; i < ctr6->linked_attributes_count; i++) {
+		la = &ctr6->linked_attributes[i];
+		dsdb_attr = dsdb_attribute_by_attributeID_id(ldap_schema, la->attid);
+
+		torture_assert(tctx,
+			       la->attid == dsdb_attr->attributeID_id,
+			       _make_error_message(ctx, la->attid,
+						   dsdb_attr,
+						   la->identifier));
+		if (dsdb_attr->msDS_IntId) {
+			torture_assert(tctx,
+				       la->attid != dsdb_attr->msDS_IntId,
+				       _make_error_message(ctx, la->attid,
+							   dsdb_attr,
+							   la->identifier));
+		}
+	}
+
+	talloc_free(mem_ctx);
+
+	return true;
+}
+
+/**
+ * Fetch non-Schema NC and check ATTID values returned.
+ * When non-Schema partition is replicated, ATTID
+ * should be msDS-IntId value for the attribute
+ * if this value exists
+ */
+static bool _test_dsintid(struct torture_context *tctx,
+			  struct DsIntIdTestCtx *ctx,
+			  const char *nc_dn_str)
+{
+	uint32_t i;
+	const struct dsdb_schema *ldap_schema;
+	struct drsuapi_DsGetNCChangesCtr6 *ctr6 = NULL;
+	const struct dsdb_attribute *dsdb_attr;
+	const struct drsuapi_DsReplicaAttribute *drs_attr;
+	const struct drsuapi_DsReplicaAttributeCtr *attr_ctr;
+	const struct drsuapi_DsReplicaObjectListItemEx *cur;
+	const struct drsuapi_DsReplicaLinkedAttribute *la;
+	TALLOC_CTX *mem_ctx;
+
+	mem_ctx = talloc_new(ctx);
+	torture_assert(tctx, mem_ctx, "Not enough memory");
+
+	/* fetch whole Schema partition */
+	torture_comment(tctx, "Fetch partition: %s\n", nc_dn_str);
+	if (!_test_GetNCChanges(tctx, &ctx->dsa_bind, nc_dn_str, mem_ctx, &ctr6)) {
+		torture_fail(tctx, "_test_GetNCChanges() failed");
+	}
+
+	/* load schema if not loaded yet */
+	torture_comment(tctx, "Loading schema...\n");
+	if (!drs_util_dsdb_schema_load_ldb(tctx, ctx->ldb, &ctr6->mapping_ctr, false)) {
+		torture_fail(tctx, "drs_util_dsdb_schema_load_ldb() failed");
+	}
+	ldap_schema = dsdb_get_schema(ctx->ldb, NULL);
+
+	/* verify ATTIDs fetched */
+	torture_comment(tctx, "Verify ATTIDs fetched\n");
+	for (cur = ctr6->first_object; cur; cur = cur->next_object) {
+		attr_ctr = &cur->object.attribute_ctr;
+		for (i = 0; i < attr_ctr->num_attributes; i++) {
+			drs_attr = &attr_ctr->attributes[i];
+			dsdb_attr = dsdb_attribute_by_attributeID_id(ldap_schema,
+			                                             drs_attr->attid);
+			if (dsdb_attr->msDS_IntId) {
+				torture_assert(tctx,
+				               drs_attr->attid == dsdb_attr->msDS_IntId,
+					       _make_error_message(ctx, drs_attr->attid,
+								   dsdb_attr,
+								   cur->object.identifier));
+			} else {
+				torture_assert(tctx,
+					       drs_attr->attid == dsdb_attr->attributeID_id,
+					       _make_error_message(ctx, drs_attr->attid,
+								   dsdb_attr,
+								   cur->object.identifier));
+			}
+		}
+	}
+
+	/* verify ATTIDs for Linked Attributes */
+	torture_comment(tctx, "Verify ATTIDs for Linked Attributes (%u)\n",
+			ctr6->linked_attributes_count);
+	for (i = 0; i < ctr6->linked_attributes_count; i++) {
+		la = &ctr6->linked_attributes[i];
+		dsdb_attr = dsdb_attribute_by_attributeID_id(ldap_schema, la->attid);
+
+		if (dsdb_attr->msDS_IntId) {
+			torture_assert(tctx,
+				       la->attid == dsdb_attr->msDS_IntId,
+				       _make_error_message(ctx, la->attid,
+							   dsdb_attr,
+							   la->identifier));
+		} else {
+			torture_assert(tctx,
+				       la->attid == dsdb_attr->attributeID_id,
+				       _make_error_message(ctx, la->attid,
+							   dsdb_attr,
+							   la->identifier));
+		}
+	}
+
+	talloc_free(mem_ctx);
+
+	return true;
+}
+
+/**
+ * Fetch Domain NC and check ATTID values returned.
+ * When Domain partition is replicated, ATTID
+ * should be msDS-IntId value for the attribute
+ * if this value exists
+ */
+static bool test_dsintid_configuration(struct torture_context *tctx, struct DsIntIdTestCtx *ctx)
+{
+	return _test_dsintid(tctx, ctx, ctx->config_dn);
+}
+
+/**
+ * Fetch Configuration NC and check ATTID values returned.
+ * When Configuration partition is replicated, ATTID
+ * should be msDS-IntId value for the attribute
+ * if this value exists
+ */
+static bool test_dsintid_domain(struct torture_context *tctx, struct DsIntIdTestCtx *ctx)
+{
+	return _test_dsintid(tctx, ctx, ctx->domain_dn);
+}
+
+
+/**
+ * DSSYNC test case setup
+ */
+static bool torture_dsintid_tcase_setup(struct torture_context *tctx, void **data)
+{
+	bool bret;
+	struct DsIntIdTestCtx *ctx;
+
+	*data = ctx = _dsintid_create_context(tctx);
+	torture_assert(tctx, ctx, "test_create_context() failed");
+
+	bret = _test_DsaBind(tctx, ctx, ctx->creds,
+	                     DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8 |
+	                     DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6,
+	                     &ctx->dsa_bind);
+	torture_assert(tctx, bret, "_test_DsaBind() failed");
+
+	bret = _test_LDAPBind(tctx, ctx, ctx->creds, ctx->ldap_url, &ctx->ldb);
+	torture_assert(tctx, bret, "_test_LDAPBind() failed");
+
+	bret = _test_provision(tctx, ctx);
+	torture_assert(tctx, bret, "_test_provision() failed");
+
+	return true;
+}
+
+/**
+ * DSSYNC test case cleanup
+ */
+static bool torture_dsintid_tcase_teardown(struct torture_context *tctx, void *data)
+{
+	struct DsIntIdTestCtx *ctx;
+	struct drsuapi_DsUnbind r;
+	struct policy_handle bind_handle;
+
+	ctx = talloc_get_type(data, struct DsIntIdTestCtx);
+
+	ZERO_STRUCT(r);
+	r.out.bind_handle = &bind_handle;
+
+	/* Release DRSUAPI handle */
+	r.in.bind_handle = &ctx->dsa_bind.rpc_handle;
+	dcerpc_drsuapi_DsUnbind_r(ctx->dsa_bind.drs_handle, ctx, &r);
+
+	talloc_free(ctx);
+
+	return true;
+}
+
+/**
+ * DSSYNC test case implementation
+ */
+void torture_drs_rpc_dsintid_tcase(struct torture_suite *suite)
+{
+	typedef bool (*run_func) (struct torture_context *test, void *tcase_data);
+	struct torture_tcase *tcase = torture_suite_add_tcase(suite, "msDSIntId");
+
+	torture_tcase_set_fixture(tcase,
+				  torture_dsintid_tcase_setup,
+				  torture_dsintid_tcase_teardown);
+
+	torture_tcase_add_simple_test(tcase, "Schema", (run_func)test_dsintid_schema);
+	torture_tcase_add_simple_test(tcase, "Configuration", (run_func)test_dsintid_configuration);
+	torture_tcase_add_simple_test(tcase, "Domain", (run_func)test_dsintid_domain);
+}
diff --git a/source4/torture/drs/unit/prefixmap_tests.c b/source4/torture/drs/unit/prefixmap_tests.c
new file mode 100644
index 0000000..35764cd
--- /dev/null
+++ b/source4/torture/drs/unit/prefixmap_tests.c
@@ -0,0 +1,900 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   DRSUAPI prefixMap unit tests
+
+   Copyright (C) Kamen Mazdrashki <kamenim@samba.org> 2009-2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "torture/smbtorture.h"
+#include "dsdb/samdb/samdb.h"
+#include "torture/rpc/drsuapi.h"
+#include "torture/drs/proto.h"
+#include "param/param.h"
+#include "librpc/ndr/libndr.h"
+
+/**
+ * Private data to be shared among all test in Test case
+ */
+struct drsut_prefixmap_data {
+	struct dsdb_schema_prefixmap *pfm_new;
+	struct dsdb_schema_prefixmap *pfm_full;
+
+	/* default schemaInfo value to test with */
+	struct dsdb_schema_info *schi_default;
+
+	struct ldb_context *ldb_ctx;
+};
+
+/**
+ * Test-oid data structure
+ */
+struct drsut_pfm_oid_data {
+	uint32_t	id;
+	const char	*bin_oid;
+	const char	*oid_prefix;
+};
+
+/**
+ * Default prefixMap initialization data.
+ * This prefixMap is what dsdb_schema_pfm_new() should return.
+ * Based on: MS-DRSR, 5.16.4 ATTRTYP-to-OID Conversion
+ *           procedure NewPrefixTable( )
+ */
+static const struct drsut_pfm_oid_data _prefixmap_test_new_data[] = {
+	{.id=0x00000000, .bin_oid="5504",                 .oid_prefix="2.5.4"},
+	{.id=0x00000001, .bin_oid="5506",                 .oid_prefix="2.5.6"},
+	{.id=0x00000002, .bin_oid="2A864886F7140102",     .oid_prefix="1.2.840.113556.1.2"},
+	{.id=0x00000003, .bin_oid="2A864886F7140103",     .oid_prefix="1.2.840.113556.1.3"},
+	{.id=0x00000004, .bin_oid="6086480165020201",     .oid_prefix="2.16.840.1.101.2.2.1"},
+	{.id=0x00000005, .bin_oid="6086480165020203",     .oid_prefix="2.16.840.1.101.2.2.3"},
+	{.id=0x00000006, .bin_oid="6086480165020105",     .oid_prefix="2.16.840.1.101.2.1.5"},
+	{.id=0x00000007, .bin_oid="6086480165020104",     .oid_prefix="2.16.840.1.101.2.1.4"},
+	{.id=0x00000008, .bin_oid="5505",                 .oid_prefix="2.5.5"},
+	{.id=0x00000009, .bin_oid="2A864886F7140104",     .oid_prefix="1.2.840.113556.1.4"},
+	{.id=0x0000000A, .bin_oid="2A864886F7140105",     .oid_prefix="1.2.840.113556.1.5"},
+	{.id=0x00000013, .bin_oid="0992268993F22C64",     .oid_prefix="0.9.2342.19200300.100"},
+	{.id=0x00000014, .bin_oid="6086480186F84203",     .oid_prefix="2.16.840.1.113730.3"},
+	{.id=0x00000015, .bin_oid="0992268993F22C6401",   .oid_prefix="0.9.2342.19200300.100.1"},
+	{.id=0x00000016, .bin_oid="6086480186F8420301",   .oid_prefix="2.16.840.1.113730.3.1"},
+	{.id=0x00000017, .bin_oid="2A864886F7140105B658", .oid_prefix="1.2.840.113556.1.5.7000"},
+	{.id=0x00000018, .bin_oid="5515",                 .oid_prefix="2.5.21"},
+	{.id=0x00000019, .bin_oid="5512",                 .oid_prefix="2.5.18"},
+	{.id=0x0000001A, .bin_oid="5514",                 .oid_prefix="2.5.20"},
+};
+
+/**
+ * Data to be used for creating full prefix map for testing.
+ * 'full-prefixMap' is based on what w2k8 returns as a prefixMap
+ * on clean installation - i.e. prefixMap for clean Schema
+ */
+static const struct drsut_pfm_oid_data _prefixmap_full_map_data[] = {
+	{.id=0x00000000, .bin_oid="0x5504",                     .oid_prefix="2.5.4"},
+	{.id=0x00000001, .bin_oid="0x5506",                     .oid_prefix="2.5.6"},
+	{.id=0x00000002, .bin_oid="0x2A864886F7140102",         .oid_prefix="1.2.840.113556.1.2"},
+	{.id=0x00000003, .bin_oid="0x2A864886F7140103",         .oid_prefix="1.2.840.113556.1.3"},
+	{.id=0x00000004, .bin_oid="0x6086480165020201",         .oid_prefix="2.16.840.1.101.2.2.1"},
+	{.id=0x00000005, .bin_oid="0x6086480165020203",         .oid_prefix="2.16.840.1.101.2.2.3"},
+	{.id=0x00000006, .bin_oid="0x6086480165020105",         .oid_prefix="2.16.840.1.101.2.1.5"},
+	{.id=0x00000007, .bin_oid="0x6086480165020104",         .oid_prefix="2.16.840.1.101.2.1.4"},
+	{.id=0x00000008, .bin_oid="0x5505",                     .oid_prefix="2.5.5"},
+	{.id=0x00000009, .bin_oid="0x2A864886F7140104",         .oid_prefix="1.2.840.113556.1.4"},
+	{.id=0x0000000a, .bin_oid="0x2A864886F7140105",         .oid_prefix="1.2.840.113556.1.5"},
+	{.id=0x00000013, .bin_oid="0x0992268993F22C64",         .oid_prefix="0.9.2342.19200300.100"},
+	{.id=0x00000014, .bin_oid="0x6086480186F84203",         .oid_prefix="2.16.840.1.113730.3"},
+	{.id=0x00000015, .bin_oid="0x0992268993F22C6401",       .oid_prefix="0.9.2342.19200300.100.1"},
+	{.id=0x00000016, .bin_oid="0x6086480186F8420301",       .oid_prefix="2.16.840.1.113730.3.1"},
+	{.id=0x00000017, .bin_oid="0x2A864886F7140105B658",     .oid_prefix="1.2.840.113556.1.5.7000"},
+	{.id=0x00000018, .bin_oid="0x5515",                     .oid_prefix="2.5.21"},
+	{.id=0x00000019, .bin_oid="0x5512",                     .oid_prefix="2.5.18"},
+	{.id=0x0000001a, .bin_oid="0x5514",                     .oid_prefix="2.5.20"},
+	{.id=0x0000000b, .bin_oid="0x2A864886F71401048204",     .oid_prefix="1.2.840.113556.1.4.260"},
+	{.id=0x0000000c, .bin_oid="0x2A864886F714010538",       .oid_prefix="1.2.840.113556.1.5.56"},
+	{.id=0x0000000d, .bin_oid="0x2A864886F71401048206",     .oid_prefix="1.2.840.113556.1.4.262"},
+	{.id=0x0000000e, .bin_oid="0x2A864886F714010539",       .oid_prefix="1.2.840.113556.1.5.57"},
+	{.id=0x0000000f, .bin_oid="0x2A864886F71401048207",     .oid_prefix="1.2.840.113556.1.4.263"},
+	{.id=0x00000010, .bin_oid="0x2A864886F71401053A",       .oid_prefix="1.2.840.113556.1.5.58"},
+	{.id=0x00000011, .bin_oid="0x2A864886F714010549",       .oid_prefix="1.2.840.113556.1.5.73"},
+	{.id=0x00000012, .bin_oid="0x2A864886F71401048231",     .oid_prefix="1.2.840.113556.1.4.305"},
+	{.id=0x0000001b, .bin_oid="0x2B060104018B3A6577",       .oid_prefix="1.3.6.1.4.1.1466.101.119"},
+	{.id=0x0000001c, .bin_oid="0x6086480186F8420302",       .oid_prefix="2.16.840.1.113730.3.2"},
+	{.id=0x0000001d, .bin_oid="0x2B06010401817A01",         .oid_prefix="1.3.6.1.4.1.250.1"},
+	{.id=0x0000001e, .bin_oid="0x2A864886F70D0109",         .oid_prefix="1.2.840.113549.1.9"},
+	{.id=0x0000001f, .bin_oid="0x0992268993F22C6404",       .oid_prefix="0.9.2342.19200300.100.4"},
+	{.id=0x00000020, .bin_oid="0x2A864886F714010617",       .oid_prefix="1.2.840.113556.1.6.23"},
+	{.id=0x00000021, .bin_oid="0x2A864886F71401061201",     .oid_prefix="1.2.840.113556.1.6.18.1"},
+	{.id=0x00000022, .bin_oid="0x2A864886F71401061202",     .oid_prefix="1.2.840.113556.1.6.18.2"},
+	{.id=0x00000023, .bin_oid="0x2A864886F71401060D03",     .oid_prefix="1.2.840.113556.1.6.13.3"},
+	{.id=0x00000024, .bin_oid="0x2A864886F71401060D04",     .oid_prefix="1.2.840.113556.1.6.13.4"},
+	{.id=0x00000025, .bin_oid="0x2B0601010101",             .oid_prefix="1.3.6.1.1.1.1"},
+	{.id=0x00000026, .bin_oid="0x2B0601010102",             .oid_prefix="1.3.6.1.1.1.2"},
+	{.id=0x000003ed, .bin_oid="0x2A864886F7140104B65866",   .oid_prefix="1.2.840.113556.1.4.7000.102"},
+	{.id=0x00000428, .bin_oid="0x2A864886F7140105B6583E",   .oid_prefix="1.2.840.113556.1.5.7000.62"},
+	{.id=0x0000044c, .bin_oid="0x2A864886F7140104B6586683", .oid_prefix="1.2.840.113556.1.4.7000.102:0x83"},
+	{.id=0x0000044f, .bin_oid="0x2A864886F7140104B6586681", .oid_prefix="1.2.840.113556.1.4.7000.102:0x81"},
+	{.id=0x0000047d, .bin_oid="0x2A864886F7140105B6583E81", .oid_prefix="1.2.840.113556.1.5.7000.62:0x81"},
+	{.id=0x00000561, .bin_oid="0x2A864886F7140105B6583E83", .oid_prefix="1.2.840.113556.1.5.7000.62:0x83"},
+	{.id=0x000007d1, .bin_oid="0x2A864886F71401061401",     .oid_prefix="1.2.840.113556.1.6.20.1"},
+	{.id=0x000007e1, .bin_oid="0x2A864886F71401061402",     .oid_prefix="1.2.840.113556.1.6.20.2"},
+	{.id=0x00001b86, .bin_oid="0x2A817A",                   .oid_prefix="1.2.250"},
+	{.id=0x00001c78, .bin_oid="0x2A817A81",                 .oid_prefix="1.2.250:0x81"},
+	{.id=0x00001c7b, .bin_oid="0x2A817A8180",               .oid_prefix="1.2.250:0x8180"},
+};
+
+
+/**
+ * OID-to-ATTID mappings to be used for testing.
+ * An entry is marked as 'exists=true' if it exists in
+ * base prefixMap (_prefixmap_test_new_data)
+ */
+static const struct {
+	const char 	*oid;
+	uint32_t 	id;
+	uint32_t 	attid;
+	bool		exists;
+} _prefixmap_test_data[] = {
+	{.oid="2.5.4.0", 		.id=0x00000000, .attid=0x000000,   .exists=true},
+	{.oid="2.5.4.42", 		.id=0x00000000, .attid=0x00002a,   .exists=true},
+	{.oid="1.2.840.113556.1.2.1", 	.id=0x00000002, .attid=0x020001,   .exists=true},
+	{.oid="1.2.840.113556.1.2.13", 	.id=0x00000002, .attid=0x02000d,   .exists=true},
+	{.oid="1.2.840.113556.1.2.281", .id=0x00000002, .attid=0x020119,   .exists=true},
+	{.oid="1.2.840.113556.1.4.125", .id=0x00000009, .attid=0x09007d,   .exists=true},
+	{.oid="1.2.840.113556.1.4.146", .id=0x00000009, .attid=0x090092,   .exists=true},
+	{.oid="1.2.250.1", 	 	.id=0x00001b86, .attid=0x1b860001, .exists=false},
+	{.oid="1.2.250.16386", 	 	.id=0x00001c78, .attid=0x1c788002, .exists=false},
+	{.oid="1.2.250.2097154", 	.id=0x00001c7b, .attid=0x1c7b8002, .exists=false},
+};
+
+
+/**
+ * Creates dsdb_schema_prefixmap based on predefined data
+ */
+static WERROR _drsut_prefixmap_new(const struct drsut_pfm_oid_data *_pfm_init_data, uint32_t count,
+				   TALLOC_CTX *mem_ctx, struct dsdb_schema_prefixmap **_pfm)
+{
+	uint32_t i;
+	struct dsdb_schema_prefixmap *pfm;
+
+	pfm = talloc(mem_ctx, struct dsdb_schema_prefixmap);
+	W_ERROR_HAVE_NO_MEMORY(pfm);
+
+	pfm->length = count;
+	pfm->prefixes = talloc_array(pfm, struct dsdb_schema_prefixmap_oid, pfm->length);
+	if (!pfm->prefixes) {
+		talloc_free(pfm);
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
+	for (i = 0; i < pfm->length; i++) {
+		pfm->prefixes[i].id = _pfm_init_data[i].id;
+		pfm->prefixes[i].bin_oid = strhex_to_data_blob(pfm, _pfm_init_data[i].bin_oid);
+		if (!pfm->prefixes[i].bin_oid.data) {
+			talloc_free(pfm);
+			return WERR_NOT_ENOUGH_MEMORY;
+		}
+	}
+
+	*_pfm = pfm;
+
+	return WERR_OK;
+}
+
+/**
+ * Compares two prefixMaps for being equal - same items on same indexes
+ */
+static bool _torture_drs_pfm_compare_same(struct torture_context *tctx,
+					  const struct dsdb_schema_prefixmap *pfm_left,
+					  const struct dsdb_schema_prefixmap *pfm_right,
+					  bool quiet)
+{
+	uint32_t i;
+	char *err_msg = NULL;
+
+	if (pfm_left->length != pfm_right->length) {
+		err_msg = talloc_asprintf(tctx, "prefixMaps differ in size; left = %d, right = %d",
+					  pfm_left->length, pfm_right->length);
+		goto failed;
+	}
+
+	for (i = 0; i < pfm_left->length; i++) {
+		struct dsdb_schema_prefixmap_oid *entry_left = &pfm_left->prefixes[i];
+		struct dsdb_schema_prefixmap_oid *entry_right = &pfm_right->prefixes[i];
+
+		if (entry_left->id != entry_right->id) {
+			err_msg = talloc_asprintf(tctx, "Different IDs for index=%d", i);
+			goto failed;
+		}
+		if (data_blob_cmp(&entry_left->bin_oid, &entry_right->bin_oid)) {
+			err_msg = talloc_asprintf(tctx, "Different bin_oid for index=%d", i);
+			goto failed;
+		}
+	}
+
+	return true;
+
+failed:
+	if (!quiet) {
+		torture_comment(tctx, "_torture_drs_pfm_compare_same: %s", err_msg);
+	}
+	talloc_free(err_msg);
+
+	return false;
+}
+
+/*
+ * Tests dsdb_schema_pfm_new()
+ */
+static bool torture_drs_unit_pfm_new(struct torture_context *tctx, struct drsut_prefixmap_data *priv)
+{
+	WERROR werr;
+	bool bret;
+	TALLOC_CTX *mem_ctx;
+	struct dsdb_schema_prefixmap *pfm = NULL;
+
+	mem_ctx = talloc_new(priv);
+
+	/* create new prefix map */
+	werr = dsdb_schema_pfm_new(mem_ctx, &pfm);
+	torture_assert_werr_ok(tctx, werr, "dsdb_schema_pfm_new() failed!");
+	torture_assert(tctx, pfm != NULL, "NULL prefixMap created!");
+	torture_assert(tctx, pfm->length > 0, "Empty prefixMap created!");
+	torture_assert(tctx, pfm->prefixes != NULL, "No prefixes for newly created prefixMap!");
+
+	/* compare newly created prefixMap with template one */
+	bret = _torture_drs_pfm_compare_same(tctx, priv->pfm_new, pfm, false);
+
+	talloc_free(mem_ctx);
+
+	return bret;
+}
+
+/**
+ * Tests dsdb_schema_pfm_make_attid() using full prefixMap.
+ * In this test we know exactly which ATTID and prefixMap->ID
+ * should be returned, i.e. no prefixMap entries should be added.
+ */
+static bool torture_drs_unit_pfm_make_attid_full_map(struct torture_context *tctx, struct drsut_prefixmap_data *priv)
+{
+	WERROR werr;
+	uint32_t i, count;
+	uint32_t attid;
+	char *err_msg;
+
+	count = ARRAY_SIZE(_prefixmap_test_data);
+	for (i = 0; i < count; i++) {
+		werr = dsdb_schema_pfm_make_attid(priv->pfm_full, _prefixmap_test_data[i].oid, &attid);
+		/* prepare error message */
+		err_msg = talloc_asprintf(priv, "dsdb_schema_pfm_make_attid() failed with %s",
+						_prefixmap_test_data[i].oid);
+		torture_assert(tctx, err_msg, "Unexpected: Have no memory!");
+		/* verify result and returned ATTID */
+		torture_assert_werr_ok(tctx, werr, err_msg);
+		torture_assert_int_equal(tctx, attid, _prefixmap_test_data[i].attid, err_msg);
+		/* reclaim memory for prepared error message */
+		talloc_free(err_msg);
+	}
+
+	return true;
+}
+
+/**
+ * Tests dsdb_schema_pfm_make_attid() using initially small prefixMap.
+ * In this test we don't know exactly which ATTID and prefixMap->ID
+ * should be returned, but we can verify lo-word of ATTID.
+ * This test verifies implementation branch when a new
+ * prefix should be added into prefixMap.
+ */
+static bool torture_drs_unit_pfm_make_attid_small_map(struct torture_context *tctx, struct drsut_prefixmap_data *priv)
+{
+	WERROR werr;
+	uint32_t i, j;
+	uint32_t idx;
+	uint32_t attid, attid_2;
+	char *err_msg;
+	struct dsdb_schema_prefixmap *pfm = NULL;
+	TALLOC_CTX *mem_ctx;
+
+	mem_ctx = talloc_new(priv);
+
+	/* create new prefix map */
+	werr = dsdb_schema_pfm_new(mem_ctx, &pfm);
+	torture_assert_werr_ok(tctx, werr, "dsdb_schema_pfm_new() failed!");
+
+	/* make some ATTIDs and check result */
+	for (i = 0; i < ARRAY_SIZE(_prefixmap_test_data); i++) {
+		werr = dsdb_schema_pfm_make_attid(pfm, _prefixmap_test_data[i].oid, &attid);
+
+		/* prepare error message */
+		err_msg = talloc_asprintf(mem_ctx, "dsdb_schema_pfm_make_attid() failed with %s",
+						_prefixmap_test_data[i].oid);
+		torture_assert(tctx, err_msg, "Unexpected: Have no memory!");
+
+		/* verify result and returned ATTID */
+		torture_assert_werr_ok(tctx, werr, err_msg);
+		/* verify ATTID lo-word */
+		torture_assert_int_equal(tctx, attid & 0xFFFF, _prefixmap_test_data[i].attid & 0xFFFF, err_msg);
+
+		/* try again, this time verify for whole ATTID */
+		werr = dsdb_schema_pfm_make_attid(pfm, _prefixmap_test_data[i].oid, &attid_2);
+		torture_assert_werr_ok(tctx, werr, err_msg);
+		torture_assert_int_equal(tctx, attid_2, attid, err_msg);
+
+		/* reclaim memory for prepared error message */
+		talloc_free(err_msg);
+
+		/* check there is such an index in modified prefixMap */
+		idx = (attid >> 16);
+		for (j = 0; j < pfm->length; j++) {
+			if (pfm->prefixes[j].id == idx)
+				break;
+		}
+		if (j >= pfm->length) {
+			torture_result(tctx, TORTURE_FAIL, __location__": No prefix for ATTID=0x%08X", attid);
+			return false;
+		}
+
+	}
+
+	talloc_free(mem_ctx);
+
+	return true;
+}
+
+/**
+ * Tests dsdb_schema_pfm_attid_from_oid() using full prefixMap.
+ * In this test we know exactly which ATTID and prefixMap->ID
+ * should be returned- dsdb_schema_pfm_attid_from_oid() should succeed.
+ */
+static bool torture_drs_unit_pfm_attid_from_oid_full_map(struct torture_context *tctx,
+							 struct drsut_prefixmap_data *priv)
+{
+	WERROR werr;
+	uint32_t i, count;
+	uint32_t attid;
+	char *err_msg;
+
+	count = ARRAY_SIZE(_prefixmap_test_data);
+	for (i = 0; i < count; i++) {
+		werr = dsdb_schema_pfm_attid_from_oid(priv->pfm_full,
+						      _prefixmap_test_data[i].oid,
+						      &attid);
+		/* prepare error message */
+		err_msg = talloc_asprintf(priv, "dsdb_schema_pfm_attid_from_oid() failed with %s",
+						_prefixmap_test_data[i].oid);
+		torture_assert(tctx, err_msg, "Unexpected: Have no memory!");
+		/* verify result and returned ATTID */
+		torture_assert_werr_ok(tctx, werr, err_msg);
+		torture_assert_int_equal(tctx, attid, _prefixmap_test_data[i].attid, err_msg);
+		/* reclaim memory for prepared error message */
+		talloc_free(err_msg);
+	}
+
+	return true;
+}
+
+/**
+ * Tests dsdb_schema_pfm_attid_from_oid() using base (initial) prefixMap.
+ * dsdb_schema_pfm_attid_from_oid() should fail when testing with OID
+ * that are not already in the prefixMap.
+ */
+static bool torture_drs_unit_pfm_attid_from_oid_base_map(struct torture_context *tctx,
+							 struct drsut_prefixmap_data *priv)
+{
+	WERROR werr;
+	uint32_t i;
+	uint32_t attid;
+	char *err_msg;
+	struct dsdb_schema_prefixmap *pfm = NULL;
+	struct dsdb_schema_prefixmap pfm_prev;
+	TALLOC_CTX *mem_ctx;
+
+	mem_ctx = talloc_new(priv);
+	torture_assert(tctx, mem_ctx, "Unexpected: Have no memory!");
+
+	/* create new prefix map */
+	werr = dsdb_schema_pfm_new(mem_ctx, &pfm);
+	torture_assert_werr_ok(tctx, werr, "dsdb_schema_pfm_new() failed!");
+
+	/* keep initial pfm around for testing */
+	pfm_prev = *pfm;
+	pfm_prev.prefixes = talloc_reference(mem_ctx, pfm->prefixes);
+
+	/* get some ATTIDs and check result */
+	for (i = 0; i < ARRAY_SIZE(_prefixmap_test_data); i++) {
+		werr = dsdb_schema_pfm_attid_from_oid(pfm, _prefixmap_test_data[i].oid, &attid);
+
+		/* prepare error message */
+		err_msg = talloc_asprintf(mem_ctx,
+					  "dsdb_schema_pfm_attid_from_oid() failed for %s",
+					  _prefixmap_test_data[i].oid);
+		torture_assert(tctx, err_msg, "Unexpected: Have no memory!");
+
+
+		/* verify pfm hasn't been altered */
+		if (_prefixmap_test_data[i].exists) {
+			/* should succeed and return valid ATTID */
+			torture_assert_werr_ok(tctx, werr, err_msg);
+			/* verify ATTID */
+			torture_assert_int_equal(tctx,
+						 attid, _prefixmap_test_data[i].attid,
+						 err_msg);
+		} else {
+			/* should fail */
+			torture_assert_werr_equal(tctx, werr, WERR_NOT_FOUND, err_msg);
+		}
+
+		/* prefixMap should never be changed */
+		if (!_torture_drs_pfm_compare_same(tctx, &pfm_prev, pfm, true)) {
+			torture_fail(tctx, "schema->prefixmap has changed");
+		}
+
+		/* reclaim memory for prepared error message */
+		talloc_free(err_msg);
+	}
+
+	talloc_free(mem_ctx);
+
+	return true;
+}
+
+/**
+ * Tests dsdb_schema_pfm_oid_from_attid() using full prefixMap.
+ */
+static bool torture_drs_unit_pfm_oid_from_attid(struct torture_context *tctx, struct drsut_prefixmap_data *priv)
+{
+	WERROR werr;
+	uint32_t i, count;
+	char *err_msg;
+	const char *oid;
+
+	count = ARRAY_SIZE(_prefixmap_test_data);
+	for (i = 0; i < count; i++) {
+		oid = NULL;
+		werr = dsdb_schema_pfm_oid_from_attid(priv->pfm_full, _prefixmap_test_data[i].attid,
+						      priv, &oid);
+		/* prepare error message */
+		err_msg = talloc_asprintf(priv, "dsdb_schema_pfm_oid_from_attid() failed with 0x%08X",
+						_prefixmap_test_data[i].attid);
+		torture_assert(tctx, err_msg, "Unexpected: Have no memory!");
+		/* verify result and returned ATTID */
+		torture_assert_werr_ok(tctx, werr, err_msg);
+		torture_assert(tctx, oid, "dsdb_schema_pfm_oid_from_attid() returned NULL OID!!!");
+		torture_assert_str_equal(tctx, oid, _prefixmap_test_data[i].oid, err_msg);
+		/* reclaim memory for prepared error message */
+		talloc_free(err_msg);
+		/* free memory for OID */
+		talloc_free(discard_const(oid));
+	}
+
+	return true;
+}
+
+/**
+ * Tests dsdb_schema_pfm_oid_from_attid() for handling
+ * correctly different type of attid values.
+ * See: MS-ADTS, 3.1.1.2.6 ATTRTYP
+ */
+static bool torture_drs_unit_pfm_oid_from_attid_check_attid(struct torture_context *tctx,
+							    struct drsut_prefixmap_data *priv)
+{
+	WERROR werr;
+	const char *oid;
+
+	/* Test with valid prefixMap attid */
+	werr = dsdb_schema_pfm_oid_from_attid(priv->pfm_full, 0x00010001, tctx, &oid);
+	torture_assert_werr_ok(tctx, werr, "Testing prefixMap type attid = 0x00010001");
+
+	/* Test with valid attid but invalid index */
+	werr = dsdb_schema_pfm_oid_from_attid(priv->pfm_full, 0x01110001, tctx, &oid);
+	torture_assert_werr_equal(tctx, werr, WERR_DS_NO_ATTRIBUTE_OR_VALUE,
+				  "Testing invalid-index attid = 0x01110001");
+
+	/* Test with attid in msDS-IntId range */
+	werr = dsdb_schema_pfm_oid_from_attid(priv->pfm_full, 0x80000000, tctx, &oid);
+	torture_assert_werr_equal(tctx, werr, WERR_INVALID_PARAMETER,
+				  "Testing msDS-IntId type attid = 0x80000000");
+	werr = dsdb_schema_pfm_oid_from_attid(priv->pfm_full, 0xBFFFFFFF, tctx, &oid);
+	torture_assert_werr_equal(tctx, werr, WERR_INVALID_PARAMETER,
+				  "Testing msDS-IntId type attid = 0xBFFFFFFF");
+
+	/* Test with attid in RESERVED range */
+	werr = dsdb_schema_pfm_oid_from_attid(priv->pfm_full, 0xC0000000, tctx, &oid);
+	torture_assert_werr_equal(tctx, werr, WERR_INVALID_PARAMETER,
+				  "Testing RESERVED type attid = 0xC0000000");
+	werr = dsdb_schema_pfm_oid_from_attid(priv->pfm_full, 0xFFFEFFFF, tctx, &oid);
+	torture_assert_werr_equal(tctx, werr, WERR_INVALID_PARAMETER,
+				  "Testing RESERVED type attid = 0xFFFEFFFF");
+
+	/* Test with attid in INTERNAL range */
+	werr = dsdb_schema_pfm_oid_from_attid(priv->pfm_full, 0xFFFF0000, tctx, &oid);
+	torture_assert_werr_equal(tctx, werr, WERR_INVALID_PARAMETER,
+				  "Testing INTERNAL type attid = 0xFFFF0000");
+	werr = dsdb_schema_pfm_oid_from_attid(priv->pfm_full, 0xFFFFFFFF, tctx, &oid);
+	torture_assert_werr_equal(tctx, werr, WERR_INVALID_PARAMETER,
+				  "Testing INTERNAL type attid = 0xFFFFFFFF");
+
+	return true;
+}
+
+/**
+ * Test Schema prefixMap conversions to/from drsuapi prefixMap
+ * representation.
+ */
+static bool torture_drs_unit_pfm_to_from_drsuapi(struct torture_context *tctx, struct drsut_prefixmap_data *priv)
+{
+	WERROR werr;
+	struct dsdb_schema_info *schema_info;
+	DATA_BLOB schema_info_blob;
+	struct dsdb_schema_prefixmap *pfm;
+	struct drsuapi_DsReplicaOIDMapping_Ctr *ctr;
+	TALLOC_CTX *mem_ctx;
+
+	mem_ctx = talloc_new(tctx);
+	torture_assert(tctx, mem_ctx, "Unexpected: Have no memory!");
+
+	/* convert Schema_prefixMap to drsuapi_prefixMap */
+	werr = dsdb_drsuapi_pfm_from_schema_pfm(priv->pfm_full, priv->schi_default, mem_ctx, &ctr);
+	torture_assert_werr_ok(tctx, werr, "dsdb_drsuapi_pfm_from_schema_pfm() failed");
+	torture_assert(tctx, ctr && ctr->mappings, "drsuapi_prefixMap not constructed correctly");
+	torture_assert_int_equal(tctx, ctr->num_mappings, priv->pfm_full->length + 1,
+				 "drs_mappings count does not match");
+	/* look for schema_info entry - it should be the last one */
+	schema_info_blob = data_blob_const(ctr->mappings[ctr->num_mappings - 1].oid.binary_oid,
+					   ctr->mappings[ctr->num_mappings - 1].oid.length);
+	werr = dsdb_schema_info_from_blob(&schema_info_blob, tctx, &schema_info);
+	torture_assert_werr_ok(tctx, werr, "dsdb_schema_info_from_blob failed");
+	torture_assert_int_equal(tctx, schema_info->revision,  priv->schi_default->revision,
+				 "schema_info (revision) not stored correctly or not last entry");
+	torture_assert(tctx, GUID_equal(&schema_info->invocation_id, &priv->schi_default->invocation_id),
+		       "schema_info (invocation_id) not stored correctly or not last entry");
+
+	/* compare schema_prefixMap and drsuapi_prefixMap */
+	werr = dsdb_schema_pfm_contains_drsuapi_pfm(priv->pfm_full, ctr);
+	torture_assert_werr_ok(tctx, werr, "dsdb_schema_pfm_contains_drsuapi_pfm() failed");
+
+	/* convert back drsuapi_prefixMap to schema_prefixMap */
+	werr = dsdb_schema_pfm_from_drsuapi_pfm(ctr, true, mem_ctx, &pfm, &schema_info);
+	torture_assert_werr_ok(tctx, werr, "dsdb_schema_pfm_from_drsuapi_pfm() failed");
+	torture_assert_int_equal(tctx, schema_info->revision,  priv->schi_default->revision,
+				 "Fetched schema_info is different (revision)");
+	torture_assert(tctx, GUID_equal(&schema_info->invocation_id, &priv->schi_default->invocation_id),
+		       "Fetched schema_info is different (invocation_id)");
+
+	/* compare against the original */
+	if (!_torture_drs_pfm_compare_same(tctx, priv->pfm_full, pfm, true)) {
+		talloc_free(mem_ctx);
+		return false;
+	}
+
+	/* test conversion with partial drsuapi_prefixMap */
+	ctr->num_mappings--;
+	werr = dsdb_schema_pfm_from_drsuapi_pfm(ctr, false, mem_ctx, &pfm, NULL);
+	torture_assert_werr_ok(tctx, werr, "dsdb_schema_pfm_from_drsuapi_pfm() failed");
+	/* compare against the original */
+	if (!_torture_drs_pfm_compare_same(tctx, priv->pfm_full, pfm, false)) {
+		talloc_free(mem_ctx);
+		return false;
+	}
+
+	talloc_free(mem_ctx);
+	return true;
+}
+
+
+/**
+ * Test Schema prefixMap conversions to/from ldb_val
+ * blob representation.
+ */
+static bool torture_drs_unit_pfm_to_from_ldb_val(struct torture_context *tctx, struct drsut_prefixmap_data *priv)
+{
+	WERROR werr;
+	struct dsdb_schema *schema;
+	struct ldb_val pfm_ldb_val;
+	struct ldb_val schema_info_ldb_val;
+	TALLOC_CTX *mem_ctx;
+
+	mem_ctx = talloc_new(tctx);
+	torture_assert(tctx, mem_ctx, "Unexpected: Have no memory!");
+
+	schema = dsdb_new_schema(mem_ctx);
+	torture_assert(tctx, schema, "Unexpected: failed to allocate schema object");
+
+	/* set priv->pfm_full as prefixMap for new schema object */
+	schema->prefixmap = priv->pfm_full;
+	schema->schema_info = priv->schi_default;
+
+	/* convert schema_prefixMap to ldb_val blob */
+	werr = dsdb_get_oid_mappings_ldb(schema, mem_ctx, &pfm_ldb_val, &schema_info_ldb_val);
+	torture_assert_werr_ok(tctx, werr, "dsdb_get_oid_mappings_ldb() failed");
+	torture_assert(tctx, pfm_ldb_val.data && pfm_ldb_val.length,
+		       "pfm_ldb_val not constructed correctly");
+	torture_assert(tctx, schema_info_ldb_val.data && schema_info_ldb_val.length,
+		       "schema_info_ldb_val not constructed correctly");
+
+	/* convert pfm_ldb_val back to schema_prefixMap */
+	schema->prefixmap = NULL;
+	schema->schema_info = NULL;
+	werr = dsdb_load_oid_mappings_ldb(schema, &pfm_ldb_val, &schema_info_ldb_val);
+	torture_assert_werr_ok(tctx, werr, "dsdb_load_oid_mappings_ldb() failed");
+	/* compare against the original */
+	if (!_torture_drs_pfm_compare_same(tctx, schema->prefixmap, priv->pfm_full, false)) {
+		talloc_free(mem_ctx);
+		return false;
+	}
+	torture_assert_int_equal(tctx, schema->schema_info->revision, priv->schi_default->revision,
+				 "Fetched schema_info is different (revision)");
+	torture_assert(tctx, GUID_equal(&schema->schema_info->invocation_id, &priv->schi_default->invocation_id),
+		       "Fetched schema_info is different (invocation_id)");
+
+	talloc_free(mem_ctx);
+	return true;
+}
+
+/**
+ * Test read/write in ldb implementation
+ */
+static bool torture_drs_unit_pfm_read_write_ldb(struct torture_context *tctx, struct drsut_prefixmap_data *priv)
+{
+	WERROR werr;
+	struct dsdb_schema *schema;
+	struct dsdb_schema_prefixmap *pfm;
+	TALLOC_CTX *mem_ctx;
+
+	mem_ctx = talloc_new(tctx);
+	torture_assert(tctx, mem_ctx, "Unexpected: Have no memory!");
+
+	/* makeup a dsdb_schema to test with */
+	schema = dsdb_new_schema(mem_ctx);
+	torture_assert(tctx, schema, "Unexpected: failed to allocate schema object");
+	/* set priv->pfm_full as prefixMap for new schema object */
+	schema->prefixmap = priv->pfm_full;
+	schema->schema_info = priv->schi_default;
+
+	/* write prfixMap to ldb */
+	werr = dsdb_write_prefixes_from_schema_to_ldb(mem_ctx, priv->ldb_ctx, schema);
+	torture_assert_werr_ok(tctx, werr, "dsdb_write_prefixes_from_schema_to_ldb() failed");
+
+	/* read from ldb what we have written */
+	werr = dsdb_read_prefixes_from_ldb(priv->ldb_ctx, mem_ctx, &pfm);
+	torture_assert_werr_ok(tctx, werr, "dsdb_read_prefixes_from_ldb() failed");
+
+	/* compare data written/read */
+	if (!_torture_drs_pfm_compare_same(tctx, schema->prefixmap, priv->pfm_full, false)) {
+		torture_fail(tctx, "prefixMap read/write in LDB is not consistent");
+	}
+
+	talloc_free(mem_ctx);
+
+	return true;
+}
+
+/**
+ * Test dsdb_create_prefix_mapping
+ */
+static bool torture_drs_unit_dsdb_create_prefix_mapping(struct torture_context *tctx, struct drsut_prefixmap_data *priv)
+{
+	WERROR werr;
+	uint32_t i;
+	struct dsdb_schema *schema;
+	TALLOC_CTX *mem_ctx;
+	struct dsdb_schema_prefixmap *pfm_ldb = NULL;
+
+	mem_ctx = talloc_new(tctx);
+	torture_assert(tctx, mem_ctx, "Unexpected: Have no memory!");
+
+	/* makeup a dsdb_schema to test with */
+	schema = dsdb_new_schema(mem_ctx);
+	torture_assert(tctx, schema, "Unexpected: failed to allocate schema object");
+	/* set priv->pfm_full as prefixMap for new schema object */
+	schema->schema_info = priv->schi_default;
+	werr = _drsut_prefixmap_new(_prefixmap_test_new_data, ARRAY_SIZE(_prefixmap_test_new_data),
+				    schema, &schema->prefixmap);
+	torture_assert_werr_ok(tctx, werr, "_drsut_prefixmap_new() failed");
+	/* write prfixMap to ldb */
+	werr = dsdb_write_prefixes_from_schema_to_ldb(mem_ctx, priv->ldb_ctx, schema);
+	torture_assert_werr_ok(tctx, werr, "dsdb_write_prefixes_from_schema_to_ldb() failed");
+
+	/* read from ldb what we have written */
+	werr = dsdb_read_prefixes_from_ldb(priv->ldb_ctx, mem_ctx, &pfm_ldb);
+	torture_assert_werr_ok(tctx, werr, "dsdb_read_prefixes_from_ldb() failed");
+	/* compare data written/read */
+	if (!_torture_drs_pfm_compare_same(tctx, schema->prefixmap, pfm_ldb, true)) {
+		torture_fail(tctx, "pfm in LDB is different");
+	}
+	TALLOC_FREE(pfm_ldb);
+
+	for (i = 0; i < ARRAY_SIZE(_prefixmap_test_data); i++) {
+		struct dsdb_schema_prefixmap *pfm_prev;
+		struct dsdb_schema_prefixmap *pfm_new;
+
+		pfm_prev = schema->prefixmap;
+
+		pfm_new = dsdb_schema_pfm_copy_shallow(schema, pfm_prev);
+		torture_assert(tctx, pfm_new != NULL, "dsdb_schema_pfm_copy_shallow() failed");
+
+		if (!_prefixmap_test_data[i].exists) {
+			uint32_t attid;
+
+			werr = dsdb_schema_pfm_make_attid(pfm_new,
+							  _prefixmap_test_data[i].oid,
+							  &attid);
+			torture_assert_werr_ok(tctx, werr, "dsdb_schema_pfm_make_attid() failed");
+		}
+
+		/* call dsdb_create_prefix_mapping() and check result accordingly */
+		werr = dsdb_create_prefix_mapping(priv->ldb_ctx, schema, _prefixmap_test_data[i].oid);
+		torture_assert_werr_ok(tctx, werr, "dsdb_create_prefix_mapping() failed");
+
+		/*
+		 * The prefix should not change, only on reload
+		 */
+		torture_assert(tctx, pfm_prev == schema->prefixmap,
+			       "schema->prefixmap has been reallocated!");
+		if (!_torture_drs_pfm_compare_same(tctx, pfm_prev, schema->prefixmap, true)) {
+			torture_fail(tctx, "schema->prefixmap has changed");
+		}
+
+		/* read from ldb what we have written */
+		werr = dsdb_read_prefixes_from_ldb(priv->ldb_ctx, mem_ctx, &pfm_ldb);
+		torture_assert_werr_ok(tctx, werr, "dsdb_read_prefixes_from_ldb() failed");
+		/* compare data written/read */
+		if (!_torture_drs_pfm_compare_same(tctx, pfm_new, pfm_ldb, true)) {
+			torture_fail(tctx, talloc_asprintf(tctx, "%u: pfm in LDB is different", i));
+		}
+		/* free mem for pfm read from LDB */
+		TALLOC_FREE(pfm_ldb);
+
+		/* prepare for the next round */
+		schema->prefixmap = pfm_new;
+	}
+
+	talloc_free(mem_ctx);
+
+	return true;
+}
+
+/**
+ * Prepare temporary LDB and opens it
+ */
+static bool torture_drs_unit_ldb_setup(struct torture_context *tctx, struct drsut_prefixmap_data *priv)
+{
+	int ldb_err;
+	char *ldb_url;
+	bool bret = true;
+	TALLOC_CTX* mem_ctx;
+	char *tempdir;
+	NTSTATUS status;
+
+	mem_ctx = talloc_new(priv);
+
+	status = torture_temp_dir(tctx, "drs_", &tempdir);
+	torture_assert_ntstatus_ok(tctx, status, "creating temp dir");
+
+	ldb_url = talloc_asprintf(priv, "%s/drs_test.ldb", tempdir);
+
+	/* create LDB */
+	priv->ldb_ctx = ldb_init(priv, tctx->ev);
+	ldb_err = ldb_connect(priv->ldb_ctx, ldb_url, 0, NULL);
+	torture_assert_int_equal_goto(tctx, ldb_err, LDB_SUCCESS, bret, DONE, "ldb_connect() failed");
+
+	/* set some schemaNamingContext */
+	ldb_err = ldb_set_opaque(priv->ldb_ctx,
+				 "schemaNamingContext",
+				 ldb_dn_new(priv->ldb_ctx, priv->ldb_ctx, "CN=Schema,CN=Config"));
+	torture_assert_int_equal_goto(tctx, ldb_err, LDB_SUCCESS, bret, DONE, "ldb_set_opaque() failed");
+
+	/* add prefixMap attribute so tested layer could work properly */
+	{
+		struct ldb_message *msg = ldb_msg_new(mem_ctx);
+		msg->dn = ldb_get_schema_basedn(priv->ldb_ctx);
+		ldb_err = ldb_msg_add_string(msg, "prefixMap", "prefixMap");
+		torture_assert_int_equal_goto(tctx, ldb_err, LDB_SUCCESS, bret, DONE,
+					      "ldb_msg_add_string() failed");
+
+		ldb_err = ldb_add(priv->ldb_ctx, msg);
+		torture_assert_int_equal_goto(tctx, ldb_err, LDB_SUCCESS, bret, DONE, "ldb_add() failed");
+	}
+
+DONE:
+	talloc_free(mem_ctx);
+	return bret;
+}
+
+/*
+ * Setup/Teardown for test case
+ */
+static bool torture_drs_unit_prefixmap_setup(struct torture_context *tctx, struct drsut_prefixmap_data **_priv)
+{
+	WERROR werr;
+	DATA_BLOB blob;
+	struct drsut_prefixmap_data *priv;
+
+	priv = *_priv = talloc_zero(tctx, struct drsut_prefixmap_data);
+	torture_assert(tctx, priv != NULL, "Not enough memory");
+
+	werr = _drsut_prefixmap_new(_prefixmap_test_new_data, ARRAY_SIZE(_prefixmap_test_new_data),
+	                            tctx, &priv->pfm_new);
+	torture_assert_werr_ok(tctx, werr, "failed to create pfm_new");
+
+	werr = _drsut_prefixmap_new(_prefixmap_full_map_data, ARRAY_SIZE(_prefixmap_full_map_data),
+	                            tctx, &priv->pfm_full);
+	torture_assert_werr_ok(tctx, werr, "failed to create pfm_test");
+
+	torture_assert(tctx, drsut_schemainfo_new(tctx, &priv->schi_default),
+	               "drsut_schemainfo_new() failed");
+
+	werr = dsdb_blob_from_schema_info(priv->schi_default, priv, &blob);
+	torture_assert_werr_ok(tctx, werr, "dsdb_blob_from_schema_info() failed");
+
+	/* create temporary LDB and populate with data */
+	if (!torture_drs_unit_ldb_setup(tctx, priv)) {
+		return false;
+	}
+
+	return true;
+}
+
+static bool torture_drs_unit_prefixmap_teardown(struct torture_context *tctx, struct drsut_prefixmap_data *priv)
+{
+	talloc_free(priv);
+
+	return true;
+}
+
+/**
+ * Test case initialization for
+ * drs.unit.prefixMap
+ */
+struct torture_tcase * torture_drs_unit_prefixmap(struct torture_suite *suite)
+{
+	typedef bool (*pfn_setup)(struct torture_context *, void **);
+	typedef bool (*pfn_teardown)(struct torture_context *, void *);
+	typedef bool (*pfn_run)(struct torture_context *, void *);
+
+	struct torture_tcase * tc = torture_suite_add_tcase(suite, "prefixMap");
+
+	torture_tcase_set_fixture(tc,
+				  (pfn_setup)torture_drs_unit_prefixmap_setup,
+				  (pfn_teardown)torture_drs_unit_prefixmap_teardown);
+
+	tc->description = talloc_strdup(tc, "Unit tests for DRSUAPI::prefixMap implementation");
+
+	torture_tcase_add_simple_test(tc, "new", (pfn_run)torture_drs_unit_pfm_new);
+
+	torture_tcase_add_simple_test(tc, "make_attid_full_map", (pfn_run)torture_drs_unit_pfm_make_attid_full_map);
+	torture_tcase_add_simple_test(tc, "make_attid_small_map", (pfn_run)torture_drs_unit_pfm_make_attid_small_map);
+
+	torture_tcase_add_simple_test(tc, "attid_from_oid_full_map",
+				      (pfn_run)torture_drs_unit_pfm_attid_from_oid_full_map);
+	torture_tcase_add_simple_test(tc, "attid_from_oid_empty_map",
+				      (pfn_run)torture_drs_unit_pfm_attid_from_oid_base_map);
+
+	torture_tcase_add_simple_test(tc, "oid_from_attid_full_map", (pfn_run)torture_drs_unit_pfm_oid_from_attid);
+	torture_tcase_add_simple_test(tc, "oid_from_attid_check_attid",
+				      (pfn_run)torture_drs_unit_pfm_oid_from_attid_check_attid);
+
+	torture_tcase_add_simple_test(tc, "pfm_to_from_drsuapi", (pfn_run)torture_drs_unit_pfm_to_from_drsuapi);
+
+	torture_tcase_add_simple_test(tc, "pfm_to_from_ldb_val", (pfn_run)torture_drs_unit_pfm_to_from_ldb_val);
+
+	torture_tcase_add_simple_test(tc, "pfm_read_write_ldb", (pfn_run)torture_drs_unit_pfm_read_write_ldb);
+
+	torture_tcase_add_simple_test(tc, "dsdb_create_prefix_mapping", (pfn_run)torture_drs_unit_dsdb_create_prefix_mapping);
+
+	return tc;
+}
diff --git a/source4/torture/drs/unit/schemainfo_tests.c b/source4/torture/drs/unit/schemainfo_tests.c
new file mode 100644
index 0000000..4b4cca6
--- /dev/null
+++ b/source4/torture/drs/unit/schemainfo_tests.c
@@ -0,0 +1,740 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   DRSUAPI schemaInfo unit tests
+
+   Copyright (C) Kamen Mazdrashki <kamenim@samba.org> 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "torture/smbtorture.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+#include "ldb_wrap.h"
+#include <ldb_module.h>
+#include "torture/rpc/drsuapi.h"
+#include "librpc/ndr/libndr.h"
+#include "param/param.h"
+#include "torture/drs/proto.h"
+#include "torture/drs/proto.h"
+
+
+/**
+ * schemaInfo to init ldb context with
+ *   Rev:  0
+ *   GUID: 00000000-0000-0000-0000-000000000000
+ */
+#define SCHEMA_INFO_INIT_STR		"FF0000000000000000000000000000000000000000"
+
+/**
+ * Default schema_info string to be used for testing
+ *   Rev:  01
+ *   GUID: 071c82fd-45c7-4351-a3db-51f75a630a7f
+ */
+#define SCHEMA_INFO_DEFAULT_STR 	"FF00000001FD821C07C7455143A3DB51F75A630A7F"
+
+/**
+ * Schema info data to test with
+ */
+struct schemainfo_data {
+	DATA_BLOB 	ndr_blob;
+	struct dsdb_schema_info schi;
+	WERROR		werr_expected;
+	bool 		test_both_ways;
+};
+
+/**
+ * Schema info test data in human-readable format (... kind of)
+ */
+static const struct {
+	const char 	*schema_info_str;
+	uint32_t	revision;
+	const char	*guid_str;
+	WERROR		werr_expected;
+	bool 		test_both_ways;
+} _schemainfo_test_data[] = {
+	{
+		.schema_info_str = "FF0000000000000000000000000000000000000000",
+		.revision = 0,
+		.guid_str = "00000000-0000-0000-0000-000000000000",
+		.werr_expected = WERR_OK,
+		.test_both_ways = true
+	},
+	{
+		.schema_info_str = "FF00000001FD821C07C7455143A3DB51F75A630A7F",
+		.revision = 1,
+		.guid_str = "071c82fd-45c7-4351-a3db-51f75a630a7f",
+		.werr_expected = WERR_OK,
+		.test_both_ways = true
+	},
+	{
+		.schema_info_str = "FFFFFFFFFFFD821C07C7455143A3DB51F75A630A7F",
+		.revision = 0xFFFFFFFF,
+		.guid_str = "071c82fd-45c7-4351-a3db-51f75a630a7f",
+		.werr_expected = WERR_OK,
+		.test_both_ways = true
+	},
+	{ /* len == 21 */
+		.schema_info_str = "FF00000001FD821C07C7455143A3DB51F75A630A7F00",
+		.revision = 1,
+		.guid_str = "071c82fd-45c7-4351-a3db-51f75a630a7f",
+		.werr_expected = WERR_INVALID_PARAMETER,
+		.test_both_ways = false
+	},
+	{ /* marker == FF */
+		.schema_info_str = "AA00000001FD821C07C7455143A3DB51F75A630A7F",
+		.revision = 1,
+		.guid_str = "071c82fd-45c7-4351-a3db-51f75a630a7f",
+		.werr_expected = WERR_INVALID_PARAMETER,
+		.test_both_ways = false
+	}
+};
+
+/**
+ * Private data to be shared among all test in Test case
+ */
+struct drsut_schemainfo_data {
+	struct ldb_context *ldb;
+	struct ldb_module  *ldb_module;
+	struct dsdb_schema *schema;
+
+	/* Initial schemaInfo set in ldb to test with */
+	struct dsdb_schema_info *schema_info;
+
+	uint32_t test_data_count;
+	struct schemainfo_data *test_data;
+};
+
+/**
+ * torture macro to assert for equal dsdb_schema_info's
+ */
+#define torture_assert_schema_info_equal(torture_ctx,got,expected,cmt)\
+	do { const struct dsdb_schema_info *__got = (got), *__expected = (expected); \
+	if (__got->revision != __expected->revision) { \
+		torture_result(torture_ctx, TORTURE_FAIL, \
+			       __location__": "#got".revision %d did not match "#expected".revision %d: %s", \
+			       (int)__got->revision, (int)__expected->revision, cmt); \
+		return false; \
+	} \
+	if (!GUID_equal(&__got->invocation_id, &__expected->invocation_id)) { \
+		torture_result(torture_ctx, TORTURE_FAIL, \
+			       __location__": "#got".invocation_id did not match "#expected".invocation_id: %s", cmt); \
+		return false; \
+	} \
+	} while(0)
+
+/*
+ * forward declaration for internal functions
+ */
+static bool _drsut_ldb_schema_info_reset(struct torture_context *tctx,
+					 struct ldb_context *ldb,
+					 const char *schema_info_str,
+					 bool in_setup);
+
+
+/**
+ * Creates dsdb_schema_info object based on NDR data
+ * passed as hex string
+ */
+static bool _drsut_schemainfo_new(struct torture_context *tctx,
+				  const char *schema_info_str, struct dsdb_schema_info **_si)
+{
+	WERROR werr;
+	DATA_BLOB blob;
+
+	blob = strhex_to_data_blob(tctx, schema_info_str);
+	if (!blob.data) {
+		torture_comment(tctx, "Not enough memory!\n");
+		return false;
+	}
+
+	werr = dsdb_schema_info_from_blob(&blob, tctx, _si);
+	if (!W_ERROR_IS_OK(werr)) {
+		torture_comment(tctx,
+		                "Failed to create dsdb_schema_info object for %s: %s",
+		                schema_info_str,
+		                win_errstr(werr));
+		return false;
+	}
+
+	data_blob_free(&blob);
+
+	return true;
+}
+
+/**
+ * Creates dsdb_schema_info object based on predefined data
+ * Function is public as it is intended to be used by other
+ * tests (e.g. prefixMap tests)
+ */
+bool drsut_schemainfo_new(struct torture_context *tctx, struct dsdb_schema_info **_si)
+{
+	return _drsut_schemainfo_new(tctx, SCHEMA_INFO_DEFAULT_STR, _si);
+}
+
+
+/*
+ * Tests dsdb_schema_info_new() and dsdb_schema_info_blob_new()
+ */
+static bool test_dsdb_schema_info_new(struct torture_context *tctx,
+				      struct drsut_schemainfo_data *priv)
+{
+	WERROR werr;
+	DATA_BLOB ndr_blob;
+	DATA_BLOB ndr_blob_expected;
+	struct dsdb_schema_info *schi;
+	TALLOC_CTX *mem_ctx;
+
+	mem_ctx = talloc_new(priv);
+	torture_assert(tctx, mem_ctx, "Not enough memory!");
+	ndr_blob_expected = strhex_to_data_blob(mem_ctx, SCHEMA_INFO_INIT_STR);
+	torture_assert(tctx, ndr_blob_expected.data, "Not enough memory!");
+
+	werr = dsdb_schema_info_new(mem_ctx, &schi);
+	torture_assert_werr_ok(tctx, werr, "dsdb_schema_info_new() failed");
+	torture_assert_int_equal(tctx, schi->revision, 0,
+				 "dsdb_schema_info_new() creates schemaInfo with invalid revision");
+	torture_assert(tctx, GUID_all_zero(&schi->invocation_id),
+			"dsdb_schema_info_new() creates schemaInfo with not ZERO GUID");
+
+	werr = dsdb_schema_info_blob_new(mem_ctx, &ndr_blob);
+	torture_assert_werr_ok(tctx, werr, "dsdb_schema_info_blob_new() failed");
+	torture_assert_data_blob_equal(tctx, ndr_blob, ndr_blob_expected,
+				       "dsdb_schema_info_blob_new() returned invalid blob");
+
+	talloc_free(mem_ctx);
+	return true;
+}
+
+/*
+ * Tests dsdb_schema_info_from_blob()
+ */
+static bool test_dsdb_schema_info_from_blob(struct torture_context *tctx,
+					    struct drsut_schemainfo_data *priv)
+{
+	uint32_t i;
+	WERROR werr;
+	char *msg;
+	struct dsdb_schema_info *schema_info;
+	TALLOC_CTX *mem_ctx;
+
+	mem_ctx = talloc_new(priv);
+	torture_assert(tctx, mem_ctx, "Not enough memory!");
+
+	for (i = 0; i < priv->test_data_count; i++) {
+		struct schemainfo_data *data = &priv->test_data[i];
+
+		msg = talloc_asprintf(tctx, "dsdb_schema_info_from_blob() [%d]-[%s]",
+		                      i, _schemainfo_test_data[i].schema_info_str);
+
+		werr = dsdb_schema_info_from_blob(&data->ndr_blob, mem_ctx, &schema_info);
+		torture_assert_werr_equal(tctx, werr, data->werr_expected, msg);
+
+		/* test returned data */
+		if (W_ERROR_IS_OK(werr)) {
+			torture_assert_schema_info_equal(tctx,
+			                                 schema_info, &data->schi,
+			                                 "after dsdb_schema_info_from_blob() call");
+		}
+	}
+
+	talloc_free(mem_ctx);
+
+	return true;
+}
+
+/*
+ * Tests dsdb_blob_from_schema_info()
+ */
+static bool test_dsdb_blob_from_schema_info(struct torture_context *tctx,
+					    struct drsut_schemainfo_data *priv)
+{
+	uint32_t i;
+	WERROR werr;
+	char *msg;
+	DATA_BLOB ndr_blob;
+	TALLOC_CTX *mem_ctx;
+
+	mem_ctx = talloc_new(priv);
+	torture_assert(tctx, mem_ctx, "Not enough memory!");
+
+	for (i = 0; i < priv->test_data_count; i++) {
+		struct schemainfo_data *data = &priv->test_data[i];
+
+		/* not all test are valid reverse type of conversion */
+		if (!data->test_both_ways) {
+			continue;
+		}
+
+		msg = talloc_asprintf(tctx, "dsdb_blob_from_schema_info() [%d]-[%s]",
+		                      i, _schemainfo_test_data[i].schema_info_str);
+
+		werr = dsdb_blob_from_schema_info(&data->schi, mem_ctx, &ndr_blob);
+		torture_assert_werr_equal(tctx, werr, data->werr_expected, msg);
+
+		/* test returned data */
+		if (W_ERROR_IS_OK(werr)) {
+			torture_assert_data_blob_equal(tctx,
+			                               ndr_blob, data->ndr_blob,
+			                               "dsdb_blob_from_schema_info()");
+		}
+	}
+
+	talloc_free(mem_ctx);
+
+	return true;
+}
+
+static bool test_dsdb_schema_info_cmp(struct torture_context *tctx,
+				      struct drsut_schemainfo_data *priv)
+{
+	DATA_BLOB blob;
+	struct drsuapi_DsReplicaOIDMapping_Ctr *ctr;
+	struct dsdb_schema_info schema_info;
+
+	ctr = talloc_zero(priv, struct drsuapi_DsReplicaOIDMapping_Ctr);
+	torture_assert(tctx, ctr, "Not enough memory!");
+
+	/* not enough elements */
+	torture_assert_werr_equal(tctx,
+				  dsdb_schema_info_cmp(priv->schema, ctr),
+				  WERR_INVALID_PARAMETER,
+				  "dsdb_schema_info_cmp(): unexpected result");
+
+	/* an empty element for schemaInfo */
+	ctr->num_mappings = 1;
+	ctr->mappings = talloc_zero_array(ctr, struct drsuapi_DsReplicaOIDMapping, 1);
+	torture_assert(tctx, ctr->mappings, "Not enough memory!");
+	torture_assert_werr_equal(tctx,
+				  dsdb_schema_info_cmp(priv->schema, ctr),
+				  WERR_INVALID_PARAMETER,
+				  "dsdb_schema_info_cmp(): unexpected result");
+
+	/* test with invalid schemaInfo - length != 21 */
+	blob = strhex_to_data_blob(ctr, "FF00000001FD821C07C7455143A3DB51F75A630A7F00");
+	torture_assert(tctx, blob.data, "Not enough memory!");
+	ctr->mappings[0].oid.length     = blob.length;
+	ctr->mappings[0].oid.binary_oid = blob.data;
+	torture_assert_werr_equal(tctx,
+				  dsdb_schema_info_cmp(priv->schema, ctr),
+				  WERR_INVALID_PARAMETER,
+				  "dsdb_schema_info_cmp(): unexpected result");
+
+	/* test with invalid schemaInfo - marker != 0xFF */
+	blob = strhex_to_data_blob(ctr, "AA00000001FD821C07C7455143A3DB51F75A630A7F");
+	torture_assert(tctx, blob.data, "Not enough memory!");
+	ctr->mappings[0].oid.length     = blob.length;
+	ctr->mappings[0].oid.binary_oid = blob.data;
+	torture_assert_werr_equal(tctx,
+				  dsdb_schema_info_cmp(priv->schema, ctr),
+				  WERR_INVALID_PARAMETER,
+				  "dsdb_schema_info_cmp(): unexpected result");
+
+	/* test with valid schemaInfo, but older one should be ok */
+	blob = strhex_to_data_blob(ctr, "FF0000000000000000000000000000000000000000");
+	torture_assert(tctx, blob.data, "Not enough memory!");
+	ctr->mappings[0].oid.length     = blob.length;
+	ctr->mappings[0].oid.binary_oid = blob.data;
+	torture_assert_werr_equal(tctx,
+				  dsdb_schema_info_cmp(priv->schema, ctr),
+				  WERR_OK,
+				  "dsdb_schema_info_cmp(): unexpected result");
+
+	/* test with correct schemaInfo, but invalid ATTID */
+	schema_info = *priv->schema->schema_info;
+	torture_assert_werr_ok(tctx,
+		dsdb_blob_from_schema_info(&schema_info, tctx, &blob),
+		"dsdb_blob_from_schema_info() failed");
+	ctr->mappings[0].id_prefix	= 1;
+	ctr->mappings[0].oid.length     = blob.length;
+	ctr->mappings[0].oid.binary_oid = blob.data;
+	torture_assert_werr_equal(tctx,
+				  dsdb_schema_info_cmp(priv->schema, ctr),
+				  WERR_INVALID_PARAMETER,
+				  "dsdb_schema_info_cmp(): unexpected result");
+
+	/* test with valid schemaInfo */
+	ctr->mappings[0].id_prefix	= 0;
+	torture_assert_werr_ok(tctx,
+			       dsdb_schema_info_cmp(priv->schema, ctr),
+			       "dsdb_schema_info_cmp(): unexpected result");
+
+	/* test with valid schemaInfo, but older revision */
+	schema_info = *priv->schema->schema_info;
+	schema_info.revision -= 1;
+	torture_assert_werr_ok(tctx,
+		dsdb_blob_from_schema_info(&schema_info, tctx, &blob),
+		"dsdb_blob_from_schema_info() failed");
+	ctr->mappings[0].oid.length     = blob.length;
+	ctr->mappings[0].oid.binary_oid = blob.data;
+	torture_assert_werr_equal(tctx,
+				  dsdb_schema_info_cmp(priv->schema, ctr),
+				  WERR_OK,
+				  "dsdb_schema_info_cmp(): unexpected result");
+
+	/* test with valid schemaInfo, but newer revision */
+	schema_info = *priv->schema->schema_info;
+	schema_info.revision += 1;
+	torture_assert_werr_ok(tctx,
+		dsdb_blob_from_schema_info(&schema_info, tctx, &blob),
+		"dsdb_blob_from_schema_info() failed");
+	ctr->mappings[0].oid.length     = blob.length;
+	ctr->mappings[0].oid.binary_oid = blob.data;
+	torture_assert_werr_equal(tctx,
+				  dsdb_schema_info_cmp(priv->schema, ctr),
+				  WERR_DS_DRA_SCHEMA_MISMATCH,
+				  "dsdb_schema_info_cmp(): unexpected result");
+
+	/* test with valid schemaInfo, but newer revision and other invocationId */
+	schema_info = *priv->schema->schema_info;
+	schema_info.revision += 1;
+	schema_info.invocation_id.time_mid += 1;
+	torture_assert_werr_ok(tctx,
+		dsdb_blob_from_schema_info(&schema_info, tctx, &blob),
+		"dsdb_blob_from_schema_info() failed");
+	ctr->mappings[0].oid.length     = blob.length;
+	ctr->mappings[0].oid.binary_oid = blob.data;
+	torture_assert_werr_equal(tctx,
+				  dsdb_schema_info_cmp(priv->schema, ctr),
+				  WERR_DS_DRA_SCHEMA_MISMATCH,
+				  "dsdb_schema_info_cmp(): unexpected result");
+
+	/* test with valid schemaInfo, but older revision and other invocationId */
+	schema_info = *priv->schema->schema_info;
+	schema_info.revision -= 1;
+	schema_info.invocation_id.time_mid += 1;
+	torture_assert_werr_ok(tctx,
+		dsdb_blob_from_schema_info(&schema_info, tctx, &blob),
+		"dsdb_blob_from_schema_info() failed");
+	ctr->mappings[0].oid.length     = blob.length;
+	ctr->mappings[0].oid.binary_oid = blob.data;
+	torture_assert_werr_equal(tctx,
+				  dsdb_schema_info_cmp(priv->schema, ctr),
+				  WERR_OK,
+				  "dsdb_schema_info_cmp(): unexpected result");
+
+	/* test with valid schemaInfo, but same revision and other invocationId */
+	schema_info = *priv->schema->schema_info;
+	schema_info.invocation_id.time_mid += 1;
+	torture_assert_werr_ok(tctx,
+		dsdb_blob_from_schema_info(&schema_info, tctx, &blob),
+		"dsdb_blob_from_schema_info() failed");
+	ctr->mappings[0].oid.length     = blob.length;
+	ctr->mappings[0].oid.binary_oid = blob.data;
+	torture_assert_werr_equal(tctx,
+				  dsdb_schema_info_cmp(priv->schema, ctr),
+				  WERR_DS_DRA_SCHEMA_CONFLICT,
+				  "dsdb_schema_info_cmp(): unexpected result");
+
+	talloc_free(ctr);
+	return true;
+}
+
+/*
+ * Tests dsdb_module_schema_info_blob_read()
+ *   and dsdb_module_schema_info_blob_write()
+ */
+static bool test_dsdb_module_schema_info_blob_rw(struct torture_context *tctx,
+						struct drsut_schemainfo_data *priv)
+{
+	int ldb_err;
+	DATA_BLOB blob_write;
+	DATA_BLOB blob_read;
+
+	/* reset schmeInfo to know value */
+	torture_assert(tctx,
+		       _drsut_ldb_schema_info_reset(tctx, priv->ldb, SCHEMA_INFO_INIT_STR, false),
+		       "_drsut_ldb_schema_info_reset() failed");
+
+	/* write tests' default schemaInfo */
+	blob_write = strhex_to_data_blob(priv, SCHEMA_INFO_DEFAULT_STR);
+	torture_assert(tctx, blob_write.data, "Not enough memory!");
+
+	ldb_err = dsdb_module_schema_info_blob_write(priv->ldb_module,
+						     DSDB_FLAG_TOP_MODULE,
+						     &blob_write, NULL);
+	torture_assert_int_equal(tctx, ldb_err, LDB_SUCCESS, "dsdb_module_schema_info_blob_write() failed");
+
+	ldb_err = dsdb_module_schema_info_blob_read(priv->ldb_module, DSDB_FLAG_TOP_MODULE,
+						    priv, &blob_read, NULL);
+	torture_assert_int_equal(tctx, ldb_err, LDB_SUCCESS, "dsdb_module_schema_info_blob_read() failed");
+
+	/* check if we get what we wrote */
+	torture_assert_data_blob_equal(tctx, blob_read, blob_write,
+				       "Write/Read of schemeInfo blob failed");
+
+	return true;
+}
+
+/*
+ * Tests dsdb_schema_update_schema_info()
+ */
+static bool test_dsdb_module_schema_info_update(struct torture_context *tctx,
+						struct drsut_schemainfo_data *priv)
+{
+	int ldb_err;
+	WERROR werr;
+	DATA_BLOB blob;
+	struct dsdb_schema_info *schema_info;
+
+	/* reset schmeInfo to know value */
+	torture_assert(tctx,
+		       _drsut_ldb_schema_info_reset(tctx, priv->ldb, SCHEMA_INFO_INIT_STR, false),
+		       "_drsut_ldb_schema_info_reset() failed");
+
+	ldb_err = dsdb_module_schema_info_update(priv->ldb_module,
+						 priv->schema,
+						 DSDB_FLAG_TOP_MODULE | DSDB_FLAG_AS_SYSTEM, NULL);
+	torture_assert_int_equal(tctx, ldb_err, LDB_SUCCESS, "dsdb_module_schema_info_update() failed");
+
+	/* get updated schemaInfo */
+	ldb_err = dsdb_module_schema_info_blob_read(priv->ldb_module, DSDB_FLAG_TOP_MODULE,
+						    priv, &blob, NULL);
+	torture_assert_int_equal(tctx, ldb_err, LDB_SUCCESS, "dsdb_module_schema_info_blob_read() failed");
+
+	werr = dsdb_schema_info_from_blob(&blob, priv, &schema_info);
+	torture_assert_werr_ok(tctx, werr, "dsdb_schema_info_from_blob() failed");
+
+	/* check against default schema_info */
+	torture_assert_schema_info_equal(tctx, schema_info, priv->schema_info,
+					  "schemaInfo attribute no updated correctly");
+
+	return true;
+}
+
+
+/**
+ * Reset schemaInfo record to know value
+ */
+static bool _drsut_ldb_schema_info_reset(struct torture_context *tctx,
+					 struct ldb_context *ldb,
+					 const char *schema_info_str,
+					 bool in_setup)
+{
+	bool bret = true;
+	int ldb_err;
+	DATA_BLOB blob;
+	struct ldb_message *msg;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+
+	blob = strhex_to_data_blob(mem_ctx, schema_info_str);
+	torture_assert_goto(tctx, blob.data, bret, DONE, "Not enough memory!");
+
+	msg = ldb_msg_new(mem_ctx);
+	torture_assert_goto(tctx, msg, bret, DONE, "Not enough memory!");
+
+	msg->dn = ldb_get_schema_basedn(ldb);
+	ldb_err = ldb_msg_add_value(msg, "schemaInfo", &blob, NULL);
+	torture_assert_int_equal_goto(tctx, ldb_err, LDB_SUCCESS, bret, DONE,
+				      "ldb_msg_add_value() failed");
+
+	if (in_setup) {
+		ldb_err = ldb_add(ldb, msg);
+	} else {
+		ldb_err = dsdb_replace(ldb, msg, DSDB_MODIFY_PERMISSIVE);
+	}
+	torture_assert_int_equal_goto(tctx, ldb_err, LDB_SUCCESS, bret, DONE,
+				      "dsdb_replace() failed");
+
+DONE:
+	talloc_free(mem_ctx);
+	return bret;
+}
+
+/**
+ * Prepare temporary LDB and opens it
+ */
+static bool _drsut_ldb_setup(struct torture_context *tctx, struct drsut_schemainfo_data *priv)
+{
+	int ldb_err;
+	char *ldb_url;
+	bool bret = true;
+	char *tempdir = NULL;
+	NTSTATUS status;
+	TALLOC_CTX* mem_ctx;
+
+	mem_ctx = talloc_new(priv);
+	torture_assert(tctx, mem_ctx, "Not enough memory!");
+
+	status = torture_temp_dir(tctx, "drs_", &tempdir);
+	torture_assert_ntstatus_ok_goto(tctx, status, bret, DONE, "creating temp dir");
+
+	ldb_url = talloc_asprintf(priv, "%s/drs_schemainfo.ldb", tempdir);
+	torture_assert_goto(tctx, ldb_url, bret, DONE, "Not enough memory!");
+
+	/* create LDB */
+	priv->ldb = ldb_wrap_connect(priv, tctx->ev, tctx->lp_ctx,
+	                             ldb_url, NULL, NULL, 0);
+	torture_assert_goto(tctx, priv->ldb, bret, DONE,  "ldb_wrap_connect() failed");
+
+	/* set some schemaNamingContext */
+	ldb_err = ldb_set_opaque(priv->ldb,
+				 "schemaNamingContext",
+				 ldb_dn_new(priv->ldb, priv->ldb, "CN=Schema,CN=Config"));
+	torture_assert_int_equal_goto(tctx, ldb_err, LDB_SUCCESS, bret, DONE,
+				      "ldb_set_opaque() failed");
+
+	/* add schemaInfo attribute so tested layer could work properly */
+	torture_assert_goto(tctx,
+			    _drsut_ldb_schema_info_reset(tctx, priv->ldb, SCHEMA_INFO_INIT_STR, true),
+			    bret, DONE,
+			    "_drsut_ldb_schema_info_reset() failed");
+
+DONE:
+	talloc_free(tempdir);
+	talloc_free(mem_ctx);
+	return bret;
+}
+
+/*
+ * Setup/Teardown for test case
+ */
+static bool torture_drs_unit_schemainfo_setup(struct torture_context *tctx,
+					      struct drsut_schemainfo_data **_priv)
+{
+	size_t i;
+	int ldb_err;
+	NTSTATUS status;
+	DATA_BLOB ndr_blob;
+	struct GUID guid;
+	struct drsut_schemainfo_data *priv;
+
+	priv = talloc_zero(tctx, struct drsut_schemainfo_data);
+	torture_assert(tctx, priv, "Not enough memory!");
+
+	/* returned allocated pointer here
+	 * teardown() will be called even in case of failure,
+	 * so we'll get a changes to clean up  */
+	*_priv = priv;
+
+	/* create initial schemaInfo */
+	torture_assert(tctx,
+		       _drsut_schemainfo_new(tctx, SCHEMA_INFO_DEFAULT_STR, &priv->schema_info),
+		       "Failed to create schema_info test object");
+
+	/* create data to test with */
+	priv->test_data_count = ARRAY_SIZE(_schemainfo_test_data);
+	priv->test_data = talloc_array(tctx, struct schemainfo_data, priv->test_data_count);
+
+	for (i = 0; i < ARRAY_SIZE(_schemainfo_test_data); i++) {
+		struct schemainfo_data *data = &priv->test_data[i];
+
+		ndr_blob = strhex_to_data_blob(priv,
+		                               _schemainfo_test_data[i].schema_info_str);
+		torture_assert(tctx, ndr_blob.data, "Not enough memory!");
+
+		status = GUID_from_string(_schemainfo_test_data[i].guid_str, &guid);
+		torture_assert_ntstatus_ok(tctx, status,
+					   talloc_asprintf(tctx,
+					                   "GUID_from_string() failed for %s",
+					                   _schemainfo_test_data[i].guid_str));
+
+		data->ndr_blob           = ndr_blob;
+		data->schi.invocation_id = guid;
+		data->schi.revision      = _schemainfo_test_data[i].revision;
+		data->werr_expected      = _schemainfo_test_data[i].werr_expected;
+		data->test_both_ways     = _schemainfo_test_data[i].test_both_ways;
+
+	}
+
+	/* create temporary LDB and populate with data */
+	if (!_drsut_ldb_setup(tctx, priv)) {
+		return false;
+	}
+
+	/* create ldb_module mockup object */
+	priv->ldb_module = ldb_module_new(priv, priv->ldb, "schemaInfo_test_module", NULL);
+	torture_assert(tctx, priv->ldb_module, "Not enough memory!");
+
+	/* create schema mockup object */
+	priv->schema = dsdb_new_schema(priv);
+
+	/* set schema_info in dsdb_schema for testing */
+	torture_assert(tctx,
+		       _drsut_schemainfo_new(tctx, SCHEMA_INFO_DEFAULT_STR, &priv->schema->schema_info),
+		       "Failed to create schema_info test object");
+
+	/* pre-cache invocationId for samdb_ntds_invocation_id()
+	 * to work with our mock ldb */
+	ldb_err = ldb_set_opaque(priv->ldb, "cache.invocation_id",
+	                         &priv->schema_info->invocation_id);
+	torture_assert_int_equal(tctx, ldb_err, LDB_SUCCESS, "ldb_set_opaque() failed");
+
+	/* Perform all tests in transactions so that
+	 * underlying modify calls not to fail */
+	ldb_err = ldb_transaction_start(priv->ldb);
+	torture_assert_int_equal(tctx,
+				 ldb_err,
+				 LDB_SUCCESS,
+				 "ldb_transaction_start() failed");
+
+	return true;
+}
+
+static bool torture_drs_unit_schemainfo_teardown(struct torture_context *tctx,
+						 struct drsut_schemainfo_data *priv)
+{
+	int ldb_err;
+
+	/* commit pending transaction so we will
+	 * be able to check what LDB state is */
+	ldb_err = ldb_transaction_commit(priv->ldb);
+	if (ldb_err != LDB_SUCCESS) {
+		torture_comment(tctx, "ldb_transaction_commit() - %s (%s)",
+		                ldb_strerror(ldb_err),
+		                ldb_errstring(priv->ldb));
+	}
+
+	talloc_free(priv);
+
+	return true;
+}
+
+/**
+ * Test case initialization for
+ * drs.unit.schemaInfo
+ */
+struct torture_tcase * torture_drs_unit_schemainfo(struct torture_suite *suite)
+{
+	typedef bool (*pfn_setup)(struct torture_context *, void **);
+	typedef bool (*pfn_teardown)(struct torture_context *, void *);
+	typedef bool (*pfn_run)(struct torture_context *, void *);
+
+	struct torture_tcase * tc = torture_suite_add_tcase(suite, "schemaInfo");
+
+	torture_tcase_set_fixture(tc,
+				  (pfn_setup)torture_drs_unit_schemainfo_setup,
+				  (pfn_teardown)torture_drs_unit_schemainfo_teardown);
+
+	tc->description = talloc_strdup(tc, "Unit tests for DRSUAPI::schemaInfo implementation");
+
+	torture_tcase_add_simple_test(tc, "dsdb_schema_info_new",
+				      (pfn_run)test_dsdb_schema_info_new);
+	torture_tcase_add_simple_test(tc, "dsdb_schema_info_from_blob",
+				      (pfn_run)test_dsdb_schema_info_from_blob);
+	torture_tcase_add_simple_test(tc, "dsdb_blob_from_schema_info",
+				      (pfn_run)test_dsdb_blob_from_schema_info);
+	torture_tcase_add_simple_test(tc, "dsdb_schema_info_cmp",
+				      (pfn_run)test_dsdb_schema_info_cmp);
+	torture_tcase_add_simple_test(tc, "dsdb_module_schema_info_blob read|write",
+				      (pfn_run)test_dsdb_module_schema_info_blob_rw);
+	torture_tcase_add_simple_test(tc, "dsdb_module_schema_info_update",
+				      (pfn_run)test_dsdb_module_schema_info_update);
+
+
+	return tc;
+}
diff --git a/source4/torture/drs/wscript_build b/source4/torture/drs/wscript_build
new file mode 100644
index 0000000..0dc26d6
--- /dev/null
+++ b/source4/torture/drs/wscript_build
@@ -0,0 +1,12 @@
+#!/usr/bin/env python
+
+bld.SAMBA_MODULE('TORTURE_DRS',
+	source='drs_init.c drs_util.c unit/prefixmap_tests.c unit/schemainfo_tests.c rpc/dssync.c rpc/msds_intid.c',
+	autoproto='proto.h',
+	subsystem='smbtorture',
+	init_function='torture_drs_init',
+	deps='samba-util ldb samba-errors torture ldbsamba talloc dcerpc ndr NDR_DRSUAPI gensec samba-hostconfig RPC_NDR_DRSUAPI DSDB_MODULE_HELPERS asn1util samdb NDR_DRSBLOBS samba-credentials samdb-common LIBCLI_RESOLVE LP_RESOLVE torturemain',
+	internal_module=True,
+	enabled=bld.PYTHON_BUILD_IS_ENABLED()
+	)
+
diff --git a/source4/torture/gentest.c b/source4/torture/gentest.c
new file mode 100644
index 0000000..a832c59
--- /dev/null
+++ b/source4/torture/gentest.c
@@ -0,0 +1,3463 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   generic testing tool - version with both SMB and SMB2 support
+
+   Copyright (C) Andrew Tridgell 2003-2008
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/cmdline/cmdline.h"
+#include "lib/events/events.h"
+#include "system/time.h"
+#include "system/filesys.h"
+#include "libcli/raw/request.h"
+#include "libcli/libcli.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "librpc/gen_ndr/security.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "auth/credentials/credentials.h"
+#include "libcli/resolve/resolve.h"
+#include "auth/gensec/gensec.h"
+#include "param/param.h"
+#include "dynconfig/dynconfig.h"
+#include "libcli/security/security.h"
+#include "libcli/raw/raw_proto.h"
+#include "../libcli/smb/smbXcli_base.h"
+
+#define NSERVERS 2
+#define NINSTANCES 2
+
+/* global options */
+static struct gentest_options {
+	int showall;
+	int analyze;
+	int analyze_always;
+	int analyze_continuous;
+	unsigned int max_open_handles;
+	unsigned int seed;
+	unsigned int numops;
+	int use_oplocks;
+	char **ignore_patterns;
+	const char *seeds_file;
+	int use_preset_seeds;
+	int fast_reconnect;
+	int mask_indexing;
+	int no_eas;
+	int no_acls;
+	int skip_cleanup;
+	int valid;
+	int smb2;
+} options;
+
+/* mapping between open handles on the server and local handles */
+static struct {
+	bool active;
+	unsigned int instance;
+	struct smb2_handle smb2_handle[NSERVERS]; /* SMB2 */
+	uint16_t smb_handle[NSERVERS];            /* SMB */
+	const char *name;
+} *open_handles;
+static unsigned int num_open_handles;
+
+/* state information for the servers. We open NINSTANCES connections to
+   each server */
+static struct {
+	struct smb2_tree *smb2_tree[NINSTANCES];
+	struct smbcli_tree *smb_tree[NINSTANCES];
+	char *server_name;
+	char *share_name;
+	struct cli_credentials *credentials;
+} servers[NSERVERS];
+
+/* the seeds and flags for each operation */
+static struct {
+	unsigned int seed;
+	bool disabled;
+} *op_parms;
+
+
+/* oplock break info */
+static struct {
+	bool got_break;
+	struct smb2_handle smb2_handle;
+	uint16_t smb_handle;
+	uint16_t handle;
+	uint8_t level;
+	bool do_close;
+} oplocks[NSERVERS][NINSTANCES];
+
+/* change notify reply info */
+static struct {
+	int notify_count;
+	NTSTATUS status;
+	union smb_notify notify;
+} notifies[NSERVERS][NINSTANCES];
+
+/* info relevant to the current operation */
+static struct {
+	const char *name;
+	unsigned int seed;
+	NTSTATUS status;
+	unsigned int opnum;
+	TALLOC_CTX *mem_ctx;
+	const char *mismatch;
+} current_op;
+
+static struct smb2_handle bad_smb2_handle;
+
+
+#define BAD_HANDLE 0xFFFE
+
+static bool oplock_handler_smb2(struct smb2_transport *transport, const struct smb2_handle *handle,
+				uint8_t level, void *private_data);
+static void idle_func_smb2(struct smb2_transport *transport, void *private_data);
+static bool oplock_handler_smb(struct smbcli_transport *transport, uint16_t tid, uint16_t fnum, uint8_t level, void *private_data);
+static void idle_func_smb(struct smbcli_transport *transport, void *private_data);
+
+/*
+  check if a string should be ignored. This is used as the basis
+  for all error ignore settings
+*/
+static bool ignore_pattern(const char *str)
+{
+	int i;
+	if (!options.ignore_patterns) return false;
+
+	for (i=0;options.ignore_patterns[i];i++) {
+		if (strcmp(options.ignore_patterns[i], str) == 0 ||
+		    gen_fnmatch(options.ignore_patterns[i], str) == 0) {
+			DEBUG(2,("Ignoring '%s'\n", str));
+			return true;
+		}
+	}
+	return false;
+}
+
+/***************************************************** 
+connect to the servers
+*******************************************************/
+static bool connect_servers_fast(void)
+{
+	int h, i;
+
+	/* close all open files */
+	for (h=0;h<options.max_open_handles;h++) {
+		if (!open_handles[h].active) continue;
+		for (i=0;i<NSERVERS;i++) {
+			NTSTATUS status;
+			if (options.smb2) {
+				status = smb2_util_close(servers[i].smb2_tree[open_handles[h].instance],
+							 open_handles[h].smb2_handle[i]);
+			} else {
+				status = smbcli_close(servers[i].smb_tree[open_handles[h].instance],
+						      open_handles[h].smb_handle[i]);
+			}
+			if (NT_STATUS_IS_ERR(status)) {
+				return false;
+			}
+			open_handles[h].active = false;
+		}
+	}
+
+	return true;
+}
+
+
+
+
+/***************************************************** 
+connect to the servers
+*******************************************************/
+static bool connect_servers(struct tevent_context *ev,
+			    struct loadparm_context *lp_ctx)
+{
+	int i, j;
+
+	if (options.fast_reconnect && servers[0].smb2_tree[0]) {
+		if (connect_servers_fast()) {
+			return true;
+		}
+	}
+
+	/* close any existing connections */
+	for (i=0;i<NSERVERS;i++) {
+		for (j=0;j<NINSTANCES;j++) {
+			if (servers[i].smb2_tree[j]) {
+				smb2_tdis(servers[i].smb2_tree[j]);
+				talloc_free(servers[i].smb2_tree[j]);
+				servers[i].smb2_tree[j] = NULL;
+			}
+			if (servers[i].smb_tree[j]) {
+				smb_tree_disconnect(servers[i].smb_tree[j]);
+				talloc_free(servers[i].smb_tree[j]);
+				servers[i].smb_tree[j] = NULL;
+			}
+		}
+	}
+
+	for (i=0;i<NSERVERS;i++) {
+		for (j=0;j<NINSTANCES;j++) {
+			NTSTATUS status;
+			struct smbcli_options smb_options;
+			struct smbcli_session_options smb_session_options;
+			lpcfg_smbcli_options(lp_ctx, &smb_options);
+			lpcfg_smbcli_session_options(lp_ctx, &smb_session_options);
+
+			printf("Connecting to \\\\%s\\%s as %s - instance %d\n",
+			       servers[i].server_name, servers[i].share_name, 
+			       cli_credentials_get_username(servers[i].credentials),
+			       j);
+
+			cli_credentials_set_workstation(servers[i].credentials, 
+							"gentest", CRED_SPECIFIED);
+
+			if (options.smb2) {
+				status = smb2_connect(NULL, servers[i].server_name, 
+									  lpcfg_smb_ports(lp_ctx),
+						      servers[i].share_name,
+						      lpcfg_resolve_context(lp_ctx),
+						      servers[i].credentials,
+						      &servers[i].smb2_tree[j],
+						      ev, &smb_options,
+							  lpcfg_socket_options(lp_ctx),
+							  lpcfg_gensec_settings(lp_ctx, lp_ctx)
+							  );
+			} else {
+				status = smbcli_tree_full_connection(NULL,
+								     &servers[i].smb_tree[j], 
+								     servers[i].server_name, 
+								     lpcfg_smb_ports(lp_ctx),
+								     servers[i].share_name, "A:",
+									 lpcfg_socket_options(lp_ctx),
+								     servers[i].credentials,
+								     lpcfg_resolve_context(lp_ctx), ev,
+								     &smb_options,
+								     &smb_session_options,
+									 lpcfg_gensec_settings(lp_ctx, lp_ctx));
+			}
+			if (!NT_STATUS_IS_OK(status)) {
+				printf("Failed to connect to \\\\%s\\%s - %s\n",
+				       servers[i].server_name, servers[i].share_name,
+				       nt_errstr(status));
+				return false;
+			}
+
+			if (options.smb2) {
+				servers[i].smb2_tree[j]->session->transport->oplock.handler = oplock_handler_smb2;
+				servers[i].smb2_tree[j]->session->transport->oplock.private_data = (void *)(uintptr_t)((i<<8)|j);
+				smb2_transport_idle_handler(servers[i].smb2_tree[j]->session->transport, 
+							    idle_func_smb2, 50000, NULL);
+			} else {
+				smbcli_oplock_handler(servers[i].smb_tree[j]->session->transport, oplock_handler_smb, 
+						      (void *)(uintptr_t)((i<<8)|j));
+				smbcli_transport_idle_handler(servers[i].smb_tree[j]->session->transport, idle_func_smb, 
+							      50000, (void *)(uintptr_t)((i<<8)|j));
+			}
+		}
+	}
+
+	return true;
+}
+
+/*
+  work out the time skew between the servers - be conservative
+*/
+static unsigned int time_skew(void)
+{
+	unsigned int ret;
+	NTTIME nt0, nt1;
+
+	if (options.smb2) {
+		struct smbXcli_conn *c0, *c1;
+
+		c0 = servers[0].smb2_tree[0]->session->transport->conn;
+		c1 = servers[1].smb2_tree[0]->session->transport->conn;
+
+		nt0 = smbXcli_conn_server_system_time(c0);
+		nt1 = smbXcli_conn_server_system_time(c1);
+	} else {
+		nt0 = servers[0].smb_tree[0]->session->transport->negotiate.server_time;
+		nt1 = servers[1].smb_tree[0]->session->transport->negotiate.server_time;
+	}
+	/* Samba's NTTIME is unsigned, abs() won't work! */
+	if (nt0 > nt1){
+		ret = nt0 - nt1;
+	} else {
+		ret = nt1 - nt0;
+	}
+	return ret + 300;
+}
+
+
+static bool smb2_handle_equal(const struct smb2_handle *h1, const struct smb2_handle *h2)
+{
+	return memcmp(h1, h2, sizeof(struct smb2_handle)) == 0;
+}
+
+/*
+  turn a server handle into a local handle
+*/
+static unsigned int fnum_to_handle_smb2(int server, int instance, struct smb2_handle server_handle)
+{
+	unsigned int i;
+	for (i=0;i<options.max_open_handles;i++) {
+		if (!open_handles[i].active ||
+		    instance != open_handles[i].instance) continue;
+		if (smb2_handle_equal(&open_handles[i].smb2_handle[server], &server_handle)) {
+			return i;
+		}
+	}
+	printf("Invalid server handle in fnum_to_handle on server %d instance %d\n", 
+	       server, instance);
+	return BAD_HANDLE;
+}
+
+/*
+  turn a server handle into a local handle
+*/
+static unsigned int fnum_to_handle_smb(int server, int instance, uint16_t server_handle)
+{
+	unsigned int i;
+	for (i=0;i<options.max_open_handles;i++) {
+		if (!open_handles[i].active ||
+		    instance != open_handles[i].instance) continue;
+		if (open_handles[i].smb_handle[server] == server_handle) {
+			return i;
+		}
+	}
+	printf("Invalid server handle in fnum_to_handle on server %d instance %d\n", 
+	       server, instance);
+	return BAD_HANDLE;
+}
+
+/*
+  add some newly opened handles
+*/
+static void gen_add_handle_smb2(int instance, const char *name, struct smb2_handle handles[NSERVERS])
+{
+	int i, h;
+	for (h=0;h<options.max_open_handles;h++) {
+		if (!open_handles[h].active) break;
+	}
+	if (h == options.max_open_handles) {
+		/* we have to force close a random handle */
+		h = random() % options.max_open_handles;
+		for (i=0;i<NSERVERS;i++) {
+			NTSTATUS status;
+			status = smb2_util_close(servers[i].smb2_tree[open_handles[h].instance], 
+						 open_handles[h].smb2_handle[i]);
+			if (NT_STATUS_IS_ERR(status)) {
+				printf("INTERNAL ERROR: Close failed when recovering handle! - %s\n",
+				       nt_errstr(status));
+			}
+		}
+		printf("Recovered handle %d\n", h);
+		num_open_handles--;
+	}
+	for (i=0;i<NSERVERS;i++) {
+		open_handles[h].smb2_handle[i] = handles[i];
+		open_handles[h].instance = instance;
+		open_handles[h].active = true;
+		open_handles[h].name = name;
+	}
+	num_open_handles++;
+
+	printf("OPEN num_open_handles=%d h=%d (%s)\n", 
+	       num_open_handles, h, name);
+}
+
+/*
+  add some newly opened handles
+*/
+static void gen_add_handle_smb(int instance, const char *name, uint16_t handles[NSERVERS])
+{
+	int i, h;
+	for (h=0;h<options.max_open_handles;h++) {
+		if (!open_handles[h].active) break;
+	}
+	if (h == options.max_open_handles) {
+		/* we have to force close a random handle */
+		h = random() % options.max_open_handles;
+		for (i=0;i<NSERVERS;i++) {
+			NTSTATUS status;
+			status = smbcli_close(servers[i].smb_tree[open_handles[h].instance], 
+					      open_handles[h].smb_handle[i]);
+			if (NT_STATUS_IS_ERR(status)) {
+				printf("INTERNAL ERROR: Close failed when recovering handle! - %s\n",
+				       nt_errstr(status));
+			}
+		}
+		printf("Recovered handle %d\n", h);
+		num_open_handles--;
+	}
+	for (i=0;i<NSERVERS;i++) {
+		open_handles[h].smb_handle[i] = handles[i];
+		open_handles[h].instance = instance;
+		open_handles[h].active = true;
+		open_handles[h].name = name;
+	}
+	num_open_handles++;
+
+	printf("OPEN num_open_handles=%d h=%d (%s)\n", 
+	       num_open_handles, h, name);
+}
+
+
+/*
+  remove a closed handle
+*/
+static void gen_remove_handle_smb2(int instance, struct smb2_handle handles[NSERVERS])
+{
+	int h;
+	for (h=0;h<options.max_open_handles;h++) {
+		if (instance == open_handles[h].instance &&
+		    smb2_handle_equal(&open_handles[h].smb2_handle[0], &handles[0])) {
+			open_handles[h].active = false;			
+			num_open_handles--;
+			printf("CLOSE num_open_handles=%d h=%d (%s)\n", 
+			       num_open_handles, h, 
+			       open_handles[h].name);
+			return;
+		}
+	}
+	printf("Removing invalid handle!?\n");
+	exit(1);
+}
+
+/*
+  remove a closed handle
+*/
+static void gen_remove_handle_smb(int instance, uint16_t handles[NSERVERS])
+{
+	int h;
+	for (h=0;h<options.max_open_handles;h++) {
+		if (instance == open_handles[h].instance &&
+		    open_handles[h].smb_handle[0] == handles[0]) {
+			open_handles[h].active = false;			
+			num_open_handles--;
+			printf("CLOSE num_open_handles=%d h=%d (%s)\n", 
+			       num_open_handles, h, 
+			       open_handles[h].name);
+			return;
+		}
+	}
+	printf("Removing invalid handle!?\n");
+	exit(1);
+}
+
+/*
+  return true with 'chance' probability as a percentage
+*/
+static bool gen_chance(unsigned int chance)
+{
+	return ((random() % 100) <= chance);
+}
+
+/*
+  map an internal handle number to a server handle
+*/
+static struct smb2_handle gen_lookup_handle_smb2(int server, uint16_t handle)
+{
+	if (handle == BAD_HANDLE) return bad_smb2_handle;
+	return open_handles[handle].smb2_handle[server];
+}
+
+/*
+  map an internal handle number to a server handle
+*/
+static uint16_t gen_lookup_handle_smb(int server, uint16_t handle)
+{
+	if (handle == BAD_HANDLE) return BAD_HANDLE;
+	return open_handles[handle].smb_handle[server];
+}
+
+/*
+  return a file handle
+*/
+static uint16_t gen_fnum(int instance)
+{
+	uint16_t h;
+	int count = 0;
+
+	if (gen_chance(20)) return BAD_HANDLE;
+
+	while (num_open_handles > 0 && count++ < 10*options.max_open_handles) {
+		h = random() % options.max_open_handles;
+		if (open_handles[h].active && 
+		    open_handles[h].instance == instance) {
+			return h;
+		}
+	}
+	return BAD_HANDLE;
+}
+
+/*
+  return a file handle, but skewed so we don't close the last
+  couple of handles too readily
+*/
+static uint16_t gen_fnum_close(int instance)
+{
+	if (num_open_handles < 5) {
+		if (gen_chance(90)) return BAD_HANDLE;
+	}
+
+	return gen_fnum(instance);
+}
+
+/*
+  generate an integer in a specified range
+*/
+static int gen_int_range(uint64_t min, uint64_t max)
+{
+	unsigned int r = random();
+	return min + (r % (1+max-min));
+}
+
+/*
+  return a fnum for use as a root fid
+  be careful to call GEN_SET_FNUM() when you use this!
+*/
+static uint16_t gen_root_fid(int instance)
+{
+	if (gen_chance(5)) return gen_fnum(instance);
+	return 0;
+}
+
+/*
+  generate a file offset
+*/
+static int gen_offset(void)
+{
+	if (gen_chance(20)) return 0;
+//	if (gen_chance(5)) return gen_int_range(0, 0xFFFFFFFF);
+	return gen_int_range(0, 1024*1024);
+}
+
+/*
+  generate a io count
+*/
+static int gen_io_count(void)
+{
+	if (gen_chance(20)) return 0;
+//	if (gen_chance(5)) return gen_int_range(0, 0xFFFFFFFF);
+	return gen_int_range(0, 4096);
+}
+
+/*
+  generate a filename
+*/
+static const char *gen_fname(void)
+{
+	const char *names[] = {"gentest\\gentest.dat", 
+			       "gentest\\foo", 
+			       "gentest\\foo2.sym", 
+			       "gentest\\foo3.dll", 
+			       "gentest\\foo4", 
+			       "gentest\\foo4:teststream1", 
+			       "gentest\\foo4:teststream2", 
+			       "gentest\\foo5.exe", 
+			       "gentest\\foo5.exe:teststream3", 
+			       "gentest\\foo5.exe:teststream4", 
+			       "gentest\\foo6.com", 
+			       "gentest\\blah", 
+			       "gentest\\blah\\blergh.txt", 
+			       "gentest\\blah\\blergh2", 
+			       "gentest\\blah\\blergh3.txt", 
+			       "gentest\\blah\\blergh4", 
+			       "gentest\\blah\\blergh5.txt", 
+			       "gentest\\blah\\blergh5", 
+			       "gentest\\blah\\.", 
+			       "gentest\\blah\\..", 
+			       "gentest\\a_very_long_name.bin", 
+			       "gentest\\x.y", 
+			       "gentest\\blah"};
+	int i;
+
+	do {
+		i = gen_int_range(0, ARRAY_SIZE(names)-1);
+	} while (ignore_pattern(names[i]));
+
+	return names[i];
+}
+
+/*
+  generate a filename with a higher chance of choosing an already 
+  open file
+*/
+static const char *gen_fname_open(int instance)
+{
+	uint16_t h;
+	h = gen_fnum(instance);
+	if (h == BAD_HANDLE) {
+		return gen_fname();
+	}
+	return open_handles[h].name;
+}
+
+/*
+  generate a wildcard pattern
+*/
+static const char *gen_pattern(void)
+{
+	int i;
+	const char *names[] = {"gentest\\*.dat", 
+			       "gentest\\*", 
+			       "gentest\\*.*", 
+			       "gentest\\blah\\*.*", 
+			       "gentest\\blah\\*", 
+			       "gentest\\?"};
+
+	if (gen_chance(50)) return gen_fname();
+
+	do {
+		i = gen_int_range(0, ARRAY_SIZE(names)-1);
+	} while (ignore_pattern(names[i]));
+
+	return names[i];
+}
+
+static uint32_t gen_bits_levels(int nlevels, ...)
+{
+	va_list ap;
+	uint32_t pct;
+	uint32_t mask;
+	int i;
+	va_start(ap, nlevels);
+	for (i=0;i<nlevels;i++) {
+		pct = va_arg(ap, uint32_t);
+		mask = va_arg(ap, uint32_t);
+		if (pct == 100 || gen_chance(pct)) {
+			va_end(ap);
+			return mask & random();
+		}
+	}
+	va_end(ap);
+	return 0;
+}
+
+/*
+  generate a bitmask
+*/
+static uint32_t gen_bits_mask(unsigned int mask)
+{
+	unsigned int ret = random();
+	return ret & mask;
+}
+
+/*
+  generate a bitmask with high probability of the first mask
+  and low of the second
+*/
+static uint32_t gen_bits_mask2(uint32_t mask1, uint32_t mask2)
+{
+	if (!options.valid && gen_chance(10)) return gen_bits_mask(mask2);
+	return gen_bits_mask(mask1);
+}
+
+/*
+  generate reserved values
+ */
+static uint64_t gen_reserved8(void)
+{
+	if (options.valid) return 0;
+	return gen_bits_mask(0xFF);
+}
+
+static uint64_t gen_reserved16(void)
+{
+	if (options.valid) return 0;
+	return gen_bits_mask(0xFFFF);
+}
+
+static uint64_t gen_reserved32(void)
+{
+	if (options.valid) return 0;
+	return gen_bits_mask(0xFFFFFFFF);
+}
+
+static uint64_t gen_reserved64(void)
+{
+	if (options.valid) return 0;
+	return gen_bits_mask(0xFFFFFFFF) | (((uint64_t)gen_bits_mask(0xFFFFFFFF))<<32);
+}
+
+
+
+/*
+  generate a boolean
+*/
+static bool gen_bool(void)
+{
+	return gen_bits_mask2(0x1, 0xFF);
+}
+
+/*
+  generate ntrename flags
+*/
+static uint16_t gen_rename_flags(void)
+{
+	if (gen_chance(30)) return RENAME_FLAG_RENAME;
+	if (gen_chance(30)) return RENAME_FLAG_HARD_LINK;
+	if (gen_chance(30)) return RENAME_FLAG_COPY;
+	return gen_bits_mask(0xFFFF);
+}
+
+/*
+  generate a pid 
+*/
+static uint16_t gen_pid(void)
+{
+	if (gen_chance(10)) return gen_bits_mask(0xFFFF);
+	return getpid();
+}
+
+/*
+  return a set of lock flags
+*/
+static uint16_t gen_lock_flags_smb2(void)
+{
+	if (!options.valid && gen_chance(5))  return gen_bits_mask(0xFFFF);
+	if (gen_chance(20)) return gen_bits_mask(0x1F);
+	if (gen_chance(50)) return SMB2_LOCK_FLAG_UNLOCK;
+	return gen_bits_mask(SMB2_LOCK_FLAG_SHARED | 
+			     SMB2_LOCK_FLAG_EXCLUSIVE | 
+			     SMB2_LOCK_FLAG_FAIL_IMMEDIATELY);
+}
+
+/*
+  generate a lock count
+*/
+static off_t gen_lock_count(void)
+{
+	return gen_int_range(0, 3);
+}
+
+/*
+  generate a NT access mask
+*/
+static uint32_t gen_access_mask(void)
+{
+	uint32_t ret;
+	if (gen_chance(70)) return SEC_FLAG_MAXIMUM_ALLOWED;
+	if (gen_chance(70)) return SEC_FILE_ALL;
+	ret = gen_bits_mask(0xFFFFFFFF);
+	if (options.valid) ret &= ~SEC_MASK_INVALID;
+	return ret;
+}
+
+/*
+  return a lockingx lock mode
+*/
+static uint16_t gen_lock_mode(void)
+{
+	if (!options.valid && gen_chance(5))  return gen_bits_mask(0xFFFF);
+	if (gen_chance(20)) return gen_bits_mask(0x1F);
+	return gen_bits_mask(LOCKING_ANDX_SHARED_LOCK | LOCKING_ANDX_LARGE_FILES);
+}
+
+/*
+  generate a ntcreatex flags field
+*/
+static uint32_t gen_ntcreatex_flags(void)
+{
+	if (gen_chance(70)) return NTCREATEX_FLAGS_EXTENDED;
+	return gen_bits_mask2(0x1F, 0xFFFFFFFF);
+}
+
+/*
+  generate a ntcreatex create options bitfield
+*/
+static uint32_t gen_create_options(void)
+{
+	if (!options.valid && gen_chance(20)) return gen_bits_mask(0xFFFFFFFF);
+	if (gen_chance(50)) return 0;
+	return gen_bits_mask(NTCREATEX_OPTIONS_DELETE_ON_CLOSE | NTCREATEX_OPTIONS_DIRECTORY);
+}
+
+/*
+  generate a ntcreatex open disposition
+*/
+static uint32_t gen_open_disp(void)
+{
+	if (gen_chance(50)) return NTCREATEX_DISP_OPEN_IF;
+	if (!options.valid && gen_chance(10)) return gen_bits_mask(0xFFFFFFFF);
+	return gen_int_range(0, 5);
+}
+
+/*
+  generate an openx open mode
+*/
+static uint16_t gen_openx_mode(void)
+{
+	if (!options.valid && gen_chance(20)) return gen_bits_mask(0xFFFF);
+	if (gen_chance(20)) return gen_bits_mask(0xFF);
+	return OPENX_MODE_DENY_NONE | gen_bits_mask(0x3);
+}
+
+/*
+  generate an openx flags field
+*/
+static uint16_t gen_openx_flags(void)
+{
+	if (!options.valid && gen_chance(20)) return gen_bits_mask(0xFFFF);
+	return gen_bits_mask(0x7);
+}
+
+/*
+  generate an openx open function
+*/
+static uint16_t gen_openx_func(void)
+{
+	if (!options.valid && gen_chance(20)) return gen_bits_mask(0xFFFF);
+	return gen_bits_mask(0x13);
+}
+
+/*
+  generate a file attrib combination
+*/
+static uint32_t gen_attrib(void)
+{
+	uint32_t ret;
+	if (gen_chance(20)) {
+		ret = gen_bits_mask(0xFFFFFFFF);
+		if (options.valid) ret &= FILE_ATTRIBUTE_ALL_MASK;
+		return ret;
+	}
+	return gen_bits_mask(FILE_ATTRIBUTE_NORMAL | FILE_ATTRIBUTE_DIRECTORY);
+}
+
+/*
+  generate a unix timestamp
+*/
+static time_t gen_timet(void)
+{
+	if (gen_chance(30)) return 0;
+	return (time_t)random();
+}
+
+/*
+  generate a milliseconds protocol timeout
+*/
+static uint32_t gen_timeout(void)
+{
+	if (gen_chance(98)) return 0;
+	return random() % 50;
+}
+
+/*
+  generate a timestamp
+*/
+static NTTIME gen_nttime(void)
+{
+	NTTIME ret;
+	unix_to_nt_time(&ret, gen_timet());
+	return ret;
+}
+
+/*
+  generate a timewarp value
+*/
+static NTTIME gen_timewarp(void)
+{
+	NTTIME ret = gen_nttime();
+	if (gen_chance(98)) ret = 0;
+	return ret;
+}
+
+/*
+  generate a file allocation size
+*/
+static unsigned int gen_alloc_size(void)
+{
+	unsigned int ret;
+
+	if (gen_chance(30)) return 0;
+
+	ret = random() % 4*1024*1024;
+	/* give a high chance of a round number */
+	if (gen_chance(60)) {
+		ret &= ~(1024*1024 - 1);
+	}
+	return ret;
+}
+
+/*
+  generate an ea_struct
+*/
+static struct ea_struct gen_ea_struct(void)
+{
+	struct ea_struct ea;
+	const char *names[] = {"EAONE", 
+			       "", 
+			       "FOO!", 
+			       " WITH SPACES ", 
+			       ".", 
+			       "AVERYLONGATTRIBUTENAME"};
+	const char *values[] = {"VALUE1", 
+			       "", 
+			       "NOT MUCH FOO", 
+			       " LEADING SPACES ", 
+			       ":", 
+			       "ASOMEWHATLONGERATTRIBUTEVALUE"};
+	int i;
+
+	ZERO_STRUCT(ea);
+
+	do {
+		i = gen_int_range(0, ARRAY_SIZE(names)-1);
+	} while (ignore_pattern(names[i]));
+
+	ea.name.s = names[i];
+
+	do {
+		i = gen_int_range(0, ARRAY_SIZE(values)-1);
+	} while (ignore_pattern(values[i]));
+
+	ea.value = data_blob(values[i], strlen(values[i]));
+
+	if (gen_chance(10)) ea.flags = gen_bits_mask(0xFF);
+	ea.flags = 0;
+
+	return ea;
+}
+
+/*
+  generate an ea_struct
+*/
+static struct smb_ea_list gen_ea_list(void)
+{
+	struct smb_ea_list eas;
+	int i;
+	if (options.no_eas) {
+		ZERO_STRUCT(eas);
+		return eas;
+	}
+	eas.num_eas = gen_int_range(0, 3);
+	eas.eas = talloc_array(current_op.mem_ctx, struct ea_struct, eas.num_eas);
+	for (i=0;i<eas.num_eas;i++) {
+		eas.eas[i] = gen_ea_struct();
+	}
+	return eas;
+}
+
+/* generate a security descriptor */
+static struct security_descriptor *gen_sec_desc(void)
+{
+	struct security_descriptor *sd;
+	if (options.no_acls || gen_chance(90)) return NULL;
+
+	sd = security_descriptor_dacl_create(current_op.mem_ctx,
+					     0, NULL, NULL,
+					     NULL,
+					     SEC_ACE_TYPE_ACCESS_ALLOWED,
+					     SEC_FILE_WRITE_DATA | SEC_STD_WRITE_DAC,
+					     SEC_ACE_FLAG_OBJECT_INHERIT,
+					     SID_WORLD,
+					     SEC_ACE_TYPE_ACCESS_ALLOWED,
+					     SEC_FILE_ALL | SEC_STD_ALL,
+					     0,
+					     NULL);
+	return sd;
+}
+
+
+static void oplock_handler_close_recv_smb(struct smbcli_request *req)
+{
+	NTSTATUS status;
+	status = smbcli_request_simple_recv(req);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("close failed in oplock_handler\n");
+		smb_panic("close failed in oplock_handler");
+	}
+}
+
+/*
+  the oplock handler will either ack the break or close the file
+*/
+static bool oplock_handler_smb(struct smbcli_transport *transport, uint16_t tid, uint16_t fnum, uint8_t level, void *private_data)
+{
+	union smb_close io;
+	int i, j;
+	bool do_close;
+	struct smbcli_tree *tree = NULL;
+	struct smbcli_request *req;
+
+	srandom(current_op.seed);
+	do_close = gen_chance(50);
+
+	for (i=0;i<NSERVERS;i++) {
+		for (j=0;j<NINSTANCES;j++) {
+			if (transport == servers[i].smb_tree[j]->session->transport &&
+			    tid == servers[i].smb_tree[j]->tid) {
+				oplocks[i][j].got_break = true;
+				oplocks[i][j].smb_handle = fnum;
+				oplocks[i][j].handle = fnum_to_handle_smb(i, j, fnum);
+				oplocks[i][j].level = level;
+				oplocks[i][j].do_close = do_close;
+				tree = servers[i].smb_tree[j];
+			}
+		}
+	}
+
+	if (!tree) {
+		printf("Oplock break not for one of our trees!?\n");
+		return false;
+	}
+
+	if (!do_close) {
+		printf("oplock ack fnum=%d\n", fnum);
+		return smbcli_oplock_ack(tree, fnum, level);
+	}
+
+	printf("oplock close fnum=%d\n", fnum);
+
+	io.close.level = RAW_CLOSE_CLOSE;
+	io.close.in.file.fnum = fnum;
+	io.close.in.write_time = 0;
+	req = smb_raw_close_send(tree, &io);
+
+	if (req == NULL) {
+		printf("WARNING: close failed in oplock_handler_close\n");
+		return false;
+	}
+
+	req->async.fn = oplock_handler_close_recv_smb;
+	req->async.private_data = NULL;
+
+	return true;
+}
+
+
+/*
+  the idle function tries to cope with getting an oplock break on a connection, and
+  an operation on another connection blocking until that break is acked
+  we check for operations on all transports in the idle function
+*/
+static void idle_func_smb(struct smbcli_transport *transport, void *private_data)
+{
+	int i, j;
+	for (i=0;i<NSERVERS;i++) {
+		for (j=0;j<NINSTANCES;j++) {
+			if (servers[i].smb_tree[j] &&
+			    transport != servers[i].smb_tree[j]->session->transport) {
+				smbcli_transport_process(servers[i].smb_tree[j]->session->transport);
+			}
+		}
+	}
+
+}
+
+static void oplock_handler_close_recv_smb2(struct smb2_request *req)
+{
+	NTSTATUS status;
+	struct smb2_close io;
+	status = smb2_close_recv(req, &io);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("close failed in oplock_handler\n");
+		smb_panic("close failed in oplock_handler");
+	}
+}
+
+static void oplock_handler_ack_callback_smb2(struct smb2_request *req)
+{
+	NTSTATUS status;
+	struct smb2_break br;
+
+	status = smb2_break_recv(req, &br);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("oplock break ack failed in oplock_handler\n");
+		smb_panic("oplock break ack failed in oplock_handler");
+	}
+}
+
+static bool send_oplock_ack_smb2(struct smb2_tree *tree, struct smb2_handle handle, 
+				 uint8_t level)
+{
+	struct smb2_break br;
+	struct smb2_request *req;
+
+	ZERO_STRUCT(br);
+	br.in.file.handle	= handle;
+	br.in.oplock_level	= level;
+	br.in.reserved	        = gen_reserved8();
+	br.in.reserved2	        = gen_reserved32();
+
+	req = smb2_break_send(tree, &br);
+	if (req == NULL) return false;
+	req->async.fn = oplock_handler_ack_callback_smb2;
+	req->async.private_data = NULL;
+	return true;
+}
+
+/*
+  the oplock handler will either ack the break or close the file
+*/
+static bool oplock_handler_smb2(struct smb2_transport *transport, const struct smb2_handle *handle, 
+				uint8_t level, void *private_data)
+{
+	struct smb2_close io;
+	unsigned i, j;
+	bool do_close;
+	struct smb2_tree *tree = NULL;
+	struct smb2_request *req;
+
+	srandom(current_op.seed);
+	do_close = gen_chance(50);
+
+	i = ((uintptr_t)private_data) >> 8;
+	j = ((uintptr_t)private_data) & 0xFF;
+
+	if (i >= NSERVERS || j >= NINSTANCES) {
+		printf("Bad private_data in oplock_handler\n");
+		return false;
+	}
+
+	oplocks[i][j].got_break = true;
+	oplocks[i][j].smb2_handle = *handle;
+	oplocks[i][j].handle = fnum_to_handle_smb2(i, j, *handle);
+	oplocks[i][j].level = level;
+	oplocks[i][j].do_close = do_close;
+	tree = talloc_get_type(servers[i].smb2_tree[j], struct smb2_tree);
+
+	if (!tree) {
+		printf("Oplock break not for one of our trees!?\n");
+		return false;
+	}
+
+	if (!do_close) {
+		printf("oplock ack handle=%d\n", oplocks[i][j].handle);
+		return send_oplock_ack_smb2(tree, *handle, level);
+	}
+
+	printf("oplock close fnum=%d\n", oplocks[i][j].handle);
+
+	ZERO_STRUCT(io);
+	io.in.file.handle = *handle;
+	io.in.flags = 0;
+	req = smb2_close_send(tree, &io);
+
+	if (req == NULL) {
+		printf("WARNING: close failed in oplock_handler_close\n");
+		return false;
+	}
+
+	req->async.fn = oplock_handler_close_recv_smb2;
+	req->async.private_data = NULL;
+
+	return true;
+}
+
+
+/*
+  the idle function tries to cope with getting an oplock break on a connection, and
+  an operation on another connection blocking until that break is acked
+  we check for operations on all transports in the idle function
+*/
+static void idle_func_smb2(struct smb2_transport *transport, void *private_data)
+{
+	int i, j;
+	for (i=0;i<NSERVERS;i++) {
+		for (j=0;j<NINSTANCES;j++) {
+			if (servers[i].smb2_tree[j] &&
+			    transport != servers[i].smb2_tree[j]->session->transport) {
+				// smb2_transport_process(servers[i].smb2_tree[j]->session->transport);
+			}
+		}
+	}
+
+}
+
+
+/*
+  compare NTSTATUS, using checking ignored patterns
+*/
+static bool compare_status(NTSTATUS status1, NTSTATUS status2)
+{
+	char *s;
+
+	if (NT_STATUS_EQUAL(status1, status2)) return true;
+
+	/* one code being an error and the other OK is always an error */
+	if (NT_STATUS_IS_OK(status1) || NT_STATUS_IS_OK(status2)) {
+		current_op.mismatch = nt_errstr(status1);
+		return false;
+	}
+
+	/* if we are ignoring one of the status codes then consider this a match */
+	if (ignore_pattern(nt_errstr(status1)) ||
+	    ignore_pattern(nt_errstr(status2))) {
+		return true;
+	}
+
+	/* also support ignore patterns of the form NT_STATUS_XX:NT_STATUS_YY
+	   meaning that the first server returns NT_STATUS_XX and the 2nd
+	   returns NT_STATUS_YY */
+	s = talloc_asprintf(current_op.mem_ctx, "%s:%s", 
+			    nt_errstr(status1), 
+			    nt_errstr(status2));
+	if (ignore_pattern(s)) {
+		return true;
+	}
+
+	current_op.mismatch = nt_errstr(status1);
+	return false;
+}
+
+/*
+  check for pending packets on all connections
+*/
+static void check_pending(void)
+{
+	int i, j;
+
+	smb_msleep(20);
+
+	for (j=0;j<NINSTANCES;j++) {
+		for (i=0;i<NSERVERS;i++) {
+			// smb2_transport_process(servers[i].smb2_tree[j]->session->transport);
+		}
+	}	
+}
+
+/*
+  check that the same oplock breaks have been received by all instances
+*/
+static bool check_oplocks(const char *call)
+{
+	int i, j;
+	int tries = 0;
+
+	if (!options.use_oplocks || options.smb2) {
+		/* no smb2 oplocks in gentest yet */
+		return true;
+	}
+
+again:
+	check_pending();
+
+	for (j=0;j<NINSTANCES;j++) {
+		for (i=1;i<NSERVERS;i++) {
+			if (oplocks[0][j].got_break != oplocks[i][j].got_break ||
+			    oplocks[0][j].handle != oplocks[i][j].handle ||
+			    oplocks[0][j].level != oplocks[i][j].level) {
+				if (tries++ < 10) goto again;
+				printf("oplock break inconsistent - %d/%d/%d vs %d/%d/%d\n",
+				       oplocks[0][j].got_break, 
+				       oplocks[0][j].handle, 
+				       oplocks[0][j].level, 
+				       oplocks[i][j].got_break, 
+				       oplocks[i][j].handle, 
+				       oplocks[i][j].level);
+				current_op.mismatch = "oplock break";
+				return false;
+			}
+		}
+	}
+
+	/* if we got a break and closed then remove the handle */
+	for (j=0;j<NINSTANCES;j++) {
+		if (oplocks[0][j].got_break &&
+		    oplocks[0][j].do_close) {
+			uint16_t fnums[NSERVERS];
+			for (i=0;i<NSERVERS;i++) {
+				fnums[i] = oplocks[i][j].smb_handle;
+			}
+			gen_remove_handle_smb(j, fnums);
+			break;
+		}
+	}	
+	return true;
+}
+
+
+/*
+  check that the same change notify info has been received by all instances
+*/
+static bool check_notifies(const char *call)
+{
+	int i, j;
+	int tries = 0;
+
+	if (options.smb2) {
+		/* no smb2 notifies in gentest yet */
+		return true;
+	}
+
+again:
+	check_pending();
+
+	for (j=0;j<NINSTANCES;j++) {
+		for (i=1;i<NSERVERS;i++) {
+			int n;
+			union smb_notify not1, not2;
+
+			if (notifies[0][j].notify_count != notifies[i][j].notify_count) {
+				if (tries++ < 10) goto again;
+				printf("Notify count inconsistent %d %d\n",
+				       notifies[0][j].notify_count,
+				       notifies[i][j].notify_count);
+				current_op.mismatch = "notify count";
+				return false;
+			}
+
+			if (notifies[0][j].notify_count == 0) continue;
+
+			if (!NT_STATUS_EQUAL(notifies[0][j].status,
+					     notifies[i][j].status)) {
+				printf("Notify status mismatch - %s - %s\n",
+				       nt_errstr(notifies[0][j].status),
+				       nt_errstr(notifies[i][j].status));
+				current_op.mismatch = "Notify status";
+				return false;
+			}
+
+			if (!NT_STATUS_IS_OK(notifies[0][j].status)) {
+				continue;
+			}
+
+			not1 = notifies[0][j].notify;
+			not2 = notifies[i][j].notify;
+
+			for (n=0;n<not1.nttrans.out.num_changes;n++) {
+				if (not1.nttrans.out.changes[n].action != 
+				    not2.nttrans.out.changes[n].action) {
+					printf("Notify action %d inconsistent %d %d\n", n,
+					       not1.nttrans.out.changes[n].action,
+					       not2.nttrans.out.changes[n].action);
+					current_op.mismatch = "notify action";
+					return false;
+				}
+				if (strcmp(not1.nttrans.out.changes[n].name.s,
+					   not2.nttrans.out.changes[n].name.s)) {
+					printf("Notify name %d inconsistent %s %s\n", n,
+					       not1.nttrans.out.changes[n].name.s,
+					       not2.nttrans.out.changes[n].name.s);
+					current_op.mismatch = "notify name";
+					return false;
+				}
+				if (not1.nttrans.out.changes[n].name.private_length !=
+				    not2.nttrans.out.changes[n].name.private_length) {
+					printf("Notify name length %d inconsistent %d %d\n", n,
+					       not1.nttrans.out.changes[n].name.private_length,
+					       not2.nttrans.out.changes[n].name.private_length);
+					current_op.mismatch = "notify name length";
+					return false;
+				}
+			}
+		}
+	}
+
+	ZERO_STRUCT(notifies);
+
+	return true;
+}
+
+#define GEN_COPY_PARM do { \
+	int i; \
+	for (i=1;i<NSERVERS;i++) { \
+		parm[i] = parm[0]; \
+	} \
+} while (0)
+
+#define GEN_CALL(call, treetype, treefield) do {		\
+	int i; \
+	ZERO_STRUCT(oplocks); \
+	ZERO_STRUCT(notifies); \
+	for (i=0;i<NSERVERS;i++) { \
+		struct treetype *tree = servers[i].treefield[instance]; \
+		status[i] = call; \
+	} \
+	current_op.status = status[0]; \
+	for (i=1;i<NSERVERS;i++) { \
+		if (!compare_status(status[0], status[1])) { \
+			printf("status different in %s - %s %s\n", #call, \
+			       nt_errstr(status[0]), nt_errstr(status[i])); \
+			current_op.mismatch = nt_errstr(status[0]); \
+			return false; \
+		} \
+	} \
+	if (!check_oplocks(#call)) return false;	\
+	if (!check_notifies(#call)) return false;	\
+	if (!NT_STATUS_IS_OK(status[0])) { \
+		return true; \
+	} \
+} while(0)
+
+#define GEN_CALL_SMB(call) GEN_CALL(call, smbcli_tree, smb_tree)
+#define GEN_CALL_SMB2(call) GEN_CALL(call, smb2_tree, smb2_tree)
+
+#define ADD_HANDLE_SMB2(name, field) do { \
+	struct smb2_handle handles[NSERVERS]; \
+	int i; \
+	for (i=0;i<NSERVERS;i++) { \
+		handles[i] = parm[i].field; \
+	} \
+	gen_add_handle_smb2(instance, name, handles); \
+} while(0)
+
+#define REMOVE_HANDLE_SMB2(field) do { \
+	struct smb2_handle handles[NSERVERS]; \
+	int i; \
+	for (i=0;i<NSERVERS;i++) { \
+		handles[i] = parm[i].field; \
+	} \
+	gen_remove_handle_smb2(instance, handles); \
+} while(0)
+
+#define ADD_HANDLE_SMB(name, field) do { \
+	uint16_t handles[NSERVERS]; \
+	int i; \
+	for (i=0;i<NSERVERS;i++) { \
+		handles[i] = parm[i].field; \
+	} \
+	gen_add_handle_smb(instance, name, handles); \
+} while(0)
+
+#define REMOVE_HANDLE_SMB(field) do { \
+	uint16_t handles[NSERVERS]; \
+	int i; \
+	for (i=0;i<NSERVERS;i++) { \
+		handles[i] = parm[i].field; \
+	} \
+	gen_remove_handle_smb(instance, handles); \
+} while(0)
+
+#define GEN_SET_FNUM_SMB2(field) do { \
+	int i; \
+	for (i=0;i<NSERVERS;i++) { \
+		parm[i].field = gen_lookup_handle_smb2(i, parm[i].field.data[0]); \
+	} \
+} while(0)
+
+#define GEN_SET_FNUM_SMB(field) do { \
+	int i; \
+	for (i=0;i<NSERVERS;i++) { \
+		parm[i].field = gen_lookup_handle_smb(i, parm[i].field); \
+	} \
+} while(0)
+
+#define CHECK_EQUAL(field) do { \
+	if (parm[0].field != parm[1].field && !ignore_pattern(#field)) { \
+		current_op.mismatch = #field; \
+		printf("Mismatch in %s - 0x%llx 0x%llx\n", #field, \
+		       (unsigned long long)parm[0].field, (unsigned long long)parm[1].field); \
+		return false; \
+	} \
+} while(0)
+
+#define CHECK_SECDESC(field) do { \
+	if (!security_acl_equal(parm[0].field->dacl, parm[1].field->dacl) && !ignore_pattern(#field)) { \
+		current_op.mismatch = #field; \
+		printf("Mismatch in %s\n", #field); \
+		return false;			    \
+	} \
+} while(0)
+
+#define CHECK_ATTRIB(field) do { \
+		if (!options.mask_indexing) { \
+		CHECK_EQUAL(field); \
+	} else if ((~FILE_ATTRIBUTE_NONINDEXED & parm[0].field) != (~FILE_ATTRIBUTE_NONINDEXED & parm[1].field) && !ignore_pattern(#field)) { \
+		current_op.mismatch = #field; \
+		printf("Mismatch in %s - 0x%x 0x%x\n", #field, \
+		       (int)parm[0].field, (int)parm[1].field); \
+		return false; \
+	} \
+} while(0)
+
+#define CHECK_WSTR_EQUAL(field) do { \
+	if ((!parm[0].field.s && parm[1].field.s) || (parm[0].field.s && !parm[1].field.s)) { \
+		current_op.mismatch = #field; \
+		printf("%s is NULL!\n", #field); \
+		return false; \
+	} \
+	if (parm[0].field.s && strcmp(parm[0].field.s, parm[1].field.s) != 0 && !ignore_pattern(#field)) { \
+		current_op.mismatch = #field; \
+		printf("Mismatch in %s - %s %s\n", #field, \
+		       parm[0].field.s, parm[1].field.s); \
+		return false; \
+	} \
+	CHECK_EQUAL(field.private_length); \
+} while(0)
+
+#define CHECK_BLOB_EQUAL(field) do { \
+	if (((parm[0].field.data == NULL && parm[1].field.data != NULL) || \
+	    (parm[1].field.data == NULL && parm[0].field.data != NULL) || \
+	    (memcmp(parm[0].field.data, parm[1].field.data, parm[0].field.length) != 0)) && !ignore_pattern(#field)) { \
+		current_op.mismatch = #field; \
+		printf("Mismatch in %s\n", #field); \
+		return false; \
+	} \
+	CHECK_EQUAL(field.length); \
+} while(0)
+
+#define CHECK_TIMES_EQUAL(field) do { \
+	if (labs(parm[0].field - parm[1].field) > time_skew() && \
+	    !ignore_pattern(#field)) { \
+		current_op.mismatch = #field; \
+		printf("Mismatch in %s - 0x%x 0x%x\n", #field, \
+		       (int)parm[0].field, (int)parm[1].field); \
+		return false; \
+	} \
+} while(0)
+
+#define CHECK_NTTIMES_EQUAL(field) do { \
+	if (labs(nt_time_to_unix(parm[0].field) - \
+		nt_time_to_unix(parm[1].field)) > time_skew() && \
+	    !ignore_pattern(#field)) { \
+		current_op.mismatch = #field; \
+		printf("Mismatch in %s - 0x%x 0x%x\n", #field, \
+		       (int)nt_time_to_unix(parm[0].field), \
+		       (int)nt_time_to_unix(parm[1].field)); \
+		return false; \
+	} \
+} while(0)
+
+
+/*
+  compare returned fileinfo structures
+*/
+static bool cmp_fileinfo(int instance, 
+			 union smb_fileinfo parm[NSERVERS],
+			 NTSTATUS status[NSERVERS])
+{
+	int i;
+	enum smb_fileinfo_level level = parm[0].generic.level;
+
+	if (level == RAW_FILEINFO_ALL_INFORMATION &&
+	    options.smb2) {
+		level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+	}
+
+	switch (level) {
+	case RAW_FILEINFO_GENERIC:
+		return false;
+
+	case RAW_FILEINFO_GETATTR:
+		CHECK_ATTRIB(getattr.out.attrib);
+		CHECK_EQUAL(getattr.out.size);
+		CHECK_TIMES_EQUAL(getattr.out.write_time);
+		break;
+
+	case RAW_FILEINFO_GETATTRE:
+		CHECK_TIMES_EQUAL(getattre.out.create_time);
+		CHECK_TIMES_EQUAL(getattre.out.access_time);
+		CHECK_TIMES_EQUAL(getattre.out.write_time);
+		CHECK_EQUAL(getattre.out.size);
+		CHECK_EQUAL(getattre.out.alloc_size);
+		CHECK_ATTRIB(getattre.out.attrib);
+		break;
+
+	case RAW_FILEINFO_STANDARD:
+		CHECK_TIMES_EQUAL(standard.out.create_time);
+		CHECK_TIMES_EQUAL(standard.out.access_time);
+		CHECK_TIMES_EQUAL(standard.out.write_time);
+		CHECK_EQUAL(standard.out.size);
+		CHECK_EQUAL(standard.out.alloc_size);
+		CHECK_ATTRIB(standard.out.attrib);
+		break;
+
+	case RAW_FILEINFO_EA_SIZE:
+		CHECK_TIMES_EQUAL(ea_size.out.create_time);
+		CHECK_TIMES_EQUAL(ea_size.out.access_time);
+		CHECK_TIMES_EQUAL(ea_size.out.write_time);
+		CHECK_EQUAL(ea_size.out.size);
+		CHECK_EQUAL(ea_size.out.alloc_size);
+		CHECK_ATTRIB(ea_size.out.attrib);
+		CHECK_EQUAL(ea_size.out.ea_size);
+		break;
+
+	case RAW_FILEINFO_ALL_EAS:
+		CHECK_EQUAL(all_eas.out.num_eas);
+		for (i=0;i<parm[0].all_eas.out.num_eas;i++) {
+			CHECK_EQUAL(all_eas.out.eas[i].flags);
+			CHECK_WSTR_EQUAL(all_eas.out.eas[i].name);
+			CHECK_BLOB_EQUAL(all_eas.out.eas[i].value);
+		}
+		break;
+
+	case RAW_FILEINFO_IS_NAME_VALID:
+		break;
+		
+	case RAW_FILEINFO_BASIC_INFO:
+	case RAW_FILEINFO_BASIC_INFORMATION:
+		CHECK_NTTIMES_EQUAL(basic_info.out.create_time);
+		CHECK_NTTIMES_EQUAL(basic_info.out.access_time);
+		CHECK_NTTIMES_EQUAL(basic_info.out.write_time);
+		CHECK_NTTIMES_EQUAL(basic_info.out.change_time);
+		CHECK_ATTRIB(basic_info.out.attrib);
+		break;
+
+	case RAW_FILEINFO_STANDARD_INFO:
+	case RAW_FILEINFO_STANDARD_INFORMATION:
+		CHECK_EQUAL(standard_info.out.alloc_size);
+		CHECK_EQUAL(standard_info.out.size);
+		CHECK_EQUAL(standard_info.out.nlink);
+		CHECK_EQUAL(standard_info.out.delete_pending);
+		CHECK_EQUAL(standard_info.out.directory);
+		break;
+
+	case RAW_FILEINFO_EA_INFO:
+	case RAW_FILEINFO_EA_INFORMATION:
+		CHECK_EQUAL(ea_info.out.ea_size);
+		break;
+
+	case RAW_FILEINFO_NAME_INFO:
+	case RAW_FILEINFO_NAME_INFORMATION:
+		CHECK_WSTR_EQUAL(name_info.out.fname);
+		break;
+
+	case RAW_FILEINFO_ALL_INFO:
+	case RAW_FILEINFO_ALL_INFORMATION:
+		CHECK_NTTIMES_EQUAL(all_info.out.create_time);
+		CHECK_NTTIMES_EQUAL(all_info.out.access_time);
+		CHECK_NTTIMES_EQUAL(all_info.out.write_time);
+		CHECK_NTTIMES_EQUAL(all_info.out.change_time);
+		CHECK_ATTRIB(all_info.out.attrib);
+		CHECK_EQUAL(all_info.out.alloc_size);
+		CHECK_EQUAL(all_info.out.size);
+		CHECK_EQUAL(all_info.out.nlink);
+		CHECK_EQUAL(all_info.out.delete_pending);
+		CHECK_EQUAL(all_info.out.directory);
+		CHECK_EQUAL(all_info.out.ea_size);
+		CHECK_WSTR_EQUAL(all_info.out.fname);
+		break;
+
+	case RAW_FILEINFO_ALT_NAME_INFO:
+	case RAW_FILEINFO_ALT_NAME_INFORMATION:
+	case RAW_FILEINFO_SMB2_ALT_NAME_INFORMATION:
+		CHECK_WSTR_EQUAL(alt_name_info.out.fname);
+		break;
+
+	case RAW_FILEINFO_STREAM_INFO:
+	case RAW_FILEINFO_STREAM_INFORMATION:
+		CHECK_EQUAL(stream_info.out.num_streams);
+		for (i=0;i<parm[0].stream_info.out.num_streams;i++) {
+			CHECK_EQUAL(stream_info.out.streams[i].size);
+			CHECK_EQUAL(stream_info.out.streams[i].alloc_size);
+			CHECK_WSTR_EQUAL(stream_info.out.streams[i].stream_name);
+		}
+		break;
+
+	case RAW_FILEINFO_COMPRESSION_INFO:
+	case RAW_FILEINFO_COMPRESSION_INFORMATION:
+		CHECK_EQUAL(compression_info.out.compressed_size);
+		CHECK_EQUAL(compression_info.out.format);
+		CHECK_EQUAL(compression_info.out.unit_shift);
+		CHECK_EQUAL(compression_info.out.chunk_shift);
+		CHECK_EQUAL(compression_info.out.cluster_shift);
+		break;
+
+	case RAW_FILEINFO_INTERNAL_INFORMATION:
+		CHECK_EQUAL(internal_information.out.file_id);
+		break;
+
+	case RAW_FILEINFO_ACCESS_INFORMATION:
+		CHECK_EQUAL(access_information.out.access_flags);
+		break;
+
+	case RAW_FILEINFO_POSITION_INFORMATION:
+		CHECK_EQUAL(position_information.out.position);
+		break;
+
+	case RAW_FILEINFO_MODE_INFORMATION:
+		CHECK_EQUAL(mode_information.out.mode);
+		break;
+
+	case RAW_FILEINFO_ALIGNMENT_INFORMATION:
+		CHECK_EQUAL(alignment_information.out.alignment_requirement);
+		break;
+
+	case RAW_FILEINFO_NETWORK_OPEN_INFORMATION:
+		CHECK_NTTIMES_EQUAL(network_open_information.out.create_time);
+		CHECK_NTTIMES_EQUAL(network_open_information.out.access_time);
+		CHECK_NTTIMES_EQUAL(network_open_information.out.write_time);
+		CHECK_NTTIMES_EQUAL(network_open_information.out.change_time);
+		CHECK_EQUAL(network_open_information.out.alloc_size);
+		CHECK_EQUAL(network_open_information.out.size);
+		CHECK_ATTRIB(network_open_information.out.attrib);
+		break;
+
+	case RAW_FILEINFO_ATTRIBUTE_TAG_INFORMATION:
+		CHECK_ATTRIB(attribute_tag_information.out.attrib);
+		CHECK_EQUAL(attribute_tag_information.out.reparse_tag);
+		break;
+
+	case RAW_FILEINFO_NORMALIZED_NAME_INFORMATION:
+		CHECK_WSTR_EQUAL(normalized_name_info.out.fname);
+		break;
+
+	case RAW_FILEINFO_SMB2_ALL_INFORMATION:
+		CHECK_NTTIMES_EQUAL(all_info2.out.create_time);
+		CHECK_NTTIMES_EQUAL(all_info2.out.access_time);
+		CHECK_NTTIMES_EQUAL(all_info2.out.write_time);
+		CHECK_NTTIMES_EQUAL(all_info2.out.change_time);
+		CHECK_ATTRIB(all_info2.out.attrib);
+		CHECK_EQUAL(all_info2.out.unknown1);
+		CHECK_EQUAL(all_info2.out.alloc_size);
+		CHECK_EQUAL(all_info2.out.size);
+		CHECK_EQUAL(all_info2.out.nlink);
+		CHECK_EQUAL(all_info2.out.delete_pending);
+		CHECK_EQUAL(all_info2.out.directory);
+		CHECK_EQUAL(all_info2.out.file_id);
+		CHECK_EQUAL(all_info2.out.ea_size);
+		CHECK_EQUAL(all_info2.out.access_mask);
+		CHECK_EQUAL(all_info2.out.position);
+		CHECK_EQUAL(all_info2.out.mode);
+		CHECK_EQUAL(all_info2.out.alignment_requirement);
+		CHECK_WSTR_EQUAL(all_info2.out.fname);
+		break;
+
+	case RAW_FILEINFO_SMB2_ALL_EAS:
+		CHECK_EQUAL(all_eas.out.num_eas);
+		for (i=0;i<parm[0].all_eas.out.num_eas;i++) {
+			CHECK_EQUAL(all_eas.out.eas[i].flags);
+			CHECK_WSTR_EQUAL(all_eas.out.eas[i].name);
+			CHECK_BLOB_EQUAL(all_eas.out.eas[i].value);
+		}
+		break;
+
+	case RAW_FILEINFO_SEC_DESC:
+		CHECK_SECDESC(query_secdesc.out.sd);
+		break;
+
+		/* Unhandled levels */
+	case RAW_FILEINFO_EA_LIST:
+	case RAW_FILEINFO_UNIX_BASIC:
+	case RAW_FILEINFO_UNIX_LINK:
+	case RAW_FILEINFO_UNIX_INFO2:
+		break;
+	}
+
+	return true;
+}
+
+
+
+/*
+  generate openx operations
+*/
+static bool handler_smb_openx(int instance)
+{
+	union smb_open parm[NSERVERS];
+	NTSTATUS status[NSERVERS];
+
+	parm[0].openx.level = RAW_OPEN_OPENX;
+	parm[0].openx.in.flags = gen_openx_flags();
+	parm[0].openx.in.open_mode = gen_openx_mode();
+	parm[0].openx.in.search_attrs = gen_attrib();
+	parm[0].openx.in.file_attrs = gen_attrib();
+	parm[0].openx.in.write_time = gen_timet();
+	parm[0].openx.in.open_func = gen_openx_func();
+	parm[0].openx.in.size = gen_io_count();
+	parm[0].openx.in.timeout = gen_timeout();
+	parm[0].openx.in.fname = gen_fname_open(instance);
+
+	if (!options.use_oplocks) {
+		/* mask out oplocks */
+		parm[0].openx.in.flags &= ~(OPENX_FLAGS_REQUEST_OPLOCK|
+					    OPENX_FLAGS_REQUEST_BATCH_OPLOCK);
+	}
+	
+	GEN_COPY_PARM;
+	GEN_CALL_SMB(smb_raw_open(tree, current_op.mem_ctx, &parm[i]));
+
+	CHECK_ATTRIB(openx.out.attrib);
+	CHECK_EQUAL(openx.out.size);
+	CHECK_EQUAL(openx.out.access);
+	CHECK_EQUAL(openx.out.ftype);
+	CHECK_EQUAL(openx.out.devstate);
+	CHECK_EQUAL(openx.out.action);
+	CHECK_EQUAL(openx.out.access_mask);
+	CHECK_EQUAL(openx.out.unknown);
+	CHECK_TIMES_EQUAL(openx.out.write_time);
+
+	/* open creates a new file handle */
+	ADD_HANDLE_SMB(parm[0].openx.in.fname, openx.out.file.fnum);
+
+	return true;
+}
+
+
+/*
+  generate open operations
+*/
+static bool handler_smb_open(int instance)
+{
+	union smb_open parm[NSERVERS];
+	NTSTATUS status[NSERVERS];
+
+	parm[0].openold.level = RAW_OPEN_OPEN;
+	parm[0].openold.in.open_mode = gen_bits_mask2(0xF, 0xFFFF);
+	parm[0].openold.in.search_attrs = gen_attrib();
+	parm[0].openold.in.fname = gen_fname_open(instance);
+
+	if (!options.use_oplocks) {
+		/* mask out oplocks */
+		parm[0].openold.in.open_mode &= ~(OPENX_FLAGS_REQUEST_OPLOCK|
+						  OPENX_FLAGS_REQUEST_BATCH_OPLOCK);
+	}
+	
+	GEN_COPY_PARM;
+	GEN_CALL_SMB(smb_raw_open(tree, current_op.mem_ctx, &parm[i]));
+
+	CHECK_ATTRIB(openold.out.attrib);
+	CHECK_TIMES_EQUAL(openold.out.write_time);
+	CHECK_EQUAL(openold.out.size);
+	CHECK_EQUAL(openold.out.rmode);
+
+	/* open creates a new file handle */
+	ADD_HANDLE_SMB(parm[0].openold.in.fname, openold.out.file.fnum);
+
+	return true;
+}
+
+
+/*
+  generate ntcreatex operations
+*/
+static bool handler_smb_ntcreatex(int instance)
+{
+	union smb_open parm[NSERVERS];
+	NTSTATUS status[NSERVERS];
+
+	parm[0].ntcreatex.level = RAW_OPEN_NTCREATEX;
+	parm[0].ntcreatex.in.flags = gen_ntcreatex_flags();
+	parm[0].ntcreatex.in.root_fid.fnum = gen_root_fid(instance);
+	parm[0].ntcreatex.in.access_mask = gen_access_mask();
+	parm[0].ntcreatex.in.alloc_size = gen_alloc_size();
+	parm[0].ntcreatex.in.file_attr = gen_attrib();
+	parm[0].ntcreatex.in.share_access = gen_bits_mask2(0x7, 0xFFFFFFFF);
+	parm[0].ntcreatex.in.open_disposition = gen_open_disp();
+	parm[0].ntcreatex.in.create_options = gen_create_options();
+	parm[0].ntcreatex.in.impersonation = gen_bits_mask2(0, 0xFFFFFFFF);
+	parm[0].ntcreatex.in.security_flags = gen_bits_mask2(0, 0xFF);
+	parm[0].ntcreatex.in.fname = gen_fname_open(instance);
+
+	if (!options.use_oplocks) {
+		/* mask out oplocks */
+		parm[0].ntcreatex.in.flags &= ~(NTCREATEX_FLAGS_REQUEST_OPLOCK|
+						NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK);
+	}
+	
+	GEN_COPY_PARM;
+	if (parm[0].ntcreatex.in.root_fid.fnum != 0) {
+		GEN_SET_FNUM_SMB(ntcreatex.in.root_fid.fnum);
+	}
+	GEN_CALL_SMB(smb_raw_open(tree, current_op.mem_ctx, &parm[i]));
+
+	CHECK_EQUAL(ntcreatex.out.oplock_level);
+	CHECK_EQUAL(ntcreatex.out.create_action);
+	CHECK_NTTIMES_EQUAL(ntcreatex.out.create_time);
+	CHECK_NTTIMES_EQUAL(ntcreatex.out.access_time);
+	CHECK_NTTIMES_EQUAL(ntcreatex.out.write_time);
+	CHECK_NTTIMES_EQUAL(ntcreatex.out.change_time);
+	CHECK_ATTRIB(ntcreatex.out.attrib);
+	CHECK_EQUAL(ntcreatex.out.alloc_size);
+	CHECK_EQUAL(ntcreatex.out.size);
+	CHECK_EQUAL(ntcreatex.out.file_type);
+	CHECK_EQUAL(ntcreatex.out.ipc_state);
+	CHECK_EQUAL(ntcreatex.out.is_directory);
+
+	/* ntcreatex creates a new file handle */
+	ADD_HANDLE_SMB(parm[0].ntcreatex.in.fname, ntcreatex.out.file.fnum);
+
+	return true;
+}
+
+/*
+  generate close operations
+*/
+static bool handler_smb_close(int instance)
+{
+	union smb_close parm[NSERVERS];
+	NTSTATUS status[NSERVERS];
+
+	parm[0].close.level = RAW_CLOSE_CLOSE;
+	parm[0].close.in.file.fnum = gen_fnum_close(instance);
+	parm[0].close.in.write_time = gen_timet();
+
+	GEN_COPY_PARM;
+	GEN_SET_FNUM_SMB(close.in.file.fnum);
+	GEN_CALL_SMB(smb_raw_close(tree, &parm[i]));
+
+	REMOVE_HANDLE_SMB(close.in.file.fnum);
+
+	return true;
+}
+
+/*
+  generate unlink operations
+*/
+static bool handler_smb_unlink(int instance)
+{
+	union smb_unlink parm[NSERVERS];
+	NTSTATUS status[NSERVERS];
+
+	parm[0].unlink.in.pattern = gen_pattern();
+	parm[0].unlink.in.attrib = gen_attrib();
+
+	GEN_COPY_PARM;
+	GEN_CALL_SMB(smb_raw_unlink(tree, &parm[i]));
+
+	return true;
+}
+
+/*
+  generate chkpath operations
+*/
+static bool handler_smb_chkpath(int instance)
+{
+	union smb_chkpath parm[NSERVERS];
+	NTSTATUS status[NSERVERS];
+
+	parm[0].chkpath.in.path = gen_fname_open(instance);
+
+	GEN_COPY_PARM;
+	GEN_CALL_SMB(smb_raw_chkpath(tree, &parm[i]));
+
+	return true;
+}
+
+/*
+  generate mkdir operations
+*/
+static bool handler_smb_mkdir(int instance)
+{
+	union smb_mkdir parm[NSERVERS];
+	NTSTATUS status[NSERVERS];
+
+	parm[0].mkdir.level = RAW_MKDIR_MKDIR;
+	parm[0].mkdir.in.path = gen_fname_open(instance);
+
+	GEN_COPY_PARM;
+	GEN_CALL_SMB(smb_raw_mkdir(tree, &parm[i]));
+
+	return true;
+}
+
+/*
+  generate rmdir operations
+*/
+static bool handler_smb_rmdir(int instance)
+{
+	struct smb_rmdir parm[NSERVERS];
+	NTSTATUS status[NSERVERS];
+
+	parm[0].in.path = gen_fname_open(instance);
+
+	GEN_COPY_PARM;
+	GEN_CALL_SMB(smb_raw_rmdir(tree, &parm[i]));
+
+	return true;
+}
+
+/*
+  generate rename operations
+*/
+static bool handler_smb_rename(int instance)
+{
+	union smb_rename parm[NSERVERS];
+	NTSTATUS status[NSERVERS];
+
+	parm[0].generic.level = RAW_RENAME_RENAME;
+	parm[0].rename.in.pattern1 = gen_pattern();
+	parm[0].rename.in.pattern2 = gen_pattern();
+	parm[0].rename.in.attrib = gen_attrib();
+
+	GEN_COPY_PARM;
+	GEN_CALL_SMB(smb_raw_rename(tree, &parm[i]));
+
+	return true;
+}
+
+/*
+  generate ntrename operations
+*/
+static bool handler_smb_ntrename(int instance)
+{
+	union smb_rename parm[NSERVERS];
+	NTSTATUS status[NSERVERS];
+
+	parm[0].generic.level = RAW_RENAME_NTRENAME;
+	parm[0].ntrename.in.old_name = gen_fname();
+	parm[0].ntrename.in.new_name = gen_fname();
+	parm[0].ntrename.in.attrib = gen_attrib();
+	parm[0].ntrename.in.cluster_size = gen_bits_mask2(0, 0xFFFFFFF);
+	parm[0].ntrename.in.flags = gen_rename_flags();
+
+	GEN_COPY_PARM;
+	GEN_CALL_SMB(smb_raw_rename(tree, &parm[i]));
+
+	return true;
+}
+
+
+/*
+  generate seek operations
+*/
+static bool handler_smb_seek(int instance)
+{
+	union smb_seek parm[NSERVERS];
+	NTSTATUS status[NSERVERS];
+
+	parm[0].lseek.in.file.fnum = gen_fnum(instance);
+	parm[0].lseek.in.mode = gen_bits_mask2(0x3, 0xFFFF);
+	parm[0].lseek.in.offset = gen_offset();
+
+	GEN_COPY_PARM;
+	GEN_SET_FNUM_SMB(lseek.in.file.fnum);
+	GEN_CALL_SMB(smb_raw_seek(tree, &parm[i]));
+
+	CHECK_EQUAL(lseek.out.offset);
+
+	return true;
+}
+
+
+/*
+  generate readx operations
+*/
+static bool handler_smb_readx(int instance)
+{
+	union smb_read parm[NSERVERS];
+	NTSTATUS status[NSERVERS];
+
+	parm[0].readx.level = RAW_READ_READX;
+	parm[0].readx.in.file.fnum = gen_fnum(instance);
+	parm[0].readx.in.offset = gen_offset();
+	parm[0].readx.in.mincnt = gen_io_count();
+	parm[0].readx.in.maxcnt = gen_io_count();
+	parm[0].readx.in.remaining = gen_io_count();
+	parm[0].readx.in.read_for_execute = gen_bool();
+	parm[0].readx.out.data = talloc_array(current_op.mem_ctx, uint8_t,
+					     MAX(parm[0].readx.in.mincnt, parm[0].readx.in.maxcnt));
+
+	GEN_COPY_PARM;
+	GEN_SET_FNUM_SMB(readx.in.file.fnum);
+	GEN_CALL_SMB(smb_raw_read(tree, &parm[i]));
+
+	CHECK_EQUAL(readx.out.remaining);
+	CHECK_EQUAL(readx.out.compaction_mode);
+	CHECK_EQUAL(readx.out.nread);
+
+	return true;
+}
+
+/*
+  generate writex operations
+*/
+static bool handler_smb_writex(int instance)
+{
+	union smb_write parm[NSERVERS];
+	NTSTATUS status[NSERVERS];
+
+	parm[0].writex.level = RAW_WRITE_WRITEX;
+	parm[0].writex.in.file.fnum = gen_fnum(instance);
+	parm[0].writex.in.offset = gen_offset();
+	parm[0].writex.in.wmode = gen_bits_mask(0xFFFF);
+	parm[0].writex.in.remaining = gen_io_count();
+	parm[0].writex.in.count = gen_io_count();
+	parm[0].writex.in.data = talloc_zero_array(current_op.mem_ctx, uint8_t, parm[0].writex.in.count);
+
+	GEN_COPY_PARM;
+	GEN_SET_FNUM_SMB(writex.in.file.fnum);
+	GEN_CALL_SMB(smb_raw_write(tree, &parm[i]));
+
+	CHECK_EQUAL(writex.out.nwritten);
+	CHECK_EQUAL(writex.out.remaining);
+
+	return true;
+}
+
+/*
+  generate lockingx operations
+*/
+static bool handler_smb_lockingx(int instance)
+{
+	union smb_lock parm[NSERVERS];
+	NTSTATUS status[NSERVERS];
+	int n, nlocks;
+
+	parm[0].lockx.level = RAW_LOCK_LOCKX;
+	parm[0].lockx.in.file.fnum = gen_fnum(instance);
+	parm[0].lockx.in.mode = gen_lock_mode();
+	parm[0].lockx.in.timeout = gen_timeout();
+	do {
+		/* make sure we don't accidentally generate an oplock
+		   break ack - otherwise the server can just block forever */
+		parm[0].lockx.in.ulock_cnt = gen_lock_count();
+		parm[0].lockx.in.lock_cnt = gen_lock_count();
+		nlocks = parm[0].lockx.in.ulock_cnt + parm[0].lockx.in.lock_cnt;
+	} while (nlocks == 0);
+
+	if (nlocks > 0) {
+		parm[0].lockx.in.locks = talloc_array(current_op.mem_ctx,
+							struct smb_lock_entry,
+							nlocks);
+		for (n=0;n<nlocks;n++) {
+			parm[0].lockx.in.locks[n].pid = gen_pid();
+			parm[0].lockx.in.locks[n].offset = gen_offset();
+			parm[0].lockx.in.locks[n].count = gen_io_count();
+		}
+	}
+
+	GEN_COPY_PARM;
+	GEN_SET_FNUM_SMB(lockx.in.file.fnum);
+	GEN_CALL_SMB(smb_raw_lock(tree, &parm[i]));
+
+	return true;
+}
+
+#if 0
+/*
+  generate a fileinfo query structure
+*/
+static void gen_setfileinfo(int instance, union smb_setfileinfo *info)
+{
+	int i;
+	#undef LVL
+	#define LVL(v) {RAW_SFILEINFO_ ## v, "RAW_SFILEINFO_" #v}
+	struct {
+		enum smb_setfileinfo_level level;
+		const char *name;
+	}  levels[] = {
+#if 0
+		/* disabled until win2003 can handle them ... */
+		LVL(EA_SET), LVL(BASIC_INFO), LVL(DISPOSITION_INFO), 
+		LVL(STANDARD), LVL(ALLOCATION_INFO), LVL(END_OF_FILE_INFO), 
+#endif
+		LVL(SETATTR), LVL(SETATTRE), LVL(BASIC_INFORMATION),
+		LVL(RENAME_INFORMATION), LVL(DISPOSITION_INFORMATION), 
+		LVL(POSITION_INFORMATION), LVL(MODE_INFORMATION),
+		LVL(ALLOCATION_INFORMATION), LVL(END_OF_FILE_INFORMATION), 
+		LVL(1023), LVL(1025), LVL(1029), LVL(1032), LVL(1039), LVL(1040)
+	};
+	do {
+		i = gen_int_range(0, ARRAY_SIZE(levels)-1);
+	} while (ignore_pattern(levels[i].name));
+
+	info->generic.level = levels[i].level;
+
+	switch (info->generic.level) {
+	case RAW_SFILEINFO_SETATTR:
+		info->setattr.in.attrib = gen_attrib();
+		info->setattr.in.write_time = gen_timet();
+		break;
+	case RAW_SFILEINFO_SETATTRE:
+		info->setattre.in.create_time = gen_timet();
+		info->setattre.in.access_time = gen_timet();
+		info->setattre.in.write_time = gen_timet();
+		break;
+	case RAW_SFILEINFO_STANDARD:
+		info->standard.in.create_time = gen_timet();
+		info->standard.in.access_time = gen_timet();
+		info->standard.in.write_time = gen_timet();
+		break;
+	case RAW_SFILEINFO_EA_SET: {
+		static struct ea_struct ea;
+		info->ea_set.in.num_eas = 1;
+		info->ea_set.in.eas = &ea;
+		info->ea_set.in.eas[0] = gen_ea_struct();
+	}
+		break;
+	case RAW_SFILEINFO_BASIC_INFO:
+	case RAW_SFILEINFO_BASIC_INFORMATION:
+		info->basic_info.in.create_time = gen_nttime();
+		info->basic_info.in.access_time = gen_nttime();
+		info->basic_info.in.write_time = gen_nttime();
+		info->basic_info.in.change_time = gen_nttime();
+		info->basic_info.in.attrib = gen_attrib();
+		break;
+	case RAW_SFILEINFO_DISPOSITION_INFO:
+	case RAW_SFILEINFO_DISPOSITION_INFORMATION:
+		info->disposition_info.in.delete_on_close = gen_bool();
+		break;
+	case RAW_SFILEINFO_ALLOCATION_INFO:
+	case RAW_SFILEINFO_ALLOCATION_INFORMATION:
+		info->allocation_info.in.alloc_size = gen_alloc_size();
+		break;
+	case RAW_SFILEINFO_END_OF_FILE_INFO:
+	case RAW_SFILEINFO_END_OF_FILE_INFORMATION:
+		info->end_of_file_info.in.size = gen_offset();
+		break;
+	case RAW_SFILEINFO_RENAME_INFORMATION:
+	case RAW_SFILEINFO_RENAME_INFORMATION_SMB2:
+		info->rename_information.in.overwrite = gen_bool();
+		info->rename_information.in.root_fid = gen_root_fid(instance);
+		info->rename_information.in.new_name = gen_fname_open(instance);
+		break;
+	case RAW_SFILEINFO_POSITION_INFORMATION:
+		info->position_information.in.position = gen_offset();
+		break;
+	case RAW_SFILEINFO_MODE_INFORMATION:
+		info->mode_information.in.mode = gen_bits_mask(0xFFFFFFFF);
+		break;
+	case RAW_SFILEINFO_FULL_EA_INFORMATION:
+		info->full_ea_information.in.eas = gen_ea_list();
+		break;
+	case RAW_SFILEINFO_GENERIC:
+	case RAW_SFILEINFO_SEC_DESC:
+	case RAW_SFILEINFO_UNIX_BASIC:
+	case RAW_SFILEINFO_UNIX_LINK:
+	case RAW_SFILEINFO_UNIX_HLINK:
+	case RAW_SFILEINFO_1023:
+	case RAW_SFILEINFO_1025:
+	case RAW_SFILEINFO_1029:
+	case RAW_SFILEINFO_1032:
+	case RAW_SFILEINFO_1039:
+	case RAW_SFILEINFO_1040:
+	case RAW_SFILEINFO_UNIX_INFO2:
+		/* Untested */
+		break;
+	}
+}
+#endif
+
+/*
+  generate a fileinfo query structure
+*/
+static void gen_setfileinfo(int instance, union smb_setfileinfo *info)
+{
+	int i;
+	#undef LVL
+	#define LVL(v) {RAW_SFILEINFO_ ## v, "RAW_SFILEINFO_" #v}
+	struct levels {
+		enum smb_setfileinfo_level level;
+		const char *name;
+	};
+	struct levels smb_levels[] = {
+		LVL(EA_SET), LVL(BASIC_INFO), LVL(DISPOSITION_INFO), 
+		LVL(STANDARD), LVL(ALLOCATION_INFO), LVL(END_OF_FILE_INFO), 
+		LVL(SETATTR), LVL(SETATTRE), LVL(BASIC_INFORMATION),
+		LVL(RENAME_INFORMATION), LVL(DISPOSITION_INFORMATION), 
+		LVL(POSITION_INFORMATION), LVL(FULL_EA_INFORMATION), LVL(MODE_INFORMATION),
+		LVL(ALLOCATION_INFORMATION), LVL(END_OF_FILE_INFORMATION), 
+		LVL(PIPE_INFORMATION), LVL(VALID_DATA_INFORMATION), LVL(SHORT_NAME_INFORMATION), 
+		LVL(1025), LVL(1027), LVL(1029), LVL(1030), LVL(1031), LVL(1032), LVL(1036),
+		LVL(1041), LVL(1042), LVL(1043), LVL(1044),
+	};
+	struct levels smb2_levels[] = {
+		LVL(BASIC_INFORMATION),
+		LVL(RENAME_INFORMATION), LVL(DISPOSITION_INFORMATION), 
+		LVL(POSITION_INFORMATION), LVL(FULL_EA_INFORMATION), LVL(MODE_INFORMATION),
+		LVL(ALLOCATION_INFORMATION), LVL(END_OF_FILE_INFORMATION), 
+		LVL(PIPE_INFORMATION), LVL(VALID_DATA_INFORMATION), LVL(SHORT_NAME_INFORMATION), 
+		LVL(1025), LVL(1027), LVL(1029), LVL(1030), LVL(1031), LVL(1032), LVL(1036),
+		LVL(1041), LVL(1042), LVL(1043), LVL(1044),
+	};
+	struct levels *levels = options.smb2?smb2_levels:smb_levels;
+	uint32_t num_levels = options.smb2?ARRAY_SIZE(smb2_levels):ARRAY_SIZE(smb_levels);
+
+	do {
+		i = gen_int_range(0, num_levels-1);
+	} while (ignore_pattern(levels[i].name));
+
+	ZERO_STRUCTP(info);
+	info->generic.level = levels[i].level;
+
+	switch (info->generic.level) {
+	case RAW_SFILEINFO_SETATTR:
+		info->setattr.in.attrib = gen_attrib();
+		info->setattr.in.write_time = gen_timet();
+		break;
+	case RAW_SFILEINFO_SETATTRE:
+		info->setattre.in.create_time = gen_timet();
+		info->setattre.in.access_time = gen_timet();
+		info->setattre.in.write_time = gen_timet();
+		break;
+	case RAW_SFILEINFO_STANDARD:
+		info->standard.in.create_time = gen_timet();
+		info->standard.in.access_time = gen_timet();
+		info->standard.in.write_time = gen_timet();
+		break;
+	case RAW_SFILEINFO_EA_SET: {
+		static struct ea_struct ea;
+		info->ea_set.in.num_eas = 1;
+		info->ea_set.in.eas = &ea;
+		info->ea_set.in.eas[0] = gen_ea_struct();
+		break;
+	}
+	case RAW_SFILEINFO_BASIC_INFO:
+	case RAW_SFILEINFO_BASIC_INFORMATION:
+		info->basic_info.in.create_time = gen_nttime();
+		info->basic_info.in.access_time = gen_nttime();
+		info->basic_info.in.write_time = gen_nttime();
+		info->basic_info.in.change_time = gen_nttime();
+		info->basic_info.in.attrib = gen_attrib();
+		break;
+	case RAW_SFILEINFO_DISPOSITION_INFO:
+	case RAW_SFILEINFO_DISPOSITION_INFORMATION:
+		info->disposition_info.in.delete_on_close = gen_bool();
+		break;
+	case RAW_SFILEINFO_ALLOCATION_INFO:
+	case RAW_SFILEINFO_ALLOCATION_INFORMATION:
+		info->allocation_info.in.alloc_size = gen_alloc_size();
+		break;
+	case RAW_SFILEINFO_END_OF_FILE_INFO:
+	case RAW_SFILEINFO_END_OF_FILE_INFORMATION:
+		info->end_of_file_info.in.size = gen_offset();
+		break;
+	case RAW_SFILEINFO_RENAME_INFORMATION:
+	case RAW_SFILEINFO_RENAME_INFORMATION_SMB2:
+		info->rename_information.in.overwrite = gen_bool();
+		info->rename_information.in.root_fid = gen_root_fid(instance);
+		info->rename_information.in.new_name = gen_fname_open(instance);
+		break;
+	case RAW_SFILEINFO_POSITION_INFORMATION:
+		info->position_information.in.position = gen_offset();
+		break;
+	case RAW_SFILEINFO_MODE_INFORMATION:
+		info->mode_information.in.mode = gen_bits_mask(0xFFFFFFFF);
+		break;
+	case RAW_SFILEINFO_FULL_EA_INFORMATION:
+		info->full_ea_information.in.eas = gen_ea_list();
+		break;
+
+	case RAW_SFILEINFO_GENERIC:
+	case RAW_SFILEINFO_SEC_DESC:
+	case RAW_SFILEINFO_1025:
+	case RAW_SFILEINFO_1029:
+	case RAW_SFILEINFO_1032:
+	case RAW_SFILEINFO_UNIX_BASIC:
+	case RAW_SFILEINFO_UNIX_INFO2:
+	case RAW_SFILEINFO_UNIX_LINK:
+	case RAW_SFILEINFO_UNIX_HLINK:
+	case RAW_SFILEINFO_LINK_INFORMATION:
+	case RAW_SFILEINFO_PIPE_INFORMATION:
+	case RAW_SFILEINFO_VALID_DATA_INFORMATION:
+	case RAW_SFILEINFO_SHORT_NAME_INFORMATION:
+	case RAW_SFILEINFO_1027:
+	case RAW_SFILEINFO_1030:
+	case RAW_SFILEINFO_1031:
+	case RAW_SFILEINFO_1036:
+	case RAW_SFILEINFO_1041:
+	case RAW_SFILEINFO_1042:
+	case RAW_SFILEINFO_1043:
+	case RAW_SFILEINFO_1044:
+		/* Untested */
+		break;
+	}
+}
+
+
+
+/*
+  generate a fileinfo query structure
+*/
+static void gen_fileinfo_smb(int instance, union smb_fileinfo *info)
+{
+	int i;
+	#undef LVL
+	#define LVL(v) {RAW_FILEINFO_ ## v, "RAW_FILEINFO_" #v}
+	struct {
+		enum smb_fileinfo_level level;
+		const char *name;
+	}  levels[] = {
+		LVL(GETATTR), LVL(GETATTRE), LVL(STANDARD),
+		LVL(EA_SIZE), LVL(ALL_EAS), LVL(IS_NAME_VALID),
+		LVL(BASIC_INFO), LVL(STANDARD_INFO), LVL(EA_INFO),
+		LVL(NAME_INFO), LVL(ALL_INFO), LVL(ALT_NAME_INFO),
+		LVL(STREAM_INFO), LVL(COMPRESSION_INFO), LVL(BASIC_INFORMATION),
+		LVL(STANDARD_INFORMATION), LVL(INTERNAL_INFORMATION), LVL(EA_INFORMATION),
+		LVL(ACCESS_INFORMATION), LVL(NAME_INFORMATION), LVL(POSITION_INFORMATION),
+		LVL(MODE_INFORMATION), LVL(ALIGNMENT_INFORMATION), LVL(ALL_INFORMATION),
+		LVL(ALT_NAME_INFORMATION), LVL(STREAM_INFORMATION), LVL(COMPRESSION_INFORMATION),
+		LVL(NETWORK_OPEN_INFORMATION), LVL(ATTRIBUTE_TAG_INFORMATION)
+	};
+	do {
+		i = gen_int_range(0, ARRAY_SIZE(levels)-1);
+	} while (ignore_pattern(levels[i].name));
+
+	info->generic.level = levels[i].level;
+}
+
+/*
+  generate qpathinfo operations
+*/
+static bool handler_smb_qpathinfo(int instance)
+{
+	union smb_fileinfo parm[NSERVERS];
+	NTSTATUS status[NSERVERS];
+
+	parm[0].generic.in.file.path = gen_fname_open(instance);
+
+	gen_fileinfo_smb(instance, &parm[0]);
+
+	GEN_COPY_PARM;
+	GEN_CALL_SMB(smb_raw_pathinfo(tree, current_op.mem_ctx, &parm[i]));
+
+	return cmp_fileinfo(instance, parm, status);
+}
+
+/*
+  generate qfileinfo operations
+*/
+static bool handler_smb_qfileinfo(int instance)
+{
+	union smb_fileinfo parm[NSERVERS];
+	NTSTATUS status[NSERVERS];
+
+	parm[0].generic.in.file.fnum = gen_fnum(instance);
+
+	gen_fileinfo_smb(instance, &parm[0]);
+
+	GEN_COPY_PARM;
+	GEN_SET_FNUM_SMB(generic.in.file.fnum);
+	GEN_CALL_SMB(smb_raw_fileinfo(tree, current_op.mem_ctx, &parm[i]));
+
+	return cmp_fileinfo(instance, parm, status);
+}
+
+
+/*
+  generate setpathinfo operations
+*/
+static bool handler_smb_spathinfo(int instance)
+{
+	union smb_setfileinfo parm[NSERVERS];
+	NTSTATUS status[NSERVERS];
+
+	gen_setfileinfo(instance, &parm[0]);
+	parm[0].generic.in.file.path = gen_fname_open(instance);
+
+	GEN_COPY_PARM;
+
+	/* a special case for the fid in a RENAME */
+	if (parm[0].generic.level == RAW_SFILEINFO_RENAME_INFORMATION &&
+	    parm[0].rename_information.in.root_fid != 0) {
+		GEN_SET_FNUM_SMB(rename_information.in.root_fid);
+	}
+
+	GEN_CALL_SMB(smb_raw_setpathinfo(tree, &parm[i]));
+
+	return true;
+}
+
+
+/*
+  generate setfileinfo operations
+*/
+static bool handler_smb_sfileinfo(int instance)
+{
+	union smb_setfileinfo parm[NSERVERS];
+	NTSTATUS status[NSERVERS];
+
+	parm[0].generic.in.file.fnum = gen_fnum(instance);
+
+	gen_setfileinfo(instance, &parm[0]);
+
+	GEN_COPY_PARM;
+	GEN_SET_FNUM_SMB(generic.in.file.fnum);
+	GEN_CALL_SMB(smb_raw_setfileinfo(tree, &parm[i]));
+
+	return true;
+}
+
+
+/*
+  this is called when a change notify reply comes in
+*/
+static void async_notify_smb(struct smbcli_request *req)
+{
+	union smb_notify notify;
+	NTSTATUS status;
+	int i, j;
+	uint16_t tid = 0;
+	struct smbcli_transport *transport = req->transport;
+
+	if (req->tree) {
+		tid = req->tree->tid;
+	}
+
+	notify.nttrans.level = RAW_NOTIFY_NTTRANS;
+	status = smb_raw_changenotify_recv(req, current_op.mem_ctx, &notify);
+	if (NT_STATUS_IS_OK(status) && notify.nttrans.out.num_changes > 0) {
+		printf("notify tid=%d num_changes=%d action=%d name=%s\n", 
+		       tid, 
+		       notify.nttrans.out.num_changes,
+		       notify.nttrans.out.changes[0].action,
+		       notify.nttrans.out.changes[0].name.s);
+	}
+
+	for (i=0;i<NSERVERS;i++) {
+		for (j=0;j<NINSTANCES;j++) {
+			if (transport == servers[i].smb_tree[j]->session->transport &&
+			    tid == servers[i].smb_tree[j]->tid) {
+				notifies[i][j].notify_count++;
+				notifies[i][j].status = status;
+				notifies[i][j].notify = notify;
+			}
+		}
+	}
+}
+
+/*
+  generate change notify operations
+*/
+static bool handler_smb_notify(int instance)
+{
+	union smb_notify parm[NSERVERS];
+	int n;
+
+	ZERO_STRUCT(parm[0]);
+	parm[0].nttrans.level			= RAW_NOTIFY_NTTRANS;
+	parm[0].nttrans.in.buffer_size		= gen_io_count();
+	parm[0].nttrans.in.completion_filter	= gen_bits_mask(0xFF);
+	parm[0].nttrans.in.file.fnum		= gen_fnum(instance);
+	parm[0].nttrans.in.recursive		= gen_bool();
+
+	GEN_COPY_PARM;
+	GEN_SET_FNUM_SMB(nttrans.in.file.fnum);
+
+	for (n=0;n<NSERVERS;n++) {
+		struct smbcli_request *req;
+		req = smb_raw_changenotify_send(servers[n].smb_tree[instance], &parm[n]);
+		req->async.fn = async_notify_smb;
+	}
+
+	return true;
+}
+
+
+/*
+  generate ntcreatex operations
+*/
+static bool handler_smb2_create(int instance)
+{
+	struct smb2_create parm[NSERVERS];
+	NTSTATUS status[NSERVERS];
+
+	ZERO_STRUCT(parm[0]);
+	parm[0].in.security_flags             = gen_bits_levels(3, 90, 0x0, 70, 0x3, 100, 0xFF);
+	parm[0].in.oplock_level               = gen_bits_levels(3, 90, 0x0, 70, 0x9, 100, 0xFF);
+	parm[0].in.impersonation_level        = gen_bits_levels(3, 90, 0x0, 70, 0x3, 100, 0xFFFFFFFF);
+	parm[0].in.create_flags               = gen_reserved64();
+	parm[0].in.reserved                   = gen_reserved64();
+	parm[0].in.desired_access             = gen_access_mask();
+	parm[0].in.file_attributes            = gen_attrib();
+	parm[0].in.share_access               = gen_bits_mask2(0x7, 0xFFFFFFFF);
+	parm[0].in.create_disposition         = gen_open_disp();
+	parm[0].in.create_options             = gen_create_options();
+	parm[0].in.fname                      = gen_fname_open(instance);
+	parm[0].in.eas			      = gen_ea_list();
+	parm[0].in.alloc_size		      = gen_alloc_size();
+	parm[0].in.durable_open		      = gen_bool();
+	parm[0].in.query_maximal_access	      = gen_bool();
+	parm[0].in.timewarp		      = gen_timewarp();
+	parm[0].in.query_on_disk_id	      = gen_bool();
+	parm[0].in.sec_desc		      = gen_sec_desc();
+
+	if (!options.use_oplocks) {
+		/* mask out oplocks */
+		parm[0].in.oplock_level = 0;
+	}
+
+	if (options.valid) {
+		parm[0].in.security_flags   &= 3;
+		parm[0].in.oplock_level     &= 9;
+		parm[0].in.impersonation_level &= 3;
+	}
+
+	GEN_COPY_PARM;
+	GEN_CALL_SMB2(smb2_create(tree, current_op.mem_ctx, &parm[i]));
+
+	CHECK_EQUAL(out.oplock_level);
+	CHECK_EQUAL(out.reserved);
+	CHECK_EQUAL(out.create_action);
+	CHECK_NTTIMES_EQUAL(out.create_time);
+	CHECK_NTTIMES_EQUAL(out.access_time);
+	CHECK_NTTIMES_EQUAL(out.write_time);
+	CHECK_NTTIMES_EQUAL(out.change_time);
+	CHECK_EQUAL(out.alloc_size);
+	CHECK_EQUAL(out.size);
+	CHECK_ATTRIB(out.file_attr);
+	CHECK_EQUAL(out.reserved2);
+	CHECK_EQUAL(out.maximal_access);
+
+	/* ntcreatex creates a new file handle */
+	ADD_HANDLE_SMB2(parm[0].in.fname, out.file.handle);
+
+	return true;
+}
+
+/*
+  generate close operations
+*/
+static bool handler_smb2_close(int instance)
+{
+	struct smb2_close parm[NSERVERS];
+	NTSTATUS status[NSERVERS];
+
+	ZERO_STRUCT(parm[0]);
+	parm[0].in.file.handle.data[0] = gen_fnum_close(instance);
+	parm[0].in.flags               = gen_bits_mask2(0x1, 0xFFFF);
+
+	GEN_COPY_PARM;
+	GEN_SET_FNUM_SMB2(in.file.handle);
+	GEN_CALL_SMB2(smb2_close(tree, &parm[i]));
+
+	CHECK_EQUAL(out.flags);
+	CHECK_EQUAL(out._pad);
+	CHECK_NTTIMES_EQUAL(out.create_time);
+	CHECK_NTTIMES_EQUAL(out.access_time);
+	CHECK_NTTIMES_EQUAL(out.write_time);
+	CHECK_NTTIMES_EQUAL(out.change_time);
+	CHECK_EQUAL(out.alloc_size);
+	CHECK_EQUAL(out.size);
+	CHECK_ATTRIB(out.file_attr);
+
+	REMOVE_HANDLE_SMB2(in.file.handle);
+
+	return true;
+}
+
+/*
+  generate read operations
+*/
+static bool handler_smb2_read(int instance)
+{
+	struct smb2_read parm[NSERVERS];
+	NTSTATUS status[NSERVERS];
+
+	parm[0].in.file.handle.data[0] = gen_fnum(instance);
+	parm[0].in.reserved    = gen_reserved8();
+	parm[0].in.length      = gen_io_count();
+	parm[0].in.offset      = gen_offset();
+	parm[0].in.min_count   = gen_io_count();
+	parm[0].in.channel     = gen_bits_mask2(0x0, 0xFFFFFFFF);
+	parm[0].in.remaining   = gen_bits_mask2(0x0, 0xFFFFFFFF);
+	parm[0].in.channel_offset = gen_bits_mask2(0x0, 0xFFFF);
+	parm[0].in.channel_length = gen_bits_mask2(0x0, 0xFFFF);
+
+	GEN_COPY_PARM;
+	GEN_SET_FNUM_SMB2(in.file.handle);
+	GEN_CALL_SMB2(smb2_read(tree, current_op.mem_ctx, &parm[i]));
+
+	CHECK_EQUAL(out.remaining);
+	CHECK_EQUAL(out.reserved);
+	CHECK_EQUAL(out.data.length);
+
+	return true;
+}
+
+/*
+  generate write operations
+*/
+static bool handler_smb2_write(int instance)
+{
+	struct smb2_write parm[NSERVERS];
+	NTSTATUS status[NSERVERS];
+
+	parm[0].in.file.handle.data[0] = gen_fnum(instance);
+	parm[0].in.offset = gen_offset();
+	parm[0].in.unknown1 = gen_bits_mask2(0, 0xFFFFFFFF);
+	parm[0].in.unknown2 = gen_bits_mask2(0, 0xFFFFFFFF);
+	parm[0].in.data = data_blob_talloc(current_op.mem_ctx, NULL,
+					    gen_io_count());
+
+	GEN_COPY_PARM;
+	GEN_SET_FNUM_SMB2(in.file.handle);
+	GEN_CALL_SMB2(smb2_write(tree, &parm[i]));
+
+	CHECK_EQUAL(out._pad);
+	CHECK_EQUAL(out.nwritten);
+	CHECK_EQUAL(out.unknown1);
+
+	return true;
+}
+
+/*
+  generate lockingx operations
+*/
+static bool handler_smb2_lock(int instance)
+{
+	struct smb2_lock parm[NSERVERS];
+	NTSTATUS status[NSERVERS];
+	int n;
+
+	parm[0].level = RAW_LOCK_LOCKX;
+	parm[0].in.file.handle.data[0] = gen_fnum(instance);
+	parm[0].in.lock_count = gen_lock_count();
+	parm[0].in.lock_sequence = gen_reserved32();
+	
+	parm[0].in.locks = talloc_array(current_op.mem_ctx,
+					struct smb2_lock_element,
+					parm[0].in.lock_count);
+	for (n=0;n<parm[0].in.lock_count;n++) {
+		parm[0].in.locks[n].offset = gen_offset();
+		parm[0].in.locks[n].length = gen_io_count();
+		/* don't yet cope with async replies */
+		parm[0].in.locks[n].flags  = gen_lock_flags_smb2() | 
+			SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+		parm[0].in.locks[n].reserved = gen_bits_mask2(0x0, 0xFFFFFFFF);
+	}
+
+	GEN_COPY_PARM;
+	GEN_SET_FNUM_SMB2(in.file.handle);
+	GEN_CALL_SMB2(smb2_lock(tree, &parm[i]));
+
+	return true;
+}
+
+/*
+  generate flush operations
+*/
+static bool handler_smb2_flush(int instance)
+{
+	struct smb2_flush parm[NSERVERS];
+	NTSTATUS status[NSERVERS];
+
+	ZERO_STRUCT(parm[0]);
+	parm[0].in.file.handle.data[0] = gen_fnum(instance);
+	parm[0].in.reserved1  = gen_reserved16();
+	parm[0].in.reserved2  = gen_reserved32();
+
+	GEN_COPY_PARM;
+	GEN_SET_FNUM_SMB2(in.file.handle);
+	GEN_CALL_SMB2(smb2_flush(tree, &parm[i]));
+
+	CHECK_EQUAL(out.reserved);
+
+	return true;
+}
+
+/*
+  generate echo operations
+*/
+static bool handler_smb2_echo(int instance)
+{
+	NTSTATUS status[NSERVERS];
+
+	GEN_CALL_SMB2(smb2_keepalive(tree->session->transport));
+
+	return true;
+}
+
+
+
+/*
+  generate a fileinfo query structure
+*/
+static void gen_fileinfo_smb2(int instance, union smb_fileinfo *info)
+{
+	int i;
+	#define LVL(v) {RAW_FILEINFO_ ## v, "RAW_FILEINFO_" #v}
+	struct {
+		enum smb_fileinfo_level level;
+		const char *name;
+	}  levels[] = {
+		LVL(BASIC_INFORMATION),
+		LVL(STANDARD_INFORMATION), LVL(INTERNAL_INFORMATION), LVL(EA_INFORMATION),
+		LVL(ACCESS_INFORMATION), LVL(NAME_INFORMATION), LVL(POSITION_INFORMATION),
+		LVL(MODE_INFORMATION), LVL(ALIGNMENT_INFORMATION), LVL(SMB2_ALL_INFORMATION),
+		LVL(ALT_NAME_INFORMATION), LVL(STREAM_INFORMATION), LVL(COMPRESSION_INFORMATION),
+		LVL(NETWORK_OPEN_INFORMATION), LVL(ATTRIBUTE_TAG_INFORMATION),
+		LVL(SMB2_ALL_EAS), LVL(SMB2_ALL_INFORMATION), LVL(SEC_DESC),
+	};
+	do {
+		i = gen_int_range(0, ARRAY_SIZE(levels)-1);
+	} while (ignore_pattern(levels[i].name));
+
+	info->generic.level = levels[i].level;
+}
+
+/*
+  generate qfileinfo operations
+*/
+static bool handler_smb2_qfileinfo(int instance)
+{
+	union smb_fileinfo parm[NSERVERS];
+	NTSTATUS status[NSERVERS];
+
+	parm[0].generic.in.file.handle.data[0] = gen_fnum(instance);
+
+	gen_fileinfo_smb2(instance, &parm[0]);
+
+	GEN_COPY_PARM;
+	GEN_SET_FNUM_SMB2(generic.in.file.handle);
+	GEN_CALL_SMB2(smb2_getinfo_file(tree, current_op.mem_ctx, &parm[i]));
+
+	return cmp_fileinfo(instance, parm, status);
+}
+
+
+/*
+  generate setfileinfo operations
+*/
+static bool handler_smb2_sfileinfo(int instance)
+{
+	union smb_setfileinfo parm[NSERVERS];
+	NTSTATUS status[NSERVERS];
+
+	gen_setfileinfo(instance, &parm[0]);
+	parm[0].generic.in.file.fnum = gen_fnum(instance);
+
+	GEN_COPY_PARM;
+	GEN_SET_FNUM_SMB2(generic.in.file.handle);
+	GEN_CALL_SMB2(smb2_setinfo_file(tree, &parm[i]));
+
+	return true;
+}
+
+/*
+  wipe any relevant files
+*/
+static void wipe_files(void)
+{
+	int i;
+	NTSTATUS status;
+
+	if (options.skip_cleanup) {
+		return;
+	}
+
+	for (i=0;i<NSERVERS;i++) {
+		int n;
+		if (options.smb2) {
+			n = smb2_deltree(servers[i].smb2_tree[0], "gentest");
+		} else {
+			n = smbcli_deltree(servers[i].smb_tree[0], "gentest");
+		}
+		if (n == -1) {
+			printf("Failed to wipe tree on server %d\n", i);
+			exit(1);
+		}
+		if (options.smb2) {
+			status = smb2_util_mkdir(servers[i].smb2_tree[0], "gentest");
+		} else {
+			status = smbcli_mkdir(servers[i].smb_tree[0], "gentest");
+		}
+		if (NT_STATUS_IS_ERR(status)) {
+			printf("Failed to create gentest on server %d - %s\n", i, nt_errstr(status));
+			exit(1);
+		}
+		if (n > 0) {
+			printf("Deleted %d files on server %d\n", n, i);
+		}
+	}
+}
+
+/*
+  dump the current seeds - useful for continuing a backtrack
+*/
+static void dump_seeds(void)
+{
+	int i;
+	FILE *f;
+
+	if (!options.seeds_file) {
+		return;
+	}
+	f = fopen("seeds.tmp", "w");
+	if (!f) return;
+
+	for (i=0;i<options.numops;i++) {
+		fprintf(f, "%u\n", op_parms[i].seed);
+	}
+	fclose(f);
+	rename("seeds.tmp", options.seeds_file);
+}
+
+
+
+/*
+  the list of top-level operations that we will generate
+*/
+static struct {
+	const char *name;
+	bool (*handler)(int instance);
+	bool smb2;
+	int count, success_count;
+} gen_ops[] = {
+	{
+		.name    = "CREATE",
+		.handler = handler_smb2_create,
+		.smb2    = true,
+	},
+	{
+		.name    = "CLOSE",
+		.handler = handler_smb2_close,
+		.smb2    = true,
+	},
+	{
+		.name    = "READ",
+		.handler = handler_smb2_read,
+		.smb2    = true,
+	},
+	{
+		.name    = "WRITE",
+		.handler = handler_smb2_write,
+		.smb2    = true,
+	},
+	{
+		.name    = "LOCK",
+		.handler = handler_smb2_lock,
+		.smb2    = true,
+	},
+	{
+		.name    = "FLUSH",
+		.handler = handler_smb2_flush,
+		.smb2    = true,
+	},
+	{
+		.name    = "ECHO",
+		.handler = handler_smb2_echo,
+		.smb2    = true,
+	},
+	{
+		.name    = "QFILEINFO",
+		.handler = handler_smb2_qfileinfo,
+		.smb2    = true,
+	},
+	{
+		.name    = "SFILEINFO",
+		.handler = handler_smb2_sfileinfo,
+		.smb2    = true,
+	},
+
+	{
+		.name    = "OPEN",
+		.handler = handler_smb_open,
+		.smb2    = false,
+	},
+	{
+		.name    = "OPENX",
+		.handler = handler_smb_openx,
+		.smb2    = false,
+	},
+	{
+		.name    = "NTCREATEX",
+		.handler = handler_smb_ntcreatex,
+		.smb2    = false,
+	},
+	{
+		.name    = "CLOSE",
+		.handler = handler_smb_close,
+		.smb2    = false,
+	},
+	{
+		.name    = "UNLINK",
+		.handler = handler_smb_unlink,
+		.smb2    = false,
+	},
+	{
+		.name    = "MKDIR",
+		.handler = handler_smb_mkdir,
+		.smb2    = false,
+	},
+	{
+		.name    = "RMDIR",
+		.handler = handler_smb_rmdir,
+		.smb2    = false,
+	},
+	{
+		.name    = "RENAME",
+		.handler = handler_smb_rename,
+		.smb2    = false,
+	},
+	{
+		.name    = "NTRENAME",
+		.handler = handler_smb_ntrename,
+		.smb2    = false,
+	},
+	{
+		.name    = "READX",
+		.handler = handler_smb_readx,
+		.smb2    = false,
+	},
+	{
+		.name    = "WRITEX",
+		.handler = handler_smb_writex,
+		.smb2    = false,
+	},
+	{
+		.name    = "CHKPATH",
+		.handler = handler_smb_chkpath,
+		.smb2    = false,
+	},
+	{
+		.name    = "SEEK",
+		.handler = handler_smb_seek,
+		.smb2    = false,
+	},
+	{
+		.name    = "LOCKINGX",
+		.handler = handler_smb_lockingx,
+		.smb2    = false,
+	},
+	{
+		.name    = "QPATHINFO",
+		.handler = handler_smb_qpathinfo,
+		.smb2    = false,
+	},
+	{
+		.name    = "QFILEINFO",
+		.handler = handler_smb_qfileinfo,
+		.smb2    = false,
+	},
+	{
+		.name    = "SPATHINFO",
+		.handler = handler_smb_spathinfo,
+		.smb2    = false,
+	},
+	{
+		.name    = "SFILEINFO",
+		.handler = handler_smb_sfileinfo,
+		.smb2    = false,
+	},
+	{
+		.name    = "NOTIFY",
+		.handler = handler_smb_notify,
+		.smb2    = false,
+	},
+};
+
+
+/*
+  run the test with the current set of op_parms parameters
+  return the number of operations that completed successfully
+*/
+static int run_test(struct tevent_context *ev, struct loadparm_context *lp_ctx)
+{
+	int op, i;
+
+	if (!connect_servers(ev, lp_ctx)) {
+		printf("Failed to connect to servers\n");
+		exit(1);
+	}
+
+	dump_seeds();
+
+	/* wipe any leftover files from old runs */
+	wipe_files();
+
+	/* reset the open handles array */
+	memset(open_handles, 0, options.max_open_handles * sizeof(open_handles[0]));
+	num_open_handles = 0;
+
+	/* reset the counts from previous runs */
+	for (i=0;i<ARRAY_SIZE(gen_ops);i++) {
+		gen_ops[i].count = 0;
+		gen_ops[i].success_count = 0;
+	}
+
+	for (op=0; op<options.numops; op++) {
+		int instance, which_op;
+		bool ret;
+
+		if (op_parms[op].disabled) continue;
+
+		srandom(op_parms[op].seed);
+
+		instance = gen_int_range(0, NINSTANCES-1);
+
+		/* generate a non-ignored operation */
+		do {
+			which_op = gen_int_range(0, ARRAY_SIZE(gen_ops)-1);
+		} while (ignore_pattern(gen_ops[which_op].name) ||
+			 gen_ops[which_op].smb2 != options.smb2);
+
+		DEBUG(3,("Generating op %s on instance %d\n",
+			 gen_ops[which_op].name, instance));
+
+		current_op.seed = op_parms[op].seed;
+		current_op.opnum = op;
+		current_op.name = gen_ops[which_op].name;
+		current_op.status = NT_STATUS_OK;
+		talloc_free(current_op.mem_ctx);
+		current_op.mem_ctx = talloc_named(NULL, 0, "%s", current_op.name);
+
+		ret = gen_ops[which_op].handler(instance);
+
+		gen_ops[which_op].count++;
+		if (NT_STATUS_IS_OK(current_op.status)) {
+			gen_ops[which_op].success_count++;			
+		}
+
+		if (!ret) {
+			printf("Failed at operation %d - %s\n",
+			       op, gen_ops[which_op].name);
+			return op;
+		}
+
+		if (op % 100 == 0) {
+			printf("%d\n", op);
+		}
+	}
+
+	for (i=0;i<ARRAY_SIZE(gen_ops);i++) {
+		printf("Op %-10s got %d/%d success\n", 
+		       gen_ops[i].name,
+		       gen_ops[i].success_count,
+		       gen_ops[i].count);
+	}
+
+	return op;
+}
+
+/* 
+   perform a backtracking analysis of the minimal set of operations
+   to generate an error
+*/
+static void backtrack_analyze(struct tevent_context *ev,
+			      struct loadparm_context *lp_ctx)
+{
+	int chunk, ret;
+	const char *mismatch = current_op.mismatch;
+
+	chunk = options.numops / 2;
+
+	do {
+		int base;
+		for (base=0; 
+		     chunk > 0 && base+chunk < options.numops && options.numops > 1; ) {
+			int i, max;
+
+			chunk = MIN(chunk, options.numops / 2);
+
+			/* mark this range as disabled */
+			max = MIN(options.numops, base+chunk);
+			for (i=base;i<max; i++) {
+				op_parms[i].disabled = true;
+			}
+			printf("Testing %d ops with %d-%d disabled\n", 
+			       options.numops, base, max-1);
+			ret = run_test(ev, lp_ctx);
+			printf("Completed %d of %d ops\n", ret, options.numops);
+			for (i=base;i<max; i++) {
+				op_parms[i].disabled = false;
+			}
+			if (ret == options.numops) {
+				/* this chunk is needed */
+				base += chunk;
+			} else if (mismatch != current_op.mismatch &&
+				   strcmp(mismatch, current_op.mismatch)) {
+				base += chunk;
+				printf("Different error in backtracking\n");
+			} else if (ret < base) {
+				printf("damn - inconsistent errors! found early error\n");
+				options.numops = ret+1;
+				base = 0;
+			} else {
+				/* it failed - this chunk isn't needed for a failure */
+				memmove(&op_parms[base], &op_parms[max], 
+					sizeof(op_parms[0]) * (options.numops - max));
+				options.numops = (ret+1) - (max - base);
+			}
+		}
+
+		if (chunk == 2) {
+			chunk = 1;
+		} else {
+			chunk *= 0.4;
+		}
+
+		if (options.analyze_continuous && chunk == 0 && options.numops != 1) {
+			chunk = 1;
+		}
+	} while (chunk > 0);
+
+	printf("Reduced to %d ops\n", options.numops);
+	ret = run_test(ev, lp_ctx);
+	if (ret != options.numops - 1) {
+		printf("Inconsistent result? ret=%d numops=%d\n", ret, options.numops);
+	}
+}
+
+/* 
+   start the main gentest process
+*/
+static bool start_gentest(struct tevent_context *ev,
+			  struct loadparm_context *lp_ctx)
+{
+	int op;
+	int ret;
+
+	/* allocate the open_handles array */
+	open_handles = calloc(options.max_open_handles, sizeof(open_handles[0]));
+	if (open_handles == NULL) {
+		printf("Unable to allocate memory for open_handles array.\n");
+		exit(1);
+	}
+
+	srandom(options.seed);
+	op_parms = calloc(options.numops, sizeof(op_parms[0]));
+	if (op_parms == NULL) {
+		printf("Unable to allocate memory for op_parms.\n");
+		exit(1);
+	}
+
+	/* generate the seeds - after this everything is deterministic */
+	if (options.use_preset_seeds) {
+		int numops;
+		char **preset = file_lines_load(options.seeds_file, &numops, 0, NULL);
+		if (!preset) {
+			printf("Failed to load %s - %s\n", options.seeds_file, strerror(errno));
+			exit(1);
+		}
+		if (numops < options.numops) {
+			options.numops = numops;
+		}
+		for (op=0;op<options.numops;op++) {
+			if (!preset[op]) {
+				printf("Not enough seeds in %s\n", options.seeds_file);
+				exit(1);
+			}
+			op_parms[op].seed = atoi(preset[op]);
+		}
+		printf("Loaded %d seeds from %s\n", options.numops, options.seeds_file);
+	} else {
+		for (op=0; op<options.numops; op++) {
+			op_parms[op].seed = random();
+		}
+	}
+
+	ret = run_test(ev, lp_ctx);
+
+	if (ret != options.numops && options.analyze) {
+		options.numops = ret+1;
+		backtrack_analyze(ev, lp_ctx);
+	} else if (options.analyze_always) {
+		backtrack_analyze(ev, lp_ctx);
+	} else if (options.analyze_continuous) {
+		while (run_test(ev, lp_ctx) == options.numops) ;
+	}
+
+	return ret == options.numops;
+}
+
+
+static void usage(poptContext pc)
+{
+	printf(
+"Usage:\n\
+  gentest //server1/share1 //server2/share2 [options..]\n\
+");
+	poptPrintUsage(pc, stdout, 0);
+}
+
+/**
+  split a UNC name into server and share names
+*/
+static bool split_unc_name(const char *unc, char **server, char **share)
+{
+	char *p = strdup(unc);
+	if (!p) return false;
+	all_string_sub(p, "\\", "/", 0);
+	if (strncmp(p, "//", 2) != 0) return false;
+
+	(*server) = p+2;
+	p = strchr(*server, '/');
+	if (!p) return false;
+
+	*p = 0;
+	(*share) = p+1;
+	
+	return true;
+}
+
+
+
+/****************************************************************************
+  main program
+****************************************************************************/
+int main(int argc, const char *argv[])
+{
+	int opt;
+	int i, username_count=0;
+	bool ret;
+	char *ignore_file=NULL;
+	struct tevent_context *ev;
+	struct loadparm_context *lp_ctx;
+	poptContext pc;
+	int argc_new;
+	char **argv_new;
+	enum {
+		OPT_UNCLIST=1000,
+		OPT_USER1,
+		OPT_USER2,
+	};
+	struct poptOption long_options[] = {
+		POPT_AUTOHELP
+		{"smb2",          0, POPT_ARG_NONE, &options.smb2, 0,	"use SMB2 protocol", 	NULL},
+		{"seed",	  0, POPT_ARG_INT,  &options.seed, 	0,	"Seed to use for randomizer", 	NULL},
+		{"num-ops",	  0, POPT_ARG_INT,  &options.numops, 	0, 	"num ops",	NULL},
+		{"oplocks",       0, POPT_ARG_NONE, &options.use_oplocks,0,      "use oplocks", NULL},
+		{"showall",       0, POPT_ARG_NONE, &options.showall,    0,      "display all operations", NULL},
+		{"analyse",       0, POPT_ARG_NONE, &options.analyze,    0,      "do backtrack analysis", NULL},
+		{"analysealways", 0, POPT_ARG_NONE, &options.analyze_always,    0,      "analysis always", NULL},
+		{"analysecontinuous", 0, POPT_ARG_NONE, &options.analyze_continuous,    0,      "analysis continuous", NULL},
+		{"ignore",        0, POPT_ARG_STRING, &ignore_file,    0,      "ignore from file", NULL},
+		{"preset",        0, POPT_ARG_NONE, &options.use_preset_seeds,    0,      "use preset seeds", NULL},
+		{"fast",          0, POPT_ARG_NONE, &options.fast_reconnect,    0,      "use fast reconnect", NULL},
+		{"unclist",	  0, POPT_ARG_STRING,	NULL, 	OPT_UNCLIST,	"unclist", 	NULL},
+		{"seedsfile",	  0, POPT_ARG_STRING,  &options.seeds_file, 0,	"seed file", 	NULL},
+		{"user1",         0, POPT_ARG_STRING, NULL, OPT_USER1, "Set first network username", "[DOMAIN/]USERNAME[%PASSWORD]" },
+		{"user2",         0, POPT_ARG_STRING, NULL, OPT_USER2, "Set second network username", "[DOMAIN/]USERNAME[%PASSWORD]" },
+		{"maskindexing",  0, POPT_ARG_NONE,  &options.mask_indexing, 0,	"mask out the indexed file attrib", 	NULL},
+		{"noeas",  0, POPT_ARG_NONE,  &options.no_eas, 0,	"don't use extended attributes", 	NULL},
+		{"noacls",  0, POPT_ARG_NONE,  &options.no_acls, 0,	"don't use ACLs", 	NULL},
+		{"skip-cleanup",  0, POPT_ARG_NONE,  &options.skip_cleanup, 0,	"don't delete files at start", 	NULL},
+		{"valid",  0, POPT_ARG_NONE,  &options.valid, 0,	"generate only valid fields", 	NULL},
+		POPT_COMMON_SAMBA
+		POPT_COMMON_CONNECTION
+		POPT_COMMON_CREDENTIALS
+		POPT_COMMON_VERSION
+		POPT_LEGACY_S4
+		POPT_TABLEEND
+	};
+	TALLOC_CTX *mem_ctx = NULL;
+	bool ok;
+
+	memset(&bad_smb2_handle, 0xFF, sizeof(bad_smb2_handle));
+
+	setlinebuf(stdout);
+	options.seed = time(NULL);
+	options.numops = 1000;
+	options.max_open_handles = 20;
+	options.seeds_file = "gentest_seeds.dat";
+
+	mem_ctx = talloc_named_const(NULL, 0, "gentest_ctx");
+	if (mem_ctx == NULL) {
+		printf("Unable to allocate gentest_ctx\n");
+		exit(1);
+	}
+
+	ok = samba_cmdline_init(mem_ctx,
+				SAMBA_CMDLINE_CONFIG_CLIENT,
+				false /* require_smbconf */);
+	if (!ok) {
+		DBG_ERR("Failed to init cmdline parser!\n");
+		TALLOC_FREE(mem_ctx);
+		exit(1);
+	}
+
+	pc = samba_popt_get_context(getprogname(),
+				    argc,
+				    argv,
+				    long_options,
+				    POPT_CONTEXT_KEEP_FIRST);
+	if (pc == NULL) {
+		DBG_ERR("Failed to setup popt context!\n");
+		TALLOC_FREE(mem_ctx);
+		exit(1);
+	}
+
+	poptSetOtherOptionHelp(pc, "<unc1> <unc2>");
+
+	lp_ctx = samba_cmdline_get_lp_ctx();
+	servers[0].credentials = cli_credentials_init(mem_ctx);
+	servers[1].credentials = cli_credentials_init(mem_ctx);
+	cli_credentials_guess(servers[0].credentials, lp_ctx);
+	cli_credentials_guess(servers[1].credentials, lp_ctx);
+
+	while((opt = poptGetNextOpt(pc)) != -1) {
+		switch (opt) {
+		case OPT_UNCLIST:
+			lpcfg_set_cmdline(lp_ctx, "torture:unclist", poptGetOptArg(pc));
+			break;
+		case OPT_USER1:
+			cli_credentials_parse_string(servers[0].credentials,
+						     poptGetOptArg(pc),
+						     CRED_SPECIFIED);
+			username_count++;
+			break;
+		case OPT_USER2:
+			cli_credentials_parse_string(servers[1].credentials,
+						     poptGetOptArg(pc),
+						     CRED_SPECIFIED);
+			username_count++;
+			break;
+		case POPT_ERROR_BADOPT:
+			fprintf(stderr, "\nInvalid option %s: %s\n\n",
+				poptBadOption(pc, 0), poptStrerror(opt));
+			poptPrintUsage(pc, stderr, 0);
+			exit(1);
+		}
+	}
+
+	if (ignore_file) {
+		options.ignore_patterns = file_lines_load(ignore_file, NULL, 0, NULL);
+	}
+
+	argv_new = discard_const_p(char *, poptGetArgs(pc));
+	argc_new = argc;
+	for (i=0; i<argc; i++) {
+		if (argv_new[i] == NULL) {
+			argc_new = i;
+			break;
+		}
+	}
+
+	if (!(argc_new >= 3)) {
+		usage(pc);
+		talloc_free(mem_ctx);
+		exit(1);
+	}
+
+	setlinebuf(stdout);
+
+	setup_logging("gentest", DEBUG_STDOUT);
+
+	if (argc < 3 || argv[1][0] == '-') {
+		usage(pc);
+		talloc_free(mem_ctx);
+		exit(1);
+	}
+
+	setup_logging(argv[0], DEBUG_STDOUT);
+
+	for (i=0;i<NSERVERS;i++) {
+		const char *share = argv[1+i];
+		if (!split_unc_name(share, &servers[i].server_name, &servers[i].share_name)) {
+			printf("Invalid share name '%s'\n", share);
+			poptFreeContext(pc);
+			talloc_free(mem_ctx);
+			return -1;
+		}
+	}
+
+	if (username_count == 0) {
+		usage(pc);
+		poptFreeContext(pc);
+		talloc_free(mem_ctx);
+		return -1;
+	}
+	if (username_count == 1) {
+		servers[1].credentials = servers[0].credentials;
+	}
+
+	printf("seed=%u\n", options.seed);
+
+	ev = s4_event_context_init(mem_ctx);
+
+	gensec_init();
+
+	ret = start_gentest(ev, lp_ctx);
+
+	if (ret) {
+		printf("gentest completed - no errors\n");
+	} else {
+		printf("gentest failed\n");
+	}
+
+	poptFreeContext(pc);
+	talloc_free(mem_ctx);
+	return ret?0:-1;
+}
diff --git a/source4/torture/gpo/apply.c b/source4/torture/gpo/apply.c
new file mode 100644
index 0000000..560408f
--- /dev/null
+++ b/source4/torture/gpo/apply.c
@@ -0,0 +1,390 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) David Mulder 2017
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "param/param.h"
+#include "param/loadparm.h"
+#include "torture/smbtorture.h"
+#include "lib/util/mkdir_p.h"
+#include "dsdb/samdb/samdb.h"
+#include "auth/session.h"
+#include "lib/ldb/include/ldb.h"
+#include "torture/gpo/proto.h"
+#include <unistd.h>
+#include "lib/util/samba_util.h"
+#include "util/tevent_ntstatus.h"
+
+#undef strncasecmp
+
+struct torture_suite *gpo_apply_suite(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "apply");
+
+	torture_suite_add_simple_test(suite, "gpo_param_from_gpo",
+				      torture_gpo_system_access_policies);
+
+	suite->description = talloc_strdup(suite, "Group Policy apply tests");
+
+	return suite;
+}
+
+static int exec_wait(struct torture_context *tctx, const char **gpo_update_cmd)
+{
+	NTSTATUS status;
+	int ret = 0;
+	struct tevent_req *req;
+
+	req = samba_runcmd_send(tctx,
+				tctx->ev,
+				timeval_current_ofs(100, 0),
+				2, 0,
+				gpo_update_cmd,
+				"gpo_reload_cmd", NULL);
+	if (req == NULL) {
+		return -1;
+	}
+
+	if (!tevent_req_poll_ntstatus(req, tctx->ev, &status)) {
+		return -1;
+	}
+	if (samba_runcmd_recv(req, &ret) != 0) {
+		return -1;
+	}
+	return ret;
+}
+
+static int unix2nttime(const char *sval)
+{
+	return (strtoll(sval, NULL, 10) * -1 / 60 / 60 / 24 / 10000000);
+}
+
+#define GPODIR "addom.samba.example.com/Policies/"\
+	       "{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Microsoft/"\
+	       "Windows NT/SecEdit"
+#define GPOFILE "GptTmpl.inf"
+#define GPTTMPL "[System Access]\n\
+MinimumPasswordAge = %d\n\
+MaximumPasswordAge = %d\n\
+MinimumPasswordLength = %d\n\
+PasswordComplexity = %d\n\
+"
+#define GPTINI "addom.samba.example.com/Policies/"\
+	       "{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI"
+
+bool torture_gpo_system_access_policies(struct torture_context *tctx)
+{
+	TALLOC_CTX *ctx = talloc_new(tctx);
+	int ret, vers = 0, i;
+	const char *sysvol_path = NULL, *gpo_dir = NULL;
+	const char *gpo_file = NULL, *gpt_file = NULL;
+	struct ldb_context *samdb = NULL;
+	struct ldb_result *result;
+	const char *attrs[] = {
+		"minPwdAge",
+		"maxPwdAge",
+		"minPwdLength",
+		"pwdProperties",
+		NULL
+	};
+	FILE *fp = NULL;
+	const char **gpo_update_cmd;
+	const char **gpo_unapply_cmd;
+	const char **gpo_update_force_cmd;
+	int minpwdcases[] = { 0, 1, 998 };
+	int maxpwdcases[] = { 0, 1, 999 };
+	int pwdlencases[] = { 0, 1, 14 };
+	int pwdpropcases[] = { 0, 1, 1 };
+	struct ldb_message *old_message = NULL;
+	const char **itr;
+	int gpo_update_len = 0;
+
+	sysvol_path = lpcfg_path(lpcfg_service(tctx->lp_ctx, "sysvol"),
+				 lpcfg_default_service(tctx->lp_ctx), tctx);
+	torture_assert(tctx, sysvol_path, "Failed to fetch the sysvol path");
+
+	/* Ensure the sysvol path exists */
+	gpo_dir = talloc_asprintf(ctx, "%s/%s", sysvol_path, GPODIR);
+	mkdir_p(gpo_dir, S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
+	gpo_file = talloc_asprintf(ctx, "%s/%s", gpo_dir, GPOFILE);
+
+	/* Get the gpo update command */
+	gpo_update_cmd = lpcfg_gpo_update_command(tctx->lp_ctx);
+	torture_assert(tctx, gpo_update_cmd && gpo_update_cmd[0],
+		       "Failed to fetch the gpo update command");
+
+	/* Open and read the samba db and store the initial password settings */
+	samdb = samdb_connect(ctx,
+			      tctx->ev,
+			      tctx->lp_ctx,
+			      system_session(tctx->lp_ctx),
+			      NULL,
+			      0);
+	torture_assert(tctx, samdb, "Failed to connect to the samdb");
+
+	ret = ldb_search(samdb, ctx, &result, ldb_get_default_basedn(samdb),
+			 LDB_SCOPE_BASE, attrs, NULL);
+	torture_assert(tctx, ret == LDB_SUCCESS && result->count == 1,
+		       "Searching the samdb failed");
+
+	old_message = result->msgs[0];
+
+	for (i = 0; i < 3; i++) {
+		/* Write out the sysvol */
+		if ( (fp = fopen(gpo_file, "w")) ) {
+			fputs(talloc_asprintf(ctx, GPTTMPL, minpwdcases[i],
+					      maxpwdcases[i], pwdlencases[i],
+					      pwdpropcases[i]), fp);
+			fclose(fp);
+		}
+
+		/* Update the version in the GPT.INI */
+		gpt_file = talloc_asprintf(ctx, "%s/%s", sysvol_path, GPTINI);
+		if ( (fp = fopen(gpt_file, "r")) ) {
+			char line[256];
+			while (fgets(line, 256, fp)) {
+				if (strncasecmp(line, "Version=", 8) == 0) {
+					vers = atoi(line+8);
+					break;
+				}
+			}
+			fclose(fp);
+		}
+		if ( (fp = fopen(gpt_file, "w")) ) {
+			char *data = talloc_asprintf(ctx,
+						     "[General]\nVersion=%d\n",
+						     ++vers);
+			fputs(data, fp);
+			fclose(fp);
+		}
+
+		/* Run the gpo update command */
+		ret = exec_wait(tctx, gpo_update_cmd);
+
+		torture_assert(tctx, ret == 0,
+			       "Failed to execute the gpo update command");
+		ret = ldb_search(samdb, ctx, &result,
+				 ldb_get_default_basedn(samdb),
+				 LDB_SCOPE_BASE, attrs, NULL);
+		torture_assert(tctx, ret == LDB_SUCCESS && result->count == 1,
+			       "Searching the samdb failed");
+
+		/* minPwdAge */
+		torture_assert_int_equal(tctx, unix2nttime(
+						ldb_msg_find_attr_as_string(
+							result->msgs[0],
+							attrs[0],
+							"")), minpwdcases[i],
+			       "The minPwdAge was not applied");
+
+		/* maxPwdAge */
+		torture_assert_int_equal(tctx, unix2nttime(
+						ldb_msg_find_attr_as_string(
+							result->msgs[0],
+							attrs[1],
+							"")), maxpwdcases[i],
+			       "The maxPwdAge was not applied");
+
+		/* minPwdLength */
+		torture_assert_int_equal(tctx, ldb_msg_find_attr_as_int(
+							result->msgs[0],
+							attrs[2],
+							-1),
+					       pwdlencases[i],
+				"The minPwdLength was not applied");
+
+		/* pwdProperties */
+		torture_assert_int_equal(tctx, ldb_msg_find_attr_as_int(
+							result->msgs[0],
+							attrs[3],
+							-1),
+					       pwdpropcases[i],
+			       "The pwdProperties were not applied");
+	}
+
+	/* Reset settings, then verify a reapply doesn't force them back */
+	for (i = 0; i < old_message->num_elements; i++) {
+		old_message->elements[i].flags = LDB_FLAG_MOD_REPLACE;
+	}
+	ret = ldb_modify(samdb, old_message);
+	torture_assert(tctx, ret == 0, "Failed to reset password settings.");
+
+	ret = exec_wait(tctx, gpo_update_cmd);
+	torture_assert(tctx, ret == 0,
+		       "Failed to execute the gpo update command");
+
+	/* Validate that the apply did nothing (without --force param) */
+	ret = ldb_search(samdb, ctx, &result, ldb_get_default_basedn(samdb),
+			 LDB_SCOPE_BASE, attrs, NULL);
+	torture_assert(tctx, ret == LDB_SUCCESS && result->count == 1,
+		       "Searching the samdb failed");
+	/* minPwdAge */
+	torture_assert_int_equal(tctx, unix2nttime(ldb_msg_find_attr_as_string(
+						result->msgs[0],
+						attrs[0],
+						"")),
+		       unix2nttime(ldb_msg_find_attr_as_string(old_message,
+							       attrs[0],
+							       "")
+				  ),
+		       "The minPwdAge was re-applied");
+	/* maxPwdAge */
+	torture_assert_int_equal(tctx, unix2nttime(ldb_msg_find_attr_as_string(
+						result->msgs[0],
+						attrs[1],
+						"")),
+		       unix2nttime(ldb_msg_find_attr_as_string(old_message,
+							       attrs[1],
+							       "")
+				  ),
+		       "The maxPwdAge was re-applied");
+	/* minPwdLength */
+	torture_assert_int_equal(tctx, ldb_msg_find_attr_as_int(
+						result->msgs[0],
+						attrs[2],
+						-1),
+				       ldb_msg_find_attr_as_int(
+						old_message,
+						attrs[2],
+						-2),
+			"The minPwdLength was re-applied");
+	/* pwdProperties */
+	torture_assert_int_equal(tctx, ldb_msg_find_attr_as_int(
+						result->msgs[0],
+						attrs[3],
+						-1),
+					ldb_msg_find_attr_as_int(
+						old_message,
+						attrs[3],
+						-2),
+			"The pwdProperties were re-applied");
+
+	for (itr = gpo_update_cmd; *itr != NULL; itr++) {
+		gpo_update_len++;
+	}
+
+	/* Run gpupdate --force and verify settings are re-applied */
+	gpo_update_force_cmd = talloc_array(ctx, const char*, gpo_update_len+2);
+	for (i = 0; i < gpo_update_len; i++) {
+		gpo_update_force_cmd[i] = talloc_strdup(gpo_update_force_cmd,
+							gpo_update_cmd[i]);
+	}
+	gpo_update_force_cmd[i] = talloc_asprintf(gpo_update_force_cmd,
+						  "--force");
+	gpo_update_force_cmd[i+1] = NULL;
+	ret = exec_wait(tctx, gpo_update_force_cmd);
+	torture_assert(tctx, ret == 0,
+		       "Failed to execute the gpupdate --force command");
+
+	ret = ldb_search(samdb, ctx, &result,
+			 ldb_get_default_basedn(samdb),
+			 LDB_SCOPE_BASE, attrs, NULL);
+	torture_assert(tctx, ret == LDB_SUCCESS && result->count == 1,
+		       "Searching the samdb failed");
+
+	/* minPwdAge */
+	torture_assert_int_equal(tctx, unix2nttime(
+					ldb_msg_find_attr_as_string(
+						result->msgs[0],
+						attrs[0],
+						"")), minpwdcases[2],
+		       "The minPwdAge was not applied");
+
+	/* maxPwdAge */
+	torture_assert_int_equal(tctx, unix2nttime(
+					ldb_msg_find_attr_as_string(
+						result->msgs[0],
+						attrs[1],
+						"")), maxpwdcases[2],
+		       "The maxPwdAge was not applied");
+
+	/* minPwdLength */
+	torture_assert_int_equal(tctx, ldb_msg_find_attr_as_int(
+						result->msgs[0],
+						attrs[2],
+						-1),
+				       pwdlencases[2],
+			"The minPwdLength was not applied");
+
+	/* pwdProperties */
+	torture_assert_int_equal(tctx, ldb_msg_find_attr_as_int(
+						result->msgs[0],
+						attrs[3],
+						-1),
+				       pwdpropcases[2],
+		       "The pwdProperties were not applied");
+
+	/* Unapply the settings and verify they are removed */
+	gpo_unapply_cmd = talloc_array(ctx, const char*, gpo_update_len+2);
+	for (i = 0; i < gpo_update_len; i++) {
+		gpo_unapply_cmd[i] = talloc_strdup(gpo_unapply_cmd,
+						   gpo_update_cmd[i]);
+	}
+	gpo_unapply_cmd[i] = talloc_asprintf(gpo_unapply_cmd, "--unapply");
+	gpo_unapply_cmd[i+1] = NULL;
+	ret = exec_wait(tctx, gpo_unapply_cmd);
+	torture_assert(tctx, ret == 0,
+		       "Failed to execute the gpo unapply command");
+	ret = ldb_search(samdb, ctx, &result, ldb_get_default_basedn(samdb),
+			 LDB_SCOPE_BASE, attrs, NULL);
+	torture_assert(tctx, ret == LDB_SUCCESS && result->count == 1,
+		       "Searching the samdb failed");
+	/* minPwdAge */
+	torture_assert_int_equal(tctx, unix2nttime(ldb_msg_find_attr_as_string(
+						result->msgs[0],
+						attrs[0],
+						"")),
+		       unix2nttime(ldb_msg_find_attr_as_string(old_message,
+							       attrs[0],
+							       "")
+				  ),
+		       "The minPwdAge was not unapplied");
+	/* maxPwdAge */
+	torture_assert_int_equal(tctx, unix2nttime(ldb_msg_find_attr_as_string(
+						result->msgs[0],
+						attrs[1],
+						"")),
+		       unix2nttime(ldb_msg_find_attr_as_string(old_message,
+							       attrs[1],
+							       "")
+				  ),
+		       "The maxPwdAge was not unapplied");
+	/* minPwdLength */
+	torture_assert_int_equal(tctx, ldb_msg_find_attr_as_int(
+						result->msgs[0],
+						attrs[2],
+						-1),
+				       ldb_msg_find_attr_as_int(
+						old_message,
+						attrs[2],
+						-2),
+			"The minPwdLength was not unapplied");
+	/* pwdProperties */
+	torture_assert_int_equal(tctx, ldb_msg_find_attr_as_int(
+						result->msgs[0],
+						attrs[3],
+						-1),
+					ldb_msg_find_attr_as_int(
+						old_message,
+						attrs[3],
+						-2),
+			"The pwdProperties were not unapplied");
+
+	talloc_free(ctx);
+	return true;
+}
diff --git a/source4/torture/gpo/gpo.c b/source4/torture/gpo/gpo.c
new file mode 100644
index 0000000..4a06809
--- /dev/null
+++ b/source4/torture/gpo/gpo.c
@@ -0,0 +1,35 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) David Mulder 2017
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/smbtorture.h"
+#include "torture/gpo/proto.h"
+
+NTSTATUS torture_gpo_init(TALLOC_CTX *ctx)
+{
+    struct torture_suite *suite = torture_suite_create(ctx, "gpo");
+
+    torture_suite_add_suite(suite, gpo_apply_suite(suite));
+
+    suite->description = talloc_strdup(suite, "Group Policy tests");
+
+    torture_register_suite(ctx, suite);
+
+    return NT_STATUS_OK;
+}
diff --git a/source4/torture/gpo/wscript_build b/source4/torture/gpo/wscript_build
new file mode 100644
index 0000000..d7b131f
--- /dev/null
+++ b/source4/torture/gpo/wscript_build
@@ -0,0 +1,13 @@
+#!/usr/bin/env python
+
+bld.SAMBA_MODULE('TORTURE_GPO',
+	source='''
+        gpo.c
+        apply.c
+        ''',
+	subsystem='smbtorture',
+	deps='torture samba-util-core ldb',
+	internal_module=True,
+	autoproto='proto.h',
+	init_function='torture_gpo_init'
+	)
diff --git a/source4/torture/krb5/kdc-canon-heimdal.c b/source4/torture/krb5/kdc-canon-heimdal.c
new file mode 100644
index 0000000..392329a
--- /dev/null
+++ b/source4/torture/krb5/kdc-canon-heimdal.c
@@ -0,0 +1,1091 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Validate the krb5 pac generation routines
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2015
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/kerberos.h"
+#include "torture/smbtorture.h"
+#include "torture/krb5/proto.h"
+#include "auth/credentials/credentials.h"
+#include "lib/cmdline/cmdline.h"
+#include "source4/auth/kerberos/kerberos.h"
+#include "source4/auth/kerberos/kerberos_util.h"
+#include "lib/util/util_net.h"
+#include "auth/auth.h"
+#include "auth/auth_sam_reply.h"
+#include "auth/gensec/gensec.h"
+#include "param/param.h"
+
+#undef strcasecmp
+
+#define TEST_CANONICALIZE     0x0000001
+#define TEST_ENTERPRISE       0x0000002
+#define TEST_UPPER_USERNAME   0x0000008
+#define TEST_WIN2K            0x0000020
+#define TEST_UPN              0x0000040
+#define TEST_S4U2SELF         0x0000080
+#define TEST_REMOVEDOLLAR     0x0000100
+#define TEST_AS_REQ_SPN       0x0000200
+#define TEST_ALL              0x00003FF
+
+struct test_data {
+	const char *test_name;
+	const char *realm;
+	const char *real_realm;
+	const char *real_domain;
+	const char *username;
+	const char *real_username;
+	bool canonicalize;
+	bool enterprise;
+	bool upper_username;
+	bool win2k;
+	bool upn;
+	bool other_upn_suffix;
+	bool s4u2self;
+	bool removedollar;
+	bool as_req_spn;
+	bool spn_is_upn;
+	const char *krb5_service;
+	const char *krb5_hostname;
+};
+
+struct torture_krb5_context {
+	struct smb_krb5_context *smb_krb5_context;
+	struct torture_context *tctx;
+	struct addrinfo *server;
+	struct test_data *test_data;
+	int packet_count;
+};
+
+struct pac_data {
+	const char *principal_name;
+};
+
+/*
+ * A helper function which avoids touching the local databases to
+ * generate the session info, as we just want to verify the principal
+ * name that we found in the ticket not the full local token
+ */
+static NTSTATUS test_generate_session_info_pac(struct auth4_context *auth_ctx,
+					       TALLOC_CTX *mem_ctx,
+					       struct smb_krb5_context *smb_krb5_context,
+					       DATA_BLOB *pac_blob,
+					       const char *principal_name,
+					       const struct tsocket_address *remote_address,
+					       uint32_t session_info_flags,
+					       struct auth_session_info **session_info)
+{
+	NTSTATUS nt_status;
+	struct auth_user_info_dc *user_info_dc;
+	TALLOC_CTX *tmp_ctx;
+	struct pac_data *pac_data;
+
+	if (pac_blob == NULL) {
+		DBG_ERR("pac_blob missing\n");
+		return NT_STATUS_NO_IMPERSONATION_TOKEN;
+	}
+
+	tmp_ctx = talloc_named(mem_ctx, 0, "gensec_gssapi_session_info context");
+	NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
+
+	auth_ctx->private_data = pac_data = talloc_zero(auth_ctx, struct pac_data);
+
+	pac_data->principal_name = talloc_strdup(pac_data, principal_name);
+	if (!pac_data->principal_name) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	nt_status = kerberos_pac_blob_to_user_info_dc(tmp_ctx,
+						      *pac_blob,
+						      smb_krb5_context->krb5_context,
+						      &user_info_dc, NULL, NULL);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(tmp_ctx);
+		return nt_status;
+	}
+
+	if (!(user_info_dc->info->user_flags & NETLOGON_GUEST)) {
+		session_info_flags |= AUTH_SESSION_INFO_AUTHENTICATED;
+	}
+
+	session_info_flags |= AUTH_SESSION_INFO_SIMPLE_PRIVILEGES;
+	nt_status = auth_generate_session_info(mem_ctx,
+					       NULL,
+					       NULL,
+					       user_info_dc, session_info_flags,
+					       session_info);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(tmp_ctx);
+		return nt_status;
+	}
+
+	talloc_free(tmp_ctx);
+	return NT_STATUS_OK;
+}
+
+/* Check to see if we can pass the PAC across to the NETLOGON server for validation */
+
+/* Also happens to be a really good one-step verification of our Kerberos stack */
+
+static bool test_accept_ticket(struct torture_context *tctx,
+			       struct cli_credentials *credentials,
+			       const char *principal,
+			       DATA_BLOB client_to_server)
+{
+	NTSTATUS status;
+	struct gensec_security *gensec_server_context;
+	DATA_BLOB server_to_client;
+	struct auth4_context *auth_context;
+	struct auth_session_info *session_info;
+	struct pac_data *pac_data;
+	TALLOC_CTX *tmp_ctx = talloc_new(tctx);
+
+	torture_assert(tctx, tmp_ctx != NULL, "talloc_new() failed");
+
+	auth_context = talloc_zero(tmp_ctx, struct auth4_context);
+	torture_assert(tctx, auth_context != NULL, "talloc_new() failed");
+
+	auth_context->generate_session_info_pac = test_generate_session_info_pac;
+
+	status = gensec_server_start(tctx,
+				     lpcfg_gensec_settings(tctx, tctx->lp_ctx),
+				     auth_context, &gensec_server_context);
+	torture_assert_ntstatus_ok(tctx, status, "gensec_server_start (server) failed");
+
+	status = gensec_set_credentials(gensec_server_context, credentials);
+	torture_assert_ntstatus_ok(tctx, status, "gensec_set_credentials (server) failed");
+
+	status = gensec_start_mech_by_name(gensec_server_context, "krb5");
+	torture_assert_ntstatus_ok(tctx, status, "gensec_start_mech_by_name (server) failed");
+
+	server_to_client = data_blob(NULL, 0);
+
+	/* Do a client-server update dance */
+	status = gensec_update(gensec_server_context, tmp_ctx, client_to_server, &server_to_client);
+	torture_assert_ntstatus_ok(tctx, status, "gensec_update (server) failed");
+
+	/* Extract the PAC using Samba's code */
+
+	status = gensec_session_info(gensec_server_context, gensec_server_context, &session_info);
+	torture_assert_ntstatus_ok(tctx, status, "gensec_session_info failed");
+
+	pac_data = talloc_get_type(auth_context->private_data, struct pac_data);
+
+	torture_assert(tctx, pac_data != NULL, "gensec_update failed to fill in pac_data in auth_context");
+	torture_assert(tctx, pac_data->principal_name != NULL, "principal_name not present");
+	torture_assert_str_equal(tctx, pac_data->principal_name, principal, "wrong principal name");
+	return true;
+}
+
+/*
+ * This function is set in torture_krb5_init_context_canon as krb5
+ * send_and_recv function.  This allows us to override what server the
+ * test is aimed at, and to inspect the packets just before they are
+ * sent to the network, and before they are processed on the recv
+ * side.
+ *
+ */
+static krb5_error_code test_krb5_send_to_realm_canon_override(struct smb_krb5_context *smb_krb5_context,
+							      void *data, /* struct torture_krb5_context */
+							      krb5_const_realm realm,
+							      time_t timeout,
+							      const krb5_data *send_buf,
+							      krb5_data *recv_buf)
+{
+	krb5_error_code k5ret;
+
+	struct torture_krb5_context *test_context
+		= talloc_get_type_abort(data, struct torture_krb5_context);
+
+	SMB_ASSERT(smb_krb5_context == test_context->smb_krb5_context);
+
+	k5ret = smb_krb5_send_and_recv_func_forced_tcp(smb_krb5_context,
+						       test_context->server,
+						       timeout,
+						       send_buf,
+						       recv_buf);
+	if (k5ret != 0) {
+		return k5ret;
+	}
+
+	test_context->packet_count++;
+
+	return k5ret;
+}
+
+static int test_context_destructor(struct torture_krb5_context *test_context)
+{
+	freeaddrinfo(test_context->server);
+	return 0;
+}
+
+
+static bool torture_krb5_init_context_canon(struct torture_context *tctx,
+					     struct test_data *test_data,
+					     struct torture_krb5_context **torture_krb5_context)
+{
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	krb5_error_code k5ret;
+	bool ok;
+
+	struct torture_krb5_context *test_context = talloc_zero(tctx, struct torture_krb5_context);
+	torture_assert(tctx, test_context != NULL, "Failed to allocate");
+
+	test_context->test_data = test_data;
+	test_context->tctx = tctx;
+
+	k5ret = smb_krb5_init_context(test_context, tctx->lp_ctx, &test_context->smb_krb5_context);
+	torture_assert_int_equal(tctx, k5ret, 0, "smb_krb5_init_context failed");
+
+	ok = interpret_string_addr_internal(&test_context->server, host, AI_NUMERICHOST);
+	torture_assert(tctx, ok, "Failed to parse target server");
+
+	talloc_set_destructor(test_context, test_context_destructor);
+
+	set_sockaddr_port(test_context->server->ai_addr, 88);
+
+	k5ret = smb_krb5_set_send_to_kdc_func(test_context->smb_krb5_context,
+					      test_krb5_send_to_realm_canon_override,
+					      NULL, /* send_to_kdc */
+					      test_context);
+	torture_assert_int_equal(tctx, k5ret, 0, "krb5_set_send_to_kdc_func failed");
+	*torture_krb5_context = test_context;
+	return true;
+}
+
+
+static bool torture_krb5_as_req_canon(struct torture_context *tctx, const void *tcase_data)
+{
+	krb5_error_code k5ret;
+	krb5_get_init_creds_opt *krb_options = NULL;
+	struct test_data *test_data = talloc_get_type_abort(tcase_data, struct test_data);
+	krb5_principal principal;
+	krb5_principal krbtgt_other;
+	krb5_principal expected_principal;
+	const char *principal_string = NULL;
+	char *krbtgt_other_string;
+	int principal_flags;
+	const char *expected_principal_string = NULL;
+	char *expected_unparse_principal_string;
+	int expected_principal_flags;
+	char *got_principal_string;
+	char *assertion_message;
+	const char *password = cli_credentials_get_password(
+			samba_cmdline_get_creds());
+	krb5_context k5_context;
+	struct torture_krb5_context *test_context;
+	bool ok;
+	krb5_creds my_creds;
+	krb5_creds *server_creds;
+	krb5_ccache ccache;
+	krb5_auth_context auth_context;
+	char *cc_name;
+	krb5_data in_data, enc_ticket;
+	krb5_get_creds_opt opt;
+
+	const char *spn = NULL;
+	const char *spn_real_realm = NULL;
+	const char *upn = torture_setting_string(tctx, "krb5-upn", "");
+	test_data->krb5_service = torture_setting_string(tctx, "krb5-service", "host");
+	test_data->krb5_hostname = torture_setting_string(tctx, "krb5-hostname", "");
+
+	/*
+	 * If we have not passed a UPN on the command line,
+	 * then skip the UPN tests.
+	 */
+	if (test_data->upn && upn[0] == '\0') {
+		torture_skip(tctx, "This test needs a UPN specified as --option=torture:krb5-upn=user@example.com to run");
+	}
+
+	/*
+	 * If we have not passed a SPN on the command line,
+	 * then skip the SPN tests.
+	 */
+	if (test_data->as_req_spn && test_data->krb5_hostname[0] == '\0') {
+		torture_skip(tctx, "This test needs a hostname specified as --option=torture:krb5-hostname=hostname.example.com and optionally --option=torture:krb5-service=service (defaults to host) to run");
+	}
+
+	if (test_data->removedollar &&
+	    !torture_setting_bool(tctx, "run_removedollar_test", false))
+	{
+		torture_skip(tctx, "--option=torture:run_removedollar_test=true not specified");
+	}
+
+	test_data->realm = test_data->real_realm;
+
+	if (test_data->upn) {
+		char *p;
+		test_data->username = talloc_strdup(test_data, upn);
+		p = strchr(test_data->username, '@');
+		if (p) {
+			*p = '\0';
+			p++;
+		}
+		/*
+		 * Test the UPN behaviour carefully.  We can
+		 * test in two different modes, depending on
+		 * what UPN has been set up for us.
+		 *
+		 * If the UPN is in our realm, then we do all the tests with this name also.
+		 *
+		 * If the UPN is not in our realm, then we
+		 * expect the tests that replace the realm to
+		 * fail (as it won't match)
+		 */
+		if (strcasecmp(p, test_data->real_realm) != 0) {
+			test_data->other_upn_suffix = true;
+		} else {
+			test_data->other_upn_suffix = false;
+		}
+
+		/*
+		 * This lets us test the combination of the UPN prefix
+		 * with a valid domain, without adding even more
+		 * combinations
+		 */
+		test_data->realm = p;
+	}
+
+	ok = torture_krb5_init_context_canon(tctx, test_data, &test_context);
+	torture_assert(tctx, ok, "torture_krb5_init_context failed");
+	k5_context = test_context->smb_krb5_context->krb5_context;
+
+	test_data->realm = strupper_talloc(test_data, test_data->realm);
+	if (test_data->upper_username) {
+		test_data->username = strupper_talloc(test_data, test_data->username);
+	} else {
+		test_data->username = talloc_strdup(test_data, test_data->username);
+	}
+
+	if (test_data->removedollar) {
+		char *p;
+
+		p = strchr_m(test_data->username, '$');
+		torture_assert(tctx, p != NULL, talloc_asprintf(tctx,
+			       "username[%s] contains no '$'\n",
+			       test_data->username));
+		*p = '\0';
+	}
+
+	spn = talloc_asprintf(test_data, "%s/%s@%s",
+			      test_data->krb5_service,
+			      test_data->krb5_hostname,
+			      test_data->realm);
+
+	spn_real_realm = talloc_asprintf(test_data, "%s/%s@%s",
+					 test_data->krb5_service,
+					 test_data->krb5_hostname,
+					 test_data->real_realm);
+
+	if (!test_data->canonicalize && test_data->enterprise) {
+		torture_skip(tctx,
+			     "This test combination "
+			     "is skipped intentionally");
+	}
+
+	if (test_data->as_req_spn) {
+		if (test_data->enterprise) {
+			torture_skip(tctx,
+				     "This test combination "
+				     "is skipped intentionally");
+		}
+		principal_string = spn;
+	} else {
+		principal_string = talloc_asprintf(test_data,
+						   "%s@%s",
+						   test_data->username,
+						   test_data->realm);
+		
+	}
+
+	test_data->spn_is_upn
+		= (strcasecmp(upn, spn) == 0);
+				
+	/*
+	 * If we are set to canonicalize, we get back the fixed UPPER
+	 * case realm, and the real username (ie matching LDAP
+	 * samAccountName)
+	 *
+	 * Otherwise, if we are set to enterprise, we
+	 * get back the whole principal as-sent
+	 *
+	 * Finally, if we are not set to canonicalize, we get back the
+	 * fixed UPPER case realm, but the as-sent username
+	 */
+	if (test_data->as_req_spn && !test_data->spn_is_upn) {
+		expected_principal_string = spn;
+	} else if (test_data->canonicalize) {
+		expected_principal_string = talloc_asprintf(test_data,
+							    "%s@%s",
+							    test_data->real_username,
+							    test_data->real_realm);
+	} else if (test_data->as_req_spn && test_data->spn_is_upn) {
+		expected_principal_string = spn_real_realm;
+	} else {
+		expected_principal_string = talloc_asprintf(test_data,
+							    "%s@%s",
+							    test_data->username,
+							    test_data->real_realm);
+	}
+
+	if (test_data->enterprise) {
+		principal_flags = KRB5_PRINCIPAL_PARSE_ENTERPRISE;
+	} else {
+		if (test_data->upn && test_data->other_upn_suffix) {
+			torture_skip(tctx, "UPN test for UPN with other UPN suffix only runs with enterprise principals");
+		}
+		principal_flags = 0;
+	}
+
+	if (test_data->canonicalize) {
+		expected_principal_flags = 0;
+	} else {
+		expected_principal_flags = principal_flags;
+	}
+
+	torture_assert_int_equal(tctx,
+				 krb5_parse_name_flags(k5_context,
+						       principal_string,
+						       principal_flags,
+						       &principal),
+					 0, "krb5_parse_name_flags failed");
+	torture_assert_int_equal(tctx,
+				 krb5_parse_name_flags(k5_context,
+						       expected_principal_string,
+						       expected_principal_flags,
+						       &expected_principal),
+				 0, "krb5_parse_name_flags failed");
+	
+	if (test_data->as_req_spn) {
+		if (test_data->upn) {
+			krb5_principal_set_type(k5_context,
+						principal,
+						KRB5_NT_PRINCIPAL);
+			krb5_principal_set_type(k5_context,
+						expected_principal,
+						KRB5_NT_PRINCIPAL);
+		} else {
+			krb5_principal_set_type(k5_context,
+						principal,
+						KRB5_NT_SRV_HST);
+			krb5_principal_set_type(k5_context,
+						expected_principal,
+						KRB5_NT_SRV_HST);
+		}
+	}
+	
+	torture_assert_int_equal(tctx,
+				 krb5_unparse_name(k5_context,
+						   expected_principal,
+						   &expected_unparse_principal_string),
+				 0, "krb5_unparse_name failed");
+	/*
+	 * Prepare a AS-REQ and run the TEST_AS_REQ tests
+	 *
+	 */
+
+	test_context->packet_count = 0;
+
+	/*
+	 * Set the canonicalize flag if this test requires it
+	 */
+	torture_assert_int_equal(tctx,
+				 krb5_get_init_creds_opt_alloc(k5_context, &krb_options),
+				 0, "krb5_get_init_creds_opt_alloc failed");
+
+	torture_assert_int_equal(tctx,
+				 krb5_get_init_creds_opt_set_canonicalize(k5_context,
+									  krb_options,
+									  test_data->canonicalize),
+				 0, "krb5_get_init_creds_opt_set_canonicalize failed");
+
+	torture_assert_int_equal(tctx,
+				 krb5_get_init_creds_opt_set_win2k(k5_context,
+								   krb_options,
+								   test_data->win2k),
+				 0, "krb5_get_init_creds_opt_set_win2k failed");
+
+	k5ret = krb5_get_init_creds_password(k5_context, &my_creds, principal,
+					     password, NULL, NULL, 0,
+					     NULL, krb_options);
+
+	if (test_context->test_data->as_req_spn
+		   && !test_context->test_data->spn_is_upn) {
+		torture_assert_int_equal(tctx, k5ret,
+					 KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN,
+					 "Got wrong error_code from "
+					 "krb5_get_init_creds_password");
+		/* We can't proceed with more checks */
+		return true;
+	} else {
+		assertion_message = talloc_asprintf(tctx,
+						    "krb5_get_init_creds_password for %s failed: %s",
+						    principal_string,
+						    smb_get_krb5_error_message(k5_context, k5ret, tctx));
+		torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+	}
+
+	torture_assert(tctx,
+		       test_context->packet_count > 1,
+		       "Expected krb5_get_init_creds_password to send more packets");
+
+	/*
+	 * Assert that the reply was with the correct type of
+	 * principal, depending on the flags we set
+	 */
+	if (test_data->canonicalize == false && test_data->as_req_spn) {
+		torture_assert_int_equal(tctx,
+					 krb5_principal_get_type(k5_context,
+								 my_creds.client),
+					 KRB5_NT_SRV_HST,
+					 "smb_krb5_init_context gave incorrect client->name.name_type");
+	} else {
+		torture_assert_int_equal(tctx,
+					 krb5_principal_get_type(k5_context,
+								 my_creds.client),
+					 KRB5_NT_PRINCIPAL,
+					 "smb_krb5_init_context gave incorrect client->name.name_type");
+	}
+
+	torture_assert_int_equal(tctx,
+				 krb5_unparse_name(k5_context,
+						   my_creds.client, &got_principal_string), 0,
+				 "krb5_unparse_name failed");
+
+	assertion_message = talloc_asprintf(tctx,
+					    "krb5_get_init_creds_password returned a different principal %s to what was expected %s",
+					    got_principal_string, expected_principal_string);
+	krb5_xfree(got_principal_string);
+
+	torture_assert(tctx, krb5_principal_compare(k5_context,
+						    my_creds.client, expected_principal),
+		       assertion_message);
+
+
+	torture_assert_int_equal(tctx,
+				 krb5_principal_get_type(k5_context,
+							 my_creds.server), KRB5_NT_SRV_INST,
+				 "smb_krb5_init_context gave incorrect server->name.name_type");
+
+	torture_assert_int_equal(tctx,
+				 krb5_principal_get_num_comp(k5_context,
+							     my_creds.server), 2,
+				 "smb_krb5_init_context gave incorrect number of components in my_creds.server->name");
+
+	torture_assert_str_equal(tctx,
+				 krb5_principal_get_comp_string(k5_context,
+								my_creds.server, 0),
+				 "krbtgt",
+				 "smb_krb5_init_context gave incorrect my_creds.server->name.name_string[0]");
+
+	if (test_data->canonicalize) {
+		torture_assert_str_equal(tctx,
+					 krb5_principal_get_comp_string(k5_context,
+									my_creds.server, 1),
+					 test_data->real_realm,
+
+					 "smb_krb5_init_context gave incorrect my_creds.server->name.name_string[1]");
+	} else {
+		torture_assert_str_equal(tctx,
+					 krb5_principal_get_comp_string(k5_context,
+									my_creds.server, 1),
+					 test_data->realm,
+
+					 "smb_krb5_init_context gave incorrect my_creds.server->name.name_string[1]");
+	}
+	torture_assert_str_equal(tctx,
+				 krb5_principal_get_realm(k5_context,
+							  my_creds.server),
+				 test_data->real_realm,
+				 "smb_krb5_init_context gave incorrect my_creds.server->realm");
+
+	/* Store the result of the 'kinit' above into a memory ccache */
+	cc_name = talloc_asprintf(tctx, "MEMORY:%s", test_data->test_name);
+	torture_assert_int_equal(tctx, krb5_cc_resolve(k5_context, cc_name,
+						       &ccache),
+				 0, "krb5_cc_resolve failed");
+
+	torture_assert_int_equal(tctx, krb5_cc_initialize(k5_context,
+							  ccache, my_creds.client),
+				 0, "krb5_cc_initialize failed");
+
+	torture_assert_int_equal(tctx, krb5_cc_store_cred(k5_context,
+							  ccache, &my_creds),
+				 0, "krb5_cc_store_cred failed");
+
+	/*
+	 * Prepare a TGS-REQ and run the TEST_TGS_REQ_KRBTGT_CANON tests
+	 *
+	 * This tests krb5_get_creds behaviour, which allows us to set
+	 * the KRB5_GC_CANONICALIZE option against the krbtgt/ principal
+	 */
+
+	krbtgt_other_string = talloc_asprintf(test_data, "krbtgt/%s@%s", test_data->real_domain, test_data->real_realm);
+	torture_assert_int_equal(tctx,
+				 krb5_make_principal(k5_context, &krbtgt_other,
+						     test_data->real_realm, "krbtgt",
+						     test_data->real_domain, NULL),
+				 0, "krb5_make_principal failed");
+
+	test_context->packet_count = 0;
+
+	torture_assert_int_equal(tctx,
+				 krb5_get_creds_opt_alloc(k5_context, &opt),
+				 0, "krb5_get_creds_opt_alloc");
+
+	krb5_get_creds_opt_add_options(k5_context,
+				       opt,
+				       KRB5_GC_CANONICALIZE);
+
+	krb5_get_creds_opt_add_options(k5_context,
+				       opt,
+				       KRB5_GC_NO_STORE);
+
+	/* Confirm if we can get a ticket krbtgt/realm that we got back with the initial kinit */
+	k5ret = krb5_get_creds(k5_context, opt, ccache, krbtgt_other, &server_creds);
+
+	{
+		/*
+		 * In these situations, the code above does not store a
+		 * principal in the credentials cache matching what
+		 * krb5_get_creds() needs without talking to the KDC, so the
+		 * test fails with looping detected because when we set
+		 * canonicalize we confuse the client libs.
+		 *
+		 */
+		assertion_message = talloc_asprintf(tctx,
+						    "krb5_get_creds for %s should have failed with looping detected: %s",
+						    krbtgt_other_string,
+						    smb_get_krb5_error_message(k5_context, k5ret,
+									       tctx));
+
+		torture_assert_int_equal(tctx, k5ret, KRB5_GET_IN_TKT_LOOP, assertion_message);
+		torture_assert_int_equal(tctx,
+					 test_context->packet_count,
+					 2, "Expected krb5_get_creds to send packets");
+	}
+
+	/*
+	 * Prepare a TGS-REQ and run the TEST_TGS_REQ_CANON tests
+	 *
+	 * This tests krb5_get_creds behaviour, which allows us to set
+	 * the KRB5_GC_CANONICALIZE option
+	 */
+
+	test_context->packet_count = 0;
+
+	torture_assert_int_equal(tctx,
+				 krb5_get_creds_opt_alloc(k5_context, &opt),
+				 0, "krb5_get_creds_opt_alloc");
+
+	krb5_get_creds_opt_add_options(k5_context,
+				       opt,
+				       KRB5_GC_CANONICALIZE);
+
+	krb5_get_creds_opt_add_options(k5_context,
+				       opt,
+				       KRB5_GC_NO_STORE);
+
+	if (test_data->s4u2self) {
+		torture_assert_int_equal(tctx,
+					 krb5_get_creds_opt_set_impersonate(k5_context,
+									    opt,
+									    principal),
+					 0, "krb5_get_creds_opt_set_impersonate failed");
+	}
+
+	/* Confirm if we can get a ticket to our own name */
+	k5ret = krb5_get_creds(k5_context, opt, ccache, principal, &server_creds);
+
+	/*
+	 * In these situations, the code above does not store a
+	 * principal in the credentials cache matching what
+	 * krb5_get_creds() needs, so the test fails.
+	 *
+	 */
+	{
+		assertion_message = talloc_asprintf(tctx,
+						    "krb5_get_creds for %s failed: %s",
+						    principal_string,
+						    smb_get_krb5_error_message(k5_context, k5ret,
+									       tctx));
+
+		/*
+		 * Only machine accounts (strictly, accounts with a
+		 * servicePrincipalName) can expect this test to succeed
+		 */
+		if (torture_setting_bool(tctx, "expect_machine_account", false)
+		    && (test_data->enterprise
+			|| test_data->spn_is_upn
+			|| test_data->upn == false)) {
+			torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+			torture_assert_int_equal(tctx, krb5_cc_store_cred(k5_context,
+									  ccache, server_creds),
+						 0, "krb5_cc_store_cred failed");
+
+			torture_assert_int_equal(tctx,
+						 krb5_free_creds(k5_context,
+								 server_creds),
+						 0, "krb5_free_cred_contents failed");
+
+			torture_assert_int_equal(tctx,
+						 test_context->packet_count,
+						 1, "Expected krb5_get_creds to send one packet");
+
+		} else {
+			torture_assert_int_equal(tctx, k5ret, KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN,
+						 assertion_message);
+			/* Account for get_cred_kdc_capath() and get_cred_kdc_referral() fallback */
+			torture_assert_int_equal(tctx,
+						 test_context->packet_count,
+						 2, "Expected krb5_get_creds to send 2 packets");
+		}
+	}
+
+	/*
+	 * Confirm getting a ticket to pass to the server, running
+	 * either the TEST_TGS_REQ or TEST_SELF_TRUST_TGS_REQ stage.
+	 *
+	 * This triggers the client to attempt to get a
+	 * cross-realm ticket between the alternate names of
+	 * the server, and we need to confirm that behaviour.
+	 *
+	 */
+
+	test_context->packet_count = 0;
+	torture_assert_int_equal(tctx, krb5_auth_con_init(k5_context, &auth_context),
+				 0, "krb5_auth_con_init failed");
+
+	in_data.length = 0;
+	k5ret = krb5_mk_req_exact(k5_context,
+				  &auth_context,
+				  AP_OPTS_USE_SUBKEY,
+				  principal,
+				  &in_data, ccache,
+				  &enc_ticket);
+	assertion_message = talloc_asprintf(tctx,
+					    "krb5_mk_req_exact for %s failed: %s",
+					    principal_string,
+					    smb_get_krb5_error_message(k5_context, k5ret, tctx));
+
+	/*
+	 * Only machine accounts (strictly, accounts with a
+	 * servicePrincipalName) can expect this test to succeed
+	 */
+	if (torture_setting_bool(tctx, "expect_machine_account", false)
+	    && (test_data->enterprise ||
+		(test_context->test_data->as_req_spn 
+		 || test_context->test_data->spn_is_upn)
+		|| test_data->upn == false)) {
+		DATA_BLOB client_to_server;
+		torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+		client_to_server = data_blob_const(enc_ticket.data, enc_ticket.length);
+
+		/* This is very weird */
+		if (test_data->canonicalize == false
+		    && test_context->test_data->as_req_spn
+		    && test_context->test_data->spn_is_upn
+		    && test_context->test_data->s4u2self) {
+			
+			torture_assert(tctx,
+				       test_accept_ticket(tctx,
+							  samba_cmdline_get_creds(),
+							  spn_real_realm,
+							  client_to_server),
+				       "test_accept_ticket failed - failed to accept the ticket we just created");
+		} else if (test_data->canonicalize == true
+		    && test_context->test_data->as_req_spn
+		    && test_context->test_data->spn_is_upn
+		    && test_context->test_data->s4u2self) {
+			
+			torture_assert(tctx,
+				       test_accept_ticket(tctx,
+							  samba_cmdline_get_creds(),
+							  expected_principal_string,
+							  client_to_server),
+				       "test_accept_ticket failed - failed to accept the ticket we just created");
+		} else if (test_data->canonicalize == true
+			   && test_data->enterprise == false
+			   && test_context->test_data->upn
+			   && test_context->test_data->spn_is_upn
+			   && test_context->test_data->s4u2self) {
+			
+			torture_assert(tctx,
+				       test_accept_ticket(tctx,
+							  samba_cmdline_get_creds(),
+							  expected_principal_string,
+							  client_to_server),
+				       "test_accept_ticket failed - failed to accept the ticket we just created");
+		} else if (test_data->canonicalize == false
+			   && test_context->test_data->upn
+			   && test_context->test_data->spn_is_upn
+			   && test_context->test_data->s4u2self) {
+			
+			const char *accept_expected_principal_string
+				= talloc_asprintf(test_data,
+						  "%s@%s",
+						  test_data->username,
+						  test_data->real_realm);
+			
+			torture_assert(tctx,
+				       test_accept_ticket(tctx,
+							  samba_cmdline_get_creds(),
+							  accept_expected_principal_string,
+							  client_to_server),
+				       "test_accept_ticket failed - failed to accept the ticket we just created");
+		} else {
+		
+			torture_assert(tctx,
+				       test_accept_ticket(tctx,
+							  samba_cmdline_get_creds(),
+							  expected_unparse_principal_string,
+							  client_to_server),
+				       "test_accept_ticket failed - failed to accept the ticket we just created");
+		}
+		krb5_data_free(&enc_ticket);
+	} else {
+		torture_assert_int_equal(tctx, k5ret, KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN,
+					 assertion_message);
+	}
+
+	/*
+	 * Confirm getting a ticket to pass to the server, running
+	 * the TEST_TGS_REQ_HOST, TEST_TGS_REQ_HOST_SRV_INST, TEST_TGS_REQ_HOST_SRV_HST stage
+	 *
+	 * This triggers the client to attempt to get a
+	 * cross-realm ticket between the alternate names of
+	 * the server, and we need to confirm that behaviour.
+	 *
+	 */
+
+	if (*test_data->krb5_service && *test_data->krb5_hostname) {
+		krb5_principal host_principal_srv_inst;
+		/*
+		 * This tries to guess when the krb5 libs will ask for a
+		 * cross-realm ticket, and when they will just ask the KDC
+		 * directly.
+		 */
+		test_context->packet_count = 0;
+		torture_assert_int_equal(tctx, krb5_auth_con_init(k5_context, &auth_context),
+					 0, "krb5_auth_con_init failed");
+
+		in_data.length = 0;
+		k5ret = krb5_mk_req(k5_context,
+				    &auth_context,
+				    0,
+				    test_data->krb5_service,
+				    test_data->krb5_hostname,
+				    &in_data, ccache,
+				    &enc_ticket);
+
+		{
+			assertion_message = talloc_asprintf(tctx,
+							    "krb5_mk_req for %s/%s failed: %s",
+							    test_data->krb5_service,
+							    test_data->krb5_hostname,
+							    smb_get_krb5_error_message(k5_context, k5ret, tctx));
+
+			torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+
+			if (test_data->spn_is_upn == false) {
+				/*
+				 * Only in these cases would the above
+				 * code have needed to send packets to
+				 * the network
+				 */
+				torture_assert(tctx,
+					       test_context->packet_count > 0,
+					       "Expected krb5_get_creds to send packets");
+			}
+		}
+
+
+		test_context->packet_count = 0;
+
+		torture_assert_int_equal(tctx,
+					 krb5_make_principal(k5_context, &host_principal_srv_inst,
+							     test_data->real_realm,
+							     strupper_talloc(tctx, test_data->krb5_service),
+							     test_data->krb5_hostname,
+							     NULL),
+					 0, "krb5_make_principal failed");
+
+		krb5_principal_set_type(k5_context, host_principal_srv_inst, KRB5_NT_SRV_INST);
+
+		torture_assert_int_equal(tctx, krb5_auth_con_init(k5_context, &auth_context),
+					 0, "krb5_auth_con_init failed");
+
+		in_data.length = 0;
+		k5ret = krb5_mk_req_exact(k5_context,
+					  &auth_context,
+					  0,
+					  host_principal_srv_inst,
+					  &in_data, ccache,
+					  &enc_ticket);
+		krb5_free_principal(k5_context, host_principal_srv_inst);
+		{
+			assertion_message = talloc_asprintf(tctx,
+							    "krb5_mk_req for %s/%s KRB5_NT_SRV_INST failed: %s",
+							    test_data->krb5_service,
+							    test_data->krb5_hostname,
+							    smb_get_krb5_error_message(k5_context, k5ret, tctx));
+
+			torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+			/*
+			 * Only in these cases would the above code have needed to
+			 * send packets to the network
+			 */
+			torture_assert(tctx,
+				       test_context->packet_count > 0,
+				       "Expected krb5_get_creds to send packets");
+		}
+
+
+		test_context->packet_count = 0;
+
+		torture_assert_int_equal(tctx,
+					 krb5_make_principal(k5_context, &host_principal_srv_inst,
+							     test_data->real_realm,
+							     test_data->krb5_service,
+							     strupper_talloc(tctx, test_data->krb5_hostname),
+							     NULL),
+					 0, "krb5_make_principal failed");
+
+		krb5_principal_set_type(k5_context, host_principal_srv_inst, KRB5_NT_SRV_HST);
+
+		torture_assert_int_equal(tctx, krb5_auth_con_init(k5_context, &auth_context),
+					 0, "krb5_auth_con_init failed");
+
+		in_data.length = 0;
+		k5ret = krb5_mk_req_exact(k5_context,
+					  &auth_context,
+					  0,
+					  host_principal_srv_inst,
+					  &in_data, ccache,
+					  &enc_ticket);
+		krb5_free_principal(k5_context, host_principal_srv_inst);
+		{
+			assertion_message = talloc_asprintf(tctx,
+							    "krb5_mk_req for %s/%s KRB5_NT_SRV_INST failed: %s",
+							    test_data->krb5_service,
+							    test_data->krb5_hostname,
+							    smb_get_krb5_error_message(k5_context, k5ret, tctx));
+
+			torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+			/*
+			 * Only in these cases would the above code have needed to
+			 * send packets to the network
+			 */
+			torture_assert(tctx,
+				       test_context->packet_count > 0,
+				       "Expected krb5_get_creds to send packets");
+		}
+	}
+
+	/*
+	 * Confirm getting a ticket for the same krbtgt/realm that we
+	 * got back with the initial ticket, running the
+	 * TEST_TGS_REQ_KRBTGT stage.
+	 *
+	 */
+
+	test_context->packet_count = 0;
+
+	in_data.length = 0;
+	k5ret = krb5_mk_req_exact(k5_context,
+				  &auth_context,
+				  0,
+				  my_creds.server,
+				  &in_data, ccache,
+				  &enc_ticket);
+
+	assertion_message = talloc_asprintf(tctx,
+					    "krb5_mk_req_exact for %s failed: %s",
+					    principal_string,
+					    smb_get_krb5_error_message(k5_context, k5ret, tctx));
+	torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+
+	krb5_free_principal(k5_context, principal);
+	krb5_get_init_creds_opt_free(k5_context, krb_options);
+
+	torture_assert_int_equal(tctx, krb5_free_cred_contents(k5_context, &my_creds),
+				 0, "krb5_free_cred_contents failed");
+
+	return true;
+}
+
+struct torture_suite *torture_krb5_canon(TALLOC_CTX *mem_ctx)
+{
+	unsigned int i;
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "canon");
+	suite->description = talloc_strdup(suite, "Kerberos Canonicalisation tests");
+
+	for (i = 0; i < TEST_ALL; i++) {
+		char *name = talloc_asprintf(suite, "%s.%s.%s.%s.%s.%s",
+					     (i & TEST_CANONICALIZE) ? "canon" : "no-canon",
+					     (i & TEST_ENTERPRISE) ? "enterprise" : "no-enterprise",
+					     (i & TEST_UPPER_USERNAME) ? "uc-user" : "lc-user",
+					     (i & TEST_WIN2K) ? "win2k" : "no-win2k",
+					     (i & TEST_UPN) ? "upn" :
+					     ((i & TEST_AS_REQ_SPN) ? "spn" : 
+					      ((i & TEST_REMOVEDOLLAR) ? "removedollar" : "samaccountname")),
+					     (i & TEST_S4U2SELF) ? "s4u2self" : "normal");
+		struct torture_suite *sub_suite = torture_suite_create(mem_ctx, name);
+
+		struct test_data *test_data = talloc_zero(suite, struct test_data);
+		if (i & TEST_UPN) {
+			if (i & TEST_AS_REQ_SPN) {
+				continue;
+			}
+		}
+		if ((i & TEST_UPN) || (i & TEST_AS_REQ_SPN)) {
+			if (i & TEST_REMOVEDOLLAR) {
+				continue;
+			}
+		}
+		
+		test_data->test_name = name;
+		test_data->real_realm
+			= strupper_talloc(test_data,
+				cli_credentials_get_realm(
+					samba_cmdline_get_creds()));
+		test_data->real_domain = cli_credentials_get_domain(
+						samba_cmdline_get_creds());
+		test_data->username = cli_credentials_get_username(
+						samba_cmdline_get_creds());
+		test_data->real_username = cli_credentials_get_username(
+						samba_cmdline_get_creds());
+		test_data->canonicalize = (i & TEST_CANONICALIZE) != 0;
+		test_data->enterprise = (i & TEST_ENTERPRISE) != 0;
+		test_data->upper_username = (i & TEST_UPPER_USERNAME) != 0;
+		test_data->win2k = (i & TEST_WIN2K) != 0;
+		test_data->upn = (i & TEST_UPN) != 0;
+		test_data->s4u2self = (i & TEST_S4U2SELF) != 0;
+		test_data->removedollar = (i & TEST_REMOVEDOLLAR) != 0;
+		test_data->as_req_spn = (i & TEST_AS_REQ_SPN) != 0;
+		torture_suite_add_simple_tcase_const(sub_suite, name, torture_krb5_as_req_canon,
+						     test_data);
+		torture_suite_add_suite(suite, sub_suite);
+
+	}
+	return suite;
+}
diff --git a/source4/torture/krb5/kdc-heimdal.c b/source4/torture/krb5/kdc-heimdal.c
new file mode 100644
index 0000000..d665977
--- /dev/null
+++ b/source4/torture/krb5/kdc-heimdal.c
@@ -0,0 +1,1065 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Validate the krb5 pac generation routines
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2015
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/kerberos.h"
+#include "torture/smbtorture.h"
+#include "torture/winbind/proto.h"
+#include "torture/krb5/proto.h"
+#include "auth/credentials/credentials.h"
+#include "lib/cmdline/cmdline.h"
+#include "source4/auth/kerberos/kerberos.h"
+#include "source4/auth/kerberos/kerberos_util.h"
+#include "lib/util/util_net.h"
+
+#define krb5_is_app_tag(dat,tag)                          \
+       ((dat != NULL) && (dat)->length &&                \
+        (((((char *)(dat)->data)[0] & ~0x20) == ((tag) | 0x40))))
+
+#define krb5_is_krb_error(dat)                krb5_is_app_tag(dat, 30)
+
+enum torture_krb5_test {
+	TORTURE_KRB5_TEST_PLAIN,
+	TORTURE_KRB5_TEST_PAC_REQUEST,
+	TORTURE_KRB5_TEST_BREAK_PW,
+	TORTURE_KRB5_TEST_CLOCK_SKEW,
+	TORTURE_KRB5_TEST_AES,
+	TORTURE_KRB5_TEST_RC4,
+	TORTURE_KRB5_TEST_AES_RC4,
+
+	/* 
+	 * This is in and out of the client. 
+	 * Out refers to requests, in refers to replies
+	 */
+	TORTURE_KRB5_TEST_CHANGE_SERVER_OUT,
+	TORTURE_KRB5_TEST_CHANGE_SERVER_IN,
+	TORTURE_KRB5_TEST_CHANGE_SERVER_BOTH,
+};
+
+struct torture_krb5_context {
+	struct torture_context *tctx;
+	struct addrinfo *server;
+	enum torture_krb5_test test;
+	int packet_count;
+	AS_REQ as_req;
+	AS_REP as_rep;
+	const char *krb5_service;
+	const char *krb5_hostname;
+};
+
+/*
+ * Confirm that the outgoing packet meets certain expectations.  This
+ * should be extended to further assert the correct and expected
+ * behaviour of the krb5 libs, so we know what we are sending to the
+ * server.
+ *
+ */
+
+static bool torture_krb5_pre_send_test(struct torture_krb5_context *test_context, krb5_data *send_buf)
+{
+	size_t used;
+	switch (test_context->test)
+	{
+	case TORTURE_KRB5_TEST_PLAIN:
+	case TORTURE_KRB5_TEST_PAC_REQUEST:
+	case TORTURE_KRB5_TEST_BREAK_PW:
+	case TORTURE_KRB5_TEST_CLOCK_SKEW:
+	case TORTURE_KRB5_TEST_AES:
+	case TORTURE_KRB5_TEST_RC4:
+	case TORTURE_KRB5_TEST_AES_RC4:
+	case TORTURE_KRB5_TEST_CHANGE_SERVER_IN:
+		torture_assert_int_equal(test_context->tctx,
+					 decode_AS_REQ(send_buf->data, send_buf->length, &test_context->as_req, &used), 0,
+					 "decode_AS_REQ failed");
+		torture_assert_int_equal(test_context->tctx, used, send_buf->length, "length mismatch");
+		torture_assert_int_equal(test_context->tctx, test_context->as_req.pvno, 5, "Got wrong as_req->pvno");
+		break;
+	case TORTURE_KRB5_TEST_CHANGE_SERVER_OUT:
+	case TORTURE_KRB5_TEST_CHANGE_SERVER_BOTH:
+	{
+		AS_REQ mod_as_req;
+		krb5_error_code k5ret;
+		krb5_data modified_send_buf;
+		torture_assert_int_equal(test_context->tctx,
+					 decode_AS_REQ(send_buf->data, send_buf->length, &test_context->as_req, &used), 0,
+					 "decode_AS_REQ failed");
+		torture_assert_int_equal(test_context->tctx, used, send_buf->length, "length mismatch");
+		torture_assert_int_equal(test_context->tctx, test_context->as_req.pvno, 5, "Got wrong as_req->pvno");
+
+		/* Only change it if configured with --option=torture:krb5-hostname= */
+		if (test_context->krb5_hostname[0] == '\0') {
+			break;
+		}
+
+		mod_as_req = test_context->as_req;
+
+		torture_assert_int_equal(test_context->tctx,
+					 mod_as_req.req_body.sname->name_string.len, 2,
+					 "Sending wrong mod_as_req.req_body->sname.name_string.len");
+		free(mod_as_req.req_body.sname->name_string.val[0]);
+		free(mod_as_req.req_body.sname->name_string.val[1]);
+		mod_as_req.req_body.sname->name_string.val[0] = strdup(test_context->krb5_service);
+		mod_as_req.req_body.sname->name_string.val[1] = strdup(test_context->krb5_hostname);
+
+		ASN1_MALLOC_ENCODE(AS_REQ, modified_send_buf.data, modified_send_buf.length,
+				   &mod_as_req, &used, k5ret);
+		torture_assert_int_equal(test_context->tctx,
+					 k5ret, 0,
+					 "encode_AS_REQ failed");
+
+		*send_buf = modified_send_buf;
+		break;
+	}
+	}
+	return true;
+}
+
+static bool torture_check_krb5_error(struct torture_krb5_context *test_context,
+				     const krb5_data *reply,
+				     krb5_error_code expected_error,
+				     bool check_pa_data)
+{
+	KRB_ERROR error = { 0 };
+	size_t used = 0;
+	int rc;
+
+	rc = decode_KRB_ERROR(reply->data, reply->length, &error, &used);
+	torture_assert_int_equal(test_context->tctx,
+				 rc, 0,
+				 "decode_KRB_ERROR failed");
+
+	torture_assert_int_equal(test_context->tctx,
+				 used, reply->length,
+				 "length mismatch");
+	torture_assert_int_equal(test_context->tctx,
+				 error.pvno, 5,
+				 "Got wrong error.pvno");
+	torture_assert_int_equal(test_context->tctx,
+				 error.error_code, expected_error - KRB5KDC_ERR_NONE,
+				 "Got wrong error.error_code");
+
+	if (check_pa_data) {
+		METHOD_DATA m;
+		size_t len;
+		int i;
+		bool found_enc_ts = false;
+		bool found_etype_info2 = false;
+			torture_assert(test_context->tctx,
+				       error.e_data != NULL,
+				       "No e-data returned");
+
+			rc = decode_METHOD_DATA(error.e_data->data,
+						error.e_data->length,
+						&m,
+						&len);
+			torture_assert_int_equal(test_context->tctx,
+						 rc, 0,
+						 "Got invalid method data");
+
+			torture_assert(test_context->tctx,
+				       m.len > 0,
+				       "No PA_DATA given");
+			for (i = 0; i < m.len; i++) {
+				if (m.val[i].padata_type == KRB5_PADATA_ENC_TIMESTAMP) {
+					found_enc_ts = true;
+				}
+				else if (m.val[i].padata_type == KRB5_PADATA_ETYPE_INFO2) {
+					found_etype_info2 = true;
+				}
+			}
+			torture_assert(test_context->tctx,
+				       found_etype_info2,
+				       "PADATA_ETYPE_INFO2 not found");
+			if (expected_error != KRB5KDC_ERR_PREAUTH_FAILED)
+				torture_assert(test_context->tctx,
+					       found_enc_ts,
+					       "Encrypted timestamp not found");
+	}
+
+	free_KRB_ERROR(&error);
+
+	return true;
+}
+
+static bool torture_check_krb5_as_rep_enctype(struct torture_krb5_context *test_context,
+					      const krb5_data *reply,
+					      const krb5_enctype* allowed_enctypes)
+{
+	ENCTYPE reply_enctype = { 0 };
+	size_t used = 0;
+	int rc;
+	int expected_enctype = ETYPE_NULL;
+
+	rc = decode_AS_REP(reply->data,
+			   reply->length,
+			   &test_context->as_rep,
+			   &used);
+	torture_assert_int_equal(test_context->tctx,
+				 rc, 0,
+				 "decode_AS_REP failed");
+	torture_assert_int_equal(test_context->tctx,
+				 used, reply->length,
+				 "length mismatch");
+	torture_assert_int_equal(test_context->tctx,
+				 test_context->as_rep.pvno, 5,
+				 "Got wrong as_rep->pvno");
+	torture_assert_int_equal(test_context->tctx,
+				 test_context->as_rep.ticket.tkt_vno, 5,
+				 "Got wrong as_rep->ticket.tkt_vno");
+	torture_assert(test_context->tctx,
+		       test_context->as_rep.ticket.enc_part.kvno,
+		       "Did not get a KVNO in test_context->as_rep.ticket.enc_part.kvno");
+
+	if (test_context->as_req.padata) {
+		/*
+		 * If the AS-REQ contains a PA-ENC-TIMESTAMP, then
+		 * that encryption type is used to determine the reply
+		 * enctype.
+		 */
+		int i = 0;
+		const PA_DATA *pa = krb5_find_padata(test_context->as_req.padata->val,
+						     test_context->as_req.padata->len,
+						     KRB5_PADATA_ENC_TIMESTAMP,
+						     &i);
+		if (pa) {
+			EncryptedData ed;
+			size_t len;
+			krb5_error_code ret = decode_EncryptedData(pa->padata_value.data,
+								   pa->padata_value.length,
+								   &ed, &len);
+			torture_assert_int_equal(test_context->tctx,
+						 ret,
+						 0,
+						 "decode_EncryptedData failed");
+			expected_enctype = ed.etype;
+			free_EncryptedData(&ed);
+		}
+	}
+	if (expected_enctype == ETYPE_NULL) {
+		/*
+		 * Otherwise, find the strongest enctype contained in
+		 * the AS-REQ supported enctypes list.
+		 */
+		const krb5_enctype *p = NULL;
+
+		for (p = krb5_kerberos_enctypes(NULL); *p != (krb5_enctype)ETYPE_NULL; ++p) {
+			int j;
+
+			if ((*p == (krb5_enctype)ETYPE_AES256_CTS_HMAC_SHA1_96 ||
+			     *p == (krb5_enctype)ETYPE_AES128_CTS_HMAC_SHA1_96) &&
+			    !test_context->as_req.req_body.kdc_options.canonicalize)
+			{
+				/*
+				 * AES encryption types are only used here when
+				 * we set the canonicalize flag, as the salt
+				 * needs to match.
+				 */
+				continue;
+			}
+
+			for (j = 0; j < test_context->as_req.req_body.etype.len; ++j) {
+				krb5_enctype etype = test_context->as_req.req_body.etype.val[j];
+				if (*p == etype) {
+					expected_enctype = etype;
+					break;
+				}
+			}
+
+			if (expected_enctype != (krb5_enctype)ETYPE_NULL) {
+				break;
+			}
+		}
+	}
+
+	{
+		/* Ensure the enctype to check against is an expected type. */
+		const krb5_enctype *p = NULL;
+		bool found = false;
+		for (p = allowed_enctypes; *p != (krb5_enctype)ETYPE_NULL; ++p) {
+			if (*p == expected_enctype) {
+				found = true;
+				break;
+			}
+		}
+
+		torture_assert(test_context->tctx,
+			       found,
+			       "Calculated enctype not in allowed list");
+	}
+
+	reply_enctype = test_context->as_rep.enc_part.etype;
+	torture_assert_int_equal(test_context->tctx,
+				 reply_enctype, expected_enctype,
+				 "Ticket encrypted with invalid algorithm");
+
+	return true;
+}
+
+/*
+ * Confirm that the incoming packet from the KDC meets certain
+ * expectations.  This uses a switch and the packet count to work out
+ * what test we are in, and where in the test we are, so we can assert
+ * on the expected reply packets from the KDC.
+ *
+ */
+
+static bool torture_krb5_post_recv_test(struct torture_krb5_context *test_context, krb5_data *recv_buf)
+{
+	KRB_ERROR error;
+	size_t used;
+	bool ok;
+
+	switch (test_context->test)
+	{
+	case TORTURE_KRB5_TEST_CHANGE_SERVER_OUT:
+	case TORTURE_KRB5_TEST_PLAIN:
+		if (test_context->packet_count == 0) {
+			ok = torture_check_krb5_error(test_context,
+						      recv_buf,
+						      KRB5KDC_ERR_PREAUTH_REQUIRED,
+						      false);
+			torture_assert(test_context->tctx,
+				       ok,
+				       "torture_check_krb5_error failed");
+		} else if ((decode_KRB_ERROR(recv_buf->data, recv_buf->length, &error, &used) == 0)
+			   && (test_context->packet_count == 1)) {
+			torture_assert_int_equal(test_context->tctx, used, recv_buf->length, "length mismatch");
+			torture_assert_int_equal(test_context->tctx, error.pvno, 5, "Got wrong error.pvno");
+			torture_assert_int_equal(test_context->tctx, error.error_code, KRB5KRB_ERR_RESPONSE_TOO_BIG - KRB5KDC_ERR_NONE,
+						 "Got wrong error.error_code");
+			free_KRB_ERROR(&error);
+		} else {
+			torture_assert_int_equal(test_context->tctx,
+						 decode_AS_REP(recv_buf->data, recv_buf->length, &test_context->as_rep, &used), 0,
+						 "decode_AS_REP failed");
+			torture_assert_int_equal(test_context->tctx, used, recv_buf->length, "length mismatch");
+			torture_assert_int_equal(test_context->tctx,
+						 test_context->as_rep.pvno, 5,
+						 "Got wrong as_rep->pvno");
+			torture_assert_int_equal(test_context->tctx,
+						 test_context->as_rep.ticket.tkt_vno, 5,
+						 "Got wrong as_rep->ticket.tkt_vno");
+			torture_assert(test_context->tctx,
+				       test_context->as_rep.ticket.enc_part.kvno,
+				       "Did not get a KVNO in test_context->as_rep.ticket.enc_part.kvno");
+			if (test_context->test == TORTURE_KRB5_TEST_PLAIN) {
+				if (torture_setting_bool(test_context->tctx, "expect_cached_at_rodc", false)) {
+					torture_assert_int_not_equal(test_context->tctx,
+								     *test_context->as_rep.ticket.enc_part.kvno & 0xFFFF0000,
+								     0, "Did not get a RODC number in the KVNO");
+				} else {
+					torture_assert_int_equal(test_context->tctx,
+								 *test_context->as_rep.ticket.enc_part.kvno & 0xFFFF0000,
+							 0, "Unexpecedly got a RODC number in the KVNO");
+				}
+			}
+			free_AS_REP(&test_context->as_rep);
+		}
+		torture_assert(test_context->tctx, test_context->packet_count < 3, "too many packets");
+		free_AS_REQ(&test_context->as_req);
+		break;
+
+		/*
+		 * Confirm correct error codes when we ask for the PAC.  This behaviour is rather odd...
+		 */
+	case TORTURE_KRB5_TEST_PAC_REQUEST:
+		if (test_context->packet_count == 0) {
+			ok = torture_check_krb5_error(test_context,
+						      recv_buf,
+						      KRB5KDC_ERR_PREAUTH_REQUIRED,
+						      false);
+			torture_assert(test_context->tctx,
+				       ok,
+				       "torture_check_krb5_error failed");
+		} else if ((decode_KRB_ERROR(recv_buf->data, recv_buf->length, &error, &used) == 0)
+			   && (test_context->packet_count == 1)) {
+			torture_assert_int_equal(test_context->tctx, used, recv_buf->length, "length mismatch");
+			torture_assert_int_equal(test_context->tctx, error.pvno, 5, "Got wrong error.pvno");
+			torture_assert_int_equal(test_context->tctx, error.error_code, KRB5KRB_ERR_RESPONSE_TOO_BIG - KRB5KDC_ERR_NONE,
+						 "Got wrong error.error_code");
+			free_KRB_ERROR(&error);
+		} else {
+			torture_assert_int_equal(test_context->tctx,
+						 decode_AS_REP(recv_buf->data, recv_buf->length, &test_context->as_rep, &used), 0,
+						 "decode_AS_REP failed");
+			torture_assert_int_equal(test_context->tctx, used, recv_buf->length, "length mismatch");
+			torture_assert_int_equal(test_context->tctx, test_context->as_rep.pvno, 5, "Got wrong as_rep->pvno");
+			free_AS_REP(&test_context->as_rep);
+		}
+		torture_assert(test_context->tctx, test_context->packet_count < 2, "too many packets");
+		free_AS_REQ(&test_context->as_req);
+		break;
+
+		/*
+		 * Confirm correct error codes when we deliberately send the wrong password
+		 */
+	case TORTURE_KRB5_TEST_BREAK_PW:
+		if (test_context->packet_count == 0) {
+			ok = torture_check_krb5_error(test_context,
+						      recv_buf,
+						      KRB5KDC_ERR_PREAUTH_REQUIRED,
+						      false);
+			torture_assert(test_context->tctx,
+				       ok,
+				       "torture_check_krb5_error failed");
+		} else if (test_context->packet_count == 1) {
+			ok = torture_check_krb5_error(test_context,
+						      recv_buf,
+						      KRB5KDC_ERR_PREAUTH_FAILED,
+						      true);
+			torture_assert(test_context->tctx,
+				       ok,
+				       "torture_check_krb5_error failed");
+		}
+		torture_assert(test_context->tctx, test_context->packet_count < 2, "too many packets");
+		free_AS_REQ(&test_context->as_req);
+		break;
+
+		/*
+		 * Confirm correct error codes when we deliberately skew the client clock
+		 */
+	case TORTURE_KRB5_TEST_CLOCK_SKEW:
+		if (test_context->packet_count == 0) {
+			ok = torture_check_krb5_error(test_context,
+						      recv_buf,
+						      KRB5KDC_ERR_PREAUTH_REQUIRED,
+						      false);
+			torture_assert(test_context->tctx,
+				       ok,
+				       "torture_check_krb5_error failed");
+		} else if (test_context->packet_count == 1) {
+			ok = torture_check_krb5_error(test_context,
+						      recv_buf,
+						      KRB5KRB_AP_ERR_SKEW,
+						      false);
+			torture_assert(test_context->tctx,
+				       ok,
+				       "torture_check_krb5_error failed");
+		}
+		torture_assert(test_context->tctx, test_context->packet_count < 2, "too many packets");
+		free_AS_REQ(&test_context->as_req);
+		break;
+	case TORTURE_KRB5_TEST_AES:
+		torture_comment(test_context->tctx, "TORTURE_KRB5_TEST_AES\n");
+
+		if (test_context->packet_count == 0) {
+			ok = torture_check_krb5_error(test_context,
+						      recv_buf,
+						      KRB5KDC_ERR_PREAUTH_REQUIRED,
+						      false);
+			torture_assert(test_context->tctx,
+				       ok,
+				       "torture_check_krb5_error failed");
+		} else if (krb5_is_krb_error(recv_buf)) {
+			ok = torture_check_krb5_error(test_context,
+						      recv_buf,
+						      KRB5KRB_ERR_RESPONSE_TOO_BIG,
+						      false);
+			torture_assert(test_context->tctx,
+				       ok,
+				       "torture_check_krb5_error failed");
+		} else {
+			const krb5_enctype allowed_enctypes[] = {
+				KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+				ETYPE_NULL
+			};
+			ok = torture_check_krb5_as_rep_enctype(test_context,
+							       recv_buf,
+							       allowed_enctypes);
+			torture_assert(test_context->tctx,
+				       ok,
+				       "torture_check_krb5_as_rep_enctype failed");
+		}
+
+		torture_assert(test_context->tctx,
+			       test_context->packet_count < 3,
+			       "Too many packets");
+		break;
+	case TORTURE_KRB5_TEST_RC4:
+		torture_comment(test_context->tctx, "TORTURE_KRB5_TEST_RC4\n");
+
+		if (test_context->packet_count == 0) {
+			ok = torture_check_krb5_error(test_context,
+						      recv_buf,
+						      KRB5KDC_ERR_PREAUTH_REQUIRED,
+						      false);
+			torture_assert(test_context->tctx,
+				       ok,
+				       "torture_check_krb5_error failed");
+		} else if (krb5_is_krb_error(recv_buf)) {
+			ok = torture_check_krb5_error(test_context,
+						      recv_buf,
+						      KRB5KRB_ERR_RESPONSE_TOO_BIG,
+						      false);
+			torture_assert(test_context->tctx,
+				       ok,
+				       "torture_check_krb5_error failed");
+		} else {
+			const krb5_enctype allowed_enctypes[] = {
+				KRB5_ENCTYPE_ARCFOUR_HMAC_MD5,
+				ETYPE_NULL
+			};
+			ok = torture_check_krb5_as_rep_enctype(test_context,
+							       recv_buf,
+							       allowed_enctypes);
+			torture_assert(test_context->tctx,
+				       ok,
+				       "torture_check_krb5_as_rep_enctype failed");
+		}
+
+		torture_assert(test_context->tctx,
+			       test_context->packet_count < 3,
+			       "Too many packets");
+		break;
+	case TORTURE_KRB5_TEST_AES_RC4:
+		torture_comment(test_context->tctx, "TORTURE_KRB5_TEST_AES_RC4\n");
+
+		if (test_context->packet_count == 0) {
+			ok = torture_check_krb5_error(test_context,
+						      recv_buf,
+						      KRB5KDC_ERR_PREAUTH_REQUIRED,
+						      false);
+			torture_assert(test_context->tctx,
+				       ok,
+				       "torture_check_krb5_error failed");
+		} else if (krb5_is_krb_error(recv_buf)) {
+			ok = torture_check_krb5_error(test_context,
+						      recv_buf,
+						      KRB5KRB_ERR_RESPONSE_TOO_BIG,
+						      false);
+			torture_assert(test_context->tctx,
+				       ok,
+				       "torture_check_krb5_error failed");
+		} else {
+			const krb5_enctype allowed_enctypes[] = {
+				KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+				KRB5_ENCTYPE_ARCFOUR_HMAC_MD5,
+				ETYPE_NULL
+			};
+			ok = torture_check_krb5_as_rep_enctype(test_context,
+							       recv_buf,
+							       allowed_enctypes);
+			torture_assert(test_context->tctx,
+				       ok,
+				       "torture_check_krb5_as_rep_enctype failed");
+		}
+
+		torture_assert(test_context->tctx,
+			       test_context->packet_count < 3,
+			       "Too many packets");
+		break;
+	case TORTURE_KRB5_TEST_CHANGE_SERVER_IN:
+	case TORTURE_KRB5_TEST_CHANGE_SERVER_BOTH:
+	{
+		AS_REP mod_as_rep;
+		krb5_error_code k5ret;
+		krb5_data modified_recv_buf;
+		if (test_context->packet_count == 0) {
+			ok = torture_check_krb5_error(test_context,
+						      recv_buf,
+						      KRB5KDC_ERR_PREAUTH_REQUIRED,
+						      false);
+			torture_assert(test_context->tctx,
+				       ok,
+				       "torture_check_krb5_error failed");
+		} else if ((decode_KRB_ERROR(recv_buf->data, recv_buf->length, &error, &used) == 0)
+			   && (test_context->packet_count == 1)) {
+			torture_assert_int_equal(test_context->tctx, used, recv_buf->length, "length mismatch");
+			torture_assert_int_equal(test_context->tctx, error.pvno, 5, "Got wrong error.pvno");
+			torture_assert_int_equal(test_context->tctx, error.error_code, KRB5KRB_ERR_RESPONSE_TOO_BIG - KRB5KDC_ERR_NONE,
+						 "Got wrong error.error_code");
+			free_KRB_ERROR(&error);
+		} else {
+			torture_assert_int_equal(test_context->tctx,
+						 decode_AS_REP(recv_buf->data, recv_buf->length, &test_context->as_rep, &used), 0,
+						 "decode_AS_REP failed");
+			torture_assert_int_equal(test_context->tctx, used, recv_buf->length, "length mismatch");
+			torture_assert_int_equal(test_context->tctx,
+						 test_context->as_rep.pvno, 5,
+						 "Got wrong as_rep->pvno");
+			torture_assert_int_equal(test_context->tctx,
+						 test_context->as_rep.ticket.tkt_vno, 5,
+						 "Got wrong as_rep->ticket.tkt_vno");
+			torture_assert_int_equal(test_context->tctx,
+						 test_context->as_rep.ticket.sname.name_string.len, 2,
+						 "Got wrong as_rep->ticket.sname.name_string.len");
+			free(test_context->as_rep.ticket.sname.name_string.val[0]);
+			free(test_context->as_rep.ticket.sname.name_string.val[1]);
+			test_context->as_rep.ticket.sname.name_string.val[0] = strdup("bad");
+			test_context->as_rep.ticket.sname.name_string.val[1] = strdup("mallory");
+
+			mod_as_rep = test_context->as_rep;
+
+			ASN1_MALLOC_ENCODE(AS_REP, modified_recv_buf.data, modified_recv_buf.length,
+					   &mod_as_rep, &used, k5ret);
+			torture_assert_int_equal(test_context->tctx,
+						 k5ret, 0,
+						 "encode_AS_REQ failed");
+			krb5_data_free(recv_buf);
+
+			*recv_buf = modified_recv_buf;
+			free_AS_REQ(&test_context->as_req);
+		}
+		torture_assert(test_context->tctx, test_context->packet_count < 3, "too many packets");
+
+		break;
+	}
+	}
+
+
+	return true;
+}
+
+
+/*
+ * This function is set in torture_krb5_init_context as krb5
+ * send_and_recv function.  This allows us to override what server the
+ * test is aimed at, and to inspect the packets just before they are
+ * sent to the network, and before they are processed on the recv
+ * side.
+ *
+ * The torture_krb5_pre_send_test() and torture_krb5_post_recv_test()
+ * functions are implement the actual tests.
+ *
+ * When this asserts, the caller will get a spurious 'cannot contact
+ * any KDC' message.
+ *
+ */
+static krb5_error_code test_krb5_send_to_realm_override(
+						    struct smb_krb5_context *smb_krb5_context,
+						    void *data, /* struct torture_krb5_context */
+						    krb5_const_realm realm,
+						    time_t timeout,
+						    const krb5_data *send_buf,
+						    krb5_data *recv_buf)
+{
+	krb5_error_code k5ret;
+	bool ok;
+	krb5_data modified_send_buf = *send_buf;
+
+	struct torture_krb5_context *test_context
+		= talloc_get_type_abort(data, struct torture_krb5_context);
+
+	ok = torture_krb5_pre_send_test(test_context, &modified_send_buf);
+	if (ok == false) {
+		return EINVAL;
+	}
+
+	k5ret = smb_krb5_send_and_recv_func_forced_tcp(smb_krb5_context,
+						       test_context->server,
+						       timeout,
+						       &modified_send_buf,
+						       recv_buf);
+	if (k5ret != 0) {
+		return k5ret;
+	}
+	ok = torture_krb5_post_recv_test(test_context, recv_buf);
+	if (ok == false) {
+		return EINVAL;
+	}
+
+	test_context->packet_count++;
+
+	return k5ret;
+}
+
+static int test_context_destructor(struct torture_krb5_context *test_context)
+{
+	freeaddrinfo(test_context->server);
+	return 0;
+}
+
+
+static bool torture_krb5_init_context(struct torture_context *tctx,
+				      enum torture_krb5_test test,
+				      struct smb_krb5_context **smb_krb5_context)
+{
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	krb5_error_code k5ret;
+	bool ok;
+
+	struct torture_krb5_context *test_context = talloc_zero(tctx, struct torture_krb5_context);
+	torture_assert(tctx, test_context != NULL, "Failed to allocate");
+
+	test_context->test = test;
+	test_context->tctx = tctx;
+
+	test_context->krb5_service = torture_setting_string(tctx, "krb5-service", "host");
+	test_context->krb5_hostname = torture_setting_string(tctx, "krb5-hostname", "");
+
+	k5ret = smb_krb5_init_context(tctx, tctx->lp_ctx, smb_krb5_context);
+	torture_assert_int_equal(tctx, k5ret, 0, "smb_krb5_init_context failed");
+
+	ok = interpret_string_addr_internal(&test_context->server, host, AI_NUMERICHOST);
+	torture_assert(tctx, ok, "Failed to parse target server");
+
+	talloc_set_destructor(test_context, test_context_destructor);
+
+	set_sockaddr_port(test_context->server->ai_addr, 88);
+
+	k5ret = smb_krb5_set_send_to_kdc_func((*smb_krb5_context),
+					      test_krb5_send_to_realm_override,
+					      NULL, /* send_to_kdc */
+					      test_context);
+	torture_assert_int_equal(tctx, k5ret, 0, "krb5_set_send_to_kdc_func failed");
+	return true;
+}
+
+static bool torture_krb5_as_req_creds(struct torture_context *tctx,
+				      struct cli_credentials *credentials,
+				      enum torture_krb5_test test)
+{
+	krb5_error_code k5ret;
+	bool ok;
+	krb5_creds my_creds;
+	krb5_principal principal;
+	struct smb_krb5_context *smb_krb5_context;
+	krb5_context k5_context;
+	enum credentials_obtained obtained;
+	const char *error_string;
+	const char *password = cli_credentials_get_password(credentials);
+	const char *expected_principal_string;
+	krb5_get_init_creds_opt *krb_options = NULL;
+	const char *realm;
+	const char *krb5_hostname = torture_setting_string(tctx, "krb5-hostname", "");
+
+
+	ok = torture_krb5_init_context(tctx, test, &smb_krb5_context);
+	torture_assert(tctx, ok, "torture_krb5_init_context failed");
+	k5_context = smb_krb5_context->krb5_context;
+
+	expected_principal_string
+		= cli_credentials_get_principal(credentials,
+						tctx);
+
+	realm = strupper_talloc(tctx, cli_credentials_get_realm(credentials));
+	k5ret = principal_from_credentials(tctx, credentials, smb_krb5_context,
+					   &principal, &obtained,  &error_string);
+	torture_assert_int_equal(tctx, k5ret, 0, error_string);
+
+	switch (test)
+	{
+	case TORTURE_KRB5_TEST_PLAIN:
+	case TORTURE_KRB5_TEST_CHANGE_SERVER_OUT:
+	case TORTURE_KRB5_TEST_CHANGE_SERVER_IN:
+	case TORTURE_KRB5_TEST_CHANGE_SERVER_BOTH:
+		break;
+
+	case TORTURE_KRB5_TEST_PAC_REQUEST:
+		torture_assert_int_equal(tctx,
+					 krb5_get_init_creds_opt_alloc(smb_krb5_context->krb5_context, &krb_options),
+					 0, "krb5_get_init_creds_opt_alloc failed");
+
+		torture_assert_int_equal(tctx,
+					 krb5_get_init_creds_opt_set_pac_request(smb_krb5_context->krb5_context, krb_options, true),
+					 0, "krb5_get_init_creds_opt_set_pac_request failed");
+		break;
+
+	case TORTURE_KRB5_TEST_BREAK_PW:
+		password = "NOT the password";
+		break;
+
+	case TORTURE_KRB5_TEST_CLOCK_SKEW:
+		torture_assert_int_equal(tctx,
+					 krb5_set_real_time(smb_krb5_context->krb5_context, time(NULL) + 3600, 0),
+					 0, "krb5_set_real_time failed");
+		break;
+
+	case TORTURE_KRB5_TEST_AES: {
+		static krb5_enctype etype_list[] = { KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96 };
+
+		k5ret = krb5_get_init_creds_opt_alloc(smb_krb5_context->krb5_context,
+						      &krb_options);
+		torture_assert_int_equal(tctx,
+					 k5ret, 0,
+					 "krb5_get_init_creds_opt_alloc failed");
+
+		krb5_get_init_creds_opt_set_etype_list(krb_options,
+						       etype_list,
+						       1);
+		break;
+	}
+	case TORTURE_KRB5_TEST_RC4: {
+		static krb5_enctype etype_list[] = { KRB5_ENCTYPE_ARCFOUR_HMAC_MD5 };
+
+		k5ret = krb5_get_init_creds_opt_alloc(smb_krb5_context->krb5_context,
+						      &krb_options);
+		torture_assert_int_equal(tctx,
+					 k5ret, 0,
+					 "krb5_get_init_creds_opt_alloc failed");
+
+		krb5_get_init_creds_opt_set_etype_list(krb_options,
+						       etype_list,
+						       1);
+		break;
+	}
+	case TORTURE_KRB5_TEST_AES_RC4: {
+		static krb5_enctype etype_list[] = { KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+						     KRB5_ENCTYPE_ARCFOUR_HMAC_MD5 };
+
+		k5ret = krb5_get_init_creds_opt_alloc(smb_krb5_context->krb5_context,
+						      &krb_options);
+		torture_assert_int_equal(tctx,
+					 k5ret, 0,
+					 "krb5_get_init_creds_opt_alloc failed");
+
+		krb5_get_init_creds_opt_set_etype_list(krb_options,
+						       etype_list,
+						       2);
+		break;
+	}
+
+	} /* end switch */
+
+	k5ret = krb5_get_init_creds_password(smb_krb5_context->krb5_context, &my_creds, principal,
+					     password, NULL, NULL, 0,
+					     NULL, krb_options);
+	krb5_get_init_creds_opt_free(smb_krb5_context->krb5_context, krb_options);
+
+	switch (test)
+	{
+	case TORTURE_KRB5_TEST_PLAIN:
+	case TORTURE_KRB5_TEST_CHANGE_SERVER_IN:
+	case TORTURE_KRB5_TEST_PAC_REQUEST:
+	case TORTURE_KRB5_TEST_AES:
+	case TORTURE_KRB5_TEST_RC4:
+	case TORTURE_KRB5_TEST_AES_RC4:
+	{
+		char *got_principal_string;
+		char *assertion_message;
+		torture_assert_int_equal(tctx, k5ret, 0, "krb5_get_init_creds_password failed");
+
+		torture_assert_int_equal(tctx,
+					 krb5_principal_get_type(k5_context,
+								 my_creds.client),
+					 KRB5_NT_PRINCIPAL,
+					 "smb_krb5_init_context gave incorrect client->name.name_type");
+
+		torture_assert_int_equal(tctx,
+					 krb5_unparse_name(k5_context,
+							   my_creds.client,
+							   &got_principal_string), 0,
+					 "krb5_unparse_name failed");
+
+		assertion_message = talloc_asprintf(tctx,
+						    "krb5_get_init_creds_password returned a different principal %s to what was expected %s",
+						    got_principal_string, expected_principal_string);
+		krb5_xfree(got_principal_string);
+
+		torture_assert(tctx, krb5_principal_compare(k5_context,
+							    my_creds.client,
+							    principal),
+			       assertion_message);
+
+
+		torture_assert_str_equal(tctx,
+					 my_creds.server->name.name_string.val[0],
+					 "krbtgt",
+					 "Mismatch in name between AS_REP and expected response, expected krbtgt");
+		torture_assert_str_equal(tctx,
+					 my_creds.server->name.name_string.val[1],
+					 realm,
+					 "Mismatch in realm part of krbtgt/ in AS_REP, expected krbtgt/REALM@REALM");
+
+		torture_assert_str_equal(tctx,
+					 my_creds.server->realm,
+					 realm,
+					 "Mismatch in server realm in AS_REP, expected krbtgt/REALM@REALM");
+
+		break;
+	}
+	case TORTURE_KRB5_TEST_BREAK_PW:
+		torture_assert_int_equal(tctx, k5ret, KRB5KDC_ERR_PREAUTH_FAILED, "krb5_get_init_creds_password should have failed");
+		return true;
+
+	case TORTURE_KRB5_TEST_CLOCK_SKEW:
+		torture_assert_int_equal(tctx, k5ret, KRB5KRB_AP_ERR_SKEW, "krb5_get_init_creds_password should have failed");
+		return true;
+
+	case TORTURE_KRB5_TEST_CHANGE_SERVER_OUT:
+	case TORTURE_KRB5_TEST_CHANGE_SERVER_BOTH:
+	{
+		char *got_principal_string;
+		char *assertion_message;
+
+		if (krb5_hostname[0] != '\0') {
+			torture_assert_int_equal(tctx, k5ret, KRB5KRB_AP_ERR_BAD_INTEGRITY, "krb5_get_init_creds_password should have failed");
+			return true;
+		}
+
+		torture_assert_int_equal(tctx, k5ret, 0, "krb5_get_init_creds_password failed");
+
+		torture_assert_int_equal(tctx,
+					 krb5_principal_get_type(k5_context,
+								 my_creds.client),
+					 KRB5_NT_PRINCIPAL,
+					 "smb_krb5_init_context gave incorrect client->name.name_type");
+
+		torture_assert_int_equal(tctx,
+					 krb5_unparse_name(k5_context,
+							   my_creds.client,
+							   &got_principal_string), 0,
+					 "krb5_unparse_name failed");
+
+		assertion_message = talloc_asprintf(tctx,
+						    "krb5_get_init_creds_password returned a different principal %s to what was expected %s",
+						    got_principal_string, expected_principal_string);
+		krb5_xfree(got_principal_string);
+
+		torture_assert(tctx, krb5_principal_compare(k5_context,
+							    my_creds.client,
+							    principal),
+			       assertion_message);
+
+		break;
+	}
+	}
+
+	k5ret = krb5_free_cred_contents(smb_krb5_context->krb5_context, &my_creds);
+	torture_assert_int_equal(tctx, k5ret, 0, "krb5_free_creds failed");
+
+	return true;
+}
+
+static bool torture_krb5_as_req_cmdline(struct torture_context *tctx)
+{
+	return torture_krb5_as_req_creds(tctx, samba_cmdline_get_creds(),
+			TORTURE_KRB5_TEST_PLAIN);
+}
+
+static bool torture_krb5_as_req_pac_request(struct torture_context *tctx)
+{
+	if (torture_setting_bool(tctx, "expect_rodc", false)) {
+		torture_skip(tctx, "This test needs further investigation in the RODC case against a Windows DC, in particular with non-cached users");
+	}
+	return torture_krb5_as_req_creds(tctx, samba_cmdline_get_creds(),
+			TORTURE_KRB5_TEST_PAC_REQUEST);
+}
+
+static bool torture_krb5_as_req_break_pw(struct torture_context *tctx)
+{
+	return torture_krb5_as_req_creds(tctx, samba_cmdline_get_creds(),
+			TORTURE_KRB5_TEST_BREAK_PW);
+}
+
+static bool torture_krb5_as_req_clock_skew(struct torture_context *tctx)
+{
+	return torture_krb5_as_req_creds(tctx, samba_cmdline_get_creds(),
+			TORTURE_KRB5_TEST_CLOCK_SKEW);
+}
+
+static bool torture_krb5_as_req_aes(struct torture_context *tctx)
+{
+	return torture_krb5_as_req_creds(tctx,
+					 samba_cmdline_get_creds(),
+					 TORTURE_KRB5_TEST_AES);
+}
+
+static bool torture_krb5_as_req_rc4(struct torture_context *tctx)
+{
+	return torture_krb5_as_req_creds(tctx,
+					 samba_cmdline_get_creds(),
+					 TORTURE_KRB5_TEST_RC4);
+}
+
+static bool torture_krb5_as_req_aes_rc4(struct torture_context *tctx)
+{
+	return torture_krb5_as_req_creds(tctx,
+					 samba_cmdline_get_creds(),
+					 TORTURE_KRB5_TEST_AES_RC4);
+}
+
+/* Checking for the "Orpheus' Lyre" attack */
+static bool torture_krb5_as_req_change_server_out(struct torture_context *tctx)
+{
+	return torture_krb5_as_req_creds(tctx,
+					 samba_cmdline_get_creds(),
+					 TORTURE_KRB5_TEST_CHANGE_SERVER_OUT);
+}
+
+static bool torture_krb5_as_req_change_server_in(struct torture_context *tctx)
+{
+	return torture_krb5_as_req_creds(tctx,
+					 samba_cmdline_get_creds(),
+					 TORTURE_KRB5_TEST_CHANGE_SERVER_IN);
+}
+
+static bool torture_krb5_as_req_change_server_both(struct torture_context *tctx)
+{
+	return torture_krb5_as_req_creds(tctx,
+					 samba_cmdline_get_creds(),
+					 TORTURE_KRB5_TEST_CHANGE_SERVER_BOTH);
+}
+
+NTSTATUS torture_krb5_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "krb5");
+	struct torture_suite *kdc_suite = torture_suite_create(suite, "kdc");
+	suite->description = talloc_strdup(suite, "Kerberos tests");
+	kdc_suite->description = talloc_strdup(kdc_suite, "Kerberos KDC tests");
+
+	torture_suite_add_simple_test(kdc_suite, "as-req-cmdline",
+				      torture_krb5_as_req_cmdline);
+
+	torture_suite_add_simple_test(kdc_suite, "as-req-pac-request",
+				      torture_krb5_as_req_pac_request);
+
+	torture_suite_add_simple_test(kdc_suite, "as-req-break-pw",
+				      torture_krb5_as_req_break_pw);
+
+	torture_suite_add_simple_test(kdc_suite, "as-req-clock-skew",
+				      torture_krb5_as_req_clock_skew);
+
+	torture_suite_add_simple_test(kdc_suite,
+				      "as-req-aes",
+				      torture_krb5_as_req_aes);
+
+	torture_suite_add_simple_test(kdc_suite,
+				      "as-req-rc4",
+				      torture_krb5_as_req_rc4);
+
+	torture_suite_add_simple_test(kdc_suite,
+				      "as-req-aes-rc4",
+				      torture_krb5_as_req_aes_rc4);
+
+	/* 
+	 * This is in and out of the client. 
+	 * Out refers to requests, in refers to replies
+	 */
+	torture_suite_add_simple_test(kdc_suite,
+				      "as-req-change-server-in",
+				      torture_krb5_as_req_change_server_in);
+
+	torture_suite_add_simple_test(kdc_suite,
+				      "as-req-change-server-out",
+				      torture_krb5_as_req_change_server_out);
+
+	torture_suite_add_simple_test(kdc_suite,
+				      "as-req-change-server-both",
+				      torture_krb5_as_req_change_server_both);
+
+	torture_suite_add_suite(kdc_suite, torture_krb5_canon(kdc_suite));
+	torture_suite_add_suite(suite, kdc_suite);
+
+	torture_register_suite(ctx, suite);
+	return NT_STATUS_OK;
+}
diff --git a/source4/torture/krb5/kdc-mit.c b/source4/torture/krb5/kdc-mit.c
new file mode 100644
index 0000000..5085966
--- /dev/null
+++ b/source4/torture/krb5/kdc-mit.c
@@ -0,0 +1,795 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Validate the krb5 pac generation routines
+
+   Copyright (c) 2016      Andreas Schneider <asn@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/kerberos.h"
+#include "system/time.h"
+#include "torture/smbtorture.h"
+#include "torture/winbind/proto.h"
+#include "torture/krb5/proto.h"
+#include "auth/credentials/credentials.h"
+#include "lib/cmdline/cmdline.h"
+#include "source4/auth/kerberos/kerberos.h"
+#include "source4/auth/kerberos/kerberos_util.h"
+#include "lib/util/util_net.h"
+
+#define krb5_is_app_tag(dat,tag)                          \
+	((dat != NULL) && (dat)->length &&                \
+	 ((((dat)->data[0] & ~0x20) == ((tag) | 0x40))))
+
+#define krb5_is_as_req(dat)                   krb5_is_app_tag(dat, 10)
+#define krb5_is_as_rep(dat)                   krb5_is_app_tag(dat, 11)
+#define krb5_is_krb_error(dat)                krb5_is_app_tag(dat, 30)
+
+enum torture_krb5_test {
+	TORTURE_KRB5_TEST_PLAIN,
+	TORTURE_KRB5_TEST_PAC_REQUEST,
+	TORTURE_KRB5_TEST_BREAK_PW,
+	TORTURE_KRB5_TEST_CLOCK_SKEW,
+	TORTURE_KRB5_TEST_AES,
+	TORTURE_KRB5_TEST_RC4,
+	TORTURE_KRB5_TEST_AES_RC4,
+};
+
+struct torture_krb5_context {
+	struct torture_context *tctx;
+	krb5_context krb5_context;
+	enum torture_krb5_test test;
+	int recv_packet_count;
+	krb5_kdc_req *as_req;
+	krb5_kdc_rep *as_rep;
+};
+
+krb5_error_code decode_krb5_error(const krb5_data *output, krb5_error **rep);
+
+krb5_error_code decode_krb5_as_req(const krb5_data *output, krb5_kdc_req **req);
+krb5_error_code decode_krb5_as_rep(const krb5_data *output, krb5_kdc_rep **rep);
+
+krb5_error_code decode_krb5_padata_sequence(const krb5_data *output, krb5_pa_data ***rep);
+
+void krb5_free_kdc_req(krb5_context ctx, krb5_kdc_req *req);
+void krb5_free_kdc_rep(krb5_context ctx, krb5_kdc_rep *rep);
+void krb5_free_pa_data(krb5_context ctx, krb5_pa_data **data);
+
+static bool torture_check_krb5_as_req(struct torture_krb5_context *test_context,
+				      krb5_context context,
+				      const krb5_data *message)
+{
+	krb5_error_code code;
+	int nktypes;
+
+	code = decode_krb5_as_req(message, &test_context->as_req);
+	torture_assert_int_equal(test_context->tctx,
+				 code, 0,
+				 "decode_as_req failed");
+	torture_assert_int_equal(test_context->tctx,
+				 test_context->as_req->msg_type,
+				 KRB5_AS_REQ,
+				 "Not a AS REQ");
+
+	nktypes = test_context->as_req->nktypes;
+	torture_assert_int_not_equal(test_context->tctx,
+				     nktypes, 0,
+				     "No keytypes");
+
+	return true;
+}
+
+static krb5_error_code torture_krb5_pre_send_test(krb5_context context,
+						  void *data,
+						  const krb5_data *realm,
+						  const krb5_data *message,
+						  krb5_data **new_message_out,
+						  krb5_data **new_reply_out)
+{
+	bool ok;
+	struct torture_krb5_context *test_context =
+		(struct torture_krb5_context *)data;
+
+	switch (test_context->test)
+	{
+	case TORTURE_KRB5_TEST_PLAIN:
+	case TORTURE_KRB5_TEST_PAC_REQUEST:
+	case TORTURE_KRB5_TEST_BREAK_PW:
+	case TORTURE_KRB5_TEST_CLOCK_SKEW:
+	case TORTURE_KRB5_TEST_AES:
+	case TORTURE_KRB5_TEST_RC4:
+	case TORTURE_KRB5_TEST_AES_RC4:
+		ok = torture_check_krb5_as_req(test_context,
+					       context,
+					       message);
+		if (!ok) {
+			return KRB5KDC_ERR_BADOPTION;
+		}
+		break;
+	}
+
+	return 0;
+}
+
+/*
+ * We need these function to validate packets because our torture macros
+ * do a 'return false' on error.
+ */
+static bool torture_check_krb5_error(struct torture_krb5_context *test_context,
+				     krb5_context context,
+				     const krb5_data *reply,
+				     krb5_error_code error_code,
+				     bool check_pa_data)
+
+{
+	krb5_error *krb_error;
+	krb5_error_code code;
+
+	code = decode_krb5_error(reply, &krb_error);
+	torture_assert_int_equal(test_context->tctx,
+				 code,
+				 0,
+				 "decode_krb5_error failed");
+
+	torture_assert_int_equal(test_context->tctx,
+				 krb_error->error,
+				 error_code - KRB5KDC_ERR_NONE,
+				 "Got wrong error code");
+
+	if (check_pa_data) {
+		krb5_pa_data **d, **pa_data = NULL;
+		bool timestamp_found = false;
+
+		torture_assert_int_not_equal(test_context->tctx,
+					     krb_error->e_data.length, 0,
+					     "No e-data returned");
+
+		code = decode_krb5_padata_sequence(&krb_error->e_data,
+						   &pa_data);
+		torture_assert_int_equal(test_context->tctx,
+					 code,
+					 0,
+					 "decode_krb5_padata_sequence failed");
+
+		for (d = pa_data; d != NULL; d++) {
+			if ((*d)->pa_type == KRB5_PADATA_ENC_TIMESTAMP) {
+				timestamp_found = true;
+				break;
+			}
+		}
+		torture_assert(test_context->tctx,
+			       timestamp_found,
+			       "Encrypted timestamp not found");
+
+		krb5_free_pa_data(context, pa_data);
+	}
+
+	krb5_free_error(context, krb_error);
+
+	return true;
+}
+
+static bool torture_check_krb5_as_rep(struct torture_krb5_context *test_context,
+				      krb5_context context,
+				      const krb5_data *reply)
+{
+	krb5_error_code code;
+	bool ok;
+
+	code = decode_krb5_as_rep(reply, &test_context->as_rep);
+	torture_assert_int_equal(test_context->tctx,
+				 code,
+				 0,
+				 "decode_krb5_as_rep failed");
+
+	torture_assert(test_context->tctx,
+		       test_context->as_rep->ticket->enc_part.kvno,
+		       "No KVNO set");
+
+	ok = torture_setting_bool(test_context->tctx,
+				  "expect_cached_at_rodc",
+				  false);
+	if (ok) {
+		torture_assert_int_not_equal(test_context->tctx,
+					     test_context->as_rep->ticket->enc_part.kvno & 0xFFFF0000,
+					     0,
+					     "Did not get a RODC number in the KVNO");
+	} else {
+		torture_assert_int_equal(test_context->tctx,
+					 test_context->as_rep->ticket->enc_part.kvno & 0xFFFF0000,
+					 0,
+					 "Unexpecedly got a RODC number in the KVNO");
+	}
+
+	return true;
+}
+
+static bool torture_check_krb5_as_rep_enctype(struct torture_krb5_context *test_context,
+					      krb5_context context,
+					      const krb5_data *reply,
+					      krb5_enctype expected_enctype)
+{
+	krb5_enctype reply_enctype;
+	bool ok;
+
+	ok = torture_check_krb5_as_rep(test_context,
+				       context,
+				       reply);
+	if (!ok) {
+		return false;
+	}
+
+	reply_enctype = test_context->as_rep->enc_part.enctype;
+
+	torture_assert_int_equal(test_context->tctx,
+				 reply_enctype, expected_enctype,
+				 "Ticket encrypted with invalid algorithm");
+
+	return true;
+}
+
+static krb5_error_code torture_krb5_post_recv_test(krb5_context context,
+						   void *data,
+						   krb5_error_code kdc_code,
+						   const krb5_data *realm,
+						   const krb5_data *message,
+						   const krb5_data *reply,
+						   krb5_data **new_reply_out)
+{
+	struct torture_krb5_context *test_context =
+		(struct torture_krb5_context *)data;
+	krb5_error_code code;
+	bool ok = true;
+
+	torture_comment(test_context->tctx,
+			"PACKET COUNT = %d\n",
+			test_context->recv_packet_count);
+
+	torture_comment(test_context->tctx,
+			"KRB5_AS_REP = %d\n",
+			krb5_is_as_req(reply));
+
+	torture_comment(test_context->tctx,
+			"KRB5_ERROR = %d\n",
+			krb5_is_krb_error(reply));
+
+	torture_comment(test_context->tctx,
+			"KDC ERROR CODE = %d\n",
+			kdc_code);
+
+	switch (test_context->test)
+	{
+	case TORTURE_KRB5_TEST_PLAIN:
+		if (test_context->recv_packet_count == 0) {
+			ok = torture_check_krb5_error(test_context,
+						      context,
+						      reply,
+						      KRB5KDC_ERR_PREAUTH_REQUIRED,
+						      false);
+			torture_assert_goto(test_context->tctx,
+					    ok,
+					    ok,
+					    out,
+					    "torture_check_krb5_error failed");
+		} else {
+			ok = torture_check_krb5_as_rep(test_context,
+						       context,
+						       reply);
+			torture_assert_goto(test_context->tctx,
+					    ok,
+					    ok,
+					    out,
+					    "torture_check_krb5_as_rep failed");
+		}
+
+		torture_assert_goto(test_context->tctx,
+				    test_context->recv_packet_count < 2,
+				    ok,
+				    out,
+				    "Too many packets");
+
+		break;
+	case TORTURE_KRB5_TEST_PAC_REQUEST:
+		if (test_context->recv_packet_count == 0) {
+			ok = torture_check_krb5_error(test_context,
+						      context,
+						      reply,
+						      KRB5KRB_ERR_RESPONSE_TOO_BIG,
+						      false);
+			torture_assert_goto(test_context->tctx,
+					    ok,
+					    ok,
+					    out,
+					    "torture_check_krb5_error failed");
+		} else if (test_context->recv_packet_count == 1) {
+			ok = torture_check_krb5_error(test_context,
+						      context,
+						      reply,
+						      KRB5KDC_ERR_PREAUTH_REQUIRED,
+						      false);
+			torture_assert_goto(test_context->tctx,
+					    ok,
+					    ok,
+					    out,
+					    "torture_check_krb5_error failed");
+		} else if (krb5_is_krb_error(reply)) {
+			ok = torture_check_krb5_error(test_context,
+						      context,
+						      reply,
+						      KRB5KRB_ERR_RESPONSE_TOO_BIG,
+						      false);
+			torture_assert_goto(test_context->tctx,
+					    ok,
+					    ok,
+					    out,
+					    "torture_check_krb5_error failed");
+		} else {
+			ok = torture_check_krb5_as_rep(test_context,
+						       context,
+						       reply);
+			torture_assert_goto(test_context->tctx,
+					    ok,
+					    ok,
+					    out,
+					    "torture_check_krb5_as_rep failed");
+		}
+
+		torture_assert_goto(test_context->tctx,
+				    test_context->recv_packet_count < 3,
+				    ok,
+				    out,
+				    "Too many packets");
+		break;
+	case TORTURE_KRB5_TEST_BREAK_PW:
+		if (test_context->recv_packet_count == 0) {
+			ok = torture_check_krb5_error(test_context,
+						      context,
+						      reply,
+						      KRB5KDC_ERR_PREAUTH_REQUIRED,
+						      false);
+			torture_assert_goto(test_context->tctx,
+					    ok,
+					    ok,
+					    out,
+					    "torture_check_krb5_error failed");
+			if (!ok) {
+				goto out;
+			}
+		} else if (test_context->recv_packet_count == 1) {
+			ok = torture_check_krb5_error(test_context,
+						      context,
+						      reply,
+						      KRB5KDC_ERR_PREAUTH_FAILED,
+						      true);
+			torture_assert_goto(test_context->tctx,
+					    ok,
+					    ok,
+					    out,
+					    "torture_check_krb5_error failed");
+		}
+
+		torture_assert_goto(test_context->tctx,
+				    test_context->recv_packet_count < 2,
+				    ok,
+				    out,
+				    "Too many packets");
+		break;
+	case TORTURE_KRB5_TEST_CLOCK_SKEW:
+		if (test_context->recv_packet_count == 0) {
+			ok = torture_check_krb5_error(test_context,
+						      context,
+						      reply,
+						      KRB5KDC_ERR_PREAUTH_REQUIRED,
+						      false);
+			torture_assert_goto(test_context->tctx,
+					    ok,
+					    ok,
+					    out,
+					    "torture_check_krb5_error failed");
+			if (!ok) {
+				goto out;
+			}
+		} else if (test_context->recv_packet_count == 1) {
+			/*
+			 * This only works if kdc_timesync 0 is set in krb5.conf
+			 *
+			 * See commit 5f39a4438eafd693a3eb8366bbc3901efe62e538
+			 * in the MIT Kerberos source tree.
+			 */
+			ok = torture_check_krb5_error(test_context,
+						      context,
+						      reply,
+						      KRB5KRB_AP_ERR_SKEW,
+						      false);
+			torture_assert_goto(test_context->tctx,
+					    ok,
+					    ok,
+					    out,
+					    "torture_check_krb5_error failed");
+		}
+
+		torture_assert_goto(test_context->tctx,
+				    test_context->recv_packet_count < 2,
+				    ok,
+				    out,
+				    "Too many packets");
+		break;
+	case TORTURE_KRB5_TEST_AES:
+		torture_comment(test_context->tctx, "TORTURE_KRB5_TEST_AES\n");
+
+		if (test_context->recv_packet_count == 0) {
+			ok = torture_check_krb5_error(test_context,
+						      context,
+						      reply,
+						      KRB5KDC_ERR_PREAUTH_REQUIRED,
+						      false);
+			if (!ok) {
+				goto out;
+			}
+		} else {
+			ok = torture_check_krb5_as_rep_enctype(test_context,
+							       context,
+							       reply,
+							       ENCTYPE_AES256_CTS_HMAC_SHA1_96);
+			if (!ok) {
+				goto out;
+			}
+		}
+		break;
+	case TORTURE_KRB5_TEST_RC4:
+		torture_comment(test_context->tctx, "TORTURE_KRB5_TEST_RC4\n");
+
+		if (test_context->recv_packet_count == 0) {
+			ok = torture_check_krb5_error(test_context,
+						      context,
+						      reply,
+						      KRB5KDC_ERR_PREAUTH_REQUIRED,
+						      false);
+			if (!ok) {
+				goto out;
+			}
+		} else {
+			ok = torture_check_krb5_as_rep_enctype(test_context,
+							       context,
+							       reply,
+							       ENCTYPE_ARCFOUR_HMAC);
+			if (!ok) {
+				goto out;
+			}
+		}
+		break;
+	case TORTURE_KRB5_TEST_AES_RC4:
+		torture_comment(test_context->tctx, "TORTURE_KRB5_TEST_AES_RC4\n");
+
+		if (test_context->recv_packet_count == 0) {
+			ok = torture_check_krb5_error(test_context,
+						      context,
+						      reply,
+						      KRB5KDC_ERR_PREAUTH_REQUIRED,
+						      false);
+			if (!ok) {
+				goto out;
+			}
+		} else {
+			ok = torture_check_krb5_as_rep_enctype(test_context,
+							       context,
+							       reply,
+							       ENCTYPE_AES256_CTS_HMAC_SHA1_96);
+			if (!ok) {
+				goto out;
+			}
+		}
+		break;
+	}
+
+	code = kdc_code;
+out:
+	if (!ok) {
+		code = EINVAL;
+	}
+
+	/* Cleanup */
+	krb5_free_kdc_req(test_context->krb5_context, test_context->as_req);
+	krb5_free_kdc_rep(test_context->krb5_context, test_context->as_rep);
+
+	test_context->recv_packet_count++;
+
+	return code;
+}
+
+static bool torture_krb5_init_context(struct torture_context *tctx,
+				      enum torture_krb5_test test,
+				      struct smb_krb5_context **smb_krb5_context)
+{
+	krb5_error_code code;
+
+	struct torture_krb5_context *test_context = talloc_zero(tctx,
+								struct torture_krb5_context);
+	torture_assert(tctx, test_context != NULL, "Failed to allocate");
+
+	test_context->test = test;
+	test_context->tctx = tctx;
+
+	code = smb_krb5_init_context(tctx, tctx->lp_ctx, smb_krb5_context);
+	torture_assert_int_equal(tctx, code, 0, "smb_krb5_init_context failed");
+
+	test_context->krb5_context = (*smb_krb5_context)->krb5_context;
+
+	krb5_set_kdc_send_hook((*smb_krb5_context)->krb5_context,
+			       torture_krb5_pre_send_test,
+			       test_context);
+
+	krb5_set_kdc_recv_hook((*smb_krb5_context)->krb5_context,
+			       torture_krb5_post_recv_test,
+			       test_context);
+
+	return true;
+}
+static bool torture_krb5_as_req_creds(struct torture_context *tctx,
+				      struct cli_credentials *credentials,
+				      enum torture_krb5_test test)
+{
+	krb5_get_init_creds_opt *krb_options = NULL;
+	struct smb_krb5_context *smb_krb5_context;
+	enum credentials_obtained obtained;
+	const char *error_string;
+	const char *password;
+	krb5_principal principal;
+	krb5_error_code code;
+	krb5_creds my_creds;
+	bool ok;
+
+	ok = torture_krb5_init_context(tctx, test, &smb_krb5_context);
+	torture_assert(tctx, ok, "torture_krb5_init_context failed");
+
+	code = principal_from_credentials(tctx,
+					  credentials,
+					  smb_krb5_context,
+					  &principal,
+					  &obtained,
+					  &error_string);
+	torture_assert_int_equal(tctx, code, 0, error_string);
+
+	password = cli_credentials_get_password(credentials);
+
+	switch (test)
+	{
+	case TORTURE_KRB5_TEST_PLAIN:
+		break;
+	case TORTURE_KRB5_TEST_PAC_REQUEST:
+#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_PAC_REQUEST
+		code = krb5_get_init_creds_opt_alloc(smb_krb5_context->krb5_context,
+						     &krb_options);
+		torture_assert_int_equal(tctx,
+					 code, 0,
+					 "krb5_get_init_creds_opt_alloc failed");
+
+		code = krb5_get_init_creds_opt_set_pac_request(smb_krb5_context->krb5_context,
+							       krb_options,
+							       1);
+		torture_assert_int_equal(tctx,
+					 code, 0,
+					 "krb5_get_init_creds_opt_set_pac_request failed");
+#endif
+		break;
+	case TORTURE_KRB5_TEST_BREAK_PW:
+		password = "NOT the password";
+		break;
+	case TORTURE_KRB5_TEST_CLOCK_SKEW:
+		code = krb5_set_real_time(smb_krb5_context->krb5_context,
+					  time(NULL) + 3600,
+					  0);
+		torture_assert_int_equal(tctx,
+					 code, 0,
+					 "krb5_set_real_time failed");
+		break;
+	case TORTURE_KRB5_TEST_AES: {
+		krb5_enctype etype[] = { ENCTYPE_AES256_CTS_HMAC_SHA1_96 };
+
+		code = krb5_get_init_creds_opt_alloc(smb_krb5_context->krb5_context,
+						     &krb_options);
+		torture_assert_int_equal(tctx,
+					 code, 0,
+					 "krb5_get_init_creds_opt_alloc failed");
+
+		krb5_get_init_creds_opt_set_etype_list(krb_options,
+						       etype,
+						       1);
+		break;
+	}
+	case TORTURE_KRB5_TEST_RC4: {
+		krb5_enctype etype[] = { ENCTYPE_ARCFOUR_HMAC };
+
+		code = krb5_get_init_creds_opt_alloc(smb_krb5_context->krb5_context,
+						     &krb_options);
+		torture_assert_int_equal(tctx,
+					 code, 0,
+					 "krb5_get_init_creds_opt_alloc failed");
+
+		krb5_get_init_creds_opt_set_etype_list(krb_options,
+						       etype,
+						       1);
+		break;
+	}
+	case TORTURE_KRB5_TEST_AES_RC4: {
+		krb5_enctype etype[] = { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_ARCFOUR_HMAC };
+
+		code = krb5_get_init_creds_opt_alloc(smb_krb5_context->krb5_context,
+						     &krb_options);
+		torture_assert_int_equal(tctx,
+					 code, 0,
+					 "krb5_get_init_creds_opt_alloc failed");
+
+
+		krb5_get_init_creds_opt_set_etype_list(krb_options,
+						       etype,
+						       2);
+		break;
+	}
+	}
+
+	code = krb5_get_init_creds_password(smb_krb5_context->krb5_context,
+					    &my_creds,
+					    principal,
+					    password,
+					    NULL,
+					    NULL,
+					    0,
+					    NULL,
+					    krb_options);
+	krb5_get_init_creds_opt_free(smb_krb5_context->krb5_context,
+				     krb_options);
+
+	switch (test)
+	{
+	case TORTURE_KRB5_TEST_PLAIN:
+	case TORTURE_KRB5_TEST_PAC_REQUEST:
+	case TORTURE_KRB5_TEST_AES:
+	case TORTURE_KRB5_TEST_RC4:
+	case TORTURE_KRB5_TEST_AES_RC4:
+		torture_assert_int_equal(tctx,
+					 code,
+					 0,
+					 "krb5_get_init_creds_password failed");
+		break;
+	case TORTURE_KRB5_TEST_BREAK_PW:
+		torture_assert_int_equal(tctx,
+					 code,
+					 KRB5KDC_ERR_PREAUTH_FAILED,
+					 "krb5_get_init_creds_password should "
+					 "have failed");
+		return true;
+	case TORTURE_KRB5_TEST_CLOCK_SKEW:
+		torture_assert_int_equal(tctx,
+					 code,
+					 KRB5KRB_AP_ERR_SKEW,
+					 "krb5_get_init_creds_password should "
+					 "have failed");
+		return true;
+	}
+
+	krb5_free_cred_contents(smb_krb5_context->krb5_context,
+				&my_creds);
+
+	return true;
+}
+
+static bool torture_krb5_as_req_cmdline(struct torture_context *tctx)
+{
+	return torture_krb5_as_req_creds(tctx,
+					 samba_cmdline_get_creds(),
+					 TORTURE_KRB5_TEST_PLAIN);
+}
+
+#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_PAC_REQUEST
+static bool torture_krb5_as_req_pac_request(struct torture_context *tctx)
+{
+	bool ok;
+
+	ok = torture_setting_bool(tctx, "expect_rodc", false);
+	if (ok) {
+		torture_skip(tctx,
+			     "This test needs further investigation in the "
+			     "RODC case against a Windows DC, in particular "
+			     "with non-cached users");
+	}
+	return torture_krb5_as_req_creds(tctx, samba_cmdline_get_creds(),
+			TORTURE_KRB5_TEST_PAC_REQUEST);
+}
+#endif /* HAVE_KRB5_GET_INIT_CREDS_OPT_SET_PAC_REQUEST */
+
+static bool torture_krb5_as_req_break_pw(struct torture_context *tctx)
+{
+	return torture_krb5_as_req_creds(tctx,
+					 samba_cmdline_get_creds(),
+					 TORTURE_KRB5_TEST_BREAK_PW);
+}
+
+static bool torture_krb5_as_req_clock_skew(struct torture_context *tctx)
+{
+	return torture_krb5_as_req_creds(tctx,
+					 samba_cmdline_get_creds(),
+					 TORTURE_KRB5_TEST_CLOCK_SKEW);
+}
+
+static bool torture_krb5_as_req_aes(struct torture_context *tctx)
+{
+	return torture_krb5_as_req_creds(tctx,
+					 samba_cmdline_get_creds(),
+					 TORTURE_KRB5_TEST_AES);
+}
+
+static bool torture_krb5_as_req_rc4(struct torture_context *tctx)
+{
+	return torture_krb5_as_req_creds(tctx,
+					 samba_cmdline_get_creds(),
+					 TORTURE_KRB5_TEST_RC4);
+}
+
+static bool torture_krb5_as_req_aes_rc4(struct torture_context *tctx)
+{
+	return torture_krb5_as_req_creds(tctx,
+					 samba_cmdline_get_creds(),
+					 TORTURE_KRB5_TEST_AES_RC4);
+}
+
+NTSTATUS torture_krb5_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite =
+		torture_suite_create(ctx, "krb5");
+	struct torture_suite *kdc_suite = torture_suite_create(suite, "kdc");
+	suite->description = talloc_strdup(suite, "Kerberos tests");
+	kdc_suite->description = talloc_strdup(kdc_suite, "Kerberos KDC tests");
+
+	torture_suite_add_simple_test(kdc_suite,
+				      "as-req-cmdline",
+				      torture_krb5_as_req_cmdline);
+
+#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_PAC_REQUEST
+	/* Only available with MIT Kerveros 1.15 and newer */
+	torture_suite_add_simple_test(kdc_suite, "as-req-pac-request",
+				      torture_krb5_as_req_pac_request);
+#endif
+
+	torture_suite_add_simple_test(kdc_suite, "as-req-break-pw",
+				      torture_krb5_as_req_break_pw);
+
+	/* This only works if kdc_timesync 0 is set in krb5.conf */
+	torture_suite_add_simple_test(kdc_suite, "as-req-clock-skew",
+				      torture_krb5_as_req_clock_skew);
+
+#if 0
+	torture_suite_add_suite(kdc_suite, torture_krb5_canon(kdc_suite));
+#endif
+	torture_suite_add_simple_test(kdc_suite,
+				      "as-req-aes",
+				      torture_krb5_as_req_aes);
+
+	torture_suite_add_simple_test(kdc_suite,
+				      "as-req-rc4",
+				      torture_krb5_as_req_rc4);
+
+	torture_suite_add_simple_test(kdc_suite,
+				      "as-req-aes-rc4",
+				      torture_krb5_as_req_aes_rc4);
+
+	torture_suite_add_suite(suite, kdc_suite);
+
+	torture_register_suite(ctx, suite);
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/torture/krb5/wscript_build b/source4/torture/krb5/wscript_build
new file mode 100644
index 0000000..f59aa88
--- /dev/null
+++ b/source4/torture/krb5/wscript_build
@@ -0,0 +1,19 @@
+#!/usr/bin/env python
+
+if bld.CONFIG_SET('AD_DC_BUILD_IS_ENABLED'):
+    if bld.CONFIG_SET('SAMBA4_USES_HEIMDAL'):
+        bld.SAMBA_MODULE('TORTURE_KRB5',
+                         source='kdc-heimdal.c kdc-canon-heimdal.c',
+                         autoproto='proto.h',
+                         subsystem='smbtorture',
+                         init_function='torture_krb5_init',
+                         deps='authkrb5 torture KERBEROS_UTIL',
+                         internal_module=True)
+    else:
+            bld.SAMBA_MODULE('TORTURE_KRB5',
+                             source='kdc-mit.c',
+                             autoproto='proto.h',
+                             subsystem='smbtorture',
+                             init_function='torture_krb5_init',
+                             deps='authkrb5 torture KERBEROS_UTIL',
+                             internal_module=True)
diff --git a/source4/torture/ldap/basic.c b/source4/torture/ldap/basic.c
new file mode 100644
index 0000000..ff9207e
--- /dev/null
+++ b/source4/torture/ldap/basic.c
@@ -0,0 +1,1004 @@
+/* 
+   Unix SMB/CIFS Implementation.
+   LDAP protocol helper functions for SAMBA
+   
+   Copyright (C) Stefan Metzmacher 2004
+   Copyright (C) Simo Sorce 2004
+   Copyright (C) Matthias Dieter Wallnöfer 2009-2010
+    
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+   
+*/
+
+#include "includes.h"
+#include "ldb_wrap.h"
+#include "libcli/ldap/ldap_client.h"
+#include "lib/cmdline/cmdline.h"
+
+#include "torture/torture.h"
+#include "torture/ldap/proto.h"
+
+#undef strcasecmp
+
+static bool test_bind_sasl(struct torture_context *tctx,
+			   struct ldap_connection *conn, struct cli_credentials *creds)
+{
+	NTSTATUS status;
+	bool ret = true;
+
+	printf("Testing sasl bind as user\n");
+
+	status = torture_ldap_bind_sasl(conn, creds, tctx->lp_ctx);
+	if (!NT_STATUS_IS_OK(status)) {
+		ret = false;
+	}
+
+	return ret;
+}
+
+static bool test_multibind(struct ldap_connection *conn, const char *userdn, const char *password)
+{
+	NTSTATUS status, expected;
+	bool ok;
+
+	printf("Testing multiple binds on a single connection as anonymous and user\n");
+
+	status = torture_ldap_bind(conn, NULL, NULL);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("1st bind as anonymous failed with %s\n",
+		       nt_errstr(status));
+		return false;
+	}
+
+	expected = NT_STATUS_LDAP(LDAP_STRONG_AUTH_REQUIRED);
+	status = torture_ldap_bind(conn, userdn, password);
+
+	ok = NT_STATUS_EQUAL(status, expected);
+	if (!ok) {
+		printf("2nd bind as authenticated user should have "
+		       "failed with: %s, got %s\n",
+		       nt_errstr(expected),
+		       nt_errstr(status));
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_search_rootDSE(struct ldap_connection *conn, const char **basedn,
+	const char ***partitions)
+{
+	bool ret = true;
+	struct ldap_message *msg, *result;
+	struct ldap_request *req;
+	int i;
+	struct ldap_SearchResEntry *r;
+	NTSTATUS status;
+
+	printf("Testing RootDSE Search\n");
+
+	*basedn = NULL;
+
+	if (partitions != NULL) {
+		*partitions = const_str_list(str_list_make_empty(conn));
+	}
+
+	msg = new_ldap_message(conn);
+	if (!msg) {
+		return false;
+	}
+
+	msg->type = LDAP_TAG_SearchRequest;
+	msg->r.SearchRequest.basedn = "";
+	msg->r.SearchRequest.scope = LDAP_SEARCH_SCOPE_BASE;
+	msg->r.SearchRequest.deref = LDAP_DEREFERENCE_NEVER;
+	msg->r.SearchRequest.timelimit = 0;
+	msg->r.SearchRequest.sizelimit = 0;
+	msg->r.SearchRequest.attributesonly = false;
+	msg->r.SearchRequest.tree = ldb_parse_tree(msg, "(objectclass=*)");
+	msg->r.SearchRequest.num_attributes = 0;
+	msg->r.SearchRequest.attributes = NULL;
+
+	req = ldap_request_send(conn, msg);
+	if (req == NULL) {
+		printf("Could not setup ldap search\n");
+		return false;
+	}
+
+	status = ldap_result_one(req, &result, LDAP_TAG_SearchResultEntry);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("search failed - %s\n", nt_errstr(status));
+		return false;
+	}
+
+	printf("received %d replies\n", req->num_replies);
+
+	r = &result->r.SearchResultEntry;
+		
+	DEBUG(1,("\tdn: %s\n", r->dn));
+	for (i=0; i<r->num_attributes; i++) {
+		unsigned int j;
+		for (j=0; j<r->attributes[i].num_values; j++) {
+			DEBUG(1,("\t%s: %d %.*s\n", r->attributes[i].name,
+				 (int)r->attributes[i].values[j].length,
+				 (int)r->attributes[i].values[j].length,
+				 (char *)r->attributes[i].values[j].data));
+			if (!(*basedn) && 
+			    strcasecmp("defaultNamingContext",r->attributes[i].name)==0) {
+				*basedn = talloc_asprintf(conn, "%.*s",
+							  (int)r->attributes[i].values[j].length,
+							  (char *)r->attributes[i].values[j].data);
+			}
+			if ((partitions != NULL) &&
+			    (strcasecmp("namingContexts", r->attributes[i].name) == 0)) {
+				char *entry = talloc_asprintf(conn, "%.*s",
+							      (int)r->attributes[i].values[j].length,
+							      (char *)r->attributes[i].values[j].data);
+				*partitions = str_list_add(*partitions, entry);
+			}
+		}
+	}
+
+	return ret;
+}
+
+static bool test_search_rootDSE_empty_substring(struct ldap_connection *conn)
+{
+	bool ret = true;
+	struct ldap_message *msg, *result;
+	struct ldap_request *req;
+	NTSTATUS status;
+
+	printf("Testing RootDSE Search with objectclass= substring filter\n");
+
+	msg = new_ldap_message(conn);
+	if (!msg) {
+		return false;
+	}
+
+	msg->type = LDAP_TAG_SearchRequest;
+	msg->r.SearchRequest.basedn = "";
+	msg->r.SearchRequest.scope = LDAP_SEARCH_SCOPE_BASE;
+	msg->r.SearchRequest.deref = LDAP_DEREFERENCE_NEVER;
+	msg->r.SearchRequest.timelimit = 0;
+	msg->r.SearchRequest.sizelimit = 0;
+	msg->r.SearchRequest.attributesonly = false;
+	msg->r.SearchRequest.tree = ldb_parse_tree(msg, "(objectclass=*)");
+	msg->r.SearchRequest.tree->operation = LDB_OP_SUBSTRING;
+	msg->r.SearchRequest.tree->u.substring.attr = "objectclass";
+	msg->r.SearchRequest.tree->u.substring.start_with_wildcard = 1;
+	msg->r.SearchRequest.tree->u.substring.end_with_wildcard = 1;
+	msg->r.SearchRequest.tree->u.substring.chunks = NULL;
+	msg->r.SearchRequest.num_attributes = 0;
+	msg->r.SearchRequest.attributes = NULL;
+
+	req = ldap_request_send(conn, msg);
+	if (req == NULL) {
+		printf("Could not setup ldap search\n");
+		return false;
+	}
+
+	status = ldap_result_one(req, &result, LDAP_TAG_SearchResultEntry);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("looking for search result reply failed - %s\n", nt_errstr(status));
+		return false;
+	}
+
+	printf("received %d replies\n", req->num_replies);
+
+	return ret;
+}
+
+static bool test_search_auth_empty_substring(struct ldap_connection *conn, const char *basedn)
+{
+	bool ret = true;
+	struct ldap_message *msg, *result;
+	struct ldap_request *req;
+	NTSTATUS status;
+	struct ldap_Result *r;
+
+	printf("Testing authenticated base Search with objectclass= substring filter\n");
+
+	msg = new_ldap_message(conn);
+	if (!msg) {
+		return false;
+	}
+
+	msg->type = LDAP_TAG_SearchRequest;
+	msg->r.SearchRequest.basedn = basedn;
+	msg->r.SearchRequest.scope = LDAP_SEARCH_SCOPE_BASE;
+	msg->r.SearchRequest.deref = LDAP_DEREFERENCE_NEVER;
+	msg->r.SearchRequest.timelimit = 0;
+	msg->r.SearchRequest.sizelimit = 0;
+	msg->r.SearchRequest.attributesonly = false;
+	msg->r.SearchRequest.tree = ldb_parse_tree(msg, "(objectclass=*)");
+	msg->r.SearchRequest.tree->operation = LDB_OP_SUBSTRING;
+	msg->r.SearchRequest.tree->u.substring.attr = "objectclass";
+	msg->r.SearchRequest.tree->u.substring.start_with_wildcard = 1;
+	msg->r.SearchRequest.tree->u.substring.end_with_wildcard = 1;
+	msg->r.SearchRequest.tree->u.substring.chunks = NULL;
+	msg->r.SearchRequest.num_attributes = 0;
+	msg->r.SearchRequest.attributes = NULL;
+
+	req = ldap_request_send(conn, msg);
+	if (req == NULL) {
+		printf("Could not setup ldap search\n");
+		return false;
+	}
+
+	status = ldap_result_one(req, &result, LDAP_TAG_SearchResultDone);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("looking for search result done failed - %s\n", nt_errstr(status));
+		return false;
+	}
+
+	printf("received %d replies\n", req->num_replies);
+
+	r = &result->r.SearchResultDone;
+
+	if (r->resultcode != LDAP_SUCCESS) {
+		printf("search result done gave error - %s\n", ldb_strerror(r->resultcode));
+		return false;
+	}
+
+	return ret;
+}
+
+static bool test_compare_sasl(struct ldap_connection *conn, const char *basedn)
+{
+	struct ldap_message *msg, *rep;
+	struct ldap_request *req;
+	const char *val;
+	NTSTATUS status;
+
+	printf("Testing SASL Compare: %s\n", basedn);
+
+	if (!basedn) {
+		return false;
+	}
+
+	msg = new_ldap_message(conn);
+	if (!msg) {
+		return false;
+	}
+
+	msg->type = LDAP_TAG_CompareRequest;
+	msg->r.CompareRequest.dn = basedn;
+	msg->r.CompareRequest.attribute = talloc_strdup(msg, "objectClass");
+	val = "domain";
+	msg->r.CompareRequest.value = data_blob_talloc(msg, val, strlen(val));
+
+	req = ldap_request_send(conn, msg);
+	if (!req) {
+		return false;
+	}
+
+	status = ldap_result_one(req, &rep, LDAP_TAG_CompareResponse);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("error in ldap compare request - %s\n", nt_errstr(status));
+		return false;
+	}
+
+	DEBUG(5,("Code: %d DN: [%s] ERROR:[%s] REFERRAL:[%s]\n",
+		rep->r.CompareResponse.resultcode,
+		rep->r.CompareResponse.dn,
+		rep->r.CompareResponse.errormessage,
+		rep->r.CompareResponse.referral));
+
+	return true;
+}
+
+/*
+ * This takes an AD error message and splits it into the WERROR code
+ * (WERR_DS_GENERIC if none found) and the reason (remaining string).
+ */
+static WERROR ad_error(const char *err_msg, char **reason)
+{
+	WERROR err = W_ERROR(strtol(err_msg, reason, 16));
+
+	if ((reason != NULL) && (*reason[0] != ':')) {
+		return WERR_DS_GENERIC_ERROR; /* not an AD std error message */
+	}
+		
+	if (reason != NULL) {
+		*reason += 2; /* skip ": " */
+	}
+	return err;
+}
+
+/* This has to be done using the LDAP API since the LDB API does only transmit
+ * the error code and not the error message. */
+static bool test_error_codes(struct torture_context *tctx,
+	struct ldap_connection *conn, const char *basedn)
+{
+	struct ldap_message *msg, *rep;
+	struct ldap_request *req;
+	const char *err_code_str;
+	char *endptr;
+	WERROR err;
+	NTSTATUS status;
+
+	printf("Testing the most important error code -> error message conversions!\n");
+
+	if (!basedn) {
+		return false;
+	}
+
+	msg = new_ldap_message(conn);
+	if (!msg) {
+		return false;
+	}
+
+	printf(" Try a wrong addition\n");
+
+	msg->type = LDAP_TAG_AddRequest;
+	msg->r.AddRequest.dn = basedn;
+	msg->r.AddRequest.num_attributes = 0;
+	msg->r.AddRequest.attributes = NULL;
+
+	req = ldap_request_send(conn, msg);
+	if (!req) {
+		return false;
+	}
+
+	status = ldap_result_one(req, &rep, LDAP_TAG_AddResponse);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("error in ldap add request - %s\n", nt_errstr(status));
+		return false;
+	}
+
+	if ((rep->r.AddResponse.resultcode == 0)
+		|| (rep->r.AddResponse.errormessage == NULL)
+		|| (strtol(rep->r.AddResponse.errormessage, &endptr,16) <= 0)
+		|| (*endptr != ':')) {
+		printf("Invalid error message!\n");
+		return false;
+	}
+
+	err = ad_error(rep->r.AddResponse.errormessage, &endptr);
+	err_code_str = win_errstr(err);
+	printf(" - Errorcode: %s; Reason: %s\n", err_code_str, endptr);
+	if ((!W_ERROR_EQUAL(err, WERR_DS_REFERRAL))
+			|| (rep->r.AddResponse.resultcode != LDAP_REFERRAL)) {
+			return false;
+	}
+	if ((rep->r.AddResponse.referral == NULL)
+			|| (strstr(rep->r.AddResponse.referral, basedn) == NULL)) {
+			return false;
+	}
+
+	printf(" Try another wrong addition\n");
+
+	msg->type = LDAP_TAG_AddRequest;
+	msg->r.AddRequest.dn = "";
+	msg->r.AddRequest.num_attributes = 0;
+	msg->r.AddRequest.attributes = NULL;
+
+	req = ldap_request_send(conn, msg);
+	if (!req) {
+		return false;
+	}
+
+	status = ldap_result_one(req, &rep, LDAP_TAG_AddResponse);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("error in ldap add request - %s\n", nt_errstr(status));
+		return false;
+	}
+
+	if ((rep->r.AddResponse.resultcode == 0)
+		|| (rep->r.AddResponse.errormessage == NULL)
+		|| (strtol(rep->r.AddResponse.errormessage, &endptr,16) <= 0)
+		|| (*endptr != ':')) {
+		printf("Invalid error message!\n");
+		return false;
+	}
+
+	err = ad_error(rep->r.AddResponse.errormessage, &endptr);
+	err_code_str = win_errstr(err);
+	printf(" - Errorcode: %s; Reason: %s\n", err_code_str, endptr);
+	if ((!W_ERROR_EQUAL(err, WERR_DS_ROOT_MUST_BE_NC) &&
+	     !W_ERROR_EQUAL(err, WERR_DS_NAMING_VIOLATION))
+		|| (rep->r.AddResponse.resultcode != LDAP_NAMING_VIOLATION)) {
+		return false;
+	}
+
+	printf(" Try a wrong modification\n");
+
+	msg->type = LDAP_TAG_ModifyRequest;
+	msg->r.ModifyRequest.dn = basedn;
+	msg->r.ModifyRequest.num_mods = 0;
+	msg->r.ModifyRequest.mods = NULL;
+
+	req = ldap_request_send(conn, msg);
+	if (!req) {
+		return false;
+	}
+
+	status = ldap_result_one(req, &rep, LDAP_TAG_ModifyResponse);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("error in ldap modifification request - %s\n", nt_errstr(status));
+		return false;
+	}
+
+	if ((rep->r.ModifyResponse.resultcode == 0)
+		|| (rep->r.ModifyResponse.errormessage == NULL)
+		|| (strtol(rep->r.ModifyResponse.errormessage, &endptr,16) <= 0)
+		|| (*endptr != ':')) {
+		printf("Invalid error message!\n");
+		return false;
+	}
+
+	err = ad_error(rep->r.ModifyResponse.errormessage, &endptr);
+	err_code_str = win_errstr(err);
+	printf(" - Errorcode: %s; Reason: %s\n", err_code_str, endptr);
+	if ((!W_ERROR_EQUAL(err, WERR_INVALID_PARAMETER) &&
+	     !W_ERROR_EQUAL(err, WERR_DS_UNWILLING_TO_PERFORM))
+		|| (rep->r.ModifyResponse.resultcode != LDAP_UNWILLING_TO_PERFORM)) {
+		return false;
+	}
+
+	printf(" Try another wrong modification\n");
+
+	msg->type = LDAP_TAG_ModifyRequest;
+	msg->r.ModifyRequest.dn = "";
+	msg->r.ModifyRequest.num_mods = 0;
+	msg->r.ModifyRequest.mods = NULL;
+
+	req = ldap_request_send(conn, msg);
+	if (!req) {
+		return false;
+	}
+
+	status = ldap_result_one(req, &rep, LDAP_TAG_ModifyResponse);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("error in ldap modifification request - %s\n", nt_errstr(status));
+		return false;
+	}
+
+	if ((rep->r.ModifyResponse.resultcode == 0)
+		|| (rep->r.ModifyResponse.errormessage == NULL)
+		|| (strtol(rep->r.ModifyResponse.errormessage, &endptr,16) <= 0)
+		|| (*endptr != ':')) {
+		printf("Invalid error message!\n");
+		return false;
+	}
+
+	err = ad_error(rep->r.ModifyResponse.errormessage, &endptr);
+	err_code_str = win_errstr(err);
+	printf(" - Errorcode: %s; Reason: %s\n", err_code_str, endptr);
+	if ((!W_ERROR_EQUAL(err, WERR_INVALID_PARAMETER) &&
+	     !W_ERROR_EQUAL(err, WERR_DS_UNWILLING_TO_PERFORM))
+		|| (rep->r.ModifyResponse.resultcode != LDAP_UNWILLING_TO_PERFORM)) {
+		return false;
+	}
+
+	printf(" Try a wrong removal\n");
+
+	msg->type = LDAP_TAG_DelRequest;
+	msg->r.DelRequest.dn = basedn;
+
+	req = ldap_request_send(conn, msg);
+	if (!req) {
+		return false;
+	}
+
+	status = ldap_result_one(req, &rep, LDAP_TAG_DelResponse);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("error in ldap removal request - %s\n", nt_errstr(status));
+		return false;
+	}
+
+	if ((rep->r.DelResponse.resultcode == 0)
+		|| (rep->r.DelResponse.errormessage == NULL)
+		|| (strtol(rep->r.DelResponse.errormessage, &endptr,16) <= 0)
+		|| (*endptr != ':')) {
+		printf("Invalid error message!\n");
+		return false;
+	}
+
+	err = ad_error(rep->r.DelResponse.errormessage, &endptr);
+	err_code_str = win_errstr(err);
+	printf(" - Errorcode: %s; Reason: %s\n", err_code_str, endptr);
+	if ((!W_ERROR_EQUAL(err, WERR_DS_CANT_DELETE) &&
+	     !W_ERROR_EQUAL(err, WERR_DS_UNWILLING_TO_PERFORM))
+		|| (rep->r.DelResponse.resultcode != LDAP_UNWILLING_TO_PERFORM)) {
+		return false;
+	}
+
+	printf(" Try another wrong removal\n");
+
+	msg->type = LDAP_TAG_DelRequest;
+	msg->r.DelRequest.dn = "";
+
+	req = ldap_request_send(conn, msg);
+	if (!req) {
+		return false;
+	}
+
+	status = ldap_result_one(req, &rep, LDAP_TAG_DelResponse);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("error in ldap removal request - %s\n", nt_errstr(status));
+		return false;
+	}
+
+	if ((rep->r.DelResponse.resultcode == 0)
+		|| (rep->r.DelResponse.errormessage == NULL)
+		|| (strtol(rep->r.DelResponse.errormessage, &endptr,16) <= 0)
+		|| (*endptr != ':')) {
+		printf("Invalid error message!\n");
+		return false;
+	}
+	
+	err = ad_error(rep->r.DelResponse.errormessage, &endptr);
+	err_code_str = win_errstr(err);
+	printf(" - Errorcode: %s; Reason: %s\n", err_code_str, endptr);
+	if ((!W_ERROR_EQUAL(err, WERR_DS_OBJ_NOT_FOUND) &&
+	     !W_ERROR_EQUAL(err, WERR_DS_NO_SUCH_OBJECT))
+		|| (rep->r.DelResponse.resultcode != LDAP_NO_SUCH_OBJECT)) {
+		return false;
+	}
+
+	printf(" Try a wrong rename\n");
+
+	msg->type = LDAP_TAG_ModifyDNRequest;
+	msg->r.ModifyDNRequest.dn = basedn;
+	msg->r.ModifyDNRequest.newrdn = "dc=test";
+	msg->r.ModifyDNRequest.deleteolddn = true;
+	msg->r.ModifyDNRequest.newsuperior = NULL;
+
+	req = ldap_request_send(conn, msg);
+	if (!req) {
+		return false;
+	}
+
+	status = ldap_result_one(req, &rep, LDAP_TAG_ModifyDNResponse);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("error in ldap rename request - %s\n", nt_errstr(status));
+		return false;
+	}
+
+	if ((rep->r.ModifyDNResponse.resultcode == 0)
+		|| (rep->r.ModifyDNResponse.errormessage == NULL)
+		|| (strtol(rep->r.ModifyDNResponse.errormessage, &endptr,16) <= 0)
+		|| (*endptr != ':')) {
+		printf("Invalid error message!\n");
+		return false;
+	}
+
+	err = ad_error(rep->r.ModifyDNResponse.errormessage, &endptr);
+	err_code_str = win_errstr(err);
+	printf(" - Errorcode: %s; Reason: %s\n", err_code_str, endptr);
+	if ((!W_ERROR_EQUAL(err, WERR_DS_NO_PARENT_OBJECT) &&
+	     !W_ERROR_EQUAL(err, WERR_DS_GENERIC_ERROR))
+		|| (rep->r.ModifyDNResponse.resultcode != LDAP_OTHER)) {
+		return false;
+	}
+
+	printf(" Try another wrong rename\n");
+
+	msg->type = LDAP_TAG_ModifyDNRequest;
+	msg->r.ModifyDNRequest.dn = basedn;
+	msg->r.ModifyDNRequest.newrdn = basedn;
+	msg->r.ModifyDNRequest.deleteolddn = true;
+	msg->r.ModifyDNRequest.newsuperior = NULL;
+
+	req = ldap_request_send(conn, msg);
+	if (!req) {
+		return false;
+	}
+
+	status = ldap_result_one(req, &rep, LDAP_TAG_ModifyDNResponse);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("error in ldap rename request - %s\n", nt_errstr(status));
+		return false;
+	}
+
+	if ((rep->r.ModifyDNResponse.resultcode == 0)
+		|| (rep->r.ModifyDNResponse.errormessage == NULL)
+		|| (strtol(rep->r.ModifyDNResponse.errormessage, &endptr,16) <= 0)
+		|| (*endptr != ':')) {
+		printf("Invalid error message!\n");
+		return false;
+	}
+
+	err = ad_error(rep->r.ModifyDNResponse.errormessage, &endptr);
+	err_code_str = win_errstr(err);
+	printf(" - Errorcode: %s; Reason: %s\n", err_code_str, endptr);
+	if ((!W_ERROR_EQUAL(err, WERR_INVALID_PARAMETER) &&
+	     !W_ERROR_EQUAL(err, WERR_DS_NAMING_VIOLATION))
+		|| (rep->r.ModifyDNResponse.resultcode != LDAP_NAMING_VIOLATION)) {
+		return false;
+	}
+
+	printf(" Try another wrong rename\n");
+
+	msg->type = LDAP_TAG_ModifyDNRequest;
+	msg->r.ModifyDNRequest.dn = basedn;
+	msg->r.ModifyDNRequest.newrdn = "";
+	msg->r.ModifyDNRequest.deleteolddn = true;
+	msg->r.ModifyDNRequest.newsuperior = NULL;
+
+	req = ldap_request_send(conn, msg);
+	if (!req) {
+		return false;
+	}
+
+	status = ldap_result_one(req, &rep, LDAP_TAG_ModifyDNResponse);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("error in ldap rename request - %s\n", nt_errstr(status));
+		return false;
+	}
+
+	if ((rep->r.ModifyDNResponse.resultcode == 0)
+		|| (rep->r.ModifyDNResponse.errormessage == NULL)
+		|| (strtol(rep->r.ModifyDNResponse.errormessage, &endptr,16) <= 0)
+		|| (*endptr != ':')) {
+		printf("Invalid error message!\n");
+		return false;
+	}
+
+	err = ad_error(rep->r.ModifyDNResponse.errormessage, &endptr);
+	err_code_str = win_errstr(err);
+	printf(" - Errorcode: %s; Reason: %s\n", err_code_str, endptr);
+	if ((!W_ERROR_EQUAL(err, WERR_INVALID_PARAMETER) &&
+	     !W_ERROR_EQUAL(err, WERR_DS_PROTOCOL_ERROR))
+		|| (rep->r.ModifyDNResponse.resultcode != LDAP_PROTOCOL_ERROR)) {
+		return false;
+	}
+
+	printf(" Try another wrong rename\n");
+
+	msg->type = LDAP_TAG_ModifyDNRequest;
+	msg->r.ModifyDNRequest.dn = "";
+	msg->r.ModifyDNRequest.newrdn = "cn=temp";
+	msg->r.ModifyDNRequest.deleteolddn = true;
+	msg->r.ModifyDNRequest.newsuperior = NULL;
+
+	req = ldap_request_send(conn, msg);
+	if (!req) {
+		return false;
+	}
+
+	status = ldap_result_one(req, &rep, LDAP_TAG_ModifyDNResponse);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("error in ldap rename request - %s\n", nt_errstr(status));
+		return false;
+	}
+
+	if ((rep->r.ModifyDNResponse.resultcode == 0)
+		|| (rep->r.ModifyDNResponse.errormessage == NULL)
+		|| (strtol(rep->r.ModifyDNResponse.errormessage, &endptr,16) <= 0)
+		|| (*endptr != ':')) {
+		printf("Invalid error message!\n");
+		return false;
+	}
+
+	err = ad_error(rep->r.ModifyDNResponse.errormessage, &endptr);
+	err_code_str = win_errstr(err);
+	printf(" - Errorcode: %s; Reason: %s\n", err_code_str, endptr);
+	if ((!W_ERROR_EQUAL(err, WERR_DS_OBJ_NOT_FOUND) &&
+	     !W_ERROR_EQUAL(err, WERR_DS_NO_SUCH_OBJECT))
+		|| (rep->r.ModifyDNResponse.resultcode != LDAP_NO_SUCH_OBJECT)) {
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_referrals(struct torture_context *tctx, TALLOC_CTX *mem_ctx,
+	const char *url, const char *basedn, const char **partitions)
+{
+	struct ldb_context *ldb;
+	struct ldb_result *res;
+	const char * const *attrs = { NULL };
+	struct ldb_dn *dn1, *dn2;
+	int ret;
+	int i, j, k;
+	char *tempstr;
+	bool found, l_found;
+
+	printf("Testing referrals\n");
+
+	if (partitions[0] == NULL) {
+		printf("Partitions list empty!\n");
+		return false;
+	}
+
+	if (strcmp(partitions[0], basedn) != 0) {
+		printf("The first (root) partition DN should be the base DN!\n");
+		return false;
+	}
+
+	ldb = ldb_wrap_connect(mem_ctx, tctx->ev, tctx->lp_ctx, url,
+			       NULL, samba_cmdline_get_creds(), 0);
+
+	/* "partitions[i]" are the partitions for which we search the parents */
+	for (i = 1; partitions[i] != NULL; i++) {
+		dn1 = ldb_dn_new(mem_ctx, ldb, partitions[i]);
+		if (dn1 == NULL) {
+			printf("Out of memory\n");
+			talloc_free(ldb);
+			return false;
+		}
+
+		/* search using base scope */
+		/* "partitions[j]" are the parent candidates */
+		for (j = str_list_length(partitions) - 1; j >= 0; --j) {
+			dn2 = ldb_dn_new(mem_ctx, ldb, partitions[j]);
+			if (dn2 == NULL) {
+				printf("Out of memory\n");
+				talloc_free(ldb);
+				return false;
+			}
+
+			ret = ldb_search(ldb, mem_ctx, &res, dn2,
+					 LDB_SCOPE_BASE, attrs,
+					 "(foo=bar)");
+			if (ret != LDB_SUCCESS) {
+				printf("%s", ldb_errstring(ldb));
+				talloc_free(ldb);
+				return false;
+			}
+
+			if (res->refs != NULL) {
+				printf("There shouldn't be generated any referrals in the base scope!\n");
+				talloc_free(ldb);
+				return false;
+			}
+
+			talloc_free(res);
+			talloc_free(dn2);
+		}
+
+		/* search using onelevel scope */
+		found = false;
+		/* "partitions[j]" are the parent candidates */
+		for (j = str_list_length(partitions) - 1; j >= 0; --j) {
+			dn2 = ldb_dn_new(mem_ctx, ldb, partitions[j]);
+			if (dn2 == NULL) {
+				printf("Out of memory\n");
+				talloc_free(ldb);
+				return false;
+			}
+
+			ret = ldb_search(ldb, mem_ctx, &res, dn2,
+					 LDB_SCOPE_ONELEVEL, attrs,
+					 "(foo=bar)");
+			if (ret != LDB_SUCCESS) {
+				printf("%s", ldb_errstring(ldb));
+				talloc_free(ldb);
+				return false;
+			}
+
+			tempstr = talloc_asprintf(mem_ctx, "/%s??base",
+						  partitions[i]);
+			if (tempstr == NULL) {
+				printf("Out of memory\n");
+				talloc_free(ldb);
+				return false;
+			}
+
+			/* Try to find or find not a matching referral */
+			l_found = false;
+			for (k = 0; (!l_found) && (res->refs != NULL)
+			    && (res->refs[k] != NULL); k++) {
+				if (strstr(res->refs[k], tempstr) != NULL) {
+					l_found = true;
+				}
+			}
+
+			talloc_free(tempstr);
+
+			if ((!found) && (ldb_dn_compare_base(dn2, dn1) == 0)
+			    && (ldb_dn_compare(dn2, dn1) != 0)) {
+				/* This is a referral candidate */
+				if (!l_found) {
+					printf("A required referral hasn't been found on onelevel scope (%s -> %s)!\n", partitions[j], partitions[i]);
+					talloc_free(ldb);
+					return false;
+				}
+				found = true;
+			} else {
+				/* This isn't a referral candidate */
+				if (l_found) {
+					printf("A unrequired referral has been found on onelevel scope (%s -> %s)!\n", partitions[j], partitions[i]);
+					talloc_free(ldb);
+					return false;
+				}
+			}
+
+			talloc_free(res);
+			talloc_free(dn2);
+		}
+
+		/* search using subtree scope */
+		found = false;
+		/* "partitions[j]" are the parent candidates */
+		for (j = str_list_length(partitions) - 1; j >= 0; --j) {
+			dn2 = ldb_dn_new(mem_ctx, ldb, partitions[j]);
+			if (dn2 == NULL) {
+				printf("Out of memory\n");
+				talloc_free(ldb);
+				return false;
+			}
+
+			ret = ldb_search(ldb, mem_ctx, &res, dn2,
+					 LDB_SCOPE_SUBTREE, attrs,
+					 "(foo=bar)");
+			if (ret != LDB_SUCCESS) {
+				printf("%s", ldb_errstring(ldb));
+				talloc_free(ldb);
+				return false;
+			}
+
+			tempstr = talloc_asprintf(mem_ctx, "/%s",
+						  partitions[i]);
+			if (tempstr == NULL) {
+				printf("Out of memory\n");
+				talloc_free(ldb);
+				return false;
+			}
+
+			/* Try to find or find not a matching referral */
+			l_found = false;
+			for (k = 0; (!l_found) && (res->refs != NULL)
+			    && (res->refs[k] != NULL); k++) {
+				if (strstr(res->refs[k], tempstr) != NULL) {
+					l_found = true;
+				}
+			}
+
+			talloc_free(tempstr);
+
+			if ((!found) && (ldb_dn_compare_base(dn2, dn1) == 0)
+			    && (ldb_dn_compare(dn2, dn1) != 0)) {
+				/* This is a referral candidate */
+				if (!l_found) {
+					printf("A required referral hasn't been found on subtree scope (%s -> %s)!\n", partitions[j], partitions[i]);
+					talloc_free(ldb);
+					return false;
+				}
+				found = true;
+			} else {
+				/* This isn't a referral candidate */
+				if (l_found) {
+					printf("A unrequired referral has been found on subtree scope (%s -> %s)!\n", partitions[j], partitions[i]);
+					talloc_free(ldb);
+					return false;
+				}
+			}
+
+			talloc_free(res);
+			talloc_free(dn2);
+		}
+
+		talloc_free(dn1);
+	}
+
+	talloc_free(ldb);
+
+	return true;
+}
+
+static bool test_abandon_request(struct torture_context *tctx,
+	struct ldap_connection *conn, const char *basedn)
+{
+	struct ldap_message *msg;
+	struct ldap_request *req;
+	NTSTATUS status;
+
+	printf("Testing the AbandonRequest with an old message id!\n");
+
+	if (!basedn) {
+		return false;
+	}
+
+	msg = new_ldap_message(conn);
+	if (!msg) {
+		return false;
+	}
+
+	printf(" Try a AbandonRequest for an old message id\n");
+
+	msg->type = LDAP_TAG_AbandonRequest;
+	msg->r.AbandonRequest.messageid = 1;
+
+	req = ldap_request_send(conn, msg);
+	if (!req) {
+		return false;
+	}
+
+	status = ldap_request_wait(req);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("error in ldap abandon request - %s\n", nt_errstr(status));
+		return false;
+	}
+
+	return true;
+}
+
+
+bool torture_ldap_basic(struct torture_context *torture)
+{
+        NTSTATUS status;
+        struct ldap_connection *conn;
+	TALLOC_CTX *mem_ctx;
+	bool ret = true;
+	const char *host = torture_setting_string(torture, "host", NULL);
+	const char *userdn = torture_setting_string(torture, "ldap_userdn", NULL);
+	const char *secret = torture_setting_string(torture, "ldap_secret", NULL);
+	const char *url;
+	const char *basedn;
+	const char **partitions;
+
+	mem_ctx = talloc_init("torture_ldap_basic");
+
+	url = talloc_asprintf(mem_ctx, "ldap://%s/", host);
+
+	status = torture_ldap_connection(torture, &conn, url);
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+
+	if (!test_search_rootDSE(conn, &basedn, &partitions)) {
+		ret = false;
+	}
+
+	if (!test_search_rootDSE_empty_substring(conn)) {
+		ret = false;
+	}
+
+	/* other bind tests here */
+
+	if (!test_multibind(conn, userdn, secret)) {
+		ret = false;
+	}
+
+	if (!test_bind_sasl(torture, conn, samba_cmdline_get_creds())) {
+		ret = false;
+	}
+
+	if (!test_search_auth_empty_substring(conn, basedn)) {
+		ret = false;
+	}
+
+	if (!test_compare_sasl(conn, basedn)) {
+		ret = false;
+	}
+
+	/* error codes test here */
+
+	if (!test_error_codes(torture, conn, basedn)) {
+		ret = false;
+	}
+
+	/* referrals test here */
+
+	if (!test_referrals(torture, mem_ctx, url, basedn, partitions)) {
+		ret = false;
+	}
+
+	if (!test_abandon_request(torture, conn, basedn)) {
+		ret = false;
+	}
+
+	/* if there are no more tests we are closing */
+	torture_ldap_close(conn);
+	talloc_free(mem_ctx);
+
+	torture_assert(torture, ret, "torture_ldap_basic failed");
+
+	return ret;
+}
+
diff --git a/source4/torture/ldap/cldap.c b/source4/torture/ldap/cldap.c
new file mode 100644
index 0000000..a021f4c
--- /dev/null
+++ b/source4/torture/ldap/cldap.c
@@ -0,0 +1,179 @@
+/* 
+   Unix SMB/CIFS Implementation.
+
+   test CLDAP operations
+   
+   Copyright (C) Andrew Tridgell 2005
+   Copyright (C) Matthias Dieter Wallnöfer 2009
+    
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+   
+*/
+
+#include "includes.h"
+#include "libcli/cldap/cldap.h"
+#include "libcli/ldap/ldap_client.h"
+#include "libcli/resolve/resolve.h"
+#include "param/param.h"
+#include "../lib/tsocket/tsocket.h"
+
+#include "torture/torture.h"
+#include "torture/ldap/proto.h"
+
+#define CHECK_STATUS(status, correct) torture_assert_ntstatus_equal(tctx, status, correct, "incorrect status")
+
+#define CHECK_VAL(v, correct) torture_assert_int_equal(tctx, (v), (correct), "incorrect value");
+
+#define CHECK_STRING(v, correct) torture_assert_str_equal(tctx, v, correct, "incorrect value");
+
+/*
+  convert a ldap result message to a ldb message. This allows us to
+  use the convenient ldif dump routines in ldb to print out cldap
+  search results
+*/
+static struct ldb_message *ldap_msg_to_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, struct ldap_SearchResEntry *res)
+{
+	struct ldb_message *msg;
+
+	msg = ldb_msg_new(mem_ctx);
+	msg->dn = ldb_dn_new(msg, ldb, res->dn);
+	msg->num_elements = res->num_attributes;
+	msg->elements = talloc_steal(msg, res->attributes);
+	return msg;
+}
+
+/*
+  dump a set of cldap results
+*/
+static void cldap_dump_results(struct cldap_search *search)
+{
+	struct ldb_ldif ldif;
+	struct ldb_context *ldb;
+
+	if (!search || !(search->out.response)) {
+		return;
+	}
+
+	/* we need a ldb context to use ldb_ldif_write_file() */
+	ldb = ldb_init(NULL, NULL);
+
+	ZERO_STRUCT(ldif);
+	ldif.msg = ldap_msg_to_ldb(ldb, ldb, search->out.response);
+
+	ldb_ldif_write_file(ldb, stdout, &ldif);
+
+	talloc_free(ldb);
+}
+
+/*
+  test generic cldap operations
+*/
+static bool test_cldap_generic(struct torture_context *tctx, const char *dest)
+{
+	struct cldap_socket *cldap;
+	NTSTATUS status;
+	struct cldap_search search;
+	const char *attrs1[] = { "currentTime", "highestCommittedUSN", NULL };
+	const char *attrs2[] = { "currentTime", "highestCommittedUSN", "netlogon", NULL };
+	const char *attrs3[] = { "netlogon", NULL };
+	struct tsocket_address *dest_addr;
+	const char *ip;
+	struct nbt_name nbt_name;
+	int ret;
+
+	make_nbt_name_server(&nbt_name, dest);
+
+	status = resolve_name_ex(lpcfg_resolve_context(tctx->lp_ctx),
+				 0, 0, &nbt_name, tctx, &ip, tctx->ev);
+	torture_assert_ntstatus_ok(tctx, status,
+			talloc_asprintf(tctx,"Failed to resolve %s: %s",
+					nbt_name.name, nt_errstr(status)));
+
+	ret = tsocket_address_inet_from_strings(tctx, "ip",
+						ip,
+						lpcfg_cldap_port(tctx->lp_ctx),
+						&dest_addr);
+	CHECK_VAL(ret, 0);
+
+	/* cldap_socket_init should now know about the dest. address */
+	status = cldap_socket_init(tctx, NULL, dest_addr, &cldap);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(search);
+	search.in.dest_address = NULL;
+	search.in.dest_port = 0;
+	search.in.timeout = 10;
+	search.in.retries = 3;
+
+	status = cldap_search(cldap, tctx, &search);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	printf("fetching whole rootDSE\n");
+	search.in.filter = "(objectclass=*)";
+	search.in.attributes = NULL;
+
+	status = cldap_search(cldap, tctx, &search);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	if (DEBUGLVL(3)) cldap_dump_results(&search);
+
+	printf("fetching currentTime and USN\n");
+	search.in.filter = "(objectclass=*)";
+	search.in.attributes = attrs1;
+
+	status = cldap_search(cldap, tctx, &search);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	
+	if (DEBUGLVL(3)) cldap_dump_results(&search);
+
+	printf("Testing currentTime, USN and netlogon\n");
+	search.in.filter = "(objectclass=*)";
+	search.in.attributes = attrs2;
+
+	status = cldap_search(cldap, tctx, &search);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	if (DEBUGLVL(3)) cldap_dump_results(&search);
+
+	printf("Testing objectClass=* and netlogon\n");
+	search.in.filter = "(objectclass=*)";
+	search.in.attributes = attrs3;
+
+	status = cldap_search(cldap, tctx, &search);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	if (DEBUGLVL(3)) cldap_dump_results(&search);
+
+	printf("Testing a false expression\n");
+	search.in.filter = "(&(objectclass=*)(highestCommittedUSN=2))";
+	search.in.attributes = attrs1;
+
+	status = cldap_search(cldap, tctx, &search);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	if (DEBUGLVL(3)) cldap_dump_results(&search);	
+
+	return true;	
+}
+
+bool torture_cldap(struct torture_context *torture)
+{
+	bool ret = true;
+	const char *host = torture_setting_string(torture, "host", NULL);
+
+	ret &= test_cldap_generic(torture, host);
+
+	return ret;
+}
+
diff --git a/source4/torture/ldap/cldapbench.c b/source4/torture/ldap/cldapbench.c
new file mode 100644
index 0000000..9b6f7f2
--- /dev/null
+++ b/source4/torture/ldap/cldapbench.c
@@ -0,0 +1,233 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   CLDAP benchmark test
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/cldap/cldap.h"
+#include "libcli/resolve/resolve.h"
+#include "libcli/ldap/ldap_client.h"
+#include "torture/torture.h"
+#include "torture/ldap/proto.h"
+#include "param/param.h"
+#include "../lib/tsocket/tsocket.h"
+
+#define CHECK_VAL(v, correct) torture_assert_int_equal(tctx, (v), (correct), "incorrect value");
+
+struct bench_state {
+	struct torture_context *tctx;
+	int pass_count, fail_count;
+};
+
+static void request_netlogon_handler(struct tevent_req *req)
+{
+	struct cldap_netlogon io;
+	struct bench_state *state = tevent_req_callback_data(req, struct bench_state);
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(NULL);
+	io.in.version = 6;
+	status = cldap_netlogon_recv(req, tmp_ctx, &io);
+	talloc_free(req);
+	if (NT_STATUS_IS_OK(status)) {
+		state->pass_count++;
+	} else {
+		state->fail_count++;
+	}
+	talloc_free(tmp_ctx);
+}
+
+/*
+  benchmark cldap netlogon calls
+*/
+static bool bench_cldap_netlogon(struct torture_context *tctx, const char *address)
+{
+	struct cldap_socket *cldap;
+	int num_sent=0;
+	struct timeval tv = timeval_current();
+	int timelimit = torture_setting_int(tctx, "timelimit", 10);
+	struct cldap_netlogon search;
+	struct bench_state *state;
+	NTSTATUS status;
+	struct tsocket_address *dest_addr;
+	int ret;
+
+	ret = tsocket_address_inet_from_strings(tctx, "ip",
+						address,
+						lpcfg_cldap_port(tctx->lp_ctx),
+						&dest_addr);
+	CHECK_VAL(ret, 0);
+
+	status = cldap_socket_init(tctx, NULL, dest_addr, &cldap);
+	torture_assert_ntstatus_ok(tctx, status, "cldap_socket_init");
+
+	state = talloc_zero(tctx, struct bench_state);
+	state->tctx = tctx;
+
+	ZERO_STRUCT(search);
+	search.in.dest_address = NULL;
+	search.in.dest_port = 0;
+	search.in.acct_control = -1;
+	search.in.version = 6;
+
+	printf("Running CLDAP/netlogon for %d seconds\n", timelimit);
+	while (timeval_elapsed(&tv) < timelimit) {
+		while (num_sent - (state->pass_count+state->fail_count) < 10) {
+			struct tevent_req *req;
+			req = cldap_netlogon_send(state, tctx->ev,
+						  cldap, &search);
+
+			tevent_req_set_callback(req, request_netlogon_handler, state);
+
+			num_sent++;
+			if (num_sent % 50 == 0) {
+				if (torture_setting_bool(tctx, "progress", true)) {
+					printf("%.1f queries per second (%d failures)  \r", 
+					       state->pass_count / timeval_elapsed(&tv),
+					       state->fail_count);
+					fflush(stdout);
+				}
+			}
+		}
+
+		tevent_loop_once(tctx->ev);
+	}
+
+	while (num_sent != (state->pass_count + state->fail_count)) {
+		tevent_loop_once(tctx->ev);
+	}
+
+	printf("%.1f queries per second (%d failures)  \n", 
+	       state->pass_count / timeval_elapsed(&tv),
+	       state->fail_count);
+
+	talloc_free(cldap);
+	return true;
+}
+
+static void request_rootdse_handler(struct tevent_req *req)
+{
+	struct cldap_search io;
+	struct bench_state *state = tevent_req_callback_data(req, struct bench_state);
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(NULL);
+	status = cldap_search_recv(req, tmp_ctx, &io);
+	talloc_free(req);
+	if (NT_STATUS_IS_OK(status)) {
+		state->pass_count++;
+	} else {
+		state->fail_count++;
+	}
+	talloc_free(tmp_ctx);
+}
+
+/*
+  benchmark cldap netlogon calls
+*/
+static bool bench_cldap_rootdse(struct torture_context *tctx, const char *address)
+{
+	struct cldap_socket *cldap;
+	int num_sent=0;
+	struct timeval tv = timeval_current();
+	int timelimit = torture_setting_int(tctx, "timelimit", 10);
+	struct cldap_search search;
+	struct bench_state *state;
+	NTSTATUS status;
+	struct tsocket_address *dest_addr;
+	int ret;
+
+	ret = tsocket_address_inet_from_strings(tctx, "ip",
+						address,
+						lpcfg_cldap_port(tctx->lp_ctx),
+						&dest_addr);
+	CHECK_VAL(ret, 0);
+
+	/* cldap_socket_init should now know about the dest. address */
+	status = cldap_socket_init(tctx, NULL, dest_addr, &cldap);
+	torture_assert_ntstatus_ok(tctx, status, "cldap_socket_init");
+
+	state = talloc_zero(tctx, struct bench_state);
+
+	ZERO_STRUCT(search);
+	search.in.dest_address	= NULL;
+	search.in.dest_port	= 0;
+	search.in.filter	= "(objectClass=*)";
+	search.in.timeout	= 2;
+	search.in.retries	= 1;
+
+	printf("Running CLDAP/rootdse for %d seconds\n", timelimit);
+	while (timeval_elapsed(&tv) < timelimit) {
+		while (num_sent - (state->pass_count+state->fail_count) < 10) {
+			struct tevent_req *req;
+			req = cldap_search_send(state, tctx->ev, cldap, &search);
+
+			tevent_req_set_callback(req, request_rootdse_handler, state);
+
+			num_sent++;
+			if (num_sent % 50 == 0) {
+				if (torture_setting_bool(tctx, "progress", true)) {
+					printf("%.1f queries per second (%d failures)  \r",
+					       state->pass_count / timeval_elapsed(&tv),
+					       state->fail_count);
+					fflush(stdout);
+				}
+			}
+		}
+
+		tevent_loop_once(tctx->ev);
+	}
+
+	while (num_sent != (state->pass_count + state->fail_count)) {
+		tevent_loop_once(tctx->ev);
+	}
+
+	printf("%.1f queries per second (%d failures)  \n",
+	       state->pass_count / timeval_elapsed(&tv),
+	       state->fail_count);
+
+	talloc_free(cldap);
+	return true;
+}
+
+/*
+  benchmark how fast a CLDAP server can respond to a series of parallel
+  requests 
+*/
+bool torture_bench_cldap(struct torture_context *torture)
+{
+	const char *address;
+	struct nbt_name name;
+	NTSTATUS status;
+	bool ret = true;
+	
+	make_nbt_name_server(&name, torture_setting_string(torture, "host", NULL));
+
+	/* do an initial name resolution to find its IP */
+	status = resolve_name_ex(lpcfg_resolve_context(torture->lp_ctx),
+				 0, 0, &name, torture, &address, torture->ev);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("Failed to resolve %s - %s\n",
+		       name.name, nt_errstr(status));
+		return false;
+	}
+
+	ret &= bench_cldap_netlogon(torture, address);
+	ret &= bench_cldap_rootdse(torture, address);
+
+	return ret;
+}
diff --git a/source4/torture/ldap/common.c b/source4/torture/ldap/common.c
new file mode 100644
index 0000000..c33fda7
--- /dev/null
+++ b/source4/torture/ldap/common.c
@@ -0,0 +1,135 @@
+/* 
+   Unix SMB/CIFS Implementation.
+   LDAP protocol helper functions for SAMBA
+   
+   Copyright (C) Stefan Metzmacher 2004
+   Copyright (C) Simo Sorce 2004
+    
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+   
+*/
+
+#include "includes.h"
+#include "libcli/ldap/ldap_client.h"
+#include "torture/smbtorture.h"
+#include "torture/ldap/proto.h"
+
+NTSTATUS torture_ldap_bind(struct ldap_connection *conn, const char *userdn, const char *password)
+{
+	NTSTATUS status;
+
+	status = ldap_bind_simple(conn, userdn, password);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("Failed to bind with provided credentials - %s\n", 
+		       nt_errstr(status));
+	}
+
+	return status;
+}
+
+NTSTATUS torture_ldap_bind_sasl(struct ldap_connection *conn, 
+				struct cli_credentials *creds, 
+				struct loadparm_context *lp_ctx)
+{
+        NTSTATUS status;
+
+	status = ldap_bind_sasl(conn, creds, lp_ctx);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("Failed sasl bind with provided credentials - %s\n", 
+		       nt_errstr(status));
+	}
+ 
+	return status;
+}
+
+/* open a ldap connection to a server */
+NTSTATUS torture_ldap_connection(struct torture_context *tctx, 
+					  struct ldap_connection **conn, 
+					  const char *url)
+{
+	NTSTATUS status;
+
+	if (!url) {
+		printf("You must specify a url string\n");
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	*conn = ldap4_new_connection(tctx, tctx->lp_ctx, tctx->ev);
+
+	status = ldap_connect(*conn, url);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("Failed to connect to ldap server '%s' - %s\n",
+		       url, nt_errstr(status));
+	}
+
+	return status;
+}
+
+/* close an ldap connection to a server */
+NTSTATUS torture_ldap_close(struct ldap_connection *conn)
+{
+	struct ldap_message *msg;
+	struct ldap_request *req;
+	NTSTATUS status;
+
+	printf("Closing the connection...\n");
+
+	msg = new_ldap_message(conn);
+	if (!msg) {
+		talloc_free(conn);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	printf(" Try a UnbindRequest\n");
+
+	msg->type = LDAP_TAG_UnbindRequest;
+
+	req = ldap_request_send(conn, msg);
+	if (!req) {
+		talloc_free(conn);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	status = ldap_request_wait(req);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("error in ldap unbind request - %s\n", nt_errstr(status));
+		talloc_free(conn);
+		return status;
+	}
+
+	talloc_free(conn);
+	return NT_STATUS_OK;
+}
+
+NTSTATUS torture_ldap_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "ldap");
+	torture_suite_add_simple_test(suite, "bench-cldap", torture_bench_cldap);
+	torture_suite_add_simple_test(suite, "basic", torture_ldap_basic);
+	torture_suite_add_simple_test(suite, "sort", torture_ldap_sort);
+	torture_suite_add_simple_test(suite, "cldap", torture_cldap);
+	torture_suite_add_simple_test(suite, "netlogon-udp", torture_netlogon_udp);
+	torture_suite_add_simple_test(suite, "netlogon-tcp", torture_netlogon_tcp);
+	torture_suite_add_simple_test(suite, "schema", torture_ldap_schema);
+	torture_suite_add_simple_test(suite, "uptodatevector", torture_ldap_uptodatevector);
+	torture_suite_add_simple_test(suite, "nested-search", test_ldap_nested_search);
+	torture_suite_add_simple_test(
+		suite, "session-expiry", torture_ldap_session_expiry);
+
+	suite->description = talloc_strdup(suite, "LDAP and CLDAP tests");
+
+	torture_register_suite(ctx, suite);
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/torture/ldap/ldap_sort.c b/source4/torture/ldap/ldap_sort.c
new file mode 100644
index 0000000..b28bd95
--- /dev/null
+++ b/source4/torture/ldap/ldap_sort.c
@@ -0,0 +1,158 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Test LDB attribute functions
+
+   Copyright (C) Andrew Bartlet <abartlet@samba.org> 2008-2009
+   Copyright (C) Matthieu Patou <mat@matws.net> 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.	If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include <ldb.h>
+#include <ldb_errors.h>
+#include "ldb_wrap.h"
+#include "param/param.h"
+#include "lib/cmdline/cmdline.h"
+#include "libcli/ldap/ldap_client.h"
+#include "torture/smbtorture.h"
+#include "torture/ldap/proto.h"
+#include <ctype.h>
+
+bool torture_ldap_sort(struct torture_context *torture)
+{
+	struct ldb_context *ldb;
+
+	bool ret = false;
+	const char *host = torture_setting_string(torture, "host", NULL);
+	char *url;
+	codepoint_t j;
+	struct ldb_message_element *elem;
+	struct ldb_message *msg;
+
+	struct ldb_server_sort_control **control;
+	struct ldb_request *req;
+	struct ldb_result *ctx;
+	struct ldb_val *prev = NULL;
+	const char *prev_txt = NULL;
+	int prev_len = 0;
+	struct ldb_val *cur = NULL;
+	const char *cur_txt = NULL;
+	int cur_len = 0;
+	struct ldb_dn *dn;
+
+
+	/* TALLOC_CTX* ctx;*/
+
+	url = talloc_asprintf(torture, "ldap://%s/", host);
+
+	ldb = ldb_wrap_connect(torture, torture->ev, torture->lp_ctx, url,
+						 NULL,
+						 samba_cmdline_get_creds(),
+						 0);
+	torture_assert(torture, ldb, "Failed to make LDB connection to target");
+
+	ctx = talloc_zero(ldb, struct ldb_result);
+
+	control = talloc_array(ctx, struct ldb_server_sort_control *, 2);
+	control[0] = talloc(control, struct ldb_server_sort_control);
+	control[0]->attributeName = talloc_strdup(control, "cn");
+	control[0]->orderingRule = NULL;
+	control[0]->reverse = 0;
+	control[1] = NULL;
+
+	dn = ldb_get_default_basedn(ldb);
+	ldb_dn_add_child_fmt(dn, "cn=users");
+	ret = ldb_build_search_req(&req, ldb, ctx,
+				   dn,
+				   LDB_SCOPE_SUBTREE,
+				   "(objectClass=*)", NULL,
+				   NULL,
+				   ctx, ldb_search_default_callback, NULL);
+	torture_assert(torture, ret == LDB_SUCCESS, "Failed to build search request");
+
+	ret = ldb_request_add_control(req, LDB_CONTROL_SERVER_SORT_OID, true, control);
+	torture_assert(torture, ret == LDB_SUCCESS, "Failed to add control to search request");
+
+	ret = ldb_request(ldb, req);
+	torture_assert(torture, ret == LDB_SUCCESS, ldb_errstring(ldb));
+
+	ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+	torture_assert(torture, ret == LDB_SUCCESS, ldb_errstring(ldb));
+
+	ret = true;
+	if (ctx->count > 1) {
+		unsigned int i;
+		for (i=0;i<ctx->count;i++) {
+			msg = ctx->msgs[i];
+			elem = ldb_msg_find_element(msg,"cn");
+			torture_assert_not_null(torture, elem, "msg lacks CN");
+			cur = elem->values;
+			torture_comment(torture, "cn: %s\n",cur->data);
+			if (prev != NULL)
+			{
+				/* Do only the ascii case right now ... */
+				cur_txt = (const char *) cur->data;
+				cur_len = cur->length;
+				prev_txt = (const char *) prev->data;
+				prev_len = prev->length;
+				/* Remove leading whitespace as the sort function do so ... */
+				while ( cur_txt[0] == cur_txt[1] ) { cur_txt++; cur_len--;}
+				while ( prev_txt[0] == prev_txt[1] ) { prev_txt++; prev_len--;}
+				while( *(cur_txt) && *(prev_txt) && cur_len && prev_len ) {
+					j = toupper_m(*(prev_txt))-toupper_m(*(cur_txt));
+					if ( j > 0 ) {
+						/* Just check that is not due to trailing white space in prev_txt
+						 * That is to say *cur_txt = 0 and prev_txt = 20 */
+						/* Remove trailing whitespace */
+						while ( *prev_txt == ' ' ) { prev_txt++; prev_len--;}
+						while ( *cur_txt == ' ' ) { cur_txt++; cur_len--;}
+						/* Now that potential whitespace are removed if we are at the end
+						 * of the cur_txt then it means that in fact strings were identical
+						 */
+						torture_assert(torture, *cur_txt && *prev_txt, "Data wrongly sorted");
+						break;
+					}
+					else
+					{
+						if ( j == 0 )
+						{
+							if ( *(cur_txt) == ' ') {
+								while ( cur_txt[0] == cur_txt[1] ) { cur_txt++; cur_len--;}
+								while ( prev_txt[0] == prev_txt[1] ) { prev_txt++; prev_len--;}
+							}
+							cur_txt++;
+							prev_txt++;
+							prev_len--;
+							cur_len--;
+						}
+						else
+						{
+							break;
+						}
+					}
+				}
+				if ( ret != 1 ) {
+					break;
+				}
+			}
+			prev = cur;
+		}
+
+	}
+
+	return ret;
+}
diff --git a/source4/torture/ldap/nested_search.c b/source4/torture/ldap/nested_search.c
new file mode 100644
index 0000000..8f4d71b
--- /dev/null
+++ b/source4/torture/ldap/nested_search.c
@@ -0,0 +1,206 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   BRIEF FILE DESCRIPTION
+
+   Copyright (C) Kamen Mazdrashki <kamen.mazdrashki@postpath.com> 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "ldb.h"
+#include "ldb_wrap.h"
+#include "lib/cmdline/cmdline.h"
+#include "libcli/ldap/ldap_client.h"
+#include "torture/torture.h"
+#include "torture/ldap/proto.h"
+
+#define torture_assert_res(torture_ctx,expr,cmt,_res) \
+	if (!(expr)) { \
+		torture_result(torture_ctx, TORTURE_FAIL, __location__": Expression `%s' failed: %s", __STRING(expr), cmt); \
+		return _res; \
+	}
+
+
+struct nested_search_context {
+	struct torture_context *tctx;
+	struct ldb_dn *root_dn;
+	struct ldb_context *ldb;
+	struct ldb_result *ldb_res;
+};
+
+/*
+ * ldb_search handler - used to executed a nested
+ * ldap search request during LDB_REPLY_ENTRY handling
+ */
+static int nested_search_callback(struct ldb_request *req,
+				  struct ldb_reply *ares)
+{
+	unsigned int i;
+	int res;
+	struct nested_search_context *sctx;
+	struct ldb_result *ldb_res;
+	struct ldb_message *ldb_msg;
+	static const char *attrs[] = {
+		"rootDomainNamingContext",
+		"configurationNamingContext",
+		"schemaNamingContext",
+		"defaultNamingContext",
+		NULL
+	};
+	enum ldb_reply_type type;
+
+	sctx = talloc_get_type(req->context, struct nested_search_context);
+
+	type = ares->type;
+	/* sanity check */
+	switch (type) {
+	case LDB_REPLY_ENTRY:
+		torture_comment(sctx->tctx, "nested_search_callback: LDB_REPLY_ENTRY\n");
+		ldb_msg = ares->message;
+		torture_assert_res(sctx->tctx, ldb_msg, "ares->message is NULL!", LDB_ERR_OPERATIONS_ERROR);
+		torture_assert_res(sctx->tctx, ldb_msg->num_elements, "No elements returned!", LDB_ERR_OPERATIONS_ERROR);
+		torture_assert_res(sctx->tctx, ldb_msg->elements, "elements member is NULL!", LDB_ERR_OPERATIONS_ERROR);
+		break;
+	case LDB_REPLY_DONE:
+		torture_comment(sctx->tctx, "nested_search_callback: LDB_REPLY_DONE\n");
+		break;
+	case LDB_REPLY_REFERRAL:
+		torture_comment(sctx->tctx, "nested_search_callback: LDB_REPLY_REFERRAL\n");
+		break;
+	}
+
+	/* switch context and let default handler do its job */
+	req->context = sctx->ldb_res;
+	res = ldb_search_default_callback(req, ares);
+	req->context = sctx;
+	if (res != LDB_SUCCESS) {
+		return res;
+	}
+
+	/* not a search reply, then get out */
+	if (type != LDB_REPLY_ENTRY) {
+		return res;
+	}
+
+
+	res = ldb_search(sctx->ldb, sctx, &ldb_res, sctx->root_dn, LDB_SCOPE_BASE, attrs, "(objectClass=*)");
+	if (res != LDB_SUCCESS) {
+		torture_warning(sctx->tctx,
+		                "Search on RootDSE failed in search_entry handler: %s",
+		                ldb_errstring(sctx->ldb));
+		return LDB_SUCCESS;
+	}
+
+	torture_assert_res(sctx->tctx, ldb_res->count == 1, "One message expected here", LDB_ERR_OPERATIONS_ERROR);
+
+	ldb_msg = ldb_res->msgs[0];
+	torture_assert_res(sctx->tctx, ldb_msg->num_elements == (ARRAY_SIZE(attrs)-1),
+			   "Search returned different number of elts than requested", LDB_ERR_OPERATIONS_ERROR);
+	for (i = 0; i < ldb_msg->num_elements; i++) {
+		const char *msg;
+		struct ldb_message_element *elt1;
+		struct ldb_message_element *elt2;
+
+		elt2 = &ldb_msg->elements[i];
+		msg = talloc_asprintf(sctx, "Processing element: %s", elt2->name);
+		elt1 = ldb_msg_find_element(sctx->ldb_res->msgs[0], elt2->name);
+		torture_assert_res(sctx->tctx, elt1, msg, LDB_ERR_OPERATIONS_ERROR);
+
+		/* compare elements */
+		torture_assert_res(sctx->tctx, elt2->flags == elt1->flags, "", LDB_ERR_OPERATIONS_ERROR);
+		torture_assert_res(sctx->tctx, elt2->num_values == elt1->num_values, "", LDB_ERR_OPERATIONS_ERROR);
+	}
+	/* TODO: check returned result */
+
+	return LDB_SUCCESS;
+}
+
+/**
+ * Test nested search execution against RootDSE
+ * on remote LDAP server.
+ */
+bool test_ldap_nested_search(struct torture_context *tctx)
+{
+	int ret;
+	char *url;
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	struct ldb_request *req;
+	struct nested_search_context *sctx;
+	static const char *attrs[] = {
+/*
+		"rootDomainNamingContext",
+		"configurationNamingContext",
+		"schemaNamingContext",
+		"defaultNamingContext",
+*/
+		"*",
+		NULL
+	};
+
+	sctx = talloc_zero(tctx, struct nested_search_context);
+	torture_assert(tctx, sctx, "Not enough memory");
+	sctx->tctx = tctx;
+
+	url = talloc_asprintf(sctx, "ldap://%s/", host);
+	if (!url) {
+		torture_assert(tctx, url, "Not enough memory");
+	}
+
+	torture_comment(tctx, "Connecting to: %s\n", url);
+	sctx->ldb = ldb_wrap_connect(sctx, tctx->ev, tctx->lp_ctx, url,
+	                             NULL,
+	                             samba_cmdline_get_creds(),
+	                             0);
+	torture_assert(tctx, sctx->ldb, "Failed to create ldb connection");
+
+	/* prepare context for searching */
+	sctx->root_dn = ldb_dn_new(sctx, sctx->ldb, NULL);
+	sctx->ldb_res = talloc_zero(sctx, struct ldb_result);
+
+	/* build search request */
+	ret = ldb_build_search_req(&req,
+	                           sctx->ldb,
+	                           sctx,
+	                           sctx->root_dn, LDB_SCOPE_BASE,
+	                           "(objectClass=*)", attrs, NULL,
+	                           sctx, nested_search_callback,
+	                           NULL);
+	if (ret != LDB_SUCCESS) {
+		torture_result(tctx, TORTURE_FAIL,
+		               __location__ ": Allocating request failed: %s", ldb_errstring(sctx->ldb));
+		return false;
+	}
+
+	ret = ldb_request(sctx->ldb, req);
+	if (ret != LDB_SUCCESS) {
+		torture_result(tctx, TORTURE_FAIL,
+		               __location__ ": Search failed: %s", ldb_errstring(sctx->ldb));
+		return false;
+	}
+
+	ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+	if (ret != LDB_SUCCESS) {
+		torture_result(tctx, TORTURE_FAIL,
+		               __location__ ": Search error: %s", ldb_errstring(sctx->ldb));
+		return false;
+	}
+
+	/* TODO: check returned result */
+
+	talloc_free(sctx);
+	return true;
+}
+
diff --git a/source4/torture/ldap/netlogon.c b/source4/torture/ldap/netlogon.c
new file mode 100644
index 0000000..0bddb3e
--- /dev/null
+++ b/source4/torture/ldap/netlogon.c
@@ -0,0 +1,668 @@
+/* 
+   Unix SMB/CIFS Implementation.
+
+   test CLDAP/LDAP netlogon operations
+   
+   Copyright (C) Andrew Tridgell 2005
+   Copyright (C) Matthias Dieter Wallnöfer 2009
+    
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+   
+*/
+
+#include "includes.h"
+#include "libcli/cldap/cldap.h"
+#include "libcli/ldap/ldap_client.h"
+#include "libcli/ldap/ldap_ndr.h"
+#include "libcli/resolve/resolve.h"
+#include "librpc/gen_ndr/netlogon.h"
+#include "param/param.h"
+#include "../lib/tsocket/tsocket.h"
+
+#include "torture/torture.h"
+#include "torture/ldap/proto.h"
+
+#undef strcasecmp
+
+#define CHECK_STATUS(status, correct) torture_assert_ntstatus_equal(tctx, status, correct, "incorrect status")
+
+#define CHECK_VAL(v, correct) torture_assert_int_equal(tctx, (v), (correct), "incorrect value");
+
+#define CHECK_STRING(v, correct) torture_assert_str_equal(tctx, v, correct, "incorrect value");
+
+typedef NTSTATUS (*request_netlogon_t)(void *con,
+				       TALLOC_CTX *mem_ctx,
+				       struct cldap_netlogon *io);
+
+typedef NTSTATUS (*request_rootdse_t)(void *con,
+				     TALLOC_CTX *mem_ctx,
+				     struct cldap_search *io);
+
+/*
+  test netlogon operations
+*/
+static bool test_ldap_netlogon(struct torture_context *tctx,
+			       request_netlogon_t request_netlogon,
+			       void *cldap,
+			       const char *dest)
+{
+	NTSTATUS status;
+	struct cldap_netlogon search, empty_search;
+	struct netlogon_samlogon_response n1;
+	struct GUID guid;
+	int i;
+
+	ZERO_STRUCT(search);
+	search.in.dest_address = NULL;
+	search.in.dest_port = 0;
+	search.in.acct_control = -1;
+	search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
+	search.in.map_response = true;
+
+	empty_search = search;
+
+	printf("Trying without any attributes\n");
+	search = empty_search;
+	status = request_netlogon(cldap, tctx, &search);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	n1 = search.out.netlogon;
+
+	search.in.user         = "Administrator";
+	search.in.realm        = n1.data.nt5_ex.dns_domain;
+	search.in.host         = "__cldap_torture__";
+
+	printf("Scanning for netlogon levels\n");
+	for (i=0;i<256;i++) {
+		search.in.version = i;
+		printf("Trying netlogon level %d\n", i);
+		status = request_netlogon(cldap, tctx, &search);
+		CHECK_STATUS(status, NT_STATUS_OK);
+	}
+
+	printf("Scanning for netlogon level bits\n");
+	for (i=0;i<31;i++) {
+		search.in.version = (1<<i);
+		printf("Trying netlogon level 0x%x\n", i);
+		status = request_netlogon(cldap, tctx, &search);
+		CHECK_STATUS(status, NT_STATUS_OK);
+	}
+
+	search.in.version = NETLOGON_NT_VERSION_5|NETLOGON_NT_VERSION_5EX|NETLOGON_NT_VERSION_IP;
+	status = request_netlogon(cldap, tctx, &search);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	printf("Trying with User=NULL\n");
+	search.in.user = NULL;
+	status = request_netlogon(cldap, tctx, &search);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
+	torture_assert(tctx,
+		       strstr(search.out.netlogon.data.nt5_ex.pdc_name, "\\\\") == NULL,
+		       "PDC name should not be in UNC form");
+
+	printf("Trying with User=Administrator\n");
+	search.in.user = "Administrator";
+	status = request_netlogon(cldap, tctx, &search);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
+	torture_assert(tctx,
+		       strstr(search.out.netlogon.data.nt5_ex.pdc_name, "\\\\") == NULL,
+		       "PDC name should not be in UNC form");
+
+	search.in.version = NETLOGON_NT_VERSION_5;
+	status = request_netlogon(cldap, tctx, &search);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	printf("Trying with User=NULL\n");
+	search.in.user = NULL;
+	status = request_netlogon(cldap, tctx, &search);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
+	torture_assert(tctx,
+		       strstr(search.out.netlogon.data.nt5_ex.pdc_name, "\\\\") != NULL,
+		       "PDC name should be in UNC form");
+
+	printf("Trying with User=Administrator\n");
+	search.in.user = "Administrator";
+	status = request_netlogon(cldap, tctx, &search);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
+	torture_assert(tctx,
+		       strstr(search.out.netlogon.data.nt5_ex.pdc_name, "\\\\") != NULL,
+		       "PDC name should be in UNC form");
+
+	search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
+
+	printf("Trying with a GUID\n");
+	search.in.realm       = NULL;
+	search.in.domain_guid = GUID_string(tctx, &n1.data.nt5_ex.domain_uuid);
+	status = request_netlogon(cldap, tctx, &search);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
+	CHECK_STRING(GUID_string(tctx, &search.out.netlogon.data.nt5_ex.domain_uuid), search.in.domain_guid);
+	torture_assert(tctx,
+		       strstr(search.out.netlogon.data.nt5_ex.pdc_name, "\\\\") == NULL,
+		       "PDC name should not be in UNC form");
+
+	printf("Trying with a incorrect GUID\n");
+	guid = GUID_random();
+	search.in.user        = NULL;
+	search.in.domain_guid = GUID_string(tctx, &guid);
+	status = request_netlogon(cldap, tctx, &search);
+	CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
+
+	printf("Trying with a AAC\n");
+	search.in.acct_control = ACB_WSTRUST|ACB_SVRTRUST;
+	search.in.realm = n1.data.nt5_ex.dns_domain;
+	status = request_netlogon(cldap, tctx, &search);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
+
+	printf("Trying with a zero AAC\n");
+	search.in.acct_control = 0x0;
+	search.in.realm = n1.data.nt5_ex.dns_domain;
+	status = request_netlogon(cldap, tctx, &search);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
+
+	printf("Trying with a zero AAC and user=Administrator\n");
+	search.in.acct_control = 0x0;
+	search.in.user = "Administrator";
+	search.in.realm = n1.data.nt5_ex.dns_domain;
+	status = request_netlogon(cldap, tctx, &search);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "Administrator");
+
+	printf("Trying with a bad AAC\n");
+	search.in.user = NULL;
+	search.in.acct_control = 0xFF00FF00;
+	search.in.realm = n1.data.nt5_ex.dns_domain;
+	status = request_netlogon(cldap, tctx, &search);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
+
+	printf("Trying with a user only\n");
+	search = empty_search;
+	search.in.user = "Administrator";
+	status = request_netlogon(cldap, tctx, &search);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
+
+	printf("Trying with just a bad username\n");
+	search.in.user = "___no_such_user___";
+	status = request_netlogon(cldap, tctx, &search);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
+
+	printf("Trying with just a bad domain\n");
+	search = empty_search;
+	search.in.realm = "___no_such_domain___";
+	status = request_netlogon(cldap, tctx, &search);
+	CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
+
+	printf("Trying with a incorrect domain and correct guid\n");
+	search.in.domain_guid = GUID_string(tctx, &n1.data.nt5_ex.domain_uuid);
+	status = request_netlogon(cldap, tctx, &search);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
+
+	printf("Trying with a incorrect domain and incorrect guid\n");
+	search.in.domain_guid = GUID_string(tctx, &guid);
+	status = request_netlogon(cldap, tctx, &search);
+	CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
+	CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
+
+	printf("Trying with a incorrect GUID and correct domain\n");
+	search.in.domain_guid = GUID_string(tctx, &guid);
+	search.in.realm = n1.data.nt5_ex.dns_domain;
+	status = request_netlogon(cldap, tctx, &search);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
+
+	printf("Proof other results\n");
+	search.in.user = "Administrator";
+	status = request_netlogon(cldap, tctx, &search);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
+	CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
+
+	return true;
+}
+
+/*
+  test cldap netlogon server type flags
+*/
+static bool test_ldap_netlogon_flags(struct torture_context *tctx,
+				     request_netlogon_t request_netlogon,
+				     void *cldap,
+				     const char *dest)
+{
+	NTSTATUS status;
+	struct cldap_netlogon search;
+	struct netlogon_samlogon_response n1;
+	uint32_t server_type = 0;
+
+	printf("Printing out netlogon server type flags: %s\n", dest);
+
+	ZERO_STRUCT(search);
+	search.in.dest_address = NULL;
+	search.in.dest_port = 0;
+	search.in.acct_control = -1;
+	search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
+	search.in.map_response = true;
+
+	status = request_netlogon(cldap, tctx, &search);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	n1 = search.out.netlogon;
+	if (n1.ntver == NETLOGON_NT_VERSION_5)
+		server_type = n1.data.nt5.server_type;
+	else if (n1.ntver == NETLOGON_NT_VERSION_5EX)
+		server_type = n1.data.nt5_ex.server_type;	
+
+	printf("The word is: %i\n", server_type);
+	if (server_type & NBT_SERVER_PDC)
+		printf("NBT_SERVER_PDC ");
+	if (server_type & NBT_SERVER_GC)
+		printf("NBT_SERVER_GC ");
+	if (server_type & NBT_SERVER_LDAP)
+		printf("NBT_SERVER_LDAP ");
+	if (server_type & NBT_SERVER_DS)
+		printf("NBT_SERVER_DS ");
+	if (server_type & NBT_SERVER_KDC)
+		printf("NBT_SERVER_KDC ");
+	if (server_type & NBT_SERVER_TIMESERV)
+		printf("NBT_SERVER_TIMESERV ");
+	if (server_type & NBT_SERVER_CLOSEST)
+		printf("NBT_SERVER_CLOSEST ");
+	if (server_type & NBT_SERVER_WRITABLE)
+		printf("NBT_SERVER_WRITABLE ");
+	if (server_type & NBT_SERVER_GOOD_TIMESERV)
+		printf("NBT_SERVER_GOOD_TIMESERV ");
+	if (server_type & NBT_SERVER_NDNC)
+		printf("NBT_SERVER_NDNC ");
+	if (server_type & NBT_SERVER_SELECT_SECRET_DOMAIN_6)
+		printf("NBT_SERVER_SELECT_SECRET_DOMAIN_6");
+	if (server_type & NBT_SERVER_FULL_SECRET_DOMAIN_6)
+		printf("NBT_SERVER_FULL_SECRET_DOMAIN_6");
+	if (server_type & NBT_SERVER_ADS_WEB_SERVICE)
+		printf("NBT_SERVER_ADS_WEB_SERVICE ");
+	if (server_type & NBT_SERVER_DS_8)
+		printf("NBT_SERVER_DS_8 ");
+	if (server_type & NBT_SERVER_DS_9)
+		printf("NBT_SERVER_DS_9 ");
+	if (server_type & NBT_SERVER_DS_10)
+		printf("NBT_SERVER_DS_10 ");
+	if (server_type & NBT_SERVER_HAS_DNS_NAME)
+		printf("NBT_SERVER_HAS_DNS_NAME ");
+	if (server_type & NBT_SERVER_IS_DEFAULT_NC)
+		printf("NBT_SERVER_IS_DEFAULT_NC ");
+	if (server_type & NBT_SERVER_FOREST_ROOT)
+		printf("NBT_SERVER_FOREST_ROOT ");
+
+	printf("\n");
+
+	return true;
+}
+
+static NTSTATUS tcp_ldap_rootdse(void *data,
+				 TALLOC_CTX *mem_ctx,
+				 struct cldap_search *io)
+{
+	struct ldap_connection *conn = talloc_get_type(data,
+						       struct ldap_connection);
+	struct ldap_message *msg, *result;
+	struct ldap_request *req;
+	int i;
+	NTSTATUS status;
+
+	msg = new_ldap_message(mem_ctx);
+	if (!msg) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	msg->type = LDAP_TAG_SearchRequest;
+	msg->r.SearchRequest.basedn = "";
+	msg->r.SearchRequest.scope = LDAP_SEARCH_SCOPE_BASE;
+	msg->r.SearchRequest.deref = LDAP_DEREFERENCE_NEVER;
+	msg->r.SearchRequest.timelimit = 0;
+	msg->r.SearchRequest.sizelimit = 0;
+	msg->r.SearchRequest.attributesonly = false;
+	msg->r.SearchRequest.tree = ldb_parse_tree(msg, io->in.filter);
+	msg->r.SearchRequest.num_attributes = str_list_length(io->in.attributes);
+	msg->r.SearchRequest.attributes = io->in.attributes;
+
+	req = ldap_request_send(conn, msg);
+	if (req == NULL) {
+		printf("Could not setup ldap search\n");
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	ZERO_STRUCT(io->out);
+	for (i = 0; i < 2; ++i) {
+		status = ldap_result_n(req, i, &result);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+		switch (result->type) {
+		case LDAP_TAG_SearchResultEntry:
+			if (i != 0) {
+				return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
+			}
+			io->out.response = &result->r.SearchResultEntry;
+			break;
+		case LDAP_TAG_SearchResultDone:
+			io->out.result = &result->r.SearchResultDone;
+			if (io->out.result->resultcode != LDAP_SUCCESS) {
+				return NT_STATUS_LDAP(io->out.result->resultcode);
+			}
+
+			return NT_STATUS_OK;
+		default:
+			return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
+		}
+	}
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS tcp_ldap_netlogon(void *conn,
+				  TALLOC_CTX *mem_ctx,
+				  struct cldap_netlogon *io)
+{
+	struct cldap_search search;
+	struct ldap_SearchResEntry *res;
+	NTSTATUS status;
+	DATA_BLOB *blob;
+
+	ZERO_STRUCT(search);
+	search.in.attributes = (const char *[]) { "netlogon", NULL };
+	search.in.filter =  cldap_netlogon_create_filter(mem_ctx, io);
+	if (search.in.filter == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	status = tcp_ldap_rootdse(conn, mem_ctx, &search);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	res = search.out.response;
+	if (res == NULL) {
+		return NT_STATUS_NOT_FOUND;
+	}
+
+	if (res->num_attributes != 1 ||
+	    strcasecmp(res->attributes[0].name, "netlogon") != 0 ||
+	    res->attributes[0].num_values != 1 ||
+	    res->attributes[0].values->length < 2) {
+		return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
+	}
+
+	blob = res->attributes[0].values;
+	status = pull_netlogon_samlogon_response(blob, mem_ctx,
+						 &io->out.netlogon);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (io->in.map_response) {
+		map_netlogon_samlogon_response(&io->out.netlogon);
+	}
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS udp_ldap_rootdse(void *data, TALLOC_CTX *mem_ctx,
+				 struct cldap_search *io)
+{
+	struct cldap_socket *cldap = talloc_get_type(data,
+						     struct cldap_socket);
+
+	return cldap_search(cldap, mem_ctx, io);
+}
+
+static bool test_netlogon_extra_attrs(struct torture_context *tctx,
+				      request_rootdse_t request_rootdse,
+				      void *conn)
+{
+	struct cldap_search io;
+	NTSTATUS status;
+	const char *attrs[] = {
+		"netlogon",
+		"supportedCapabilities",
+		NULL
+	};
+	const char *attrs2[] = { "netlogon", "*", NULL };
+	struct ldb_message ldbmsg = { NULL, 0, NULL };
+
+	ZERO_STRUCT(io);
+	io.in.dest_address = NULL;
+	io.in.dest_port = 0;
+	io.in.timeout   = 2;
+	io.in.retries   = 2;
+	/* Additional attributes may be requested next to netlogon */
+	torture_comment(tctx, "Requesting netlogon with additional attribute\n");
+	io.in.filter =
+		talloc_asprintf(tctx, "(&"
+				"(NtVer=%s)(AAC=%s)"
+				/* Query for LDAP_CAP_ACTIVE_DIRECTORY_OID */
+				"(supportedCapabilities=1.2.840.113556.1.4.800)"
+				")",
+				ldap_encode_ndr_uint32(tctx,
+						       NETLOGON_NT_VERSION_5EX),
+				ldap_encode_ndr_uint32(tctx, 0));
+	torture_assert(tctx, io.in.filter != NULL, "OOM");
+	io.in.attributes = attrs;
+	status = request_rootdse(conn, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	torture_assert(tctx, io.out.response != NULL, "No Entries found.");
+	CHECK_VAL(io.out.response->num_attributes, 2);
+
+	/* netlogon + '*' attr return zero results */
+	torture_comment(tctx, "Requesting netlogon and '*' attributes\n");
+	io.in.attributes = attrs2;
+	status = request_rootdse(conn, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	torture_assert(tctx, io.out.response != NULL, "No Entries found.");
+	ldbmsg.num_elements = io.out.response->num_attributes;
+	ldbmsg.elements = io.out.response->attributes;
+	torture_assert(tctx, ldb_msg_find_element(&ldbmsg, "netlogon") != NULL,
+		       "Attribute netlogon not found in Result Entry\n");
+
+	/* Wildcards are not allowed in filters when netlogon is requested. */
+	torture_comment(tctx, "Requesting netlogon with invalid attr filter\n");
+	io.in.filter =
+		talloc_asprintf(tctx,
+				"(&(NtVer=%s)(AAC=%s)(supportedCapabilities=*))",
+				ldap_encode_ndr_uint32(tctx,
+						       NETLOGON_NT_VERSION_5EX),
+				ldap_encode_ndr_uint32(tctx, 0));
+	torture_assert(tctx, io.in.filter != NULL, "OOM");
+	io.in.attributes = attrs;
+	status = request_rootdse(conn, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	torture_assert(tctx, io.out.response == NULL,
+		       "A wildcard filter should return no entries.");
+
+	return true;
+}
+
+/*
+  Bug #11392: Huawei Unified Storage System S5500 V3 sends no NtVer
+  [MS-ADTS] Section 7.3.3.2 "Domain Controller Response to an LDAP Ping"
+*/
+static bool test_netlogon_huawei(struct torture_context *tctx,
+				      request_rootdse_t request_rootdse,
+				      void *conn)
+{
+	struct cldap_search io;
+	struct netlogon_samlogon_response n1;
+	NTSTATUS status;
+	const char *attrs[] = {
+		"netlogon",
+		NULL
+	};
+	struct ldb_message ldbmsg = { NULL, 0, NULL };
+
+	ZERO_STRUCT(io);
+	io.in.dest_address = NULL;
+	io.in.dest_port = 0;
+	io.in.timeout   = 2;
+	io.in.retries   = 2;
+
+	torture_comment(tctx, "Requesting netlogon without NtVer filter\n");
+	io.in.filter = talloc_asprintf(tctx, "(&(DnsDomain=%s))",
+				lpcfg_dnsdomain(tctx->lp_ctx));
+	torture_assert(tctx, io.in.filter != NULL, "OOM");
+	io.in.attributes = attrs;
+	status = request_rootdse(conn, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	torture_assert(tctx, io.out.response != NULL, "No Entries found.");
+	CHECK_VAL(io.out.response->num_attributes, 1);
+
+	ldbmsg.num_elements = io.out.response->num_attributes;
+	ldbmsg.elements = io.out.response->attributes;
+	torture_assert(tctx, ldb_msg_find_element(&ldbmsg, "netlogon") != NULL,
+		       "Attribute netlogon not found in Result Entry\n");
+
+	status = pull_netlogon_samlogon_response(
+			io.out.response->attributes[0].values,
+			tctx,
+			&n1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(n1.ntver, NETLOGON_NT_VERSION_5);
+
+	return true;
+}
+
+bool torture_netlogon_tcp(struct torture_context *tctx)
+{
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	bool ret = true;
+	NTSTATUS status;
+	struct ldap_connection *conn;
+	TALLOC_CTX *mem_ctx;
+	const char *url;
+
+	mem_ctx = talloc_init("torture_ldap_netlogon");
+
+	url = talloc_asprintf(mem_ctx, "ldap://%s/", host);
+
+	status = torture_ldap_connection(tctx, &conn, url);
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+
+	ret &= test_ldap_netlogon(tctx, tcp_ldap_netlogon, conn, host);
+	ret &= test_ldap_netlogon_flags(tctx, tcp_ldap_netlogon, conn, host);
+	ret &= test_netlogon_extra_attrs(tctx, tcp_ldap_rootdse, conn);
+
+	return ret;
+}
+
+static NTSTATUS udp_ldap_netlogon(void *data,
+				  TALLOC_CTX *mem_ctx,
+				  struct cldap_netlogon *io)
+{
+	struct cldap_socket *cldap = talloc_get_type(data,
+						     struct cldap_socket);
+
+	return cldap_netlogon(cldap, mem_ctx, io);
+}
+
+bool torture_netlogon_udp(struct torture_context *tctx)
+{
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *ip;
+	struct nbt_name nbt_name;
+	bool ret = true;
+	int r;
+	struct cldap_socket *cldap;
+	NTSTATUS status;
+	struct tsocket_address *dest_addr;
+
+	make_nbt_name_server(&nbt_name, host);
+
+	status = resolve_name_ex(lpcfg_resolve_context(tctx->lp_ctx),
+				 0, 0, &nbt_name, tctx, &ip, tctx->ev);
+	torture_assert_ntstatus_ok(tctx, status,
+			talloc_asprintf(tctx,"Failed to resolve %s: %s",
+					nbt_name.name, nt_errstr(status)));
+
+	r = tsocket_address_inet_from_strings(tctx, "ip",
+					      ip,
+					      lpcfg_cldap_port(tctx->lp_ctx),
+					      &dest_addr);
+	CHECK_VAL(r, 0);
+
+	/* cldap_socket_init should now know about the dest. address */
+	status = cldap_socket_init(tctx, NULL, dest_addr, &cldap);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ret &= test_ldap_netlogon(tctx, udp_ldap_netlogon, cldap, host);
+	ret &= test_ldap_netlogon_flags(tctx, udp_ldap_netlogon, cldap, host);
+	ret &= test_netlogon_extra_attrs(tctx, udp_ldap_rootdse, cldap);
+	ret &= test_netlogon_huawei(tctx, udp_ldap_rootdse, cldap);
+
+	return ret;
+}
diff --git a/source4/torture/ldap/schema.c b/source4/torture/ldap/schema.c
new file mode 100644
index 0000000..06313bc
--- /dev/null
+++ b/source4/torture/ldap/schema.c
@@ -0,0 +1,408 @@
+/* 
+   Unix SMB/CIFS Implementation.
+   LDAP schema tests
+   
+   Copyright (C) Stefan Metzmacher 2006
+    
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+   
+*/
+
+#include "includes.h"
+#include "libcli/ldap/ldap_client.h"
+#include "lib/cmdline/cmdline.h"
+#include "ldb_wrap.h"
+#include "dsdb/samdb/samdb.h"
+#include "../lib/util/dlinklist.h"
+
+#include "torture/torture.h"
+#include "torture/ldap/proto.h"
+
+
+struct test_rootDSE {
+	const char *defaultdn;
+	const char *rootdn;
+	const char *configdn;
+	const char *schemadn;
+};
+
+struct test_schema_ctx {
+	struct ldb_context *ldb;
+
+	struct ldb_paged_control *ctrl;
+	uint32_t count;
+	bool pending;
+
+	int (*callback)(void *, struct ldb_context *ldb, struct ldb_message *);
+	void *private_data;
+};
+
+static bool test_search_rootDSE(struct ldb_context *ldb, struct test_rootDSE *root)
+{
+	int ret;
+	struct ldb_message *msg;
+	struct ldb_result *r;
+
+	d_printf("Testing RootDSE Search\n");
+
+	ret = ldb_search(ldb, ldb, &r, ldb_dn_new(ldb, ldb, NULL),
+			 LDB_SCOPE_BASE, NULL, NULL);
+	if (ret != LDB_SUCCESS) {
+		return false;
+	} else if (r->count != 1) {
+		talloc_free(r);
+		return false;
+	}
+
+	msg = r->msgs[0];
+
+	root->defaultdn	= ldb_msg_find_attr_as_string(msg, "defaultNamingContext", NULL);
+	talloc_steal(ldb, root->defaultdn);
+	root->rootdn	= ldb_msg_find_attr_as_string(msg, "rootDomainNamingContext", NULL);
+	talloc_steal(ldb, root->rootdn);
+	root->configdn	= ldb_msg_find_attr_as_string(msg, "configurationNamingContext", NULL);
+	talloc_steal(ldb, root->configdn);
+	root->schemadn	= ldb_msg_find_attr_as_string(msg, "schemaNamingContext", NULL);
+	talloc_steal(ldb, root->schemadn);
+
+	talloc_free(r);
+
+	return true;
+}
+
+static int test_schema_search_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+	struct test_schema_ctx *actx;
+	int ret = LDB_SUCCESS;
+
+	actx = talloc_get_type(req->context, struct test_schema_ctx);
+
+	if (!ares) {
+		return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
+	}
+	if (ares->error != LDB_SUCCESS) {
+		return ldb_request_done(req, ares->error);
+	}
+
+	switch (ares->type) {
+	case LDB_REPLY_ENTRY:
+		actx->count++;
+		ret = actx->callback(actx->private_data, actx->ldb, ares->message);
+		break;
+
+	case LDB_REPLY_REFERRAL:
+		break;
+
+	case LDB_REPLY_DONE:
+		if (ares->controls) {
+			struct ldb_paged_control *ctrl = NULL;
+			int i;
+
+			for (i=0; ares->controls[i]; i++) {
+				if (strcmp(LDB_CONTROL_PAGED_RESULTS_OID, ares->controls[i]->oid) == 0) {
+					ctrl = talloc_get_type(ares->controls[i]->data, struct ldb_paged_control);
+					break;
+				}
+			}
+
+			if (!ctrl) break;
+
+			talloc_free(actx->ctrl->cookie);
+			actx->ctrl->cookie = talloc_steal(actx->ctrl->cookie, ctrl->cookie);
+			actx->ctrl->cookie_len = ctrl->cookie_len;
+
+			if (actx->ctrl->cookie_len > 0) {
+				actx->pending = true;
+			}
+		}
+		talloc_free(ares);
+		return ldb_request_done(req, LDB_SUCCESS);
+
+	default:
+		d_printf("%s: unknown Reply Type %u\n", __location__, ares->type);
+		return ldb_request_done(req, LDB_ERR_OTHER);
+	}
+
+	if (talloc_free(ares) == -1) {
+		d_printf("talloc_free failed\n");
+		actx->pending = 0;
+		return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
+	}
+
+	if (ret) {
+		return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR);
+	}
+
+	return LDB_SUCCESS;
+}
+
+static bool test_create_schema_type(struct ldb_context *ldb, struct test_rootDSE *root,
+				    const char *filter,
+				    int (*callback)(void *, struct ldb_context *ldb, struct ldb_message *),
+				    void *private_data)
+{
+	struct ldb_control **ctrl;
+	struct ldb_paged_control *control;
+	struct ldb_request *req;
+	int ret;
+	struct test_schema_ctx *actx;
+
+	actx = talloc(ldb, struct test_schema_ctx);
+	actx->ldb = ldb;
+	actx->private_data = private_data;
+	actx->callback= callback;
+
+	ctrl = talloc_array(actx, struct ldb_control *, 2);
+	ctrl[0] = talloc(ctrl, struct ldb_control);
+	ctrl[0]->oid = LDB_CONTROL_PAGED_RESULTS_OID;
+	ctrl[0]->critical = true;
+	control = talloc(ctrl[0], struct ldb_paged_control);
+	control->size = 1000;
+	control->cookie = NULL;
+	control->cookie_len = 0;
+	ctrl[0]->data = control;
+	ctrl[1] = NULL;
+
+	ret = ldb_build_search_req(&req, ldb, actx,
+				   ldb_dn_new(actx, ldb, root->schemadn),
+				   LDB_SCOPE_SUBTREE,
+				   filter, NULL,
+				   ctrl,
+				   actx, test_schema_search_callback,
+				   NULL);
+
+	actx->ctrl = control;
+	actx->count = 0;
+again:
+	actx->pending		= false;
+
+	ret = ldb_request(ldb, req);
+	if (ret != LDB_SUCCESS) {
+		d_printf("search failed - %s\n", ldb_errstring(ldb));
+		talloc_free(actx);
+		return false;
+	}
+
+	ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+       	if (ret != LDB_SUCCESS) {
+		d_printf("search error - %s\n", ldb_errstring(ldb));
+		talloc_free(actx);
+		return false;
+	}
+
+	if (actx->pending)
+		goto again;
+
+	d_printf("filter[%s] count[%u]\n", filter, actx->count);
+	talloc_free(actx);
+	return true;
+}
+
+static int test_add_attribute(void *ptr, struct ldb_context *ldb, struct ldb_message *msg)
+{
+	struct dsdb_schema *schema = talloc_get_type(ptr, struct dsdb_schema);
+	WERROR status;
+
+	status = dsdb_set_attribute_from_ldb(ldb, schema, msg);
+	if (!W_ERROR_IS_OK(status)) {
+		goto failed;
+	}
+
+	return LDB_SUCCESS;
+failed:
+	return LDB_ERR_OTHER;
+}
+
+static int test_add_class(void *ptr, struct ldb_context *ldb, struct ldb_message *msg)
+{
+	struct dsdb_schema *schema = talloc_get_type(ptr, struct dsdb_schema);
+	WERROR status;
+
+	status = dsdb_set_class_from_ldb(schema, msg);
+	if (!W_ERROR_IS_OK(status)) {
+		goto failed;
+	}
+
+	return LDB_SUCCESS;
+failed:
+	return LDB_ERR_OTHER;
+}
+
+static bool test_create_schema(struct ldb_context *ldb, struct test_rootDSE *root, struct dsdb_schema **_schema)
+{
+	bool ret = true;
+	struct dsdb_schema *schema;
+
+	schema = talloc_zero(ldb, struct dsdb_schema);
+
+	d_printf("Fetching attributes...\n");
+	ret &= test_create_schema_type(ldb, root, "(objectClass=attributeSchema)",
+				       test_add_attribute, schema);
+	d_printf("Fetching objectClasses...\n");
+	ret &= test_create_schema_type(ldb, root, "(objectClass=classSchema)",
+				       test_add_class, schema);
+
+	if (ret == true) {
+		*_schema = schema;
+	}
+	return ret;
+}
+
+static bool test_dump_not_replicated(struct ldb_context *ldb, struct test_rootDSE *root, struct dsdb_schema *schema)
+{
+	struct dsdb_attribute *a;
+	uint32_t a_i = 1;
+
+	d_printf("Dumping not replicated attributes\n");
+
+	for (a=schema->attributes; a; a = a->next) {
+		if (!(a->systemFlags & 0x00000001)) continue;
+		d_printf("attr[%4u]: '%s'\n", a_i++,
+			 a->lDAPDisplayName);
+	}
+
+	return true;
+}
+
+static bool test_dump_partial(struct ldb_context *ldb, struct test_rootDSE *root, struct dsdb_schema *schema)
+{
+	struct dsdb_attribute *a;
+	uint32_t a_i = 1;
+
+	d_printf("Dumping attributes which are provided by the global catalog\n");
+
+	for (a=schema->attributes; a; a = a->next) {
+		if (!(a->systemFlags & 0x00000002) && !a->isMemberOfPartialAttributeSet) continue;
+		d_printf("attr[%4u]:  %u %u '%s'\n", a_i++,
+			 a->systemFlags & 0x00000002, a->isMemberOfPartialAttributeSet,
+			 a->lDAPDisplayName);
+	}
+
+	return true;
+}
+
+static bool test_dump_contructed(struct ldb_context *ldb, struct test_rootDSE *root, struct dsdb_schema *schema)
+{
+	struct dsdb_attribute *a;
+	uint32_t a_i = 1;
+
+	d_printf("Dumping constructed attributes\n");
+
+	for (a=schema->attributes; a; a = a->next) {
+		if (!(a->systemFlags & 0x00000004)) continue;
+		d_printf("attr[%4u]: '%s'\n", a_i++,
+			 a->lDAPDisplayName);
+	}
+
+	return true;
+}
+
+static bool test_dump_sorted_syntax(struct ldb_context *ldb, struct test_rootDSE *root, struct dsdb_schema *schema)
+{
+	struct dsdb_attribute *a;
+	uint32_t a_i = 1;
+	uint32_t i;
+	const char *syntaxes[] = {
+		"2.5.5.0",
+		"2.5.5.1",
+		"2.5.5.2",
+		"2.5.5.3",
+		"2.5.5.4",
+		"2.5.5.5",
+		"2.5.5.6",
+		"2.5.5.7",
+		"2.5.5.8",
+		"2.5.5.9",
+		"2.5.5.10",
+		"2.5.5.11",
+		"2.5.5.12",
+		"2.5.5.13",
+		"2.5.5.14",
+		"2.5.5.15",
+		"2.5.5.16",
+		"2.5.5.17"
+	};
+
+	d_printf("Dumping attribute syntaxes\n");
+
+	for (i=0; i < ARRAY_SIZE(syntaxes); i++) {
+		for (a=schema->attributes; a; a = a->next) {
+			char *om_hex;
+
+			if (strcmp(syntaxes[i], a->attributeSyntax_oid) != 0) continue;
+
+			om_hex = data_blob_hex_string_upper(ldb, &a->oMObjectClass);
+			if (!om_hex) {
+				return false;
+			}
+
+			d_printf("attr[%4u]: %s %u '%s' '%s'\n", a_i++,
+				 a->attributeSyntax_oid, a->oMSyntax,
+				 om_hex, a->lDAPDisplayName);
+			talloc_free(om_hex);
+		}
+	}
+
+	return true;
+}
+
+static bool test_dump_not_in_filtered_replica(struct ldb_context *ldb, struct test_rootDSE *root, struct dsdb_schema *schema)
+{
+	struct dsdb_attribute *a;
+	uint32_t a_i = 1;
+
+	d_printf("Dumping attributes not in filtered replica\n");
+
+	for (a=schema->attributes; a; a = a->next) {
+		if (!dsdb_attribute_is_attr_in_filtered_replica(a)) {
+			d_printf("attr[%4u]: '%s'\n", a_i++,
+				 a->lDAPDisplayName);
+		}
+	}
+	return true;
+}
+
+bool torture_ldap_schema(struct torture_context *torture)
+{
+	struct ldb_context *ldb;
+	bool ret = true;
+	const char *host = torture_setting_string(torture, "host", NULL);
+	char *url;
+	struct test_rootDSE rootDSE;
+	struct dsdb_schema *schema = NULL;
+
+	ZERO_STRUCT(rootDSE);
+
+	url = talloc_asprintf(torture, "ldap://%s/", host);
+
+	ldb = ldb_wrap_connect(torture, torture->ev, torture->lp_ctx, url,
+			       NULL,
+			       samba_cmdline_get_creds(),
+			       0);
+	if (!ldb) goto failed;
+
+	ret &= test_search_rootDSE(ldb, &rootDSE);
+	if (!ret) goto failed;
+	ret &= test_create_schema(ldb, &rootDSE, &schema);
+	if (!ret) goto failed;
+
+	ret &= test_dump_not_replicated(ldb, &rootDSE, schema);
+	ret &= test_dump_partial(ldb, &rootDSE, schema);
+	ret &= test_dump_contructed(ldb, &rootDSE, schema);
+	ret &= test_dump_sorted_syntax(ldb, &rootDSE, schema);
+	ret &= test_dump_not_in_filtered_replica(ldb, &rootDSE, schema);
+
+failed:
+	return ret;
+}
diff --git a/source4/torture/ldap/session_expiry.c b/source4/torture/ldap/session_expiry.c
new file mode 100644
index 0000000..e910662
--- /dev/null
+++ b/source4/torture/ldap/session_expiry.c
@@ -0,0 +1,122 @@
+/*
+ * Unix SMB/CIFS implementation.
+ *
+ * Test LDB attribute functions
+ *
+ * Copyright (C) Andrew Bartlet <abartlet@samba.org> 2008-2009
+ * Copyright (C) Matthieu Patou <mat@matws.net> 2009
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.	If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include <ldb.h>
+#include <ldb_errors.h>
+#include "ldb_wrap.h"
+#include "param/param.h"
+#include "lib/cmdline/cmdline.h"
+#include "auth/credentials/credentials.h"
+#include "libcli/ldap/ldap_client.h"
+#include "torture/smbtorture.h"
+#include "torture/ldap/proto.h"
+
+bool torture_ldap_session_expiry(struct torture_context *torture)
+{
+	const char *host = torture_setting_string(torture, "host", NULL);
+	struct cli_credentials *credentials = samba_cmdline_get_creds();
+	struct ldb_context *ldb = NULL;
+	const char *url = NULL;
+	bool ret = false;
+	bool ok;
+	struct ldb_dn *rootdn = NULL;
+	struct ldb_result *result = NULL;
+	int rc = LDB_SUCCESS;
+
+	/*
+	 * Further down we request a ticket lifetime of 4
+	 * seconds. Give the server 10 seconds for this to kick in
+	 */
+	const struct timeval endtime = timeval_current_ofs(10, 0);
+
+	url = talloc_asprintf(torture, "ldap://%s/", host);
+	torture_assert_goto(
+		torture, url!=NULL, ret, fail, "talloc_asprintf failed");
+
+	cli_credentials_set_kerberos_state(credentials,
+					   CRED_USE_KERBEROS_REQUIRED,
+					   CRED_SPECIFIED);
+
+	ok = lpcfg_set_option(
+		torture->lp_ctx, "gensec_gssapi:requested_life_time=4");
+	torture_assert_goto(
+		torture, ok, ret, fail, "lpcfg_set_option failed");
+
+	ldb = ldb_wrap_connect(
+		torture,
+		torture->ev,
+		torture->lp_ctx,
+		url,
+		NULL,
+		credentials,
+		0);
+	torture_assert_goto(
+		torture, ldb!=NULL, ret, fail, "ldb_wrap_connect failed");
+
+	rootdn = ldb_dn_new(ldb, ldb, NULL);
+	torture_assert_goto(
+		torture, rootdn!=NULL, ret, fail, "ldb_dn_new failed");
+
+	rc = ldb_search(
+		ldb,		    /* ldb */
+		ldb,		    /* mem_ctx */
+		&result,	    /* result */
+		rootdn,		    /* base */
+		LDB_SCOPE_BASE,	    /* scope */
+		NULL,		    /* attrs */
+		"(objectclass=*)"); /* exp_fmt */
+	torture_assert_goto(
+		torture, rc==LDB_SUCCESS, ret, fail, "1st ldb_search failed");
+
+	do {
+		smb_msleep(1000);
+
+		rc = ldb_search(
+			ldb,		/* ldb */
+			ldb,		/* mem_ctx */
+			&result,	/* result */
+			rootdn,		/* base */
+			LDB_SCOPE_BASE, /* scope */
+			NULL,		/* attrs */
+			"(objectclass=*)"); /* exp_fmt */
+		printf("ldb_search returned %s\n", ldb_strerror(rc));
+		TALLOC_FREE(result);
+
+		if (rc != LDB_SUCCESS) {
+			break;
+		}
+	} while (!timeval_expired(&endtime));
+
+	torture_assert_goto(
+		torture,
+		rc==LDB_ERR_PROTOCOL_ERROR,
+		ret,
+		fail,
+		"expected LDB_ERR_PROTOCOL_ERROR after 4 seconds");
+
+	ret = true;
+fail:
+	TALLOC_FREE(ldb);
+	return ret;
+}
diff --git a/source4/torture/ldap/uptodatevector.c b/source4/torture/ldap/uptodatevector.c
new file mode 100644
index 0000000..01c85ab
--- /dev/null
+++ b/source4/torture/ldap/uptodatevector.c
@@ -0,0 +1,173 @@
+/* 
+   Unix SMB/CIFS Implementation.
+   LDAP replUpToDateVector tests
+   
+   Copyright (C) Stefan Metzmacher 2007
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+   
+*/
+
+#include "includes.h"
+#include "libcli/ldap/ldap_client.h"
+#include "lib/cmdline/cmdline.h"
+#include "ldb_wrap.h"
+#include "dsdb/samdb/samdb.h"
+
+#include "torture/torture.h"
+#include "torture/ldap/proto.h"
+
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+
+#include "param/param.h"
+
+static bool test_check_uptodatevector(struct torture_context *torture,
+				      struct ldb_context *ldb,
+				      struct ldb_dn *partition_dn)
+{
+	bool ok = true;
+	uint32_t i;
+	int ret;
+	enum ndr_err_code ndr_err;
+	struct ldb_result *r;
+	const struct ldb_val *utdv_val1;
+	struct replUpToDateVectorBlob utdv1;
+	static const char *attrs[] = {
+		"uSNChanged",
+		"replUpToDateVector",
+		"description",
+		NULL
+	};
+
+	torture_comment(torture, "Check replUpToDateVector on partition[%s]\n",
+				 ldb_dn_get_linearized(partition_dn));
+
+	ret = ldb_search(ldb, torture, &r, partition_dn, LDB_SCOPE_BASE, attrs,
+			 "(objectClass=*)");
+	if (ret != LDB_SUCCESS) {
+		return false;
+	} else if (r->count != 1) {
+		talloc_free(r);
+		return false;
+	}
+
+	ZERO_STRUCT(utdv1);
+	utdv_val1 = ldb_msg_find_ldb_val(r->msgs[0], "replUpToDateVector");
+	if (utdv_val1) {
+		ndr_err = ndr_pull_struct_blob_all(utdv_val1, torture, 
+						   &utdv1,
+						   (ndr_pull_flags_fn_t)ndr_pull_replUpToDateVectorBlob);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			return false;
+		}
+	}
+
+	for (i=0; i < 2; i++) {
+		const struct ldb_val *utdv_val;
+		struct replUpToDateVectorBlob utdv;
+		struct ldb_message *msg;
+		char *description;
+		uint32_t j;
+		bool no_match = false;
+
+		/* make a 'modify' msg, and only for serverReference */
+		msg = ldb_msg_new(torture);
+		if (!msg) return false;
+		msg->dn = partition_dn;
+
+		description = talloc_asprintf(msg, "torture replUpToDateVector[%u]", i);
+		if (!description) return false;
+
+		ret = ldb_msg_add_string(msg, "description", description);
+		if (ret != 0) return false;
+
+		for (j=0;j<msg->num_elements;j++) {
+			msg->elements[j].flags = LDB_FLAG_MOD_REPLACE;
+		}
+
+		ret = ldb_modify(ldb, msg);
+		if (ret != LDB_SUCCESS) return false;
+
+		ret = ldb_search(ldb, msg, &r, partition_dn, LDB_SCOPE_BASE,
+				 attrs, "(objectClass=*)");
+		if (ret != LDB_SUCCESS) {
+			return false;
+		} else if (r->count != 1) {
+			talloc_free(r);
+			return false;
+		}
+
+		ZERO_STRUCT(utdv);
+		utdv_val = ldb_msg_find_ldb_val(r->msgs[0], "replUpToDateVector");
+		if (utdv_val) {
+			ndr_err = ndr_pull_struct_blob_all(utdv_val, torture, 
+							   &utdv,
+							   (ndr_pull_flags_fn_t)ndr_pull_replUpToDateVectorBlob);
+			if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+				return false;
+			}
+		}
+
+		if (!utdv_val1 && utdv_val) {
+			no_match = true;
+		} else if (utdv_val1 && !utdv_val) {
+			no_match = true;
+		} else if (!utdv_val1 && !utdv_val) {
+		} else if (utdv_val1->length != utdv_val->length) {
+			no_match = true;
+		} else if (utdv_val1->length && memcmp(utdv_val1->data, utdv_val->data, utdv_val->length) != 0) {
+			no_match = true;
+		}
+
+		torture_comment(torture, "[%u]: uSNChanged[%llu] description[%s] replUpToDateVector[%s]\n", i,
+				(unsigned long long)ldb_msg_find_attr_as_uint64(r->msgs[0], "uSNChanged", 0),
+				ldb_msg_find_attr_as_string(r->msgs[0], "description", NULL),
+				(no_match ? "changed!: not ok" : "not changed: ok"));
+
+		if (no_match) {
+			NDR_PRINT_DEBUG(replUpToDateVectorBlob, &utdv1);
+			NDR_PRINT_DEBUG(replUpToDateVectorBlob, &utdv);
+			ok = false;
+		}
+
+		talloc_free(msg);
+	}
+
+	return ok;
+}
+
+bool torture_ldap_uptodatevector(struct torture_context *torture)
+{
+	struct ldb_context *ldb;
+	bool ret = true;
+	const char *host = torture_setting_string(torture, "host", NULL);
+	char *url;
+
+	url = talloc_asprintf(torture, "ldap://%s/", host);
+	if (!url) goto failed;
+
+	ldb = ldb_wrap_connect(torture, torture->ev, torture->lp_ctx, url,
+			       NULL,
+			       samba_cmdline_get_creds(),
+			       0);
+	if (!ldb) goto failed;
+
+	ret &= test_check_uptodatevector(torture, ldb, ldb_get_default_basedn(ldb));
+	ret &= test_check_uptodatevector(torture, ldb, ldb_get_config_basedn(ldb));
+	ret &= test_check_uptodatevector(torture, ldb, ldb_get_schema_basedn(ldb));
+
+	return ret;
+failed:
+	return false;
+}
diff --git a/source4/torture/ldb/ldb.c b/source4/torture/ldb/ldb.c
new file mode 100644
index 0000000..69bd57e
--- /dev/null
+++ b/source4/torture/ldb/ldb.c
@@ -0,0 +1,1794 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Test LDB attribute functions
+
+   Copyright (C) Andrew Bartlet <abartlet@samba.org> 2008
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include <ldb.h>
+#include <ldb-samba/ldb_wrap.h>
+#include <ldb_errors.h>
+#include <ldb_module.h>
+#include "lib/ldb-samba/ldif_handlers.h"
+#include "ldb_wrap.h"
+#include "dsdb/samdb/samdb.h"
+#include "param/param.h"
+#include "torture/smbtorture.h"
+#include "torture/local/proto.h"
+#include <time.h>
+
+static const char *sid = "S-1-5-21-4177067393-1453636373-93818737";
+static const char *hex_sid = "01040000000000051500000081fdf8f815bba456718f9705";
+static const char *guid = "975ac5fa-35d9-431d-b86a-845bcd34fff9";
+static const char *guid2 = "{975ac5fa-35d9-431d-b86a-845bcd34fff9}";
+static const char *hex_guid = "fac55a97d9351d43b86a845bcd34fff9";
+
+static const char *prefix_map_newline = "2:1.2.840.113556.1.2\n5:2.16.840.1.101.2.2.3";
+static const char *prefix_map_semi = "2:1.2.840.113556.1.2;5:2.16.840.1.101.2.2.3";
+
+/**
+ * This is the hex code derived from the tdbdump for
+ * "st/ad_dc/private/sam.ldb.d/DC=ADDC,DC=SAMBA,DC=EXAMPLE,DC=COM.ldb"
+ * key "DN=CN=DDA1D01D-4BD7-4C49-A184-46F9241B560E,CN=OPERATIONS,CN=DOMAINUPDATES,CN=SYSTEM,DC=ADDC,DC=SAMBA,DC=EXAMPLE,DC=COM\00"
+ *   -- adrianc
+ */
+
+static const uint8_t dda1d01d_bin_v1[] = {
+	0x67, 0x19, 0x01, 0x26, 0x0d, 0x00, 0x00, 0x00, 0x43, 0x4e, 0x3d, 0x64, 0x64, 0x61, 0x31, 0x64,
+	0x30, 0x31, 0x64, 0x2d, 0x34, 0x62, 0x64, 0x37, 0x2d, 0x34, 0x63, 0x34, 0x39, 0x2d, 0x61, 0x31,
+	0x38, 0x34, 0x2d, 0x34, 0x36, 0x66, 0x39, 0x32, 0x34, 0x31, 0x62, 0x35, 0x36, 0x30, 0x65, 0x2c,
+	0x43, 0x4e, 0x3d, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2c, 0x43, 0x4e,
+	0x3d, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x73, 0x2c, 0x43,
+	0x4e, 0x3d, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x2c, 0x44, 0x43, 0x3d, 0x61, 0x64, 0x64, 0x63,
+	0x2c, 0x44, 0x43, 0x3d, 0x73, 0x61, 0x6d, 0x62, 0x61, 0x2c, 0x44, 0x43, 0x3d, 0x65, 0x78, 0x61,
+	0x6d, 0x70, 0x6c, 0x65, 0x2c, 0x44, 0x43, 0x3d, 0x63, 0x6f, 0x6d, 0x00, 0x6f, 0x62, 0x6a, 0x65,
+	0x63, 0x74, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x00, 0x02, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00,
+	0x74, 0x6f, 0x70, 0x00, 0x09, 0x00, 0x00, 0x00, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65,
+	0x72, 0x00, 0x63, 0x6e, 0x00, 0x01, 0x00, 0x00, 0x00, 0x24, 0x00, 0x00, 0x00, 0x64, 0x64, 0x61,
+	0x31, 0x64, 0x30, 0x31, 0x64, 0x2d, 0x34, 0x62, 0x64, 0x37, 0x2d, 0x34, 0x63, 0x34, 0x39, 0x2d,
+	0x61, 0x31, 0x38, 0x34, 0x2d, 0x34, 0x36, 0x66, 0x39, 0x32, 0x34, 0x31, 0x62, 0x35, 0x36, 0x30,
+	0x65, 0x00, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65, 0x00, 0x01,
+	0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x34, 0x00, 0x77, 0x68, 0x65, 0x6e, 0x43, 0x72, 0x65,
+	0x61, 0x74, 0x65, 0x64, 0x00, 0x01, 0x00, 0x00, 0x00, 0x11, 0x00, 0x00, 0x00, 0x32, 0x30, 0x31,
+	0x35, 0x30, 0x37, 0x30, 0x38, 0x32, 0x32, 0x34, 0x33, 0x31, 0x30, 0x2e, 0x30, 0x5a, 0x00, 0x77,
+	0x68, 0x65, 0x6e, 0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x64, 0x00, 0x01, 0x00, 0x00, 0x00, 0x11,
+	0x00, 0x00, 0x00, 0x32, 0x30, 0x31, 0x35, 0x30, 0x37, 0x30, 0x38, 0x32, 0x32, 0x34, 0x33, 0x31,
+	0x30, 0x2e, 0x30, 0x5a, 0x00, 0x75, 0x53, 0x4e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x33, 0x34, 0x36, 0x37, 0x00, 0x75, 0x53, 0x4e,
+	0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x64, 0x00, 0x01, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+	0x33, 0x34, 0x36, 0x37, 0x00, 0x73, 0x68, 0x6f, 0x77, 0x49, 0x6e, 0x41, 0x64, 0x76, 0x61, 0x6e,
+	0x63, 0x65, 0x64, 0x56, 0x69, 0x65, 0x77, 0x4f, 0x6e, 0x6c, 0x79, 0x00, 0x01, 0x00, 0x00, 0x00,
+	0x04, 0x00, 0x00, 0x00, 0x54, 0x52, 0x55, 0x45, 0x00, 0x6e, 0x54, 0x53, 0x65, 0x63, 0x75, 0x72,
+	0x69, 0x74, 0x79, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x00, 0x01, 0x00,
+	0x00, 0x00, 0x18, 0x05, 0x00, 0x00, 0x01, 0x00, 0x17, 0x8c, 0x14, 0x00, 0x00, 0x00, 0x30, 0x00,
+	0x00, 0x00, 0x4c, 0x00, 0x00, 0x00, 0xc4, 0x00, 0x00, 0x00, 0x01, 0x05, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x05, 0x15, 0x00, 0x00, 0x00, 0x9a, 0xbd, 0x91, 0x7d, 0xd5, 0xe0, 0x11, 0x3c, 0x6e, 0x5e,
+	0x1a, 0x4b, 0x00, 0x02, 0x00, 0x00, 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00,
+	0x00, 0x00, 0x9a, 0xbd, 0x91, 0x7d, 0xd5, 0xe0, 0x11, 0x3c, 0x6e, 0x5e, 0x1a, 0x4b, 0x00, 0x02,
+	0x00, 0x00, 0x04, 0x00, 0x78, 0x00, 0x02, 0x00, 0x00, 0x00, 0x07, 0x5a, 0x38, 0x00, 0x20, 0x00,
+	0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0xbe, 0x3b, 0x0e, 0xf3, 0xf0, 0x9f, 0xd1, 0x11, 0xb6, 0x03,
+	0x00, 0x00, 0xf8, 0x03, 0x67, 0xc1, 0xa5, 0x7a, 0x96, 0xbf, 0xe6, 0x0d, 0xd0, 0x11, 0xa2, 0x85,
+	0x00, 0xaa, 0x00, 0x30, 0x49, 0xe2, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
+	0x00, 0x00, 0x07, 0x5a, 0x38, 0x00, 0x20, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0xbf, 0x3b,
+	0x0e, 0xf3, 0xf0, 0x9f, 0xd1, 0x11, 0xb6, 0x03, 0x00, 0x00, 0xf8, 0x03, 0x67, 0xc1, 0xa5, 0x7a,
+	0x96, 0xbf, 0xe6, 0x0d, 0xd0, 0x11, 0xa2, 0x85, 0x00, 0xaa, 0x00, 0x30, 0x49, 0xe2, 0x01, 0x01,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x54, 0x04, 0x17, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x24, 0x00, 0xff, 0x01, 0x0f, 0x00, 0x01, 0x05, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x05, 0x15, 0x00, 0x00, 0x00, 0x9a, 0xbd, 0x91, 0x7d, 0xd5, 0xe0, 0x11, 0x3c, 0x6e, 0x5e,
+	0x1a, 0x4b, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0xff, 0x01, 0x0f, 0x00, 0x01, 0x01,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x12, 0x00, 0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0x94, 0x00,
+	0x02, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x0b, 0x00, 0x00, 0x00, 0x05, 0x1a,
+	0x3c, 0x00, 0x10, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x42, 0x16, 0x4c, 0xc0, 0x20,
+	0xd0, 0x11, 0xa7, 0x68, 0x00, 0xaa, 0x00, 0x6e, 0x05, 0x29, 0x14, 0xcc, 0x28, 0x48, 0x37, 0x14,
+	0xbc, 0x45, 0x9b, 0x07, 0xad, 0x6f, 0x01, 0x5e, 0x5f, 0x28, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x2a, 0x02, 0x00, 0x00, 0x05, 0x1a, 0x3c, 0x00, 0x10, 0x00,
+	0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x42, 0x16, 0x4c, 0xc0, 0x20, 0xd0, 0x11, 0xa7, 0x68,
+	0x00, 0xaa, 0x00, 0x6e, 0x05, 0x29, 0xba, 0x7a, 0x96, 0xbf, 0xe6, 0x0d, 0xd0, 0x11, 0xa2, 0x85,
+	0x00, 0xaa, 0x00, 0x30, 0x49, 0xe2, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00,
+	0x00, 0x00, 0x2a, 0x02, 0x00, 0x00, 0x05, 0x1a, 0x3c, 0x00, 0x10, 0x00, 0x00, 0x00, 0x03, 0x00,
+	0x00, 0x00, 0x10, 0x20, 0x20, 0x5f, 0xa5, 0x79, 0xd0, 0x11, 0x90, 0x20, 0x00, 0xc0, 0x4f, 0xc2,
+	0xd4, 0xcf, 0x14, 0xcc, 0x28, 0x48, 0x37, 0x14, 0xbc, 0x45, 0x9b, 0x07, 0xad, 0x6f, 0x01, 0x5e,
+	0x5f, 0x28, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x2a, 0x02,
+	0x00, 0x00, 0x05, 0x1a, 0x3c, 0x00, 0x10, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x10, 0x20,
+	0x20, 0x5f, 0xa5, 0x79, 0xd0, 0x11, 0x90, 0x20, 0x00, 0xc0, 0x4f, 0xc2, 0xd4, 0xcf, 0xba, 0x7a,
+	0x96, 0xbf, 0xe6, 0x0d, 0xd0, 0x11, 0xa2, 0x85, 0x00, 0xaa, 0x00, 0x30, 0x49, 0xe2, 0x01, 0x02,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x2a, 0x02, 0x00, 0x00, 0x05, 0x1a,
+	0x3c, 0x00, 0x10, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x40, 0xc2, 0x0a, 0xbc, 0xa9, 0x79,
+	0xd0, 0x11, 0x90, 0x20, 0x00, 0xc0, 0x4f, 0xc2, 0xd4, 0xcf, 0x14, 0xcc, 0x28, 0x48, 0x37, 0x14,
+	0xbc, 0x45, 0x9b, 0x07, 0xad, 0x6f, 0x01, 0x5e, 0x5f, 0x28, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x2a, 0x02, 0x00, 0x00, 0x05, 0x1a, 0x3c, 0x00, 0x10, 0x00,
+	0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x40, 0xc2, 0x0a, 0xbc, 0xa9, 0x79, 0xd0, 0x11, 0x90, 0x20,
+	0x00, 0xc0, 0x4f, 0xc2, 0xd4, 0xcf, 0xba, 0x7a, 0x96, 0xbf, 0xe6, 0x0d, 0xd0, 0x11, 0xa2, 0x85,
+	0x00, 0xaa, 0x00, 0x30, 0x49, 0xe2, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00,
+	0x00, 0x00, 0x2a, 0x02, 0x00, 0x00, 0x05, 0x1a, 0x3c, 0x00, 0x10, 0x00, 0x00, 0x00, 0x03, 0x00,
+	0x00, 0x00, 0x42, 0x2f, 0xba, 0x59, 0xa2, 0x79, 0xd0, 0x11, 0x90, 0x20, 0x00, 0xc0, 0x4f, 0xc2,
+	0xd3, 0xcf, 0x14, 0xcc, 0x28, 0x48, 0x37, 0x14, 0xbc, 0x45, 0x9b, 0x07, 0xad, 0x6f, 0x01, 0x5e,
+	0x5f, 0x28, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x2a, 0x02,
+	0x00, 0x00, 0x05, 0x1a, 0x3c, 0x00, 0x10, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x42, 0x2f,
+	0xba, 0x59, 0xa2, 0x79, 0xd0, 0x11, 0x90, 0x20, 0x00, 0xc0, 0x4f, 0xc2, 0xd3, 0xcf, 0xba, 0x7a,
+	0x96, 0xbf, 0xe6, 0x0d, 0xd0, 0x11, 0xa2, 0x85, 0x00, 0xaa, 0x00, 0x30, 0x49, 0xe2, 0x01, 0x02,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x2a, 0x02, 0x00, 0x00, 0x05, 0x1a,
+	0x3c, 0x00, 0x10, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0xf8, 0x88, 0x70, 0x03, 0xe1, 0x0a,
+	0xd2, 0x11, 0xb4, 0x22, 0x00, 0xa0, 0xc9, 0x68, 0xf9, 0x39, 0x14, 0xcc, 0x28, 0x48, 0x37, 0x14,
+	0xbc, 0x45, 0x9b, 0x07, 0xad, 0x6f, 0x01, 0x5e, 0x5f, 0x28, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x2a, 0x02, 0x00, 0x00, 0x05, 0x1a, 0x3c, 0x00, 0x10, 0x00,
+	0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0xf8, 0x88, 0x70, 0x03, 0xe1, 0x0a, 0xd2, 0x11, 0xb4, 0x22,
+	0x00, 0xa0, 0xc9, 0x68, 0xf9, 0x39, 0xba, 0x7a, 0x96, 0xbf, 0xe6, 0x0d, 0xd0, 0x11, 0xa2, 0x85,
+	0x00, 0xaa, 0x00, 0x30, 0x49, 0xe2, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00,
+	0x00, 0x00, 0x2a, 0x02, 0x00, 0x00, 0x05, 0x1a, 0x38, 0x00, 0x10, 0x00, 0x00, 0x00, 0x03, 0x00,
+	0x00, 0x00, 0x6d, 0x9e, 0xc6, 0xb7, 0xc7, 0x2c, 0xd2, 0x11, 0x85, 0x4e, 0x00, 0xa0, 0xc9, 0x83,
+	0xf6, 0x08, 0x86, 0x7a, 0x96, 0xbf, 0xe6, 0x0d, 0xd0, 0x11, 0xa2, 0x85, 0x00, 0xaa, 0x00, 0x30,
+	0x49, 0xe2, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x09, 0x00, 0x00, 0x00, 0x05, 0x1a,
+	0x38, 0x00, 0x10, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x6d, 0x9e, 0xc6, 0xb7, 0xc7, 0x2c,
+	0xd2, 0x11, 0x85, 0x4e, 0x00, 0xa0, 0xc9, 0x83, 0xf6, 0x08, 0x9c, 0x7a, 0x96, 0xbf, 0xe6, 0x0d,
+	0xd0, 0x11, 0xa2, 0x85, 0x00, 0xaa, 0x00, 0x30, 0x49, 0xe2, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x05, 0x09, 0x00, 0x00, 0x00, 0x05, 0x1a, 0x38, 0x00, 0x10, 0x00, 0x00, 0x00, 0x03, 0x00,
+	0x00, 0x00, 0x6d, 0x9e, 0xc6, 0xb7, 0xc7, 0x2c, 0xd2, 0x11, 0x85, 0x4e, 0x00, 0xa0, 0xc9, 0x83,
+	0xf6, 0x08, 0xba, 0x7a, 0x96, 0xbf, 0xe6, 0x0d, 0xd0, 0x11, 0xa2, 0x85, 0x00, 0xaa, 0x00, 0x30,
+	0x49, 0xe2, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x09, 0x00, 0x00, 0x00, 0x05, 0x1a,
+	0x2c, 0x00, 0x94, 0x00, 0x02, 0x00, 0x02, 0x00, 0x00, 0x00, 0x14, 0xcc, 0x28, 0x48, 0x37, 0x14,
+	0xbc, 0x45, 0x9b, 0x07, 0xad, 0x6f, 0x01, 0x5e, 0x5f, 0x28, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x2a, 0x02, 0x00, 0x00, 0x05, 0x1a, 0x2c, 0x00, 0x94, 0x00,
+	0x02, 0x00, 0x02, 0x00, 0x00, 0x00, 0x9c, 0x7a, 0x96, 0xbf, 0xe6, 0x0d, 0xd0, 0x11, 0xa2, 0x85,
+	0x00, 0xaa, 0x00, 0x30, 0x49, 0xe2, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00,
+	0x00, 0x00, 0x2a, 0x02, 0x00, 0x00, 0x05, 0x1a, 0x2c, 0x00, 0x94, 0x00, 0x02, 0x00, 0x02, 0x00,
+	0x00, 0x00, 0xba, 0x7a, 0x96, 0xbf, 0xe6, 0x0d, 0xd0, 0x11, 0xa2, 0x85, 0x00, 0xaa, 0x00, 0x30,
+	0x49, 0xe2, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x2a, 0x02,
+	0x00, 0x00, 0x05, 0x12, 0x28, 0x00, 0x30, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0xde, 0x47,
+	0xe6, 0x91, 0x6f, 0xd9, 0x70, 0x4b, 0x95, 0x57, 0xd6, 0x3f, 0xf4, 0xf3, 0xcc, 0xd8, 0x01, 0x01,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x12, 0x24, 0x00, 0xff, 0x01,
+	0x0f, 0x00, 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00, 0x9a, 0xbd,
+	0x91, 0x7d, 0xd5, 0xe0, 0x11, 0x3c, 0x6e, 0x5e, 0x1a, 0x4b, 0x07, 0x02, 0x00, 0x00, 0x00, 0x12,
+	0x18, 0x00, 0x04, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00,
+	0x00, 0x00, 0x2a, 0x02, 0x00, 0x00, 0x00, 0x12, 0x18, 0x00, 0xbd, 0x01, 0x0f, 0x00, 0x01, 0x02,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x20, 0x02, 0x00, 0x00, 0x00, 0x6e,
+	0x61, 0x6d, 0x65, 0x00, 0x01, 0x00, 0x00, 0x00, 0x24, 0x00, 0x00, 0x00, 0x64, 0x64, 0x61, 0x31,
+	0x64, 0x30, 0x31, 0x64, 0x2d, 0x34, 0x62, 0x64, 0x37, 0x2d, 0x34, 0x63, 0x34, 0x39, 0x2d, 0x61,
+	0x31, 0x38, 0x34, 0x2d, 0x34, 0x36, 0x66, 0x39, 0x32, 0x34, 0x31, 0x62, 0x35, 0x36, 0x30, 0x65,
+	0x00, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x47, 0x55, 0x49, 0x44, 0x00, 0x01, 0x00, 0x00, 0x00,
+	0x10, 0x00, 0x00, 0x00, 0x57, 0x93, 0x1e, 0x29, 0x25, 0x49, 0xe5, 0x40, 0x9d, 0x98, 0x36, 0x07,
+	0x11, 0x9e, 0xbd, 0xe5, 0x00, 0x72, 0x65, 0x70, 0x6c, 0x50, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74,
+	0x79, 0x4d, 0x65, 0x74, 0x61, 0x44, 0x61, 0x74, 0x61, 0x00, 0x01, 0x00, 0x00, 0x00, 0x90, 0x01,
+	0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x7e, 0x38, 0xae, 0x0b, 0x03, 0x00,
+	0x00, 0x00, 0x9d, 0xcd, 0xcd, 0x57, 0xee, 0x58, 0x6e, 0x4e, 0x96, 0x99, 0xcc, 0x7d, 0xe1, 0x96,
+	0xf1, 0x05, 0x8b, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x8b, 0x0d, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x01, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x7e, 0x38, 0xae, 0x0b, 0x03, 0x00,
+	0x00, 0x00, 0x9d, 0xcd, 0xcd, 0x57, 0xee, 0x58, 0x6e, 0x4e, 0x96, 0x99, 0xcc, 0x7d, 0xe1, 0x96,
+	0xf1, 0x05, 0x8b, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x8b, 0x0d, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x02, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x7e, 0x38, 0xae, 0x0b, 0x03, 0x00,
+	0x00, 0x00, 0x9d, 0xcd, 0xcd, 0x57, 0xee, 0x58, 0x6e, 0x4e, 0x96, 0x99, 0xcc, 0x7d, 0xe1, 0x96,
+	0xf1, 0x05, 0x8b, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x8b, 0x0d, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0xa9, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x7e, 0x38, 0xae, 0x0b, 0x03, 0x00,
+	0x00, 0x00, 0x9d, 0xcd, 0xcd, 0x57, 0xee, 0x58, 0x6e, 0x4e, 0x96, 0x99, 0xcc, 0x7d, 0xe1, 0x96,
+	0xf1, 0x05, 0x8b, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x8b, 0x0d, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x19, 0x01, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x7e, 0x38, 0xae, 0x0b, 0x03, 0x00,
+	0x00, 0x00, 0x9d, 0xcd, 0xcd, 0x57, 0xee, 0x58, 0x6e, 0x4e, 0x96, 0x99, 0xcc, 0x7d, 0xe1, 0x96,
+	0xf1, 0x05, 0x8b, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x8b, 0x0d, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x01, 0x00, 0x09, 0x00, 0x01, 0x00, 0x00, 0x00, 0x7e, 0x38, 0xae, 0x0b, 0x03, 0x00,
+	0x00, 0x00, 0x9d, 0xcd, 0xcd, 0x57, 0xee, 0x58, 0x6e, 0x4e, 0x96, 0x99, 0xcc, 0x7d, 0xe1, 0x96,
+	0xf1, 0x05, 0x8b, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x8b, 0x0d, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x0e, 0x03, 0x09, 0x00, 0x01, 0x00, 0x00, 0x00, 0x7e, 0x38, 0xae, 0x0b, 0x03, 0x00,
+	0x00, 0x00, 0x9d, 0xcd, 0xcd, 0x57, 0xee, 0x58, 0x6e, 0x4e, 0x96, 0x99, 0xcc, 0x7d, 0xe1, 0x96,
+	0xf1, 0x05, 0x8b, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x8b, 0x0d, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x7e, 0x38, 0xae, 0x0b, 0x03, 0x00,
+	0x00, 0x00, 0x9d, 0xcd, 0xcd, 0x57, 0xee, 0x58, 0x6e, 0x4e, 0x96, 0x99, 0xcc, 0x7d, 0xe1, 0x96,
+	0xf1, 0x05, 0x8b, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x8b, 0x0d, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x43, 0x61, 0x74, 0x65, 0x67, 0x6f, 0x72,
+	0x79, 0x00, 0x01, 0x00, 0x00, 0x00, 0x76, 0x00, 0x00, 0x00, 0x3c, 0x47, 0x55, 0x49, 0x44, 0x3d,
+	0x35, 0x32, 0x34, 0x32, 0x39, 0x30, 0x33, 0x38, 0x2d, 0x65, 0x34, 0x33, 0x35, 0x2d, 0x34, 0x66,
+	0x65, 0x33, 0x2d, 0x39, 0x36, 0x34, 0x65, 0x2d, 0x38, 0x30, 0x64, 0x61, 0x31, 0x35, 0x34, 0x39,
+	0x39, 0x63, 0x39, 0x63, 0x3e, 0x3b, 0x43, 0x4e, 0x3d, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e,
+	0x65, 0x72, 0x2c, 0x43, 0x4e, 0x3d, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x2c, 0x43, 0x4e, 0x3d,
+	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2c, 0x44, 0x43,
+	0x3d, 0x61, 0x64, 0x64, 0x63, 0x2c, 0x44, 0x43, 0x3d, 0x73, 0x61, 0x6d, 0x62, 0x61, 0x2c, 0x44,
+	0x43, 0x3d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2c, 0x44, 0x43, 0x3d, 0x63, 0x6f, 0x6d,
+	0x00
+};
+
+static const uint8_t dda1d01d_bin_v2[] = {
+	0x68, 0x19, 0x01, 0x26, 0x0d, 0x00, 0x00, 0x00, 0x73, 0x00, 0x00, 0x00, 0x43, 0x4e, 0x3d, 0x64,
+	0x64, 0x61, 0x31, 0x64, 0x30, 0x31, 0x64, 0x2d, 0x34, 0x62, 0x64, 0x37, 0x2d, 0x34, 0x63, 0x34,
+	0x39, 0x2d, 0x61, 0x31, 0x38, 0x34, 0x2d, 0x34, 0x36, 0x66, 0x39, 0x32, 0x34, 0x31, 0x62, 0x35,
+	0x36, 0x30, 0x65, 0x2c, 0x43, 0x4e, 0x3d, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x73, 0x2c, 0x43, 0x4e, 0x3d, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x55, 0x70, 0x64, 0x61, 0x74,
+	0x65, 0x73, 0x2c, 0x43, 0x4e, 0x3d, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x2c, 0x44, 0x43, 0x3d,
+	0x61, 0x64, 0x64, 0x63, 0x2c, 0x44, 0x43, 0x3d, 0x73, 0x61, 0x6d, 0x62, 0x61, 0x2c, 0x44, 0x43,
+	0x3d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2c, 0x44, 0x43, 0x3d, 0x63, 0x6f, 0x6d, 0x00,
+	0x5b, 0x00, 0x00, 0x00, 0x61, 0x64, 0x64, 0x63, 0x2e, 0x73, 0x61, 0x6d, 0x62, 0x61, 0x2e, 0x65,
+	0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x53, 0x79, 0x73, 0x74, 0x65,
+	0x6d, 0x2f, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x73, 0x2f,
+	0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x64, 0x64, 0x61, 0x31, 0x64,
+	0x30, 0x31, 0x64, 0x2d, 0x34, 0x62, 0x64, 0x37, 0x2d, 0x34, 0x63, 0x34, 0x39, 0x2d, 0x61, 0x31,
+	0x38, 0x34, 0x2d, 0x34, 0x36, 0x66, 0x39, 0x32, 0x34, 0x31, 0x62, 0x35, 0x36, 0x30, 0x65, 0x00,
+	0x33, 0x01, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x43, 0x6c,
+	0x61, 0x73, 0x73, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x03, 0x09, 0x02, 0x00, 0x00, 0x00, 0x63,
+	0x6e, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x24, 0x0c, 0x00, 0x00, 0x00, 0x69, 0x6e, 0x73, 0x74,
+	0x61, 0x6e, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x01, 0x0b,
+	0x00, 0x00, 0x00, 0x77, 0x68, 0x65, 0x6e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x00, 0x01,
+	0x00, 0x00, 0x00, 0x01, 0x11, 0x0b, 0x00, 0x00, 0x00, 0x77, 0x68, 0x65, 0x6e, 0x43, 0x68, 0x61,
+	0x6e, 0x67, 0x65, 0x64, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x11, 0x0a, 0x00, 0x00, 0x00, 0x75,
+	0x53, 0x4e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x04,
+	0x0a, 0x00, 0x00, 0x00, 0x75, 0x53, 0x4e, 0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x64, 0x00, 0x01,
+	0x00, 0x00, 0x00, 0x01, 0x04, 0x16, 0x00, 0x00, 0x00, 0x73, 0x68, 0x6f, 0x77, 0x49, 0x6e, 0x41,
+	0x64, 0x76, 0x61, 0x6e, 0x63, 0x65, 0x64, 0x56, 0x69, 0x65, 0x77, 0x4f, 0x6e, 0x6c, 0x79, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x01, 0x04, 0x14, 0x00, 0x00, 0x00, 0x6e, 0x54, 0x53, 0x65, 0x63, 0x75,
+	0x72, 0x69, 0x74, 0x79, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x00, 0x01,
+	0x00, 0x00, 0x00, 0x02, 0x18, 0x05, 0x04, 0x00, 0x00, 0x00, 0x6e, 0x61, 0x6d, 0x65, 0x00, 0x01,
+	0x00, 0x00, 0x00, 0x01, 0x24, 0x0a, 0x00, 0x00, 0x00, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x47,
+	0x55, 0x49, 0x44, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x10, 0x14, 0x00, 0x00, 0x00, 0x72, 0x65,
+	0x70, 0x6c, 0x50, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x79, 0x4d, 0x65, 0x74, 0x61, 0x44, 0x61,
+	0x74, 0x61, 0x00, 0x01, 0x00, 0x00, 0x00, 0x02, 0x90, 0x01, 0x0e, 0x00, 0x00, 0x00, 0x6f, 0x62,
+	0x6a, 0x65, 0x63, 0x74, 0x43, 0x61, 0x74, 0x65, 0x67, 0x6f, 0x72, 0x79, 0x00, 0x01, 0x00, 0x00,
+	0x00, 0x01, 0x76, 0x74, 0x6f, 0x70, 0x00, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72,
+	0x00, 0x64, 0x64, 0x61, 0x31, 0x64, 0x30, 0x31, 0x64, 0x2d, 0x34, 0x62, 0x64, 0x37, 0x2d, 0x34,
+	0x63, 0x34, 0x39, 0x2d, 0x61, 0x31, 0x38, 0x34, 0x2d, 0x34, 0x36, 0x66, 0x39, 0x32, 0x34, 0x31,
+	0x62, 0x35, 0x36, 0x30, 0x65, 0x00, 0x34, 0x00, 0x32, 0x30, 0x31, 0x35, 0x30, 0x37, 0x30, 0x38,
+	0x32, 0x32, 0x34, 0x33, 0x31, 0x30, 0x2e, 0x30, 0x5a, 0x00, 0x32, 0x30, 0x31, 0x35, 0x30, 0x37,
+	0x30, 0x38, 0x32, 0x32, 0x34, 0x33, 0x31, 0x30, 0x2e, 0x30, 0x5a, 0x00, 0x33, 0x34, 0x36, 0x37,
+	0x00, 0x33, 0x34, 0x36, 0x37, 0x00, 0x54, 0x52, 0x55, 0x45, 0x00, 0x01, 0x00, 0x14, 0x8c, 0x14,
+	0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x4c, 0x00, 0x00, 0x00, 0xc4, 0x00, 0x00, 0x00, 0x01,
+	0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00, 0x9a, 0xbd, 0x91, 0x7d, 0xd5,
+	0xe0, 0x11, 0x3c, 0x6e, 0x5e, 0x1a, 0x4b, 0x00, 0x02, 0x00, 0x00, 0x01, 0x05, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00, 0x9a, 0xbd, 0x91, 0x7d, 0xd5, 0xe0, 0x11, 0x3c, 0x6e,
+	0x5e, 0x1a, 0x4b, 0x00, 0x02, 0x00, 0x00, 0x04, 0x00, 0x78, 0x00, 0x02, 0x00, 0x00, 0x00, 0x07,
+	0x5a, 0x38, 0x00, 0x20, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0xbe, 0x3b, 0x0e, 0xf3, 0xf0,
+	0x9f, 0xd1, 0x11, 0xb6, 0x03, 0x00, 0x00, 0xf8, 0x03, 0x67, 0xc1, 0xa5, 0x7a, 0x96, 0xbf, 0xe6,
+	0x0d, 0xd0, 0x11, 0xa2, 0x85, 0x00, 0xaa, 0x00, 0x30, 0x49, 0xe2, 0x01, 0x01, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x07, 0x5a, 0x38, 0x00, 0x20, 0x00, 0x00, 0x00, 0x03,
+	0x00, 0x00, 0x00, 0xbf, 0x3b, 0x0e, 0xf3, 0xf0, 0x9f, 0xd1, 0x11, 0xb6, 0x03, 0x00, 0x00, 0xf8,
+	0x03, 0x67, 0xc1, 0xa5, 0x7a, 0x96, 0xbf, 0xe6, 0x0d, 0xd0, 0x11, 0xa2, 0x85, 0x00, 0xaa, 0x00,
+	0x30, 0x49, 0xe2, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x04,
+	0x00, 0x54, 0x04, 0x17, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00, 0xff, 0x01, 0x0f, 0x00, 0x01,
+	0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00, 0x9a, 0xbd, 0x91, 0x7d, 0xd5,
+	0xe0, 0x11, 0x3c, 0x6e, 0x5e, 0x1a, 0x4b, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0xff,
+	0x01, 0x0f, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x12, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x14, 0x00, 0x94, 0x00, 0x02, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x0b,
+	0x00, 0x00, 0x00, 0x05, 0x1a, 0x3c, 0x00, 0x10, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x00,
+	0x42, 0x16, 0x4c, 0xc0, 0x20, 0xd0, 0x11, 0xa7, 0x68, 0x00, 0xaa, 0x00, 0x6e, 0x05, 0x29, 0x14,
+	0xcc, 0x28, 0x48, 0x37, 0x14, 0xbc, 0x45, 0x9b, 0x07, 0xad, 0x6f, 0x01, 0x5e, 0x5f, 0x28, 0x01,
+	0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x2a, 0x02, 0x00, 0x00, 0x05,
+	0x1a, 0x3c, 0x00, 0x10, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x42, 0x16, 0x4c, 0xc0,
+	0x20, 0xd0, 0x11, 0xa7, 0x68, 0x00, 0xaa, 0x00, 0x6e, 0x05, 0x29, 0xba, 0x7a, 0x96, 0xbf, 0xe6,
+	0x0d, 0xd0, 0x11, 0xa2, 0x85, 0x00, 0xaa, 0x00, 0x30, 0x49, 0xe2, 0x01, 0x02, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x2a, 0x02, 0x00, 0x00, 0x05, 0x1a, 0x3c, 0x00, 0x10,
+	0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x10, 0x20, 0x20, 0x5f, 0xa5, 0x79, 0xd0, 0x11, 0x90,
+	0x20, 0x00, 0xc0, 0x4f, 0xc2, 0xd4, 0xcf, 0x14, 0xcc, 0x28, 0x48, 0x37, 0x14, 0xbc, 0x45, 0x9b,
+	0x07, 0xad, 0x6f, 0x01, 0x5e, 0x5f, 0x28, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20,
+	0x00, 0x00, 0x00, 0x2a, 0x02, 0x00, 0x00, 0x05, 0x1a, 0x3c, 0x00, 0x10, 0x00, 0x00, 0x00, 0x03,
+	0x00, 0x00, 0x00, 0x10, 0x20, 0x20, 0x5f, 0xa5, 0x79, 0xd0, 0x11, 0x90, 0x20, 0x00, 0xc0, 0x4f,
+	0xc2, 0xd4, 0xcf, 0xba, 0x7a, 0x96, 0xbf, 0xe6, 0x0d, 0xd0, 0x11, 0xa2, 0x85, 0x00, 0xaa, 0x00,
+	0x30, 0x49, 0xe2, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x2a,
+	0x02, 0x00, 0x00, 0x05, 0x1a, 0x3c, 0x00, 0x10, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x40,
+	0xc2, 0x0a, 0xbc, 0xa9, 0x79, 0xd0, 0x11, 0x90, 0x20, 0x00, 0xc0, 0x4f, 0xc2, 0xd4, 0xcf, 0x14,
+	0xcc, 0x28, 0x48, 0x37, 0x14, 0xbc, 0x45, 0x9b, 0x07, 0xad, 0x6f, 0x01, 0x5e, 0x5f, 0x28, 0x01,
+	0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x2a, 0x02, 0x00, 0x00, 0x05,
+	0x1a, 0x3c, 0x00, 0x10, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x40, 0xc2, 0x0a, 0xbc, 0xa9,
+	0x79, 0xd0, 0x11, 0x90, 0x20, 0x00, 0xc0, 0x4f, 0xc2, 0xd4, 0xcf, 0xba, 0x7a, 0x96, 0xbf, 0xe6,
+	0x0d, 0xd0, 0x11, 0xa2, 0x85, 0x00, 0xaa, 0x00, 0x30, 0x49, 0xe2, 0x01, 0x02, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x2a, 0x02, 0x00, 0x00, 0x05, 0x1a, 0x3c, 0x00, 0x10,
+	0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x42, 0x2f, 0xba, 0x59, 0xa2, 0x79, 0xd0, 0x11, 0x90,
+	0x20, 0x00, 0xc0, 0x4f, 0xc2, 0xd3, 0xcf, 0x14, 0xcc, 0x28, 0x48, 0x37, 0x14, 0xbc, 0x45, 0x9b,
+	0x07, 0xad, 0x6f, 0x01, 0x5e, 0x5f, 0x28, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20,
+	0x00, 0x00, 0x00, 0x2a, 0x02, 0x00, 0x00, 0x05, 0x1a, 0x3c, 0x00, 0x10, 0x00, 0x00, 0x00, 0x03,
+	0x00, 0x00, 0x00, 0x42, 0x2f, 0xba, 0x59, 0xa2, 0x79, 0xd0, 0x11, 0x90, 0x20, 0x00, 0xc0, 0x4f,
+	0xc2, 0xd3, 0xcf, 0xba, 0x7a, 0x96, 0xbf, 0xe6, 0x0d, 0xd0, 0x11, 0xa2, 0x85, 0x00, 0xaa, 0x00,
+	0x30, 0x49, 0xe2, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x2a,
+	0x02, 0x00, 0x00, 0x05, 0x1a, 0x3c, 0x00, 0x10, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0xf8,
+	0x88, 0x70, 0x03, 0xe1, 0x0a, 0xd2, 0x11, 0xb4, 0x22, 0x00, 0xa0, 0xc9, 0x68, 0xf9, 0x39, 0x14,
+	0xcc, 0x28, 0x48, 0x37, 0x14, 0xbc, 0x45, 0x9b, 0x07, 0xad, 0x6f, 0x01, 0x5e, 0x5f, 0x28, 0x01,
+	0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x2a, 0x02, 0x00, 0x00, 0x05,
+	0x1a, 0x3c, 0x00, 0x10, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0xf8, 0x88, 0x70, 0x03, 0xe1,
+	0x0a, 0xd2, 0x11, 0xb4, 0x22, 0x00, 0xa0, 0xc9, 0x68, 0xf9, 0x39, 0xba, 0x7a, 0x96, 0xbf, 0xe6,
+	0x0d, 0xd0, 0x11, 0xa2, 0x85, 0x00, 0xaa, 0x00, 0x30, 0x49, 0xe2, 0x01, 0x02, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x2a, 0x02, 0x00, 0x00, 0x05, 0x1a, 0x38, 0x00, 0x10,
+	0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x6d, 0x9e, 0xc6, 0xb7, 0xc7, 0x2c, 0xd2, 0x11, 0x85,
+	0x4e, 0x00, 0xa0, 0xc9, 0x83, 0xf6, 0x08, 0x86, 0x7a, 0x96, 0xbf, 0xe6, 0x0d, 0xd0, 0x11, 0xa2,
+	0x85, 0x00, 0xaa, 0x00, 0x30, 0x49, 0xe2, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x09,
+	0x00, 0x00, 0x00, 0x05, 0x1a, 0x38, 0x00, 0x10, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x6d,
+	0x9e, 0xc6, 0xb7, 0xc7, 0x2c, 0xd2, 0x11, 0x85, 0x4e, 0x00, 0xa0, 0xc9, 0x83, 0xf6, 0x08, 0x9c,
+	0x7a, 0x96, 0xbf, 0xe6, 0x0d, 0xd0, 0x11, 0xa2, 0x85, 0x00, 0xaa, 0x00, 0x30, 0x49, 0xe2, 0x01,
+	0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x09, 0x00, 0x00, 0x00, 0x05, 0x1a, 0x38, 0x00, 0x10,
+	0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x6d, 0x9e, 0xc6, 0xb7, 0xc7, 0x2c, 0xd2, 0x11, 0x85,
+	0x4e, 0x00, 0xa0, 0xc9, 0x83, 0xf6, 0x08, 0xba, 0x7a, 0x96, 0xbf, 0xe6, 0x0d, 0xd0, 0x11, 0xa2,
+	0x85, 0x00, 0xaa, 0x00, 0x30, 0x49, 0xe2, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x09,
+	0x00, 0x00, 0x00, 0x05, 0x1a, 0x2c, 0x00, 0x94, 0x00, 0x02, 0x00, 0x02, 0x00, 0x00, 0x00, 0x14,
+	0xcc, 0x28, 0x48, 0x37, 0x14, 0xbc, 0x45, 0x9b, 0x07, 0xad, 0x6f, 0x01, 0x5e, 0x5f, 0x28, 0x01,
+	0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x2a, 0x02, 0x00, 0x00, 0x05,
+	0x1a, 0x2c, 0x00, 0x94, 0x00, 0x02, 0x00, 0x02, 0x00, 0x00, 0x00, 0x9c, 0x7a, 0x96, 0xbf, 0xe6,
+	0x0d, 0xd0, 0x11, 0xa2, 0x85, 0x00, 0xaa, 0x00, 0x30, 0x49, 0xe2, 0x01, 0x02, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x2a, 0x02, 0x00, 0x00, 0x05, 0x1a, 0x2c, 0x00, 0x94,
+	0x00, 0x02, 0x00, 0x02, 0x00, 0x00, 0x00, 0xba, 0x7a, 0x96, 0xbf, 0xe6, 0x0d, 0xd0, 0x11, 0xa2,
+	0x85, 0x00, 0xaa, 0x00, 0x30, 0x49, 0xe2, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20,
+	0x00, 0x00, 0x00, 0x2a, 0x02, 0x00, 0x00, 0x05, 0x12, 0x28, 0x00, 0x30, 0x01, 0x00, 0x00, 0x01,
+	0x00, 0x00, 0x00, 0xde, 0x47, 0xe6, 0x91, 0x6f, 0xd9, 0x70, 0x4b, 0x95, 0x57, 0xd6, 0x3f, 0xf4,
+	0xf3, 0xcc, 0xd8, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x0a, 0x00, 0x00, 0x00, 0x00,
+	0x12, 0x24, 0x00, 0xff, 0x01, 0x0f, 0x00, 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15,
+	0x00, 0x00, 0x00, 0x9a, 0xbd, 0x91, 0x7d, 0xd5, 0xe0, 0x11, 0x3c, 0x6e, 0x5e, 0x1a, 0x4b, 0x07,
+	0x02, 0x00, 0x00, 0x00, 0x12, 0x18, 0x00, 0x04, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x2a, 0x02, 0x00, 0x00, 0x00, 0x12, 0x18, 0x00, 0xbd,
+	0x01, 0x0f, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x20,
+	0x02, 0x00, 0x00, 0x00, 0x64, 0x64, 0x61, 0x31, 0x64, 0x30, 0x31, 0x64, 0x2d, 0x34, 0x62, 0x64,
+	0x37, 0x2d, 0x34, 0x63, 0x34, 0x39, 0x2d, 0x61, 0x31, 0x38, 0x34, 0x2d, 0x34, 0x36, 0x66, 0x39,
+	0x32, 0x34, 0x31, 0x62, 0x35, 0x36, 0x30, 0x65, 0x00, 0x57, 0x93, 0x1e, 0x29, 0x25, 0x49, 0xe5,
+	0x40, 0x9d, 0x98, 0x36, 0x07, 0x11, 0x9e, 0xbd, 0xe5, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00,
+	0x00, 0x00, 0x7e, 0x38, 0xae, 0x0b, 0x03, 0x00, 0x00, 0x00, 0x9d, 0xcd, 0xcd, 0x57, 0xee, 0x58,
+	0x6e, 0x4e, 0x96, 0x99, 0xcc, 0x7d, 0xe1, 0x96, 0xf1, 0x05, 0x8b, 0x0d, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x8b, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x02, 0x00, 0x01, 0x00,
+	0x00, 0x00, 0x7e, 0x38, 0xae, 0x0b, 0x03, 0x00, 0x00, 0x00, 0x9d, 0xcd, 0xcd, 0x57, 0xee, 0x58,
+	0x6e, 0x4e, 0x96, 0x99, 0xcc, 0x7d, 0xe1, 0x96, 0xf1, 0x05, 0x8b, 0x0d, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x8b, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x02, 0x00, 0x01, 0x00,
+	0x00, 0x00, 0x7e, 0x38, 0xae, 0x0b, 0x03, 0x00, 0x00, 0x00, 0x9d, 0xcd, 0xcd, 0x57, 0xee, 0x58,
+	0x6e, 0x4e, 0x96, 0x99, 0xcc, 0x7d, 0xe1, 0x96, 0xf1, 0x05, 0x8b, 0x0d, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x8b, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xa9, 0x00, 0x02, 0x00, 0x01, 0x00,
+	0x00, 0x00, 0x7e, 0x38, 0xae, 0x0b, 0x03, 0x00, 0x00, 0x00, 0x9d, 0xcd, 0xcd, 0x57, 0xee, 0x58,
+	0x6e, 0x4e, 0x96, 0x99, 0xcc, 0x7d, 0xe1, 0x96, 0xf1, 0x05, 0x8b, 0x0d, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x8b, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x19, 0x01, 0x02, 0x00, 0x01, 0x00,
+	0x00, 0x00, 0x7e, 0x38, 0xae, 0x0b, 0x03, 0x00, 0x00, 0x00, 0x9d, 0xcd, 0xcd, 0x57, 0xee, 0x58,
+	0x6e, 0x4e, 0x96, 0x99, 0xcc, 0x7d, 0xe1, 0x96, 0xf1, 0x05, 0x8b, 0x0d, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x8b, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x09, 0x00, 0x01, 0x00,
+	0x00, 0x00, 0x7e, 0x38, 0xae, 0x0b, 0x03, 0x00, 0x00, 0x00, 0x9d, 0xcd, 0xcd, 0x57, 0xee, 0x58,
+	0x6e, 0x4e, 0x96, 0x99, 0xcc, 0x7d, 0xe1, 0x96, 0xf1, 0x05, 0x8b, 0x0d, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x8b, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0e, 0x03, 0x09, 0x00, 0x01, 0x00,
+	0x00, 0x00, 0x7e, 0x38, 0xae, 0x0b, 0x03, 0x00, 0x00, 0x00, 0x9d, 0xcd, 0xcd, 0x57, 0xee, 0x58,
+	0x6e, 0x4e, 0x96, 0x99, 0xcc, 0x7d, 0xe1, 0x96, 0xf1, 0x05, 0x8b, 0x0d, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x8b, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x01, 0x00,
+	0x00, 0x00, 0x7e, 0x38, 0xae, 0x0b, 0x03, 0x00, 0x00, 0x00, 0x9d, 0xcd, 0xcd, 0x57, 0xee, 0x58,
+	0x6e, 0x4e, 0x96, 0x99, 0xcc, 0x7d, 0xe1, 0x96, 0xf1, 0x05, 0x8b, 0x0d, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x8b, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3c, 0x47, 0x55, 0x49, 0x44,
+	0x3d, 0x35, 0x32, 0x34, 0x32, 0x39, 0x30, 0x33, 0x38, 0x2d, 0x65, 0x34, 0x33, 0x35, 0x2d, 0x34,
+	0x66, 0x65, 0x33, 0x2d, 0x39, 0x36, 0x34, 0x65, 0x2d, 0x38, 0x30, 0x64, 0x61, 0x31, 0x35, 0x34,
+	0x39, 0x39, 0x63, 0x39, 0x63, 0x3e, 0x3b, 0x43, 0x4e, 0x3d, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69,
+	0x6e, 0x65, 0x72, 0x2c, 0x43, 0x4e, 0x3d, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x2c, 0x43, 0x4e,
+	0x3d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2c, 0x44,
+	0x43, 0x3d, 0x61, 0x64, 0x64, 0x63, 0x2c, 0x44, 0x43, 0x3d, 0x73, 0x61, 0x6d, 0x62, 0x61, 0x2c,
+	0x44, 0x43, 0x3d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2c, 0x44, 0x43, 0x3d, 0x63, 0x6f,
+	0x6d, 0x00
+};
+
+static const char dda1d01d_ldif[] = ""
+"dn: CN=dda1d01d-4bd7-4c49-a184-46f9241b560e,CN=Operations,CN=DomainUpdates,CN=System,DC=addc,DC=samba,DC=example,DC=com\n"
+"objectClass: top\n"
+"objectClass: container\n"
+"cn: dda1d01d-4bd7-4c49-a184-46f9241b560e\n"
+"instanceType: 4\n"
+"whenCreated: 20150708224310.0Z\n"
+"whenChanged: 20150708224310.0Z\n"
+"uSNCreated: 3467\n"
+"uSNChanged: 3467\n"
+"showInAdvancedViewOnly: TRUE\n"
+"nTSecurityDescriptor: O:S-1-5-21-2106703258-1007804629-1260019310-512G:S-1-5-2\n"
+" 1-2106703258-1007804629-1260019310-512D:AI(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-\n"
+" 1-5-21-2106703258-1007804629-1260019310-512)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;\n"
+" SY)(A;;LCRPLORC;;;AU)(OA;CIIOID;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828c\n"
+" c14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIOID;RP;4c164200-20c0-11d0-a768-00aa\n"
+" 006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIOID;RP;5f202010-79a5-\n"
+" 11d0-9020-00c04fc2d4cf;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIOID;RP;\n"
+" 5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)\n"
+" (OA;CIIOID;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828cc14-1437-45bc-9b07-ad\n"
+" 6f015e5f28;RU)(OA;CIIOID;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de\n"
+" 6-11d0-a285-00aa003049e2;RU)(OA;CIIOID;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3c\n"
+" f;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIOID;RP;59ba2f42-79a2-11d0-90\n"
+" 20-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIOID;RP;037088f\n"
+" 8-0ae1-11d2-b422-00a0c968f939;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CII\n"
+" OID;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa00304\n"
+" 9e2;RU)(OA;CIIOID;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-\n"
+" a285-00aa003049e2;ED)(OA;CIIOID;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967\n"
+" a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIOID;RP;b7c69e6d-2cc7-11d2-854e-00a0\n"
+" c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIOID;LCRPLORC;;4828cc1\n"
+" 4-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIOID;LCRPLORC;;bf967a9c-0de6-11d0-a285\n"
+" -00aa003049e2;RU)(OA;CIIOID;LCRPLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU\n"
+" )(OA;CIID;RPWPCR;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)(A;CIID;CCDCLCSWRPW\n"
+" PDTLOCRSDRCWDWO;;;S-1-5-21-2106703258-1007804629-1260019310-519)(A;CIID;LC;;;\n"
+" RU)(A;CIID;CCLCSWRPWPLOCRSDRCWDWO;;;BA)S:AI(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1\n"
+" -b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f3\n"
+" 0e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)\n"
+"name: dda1d01d-4bd7-4c49-a184-46f9241b560e\n"
+"objectGUID: 291e9357-4925-40e5-9d98-3607119ebde5\n"
+"replPropertyMetaData:: AQAAAAAAAAAIAAAAAAAAAAAAAAABAAAAfjiuCwMAAACdzc1X7lhuTpa\n"
+" ZzH3hlvEFiw0AAAAAAACLDQAAAAAAAAEAAgABAAAAfjiuCwMAAACdzc1X7lhuTpaZzH3hlvEFiw0A\n"
+" AAAAAACLDQAAAAAAAAIAAgABAAAAfjiuCwMAAACdzc1X7lhuTpaZzH3hlvEFiw0AAAAAAACLDQAAA\n"
+" AAAAKkAAgABAAAAfjiuCwMAAACdzc1X7lhuTpaZzH3hlvEFiw0AAAAAAACLDQAAAAAAABkBAgABAA\n"
+" AAfjiuCwMAAACdzc1X7lhuTpaZzH3hlvEFiw0AAAAAAACLDQAAAAAAAAEACQABAAAAfjiuCwMAAAC\n"
+" dzc1X7lhuTpaZzH3hlvEFiw0AAAAAAACLDQAAAAAAAA4DCQABAAAAfjiuCwMAAACdzc1X7lhuTpaZ\n"
+" zH3hlvEFiw0AAAAAAACLDQAAAAAAAAMAAAABAAAAfjiuCwMAAACdzc1X7lhuTpaZzH3hlvEFiw0AA\n"
+" AAAAACLDQAAAAAAAA==\n"
+"objectCategory: <GUID=52429038-e435-4fe3-964e-80da15499c9c>;CN=Container,CN=Sc\n"
+" hema,CN=Configuration,DC=addc,DC=samba,DC=example,DC=com\n\n";
+
+static const char *dda1d01d_ldif_reduced = ""
+"dn: CN=dda1d01d-4bd7-4c49-a184-46f9241b560e,CN=Operations,CN=DomainUpdates,CN=System,DC=addc,DC=samba,DC=example,DC=com\n"
+"objectClass: top\n"
+"objectClass: container\n"
+"instanceType: 4\n"
+"whenChanged: 20150708224310.0Z\n"
+"uSNCreated: 3467\n"
+"showInAdvancedViewOnly: TRUE\n"
+"name: dda1d01d-4bd7-4c49-a184-46f9241b560e\n\n";
+
+static bool torture_ldb_attrs(struct torture_context *torture)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(torture);
+	struct ldb_context *ldb;
+	const struct ldb_schema_attribute *attr;
+	struct ldb_val string_sid_blob, binary_sid_blob;
+	struct ldb_val string_guid_blob, string_guid_blob2, binary_guid_blob;
+	struct ldb_val string_prefix_map_newline_blob, string_prefix_map_semi_blob, string_prefix_map_blob;
+	struct ldb_val prefix_map_blob;
+
+	DATA_BLOB sid_blob = strhex_to_data_blob(mem_ctx, hex_sid);
+	DATA_BLOB guid_blob = strhex_to_data_blob(mem_ctx, hex_guid);
+
+	torture_assert(torture, 
+		       ldb = ldb_init(mem_ctx, torture->ev),
+		       "Failed to init ldb");
+
+	torture_assert_int_equal(torture, 
+				 ldb_register_samba_handlers(ldb), LDB_SUCCESS,
+				 "Failed to register Samba handlers");
+
+	ldb_set_utf8_fns(ldb, NULL, wrap_casefold);
+
+	/* Test SID behaviour */
+	torture_assert(torture, attr = ldb_schema_attribute_by_name(ldb, "objectSid"), 
+		       "Failed to get objectSid schema attribute");
+	
+	string_sid_blob = data_blob_string_const(sid);
+
+	torture_assert_int_equal(torture, 
+				 attr->syntax->ldif_read_fn(ldb, mem_ctx, 
+							    &string_sid_blob, &binary_sid_blob), 0,
+				 "Failed to parse string SID");
+	
+	torture_assert_data_blob_equal(torture, binary_sid_blob, sid_blob, 
+				       "Read SID into blob form failed");
+	
+	torture_assert_int_equal(torture, 
+				 attr->syntax->ldif_read_fn(ldb, mem_ctx, 
+							    &sid_blob, &binary_sid_blob), -1,
+				 "Should have failed to parse binary SID");
+	
+	torture_assert_int_equal(torture, 
+				 attr->syntax->ldif_write_fn(ldb, mem_ctx, &binary_sid_blob, &string_sid_blob), 0,
+				 "Failed to parse binary SID");
+	
+	torture_assert_data_blob_equal(torture, 
+				       string_sid_blob, data_blob_string_const(sid),
+				       "Write SID into string form failed");
+	
+	torture_assert_int_equal(torture, 
+				 attr->syntax->comparison_fn(ldb, mem_ctx, &binary_sid_blob, &string_sid_blob), 0,
+				 "Failed to compare binary and string SID");
+	
+	torture_assert_int_equal(torture, 
+				 attr->syntax->comparison_fn(ldb, mem_ctx, &string_sid_blob, &binary_sid_blob), 0,
+				 "Failed to compare string and binary binary SID");
+	
+	torture_assert_int_equal(torture, 
+				 attr->syntax->comparison_fn(ldb, mem_ctx, &string_sid_blob, &string_sid_blob), 0,
+				 "Failed to compare string and string SID");
+	
+	torture_assert_int_equal(torture, 
+				 attr->syntax->comparison_fn(ldb, mem_ctx, &binary_sid_blob, &binary_sid_blob), 0,
+				 "Failed to compare binary and binary SID");
+	
+	torture_assert(torture, attr->syntax->comparison_fn(ldb, mem_ctx, &guid_blob, &binary_sid_blob) != 0,
+		       "Failed to distinguish binary GUID and binary SID");
+
+
+	/* Test GUID behaviour */
+	torture_assert(torture, attr = ldb_schema_attribute_by_name(ldb, "objectGUID"), 
+		       "Failed to get objectGUID schema attribute");
+	
+	string_guid_blob = data_blob_string_const(guid);
+
+	torture_assert_int_equal(torture, 
+				 attr->syntax->ldif_read_fn(ldb, mem_ctx, 
+							    &string_guid_blob, &binary_guid_blob), 0,
+				 "Failed to parse string GUID");
+	
+	torture_assert_data_blob_equal(torture, binary_guid_blob, guid_blob, 
+				       "Read GUID into blob form failed");
+	
+	string_guid_blob2 = data_blob_string_const(guid2);
+	
+	torture_assert_int_equal(torture, 
+				 attr->syntax->ldif_read_fn(ldb, mem_ctx, 
+							    &string_guid_blob2, &binary_guid_blob), 0,
+				 "Failed to parse string GUID");
+	
+	torture_assert_data_blob_equal(torture, binary_guid_blob, guid_blob, 
+				       "Read GUID into blob form failed");
+	
+	torture_assert_int_equal(torture, 
+				 attr->syntax->ldif_read_fn(ldb, mem_ctx, 
+							    &guid_blob, &binary_guid_blob), 0,
+				 "Failed to parse binary GUID");
+	
+	torture_assert_data_blob_equal(torture, binary_guid_blob, guid_blob, 
+				       "Read GUID into blob form failed");
+	
+	torture_assert_int_equal(torture, 
+				 attr->syntax->ldif_write_fn(ldb, mem_ctx, &binary_guid_blob, &string_guid_blob), 0,
+				 "Failed to print binary GUID as string");
+
+	torture_assert_data_blob_equal(torture, string_sid_blob, data_blob_string_const(sid),
+				       "Write SID into string form failed");
+	
+	torture_assert_int_equal(torture, 
+				 attr->syntax->comparison_fn(ldb, mem_ctx, &binary_guid_blob, &string_guid_blob), 0,
+				 "Failed to compare binary and string GUID");
+	
+	torture_assert_int_equal(torture, 
+				 attr->syntax->comparison_fn(ldb, mem_ctx, &string_guid_blob, &binary_guid_blob), 0,
+				 "Failed to compare string and binary binary GUID");
+	
+	torture_assert_int_equal(torture, 
+				 attr->syntax->comparison_fn(ldb, mem_ctx, &string_guid_blob, &string_guid_blob), 0,
+				 "Failed to compare string and string GUID");
+	
+	torture_assert_int_equal(torture, 
+				 attr->syntax->comparison_fn(ldb, mem_ctx, &binary_guid_blob, &binary_guid_blob), 0,
+				 "Failed to compare binary and binary GUID");
+	
+	string_prefix_map_newline_blob = data_blob_string_const(prefix_map_newline);
+	
+	string_prefix_map_semi_blob = data_blob_string_const(prefix_map_semi);
+	
+	/* Test prefixMap behaviour */
+	torture_assert(torture, attr = ldb_schema_attribute_by_name(ldb, "prefixMap"), 
+		       "Failed to get prefixMap schema attribute");
+	
+	torture_assert_int_equal(torture, 
+				 attr->syntax->comparison_fn(ldb, mem_ctx, &string_prefix_map_newline_blob, &string_prefix_map_semi_blob), 0,
+				 "Failed to compare prefixMap with newlines and prefixMap with semicolons");
+	
+	torture_assert_int_equal(torture, 
+				 attr->syntax->ldif_read_fn(ldb, mem_ctx, &string_prefix_map_newline_blob, &prefix_map_blob), 0,
+				 "Failed to read prefixMap with newlines");
+	torture_assert_int_equal(torture, 
+				 attr->syntax->comparison_fn(ldb, mem_ctx, &string_prefix_map_newline_blob, &prefix_map_blob), 0,
+				 "Failed to compare prefixMap with newlines and prefixMap binary");
+	
+	torture_assert_int_equal(torture, 
+				 attr->syntax->ldif_write_fn(ldb, mem_ctx, &prefix_map_blob, &string_prefix_map_blob), 0,
+				 "Failed to write prefixMap");
+	torture_assert_int_equal(torture, 
+				 attr->syntax->comparison_fn(ldb, mem_ctx, &string_prefix_map_blob, &prefix_map_blob), 0,
+				 "Failed to compare prefixMap ldif write and prefixMap binary");
+	
+	torture_assert_data_blob_equal(torture, string_prefix_map_blob, string_prefix_map_semi_blob,
+		"Failed to compare prefixMap ldif write and prefixMap binary");
+	
+
+
+	talloc_free(mem_ctx);
+	return true;
+}
+
+static bool torture_ldb_dn_attrs(struct torture_context *torture)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(torture);
+	struct ldb_context *ldb;
+	const struct ldb_dn_extended_syntax *attr;
+	struct ldb_val string_sid_blob, binary_sid_blob;
+	struct ldb_val string_guid_blob, binary_guid_blob;
+	struct ldb_val hex_sid_blob, hex_guid_blob;
+
+	DATA_BLOB sid_blob = strhex_to_data_blob(mem_ctx, hex_sid);
+	DATA_BLOB guid_blob = strhex_to_data_blob(mem_ctx, hex_guid);
+
+	torture_assert(torture, 
+		       ldb = ldb_init(mem_ctx, torture->ev),
+		       "Failed to init ldb");
+
+	torture_assert_int_equal(torture, 
+				 ldb_register_samba_handlers(ldb), LDB_SUCCESS,
+				 "Failed to register Samba handlers");
+
+	ldb_set_utf8_fns(ldb, NULL, wrap_casefold);
+
+	/* Test SID behaviour */
+	torture_assert(torture, attr = ldb_dn_extended_syntax_by_name(ldb, "SID"), 
+		       "Failed to get SID DN syntax");
+	
+	string_sid_blob = data_blob_string_const(sid);
+
+	torture_assert_int_equal(torture, 
+				 attr->read_fn(ldb, mem_ctx, 
+					       &string_sid_blob, &binary_sid_blob), 0,
+				 "Failed to parse string SID");
+	
+	torture_assert_data_blob_equal(torture, binary_sid_blob, sid_blob, 
+				       "Read SID into blob form failed");
+
+	hex_sid_blob = data_blob_string_const(hex_sid);
+	
+	torture_assert_int_equal(torture, 
+				 attr->read_fn(ldb, mem_ctx, 
+					       &hex_sid_blob, &binary_sid_blob), 0,
+				 "Failed to parse HEX SID");
+	
+	torture_assert_data_blob_equal(torture, binary_sid_blob, sid_blob, 
+				       "Read SID into blob form failed");
+	
+	torture_assert_int_equal(torture, 
+				 attr->read_fn(ldb, mem_ctx, 
+					       &sid_blob, &binary_sid_blob), -1,
+				 "Should have failed to parse binary SID");
+	
+	torture_assert_int_equal(torture, 
+				 attr->write_hex_fn(ldb, mem_ctx, &sid_blob, &hex_sid_blob), 0,
+				 "Failed to parse binary SID");
+	
+	torture_assert_data_blob_equal(torture, 
+				       hex_sid_blob, data_blob_string_const(hex_sid),
+				       "Write SID into HEX string form failed");
+	
+	torture_assert_int_equal(torture, 
+				 attr->write_clear_fn(ldb, mem_ctx, &sid_blob, &string_sid_blob), 0,
+				 "Failed to parse binary SID");
+	
+	torture_assert_data_blob_equal(torture, 
+				       string_sid_blob, data_blob_string_const(sid),
+				       "Write SID into clear string form failed");
+	
+
+	/* Test GUID behaviour */
+	torture_assert(torture, attr = ldb_dn_extended_syntax_by_name(ldb, "GUID"), 
+		       "Failed to get GUID DN syntax");
+	
+	string_guid_blob = data_blob_string_const(guid);
+
+	torture_assert_int_equal(torture, 
+				 attr->read_fn(ldb, mem_ctx, 
+					       &string_guid_blob, &binary_guid_blob), 0,
+				 "Failed to parse string GUID");
+	
+	torture_assert_data_blob_equal(torture, binary_guid_blob, guid_blob, 
+				       "Read GUID into blob form failed");
+	
+	hex_guid_blob = data_blob_string_const(hex_guid);
+	
+	torture_assert_int_equal(torture, 
+				 attr->read_fn(ldb, mem_ctx, 
+					       &hex_guid_blob, &binary_guid_blob), 0,
+				 "Failed to parse HEX GUID");
+	
+	torture_assert_data_blob_equal(torture, binary_guid_blob, guid_blob, 
+				       "Read GUID into blob form failed");
+	
+	torture_assert_int_equal(torture, 
+				 attr->read_fn(ldb, mem_ctx, 
+					       &guid_blob, &binary_guid_blob), -1,
+				 "Should have failed to parse binary GUID");
+	
+	torture_assert_int_equal(torture, 
+				 attr->write_hex_fn(ldb, mem_ctx, &guid_blob, &hex_guid_blob), 0,
+				 "Failed to parse binary GUID");
+	
+	torture_assert_data_blob_equal(torture, 
+				       hex_guid_blob, data_blob_string_const(hex_guid),
+				       "Write GUID into HEX string form failed");
+	
+	torture_assert_int_equal(torture, 
+				 attr->write_clear_fn(ldb, mem_ctx, &guid_blob, &string_guid_blob), 0,
+				 "Failed to parse binary GUID");
+	
+	torture_assert_data_blob_equal(torture, 
+				       string_guid_blob, data_blob_string_const(guid),
+				       "Write GUID into clear string form failed");
+	
+
+
+	talloc_free(mem_ctx);
+	return true;
+}
+
+static bool torture_ldb_dn_extended(struct torture_context *torture)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(torture);
+	struct ldb_context *ldb;
+	struct ldb_dn *dn, *dn2;
+
+	DATA_BLOB sid_blob = strhex_to_data_blob(mem_ctx, hex_sid);
+	DATA_BLOB guid_blob = strhex_to_data_blob(mem_ctx, hex_guid);
+
+	const char *dn_str = "cn=admin,cn=users,dc=samba,dc=org";
+
+	torture_assert(torture, 
+		       ldb = ldb_init(mem_ctx, torture->ev),
+		       "Failed to init ldb");
+
+	torture_assert_int_equal(torture, 
+				 ldb_register_samba_handlers(ldb), LDB_SUCCESS,
+				 "Failed to register Samba handlers");
+
+	ldb_set_utf8_fns(ldb, NULL, wrap_casefold);
+
+	/* Check behaviour of a normal DN */
+	torture_assert(torture, 
+		       dn = ldb_dn_new(mem_ctx, ldb, dn_str), 
+		       "Failed to create a 'normal' DN");
+
+	torture_assert(torture, 
+		       ldb_dn_validate(dn),
+		       "Failed to validate 'normal' DN");
+
+	torture_assert(torture, ldb_dn_has_extended(dn) == false, 
+		       "Should not find plain DN to be 'extended'");
+
+	torture_assert(torture, ldb_dn_get_extended_component(dn, "SID") == NULL, 
+		       "Should not find an SID on plain DN");
+
+	torture_assert(torture, ldb_dn_get_extended_component(dn, "GUID") == NULL, 
+		       "Should not find an GUID on plain DN");
+	
+	torture_assert(torture, ldb_dn_get_extended_component(dn, "WKGUID") == NULL, 
+		       "Should not find an WKGUID on plain DN");
+	
+	/* Now make an extended DN */
+	torture_assert(torture, 
+		       dn = ldb_dn_new_fmt(mem_ctx, ldb, "<GUID=%s>;<SID=%s>;%s",
+					   guid, sid, dn_str), 
+		       "Failed to create an 'extended' DN");
+
+	torture_assert(torture, 
+		       dn2 = ldb_dn_copy(mem_ctx, dn), 
+		       "Failed to copy the 'extended' DN");
+	talloc_free(dn);
+	dn = dn2;
+
+	torture_assert(torture, 
+		       ldb_dn_validate(dn),
+		       "Failed to validate 'extended' DN");
+
+	torture_assert(torture, ldb_dn_has_extended(dn) == true, 
+		       "Should find extended DN to be 'extended'");
+
+	torture_assert(torture, ldb_dn_get_extended_component(dn, "SID") != NULL, 
+		       "Should find an SID on extended DN");
+
+	torture_assert(torture, ldb_dn_get_extended_component(dn, "GUID") != NULL, 
+		       "Should find an GUID on extended DN");
+	
+	torture_assert_data_blob_equal(torture, *ldb_dn_get_extended_component(dn, "SID"), sid_blob, 
+				       "Extended DN SID incorrect");
+
+	torture_assert_data_blob_equal(torture, *ldb_dn_get_extended_component(dn, "GUID"), guid_blob, 
+				       "Extended DN GUID incorrect");
+
+	torture_assert_str_equal(torture, ldb_dn_get_linearized(dn), dn_str, 
+				 "linearized DN incorrect");
+
+	torture_assert_str_equal(torture, ldb_dn_get_casefold(dn), strupper_talloc(mem_ctx, dn_str), 
+				 "casefolded DN incorrect");
+
+	torture_assert_str_equal(torture, ldb_dn_get_component_name(dn, 0), "cn", 
+				 "component zero incorrect");
+
+	torture_assert_data_blob_equal(torture, *ldb_dn_get_component_val(dn, 0), data_blob_string_const("admin"), 
+				 "component zero incorrect");
+
+	torture_assert_str_equal(torture, ldb_dn_get_extended_linearized(mem_ctx, dn, 1),
+				 talloc_asprintf(mem_ctx, "<GUID=%s>;<SID=%s>;%s", 
+						 guid, sid, dn_str),
+				 "Clear extended linearized DN incorrect");
+
+	torture_assert_str_equal(torture, ldb_dn_get_extended_linearized(mem_ctx, dn, 0),
+				 talloc_asprintf(mem_ctx, "<GUID=%s>;<SID=%s>;%s", 
+						 hex_guid, hex_sid, dn_str),
+				 "HEX extended linearized DN incorrect");
+
+	torture_assert(torture, ldb_dn_remove_child_components(dn, 1) == true,
+				 "Failed to remove DN child");
+		       
+	torture_assert(torture, ldb_dn_has_extended(dn) == false, 
+		       "Extended DN flag should be cleared after child element removal");
+	
+	torture_assert(torture, ldb_dn_get_extended_component(dn, "SID") == NULL, 
+		       "Should not find an SID on DN");
+
+	torture_assert(torture, ldb_dn_get_extended_component(dn, "GUID") == NULL, 
+		       "Should not find an GUID on DN");
+
+
+	/* TODO:  test setting these in the other order, and ensure it still comes out 'GUID first' */
+	torture_assert_int_equal(torture, ldb_dn_set_extended_component(dn, "GUID", &guid_blob), 0, 
+		       "Failed to set a GUID on DN");
+	
+	torture_assert_int_equal(torture, ldb_dn_set_extended_component(dn, "SID", &sid_blob), 0, 
+		       "Failed to set a SID on DN");
+
+	torture_assert_data_blob_equal(torture, *ldb_dn_get_extended_component(dn, "SID"), sid_blob, 
+				       "Extended DN SID incorrect");
+
+	torture_assert_data_blob_equal(torture, *ldb_dn_get_extended_component(dn, "GUID"), guid_blob, 
+				       "Extended DN GUID incorrect");
+
+	torture_assert_str_equal(torture, ldb_dn_get_linearized(dn), "cn=users,dc=samba,dc=org", 
+				 "linearized DN incorrect");
+
+	torture_assert_str_equal(torture, ldb_dn_get_extended_linearized(mem_ctx, dn, 1),
+				 talloc_asprintf(mem_ctx, "<GUID=%s>;<SID=%s>;%s", 
+						 guid, sid, "cn=users,dc=samba,dc=org"),
+				 "Clear extended linearized DN incorrect");
+
+	torture_assert_str_equal(torture, ldb_dn_get_extended_linearized(mem_ctx, dn, 0),
+				 talloc_asprintf(mem_ctx, "<GUID=%s>;<SID=%s>;%s", 
+						 hex_guid, hex_sid, "cn=users,dc=samba,dc=org"),
+				 "HEX extended linearized DN incorrect");
+
+	/* Now check a 'just GUID' DN (clear format) */
+	torture_assert(torture, 
+		       dn = ldb_dn_new_fmt(mem_ctx, ldb, "<GUID=%s>",
+					   guid), 
+		       "Failed to create an 'extended' DN");
+
+	torture_assert(torture, 
+		       ldb_dn_validate(dn),
+		       "Failed to validate 'extended' DN");
+
+	torture_assert(torture, ldb_dn_has_extended(dn) == true, 
+		       "Should find extended DN to be 'extended'");
+
+	torture_assert(torture, ldb_dn_get_extended_component(dn, "SID") == NULL, 
+		       "Should not find an SID on this DN");
+
+	torture_assert_int_equal(torture, ldb_dn_get_comp_num(dn), 0, 
+		       "Should not find an 'normal' component on this DN");
+
+	torture_assert(torture, ldb_dn_get_extended_component(dn, "GUID") != NULL, 
+		       "Should find an GUID on this DN");
+	
+	torture_assert_data_blob_equal(torture, *ldb_dn_get_extended_component(dn, "GUID"), guid_blob, 
+				       "Extended DN GUID incorrect");
+
+	torture_assert_str_equal(torture, ldb_dn_get_linearized(dn), "", 
+				 "linearized DN incorrect");
+
+	torture_assert_str_equal(torture, ldb_dn_get_extended_linearized(mem_ctx, dn, 1),
+				 talloc_asprintf(mem_ctx, "<GUID=%s>", 
+						 guid),
+				 "Clear extended linearized DN incorrect");
+
+	torture_assert_str_equal(torture, ldb_dn_get_extended_linearized(mem_ctx, dn, 0),
+				 talloc_asprintf(mem_ctx, "<GUID=%s>", 
+						 hex_guid),
+				 "HEX extended linearized DN incorrect");
+
+	/* Now check a 'just GUID' DN (HEX format) */
+	torture_assert(torture, 
+		       dn = ldb_dn_new_fmt(mem_ctx, ldb, "<GUID=%s>",
+					   hex_guid), 
+		       "Failed to create an 'extended' DN");
+
+	torture_assert(torture, 
+		       ldb_dn_validate(dn),
+		       "Failed to validate 'extended' DN");
+
+	torture_assert(torture, ldb_dn_has_extended(dn) == true, 
+		       "Should find extended DN to be 'extended'");
+
+	torture_assert(torture, ldb_dn_get_extended_component(dn, "SID") == NULL, 
+		       "Should not find an SID on this DN");
+
+	torture_assert(torture, ldb_dn_get_extended_component(dn, "GUID") != NULL, 
+		       "Should find an GUID on this DN");
+	
+	torture_assert_data_blob_equal(torture, *ldb_dn_get_extended_component(dn, "GUID"), guid_blob, 
+				       "Extended DN GUID incorrect");
+
+	torture_assert_str_equal(torture, ldb_dn_get_linearized(dn), "", 
+				 "linearized DN incorrect");
+
+	/* Now check a 'just SID' DN (clear format) */
+	torture_assert(torture, 
+		       dn = ldb_dn_new_fmt(mem_ctx, ldb, "<SID=%s>",
+					   sid), 
+		       "Failed to create an 'extended' DN");
+
+	torture_assert(torture, 
+		       ldb_dn_validate(dn),
+		       "Failed to validate 'extended' DN");
+
+	torture_assert(torture, ldb_dn_has_extended(dn) == true, 
+		       "Should find extended DN to be 'extended'");
+
+	torture_assert(torture, ldb_dn_get_extended_component(dn, "GUID") == NULL, 
+		       "Should not find an SID on this DN");
+
+	torture_assert(torture, ldb_dn_get_extended_component(dn, "SID") != NULL, 
+		       "Should find an SID on this DN");
+	
+	torture_assert_data_blob_equal(torture, *ldb_dn_get_extended_component(dn, "SID"), sid_blob, 
+				       "Extended DN SID incorrect");
+
+	torture_assert_str_equal(torture, ldb_dn_get_linearized(dn), "", 
+				 "linearized DN incorrect");
+
+	torture_assert_str_equal(torture, ldb_dn_get_extended_linearized(mem_ctx, dn, 1),
+				 talloc_asprintf(mem_ctx, "<SID=%s>", 
+						 sid),
+				 "Clear extended linearized DN incorrect");
+
+	torture_assert_str_equal(torture, ldb_dn_get_extended_linearized(mem_ctx, dn, 0),
+				 talloc_asprintf(mem_ctx, "<SID=%s>", 
+						 hex_sid),
+				 "HEX extended linearized DN incorrect");
+
+	/* Now check a 'just SID' DN (HEX format) */
+	torture_assert(torture, 
+		       dn = ldb_dn_new_fmt(mem_ctx, ldb, "<SID=%s>",
+					   hex_sid), 
+		       "Failed to create an 'extended' DN");
+
+	torture_assert(torture, 
+		       ldb_dn_validate(dn),
+		       "Failed to validate 'extended' DN");
+
+	torture_assert(torture, ldb_dn_has_extended(dn) == true, 
+		       "Should find extended DN to be 'extended'");
+
+	torture_assert(torture, ldb_dn_get_extended_component(dn, "GUID") == NULL, 
+		       "Should not find an SID on this DN");
+
+	torture_assert(torture, ldb_dn_get_extended_component(dn, "SID") != NULL, 
+		       "Should find an SID on this DN");
+	
+	torture_assert_data_blob_equal(torture, *ldb_dn_get_extended_component(dn, "SID"), sid_blob, 
+				       "Extended DN SID incorrect");
+
+	torture_assert_str_equal(torture, ldb_dn_get_linearized(dn), "", 
+				 "linearized DN incorrect");
+
+	talloc_free(mem_ctx);
+	return true;
+}
+
+
+static bool torture_ldb_dn(struct torture_context *torture)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(torture);
+	struct ldb_context *ldb;
+	struct ldb_dn *dn;
+	struct ldb_dn *child_dn;
+	struct ldb_dn *typo_dn;
+	struct ldb_dn *special_dn;
+	struct ldb_val val;
+
+	torture_assert(torture, 
+		       ldb = ldb_init(mem_ctx, torture->ev),
+		       "Failed to init ldb");
+
+	torture_assert_int_equal(torture, 
+				 ldb_register_samba_handlers(ldb), LDB_SUCCESS,
+				 "Failed to register Samba handlers");
+
+	ldb_set_utf8_fns(ldb, NULL, wrap_casefold);
+
+	/* Check behaviour of a normal DN */
+	torture_assert(torture, 
+		       dn = ldb_dn_new(mem_ctx, ldb, NULL), 
+		       "Failed to create a NULL DN");
+
+	torture_assert(torture, 
+		       ldb_dn_validate(dn),
+		       "Failed to validate NULL DN");
+
+	torture_assert(torture, 
+		       ldb_dn_add_base_fmt(dn, "dc=org"), 
+		       "Failed to add base DN");
+
+	torture_assert(torture, 
+		       ldb_dn_add_child_fmt(dn, "dc=samba"), 
+		       "Failed to add base DN");
+
+	torture_assert_str_equal(torture, ldb_dn_get_linearized(dn), "dc=samba,dc=org", 
+				 "linearized DN incorrect");
+
+	torture_assert_str_equal(torture, ldb_dn_get_extended_linearized(mem_ctx, dn, 0), "dc=samba,dc=org", 
+				 "extended linearized DN incorrect");
+
+	/* Check child DN comparisons */
+	torture_assert(torture, 
+		       child_dn = ldb_dn_new(mem_ctx, ldb, "CN=users,DC=SAMBA,DC=org"), 
+		       "Failed to create child DN");
+
+	torture_assert(torture, 
+		       ldb_dn_compare(dn, child_dn) != 0,
+		       "Comparison on dc=samba,dc=org and CN=users,DC=SAMBA,DC=org should != 0");
+
+	torture_assert(torture, 
+		       ldb_dn_compare_base(child_dn, dn) != 0,
+		       "Base Comparison of CN=users,DC=SAMBA,DC=org and dc=samba,dc=org should != 0");
+
+	torture_assert(torture, 
+		       ldb_dn_compare_base(dn, child_dn) == 0,
+		       "Base Comparison on dc=samba,dc=org and CN=users,DC=SAMBA,DC=org should == 0");
+
+	/* Check comparisons with a truncated DN */
+	torture_assert(torture, 
+		       typo_dn = ldb_dn_new(mem_ctx, ldb, "c=samba,dc=org"), 
+		       "Failed to create 'typo' DN");
+
+	torture_assert(torture, 
+		       ldb_dn_compare(dn, typo_dn) != 0,
+		       "Comparison on dc=samba,dc=org and c=samba,dc=org should != 0");
+
+	torture_assert(torture, 
+		       ldb_dn_compare_base(typo_dn, dn) != 0,
+		       "Base Comparison of c=samba,dc=org and dc=samba,dc=org should != 0");
+
+	torture_assert(torture, 
+		       ldb_dn_compare_base(dn, typo_dn) != 0,
+		       "Base Comparison on dc=samba,dc=org and c=samba,dc=org should != 0");
+
+	/* Check comparisons with a special DN */
+	torture_assert(torture,
+		       special_dn = ldb_dn_new(mem_ctx, ldb, "@special_dn"),
+		       "Failed to create 'special' DN");
+
+	torture_assert(torture,
+		       ldb_dn_compare(dn, special_dn) != 0,
+		       "Comparison on dc=samba,dc=org and @special_dn should != 0");
+
+	torture_assert(torture,
+		       ldb_dn_compare_base(special_dn, dn) > 0,
+		       "Base Comparison of @special_dn and dc=samba,dc=org should > 0");
+
+	torture_assert(torture,
+		       ldb_dn_compare_base(dn, special_dn) < 0,
+		       "Base Comparison on dc=samba,dc=org and @special_dn should < 0");
+
+	/* Check DN based on MS-ADTS:3.1.1.5.1.2 Naming Constraints*/
+	torture_assert(torture,
+		       dn = ldb_dn_new(mem_ctx, ldb, "CN=New\nLine,DC=SAMBA,DC=org"),
+		       "Failed to create a DN with 0xA in it");
+
+	/* this is a warning until we work out how the DEL: CNs work */
+	if (ldb_dn_validate(dn) != false) {
+		torture_warning(torture,
+				"should have failed to validate a DN with 0xA in it");
+	}
+
+	/* Escaped comma */
+	torture_assert(torture,
+		       dn = ldb_dn_new(mem_ctx, ldb, "CN=A\\,comma,DC=SAMBA,DC=org"),
+		       "Failed to create a DN with an escaped comma in it");
+
+
+	val = data_blob_const("CN=Zer\0,DC=SAMBA,DC=org", 23);
+	torture_assert(torture,
+		       NULL == ldb_dn_from_ldb_val(mem_ctx, ldb, &val),
+		       "should fail to create a DN with 0x0 in it");
+
+	talloc_free(mem_ctx);
+	return true;
+}
+
+static bool torture_ldb_dn_invalid_extended(struct torture_context *torture)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(torture);
+	struct ldb_context *ldb;
+	struct ldb_dn *dn;
+
+	const char *dn_str = "cn=admin,cn=users,dc=samba,dc=org";
+
+	torture_assert(torture, 
+		       ldb = ldb_init(mem_ctx, torture->ev),
+		       "Failed to init ldb");
+
+	torture_assert_int_equal(torture, 
+				 ldb_register_samba_handlers(ldb), LDB_SUCCESS,
+				 "Failed to register Samba handlers");
+
+	ldb_set_utf8_fns(ldb, NULL, wrap_casefold);
+
+	/* Check behaviour of a normal DN */
+	torture_assert(torture, 
+		       dn = ldb_dn_new(mem_ctx, ldb, "samba,dc=org"), 
+		       "Failed to create a 'normal' invalid DN");
+
+	torture_assert(torture, 
+		       ldb_dn_validate(dn) == false,
+		       "should have failed to validate 'normal' invalid DN");
+
+	/* Now make an extended DN */
+	torture_assert(torture, 
+		       dn = ldb_dn_new_fmt(mem_ctx, ldb, "<PID=%s>;%s",
+					   sid, dn_str), 
+		       "Failed to create an invalid 'extended' DN");
+
+	torture_assert(torture, 
+		       ldb_dn_validate(dn) == false,
+		       "should have failed to validate 'extended' DN");
+
+	torture_assert(torture, 
+		       dn = ldb_dn_new_fmt(mem_ctx, ldb, "<GUID=%s>%s",
+					   sid, dn_str), 
+		       "Failed to create an invalid 'extended' DN");
+
+	torture_assert(torture, 
+		       ldb_dn_validate(dn) == false,
+		       "should have failed to validate 'extended' DN");
+
+	torture_assert(torture, 
+		       dn = ldb_dn_new_fmt(mem_ctx, ldb, "<GUID=%s>;",
+					   sid), 
+		       "Failed to create an invalid 'extended' DN");
+
+	torture_assert(torture, 
+		       ldb_dn_validate(dn) == false,
+		       "should have failed to validate 'extended' DN");
+
+	torture_assert(torture, 
+		       dn = ldb_dn_new_fmt(mem_ctx, ldb, "<GUID=%s>;",
+					   hex_sid), 
+		       "Failed to create an invalid 'extended' DN");
+
+	torture_assert(torture, 
+		       ldb_dn_validate(dn) == false,
+		       "should have failed to validate 'extended' DN");
+
+	torture_assert(torture, 
+		       dn = ldb_dn_new_fmt(mem_ctx, ldb, "<SID=%s>;",
+					   hex_guid), 
+		       "Failed to create an invalid 'extended' DN");
+
+	torture_assert(torture, 
+		       ldb_dn_validate(dn) == false,
+		       "should have failed to validate 'extended' DN");
+
+	torture_assert(torture, 
+		       dn = ldb_dn_new_fmt(mem_ctx, ldb, "<SID=%s>;",
+					   guid), 
+		       "Failed to create an invalid 'extended' DN");
+
+	torture_assert(torture, 
+		       ldb_dn_validate(dn) == false,
+		       "should have failed to validate 'extended' DN");
+
+	torture_assert(torture, 
+		       dn = ldb_dn_new_fmt(mem_ctx, ldb, "<GUID=>"), 
+		       "Failed to create an invalid 'extended' DN");
+
+	torture_assert(torture, 
+		       ldb_dn_validate(dn) == false,
+		       "should have failed to validate 'extended' DN");
+
+	return true;
+}
+
+static bool helper_ldb_message_compare(struct torture_context *torture,
+				       struct ldb_message *a,
+				       struct ldb_message *b)
+{
+	int i;
+
+	if (a->num_elements != b->num_elements) {
+		return false;
+	}
+
+	for (i = 0; i < a->num_elements; i++) {
+		int j;
+		struct ldb_message_element x = a->elements[i];
+		struct ldb_message_element y = b->elements[i];
+
+		torture_comment(torture, "#%s\n", x.name);
+		torture_assert_int_equal(torture, x.flags, y.flags,
+					 "Flags do not match");
+		torture_assert_str_equal(torture, x.name, y.name,
+					 "Names do not match in field");
+		torture_assert_int_equal(torture, x.num_values, y.num_values,
+					 "Number of values do not match");
+
+		/*
+		 * Records cannot round trip via the SDDL string with a
+		 * nTSecurityDescriptor field.
+		 *
+		 * Parsing from SDDL and diffing the NDR dump output gives the
+		 * following:
+		 *
+		 *          in: struct decode_security_descriptor
+		 *             sd: struct security_descriptor
+		 *                 revision                 : SECURITY_DESCRIPTOR_REVISION_1 (1)
+		 *-                type                     : 0x8c14 (35860)
+		 *-                       0: SEC_DESC_OWNER_DEFAULTED
+		 *-                       0: SEC_DESC_GROUP_DEFAULTED
+		 *+                type                     : 0x8c17 (35863)
+		 *+                       1: SEC_DESC_OWNER_DEFAULTED
+		 *+                       1: SEC_DESC_GROUP_DEFAULTED
+		 *                        1: SEC_DESC_DACL_PRESENT
+		 *                        0: SEC_DESC_DACL_DEFAULTED
+		 *                        1: SEC_DESC_SACL_PRESENT
+		 */
+		if (strcmp(x.name, "nTSecurityDescriptor") == 0) {
+			continue;
+		}
+		for (j = 0; j < x.num_values; j++) {
+			torture_assert_int_equal(torture, x.values[j].length,
+						 y.values[j].length,
+						 "Does not match in length");
+			torture_assert_mem_equal(torture,
+						 x.values[j].data,
+						 y.values[j].data,
+						 x.values[j].length,
+						 "Does not match in data");
+		}
+	}
+	return true;
+}
+
+static bool torture_ldb_unpack(struct torture_context *torture,
+			       const void *data_p)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(torture);
+	struct ldb_context *ldb;
+	struct ldb_val data = *discard_const_p(struct ldb_val, data_p);
+	struct ldb_message *msg = ldb_msg_new(mem_ctx);
+	const char *ldif_text = dda1d01d_ldif;
+	struct ldb_ldif ldif;
+
+	ldb = samba_ldb_init(mem_ctx, torture->ev, NULL, NULL, NULL);
+	torture_assert(torture,
+		       ldb != NULL,
+		       "Failed to init ldb");
+
+	torture_assert_int_equal(torture, ldb_unpack_data(ldb, &data, msg), 0,
+				 "ldb_unpack_data failed");
+
+	ldif.changetype = LDB_CHANGETYPE_NONE;
+	ldif.msg = msg;
+	ldif_text = ldb_ldif_write_string(ldb, mem_ctx, &ldif);
+
+	torture_assert_int_equal(torture,
+				 strcmp(ldif_text, dda1d01d_ldif), 0,
+				 "ldif form differs from binary form");
+	return true;
+}
+
+static bool torture_ldb_unpack_flags(struct torture_context *torture,
+				     const void *data_p)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(torture);
+	struct ldb_context *ldb;
+	struct ldb_val data = *discard_const_p(struct ldb_val, data_p);
+	struct ldb_message *msg = ldb_msg_new(mem_ctx);
+	const char *ldif_text = dda1d01d_ldif;
+	struct ldb_ldif ldif;
+
+	ldb = samba_ldb_init(mem_ctx, torture->ev, NULL, NULL, NULL);
+	torture_assert(torture,
+		       ldb != NULL,
+		       "Failed to init ldb");
+
+	torture_assert_int_equal(torture,
+				 ldb_unpack_data_flags(ldb, &data, msg,
+					LDB_UNPACK_DATA_FLAG_NO_VALUES_ALLOC),
+				 0,
+				 "ldb_unpack_data failed");
+
+	ldif.changetype = LDB_CHANGETYPE_NONE;
+	ldif.msg = msg;
+	ldif_text = ldb_ldif_write_string(ldb, mem_ctx, &ldif);
+
+	torture_assert_int_equal(torture,
+				 strcmp(ldif_text, dda1d01d_ldif), 0,
+				 "ldif form differs from binary form");
+
+	torture_assert_int_equal(torture,
+				 ldb_unpack_data_flags(ldb, &data, msg,
+						LDB_UNPACK_DATA_FLAG_NO_DN),
+				 0,
+				 "ldb_unpack_data failed");
+
+	torture_assert(torture,
+		       msg->dn == NULL,
+		       "msg->dn should be NULL");
+
+	return true;
+}
+
+static bool torture_ldb_unpack_data_corrupt(struct torture_context *torture)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(torture);
+	struct ldb_context *ldb;
+
+	uint8_t bin[] = {0x68, 0x19, 0x01, 0x26, /* version */
+		1, 0, 0, 0, /* num elements */
+		4, 0, 0, 0, /* dn length */
+		'D', 'N', '=', 'A', 0, /* dn with null term */
+		2, 0, 0, 0, /* canonicalized dn length */
+		'/', 'A', 0, /* canonicalized dn with null term */
+		18, 0, 0, 0, /* size of name and sizes section + 4 (this field) */
+		3, 0, 0, 0, /* el name length */
+		'a', 'b', 'c', 0, /* name with null term */
+		1, 0, 0, 0, 1, /* num values and length width */
+		1, /* value lengths */
+		'1', 0}; /* values for abc */
+
+	struct ldb_val binary = data_blob_const(bin, sizeof(bin));
+	struct ldb_val bin_copy;
+	struct ldb_message *msg;
+
+	int i, j, current, expect_rcode, ret;
+	const char *comment;
+
+	/*
+	 * List of corruptible byte ranges. First 12 bytes are corruptible,
+	 * next 4 bytes are not, next 5 bytes are corruptible, etc.
+	 */
+	uint8_t corrupt_bytes[] = {12, 4, 5, 2, 9, 3, 7, 2};
+
+	ldb = samba_ldb_init(mem_ctx, torture->ev, NULL,NULL,NULL);
+	torture_assert(torture, ldb != NULL, "Failed to init ldb");
+
+	current = 0;
+	for (i=0; i<sizeof(corrupt_bytes); i++) {
+		expect_rcode = i % 2 == 0 ? -1 : 0;
+
+		for (j=0; j<corrupt_bytes[i]; j++, current++) {
+			bin_copy.data = talloc_size(NULL, binary.length);
+			memcpy(bin_copy.data, binary.data, binary.length);
+			bin_copy.length = binary.length;
+			msg = ldb_msg_new(bin_copy.data);
+
+			bin_copy.data[current]++;
+
+			ret = ldb_unpack_data(ldb, &bin_copy, msg);
+
+			comment = talloc_asprintf(
+				bin_copy.data,
+				"Expected unpack rcode for index %d "
+				"(corrupt bytes index %d) "
+				"to be %d but got %d",
+				current,
+				i,
+				expect_rcode,
+				ret);
+			torture_assert_int_equal(torture, ret, expect_rcode,
+						 comment);
+
+			talloc_free(bin_copy.data);
+		}
+	}
+
+	return true;
+}
+
+static bool torture_ldb_pack_data_v2(struct torture_context *torture)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(torture);
+	struct ldb_context *ldb;
+	struct ldb_val binary;
+
+	uint8_t bin[] = {0x68, 0x19, 0x01, 0x26, /* version */
+		2, 0, 0, 0, /* num elements */
+		4, 0, 0, 0, /* dn length */
+		'D', 'N', '=', 'A', 0, /* dn with null term */
+		2, 0, 0, 0, /* canonicalized dn length */
+		'/', 'A', 0, /* canonicalized dn with null term */
+		42, 0, 0, 0, /* distance from here to values section */
+		3, 0, 0, 0, /* el name length */
+		'a', 'b', 'c', 0, /* name with null term */
+		4, 0, 0, 0, 1, /* num values and length width */
+		1, 1, 1, 1, /* value lengths */
+		3, 0, 0, 0, /* el name length */
+		'd', 'e', 'f', 0, /* name def with null term */
+		4, 0, 0, 0, 2, /* num of values and length width */
+		1, 0, 1, 0, 1, 0, 0, 1, /* value lengths */
+		'1', 0, '2', 0, '3', 0, '4', 0, /* values for abc */
+		'5', 0, '6', 0, '7', 0}; /* first 3 values for def */
+
+	char eight_256[257] =\
+		"88888888888888888888888888888888888888888888888888888888888"
+		"88888888888888888888888888888888888888888888888888888888888"
+		"88888888888888888888888888888888888888888888888888888888888"
+		"88888888888888888888888888888888888888888888888888888888888"
+		"88888888888888888888"; /* def's 4th value */
+
+	struct ldb_val vals[4] = {{.data=discard_const_p(uint8_t, "1"),
+				   .length=1},
+				  {.data=discard_const_p(uint8_t, "2"),
+				   .length=1},
+				  {.data=discard_const_p(uint8_t, "3"),
+				   .length=1},
+				  {.data=discard_const_p(uint8_t, "4"),
+				   .length=1}};
+	struct ldb_val vals2[4] = {{.data=discard_const_p(uint8_t,"5"),
+				   .length=1},
+				  {.data=discard_const_p(uint8_t, "6"),
+				   .length=1},
+				  {.data=discard_const_p(uint8_t, "7"),
+				   .length=1},
+				  {.data=discard_const_p(uint8_t, eight_256),
+				   .length=256}};
+	struct ldb_message_element els[2] = {{.name=discard_const_p(char, "abc"),
+					   .num_values=4, .values=vals},
+					  {.name=discard_const_p(char, "def"),
+					   .num_values=4, .values=vals2}};
+	struct ldb_message msg = {.num_elements=2, .elements=els};
+
+	uint8_t *expect_bin;
+	struct ldb_val expect_bin_ldb;
+	size_t expect_size = sizeof(bin) + sizeof(eight_256);
+	expect_bin = talloc_size(NULL, expect_size);
+	memcpy(expect_bin, bin, sizeof(bin));
+	memcpy(expect_bin + sizeof(bin), eight_256, sizeof(eight_256));
+	expect_bin_ldb = data_blob_const(expect_bin, expect_size);
+
+	ldb = samba_ldb_init(mem_ctx, torture->ev, NULL,NULL,NULL);
+	torture_assert(torture, ldb != NULL, "Failed to init ldb");
+
+	msg.dn = ldb_dn_new(NULL, ldb, "DN=A");
+
+	torture_assert_int_equal(torture,
+				 ldb_pack_data(ldb, &msg, &binary,
+					       LDB_PACKING_FORMAT_V2),
+				 0, "ldb_pack_data failed");
+
+	torture_assert_int_equal(torture, expect_bin_ldb.length,
+				 binary.length,
+				 "packed data length not as expected");
+
+	torture_assert_mem_equal(torture,
+				 expect_bin_ldb.data,
+				 binary.data,
+				 binary.length,
+				 "packed data not as expected");
+	talloc_free(expect_bin);
+	TALLOC_FREE(msg.dn);
+
+	return true;
+}
+
+static bool torture_ldb_pack_data_v2_special(struct torture_context *torture)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(torture);
+	struct ldb_context *ldb;
+	struct ldb_val binary;
+
+	uint8_t bin[] = {0x68, 0x19, 0x01, 0x26, /* version */
+		1, 0, 0, 0, /* num elements */
+		2, 0, 0, 0, /* dn length */
+		'@', 'A', 0, /* dn with null term */
+		0, 0, 0, 0, /* canonicalized dn length */
+		0, /* no canonicalized dn, just null term */
+		18, 0, 0, 0, /* distance from here to values section */
+		3, 0, 0, 0, /* el name length */
+		'a', 'b', 'c', 0, /* name with null term */
+		1, 0, 0, 0, 1, /* num values and length width */
+		1, /* value lengths */
+		'1', 0}; /* values for abc */
+
+	struct ldb_val vals[1] = {{.data=discard_const_p(uint8_t, "1"),
+				   .length=1}};
+	struct ldb_message_element els[1] = {{.name=discard_const_p(char,
+								    "abc"),
+					      .num_values=1, .values=vals}};
+	struct ldb_message msg = {.num_elements=1, .elements=els};
+
+	struct ldb_val expect_bin_ldb;
+	expect_bin_ldb = data_blob_const(bin, sizeof(bin));
+
+	ldb = samba_ldb_init(mem_ctx, torture->ev, NULL,NULL,NULL);
+	torture_assert(torture, ldb != NULL, "Failed to init ldb");
+
+	msg.dn = ldb_dn_new(NULL, ldb, "@A");
+
+	torture_assert_int_equal(torture,
+				 ldb_pack_data(ldb, &msg, &binary,
+					       LDB_PACKING_FORMAT_V2),
+				 0, "ldb_pack_data failed");
+
+	torture_assert_int_equal(torture, expect_bin_ldb.length,
+				 binary.length,
+				 "packed data length not as expected");
+
+	torture_assert_mem_equal(torture,
+				 expect_bin_ldb.data,
+				 binary.data,
+				 binary.length,
+				 "packed data not as expected");
+
+	TALLOC_FREE(msg.dn);
+
+	return true;
+}
+
+static bool torture_ldb_parse_ldif(struct torture_context *torture,
+				   const void *data_p)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(torture);
+	const char *ldif_text = dda1d01d_ldif;
+	struct ldb_context *ldb;
+	struct ldb_ldif *ldif;
+	struct ldb_val binary;
+	struct ldb_val data = *discard_const_p(struct ldb_val, data_p);
+	struct ldb_message *msg = ldb_msg_new(mem_ctx);
+
+	ldb = samba_ldb_init(mem_ctx, torture->ev, NULL,NULL,NULL);
+	torture_assert(torture,
+		       ldb != NULL,
+		       "Failed to init ldb");
+
+	ldif = ldb_ldif_read_string(ldb, &ldif_text);
+	torture_assert(torture,
+		       ldif != NULL,
+		       "ldb_ldif_read_string failed");
+	torture_assert_int_equal(torture, ldif->changetype, LDB_CHANGETYPE_NONE,
+				 "changetype is incorrect");
+	torture_assert_int_equal(torture,
+				 ldb_pack_data(ldb, ldif->msg, &binary,
+					       LDB_PACKING_FORMAT_V2),
+				 0, "ldb_pack_data failed");
+
+	torture_assert_int_equal(torture, ldb_unpack_data(ldb, &data, msg), 0,
+				 "ldb_unpack_data failed");
+
+	torture_assert(torture,
+		       helper_ldb_message_compare(torture, ldif->msg, msg),
+		       "Forms differ in memory");
+
+	return true;
+}
+
+static bool torture_ldb_pack_format_perf(struct torture_context *torture)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(torture);
+	char *unp_ldif_text = talloc_strndup(mem_ctx, dda1d01d_ldif,
+					       sizeof(dda1d01d_ldif)-1);
+	const char *ldif_text;
+	struct ldb_context *ldb;
+	struct ldb_ldif *ldif;
+	struct ldb_val binary;
+	struct ldb_message *msg = ldb_msg_new(mem_ctx);
+	int ret, i;
+	clock_t start, diff;
+
+	ldb = samba_ldb_init(mem_ctx, torture->ev, NULL,NULL,NULL);
+	torture_assert(torture,
+		       ldb != NULL,
+		       "Failed to init ldb");
+
+	unp_ldif_text[sizeof(dda1d01d_ldif)-2] = '\0';
+	ldif_text = unp_ldif_text;
+
+	for (i=0; i<10000; i++) {
+		ldif_text = talloc_asprintf_append(
+				discard_const_p(char, ldif_text),
+				"member: fillerfillerfillerfillerfillerfiller"
+				"fillerfillerfillerfillerfillerfillerfiller"
+				"fillerfillerfillerfillerfiller-group%d\n", i);
+	}
+
+	ldif = ldb_ldif_read_string(ldb, &ldif_text);
+	torture_assert(torture,
+		       ldif != NULL,
+		       "ldb_ldif_read_string failed");
+	torture_assert_int_equal(torture, ldif->changetype, LDB_CHANGETYPE_NONE,
+				 "changetype is incorrect");
+	torture_assert_int_equal(torture,
+				 ldb_pack_data(ldb, ldif->msg, &binary,
+					       LDB_PACKING_FORMAT_V2),
+				 0, "ldb_pack_data failed");
+
+	ret = ldb_unpack_data(ldb, &binary, msg);
+	torture_assert_int_equal(torture, ret, 0,
+				 "ldb_unpack_data failed");
+
+	torture_assert(torture,
+		       helper_ldb_message_compare(torture, ldif->msg, msg),
+		       "Forms differ in memory");
+
+	i = 0;
+	start = clock();
+	while (true) {
+		ldb_pack_data(ldb, ldif->msg, &binary, LDB_PACKING_FORMAT_V2);
+		i++;
+
+		if (i >= 1000) {
+			break;
+		}
+	}
+	diff = (clock() - start) * 1000 / CLOCKS_PER_SEC;
+	printf("\n%d pack runs took: %ldms\n", i, (long)diff);
+
+	i = 0;
+	start = clock();
+	while (true) {
+		ldb_unpack_data(ldb, &binary, msg);
+		i++;
+
+		if (i >= 1000) {
+			break;
+		}
+	}
+	diff = (clock() - start) * 1000 / CLOCKS_PER_SEC;
+	printf("%d unpack runs took: %ldms\n", i, (long)diff);
+
+	return true;
+}
+
+static bool torture_ldb_unpack_and_filter(struct torture_context *torture,
+					  const void *data_p)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(torture);
+	struct ldb_context *ldb;
+	struct ldb_val data = *discard_const_p(struct ldb_val, data_p);
+	struct ldb_message *msg = ldb_msg_new(mem_ctx);
+	const char *lookup_names[] = {"instanceType", "nonexistent",
+				      "whenChanged", "objectClass",
+				      "uSNCreated", "showInAdvancedViewOnly",
+				      "name", "cnNotHere", NULL};
+	const char *ldif_text;
+	struct ldb_ldif ldif;
+
+	ldb = samba_ldb_init(mem_ctx, torture->ev, NULL, NULL, NULL);
+	torture_assert(torture,
+		       ldb != NULL,
+		       "Failed to init samba");
+
+	torture_assert_int_equal(torture,
+				 ldb_unpack_data(ldb, &data, msg),
+				 0, "ldb_unpack_data failed");
+
+	torture_assert_int_equal(torture, msg->num_elements, 13,
+				 "Got wrong count of elements");
+
+	torture_assert_int_equal(torture,
+				 ldb_filter_attrs_in_place(msg, lookup_names),
+				 0, "ldb_filter_attrs_in_place failed");
+
+	/* Compare data in binary form */
+	torture_assert_int_equal(torture, msg->num_elements, 6,
+				 "Got wrong number of parsed elements");
+
+	torture_assert_str_equal(torture, msg->elements[0].name, "objectClass",
+				 "First element has wrong name");
+	torture_assert_int_equal(torture, msg->elements[0].num_values, 2,
+				 "First element has wrong count of values");
+	torture_assert_int_equal(torture,
+				 msg->elements[0].values[0].length, 3,
+				 "First element's first value is of wrong length");
+	torture_assert_mem_equal(torture,
+				 msg->elements[0].values[0].data, "top", 3,
+				 "First element's first value is incorrect");
+	torture_assert_int_equal(torture,
+				 msg->elements[0].values[1].length, strlen("container"),
+				 "First element's second value is of wrong length");
+	torture_assert_mem_equal(torture, msg->elements[0].values[1].data,
+				 "container", strlen("container"),
+				 "First element's second value is incorrect");
+
+	torture_assert_str_equal(torture, msg->elements[1].name, "instanceType",
+				 "Second element has wrong name");
+	torture_assert_int_equal(torture, msg->elements[1].num_values, 1,
+				 "Second element has too many values");
+	torture_assert_int_equal(torture, msg->elements[1].values[0].length, 1,
+				 "Second element's value is of wrong length");
+	torture_assert_mem_equal(torture, msg->elements[1].values[0].data,
+				 "4", 1,
+				 "Second element's value is incorrect");
+
+	torture_assert_str_equal(torture, msg->elements[2].name, "whenChanged",
+				 "Third element has wrong name");
+	torture_assert_int_equal(torture, msg->elements[2].num_values, 1,
+				 "Third element has too many values");
+	torture_assert_int_equal(torture, msg->elements[2].values[0].length,
+				 strlen("20150708224310.0Z"),
+				 "Third element's value is of wrong length");
+	torture_assert_mem_equal(torture, msg->elements[2].values[0].data,
+				 "20150708224310.0Z", strlen("20150708224310.0Z"),
+				 "Third element's value is incorrect");
+
+	torture_assert_str_equal(torture, msg->elements[3].name, "uSNCreated",
+				 "Fourth element has wrong name");
+	torture_assert_int_equal(torture, msg->elements[3].num_values, 1,
+				 "Fourth element has too many values");
+	torture_assert_int_equal(torture, msg->elements[3].values[0].length, 4,
+				 "Fourth element's value is of wrong length");
+	torture_assert_mem_equal(torture, msg->elements[3].values[0].data,
+				 "3467", 4,
+				 "Fourth element's value is incorrect");
+
+	torture_assert_str_equal(torture, msg->elements[4].name, "showInAdvancedViewOnly",
+				 "Fifth element has wrong name");
+	torture_assert_int_equal(torture, msg->elements[4].num_values, 1,
+				 "Fifth element has too many values");
+	torture_assert_int_equal(torture, msg->elements[4].values[0].length, 4,
+				 "Fifth element's value is of wrong length");
+	torture_assert_mem_equal(torture, msg->elements[4].values[0].data,
+				 "TRUE", 4,
+				 "Fourth element's value is incorrect");
+
+	torture_assert_str_equal(torture, msg->elements[5].name, "name",
+				 "Sixth element has wrong name");
+	torture_assert_int_equal(torture, msg->elements[5].num_values, 1,
+				 "Sixth element has too many values");
+	torture_assert_int_equal(torture, msg->elements[5].values[0].length,
+				 strlen("dda1d01d-4bd7-4c49-a184-46f9241b560e"),
+				 "Sixth element's value is of wrong length");
+	torture_assert_mem_equal(torture, msg->elements[5].values[0].data,
+				 "dda1d01d-4bd7-4c49-a184-46f9241b560e",
+				 strlen("dda1d01d-4bd7-4c49-a184-46f9241b560e"),
+				 "Sixth element's value is incorrect");
+
+	/* Compare data in ldif form */
+	ldif.changetype = LDB_CHANGETYPE_NONE;
+	ldif.msg = msg;
+	ldif_text = ldb_ldif_write_string(ldb, mem_ctx, &ldif);
+
+	torture_assert_str_equal(torture, ldif_text, dda1d01d_ldif_reduced,
+				 "Expected fields did not match");
+
+	return true;
+}
+
+struct torture_suite *torture_ldb(TALLOC_CTX *mem_ctx)
+{
+	int i;
+	struct ldb_val *bins = talloc_array(mem_ctx, struct ldb_val, 2);
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "ldb");
+
+	if (suite == NULL) {
+		return NULL;
+	}
+
+	bins[0] = data_blob_const(dda1d01d_bin_v1, sizeof(dda1d01d_bin_v1));
+	bins[1] = data_blob_const(dda1d01d_bin_v2, sizeof(dda1d01d_bin_v2));
+
+	torture_suite_add_simple_test(suite, "attrs", torture_ldb_attrs);
+	torture_suite_add_simple_test(suite, "dn-attrs", torture_ldb_dn_attrs);
+	torture_suite_add_simple_test(suite, "dn-extended",
+				      torture_ldb_dn_extended);
+	torture_suite_add_simple_test(suite, "dn-invalid-extended",
+				      torture_ldb_dn_invalid_extended);
+	torture_suite_add_simple_test(suite, "dn", torture_ldb_dn);
+	torture_suite_add_simple_test(suite, "pack-format-perf",
+				      torture_ldb_pack_format_perf);
+	torture_suite_add_simple_test(suite, "pack-data-v2",
+				      torture_ldb_pack_data_v2);
+	torture_suite_add_simple_test(suite, "pack-data-special-v2",
+				      torture_ldb_pack_data_v2_special);
+	torture_suite_add_simple_test(suite, "unpack-corrupt-v2",
+				      torture_ldb_unpack_data_corrupt);
+
+	for (i=0; i<2; i++) {
+		torture_suite_add_simple_tcase_const(suite,
+			talloc_asprintf(mem_ctx, "unpack-data-v%d", i+1),
+			torture_ldb_unpack, &bins[i]);
+		torture_suite_add_simple_tcase_const(suite,
+			talloc_asprintf(mem_ctx, "unpack-data-flags-v%d", i+1),
+			torture_ldb_unpack_flags, &bins[i]);
+		torture_suite_add_simple_tcase_const(suite,
+			talloc_asprintf(mem_ctx, "parse-ldif-v%d", i+1),
+			torture_ldb_parse_ldif, &bins[i]);
+		torture_suite_add_simple_tcase_const(suite,
+			talloc_asprintf(mem_ctx,
+					"unpack-data-and-filter-v%d", i+1),
+			torture_ldb_unpack_and_filter, &bins[i]);
+	}
+
+	suite->description = talloc_strdup(suite, "LDB (samba-specific behaviour) tests");
+
+	return suite;
+}
diff --git a/source4/torture/libnet/domain.c b/source4/torture/libnet/domain.c
new file mode 100644
index 0000000..c1cfc91
--- /dev/null
+++ b/source4/torture/libnet/domain.c
@@ -0,0 +1,117 @@
+/*
+   Unix SMB/CIFS implementation.
+   Test suite for libnet calls.
+
+   Copyright (C) Rafal Szczesniak 2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/rpc/torture_rpc.h"
+#include "libnet/libnet.h"
+#include "librpc/gen_ndr/ndr_samr_c.h"
+#include "param/param.h"
+#include "torture/libnet/proto.h"
+
+static bool test_domainopen(struct torture_context *tctx,
+			    struct libnet_context *net_ctx, TALLOC_CTX *mem_ctx,
+			    struct lsa_String *domname,
+			    struct policy_handle *domain_handle)
+{
+	NTSTATUS status;
+	struct libnet_DomainOpen io;
+
+	ZERO_STRUCT(io);
+
+	torture_comment(tctx, "opening domain\n");
+
+	io.in.domain_name  = talloc_strdup(mem_ctx, domname->string);
+	io.in.access_mask  = SEC_FLAG_MAXIMUM_ALLOWED;
+
+	status = libnet_DomainOpen(net_ctx, mem_ctx, &io);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "Composite domain open failed for domain '%s' - %s\n",
+				domname->string, nt_errstr(status));
+		return false;
+	}
+
+	*domain_handle = io.out.domain_handle;
+	return true;
+}
+
+
+static bool test_cleanup(struct torture_context *tctx,
+			 struct dcerpc_binding_handle *b, TALLOC_CTX *mem_ctx,
+			 struct policy_handle *domain_handle)
+{
+	struct samr_Close r;
+	struct policy_handle handle;
+
+	r.in.handle   = domain_handle;
+	r.out.handle  = &handle;
+
+	torture_comment(tctx, "closing domain handle\n");
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_samr_Close_r(b, mem_ctx, &r),
+		"Close failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+		"Close failed");
+
+	return true;
+}
+
+
+bool torture_domainopen(struct torture_context *torture)
+{
+	NTSTATUS status;
+	struct libnet_context *net_ctx;
+	TALLOC_CTX *mem_ctx;
+	bool ret = true;
+	struct policy_handle h;
+	struct lsa_String name;
+
+	mem_ctx = talloc_init("test_domain_open");
+
+	net_ctx = libnet_context_init(torture->ev, torture->lp_ctx);
+
+	status = torture_rpc_connection(torture,
+					&net_ctx->samr.pipe,
+					&ndr_table_samr);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+
+	name.string = lpcfg_workgroup(torture->lp_ctx);
+
+	/*
+	 * Testing synchronous version
+	 */
+	if (!test_domainopen(torture, net_ctx, mem_ctx, &name, &h)) {
+		ret = false;
+		goto done;
+	}
+
+	if (!test_cleanup(torture, net_ctx->samr.pipe->binding_handle, mem_ctx, &h)) {
+		ret = false;
+		goto done;
+	}
+
+done:
+	talloc_free(mem_ctx);
+
+	return ret;
+}
diff --git a/source4/torture/libnet/groupinfo.c b/source4/torture/libnet/groupinfo.c
new file mode 100644
index 0000000..a738ab3
--- /dev/null
+++ b/source4/torture/libnet/groupinfo.c
@@ -0,0 +1,128 @@
+/*
+   Unix SMB/CIFS implementation.
+   Test suite for libnet calls.
+
+   Copyright (C) Rafal Szczesniak 2007
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/rpc/torture_rpc.h"
+#include "libnet/libnet.h"
+#include "libcli/security/security.h"
+#include "librpc/gen_ndr/ndr_samr_c.h"
+#include "param/param.h"
+#include "torture/libnet/proto.h"
+
+#define TEST_GROUPNAME  "libnetgroupinfotest"
+
+
+static bool test_groupinfo(struct torture_context *tctx,
+			   struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+			   struct policy_handle *domain_handle,
+			   struct dom_sid2 *domain_sid, const char* group_name,
+			   uint32_t *rid)
+{
+	const uint16_t level = 5;
+	NTSTATUS status;
+	struct libnet_rpc_groupinfo group;
+	struct dom_sid *group_sid;
+
+	group_sid = dom_sid_add_rid(mem_ctx, domain_sid, *rid);
+
+	ZERO_STRUCT(group);
+
+	group.in.domain_handle = *domain_handle;
+	group.in.sid           = dom_sid_string(mem_ctx, group_sid);
+	group.in.level         = level;       /* this should be extended */
+
+	torture_comment(tctx, "Testing sync libnet_rpc_groupinfo (SID argument)\n");
+	status = libnet_rpc_groupinfo(tctx->ev, p->binding_handle, mem_ctx, &group);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "Failed to call sync libnet_rpc_userinfo - %s\n", nt_errstr(status));
+		return false;
+	}
+
+	ZERO_STRUCT(group);
+
+	group.in.domain_handle  = *domain_handle;
+	group.in.sid            = NULL;
+	group.in.groupname      = TEST_GROUPNAME;
+	group.in.level          = level;
+
+	printf("Testing sync libnet_rpc_groupinfo (groupname argument)\n");
+	status = libnet_rpc_groupinfo(tctx->ev, p->binding_handle, mem_ctx, &group);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "Failed to call sync libnet_rpc_groupinfo - %s\n", nt_errstr(status));
+		return false;
+	}
+
+	return true;
+}
+
+
+bool torture_groupinfo(struct torture_context *torture)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p;
+	TALLOC_CTX *mem_ctx;
+	bool ret = true;
+	struct policy_handle h;
+	struct lsa_String name;
+	struct dom_sid2 sid;
+	uint32_t rid;
+	struct dcerpc_binding_handle *b;
+
+	mem_ctx = talloc_init("test_userinfo");
+
+	status = torture_rpc_connection(torture,
+					&p,
+					&ndr_table_samr);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+	b = p->binding_handle;
+
+	name.string = lpcfg_workgroup(torture->lp_ctx);
+
+	/*
+	 * Testing synchronous version
+	 */
+	if (!test_domain_open(torture, b, &name, mem_ctx, &h, &sid)) {
+		ret = false;
+		goto done;
+	}
+
+	if (!test_group_create(torture, b, mem_ctx, &h, TEST_GROUPNAME, &rid)) {
+		ret = false;
+		goto done;
+	}
+
+	if (!test_groupinfo(torture, p, mem_ctx, &h, &sid, TEST_GROUPNAME, &rid)) {
+		ret = false;
+		goto done;
+	}
+
+	if (!test_group_cleanup(torture, b, mem_ctx, &h, TEST_GROUPNAME)) {
+		ret = false;
+		goto done;
+	}
+
+done:
+	talloc_free(mem_ctx);
+
+	return ret;
+}
diff --git a/source4/torture/libnet/groupman.c b/source4/torture/libnet/groupman.c
new file mode 100644
index 0000000..8cd49db
--- /dev/null
+++ b/source4/torture/libnet/groupman.c
@@ -0,0 +1,97 @@
+/*
+   Unix SMB/CIFS implementation.
+   Test suite for libnet calls.
+
+   Copyright (C) Rafal Szczesniak 2007
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/rpc/torture_rpc.h"
+#include "torture/libnet/grouptest.h"
+#include "libnet/libnet.h"
+#include "librpc/gen_ndr/ndr_samr_c.h"
+#include "param/param.h"
+#include "torture/libnet/proto.h"
+
+
+static bool test_groupadd(struct torture_context *tctx,
+			  struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+			  struct policy_handle *domain_handle,
+			  const char *name)
+{
+	NTSTATUS status;
+	bool ret = true;
+	struct libnet_rpc_groupadd group;
+
+	ZERO_STRUCT(group);
+
+	group.in.domain_handle = *domain_handle;
+	group.in.groupname     = name;
+
+	printf("Testing libnet_rpc_groupadd\n");
+
+	status = libnet_rpc_groupadd(tctx->ev, p->binding_handle,
+				     mem_ctx, &group);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("Failed to call sync libnet_rpc_groupadd - %s\n", nt_errstr(status));
+		return false;
+	}
+
+	return ret;
+}
+
+
+bool torture_groupadd(struct torture_context *torture)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p;
+	struct policy_handle h;
+	struct lsa_String domain_name;
+	struct dom_sid2 sid;
+	const char *name = TEST_GROUPNAME;
+	TALLOC_CTX *mem_ctx;
+	bool ret = true;
+	struct dcerpc_binding_handle *b;
+
+	mem_ctx = talloc_init("test_groupadd");
+
+	status = torture_rpc_connection(torture,
+					&p,
+					&ndr_table_samr);
+
+	torture_assert_ntstatus_ok(torture, status, "RPC connection");
+	b = p->binding_handle;
+
+	domain_name.string = lpcfg_workgroup(torture->lp_ctx);
+	if (!test_domain_open(torture, b, &domain_name, mem_ctx, &h, &sid)) {
+		ret = false;
+		goto done;
+	}
+
+	if (!test_groupadd(torture, p, mem_ctx, &h, name)) {
+		ret = false;
+		goto done;
+	}
+
+	if (!test_group_cleanup(torture, b, mem_ctx, &h, name)) {
+		ret = false;
+		goto done;
+	}
+
+done:
+	talloc_free(mem_ctx);
+	return ret;
+}
diff --git a/source4/torture/libnet/grouptest.h b/source4/torture/libnet/grouptest.h
new file mode 100644
index 0000000..8b65e6e
--- /dev/null
+++ b/source4/torture/libnet/grouptest.h
@@ -0,0 +1,20 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Rafal Szczesniak 2007
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#define TEST_GROUPNAME  "libnetgrptest"
diff --git a/source4/torture/libnet/libnet.c b/source4/torture/libnet/libnet.c
new file mode 100644
index 0000000..faf7bca
--- /dev/null
+++ b/source4/torture/libnet/libnet.c
@@ -0,0 +1,70 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB torture tester
+   Copyright (C) Jelmer Vernooij 2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/smbtorture.h"
+#include "librpc/rpc/dcerpc.h"
+#include "librpc/gen_ndr/lsa.h"
+#include "libnet/libnet.h"
+#include "torture/libnet/proto.h"
+
+NTSTATUS torture_net_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(
+		ctx, "net");
+
+	torture_suite_add_simple_test(suite, "userinfo", torture_userinfo);
+	torture_suite_add_simple_test(suite, "useradd", torture_useradd);
+	torture_suite_add_simple_test(suite, "userdel", torture_userdel);
+	torture_suite_add_simple_test(suite, "usermod", torture_usermod);
+	torture_suite_add_simple_test(suite, "domopen", torture_domainopen);
+	torture_suite_add_simple_test(suite, "groupinfo", torture_groupinfo);
+	torture_suite_add_simple_test(suite, "groupadd", torture_groupadd);
+	torture_suite_add_simple_test(suite, "api.lookup", torture_lookup);
+	torture_suite_add_simple_test(suite, "api.lookuphost", torture_lookup_host);
+	torture_suite_add_simple_test(suite, "api.lookuppdc", torture_lookup_pdc);
+	torture_suite_add_simple_test(suite, "api.lookupname", torture_lookup_sam_name);
+	torture_suite_add_simple_test(suite, "api.createuser", torture_createuser);
+	torture_suite_add_simple_test(suite, "api.deleteuser", torture_deleteuser);
+	torture_suite_add_simple_test(suite, "api.modifyuser", torture_modifyuser);
+	torture_suite_add_simple_test(suite, "api.userinfo", torture_userinfo_api);
+	torture_suite_add_simple_test(suite, "api.userlist", torture_userlist);
+	torture_suite_add_simple_test(suite, "api.groupinfo", torture_groupinfo_api);
+	torture_suite_add_simple_test(suite, "api.grouplist", torture_grouplist);
+	torture_suite_add_simple_test(suite, "api.creategroup", torture_creategroup);
+	torture_suite_add_simple_test(suite, "api.rpcconn.bind", torture_rpc_connect_binding);
+	torture_suite_add_simple_test(suite, "api.rpcconn.srv", torture_rpc_connect_srv);
+	torture_suite_add_simple_test(suite, "api.rpcconn.pdc", torture_rpc_connect_pdc);
+	torture_suite_add_simple_test(suite, "api.rpcconn.dc", torture_rpc_connect_dc);
+	torture_suite_add_simple_test(suite, "api.rpcconn.dcinfo", torture_rpc_connect_dc_info);
+	torture_suite_add_simple_test(suite, "api.listshares", torture_listshares);
+	torture_suite_add_simple_test(suite, "api.delshare", torture_delshare);
+	torture_suite_add_simple_test(suite, "api.domopenlsa", torture_domain_open_lsa);
+	torture_suite_add_simple_test(suite, "api.domcloselsa", torture_domain_close_lsa);
+	torture_suite_add_simple_test(suite, "api.domopensamr", torture_domain_open_samr);
+	torture_suite_add_simple_test(suite, "api.domclosesamr", torture_domain_close_samr);
+	torture_suite_add_simple_test(suite, "api.become.dc", torture_net_become_dc);
+	torture_suite_add_simple_test(suite, "api.domlist", torture_domain_list);
+
+	suite->description = talloc_strdup(suite, "libnet convenience interface tests");
+
+	torture_register_suite(ctx, suite);
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/torture/libnet/libnet_BecomeDC.c b/source4/torture/libnet/libnet_BecomeDC.c
new file mode 100644
index 0000000..45d386b
--- /dev/null
+++ b/source4/torture/libnet/libnet_BecomeDC.c
@@ -0,0 +1,191 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   libnet_BecomeDC() tests
+
+   Copyright (C) Stefan Metzmacher <metze@samba.org> 2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/cmdline/cmdline.h"
+#include "torture/rpc/torture_rpc.h"
+#include "libnet/libnet.h"
+#include "dsdb/samdb/samdb.h"
+#include "../lib/util/dlinklist.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "system/time.h"
+#include "ldb_wrap.h"
+#include "auth/auth.h"
+#include "param/param.h"
+#include "param/provision.h"
+#include "libcli/resolve/resolve.h"
+#include "torture/libnet/proto.h"
+
+bool torture_net_become_dc(struct torture_context *torture)
+{
+	bool ret = true;
+	NTSTATUS status;
+	struct libnet_BecomeDC b;
+	struct libnet_UnbecomeDC u;
+	struct libnet_vampire_cb_state *s;
+	struct ldb_message *msg;
+	int ldb_ret;
+	uint32_t i;
+	char *private_dir;
+	const char *address;
+	struct nbt_name name;
+	const char *netbios_name;
+	struct cli_credentials *machine_account;
+	struct test_join *tj;
+	struct loadparm_context *lp_ctx;
+	struct ldb_context *ldb;
+	struct libnet_context *ctx;
+	struct dsdb_schema *schema;
+
+	char *location = NULL;
+	torture_assert_ntstatus_ok(torture, torture_temp_dir(torture, "libnet_BecomeDC", &location), 
+				   "torture_temp_dir should return NT_STATUS_OK" );
+
+	netbios_name = lpcfg_parm_string(torture->lp_ctx, NULL, "become dc", "smbtorture dc");
+	if (!netbios_name || !netbios_name[0]) {
+		netbios_name = "smbtorturedc";
+	}
+
+	make_nbt_name_server(&name, torture_setting_string(torture, "host", NULL));
+
+	/* do an initial name resolution to find its IP */
+	status = resolve_name_ex(lpcfg_resolve_context(torture->lp_ctx),
+				 0, 0,
+				 &name, torture, &address, torture->ev);
+	torture_assert_ntstatus_ok(torture, status, talloc_asprintf(torture,
+				   "Failed to resolve %s - %s\n",
+				   name.name, nt_errstr(status)));
+
+
+	/* Join domain as a member server. */
+	tj = torture_join_domain(torture, netbios_name,
+				 ACB_WSTRUST,
+				 &machine_account);
+	torture_assert(torture, tj, talloc_asprintf(torture,
+						    "%s failed to join domain as workstation\n",
+						    netbios_name));
+
+	s = libnet_vampire_cb_state_init(torture, torture->lp_ctx, torture->ev,
+			       netbios_name,
+			       torture_join_dom_netbios_name(tj),
+			       torture_join_dom_dns_name(tj),
+			       location);
+	torture_assert(torture, s, "libnet_vampire_cb_state_init");
+
+	ctx = libnet_context_init(torture->ev, torture->lp_ctx);
+	ctx->cred = samba_cmdline_get_creds();
+
+	ZERO_STRUCT(b);
+	b.in.domain_dns_name		= torture_join_dom_dns_name(tj);
+	b.in.domain_netbios_name	= torture_join_dom_netbios_name(tj);
+	b.in.domain_sid			= torture_join_sid(tj);
+	b.in.source_dsa_address		= address;
+	b.in.dest_dsa_netbios_name	= netbios_name;
+
+	b.in.callbacks.private_data	= s;
+	b.in.callbacks.check_options	= libnet_vampire_cb_check_options;
+	b.in.callbacks.prepare_db       = libnet_vampire_cb_prepare_db;
+	b.in.callbacks.schema_chunk	= libnet_vampire_cb_schema_chunk;
+	b.in.callbacks.config_chunk	= libnet_vampire_cb_store_chunk;
+	b.in.callbacks.domain_chunk	= libnet_vampire_cb_store_chunk;
+
+	status = libnet_BecomeDC(ctx, s, &b);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, cleanup, talloc_asprintf(torture,
+				   "libnet_BecomeDC() failed - %s %s\n",
+				   nt_errstr(status), b.out.error_string));
+	ldb = libnet_vampire_cb_ldb(s);
+
+	msg = ldb_msg_new(s);
+	torture_assert_int_equal_goto(torture, (msg?1:0), 1, ret, cleanup,
+				      "ldb_msg_new() failed\n");
+	msg->dn = ldb_dn_new(msg, ldb, "@ROOTDSE");
+	torture_assert_int_equal_goto(torture, (msg->dn?1:0), 1, ret, cleanup,
+				      "ldb_msg_new(@ROOTDSE) failed\n");
+
+	ldb_ret = ldb_msg_add_string(msg, "isSynchronized", "TRUE");
+	torture_assert_int_equal_goto(torture, ldb_ret, LDB_SUCCESS, ret, cleanup,
+				      "ldb_msg_add_string(msg, isSynchronized, TRUE) failed\n");
+
+	for (i=0; i < msg->num_elements; i++) {
+		msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
+	}
+
+	torture_comment(torture, "mark ROOTDSE with isSynchronized=TRUE\n");
+	ldb_ret = ldb_modify(libnet_vampire_cb_ldb(s), msg);
+	torture_assert_int_equal_goto(torture, ldb_ret, LDB_SUCCESS, ret, cleanup,
+				      "ldb_modify() failed\n");
+	
+	/* commit the transaction now we know the secrets were written
+	 * out properly
+	*/
+	ldb_ret = ldb_transaction_commit(ldb);
+	torture_assert_int_equal_goto(torture, ldb_ret, LDB_SUCCESS, ret, cleanup,
+				      "ldb_transaction_commit() failed\n");
+
+	/* reopen the ldb */
+	talloc_unlink(s, ldb);
+
+	lp_ctx = libnet_vampire_cb_lp_ctx(s);
+	private_dir = talloc_asprintf(s, "%s/%s", location, "private");
+	lpcfg_set_cmdline(lp_ctx, "private dir", private_dir);
+	torture_comment(torture, "Reopen the SAM LDB with system credentials and all replicated data: %s\n", private_dir);
+	ldb = samdb_connect(s,
+			    torture->ev,
+			    lp_ctx,
+			    system_session(lp_ctx),
+			    NULL,
+			    0);
+	torture_assert_goto(torture, ldb != NULL, ret, cleanup,
+				      talloc_asprintf(torture,
+				      "Failed to open '%s/sam.ldb'\n", private_dir));
+
+	torture_assert_goto(torture, dsdb_uses_global_schema(ldb), ret, cleanup,
+						"Uses global schema");
+
+	schema = dsdb_get_schema(ldb, s);
+	torture_assert_goto(torture, schema != NULL, ret, cleanup,
+				      "Failed to get loaded dsdb_schema\n");
+
+	/* Make sure we get this from the command line */
+	if (lpcfg_parm_bool(torture->lp_ctx, NULL, "become dc", "do not unjoin", false)) {
+		talloc_free(s);
+		return ret;
+	}
+
+cleanup:
+	ZERO_STRUCT(u);
+	u.in.domain_dns_name		= torture_join_dom_dns_name(tj);
+	u.in.domain_netbios_name	= torture_join_dom_netbios_name(tj);
+	u.in.source_dsa_address		= address;
+	u.in.dest_dsa_netbios_name	= netbios_name;
+
+	status = libnet_UnbecomeDC(ctx, s, &u);
+	torture_assert_ntstatus_ok(torture, status, talloc_asprintf(torture,
+				   "libnet_UnbecomeDC() failed - %s %s\n",
+				   nt_errstr(status), u.out.error_string));
+
+	/* Leave domain. */
+	torture_leave_domain(torture, tj);
+
+	talloc_free(s);
+	return ret;
+}
diff --git a/source4/torture/libnet/libnet_domain.c b/source4/torture/libnet/libnet_domain.c
new file mode 100644
index 0000000..2444000
--- /dev/null
+++ b/source4/torture/libnet/libnet_domain.c
@@ -0,0 +1,440 @@
+/*
+   Unix SMB/CIFS implementation.
+   Test suite for libnet calls.
+
+   Copyright (C) Rafal Szczesniak 2006
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include "includes.h"
+#include "lib/cmdline/cmdline.h"
+#include "libnet/libnet.h"
+#include "librpc/gen_ndr/ndr_samr_c.h"
+#include "librpc/gen_ndr/ndr_lsa_c.h"
+#include "torture/rpc/torture_rpc.h"
+#include "param/param.h"
+#include "torture/libnet/proto.h"
+
+
+static bool test_opendomain_samr(struct torture_context *tctx,
+				 struct dcerpc_binding_handle *b, TALLOC_CTX *mem_ctx,
+				 struct policy_handle *handle, struct lsa_String *domname,
+				 uint32_t *access_mask, struct dom_sid **sid_p)
+{
+	struct policy_handle h, domain_handle;
+	struct samr_Connect r1;
+	struct samr_LookupDomain r2;
+	struct dom_sid2 *sid = NULL;
+	struct samr_OpenDomain r3;
+
+	torture_comment(tctx, "connecting\n");
+
+	*access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+
+	r1.in.system_name = 0;
+	r1.in.access_mask = *access_mask;
+	r1.out.connect_handle = &h;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_samr_Connect_r(b, mem_ctx, &r1),
+		"Connect failed");
+	torture_assert_ntstatus_ok(tctx, r1.out.result,
+		"Connect failed");
+
+	r2.in.connect_handle = &h;
+	r2.in.domain_name = domname;
+	r2.out.sid = &sid;
+
+	torture_comment(tctx, "domain lookup on %s\n", domname->string);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_samr_LookupDomain_r(b, mem_ctx, &r2),
+		"LookupDomain failed");
+	torture_assert_ntstatus_ok(tctx, r2.out.result,
+		"LookupDomain failed");
+
+	r3.in.connect_handle = &h;
+	r3.in.access_mask = *access_mask;
+	r3.in.sid = *sid_p = *r2.out.sid;
+	r3.out.domain_handle = &domain_handle;
+
+	torture_comment(tctx, "opening domain\n");
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_samr_OpenDomain_r(b, mem_ctx, &r3),
+		"OpenDomain failed");
+	torture_assert_ntstatus_ok(tctx, r3.out.result,
+		"OpenDomain failed");
+
+	*handle = domain_handle;
+
+	return true;
+}
+
+
+static bool test_opendomain_lsa(struct torture_context *tctx,
+				struct dcerpc_binding_handle *b, TALLOC_CTX *mem_ctx,
+				struct policy_handle *handle, struct lsa_String *domname,
+				uint32_t *access_mask)
+{
+	struct lsa_OpenPolicy2 open;
+	struct lsa_ObjectAttribute attr;
+	struct lsa_QosInfo qos;
+
+	*access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+
+	ZERO_STRUCT(attr);
+	ZERO_STRUCT(qos);
+
+	qos.len                 = 0;
+	qos.impersonation_level = 2;
+	qos.context_mode        = 1;
+	qos.effective_only      = 0;
+
+	attr.sec_qos = &qos;
+
+	open.in.system_name = domname->string;
+	open.in.attr        = &attr;
+	open.in.access_mask = *access_mask;
+	open.out.handle     = handle;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_lsa_OpenPolicy2_r(b, mem_ctx, &open),
+		"OpenPolicy2 failed");
+	torture_assert_ntstatus_ok(tctx, open.out.result,
+		"OpenPolicy2 failed");
+
+	return true;
+}
+
+bool torture_domain_open_lsa(struct torture_context *torture)
+{
+	NTSTATUS status;
+	bool ret = true;
+	struct libnet_context *ctx;
+	struct libnet_DomainOpen r;
+	struct lsa_Close lsa_close;
+	struct policy_handle h;
+	const char *domain_name;
+
+	/* we're accessing domain controller so the domain name should be
+	   passed (it's going to be resolved to dc name and address) instead
+	   of specific server name. */
+	domain_name = lpcfg_workgroup(torture->lp_ctx);
+
+	ctx = libnet_context_init(torture->ev, torture->lp_ctx);
+	if (ctx == NULL) {
+		torture_comment(torture, "failed to create libnet context\n");
+		return false;
+	}
+
+	ctx->cred = samba_cmdline_get_creds();
+
+	ZERO_STRUCT(r);
+	r.in.type = DOMAIN_LSA;
+	r.in.domain_name = domain_name;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+
+	status = libnet_DomainOpen(ctx, torture, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(torture, "failed to open domain on lsa service: %s\n", nt_errstr(status));
+		ret = false;
+		goto done;
+	}
+
+	ZERO_STRUCT(lsa_close);
+	lsa_close.in.handle  = &ctx->lsa.handle;
+	lsa_close.out.handle = &h;
+
+	torture_assert_ntstatus_ok(torture,
+		dcerpc_lsa_Close_r(ctx->lsa.pipe->binding_handle, ctx, &lsa_close),
+		"failed to close domain on lsa service");
+	torture_assert_ntstatus_ok(torture, lsa_close.out.result,
+		"failed to close domain on lsa service");
+
+done:
+	talloc_free(ctx);
+	return ret;
+}
+
+
+bool torture_domain_close_lsa(struct torture_context *torture)
+{
+	bool ret = true;
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx=NULL;
+	struct libnet_context *ctx;
+	struct lsa_String domain_name;
+	struct dcerpc_binding *binding;
+	uint32_t access_mask;
+	struct policy_handle h;
+	struct dcerpc_pipe *p;
+	struct libnet_DomainClose r;
+
+	status = torture_rpc_binding(torture, &binding);
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+
+	ctx = libnet_context_init(torture->ev, torture->lp_ctx);
+	if (ctx == NULL) {
+		torture_comment(torture, "failed to create libnet context\n");
+		ret = false;
+		goto done;
+	}
+
+	ctx->cred = samba_cmdline_get_creds();
+
+	mem_ctx = talloc_init("torture_domain_close_lsa");
+	status = dcerpc_pipe_connect_b(mem_ctx, &p, binding, &ndr_table_lsarpc,
+				     samba_cmdline_get_creds(),
+				torture->ev, torture->lp_ctx);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(torture, "failed to connect to server: %s\n", nt_errstr(status));
+		ret = false;
+		goto done;
+	}
+
+	domain_name.string = lpcfg_workgroup(torture->lp_ctx);
+
+	if (!test_opendomain_lsa(torture, p->binding_handle, torture, &h, &domain_name, &access_mask)) {
+		torture_comment(torture, "failed to open domain on lsa service\n");
+		ret = false;
+		goto done;
+	}
+
+	ctx->lsa.pipe        = p;
+	ctx->lsa.name        = domain_name.string;
+	ctx->lsa.access_mask = access_mask;
+	ctx->lsa.handle      = h;
+
+	ZERO_STRUCT(r);
+	r.in.type = DOMAIN_LSA;
+	r.in.domain_name = domain_name.string;
+
+	status = libnet_DomainClose(ctx, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		ret = false;
+		goto done;
+	}
+
+done:
+	talloc_free(mem_ctx);
+	talloc_free(ctx);
+	return ret;
+}
+
+
+bool torture_domain_open_samr(struct torture_context *torture)
+{
+	NTSTATUS status;
+	struct libnet_context *ctx;
+	TALLOC_CTX *mem_ctx;
+	struct policy_handle domain_handle, handle;
+	struct libnet_DomainOpen io;
+	struct samr_Close r;
+	const char *domain_name;
+	bool ret = true;
+
+	mem_ctx = talloc_init("test_domainopen_lsa");
+
+	ctx = libnet_context_init(torture->ev, torture->lp_ctx);
+	ctx->cred = samba_cmdline_get_creds();
+
+	/* we're accessing domain controller so the domain name should be
+	   passed (it's going to be resolved to dc name and address) instead
+	   of specific server name. */
+	domain_name = lpcfg_workgroup(torture->lp_ctx);
+
+	/*
+	 * Testing synchronous version
+	 */
+	torture_comment(torture, "opening domain\n");
+
+	io.in.type         = DOMAIN_SAMR;
+	io.in.domain_name  = domain_name;
+	io.in.access_mask  = SEC_FLAG_MAXIMUM_ALLOWED;
+
+	status = libnet_DomainOpen(ctx, mem_ctx, &io);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(torture, "Composite domain open failed for domain '%s' - %s\n",
+				domain_name, nt_errstr(status));
+		ret = false;
+		goto done;
+	}
+
+	domain_handle = ctx->samr.handle;
+
+	r.in.handle   = &domain_handle;
+	r.out.handle  = &handle;
+
+	torture_comment(torture, "closing domain handle\n");
+
+	torture_assert_ntstatus_ok(torture,
+		dcerpc_samr_Close_r(ctx->samr.pipe->binding_handle, mem_ctx, &r),
+		"Close failed");
+	torture_assert_ntstatus_ok(torture, r.out.result,
+		"Close failed");
+
+done:
+	talloc_free(mem_ctx);
+	talloc_free(ctx);
+
+	return ret;
+}
+
+
+bool torture_domain_close_samr(struct torture_context *torture)
+{
+	bool ret = true;
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = NULL;
+	struct libnet_context *ctx;
+	struct lsa_String domain_name;
+	struct dcerpc_binding *binding;
+	uint32_t access_mask;
+	struct policy_handle h;
+	struct dcerpc_pipe *p;
+	struct libnet_DomainClose r;
+	struct dom_sid *sid;
+
+	status = torture_rpc_binding(torture, &binding);
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+
+	ctx = libnet_context_init(torture->ev, torture->lp_ctx);
+	if (ctx == NULL) {
+		torture_comment(torture, "failed to create libnet context\n");
+		ret = false;
+		goto done;
+	}
+
+	ctx->cred = samba_cmdline_get_creds();
+
+	mem_ctx = talloc_init("torture_domain_close_samr");
+	status = dcerpc_pipe_connect_b(mem_ctx, &p, binding, &ndr_table_samr,
+				     ctx->cred, torture->ev, torture->lp_ctx);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(torture, "failed to connect to server: %s\n", nt_errstr(status));
+		ret = false;
+		goto done;
+	}
+
+	domain_name.string = talloc_strdup(mem_ctx, lpcfg_workgroup(torture->lp_ctx));
+
+	if (!test_opendomain_samr(torture, p->binding_handle, torture, &h, &domain_name, &access_mask, &sid)) {
+		torture_comment(torture, "failed to open domain on samr service\n");
+		ret = false;
+		goto done;
+	}
+
+	ctx->samr.pipe        = p;
+	ctx->samr.name        = talloc_steal(ctx, domain_name.string);
+	ctx->samr.access_mask = access_mask;
+	ctx->samr.handle      = h;
+	ctx->samr.sid         = talloc_steal(ctx, sid);
+
+	ZERO_STRUCT(r);
+	r.in.type = DOMAIN_SAMR;
+	r.in.domain_name = domain_name.string;
+
+	status = libnet_DomainClose(ctx, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		ret = false;
+		goto done;
+	}
+
+done:
+	talloc_free(mem_ctx);
+	talloc_free(ctx);
+	return ret;
+}
+
+
+bool torture_domain_list(struct torture_context *torture)
+{
+	bool ret = true;
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = NULL;
+	struct dcerpc_binding *binding;
+	struct libnet_context *ctx;
+	struct libnet_DomainList r;
+	int i;
+
+	status = torture_rpc_binding(torture, &binding);
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+
+	ctx = libnet_context_init(torture->ev, torture->lp_ctx);
+	if (ctx == NULL) {
+		torture_comment(torture, "failed to create libnet context\n");
+		ret = false;
+		goto done;
+	}
+
+	ctx->cred = samba_cmdline_get_creds();
+
+	mem_ctx = talloc_init("torture_domain_close_samr");
+
+	/*
+	 * querying the domain list using default buffer size
+	 */
+
+	ZERO_STRUCT(r);
+	r.in.hostname = dcerpc_binding_get_string_option(binding, "host");
+
+	status = libnet_DomainList(ctx, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		ret = false;
+		goto done;
+	}
+
+	torture_comment(torture, "Received list or domains (everything in one piece):\n");
+
+	for (i = 0; i < r.out.count; i++) {
+		torture_comment(torture, "Name[%d]: %s\n", i, r.out.domains[i].name);
+	}
+
+	/*
+	 * querying the domain list using specified (much smaller) buffer size
+	 */
+
+	ctx->samr.buf_size = 32;
+
+	ZERO_STRUCT(r);
+	r.in.hostname = dcerpc_binding_get_string_option(binding, "host");
+
+	status = libnet_DomainList(ctx, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		ret = false;
+		goto done;
+	}
+
+	torture_comment(torture, "Received list or domains (collected in more than one round):\n");
+
+	for (i = 0; i < r.out.count; i++) {
+		torture_comment(torture, "Name[%d]: %s\n", i, r.out.domains[i].name);
+	}
+
+done:
+	torture_comment(torture, "\nStatus: %s\n", nt_errstr(status));
+
+	talloc_free(mem_ctx);
+	talloc_free(ctx);
+	return ret;
+}
diff --git a/source4/torture/libnet/libnet_group.c b/source4/torture/libnet/libnet_group.c
new file mode 100644
index 0000000..e3e2030
--- /dev/null
+++ b/source4/torture/libnet/libnet_group.c
@@ -0,0 +1,210 @@
+/*
+   Unix SMB/CIFS implementation.
+   Test suite for libnet calls.
+
+   Copyright (C) Rafal Szczesniak  2007
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include "includes.h"
+#include "lib/cmdline/cmdline.h"
+#include "libnet/libnet.h"
+#include "librpc/gen_ndr/ndr_samr_c.h"
+#include "librpc/gen_ndr/ndr_lsa_c.h"
+#include "torture/rpc/torture_rpc.h"
+#include "torture/libnet/proto.h"
+#include "param/param.h"
+
+
+#define TEST_GROUPNAME  "libnetgrouptest"
+
+
+bool torture_groupinfo_api(struct torture_context *torture)
+{
+	const char *name = TEST_GROUPNAME;
+	bool ret = true;
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = NULL, *prep_mem_ctx;
+	struct libnet_context *ctx = NULL;
+	struct dcerpc_pipe *p;
+	struct policy_handle h;
+	struct lsa_String domain_name;
+	struct libnet_GroupInfo req;
+
+	prep_mem_ctx = talloc_init("prepare torture group info");
+
+	status = torture_rpc_connection(torture,
+					&p,
+					&ndr_table_samr);
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+
+	domain_name.string = lpcfg_workgroup(torture->lp_ctx);
+	if (!test_domain_open(torture, p->binding_handle, &domain_name, prep_mem_ctx, &h, NULL)) {
+		ret = false;
+		goto done;
+	}
+
+	if (!test_group_create(torture, p->binding_handle, prep_mem_ctx, &h, name, NULL)) {
+		ret = false;
+		goto done;
+	}
+
+	mem_ctx = talloc_init("torture group info");
+
+	if (!test_libnet_context_init(torture, true, &ctx)) {
+		return false;
+	}
+
+	ZERO_STRUCT(req);
+
+	req.in.domain_name = domain_name.string;
+	req.in.level = GROUP_INFO_BY_NAME;
+	req.in.data.group_name = name;
+
+	status = libnet_GroupInfo(ctx, mem_ctx, &req);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(torture, "libnet_GroupInfo call failed: %s\n", nt_errstr(status));
+		ret = false;
+		goto done;
+	}
+
+	if (!test_group_cleanup(torture, ctx->samr.pipe->binding_handle,
+	                        mem_ctx, &ctx->samr.handle, TEST_GROUPNAME)) {
+		torture_comment(torture, "cleanup failed\n");
+		ret = false;
+		goto done;
+	}
+
+	if (!test_samr_close_handle(torture,
+	                            ctx->samr.pipe->binding_handle, mem_ctx, &ctx->samr.handle)) {
+		torture_comment(torture, "domain close failed\n");
+		ret = false;
+	}
+
+done:
+	talloc_free(ctx);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+
+bool torture_grouplist(struct torture_context *torture)
+{
+	bool ret = true;
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = NULL;
+	struct libnet_context *ctx;
+	struct lsa_String domain_name;
+	struct libnet_GroupList req;
+	int i;
+
+	ctx = libnet_context_init(torture->ev, torture->lp_ctx);
+	ctx->cred = samba_cmdline_get_creds();
+
+	domain_name.string = lpcfg_workgroup(torture->lp_ctx);
+	mem_ctx = talloc_init("torture group list");
+
+	ZERO_STRUCT(req);
+
+	torture_comment(torture, "listing group accounts:\n");
+
+	do {
+		req.in.domain_name  = domain_name.string;
+		req.in.page_size    = 128;
+		req.in.resume_index = req.out.resume_index;
+
+		status = libnet_GroupList(ctx, mem_ctx, &req);
+		if (!NT_STATUS_IS_OK(status) &&
+		    !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) break;
+
+		for (i = 0; i < req.out.count; i++) {
+			torture_comment(torture, "\tgroup: %s, sid=%s\n",
+			                req.out.groups[i].groupname, req.out.groups[i].sid);
+		}
+
+	} while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
+
+	if (!(NT_STATUS_IS_OK(status) ||
+	      NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES))) {
+		torture_comment(torture, "libnet_GroupList call failed: %s\n", nt_errstr(status));
+		ret = false;
+		goto done;
+	}
+
+	if (!test_samr_close_handle(torture,
+	                            ctx->samr.pipe->binding_handle, mem_ctx, &ctx->samr.handle)) {
+		torture_comment(torture, "domain close failed\n");
+		ret = false;
+	}
+
+	if (!test_lsa_close_handle(torture,
+	                           ctx->lsa.pipe->binding_handle, mem_ctx, &ctx->lsa.handle)) {
+		torture_comment(torture, "lsa domain close failed\n");
+		ret = false;
+	}
+
+	talloc_free(ctx);
+
+done:
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+
+bool torture_creategroup(struct torture_context *torture)
+{
+	bool ret = true;
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = NULL;
+	struct libnet_context *ctx;
+	struct libnet_CreateGroup req;
+
+	mem_ctx = talloc_init("test_creategroup");
+
+	ctx = libnet_context_init(torture->ev, torture->lp_ctx);
+	ctx->cred = samba_cmdline_get_creds();
+
+	req.in.group_name = TEST_GROUPNAME;
+	req.in.domain_name = lpcfg_workgroup(torture->lp_ctx);
+	req.out.error_string = NULL;
+
+	status = libnet_CreateGroup(ctx, mem_ctx, &req);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(torture, "libnet_CreateGroup call failed: %s\n", nt_errstr(status));
+		ret = false;
+		goto done;
+	}
+
+	if (!test_group_cleanup(torture, ctx->samr.pipe->binding_handle,
+	                        mem_ctx, &ctx->samr.handle, TEST_GROUPNAME)) {
+		torture_comment(torture, "cleanup failed\n");
+		ret = false;
+		goto done;
+	}
+
+	if (!test_samr_close_handle(torture,
+	                            ctx->samr.pipe->binding_handle, mem_ctx, &ctx->samr.handle)) {
+		torture_comment(torture, "domain close failed\n");
+		ret = false;
+	}
+
+done:
+	talloc_free(ctx);
+	talloc_free(mem_ctx);
+	return ret;
+}
diff --git a/source4/torture/libnet/libnet_lookup.c b/source4/torture/libnet/libnet_lookup.c
new file mode 100644
index 0000000..e6e23dc
--- /dev/null
+++ b/source4/torture/libnet/libnet_lookup.c
@@ -0,0 +1,191 @@
+/*
+   Unix SMB/CIFS implementation.
+   Test suite for libnet calls.
+
+   Copyright (C) Rafal Szczesniak 2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/cmdline/cmdline.h"
+#include "libnet/libnet.h"
+#include "libcli/libcli.h"
+#include "torture/rpc/torture_rpc.h"
+#include "torture/libnet/proto.h"
+#include "param/param.h"
+
+
+bool torture_lookup(struct torture_context *torture)
+{
+	bool ret;
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx;
+	struct libnet_context *ctx;
+	struct libnet_Lookup lookup;
+	struct dcerpc_binding *binding;
+
+	mem_ctx = talloc_init("test_lookup");
+
+	ctx = libnet_context_init(torture->ev, torture->lp_ctx);
+	ctx->cred = samba_cmdline_get_creds();
+
+	lookup.in.hostname = torture_setting_string(torture, "host", NULL);
+	if (lookup.in.hostname == NULL) {
+		status = torture_rpc_binding(torture, &binding);
+		if (NT_STATUS_IS_OK(status)) {
+			lookup.in.hostname = dcerpc_binding_get_string_option(binding, "host");
+		}
+	}
+
+	lookup.in.type     = NBT_NAME_CLIENT;
+	lookup.in.resolve_ctx = NULL;
+	lookup.out.address = NULL;
+
+	status = libnet_Lookup(ctx, mem_ctx, &lookup);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(torture, "Couldn't lookup name %s: %s\n", lookup.in.hostname, nt_errstr(status));
+		ret = false;
+		goto done;
+	}
+
+	ret = true;
+
+	torture_comment(torture, "Name [%s] found at address: %s.\n", lookup.in.hostname, *lookup.out.address);
+
+done:
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+
+bool torture_lookup_host(struct torture_context *torture)
+{
+	bool ret;
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx;
+	struct libnet_context *ctx;
+	struct libnet_Lookup lookup;
+	struct dcerpc_binding *binding;
+
+	mem_ctx = talloc_init("test_lookup_host");
+
+	ctx = libnet_context_init(torture->ev, torture->lp_ctx);
+	ctx->cred = samba_cmdline_get_creds();
+
+	lookup.in.hostname = torture_setting_string(torture, "host", NULL);
+	if (lookup.in.hostname == NULL) {
+		status = torture_rpc_binding(torture, &binding);
+		if (NT_STATUS_IS_OK(status)) {
+			lookup.in.hostname = dcerpc_binding_get_string_option(binding, "host");
+		}
+	}
+
+	lookup.in.resolve_ctx = NULL;
+	lookup.out.address = NULL;
+
+	status = libnet_LookupHost(ctx, mem_ctx, &lookup);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(torture, "Couldn't lookup host %s: %s\n", lookup.in.hostname, nt_errstr(status));
+		ret = false;
+		goto done;
+	}
+
+	ret = true;
+
+	torture_comment(torture, "Host [%s] found at address: %s.\n", lookup.in.hostname, *lookup.out.address);
+
+done:
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+
+bool torture_lookup_pdc(struct torture_context *torture)
+{
+	bool ret;
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx;
+	struct libnet_context *ctx;
+	struct libnet_LookupDCs *lookup;
+	int i;
+
+	mem_ctx = talloc_init("test_lookup_pdc");
+
+	ctx = libnet_context_init(torture->ev, torture->lp_ctx);
+	ctx->cred = samba_cmdline_get_creds();
+
+	talloc_steal(ctx, mem_ctx);
+
+	lookup = talloc(mem_ctx, struct libnet_LookupDCs);
+	if (!lookup) {
+		ret = false;
+		goto done;
+	}
+
+	lookup->in.domain_name = lpcfg_workgroup(torture->lp_ctx);
+	lookup->in.name_type   = NBT_NAME_PDC;
+
+	status = libnet_LookupDCs(ctx, mem_ctx, lookup);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(torture, "Couldn't lookup pdc %s: %s\n", lookup->in.domain_name,
+		       nt_errstr(status));
+		ret = false;
+		goto done;
+	}
+
+	ret = true;
+
+	torture_comment(torture, "DCs of domain [%s] found.\n", lookup->in.domain_name);
+	for (i = 0; i < lookup->out.num_dcs; i++) {
+		torture_comment(torture, "\tDC[%d]: name=%s, address=%s\n", i, lookup->out.dcs[i].name,
+		       lookup->out.dcs[i].address);
+	}
+
+done:
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+
+bool torture_lookup_sam_name(struct torture_context *torture)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx;
+	struct libnet_context *ctx;
+	struct libnet_LookupName r;
+	bool ret = true;
+
+	ctx = libnet_context_init(torture->ev, torture->lp_ctx);
+	ctx->cred = samba_cmdline_get_creds();
+
+	mem_ctx = talloc_init("torture lookup sam name");
+	if (mem_ctx == NULL) return false;
+
+	r.in.name = "Administrator";
+	r.in.domain_name = lpcfg_workgroup(torture->lp_ctx);
+
+	status = libnet_LookupName(ctx, mem_ctx, &r);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"libnet_LookupName: failed");
+
+done:
+	talloc_free(mem_ctx);
+	talloc_free(ctx);
+
+	return ret;
+}
diff --git a/source4/torture/libnet/libnet_rpc.c b/source4/torture/libnet/libnet_rpc.c
new file mode 100644
index 0000000..9820432
--- /dev/null
+++ b/source4/torture/libnet/libnet_rpc.c
@@ -0,0 +1,230 @@
+/*
+   Unix SMB/CIFS implementation.
+   Test suite for libnet calls.
+
+   Copyright (C) Rafal Szczesniak 2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/cmdline/cmdline.h"
+#include "libnet/libnet.h"
+#include "libcli/security/security.h"
+#include "librpc/gen_ndr/ndr_lsa.h"
+#include "librpc/gen_ndr/ndr_samr.h"
+#include "librpc/gen_ndr/ndr_srvsvc.h"
+#include "torture/rpc/torture_rpc.h"
+#include "torture/libnet/proto.h"
+#include "param/param.h"
+
+
+static bool test_connect_service(struct torture_context *tctx,
+				 struct libnet_context *ctx,
+				 const struct ndr_interface_table *iface,
+				 const char *binding_string,
+				 const char *hostname,
+				 const enum libnet_RpcConnect_level level,
+				 bool badcreds, NTSTATUS expected_status)
+{
+	NTSTATUS status;
+	struct libnet_RpcConnect connect_r;
+	ZERO_STRUCT(connect_r);
+
+	connect_r.level            = level;
+	connect_r.in.binding       = binding_string;
+	connect_r.in.name          = hostname;
+	connect_r.in.dcerpc_iface  = iface;
+
+	/* if bad credentials are needed, set baduser%badpassword instead
+	   of default commandline-passed credentials */
+	if (badcreds) {
+		cli_credentials_set_username(ctx->cred, "baduser", CRED_SPECIFIED);
+		cli_credentials_set_password(ctx->cred, "badpassword", CRED_SPECIFIED);
+	}
+
+	status = libnet_RpcConnect(ctx, ctx, &connect_r);
+
+	if (!NT_STATUS_EQUAL(status, expected_status)) {
+		torture_comment(tctx, "Connecting to rpc service %s on %s.\n\tFAILED. Expected: %s."
+		       "Received: %s\n",
+		       connect_r.in.dcerpc_iface->name, connect_r.in.binding, nt_errstr(expected_status),
+		       nt_errstr(status));
+
+		return false;
+	}
+
+	torture_comment(tctx, "PASSED. Expected: %s, received: %s\n", nt_errstr(expected_status),
+	       nt_errstr(status));
+
+	if (connect_r.level == LIBNET_RPC_CONNECT_DC_INFO && NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "Domain Controller Info:\n");
+		torture_comment(tctx, "\tDomain Name:\t %s\n", connect_r.out.domain_name);
+		torture_comment(tctx, "\tDomain SID:\t %s\n", dom_sid_string(ctx, connect_r.out.domain_sid));
+		torture_comment(tctx, "\tRealm:\t\t %s\n", connect_r.out.realm);
+		torture_comment(tctx, "\tGUID:\t\t %s\n", GUID_string(ctx, connect_r.out.guid));
+
+	} else if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "Error string: %s\n", connect_r.out.error_string);
+	}
+
+	return true;
+}
+
+
+static bool torture_rpc_connect(struct torture_context *torture,
+				const enum libnet_RpcConnect_level level,
+				const char *bindstr, const char *hostname)
+{
+	struct libnet_context *ctx;
+
+	ctx = libnet_context_init(torture->ev, torture->lp_ctx);
+	ctx->cred = samba_cmdline_get_creds();
+
+	torture_comment(torture, "Testing connection to LSA interface\n");
+
+	if (!test_connect_service(torture, ctx, &ndr_table_lsarpc, bindstr,
+				  hostname, level, false, NT_STATUS_OK)) {
+		torture_comment(torture, "failed to connect LSA interface\n");
+		return false;
+	}
+
+	torture_comment(torture, "Testing connection to SAMR interface\n");
+	if (!test_connect_service(torture, ctx, &ndr_table_samr, bindstr,
+				  hostname, level, false, NT_STATUS_OK)) {
+		torture_comment(torture, "failed to connect SAMR interface\n");
+		return false;
+	}
+
+	torture_comment(torture, "Testing connection to SRVSVC interface\n");
+	if (!test_connect_service(torture, ctx, &ndr_table_srvsvc, bindstr,
+				  hostname, level, false, NT_STATUS_OK)) {
+		torture_comment(torture, "failed to connect SRVSVC interface\n");
+		return false;
+	}
+
+	torture_comment(torture, "Testing connection to LSA interface with wrong credentials\n");
+	if (!test_connect_service(torture, ctx, &ndr_table_lsarpc, bindstr,
+				  hostname, level, true, NT_STATUS_LOGON_FAILURE)) {
+		torture_comment(torture, "failed to test wrong credentials on LSA interface\n");
+		return false;
+	}
+
+	torture_comment(torture, "Testing connection to SAMR interface with wrong credentials\n");
+	if (!test_connect_service(torture, ctx, &ndr_table_samr, bindstr,
+				  hostname, level, true, NT_STATUS_LOGON_FAILURE)) {
+		torture_comment(torture, "failed to test wrong credentials on SAMR interface\n");
+		return false;
+	}
+
+	talloc_free(ctx);
+
+	return true;
+}
+
+
+bool torture_rpc_connect_srv(struct torture_context *torture)
+{
+	const enum libnet_RpcConnect_level level = LIBNET_RPC_CONNECT_SERVER;
+	NTSTATUS status;
+	struct dcerpc_binding *binding;
+	const char *host;
+
+	status = torture_rpc_binding(torture, &binding);
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+
+	host = dcerpc_binding_get_string_option(binding, "host");
+
+	return torture_rpc_connect(torture, level, NULL, host);
+}
+
+
+bool torture_rpc_connect_pdc(struct torture_context *torture)
+{
+	const enum libnet_RpcConnect_level level = LIBNET_RPC_CONNECT_PDC;
+	NTSTATUS status;
+	struct dcerpc_binding *binding;
+	const char *domain_name;
+
+	status = torture_rpc_binding(torture, &binding);
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+
+	/* we're accessing domain controller so the domain name should be
+	   passed (it's going to be resolved to dc name and address) instead
+	   of specific server name. */
+	domain_name = lpcfg_workgroup(torture->lp_ctx);
+	return torture_rpc_connect(torture, level, NULL, domain_name);
+}
+
+
+bool torture_rpc_connect_dc(struct torture_context *torture)
+{
+	const enum libnet_RpcConnect_level level = LIBNET_RPC_CONNECT_DC;
+	NTSTATUS status;
+	struct dcerpc_binding *binding;
+	const char *domain_name;
+
+	status = torture_rpc_binding(torture, &binding);
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+
+	/* we're accessing domain controller so the domain name should be
+	   passed (it's going to be resolved to dc name and address) instead
+	   of specific server name. */
+	domain_name = lpcfg_workgroup(torture->lp_ctx);
+	return torture_rpc_connect(torture, level, NULL, domain_name);
+}
+
+
+bool torture_rpc_connect_dc_info(struct torture_context *torture)
+{
+	const enum libnet_RpcConnect_level level = LIBNET_RPC_CONNECT_DC_INFO;
+	NTSTATUS status;
+	struct dcerpc_binding *binding;
+	const char *domain_name;
+
+	status = torture_rpc_binding(torture, &binding);
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+
+	/* we're accessing domain controller so the domain name should be
+	   passed (it's going to be resolved to dc name and address) instead
+	   of specific server name. */
+	domain_name = lpcfg_workgroup(torture->lp_ctx);
+	return torture_rpc_connect(torture, level, NULL, domain_name);
+}
+
+
+bool torture_rpc_connect_binding(struct torture_context *torture)
+{
+	const enum libnet_RpcConnect_level level = LIBNET_RPC_CONNECT_BINDING;
+	NTSTATUS status;
+	struct dcerpc_binding *binding;
+	const char *bindstr;
+
+	status = torture_rpc_binding(torture, &binding);
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+
+	bindstr = dcerpc_binding_string(torture, binding);
+
+	return torture_rpc_connect(torture, level, bindstr, NULL);
+}
diff --git a/source4/torture/libnet/libnet_share.c b/source4/torture/libnet/libnet_share.c
new file mode 100644
index 0000000..da74b99
--- /dev/null
+++ b/source4/torture/libnet/libnet_share.c
@@ -0,0 +1,285 @@
+/*
+   Unix SMB/CIFS implementation.
+   Test suite for libnet calls.
+
+   Copyright (C) Gregory LEOCADIE <gleocadie@idealx.com> 2005
+   Copyright (C) Rafal Szczesniak  2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/rpc/torture_rpc.h"
+#include "libnet/libnet.h"
+#include "lib/cmdline/cmdline.h"
+#include "librpc/gen_ndr/ndr_srvsvc_c.h"
+#include "torture/libnet/proto.h"
+
+
+#define TEST_SHARENAME "libnetsharetest"
+
+
+static void test_displayshares(struct torture_context *tctx,
+			       struct libnet_ListShares s)
+{
+	int i, j;
+
+	struct share_type {
+		enum srvsvc_ShareType type;
+		const char *desc;
+	} share_types[] = {
+		{ STYPE_DISKTREE, "STYPE_DISKTREE" },
+		{ STYPE_DISKTREE_TEMPORARY, "STYPE_DISKTREE_TEMPORARY" },
+		{ STYPE_DISKTREE_HIDDEN, "STYPE_DISKTREE_HIDDEN" },
+		{ STYPE_PRINTQ, "STYPE_PRINTQ" },
+		{ STYPE_PRINTQ_TEMPORARY, "STYPE_PRINTQ_TEMPORARY" },
+		{ STYPE_PRINTQ_HIDDEN, "STYPE_PRINTQ_HIDDEN" },
+		{ STYPE_DEVICE, "STYPE_DEVICE" },
+		{ STYPE_DEVICE_TEMPORARY, "STYPE_DEVICE_TEMPORARY" },
+		{ STYPE_DEVICE_HIDDEN, "STYPE_DEVICE_HIDDEN" },
+		{ STYPE_IPC, "STYPE_IPC" },
+		{ STYPE_IPC_TEMPORARY, "STYPE_IPC_TEMPORARY" },
+		{ STYPE_IPC_HIDDEN, "STYPE_IPC_HIDDEN" }
+	};
+
+	switch (s.in.level) {
+	case 0:
+		for (i = 0; i < s.out.ctr.ctr0->count; i++) {
+			struct srvsvc_NetShareInfo0 *info = &s.out.ctr.ctr0->array[i];
+			torture_comment(tctx, "\t[%d] %s\n", i, info->name);
+		}
+		break;
+
+	case 1:
+		for (i = 0; i < s.out.ctr.ctr1->count; i++) {
+			struct srvsvc_NetShareInfo1 *info = &s.out.ctr.ctr1->array[i];
+			for (j = 0; j < ARRAY_SIZE(share_types); j++) {
+				if (share_types[j].type == info->type) {
+					torture_comment(tctx,
+							"\t[%d] %s (%s)\t%s\n",
+							i,
+							info->name,
+							info->comment,
+							share_types[j].desc);
+					break;
+				}
+			}
+		}
+		break;
+
+	case 2:
+		for (i = 0; i < s.out.ctr.ctr2->count; i++) {
+			struct srvsvc_NetShareInfo2 *info = &s.out.ctr.ctr2->array[i];
+			for (j = 0; j < ARRAY_SIZE(share_types); j++) {
+				if (share_types[j].type == info->type) {
+					torture_comment(tctx,
+							"\t[%d] %s\t%s\n"
+							"\t    %s\n"
+							"\t    [perms=0x%08x, "
+							"max_usr=%d, "
+							"cur_usr=%d, "
+							"path=%s, "
+							"pass=%s]\n",
+							i,
+							info->name,
+							share_types[j].desc,
+							info->comment,
+							info->permissions,
+							info->max_users,
+							info->current_users,
+							info->path,
+							info->password);
+					break;
+				}
+			}
+		}
+		break;
+
+	case 501:
+		for (i = 0; i < s.out.ctr.ctr501->count; i++) {
+			struct srvsvc_NetShareInfo501 *info = &s.out.ctr.ctr501->array[i];
+			for (j = 0; j < ARRAY_SIZE(share_types); j++) {
+				if (share_types[j].type == info->type) {
+					torture_comment(tctx,
+							"\t[%d] %s"
+							"\t%s "
+							"[csc_policy=0x%08x]\n"
+							"\t    %s\n",
+							i,
+							info->name,
+							share_types[j].desc,
+							info->csc_policy,
+							info->comment);
+					break;
+				}
+			}
+		}
+		break;
+
+	case 502:
+		for (i = 0; i < s.out.ctr.ctr502->count; i++) {
+			struct srvsvc_NetShareInfo502 *info = &s.out.ctr.ctr502->array[i];
+			for (j = 0; j < ARRAY_SIZE(share_types); j++) {
+				if (share_types[j].type == info->type) {
+					torture_comment(tctx,
+							"\t[%d] %s\t%s\n"
+							"\t    %s\n"
+							"\t    [perms=0x%08x, "
+							"max_usr=%d, "
+							"cur_usr=%d, "
+							"path=%s, pass=%s]\n",
+							i,
+							info->name,
+							share_types[j].desc,
+							info->comment,
+							info->permissions,
+							info->max_users,
+							info->current_users,
+							info->path,
+							info->password);
+					break;
+				}
+			}
+		}
+		break;
+	}
+}
+
+
+bool torture_listshares(struct torture_context *torture)
+{
+	struct libnet_ListShares share;
+	NTSTATUS  status;
+	uint32_t levels[] = { 0, 1, 2, 501, 502 };
+	int i;
+	bool ret = true;
+	struct libnet_context* libnetctx;
+	struct dcerpc_binding *binding;
+	TALLOC_CTX *mem_ctx;
+
+	mem_ctx = talloc_init("test_listshares");
+	status = torture_rpc_binding(torture, &binding);
+	if (!NT_STATUS_IS_OK(status)) {
+		ret = false;
+		goto done;
+	}
+
+	libnetctx = libnet_context_init(torture->ev, torture->lp_ctx);
+	if (!libnetctx) {
+		torture_comment(torture, "Couldn't allocate libnet context\n");
+		ret = false;
+		goto done;
+	}
+
+	libnetctx->cred = samba_cmdline_get_creds();
+
+	torture_comment(torture, "Testing libnet_ListShare\n");
+
+	share.in.server_name = dcerpc_binding_get_string_option(binding, "host");
+
+	for (i = 0; i < ARRAY_SIZE(levels); i++) {
+		share.in.level = levels[i];
+		torture_comment(torture, "Testing libnet_ListShare level %u\n", share.in.level);
+
+		status = libnet_ListShares(libnetctx, mem_ctx, &share);
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_comment(torture, "libnet_ListShare level %u failed - %s\n", share.in.level, share.out.error_string);
+			ret = false;
+			goto done;
+		}
+
+		torture_comment(torture, "listing shares:\n");
+		test_displayshares(torture, share);
+	}
+
+done:
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+
+static bool test_addshare(struct torture_context *tctx,
+			  struct dcerpc_binding_handle *b, TALLOC_CTX *mem_ctx, const char *host,
+			  const char* share)
+{
+	NTSTATUS status;
+	struct srvsvc_NetShareAdd add;
+	union srvsvc_NetShareInfo info;
+	struct srvsvc_NetShareInfo2 i;
+
+	ZERO_STRUCT(i);
+	ZERO_STRUCT(info);
+	ZERO_STRUCT(add);
+
+	i.name         = share;
+	i.type         = STYPE_DISKTREE;
+	i.path         = "C:\\WINDOWS\\TEMP";
+	i.max_users    = 5;
+	i.comment      = "Comment to the test share";
+	i.password     = NULL;
+	i.permissions  = 0x0;
+
+	info.info2 = &i;
+
+	add.in.server_unc = host;
+	add.in.level      = 2;
+	add.in.info       = &info;
+	add.in.parm_error = NULL;
+
+	status = dcerpc_srvsvc_NetShareAdd_r(b, mem_ctx, &add);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "Failed to add a new share\n");
+		return false;
+	}
+
+	torture_comment(tctx, "share added\n");
+	return true;
+}
+
+
+bool torture_delshare(struct torture_context *torture)
+{
+	struct dcerpc_pipe *p;
+	struct dcerpc_binding *binding;
+	struct libnet_context* libnetctx;
+	const char *host;
+	NTSTATUS  status;
+	bool ret = true;
+	struct libnet_DelShare share;
+
+	host = torture_setting_string(torture, "host", NULL);
+	status = torture_rpc_binding(torture, &binding);
+	torture_assert_ntstatus_ok(torture, status, "Failed to get binding");
+
+	libnetctx = libnet_context_init(torture->ev, torture->lp_ctx);
+	libnetctx->cred = samba_cmdline_get_creds();
+
+	status = torture_rpc_connection(torture,
+					&p,
+					&ndr_table_srvsvc);
+
+	torture_assert_ntstatus_ok(torture, status, "Failed to get rpc connection");
+
+	if (!test_addshare(torture, p->binding_handle, torture, host, TEST_SHARENAME)) {
+		return false;
+	}
+
+	share.in.server_name	= dcerpc_binding_get_string_option(binding, "host");
+	share.in.share_name	= TEST_SHARENAME;
+
+	status = libnet_DelShare(libnetctx, torture, &share);
+	torture_assert_ntstatus_ok(torture, status, "Failed to delete share");
+
+	return ret;
+}
diff --git a/source4/torture/libnet/libnet_user.c b/source4/torture/libnet/libnet_user.c
new file mode 100644
index 0000000..9029827
--- /dev/null
+++ b/source4/torture/libnet/libnet_user.c
@@ -0,0 +1,520 @@
+/*
+   Unix SMB/CIFS implementation.
+   Test suite for libnet calls.
+
+   Copyright (C) Rafal Szczesniak 2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/time.h"
+#include "lib/cmdline/cmdline.h"
+#include "libnet/libnet.h"
+#include "librpc/gen_ndr/ndr_samr_c.h"
+#include "librpc/gen_ndr/ndr_lsa_c.h"
+#include "torture/rpc/torture_rpc.h"
+#include "torture/libnet/usertest.h"
+#include "torture/libnet/proto.h"
+#include "param/param.h"
+
+
+
+bool torture_createuser(struct torture_context *torture)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx;
+	struct libnet_context *ctx = NULL;
+	struct libnet_CreateUser req;
+	bool ret = true;
+
+	mem_ctx = talloc_init("test_createuser");
+
+	if (!test_libnet_context_init(torture, true, &ctx)) {
+		return false;
+	}
+
+	req.in.user_name = TEST_USERNAME;
+	req.in.domain_name = lpcfg_workgroup(torture->lp_ctx);
+	req.out.error_string = NULL;
+
+	status = libnet_CreateUser(ctx, mem_ctx, &req);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(torture, "libnet_CreateUser call failed: %s\n", nt_errstr(status));
+		ret = false;
+		goto done;
+	}
+
+	if (!test_user_cleanup(torture, ctx->samr.pipe->binding_handle,
+	                       mem_ctx, &ctx->samr.handle, TEST_USERNAME)) {
+		torture_comment(torture, "cleanup failed\n");
+		ret = false;
+		goto done;
+	}
+
+	if (!test_samr_close_handle(torture,
+	                            ctx->samr.pipe->binding_handle, mem_ctx, &ctx->samr.handle)) {
+		torture_comment(torture, "domain close failed\n");
+		ret = false;
+	}
+
+done:
+	talloc_free(ctx);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+
+bool torture_deleteuser(struct torture_context *torture)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p;
+	TALLOC_CTX *mem_ctx;
+	struct policy_handle h;
+	struct lsa_String domain_name;
+	const char *name = TEST_USERNAME;
+	struct libnet_context *ctx = NULL;
+	struct libnet_DeleteUser req;
+	bool ret = false;
+
+	status = torture_rpc_connection(torture,
+					&p,
+					&ndr_table_samr);
+	torture_assert_ntstatus_ok(torture, status, "torture_rpc_connection() failed");
+
+	mem_ctx = talloc_init("torture_deleteuser");
+
+	/*
+	 * Pre-create a user to be deleted later
+	 */
+	domain_name.string = lpcfg_workgroup(torture->lp_ctx);
+	ret = test_domain_open(torture, p->binding_handle, &domain_name, mem_ctx, &h, NULL);
+	torture_assert_goto(torture, ret, ret, done, "test_domain_open() failed");
+
+	ret = test_user_create(torture, p->binding_handle, mem_ctx, &h, name, NULL);
+	torture_assert_goto(torture, ret, ret, done, "test_user_create() failed");
+
+	/*
+	 * Delete the user using libnet layer
+	 */
+	ret = test_libnet_context_init(torture, true, &ctx);
+	torture_assert_goto(torture, ret, ret, done, "test_libnet_context_init() failed");
+
+	req.in.user_name = TEST_USERNAME;
+	req.in.domain_name = lpcfg_workgroup(torture->lp_ctx);
+
+	status = libnet_DeleteUser(ctx, mem_ctx, &req);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done, "libnet_DeleteUser() failed");
+
+	/* mark test as successful */
+	ret = true;
+
+done:
+	talloc_free(ctx);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+
+/*
+  Generate testing set of random changes
+*/
+
+static void set_test_changes(struct torture_context *tctx,
+			     TALLOC_CTX *mem_ctx, struct libnet_ModifyUser *r,
+			     int num_changes, char **user_name, enum test_fields req_change)
+{
+	const char* logon_scripts[] = { "start_login.cmd", "login.bat", "start.cmd" };
+	const char* home_dirs[] = { "\\\\srv\\home", "\\\\homesrv\\home\\user", "\\\\pdcsrv\\domain" };
+	const char* home_drives[] = { "H:", "z:", "I:", "J:", "n:" };
+	const uint32_t flags[] = { (ACB_DISABLED | ACB_NORMAL | ACB_PW_EXPIRED),
+				   (ACB_NORMAL | ACB_PWNOEXP),
+				   (ACB_NORMAL | ACB_PW_EXPIRED) };
+	const char *homedir, *homedrive, *logonscript;
+	struct timeval now;
+	int i, testfld;
+
+	torture_comment(tctx, "Fields to change: [");
+
+	for (i = 0; i < num_changes && i <= USER_FIELD_LAST; i++) {
+		const char *fldname;
+
+		testfld = (req_change == none) ? (random() % USER_FIELD_LAST) + 1 : req_change;
+
+		/* get one in case we hit time field this time */
+		gettimeofday(&now, NULL);
+
+		switch (testfld) {
+		case acct_name:
+			continue_if_field_set(r->in.account_name);
+			r->in.account_name = talloc_asprintf(mem_ctx, TEST_CHG_ACCOUNTNAME,
+							     (int)(random() % 100));
+			fldname = "account_name";
+
+			/* update the test's user name in case it's about to change */
+			*user_name = talloc_strdup(mem_ctx, r->in.account_name);
+			break;
+
+		case acct_full_name:
+			continue_if_field_set(r->in.full_name);
+			r->in.full_name = talloc_asprintf(mem_ctx, TEST_CHG_FULLNAME,
+							  (unsigned int)random(), (unsigned int)random());
+			fldname = "full_name";
+			break;
+
+		case acct_description:
+			continue_if_field_set(r->in.description);
+			r->in.description = talloc_asprintf(mem_ctx, TEST_CHG_DESCRIPTION,
+							    (long)random());
+			fldname = "description";
+			break;
+
+		case acct_home_directory:
+			continue_if_field_set(r->in.home_directory);
+			homedir = home_dirs[random() % ARRAY_SIZE(home_dirs)];
+			r->in.home_directory = talloc_strdup(mem_ctx, homedir);
+			fldname = "home_dir";
+			break;
+
+		case acct_home_drive:
+			continue_if_field_set(r->in.home_drive);
+			homedrive = home_drives[random() % ARRAY_SIZE(home_drives)];
+			r->in.home_drive = talloc_strdup(mem_ctx, homedrive);
+			fldname = "home_drive";
+			break;
+
+		case acct_comment:
+			continue_if_field_set(r->in.comment);
+			r->in.comment = talloc_asprintf(mem_ctx, TEST_CHG_COMMENT,
+							(unsigned long)random(), (unsigned long)random());
+			fldname = "comment";
+			break;
+
+		case acct_logon_script:
+			continue_if_field_set(r->in.logon_script);
+			logonscript = logon_scripts[random() % ARRAY_SIZE(logon_scripts)];
+			r->in.logon_script = talloc_strdup(mem_ctx, logonscript);
+			fldname = "logon_script";
+			break;
+
+		case acct_profile_path:
+			continue_if_field_set(r->in.profile_path);
+			r->in.profile_path = talloc_asprintf(mem_ctx, TEST_CHG_PROFILEPATH,
+							     (unsigned long)random(), (unsigned int)random());
+			fldname = "profile_path";
+			break;
+
+		case acct_expiry:
+			continue_if_field_set(r->in.acct_expiry);
+			now = timeval_add(&now, (random() % (31*24*60*60)), 0);
+			r->in.acct_expiry = (struct timeval *)talloc_memdup(mem_ctx, &now, sizeof(now));
+			fldname = "acct_expiry";
+			break;
+
+		case acct_flags:
+			continue_if_field_set(r->in.acct_flags);
+			r->in.acct_flags = flags[random() % ARRAY_SIZE(flags)];
+			fldname = "acct_flags";
+			break;
+
+		default:
+			fldname = "unknown_field";
+		}
+
+		torture_comment(tctx, ((i < num_changes - 1) ? "%s," : "%s"), fldname);
+
+		/* disable requested field (it's supposed to be the only one used) */
+		if (req_change != none) req_change = none;
+	}
+
+	torture_comment(tctx, "]\n");
+}
+
+
+#define TEST_STR_FLD(fld) \
+	if (!strequal(req.in.fld, user_req.out.fld)) { \
+		torture_comment(torture, "failed to change '%s'\n", #fld); \
+		ret = false; \
+		goto cleanup; \
+	}
+
+#define TEST_TIME_FLD(fld) \
+	if (timeval_compare(req.in.fld, user_req.out.fld)) { \
+		torture_comment(torture, "failed to change '%s'\n", #fld); \
+		ret = false; \
+		goto cleanup; \
+	}
+
+#define TEST_NUM_FLD(fld) \
+	if (req.in.fld != user_req.out.fld) { \
+		torture_comment(torture, "failed to change '%s'\n", #fld); \
+		ret = false; \
+		goto cleanup; \
+	}
+
+
+bool torture_modifyuser(struct torture_context *torture)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p;
+	TALLOC_CTX *prep_mem_ctx;
+	struct policy_handle h;
+	struct lsa_String domain_name;
+	char *name;
+	struct libnet_context *ctx = NULL;
+	struct libnet_ModifyUser req;
+	struct libnet_UserInfo user_req;
+	int fld;
+	bool ret = true;
+	struct dcerpc_binding_handle *b;
+
+	prep_mem_ctx = talloc_init("prepare test_deleteuser");
+
+	status = torture_rpc_connection(torture,
+					&p,
+					&ndr_table_samr);
+	if (!NT_STATUS_IS_OK(status)) {
+		ret = false;
+		goto done;
+	}
+	b = p->binding_handle;
+
+	name = talloc_strdup(prep_mem_ctx, TEST_USERNAME);
+
+	domain_name.string = lpcfg_workgroup(torture->lp_ctx);
+	if (!test_domain_open(torture, b, &domain_name, prep_mem_ctx, &h, NULL)) {
+		ret = false;
+		goto done;
+	}
+
+	if (!test_user_create(torture, b, prep_mem_ctx, &h, name, NULL)) {
+		ret = false;
+		goto done;
+	}
+
+	torture_comment(torture, "Testing change of all fields - each single one in turn\n");
+
+	if (!test_libnet_context_init(torture, true, &ctx)) {
+		return false;
+	}
+
+	for (fld = USER_FIELD_FIRST; fld <= USER_FIELD_LAST; fld++) {
+		ZERO_STRUCT(req);
+		req.in.domain_name = lpcfg_workgroup(torture->lp_ctx);
+		req.in.user_name = name;
+
+		set_test_changes(torture, torture, &req, 1, &name, fld);
+
+		status = libnet_ModifyUser(ctx, torture, &req);
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_comment(torture, "libnet_ModifyUser call failed: %s\n", nt_errstr(status));
+			ret = false;
+			continue;
+		}
+
+		ZERO_STRUCT(user_req);
+		user_req.in.domain_name = lpcfg_workgroup(torture->lp_ctx);
+		user_req.in.data.user_name = name;
+		user_req.in.level = USER_INFO_BY_NAME;
+
+		status = libnet_UserInfo(ctx, torture, &user_req);
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_comment(torture, "libnet_UserInfo call failed: %s\n", nt_errstr(status));
+			ret = false;
+			continue;
+		}
+
+		switch (fld) {
+		case acct_name: TEST_STR_FLD(account_name);
+			break;
+		case acct_full_name: TEST_STR_FLD(full_name);
+			break;
+		case acct_comment: TEST_STR_FLD(comment);
+			break;
+		case acct_description: TEST_STR_FLD(description);
+			break;
+		case acct_home_directory: TEST_STR_FLD(home_directory);
+			break;
+		case acct_home_drive: TEST_STR_FLD(home_drive);
+			break;
+		case acct_logon_script: TEST_STR_FLD(logon_script);
+			break;
+		case acct_profile_path: TEST_STR_FLD(profile_path);
+			break;
+		case acct_expiry: TEST_TIME_FLD(acct_expiry);
+			break;
+		case acct_flags: TEST_NUM_FLD(acct_flags);
+			break;
+		default:
+			break;
+		}
+	}
+
+cleanup:
+	if (!test_user_cleanup(torture, ctx->samr.pipe->binding_handle,
+	                       torture, &ctx->samr.handle, TEST_USERNAME)) {
+		torture_comment(torture, "cleanup failed\n");
+		ret = false;
+		goto done;
+	}
+
+	if (!test_samr_close_handle(torture,
+	                            ctx->samr.pipe->binding_handle, torture, &ctx->samr.handle)) {
+		torture_comment(torture, "domain close failed\n");
+		ret = false;
+	}
+
+done:
+	talloc_free(ctx);
+	talloc_free(prep_mem_ctx);
+	return ret;
+}
+
+
+bool torture_userinfo_api(struct torture_context *torture)
+{
+	const char *name = TEST_USERNAME;
+	bool ret = true;
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = NULL, *prep_mem_ctx;
+	struct libnet_context *ctx = NULL;
+	struct dcerpc_pipe *p;
+	struct policy_handle h;
+	struct lsa_String domain_name;
+	struct libnet_UserInfo req;
+	struct dcerpc_binding_handle *b;
+
+	prep_mem_ctx = talloc_init("prepare torture user info");
+
+	status = torture_rpc_connection(torture,
+					&p,
+					&ndr_table_samr);
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+	b = p->binding_handle;
+
+	domain_name.string = lpcfg_workgroup(torture->lp_ctx);
+	if (!test_domain_open(torture, b, &domain_name, prep_mem_ctx, &h, NULL)) {
+		ret = false;
+		goto done;
+	}
+
+	if (!test_user_create(torture, b, prep_mem_ctx, &h, name, NULL)) {
+		ret = false;
+		goto done;
+	}
+
+	mem_ctx = talloc_init("torture user info");
+
+	if (!test_libnet_context_init(torture, true, &ctx)) {
+		return false;
+	}
+
+	ZERO_STRUCT(req);
+
+	req.in.domain_name = domain_name.string;
+	req.in.data.user_name   = name;
+	req.in.level = USER_INFO_BY_NAME;
+
+	status = libnet_UserInfo(ctx, mem_ctx, &req);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(torture, "libnet_UserInfo call failed: %s\n", nt_errstr(status));
+		ret = false;
+		goto done;
+	}
+
+	if (!test_user_cleanup(torture, ctx->samr.pipe->binding_handle,
+	                       mem_ctx, &ctx->samr.handle, TEST_USERNAME)) {
+		torture_comment(torture, "cleanup failed\n");
+		ret = false;
+		goto done;
+	}
+
+	if (!test_samr_close_handle(torture,
+	                            ctx->samr.pipe->binding_handle, mem_ctx, &ctx->samr.handle)) {
+		torture_comment(torture, "domain close failed\n");
+		ret = false;
+	}
+
+done:
+	talloc_free(ctx);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+
+bool torture_userlist(struct torture_context *torture)
+{
+	bool ret = true;
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = NULL;
+	struct libnet_context *ctx;
+	struct lsa_String domain_name;
+	struct libnet_UserList req;
+	int i;
+
+	ctx = libnet_context_init(torture->ev, torture->lp_ctx);
+	ctx->cred = samba_cmdline_get_creds();
+
+	domain_name.string = lpcfg_workgroup(torture->lp_ctx);
+	mem_ctx = talloc_init("torture user list");
+
+	ZERO_STRUCT(req);
+
+	torture_comment(torture, "listing user accounts:\n");
+
+	do {
+
+		req.in.domain_name = domain_name.string;
+		req.in.page_size   = 128;
+		req.in.resume_index = req.out.resume_index;
+
+		status = libnet_UserList(ctx, mem_ctx, &req);
+		if (!NT_STATUS_IS_OK(status) &&
+		    !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) break;
+
+		for (i = 0; i < req.out.count; i++) {
+			torture_comment(torture, "\tuser: %s, sid=%s\n",
+			                req.out.users[i].username, req.out.users[i].sid);
+		}
+
+	} while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
+
+	if (!(NT_STATUS_IS_OK(status) ||
+	      NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES))) {
+		torture_comment(torture, "libnet_UserList call failed: %s\n", nt_errstr(status));
+		ret = false;
+		goto done;
+	}
+
+	if (!test_samr_close_handle(torture,
+	                            ctx->samr.pipe->binding_handle, mem_ctx, &ctx->samr.handle)) {
+		torture_comment(torture, "samr domain close failed\n");
+		ret = false;
+		goto done;
+	}
+
+	if (!test_lsa_close_handle(torture,
+	                           ctx->lsa.pipe->binding_handle, mem_ctx, &ctx->lsa.handle)) {
+		torture_comment(torture, "lsa domain close failed\n");
+		ret = false;
+	}
+
+	talloc_free(ctx);
+
+done:
+	talloc_free(mem_ctx);
+	return ret;
+}
diff --git a/source4/torture/libnet/python/samr-test.py b/source4/torture/libnet/python/samr-test.py
new file mode 100644
index 0000000..4181e56
--- /dev/null
+++ b/source4/torture/libnet/python/samr-test.py
@@ -0,0 +1,59 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# Unix SMB/CIFS implementation.
+# Copyright (C) Kamen Mazdrashki <kamen.mazdrashki@postpath.com> 2009
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+#
+# Usage:
+#  export ACCOUNT_NAME=kamen
+#  export NEW_PASS=test
+#  export SUBUNITRUN=$samba4srcdir/scripting/bin/subunitrun
+#  PYTHONPATH="$samba4srcdir/torture/libnet/python" $SUBUNITRUN samr-test -Ukma-exch.devel/Administrator%333
+#
+
+import os
+
+from samba import net
+import samba.tests
+
+if "ACCOUNT_NAME" not in os.environ.keys():
+    raise Exception("Please supply ACCOUNT_NAME in environment")
+
+if "NEW_PASS" not in os.environ.keys():
+    raise Exception("Please supply NEW_PASS in environment")
+
+account_name = os.environ["ACCOUNT_NAME"]
+new_pass = os.environ["NEW_PASS"]
+
+#
+# Tests start here
+#
+
+
+class Libnet_SetPwdTest(samba.tests.TestCase):
+
+    ########################################################################################
+
+    def test_SetPassword(self):
+        creds = self.get_credentials()
+        net.SetPassword(account_name=account_name,
+                        domain_name=creds.get_domain(),
+                        newpassword=new_pass,
+                        credentials=creds)
+
+    ########################################################################################
diff --git a/source4/torture/libnet/userinfo.c b/source4/torture/libnet/userinfo.c
new file mode 100644
index 0000000..897273b
--- /dev/null
+++ b/source4/torture/libnet/userinfo.c
@@ -0,0 +1,192 @@
+/*
+   Unix SMB/CIFS implementation.
+   Test suite for libnet calls.
+
+   Copyright (C) Rafal Szczesniak 2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/rpc/torture_rpc.h"
+#include "libnet/libnet.h"
+#include "libcli/security/security.h"
+#include "librpc/gen_ndr/ndr_samr_c.h"
+#include "param/param.h"
+#include "torture/libnet/proto.h"
+
+
+#define TEST_USERNAME  "libnetuserinfotest"
+
+static bool test_userinfo(struct torture_context *tctx,
+			  struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+			  struct policy_handle *domain_handle,
+			  struct dom_sid2 *domain_sid, const char* user_name,
+			  uint32_t *rid)
+{
+	const uint16_t level = 5;
+	NTSTATUS status;
+	struct libnet_rpc_userinfo user;
+	struct dom_sid *user_sid;
+
+	user_sid = dom_sid_add_rid(mem_ctx, domain_sid, *rid);
+
+	ZERO_STRUCT(user);
+
+	user.in.domain_handle = *domain_handle;
+	user.in.sid           = dom_sid_string(mem_ctx, user_sid);
+	user.in.level         = level;       /* this should be extended */
+
+	torture_comment(tctx, "Testing sync libnet_rpc_userinfo (SID argument)\n");
+	status = libnet_rpc_userinfo(tctx->ev, p->binding_handle, mem_ctx, &user);
+	torture_assert_ntstatus_ok(tctx, status, "Calling sync libnet_rpc_userinfo() failed");
+
+	ZERO_STRUCT(user);
+
+	user.in.domain_handle = *domain_handle;
+	user.in.sid           = NULL;
+	user.in.username      = user_name;
+	user.in.level         = level;
+
+	torture_comment(tctx, "Testing sync libnet_rpc_userinfo (username argument)\n");
+	status = libnet_rpc_userinfo(tctx->ev, p->binding_handle, mem_ctx, &user);
+	torture_assert_ntstatus_ok(tctx, status, "Calling sync libnet_rpc_userinfo failed");
+
+	return true;
+}
+
+
+static bool test_userinfo_async(struct torture_context *tctx,
+				struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+				struct policy_handle *domain_handle,
+				struct dom_sid2 *domain_sid, const char* user_name,
+				uint32_t *rid)
+{
+	const uint16_t level = 10;
+	NTSTATUS status;
+	struct composite_context *c;
+	struct libnet_rpc_userinfo user;
+	struct dom_sid *user_sid;
+
+	user_sid = dom_sid_add_rid(mem_ctx, domain_sid, *rid);
+
+	ZERO_STRUCT(user);
+
+	user.in.domain_handle = *domain_handle;
+	user.in.sid           = dom_sid_string(mem_ctx, user_sid);
+	user.in.level         = level;       /* this should be extended */
+
+	torture_comment(tctx, "Testing async libnet_rpc_userinfo (SID argument)\n");
+
+	c = libnet_rpc_userinfo_send(mem_ctx, tctx->ev, p->binding_handle, &user, msg_handler);
+	torture_assert(tctx, c != NULL, "Failed to call async libnet_rpc_userinfo_send");
+
+	status = libnet_rpc_userinfo_recv(c, mem_ctx, &user);
+	torture_assert_ntstatus_ok(tctx, status, "Calling async libnet_rpc_userinfo_recv failed");
+
+	ZERO_STRUCT(user);
+
+	user.in.domain_handle = *domain_handle;
+	user.in.sid           = NULL;
+	user.in.username      = user_name;
+	user.in.level         = level;
+
+	torture_comment(tctx, "Testing async libnet_rpc_userinfo (username argument)\n");
+
+	c = libnet_rpc_userinfo_send(mem_ctx, tctx->ev, p->binding_handle, &user, msg_handler);
+	torture_assert(tctx, c != NULL, "Failed to call async libnet_rpc_userinfo_send");
+
+	status = libnet_rpc_userinfo_recv(c, mem_ctx, &user);
+	torture_assert_ntstatus_ok(tctx, status, "Calling async libnet_rpc_userinfo_recv failed");
+
+	return true;
+}
+
+
+bool torture_userinfo(struct torture_context *torture)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p;
+	TALLOC_CTX *mem_ctx;
+	bool ret = true;
+	struct policy_handle h;
+	struct lsa_String name;
+	struct dom_sid2 sid;
+	uint32_t rid;
+	struct dcerpc_binding_handle *b;
+
+	mem_ctx = talloc_init("test_userinfo");
+
+	status = torture_rpc_connection(torture,
+					&p,
+					&ndr_table_samr);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+	b = p->binding_handle;
+
+	name.string = lpcfg_workgroup(torture->lp_ctx);
+
+	/*
+	 * Testing synchronous version
+	 */
+	if (!test_domain_open(torture, b, &name, mem_ctx, &h, &sid)) {
+		ret = false;
+		goto done;
+	}
+
+	if (!test_user_create(torture, b, mem_ctx, &h, TEST_USERNAME, &rid)) {
+		ret = false;
+		goto done;
+	}
+
+	if (!test_userinfo(torture, p, mem_ctx, &h, &sid, TEST_USERNAME, &rid)) {
+		ret = false;
+		goto done;
+	}
+
+	if (!test_user_cleanup(torture, b, mem_ctx, &h, TEST_USERNAME)) {
+		ret = false;
+		goto done;
+	}
+
+	/*
+	 * Testing asynchronous version and monitor messages
+	 */
+	if (!test_domain_open(torture, b, &name, mem_ctx, &h, &sid)) {
+		ret = false;
+		goto done;
+	}
+
+	if (!test_user_create(torture, b, mem_ctx, &h, TEST_USERNAME, &rid)) {
+		ret = false;
+		goto done;
+	}
+
+	if (!test_userinfo_async(torture, p, mem_ctx, &h, &sid, TEST_USERNAME, &rid)) {
+		ret = false;
+		goto done;
+	}
+
+	if (!test_user_cleanup(torture, b, mem_ctx, &h, TEST_USERNAME)) {
+		ret = false;
+		goto done;
+	}
+
+done:
+	talloc_free(mem_ctx);
+
+	return ret;
+}
diff --git a/source4/torture/libnet/userman.c b/source4/torture/libnet/userman.c
new file mode 100644
index 0000000..8c49bb6
--- /dev/null
+++ b/source4/torture/libnet/userman.c
@@ -0,0 +1,473 @@
+/*
+   Unix SMB/CIFS implementation.
+   Test suite for libnet calls.
+
+   Copyright (C) Rafal Szczesniak 2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/rpc/torture_rpc.h"
+#include "torture/libnet/usertest.h"
+#include "libnet/libnet.h"
+#include "librpc/gen_ndr/ndr_samr_c.h"
+#include "param/param.h"
+
+#include "torture/libnet/proto.h"
+
+
+static bool test_useradd(struct torture_context *tctx,
+			 struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+			 struct policy_handle *domain_handle,
+			 const char *name)
+{
+	NTSTATUS status;
+	bool ret = true;
+	struct libnet_rpc_useradd user;
+
+	user.in.domain_handle = *domain_handle;
+	user.in.username      = name;
+
+	torture_comment(tctx, "Testing libnet_rpc_useradd\n");
+
+	status = libnet_rpc_useradd(tctx->ev, p->binding_handle, mem_ctx, &user);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "Failed to call libnet_rpc_useradd - %s\n", nt_errstr(status));
+		return false;
+	}
+
+	return ret;
+}
+
+
+static bool test_useradd_async(struct torture_context *tctx,
+			       struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+			       struct policy_handle *handle, const char* username)
+{
+	NTSTATUS status;
+	struct composite_context *c;
+	struct libnet_rpc_useradd user;
+
+	user.in.domain_handle = *handle;
+	user.in.username      = username;
+
+	torture_comment(tctx, "Testing async libnet_rpc_useradd\n");
+
+	c = libnet_rpc_useradd_send(mem_ctx, tctx->ev, p->binding_handle,
+				    &user, msg_handler);
+	if (!c) {
+		torture_comment(tctx, "Failed to call async libnet_rpc_useradd\n");
+		return false;
+	}
+
+	status = libnet_rpc_useradd_recv(c, mem_ctx, &user);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "Calling async libnet_rpc_useradd failed - %s\n", nt_errstr(status));
+		return false;
+	}
+
+	return true;
+
+}
+
+static bool test_usermod(struct torture_context *tctx, struct dcerpc_pipe *p,
+			 TALLOC_CTX *mem_ctx,
+			 struct policy_handle *handle, int num_changes,
+			 struct libnet_rpc_usermod *mod, char **username)
+{
+	const char* logon_scripts[] = { "start_login.cmd", "login.bat", "start.cmd" };
+	const char* home_dirs[] = { "\\\\srv\\home", "\\\\homesrv\\home\\user", "\\\\pdcsrv\\domain" };
+	const char* home_drives[] = { "H:", "z:", "I:", "J:", "n:" };
+	const char *homedir, *homedrive, *logonscript;
+	const uint32_t flags[] = { (ACB_DISABLED | ACB_NORMAL | ACB_PW_EXPIRED),
+				   (ACB_NORMAL | ACB_PWNOEXP),
+				   (ACB_NORMAL | ACB_PW_EXPIRED) };
+
+	NTSTATUS status;
+	struct timeval now;
+	enum test_fields testfld;
+	int i;
+
+	ZERO_STRUCT(*mod);
+	srandom((unsigned)time(NULL));
+
+	mod->in.username = talloc_strdup(mem_ctx, *username);
+	mod->in.domain_handle = *handle;
+
+	torture_comment(tctx, "modifying user (%d simultaneous change(s))\n",
+			num_changes);
+
+	torture_comment(tctx, "fields to change: [");
+
+	for (i = 0; i < num_changes && i <= USER_FIELD_LAST; i++) {
+		const char *fldname;
+
+		testfld = (random() % USER_FIELD_LAST) + 1;
+
+		GetTimeOfDay(&now);
+
+		switch (testfld) {
+		case acct_name:
+			continue_if_field_set(mod->in.change.account_name);
+			mod->in.change.account_name = talloc_asprintf(mem_ctx, TEST_CHG_ACCOUNTNAME,
+								      (int)(random() % 100));
+			mod->in.change.fields |= USERMOD_FIELD_ACCOUNT_NAME;
+			fldname = "account_name";
+			*username = talloc_strdup(mem_ctx, mod->in.change.account_name);
+			break;
+
+		case acct_full_name:
+			continue_if_field_set(mod->in.change.full_name);
+			mod->in.change.full_name = talloc_asprintf(mem_ctx, TEST_CHG_FULLNAME,
+								  (int)random(), (int)random());
+			mod->in.change.fields |= USERMOD_FIELD_FULL_NAME;
+			fldname = "full_name";
+			break;
+
+		case acct_description:
+			continue_if_field_set(mod->in.change.description);
+			mod->in.change.description = talloc_asprintf(mem_ctx, TEST_CHG_DESCRIPTION,
+								    random());
+			mod->in.change.fields |= USERMOD_FIELD_DESCRIPTION;
+			fldname = "description";
+			break;
+
+		case acct_home_directory:
+			continue_if_field_set(mod->in.change.home_directory);
+			homedir = home_dirs[random() % (sizeof(home_dirs)/sizeof(char*))];
+			mod->in.change.home_directory = talloc_strdup(mem_ctx, homedir);
+			mod->in.change.fields |= USERMOD_FIELD_HOME_DIRECTORY;
+			fldname = "home_directory";
+			break;
+
+		case acct_home_drive:
+			continue_if_field_set(mod->in.change.home_drive);
+			homedrive = home_drives[random() % (sizeof(home_drives)/sizeof(char*))];
+			mod->in.change.home_drive = talloc_strdup(mem_ctx, homedrive);
+			mod->in.change.fields |= USERMOD_FIELD_HOME_DRIVE;
+			fldname = "home_drive";
+			break;
+
+		case acct_comment:
+			continue_if_field_set(mod->in.change.comment);
+			mod->in.change.comment = talloc_asprintf(mem_ctx, TEST_CHG_COMMENT,
+								random(), random());
+			mod->in.change.fields |= USERMOD_FIELD_COMMENT;
+			fldname = "comment";
+			break;
+
+		case acct_logon_script:
+			continue_if_field_set(mod->in.change.logon_script);
+			logonscript = logon_scripts[random() % (sizeof(logon_scripts)/sizeof(char*))];
+			mod->in.change.logon_script = talloc_strdup(mem_ctx, logonscript);
+			mod->in.change.fields |= USERMOD_FIELD_LOGON_SCRIPT;
+			fldname = "logon_script";
+			break;
+
+		case acct_profile_path:
+			continue_if_field_set(mod->in.change.profile_path);
+			mod->in.change.profile_path = talloc_asprintf(mem_ctx, TEST_CHG_PROFILEPATH,
+								     (long int)random(), (unsigned int)random());
+			mod->in.change.fields |= USERMOD_FIELD_PROFILE_PATH;
+			fldname = "profile_path";
+			break;
+
+		case acct_expiry:
+			continue_if_field_set(mod->in.change.acct_expiry);
+			now = timeval_add(&now, (random() % (31*24*60*60)), 0);
+			mod->in.change.acct_expiry = (struct timeval *)talloc_memdup(mem_ctx, &now, sizeof(now));
+			mod->in.change.fields |= USERMOD_FIELD_ACCT_EXPIRY;
+			fldname = "acct_expiry";
+			break;
+
+		case acct_flags:
+			continue_if_field_set(mod->in.change.acct_flags);
+			mod->in.change.acct_flags = flags[random() % ARRAY_SIZE(flags)];
+			mod->in.change.fields |= USERMOD_FIELD_ACCT_FLAGS;
+			fldname = "acct_flags";
+			break;
+
+		default:
+			fldname = talloc_asprintf(mem_ctx, "unknown_field (%d)", testfld);
+			break;
+		}
+
+		torture_comment(tctx, ((i < num_changes - 1) ? "%s," : "%s"), fldname);
+	}
+	torture_comment(tctx, "]\n");
+
+	status = libnet_rpc_usermod(tctx->ev, p->binding_handle, mem_ctx, mod);
+	torture_assert_ntstatus_ok(tctx, status, "Failed to call sync libnet_rpc_usermod");
+
+	return true;
+}
+
+
+static bool test_userdel(struct torture_context *tctx,
+			 struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+			 struct policy_handle *handle, const char *username)
+{
+	NTSTATUS status;
+	struct libnet_rpc_userdel user;
+
+	ZERO_STRUCT(user);
+
+	user.in.domain_handle = *handle;
+	user.in.username = username;
+
+	status = libnet_rpc_userdel(tctx->ev, p->binding_handle, mem_ctx, &user);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "Failed to call sync libnet_rpc_userdel - %s\n", nt_errstr(status));
+		return false;
+	}
+
+	return true;
+}
+
+
+#define CMP_LSA_STRING_FLD(fld, flags) \
+	if ((mod->in.change.fields & flags) && \
+	    !strequal(i->fld.string, mod->in.change.fld)) { \
+		torture_comment(tctx, "'%s' field does not match\n", #fld); \
+		torture_comment(tctx, "received: '%s'\n", i->fld.string); \
+		torture_comment(tctx, "expected: '%s'\n", mod->in.change.fld); \
+		return false; \
+	}
+
+
+#define CMP_TIME_FLD(fld, flags) \
+	if (mod->in.change.fields & flags) { \
+		nttime_to_timeval(&t, i->fld); \
+		if (timeval_compare(&t, mod->in.change.fld)) { \
+			torture_comment(tctx, "'%s' field does not match\n", #fld); \
+			torture_comment(tctx, "received: '%s (+%ld us)'\n", \
+			       timestring(mem_ctx, t.tv_sec), (long)t.tv_usec); \
+			torture_comment(tctx, "expected: '%s (+%ld us)'\n", \
+			       timestring(mem_ctx, mod->in.change.fld->tv_sec), \
+			       (long)mod->in.change.fld->tv_usec); \
+			return false; \
+		} \
+	}
+
+#define CMP_NUM_FLD(fld, flags) \
+	if ((mod->in.change.fields & flags) && \
+	    (i->fld != mod->in.change.fld)) { \
+		torture_comment(tctx, "'%s' field does not match\n", #fld); \
+		torture_comment(tctx, "received: '%04x'\n", i->fld); \
+		torture_comment(tctx, "expected: '%04x'\n", mod->in.change.fld); \
+		return false; \
+	}
+
+
+static bool test_compare(struct torture_context *tctx,
+			 struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+			 struct policy_handle *handle, struct libnet_rpc_usermod *mod,
+			 const char *username)
+{
+	NTSTATUS status;
+	struct libnet_rpc_userinfo info;
+	struct samr_UserInfo21 *i;
+	struct timeval t;
+
+	ZERO_STRUCT(info);
+
+	info.in.username = username;
+	info.in.domain_handle = *handle;
+	info.in.level = 21;             /* the most rich infolevel available */
+
+	status = libnet_rpc_userinfo(tctx->ev, p->binding_handle, mem_ctx, &info);
+	torture_assert_ntstatus_ok(tctx, status, "Failed to call sync libnet_rpc_userinfo");
+
+	i = &info.out.info.info21;
+
+	CMP_LSA_STRING_FLD(account_name, USERMOD_FIELD_ACCOUNT_NAME);
+	CMP_LSA_STRING_FLD(full_name, USERMOD_FIELD_FULL_NAME);
+	CMP_LSA_STRING_FLD(description, USERMOD_FIELD_DESCRIPTION);
+	CMP_LSA_STRING_FLD(comment, USERMOD_FIELD_COMMENT);
+	CMP_LSA_STRING_FLD(logon_script, USERMOD_FIELD_LOGON_SCRIPT);
+	CMP_LSA_STRING_FLD(profile_path, USERMOD_FIELD_PROFILE_PATH);
+	CMP_LSA_STRING_FLD(home_directory, USERMOD_FIELD_HOME_DIRECTORY);
+	CMP_LSA_STRING_FLD(home_drive, USERMOD_FIELD_HOME_DRIVE);
+	CMP_TIME_FLD(acct_expiry, USERMOD_FIELD_ACCT_EXPIRY);
+	CMP_NUM_FLD(acct_flags, USERMOD_FIELD_ACCT_FLAGS)
+
+	return true;
+}
+
+
+bool torture_useradd(struct torture_context *torture)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p;
+	struct policy_handle h;
+	struct lsa_String domain_name;
+	struct dom_sid2 sid;
+	const char *name = TEST_USERNAME;
+	TALLOC_CTX *mem_ctx;
+	bool ret = true;
+	struct dcerpc_binding_handle *b;
+
+	mem_ctx = talloc_init("test_useradd");
+
+	status = torture_rpc_connection(torture,
+					&p,
+					&ndr_table_samr);
+
+	torture_assert_ntstatus_ok(torture, status, "RPC connect failed");
+	b = p->binding_handle;
+
+	domain_name.string = lpcfg_workgroup(torture->lp_ctx);
+	if (!test_domain_open(torture, b, &domain_name, mem_ctx, &h, &sid)) {
+		ret = false;
+		goto done;
+	}
+
+	if (!test_useradd(torture, p, mem_ctx, &h, name)) {
+		ret = false;
+		goto done;
+	}
+
+	if (!test_user_cleanup(torture, b, mem_ctx, &h, name)) {
+		ret = false;
+		goto done;
+	}
+
+	if (!test_domain_open(torture, b, &domain_name, mem_ctx, &h, &sid)) {
+		ret = false;
+		goto done;
+	}
+
+	if (!test_useradd_async(torture, p, mem_ctx, &h, name)) {
+		ret = false;
+		goto done;
+	}
+
+	if (!test_user_cleanup(torture, b, mem_ctx, &h, name)) {
+		ret = false;
+		goto done;
+	}
+
+done:
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+
+bool torture_userdel(struct torture_context *torture)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p;
+	struct policy_handle h;
+	struct lsa_String domain_name;
+	struct dom_sid2 sid;
+	uint32_t rid;
+	const char *name = TEST_USERNAME;
+	TALLOC_CTX *mem_ctx;
+	bool ret = true;
+	struct dcerpc_binding_handle *b;
+
+	mem_ctx = talloc_init("test_userdel");
+
+	status = torture_rpc_connection(torture,
+					&p,
+					&ndr_table_samr);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+	b = p->binding_handle;
+
+	domain_name.string = lpcfg_workgroup(torture->lp_ctx);
+	if (!test_domain_open(torture, b, &domain_name, mem_ctx, &h, &sid)) {
+		ret = false;
+		goto done;
+	}
+
+	if (!test_user_create(torture, b, mem_ctx, &h, name, &rid)) {
+		ret = false;
+		goto done;
+	}
+
+	if (!test_userdel(torture, p, mem_ctx, &h, name)) {
+		ret = false;
+		goto done;
+	}
+
+done:
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+
+bool torture_usermod(struct torture_context *torture)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p;
+	struct policy_handle h;
+	struct lsa_String domain_name;
+	struct dom_sid2 sid;
+	uint32_t rid;
+	int i;
+	char *name;
+	TALLOC_CTX *mem_ctx;
+	bool ret = true;
+	struct dcerpc_binding_handle *b;
+
+	mem_ctx = talloc_init("test_userdel");
+
+	status = torture_rpc_connection(torture,
+					&p,
+					&ndr_table_samr);
+
+	torture_assert_ntstatus_ok(torture, status, "RPC connect");
+	b = p->binding_handle;
+
+	domain_name.string = lpcfg_workgroup(torture->lp_ctx);
+	name = talloc_strdup(mem_ctx, TEST_USERNAME);
+
+	if (!test_domain_open(torture, b, &domain_name, mem_ctx, &h, &sid)) {
+		ret = false;
+		goto done;
+	}
+
+	if (!test_user_create(torture, b, mem_ctx, &h, name, &rid)) {
+		ret = false;
+		goto done;
+	}
+
+	for (i = USER_FIELD_FIRST; i <= USER_FIELD_LAST; i++) {
+		struct libnet_rpc_usermod m;
+
+		if (!test_usermod(torture, p, mem_ctx, &h, i, &m, &name)) {
+			ret = false;
+			goto cleanup;
+		}
+
+		if (!test_compare(torture, p, mem_ctx, &h, &m, name)) {
+			ret = false;
+			goto cleanup;
+		}
+	}
+
+cleanup:
+	if (!test_user_cleanup(torture, b, mem_ctx, &h, TEST_USERNAME)) {
+		ret = false;
+		goto done;
+	}
+
+done:
+	talloc_free(mem_ctx);
+	return ret;
+}
diff --git a/source4/torture/libnet/usertest.h b/source4/torture/libnet/usertest.h
new file mode 100644
index 0000000..b3b2dc1
--- /dev/null
+++ b/source4/torture/libnet/usertest.h
@@ -0,0 +1,42 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Rafal Szczesniak 2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#define TEST_USERNAME  "libnetusertest"
+
+#define continue_if_field_set(field) \
+	if (field != 0) { \
+		i--; \
+		continue; \
+	}
+
+
+#define USER_FIELD_FIRST	acct_name
+#define USER_FIELD_LAST 	acct_flags
+
+enum test_fields { none = 0,
+		   acct_name, acct_full_name, acct_description,
+		   acct_home_directory, acct_home_drive, acct_comment,
+		   acct_logon_script, acct_profile_path, acct_expiry, acct_flags };
+
+
+#define TEST_CHG_ACCOUNTNAME   "newlibnetusertest%02d"
+#define TEST_CHG_DESCRIPTION   "Sample description %ld"
+#define TEST_CHG_FULLNAME      "First%04x Last%04x"
+#define TEST_CHG_COMMENT       "Comment[%04lu%04lu]"
+#define TEST_CHG_PROFILEPATH   "\\\\srv%04ld\\profile%02u\\prof"
diff --git a/source4/torture/libnet/utils.c b/source4/torture/libnet/utils.c
new file mode 100644
index 0000000..c0e0e65
--- /dev/null
+++ b/source4/torture/libnet/utils.c
@@ -0,0 +1,556 @@
+/*
+   Unix SMB/CIFS implementation.
+   Test suite for libnet calls.
+
+   Copyright (C) Rafal Szczesniak 2007
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ * These are more general use functions shared among the tests.
+ */
+
+#include "includes.h"
+#include "lib/cmdline/cmdline.h"
+#include "torture/rpc/torture_rpc.h"
+#include "libnet/libnet.h"
+#include "librpc/gen_ndr/ndr_samr_c.h"
+#include "librpc/gen_ndr/ndr_lsa_c.h"
+#include "torture/libnet/proto.h"
+#include "ldb_wrap.h"
+
+/**
+ * Opens handle on Domain using SAMR
+ *
+ * @param _domain_handle [out] Ptr to storage to store Domain handle
+ * @param _dom_sid [out] If NULL, Domain SID won't be returned
+ */
+bool test_domain_open(struct torture_context *tctx,
+		      struct dcerpc_binding_handle *b,
+		      struct lsa_String *domname,
+		      TALLOC_CTX *mem_ctx,
+		      struct policy_handle *_domain_handle,
+		      struct dom_sid2 *_dom_sid)
+{
+	struct policy_handle connect_handle;
+	struct policy_handle domain_handle;
+	struct samr_Connect r1;
+	struct samr_LookupDomain r2;
+	struct dom_sid2 *sid = NULL;
+	struct samr_OpenDomain r3;
+
+	torture_comment(tctx, "connecting\n");
+
+	r1.in.system_name = 0;
+	r1.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r1.out.connect_handle = &connect_handle;
+
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_samr_Connect_r(b, mem_ctx, &r1),
+				   "Connect failed");
+	torture_assert_ntstatus_ok(tctx, r1.out.result,
+				   "Connect failed");
+
+	r2.in.connect_handle = &connect_handle;
+	r2.in.domain_name = domname;
+	r2.out.sid = &sid;
+
+	torture_comment(tctx, "domain lookup on %s\n", domname->string);
+
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_samr_LookupDomain_r(b, mem_ctx, &r2),
+				   "LookupDomain failed");
+	torture_assert_ntstatus_ok(tctx, r2.out.result,
+				   "LookupDomain failed");
+
+	r3.in.connect_handle = &connect_handle;
+	r3.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r3.in.sid = *r2.out.sid;
+	r3.out.domain_handle = &domain_handle;
+
+	torture_comment(tctx, "opening domain %s\n", domname->string);
+
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_samr_OpenDomain_r(b, mem_ctx, &r3),
+				   "OpenDomain failed");
+	torture_assert_ntstatus_ok(tctx, r3.out.result,
+				   "OpenDomain failed");
+
+	*_domain_handle = domain_handle;
+
+	if (_dom_sid) {
+		*_dom_sid = **r2.out.sid;
+	}
+
+	/* Close connect_handle, we don't need it anymore */
+	test_samr_close_handle(tctx, b, mem_ctx, &connect_handle);
+
+	return true;
+}
+
+
+/**
+ * Find out user's samAccountName for given
+ * user RDN. We need samAccountName value
+ * when deleting users.
+ */
+static bool _get_account_name_for_user_rdn(struct torture_context *tctx,
+					   const char *user_rdn,
+					   TALLOC_CTX *mem_ctx,
+					   const char **_account_name)
+{
+	const char *url;
+	struct ldb_context *ldb;
+	TALLOC_CTX *tmp_ctx;
+	bool test_res = true;
+	const char *hostname = torture_setting_string(tctx, "host", NULL);
+	int ldb_ret;
+	struct ldb_result *ldb_res;
+	const char *account_name = NULL;
+	static const char *attrs[] = {
+		"samAccountName",
+		NULL
+	};
+
+	torture_assert(tctx, hostname != NULL, "Failed to get hostname");
+
+	tmp_ctx = talloc_new(tctx);
+	torture_assert(tctx, tmp_ctx != NULL, "Failed to create temporary mem context");
+
+	url = talloc_asprintf(tmp_ctx, "ldap://%s/", hostname);
+	torture_assert_goto(tctx, url != NULL, test_res, done, "Failed to allocate URL for ldb");
+
+	ldb = ldb_wrap_connect(tmp_ctx,
+	                       tctx->ev, tctx->lp_ctx,
+	                       url, NULL, samba_cmdline_get_creds(), 0);
+	torture_assert_goto(tctx, ldb != NULL, test_res, done, "Failed to make LDB connection");
+
+	ldb_ret = ldb_search(ldb, tmp_ctx, &ldb_res,
+	                     ldb_get_default_basedn(ldb), LDB_SCOPE_SUBTREE,
+	                     attrs,
+	                     "(&(objectClass=user)(name=%s))", user_rdn);
+	if (LDB_SUCCESS == ldb_ret && 1 == ldb_res->count) {
+		account_name = ldb_msg_find_attr_as_string(ldb_res->msgs[0], "samAccountName", NULL);
+	}
+
+	/* return user_rdn by default */
+	if (!account_name) {
+		account_name = user_rdn;
+	}
+
+	/* duplicate memory in parent context */
+	*_account_name = talloc_strdup(mem_ctx, account_name);
+
+done:
+	talloc_free(tmp_ctx);
+	return test_res;
+}
+
+/**
+ * Removes user by RDN through SAMR interface.
+ *
+ * @param domain_handle [in] Domain handle
+ * @param user_rdn [in] User's RDN in ldap database
+ */
+bool test_user_cleanup(struct torture_context *tctx,
+		       struct dcerpc_binding_handle *b,
+		       TALLOC_CTX *mem_ctx,
+		       struct policy_handle *domain_handle,
+		       const char *user_rdn)
+{
+	struct samr_LookupNames r1;
+	struct samr_OpenUser r2;
+	struct samr_DeleteUser r3;
+	struct lsa_String names[2];
+	uint32_t rid;
+	struct policy_handle user_handle;
+	struct samr_Ids rids, types;
+	const char *account_name;
+
+	if (!_get_account_name_for_user_rdn(tctx, user_rdn, mem_ctx, &account_name)) {
+		torture_result(tctx, TORTURE_FAIL,
+		               __location__": Failed to find samAccountName for %s", user_rdn);
+		return false;
+	}
+
+	names[0].string = account_name;
+
+	r1.in.domain_handle  = domain_handle;
+	r1.in.num_names      = 1;
+	r1.in.names          = names;
+	r1.out.rids          = &rids;
+	r1.out.types         = &types;
+
+	torture_comment(tctx, "user account lookup '%s'\n", account_name);
+
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_samr_LookupNames_r(b, mem_ctx, &r1),
+				   "LookupNames failed");
+	torture_assert_ntstatus_ok(tctx, r1.out.result,
+				   "LookupNames failed");
+
+	rid = r1.out.rids->ids[0];
+
+	r2.in.domain_handle  = domain_handle;
+	r2.in.access_mask    = SEC_FLAG_MAXIMUM_ALLOWED;
+	r2.in.rid            = rid;
+	r2.out.user_handle   = &user_handle;
+
+	torture_comment(tctx, "opening user account\n");
+
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_samr_OpenUser_r(b, mem_ctx, &r2),
+				   "OpenUser failed");
+	torture_assert_ntstatus_ok(tctx, r2.out.result,
+				   "OpenUser failed");
+
+	r3.in.user_handle  = &user_handle;
+	r3.out.user_handle = &user_handle;
+
+	torture_comment(tctx, "deleting user account\n");
+
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_samr_DeleteUser_r(b, mem_ctx, &r3),
+				   "DeleteUser failed");
+	torture_assert_ntstatus_ok(tctx, r3.out.result,
+				   "DeleteUser failed");
+
+	return true;
+}
+
+
+/**
+ * Creates new user using SAMR
+ *
+ * @param name [in] Username for user to create
+ * @param rid [out] If NULL, User's RID is not returned
+ */
+bool test_user_create(struct torture_context *tctx,
+		      struct dcerpc_binding_handle *b,
+		      TALLOC_CTX *mem_ctx,
+		      struct policy_handle *domain_handle,
+		      const char *name,
+		      uint32_t *rid)
+{
+	struct policy_handle user_handle;
+	struct lsa_String username;
+	struct samr_CreateUser r;
+	uint32_t user_rid;
+
+	username.string = name;
+
+	r.in.domain_handle = domain_handle;
+	r.in.account_name  = &username;
+	r.in.access_mask   = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.user_handle  = &user_handle;
+	/* return user's RID only if requested */
+	r.out.rid 	   = rid ? rid : &user_rid;
+
+	torture_comment(tctx, "creating user '%s'\n", username.string);
+
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_samr_CreateUser_r(b, mem_ctx, &r),
+				   "CreateUser RPC call failed");
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		torture_comment(tctx, "CreateUser failed - %s\n", nt_errstr(r.out.result));
+
+		if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_USER_EXISTS)) {
+			torture_comment(tctx,
+			                "User (%s) already exists - "
+			                "attempting to delete and recreate account again\n",
+			                username.string);
+			if (!test_user_cleanup(tctx, b, mem_ctx, domain_handle, username.string)) {
+				return false;
+			}
+
+			torture_comment(tctx, "creating user account\n");
+
+			torture_assert_ntstatus_ok(tctx,
+						   dcerpc_samr_CreateUser_r(b, mem_ctx, &r),
+						   "CreateUser RPC call failed");
+			torture_assert_ntstatus_ok(tctx, r.out.result,
+						   "CreateUser failed");
+
+			/* be nice and close opened handles */
+			test_samr_close_handle(tctx, b, mem_ctx, &user_handle);
+
+			return true;
+		}
+		return false;
+	}
+
+	/* be nice and close opened handles */
+	test_samr_close_handle(tctx, b, mem_ctx, &user_handle);
+
+	return true;
+}
+
+
+/**
+ * Deletes a Group using SAMR interface
+ */
+bool test_group_cleanup(struct torture_context *tctx,
+			struct dcerpc_binding_handle *b,
+			TALLOC_CTX *mem_ctx,
+			struct policy_handle *domain_handle,
+			const char *name)
+{
+	struct samr_LookupNames r1;
+	struct samr_OpenGroup r2;
+	struct samr_DeleteDomainGroup r3;
+	struct lsa_String names[2];
+	uint32_t rid;
+	struct policy_handle group_handle;
+	struct samr_Ids rids, types;
+
+	names[0].string = name;
+
+	r1.in.domain_handle  = domain_handle;
+	r1.in.num_names      = 1;
+	r1.in.names          = names;
+	r1.out.rids          = &rids;
+	r1.out.types         = &types;
+
+	torture_comment(tctx, "group account lookup '%s'\n", name);
+
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_samr_LookupNames_r(b, mem_ctx, &r1),
+				   "LookupNames failed");
+	torture_assert_ntstatus_ok(tctx, r1.out.result,
+				   "LookupNames failed");
+
+	rid = r1.out.rids->ids[0];
+
+	r2.in.domain_handle  = domain_handle;
+	r2.in.access_mask    = SEC_FLAG_MAXIMUM_ALLOWED;
+	r2.in.rid            = rid;
+	r2.out.group_handle  = &group_handle;
+
+	torture_comment(tctx, "opening group account\n");
+
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_samr_OpenGroup_r(b, mem_ctx, &r2),
+				   "OpenGroup failed");
+	torture_assert_ntstatus_ok(tctx, r2.out.result,
+				   "OpenGroup failed");
+
+	r3.in.group_handle  = &group_handle;
+	r3.out.group_handle = &group_handle;
+
+	torture_comment(tctx, "deleting group account\n");
+
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_samr_DeleteDomainGroup_r(b, mem_ctx, &r3),
+				   "DeleteGroup failed");
+	torture_assert_ntstatus_ok(tctx, r3.out.result,
+				   "DeleteGroup failed");
+
+	return true;
+}
+
+
+/**
+ * Creates a Group object using SAMR interface
+ *
+ * @param group_name [in] Name of the group to create
+ * @param rid [out] RID of group created. May be NULL in
+ *                  which case RID is not required by caller
+ */
+bool test_group_create(struct torture_context *tctx,
+		       struct dcerpc_binding_handle *b,
+		       TALLOC_CTX *mem_ctx,
+		       struct policy_handle *handle,
+		       const char *group_name,
+		       uint32_t *rid)
+{
+	uint32_t group_rid;
+	struct lsa_String groupname;
+	struct samr_CreateDomainGroup r;
+	struct policy_handle group_handle;
+
+	groupname.string = group_name;
+
+	r.in.domain_handle  = handle;
+	r.in.name           = &groupname;
+	r.in.access_mask    = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.group_handle  = &group_handle;
+	/* use local variable in case caller
+	 * don't care about the group RID */
+	r.out.rid           = rid ? rid : &group_rid;
+
+	torture_comment(tctx, "creating group account %s\n", group_name);
+
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_samr_CreateDomainGroup_r(b, mem_ctx, &r),
+				   "CreateGroup failed");
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		torture_comment(tctx, "CreateGroup failed - %s\n", nt_errstr(r.out.result));
+
+		if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_GROUP_EXISTS)) {
+			torture_comment(tctx,
+			                "Group (%s) already exists - "
+			                "attempting to delete and recreate group again\n",
+			                group_name);
+			if (!test_group_cleanup(tctx, b, mem_ctx, handle, group_name)) {
+				return false;
+			}
+
+			torture_comment(tctx, "creating group account\n");
+
+			torture_assert_ntstatus_ok(tctx,
+						   dcerpc_samr_CreateDomainGroup_r(b, mem_ctx, &r),
+						   "CreateGroup failed");
+			torture_assert_ntstatus_ok(tctx, r.out.result,
+						   "CreateGroup failed");
+
+			/* be nice and close opened handles */
+			test_samr_close_handle(tctx, b, mem_ctx, &group_handle);
+
+			return true;
+		}
+		return false;
+	}
+
+	/* be nice and close opened handles */
+	test_samr_close_handle(tctx, b, mem_ctx, &group_handle);
+
+	return true;
+}
+
+/**
+ * Closes SAMR handle obtained from Connect, Open User/Domain, etc
+ */
+bool test_samr_close_handle(struct torture_context *tctx,
+			    struct dcerpc_binding_handle *b,
+			    TALLOC_CTX *mem_ctx,
+			    struct policy_handle *samr_handle)
+{
+	struct samr_Close r;
+
+	r.in.handle = samr_handle;
+	r.out.handle = samr_handle;
+
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_samr_Close_r(b, mem_ctx, &r),
+				   "Close SAMR handle RPC call failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+				   "Close SAMR handle failed");
+
+	return true;
+}
+
+/**
+ * Closes LSA handle obtained from Connect, Open Group, etc
+ */
+bool test_lsa_close_handle(struct torture_context *tctx,
+			   struct dcerpc_binding_handle *b,
+			   TALLOC_CTX *mem_ctx,
+			   struct policy_handle *lsa_handle)
+{
+	struct lsa_Close r;
+
+	r.in.handle = lsa_handle;
+	r.out.handle = lsa_handle;
+
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_lsa_Close_r(b, mem_ctx, &r),
+				   "Close LSA handle RPC call failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+				   "Close LSA handle failed");
+
+	return true;
+}
+
+/**
+ * Create and initialize libnet_context Context.
+ * Use this function in cases where we need to have SAMR and LSA pipes
+ * of libnet_context to be connected before executing any other
+ * libnet call
+ *
+ * @param rpc_connect [in] Connects SAMR and LSA pipes
+ */
+bool test_libnet_context_init(struct torture_context *tctx,
+			      bool rpc_connect,
+			      struct libnet_context **_net_ctx)
+{
+	NTSTATUS status;
+	bool bret = true;
+	struct libnet_context *net_ctx;
+
+	net_ctx = libnet_context_init(tctx->ev, tctx->lp_ctx);
+	torture_assert(tctx, net_ctx != NULL, "Failed to create libnet_context");
+
+	/* Use command line credentials for testing */
+	net_ctx->cred = samba_cmdline_get_creds();
+
+	if (rpc_connect) {
+		/* connect SAMR pipe */
+		status = torture_rpc_connection(tctx,
+						&net_ctx->samr.pipe,
+						&ndr_table_samr);
+		torture_assert_ntstatus_ok_goto(tctx, status, bret, done,
+						"Failed to connect SAMR pipe");
+
+		net_ctx->samr.samr_handle = net_ctx->samr.pipe->binding_handle;
+
+		/* connect LSARPC pipe */
+		status = torture_rpc_connection(tctx,
+						&net_ctx->lsa.pipe,
+						&ndr_table_lsarpc);
+		torture_assert_ntstatus_ok_goto(tctx, status, bret, done,
+						"Failed to connect LSA pipe");
+
+		net_ctx->lsa.lsa_handle = net_ctx->lsa.pipe->binding_handle;
+	}
+
+	*_net_ctx = net_ctx;
+
+done:
+	if (!bret) {
+		/* a previous call has failed,
+		 * clean up memory before exit */
+		talloc_free(net_ctx);
+	}
+	return bret;
+}
+
+
+void msg_handler(struct monitor_msg *m)
+{
+	struct msg_rpc_open_user *msg_open;
+	struct msg_rpc_query_user *msg_query;
+	struct msg_rpc_close_user *msg_close;
+	struct msg_rpc_create_user *msg_create;
+
+	switch (m->type) {
+	case mon_SamrOpenUser:
+		msg_open = (struct msg_rpc_open_user*)m->data;
+		printf("monitor_msg: user opened (rid=%d, access_mask=0x%08x)\n",
+		       msg_open->rid, msg_open->access_mask);
+		break;
+	case mon_SamrQueryUser:
+		msg_query = (struct msg_rpc_query_user*)m->data;
+		printf("monitor_msg: user queried (level=%d)\n", msg_query->level);
+		break;
+	case mon_SamrCloseUser:
+		msg_close = (struct msg_rpc_close_user*)m->data;
+		printf("monitor_msg: user closed (rid=%d)\n", msg_close->rid);
+		break;
+	case mon_SamrCreateUser:
+		msg_create = (struct msg_rpc_create_user*)m->data;
+		printf("monitor_msg: user created (rid=%d)\n", msg_create->rid);
+		break;
+	}
+}
diff --git a/source4/torture/libnetapi/libnetapi.c b/source4/torture/libnetapi/libnetapi.c
new file mode 100644
index 0000000..fa6dcef
--- /dev/null
+++ b/source4/torture/libnetapi/libnetapi.c
@@ -0,0 +1,94 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB torture tester
+   Copyright (C) Guenther Deschner 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "source3/include/includes.h"
+#include "torture/smbtorture.h"
+#include "auth/credentials/credentials.h"
+#include "lib/cmdline/cmdline.h"
+#include "source3/lib/netapi/netapi.h"
+#include "source3/lib/netapi/netapi_private.h"
+#include "lib/param/param.h"
+#include "torture/libnetapi/proto.h"
+
+bool torture_libnetapi_init_context(struct torture_context *tctx,
+				    struct libnetapi_ctx **ctx_p)
+{
+	NET_API_STATUS status;
+	struct libnetapi_ctx *ctx;
+	TALLOC_CTX *frame = talloc_stackframe();
+	struct cli_credentials *creds = samba_cmdline_get_creds();
+
+	if (!lp_load_global(lpcfg_configfile(tctx->lp_ctx))) {
+		fprintf(stderr, "error loading %s\n", lpcfg_configfile(tctx->lp_ctx));
+		talloc_free(frame);
+		return W_ERROR_V(WERR_GEN_FAILURE);
+	}
+
+	load_interfaces();
+
+	status = libnetapi_net_init(&ctx, tctx->lp_ctx, creds);
+	if (status != 0) {
+		talloc_free(frame);
+		return false;
+	}
+
+	*ctx_p = ctx;
+
+	talloc_free(frame);
+	return true;
+}
+
+static bool torture_libnetapi_initialize(struct torture_context *tctx)
+{
+        NET_API_STATUS status;
+	struct libnetapi_ctx *ctx;
+
+	/* We must do this first, as otherwise we fail if we don't
+	 * have an smb.conf in the default path (we need to use the
+	 * torture smb.conf */
+	torture_assert(tctx, torture_libnetapi_init_context(tctx, &ctx),
+		       "failed to initialize libnetapi");
+
+	status = libnetapi_init(&ctx);
+
+	torture_assert(tctx, ctx != NULL, "Failed to get a libnetapi_ctx");
+	torture_assert_int_equal(tctx, status, 0, "libnetapi_init failed despite already being set up");
+
+	libnetapi_free(ctx);
+
+	return true;
+}
+
+NTSTATUS torture_libnetapi_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite;
+
+	suite = torture_suite_create(ctx, "netapi");
+
+	torture_suite_add_simple_test(suite, "server", torture_libnetapi_server);
+	torture_suite_add_simple_test(suite, "group", torture_libnetapi_group);
+	torture_suite_add_simple_test(suite, "user", torture_libnetapi_user);
+	torture_suite_add_simple_test(suite, "initialize", torture_libnetapi_initialize);
+
+	suite->description = talloc_strdup(suite, "libnetapi convenience interface tests");
+
+	torture_register_suite(ctx, suite);
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/torture/libnetapi/libnetapi_group.c b/source4/torture/libnetapi/libnetapi_group.c
new file mode 100644
index 0000000..6f6d3e2
--- /dev/null
+++ b/source4/torture/libnetapi/libnetapi_group.c
@@ -0,0 +1,522 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB torture tester
+   Copyright (C) Guenther Deschner 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/smbtorture.h"
+#include <netapi.h>
+#include "torture/libnetapi/proto.h"
+
+#undef strcasecmp
+
+#define TORTURE_TEST_USER "testuser"
+
+#define NETAPI_STATUS(tctx, x,y,fn) \
+	torture_warning(tctx, "FAILURE: line %d: %s failed with status: %s (%d)\n", \
+		__LINE__, fn, libnetapi_get_error_string(x,y), y);
+
+#define NETAPI_STATUS_MSG(tctx, x,y,fn,z) \
+	torture_warning(tctx, "FAILURE: line %d: %s failed with status: %s (%d), %s\n", \
+		__LINE__, fn, libnetapi_get_error_string(x,y), y, z);
+
+static NET_API_STATUS test_netgroupenum(struct torture_context *tctx,
+					const char *hostname,
+					uint32_t level,
+				        const char *groupname)
+{
+	NET_API_STATUS status;
+	uint32_t entries_read = 0;
+	uint32_t total_entries = 0;
+	uint32_t resume_handle = 0;
+	int found_group = 0;
+	const char *current_name = NULL;
+	uint8_t *buffer = NULL;
+	int i;
+
+	struct GROUP_INFO_0 *info0 = NULL;
+	struct GROUP_INFO_1 *info1 = NULL;
+	struct GROUP_INFO_2 *info2 = NULL;
+	struct GROUP_INFO_3 *info3 = NULL;
+
+	torture_comment(tctx, "Testing NetGroupEnum level %d\n", level);
+
+	do {
+		status = NetGroupEnum(hostname,
+				      level,
+				      &buffer,
+				      (uint32_t)-1,
+				      &entries_read,
+				      &total_entries,
+				      &resume_handle);
+		if (status == 0 || status == ERROR_MORE_DATA) {
+			switch (level) {
+				case 0:
+					info0 = (struct GROUP_INFO_0 *)buffer;
+					break;
+				case 1:
+					info1 = (struct GROUP_INFO_1 *)buffer;
+					break;
+				case 2:
+					info2 = (struct GROUP_INFO_2 *)buffer;
+					break;
+				case 3:
+					info3 = (struct GROUP_INFO_3 *)buffer;
+					break;
+				default:
+					return -1;
+			}
+
+			for (i=0; i<entries_read; i++) {
+
+				switch (level) {
+					case 0:
+						current_name = 	info0->grpi0_name;
+						break;
+					case 1:
+						current_name = 	info1->grpi1_name;
+						break;
+					case 2:
+						current_name = 	info2->grpi2_name;
+						break;
+					case 3:
+						current_name = 	info3->grpi3_name;
+						break;
+					default:
+						break;
+				}
+
+				if (strcasecmp(current_name, groupname) == 0) {
+					found_group = 1;
+				}
+
+				switch (level) {
+					case 0:
+						info0++;
+						break;
+					case 1:
+						info1++;
+						break;
+					case 2:
+						info2++;
+						break;
+					case 3:
+						info3++;
+						break;
+				}
+			}
+			NetApiBufferFree(buffer);
+		}
+	} while (status == ERROR_MORE_DATA);
+
+	if (status) {
+		return status;
+	}
+
+	if (!found_group) {
+		torture_comment(tctx, "failed to get group\n");
+		return -1;
+	}
+
+	return 0;
+}
+
+static NET_API_STATUS test_netgroupgetusers(struct torture_context *tctx,
+					    const char *hostname,
+					    uint32_t level,
+					    const char *groupname,
+					    const char *username)
+{
+	NET_API_STATUS status;
+	uint32_t entries_read = 0;
+	uint32_t total_entries = 0;
+	uint32_t resume_handle = 0;
+	int found_user = 0;
+	const char *current_name = NULL;
+	uint8_t *buffer = NULL;
+	int i;
+
+	struct GROUP_USERS_INFO_0 *info0 = NULL;
+	struct GROUP_USERS_INFO_1 *info1 = NULL;
+
+	torture_comment(tctx, "Testing NetGroupGetUsers level %d\n", level);
+
+	do {
+		status = NetGroupGetUsers(hostname,
+					  groupname,
+					  level,
+					  &buffer,
+					  (uint32_t)-1,
+					  &entries_read,
+					  &total_entries,
+					  &resume_handle);
+		if (status == 0 || status == ERROR_MORE_DATA) {
+
+			switch (level) {
+				case 0:
+					info0 = (struct GROUP_USERS_INFO_0 *)buffer;
+					break;
+				case 1:
+					info1 = (struct GROUP_USERS_INFO_1 *)buffer;
+					break;
+				default:
+					break;
+			}
+			for (i=0; i<entries_read; i++) {
+				switch (level) {
+					case 0:
+						current_name = info0->grui0_name;
+						break;
+					case 1:
+						current_name = info1->grui1_name;
+						break;
+					default:
+						break;
+				}
+
+				if (username && strcasecmp(current_name, username) == 0) {
+					found_user = 1;
+				}
+
+				switch (level) {
+					case 0:
+						info0++;
+						break;
+					case 1:
+						info1++;
+						break;
+				}
+			}
+			NetApiBufferFree(buffer);
+		}
+	} while (status == ERROR_MORE_DATA);
+
+	if (status) {
+		return status;
+	}
+
+	if (username && !found_user) {
+		torture_comment(tctx, "failed to get user\n");
+		return -1;
+	}
+
+	return 0;
+}
+
+static NET_API_STATUS test_netgroupsetusers(struct torture_context *tctx,
+					    const char *hostname,
+					    const char *groupname,
+					    uint32_t level,
+					    size_t num_entries,
+					    const char **names)
+{
+	NET_API_STATUS status;
+	uint8_t *buffer = NULL;
+	int i = 0;
+	size_t buf_size = 0;
+
+	struct GROUP_USERS_INFO_0 *g0 = NULL;
+	struct GROUP_USERS_INFO_1 *g1 = NULL;
+
+	torture_comment(tctx, "Testing NetGroupSetUsers level %d\n", level);
+
+	switch (level) {
+		case 0:
+			buf_size = sizeof(struct GROUP_USERS_INFO_0) * num_entries;
+
+			status = NetApiBufferAllocate(buf_size, (void **)&g0);
+			if (status) {
+				goto out;
+			}
+
+			for (i=0; i<num_entries; i++) {
+				g0[i].grui0_name = names[i];
+			}
+
+			buffer = (uint8_t *)g0;
+			break;
+		case 1:
+			buf_size = sizeof(struct GROUP_USERS_INFO_1) * num_entries;
+
+			status = NetApiBufferAllocate(buf_size, (void **)&g1);
+			if (status) {
+				goto out;
+			}
+
+			for (i=0; i<num_entries; i++) {
+				g1[i].grui1_name = names[i];
+			}
+
+			buffer = (uint8_t *)g1;
+			break;
+		default:
+			break;
+	}
+
+	/* NetGroupSetUsers */
+
+	status = NetGroupSetUsers(hostname,
+				  groupname,
+				  level,
+				  buffer,
+				  num_entries);
+	if (status) {
+		goto out;
+	}
+
+ out:
+	NetApiBufferFree(buffer);
+	return status;
+}
+
+bool torture_libnetapi_group(struct torture_context *tctx)
+{
+	NET_API_STATUS status = 0;
+	const char *username, *groupname, *groupname2;
+	uint8_t *buffer = NULL;
+	struct GROUP_INFO_0 g0;
+	uint32_t parm_err = 0;
+	uint32_t levels[] = { 0, 1, 2, 3};
+	uint32_t enum_levels[] = { 0, 1, 2, 3};
+	uint32_t getmem_levels[] = { 0, 1};
+	int i;
+	const char *hostname = torture_setting_string(tctx, "host", NULL);
+	struct libnetapi_ctx *ctx;
+
+	torture_assert(tctx, torture_libnetapi_init_context(tctx, &ctx),
+		       "failed to initialize libnetapi");
+
+	torture_comment(tctx, "NetGroup tests\n");
+
+	username = "torture_test_user";
+	groupname = "torture_test_group";
+	groupname2 = "torture_test_group2";
+
+	/* cleanup */
+	NetGroupDel(hostname, groupname);
+	NetGroupDel(hostname, groupname2);
+	NetUserDel(hostname, username);
+
+	/* add a group */
+
+	g0.grpi0_name = groupname;
+
+	torture_comment(tctx, "Testing NetGroupAdd\n");
+
+	status = NetGroupAdd(hostname, 0, (uint8_t *)&g0, &parm_err);
+	if (status) {
+		NETAPI_STATUS(tctx, ctx, status, "NetGroupAdd");
+		goto out;
+	}
+
+	/* 2nd add must fail */
+
+	status = NetGroupAdd(hostname, 0, (uint8_t *)&g0, &parm_err);
+	if (status == 0) {
+		NETAPI_STATUS(tctx, ctx, status, "NetGroupAdd");
+		status = -1;
+		goto out;
+	}
+
+	/* test enum */
+
+	for (i=0; i<ARRAY_SIZE(enum_levels); i++) {
+
+		status = test_netgroupenum(tctx, hostname, enum_levels[i], groupname);
+		if (status) {
+			NETAPI_STATUS(tctx, ctx, status, "NetGroupEnum");
+			goto out;
+		}
+	}
+
+	/* basic queries */
+
+	for (i=0; i<ARRAY_SIZE(levels); i++) {
+
+		torture_comment(tctx, "Testing NetGroupGetInfo level %d\n", levels[i]);
+
+		status = NetGroupGetInfo(hostname, groupname, levels[i], &buffer);
+		if (status && status != 124) {
+			NETAPI_STATUS(tctx, ctx, status, "NetGroupGetInfo");
+			goto out;
+		}
+	}
+
+	/* group rename */
+
+	g0.grpi0_name = groupname2;
+
+	torture_comment(tctx, "Testing NetGroupSetInfo level 0\n");
+
+	status = NetGroupSetInfo(hostname, groupname, 0, (uint8_t *)&g0, &parm_err);
+	switch ((uint32_t)status) {
+		case 0:
+			break;
+		case 50: /* not supported */
+		case 124: /* not implemented */
+			groupname2 = groupname;
+			goto skip_rename;
+		default:
+			NETAPI_STATUS(tctx, ctx, status, "NetGroupSetInfo");
+			goto out;
+	}
+
+	/* should not exist anymore */
+
+	status = NetGroupDel(hostname, groupname);
+	if (status == 0) {
+		NETAPI_STATUS(tctx, ctx, status, "NetGroupDel");
+		goto out;
+	}
+
+ skip_rename:
+	/* query info */
+
+	for (i=0; i<ARRAY_SIZE(levels); i++) {
+
+		status = NetGroupGetInfo(hostname, groupname2, levels[i], &buffer);
+		if (status && status != 124) {
+			NETAPI_STATUS(tctx, ctx, status, "NetGroupGetInfo");
+			goto out;
+		}
+	}
+
+	/* add user to group */
+
+	status = test_netuseradd(tctx, hostname, username);
+	if (status) {
+		NETAPI_STATUS(tctx, ctx, status, "NetUserAdd");
+		goto out;
+	}
+
+	/* should not be member */
+
+	for (i=0; i<ARRAY_SIZE(getmem_levels); i++) {
+
+		status = test_netgroupgetusers(tctx, hostname, getmem_levels[i], groupname2, NULL);
+		if (status) {
+			NETAPI_STATUS(tctx, ctx, status, "NetGroupGetUsers");
+			goto out;
+		}
+	}
+
+	torture_comment(tctx, "Testing NetGroupAddUser\n");
+
+	status = NetGroupAddUser(hostname, groupname2, username);
+	if (status) {
+		NETAPI_STATUS(tctx, ctx, status, "NetGroupAddUser");
+		goto out;
+	}
+
+	/* should be member */
+
+	for (i=0; i<ARRAY_SIZE(getmem_levels); i++) {
+
+		status = test_netgroupgetusers(tctx, hostname, getmem_levels[i], groupname2, username);
+		if (status) {
+			NETAPI_STATUS(tctx, ctx, status, "NetGroupGetUsers");
+			goto out;
+		}
+	}
+
+	torture_comment(tctx, "Testing NetGroupDelUser\n");
+
+	status = NetGroupDelUser(hostname, groupname2, username);
+	if (status) {
+		NETAPI_STATUS(tctx, ctx, status, "NetGroupDelUser");
+		goto out;
+	}
+
+	/* should not be member */
+
+	status = test_netgroupgetusers(tctx, hostname, 0, groupname2, NULL);
+	if (status) {
+		NETAPI_STATUS(tctx, ctx, status, "NetGroupGetUsers");
+		goto out;
+	}
+
+	/* set it again via explicit member set */
+
+	status = test_netgroupsetusers(tctx, hostname, groupname2, 0, 1, &username);
+	if (status) {
+		NETAPI_STATUS(tctx, ctx, status, "NetGroupSetUsers");
+		goto out;
+	}
+
+	/* should be member */
+
+	status = test_netgroupgetusers(tctx, hostname, 0, groupname2, username);
+	if (status) {
+		NETAPI_STATUS(tctx, ctx, status, "NetGroupGetUsers");
+		goto out;
+	}
+#if 0
+	/* wipe out member list */
+
+	status = test_netgroupsetusers(hostname, groupname2, 0, 0, NULL);
+	if (status) {
+		NETAPI_STATUS(tctx, ctx, status, "NetGroupSetUsers");
+		goto out;
+	}
+
+	/* should not be member */
+
+	status = test_netgroupgetusers(hostname, 0, groupname2, NULL);
+	if (status) {
+		NETAPI_STATUS(tctx, ctx, status, "NetGroupGetUsers");
+		goto out;
+	}
+#endif
+	status = NetUserDel(hostname, username);
+	if (status) {
+		NETAPI_STATUS(tctx, ctx, status, "NetUserDel");
+		goto out;
+	}
+
+	/* delete */
+
+	torture_comment(tctx, "Testing NetGroupDel\n");
+
+	status = NetGroupDel(hostname, groupname2);
+	if (status) {
+		NETAPI_STATUS(tctx, ctx, status, "NetGroupDel");
+		goto out;
+	};
+
+	/* should not exist anymore */
+
+	status = NetGroupGetInfo(hostname, groupname2, 0, &buffer);
+	if (status == 0) {
+		NETAPI_STATUS_MSG(tctx, ctx, status, "NetGroupGetInfo", "expected failure and error code");
+		status = -1;
+		goto out;
+	};
+
+	status = 0;
+
+	torture_comment(tctx, "NetGroup tests succeeded\n");
+ out:
+	if (status != 0) {
+		torture_comment(tctx, "NetGroup testsuite failed with: %s\n",
+			libnetapi_get_error_string(ctx, status));
+		libnetapi_free(ctx);
+		return false;
+	}
+
+	libnetapi_free(ctx);
+	return true;
+}
diff --git a/source4/torture/libnetapi/libnetapi_server.c b/source4/torture/libnetapi/libnetapi_server.c
new file mode 100644
index 0000000..1888009
--- /dev/null
+++ b/source4/torture/libnetapi/libnetapi_server.c
@@ -0,0 +1,76 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB torture tester
+   Copyright (C) Guenther Deschner 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/smbtorture.h"
+#include <netapi.h>
+#include "torture/libnetapi/proto.h"
+
+#define NETAPI_STATUS(tctx, x,y,fn) \
+	torture_warning(tctx, "FAILURE: line %d: %s failed with status: %s (%d)\n", \
+		__LINE__, fn, libnetapi_get_error_string(x,y), y);
+
+bool torture_libnetapi_server(struct torture_context *tctx)
+{
+	NET_API_STATUS status = 0;
+	uint8_t *buffer = NULL;
+	int i;
+
+	const char *hostname = torture_setting_string(tctx, "host", NULL);
+	struct libnetapi_ctx *ctx;
+
+	torture_assert(tctx, torture_libnetapi_init_context(tctx, &ctx),
+		       "failed to initialize libnetapi");
+
+	torture_comment(tctx, "NetServer tests\n");
+
+	torture_comment(tctx, "Testing NetRemoteTOD\n");
+
+	status = NetRemoteTOD(hostname, &buffer);
+	if (status) {
+		NETAPI_STATUS(tctx, ctx, status, "NetRemoteTOD");
+		goto out;
+	}
+	NetApiBufferFree(buffer);
+
+	torture_comment(tctx, "Testing NetRemoteTOD 10 times\n");
+
+	for (i=0; i<10; i++) {
+		status = NetRemoteTOD(hostname, &buffer);
+		if (status) {
+			NETAPI_STATUS(tctx, ctx, status, "NetRemoteTOD");
+			goto out;
+		}
+		NetApiBufferFree(buffer);
+	}
+
+	status = 0;
+
+	torture_comment(tctx, "NetServer tests succeeded\n");
+ out:
+	if (status != 0) {
+		torture_comment(tctx, "NetServer testsuite failed with: %s\n",
+			libnetapi_get_error_string(ctx, status));
+		libnetapi_free(ctx);
+		return false;
+	}
+
+	libnetapi_free(ctx);
+	return true;
+}
diff --git a/source4/torture/libnetapi/libnetapi_user.c b/source4/torture/libnetapi/libnetapi_user.c
new file mode 100644
index 0000000..1411d7e
--- /dev/null
+++ b/source4/torture/libnetapi/libnetapi_user.c
@@ -0,0 +1,487 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB torture tester
+   Copyright (C) Guenther Deschner 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/smbtorture.h"
+#include <netapi.h>
+#include "torture/libnetapi/proto.h"
+
+#undef strcasecmp
+
+#define TORTURE_TEST_USER "torture_testuser"
+#define TORTURE_TEST_USER2 "torture_testuser2"
+
+#define NETAPI_STATUS(tctx, x,y,fn) \
+	torture_warning(tctx, "FAILURE: line %d: %s failed with status: %s (%d)\n", \
+		__LINE__, fn, libnetapi_get_error_string(x,y), y);
+
+static NET_API_STATUS test_netuserenum(struct torture_context *tctx,
+				       const char *hostname,
+				       uint32_t level,
+				       const char *username)
+{
+	NET_API_STATUS status;
+	uint32_t entries_read = 0;
+	uint32_t total_entries = 0;
+	uint32_t resume_handle = 0;
+	const char *current_name = NULL;
+	int found_user = 0;
+	uint8_t *buffer = NULL;
+	int i;
+
+	struct USER_INFO_0 *info0 = NULL;
+	struct USER_INFO_1 *info1 = NULL;
+	struct USER_INFO_2 *info2 = NULL;
+	struct USER_INFO_3 *info3 = NULL;
+	struct USER_INFO_4 *info4 = NULL;
+	struct USER_INFO_10 *info10 = NULL;
+	struct USER_INFO_11 *info11 = NULL;
+	struct USER_INFO_20 *info20 = NULL;
+	struct USER_INFO_23 *info23 = NULL;
+
+	torture_comment(tctx, "Testing NetUserEnum level %d\n", level);
+
+	do {
+		status = NetUserEnum(hostname,
+				     level,
+				     FILTER_NORMAL_ACCOUNT,
+				     &buffer,
+				     (uint32_t)-1,
+				     &entries_read,
+				     &total_entries,
+				     &resume_handle);
+		if (status == 0 || status == ERROR_MORE_DATA) {
+			switch (level) {
+				case 0:
+					info0 = (struct USER_INFO_0 *)buffer;
+					break;
+				case 1:
+					info1 = (struct USER_INFO_1 *)buffer;
+					break;
+				case 2:
+					info2 = (struct USER_INFO_2 *)buffer;
+					break;
+				case 3:
+					info3 = (struct USER_INFO_3 *)buffer;
+					break;
+				case 4:
+					info4 = (struct USER_INFO_4 *)buffer;
+					break;
+				case 10:
+					info10 = (struct USER_INFO_10 *)buffer;
+					break;
+				case 11:
+					info11 = (struct USER_INFO_11 *)buffer;
+					break;
+				case 20:
+					info20 = (struct USER_INFO_20 *)buffer;
+					break;
+				case 23:
+					info23 = (struct USER_INFO_23 *)buffer;
+					break;
+				default:
+					return -1;
+			}
+
+			for (i=0; i<entries_read; i++) {
+
+				switch (level) {
+					case 0:
+						current_name = info0->usri0_name;
+						break;
+					case 1:
+						current_name = info1->usri1_name;
+						break;
+					case 2:
+						current_name = info2->usri2_name;
+						break;
+					case 3:
+						current_name = info3->usri3_name;
+						break;
+					case 4:
+						current_name = info4->usri4_name;
+						break;
+					case 10:
+						current_name = info10->usri10_name;
+						break;
+					case 11:
+						current_name = info11->usri11_name;
+						break;
+					case 20:
+						current_name = info20->usri20_name;
+						break;
+					case 23:
+						current_name = info23->usri23_name;
+						break;
+					default:
+						return -1;
+				}
+
+				if (strcasecmp(current_name, username) == 0) {
+					found_user = 1;
+				}
+
+				switch (level) {
+					case 0:
+						info0++;
+						break;
+					case 1:
+						info1++;
+						break;
+					case 2:
+						info2++;
+						break;
+					case 3:
+						info3++;
+						break;
+					case 4:
+						info4++;
+						break;
+					case 10:
+						info10++;
+						break;
+					case 11:
+						info11++;
+						break;
+					case 20:
+						info20++;
+						break;
+					case 23:
+						info23++;
+						break;
+					default:
+						break;
+				}
+			}
+			NetApiBufferFree(buffer);
+		}
+	} while (status == ERROR_MORE_DATA);
+
+	if (status) {
+		return status;
+	}
+
+	if (!found_user) {
+		torture_comment(tctx, "failed to get user\n");
+		return -1;
+	}
+
+	return 0;
+}
+
+NET_API_STATUS test_netuseradd(struct torture_context *tctx,
+			       const char *hostname,
+			       const char *username)
+{
+	struct USER_INFO_1 u1;
+	uint32_t parm_err = 0;
+
+	ZERO_STRUCT(u1);
+
+	torture_comment(tctx, "Testing NetUserAdd\n");
+
+	u1.usri1_name = username;
+	u1.usri1_password = "W297!832jD8J";
+	u1.usri1_password_age = 0;
+	u1.usri1_priv = 0;
+	u1.usri1_home_dir = NULL;
+	u1.usri1_comment = "User created using Samba NetApi Example code";
+	u1.usri1_flags = 0;
+	u1.usri1_script_path = NULL;
+
+	return NetUserAdd(hostname, 1, (uint8_t *)&u1, &parm_err);
+}
+
+static NET_API_STATUS test_netusermodals(struct torture_context *tctx,
+					 struct libnetapi_ctx *ctx,
+					 const char *hostname)
+{
+	NET_API_STATUS status;
+	struct USER_MODALS_INFO_0 *u0 = NULL;
+	struct USER_MODALS_INFO_0 *_u0 = NULL;
+	uint8_t *buffer = NULL;
+	uint32_t parm_err = 0;
+	uint32_t levels[] = { 0, 1, 2, 3 };
+	int i = 0;
+
+	for (i=0; i<ARRAY_SIZE(levels); i++) {
+
+		torture_comment(tctx, "Testing NetUserModalsGet level %d\n", levels[i]);
+
+		status = NetUserModalsGet(hostname, levels[i], &buffer);
+		if (status) {
+			NETAPI_STATUS(tctx, ctx, status, "NetUserModalsGet");
+			return status;
+		}
+	}
+
+	status = NetUserModalsGet(hostname, 0, (uint8_t **)&u0);
+	if (status) {
+		NETAPI_STATUS(tctx, ctx, status, "NetUserModalsGet");
+		return status;
+	}
+
+	torture_comment(tctx, "Testing NetUserModalsSet\n");
+
+	status = NetUserModalsSet(hostname, 0, (uint8_t *)u0, &parm_err);
+	if (status) {
+		NETAPI_STATUS(tctx, ctx, status, "NetUserModalsSet");
+		return status;
+	}
+
+	status = NetUserModalsGet(hostname, 0, (uint8_t **)&_u0);
+	if (status) {
+		NETAPI_STATUS(tctx, ctx, status, "NetUserModalsGet");
+		return status;
+	}
+
+	if (memcmp(u0, _u0, sizeof(*u0)) != 0) {
+		torture_comment(tctx, "USER_MODALS_INFO_0 struct has changed!!!!\n");
+		return -1;
+	}
+
+	return 0;
+}
+
+static NET_API_STATUS test_netusergetgroups(struct torture_context *tctx,
+					    const char *hostname,
+					    uint32_t level,
+					    const char *username,
+					    const char *groupname)
+{
+	NET_API_STATUS status;
+	uint32_t entries_read = 0;
+	uint32_t total_entries = 0;
+	const char *current_name;
+	int found_group = 0;
+	uint8_t *buffer = NULL;
+	int i;
+
+	struct GROUP_USERS_INFO_0 *i0 = NULL;
+	struct GROUP_USERS_INFO_1 *i1 = NULL;
+
+	torture_comment(tctx, "Testing NetUserGetGroups level %d\n", level);
+
+	do {
+		status = NetUserGetGroups(hostname,
+					  username,
+					  level,
+					  &buffer,
+					  (uint32_t)-1,
+					  &entries_read,
+					  &total_entries);
+		if (status == 0 || status == ERROR_MORE_DATA) {
+			switch (level) {
+				case 0:
+					i0 = (struct GROUP_USERS_INFO_0 *)buffer;
+					break;
+				case 1:
+					i1 = (struct GROUP_USERS_INFO_1 *)buffer;
+					break;
+				default:
+					return -1;
+			}
+
+			for (i=0; i<entries_read; i++) {
+
+				switch (level) {
+					case 0:
+						current_name = i0->grui0_name;
+						break;
+					case 1:
+						current_name = i1->grui1_name;
+						break;
+					default:
+						return -1;
+				}
+
+				if (groupname && strcasecmp(current_name, groupname) == 0) {
+					found_group = 1;
+				}
+
+				switch (level) {
+					case 0:
+						i0++;
+						break;
+					case 1:
+						i1++;
+						break;
+					default:
+						break;
+				}
+			}
+			NetApiBufferFree(buffer);
+		}
+	} while (status == ERROR_MORE_DATA);
+
+	if (status) {
+		return status;
+	}
+
+	if (groupname && !found_group) {
+		torture_comment(tctx, "failed to get membership\n");
+		return -1;
+	}
+
+	return 0;
+}
+
+bool torture_libnetapi_user(struct torture_context *tctx)
+{
+	NET_API_STATUS status = 0;
+	uint8_t *buffer = NULL;
+	uint32_t levels[] = { 0, 1, 2, 3, 4, 10, 11, 20, 23 };
+	uint32_t enum_levels[] = { 0, 1, 2, 3, 4, 10, 11, 20, 23 };
+	uint32_t getgr_levels[] = { 0, 1 };
+	int i;
+
+	struct USER_INFO_0 u0;
+	struct USER_INFO_1007 u1007;
+	uint32_t parm_err = 0;
+
+	const char *hostname = torture_setting_string(tctx, "host", NULL);
+	struct libnetapi_ctx *ctx;
+
+	torture_assert(tctx, torture_libnetapi_init_context(tctx, &ctx),
+		       "failed to initialize libnetapi");
+
+	torture_comment(tctx, "NetUser tests\n");
+
+	/* cleanup */
+
+	NetUserDel(hostname, TORTURE_TEST_USER);
+	NetUserDel(hostname, TORTURE_TEST_USER2);
+
+	/* add a user */
+
+	status = test_netuseradd(tctx, hostname, TORTURE_TEST_USER);
+	if (status) {
+		NETAPI_STATUS(tctx, ctx, status, "NetUserAdd");
+		goto out;
+	}
+
+	/* enum the new user */
+
+	for (i=0; i<ARRAY_SIZE(enum_levels); i++) {
+
+		status = test_netuserenum(tctx, hostname, enum_levels[i], TORTURE_TEST_USER);
+		if (status) {
+			NETAPI_STATUS(tctx, ctx, status, "NetUserEnum");
+			goto out;
+		}
+	}
+
+	/* basic queries */
+
+	for (i=0; i<ARRAY_SIZE(levels); i++) {
+
+		torture_comment(tctx, "Testing NetUserGetInfo level %d\n", levels[i]);
+
+		status = NetUserGetInfo(hostname, TORTURE_TEST_USER, levels[i], &buffer);
+		if (status && status != 124) {
+			NETAPI_STATUS(tctx, ctx, status, "NetUserGetInfo");
+			goto out;
+		}
+	}
+
+	/* testing getgroups */
+
+	for (i=0; i<ARRAY_SIZE(getgr_levels); i++) {
+
+		status = test_netusergetgroups(tctx, hostname, getgr_levels[i], TORTURE_TEST_USER, NULL);
+		if (status) {
+			NETAPI_STATUS(tctx, ctx, status, "NetUserGetGroups");
+			goto out;
+		}
+	}
+
+	/* modify description */
+
+	torture_comment(tctx, "Testing NetUserSetInfo level %d\n", 1007);
+
+	u1007.usri1007_comment = "NetApi modified user";
+
+	status = NetUserSetInfo(hostname, TORTURE_TEST_USER, 1007, (uint8_t *)&u1007, &parm_err);
+	if (status) {
+		NETAPI_STATUS(tctx, ctx, status, "NetUserSetInfo");
+		goto out;
+	}
+
+	/* query info */
+
+	for (i=0; i<ARRAY_SIZE(levels); i++) {
+		status = NetUserGetInfo(hostname, TORTURE_TEST_USER, levels[i], &buffer);
+		if (status && status != 124) {
+			NETAPI_STATUS(tctx, ctx, status, "NetUserGetInfo");
+			goto out;
+		}
+	}
+
+	torture_comment(tctx, "Testing NetUserSetInfo level 0\n");
+
+	u0.usri0_name = TORTURE_TEST_USER2;
+
+	status = NetUserSetInfo(hostname, TORTURE_TEST_USER, 0, (uint8_t *)&u0, &parm_err);
+	if (status) {
+		NETAPI_STATUS(tctx, ctx, status, "NetUserSetInfo");
+		goto out;
+	}
+
+	/* delete */
+
+	torture_comment(tctx, "Testing NetUserDel\n");
+
+	status = NetUserDel(hostname, TORTURE_TEST_USER2);
+	if (status) {
+		NETAPI_STATUS(tctx, ctx, status, "NetUserDel");
+		goto out;
+	}
+
+	/* should not exist anymore */
+
+	status = NetUserGetInfo(hostname, TORTURE_TEST_USER2, 0, &buffer);
+	if (status == 0) {
+		NETAPI_STATUS(tctx, ctx, status, "NetUserGetInfo");
+		status = -1;
+		goto out;
+	}
+
+	status = test_netusermodals(tctx, ctx, hostname);
+	if (status) {
+		goto out;
+	}
+
+	status = 0;
+
+	torture_comment(tctx, "NetUser tests succeeded\n");
+ out:
+	/* cleanup */
+	NetUserDel(hostname, TORTURE_TEST_USER);
+	NetUserDel(hostname, TORTURE_TEST_USER2);
+
+	if (status != 0) {
+		torture_comment(tctx, "NetUser testsuite failed with: %s\n",
+			libnetapi_get_error_string(ctx, status));
+		libnetapi_free(ctx);
+		return false;
+	}
+
+	libnetapi_free(ctx);
+	return true;
+}
diff --git a/source4/torture/libnetapi/wscript_build b/source4/torture/libnetapi/wscript_build
new file mode 100644
index 0000000..988ba9b
--- /dev/null
+++ b/source4/torture/libnetapi/wscript_build
@@ -0,0 +1,11 @@
+#!/usr/bin/env python
+
+bld.SAMBA_MODULE('TORTURE_LIBNETAPI',
+	source='libnetapi.c libnetapi_user.c libnetapi_group.c libnetapi_server.c',
+	autoproto='proto.h',
+	subsystem='smbtorture',
+	init_function='torture_libnetapi_init',
+	deps='netapi CMDLINE_S4',
+	internal_module=True,
+	)
+
diff --git a/source4/torture/libsmbclient/libsmbclient.c b/source4/torture/libsmbclient/libsmbclient.c
new file mode 100644
index 0000000..72af8fc
--- /dev/null
+++ b/source4/torture/libsmbclient/libsmbclient.c
@@ -0,0 +1,1617 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB torture tester
+   Copyright (C) Guenther Deschner 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/dir.h"
+#include "torture/smbtorture.h"
+#include "auth/credentials/credentials.h"
+#include "lib/cmdline/cmdline.h"
+#include <libsmbclient.h>
+#include "torture/libsmbclient/proto.h"
+#include "lib/param/loadparm.h"
+#include "lib/param/param_global.h"
+#include "libcli/smb/smb_constants.h"
+#include "dynconfig.h"
+#include "lib/util/time.h"
+
+/* test string to compare with when debug_callback is called */
+#define TEST_STRING "smbc_setLogCallback test"
+
+/* Dummy log callback function */
+static void debug_callback(void *private_ptr, int level, const char *msg)
+{
+	bool *found = private_ptr;
+	if (strstr(msg, TEST_STRING) != NULL) {
+		*found = true;
+	}
+	return;
+}
+
+static void auth_callback(const char *srv,
+			  const char *shr,
+			  char *wg, int wglen,
+			  char *un, int unlen,
+			  char *pw, int pwlen)
+{
+	const char *workgroup =
+		cli_credentials_get_domain(samba_cmdline_get_creds());
+	const char *username =
+		cli_credentials_get_username(samba_cmdline_get_creds());
+	const char *password =
+		cli_credentials_get_password(samba_cmdline_get_creds());
+	ssize_t ret;
+
+	if (workgroup != NULL) {
+		ret = strlcpy(wg, workgroup, wglen);
+		if (ret >= wglen) {
+			abort();
+		}
+	}
+
+	if (username != NULL) {
+		ret = strlcpy(un, username, unlen);
+		if (ret >= unlen) {
+			abort();
+		}
+	}
+
+	if (password != NULL) {
+		ret = strlcpy(pw, password, pwlen);
+		if (ret >= pwlen) {
+			abort();
+		}
+	}
+};
+
+bool torture_libsmbclient_init_context(struct torture_context *tctx,
+				       SMBCCTX **ctx_p)
+{
+	const char *workgroup =
+		cli_credentials_get_domain(samba_cmdline_get_creds());
+	const char *username =
+		cli_credentials_get_username(samba_cmdline_get_creds());
+	const char *client_proto =
+		torture_setting_string(tctx, "clientprotocol", NULL);
+	SMBCCTX *ctx = NULL;
+	SMBCCTX *p = NULL;
+	bool ok = true;
+	int dbglevel = DEBUGLEVEL;
+
+	ctx = smbc_new_context();
+	torture_assert_not_null_goto(tctx,
+				     ctx,
+				     ok,
+				     out,
+				     "Failed to create new context");
+
+	p = smbc_init_context(ctx);
+	torture_assert_not_null_goto(tctx,
+				     p,
+				     ok,
+				     out,
+				     "Failed to initialize context");
+
+	smbc_setDebug(ctx, dbglevel);
+	smbc_setOptionDebugToStderr(ctx, 1);
+
+	if (workgroup != NULL) {
+		smbc_setWorkgroup(ctx, workgroup);
+	}
+	if (username != NULL) {
+		smbc_setUser(ctx, username);
+	}
+
+	smbc_setFunctionAuthData(ctx, auth_callback);
+
+	if (client_proto != NULL) {
+		smbc_setOptionProtocols(ctx, client_proto, client_proto);
+	}
+
+	*ctx_p = ctx;
+
+out:
+	if (!ok) {
+		smbc_free_context(ctx, 1);
+	}
+
+	return ok;
+}
+
+static bool torture_libsmbclient_version(struct torture_context *tctx)
+{
+	torture_comment(tctx, "Testing smbc_version\n");
+
+	torture_assert(tctx, smbc_version(), "failed to get version");
+
+	return true;
+}
+
+static bool torture_libsmbclient_initialize(struct torture_context *tctx)
+{
+	SMBCCTX *ctx;
+	bool ret = false;
+
+	torture_comment(tctx, "Testing smbc_new_context\n");
+
+	ctx = smbc_new_context();
+	torture_assert(tctx, ctx, "failed to get new context");
+
+	torture_comment(tctx, "Testing smbc_init_context\n");
+
+	torture_assert(tctx, smbc_init_context(ctx), "failed to init context");
+
+	smbc_setLogCallback(ctx, &ret, debug_callback);
+	DEBUG(0, (TEST_STRING"\n"));
+	torture_assert(tctx, ret, "Failed debug_callback not called");
+	ret = false;
+	smbc_setLogCallback(ctx, NULL, NULL);
+	DEBUG(0, (TEST_STRING"\n"));
+	torture_assert(tctx, !ret, "Failed debug_callback called");
+
+	smbc_free_context(ctx, 1);
+
+	return true;
+}
+
+static bool torture_libsmbclient_setConfiguration(struct torture_context *tctx)
+{
+	SMBCCTX *ctx;
+	struct loadparm_global *global_config = NULL;
+	const char *new_smb_conf = torture_setting_string(tctx,
+				"replace_smbconf",
+				"");
+
+	ctx = smbc_new_context();
+	torture_assert_not_null(tctx, ctx, "failed to get new context");
+
+	torture_assert_not_null(
+		tctx, smbc_init_context(ctx), "failed to init context");
+
+	torture_comment(tctx, "Testing smbc_setConfiguration - new file %s\n",
+		new_smb_conf);
+
+	global_config = get_globals();
+	torture_assert(tctx, global_config, "Global Config is NULL");
+
+	/* check configuration before smbc_setConfiguration call */
+	torture_comment(tctx, "'workgroup' before setConfiguration %s\n",
+			global_config->workgroup);
+	torture_comment(tctx, "'client min protocol' before "
+			"setConfiguration %d\n",
+			global_config->client_min_protocol);
+	torture_comment(tctx, "'client max protocol' before "
+			"setConfiguration %d\n",
+			global_config->_client_max_protocol);
+	torture_comment(tctx, "'client signing' before setConfiguration %d\n",
+			global_config->client_signing);
+	torture_comment(tctx, "'deadtime' before setConfiguration %d\n",
+			global_config->deadtime);
+
+	torture_assert_int_equal(tctx, smbc_setConfiguration(ctx, new_smb_conf),
+			0, "setConfiguration conf file not found");
+
+	/* verify configuration */
+	torture_assert_str_equal(tctx, global_config->workgroup,
+			"NEW_WORKGROUP",
+			"smbc_setConfiguration failed, "
+			"'workgroup' not updated");
+	torture_assert_int_equal(tctx, global_config->client_min_protocol, PROTOCOL_NT1,
+			"smbc_setConfiguration failed, 'client min protocol' "
+			"not updated");
+	torture_assert_int_equal(tctx, global_config->_client_max_protocol, PROTOCOL_SMB3_00,
+			"smbc_setConfiguration failed, 'client max protocol' "
+			"not updated");
+	torture_assert_int_equal(tctx, global_config->client_signing, 1,
+			"smbc_setConfiguration failed, 'client signing' "
+			"not updated");
+	torture_assert_int_equal(tctx, global_config->deadtime, 5,
+			"smbc_setConfiguration failed, 'deadtime' not updated");
+
+	/* Restore configuration to default */
+	smbc_setConfiguration(ctx, get_dyn_CONFIGFILE());
+
+	smbc_free_context(ctx, 1);
+
+	return true;
+}
+
+static bool test_opendir(struct torture_context *tctx,
+			 SMBCCTX *ctx,
+			 const char *fname,
+			 bool expect_success)
+{
+	int handle, ret;
+
+	torture_comment(tctx, "Testing smbc_opendir(%s)\n", fname);
+
+	handle = smbc_opendir(fname);
+	if (!expect_success) {
+		return true;
+	}
+	if (handle < 0) {
+		torture_fail(tctx, talloc_asprintf(tctx, "failed to obain file handle for '%s'", fname));
+	}
+
+	ret = smbc_closedir(handle);
+	torture_assert_int_equal(tctx, ret, 0,
+		talloc_asprintf(tctx, "failed to close file handle for '%s'", fname));
+
+	return true;
+}
+
+static bool torture_libsmbclient_opendir(struct torture_context *tctx)
+{
+	size_t i;
+	SMBCCTX *ctx;
+	bool ret = true;
+	const char *bad_urls[] = {
+		"",
+		NULL,
+		"smb",
+		"smb:",
+		"smb:/",
+		"smb:///",
+		"bms://",
+		":",
+		":/",
+		"://",
+		":///",
+		"/",
+		"//",
+		"///"
+	};
+	const char *good_urls[] = {
+		"smb://",
+		"smb://WORKGROUP",
+		"smb://WORKGROUP/"
+	};
+
+	torture_assert(tctx, torture_libsmbclient_init_context(tctx, &ctx), "");
+	smbc_set_context(ctx);
+
+	for (i=0; i < ARRAY_SIZE(bad_urls); i++) {
+		ret &= test_opendir(tctx, ctx, bad_urls[i], false);
+	}
+	for (i=0; i < ARRAY_SIZE(good_urls); i++) {
+		ret &= test_opendir(tctx, ctx, good_urls[i], true);
+	}
+
+	smbc_free_context(ctx, 1);
+
+	return ret;
+}
+
+static bool torture_libsmbclient_readdirplus(struct torture_context *tctx)
+{
+	SMBCCTX *ctx;
+	int ret = -1;
+	int dhandle = -1;
+	int fhandle = -1;
+	bool found = false;
+	const char *filename = NULL;
+	const char *smburl = torture_setting_string(tctx, "smburl", NULL);
+
+	if (smburl == NULL) {
+		torture_fail(tctx,
+			"option --option=torture:smburl="
+			"smb://user:password@server/share missing\n");
+	}
+
+	torture_assert(tctx, torture_libsmbclient_init_context(tctx, &ctx), "");
+	smbc_set_context(ctx);
+
+	filename = talloc_asprintf(tctx,
+				"%s/test_readdirplus.txt",
+				smburl);
+	if (filename == NULL) {
+		torture_fail(tctx,
+			"talloc fail\n");
+	}
+	/* Ensure the file doesn't exist. */
+	smbc_unlink(filename);
+
+	/* Create it. */
+	fhandle = smbc_creat(filename, 0666);
+	if (fhandle < 0) {
+		torture_fail(tctx,
+			talloc_asprintf(tctx,
+				"failed to create file '%s': %s",
+				filename,
+				strerror(errno)));
+	}
+	ret = smbc_close(fhandle);
+	torture_assert_int_equal(tctx,
+		ret,
+		0,
+		talloc_asprintf(tctx,
+			"failed to close handle for '%s'",
+			filename));
+
+	dhandle = smbc_opendir(smburl);
+	if (dhandle < 0) {
+		int saved_errno = errno;
+		smbc_unlink(filename);
+		torture_fail(tctx,
+			talloc_asprintf(tctx,
+				"failed to obtain "
+				"directory handle for '%s' : %s",
+				smburl,
+				strerror(saved_errno)));
+	}
+
+	/* Readdirplus to ensure we see the new file. */
+	for (;;) {
+		const struct libsmb_file_info *exstat =
+			smbc_readdirplus(dhandle);
+		if (exstat == NULL) {
+			break;
+		}
+		if (strcmp(exstat->name, "test_readdirplus.txt") == 0) {
+			found = true;
+			break;
+		}
+	}
+
+	/* Remove it again. */
+	smbc_unlink(filename);
+	ret = smbc_closedir(dhandle);
+	torture_assert_int_equal(tctx,
+		ret,
+		0,
+		talloc_asprintf(tctx,
+			"failed to close directory handle for '%s'",
+			smburl));
+
+	smbc_free_context(ctx, 1);
+
+	if (!found) {
+		torture_fail(tctx,
+			talloc_asprintf(tctx,
+				"failed to find file '%s'",
+				filename));
+	}
+
+	return true;
+}
+
+static bool torture_libsmbclient_readdirplus_seek(struct torture_context *tctx)
+{
+	SMBCCTX *ctx;
+	int ret = -1;
+	int dhandle = -1;
+	int fhandle = -1;
+	const char *dname = NULL;
+	const char *full_filename[100] = {0};
+	const char *filename[100] = {0};
+	const struct libsmb_file_info *direntries[102] = {0};
+	unsigned int i = 0;
+	const char *smburl = torture_setting_string(tctx, "smburl", NULL);
+	bool success = false;
+	off_t telldir_50 = (off_t)-1;
+	off_t telldir_20 = (off_t)-1;
+	size_t getdentries_size = 0;
+	struct smbc_dirent *getdentries = NULL;
+	struct smbc_dirent *dirent_20 = NULL;
+	const struct libsmb_file_info *direntries_20 = NULL;
+	const struct libsmb_file_info *direntriesplus_20 = NULL;
+	const char *plus2_stat_path = NULL;
+	struct stat st = {0};
+	struct stat st2 = {0};
+
+	torture_assert_not_null(
+		tctx,
+		smburl,
+		"option --option=torture:smburl="
+		"smb://user:password@server/share missing\n");
+
+	DEBUG(0,("torture_libsmbclient_readdirplus_seek start\n"));
+
+	torture_assert(tctx, torture_libsmbclient_init_context(tctx, &ctx), "");
+	smbc_set_context(ctx);
+
+	dname = talloc_asprintf(tctx,
+				"%s/rd_seek",
+				smburl);
+	torture_assert_not_null_goto(
+		tctx, dname, success, done, "talloc fail\n");
+
+	/* Ensure the files don't exist. */
+	for (i = 0; i < 100; i++) {
+		filename[i] = talloc_asprintf(tctx,
+				"test_readdirplus_%u.txt",
+				i);
+		torture_assert_not_null_goto(
+			tctx, filename[i], success, done, "talloc fail");
+		full_filename[i] = talloc_asprintf(tctx,
+				"%s/%s",
+				dname,
+				filename[i]);
+		torture_assert_not_null_goto(
+			tctx, full_filename[i], success, done, "talloc fail");
+		(void)smbc_unlink(full_filename[i]);
+	}
+	/* Ensure the directory doesn't exist. */
+	(void)smbc_rmdir(dname);
+
+	/* Create containing directory. */
+	ret = smbc_mkdir(dname, 0777);
+	torture_assert_goto(
+		tctx,
+		ret == 0,
+		success,
+		done,
+		talloc_asprintf(tctx,
+				"failed to create directory '%s': %s",
+				dname,
+				strerror(errno)));
+
+	DEBUG(0,("torture_libsmbclient_readdirplus_seek create\n"));
+
+	/* Create them. */
+	for (i = 0; i < 100; i++) {
+		fhandle = smbc_creat(full_filename[i], 0666);
+		if (fhandle < 0) {
+			torture_fail_goto(tctx,
+				done,
+				talloc_asprintf(tctx,
+					"failed to create file '%s': %s",
+					full_filename[i],
+					strerror(errno)));
+		}
+		ret = smbc_close(fhandle);
+		torture_assert_int_equal_goto(tctx,
+			ret,
+			0,
+			success,
+			done,
+			talloc_asprintf(tctx,
+				"failed to close handle for '%s'",
+				full_filename[i]));
+	}
+
+	DEBUG(0,("torture_libsmbclient_readdirplus_seek enum\n"));
+
+	/* Now enumerate the directory. */
+	dhandle = smbc_opendir(dname);
+	torture_assert_goto(
+		tctx,
+		dhandle >= 0,
+		success,
+		done,
+		talloc_asprintf(tctx,
+				"failed to obtain "
+				"directory handle for '%s' : %s",
+				dname,
+				strerror(errno)));
+
+	/* Read all the files. 100 we created plus . and .. */
+	for (i = 0; i < 102; i++) {
+		bool found = false;
+		unsigned int j;
+
+		direntries[i] = smbc_readdirplus(dhandle);
+		if (direntries[i] == NULL) {
+			break;
+		}
+
+		/* Store at offset 50. */
+		if (i == 50) {
+			telldir_50 = smbc_telldir(dhandle);
+			torture_assert_goto(
+				tctx,
+				telldir_50 != (off_t)-1,
+				success,
+				done,
+				talloc_asprintf(tctx,
+						"telldir failed file %s\n",
+						direntries[i]->name));
+		}
+
+		if (ISDOT(direntries[i]->name)) {
+			continue;
+		}
+		if (ISDOTDOT(direntries[i]->name)) {
+			continue;
+		}
+
+		/* Ensure all our files exist. */
+		for (j = 0; j < 100; j++) {
+			if (strcmp(direntries[i]->name,
+				filename[j]) == 0) {
+				found = true;
+			}
+		}
+		torture_assert_goto(
+			tctx,
+			found,
+			success,
+			done,
+			talloc_asprintf(tctx,
+					"failed to find file %s\n",
+					direntries[i]->name));
+	}
+
+	/*
+	 * We're seeking on in-memory lists here, so
+	 * whilst the handle is open we really should
+	 * get the same files back in the same order.
+	 */
+
+	ret = smbc_lseekdir(dhandle, telldir_50);
+	torture_assert_int_equal_goto(tctx,
+		ret,
+		0,
+		success,
+		done,
+		talloc_asprintf(tctx,
+			"failed to seek (50) directory handle for '%s'",
+			dname));
+
+	DEBUG(0,("torture_libsmbclient_readdirplus_seek seek\n"));
+
+	for (i = 51; i < 102; i++) {
+		const struct libsmb_file_info *entry =
+				smbc_readdirplus(dhandle);
+		torture_assert_goto(
+			tctx,
+			entry == direntries[i],
+			success,
+			done,
+			talloc_asprintf(tctx,
+					"after seek - failed to find "
+					"file %s - got %s\n",
+					direntries[i]->name,
+					entry->name));
+	}
+
+	/* Seek back to the start. */
+	ret = smbc_lseekdir(dhandle, 0);
+	torture_assert_int_equal_goto(tctx,
+		ret,
+		0,
+		success,
+		done,
+		talloc_asprintf(tctx,
+			"failed to seek directory handle to start for '%s'",
+			dname));
+
+	/*
+	 * Mix getdents/readdir/readdirplus with lseek to ensure
+	 * we get the same result.
+	 */
+
+	/* Allocate the space for 20 entries.
+	 * Tricky as we need to allocate 20 struct smbc_dirent's + space
+	 * for the name lengths.
+	 */
+	getdentries_size = 20 * (sizeof(struct smbc_dirent) +
+				strlen("test_readdirplus_1000.txt") + 1);
+
+	getdentries = (struct smbc_dirent *)talloc_array_size(tctx,
+						getdentries_size,
+						1);
+	torture_assert_not_null_goto(
+		tctx,
+		getdentries,
+		success,
+		done,
+		"talloc fail");
+
+	ret = smbc_getdents(dhandle, getdentries, getdentries_size);
+	torture_assert_goto(tctx,
+		(ret != -1),
+		success,
+		done,
+		talloc_asprintf(tctx,
+			"smbd_getdents(1) for '%s' failed\n",
+			dname));
+
+	telldir_20 = smbc_telldir(dhandle);
+	torture_assert_goto(
+		tctx,
+		telldir_20 != (off_t)-1,
+		success,
+		done,
+		"telldir (20) failed\n");
+
+	/* Read another 20. */
+	ret = smbc_getdents(dhandle, getdentries, getdentries_size);
+	torture_assert_goto(tctx,
+		(ret != -1),
+		success,
+		done,
+		talloc_asprintf(tctx,
+			"smbd_getdents(2) for '%s' failed\n",
+			dname));
+
+	/* Seek back to 20. */
+	ret = smbc_lseekdir(dhandle, telldir_20);
+	torture_assert_int_equal_goto(tctx,
+		ret,
+		0,
+		success,
+		done,
+		talloc_asprintf(tctx,
+			"failed to seek (20) directory handle for '%s'",
+			dname));
+
+	/* Read with readdir. */
+	dirent_20 = smbc_readdir(dhandle);
+	torture_assert_not_null_goto(
+		tctx,
+		dirent_20,
+		success,
+		done,
+		"smbc_readdir (20) failed\n");
+
+	/* Ensure the getdents and readdir names are the same. */
+	ret = strcmp(dirent_20->name, getdentries[0].name);
+	torture_assert_goto(
+		tctx,
+		ret == 0,
+		success,
+		done,
+		talloc_asprintf(tctx,
+				"after seek (20) readdir name mismatch "
+				"file %s - got %s\n",
+				dirent_20->name,
+				getdentries[0].name));
+
+	/* Seek back to 20. */
+	ret = smbc_lseekdir(dhandle, telldir_20);
+	torture_assert_int_equal_goto(tctx,
+		ret,
+		0,
+		success,
+		done,
+		talloc_asprintf(tctx,
+			"failed to seek (20) directory handle for '%s'",
+			dname));
+	/* Read with readdirplus. */
+	direntries_20 = smbc_readdirplus(dhandle);
+	torture_assert_not_null_goto(
+		tctx,
+		direntries_20,
+		success,
+		done,
+		"smbc_readdirplus (20) failed\n");
+
+	/* Ensure the readdirplus and readdir names are the same. */
+	ret = strcmp(dirent_20->name, direntries_20->name);
+	torture_assert_goto(
+		tctx,
+		ret == 0,
+		success,
+		done,
+		talloc_asprintf(tctx,
+				"after seek (20) readdirplus name mismatch "
+				"file %s - got %s\n",
+				dirent_20->name,
+				direntries_20->name));
+
+	/* Seek back to 20. */
+	ret = smbc_lseekdir(dhandle, telldir_20);
+	torture_assert_int_equal_goto(tctx,
+		ret,
+		0,
+		success,
+		done,
+		talloc_asprintf(tctx,
+			"failed to seek (20) directory handle for '%s'",
+			dname));
+
+	/* Read with readdirplus2. */
+	direntriesplus_20 = smbc_readdirplus2(dhandle, &st2);
+	torture_assert_not_null_goto(
+		tctx,
+		direntriesplus_20,
+		success,
+		done,
+		"smbc_readdirplus2 (20) failed\n");
+
+	/* Ensure the readdirplus2 and readdirplus names are the same. */
+	ret = strcmp(direntries_20->name, direntriesplus_20->name);
+	torture_assert_goto(
+		tctx,
+		ret == 0,
+		success,
+		done,
+		talloc_asprintf(tctx,
+				"after seek (20) readdirplus2 name mismatch "
+				"file %s - got %s\n",
+				dirent_20->name,
+				direntries_20->name));
+
+	/* Ensure doing stat gets the same data. */
+	plus2_stat_path = talloc_asprintf(tctx,
+				"%s/%s",
+				dname,
+				direntriesplus_20->name);
+	torture_assert_not_null_goto(
+		tctx,
+		plus2_stat_path,
+		success,
+		done,
+		"talloc fail\n");
+
+	ret = smbc_stat(plus2_stat_path, &st);
+	torture_assert_int_equal_goto(tctx,
+		ret,
+		0,
+		success,
+		done,
+		talloc_asprintf(tctx,
+			"failed to stat file '%s'",
+			plus2_stat_path));
+
+	torture_assert_int_equal(tctx,
+		st.st_ino,
+		st2.st_ino,
+		talloc_asprintf(tctx,
+			"file %s mismatched ino value "
+			"stat got %"PRIx64" readdirplus2 got %"PRIx64"" ,
+			plus2_stat_path,
+			(uint64_t)st.st_ino,
+			(uint64_t)st2.st_ino));
+
+	torture_assert_int_equal(tctx,
+		st.st_dev,
+		st2.st_dev,
+		talloc_asprintf(tctx,
+			"file %s mismatched dev value "
+			"stat got %"PRIx64" readdirplus2 got %"PRIx64"" ,
+			plus2_stat_path,
+			(uint64_t)st.st_dev,
+			(uint64_t)st2.st_dev));
+
+	ret = smbc_closedir(dhandle);
+	torture_assert_int_equal(tctx,
+		ret,
+		0,
+		talloc_asprintf(tctx,
+			"failed to close directory handle for '%s'",
+			dname));
+
+	dhandle = -1;
+	success = true;
+
+  done:
+
+	/* Clean up. */
+	if (dhandle != -1) {
+		smbc_closedir(dhandle);
+	}
+	for (i = 0; i < 100; i++) {
+		if (full_filename[i] != NULL) {
+			smbc_unlink(full_filename[i]);
+		}
+	}
+	if (dname != NULL) {
+		smbc_rmdir(dname);
+	}
+
+	smbc_free_context(ctx, 1);
+
+	return success;
+}
+
+#ifndef SMBC_FILE_MODE
+#define SMBC_FILE_MODE (S_IFREG | 0444)
+#endif
+
+static bool torture_libsmbclient_readdirplus2(struct torture_context *tctx)
+{
+	SMBCCTX *ctx = NULL;
+	int dhandle = -1;
+	int fhandle = -1;
+	bool found = false;
+	bool success = false;
+	const char *filename = NULL;
+	struct stat st2 = {0};
+	struct stat st = {0};
+	int ret;
+	const char *smburl = torture_setting_string(tctx, "smburl", NULL);
+
+	if (smburl == NULL) {
+		torture_fail(tctx,
+			"option --option=torture:smburl="
+			"smb://user:password@server/share missing\n");
+	}
+
+	torture_assert_goto(tctx, torture_libsmbclient_init_context(tctx, &ctx), success, done, "");
+	smbc_set_context(ctx);
+
+	filename = talloc_asprintf(tctx,
+			"%s/test_readdirplus.txt",
+			smburl);
+	if (filename == NULL) {
+		torture_fail_goto(tctx, done, "talloc fail\n");
+	}
+
+	/* Ensure the file doesn't exist. */
+	smbc_unlink(filename);
+
+	/* Create it. */
+	fhandle = smbc_creat(filename, 0666);
+	if (fhandle < 0) {
+		torture_fail_goto(tctx,
+			done,
+			talloc_asprintf(tctx,
+				"failed to create file '%s': %s",
+				filename,
+				strerror(errno)));
+	}
+	ret = smbc_close(fhandle);
+	torture_assert_int_equal_goto(tctx,
+		ret,
+		0,
+		success,
+		done,
+		talloc_asprintf(tctx,
+			"failed to close handle for '%s'",
+			filename));
+
+	dhandle = smbc_opendir(smburl);
+	if (dhandle < 0) {
+		int saved_errno = errno;
+		smbc_unlink(filename);
+		torture_fail_goto(tctx,
+			done,
+			talloc_asprintf(tctx,
+				"failed to obtain "
+				"directory handle for '%s' : %s",
+				smburl,
+				strerror(saved_errno)));
+	}
+
+	/* readdirplus2 to ensure we see the new file. */
+	for (;;) {
+		const struct libsmb_file_info *exstat =
+			smbc_readdirplus2(dhandle, &st2);
+		if (exstat == NULL) {
+			break;
+		}
+
+		if (strcmp(exstat->name, "test_readdirplus.txt") == 0) {
+			found = true;
+			break;
+		}
+	}
+
+	if (!found) {
+		smbc_unlink(filename);
+		torture_fail_goto(tctx,
+			done,
+			talloc_asprintf(tctx,
+				"failed to find file '%s'",
+				filename));
+	}
+
+	/* Ensure mode is as expected. */
+	/*
+	 * New file gets SMBC_FILE_MODE plus
+	 * archive bit -> S_IXUSR
+	 * !READONLY -> S_IWUSR.
+	 */
+	torture_assert_int_equal_goto(tctx,
+		st2.st_mode,
+		SMBC_FILE_MODE|S_IXUSR|S_IWUSR,
+		success,
+		done,
+		talloc_asprintf(tctx,
+			"file %s st_mode should be 0%o, got 0%o'",
+			filename,
+			SMBC_FILE_MODE|S_IXUSR|S_IWUSR,
+			(unsigned int)st2.st_mode));
+
+	/* Ensure smbc_stat() gets the same data. */
+	ret = smbc_stat(filename, &st);
+	torture_assert_int_equal_goto(tctx,
+		ret,
+		0,
+		success,
+		done,
+		talloc_asprintf(tctx,
+			"failed to stat file '%s'",
+			filename));
+
+	torture_assert_int_equal_goto(tctx,
+		st2.st_ino,
+		st.st_ino,
+		success,
+		done,
+		talloc_asprintf(tctx,
+			"filename '%s' ino mismatch. "
+			"From smbc_readdirplus2 = %"PRIx64" "
+			"From smbc_stat = %"PRIx64"",
+			filename,
+			(uint64_t)st2.st_ino,
+			(uint64_t)st.st_ino));
+
+
+	/* Remove it again. */
+	smbc_unlink(filename);
+	ret = smbc_closedir(dhandle);
+	torture_assert_int_equal_goto(tctx,
+		ret,
+		0,
+		success,
+		done,
+		talloc_asprintf(tctx,
+			"failed to close directory handle for '%s'",
+			filename));
+	success = true;
+
+  done:
+	smbc_free_context(ctx, 1);
+	return success;
+}
+
+bool torture_libsmbclient_configuration(struct torture_context *tctx)
+{
+	SMBCCTX *ctx;
+	bool ok = true;
+
+	ctx = smbc_new_context();
+	torture_assert(tctx, ctx, "failed to get new context");
+	torture_assert(tctx, smbc_init_context(ctx), "failed to init context");
+
+	torture_comment(tctx, "Testing smbc_(set|get)Debug\n");
+	smbc_setDebug(ctx, DEBUGLEVEL);
+	torture_assert_int_equal_goto(tctx,
+				      smbc_getDebug(ctx),
+				      DEBUGLEVEL,
+				      ok,
+				      done,
+				      "failed to set DEBUGLEVEL");
+
+	torture_comment(tctx, "Testing smbc_(set|get)NetbiosName\n");
+	smbc_setNetbiosName(ctx, discard_const("torture_netbios"));
+	torture_assert_str_equal_goto(tctx,
+				      smbc_getNetbiosName(ctx),
+				      "torture_netbios",
+				      ok,
+				      done,
+				      "failed to set NetbiosName");
+
+	torture_comment(tctx, "Testing smbc_(set|get)Workgroup\n");
+	smbc_setWorkgroup(ctx, discard_const("torture_workgroup"));
+	torture_assert_str_equal_goto(tctx,
+				      smbc_getWorkgroup(ctx),
+				      "torture_workgroup",
+				      ok,
+				      done,
+				      "failed to set Workgroup");
+
+	torture_comment(tctx, "Testing smbc_(set|get)User\n");
+	smbc_setUser(ctx, "torture_user");
+	torture_assert_str_equal_goto(tctx,
+				      smbc_getUser(ctx),
+				      "torture_user",
+				      ok,
+				      done,
+				      "failed to set User");
+
+	torture_comment(tctx, "Testing smbc_(set|get)Timeout\n");
+	smbc_setTimeout(ctx, 12345);
+	torture_assert_int_equal_goto(tctx,
+				      smbc_getTimeout(ctx),
+				      12345,
+				      ok,
+				      done,
+				      "failed to set Timeout");
+
+done:
+	smbc_free_context(ctx, 1);
+
+	return ok;
+}
+
+bool torture_libsmbclient_options(struct torture_context *tctx)
+{
+	SMBCCTX *ctx;
+	bool ok = true;
+
+	ctx = smbc_new_context();
+	torture_assert(tctx, ctx, "failed to get new context");
+	torture_assert(tctx, smbc_init_context(ctx), "failed to init context");
+
+	torture_comment(tctx, "Testing smbc_(set|get)OptionDebugToStderr\n");
+	smbc_setOptionDebugToStderr(ctx, true);
+	torture_assert_goto(tctx,
+			    smbc_getOptionDebugToStderr(ctx),
+			    ok,
+			    done,
+			    "failed to set OptionDebugToStderr");
+
+	torture_comment(tctx, "Testing smbc_(set|get)OptionFullTimeNames\n");
+	smbc_setOptionFullTimeNames(ctx, true);
+	torture_assert_goto(tctx,
+			    smbc_getOptionFullTimeNames(ctx),
+			    ok,
+			    done,
+			    "failed to set OptionFullTimeNames");
+
+	torture_comment(tctx, "Testing smbc_(set|get)OptionOpenShareMode\n");
+	smbc_setOptionOpenShareMode(ctx, SMBC_SHAREMODE_DENY_ALL);
+	torture_assert_int_equal_goto(tctx,
+				      smbc_getOptionOpenShareMode(ctx),
+				      SMBC_SHAREMODE_DENY_ALL,
+				      ok,
+				      done,
+				      "failed to set OptionOpenShareMode");
+
+	torture_comment(tctx, "Testing smbc_(set|get)OptionUserData\n");
+	smbc_setOptionUserData(ctx, (void *)discard_const("torture_user_data"));
+	torture_assert_str_equal_goto(tctx,
+				      (const char*)smbc_getOptionUserData(ctx),
+				      "torture_user_data",
+				      ok,
+				      done,
+				      "failed to set OptionUserData");
+
+	torture_comment(tctx,
+			"Testing smbc_(set|get)OptionSmbEncryptionLevel\n");
+	smbc_setOptionSmbEncryptionLevel(ctx, SMBC_ENCRYPTLEVEL_REQUEST);
+	torture_assert_int_equal_goto(tctx,
+				      smbc_getOptionSmbEncryptionLevel(ctx),
+				      SMBC_ENCRYPTLEVEL_REQUEST,
+				      ok,
+				      done,
+				      "failed to set OptionSmbEncryptionLevel");
+
+	torture_comment(tctx, "Testing smbc_(set|get)OptionCaseSensitive\n");
+	smbc_setOptionCaseSensitive(ctx, false);
+	torture_assert_goto(tctx,
+			    !smbc_getOptionCaseSensitive(ctx),
+			    ok,
+			    done,
+			    "failed to set OptionCaseSensitive");
+
+	torture_comment(tctx,
+			"Testing smbc_(set|get)OptionBrowseMaxLmbCount\n");
+	smbc_setOptionBrowseMaxLmbCount(ctx, 2);
+	torture_assert_int_equal_goto(tctx,
+				      smbc_getOptionBrowseMaxLmbCount(ctx),
+				      2,
+				      ok,
+				      done,
+				      "failed to set OptionBrowseMaxLmbCount");
+
+	torture_comment(tctx,
+		       "Testing smbc_(set|get)OptionUrlEncodeReaddirEntries\n");
+	smbc_setOptionUrlEncodeReaddirEntries(ctx, true);
+	torture_assert_goto(tctx,
+			    smbc_getOptionUrlEncodeReaddirEntries(ctx),
+			    ok,
+			    done,
+			    "failed to set OptionUrlEncodeReaddirEntries");
+
+	torture_comment(tctx,
+			"Testing smbc_(set|get)OptionOneSharePerServer\n");
+	smbc_setOptionOneSharePerServer(ctx, true);
+	torture_assert_goto(tctx,
+			    smbc_getOptionOneSharePerServer(ctx),
+			    ok,
+			    done,
+			    "failed to set OptionOneSharePerServer");
+
+	torture_comment(tctx, "Testing smbc_(set|get)OptionUseKerberos\n");
+	smbc_setOptionUseKerberos(ctx, false);
+	torture_assert_goto(tctx,
+			    !smbc_getOptionUseKerberos(ctx),
+			    ok,
+			    done,
+			    "failed to set OptionUseKerberos");
+
+	torture_comment(tctx,
+			"Testing smbc_(set|get)OptionFallbackAfterKerberos\n");
+	smbc_setOptionFallbackAfterKerberos(ctx, false);
+	torture_assert_goto(tctx,
+			    !smbc_getOptionFallbackAfterKerberos(ctx),
+			    ok,
+			    done,
+			    "failed to set OptionFallbackAfterKerberos");
+
+	torture_comment(tctx,
+			"Testing smbc_(set|get)OptionNoAutoAnonymousLogin\n");
+	smbc_setOptionNoAutoAnonymousLogin(ctx, true);
+	torture_assert_goto(tctx,
+			    smbc_getOptionNoAutoAnonymousLogin(ctx),
+			    ok,
+			    done,
+			    "failed to set OptionNoAutoAnonymousLogin");
+
+	torture_comment(tctx, "Testing smbc_(set|get)OptionUseCCache\n");
+	smbc_setOptionUseCCache(ctx, true);
+	torture_assert_goto(tctx,
+			    smbc_getOptionUseCCache(ctx),
+			    ok,
+			    done,
+			    "failed to set OptionUseCCache");
+
+done:
+	smbc_free_context(ctx, 1);
+
+	return ok;
+}
+
+static bool torture_libsmbclient_list_shares(struct torture_context *tctx)
+{
+	const char *smburl = torture_setting_string(tctx, "smburl", NULL);
+	struct smbc_dirent *dirent = NULL;
+	SMBCCTX *ctx = NULL;
+	int dhandle = -1;
+	bool ipc_share_found = false;
+	bool ok = true;
+
+	if (smburl == NULL) {
+		torture_fail(tctx,
+			     "option --option=torture:smburl="
+			     "smb://user:password@server missing\n");
+	}
+
+	ok = torture_libsmbclient_init_context(tctx, &ctx);
+	torture_assert_goto(tctx,
+			    ok,
+			    ok,
+			    out,
+			    "Failed to init context");
+	smbc_set_context(ctx);
+
+	torture_comment(tctx, "Listing: %s\n", smburl);
+	dhandle = smbc_opendir(smburl);
+	torture_assert_int_not_equal_goto(tctx,
+					  dhandle,
+					  -1,
+					  ok,
+					  out,
+					  "Failed to open smburl");
+
+	while((dirent = smbc_readdir(dhandle)) != NULL) {
+		torture_comment(tctx, "DIR: %s\n", dirent->name);
+		torture_assert_not_null_goto(tctx,
+					     dirent->name,
+					     ok,
+					     out,
+					     "Failed to read name");
+
+		if (strequal(dirent->name, "IPC$")) {
+			ipc_share_found = true;
+		}
+	}
+
+	torture_assert_goto(tctx,
+			    ipc_share_found,
+			    ok,
+			    out,
+			    "Failed to list IPC$ share");
+
+out:
+	smbc_closedir(dhandle);
+	return ok;
+}
+
+static bool torture_libsmbclient_utimes(struct torture_context *tctx)
+{
+	const char *smburl = torture_setting_string(tctx, "smburl", NULL);
+	SMBCCTX *ctx = NULL;
+	struct stat st;
+	int fhandle, ret;
+	struct timeval tbuf[2];
+	bool ok;
+
+	if (smburl == NULL) {
+		torture_fail(tctx,
+			     "option --option=torture:smburl="
+			     "smb://user:password@server missing\n");
+	}
+
+	ok = torture_libsmbclient_init_context(tctx, &ctx);
+	torture_assert(tctx, ok, "Failed to init context");
+	smbc_set_context(ctx);
+
+	fhandle = smbc_open(smburl, O_RDWR|O_CREAT, 0644);
+	torture_assert_int_not_equal(tctx, fhandle, -1, "smbc_open failed");
+
+	ret = smbc_fstat(fhandle, &st);
+	torture_assert_int_not_equal(tctx, ret, -1, "smbc_fstat failed");
+
+	tbuf[0] = convert_timespec_to_timeval(get_atimespec(&st));
+	tbuf[1] = convert_timespec_to_timeval(get_mtimespec(&st));
+
+	tbuf[1] = timeval_add(&tbuf[1], 0, 100000); /* 100 msec */
+
+	ret = smbc_utimes(smburl, tbuf);
+	torture_assert_int_not_equal(tctx, ret, -1, "smbc_utimes failed");
+
+	ret = smbc_fstat(fhandle, &st);
+	torture_assert_int_not_equal(tctx, ret, -1, "smbc_fstat failed");
+
+	torture_assert_int_equal(
+		tctx,
+		get_mtimensec(&st) / 1000,
+		tbuf[1].tv_usec,
+		"smbc_utimes did not update msec");
+
+	smbc_close(fhandle);
+	smbc_unlink(smburl);
+	return true;
+}
+
+static bool torture_libsmbclient_noanon_list(struct torture_context *tctx)
+{
+	const char *smburl = torture_setting_string(tctx, "smburl", NULL);
+	struct smbc_dirent *dirent = NULL;
+	SMBCCTX *ctx = NULL;
+	int dhandle = -1;
+	bool ok = true;
+
+	if (smburl == NULL) {
+		torture_fail(tctx,
+			     "option --option=torture:smburl="
+			     "smb://user:password@server missing\n");
+	}
+
+	ok = torture_libsmbclient_init_context(tctx, &ctx);
+	torture_assert_goto(tctx,
+			    ok,
+			    ok,
+			    out,
+			    "Failed to init context");
+	torture_comment(tctx,
+			"Testing smbc_setOptionNoAutoAnonymousLogin\n");
+	smbc_setOptionNoAutoAnonymousLogin(ctx, true);
+	smbc_set_context(ctx);
+
+	torture_comment(tctx, "Listing: %s\n", smburl);
+	dhandle = smbc_opendir(smburl);
+	torture_assert_int_not_equal_goto(tctx,
+					  dhandle,
+					  -1,
+					  ok,
+					  out,
+					  "Failed to open smburl");
+
+	while((dirent = smbc_readdir(dhandle)) != NULL) {
+		torture_comment(tctx, "DIR: %s\n", dirent->name);
+		torture_assert_not_null_goto(tctx,
+					     dirent->name,
+					     ok,
+					     out,
+					     "Failed to read name");
+	}
+
+out:
+	smbc_closedir(dhandle);
+	return ok;
+}
+
+static bool torture_libsmbclient_rename(struct torture_context *tctx)
+{
+	SMBCCTX *ctx = NULL;
+	int fhandle = -1;
+	bool success = false;
+	const char *filename_src = NULL;
+	const char *filename_dst = NULL;
+	int ret;
+	const char *smburl = torture_setting_string(tctx, "smburl", NULL);
+
+	if (smburl == NULL) {
+		torture_fail(tctx,
+			"option --option=torture:smburl="
+			"smb://user:password@server/share missing\n");
+	}
+
+	torture_assert_goto(tctx,
+				torture_libsmbclient_init_context(tctx, &ctx),
+				success,
+				done,
+				"");
+
+	smbc_set_context(ctx);
+
+	filename_src = talloc_asprintf(tctx,
+			"%s/src",
+			smburl);
+	if (filename_src == NULL) {
+		torture_fail_goto(tctx, done, "talloc fail\n");
+	}
+
+	filename_dst = talloc_asprintf(tctx,
+			"%s/dst",
+			smburl);
+	if (filename_dst == NULL) {
+		torture_fail_goto(tctx, done, "talloc fail\n");
+	}
+
+	/* Ensure the files don't exist. */
+	smbc_unlink(filename_src);
+	smbc_unlink(filename_dst);
+
+	/* Create them. */
+	fhandle = smbc_creat(filename_src, 0666);
+	if (fhandle < 0) {
+		torture_fail_goto(tctx,
+			done,
+			talloc_asprintf(tctx,
+				"failed to create file '%s': %s",
+				filename_src,
+				strerror(errno)));
+	}
+	ret = smbc_close(fhandle);
+	torture_assert_int_equal_goto(tctx,
+		ret,
+		0,
+		success,
+		done,
+		talloc_asprintf(tctx,
+			"failed to close handle for '%s'",
+			filename_src));
+
+	fhandle = smbc_creat(filename_dst, 0666);
+	if (fhandle < 0) {
+		torture_fail_goto(tctx,
+			done,
+			talloc_asprintf(tctx,
+				"failed to create file '%s': %s",
+				filename_dst,
+				strerror(errno)));
+	}
+	ret = smbc_close(fhandle);
+	torture_assert_int_equal_goto(tctx,
+		ret,
+		0,
+		success,
+		done,
+		talloc_asprintf(tctx,
+			"failed to close handle for '%s'",
+			filename_dst));
+
+	ret = smbc_rename(filename_src, filename_dst);
+
+	/*
+	 * BUG: https://bugzilla.samba.org/show_bug.cgi?id=14938
+	 * gives ret == -1, but errno = 0 for overwrite renames
+	 * over SMB2.
+	 */
+	torture_assert_int_equal_goto(tctx,
+		ret,
+		0,
+		success,
+		done,
+		talloc_asprintf(tctx,
+			"smbc_rename '%s' -> '%s' failed with %s\n",
+			filename_src,
+			filename_dst,
+			strerror(errno)));
+
+	/* Remove them again. */
+	smbc_unlink(filename_src);
+	smbc_unlink(filename_dst);
+	success = true;
+
+  done:
+	smbc_free_context(ctx, 1);
+	return success;
+}
+
+static bool torture_libsmbclient_getatr(struct torture_context *tctx)
+{
+	const char *smburl = torture_setting_string(tctx, "smburl", NULL);
+	SMBCCTX *ctx = NULL;
+	char *getatr_name = NULL;
+	struct stat st = {0};
+	bool ok;
+	int ret = 0;
+	int err = 0;
+
+	if (smburl == NULL) {
+		torture_fail(tctx,
+			     "option --option=torture:smburl="
+			     "smb://user:password@server missing\n");
+	}
+
+	ok = torture_libsmbclient_init_context(tctx, &ctx);
+	torture_assert(tctx, ok, "Failed to init context");
+	smbc_set_context(ctx);
+
+	getatr_name = talloc_asprintf(tctx,
+			"%s/noexist",
+			smburl);
+	if (getatr_name == NULL) {
+		torture_result(tctx,
+			       TORTURE_FAIL,
+			       __location__": %s",
+			       "talloc fail\n");
+		return false;
+	}
+	/* Ensure the file doesn't exist. */
+	smbc_unlink(getatr_name);
+	/*
+	 * smbc_stat() internally uses SMBC_getatr().
+	 * Make sure doing getatr on a non-existent file gives
+	 * an error of -1, errno = ENOENT.
+	 */
+
+	ret = smbc_stat(getatr_name, &st);
+	if (ret == -1) {
+		err = errno;
+	}
+	torture_assert_int_equal(tctx,
+				 ret,
+				 -1,
+				 talloc_asprintf(tctx,
+					"smbc_stat on '%s' should "
+					"get -1, got %d\n",
+					getatr_name,
+					ret));
+	torture_assert_int_equal(tctx,
+				 err,
+				 ENOENT,
+				 talloc_asprintf(tctx,
+					"smbc_stat on '%s' should "
+					"get errno = ENOENT, got %s\n",
+					getatr_name,
+					strerror(err)));
+	return true;
+}
+
+static bool torture_libsmbclient_getxattr(struct torture_context *tctx)
+{
+	const char *smburl = torture_setting_string(tctx, "smburl", NULL);
+	int fhandle = -1;
+	SMBCCTX *ctx = NULL;
+	char *getxattr_name = NULL;
+	char value[4096];
+	bool ok = false;
+	int ret = -1;
+
+	if (smburl == NULL) {
+		torture_fail(tctx,
+			     "option --option=torture:smburl="
+			     "smb://user:password@server missing\n");
+	}
+
+	ok = torture_libsmbclient_init_context(tctx, &ctx);
+	torture_assert(tctx, ok, "Failed to init context");
+	smbc_set_context(ctx);
+
+	getxattr_name = talloc_asprintf(tctx,
+			"%s/getxattr",
+			smburl);
+	if (getxattr_name == NULL) {
+		torture_result(tctx,
+			       TORTURE_FAIL,
+			       __location__": %s",
+			       "talloc fail\n");
+		return false;
+	}
+	/* Ensure the file doesn't exist. */
+	smbc_unlink(getxattr_name);
+
+	/* Create testfile. */
+	fhandle = smbc_creat(getxattr_name, 0666);
+	if (fhandle < 0) {
+		torture_fail_goto(tctx,
+			done,
+			talloc_asprintf(tctx,
+				"failed to create file '%s': %s",
+				getxattr_name,
+				strerror(errno)));
+	}
+	ret = smbc_close(fhandle);
+	torture_assert_int_equal_goto(tctx,
+		ret,
+		0,
+		ok,
+		done,
+		talloc_asprintf(tctx,
+			"failed to close handle for '%s'",
+			getxattr_name));
+
+	/*
+	 * Ensure getting a non-existent attribute returns -1.
+	 */
+	ret = smbc_getxattr(getxattr_name, "foobar", value, sizeof(value));
+	torture_assert_int_equal_goto(tctx,
+		ret,
+		-1,
+		ok,
+		done,
+		talloc_asprintf(tctx,
+			"smbc_getxattr(foobar) on '%s' should "
+			"get -1, got %d\n",
+			getxattr_name,
+			ret));
+
+	/*
+	 * Ensure getting a valid attribute computes its size.
+	 */
+	ret = smbc_getxattr(getxattr_name, "system.*", NULL, 0);
+	torture_assert_goto(tctx,
+		ret >= 0,
+		ok,
+		done,
+		talloc_asprintf(tctx,
+			"smbc_getxattr(foobar, NULL) on '%s' should "
+			"get >=0, got %d\n",
+			getxattr_name,
+			ret));
+
+	/*
+	 * Ensure getting a valid attribute returns its size.
+	 */
+	ret = smbc_getxattr(getxattr_name, "system.*", value, sizeof(value));
+	torture_assert_goto(tctx,
+		ret >= 0,
+		ok,
+		done,
+		talloc_asprintf(tctx,
+			"smbc_getxattr(foobar, value) on '%s' should "
+			"get >=0, got %d\n",
+			getxattr_name,
+			ret));
+
+	ok = true;
+
+  done:
+
+	smbc_unlink(getxattr_name);
+	smbc_free_context(ctx, 1);
+	return ok;
+}
+
+NTSTATUS torture_libsmbclient_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite;
+
+	suite = torture_suite_create(ctx, "libsmbclient");
+
+	torture_suite_add_simple_test(suite, "version", torture_libsmbclient_version);
+	torture_suite_add_simple_test(suite, "initialize", torture_libsmbclient_initialize);
+	torture_suite_add_simple_test(suite, "configuration", torture_libsmbclient_configuration);
+	torture_suite_add_simple_test(suite, "setConfiguration", torture_libsmbclient_setConfiguration);
+	torture_suite_add_simple_test(suite, "options", torture_libsmbclient_options);
+	torture_suite_add_simple_test(suite, "opendir", torture_libsmbclient_opendir);
+	torture_suite_add_simple_test(suite, "list_shares", torture_libsmbclient_list_shares);
+	torture_suite_add_simple_test(suite, "readdirplus",
+		torture_libsmbclient_readdirplus);
+	torture_suite_add_simple_test(suite, "readdirplus_seek",
+		torture_libsmbclient_readdirplus_seek);
+	torture_suite_add_simple_test(suite, "readdirplus2",
+		torture_libsmbclient_readdirplus2);
+	torture_suite_add_simple_test(
+		suite, "utimes", torture_libsmbclient_utimes);
+	torture_suite_add_simple_test(
+		suite, "noanon_list", torture_libsmbclient_noanon_list);
+	torture_suite_add_simple_test(suite,
+					"rename",
+					torture_libsmbclient_rename);
+	torture_suite_add_simple_test(suite, "getatr",
+		torture_libsmbclient_getatr);
+	torture_suite_add_simple_test(suite, "getxattr",
+		torture_libsmbclient_getxattr);
+
+	suite->description = talloc_strdup(suite, "libsmbclient interface tests");
+
+	torture_register_suite(ctx, suite);
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/torture/libsmbclient/wscript_build b/source4/torture/libsmbclient/wscript_build
new file mode 100644
index 0000000..61d819b
--- /dev/null
+++ b/source4/torture/libsmbclient/wscript_build
@@ -0,0 +1,14 @@
+#!/usr/bin/env python
+
+
+bld.SAMBA_MODULE('TORTURE_LIBSMBCLIENT',
+	source='libsmbclient.c',
+	autoproto='proto.h',
+	subsystem='smbtorture',
+	init_function='torture_libsmbclient_init',
+	deps='smbclient CMDLINE_S4',
+	internal_module=True
+	)
+
+
+
diff --git a/source4/torture/local/dbspeed.c b/source4/torture/local/dbspeed.c
new file mode 100644
index 0000000..9452d6a
--- /dev/null
+++ b/source4/torture/local/dbspeed.c
@@ -0,0 +1,268 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   local test for tdb/ldb speed
+
+   Copyright (C) Andrew Tridgell 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include <tdb.h>
+#include <ldb.h>
+#include <ldb_errors.h>
+#include "ldb_wrap.h"
+#include "lib/tdb_wrap/tdb_wrap.h"
+#include "torture/smbtorture.h"
+#include "torture/local/proto.h"
+#include "param/param.h"
+
+float tdb_speed;
+
+static bool tdb_add_record(struct tdb_wrap *tdbw, const char *p1,
+			   const char *p2, int i)
+{
+	TDB_DATA key, data;
+	int ret;
+
+	key.dptr = (uint8_t *)talloc_asprintf(tdbw, "%s%u", p1, i);
+	key.dsize = strlen((char *)key.dptr)+1;
+	data.dptr = (uint8_t *)talloc_asprintf(tdbw, "%s%u", p2, i+10000);
+	data.dsize = strlen((char *)data.dptr)+1;
+
+	ret = tdb_store(tdbw->tdb, key, data, TDB_INSERT);
+
+	talloc_free(key.dptr);
+	talloc_free(data.dptr);
+	return ret == 0;
+}
+
+/*
+  test tdb speed
+*/
+static bool test_tdb_speed(struct torture_context *torture, const void *_data)
+{
+	struct timeval tv;
+	struct tdb_wrap *tdbw;
+	int timelimit = torture_setting_int(torture, "timelimit", 10);
+	int i, count;
+	TALLOC_CTX *tmp_ctx = talloc_new(torture);
+
+	unlink("test.tdb");
+
+	torture_comment(torture, "Testing tdb speed for sidmap\n");
+
+	tdbw = tdb_wrap_open(tmp_ctx, "test.tdb", 10000,
+			     lpcfg_tdb_flags(torture->lp_ctx, 0),
+			     O_RDWR|O_CREAT|O_TRUNC, 0600);
+	if (!tdbw) {
+		torture_result(torture, TORTURE_FAIL, "Failed to open test.tdb");
+		goto failed;
+	}
+
+	torture_comment(torture, "Adding %d SID records\n", torture_entries);
+
+	for (i=0;i<torture_entries;i++) {
+		if (!tdb_add_record(tdbw, 
+				    "S-1-5-21-53173311-3623041448-2049097239-",
+				    "UID ", i)) {
+			torture_result(torture, TORTURE_FAIL, "Failed to add SID %d!", i);
+			goto failed;
+		}
+		if (!tdb_add_record(tdbw, 
+				    "UID ",
+				    "S-1-5-21-53173311-3623041448-2049097239-", i)) {
+			torture_result(torture, TORTURE_FAIL, "Failed to add UID %d!", i);
+			goto failed;
+		}
+	}
+
+	torture_comment(torture, "Testing for %d seconds\n", timelimit);
+
+	tv = timeval_current();
+
+	for (count=0;timeval_elapsed(&tv) < timelimit;count++) {
+		TDB_DATA key, data;
+		i = random() % torture_entries;
+		key.dptr = (uint8_t *)talloc_asprintf(tmp_ctx, "S-1-5-21-53173311-3623041448-2049097239-%u", i);
+		key.dsize = strlen((char *)key.dptr)+1;
+		data = tdb_fetch(tdbw->tdb, key);
+		talloc_free(key.dptr);
+		if (data.dptr == NULL) {
+			torture_result(torture, TORTURE_FAIL, "Failed to find SID %d!", i);
+			goto failed;
+		}
+		free(data.dptr);
+		key.dptr = (uint8_t *)talloc_asprintf(tmp_ctx, "UID %u", i);
+		key.dsize = strlen((char *)key.dptr)+1;
+		data = tdb_fetch(tdbw->tdb, key);
+		talloc_free(key.dptr);
+		if (data.dptr == NULL) {
+			torture_result(torture, TORTURE_FAIL, "Failed to find UID %d!", i);
+			goto failed;
+		}
+		free(data.dptr);
+	}
+
+	tdb_speed = count/timeval_elapsed(&tv);
+	torture_comment(torture, "tdb speed %.2f ops/sec\n", tdb_speed);
+	
+	talloc_free(tmp_ctx);
+	unlink("test.tdb");
+	return true;
+
+failed:
+	talloc_free(tmp_ctx);
+	unlink("test.tdb");
+	return false;
+}
+
+
+static bool ldb_add_record(struct ldb_context *ldb, unsigned rid)
+{
+	struct ldb_message *msg;	
+	int ret;
+
+	msg = ldb_msg_new(ldb);
+	if (msg == NULL) {
+		return false;
+	}
+
+	msg->dn = ldb_dn_new_fmt(msg, ldb, "SID=S-1-5-21-53173311-3623041448-2049097239-%u", rid);
+	if (msg->dn == NULL) {
+		talloc_free(msg);
+		return false;
+	}
+
+	ret = ldb_msg_add_fmt(msg, "UID", "%u", rid);
+	if (ret != LDB_SUCCESS) {
+		talloc_free(msg);
+		return false;
+	}
+
+	ret = ldb_add(ldb, msg);
+
+	talloc_free(msg);
+
+	return ret == LDB_SUCCESS;
+}
+
+
+/*
+  test ldb speed
+*/
+static bool test_ldb_speed(struct torture_context *torture, const void *_data)
+{
+	struct timeval tv;
+	struct ldb_context *ldb;
+	int timelimit = torture_setting_int(torture, "timelimit", 10);
+	int i, count;
+	TALLOC_CTX *tmp_ctx = talloc_new(torture);
+	struct ldb_ldif *ldif;
+	const char *init_ldif = "dn: @INDEXLIST\n" \
+		"@IDXATTR: UID\n";
+	float ldb_speed;
+
+	unlink("./test.ldb");
+
+	torture_comment(torture, "Testing ldb speed for sidmap\n");
+
+	ldb = ldb_wrap_connect(tmp_ctx, torture->ev, torture->lp_ctx, "tdb://test.ldb",
+				NULL, NULL, LDB_FLG_NOSYNC);
+	if (!ldb) {
+		torture_result(torture, TORTURE_FAIL, "Failed to open test.ldb");
+		goto failed;
+	}
+
+	/* add an index */
+	ldif = ldb_ldif_read_string(ldb, &init_ldif);
+	if (ldif == NULL) {
+		torture_result(torture, TORTURE_FAIL, "Didn't get LDIF data!");
+		goto failed;
+	}
+	if (ldb_add(ldb, ldif->msg) != LDB_SUCCESS) {
+		torture_result(torture, TORTURE_FAIL, "Couldn't apply LDIF data!");
+		talloc_free(ldif);
+		goto failed;
+	}
+	talloc_free(ldif);
+
+	torture_comment(torture, "Adding %d SID records\n", torture_entries);
+
+	for (i=0;i<torture_entries;i++) {
+		if (!ldb_add_record(ldb, i)) {
+			torture_result(torture, TORTURE_FAIL, "Failed to add SID %d", i);
+			goto failed;
+		}
+	}
+
+	if (talloc_total_blocks(tmp_ctx) > 100) {
+		torture_result(torture, TORTURE_FAIL, "memory leak in ldb add");
+		goto failed;
+	}
+
+	torture_comment(torture, "Testing for %d seconds\n", timelimit);
+
+	tv = timeval_current();
+
+	for (count=0;timeval_elapsed(&tv) < timelimit;count++) {
+		struct ldb_dn *dn;
+		struct ldb_result *res;
+
+		i = random() % torture_entries;
+		dn = ldb_dn_new_fmt(tmp_ctx, ldb, "SID=S-1-5-21-53173311-3623041448-2049097239-%u", i);
+		if (ldb_search(ldb, tmp_ctx, &res, dn, LDB_SCOPE_BASE, NULL, NULL) != LDB_SUCCESS || res->count != 1) {
+			torture_result(torture, TORTURE_FAIL, "Failed to find SID %d!", i);
+			goto failed;
+		}
+		talloc_free(res);
+		talloc_free(dn);
+		if (ldb_search(ldb, tmp_ctx, &res, NULL, LDB_SCOPE_SUBTREE, NULL, "(UID=%u)", i) != LDB_SUCCESS || res->count != 1) {
+			torture_result(torture, TORTURE_FAIL, "Failed to find UID %d!", i);
+			goto failed;
+		}
+		talloc_free(res);
+	}
+
+	if (talloc_total_blocks(tmp_ctx) > 100) {
+		torture_result(torture, TORTURE_FAIL, "memory leak in ldb search");
+		goto failed;
+	}
+
+	ldb_speed = count/timeval_elapsed(&tv);
+	torture_comment(torture, "ldb speed %.2f ops/sec\n", ldb_speed);
+
+	torture_comment(torture, "ldb/tdb speed ratio is %.2f%%\n", (100*ldb_speed/tdb_speed));
+	
+	talloc_free(tmp_ctx);
+	unlink("./test.ldb");
+	return true;
+
+failed:
+	talloc_free(tmp_ctx);
+	unlink("./test.ldb");
+	return false;
+}
+
+struct torture_suite *torture_local_dbspeed(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *s = torture_suite_create(mem_ctx, "dbspeed");
+	torture_suite_add_simple_tcase_const(s, "tdb_speed", test_tdb_speed,
+			NULL);
+	torture_suite_add_simple_tcase_const(s, "ldb_speed", test_ldb_speed,
+			NULL);
+	return s;
+}
diff --git a/source4/torture/local/fsrvp_state.c b/source4/torture/local/fsrvp_state.c
new file mode 100644
index 0000000..9b63ec1
--- /dev/null
+++ b/source4/torture/local/fsrvp_state.c
@@ -0,0 +1,492 @@
+/*
+   Test suite for FSRVP server state
+
+   Copyright (C) David Disseldorp 2012-2015
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <unistd.h>
+
+#include "librpc/gen_ndr/security.h"
+#include "lib/param/param.h"
+#include "lib/util/dlinklist.h"
+#include "libcli/resolve/resolve.h"
+#include "librpc/gen_ndr/ndr_fsrvp.h"
+#include "librpc/gen_ndr/ndr_fsrvp_c.h"
+#include "source3/rpc_server/fss/srv_fss_private.h"
+#include "torture/torture.h"
+#include "torture/local/proto.h"
+
+static bool test_fsrvp_state_empty(struct torture_context *tctx)
+{
+	NTSTATUS status;
+	struct fss_global fss_global;
+	struct stat sbuf;
+	char db_dir[] = "fsrvp_torture_XXXXXX";
+	char *db_path = talloc_asprintf(NULL, "%s/%s",
+					mkdtemp(db_dir), FSS_DB_NAME);
+
+	memset(&fss_global, 0, sizeof(fss_global));
+	fss_global.mem_ctx = talloc_new(NULL);
+	fss_global.db_path = db_path;
+
+	status = fss_state_store(fss_global.mem_ctx, fss_global.sc_sets,
+				 fss_global.sc_sets_count, fss_global.db_path);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "failed to store empty fss state");
+
+	torture_assert_int_equal(tctx, stat(fss_global.db_path, &sbuf), 0,
+			"failed to stat fss state tdb");
+	talloc_free(fss_global.mem_ctx);
+
+	memset(&fss_global, 0, sizeof(fss_global));
+	fss_global.mem_ctx = talloc_new(NULL);
+	fss_global.db_path = db_path;
+
+	status = fss_state_retrieve(fss_global.mem_ctx, &fss_global.sc_sets,
+				    &fss_global.sc_sets_count,
+				    fss_global.db_path);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "failed to retrieve empty fss state");
+	torture_assert_int_equal(tctx, fss_global.sc_sets_count, 0,
+				 "sc_sets_count set when it should be zero");
+	talloc_free(fss_global.mem_ctx);
+	unlink(db_path);
+	rmdir(db_dir);
+	talloc_free(db_path);
+
+	return true;
+}
+
+static bool test_fsrvp_state_sc_set(struct torture_context *tctx,
+				    TALLOC_CTX *mem_ctx,
+				    struct fss_sc_set **sc_set_out)
+{
+	struct fss_sc_set *sc_set;
+
+	sc_set = talloc_zero(mem_ctx, struct fss_sc_set);
+	sc_set->id = GUID_random();
+	sc_set->id_str = GUID_string(sc_set, &sc_set->id);
+	sc_set->state = FSS_SC_COMMITED;
+	sc_set->context = FSRVP_CTX_FILE_SHARE_BACKUP;
+	*sc_set_out = sc_set;
+
+	return true;
+}
+
+static bool test_fsrvp_state_sc(struct torture_context *tctx,
+				TALLOC_CTX *mem_ctx,
+				struct fss_sc **sc_out)
+{
+	struct fss_sc *sc;
+
+	sc = talloc_zero(mem_ctx, struct fss_sc);
+	sc->id = GUID_random();
+	sc->id_str = GUID_string(sc, &sc->id);
+	sc->volume_name = talloc_strdup(sc, "/this/is/a/path");
+	/* keep snap path NULL, i.e. not yet committed */
+	sc->create_ts = time(NULL);
+	*sc_out = sc;
+
+	return true;
+}
+
+static bool test_fsrvp_state_smap(struct torture_context *tctx,
+				TALLOC_CTX *mem_ctx,
+				const char *base_share_name,
+				const char *sc_share_name,
+				struct fss_sc_smap **smap_out)
+{
+	struct fss_sc_smap *smap;
+
+	smap = talloc_zero(mem_ctx, struct fss_sc_smap);
+	smap->share_name = talloc_strdup(mem_ctx, base_share_name);
+	smap->sc_share_name = talloc_strdup(mem_ctx, sc_share_name);
+	smap->sc_share_comment = talloc_strdup(mem_ctx, "test sc share comment");
+	smap->is_exposed = false;
+	*smap_out = smap;
+
+	return true;
+}
+
+static bool test_fsrvp_state_smap_compare(struct torture_context *tctx,
+					  struct fss_sc_smap *smap_1,
+					  struct fss_sc_smap *smap_2)
+{
+	/* already confirmed by caller */
+	torture_assert_str_equal(tctx, smap_1->sc_share_name,
+				 smap_2->sc_share_name,
+				 "smap sc share name strings differ");
+
+	torture_assert_str_equal(tctx, smap_1->share_name,
+				 smap_2->share_name,
+				 "smap share name strings differ");
+
+	torture_assert_str_equal(tctx, smap_1->sc_share_comment,
+				 smap_2->sc_share_comment,
+				 "smap sc share comment strings differ");
+
+	torture_assert(tctx, (smap_1->is_exposed == smap_2->is_exposed),
+		       "smap exposure settings differ");
+
+	return true;
+}
+
+static bool test_fsrvp_state_sc_compare(struct torture_context *tctx,
+					struct fss_sc *sc_1,
+					struct fss_sc *sc_2)
+{
+	struct fss_sc_smap *smap_1;
+	struct fss_sc_smap *smap_2;
+	bool ok;
+
+	/* should have already been confirmed by the caller */
+	torture_assert(tctx, GUID_equal(&sc_1->id, &sc_2->id),
+		       "sc guids differ");
+
+	torture_assert_str_equal(tctx, sc_1->volume_name, sc_2->volume_name,
+				 "sc volume_name strings differ");
+
+	/* may be null, assert_str_eq handles null ptrs safely */
+	torture_assert_str_equal(tctx, sc_1->sc_path, sc_2->sc_path,
+				 "sc path strings differ");
+
+	torture_assert(tctx, difftime(sc_1->create_ts, sc_2->create_ts) == 0,
+		       "sc create timestamps differ");
+
+	torture_assert_int_equal(tctx, sc_1->smaps_count, sc_2->smaps_count,
+				 "sc smaps counts differ");
+
+	for (smap_1 = sc_1->smaps; smap_1; smap_1 = smap_1->next) {
+		bool matched = false;
+		for (smap_2 = sc_2->smaps; smap_2; smap_2 = smap_2->next) {
+			if (strcmp(smap_1->sc_share_name,
+				   smap_2->sc_share_name) == 0) {
+				matched = true;
+				ok = test_fsrvp_state_smap_compare(tctx,
+								   smap_1,
+								   smap_2);
+				torture_assert(tctx, ok, "");
+				break;
+			}
+		}
+		torture_assert(tctx, matched, "no match for smap");
+	}
+
+	return true;
+}
+
+static bool test_fsrvp_state_sc_set_compare(struct torture_context *tctx,
+					    struct fss_sc_set *sc_set_1,
+					    struct fss_sc_set *sc_set_2)
+{
+	struct fss_sc *sc_1;
+	struct fss_sc *sc_2;
+	bool ok;
+
+	/* should have already been confirmed by the caller */
+	torture_assert(tctx, GUID_equal(&sc_set_1->id, &sc_set_2->id),
+		       "sc_set guids differ");
+
+	torture_assert_str_equal(tctx, sc_set_1->id_str, sc_set_2->id_str,
+				 "sc_set guid strings differ");
+
+	torture_assert_int_equal(tctx, sc_set_1->state, sc_set_2->state,
+				 "sc_set state enums differ");
+
+	torture_assert_int_equal(tctx, sc_set_1->context, sc_set_2->context,
+				 "sc_set contexts differ");
+
+	torture_assert_int_equal(tctx, sc_set_1->scs_count, sc_set_2->scs_count,
+				 "sc_set sc counts differ");
+
+	for (sc_1 = sc_set_1->scs; sc_1; sc_1 = sc_1->next) {
+		bool matched = false;
+		for (sc_2 = sc_set_2->scs; sc_2; sc_2 = sc_2->next) {
+			if (GUID_equal(&sc_1->id, &sc_2->id)) {
+				matched = true;
+				ok = test_fsrvp_state_sc_compare(tctx, sc_1,
+								       sc_2);
+				torture_assert(tctx, ok, "");
+				break;
+			}
+		}
+		torture_assert(tctx, matched, "no match for sc");
+	}
+	return true;
+}
+
+static bool test_fsrvp_state_compare(struct torture_context *tctx,
+				     struct fss_global *fss_1,
+				     struct fss_global *fss_2)
+{
+	struct fss_sc_set *sc_set_1;
+	struct fss_sc_set *sc_set_2;
+	bool ok;
+
+	torture_assert_int_equal(tctx, fss_1->sc_sets_count,
+				 fss_2->sc_sets_count,
+				 "sc_sets_count differ");
+
+	for (sc_set_1 = fss_1->sc_sets; sc_set_1; sc_set_1 = sc_set_1->next) {
+		bool matched = false;
+		for (sc_set_2 = fss_2->sc_sets;
+		     sc_set_2;
+		     sc_set_2 = sc_set_2->next) {
+			if (GUID_equal(&sc_set_1->id, &sc_set_2->id)) {
+				matched = true;
+				ok = test_fsrvp_state_sc_set_compare(tctx,
+								     sc_set_1,
+								     sc_set_2);
+				torture_assert(tctx, ok, "");
+				break;
+			}
+		}
+		torture_assert(tctx, matched, "no match for sc_set");
+	}
+
+	return true;
+}
+
+/*
+ * test a simple hierarchy of:
+ *
+ *       |
+ *     sc_set
+ *       |
+ *      sc
+ *        \
+ *       smap
+ */
+static bool test_fsrvp_state_single(struct torture_context *tctx)
+{
+	NTSTATUS status;
+	bool ok;
+	struct fss_global fss_gs;
+	struct fss_global fss_gr;
+	struct fss_sc_set *sc_set;
+	struct fss_sc *sc;
+	struct fss_sc_smap *smap;
+	char db_dir[] = "fsrvp_torture_XXXXXX";
+	char *db_path = talloc_asprintf(NULL, "%s/%s",
+					mkdtemp(db_dir), FSS_DB_NAME);
+
+	memset(&fss_gs, 0, sizeof(fss_gs));
+	fss_gs.mem_ctx = talloc_new(NULL);
+	fss_gs.db_path = db_path;
+
+	ok = test_fsrvp_state_sc_set(tctx, fss_gs.mem_ctx, &sc_set);
+	torture_assert(tctx, ok, "failed to create sc set");
+
+	/* use parent as mem ctx */
+	ok = test_fsrvp_state_sc(tctx, sc_set, &sc);
+	torture_assert(tctx, ok, "failed to create sc");
+
+	ok = test_fsrvp_state_smap(tctx, sc, "base_share", "sc_share", &smap);
+	torture_assert(tctx, ok, "failed to create smap");
+
+	DLIST_ADD_END(fss_gs.sc_sets, sc_set);
+	fss_gs.sc_sets_count++;
+	DLIST_ADD_END(sc_set->scs, sc);
+	sc_set->scs_count++;
+	sc->sc_set = sc_set;
+	DLIST_ADD_END(sc->smaps, smap);
+	sc->smaps_count++;
+
+	status = fss_state_store(fss_gs.mem_ctx, fss_gs.sc_sets,
+				 fss_gs.sc_sets_count, fss_gs.db_path);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "failed to store fss state");
+
+	memset(&fss_gr, 0, sizeof(fss_gr));
+	fss_gr.mem_ctx = talloc_new(NULL);
+	fss_gr.db_path = db_path;
+
+	status = fss_state_retrieve(fss_gr.mem_ctx, &fss_gr.sc_sets,
+				    &fss_gr.sc_sets_count, fss_gr.db_path);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "failed to retrieve fss state");
+
+	ok = test_fsrvp_state_compare(tctx, &fss_gs, &fss_gr);
+	torture_assert(tctx, ok,
+		       "stored and retrieved state comparison failed");
+
+	talloc_free(fss_gs.mem_ctx);
+	talloc_free(fss_gr.mem_ctx);
+	unlink(db_path);
+	rmdir(db_dir);
+	talloc_free(db_path);
+
+	return true;
+}
+
+/*
+ * test a complex hierarchy of:
+ *
+ *              /\
+ *             /  \
+ *     sc_set_a    sc_set_b
+ *     /     \
+ * sc_aa      sc_ab
+ * |          |   \
+ * smap_aaa   |    \
+ *            |     \
+ *       smap_aba   smap_abb
+ */
+static bool test_fsrvp_state_multi(struct torture_context *tctx)
+{
+	NTSTATUS status;
+	bool ok;
+	struct fss_global fss_gs;
+	struct fss_global fss_gr;
+	struct fss_sc_set *sc_set_a;
+	struct fss_sc_set *sc_set_b;
+	struct fss_sc *sc_aa;
+	struct fss_sc *sc_ab;
+	struct fss_sc_smap *smap_aaa;
+	struct fss_sc_smap *smap_aba;
+	struct fss_sc_smap *smap_abb;
+	char db_dir[] = "fsrvp_torture_XXXXXX";
+	char *db_path = talloc_asprintf(NULL, "%s/%s",
+					mkdtemp(db_dir), FSS_DB_NAME);
+
+	memset(&fss_gs, 0, sizeof(fss_gs));
+	fss_gs.mem_ctx = talloc_new(NULL);
+	fss_gs.db_path = db_path;
+
+	ok = test_fsrvp_state_sc_set(tctx, fss_gs.mem_ctx, &sc_set_a);
+	torture_assert(tctx, ok, "failed to create sc set");
+
+	ok = test_fsrvp_state_sc_set(tctx, fss_gs.mem_ctx, &sc_set_b);
+	torture_assert(tctx, ok, "failed to create sc set");
+
+	/* use parent as mem ctx */
+	ok = test_fsrvp_state_sc(tctx, sc_set_a, &sc_aa);
+	torture_assert(tctx, ok, "failed to create sc");
+
+	ok = test_fsrvp_state_sc(tctx, sc_set_a, &sc_ab);
+	torture_assert(tctx, ok, "failed to create sc");
+
+	ok = test_fsrvp_state_smap(tctx, sc_ab, "share_aa", "sc_share_aaa",
+				   &smap_aaa);
+	torture_assert(tctx, ok, "failed to create smap");
+
+	ok = test_fsrvp_state_smap(tctx, sc_ab, "share_ab", "sc_share_aba",
+				   &smap_aba);
+	torture_assert(tctx, ok, "failed to create smap");
+
+	ok = test_fsrvp_state_smap(tctx, sc_ab, "share_ab", "sc_share_abb",
+				   &smap_abb);
+	torture_assert(tctx, ok, "failed to create smap");
+
+	DLIST_ADD_END(fss_gs.sc_sets, sc_set_a);
+	fss_gs.sc_sets_count++;
+	DLIST_ADD_END(fss_gs.sc_sets, sc_set_b);
+	fss_gs.sc_sets_count++;
+
+	DLIST_ADD_END(sc_set_a->scs, sc_aa);
+	sc_set_a->scs_count++;
+	sc_aa->sc_set = sc_set_a;
+	DLIST_ADD_END(sc_set_a->scs, sc_ab);
+	sc_set_a->scs_count++;
+	sc_ab->sc_set = sc_set_a;
+
+	DLIST_ADD_END(sc_aa->smaps, smap_aaa);
+	sc_aa->smaps_count++;
+	DLIST_ADD_END(sc_ab->smaps, smap_aba);
+	sc_ab->smaps_count++;
+	DLIST_ADD_END(sc_ab->smaps, smap_abb);
+	sc_ab->smaps_count++;
+
+	status = fss_state_store(fss_gs.mem_ctx, fss_gs.sc_sets,
+				 fss_gs.sc_sets_count, fss_gs.db_path);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "failed to store fss state");
+
+	memset(&fss_gr, 0, sizeof(fss_gr));
+	fss_gr.mem_ctx = talloc_new(NULL);
+	fss_gr.db_path = db_path;
+	status = fss_state_retrieve(fss_gr.mem_ctx, &fss_gr.sc_sets,
+				    &fss_gr.sc_sets_count, fss_gr.db_path);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "failed to retrieve fss state");
+
+	ok = test_fsrvp_state_compare(tctx, &fss_gs, &fss_gr);
+	torture_assert(tctx, ok,
+		       "stored and retrieved state comparison failed");
+
+	talloc_free(fss_gs.mem_ctx);
+	talloc_free(fss_gr.mem_ctx);
+	unlink(db_path);
+	rmdir(db_dir);
+	talloc_free(db_path);
+
+	return true;
+}
+
+static bool test_fsrvp_state_none(struct torture_context *tctx)
+{
+	NTSTATUS status;
+	struct fss_global fss_global;
+	char db_dir[] = "fsrvp_torture_XXXXXX";
+	char *db_path = talloc_asprintf(NULL, "%s/%s",
+					mkdtemp(db_dir), FSS_DB_NAME);
+
+	memset(&fss_global, 0, sizeof(fss_global));
+	fss_global.mem_ctx = talloc_new(NULL);
+	fss_global.db_path = db_path;
+
+	status = fss_state_retrieve(fss_global.mem_ctx, &fss_global.sc_sets,
+				    &fss_global.sc_sets_count,
+				    fss_global.db_path);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "failed to retrieve fss state");
+	torture_assert_int_equal(tctx, fss_global.sc_sets_count, 0,
+				 "sc_sets_count set when it should be zero");
+	talloc_free(fss_global.mem_ctx);
+	unlink(db_path);
+	rmdir(db_dir);
+	talloc_free(db_path);
+
+	return true;
+}
+
+struct torture_suite *torture_local_fsrvp(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx,
+							   "fsrvp_state");
+
+	/* dbwrap uses talloc_tos(), hence we need a stackframe :( */
+	talloc_stackframe();
+
+	torture_suite_add_simple_test(suite,
+				      "state_empty",
+				      test_fsrvp_state_empty);
+
+	torture_suite_add_simple_test(suite,
+				      "state_single",
+				      test_fsrvp_state_single);
+
+	torture_suite_add_simple_test(suite,
+				      "state_multi",
+				      test_fsrvp_state_multi);
+
+	torture_suite_add_simple_test(suite,
+				      "state_none",
+				      test_fsrvp_state_none);
+
+	return suite;
+}
diff --git a/source4/torture/local/local.c b/source4/torture/local/local.c
new file mode 100644
index 0000000..95417ef
--- /dev/null
+++ b/source4/torture/local/local.c
@@ -0,0 +1,105 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB torture tester
+   Copyright (C) Jelmer Vernooij 2006
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/smbtorture.h"
+#include "torture/local/proto.h"
+#include "torture/ndr/proto.h"
+#include "torture/auth/proto.h"
+#include "../lib/crypto/test_proto.h"
+#include "lib/registry/tests/proto.h"
+#include "lib/replace/replace-testsuite.h"
+
+/* ignore me */ static struct torture_suite *
+	(*suite_generators[]) (TALLOC_CTX *mem_ctx) =
+{
+	torture_local_binding_string,
+	torture_ntlmssp,
+	torture_smbencrypt,
+	torture_local_messaging,
+	torture_local_irpc,
+	torture_local_util_strlist,
+	torture_local_util_file,
+	torture_local_util_str,
+	torture_local_util_time,
+	torture_local_util_data_blob,
+	torture_local_util_binsearch,
+	torture_local_util_asn1,
+	torture_local_util_anonymous_shared,
+	torture_local_util_strv,
+	torture_local_util_strv_util,
+	torture_local_util,
+	torture_local_idtree,
+	torture_local_dlinklist,
+	torture_local_genrand,
+	torture_local_iconv,
+	torture_local_socket,
+	torture_pac,
+	torture_local_resolve,
+	torture_local_ndr,
+	torture_local_tdr,
+	torture_local_share,
+	torture_local_loadparm,
+	torture_local_charset,
+	torture_local_convert_string_handle,
+	torture_local_convert_string,
+	torture_local_string_case_handle,
+	torture_local_string_case,
+	torture_local_util_unistr,
+	torture_local_event,
+	torture_local_tevent_req,
+	torture_local_torture,
+	torture_local_dbspeed,
+	torture_ldb,
+	torture_dsdb_dn,
+	torture_dsdb_syntax,
+	torture_registry,
+	torture_local_verif_trailer,
+	torture_local_nss,
+	torture_local_fsrvp,
+	torture_local_util_str_escape,
+	torture_local_tfork,
+	torture_local_mdspkt,
+	torture_local_smbtorture,
+	NULL
+};
+
+NTSTATUS torture_local_init(TALLOC_CTX *ctx)
+{
+	int i;
+	struct torture_suite *suite = torture_suite_create(
+		ctx, "local");
+
+	torture_suite_add_simple_test(suite, "talloc", torture_local_talloc);
+	torture_suite_add_simple_test(suite, "replace", torture_local_replace);
+
+	torture_suite_add_simple_test(suite,
+				      "crypto.md4", torture_local_crypto_md4);
+
+	for (i = 0; suite_generators[i]; i++)
+		torture_suite_add_suite(suite,
+					suite_generators[i](ctx));
+
+	suite->description = talloc_strdup(suite,
+					   "Local, Samba-specific tests");
+
+	torture_register_suite(ctx, suite);
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/torture/local/mdspkt.c b/source4/torture/local/mdspkt.c
new file mode 100644
index 0000000..dd9c391
--- /dev/null
+++ b/source4/torture/local/mdspkt.c
@@ -0,0 +1,104 @@
+/*
+ * Tests for mdssvc packets (un)marshalling
+ *
+ * Copyright Ralph Boehme <slow@samba.org> 2019
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "replace.h"
+#include <talloc.h>
+#include "libcli/util/ntstatus.h"
+#include "lib/util/samba_util.h"
+#include "lib/torture/torture.h"
+#include "lib/util/data_blob.h"
+#include "torture/local/proto.h"
+#include "mdssvc/marshalling.h"
+
+static const unsigned char mdspkt_empty_cnid_fm[] = {
+	0x34, 0x33, 0x32, 0x31, 0x33, 0x30, 0x64, 0x6d,
+	0x0c, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x02, 0x01, 0x00, 0x00, 0x00,
+	0x02, 0x00, 0x00, 0x84, 0x01, 0x00, 0x00, 0x00,
+	0x23, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x87, 0x08, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x02, 0x03, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x07, 0x08, 0x00, 0x00, 0x00,
+	0x04, 0x00, 0x00, 0x88, 0x00, 0x00, 0x00, 0x00,
+	0x02, 0x00, 0x00, 0x0a, 0x03, 0x00, 0x00, 0x00,
+	0x05, 0x00, 0x00, 0x1a, 0x00, 0x00, 0x00, 0x00,
+	0x07, 0x00, 0x00, 0x1b, 0x00, 0x00, 0x00, 0x00
+};
+
+static const char *mdspkt_empty_cnid_fm_dump =
+"DALLOC_CTX(#1): {\n"
+"	sl_array_t(#3): {\n"
+"		uint64_t: 0x0023\n"
+"		CNIDs: unkn1: 0x0, unkn2: 0x0\n"
+"			DALLOC_CTX(#0): {\n"
+"			}\n"
+"		sl_filemeta_t(#0): {\n"
+"		}\n"
+"	}\n"
+"}\n";
+
+static bool test_mdspkt_empty_cnid_fm(struct torture_context *tctx)
+{
+	DALLOC_CTX *d = NULL;
+	sl_cnids_t *cnids = NULL;
+	char *dstr = NULL;
+	size_t ncnids;
+	bool ret = true;
+
+	d = dalloc_new(tctx);
+	torture_assert_not_null_goto(tctx, d, ret, done,
+				     "dalloc_new failed\n");
+
+	ret = sl_unpack(d,
+			(const char *)mdspkt_empty_cnid_fm,
+			sizeof(mdspkt_empty_cnid_fm));
+	torture_assert_goto(tctx, ret, ret, done, "sl_unpack failed\n");
+
+	cnids = dalloc_get(d, "DALLOC_CTX", 0, "sl_cnids_t", 1);
+	torture_assert_not_null_goto(tctx, cnids, ret, done,
+				     "dalloc_get cnids failed\n");
+
+	ncnids = dalloc_size(cnids->ca_cnids);
+	torture_assert_int_equal_goto(tctx, ncnids, 0, ret, done,
+				      "Wrong number of CNIDs\n");
+
+	dstr = dalloc_dump(d, 0);
+	torture_assert_not_null_goto(tctx, dstr, ret, done,
+				     "dalloc_dump failed\n");
+
+	torture_assert_str_equal_goto(tctx, dstr, mdspkt_empty_cnid_fm_dump,
+				      ret, done, "Bad dump\n");
+
+done:
+	TALLOC_FREE(d);
+	return ret;
+}
+
+struct torture_suite *torture_local_mdspkt(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite =
+		torture_suite_create(mem_ctx, "mdspkt");
+
+	torture_suite_add_simple_test(suite,
+				      "empty_cnid_fm",
+				      test_mdspkt_empty_cnid_fm);
+
+	return suite;
+}
diff --git a/source4/torture/local/nss_tests.c b/source4/torture/local/nss_tests.c
new file mode 100644
index 0000000..e911aa2
--- /dev/null
+++ b/source4/torture/local/nss_tests.c
@@ -0,0 +1,1061 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   local testing of the nss wrapper
+
+   Copyright (C) Guenther Deschner 2009-2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+
+#include "torture/torture.h"
+#include "torture/local/proto.h"
+#include "lib/replace/system/passwd.h"
+
+static bool copy_passwd(struct torture_context *tctx,
+			const struct passwd *pwd,
+			struct passwd *p)
+{
+	p->pw_name	= talloc_strdup(tctx, pwd->pw_name);
+	torture_assert(tctx, (p->pw_name != NULL || pwd->pw_name == NULL), __location__);
+	p->pw_passwd	= talloc_strdup(tctx, pwd->pw_passwd);
+	torture_assert(tctx, (p->pw_passwd != NULL || pwd->pw_passwd == NULL), __location__);
+	p->pw_uid	= pwd->pw_uid;
+	p->pw_gid	= pwd->pw_gid;
+	p->pw_gecos	= talloc_strdup(tctx, pwd->pw_gecos);
+	torture_assert(tctx, (p->pw_gecos != NULL || pwd->pw_gecos == NULL), __location__);
+	p->pw_dir	= talloc_strdup(tctx, pwd->pw_dir);
+	torture_assert(tctx, (p->pw_dir != NULL || pwd->pw_dir == NULL), __location__);
+	p->pw_shell	= talloc_strdup(tctx, pwd->pw_shell);
+	torture_assert(tctx, (p->pw_shell != NULL || pwd->pw_shell == NULL), __location__);
+
+	return true;
+}
+
+static void print_passwd(struct passwd *pwd)
+{
+	printf("%s:%s:%lu:%lu:%s:%s:%s\n",
+	       pwd->pw_name,
+	       pwd->pw_passwd,
+	       (unsigned long)pwd->pw_uid,
+	       (unsigned long)pwd->pw_gid,
+	       pwd->pw_gecos,
+	       pwd->pw_dir,
+	       pwd->pw_shell);
+}
+
+
+static bool test_getpwnam(struct torture_context *tctx,
+			  const char *name,
+			  struct passwd *pwd_p)
+{
+	struct passwd *pwd;
+	int ret;
+
+	torture_comment(tctx, "Testing getpwnam: %s\n", name);
+
+	errno = 0;
+	pwd = getpwnam(name);
+	ret = errno;
+	torture_assert(tctx, (pwd != NULL), talloc_asprintf(tctx,
+		       "getpwnam(%s) failed - %d - %s",
+		       name, ret, strerror(ret)));
+
+	if (pwd_p != NULL) {
+		torture_assert(tctx, copy_passwd(tctx, pwd, pwd_p), __location__);
+	}
+
+	return true;
+}
+
+static bool test_getpwnam_r(struct torture_context *tctx,
+			    const char *name,
+			    struct passwd *pwd_p)
+{
+	struct passwd pwd, *pwdp;
+	char buffer[4096];
+	int ret;
+
+	torture_comment(tctx, "Testing getpwnam_r: %s\n", name);
+
+	ret = getpwnam_r(name, &pwd, buffer, sizeof(buffer), &pwdp);
+	torture_assert(tctx, ret == 0, talloc_asprintf(tctx,
+		       "getpwnam_r(%s) failed - %d - %s",
+		       name, ret, strerror(ret)));
+
+	print_passwd(&pwd);
+
+	if (pwd_p != NULL) {
+		torture_assert(tctx, copy_passwd(tctx, &pwd, pwd_p), __location__);
+	}
+
+	return true;
+}
+
+static bool test_getpwuid(struct torture_context *tctx,
+			  uid_t uid,
+			  struct passwd *pwd_p)
+{
+	struct passwd *pwd;
+	int ret;
+
+	torture_comment(tctx, "Testing getpwuid: %lu\n", (unsigned long)uid);
+
+	errno = 0;
+	pwd = getpwuid(uid);
+	ret = errno;
+	torture_assert(tctx, (pwd != NULL), talloc_asprintf(tctx,
+		       "getpwuid(%lu) failed - %d - %s",
+		       (unsigned long)uid, ret, strerror(ret)));
+
+	print_passwd(pwd);
+
+	if (pwd_p != NULL) {
+		torture_assert(tctx, copy_passwd(tctx, pwd, pwd_p), __location__);
+	}
+
+	return true;
+}
+
+static bool test_getpwuid_r(struct torture_context *tctx,
+			    uid_t uid,
+			    struct passwd *pwd_p)
+{
+	struct passwd pwd, *pwdp;
+	char buffer[4096];
+	int ret;
+
+	torture_comment(tctx, "Testing getpwuid_r: %lu\n", (unsigned long)uid);
+
+	ret = getpwuid_r(uid, &pwd, buffer, sizeof(buffer), &pwdp);
+	torture_assert(tctx, ret == 0, talloc_asprintf(tctx,
+		       "getpwuid_r(%lu) failed - %d - %s",
+		       (unsigned long)uid, ret, strerror(ret)));
+
+	print_passwd(&pwd);
+
+	if (pwd_p != NULL) {
+		torture_assert(tctx, copy_passwd(tctx, &pwd, pwd_p), __location__);
+	}
+
+	return true;
+}
+
+
+static bool copy_group(struct torture_context *tctx,
+		       const struct group *grp,
+		       struct group *g)
+{
+	int i;
+
+	g->gr_name	= talloc_strdup(tctx, grp->gr_name);
+	torture_assert(tctx, (g->gr_name != NULL || grp->gr_name == NULL), __location__);
+	g->gr_passwd	= talloc_strdup(tctx, grp->gr_passwd);
+	torture_assert(tctx, (g->gr_passwd != NULL || grp->gr_passwd == NULL), __location__);
+	g->gr_gid	= grp->gr_gid;
+	g->gr_mem	= NULL;
+
+	for (i=0; grp->gr_mem && grp->gr_mem[i]; i++) {
+		g->gr_mem = talloc_realloc(tctx, g->gr_mem, char *, i + 2);
+		torture_assert(tctx, (g->gr_mem != NULL), __location__);
+		g->gr_mem[i] = talloc_strdup(g->gr_mem, grp->gr_mem[i]);
+		torture_assert(tctx, (g->gr_mem[i] != NULL), __location__);
+		g->gr_mem[i+1] = NULL;
+	}
+
+	return true;
+}
+
+static void print_group(struct group *grp)
+{
+	int i;
+	printf("%s:%s:%lu:",
+	       grp->gr_name,
+	       grp->gr_passwd,
+	       (unsigned long)grp->gr_gid);
+
+	if ((grp->gr_mem == NULL) || !grp->gr_mem[0]) {
+		printf("\n");
+		return;
+	}
+
+	for (i=0; grp->gr_mem[i+1]; i++) {
+		printf("%s,", grp->gr_mem[i]);
+	}
+	printf("%s\n", grp->gr_mem[i]);
+}
+
+static bool test_getgrnam(struct torture_context *tctx,
+			  const char *name,
+			  struct group *grp_p)
+{
+	struct group *grp;
+	int ret;
+
+	torture_comment(tctx, "Testing getgrnam: %s\n", name);
+
+	errno = 0;
+	grp = getgrnam(name);
+	ret = errno;
+	torture_assert(tctx, (grp != NULL), talloc_asprintf(tctx,
+		       "getgrnam(%s) failed - %d - %s",
+		       name, ret, strerror(ret)));
+
+	print_group(grp);
+
+	if (grp_p != NULL) {
+		torture_assert(tctx, copy_group(tctx, grp, grp_p), __location__);
+	}
+
+	return true;
+}
+
+static bool test_getgrnam_r(struct torture_context *tctx,
+			    const char *name,
+			    struct group *grp_p)
+{
+	struct group grp, *grpp;
+	char buffer[4096];
+	int ret;
+
+	torture_comment(tctx, "Testing getgrnam_r: %s\n", name);
+
+	ret = getgrnam_r(name, &grp, buffer, sizeof(buffer), &grpp);
+	torture_assert(tctx, ret == 0, talloc_asprintf(tctx,
+		       "getgrnam_r(%s) failed - %d - %s",
+		       name, ret, strerror(ret)));
+
+	print_group(&grp);
+
+	if (grp_p != NULL) {
+		torture_assert(tctx, copy_group(tctx, &grp, grp_p), __location__);
+	}
+
+	return true;
+}
+
+
+static bool test_getgrgid(struct torture_context *tctx,
+			  gid_t gid,
+			  struct group *grp_p)
+{
+	struct group *grp;
+	int ret;
+
+	torture_comment(tctx, "Testing getgrgid: %lu\n", (unsigned long)gid);
+
+	errno = 0;
+	grp = getgrgid(gid);
+	ret = errno;
+	torture_assert(tctx, (grp != NULL), talloc_asprintf(tctx,
+		       "getgrgid(%lu) failed - %d - %s",
+		       (unsigned long)gid, ret, strerror(ret)));
+
+	print_group(grp);
+
+	if (grp_p != NULL) {
+		torture_assert(tctx, copy_group(tctx, grp, grp_p), __location__);
+	}
+
+	return true;
+}
+
+static bool test_getgrgid_r(struct torture_context *tctx,
+			    gid_t gid,
+			    struct group *grp_p)
+{
+	struct group grp, *grpp;
+	char buffer[4096];
+	int ret;
+
+	torture_comment(tctx, "Testing getgrgid_r: %lu\n", (unsigned long)gid);
+
+	ret = getgrgid_r(gid, &grp, buffer, sizeof(buffer), &grpp);
+	torture_assert(tctx, ret == 0, talloc_asprintf(tctx,
+		       "getgrgid_r(%lu) failed - %d - %s",
+		       (unsigned long)gid, ret, strerror(ret)));
+
+	print_group(&grp);
+
+	if (grp_p != NULL) {
+		torture_assert(tctx, copy_group(tctx, &grp, grp_p), __location__);
+	}
+
+	return true;
+}
+
+static bool test_enum_passwd(struct torture_context *tctx,
+			     struct passwd **pwd_array_p,
+			     size_t *num_pwd_p)
+{
+	struct passwd *pwd;
+	struct passwd *pwd_array = NULL;
+	size_t num_pwd = 0;
+
+	torture_comment(tctx, "Testing setpwent\n");
+	setpwent();
+
+	while ((pwd = getpwent()) != NULL) {
+		torture_comment(tctx, "Testing getpwent\n");
+
+		print_passwd(pwd);
+		if (pwd_array_p && num_pwd_p) {
+			pwd_array = talloc_realloc(tctx, pwd_array, struct passwd, num_pwd+1);
+			torture_assert(tctx, pwd_array, "out of memory");
+			copy_passwd(tctx, pwd, &pwd_array[num_pwd]);
+			num_pwd++;
+		}
+	}
+
+	torture_comment(tctx, "Testing endpwent\n");
+	endpwent();
+
+	if (pwd_array_p) {
+		*pwd_array_p = pwd_array;
+	}
+	if (num_pwd_p) {
+		*num_pwd_p = num_pwd;
+	}
+
+	return true;
+}
+
+static bool test_enum_r_passwd(struct torture_context *tctx,
+			       struct passwd **pwd_array_p,
+			       size_t *num_pwd_p)
+{
+	struct passwd pwd, *pwdp;
+	struct passwd *pwd_array = NULL;
+	size_t num_pwd = 0;
+	char buffer[4096];
+	int ret;
+
+	torture_comment(tctx, "Testing setpwent\n");
+	setpwent();
+
+#ifdef HAVE_GETPWENT_R /* getpwent_r not supported on macOS */
+	while (1) {
+		torture_comment(tctx, "Testing getpwent_r\n");
+
+#ifdef SOLARIS_GETPWENT_R
+		ret = getpwent_r(&pwd, buffer, sizeof(buffer));
+#else /* SOLARIS_GETPWENT_R */
+		ret = getpwent_r(&pwd, buffer, sizeof(buffer), &pwdp);
+#endif /* SOLARIS_GETPWENT_R */
+		if (ret != 0) {
+			if (ret != ENOENT) {
+				torture_comment(tctx, "got %d return code\n", ret);
+			}
+			break;
+		}
+		print_passwd(&pwd);
+		if (pwd_array_p && num_pwd_p) {
+			pwd_array = talloc_realloc(tctx, pwd_array, struct passwd, num_pwd+1);
+			torture_assert(tctx, pwd_array, "out of memory");
+			copy_passwd(tctx, &pwd, &pwd_array[num_pwd]);
+			num_pwd++;
+		}
+	}
+#endif /* getpwent_r not supported on macOS */
+
+	torture_comment(tctx, "Testing endpwent\n");
+	endpwent();
+
+	if (pwd_array_p) {
+		*pwd_array_p = pwd_array;
+	}
+	if (num_pwd_p) {
+		*num_pwd_p = num_pwd;
+	}
+
+	return true;
+}
+
+static bool torture_assert_passwd_equal(struct torture_context *tctx,
+					const struct passwd *p1,
+					const struct passwd *p2,
+					const char *comment)
+{
+	torture_assert_str_equal(tctx, p1->pw_name, p2->pw_name, comment);
+	torture_assert_str_equal(tctx, p1->pw_passwd, p2->pw_passwd, comment);
+	torture_assert_int_equal(tctx, p1->pw_uid, p2->pw_uid, comment);
+	torture_assert_int_equal(tctx, p1->pw_gid, p2->pw_gid, comment);
+	torture_assert_str_equal(tctx, p1->pw_gecos, p2->pw_gecos, comment);
+	torture_assert_str_equal(tctx, p1->pw_dir, p2->pw_dir, comment);
+	torture_assert_str_equal(tctx, p1->pw_shell, p2->pw_shell, comment);
+
+	return true;
+}
+
+static bool test_passwd(struct torture_context *tctx)
+{
+	int i;
+	struct passwd *pwd, pwd1, pwd2;
+	size_t num_pwd;
+
+	torture_assert(tctx, test_enum_passwd(tctx, &pwd, &num_pwd),
+					      "failed to enumerate passwd");
+
+	for (i=0; i < num_pwd; i++) {
+		torture_assert(tctx, test_getpwnam(tctx, pwd[i].pw_name, &pwd1),
+			"failed to call getpwnam for enumerated user");
+		torture_assert(tctx, torture_assert_passwd_equal(tctx, &pwd[i], &pwd1,
+			"getpwent and getpwnam gave different results"),
+			__location__);
+		torture_assert(tctx, test_getpwuid(tctx, pwd[i].pw_uid, &pwd2),
+			"failed to call getpwuid for enumerated user");
+		torture_assert(tctx, torture_assert_passwd_equal(tctx, &pwd[i], &pwd2,
+			"getpwent and getpwuid gave different results"),
+			__location__);
+		torture_assert(tctx, torture_assert_passwd_equal(tctx, &pwd1, &pwd2,
+			"getpwnam and getpwuid gave different results"),
+			__location__);
+	}
+
+	return true;
+}
+
+static bool test_passwd_r(struct torture_context *tctx)
+{
+	int i;
+	struct passwd *pwd, pwd1, pwd2;
+	size_t num_pwd;
+
+	torture_assert(tctx, test_enum_r_passwd(tctx, &pwd, &num_pwd),
+						"failed to enumerate passwd");
+
+	for (i=0; i < num_pwd; i++) {
+		torture_assert(tctx, test_getpwnam_r(tctx, pwd[i].pw_name, &pwd1),
+			"failed to call getpwnam_r for enumerated user");
+		torture_assert(tctx, torture_assert_passwd_equal(tctx, &pwd[i], &pwd1,
+			"getpwent_r and getpwnam_r gave different results"),
+			__location__);
+		torture_assert(tctx, test_getpwuid_r(tctx, pwd[i].pw_uid, &pwd2),
+			"failed to call getpwuid_r for enumerated user");
+		torture_assert(tctx, torture_assert_passwd_equal(tctx, &pwd[i], &pwd2,
+			"getpwent_r and getpwuid_r gave different results"),
+			__location__);
+		torture_assert(tctx, torture_assert_passwd_equal(tctx, &pwd1, &pwd2,
+			"getpwnam_r and getpwuid_r gave different results"),
+			__location__);
+	}
+
+	return true;
+}
+
+static bool test_passwd_r_cross(struct torture_context *tctx)
+{
+	int i;
+	struct passwd *pwd, pwd1, pwd2, pwd3, pwd4;
+	size_t num_pwd;
+
+	torture_assert(tctx, test_enum_r_passwd(tctx, &pwd, &num_pwd),
+						"failed to enumerate passwd");
+
+	for (i=0; i < num_pwd; i++) {
+		torture_assert(tctx, test_getpwnam_r(tctx, pwd[i].pw_name, &pwd1),
+			"failed to call getpwnam_r for enumerated user");
+		torture_assert(tctx, torture_assert_passwd_equal(tctx, &pwd[i], &pwd1,
+			"getpwent_r and getpwnam_r gave different results"),
+			__location__);
+		torture_assert(tctx, test_getpwuid_r(tctx, pwd[i].pw_uid, &pwd2),
+			"failed to call getpwuid_r for enumerated user");
+		torture_assert(tctx, torture_assert_passwd_equal(tctx, &pwd[i], &pwd2,
+			"getpwent_r and getpwuid_r gave different results"),
+			__location__);
+		torture_assert(tctx, torture_assert_passwd_equal(tctx, &pwd1, &pwd2,
+			"getpwnam_r and getpwuid_r gave different results"),
+			__location__);
+		torture_assert(tctx, test_getpwnam(tctx, pwd[i].pw_name, &pwd3),
+			"failed to call getpwnam for enumerated user");
+		torture_assert(tctx, torture_assert_passwd_equal(tctx, &pwd[i], &pwd3,
+			"getpwent_r and getpwnam gave different results"),
+			__location__);
+		torture_assert(tctx, test_getpwuid(tctx, pwd[i].pw_uid, &pwd4),
+			"failed to call getpwuid for enumerated user");
+		torture_assert(tctx, torture_assert_passwd_equal(tctx, &pwd[i], &pwd4,
+			"getpwent_r and getpwuid gave different results"),
+			__location__);
+		torture_assert(tctx, torture_assert_passwd_equal(tctx, &pwd3, &pwd4,
+			"getpwnam and getpwuid gave different results"),
+			__location__);
+	}
+
+	return true;
+}
+
+static bool test_enum_group(struct torture_context *tctx,
+			    struct group **grp_array_p,
+			    size_t *num_grp_p)
+{
+	struct group *grp;
+	struct group *grp_array = NULL;
+	size_t num_grp = 0;
+
+	torture_comment(tctx, "Testing setgrent\n");
+	setgrent();
+
+	while ((grp = getgrent()) != NULL) {
+		torture_comment(tctx, "Testing getgrent\n");
+
+		print_group(grp);
+		if (grp_array_p && num_grp_p) {
+			grp_array = talloc_realloc(tctx, grp_array, struct group, num_grp+1);
+			torture_assert(tctx, grp_array, "out of memory");
+			copy_group(tctx, grp, &grp_array[num_grp]);
+			num_grp++;
+		}
+	}
+
+	torture_comment(tctx, "Testing endgrent\n");
+	endgrent();
+
+	if (grp_array_p) {
+		*grp_array_p = grp_array;
+	}
+	if (num_grp_p) {
+		*num_grp_p = num_grp;
+	}
+
+	return true;
+}
+
+static bool test_enum_r_group(struct torture_context *tctx,
+			      struct group **grp_array_p,
+			      size_t *num_grp_p)
+{
+	struct group grp, *grpp;
+	struct group *grp_array = NULL;
+	size_t num_grp = 0;
+	char buffer[4096];
+	int ret;
+
+	torture_comment(tctx, "Testing setgrent\n");
+	setgrent();
+
+#ifdef HAVE_GETGRENT_R /* getgrent_r not supported on macOS */
+	while (1) {
+		torture_comment(tctx, "Testing getgrent_r\n");
+
+#ifdef SOLARIS_GETGRENT_R
+		ret = getgrent_r(&grp, buffer, sizeof(buffer));
+#else /* SOLARIS_GETGRENT_R */
+		ret = getgrent_r(&grp, buffer, sizeof(buffer), &grpp);
+#endif /* SOLARIS_GETGRENT_R */
+		if (ret != 0) {
+			if (ret != ENOENT) {
+				torture_comment(tctx, "got %d return code\n", ret);
+			}
+			break;
+		}
+		print_group(&grp);
+		if (grp_array_p && num_grp_p) {
+			grp_array = talloc_realloc(tctx, grp_array, struct group, num_grp+1);
+			torture_assert(tctx, grp_array, "out of memory");
+			copy_group(tctx, &grp, &grp_array[num_grp]);
+			num_grp++;
+		}
+	}
+#endif /* getgrent_r not supported on macOS */
+
+	torture_comment(tctx, "Testing endgrent\n");
+	endgrent();
+
+	if (grp_array_p) {
+		*grp_array_p = grp_array;
+	}
+	if (num_grp_p) {
+		*num_grp_p = num_grp;
+	}
+
+	return true;
+}
+
+static bool torture_assert_group_equal(struct torture_context *tctx,
+				       const struct group *g1,
+				       const struct group *g2,
+				       const char *comment)
+{
+	int i;
+	torture_assert_str_equal(tctx, g1->gr_name, g2->gr_name, comment);
+	torture_assert_str_equal(tctx, g1->gr_passwd, g2->gr_passwd, comment);
+	torture_assert_int_equal(tctx, g1->gr_gid, g2->gr_gid, comment);
+	torture_assert(tctx, !(g1->gr_mem && !g2->gr_mem), __location__);
+	torture_assert(tctx, !(!g1->gr_mem && g2->gr_mem), __location__);
+	if (!g1->gr_mem && !g2->gr_mem) {
+		return true;
+	}
+	for (i=0; g1->gr_mem[i] && g2->gr_mem[i]; i++) {
+		torture_assert_str_equal(tctx, g1->gr_mem[i], g2->gr_mem[i], comment);
+	}
+
+	return true;
+}
+
+static bool test_group(struct torture_context *tctx)
+{
+	int i;
+	struct group *grp, grp1, grp2;
+	size_t num_grp;
+
+	torture_assert(tctx, test_enum_group(tctx, &grp, &num_grp),
+					     "failed to enumerate group");
+
+	for (i=0; i < num_grp; i++) {
+		torture_assert(tctx, test_getgrnam(tctx, grp[i].gr_name, &grp1),
+			"failed to call getgrnam for enumerated user");
+		torture_assert(tctx, torture_assert_group_equal(tctx, &grp[i], &grp1,
+			"getgrent and getgrnam gave different results"),
+			__location__);
+		torture_assert(tctx, test_getgrgid(tctx, grp[i].gr_gid, &grp2),
+			"failed to call getgrgid for enumerated user");
+		torture_assert(tctx, torture_assert_group_equal(tctx, &grp[i], &grp2,
+			"getgrent and getgrgid gave different results"),
+			__location__);
+		torture_assert(tctx, torture_assert_group_equal(tctx, &grp1, &grp2,
+			"getgrnam and getgrgid gave different results"),
+			__location__);
+	}
+
+	return true;
+}
+
+static bool test_group_r(struct torture_context *tctx)
+{
+	int i;
+	struct group *grp, grp1, grp2;
+	size_t num_grp;
+
+	torture_assert(tctx, test_enum_r_group(tctx, &grp, &num_grp),
+					       "failed to enumerate group");
+
+	for (i=0; i < num_grp; i++) {
+		torture_assert(tctx, test_getgrnam_r(tctx, grp[i].gr_name, &grp1),
+			"failed to call getgrnam_r for enumerated user");
+		torture_assert(tctx, torture_assert_group_equal(tctx, &grp[i], &grp1,
+			"getgrent_r and getgrnam_r gave different results"),
+			__location__);
+		torture_assert(tctx, test_getgrgid_r(tctx, grp[i].gr_gid, &grp2),
+			"failed to call getgrgid_r for enumerated user");
+		torture_assert(tctx, torture_assert_group_equal(tctx, &grp[i], &grp2,
+			"getgrent_r and getgrgid_r gave different results"),
+			__location__);
+		torture_assert(tctx, torture_assert_group_equal(tctx, &grp1, &grp2,
+			"getgrnam_r and getgrgid_r gave different results"),
+			__location__);
+	}
+
+	return true;
+}
+
+static bool test_group_r_cross(struct torture_context *tctx)
+{
+	int i;
+	struct group *grp, grp1, grp2, grp3, grp4;
+	size_t num_grp;
+
+	torture_assert(tctx, test_enum_r_group(tctx, &grp, &num_grp),
+					       "failed to enumerate group");
+
+	for (i=0; i < num_grp; i++) {
+		torture_assert(tctx, test_getgrnam_r(tctx, grp[i].gr_name, &grp1),
+			"failed to call getgrnam_r for enumerated user");
+		torture_assert(tctx, torture_assert_group_equal(tctx, &grp[i], &grp1,
+			"getgrent_r and getgrnam_r gave different results"),
+			__location__);
+		torture_assert(tctx, test_getgrgid_r(tctx, grp[i].gr_gid, &grp2),
+			"failed to call getgrgid_r for enumerated user");
+		torture_assert(tctx, torture_assert_group_equal(tctx, &grp[i], &grp2,
+			"getgrent_r and getgrgid_r gave different results"),
+			__location__);
+		torture_assert(tctx, torture_assert_group_equal(tctx, &grp1, &grp2,
+			"getgrnam_r and getgrgid_r gave different results"),
+			__location__);
+		torture_assert(tctx, test_getgrnam(tctx, grp[i].gr_name, &grp3),
+			"failed to call getgrnam for enumerated user");
+		torture_assert(tctx, torture_assert_group_equal(tctx, &grp[i], &grp3,
+			"getgrent_r and getgrnam gave different results"),
+			__location__);
+		torture_assert(tctx, test_getgrgid(tctx, grp[i].gr_gid, &grp4),
+			"failed to call getgrgid for enumerated user");
+		torture_assert(tctx, torture_assert_group_equal(tctx, &grp[i], &grp4,
+			"getgrent_r and getgrgid gave different results"),
+			__location__);
+		torture_assert(tctx, torture_assert_group_equal(tctx, &grp3, &grp4,
+			"getgrnam and getgrgid gave different results"),
+			__location__);
+	}
+
+	return true;
+}
+
+#ifdef HAVE_GETGROUPLIST
+static bool test_getgrouplist(struct torture_context *tctx,
+			      const char *user,
+			      gid_t gid,
+			      gid_t **gids_p,
+			      int *num_gids_p)
+{
+	int ret;
+	int num_groups = 0;
+	gid_t *groups = NULL;
+
+	torture_comment(tctx, "Testing getgrouplist: %s\n", user);
+
+	ret = getgrouplist(user, gid, NULL, &num_groups);
+	if (ret == -1 || num_groups != 0) {
+
+		groups = talloc_array(tctx, gid_t, num_groups);
+		torture_assert(tctx, groups, "out of memory\n");
+
+		ret = getgrouplist(user, gid, groups, &num_groups);
+	}
+
+	torture_assert(tctx, (ret != -1), "failed to call getgrouplist");
+
+	torture_comment(tctx, "%s is member in %d groups\n", user, num_groups);
+
+	if (gids_p) {
+		*gids_p = groups;
+	}
+	if (num_gids_p) {
+		*num_gids_p = num_groups;
+	}
+
+	return true;
+}
+#endif /* HAVE_GETGROUPLIST */
+
+static bool test_user_in_group(struct torture_context *tctx,
+			       const struct passwd *pwd,
+			       const struct group *grp)
+{
+	int i;
+
+	for (i=0; grp->gr_mem && grp->gr_mem[i] != NULL; i++) {
+		if (strequal(grp->gr_mem[i], pwd->pw_name)) {
+			return true;
+		}
+	}
+
+	return false;
+}
+
+static bool test_membership_user(struct torture_context *tctx,
+				 const struct passwd *pwd,
+				 struct group *grp_array,
+				 size_t num_grp)
+{
+	int num_user_groups = 0;
+	int num_user_groups_from_enum = 0;
+	gid_t *user_groups = NULL;
+	int g, i;
+	bool primary_group_had_user_member = false;
+
+	/*
+	 * For the local users ('LOCALADMEMBER') below, the test fails.
+	 * wb_queryuser() wrongly defaults the group sid to RID 513 i.e.
+	 * 'LOCALADMEMBER/domusers', but those users have a different group sid.
+	 *
+	 * The fix for wb_queryuser() is not part of this MR. It is a complex
+	 * task that needs to fill samlogon cache using S4USelf and will come
+	 * sometime later. Once wb_queryuser() gets fixed, this can be removed.
+	 */
+	if (strcmp(pwd->pw_name, "user1") == 0 ||
+	    strcmp(pwd->pw_name, "user2") == 0 ||
+	    strcmp(pwd->pw_name, "force_user") == 0 || pwd->pw_uid == 1000) {
+		return true;
+	}
+
+#ifdef HAVE_GETGROUPLIST
+	torture_assert(tctx, test_getgrouplist(tctx,
+					       pwd->pw_name,
+					       pwd->pw_gid,
+					       &user_groups,
+					       &num_user_groups),
+					       "failed to test getgrouplist");
+#endif /* HAVE_GETGROUPLIST */
+
+	for (g=0; g < num_user_groups; g++) {
+		torture_assert(tctx, test_getgrgid(tctx, user_groups[g], NULL),
+			"failed to find the group the user is a member of");
+	}
+
+
+	for (i=0; i < num_grp; i++) {
+
+		struct group grp = grp_array[i];
+
+		if (test_user_in_group(tctx, pwd, &grp)) {
+
+			struct group current_grp;
+			num_user_groups_from_enum++;
+
+			torture_assert(tctx, test_getgrnam(tctx, grp.gr_name, &current_grp),
+					"failed to find the group the user is a member of");
+
+			if (current_grp.gr_gid == pwd->pw_gid) {
+				torture_comment(tctx, "primary group %s of user %s lists user as member\n",
+						current_grp.gr_name,
+						pwd->pw_name);
+				primary_group_had_user_member = true;
+			}
+
+			continue;
+		}
+	}
+
+	if (!primary_group_had_user_member) {
+		num_user_groups_from_enum++;
+	}
+
+	torture_assert_int_equal(tctx, num_user_groups, num_user_groups_from_enum,
+		"getgrouplist and real inspection of grouplist gave different results\n");
+
+	return true;
+}
+
+static bool test_membership(struct torture_context *tctx)
+{
+	const char *old_pwd = getenv("NSS_WRAPPER_PASSWD");
+	const char *old_group = getenv("NSS_WRAPPER_GROUP");
+	struct passwd *pwd;
+	size_t num_pwd;
+	struct group *grp;
+	size_t num_grp;
+	int i;
+	const char *env = getenv("ENVNAME");
+
+	if (!old_pwd || !old_group) {
+		torture_comment(tctx, "ENV NSS_WRAPPER_PASSWD or NSS_WRAPPER_GROUP not set\n");
+		torture_skip(tctx, "nothing to test\n");
+	}
+
+	/*
+	 * test_membership_user() fails for ad_dc with error like this:
+	 *
+	 * WARNING!: ../../source4/torture/local/nss_tests.c:823:
+	 * num_user_groups was 3 (0x3), expected 2 (0x2): getgrouplist
+	 * and real inspection of grouplist gave different results
+
+	 * There are at least 3 reasons:
+
+	 * 1. For each ADDOMAIN user, there is also a group with the same name:
+
+$ bin/wbinfo --user-info ADDOMAIN/alice
+ADDOMAIN/alice:*:3000015:65531::/home/ADDOMAIN/alice:/bin/false
+
+$ bin/wbinfo --group-info ADDOMAIN/alice
+ADDOMAIN/alice:x:3000015:ADDOMAIN/alice
+
+	 * 2. ADDOMAIN/joe is the only user of "ADDOMAIN/Domain Users"
+	 * e.g. alice is not there:
+
+$ bin/wbinfo --group-info "ADDOMAIN/Domain users"
+ADDOMAIN/domain users:x:65531:ADDOMAIN/joe
+
+	 * 3. getgrouplist() for joe returns also "ADDOMAIN/samba users"
+	 * but "ADDOMAIN/samba users" is an empty group:
+
+$ bin/wbinfo --group-info "ADDOMAIN/samba users"
+ADDOMAIN/samba users:x:3000051:
+
+	 */
+
+	/* Only ad_member_idmap_rid sets 'winbind expand groups' */
+	if (strcmp(env, "ad_member_idmap_rid:local") != 0) {
+		torture_comment(tctx,
+				"Testing in env '%s' is not supported.\n",
+				env);
+		torture_skip(tctx, "nothing to test\n");
+		return true;
+	}
+
+	torture_assert(tctx, test_enum_passwd(tctx, &pwd, &num_pwd),
+					      "failed to enumerate passwd");
+	torture_assert(tctx, test_enum_group(tctx, &grp, &num_grp),
+					     "failed to enumerate group");
+
+	for (i=0; i < num_pwd; i++) {
+
+		torture_assert(tctx, test_membership_user(tctx, &pwd[i], grp, num_grp),
+			"failed to test membership for user");
+
+	}
+
+	return true;
+}
+
+static bool test_enumeration(struct torture_context *tctx)
+{
+	const char *old_pwd = getenv("NSS_WRAPPER_PASSWD");
+	const char *old_group = getenv("NSS_WRAPPER_GROUP");
+
+	if (!old_pwd || !old_group) {
+		torture_comment(tctx, "ENV NSS_WRAPPER_PASSWD or NSS_WRAPPER_GROUP not set\n");
+		torture_skip(tctx, "nothing to test\n");
+	}
+
+	torture_assert(tctx, test_passwd(tctx),
+			"failed to test users");
+	torture_assert(tctx, test_group(tctx),
+			"failed to test groups");
+
+	return true;
+}
+
+static bool test_reentrant_enumeration(struct torture_context *tctx)
+{
+	const char *old_pwd = getenv("NSS_WRAPPER_PASSWD");
+	const char *old_group = getenv("NSS_WRAPPER_GROUP");
+
+	if (!old_pwd || !old_group) {
+		torture_comment(tctx, "ENV NSS_WRAPPER_PASSWD or NSS_WRAPPER_GROUP not set\n");
+		torture_skip(tctx, "nothing to test\n");
+	}
+
+	torture_comment(tctx, "Testing re-entrant calls\n");
+
+	torture_assert(tctx, test_passwd_r(tctx),
+			"failed to test users");
+	torture_assert(tctx, test_group_r(tctx),
+			"failed to test groups");
+
+	return true;
+}
+
+static bool test_reentrant_enumeration_crosschecks(struct torture_context *tctx)
+{
+	const char *old_pwd = getenv("NSS_WRAPPER_PASSWD");
+	const char *old_group = getenv("NSS_WRAPPER_GROUP");
+
+	if (!old_pwd || !old_group) {
+		torture_comment(tctx, "ENV NSS_WRAPPER_PASSWD or NSS_WRAPPER_GROUP not set\n");
+		torture_skip(tctx, "nothing to test\n");
+	}
+
+	torture_comment(tctx, "Testing re-entrant calls with cross checks\n");
+
+	torture_assert(tctx, test_passwd_r_cross(tctx),
+			"failed to test users");
+	torture_assert(tctx, test_group_r_cross(tctx),
+			"failed to test groups");
+
+	return true;
+}
+
+static bool test_passwd_duplicates(struct torture_context *tctx)
+{
+	size_t i, d;
+	struct passwd *pwd;
+	size_t num_pwd;
+	int duplicates = 0;
+
+	torture_assert(tctx, test_enum_passwd(tctx, &pwd, &num_pwd),
+	    "failed to enumerate passwd");
+
+	for (i=0; i < num_pwd; i++) {
+		const char *current_name = pwd[i].pw_name;
+		for (d=0; d < num_pwd; d++) {
+			const char *dup_name = pwd[d].pw_name;
+			if (d == i) {
+				continue;
+			}
+			if (!strequal(current_name, dup_name)) {
+				continue;
+			}
+
+			torture_warning(tctx, "found duplicate names:");
+			print_passwd(&pwd[d]);
+			print_passwd(&pwd[i]);
+			duplicates++;
+		}
+	}
+
+	if (duplicates) {
+		torture_fail(tctx, talloc_asprintf(tctx, "found %d duplicate names", duplicates));
+	}
+
+	return true;
+}
+
+static bool test_group_duplicates(struct torture_context *tctx)
+{
+	size_t i, d;
+	struct group *grp;
+	size_t num_grp;
+	int duplicates = 0;
+
+	torture_assert(tctx, test_enum_group(tctx, &grp, &num_grp),
+		"failed to enumerate group");
+
+	for (i=0; i < num_grp; i++) {
+		const char *current_name = grp[i].gr_name;
+		for (d=0; d < num_grp; d++) {
+			const char *dup_name = grp[d].gr_name;
+			if (d == i) {
+				continue;
+			}
+			if (!strequal(current_name, dup_name)) {
+				continue;
+			}
+
+			torture_warning(tctx, "found duplicate names:");
+			print_group(&grp[d]);
+			print_group(&grp[i]);
+			duplicates++;
+		}
+	}
+
+	if (duplicates) {
+		torture_fail(tctx, talloc_asprintf(tctx, "found %d duplicate names", duplicates));
+	}
+
+	return true;
+}
+
+
+static bool test_duplicates(struct torture_context *tctx)
+{
+	const char *old_pwd = getenv("NSS_WRAPPER_PASSWD");
+	const char *old_group = getenv("NSS_WRAPPER_GROUP");
+
+	if (!old_pwd || !old_group) {
+		torture_comment(tctx, "ENV NSS_WRAPPER_PASSWD or NSS_WRAPPER_GROUP not set\n");
+		torture_skip(tctx, "nothing to test\n");
+	}
+
+	torture_assert(tctx, test_passwd_duplicates(tctx),
+			"failed to test users");
+	torture_assert(tctx, test_group_duplicates(tctx),
+			"failed to test groups");
+
+	return true;
+}
+
+
+struct torture_suite *torture_local_nss(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "nss");
+
+	torture_suite_add_simple_test(suite, "enumeration", test_enumeration);
+	torture_suite_add_simple_test(suite, "reentrant enumeration", test_reentrant_enumeration);
+	torture_suite_add_simple_test(suite, "reentrant enumeration crosschecks", test_reentrant_enumeration_crosschecks);
+	torture_suite_add_simple_test(suite, "membership", test_membership);
+	torture_suite_add_simple_test(suite, "duplicates", test_duplicates);
+
+	return suite;
+}
diff --git a/source4/torture/local/smbtorture_fullname.c b/source4/torture/local/smbtorture_fullname.c
new file mode 100644
index 0000000..875b3cf
--- /dev/null
+++ b/source4/torture/local/smbtorture_fullname.c
@@ -0,0 +1,31 @@
+#include "includes.h"
+#include "torture/smbtorture.h"
+#include "torture/local/proto.h"
+
+static bool test_smbtorture_always_pass(struct torture_context *tctx)
+{
+	return true;
+}
+
+struct torture_suite *torture_local_smbtorture(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "smbtorture");
+	struct torture_suite *suite_level1 = torture_suite_create(ctx,
+								   "level1");
+	struct torture_suite *suite_level2 = torture_suite_create(ctx,
+								   "level2");
+	struct torture_suite *suite_level3 = torture_suite_create(ctx,
+								  "level3");
+
+	torture_suite_add_suite(suite_level2, suite_level3);
+	torture_suite_add_suite(suite_level1, suite_level2);
+	torture_suite_add_suite(suite, suite_level1);
+
+	torture_suite_add_simple_test(suite_level3, "always_pass",
+				     test_smbtorture_always_pass);
+
+	suite->description = talloc_strdup(suite,
+				"smbtorture multilevel always pass test.");
+
+	return suite;
+}
diff --git a/source4/torture/local/torture.c b/source4/torture/local/torture.c
new file mode 100644
index 0000000..ca59ebf
--- /dev/null
+++ b/source4/torture/local/torture.c
@@ -0,0 +1,85 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   local testing of torture
+
+   Copyright (C) Jelmer Vernooij 2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/wait.h"
+#include "libcli/raw/libcliraw.h"
+#include "torture/util.h"
+#include "torture/local/proto.h"
+#include "param/provision.h"
+
+static bool test_tempdir(struct torture_context *tctx)
+{
+	char *location = NULL;
+	TALLOC_CTX *mem_ctx = tctx;
+	
+	torture_assert_ntstatus_ok(tctx, torture_temp_dir(mem_ctx, "tempdir", &location), 
+								"torture_temp_dir should return NT_STATUS_OK" );
+
+	torture_assert(tctx, directory_exist(location), 
+				   "created dir doesn't exist");
+	return true;
+}
+
+static bool test_provision(struct torture_context *tctx)
+{
+	NTSTATUS status;
+	struct provision_settings *settings = talloc_zero(tctx, struct provision_settings);
+	struct provision_result result;
+	char *targetdir = NULL;
+
+	torture_assert_ntstatus_ok(tctx, torture_temp_dir(tctx, "torture_provision", &targetdir), 
+				   "torture_temp_dir should return NT_STATUS_OK" );
+	settings->targetdir = talloc_steal(settings, targetdir);
+
+	settings->site_name = "SOME-SITE-NAME";
+	settings->root_dn_str = "DC=EXAMPLE,DC=COM";
+	settings->domain_dn_str = "DC=EXAMPLE,DC=COM";
+	settings->config_dn_str = NULL;
+	settings->schema_dn_str = NULL;
+	settings->invocation_id = NULL;
+	settings->netbios_name = "FOO";
+	settings->realm = "EXAMPLE.COM";
+	settings->domain = "EXAMPLE";
+	settings->netbios_name = "torture";
+	settings->ntds_dn_str = NULL;
+	settings->machine_password = "geheim";
+	settings->use_ntvfs = true;
+
+	status = provision_bare(settings, tctx->lp_ctx, settings, &result);
+			
+	torture_assert_ntstatus_ok(tctx, status, "provision");
+
+	torture_assert_str_equal(tctx, result.domaindn, "DC=EXAMPLE,DC=COM", 
+				 "domaindn incorrect");
+
+	return true;
+}
+
+struct torture_suite *torture_local_torture(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "torture");
+
+	torture_suite_add_simple_test(suite, "tempdir", test_tempdir);
+	torture_suite_add_simple_test(suite, "provision", test_provision);
+
+	return suite;
+}
diff --git a/source4/torture/local/verif_trailer.c b/source4/torture/local/verif_trailer.c
new file mode 100644
index 0000000..acbd69b
--- /dev/null
+++ b/source4/torture/local/verif_trailer.c
@@ -0,0 +1,99 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   test suite for DCE/RPC verification trailer parsing
+
+   Copyright (C) David Disseldorp 2014
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <unistd.h>
+
+#include "librpc/gen_ndr/security.h"
+#include "lib/param/param.h"
+#include "lib/util/dlinklist.h"
+#include "libcli/resolve/resolve.h"
+#include "librpc/gen_ndr/ndr_dcerpc.h"
+#include "librpc/rpc/rpc_common.h"
+#include "torture/torture.h"
+#include "torture/local/proto.h"
+
+/* VT blob obtained from an FSRVP request */
+uint8_t test_vt[] = {0x8a, 0xe3, 0x13, 0x71, 0x02, 0xf4, 0x36, 0x71,
+		     0x02, 0x40, 0x28, 0x00, 0x3c, 0x65, 0xe0, 0xa8,
+		     0x44, 0x27, 0x89, 0x43, 0xa6, 0x1d, 0x73, 0x73,
+		     0xdf, 0x8b, 0x22, 0x92, 0x01, 0x00, 0x00, 0x00,
+		     0x33, 0x05, 0x71, 0x71, 0xba, 0xbe, 0x37, 0x49,
+		     0x83, 0x19, 0xb5, 0xdb, 0xef, 0x9c, 0xcc, 0x36,
+		     0x01, 0x00, 0x00, 0x00};
+
+const char *vt_abstr_syntax = "a8e0653c-2744-4389-a61d-7373df8b2292/0x00000001";
+const char *vt_trans_syntax = "71710533-beba-4937-8319-b5dbef9ccc36/0x00000001";
+
+static bool test_verif_trailer_pctx(struct torture_context *tctx)
+{
+	DATA_BLOB blob;
+	bool ok;
+	struct dcerpc_sec_vt_pcontext pctx;
+	struct dcerpc_sec_verification_trailer *vt = NULL;
+	struct ndr_pull *ndr;
+	enum ndr_err_code ndr_err;
+	struct ndr_print *ndr_print;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	torture_assert(tctx, mem_ctx != NULL, "mem");
+
+	blob.data = test_vt;
+	blob.length = ARRAY_SIZE(test_vt);
+
+	ndr = ndr_pull_init_blob(&blob, mem_ctx);
+	torture_assert(tctx, ndr != NULL, "ndr");
+
+	ndr_err = ndr_pop_dcerpc_sec_verification_trailer(ndr, mem_ctx, &vt);
+	torture_assert(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), "ndr");
+
+	ndr_print = talloc_zero(mem_ctx, struct ndr_print);
+	torture_assert(tctx, ndr_print != NULL, "mem");
+	ndr_print->print = ndr_print_printf_helper;
+	ndr_print->depth = 1;
+
+	ndr_print_dcerpc_sec_verification_trailer(ndr_print,
+						  "Verification Trailer", vt);
+
+	ZERO_STRUCT(pctx);
+	ok = ndr_syntax_id_from_string(vt_abstr_syntax, &pctx.abstract_syntax);
+	torture_assert(tctx, ok, "vt_abstr_syntax");
+	ok = ndr_syntax_id_from_string(vt_trans_syntax, &pctx.transfer_syntax);
+	torture_assert(tctx, ok, "vt_trans_syntax");
+
+	ok = dcerpc_sec_verification_trailer_check(vt, NULL, &pctx, NULL);
+	torture_assert(tctx, ok, "VT check");
+
+	talloc_free(mem_ctx);
+
+	return true;
+}
+
+struct torture_suite *torture_local_verif_trailer(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx,
+							   "verif_trailer");
+
+	torture_suite_add_simple_test(suite,
+				      "pctx",
+				      test_verif_trailer_pctx);
+
+	return suite;
+}
diff --git a/source4/torture/local/wscript_build b/source4/torture/local/wscript_build
new file mode 100644
index 0000000..741f667
--- /dev/null
+++ b/source4/torture/local/wscript_build
@@ -0,0 +1,45 @@
+#!/usr/bin/env python
+
+provision = bld.pyembed_libname('PROVISION')
+
+TORTURE_LOCAL_SOURCE = '''../../../lib/util/charset/tests/iconv.c
+	../../../lib/talloc/testsuite.c ../../lib/messaging/tests/messaging.c
+	../../lib/messaging/tests/irpc.c ../../librpc/tests/binding_string.c
+	../../../lib/util/tests/idtree.c ../../../lib/util/tests/dlinklist.c
+	../../lib/socket/testsuite.c ../../libcli/resolve/testsuite.c
+	../../../lib/util/tests/strlist.c ../../../lib/util/tests/binsearch.c
+	../../../lib/util/tests/str.c ../../../lib/util/tests/time.c
+	../../../lib/util/tests/asn1_tests.c ../../../lib/util/tests/data_blob.c
+	../../../lib/util/tests/file.c ../../../lib/util/tests/genrand.c
+        ../../../lib/util/charset/tests/charset.c
+        ../../../lib/util/charset/tests/convert_string.c
+        ../../../lib/util/charset/tests/util_unistr.c
+	../../../lib/tdr/testsuite.c
+	../../../lib/tevent/testsuite.c ../../param/tests/share.c
+        ../../../lib/tevent/test_req.c
+	../../param/tests/loadparm.c local.c
+	dbspeed.c torture.c ../ldb/ldb.c ../../dsdb/common/tests/dsdb_dn.c
+	../../dsdb/schema/tests/schema_syntax.c
+	../../../lib/util/tests/anonymous_shared.c
+	../../../lib/util/tests/strv.c
+	../../../lib/util/tests/strv_util.c
+	../../../lib/util/tests/util.c
+	../../../lib/util/tests/util_str_escape.c
+	../../../lib/util/tests/tfork.c
+	verif_trailer.c
+	nss_tests.c
+        mdspkt.c
+	fsrvp_state.c
+	smbtorture_fullname.c'''
+
+TORTURE_LOCAL_DEPS = 'RPC_NDR_ECHO TDR LIBCLI_SMB MESSAGING iconv TORTURE_AUTH TORTURE_UTIL TORTURE_NDR TORTURE_LIBCRYPTO share torture_registry %s ldb samdb replace-test RPC_FSS_STATE util_str_escape' % provision
+
+bld.SAMBA_MODULE('TORTURE_LOCAL',
+	source=TORTURE_LOCAL_SOURCE,
+	autoproto='proto.h',
+	subsystem='smbtorture',
+	init_function='torture_local_init',
+	deps=TORTURE_LOCAL_DEPS,
+	internal_module=True,
+	enabled=bld.PYTHON_BUILD_IS_ENABLED()
+	)
diff --git a/source4/torture/locktest.c b/source4/torture/locktest.c
new file mode 100644
index 0000000..11701a9
--- /dev/null
+++ b/source4/torture/locktest.c
@@ -0,0 +1,700 @@
+/* 
+   Unix SMB/CIFS implementation.
+   randomised byte range lock tester
+   Copyright (C) Andrew Tridgell 1999
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/cmdline/cmdline.h"
+#include "lib/events/events.h"
+#include "system/filesys.h"
+#include "system/time.h"
+#include "auth/credentials/credentials.h"
+#include "auth/gensec/gensec.h"
+#include "libcli/libcli.h"
+#include "param/param.h"
+#include "libcli/resolve/resolve.h"
+
+static int numops = 1000;
+static int showall;
+static int analyze;
+static int hide_unlock_fails;
+static int use_oplocks;
+static unsigned int lock_range = 100;
+static unsigned int lock_base = 0;
+static unsigned int min_length = 0;
+static int exact_error_codes;
+static int zero_zero;
+
+#define FILENAME "\\locktest.dat"
+
+#define READ_PCT 50
+#define LOCK_PCT 45
+#define UNLOCK_PCT 70
+#define RANGE_MULTIPLE 1
+#define NSERVERS 2
+#define NCONNECTIONS 2
+#define NFILES 2
+#define LOCK_TIMEOUT 0
+
+static struct cli_credentials *servers[NSERVERS];
+
+enum lock_op {OP_LOCK, OP_UNLOCK, OP_REOPEN};
+
+struct record {
+	enum lock_op lock_op;
+	enum brl_type lock_type;
+	char conn, f;
+	uint64_t start, len;
+	char needed;
+	uint16_t pid;
+};
+
+#define PRESETS 0
+
+#if PRESETS
+static struct record preset[] = {
+{OP_LOCK, WRITE_LOCK, 0, 0, 2, 0, 1},
+{OP_LOCK, WRITE_LOCK, 0, 0, 0, 0, 1},
+{OP_LOCK, WRITE_LOCK, 0, 0, 3, 0, 1},
+{OP_UNLOCK, 0       , 0, 0, 2, 0, 1},
+{OP_REOPEN, 0, 0, 0, 0, 0, 1},
+
+{OP_LOCK, READ_LOCK, 0, 0, 2, 0, 1},
+{OP_LOCK, READ_LOCK, 0, 0, 1, 1, 1},
+{OP_LOCK, WRITE_LOCK, 0, 0, 0, 0, 1},
+{OP_REOPEN, 0, 0, 0, 0, 0, 1},
+
+{OP_LOCK, READ_LOCK, 0, 0, 2, 0, 1},
+{OP_LOCK, WRITE_LOCK, 0, 0, 3, 1, 1},
+{OP_LOCK, WRITE_LOCK, 0, 0, 0, 0, 1},
+{OP_REOPEN, 0, 0, 0, 0, 0, 1},
+
+{OP_LOCK, READ_LOCK, 0, 0, 2, 0, 1},
+{OP_LOCK, WRITE_LOCK, 0, 0, 1, 1, 1},
+{OP_LOCK, WRITE_LOCK, 0, 0, 0, 0, 1},
+{OP_REOPEN, 0, 0, 0, 0, 0, 1},
+
+{OP_LOCK, WRITE_LOCK, 0, 0, 2, 0, 1},
+{OP_LOCK, READ_LOCK, 0, 0, 1, 1, 1},
+{OP_LOCK, WRITE_LOCK, 0, 0, 0, 0, 1},
+{OP_REOPEN, 0, 0, 0, 0, 0, 1},
+
+{OP_LOCK, WRITE_LOCK, 0, 0, 2, 0, 1},
+{OP_LOCK, READ_LOCK, 0, 0, 3, 1, 1},
+{OP_LOCK, WRITE_LOCK, 0, 0, 0, 0, 1},
+{OP_REOPEN, 0, 0, 0, 0, 0, 1},
+
+};
+#endif
+
+static struct record *recorded;
+
+/***************************************************** 
+return a connection to a server
+*******************************************************/
+static struct smbcli_state *connect_one(struct tevent_context *ev,
+					struct loadparm_context *lp_ctx,
+					TALLOC_CTX *mem_ctx,
+					char *share, int snum, int conn)
+{
+	struct smbcli_state *c;
+	char *server, *myname;
+	NTSTATUS status;
+	int retries = 10;
+	struct smbcli_options options;
+	struct smbcli_session_options session_options;
+
+	lpcfg_smbcli_options(lp_ctx, &options);
+	lpcfg_smbcli_session_options(lp_ctx, &session_options);
+
+	printf("connect_one(%s, %d, %d)\n", share, snum, conn);
+
+	server = talloc_strdup(mem_ctx, share+2);
+	share = strchr_m(server,'\\');
+	if (!share) return NULL;
+	*share = 0;
+	share++;
+
+	if (snum == 0) {
+		char **unc_list = NULL;
+		int num_unc_names;
+		const char *p;
+		p = lpcfg_parm_string(lp_ctx, NULL, "torture", "unclist");
+		if (p) {
+			char *h, *s;
+			unc_list = file_lines_load(p, &num_unc_names, 0, NULL);
+			if (!unc_list || num_unc_names <= 0) {
+				printf("Failed to load unc names list from '%s'\n", p);
+				exit(1);
+			}
+
+			if (!smbcli_parse_unc(unc_list[conn % num_unc_names],
+					      NULL, &h, &s)) {
+				printf("Failed to parse UNC name %s\n",
+				       unc_list[conn % num_unc_names]);
+				exit(1);
+			}
+			server = talloc_strdup(mem_ctx, h);
+			share = talloc_strdup(mem_ctx, s);
+		}
+	}
+
+
+	myname = talloc_asprintf(mem_ctx, "lock-%d-%d", (int) getpid(), snum);
+	cli_credentials_set_workstation(servers[snum], myname, CRED_SPECIFIED);
+
+	do {
+		printf("\\\\%s\\%s\n", server, share);
+		status = smbcli_full_connection(NULL, &c, 
+						server, 
+						lpcfg_smb_ports(lp_ctx),
+						share, NULL,
+						lpcfg_socket_options(lp_ctx),
+						servers[snum], 
+						lpcfg_resolve_context(lp_ctx),
+						ev, &options, &session_options,
+						lpcfg_gensec_settings(mem_ctx, lp_ctx));
+		if (!NT_STATUS_IS_OK(status)) {
+			sleep(2);
+		}
+	} while (!NT_STATUS_IS_OK(status) && retries--);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return NULL;
+	}
+
+	return c;
+}
+
+
+static void reconnect(struct tevent_context *ev,
+		      struct loadparm_context *lp_ctx,
+			  TALLOC_CTX *mem_ctx,
+		      struct smbcli_state *cli[NSERVERS][NCONNECTIONS], int fnum[NSERVERS][NCONNECTIONS][NFILES],
+		      char *share[NSERVERS])
+{
+	int server, conn, f;
+
+	for (server=0;server<NSERVERS;server++)
+	for (conn=0;conn<NCONNECTIONS;conn++) {
+		if (cli[server][conn]) {
+			for (f=0;f<NFILES;f++) {
+				if (fnum[server][conn][f] != -1) {
+					smbcli_close(cli[server][conn]->tree, fnum[server][conn][f]);
+					fnum[server][conn][f] = -1;
+				}
+			}
+			talloc_free(cli[server][conn]);
+		}
+		cli[server][conn] = connect_one(ev, lp_ctx, mem_ctx, share[server],
+						server, conn);
+		if (!cli[server][conn]) {
+			DEBUG(0,("Failed to connect to %s\n", share[server]));
+			exit(1);
+		}
+	}
+}
+
+
+
+static bool test_one(struct smbcli_state *cli[NSERVERS][NCONNECTIONS], 
+		     int fnum[NSERVERS][NCONNECTIONS][NFILES],
+		     struct record *rec)
+{
+	unsigned int conn = rec->conn;
+	unsigned int f = rec->f;
+	uint64_t start = rec->start;
+	uint64_t len = rec->len;
+	enum brl_type op = rec->lock_type;
+	int server;
+	/* bool ret[NSERVERS]; */
+	NTSTATUS status[NSERVERS];
+
+	switch (rec->lock_op) {
+	case OP_LOCK:
+		/* set a lock */
+		for (server=0;server<NSERVERS;server++) {
+			NTSTATUS res;
+			struct smbcli_tree *tree=cli[server][conn]->tree;
+			int fn=fnum[server][conn][f];
+
+			if (!(tree->session->transport->negotiate.capabilities & CAP_LARGE_FILES)) {
+				res=smbcli_lock(tree, fn, start, len, LOCK_TIMEOUT, (enum brl_type) rec->lock_op);
+			} else {
+				union smb_lock parms;
+				int ltype;
+				struct smb_lock_entry lock[1];
+
+				parms.lockx.level = RAW_LOCK_LOCKX;
+				parms.lockx.in.file.fnum = fn;
+	
+				ltype = (rec->lock_type == READ_LOCK? 1 : 0);
+				ltype |= LOCKING_ANDX_LARGE_FILES;
+				parms.lockx.in.mode = ltype;
+				parms.lockx.in.timeout = LOCK_TIMEOUT;
+				parms.lockx.in.ulock_cnt = 0;
+				parms.lockx.in.lock_cnt = 1;
+				lock[0].pid = rec->pid;
+				lock[0].offset = start;
+				lock[0].count = len;
+				parms.lockx.in.locks = &lock[0];
+
+				res = smb_raw_lock(tree, &parms);
+			}
+
+			/* ret[server] = NT_STATUS_IS_OK(res); */
+			status[server] = res;
+			if (!exact_error_codes && 
+			    NT_STATUS_EQUAL(status[server], 
+					    NT_STATUS_FILE_LOCK_CONFLICT)) {
+				status[server] = NT_STATUS_LOCK_NOT_GRANTED;
+			}
+		}
+		if (showall || !NT_STATUS_EQUAL(status[0],status[1])) {
+			printf("lock   conn=%u f=%u range=%.0f(%.0f) op=%s -> %s:%s\n",
+			       conn, f, 
+			       (double)start, (double)len,
+			       op==READ_LOCK?"READ_LOCK":"WRITE_LOCK",
+			       nt_errstr(status[0]), nt_errstr(status[1]));
+		}
+		if (!NT_STATUS_EQUAL(status[0],status[1])) return false;
+		break;
+		
+	case OP_UNLOCK:
+		/* unset a lock */
+		for (server=0;server<NSERVERS;server++) {
+			NTSTATUS res;
+			struct smbcli_tree *tree=cli[server][conn]->tree;
+			int fn=fnum[server][conn][f];
+
+
+			if (!(tree->session->transport->negotiate.capabilities & CAP_LARGE_FILES)) {
+				res=smbcli_unlock(tree, fn, start, len);
+			} else {
+				union smb_lock parms;
+				struct smb_lock_entry lock[1];
+
+				parms.lockx.level = RAW_LOCK_LOCKX;
+				parms.lockx.in.file.fnum = fn;
+				parms.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+				parms.lockx.in.timeout = 0;
+				parms.lockx.in.ulock_cnt = 1;
+				parms.lockx.in.lock_cnt = 0;
+				lock[0].pid = rec->pid;
+				lock[0].count = len;
+				lock[0].offset = start;
+				parms.lockx.in.locks = &lock[0];
+
+				res = smb_raw_lock(tree, &parms);
+			}
+
+			/* ret[server] = NT_STATUS_IS_OK(res); */
+			status[server] = res;
+		}
+		if (showall || 
+		    (!hide_unlock_fails && !NT_STATUS_EQUAL(status[0],status[1]))) {
+			printf("unlock conn=%u f=%u range=%.0f(%.0f)       -> %s:%s\n",
+			       conn, f, 
+			       (double)start, (double)len,
+			       nt_errstr(status[0]), nt_errstr(status[1]));
+		}
+		if (!hide_unlock_fails && !NT_STATUS_EQUAL(status[0],status[1])) 
+			return false;
+		break;
+
+	case OP_REOPEN:
+		/* reopen the file */
+		for (server=0;server<NSERVERS;server++) {
+			smbcli_close(cli[server][conn]->tree, fnum[server][conn][f]);
+			fnum[server][conn][f] = -1;
+		}
+		for (server=0;server<NSERVERS;server++) {
+			fnum[server][conn][f] = smbcli_open(cli[server][conn]->tree, FILENAME,
+							 O_RDWR|O_CREAT,
+							 DENY_NONE);
+			if (fnum[server][conn][f] == -1) {
+				printf("failed to reopen on share%d\n", server);
+				return false;
+			}
+		}
+		if (showall) {
+			printf("reopen conn=%u f=%u\n",
+			       conn, f);
+		}
+		break;
+	}
+
+	return true;
+}
+
+static void close_files(struct smbcli_state *cli[NSERVERS][NCONNECTIONS], 
+			int fnum[NSERVERS][NCONNECTIONS][NFILES])
+{
+	int server, conn, f; 
+
+	for (server=0;server<NSERVERS;server++)
+	for (conn=0;conn<NCONNECTIONS;conn++)
+	for (f=0;f<NFILES;f++) {
+		if (fnum[server][conn][f] != -1) {
+			smbcli_close(cli[server][conn]->tree, fnum[server][conn][f]);
+			fnum[server][conn][f] = -1;
+		}
+	}
+	for (server=0;server<NSERVERS;server++) {
+		smbcli_unlink(cli[server][0]->tree, FILENAME);
+	}
+}
+
+static void open_files(struct smbcli_state *cli[NSERVERS][NCONNECTIONS], 
+		       int fnum[NSERVERS][NCONNECTIONS][NFILES])
+{
+	int server, conn, f; 
+
+	for (server=0;server<NSERVERS;server++)
+	for (conn=0;conn<NCONNECTIONS;conn++)
+	for (f=0;f<NFILES;f++) {
+		fnum[server][conn][f] = smbcli_open(cli[server][conn]->tree, FILENAME,
+						 O_RDWR|O_CREAT,
+						 DENY_NONE);
+		if (fnum[server][conn][f] == -1) {
+			fprintf(stderr,"Failed to open fnum[%u][%u][%u]\n",
+				server, conn, f);
+			exit(1);
+		}
+	}
+}
+
+
+static int retest(struct smbcli_state *cli[NSERVERS][NCONNECTIONS], 
+		   int fnum[NSERVERS][NCONNECTIONS][NFILES],
+		   int n)
+{
+	int i;
+	printf("Testing %u ...\n", n);
+	for (i=0; i<n; i++) {
+		if (i && i % 100 == 0) {
+			printf("%u\n", i);
+		}
+
+		if (recorded[i].needed &&
+		    !test_one(cli, fnum, &recorded[i])) return i;
+	}
+	return n;
+}
+
+
+/* each server has two connections open to it. Each connection has two file
+   descriptors open on the file - 8 file descriptors in total 
+
+   we then do random locking ops in tamdem on the 4 fnums from each
+   server and ensure that the results match
+ */
+static int test_locks(struct tevent_context *ev,
+		      struct loadparm_context *lp_ctx,
+		      TALLOC_CTX *mem_ctx,
+		      char *share[NSERVERS])
+{
+	struct smbcli_state *cli[NSERVERS][NCONNECTIONS];
+	int fnum[NSERVERS][NCONNECTIONS][NFILES];
+	int n, i, n1, skip, r1, r2; 
+
+	ZERO_STRUCT(fnum);
+	ZERO_STRUCT(cli);
+
+	recorded = malloc_array_p(struct record, numops);
+
+	for (n=0; n<numops; n++) {
+#if PRESETS
+		if (n < sizeof(preset) / sizeof(preset[0])) {
+			recorded[n] = preset[n];
+		} else {
+#endif
+			recorded[n].conn = random() % NCONNECTIONS;
+			recorded[n].f = random() % NFILES;
+			recorded[n].start = lock_base + ((unsigned int)random() % (lock_range-1));
+			recorded[n].len =  min_length +
+				random() % (lock_range-(recorded[n].start-lock_base));
+			recorded[n].start *= RANGE_MULTIPLE;
+			recorded[n].len *= RANGE_MULTIPLE;
+			recorded[n].pid = random()%3;
+			if (recorded[n].pid == 2) {
+				recorded[n].pid = 0xFFFF; /* see if its magic */
+			}
+			r1 = random() % 100;
+			r2 = random() % 100;
+			if (r1 < READ_PCT) {
+				recorded[n].lock_type = READ_LOCK;
+			} else {
+				recorded[n].lock_type = WRITE_LOCK;
+			}
+			if (r2 < LOCK_PCT) {
+				recorded[n].lock_op = OP_LOCK;
+			} else if (r2 < UNLOCK_PCT) {
+				recorded[n].lock_op = OP_UNLOCK;
+			} else {
+				recorded[n].lock_op = OP_REOPEN;
+			}
+			recorded[n].needed = true;
+			if (!zero_zero && recorded[n].start==0 && recorded[n].len==0) {
+				recorded[n].len = 1;
+			}
+#if PRESETS
+		}
+#endif
+	}
+
+	reconnect(ev, lp_ctx, mem_ctx, cli, fnum, share);
+	open_files(cli, fnum);
+	n = retest(cli, fnum, numops);
+
+	if (n == numops || !analyze) {
+		if (n != numops) {
+			return 1;
+		}
+		return 0;
+	}
+	n++;
+
+	skip = n/2;
+
+	while (1) {
+		n1 = n;
+
+		close_files(cli, fnum);
+		reconnect(ev, lp_ctx, mem_ctx, cli, fnum, share);
+		open_files(cli, fnum);
+
+		for (i=0;i<n-skip;i+=skip) {
+			int m, j;
+			printf("excluding %d-%d\n", i, i+skip-1);
+			for (j=i;j<i+skip;j++) {
+				recorded[j].needed = false;
+			}
+
+			close_files(cli, fnum);
+			open_files(cli, fnum);
+
+			m = retest(cli, fnum, n);
+			if (m == n) {
+				for (j=i;j<i+skip;j++) {
+					recorded[j].needed = true;
+				}
+			} else {
+				if (i+(skip-1) < m) {
+					memmove(&recorded[i], &recorded[i+skip],
+						(m-(i+skip-1))*sizeof(recorded[0]));
+				}
+				n = m-(skip-1);
+				i--;
+			}
+		}
+
+		if (skip > 1) {
+			skip = skip/2;
+			printf("skip=%d\n", skip);
+			continue;
+		}
+
+		if (n1 == n) break;
+	}
+
+	close_files(cli, fnum);
+	reconnect(ev, lp_ctx, mem_ctx, cli, fnum, share);
+	open_files(cli, fnum);
+	showall = true;
+	n1 = retest(cli, fnum, n);
+	if (n1 != n-1) {
+		printf("ERROR - inconsistent result (%u %u)\n", n1, n);
+	}
+	close_files(cli, fnum);
+
+	for (i=0;i<n;i++) {
+		printf("{%d, %d, %u, %u, %.0f, %.0f, %u},\n",
+		       recorded[i].lock_op,
+		       recorded[i].lock_type,
+		       recorded[i].conn,
+		       recorded[i].f,
+		       (double)recorded[i].start,
+		       (double)recorded[i].len,
+		       recorded[i].needed);
+	}	
+
+	return 1;
+}
+
+
+
+static void usage(poptContext pc)
+{
+	printf("Usage:\n\tlocktest //server1/share1 //server2/share2 [options..]\n");
+	poptPrintUsage(pc, stdout, 0);
+}
+
+/****************************************************************************
+  main program
+****************************************************************************/
+int main(int argc, const char *argv[])
+{
+	char *share[NSERVERS];
+	int opt;
+	int seed, server;
+	int username_count=0;
+	struct tevent_context *ev;
+	struct loadparm_context *lp_ctx;
+	poptContext pc;
+	int argc_new, i;
+	char **argv_new;
+	enum {
+		OPT_UNCLIST=1000,
+		OPT_USER1,
+		OPT_USER2,
+	};
+	struct poptOption long_options[] = {
+		POPT_AUTOHELP
+		{"seed",	  0, POPT_ARG_INT,  &seed, 	0,	"Seed to use for randomizer", 	NULL},
+		{"num-ops",	  0, POPT_ARG_INT,  &numops, 	0, 	"num ops",	NULL},
+		{"lockrange",     0, POPT_ARG_INT,  &lock_range,0,      "locking range", NULL},
+		{"lockbase",      0, POPT_ARG_INT,  &lock_base, 0,      "locking base", NULL},
+		{"minlength",     0, POPT_ARG_INT,  &min_length,0,      "min lock length", NULL},
+		{"hidefails",     0, POPT_ARG_NONE, &hide_unlock_fails,0,"hide unlock fails", NULL},
+		{"oplocks",       0, POPT_ARG_NONE, &use_oplocks,0,      "use oplocks", NULL},
+		{"showall",       0, POPT_ARG_NONE, &showall,    0,      "display all operations", NULL},
+		{"analyse",       0, POPT_ARG_NONE, &analyze,    0,      "do backtrack analysis", NULL},
+		{"zerozero",      0, POPT_ARG_NONE, &zero_zero,    0,      "do zero/zero lock", NULL},
+		{"exacterrors",   0, POPT_ARG_NONE, &exact_error_codes,0,"use exact error codes", NULL},
+		{"unclist",	  0, POPT_ARG_STRING,	NULL, 	OPT_UNCLIST,	"unclist", 	NULL},
+		{"user1",         0, POPT_ARG_STRING, NULL, OPT_USER1, "Set first network username", "[DOMAIN/]USERNAME[%PASSWORD]" },
+		{"user2",         0, POPT_ARG_STRING, NULL, OPT_USER2, "Set second network username", "[DOMAIN/]USERNAME[%PASSWORD]" },
+		POPT_COMMON_SAMBA
+		POPT_COMMON_CONNECTION
+		POPT_COMMON_CREDENTIALS
+		POPT_COMMON_VERSION
+		POPT_LEGACY_S4
+		POPT_TABLEEND
+	};
+	TALLOC_CTX *mem_ctx = NULL;
+	int ret = -1;
+	bool ok;
+
+	setlinebuf(stdout);
+	seed = time(NULL);
+
+	mem_ctx = talloc_named_const(NULL, 0, "locktest_ctx");
+	if (mem_ctx == NULL) {
+		printf("Unable to allocate locktest_ctx\n");
+		exit(1);
+	}
+
+	ok = samba_cmdline_init(mem_ctx,
+				SAMBA_CMDLINE_CONFIG_CLIENT,
+				false /* require_smbconf */);
+	if (!ok) {
+		DBG_ERR("Failed to init cmdline parser!\n");
+		TALLOC_FREE(mem_ctx);
+		exit(1);
+	}
+
+
+	pc = samba_popt_get_context("locktest",
+				    argc,
+				    argv,
+				    long_options,
+				    POPT_CONTEXT_KEEP_FIRST);
+	if (pc == NULL) {
+		DBG_ERR("Failed to setup popt context!\n");
+		TALLOC_FREE(mem_ctx);
+		exit(1);
+	}
+
+	poptSetOtherOptionHelp(pc, "<unc1> <unc2>");
+
+	lp_ctx = samba_cmdline_get_lp_ctx();
+
+	servers[0] = cli_credentials_init(mem_ctx);
+	servers[1] = cli_credentials_init(mem_ctx);
+	cli_credentials_guess(servers[0], lp_ctx);
+	cli_credentials_guess(servers[1], lp_ctx);
+
+	while((opt = poptGetNextOpt(pc)) != -1) {
+		switch (opt) {
+		case OPT_UNCLIST:
+			lpcfg_set_cmdline(lp_ctx, "torture:unclist", poptGetOptArg(pc));
+			break;
+		case OPT_USER1:
+			cli_credentials_parse_string(servers[0],
+						     poptGetOptArg(pc),
+						     CRED_SPECIFIED);
+			username_count++;
+			break;
+		case OPT_USER2:
+			cli_credentials_parse_string(servers[1],
+						     poptGetOptArg(pc),
+						     CRED_SPECIFIED);
+			username_count++;
+			break;
+		case POPT_ERROR_BADOPT:
+			fprintf(stderr, "\nInvalid option %s: %s\n\n",
+				poptBadOption(pc, 0), poptStrerror(opt));
+			poptPrintUsage(pc, stderr, 0);
+			exit(1);
+		}
+	}
+
+	argv_new = discard_const_p(char *, poptGetArgs(pc));
+	argc_new = argc;
+	for (i=0; i<argc; i++) {
+		if (argv_new[i] == NULL) {
+			argc_new = i;
+			break;
+		}
+	}
+
+	if (!(argc_new >= 3)) {
+		usage(pc);
+		exit(1);
+	}
+
+	setup_logging("locktest", DEBUG_STDOUT);
+
+	for (server=0;server<NSERVERS;server++) {
+		share[server] = argv_new[1+server];
+		all_string_sub(share[server],"/","\\",0);
+	}
+
+	if (username_count == 0) {
+		usage(pc);
+		poptFreeContext(pc);
+		return -1;
+	}
+	if (username_count == 1) {
+		servers[1] = servers[0];
+	}
+
+	ev = s4_event_context_init(mem_ctx);
+
+	gensec_init();
+
+	DEBUG(0,("seed=%u base=%d range=%d min_length=%d\n", 
+		 seed, lock_base, lock_range, min_length));
+	srandom(seed);
+
+	ret = test_locks(ev, lp_ctx, NULL, share);
+	poptFreeContext(pc);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
diff --git a/source4/torture/man/gentest.1.xml b/source4/torture/man/gentest.1.xml
new file mode 100644
index 0000000..65523f6
--- /dev/null
+++ b/source4/torture/man/gentest.1.xml
@@ -0,0 +1,162 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<refentry id="gentest.1">
+
+<refmeta>
+	<refentrytitle>gentest</refentrytitle>
+	<manvolnum>1</manvolnum>
+	<refmiscinfo class="source">Samba</refmiscinfo>
+	<refmiscinfo class="manual">Test Suite</refmiscinfo>
+	<refmiscinfo class="version">4.0</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+	<refname>gentest</refname>
+	<refpurpose>Run random generic SMB operations against two SMB servers 
+	and show the differences in behavior</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<cmdsynopsis>
+		<command>gentest</command>
+		<arg choice="req">//server1/share1</arg>
+		<arg choice="req">//server2/share2</arg>
+		<arg choice="req">-U user%pass</arg>
+		<arg choice="req">-U user%pass</arg>
+		<arg choice="opt">-s seed</arg>
+		<arg choice="opt">-o numops</arg>
+		<arg choice="opt">-a</arg>
+		<arg choice="opt">-A</arg>
+		<arg choice="opt">-i FILE</arg>
+		<arg choice="opt">-O</arg>
+		<arg choice="opt">-S FILE</arg>
+		<arg choice="opt">-L</arg>
+		<arg choice="opt">-F</arg>
+		<arg choice="opt">-C</arg>
+		<arg choice="opt">-X</arg>
+	</cmdsynopsis>
+	
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+
+	<para><application>gentest</application> is a utility for 
+		detecting differences in behaviour between SMB servers. 
+		It will run a random set of generic operations against 
+		<parameter>//server1/share1</parameter> and then the same 
+		random set against <parameter>//server2/share2</parameter>
+		and display the differences in the responses it gets.
+	</para>
+
+	<para>
+		This utility is used by the Samba team to find differences in 
+		behaviour between Samba and Windows servers. 
+	</para>
+</refsect1>
+
+
+<refsect1>
+	<title>OPTIONS</title>
+
+	<variablelist>
+		<varlistentry>
+			<term>-U user%pass</term>
+			<listitem><para>
+					Specify the user and password to use when logging on 
+					on the shares. This parameter is mandatory and has to 
+					be specified twice.
+			</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+			<term>-s seed</term>
+			<listitem><para>
+					Seed the random number generator with the specified value.
+			</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+			<term>-o numops</term>
+			<listitem><para>Set the number of operations to perform.</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+			<term>-a</term>
+			<listitem><para>Print the operations that are performed. </para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+			<term>-A</term>
+			<listitem><para>Backtrack to find minimal number of operations 
+					required to make the response to a certain call differ.
+			</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+			<term>-i FILE</term>
+			<listitem><para>
+					Specify a file containing the names of fields that 
+					have to be ignored (such as time fields). See 
+					below for a description of the file format.
+			</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+			<term>-O</term>
+			<listitem><para>Enable oplocks.</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+			<term>-S FILE</term>
+			<listitem><para>Set preset seeds file. The default is <filename>gentest_seeds.dat</filename>.</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+			<term>-L</term>
+			<listitem><para>Use preset seeds</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+			<term>-F</term>
+			<listitem><para>Fast reconnect (just close files)</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+			<term>-C</term>
+			<listitem><para>Continuous analysis mode</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+			<term>-X</term>
+			<listitem><para>Analyse even when the test succeeded.</para></listitem>
+		</varlistentry>
+	</variablelist>
+</refsect1>
+
+<refsect1>
+	<title>VERSION</title>
+
+	<para>This man page is correct for version 4.0 of the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+	<title>SEE ALSO</title>
+
+	<para>Samba</para>
+
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+
+	<para>This utility is part of the <ulink url="http://www.samba.org/">Samba</ulink> suite, which is developed by the global <ulink url="http://www.samba.org/samba/team/">Samba Team</ulink>.</para>
+
+	<para>gentest was written by Andrew Tridgell.</para>
+
+	<para>This manpage was written by Jelmer Vernooij.</para>
+	
+</refsect1>
+
+</refentry>
diff --git a/source4/torture/man/locktest.1.xml b/source4/torture/man/locktest.1.xml
new file mode 100644
index 0000000..3265823
--- /dev/null
+++ b/source4/torture/man/locktest.1.xml
@@ -0,0 +1,160 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<refentry id="locktest.1">
+
+<refmeta>
+	<refentrytitle>locktest</refentrytitle>
+	<manvolnum>1</manvolnum>
+	<refmiscinfo class="source">Samba</refmiscinfo>
+	<refmiscinfo class="manual">Test Suite</refmiscinfo>
+	<refmiscinfo class="version">4.0</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+	<refname>locktest</refname>
+	<refpurpose>Find differences in locking between two SMB servers</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<cmdsynopsis>
+		<command>locktest</command>
+		<arg choice="req">//server1/share1</arg>
+		<arg choice="req">//server2/share2</arg>
+		<arg choice="opt">-U user%pass</arg>
+		<arg choice="opt">-U user%pass</arg>
+		<arg choice="opt">-s seed</arg>
+		<arg choice="opt">-o numops</arg>
+		<arg choice="opt">-a</arg>
+		<arg choice="opt">-O</arg>
+		<arg choice="opt">-E</arg>
+		<arg choice="opt">-Z</arg>
+		<arg choice="opt">-R range</arg>
+		<arg choice="opt">-B base</arg>
+		<arg choice="opt">-M min</arg>
+	</cmdsynopsis>
+	
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+
+	<para><application>locktest</application> is a utility for 
+		detecting differences in behaviour in locking between SMB servers. 
+		It will run a random set of locking operations against 
+		<parameter>//server1/share1</parameter> and then the same 
+		random set against <parameter>//server2/share2</parameter>
+		and display the differences in the responses it gets.
+	</para>
+
+	<para>
+		This utility is used by the Samba team to find differences in 
+		behaviour between Samba and Windows servers. 
+	</para>
+</refsect1>
+
+
+<refsect1>
+	<title>OPTIONS</title>
+
+	<variablelist>
+		<varlistentry>
+			<term>-U user%pass</term>
+			<listitem><para>
+					Specify the user and password to use when logging on 
+					on the shares. This parameter can be specified twice 
+					(once for the first server, once for the second).
+			</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+			<term>-s seed</term>
+			<listitem><para>
+					Seed the random number generator with the specified value.
+			</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+			<term>-o numops</term>
+			<listitem><para>Set the number of operations to perform.</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+			<term>-a</term>
+			<listitem><para>Print the operations that are performed. </para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+			<term>-A</term>
+			<listitem><para>Backtrack to find minimal number of operations 
+					required to make the response to a certain call differ.
+			</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+			<term>-O</term>
+			<listitem><para>Enable oplocks.</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+			<term>-u</term>
+			<listitem><para>Hide unlock fails.</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+			<term>-E</term>
+			<listitem><para>enable exact error code checking</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+			<term>-Z</term>
+			<listitem><para>enable the zero/zero lock</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+			<term>-R range</term>
+			<listitem><para>set lock range</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+			<term>-B base</term>
+			<listitem><para>set lock base</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+			<term>-M min</term>
+			<listitem><para>set min lock length</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+			<term>-k</term>
+			<listitem><para>Use kerberos</para></listitem>
+		</varlistentry>
+	</variablelist>
+</refsect1>
+
+<refsect1>
+	<title>VERSION</title>
+
+	<para>This man page is correct for version 4.0 of the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+	<title>SEE ALSO</title>
+
+	<para>Samba</para>
+
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+
+	<para>This utility is part of the <ulink url="http://www.samba.org/">Samba</ulink> suite, which is developed by the global <ulink url="http://www.samba.org/samba/team/">Samba Team</ulink>.</para>
+
+	<para>locktest was written by Andrew Tridgell.</para>
+
+	<para>This manpage was written by Jelmer Vernooij.</para>
+	
+</refsect1>
+
+</refentry>
diff --git a/source4/torture/man/masktest.1.xml b/source4/torture/man/masktest.1.xml
new file mode 100644
index 0000000..9cd46e3
--- /dev/null
+++ b/source4/torture/man/masktest.1.xml
@@ -0,0 +1,142 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<refentry id="masktest.1">
+
+<refmeta>
+	<refentrytitle>masktest</refentrytitle>
+	<manvolnum>1</manvolnum>
+	<refmiscinfo class="source">Samba</refmiscinfo>
+	<refmiscinfo class="manual">Test Suite</refmiscinfo>
+	<refmiscinfo class="version">4.0</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+	<refname>masktest</refname>
+	<refpurpose>Find differences in wildcard matching between 
+	Samba's implementation and that of a remote server.</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<cmdsynopsis>
+		<command>masktest</command>
+		<arg choice="req">//server/share</arg>
+		<arg choice="opt">-U user%pass</arg>
+		<arg choice="opt">-d debuglevel</arg>
+		<arg choice="opt">-W workgroup</arg>
+		<arg choice="opt">-n numloops</arg>
+		<arg choice="opt">-s seed</arg>
+		<arg choice="opt">-a</arg>
+		<arg choice="opt">-E</arg>
+		<arg choice="opt">-M max protocol</arg>
+		<arg choice="opt">-f filechars</arg>
+		<arg choice="opt">-m maskchars</arg>
+		<arg choice="opt">-v</arg>
+	</cmdsynopsis>
+	
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+
+	<para><application>masktest</application> is a utility for 
+		detecting differences in behaviour between Samba's 
+		own implementation and that of a remote server.
+		It will run generate random filenames/masks and 
+		check if these match the same files they do on the remote file as 
+		they do on the local server. It will display any differences it finds.
+	</para>
+
+	<para>
+		This utility is used by the Samba team to find differences in 
+		behaviour between Samba and Windows servers. 
+	</para>
+</refsect1>
+
+
+<refsect1>
+	<title>OPTIONS</title>
+
+	<variablelist>
+		<varlistentry>
+			<term>-U user%pass</term>
+			<listitem><para>
+					Specify the user and password to use when logging on 
+					on the shares. This parameter can be specified twice 
+					(once for the first server, once for the second).
+			</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+			<term>-s seed</term>
+			<listitem><para>
+					Seed the random number generator with the specified value.
+			</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+			<term>-n numops</term>
+			<listitem><para>Set the number of operations to perform.</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+			<term>-a</term>
+			<listitem><para>Print the operations that are performed. </para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+			<term>-M max_protocol</term>
+			<listitem><para>
+					Maximum protocol to use.
+			</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+			<term>-f</term>
+			<listitem><para>Specify characters that can be used 
+					when generating file names. Default: abcdefghijklm.</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+			<term>-E</term>
+			<listitem><para>Abort when difference in behaviour is found.</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+			<term>-m maskchars</term>
+			<listitem><para>Specify characters used for wildcards.</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+			<term>-v</term>
+			<listitem><para>Be verbose</para></listitem>
+		</varlistentry>
+
+	</variablelist>
+</refsect1>
+
+<refsect1>
+	<title>VERSION</title>
+
+	<para>This man page is correct for version 4.0 of the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+	<title>SEE ALSO</title>
+
+	<para>Samba</para>
+
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+
+	<para>This utility is part of the <ulink url="http://www.samba.org/">Samba</ulink> suite, which is developed by the global <ulink url="http://www.samba.org/samba/team/">Samba Team</ulink>.</para>
+
+	<para>masktest was written by Andrew Tridgell.</para>
+
+	<para>This manpage was written by Jelmer Vernooij.</para>
+	
+</refsect1>
+
+</refentry>
diff --git a/source4/torture/man/smbtorture.1.xml b/source4/torture/man/smbtorture.1.xml
new file mode 100644
index 0000000..9d2f9c9
--- /dev/null
+++ b/source4/torture/man/smbtorture.1.xml
@@ -0,0 +1,253 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<refentry id="smbtorture.1">
+
+<refmeta>
+	<refentrytitle>smbtorture</refentrytitle>
+	<manvolnum>1</manvolnum>
+	<refmiscinfo class="source">Samba</refmiscinfo>
+	<refmiscinfo class="manual">Test Suite</refmiscinfo>
+	<refmiscinfo class="version">4.0</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+	<refname>smbtorture</refname>
+	<refpurpose>Run a series of tests against a SMB server</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<cmdsynopsis>
+		<command>smbtorture</command>
+		<arg choice="req">//server/share</arg>
+		<arg choice="opt">-d debuglevel</arg>
+		<arg choice="opt">-U user%pass</arg>
+		<arg choice="opt">-k</arg>
+		<arg choice="opt">-N numprocs</arg>
+		<arg choice="opt">-n netbios_name</arg>
+		<arg choice="opt">-W workgroup</arg>
+		<arg choice="opt">-e num files(entries)</arg>
+		<arg choice="opt">-O socket_options</arg>
+		<arg choice="opt">-m maximum_protocol</arg>
+		<arg choice="opt">-L</arg>
+		<arg choice="opt">-c CLIENT.TXT</arg>
+		<arg choice="opt">-t timelimit</arg>
+		<arg choice="opt">-C filename</arg>
+		<arg choice="opt">-A</arg>
+		<arg choice="opt">-p port</arg>
+		<arg choice="opt">-s seed</arg>
+		<arg choice="opt">-f max_failures</arg>
+		<arg choice="opt">-X</arg>
+		<arg choice="req">BINDING-STRING|UNC</arg>
+		<arg choice="req">TEST1</arg>
+		<arg choice="opt">TEST2</arg>
+		<arg choice="opt">...</arg>
+	</cmdsynopsis>
+	
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+
+	<para>smbtorture is a testsuite that runs several tests 
+		against a SMB server. All tests are known to succeed 
+		against a Windows 2003 server (?). Smbtorture's primary 
+		goal is finding differences in implementations of the SMB protocol 
+		and testing SMB servers.
+	</para>
+
+	<para>Any number of tests can be specified 
+		on the command-line. If no tests are specified, all tests 
+		are run. </para>
+
+	<para>If no arguments are specified at all, all available options 
+		and tests are listed.</para>
+
+	<refsect2>
+		<title>Binding string format</title>
+
+		<para>The binding string format is:</para>
+
+		<para>TRANSPORT:host[flags]</para>
+
+		<para>Where TRANSPORT is either ncacn_np for SMB, ncacn_ip_tcp for RPC/TCP or ncalrpc for local connections.
+		</para>
+
+		<para>
+		'host' is an IP or hostname or netbios name. If the binding string 
+		identifies the server side of an endpoint, 'host' may be an empty
+	  	string.
+		</para>
+
+		<para>
+		'flags' can include a SMB pipe name if using the ncacn_np transport or
+		a TCP port number if using the ncacn_ip_tcp transport, otherwise they
+		will be auto-determined.
+		</para>
+
+		<para>
+		other recognised flags are:
+		</para>
+
+	  <variablelist>
+		  <varlistentry><term>sign</term>
+			  <listitem><para>enable ntlmssp signing</para></listitem>
+		  </varlistentry>
+
+		  <varlistentry><term>seal</term>
+			  <listitem><para>enable ntlmssp sealing</para></listitem>
+		  </varlistentry>
+
+		  <varlistentry><term>connect</term>
+			  <listitem><para>enable rpc connect level auth (auth, but no sign or seal)</para></listitem>
+		  </varlistentry>
+
+		  <varlistentry><term>validate</term>
+			  <listitem><para>enable the NDR validator</para></listitem>
+		  </varlistentry>
+
+		  <varlistentry><term>print</term>
+			  <listitem><para>enable debugging of the packets</para></listitem>
+		  </varlistentry>
+
+		  <varlistentry><term>bigendian</term>
+			  <listitem><para>use bigendian RPC</para></listitem>
+		  </varlistentry>
+
+		  <varlistentry><term>padcheck</term>
+			  <listitem><para>check reply data for non-zero pad bytes</para></listitem>
+		  </varlistentry>
+	  </variablelist>
+
+	  <para>For example, these all connect to the samr pipe:</para>
+
+	  <itemizedlist>
+	    <listitem><para>ncacn_np:myserver</para></listitem>
+	    <listitem><para>ncacn_np:myserver[samr]</para></listitem>
+	    <listitem><para>ncacn_np:myserver[\\pipe\\samr]</para></listitem>
+	    <listitem><para>ncacn_np:myserver[/pipe/samr]</para></listitem>
+	    <listitem><para>ncacn_np:myserver[samr,sign,print]</para></listitem>
+	    <listitem><para>ncacn_np:myserver[\\pipe\\samr,sign,seal,bigendian]</para></listitem>
+	    <listitem><para>ncacn_np:myserver[/pipe/samr,seal,validate]</para></listitem>
+	    <listitem><para>ncacn_np:</para></listitem>
+	    <listitem><para>ncacn_np:[/pipe/samr]</para></listitem>
+	    <listitem><para>ncacn_ip_tcp:myserver</para></listitem>
+	    <listitem><para>ncacn_ip_tcp:myserver[1024]</para></listitem>
+	    <listitem><para>ncacn_ip_tcp:myserver[1024,sign,seal]</para></listitem>
+	    <listitem><para>ncalrpc:</para></listitem>
+	  </itemizedlist>
+
+	</refsect2>
+
+	<refsect2>
+		<title>UNC Format</title>
+
+		<para>The UNC format is:</para>
+
+		<para>//server/share</para>
+	</refsect2>
+
+</refsect1>
+
+
+<refsect1>
+	<title>OPTIONS</title>
+
+	<variablelist>
+		<varlistentry><term>-d debuglevel</term>
+			<listitem><para>Use the specified Samba debug level. A higher debug level 
+				means more output.</para></listitem>
+		</varlistentry>
+		<varlistentry><term>-U user%pass</term>
+			<listitem><para>Use the specified username/password combination when logging in to a remote server.</para></listitem>
+		</varlistentry>
+		<varlistentry><term>-k</term>
+			<listitem><para>Use kerberos when authenticating.</para></listitem>
+		</varlistentry>
+		<varlistentry><term>-W workgroup</term>
+			<listitem><para>Use specified name as our workgroup name.</para></listitem>
+		</varlistentry>
+		<varlistentry><term>-n netbios_name</term>
+			<listitem><para>Use specified name as our NetBIOS name.</para></listitem>
+		</varlistentry>
+
+		<varlistentry><term>-O socket_options</term>
+			<listitem><para>Use specified socket options, equivalent of the smb.conf option <quote>socket options</quote>. See the smb.conf(5) manpage for details.</para></listitem>
+		</varlistentry>
+
+		<varlistentry><term>-m max_protocol</term>
+			<listitem><para>Specify the maximum SMB dialect that should be used. Possible values are: CORE, COREPLUS, LANMAN1, LANMAN2, NT1</para></listitem>
+		</varlistentry>
+
+		<varlistentry><term>-s seed</term>
+			<listitem><para>Initialize the randomizer using <replaceable>seed</replaceable> as seed.</para></listitem>
+		</varlistentry>
+
+		<varlistentry><term>-L</term>
+			<listitem><para>Use oplocks.</para></listitem>
+		</varlistentry>
+
+		<varlistentry><term>-X</term>
+			<listitem><para>Enable dangerous tests. Use with care! This might crash your server...</para></listitem>
+		</varlistentry>
+
+		<varlistentry><term>-t timelimit</term>
+			<listitem><para>Specify the NBENCH time limit in seconds. Defaults to 600.</para></listitem>
+		</varlistentry>
+
+		<varlistentry><term>-p ports</term>
+			<listitem><para>Specify ports to connect to.</para></listitem>
+		</varlistentry>
+
+		<varlistentry><term>-c file</term>
+			<listitem><para>Read NBENCH commands from <replaceable>file</replaceable> instead of from CLIENT.TXT.</para></listitem>
+		</varlistentry>
+
+		<varlistentry><term>-A</term>
+			<listitem><para>Show not just OK or FAILED but more detailed 
+					output. Used only by DENY test at the moment.</para></listitem>
+		</varlistentry>
+
+		<varlistentry><term>-C filename</term>
+			<listitem><para>Load a list of UNC names from the specified filename. Smbtorture instances will connect to a random host from this list.</para></listitem>
+		</varlistentry>
+
+		<varlistentry><term>-N numprocs</term>
+			<listitem><para>Specify number of smbtorture processes to launch.</para></listitem>
+		</varlistentry>
+
+		<varlistentry><term>-e num_files</term>
+			<listitem><para>Number of entries to use in certain tests (such as creating X files) (default: 1000).</para></listitem>
+		</varlistentry>
+
+		<varlistentry><term>-f max_failures</term>
+			<listitem><para>Number of failures before aborting a test (default: 1).</para></listitem>
+		</varlistentry>
+	</variablelist>
+</refsect1>
+
+<refsect1>
+	<title>VERSION</title>
+
+	<para>This man page is correct for version 4.0 of the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+	<title>SEE ALSO</title>
+
+	<para>Samba</para>
+
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+
+	<para>This utility is part of the <ulink url="http://www.samba.org/">Samba</ulink> suite, which is developed by the global <ulink url="http://www.samba.org/samba/team/">Samba Team</ulink>.</para>
+
+	<para>smbtorture was written by Andrew Tridgell.</para>
+
+	<para>This manpage was written by Jelmer Vernooij.</para>
+	
+</refsect1>
+
+</refentry>
diff --git a/source4/torture/masktest.c b/source4/torture/masktest.c
new file mode 100644
index 0000000..e311769
--- /dev/null
+++ b/source4/torture/masktest.c
@@ -0,0 +1,418 @@
+/* 
+   Unix SMB/CIFS implementation.
+   mask_match tester
+   Copyright (C) Andrew Tridgell 1999
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/cmdline/cmdline.h"
+#include "system/filesys.h"
+#include "system/dir.h"
+#include "libcli/libcli.h"
+#include "system/time.h"
+#include "auth/credentials/credentials.h"
+#include "auth/gensec/gensec.h"
+#include "param/param.h"
+#include "libcli/resolve/resolve.h"
+#include "lib/events/events.h"
+
+static bool showall = false;
+static bool old_list = false;
+static const char *maskchars = "<>\"?*abc.";
+static const char *filechars = "abcdefghijklm.";
+static int die_on_error;
+static int NumLoops = 0;
+static int max_length = 20;
+struct masktest_state {
+	TALLOC_CTX *mem_ctx;
+};
+
+static bool reg_match_one(struct smbcli_state *cli, const char *pattern, const char *file)
+{
+	/* oh what a weird world this is */
+	if (old_list && strcmp(pattern, "*.*") == 0) return true;
+
+	if (ISDOT(pattern)) return false;
+
+	if (ISDOTDOT(file)) file = ".";
+
+	return ms_fnmatch_protocol(
+		pattern, file, cli->transport->negotiate.protocol, false)==0;
+}
+
+static char *reg_test(struct smbcli_state *cli, TALLOC_CTX *mem_ctx, const char *pattern, const char *long_name, const char *short_name)
+{
+	char *ret;
+	ret = talloc_strdup(mem_ctx, "---");
+
+	pattern = 1+strrchr_m(pattern,'\\');
+
+	if (reg_match_one(cli, pattern, ".")) ret[0] = '+';
+	if (reg_match_one(cli, pattern, "..")) ret[1] = '+';
+	if (reg_match_one(cli, pattern, long_name) || 
+	    (*short_name && reg_match_one(cli, pattern, short_name))) ret[2] = '+';
+	return ret;
+}
+
+
+/***************************************************** 
+return a connection to a server
+*******************************************************/
+static struct smbcli_state *connect_one(struct resolve_context *resolve_ctx, 
+					struct tevent_context *ev,
+					TALLOC_CTX *mem_ctx,
+					char *share, const char **ports,
+					const char *socket_options,
+					struct smbcli_options *options,
+					struct smbcli_session_options *session_options,
+					struct gensec_settings *gensec_settings)
+{
+	struct smbcli_state *c;
+	char *server;
+	NTSTATUS status;
+	struct cli_credentials *creds = samba_cmdline_get_creds();
+
+	server = talloc_strdup(mem_ctx, share+2);
+	share = strchr_m(server,'\\');
+	if (!share) return NULL;
+	*share = 0;
+	share++;
+
+	cli_credentials_set_workstation(creds,
+			"masktest", CRED_SPECIFIED);
+
+	status = smbcli_full_connection(NULL, &c,
+					server, 
+					ports,
+					share, NULL,
+					socket_options,
+					creds,
+					resolve_ctx, ev,
+					options, session_options,
+					gensec_settings);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return NULL;
+	}
+
+	return c;
+}
+
+static char *resultp;
+static struct {
+	char *long_name;
+	char *short_name;
+} last_hit;
+static bool f_info_hit;
+
+static void listfn(struct clilist_file_info *f, const char *s, void *state)
+{
+	struct masktest_state *m = (struct masktest_state *)state;
+
+	if (ISDOT(f->name)) {
+		resultp[0] = '+';
+	} else if (ISDOTDOT(f->name)) {
+		resultp[1] = '+';
+	} else {
+		resultp[2] = '+';
+	}
+
+	last_hit.long_name = talloc_strdup(m->mem_ctx, f->name);
+	last_hit.short_name = talloc_strdup(m->mem_ctx, f->short_name);
+	f_info_hit = true;
+}
+
+static void get_real_name(TALLOC_CTX *mem_ctx, struct smbcli_state *cli,
+			  char **long_name, char **short_name)
+{
+	const char *mask;
+	struct masktest_state state;
+
+	if (cli->transport->negotiate.protocol <= PROTOCOL_LANMAN1) {
+		mask = "\\masktest\\*.*";
+	} else {
+		mask = "\\masktest\\*";
+	}
+
+	f_info_hit = false;
+
+	state.mem_ctx = mem_ctx;
+
+	smbcli_list_new(cli->tree, mask,
+			FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_DIRECTORY,
+			RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO,
+			listfn, &state);
+
+	if (f_info_hit) {
+		*short_name = strlower_talloc(mem_ctx, last_hit.short_name);
+		*long_name = strlower_talloc(mem_ctx, last_hit.long_name);
+	}
+
+	if (*short_name[0] == '\0') {
+		*short_name = talloc_strdup(mem_ctx, *long_name);
+	}
+}
+
+static void testpair(TALLOC_CTX *mem_ctx, struct smbcli_state *cli, char *mask,
+		char *file)
+{
+	int fnum;
+	char res1[256];
+	char *res2;
+	static int count;
+	char *short_name = NULL;
+	char *long_name = NULL;
+	struct masktest_state state;
+
+	count++;
+
+	strlcpy(res1, "---", sizeof(res1));
+
+	state.mem_ctx = mem_ctx;
+
+	fnum = smbcli_open(cli->tree, file, O_CREAT|O_TRUNC|O_RDWR, 0);
+	if (fnum == -1) {
+		DEBUG(0,("Can't create %s\n", file));
+		return;
+	}
+	smbcli_close(cli->tree, fnum);
+
+	resultp = res1;
+	short_name = talloc_strdup(mem_ctx, "");
+	get_real_name(mem_ctx, cli, &long_name, &short_name);
+	strlcpy(res1, "---", sizeof(res1));
+	smbcli_list_new(cli->tree, mask,
+			FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_DIRECTORY,
+			RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO,
+			listfn, &state);
+
+	res2 = reg_test(cli, mem_ctx, mask, long_name, short_name);
+
+	if (showall || strcmp(res1, res2)) {
+		d_printf("%s %s %d mask=[%s] file=[%s] rfile=[%s/%s]\n",
+			 res1, res2, count, mask, file, long_name, short_name);
+		if (die_on_error) exit(1);
+	}
+
+	smbcli_unlink(cli->tree, file);
+
+	if (count % 100 == 0) DEBUG(0,("%d\n", count));
+
+	resultp = NULL;
+}
+
+static void test_mask(int argc, char *argv[],
+					  TALLOC_CTX *mem_ctx,
+		      struct smbcli_state *cli)
+{
+	char *mask, *file;
+	int l1, l2, i, l;
+	int mc_len = strlen(maskchars);
+	int fc_len = strlen(filechars);
+
+	smbcli_mkdir(cli->tree, "\\masktest");
+
+	smbcli_unlink_wcard(cli->tree, "\\masktest\\*");
+
+	if (argc >= 2) {
+		while (argc >= 2) {
+			mask = talloc_strdup(mem_ctx, "\\masktest\\");
+			file = talloc_strdup(mem_ctx, "\\masktest\\");
+			mask = talloc_strdup_append(mask, argv[0]);
+			file = talloc_strdup_append(file, argv[1]);
+			testpair(mem_ctx, cli, mask, file);
+			argv += 2;
+			argc -= 2;
+		}
+		goto finished;
+	}
+
+	while (1) {
+		l1 = 1 + random() % max_length;
+		l2 = 1 + random() % max_length;
+		mask = talloc_strdup(mem_ctx, "\\masktest\\");
+		file = talloc_strdup(mem_ctx, "\\masktest\\");
+		mask = talloc_realloc_size(mem_ctx, mask, strlen(mask)+l1+1);
+		file = talloc_realloc_size(mem_ctx, file, strlen(file)+l2+1);
+		l = strlen(mask);
+		for (i=0;i<l1;i++) {
+			mask[i+l] = maskchars[random() % mc_len];
+		}
+		mask[l+l1] = 0;
+
+		for (i=0;i<l2;i++) {
+			file[i+l] = filechars[random() % fc_len];
+		}
+		file[l+l2] = 0;
+
+		if (ISDOT(file+l) || ISDOTDOT(file+l) || ISDOTDOT(mask+l)) {
+			continue;
+		}
+
+		if (strspn(file+l, ".") == strlen(file+l)) continue;
+
+		testpair(mem_ctx, cli, mask, file);
+		if (NumLoops && (--NumLoops == 0))
+			break;
+	}
+
+ finished:
+	smbcli_rmdir(cli->tree, "\\masktest");
+}
+
+
+static void usage(poptContext pc)
+{
+	printf(
+"Usage:\n\
+  masktest //server/share [options..]\n\
+\n\
+  This program tests wildcard matching between two servers. It generates\n\
+  random pairs of filenames/masks and tests that they match in the same\n\
+  way on the servers and internally\n");
+	poptPrintUsage(pc, stdout, 0);
+}
+
+/****************************************************************************
+  main program
+****************************************************************************/
+int main(int argc, const char *argv[])
+{
+	char *share;
+	struct smbcli_state *cli;	
+	int opt;
+	int seed;
+	struct tevent_context *ev;
+	struct loadparm_context *lp_ctx;
+	struct smbcli_options options;
+	struct smbcli_session_options session_options;
+	poptContext pc;
+	int argc_new, i;
+	char **argv_new;
+	TALLOC_CTX *mem_ctx = NULL;
+	enum {OPT_UNCLIST=1000};
+	struct poptOption long_options[] = {
+		POPT_AUTOHELP
+		{"seed",	  0, POPT_ARG_INT,  &seed, 	0,	"Seed to use for randomizer", 	NULL},
+		{"num-ops",	  0, POPT_ARG_INT,  &NumLoops, 	0, 	"num ops",	NULL},
+		{"maxlength",	  0, POPT_ARG_INT,  &max_length,0, 	"maximum length",	NULL},
+		{"dieonerror",    0, POPT_ARG_NONE, &die_on_error, 0,   "die on errors", NULL},
+		{"showall",       0, POPT_ARG_NONE, &showall,    0,      "display all operations", NULL},
+		{"oldlist",       0, POPT_ARG_NONE, &old_list,    0,     "use old list call", NULL},
+		{"maskchars",	  0, POPT_ARG_STRING,	&maskchars,    0,"mask characters", 	NULL},
+		{"filechars",	  0, POPT_ARG_STRING,	&filechars,    0,"file characters", 	NULL},
+		POPT_COMMON_SAMBA
+		POPT_COMMON_CONNECTION
+		POPT_COMMON_CREDENTIALS
+		POPT_COMMON_VERSION
+		POPT_LEGACY_S4
+		POPT_TABLEEND
+	};
+	bool ok;
+
+	setlinebuf(stdout);
+	seed = time(NULL);
+
+	mem_ctx = talloc_named_const(NULL, 0, "masktest_ctx");
+	if (mem_ctx == NULL) {
+		exit(1);
+	}
+
+	ok = samba_cmdline_init(mem_ctx,
+				SAMBA_CMDLINE_CONFIG_CLIENT,
+				false /* require_smbconf */);
+	if (!ok) {
+		DBG_ERR("Failed to init cmdline parser!\n");
+		exit(1);
+	}
+
+	pc = samba_popt_get_context(getprogname(),
+				    argc,
+				    argv,
+				    long_options,
+				    POPT_CONTEXT_KEEP_FIRST);
+	if (pc == NULL) {
+		DBG_ERR("Failed to setup popt context!\n");
+		exit(1);
+	}
+
+	poptSetOtherOptionHelp(pc, "<unc>");
+
+	lp_ctx = samba_cmdline_get_lp_ctx();
+
+	while((opt = poptGetNextOpt(pc)) != -1) {
+		switch (opt) {
+		case OPT_UNCLIST:
+			lpcfg_set_cmdline(lp_ctx,
+					  "torture:unclist",
+					  poptGetOptArg(pc));
+			break;
+		case POPT_ERROR_BADOPT:
+			fprintf(stderr, "\nInvalid option %s: %s\n\n",
+				poptBadOption(pc, 0), poptStrerror(opt));
+			poptPrintUsage(pc, stderr, 0);
+			exit(1);
+		}
+	}
+
+	argv_new = discard_const_p(char *, poptGetArgs(pc));
+	argc_new = argc;
+	for (i=0; i<argc; i++) {
+		if (argv_new[i] == NULL) {
+			argc_new = i;
+			break;
+		}
+	}
+
+	if (!(argc_new >= 2)) {
+		usage(pc);
+		talloc_free(mem_ctx);
+		exit(1);
+	}
+
+	setup_logging("masktest", DEBUG_STDOUT);
+
+	share = argv_new[1];
+
+	all_string_sub(share,"/","\\",0);
+
+	ev = s4_event_context_init(mem_ctx);
+
+	gensec_init();
+
+	lpcfg_smbcli_options(lp_ctx, &options);
+	lpcfg_smbcli_session_options(lp_ctx, &session_options);
+
+	cli = connect_one(lpcfg_resolve_context(lp_ctx), ev, mem_ctx, share,
+			  lpcfg_smb_ports(lp_ctx), lpcfg_socket_options(lp_ctx),
+			  &options, &session_options,
+			  lpcfg_gensec_settings(mem_ctx, lp_ctx));
+	if (!cli) {
+		DEBUG(0,("Failed to connect to %s\n", share));
+		talloc_free(mem_ctx);
+		exit(1);
+	}
+
+	/* need to init seed after connect as clientgen uses random numbers */
+	DEBUG(0,("seed=%d     format --- --- (server, correct)\n", seed));
+	srandom(seed);
+
+	test_mask(argc_new-1, argv_new+1, mem_ctx, cli);
+
+	poptFreeContext(pc);
+	talloc_free(mem_ctx);
+	return(0);
+}
diff --git a/source4/torture/nbench/nbench.c b/source4/torture/nbench/nbench.c
new file mode 100644
index 0000000..05ff3ab
--- /dev/null
+++ b/source4/torture/nbench/nbench.c
@@ -0,0 +1,309 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB torture tester - NBENCH test
+   Copyright (C) Andrew Tridgell 1997-2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "torture/smbtorture.h"
+#include "system/filesys.h"
+#include "system/locale.h"
+#include "lib/util/smb_strtox.h"
+
+#include "torture/nbench/proto.h"
+
+int nbench_line_count = 0;
+static int timelimit = 600;
+static int warmup;
+static const char *loadfile;
+static int read_only;
+
+#define ival(s) strtoll(s, NULL, 0)
+
+static unsigned long nb_max_retries;
+
+#define NB_RETRY(op) \
+	for (n=0;n<=nb_max_retries && !op;n++) do_reconnect(&cli, tctx, client)
+
+static void do_reconnect(struct smbcli_state **cli, struct torture_context *tctx, int client)
+{
+	int n;
+	printf("[%d] Reconnecting client %d\n", nbench_line_count, client);
+	for (n=0;n<nb_max_retries;n++) {
+		if (nb_reconnect(cli, tctx, client)) {
+			printf("[%d] Reconnected client %d\n", nbench_line_count, client);
+			return;
+		}
+	}
+	printf("[%d] Failed to reconnect client %d\n", nbench_line_count, client);
+	nb_exit(1);
+}
+
+/* run a test that simulates an approximate netbench client load */
+static bool run_netbench(struct torture_context *tctx, struct smbcli_state *cli, int client)
+{
+	int torture_nprocs = torture_setting_int(tctx, "nprocs", 4);
+	int i;
+	char line[1024];
+	char *cname;
+	FILE *f;
+	bool correct = true;
+	double target_rate = torture_setting_double(tctx, "targetrate", 0);
+	int n = 0;
+	int ret;
+
+	if (target_rate != 0 && client == 0) {
+		printf("Targeting %.4f MByte/sec\n", target_rate);
+	}
+
+	nb_setup(cli, client);
+
+	if (torture_nprocs == 1) {
+		if (!read_only) {
+			NB_RETRY(torture_setup_dir(cli, "\\clients"));
+		}
+	}
+
+	ret = asprintf(&cname, "client%d", client+1);
+	if (ret == -1) {
+		return false;
+	}
+
+	f = fopen(loadfile, "r");
+
+	if (!f) {
+		perror(loadfile);
+		return false;
+	}
+
+again:
+	nbio_time_reset();
+
+	while (fgets(line, sizeof(line)-1, f)) {
+		NTSTATUS status;
+		const char **params0, **params;
+		unsigned long int tmp;
+		int error = 0;
+
+		nbench_line_count++;
+
+		if ((strlen(line) > 0) && line[strlen(line)-1] == '\n') {
+			line[strlen(line)-1] = 0;
+		}
+
+		all_string_sub(line, "client1", cname, sizeof(line));
+
+		params = params0 = const_str_list(
+					str_list_make_shell(NULL, line, " "));
+		i = str_list_length(params);
+
+		if (i > 0 && isdigit(params[0][0])) {
+			double targett = strtod(params[0], NULL);
+			if (target_rate != 0) {
+				nbio_target_rate(target_rate);
+			} else {
+				nbio_time_delay(targett);
+			}
+			params++;
+			i--;
+		} else if (target_rate != 0) {
+			nbio_target_rate(target_rate);
+		}
+
+		if (i < 2 || params[0][0] == '#') continue;
+
+		if (!strncmp(params[0],"SMB", 3)) {
+			printf("ERROR: You are using a dbench 1 load file\n");
+			nb_exit(1);
+		}
+
+		if (strncmp(params[i-1], "NT_STATUS_", 10) != 0 &&
+		    strncmp(params[i-1], "0x", 2) != 0) {
+			printf("Badly formed status at line %d\n", nbench_line_count);
+			talloc_free(params);
+			continue;
+		}
+
+		/* accept numeric or string status codes */
+		if (strncmp(params[i-1], "0x", 2) == 0) {
+			tmp = smb_strtoul(params[i-1],
+					  NULL,
+					  16,
+					  &error,
+					  SMB_STR_STANDARD);
+			if (error != 0) {
+				tmp = error;
+			}
+			status = NT_STATUS(tmp);
+		} else {
+			status = nt_status_string_to_code(params[i-1]);
+		}
+
+		DEBUG(9,("run_netbench(%d): %s %s\n", client, params[0], params[1]));
+
+		if (!strcmp(params[0],"NTCreateX")) {
+			NB_RETRY(nb_createx(params[1], ival(params[2]), ival(params[3]),
+					    ival(params[4]), status));
+		} else if (!strcmp(params[0],"Close")) {
+			NB_RETRY(nb_close(ival(params[1]), status));
+		} else if (!read_only && !strcmp(params[0],"Rename")) {
+			NB_RETRY(nb_rename(params[1], params[2], status, n>0));
+		} else if (!read_only && !strcmp(params[0],"Unlink")) {
+			NB_RETRY(nb_unlink(params[1], ival(params[2]), status, n>0));
+		} else if (!read_only && !strcmp(params[0],"Deltree")) {
+			NB_RETRY(nb_deltree(params[1], n>0));
+		} else if (!read_only && !strcmp(params[0],"Rmdir")) {
+			NB_RETRY(nb_rmdir(params[1], status, n>0));
+		} else if (!read_only && !strcmp(params[0],"Mkdir")) {
+			NB_RETRY(nb_mkdir(params[1], status, n>0));
+		} else if (!strcmp(params[0],"QUERY_PATH_INFORMATION")) {
+			NB_RETRY(nb_qpathinfo(params[1], ival(params[2]), status));
+		} else if (!strcmp(params[0],"QUERY_FILE_INFORMATION")) {
+			NB_RETRY(nb_qfileinfo(ival(params[1]), ival(params[2]), status));
+		} else if (!strcmp(params[0],"QUERY_FS_INFORMATION")) {
+			NB_RETRY(nb_qfsinfo(ival(params[1]), status));
+		} else if (!read_only && !strcmp(params[0],"SET_FILE_INFORMATION")) {
+			NB_RETRY(nb_sfileinfo(ival(params[1]), ival(params[2]), status));
+		} else if (!strcmp(params[0],"FIND_FIRST")) {
+			NB_RETRY(nb_findfirst(params[1], ival(params[2]),
+					      ival(params[3]), ival(params[4]), status));
+		} else if (!read_only && !strcmp(params[0],"WriteX")) {
+			NB_RETRY(nb_writex(ival(params[1]),
+					   ival(params[2]), ival(params[3]), ival(params[4]),
+					   status));
+		} else if (!read_only && !strcmp(params[0],"Write")) {
+			NB_RETRY(nb_write(ival(params[1]),
+					  ival(params[2]), ival(params[3]), ival(params[4]),
+					  status));
+		} else if (!strcmp(params[0],"LockX")) {
+			NB_RETRY(nb_lockx(ival(params[1]),
+					  ival(params[2]), ival(params[3]), status));
+		} else if (!strcmp(params[0],"UnlockX")) {
+			NB_RETRY(nb_unlockx(ival(params[1]),
+					    ival(params[2]), ival(params[3]), status));
+		} else if (!strcmp(params[0],"ReadX")) {
+			NB_RETRY(nb_readx(ival(params[1]),
+					  ival(params[2]), ival(params[3]), ival(params[4]),
+					  status));
+		} else if (!strcmp(params[0],"Flush")) {
+			NB_RETRY(nb_flush(ival(params[1]), status));
+		} else if (!strcmp(params[0],"Sleep")) {
+			nb_sleep(ival(params[1]), status);
+		} else {
+			printf("[%d] Unknown operation %s\n", nbench_line_count, params[0]);
+		}
+
+		if (n > nb_max_retries) {
+			printf("Maximum reconnect retries reached for op '%s'\n", params[0]);
+			nb_exit(1);
+		}
+
+		talloc_free(params0);
+
+		if (nb_tick()) goto done;
+	}
+
+	rewind(f);
+	goto again;
+
+done:
+	fclose(f);
+
+	if (!read_only && torture_nprocs == 1) {
+		smbcli_deltree(cli->tree, "\\clients");
+	}
+	if (!torture_close_connection(cli)) {
+		correct = false;
+	}
+
+	return correct;
+}
+
+
+/* run a test that simulates an approximate netbench client load */
+bool torture_nbench(struct torture_context *torture)
+{
+	bool correct = true;
+	int torture_nprocs = torture_setting_int(torture, "nprocs", 4);
+	struct smbcli_state *cli;
+	const char *p;
+
+	read_only = torture_setting_bool(torture, "readonly", false);
+
+	nb_max_retries = torture_setting_int(torture, "nretries", 1);
+
+	p = torture_setting_string(torture, "timelimit", NULL);
+	if (p && *p) {
+		timelimit = atoi(p);
+	}
+
+	warmup = timelimit / 20;
+
+	loadfile = torture_setting_string(torture, "loadfile", NULL);
+	if (!loadfile || !*loadfile) {
+		loadfile = "client.txt";
+	}
+
+	if (torture_nprocs > 1) {
+		if (!torture_open_connection(&cli, torture, 0)) {
+			return false;
+		}
+
+		if (!read_only && !torture_setup_dir(cli, "\\clients")) {
+			return false;
+		}
+	}
+
+	nbio_shmem(torture_nprocs, timelimit, warmup);
+
+	printf("Running for %d seconds with load '%s' and warmup %d secs\n",
+	       timelimit, loadfile, warmup);
+
+	/* we need to reset SIGCHLD here as the name resolution
+	   library may have changed it. We rely on correct signals
+	   from children in the main torture code which reaps
+	   children. This is why smbtorture BENCH-NBENCH was sometimes
+	   failing */
+	signal(SIGCHLD, SIG_DFL);
+
+
+	signal(SIGALRM, nb_alarm);
+	alarm(1);
+	torture_create_procs(torture, run_netbench, &correct);
+	alarm(0);
+
+	if (!read_only && torture_nprocs > 1) {
+		smbcli_deltree(cli->tree, "\\clients");
+	}
+
+	printf("\nThroughput %g MB/sec\n", nbio_result());
+	return correct;
+}
+
+NTSTATUS torture_nbench_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(
+						   ctx, "bench");
+
+	torture_suite_add_simple_test(suite, "nbench", torture_nbench);
+
+	suite->description = talloc_strdup(suite, "Benchmarks");
+
+	torture_register_suite(ctx, suite);
+	return NT_STATUS_OK;
+}
diff --git a/source4/torture/nbench/nbio.c b/source4/torture/nbench/nbio.c
new file mode 100644
index 0000000..1de988e
--- /dev/null
+++ b/source4/torture/nbench/nbio.c
@@ -0,0 +1,994 @@
+/*
+  TODO: add splitting of writes for servers with signing
+*/
+
+
+/* 
+   Unix SMB/CIFS implementation.
+   SMB torture tester
+   Copyright (C) Andrew Tridgell 1997-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/time.h"
+#include "system/filesys.h"
+#include "../lib/util/dlinklist.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "torture/nbench/proto.h"
+
+extern int nbench_line_count;
+static int nbio_id = -1;
+static int nprocs;
+static bool bypass_io;
+static struct timeval tv_start, tv_end;
+static int warmup, timelimit;
+static int in_cleanup;
+
+struct lock_info {
+	struct lock_info *next, *prev;
+	off_t offset;
+	int size;
+};
+
+struct createx_params {
+	char *fname;
+	unsigned int create_options;
+	unsigned int create_disposition;
+	int handle;
+};
+
+struct ftable {
+	struct ftable *next, *prev;
+	int fd;     /* the fd that we got back from the server */
+	int handle; /* the handle in the load file */
+	struct createx_params cp;
+	struct lock_info *locks;
+};
+
+static struct ftable *ftable;
+
+static struct {
+	double bytes, warmup_bytes;
+	int line;
+	int done;
+	bool connected;
+	double max_latency;
+	struct timeval starttime;
+} *children;
+
+static bool nb_do_createx(struct ftable *f,
+			  const char *fname,
+			  unsigned int create_options,
+			  unsigned int create_disposition,
+			  int handle,
+			  NTSTATUS status,
+			  bool retry);
+
+static bool nb_do_lockx(bool relock, int handle, off_t offset, int size, NTSTATUS status);
+
+static void nb_set_createx_params(struct ftable *f,
+				  const char *fname,
+				  unsigned int create_options,
+				  unsigned int create_disposition,
+				  int handle)
+{
+	struct createx_params *cp = &f->cp;
+
+	if (fname != NULL) {
+		cp->fname = talloc_strdup(f, fname);
+		if (cp->fname == NULL) {
+			perror("nb_set_createx_params: strdup");
+			nb_exit(1);
+		}
+	} else {
+		cp->fname = NULL;
+	}
+
+	cp->create_options = create_options;
+	cp->create_disposition = create_disposition;
+	cp->handle = handle;
+}
+
+static bool nb_reestablish_locks(struct ftable *f)
+{
+	struct lock_info *linfo = f->locks;
+
+	while (linfo != NULL) {
+		DEBUG(1,("nb_reestablish_locks: lock for file %d at %lu\n",
+			 f->handle, (unsigned long) linfo->offset));
+
+		if (!nb_do_lockx(true, f->handle, linfo->offset, linfo->size, NT_STATUS_OK)) {
+			printf("nb_reestablish_locks: failed to get lock for file %s at %lu\n",
+			       f->cp.fname, (unsigned long) linfo->offset);
+			return false;
+		}
+
+		linfo = linfo->next;
+	}
+
+	return true;
+}
+
+static bool nb_reopen_all_files(void)
+{
+	struct ftable *f = ftable;
+
+	while (f != NULL) {
+		DEBUG(1,("-- nb_reopen_all_files: opening %s (handle %d)\n",
+			 f->cp.fname, f->cp.handle));
+
+		if (!nb_do_createx(f,
+				   f->cp.fname,
+				   f->cp.create_options,
+				   f->cp.create_disposition,
+				   f->cp.handle,
+				   NT_STATUS_OK,
+				   true))
+		{
+			printf("-- nb_reopen_all_files: failed to open file %s\n", f->cp.fname);
+			return false;
+		}
+
+		if (!nb_reestablish_locks(f)) {
+			printf("--nb_reopen_all_files: failed to reestablish locks\n");
+			return false;
+		}
+
+		f = f->next;
+	}
+
+	return true;
+}
+
+bool nb_reconnect(struct smbcli_state **cli, struct torture_context *tctx, int client)
+{
+	children[client].connected = false;
+
+	if (*cli != NULL) {
+		talloc_free(*cli);
+	}
+
+	if (!torture_open_connection(cli, tctx, client)) {
+		printf("nb_reconnect: failed to connect\n");
+		*cli = NULL;
+		return false;
+	}
+
+	nb_setup(*cli, client);
+
+	if (!nb_reopen_all_files()) {
+		printf("nb_reconnect: failed to reopen files in client %d\n", client);
+		return false;
+	}
+
+	return true;
+}
+
+void nbio_target_rate(double rate)
+{
+	static double last_bytes;
+	static struct timeval last_time;
+	double tdelay;
+
+	if (last_bytes == 0) {
+		last_bytes = children[nbio_id].bytes;
+		last_time = timeval_current();
+		return;
+	}
+
+	tdelay = (children[nbio_id].bytes - last_bytes)/(1.0e6*rate) - timeval_elapsed(&last_time);
+	if (tdelay > 0) {
+		smb_msleep(tdelay*1000);
+	} else {
+		children[nbio_id].max_latency = MAX(children[nbio_id].max_latency, -tdelay);
+	}
+
+	last_time = timeval_current();
+	last_bytes = children[nbio_id].bytes;
+}
+
+void nbio_time_reset(void)
+{
+	children[nbio_id].starttime = timeval_current();	
+}
+
+void nbio_time_delay(double targett)
+{
+	double elapsed = timeval_elapsed(&children[nbio_id].starttime);
+	if (targett > elapsed) {
+		smb_msleep(1000*(targett - elapsed));
+	} else if (elapsed - targett > children[nbio_id].max_latency) {
+		children[nbio_id].max_latency = MAX(elapsed - targett, children[nbio_id].max_latency);
+	}
+}
+
+double nbio_result(void)
+{
+	int i;
+	double total = 0;
+	for (i=0;i<nprocs;i++) {
+		total += children[i].bytes - children[i].warmup_bytes;
+	}
+	return 1.0e-6 * total / timeval_elapsed2(&tv_start, &tv_end);
+}
+
+double nbio_latency(void)
+{
+	int i;
+	double max_latency = 0;
+	for (i=0;i<nprocs;i++) {
+		if (children[i].max_latency > max_latency) {
+			max_latency = children[i].max_latency;
+			children[i].max_latency = 0;
+		}
+	}
+	return max_latency;
+}
+
+bool nb_tick(void)
+{
+	return children[nbio_id].done;
+}
+
+
+void nb_alarm(int sig)
+{
+	int i;
+	int lines=0;
+	double t;
+	int in_warmup = 0;
+	int num_connected = 0;
+
+	if (nbio_id != -1) return;
+
+	for (i=0;i<nprocs;i++) {
+		if (children[i].connected) {
+			num_connected++;
+		}
+		if (children[i].bytes == 0) {
+			in_warmup = 1;
+		}
+		lines += children[i].line;
+	}
+
+	t = timeval_elapsed(&tv_start);
+
+	if (!in_warmup && warmup>0 && t > warmup) {
+		tv_start = timeval_current();
+		warmup = 0;
+		for (i=0;i<nprocs;i++) {
+			children[i].warmup_bytes = children[i].bytes;
+		}
+		goto next;
+	}
+	if (t < warmup) {
+		in_warmup = 1;
+	} else if (!in_warmup && !in_cleanup && t > timelimit) {
+		for (i=0;i<nprocs;i++) {
+			children[i].done = 1;
+		}
+		tv_end = timeval_current();
+		in_cleanup = 1;
+	}
+	if (t < 1) {
+		goto next;
+	}
+	if (!in_cleanup) {
+		tv_end = timeval_current();
+	}
+
+	if (in_warmup) {
+		printf("%4d  %8d  %.2f MB/sec  warmup %.0f sec   \n", 
+		       num_connected, lines/nprocs, 
+		       nbio_result(), t);
+	} else if (in_cleanup) {
+		printf("%4d  %8d  %.2f MB/sec  cleanup %.0f sec   \n", 
+		       num_connected, lines/nprocs, 
+		       nbio_result(), t);
+	} else {
+		printf("%4d  %8d  %.2f MB/sec  execute %.0f sec  latency %.2f msec \n", 
+		       num_connected, lines/nprocs, 
+		       nbio_result(), t, nbio_latency() * 1.0e3);
+	}
+
+	fflush(stdout);
+next:
+	signal(SIGALRM, nb_alarm);
+	alarm(1);	
+}
+
+void nbio_shmem(int n, int t_timelimit, int t_warmup)
+{
+	nprocs = n;
+	children = anonymous_shared_allocate(sizeof(*children) * nprocs);
+	if (!children) {
+		printf("Failed to setup shared memory!\n");
+		nb_exit(1);
+	}
+	memset(children, 0, sizeof(*children) * nprocs);
+	timelimit = t_timelimit;
+	warmup = t_warmup;
+	in_cleanup = 0;
+	tv_start = timeval_current();
+}
+
+static struct lock_info* find_lock(struct lock_info *linfo, off_t offset, int size)
+{
+	while (linfo != NULL) {
+		if (linfo->offset == offset &&
+		    linfo->size == size)
+		{
+			return linfo;
+		}
+
+		linfo = linfo->next;
+	}
+
+	return NULL;
+}
+
+static struct ftable *find_ftable(int handle)
+{
+	struct ftable *f;
+
+	for (f=ftable;f;f=f->next) {
+		if (f->handle == handle) return f;
+	}
+	return NULL;
+}
+
+static int find_handle(int handle, struct ftable **f_ret)
+{
+	struct ftable *f;
+
+	if (f_ret != NULL)
+		*f_ret = NULL;
+
+	children[nbio_id].line = nbench_line_count;
+
+	f = find_ftable(handle);
+	if (f) {
+		if (f_ret != NULL)
+			*f_ret = f;
+		return f->fd;
+	}
+	printf("(%d) ERROR: handle %d was not found\n", 
+	       nbench_line_count, handle);
+	nb_exit(1);
+
+	return -1;		/* Not reached */
+}
+
+
+
+static struct smbcli_state *c;
+
+/*
+  a handler function for oplock break requests
+*/
+static bool oplock_handler(struct smbcli_transport *transport, uint16_t tid, 
+			   uint16_t fnum, uint8_t level, void *private_data)
+{
+	struct smbcli_tree *tree = (struct smbcli_tree *)private_data;
+	return smbcli_oplock_ack(tree, fnum, OPLOCK_BREAK_TO_NONE);
+}
+
+void nb_setup(struct smbcli_state *cli, int id)
+{
+	nbio_id = id;
+	c = cli;
+	if (bypass_io)
+		printf("skipping I/O\n");
+
+	if (cli) {
+		smbcli_oplock_handler(cli->transport, oplock_handler, cli->tree);
+	}
+
+	children[id].connected = true;
+}
+
+
+static bool check_status(const char *op, NTSTATUS status, NTSTATUS ret)
+{
+	if ((NT_STATUS_EQUAL(ret, NT_STATUS_END_OF_FILE) ||
+	     NT_STATUS_EQUAL(ret, NT_STATUS_NET_WRITE_FAULT) ||
+	     NT_STATUS_EQUAL(ret, NT_STATUS_CONNECTION_RESET)) 
+		&& !NT_STATUS_EQUAL (status, ret))
+	{
+		return false;
+	}
+
+	if (!NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(ret)) {
+		printf("[%d] Error: %s should have failed with %s\n", 
+		       nbench_line_count, op, nt_errstr(status));
+		nb_exit(1);
+	}
+
+	if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(ret)) {
+		printf("[%d] Error: %s should have succeeded - %s\n", 
+		       nbench_line_count, op, nt_errstr(ret));
+		nb_exit(1);
+	}
+
+	if (!NT_STATUS_EQUAL(status, ret)) {
+		printf("[%d] Warning: got status %s but expected %s\n",
+		       nbench_line_count, nt_errstr(ret), nt_errstr(status));
+	}
+
+	return true;
+}
+
+
+bool nb_unlink(const char *fname, int attr, NTSTATUS status, bool retry)
+{
+	union smb_unlink io;
+	NTSTATUS ret;
+
+	io.unlink.in.pattern = fname;
+
+	io.unlink.in.attrib = FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN;
+	if (strchr(fname, '*') == 0) {
+		io.unlink.in.attrib |= FILE_ATTRIBUTE_DIRECTORY;
+	}
+
+	ret = smb_raw_unlink(c->tree, &io);
+
+	if (!retry)
+		return check_status("Unlink", status, ret);
+
+	return true;
+}
+
+static bool nb_do_createx(struct ftable *f,
+			  const char *fname,
+			  unsigned int create_options,
+			  unsigned int create_disposition,
+			  int handle,
+			  NTSTATUS status,
+			  bool retry)
+{
+	union smb_open io;	
+	uint32_t desired_access;
+	NTSTATUS ret;
+	TALLOC_CTX *mem_ctx;
+	unsigned int flags = 0;
+
+	mem_ctx = talloc_init("raw_open");
+
+	if (create_options & NTCREATEX_OPTIONS_DIRECTORY) {
+		desired_access = SEC_FILE_READ_DATA;
+	} else {
+		desired_access = 
+			SEC_FILE_READ_DATA | 
+			SEC_FILE_WRITE_DATA |
+			SEC_FILE_READ_ATTRIBUTE |
+			SEC_FILE_WRITE_ATTRIBUTE;
+		flags = NTCREATEX_FLAGS_EXTENDED |
+			NTCREATEX_FLAGS_REQUEST_OPLOCK | 
+			NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	}
+
+	io.ntcreatex.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.flags = flags;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = desired_access;
+	io.ntcreatex.in.file_attr = 0;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.open_disposition = create_disposition;
+	io.ntcreatex.in.create_options = create_options;
+	io.ntcreatex.in.impersonation = 0;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	if (retry) {
+		/* Reopening after a disconnect. */
+		io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	} else
+	if (f != NULL &&
+	    f->cp.create_disposition == NTCREATEX_DISP_CREATE &&
+	    NT_STATUS_IS_OK(status))
+	{
+		/* Reopening after nb_createx() error. */
+		io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	}
+
+	ret = smb_raw_open(c->tree, mem_ctx, &io);
+
+	talloc_free(mem_ctx);
+
+	if (!check_status("NTCreateX", status, ret))
+		return false;
+
+	if (!NT_STATUS_IS_OK(ret))
+		return true;
+
+	if (f == NULL) {
+		f = talloc (NULL, struct ftable);
+		f->locks = NULL;
+		nb_set_createx_params(f, fname, create_options, create_disposition, handle);
+		DLIST_ADD_END(ftable, f);
+	}
+
+	f->handle = handle;
+	f->fd = io.ntcreatex.out.file.fnum;
+
+	return true;
+}
+
+bool nb_createx(const char *fname, 
+	       unsigned int create_options, unsigned int create_disposition, int handle,
+	       NTSTATUS status)
+{
+	return nb_do_createx(NULL, fname, create_options, create_disposition, handle, status, false);
+}
+
+bool nb_writex(int handle, off_t offset, int size, int ret_size, NTSTATUS status)
+{
+	union smb_write io;
+	int i;
+	NTSTATUS ret;
+	uint8_t *buf;
+
+	i = find_handle(handle, NULL);
+
+	if (bypass_io)
+		return true;
+
+	buf = malloc(size);
+	memset(buf, 0xab, size);
+
+	io.writex.level = RAW_WRITE_WRITEX;
+	io.writex.in.file.fnum = i;
+	io.writex.in.wmode = 0;
+	io.writex.in.remaining = 0;
+	io.writex.in.offset = offset;
+	io.writex.in.count = size;
+	io.writex.in.data = buf;
+
+	ret = smb_raw_write(c->tree, &io);
+
+	free(buf);
+
+	if (!check_status("WriteX", status, ret))
+		return false;
+
+	if (NT_STATUS_IS_OK(ret) && io.writex.out.nwritten != ret_size) {
+		printf("[%d] Warning: WriteX got count %d expected %d\n", 
+		       nbench_line_count,
+		       io.writex.out.nwritten, ret_size);
+	}	
+
+	children[nbio_id].bytes += ret_size;
+
+	return true;
+}
+
+bool nb_write(int handle, off_t offset, int size, int ret_size, NTSTATUS status)
+{
+	union smb_write io;
+	int i;
+	NTSTATUS ret;
+	uint8_t *buf;
+
+	i = find_handle(handle, NULL);
+
+	if (bypass_io)
+		return true;
+
+	buf = malloc(size);
+
+	memset(buf, 0x12, size);
+
+	io.write.level = RAW_WRITE_WRITE;
+	io.write.in.file.fnum = i;
+	io.write.in.remaining = 0;
+	io.write.in.offset = offset;
+	io.write.in.count = size;
+	io.write.in.data = buf;
+
+	ret = smb_raw_write(c->tree, &io);
+
+	free(buf);
+
+	if (!check_status("Write", status, ret))
+		return false;
+
+	if (NT_STATUS_IS_OK(ret) && io.write.out.nwritten != ret_size) {
+		printf("[%d] Warning: Write got count %d expected %d\n", 
+		       nbench_line_count,
+		       io.write.out.nwritten, ret_size);
+	}	
+
+	children[nbio_id].bytes += ret_size;
+
+	return true;
+}
+
+static bool nb_do_lockx(bool relock, int handle, off_t offset, int size, NTSTATUS status)
+{
+	union smb_lock io;
+	int i;
+	NTSTATUS ret;
+	struct smb_lock_entry lck;
+	struct ftable *f;
+
+	i = find_handle(handle, &f);
+
+	lck.pid = getpid();
+	lck.offset = offset;
+	lck.count = size;
+
+	io.lockx.level = RAW_LOCK_LOCKX;
+	io.lockx.in.file.fnum = i;
+	io.lockx.in.mode = 0;
+	io.lockx.in.timeout = 0;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	io.lockx.in.locks = &lck;
+
+	ret = smb_raw_lock(c->tree, &io);
+
+	if (!check_status("LockX", status, ret))
+		return false;
+
+	if (f != NULL &&
+	    !relock)
+	{
+		struct lock_info *linfo;
+		linfo = talloc (f, struct lock_info);
+		linfo->offset = offset;
+		linfo->size = size;
+		DLIST_ADD_END(f->locks, linfo);
+	}
+
+	return true;
+}
+
+bool nb_lockx(int handle, off_t offset, int size, NTSTATUS status)
+{
+	return nb_do_lockx(false, handle, offset, size, status);
+}
+
+bool nb_unlockx(int handle, unsigned int offset, int size, NTSTATUS status)
+{
+	union smb_lock io;
+	int i;
+	NTSTATUS ret;
+	struct smb_lock_entry lck;
+	struct ftable *f;
+
+	i = find_handle(handle, &f);
+
+	lck.pid = getpid();
+	lck.offset = offset;
+	lck.count = size;
+
+	io.lockx.level = RAW_LOCK_LOCKX;
+	io.lockx.in.file.fnum = i;
+	io.lockx.in.mode = 0;
+	io.lockx.in.timeout = 0;
+	io.lockx.in.ulock_cnt = 1;
+	io.lockx.in.lock_cnt = 0;
+	io.lockx.in.locks = &lck;
+
+	ret = smb_raw_lock(c->tree, &io);
+
+	if (!check_status("UnlockX", status, ret))
+		return false;
+
+	if (f != NULL) {
+		struct lock_info *linfo;
+		linfo = find_lock(f->locks, offset, size);
+		if (linfo != NULL)
+			DLIST_REMOVE(f->locks, linfo);
+		else
+			printf("nb_unlockx: unknown lock (%d)\n", handle);
+	}
+
+	return true;
+}
+
+bool nb_readx(int handle, off_t offset, int size, int ret_size, NTSTATUS status)
+{
+	union smb_read io;
+	int i;
+	NTSTATUS ret;
+	uint8_t *buf;
+
+	i = find_handle(handle, NULL);
+
+	if (bypass_io)
+		return true;
+
+	buf = malloc(size);
+
+	io.readx.level = RAW_READ_READX;
+	io.readx.in.file.fnum = i;
+	io.readx.in.offset    = offset;
+	io.readx.in.mincnt    = size;
+	io.readx.in.maxcnt    = size;
+	io.readx.in.remaining = 0;
+	io.readx.in.read_for_execute = false;
+	io.readx.out.data     = buf;
+
+	ret = smb_raw_read(c->tree, &io);
+
+	free(buf);
+
+	if (!check_status("ReadX", status, ret))
+		return false;
+
+	if (NT_STATUS_IS_OK(ret) && io.readx.out.nread != ret_size) {
+		printf("[%d] ERROR: ReadX got count %d expected %d\n", 
+		       nbench_line_count,
+		       io.readx.out.nread, ret_size);
+		nb_exit(1);
+	}	
+
+	children[nbio_id].bytes += ret_size;
+
+	return true;
+}
+
+bool nb_close(int handle, NTSTATUS status)
+{
+	NTSTATUS ret;
+	union smb_close io;
+	int i;
+
+	i = find_handle(handle, NULL);
+
+	io.close.level = RAW_CLOSE_CLOSE;
+	io.close.in.file.fnum = i;
+	io.close.in.write_time = 0;
+
+	ret = smb_raw_close(c->tree, &io);
+
+	if (!check_status("Close", status, ret))
+		return false;
+
+	if (NT_STATUS_IS_OK(ret)) {
+		struct ftable *f = find_ftable(handle);
+		DLIST_REMOVE(ftable, f);
+		talloc_free(f);
+	}
+
+	return true;
+}
+
+bool nb_rmdir(const char *dname, NTSTATUS status, bool retry)
+{
+	NTSTATUS ret;
+	struct smb_rmdir io;
+
+	io.in.path = dname;
+
+	ret = smb_raw_rmdir(c->tree, &io);
+
+	if (!retry)
+		return check_status("Rmdir", status, ret);
+
+	return true;
+}
+
+bool nb_mkdir(const char *dname, NTSTATUS status, bool retry)
+{
+	union smb_mkdir io;
+
+	io.mkdir.level = RAW_MKDIR_MKDIR;
+	io.mkdir.in.path = dname;
+
+	/* NOTE! no error checking. Used for base fileset creation */
+	smb_raw_mkdir(c->tree, &io);
+
+	return true;
+}
+
+bool nb_rename(const char *o, const char *n, NTSTATUS status, bool retry)
+{
+	NTSTATUS ret;
+	union smb_rename io;
+
+	io.generic.level = RAW_RENAME_RENAME;
+	io.rename.in.attrib = FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_DIRECTORY;
+	io.rename.in.pattern1 = o;
+	io.rename.in.pattern2 = n;
+
+	ret = smb_raw_rename(c->tree, &io);
+
+	if (!retry)
+		return check_status("Rename", status, ret);
+
+	return true;
+}
+
+
+bool nb_qpathinfo(const char *fname, int level, NTSTATUS status)
+{
+	union smb_fileinfo io;
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS ret;
+
+	mem_ctx = talloc_init("nb_qpathinfo");
+
+	io.generic.level = level;
+	io.generic.in.file.path = fname;
+
+	ret = smb_raw_pathinfo(c->tree, mem_ctx, &io);
+
+	talloc_free(mem_ctx);
+
+	return check_status("Pathinfo", status, ret);
+}
+
+
+bool nb_qfileinfo(int fnum, int level, NTSTATUS status)
+{
+	union smb_fileinfo io;
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS ret;
+	int i;
+
+	i = find_handle(fnum, NULL);
+
+	mem_ctx = talloc_init("nb_qfileinfo");
+
+	io.generic.level = level;
+	io.generic.in.file.fnum = i;
+
+	ret = smb_raw_fileinfo(c->tree, mem_ctx, &io);
+
+	talloc_free(mem_ctx);
+
+	return check_status("Fileinfo", status, ret);
+}
+
+bool nb_sfileinfo(int fnum, int level, NTSTATUS status)
+{
+	union smb_setfileinfo io;
+	NTSTATUS ret;
+	int i;
+
+	if (level != RAW_SFILEINFO_BASIC_INFORMATION) {
+		printf("[%d] Warning: setfileinfo level %d not handled\n", nbench_line_count, level);
+		return true;
+	}
+
+	ZERO_STRUCT(io);
+
+	i = find_handle(fnum, NULL);
+
+	io.generic.level = level;
+	io.generic.in.file.fnum = i;
+	unix_to_nt_time(&io.basic_info.in.create_time, time(NULL));
+	unix_to_nt_time(&io.basic_info.in.access_time, 0);
+	unix_to_nt_time(&io.basic_info.in.write_time, 0);
+	unix_to_nt_time(&io.basic_info.in.change_time, 0);
+	io.basic_info.in.attrib = 0;
+
+	ret = smb_raw_setfileinfo(c->tree, &io);
+
+	return check_status("Setfileinfo", status, ret);
+}
+
+bool nb_qfsinfo(int level, NTSTATUS status)
+{
+	union smb_fsinfo io;
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS ret;
+
+	mem_ctx = talloc_init("smbcli_dskattr");
+
+	io.generic.level = level;
+	ret = smb_raw_fsinfo(c->tree, mem_ctx, &io);
+
+	talloc_free(mem_ctx);
+	
+	return check_status("Fsinfo", status, ret);	
+}
+
+/* callback function used for trans2 search */
+static bool findfirst_callback(void *private_data, const union smb_search_data *file)
+{
+	return true;
+}
+
+bool nb_findfirst(const char *mask, int level, int maxcnt, int count, NTSTATUS status)
+{
+	union smb_search_first io;
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS ret;
+
+	mem_ctx = talloc_init("smbcli_dskattr");
+
+	io.t2ffirst.level = RAW_SEARCH_TRANS2;
+	io.t2ffirst.data_level = level;
+	io.t2ffirst.in.max_count = maxcnt;
+	io.t2ffirst.in.search_attrib = FILE_ATTRIBUTE_DIRECTORY;
+	io.t2ffirst.in.pattern = mask;
+	io.t2ffirst.in.flags = FLAG_TRANS2_FIND_CLOSE;
+	io.t2ffirst.in.storage_type = 0;
+			
+	ret = smb_raw_search_first(c->tree, mem_ctx, &io, NULL, findfirst_callback);
+
+	talloc_free(mem_ctx);
+
+	if (!check_status("Search", status, ret))
+		return false;
+
+	if (NT_STATUS_IS_OK(ret) && io.t2ffirst.out.count != count) {
+		printf("[%d] Warning: got count %d expected %d\n", 
+		       nbench_line_count,
+		       io.t2ffirst.out.count, count);
+	}
+
+	return true;
+}
+
+bool nb_flush(int fnum, NTSTATUS status)
+{
+	union smb_flush io;
+	NTSTATUS ret;
+	int i;
+	i = find_handle(fnum, NULL);
+
+	io.flush.level		= RAW_FLUSH_FLUSH;
+	io.flush.in.file.fnum	= i;
+
+	ret = smb_raw_flush(c->tree, &io);
+
+	return check_status("Flush", status, ret);
+}
+
+void nb_sleep(int usec, NTSTATUS status)
+{
+	usleep(usec);
+}
+
+bool nb_deltree(const char *dname, bool retry)
+{
+	int total_deleted;
+
+	smb_raw_exit(c->session);
+
+	while (ftable) {
+		struct ftable *f = ftable;
+		DLIST_REMOVE(ftable, f);
+		talloc_free (f);
+	}
+
+	total_deleted = smbcli_deltree(c->tree, dname);
+
+	if (total_deleted == -1) {
+		printf("Failed to cleanup tree %s - exiting\n", dname);
+		nb_exit(1);
+	}
+
+	smbcli_rmdir(c->tree, dname);
+
+	return true;
+}
+
+
+void nb_exit(int status)
+{
+	children[nbio_id].connected = false;
+	printf("[%d] client %d exiting with status %d\n",
+	       nbench_line_count, nbio_id, status);
+	exit(status);
+}
diff --git a/source4/torture/nbt/dgram.c b/source4/torture/nbt/dgram.c
new file mode 100644
index 0000000..2f7ea19
--- /dev/null
+++ b/source4/torture/nbt/dgram.c
@@ -0,0 +1,699 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   NBT dgram testing
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/dgram/libdgram.h"
+#include "lib/socket/socket.h"
+#include "lib/events/events.h"
+#include "torture/rpc/torture_rpc.h"
+#include "torture/nbt/proto.h"
+#include "libcli/resolve/resolve.h"
+#include "system/network.h"
+#include "lib/socket/netif.h"
+#include "param/param.h"
+
+#define TEST_NAME "TORTURE_TEST"
+
+/*
+  reply handler for netlogon request
+*/
+static void netlogon_handler(struct dgram_mailslot_handler *dgmslot, 
+			     struct nbt_dgram_packet *packet, 
+			     struct socket_address *src)
+{
+	NTSTATUS status;
+	struct nbt_netlogon_response *netlogon = dgmslot->private_data;
+
+	dgmslot->private_data = netlogon = talloc(dgmslot, struct nbt_netlogon_response);
+
+	if (!dgmslot->private_data) {
+		return;
+	}
+       
+	printf("netlogon reply from %s:%d\n", src->addr, src->port);
+
+	/* Fills in the netlogon pointer */
+	status = dgram_mailslot_netlogon_parse_response(netlogon, packet,
+							netlogon);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("Failed to parse netlogon packet from %s:%d\n",
+		       src->addr, src->port);
+		return;
+	}
+
+}
+
+
+/* test UDP/138 netlogon requests */
+static bool nbt_test_netlogon(struct torture_context *tctx)
+{
+	struct dgram_mailslot_handler *dgmslot;
+	struct nbt_dgram_socket *dgmsock = nbt_dgram_socket_init(tctx, tctx->ev);
+	struct socket_address *dest;
+	const char *myaddress;
+	struct nbt_netlogon_packet logon;
+	struct nbt_netlogon_response *response;
+	struct nbt_name myname;
+	NTSTATUS status;
+	struct timeval tv = timeval_current();
+
+	struct socket_address *socket_address;
+
+	const char *address;
+	struct nbt_name name;
+
+	struct interface *ifaces;
+
+	name.name = lpcfg_workgroup(tctx->lp_ctx);
+	name.type = NBT_NAME_LOGON;
+	name.scope = NULL;
+
+	/* do an initial name resolution to find its IP */
+	torture_assert_ntstatus_ok(tctx, 
+				   resolve_name_ex(lpcfg_resolve_context(tctx->lp_ctx),
+						   0, 0,
+						   &name, tctx, &address, tctx->ev),
+				   talloc_asprintf(tctx, "Failed to resolve %s", name.name));
+
+	load_interface_list(tctx, tctx->lp_ctx, &ifaces);
+	myaddress = talloc_strdup(dgmsock, iface_list_best_ip(ifaces, address));
+
+
+	socket_address = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name,
+						     myaddress, lpcfg_dgram_port(tctx->lp_ctx));
+	torture_assert(tctx, socket_address != NULL, "Error getting address");
+
+	/* try receiving replies on port 138 first, which will only
+	   work if we are root and smbd/nmbd are not running - fall
+	   back to listening on any port, which means replies from
+	   most windows versions won't be seen */
+	status = socket_listen(dgmsock->sock, socket_address, 0, 0);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(socket_address);
+		socket_address = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name,
+							     myaddress, 0);
+		torture_assert(tctx, socket_address != NULL, "Error getting address");
+
+		socket_listen(dgmsock->sock, socket_address, 0, 0);
+	}
+
+	/* setup a temporary mailslot listener for replies */
+	dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC,
+				      netlogon_handler, NULL);
+	torture_assert(tctx, dgmslot != NULL, "Error temporary mailslot for GetDC");
+
+	ZERO_STRUCT(logon);
+	logon.command = LOGON_PRIMARY_QUERY;
+	logon.req.pdc.computer_name = TEST_NAME;
+	logon.req.pdc.mailslot_name = dgmslot->mailslot_name;
+	logon.req.pdc.unicode_name  = TEST_NAME;
+	logon.req.pdc.nt_version    = 1;
+	logon.req.pdc.lmnt_token    = 0xFFFF;
+	logon.req.pdc.lm20_token    = 0xFFFF;
+
+	make_nbt_name_client(&myname, TEST_NAME);
+
+	dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name, 
+					   address, lpcfg_dgram_port(tctx->lp_ctx));
+	torture_assert(tctx, dest != NULL, "Error getting address");
+
+	status = dgram_mailslot_netlogon_send(dgmsock, &name, dest,
+					      NBT_MAILSLOT_NETLOGON, 
+					      &myname, &logon);
+	torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request");
+
+	while (timeval_elapsed(&tv) < 5 && !dgmslot->private_data) {
+		tevent_loop_once(dgmsock->event_ctx);
+	}
+
+	response = talloc_get_type(dgmslot->private_data, struct nbt_netlogon_response);
+
+	torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
+
+	torture_assert(tctx, response->response_type == NETLOGON_GET_PDC, "Got incorrect type of netlogon response");
+	torture_assert(tctx, response->data.get_pdc.command == NETLOGON_RESPONSE_FROM_PDC, "Got incorrect netlogon response command");
+
+	return true;
+}
+
+
+/* test UDP/138 netlogon requests */
+static bool nbt_test_netlogon2(struct torture_context *tctx)
+{
+	struct dgram_mailslot_handler *dgmslot;
+	struct nbt_dgram_socket *dgmsock = nbt_dgram_socket_init(tctx, tctx->ev);
+	struct socket_address *dest;
+	const char *myaddress;
+	struct nbt_netlogon_packet logon;
+	struct nbt_netlogon_response *response;
+	struct nbt_name myname;
+	NTSTATUS status;
+	struct timeval tv = timeval_current();
+
+	struct socket_address *socket_address;
+
+	const char *address;
+	struct nbt_name name;
+
+	struct interface *ifaces;
+	struct test_join *join_ctx;
+	struct cli_credentials *machine_credentials;
+	const struct dom_sid *dom_sid;
+	
+	name.name = lpcfg_workgroup(tctx->lp_ctx);
+	name.type = NBT_NAME_LOGON;
+	name.scope = NULL;
+
+	/* do an initial name resolution to find its IP */
+	torture_assert_ntstatus_ok(tctx, 
+				   resolve_name_ex(lpcfg_resolve_context(tctx->lp_ctx),
+						   0, 0,
+						   &name, tctx, &address, tctx->ev),
+				   talloc_asprintf(tctx, "Failed to resolve %s", name.name));
+
+	load_interface_list(tctx, tctx->lp_ctx, &ifaces);
+	myaddress = talloc_strdup(dgmsock, iface_list_best_ip(ifaces, address));
+
+	socket_address = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name,
+						     myaddress, lpcfg_dgram_port(tctx->lp_ctx));
+	torture_assert(tctx, socket_address != NULL, "Error getting address");
+
+	/* try receiving replies on port 138 first, which will only
+	   work if we are root and smbd/nmbd are not running - fall
+	   back to listening on any port, which means replies from
+	   some windows versions won't be seen */
+	status = socket_listen(dgmsock->sock, socket_address, 0, 0);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(socket_address);
+		socket_address = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name,
+							     myaddress, 0);
+		torture_assert(tctx, socket_address != NULL, "Error getting address");
+
+		socket_listen(dgmsock->sock, socket_address, 0, 0);
+	}
+
+	/* setup a temporary mailslot listener for replies */
+	dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC,
+				      netlogon_handler, NULL);
+	torture_assert(tctx, dgmslot != NULL, "Error temporary mailslot for GetDC");
+
+	ZERO_STRUCT(logon);
+	logon.command = LOGON_SAM_LOGON_REQUEST;
+	logon.req.logon.request_count = 0;
+	logon.req.logon.computer_name = TEST_NAME;
+	logon.req.logon.user_name     = "";
+	logon.req.logon.mailslot_name = dgmslot->mailslot_name;
+	logon.req.logon.nt_version    = NETLOGON_NT_VERSION_5EX_WITH_IP|NETLOGON_NT_VERSION_5|NETLOGON_NT_VERSION_1;
+	logon.req.logon.lmnt_token    = 0xFFFF;
+	logon.req.logon.lm20_token    = 0xFFFF;
+
+	make_nbt_name_client(&myname, TEST_NAME);
+
+	dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name, 
+					   address, lpcfg_dgram_port(tctx->lp_ctx));
+
+	torture_assert(tctx, dest != NULL, "Error getting address");
+	status = dgram_mailslot_netlogon_send(dgmsock, &name, dest,
+					      NBT_MAILSLOT_NETLOGON, 
+					      &myname, &logon);
+	torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request");
+
+	while (timeval_elapsed(&tv) < 5 && dgmslot->private_data == NULL) {
+		tevent_loop_once(dgmsock->event_ctx);
+	}
+
+	response = talloc_get_type(dgmslot->private_data, struct nbt_netlogon_response);
+
+	torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
+
+	torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response");
+	map_netlogon_samlogon_response(&response->data.samlogon);
+
+	torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX, "Got incorrect netlogon response command");
+
+	torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.nt_version, NETLOGON_NT_VERSION_5EX_WITH_IP|NETLOGON_NT_VERSION_5EX|NETLOGON_NT_VERSION_1, "Got incorrect netlogon response command");
+
+	torture_assert(tctx,
+		       strstr(response->data.samlogon.data.nt5_ex.pdc_name, "\\\\") == NULL,
+		       "PDC name should not be in UNC form");
+
+	/* setup (another) temporary mailslot listener for replies */
+	dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC,
+				      netlogon_handler, NULL);
+	torture_assert(tctx, dgmslot != NULL, "Error temporary mailslot for GetDC");
+	
+	ZERO_STRUCT(logon);
+	logon.command = LOGON_SAM_LOGON_REQUEST;
+	logon.req.logon.request_count = 0;
+	logon.req.logon.computer_name = TEST_NAME;
+	logon.req.logon.user_name     = TEST_NAME"$";
+	logon.req.logon.mailslot_name = dgmslot->mailslot_name;
+	logon.req.logon.nt_version    = 1;
+	logon.req.logon.lmnt_token    = 0xFFFF;
+	logon.req.logon.lm20_token    = 0xFFFF;
+
+	make_nbt_name_client(&myname, TEST_NAME);
+
+	dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name, 
+					   address, lpcfg_dgram_port(tctx->lp_ctx));
+
+	torture_assert(tctx, dest != NULL, "Error getting address");
+	status = dgram_mailslot_netlogon_send(dgmsock, &name, dest,
+					      NBT_MAILSLOT_NETLOGON, 
+					      &myname, &logon);
+	torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request");
+
+	while (timeval_elapsed(&tv) < 5 && dgmslot->private_data == NULL) {
+		tevent_loop_once(dgmsock->event_ctx);
+	}
+
+	response = talloc_get_type(dgmslot->private_data, struct nbt_netlogon_response);
+
+	torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
+
+	torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response");
+	map_netlogon_samlogon_response(&response->data.samlogon);
+
+	torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN, "Got incorrect netlogon response command");
+
+	torture_assert_str_equal(tctx, response->data.samlogon.data.nt5_ex.user_name, TEST_NAME"$", "Got incorrect user in netlogon response");
+
+	torture_assert(tctx,
+		       strstr(response->data.samlogon.data.nt5_ex.pdc_name, "\\\\") != NULL,
+		       "PDC name should be in UNC form");
+
+	join_ctx = torture_join_domain(tctx, TEST_NAME, 
+				       ACB_WSTRUST, &machine_credentials);
+
+	torture_assert(tctx, join_ctx != NULL,
+		       talloc_asprintf(tctx, "Failed to join domain %s as %s\n",
+				       lpcfg_workgroup(tctx->lp_ctx), TEST_NAME));
+
+	dom_sid = torture_join_sid(join_ctx);
+
+	/* setup (another) temporary mailslot listener for replies */
+	dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC,
+				      netlogon_handler, NULL);
+	torture_assert(tctx, dgmslot != NULL, "Error temporary mailslot for GetDC");
+	
+	ZERO_STRUCT(logon);
+	logon.command = LOGON_SAM_LOGON_REQUEST;
+	logon.req.logon.request_count = 0;
+	logon.req.logon.computer_name = TEST_NAME;
+	logon.req.logon.user_name     = TEST_NAME"$";
+	logon.req.logon.mailslot_name = dgmslot->mailslot_name;
+	logon.req.logon.sid           = *dom_sid;
+	logon.req.logon.nt_version    = 1;
+	logon.req.logon.lmnt_token    = 0xFFFF;
+	logon.req.logon.lm20_token    = 0xFFFF;
+
+	make_nbt_name_client(&myname, TEST_NAME);
+
+	dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name, 
+					   address, lpcfg_dgram_port(tctx->lp_ctx));
+
+	torture_assert(tctx, dest != NULL, "Error getting address");
+	status = dgram_mailslot_netlogon_send(dgmsock, &name, dest,
+					      NBT_MAILSLOT_NETLOGON, 
+					      &myname, &logon);
+	torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request");
+
+
+	while (timeval_elapsed(&tv) < 5 && dgmslot->private_data == NULL) {
+		tevent_loop_once(dgmsock->event_ctx);
+	}
+
+	response = talloc_get_type(dgmslot->private_data, struct nbt_netlogon_response);
+
+	torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
+
+	torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response");
+	map_netlogon_samlogon_response(&response->data.samlogon);
+
+	torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN, "Got incorrect netlogon response command");
+
+	torture_assert(tctx,
+		       strstr(response->data.samlogon.data.nt5_ex.pdc_name, "\\\\") != NULL,
+		       "PDC name should be in UNC form");
+
+	/* setup (another) temporary mailslot listener for replies */
+	dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC,
+				      netlogon_handler, NULL);
+	torture_assert(tctx, dgmslot != NULL, "Error getting a Mailslot for GetDC reply");
+
+	ZERO_STRUCT(logon);
+	logon.command = LOGON_SAM_LOGON_REQUEST;
+	logon.req.logon.request_count = 0;
+	logon.req.logon.computer_name = TEST_NAME;
+	logon.req.logon.user_name     = TEST_NAME"$";
+	logon.req.logon.mailslot_name = dgmslot->mailslot_name;
+	logon.req.logon.sid           = *dom_sid;
+	logon.req.logon.acct_control  = ACB_WSTRUST;
+	logon.req.logon.nt_version    = 1;
+	logon.req.logon.lmnt_token    = 0xFFFF;
+	logon.req.logon.lm20_token    = 0xFFFF;
+
+	make_nbt_name_client(&myname, TEST_NAME);
+
+	dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name, 
+					   address, lpcfg_dgram_port(tctx->lp_ctx));
+
+	torture_assert(tctx, dest != NULL, "Error getting address");
+	status = dgram_mailslot_netlogon_send(dgmsock, &name, dest,
+					      NBT_MAILSLOT_NETLOGON, 
+					      &myname, &logon);
+	torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request");
+
+
+	while (timeval_elapsed(&tv) < 5 && dgmslot->private_data == NULL) {
+		tevent_loop_once(dgmsock->event_ctx);
+	}
+
+	response = talloc_get_type(dgmslot->private_data, struct nbt_netlogon_response);
+
+	torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
+
+	torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response");
+	map_netlogon_samlogon_response(&response->data.samlogon);
+
+	torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE, "Got incorrect netlogon response command");
+
+	torture_assert(tctx,
+		       strstr(response->data.samlogon.data.nt5_ex.pdc_name, "\\\\") != NULL,
+		       "PDC name should be in UNC form");
+
+	dgmslot->private_data = NULL;
+
+	ZERO_STRUCT(logon);
+	logon.command = LOGON_SAM_LOGON_REQUEST;
+	logon.req.logon.request_count = 0;
+	logon.req.logon.computer_name = TEST_NAME;
+	logon.req.logon.user_name     = TEST_NAME"$";
+	logon.req.logon.mailslot_name = dgmslot->mailslot_name;
+	logon.req.logon.sid           = *dom_sid;
+	logon.req.logon.acct_control  = ACB_NORMAL;
+	logon.req.logon.nt_version    = 1;
+	logon.req.logon.lmnt_token    = 0xFFFF;
+	logon.req.logon.lm20_token    = 0xFFFF;
+
+	make_nbt_name_client(&myname, TEST_NAME);
+
+	dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name, 
+					   address, lpcfg_dgram_port(tctx->lp_ctx));
+
+	torture_assert(tctx, dest != NULL, "Error getting address");
+	status = dgram_mailslot_netlogon_send(dgmsock, &name, dest,
+					      NBT_MAILSLOT_NETLOGON, 
+					      &myname, &logon);
+	torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request");
+
+
+	while (timeval_elapsed(&tv) < 5 && dgmslot->private_data == NULL) {
+		tevent_loop_once(dgmsock->event_ctx);
+	}
+
+	response = talloc_get_type(dgmslot->private_data, struct nbt_netlogon_response);
+
+	torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
+
+	torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response");
+	map_netlogon_samlogon_response(&response->data.samlogon);
+
+	torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN, "Got incorrect netlogon response command");
+
+	torture_assert(tctx,
+		       strstr(response->data.samlogon.data.nt5_ex.pdc_name, "\\\\") != NULL,
+		       "PDC name should be in UNC form");
+
+	torture_leave_domain(tctx, join_ctx);
+	return true;
+}
+
+
+/* test UDP/138 ntlogon requests */
+static bool nbt_test_ntlogon(struct torture_context *tctx)
+{
+	struct dgram_mailslot_handler *dgmslot;
+	struct nbt_dgram_socket *dgmsock = nbt_dgram_socket_init(tctx, tctx->ev);
+	struct socket_address *dest;
+	struct test_join *join_ctx;
+	const struct dom_sid *dom_sid;
+	struct cli_credentials *machine_credentials;
+
+	const char *myaddress;
+	struct nbt_netlogon_packet logon;
+	struct nbt_netlogon_response *response;
+	struct nbt_name myname;
+	NTSTATUS status;
+	struct timeval tv = timeval_current();
+
+	struct socket_address *socket_address;
+	const char *address;
+	struct nbt_name name;
+
+	struct interface *ifaces;
+	
+	name.name = lpcfg_workgroup(tctx->lp_ctx);
+	name.type = NBT_NAME_LOGON;
+	name.scope = NULL;
+
+	/* do an initial name resolution to find its IP */
+	torture_assert_ntstatus_ok(tctx, 
+				   resolve_name_ex(lpcfg_resolve_context(tctx->lp_ctx),
+						   0, 0, &name, tctx, &address, tctx->ev),
+				   talloc_asprintf(tctx, "Failed to resolve %s", name.name));
+
+	load_interface_list(tctx, tctx->lp_ctx, &ifaces);
+	myaddress = talloc_strdup(dgmsock, iface_list_best_ip(ifaces, address));
+
+	socket_address = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name,
+						     myaddress, lpcfg_dgram_port(tctx->lp_ctx));
+	torture_assert(tctx, socket_address != NULL, "Error getting address");
+
+	/* try receiving replies on port 138 first, which will only
+	   work if we are root and smbd/nmbd are not running - fall
+	   back to listening on any port, which means replies from
+	   most windows versions won't be seen */
+	status = socket_listen(dgmsock->sock, socket_address, 0, 0);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(socket_address);
+		socket_address = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name,
+							     myaddress, 0);
+		torture_assert(tctx, socket_address != NULL, "Error getting address");
+
+		socket_listen(dgmsock->sock, socket_address, 0, 0);
+	}
+
+	join_ctx = torture_join_domain(tctx, TEST_NAME, 
+				       ACB_WSTRUST, &machine_credentials);
+
+	torture_assert(tctx, join_ctx != NULL,
+		       talloc_asprintf(tctx, "Failed to join domain %s as %s\n",
+				       lpcfg_workgroup(tctx->lp_ctx), TEST_NAME));
+	dom_sid = torture_join_sid(join_ctx);
+
+	/* setup a temporary mailslot listener for replies */
+	dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC,
+				      netlogon_handler, NULL);
+	torture_assert(tctx, dgmslot != NULL, "Error temporary mailslot for GetDC");
+
+	ZERO_STRUCT(logon);
+	logon.command = LOGON_SAM_LOGON_REQUEST;
+	logon.req.logon.request_count = 0;
+	logon.req.logon.computer_name = TEST_NAME;
+	logon.req.logon.user_name     = TEST_NAME"$";
+	logon.req.logon.mailslot_name = dgmslot->mailslot_name;
+	logon.req.logon.acct_control  = ACB_WSTRUST;
+	/* Try with a SID this time */
+	logon.req.logon.sid           = *dom_sid;
+	logon.req.logon.nt_version    = 1;
+	logon.req.logon.lmnt_token    = 0xFFFF;
+	logon.req.logon.lm20_token    = 0xFFFF;
+
+	make_nbt_name_client(&myname, TEST_NAME);
+
+	dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name, 
+					   address, lpcfg_dgram_port(tctx->lp_ctx));
+	torture_assert(tctx, dest != NULL, "Error getting address");
+	status = dgram_mailslot_netlogon_send(dgmsock, 
+					      &name, dest, 
+					      NBT_MAILSLOT_NTLOGON, 
+					      &myname, &logon);
+	torture_assert_ntstatus_ok(tctx, status, "Failed to send ntlogon request");
+
+	while (timeval_elapsed(&tv) < 5 && dgmslot->private_data == NULL) {
+		tevent_loop_once(dgmsock->event_ctx);
+	}
+
+	response = talloc_get_type(dgmslot->private_data, struct nbt_netlogon_response);
+
+	torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
+
+	torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response");
+	map_netlogon_samlogon_response(&response->data.samlogon);
+
+	torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE, "Got incorrect netlogon response command");
+
+	torture_assert_str_equal(tctx, response->data.samlogon.data.nt5_ex.user_name, TEST_NAME"$", "Got incorrect user in netlogon response");
+
+	torture_assert(tctx,
+		       strstr(response->data.samlogon.data.nt5_ex.pdc_name, "\\\\") != NULL,
+		       "PDC name should be in UNC form");
+
+	/* setup a temporary mailslot listener for replies */
+	dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC,
+				      netlogon_handler, NULL);
+	torture_assert(tctx, dgmslot != NULL, "Error temporary mailslot for GetDC");
+
+	ZERO_STRUCT(logon);
+	logon.command = LOGON_SAM_LOGON_REQUEST;
+	logon.req.logon.request_count = 0;
+	logon.req.logon.computer_name = TEST_NAME;
+	logon.req.logon.user_name     = TEST_NAME"$";
+	logon.req.logon.mailslot_name = dgmslot->mailslot_name;
+	logon.req.logon.acct_control  = ACB_WSTRUST;
+	/* Leave sid as all zero */
+	logon.req.logon.nt_version    = 1;
+	logon.req.logon.lmnt_token    = 0xFFFF;
+	logon.req.logon.lm20_token    = 0xFFFF;
+
+	make_nbt_name_client(&myname, TEST_NAME);
+
+	dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name, 
+					   address, lpcfg_dgram_port(tctx->lp_ctx));
+	torture_assert(tctx, dest != NULL, "Error getting address");
+	status = dgram_mailslot_netlogon_send(dgmsock, 
+					      &name, dest, 
+					      NBT_MAILSLOT_NTLOGON, 
+					      &myname, &logon);
+	torture_assert_ntstatus_ok(tctx, status, "Failed to send ntlogon request");
+
+	while (timeval_elapsed(&tv) < 5 && dgmslot->private_data == NULL) {
+		tevent_loop_once(dgmsock->event_ctx);
+	}
+
+	response = talloc_get_type(dgmslot->private_data, struct nbt_netlogon_response);
+
+	torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
+
+	torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response");
+	map_netlogon_samlogon_response(&response->data.samlogon);
+
+	torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE, "Got incorrect netlogon response command");
+
+	torture_assert_str_equal(tctx, response->data.samlogon.data.nt5_ex.user_name, TEST_NAME"$", "Got incorrect user in netlogon response");
+
+	torture_assert(tctx,
+		       strstr(response->data.samlogon.data.nt5_ex.pdc_name, "\\\\") != NULL,
+		       "PDC name should be in UNC form");
+
+	/* setup (another) temporary mailslot listener for replies */
+	dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC,
+				      netlogon_handler, NULL);
+	torture_assert(tctx, dgmslot != NULL, "Error temporary mailslot for GetDC");
+	
+	ZERO_STRUCT(logon);
+	logon.command = LOGON_PRIMARY_QUERY;
+	logon.req.pdc.computer_name = TEST_NAME;
+	logon.req.pdc.mailslot_name = dgmslot->mailslot_name;
+	logon.req.pdc.unicode_name  = TEST_NAME;
+	logon.req.pdc.nt_version    = 1;
+	logon.req.pdc.lmnt_token    = 0xFFFF;
+	logon.req.pdc.lm20_token    = 0xFFFF;
+
+	make_nbt_name_client(&myname, TEST_NAME);
+
+	dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name, 
+					   address, lpcfg_dgram_port(tctx->lp_ctx));
+	torture_assert(tctx, dest != NULL, "Error getting address");
+	status = dgram_mailslot_netlogon_send(dgmsock, 
+					      &name, dest, 
+					      NBT_MAILSLOT_NTLOGON, 
+					      &myname, &logon);
+	torture_assert_ntstatus_ok(tctx, status, "Failed to send ntlogon request");
+
+	while (timeval_elapsed(&tv) < 5 && !dgmslot->private_data) {
+		tevent_loop_once(dgmsock->event_ctx);
+	}
+
+	response = talloc_get_type(dgmslot->private_data, struct nbt_netlogon_response);
+
+	torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
+
+	torture_assert_int_equal(tctx, response->response_type, NETLOGON_GET_PDC, "Got incorrect type of ntlogon response");
+	torture_assert_int_equal(tctx, response->data.get_pdc.command, NETLOGON_RESPONSE_FROM_PDC, "Got incorrect ntlogon response command");
+
+	torture_leave_domain(tctx, join_ctx);
+
+	/* setup (another) temporary mailslot listener for replies */
+	dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC,
+				      netlogon_handler, NULL);
+	torture_assert(tctx, dgmslot != NULL, "Error temporary mailslot for GetDC");
+	
+	ZERO_STRUCT(logon);
+	logon.command = LOGON_PRIMARY_QUERY;
+	logon.req.pdc.computer_name = TEST_NAME;
+	logon.req.pdc.mailslot_name = dgmslot->mailslot_name;
+	logon.req.pdc.unicode_name  = TEST_NAME;
+	logon.req.pdc.nt_version    = 1;
+	logon.req.pdc.lmnt_token    = 0xFFFF;
+	logon.req.pdc.lm20_token    = 0xFFFF;
+
+	make_nbt_name_client(&myname, TEST_NAME);
+
+	dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name, 
+					   address, lpcfg_dgram_port(tctx->lp_ctx));
+	torture_assert(tctx, dest != NULL, "Error getting address");
+	status = dgram_mailslot_netlogon_send(dgmsock, 
+					      &name, dest, 
+					      NBT_MAILSLOT_NTLOGON, 
+					      &myname, &logon);
+	torture_assert_ntstatus_ok(tctx, status, "Failed to send ntlogon request");
+
+	while (timeval_elapsed(&tv) < 5 && !dgmslot->private_data) {
+		tevent_loop_once(dgmsock->event_ctx);
+	}
+
+	response = talloc_get_type(dgmslot->private_data, struct nbt_netlogon_response);
+
+	torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
+
+	torture_assert_int_equal(tctx, response->response_type, NETLOGON_GET_PDC, "Got incorrect type of ntlogon response");
+	torture_assert_int_equal(tctx, response->data.get_pdc.command, NETLOGON_RESPONSE_FROM_PDC, "Got incorrect ntlogon response command");
+
+
+	return true;
+}
+
+
+/*
+  test nbt dgram operations
+*/
+struct torture_suite *torture_nbt_dgram(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "dgram");
+
+	torture_suite_add_simple_test(suite, "netlogon", nbt_test_netlogon);
+	torture_suite_add_simple_test(suite, "netlogon2", nbt_test_netlogon2);
+	torture_suite_add_simple_test(suite, "ntlogon", nbt_test_ntlogon);
+
+	return suite;
+}
diff --git a/source4/torture/nbt/nbt.c b/source4/torture/nbt/nbt.c
new file mode 100644
index 0000000..f350885
--- /dev/null
+++ b/source4/torture/nbt/nbt.c
@@ -0,0 +1,69 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB torture tester
+   Copyright (C) Jelmer Vernooij 2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "../libcli/nbt/libnbt.h"
+#include "torture/torture.h"
+#include "torture/nbt/proto.h"
+#include "torture/smbtorture.h"
+#include "libcli/resolve/resolve.h"
+#include "param/param.h"
+
+struct nbt_name_socket *torture_init_nbt_socket(struct torture_context *tctx)
+{
+	return nbt_name_socket_init(tctx, tctx->ev);
+}
+
+bool torture_nbt_get_name(struct torture_context *tctx, 
+			  struct nbt_name *name, 
+			  const char **address)
+{
+	make_nbt_name_server(name, strupper_talloc(tctx, 
+			     torture_setting_string(tctx, "host", NULL)));
+
+	/* do an initial name resolution to find its IP */
+	torture_assert_ntstatus_ok(tctx, 
+				   resolve_name_ex(lpcfg_resolve_context(tctx->lp_ctx),
+						   0, 0,
+						   name, tctx, address, tctx->ev),
+				   talloc_asprintf(tctx, 
+						   "Failed to resolve %s", name->name));
+	
+	return true;
+}
+
+NTSTATUS torture_nbt_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(
+		ctx, "nbt");
+	/* nbt tests */
+	torture_suite_add_suite(suite, torture_nbt_register(suite));
+	torture_suite_add_suite(suite, torture_nbt_wins(suite));
+	torture_suite_add_suite(suite, torture_nbt_dgram(suite));
+	torture_suite_add_suite(suite, torture_nbt_winsreplication(suite));
+	torture_suite_add_suite(suite, torture_bench_nbt(suite));
+	torture_suite_add_suite(suite, torture_bench_wins(suite));
+
+	suite->description = talloc_strdup(suite, 
+					 "NetBIOS over TCP/IP and WINS tests");
+
+	torture_register_suite(ctx, suite);
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/torture/nbt/query.c b/source4/torture/nbt/query.c
new file mode 100644
index 0000000..001ff19
--- /dev/null
+++ b/source4/torture/nbt/query.c
@@ -0,0 +1,115 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   NBT name query testing
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include "libcli/resolve/resolve.h"
+#include "torture/torture.h"
+#include "torture/nbt/proto.h"
+#include "param/param.h"
+
+struct result_struct {
+	int num_pass;
+	int num_fail;
+};
+
+static void increment_handler(struct nbt_name_request *req)
+{
+	struct result_struct *v = talloc_get_type(req->async.private_data, struct result_struct);
+	if (req->state != NBT_REQUEST_DONE) {
+		v->num_fail++;
+	} else {
+		v->num_pass++;
+	}
+	talloc_free(req);
+}
+
+/*
+  benchmark simple name queries
+*/
+static bool bench_namequery(struct torture_context *tctx)
+{
+	struct nbt_name_socket *nbtsock = torture_init_nbt_socket(tctx);
+	int num_sent=0;
+	struct result_struct *result;
+	struct nbt_name_query io;
+	struct timeval tv = timeval_current();
+	int timelimit = torture_setting_int(tctx, "timelimit", 5);
+
+	const char *address;
+	struct nbt_name name;
+
+	if (!torture_nbt_get_name(tctx, &name, &address))
+		return false;
+
+	io.in.name = name;
+	io.in.dest_addr = address;
+	io.in.dest_port = lpcfg_nbt_port(tctx->lp_ctx);
+	io.in.broadcast = false;
+	io.in.wins_lookup = false;
+	io.in.timeout = 1;
+
+	result = talloc_zero(tctx, struct result_struct);
+
+	torture_comment(tctx, "Running for %d seconds\n", timelimit);
+	while (timeval_elapsed(&tv) < timelimit) {
+		while (num_sent - (result->num_pass+result->num_fail) < 10) {
+			struct nbt_name_request *req;
+			req = nbt_name_query_send(nbtsock, &io);
+			torture_assert(tctx, req != NULL, "Failed to setup request!");
+			req->async.fn = increment_handler;
+			req->async.private_data = result;
+			num_sent++;
+			if (num_sent % 1000 == 0) {
+				if (torture_setting_bool(tctx, "progress", true)) {
+					torture_comment(tctx, "%.1f queries per second (%d failures)  \r", 
+					       result->num_pass / timeval_elapsed(&tv),
+					       result->num_fail);
+					fflush(stdout);
+				}
+			}
+		}
+
+		tevent_loop_once(nbtsock->event_ctx);
+	}
+
+	while (num_sent != (result->num_pass + result->num_fail)) {
+		tevent_loop_once(nbtsock->event_ctx);
+	}
+
+	torture_comment(tctx, "%.1f queries per second (%d failures)  \n", 
+	       result->num_pass / timeval_elapsed(&tv),
+	       result->num_fail);
+
+	return true;
+}
+
+
+/*
+  benchmark how fast a server can respond to name queries
+*/
+struct torture_suite *torture_bench_nbt(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "bench");
+	torture_suite_add_simple_test(suite, "namequery", bench_namequery);
+
+	return suite;
+}
diff --git a/source4/torture/nbt/register.c b/source4/torture/nbt/register.c
new file mode 100644
index 0000000..24ca328
--- /dev/null
+++ b/source4/torture/nbt/register.c
@@ -0,0 +1,176 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   NBT name registration testing
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/socket/socket.h"
+#include "libcli/resolve/resolve.h"
+#include "system/network.h"
+#include "lib/socket/netif.h"
+#include "torture/torture.h"
+#include "torture/nbt/proto.h"
+#include "param/param.h"
+
+#define CHECK_VALUE(tctx, v, correct) \
+	torture_assert_int_equal(tctx, v, correct, "Incorrect value")
+
+#define CHECK_STRING(tctx, v, correct) \
+	torture_assert_casestr_equal(tctx, v, correct, "Incorrect value")
+
+
+
+
+/*
+  test that a server responds correctly to attempted registrations of its name
+*/
+static bool nbt_register_own(struct torture_context *tctx)
+{
+	struct nbt_name_register io;
+	NTSTATUS status;
+	struct nbt_name_socket *nbtsock = torture_init_nbt_socket(tctx);
+	struct socket_address *socket_address;
+	struct nbt_name name;
+	const char *address;
+	const char *myaddress;
+	struct interface *ifaces;
+
+	if (!torture_nbt_get_name(tctx, &name, &address))
+		return false;
+
+	load_interface_list(tctx, tctx->lp_ctx, &ifaces);
+
+	myaddress = iface_list_best_ip(ifaces, address);
+
+	socket_address = socket_address_from_strings(tctx, nbtsock->sock->backend_name,
+						     myaddress, 0);
+	torture_assert(tctx, socket_address != NULL, "Unable to get address");
+
+	status = socket_listen(nbtsock->sock, socket_address, 0, 0);
+	torture_assert_ntstatus_ok(tctx, status, 
+				"socket_listen for nbt_register_own failed");
+
+	torture_comment(tctx, "Testing name defense to name registration\n");
+
+	io.in.name = name;
+	io.in.dest_addr = address;
+	io.in.dest_port = lpcfg_nbt_port(tctx->lp_ctx);
+	io.in.address = myaddress;
+	io.in.nb_flags = NBT_NODE_B | NBT_NM_ACTIVE;
+	io.in.register_demand = false;
+	io.in.broadcast = true;
+	io.in.multi_homed = false;
+	io.in.ttl = 1234;
+	io.in.timeout = 3;
+	io.in.retries = 0;
+	
+	status = nbt_name_register(nbtsock, tctx, &io);
+	torture_assert_ntstatus_ok(tctx, status, 
+				talloc_asprintf(tctx, "Bad response from %s for name register",
+		       address));
+	
+	CHECK_STRING(tctx, io.out.name.name, name.name);
+	CHECK_VALUE(tctx, io.out.name.type, name.type);
+	CHECK_VALUE(tctx, io.out.rcode, NBT_RCODE_ACT);
+
+	/* check a register demand */
+	io.in.address = myaddress;
+	io.in.register_demand = true;
+
+	status = nbt_name_register(nbtsock, tctx, &io);
+
+	torture_assert_ntstatus_ok(tctx, status, 
+				talloc_asprintf(tctx, "Bad response from %s for name register demand", address));
+	
+	CHECK_STRING(tctx, io.out.name.name, name.name);
+	CHECK_VALUE(tctx, io.out.name.type, name.type);
+	CHECK_VALUE(tctx, io.out.rcode, NBT_RCODE_ACT);
+
+	return true;
+}
+
+
+/*
+  test that a server responds correctly to attempted name refresh requests
+*/
+static bool nbt_refresh_own(struct torture_context *tctx)
+{
+	struct nbt_name_refresh io;
+	NTSTATUS status;
+	struct nbt_name_socket *nbtsock = torture_init_nbt_socket(tctx);
+	const char *myaddress;
+	struct socket_address *socket_address;
+	struct nbt_name name;
+	const char *address;
+	struct interface *ifaces;
+
+	if (!torture_nbt_get_name(tctx, &name, &address))
+		return false;
+	
+	load_interface_list(tctx, tctx->lp_ctx, &ifaces);
+
+	myaddress = iface_list_best_ip(ifaces, address);
+
+	socket_address = socket_address_from_strings(tctx, nbtsock->sock->backend_name,
+						     myaddress, 0);
+	torture_assert(tctx, socket_address != NULL, 
+				   "Can't parse socket address");
+
+	status = socket_listen(nbtsock->sock, socket_address, 0, 0);
+	torture_assert_ntstatus_ok(tctx, status, 
+							   "socket_listen for nbt_referesh_own failed");
+
+	torture_comment(tctx, "Testing name defense to name refresh\n");
+
+	io.in.name = name;
+	io.in.dest_addr = address;
+	io.in.dest_port = lpcfg_nbt_port(tctx->lp_ctx);
+	io.in.address = myaddress;
+	io.in.nb_flags = NBT_NODE_B | NBT_NM_ACTIVE;
+	io.in.broadcast = false;
+	io.in.ttl = 1234;
+	io.in.timeout = 3;
+	io.in.retries = 0;
+	
+	status = nbt_name_refresh(nbtsock, tctx, &io);
+
+	torture_assert_ntstatus_ok(tctx, status, 
+				talloc_asprintf(tctx, "Bad response from %s for name refresh", address));
+	
+	CHECK_STRING(tctx, io.out.name.name, name.name);
+	CHECK_VALUE(tctx, io.out.name.type, name.type);
+	CHECK_VALUE(tctx, io.out.rcode, NBT_RCODE_ACT);
+
+	return true;
+}
+
+
+/*
+  test name registration to a server
+*/
+struct torture_suite *torture_nbt_register(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite;
+
+	suite = torture_suite_create(mem_ctx, "register");
+	torture_suite_add_simple_test(suite, "register_own", nbt_register_own);
+	torture_suite_add_simple_test(suite, "refresh_own", nbt_refresh_own);
+
+	return suite;
+}
diff --git a/source4/torture/nbt/wins.c b/source4/torture/nbt/wins.c
new file mode 100644
index 0000000..8c847b5
--- /dev/null
+++ b/source4/torture/nbt/wins.c
@@ -0,0 +1,545 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   NBT WINS server testing
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/util/dlinklist.h"
+#include "lib/events/events.h"
+#include "lib/socket/socket.h"
+#include "libcli/resolve/resolve.h"
+#include "system/network.h"
+#include "lib/socket/netif.h"
+#include "librpc/gen_ndr/ndr_nbt.h"
+#include "torture/torture.h"
+#include "torture/nbt/proto.h"
+#include "param/param.h"
+
+#define CHECK_VALUE(tctx, v, correct) \
+	torture_assert_int_equal(tctx, v, correct, "Incorrect value")
+
+#define CHECK_STRING(tctx, v, correct) \
+	torture_assert_casestr_equal(tctx, v, correct, "Incorrect value")
+
+#define CHECK_NAME(tctx, _name, correct) do { \
+	CHECK_STRING(tctx, (_name).name, (correct).name); \
+	CHECK_VALUE(tctx, (uint8_t)(_name).type, (uint8_t)(correct).type); \
+	CHECK_STRING(tctx, (_name).scope, (correct).scope); \
+} while (0)
+
+
+/*
+  test operations against a WINS server
+*/
+static bool nbt_test_wins_name(struct torture_context *tctx, const char *address,
+			       struct nbt_name *name, uint16_t nb_flags,
+			       bool try_low_port,
+			       uint8_t register_rcode)
+{
+	struct nbt_name_register_wins io;
+	struct nbt_name_register name_register;
+	struct nbt_name_query query;
+	struct nbt_name_refresh_wins refresh;
+	struct nbt_name_release release;
+	struct nbt_name_request *req;
+	NTSTATUS status;
+	struct nbt_name_socket *nbtsock = torture_init_nbt_socket(tctx);
+	const char *myaddress;
+	struct socket_address *socket_address;
+	struct interface *ifaces;
+	bool low_port = try_low_port;
+	char **l;
+
+	load_interface_list(tctx, tctx->lp_ctx, &ifaces);
+
+	myaddress = talloc_strdup(tctx, iface_list_best_ip(ifaces, address));
+
+	socket_address = socket_address_from_strings(tctx, 
+						     nbtsock->sock->backend_name,
+						     myaddress, lpcfg_nbt_port(tctx->lp_ctx));
+	torture_assert(tctx, socket_address != NULL, 
+				   "Error getting address");
+
+	/* we do the listen here to ensure the WINS server receives the packets from
+	   the right IP */
+	status = socket_listen(nbtsock->sock, socket_address, 0, 0);
+	talloc_free(socket_address);
+	if (!NT_STATUS_IS_OK(status)) {
+		low_port = false;
+		socket_address = socket_address_from_strings(tctx,
+							     nbtsock->sock->backend_name,
+							     myaddress, 0);
+		torture_assert(tctx, socket_address != NULL,
+			       "Error getting address");
+
+		status = socket_listen(nbtsock->sock, socket_address, 0, 0);
+		talloc_free(socket_address);
+		torture_assert_ntstatus_ok(tctx, status,
+					   "socket_listen for WINS failed");
+	}
+
+	torture_comment(tctx, "Testing name registration to WINS with name %s at %s nb_flags=0x%x\n", 
+	       nbt_name_string(tctx, name), myaddress, nb_flags);
+
+	torture_comment(tctx, "release the name\n");
+	release.in.name = *name;
+	release.in.dest_port = lpcfg_nbt_port(tctx->lp_ctx);
+	release.in.dest_addr = address;
+	release.in.address = myaddress;
+	release.in.nb_flags = nb_flags;
+	release.in.broadcast = false;
+	release.in.timeout = 3;
+	release.in.retries = 0;
+
+	status = nbt_name_release(nbtsock, tctx, &release);
+	torture_assert_ntstatus_ok(tctx, status, talloc_asprintf(tctx, "Bad response from %s for name query", address));
+	CHECK_VALUE(tctx, release.out.rcode, 0);
+
+	if (nb_flags & NBT_NM_GROUP) {
+		/* ignore this for group names */
+	} else if (!low_port) {
+		torture_comment(tctx, "no low port - skip: register the name with a wrong address\n");
+	} else {
+		torture_comment(tctx, "register the name with a wrong address (makes the next request slow!)\n");
+		io.in.name = *name;
+		io.in.wins_port = lpcfg_nbt_port(tctx->lp_ctx);
+		io.in.wins_servers = const_str_list(
+			str_list_make_single(tctx, address));
+		io.in.addresses = const_str_list(
+			str_list_make_single(tctx, "127.64.64.1"));
+		io.in.nb_flags = nb_flags;
+		io.in.ttl = 300000;
+
+		status = nbt_name_register_wins(nbtsock, tctx, &io);
+		if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
+			torture_assert_ntstatus_ok(tctx, status,
+				talloc_asprintf(tctx, "No response from %s for name register\n",
+						address));
+		}
+		torture_assert_ntstatus_ok(tctx, status,
+			talloc_asprintf(tctx, "Bad response from %s for name register\n",
+					address));
+
+		CHECK_STRING(tctx, io.out.wins_server, address);
+		CHECK_VALUE(tctx, io.out.rcode, 0);
+
+		torture_comment(tctx, "register the name correct address\n");
+		name_register.in.name		= *name;
+		name_register.in.dest_port	= lpcfg_nbt_port(tctx->lp_ctx);
+		name_register.in.dest_addr	= address;
+		name_register.in.address	= myaddress;
+		name_register.in.nb_flags	= nb_flags;
+		name_register.in.register_demand= false;
+		name_register.in.broadcast	= false;
+		name_register.in.multi_homed	= true;
+		name_register.in.ttl		= 300000;
+		name_register.in.timeout	= 3;
+		name_register.in.retries	= 2;
+
+		/*
+		 * test if the server ignores resent requests
+		 */
+		req = nbt_name_register_send(nbtsock, &name_register);
+		while (true) {
+			tevent_loop_once(nbtsock->event_ctx);
+			if (req->state != NBT_REQUEST_WAIT) {
+				break;
+			}
+			if (req->received_wack) {
+				/*
+				 * if we received the wack response
+				 * we resend the request and the
+				 * server should ignore that
+				 * and not handle it as new request
+				 */
+				req->state = NBT_REQUEST_SEND;
+				DLIST_ADD_END(nbtsock->send_queue, req);
+				TEVENT_FD_WRITEABLE(nbtsock->fde);
+				break;
+			}
+		}
+
+		status = nbt_name_register_recv(req, tctx, &name_register);
+		if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
+			torture_assert_ntstatus_ok(tctx, status,
+				talloc_asprintf(tctx, "No response from %s for name register\n",
+						address));
+		}
+		torture_assert_ntstatus_ok(tctx, status,
+			talloc_asprintf(tctx, "Bad response from %s for name register\n",
+					address));
+
+		CHECK_VALUE(tctx, name_register.out.rcode, 0);
+		CHECK_STRING(tctx, name_register.out.reply_addr, myaddress);
+	}
+
+	torture_comment(tctx, "register the name correct address\n");
+	io.in.name = *name;
+	io.in.wins_port = lpcfg_nbt_port(tctx->lp_ctx);
+	l = str_list_make_single(tctx, address);
+	io.in.wins_servers = discard_const_p(const char *, l);
+	l = str_list_make_single(tctx, myaddress);
+	io.in.addresses = discard_const_p(const char *, l);
+	io.in.nb_flags = nb_flags;
+	io.in.ttl = 300000;
+	
+	status = nbt_name_register_wins(nbtsock, tctx, &io);
+	torture_assert_ntstatus_ok(tctx, status, talloc_asprintf(tctx, "Bad response from %s for name register", address));
+	
+	CHECK_STRING(tctx, io.out.wins_server, address);
+	CHECK_VALUE(tctx, io.out.rcode, register_rcode);
+
+	if (register_rcode != NBT_RCODE_OK) {
+		return true;
+	}
+
+	if (name->type != NBT_NAME_MASTER &&
+	    name->type != NBT_NAME_LOGON && 
+	    name->type != NBT_NAME_BROWSER && 
+	    (nb_flags & NBT_NM_GROUP)) {
+		torture_comment(tctx, "Try to register as non-group\n");
+		io.in.nb_flags &= ~NBT_NM_GROUP;
+		status = nbt_name_register_wins(nbtsock, tctx, &io);
+		torture_assert_ntstatus_ok(tctx, status, talloc_asprintf(tctx, "Bad response from %s for name register\n",
+			address));
+		CHECK_VALUE(tctx, io.out.rcode, NBT_RCODE_ACT);
+	}
+
+	torture_comment(tctx, "query the name to make sure its there\n");
+	query.in.name = *name;
+	query.in.dest_addr = address;
+	query.in.dest_port = lpcfg_nbt_port(tctx->lp_ctx);
+	query.in.broadcast = false;
+	query.in.wins_lookup = true;
+	query.in.timeout = 3;
+	query.in.retries = 0;
+
+	status = nbt_name_query(nbtsock, tctx, &query);
+	if (name->type == NBT_NAME_MASTER) {
+		torture_assert_ntstatus_equal(
+			  tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND, 
+			  talloc_asprintf(tctx, "Bad response from %s for name query", address));
+		return true;
+	}
+	torture_assert_ntstatus_ok(tctx, status, talloc_asprintf(tctx, "Bad response from %s for name query", address));
+	
+	CHECK_NAME(tctx, query.out.name, *name);
+	CHECK_VALUE(tctx, query.out.num_addrs, 1);
+	if (name->type != NBT_NAME_LOGON &&
+	    (nb_flags & NBT_NM_GROUP)) {
+		CHECK_STRING(tctx, query.out.reply_addrs[0], "255.255.255.255");
+	} else {
+		CHECK_STRING(tctx, query.out.reply_addrs[0], myaddress);
+	}
+
+
+	query.in.name.name = strupper_talloc(tctx, name->name);
+	if (query.in.name.name &&
+	    strcmp(query.in.name.name, name->name) != 0) {
+		torture_comment(tctx, "check case sensitivity\n");
+		status = nbt_name_query(nbtsock, tctx, &query);
+		torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND, talloc_asprintf(tctx, "Bad response from %s for name query", address));
+	}
+
+	query.in.name = *name;
+	if (name->scope) {
+		query.in.name.scope = strupper_talloc(tctx, name->scope);
+	}
+	if (query.in.name.scope &&
+	    strcmp(query.in.name.scope, name->scope) != 0) {
+		torture_comment(tctx, "check case sensitivity on scope\n");
+		status = nbt_name_query(nbtsock, tctx, &query);
+		torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND, talloc_asprintf(tctx, "Bad response from %s for name query", address));
+	}
+
+	torture_comment(tctx, "refresh the name\n");
+	refresh.in.name = *name;
+	refresh.in.wins_port = lpcfg_nbt_port(tctx->lp_ctx);
+	l = str_list_make_single(tctx, address);
+	refresh.in.wins_servers = discard_const_p(const char *, l);
+	l = str_list_make_single(tctx, myaddress);
+	refresh.in.addresses = discard_const_p(const char *, l);
+	refresh.in.nb_flags = nb_flags;
+	refresh.in.ttl = 12345;
+	
+	status = nbt_name_refresh_wins(nbtsock, tctx, &refresh);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
+		torture_assert_ntstatus_ok(tctx, status,
+			talloc_asprintf(tctx, "No response from %s for name refresh",
+					address));
+	}
+	torture_assert_ntstatus_ok(tctx, status,
+		talloc_asprintf(tctx, "Bad response from %s for name refresh",
+				address));
+
+	CHECK_STRING(tctx, refresh.out.wins_server, address);
+	CHECK_VALUE(tctx, refresh.out.rcode, 0);
+
+	printf("release the name\n");
+	release.in.name = *name;
+	release.in.dest_port = lpcfg_nbt_port(tctx->lp_ctx);
+	release.in.dest_addr = address;
+	release.in.address = myaddress;
+	release.in.nb_flags = nb_flags;
+	release.in.broadcast = false;
+	release.in.timeout = 3;
+	release.in.retries = 0;
+
+	status = nbt_name_release(nbtsock, tctx, &release);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
+		torture_assert_ntstatus_ok(tctx, status,
+			talloc_asprintf(tctx, "No response from %s for name release",
+					address));
+	}
+	torture_assert_ntstatus_ok(tctx, status,
+		talloc_asprintf(tctx, "Bad response from %s for name release",
+				address));
+
+	CHECK_NAME(tctx, release.out.name, *name);
+	CHECK_VALUE(tctx, release.out.rcode, 0);
+
+	if (nb_flags & NBT_NM_GROUP) {
+		/* ignore this for group names */
+	} else if (!low_port) {
+		torture_comment(tctx, "no low port - skip: register the name with a wrong address\n");
+	} else {
+		torture_comment(tctx, "register the name with a wrong address (makes the next request slow!)\n");
+		io.in.name = *name;
+		io.in.wins_port = lpcfg_nbt_port(tctx->lp_ctx);
+		io.in.wins_servers = const_str_list(
+			str_list_make_single(tctx, address));
+		io.in.addresses = const_str_list(
+			str_list_make_single(tctx, "127.64.64.1"));
+		io.in.nb_flags = nb_flags;
+		io.in.ttl = 300000;
+	
+		status = nbt_name_register_wins(nbtsock, tctx, &io);
+		if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
+			torture_assert_ntstatus_ok(tctx, status,
+				talloc_asprintf(tctx, "No response from %s for name register\n",
+						address));
+		}
+		torture_assert_ntstatus_ok(tctx, status,
+			talloc_asprintf(tctx, "Bad response from %s for name register\n",
+					address));
+
+		CHECK_STRING(tctx, io.out.wins_server, address);
+		CHECK_VALUE(tctx, io.out.rcode, 0);
+	}
+
+	torture_comment(tctx, "refresh the name with the correct address\n");
+	refresh.in.name = *name;
+	refresh.in.wins_port = lpcfg_nbt_port(tctx->lp_ctx);
+	refresh.in.wins_servers = const_str_list(
+			str_list_make_single(tctx, address));
+	refresh.in.addresses = const_str_list(
+			str_list_make_single(tctx, myaddress));
+	refresh.in.nb_flags = nb_flags;
+	refresh.in.ttl = 12345;
+
+	status = nbt_name_refresh_wins(nbtsock, tctx, &refresh);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
+		torture_assert_ntstatus_ok(tctx, status,
+			talloc_asprintf(tctx, "No response from %s for name refresh",
+					address));
+	}
+	torture_assert_ntstatus_ok(tctx, status,
+		talloc_asprintf(tctx, "Bad response from %s for name refresh",
+				address));
+
+	CHECK_STRING(tctx, refresh.out.wins_server, address);
+	CHECK_VALUE(tctx, refresh.out.rcode, 0);
+
+	torture_comment(tctx, "release the name\n");
+	release.in.name = *name;
+	release.in.dest_port = lpcfg_nbt_port(tctx->lp_ctx);
+	release.in.dest_addr = address;
+	release.in.address = myaddress;
+	release.in.nb_flags = nb_flags;
+	release.in.broadcast = false;
+	release.in.timeout = 3;
+	release.in.retries = 0;
+
+	status = nbt_name_release(nbtsock, tctx, &release);
+	torture_assert_ntstatus_ok(tctx, status, talloc_asprintf(tctx, "Bad response from %s for name query", address));
+	
+	CHECK_NAME(tctx, release.out.name, *name);
+	CHECK_VALUE(tctx, release.out.rcode, 0);
+
+	torture_comment(tctx, "release again\n");
+	status = nbt_name_release(nbtsock, tctx, &release);
+	torture_assert_ntstatus_ok(tctx, status, 
+				talloc_asprintf(tctx, "Bad response from %s for name query",
+		       address));
+	
+	CHECK_NAME(tctx, release.out.name, *name);
+	CHECK_VALUE(tctx, release.out.rcode, 0);
+
+
+	torture_comment(tctx, "query the name to make sure its gone\n");
+	query.in.name = *name;
+	status = nbt_name_query(nbtsock, tctx, &query);
+	if (name->type != NBT_NAME_LOGON &&
+	    (nb_flags & NBT_NM_GROUP)) {
+		torture_assert_ntstatus_ok(tctx, status, 
+				"ERROR: Name query failed after group release");
+	} else {
+		torture_assert_ntstatus_equal(tctx, status, 
+									  NT_STATUS_OBJECT_NAME_NOT_FOUND,
+				"Incorrect response to name query");
+	}
+	
+	return true;
+}
+
+
+static char *test_nbt_wins_scope_string(TALLOC_CTX *mem_ctx, uint8_t count)
+{
+	char *res;
+	uint8_t i;
+
+	res = talloc_array(mem_ctx, char, count+1);
+	if (res == NULL) {
+		return NULL;
+	}
+
+	for (i=0; i < count; i++) {
+		switch (i) {
+		case 63:
+		case 63 + 1 + 63:
+		case 63 + 1 + 63 + 1 + 63:
+			res[i] = '.';
+			break;
+		default:
+			res[i] = '0' + (i%10);
+			break;
+		}
+	}
+
+	res[count] = '\0';
+
+	talloc_set_name_const(res, res);
+
+	return res;
+}
+
+/*
+  test operations against a WINS server
+*/
+static bool nbt_test_wins(struct torture_context *tctx)
+{
+	struct nbt_name name;
+	uint32_t r = (uint32_t)(random() % (100000));
+	const char *address;
+	bool ret = true;
+
+	if (!torture_nbt_get_name(tctx, &name, &address))
+		return false;
+
+	name.name = talloc_asprintf(tctx, "_TORTURE-%5u", r);
+
+	name.type = NBT_NAME_CLIENT;
+	name.scope = NULL;
+	ret &= nbt_test_wins_name(tctx, address, &name,
+				  NBT_NODE_H, true, NBT_RCODE_OK);
+
+	name.type = NBT_NAME_MASTER;
+	ret &= nbt_test_wins_name(tctx, address, &name,
+				  NBT_NODE_H, false, NBT_RCODE_OK);
+
+	ret &= nbt_test_wins_name(tctx, address, &name,
+				  NBT_NODE_H | NBT_NM_GROUP, false, NBT_RCODE_OK);
+
+	name.type = NBT_NAME_SERVER;
+	ret &= nbt_test_wins_name(tctx, address, &name,
+				  NBT_NODE_H, true, NBT_RCODE_OK);
+
+	name.type = NBT_NAME_LOGON;
+	ret &= nbt_test_wins_name(tctx, address, &name,
+				  NBT_NODE_H | NBT_NM_GROUP, false, NBT_RCODE_OK);
+
+	name.type = NBT_NAME_BROWSER;
+	ret &= nbt_test_wins_name(tctx, address, &name,
+				  NBT_NODE_H | NBT_NM_GROUP, false, NBT_RCODE_OK);
+
+	name.type = NBT_NAME_PDC;
+	ret &= nbt_test_wins_name(tctx, address, &name,
+				  NBT_NODE_H, true, NBT_RCODE_OK);
+
+	name.type = 0xBF;
+	ret &= nbt_test_wins_name(tctx, address, &name,
+				  NBT_NODE_H, true, NBT_RCODE_OK);
+
+	name.type = 0xBE;
+	ret &= nbt_test_wins_name(tctx, address, &name,
+				  NBT_NODE_H, false, NBT_RCODE_OK);
+
+	name.scope = "example";
+	name.type = 0x72;
+	ret &= nbt_test_wins_name(tctx, address, &name,
+				  NBT_NODE_H, true, NBT_RCODE_OK);
+
+	name.scope = "example";
+	name.type = 0x71;
+	ret &= nbt_test_wins_name(tctx, address, &name,
+				  NBT_NODE_H | NBT_NM_GROUP, false, NBT_RCODE_OK);
+
+	name.scope = "foo.example.com";
+	name.type = 0x72;
+	ret &= nbt_test_wins_name(tctx, address, &name,
+				  NBT_NODE_H, false, NBT_RCODE_OK);
+
+	name.name = talloc_asprintf(tctx, "_T\01-%5u.foo", r);
+	ret &= nbt_test_wins_name(tctx, address, &name,
+				  NBT_NODE_H, false, NBT_RCODE_OK);
+
+	name.name = "";
+	ret &= nbt_test_wins_name(tctx, address, &name,
+				  NBT_NODE_H, false, NBT_RCODE_OK);
+
+	name.name = talloc_asprintf(tctx, ".");
+	ret &= nbt_test_wins_name(tctx, address, &name,
+				  NBT_NODE_H, false, NBT_RCODE_OK);
+
+	name.name = talloc_asprintf(tctx, "%5u-\377\200\300FOO", r);
+	ret &= nbt_test_wins_name(tctx, address, &name,
+				  NBT_NODE_H, false, NBT_RCODE_OK);
+
+	name.scope = test_nbt_wins_scope_string(tctx, 237);
+	ret &= nbt_test_wins_name(tctx, address, &name,
+				  NBT_NODE_H, false, NBT_RCODE_OK);
+
+	name.scope = test_nbt_wins_scope_string(tctx, 238);
+	ret &= nbt_test_wins_name(tctx, address, &name,
+				  NBT_NODE_H, false, NBT_RCODE_SVR);
+
+	return ret;
+}
+
+/*
+  test WINS operations
+*/
+struct torture_suite *torture_nbt_wins(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "wins");
+
+	torture_suite_add_simple_test(suite, "wins", nbt_test_wins);
+
+	return suite;
+}
diff --git a/source4/torture/nbt/winsbench.c b/source4/torture/nbt/winsbench.c
new file mode 100644
index 0000000..3722202
--- /dev/null
+++ b/source4/torture/nbt/winsbench.c
@@ -0,0 +1,300 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   WINS benchmark test
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include "lib/socket/socket.h"
+#include "libcli/resolve/resolve.h"
+#include "system/network.h"
+#include "lib/socket/netif.h"
+#include "torture/torture.h"
+#include "torture/nbt/proto.h"
+#include "param/param.h"
+
+struct wins_state {
+	int num_names;
+	bool *registered;
+	int pass_count;
+	int fail_count;
+	const char *wins_server;
+	uint16_t wins_port;
+	const char *my_ip;
+	uint32_t ttl;
+};
+
+struct idx_state {
+	int idx;
+	struct wins_state *state;
+};
+
+static struct nbt_name generate_name(TALLOC_CTX *tctx, int idx)
+{
+	struct nbt_name name;
+	name.name       = talloc_asprintf(tctx, "WINSBench%6u", idx);
+	name.type       = 0x4;
+	name.scope      = NULL;
+	return name;
+}
+
+static void register_handler(struct nbt_name_request *req)
+{
+	struct idx_state *istate = talloc_get_type(req->async.private_data, struct idx_state);
+	struct wins_state *state = istate->state;
+	struct nbt_name_register io;
+	NTSTATUS status;
+
+	status = nbt_name_register_recv(req, istate, &io);
+	if (!NT_STATUS_IS_OK(status) || io.out.rcode != NBT_RCODE_OK) {
+		state->fail_count++;
+	} else {
+		state->pass_count++;
+		state->registered[istate->idx] = true;
+	}
+	talloc_free(istate);	
+}
+
+/*
+  generate a registration
+*/
+static void generate_register(struct nbt_name_socket *nbtsock, struct wins_state *state, int idx)
+{
+	struct nbt_name_register io;
+	TALLOC_CTX *tmp_ctx = talloc_new(state);
+	struct nbt_name_request *req;
+	struct idx_state *istate;
+
+	istate = talloc(nbtsock, struct idx_state);
+	istate->idx = idx;
+	istate->state = state;
+
+	io.in.name            = generate_name(tmp_ctx, idx);
+	io.in.dest_addr       = state->wins_server;
+	io.in.dest_port       = state->wins_port;
+	io.in.address         = state->my_ip;
+	io.in.nb_flags        = NBT_NODE_H;
+	io.in.register_demand = false;
+	io.in.broadcast       = false;
+	io.in.multi_homed     = false;
+	io.in.ttl             = state->ttl;
+	io.in.timeout         = 2;
+	io.in.retries         = 1;
+
+	req = nbt_name_register_send(nbtsock, &io);
+
+	req->async.fn = register_handler;
+	req->async.private_data = istate;
+
+	talloc_free(tmp_ctx);
+}
+
+
+static void release_handler(struct nbt_name_request *req)
+{
+	struct idx_state *istate = talloc_get_type(req->async.private_data, struct idx_state);
+	struct wins_state *state = istate->state;
+	struct nbt_name_release io;
+	NTSTATUS status;
+
+	status = nbt_name_release_recv(req, istate, &io);
+	if (state->registered[istate->idx] && 
+	    (!NT_STATUS_IS_OK(status) || io.out.rcode != NBT_RCODE_OK)) {
+		state->fail_count++;
+	} else {
+		state->pass_count++;
+		state->registered[istate->idx] = false;
+	}
+	talloc_free(istate);	
+}
+
+/*
+  generate a name release
+*/
+static void generate_release(struct nbt_name_socket *nbtsock, struct wins_state *state, int idx)
+{
+	struct nbt_name_release io;
+	TALLOC_CTX *tmp_ctx = talloc_new(state);
+	struct nbt_name_request *req;
+	struct idx_state *istate;
+
+	istate = talloc(nbtsock, struct idx_state);
+	istate->idx = idx;
+	istate->state = state;
+
+	io.in.name            = generate_name(tmp_ctx, idx);
+	io.in.dest_port       = state->wins_port;
+	io.in.dest_addr       = state->wins_server;
+	io.in.address         = state->my_ip;
+	io.in.nb_flags        = NBT_NODE_H;
+	io.in.broadcast       = false;
+	io.in.timeout         = 2;
+	io.in.retries         = 1;
+
+	req = nbt_name_release_send(nbtsock, &io);
+
+	req->async.fn = release_handler;
+	req->async.private_data = istate;
+
+	talloc_free(tmp_ctx);
+}
+
+
+static void query_handler(struct nbt_name_request *req)
+{
+	struct idx_state *istate = talloc_get_type(req->async.private_data, struct idx_state);
+	struct wins_state *state = istate->state;
+	struct nbt_name_query io;
+	NTSTATUS status;
+
+	status = nbt_name_query_recv(req, istate, &io);
+	if (!NT_STATUS_IS_OK(status) && state->registered[istate->idx]) {
+		state->fail_count++;
+	} else {
+		state->pass_count++;
+	}
+	talloc_free(istate);	
+}
+
+/*
+  generate a name query
+*/
+static void generate_query(struct nbt_name_socket *nbtsock, struct wins_state *state, int idx)
+{
+	struct nbt_name_query io;
+	TALLOC_CTX *tmp_ctx = talloc_new(state);
+	struct nbt_name_request *req;
+	struct idx_state *istate;
+
+	istate = talloc(nbtsock, struct idx_state);
+	istate->idx = idx;
+	istate->state = state;
+
+	io.in.name            = generate_name(tmp_ctx, idx);
+	io.in.dest_addr       = state->wins_server;
+	io.in.dest_port       = state->wins_port;
+	io.in.broadcast       = false;
+	io.in.wins_lookup     = true;
+	io.in.timeout         = 2;
+	io.in.retries         = 1;
+
+	req = nbt_name_query_send(nbtsock, &io);
+
+	req->async.fn = query_handler;
+	req->async.private_data = istate;
+
+	talloc_free(tmp_ctx);
+}
+
+/*
+  generate one WINS request
+*/
+static void generate_request(struct nbt_name_socket *nbtsock, struct wins_state *state, int idx)
+{
+	if (random() % 5 == 0) {
+		generate_register(nbtsock, state, idx);
+		return;
+	}
+
+	if (random() % 20 == 0) {
+		generate_release(nbtsock, state, idx);
+		return;
+	}
+
+	generate_query(nbtsock, state, idx);
+}
+
+/*
+  benchmark simple name queries
+*/
+static bool bench_wins(struct torture_context *tctx)
+{
+	struct nbt_name_socket *nbtsock = nbt_name_socket_init(tctx, tctx->ev);
+	int num_sent=0;
+	struct timeval tv = timeval_current();
+	bool ret = true;
+	int timelimit = torture_setting_int(tctx, "timelimit", 5);
+	struct wins_state *state;
+	extern int torture_entries;
+	struct socket_address *my_ip;
+	struct nbt_name name;
+	const char *address;
+	struct interface *ifaces;
+
+	if (!torture_nbt_get_name(tctx, &name, &address))
+		return false;
+
+	state = talloc_zero(nbtsock, struct wins_state);
+
+	state->num_names = torture_entries;
+	state->registered = talloc_zero_array(state, bool, state->num_names);
+	state->wins_server = address;
+	state->wins_port = lpcfg_nbt_port(tctx->lp_ctx);
+	load_interface_list(tctx, tctx->lp_ctx, &ifaces);
+	state->my_ip = talloc_strdup(tctx, iface_list_best_ip(ifaces, address));
+	state->ttl = timelimit;
+
+	my_ip = socket_address_from_strings(nbtsock, nbtsock->sock->backend_name, 
+					    state->my_ip, 0);
+
+	socket_listen(nbtsock->sock, my_ip, 0, 0);
+
+	torture_comment(tctx, "Running for %d seconds\n", timelimit);
+	while (timeval_elapsed(&tv) < timelimit) {
+		while (num_sent - (state->pass_count+state->fail_count) < 10) {
+			generate_request(nbtsock, state, num_sent % state->num_names);
+			num_sent++;
+			if (num_sent % 50 == 0) {
+				if (torture_setting_bool(tctx, "progress", true)) {
+					torture_comment(tctx, "%.1f queries per second (%d failures)  \r", 
+					       state->pass_count / timeval_elapsed(&tv),
+					       state->fail_count);
+					fflush(stdout);
+				}
+			}
+		}
+
+		tevent_loop_once(nbtsock->event_ctx);
+	}
+
+	while (num_sent != (state->pass_count + state->fail_count)) {
+		tevent_loop_once(nbtsock->event_ctx);
+	}
+
+	torture_comment(tctx, "%.1f queries per second (%d failures)  \n", 
+	       state->pass_count / timeval_elapsed(&tv),
+	       state->fail_count);
+
+	talloc_free(nbtsock);
+	return ret;
+}
+
+
+/*
+  benchmark how fast a WINS server can respond to a mixture of
+  registration/refresh/release and name query requests
+*/
+struct torture_suite *torture_bench_wins(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "bench-wins");
+
+	torture_suite_add_simple_test(suite, "wins", bench_wins);
+
+	return suite;
+}
diff --git a/source4/torture/nbt/winsreplication.c b/source4/torture/nbt/winsreplication.c
new file mode 100644
index 0000000..e1c9a4d
--- /dev/null
+++ b/source4/torture/nbt/winsreplication.c
@@ -0,0 +1,9884 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   WINS replication testing
+
+   Copyright (C) Andrew Tridgell	2005
+   Copyright (C) Stefan Metzmacher	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/wrepl/winsrepl.h"
+#include "lib/events/events.h"
+#include "lib/socket/socket.h"
+#include "system/network.h"
+#include "lib/socket/netif.h"
+#include "librpc/gen_ndr/ndr_nbt.h"
+#include "libcli/nbt/libnbt.h"
+#include "torture/torture.h"
+#include "torture/nbt/proto.h"
+#include "param/param.h"
+
+#define CHECK_STATUS(tctx, status, correct) \
+	torture_assert_ntstatus_equal(tctx, status, correct, \
+								  "Incorrect status")
+
+#define CHECK_VALUE(tctx, v, correct) \
+	torture_assert(tctx, (v) == (correct), \
+				   talloc_asprintf(tctx, "Incorrect value %s=%d - should be %d\n", \
+		       #v, v, correct))
+
+#define CHECK_VALUE_UINT64(tctx, v, correct) \
+	torture_assert(tctx, (v) == (correct), \
+		talloc_asprintf(tctx, "Incorrect value %s=%llu - should be %llu\n", \
+		       #v, (long long)v, (long long)correct))
+
+#define CHECK_VALUE_STRING(tctx, v, correct) \
+	torture_assert_str_equal(tctx, v, correct, "Invalid value")
+
+#define _NBT_NAME(n,t,s) {\
+	.name	= n,\
+	.type	= t,\
+	.scope	= s\
+}
+
+static const char *wrepl_name_type_string(enum wrepl_name_type type)
+{
+	switch (type) {
+	case WREPL_TYPE_UNIQUE: return "UNIQUE";
+	case WREPL_TYPE_GROUP: return "GROUP";
+	case WREPL_TYPE_SGROUP: return "SGROUP";
+	case WREPL_TYPE_MHOMED: return "MHOMED";
+	}
+	return "UNKNOWN_TYPE";
+}
+
+static const char *wrepl_name_state_string(enum wrepl_name_state state)
+{
+	switch (state) {
+	case WREPL_STATE_ACTIVE: return "ACTIVE";
+	case WREPL_STATE_RELEASED: return "RELEASED";
+	case WREPL_STATE_TOMBSTONE: return "TOMBSTONE";
+	case WREPL_STATE_RESERVED: return "RESERVED";
+	}
+	return "UNKNOWN_STATE";
+}
+
+/*
+  test how assoc_ctx's are only usable on the connection
+  they are created on.
+*/
+static bool test_assoc_ctx1(struct torture_context *tctx)
+{
+	bool ret = true;
+	struct tevent_req *subreq;
+	struct wrepl_socket *wrepl_socket1;
+	struct wrepl_associate associate1;
+	struct wrepl_socket *wrepl_socket2;
+	struct wrepl_associate associate2;
+	struct wrepl_packet packet;
+	struct wrepl_send_ctrl ctrl;
+	struct wrepl_packet *rep_packet;
+	struct wrepl_associate_stop assoc_stop;
+	NTSTATUS status;
+	struct nbt_name name;
+	const char *address;
+	bool ok;
+
+	if (!torture_nbt_get_name(tctx, &name, &address))
+		return false;
+
+	torture_comment(tctx, "Test if assoc_ctx is only valid on the connection it was created on\n");
+
+	wrepl_socket1 = wrepl_socket_init(tctx, tctx->ev);
+	wrepl_socket2 = wrepl_socket_init(tctx, tctx->ev);
+
+	torture_comment(tctx, "Setup 2 wrepl connections\n");
+	status = wrepl_connect(wrepl_socket1, wrepl_best_ip(tctx->lp_ctx, address), address);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	status = wrepl_connect(wrepl_socket2, wrepl_best_ip(tctx->lp_ctx, address), address);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	torture_comment(tctx, "Send a start association request (conn1)\n");
+	status = wrepl_associate(wrepl_socket1, &associate1);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	torture_comment(tctx, "association context (conn1): 0x%x\n", associate1.out.assoc_ctx);
+
+	torture_comment(tctx, "Send a start association request (conn2)\n");
+	status = wrepl_associate(wrepl_socket2, &associate2);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	torture_comment(tctx, "association context (conn2): 0x%x\n", associate2.out.assoc_ctx);
+
+	torture_comment(tctx, "Send a replication table query, with assoc 1 (conn2), the answer should be on conn1\n");
+	ZERO_STRUCT(packet);
+	packet.opcode                      = WREPL_OPCODE_BITS;
+	packet.assoc_ctx                   = associate1.out.assoc_ctx;
+	packet.mess_type                   = WREPL_REPLICATION;
+	packet.message.replication.command = WREPL_REPL_TABLE_QUERY;
+	ZERO_STRUCT(ctrl);
+	ctrl.send_only = true;
+	subreq = wrepl_request_send(tctx, tctx->ev, wrepl_socket2, &packet, &ctrl);
+	ok = tevent_req_poll(subreq, tctx->ev);
+	if (!ok) {
+		CHECK_STATUS(tctx, NT_STATUS_INTERNAL_ERROR, NT_STATUS_OK);
+	}
+	status = wrepl_request_recv(subreq, tctx, &rep_packet);
+	TALLOC_FREE(subreq);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	torture_comment(tctx, "Send a association request (conn2), to make sure the last request was ignored\n");
+	status = wrepl_associate(wrepl_socket2, &associate2);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	torture_comment(tctx, "Send a replication table query, with invalid assoc (conn1), receive answer from conn2\n");
+	ZERO_STRUCT(packet);
+	packet.opcode				= WREPL_OPCODE_BITS;
+	packet.assoc_ctx			= 0;
+	packet.mess_type			= WREPL_REPLICATION;
+	packet.message.replication.command	= WREPL_REPL_TABLE_QUERY;
+	status = wrepl_request(wrepl_socket1, tctx, &packet, &rep_packet);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	torture_comment(tctx, "Send a association request (conn1), to make sure the last request was handled correct\n");
+	status = wrepl_associate(wrepl_socket1, &associate2);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	assoc_stop.in.assoc_ctx	= associate1.out.assoc_ctx;
+	assoc_stop.in.reason	= 4;
+	torture_comment(tctx, "Send a association stop request (conn1), reason: %u\n", assoc_stop.in.reason);
+	status = wrepl_associate_stop(wrepl_socket1, &assoc_stop);
+	CHECK_STATUS(tctx, status, NT_STATUS_END_OF_FILE);
+
+	assoc_stop.in.assoc_ctx	= associate2.out.assoc_ctx;
+	assoc_stop.in.reason	= 0;
+	torture_comment(tctx, "Send a association stop request (conn2), reason: %u\n", assoc_stop.in.reason);
+	status = wrepl_associate_stop(wrepl_socket2, &assoc_stop);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	torture_comment(tctx, "Close 2 wrepl connections\n");
+	talloc_free(wrepl_socket1);
+	talloc_free(wrepl_socket2);
+	return ret;
+}
+
+/*
+  test if we always get back the same assoc_ctx
+*/
+static bool test_assoc_ctx2(struct torture_context *tctx)
+{
+	struct wrepl_socket *wrepl_socket;
+	struct wrepl_associate associate;
+	uint32_t assoc_ctx1;
+	struct nbt_name name;
+	NTSTATUS status;
+	const char *address;
+
+	if (!torture_nbt_get_name(tctx, &name, &address))
+		return false;
+
+	torture_comment(tctx, "Test if we always get back the same assoc_ctx\n");
+
+	wrepl_socket = wrepl_socket_init(tctx, tctx->ev);
+	
+	torture_comment(tctx, "Setup wrepl connections\n");
+	status = wrepl_connect(wrepl_socket, wrepl_best_ip(tctx->lp_ctx, address), address);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	torture_comment(tctx, "Send 1st start association request\n");
+	status = wrepl_associate(wrepl_socket, &associate);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	assoc_ctx1 = associate.out.assoc_ctx;
+	torture_comment(tctx, "1st association context: 0x%x\n", associate.out.assoc_ctx);
+
+	torture_comment(tctx, "Send 2nd start association request\n");
+	status = wrepl_associate(wrepl_socket, &associate);
+	torture_assert_ntstatus_ok(tctx, status, "2nd start association failed");
+	torture_assert(tctx, associate.out.assoc_ctx == assoc_ctx1, 
+				   "Different context returned");
+	torture_comment(tctx, "2nd association context: 0x%x\n", associate.out.assoc_ctx);
+
+	torture_comment(tctx, "Send 3rd start association request\n");
+	status = wrepl_associate(wrepl_socket, &associate);
+	torture_assert(tctx, associate.out.assoc_ctx == assoc_ctx1, 
+				   "Different context returned");
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	torture_comment(tctx, "3rd association context: 0x%x\n", associate.out.assoc_ctx);
+
+	torture_comment(tctx, "Close wrepl connections\n");
+	talloc_free(wrepl_socket);
+	return true;
+}
+
+
+/*
+  display a replication entry
+*/
+static void display_entry(struct torture_context *tctx, struct wrepl_name *name)
+{
+	int i;
+
+	torture_comment(tctx, "%s\n", nbt_name_string(tctx, &name->name));
+	torture_comment(tctx, "\tTYPE:%u STATE:%u NODE:%u STATIC:%u VERSION_ID: %llu\n",
+		name->type, name->state, name->node, name->is_static, (long long)name->version_id);
+	torture_comment(tctx, "\tRAW_FLAGS: 0x%08X OWNER: %-15s\n",
+		name->raw_flags, name->owner);
+	for (i=0;i<name->num_addresses;i++) {
+		torture_comment(tctx, "\tADDR: %-15s OWNER: %-15s\n", 
+			name->addresses[i].address, name->addresses[i].owner);
+	}
+}
+
+/*
+  test a full replication dump from a WINS server
+*/
+static bool test_wins_replication(struct torture_context *tctx)
+{
+	struct wrepl_socket *wrepl_socket;
+	NTSTATUS status;
+	int i, j;
+	struct wrepl_associate associate;
+	struct wrepl_pull_table pull_table;
+	struct wrepl_pull_names pull_names;
+	struct nbt_name name;
+	const char *address;
+
+	if (!torture_nbt_get_name(tctx, &name, &address))
+		return false;
+
+	torture_comment(tctx, "Test one pull replication cycle\n");
+
+	wrepl_socket = wrepl_socket_init(tctx, tctx->ev);
+	
+	torture_comment(tctx, "Setup wrepl connections\n");
+	status = wrepl_connect(wrepl_socket, wrepl_best_ip(tctx->lp_ctx, address), address);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	torture_comment(tctx, "Send a start association request\n");
+
+	status = wrepl_associate(wrepl_socket, &associate);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	torture_comment(tctx, "association context: 0x%x\n", associate.out.assoc_ctx);
+
+	torture_comment(tctx, "Send a replication table query\n");
+	pull_table.in.assoc_ctx = associate.out.assoc_ctx;
+
+	status = wrepl_pull_table(wrepl_socket, tctx, &pull_table);
+	if (NT_STATUS_EQUAL(NT_STATUS_NETWORK_ACCESS_DENIED,status)) {
+		struct wrepl_associate_stop assoc_stop;
+
+		assoc_stop.in.assoc_ctx = associate.out.assoc_ctx;
+		assoc_stop.in.reason = 0;
+
+		wrepl_associate_stop(wrepl_socket, &assoc_stop);
+
+		torture_fail(tctx, "We are not a valid pull partner for the server");
+	}
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	torture_comment(tctx, "Found %d replication partners\n", pull_table.out.num_partners);
+
+	for (i=0;i<pull_table.out.num_partners;i++) {
+		struct wrepl_wins_owner *partner = &pull_table.out.partners[i];
+		torture_comment(tctx, "%s   max_version=%6llu   min_version=%6llu type=%d\n",
+		       partner->address, 
+		       (long long)partner->max_version, 
+		       (long long)partner->min_version, 
+		       partner->type);
+
+		pull_names.in.assoc_ctx = associate.out.assoc_ctx;
+		pull_names.in.partner = *partner;
+		
+		status = wrepl_pull_names(wrepl_socket, tctx, &pull_names);
+		CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+		torture_comment(tctx, "Received %d names\n", pull_names.out.num_names);
+
+		for (j=0;j<pull_names.out.num_names;j++) {
+			display_entry(tctx, &pull_names.out.names[j]);
+		}
+	}
+
+	torture_comment(tctx, "Close wrepl connections\n");
+	talloc_free(wrepl_socket);
+	return true;
+}
+
+struct test_wrepl_conflict_conn {
+	const char *address;
+	struct wrepl_socket *pull;
+	uint32_t pull_assoc;
+
+#define TEST_OWNER_A_ADDRESS "127.65.65.1"
+#define TEST_ADDRESS_A_PREFIX "127.0.65"
+#define TEST_OWNER_B_ADDRESS "127.66.66.1"
+#define TEST_ADDRESS_B_PREFIX "127.0.66"
+#define TEST_OWNER_X_ADDRESS "127.88.88.1"
+#define TEST_ADDRESS_X_PREFIX "127.0.88"
+
+	struct wrepl_wins_owner a, b, c, x;
+
+	struct socket_address *myaddr;
+	struct socket_address *myaddr2;
+	struct nbt_name_socket *nbtsock;
+	struct nbt_name_socket *nbtsock2;
+
+	struct nbt_name_socket *nbtsock_srv;
+	struct nbt_name_socket *nbtsock_srv2;
+
+	uint32_t addresses_best_num;
+	struct wrepl_ip *addresses_best;
+
+	uint32_t addresses_best2_num;
+	struct wrepl_ip *addresses_best2;
+
+	uint32_t addresses_all_num;
+	struct wrepl_ip *addresses_all;
+
+	uint32_t addresses_mhomed_num;
+	struct wrepl_ip *addresses_mhomed;
+};
+
+static const struct wrepl_ip addresses_A_1[] = {
+	{
+	.owner	= TEST_OWNER_A_ADDRESS,
+	.ip	= TEST_ADDRESS_A_PREFIX".1"
+	}
+};
+static const struct wrepl_ip addresses_A_2[] = {
+	{
+	.owner	= TEST_OWNER_A_ADDRESS,
+	.ip	= TEST_ADDRESS_A_PREFIX".2"
+	}
+};
+static const struct wrepl_ip addresses_A_3_4[] = {
+	{
+	.owner	= TEST_OWNER_A_ADDRESS,
+	.ip	= TEST_ADDRESS_A_PREFIX".3"
+	},
+	{
+	.owner	= TEST_OWNER_A_ADDRESS,
+	.ip	= TEST_ADDRESS_A_PREFIX".4"
+	}
+};
+static const struct wrepl_ip addresses_A_3_4_X_3_4[] = {
+	{
+	.owner	= TEST_OWNER_A_ADDRESS,
+	.ip	= TEST_ADDRESS_A_PREFIX".3"
+	},
+	{
+	.owner	= TEST_OWNER_A_ADDRESS,
+	.ip	= TEST_ADDRESS_A_PREFIX".4"
+	},
+	{
+	.owner	= TEST_OWNER_X_ADDRESS,
+	.ip	= TEST_ADDRESS_X_PREFIX".3"
+	},
+	{
+	.owner	= TEST_OWNER_X_ADDRESS,
+	.ip	= TEST_ADDRESS_X_PREFIX".4"
+	}
+};
+static const struct wrepl_ip addresses_A_3_4_B_3_4[] = {
+	{
+	.owner	= TEST_OWNER_A_ADDRESS,
+	.ip	= TEST_ADDRESS_A_PREFIX".3"
+	},
+	{
+	.owner	= TEST_OWNER_A_ADDRESS,
+	.ip	= TEST_ADDRESS_A_PREFIX".4"
+	},
+	{
+	.owner	= TEST_OWNER_B_ADDRESS,
+	.ip	= TEST_ADDRESS_B_PREFIX".3"
+	},
+	{
+	.owner	= TEST_OWNER_B_ADDRESS,
+	.ip	= TEST_ADDRESS_B_PREFIX".4"
+	}
+};
+static const struct wrepl_ip addresses_A_3_4_OWNER_B[] = {
+	{
+	.owner	= TEST_OWNER_B_ADDRESS,
+	.ip	= TEST_ADDRESS_A_PREFIX".3"
+	},
+	{
+	.owner	= TEST_OWNER_B_ADDRESS,
+	.ip	= TEST_ADDRESS_A_PREFIX".4"
+	}
+};
+static const struct wrepl_ip addresses_A_3_4_X_3_4_OWNER_B[] = {
+	{
+	.owner	= TEST_OWNER_B_ADDRESS,
+	.ip	= TEST_ADDRESS_A_PREFIX".3"
+	},
+	{
+	.owner	= TEST_OWNER_B_ADDRESS,
+	.ip	= TEST_ADDRESS_A_PREFIX".4"
+	},
+	{
+	.owner	= TEST_OWNER_B_ADDRESS,
+	.ip	= TEST_ADDRESS_X_PREFIX".3"
+	},
+	{
+	.owner	= TEST_OWNER_B_ADDRESS,
+	.ip	= TEST_ADDRESS_X_PREFIX".4"
+	}
+};
+/*
+static const struct wrepl_ip addresses_A_3_4_X_1_2[] = {
+	{
+	.owner	= TEST_OWNER_A_ADDRESS,
+	.ip	= TEST_ADDRESS_A_PREFIX".3"
+	},
+	{
+	.owner	= TEST_OWNER_A_ADDRESS,
+	.ip	= TEST_ADDRESS_A_PREFIX".4"
+	},
+	{
+	.owner	= TEST_OWNER_X_ADDRESS,
+	.ip	= TEST_ADDRESS_X_PREFIX".1"
+	},
+	{
+	.owner	= TEST_OWNER_X_ADDRESS,
+	.ip	= TEST_ADDRESS_X_PREFIX".2"
+	}
+};
+*/
+static const struct wrepl_ip addresses_B_1[] = {
+	{
+	.owner	= TEST_OWNER_B_ADDRESS,
+	.ip	= TEST_ADDRESS_B_PREFIX".1"
+	}
+};
+/*
+static const struct wrepl_ip addresses_B_2[] = {
+	{
+	.owner	= TEST_OWNER_B_ADDRESS,
+	.ip	= TEST_ADDRESS_B_PREFIX".2"
+	}
+};
+*/
+static const struct wrepl_ip addresses_B_3_4[] = {
+	{
+	.owner	= TEST_OWNER_B_ADDRESS,
+	.ip	= TEST_ADDRESS_B_PREFIX".3"
+	},
+	{
+	.owner	= TEST_OWNER_B_ADDRESS,
+	.ip	= TEST_ADDRESS_B_PREFIX".4"
+	}
+};
+static const struct wrepl_ip addresses_B_3_4_X_3_4[] = {
+	{
+	.owner	= TEST_OWNER_B_ADDRESS,
+	.ip	= TEST_ADDRESS_B_PREFIX".3"
+	},
+	{
+	.owner	= TEST_OWNER_B_ADDRESS,
+	.ip	= TEST_ADDRESS_B_PREFIX".4"
+	},
+	{
+	.owner	= TEST_OWNER_X_ADDRESS,
+	.ip	= TEST_ADDRESS_X_PREFIX".3"
+	},
+	{
+	.owner	= TEST_OWNER_X_ADDRESS,
+	.ip	= TEST_ADDRESS_X_PREFIX".4"
+	}
+};
+static const struct wrepl_ip addresses_B_3_4_X_1_2[] = {
+	{
+	.owner	= TEST_OWNER_B_ADDRESS,
+	.ip	= TEST_ADDRESS_B_PREFIX".3"
+	},
+	{
+	.owner	= TEST_OWNER_B_ADDRESS,
+	.ip	= TEST_ADDRESS_B_PREFIX".4"
+	},
+	{
+	.owner	= TEST_OWNER_X_ADDRESS,
+	.ip	= TEST_ADDRESS_X_PREFIX".1"
+	},
+	{
+	.owner	= TEST_OWNER_X_ADDRESS,
+	.ip	= TEST_ADDRESS_X_PREFIX".2"
+	}
+};
+
+/*
+static const struct wrepl_ip addresses_X_1_2[] = {
+	{
+	.owner	= TEST_OWNER_X_ADDRESS,
+	.ip	= TEST_ADDRESS_X_PREFIX".1"
+	},
+	{
+	.owner	= TEST_OWNER_X_ADDRESS,
+	.ip	= TEST_ADDRESS_X_PREFIX".2"
+	}
+};
+*/
+
+static const struct wrepl_ip addresses_X_3_4[] = {
+	{
+	.owner	= TEST_OWNER_X_ADDRESS,
+	.ip	= TEST_ADDRESS_X_PREFIX".3"
+	},
+	{
+	.owner	= TEST_OWNER_X_ADDRESS,
+	.ip	= TEST_ADDRESS_X_PREFIX".4"
+	}
+};
+
+static struct test_wrepl_conflict_conn *test_create_conflict_ctx(
+		struct torture_context *tctx, const char *address)
+{
+	struct test_wrepl_conflict_conn *ctx;
+	struct wrepl_associate associate;
+	struct wrepl_pull_table pull_table;
+	struct socket_address *nbt_srv_addr;
+	NTSTATUS status;
+	uint32_t i;
+	uint32_t num_ifaces;
+	struct interface *ifaces;
+
+	ctx = talloc_zero(tctx, struct test_wrepl_conflict_conn);
+	if (!ctx) return NULL;
+
+	ctx->address	= address;
+	ctx->pull	= wrepl_socket_init(ctx, tctx->ev);
+	if (!ctx->pull) return NULL;
+
+	torture_comment(tctx, "Setup wrepl conflict pull connection\n");
+	status = wrepl_connect(ctx->pull, wrepl_best_ip(tctx->lp_ctx, ctx->address), ctx->address);
+	if (!NT_STATUS_IS_OK(status)) return NULL;
+
+	status = wrepl_associate(ctx->pull, &associate);
+	if (!NT_STATUS_IS_OK(status)) return NULL;
+
+	ctx->pull_assoc = associate.out.assoc_ctx;
+
+	ctx->a.address		= TEST_OWNER_A_ADDRESS;
+	ctx->a.max_version	= 0;
+	ctx->a.min_version	= 0;
+	ctx->a.type		= 1;
+
+	ctx->b.address		= TEST_OWNER_B_ADDRESS;
+	ctx->b.max_version	= 0;
+	ctx->b.min_version	= 0;
+	ctx->b.type		= 1;
+
+	ctx->x.address		= TEST_OWNER_X_ADDRESS;
+	ctx->x.max_version	= 0;
+	ctx->x.min_version	= 0;
+	ctx->x.type		= 1;
+
+	ctx->c.address		= address;
+	ctx->c.max_version	= 0;
+	ctx->c.min_version	= 0;
+	ctx->c.type		= 1;
+
+	pull_table.in.assoc_ctx	= ctx->pull_assoc;
+	status = wrepl_pull_table(ctx->pull, ctx->pull, &pull_table);
+	if (!NT_STATUS_IS_OK(status)) return NULL;
+
+	for (i=0; i < pull_table.out.num_partners; i++) {
+		if (strcmp(TEST_OWNER_A_ADDRESS,pull_table.out.partners[i].address)==0) {
+			ctx->a.max_version	= pull_table.out.partners[i].max_version;
+			ctx->a.min_version	= pull_table.out.partners[i].min_version;
+		}
+		if (strcmp(TEST_OWNER_B_ADDRESS,pull_table.out.partners[i].address)==0) {
+			ctx->b.max_version	= pull_table.out.partners[i].max_version;
+			ctx->b.min_version	= pull_table.out.partners[i].min_version;
+		}
+		if (strcmp(TEST_OWNER_X_ADDRESS,pull_table.out.partners[i].address)==0) {
+			ctx->x.max_version	= pull_table.out.partners[i].max_version;
+			ctx->x.min_version	= pull_table.out.partners[i].min_version;
+		}
+		if (strcmp(address,pull_table.out.partners[i].address)==0) {
+			ctx->c.max_version	= pull_table.out.partners[i].max_version;
+			ctx->c.min_version	= pull_table.out.partners[i].min_version;
+		}
+	}
+
+	talloc_free(pull_table.out.partners);
+
+	ctx->nbtsock = nbt_name_socket_init(ctx, tctx->ev);
+	if (!ctx->nbtsock) return NULL;
+
+	load_interface_list(tctx, tctx->lp_ctx, &ifaces);
+
+	ctx->myaddr = socket_address_from_strings(tctx, ctx->nbtsock->sock->backend_name, iface_list_best_ip(ifaces, address), 0);
+	if (!ctx->myaddr) return NULL;
+
+	for (i = 0; i < iface_list_count(ifaces); i++) {
+		if (!iface_list_n_is_v4(ifaces, i)) continue;
+		if (strcmp(ctx->myaddr->addr, iface_list_n_ip(ifaces, i)) == 0) continue;
+		ctx->myaddr2 = socket_address_from_strings(tctx, ctx->nbtsock->sock->backend_name, iface_list_n_ip(ifaces, i), 0);
+		if (!ctx->myaddr2) return NULL;
+		break;
+	}
+
+	status = socket_listen(ctx->nbtsock->sock, ctx->myaddr, 0, 0);
+	if (!NT_STATUS_IS_OK(status)) return NULL;
+
+	ctx->nbtsock_srv = nbt_name_socket_init(ctx, tctx->ev);
+	if (!ctx->nbtsock_srv) return NULL;
+
+	/* Make a port 137 version of ctx->myaddr */
+	nbt_srv_addr = socket_address_from_strings(tctx, ctx->nbtsock_srv->sock->backend_name, ctx->myaddr->addr, lpcfg_nbt_port(tctx->lp_ctx));
+	if (!nbt_srv_addr) return NULL;
+
+	/* And if possible, bind to it.  This won't work unless we are root or in socketwrapper */
+	status = socket_listen(ctx->nbtsock_srv->sock, nbt_srv_addr, 0, 0);
+	talloc_free(nbt_srv_addr);
+	if (!NT_STATUS_IS_OK(status)) {
+		/* this isn't fatal */
+		talloc_free(ctx->nbtsock_srv);
+		ctx->nbtsock_srv = NULL;
+	}
+
+	if (ctx->myaddr2 && ctx->nbtsock_srv) {
+		ctx->nbtsock2 = nbt_name_socket_init(ctx, tctx->ev);
+		if (!ctx->nbtsock2) return NULL;
+
+		status = socket_listen(ctx->nbtsock2->sock, ctx->myaddr2, 0, 0);
+		if (!NT_STATUS_IS_OK(status)) return NULL;
+
+		ctx->nbtsock_srv2 = nbt_name_socket_init(ctx, ctx->nbtsock_srv->event_ctx);
+		if (!ctx->nbtsock_srv2) return NULL;
+
+		/* Make a port 137 version of ctx->myaddr2 */
+		nbt_srv_addr = socket_address_from_strings(tctx, 
+							   ctx->nbtsock_srv->sock->backend_name, 
+							   ctx->myaddr2->addr, 
+							   lpcfg_nbt_port(tctx->lp_ctx));
+		if (!nbt_srv_addr) return NULL;
+
+		/* And if possible, bind to it.  This won't work unless we are root or in socketwrapper */
+		status = socket_listen(ctx->nbtsock_srv2->sock, ctx->myaddr2, 0, 0);
+		talloc_free(nbt_srv_addr);
+		if (!NT_STATUS_IS_OK(status)) {
+			/* this isn't fatal */
+			talloc_free(ctx->nbtsock_srv2);
+			ctx->nbtsock_srv2 = NULL;
+		}
+	}
+
+	ctx->addresses_best_num = 1;
+	ctx->addresses_best = talloc_array(ctx, struct wrepl_ip, ctx->addresses_best_num);
+	if (!ctx->addresses_best) return NULL;
+	ctx->addresses_best[0].owner	= ctx->b.address;
+	ctx->addresses_best[0].ip	= ctx->myaddr->addr;
+
+
+	num_ifaces = iface_list_count(ifaces);
+	ctx->addresses_all = talloc_array(ctx, struct wrepl_ip, num_ifaces);
+	ctx->addresses_all_num = 0;
+	if (!ctx->addresses_all) return NULL;
+	for (i=0; i < num_ifaces; i++) {
+		if (!iface_list_n_is_v4(ifaces, i)) continue;
+		ctx->addresses_all[i].owner	= ctx->b.address;
+		ctx->addresses_all[i].ip	= talloc_strdup(ctx->addresses_all, iface_list_n_ip(ifaces, i));
+		ctx->addresses_all_num++;
+		if (!ctx->addresses_all[i].ip) return NULL;
+	}
+
+	if (ctx->nbtsock_srv2) {
+		ctx->addresses_best2_num = 1;
+		ctx->addresses_best2 = talloc_array(ctx, struct wrepl_ip, ctx->addresses_best2_num);
+		if (!ctx->addresses_best2) return NULL;
+		ctx->addresses_best2[0].owner	= ctx->b.address;
+		ctx->addresses_best2[0].ip	= ctx->myaddr2->addr;
+
+		ctx->addresses_mhomed_num = 2;
+		ctx->addresses_mhomed = talloc_array(ctx, struct wrepl_ip, ctx->addresses_mhomed_num);
+		if (!ctx->addresses_mhomed) return NULL;
+		ctx->addresses_mhomed[0].owner	= ctx->b.address;
+		ctx->addresses_mhomed[0].ip	= ctx->myaddr->addr;
+		ctx->addresses_mhomed[1].owner	= ctx->b.address;
+		ctx->addresses_mhomed[1].ip	= ctx->myaddr2->addr;
+	}
+
+	return ctx;
+}
+
+static bool test_wrepl_update_one(struct torture_context *tctx, 
+								  struct test_wrepl_conflict_conn *ctx,
+				  const struct wrepl_wins_owner *owner,
+				  const struct wrepl_wins_name *name)
+{
+	struct wrepl_socket *wrepl_socket;
+	struct wrepl_associate associate;
+	struct wrepl_packet update_packet, repl_send;
+	struct wrepl_table *update;
+	struct wrepl_wins_owner wrepl_wins_owners[1];
+	struct wrepl_packet *repl_recv;
+	struct wrepl_send_reply *send_reply;
+	struct wrepl_wins_name wrepl_wins_names[1];
+	uint32_t assoc_ctx;
+	NTSTATUS status;
+
+	wrepl_socket = wrepl_socket_init(ctx, tctx->ev);
+
+	status = wrepl_connect(wrepl_socket, wrepl_best_ip(tctx->lp_ctx, ctx->address), ctx->address);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	status = wrepl_associate(wrepl_socket, &associate);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	assoc_ctx = associate.out.assoc_ctx;
+
+	/* now send a WREPL_REPL_UPDATE message */
+	ZERO_STRUCT(update_packet);
+	update_packet.opcode			= WREPL_OPCODE_BITS;
+	update_packet.assoc_ctx			= assoc_ctx;
+	update_packet.mess_type			= WREPL_REPLICATION;
+	update_packet.message.replication.command	= WREPL_REPL_UPDATE;
+	update	= &update_packet.message.replication.info.table;
+
+	update->partner_count	= ARRAY_SIZE(wrepl_wins_owners);
+	update->partners	= wrepl_wins_owners;
+	update->initiator	= "0.0.0.0";
+
+	wrepl_wins_owners[0]	= *owner;
+
+	status = wrepl_request(wrepl_socket, wrepl_socket,
+			       &update_packet, &repl_recv);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	CHECK_VALUE(tctx, repl_recv->mess_type, WREPL_REPLICATION);
+	CHECK_VALUE(tctx, repl_recv->message.replication.command, WREPL_REPL_SEND_REQUEST);
+
+	ZERO_STRUCT(repl_send);
+	repl_send.opcode			= WREPL_OPCODE_BITS;
+	repl_send.assoc_ctx			= assoc_ctx;
+	repl_send.mess_type			= WREPL_REPLICATION;
+	repl_send.message.replication.command	= WREPL_REPL_SEND_REPLY;
+	send_reply = &repl_send.message.replication.info.reply;
+
+	send_reply->num_names	= ARRAY_SIZE(wrepl_wins_names);
+	send_reply->names	= wrepl_wins_names;
+
+	wrepl_wins_names[0]	= *name;
+
+	status = wrepl_request(wrepl_socket, wrepl_socket,
+			       &repl_send, &repl_recv);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	CHECK_VALUE(tctx, repl_recv->mess_type, WREPL_STOP_ASSOCIATION);
+	CHECK_VALUE(tctx, repl_recv->message.stop.reason, 0);
+
+	talloc_free(wrepl_socket);
+	return true;
+}
+
+static bool test_wrepl_is_applied(struct torture_context *tctx, 
+								  struct test_wrepl_conflict_conn *ctx,
+				  const struct wrepl_wins_owner *owner,
+				  const struct wrepl_wins_name *name,
+				  bool expected)
+{
+	NTSTATUS status;
+	struct wrepl_pull_names pull_names;
+	struct wrepl_name *names;
+
+	pull_names.in.assoc_ctx	= ctx->pull_assoc;
+	pull_names.in.partner	= *owner;
+	pull_names.in.partner.min_version = pull_names.in.partner.max_version;
+		
+	status = wrepl_pull_names(ctx->pull, ctx->pull, &pull_names);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	torture_assert(tctx, pull_names.out.num_names == (expected?1:0), 
+		       talloc_asprintf(tctx, "Invalid number of records returned - expected %d got %d", expected, pull_names.out.num_names));
+
+	names = pull_names.out.names;
+
+	if (expected) {
+		uint32_t flags = WREPL_NAME_FLAGS(names[0].type,
+						  names[0].state,
+						  names[0].node,
+						  names[0].is_static);
+		char *expected_scope = NULL;
+		CHECK_VALUE(tctx, names[0].name.type, name->name->type);
+		CHECK_VALUE_STRING(tctx, names[0].name.name, name->name->name);
+
+		if (names[0].name.scope) {
+			expected_scope = talloc_strndup(tctx,
+							name->name->scope,
+							237);
+		}
+		CHECK_VALUE_STRING(tctx, names[0].name.scope, expected_scope);
+		CHECK_VALUE(tctx, flags, name->flags);
+		CHECK_VALUE_UINT64(tctx, names[0].version_id, name->id);
+
+		if (flags & 2) {
+			CHECK_VALUE(tctx, names[0].num_addresses,
+				    name->addresses.addresses.num_ips);
+		} else {
+			CHECK_VALUE(tctx, names[0].num_addresses, 1);
+			CHECK_VALUE_STRING(tctx, names[0].addresses[0].address,
+					   name->addresses.ip);
+		}
+	}
+	talloc_free(pull_names.out.names);
+	return true;
+}
+
+static bool test_wrepl_mhomed_merged(struct torture_context *tctx, 
+									 struct test_wrepl_conflict_conn *ctx,
+				     const struct wrepl_wins_owner *owner1,
+				     uint32_t num_ips1, const struct wrepl_ip *ips1,
+				     const struct wrepl_wins_owner *owner2,
+				     uint32_t num_ips2, const struct wrepl_ip *ips2,
+				     const struct wrepl_wins_name *name2)
+{
+	NTSTATUS status;
+	struct wrepl_pull_names pull_names;
+	struct wrepl_name *names;
+	uint32_t flags;
+	uint32_t i, j;
+	uint32_t num_ips = num_ips1 + num_ips2;
+
+	for (i = 0; i < num_ips2; i++) {
+		for (j = 0; j < num_ips1; j++) {
+			if (strcmp(ips2[i].ip,ips1[j].ip) == 0) {
+				num_ips--;
+				break;
+			}
+		} 
+	}
+
+	pull_names.in.assoc_ctx	= ctx->pull_assoc;
+	pull_names.in.partner	= *owner2;
+	pull_names.in.partner.min_version = pull_names.in.partner.max_version;
+
+	status = wrepl_pull_names(ctx->pull, ctx->pull, &pull_names);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	CHECK_VALUE(tctx, pull_names.out.num_names, 1);
+
+	names = pull_names.out.names;
+
+	flags = WREPL_NAME_FLAGS(names[0].type,
+				 names[0].state,
+				 names[0].node,
+				 names[0].is_static);
+	CHECK_VALUE(tctx, names[0].name.type, name2->name->type);
+	CHECK_VALUE_STRING(tctx, names[0].name.name, name2->name->name);
+	CHECK_VALUE_STRING(tctx, names[0].name.scope, name2->name->scope);
+	CHECK_VALUE(tctx, flags, name2->flags | WREPL_TYPE_MHOMED);
+	CHECK_VALUE_UINT64(tctx, names[0].version_id, name2->id);
+
+	CHECK_VALUE(tctx, names[0].num_addresses, num_ips);
+
+	for (i = 0; i < names[0].num_addresses; i++) {
+		const char *addr = names[0].addresses[i].address; 
+		const char *owner = names[0].addresses[i].owner;
+		bool found = false;
+
+		for (j = 0; j < num_ips2; j++) {
+			if (strcmp(addr, ips2[j].ip) == 0) {
+				found = true;
+				CHECK_VALUE_STRING(tctx, owner, owner2->address);
+				break;
+			}
+		}
+
+		if (found) continue;
+
+		for (j = 0; j < num_ips1; j++) {
+			if (strcmp(addr, ips1[j].ip) == 0) {
+				found = true;
+				CHECK_VALUE_STRING(tctx, owner, owner1->address);
+				break;
+			}
+		}
+
+		if (found) continue;
+
+		CHECK_VALUE_STRING(tctx, addr, "not found in address list");
+	}
+	talloc_free(pull_names.out.names);
+	return true;
+}
+
+static bool test_wrepl_sgroup_merged(struct torture_context *tctx, 
+									 struct test_wrepl_conflict_conn *ctx,
+				     struct wrepl_wins_owner *merge_owner,
+				     struct wrepl_wins_owner *owner1,
+				     uint32_t num_ips1, const struct wrepl_ip *ips1,
+				     struct wrepl_wins_owner *owner2,
+				     uint32_t num_ips2, const struct wrepl_ip *ips2,
+				     const struct wrepl_wins_name *name2)
+{
+	NTSTATUS status;
+	struct wrepl_pull_names pull_names;
+	struct wrepl_name *names;
+	struct wrepl_name *name = NULL;
+	uint32_t flags;
+	uint32_t i, j;
+	uint32_t num_ips = num_ips1 + num_ips2;
+
+	if (!merge_owner) {
+		merge_owner = &ctx->c;
+	}
+
+	for (i = 0; i < num_ips1; i++) {
+		if (owner1 != &ctx->c && strcmp(ips1[i].owner,owner2->address) == 0) {
+			num_ips--;
+			continue;
+		}
+		for (j = 0; j < num_ips2; j++) {
+			if (strcmp(ips1[i].ip,ips2[j].ip) == 0) {
+				num_ips--;
+				break;
+			}
+		}
+	}
+
+
+	pull_names.in.assoc_ctx	= ctx->pull_assoc;
+	pull_names.in.partner	= *merge_owner;
+	pull_names.in.partner.min_version = pull_names.in.partner.max_version;
+	pull_names.in.partner.max_version = 0;
+
+	status = wrepl_pull_names(ctx->pull, ctx->pull, &pull_names);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	names = pull_names.out.names;
+	
+	for (i = 0; i < pull_names.out.num_names; i++) {
+		if (names[i].name.type != name2->name->type)	continue;
+		if (!names[i].name.name) continue;
+		if (strcmp(names[i].name.name, name2->name->name) != 0) continue;
+		if (names[i].name.scope) continue;
+
+		name = &names[i];
+	}
+
+	if (pull_names.out.num_names > 0) {
+		merge_owner->max_version	= names[pull_names.out.num_names-1].version_id;
+	}
+
+	if (!name) {
+		torture_comment(tctx, "%s: Name '%s' not found\n", __location__, nbt_name_string(ctx, name2->name));
+		return false;
+	}
+
+	flags = WREPL_NAME_FLAGS(name->type,
+				 name->state,
+				 name->node,
+				 name->is_static);
+	CHECK_VALUE(tctx, name->name.type, name2->name->type);
+	CHECK_VALUE_STRING(tctx, name->name.name, name2->name->name);
+	CHECK_VALUE_STRING(tctx, name->name.scope, name2->name->scope);
+	CHECK_VALUE(tctx, flags, name2->flags);
+
+	CHECK_VALUE(tctx, name->num_addresses, num_ips);
+
+	for (i = 0; i < name->num_addresses; i++) {
+		const char *addr = name->addresses[i].address; 
+		const char *owner = name->addresses[i].owner;
+		bool found = false;
+
+		for (j = 0; j < num_ips2; j++) {
+			if (strcmp(addr, ips2[j].ip) == 0) {
+				found = true;
+				CHECK_VALUE_STRING(tctx, owner, ips2[j].owner);
+				break;
+			}
+		}
+
+		if (found) continue;
+
+		for (j = 0; j < num_ips1; j++) {
+			if (strcmp(addr, ips1[j].ip) == 0) {
+				found = true;
+				if (owner1 == &ctx->c) {
+					CHECK_VALUE_STRING(tctx, owner, owner1->address);
+				} else {
+					CHECK_VALUE_STRING(tctx, owner, ips1[j].owner);
+				}
+				break;
+			}
+		}
+
+		if (found) continue;
+
+		CHECK_VALUE_STRING(tctx, addr, "not found in address list");
+	}
+	talloc_free(pull_names.out.names);
+	return true;
+}
+
+static char *test_nbt_winsrepl_scope_string(TALLOC_CTX *mem_ctx, uint8_t count)
+{
+	char *res;
+	uint8_t i;
+
+	res = talloc_array(mem_ctx, char, count+1);
+	if (res == NULL) {
+		return NULL;
+	}
+
+	for (i=0; i < count; i++) {
+		res[i] = '0' + (i%10);
+	}
+
+	res[count] = '\0';
+
+	talloc_set_name_const(res, res);
+
+	return res;
+}
+
+static bool test_conflict_same_owner(struct torture_context *tctx, 
+									 struct test_wrepl_conflict_conn *ctx)
+{
+	bool ret = true;
+	struct wrepl_wins_name wins_name1;
+	struct wrepl_wins_name wins_name2;
+	struct wrepl_wins_name *wins_name_tmp;
+	struct wrepl_wins_name *wins_name_last;
+	struct wrepl_wins_name *wins_name_cur;
+	uint32_t i,j;
+	struct nbt_name names[] = {
+		_NBT_NAME("_SAME_OWNER_A", 0x00, NULL),
+		_NBT_NAME("_SAME_OWNER_A", 0x00,
+			  test_nbt_winsrepl_scope_string(tctx, 1)),
+		_NBT_NAME("_SAME_OWNER_A", 0x00,
+			  test_nbt_winsrepl_scope_string(tctx, 2)),
+		_NBT_NAME("_SAME_OWNER_A", 0x00,
+			  test_nbt_winsrepl_scope_string(tctx, 3)),
+		_NBT_NAME("_SAME_OWNER_A", 0x00,
+			  test_nbt_winsrepl_scope_string(tctx, 4)),
+		_NBT_NAME("_SAME_OWNER_A", 0x00,
+			  test_nbt_winsrepl_scope_string(tctx, 5)),
+		_NBT_NAME("_SAME_OWNER_A", 0x00,
+			  test_nbt_winsrepl_scope_string(tctx, 6)),
+		_NBT_NAME("_SAME_OWNER_A", 0x00,
+			  test_nbt_winsrepl_scope_string(tctx, 7)),
+		_NBT_NAME("_SAME_OWNER_A", 0x00,
+			  test_nbt_winsrepl_scope_string(tctx, 8)),
+		_NBT_NAME("_SAME_OWNER_A", 0x00,
+			  test_nbt_winsrepl_scope_string(tctx, 9)),
+		_NBT_NAME("_SAME_OWNER_A", 0x00,
+			  test_nbt_winsrepl_scope_string(tctx, 237)),
+		_NBT_NAME("_SAME_OWNER_A", 0x00,
+			  test_nbt_winsrepl_scope_string(tctx, 238)),
+		_NBT_NAME("_SAME_OWNER_A", 0x1C, NULL),
+	};
+	struct {
+		enum wrepl_name_type type;
+		enum wrepl_name_state state;
+		enum wrepl_name_node node;
+		bool is_static;
+		uint32_t num_ips;
+		const struct wrepl_ip *ips;
+	} records[] = {
+		{
+		.type		= WREPL_TYPE_GROUP,
+		.state		= WREPL_STATE_ACTIVE,
+		.node		= WREPL_NODE_B,
+		.is_static	= false,
+		.num_ips	= ARRAY_SIZE(addresses_A_1),
+		.ips		= addresses_A_1,
+		},{
+		.type		= WREPL_TYPE_UNIQUE,
+		.state		= WREPL_STATE_ACTIVE,
+		.node		= WREPL_NODE_B,
+		.is_static	= false,
+		.num_ips	= ARRAY_SIZE(addresses_A_1),
+		.ips		= addresses_A_1,
+		},{
+		.type		= WREPL_TYPE_UNIQUE,
+		.state		= WREPL_STATE_ACTIVE,
+		.node		= WREPL_NODE_B,
+		.is_static	= false,
+		.num_ips	= ARRAY_SIZE(addresses_A_2),
+		.ips		= addresses_A_2,
+		},{
+		.type		= WREPL_TYPE_UNIQUE,
+		.state		= WREPL_STATE_ACTIVE,
+		.node		= WREPL_NODE_B,
+		.is_static	= true,
+		.num_ips	= ARRAY_SIZE(addresses_A_1),
+		.ips		= addresses_A_1,
+		},{
+		.type		= WREPL_TYPE_UNIQUE,
+		.state		= WREPL_STATE_ACTIVE,
+		.node		= WREPL_NODE_B,
+		.is_static	= false,
+		.num_ips	= ARRAY_SIZE(addresses_A_2),
+		.ips		= addresses_A_2,
+		},{
+		.type		= WREPL_TYPE_SGROUP,
+		.state		= WREPL_STATE_TOMBSTONE,
+		.node		= WREPL_NODE_B,
+		.is_static	= false,
+		.num_ips	= ARRAY_SIZE(addresses_A_2),
+		.ips		= addresses_A_2,
+		},{
+		.type		= WREPL_TYPE_MHOMED,
+		.state		= WREPL_STATE_TOMBSTONE,
+		.node		= WREPL_NODE_B,
+		.is_static	= false,
+		.num_ips	= ARRAY_SIZE(addresses_A_1),
+		.ips		= addresses_A_1,
+		},{
+		.type		= WREPL_TYPE_MHOMED,
+		.state		= WREPL_STATE_RELEASED,
+		.node		= WREPL_NODE_B,
+		.is_static	= false,
+		.num_ips	= ARRAY_SIZE(addresses_A_2),
+		.ips		= addresses_A_2,
+		},{
+		.type		= WREPL_TYPE_SGROUP,
+		.state		= WREPL_STATE_ACTIVE,
+		.node		= WREPL_NODE_B,
+		.is_static	= false,
+		.num_ips	= ARRAY_SIZE(addresses_A_1),
+		.ips		= addresses_A_1,
+		},{
+		.type		= WREPL_TYPE_SGROUP,
+		.state		= WREPL_STATE_ACTIVE,
+		.node		= WREPL_NODE_B,
+		.is_static	= false,
+		.num_ips	= ARRAY_SIZE(addresses_A_3_4),
+		.ips		= addresses_A_3_4,
+		},{
+		.type		= WREPL_TYPE_SGROUP,
+		.state		= WREPL_STATE_TOMBSTONE,
+		.node		= WREPL_NODE_B,
+		.is_static	= false,
+		.num_ips	= ARRAY_SIZE(addresses_B_3_4),
+		.ips		= addresses_B_3_4,
+		},{
+		/* the last one should always be a unique,tombstone record! */
+		.type		= WREPL_TYPE_UNIQUE,
+		.state		= WREPL_STATE_TOMBSTONE,
+		.node		= WREPL_NODE_B,
+		.is_static	= false,
+		.num_ips	= ARRAY_SIZE(addresses_A_1),
+		.ips		= addresses_A_1,
+		}
+	};
+
+	wins_name_tmp	= NULL;
+	wins_name_last	= &wins_name2;
+	wins_name_cur	= &wins_name1;
+
+	for (j=0; ret && j < ARRAY_SIZE(names); j++) {
+		torture_comment(tctx, "Test Replica Conflicts with same owner[%s] for %s\n",
+			nbt_name_string(ctx, &names[j]), ctx->a.address);
+
+		for(i=0; ret && i < ARRAY_SIZE(records); i++) {
+			wins_name_tmp	= wins_name_last;
+			wins_name_last	= wins_name_cur;
+			wins_name_cur	= wins_name_tmp;
+
+			if (i > 0) {
+				torture_comment(tctx, "%s,%s%s vs. %s,%s%s with %s ip(s) => %s\n",
+					wrepl_name_type_string(records[i-1].type),
+					wrepl_name_state_string(records[i-1].state),
+					(records[i-1].is_static?",static":""),
+					wrepl_name_type_string(records[i].type),
+					wrepl_name_state_string(records[i].state),
+					(records[i].is_static?",static":""),
+					(records[i-1].ips==records[i].ips?"same":"different"),
+					"REPLACE");
+			}
+
+			wins_name_cur->name	= &names[j];
+			wins_name_cur->flags	= WREPL_NAME_FLAGS(records[i].type,
+								   records[i].state,
+								   records[i].node,
+								   records[i].is_static);
+			wins_name_cur->id	= ++ctx->a.max_version;
+			if (wins_name_cur->flags & 2) {
+				wins_name_cur->addresses.addresses.num_ips = records[i].num_ips;
+				wins_name_cur->addresses.addresses.ips     = discard_const_p(struct wrepl_ip,
+									     records[i].ips);
+			} else {
+				wins_name_cur->addresses.ip = records[i].ips[0].ip;
+			}
+			wins_name_cur->unknown	= "255.255.255.255";
+
+			ret &= test_wrepl_update_one(tctx, ctx, &ctx->a,wins_name_cur);
+			if (records[i].state == WREPL_STATE_RELEASED) {
+				ret &= test_wrepl_is_applied(tctx, ctx, &ctx->a, wins_name_last, false);
+				ret &= test_wrepl_is_applied(tctx, ctx, &ctx->a, wins_name_cur, false);
+			} else {
+				ret &= test_wrepl_is_applied(tctx, ctx, &ctx->a, wins_name_cur, true);
+			}
+
+			/* the first one is a cleanup run */
+			if (!ret && i == 0) ret = true;
+
+			if (!ret) {
+				torture_comment(tctx, "conflict handled wrong or record[%u]: %s\n", i, __location__);
+				return ret;
+			}
+		}
+	}
+	return ret;
+}
+
+static bool test_conflict_different_owner(struct torture_context *tctx, 
+										  struct test_wrepl_conflict_conn *ctx)
+{
+	bool ret = true;
+	struct wrepl_wins_name wins_name1;
+	struct wrepl_wins_name wins_name2;
+	struct wrepl_wins_name *wins_name_r1;
+	struct wrepl_wins_name *wins_name_r2;
+	uint32_t i;
+	struct {
+		const char *line; /* just better debugging */
+		struct nbt_name name;
+		const char *comment;
+		bool extra; /* not the worst case, this is an extra test */
+		bool cleanup;
+		struct {
+			struct wrepl_wins_owner *owner;
+			enum wrepl_name_type type;
+			enum wrepl_name_state state;
+			enum wrepl_name_node node;
+			bool is_static;
+			uint32_t num_ips;
+			const struct wrepl_ip *ips;
+			bool apply_expected;
+			bool sgroup_merge;
+			struct wrepl_wins_owner *merge_owner;
+			bool sgroup_cleanup;
+		} r1, r2;
+	} records[] = {
+	/* 
+	 * NOTE: the first record and the last applied one
+	 *       needs to be from the same owner,
+	 *       to not conflict in the next smbtorture run!!!
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.cleanup= true,
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true /* ignored */
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true /* ignored */
+		}
+	},
+
+/*
+ * unique vs unique section
+ */
+	/* 
+	 * unique,active vs. unique,active
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * unique,active vs. unique,tombstone
+	 * => should NOT be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		}
+	},
+
+	/* 
+	 * unique,released vs. unique,active
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_RELEASED,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * unique,released vs. unique,tombstone
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_RELEASED,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= false
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * unique,tombstone vs. unique,active
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * unique,tombstone vs. unique,tombstone
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		}
+	},
+
+
+/*
+ * unique vs normal groups section,
+ */
+	/* 
+	 * unique,active vs. group,active
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * unique,active vs. group,tombstone
+	 * => should NOT be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= false
+		}
+	},
+
+	/* 
+	 * unique,released vs. group,active
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_RELEASED,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= false
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * unique,released vs. group,tombstone
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_RELEASED,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * unique,tombstone vs. group,active
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * unique,tombstone vs. group,tombstone
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		}
+	},
+
+/*
+ * unique vs special groups section,
+ */
+	/* 
+	 * unique,active vs. sgroup,active
+	 * => should NOT be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= false
+		}
+	},
+
+	/* 
+	 * unique,active vs. sgroup,tombstone
+	 * => should NOT be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= false
+		}
+	},
+
+	/* 
+	 * unique,released vs. sgroup,active
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_RELEASED,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= false
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4),
+			.ips		= addresses_B_3_4,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * unique,released vs. sgroup,tombstone
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_RELEASED,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_3_4),
+			.ips		= addresses_A_3_4,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * unique,tombstone vs. sgroup,active
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4),
+			.ips		= addresses_B_3_4,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * unique,tombstone vs. sgroup,tombstone
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_3_4),
+			.ips		= addresses_A_3_4,
+			.apply_expected	= true
+		}
+	},
+
+/*
+ * unique vs multi homed section,
+ */
+	/* 
+	 * unique,active vs. mhomed,active
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4),
+			.ips		= addresses_B_3_4,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * unique,active vs. mhomed,tombstone
+	 * => should NOT be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4),
+			.ips		= addresses_B_3_4,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4),
+			.ips		= addresses_B_3_4,
+			.apply_expected	= false
+		}
+	},
+
+	/* 
+	 * unique,released vs. mhomed,active
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_RELEASED,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_3_4),
+			.ips		= addresses_A_3_4,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * unique,released vs. mhomed,tombstone
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_RELEASED,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= false
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4),
+			.ips		= addresses_B_3_4,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * unique,tombstone vs. mhomed,active
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_3_4),
+			.ips		= addresses_A_3_4,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * unique,tombstone vs. mhomed,tombstone
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4),
+			.ips		= addresses_B_3_4,
+			.apply_expected	= true
+		}
+	},
+
+/*
+ * normal groups vs unique section,
+ */
+	/* 
+	 * group,active vs. unique,active
+	 * => should NOT be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= false
+		}
+	},
+
+	/* 
+	 * group,active vs. unique,tombstone
+	 * => should NOT be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= false
+		}
+	},
+
+	/* 
+	 * group,released vs. unique,active
+	 * => should NOT be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_RELEASED,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= false
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= false
+		}
+	},
+
+	/* 
+	 * group,released vs. unique,tombstone
+	 * => should NOT be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_RELEASED,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= false
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= false
+		}
+	},
+
+	/* 
+	 * group,tombstone vs. unique,active
+	 * => should NOT be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= false
+		}
+	},
+
+	/* 
+	 * group,tombstone vs. unique,tombstone
+	 * => should NOT be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= false
+		}
+	},
+
+/*
+ * normal groups vs normal groups section,
+ */
+	/* 
+	 * group,active vs. group,active
+	 * => should NOT be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= false
+		}
+	},
+
+	/* 
+	 * group,active vs. group,tombstone
+	 * => should NOT be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= false
+		}
+	},
+
+	/* 
+	 * group,released vs. group,active
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_RELEASED,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= false
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * group,released vs. group,tombstone
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_RELEASED,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= false
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * group,tombstone vs. group,active
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * group,tombstone vs. group,tombstone
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		}
+	},
+
+/*
+ * normal groups vs special groups section,
+ */
+	/* 
+	 * group,active vs. sgroup,active
+	 * => should NOT be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		}
+	},
+
+	/* 
+	 * group,active vs. sgroup,tombstone
+	 * => should NOT be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		}
+	},
+
+	/* 
+	 * group,released vs. sgroup,active
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_RELEASED,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= false
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * group,released vs. sgroup,tombstone
+	 * => should NOT be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_RELEASED,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		}
+	},
+
+	/* 
+	 * group,tombstone vs. sgroup,active
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * group,tombstone vs. sgroup,tombstone
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		}
+	},
+
+/*
+ * normal groups vs multi homed section,
+ */
+	/* 
+	 * group,active vs. mhomed,active
+	 * => should NOT be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		}
+	},
+
+	/* 
+	 * group,active vs. mhomed,tombstone
+	 * => should NOT be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		}
+	},
+
+	/* 
+	 * group,released vs. mhomed,active
+	 * => should NOT be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_RELEASED,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		}
+	},
+
+	/* 
+	 * group,released vs. mhomed,tombstone
+	 * => should NOT be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_RELEASED,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		}
+	},
+
+	/* 
+	 * group,tombstone vs. mhomed,active
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * group,tombstone vs. mhomed,tombstone
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		}
+	},
+
+/*
+ * special groups vs unique section,
+ */
+	/* 
+	 * sgroup,active vs. unique,active
+	 * => should NOT be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		}
+	},
+
+	/* 
+	 * sgroup,active vs. unique,tombstone
+	 * => should NOT be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		}
+	},
+
+	/* 
+	 * sgroup,released vs. unique,active
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_RELEASED,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * sgroup,released vs. unique,tombstone
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_RELEASED,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= false
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * sgroup,tombstone vs. unique,active
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * sgroup,tombstone vs. unique,tombstone
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		}
+	},
+
+/*
+ * special groups vs normal group section,
+ */
+	/* 
+	 * sgroup,active vs. group,active
+	 * => should NOT be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= false
+		}
+	},
+
+	/* 
+	 * sgroup,active vs. group,tombstone
+	 * => should NOT be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= false
+		}
+	},
+
+	/* 
+	 * sgroup,released vs. group,active
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_RELEASED,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= false
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * sgroup,released vs. group,tombstone
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_RELEASED,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * sgroup,tombstone vs. group,active
+	 * => should NOT be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * sgroup,tombstone vs. group,tombstone
+	 * => should NOT be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		}
+	},
+
+/*
+ * special groups (not active) vs special group section,
+ */
+	/* 
+	 * sgroup,released vs. sgroup,active
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_RELEASED,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= false
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * sgroup,released vs. sgroup,tombstone
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_RELEASED,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * sgroup,tombstone vs. sgroup,active
+	 * => should NOT be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * sgroup,tombstone vs. sgroup,tombstone
+	 * => should NOT be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		}
+	},
+
+/*
+ * special groups vs multi homed section,
+ */
+	/* 
+	 * sgroup,active vs. mhomed,active
+	 * => should NOT be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= false
+		}
+	},
+
+	/* 
+	 * sgroup,active vs. mhomed,tombstone
+	 * => should NOT be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= false
+		}
+	},
+
+	/* 
+	 * sgroup,released vs. mhomed,active
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_RELEASED,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= false
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * sgroup,released vs. mhomed,tombstone
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_RELEASED,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * sgroup,tombstone vs. mhomed,active
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * sgroup,tombstone vs. mhomed,tombstone
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		}
+	},
+
+/*
+ * multi homed vs. unique section,
+ */
+	/* 
+	 * mhomed,active vs. unique,active
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_3_4),
+			.ips		= addresses_A_3_4,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * mhomed,active vs. unique,tombstone
+	 * => should NOT be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		}
+	},
+
+	/* 
+	 * mhomed,released vs. unique,active
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_RELEASED,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= false
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * mhomed,released vs. uinique,tombstone
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_RELEASED,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * mhomed,tombstone vs. unique,active
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * mhomed,tombstone vs. uinique,tombstone
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		}
+	},
+
+/*
+ * multi homed vs. normal group section,
+ */
+	/* 
+	 * mhomed,active vs. group,active
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * mhomed,active vs. group,tombstone
+	 * => should NOT be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		}
+	},
+
+	/* 
+	 * mhomed,released vs. group,active
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_RELEASED,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * mhomed,released vs. group,tombstone
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_RELEASED,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= false
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * mhomed,tombstone vs. group,active
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * mhomed,tombstone vs. group,tombstone
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		}
+	},
+
+/*
+ * multi homed vs. special group section,
+ */
+	/* 
+	 * mhomed,active vs. sgroup,active
+	 * => should NOT be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= false
+		}
+	},
+
+	/* 
+	 * mhomed,active vs. sgroup,tombstone
+	 * => should NOT be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= false
+		}
+	},
+
+	/* 
+	 * mhomed,released vs. sgroup,active
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_RELEASED,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= false
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * mhomed,released vs. sgroup,tombstone
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_RELEASED,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * mhomed,tombstone vs. sgroup,active
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * mhomed,tombstone vs. sgroup,tombstone
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		}
+	},
+
+/*
+ * multi homed vs. mlti homed section,
+ */
+	/* 
+	 * mhomed,active vs. mhomed,active
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_3_4),
+			.ips		= addresses_A_3_4,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4),
+			.ips		= addresses_B_3_4,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * mhomed,active vs. mhomed,tombstone
+	 * => should NOT be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4),
+			.ips		= addresses_B_3_4,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4),
+			.ips		= addresses_B_3_4,
+			.apply_expected	= false
+		}
+	},
+
+	/* 
+	 * mhomed,released vs. mhomed,active
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_RELEASED,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4),
+			.ips		= addresses_B_3_4,
+			.apply_expected	= false
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_3_4),
+			.ips		= addresses_A_3_4,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * mhomed,released vs. mhomed,tombstone
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_RELEASED,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_3_4),
+			.ips		= addresses_A_3_4,
+			.apply_expected	= false
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4),
+			.ips		= addresses_B_3_4,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * mhomed,tombstone vs. mhomed,active
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4),
+			.ips		= addresses_B_3_4,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_3_4),
+			.ips		= addresses_A_3_4,
+			.apply_expected	= true
+		}
+	},
+
+	/* 
+	 * mhomed,tombstone vs. mhomed,tombstone
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_3_4),
+			.ips		= addresses_A_3_4,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4),
+			.ips		= addresses_B_3_4,
+			.apply_expected	= true
+		}
+	},
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.cleanup= true,
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true,
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true,
+		}
+	},
+/*
+ * special group vs special group section,
+ */
+	/* 
+	 * sgroup,active vs. sgroup,active same addresses
+	 * => should be NOT replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.comment= "A:A_3_4 vs. B:A_3_4",
+		.extra	= true,
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_3_4),
+			.ips		= addresses_A_3_4,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_3_4),
+			.ips		= addresses_A_3_4,
+			.apply_expected	= false,
+			.sgroup_cleanup	= true
+		}
+	},
+	/* 
+	 * sgroup,active vs. sgroup,active same addresses
+	 * => should be NOT replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.comment= "A:A_3_4 vs. B:NULL",
+		.extra	= true,
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_3_4),
+			.ips		= addresses_A_3_4,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= 0,
+			.ips		= NULL,
+			.apply_expected	= false,
+			.sgroup_cleanup	= true
+		}
+	},
+	/* 
+	 * sgroup,active vs. sgroup,active subset addresses, special case...
+	 * => should NOT be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.comment= "A:A_3_4_X_3_4 vs. B:A_3_4",
+		.extra	= true,
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_3_4_X_3_4),
+			.ips		= addresses_A_3_4_X_3_4,
+			.apply_expected	= true,
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_3_4),
+			.ips		= addresses_A_3_4,
+			.apply_expected = false,
+		}
+	},
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.cleanup= true,
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= 0,
+			.ips		= NULL,
+			.apply_expected	= false,
+		},
+		.r2	= {
+			.owner		= &ctx->x,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= 0,
+			.ips		= NULL,
+			.apply_expected	= false,
+		}
+	},
+	/* 
+	 * sgroup,active vs. sgroup,active different addresses, but owner changed
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.comment= "A:B_3_4 vs. B:A_3_4",
+		.extra	= true,
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4),
+			.ips		= addresses_B_3_4,
+			.apply_expected	= true,
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_3_4),
+			.ips		= addresses_A_3_4,
+			.apply_expected	= true,
+			.sgroup_cleanup	= true
+		}
+	},
+	/* 
+	 * sgroup,active vs. sgroup,active different addresses, but owner changed
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.comment= "A:A_3_4 vs. B:A_3_4_OWNER_B",
+		.extra	= true,
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_3_4),
+			.ips		= addresses_A_3_4,
+			.apply_expected	= true,
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_3_4_OWNER_B),
+			.ips		= addresses_A_3_4_OWNER_B,
+			.apply_expected	= true,
+			.sgroup_cleanup	= true
+		}
+	},
+	/* 
+	 * sgroup,active vs. sgroup,active different addresses, but owner changed
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.comment= "A:A_3_4_OWNER_B vs. B:A_3_4",
+		.extra	= true,
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_3_4_OWNER_B),
+			.ips		= addresses_A_3_4_OWNER_B,
+			.apply_expected	= true,
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_3_4),
+			.ips		= addresses_A_3_4,
+			.apply_expected	= true,
+			.sgroup_cleanup	= true
+		}
+	},
+	/* 
+	 * sgroup,active vs. sgroup,active different addresses
+	 * => should be merged
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.comment= "A:A_3_4 vs. B:B_3_4 => C:A_3_4_B_3_4",
+		.extra	= true,
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_3_4),
+			.ips		= addresses_A_3_4,
+			.apply_expected	= true,
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4),
+			.ips		= addresses_B_3_4,
+			.sgroup_merge	= true,
+			.sgroup_cleanup = true,
+		}
+	},
+	/* 
+	 * sgroup,active vs. sgroup,active different addresses, special case...
+	 * => should be merged
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.comment= "A:B_3_4_X_3_4 vs. B:A_3_4 => B:A_3_4_X_3_4",
+		.extra	= true,
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4_X_3_4),
+			.ips		= addresses_B_3_4_X_3_4,
+			.apply_expected	= true,
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_3_4),
+			.ips		= addresses_A_3_4,
+			.sgroup_merge	= true,
+			.merge_owner	= &ctx->b,
+			.sgroup_cleanup	= false
+		}
+	},
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.cleanup= true,
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_3_4_X_3_4_OWNER_B),
+			.ips		= addresses_A_3_4_X_3_4_OWNER_B,
+			.apply_expected	= true,
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= 0,
+			.ips		= NULL,
+			.apply_expected	= false,
+		}
+	},
+	/* 
+	 * sgroup,active vs. sgroup,active different addresses, special case...
+	 * => should be merged
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.comment= "A:X_3_4 vs. B:A_3_4 => C:A_3_4_X_3_4",
+		.extra	= true,
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_X_3_4),
+			.ips		= addresses_X_3_4,
+			.apply_expected	= true,
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_3_4),
+			.ips		= addresses_A_3_4,
+			.sgroup_merge	= true,
+			.sgroup_cleanup	= false
+		}
+	},
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.cleanup= true,
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= 0,
+			.ips		= NULL,
+			.apply_expected	= false,
+		},
+		.r2	= {
+			.owner		= &ctx->x,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= 0,
+			.ips		= NULL,
+			.apply_expected	= false,
+		}
+	},
+	/* 
+	 * sgroup,active vs. sgroup,active different addresses, special case...
+	 * => should be merged
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.comment= "A:A_3_4_X_3_4 vs. B:A_3_4_OWNER_B => B:A_3_4_OWNER_B_X_3_4",
+		.extra	= true,
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_3_4_X_3_4),
+			.ips		= addresses_A_3_4_X_3_4,
+			.apply_expected	= true,
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_3_4_OWNER_B),
+			.ips		= addresses_A_3_4_OWNER_B,
+			.sgroup_merge	= true,
+			.merge_owner	= &ctx->b,
+		}
+	},
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.cleanup= true,
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= 0,
+			.ips		= NULL,
+			.apply_expected	= false,
+		},
+		.r2	= {
+			.owner		= &ctx->x,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= 0,
+			.ips		= NULL,
+			.apply_expected	= false,
+		}
+	},
+	/* 
+	 * sgroup,active vs. sgroup,active partly different addresses, special case...
+	 * => should be merged
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.comment= "A:B_3_4_X_3_4 vs. B:B_3_4_X_1_2 => C:B_3_4_X_1_2_3_4",
+		.extra	= true,
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4_X_3_4),
+			.ips		= addresses_B_3_4_X_3_4,
+			.apply_expected	= true,
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4_X_1_2),
+			.ips		= addresses_B_3_4_X_1_2,
+			.sgroup_merge	= true,
+			.sgroup_cleanup	= false
+		}
+	},
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.cleanup= true,
+		.r1	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= 0,
+			.ips		= NULL,
+			.apply_expected	= false,
+		},
+		.r2	= {
+			.owner		= &ctx->x,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= 0,
+			.ips		= NULL,
+			.apply_expected	= false,
+		}
+	},
+	/* 
+	 * sgroup,active vs. sgroup,active different addresses, special case...
+	 * => should be merged
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.comment= "A:A_3_4_B_3_4 vs. B:NULL => B:A_3_4",
+		.extra	= true,
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_3_4_B_3_4),
+			.ips		= addresses_A_3_4_B_3_4,
+			.apply_expected	= true,
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= 0,
+			.ips		= NULL,
+			.sgroup_merge	= true,
+			.merge_owner	= &ctx->b,
+			.sgroup_cleanup	= true
+		}
+	},
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.cleanup= true,
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= 0,
+			.ips		= NULL,
+			.apply_expected	= false,
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true,
+		}
+	},
+	/* 
+	 * sgroup,active vs. sgroup,active different addresses, special case...
+	 * => should be merged
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.comment= "A:B_3_4_X_3_4 vs. B:NULL => B:X_3_4",
+		.extra	= true,
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4_X_3_4),
+			.ips		= addresses_B_3_4_X_3_4,
+			.apply_expected	= true,
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= 0,
+			.ips		= NULL,
+			.sgroup_merge	= true,
+			.merge_owner	= &ctx->b,
+			.sgroup_cleanup	= true
+		}
+	},
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.cleanup= true,
+		.r1	= {
+			.owner		= &ctx->x,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= 0,
+			.ips		= NULL,
+			.apply_expected	= false,
+		},
+		.r2	= {
+			.owner		= &ctx->x,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true,
+		}
+	},
+
+	/* 
+	 * sgroup,active vs. sgroup,tombstone different no addresses, special
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.comment= "A:B_3_4_X_3_4 vs. B:NULL => B:NULL",
+		.extra	= true,
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4_X_3_4),
+			.ips		= addresses_B_3_4_X_3_4,
+			.apply_expected	= true,
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= 0,
+			.ips		= NULL,
+			.apply_expected	= true,
+		}
+	},
+	/* 
+	 * sgroup,active vs. sgroup,tombstone different addresses
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.comment= "A:B_3_4_X_3_4 vs. B:A_3_4 => B:A_3_4",
+		.extra	= true,
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4_X_3_4),
+			.ips		= addresses_B_3_4_X_3_4,
+			.apply_expected	= true,
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_3_4),
+			.ips		= addresses_A_3_4,
+			.apply_expected	= true,
+		}
+	},
+	/* 
+	 * sgroup,active vs. sgroup,tombstone subset addresses
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.comment= "A:B_3_4_X_3_4 vs. B:B_3_4 => B:B_3_4",
+		.extra	= true,
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4_X_3_4),
+			.ips		= addresses_B_3_4_X_3_4,
+			.apply_expected	= true,
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4),
+			.ips		= addresses_B_3_4,
+			.apply_expected	= true,
+		}
+	},
+	/* 
+	 * sgroup,active vs. sgroup,active same addresses
+	 * => should be replaced
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.comment= "A:B_3_4_X_3_4 vs. B:B_3_4_X_3_4 => B:B_3_4_X_3_4",
+		.extra	= true,
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4_X_3_4),
+			.ips		= addresses_B_3_4_X_3_4,
+			.apply_expected	= true,
+		},
+		.r2	= {
+			.owner		= &ctx->b,
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4_X_3_4),
+			.ips		= addresses_B_3_4_X_3_4,
+			.apply_expected	= true,
+		}
+	},
+
+	/* 
+	 * This should be the last record in this array,
+	 * we need to make sure the we leave a tombstoned unique entry
+	 * owned by OWNER_A
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_DIFF_OWNER", 0x00, NULL),
+		.cleanup= true,
+		.r1	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		},
+		.r2	= {
+			.owner		= &ctx->a,
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_A_1),
+			.ips		= addresses_A_1,
+			.apply_expected	= true
+		}
+	}}; /* do not add entries here, this should be the last record! */
+
+	wins_name_r1	= &wins_name1;
+	wins_name_r2	= &wins_name2;
+
+	torture_comment(tctx, "Test Replica Conflicts with different owners\n");
+
+	for(i=0; ret && i < ARRAY_SIZE(records); i++) {
+
+		if (!records[i].extra && !records[i].cleanup) {
+			/* we should test the worst cases */
+			if (records[i].r2.apply_expected && records[i].r1.ips==records[i].r2.ips) {
+				torture_comment(tctx, "(%s) Programmer error, invalid record[%u]: %s\n",
+					__location__, i, records[i].line);
+				return false;
+			} else if (!records[i].r2.apply_expected && records[i].r1.ips!=records[i].r2.ips) {
+				torture_comment(tctx, "(%s) Programmer error, invalid record[%u]: %s\n",
+					__location__, i, records[i].line);
+				return false;
+			}
+		}
+
+		if (!records[i].cleanup) {
+			const char *expected;
+			const char *ips;
+
+			if (records[i].r2.sgroup_merge) {
+				expected = "SGROUP_MERGE";
+			} else if (records[i].r2.apply_expected) {
+				expected = "REPLACE";
+			} else {
+				expected = "NOT REPLACE";
+			}
+
+			if (!records[i].r1.ips && !records[i].r2.ips) {
+				ips = "with no ip(s)";
+			} else if (records[i].r1.ips==records[i].r2.ips) {
+				ips = "with same ip(s)";
+			} else {
+				ips = "with different ip(s)";
+			}
+
+			torture_comment(tctx, "%s,%s%s vs. %s,%s%s %s => %s\n",
+				wrepl_name_type_string(records[i].r1.type),
+				wrepl_name_state_string(records[i].r1.state),
+				(records[i].r1.is_static?",static":""),
+				wrepl_name_type_string(records[i].r2.type),
+				wrepl_name_state_string(records[i].r2.state),
+				(records[i].r2.is_static?",static":""),
+				(records[i].comment?records[i].comment:ips),
+				expected);
+		}
+
+		/*
+		 * Setup R1
+		 */
+		wins_name_r1->name	= &records[i].name;
+		wins_name_r1->flags	= WREPL_NAME_FLAGS(records[i].r1.type,
+							   records[i].r1.state,
+							   records[i].r1.node,
+							   records[i].r1.is_static);
+		wins_name_r1->id	= ++records[i].r1.owner->max_version;
+		if (wins_name_r1->flags & 2) {
+			wins_name_r1->addresses.addresses.num_ips = records[i].r1.num_ips;
+			wins_name_r1->addresses.addresses.ips     = discard_const_p(struct wrepl_ip,
+								    records[i].r1.ips);
+		} else {
+			wins_name_r1->addresses.ip = records[i].r1.ips[0].ip;
+		}
+		wins_name_r1->unknown	= "255.255.255.255";
+
+		/* now apply R1 */
+		ret &= test_wrepl_update_one(tctx, ctx, records[i].r1.owner, wins_name_r1);
+		ret &= test_wrepl_is_applied(tctx, ctx, records[i].r1.owner,
+					     wins_name_r1, records[i].r1.apply_expected);
+
+		/*
+		 * Setup R2
+		 */
+		wins_name_r2->name	= &records[i].name;
+		wins_name_r2->flags	= WREPL_NAME_FLAGS(records[i].r2.type,
+							   records[i].r2.state,
+							   records[i].r2.node,
+							   records[i].r2.is_static);
+		wins_name_r2->id	= ++records[i].r2.owner->max_version;
+		if (wins_name_r2->flags & 2) {
+			wins_name_r2->addresses.addresses.num_ips = records[i].r2.num_ips;
+			wins_name_r2->addresses.addresses.ips     = discard_const_p(struct wrepl_ip,
+								    records[i].r2.ips);
+		} else {
+			wins_name_r2->addresses.ip = records[i].r2.ips[0].ip;
+		}
+		wins_name_r2->unknown	= "255.255.255.255";
+
+		/* now apply R2 */
+		ret &= test_wrepl_update_one(tctx, ctx, records[i].r2.owner, wins_name_r2);
+		if (records[i].r1.state == WREPL_STATE_RELEASED) {
+			ret &= test_wrepl_is_applied(tctx, ctx, records[i].r1.owner,
+						     wins_name_r1, false);
+		} else if (records[i].r2.sgroup_merge) {
+			ret &= test_wrepl_sgroup_merged(tctx, ctx, records[i].r2.merge_owner,
+							records[i].r1.owner,
+							records[i].r1.num_ips, records[i].r1.ips,
+							records[i].r2.owner,
+							records[i].r2.num_ips, records[i].r2.ips,
+							wins_name_r2);
+		} else if (records[i].r1.owner != records[i].r2.owner) {
+			bool _expected;
+			_expected = (records[i].r1.apply_expected && !records[i].r2.apply_expected);
+			ret &= test_wrepl_is_applied(tctx, ctx, records[i].r1.owner,
+						     wins_name_r1, _expected);
+		}
+		if (records[i].r2.state == WREPL_STATE_RELEASED) {
+			ret &= test_wrepl_is_applied(tctx, ctx, records[i].r2.owner,
+						     wins_name_r2, false);
+		} else if (!records[i].r2.sgroup_merge) {
+			ret &= test_wrepl_is_applied(tctx, ctx, records[i].r2.owner,
+						     wins_name_r2, records[i].r2.apply_expected);
+		}
+
+		if (records[i].r2.sgroup_cleanup) {
+			if (!ret) {
+				torture_comment(tctx, "failed before sgroup_cleanup record[%u]: %s\n", i, records[i].line);
+				return ret;
+			}
+
+			/* clean up the SGROUP record */
+			wins_name_r1->name	= &records[i].name;
+			wins_name_r1->flags	= WREPL_NAME_FLAGS(WREPL_TYPE_SGROUP,
+								   WREPL_STATE_ACTIVE,
+								   WREPL_NODE_B, false);
+			wins_name_r1->id	= ++records[i].r1.owner->max_version;
+			wins_name_r1->addresses.addresses.num_ips = 0;
+			wins_name_r1->addresses.addresses.ips     = NULL;
+			wins_name_r1->unknown	= "255.255.255.255";
+			ret &= test_wrepl_update_one(tctx, ctx, records[i].r1.owner, wins_name_r1);
+
+			/* here we test how names from an owner are deleted */
+			if (records[i].r2.sgroup_merge && records[i].r2.num_ips) {
+				ret &= test_wrepl_sgroup_merged(tctx, ctx, NULL,
+								records[i].r2.owner,
+								records[i].r2.num_ips, records[i].r2.ips,
+								records[i].r1.owner,
+								0, NULL,
+								wins_name_r2);
+			}
+
+			/* clean up the SGROUP record */
+			wins_name_r2->name	= &records[i].name;
+			wins_name_r2->flags	= WREPL_NAME_FLAGS(WREPL_TYPE_SGROUP,
+								   WREPL_STATE_ACTIVE,
+								   WREPL_NODE_B, false);
+			wins_name_r2->id	= ++records[i].r2.owner->max_version;
+			wins_name_r2->addresses.addresses.num_ips = 0;
+			wins_name_r2->addresses.addresses.ips     = NULL;
+			wins_name_r2->unknown	= "255.255.255.255";
+			ret &= test_wrepl_update_one(tctx, ctx, records[i].r2.owner, wins_name_r2);
+
+			/* take ownership of the SGROUP record */
+			wins_name_r2->name	= &records[i].name;
+			wins_name_r2->flags	= WREPL_NAME_FLAGS(WREPL_TYPE_SGROUP,
+								   WREPL_STATE_ACTIVE,
+								   WREPL_NODE_B, false);
+			wins_name_r2->id	= ++records[i].r2.owner->max_version;
+			wins_name_r2->addresses.addresses.num_ips = ARRAY_SIZE(addresses_B_1);
+			wins_name_r2->addresses.addresses.ips     = discard_const_p(struct wrepl_ip,
+								    addresses_B_1);
+			wins_name_r2->unknown	= "255.255.255.255";
+			ret &= test_wrepl_update_one(tctx, ctx, records[i].r2.owner, wins_name_r2);
+			ret &= test_wrepl_is_applied(tctx, ctx, records[i].r2.owner, wins_name_r2, true);
+
+			/* overwrite the SGROUP record with unique,tombstone */
+			wins_name_r2->name	= &records[i].name;
+			wins_name_r2->flags	= WREPL_NAME_FLAGS(WREPL_TYPE_SGROUP,
+								   WREPL_STATE_TOMBSTONE,
+								   WREPL_NODE_B, false);
+			wins_name_r2->id	= ++records[i].r2.owner->max_version;
+			wins_name_r2->addresses.addresses.num_ips = ARRAY_SIZE(addresses_B_1);
+			wins_name_r2->addresses.addresses.ips     = discard_const_p(struct wrepl_ip,
+								    addresses_B_1);
+			wins_name_r2->unknown	= "255.255.255.255";
+			ret &= test_wrepl_update_one(tctx, ctx, records[i].r2.owner, wins_name_r2);
+			ret &= test_wrepl_is_applied(tctx, ctx, records[i].r2.owner, wins_name_r2, true);
+
+			if (!ret) {
+				torture_comment(tctx, "failed in sgroup_cleanup record[%u]: %s\n", i, records[i].line);
+				return ret;
+			}
+		}
+
+		/* the first one is a cleanup run */
+		if (!ret && i == 0) ret = true;
+
+		if (!ret) {
+			torture_comment(tctx, "conflict handled wrong or record[%u]: %s\n", i, records[i].line);
+			return ret;
+		}
+	}
+
+	return ret;
+}
+
+static bool test_conflict_owned_released_vs_replica(struct torture_context *tctx,
+													struct test_wrepl_conflict_conn *ctx)
+{
+	bool ret = true;
+	NTSTATUS status;
+	struct wrepl_wins_name wins_name_;
+	struct wrepl_wins_name *wins_name = &wins_name_;
+	struct nbt_name_register name_register_;
+	struct nbt_name_register *name_register = &name_register_;
+	struct nbt_name_release release_;
+	struct nbt_name_release *release = &release_;
+	uint32_t i;
+	struct {
+		const char *line; /* just better debugging */
+		struct nbt_name name;
+		struct {
+			uint32_t nb_flags;
+			bool mhomed;
+			uint32_t num_ips;
+			const struct wrepl_ip *ips;
+			bool apply_expected;
+		} wins;
+		struct {
+			enum wrepl_name_type type;
+			enum wrepl_name_state state;
+			enum wrepl_name_node node;
+			bool is_static;
+			uint32_t num_ips;
+			const struct wrepl_ip *ips;
+			bool apply_expected;
+		} replica;
+	} records[] = {
+/* 
+ * unique vs. unique section
+ */
+	/*
+	 * unique,released vs. unique,active with same ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_UR_UA_SI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * unique,released vs. unique,active with different ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_UR_UA_DI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * unique,released vs. unique,tombstone with same ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_UR_UT_SI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * unique,released vs. unique,tombstone with different ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_UR_UT_DI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+	},
+/* 
+ * unique vs. group section
+ */
+	/*
+	 * unique,released vs. group,active with same ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_UR_GA_SI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * unique,released vs. group,active with different ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_UR_GA_DI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * unique,released vs. group,tombstone with same ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_UR_GT_SI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * unique,released vs. group,tombstone with different ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_UR_GT_DI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+	},
+/* 
+ * unique vs. special group section
+ */
+	/*
+	 * unique,released vs. sgroup,active with same ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_UR_SA_SI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * unique,released vs. sgroup,active with different ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_UR_SA_DI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * unique,released vs. sgroup,tombstone with same ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_UR_ST_SI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * unique,released vs. sgroup,tombstone with different ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_UR_ST_DI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+	},
+/* 
+ * unique vs. multi homed section
+ */
+	/*
+	 * unique,released vs. mhomed,active with same ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_UR_MA_SI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * unique,released vs. mhomed,active with different ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_UR_MA_DI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * unique,released vs. mhomed,tombstone with same ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_UR_MT_SI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * unique,released vs. mhomed,tombstone with different ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_UR_MT_DI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+	},
+/* 
+ * group vs. unique section
+ */
+	/*
+	 * group,released vs. unique,active with same ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_GR_UA_SI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * group,released vs. unique,active with different ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_GR_UA_DI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * group,released vs. unique,tombstone with same ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_GR_UT_SI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * group,released vs. unique,tombstone with different ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_GR_UT_DI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+	},
+/* 
+ * group vs. group section
+ */
+	/*
+	 * group,released vs. group,active with same ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_GR_GA_SI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * group,released vs. group,active with different ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_GR_GA_DI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * group,released vs. group,tombstone with same ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_GR_GT_SI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * group,released vs. group,tombstone with different ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_GR_GT_DI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+	},
+/* 
+ * group vs. special group section
+ */
+	/*
+	 * group,released vs. sgroup,active with same ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_GR_SA_SI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * group,released vs. sgroup,active with different ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_GR_SA_DI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * group,released vs. sgroup,tombstone with same ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_GR_ST_SI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * group,released vs. sgroup,tombstone with different ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_GR_ST_DI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+	},
+/* 
+ * group vs. multi homed section
+ */
+	/*
+	 * group,released vs. mhomed,active with same ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_GR_MA_SI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * group,released vs. mhomed,active with different ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_GR_MA_DI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * group,released vs. mhomed,tombstone with same ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_GR_MT_SI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * group,released vs. mhomed,tombstone with different ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_GR_MT_DI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+	},
+/* 
+ * special group vs. unique section
+ */
+	/*
+	 * sgroup,released vs. unique,active with same ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_SR_UA_SI", 0x1C, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * sgroup,released vs. unique,active with different ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_SR_UA_DI", 0x1C, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * sgroup,released vs. unique,tombstone with same ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_SR_UT_SI", 0x1C, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * sgroup,released vs. unique,tombstone with different ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_SR_UT_DI", 0x1C, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+	},
+/* 
+ * special group vs. group section
+ */
+	/*
+	 * sgroup,released vs. group,active with same ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_SR_GA_SI", 0x1C, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * sgroup,released vs. group,active with different ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_SR_GA_DI", 0x1C, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * sgroup,released vs. group,tombstone with same ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_SR_GT_SI", 0x1C, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * sgroup,released vs. group,tombstone with different ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_SR_GT_DI", 0x1C, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+	},
+/* 
+ * special group vs. special group section
+ */
+	/*
+	 * sgroup,released vs. sgroup,active with same ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_SR_SA_SI", 0x1C, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * sgroup,released vs. sgroup,active with different ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_SR_SA_DI", 0x1C, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * sgroup,released vs. sgroup,tombstone with same ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_SR_ST_SI", 0x1C, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * sgroup,released vs. sgroup,tombstone with different ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_SR_ST_DI", 0x1C, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+	},
+/* 
+ * special group vs. multi homed section
+ */
+	/*
+	 * sgroup,released vs. mhomed,active with same ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_SR_MA_SI", 0x1C, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * sgroup,released vs. mhomed,active with different ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_SR_MA_DI", 0x1C, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * sgroup,released vs. mhomed,tombstone with same ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_SR_MT_SI", 0x1C, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * sgroup,released vs. mhomed,tombstone with different ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_SR_MT_DI", 0x1C, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+	},
+/* 
+ * multi homed vs. unique section
+ */
+	/*
+	 * mhomed,released vs. unique,active with same ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_MR_UA_SI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * mhomed,released vs. unique,active with different ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_MR_UA_DI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * mhomed,released vs. unique,tombstone with same ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_MR_UT_SI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * mhomed,released vs. unique,tombstone with different ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_MR_UT_DI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+	},
+/* 
+ * multi homed vs. group section
+ */
+	/*
+	 * mhomed,released vs. group,active with same ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_MR_GA_SI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * mhomed,released vs. group,active with different ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_MR_GA_DI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * mhomed,released vs. group,tombstone with same ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_MR_GT_SI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * mhomed,released vs. group,tombstone with different ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_MR_GT_DI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+	},
+/* 
+ * multi homed vs. special group section
+ */
+	/*
+	 * mhomed,released vs. sgroup,active with same ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_MR_SA_SI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * mhomed,released vs. sgroup,active with different ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_MR_SA_DI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * mhomed,released vs. sgroup,tombstone with same ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_MR_ST_SI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * mhomed,released vs. sgroup,tombstone with different ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_MR_ST_DI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+	},
+/* 
+ * multi homed vs. multi homed section
+ */
+	/*
+	 * mhomed,released vs. mhomed,active with same ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_MR_MA_SI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * mhomed,released vs. mhomed,active with different ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_MR_MA_DI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * mhomed,released vs. mhomed,tombstone with same ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_MR_MT_SI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * mhomed,released vs. mhomed,tombstone with different ip(s)
+	 */
+	{
+		.line	= __location__,
+		.name	= _NBT_NAME("_MR_MT_DI", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+	},
+	};
+
+	torture_comment(tctx, "Test Replica records vs. owned released records\n");
+
+	for(i=0; ret && i < ARRAY_SIZE(records); i++) {
+		torture_comment(tctx, "%s => %s\n", nbt_name_string(ctx, &records[i].name),
+			(records[i].replica.apply_expected?"REPLACE":"NOT REPLACE"));
+
+		/*
+		 * Setup Register
+		 */
+		name_register->in.name		= records[i].name;
+		name_register->in.dest_addr	= ctx->address;
+		name_register->in.dest_port	= lpcfg_nbt_port(tctx->lp_ctx);
+		name_register->in.address	= records[i].wins.ips[0].ip;
+		name_register->in.nb_flags	= records[i].wins.nb_flags;
+		name_register->in.register_demand= false;
+		name_register->in.broadcast	= false;
+		name_register->in.multi_homed	= records[i].wins.mhomed;
+		name_register->in.ttl		= 300000;
+		name_register->in.timeout	= 70;
+		name_register->in.retries	= 0;
+
+		status = nbt_name_register(ctx->nbtsock, ctx, name_register);
+		if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
+			torture_comment(tctx, "No response from %s for name register\n", ctx->address);
+			ret = false;
+		}
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_comment(tctx, "Bad response from %s for name register - %s\n",
+			       ctx->address, nt_errstr(status));
+			ret = false;
+		}
+		CHECK_VALUE(tctx, name_register->out.rcode, 0);
+		CHECK_VALUE_STRING(tctx, name_register->out.reply_from, ctx->address);
+		CHECK_VALUE(tctx, name_register->out.name.type, records[i].name.type);
+		CHECK_VALUE_STRING(tctx, name_register->out.name.name, records[i].name.name);
+		CHECK_VALUE_STRING(tctx, name_register->out.name.scope, records[i].name.scope);
+		CHECK_VALUE_STRING(tctx, name_register->out.reply_addr, records[i].wins.ips[0].ip);
+
+		/* release the record */
+		release->in.name	= records[i].name;
+		release->in.dest_port   = lpcfg_nbt_port(tctx->lp_ctx);
+		release->in.dest_addr	= ctx->address;
+		release->in.address	= records[i].wins.ips[0].ip;
+		release->in.nb_flags	= records[i].wins.nb_flags;
+		release->in.broadcast	= false;
+		release->in.timeout	= 30;
+		release->in.retries	= 0;
+
+		status = nbt_name_release(ctx->nbtsock, ctx, release);
+		if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
+			torture_comment(tctx, "No response from %s for name release\n", ctx->address);
+			return false;
+		}
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_comment(tctx, "Bad response from %s for name query - %s\n",
+			       ctx->address, nt_errstr(status));
+			return false;
+		}
+		CHECK_VALUE(tctx, release->out.rcode, 0);
+
+		/*
+		 * Setup Replica
+		 */
+		wins_name->name		= &records[i].name;
+		wins_name->flags	= WREPL_NAME_FLAGS(records[i].replica.type,
+							   records[i].replica.state,
+							   records[i].replica.node,
+							   records[i].replica.is_static);
+		wins_name->id		= ++ctx->b.max_version;
+		if (wins_name->flags & 2) {
+			wins_name->addresses.addresses.num_ips = records[i].replica.num_ips;
+			wins_name->addresses.addresses.ips     = discard_const_p(struct wrepl_ip,
+								 records[i].replica.ips);
+		} else {
+			wins_name->addresses.ip = records[i].replica.ips[0].ip;
+		}
+		wins_name->unknown	= "255.255.255.255";
+
+		ret &= test_wrepl_update_one(tctx, ctx, &ctx->b, wins_name);
+		ret &= test_wrepl_is_applied(tctx, ctx, &ctx->b, wins_name,
+					     records[i].replica.apply_expected);
+
+		if (records[i].replica.apply_expected) {
+			wins_name->name		= &records[i].name;
+			wins_name->flags	= WREPL_NAME_FLAGS(WREPL_TYPE_UNIQUE,
+								   WREPL_STATE_TOMBSTONE,
+								   WREPL_NODE_B, false);
+			wins_name->id		= ++ctx->b.max_version;
+			wins_name->addresses.ip = addresses_B_1[0].ip;
+			wins_name->unknown	= "255.255.255.255";
+
+			ret &= test_wrepl_update_one(tctx, ctx, &ctx->b, wins_name);
+			ret &= test_wrepl_is_applied(tctx, ctx, &ctx->b, wins_name, true);
+		} else {
+			release->in.name	= records[i].name;
+			release->in.dest_addr	= ctx->address;
+			release->in.dest_port	= lpcfg_nbt_port(tctx->lp_ctx);
+			release->in.address	= records[i].wins.ips[0].ip;
+			release->in.nb_flags	= records[i].wins.nb_flags;
+			release->in.broadcast	= false;
+			release->in.timeout	= 30;
+			release->in.retries	= 0;
+
+			status = nbt_name_release(ctx->nbtsock, ctx, release);
+			if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
+				torture_comment(tctx, "No response from %s for name release\n", ctx->address);
+				return false;
+			}
+			if (!NT_STATUS_IS_OK(status)) {
+				torture_comment(tctx, "Bad response from %s for name query - %s\n",
+				       ctx->address, nt_errstr(status));
+				return false;
+			}
+			CHECK_VALUE(tctx, release->out.rcode, 0);
+		}
+		if (!ret) {
+			torture_comment(tctx, "conflict handled wrong or record[%u]: %s\n", i, records[i].line);
+			return ret;
+		}
+	}
+
+	return ret;
+}
+
+struct test_conflict_owned_active_vs_replica_struct {
+	struct torture_context *tctx;
+	const char *line; /* just better debugging */
+	const char *section; /* just better debugging */
+	struct nbt_name name;
+	const char *comment;
+	bool skip;
+	struct {
+		uint32_t nb_flags;
+		bool mhomed;
+		uint32_t num_ips;
+		const struct wrepl_ip *ips;
+		bool apply_expected;
+	} wins;
+	struct {
+		uint32_t timeout;
+		bool positive;
+		bool expect_release;
+		bool late_release;
+		bool ret;
+		/* when num_ips == 0, then .wins.ips are used */
+		uint32_t num_ips;
+		const struct wrepl_ip *ips;
+	} defend;
+	struct {
+		enum wrepl_name_type type;
+		enum wrepl_name_state state;
+		enum wrepl_name_node node;
+		bool is_static;
+		uint32_t num_ips;
+		const struct wrepl_ip *ips;
+		bool apply_expected;
+		bool mhomed_merge;
+		bool sgroup_merge;
+	} replica;
+};
+
+static void test_conflict_owned_active_vs_replica_handler(struct nbt_name_socket *nbtsock, 
+							  struct nbt_name_packet *req_packet, 
+							  struct socket_address *src);
+
+static bool test_conflict_owned_active_vs_replica(struct torture_context *tctx,
+												  struct test_wrepl_conflict_conn *ctx)
+{
+	bool ret = true;
+	NTSTATUS status;
+	struct wrepl_wins_name wins_name_;
+	struct wrepl_wins_name *wins_name = &wins_name_;
+	struct nbt_name_register name_register_;
+	struct nbt_name_register *name_register = &name_register_;
+	struct nbt_name_release release_;
+	struct nbt_name_release *release = &release_;
+	uint32_t i;
+	struct test_conflict_owned_active_vs_replica_struct records[] = {
+/* 
+ * unique vs. unique section
+ */
+	/*
+	 * unique,active vs. unique,active with same ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_UA_UA_SI_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * unique,active vs. unique,active with different ip(s), positive response
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_UA_UA_DI_P", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 10,
+			.positive	= true,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * unique,active vs. unique,active with different ip(s), positive response other ips
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_UA_UA_DI_O", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 10,
+			.positive	= true,
+			.num_ips	= ARRAY_SIZE(addresses_A_3_4),
+			.ips		= addresses_A_3_4,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * unique,active vs. unique,active with different ip(s), negative response
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_UA_UA_DI_N", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 10,
+			.positive	= false,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * unique,active vs. unique,tombstone with same ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_UA_UT_SI_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * unique,active vs. unique,tombstone with different ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_UA_UT_DI_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+	},
+/* 
+ * unique vs. group section
+ */
+	/*
+	 * unique,active vs. group,active with same ip(s), release expected
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_UA_GA_SI_R", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 10,
+			.expect_release	= true,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * unique,active vs. group,active with different ip(s), release expected
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_UA_GA_DI_R", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 10,
+			.expect_release	= true,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * unique,active vs. group,tombstone with same ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_UA_GT_SI_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * unique,active vs. group,tombstone with different ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_UA_GT_DI_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+	},
+/* 
+ * unique vs. special group section
+ */
+	/*
+	 * unique,active vs. sgroup,active with same ip(s), release expected
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_UA_SA_SI_R", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 10,
+			.expect_release	= true,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * unique,active vs. group,active with different ip(s), release expected
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_UA_SA_DI_R", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 10,
+			.expect_release	= true,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * unique,active vs. sgroup,tombstone with same ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_UA_ST_SI_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * unique,active vs. sgroup,tombstone with different ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_UA_ST_DI_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+	},
+/* 
+ * unique vs. multi homed section
+ */
+	/*
+	 * unique,active vs. mhomed,active with same ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_UA_MA_SI_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * unique,active vs. mhomed,active with superset ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_UA_MA_SP_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_all_num,
+			.ips		= ctx->addresses_all,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * unique,active vs. mhomed,active with different ip(s), positive response
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_UA_MA_DI_P", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 10,
+			.positive	= true,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4),
+			.ips		= addresses_B_3_4,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * unique,active vs. mhomed,active with different ip(s), positive response other ips
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_UA_MA_DI_O", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 10,
+			.positive	= true,
+			.num_ips	= ARRAY_SIZE(addresses_A_3_4),
+			.ips		= addresses_A_3_4,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4),
+			.ips		= addresses_B_3_4,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * unique,active vs. mhomed,active with different ip(s), negative response
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_UA_MA_DI_N", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 10,
+			.positive	= false,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4),
+			.ips		= addresses_B_3_4,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * unique,active vs. mhomed,tombstone with same ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_UA_MT_SI_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * unique,active vs. mhomed,tombstone with different ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_UA_MT_DI_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4),
+			.ips		= addresses_B_3_4,
+			.apply_expected	= false
+		},
+	},
+/* 
+ * normal group vs. unique section
+ */
+	/*
+	 * group,active vs. unique,active with same ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_GA_UA_SI_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * group,active vs. unique,active with different ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_GA_UA_DI_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * group,active vs. unique,tombstone with same ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_GA_UT_SI_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * group,active vs. unique,tombstone with different ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_GA_UT_DI_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+	},
+/* 
+ * normal group vs. normal group section
+ */
+	/*
+	 * group,active vs. group,active with same ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_GA_GA_SI_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * group,active vs. group,active with different ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_GA_GA_DI_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * group,active vs. group,tombstone with same ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_GA_GT_SI_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * group,active vs. group,tombstone with different ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_GA_GT_DI_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+	},
+/* 
+ * normal group vs. special group section
+ */
+	/*
+	 * group,active vs. sgroup,active with same ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_GA_SA_SI_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * group,active vs. sgroup,active with different ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_GA_SA_DI_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4),
+			.ips		= addresses_B_3_4,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * group,active vs. sgroup,tombstone with same ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_GA_ST_SI_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * group,active vs. sgroup,tombstone with different ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_GA_ST_DI_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4),
+			.ips		= addresses_B_3_4,
+			.apply_expected	= false
+		},
+	},
+/* 
+ * normal group vs. multi homed section
+ */
+	/*
+	 * group,active vs. mhomed,active with same ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_GA_MA_SI_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * group,active vs. mhomed,active with different ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_GA_MA_DI_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4),
+			.ips		= addresses_B_3_4,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * group,active vs. mhomed,tombstone with same ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_GA_MT_SI_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * group,active vs. mhomed,tombstone with different ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_GA_MT_DI_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4),
+			.ips		= addresses_B_3_4,
+			.apply_expected	= false
+		},
+	},
+/* 
+ * special group vs. unique section
+ */
+	/*
+	 * sgroup,active vs. unique,active with same ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_SA_UA_SI_U", 0x1C, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * sgroup,active vs. unique,active with different ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_SA_UA_DI_U", 0x1C, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * sgroup,active vs. unique,tombstone with same ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_SA_UT_SI_U", 0x1C, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * sgroup,active vs. unique,tombstone with different ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_SA_UT_DI_U", 0x1C, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+	},
+/* 
+ * special group vs. normal group section
+ */
+	/*
+	 * sgroup,active vs. group,active with same ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_SA_GA_SI_U", 0x1C, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * sgroup,active vs. group,active with different ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_SA_GA_DI_U", 0x1C, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * sgroup,active vs. group,tombstone with same ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_SA_GT_SI_U", 0x1C, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * sgroup,active vs. group,tombstone with different ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_SA_GT_DI_U", 0x1C, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+	},
+/* 
+ * special group vs. multi homed section
+ */
+	/*
+	 * sgroup,active vs. mhomed,active with same ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_SA_MA_SI_U", 0x1C, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * sgroup,active vs. mhomed,active with different ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_SA_MA_DI_U", 0x1C, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * sgroup,active vs. mhomed,tombstone with same ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_SA_MT_SI_U", 0x1C, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * sgroup,active vs. mhomed,tombstone with different ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_SA_MT_DI_U", 0x1C, NULL),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+	},
+/* 
+ * multi homed vs. unique section
+ */
+	/*
+	 * mhomed,active vs. unique,active with same ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_MA_UA_SI_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * mhomed,active vs. unique,active with different ip(s), positive response
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_MA_UA_DI_P", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 10,
+			.positive	= true,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * mhomed,active vs. unique,active with different ip(s), positive response other ips
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_MA_UA_DI_O", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 10,
+			.positive	= true,
+			.num_ips	= ARRAY_SIZE(addresses_A_3_4),
+			.ips		= addresses_A_3_4,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * mhomed,active vs. unique,active with different ip(s), negative response
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_MA_UA_DI_N", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 10,
+			.positive	= false,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * mhomed,active vs. unique,tombstone with same ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_MA_UT_SI_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * mhomed,active vs. unique,tombstone with different ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_MA_UT_DI_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+	},
+/* 
+ * multi homed vs. normal group section
+ */
+	/*
+	 * mhomed,active vs. group,active with same ip(s), release expected
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_MA_GA_SI_R", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 10,
+			.expect_release	= true,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * mhomed,active vs. group,active with different ip(s), release expected
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_MA_GA_DI_R", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 10,
+			.expect_release	= true,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * mhomed,active vs. group,tombstone with same ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_MA_GT_SI_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * mhomed,active vs. group,tombstone with different ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_MA_GT_DI_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_GROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+	},
+/* 
+ * multi homed vs. special group section
+ */
+	/*
+	 * mhomed,active vs. sgroup,active with same ip(s), release expected
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_MA_SA_SI_R", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 10,
+			.expect_release	= true,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * mhomed,active vs. group,active with different ip(s), release expected
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_MA_SA_DI_R", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 10,
+			.expect_release	= true,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * mhomed,active vs. sgroup,tombstone with same ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_MA_ST_SI_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * mhomed,active vs. sgroup,tombstone with different ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_MA_ST_DI_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_1),
+			.ips		= addresses_B_1,
+			.apply_expected	= false
+		},
+	},
+/* 
+ * multi homed vs. multi homed section
+ */
+	/*
+	 * mhomed,active vs. mhomed,active with same ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_MA_MA_SI_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * mhomed,active vs. mhomed,active with superset ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_MA_MA_SP_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_all_num,
+			.ips		= ctx->addresses_all,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * mhomed,active vs. mhomed,active with different ip(s), positive response
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_MA_MA_DI_P", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 10,
+			.positive	= true,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4),
+			.ips		= addresses_B_3_4,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * mhomed,active vs. mhomed,active with different ip(s), positive response other ips
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_MA_MA_DI_O", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 10,
+			.positive	= true,
+			.num_ips	= ARRAY_SIZE(addresses_A_3_4),
+			.ips		= addresses_A_3_4,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4),
+			.ips		= addresses_B_3_4,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * mhomed,active vs. mhomed,active with different ip(s), negative response
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_MA_MA_DI_N", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 10,
+			.positive	= false,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4),
+			.ips		= addresses_B_3_4,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * mhomed,active vs. mhomed,tombstone with same ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_MA_MT_SI_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * mhomed,active vs. mhomed,tombstone with different ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_MA_MT_DI_U", 0x00, NULL),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4),
+			.ips		= addresses_B_3_4,
+			.apply_expected	= false
+		},
+	},
+/*
+ * some more multi homed test, including merging
+ */
+	/*
+	 * mhomed,active vs. mhomed,active with superset ip(s), unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.section= "Test Replica vs. owned active: some more MHOMED combinations",
+		.name	= _NBT_NAME("_MA_MA_SP_U", 0x00, NULL),
+		.comment= "C:MHOMED vs. B:ALL => B:ALL",
+		.skip	= (ctx->addresses_all_num < 3),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_mhomed_num,
+			.ips		= ctx->addresses_mhomed,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_all_num,
+			.ips		= ctx->addresses_all,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * mhomed,active vs. mhomed,active with same ips, unchecked
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_MA_MA_SM_U", 0x00, NULL),
+		.comment= "C:MHOMED vs. B:MHOMED => B:MHOMED",
+		.skip	= (ctx->addresses_mhomed_num < 2),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_mhomed_num,
+			.ips		= ctx->addresses_mhomed,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_mhomed_num,
+			.ips		= ctx->addresses_mhomed,
+			.apply_expected	= true
+		},
+	},
+	/*
+	 * mhomed,active vs. mhomed,active with subset ip(s), positive response
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_MA_MA_SB_P", 0x00, NULL),
+		.comment= "C:MHOMED vs. B:BEST (C:MHOMED) => B:MHOMED",
+		.skip	= (ctx->addresses_mhomed_num < 2),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_mhomed_num,
+			.ips		= ctx->addresses_mhomed,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 10,
+			.positive	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.mhomed_merge	= true
+		},
+	},
+	/*
+	 * mhomed,active vs. mhomed,active with subset ip(s), positive response, with all addresses
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_MA_MA_SB_A", 0x00, NULL),
+		.comment= "C:MHOMED vs. B:BEST (C:ALL) => B:MHOMED",
+		.skip	= (ctx->addresses_all_num < 3),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_mhomed_num,
+			.ips		= ctx->addresses_mhomed,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 10,
+			.positive	= true,
+			.num_ips	= ctx->addresses_all_num,
+			.ips		= ctx->addresses_all,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.mhomed_merge	= true
+		},
+	},
+	/*
+	 * mhomed,active vs. mhomed,active with subset ip(s), positive response, with replicas addresses
+	 * TODO: check why the server sends a name release demand for one address?
+	 *       the release demand has no effect to the database record...
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_MA_MA_SB_PRA", 0x00, NULL),
+		.comment= "C:MHOMED vs. B:BEST (C:BEST) => C:MHOMED",
+		.skip	= (ctx->addresses_all_num < 2),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_mhomed_num,
+			.ips		= ctx->addresses_mhomed,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 10,
+			.positive	= true,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.late_release	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * mhomed,active vs. mhomed,active with subset ip(s), positive response, with other addresses
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_MA_MA_SB_O", 0x00, NULL),
+		.comment= "C:MHOMED vs. B:BEST (B:B_3_4) =>C:MHOMED",
+		.skip	= (ctx->addresses_all_num < 2),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_mhomed_num,
+			.ips		= ctx->addresses_mhomed,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 10,
+			.positive	= true,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4),
+			.ips		= addresses_B_3_4,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * mhomed,active vs. mhomed,active with subset ip(s), negative response
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_MA_MA_SB_N", 0x00, NULL),
+		.comment= "C:MHOMED vs. B:BEST (NEGATIVE) => B:BEST",
+		.skip	= (ctx->addresses_mhomed_num < 2),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_mhomed_num,
+			.ips		= ctx->addresses_mhomed,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 10,
+			.positive	= false
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+	},
+/*
+ * some more multi homed and unique test, including merging
+ */
+	/*
+	 * mhomed,active vs. unique,active with subset ip(s), positive response
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.section= "Test Replica vs. owned active: some more UNIQUE,MHOMED combinations",
+		.name	= _NBT_NAME("_MA_UA_SB_P", 0x00, NULL),
+		.comment= "C:MHOMED vs. B:UNIQUE,BEST (C:MHOMED) => B:MHOMED",
+		.skip	= (ctx->addresses_all_num < 2),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= true,
+			.num_ips	= ctx->addresses_mhomed_num,
+			.ips		= ctx->addresses_mhomed,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 10,
+			.positive	= true,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.mhomed_merge	= true
+		},
+	},
+	/*
+	 * unique,active vs. unique,active with different ip(s), positive response, with replicas address
+	 * TODO: check why the server sends a name release demand for one address?
+	 *       the release demand has no effect to the database record...
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_UA_UA_DI_PRA", 0x00, NULL),
+		.comment= "C:BEST vs. B:BEST2 (C:BEST2,LR:BEST2) => C:BEST",
+		.skip	= (ctx->addresses_all_num < 2),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 10,
+			.positive	= true,
+			.num_ips	= ctx->addresses_best2_num,
+			.ips		= ctx->addresses_best2,
+			.late_release	= true
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best2_num,
+			.ips		= ctx->addresses_best2,
+			.apply_expected	= false,
+		},
+	},
+	/*
+	 * unique,active vs. unique,active with different ip(s), positive response, with all addresses
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_UA_UA_DI_A", 0x00, NULL),
+		.comment= "C:BEST vs. B:BEST2 (C:ALL) => B:MHOMED",
+		.skip	= (ctx->addresses_all_num < 3),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 10,
+			.positive	= true,
+			.num_ips	= ctx->addresses_all_num,
+			.ips		= ctx->addresses_all,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_UNIQUE,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best2_num,
+			.ips		= ctx->addresses_best2,
+			.mhomed_merge	= true,
+		},
+	},
+	/*
+	 * unique,active vs. mhomed,active with different ip(s), positive response, with all addresses
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_UA_MA_DI_A", 0x00, NULL),
+		.comment= "C:BEST vs. B:BEST2 (C:ALL) => B:MHOMED",
+		.skip	= (ctx->addresses_all_num < 3),
+		.wins	= {
+			.nb_flags	= 0,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 10,
+			.positive	= true,
+			.num_ips	= ctx->addresses_all_num,
+			.ips		= ctx->addresses_all,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_MHOMED,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best2_num,
+			.ips		= ctx->addresses_best2,
+			.mhomed_merge	= true,
+		},
+	},
+/*
+ * special group vs. special group merging section
+ */
+	/*
+	 * sgroup,active vs. sgroup,active with different ip(s)
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.section= "Test Replica vs. owned active: SGROUP vs. SGROUP tests",
+		.name	= _NBT_NAME("_SA_SA_DI_U", 0x1C, NULL),
+		.skip	= (ctx->addresses_all_num < 3),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_mhomed_num,
+			.ips		= ctx->addresses_mhomed,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4),
+			.ips		= addresses_B_3_4,
+			.sgroup_merge	= true
+		},
+	},
+	/*
+	 * sgroup,active vs. sgroup,active with same ip(s)
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_SA_SA_SI_U", 0x1C, NULL),
+		.skip	= (ctx->addresses_all_num < 3),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_mhomed_num,
+			.ips		= ctx->addresses_mhomed,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_mhomed_num,
+			.ips		= ctx->addresses_mhomed,
+			.sgroup_merge	= true
+		},
+	},
+	/*
+	 * sgroup,active vs. sgroup,active with superset ip(s)
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_SA_SA_SP_U", 0x1C, NULL),
+		.skip	= (ctx->addresses_all_num < 3),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_mhomed_num,
+			.ips		= ctx->addresses_mhomed,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_all_num,
+			.ips		= ctx->addresses_all,
+			.sgroup_merge	= true
+		},
+	},
+	/*
+	 * sgroup,active vs. sgroup,active with subset ip(s)
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_SA_SA_SB_U", 0x1C, NULL),
+		.skip	= (ctx->addresses_all_num < 3),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_mhomed_num,
+			.ips		= ctx->addresses_mhomed,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_ACTIVE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.sgroup_merge	= true
+		},
+	},
+	/*
+	 * sgroup,active vs. sgroup,tombstone with different ip(s)
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_SA_ST_DI_U", 0x1C, NULL),
+		.skip	= (ctx->addresses_all_num < 3),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_mhomed_num,
+			.ips		= ctx->addresses_mhomed,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ARRAY_SIZE(addresses_B_3_4),
+			.ips		= addresses_B_3_4,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * sgroup,active vs. sgroup,tombstone with same ip(s)
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_SA_ST_SI_U", 0x1C, NULL),
+		.skip	= (ctx->addresses_all_num < 3),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_mhomed_num,
+			.ips		= ctx->addresses_mhomed,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_mhomed_num,
+			.ips		= ctx->addresses_mhomed,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * sgroup,active vs. sgroup,tombstone with superset ip(s)
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_SA_ST_SP_U", 0x1C, NULL),
+		.skip	= (ctx->addresses_all_num < 3),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_mhomed_num,
+			.ips		= ctx->addresses_mhomed,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_all_num,
+			.ips		= ctx->addresses_all,
+			.apply_expected	= false
+		},
+	},
+	/*
+	 * sgroup,active vs. sgroup,tombstone with subset ip(s)
+	 */
+	{
+		.tctx	= tctx,
+		.line	= __location__,
+		.name	= _NBT_NAME("_SA_ST_SB_U", 0x1C, NULL),
+		.skip	= (ctx->addresses_all_num < 3),
+		.wins	= {
+			.nb_flags	= NBT_NM_GROUP,
+			.mhomed		= false,
+			.num_ips	= ctx->addresses_mhomed_num,
+			.ips		= ctx->addresses_mhomed,
+			.apply_expected	= true
+		},
+		.defend	= {
+			.timeout	= 0,
+		},
+		.replica= {
+			.type		= WREPL_TYPE_SGROUP,
+			.state		= WREPL_STATE_TOMBSTONE,
+			.node		= WREPL_NODE_B,
+			.is_static	= false,
+			.num_ips	= ctx->addresses_best_num,
+			.ips		= ctx->addresses_best,
+			.apply_expected	= false
+		},
+	},
+	};
+
+	if (!ctx->nbtsock_srv) {
+		torture_comment(tctx, "SKIP: Test Replica records vs. owned active records: not bound to port[%d]\n",
+			lpcfg_nbt_port(tctx->lp_ctx));
+		return true;
+	}
+
+	torture_comment(tctx, "Test Replica records vs. owned active records\n");
+
+	for(i=0; ret && i < ARRAY_SIZE(records); i++) {
+		struct timeval end;
+		struct test_conflict_owned_active_vs_replica_struct record = records[i];
+		uint32_t j, count = 1;
+		const char *action;
+
+		if (records[i].wins.mhomed || records[i].name.type == 0x1C) {
+			count = records[i].wins.num_ips;
+		}
+
+		if (records[i].section) {
+			torture_comment(tctx, "%s\n", records[i].section);
+		}
+
+		if (records[i].skip) {
+			torture_comment(tctx, "%s => SKIPPED\n", nbt_name_string(ctx, &records[i].name));
+			continue;
+		}
+
+		if (records[i].replica.mhomed_merge) {
+			action = "MHOMED_MERGE";
+		} else if (records[i].replica.sgroup_merge) {
+			action = "SGROUP_MERGE";
+		} else if (records[i].replica.apply_expected) {
+			action = "REPLACE";
+		} else {
+			action = "NOT REPLACE";
+		}
+
+		torture_comment(tctx, "%s%s%s => %s\n",
+			nbt_name_string(ctx, &records[i].name),
+			(records[i].comment?": ":""),
+			(records[i].comment?records[i].comment:""),
+			action);
+
+		/* Prepare for multi homed registration */
+		ZERO_STRUCT(records[i].defend);
+		records[i].defend.timeout	= 10;
+		records[i].defend.positive	= true;
+		nbt_set_incoming_handler(ctx->nbtsock_srv,
+					 test_conflict_owned_active_vs_replica_handler,
+					 &records[i]);
+		if (ctx->nbtsock_srv2) {
+			nbt_set_incoming_handler(ctx->nbtsock_srv2,
+						 test_conflict_owned_active_vs_replica_handler,
+						 &records[i]);
+		}
+
+		/*
+		 * Setup Register
+		 */
+		for (j=0; j < count; j++) {
+			struct nbt_name_request *req;
+
+			name_register->in.name		= records[i].name;
+			name_register->in.dest_addr	= ctx->address;
+			name_register->in.dest_port     = lpcfg_nbt_port(tctx->lp_ctx);
+			name_register->in.address	= records[i].wins.ips[j].ip;
+			name_register->in.nb_flags	= records[i].wins.nb_flags;
+			name_register->in.register_demand= false;
+			name_register->in.broadcast	= false;
+			name_register->in.multi_homed	= records[i].wins.mhomed;
+			name_register->in.ttl		= 300000;
+			name_register->in.timeout	= 70;
+			name_register->in.retries	= 0;
+
+			req = nbt_name_register_send(ctx->nbtsock, name_register);
+
+			/* push the request on the wire */
+			tevent_loop_once(ctx->nbtsock->event_ctx);
+
+			/*
+			 * if we register multiple addresses,
+			 * the server will do name queries to see if the old addresses
+			 * are still alive
+			 */
+			if (records[i].wins.mhomed && j > 0) {
+				end = timeval_current_ofs(records[i].defend.timeout,0);
+				records[i].defend.ret = true;
+				while (records[i].defend.timeout > 0) {
+					tevent_loop_once(ctx->nbtsock_srv->event_ctx);
+					if (timeval_expired(&end)) break;
+				}
+				ret &= records[i].defend.ret;
+			}
+
+			status = nbt_name_register_recv(req, ctx, name_register);
+			if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
+				torture_comment(tctx, "No response from %s for name register\n", ctx->address);
+				ret = false;
+			}
+			if (!NT_STATUS_IS_OK(status)) {
+				torture_comment(tctx, "Bad response from %s for name register - %s\n",
+				       ctx->address, nt_errstr(status));
+				ret = false;
+			}
+			CHECK_VALUE(tctx, name_register->out.rcode, 0);
+			CHECK_VALUE_STRING(tctx, name_register->out.reply_from, ctx->address);
+			CHECK_VALUE(tctx, name_register->out.name.type, records[i].name.type);
+			CHECK_VALUE_STRING(tctx, name_register->out.name.name, records[i].name.name);
+			CHECK_VALUE_STRING(tctx, name_register->out.name.scope, records[i].name.scope);
+			CHECK_VALUE_STRING(tctx, name_register->out.reply_addr, records[i].wins.ips[j].ip);
+		}
+
+		/* Prepare for the current test */
+		records[i].defend = record.defend;
+		nbt_set_incoming_handler(ctx->nbtsock_srv,
+					 test_conflict_owned_active_vs_replica_handler,
+					 &records[i]);
+		if (ctx->nbtsock_srv2) {
+			nbt_set_incoming_handler(ctx->nbtsock_srv2,
+						 test_conflict_owned_active_vs_replica_handler,
+						 &records[i]);
+		}
+
+		/*
+		 * Setup Replica
+		 */
+		wins_name->name		= &records[i].name;
+		wins_name->flags	= WREPL_NAME_FLAGS(records[i].replica.type,
+							   records[i].replica.state,
+							   records[i].replica.node,
+							   records[i].replica.is_static);
+		wins_name->id		= ++ctx->b.max_version;
+		if (wins_name->flags & 2) {
+			wins_name->addresses.addresses.num_ips = records[i].replica.num_ips;
+			wins_name->addresses.addresses.ips     = discard_const_p(struct wrepl_ip,
+								 records[i].replica.ips);
+		} else {
+			wins_name->addresses.ip = records[i].replica.ips[0].ip;
+		}
+		wins_name->unknown	= "255.255.255.255";
+
+		ret &= test_wrepl_update_one(tctx, ctx, &ctx->b, wins_name);
+
+		/*
+		 * wait for the name query, which is handled in
+		 * test_conflict_owned_active_vs_replica_handler()
+		 */
+		end = timeval_current_ofs(records[i].defend.timeout,0);
+		records[i].defend.ret = true;
+		while (records[i].defend.timeout > 0) {
+			tevent_loop_once(ctx->nbtsock_srv->event_ctx);
+			if (timeval_expired(&end)) break;
+		}
+		ret &= records[i].defend.ret;
+
+		if (records[i].defend.late_release) {
+			records[i].defend = record.defend;
+			records[i].defend.expect_release = true;
+			/*
+			 * wait for the name release demand, which is handled in
+			 * test_conflict_owned_active_vs_replica_handler()
+			 */
+			end = timeval_current_ofs(records[i].defend.timeout,0);
+			records[i].defend.ret = true;
+			while (records[i].defend.timeout > 0) {
+				tevent_loop_once(ctx->nbtsock_srv->event_ctx);
+				if (timeval_expired(&end)) break;
+			}
+			ret &= records[i].defend.ret;
+		}
+
+		if (records[i].replica.mhomed_merge) {
+			ret &= test_wrepl_mhomed_merged(tctx, ctx, &ctx->c,
+						        records[i].wins.num_ips, records[i].wins.ips,
+						        &ctx->b,
+							records[i].replica.num_ips, records[i].replica.ips,
+							wins_name);
+		} else if (records[i].replica.sgroup_merge) {
+			ret &= test_wrepl_sgroup_merged(tctx, ctx, NULL,
+							&ctx->c,
+						        records[i].wins.num_ips, records[i].wins.ips,
+							&ctx->b,
+							records[i].replica.num_ips, records[i].replica.ips,
+							wins_name);
+		} else {
+			ret &= test_wrepl_is_applied(tctx, ctx, &ctx->b, wins_name,
+						     records[i].replica.apply_expected);
+		}
+
+		if (records[i].replica.apply_expected ||
+		    records[i].replica.mhomed_merge) {
+			wins_name->name		= &records[i].name;
+			wins_name->flags	= WREPL_NAME_FLAGS(WREPL_TYPE_UNIQUE,
+								   WREPL_STATE_TOMBSTONE,
+								   WREPL_NODE_B, false);
+			wins_name->id		= ++ctx->b.max_version;
+			wins_name->addresses.ip = addresses_B_1[0].ip;
+			wins_name->unknown	= "255.255.255.255";
+
+			ret &= test_wrepl_update_one(tctx, ctx, &ctx->b, wins_name);
+			ret &= test_wrepl_is_applied(tctx, ctx, &ctx->b, wins_name, true);
+		} else {
+			for (j=0; j < count; j++) {
+				struct nbt_name_socket *nbtsock = ctx->nbtsock;
+
+				if (ctx->myaddr2 && strcmp(records[i].wins.ips[j].ip, ctx->myaddr2->addr) == 0) {
+					nbtsock = ctx->nbtsock2;
+				}
+
+				release->in.name	= records[i].name;
+				release->in.dest_addr	= ctx->address;
+				release->in.dest_port   = lpcfg_nbt_port(tctx->lp_ctx);
+				release->in.address	= records[i].wins.ips[j].ip;
+				release->in.nb_flags	= records[i].wins.nb_flags;
+				release->in.broadcast	= false;
+				release->in.timeout	= 30;
+				release->in.retries	= 0;
+
+				status = nbt_name_release(nbtsock, ctx, release);
+				if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
+					torture_comment(tctx, "No response from %s for name release\n", ctx->address);
+					return false;
+				}
+				if (!NT_STATUS_IS_OK(status)) {
+					torture_comment(tctx, "Bad response from %s for name query - %s\n",
+					       ctx->address, nt_errstr(status));
+					return false;
+				}
+				CHECK_VALUE(tctx, release->out.rcode, 0);
+			}
+
+			if (records[i].replica.sgroup_merge) {
+				/* clean up the SGROUP record */
+				wins_name->name		= &records[i].name;
+				wins_name->flags	= WREPL_NAME_FLAGS(WREPL_TYPE_SGROUP,
+									   WREPL_STATE_ACTIVE,
+									   WREPL_NODE_B, false);
+				wins_name->id		= ++ctx->b.max_version;
+				wins_name->addresses.addresses.num_ips = 0;
+				wins_name->addresses.addresses.ips     = NULL;
+				wins_name->unknown	= "255.255.255.255";
+				ret &= test_wrepl_update_one(tctx, ctx, &ctx->b, wins_name);
+
+				/* take ownership of the SGROUP record */
+				wins_name->name		= &records[i].name;
+				wins_name->flags	= WREPL_NAME_FLAGS(WREPL_TYPE_SGROUP,
+									   WREPL_STATE_ACTIVE,
+									   WREPL_NODE_B, false);
+				wins_name->id		= ++ctx->b.max_version;
+				wins_name->addresses.addresses.num_ips = ARRAY_SIZE(addresses_B_1);
+				wins_name->addresses.addresses.ips     = discard_const_p(struct wrepl_ip,
+									 addresses_B_1);
+				wins_name->unknown	= "255.255.255.255";
+				ret &= test_wrepl_update_one(tctx, ctx, &ctx->b, wins_name);
+				ret &= test_wrepl_is_applied(tctx, ctx, &ctx->b, wins_name, true);
+
+				/* overwrite the SGROUP record with unique,tombstone */
+				wins_name->name		= &records[i].name;
+				wins_name->flags	= WREPL_NAME_FLAGS(WREPL_TYPE_UNIQUE,
+									   WREPL_STATE_TOMBSTONE,
+									   WREPL_NODE_B, false);
+				wins_name->id		= ++ctx->b.max_version;
+				wins_name->addresses.ip = addresses_A_1[0].ip;
+				wins_name->unknown	= "255.255.255.255";
+				ret &= test_wrepl_update_one(tctx, ctx, &ctx->b, wins_name);
+				ret &= test_wrepl_is_applied(tctx, ctx, &ctx->b, wins_name, true);
+			}
+		}
+
+		if (!ret) {
+			torture_comment(tctx, "conflict handled wrong or record[%u]: %s\n", i, records[i].line);
+			return ret;
+		}
+	}
+
+	return ret;
+}
+
+#define __NBT_LABEL_CAT1__(a,b)    a##b
+#define __NBT_LABEL_CAT2__(a,b)    __NBT_LABEL_CAT1__(a,b)
+#define _NBT_LABEL __NBT_LABEL_CAT2__(_label_, __LINE__)
+
+#define _NBT_ASSERT(v, correct) do { \
+	bool _ret = true; \
+	torture_assert_int_equal_goto(rec->tctx, v, correct, \
+			_ret, _NBT_LABEL, "Invalid int value"); \
+_NBT_LABEL: \
+	if (!_ret) { \
+		return; \
+	} \
+} while (0)
+
+#define _NBT_ASSERT_STRING(v, correct) do { \
+	bool _ret = true; \
+	torture_assert_str_equal_goto(rec->tctx, v, correct, \
+			_ret, _NBT_LABEL, "Invalid string value"); \
+_NBT_LABEL: \
+	if (!_ret) { \
+		return; \
+	} \
+} while (0)
+
+static void test_conflict_owned_active_vs_replica_handler_query(struct nbt_name_socket *nbtsock, 
+								struct nbt_name_packet *req_packet, 
+								struct socket_address *src)
+{
+	struct nbt_name *name;
+	struct nbt_name_packet *rep_packet;
+	struct test_conflict_owned_active_vs_replica_struct *rec = 
+		(struct test_conflict_owned_active_vs_replica_struct *)nbtsock->incoming.private_data;
+
+	_NBT_ASSERT(req_packet->qdcount, 1);
+	_NBT_ASSERT(req_packet->questions[0].question_type, NBT_QTYPE_NETBIOS);
+	_NBT_ASSERT(req_packet->questions[0].question_class, NBT_QCLASS_IP);
+
+	name = &req_packet->questions[0].name;
+
+	_NBT_ASSERT_STRING(name->name, rec->name.name);
+	_NBT_ASSERT(name->type, rec->name.type);
+	_NBT_ASSERT_STRING(name->scope, rec->name.scope);
+
+	_NBT_ASSERT(rec->defend.expect_release, false);
+
+	rep_packet = talloc_zero(nbtsock, struct nbt_name_packet);
+	if (rep_packet == NULL) return;
+
+	rep_packet->name_trn_id	= req_packet->name_trn_id;
+	rep_packet->ancount	= 1;
+
+	rep_packet->answers	= talloc_array(rep_packet, struct nbt_res_rec, 1);
+	if (rep_packet->answers == NULL) return;
+
+	rep_packet->answers[0].name      = *name;
+	rep_packet->answers[0].rr_class  = NBT_QCLASS_IP;
+	rep_packet->answers[0].ttl       = 0;
+
+	if (rec->defend.positive) {
+		uint32_t i, num_ips;
+		const struct wrepl_ip *ips;		
+
+		if (rec->defend.num_ips > 0) {
+			num_ips	= rec->defend.num_ips;
+			ips	= rec->defend.ips;
+		} else {
+			num_ips	= rec->wins.num_ips;
+			ips	= rec->wins.ips;
+		}
+
+		/* send a positive reply */
+		rep_packet->operation	=
+					NBT_FLAG_REPLY |
+					NBT_OPCODE_QUERY |
+					NBT_FLAG_AUTHORITATIVE |
+					NBT_FLAG_RECURSION_DESIRED |
+					NBT_FLAG_RECURSION_AVAIL;
+
+		rep_packet->answers[0].rr_type   = NBT_QTYPE_NETBIOS;
+
+		rep_packet->answers[0].rdata.netbios.length = num_ips*6;
+		rep_packet->answers[0].rdata.netbios.addresses = 
+			talloc_array(rep_packet->answers, struct nbt_rdata_address, num_ips);
+		if (rep_packet->answers[0].rdata.netbios.addresses == NULL) return;
+
+		for (i=0; i < num_ips; i++) {
+			struct nbt_rdata_address *addr = 
+				&rep_packet->answers[0].rdata.netbios.addresses[i];
+			addr->nb_flags	= rec->wins.nb_flags;
+			addr->ipaddr	= ips[i].ip;
+		}
+		DEBUG(2,("Sending positive name query reply for %s to %s:%d\n", 
+			nbt_name_string(rep_packet, name), src->addr, src->port));
+	} else {
+		/* send a negative reply */
+		rep_packet->operation	=
+					NBT_FLAG_REPLY |
+					NBT_OPCODE_QUERY |
+					NBT_FLAG_AUTHORITATIVE |
+					NBT_RCODE_NAM;
+
+		rep_packet->answers[0].rr_type   = NBT_QTYPE_NULL;
+
+		ZERO_STRUCT(rep_packet->answers[0].rdata);
+
+		DEBUG(2,("Sending negative name query reply for %s to %s:%d\n", 
+			nbt_name_string(rep_packet, name), src->addr, src->port));
+	}
+
+	nbt_name_reply_send(nbtsock, src, rep_packet);
+	talloc_free(rep_packet);
+
+	/* make sure we push the reply to the wire */
+	while (nbtsock->send_queue) {
+		tevent_loop_once(nbtsock->event_ctx);
+	}
+	smb_msleep(1000);
+
+	rec->defend.timeout	= 0;
+	rec->defend.ret		= true;
+}
+
+static void test_conflict_owned_active_vs_replica_handler_release(
+								  struct nbt_name_socket *nbtsock, 
+								  struct nbt_name_packet *req_packet, 
+								  struct socket_address *src)
+{
+	struct nbt_name *name;
+	struct nbt_name_packet *rep_packet;
+	struct test_conflict_owned_active_vs_replica_struct *rec = 
+		(struct test_conflict_owned_active_vs_replica_struct *)nbtsock->incoming.private_data;
+
+	_NBT_ASSERT(req_packet->qdcount, 1);
+	_NBT_ASSERT(req_packet->questions[0].question_type, NBT_QTYPE_NETBIOS);
+	_NBT_ASSERT(req_packet->questions[0].question_class, NBT_QCLASS_IP);
+
+	name = &req_packet->questions[0].name;
+
+	_NBT_ASSERT_STRING(name->name, rec->name.name);
+	_NBT_ASSERT(name->type, rec->name.type);
+	_NBT_ASSERT_STRING(name->scope, rec->name.scope);
+
+	_NBT_ASSERT(rec->defend.expect_release, true);
+
+	rep_packet = talloc_zero(nbtsock, struct nbt_name_packet);
+	if (rep_packet == NULL) return;
+
+	rep_packet->name_trn_id	= req_packet->name_trn_id;
+	rep_packet->ancount	= 1;
+	rep_packet->operation	=
+				NBT_FLAG_REPLY |
+				NBT_OPCODE_RELEASE |
+				NBT_FLAG_AUTHORITATIVE;
+
+	rep_packet->answers	= talloc_array(rep_packet, struct nbt_res_rec, 1);
+	if (rep_packet->answers == NULL) return;
+
+	rep_packet->answers[0].name	= *name;
+	rep_packet->answers[0].rr_type	= NBT_QTYPE_NETBIOS;
+	rep_packet->answers[0].rr_class	= NBT_QCLASS_IP;
+	rep_packet->answers[0].ttl	= req_packet->additional[0].ttl;
+	rep_packet->answers[0].rdata    = req_packet->additional[0].rdata;
+
+	DEBUG(2,("Sending name release reply for %s to %s:%d\n", 
+		nbt_name_string(rep_packet, name), src->addr, src->port));
+
+	nbt_name_reply_send(nbtsock, src, rep_packet);
+	talloc_free(rep_packet);
+
+	/* make sure we push the reply to the wire */
+	while (nbtsock->send_queue) {
+		tevent_loop_once(nbtsock->event_ctx);
+	}
+	smb_msleep(1000);
+
+	rec->defend.timeout	= 0;
+	rec->defend.ret		= true;
+}
+
+static void test_conflict_owned_active_vs_replica_handler(struct nbt_name_socket *nbtsock, 
+							  struct nbt_name_packet *req_packet, 
+							  struct socket_address *src)
+{
+	struct test_conflict_owned_active_vs_replica_struct *rec = 
+		(struct test_conflict_owned_active_vs_replica_struct *)nbtsock->incoming.private_data;
+	struct nbt_name *name = &req_packet->questions[0].name;
+
+	if (req_packet->operation & NBT_FLAG_BROADCAST) {
+		torture_comment(rec->tctx,
+			"%s: incoming packet name[%s] flags[0x%08X] from[%s]\n",
+			__location__,
+			nbt_name_string(rec->tctx, name),
+			req_packet->operation,
+			src->addr);
+		return;
+	}
+
+	rec->defend.ret = false;
+
+	switch (req_packet->operation & NBT_OPCODE) {
+	case NBT_OPCODE_QUERY:
+		test_conflict_owned_active_vs_replica_handler_query(nbtsock, req_packet, src);
+		break;
+	case NBT_OPCODE_RELEASE:
+		test_conflict_owned_active_vs_replica_handler_release(nbtsock, req_packet, src);
+		break;
+	default:
+		torture_comment(rec->tctx,
+			"%s: unexpected packet name[%s] flags[0x%08X] from[%s]\n",
+			__location__,
+			nbt_name_string(rec->tctx, name),
+			req_packet->operation,
+			src->addr);
+		_NBT_ASSERT((req_packet->operation & NBT_OPCODE), NBT_OPCODE_QUERY);
+		break;
+	}
+}
+
+/*
+  test WINS replication replica conflicts operations
+*/
+static bool torture_nbt_winsreplication_replica(struct torture_context *tctx)
+{
+	bool ret = true;
+	struct test_wrepl_conflict_conn *ctx;
+
+	const char *address;
+	struct nbt_name name;
+
+	if (!torture_nbt_get_name(tctx, &name, &address))
+		return false;
+
+	ctx = test_create_conflict_ctx(tctx, address);
+	if (!ctx) return false;
+
+	ret &= test_conflict_same_owner(tctx, ctx);
+	ret &= test_conflict_different_owner(tctx, ctx);
+
+	return ret;
+}
+
+/*
+  test WINS replication owned conflicts operations
+*/
+static bool torture_nbt_winsreplication_owned(struct torture_context *tctx)
+{
+	const char *address;
+	struct nbt_name name;
+	bool ret = true;
+	struct test_wrepl_conflict_conn *ctx;
+
+	if (torture_setting_bool(tctx, "quick", false))
+		torture_skip(tctx, 
+			"skip NBT-WINSREPLICATION-OWNED test in quick test mode\n");
+
+	if (!torture_nbt_get_name(tctx, &name, &address))
+		return false;
+
+	ctx = test_create_conflict_ctx(tctx, address);
+	torture_assert(tctx, ctx != NULL, "Creating context failed");
+
+	ret &= test_conflict_owned_released_vs_replica(tctx, ctx);
+	ret &= test_conflict_owned_active_vs_replica(tctx, ctx);
+
+	return ret;
+}
+
+/*
+  test simple WINS replication operations
+*/
+struct torture_suite *torture_nbt_winsreplication(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(
+		mem_ctx, "winsreplication");
+	struct torture_tcase *tcase;
+
+	tcase = torture_suite_add_simple_test(suite, "assoc_ctx1", 
+					     test_assoc_ctx1);
+	tcase->tests->dangerous = true;
+
+	torture_suite_add_simple_test(suite, "assoc_ctx2", test_assoc_ctx2);
+	
+	torture_suite_add_simple_test(suite, "wins_replication",
+				      test_wins_replication);
+
+	torture_suite_add_simple_test(suite, "replica",
+				      torture_nbt_winsreplication_replica);
+
+	torture_suite_add_simple_test(suite, "owned",
+				      torture_nbt_winsreplication_owned);
+
+	return suite;
+}
diff --git a/source4/torture/ndr/README b/source4/torture/ndr/README
new file mode 100644
index 0000000..c7c127d
--- /dev/null
+++ b/source4/torture/ndr/README
@@ -0,0 +1,21 @@
+use
+	hexdump -v -e '12/1 "0x%02x, " "\n"' infile|outfile
+
+to import ndr dumps
+
+
+Or use gdb:
+
+(gdb) b dump_printer
+Breakpoint 1 at 0x49c92f: file ../source3/utils/net_printing.c, line 158.
+(gdb) cond 1 strcmp(key_name, "s0bc") == 0
+(gdb) run
+Breakpoint 1, dump_printer (mem_ctx=0x700a20, key_name=0x11fb8f9 "s0bc", data=0x18f93d0 "H\032", length=1284, do_string_conversion=true) at ../source3/utils/net_printing.c:158
+158             printf("found printer: %s\n", key_name);
+
+-> Now use x/<length in byte>bx
+
+(gdb) x/1284bx data
+
+This prints data as hex values. 1284 is the length in byte (see the length
+argument of the function). The b indicates byte.
diff --git a/source4/torture/ndr/atsvc.c b/source4/torture/ndr/atsvc.c
new file mode 100644
index 0000000..0fdbe49
--- /dev/null
+++ b/source4/torture/ndr/atsvc.c
@@ -0,0 +1,215 @@
+/* 
+   Unix SMB/CIFS implementation.
+   test suite for atsvc ndr operations
+
+   Copyright (C) Jelmer Vernooij 2007
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/ndr/ndr.h"
+#include "librpc/gen_ndr/ndr_atsvc.h"
+#include "torture/ndr/proto.h"
+
+static const uint8_t jobenum_in_data[] = {
+  0x01, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x09, 0x00, 0x00, 0x00, 0x57, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x32, 0x00,
+  0x4b, 0x00, 0x44, 0x00, 0x43, 0x00, 0x31, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
+  0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool jobenum_in_check(struct torture_context *tctx, 
+							 struct atsvc_JobEnum *r)
+{
+	torture_assert(tctx, r->in.servername != NULL, "servername ptr");
+	torture_assert_str_equal(tctx, r->in.servername, "WIN2KDC1", "servername");
+	torture_assert_int_equal(tctx, r->in.ctr->entries_read, 0, "ctr entries read");
+	torture_assert(tctx, r->in.ctr->first_entry == NULL, "ctr entries first_entry");
+	torture_assert_int_equal(tctx, r->in.preferred_max_len, -1, "preferred max len");
+	torture_assert(tctx, r->in.resume_handle != NULL, "resume handle ptr");
+	torture_assert_int_equal(tctx, *r->in.resume_handle, 0, "resume handle");
+	return true;
+}
+
+static const uint8_t jobenum_out_data[] = {
+  0x07, 0x00, 0x00, 0x00, 0x28, 0x14, 0x0a, 0x00, 0x07, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0xc0, 0xe4, 0x0a, 0x05, 0x00, 0x00, 0x00, 0x00,
+  0x02, 0x13, 0x00, 0x00, 0x40, 0x18, 0x0a, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0xc0, 0xe4, 0x0a, 0x05, 0x00, 0x00, 0x00, 0x00, 0x02, 0x13, 0x00, 0x00,
+  0x30, 0x18, 0x0a, 0x00, 0x03, 0x00, 0x00, 0x00, 0xc0, 0xe4, 0x0a, 0x05,
+  0x00, 0x00, 0x00, 0x00, 0x02, 0x13, 0x00, 0x00, 0x20, 0x18, 0x0a, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0xc0, 0xe4, 0x0a, 0x05, 0x00, 0x00, 0x00, 0x00,
+  0x02, 0x13, 0x00, 0x00, 0x10, 0x18, 0x0a, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0xc0, 0xe4, 0x0a, 0x05, 0x00, 0x00, 0x00, 0x00, 0x02, 0x13, 0x00, 0x00,
+  0x00, 0x18, 0x0a, 0x00, 0x06, 0x00, 0x00, 0x00, 0xc0, 0xe4, 0x0a, 0x05,
+  0x00, 0x00, 0x00, 0x00, 0x02, 0x13, 0x00, 0x00, 0xf0, 0x17, 0x0a, 0x00,
+  0x07, 0x00, 0x00, 0x00, 0xc0, 0xe4, 0x0a, 0x05, 0x00, 0x00, 0x00, 0x00,
+  0x02, 0x13, 0x00, 0x00, 0xe0, 0x17, 0x0a, 0x00, 0x08, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x66, 0x00, 0x6f, 0x00,
+  0x6f, 0x00, 0x2e, 0x00, 0x65, 0x00, 0x78, 0x00, 0x65, 0x00, 0x00, 0x00,
+  0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00,
+  0x62, 0x00, 0x61, 0x00, 0x72, 0x00, 0x2e, 0x00, 0x65, 0x00, 0x78, 0x00,
+  0x65, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x08, 0x00, 0x00, 0x00, 0x66, 0x00, 0x6f, 0x00, 0x6f, 0x00, 0x2e, 0x00,
+  0x65, 0x00, 0x78, 0x00, 0x65, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x66, 0x00, 0x6f, 0x00,
+  0x6f, 0x00, 0x2e, 0x00, 0x65, 0x00, 0x78, 0x00, 0x65, 0x00, 0x00, 0x00,
+  0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00,
+  0x66, 0x00, 0x6f, 0x00, 0x6f, 0x00, 0x2e, 0x00, 0x65, 0x00, 0x78, 0x00,
+  0x65, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x08, 0x00, 0x00, 0x00, 0x66, 0x00, 0x6f, 0x00, 0x6f, 0x00, 0x2e, 0x00,
+  0x65, 0x00, 0x78, 0x00, 0x65, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x66, 0x00, 0x6f, 0x00,
+  0x6f, 0x00, 0x2e, 0x00, 0x65, 0x00, 0x78, 0x00, 0x65, 0x00, 0x00, 0x00,
+  0x07, 0x00, 0x00, 0x00, 0xac, 0x34, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00
+};
+
+static bool jobenum_out_check(struct torture_context *tctx, 
+							 struct atsvc_JobEnum *r)
+{
+	torture_assert_int_equal(tctx, r->out.ctr->entries_read, 7, "entries read");
+	torture_assert(tctx, r->out.ctr->first_entry != NULL, "first entry");
+	torture_assert_int_equal(tctx, r->out.ctr->first_entry[0].job_id, 1, "job id");
+	torture_assert_int_equal(tctx, r->out.ctr->first_entry[0].job_time, 84600000, "job time");
+	torture_assert_int_equal(tctx, r->out.ctr->first_entry[0].days_of_week, 0x2, "days of week");
+	torture_assert_int_equal(tctx, r->out.ctr->first_entry[0].flags, 0x13, "flags");
+	torture_assert_str_equal(tctx, r->out.ctr->first_entry[0].command, "foo.exe", "command");
+	torture_assert(tctx, r->out.total_entries != NULL, "total entries ptr");
+	torture_assert_int_equal(tctx, *r->out.total_entries, 7, "total entries");
+	torture_assert(tctx, r->out.resume_handle, "resume handle ptr");
+	torture_assert_int_equal(tctx, *r->out.resume_handle, 0, "resume handle");
+	torture_assert_ntstatus_ok(tctx, r->out.result, "return code");
+
+	return true;
+}
+
+static const uint8_t jobadd_in_data[] = {
+  0x01, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x09, 0x00, 0x00, 0x00, 0x57, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x32, 0x00,
+  0x4b, 0x00, 0x44, 0x00, 0x43, 0x00, 0x31, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0xc0, 0xe4, 0x0a, 0x05, 0x00, 0x00, 0x00, 0x00, 0x02, 0x11, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x08, 0x00, 0x00, 0x00, 0x66, 0x00, 0x6f, 0x00, 0x6f, 0x00, 0x2e, 0x00,
+  0x65, 0x00, 0x78, 0x00, 0x65, 0x00, 0x00, 0x00
+};
+
+static bool jobadd_in_check(struct torture_context *tctx, 
+							 struct atsvc_JobAdd *r)
+{
+	torture_assert_str_equal(tctx, r->in.servername, "WIN2KDC1", "servername");
+	torture_assert_int_equal(tctx, r->in.job_info->job_time, 84600000, "time");
+	torture_assert_int_equal(tctx, r->in.job_info->days_of_month, 0, "days of month");
+	torture_assert_int_equal(tctx, r->in.job_info->days_of_week, 0x2, "days of week");
+	torture_assert_int_equal(tctx, r->in.job_info->flags, 17, "flags");
+	torture_assert_str_equal(tctx, r->in.job_info->command, "foo.exe", "command");
+
+	return true;
+}
+
+static const uint8_t jobadd_out_data[] = {
+  0x0e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool jobadd_out_check(struct torture_context *tctx, 
+							 struct atsvc_JobAdd *r)
+{
+	torture_assert_int_equal(tctx, *r->out.job_id, 14, "job id");
+	torture_assert_ntstatus_ok(tctx, r->out.result, "return code");
+	return true;
+}
+
+static const uint8_t jobdel_in_data[] = {
+  0x01, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x09, 0x00, 0x00, 0x00, 0x57, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x32, 0x00,
+  0x4b, 0x00, 0x44, 0x00, 0x43, 0x00, 0x31, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x0e, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x00, 0x00
+};
+
+static bool jobdel_in_check(struct torture_context *tctx, 
+							 struct atsvc_JobDel *r)
+{
+	torture_assert_str_equal(tctx, r->in.servername, "WIN2KDC1", "servername");
+	torture_assert_int_equal(tctx, r->in.min_job_id, 14, "min job id");
+	torture_assert_int_equal(tctx, r->in.max_job_id, 14, "max job id");
+	return true;
+}
+
+static const uint8_t jobdel_out_data[] = {
+  0xde, 0x0e, 0x00, 0x00
+};
+
+static bool jobdel_out_check(struct torture_context *tctx, 
+							 struct atsvc_JobDel *r)
+{
+	/* FIXME: Check for unknown code 0x00000ede */
+	return true;
+}
+
+static const uint8_t jobgetinfo_in_data[] = {
+  0x01, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x09, 0x00, 0x00, 0x00, 0x57, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x32, 0x00,
+  0x4b, 0x00, 0x44, 0x00, 0x43, 0x00, 0x31, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x00
+};
+
+static bool jobgetinfo_in_check(struct torture_context *tctx, 
+								struct atsvc_JobGetInfo *r)
+{
+	torture_assert_str_equal(tctx, r->in.servername, "WIN2KDC1", "servername");
+	torture_assert_int_equal(tctx, r->in.job_id, 1, "job id");
+	return true;
+}
+
+static const uint8_t jobgetinfo_out_data[] = {
+  0x88, 0xe2, 0x09, 0x00, 0xc0, 0xe4, 0x0a, 0x05, 0x00, 0x00, 0x00, 0x00,
+  0x02, 0x13, 0x09, 0x00, 0x98, 0xe2, 0x09, 0x00, 0x08, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x66, 0x00, 0x6f, 0x00,
+  0x6f, 0x00, 0x2e, 0x00, 0x65, 0x00, 0x78, 0x00, 0x65, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00
+};
+
+static bool jobgetinfo_out_check(struct torture_context *tctx, 
+								struct atsvc_JobGetInfo *r)
+{
+	torture_assert(tctx, *r->out.job_info != NULL, "job info");
+	torture_assert_int_equal(tctx, (*r->out.job_info)->job_time, 84600000, "time");
+	torture_assert_int_equal(tctx, (*r->out.job_info)->days_of_month, 0, "days of month");
+	torture_assert_int_equal(tctx, (*r->out.job_info)->days_of_week, 0x2, "days of week");
+	torture_assert_int_equal(tctx, (*r->out.job_info)->flags, 0x13, "flags");
+	torture_assert_str_equal(tctx, (*r->out.job_info)->command, "foo.exe", "command");
+	return true;
+}
+
+struct torture_suite *ndr_atsvc_suite(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "atsvc");
+
+	torture_suite_add_ndr_pull_fn_test(suite, atsvc_JobEnum, jobenum_in_data, NDR_IN, jobenum_in_check );
+	torture_suite_add_ndr_pull_fn_test(suite, atsvc_JobEnum, jobenum_out_data, NDR_OUT, jobenum_out_check );
+
+	torture_suite_add_ndr_pull_fn_test(suite, atsvc_JobAdd, jobadd_in_data, NDR_IN, jobadd_in_check );
+	torture_suite_add_ndr_pull_fn_test(suite, atsvc_JobAdd, jobadd_out_data, NDR_OUT, jobadd_out_check );
+
+	torture_suite_add_ndr_pull_fn_test(suite, atsvc_JobDel, jobdel_in_data, NDR_IN, jobdel_in_check );
+	torture_suite_add_ndr_pull_fn_test(suite, atsvc_JobDel, jobdel_out_data, NDR_OUT, jobdel_out_check );
+
+	torture_suite_add_ndr_pull_fn_test(suite, atsvc_JobGetInfo, jobgetinfo_in_data, NDR_IN, jobgetinfo_in_check );
+	torture_suite_add_ndr_pull_fn_test(suite, atsvc_JobGetInfo, jobgetinfo_out_data, NDR_OUT, jobgetinfo_out_check );
+
+	return suite;
+}
+
diff --git a/source4/torture/ndr/backupkey.c b/source4/torture/ndr/backupkey.c
new file mode 100644
index 0000000..1be9229
--- /dev/null
+++ b/source4/torture/ndr/backupkey.c
@@ -0,0 +1,163 @@
+/*
+   Unix SMB/CIFS implementation.
+   Test suite for ndr on backupkey
+
+   Copyright (C) Matthieu Patou 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/ndr/ndr.h"
+#include "librpc/gen_ndr/ndr_backupkey.h"
+#include "torture/ndr/proto.h"
+
+
+static const uint8_t exported_rsa_ndr[] = {
+0x02, 0x00, 0x00, 0x00, 0x94, 0x04, 0x00, 0x00, 0x04, 0x03, 0x00, 0x00, 0x07, 0x02, 0x00, 0x00,
+0x00, 0xa4, 0x00, 0x00, 0x52, 0x53, 0x41, 0x32, 0x00, 0x08, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00,
+0x21, 0x5d, 0x57, 0xa5, 0x84, 0xfc, 0xf4, 0x89, 0x47, 0x27, 0xfe, 0x71, 0xc1, 0x7b, 0x27, 0xb1,
+0xfd, 0xe4, 0x1d, 0x7d, 0x0f, 0xe8, 0xdd, 0xc1, 0xe2, 0x95, 0x4e, 0x4a, 0xdb, 0xc7, 0x27, 0x31,
+0xbd, 0x22, 0xd7, 0xfe, 0x42, 0x12, 0x94, 0x17, 0x5e, 0x94, 0x0e, 0xc6, 0xa5, 0xef, 0xf8, 0x20,
+0x0a, 0x0f, 0xc7, 0xbf, 0x79, 0x1d, 0x12, 0x98, 0x7a, 0x21, 0xfc, 0x37, 0x9a, 0xe6, 0xec, 0x02,
+0xf6, 0xdf, 0x08, 0x49, 0x62, 0xd2, 0xee, 0x37, 0xe4, 0x1c, 0x95, 0x05, 0xd2, 0xdf, 0x8b, 0x85,
+0x80, 0x5f, 0xcb, 0x3f, 0x70, 0xb9, 0xf1, 0xf3, 0x4f, 0x8f, 0x6d, 0x73, 0xc9, 0x15, 0x2c, 0x97,
+0xb2, 0x2c, 0x17, 0x6d, 0x8b, 0xe7, 0x9a, 0x58, 0x2c, 0xcb, 0xd0, 0x06, 0x5f, 0x48, 0x49, 0xf8,
+0x80, 0x13, 0x25, 0x05, 0x2a, 0x5a, 0x71, 0x01, 0x39, 0x36, 0x89, 0x80, 0x70, 0xdb, 0x57, 0x1a,
+0xe3, 0xd7, 0xcc, 0xbd, 0x9d, 0x1f, 0x1d, 0x92, 0x60, 0x63, 0x78, 0x57, 0xd0, 0x36, 0x42, 0x07,
+0x7c, 0xdc, 0x58, 0x32, 0x6c, 0xa6, 0xfd, 0xc0, 0x85, 0x19, 0x5f, 0x32, 0x7b, 0xd6, 0x40, 0xa9,
+0xf5, 0x1a, 0x9f, 0xec, 0x7a, 0x59, 0x10, 0x71, 0xaa, 0x22, 0x39, 0x34, 0xe1, 0xd3, 0x5b, 0x0f,
+0x39, 0xd8, 0x57, 0xba, 0x59, 0x5f, 0xf3, 0xdd, 0x4d, 0x36, 0xde, 0xdc, 0x2c, 0xd3, 0x30, 0x6b,
+0x55, 0xaa, 0x5a, 0x51, 0xf6, 0xef, 0x42, 0x5c, 0x01, 0x26, 0x2b, 0x42, 0xd3, 0xf4, 0x9c, 0x6b,
+0x56, 0xb0, 0xd3, 0x80, 0x77, 0xb5, 0x80, 0xf3, 0x89, 0xbf, 0xc3, 0xd7, 0x71, 0x2e, 0x47, 0x3e,
+0x86, 0x84, 0xec, 0x9f, 0xa0, 0x38, 0xbb, 0xe9, 0xce, 0x34, 0x7d, 0x9e, 0xf7, 0xf5, 0xe8, 0xfd,
+0x90, 0x5b, 0xc1, 0x97, 0x2b, 0x08, 0x55, 0x4a, 0x57, 0x69, 0xfc, 0xd7, 0x26, 0x32, 0xd7, 0xaa,
+0x7d, 0x66, 0x4f, 0x4d, 0x46, 0xcb, 0xc9, 0x83, 0x92, 0xd9, 0x56, 0xac, 0xb0, 0x5c, 0x0a, 0xd9,
+0xeb, 0x38, 0xae, 0x24, 0x9a, 0xb0, 0x7d, 0x3c, 0x56, 0x0b, 0xbf, 0xca, 0xa9, 0xbc, 0x75, 0xad,
+0x27, 0x2f, 0x9d, 0x16, 0xb5, 0xe5, 0xf3, 0xac, 0x5e, 0x0d, 0xe1, 0x9f, 0x67, 0xb9, 0x8d, 0xeb,
+0x8a, 0xea, 0x2a, 0x00, 0xa5, 0x09, 0x35, 0x7b, 0xcc, 0xeb, 0x00, 0xdb, 0x46, 0x49, 0xac, 0x3c,
+0x00, 0x7a, 0x1e, 0x31, 0x21, 0x66, 0x7b, 0xe6, 0x10, 0x04, 0x2b, 0x39, 0x21, 0xa9, 0xe3, 0xa0,
+0x81, 0x9e, 0xeb, 0xbe, 0x04, 0xe6, 0xd4, 0x23, 0xdc, 0xca, 0x01, 0xd3, 0xfa, 0x73, 0xba, 0x75,
+0x67, 0x61, 0x7d, 0x95, 0x12, 0x14, 0x4d, 0x1e, 0x08, 0x60, 0x0f, 0xbb, 0x06, 0xcf, 0xdc, 0x1c,
+0x07, 0x3c, 0x61, 0xd9, 0x54, 0xc8, 0xca, 0x31, 0x1c, 0x5d, 0xc4, 0xf1, 0x01, 0x59, 0xfd, 0xdb,
+0x75, 0x7e, 0xcc, 0xd0, 0xe7, 0x0a, 0x9a, 0x36, 0x1e, 0xc5, 0xf9, 0x95, 0x83, 0x4d, 0x3e, 0x47,
+0x2e, 0x70, 0x12, 0x4e, 0x0e, 0x07, 0xe4, 0x56, 0x6f, 0xe7, 0xed, 0xbd, 0xe4, 0x48, 0x50, 0x0b,
+0xa6, 0x49, 0x80, 0x1c, 0x85, 0xe7, 0x92, 0x02, 0x4d, 0xfa, 0xe3, 0x6d, 0x1f, 0xc1, 0xf7, 0xf9,
+0xd0, 0x37, 0x68, 0x33, 0x85, 0x20, 0x71, 0x9c, 0xc2, 0xaa, 0x58, 0x47, 0xae, 0x39, 0x1b, 0x20,
+0x3f, 0xc1, 0x90, 0x7c, 0x3d, 0xee, 0xc9, 0x9e, 0x1b, 0x07, 0xd3, 0x0a, 0x13, 0xd1, 0xca, 0x53,
+0xd0, 0x2a, 0xf6, 0x2c, 0xa9, 0xd8, 0xef, 0xe3, 0xe0, 0x24, 0x3f, 0xf9, 0x13, 0xe3, 0xf1, 0xff,
+0x7b, 0x47, 0x59, 0x09, 0xd5, 0x6d, 0x52, 0x95, 0x87, 0xcb, 0x44, 0x6e, 0xe8, 0xaa, 0x0c, 0xe4,
+0xd1, 0xb3, 0xc9, 0xd8, 0xc0, 0xcf, 0x2b, 0x53, 0xf7, 0x8e, 0x93, 0xe9, 0xd8, 0x42, 0xce, 0xc6,
+0x01, 0x67, 0x73, 0x44, 0x5a, 0x65, 0x36, 0x96, 0x9f, 0xd1, 0xfc, 0x03, 0x9b, 0xd1, 0x0d, 0x02,
+0xc7, 0x1e, 0xe4, 0x93, 0xa6, 0x00, 0x6e, 0xfe, 0x6f, 0x8e, 0xf1, 0x93, 0x97, 0xdf, 0x28, 0xee,
+0x3e, 0x07, 0xa1, 0x38, 0xe1, 0x1b, 0xa8, 0x77, 0x78, 0x0d, 0x86, 0x39, 0x20, 0xcb, 0x71, 0xd8,
+0x2a, 0x63, 0x63, 0x00, 0xdf, 0x6e, 0xea, 0x44, 0xf1, 0xdc, 0x2e, 0xf0, 0x81, 0x41, 0x92, 0x55,
+0xce, 0x2d, 0x7c, 0xc4, 0x7f, 0x94, 0xef, 0xc9, 0xe4, 0x26, 0x15, 0x7e, 0x59, 0x9b, 0xd0, 0x10,
+0x64, 0xa6, 0x2e, 0xf7, 0x71, 0xcc, 0x5b, 0xcd, 0xa2, 0xf3, 0xe7, 0xe5, 0x56, 0xd0, 0x9d, 0xd0,
+0xaf, 0x31, 0xfc, 0x08, 0xd6, 0xff, 0x87, 0xca, 0x27, 0xa9, 0xf0, 0xf1, 0xf8, 0x2d, 0x8d, 0x1c,
+0xce, 0x48, 0xc9, 0x60, 0x50, 0x58, 0x56, 0x31, 0x6f, 0xa0, 0xbf, 0x8d, 0xf5, 0xcd, 0x3e, 0x0c,
+0x11, 0xfc, 0x5c, 0x0b, 0xe3, 0x77, 0x9e, 0x44, 0x1e, 0x1d, 0xda, 0x67, 0x8a, 0x40, 0xf2, 0x89,
+0x94, 0xd5, 0xec, 0xc9, 0xf6, 0xe8, 0xc5, 0x81, 0xd9, 0x28, 0x8b, 0x3f, 0x13, 0xc5, 0x0e, 0x3d,
+0x7f, 0x81, 0x97, 0xac, 0x52, 0xee, 0xbb, 0xcb, 0xbb, 0x3d, 0x86, 0x35, 0x1f, 0x31, 0x1a, 0x97,
+0x54, 0xf5, 0x04, 0xb4, 0x24, 0x21, 0x4e, 0xea, 0x05, 0xf3, 0x6d, 0x08, 0x20, 0xb5, 0xf7, 0x37,
+0xf6, 0xd3, 0xff, 0x57, 0x7e, 0x85, 0xf1, 0x66, 0xba, 0xed, 0xf1, 0xe9, 0xbd, 0x5b, 0x91, 0xb2,
+0x89, 0xe8, 0xdb, 0xac, 0x5b, 0x58, 0xa9, 0x0f, 0x03, 0x18, 0x38, 0x55, 0x80, 0x19, 0x04, 0x0d,
+0xa8, 0x91, 0x8b, 0x3c, 0x65, 0x23, 0x78, 0xbc, 0x0e, 0x5b, 0xc5, 0x80, 0x6e, 0xad, 0x1f, 0x97,
+0x28, 0xe5, 0x57, 0xff, 0xc9, 0x06, 0x7d, 0xa8, 0xbe, 0x65, 0xfc, 0xcd, 0x99, 0x04, 0x3a, 0x36,
+0xe3, 0xe8, 0x41, 0xd5, 0x9b, 0x13, 0x98, 0xf6, 0x76, 0xfb, 0x23, 0x6b, 0x9f, 0x2b, 0xdb, 0x06,
+0x25, 0xf3, 0x72, 0x33, 0x35, 0x92, 0x51, 0xb6, 0x49, 0x98, 0xee, 0x48, 0xc8, 0xad, 0x7b, 0x87,
+0x4a, 0x3d, 0x86, 0x69, 0x1b, 0xd3, 0x15, 0xe3, 0x6c, 0xe9, 0x83, 0x73, 0x3b, 0x0f, 0x0d, 0x0e,
+0xe2, 0x9c, 0xfe, 0xe6, 0xc0, 0x4d, 0xb9, 0xe4, 0x89, 0x56, 0x9d, 0xc0, 0x7a, 0x0c, 0xed, 0x1a,
+0x70, 0x1f, 0x2c, 0x73, 0x05, 0x22, 0x19, 0x2c, 0x70, 0x94, 0x73, 0x3d, 0x91, 0xee, 0x2d, 0xff,
+0x9c, 0x50, 0x94, 0x7b, 0x85, 0xaa, 0x42, 0xc0, 0xc9, 0xbf, 0xdc, 0xc5, 0x29, 0xaf, 0xca, 0x93,
+0x43, 0xcc, 0xc8, 0x0c, 0x3e, 0x91, 0xce, 0xcd, 0x93, 0xe6, 0x0f, 0x76, 0xcc, 0x56, 0x7a, 0x44,
+0x7c, 0x9d, 0x6b, 0xb6, 0x2d, 0xf7, 0x01, 0x3a, 0x72, 0xfb, 0x85, 0x2a, 0x37, 0xf2, 0x33, 0x0c,
+0xc1, 0x2a, 0xb4, 0x6b, 0x4f, 0xdf, 0xcd, 0x78, 0xf8, 0x18, 0xd6, 0x1e, 0xb9, 0x2e, 0x17, 0xf5,
+0xcb, 0x0e, 0xca, 0xc3, 0xf0, 0x5b, 0x2d, 0x61, 0x7b, 0xef, 0x37, 0xd7, 0x35, 0xf7, 0x90, 0x30,
+0x64, 0x46, 0x43, 0x94, 0x56, 0x5b, 0xd1, 0x10, 0x10, 0xae, 0xa4, 0x20, 0xce, 0xb3, 0x91, 0x31,
+0xbc, 0x06, 0xf2, 0xbc, 0xa0, 0x66, 0x52, 0xb5, 0xd3, 0x51, 0x6e, 0x24, 0x63, 0x3d, 0xaa, 0xa9,
+0xa9, 0x8c, 0x74, 0xf3, 0x09, 0xbf, 0x01, 0x3f, 0x48, 0x0e, 0x4a, 0x87, 0x3d, 0x91, 0x96, 0x33,
+0x17, 0x4d, 0x43, 0xe5, 0x71, 0x2c, 0x94, 0x64, 0x39, 0xe9, 0xdb, 0xdb, 0x05, 0x5f, 0x07, 0x38,
+0xa3, 0x36, 0x7b, 0x79, 0x9a, 0x74, 0xf7, 0x0e, 0x15, 0x9f, 0x49, 0x65, 0x2d, 0xf5, 0x85, 0x6c,
+0xc8, 0xbc, 0x42, 0x88, 0x93, 0xd9, 0x40, 0xfa, 0xbf, 0x14, 0x66, 0x68, 0x9e, 0x05, 0x64, 0x38,
+0x4b, 0xb5, 0x97, 0x2c, 0x48, 0x90, 0x09, 0x8e, 0x60, 0xc0, 0x56, 0xd6, 0x44, 0x2f, 0x60, 0xe8,
+0x0f, 0xa5, 0xf3, 0x95, 0xca, 0x9a, 0x09, 0x05, 0x8a, 0x3d, 0xaf, 0x01, 0x71, 0x66, 0x68, 0xa5,
+0x06, 0x6e, 0x95, 0x33, 0x46, 0x9d, 0x45, 0xcb, 0x2c, 0xdd, 0x05, 0x8d, 0xbb, 0x8f, 0xa7, 0x5b,
+0xec, 0x0b, 0x17, 0x54, 0xe3, 0xd0, 0x7d, 0xb9, 0x23, 0x77, 0xf3, 0xc6, 0x3e, 0x69, 0x2a, 0xf9,
+0xe9, 0xcf, 0x83, 0xc4, 0x09, 0xa5, 0x2a, 0xd9, 0xb3, 0x4e, 0x3f, 0x16, 0x7d, 0xf7, 0x8f, 0xb3,
+0xd0, 0x64, 0x2b, 0xc3, 0x0e, 0xb1, 0xf3, 0xdb, 0xe6, 0x4a, 0x7e, 0xf9, 0x3b, 0xc9, 0xca, 0x14,
+0x9d, 0xf2, 0x61, 0xc3, 0x59, 0x05, 0xcf, 0x0d, 0x13, 0xcf, 0x2e, 0xa9, 0xa6, 0x59, 0x30, 0xa6,
+0xef, 0x3a, 0x43, 0xbb, 0x63, 0x6f, 0x31, 0x7a, 0xfa, 0x38, 0x0d, 0xb1, 0x17, 0x4d, 0xc2, 0xa4,
+0x30, 0x82, 0x03, 0x00, 0x30, 0x82, 0x01, 0xec, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0xbd,
+0x76, 0xdf, 0x42, 0x47, 0x0a, 0x00, 0x8d, 0x47, 0x3e, 0x74, 0x3f, 0xa1, 0xdc, 0x8b, 0xbd, 0x30,
+0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1d, 0x05, 0x00, 0x30, 0x2d, 0x31, 0x2b, 0x30, 0x29,
+0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x38, 0x00, 0x72,
+0x00, 0x32, 0x00, 0x2e, 0x00, 0x6d, 0x00, 0x61, 0x00, 0x74, 0x00, 0x77, 0x00, 0x73, 0x00, 0x2e,
+0x00, 0x6e, 0x00, 0x65, 0x00, 0x74, 0x00, 0x00, 0x00, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x30, 0x30,
+0x34, 0x32, 0x38, 0x31, 0x31, 0x34, 0x31, 0x35, 0x34, 0x5a, 0x17, 0x0d, 0x31, 0x31, 0x30, 0x34,
+0x32, 0x38, 0x31, 0x31, 0x34, 0x31, 0x35, 0x34, 0x5a, 0x30, 0x2d, 0x31, 0x2b, 0x30, 0x29, 0x06,
+0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x38, 0x00, 0x72, 0x00,
+0x32, 0x00, 0x2e, 0x00, 0x6d, 0x00, 0x61, 0x00, 0x74, 0x00, 0x77, 0x00, 0x73, 0x00, 0x2e, 0x00,
+0x6e, 0x00, 0x65, 0x00, 0x74, 0x00, 0x00, 0x00, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09,
+0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00,
+0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xaa, 0xd7, 0x32, 0x26, 0xd7, 0xfc, 0x69,
+0x57, 0x4a, 0x55, 0x08, 0x2b, 0x97, 0xc1, 0x5b, 0x90, 0xfd, 0xe8, 0xf5, 0xf7, 0x9e, 0x7d, 0x34,
+0xce, 0xe9, 0xbb, 0x38, 0xa0, 0x9f, 0xec, 0x84, 0x86, 0x3e, 0x47, 0x2e, 0x71, 0xd7, 0xc3, 0xbf,
+0x89, 0xf3, 0x80, 0xb5, 0x77, 0x80, 0xd3, 0xb0, 0x56, 0x6b, 0x9c, 0xf4, 0xd3, 0x42, 0x2b, 0x26,
+0x01, 0x5c, 0x42, 0xef, 0xf6, 0x51, 0x5a, 0xaa, 0x55, 0x6b, 0x30, 0xd3, 0x2c, 0xdc, 0xde, 0x36,
+0x4d, 0xdd, 0xf3, 0x5f, 0x59, 0xba, 0x57, 0xd8, 0x39, 0x0f, 0x5b, 0xd3, 0xe1, 0x34, 0x39, 0x22,
+0xaa, 0x71, 0x10, 0x59, 0x7a, 0xec, 0x9f, 0x1a, 0xf5, 0xa9, 0x40, 0xd6, 0x7b, 0x32, 0x5f, 0x19,
+0x85, 0xc0, 0xfd, 0xa6, 0x6c, 0x32, 0x58, 0xdc, 0x7c, 0x07, 0x42, 0x36, 0xd0, 0x57, 0x78, 0x63,
+0x60, 0x92, 0x1d, 0x1f, 0x9d, 0xbd, 0xcc, 0xd7, 0xe3, 0x1a, 0x57, 0xdb, 0x70, 0x80, 0x89, 0x36,
+0x39, 0x01, 0x71, 0x5a, 0x2a, 0x05, 0x25, 0x13, 0x80, 0xf8, 0x49, 0x48, 0x5f, 0x06, 0xd0, 0xcb,
+0x2c, 0x58, 0x9a, 0xe7, 0x8b, 0x6d, 0x17, 0x2c, 0xb2, 0x97, 0x2c, 0x15, 0xc9, 0x73, 0x6d, 0x8f,
+0x4f, 0xf3, 0xf1, 0xb9, 0x70, 0x3f, 0xcb, 0x5f, 0x80, 0x85, 0x8b, 0xdf, 0xd2, 0x05, 0x95, 0x1c,
+0xe4, 0x37, 0xee, 0xd2, 0x62, 0x49, 0x08, 0xdf, 0xf6, 0x02, 0xec, 0xe6, 0x9a, 0x37, 0xfc, 0x21,
+0x7a, 0x98, 0x12, 0x1d, 0x79, 0xbf, 0xc7, 0x0f, 0x0a, 0x20, 0xf8, 0xef, 0xa5, 0xc6, 0x0e, 0x94,
+0x5e, 0x17, 0x94, 0x12, 0x42, 0xfe, 0xd7, 0x22, 0xbd, 0x31, 0x27, 0xc7, 0xdb, 0x4a, 0x4e, 0x95,
+0xe2, 0xc1, 0xdd, 0xe8, 0x0f, 0x7d, 0x1d, 0xe4, 0xfd, 0xb1, 0x27, 0x7b, 0xc1, 0x71, 0xfe, 0x27,
+0x47, 0x89, 0xf4, 0xfc, 0x84, 0xa5, 0x57, 0x5d, 0x21, 0x02, 0x03, 0x01, 0x00, 0x01, 0x81, 0x11,
+0x00, 0xbd, 0x8b, 0xdc, 0xa1, 0x3f, 0x74, 0x3e, 0x47, 0x8d, 0x00, 0x0a, 0x47, 0x42, 0xdf, 0x76,
+0xbd, 0x82, 0x11, 0x00, 0xbd, 0x8b, 0xdc, 0xa1, 0x3f, 0x74, 0x3e, 0x47, 0x8d, 0x00, 0x0a, 0x47,
+0x42, 0xdf, 0x76, 0xbd, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1d, 0x05, 0x00, 0x03,
+0x82, 0x01, 0x01, 0x00, 0xa7, 0xb0, 0x66, 0x75, 0x14, 0x7e, 0x7d, 0xb5, 0x31, 0xec, 0xb2, 0xeb,
+0x90, 0x80, 0x95, 0x25, 0x59, 0x0f, 0xe4, 0x15, 0x86, 0x2d, 0x9d, 0xd7, 0x35, 0xe9, 0x22, 0x74,
+0xe7, 0x85, 0x36, 0x19, 0x4f, 0x27, 0x5c, 0x17, 0x63, 0x7b, 0x2a, 0xfe, 0x59, 0xe9, 0x76, 0x77,
+0xd0, 0xc9, 0x40, 0x78, 0x7c, 0x31, 0x62, 0x1e, 0x87, 0x1b, 0xc1, 0x19, 0xef, 0x6f, 0x15, 0xe6,
+0xce, 0x74, 0x84, 0x6d, 0xd6, 0x3b, 0x57, 0xd9, 0xa9, 0x13, 0xf6, 0x7d, 0x84, 0xe7, 0x8f, 0xc6,
+0x01, 0x5f, 0xcf, 0xc4, 0x95, 0xc9, 0xde, 0x97, 0x17, 0x43, 0x12, 0x70, 0x27, 0xf9, 0xc4, 0xd7,
+0xe1, 0x05, 0xbb, 0x63, 0x87, 0x5f, 0xdc, 0x20, 0xbd, 0xd1, 0xde, 0xd6, 0x2d, 0x9f, 0x3f, 0x5d,
+0x0a, 0x27, 0x40, 0x11, 0x5f, 0x5d, 0x54, 0xa7, 0x28, 0xf9, 0x03, 0x2e, 0x84, 0x8d, 0x48, 0x60,
+0xa1, 0x71, 0xa3, 0x46, 0x69, 0xdb, 0x88, 0x7b, 0xc1, 0xb6, 0x08, 0x2d, 0xdf, 0x25, 0x9d, 0x32,
+0x76, 0x49, 0x0b, 0xba, 0xab, 0xdd, 0xc3, 0x00, 0x76, 0x8a, 0x94, 0xd2, 0x25, 0x43, 0xf0, 0xa9,
+0x98, 0x65, 0x94, 0xc7, 0xdd, 0x7c, 0xd4, 0xe2, 0xe8, 0x33, 0xe2, 0x9a, 0xe9, 0x75, 0xf0, 0x0f,
+0x61, 0x86, 0xee, 0x0e, 0xf7, 0x39, 0x6b, 0x30, 0x63, 0xe5, 0x46, 0xd4, 0x1c, 0x83, 0xa1, 0x28,
+0x79, 0x76, 0x81, 0x48, 0x38, 0x72, 0xbc, 0x3f, 0x25, 0x53, 0x31, 0xaa, 0x02, 0xd1, 0x9b, 0x03,
+0xa2, 0x5c, 0x94, 0x21, 0xb3, 0x8e, 0xdf, 0x2a, 0xa5, 0x4c, 0x65, 0xa2, 0xf9, 0xac, 0x38, 0x7a,
+0xf9, 0x45, 0xb3, 0xd5, 0xda, 0xe5, 0xb9, 0x56, 0x9e, 0x47, 0xd5, 0x06, 0xe6, 0xca, 0xd7, 0x6e,
+0x06, 0xdb, 0x6e, 0xa7, 0x7b, 0x4b, 0x13, 0x40, 0x3c, 0x12, 0x76, 0x99, 0x65, 0xb4, 0x54, 0xa1,
+0xd8, 0x21, 0x5c, 0x27
+};
+
+struct torture_suite *ndr_backupkey_suite(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "backupkey");
+
+	torture_suite_add_ndr_pull_validate_test(suite,
+					    bkrp_exported_RSA_key_pair,
+					    exported_rsa_ndr,
+					    NULL);
+
+	return suite;
+}
diff --git a/source4/torture/ndr/cabinet.c b/source4/torture/ndr/cabinet.c
new file mode 100644
index 0000000..5b93108
--- /dev/null
+++ b/source4/torture/ndr/cabinet.c
@@ -0,0 +1,4335 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for Windows Cabinet files
+
+   Copyright (C) Guenther Deschner 2016
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/ndr/ndr.h"
+#include "librpc/gen_ndr/ndr_cab.h"
+#include "torture/ndr/proto.h"
+
+static const uint8_t cab_file_plain_data[] = {
+	0x4d, 0x53, 0x43, 0x46, 0x00, 0x00, 0x00, 0x00,
+	0x51, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x2c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x03, 0x01, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x49, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x36, 0x49,
+	0x09, 0x21, 0x20, 0x00, 0x62, 0x6c, 0x6f, 0x62,
+	0x2d, 0x41, 0x2d, 0x33, 0x32, 0x37, 0x36, 0x38,
+	0x00, 0x00, 0x80, 0x00, 0x80, 0x00, 0x80, 0x00,
+	0x80, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
+	0x41
+};
+
+static bool cab_file_plain_check(struct torture_context *tctx,
+				 struct cab_file *r)
+{
+	DATA_BLOB blob;
+
+	torture_assert_str_equal(tctx, r->cfheader.signature, "MSCF", "signature");
+	torture_assert_int_equal(tctx, r->cfheader.reserved1, 0, "reserved1");
+	torture_assert_int_equal(tctx, r->cfheader.cbCabinet, 0x8051, "cbCabinet");
+	torture_assert_int_equal(tctx, r->cfheader.reserved2, 0, "reserved2");
+	torture_assert_int_equal(tctx, r->cfheader.coffFiles, 44, "coffFiles");
+	torture_assert_int_equal(tctx, r->cfheader.reserved3, 0, "reserved3");
+	torture_assert_int_equal(tctx, r->cfheader.versionMinor, 3, "versionMinor");
+	torture_assert_int_equal(tctx, r->cfheader.versionMajor, 1, "versionMajor");
+	torture_assert_int_equal(tctx, r->cfheader.cFolders, 1, "cFolders");
+	torture_assert_int_equal(tctx, r->cfheader.cFiles, 1, "cFiles");
+	torture_assert_int_equal(tctx, r->cfheader.flags, 0, "flags");
+	torture_assert_int_equal(tctx, r->cfheader.setID, 0, "setID");
+	torture_assert_int_equal(tctx, r->cfheader.iCabinet, 0, "iCabinet");
+
+	torture_assert_int_equal(tctx, r->cffolders[0].coffCabStart, 0x49, "coffCabStart");
+	torture_assert_int_equal(tctx, r->cffolders[0].cCFData, 1, "cCFData");
+	torture_assert_int_equal(tctx, r->cffolders[0].typeCompress, CF_COMPRESS_NONE, "typeCompress");
+
+	torture_assert_int_equal(tctx, r->cffiles[0].cbFile, 0x8000, "cbFile");
+	torture_assert_int_equal(tctx, r->cffiles[0].uoffFolderStart, 0, "uoffFolderStart");
+	torture_assert_int_equal(tctx, r->cffiles[0].iFolder, 0, "iFolder");
+	torture_assert_int_equal(tctx, r->cffiles[0].date.date, 0x4936, "date");
+	torture_assert_int_equal(tctx, r->cffiles[0].time.time, 0x2109, "time");
+	torture_assert_int_equal(tctx, r->cffiles[0].attribs, 0x0020, "attribs");
+	torture_assert_str_equal(tctx, r->cffiles[0].szName, "blob-A-32768", "szName");
+
+	torture_assert_int_equal(tctx, r->cfdata[0].csum, 0x80008000, "csum");
+	torture_assert_int_equal(tctx, r->cfdata[0].cbData, 0x8000, "cbData");
+	torture_assert_int_equal(tctx, r->cfdata[0].cbUncomp, 0x8000, "cbUncomp");
+
+	blob = data_blob(NULL, r->cfdata[0].cbUncomp);
+	memset(blob.data, 'A', blob.length);
+
+	torture_assert_data_blob_equal(tctx, r->cfdata[0].ab, blob, "ab");
+
+	data_blob_free(&blob);
+
+	return true;
+}
+
+static const uint8_t cab_file_MSZIP_data[] = {
+	0x4d, 0x53, 0x43, 0x46, 0x00, 0x00, 0x00, 0x00,
+	0x82, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x2c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x03, 0x01, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x49, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x01, 0x00, 0x00, 0x80, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x36, 0x49,
+	0x09, 0x21, 0x20, 0x00, 0x62, 0x6c, 0x6f, 0x62,
+	0x2d, 0x41, 0x2d, 0x33, 0x32, 0x37, 0x36, 0x38,
+	0x00, 0x16, 0x6e, 0xdb, 0x5e, 0x31, 0x00, 0x00,
+	0x80, 0x43, 0x4b, 0xed, 0xc1, 0x81, 0x00, 0x00,
+	0x00, 0x00, 0x80, 0x20, 0xb6, 0xfd, 0xa5, 0x16,
+	0xa9, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x1a
+};
+
+static bool cab_file_MSZIP_check(struct torture_context *tctx,
+				 struct cab_file *r)
+{
+	DATA_BLOB blob;
+
+	torture_assert_str_equal(tctx, r->cfheader.signature, "MSCF", "signature");
+	torture_assert_int_equal(tctx, r->cfheader.reserved1, 0, "reserved1");
+	torture_assert_int_equal(tctx, r->cfheader.cbCabinet, 130, "cbCabinet");
+	torture_assert_int_equal(tctx, r->cfheader.reserved2, 0, "reserved2");
+	torture_assert_int_equal(tctx, r->cfheader.coffFiles, 44, "coffFiles");
+	torture_assert_int_equal(tctx, r->cfheader.reserved3, 0, "reserved3");
+	torture_assert_int_equal(tctx, r->cfheader.versionMinor, 3, "versionMinor");
+	torture_assert_int_equal(tctx, r->cfheader.versionMajor, 1, "versionMajor");
+	torture_assert_int_equal(tctx, r->cfheader.cFolders, 1, "cFolders");
+	torture_assert_int_equal(tctx, r->cfheader.cFiles, 1, "cFiles");
+	torture_assert_int_equal(tctx, r->cfheader.flags, 0, "flags");
+	torture_assert_int_equal(tctx, r->cfheader.setID, 0, "setID");
+	torture_assert_int_equal(tctx, r->cfheader.iCabinet, 0, "iCabinet");
+
+	torture_assert_int_equal(tctx, r->cffolders[0].coffCabStart, 0x49, "coffCabStart");
+	torture_assert_int_equal(tctx, r->cffolders[0].cCFData, 1, "cCFData");
+	torture_assert_int_equal(tctx, r->cffolders[0].typeCompress, CF_COMPRESS_MSZIP, "typeCompress");
+
+	torture_assert_int_equal(tctx, r->cffiles[0].cbFile, 0x8000, "cbFile");
+	torture_assert_int_equal(tctx, r->cffiles[0].uoffFolderStart, 0, "uoffFolderStart");
+	torture_assert_int_equal(tctx, r->cffiles[0].iFolder, 0, "iFolder");
+	torture_assert_int_equal(tctx, r->cffiles[0].date.date, 0x4936, "date");
+	torture_assert_int_equal(tctx, r->cffiles[0].time.time, 0x2109, "time");
+	torture_assert_int_equal(tctx, r->cffiles[0].attribs, 0x0020, "attribs");
+	torture_assert_str_equal(tctx, r->cffiles[0].szName, "blob-A-32768", "szName");
+
+	torture_assert_int_equal(tctx, r->cfdata[0].csum, 0x5EDB6E16, "csum");
+	torture_assert_int_equal(tctx, r->cfdata[0].cbData, 0x31, "cbData");
+	torture_assert_int_equal(tctx, r->cfdata[0].cbUncomp, 0x8000, "cbUncomp");
+
+	blob = data_blob(NULL, r->cfdata[0].cbUncomp);
+	memset(blob.data, 'A', blob.length);
+
+	torture_assert_data_blob_equal(tctx, r->cfdata[0].ab, blob, "ab");
+
+	data_blob_free(&blob);
+
+	return true;
+}
+
+static const uint8_t cab_file_LZX_data[] = {
+	0x4d, 0x53, 0x43, 0x46, 0x00, 0x00, 0x00, 0x00,
+	0xa9, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x2c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x03, 0x01, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x49, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x03, 0x12, 0x00, 0x80, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x36, 0x49,
+	0x09, 0x21, 0x20, 0x00, 0x62, 0x6c, 0x6f, 0x62,
+	0x2d, 0x41, 0x2d, 0x33, 0x32, 0x37, 0x36, 0x38,
+	0x00, 0xa2, 0x60, 0x8d, 0x04, 0x58, 0x00, 0x00,
+	0x80, 0x5b, 0x80, 0x80, 0x8d, 0x08, 0x10, 0x02,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03,
+	0x00, 0x07, 0x31, 0xd9, 0xfc, 0xdf, 0xf7, 0x20,
+	0x42, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x33,
+	0x00, 0xe5, 0x10, 0xdf, 0x67, 0xf7, 0x7d, 0x88,
+	0xc4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0c,
+	0x00, 0x1f, 0xc4, 0xdd, 0x7f, 0x7c, 0x9f, 0x3f,
+	0x6b, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80,
+	0xff
+};
+
+static bool cab_file_LZX_check(struct torture_context *tctx,
+			       struct cab_file *r)
+{
+	DATA_BLOB blob;
+
+	torture_assert_str_equal(tctx, r->cfheader.signature, "MSCF", "signature");
+	torture_assert_int_equal(tctx, r->cfheader.reserved1, 0, "reserved1");
+	torture_assert_int_equal(tctx, r->cfheader.cbCabinet, 0xA9, "cbCabinet");
+	torture_assert_int_equal(tctx, r->cfheader.reserved2, 0, "reserved2");
+	torture_assert_int_equal(tctx, r->cfheader.coffFiles, 44, "coffFiles");
+	torture_assert_int_equal(tctx, r->cfheader.reserved3, 0, "reserved3");
+	torture_assert_int_equal(tctx, r->cfheader.versionMinor, 3, "versionMinor");
+	torture_assert_int_equal(tctx, r->cfheader.versionMajor, 1, "versionMajor");
+	torture_assert_int_equal(tctx, r->cfheader.cFolders, 1, "cFolders");
+	torture_assert_int_equal(tctx, r->cfheader.cFiles, 1, "cFiles");
+	torture_assert_int_equal(tctx, r->cfheader.flags, 0, "flags");
+	torture_assert_int_equal(tctx, r->cfheader.setID, 0, "setID");
+	torture_assert_int_equal(tctx, r->cfheader.iCabinet, 0, "iCabinet");
+
+	torture_assert_int_equal(tctx, r->cffolders[0].coffCabStart, 0x49, "coffCabStart");
+	torture_assert_int_equal(tctx, r->cffolders[0].cCFData, 1, "cCFData");
+	torture_assert_int_equal(tctx, r->cffolders[0].typeCompress, 4611, "typeCompress");
+
+	torture_assert_int_equal(tctx, r->cffiles[0].cbFile, 0x8000, "cbFile");
+	torture_assert_int_equal(tctx, r->cffiles[0].uoffFolderStart, 0, "uoffFolderStart");
+	torture_assert_int_equal(tctx, r->cffiles[0].iFolder, 0, "iFolder");
+	torture_assert_int_equal(tctx, r->cffiles[0].date.date, 0x4936, "date");
+	torture_assert_int_equal(tctx, r->cffiles[0].time.time, 0x2109, "time");
+	torture_assert_int_equal(tctx, r->cffiles[0].attribs, 0x0020, "attribs");
+	torture_assert_str_equal(tctx, r->cffiles[0].szName, "blob-A-32768", "szName");
+
+	torture_assert_int_equal(tctx, r->cfdata[0].csum, 0x48D60A2, "csum");
+	torture_assert_int_equal(tctx, r->cfdata[0].cbData, 0x58, "cbData");
+	torture_assert_int_equal(tctx, r->cfdata[0].cbUncomp, 0x8000, "cbUncomp");
+
+	blob = data_blob(NULL, r->cfdata[0].cbUncomp);
+	memset(blob.data, 'A', blob.length);
+#if 0
+	/* once we have LZX compression support we can enable this test */
+	torture_assert_data_blob_equal(tctx, r->cfdata[0].ab, blob, "ab");
+#endif
+	data_blob_free(&blob);
+
+	return true;
+}
+
+struct torture_suite *ndr_cabinet_suite(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "cabinet");
+
+	torture_suite_add_ndr_pull_test(suite, cab_file, cab_file_plain_data, cab_file_plain_check);
+	torture_suite_add_ndr_pull_test(suite, cab_file, cab_file_MSZIP_data, cab_file_MSZIP_check);
+	torture_suite_add_ndr_pull_test(suite, cab_file, cab_file_LZX_data, cab_file_LZX_check);
+
+	torture_suite_add_ndr_pull_validate_test(suite, cab_file, cab_file_plain_data, cab_file_plain_check);
+
+	/*
+	 * we cannot validate, as libz' compression routines currently create a
+	 * slightly different result
+	 */
+
+	/* torture_suite_add_ndr_pull_validate_test(suite, cab_file, cab_file_MSZIP_data, cab_file_MSZIP_check); */
+
+	return suite;
+}
diff --git a/source4/torture/ndr/charset.c b/source4/torture/ndr/charset.c
new file mode 100644
index 0000000..7062ce1
--- /dev/null
+++ b/source4/torture/ndr/charset.c
@@ -0,0 +1,91 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for charset ndr operations
+
+   Copyright (C) Guenther Deschner 2017
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/ndr/ndr.h"
+#include "torture/ndr/proto.h"
+
+static bool test_ndr_push_charset(struct torture_context *tctx)
+{
+	const char *strs[] = {
+		NULL,
+		"",
+		"test"
+	};
+	int i;
+
+	struct ndr_push *ndr;
+
+	ndr = talloc_zero(tctx, struct ndr_push);
+
+	for (i = 0; i < ARRAY_SIZE(strs); i++) {
+
+		enum ndr_err_code expected_ndr_err = NDR_ERR_SUCCESS;
+
+		if (strs[i] == NULL) {
+			expected_ndr_err = NDR_ERR_INVALID_POINTER;
+		}
+
+		torture_assert_ndr_err_equal(tctx,
+			ndr_push_charset(ndr, NDR_SCALARS, strs[i], 256, 2, CH_UTF16LE),
+			expected_ndr_err,
+			"failed to push charset");
+	}
+
+	return true;
+}
+
+static bool test_ndr_push_charset_to_null(struct torture_context *tctx)
+{
+	const char *strs[] = {
+		NULL,
+		"",
+		"test"
+	};
+	int i;
+
+	struct ndr_push *ndr;
+
+	ndr = talloc_zero(tctx, struct ndr_push);
+
+
+	for (i = 0; i < ARRAY_SIZE(strs); i++) {
+
+		torture_assert_ndr_success(tctx,
+			ndr_push_charset_to_null(ndr, NDR_SCALARS, strs[i], 256, 2, CH_UTF16LE),
+			"failed to push charset to null");
+	}
+
+	return true;
+}
+
+
+struct torture_suite *ndr_charset_suite(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "charset");
+
+	suite->description = talloc_strdup(suite, "NDR - charset focused push/pull tests");
+
+	torture_suite_add_simple_test(suite, "push", test_ndr_push_charset);
+	torture_suite_add_simple_test(suite, "push_to_null", test_ndr_push_charset_to_null);
+
+	return suite;
+}
+
diff --git a/source4/torture/ndr/clusapi.c b/source4/torture/ndr/clusapi.c
new file mode 100644
index 0000000..db6a27c
--- /dev/null
+++ b/source4/torture/ndr/clusapi.c
@@ -0,0 +1,390 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for clusapi ndr operations
+
+   Copyright (C) Guenther Deschner 2015
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/ndr/ndr.h"
+#include "librpc/gen_ndr/ndr_clusapi.h"
+#include "torture/ndr/proto.h"
+#include "param/param.h"
+#include "libcli/registry/util_reg.h"
+
+static const uint8_t clusapi_PROPERTY_LIST_data[] = {
+	0x06, 0x00, 0x00, 0x00, 0x03, 0x00, 0x04, 0x00, 0x14, 0x00, 0x00, 0x00,
+	0x46, 0x00, 0x69, 0x00, 0x78, 0x00, 0x51, 0x00, 0x75, 0x00, 0x6f, 0x00,
+	0x72, 0x00, 0x75, 0x00, 0x6d, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
+	0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x03, 0x00, 0x04, 0x00, 0x1c, 0x00, 0x00, 0x00, 0x50, 0x00, 0x72, 0x00,
+	0x65, 0x00, 0x76, 0x00, 0x65, 0x00, 0x6e, 0x00, 0x74, 0x00, 0x51, 0x00,
+	0x75, 0x00, 0x6f, 0x00, 0x72, 0x00, 0x75, 0x00, 0x6d, 0x00, 0x00, 0x00,
+	0x02, 0x00, 0x01, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x04, 0x00, 0x3e, 0x00, 0x00, 0x00,
+	0x49, 0x00, 0x67, 0x00, 0x6e, 0x00, 0x6f, 0x00, 0x72, 0x00, 0x65, 0x00,
+	0x50, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x69, 0x00, 0x73, 0x00,
+	0x74, 0x00, 0x65, 0x00, 0x6e, 0x00, 0x74, 0x00, 0x53, 0x00, 0x74, 0x00,
+	0x61, 0x00, 0x74, 0x00, 0x65, 0x00, 0x4f, 0x00, 0x6e, 0x00, 0x53, 0x00,
+	0x74, 0x00, 0x61, 0x00, 0x72, 0x00, 0x74, 0x00, 0x75, 0x00, 0x70, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x04, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x04, 0x00,
+	0x24, 0x00, 0x00, 0x00, 0x53, 0x00, 0x68, 0x00, 0x61, 0x00, 0x72, 0x00,
+	0x65, 0x00, 0x64, 0x00, 0x56, 0x00, 0x6f, 0x00, 0x6c, 0x00, 0x75, 0x00,
+	0x6d, 0x00, 0x65, 0x00, 0x73, 0x00, 0x52, 0x00, 0x6f, 0x00, 0x6f, 0x00,
+	0x74, 0x00, 0x00, 0x00, 0x03, 0x00, 0x01, 0x00, 0x24, 0x00, 0x00, 0x00,
+	0x43, 0x00, 0x3a, 0x00, 0x5c, 0x00, 0x43, 0x00, 0x6c, 0x00, 0x75, 0x00,
+	0x73, 0x00, 0x74, 0x00, 0x65, 0x00, 0x72, 0x00, 0x53, 0x00, 0x74, 0x00,
+	0x6f, 0x00, 0x72, 0x00, 0x61, 0x00, 0x67, 0x00, 0x65, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x04, 0x00, 0x2a, 0x00, 0x00, 0x00,
+	0x57, 0x00, 0x69, 0x00, 0x74, 0x00, 0x6e, 0x00, 0x65, 0x00, 0x73, 0x00,
+	0x73, 0x00, 0x44, 0x00, 0x79, 0x00, 0x6e, 0x00, 0x61, 0x00, 0x6d, 0x00,
+	0x69, 0x00, 0x63, 0x00, 0x57, 0x00, 0x65, 0x00, 0x69, 0x00, 0x67, 0x00,
+	0x68, 0x00, 0x74, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
+	0x04, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x03, 0x00, 0x04, 0x00, 0x22, 0x00, 0x00, 0x00, 0x41, 0x00, 0x64, 0x00,
+	0x6d, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x41, 0x00, 0x63, 0x00, 0x63, 0x00,
+	0x65, 0x00, 0x73, 0x00, 0x73, 0x00, 0x50, 0x00, 0x6f, 0x00, 0x69, 0x00,
+	0x6e, 0x00, 0x74, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
+	0x04, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00
+};
+
+static bool clusapi_PROPERTY_LIST_check(struct torture_context *tctx,
+					struct clusapi_PROPERTY_LIST *r)
+{
+	DATA_BLOB blob_dword_null = data_blob_talloc_zero(tctx, 4);
+	DATA_BLOB blob_dword_one = data_blob(NULL, 4);
+	const char *str;
+
+	SIVAL(blob_dword_one.data, 0, 1);
+
+	torture_assert_int_equal(tctx, r->propertyCount, 6, "propertyCount");
+
+	torture_assert_int_equal(tctx, r->propertyValues[0].syntax_name, CLUSPROP_SYNTAX_NAME, "syntax_name");
+	torture_assert_int_equal(tctx, r->propertyValues[0].size, 20, "size");
+	torture_assert_str_equal(tctx, r->propertyValues[0].buffer, "FixQuorum", "buffer");
+	torture_assert_int_equal(tctx, r->propertyValues[0].padding.length, 0, "padding.length");
+	torture_assert_int_equal(tctx, r->propertyValues[0].PropertyValues.Syntax, CLUSPROP_SYNTAX_LIST_VALUE_DWORD, "PropertyValues.Syntax");
+	torture_assert_int_equal(tctx, r->propertyValues[0].PropertyValues.Size, 4, "PropertyValues.Size");
+	torture_assert_int_equal(tctx, r->propertyValues[0].PropertyValues.Buffer.length, 4, "PropertyValues.Buffer.length");
+	torture_assert_data_blob_equal(tctx, r->propertyValues[0].PropertyValues.Buffer, blob_dword_null, "Buffer");
+	torture_assert_int_equal(tctx, r->propertyValues[0].PropertyValues.Padding.length, 0, "PropertyValues.Padding.length");
+	torture_assert_int_equal(tctx, r->propertyValues[0].end_mark, CLUSPROP_SYNTAX_ENDMARK, "end_mark");
+
+	torture_assert_int_equal(tctx, r->propertyValues[1].syntax_name, CLUSPROP_SYNTAX_NAME, "syntax_name");
+	torture_assert_int_equal(tctx, r->propertyValues[1].size, 28, "size");
+	torture_assert_str_equal(tctx, r->propertyValues[1].buffer, "PreventQuorum", "buffer");
+	torture_assert_int_equal(tctx, r->propertyValues[1].padding.length, 0, "padding.length");
+	torture_assert_int_equal(tctx, r->propertyValues[1].PropertyValues.Syntax, CLUSPROP_SYNTAX_LIST_VALUE_DWORD, "PropertyValues.Syntax");
+	torture_assert_int_equal(tctx, r->propertyValues[1].PropertyValues.Size, 4, "PropertyValues.Size");
+	torture_assert_int_equal(tctx, r->propertyValues[1].PropertyValues.Buffer.length, 4, "PropertyValues.Buffer.length");
+	torture_assert_data_blob_equal(tctx, r->propertyValues[1].PropertyValues.Buffer, blob_dword_null, "Buffer");
+	torture_assert_int_equal(tctx, r->propertyValues[1].PropertyValues.Padding.length, 0, "PropertyValues.Padding.length");
+	torture_assert_int_equal(tctx, r->propertyValues[1].end_mark, CLUSPROP_SYNTAX_ENDMARK, "end_mark");
+
+	torture_assert_int_equal(tctx, r->propertyValues[2].syntax_name, CLUSPROP_SYNTAX_NAME, "syntax_name");
+	torture_assert_int_equal(tctx, r->propertyValues[2].size, 62, "size");
+	torture_assert_str_equal(tctx, r->propertyValues[2].buffer, "IgnorePersistentStateOnStartup", "buffer");
+	torture_assert_int_equal(tctx, r->propertyValues[2].padding.length, 0, "padding.length");
+	torture_assert_int_equal(tctx, r->propertyValues[2].PropertyValues.Syntax, CLUSPROP_SYNTAX_LIST_VALUE_DWORD, "PropertyValues.Syntax");
+	torture_assert_int_equal(tctx, r->propertyValues[2].PropertyValues.Size, 4, "PropertyValues.Size");
+	torture_assert_int_equal(tctx, r->propertyValues[2].PropertyValues.Buffer.length, 4, "PropertyValues.Buffer.length");
+	torture_assert_data_blob_equal(tctx, r->propertyValues[2].PropertyValues.Buffer, blob_dword_null, "Buffer");
+	torture_assert_int_equal(tctx, r->propertyValues[2].PropertyValues.Padding.length, 0, "PropertyValues.Padding.length");
+	torture_assert_int_equal(tctx, r->propertyValues[2].end_mark, CLUSPROP_SYNTAX_ENDMARK, "end_mark");
+
+	torture_assert_int_equal(tctx, r->propertyValues[3].syntax_name, CLUSPROP_SYNTAX_NAME, "syntax_name");
+	torture_assert_int_equal(tctx, r->propertyValues[3].size, 36, "size");
+	torture_assert_str_equal(tctx, r->propertyValues[3].buffer, "SharedVolumesRoot", "buffer");
+	torture_assert_int_equal(tctx, r->propertyValues[3].padding.length, 0, "padding.length");
+	torture_assert_int_equal(tctx, r->propertyValues[3].PropertyValues.Syntax, CLUSPROP_SYNTAX_LIST_VALUE_SZ, "PropertyValues.Syntax");
+	torture_assert_int_equal(tctx, r->propertyValues[3].PropertyValues.Size, 36, "PropertyValues.Size");
+	torture_assert_int_equal(tctx, r->propertyValues[3].PropertyValues.Buffer.length, 36, "PropertyValues.Buffer.length");
+	pull_reg_sz(tctx, &r->propertyValues[3].PropertyValues.Buffer, &str);
+	torture_assert_str_equal(tctx, str, "C:\\ClusterStorage", "PropertyValues.Buffer");
+	torture_assert_int_equal(tctx, r->propertyValues[3].PropertyValues.Padding.length, 0, "PropertyValues.Padding.length");
+	torture_assert_int_equal(tctx, r->propertyValues[3].end_mark, CLUSPROP_SYNTAX_ENDMARK, "end_mark");
+
+	torture_assert_int_equal(tctx, r->propertyValues[4].syntax_name, CLUSPROP_SYNTAX_NAME, "syntax_name");
+	torture_assert_int_equal(tctx, r->propertyValues[4].size, 42, "size");
+	torture_assert_str_equal(tctx, r->propertyValues[4].buffer, "WitnessDynamicWeight", "buffer");
+	torture_assert_int_equal(tctx, r->propertyValues[4].padding.length, 0, "padding.length");
+	torture_assert_int_equal(tctx, r->propertyValues[4].PropertyValues.Syntax, CLUSPROP_SYNTAX_LIST_VALUE_DWORD, "PropertyValues.Syntax");
+	torture_assert_int_equal(tctx, r->propertyValues[4].PropertyValues.Size, 4, "PropertyValues.Size");
+	torture_assert_int_equal(tctx, r->propertyValues[4].PropertyValues.Buffer.length, 4, "PropertyValues.Buffer.length");
+	torture_assert_data_blob_equal(tctx, r->propertyValues[4].PropertyValues.Buffer, blob_dword_one, "Buffer");
+	torture_assert_int_equal(tctx, r->propertyValues[4].PropertyValues.Padding.length, 0, "PropertyValues.Padding.length");
+	torture_assert_int_equal(tctx, r->propertyValues[4].end_mark, CLUSPROP_SYNTAX_ENDMARK, "end_mark");
+
+	torture_assert_int_equal(tctx, r->propertyValues[5].syntax_name, CLUSPROP_SYNTAX_NAME, "syntax_name");
+	torture_assert_int_equal(tctx, r->propertyValues[5].size, 34, "size");
+	torture_assert_str_equal(tctx, r->propertyValues[5].buffer, "AdminAccessPoint", "buffer");
+	torture_assert_int_equal(tctx, r->propertyValues[5].padding.length, 0, "padding.length");
+	torture_assert_int_equal(tctx, r->propertyValues[5].PropertyValues.Syntax, CLUSPROP_SYNTAX_LIST_VALUE_DWORD, "PropertyValues.Syntax");
+	torture_assert_int_equal(tctx, r->propertyValues[5].PropertyValues.Size, 4, "PropertyValues.Size");
+	torture_assert_int_equal(tctx, r->propertyValues[5].PropertyValues.Buffer.length, 4, "PropertyValues.Buffer.length");
+	torture_assert_data_blob_equal(tctx, r->propertyValues[5].PropertyValues.Buffer, blob_dword_one, "Buffer");
+	torture_assert_int_equal(tctx, r->propertyValues[5].PropertyValues.Padding.length, 0, "PropertyValues.Padding.length");
+	torture_assert_int_equal(tctx, r->propertyValues[5].end_mark, CLUSPROP_SYNTAX_ENDMARK, "end_mark");
+
+	data_blob_free(&blob_dword_null);
+	data_blob_free(&blob_dword_one);
+
+	return true;
+}
+
+static const uint8_t clusapi_PROPERTY_LIST_data2[] = {
+	0x0c, 0x00, 0x00, 0x00, 0x03, 0x00, 0x04, 0x00, 0x12, 0x00, 0x00, 0x00,
+	0x4e, 0x00, 0x6f, 0x00, 0x64, 0x00, 0x65, 0x00, 0x4e, 0x00, 0x61, 0x00,
+	0x6d, 0x00, 0x65, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x01, 0x00,
+	0x0c, 0x00, 0x00, 0x00, 0x6e, 0x00, 0x6f, 0x00, 0x64, 0x00, 0x65, 0x00,
+	0x31, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x04, 0x00,
+	0x26, 0x00, 0x00, 0x00, 0x4e, 0x00, 0x6f, 0x00, 0x64, 0x00, 0x65, 0x00,
+	0x48, 0x00, 0x69, 0x00, 0x67, 0x00, 0x68, 0x00, 0x65, 0x00, 0x73, 0x00,
+	0x74, 0x00, 0x56, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x69, 0x00,
+	0x6f, 0x00, 0x6e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
+	0x04, 0x00, 0x00, 0x00, 0x80, 0x25, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x03, 0x00, 0x04, 0x00, 0x24, 0x00, 0x00, 0x00, 0x4e, 0x00, 0x6f, 0x00,
+	0x64, 0x00, 0x65, 0x00, 0x4c, 0x00, 0x6f, 0x00, 0x77, 0x00, 0x65, 0x00,
+	0x73, 0x00, 0x74, 0x00, 0x56, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00,
+	0x69, 0x00, 0x6f, 0x00, 0x6e, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
+	0x04, 0x00, 0x00, 0x00, 0x80, 0x25, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x03, 0x00, 0x04, 0x00, 0x1a, 0x00, 0x00, 0x00, 0x4d, 0x00, 0x61, 0x00,
+	0x6a, 0x00, 0x6f, 0x00, 0x72, 0x00, 0x56, 0x00, 0x65, 0x00, 0x72, 0x00,
+	0x73, 0x00, 0x69, 0x00, 0x6f, 0x00, 0x6e, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x02, 0x00, 0x01, 0x00, 0x04, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x04, 0x00, 0x1a, 0x00, 0x00, 0x00,
+	0x4d, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x6f, 0x00, 0x72, 0x00, 0x56, 0x00,
+	0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x69, 0x00, 0x6f, 0x00, 0x6e, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x04, 0x00, 0x00, 0x00,
+	0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x04, 0x00,
+	0x18, 0x00, 0x00, 0x00, 0x42, 0x00, 0x75, 0x00, 0x69, 0x00, 0x6c, 0x00,
+	0x64, 0x00, 0x4e, 0x00, 0x75, 0x00, 0x6d, 0x00, 0x62, 0x00, 0x65, 0x00,
+	0x72, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x04, 0x00, 0x00, 0x00,
+	0x80, 0x25, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x04, 0x00,
+	0x16, 0x00, 0x00, 0x00, 0x43, 0x00, 0x53, 0x00, 0x44, 0x00, 0x56, 0x00,
+	0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x69, 0x00, 0x6f, 0x00, 0x6e, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x01, 0x00, 0x02, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x04, 0x00,
+	0x1e, 0x00, 0x00, 0x00, 0x4e, 0x00, 0x6f, 0x00, 0x64, 0x00, 0x65, 0x00,
+	0x49, 0x00, 0x6e, 0x00, 0x73, 0x00, 0x74, 0x00, 0x61, 0x00, 0x6e, 0x00,
+	0x63, 0x00, 0x65, 0x00, 0x49, 0x00, 0x44, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x03, 0x00, 0x01, 0x00, 0x4a, 0x00, 0x00, 0x00, 0x30, 0x00, 0x30, 0x00,
+	0x30, 0x00, 0x30, 0x00, 0x30, 0x00, 0x30, 0x00, 0x30, 0x00, 0x30, 0x00,
+	0x2d, 0x00, 0x30, 0x00, 0x30, 0x00, 0x30, 0x00, 0x30, 0x00, 0x2d, 0x00,
+	0x30, 0x00, 0x30, 0x00, 0x30, 0x00, 0x30, 0x00, 0x2d, 0x00, 0x30, 0x00,
+	0x30, 0x00, 0x30, 0x00, 0x30, 0x00, 0x2d, 0x00, 0x30, 0x00, 0x30, 0x00,
+	0x30, 0x00, 0x30, 0x00, 0x30, 0x00, 0x30, 0x00, 0x30, 0x00, 0x30, 0x00,
+	0x30, 0x00, 0x30, 0x00, 0x30, 0x00, 0x32, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x04, 0x00, 0x20, 0x00, 0x00, 0x00,
+	0x4e, 0x00, 0x6f, 0x00, 0x64, 0x00, 0x65, 0x00, 0x44, 0x00, 0x72, 0x00,
+	0x61, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x53, 0x00, 0x74, 0x00, 0x61, 0x00,
+	0x74, 0x00, 0x75, 0x00, 0x73, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
+	0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x03, 0x00, 0x04, 0x00, 0x20, 0x00, 0x00, 0x00, 0x4e, 0x00, 0x6f, 0x00,
+	0x64, 0x00, 0x65, 0x00, 0x44, 0x00, 0x72, 0x00, 0x61, 0x00, 0x69, 0x00,
+	0x6e, 0x00, 0x54, 0x00, 0x61, 0x00, 0x72, 0x00, 0x67, 0x00, 0x65, 0x00,
+	0x74, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x04, 0x00, 0x00, 0x00,
+	0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x04, 0x00,
+	0x1c, 0x00, 0x00, 0x00, 0x44, 0x00, 0x79, 0x00, 0x6e, 0x00, 0x61, 0x00,
+	0x6d, 0x00, 0x69, 0x00, 0x63, 0x00, 0x57, 0x00, 0x65, 0x00, 0x69, 0x00,
+	0x67, 0x00, 0x68, 0x00, 0x74, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
+	0x04, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x03, 0x00, 0x04, 0x00, 0x26, 0x00, 0x00, 0x00, 0x4e, 0x00, 0x65, 0x00,
+	0x65, 0x00, 0x64, 0x00, 0x73, 0x00, 0x50, 0x00, 0x72, 0x00, 0x65, 0x00,
+	0x76, 0x00, 0x65, 0x00, 0x6e, 0x00, 0x74, 0x00, 0x51, 0x00, 0x75, 0x00,
+	0x6f, 0x00, 0x72, 0x00, 0x75, 0x00, 0x6d, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x02, 0x00, 0x01, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool clusapi_PROPERTY_LIST_check2(struct torture_context *tctx,
+					 struct clusapi_PROPERTY_LIST *r)
+{
+	DATA_BLOB blob_dword_null = data_blob_talloc_zero(tctx, 4);
+	DATA_BLOB blob_dword_one = data_blob(NULL, 4);
+	DATA_BLOB blob_dword = data_blob(NULL, 4);
+	const char *str;
+
+	SIVAL(blob_dword_one.data, 0, 1);
+
+	torture_assert_int_equal(tctx, r->propertyCount, 12, "propertyCount");
+
+	torture_assert_int_equal(tctx, r->propertyValues[0].syntax_name, CLUSPROP_SYNTAX_NAME, "syntax_name");
+	torture_assert_int_equal(tctx, r->propertyValues[0].size, 18, "size");
+	torture_assert_str_equal(tctx, r->propertyValues[0].buffer, "NodeName", "buffer");
+	torture_assert_int_equal(tctx, r->propertyValues[0].padding.length, 0, "padding.length");
+	torture_assert_int_equal(tctx, r->propertyValues[0].PropertyValues.Syntax, CLUSPROP_SYNTAX_LIST_VALUE_SZ, "PropertyValues.Syntax");
+	torture_assert_int_equal(tctx, r->propertyValues[0].PropertyValues.Size, 12, "PropertyValues.Size");
+	torture_assert_int_equal(tctx, r->propertyValues[0].PropertyValues.Buffer.length, 12, "PropertyValues.Buffer.length");
+	pull_reg_sz(tctx, &r->propertyValues[0].PropertyValues.Buffer, &str);
+	torture_assert_str_equal(tctx, str, "node1", "PropertyValues.Buffer");
+	torture_assert_int_equal(tctx, r->propertyValues[0].PropertyValues.Padding.length, 0, "PropertyValues.Padding.length");
+	torture_assert_int_equal(tctx, r->propertyValues[0].end_mark, CLUSPROP_SYNTAX_ENDMARK, "end_mark");
+
+	torture_assert_int_equal(tctx, r->propertyValues[1].syntax_name, CLUSPROP_SYNTAX_NAME, "syntax_name");
+	torture_assert_int_equal(tctx, r->propertyValues[1].size, 38, "size");
+	torture_assert_str_equal(tctx, r->propertyValues[1].buffer, "NodeHighestVersion", "buffer");
+	torture_assert_int_equal(tctx, r->propertyValues[1].padding.length, 0, "padding.length");
+	torture_assert_int_equal(tctx, r->propertyValues[1].PropertyValues.Syntax, CLUSPROP_SYNTAX_LIST_VALUE_DWORD, "PropertyValues.Syntax");
+	torture_assert_int_equal(tctx, r->propertyValues[1].PropertyValues.Size, 4, "PropertyValues.Size");
+	torture_assert_int_equal(tctx, r->propertyValues[1].PropertyValues.Buffer.length, 4, "PropertyValues.Buffer.length");
+	SIVAL(blob_dword.data, 0, 0x00082580);
+	torture_assert_data_blob_equal(tctx, r->propertyValues[1].PropertyValues.Buffer, blob_dword, "PropertyValues.Buffer");
+	torture_assert_int_equal(tctx, r->propertyValues[1].PropertyValues.Padding.length, 0, "PropertyValues.Padding.length");
+	torture_assert_int_equal(tctx, r->propertyValues[1].end_mark, CLUSPROP_SYNTAX_ENDMARK, "end_mark");
+
+	torture_assert_int_equal(tctx, r->propertyValues[2].syntax_name, CLUSPROP_SYNTAX_NAME, "syntax_name");
+	torture_assert_int_equal(tctx, r->propertyValues[2].size, 36, "size");
+	torture_assert_str_equal(tctx, r->propertyValues[2].buffer, "NodeLowestVersion", "buffer");
+	torture_assert_int_equal(tctx, r->propertyValues[2].padding.length, 0, "padding.length");
+	torture_assert_int_equal(tctx, r->propertyValues[2].PropertyValues.Syntax, CLUSPROP_SYNTAX_LIST_VALUE_DWORD, "PropertyValues.Syntax");
+	torture_assert_int_equal(tctx, r->propertyValues[2].PropertyValues.Size, 4, "PropertyValues.Size");
+	torture_assert_int_equal(tctx, r->propertyValues[2].PropertyValues.Buffer.length, 4, "PropertyValues.Buffer.length");
+	SIVAL(blob_dword.data, 0, 0x00082580);
+	torture_assert_data_blob_equal(tctx, r->propertyValues[2].PropertyValues.Buffer, blob_dword, "PropertyValues.Buffer");
+	torture_assert_int_equal(tctx, r->propertyValues[2].PropertyValues.Padding.length, 0, "PropertyValues.Padding.length");
+	torture_assert_int_equal(tctx, r->propertyValues[2].end_mark, CLUSPROP_SYNTAX_ENDMARK, "end_mark");
+
+	torture_assert_int_equal(tctx, r->propertyValues[3].syntax_name, CLUSPROP_SYNTAX_NAME, "syntax_name");
+	torture_assert_int_equal(tctx, r->propertyValues[3].size, 26, "size");
+	torture_assert_str_equal(tctx, r->propertyValues[3].buffer, "MajorVersion", "buffer");
+	torture_assert_int_equal(tctx, r->propertyValues[3].padding.length, 0, "padding.length");
+	torture_assert_int_equal(tctx, r->propertyValues[3].PropertyValues.Syntax, CLUSPROP_SYNTAX_LIST_VALUE_DWORD, "PropertyValues.Syntax");
+	torture_assert_int_equal(tctx, r->propertyValues[3].PropertyValues.Size, 4, "PropertyValues.Size");
+	torture_assert_int_equal(tctx, r->propertyValues[3].PropertyValues.Buffer.length, 4, "PropertyValues.Buffer.length");
+	SIVAL(blob_dword.data, 0, 0x06);
+	torture_assert_data_blob_equal(tctx, r->propertyValues[3].PropertyValues.Buffer, blob_dword, "PropertyValues.Buffer");
+	torture_assert_int_equal(tctx, r->propertyValues[3].PropertyValues.Padding.length, 0, "PropertyValues.Padding.length");
+	torture_assert_int_equal(tctx, r->propertyValues[3].end_mark, CLUSPROP_SYNTAX_ENDMARK, "end_mark");
+
+	torture_assert_int_equal(tctx, r->propertyValues[4].syntax_name, CLUSPROP_SYNTAX_NAME, "syntax_name");
+	torture_assert_int_equal(tctx, r->propertyValues[4].size, 26, "size");
+	torture_assert_str_equal(tctx, r->propertyValues[4].buffer, "MinorVersion", "buffer");
+	torture_assert_int_equal(tctx, r->propertyValues[4].padding.length, 0, "padding.length");
+	torture_assert_int_equal(tctx, r->propertyValues[4].PropertyValues.Syntax, CLUSPROP_SYNTAX_LIST_VALUE_DWORD, "PropertyValues.Syntax");
+	torture_assert_int_equal(tctx, r->propertyValues[4].PropertyValues.Size, 4, "PropertyValues.Size");
+	torture_assert_int_equal(tctx, r->propertyValues[4].PropertyValues.Buffer.length, 4, "PropertyValues.Buffer.length");
+	SIVAL(blob_dword.data, 0, 0x03);
+	torture_assert_data_blob_equal(tctx, r->propertyValues[4].PropertyValues.Buffer, blob_dword, "PropertyValues.Buffer");
+	torture_assert_int_equal(tctx, r->propertyValues[4].PropertyValues.Padding.length, 0, "PropertyValues.Padding.length");
+	torture_assert_int_equal(tctx, r->propertyValues[4].end_mark, CLUSPROP_SYNTAX_ENDMARK, "end_mark");
+
+	torture_assert_int_equal(tctx, r->propertyValues[5].syntax_name, CLUSPROP_SYNTAX_NAME, "syntax_name");
+	torture_assert_int_equal(tctx, r->propertyValues[5].size, 24, "size");
+	torture_assert_str_equal(tctx, r->propertyValues[5].buffer, "BuildNumber", "buffer");
+	torture_assert_int_equal(tctx, r->propertyValues[5].padding.length, 0, "padding.length");
+	torture_assert_int_equal(tctx, r->propertyValues[5].PropertyValues.Syntax, CLUSPROP_SYNTAX_LIST_VALUE_DWORD, "PropertyValues.Syntax");
+	torture_assert_int_equal(tctx, r->propertyValues[5].PropertyValues.Size, 4, "PropertyValues.Size");
+	torture_assert_int_equal(tctx, r->propertyValues[5].PropertyValues.Buffer.length, 4, "PropertyValues.Buffer.length");
+	SIVAL(blob_dword.data, 0, 0x00002580);
+	torture_assert_data_blob_equal(tctx, r->propertyValues[5].PropertyValues.Buffer, blob_dword, "PropertyValues.Buffer");
+	torture_assert_int_equal(tctx, r->propertyValues[5].PropertyValues.Padding.length, 0, "PropertyValues.Padding.length");
+	torture_assert_int_equal(tctx, r->propertyValues[5].end_mark, CLUSPROP_SYNTAX_ENDMARK, "end_mark");
+
+	torture_assert_int_equal(tctx, r->propertyValues[6].syntax_name, CLUSPROP_SYNTAX_NAME, "syntax_name");
+	torture_assert_int_equal(tctx, r->propertyValues[6].size, 22, "size");
+	torture_assert_str_equal(tctx, r->propertyValues[6].buffer, "CSDVersion", "buffer");
+	torture_assert_int_equal(tctx, r->propertyValues[6].padding.length, 0, "padding.length");
+	torture_assert_int_equal(tctx, r->propertyValues[6].PropertyValues.Syntax, CLUSPROP_SYNTAX_LIST_VALUE_SZ, "PropertyValues.Syntax");
+	torture_assert_int_equal(tctx, r->propertyValues[6].PropertyValues.Size, 2, "PropertyValues.Size");
+	torture_assert_int_equal(tctx, r->propertyValues[6].PropertyValues.Buffer.length, 2, "PropertyValues.Buffer.length");
+	pull_reg_sz(tctx, &r->propertyValues[6].PropertyValues.Buffer, &str);
+	torture_assert_str_equal(tctx, str, "", "PropertyValues.Buffer");
+	torture_assert_int_equal(tctx, r->propertyValues[6].PropertyValues.Padding.length, 2, "PropertyValues.Padding.length");
+	torture_assert_int_equal(tctx, r->propertyValues[6].end_mark, CLUSPROP_SYNTAX_ENDMARK, "end_mark");
+
+	torture_assert_int_equal(tctx, r->propertyValues[7].syntax_name, CLUSPROP_SYNTAX_NAME, "syntax_name");
+	torture_assert_int_equal(tctx, r->propertyValues[7].size, 30, "size");
+	torture_assert_str_equal(tctx, r->propertyValues[7].buffer, "NodeInstanceID", "buffer");
+	torture_assert_int_equal(tctx, r->propertyValues[7].padding.length, 0, "padding.length");
+	torture_assert_int_equal(tctx, r->propertyValues[7].PropertyValues.Syntax, CLUSPROP_SYNTAX_LIST_VALUE_SZ, "PropertyValues.Syntax");
+	torture_assert_int_equal(tctx, r->propertyValues[7].PropertyValues.Size, 74, "PropertyValues.Size");
+	torture_assert_int_equal(tctx, r->propertyValues[7].PropertyValues.Buffer.length, 74, "PropertyValues.Buffer.length");
+	pull_reg_sz(tctx, &r->propertyValues[7].PropertyValues.Buffer, &str);
+	torture_assert_str_equal(tctx, str, "00000000-0000-0000-0000-000000000002", "PropertyValues.Buffer");
+	torture_assert_int_equal(tctx, r->propertyValues[7].PropertyValues.Padding.length, 2, "PropertyValues.Padding.length");
+	torture_assert_int_equal(tctx, r->propertyValues[7].end_mark, CLUSPROP_SYNTAX_ENDMARK, "end_mark");
+
+	torture_assert_int_equal(tctx, r->propertyValues[8].syntax_name, CLUSPROP_SYNTAX_NAME, "syntax_name");
+	torture_assert_int_equal(tctx, r->propertyValues[8].size, 32, "size");
+	torture_assert_str_equal(tctx, r->propertyValues[8].buffer, "NodeDrainStatus", "buffer");
+	torture_assert_int_equal(tctx, r->propertyValues[8].padding.length, 0, "padding.length");
+	torture_assert_int_equal(tctx, r->propertyValues[8].PropertyValues.Syntax, CLUSPROP_SYNTAX_LIST_VALUE_DWORD, "PropertyValues.Syntax");
+	torture_assert_int_equal(tctx, r->propertyValues[8].PropertyValues.Size, 4, "PropertyValues.Size");
+	torture_assert_int_equal(tctx, r->propertyValues[8].PropertyValues.Buffer.length, 4, "PropertyValues.Buffer.length");
+	torture_assert_data_blob_equal(tctx, r->propertyValues[8].PropertyValues.Buffer, blob_dword_null, "Buffer");
+	torture_assert_int_equal(tctx, r->propertyValues[8].PropertyValues.Padding.length, 0, "PropertyValues.Padding.length");
+	torture_assert_int_equal(tctx, r->propertyValues[8].end_mark, CLUSPROP_SYNTAX_ENDMARK, "end_mark");
+
+	torture_assert_int_equal(tctx, r->propertyValues[9].syntax_name, CLUSPROP_SYNTAX_NAME, "syntax_name");
+	torture_assert_int_equal(tctx, r->propertyValues[9].size, 32, "size");
+	torture_assert_str_equal(tctx, r->propertyValues[9].buffer, "NodeDrainTarget", "buffer");
+	torture_assert_int_equal(tctx, r->propertyValues[9].padding.length, 0, "padding.length");
+	torture_assert_int_equal(tctx, r->propertyValues[9].PropertyValues.Syntax, CLUSPROP_SYNTAX_LIST_VALUE_DWORD, "PropertyValues.Syntax");
+	torture_assert_int_equal(tctx, r->propertyValues[9].PropertyValues.Size, 4, "PropertyValues.Size");
+	torture_assert_int_equal(tctx, r->propertyValues[9].PropertyValues.Buffer.length, 4, "PropertyValues.Buffer.length");
+	SIVAL(blob_dword.data, 0, 0xffffffff);
+	torture_assert_data_blob_equal(tctx, r->propertyValues[9].PropertyValues.Buffer, blob_dword, "PropertyValues.Buffer");
+	torture_assert_int_equal(tctx, r->propertyValues[9].PropertyValues.Padding.length, 0, "PropertyValues.Padding.length");
+	torture_assert_int_equal(tctx, r->propertyValues[9].end_mark, CLUSPROP_SYNTAX_ENDMARK, "end_mark");
+
+	torture_assert_int_equal(tctx, r->propertyValues[10].syntax_name, CLUSPROP_SYNTAX_NAME, "syntax_name");
+	torture_assert_int_equal(tctx, r->propertyValues[10].size, 28, "size");
+	torture_assert_str_equal(tctx, r->propertyValues[10].buffer, "DynamicWeight", "buffer");
+	torture_assert_int_equal(tctx, r->propertyValues[10].padding.length, 0, "padding.length");
+	torture_assert_int_equal(tctx, r->propertyValues[10].PropertyValues.Syntax, CLUSPROP_SYNTAX_LIST_VALUE_DWORD, "PropertyValues.Syntax");
+	torture_assert_int_equal(tctx, r->propertyValues[10].PropertyValues.Size, 4, "PropertyValues.Size");
+	torture_assert_int_equal(tctx, r->propertyValues[10].PropertyValues.Buffer.length, 4, "PropertyValues.Buffer.length");
+	torture_assert_data_blob_equal(tctx, r->propertyValues[10].PropertyValues.Buffer, blob_dword_one, "Buffer");
+	torture_assert_int_equal(tctx, r->propertyValues[10].PropertyValues.Padding.length, 0, "PropertyValues.Padding.length");
+	torture_assert_int_equal(tctx, r->propertyValues[10].end_mark, CLUSPROP_SYNTAX_ENDMARK, "end_mark");
+
+	torture_assert_int_equal(tctx, r->propertyValues[11].syntax_name, CLUSPROP_SYNTAX_NAME, "syntax_name");
+	torture_assert_int_equal(tctx, r->propertyValues[11].size, 38, "size");
+	torture_assert_str_equal(tctx, r->propertyValues[11].buffer, "NeedsPreventQuorum", "buffer");
+	torture_assert_int_equal(tctx, r->propertyValues[11].padding.length, 0, "padding.length");
+	torture_assert_int_equal(tctx, r->propertyValues[11].PropertyValues.Syntax, CLUSPROP_SYNTAX_LIST_VALUE_DWORD, "PropertyValues.Syntax");
+	torture_assert_int_equal(tctx, r->propertyValues[11].PropertyValues.Size, 4, "PropertyValues.Size");
+	torture_assert_int_equal(tctx, r->propertyValues[11].PropertyValues.Buffer.length, 4, "PropertyValues.Buffer.length");
+	torture_assert_data_blob_equal(tctx, r->propertyValues[11].PropertyValues.Buffer, blob_dword_null, "Buffer");
+	torture_assert_int_equal(tctx, r->propertyValues[11].PropertyValues.Padding.length, 0, "PropertyValues.Padding.length");
+	torture_assert_int_equal(tctx, r->propertyValues[11].end_mark, CLUSPROP_SYNTAX_ENDMARK, "end_mark");
+
+	data_blob_free(&blob_dword_null);
+	data_blob_free(&blob_dword_one);
+	data_blob_free(&blob_dword);
+
+	return true;
+}
+
+struct torture_suite *ndr_clusapi_suite(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "clusapi");
+
+	torture_suite_add_ndr_pull_validate_test(suite,
+					    clusapi_PROPERTY_LIST,
+					    clusapi_PROPERTY_LIST_data,
+					    clusapi_PROPERTY_LIST_check);
+
+	torture_suite_add_ndr_pull_validate_test(suite,
+					    clusapi_PROPERTY_LIST,
+					    clusapi_PROPERTY_LIST_data2,
+					    clusapi_PROPERTY_LIST_check2);
+
+	return suite;
+}
diff --git a/source4/torture/ndr/dcerpc.c b/source4/torture/ndr/dcerpc.c
new file mode 100644
index 0000000..459817d
--- /dev/null
+++ b/source4/torture/ndr/dcerpc.c
@@ -0,0 +1,148 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for dcerpc ndr operations
+
+   Copyright (C) Stefan Metzmacher 2023
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/ndr/ndr.h"
+#include "librpc/gen_ndr/ndr_dcerpc.h"
+#include "torture/ndr/proto.h"
+
+/*
+ *  ncacn_packet: struct ncacn_packet
+ *      rpc_vers                 : 0x05 (5)
+ *      rpc_vers_minor           : 0x00 (0)
+ *      ptype                    : DCERPC_PKT_CO_CANCEL (18)
+ *      pfc_flags                : 0x06 (6)
+ *             0: DCERPC_PFC_FLAG_FIRST
+ *             1: DCERPC_PFC_FLAG_LAST
+ *             1: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
+ *             0: DCERPC_PFC_FLAG_CONC_MPX
+ *             0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
+ *             0: DCERPC_PFC_FLAG_MAYBE
+ *             0: DCERPC_PFC_FLAG_OBJECT_UUID
+ *      drep: ARRAY(4)
+ *          [0]                      : 0x10 (16)
+ *          [1]                      : 0x00 (0)
+ *          [2]                      : 0x00 (0)
+ *          [3]                      : 0x00 (0)
+ *      frag_length              : 0x0010 (16)
+ *      auth_length              : 0x0000 (0)
+ *      call_id                  : 0x00000001 (1)
+ *      u                        : union dcerpc_payload(case 18)
+ *      co_cancel: struct dcerpc_co_cancel
+ *          auth_info                : DATA_BLOB length=0
+ */
+static const uint8_t ncacn_packet_co_cancel_data[] = {
+	0x05, 0x00, 0x12, 0x06, 0x10, 0x00, 0x00, 0x00,
+	0x10, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+};
+
+static bool ncacn_packet_co_cancel_check(struct torture_context *tctx,
+					 struct ncacn_packet *pkt)
+{
+	torture_assert_int_equal(tctx, pkt->rpc_vers, 5, "rpc_vers");
+	torture_assert_int_equal(tctx, pkt->rpc_vers_minor, 0, "rpc_vers_minor");
+	torture_assert_int_equal(tctx, pkt->ptype, DCERPC_PKT_CO_CANCEL, "ptype");
+	torture_assert_int_equal(tctx, pkt->pfc_flags,
+				 DCERPC_PFC_FLAG_LAST |
+				 DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING,
+				 "pfc_flags");
+	torture_assert_int_equal(tctx, pkt->drep[0], DCERPC_DREP_LE, "drep[0]");
+	torture_assert_int_equal(tctx, pkt->drep[1], 0, "drep[1]");
+	torture_assert_int_equal(tctx, pkt->drep[2], 0, "drep[2]");
+	torture_assert_int_equal(tctx, pkt->drep[3], 0, "drep[3]");
+	torture_assert_int_equal(tctx, pkt->frag_length, 16, "frag_length");
+	torture_assert_int_equal(tctx, pkt->auth_length, 0, "auth_length");
+	torture_assert_int_equal(tctx, pkt->call_id, 1, "call_id");
+	torture_assert_int_equal(tctx, pkt->u.co_cancel.auth_info.length, 0,
+				 "co_cancel.auth_info.length");
+	return true;
+}
+
+/*
+ *  ncacn_packet: struct ncacn_packet
+ *      rpc_vers                 : 0x05 (5)
+ *      rpc_vers_minor           : 0x00 (0)
+ *      ptype                    : DCERPC_PKT_ORPHANED (19)
+ *      pfc_flags                : 0x03 (3)
+ *             1: DCERPC_PFC_FLAG_FIRST
+ *             1: DCERPC_PFC_FLAG_LAST
+ *             0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
+ *             0: DCERPC_PFC_FLAG_CONC_MPX
+ *             0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
+ *             0: DCERPC_PFC_FLAG_MAYBE
+ *             0: DCERPC_PFC_FLAG_OBJECT_UUID
+ *      drep: ARRAY(4)
+ *          [0]                      : 0x10 (16)
+ *          [1]                      : 0x00 (0)
+ *          [2]                      : 0x00 (0)
+ *          [3]                      : 0x00 (0)
+ *      frag_length              : 0x0010 (16)
+ *      auth_length              : 0x0000 (0)
+ *      call_id                  : 0x00000008 (8)
+ *      u                        : union dcerpc_payload(case 19)
+ *      orphaned: struct dcerpc_orphaned
+ *          auth_info                : DATA_BLOB length=0
+ */
+static const uint8_t ncacn_packet_orphaned_data[] = {
+	0x05, 0x00, 0x13, 0x03, 0x10, 0x00, 0x00, 0x00,
+	0x10, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00,
+};
+
+static bool ncacn_packet_orphaned_check(struct torture_context *tctx,
+					struct ncacn_packet *pkt)
+{
+	torture_assert_int_equal(tctx, pkt->rpc_vers, 5, "rpc_vers");
+	torture_assert_int_equal(tctx, pkt->rpc_vers_minor, 0, "rpc_vers_minor");
+	torture_assert_int_equal(tctx, pkt->ptype, DCERPC_PKT_ORPHANED, "ptype");
+	torture_assert_int_equal(tctx, pkt->pfc_flags,
+				 DCERPC_PFC_FLAG_FIRST|DCERPC_PFC_FLAG_LAST,
+				 "pfc_flags");
+	torture_assert_int_equal(tctx, pkt->drep[0], DCERPC_DREP_LE, "drep[0]");
+	torture_assert_int_equal(tctx, pkt->drep[1], 0, "drep[1]");
+	torture_assert_int_equal(tctx, pkt->drep[2], 0, "drep[2]");
+	torture_assert_int_equal(tctx, pkt->drep[3], 0, "drep[3]");
+	torture_assert_int_equal(tctx, pkt->frag_length, 16, "frag_length");
+	torture_assert_int_equal(tctx, pkt->auth_length, 0, "auth_length");
+	torture_assert_int_equal(tctx, pkt->call_id, 8, "call_id");
+	torture_assert_int_equal(tctx, pkt->u.orphaned.auth_info.length, 0,
+				 "orphaned.auth_info.length");
+	return true;
+}
+
+struct torture_suite *ndr_dcerpc_suite(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "dcerpc");
+	struct torture_suite *co_cancel = torture_suite_create(ctx, "co_cancel");
+	struct torture_suite *orphaned = torture_suite_create(ctx, "orphaned");
+
+	torture_suite_add_suite(suite, co_cancel);
+	torture_suite_add_ndr_pull_validate_test(co_cancel,
+					ncacn_packet,
+					ncacn_packet_co_cancel_data,
+					ncacn_packet_co_cancel_check);
+
+	torture_suite_add_suite(suite, orphaned);
+	torture_suite_add_ndr_pull_validate_test(orphaned,
+					ncacn_packet,
+					ncacn_packet_orphaned_data,
+					ncacn_packet_orphaned_check);
+
+	return suite;
+}
diff --git a/source4/torture/ndr/dfs.c b/source4/torture/ndr/dfs.c
new file mode 100644
index 0000000..ac80b40
--- /dev/null
+++ b/source4/torture/ndr/dfs.c
@@ -0,0 +1,115 @@
+/* 
+   Unix SMB/CIFS implementation.
+   test suite for dfs ndr operations
+
+   Copyright (C) Jelmer Vernooij 2007
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/ndr/ndr.h"
+#include "librpc/gen_ndr/ndr_dfs.h"
+#include "torture/ndr/proto.h"
+
+static const uint8_t getmanagerversion_out_data[] = {
+  0x04, 0x00, 0x00, 0x00
+};
+
+static bool getmanagerversion_out_check(struct torture_context *tctx,
+										struct dfs_GetManagerVersion *r)
+{
+	torture_assert_int_equal(tctx, *r->out.version, 4, "version");
+	return true;
+}
+
+static const uint8_t enumex_in_data300[] = {
+  0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
+  0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x33, 0x00, 0x64, 0x00, 0x63, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x2c, 0x01, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
+  0x38, 0xf5, 0x07, 0x00, 0x2c, 0x01, 0x00, 0x00, 0x2c, 0x01, 0x00, 0x00,
+  0x40, 0xf5, 0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0xa8, 0xf5, 0x07, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool enumex_in_check300(struct torture_context *tctx,
+							struct dfs_EnumEx *r)
+{
+	torture_assert_str_equal(tctx, r->in.dfs_name, "w2k3dc", "dfs name");
+	torture_assert_int_equal(tctx, r->in.level, 300, "level");
+	torture_assert(tctx, r->in.total != NULL, "total ptr");
+	torture_assert_int_equal(tctx, *r->in.total, 0, "total");
+	torture_assert_int_equal(tctx, r->in.bufsize, -1, "buf size");
+	torture_assert(tctx, r->in.info != NULL, "info ptr");
+	torture_assert_int_equal(tctx, r->in.info->level, 300, "info level");
+	torture_assert(tctx, r->in.info->e.info300->s == NULL, "info data ptr");
+	return true;
+}
+
+
+static const uint8_t enumex_out_data300[] = {
+  0x00, 0x00, 0x02, 0x00, 0x2c, 0x01, 0x00, 0x00, 0x2c, 0x01, 0x00, 0x00,
+  0x04, 0x00, 0x02, 0x00, 0x03, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00,
+  0x03, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x0c, 0x00, 0x02, 0x00,
+  0x00, 0x01, 0x00, 0x00, 0x10, 0x00, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00,
+  0x14, 0x00, 0x02, 0x00, 0x17, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x17, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x57, 0x00, 0x32, 0x00, 0x4b, 0x00,
+  0x33, 0x00, 0x44, 0x00, 0x43, 0x00, 0x5c, 0x00, 0x73, 0x00, 0x74, 0x00,
+  0x61, 0x00, 0x6e, 0x00, 0x64, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x6f, 0x00,
+  0x6e, 0x00, 0x65, 0x00, 0x72, 0x00, 0x6f, 0x00, 0x6f, 0x00, 0x74, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x18, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x57, 0x00, 0x32, 0x00, 0x4b, 0x00,
+  0x33, 0x00, 0x44, 0x00, 0x43, 0x00, 0x5c, 0x00, 0x73, 0x00, 0x74, 0x00,
+  0x61, 0x00, 0x6e, 0x00, 0x64, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x6f, 0x00,
+  0x6e, 0x00, 0x65, 0x00, 0x72, 0x00, 0x6f, 0x00, 0x6f, 0x00, 0x74, 0x00,
+  0x32, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x18, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x57, 0x00, 0x32, 0x00, 0x4b, 0x00,
+  0x33, 0x00, 0x44, 0x00, 0x4f, 0x00, 0x4d, 0x00, 0x5c, 0x00, 0x74, 0x00,
+  0x65, 0x00, 0x73, 0x00, 0x74, 0x00, 0x64, 0x00, 0x6f, 0x00, 0x6d, 0x00,
+  0x61, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x72, 0x00, 0x6f, 0x00, 0x6f, 0x00,
+  0x74, 0x00, 0x00, 0x00, 0x18, 0x00, 0x02, 0x00, 0x03, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00
+};
+
+static bool enumex_out_check300(struct torture_context *tctx,
+							struct dfs_EnumEx *r)
+{
+	torture_assert_werr_ok(tctx, r->out.result, "return code");
+	torture_assert(tctx, r->out.total != NULL, "total ptr");
+	torture_assert_int_equal(tctx, *r->out.total, 3, "total");
+	torture_assert(tctx, r->out.info != NULL, "info ptr");
+	torture_assert_int_equal(tctx, r->out.info->level, 300, "info level");
+	torture_assert(tctx, r->out.info->e.info300 != NULL, "info data ptr");
+	torture_assert_int_equal(tctx, r->out.info->e.info300->count, 3, "info enum array");
+	torture_assert_str_equal(tctx, r->out.info->e.info300->s[0].dom_root, "\\W2K3DC\\standaloneroot", "info enum array 0");
+	torture_assert_int_equal(tctx, r->out.info->e.info300->s[0].flavor, 256, "info enum flavor 0");
+	torture_assert_str_equal(tctx, r->out.info->e.info300->s[1].dom_root, "\\W2K3DC\\standaloneroot2", "info enum array 1");
+	torture_assert_int_equal(tctx, r->out.info->e.info300->s[1].flavor, 256, "info enum flavor 1");
+	torture_assert_str_equal(tctx, r->out.info->e.info300->s[2].dom_root, "\\W2K3DOM\\testdomainroot", "info enum array 2");
+	torture_assert_int_equal(tctx, r->out.info->e.info300->s[2].flavor, 512, "info enum flavor 2");
+	return true;
+}
+
+struct torture_suite *ndr_dfs_suite(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "dfs");
+
+	torture_suite_add_ndr_pull_fn_test(suite, dfs_GetManagerVersion, getmanagerversion_out_data, NDR_OUT, getmanagerversion_out_check );
+
+	torture_suite_add_ndr_pull_fn_test(suite, dfs_EnumEx, enumex_in_data300, NDR_IN, enumex_in_check300 );
+	torture_suite_add_ndr_pull_fn_test(suite, dfs_EnumEx, enumex_out_data300, NDR_OUT, enumex_out_check300 );
+
+	return suite;
+}
+
diff --git a/source4/torture/ndr/dfsblob.c b/source4/torture/ndr/dfsblob.c
new file mode 100644
index 0000000..81db322
--- /dev/null
+++ b/source4/torture/ndr/dfsblob.c
@@ -0,0 +1,85 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Test DFS blobs.
+
+   Copyright (C) Matthieu Patou <mat@matws.net> 2009-2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/ndr/ndr.h"
+#include "librpc/gen_ndr/ndr_dfsblobs.h"
+#include "torture/ndr/proto.h"
+#include "librpc/gen_ndr/dfsblobs.h"
+
+DATA_BLOB blob;
+static const uint8_t dfs_get_ref_in[] = {
+	0x03, 0x00, 0x5c, 0x00, 0x57, 0x00, 0x32, 0x00,
+	0x4b, 0x00, 0x33, 0x00, 0x00, 0x00 };
+
+static const uint8_t dfs_get_ref_out[] = {
+	0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x03, 0x00, 0x22, 0x00, 0x00, 0x00, 0x02, 0x00,
+	0x58, 0x02, 0x00, 0x00, 0x22, 0x00, 0x01, 0x00,
+	0x3a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x5c, 0x00, 0x6d, 0x00, 0x73, 0x00,
+	0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x33, 0x00,
+	0x2e, 0x00, 0x74, 0x00, 0x73, 0x00, 0x74, 0x00,
+	0x00, 0x00, 0x5c, 0x00, 0x77, 0x00, 0x32, 0x00,
+	0x6b, 0x00, 0x33, 0x00, 0x61, 0x00, 0x64, 0x00,
+	0x76, 0x00, 0x7a, 0x00, 0x30, 0x00, 0x31, 0x00,
+	0x2e, 0x00, 0x6d, 0x00, 0x73, 0x00, 0x77, 0x00,
+	0x32, 0x00, 0x6b, 0x00, 0x33, 0x00, 0x2e, 0x00,
+	0x74, 0x00, 0x73, 0x00, 0x74, 0x00, 0x00, 0x00};
+
+static const uint8_t dfs_get_ref_out2[] = {
+	0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x03, 0x00, 0x12, 0x00, 0x00, 0x00, 0x02, 0x00,
+	0x58, 0x02, 0x00, 0x00, 0x24, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x03, 0x00, 0x12, 0x00, 0x00, 0x00,
+	0x02, 0x00, 0x58, 0x02, 0x00, 0x00, 0x22, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x57, 0x00,
+	0x32, 0x00, 0x4b, 0x00, 0x38, 0x00, 0x52, 0x00,
+	0x32, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x77, 0x00,
+	0x32, 0x00, 0x6b, 0x00, 0x38, 0x00, 0x72, 0x00,
+	0x32, 0x00, 0x2e, 0x00, 0x6d, 0x00, 0x61, 0x00,
+	0x74, 0x00, 0x77, 0x00, 0x73, 0x00, 0x2e, 0x00,
+	0x6e, 0x00, 0x65, 0x00, 0x74, 0x00, 0x00, 0x00
+};
+static bool dfs_referral_out_check(struct torture_context *tctx, struct dfs_referral_resp *r)
+{
+	torture_assert_str_equal(tctx,
+		r->referral_entries[0].referral.v3.referrals.r2.special_name,
+		"\\msw2k3.tst", "Special name");
+	ndr_push_struct_blob(&blob, tctx, r, (ndr_push_flags_fn_t)ndr_push_dfs_referral_resp);
+	torture_assert_int_equal(tctx, blob.data[blob.length-2], 0, "expanded names not null terminated");
+	torture_assert_int_equal(tctx, blob.data[blob.length-1], 0, "expanded names not null terminated");
+	return true;
+}
+
+struct torture_suite *ndr_dfsblob_suite(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "dfsblob");
+
+	torture_suite_add_ndr_pull_test(suite, dfs_GetDFSReferral_in, dfs_get_ref_in, NULL);
+
+	torture_suite_add_ndr_pull_test(suite, dfs_referral_resp, dfs_get_ref_out2, NULL);
+
+	torture_suite_add_ndr_pull_test(suite, dfs_referral_resp, dfs_get_ref_out,dfs_referral_out_check);
+
+	return suite;
+}
diff --git a/source4/torture/ndr/dnsp.c b/source4/torture/ndr/dnsp.c
new file mode 100644
index 0000000..3fc58c9
--- /dev/null
+++ b/source4/torture/ndr/dnsp.c
@@ -0,0 +1,389 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for dnsp ndr operations
+
+   Copyright (C) Stefan Metzmacher 2019
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/ndr/ndr.h"
+#include "librpc/gen_ndr/ndr_dnsp.h"
+#include "torture/ndr/proto.h"
+#include "lib/util/base64.h"
+
+/*
+ * base64_decode_data_blob_talloc() => dump_data() gives:
+ *
+ * [0000] 0C 00 00 00 00 00 00 00   00 00 00 00 01 00 00 00   ........ ........
+ * [0010] 81 00 00 00 02 00 00 00   AC 1F 63 21 AC 1F 63 2C   ........ ..c!..c,
+ * [0020] 00 00 00 00
+ */
+static const char *dnsp_dnsProperty_ip4_array_b64 =
+	"DAAAAAAAAAAAAAAAAQAAAIEAAAACAAAArB9jIawfYywAAAAA";
+
+static bool dnsp_dnsProperty_ip4_array_check(struct torture_context *tctx,
+					     struct dnsp_DnsProperty *r)
+{
+	/*
+	 * NDR_PRINT_DEBUG(dnsp_DnsProperty, r); gave:
+	 *
+	 *  r: struct dnsp_DnsProperty
+	 *     wDataLength              : 0x0000000c (12)
+	 *     namelength               : 0x00000000 (0)
+	 *     flag                     : 0x00000000 (0)
+	 *     version                  : 0x00000001 (1)
+	 *     id                       : DSPROPERTY_ZONE_MASTER_SERVERS (129)
+	 *     data                     : union dnsPropertyData(case 129)
+	 *     master_servers: struct dnsp_ip4_array
+	 *         addrCount                : 0x00000002 (2)
+	 *         addrArray: ARRAY(2)
+	 *             addrArray                : 0x21631fac (560144300)
+	 *             addrArray                : 0x2c631fac (744693676)
+	 *     name                     : 0x00000000 (0)
+	 *
+	 */
+
+	torture_assert_int_equal(tctx, r->wDataLength, 12, "wDataLength");
+	torture_assert_int_equal(tctx, r->namelength, 0, "namelength");
+	torture_assert_int_equal(tctx, r->flag, 0, "flag");
+	torture_assert_int_equal(tctx, r->version, 1, "version");
+	torture_assert_int_equal(tctx, r->id, DSPROPERTY_ZONE_MASTER_SERVERS, "id");
+	torture_assert_int_equal(tctx, r->data.master_servers.addrCount, 2, "addrCount");
+	/*
+	 * This should be an array of [flag(NDR_BIG_ENDIAN)] ipv4address
+	 * instead of uint32!
+	 * 0x21631fac is 172.31.99.33
+	 * 0x2c631fac is 172.31.99.44
+	 */
+	torture_assert_int_equal(tctx, r->data.master_servers.addrArray[0], 0x21631fac, "addrArray[0]");
+	torture_assert_int_equal(tctx, r->data.master_servers.addrArray[1], 0x2c631fac, "addrArray[1]");
+	torture_assert_int_equal(tctx, r->name, 0, "name");
+
+	return true;
+}
+
+/*
+ * base64_decode_data_blob_talloc() => dump_data() gives:
+ *
+ * [0000] E0 00 00 00 00 00 00 00   00 00 00 00 01 00 00 00   ........ ........
+ * [0010] 91 00 00 00 03 00 00 00   03 00 00 00 00 00 00 00   ........ ........
+ * [0020] 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
+ * [0030] 00 00 00 00 02 00 00 35   AC 1F 63 21 00 00 00 00   .......5 ..c!....
+ * [0040] 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
+ * [0050] 00 00 00 00 10 00 00 00   00 00 00 00 00 00 00 00   ........ ........
+ * [0060] 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
+ * [0070] 00 00 00 00 02 00 00 35   AC 1F 63 2C 00 00 00 00   .......5 ..c,....
+ * [0080] 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
+ * [0090] 00 00 00 00 10 00 00 00   00 00 00 00 00 00 00 00   ........ ........
+ * [00A0] 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
+ * [00B0] 00 00 00 00 17 00 00 35   00 00 00 00 FD 3A AA A3   .......5 .....:..
+ * [00C0] EE 87 FF 09 02 00 00 FF   FE 99 FF FF 00 00 00 00   ........ ........
+ * [00D0] 00 00 00 00 1C 00 00 00   00 00 00 00 00 00 00 00   ........ ........
+ * [00E0] 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
+ * [00F0] 00 00 00 00 00 00 00 00                             ........
+ */
+static const char *dnsp_dnsProperty_addr_array_b64 =
+	"4AAAAAAAAAAAAAAAAQAAAJEAAAADAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+	"AAAAAAIAADWsH2MhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAA"
+	"AAAAAAAAAAAAAAAAAAAAAAAAAAACAAA1rB9jLAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+	"AAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwAANQAAAAD9Oqqj"
+	"7of/CQIAAP/+mf//AAAAAAAAAAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+	"AAAAAAAAAAA=DAAAAAAAAAAAAAAAAQAAAIEAAAACAAAArB9jIawfYywAAAAA";
+
+static bool dnsp_dnsProperty_addr_array_check(struct torture_context *tctx,
+					      struct dnsp_DnsProperty *r)
+{
+	const struct dnsp_dns_addr_array *da = NULL;
+	const struct dnsp_dns_addr *a0 = NULL;
+	const struct dnsp_dns_addr *a1 = NULL;
+	const struct dnsp_dns_addr *a2 = NULL;
+
+	/*
+	 * NDR_PRINT_DEBUG(dnsp_DnsProperty, r); gave:
+	 *
+	 * r: struct dnsp_DnsProperty
+	 *    wDataLength              : 0x000000e0 (224)
+	 *    namelength               : 0x00000000 (0)
+	 *    flag                     : 0x00000000 (0)
+	 *    version                  : 0x00000001 (1)
+	 *    id                       : DSPROPERTY_ZONE_MASTER_SERVERS_DA (145)
+	 *    data                     : union dnsPropertyData(case 145)
+	 *    z_master_servers: struct dnsp_dns_addr_array
+	 *        MaxCount                 : 0x00000003 (3)
+	 *        AddrCount                : 0x00000003 (3)
+	 *        Tag                      : 0x00000000 (0)
+	 *        Family                   : 0x0000 (0)
+	 *        Reserved0                : 0x0000 (0)
+	 *        Flags                    : 0x00000000 (0)
+	 *        MatchFlag                : 0x00000000 (0)
+	 *        Reserved1                : 0x00000000 (0)
+	 *        Reserved2                : 0x00000000 (0)
+	 *        AddrArray: ARRAY(3)
+	 *            AddrArray: struct dnsp_dns_addr
+	 *                family                   : 0x0002 (2)
+	 *                port                     : 0x0035 (53)
+	 *                ipv4                     : 172.31.99.33
+	 *                ipv6                     : 0000:0000:0000:0000:0000:0000:0000:0000
+	 *                pad: ARRAY(8)
+	 *                    [0]                      : 0x00 (0)
+	 *                    [1]                      : 0x00 (0)
+	 *                    [2]                      : 0x00 (0)
+	 *                    [3]                      : 0x00 (0)
+	 *                    [4]                      : 0x00 (0)
+	 *                    [5]                      : 0x00 (0)
+	 *                    [6]                      : 0x00 (0)
+	 *                    [7]                      : 0x00 (0)
+	 *                unused: ARRAY(8)
+	 *                    unused                   : 0x00000010 (16)
+	 *                    unused                   : 0x00000000 (0)
+	 *                    unused                   : 0x00000000 (0)
+	 *                    unused                   : 0x00000000 (0)
+	 *                    unused                   : 0x00000000 (0)
+	 *                    unused                   : 0x00000000 (0)
+	 *                    unused                   : 0x00000000 (0)
+	 *                    unused                   : 0x00000000 (0)
+	 *            AddrArray: struct dnsp_dns_addr
+	 *                family                   : 0x0002 (2)
+	 *                port                     : 0x0035 (53)
+	 *                ipv4                     : 172.31.99.44
+	 *                ipv6                     : 0000:0000:0000:0000:0000:0000:0000:0000
+	 *                pad: ARRAY(8)
+	 *                    [0]                      : 0x00 (0)
+	 *                    [1]                      : 0x00 (0)
+	 *                    [2]                      : 0x00 (0)
+	 *                    [3]                      : 0x00 (0)
+	 *                    [4]                      : 0x00 (0)
+	 *                    [5]                      : 0x00 (0)
+	 *                    [6]                      : 0x00 (0)
+	 *                    [7]                      : 0x00 (0)
+	 *                unused: ARRAY(8)
+	 *                    unused                   : 0x00000010 (16)
+	 *                    unused                   : 0x00000000 (0)
+	 *                    unused                   : 0x00000000 (0)
+	 *                    unused                   : 0x00000000 (0)
+	 *                    unused                   : 0x00000000 (0)
+	 *                    unused                   : 0x00000000 (0)
+	 *                    unused                   : 0x00000000 (0)
+	 *                    unused                   : 0x00000000 (0)
+	 *            AddrArray: struct dnsp_dns_addr
+	 *                family                   : 0x0017 (23)
+	 *                port                     : 0x0035 (53)
+	 *                ipv4                     : 0.0.0.0
+	 *                ipv6                     : fd3a:aaa3:ee87:ff09:0200:00ff:fe99:ffff
+	 *                pad: ARRAY(8)
+	 *                    [0]                      : 0x00 (0)
+	 *                    [1]                      : 0x00 (0)
+	 *                    [2]                      : 0x00 (0)
+	 *                    [3]                      : 0x00 (0)
+	 *                    [4]                      : 0x00 (0)
+	 *                    [5]                      : 0x00 (0)
+	 *                    [6]                      : 0x00 (0)
+	 *                    [7]                      : 0x00 (0)
+	 *                unused: ARRAY(8)
+	 *                    unused                   : 0x0000001c (28)
+	 *                    unused                   : 0x00000000 (0)
+	 *                    unused                   : 0x00000000 (0)
+	 *                    unused                   : 0x00000000 (0)
+	 *                    unused                   : 0x00000000 (0)
+	 *                    unused                   : 0x00000000 (0)
+	 *                    unused                   : 0x00000000 (0)
+	 *                    unused                   : 0x00000000 (0)
+	 *    name                     : 0x00000000 (0)
+	 *
+	 */
+
+	torture_assert_int_equal(tctx, r->wDataLength, 224, "wDataLength");
+	torture_assert_int_equal(tctx, r->namelength, 0, "namelength");
+	torture_assert_int_equal(tctx, r->flag, 0, "flag");
+	torture_assert_int_equal(tctx, r->version, 1, "version");
+	torture_assert_int_equal(tctx, r->id, DSPROPERTY_ZONE_MASTER_SERVERS_DA, "id");
+	da = &r->data.z_master_servers;
+	torture_assert_int_equal(tctx, da->MaxCount, 3, "MaxCount");
+	torture_assert_int_equal(tctx, da->AddrCount, 3, "AddrCount");
+	torture_assert_int_equal(tctx, da->Tag, 0, "Tag");
+	torture_assert_int_equal(tctx, da->Family, 0, "Family");
+	torture_assert_int_equal(tctx, da->Reserved0, 0, "Reserved0");
+	torture_assert_int_equal(tctx, da->Flags, 0, "Flags");
+	torture_assert_int_equal(tctx, da->MatchFlag, 0, "MatchFlag");
+	torture_assert_int_equal(tctx, da->Reserved1, 0, "Reserved1");
+	torture_assert_int_equal(tctx, da->Reserved2, 0, "Reserved2");
+	a0 = &da->AddrArray[0];
+	torture_assert_int_equal(tctx, a0->family, 2, "family v4");
+	torture_assert_int_equal(tctx, a0->port, 53, "port");
+	torture_assert_str_equal(tctx, a0->ipv4, "172.31.99.33", "ipv4");
+	torture_assert_str_equal(tctx, a0->ipv6,
+				 "0000:0000:0000:0000:0000:0000:0000:0000",
+				 "ipv6 (zero)");
+	torture_assert_int_equal(tctx, a0->pad[0], 0, "pad[0]");
+	torture_assert_int_equal(tctx, a0->pad[1], 0, "pad[1]");
+	torture_assert_int_equal(tctx, a0->pad[2], 0, "pad[2]");
+	torture_assert_int_equal(tctx, a0->pad[3], 0, "pad[3]");
+	torture_assert_int_equal(tctx, a0->pad[4], 0, "pad[4]");
+	torture_assert_int_equal(tctx, a0->pad[5], 0, "pad[5]");
+	torture_assert_int_equal(tctx, a0->pad[6], 0, "pad[6]");
+	torture_assert_int_equal(tctx, a0->pad[7], 0, "pad[7]");
+	torture_assert_int_equal(tctx, a0->unused[0], 16, "unused[0]");
+	torture_assert_int_equal(tctx, a0->unused[1], 0, "unused[1]");
+	torture_assert_int_equal(tctx, a0->unused[2], 0, "unused[2]");
+	torture_assert_int_equal(tctx, a0->unused[3], 0, "unused[3]");
+	torture_assert_int_equal(tctx, a0->unused[4], 0, "unused[4]");
+	torture_assert_int_equal(tctx, a0->unused[5], 0, "unused[5]");
+	torture_assert_int_equal(tctx, a0->unused[6], 0, "unused[6]");
+	torture_assert_int_equal(tctx, a0->unused[7], 0, "unused[7]");
+	a1 = &da->AddrArray[1];
+	torture_assert_int_equal(tctx, a1->family, 2, "family v4");
+	torture_assert_int_equal(tctx, a1->port, 53, "port");
+	torture_assert_str_equal(tctx, a1->ipv4, "172.31.99.44", "ipv4");
+	torture_assert_str_equal(tctx, a1->ipv6,
+				 "0000:0000:0000:0000:0000:0000:0000:0000",
+				 "ipv6 (zero)");
+	torture_assert_int_equal(tctx, a1->pad[0], 0, "pad[0]");
+	torture_assert_int_equal(tctx, a1->pad[1], 0, "pad[1]");
+	torture_assert_int_equal(tctx, a1->pad[2], 0, "pad[2]");
+	torture_assert_int_equal(tctx, a1->pad[3], 0, "pad[3]");
+	torture_assert_int_equal(tctx, a1->pad[4], 0, "pad[4]");
+	torture_assert_int_equal(tctx, a1->pad[5], 0, "pad[5]");
+	torture_assert_int_equal(tctx, a1->pad[6], 0, "pad[6]");
+	torture_assert_int_equal(tctx, a1->pad[7], 0, "pad[7]");
+	torture_assert_int_equal(tctx, a1->unused[0], 16, "unused[0]");
+	torture_assert_int_equal(tctx, a1->unused[1], 0, "unused[1]");
+	torture_assert_int_equal(tctx, a1->unused[2], 0, "unused[2]");
+	torture_assert_int_equal(tctx, a1->unused[3], 0, "unused[3]");
+	torture_assert_int_equal(tctx, a1->unused[4], 0, "unused[4]");
+	torture_assert_int_equal(tctx, a1->unused[5], 0, "unused[5]");
+	torture_assert_int_equal(tctx, a1->unused[6], 0, "unused[6]");
+	torture_assert_int_equal(tctx, a1->unused[7], 0, "unused[7]");
+	a2 = &da->AddrArray[2];
+	torture_assert_int_equal(tctx, a2->family, 23, "family v6");
+	torture_assert_int_equal(tctx, a2->port, 53, "port");
+	torture_assert_str_equal(tctx, a2->ipv4, "0.0.0.0", "ipv4 (zero)");
+	torture_assert_str_equal(tctx, a2->ipv6,
+				 "fd3a:aaa3:ee87:ff09:0200:00ff:fe99:ffff",
+				 "ipv6");
+	torture_assert_int_equal(tctx, a2->pad[0], 0, "pad[0]");
+	torture_assert_int_equal(tctx, a2->pad[1], 0, "pad[1]");
+	torture_assert_int_equal(tctx, a2->pad[2], 0, "pad[2]");
+	torture_assert_int_equal(tctx, a2->pad[3], 0, "pad[3]");
+	torture_assert_int_equal(tctx, a2->pad[4], 0, "pad[4]");
+	torture_assert_int_equal(tctx, a2->pad[5], 0, "pad[5]");
+	torture_assert_int_equal(tctx, a2->pad[6], 0, "pad[6]");
+	torture_assert_int_equal(tctx, a2->pad[7], 0, "pad[7]");
+	torture_assert_int_equal(tctx, a2->unused[0], 28, "unused[0]");
+	torture_assert_int_equal(tctx, a2->unused[1], 0, "unused[1]");
+	torture_assert_int_equal(tctx, a2->unused[2], 0, "unused[2]");
+	torture_assert_int_equal(tctx, a2->unused[3], 0, "unused[3]");
+	torture_assert_int_equal(tctx, a2->unused[4], 0, "unused[4]");
+	torture_assert_int_equal(tctx, a2->unused[5], 0, "unused[5]");
+	torture_assert_int_equal(tctx, a2->unused[6], 0, "unused[6]");
+	torture_assert_int_equal(tctx, a2->unused[7], 0, "unused[7]");
+	torture_assert_int_equal(tctx, r->name, 0, "name");
+
+	return true;
+}
+
+/*
+ * base64_decode_data_blob_talloc() => dump_data() gives:
+ *
+ * [0000] 26 00 00 00 01 EE C4 71   00 00 00 00 01 00 00 00   &......q ........
+ * [0010] 80 00 00 00 77 00 32 00   6B 00 33 00 2D 00 31 00   ....w.2. k.3.-.1.
+ * [0020] 39 00 31 00 2E 00 77 00   32 00 6B 00 33 00 2E 00   9.1...w. 2.k.3...
+ * [0030] 62 00 61 00 73 00 65 00   00 00 C4 71 EC F3         b.a.s.e. ...q..
+ */
+static const char *dnsp_dnsProperty_deleted_by_b64 =
+	"JgAAAAHuxHEAAAAAAQAAAIAAAAB3ADIAawAzAC0AMQA5ADEALgB3ADIAawAzAC4A"
+	"YgBhAHMAZQAAAMRx7PM=";
+
+static bool dnsp_dnsProperty_deleted_by_check(struct torture_context *tctx,
+					      struct dnsp_DnsProperty *r)
+{
+	/*
+	 * NDR_PRINT_DEBUG(dnsp_DnsProperty, r); gave:
+	 *
+	 * r: struct dnsp_DnsProperty
+	 *     wDataLength              : 0x00000026 (38)
+	 *     namelength               : 0x71c4ee01 (1908731393)
+	 *     flag                     : 0x00000000 (0)
+	 *     version                  : 0x00000001 (1)
+	 *     id                       : DSPROPERTY_ZONE_DELETED_FROM_HOSTNAME (128)
+	 *     data                     : union dnsPropertyData(case 128)
+	 *     deleted_by_hostname      : 'w2k3-191.w2k3.base'
+	 *     name                     : 0xf3ec71c4 (4092359108)
+	 *
+	 * Note Windows 2003 didn't seem to initialize namelength and name
+	 * both are 'Not Used. The value MUST be ignored ...'
+	 */
+
+	torture_assert_int_equal(tctx, r->wDataLength, 38, "wDataLength");
+	torture_assert_int_equal(tctx, r->namelength, 1908731393, "namelength (random)");
+	torture_assert_int_equal(tctx, r->flag, 0, "flag");
+	torture_assert_int_equal(tctx, r->version, 1, "version");
+	torture_assert_int_equal(tctx, r->id, DSPROPERTY_ZONE_DELETED_FROM_HOSTNAME, "id");
+	torture_assert_str_equal(tctx, r->data.deleted_by_hostname, "w2k3-191.w2k3.base", "hostname");
+	torture_assert_int_equal(tctx, r->name, 0xf3ec71c4, "name (random)");
+
+	return true;
+}
+
+/*
+ * Copy of dnsp_dnsProperty_deleted_by_b64 with wDataLength set to 0
+ * and no data in the data element.
+ * This is a reproducer for https://bugzilla.samba.org/show_bug.cgi?id=14206
+ * The dns_property_id was retained so once parsed this structure referenced
+ * memory past it's end.
+ *
+ * [0000] 00 00 00 00 01 EE C4 71   00 00 00 00 01 00 00 00   &......q ........
+ * [0010] 80 00 00 00 77 00 32 00   6B 00 33 00 2D 00 31 00   ....w.2. k.3.-.1.
+ * [0020] 39 00 31 00 2E 00 77 00   32 00 6B 00 33 00 2E 00   9.1...w. 2.k.3...
+ * [0030] 62 00 61 00 73 00 65 00   00 00 C4 71 EC F3         b.a.s.e. ...q..
+ */
+static const uint8_t dnsp_dnsProperty_deleted_by_zero_wDataLength[] = {
+	0x00, 0x00, 0x00, 0x00, 0x01, 0xEE, 0xC4, 0x71, 0x00, 0x00, 0x00,
+	0x00, 0x01, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00,
+	0xC4, 0x71, 0xEC, 0xF3 };
+
+struct torture_suite *ndr_dnsp_suite(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "dnsp");
+
+	torture_suite_add_ndr_pull_validate_test_b64(
+		suite,
+		dnsp_DnsProperty,
+		"ZONE_MASTER_SERVERS",
+		dnsp_dnsProperty_ip4_array_b64,
+		dnsp_dnsProperty_ip4_array_check);
+
+	torture_suite_add_ndr_pull_validate_test_b64(
+		suite,
+		dnsp_DnsProperty,
+		"ZONE_MASTER_SERVERS_DA",
+		dnsp_dnsProperty_addr_array_b64,
+		dnsp_dnsProperty_addr_array_check);
+
+	torture_suite_add_ndr_pull_validate_test_b64(
+		suite,
+		dnsp_DnsProperty,
+		"DELETED_FROM_HOSTNAME",
+		dnsp_dnsProperty_deleted_by_b64,
+		dnsp_dnsProperty_deleted_by_check);
+
+	torture_suite_add_ndr_pull_invalid_data_test(
+		suite,
+		dnsp_DnsProperty,
+		dnsp_dnsProperty_deleted_by_zero_wDataLength,
+		NDR_ERR_BUFSIZE);
+
+	return suite;
+}
diff --git a/source4/torture/ndr/drsblobs.c b/source4/torture/ndr/drsblobs.c
new file mode 100644
index 0000000..0ef2d95
--- /dev/null
+++ b/source4/torture/ndr/drsblobs.c
@@ -0,0 +1,558 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for drsblobs ndr operations
+
+   Copyright (C) Guenther Deschner 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/ndr/ndr.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "torture/ndr/proto.h"
+#include "lib/util/base64.h"
+
+static const uint8_t forest_trust_info_data_out[] = {
+	0x01, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x3e, 0xca, 0xca, 0x01, 0x00, 0xaf, 0xd5, 0x9b,
+	0x00, 0x07, 0x00, 0x00, 0x00, 0x66, 0x32, 0x2e, 0x74, 0x65, 0x73, 0x74,
+	0x3a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3e, 0xca, 0xca, 0x01,
+	0x00, 0xaf, 0xd5, 0x9b, 0x02, 0x18, 0x00, 0x00, 0x00, 0x01, 0x04, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00, 0x68, 0x4a, 0x64,
+	0x28, 0xac, 0x88, 0xa2, 0x74, 0x17, 0x3e, 0x2d, 0x8f, 0x07, 0x00, 0x00,
+	0x00, 0x66, 0x32, 0x2e, 0x74, 0x65, 0x73, 0x74, 0x02, 0x00, 0x00, 0x00,
+	0x46, 0x32
+};
+
+static bool forest_trust_info_check_out(struct torture_context *tctx,
+					struct ForestTrustInfo *r)
+{
+	torture_assert_int_equal(tctx, r->version, 1, "version");
+	torture_assert_int_equal(tctx, r->count, 2, "count");
+	torture_assert_int_equal(tctx, r->records[0].record_size, 0x00000018, "record size");
+	torture_assert_int_equal(tctx, r->records[0].record.flags, 0, "record flags");
+	torture_assert_u64_equal(tctx, r->records[0].record.timestamp, 0x9BD5AF0001CACA3EULL, "record timestamp");
+	torture_assert_int_equal(tctx, r->records[0].record.type, FOREST_TRUST_TOP_LEVEL_NAME, "record type");
+	torture_assert_int_equal(tctx, r->records[0].record.data.name.size, 7, "record name size");
+	torture_assert_str_equal(tctx, r->records[0].record.data.name.string, "f2.test", "record name string");
+	torture_assert_int_equal(tctx, r->records[1].record_size, 0x0000003a, "record size");
+	torture_assert_int_equal(tctx, r->records[1].record.flags, 0, "record flags");
+	torture_assert_u64_equal(tctx, r->records[1].record.timestamp, 0x9BD5AF0001CACA3EULL, "record timestamp");
+	torture_assert_int_equal(tctx, r->records[1].record.type, FOREST_TRUST_DOMAIN_INFO, "record type");
+	torture_assert_int_equal(tctx, r->records[1].record.data.info.sid_size, 0x00000018, "record info sid_size");
+	torture_assert_sid_equal(tctx, &r->records[1].record.data.info.sid, dom_sid_parse_talloc(tctx, "S-1-5-21-677661288-1956808876-2402106903"), "record info sid");
+	torture_assert_int_equal(tctx, r->records[1].record.data.info.dns_name.size, 7, "record name size");
+	torture_assert_str_equal(tctx, r->records[1].record.data.info.dns_name.string, "f2.test", "record info dns_name string");
+	torture_assert_int_equal(tctx, r->records[1].record.data.info.netbios_name.size, 2, "record info netbios_name size");
+	torture_assert_str_equal(tctx, r->records[1].record.data.info.netbios_name.string, "F2", "record info netbios_name string");
+
+	return true;
+}
+
+static const uint8_t trust_domain_passwords_in[] = {
+	0x34, 0x1f, 0x6e, 0xcd, 0x5f, 0x14, 0x99, 0xf9, 0xd8, 0x34, 0x9f, 0x1d,
+	0x1c, 0xcf, 0x1f, 0x02, 0xb8, 0x30, 0xcc, 0x77, 0x21, 0xc1, 0xf3, 0xe2,
+	0xcf, 0x32, 0xe7, 0xf7, 0x86, 0x49, 0x28, 0xa0, 0x57, 0x81, 0xa0, 0x72,
+	0x95, 0xd5, 0xa7, 0x49, 0xd7, 0xe7, 0x6f, 0xd1, 0x56, 0x91, 0x44, 0xb7,
+	0xe2, 0x4e, 0x48, 0xd2, 0x3e, 0x39, 0xfe, 0x79, 0xd9, 0x1d, 0x4a, 0x92,
+	0xc7, 0xbb, 0xe3, 0x65, 0x38, 0x28, 0xb3, 0xb5, 0x6d, 0x1a, 0xfc, 0xf9,
+	0xd1, 0xe9, 0xc0, 0x8a, 0x52, 0x5a, 0x86, 0xc1, 0x60, 0x45, 0x85, 0xaa,
+	0x20, 0xd8, 0xb4, 0x1f, 0x67, 0x6e, 0xe9, 0xc8, 0xed, 0x52, 0x08, 0x65,
+	0xd2, 0x5a, 0x3c, 0xb8, 0xdd, 0x5d, 0xef, 0x59, 0x54, 0x90, 0x75, 0x35,
+	0x23, 0x12, 0x92, 0xac, 0xf1, 0x76, 0xb0, 0x16, 0x3d, 0xd8, 0xea, 0x96,
+	0xd1, 0xd5, 0x27, 0x37, 0xbe, 0xb8, 0x30, 0x60, 0xab, 0xda, 0x21, 0xc1,
+	0x61, 0x66, 0x85, 0xbc, 0x4b, 0xf2, 0x0d, 0x8d, 0x28, 0x1f, 0x02, 0x1c,
+	0xcf, 0x39, 0x99, 0x14, 0x6b, 0x1a, 0x59, 0x66, 0x8d, 0x9f, 0x6f, 0x5a,
+	0x3d, 0x3d, 0xb4, 0x1e, 0x7d, 0xf4, 0xc3, 0xc6, 0xed, 0xed, 0x87, 0xb1,
+	0x35, 0x08, 0xf7, 0x7f, 0x61, 0x00, 0x4b, 0x0d, 0xa7, 0xb7, 0x59, 0x53,
+	0xc3, 0x97, 0x55, 0xf9, 0x86, 0x2e, 0x29, 0x6d, 0x00, 0x38, 0xde, 0xe1,
+	0x80, 0x37, 0xf4, 0xcb, 0x8d, 0x0d, 0x0d, 0x1f, 0x1c, 0x99, 0xf1, 0x24,
+	0x61, 0x14, 0x6b, 0x1a, 0xd9, 0x31, 0xc8, 0x6e, 0xd6, 0x98, 0xab, 0xdb,
+	0xb8, 0xaf, 0x99, 0xf9, 0xf4, 0x4c, 0xfe, 0x4b, 0x0d, 0xbb, 0x4f, 0xcc,
+	0x63, 0xd3, 0xf0, 0x0c, 0xd1, 0xd6, 0x11, 0x30, 0x68, 0x45, 0x98, 0x07,
+	0x44, 0x80, 0xca, 0xa4, 0x7b, 0x10, 0x5b, 0x0b, 0x33, 0xb6, 0x8c, 0xa4,
+	0x8f, 0xf1, 0x2b, 0xbf, 0xa2, 0x22, 0xd7, 0xcc, 0x92, 0x34, 0x0b, 0xa0,
+	0x05, 0xdf, 0x2f, 0xe3, 0x66, 0x0d, 0x9f, 0x09, 0x84, 0xdb, 0x0b, 0x3a,
+	0xfa, 0xd5, 0xa7, 0x1c, 0x46, 0x01, 0xa0, 0x3c, 0x02, 0x8a, 0x6d, 0xec,
+	0x97, 0xc1, 0x7c, 0x2f, 0x7e, 0x5d, 0x55, 0x27, 0x37, 0x59, 0x31, 0x64,
+	0xe9, 0xc9, 0xd6, 0xfd, 0x8f, 0xf9, 0x59, 0xe7, 0x11, 0x30, 0x4c, 0x76,
+	0xb0, 0xe7, 0xee, 0xe9, 0xf7, 0xa2, 0x0f, 0x71, 0x90, 0xdb, 0x1d, 0xb0,
+	0xfb, 0xa3, 0x25, 0xf8, 0x0a, 0x6c, 0x69, 0x5c, 0x21, 0xa6, 0xfb, 0x90,
+	0x5b, 0x9d, 0x14, 0xe4, 0xea, 0x32, 0xe8, 0xe0, 0x2b, 0x5a, 0x99, 0x0b,
+	0xbb, 0x7e, 0x14, 0x6b, 0x36, 0x42, 0x41, 0x0f, 0x44, 0x2f, 0x7f, 0xcf,
+	0x1f, 0x89, 0x04, 0xdc, 0x07, 0x2a, 0x57, 0xdf, 0xdd, 0x42, 0x78, 0xf0,
+	0x8d, 0x9f, 0x02, 0x1d, 0xaf, 0xff, 0x4f, 0xb2, 0x1e, 0xb4, 0x0b, 0xb2,
+	0x4d, 0x7a, 0xdc, 0xf3, 0x7e, 0x81, 0xbb, 0x6b, 0x2e, 0x29, 0x24, 0x61,
+	0x93, 0x1e, 0x20, 0x57, 0x66, 0x20, 0xcf, 0x4d, 0x67, 0x76, 0xb0, 0x7b,
+	0xd9, 0x9d, 0x30, 0x95, 0xba, 0xb0, 0xcc, 0xf6, 0xcc, 0xff, 0xea, 0x32,
+	0x55, 0x15, 0xcd, 0xdf, 0xaf, 0xf6, 0x16, 0xd1, 0x1f, 0x6f, 0xb7, 0xda,
+	0x1a, 0x75, 0xc7, 0x4f, 0xb1, 0xeb, 0x1a, 0xe2, 0x17, 0x8b, 0xe8, 0x5f,
+	0x41, 0x74, 0x5f, 0x41, 0xe0, 0x46, 0x08, 0x9a, 0xc6, 0x81, 0x19, 0x26,
+	0xcd, 0x60, 0xb2, 0x3a, 0x7a, 0x39, 0x2b, 0xee, 0x83, 0x8e, 0xdb, 0x83,
+	0x6b, 0x48, 0x24, 0x73, 0x91, 0x31, 0x64, 0xce, 0x2e, 0x43, 0x32, 0xb2,
+	0xcd, 0x60, 0x98, 0x87, 0xa9, 0x9b, 0xc3, 0x60, 0x7c, 0xa7, 0x52, 0x3e,
+	0xb8, 0x28, 0x4d, 0xcd, 0x5f, 0xaf, 0xe3, 0xe6, 0xa0, 0x06, 0x93, 0xfb,
+	0xd9, 0xd4, 0x2b, 0x52, 0xed, 0xec, 0x97, 0x3a, 0x01, 0x00, 0x00, 0x00,
+	0x0c, 0x00, 0x00, 0x00, 0x38, 0x00, 0x00, 0x00, 0x4c, 0x6b, 0x41, 0xb6,
+	0x7c, 0x16, 0xcb, 0x01, 0x02, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x00, 0x00,
+	0xb6, 0xe4, 0x4e, 0xa0, 0xf4, 0xed, 0x90, 0x9d, 0x67, 0xff, 0xda, 0xda,
+	0xc7, 0xe5, 0xaf, 0xc7, 0x4d, 0xc1, 0x58, 0xaf, 0x5f, 0x06, 0x5c, 0xe9,
+	0x4c, 0x5a, 0x02, 0xfd, 0x01, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00,
+	0x38, 0x00, 0x00, 0x00, 0x4c, 0x6b, 0x41, 0xb6, 0x7c, 0x16, 0xcb, 0x01,
+	0x02, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x00, 0x00, 0xb6, 0xe4, 0x4e, 0xa0,
+	0xf4, 0xed, 0x90, 0x9d, 0x67, 0xff, 0xda, 0xda, 0xc7, 0xe5, 0xaf, 0xc7,
+	0x4d, 0xc1, 0x58, 0xaf, 0x5f, 0x06, 0x5c, 0xe9, 0x4c, 0x5a, 0x02, 0xfd,
+	0x38, 0x00, 0x00, 0x00, 0x38, 0x00, 0x00, 0x00
+};
+
+/* these are taken from the trust objects of a w2k8r2 forest, with a
+ * trust relationship between the forest parent and a child domain
+ */
+static const char *trustAuthIncoming =
+"AQAAAAwAAAAcAQAASuQ+RXJdzAECAAAAAAEAAMOWL6UVfVKiJOUsGcT03H"
+"jHxr2ACsMMOV5ynM617Tp7idNC+c4egdqk4S9YEpvR2YvHmdZdymL6F7QKm8OkXazYZF2r/gZ/bI+"
+"jkWbsn4O8qyAc3OUKQRZwBbf+lxBW+vM4O3ZpUjz5BSKCcFQgM+MY91yVU8Nji3HNnvGnDquobFAZ"
+"hxjL+S1l5+QZgkfyfv5mQScGRbU1Lar1xg9G3JznUb7S6pvrBO2nwK8g+KZBfJy5UeULigDH4IWo/"
+"JmtaEGkKE2uiKIjdsEQd/uwnkouW26XzRc0ulfJnPFftGnT9KIcShPf7DLj/tstmQAAceRMFHJTY3"
+"PmxoowoK8HUyBK5D5Fcl3MAQIAAAAAAQAAw5YvpRV9UqIk5SwZxPTceMfGvYAKwww5XnKczrXtOnu"
+"J00L5zh6B2qThL1gSm9HZi8eZ1l3KYvoXtAqbw6RdrNhkXav+Bn9sj6ORZuyfg7yrIBzc5QpBFnAF"
+"t/6XEFb68zg7dmlSPPkFIoJwVCAz4xj3XJVTw2OLcc2e8acOq6hsUBmHGMv5LWXn5BmCR/J+/mZBJ"
+"wZFtTUtqvXGD0bcnOdRvtLqm+sE7afAryD4pkF8nLlR5QuKAMfghaj8ma1oQaQoTa6IoiN2wRB3+7"
+"CeSi5bbpfNFzS6V8mc8V+0adP0ohxKE9/sMuP+2y2ZAABx5EwUclNjc+bGijCgrwdTIA==";
+
+static const char *trustAuthOutgoing =
+"AQAAAAwAAAAcAQAASuQ+RXJdzAECAAAAAAEAAMOWL6UVfVKiJOUsGcT03H"
+"jHxr2ACsMMOV5ynM617Tp7idNC+c4egdqk4S9YEpvR2YvHmdZdymL6F7QKm8OkXazYZF2r/gZ/bI+"
+"jkWbsn4O8qyAc3OUKQRZwBbf+lxBW+vM4O3ZpUjz5BSKCcFQgM+MY91yVU8Nji3HNnvGnDquobFAZ"
+"hxjL+S1l5+QZgkfyfv5mQScGRbU1Lar1xg9G3JznUb7S6pvrBO2nwK8g+KZBfJy5UeULigDH4IWo/"
+"JmtaEGkKE2uiKIjdsEQd/uwnkouW26XzRc0ulfJnPFftGnT9KIcShPf7DLj/tstmQAAceRMFHJTY3"
+"PmxoowoK8HUyBK5D5Fcl3MAQIAAAAAAQAAw5YvpRV9UqIk5SwZxPTceMfGvYAKwww5XnKczrXtOnu"
+"J00L5zh6B2qThL1gSm9HZi8eZ1l3KYvoXtAqbw6RdrNhkXav+Bn9sj6ORZuyfg7yrIBzc5QpBFnAF"
+"t/6XEFb68zg7dmlSPPkFIoJwVCAz4xj3XJVTw2OLcc2e8acOq6hsUBmHGMv5LWXn5BmCR/J+/mZBJ"
+"wZFtTUtqvXGD0bcnOdRvtLqm+sE7afAryD4pkF8nLlR5QuKAMfghaj8ma1oQaQoTa6IoiN2wRB3+7"
+"CeSi5bbpfNFzS6V8mc8V+0adP0ohxKE9/sMuP+2y2ZAABx5EwUclNjc+bGijCgrwdTIA==";
+
+
+static bool trust_domain_passwords_check_in(struct torture_context *tctx,
+					    struct trustDomainPasswords *r)
+{
+	/* torture_assert_mem_equal(tctx, r->confounder, trust_domain_passwords_in, 512, "confounder mismatch"); */
+
+	torture_assert_int_equal(tctx, r->outgoing.count, 1, "outgoing count mismatch");
+	torture_assert_int_equal(tctx, r->outgoing.current_offset, 0x0000000c, "outgoing current offset mismatch");
+	torture_assert_int_equal(tctx, r->outgoing.previous_offset, 0x00000038, "outgoing previous offset mismatch");
+
+	torture_assert_int_equal(tctx, r->outgoing.current.count, 1, "outgoing current count mismatch");
+	torture_assert_int_equal(tctx, r->outgoing.current.array[0].LastUpdateTime, 0xB6416B4C, "outgoing current last update time mismatch");
+	torture_assert_int_equal(tctx, r->outgoing.current.array[0].AuthType, TRUST_AUTH_TYPE_CLEAR, "outgoing current auth type mismatch");
+	torture_assert_int_equal(tctx, r->outgoing.current.array[0].AuthInfo.clear.size, 0x0000001c, "outgoing current auth info size mismatch");
+	torture_assert_mem_equal(tctx, r->outgoing.current.array[0].AuthInfo.clear.password, trust_domain_passwords_in+512+12+8+4+4, 0x0000001c, "outgoing current auth info password mismatch");
+
+	torture_assert_int_equal(tctx, r->outgoing.previous.count, 0, "outgoing previous count mismatch");
+
+	torture_assert_int_equal(tctx, r->incoming.count, 1, "incoming count mismatch");
+	torture_assert_int_equal(tctx, r->incoming.current_offset, 0x0000000c, "incoming current offset mismatch");
+	torture_assert_int_equal(tctx, r->incoming.previous_offset, 0x00000038, "incoming previous offset mismatch");
+
+	torture_assert_int_equal(tctx, r->incoming.current.count, 1, "incoming current count mismatch");
+	torture_assert_int_equal(tctx, r->incoming.current.array[0].LastUpdateTime, 0xB6416B4C, "incoming current last update time mismatch");
+	torture_assert_int_equal(tctx, r->incoming.current.array[0].AuthType, TRUST_AUTH_TYPE_CLEAR, "incoming current auth type mismatch");
+	torture_assert_int_equal(tctx, r->incoming.current.array[0].AuthInfo.clear.size, 0x0000001c, "incoming current auth info size mismatch");
+	torture_assert_mem_equal(tctx, r->incoming.current.array[0].AuthInfo.clear.password, trust_domain_passwords_in+512+12+8+4+4+0x0000001c+12+8+4+4, 0x0000001c, "incoming current auth info password mismatch");
+
+	torture_assert_int_equal(tctx, r->incoming.previous.count, 0, "incoming previous count mismatch");
+
+	torture_assert_int_equal(tctx, r->outgoing_size, 0x00000038, "outgoing size mismatch");
+	torture_assert_int_equal(tctx, r->incoming_size, 0x00000038, "incoming size mismatch");
+
+	return true;
+}
+
+static const uint8_t supplementalCredentials_empty1[] = {
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool supplementalCredentials_empty1_check(struct torture_context *tctx,
+					struct supplementalCredentialsBlob *r)
+{
+	torture_assert_int_equal(tctx, r->unknown1, 0, "unknown1");
+	torture_assert_int_equal(tctx, r->__ndr_size, 0, "__ndr_size");
+	torture_assert_int_equal(tctx, r->unknown2, 0, "unknown2");
+	torture_assert(tctx, r->sub.prefix == NULL, "prefix");
+	torture_assert_int_equal(tctx, r->sub.signature, 0, "signature");
+	torture_assert_int_equal(tctx, r->sub.num_packages, 0, "num_packages");
+	torture_assert_int_equal(tctx, r->unknown3, 0, "unknown3");
+
+	return true;
+}
+
+static const uint8_t supplementalCredentials_empty2[] = {
+	0x00, 0x00, 0x00, 0x00, 0x62, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x20, 0x00,
+	0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00,
+	0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00,
+	0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00,
+	0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00,
+	0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00,
+	0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00,
+	0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00,
+	0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00,
+	0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00,
+	0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00,
+	0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00,
+	0x20, 0x00, 0x20, 0x00, 0x50, 0x00, 0x00 /* was 0x30 */
+	/*
+	 * I've changed the last byte as Samba sets it to 0x00
+	 * and it's random on Windows.
+	 */
+};
+
+static bool supplementalCredentials_empty2_check(struct torture_context *tctx,
+					struct supplementalCredentialsBlob *r)
+{
+	torture_assert_int_equal(tctx, r->unknown1, 0, "unknown1");
+	torture_assert_int_equal(tctx, r->__ndr_size, 0x62, "__ndr_size");
+	torture_assert_int_equal(tctx, r->unknown2, 0, "unknown2");
+	torture_assert_str_equal(tctx, r->sub.prefix, SUPPLEMENTAL_CREDENTIALS_PREFIX, "prefix");
+	torture_assert_int_equal(tctx, r->sub.signature, SUPPLEMENTAL_CREDENTIALS_SIGNATURE, "signature");
+	torture_assert_int_equal(tctx, r->sub.num_packages, 0, "num_packages");
+	torture_assert_int_equal(tctx, r->unknown3, 0x00, "unknown3"); /* This is typically not initialized */
+
+	return true;
+}
+
+static const char *alpha13_supplementalCredentials =
+	"AAAAAPgFAAAAAAAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAg"
+	"ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAI"
+	"AAgACAAIAAgACAAUAADACAANAEBAFAAcgBpAG0AYQByAHkAOgBLAGUAcgBiAGUAcgBvAHMAMDMwMD"
+	"AwMDAwMjAwMDAwMDNFMDAzRTAwNEMwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDMwMDAwMDAwODAwMDA"
+	"wMDhBMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAxMDAwMDAwMDgwMDAwMDA5MjAwMDAwMDAwMDAwMDAw"
+	"MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDA0MTAwNEMwMDUwMDA0ODAwNDEwMDMxMDAzM"
+	"zAwMkUwMDUzMDA0MTAwNEQwMDQyMDA0MTAwMkUwMDQzMDA0RjAwNTIwMDUwMDA0MTAwNjQwMDZEMD"
+	"A2OTAwNkUwMDY5MDA3MzAwNzQwMDcyMDA2MTAwNzQwMDZGMDA3MjAwMkMwREQ2QzRFQzJGMDhDQjJ"
+	"DMERENkM0RUMyRjA4Q0IQAEAAAgBQAGEAYwBrAGEAZwBlAHMANEIwMDY1MDA3MjAwNjIwMDY1MDA3"
+	"MjAwNkYwMDczMDAwMDAwNTcwMDQ0MDA2OTAwNjcwMDY1MDA3MzAwNzQwMB4AwAMBAFAAcgBpAG0AY"
+	"QByAHkAOgBXAEQAaQBnAGUAcwB0ADMxMDAwMTFEMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDQ1OE"
+	"FFNDY1NjY0NkVENUIxRTZCRUQ3NjBGMzZCMUM1RDBEMzRDNDE2MERBOEQ0QzM4M0U1OTQxMzM3MDl"
+	"COUQyMDYzMTUxQTI3ODBFODkzMDQ1OTg3N0IyRURGMUU0MDQ1OEFFNDY1NjY0NkVENUIxRTZCRUQ3"
+	"NjBGMzZCMUMzOTAyNDNBNENBQUUxNDUzMEVERDMwRTUyRjg1OTREQkEzNDBEMUExQzEyNkQ5QUVDN"
+	"kI3MDE3QzEzRTFEODY0NzNDQTk4RUZCOUI2OTRBODFEMjUyNkIwNzc1ODYzNUQ2MUE2MEMxNjIyMD"
+	"kxRDE2RDY4NEE1RTk2QzI0QkIwOENBMzQzNjI3M0E3Mzk0NTA1QkZEOUI1NTMzRUMwOUE3M0MyMDF"
+	"EQTA5RTVBREZEOUMwMzExRTZEMUJBNEIzNEEzN0FFODMyMUE5RTZFREMyQzA5NERBMDcwRUI4NTgz"
+	"QTYxQTYwQzE2MjIwOTFEMTZENjg0QTVFOTZDMjRCQjA4RTgzRENFNUNBOTJERkI4ODNFQTYwNUM4M"
+	"jc1OTVGRDE0QjBBM0M2RkRCOTQ2QjM5MkYxMDgzNjEyM0NGQjVFQThFNEZFNjAxNzBFRTA4OTQ2N0"
+	"MyNUJEMEY0OTAxMDc3MzYyNTk4RUFGRUI5MjAzNEJFMjEyRDVDNTM5MTdBQzE0RTRDM0RFRTcwQjh"
+	"BRDU2QUQ5NUMwNkNGNzU3M0VDOTY5MzlGOTYzNDQzNkFDQzY4QjYzRUFEM0ZDRDQ0QUM2RjY5QzND"
+	"MTdDQjlBODA5MDA5M0M0NDQyOERDQTg0ODNERTU5M0JDQUM5NThDNUE0Rjg4NTVDODY5QjAzMTlFR"
+	"jVCMUM3OTkyQTc5Q0I4N0I3NjFBMEU0QjUzQkYzNTQ0REQxNTQ0OEUwMTAzREJBMkMyRjZDMUVDNE"
+	"IwMjU5REZCODdFQTNDMDVDRjNEMUY2QzIwNkFDQkZGNTZDOUVGRDI3QUY2NTBDRjJGQjgxRThERTA"
+	"1QzVGQzE5QjE0QkE4M0UwN0ZCRkM0MUM5RENFQTlFNDY1RTBEODVDNDg2MUZCQTBGQzQyNDI0REEx"
+	"OTU4Mzk5REE3QTY3MTE3RUM5NTUxQTI1QzBFMzg1OEM2OUZFREFGRjUwRjUwQ0RFQzA0MTdFMUQ0M"
+	"UJFRjlBNzM5QzM0QzBDOTk3NzI5MERGRTIyNzJCQzVDOTMyMTVGMzkwRUE4QzYxRTIzQ0UwMDBDNg"
+	"A=";
+	
+static bool alpha13_supplementalCredentials_check(struct torture_context *tctx,
+						  struct supplementalCredentialsBlob *r)
+{
+	torture_assert_int_equal(tctx, r->unknown1, 0, "unknown1");
+	torture_assert_int_equal(tctx, r->__ndr_size, 0x5F8, "__ndr_size");
+	torture_assert_int_equal(tctx, r->unknown2, 0, "unknown2");
+	torture_assert_str_equal(tctx, r->sub.prefix, SUPPLEMENTAL_CREDENTIALS_PREFIX, "prefix");
+	torture_assert_int_equal(tctx, r->sub.signature, SUPPLEMENTAL_CREDENTIALS_SIGNATURE, "signature");
+	torture_assert_int_equal(tctx, r->sub.num_packages, 3, "num_packages");
+	torture_assert_str_equal(tctx, r->sub.packages[0].name, "Primary:Kerberos", "name of package 0");
+	torture_assert_str_equal(tctx, r->sub.packages[1].name, "Packages", "name of package 1");
+	torture_assert_str_equal(tctx, r->sub.packages[2].name, "Primary:WDigest", "name of package 2");
+	torture_assert_int_equal(tctx, r->unknown3, 0x00, "unknown3"); /* This is typically not initialized */
+
+	return true;
+}
+
+static const char *release_4_1_0rc3_supplementalCredentials =
+	"AAAAALgIAAAAAAAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAg"
+	"ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAI"
+	"AAgACAAIAAgACAAUAAEADYAEAIBAFAAcgBpAG0AYQByAHkAOgBLAGUAcgBiAGUAcgBvAHMALQBOAG"
+	"UAdwBlAHIALQBLAGUAeQBzADA0MDAwMDAwMDQwMDAwMDAwMDAwMDAwMDUwMDA1MDAwNzgwMDAwMDA"
+	"wMDEwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDEwMDAwMDEyMDAwMDAwMjAwMDAwMDBDODAwMDAwMDAw"
+	"MDAwMDAwMDAwMDAwMDAwMDEwMDAwMDExMDAwMDAwMTAwMDAwMDBFODAwMDAwMDAwMDAwMDAwMDAwM"
+	"DAwMDAwMDEwMDAwMDAzMDAwMDAwMDgwMDAwMDBGODAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDEwMD"
+	"AwMDAxMDAwMDAwMDgwMDAwMDAwMDAxMDAwMDUyMDA0NTAwNEMwMDQ1MDA0MTAwNTMwMDQ1MDAyRDA"
+	"wMzQwMDJEMDAzMTAwMkQwMDMwMDA1MjAwNDMwMDMzMDAyRTAwNTMwMDQxMDA0RDAwNDIwMDQxMDAy"
+	"RTAwNDMwMDRGMDA1MjAwNTAwMDQxMDA2NDAwNkQwMDY5MDA2RTAwNjkwMDczMDA3NDAwNzIwMDYxM"
+	"DA3NDAwNkYwMDcyMDA2MTQzNDMxNERDMjZFNzM0MTBERkQ2OUVENDc1Mjk1QTU1RjJGREUyNEQ2Qj"
+	"FEMEMzMzk4QkY2NDI3OUI4REMwNjg0Nzc5ODgzNkUwOTE1NTMwMjYwMDlCMkUzMzBDQjBBNzFBOTQ"
+	"xRjdGOEY3OTYyQTcxQTk0MUY3RjhGNzk2MiAAWAEBAFAAcgBpAG0AYQByAHkAOgBLAGUAcgBiAGUA"
+	"cgBvAHMAMDMwMDAwMDAwMjAwMDAwMDUwMDA1MDAwNEMwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDMwM"
+	"DAwMDAwODAwMDAwMDlDMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAxMDAwMDAwMDgwMDAwMDBBNDAwMD"
+	"AwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDA1MjAwNDUwMDRDMDA0NTA"
+	"wNDEwMDUzMDA0NTAwMkQwMDM0MDAyRDAwMzEwMDJEMDAzMDAwNTIwMDQzMDAzMzAwMkUwMDUzMDA0"
+	"MTAwNEQwMDQyMDA0MTAwMkUwMDQzMDA0RjAwNTIwMDUwMDA0MTAwNjQwMDZEMDA2OTAwNkUwMDY5M"
+	"DA3MzAwNzQwMDcyMDA2MTAwNzQwMDZGMDA3MjAwQTcxQTk0MUY3RjhGNzk2MkE3MUE5NDFGN0Y4Rj"
+	"c5NjIQAJAAAgBQAGEAYwBrAGEAZwBlAHMANEIwMDY1MDA3MjAwNjIwMDY1MDA3MjAwNkYwMDczMDA"
+	"yRDAwNEUwMDY1MDA3NzAwNjUwMDcyMDAyRDAwNEIwMDY1MDA3OTAwNzMwMDAwMDA0QjAwNjUwMDcy"
+	"MDA2MjAwNjUwMDcyMDA2RjAwNzMwMDAwMDA1NzAwNDQwMDY5MDA2NzAwNjUwMDczMDA3NDAwHgDAA"
+	"wEAUAByAGkAbQBhAHIAeQA6AFcARABpAGcAZQBzAHQAMzEwMDAxMUQwMDAwMDAwMDAwMDAwMDAwMD"
+	"AwMDAwMDBFNDUwOUQ2MERDRDZERkIxOTlBMDY5QjU4NUUyOTdCMEU0RTgwMzc4QUQxMDhFQjdENUJ"
+	"COUQwNjBDMEVFRURBOUNEMzhGQTk3RjBERUJGNkRCMTkxNDA4RkIwQTQ2OThFNDUwOUQ2MERDRDZE"
+	"RkIxOTlBMDY5QjU4NUUyOTdCMDg2NjhCREI1QjM4ODg1M0Y5NDc0OTI0RjQzRkYzMEY0NDBFREJEN"
+	"UU3MUU0Mjg4QjNFRkYyRUFEQUQyQjcwMTNBRTEwODQ0MjlCQTc4RTUwRkYyMTAxRkFEQzEwMEI1Mz"
+	"NGODYwNzYyQzc1OTU0MTNEMENCRUNEODNDODJDRUE3Njk3MjgxQjI5QTU5M0U3MzRFQUQzMEZBMkE"
+	"3N0EzQkVERjA4MjEzMDNGMTUwOThFMUM1RkMzNjhDQzY2MTZEMTI1MDU4NzQ4RTUyRkMzM0YzQ0ZC"
+	"MUE0NUIzMzNEMUJDM0Y4NjA3NjJDNzU5NTQxM0QwQ0JFQ0Q4M0M4MkNFQTczNDk4MDNFN0FEODUyN"
+	"zEyMTlBNzEyMEQ4MkE4NjA2RDlERUQxMDA2NDk2MTkyQjZEQTM0RkQxMDdGOThDMjdDOTUyQzMwND"
+	"Q0MUFDODcwMTYwODdGNDU0ODUwMTRCQ0Q1QTNDNUU4NjBFQ0Y5RTQzMzJCODI1OTUyOTJFODYxNkF"
+	"DREU1RUJERjFFMkIzNDZCNTcyRUE2RjM4MkQyOTJCNkE4MDk3NzY1RDMyMTI0M0Y4QjFCRjAzNEFB"
+	"MjZGNEI3ODYwRUJGMzY4NDc5MTExRjQzRkMyRTVFQkUzQkNGRkE3N0RDOTdEQTJBQ0I0ODQ1NjIwQ"
+	"zg3QkNFMTYwQkE3RTEyOTFFQ0MwODdFQkE4Qzg1QkNDQjc4MzVGRTYyRUU4RTA0QTBBNzQwOENDQT"
+	"MxRkVDRjdFQTQ0MjI4QjJCRjVFQjg5MEQ2QjBEODgwNzVEMzhFREYxQzc5NEY1MDgxNUE2MzcxNTM"
+	"5QURCQTEyNkFDODc0Q0EyNzNBMzgwRTM0NjRFQkZERDE4MTgzRDY1MDlDOTJEQzVCQzhCNTg4M0Iy"
+	"QTlGRTcyMUQ0RkQ0MEQ3QkI0QzlENjcxOTYxNTRFRTQ4QkIzMDkxNEE3QkREODcyOTMyMjc1M0JDR"
+	"Dk2QkI5QzY1MzdFQjc1ODg3MUZDQzhGMEUxQjkyRTgyNEIxQTBDMjU1NjE2QURCMzYyMDc5NTQ5OT"
+	"Q5MUJCRTY5NTA0AA==";
+
+static bool release_4_1_0rc3_supplementalCredentials_check(struct torture_context *tctx,
+						  struct supplementalCredentialsBlob *r)
+{
+	torture_assert_int_equal(tctx, r->unknown1, 0, "unknown1");
+	torture_assert_int_equal(tctx, r->__ndr_size, 0x8b8, "__ndr_size");
+	torture_assert_int_equal(tctx, r->unknown2, 0, "unknown2");
+	torture_assert_str_equal(tctx, r->sub.prefix, SUPPLEMENTAL_CREDENTIALS_PREFIX, "prefix");
+	torture_assert_int_equal(tctx, r->sub.signature, SUPPLEMENTAL_CREDENTIALS_SIGNATURE, "signature");
+	torture_assert_int_equal(tctx, r->sub.num_packages, 4, "num_packages");
+	torture_assert_str_equal(tctx, r->sub.packages[0].name, "Primary:Kerberos-Newer-Keys", "name of package 0");
+	torture_assert_str_equal(tctx, r->sub.packages[1].name, "Primary:Kerberos", "name of package 0");
+	torture_assert_str_equal(tctx, r->sub.packages[2].name, "Packages", "name of package 1");
+	torture_assert_str_equal(tctx, r->sub.packages[3].name, "Primary:WDigest", "name of package 2");
+	torture_assert_int_equal(tctx, r->unknown3, 0x00, "unknown3"); /* This is typically not initialized */
+
+	return true;
+}
+
+static const char *release_4_5_0pre_GPG_supplementalCredentials =
+	"AAAAADAQAAAAAAAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAg"
+	"ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAI"
+	"AAgACAAIAAgACAAUAAFADYAdAQBAFAAcgBpAG0AYQByAHkAOgBLAGUAcgBiAGUAcgBvAHMALQBOAG"
+	"UAdwBlAHIALQBLAGUAeQBzADA0MDAwMDAwMDQwMDAwMDAwNDAwMDQwMDQyMDA0MjAwMzgwMTAwMDA"
+	"wMDEwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDEwMDAwMDEyMDAwMDAwMjAwMDAwMDA3QTAxMDAwMDAw"
+	"MDAwMDAwMDAwMDAwMDAwMDEwMDAwMDExMDAwMDAwMTAwMDAwMDA5QTAxMDAwMDAwMDAwMDAwMDAwM"
+	"DAwMDAwMDEwMDAwMDAzMDAwMDAwMDgwMDAwMDBBQTAxMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDEwMD"
+	"AwMDAxMDAwMDAwMDgwMDAwMDBCMjAxMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDEwMDAwMDEyMDAwMDA"
+	"wMjAwMDAwMDBCQTAxMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDEwMDAwMDExMDAwMDAwMTAwMDAwMDBE"
+	"QTAxMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDEwMDAwMDAzMDAwMDAwMDgwMDAwMDBFQTAxMDAwMDAwM"
+	"DAwMDAwMDAwMDAwMDAwMDEwMDAwMDAxMDAwMDAwMDgwMDAwMDBGMjAxMDAwMDAwMDAwMDAwMDAwMD"
+	"AwMDAwMDEwMDAwMDEyMDAwMDAwMjAwMDAwMDBGQTAxMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDEwMDA"
+	"wMDExMDAwMDAwMTAwMDAwMDAxQTAyMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDEwMDAwMDAzMDAwMDAw"
+	"MDgwMDAwMDAyQTAyMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDEwMDAwMDAxMDAwMDAwMDgwMDAwMDAzM"
+	"jAyMDAwMDQxMDA0NDAwNDQwMDRGMDA0RDAwMkUwMDUzMDA0MTAwNEQwMDQyMDA0MTAwMkUwMDQ1MD"
+	"A1ODAwNDEwMDREMDA1MDAwNEMwMDQ1MDAyRTAwNDMwMDRGMDA0RDAwNzAwMDZGMDA3MzAwNjkwMDc"
+	"4MDA3NTAwNzMwMDY1MDA3MjAwMzEwMDM3NkI0RjI5OEM2QTJBNjJGNUJFQjMyOEZDQjUxMUFFREIz"
+	"NTI3NzY1NzQ2MDkzMzcyMTZDODk5MUQ0NUM3RTI4REZDMDA2Q0MzNzlFNzEyRkU0QTIxRTNBMDg1N"
+	"zM5MDM0QzgyNjBFMUY0NTRBN0MzNEM4MjYwRTFGNDU0QTdDODBDNDA1QjgxMkM2OEFCN0Q2QjZGRT"
+	"ZFRjRCQTM1N0ZBMTA1NjRDRjZFOUVFRUY2MUZEQUNGOEREM0Y3RkI0MDAzQjhBM0U1Qzk3NzgxOUF"
+	"BNkM0NzRFQTJDRkQxRjlFMkE4NjQwQUU5NDhBQzhGMTJBODY0MEFFOTQ4QUM4RjFEMDlDMjJGMTU0"
+	"MDZBQjk1QTUzRUQ5NkYxREFFRkJCNEY4NzUwMDQ4OEE1NzE0OEJFRTIzMkZGMjE4Q0Y3REE1MkZBQ"
+	"jYyQTEwQzk5NzUwMkYzNEQ1MEQzOTZEODgwODA0MEYxNkI3Q0VDN0ZDRTAxNDBGMTZCN0NFQzdGQ0"
+	"UwMSAArAEBAFAAcgBpAG0AYQByAHkAOgBLAGUAcgBiAGUAcgBvAHMAMDMwMDAwMDAwMjAwMDIwMDQ"
+	"yMDA0MjAwNzQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDMwMDAwMDAwODAwMDAwMEI2MDAwMDAwMDAw"
+	"MDAwMDAwMDAwMDAwMDAxMDAwMDAwMDgwMDAwMDBCRTAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMzAwM"
+	"DAwMDA4MDAwMDAwQzYwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDEwMDAwMDAwODAwMDAwMENFMDAwMD"
+	"AwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDQxMDA0NDAwNDQwMDRGMDA"
+	"0RDAwMkUwMDUzMDA0MTAwNEQwMDQyMDA0MTAwMkUwMDQ1MDA1ODAwNDEwMDREMDA1MDAwNEMwMDQ1"
+	"MDAyRTAwNDMwMDRGMDA0RDAwNzAwMDZGMDA3MzAwNjkwMDc4MDA3NTAwNzMwMDY1MDA3MjAwMzEwM"
+	"DM0QzgyNjBFMUY0NTRBN0MzNEM4MjYwRTFGNDU0QTdDMkE4NjQwQUU5NDhBQzhGMTJBODY0MEFFOT"
+	"Q4QUM4RjEeAMADAQBQAHIAaQBtAGEAcgB5ADoAVwBEAGkAZwBlAHMAdAAzMTAwMDExRDAwMDAwMDA"
+	"wMDAwMDAwMDAwMDAwMDAwMENFMERENjk2NEU0ODNDN0YxRTIzMjk0RjRGMTMwMUJGRjI3Rjg5NTA1"
+	"MEEwMEVCODZBMTgwNzMyMkM1MzQzMUYxMEY2OTU2MUIyQUJFRjg2ODIyMjE2RTc5RTFGN0VGMUNFM"
+	"ERENjk2NEU0ODNDN0YxRTIzMjk0RjRGMTMwMUJGRjI3Rjg5NTA1MEEwMEVCODZBMTgwNzMyMkM1Mz"
+	"QzMUY0MURCMkRENzJCQzRERTgzRkUzMTBFQTEzRjQwNTE0RkNFMERENjk2NEU0ODNDN0YxRTIzMjk"
+	"0RjRGMTMwMUJGMUY2NjY3RjcyN0I2RjA4RERBOUFENjUyODdGMjVGNEQxRjY2NjdGNzI3QjZGMDhE"
+	"REE5QUQ2NTI4N0YyNUY0RDMwNDUyNUJCNTQwNDQ2NjE4OTRFM0YyRDQ4RUI5MTAyMzhGOTZFNDVBM"
+	"Tk2RkU5MjczQjREOUQxRUVEM0ExM0UxRjY2NjdGNzI3QjZGMDhEREE5QUQ2NTI4N0YyNUY0RDE0Qj"
+	"cyMDdGQUNGMEM2NDE5REMxRjNGMDIyMUYyREVBMzhGOTZFNDVBMTk2RkU5MjczQjREOUQxRUVEM0E"
+	"xM0VFMUJGMUI3NzY3NkZCNDcwODMwREYwMDM4RTIyRUY0QUUxQkYxQjc3Njc2RkI0NzA4MzBERjAw"
+	"MzhFMjJFRjRBRDVEQjFFOEJDNDE3QUEwMjlCNUU5MDFGQTA4OTQ0MjcxM0Q2ODUyNkE2MUVENDE1N"
+	"kQ5REY3OTA1MkUyQzZDQTExMUY4NTc4MkZFODRCNUQ2RDlDMzJBMDYxNkY3Q0U0QzkxMjUzQzU1Mz"
+	"QxN0MzMTY5MjM4Qzg1MjlDMkY3RjE0NzMzMUUyRDg5N0UyRDlBRjlDMzhGRDI2RjIwMkY0NTQ3MzM"
+	"xRTJEODk3RTJEOUFGOUMzOEZEMjZGMjAyRjQ1MUY2RDAyN0VDNjc1REZFNEQyMjlEOTA0MDFDOTZG"
+	"MEY0MjdCMjA5Nzg2MEJBQkI4QjUzQ0U0MUFBNzA0QTI0OTQyN0IyMDk3ODYwQkFCQjhCNTNDRTQxQ"
+	"UE3MDRBMjQ5QTYwN0E2M0ZERTJFRjAzN0U1M0NEQzkyNEM1NTI0QUIxQzA2OUZDRDNFOThGMDNFNz"
+	"lBOEJFN0NBQzMzOERDNUVERDY5RDEwNThENEY2QzQ2NTNCNTE4NTNFMjI1OUI5Q0M3NjZGRjRFNDg"
+	"5RUI4MEZFQTRGMThFMTIyMTJEQTkQALQAAgBQAGEAYwBrAGEAZwBlAHMANEIwMDY1MDA3MjAwNjIw"
+	"MDY1MDA3MjAwNkYwMDczMDAyRDAwNEUwMDY1MDA3NzAwNjUwMDcyMDAyRDAwNEIwMDY1MDA3OTAwN"
+	"zMwMDAwMDA0QjAwNjUwMDcyMDA2MjAwNjUwMDcyMDA2RjAwNzMwMDAwMDA1NzAwNDQwMDY5MDA2Nz"
+	"AwNjUwMDczMDA3NDAwMDAwMDUzMDA2MTAwNkQwMDYyMDA2MTAwNDcwMDUwMDA0NzAwIAB2BAEAUAB"
+	"yAGkAbQBhAHIAeQA6AFMAYQBtAGIAYQBHAFAARwAyRDJEMkQyRDJENDI0NTQ3NDk0RTIwNTA0NzUw"
+	"MjA0RDQ1NTM1MzQxNDc0NTJEMkQyRDJEMkQwQTU2NjU3MjczNjk2RjZFM0EyMDQ3NkU3NTUwNDcyM"
+	"Dc2MzIwQTBBNjg1MTQ1NEQ0MTJGMzM3ODZCNDY2QTY4NDQzMzRCNkU0MTUxNjYyRjY1NDczNjc5NE"
+	"I2ODU5NjQ2OTZFNzEyRjRGMzg0QTcyNzg0QzQzMzY0NDc3NkU2NjZGNzA0QzRGNzQyRjM2NEY0QzM"
+	"yNDQ0MzQzNjc1NTUxNkM0MjUwNjMwQTMzNDE2NTMyNkU2QzU5NDUzMTc0MkYzNzdBNEM2NzY1NTA2"
+	"NDZBNDM2RjZBN0E0OTQzMzEzOTcxMzA0RjM5MkY1NzM0NEIzNTU0N0E3MzY5NjU2RjZDNkU0NTQ0N"
+	"jQzMjY3NTc0Njc1NTAzNzc4NEQ2NjQyNzI0RTY0NzM3QTM3MEE2RTYyNDg1NzdBNDc2NDM4NzU1Nj"
+	"JCNzQ0NDJGNkEzMDM4Nzk2NzcxNDI2ODdBNEI0QTU1NkE0OTU5NTY2MTUwNTQ3NjY2MzQ3NjMwNDM"
+	"3NjQ1NjI2NTQ0NDg0QzZDNTI3QTQ0Njc0Nzc5NDc3MzMxMzU0ODY0MzI1MDRDNDgzMjBBNkU2RDM1"
+	"NzU0OTc0NTk0OTY0NTczOTQyNkMzOTM4Mzk2MTU1MzczNjZENEU1MjU0NkIzOTMwMzE1MjM5NEM2O"
+	"TcwNTA2RDQ4NzU0MTc4NTE0NzQ0NTI3NTcxNEI2Rjc0NTg2QzU3NDY3NjM0NjE2NDY2NTU1NDZEMz"
+	"U2RTZCNTAwQTQ0Mzg3MzczNDU2QjMyNDM1NTZBNEQ0RjQ3NkI3MDJGMkYyQjM3MzQ0QjRBNzI2OTV"
+	"BMzg3NTcxMzE1NzMxNTY3ODY3NzE2RTc1NDY1ODREMzM3MjQyMzkzNjY2NDM1QTU4NDM0RDJGNDQ1"
+	"MjRDNjc1MzY4NjMzMDU4NTM0MjQ4MEE2ODQxNDE2QzVBMkI3MzYzNEQ1QTQ3Mzg0OTU3MkIzOTU2N"
+	"EI1QTU2NDY2QTZCNTk0RTZGNzI1MjRDNEE1QTZFNzY3MDU2NEQ2ODc2NTY2RTM1Mzk0QTYxNDE2Mj"
+	"U1NDY3MzUwNTk0Qjc0Nzg3ODJCNDU2RjZFMzczNzM4NDE1OTBBMzkzNDRCNzY1MDZFNEI1MzMzNzA"
+	"zMTQ5NjM2ODU3NTQ2QTc2NEM3MTc2NTk2Njc2NzM1NzRENjc2OTY0NEQzMDc5NUE1OTU5NEE2NzUx"
+	"NTM2QjdBNDczNzUzNEQ1OTY0NTA1QTc3NzkzMjQxNEQ2QTRFMzU0QTQzNTI2RDQ3NjkwQTY0NjUzN"
+	"jJGMzc2RjRFNTU1OTMxNEE1NTUwNTY0Njc1MzkyQjUyNUE2RDY4NjkzNTM1NEY3NzJGN0E0RjU1Nz"
+	"czMzcwNDc2NzBBM0Q3MTY4NkM0NjBBMkQyRDJEMkQyRDQ1NEU0NDIwNTA0NzUwMjA0RDQ1NTM1MzQ"
+	"xNDc0NTJEMkQyRDJEMkQwQQA=";
+
+static bool release_4_5_0pre_GPG_supplementalCredentials_check(struct torture_context *tctx,
+							      struct supplementalCredentialsBlob *r)
+{
+	torture_assert_int_equal(tctx, r->unknown1, 0, "unknown1");
+	torture_assert_int_equal(tctx, r->__ndr_size, 0x1030, "__ndr_size");
+	torture_assert_int_equal(tctx, r->unknown2, 0, "unknown2");
+	torture_assert_str_equal(tctx, r->sub.prefix, SUPPLEMENTAL_CREDENTIALS_PREFIX, "prefix");
+	torture_assert_int_equal(tctx, r->sub.signature, SUPPLEMENTAL_CREDENTIALS_SIGNATURE, "signature");
+	torture_assert_int_equal(tctx, r->sub.num_packages, 5, "num_packages");
+	torture_assert_str_equal(tctx, r->sub.packages[0].name, "Primary:Kerberos-Newer-Keys", "name of package 0");
+	torture_assert_str_equal(tctx, r->sub.packages[1].name, "Primary:Kerberos", "name of package 1");
+	torture_assert_str_equal(tctx, r->sub.packages[2].name, "Primary:WDigest", "name of package 2");
+	torture_assert_str_equal(tctx, r->sub.packages[3].name, "Packages", "name of package 3");
+	torture_assert_str_equal(tctx, r->sub.packages[4].name, "Primary:SambaGPG", "name of package 4");
+	torture_assert_int_equal(tctx, r->unknown3, 0x00, "unknown3"); /* This is typically not initialized */
+
+	return true;
+}
+
+static const char *win2012R2_supplementalCredentials =
+	"AAAAACgIAAAAAAAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAg"
+	"ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAI"
+	"AAgACAAIAAgACAAUAAEADYA3AEBAFAAcgBpAG0AYQByAHkAOgBLAGUAcgBiAGUAcgBvAHMALQBOAG"
+	"UAdwBlAHIALQBLAGUAeQBzADA0MDAwMDAwMDMwMDAwMDAwMDAwMDAwMDNlMDAzZTAwNzgwMDAwMDA"
+	"wMDEwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDEwMDAwMDEyMDAwMDAwMjAwMDAwMDBiNjAwMDAwMDAw"
+	"MDAwMDAwMDAwMDAwMDAwMDEwMDAwMDExMDAwMDAwMTAwMDAwMDBkNjAwMDAwMDAwMDAwMDAwMDAwM"
+	"DAwMDAwMDEwMDAwMDAzMDAwMDAwMDgwMDAwMDBlNjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMD"
+	"AwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDMyMDAzMDAwMzAwMDM4MDA1MjAwMzIwMDJlMDA0ODA"
+	"wNGYwMDU3MDA1NDAwNGYwMDJlMDA0MTAwNDIwMDQxMDA1MjAwNTQwMDRjMDA0NTAwNTQwMDJlMDA0"
+	"ZTAwNDUwMDU0MDA2YjAwNzIwMDYyMDA3NDAwNjcwMDc0MDAwNzNhYTVmMjVmZjU2MzUyZTI2ZWYxZ"
+	"DMxMGJhZjAzMWY0MWZmMmFkNzZlNzA1YzgzNTQyZmJlZGJhNjY0ZjM0YTBmYTAyYzQxNWE3MmFiNj"
+	"JkYjdlNzliNDBmNjJhNjhjMjVlZjc0YzE5ZDM1OGZkIAD8AAEAUAByAGkAbQBhAHIAeQA6AEsAZQB"
+	"yAGIAZQByAG8AcwAwMzAwMDAwMDAxMDAwMDAwM2UwMDNlMDAzODAwMDAwMDAwMDAwMDAwMDAwMDAw"
+	"MDAwMzAwMDAwMDA4MDAwMDAwNzYwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM"
+	"DAwMDAwMDAwMzIwMDMwMDAzMDAwMzgwMDUyMDAzMjAwMmUwMDQ4MDA0ZjAwNTcwMDU0MDA0ZjAwMm"
+	"UwMDQxMDA0MjAwNDEwMDUyMDA1NDAwNGMwMDQ1MDA1NDAwMmUwMDRlMDA0NTAwNTQwMDZiMDA3MjA"
+	"wNjIwMDc0MDA2NzAwNzQwMGMyNWVmNzRjMTlkMzU4ZmQQAJAAAgBQAGEAYwBrAGEAZwBlAHMANGIw"
+	"MDY1MDA3MjAwNjIwMDY1MDA3MjAwNmYwMDczMDAyZDAwNGUwMDY1MDA3NzAwNjUwMDcyMDAyZDAwN"
+	"GIwMDY1MDA3OTAwNzMwMDAwMDA0YjAwNjUwMDcyMDA2MjAwNjUwMDcyMDA2ZjAwNzMwMDAwMDA1Nz"
+	"AwNDQwMDY5MDA2NzAwNjUwMDczMDA3NDAwHgDAAwEAUAByAGkAbQBhAHIAeQA6AFcARABpAGcAZQB"
+	"zAHQAMzEwMDAxMWQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDA3ZGE1MjA2NjllNTdkYzhjMzI1NDQ0"
+	"Y2ZkYjU5ZjkxZGZiZDE1MzZhNDIxMjgyNjc4MjE4MWI5OTM2ZjczYWIzOWYyN2QxYjM4YmRlNzhiO"
+	"TVhOTJmNDM1YWQyNDAzNDU3ZGE1MjA2NjllNTdkYzhjMzI1NDQ0Y2ZkYjU5ZjkxZGZiZDE1MzZhND"
+	"IxMjgyNjc4MjE4MWI5OTM2ZjczYWIzNjFjNTgyZGY1NWZiOGZmMzMyMzc0ZDU4NDExNWI2Y2U3ZGE"
+	"1MjA2NjllNTdkYzhjMzI1NDQ0Y2ZkYjU5ZjkxZDU3NGM4MmQxMWZjNzcyOGNiYmY0NWI1Yjc0NmMx"
+	"NmY0NjhhZmFhYTI0OTEwODM2ZWMyMGYyMTBjNmQ1ODZmZTE3ZjQxN2RkOWIzMjE5OWJiOTkzZmMxN"
+	"mQ3NzA5MjFiMDU3NGM4MmQxMWZjNzcyOGNiYmY0NWI1Yjc0NmMxNmY0NjhhZmFhYTI0OTEwODM2ZW"
+	"MyMGYyMTBjNmQ1ODZmZTE5ODZlNWM1ZDM2NjllZDI0ZDgyM2RlNWYyZmZhNjk1ZTU3NGM4MmQxMWZ"
+	"jNzcyOGNiYmY0NWI1Yjc0NmMxNmY0OGNjZGJjMWZhZWM0OWFmOGY2ZGQ0N2M5MmViM2JmNjMwMzAy"
+	"Njc2NmI4ZWQzYjU0ZTQyNGU1ZDNlNDVkNjlkNmIwYzI3Y2ZhMzZmNjliN2NmNDVjMGNhYjU3NmY1M"
+	"zRiOWU3NTJhOWUyNTYzMmU4M2FkMmE5MDBmMWUyOGY5ZjE0MjFkYzUwODMyMjQ1Nzc3NTg5ODIyZT"
+	"EwNGY2NjNkNjY3YzJiZTc3Y2E4MzMwNzVkZmRlZTRlYTUwZWIxNzc3YjMxOGNmZTJlMzQzOTg0ZDU"
+	"xOTBlODAwMzA4ZmMxODBiMzE4Y2ZlMmUzNDM5ODRkNTE5MGU4MDAzMDhmYzE4MDRhYmIyZDQzMjE0"
+	"ZGQxNGFkNDA0YzdiYzE4ZGI0NzFjNDRjZjcyZmI2YmUwM2IwZWRiZjNhNzYyNTgwZGIzOTYzZjk5M"
+	"zVjNmM4N2Q2NWJhZmU0NGY4Zjc2NzViODE3NjgwN2RmZThiZGZlYjJiMTcyMzc4MWQzMThhZGRkZW"
+	"NmNzQ5MmIwZjE3ZmIwZmRmMjhkN2E2MWMzNTFlYTRkYWU2MDc0MzMxMTAwYjk5YWJiOTY1NTk5ZDY"
+	"1NjkxNDVjOWM5MTJjOWI2Yzk0ZjNiMDA3ZmM5YTA2OGFiMDhkNTA5gA==";
+
+
+static bool win2012R2_supplementalCredentials_check(struct torture_context *tctx,
+						  struct supplementalCredentialsBlob *r)
+{
+	torture_assert_int_equal(tctx, r->unknown1, 0, "unknown1");
+	torture_assert_int_equal(tctx, r->__ndr_size, 0x828, "__ndr_size");
+	torture_assert_int_equal(tctx, r->unknown2, 0, "unknown2");
+	torture_assert_str_equal(tctx, r->sub.prefix, SUPPLEMENTAL_CREDENTIALS_PREFIX, "prefix");
+	torture_assert_int_equal(tctx, r->sub.signature, SUPPLEMENTAL_CREDENTIALS_SIGNATURE, "signature");
+	torture_assert_int_equal(tctx, r->sub.num_packages, 4, "num_packages");
+	torture_assert_str_equal(tctx, r->sub.packages[0].name, "Primary:Kerberos-Newer-Keys", "name of package 0");
+	torture_assert_str_equal(tctx, r->sub.packages[1].name, "Primary:Kerberos", "name of package 0");
+	torture_assert_str_equal(tctx, r->sub.packages[2].name, "Packages", "name of package 1");
+	torture_assert_str_equal(tctx, r->sub.packages[3].name, "Primary:WDigest", "name of package 2");
+	torture_assert_int_equal(tctx, r->unknown3, 0x00, "unknown3"); /* This is typically not initialized, we force to 0 */
+
+	return true;
+}
+
+struct torture_suite *ndr_drsblobs_suite(TALLOC_CTX *ctx)
+{
+	DATA_BLOB win2012R2_supplementalCredentials_blob;
+	struct torture_suite *suite = torture_suite_create(ctx, "drsblobs");
+	struct torture_suite *empty1_suite = torture_suite_create(ctx, "empty1");
+	struct torture_suite *empty2_suite = torture_suite_create(ctx, "empty2");
+	struct torture_suite *alpha13_suite = torture_suite_create(ctx, "alpha13");
+	struct torture_suite *release_4_1_0rc3_suite = torture_suite_create(ctx, "release-4-1-0rc3");
+	struct torture_suite *release_4_5_0pre_GPG_suite = torture_suite_create(ctx, "release-4-5-0pre-GPG");
+	struct torture_suite *win2012R2_suite = torture_suite_create(ctx, "win2012R2_suite");
+	torture_suite_add_suite(suite, empty1_suite);
+	torture_suite_add_suite(suite, empty2_suite);
+	torture_suite_add_suite(suite, alpha13_suite);
+	torture_suite_add_suite(suite, release_4_1_0rc3_suite);
+	torture_suite_add_suite(suite, release_4_5_0pre_GPG_suite);
+	torture_suite_add_suite(suite, win2012R2_suite);
+	
+	torture_suite_add_ndr_pull_test(suite, ForestTrustInfo, forest_trust_info_data_out, forest_trust_info_check_out);
+	torture_suite_add_ndr_pull_test(suite, trustDomainPasswords, trust_domain_passwords_in, trust_domain_passwords_check_in);
+
+	torture_suite_add_ndr_pull_validate_test_blob(suite,
+					    trustAuthInOutBlob,
+					    base64_decode_data_blob_talloc(suite, trustAuthIncoming),
+					    NULL);
+
+	torture_suite_add_ndr_pull_validate_test_blob(suite,
+					    trustAuthInOutBlob,
+					    base64_decode_data_blob_talloc(suite, trustAuthOutgoing),
+					    NULL);
+
+	torture_suite_add_ndr_pull_validate_test(empty1_suite, supplementalCredentialsBlob,
+					supplementalCredentials_empty1,
+					supplementalCredentials_empty1_check);
+
+	torture_suite_add_ndr_pull_validate_test(empty2_suite, supplementalCredentialsBlob,
+					supplementalCredentials_empty2,
+					supplementalCredentials_empty2_check);
+
+	torture_suite_add_ndr_pull_validate_test_blob(alpha13_suite,
+						 supplementalCredentialsBlob,
+						 base64_decode_data_blob_talloc(suite, alpha13_supplementalCredentials),
+						 alpha13_supplementalCredentials_check);
+
+	torture_suite_add_ndr_pull_validate_test_blob(release_4_1_0rc3_suite,
+						 supplementalCredentialsBlob,
+						 base64_decode_data_blob_talloc(suite, release_4_1_0rc3_supplementalCredentials),
+						 release_4_1_0rc3_supplementalCredentials_check);
+
+	torture_suite_add_ndr_pull_validate_test_blob(release_4_5_0pre_GPG_suite,
+						 supplementalCredentialsBlob,
+						 base64_decode_data_blob_talloc(suite, release_4_5_0pre_GPG_supplementalCredentials),
+						 release_4_5_0pre_GPG_supplementalCredentials_check);
+
+	/* This last byte is typically not initialized, we force to zero to allow pull/push */
+	win2012R2_supplementalCredentials_blob = base64_decode_data_blob_talloc(suite, win2012R2_supplementalCredentials);
+	win2012R2_supplementalCredentials_blob.data[win2012R2_supplementalCredentials_blob.length-1] = 0;
+	torture_suite_add_ndr_pull_validate_test_blob(win2012R2_suite,
+						 supplementalCredentialsBlob,
+						 win2012R2_supplementalCredentials_blob,
+						 win2012R2_supplementalCredentials_check);
+
+	return suite;
+}
diff --git a/source4/torture/ndr/drsuapi.c b/source4/torture/ndr/drsuapi.c
new file mode 100644
index 0000000..5d26c4b
--- /dev/null
+++ b/source4/torture/ndr/drsuapi.c
@@ -0,0 +1,309 @@
+/* 
+   Unix SMB/CIFS implementation.
+   test suite for drsuapi ndr operations
+
+   Copyright (C) Jelmer Vernooij 2007
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/ndr/ndr.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+#include "torture/ndr/proto.h"
+
+static const uint8_t DsAddEntry_req1_dat[] = {
+  0x00, 0x00, 0x00, 0x00, 0x52, 0xd7, 0x26, 0x47, 0x58, 0xd3, 0xd4, 0x45,
+  0xaf, 0xa3, 0x85, 0x49, 0x9d, 0x26, 0xb6, 0x11, 0x02, 0x00, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x04, 0x00, 0x02, 0x00,
+  0x87, 0x00, 0x00, 0x00, 0x46, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x86, 0x00, 0x00, 0x00,
+  0x43, 0x00, 0x4e, 0x00, 0x3d, 0x00, 0x4e, 0x00, 0x54, 0x00, 0x44, 0x00,
+  0x53, 0x00, 0x20, 0x00, 0x53, 0x00, 0x65, 0x00, 0x74, 0x00, 0x74, 0x00,
+  0x69, 0x00, 0x6e, 0x00, 0x67, 0x00, 0x73, 0x00, 0x2c, 0x00, 0x43, 0x00,
+  0x4e, 0x00, 0x3d, 0x00, 0x57, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x33, 0x00,
+  0x2d, 0x00, 0x31, 0x00, 0x30, 0x00, 0x37, 0x00, 0x2c, 0x00, 0x43, 0x00,
+  0x4e, 0x00, 0x3d, 0x00, 0x53, 0x00, 0x65, 0x00, 0x72, 0x00, 0x76, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x2c, 0x00, 0x43, 0x00, 0x4e, 0x00,
+  0x3d, 0x00, 0x53, 0x00, 0x74, 0x00, 0x61, 0x00, 0x6e, 0x00, 0x64, 0x00,
+  0x61, 0x00, 0x72, 0x00, 0x64, 0x00, 0x6e, 0x00, 0x61, 0x00, 0x6d, 0x00,
+  0x65, 0x00, 0x2d, 0x00, 0x64, 0x00, 0x65, 0x00, 0x73, 0x00, 0x2d, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x74, 0x00, 0x65, 0x00, 0x6e, 0x00,
+  0x2d, 0x00, 0x53, 0x00, 0x74, 0x00, 0x61, 0x00, 0x6e, 0x00, 0x64, 0x00,
+  0x6f, 0x00, 0x72, 0x00, 0x74, 0x00, 0x73, 0x00, 0x2c, 0x00, 0x43, 0x00,
+  0x4e, 0x00, 0x3d, 0x00, 0x53, 0x00, 0x69, 0x00, 0x74, 0x00, 0x65, 0x00,
+  0x73, 0x00, 0x2c, 0x00, 0x43, 0x00, 0x4e, 0x00, 0x3d, 0x00, 0x43, 0x00,
+  0x6f, 0x00, 0x6e, 0x00, 0x66, 0x00, 0x69, 0x00, 0x67, 0x00, 0x75, 0x00,
+  0x72, 0x00, 0x61, 0x00, 0x74, 0x00, 0x69, 0x00, 0x6f, 0x00, 0x6e, 0x00,
+  0x2c, 0x00, 0x44, 0x00, 0x43, 0x00, 0x3d, 0x00, 0x77, 0x00, 0x32, 0x00,
+  0x6b, 0x00, 0x33, 0x00, 0x2c, 0x00, 0x44, 0x00, 0x43, 0x00, 0x3d, 0x00,
+  0x76, 0x00, 0x6d, 0x00, 0x6e, 0x00, 0x65, 0x00, 0x74, 0x00, 0x31, 0x00,
+  0x2c, 0x00, 0x44, 0x00, 0x43, 0x00, 0x3d, 0x00, 0x76, 0x00, 0x6d, 0x00,
+  0x2c, 0x00, 0x44, 0x00, 0x43, 0x00, 0x3d, 0x00, 0x62, 0x00, 0x61, 0x00,
+  0x73, 0x00, 0x65, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00,
+  0x19, 0x01, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x10, 0x00, 0x02, 0x00,
+  0x0e, 0x03, 0x09, 0x00, 0x01, 0x00, 0x00, 0x00, 0x18, 0x00, 0x02, 0x00,
+  0x73, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x20, 0x00, 0x02, 0x00,
+  0x0e, 0x00, 0x02, 0x00, 0x03, 0x00, 0x00, 0x00, 0x28, 0x00, 0x02, 0x00,
+  0x2c, 0x07, 0x09, 0x00, 0x03, 0x00, 0x00, 0x00, 0x38, 0x00, 0x02, 0x00,
+  0x24, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x48, 0x00, 0x02, 0x00,
+  0x1c, 0x07, 0x09, 0x00, 0x01, 0x00, 0x00, 0x00, 0x50, 0x00, 0x02, 0x00,
+  0xb3, 0x05, 0x09, 0x00, 0x01, 0x00, 0x00, 0x00, 0x58, 0x00, 0x02, 0x00,
+  0x77, 0x01, 0x09, 0x00, 0x01, 0x00, 0x00, 0x00, 0x60, 0x00, 0x02, 0x00,
+  0x03, 0x02, 0x09, 0x00, 0x01, 0x00, 0x00, 0x00, 0x68, 0x00, 0x02, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0xa0, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x02, 0x00,
+  0xa0, 0x00, 0x00, 0x00, 0x01, 0x00, 0x04, 0x80, 0x68, 0x00, 0x00, 0x00,
+  0x84, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
+  0x02, 0x00, 0x54, 0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x14, 0x00,
+  0x94, 0x00, 0x02, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00, 0xfd, 0x01, 0x0f, 0x00,
+  0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00,
+  0x16, 0xd8, 0xd8, 0x2d, 0x03, 0xe4, 0xc3, 0x74, 0x65, 0x8b, 0xdd, 0x61,
+  0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0xff, 0x01, 0x0f, 0x00,
+  0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x12, 0x00, 0x00, 0x00,
+  0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00,
+  0x16, 0xd8, 0xd8, 0x2d, 0x03, 0xe4, 0xc3, 0x74, 0x65, 0x8b, 0xdd, 0x61,
+  0x00, 0x02, 0x00, 0x00, 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x15, 0x00, 0x00, 0x00, 0x16, 0xd8, 0xd8, 0x2d, 0x03, 0xe4, 0xc3, 0x74,
+  0x65, 0x8b, 0xdd, 0x61, 0x00, 0x02, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x14, 0x00, 0x02, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x2f, 0x00, 0x17, 0x00, 0x01, 0x00, 0x00, 0x00, 0xc8, 0x00, 0x00, 0x00,
+  0x1c, 0x00, 0x02, 0x00, 0xc8, 0x00, 0x00, 0x00, 0xc6, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x46, 0x00, 0x00, 0x00, 0x43, 0x00, 0x4e, 0x00, 0x3d, 0x00, 0x4e, 0x00,
+  0x54, 0x00, 0x44, 0x00, 0x53, 0x00, 0x2d, 0x00, 0x44, 0x00, 0x53, 0x00,
+  0x41, 0x00, 0x2c, 0x00, 0x43, 0x00, 0x4e, 0x00, 0x3d, 0x00, 0x53, 0x00,
+  0x63, 0x00, 0x68, 0x00, 0x65, 0x00, 0x6d, 0x00, 0x61, 0x00, 0x2c, 0x00,
+  0x43, 0x00, 0x4e, 0x00, 0x3d, 0x00, 0x43, 0x00, 0x6f, 0x00, 0x6e, 0x00,
+  0x66, 0x00, 0x69, 0x00, 0x67, 0x00, 0x75, 0x00, 0x72, 0x00, 0x61, 0x00,
+  0x74, 0x00, 0x69, 0x00, 0x6f, 0x00, 0x6e, 0x00, 0x2c, 0x00, 0x44, 0x00,
+  0x43, 0x00, 0x3d, 0x00, 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x33, 0x00,
+  0x2c, 0x00, 0x44, 0x00, 0x43, 0x00, 0x3d, 0x00, 0x76, 0x00, 0x6d, 0x00,
+  0x6e, 0x00, 0x65, 0x00, 0x74, 0x00, 0x31, 0x00, 0x2c, 0x00, 0x44, 0x00,
+  0x43, 0x00, 0x3d, 0x00, 0x76, 0x00, 0x6d, 0x00, 0x2c, 0x00, 0x44, 0x00,
+  0x43, 0x00, 0x3d, 0x00, 0x62, 0x00, 0x61, 0x00, 0x73, 0x00, 0x65, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
+  0x24, 0x00, 0x02, 0x00, 0x10, 0x00, 0x00, 0x00, 0xae, 0xa5, 0x70, 0xc5,
+  0x6d, 0x2a, 0x27, 0x4e, 0xa1, 0xcc, 0xde, 0x11, 0xcb, 0x76, 0x56, 0x22,
+  0x03, 0x00, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x2c, 0x00, 0x02, 0x00,
+  0x7a, 0x00, 0x00, 0x00, 0x30, 0x00, 0x02, 0x00, 0xb0, 0x00, 0x00, 0x00,
+  0x34, 0x00, 0x02, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x9a, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x30, 0x00, 0x00, 0x00, 0x43, 0x00, 0x4e, 0x00, 0x3d, 0x00, 0x43, 0x00,
+  0x6f, 0x00, 0x6e, 0x00, 0x66, 0x00, 0x69, 0x00, 0x67, 0x00, 0x75, 0x00,
+  0x72, 0x00, 0x61, 0x00, 0x74, 0x00, 0x69, 0x00, 0x6f, 0x00, 0x6e, 0x00,
+  0x2c, 0x00, 0x44, 0x00, 0x43, 0x00, 0x3d, 0x00, 0x77, 0x00, 0x32, 0x00,
+  0x6b, 0x00, 0x33, 0x00, 0x2c, 0x00, 0x44, 0x00, 0x43, 0x00, 0x3d, 0x00,
+  0x76, 0x00, 0x6d, 0x00, 0x6e, 0x00, 0x65, 0x00, 0x74, 0x00, 0x31, 0x00,
+  0x2c, 0x00, 0x44, 0x00, 0x43, 0x00, 0x3d, 0x00, 0x76, 0x00, 0x6d, 0x00,
+  0x2c, 0x00, 0x44, 0x00, 0x43, 0x00, 0x3d, 0x00, 0x62, 0x00, 0x61, 0x00,
+  0x73, 0x00, 0x65, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7a, 0x00, 0x00, 0x00,
+  0x78, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x1f, 0x00, 0x00, 0x00, 0x44, 0x00, 0x43, 0x00,
+  0x3d, 0x00, 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x33, 0x00, 0x2c, 0x00,
+  0x44, 0x00, 0x43, 0x00, 0x3d, 0x00, 0x76, 0x00, 0x6d, 0x00, 0x6e, 0x00,
+  0x65, 0x00, 0x74, 0x00, 0x31, 0x00, 0x2c, 0x00, 0x44, 0x00, 0x43, 0x00,
+  0x3d, 0x00, 0x76, 0x00, 0x6d, 0x00, 0x2c, 0x00, 0x44, 0x00, 0x43, 0x00,
+  0x3d, 0x00, 0x62, 0x00, 0x61, 0x00, 0x73, 0x00, 0x65, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0xb0, 0x00, 0x00, 0x00, 0xae, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x3a, 0x00, 0x00, 0x00, 0x43, 0x00, 0x4e, 0x00, 0x3d, 0x00, 0x53, 0x00,
+  0x63, 0x00, 0x68, 0x00, 0x65, 0x00, 0x6d, 0x00, 0x61, 0x00, 0x2c, 0x00,
+  0x43, 0x00, 0x4e, 0x00, 0x3d, 0x00, 0x43, 0x00, 0x6f, 0x00, 0x6e, 0x00,
+  0x66, 0x00, 0x69, 0x00, 0x67, 0x00, 0x75, 0x00, 0x72, 0x00, 0x61, 0x00,
+  0x74, 0x00, 0x69, 0x00, 0x6f, 0x00, 0x6e, 0x00, 0x2c, 0x00, 0x44, 0x00,
+  0x43, 0x00, 0x3d, 0x00, 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x33, 0x00,
+  0x2c, 0x00, 0x44, 0x00, 0x43, 0x00, 0x3d, 0x00, 0x76, 0x00, 0x6d, 0x00,
+  0x6e, 0x00, 0x65, 0x00, 0x74, 0x00, 0x31, 0x00, 0x2c, 0x00, 0x44, 0x00,
+  0x43, 0x00, 0x3d, 0x00, 0x76, 0x00, 0x6d, 0x00, 0x2c, 0x00, 0x44, 0x00,
+  0x43, 0x00, 0x3d, 0x00, 0x62, 0x00, 0x61, 0x00, 0x73, 0x00, 0x65, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00,
+  0x3c, 0x00, 0x02, 0x00, 0x7a, 0x00, 0x00, 0x00, 0x40, 0x00, 0x02, 0x00,
+  0xb0, 0x00, 0x00, 0x00, 0x44, 0x00, 0x02, 0x00, 0x9c, 0x00, 0x00, 0x00,
+  0x9a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x43, 0x00, 0x4e, 0x00,
+  0x3d, 0x00, 0x43, 0x00, 0x6f, 0x00, 0x6e, 0x00, 0x66, 0x00, 0x69, 0x00,
+  0x67, 0x00, 0x75, 0x00, 0x72, 0x00, 0x61, 0x00, 0x74, 0x00, 0x69, 0x00,
+  0x6f, 0x00, 0x6e, 0x00, 0x2c, 0x00, 0x44, 0x00, 0x43, 0x00, 0x3d, 0x00,
+  0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x33, 0x00, 0x2c, 0x00, 0x44, 0x00,
+  0x43, 0x00, 0x3d, 0x00, 0x76, 0x00, 0x6d, 0x00, 0x6e, 0x00, 0x65, 0x00,
+  0x74, 0x00, 0x31, 0x00, 0x2c, 0x00, 0x44, 0x00, 0x43, 0x00, 0x3d, 0x00,
+  0x76, 0x00, 0x6d, 0x00, 0x2c, 0x00, 0x44, 0x00, 0x43, 0x00, 0x3d, 0x00,
+  0x62, 0x00, 0x61, 0x00, 0x73, 0x00, 0x65, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x7a, 0x00, 0x00, 0x00, 0x78, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1f, 0x00, 0x00, 0x00,
+  0x44, 0x00, 0x43, 0x00, 0x3d, 0x00, 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00,
+  0x33, 0x00, 0x2c, 0x00, 0x44, 0x00, 0x43, 0x00, 0x3d, 0x00, 0x76, 0x00,
+  0x6d, 0x00, 0x6e, 0x00, 0x65, 0x00, 0x74, 0x00, 0x31, 0x00, 0x2c, 0x00,
+  0x44, 0x00, 0x43, 0x00, 0x3d, 0x00, 0x76, 0x00, 0x6d, 0x00, 0x2c, 0x00,
+  0x44, 0x00, 0x43, 0x00, 0x3d, 0x00, 0x62, 0x00, 0x61, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xb0, 0x00, 0x00, 0x00,
+  0xae, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x3a, 0x00, 0x00, 0x00, 0x43, 0x00, 0x4e, 0x00,
+  0x3d, 0x00, 0x53, 0x00, 0x63, 0x00, 0x68, 0x00, 0x65, 0x00, 0x6d, 0x00,
+  0x61, 0x00, 0x2c, 0x00, 0x43, 0x00, 0x4e, 0x00, 0x3d, 0x00, 0x43, 0x00,
+  0x6f, 0x00, 0x6e, 0x00, 0x66, 0x00, 0x69, 0x00, 0x67, 0x00, 0x75, 0x00,
+  0x72, 0x00, 0x61, 0x00, 0x74, 0x00, 0x69, 0x00, 0x6f, 0x00, 0x6e, 0x00,
+  0x2c, 0x00, 0x44, 0x00, 0x43, 0x00, 0x3d, 0x00, 0x77, 0x00, 0x32, 0x00,
+  0x6b, 0x00, 0x33, 0x00, 0x2c, 0x00, 0x44, 0x00, 0x43, 0x00, 0x3d, 0x00,
+  0x76, 0x00, 0x6d, 0x00, 0x6e, 0x00, 0x65, 0x00, 0x74, 0x00, 0x31, 0x00,
+  0x2c, 0x00, 0x44, 0x00, 0x43, 0x00, 0x3d, 0x00, 0x76, 0x00, 0x6d, 0x00,
+  0x2c, 0x00, 0x44, 0x00, 0x43, 0x00, 0x3d, 0x00, 0x62, 0x00, 0x61, 0x00,
+  0x73, 0x00, 0x65, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0xb0, 0x00, 0x00, 0x00, 0x4c, 0x00, 0x02, 0x00, 0xb0, 0x00, 0x00, 0x00,
+  0xae, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x3a, 0x00, 0x00, 0x00, 0x43, 0x00, 0x4e, 0x00,
+  0x3d, 0x00, 0x53, 0x00, 0x63, 0x00, 0x68, 0x00, 0x65, 0x00, 0x6d, 0x00,
+  0x61, 0x00, 0x2c, 0x00, 0x43, 0x00, 0x4e, 0x00, 0x3d, 0x00, 0x43, 0x00,
+  0x6f, 0x00, 0x6e, 0x00, 0x66, 0x00, 0x69, 0x00, 0x67, 0x00, 0x75, 0x00,
+  0x72, 0x00, 0x61, 0x00, 0x74, 0x00, 0x69, 0x00, 0x6f, 0x00, 0x6e, 0x00,
+  0x2c, 0x00, 0x44, 0x00, 0x43, 0x00, 0x3d, 0x00, 0x77, 0x00, 0x32, 0x00,
+  0x6b, 0x00, 0x33, 0x00, 0x2c, 0x00, 0x44, 0x00, 0x43, 0x00, 0x3d, 0x00,
+  0x76, 0x00, 0x6d, 0x00, 0x6e, 0x00, 0x65, 0x00, 0x74, 0x00, 0x31, 0x00,
+  0x2c, 0x00, 0x44, 0x00, 0x43, 0x00, 0x3d, 0x00, 0x76, 0x00, 0x6d, 0x00,
+  0x2c, 0x00, 0x44, 0x00, 0x43, 0x00, 0x3d, 0x00, 0x62, 0x00, 0x61, 0x00,
+  0x73, 0x00, 0x65, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x7a, 0x00, 0x00, 0x00, 0x54, 0x00, 0x02, 0x00, 0x7a, 0x00, 0x00, 0x00,
+  0x78, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x1f, 0x00, 0x00, 0x00, 0x44, 0x00, 0x43, 0x00,
+  0x3d, 0x00, 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x33, 0x00, 0x2c, 0x00,
+  0x44, 0x00, 0x43, 0x00, 0x3d, 0x00, 0x76, 0x00, 0x6d, 0x00, 0x6e, 0x00,
+  0x65, 0x00, 0x74, 0x00, 0x31, 0x00, 0x2c, 0x00, 0x44, 0x00, 0x43, 0x00,
+  0x3d, 0x00, 0x76, 0x00, 0x6d, 0x00, 0x2c, 0x00, 0x44, 0x00, 0x43, 0x00,
+  0x3d, 0x00, 0x62, 0x00, 0x61, 0x00, 0x73, 0x00, 0x65, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x5c, 0x00, 0x02, 0x00, 0x04, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x64, 0x00, 0x02, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01, 0x00, 0x00, 0x00,
+  0xac, 0x00, 0x00, 0x00, 0x6c, 0x00, 0x02, 0x00, 0xac, 0x00, 0x00, 0x00,
+  0xaa, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x38, 0x00, 0x00, 0x00, 0x43, 0x00, 0x4e, 0x00,
+  0x3d, 0x00, 0x57, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x33, 0x00, 0x2d, 0x00,
+  0x31, 0x00, 0x30, 0x00, 0x37, 0x00, 0x2c, 0x00, 0x43, 0x00, 0x4e, 0x00,
+  0x3d, 0x00, 0x43, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x70, 0x00, 0x75, 0x00,
+  0x74, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x2c, 0x00, 0x44, 0x00,
+  0x43, 0x00, 0x3d, 0x00, 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x33, 0x00,
+  0x2c, 0x00, 0x44, 0x00, 0x43, 0x00, 0x3d, 0x00, 0x76, 0x00, 0x6d, 0x00,
+  0x6e, 0x00, 0x65, 0x00, 0x74, 0x00, 0x31, 0x00, 0x2c, 0x00, 0x44, 0x00,
+  0x43, 0x00, 0x3d, 0x00, 0x76, 0x00, 0x6d, 0x00, 0x2c, 0x00, 0x44, 0x00,
+  0x43, 0x00, 0x3d, 0x00, 0x62, 0x00, 0x61, 0x00, 0x73, 0x00, 0x65, 0x00,
+  0x00, 0x00, 0x00, 0x00
+};
+
+static const uint8_t DsAddEntry_resp1_dat[] = {
+  0x03, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x88, 0xf1, 0x0d, 0x4a, 0xb8, 0xa0, 0xea, 0x47, 0xbb, 0xe5, 0xe6, 0x14,
+  0x72, 0x3f, 0x16, 0xdd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+/*
+static const uint8_t DsBind_req1_dat[] = {
+  0x00, 0x00, 0x02, 0x00, 0x9c, 0xb9, 0xfa, 0x6a, 0x26, 0x6e, 0x4a, 0x46,
+  0x97, 0x5f, 0xf5, 0x8f, 0x10, 0x52, 0x18, 0xbc, 0x04, 0x00, 0x02, 0x00,
+  0x1c, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x00, 0x00, 0x7f, 0xfb, 0xff, 0x1f,
+  0xda, 0x95, 0x70, 0x26, 0xc1, 0x67, 0xae, 0x4e, 0xb6, 0xfe, 0xf2, 0x83,
+  0x15, 0xe3, 0x87, 0xe8, 0xfc, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x8a, 0xe3, 0x13, 0x71, 0x02, 0xf4, 0x36, 0x71, 0x02, 0x40, 0x28, 0x00,
+  0x35, 0x42, 0x51, 0xe3, 0x06, 0x4b, 0xd1, 0x11, 0xab, 0x04, 0x00, 0xc0,
+  0x4f, 0xc2, 0xdc, 0xd2, 0x04, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
+  0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
+  0x02, 0x00, 0x00, 0x00
+};
+*/
+
+static const uint8_t DsBind_resp1_dat[] = {
+  0x00, 0x00, 0x02, 0x00, 0x1c, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x00, 0x00,
+  0x7f, 0xfb, 0xff, 0x1f, 0x81, 0xa6, 0xff, 0x5d, 0x80, 0x13, 0x94, 0x41,
+  0xa3, 0x72, 0xe9, 0xb7, 0x79, 0xd7, 0x02, 0x68, 0xf8, 0x01, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xee, 0xc6, 0x55, 0x68,
+  0xcf, 0x05, 0x42, 0x4a, 0xbb, 0xd3, 0x74, 0xcc, 0x6c, 0xaa, 0xdc, 0x73,
+  0x00, 0x00, 0x00, 0x00
+};
+
+/*
+static const uint8_t DsBind_req2_dat[] = {
+  0x00, 0x00, 0x02, 0x00, 0x9c, 0xb9, 0xfa, 0x6a, 0x26, 0x6e, 0x4a, 0x46,
+  0x97, 0x5f, 0xf5, 0x8f, 0x10, 0x52, 0x18, 0xbc, 0x04, 0x00, 0x02, 0x00,
+  0x1c, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x00, 0x00, 0x7f, 0xfb, 0xff, 0x1f,
+  0xda, 0x95, 0x70, 0x26, 0xc1, 0x67, 0xae, 0x4e, 0xb6, 0xfe, 0xf2, 0x83,
+  0x15, 0xe3, 0x87, 0xe8, 0xfc, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00
+};
+*/
+
+static const uint8_t DsBind_resp2_dat[] = {
+  0x00, 0x00, 0x02, 0x00, 0x1c, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x00, 0x00,
+  0x7f, 0xfb, 0xff, 0x1f, 0x81, 0xa6, 0xff, 0x5d, 0x80, 0x13, 0x94, 0x41,
+  0xa3, 0x72, 0xe9, 0xb7, 0x79, 0xd7, 0x02, 0x68, 0xf8, 0x01, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x52, 0xd7, 0x26, 0x47,
+  0x58, 0xd3, 0xd4, 0x45, 0xaf, 0xa3, 0x85, 0x49, 0x9d, 0x26, 0xb6, 0x11,
+  0x00, 0x00, 0x00, 0x00
+};
+
+struct torture_suite *ndr_drsuapi_suite(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "drsuapi");
+
+	torture_suite_add_ndr_pull_fn_test(suite, drsuapi_DsAddEntry, DsAddEntry_req1_dat, NDR_IN, NULL );
+	torture_suite_add_ndr_pull_fn_test(suite, drsuapi_DsAddEntry, DsAddEntry_resp1_dat, NDR_OUT, NULL );
+
+	/*torture_suite_add_ndr_pull_fn_test(suite, drsuapi_DsBind, DsBind_req1_dat, NDR_IN, NULL );*/
+	torture_suite_add_ndr_pull_fn_test(suite, drsuapi_DsBind, DsBind_resp1_dat, NDR_OUT, NULL );
+
+	/* torture_suite_add_ndr_pull_fn_test(suite, drsuapi_DsBind, DsBind_req2_dat, NDR_IN, NULL ); */
+	torture_suite_add_ndr_pull_fn_test(suite, drsuapi_DsBind, DsBind_resp2_dat, NDR_OUT, NULL );
+
+	return suite;
+}
+
diff --git a/source4/torture/ndr/epmap.c b/source4/torture/ndr/epmap.c
new file mode 100644
index 0000000..ddc1e74
--- /dev/null
+++ b/source4/torture/ndr/epmap.c
@@ -0,0 +1,80 @@
+/* 
+   Unix SMB/CIFS implementation.
+   test suite for epmap ndr operations
+
+   Copyright (C) Jelmer Vernooij 2007
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/ndr/ndr.h"
+#include "librpc/gen_ndr/ndr_epmapper.h"
+#include "torture/ndr/proto.h"
+
+static const uint8_t map_in_data[] = {
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00,
+  0x4b, 0x00, 0x00, 0x00, 0x4b, 0x00, 0x00, 0x00, 0x05, 0x00, 0x13, 0x00,
+  0x0d, 0x78, 0x57, 0x34, 0x12, 0x34, 0x12, 0xcd, 0xab, 0xef, 0x00, 0x01,
+  0x23, 0x45, 0x67, 0x89, 0xac, 0x01, 0x00, 0x02, 0x00, 0x00, 0x00, 0x13,
+  0x00, 0x0d, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
+  0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x0b, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x07, 0x02, 0x00,
+  0x00, 0x00, 0x01, 0x00, 0x09, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00
+};
+
+static bool map_in_check(struct torture_context *tctx, 
+						 struct epm_Map *r)
+{
+	/* FIXME: Object */
+	torture_assert_int_equal(tctx, r->in.max_towers, 1, "max towers");
+	torture_assert(tctx, r->in.map_tower != NULL, "map tower");
+	torture_assert_int_equal(tctx, r->in.map_tower->tower_length, 75, "tower len");
+	/* FIXME: entry handle */
+
+	return true;
+}
+
+#if 0
+static const uint8_t map_out_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x18, 0xc3, 0x47, 0xdd, 0xe6, 0x5a, 0x8b, 0x42,
+  0xb3, 0xb7, 0xc7, 0x79, 0x7b, 0xf0, 0x45, 0xe0, 0x01, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x4b, 0x00, 0x00, 0x00
+};
+
+static bool map_out_check(struct torture_context *tctx, 
+						  struct epm_Map *r)
+{
+	torture_assert_int_equal(tctx, *r->out.num_towers, 1, "num towers");
+	torture_assert_int_equal(tctx, r->out.result, 0x4b, "return code");
+	/* FIXME: entry handle */
+
+	return true;
+}
+#endif
+
+struct torture_suite *ndr_epmap_suite(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "epmap");
+
+	torture_suite_add_ndr_pull_fn_test(suite, epm_Map, map_in_data, NDR_IN, map_in_check );
+	/* torture_suite_add_ndr_pull_fn_test(suite, epm_Map, map_out_data, NDR_OUT, map_out_check ); */
+
+	return suite;
+}
+
diff --git a/source4/torture/ndr/krb5pac.c b/source4/torture/ndr/krb5pac.c
new file mode 100644
index 0000000..fe0309f
--- /dev/null
+++ b/source4/torture/ndr/krb5pac.c
@@ -0,0 +1,705 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for PAC ndr operations
+
+   Copyright (C) Guenther Deschner 2012
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/ndr/ndr.h"
+#include "librpc/gen_ndr/ndr_krb5pac.h"
+#include "torture/ndr/proto.h"
+#include "lib/krb5_wrap/krb5_samba.h"
+
+static const uint8_t PAC_DATA_data[] = {
+	0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+	0x00, 0x02, 0x00, 0x00, 0x58, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x0a, 0x00, 0x00, 0x00, 0x24, 0x00, 0x00, 0x00, 0x58, 0x02, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x88, 0x00, 0x00, 0x00,
+	0x80, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00,
+	0x14, 0x00, 0x00, 0x00, 0x08, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x07, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00, 0x20, 0x03, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc,
+	0xf0, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
+	0xb2, 0x98, 0xae, 0xb6, 0x70, 0xd8, 0xcd, 0x01, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f,
+	0xb2, 0xd0, 0x46, 0x15, 0x4c, 0xce, 0xcd, 0x01, 0xb2, 0xd0, 0x46, 0x15,
+	0x4c, 0xce, 0xcd, 0x01, 0xb2, 0x50, 0xa0, 0x0a, 0x4d, 0xef, 0xcd, 0x01,
+	0x1a, 0x00, 0x1a, 0x00, 0x04, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x08, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x02, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x14, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x02, 0x00,
+	0x9e, 0x03, 0x00, 0x00, 0xf4, 0x01, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+	0x05, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x02, 0x00, 0x20, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x12, 0x00, 0x20, 0x00, 0x02, 0x00,
+	0x0e, 0x00, 0x10, 0x00, 0x24, 0x00, 0x02, 0x00, 0x28, 0x00, 0x02, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x2c, 0x00, 0x02, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x00, 0x00,
+	0x41, 0x00, 0x64, 0x00, 0x6d, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x69, 0x00,
+	0x73, 0x00, 0x74, 0x00, 0x72, 0x00, 0x61, 0x00, 0x74, 0x00, 0x6f, 0x00,
+	0x72, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+	0x07, 0x00, 0x00, 0x00, 0x08, 0x02, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
+	0x00, 0x02, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x06, 0x02, 0x00, 0x00,
+	0x07, 0x00, 0x00, 0x00, 0x07, 0x02, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
+	0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00,
+	0x47, 0x00, 0x44, 0x00, 0x57, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x38, 0x00,
+	0x52, 0x00, 0x32, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x07, 0x00, 0x00, 0x00, 0x57, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x38, 0x00,
+	0x44, 0x00, 0x4f, 0x00, 0x4d, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+	0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00,
+	0x58, 0xcd, 0x06, 0x06, 0xed, 0x40, 0x2a, 0x76, 0x83, 0xc8, 0xe3, 0x99,
+	0x01, 0x00, 0x00, 0x00, 0x30, 0x00, 0x02, 0x00, 0x07, 0x00, 0x00, 0x20,
+	0x05, 0x00, 0x00, 0x00, 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+	0x15, 0x00, 0x00, 0x00, 0x58, 0xcd, 0x06, 0x06, 0xed, 0x40, 0x2a, 0x76,
+	0x83, 0xc8, 0xe3, 0x99, 0x3c, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x80, 0x56, 0x9d, 0x59, 0x71, 0xd8, 0xcd, 0x01, 0x1a, 0x00, 0x61, 0x00,
+	0x64, 0x00, 0x6d, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x69, 0x00, 0x73, 0x00,
+	0x74, 0x00, 0x72, 0x00, 0x61, 0x00, 0x74, 0x00, 0x6f, 0x00, 0x72, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x48, 0x00, 0x10, 0x00, 0x2c, 0x00, 0x58, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x41, 0x00, 0x64, 0x00,
+	0x6d, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x69, 0x00, 0x73, 0x00, 0x74, 0x00,
+	0x72, 0x00, 0x61, 0x00, 0x74, 0x00, 0x6f, 0x00, 0x72, 0x00, 0x40, 0x00,
+	0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x38, 0x00, 0x64, 0x00, 0x6f, 0x00,
+	0x6d, 0x00, 0x2e, 0x00, 0x62, 0x00, 0x65, 0x00, 0x72, 0x00, 0x2e, 0x00,
+	0x72, 0x00, 0x65, 0x00, 0x64, 0x00, 0x68, 0x00, 0x61, 0x00, 0x74, 0x00,
+	0x2e, 0x00, 0x63, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x57, 0x00, 0x32, 0x00,
+	0x4b, 0x00, 0x38, 0x00, 0x44, 0x00, 0x4f, 0x00, 0x4d, 0x00, 0x2e, 0x00,
+	0x42, 0x00, 0x45, 0x00, 0x52, 0x00, 0x2e, 0x00, 0x52, 0x00, 0x45, 0x00,
+	0x44, 0x00, 0x48, 0x00, 0x41, 0x00, 0x54, 0x00, 0x2e, 0x00, 0x43, 0x00,
+	0x4f, 0x00, 0x4d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x76, 0xff, 0xff, 0xff,
+	0x1a, 0x46, 0xc3, 0x88, 0x72, 0x36, 0xa4, 0x0f, 0x60, 0x0e, 0xed, 0x03,
+	0xc8, 0xa6, 0x1a, 0xc4, 0x00, 0x00, 0x00, 0x00, 0x76, 0xff, 0xff, 0xff,
+	0xd6, 0x4f, 0xa7, 0xac, 0x53, 0x73, 0x9b, 0x5c, 0xdf, 0xb1, 0xdf, 0xa6,
+	0xdd, 0x84, 0x8e, 0xfb, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool PAC_DATA_check(struct torture_context *tctx,
+			   struct PAC_DATA *r)
+{
+	int i;
+
+	torture_assert_int_equal(tctx, r->num_buffers, 5, "num_buffers");
+
+	for (i=0; i < r->num_buffers; i++) {
+		switch (r->buffers[i].type) {
+		case PAC_TYPE_UPN_DNS_INFO:
+			torture_assert_int_equal(tctx,
+				r->buffers[i].info->upn_dns_info.upn_name_size,
+				2*strlen_m("Administrator@w2k8dom.ber.redhat.com"),
+				"upn_name_size");
+			torture_assert_str_equal(tctx,
+				r->buffers[i].info->upn_dns_info.upn_name,
+				"Administrator@w2k8dom.ber.redhat.com",
+				"upn_name");
+			torture_assert_int_equal(tctx,
+				r->buffers[i].info->upn_dns_info.dns_domain_name_size,
+				2*strlen_m("W2K8DOM.BER.REDHAT.COM"),
+				"dns_domain_name_size");
+			torture_assert_str_equal(tctx,
+				r->buffers[i].info->upn_dns_info.dns_domain_name,
+				"W2K8DOM.BER.REDHAT.COM",
+				"dns_domain_name");
+			break;
+		default:
+			continue;
+		}
+	}
+
+	return true;
+}
+
+static const uint8_t PAC_DATA_data2[] = {
+	0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+	0x18, 0x02, 0x00, 0x00, 0x58, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x0a, 0x00, 0x00, 0x00, 0x24, 0x00, 0x00, 0x00, 0x70, 0x02, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x90, 0x00, 0x00, 0x00,
+	0x98, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00,
+	0x14, 0x00, 0x00, 0x00, 0x28, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x07, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00, 0x40, 0x03, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc,
+	0x08, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
+	0x4f, 0xb3, 0xf4, 0xa3, 0x8d, 0x00, 0xce, 0x01, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f,
+	0xff, 0xd2, 0x34, 0x6e, 0x6b, 0xfe, 0xcd, 0x01, 0xff, 0x92, 0x9e, 0x98,
+	0x34, 0xff, 0xcd, 0x01, 0xff, 0x52, 0x8e, 0x63, 0x6c, 0x1f, 0xce, 0x01,
+	0x1a, 0x00, 0x1a, 0x00, 0x04, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x08, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x02, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x14, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x02, 0x00,
+	0xc0, 0x00, 0x00, 0x00, 0xf4, 0x01, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+	0x05, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x02, 0x00, 0x20, 0x02, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x10, 0x00, 0x20, 0x00, 0x02, 0x00,
+	0x10, 0x00, 0x12, 0x00, 0x24, 0x00, 0x02, 0x00, 0x28, 0x00, 0x02, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x2c, 0x00, 0x02, 0x00,
+	0x34, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x38, 0x00, 0x02, 0x00,
+	0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x00, 0x00,
+	0x41, 0x00, 0x64, 0x00, 0x6d, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x69, 0x00,
+	0x73, 0x00, 0x74, 0x00, 0x72, 0x00, 0x61, 0x00, 0x74, 0x00, 0x6f, 0x00,
+	0x72, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x08, 0x02, 0x00, 0x00,
+	0x07, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
+	0x01, 0x02, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x06, 0x02, 0x00, 0x00,
+	0x07, 0x00, 0x00, 0x00, 0x07, 0x02, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
+	0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
+	0x47, 0x00, 0x44, 0x00, 0x57, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x31, 0x00,
+	0x32, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x08, 0x00, 0x00, 0x00, 0x57, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x31, 0x00,
+	0x32, 0x00, 0x44, 0x00, 0x4f, 0x00, 0x4d, 0x00, 0x04, 0x00, 0x00, 0x00,
+	0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00,
+	0x3a, 0x89, 0x96, 0x1a, 0x4d, 0x4c, 0x08, 0xc4, 0xe5, 0x87, 0x18, 0x44,
+	0x01, 0x00, 0x00, 0x00, 0x30, 0x00, 0x02, 0x00, 0x07, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12,
+	0x01, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x01, 0x04, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00, 0x3a, 0x89, 0x96, 0x1a,
+	0x4d, 0x4c, 0x08, 0xc4, 0xe5, 0x87, 0x18, 0x44, 0x01, 0x00, 0x00, 0x00,
+	0x3c, 0x02, 0x00, 0x00, 0x07, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00,
+	0x80, 0x70, 0xe2, 0xbf, 0x8d, 0x00, 0xce, 0x01, 0x1a, 0x00, 0x61, 0x00,
+	0x64, 0x00, 0x6d, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x69, 0x00, 0x73, 0x00,
+	0x74, 0x00, 0x72, 0x00, 0x61, 0x00, 0x74, 0x00, 0x6f, 0x00, 0x72, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x4a, 0x00, 0x10, 0x00, 0x2e, 0x00, 0x60, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x41, 0x00, 0x64, 0x00,
+	0x6d, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x69, 0x00, 0x73, 0x00, 0x74, 0x00,
+	0x72, 0x00, 0x61, 0x00, 0x74, 0x00, 0x6f, 0x00, 0x72, 0x00, 0x40, 0x00,
+	0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x31, 0x00, 0x32, 0x00, 0x64, 0x00,
+	0x6f, 0x00, 0x6d, 0x00, 0x2e, 0x00, 0x62, 0x00, 0x65, 0x00, 0x72, 0x00,
+	0x2e, 0x00, 0x72, 0x00, 0x65, 0x00, 0x64, 0x00, 0x68, 0x00, 0x61, 0x00,
+	0x74, 0x00, 0x2e, 0x00, 0x63, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x57, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x31, 0x00,
+	0x32, 0x00, 0x44, 0x00, 0x4f, 0x00, 0x4d, 0x00, 0x2e, 0x00, 0x42, 0x00,
+	0x45, 0x00, 0x52, 0x00, 0x2e, 0x00, 0x52, 0x00, 0x45, 0x00, 0x44, 0x00,
+	0x48, 0x00, 0x41, 0x00, 0x54, 0x00, 0x2e, 0x00, 0x43, 0x00, 0x4f, 0x00,
+	0x4d, 0x00, 0x00, 0x00, 0x76, 0xff, 0xff, 0xff, 0xa9, 0x20, 0x93, 0x4b,
+	0x8e, 0xc6, 0x88, 0x88, 0x7a, 0xd6, 0x12, 0xc6, 0xf3, 0x6f, 0x98, 0x3f,
+	0x00, 0x00, 0x00, 0x00, 0x76, 0xff, 0xff, 0xff, 0xd5, 0xfe, 0x5a, 0x1e,
+	0x73, 0xa4, 0x22, 0x64, 0x48, 0x72, 0x2d, 0xd8, 0x0f, 0xef, 0xe5, 0x81,
+	0x00, 0x00, 0x00, 0x00
+};
+
+static bool PAC_DATA_check2(struct torture_context *tctx,
+			    struct PAC_DATA *r)
+{
+	int i;
+
+	torture_assert_int_equal(tctx, r->num_buffers, 5, "num_buffers");
+
+	for (i=0; i < r->num_buffers; i++) {
+		switch (r->buffers[i].type) {
+		case PAC_TYPE_UPN_DNS_INFO:
+			torture_assert_int_equal(tctx,
+				r->buffers[i].info->upn_dns_info.upn_name_size,
+				2*strlen_m("Administrator@w2k12dom.ber.redhat.com"),
+				"upn_name_size");
+			torture_assert_str_equal(tctx,
+				r->buffers[i].info->upn_dns_info.upn_name,
+				"Administrator@w2k12dom.ber.redhat.com",
+				"upn_name");
+			torture_assert_int_equal(tctx,
+				r->buffers[i].info->upn_dns_info.dns_domain_name_size,
+				2*strlen_m("W2K12DOM.BER.REDHAT.COM"),
+				"dns_domain_name_size");
+			torture_assert_str_equal(tctx,
+				r->buffers[i].info->upn_dns_info.dns_domain_name,
+				"W2K12DOM.BER.REDHAT.COM",
+				"dns_domain_name");
+			break;
+		default:
+			continue;
+		}
+	}
+
+	return true;
+}
+
+/* Thanks to Tris Mabbs <TM-Samba201302 at Firstgrade.Co.UK> for this sample. */
+
+static const uint8_t PAC_DATA_data3[] = {
+	0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x48, 0x02, 0x00, 0x00,
+	0x58, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
+	0xa0, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x58, 0x00, 0x00, 0x00,
+	0xb0, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
+	0x08, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
+	0x20, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc,
+	0x38, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0xac, 0x03, 0xe5, 0x76,
+	0xaa, 0x13, 0xce, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0x7f, 0x9d, 0x37, 0xcc, 0x87, 0x4d, 0x13, 0xce, 0x01, 0x9d, 0xf7, 0x35, 0xb2,
+	0x16, 0x14, 0xce, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0x06, 0x00, 0x06, 0x00,
+	0x04, 0x00, 0x02, 0x00, 0x06, 0x00, 0x06, 0x00, 0x08, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x0c, 0x00, 0x02, 0x00, 0x24, 0x00, 0x24, 0x00, 0x10, 0x00, 0x02, 0x00, 0x22, 0x00, 0x22, 0x00,
+	0x14, 0x00, 0x02, 0x00, 0x04, 0x00, 0x04, 0x00, 0x18, 0x00, 0x02, 0x00, 0x3a, 0x00, 0x00, 0x00,
+	0x5b, 0x08, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x02, 0x00,
+	0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x10, 0x00, 0x20, 0x00, 0x02, 0x00, 0x14, 0x00, 0x16, 0x00,
+	0x24, 0x00, 0x02, 0x00, 0x28, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x10, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00,
+	0x64, 0x00, 0x6d, 0x00, 0x7a, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x03, 0x00, 0x00, 0x00, 0x44, 0x00, 0x4d, 0x00, 0x5a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x12, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x5c, 0x00, 0x47, 0x00, 0x61, 0x00, 0x74, 0x00, 0x65, 0x00,
+	0x77, 0x00, 0x61, 0x00, 0x79, 0x00, 0x5c, 0x00, 0x50, 0x00, 0x72, 0x00, 0x6f, 0x00, 0x66, 0x00,
+	0x69, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x73, 0x00, 0x11, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x11, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x5c, 0x00, 0x47, 0x00, 0x61, 0x00, 0x74, 0x00, 0x65, 0x00,
+	0x77, 0x00, 0x61, 0x00, 0x79, 0x00, 0x5c, 0x00, 0x57, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x64, 0x00,
+	0x6f, 0x00, 0x77, 0x00, 0x73, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x02, 0x00, 0x00, 0x00, 0x4e, 0x00, 0x3a, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x6d, 0x04, 0x00, 0x00,
+	0x07, 0x00, 0x00, 0x00, 0x50, 0x08, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x4c, 0x08, 0x00, 0x00,
+	0x07, 0x00, 0x00, 0x00, 0x6b, 0x04, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x55, 0x08, 0x00, 0x00,
+	0x07, 0x00, 0x00, 0x00, 0x53, 0x08, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+	0x07, 0x00, 0x00, 0x00, 0x6c, 0x04, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x9d, 0x04, 0x00, 0x00,
+	0x07, 0x00, 0x00, 0x00, 0x7a, 0x04, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x5d, 0x04, 0x00, 0x00,
+	0x07, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
+	0x47, 0x00, 0x45, 0x00, 0x44, 0x00, 0x49, 0x00, 0x4d, 0x00, 0x41, 0x00, 0x4e, 0x00, 0x00, 0x00,
+	0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x46, 0x00, 0x49, 0x00,
+	0x52, 0x00, 0x53, 0x00, 0x54, 0x00, 0x47, 0x00, 0x52, 0x00, 0x41, 0x00, 0x44, 0x00, 0x45, 0x00,
+	0x04, 0x00, 0x00, 0x00, 0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00,
+	0x7d, 0xbc, 0x30, 0x51, 0xd8, 0x07, 0x05, 0x60, 0x40, 0x59, 0x47, 0xb5, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0xbd, 0xde, 0x76, 0xaa, 0x13, 0xce, 0x01, 0x06, 0x00, 0x64, 0x00, 0x6d, 0x00, 0x7a, 0x00,
+	0x28, 0x00, 0x10, 0x00, 0x20, 0x00, 0x38, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x64, 0x00, 0x6d, 0x00, 0x7a, 0x00, 0x40, 0x00, 0x46, 0x00, 0x69, 0x00, 0x72, 0x00, 0x73, 0x00,
+	0x74, 0x00, 0x67, 0x00, 0x72, 0x00, 0x61, 0x00, 0x64, 0x00, 0x65, 0x00, 0x2e, 0x00, 0x43, 0x00,
+	0x6f, 0x00, 0x2e, 0x00, 0x55, 0x00, 0x4b, 0x00, 0x46, 0x00, 0x49, 0x00, 0x52, 0x00, 0x53, 0x00,
+	0x54, 0x00, 0x47, 0x00, 0x52, 0x00, 0x41, 0x00, 0x44, 0x00, 0x45, 0x00, 0x2e, 0x00, 0x43, 0x00,
+	0x4f, 0x00, 0x2e, 0x00, 0x55, 0x00, 0x4b, 0x00, 0x76, 0xff, 0xff, 0xff, 0xff, 0x37, 0xcd, 0x48,
+	0x1b, 0x6f, 0x9f, 0xca, 0x37, 0xe1, 0x02, 0x1c, 0xaa, 0x46, 0x0a, 0xf4, 0x00, 0x00, 0x00, 0x00,
+	0x76, 0xff, 0xff, 0xff, 0x3b, 0x96, 0xcc, 0xbb, 0xbb, 0x9d, 0xe4, 0x57, 0x13, 0xc9, 0x6d, 0x1c,
+	0x65, 0xa0, 0xb1, 0x1b, 0x00, 0x00, 0x00, 0x00
+};
+
+static const uint8_t PAC_DATA_pkinit_AS[] = {
+	0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0xc0, 0x01, 0x00, 0x00,
+	0x68, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x94, 0x00, 0x00, 0x00,
+	0x28, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00,
+	0xc0, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x60, 0x00, 0x00, 0x00,
+	0xd8, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
+	0x38, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
+	0x48, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc,
+	0xb0, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0xa2, 0xd4, 0x65, 0xa4,
+	0x59, 0x48, 0xd1, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0x7f, 0x70, 0x0b, 0xe4, 0x66, 0x97, 0x47, 0xd1, 0x01, 0x70, 0xcb, 0x4d, 0x91,
+	0x60, 0x48, 0xd1, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0x0e, 0x00, 0x0e, 0x00,
+	0x04, 0x00, 0x02, 0x00, 0x0e, 0x00, 0x0e, 0x00, 0x08, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x0c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x14, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x02, 0x00, 0x15, 0x00, 0x00, 0x00,
+	0x50, 0x04, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x02, 0x00,
+	0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x16, 0x00, 0x18, 0x00, 0x20, 0x00, 0x02, 0x00, 0x12, 0x00, 0x14, 0x00,
+	0x24, 0x00, 0x02, 0x00, 0x28, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x10, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
+	0x70, 0x00, 0x6b, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x69, 0x00, 0x74, 0x00, 0x31, 0x00, 0x00, 0x00,
+	0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x50, 0x00, 0x4b, 0x00,
+	0x20, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x49, 0x00, 0x54, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+	0x01, 0x02, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x0b, 0x00, 0x00, 0x00, 0x57, 0x00, 0x32, 0x00, 0x30, 0x00, 0x30, 0x00, 0x38, 0x00, 0x52, 0x00,
+	0x32, 0x00, 0x2d, 0x00, 0x31, 0x00, 0x33, 0x00, 0x33, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x57, 0x00, 0x34, 0x00, 0x45, 0x00, 0x44, 0x00,
+	0x4f, 0x00, 0x4d, 0x00, 0x2d, 0x00, 0x4c, 0x00, 0x34, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+	0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00, 0x55, 0x93, 0x92, 0x10,
+	0xf4, 0xb0, 0xa6, 0xca, 0x96, 0x47, 0x97, 0x56, 0x00, 0x00, 0x00, 0x00, 0x12, 0x00, 0x00, 0x00,
+	0xdc, 0xb1, 0xe1, 0x35, 0x5f, 0x4d, 0xa7, 0xef, 0x84, 0x86, 0x04, 0x42, 0x9f, 0x4f, 0x5e, 0x5b,
+	0x22, 0x14, 0x66, 0x04, 0xc4, 0xf4, 0x18, 0x8d, 0x53, 0x30, 0xbe, 0x8c, 0xf4, 0xf7, 0x50, 0x0a,
+	0x87, 0xef, 0x73, 0x3d, 0xd7, 0x7a, 0x0b, 0xf3, 0xd7, 0x30, 0x57, 0xb7, 0x1a, 0x1b, 0x8a, 0x35,
+	0xc2, 0xde, 0x5b, 0xed, 0x4a, 0x25, 0xad, 0xc5, 0x15, 0x1b, 0xfc, 0xaf, 0x00, 0xb5, 0x7a, 0xea,
+	0xda, 0xad, 0x77, 0x75, 0xf0, 0xf6, 0x17, 0x46, 0xf3, 0x5f, 0x7e, 0x89, 0x0c, 0xb3, 0x70, 0x31,
+	0x09, 0x23, 0x16, 0x00, 0x9a, 0xf4, 0x03, 0x5f, 0xd4, 0xab, 0x3b, 0x6a, 0xc2, 0x7d, 0xb3, 0x8a,
+	0x61, 0x8d, 0x15, 0xfb, 0x43, 0x38, 0x3d, 0x3b, 0x77, 0xda, 0xf4, 0x66, 0x0c, 0x0d, 0x36, 0xf5,
+	0xc7, 0x01, 0xf9, 0xfb, 0xa4, 0xf8, 0x1f, 0xb8, 0x55, 0x65, 0x7a, 0xc2, 0xf3, 0x23, 0x8f, 0x9b,
+	0x1e, 0xf1, 0xb8, 0x56, 0x70, 0x01, 0x75, 0xb4, 0x7d, 0xcb, 0x04, 0xbe, 0x00, 0x00, 0x00, 0x00,
+	0x80, 0x09, 0x4e, 0x6f, 0x33, 0x49, 0xd1, 0x01, 0x0e, 0x00, 0x70, 0x00, 0x6b, 0x00, 0x69, 0x00,
+	0x6e, 0x00, 0x69, 0x00, 0x74, 0x00, 0x31, 0x00, 0x2c, 0x00, 0x10, 0x00, 0x1c, 0x00, 0x40, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x70, 0x00, 0x6b, 0x00, 0x69, 0x00, 0x6e, 0x00,
+	0x69, 0x00, 0x74, 0x00, 0x31, 0x00, 0x40, 0x00, 0x77, 0x00, 0x34, 0x00, 0x65, 0x00, 0x64, 0x00,
+	0x6f, 0x00, 0x6d, 0x00, 0x2d, 0x00, 0x6c, 0x00, 0x34, 0x00, 0x2e, 0x00, 0x62, 0x00, 0x61, 0x00,
+	0x73, 0x00, 0x65, 0x00, 0x00, 0x00, 0x00, 0x00, 0x57, 0x00, 0x34, 0x00, 0x45, 0x00, 0x44, 0x00,
+	0x4f, 0x00, 0x4d, 0x00, 0x2d, 0x00, 0x4c, 0x00, 0x34, 0x00, 0x2e, 0x00, 0x42, 0x00, 0x41, 0x00,
+	0x53, 0x00, 0x45, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0xc2, 0x78, 0x2b, 0x92,
+	0x2c, 0x06, 0x36, 0x32, 0xb0, 0x72, 0x75, 0x9a, 0x76, 0xff, 0xff, 0xff, 0x9c, 0x73, 0x1e, 0xb8,
+	0x3a, 0xd8, 0xca, 0x01, 0x53, 0x60, 0xd4, 0x1d, 0x1a, 0x69, 0xde, 0x38, 0x00, 0x00, 0x00, 0x00,
+};
+
+static const uint8_t PAC_DATA_pkinit_TGS[] = {
+	0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0xc0, 0x01, 0x00, 0x00,
+	0x68, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x94, 0x00, 0x00, 0x00,
+	0x28, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00,
+	0xc0, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x60, 0x00, 0x00, 0x00,
+	0xd8, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
+	0x38, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
+	0x48, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc,
+	0xb0, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0xa2, 0xd4, 0x65, 0xa4,
+	0x59, 0x48, 0xd1, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0x7f, 0x70, 0x0b, 0xe4, 0x66, 0x97, 0x47, 0xd1, 0x01, 0x70, 0xcb, 0x4d, 0x91,
+	0x60, 0x48, 0xd1, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0x0e, 0x00, 0x0e, 0x00,
+	0x04, 0x00, 0x02, 0x00, 0x0e, 0x00, 0x0e, 0x00, 0x08, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x0c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x14, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x02, 0x00, 0x15, 0x00, 0x00, 0x00,
+	0x50, 0x04, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x02, 0x00,
+	0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x16, 0x00, 0x18, 0x00, 0x20, 0x00, 0x02, 0x00, 0x12, 0x00, 0x14, 0x00,
+	0x24, 0x00, 0x02, 0x00, 0x28, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x10, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
+	0x70, 0x00, 0x6b, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x69, 0x00, 0x74, 0x00, 0x31, 0x00, 0x00, 0x00,
+	0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x50, 0x00, 0x4b, 0x00,
+	0x20, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x49, 0x00, 0x54, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+	0x01, 0x02, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x0b, 0x00, 0x00, 0x00, 0x57, 0x00, 0x32, 0x00, 0x30, 0x00, 0x30, 0x00, 0x38, 0x00, 0x52, 0x00,
+	0x32, 0x00, 0x2d, 0x00, 0x31, 0x00, 0x33, 0x00, 0x33, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x57, 0x00, 0x34, 0x00, 0x45, 0x00, 0x44, 0x00,
+	0x4f, 0x00, 0x4d, 0x00, 0x2d, 0x00, 0x4c, 0x00, 0x34, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+	0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00, 0x55, 0x93, 0x92, 0x10,
+	0xf4, 0xb0, 0xa6, 0xca, 0x96, 0x47, 0x97, 0x56, 0x00, 0x00, 0x00, 0x00, 0x12, 0x00, 0x00, 0x00,
+	0xdc, 0xb1, 0xe1, 0x35, 0x5f, 0x4d, 0xa7, 0xef, 0x84, 0x86, 0x04, 0x42, 0x9f, 0x4f, 0x5e, 0x5b,
+	0x22, 0x14, 0x66, 0x04, 0xc4, 0xf4, 0x18, 0x8d, 0x53, 0x30, 0xbe, 0x8c, 0xf4, 0xf7, 0x50, 0x0a,
+	0x87, 0xef, 0x73, 0x3d, 0xd7, 0x7a, 0x0b, 0xf3, 0xd7, 0x30, 0x57, 0xb7, 0x1a, 0x1b, 0x8a, 0x35,
+	0xc2, 0xde, 0x5b, 0xed, 0x4a, 0x25, 0xad, 0xc5, 0x15, 0x1b, 0xfc, 0xaf, 0x00, 0xb5, 0x7a, 0xea,
+	0xda, 0xad, 0x77, 0x75, 0xf0, 0xf6, 0x17, 0x46, 0xf3, 0x5f, 0x7e, 0x89, 0x0c, 0xb3, 0x70, 0x31,
+	0x09, 0x23, 0x16, 0x00, 0x9a, 0xf4, 0x03, 0x5f, 0xd4, 0xab, 0x3b, 0x6a, 0xc2, 0x7d, 0xb3, 0x8a,
+	0x61, 0x8d, 0x15, 0xfb, 0x43, 0x38, 0x3d, 0x3b, 0x77, 0xda, 0xf4, 0x66, 0x0c, 0x0d, 0x36, 0xf5,
+	0xc7, 0x01, 0xf9, 0xfb, 0xa4, 0xf8, 0x1f, 0xb8, 0x55, 0x65, 0x7a, 0xc2, 0xf3, 0x23, 0x8f, 0x9b,
+	0x1e, 0xf1, 0xb8, 0x56, 0x70, 0x01, 0x75, 0xb4, 0x7d, 0xcb, 0x04, 0xbe, 0x00, 0x00, 0x00, 0x00,
+	0x80, 0x09, 0x4e, 0x6f, 0x33, 0x49, 0xd1, 0x01, 0x0e, 0x00, 0x70, 0x00, 0x6b, 0x00, 0x69, 0x00,
+	0x6e, 0x00, 0x69, 0x00, 0x74, 0x00, 0x31, 0x00, 0x2c, 0x00, 0x10, 0x00, 0x1c, 0x00, 0x40, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x70, 0x00, 0x6b, 0x00, 0x69, 0x00, 0x6e, 0x00,
+	0x69, 0x00, 0x74, 0x00, 0x31, 0x00, 0x40, 0x00, 0x77, 0x00, 0x34, 0x00, 0x65, 0x00, 0x64, 0x00,
+	0x6f, 0x00, 0x6d, 0x00, 0x2d, 0x00, 0x6c, 0x00, 0x34, 0x00, 0x2e, 0x00, 0x62, 0x00, 0x61, 0x00,
+	0x73, 0x00, 0x65, 0x00, 0x00, 0x00, 0x00, 0x00, 0x57, 0x00, 0x34, 0x00, 0x45, 0x00, 0x44, 0x00,
+	0x4f, 0x00, 0x4d, 0x00, 0x2d, 0x00, 0x4c, 0x00, 0x34, 0x00, 0x2e, 0x00, 0x42, 0x00, 0x41, 0x00,
+	0x53, 0x00, 0x45, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x82, 0xcd, 0xb1, 0x67,
+	0xaa, 0x7c, 0xca, 0xa5, 0x0c, 0xf0, 0xbe, 0x75, 0x76, 0xff, 0xff, 0xff, 0x8b, 0x4e, 0xb0, 0x67,
+	0x3c, 0x17, 0xe6, 0x05, 0x90, 0x66, 0x20, 0x45, 0x34, 0x2f, 0x32, 0x9b, 0x00, 0x00, 0x00, 0x00,
+};
+
+static const uint8_t PAC_DATA_pkinit_PAC_CREDENTIAL_DATA_NDR[] = {
+	0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc, 0x60, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x08, 0x00, 0x08, 0x00,
+	0x04, 0x00, 0x02, 0x00, 0x28, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, 0x04, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x4e, 0x00, 0x54, 0x00, 0x4c, 0x00, 0x4d, 0x00,
+	0x28, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x3e, 0x95, 0x63,
+	0x88, 0x8b, 0x12, 0x02, 0x9f, 0x6e, 0x2b, 0x8d, 0xf6, 0x9a, 0x6e, 0xb3, 0x00, 0x00, 0x00, 0x00,
+};
+
+static const uint8_t PAC_DATA_pkinit_PAC_CREDENTIAL_NTLM_SECPKG[] = {
+	0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x3e, 0x95, 0x63, 0x88, 0x8b, 0x12, 0x02,
+	0x9f, 0x6e, 0x2b, 0x8d, 0xf6, 0x9a, 0x6e, 0xb3,
+};
+
+static bool PAC_DATA_pkinit(struct torture_context *tctx,
+			    struct PAC_DATA *r)
+{
+	DATA_BLOB reply_key_blob = data_blob_null;
+	krb5_context ctx;
+	krb5_keyblock reply_key;
+	krb5_enc_data input;
+	krb5_data plain_data;
+	DATA_BLOB plain_data_blob = data_blob_null;
+
+	torture_assert_int_equal(tctx, r->version, 0, "version");
+
+	torture_assert_int_equal(tctx, r->num_buffers, 6, "num_buffers");
+
+	torture_assert_int_equal(tctx, r->buffers[0].type, PAC_TYPE_LOGON_INFO, "PAC_TYPE_LOGON_INFO");
+	torture_assert_int_equal(tctx, r->buffers[0]._ndr_size, 448, "PAC_TYPE_LOGON_INFO _ndr_size");
+	torture_assert(tctx, r->buffers[0].info != NULL, "PAC_TYPE_LOGON_INFO info");
+
+	torture_assert_int_equal(tctx, r->buffers[1].type, PAC_TYPE_CREDENTIAL_INFO, "PAC_TYPE_CREDENTIAL_INFO");
+	torture_assert_int_equal(tctx, r->buffers[1]._ndr_size, 148, "PAC_TYPE_CREDENTIALS_INFO _ndr_size");
+	torture_assert(tctx, r->buffers[1].info != NULL, "PAC_TYPE_CREDENTIALS_INFO info");
+	torture_assert_int_equal(tctx,
+		r->buffers[1].info->credential_info.version,
+		0,
+		"PAC_TYPE_CREDENTIALS_INFO version");
+	torture_assert_int_equal(tctx,
+		r->buffers[1].info->credential_info.encryption_type,
+		ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+		"PAC_TYPE_CREDENTIALS_INFO encryption_type");
+	torture_assert_data_blob_equal(tctx,
+		r->buffers[1].info->credential_info.encrypted_data,
+		data_blob_const(PAC_DATA_pkinit_AS+0x230, 140),
+		"PAC_TYPE_CREDENTIALS_INFO encrypted_data");
+
+	/*
+	 * This is the PKINIT based reply key.
+	 */
+	reply_key_blob = strhex_to_data_blob(tctx,
+		"c9deb5412b3fba34250b0e4b1f3b6cba3d70bdcdac0f097a9b6a7c763a5524ed");
+	torture_assert_int_equal(tctx, reply_key_blob.length, 32, "reply_key_blob.length");
+	torture_assert_int_equal(tctx, krb5_init_context(&ctx), 0, "krb5_init_context");
+	torture_assert_int_equal(tctx, smb_krb5_keyblock_init_contents(ctx,
+					ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+					reply_key_blob.data, reply_key_blob.length,
+					&reply_key), 0,
+				"smb_krb5_keyblock_init_contents");
+
+	ZERO_STRUCT(input);
+
+	input.ciphertext.data = (char *)r->buffers[1].info->credential_info.encrypted_data.data;
+	input.ciphertext.length = r->buffers[1].info->credential_info.encrypted_data.length;
+	input.enctype = ENCTYPE_AES256_CTS_HMAC_SHA1_96;
+
+	plain_data.data = malloc(r->buffers[1].info->credential_info.encrypted_data.length);
+	plain_data.length = r->buffers[1].info->credential_info.encrypted_data.length;
+	torture_assert(tctx, plain_data.data, "malloc failed");
+
+	torture_assert_krb5_error_equal(tctx, krb5_c_decrypt(ctx,
+#ifdef SAMBA4_USES_HEIMDAL
+					reply_key,
+#else
+					&reply_key,
+#endif
+					KRB5_KU_OTHER_ENCRYPTED,
+					NULL,
+					&input,
+					&plain_data), 0,
+				"krb5_decrypt");
+
+	torture_assert_int_equal(tctx, plain_data.length, 112, "plain_data.length");
+	plain_data_blob = data_blob_talloc(tctx, plain_data.data, plain_data.length);
+	torture_assert_int_equal(tctx, plain_data_blob.length, 112, "plain_data_blob.length");
+	smb_krb5_free_data_contents(ctx, &plain_data);
+	krb5_free_keyblock_contents(ctx, &reply_key);
+	krb5_free_context(ctx);
+	torture_assert_data_blob_equal(tctx,
+		plain_data_blob,
+		data_blob_const(PAC_DATA_pkinit_PAC_CREDENTIAL_DATA_NDR,
+				sizeof(PAC_DATA_pkinit_PAC_CREDENTIAL_DATA_NDR)),
+		"PAC_CREDENTIALS_DATA_NDR plain_data");
+
+	torture_assert_int_equal(tctx, r->buffers[2].type, PAC_TYPE_LOGON_NAME, "PAC_TYPE_LOGON_NAME");
+	torture_assert_int_equal(tctx, r->buffers[2]._ndr_size, 24, "PAC_TYPE_LOGON_NAME _ndr_size");
+	torture_assert(tctx, r->buffers[2].info != NULL, "PAC_TYPE_LOGON_NAME info");
+	torture_assert_int_equal(tctx,
+		r->buffers[2].info->logon_name.size,
+		2*strlen_m("pkinit1"),
+		"size");
+	torture_assert_str_equal(tctx,
+		r->buffers[2].info->logon_name.account_name,
+		"pkinit1",
+		"account_name");
+	torture_assert_u64_equal(tctx,
+		r->buffers[2].info->logon_name.logon_time,
+		130966349430000000ULL,
+		"logon_time");
+
+	torture_assert_int_equal(tctx, r->buffers[3].type, PAC_TYPE_UPN_DNS_INFO, "PAC_TYPE_UPN_DNS_INFO");
+	torture_assert_int_equal(tctx, r->buffers[3]._ndr_size, 96, "PAC_TYPE_UPN_DNS_INFO _ndr_size");
+	torture_assert(tctx, r->buffers[3].info != NULL, "PAC_TYPE_UPN_DNS_INFO info");
+	torture_assert_int_equal(tctx,
+		r->buffers[3].info->upn_dns_info.upn_name_size,
+		2*strlen_m("pkinit1@w4edom-l4.base"),
+		"upn_name_size");
+	torture_assert_str_equal(tctx,
+		r->buffers[3].info->upn_dns_info.upn_name,
+		"pkinit1@w4edom-l4.base",
+		"upn_name");
+	torture_assert_int_equal(tctx,
+		r->buffers[3].info->upn_dns_info.dns_domain_name_size,
+		2*strlen_m("W4EDOM-L4.BASE"),
+		"dns_domain_name_size");
+	torture_assert_str_equal(tctx,
+		r->buffers[3].info->upn_dns_info.dns_domain_name,
+		"W4EDOM-L4.BASE",
+		"dns_domain_name");
+
+	torture_assert_int_equal(tctx, r->buffers[4].type, PAC_TYPE_SRV_CHECKSUM, "PAC_TYPE_SRV_CHECKSUM");
+	torture_assert_int_equal(tctx, r->buffers[4]._ndr_size, 16, "PAC_TYPE_SRV_CHECKSUM _ndr_size");
+	torture_assert(tctx, r->buffers[4].info != NULL, "PAC_TYPE_SRV_CHECKSUM info");
+	torture_assert_int_equal(tctx,
+		r->buffers[4].info->srv_cksum.type,
+		CKSUMTYPE_HMAC_SHA1_96_AES_256,
+		"srv_cksum");
+	torture_assert_int_equal(tctx,
+		r->buffers[4].info->srv_cksum.signature.length,
+		12,
+		"PAC_TYPE_SRV_CHECKSUM signature.length");
+
+	torture_assert_int_equal(tctx, r->buffers[5].type, PAC_TYPE_KDC_CHECKSUM, "PAC_TYPE_KDC_CHECKSUM");
+	torture_assert_int_equal(tctx, r->buffers[5]._ndr_size, 20, "PAC_TYPE_KDC_CHECKSUM _ndr_size");
+	torture_assert(tctx, r->buffers[5].info != NULL, "PAC_TYPE_KDC_CHECKSUM info");
+	torture_assert_int_equal(tctx,
+		r->buffers[5].info->kdc_cksum.type,
+		CKSUMTYPE_HMAC_MD5,
+		"kdc_cksum");
+	torture_assert_int_equal(tctx,
+		r->buffers[5].info->kdc_cksum.signature.length,
+		16,
+		"PAC_TYPE_KDC_CHECKSUM signature.length");
+
+	return true;
+}
+
+static bool PAC_CREDENTIAL_DATA_NDR_check(struct torture_context *tctx,
+			    struct PAC_CREDENTIAL_DATA_NDR *r)
+{
+	torture_assert(tctx, r->ctr.data != NULL, "data");
+
+	torture_assert_int_equal(tctx, r->ctr.data->credential_count, 1, "credential_count");
+	torture_assert_int_equal(tctx,
+		r->ctr.data->credentials[0].package_name.size,
+		2*strlen_m("NTLM"),
+		"package_name.size");
+	torture_assert_int_equal(tctx,
+		r->ctr.data->credentials[0].package_name.length,
+		2*strlen_m("NTLM"),
+		"package_name.length");
+	torture_assert_str_equal(tctx,
+		r->ctr.data->credentials[0].package_name.string,
+		"NTLM",
+		"package_name.string");
+	torture_assert_int_equal(tctx,
+		r->ctr.data->credentials[0].credential_size,
+		sizeof(PAC_DATA_pkinit_PAC_CREDENTIAL_NTLM_SECPKG),
+		"credential_size");
+	torture_assert_data_blob_equal(tctx,
+		data_blob_const(r->ctr.data->credentials[0].credential,
+				r->ctr.data->credentials[0].credential_size),
+		data_blob_const(PAC_DATA_pkinit_PAC_CREDENTIAL_NTLM_SECPKG,
+				sizeof(PAC_DATA_pkinit_PAC_CREDENTIAL_NTLM_SECPKG)),
+		"PAC_CREDENTIAL_NTLM_SECPKG credential");
+
+	return true;
+}
+
+static bool PAC_CREDENTIAL_NTLM_SECPKG_check(struct torture_context *tctx,
+					     struct PAC_CREDENTIAL_NTLM_SECPKG *r)
+{
+	torture_assert_int_equal(tctx, r->version, 0, "version");
+
+	torture_assert_int_equal(tctx,
+		r->flags,
+		PAC_CREDENTIAL_NTLM_HAS_NT_HASH,
+		"flags");
+
+	torture_assert_data_blob_equal(tctx,
+		data_blob_const(r->lm_password.hash,
+				sizeof(r->lm_password.hash)),
+		data_blob_const(PAC_DATA_pkinit_PAC_CREDENTIAL_NTLM_SECPKG+0x08,
+				16),
+		"lm_password");
+	torture_assert_data_blob_equal(tctx,
+		data_blob_const(r->nt_password.hash,
+				sizeof(r->nt_password.hash)),
+		data_blob_const(PAC_DATA_pkinit_PAC_CREDENTIAL_NTLM_SECPKG+0x18,
+				16),
+		"nt_password");
+
+	return true;
+}
+
+struct torture_suite *ndr_krb5pac_suite(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "krb5pac");
+
+	torture_suite_add_ndr_pull_validate_test(suite,
+					PAC_DATA_RAW,
+					PAC_DATA_data,
+					NULL);
+	/*
+	 * We can't use torture_suite_add_ndr_pull_validate_test()
+	 * here with PAC_DATA, as we don't match the unique
+	 * pointer values inside PAC_LOGON_INFO, for these
+	 * case where we have S-1-5-18-1, as extra sid.
+	 */
+	torture_suite_add_ndr_pull_test(suite,
+					PAC_DATA,
+					PAC_DATA_data,
+					PAC_DATA_check);
+
+	torture_suite_add_ndr_pull_validate_test(suite,
+					PAC_DATA_RAW,
+					PAC_DATA_data2,
+					NULL);
+	/*
+	 * We can't use torture_suite_add_ndr_pull_validate_test()
+	 * here with PAC_DATA, as we don't match the unique
+	 * pointer values inside PAC_LOGON_INFO, for these
+	 * case where we have S-1-5-18-1, as extra sid.
+	 */
+	torture_suite_add_ndr_pull_test(suite,
+					PAC_DATA,
+					PAC_DATA_data2,
+					PAC_DATA_check2);
+
+	torture_suite_add_ndr_pull_validate_test(suite,
+					PAC_DATA_RAW,
+					PAC_DATA_data3,
+					NULL);
+	torture_suite_add_ndr_pull_validate_test(suite,
+					PAC_DATA,
+					PAC_DATA_data3,
+					NULL);
+
+	torture_suite_add_ndr_pull_validate_test(suite,
+					PAC_DATA_RAW,
+					PAC_DATA_pkinit_AS,
+					NULL);
+	torture_suite_add_ndr_pull_validate_test(suite,
+					PAC_DATA,
+					PAC_DATA_pkinit_AS,
+					PAC_DATA_pkinit);
+
+	torture_suite_add_ndr_pull_validate_test(suite,
+					PAC_DATA_RAW,
+					PAC_DATA_pkinit_TGS,
+					NULL);
+	torture_suite_add_ndr_pull_validate_test(suite,
+					PAC_DATA,
+					PAC_DATA_pkinit_AS,
+					PAC_DATA_pkinit);
+
+	torture_suite_add_ndr_pull_validate_test(suite,
+					PAC_CREDENTIAL_DATA_NDR,
+					PAC_DATA_pkinit_PAC_CREDENTIAL_DATA_NDR,
+					PAC_CREDENTIAL_DATA_NDR_check);
+
+	torture_suite_add_ndr_pull_validate_test(suite,
+					PAC_CREDENTIAL_NTLM_SECPKG,
+					PAC_DATA_pkinit_PAC_CREDENTIAL_NTLM_SECPKG,
+					PAC_CREDENTIAL_NTLM_SECPKG_check);
+
+	return suite;
+}
diff --git a/source4/torture/ndr/lsa.c b/source4/torture/ndr/lsa.c
new file mode 100644
index 0000000..2f8f47c
--- /dev/null
+++ b/source4/torture/ndr/lsa.c
@@ -0,0 +1,2229 @@
+/* 
+   Unix SMB/CIFS implementation.
+   test suite for atsvc ndr operations
+
+   Copyright (C) Jelmer Vernooij 2007
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/ndr/ndr.h"
+#include "librpc/gen_ndr/ndr_lsa.h"
+#include "torture/ndr/proto.h"
+
+static const uint8_t lsarlookupnames_in_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x2a, 0xab, 0xb8, 0x84, 0x36, 0xc6, 0xed, 0x4f,
+  0x83, 0x16, 0x04, 0xe8, 0x63, 0x15, 0xeb, 0x84, 0x64, 0x00, 0x00, 0x00,
+  0x64, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x02, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x03, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x05, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x06, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x07, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x09, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x0c, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x0d, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x0e, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x0f, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x10, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x11, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x12, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x13, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x14, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x15, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x16, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x17, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x18, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x19, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x1a, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x1b, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x1c, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x1d, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x1e, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x1f, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x20, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x21, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x22, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x24, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x25, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x26, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x27, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x28, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x29, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x2a, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x2b, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x2c, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x2d, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x2e, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x2f, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x30, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x31, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x32, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x33, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x34, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x35, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x36, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x37, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x38, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x39, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x3a, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x3b, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x3c, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x3d, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x3e, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x3f, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x40, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x41, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x42, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x43, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x44, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x45, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x46, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x47, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x48, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x49, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x4a, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x4b, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x4c, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x4d, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x4e, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x4f, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x50, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x51, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x52, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x53, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x54, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x55, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x56, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x57, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x58, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x59, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x5a, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x5b, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x5c, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x5d, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x5e, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x5f, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x60, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x61, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x62, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x63, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x64, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00
+};
+
+static bool lsarlookupnames_in_check(struct torture_context *tctx, 
+									 struct lsa_LookupNames *r)
+{
+	int i;
+	/* FIXME: Handle */
+	torture_assert_int_equal(tctx, r->in.num_names, 100, "num names");
+	for (i = 0; i < 100; i++) {
+		torture_assert_str_equal(tctx, r->in.names[i].string, "Users", "names");
+	}
+	torture_assert(tctx, r->in.sids != NULL, "sids");
+	torture_assert_int_equal(tctx, r->in.sids->count, 0, "sids count");
+	torture_assert(tctx, r->in.sids->sids == NULL, "sids domains");
+	torture_assert_int_equal(tctx, r->in.level, 1, "level");
+	torture_assert(tctx, r->in.count != NULL, "count ptr");
+	torture_assert_int_equal(tctx, *r->in.count, 0, "count");
+	return true;
+}
+
+static const uint8_t lsarlookupnames_out_data[] = {
+  0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x04, 0x00, 0x02, 0x00,
+  0x20, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x10, 0x00,
+  0x08, 0x00, 0x02, 0x00, 0x0c, 0x00, 0x02, 0x00, 0x08, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x42, 0x00, 0x55, 0x00,
+  0x49, 0x00, 0x4c, 0x00, 0x54, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x64, 0x00, 0x00, 0x00, 0x10, 0x00, 0x02, 0x00,
+  0x64, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x6f, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x70, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x72, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x69, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x61, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x55, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x5f, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x35, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x57, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x45, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x20, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x43, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x68, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x61, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x73, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x76, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x65, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0xb4, 0xfc, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0xd8, 0x9f, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x42, 0x48, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x05, 0xbf, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0xf4, 0x98, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0xc4, 0x18, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x94, 0xb3, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x0c, 0x7f, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x9b, 0x92, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0xf7, 0x59, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x75, 0xa3, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x37, 0xeb, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x98, 0xbe, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x5a, 0x7e, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x7c, 0xae, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0xcb, 0x87, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x1c, 0x77, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x45, 0xa9, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x6f, 0xbf, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x86, 0x6d, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0xbc, 0x61, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x18, 0xa7, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x5f, 0xa8, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x44, 0x3c, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x4e, 0x0d, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0xcf, 0xb0, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0xd1, 0x87, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x48, 0xc1, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0xa8, 0xb3, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x52, 0xf4, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x62, 0x3e, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0xb6, 0x7f, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0xee, 0x43, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0xc1, 0x85, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x8a, 0x80, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0xe1, 0x1e, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x5b, 0xdf, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x98, 0xe0, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x85, 0x8b, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0xc9, 0xb4, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x60, 0xba, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x9b, 0x95, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x0f, 0x10, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0xc9, 0xed, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x72, 0xa6, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0xbe, 0x11, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x37, 0xcd, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0xc3, 0x40, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x51, 0x12, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0xd3, 0x25, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x4f, 0x72, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x33, 0xd7, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0xfb, 0x70, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0xdc, 0xd2, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x1f, 0xeb, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0xd0, 0x98, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x87, 0x14, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0xc6, 0xb5, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x94, 0x74, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x5a, 0x50, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x5d, 0x43, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x34, 0x6a, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x6d, 0x30, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x02, 0x01, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0xf7, 0x37, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0xf1, 0x90, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x91, 0xf6, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x8e, 0x0d, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x54, 0x87, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0xb2, 0x14, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0xf8, 0x8d, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x25, 0x23, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x2c, 0x2f, 0x21, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool lsarlookupnames_out_check(struct torture_context *tctx, 
+									 struct lsa_LookupNames *r)
+{
+	struct lsa_RefDomainList *domains = *(r->out.domains);
+	torture_assert(tctx, r->out.domains != NULL, "domains ptr");
+	torture_assert_int_equal(tctx, domains->count, 1, "domains count");
+	torture_assert_int_equal(tctx, domains->max_size, 32, "domains size");
+	torture_assert(tctx, domains->domains != NULL, "domains domains");
+	torture_assert_str_equal(tctx, domains->domains[0].name.string, "BUILTIN", "domain name");
+	/* FIXME: SID */
+	torture_assert(tctx, r->out.count != NULL, "count ptr");
+	torture_assert_int_equal(tctx, *r->out.count, 100, "count");
+
+	torture_assert_int_equal(tctx, r->out.sids->count, 100, "sids count");
+	torture_assert_int_equal(tctx, r->out.sids->sids[0].sid_type, 4, "sid type");
+	torture_assert_int_equal(tctx, r->out.sids->sids[0].rid, 0x221, "sid rid");
+	torture_assert_int_equal(tctx, r->out.sids->sids[0].sid_index, 0, "sid index");
+	return true;
+}
+
+static const uint8_t lsarlookupsids_in_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x2a, 0xab, 0xb8, 0x84, 0x36, 0xc6, 0xed, 0x4f,
+  0x83, 0x16, 0x04, 0xe8, 0x63, 0x15, 0xeb, 0x84, 0x64, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x64, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x03, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x06, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00,
+  0x09, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00,
+  0x0c, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x00, 0x00,
+  0x0f, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x11, 0x00, 0x00, 0x00,
+  0x12, 0x00, 0x00, 0x00, 0x13, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
+  0x15, 0x00, 0x00, 0x00, 0x16, 0x00, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00,
+  0x18, 0x00, 0x00, 0x00, 0x19, 0x00, 0x00, 0x00, 0x1a, 0x00, 0x00, 0x00,
+  0x1b, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x00, 0x00, 0x1d, 0x00, 0x00, 0x00,
+  0x1e, 0x00, 0x00, 0x00, 0x1f, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00,
+  0x21, 0x00, 0x00, 0x00, 0x22, 0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00,
+  0x24, 0x00, 0x00, 0x00, 0x25, 0x00, 0x00, 0x00, 0x26, 0x00, 0x00, 0x00,
+  0x27, 0x00, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x29, 0x00, 0x00, 0x00,
+  0x2a, 0x00, 0x00, 0x00, 0x2b, 0x00, 0x00, 0x00, 0x2c, 0x00, 0x00, 0x00,
+  0x2d, 0x00, 0x00, 0x00, 0x2e, 0x00, 0x00, 0x00, 0x2f, 0x00, 0x00, 0x00,
+  0x30, 0x00, 0x00, 0x00, 0x31, 0x00, 0x00, 0x00, 0x32, 0x00, 0x00, 0x00,
+  0x33, 0x00, 0x00, 0x00, 0x34, 0x00, 0x00, 0x00, 0x35, 0x00, 0x00, 0x00,
+  0x36, 0x00, 0x00, 0x00, 0x37, 0x00, 0x00, 0x00, 0x38, 0x00, 0x00, 0x00,
+  0x39, 0x00, 0x00, 0x00, 0x3a, 0x00, 0x00, 0x00, 0x3b, 0x00, 0x00, 0x00,
+  0x3c, 0x00, 0x00, 0x00, 0x3d, 0x00, 0x00, 0x00, 0x3e, 0x00, 0x00, 0x00,
+  0x3f, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, 0x41, 0x00, 0x00, 0x00,
+  0x42, 0x00, 0x00, 0x00, 0x43, 0x00, 0x00, 0x00, 0x44, 0x00, 0x00, 0x00,
+  0x45, 0x00, 0x00, 0x00, 0x46, 0x00, 0x00, 0x00, 0x47, 0x00, 0x00, 0x00,
+  0x48, 0x00, 0x00, 0x00, 0x49, 0x00, 0x00, 0x00, 0x4a, 0x00, 0x00, 0x00,
+  0x4b, 0x00, 0x00, 0x00, 0x4c, 0x00, 0x00, 0x00, 0x4d, 0x00, 0x00, 0x00,
+  0x4e, 0x00, 0x00, 0x00, 0x4f, 0x00, 0x00, 0x00, 0x50, 0x00, 0x00, 0x00,
+  0x51, 0x00, 0x00, 0x00, 0x52, 0x00, 0x00, 0x00, 0x53, 0x00, 0x00, 0x00,
+  0x54, 0x00, 0x00, 0x00, 0x55, 0x00, 0x00, 0x00, 0x56, 0x00, 0x00, 0x00,
+  0x57, 0x00, 0x00, 0x00, 0x58, 0x00, 0x00, 0x00, 0x59, 0x00, 0x00, 0x00,
+  0x5a, 0x00, 0x00, 0x00, 0x5b, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x00, 0x00,
+  0x5d, 0x00, 0x00, 0x00, 0x5e, 0x00, 0x00, 0x00, 0x5f, 0x00, 0x00, 0x00,
+  0x60, 0x00, 0x00, 0x00, 0x61, 0x00, 0x00, 0x00, 0x62, 0x00, 0x00, 0x00,
+  0x63, 0x00, 0x00, 0x00, 0x64, 0x00, 0x00, 0x00, 0x65, 0x00, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00,
+  0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00,
+  0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00,
+  0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00,
+  0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00,
+  0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00,
+  0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00,
+  0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00,
+  0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00,
+  0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00,
+  0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00,
+  0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00,
+  0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00,
+  0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00,
+  0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00,
+  0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00,
+  0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00,
+  0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00,
+  0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00,
+  0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00,
+  0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00,
+  0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00,
+  0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00,
+  0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00,
+  0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00,
+  0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00,
+  0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00,
+  0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00,
+  0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00,
+  0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00,
+  0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00,
+  0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00,
+  0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00,
+  0x21, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool lsarlookupsids_in_check(struct torture_context *tctx, 
+									 struct lsa_LookupSids *r)
+{
+	/* FIXME: Handle */
+	torture_assert_int_equal(tctx, r->in.sids->num_sids, 100, "num sids");
+	torture_assert(tctx, r->in.sids->sids != NULL, "sids sids");
+	torture_assert_int_equal(tctx, r->in.names->count, 0, "names count");
+	torture_assert(tctx, r->in.names->names == NULL, "names names");
+	torture_assert_int_equal(tctx, r->in.level, 1, "level");
+	torture_assert(tctx, r->in.count != NULL, "count ptr");
+	torture_assert_int_equal(tctx, *r->in.count, 0, "count");
+
+	return true;
+}
+
+static const uint8_t lsarlookupsids_out_data[] = {
+  0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x04, 0x00, 0x02, 0x00,
+  0x20, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x10, 0x00,
+  0x08, 0x00, 0x02, 0x00, 0x0c, 0x00, 0x02, 0x00, 0x08, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x42, 0x00, 0x55, 0x00,
+  0x49, 0x00, 0x4c, 0x00, 0x54, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x64, 0x00, 0x00, 0x00, 0x10, 0x00, 0x02, 0x00,
+  0x64, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x14, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x18, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x1c, 0x00, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x20, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x24, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x28, 0x00, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x2c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x30, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x34, 0x00, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x38, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x3c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x40, 0x00, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x44, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x48, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x4c, 0x00, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x50, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x54, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x58, 0x00, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x5c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x60, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x64, 0x00, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x68, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x6c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x70, 0x00, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x74, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x78, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x7c, 0x00, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x80, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x84, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x88, 0x00, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x8c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x90, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x94, 0x00, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x98, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x9c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0xa0, 0x00, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0xa4, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0xa8, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0xac, 0x00, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0xb0, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0xde, 0x36,
+  0x0a, 0x00, 0x0a, 0x00, 0xb4, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0xb8, 0x00, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0xbc, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0xc0, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0xc4, 0x00, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0xc8, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0xcc, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0xd0, 0x00, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0xd4, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0xd8, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0xdc, 0x00, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0xe0, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0xe4, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0xe8, 0x00, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0xec, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0xf0, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0xf4, 0x00, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0xf8, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0xfc, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x00, 0x01, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x04, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x08, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x0c, 0x01, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x10, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x14, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x18, 0x01, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x1c, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x20, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x24, 0x01, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x28, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x2c, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x30, 0x01, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x34, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x38, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x3c, 0x01, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x40, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x44, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x48, 0x01, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x4c, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x50, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x54, 0x01, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x58, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x5c, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x60, 0x01, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x64, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x68, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x6c, 0x01, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x70, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x74, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x78, 0x01, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x7c, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x80, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x84, 0x01, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x88, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x8c, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x90, 0x01, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0x94, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x0a, 0x00, 0x98, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x9c, 0x01, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+  0xa0, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x55, 0x00, 0x73, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x64, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00
+};
+
+static bool lsarlookupsids_out_check(struct torture_context *tctx, 
+									 struct lsa_LookupSids *r)
+{
+	struct lsa_RefDomainList *domains = *(r->out.domains);
+	torture_assert(tctx, domains != NULL, "domains");
+	torture_assert_int_equal(tctx, domains->count, 1, "domains count");
+	torture_assert_int_equal(tctx, domains->max_size, 32, "domains size");
+	torture_assert(tctx, domains->domains != NULL, "domains domains");
+	torture_assert_str_equal(tctx, domains->domains[0].name.string, "BUILTIN", "name");
+	torture_assert_ntstatus_ok(tctx, r->out.result, "return code");
+	return true;
+}
+
+static const uint8_t lsaropenpolicy2_in_data[] = {
+  0x01, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x02
+};
+
+static bool lsaropenpolicy2_in_check(struct torture_context *tctx, 
+									 struct lsa_OpenPolicy2 *r)
+{
+	torture_assert_str_equal(tctx, r->in.system_name, "\\", "system name");
+	torture_assert(tctx, r->in.attr != NULL, "attr ptr");
+	torture_assert_int_equal(tctx, r->in.attr->len, 0, "attr len");
+	torture_assert(tctx, r->in.attr->root_dir == NULL, "attr root");
+	torture_assert(tctx, r->in.attr->object_name == NULL, "attr object name");
+	torture_assert_int_equal(tctx, r->in.attr->attributes, 0, "attr attributes");
+	torture_assert_int_equal(tctx, r->in.access_mask, 0x02000000, "access mask");
+	return true;
+}
+
+static const uint8_t lsaropenpolicy2_out_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x2a, 0xab, 0xb8, 0x84, 0x36, 0xc6, 0xed, 0x4f,
+  0x83, 0x16, 0x04, 0xe8, 0x63, 0x15, 0xeb, 0x84, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool lsaropenpolicy2_out_check(struct torture_context *tctx, 
+									 struct lsa_OpenPolicy2 *r)
+{
+	/* FIXME: handle */
+	torture_assert_ntstatus_ok(tctx, r->out.result, "return code");
+	return true;
+}
+
+static const uint8_t lsaropenpolicy_in_data[] = {
+  0x01, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x02
+};
+
+static bool lsaropenpolicy_in_check(struct torture_context *tctx, 
+									 struct lsa_OpenPolicy *r)
+{
+	torture_assert(tctx, r->in.system_name != NULL, "system name");
+	torture_assert(tctx, r->in.attr != NULL, "attr ptr");
+	torture_assert_int_equal(tctx, r->in.attr->len, 0, "attr len");
+	torture_assert(tctx, r->in.attr->root_dir == NULL, "attr root");
+	torture_assert(tctx, r->in.attr->object_name == NULL, "attr object name");
+	torture_assert_int_equal(tctx, r->in.attr->attributes, 0, "attr attributes");
+	torture_assert_int_equal(tctx, r->in.access_mask, 0x02000000, "access mask");
+
+	return true;
+}
+
+static const uint8_t lsaropenpolicy_out_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x2a, 0xbd, 0xf1, 0xb1, 0xe8, 0xd7, 0xf8, 0x43,
+  0xae, 0xb4, 0x5f, 0x9b, 0xbe, 0x06, 0xf2, 0xce, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool lsaropenpolicy_out_check(struct torture_context *tctx, 
+									 struct lsa_OpenPolicy *r)
+{
+	/* FIXME: Handle */
+	torture_assert_ntstatus_ok(tctx, r->out.result, "return code");
+	return true;
+}
+
+static const uint8_t lsarcreateaccount_in_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x2a, 0xab, 0xb8, 0x84, 0x36, 0xc6, 0xed, 0x4f,
+  0x83, 0x16, 0x04, 0xe8, 0x63, 0x15, 0xeb, 0x84, 0x03, 0x00, 0x00, 0x00,
+  0x01, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0xb4, 0x71, 0xbc, 0x00,
+  0xe1, 0x10, 0x00, 0x00, 0x26, 0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02
+};
+
+static bool lsarcreateaccount_in_check(struct torture_context *tctx, 
+									 struct lsa_CreateAccount *r)
+{
+	/* FIXME: Handle */	
+	/* FIXME: Sid */
+	torture_assert_int_equal(tctx, r->in.access_mask, 0x2000000, "access mask");
+	return true;
+}
+
+static const uint8_t lsarcreateaccount_out_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x3d, 0x28, 0x64, 0xd8, 0x9a, 0xad, 0x2f, 0x48,
+  0xa5, 0x37, 0x26, 0xb4, 0x17, 0x71, 0x3a, 0xe8, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool lsarcreateaccount_out_check(struct torture_context *tctx, 
+									 struct lsa_CreateAccount *r)
+{
+	/* FIXME */	
+	torture_assert_ntstatus_ok(tctx, r->out.result, "return code");
+	return true;
+}
+
+static const uint8_t lsardelete_in_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x3d, 0x28, 0x64, 0xd8, 0x9a, 0xad, 0x2f, 0x48,
+  0xa5, 0x37, 0x26, 0xb4, 0x17, 0x71, 0x3a, 0xe8
+};
+
+static bool lsardelete_in_check(struct torture_context *tctx, 
+									 struct lsa_Delete *r)
+{
+	/* FIXME: Handle */
+	return true;
+}
+
+static const uint8_t lsardelete_out_data[] = {
+  0x00, 0x00, 0x00, 0x00
+};
+
+static bool lsardelete_out_check(struct torture_context *tctx, 
+									 struct lsa_Delete *r)
+{
+	torture_assert_ntstatus_ok(tctx, r->out.result, "return code");
+	return true;
+}
+
+static const uint8_t lsarcreatesecret_in_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x2a, 0xab, 0xb8, 0x84, 0x36, 0xc6, 0xed, 0x4f,
+  0x83, 0x16, 0x04, 0xe8, 0x63, 0x15, 0xeb, 0x84, 0x2e, 0x00, 0x2e, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x17, 0x00, 0x00, 0x00, 0x74, 0x00, 0x6f, 0x00, 0x72, 0x00, 0x74, 0x00,
+  0x75, 0x00, 0x72, 0x00, 0x65, 0x00, 0x73, 0x00, 0x65, 0x00, 0x63, 0x00,
+  0x72, 0x00, 0x65, 0x00, 0x74, 0x00, 0x2d, 0x00, 0x38, 0x00, 0x35, 0x00,
+  0x32, 0x00, 0x38, 0x00, 0x38, 0x00, 0x35, 0x00, 0x33, 0x00, 0x35, 0x00,
+  0x36, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02
+};
+
+static bool lsarcreatesecret_in_check(struct torture_context *tctx,
+									struct lsa_CreateSecret *r)
+{
+	/* FIXME: Handle */
+	torture_assert_str_equal(tctx, r->in.name.string, "torturesecret-852885356", "name");
+	torture_assert_int_equal(tctx, r->in.access_mask, 0x2000000, "access mask");
+	return true;
+}
+
+static const uint8_t lsarcreatesecret_out_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x08, 0x2d, 0x02, 0x15, 0x3d, 0xfb, 0x27, 0x4c,
+  0xaa, 0x22, 0x13, 0x79, 0x20, 0x14, 0x7f, 0xad, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool lsarcreatesecret_out_check(struct torture_context *tctx,
+									struct lsa_CreateSecret *r)
+{
+	/* FIXME: Handle */
+	torture_assert_ntstatus_ok(tctx, r->out.result, "return code");
+	return true;
+}
+
+static const uint8_t lsaropensecret_in_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x2a, 0xab, 0xb8, 0x84, 0x36, 0xc6, 0xed, 0x4f,
+  0x83, 0x16, 0x04, 0xe8, 0x63, 0x15, 0xeb, 0x84, 0x2e, 0x00, 0x2e, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x17, 0x00, 0x00, 0x00, 0x74, 0x00, 0x6f, 0x00, 0x72, 0x00, 0x74, 0x00,
+  0x75, 0x00, 0x72, 0x00, 0x65, 0x00, 0x73, 0x00, 0x65, 0x00, 0x63, 0x00,
+  0x72, 0x00, 0x65, 0x00, 0x74, 0x00, 0x2d, 0x00, 0x38, 0x00, 0x35, 0x00,
+  0x32, 0x00, 0x38, 0x00, 0x38, 0x00, 0x35, 0x00, 0x33, 0x00, 0x35, 0x00,
+  0x36, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02
+};
+
+static bool lsaropensecret_in_check(struct torture_context *tctx,
+									struct lsa_OpenSecret *r)
+{
+	/* FIXME: Handle */
+	torture_assert_str_equal(tctx, r->in.name.string, "torturesecret-852885356", "name");
+	torture_assert_int_equal(tctx, r->in.access_mask, 0x2000000, "access mask");
+	return true;
+}
+
+static const uint8_t lsaropensecret_out_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x9f, 0x6d, 0x07, 0x35, 0x08, 0x43, 0xd9, 0x4b,
+  0xbb, 0xcf, 0xeb, 0x4a, 0x91, 0xd2, 0x24, 0xe7, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool lsaropensecret_out_check(struct torture_context *tctx,
+									struct lsa_OpenSecret *r)
+{
+	/* FIXME: Handle */
+	torture_assert_ntstatus_ok(tctx, r->out.result, "return code");
+	return true;
+}
+
+static const uint8_t lsarsetsecret_in_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x08, 0x2d, 0x02, 0x15, 0x3d, 0xfb, 0x27, 0x4c,
+  0xaa, 0x22, 0x13, 0x79, 0x20, 0x14, 0x7f, 0xad, 0x01, 0x00, 0x00, 0x00,
+  0x20, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00,
+  0xda, 0xb8, 0x19, 0xb6, 0xaf, 0x8c, 0x0f, 0xf5, 0x28, 0x81, 0xca, 0xce,
+  0xcc, 0x8b, 0x70, 0xc4, 0x8a, 0xe5, 0xad, 0x51, 0x1a, 0x0e, 0xb5, 0xaa,
+  0x3b, 0xdc, 0xbf, 0x38, 0x30, 0xb4, 0x18, 0x6d, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool lsarsetsecret_in_check(struct torture_context *tctx,
+									struct lsa_SetSecret *r)
+{
+	/* FIXME: Handle */
+	torture_assert(tctx, r->in.new_val != NULL, "new val ptr");
+	torture_assert(tctx, r->in.old_val == NULL, "old val ptr");
+	torture_assert_int_equal(tctx, r->in.new_val->length, 32, "new val len");
+	torture_assert_int_equal(tctx, r->in.new_val->size, 32, "new val size");
+	return true;
+}
+
+
+static const uint8_t lsarsetsecret_out_data[] = {
+  0x00, 0x00, 0x00, 0x00
+};
+
+static bool lsarsetsecret_out_check(struct torture_context *tctx,
+									struct lsa_SetSecret *r)
+{
+	torture_assert_ntstatus_ok(tctx, r->out.result, "return code");
+	return true;
+}
+
+static const uint8_t lsarquerysecret_in_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x08, 0x2d, 0x02, 0x15, 0x3d, 0xfb, 0x27, 0x4c,
+  0xaa, 0x22, 0x13, 0x79, 0x20, 0x14, 0x7f, 0xad, 0x01, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool lsarquerysecret_in_check(struct torture_context *tctx,
+									struct lsa_QuerySecret *r)
+{
+	/* FIXME: Handle */
+	torture_assert(tctx, r->in.new_val != NULL, "new val ptr");
+	torture_assert(tctx, r->in.new_val->buf == NULL, "new val ptr ptr");
+	torture_assert(tctx, r->in.new_mtime != NULL, "new mtime ptr");
+	/* FIXME: *new_mtime */
+	torture_assert(tctx, r->in.old_val == NULL, "old val ptr");
+	torture_assert(tctx, r->in.old_mtime == NULL, "old mtime ptr");
+	return true;
+}
+
+
+static const uint8_t lsarquerysecret_out_data[] = {
+  0x00, 0x00, 0x02, 0x00, 0x04, 0x00, 0x02, 0x00, 0x20, 0x00, 0x00, 0x00,
+  0x20, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, 0x20, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0xda, 0xb8, 0x19, 0xb6,
+  0xaf, 0x8c, 0x0f, 0xf5, 0x28, 0x81, 0xca, 0xce, 0xcc, 0x8b, 0x70, 0xc4,
+  0x8a, 0xe5, 0xad, 0x51, 0x1a, 0x0e, 0xb5, 0xaa, 0x3b, 0xdc, 0xbf, 0x38,
+  0x30, 0xb4, 0x18, 0x6d, 0x0c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x90, 0x3e, 0x63, 0x7e, 0xee, 0xf1, 0xc4, 0x01, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool lsarquerysecret_out_check(struct torture_context *tctx,
+									struct lsa_QuerySecret *r)
+{
+	/* FIXME: Handle */
+	torture_assert(tctx, r->out.new_val != NULL, "new val ptr");
+	torture_assert(tctx, r->out.new_mtime != NULL, "new mtime ptr");
+	/* FIXME: *new_mtime */
+	torture_assert(tctx, r->out.old_val == NULL, "old val ptr");
+	torture_assert(tctx, r->out.old_mtime == NULL, "old mtime ptr");
+	return true;
+}
+
+static const uint8_t lsarcreatetrusteddomain_in_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x2a, 0xab, 0xb8, 0x84, 0x36, 0xc6, 0xed, 0x4f,
+  0x83, 0x16, 0x04, 0xe8, 0x63, 0x15, 0xeb, 0x84, 0x1a, 0x00, 0x1a, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x00, 0x00, 0x74, 0x00, 0x6f, 0x00,
+  0x72, 0x00, 0x74, 0x00, 0x75, 0x00, 0x72, 0x00, 0x65, 0x00, 0x64, 0x00,
+  0x6f, 0x00, 0x6d, 0x00, 0x61, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x15, 0x00, 0x00, 0x00, 0x76, 0x7c, 0x01, 0x00, 0x93, 0xcb, 0x05, 0x00,
+  0x39, 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02
+};
+
+static bool lsarcreatetrusteddomain_in_check(struct torture_context *tctx, 
+										   struct lsa_CreateTrustedDomain *r)
+{
+	/* FIXME: Handle */
+	torture_assert_str_equal(tctx, r->in.info->name.string, "torturedomain", "name");
+	torture_assert(tctx, r->in.info->sid != NULL, "sid");
+	torture_assert_int_equal(tctx, r->in.access_mask, 0x2000000, "access mask");
+	return true;
+}
+
+static const uint8_t lsarcreatetrusteddomain_out_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0xb5, 0x23, 0x36, 0x5f, 0x33, 0x92, 0x41, 0x4c,
+  0x9a, 0x73, 0x7d, 0x6a, 0x23, 0x14, 0x62, 0x56, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool lsarcreatetrusteddomain_out_check(struct torture_context *tctx, 
+										   struct lsa_CreateTrustedDomain *r)
+{
+	/* FIXME: Handle */
+	torture_assert_ntstatus_ok(tctx, r->out.result, "return code");
+	return true;
+}
+
+static const uint8_t lsarenumerateaccounts_in_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x2a, 0xab, 0xb8, 0x84, 0x36, 0xc6, 0xed, 0x4f,
+  0x83, 0x16, 0x04, 0xe8, 0x63, 0x15, 0xeb, 0x84, 0x00, 0x00, 0x00, 0x00,
+  0x64, 0x00, 0x00, 0x00
+};
+
+static bool lsarenumerateaccounts_in_check(struct torture_context *tctx, 
+										   struct lsa_EnumAccounts *r)
+{
+	/* FIXME: handle */
+	torture_assert(tctx, r->in.resume_handle != NULL, "resume handle ptr");
+	torture_assert_int_equal(tctx, *r->in.resume_handle, 0, "resume handle");
+	torture_assert_int_equal(tctx, r->in.num_entries, 100, "num entries");
+	return true;
+}
+
+static const uint8_t lsarenumerateaccounts_out_data[] = {
+  0x07, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
+  0x07, 0x00, 0x00, 0x00, 0x04, 0x00, 0x02, 0x00, 0x08, 0x00, 0x02, 0x00,
+  0x0c, 0x00, 0x02, 0x00, 0x10, 0x00, 0x02, 0x00, 0x14, 0x00, 0x02, 0x00,
+  0x18, 0x00, 0x02, 0x00, 0x1c, 0x00, 0x02, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00,
+  0x24, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x20, 0x02, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x15, 0x00, 0x00, 0x00, 0x14, 0xcd, 0xfb, 0x2b, 0x07, 0x32, 0xfb, 0xb2,
+  0xcc, 0x04, 0x9c, 0x4c, 0xe9, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x14, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x13, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x0b, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00
+};
+
+static bool lsarenumerateaccounts_out_check(struct torture_context *tctx, 
+										   struct lsa_EnumAccounts *r)
+{
+	torture_assert(tctx, r->out.resume_handle != NULL, "resume handle ptr");
+	torture_assert_int_equal(tctx, *r->out.resume_handle, 7, "resume handle");
+	torture_assert_int_equal(tctx, r->out.sids->num_sids, 7, "num sids");
+	torture_assert(tctx, r->out.sids->sids != NULL, "sids sids");
+	torture_assert(tctx, r->out.sids->sids[0].sid != NULL, "sids sids");
+	torture_assert_ntstatus_ok(tctx, r->out.result, "return code");
+	return true;
+}
+
+static const uint8_t lsarlookupsids2_in_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x2a, 0xab, 0xb8, 0x84, 0x36, 0xc6, 0xed, 0x4f,
+  0x83, 0x16, 0x04, 0xe8, 0x63, 0x15, 0xeb, 0x84, 0x07, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x03, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x06, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x24, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00,
+  0x20, 0x02, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x01, 0x05, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00, 0x14, 0xcd, 0xfb, 0x2b,
+  0x07, 0x32, 0xfb, 0xb2, 0xcc, 0x04, 0x9c, 0x4c, 0xe9, 0x03, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x14, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x13, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x0b, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00
+};
+
+static bool lsarlookupsids2_in_check(struct torture_context *tctx, 
+									 struct lsa_LookupSids2 *r)
+{
+	/* FIXME: Handle */
+	torture_assert_int_equal(tctx, r->in.sids->num_sids, 7, "num sids");
+	torture_assert(tctx, r->in.sids->sids != NULL, "sids sids");
+	torture_assert(tctx, r->in.sids->sids[0].sid != NULL, "sids sids");
+	torture_assert(tctx, r->in.names != NULL, "names ptr");
+	torture_assert_int_equal(tctx, r->in.names->count, 0, "names count");
+	torture_assert(tctx, r->in.names->names == NULL, "names");
+	torture_assert_int_equal(tctx, r->in.level, 1, "level");
+	torture_assert(tctx, r->in.count != NULL, "count ptr");
+	torture_assert_int_equal(tctx, *r->in.count, 7, "count");
+	torture_assert_int_equal(tctx, r->in.lookup_options, 0, "unknown 1");
+	torture_assert_int_equal(tctx, r->in.client_revision, 0, "unknown 2");
+
+	return true;
+}
+
+static const uint8_t lsarlookupsids2_out_data[] = {
+  0x00, 0x00, 0x02, 0x00, 0x04, 0x00, 0x00, 0x00, 0x04, 0x00, 0x02, 0x00,
+  0x20, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x18, 0x00, 0x1a, 0x00,
+  0x08, 0x00, 0x02, 0x00, 0x0c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x02, 0x00,
+  0x10, 0x00, 0x02, 0x00, 0x14, 0x00, 0x02, 0x00, 0x0e, 0x00, 0x10, 0x00,
+  0x18, 0x00, 0x02, 0x00, 0x1c, 0x00, 0x02, 0x00, 0x12, 0x00, 0x14, 0x00,
+  0x20, 0x00, 0x02, 0x00, 0x24, 0x00, 0x02, 0x00, 0x0d, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x4e, 0x00, 0x54, 0x00,
+  0x20, 0x00, 0x41, 0x00, 0x55, 0x00, 0x54, 0x00, 0x48, 0x00, 0x4f, 0x00,
+  0x52, 0x00, 0x49, 0x00, 0x54, 0x00, 0x59, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x01, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x08, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x42, 0x00, 0x55, 0x00,
+  0x49, 0x00, 0x4c, 0x00, 0x54, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x09, 0x00, 0x00, 0x00, 0x57, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x32, 0x00,
+  0x4b, 0x00, 0x33, 0x00, 0x44, 0x00, 0x4f, 0x00, 0x4d, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x15, 0x00, 0x00, 0x00, 0x14, 0xcd, 0xfb, 0x2b, 0x07, 0x32, 0xfb, 0xb2,
+  0xcc, 0x04, 0x9c, 0x4c, 0x07, 0x00, 0x00, 0x00, 0x28, 0x00, 0x02, 0x00,
+  0x07, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x22, 0x00, 0x22, 0x00,
+  0x2c, 0x00, 0x02, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x1c, 0x00, 0x30, 0x00, 0x02, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x20, 0x00, 0x20, 0x00, 0x34, 0x00, 0x02, 0x00, 0x03, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x1e, 0x00, 0x20, 0x00,
+  0x38, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x1a, 0x00, 0x1c, 0x00, 0x3c, 0x00, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x12, 0x00,
+  0x26, 0x00, 0x28, 0x00, 0x40, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x10, 0x00, 0x12, 0x00,
+  0x44, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x11, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x11, 0x00, 0x00, 0x00,
+  0x41, 0x00, 0x63, 0x00, 0x63, 0x00, 0x6f, 0x00, 0x75, 0x00, 0x6e, 0x00,
+  0x74, 0x00, 0x20, 0x00, 0x4f, 0x00, 0x70, 0x00, 0x65, 0x00, 0x72, 0x00,
+  0x61, 0x00, 0x74, 0x00, 0x6f, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x0e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x00, 0x00,
+  0x41, 0x00, 0x64, 0x00, 0x6d, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x69, 0x00,
+  0x73, 0x00, 0x74, 0x00, 0x72, 0x00, 0x61, 0x00, 0x74, 0x00, 0x6f, 0x00,
+  0x72, 0x00, 0x73, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x10, 0x00, 0x00, 0x00, 0x53, 0x00, 0x55, 0x00, 0x50, 0x00, 0x50, 0x00,
+  0x4f, 0x00, 0x52, 0x00, 0x54, 0x00, 0x5f, 0x00, 0x33, 0x00, 0x38, 0x00,
+  0x38, 0x00, 0x39, 0x00, 0x34, 0x00, 0x35, 0x00, 0x61, 0x00, 0x30, 0x00,
+  0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0f, 0x00, 0x00, 0x00,
+  0x4e, 0x00, 0x45, 0x00, 0x54, 0x00, 0x57, 0x00, 0x4f, 0x00, 0x52, 0x00,
+  0x4b, 0x00, 0x20, 0x00, 0x53, 0x00, 0x45, 0x00, 0x52, 0x00, 0x56, 0x00,
+  0x49, 0x00, 0x43, 0x00, 0x45, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x00, 0x00, 0x4c, 0x00, 0x4f, 0x00,
+  0x43, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x20, 0x00, 0x53, 0x00, 0x45, 0x00,
+  0x52, 0x00, 0x56, 0x00, 0x49, 0x00, 0x43, 0x00, 0x45, 0x00, 0x00, 0x00,
+  0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, 0x00, 0x00, 0x00,
+  0x41, 0x00, 0x75, 0x00, 0x74, 0x00, 0x68, 0x00, 0x65, 0x00, 0x6e, 0x00,
+  0x74, 0x00, 0x69, 0x00, 0x63, 0x00, 0x61, 0x00, 0x74, 0x00, 0x65, 0x00,
+  0x64, 0x00, 0x20, 0x00, 0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00,
+  0x73, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x08, 0x00, 0x00, 0x00, 0x45, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00,
+  0x79, 0x00, 0x6f, 0x00, 0x6e, 0x00, 0x65, 0x00, 0x07, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00
+};
+
+static bool lsarlookupsids2_out_check(struct torture_context *tctx, 
+									 struct lsa_LookupSids2 *r)
+{
+	struct lsa_RefDomainList *domains = *(r->out.domains);
+	/* FIXME: Handle */
+	torture_assert(tctx, r->out.names != NULL, "names ptr");
+	torture_assert(tctx, r->out.domains != NULL, "domains ptr");
+	torture_assert_int_equal(tctx, domains->count, 4, "domains count");
+	torture_assert_int_equal(tctx, domains->max_size, 32, "domains size");
+	torture_assert_str_equal(tctx, domains->domains[0].name.string, "NT AUTHORITY", "trust info name");
+	torture_assert_int_equal(tctx, r->out.names->count, 7, "names count");
+	torture_assert_str_equal(tctx, r->out.names->names[0].name.string, "Account Operators", "name str 1");
+	torture_assert_str_equal(tctx, r->out.names->names[1].name.string, "Administrators", "name str 2");
+	torture_assert_str_equal(tctx, r->out.names->names[2].name.string, "SUPPORT_388945a0", "name str 3");
+	torture_assert(tctx, r->out.count != NULL, "count ptr");
+	torture_assert_int_equal(tctx, *r->out.count, 7, "count");
+	torture_assert_ntstatus_ok(tctx, r->out.result, "return code");
+
+	return true;
+}
+
+static const uint8_t lsarlookupnames2_in_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x2a, 0xab, 0xb8, 0x84, 0x36, 0xc6, 0xed, 0x4f,
+  0x83, 0x16, 0x04, 0xe8, 0x63, 0x15, 0xeb, 0x84, 0x07, 0x00, 0x00, 0x00,
+  0x07, 0x00, 0x00, 0x00, 0x22, 0x00, 0x22, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x1c, 0x00, 0x1c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x20, 0x00, 0x20, 0x00,
+  0x03, 0x00, 0x00, 0x00, 0x1e, 0x00, 0x1e, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x1a, 0x00, 0x1a, 0x00, 0x05, 0x00, 0x00, 0x00, 0x26, 0x00, 0x26, 0x00,
+  0x06, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0x07, 0x00, 0x00, 0x00,
+  0x11, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x11, 0x00, 0x00, 0x00,
+  0x41, 0x00, 0x63, 0x00, 0x63, 0x00, 0x6f, 0x00, 0x75, 0x00, 0x6e, 0x00,
+  0x74, 0x00, 0x20, 0x00, 0x4f, 0x00, 0x70, 0x00, 0x65, 0x00, 0x72, 0x00,
+  0x61, 0x00, 0x74, 0x00, 0x6f, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x0e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x00, 0x00,
+  0x41, 0x00, 0x64, 0x00, 0x6d, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x69, 0x00,
+  0x73, 0x00, 0x74, 0x00, 0x72, 0x00, 0x61, 0x00, 0x74, 0x00, 0x6f, 0x00,
+  0x72, 0x00, 0x73, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x10, 0x00, 0x00, 0x00, 0x53, 0x00, 0x55, 0x00, 0x50, 0x00, 0x50, 0x00,
+  0x4f, 0x00, 0x52, 0x00, 0x54, 0x00, 0x5f, 0x00, 0x33, 0x00, 0x38, 0x00,
+  0x38, 0x00, 0x39, 0x00, 0x34, 0x00, 0x35, 0x00, 0x61, 0x00, 0x30, 0x00,
+  0x0f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0f, 0x00, 0x00, 0x00,
+  0x4e, 0x00, 0x45, 0x00, 0x54, 0x00, 0x57, 0x00, 0x4f, 0x00, 0x52, 0x00,
+  0x4b, 0x00, 0x20, 0x00, 0x53, 0x00, 0x45, 0x00, 0x52, 0x00, 0x56, 0x00,
+  0x49, 0x00, 0x43, 0x00, 0x45, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x00, 0x00, 0x4c, 0x00, 0x4f, 0x00,
+  0x43, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x20, 0x00, 0x53, 0x00, 0x45, 0x00,
+  0x52, 0x00, 0x56, 0x00, 0x49, 0x00, 0x43, 0x00, 0x45, 0x00, 0x00, 0x00,
+  0x13, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, 0x00, 0x00, 0x00,
+  0x41, 0x00, 0x75, 0x00, 0x74, 0x00, 0x68, 0x00, 0x65, 0x00, 0x6e, 0x00,
+  0x74, 0x00, 0x69, 0x00, 0x63, 0x00, 0x61, 0x00, 0x74, 0x00, 0x65, 0x00,
+  0x64, 0x00, 0x20, 0x00, 0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00,
+  0x73, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x08, 0x00, 0x00, 0x00, 0x45, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00,
+  0x79, 0x00, 0x6f, 0x00, 0x6e, 0x00, 0x65, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool lsarlookupnames2_in_check(struct torture_context *tctx,
+									  struct lsa_LookupNames2 *r)
+{
+	/* FIXME: Handle */
+	torture_assert_int_equal(tctx, r->in.num_names, 7, "num names");
+	torture_assert_str_equal(tctx, r->in.names[0].string, "Account Operators", 
+							 "names[0]");
+	torture_assert_str_equal(tctx, r->in.names[1].string, "Administrators", 
+							 "names[1]");
+	torture_assert_int_equal(tctx, r->in.level, 1, "level");
+	torture_assert_int_equal(tctx, r->in.lookup_options, 0, "lookup_options");
+	torture_assert_int_equal(tctx, r->in.client_revision, 0, "client_revision");
+	torture_assert_int_equal(tctx, *r->in.count, 0, "count");
+	torture_assert_int_equal(tctx, r->in.sids->count, 0, "sids count");
+	torture_assert(tctx, r->in.sids->sids == NULL, "sids sids");
+	return true;
+}
+
+static const uint8_t lsarlookupnames2_out_data[] = {
+  0x00, 0x00, 0x02, 0x00, 0x04, 0x00, 0x00, 0x00, 0x04, 0x00, 0x02, 0x00,
+  0x20, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x18, 0x00, 0x1a, 0x00,
+  0x08, 0x00, 0x02, 0x00, 0x0c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x02, 0x00,
+  0x10, 0x00, 0x02, 0x00, 0x14, 0x00, 0x02, 0x00, 0x0e, 0x00, 0x10, 0x00,
+  0x18, 0x00, 0x02, 0x00, 0x1c, 0x00, 0x02, 0x00, 0x12, 0x00, 0x14, 0x00,
+  0x20, 0x00, 0x02, 0x00, 0x24, 0x00, 0x02, 0x00, 0x0d, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x4e, 0x00, 0x54, 0x00,
+  0x20, 0x00, 0x41, 0x00, 0x55, 0x00, 0x54, 0x00, 0x48, 0x00, 0x4f, 0x00,
+  0x52, 0x00, 0x49, 0x00, 0x54, 0x00, 0x59, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x01, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x08, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x42, 0x00, 0x55, 0x00,
+  0x49, 0x00, 0x4c, 0x00, 0x54, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x09, 0x00, 0x00, 0x00, 0x57, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x32, 0x00,
+  0x4b, 0x00, 0x33, 0x00, 0x44, 0x00, 0x4f, 0x00, 0x4d, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x15, 0x00, 0x00, 0x00, 0x14, 0xcd, 0xfb, 0x2b, 0x07, 0x32, 0xfb, 0xb2,
+  0xcc, 0x04, 0x9c, 0x4c, 0x07, 0x00, 0x00, 0x00, 0x28, 0x00, 0x02, 0x00,
+  0x07, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x24, 0x02, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x20, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0xe9, 0x03, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x02, 0x00, 0x14, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x20, 0x00,
+  0x13, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00
+};
+
+static bool lsarlookupnames2_out_check(struct torture_context *tctx,
+									  struct lsa_LookupNames2 *r)
+{
+	torture_assert_int_equal(tctx, *r->out.count, 7, "count");
+	torture_assert_int_equal(tctx, r->out.sids->count, 7, "sids count");
+	torture_assert_ntstatus_ok(tctx, r->out.result, "return code");
+	return true;
+}
+
+static const uint8_t lsarlookupnames3_in_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x2a, 0xab, 0xb8, 0x84, 0x36, 0xc6, 0xed, 0x4f,
+  0x83, 0x16, 0x04, 0xe8, 0x63, 0x15, 0xeb, 0x84, 0x07, 0x00, 0x00, 0x00,
+  0x07, 0x00, 0x00, 0x00, 0x22, 0x00, 0x22, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x1c, 0x00, 0x1c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x20, 0x00, 0x20, 0x00,
+  0x03, 0x00, 0x00, 0x00, 0x1e, 0x00, 0x1e, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x1a, 0x00, 0x1a, 0x00, 0x05, 0x00, 0x00, 0x00, 0x26, 0x00, 0x26, 0x00,
+  0x06, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0x07, 0x00, 0x00, 0x00,
+  0x11, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x11, 0x00, 0x00, 0x00,
+  0x41, 0x00, 0x63, 0x00, 0x63, 0x00, 0x6f, 0x00, 0x75, 0x00, 0x6e, 0x00,
+  0x74, 0x00, 0x20, 0x00, 0x4f, 0x00, 0x70, 0x00, 0x65, 0x00, 0x72, 0x00,
+  0x61, 0x00, 0x74, 0x00, 0x6f, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00,
+  0x0e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x00, 0x00,
+  0x41, 0x00, 0x64, 0x00, 0x6d, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x69, 0x00,
+  0x73, 0x00, 0x74, 0x00, 0x72, 0x00, 0x61, 0x00, 0x74, 0x00, 0x6f, 0x00,
+  0x72, 0x00, 0x73, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x10, 0x00, 0x00, 0x00, 0x53, 0x00, 0x55, 0x00, 0x50, 0x00, 0x50, 0x00,
+  0x4f, 0x00, 0x52, 0x00, 0x54, 0x00, 0x5f, 0x00, 0x33, 0x00, 0x38, 0x00,
+  0x38, 0x00, 0x39, 0x00, 0x34, 0x00, 0x35, 0x00, 0x61, 0x00, 0x30, 0x00,
+  0x0f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0f, 0x00, 0x00, 0x00,
+  0x4e, 0x00, 0x45, 0x00, 0x54, 0x00, 0x57, 0x00, 0x4f, 0x00, 0x52, 0x00,
+  0x4b, 0x00, 0x20, 0x00, 0x53, 0x00, 0x45, 0x00, 0x52, 0x00, 0x56, 0x00,
+  0x49, 0x00, 0x43, 0x00, 0x45, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x00, 0x00, 0x4c, 0x00, 0x4f, 0x00,
+  0x43, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x20, 0x00, 0x53, 0x00, 0x45, 0x00,
+  0x52, 0x00, 0x56, 0x00, 0x49, 0x00, 0x43, 0x00, 0x45, 0x00, 0x00, 0x00,
+  0x13, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, 0x00, 0x00, 0x00,
+  0x41, 0x00, 0x75, 0x00, 0x74, 0x00, 0x68, 0x00, 0x65, 0x00, 0x6e, 0x00,
+  0x74, 0x00, 0x69, 0x00, 0x63, 0x00, 0x61, 0x00, 0x74, 0x00, 0x65, 0x00,
+  0x64, 0x00, 0x20, 0x00, 0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00,
+  0x73, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x08, 0x00, 0x00, 0x00, 0x45, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00,
+  0x79, 0x00, 0x6f, 0x00, 0x6e, 0x00, 0x65, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool lsarlookupnames3_in_check(struct torture_context *tctx, struct lsa_LookupNames3 *r)
+{
+	/* FIXME: Handle */
+	torture_assert_int_equal(tctx, r->in.num_names, 7, "num names");
+	torture_assert_str_equal(tctx, r->in.names[0].string, "Account Operators", 
+							 "names[0]");
+	torture_assert_str_equal(tctx, r->in.names[1].string, "Administrators", 
+							 "names[1]");
+	torture_assert_int_equal(tctx, r->in.level, 1, "level");
+	torture_assert_int_equal(tctx, r->in.lookup_options, 0, "lookup_options");
+	torture_assert_int_equal(tctx, r->in.client_revision, 0, "client_revision");
+	torture_assert_int_equal(tctx, *r->in.count, 0, "count");
+	torture_assert_int_equal(tctx, r->in.sids->count, 0, "sids count");
+	torture_assert(tctx, r->in.sids->sids == NULL, "sids sids");
+	return true;
+}
+
+static const uint8_t lsarlookupnames3_out_data[] = {
+  0x00, 0x00, 0x02, 0x00, 0x04, 0x00, 0x00, 0x00, 0x04, 0x00, 0x02, 0x00,
+  0x20, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x18, 0x00, 0x1a, 0x00,
+  0x08, 0x00, 0x02, 0x00, 0x0c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x02, 0x00,
+  0x10, 0x00, 0x02, 0x00, 0x14, 0x00, 0x02, 0x00, 0x0e, 0x00, 0x10, 0x00,
+  0x18, 0x00, 0x02, 0x00, 0x1c, 0x00, 0x02, 0x00, 0x12, 0x00, 0x14, 0x00,
+  0x20, 0x00, 0x02, 0x00, 0x24, 0x00, 0x02, 0x00, 0x0d, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x4e, 0x00, 0x54, 0x00,
+  0x20, 0x00, 0x41, 0x00, 0x55, 0x00, 0x54, 0x00, 0x48, 0x00, 0x4f, 0x00,
+  0x52, 0x00, 0x49, 0x00, 0x54, 0x00, 0x59, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x01, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x08, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x42, 0x00, 0x55, 0x00,
+  0x49, 0x00, 0x4c, 0x00, 0x54, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x09, 0x00, 0x00, 0x00, 0x57, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x32, 0x00,
+  0x4b, 0x00, 0x33, 0x00, 0x44, 0x00, 0x4f, 0x00, 0x4d, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x15, 0x00, 0x00, 0x00, 0x14, 0xcd, 0xfb, 0x2b, 0x07, 0x32, 0xfb, 0xb2,
+  0xcc, 0x04, 0x9c, 0x4c, 0x07, 0x00, 0x00, 0x00, 0x28, 0x00, 0x02, 0x00,
+  0x07, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x2c, 0x00, 0x02, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x30, 0x00, 0x02, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x34, 0x00, 0x02, 0x00, 0x03, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x02, 0x00, 0x38, 0x00, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x20, 0x00,
+  0x3c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x40, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x44, 0x00, 0x02, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00,
+  0x24, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x20, 0x02, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x15, 0x00, 0x00, 0x00, 0x14, 0xcd, 0xfb, 0x2b, 0x07, 0x32, 0xfb, 0xb2,
+  0xcc, 0x04, 0x9c, 0x4c, 0xe9, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x14, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x13, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x0b, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+  0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool lsarlookupnames3_out_check(struct torture_context *tctx,
+									  struct lsa_LookupNames3 *r)
+{
+	torture_assert_int_equal(tctx, *r->out.count, 7, "count");
+	torture_assert_int_equal(tctx, r->out.sids->count, 7, "sids count");
+	torture_assert_ntstatus_ok(tctx, r->out.result, "return code");
+	return true;
+}
+
+
+
+static const uint8_t lsarlookupsids3_in_data[] = {
+  0x07, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
+  0x08, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x24, 0x02, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x20, 0x00, 0x00, 0x00, 0x20, 0x02, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00,
+  0x14, 0xcd, 0xfb, 0x2b, 0x07, 0x32, 0xfb, 0xb2, 0xcc, 0x04, 0x9c, 0x4c,
+  0xe9, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x14, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x13, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x0b, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool lsarlookupsids3_in_check(struct torture_context *tctx, 
+									 struct lsa_LookupSids3 *r)
+{
+	/* FIXME: Handle */
+	torture_assert_int_equal(tctx, r->in.sids->num_sids, 7, "num sids");
+	torture_assert(tctx, r->in.sids->sids != NULL, "sids sids");
+	torture_assert(tctx, r->in.sids->sids[0].sid != NULL, "sids sids");
+	torture_assert(tctx, r->in.names != NULL, "names ptr");
+	torture_assert_int_equal(tctx, r->in.names->count, 0, "names count");
+	torture_assert(tctx, r->in.names->names == NULL, "names");
+	torture_assert_int_equal(tctx, r->in.level, 1, "level");
+	torture_assert(tctx, r->in.count != NULL, "count ptr");
+	torture_assert_int_equal(tctx, *r->in.count, 7, "count");
+	torture_assert_int_equal(tctx, r->in.lookup_options, 0, "unknown 1");
+	torture_assert_int_equal(tctx, r->in.client_revision, 0, "unknown 2");
+
+	return true;
+}
+
+#if 0
+static const uint8_t lsarlookupsids3_out_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x07, 0x00, 0x00, 0x00, 0x22, 0x00, 0x00, 0xc0
+};
+
+static bool lsarlookupsids3_out_check(struct torture_context *tctx, 
+				      struct lsa_LookupSids3 *r)
+{
+	struct lsa_RefDomainList *domains = *(r->out.domains);
+	/* FIXME: Handle */
+	torture_assert(tctx, r->out.names != NULL, "names ptr");
+	torture_assert(tctx, r->out.domains != NULL, "domains ptr");
+	torture_assert_int_equal(tctx, domains->count, 4, "domains count");
+	torture_assert_int_equal(tctx, domains->max_size, 32, "domains size");
+	torture_assert_str_equal(tctx, domains->domains[0].name.string, "NT AUTHORITY", "trust info name");
+	torture_assert_int_equal(tctx, r->out.names->count, 7, "names count");
+	torture_assert_str_equal(tctx, r->out.names->names[0].name.string, "Account Operators", "name str 1");
+	torture_assert_str_equal(tctx, r->out.names->names[1].name.string, "Administrators", "name str 2");
+	torture_assert_str_equal(tctx, r->out.names->names[2].name.string, "SUPPORT_388945a0", "name str 3");
+	torture_assert(tctx, r->out.count != NULL, "count ptr");
+	torture_assert_int_equal(tctx, *r->out.count, 7, "count");
+	torture_assert_ntstatus_ok(tctx, r->out.result, "return code");
+
+	return true;
+}
+#endif
+
+static const uint8_t lsarenumerateprivileges_in_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x2a, 0xab, 0xb8, 0x84, 0x36, 0xc6, 0xed, 0x4f,
+  0x83, 0x16, 0x04, 0xe8, 0x63, 0x15, 0xeb, 0x84, 0x00, 0x00, 0x00, 0x00,
+  0x64, 0x00, 0x00, 0x00
+};
+
+static bool lsarenumerateprivileges_in_check(struct torture_context *tctx,
+											 struct lsa_EnumPrivs *r)
+{
+	/* FIXME handle */
+	torture_assert(tctx, r->in.resume_handle != NULL, "resume handle ptr");
+	torture_assert_int_equal(tctx, *r->in.resume_handle, 0, "resume handle");
+	torture_assert_int_equal(tctx, r->in.max_count, 100, "max count");
+	return true;
+}
+
+static const uint8_t lsarenumerateprivileges_out_data[] = {
+  0x1d, 0x00, 0x00, 0x00, 0x1d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
+  0x1d, 0x00, 0x00, 0x00, 0x2c, 0x00, 0x2e, 0x00, 0x04, 0x00, 0x02, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3a, 0x00, 0x3c, 0x00,
+  0x08, 0x00, 0x02, 0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x2a, 0x00, 0x2c, 0x00, 0x0c, 0x00, 0x02, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x30, 0x00, 0x32, 0x00, 0x10, 0x00, 0x02, 0x00,
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x32, 0x00, 0x34, 0x00,
+  0x14, 0x00, 0x02, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x1c, 0x00, 0x1e, 0x00, 0x18, 0x00, 0x02, 0x00, 0x07, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x26, 0x00, 0x28, 0x00, 0x1c, 0x00, 0x02, 0x00,
+  0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x00, 0x32, 0x00,
+  0x20, 0x00, 0x02, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x2a, 0x00, 0x2c, 0x00, 0x24, 0x00, 0x02, 0x00, 0x0a, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x30, 0x00, 0x32, 0x00, 0x28, 0x00, 0x02, 0x00,
+  0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2a, 0x00, 0x2c, 0x00,
+  0x2c, 0x00, 0x02, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x3e, 0x00, 0x40, 0x00, 0x30, 0x00, 0x02, 0x00, 0x0d, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x3e, 0x00, 0x40, 0x00, 0x34, 0x00, 0x02, 0x00,
+  0x0e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x32, 0x00, 0x34, 0x00,
+  0x38, 0x00, 0x02, 0x00, 0x0f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x34, 0x00, 0x36, 0x00, 0x3c, 0x00, 0x02, 0x00, 0x10, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x22, 0x00, 0x24, 0x00, 0x40, 0x00, 0x02, 0x00,
+  0x11, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00, 0x26, 0x00,
+  0x44, 0x00, 0x02, 0x00, 0x12, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x26, 0x00, 0x28, 0x00, 0x48, 0x00, 0x02, 0x00, 0x13, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x22, 0x00, 0x4c, 0x00, 0x02, 0x00,
+  0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x22, 0x00,
+  0x50, 0x00, 0x02, 0x00, 0x15, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x38, 0x00, 0x3a, 0x00, 0x54, 0x00, 0x02, 0x00, 0x16, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x2e, 0x00, 0x30, 0x00, 0x58, 0x00, 0x02, 0x00,
+  0x17, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x32, 0x00, 0x34, 0x00,
+  0x5c, 0x00, 0x02, 0x00, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x22, 0x00, 0x24, 0x00, 0x60, 0x00, 0x02, 0x00, 0x19, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x28, 0x00, 0x2a, 0x00, 0x64, 0x00, 0x02, 0x00,
+  0x1a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x36, 0x00, 0x38, 0x00,
+  0x68, 0x00, 0x02, 0x00, 0x1b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x2e, 0x00, 0x30, 0x00, 0x6c, 0x00, 0x02, 0x00, 0x1c, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x2c, 0x00, 0x2e, 0x00, 0x70, 0x00, 0x02, 0x00,
+  0x1d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2e, 0x00, 0x30, 0x00,
+  0x74, 0x00, 0x02, 0x00, 0x1e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x17, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, 0x00, 0x00, 0x00,
+  0x53, 0x00, 0x65, 0x00, 0x43, 0x00, 0x72, 0x00, 0x65, 0x00, 0x61, 0x00,
+  0x74, 0x00, 0x65, 0x00, 0x54, 0x00, 0x6f, 0x00, 0x6b, 0x00, 0x65, 0x00,
+  0x6e, 0x00, 0x50, 0x00, 0x72, 0x00, 0x69, 0x00, 0x76, 0x00, 0x69, 0x00,
+  0x6c, 0x00, 0x65, 0x00, 0x67, 0x00, 0x65, 0x00, 0x1e, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x1d, 0x00, 0x00, 0x00, 0x53, 0x00, 0x65, 0x00,
+  0x41, 0x00, 0x73, 0x00, 0x73, 0x00, 0x69, 0x00, 0x67, 0x00, 0x6e, 0x00,
+  0x50, 0x00, 0x72, 0x00, 0x69, 0x00, 0x6d, 0x00, 0x61, 0x00, 0x72, 0x00,
+  0x79, 0x00, 0x54, 0x00, 0x6f, 0x00, 0x6b, 0x00, 0x65, 0x00, 0x6e, 0x00,
+  0x50, 0x00, 0x72, 0x00, 0x69, 0x00, 0x76, 0x00, 0x69, 0x00, 0x6c, 0x00,
+  0x65, 0x00, 0x67, 0x00, 0x65, 0x00, 0x00, 0x00, 0x16, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x00, 0x00, 0x53, 0x00, 0x65, 0x00,
+  0x4c, 0x00, 0x6f, 0x00, 0x63, 0x00, 0x6b, 0x00, 0x4d, 0x00, 0x65, 0x00,
+  0x6d, 0x00, 0x6f, 0x00, 0x72, 0x00, 0x79, 0x00, 0x50, 0x00, 0x72, 0x00,
+  0x69, 0x00, 0x76, 0x00, 0x69, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x67, 0x00,
+  0x65, 0x00, 0x00, 0x00, 0x19, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x18, 0x00, 0x00, 0x00, 0x53, 0x00, 0x65, 0x00, 0x49, 0x00, 0x6e, 0x00,
+  0x63, 0x00, 0x72, 0x00, 0x65, 0x00, 0x61, 0x00, 0x73, 0x00, 0x65, 0x00,
+  0x51, 0x00, 0x75, 0x00, 0x6f, 0x00, 0x74, 0x00, 0x61, 0x00, 0x50, 0x00,
+  0x72, 0x00, 0x69, 0x00, 0x76, 0x00, 0x69, 0x00, 0x6c, 0x00, 0x65, 0x00,
+  0x67, 0x00, 0x65, 0x00, 0x1a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x19, 0x00, 0x00, 0x00, 0x53, 0x00, 0x65, 0x00, 0x4d, 0x00, 0x61, 0x00,
+  0x63, 0x00, 0x68, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x65, 0x00, 0x41, 0x00,
+  0x63, 0x00, 0x63, 0x00, 0x6f, 0x00, 0x75, 0x00, 0x6e, 0x00, 0x74, 0x00,
+  0x50, 0x00, 0x72, 0x00, 0x69, 0x00, 0x76, 0x00, 0x69, 0x00, 0x6c, 0x00,
+  0x65, 0x00, 0x67, 0x00, 0x65, 0x00, 0x00, 0x00, 0x0f, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x00, 0x00, 0x53, 0x00, 0x65, 0x00,
+  0x54, 0x00, 0x63, 0x00, 0x62, 0x00, 0x50, 0x00, 0x72, 0x00, 0x69, 0x00,
+  0x76, 0x00, 0x69, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x67, 0x00, 0x65, 0x00,
+  0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, 0x00, 0x00, 0x00,
+  0x53, 0x00, 0x65, 0x00, 0x53, 0x00, 0x65, 0x00, 0x63, 0x00, 0x75, 0x00,
+  0x72, 0x00, 0x69, 0x00, 0x74, 0x00, 0x79, 0x00, 0x50, 0x00, 0x72, 0x00,
+  0x69, 0x00, 0x76, 0x00, 0x69, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x67, 0x00,
+  0x65, 0x00, 0x00, 0x00, 0x19, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x18, 0x00, 0x00, 0x00, 0x53, 0x00, 0x65, 0x00, 0x54, 0x00, 0x61, 0x00,
+  0x6b, 0x00, 0x65, 0x00, 0x4f, 0x00, 0x77, 0x00, 0x6e, 0x00, 0x65, 0x00,
+  0x72, 0x00, 0x73, 0x00, 0x68, 0x00, 0x69, 0x00, 0x70, 0x00, 0x50, 0x00,
+  0x72, 0x00, 0x69, 0x00, 0x76, 0x00, 0x69, 0x00, 0x6c, 0x00, 0x65, 0x00,
+  0x67, 0x00, 0x65, 0x00, 0x16, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x15, 0x00, 0x00, 0x00, 0x53, 0x00, 0x65, 0x00, 0x4c, 0x00, 0x6f, 0x00,
+  0x61, 0x00, 0x64, 0x00, 0x44, 0x00, 0x72, 0x00, 0x69, 0x00, 0x76, 0x00,
+  0x65, 0x00, 0x72, 0x00, 0x50, 0x00, 0x72, 0x00, 0x69, 0x00, 0x76, 0x00,
+  0x69, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x67, 0x00, 0x65, 0x00, 0x00, 0x00,
+  0x19, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00,
+  0x53, 0x00, 0x65, 0x00, 0x53, 0x00, 0x79, 0x00, 0x73, 0x00, 0x74, 0x00,
+  0x65, 0x00, 0x6d, 0x00, 0x50, 0x00, 0x72, 0x00, 0x6f, 0x00, 0x66, 0x00,
+  0x69, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x50, 0x00, 0x72, 0x00, 0x69, 0x00,
+  0x76, 0x00, 0x69, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x67, 0x00, 0x65, 0x00,
+  0x16, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x00, 0x00,
+  0x53, 0x00, 0x65, 0x00, 0x53, 0x00, 0x79, 0x00, 0x73, 0x00, 0x74, 0x00,
+  0x65, 0x00, 0x6d, 0x00, 0x74, 0x00, 0x69, 0x00, 0x6d, 0x00, 0x65, 0x00,
+  0x50, 0x00, 0x72, 0x00, 0x69, 0x00, 0x76, 0x00, 0x69, 0x00, 0x6c, 0x00,
+  0x65, 0x00, 0x67, 0x00, 0x65, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x1f, 0x00, 0x00, 0x00, 0x53, 0x00, 0x65, 0x00,
+  0x50, 0x00, 0x72, 0x00, 0x6f, 0x00, 0x66, 0x00, 0x69, 0x00, 0x6c, 0x00,
+  0x65, 0x00, 0x53, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x67, 0x00, 0x6c, 0x00,
+  0x65, 0x00, 0x50, 0x00, 0x72, 0x00, 0x6f, 0x00, 0x63, 0x00, 0x65, 0x00,
+  0x73, 0x00, 0x73, 0x00, 0x50, 0x00, 0x72, 0x00, 0x69, 0x00, 0x76, 0x00,
+  0x69, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x67, 0x00, 0x65, 0x00, 0x00, 0x00,
+  0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1f, 0x00, 0x00, 0x00,
+  0x53, 0x00, 0x65, 0x00, 0x49, 0x00, 0x6e, 0x00, 0x63, 0x00, 0x72, 0x00,
+  0x65, 0x00, 0x61, 0x00, 0x73, 0x00, 0x65, 0x00, 0x42, 0x00, 0x61, 0x00,
+  0x73, 0x00, 0x65, 0x00, 0x50, 0x00, 0x72, 0x00, 0x69, 0x00, 0x6f, 0x00,
+  0x72, 0x00, 0x69, 0x00, 0x74, 0x00, 0x79, 0x00, 0x50, 0x00, 0x72, 0x00,
+  0x69, 0x00, 0x76, 0x00, 0x69, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x67, 0x00,
+  0x65, 0x00, 0x00, 0x00, 0x1a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x19, 0x00, 0x00, 0x00, 0x53, 0x00, 0x65, 0x00, 0x43, 0x00, 0x72, 0x00,
+  0x65, 0x00, 0x61, 0x00, 0x74, 0x00, 0x65, 0x00, 0x50, 0x00, 0x61, 0x00,
+  0x67, 0x00, 0x65, 0x00, 0x66, 0x00, 0x69, 0x00, 0x6c, 0x00, 0x65, 0x00,
+  0x50, 0x00, 0x72, 0x00, 0x69, 0x00, 0x76, 0x00, 0x69, 0x00, 0x6c, 0x00,
+  0x65, 0x00, 0x67, 0x00, 0x65, 0x00, 0x00, 0x00, 0x1b, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x1a, 0x00, 0x00, 0x00, 0x53, 0x00, 0x65, 0x00,
+  0x43, 0x00, 0x72, 0x00, 0x65, 0x00, 0x61, 0x00, 0x74, 0x00, 0x65, 0x00,
+  0x50, 0x00, 0x65, 0x00, 0x72, 0x00, 0x6d, 0x00, 0x61, 0x00, 0x6e, 0x00,
+  0x65, 0x00, 0x6e, 0x00, 0x74, 0x00, 0x50, 0x00, 0x72, 0x00, 0x69, 0x00,
+  0x76, 0x00, 0x69, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x67, 0x00, 0x65, 0x00,
+  0x12, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x11, 0x00, 0x00, 0x00,
+  0x53, 0x00, 0x65, 0x00, 0x42, 0x00, 0x61, 0x00, 0x63, 0x00, 0x6b, 0x00,
+  0x75, 0x00, 0x70, 0x00, 0x50, 0x00, 0x72, 0x00, 0x69, 0x00, 0x76, 0x00,
+  0x69, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x67, 0x00, 0x65, 0x00, 0x00, 0x00,
+  0x13, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x00, 0x00, 0x00,
+  0x53, 0x00, 0x65, 0x00, 0x52, 0x00, 0x65, 0x00, 0x73, 0x00, 0x74, 0x00,
+  0x6f, 0x00, 0x72, 0x00, 0x65, 0x00, 0x50, 0x00, 0x72, 0x00, 0x69, 0x00,
+  0x76, 0x00, 0x69, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x67, 0x00, 0x65, 0x00,
+  0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, 0x00, 0x00, 0x00,
+  0x53, 0x00, 0x65, 0x00, 0x53, 0x00, 0x68, 0x00, 0x75, 0x00, 0x74, 0x00,
+  0x64, 0x00, 0x6f, 0x00, 0x77, 0x00, 0x6e, 0x00, 0x50, 0x00, 0x72, 0x00,
+  0x69, 0x00, 0x76, 0x00, 0x69, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x67, 0x00,
+  0x65, 0x00, 0x00, 0x00, 0x11, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x10, 0x00, 0x00, 0x00, 0x53, 0x00, 0x65, 0x00, 0x44, 0x00, 0x65, 0x00,
+  0x62, 0x00, 0x75, 0x00, 0x67, 0x00, 0x50, 0x00, 0x72, 0x00, 0x69, 0x00,
+  0x76, 0x00, 0x69, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x67, 0x00, 0x65, 0x00,
+  0x11, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
+  0x53, 0x00, 0x65, 0x00, 0x41, 0x00, 0x75, 0x00, 0x64, 0x00, 0x69, 0x00,
+  0x74, 0x00, 0x50, 0x00, 0x72, 0x00, 0x69, 0x00, 0x76, 0x00, 0x69, 0x00,
+  0x6c, 0x00, 0x65, 0x00, 0x67, 0x00, 0x65, 0x00, 0x1d, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x00, 0x00, 0x53, 0x00, 0x65, 0x00,
+  0x53, 0x00, 0x79, 0x00, 0x73, 0x00, 0x74, 0x00, 0x65, 0x00, 0x6d, 0x00,
+  0x45, 0x00, 0x6e, 0x00, 0x76, 0x00, 0x69, 0x00, 0x72, 0x00, 0x6f, 0x00,
+  0x6e, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x6e, 0x00, 0x74, 0x00, 0x50, 0x00,
+  0x72, 0x00, 0x69, 0x00, 0x76, 0x00, 0x69, 0x00, 0x6c, 0x00, 0x65, 0x00,
+  0x67, 0x00, 0x65, 0x00, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x17, 0x00, 0x00, 0x00, 0x53, 0x00, 0x65, 0x00, 0x43, 0x00, 0x68, 0x00,
+  0x61, 0x00, 0x6e, 0x00, 0x67, 0x00, 0x65, 0x00, 0x4e, 0x00, 0x6f, 0x00,
+  0x74, 0x00, 0x69, 0x00, 0x66, 0x00, 0x79, 0x00, 0x50, 0x00, 0x72, 0x00,
+  0x69, 0x00, 0x76, 0x00, 0x69, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x67, 0x00,
+  0x65, 0x00, 0x00, 0x00, 0x1a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x19, 0x00, 0x00, 0x00, 0x53, 0x00, 0x65, 0x00, 0x52, 0x00, 0x65, 0x00,
+  0x6d, 0x00, 0x6f, 0x00, 0x74, 0x00, 0x65, 0x00, 0x53, 0x00, 0x68, 0x00,
+  0x75, 0x00, 0x74, 0x00, 0x64, 0x00, 0x6f, 0x00, 0x77, 0x00, 0x6e, 0x00,
+  0x50, 0x00, 0x72, 0x00, 0x69, 0x00, 0x76, 0x00, 0x69, 0x00, 0x6c, 0x00,
+  0x65, 0x00, 0x67, 0x00, 0x65, 0x00, 0x00, 0x00, 0x12, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x11, 0x00, 0x00, 0x00, 0x53, 0x00, 0x65, 0x00,
+  0x55, 0x00, 0x6e, 0x00, 0x64, 0x00, 0x6f, 0x00, 0x63, 0x00, 0x6b, 0x00,
+  0x50, 0x00, 0x72, 0x00, 0x69, 0x00, 0x76, 0x00, 0x69, 0x00, 0x6c, 0x00,
+  0x65, 0x00, 0x67, 0x00, 0x65, 0x00, 0x00, 0x00, 0x15, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00, 0x53, 0x00, 0x65, 0x00,
+  0x53, 0x00, 0x79, 0x00, 0x6e, 0x00, 0x63, 0x00, 0x41, 0x00, 0x67, 0x00,
+  0x65, 0x00, 0x6e, 0x00, 0x74, 0x00, 0x50, 0x00, 0x72, 0x00, 0x69, 0x00,
+  0x76, 0x00, 0x69, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x67, 0x00, 0x65, 0x00,
+  0x1c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1b, 0x00, 0x00, 0x00,
+  0x53, 0x00, 0x65, 0x00, 0x45, 0x00, 0x6e, 0x00, 0x61, 0x00, 0x62, 0x00,
+  0x6c, 0x00, 0x65, 0x00, 0x44, 0x00, 0x65, 0x00, 0x6c, 0x00, 0x65, 0x00,
+  0x67, 0x00, 0x61, 0x00, 0x74, 0x00, 0x69, 0x00, 0x6f, 0x00, 0x6e, 0x00,
+  0x50, 0x00, 0x72, 0x00, 0x69, 0x00, 0x76, 0x00, 0x69, 0x00, 0x6c, 0x00,
+  0x65, 0x00, 0x67, 0x00, 0x65, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x53, 0x00, 0x65, 0x00,
+  0x4d, 0x00, 0x61, 0x00, 0x6e, 0x00, 0x61, 0x00, 0x67, 0x00, 0x65, 0x00,
+  0x56, 0x00, 0x6f, 0x00, 0x6c, 0x00, 0x75, 0x00, 0x6d, 0x00, 0x65, 0x00,
+  0x50, 0x00, 0x72, 0x00, 0x69, 0x00, 0x76, 0x00, 0x69, 0x00, 0x6c, 0x00,
+  0x65, 0x00, 0x67, 0x00, 0x65, 0x00, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x16, 0x00, 0x00, 0x00, 0x53, 0x00, 0x65, 0x00,
+  0x49, 0x00, 0x6d, 0x00, 0x70, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00,
+  0x6f, 0x00, 0x6e, 0x00, 0x61, 0x00, 0x74, 0x00, 0x65, 0x00, 0x50, 0x00,
+  0x72, 0x00, 0x69, 0x00, 0x76, 0x00, 0x69, 0x00, 0x6c, 0x00, 0x65, 0x00,
+  0x67, 0x00, 0x65, 0x00, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x17, 0x00, 0x00, 0x00, 0x53, 0x00, 0x65, 0x00, 0x43, 0x00, 0x72, 0x00,
+  0x65, 0x00, 0x61, 0x00, 0x74, 0x00, 0x65, 0x00, 0x47, 0x00, 0x6c, 0x00,
+  0x6f, 0x00, 0x62, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x50, 0x00, 0x72, 0x00,
+  0x69, 0x00, 0x76, 0x00, 0x69, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x67, 0x00,
+  0x65, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool lsarenumerateprivileges_out_check(struct torture_context *tctx,
+											 struct lsa_EnumPrivs *r)
+{
+	torture_assert(tctx, r->out.resume_handle != NULL, "resume handle ptr");
+	torture_assert_int_equal(tctx, *r->out.resume_handle, 29, "resume handle");
+	torture_assert_str_equal(tctx, r->out.privs->privs[0].name.string, "SeCreateTokenPrivilege", "name");
+	torture_assert_str_equal(tctx, r->out.privs->privs[1].name.string, "SeAssignPrimaryTokenPrivilege", "name");
+	torture_assert_ntstatus_ok(tctx, r->out.result, "return code");
+	return true;
+}
+
+static const uint8_t lsarsetforesttrustsinformation_in_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x42, 0x3e, 0xd4, 0x20, 0x20, 0xe8, 0xa1, 0x43,
+  0x96, 0x67, 0x8c, 0xd1, 0xb9, 0x48, 0xa0, 0x3d, 0x0e, 0x00, 0x10, 0x00,
+  0x00, 0x00, 0x02, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x07, 0x00, 0x00, 0x00, 0x66, 0x00, 0x31, 0x00, 0x2e, 0x00, 0x74, 0x00,
+  0x65, 0x00, 0x73, 0x00, 0x74, 0x00, 0x02, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x02, 0x00, 0x02, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00,
+  0x10, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x10, 0x00, 0x0c, 0x00, 0x02, 0x00,
+  0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
+  0x66, 0x00, 0x31, 0x00, 0x2e, 0x00, 0x74, 0x00, 0x65, 0x00, 0x73, 0x00,
+  0x74, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x14, 0x00, 0x02, 0x00, 0x0e, 0x00, 0x10, 0x00, 0x18, 0x00, 0x02, 0x00,
+  0x04, 0x00, 0x06, 0x00, 0x1c, 0x00, 0x02, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00,
+  0x60, 0xcc, 0x85, 0x53, 0x92, 0x64, 0x11, 0x5e, 0x37, 0xa1, 0x11, 0x65,
+  0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
+  0x66, 0x00, 0x31, 0x00, 0x2e, 0x00, 0x74, 0x00, 0x65, 0x00, 0x73, 0x00,
+  0x74, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x46, 0x00, 0x31, 0x00, 0x01
+};
+
+static bool lsarsetforesttrustsinformation_in_check(struct torture_context *tctx,
+                                                    struct lsa_lsaRSetForestTrustInformation *r)
+{
+	/* FIXME: Handle */
+	torture_assert_str_equal(tctx, r->in.trusted_domain_name->string, "f1.test", "trusted domain name");
+	torture_assert_int_equal(tctx, r->in.highest_record_type, 2, "highest record type");
+	torture_assert(tctx, r->in.forest_trust_info != NULL, "forest trust info");
+	torture_assert_int_equal(tctx, r->in.forest_trust_info->count, 2, "number of forest trust records");
+	torture_assert_int_equal(tctx, r->in.forest_trust_info->entries[0]->flags, 0, "first entry flags");
+	torture_assert_int_equal(tctx, r->in.forest_trust_info->entries[0]->type, 0, "first entry type");
+	torture_assert_int_equal(tctx, r->in.forest_trust_info->entries[0]->time, 0, "first entry time");
+	torture_assert_str_equal(tctx, r->in.forest_trust_info->entries[0]->forest_trust_data.top_level_name.string, "f1.test", "first entry data");
+	torture_assert_int_equal(tctx, r->in.forest_trust_info->entries[1]->flags, 0, "second entry flags");
+	torture_assert_int_equal(tctx, r->in.forest_trust_info->entries[1]->type, 2, "second entry type");
+	torture_assert_int_equal(tctx, r->in.forest_trust_info->entries[1]->time, 0, "second entry time");
+	torture_assert_str_equal(tctx, r->in.forest_trust_info->entries[1]->forest_trust_data.domain_info.dns_domain_name.string, "f1.test", "second entry data");
+	torture_assert_str_equal(tctx, r->in.forest_trust_info->entries[1]->forest_trust_data.domain_info.netbios_domain_name.string, "F1", "second entry data");
+	torture_assert_int_equal(tctx, r->in.check_only, 1, "check only");
+
+	torture_assert_ntstatus_ok(tctx, r->out.result, "return code");
+
+	return true;
+}
+
+static const uint8_t lsasettrusteddomaininfobyname_in_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0xe2, 0xbe, 0xb5, 0xfe, 0x4a, 0xe2, 0x25, 0x43,
+  0xaf, 0x37, 0x14, 0x77, 0xa5, 0xd6, 0xd9, 0x31, 0x0e, 0x00, 0x10, 0x00,
+  0x00, 0x00, 0x02, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x07, 0x00, 0x00, 0x00, 0x66, 0x00, 0x31, 0x00, 0x2e, 0x00, 0x74, 0x00,
+  0x65, 0x00, 0x73, 0x00, 0x74, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x00, 0x00,
+  0x0e, 0x00, 0x10, 0x00, 0x04, 0x00, 0x02, 0x00, 0x04, 0x00, 0x06, 0x00,
+  0x08, 0x00, 0x02, 0x00, 0x0c, 0x00, 0x02, 0x00, 0x03, 0x00, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x44, 0x02, 0x00, 0x00, 0x10, 0x00, 0x02, 0x00, 0x08, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x66, 0x00, 0x31, 0x00,
+  0x2e, 0x00, 0x74, 0x00, 0x65, 0x00, 0x73, 0x00, 0x74, 0x00, 0x00, 0x00,
+  0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x46, 0x00, 0x31, 0x00, 0x04, 0x00, 0x00, 0x00, 0x01, 0x04, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00, 0x60, 0xcc, 0x85, 0x53,
+  0x92, 0x64, 0x11, 0x5e, 0x37, 0xa1, 0x11, 0x65, 0x44, 0x02, 0x00, 0x00,
+  0x25, 0xf5, 0x9e, 0xfc, 0x2c, 0x36, 0x8e, 0x0d, 0xd8, 0x6b, 0x98, 0x14,
+  0xb6, 0x78, 0xcc, 0xca, 0xb2, 0xbd, 0xa0, 0x8d, 0x59, 0xd9, 0x51, 0x90,
+  0x14, 0x0e, 0x0c, 0x3f, 0xac, 0xed, 0x67, 0x98, 0xd9, 0x44, 0xe7, 0xec,
+  0x72, 0xd7, 0x83, 0xba, 0x12, 0x3e, 0xcb, 0x8a, 0xaa, 0x87, 0xdb, 0xf2,
+  0xf8, 0x35, 0x00, 0x9c, 0xc7, 0x76, 0x85, 0x8d, 0x04, 0x08, 0x4c, 0xa3,
+  0x05, 0x4b, 0x02, 0x85, 0xcd, 0x1c, 0x83, 0xd4, 0x1e, 0xcc, 0xd8, 0xa3,
+  0x32, 0x9e, 0xa5, 0x6f, 0xd8, 0x3d, 0xe2, 0xcd, 0xa1, 0x44, 0xf5, 0x03,
+  0x47, 0x79, 0x22, 0xf3, 0xb4, 0x14, 0x3d, 0x6c, 0xe3, 0x98, 0x91, 0x96,
+  0x89, 0x78, 0x26, 0xa1, 0x77, 0x78, 0x58, 0xa1, 0xba, 0x84, 0xb7, 0xb3,
+  0x7a, 0xad, 0xcf, 0x77, 0x5c, 0x92, 0x97, 0x3a, 0x19, 0x0f, 0xfa, 0x7d,
+  0x48, 0xa4, 0x11, 0x33, 0xdd, 0x51, 0xd6, 0x0c, 0x48, 0xd6, 0xd2, 0x59,
+  0x83, 0x4d, 0xf6, 0x8b, 0x6b, 0x4d, 0x6a, 0x0e, 0xcc, 0x15, 0xd6, 0x1a,
+  0x2f, 0x44, 0x61, 0x45, 0x8f, 0xa8, 0x1b, 0x3f, 0x2d, 0xbd, 0x3a, 0xdb,
+  0xe0, 0x74, 0x44, 0x27, 0x02, 0x85, 0x02, 0xb4, 0xf9, 0x7f, 0x81, 0xcb,
+  0x28, 0x27, 0x83, 0xfb, 0xa7, 0x92, 0x43, 0x70, 0x73, 0x2b, 0x89, 0xda,
+  0x03, 0x83, 0x48, 0x58, 0x04, 0xba, 0x1e, 0xe2, 0x84, 0xf3, 0xa2, 0xfa,
+  0x22, 0xe8, 0x5f, 0x41, 0xf3, 0xe6, 0x47, 0x92, 0x06, 0x61, 0x77, 0x31,
+  0x00, 0x1b, 0x9f, 0x9b, 0x8f, 0xfd, 0x1d, 0x9e, 0xcb, 0x09, 0xd7, 0xdc,
+  0x19, 0x94, 0xf4, 0x18, 0xfa, 0x96, 0x3e, 0xb3, 0xf0, 0x6b, 0x1c, 0x21,
+  0xe4, 0x52, 0xb3, 0x48, 0x19, 0x5d, 0x10, 0x8e, 0xf1, 0xb5, 0x8b, 0x72,
+  0x69, 0xdb, 0x60, 0x7b, 0x7c, 0xef, 0x5c, 0x16, 0x1b, 0x11, 0xf2, 0x97,
+  0x2e, 0xf4, 0xd1, 0xc5, 0x13, 0x52, 0xb4, 0xc7, 0xca, 0xf8, 0xc0, 0x46,
+  0x61, 0xdc, 0x9b, 0x8a, 0x5b, 0xcd, 0xf1, 0x1d, 0x7a, 0xc4, 0x0f, 0x02,
+  0x0c, 0x22, 0x4f, 0x42, 0x12, 0xbb, 0xa6, 0xe2, 0xbb, 0x92, 0xda, 0xdb,
+  0x12, 0xea, 0xe8, 0x61, 0xf2, 0xdd, 0x45, 0x3c, 0x35, 0x2c, 0x89, 0x92,
+  0x22, 0x35, 0xb0, 0x24, 0x5b, 0xa7, 0x54, 0x58, 0xe1, 0x8c, 0xf5, 0x36,
+  0x4d, 0x04, 0xdf, 0x25, 0x36, 0x48, 0x7b, 0x84, 0xc9, 0xb9, 0xc2, 0x2a,
+  0xc5, 0x62, 0x06, 0xcb, 0xa1, 0xf5, 0x26, 0x05, 0xb4, 0x20, 0xcc, 0x8b,
+  0xed, 0x2e, 0xa2, 0x4b, 0xa4, 0x85, 0x3e, 0x7f, 0x26, 0x25, 0x39, 0x69,
+  0x2f, 0x89, 0x47, 0x7e, 0xde, 0xc7, 0xa4, 0x12, 0x01, 0xc5, 0x98, 0x01,
+  0xf5, 0xae, 0x2e, 0x3e, 0xbd, 0xb7, 0x62, 0xaa, 0x57, 0x5d, 0xa0, 0x6f,
+  0xac, 0xc5, 0x4e, 0x09, 0xcc, 0x87, 0x8e, 0x76, 0x93, 0xf2, 0xc6, 0x08,
+  0x45, 0x88, 0x9f, 0x18, 0x9b, 0xeb, 0xa6, 0x1b, 0xf7, 0x64, 0x47, 0x73,
+  0x0c, 0xb2, 0xc7, 0xc5, 0xe5, 0x62, 0x56, 0x7f, 0x0a, 0xe4, 0x79, 0xaf,
+  0x7e, 0x71, 0xe6, 0x09, 0x22, 0x3d, 0x22, 0x10, 0x5c, 0x94, 0x71, 0x35,
+  0xfd, 0x28, 0x20, 0x79, 0x89, 0x47, 0x5c, 0x37, 0x41, 0xd1, 0xfe, 0xee,
+  0x2e, 0xd8, 0x41, 0x8e, 0x1c, 0x4d, 0x77, 0x09, 0x43, 0x6a, 0xee, 0x3c,
+  0x80, 0x9b, 0xb7, 0xe7, 0x4c, 0xe8, 0x38, 0xd1, 0x6b, 0xc0, 0x03, 0x4b,
+  0xbf, 0x8d, 0x19, 0x06, 0xad, 0x28, 0x22, 0xe7, 0x1a, 0x4e, 0x14, 0xa9,
+  0x90, 0xba, 0xc4, 0x13, 0x8c, 0xde, 0x30, 0xfc, 0xe2, 0xb8, 0x97, 0x90,
+  0x63, 0x3f, 0x30, 0xfc, 0xf5, 0x0d, 0xd2, 0xc2, 0xbe, 0xd2, 0xe3, 0x7f,
+  0x52, 0x4e, 0xc5, 0x91, 0x38, 0xfc, 0xa7, 0x0d, 0xec, 0xa5, 0x4f, 0xd5,
+  0x65, 0xb3, 0x51, 0x44, 0x21, 0x2a, 0x2e, 0x87, 0xe6, 0x91, 0x09, 0x8c,
+  0xa5, 0x89, 0x13, 0x69, 0x01, 0x28, 0xa8, 0x64, 0x4f, 0x87, 0x0d, 0x12,
+  0xe5, 0xeb, 0xce, 0xb9, 0xfa, 0xca, 0x10, 0x69, 0xa6, 0x95, 0x3b, 0x6d,
+  0x6e, 0xca, 0x9e, 0x75, 0x25, 0x1c, 0xfa, 0xd6, 0x68, 0x84, 0xe0, 0x1f,
+  0x35, 0x7e, 0x6e, 0xe8, 0xb7, 0x0a, 0x32, 0x9f, 0xc3, 0x31, 0x35, 0x84,
+  0xa6, 0xc7, 0x5a, 0xa2, 0x0c, 0x8c, 0x07, 0x6a, 0x66, 0xd8, 0x58, 0xb1,
+  0x4c, 0xb9, 0xbc, 0x46
+};
+
+static bool lsasettrusteddomaininfobyname_in_check(struct torture_context *tctx,
+                                                   struct lsa_SetTrustedDomainInfoByName *r)
+{
+	/* FIXME: Handle */
+	torture_assert_str_equal(tctx, r->in.trusted_domain->string, "f1.test", "trusted domain");
+	torture_assert_int_equal(tctx, r->in.level, LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL, "level");
+	torture_assert(tctx, r->in.info != NULL, "trust info");
+	torture_assert_str_equal(tctx, r->in.info->full_info_internal.info_ex.domain_name.string, "f1.test", "domain name");
+	torture_assert_str_equal(tctx, r->in.info->full_info_internal.info_ex.netbios_name.string, "F1", "netbios name");
+	torture_assert(tctx, r->in.info->full_info_internal.info_ex.sid != NULL, "domain sid ptr");
+	torture_assert_sid_equal(tctx, r->in.info->full_info_internal.info_ex.sid, dom_sid_parse_talloc(tctx, "S-1-5-21-1401277536-1578198162-1695654199"), "domain sid");
+	torture_assert_int_equal(tctx, r->in.info->full_info_internal.info_ex.trust_direction, 3, "trust direction");
+	torture_assert_int_equal(tctx, r->in.info->full_info_internal.info_ex.trust_type, LSA_TRUST_TYPE_UPLEVEL, "trust type");
+	torture_assert_int_equal(tctx, r->in.info->full_info_internal.info_ex.trust_attributes, 8, "trust attributes");
+	torture_assert_int_equal(tctx, r->in.info->full_info_internal.posix_offset.posix_offset, 0, "posix offset");
+	torture_assert_int_equal(tctx, r->in.info->full_info_internal.auth_info.auth_blob.size, 580, "auth blob size");
+
+	torture_assert_ntstatus_ok(tctx, r->out.result, "return code");
+
+	return true;
+}
+
+static const uint8_t lsa_lsaRQueryForestTrustInformation_in_data[] = {
+	0x00, 0x00, 0x00, 0x00, 0x40, 0xfd, 0xa1, 0xb8, 0x04, 0x3a, 0xa2, 0x46,
+	0xb1, 0x45, 0x5c, 0xaa, 0xf7, 0x54, 0x13, 0x9a, 0x16, 0x00, 0x16, 0x00,
+	0x00, 0x00, 0x02, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x0b, 0x00, 0x00, 0x00, 0x61, 0x00, 0x64, 0x00, 0x32, 0x00, 0x30, 0x00,
+	0x30, 0x00, 0x38, 0x00, 0x2e, 0x00, 0x74, 0x00, 0x65, 0x00, 0x73, 0x00,
+	0x74, 0x00, 0x02, 0x00
+};
+
+static bool lsa_lsaRQueryForestTrustInformation_in_check(struct torture_context *tctx,
+							 struct lsa_lsaRQueryForestTrustInformation *r)
+{
+	return true;
+}
+
+static const uint8_t lsa_lsaRQueryForestTrustInformation_out_data[] = {
+	0x00, 0x00, 0x02, 0x00, 0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x02, 0x00,
+	0x02, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, 0x10, 0x00, 0x02, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xbe, 0xd1, 0x06, 0xc6,
+	0xb9, 0xba, 0xcf, 0x01, 0x00, 0x00, 0x00, 0x00, 0x16, 0x00, 0x18, 0x00,
+	0x0c, 0x00, 0x02, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x0b, 0x00, 0x00, 0x00, 0x61, 0x00, 0x64, 0x00, 0x32, 0x00, 0x30, 0x00,
+	0x30, 0x00, 0x38, 0x00, 0x2e, 0x00, 0x74, 0x00, 0x65, 0x00, 0x73, 0x00,
+	0x74, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+	0xbe, 0xd1, 0x06, 0xc6, 0xb9, 0xba, 0xcf, 0x01, 0x02, 0x00, 0x00, 0x00,
+	0x14, 0x00, 0x02, 0x00, 0x16, 0x00, 0x18, 0x00, 0x18, 0x00, 0x02, 0x00,
+	0x0c, 0x00, 0x0e, 0x00, 0x1c, 0x00, 0x02, 0x00, 0x04, 0x00, 0x00, 0x00,
+	0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00,
+	0x51, 0xd1, 0xbb, 0x42, 0xa8, 0x23, 0x83, 0xb1, 0x31, 0x59, 0xf1, 0x8d,
+	0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00,
+	0x61, 0x00, 0x64, 0x00, 0x32, 0x00, 0x30, 0x00, 0x30, 0x00, 0x38, 0x00,
+	0x2e, 0x00, 0x74, 0x00, 0x65, 0x00, 0x73, 0x00, 0x74, 0x00, 0x00, 0x00,
+	0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00,
+	0x41, 0x00, 0x44, 0x00, 0x32, 0x00, 0x30, 0x00, 0x30, 0x00, 0x38, 0x00,
+	0x00, 0x00, 0x00, 0x00
+};
+
+static bool lsa_lsaRQueryForestTrustInformation_out_check(struct torture_context *tctx,
+							  struct lsa_lsaRQueryForestTrustInformation *r)
+{
+	return true;
+}
+
+struct torture_suite *ndr_lsa_suite(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "lsa");
+
+	torture_suite_add_ndr_pull_fn_test(suite, lsa_OpenPolicy, lsaropenpolicy_in_data, NDR_IN, lsaropenpolicy_in_check);
+	torture_suite_add_ndr_pull_fn_test(suite, lsa_OpenPolicy, lsaropenpolicy_out_data, NDR_OUT, lsaropenpolicy_out_check);
+
+	torture_suite_add_ndr_pull_fn_test(suite, lsa_OpenPolicy2, lsaropenpolicy2_in_data, NDR_IN, lsaropenpolicy2_in_check);
+	torture_suite_add_ndr_pull_fn_test(suite, lsa_OpenPolicy2, lsaropenpolicy2_out_data, NDR_OUT, lsaropenpolicy2_out_check);
+
+	torture_suite_add_ndr_pull_fn_test(suite, lsa_LookupNames, lsarlookupnames_in_data, NDR_IN, lsarlookupnames_in_check);
+	torture_suite_add_ndr_pull_fn_test(suite, lsa_LookupNames, lsarlookupnames_out_data, NDR_OUT, lsarlookupnames_out_check); 
+
+	torture_suite_add_ndr_pull_fn_test(suite, lsa_LookupSids, lsarlookupsids_in_data, NDR_IN, lsarlookupsids_in_check);
+	torture_suite_add_ndr_pull_fn_test(suite, lsa_LookupSids, lsarlookupsids_out_data, NDR_OUT, lsarlookupsids_out_check);
+
+	torture_suite_add_ndr_pull_fn_test(suite, lsa_CreateAccount, lsarcreateaccount_in_data, NDR_IN, lsarcreateaccount_in_check);
+	torture_suite_add_ndr_pull_fn_test(suite, lsa_CreateAccount, lsarcreateaccount_out_data, NDR_OUT, lsarcreateaccount_out_check);
+
+	torture_suite_add_ndr_pull_fn_test(suite, lsa_Delete, lsardelete_in_data, NDR_IN, lsardelete_in_check);
+	torture_suite_add_ndr_pull_fn_test(suite, lsa_Delete, lsardelete_out_data, NDR_OUT, lsardelete_out_check); 
+
+	torture_suite_add_ndr_pull_fn_test(suite, lsa_CreateSecret, lsarcreatesecret_in_data, NDR_IN, lsarcreatesecret_in_check);
+	torture_suite_add_ndr_pull_fn_test(suite, lsa_CreateSecret, lsarcreatesecret_out_data, NDR_OUT, lsarcreatesecret_out_check);
+
+	torture_suite_add_ndr_pull_fn_test(suite, lsa_OpenSecret, lsaropensecret_in_data, NDR_IN, lsaropensecret_in_check);
+	torture_suite_add_ndr_pull_fn_test(suite, lsa_OpenSecret, lsaropensecret_out_data, NDR_OUT, lsaropensecret_out_check);
+
+	torture_suite_add_ndr_pull_fn_test(suite, lsa_SetSecret, lsarsetsecret_in_data, NDR_IN, lsarsetsecret_in_check);
+	torture_suite_add_ndr_pull_fn_test(suite, lsa_SetSecret, lsarsetsecret_out_data, NDR_OUT, lsarsetsecret_out_check);
+
+	torture_suite_add_ndr_pull_fn_test(suite, lsa_QuerySecret, lsarquerysecret_in_data, NDR_IN, lsarquerysecret_in_check);
+	torture_suite_add_ndr_pull_fn_test(suite, lsa_QuerySecret, lsarquerysecret_out_data, NDR_OUT, lsarquerysecret_out_check);
+
+	torture_suite_add_ndr_pull_fn_test(suite, lsa_CreateTrustedDomain, lsarcreatetrusteddomain_in_data, NDR_IN, lsarcreatetrusteddomain_in_check);
+	torture_suite_add_ndr_pull_fn_test(suite, lsa_CreateTrustedDomain, lsarcreatetrusteddomain_out_data, NDR_OUT, lsarcreatetrusteddomain_out_check);
+
+	torture_suite_add_ndr_pull_fn_test(suite, lsa_EnumAccounts, lsarenumerateaccounts_in_data, NDR_IN, lsarenumerateaccounts_in_check);
+	torture_suite_add_ndr_pull_fn_test(suite, lsa_EnumAccounts, lsarenumerateaccounts_out_data, NDR_OUT, lsarenumerateaccounts_out_check);
+
+	torture_suite_add_ndr_pull_fn_test(suite, lsa_LookupSids2, lsarlookupsids2_in_data, NDR_IN, lsarlookupsids2_in_check);
+	torture_suite_add_ndr_pull_fn_test(suite, lsa_LookupSids2, lsarlookupsids2_out_data, NDR_OUT, lsarlookupsids2_out_check);
+
+	torture_suite_add_ndr_pull_fn_test(suite, lsa_LookupNames2, lsarlookupnames2_in_data, NDR_IN, lsarlookupnames2_in_check);
+	torture_suite_add_ndr_pull_fn_test(suite, lsa_LookupNames2, lsarlookupnames2_out_data, NDR_OUT, lsarlookupnames2_out_check);
+
+	torture_suite_add_ndr_pull_fn_test(suite, lsa_LookupNames3, lsarlookupnames3_in_data, NDR_IN, lsarlookupnames3_in_check);
+	torture_suite_add_ndr_pull_fn_test(suite, lsa_LookupNames3, lsarlookupnames3_out_data, NDR_OUT, lsarlookupnames3_out_check);
+
+	torture_suite_add_ndr_pull_fn_test(suite, lsa_LookupSids3, lsarlookupsids3_in_data, NDR_IN, lsarlookupsids3_in_check);
+	/* torture_suite_add_ndr_pull_fn_test(suite, lsa_LookupSids3, lsarlookupsids3_out_data, NDR_OUT, lsarlookupsids3_out_check); */
+
+	torture_suite_add_ndr_pull_fn_test(suite, lsa_EnumPrivs, lsarenumerateprivileges_in_data, NDR_IN, lsarenumerateprivileges_in_check);
+	torture_suite_add_ndr_pull_fn_test(suite, lsa_EnumPrivs, lsarenumerateprivileges_out_data, NDR_OUT, lsarenumerateprivileges_out_check);
+
+	torture_suite_add_ndr_pull_fn_test(suite, lsa_lsaRSetForestTrustInformation, lsarsetforesttrustsinformation_in_data, NDR_IN, lsarsetforesttrustsinformation_in_check);
+
+	torture_suite_add_ndr_pull_fn_test(suite, lsa_SetTrustedDomainInfoByName, lsasettrusteddomaininfobyname_in_data, NDR_IN, lsasettrusteddomaininfobyname_in_check);
+
+	torture_suite_add_ndr_pull_fn_test(suite, lsa_lsaRQueryForestTrustInformation, lsa_lsaRQueryForestTrustInformation_in_data, NDR_IN, lsa_lsaRQueryForestTrustInformation_in_check);
+	torture_suite_add_ndr_pull_fn_test(suite, lsa_lsaRQueryForestTrustInformation, lsa_lsaRQueryForestTrustInformation_out_data, NDR_OUT, lsa_lsaRQueryForestTrustInformation_out_check);
+
+	return suite;
+}
diff --git a/source4/torture/ndr/nbt.c b/source4/torture/ndr/nbt.c
new file mode 100644
index 0000000..ec5cb90
--- /dev/null
+++ b/source4/torture/ndr/nbt.c
@@ -0,0 +1,253 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for nbt ndr operations
+
+   Copyright (C) Guenther Deschner 2010-2012
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/ndr/ndr.h"
+#include "librpc/gen_ndr/ndr_nbt.h"
+#include "torture/ndr/proto.h"
+
+static const uint8_t netlogon_logon_request_req_data[] = {
+	0x00, 0x00, 0x57, 0x49, 0x4e, 0x39, 0x38, 0x00, 0x47, 0x44, 0x00, 0x5c,
+	0x4d, 0x41, 0x49, 0x4c, 0x53, 0x4c, 0x4f, 0x54, 0x5c, 0x54, 0x45, 0x4d,
+	0x50, 0x5c, 0x4e, 0x45, 0x54, 0x4c, 0x4f, 0x47, 0x4f, 0x4e, 0x00, 0x01,
+	0x01, 0x00, 0xff, 0xff
+};
+
+static bool netlogon_logon_request_req_check(struct torture_context *tctx,
+					     struct nbt_netlogon_packet *r)
+{
+	torture_assert_int_equal(tctx, r->command, LOGON_REQUEST, "command");
+	torture_assert_str_equal(tctx, r->req.logon0.computer_name, "WIN98", "computer name");
+	torture_assert_str_equal(tctx, r->req.logon0.user_name, "GD", "user_name");
+	torture_assert_str_equal(tctx, r->req.logon0.mailslot_name, "\\MAILSLOT\\TEMP\\NETLOGON", "mailslot_name");
+	torture_assert_int_equal(tctx, r->req.logon0.request_count, 1, "request_count");
+	torture_assert_int_equal(tctx, r->req.logon0.lmnt_token, 1, "lmnt_token");
+	torture_assert_int_equal(tctx, r->req.logon0.lm20_token, 0xffff, "lm20_token");
+
+	return true;
+}
+
+static const uint8_t netlogon_logon_request_resp_data[] = {
+	0x06, 0x00, 0x5c, 0x5c, 0x4d, 0x54, 0x48, 0x45, 0x4c, 0x45, 0x4e, 0x41,
+	0x00, 0xff, 0xff
+};
+
+static bool netlogon_logon_request_resp_check(struct torture_context *tctx,
+					      struct nbt_netlogon_response2 *r)
+{
+	torture_assert_int_equal(tctx, r->command, LOGON_RESPONSE2, "command");
+	torture_assert_str_equal(tctx, r->pdc_name, "\\\\MTHELENA", "pdc_name");
+	torture_assert_int_equal(tctx, r->lm20_token, 0xffff, "lm20_token");
+
+	return true;
+}
+
+static const uint8_t netlogon_samlogon_response_data[] = {
+/*	0x04, 0x74, 0x17, 0x00, 0x00, 0x00, 0xfd, 0x33, 0x00, 0x00, 0x03, 0x13, */
+	            0x17, 0x00, 0x00, 0x00, 0xfd, 0x33, 0x00, 0x00, 0x03, 0x13,
+	0x44, 0xcd, 0x1c, 0x00, 0x4c, 0x46, 0xa6, 0x21, 0xe9, 0xd6, 0xb9, 0xb1,
+	0x2f, 0xe9, 0x07, 0x77, 0x32, 0x6b, 0x38, 0x64, 0x6f, 0x6d, 0x03, 0x62,
+	0x65, 0x72, 0x06, 0x72, 0x65, 0x64, 0x68, 0x61, 0x74, 0x03, 0x63, 0x6f,
+	0x6d, 0x00, 0xc0, 0x18, 0x08, 0x67, 0x64, 0x77, 0x32, 0x6b, 0x38, 0x72,
+	0x32, 0xc0, 0x18, 0x07, 0x57, 0x32, 0x4b, 0x38, 0x44, 0x4f, 0x4d, 0x00,
+	0x08, 0x47, 0x44, 0x57, 0x32, 0x4b, 0x38, 0x52, 0x32, 0x00, 0x00, 0x17,
+	0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x2d, 0x46, 0x69, 0x72, 0x73,
+	0x74, 0x2d, 0x53, 0x69, 0x74, 0x65, 0x2d, 0x4e, 0x61, 0x6d, 0x65, 0x00,
+	0xc0, 0x51, 0x05, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
+};
+
+static bool netlogon_samlogon_response_check(struct torture_context *tctx,
+					     struct netlogon_samlogon_response *r)
+{
+	struct GUID guid;
+	torture_assert_ntstatus_ok(tctx, GUID_from_string("cd441303-001c-464c-a621-e9d6b9b12fe9", &guid), "");
+
+	torture_assert_int_equal(tctx, r->ntver, 5, "ntver");
+	torture_assert_int_equal(tctx, r->data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX, "command");
+	torture_assert_int_equal(tctx, r->data.nt5_ex.sbz, 0, "sbz");
+	torture_assert_int_equal(tctx, r->data.nt5_ex.server_type, 0x000033fd, "server_type");
+	torture_assert_guid_equal(tctx, r->data.nt5_ex.domain_uuid, guid, "domain_uuid");
+	torture_assert_str_equal(tctx, r->data.nt5_ex.forest, "w2k8dom.ber.redhat.com", "forest");
+	torture_assert_str_equal(tctx, r->data.nt5_ex.dns_domain, "w2k8dom.ber.redhat.com", "dns_domain");
+	torture_assert_str_equal(tctx, r->data.nt5_ex.pdc_dns_name, "gdw2k8r2.w2k8dom.ber.redhat.com", "pdc_dns_name");
+	torture_assert_str_equal(tctx, r->data.nt5_ex.domain_name, "W2K8DOM", "domain_name");
+	torture_assert_str_equal(tctx, r->data.nt5_ex.pdc_name, "GDW2K8R2", "pdc_name");
+	torture_assert_str_equal(tctx, r->data.nt5_ex.user_name, "", "user_name");
+	torture_assert_str_equal(tctx, r->data.nt5_ex.server_site, "Default-First-Site-Name", "server_site");
+	torture_assert_str_equal(tctx, r->data.nt5_ex.client_site, "Default-First-Site-Name", "client_site");
+	torture_assert_int_equal(tctx, r->data.nt5_ex.sockaddr_size, 0, "sockaddr_size");
+	/* sockaddr: struct nbt_sockaddr
+	 *             sockaddr_family          : 0x00000000 (0)
+	 *             pdc_ip                   : (null)
+	 *             remaining                : DATA_BLOB length=0 */
+	torture_assert_int_equal(tctx, r->data.nt5_ex.nt_version, 5, "nt_version");
+	/* next_closest_site NULL */
+	torture_assert_int_equal(tctx, r->data.nt5_ex.lmnt_token, 0xffff, "lmnt_token");
+	torture_assert_int_equal(tctx, r->data.nt5_ex.lm20_token, 0xffff, "lm20_token");
+
+	return true;
+}
+
+static const uint8_t nbt_netlogon_packet_data[] = {
+	0x12, 0x00, 0x00, 0x00, 0x4c, 0x00, 0x45, 0x00, 0x4e, 0x00, 0x4e, 0x00,
+	0x59, 0x00, 0x00, 0x00, 0x4c, 0x00, 0x45, 0x00, 0x4e, 0x00, 0x4e, 0x00,
+	0x59, 0x00, 0x24, 0x00, 0x00, 0x00, 0x5c, 0x4d, 0x41, 0x49, 0x4c, 0x53,
+	0x4c, 0x4f, 0x54, 0x5c, 0x4e, 0x45, 0x54, 0x5c, 0x47, 0x45, 0x54, 0x44,
+	0x43, 0x35, 0x32, 0x45, 0x41, 0x41, 0x38, 0x43, 0x30, 0x00, 0x80, 0x00,
+	0x00, 0x00, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x04, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00, 0x9c, 0x4e, 0x59, 0xff,
+	0xe1, 0xa0, 0x39, 0xac, 0x29, 0xa6, 0xe2, 0xda, 0x01, 0x00, 0x00, 0x00,
+	0xff, 0xff, 0xff, 0xff
+};
+
+static bool nbt_netlogon_packet_check(struct torture_context *tctx,
+				      struct nbt_netlogon_packet *r)
+{
+	torture_assert_int_equal(tctx, r->command, LOGON_SAM_LOGON_REQUEST, "command");
+	torture_assert_int_equal(tctx, r->req.logon.request_count, 0, "request_count");
+	torture_assert_str_equal(tctx, r->req.logon.computer_name, "LENNY", "computer_name");
+	torture_assert_str_equal(tctx, r->req.logon.user_name, "LENNY$", "user_name");
+	torture_assert_str_equal(tctx, r->req.logon.mailslot_name, "\\MAILSLOT\\NET\\GETDC52EAA8C0", "mailslot_name");
+	torture_assert_int_equal(tctx, r->req.logon.acct_control, 0x00000080, "acct_control");
+	torture_assert_int_equal(tctx, r->req.logon.sid_size, 24, "sid_size");
+	torture_assert_int_equal(tctx, r->req.logon._pad.length, 2, "_pad.length");
+	torture_assert_sid_equal(tctx, &r->req.logon.sid, dom_sid_parse_talloc(tctx, "S-1-5-21-4284042908-2889457889-3672286761"), "sid");
+	torture_assert_int_equal(tctx, r->req.logon.nt_version, NETLOGON_NT_VERSION_1, "nt_version");
+	torture_assert_int_equal(tctx, r->req.logon.lmnt_token, 0xffff, "lmnt_token");
+	torture_assert_int_equal(tctx, r->req.logon.lm20_token, 0xffff, "lm20_token");
+
+	return true;
+}
+
+static const uint8_t nbt_netlogon_packet_logon_primary_query_data[] = {
+	0x07, 0x00, 0x58, 0x50, 0x44, 0x41, 0x54, 0x45, 0x56, 0x2d, 0x50, 0x52,
+	0x4f, 0x00, 0x5c, 0x4d, 0x41, 0x49, 0x4c, 0x53, 0x4c, 0x4f, 0x54, 0x5c,
+	0x4e, 0x45, 0x54, 0x5c, 0x47, 0x45, 0x54, 0x44, 0x43, 0x38, 0x31, 0x37,
+	0x00, 0x00, 0x58, 0x00, 0x50, 0x00, 0x44, 0x00, 0x41, 0x00, 0x54, 0x00,
+	0x45, 0x00, 0x56, 0x00, 0x2d, 0x00, 0x50, 0x00, 0x52, 0x00, 0x4f, 0x00,
+	0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff
+};
+
+static bool nbt_netlogon_packet_logon_primary_query_check(struct torture_context *tctx,
+							  struct nbt_netlogon_packet *r)
+{
+	torture_assert_int_equal(tctx, r->command, LOGON_PRIMARY_QUERY, "command");
+	torture_assert_str_equal(tctx, r->req.pdc.computer_name, "XPDATEV-PRO", "computer_name");
+	torture_assert_str_equal(tctx, r->req.pdc.mailslot_name, "\\MAILSLOT\\NET\\GETDC817", "mailslot_name");
+	torture_assert_int_equal(tctx, r->req.pdc._pad.length, 1, "_pad.length");
+	torture_assert_int_equal(tctx, r->req.pdc._pad.data[0], 0, "_pad.data");
+	torture_assert_str_equal(tctx, r->req.pdc.unicode_name, "XPDATEV-PRO", "unicode_name");
+	torture_assert_int_equal(tctx, r->req.pdc.nt_version, 0x0000000b, "nt_version");
+	torture_assert_int_equal(tctx, r->req.pdc.lmnt_token, 0xffff, "lmnt_token");
+	torture_assert_int_equal(tctx, r->req.pdc.lm20_token, 0xffff, "lm20_token");
+
+	return true;
+}
+
+static const uint8_t netlogon_samlogon_response_data2[] = {
+/*	0x04, 0x77, 0x17, 0x00, 0x00, 0x00, 0xfd, 0x33, 0x00, 0x00, 0x55, 0xaf,*/
+	            0x17, 0x00, 0x00, 0x00, 0xfd, 0x33, 0x00, 0x00, 0x55, 0xaf,
+	0x8d, 0x13, 0x8c, 0x91, 0x70, 0x41, 0x9d, 0x46, 0xd4, 0xd5, 0x04, 0x90,
+	0xaa, 0x13, 0x03, 0x62, 0x6c, 0x61, 0x04, 0x62, 0x61, 0x73, 0x65, 0x00,
+	0xc0, 0x18, 0x0a, 0x57, 0x32, 0x4b, 0x38, 0x52, 0x32, 0x2d, 0x32, 0x31,
+	0x39, 0xc0, 0x18, 0x03, 0x42, 0x4c, 0x41, 0x00, 0x0a, 0x57, 0x32, 0x4b,
+	0x38, 0x52, 0x32, 0x2d, 0x32, 0x31, 0x39, 0x00, 0x0a, 0x77, 0x32, 0x30,
+	0x31, 0x32, 0x72, 0x32, 0x2d, 0x6c, 0x36, 0x05, 0x62, 0x61, 0x73, 0x65,
+	0x2e, 0x00, 0x17, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x2d, 0x46,
+	0x69, 0x72, 0x73, 0x74, 0x2d, 0x53, 0x69, 0x74, 0x65, 0x2d, 0x4e, 0x61,
+	0x6d, 0x65, 0x00, 0xc0, 0x54, 0x05, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff,
+	0xff
+};
+
+static bool netlogon_samlogon_response_check2(struct torture_context *tctx,
+					      struct netlogon_samlogon_response *r)
+{
+	struct GUID guid;
+	torture_assert_ntstatus_ok(tctx, GUID_from_string("138daf55-918c-4170-9d46-d4d50490aa13", &guid), "");
+
+	torture_assert_int_equal(tctx, r->ntver, 5, "ntver");
+	torture_assert_int_equal(tctx, r->data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX, "command");
+	torture_assert_int_equal(tctx, r->data.nt5_ex.sbz, 0, "sbz");
+	torture_assert_int_equal(tctx, r->data.nt5_ex.server_type, 0x000033fd, "server_type");
+	torture_assert_guid_equal(tctx, r->data.nt5_ex.domain_uuid, guid, "domain_uuid");
+	torture_assert_str_equal(tctx, r->data.nt5_ex.forest, "bla.base", "forest");
+	torture_assert_str_equal(tctx, r->data.nt5_ex.dns_domain, "bla.base", "dns_domain");
+	torture_assert_str_equal(tctx, r->data.nt5_ex.pdc_dns_name, "W2K8R2-219.bla.base", "pdc_dns_name");
+	torture_assert_str_equal(tctx, r->data.nt5_ex.domain_name, "BLA", "domain_name");
+	torture_assert_str_equal(tctx, r->data.nt5_ex.pdc_name, "W2K8R2-219", "pdc_name");
+	torture_assert_str_equal(tctx, r->data.nt5_ex.user_name, "w2012r2-l6.base.", "user_name");
+	torture_assert_str_equal(tctx, r->data.nt5_ex.server_site, "Default-First-Site-Name", "server_site");
+	torture_assert_str_equal(tctx, r->data.nt5_ex.client_site, "Default-First-Site-Name", "client_site");
+	torture_assert_int_equal(tctx, r->data.nt5_ex.sockaddr_size, 0, "sockaddr_size");
+	/*
+	 * sockaddr: struct nbt_sockaddr
+	 *             sockaddr_family          : 0x00000000 (0)
+	 *             pdc_ip                   : (null)
+	 *             remaining                : DATA_BLOB length=0
+	 */
+	torture_assert_int_equal(tctx, r->data.nt5_ex.nt_version, 5, "nt_version");
+	/* next_closest_site NULL */
+	torture_assert_int_equal(tctx, r->data.nt5_ex.lmnt_token, 0xffff, "lmnt_token");
+	torture_assert_int_equal(tctx, r->data.nt5_ex.lm20_token, 0xffff, "lm20_token");
+
+	return true;
+}
+
+
+struct torture_suite *ndr_nbt_suite(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "nbt");
+
+	torture_suite_add_ndr_pull_test(suite, nbt_netlogon_packet, netlogon_logon_request_req_data, netlogon_logon_request_req_check);
+
+	torture_suite_add_ndr_pull_test(suite,
+					nbt_netlogon_packet,
+					nbt_netlogon_packet_logon_primary_query_data,
+					nbt_netlogon_packet_logon_primary_query_check);
+
+	torture_suite_add_ndr_pull_test(suite, nbt_netlogon_response2, netlogon_logon_request_resp_data, netlogon_logon_request_resp_check);
+
+	torture_suite_add_ndr_pull_test(suite,
+					netlogon_samlogon_response,
+					netlogon_samlogon_response_data,
+					netlogon_samlogon_response_check);
+
+	torture_suite_add_ndr_pull_validate_test(suite,
+					    netlogon_samlogon_response,
+					    netlogon_samlogon_response_data,
+					    netlogon_samlogon_response_check);
+
+	torture_suite_add_ndr_pull_validate_test(suite,
+					    nbt_netlogon_packet,
+					    nbt_netlogon_packet_data,
+					    nbt_netlogon_packet_check);
+
+	torture_suite_add_ndr_pull_validate_test(suite,
+					    nbt_netlogon_packet,
+					    nbt_netlogon_packet_logon_primary_query_data,
+					    nbt_netlogon_packet_logon_primary_query_check);
+
+	torture_suite_add_ndr_pull_validate_test(suite,
+					    netlogon_samlogon_response,
+					    netlogon_samlogon_response_data2,
+					    netlogon_samlogon_response_check2);
+
+	return suite;
+}
diff --git a/source4/torture/ndr/ndr.c b/source4/torture/ndr/ndr.c
new file mode 100644
index 0000000..0faef1a
--- /dev/null
+++ b/source4/torture/ndr/ndr.c
@@ -0,0 +1,831 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for winreg ndr operations
+
+   Copyright (C) Jelmer Vernooij 2007
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/ndr/ndr.h"
+#include "torture/ndr/proto.h"
+#include "../lib/util/dlinklist.h"
+#include "param/param.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+
+struct ndr_pull_test_data {
+	DATA_BLOB data;
+	DATA_BLOB data_context;
+	size_t struct_size;
+	ndr_pull_flags_fn_t pull_fn;
+	ndr_push_flags_fn_t push_fn;
+	ndr_print_fn_t print_fn;
+	ndr_print_function_t print_function;
+	ndr_flags_type ndr_flags;
+	libndr_flags flags;
+	enum ndr_err_code ndr_err;
+};
+
+static enum ndr_err_code torture_ndr_push_struct_blob_flags(DATA_BLOB *blob, TALLOC_CTX *mem_ctx, ndr_flags_type flags, libndr_flags ndr_flags, const void *p, ndr_push_flags_fn_t fn)
+{
+	struct ndr_push *ndr;
+	ndr = ndr_push_init_ctx(mem_ctx);
+	NDR_ERR_HAVE_NO_MEMORY(ndr);
+
+	ndr->flags |= ndr_flags;
+
+	NDR_CHECK(fn(ndr, flags, p));
+
+	*blob = ndr_push_blob(ndr);
+	talloc_steal(mem_ctx, blob->data);
+	talloc_free(ndr);
+
+	return NDR_ERR_SUCCESS;
+}
+
+static bool torture_ndrdump(struct torture_context *tctx,
+			    struct ndr_pull *ndr,
+			    const struct ndr_pull_test_data *data,
+			    ndr_flags_type flags,
+			    void *ds,
+			    const char *name)
+{
+	struct ndr_print *ndr_print;
+	const char *name_raw;
+	ndr_flags_type ndr_flags = data->ndr_flags | flags;
+
+	ndr_print = talloc_zero(tctx, struct ndr_print);
+	torture_assert(tctx, ndr_print, "out of memory");
+
+	if (DEBUGLEVEL >= 10) {
+		ndr_print->print = ndr_print_debug_helper;
+	} else {
+		ndr_print->print = ndr_print_string_helper;
+	}
+
+	ndr_print->depth = 1;
+
+	torture_assert(tctx, ndr_flags, "no flags have been set");
+
+	if (ndr_flags & (NDR_BUFFERS|NDR_SCALARS)) {
+		data->print_fn(ndr_print, name, ds);
+	} else {
+		data->print_function(ndr_print, name, ndr_flags, ds);
+	}
+
+	name_raw = talloc_asprintf(tctx, "%s (RAW DATA)", name);
+	torture_assert(tctx, name_raw, "out of memory");
+
+	ndr_print_DATA_BLOB(ndr_print, name_raw, data->data);
+
+	talloc_free(ndr_print);
+
+	return true;
+}
+
+static bool wrap_ndr_pullpush_test(struct torture_context *tctx,
+				   struct torture_tcase *tcase,
+				   struct torture_test *test)
+{
+	bool (*check_fn) (struct torture_context *ctx, void *data) = test->fn;
+	const struct ndr_pull_test_data *data = (const struct ndr_pull_test_data *)test->data;
+	struct ndr_pull *ndr = ndr_pull_init_blob(&(data->data), tctx);
+	void *ds = talloc_zero_size(ndr, data->struct_size);
+	bool ret = true;
+	uint32_t highest_ofs;
+
+	torture_assert(tctx, data, "out of memory");
+	torture_assert(tctx, ndr, "out of memory");
+	torture_assert(tctx, ds, "out of memory");
+
+	ndr->flags |= data->flags;
+
+	ndr->flags |= LIBNDR_FLAG_REF_ALLOC;
+
+	torture_assert_ndr_success(tctx, data->pull_fn(ndr, data->ndr_flags, ds),
+				   "pulling");
+
+	if (ndr->offset > ndr->relative_highest_offset) {
+		highest_ofs = ndr->offset;
+	} else {
+		highest_ofs = ndr->relative_highest_offset;
+	}
+
+	torture_assert(tctx, highest_ofs == ndr->data_size,
+				   talloc_asprintf(tctx,
+					   "%d unread bytes", ndr->data_size - highest_ofs));
+
+	if (check_fn != NULL) {
+		ret = check_fn(tctx, ds);
+	} else {
+		ret = true;
+	}
+
+	torture_ndrdump(tctx, ndr, data, data->ndr_flags, ds, "ds");
+
+	if (data->push_fn != NULL) {
+		DATA_BLOB outblob;
+		torture_assert_ndr_success(tctx, torture_ndr_push_struct_blob_flags(&outblob, ndr, data->ndr_flags, ndr->flags, ds, data->push_fn), "pushing");
+		torture_assert_data_blob_equal(tctx, outblob, data->data, "ndr push compare");
+	}
+
+	talloc_free(ndr);
+	return ret;
+}
+
+_PUBLIC_ struct torture_test *_torture_suite_add_ndr_pullpush_test(
+	struct torture_suite *suite,
+	const char *name,
+	ndr_pull_flags_fn_t pull_fn,
+	ndr_push_flags_fn_t push_fn,
+	ndr_print_fn_t print_fn,
+	ndr_print_function_t print_function,
+	const char *db_name,
+	DATA_BLOB db,
+	size_t struct_size,
+	ndr_flags_type ndr_flags,
+	libndr_flags flags,
+	const char *check_fn_name,
+	bool (*check_fn) (struct torture_context *ctx, void *data))
+{
+	struct torture_test *test;
+	struct torture_tcase *tcase;
+	struct ndr_pull_test_data *data;
+
+	tcase = torture_suite_add_tcase(suite, name);
+
+	test = talloc(tcase, struct torture_test);
+
+	test->name = talloc_strdup(test, check_fn_name);
+	test->description = talloc_asprintf(test, "db:%s",
+					    db_name);
+	test->run = wrap_ndr_pullpush_test;
+
+	data = talloc_zero(test, struct ndr_pull_test_data);
+	data->data = db;
+	data->ndr_flags = ndr_flags;
+	data->flags = flags;
+	data->struct_size = struct_size;
+	data->pull_fn = pull_fn;
+	data->push_fn = push_fn;
+	data->print_fn = print_fn;
+	data->print_function = print_function;
+
+	test->data = data;
+	test->fn = check_fn;
+	test->dangerous = false;
+
+	DLIST_ADD_END(tcase->tests, test);
+
+	return test;
+}
+
+
+static bool wrap_ndr_inout_pull_test(struct torture_context *tctx,
+				     struct torture_tcase *tcase,
+				     struct torture_test *test)
+{
+	bool (*check_fn) (struct torture_context *ctx, void *data) = test->fn;
+	const struct ndr_pull_test_data *data = (const struct ndr_pull_test_data *)test->data;
+	void *ds = talloc_zero_size(tctx, data->struct_size);
+	struct ndr_pull *ndr;
+	uint32_t highest_ofs;
+	bool ret = false;
+
+	torture_assert(tctx, data, "out of memory");
+	torture_assert(tctx, ds, "out of memory");
+
+	/* handle NDR_IN context */
+
+	ndr = ndr_pull_init_blob(&(data->data_context), tctx);
+	torture_assert(tctx, ndr, "ndr init failed");
+
+	ndr->flags |= data->flags;
+	ndr->flags |= LIBNDR_FLAG_REF_ALLOC;
+
+	torture_assert_ndr_success(tctx,
+		data->pull_fn(ndr, NDR_IN, ds),
+		"ndr pull of context failed");
+
+	if (ndr->offset > ndr->relative_highest_offset) {
+		highest_ofs = ndr->offset;
+	} else {
+		highest_ofs = ndr->relative_highest_offset;
+	}
+
+	torture_assert(tctx, highest_ofs == ndr->data_size,
+		talloc_asprintf(tctx, "%d unread bytes", ndr->data_size - highest_ofs));
+
+	torture_ndrdump(tctx, ndr, data, NDR_IN, ds, "ds");
+
+	talloc_free(ndr);
+
+	/* handle NDR_OUT */
+
+	ndr = ndr_pull_init_blob(&(data->data), tctx);
+	torture_assert(tctx, ndr, "ndr init failed");
+
+	ndr->flags |= data->flags;
+	ndr->flags |= LIBNDR_FLAG_REF_ALLOC;
+
+	torture_assert_ndr_success(tctx,
+		data->pull_fn(ndr, NDR_OUT, ds),
+		"ndr pull failed");
+
+	if (ndr->offset > ndr->relative_highest_offset) {
+		highest_ofs = ndr->offset;
+	} else {
+		highest_ofs = ndr->relative_highest_offset;
+	}
+
+	torture_assert(tctx, highest_ofs == ndr->data_size,
+		talloc_asprintf(tctx, "%d unread bytes", ndr->data_size - highest_ofs));
+
+	if (check_fn) {
+		ret = check_fn(tctx, ds);
+	} else {
+		ret = true;
+	}
+
+	torture_ndrdump(tctx, ndr, data, NDR_OUT, ds, "ds");
+
+	talloc_free(ndr);
+
+	return ret;
+}
+
+_PUBLIC_ struct torture_test *_torture_suite_add_ndr_pull_inout_test(
+					struct torture_suite *suite,
+					const char *name,
+					ndr_pull_flags_fn_t pull_fn,
+					ndr_print_function_t print_function,
+					const char *db_in_name,
+					DATA_BLOB db_in,
+					const char *db_out_name,
+					DATA_BLOB db_out,
+					size_t struct_size,
+					libndr_flags flags,
+					const char *check_fn_name,
+					bool (*check_fn) (struct torture_context *ctx, void *data))
+{
+	struct torture_test *test;
+	struct torture_tcase *tcase;
+	struct ndr_pull_test_data *data;
+
+	tcase = torture_suite_add_tcase(suite, name);
+
+	test = talloc(tcase, struct torture_test);
+
+	test->name = talloc_strdup(test, check_fn_name);
+	test->description = talloc_asprintf(test, "db_in:%s db_out:%s",
+					    db_in_name,
+					    db_out_name);
+	test->run = wrap_ndr_inout_pull_test;
+	data = talloc_zero(test, struct ndr_pull_test_data);
+	data->data = db_out;
+	data->data_context = db_in;
+	data->ndr_flags = 0;
+	data->flags = flags;
+	data->struct_size = struct_size;
+	data->pull_fn = pull_fn;
+	data->print_function = print_function;
+	test->data = data;
+	test->fn = check_fn;
+	test->dangerous = false;
+
+	DLIST_ADD_END(tcase->tests, test);
+
+	return test;
+}
+
+static bool wrap_ndr_pull_invalid_data_test(struct torture_context *tctx,
+					    struct torture_tcase *tcase,
+					    struct torture_test *test)
+{
+	const struct ndr_pull_test_data *data = (const struct ndr_pull_test_data *)test->data;
+	struct ndr_pull *ndr = ndr_pull_init_blob(&(data->data), tctx);
+	void *ds = talloc_zero_size(ndr, data->struct_size);
+	bool ret = true;
+
+	torture_assert(tctx, data, "out of memory");
+	torture_assert(tctx, ndr, "out of memory");
+	torture_assert(tctx, ds, "out of memory");
+
+	ndr->flags |= data->flags;
+
+	ndr->flags |= LIBNDR_FLAG_REF_ALLOC;
+
+	torture_assert_ndr_err_equal(
+		tctx,
+		data->pull_fn(ndr, data->ndr_flags, ds),
+		NDR_ERR_BUFSIZE,
+		"pulling invalid data");
+
+	talloc_free(ndr);
+	return ret;
+}
+
+_PUBLIC_ struct torture_test *_torture_suite_add_ndr_pull_invalid_data_test(
+	struct torture_suite *suite,
+	const char *name,
+	ndr_pull_flags_fn_t pull_fn,
+	const char *db_name,
+	DATA_BLOB db,
+	size_t struct_size,
+	ndr_flags_type ndr_flags,
+	libndr_flags flags,
+	enum ndr_err_code ndr_err)
+{
+	struct torture_test *test;
+	struct torture_tcase *tcase;
+	struct ndr_pull_test_data *data;
+
+	tcase = torture_suite_add_tcase(suite, name);
+
+	test = talloc(tcase, struct torture_test);
+
+	test->name = talloc_strdup(test, db_name);
+	test->description = NULL;
+	test->run = wrap_ndr_pull_invalid_data_test;
+
+	data = talloc_zero(test, struct ndr_pull_test_data);
+	data->data = db;
+	data->ndr_flags = ndr_flags;
+	data->flags = flags;
+	data->struct_size = struct_size;
+	data->pull_fn = pull_fn;
+	data->ndr_err = ndr_err;
+
+	test->data = data;
+	test->fn = NULL;
+	test->dangerous = false;
+
+	DLIST_ADD_END(tcase->tests, test);
+
+	return test;
+}
+
+static bool test_check_string_terminator(struct torture_context *tctx)
+{
+	struct ndr_pull *ndr;
+	DATA_BLOB blob;
+	TALLOC_CTX *mem_ctx = tctx;
+
+	/* Simple test */
+	blob = strhex_to_data_blob(tctx, "0000");
+
+	ndr = ndr_pull_init_blob(&blob, mem_ctx);
+
+	torture_assert_ndr_success(tctx, ndr_check_string_terminator(ndr, 1, 2),
+				   "simple check_string_terminator test failed");
+
+	torture_assert(tctx, ndr->offset == 0,
+		"check_string_terminator did not reset offset");
+
+	if (NDR_ERR_CODE_IS_SUCCESS(ndr_check_string_terminator(ndr, 1, 3))) {
+		torture_fail(tctx, "check_string_terminator checked beyond string boundaries");
+	}
+
+	torture_assert(tctx, ndr->offset == 0,
+		"check_string_terminator did not reset offset");
+
+	talloc_free(ndr);
+
+	blob = strhex_to_data_blob(tctx, "11220000");
+	ndr = ndr_pull_init_blob(&blob, mem_ctx);
+
+	torture_assert_ndr_success(tctx,
+		ndr_check_string_terminator(ndr, 4, 1),
+		"check_string_terminator failed to recognize terminator");
+
+	torture_assert_ndr_success(tctx,
+		ndr_check_string_terminator(ndr, 3, 1),
+		"check_string_terminator failed to recognize terminator");
+
+	if (NDR_ERR_CODE_IS_SUCCESS(ndr_check_string_terminator(ndr, 2, 1))) {
+		torture_fail(tctx, "check_string_terminator erroneously reported terminator");
+	}
+
+	torture_assert(tctx, ndr->offset == 0,
+		"check_string_terminator did not reset offset");
+	return true;
+}
+
+static bool test_guid_from_string_valid(struct torture_context *tctx)
+{
+	/* FIXME */
+	return true;
+}
+
+static bool test_guid_from_string_null(struct torture_context *tctx)
+{
+	struct GUID guid;
+	torture_assert_ntstatus_equal(tctx, NT_STATUS_INVALID_PARAMETER,
+				      GUID_from_string(NULL, &guid),
+				      "NULL failed");
+	return true;
+}
+
+static bool test_guid_from_string_invalid(struct torture_context *tctx)
+{
+	struct GUID g1;
+	bool failed = false;
+	int i;
+	const char *bad_guids[] = {
+		"bla",
+		"",
+		/*
+		"00000001-0002-0003-0405-060708090a0b",  correct
+		*/
+		"00000001-0002-0003-0405-060708090a0b1", /* too long */
+		"00000001-0002-0003-0405-060708090a0",  /* too short */
+		"00000001-0002-0003-0405--060708090a0",  /* negative */
+		"00000001-0002-0003--0405-060708090a0",  /* negative */
+		"-0000001-0002-0003-0405-060708090a0b",  /* negative */
+		"-0000001-0002-0003-04-5-060708090a0b",  /* negative */
+		"d0000001-0002-0003-0405-060708090a-b",  /* negative */
+		"00000001-  -2-0003-0405-060708090a0b",  /* negative, space */
+		"00000001-0002-0003-0405- 060708090a0",  /* whitespace */
+		" 0000001-0002-0003--0405-060708090a0",  /* whitespace */
+		"00000001-0002-0003--0405-060708090a ",  /* whitespace */
+		"0000001-00002-0003-04050-60708090a0b",  /* misshapen */
+		"00000010-0002-0003-04050-60708090a0b",  /* misshapen */
+		"00000001-0002-0003-0405-0z0708090a0b",  /* bad char */
+		"00000001-00x2-0x03-0405-060708090a0b",  /* bad char (00x) */
+		"0x000001-0002-0003-0405-060708090a0b",  /* 0x char */
+		"00000001-0x02-0x03-0405-060708090a0b",  /* 0x char */
+	};
+
+	for (i = 0; i < ARRAY_SIZE(bad_guids); i++) {
+		NTSTATUS status = GUID_from_string(bad_guids[i], &g1);
+		if (! NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
+			torture_comment(tctx, "bad guid %s parsed as OK\n",
+					bad_guids[i]);
+			failed = true;
+		}
+	}
+	if (failed) {
+		torture_fail(tctx, "wrongly allowing invalid guids");
+	}
+	return true;
+}
+
+static bool test_guid_from_string(struct torture_context *tctx)
+{
+	struct GUID g1, exp;
+	/* we are asserting all these guids are valid and equal */
+	const char *guids[5] = {
+		"00000001-0002-0003-0405-060708090a0b",
+		"{00000001-0002-0003-0405-060708090a0b}",
+		"{00000001-0002-0003-0405-060708090a0B}", /* mixed */
+		"00000001-0002-0003-0405-060708090A0B",   /* upper */
+		"01000000020003000405060708090a0b",       /* hex string */
+	};
+	int i;
+
+	torture_assert_ntstatus_ok(tctx,
+				   GUID_from_string(guids[0], &g1),
+				   "invalid return code");
+	exp.time_low = 1;
+	exp.time_mid = 2;
+	exp.time_hi_and_version = 3;
+	exp.clock_seq[0] = 4;
+	exp.clock_seq[1] = 5;
+	exp.node[0] = 6;
+	exp.node[1] = 7;
+	exp.node[2] = 8;
+	exp.node[3] = 9;
+	exp.node[4] = 10;
+	exp.node[5] = 11;
+
+	for (i = 1; i < ARRAY_SIZE(guids); i++) {
+		torture_assert_ntstatus_ok(tctx,
+					   GUID_from_string(guids[i], &g1),
+					   "invalid return code");
+		torture_assert(tctx, GUID_equal(&g1, &exp),
+			       "UUID parsed incorrectly");
+	}
+	return true;
+}
+
+static bool test_guid_from_data_blob(struct torture_context *tctx)
+{
+	struct GUID g1, exp;
+	const uint8_t bin[16] = {
+		0x01, 0x00, 0x00, 0x00,
+		0x02, 0x00,
+		0x03, 0x00,
+		0x04, 0x05,
+		0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b };
+	const char *hexstr = "01000000020003000405060708090a0b";
+	const DATA_BLOB blobs[2] = {
+		data_blob_const(bin, sizeof(bin)),
+		data_blob_string_const(hexstr),
+	};
+	int i;
+
+	exp.time_low = 1;
+	exp.time_mid = 2;
+	exp.time_hi_and_version = 3;
+	exp.clock_seq[0] = 4;
+	exp.clock_seq[1] = 5;
+	exp.node[0] = 6;
+	exp.node[1] = 7;
+	exp.node[2] = 8;
+	exp.node[3] = 9;
+	exp.node[4] = 10;
+	exp.node[5] = 11;
+
+	for (i = 1; i < ARRAY_SIZE(blobs); i++) {
+		torture_assert_ntstatus_ok(tctx,
+					   GUID_from_data_blob(&blobs[i], &g1),
+					   "invalid return code");
+		torture_assert(tctx, GUID_equal(&g1, &exp),
+			       "UUID parsed incorrectly");
+	}
+
+	return true;
+}
+
+static bool test_guid_string_valid(struct torture_context *tctx)
+{
+	struct GUID g;
+	g.time_low = 1;
+	g.time_mid = 2;
+	g.time_hi_and_version = 3;
+	g.clock_seq[0] = 4;
+	g.clock_seq[1] = 5;
+	g.node[0] = 6;
+	g.node[1] = 7;
+	g.node[2] = 8;
+	g.node[3] = 9;
+	g.node[4] = 10;
+	g.node[5] = 11;
+	torture_assert_str_equal(tctx, "00000001-0002-0003-0405-060708090a0b",
+				 GUID_string(tctx, &g),
+				 "parsing guid failed");
+	return true;
+}
+
+static bool test_guid_string2_valid(struct torture_context *tctx)
+{
+	struct GUID g;
+	g.time_low = 1;
+	g.time_mid = 2;
+	g.time_hi_and_version = 3;
+	g.clock_seq[0] = 4;
+	g.clock_seq[1] = 5;
+	g.node[0] = 6;
+	g.node[1] = 7;
+	g.node[2] = 8;
+	g.node[3] = 9;
+	g.node[4] = 10;
+	g.node[5] = 11;
+	torture_assert_str_equal(tctx, "{00000001-0002-0003-0405-060708090a0b}",
+				 GUID_string2(tctx, &g),
+				 "parsing guid failed");
+	return true;
+}
+
+static bool test_guid_into_blob(struct torture_context *tctx)
+{
+	enum ndr_err_code ndr_err;
+	static const char exp_guid[16] =
+		{ 0x1, 0x0, 0x0, 0x0,
+		  0x2, 0x0, 0x3, 0x0,
+		  0x4, 0x5, 0x6, 0x7,
+		  0x8, 0x9, 0xa, 0xb };
+	DATA_BLOB exp = data_blob_const(exp_guid, 16);
+	char ndr_guid[16] =
+		{ 0x0, 0x0, 0x0, 0x0,
+		  0x0, 0x0, 0x0, 0x0,
+		  0x0, 0x0, 0x0, 0x0,
+		  0x0, 0x0, 0x0, 0x0 };
+	DATA_BLOB b = data_blob_const(ndr_guid, 16);
+	struct GUID guid;
+	guid.time_low = 1;
+	guid.time_mid = 2;
+	guid.time_hi_and_version = 3;
+	guid.clock_seq[0] = 4;
+	guid.clock_seq[1] = 5;
+	guid.node[0] = 6;
+	guid.node[1] = 7;
+	guid.node[2] = 8;
+	guid.node[3] = 9;
+	guid.node[4] = 10;
+	guid.node[5] = 11;
+	
+	ndr_err = ndr_push_struct_into_fixed_blob(&b, &guid,
+						  (ndr_push_flags_fn_t)ndr_push_GUID);
+	torture_assert_ndr_err_equal(tctx, ndr_err, NDR_ERR_SUCCESS,
+				     "wrong NDR error");
+	torture_assert_data_blob_equal(tctx, b, exp,
+				       "GUID packed wrongly");
+
+	return true;
+}
+
+/* Really a test of ndr_push_struct_into_fixed_blob error handling */
+static bool test_guid_into_long_blob(struct torture_context *tctx)
+{
+	enum ndr_err_code ndr_err;
+	char ndr_guid[17] =
+		{ 0x0, 0x0, 0x0, 0x0,
+		  0x0, 0x0, 0x0, 0x0,
+		  0x0, 0x0, 0x0, 0x0,
+		  0x0, 0x0, 0x0, 0x0, 0x0 };
+	DATA_BLOB b = data_blob_const(ndr_guid, 17);
+	struct GUID guid;
+	guid.time_low = 1;
+	guid.time_mid = 2;
+	guid.time_hi_and_version = 3;
+	guid.clock_seq[0] = 4;
+	guid.clock_seq[1] = 5;
+	guid.node[0] = 6;
+	guid.node[1] = 7;
+	guid.node[2] = 8;
+	guid.node[3] = 9;
+	guid.node[4] = 10;
+	guid.node[5] = 11;
+
+	torture_assert(tctx, b.data != NULL, "data_blob_talloc failed");
+	ndr_err = ndr_push_struct_into_fixed_blob(
+		&b, &guid, (ndr_push_flags_fn_t)ndr_push_GUID);
+	torture_assert_ndr_err_equal(tctx, ndr_err, NDR_ERR_BUFSIZE,
+				     "wrong NDR error");
+
+	return true;
+}
+
+static bool test_guid_into_short_blob(struct torture_context *tctx)
+{
+	enum ndr_err_code ndr_err;
+	char ndr_guid[15] =
+		{ 0x0, 0x0, 0x0, 0x0,
+		  0x0, 0x0, 0x0, 0x0,
+		  0x0, 0x0, 0x0, 0x0,
+		  0x0, 0x0, 0x0 };
+	DATA_BLOB b = data_blob_const(ndr_guid, 15);
+	struct GUID guid;
+	guid.time_low = 1;
+	guid.time_mid = 2;
+	guid.time_hi_and_version = 3;
+	guid.clock_seq[0] = 4;
+	guid.clock_seq[1] = 5;
+	guid.node[0] = 6;
+	guid.node[1] = 7;
+	guid.node[2] = 8;
+	guid.node[3] = 9;
+	guid.node[4] = 10;
+	guid.node[5] = 11;
+
+	ndr_err = ndr_push_struct_into_fixed_blob(
+		&b, &guid, (ndr_push_flags_fn_t)ndr_push_GUID);
+	torture_assert_ndr_err_equal(tctx, ndr_err, NDR_ERR_BUFSIZE,
+				     "wrong NDR error");
+
+	return true;
+}
+
+static bool test_compare_uuid(struct torture_context *tctx)
+{
+	struct GUID g1, g2;
+	ZERO_STRUCT(g1); ZERO_STRUCT(g2);
+	torture_assert_int_equal(tctx, 0, GUID_compare(&g1, &g2),
+				 "GUIDs not equal");
+	g1.time_low = 1;
+	torture_assert_int_equal(tctx, 1, GUID_compare(&g1, &g2),
+				 "GUID diff invalid");
+
+	g1.time_low = 10;
+	torture_assert_int_equal(tctx, 1, GUID_compare(&g1, &g2),
+				 "GUID diff invalid");
+
+	g1.time_low = 0;
+	g1.clock_seq[1] = 20;
+	torture_assert_int_equal(tctx, 1, GUID_compare(&g1, &g2),
+				 "GUID diff invalid");
+
+	g1.time_low = ~0;
+	torture_assert_int_equal(tctx, 1, GUID_compare(&g1, &g2),
+				 "GUID diff invalid");
+
+	g1.time_low = 0;
+	g2.time_low = ~0;
+	torture_assert_int_equal(tctx, -1, GUID_compare(&g1, &g2),
+				 "GUID diff invalid");
+	return true;
+}
+
+static bool test_syntax_id_from_string(struct torture_context *tctx)
+{
+	struct ndr_syntax_id s, exp;
+	const char *id = "00000001-0002-0003-0405-060708090a0b/0x12345678";
+
+	exp.uuid.time_low = 1;
+	exp.uuid.time_mid = 2;
+	exp.uuid.time_hi_and_version = 3;
+	exp.uuid.clock_seq[0] = 4;
+	exp.uuid.clock_seq[1] = 5;
+	exp.uuid.node[0] = 6;
+	exp.uuid.node[1] = 7;
+	exp.uuid.node[2] = 8;
+	exp.uuid.node[3] = 9;
+	exp.uuid.node[4] = 10;
+	exp.uuid.node[5] = 11;
+	exp.if_version = 0x12345678;
+
+	torture_assert(tctx,
+		       ndr_syntax_id_from_string(id, &s),
+		       "invalid return code");
+	torture_assert(tctx, ndr_syntax_id_equal(&s, &exp),
+		       "NDR syntax id parsed incorrectly");
+	return true;
+}
+
+struct torture_suite *torture_local_ndr(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "ndr");
+
+	torture_suite_add_suite(suite, ndr_dcerpc_suite(suite));
+	torture_suite_add_suite(suite, ndr_winreg_suite(suite));
+	torture_suite_add_suite(suite, ndr_atsvc_suite(suite));
+	torture_suite_add_suite(suite, ndr_lsa_suite(suite));
+	torture_suite_add_suite(suite, ndr_epmap_suite(suite));
+	torture_suite_add_suite(suite, ndr_dfs_suite(suite));
+	torture_suite_add_suite(suite, ndr_dfsblob_suite(suite));
+	torture_suite_add_suite(suite, ndr_netlogon_suite(suite));
+	torture_suite_add_suite(suite, ndr_drsuapi_suite(suite));
+	torture_suite_add_suite(suite, ndr_spoolss_suite(suite));
+	torture_suite_add_suite(suite, ndr_winspool_suite(suite));
+	torture_suite_add_suite(suite, ndr_ntprinting_suite(suite));
+	torture_suite_add_suite(suite, ndr_samr_suite(suite));
+	torture_suite_add_suite(suite, ndr_drsblobs_suite(suite));
+	torture_suite_add_suite(suite, ndr_dnsp_suite(suite));
+	torture_suite_add_suite(suite, ndr_nbt_suite(suite));
+	torture_suite_add_suite(suite, ndr_ntlmssp_suite(suite));
+	torture_suite_add_suite(suite, ndr_backupkey_suite(suite));
+	torture_suite_add_suite(suite, ndr_witness_suite(suite));
+	torture_suite_add_suite(suite, ndr_clusapi_suite(suite));
+	torture_suite_add_suite(suite, ndr_negoex_suite(suite));
+	torture_suite_add_suite(suite, ndr_string_suite(suite));
+	torture_suite_add_suite(suite, ndr_krb5pac_suite(suite));
+	torture_suite_add_suite(suite, ndr_cabinet_suite(suite));
+	torture_suite_add_suite(suite, ndr_charset_suite(suite));
+	torture_suite_add_suite(suite, ndr_svcctl_suite(suite));
+	torture_suite_add_suite(suite, ndr_ODJ_suite(suite));
+
+	torture_suite_add_simple_test(suite, "string terminator",
+				      test_check_string_terminator);
+
+	torture_suite_add_simple_test(suite, "guid_from_string_null",
+				      test_guid_from_string_null);
+
+	torture_suite_add_simple_test(suite, "guid_from_string",
+				      test_guid_from_string);
+
+	torture_suite_add_simple_test(suite, "guid_from_data_blob",
+				      test_guid_from_data_blob);
+
+	torture_suite_add_simple_test(suite, "guid_from_string_invalid",
+				      test_guid_from_string_invalid);
+
+	torture_suite_add_simple_test(suite, "guid_string_valid",
+				      test_guid_string_valid);
+
+	torture_suite_add_simple_test(suite, "guid_string2_valid",
+				      test_guid_string2_valid);
+
+	torture_suite_add_simple_test(suite, "guid_from_string_valid",
+				      test_guid_from_string_valid);
+
+	torture_suite_add_simple_test(suite, "compare_uuid",
+				      test_compare_uuid);
+
+	torture_suite_add_simple_test(suite, "guid_into_blob",
+				      test_guid_into_blob);
+
+	torture_suite_add_simple_test(suite, "guid_into_short_blob",
+				      test_guid_into_short_blob);
+
+	torture_suite_add_simple_test(suite, "guid_into_long_blob",
+				      test_guid_into_long_blob);
+
+	torture_suite_add_simple_test(suite, "syntax_id_from_string",
+				      test_syntax_id_from_string);
+
+	return suite;
+}
+
diff --git a/source4/torture/ndr/ndr.h b/source4/torture/ndr/ndr.h
new file mode 100644
index 0000000..82ccc69
--- /dev/null
+++ b/source4/torture/ndr/ndr.h
@@ -0,0 +1,249 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB torture tester
+   Copyright (C) Jelmer Vernooij 2007
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __TORTURE_NDR_H__
+#define __TORTURE_NDR_H__
+
+#include "torture/torture.h"
+#include "librpc/ndr/libndr.h"
+#include "libcli/security/security.h"
+
+_PUBLIC_ struct torture_test *_torture_suite_add_ndr_pullpush_test(
+					struct torture_suite *suite,
+					const char *name,
+					ndr_pull_flags_fn_t pull_fn,
+					ndr_push_flags_fn_t push_fn,
+					ndr_print_fn_t print_fn,
+					ndr_print_function_t print_function,
+					const char *db_name,
+					DATA_BLOB db,
+					size_t struct_size,
+					ndr_flags_type ndr_flags,
+					libndr_flags flags,
+					const char *check_fn_name,
+					bool (*check_fn) (struct torture_context *, void *data));
+
+_PUBLIC_ struct torture_test *_torture_suite_add_ndr_pull_inout_test(
+					struct torture_suite *suite,
+					const char *name,
+					ndr_pull_flags_fn_t pull_fn,
+					ndr_print_function_t print_fn,
+					const char *db_in_name,
+					DATA_BLOB db_in,
+					const char *db_out_name,
+					DATA_BLOB db_out,
+					size_t struct_size,
+					libndr_flags flags,
+					const char *check_fn_name,
+					bool (*check_fn) (struct torture_context *ctx, void *data));
+
+_PUBLIC_ struct torture_test *_torture_suite_add_ndr_pull_invalid_data_test(
+	struct torture_suite *suite,
+	const char *name,
+	ndr_pull_flags_fn_t pull_fn,
+	const char *db_name,
+	DATA_BLOB db,
+	size_t struct_size,
+	ndr_flags_type ndr_flags,
+	libndr_flags flags,
+	enum ndr_err_code ndr_err);
+
+#define torture_suite_add_ndr_pull_test(suite,name,data,check_fn) \
+	do { \
+		bool (*check_fn_typed) (struct torture_context *, struct name *) = \
+			check_fn; \
+		bool (*check_fn_anon) (struct torture_context *, void *) = \
+			(bool (*) (struct torture_context *, void *)) check_fn_typed; \
+		_torture_suite_add_ndr_pullpush_test(suite, #name, \
+			 (ndr_pull_flags_fn_t)ndr_pull_ ## name, \
+			 NULL, \
+			 (ndr_print_fn_t)ndr_print_ ## name, \
+			 NULL, \
+			 #data, \
+			 data_blob_const(data, sizeof(data)), \
+			 sizeof(struct name), \
+			 NDR_SCALARS|NDR_BUFFERS, 0, \
+			 #check_fn, \
+			 check_fn_anon); \
+	} while(0)
+
+#define torture_suite_add_ndr_pull_invalid_data_test(suite,name,data,ndr_err) \
+		_torture_suite_add_ndr_pull_invalid_data_test( \
+			suite, \
+			#name, \
+			(ndr_pull_flags_fn_t)ndr_pull_ ## name, \
+			#data, \
+			data_blob_const(data, sizeof(data)), \
+			sizeof(struct name), \
+			NDR_SCALARS|NDR_BUFFERS, 0, \
+			ndr_err);
+
+#define torture_suite_add_ndr_pull_fn_test(suite,name,data,flags,check_fn) \
+	do { \
+		bool (*check_fn_typed) (struct torture_context *, struct name *) = \
+			check_fn; \
+		bool (*check_fn_anon) (struct torture_context *, void *) = \
+			(bool (*) (struct torture_context *, void *)) check_fn_typed; \
+		_torture_suite_add_ndr_pullpush_test(suite, #name "_" #flags, \
+			 (ndr_pull_flags_fn_t)ndr_pull_ ## name, \
+			 NULL, \
+			 NULL, \
+			 (ndr_print_function_t)ndr_print_ ## name, \
+			 #data, \
+			 data_blob_const(data, sizeof(data)), \
+			 sizeof(struct name), \
+			 flags, 0, \
+			 #check_fn, \
+			 check_fn_anon); \
+	} while(0)
+
+#define torture_suite_add_ndr_pull_fn_test_flags(suite,name,data,flags,flags2,check_fn) \
+	do { \
+		bool (*check_fn_typed) (struct torture_context *, struct name *) = \
+			check_fn; \
+		bool (*check_fn_anon) (struct torture_context *, void *) = \
+			(bool (*) (struct torture_context *, void *)) check_fn_typed; \
+		_torture_suite_add_ndr_pullpush_test(suite, #name "_" #flags "_" #flags2, \
+			 (ndr_pull_flags_fn_t)ndr_pull_ ## name, \
+			 NULL, \
+			 NULL, \
+			 (ndr_print_function_t)ndr_print_ ## name, \
+			 #data, \
+			 data_blob_const(data, sizeof(data)), \
+			 sizeof(struct name), \
+			 flags, flags2, \
+			 #check_fn, \
+			 check_fn_anon); \
+	} while(0)
+
+#define torture_suite_add_ndr_pull_validate_test(suite,name,data,check_fn) \
+	do { \
+		bool (*check_fn_typed) (struct torture_context *, struct name *) = \
+			check_fn; \
+		bool (*check_fn_anon) (struct torture_context *, void *) = \
+			(bool (*) (struct torture_context *, void *)) check_fn_typed; \
+		_torture_suite_add_ndr_pullpush_test(suite, #name "_VALIDATE", \
+			 (ndr_pull_flags_fn_t)ndr_pull_ ## name, \
+			 (ndr_push_flags_fn_t)ndr_push_ ## name, \
+			 (ndr_print_fn_t)ndr_print_ ## name, \
+			 NULL, \
+			 #data, \
+			 data_blob_const(data, sizeof(data)), \
+			 sizeof(struct name), \
+			 NDR_SCALARS|NDR_BUFFERS, 0, \
+			 #check_fn, \
+			 check_fn_anon); \
+	} while(0)
+
+#define torture_suite_add_ndr_pull_validate_test_blob(suite,name,data_blob,check_fn) \
+	do { \
+		bool (*check_fn_typed) (struct torture_context *, struct name *) = \
+			check_fn; \
+		bool (*check_fn_anon) (struct torture_context *, void *) = \
+			(bool (*) (struct torture_context *, void *)) check_fn_typed; \
+		_torture_suite_add_ndr_pullpush_test(suite, #name "_VALIDATE", \
+			 (ndr_pull_flags_fn_t)ndr_pull_ ## name, \
+			 (ndr_push_flags_fn_t)ndr_push_ ## name, \
+			 (ndr_print_fn_t)ndr_print_ ## name, \
+			 NULL, \
+			 #data_blob, \
+			 data_blob, \
+			 sizeof(struct name), \
+			 NDR_SCALARS|NDR_BUFFERS, 0, \
+			 #check_fn, \
+			 check_fn_anon); \
+	} while(0)
+
+#define torture_suite_add_ndr_pull_validate_test_b64(suite,name,tname,b64,check_fn) \
+	do { \
+		bool (*check_fn_typed) (struct torture_context *, struct name *) = \
+			check_fn; \
+		bool (*check_fn_anon) (struct torture_context *, void *) = \
+			(bool (*) (struct torture_context *, void *)) check_fn_typed; \
+		_torture_suite_add_ndr_pullpush_test(suite, #name "_" tname, \
+			 (ndr_pull_flags_fn_t)ndr_pull_ ## name, \
+			 (ndr_push_flags_fn_t)ndr_push_ ## name, \
+			 (ndr_print_fn_t)ndr_print_ ## name, \
+			 NULL, \
+			 #b64, \
+			 base64_decode_data_blob_talloc(suite, b64), \
+			 sizeof(struct name), \
+			 NDR_SCALARS|NDR_BUFFERS, 0, \
+			 #check_fn, \
+			 check_fn_anon); \
+	} while(0)
+
+#define torture_suite_add_ndr_pullpush_fn_test_flags(suite,name,data,flags,flags2,check_fn) \
+	do { \
+		bool (*check_fn_typed) (struct torture_context *, struct name *) = \
+			check_fn; \
+		bool (*check_fn_anon) (struct torture_context *, void *) = \
+			(bool (*) (struct torture_context *, void *)) check_fn_typed; \
+		_torture_suite_add_ndr_pullpush_test(suite, #name, \
+			 (ndr_pull_flags_fn_t)ndr_pull_ ## name, \
+			 (ndr_push_flags_fn_t)ndr_push_ ## name, \
+			 NULL, \
+			 (ndr_print_function_t)ndr_print_ ## name, \
+			 #data, \
+			 data_blob_const(data, sizeof(data)), \
+			 sizeof(struct name), \
+			 flags, flags2, \
+			 #check_fn, \
+			 check_fn_anon); \
+	} while(0)
+
+#define torture_suite_add_ndr_pull_io_test(suite,name,data_in,data_out,check_fn_out) \
+	do { \
+		bool (*check_fn_typed) (struct torture_context *, struct name *) = \
+			check_fn_out; \
+		bool (*check_fn_anon) (struct torture_context *, void *) = \
+			(bool (*) (struct torture_context *, void *)) check_fn_typed; \
+		_torture_suite_add_ndr_pull_inout_test(suite, #name "_INOUT", \
+			 (ndr_pull_flags_fn_t)ndr_pull_ ## name, \
+			 (ndr_print_function_t)ndr_print_ ## name, \
+			 #data_in, \
+			 data_blob_const(data_in, sizeof(data_in)), \
+			 #data_out, \
+			 data_blob_const(data_out, sizeof(data_out)), \
+			 sizeof(struct name), \
+			 0, \
+			 #check_fn_out, \
+			 check_fn_anon); \
+	} while(0)
+
+#define torture_suite_add_ndr_pull_io_test_flags(suite,name,data_in,data_out,flags,check_fn_out) \
+	do { \
+		bool (*check_fn_typed) (struct torture_context *, struct name *) = \
+			check_fn_out; \
+		bool (*check_fn_anon) (struct torture_context *, void *) = \
+			(bool (*) (struct torture_context *, void *)) check_fn_typed; \
+		_torture_suite_add_ndr_pull_inout_test(suite, #name "_INOUT_" #flags, \
+			 (ndr_pull_flags_fn_t)ndr_pull_ ## name, \
+			 (ndr_print_function_t)ndr_print_ ## name, \
+			 #data_in, \
+			 data_blob_const(data_in, sizeof(data_in)), \
+			 #data_out, \
+			 data_blob_const(data_out, sizeof(data_out)), \
+			 sizeof(struct name), \
+			 flags, \
+			 #check_fn_out, \
+			 check_fn_anon); \
+	} while(0)
+
+#endif /* __TORTURE_NDR_H__ */
diff --git a/source4/torture/ndr/negoex.c b/source4/torture/ndr/negoex.c
new file mode 100644
index 0000000..1cd2d54
--- /dev/null
+++ b/source4/torture/ndr/negoex.c
@@ -0,0 +1,100 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for negoex ndr operations
+
+   Copyright (C) Guenther Deschner 2015
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/ndr/ndr.h"
+#include "librpc/gen_ndr/ndr_negoex.h"
+#include "torture/ndr/proto.h"
+
+static const uint8_t negoex_MESSAGE_ARRAY_data[] = {
+	0x4e, 0x45, 0x47, 0x4f, 0x45, 0x58, 0x54, 0x53, 0x01, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x60, 0x00, 0x00, 0x00, 0x70, 0x00, 0x00, 0x00,
+	0x06, 0xcb, 0x30, 0x71, 0x62, 0x20, 0x1b, 0x6a, 0x40, 0x9e, 0x35, 0x14,
+	0xc2, 0x6b, 0x17, 0x73, 0xba, 0x25, 0xdd, 0x80, 0x91, 0xfb, 0xae, 0x2c,
+	0x68, 0x4b, 0x99, 0x28, 0xf0, 0x3c, 0x3e, 0xf3, 0xe2, 0xcf, 0x60, 0xa3,
+	0x29, 0xee, 0xa0, 0xf9, 0xb1, 0x10, 0x4b, 0x56, 0xc3, 0x83, 0xc7, 0x32,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x60, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x5c, 0x33, 0x53, 0x0d, 0xea, 0xf9, 0x0d, 0x4d, 0xb2, 0xec, 0x4a, 0xe3,
+	0x78, 0x6e, 0xc3, 0x08, 0x4e, 0x45, 0x47, 0x4f, 0x45, 0x58, 0x54, 0x53,
+	0x03, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00,
+	0x98, 0x00, 0x00, 0x00, 0x06, 0xcb, 0x30, 0x71, 0x62, 0x20, 0x1b, 0x6a,
+	0x40, 0x9e, 0x35, 0x14, 0xc2, 0x6b, 0x17, 0x73, 0x5c, 0x33, 0x53, 0x0d,
+	0xea, 0xf9, 0x0d, 0x4d, 0xb2, 0xec, 0x4a, 0xe3, 0x78, 0x6e, 0xc3, 0x08,
+	0x40, 0x00, 0x00, 0x00, 0x58, 0x00, 0x00, 0x00, 0x30, 0x56, 0xa0, 0x54,
+	0x30, 0x52, 0x30, 0x27, 0x80, 0x25, 0x30, 0x23, 0x31, 0x21, 0x30, 0x1f,
+	0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x18, 0x54, 0x6f, 0x6b, 0x65, 0x6e,
+	0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x50, 0x75, 0x62,
+	0x6c, 0x69, 0x63, 0x20, 0x4b, 0x65, 0x79, 0x30, 0x27, 0x80, 0x25, 0x30,
+	0x23, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x18,
+	0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e,
+	0x67, 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x20, 0x4b, 0x65, 0x79
+};
+
+static bool negoex_MESSAGE_ARRAY_check(struct torture_context *tctx,
+				       struct negoex_MESSAGE_ARRAY *r)
+{
+	struct GUID guid;
+	struct negoex_MESSAGE m;
+
+	torture_assert_int_equal(tctx, r->count, 2, "count");
+
+	m = r->messages[0];
+
+	torture_assert_str_equal(tctx, m.signature, "NEGOEXTS", "signature");
+	torture_assert_int_equal(tctx, m.type, NEGOEX_MESSAGE_TYPE_ACCEPTOR_NEGO, "type");
+	torture_assert_int_equal(tctx, m.sequence_number, 0, "sequence_number");
+	torture_assert_int_equal(tctx, m.header_length, 96, "header_length");
+	torture_assert_int_equal(tctx, m.message_length, 112, "message_length");
+	GUID_from_string("7130cb06-2062-6a1b-409e-3514c26b1773", &guid);
+	torture_assert_guid_equal(tctx, m.conversation_id, guid, "conversation_id");
+	/* torture_assert_int_equal(tctx, m.p.nego.random, ba25dd8091fbae2c684b9928f03c3ef3e2cf60a329eea0f9b1104b56c383c732, "p.nego.random"); */
+	torture_assert_int_equal(tctx, m.p.nego.protocol_version, 0, "p.nego.protocol_version");
+	torture_assert_int_equal(tctx, m.p.nego.auth_schemes.count, 1, "p.nego.auth_schemes.count");
+	GUID_from_string("0d53335c-f9ea-4d0d-b2ec-4ae3786ec308", &guid);
+	torture_assert_guid_equal(tctx, m.p.nego.auth_schemes.array[0].guid, guid, "p.nego.auth_schemes.array[0].guid");
+	torture_assert_int_equal(tctx, m.p.nego.extensions.count, 0, "p.nego.extensions.count");
+
+	m = r->messages[1];
+
+	torture_assert_str_equal(tctx, m.signature, "NEGOEXTS", "signature");
+	torture_assert_int_equal(tctx, m.type, NEGOEX_MESSAGE_TYPE_ACCEPTOR_META_DATA, "type");
+	torture_assert_int_equal(tctx, m.sequence_number, 1, "sequence_number");
+	torture_assert_int_equal(tctx, m.header_length, 64, "header_length");
+	torture_assert_int_equal(tctx, m.message_length, 152, "message_length");
+	GUID_from_string("7130cb06-2062-6a1b-409e-3514c26b1773", &guid);
+	torture_assert_guid_equal(tctx, m.conversation_id, guid, "conversation_id");
+	GUID_from_string("0d53335c-f9ea-4d0d-b2ec-4ae3786ec308", &guid);
+	torture_assert_guid_equal(tctx, m.p.exchange.auth_scheme.guid, guid, "auth_scheme.guid");
+	torture_assert_int_equal(tctx, m.p.exchange.exchange.blob.length, 88, "exchange.blob.length");
+
+	return true;
+}
+
+struct torture_suite *ndr_negoex_suite(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "negoex");
+
+	torture_suite_add_ndr_pull_validate_test(suite, negoex_MESSAGE_ARRAY,
+					    negoex_MESSAGE_ARRAY_data,
+					    negoex_MESSAGE_ARRAY_check);
+
+	return suite;
+}
diff --git a/source4/torture/ndr/netlogon.c b/source4/torture/ndr/netlogon.c
new file mode 100644
index 0000000..bfd7a61
--- /dev/null
+++ b/source4/torture/ndr/netlogon.c
@@ -0,0 +1,825 @@
+/* 
+   Unix SMB/CIFS implementation.
+   test suite for netlogon ndr operations
+
+   Copyright (C) Jelmer Vernooij 2007
+   Copyright (C) Guenther Deschner 2011
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/ndr/ndr.h"
+#include "librpc/gen_ndr/ndr_netlogon.h"
+#include "torture/ndr/proto.h"
+
+static const uint8_t netrserverauthenticate3_in_data[] = {
+  0xb0, 0x2e, 0x0a, 0x00, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x18, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x5c, 0x00, 0x4e, 0x00, 0x41, 0x00,
+  0x54, 0x00, 0x49, 0x00, 0x56, 0x00, 0x45, 0x00, 0x2d, 0x00, 0x44, 0x00,
+  0x43, 0x00, 0x2e, 0x00, 0x4e, 0x00, 0x41, 0x00, 0x54, 0x00, 0x49, 0x00,
+  0x56, 0x00, 0x45, 0x00, 0x2e, 0x00, 0x42, 0x00, 0x41, 0x00, 0x53, 0x00,
+  0x45, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x0b, 0x00, 0x00, 0x00, 0x4e, 0x00, 0x41, 0x00, 0x54, 0x00, 0x49, 0x00,
+  0x56, 0x00, 0x45, 0x00, 0x2d, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x24, 0x00,
+  0x00, 0x00, 0x02, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x00, 0x00, 0x4e, 0x00, 0x41, 0x00, 0x54, 0x00, 0x49, 0x00,
+  0x56, 0x00, 0x45, 0x00, 0x2d, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x00, 0x00,
+  0x68, 0x8e, 0x3c, 0xdf, 0x23, 0x02, 0xb1, 0x51, 0xff, 0xff, 0x07, 0x60
+};
+
+static bool netrserverauthenticate3_in_check(struct torture_context *tctx,
+											struct netr_ServerAuthenticate3 *r)
+{
+	uint8_t cred_expected[8] = { 0x68, 0x8e, 0x3c, 0xdf, 0x23, 0x02, 0xb1, 0x51 };
+	torture_assert_str_equal(tctx, r->in.server_name, "\\\\NATIVE-DC.NATIVE.BASE", "server name");
+	torture_assert_str_equal(tctx, r->in.account_name, "NATIVE-2K$", "account name");
+	torture_assert_int_equal(tctx, r->in.secure_channel_type, 2, "secure channel type");
+	torture_assert_str_equal(tctx, r->in.computer_name, "NATIVE-2K", "computer name");
+	torture_assert_int_equal(tctx, *r->in.negotiate_flags, 0x6007ffff, "negotiate flags");
+	torture_assert_mem_equal(tctx, cred_expected, r->in.credentials->data, 8, "credentials");
+	return true;
+}
+
+static const uint8_t netrserverauthenticate3_out_data[] = {
+  0x22, 0x0c, 0x86, 0x8a, 0xe9, 0x92, 0x93, 0xc9, 0xff, 0xff, 0x07, 0x60,
+  0x54, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool netrserverauthenticate3_out_check(struct torture_context *tctx,
+											struct netr_ServerAuthenticate3 *r)
+{
+	uint8_t cred_expected[8] = { 0x22, 0x0c, 0x86, 0x8a, 0xe9, 0x92, 0x93, 0xc9 };
+	torture_assert_mem_equal(tctx, cred_expected, r->out.return_credentials->data, 8, "return_credentials");
+	torture_assert_int_equal(tctx, *r->out.negotiate_flags, 0x6007ffff, "negotiate flags");
+	torture_assert_int_equal(tctx, *r->out.rid, 0x454, "rid");
+	torture_assert_ntstatus_ok(tctx, r->out.result, "return code");
+	
+	return true;
+}
+
+static const uint8_t netrserverreqchallenge_in_data[] = {
+  0xb0, 0x2e, 0x0a, 0x00, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x18, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x5c, 0x00, 0x4e, 0x00, 0x41, 0x00,
+  0x54, 0x00, 0x49, 0x00, 0x56, 0x00, 0x45, 0x00, 0x2d, 0x00, 0x44, 0x00,
+  0x43, 0x00, 0x2e, 0x00, 0x4e, 0x00, 0x41, 0x00, 0x54, 0x00, 0x49, 0x00,
+  0x56, 0x00, 0x45, 0x00, 0x2e, 0x00, 0x42, 0x00, 0x41, 0x00, 0x53, 0x00,
+  0x45, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x00, 0x00, 0x4e, 0x00, 0x41, 0x00, 0x54, 0x00, 0x49, 0x00,
+  0x56, 0x00, 0x45, 0x00, 0x2d, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x00, 0x00,
+  0xa3, 0x2c, 0xa2, 0x95, 0x40, 0xcc, 0xb7, 0xbb
+};
+
+static bool netrserverreqchallenge_in_check(struct torture_context *tctx,
+					    struct netr_ServerReqChallenge *r)
+{
+	uint8_t cred_expected[8] = { 0xa3, 0x2c, 0xa2, 0x95, 0x40, 0xcc, 0xb7, 0xbb };
+	torture_assert_str_equal(tctx, r->in.server_name, "\\\\NATIVE-DC.NATIVE.BASE", "server name");
+	torture_assert_str_equal(tctx, r->in.computer_name, "NATIVE-2K", "account name");
+	torture_assert_mem_equal(tctx, cred_expected, r->in.credentials->data, 8, "credentials");
+
+	return true;
+}
+
+static const uint8_t netrserverreqchallenge_out_data[] = {
+  0x22, 0xfc, 0xc1, 0x17, 0xc0, 0xae, 0x27, 0x8e, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool netrserverreqchallenge_out_check(struct torture_context *tctx,
+					     struct netr_ServerReqChallenge *r)
+{
+	uint8_t cred_expected[8] = { 0x22, 0xfc, 0xc1, 0x17, 0xc0, 0xae, 0x27, 0x8e };
+	torture_assert_mem_equal(tctx, cred_expected, r->out.return_credentials->data, 8, "return_credentials");
+	torture_assert_ntstatus_ok(tctx, r->out.result, "return code");
+
+	return true;
+}
+
+static const uint8_t netrlogonsamlogon_w2k_in_data[] = {
+	0x00, 0x00, 0x02, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x09, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x5c, 0x00, 0x57, 0x00, 0x32, 0x00,
+	0x4b, 0x00, 0x53, 0x00, 0x52, 0x00, 0x56, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x04, 0x00, 0x02, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x09, 0x00, 0x00, 0x00, 0x4d, 0x00, 0x54, 0x00, 0x48, 0x00, 0x45, 0x00,
+	0x4c, 0x00, 0x45, 0x00, 0x4e, 0x00, 0x41, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x08, 0x00, 0x02, 0x00, 0x08, 0xaf, 0x72, 0x50, 0xa0, 0x5b, 0x50, 0x19,
+	0x02, 0xc3, 0x39, 0x4d, 0x0c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00,
+	0x10, 0x00, 0x02, 0x00, 0x0c, 0x00, 0x0c, 0x00, 0x14, 0x00, 0x02, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0xad, 0xde, 0x00, 0x00, 0xef, 0xbe, 0x00, 0x00,
+	0x1a, 0x00, 0x1a, 0x00, 0x18, 0x00, 0x02, 0x00, 0x14, 0x00, 0x14, 0x00,
+	0x1c, 0x00, 0x02, 0x00, 0x31, 0xeb, 0xf4, 0x68, 0x62, 0x93, 0xfe, 0x38,
+	0x51, 0xc1, 0x1d, 0x41, 0x0a, 0xbd, 0x5d, 0xdf, 0xe3, 0x4f, 0x76, 0x7f,
+	0x19, 0x12, 0xcd, 0xfe, 0x9c, 0x68, 0xed, 0x9b, 0x1e, 0x9c, 0x66, 0xf6,
+	0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00,
+	0x57, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x44, 0x00, 0x4f, 0x00, 0x4d, 0x00,
+	0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x00, 0x00,
+	0x61, 0x00, 0x64, 0x00, 0x6d, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x69, 0x00,
+	0x73, 0x00, 0x74, 0x00, 0x72, 0x00, 0x61, 0x00, 0x74, 0x00, 0x6f, 0x00,
+	0x72, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x0a, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x5c, 0x00, 0x6d, 0x00, 0x74, 0x00,
+	0x68, 0x00, 0x65, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x6e, 0x00, 0x61, 0x00,
+	0x06, 0x00
+};
+
+static bool netrlogonsamlogon_w2k_in_check(struct torture_context *tctx,
+					   struct netr_LogonSamLogon *r)
+{
+	uint8_t credential_expected[8] = { 0x08, 0xaf, 0x72, 0x50, 0xa0, 0x5b, 0x50, 0x19 };
+	uint8_t return_authenticator_expected[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+	uint8_t lmpassword_expected[16] = { 0x31, 0xeb, 0xf4, 0x68, 0x62, 0x93, 0xfe, 0x38, 0x51, 0xc1, 0x1d, 0x41, 0x0a, 0xbd, 0x5d, 0xdf };
+	uint8_t ntpassword_expected[16] = { 0xe3, 0x4f, 0x76, 0x7f, 0x19, 0x12, 0xcd, 0xfe, 0x9c, 0x68, 0xed, 0x9b, 0x1e, 0x9c, 0x66, 0xf6 };
+
+	torture_assert_str_equal(tctx, r->in.server_name, "\\\\W2KSRV", "server_name");
+	torture_assert_str_equal(tctx, r->in.computer_name, "MTHELENA", "computer_name");
+	torture_assert_mem_equal(tctx, r->in.credential->cred.data, credential_expected, 8, "credential");
+/*	torture_assert_int_equal(tctx, r->in.credential->timestamp, 0, "credential.timestamp"); */
+	torture_assert_mem_equal(tctx, r->in.return_authenticator->cred.data, return_authenticator_expected, 8, "return_authenticator.cred.data");
+	torture_assert_int_equal(tctx, r->in.return_authenticator->timestamp, 0, "return_authenticator.timestamp");
+	torture_assert_int_equal(tctx, r->in.logon_level, NetlogonInteractiveInformation, "logon_level");
+	torture_assert(tctx, r->in.logon, "logon NULL pointer");
+	torture_assert(tctx, r->in.logon->password, "logon->password NULL pointer");
+	torture_assert_int_equal(tctx, r->in.logon->password->identity_info.domain_name.length, 12, "domain_name.length");
+	torture_assert_int_equal(tctx, r->in.logon->password->identity_info.domain_name.size, 12, "domain_name.size");
+	torture_assert_str_equal(tctx, r->in.logon->password->identity_info.domain_name.string, "W2KDOM", "domain_name.string");
+	torture_assert_int_equal(tctx, r->in.logon->password->identity_info.parameter_control, 0, "parameter_control");
+	torture_assert_u64_equal(tctx, r->in.logon->password->identity_info.logon_id, 0xbeef0000dead, "logon_id");
+	torture_assert_int_equal(tctx, r->in.logon->password->identity_info.account_name.length, 26, "account_name.length");
+	torture_assert_int_equal(tctx, r->in.logon->password->identity_info.account_name.size, 26, "account_name.size");
+	torture_assert_str_equal(tctx, r->in.logon->password->identity_info.account_name.string, "administrator", "account_name.string");
+	torture_assert_int_equal(tctx, r->in.logon->password->identity_info.workstation.length, 20, "workstation.length");
+	torture_assert_int_equal(tctx, r->in.logon->password->identity_info.workstation.size, 20, "workstation.size");
+	torture_assert_str_equal(tctx, r->in.logon->password->identity_info.workstation.string, "\\\\mthelena", "workstation.string");
+	torture_assert_mem_equal(tctx, r->in.logon->password->lmpassword.hash, lmpassword_expected, 16, "lmpassword");
+	torture_assert_mem_equal(tctx, r->in.logon->password->ntpassword.hash, ntpassword_expected, 16, "ntpassword");
+	torture_assert_int_equal(tctx, r->in.validation_level, 6, "validation_level");
+
+	return true;
+}
+
+#if 0
+static const uint8_t netrlogonsamlogon_w2k_out_data[] = {
+	0x6c, 0xdb, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+	0x03, 0x00, 0x00, 0xc0
+};
+
+static bool netrlogonsamlogon_w2k_out_check(struct torture_context *tctx,
+					    struct netr_LogonSamLogon *r)
+{
+	uint8_t return_authenticator_expected[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+
+	torture_assert_mem_equal(tctx, r->out.return_authenticator->cred.data, return_authenticator_expected, 8, "return_authenticator.cred.data");
+	torture_assert_int_equal(tctx, r->out.return_authenticator->timestamp, 0, "return_authenticator.timestamp");
+	torture_assert(tctx, r->out.validation, "validation NULL pointer");
+	torture_assert(tctx, (r->out.validation->sam6 == NULL), "sam6 not NULL");
+	torture_assert_int_equal(tctx, *r->out.authoritative, 1, "authoritative");
+	torture_assert_ntstatus_equal(tctx, r->out.result, NT_STATUS_INVALID_INFO_CLASS, "unexpected result");
+
+	return true;
+}
+#endif
+
+static const uint8_t netrlogongetdomaininfo_in_data[] = {
+	0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00,
+	0x5c, 0x00, 0x5c, 0x00, 0x67, 0x00, 0x64, 0x00, 0x77, 0x00, 0x32, 0x00,
+	0x6b, 0x00, 0x31, 0x00, 0x36, 0x00, 0x64, 0x00, 0x63, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x02, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x09, 0x00, 0x00, 0x00, 0x4d, 0x00, 0x54, 0x00, 0x48, 0x00, 0x45, 0x00,
+	0x4c, 0x00, 0x45, 0x00, 0x4e, 0x00, 0x41, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x80, 0x22, 0xbd, 0x03, 0x67, 0x3d, 0xdf, 0x17, 0xd3, 0x98, 0x81, 0x5d,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x04, 0x00, 0x02, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool netrlogongetdomaininfo_in_check(struct torture_context *tctx,
+					    struct netr_LogonGetDomainInfo *r)
+{
+	return true;
+}
+
+static const uint8_t netrlogongetdomaininfo_out_data[] = {
+	0x81, 0x3f, 0x80, 0x20, 0x4b, 0x4a, 0x18, 0x93, 0x00, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x10, 0x00, 0x12, 0x00,
+	0x04, 0x00, 0x02, 0x00, 0x32, 0x00, 0x34, 0x00, 0x08, 0x00, 0x02, 0x00,
+	0x32, 0x00, 0x34, 0x00, 0x0c, 0x00, 0x02, 0x00, 0x99, 0x7c, 0x28, 0xfd,
+	0x3b, 0xc8, 0x03, 0x4d, 0x84, 0x9e, 0x30, 0xc4, 0xf0, 0x62, 0xe2, 0xd3,
+	0x10, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x14, 0x00, 0x02, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1f, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x57, 0x00, 0x32, 0x00,
+	0x4b, 0x00, 0x31, 0x00, 0x36, 0x00, 0x44, 0x00, 0x4f, 0x00, 0x4d, 0x00,
+	0x1a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x19, 0x00, 0x00, 0x00,
+	0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x31, 0x00, 0x36, 0x00, 0x2e, 0x00,
+	0x64, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x2e, 0x00, 0x62, 0x00, 0x65, 0x00,
+	0x72, 0x00, 0x2e, 0x00, 0x72, 0x00, 0x65, 0x00, 0x64, 0x00, 0x68, 0x00,
+	0x61, 0x00, 0x74, 0x00, 0x2e, 0x00, 0x63, 0x00, 0x6f, 0x00, 0x6d, 0x00,
+	0x2e, 0x00, 0x00, 0x00, 0x1a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x19, 0x00, 0x00, 0x00, 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x31, 0x00,
+	0x36, 0x00, 0x2e, 0x00, 0x64, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x2e, 0x00,
+	0x62, 0x00, 0x65, 0x00, 0x72, 0x00, 0x2e, 0x00, 0x72, 0x00, 0x65, 0x00,
+	0x64, 0x00, 0x68, 0x00, 0x61, 0x00, 0x74, 0x00, 0x2e, 0x00, 0x63, 0x00,
+	0x6f, 0x00, 0x6d, 0x00, 0x2e, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+	0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00,
+	0x80, 0x9f, 0x75, 0x68, 0x0c, 0x07, 0x89, 0x1a, 0xd7, 0x39, 0x71, 0x13,
+	0x02, 0x00, 0x00, 0x00, 0x10, 0x00, 0x12, 0x00, 0x18, 0x00, 0x02, 0x00,
+	0x2e, 0x00, 0x30, 0x00, 0x1c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x02, 0x00,
+	0x10, 0x00, 0x10, 0x00, 0x24, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x10, 0x00, 0x12, 0x00, 0x28, 0x00, 0x02, 0x00, 0x30, 0x00, 0x32, 0x00,
+	0x2c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x99, 0x7c, 0x28, 0xfd, 0x3b, 0xc8, 0x03, 0x4d, 0x84, 0x9e, 0x30, 0xc4,
+	0xf0, 0x62, 0xe2, 0xd3, 0x30, 0x00, 0x02, 0x00, 0x10, 0x00, 0x10, 0x00,
+	0x34, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x57, 0x00, 0x32, 0x00,
+	0x4b, 0x00, 0x31, 0x00, 0x32, 0x00, 0x44, 0x00, 0x4f, 0x00, 0x4d, 0x00,
+	0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00,
+	0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x31, 0x00, 0x32, 0x00, 0x64, 0x00,
+	0x6f, 0x00, 0x6d, 0x00, 0x2e, 0x00, 0x62, 0x00, 0x65, 0x00, 0x72, 0x00,
+	0x2e, 0x00, 0x72, 0x00, 0x65, 0x00, 0x64, 0x00, 0x68, 0x00, 0x61, 0x00,
+	0x74, 0x00, 0x2e, 0x00, 0x63, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x00, 0x00,
+	0x04, 0x00, 0x00, 0x00, 0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+	0x15, 0x00, 0x00, 0x00, 0x05, 0xee, 0xb6, 0x98, 0x1b, 0xf2, 0x46, 0x5d,
+	0x27, 0x50, 0x57, 0x3d, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x08, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x02, 0x00, 0x00, 0x00, 0x08, 0x08, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x57, 0x00, 0x32, 0x00,
+	0x4b, 0x00, 0x31, 0x00, 0x36, 0x00, 0x44, 0x00, 0x4f, 0x00, 0x4d, 0x00,
+	0x19, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00,
+	0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x31, 0x00, 0x36, 0x00, 0x2e, 0x00,
+	0x64, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x2e, 0x00, 0x62, 0x00, 0x65, 0x00,
+	0x72, 0x00, 0x2e, 0x00, 0x72, 0x00, 0x65, 0x00, 0x64, 0x00, 0x68, 0x00,
+	0x61, 0x00, 0x74, 0x00, 0x2e, 0x00, 0x63, 0x00, 0x6f, 0x00, 0x6d, 0x00,
+	0x04, 0x00, 0x00, 0x00, 0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+	0x15, 0x00, 0x00, 0x00, 0x80, 0x9f, 0x75, 0x68, 0x0c, 0x07, 0x89, 0x1a,
+	0xd7, 0x39, 0x71, 0x13, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x08, 0x00, 0x00, 0x00, 0x1d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool netrlogongetdomaininfo_out_check_common(struct torture_context *tctx,
+						    struct netr_LogonGetDomainInfo *r)
+{
+	struct GUID guid;
+	struct dom_sid sid;
+	struct netr_OneDomainInfo p;
+
+	p = r->out.info->domain_info->primary_domain;
+
+	torture_assert_str_equal(tctx,
+			p.domainname.string,
+			"W2K16DOM", "domainname.string");
+	torture_assert_str_equal(tctx,
+			p.dns_domainname.string,
+			"w2k16.dom.ber.redhat.com.", "dns_domainname.string");
+	torture_assert_str_equal(tctx,
+			p.dns_forestname.string,
+			"w2k16.dom.ber.redhat.com.", "dns_forestname.string");
+	GUID_from_string("fd287c99-c83b-4d03-849e-30c4f062e2d3", &guid);
+	torture_assert_guid_equal(tctx,
+			p.domain_guid,
+			guid,
+			"domain_guid");
+	string_to_sid(&sid, "S-1-5-21-1752539008-445187852-326187479");
+	torture_assert_sid_equal(tctx,
+			p.domain_sid,
+			&sid,
+			"domain_sid");
+	torture_assert_int_equal(tctx,
+			p.trust_extension.length,
+			0,
+			"trust_extension.length");
+	torture_assert_int_equal(tctx,
+			p.trust_extension.size,
+			0,
+			"trust_extension.size");
+	torture_assert(tctx,
+			p.trust_extension.info == NULL,
+			"trust_extension.info");
+	/* dummy_string2, dummy_string3, dummy_string4,
+	   dummy_long1, dummy_long2, dummy_long3, dummy_long4 */
+
+	torture_assert_int_equal(tctx,
+			r->out.info->domain_info->trusted_domain_count, 2,
+			"trusted_domain_count");
+
+	/* trusted domain 0 */
+
+	p = r->out.info->domain_info->trusted_domains[0];
+
+	torture_assert_str_equal(tctx,
+			p.domainname.string,
+			"W2K12DOM", "domainname.string");
+	torture_assert_str_equal(tctx,
+			p.dns_domainname.string,
+			"w2k12dom.ber.redhat.com", "dns_domainname.string");
+	torture_assert_str_equal(tctx,
+			p.dns_forestname.string,
+			NULL, "dns_forestname.string");
+	guid = GUID_zero();
+	torture_assert_guid_equal(tctx,
+			p.domain_guid,
+			guid,
+			"domain_guid");
+	string_to_sid(&sid, "S-1-5-21-2562125317-1564930587-1029132327");
+	torture_assert_sid_equal(tctx,
+			p.domain_sid,
+			&sid,
+			"domain_sid");
+	torture_assert_int_equal(tctx,
+			p.trust_extension.length,
+			16,
+			"trust_extension.length");
+	torture_assert_int_equal(tctx,
+			p.trust_extension.size,
+			16,
+			"trust_extension.size");
+	torture_assert(tctx,
+			p.trust_extension.info,
+			"trust_extension.info");
+	torture_assert_int_equal(tctx,
+			p.trust_extension.info->length, 8,
+			"trust_extension.info->length");
+	torture_assert_int_equal(tctx,
+			p.trust_extension.info->dummy, 0,
+			"trust_extension.info->dummy");
+	torture_assert_int_equal(tctx,
+			p.trust_extension.info->size, 8,
+			"trust_extension.info->size");
+	torture_assert_int_equal(tctx,
+			p.trust_extension.info->info.flags,
+			NETR_TRUST_FLAG_OUTBOUND,
+			"trust_extension.info->info.flags");
+	torture_assert_int_equal(tctx,
+			p.trust_extension.info->info.parent_index, 0,
+			"trust_extension.info->info.parent_index");
+	torture_assert_int_equal(tctx,
+			p.trust_extension.info->info.trust_type,
+			LSA_TRUST_TYPE_UPLEVEL,
+			"trust_extension.info->info.trust_type");
+	torture_assert_int_equal(tctx,
+			p.trust_extension.info->info.trust_attributes,
+			LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE |
+			LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION_ENABLE_TGT_DELEGATION,
+			"trust_extension.info->info.trust_attributes");
+	/* dummy_string2, dummy_string3, dummy_string4,
+	   dummy_long1, dummy_long2, dummy_long3, dummy_long4 */
+
+	/* trusted domain 1 */
+
+	p = r->out.info->domain_info->trusted_domains[1];
+
+	torture_assert_str_equal(tctx,
+			p.domainname.string,
+			"W2K16DOM", "domainname.string");
+	torture_assert_str_equal(tctx,
+			p.dns_domainname.string,
+			"w2k16.dom.ber.redhat.com", "dns_domainname.string");
+	torture_assert_str_equal(tctx,
+			p.dns_forestname.string,
+			NULL, "dns_forestname.string");
+	GUID_from_string("fd287c99-c83b-4d03-849e-30c4f062e2d3", &guid);
+	torture_assert_guid_equal(tctx,
+			p.domain_guid,
+			guid,
+			"domain_guid");
+	string_to_sid(&sid, "S-1-5-21-1752539008-445187852-326187479");
+	torture_assert_sid_equal(tctx,
+			p.domain_sid,
+			&sid,
+			"domain_sid");
+	torture_assert_int_equal(tctx,
+			p.trust_extension.length,
+			16,
+			"trust_extension.length");
+	torture_assert_int_equal(tctx,
+			p.trust_extension.size,
+			16,
+			"trust_extension.size");
+	torture_assert(tctx,
+			p.trust_extension.info,
+			"trust_extension.info");
+	torture_assert_int_equal(tctx,
+			p.trust_extension.info->length, 8,
+			"trust_extension.info->length");
+	torture_assert_int_equal(tctx,
+			p.trust_extension.info->dummy, 0,
+			"trust_extension.info->dummy");
+	torture_assert_int_equal(tctx,
+			p.trust_extension.info->size, 8,
+			"trust_extension.info->size");
+	torture_assert_int_equal(tctx,
+			p.trust_extension.info->info.flags,
+			NETR_TRUST_FLAG_IN_FOREST | NETR_TRUST_FLAG_TREEROOT |
+			NETR_TRUST_FLAG_PRIMARY | NETR_TRUST_FLAG_NATIVE,
+			"trust_extension.info->info.flags");
+	torture_assert_int_equal(tctx,
+			p.trust_extension.info->info.parent_index, 0,
+			"trust_extension.info->info.parent_index");
+	torture_assert_int_equal(tctx,
+			p.trust_extension.info->info.trust_type,
+			LSA_TRUST_TYPE_UPLEVEL,
+			"trust_extension.info->info.trust_type");
+	torture_assert_int_equal(tctx,
+			p.trust_extension.info->info.trust_attributes, 0,
+			"trust_extension.info->info.trust_attributes");
+	/* dummy_string2, dummy_string3, dummy_string4,
+	   dummy_long1, dummy_long2, dummy_long3, dummy_long4 */
+
+	torture_assert_int_equal(tctx,
+			r->out.info->domain_info->lsa_policy.policy_size, 0,
+			"lsa_policy.policy_size");
+	torture_assert(tctx,
+			r->out.info->domain_info->lsa_policy.policy == NULL,
+			"lsa_policy.policy");
+	torture_assert_str_equal(tctx,
+			r->out.info->domain_info->dns_hostname.string, NULL,
+			"dns_hostname");
+	/* dummy_string2, dummy_string3, dummy_string4 */
+	torture_assert_int_equal(tctx,
+			r->out.info->domain_info->workstation_flags, 0,
+			"workstation_flags");
+
+	return true;
+}
+
+static bool netrlogongetdomaininfo_out_check(struct torture_context *tctx,
+					     struct netr_LogonGetDomainInfo *r)
+{
+	uint8_t return_authenticator_expected[8] = { 0x81, 0x3f, 0x80, 0x20, 0x4b, 0x4a, 0x18, 0x93 };
+	bool ok;
+
+	torture_assert_mem_equal(tctx,
+			r->out.return_authenticator->cred.data,
+			return_authenticator_expected, 8,
+			"return_authenticator.cred.data");
+	/* torture_assert_int_equal(tctx, r->out.return_authenticator->timestamp, 0, "return_authenticator.timestamp"); */
+
+	ok = netrlogongetdomaininfo_out_check_common(tctx, r);
+	if (!ok) {
+		return false;
+	}
+
+	torture_assert_int_equal(tctx,
+			r->out.info->domain_info->supported_enc_types,
+			0x0000001f,
+			"supported_enc_types");
+	/* dummy_long3, dummy_long4 */
+
+	return true;
+}
+
+static bool netrlogongetdomaininfo_out_check64(struct torture_context *tctx,
+					       struct netr_LogonGetDomainInfo *r)
+{
+	uint8_t return_authenticator_expected[8] = { 0x5c, 0x69, 0xfe, 0xcf, 0x9b, 0xd5, 0x00, 0xa0 };
+	bool ok;
+
+	torture_assert_mem_equal(tctx,
+			r->out.return_authenticator->cred.data,
+			return_authenticator_expected, 8,
+			"return_authenticator.cred.data");
+	/* torture_assert_int_equal(tctx, r->out.return_authenticator->timestamp, 0, "return_authenticator.timestamp"); */
+
+	ok = netrlogongetdomaininfo_out_check_common(tctx, r);
+	if (!ok) {
+		return false;
+	}
+
+	torture_assert_int_equal(tctx,
+			r->out.info->domain_info->supported_enc_types,
+			0xffffffff,
+			"supported_enc_types");
+	/* dummy_long3, dummy_long4 */
+
+	return true;
+}
+
+static const uint8_t netrlogongetdomaininfo_in_data64[] = {
+	0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x5c, 0x00, 0x5c, 0x00, 0x47, 0x00, 0x44, 0x00, 0x57, 0x00, 0x32, 0x00,
+	0x4b, 0x00, 0x31, 0x00, 0x36, 0x00, 0x44, 0x00, 0x43, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x74, 0x00, 0x6f, 0x00,
+	0x72, 0x00, 0x74, 0x00, 0x75, 0x00, 0x72, 0x00, 0x65, 0x00, 0x74, 0x00,
+	0x65, 0x00, 0x73, 0x00, 0x74, 0x00, 0x00, 0x00, 0x81, 0x19, 0x6e, 0x66,
+	0x55, 0x71, 0x21, 0x4b, 0x42, 0x61, 0x82, 0x5d, 0x81, 0x19, 0x6e, 0x66,
+	0x55, 0x71, 0x21, 0x4b, 0x42, 0x61, 0x82, 0x5d, 0x01, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x04, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static const uint8_t netrlogongetdomaininfo_out_data64[] = {
+	0x5c, 0x69, 0xfe, 0xcf, 0x9b, 0xd5, 0x00, 0xa0, 0x33, 0x68, 0x82, 0x5d,
+	0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x12, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x32, 0x00, 0x34, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x32, 0x00, 0x34, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x99, 0x7c, 0x28, 0xfd,
+	0x3b, 0xc8, 0x03, 0x4d, 0x84, 0x9e, 0x30, 0xc4, 0xf0, 0x62, 0xe2, 0xd3,
+	0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x57, 0x00, 0x32, 0x00,
+	0x4b, 0x00, 0x31, 0x00, 0x36, 0x00, 0x44, 0x00, 0x4f, 0x00, 0x4d, 0x00,
+	0x1a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x19, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x31, 0x00, 0x36, 0x00, 0x2e, 0x00,
+	0x64, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x2e, 0x00, 0x62, 0x00, 0x65, 0x00,
+	0x72, 0x00, 0x2e, 0x00, 0x72, 0x00, 0x65, 0x00, 0x64, 0x00, 0x68, 0x00,
+	0x61, 0x00, 0x74, 0x00, 0x2e, 0x00, 0x63, 0x00, 0x6f, 0x00, 0x6d, 0x00,
+	0x2e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1a, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x19, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x77, 0x00, 0x32, 0x00,
+	0x6b, 0x00, 0x31, 0x00, 0x36, 0x00, 0x2e, 0x00, 0x64, 0x00, 0x6f, 0x00,
+	0x6d, 0x00, 0x2e, 0x00, 0x62, 0x00, 0x65, 0x00, 0x72, 0x00, 0x2e, 0x00,
+	0x72, 0x00, 0x65, 0x00, 0x64, 0x00, 0x68, 0x00, 0x61, 0x00, 0x74, 0x00,
+	0x2e, 0x00, 0x63, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x2e, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00,
+	0x80, 0x9f, 0x75, 0x68, 0x0c, 0x07, 0x89, 0x1a, 0xd7, 0x39, 0x71, 0x13,
+	0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x12, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x2e, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x12, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x00, 0x32, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x99, 0x7c, 0x28, 0xfd, 0x3b, 0xc8, 0x03, 0x4d,
+	0x84, 0x9e, 0x30, 0xc4, 0xf0, 0x62, 0xe2, 0xd3, 0x00, 0x00, 0x02, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x57, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x31, 0x00, 0x32, 0x00, 0x44, 0x00,
+	0x4f, 0x00, 0x4d, 0x00, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x31, 0x00,
+	0x32, 0x00, 0x64, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x2e, 0x00, 0x62, 0x00,
+	0x65, 0x00, 0x72, 0x00, 0x2e, 0x00, 0x72, 0x00, 0x65, 0x00, 0x64, 0x00,
+	0x68, 0x00, 0x61, 0x00, 0x74, 0x00, 0x2e, 0x00, 0x63, 0x00, 0x6f, 0x00,
+	0x6d, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00,
+	0x05, 0xee, 0xb6, 0x98, 0x1b, 0xf2, 0x46, 0x5d, 0x27, 0x50, 0x57, 0x3d,
+	0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+	0x08, 0x08, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x57, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x31, 0x00,
+	0x36, 0x00, 0x44, 0x00, 0x4f, 0x00, 0x4d, 0x00, 0x19, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x77, 0x00, 0x32, 0x00,
+	0x6b, 0x00, 0x31, 0x00, 0x36, 0x00, 0x2e, 0x00, 0x64, 0x00, 0x6f, 0x00,
+	0x6d, 0x00, 0x2e, 0x00, 0x62, 0x00, 0x65, 0x00, 0x72, 0x00, 0x2e, 0x00,
+	0x72, 0x00, 0x65, 0x00, 0x64, 0x00, 0x68, 0x00, 0x61, 0x00, 0x74, 0x00,
+	0x2e, 0x00, 0x63, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x04, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+	0x15, 0x00, 0x00, 0x00, 0x80, 0x9f, 0x75, 0x68, 0x0c, 0x07, 0x89, 0x1a,
+	0xd7, 0x39, 0x71, 0x13, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x1d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static const uint8_t netrlogongetdomaininfo_in_data64_osversion[] = {
+	0x1f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x1f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x5c, 0x00, 0x5c, 0x00, 0x57, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x2d, 0x00,
+	0x44, 0x00, 0x43, 0x00, 0x30, 0x00, 0x31, 0x00, 0x2e, 0x00, 0x65, 0x00,
+	0x61, 0x00, 0x72, 0x00, 0x74, 0x00, 0x68, 0x00, 0x2e, 0x00, 0x6d, 0x00,
+	0x69, 0x00, 0x6c, 0x00, 0x6b, 0x00, 0x79, 0x00, 0x77, 0x00, 0x61, 0x00,
+	0x79, 0x00, 0x2e, 0x00, 0x73, 0x00, 0x69, 0x00, 0x74, 0x00, 0x65, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x57, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x31, 0x00, 0x30, 0x00, 0x2d, 0x00,
+	0x43, 0x00, 0x4c, 0x00, 0x49, 0x00, 0x30, 0x00, 0x31, 0x00, 0x00, 0x00,
+	0x4d, 0x33, 0xf7, 0x0d, 0xe7, 0xeb, 0x15, 0x4b, 0xd4, 0xe9, 0x4b, 0x5d,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x1c, 0x01, 0x1c, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2a, 0x00, 0x2c, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00,
+	0x1c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x57, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x31, 0x00, 0x30, 0x00, 0x2d, 0x00,
+	0x43, 0x00, 0x4c, 0x00, 0x49, 0x00, 0x30, 0x00, 0x31, 0x00, 0x2e, 0x00,
+	0x65, 0x00, 0x61, 0x00, 0x72, 0x00, 0x74, 0x00, 0x68, 0x00, 0x2e, 0x00,
+	0x6d, 0x00, 0x69, 0x00, 0x6c, 0x00, 0x6b, 0x00, 0x79, 0x00, 0x77, 0x00,
+	0x61, 0x00, 0x79, 0x00, 0x2e, 0x00, 0x73, 0x00, 0x69, 0x00, 0x74, 0x00,
+	0x65, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x44, 0x00, 0x65, 0x00, 0x66, 0x00, 0x61, 0x00,
+	0x75, 0x00, 0x6c, 0x00, 0x74, 0x00, 0x2d, 0x00, 0x46, 0x00, 0x69, 0x00,
+	0x72, 0x00, 0x73, 0x00, 0x74, 0x00, 0x2d, 0x00, 0x53, 0x00, 0x69, 0x00,
+	0x74, 0x00, 0x65, 0x00, 0x2d, 0x00, 0x4e, 0x00, 0x61, 0x00, 0x6d, 0x00,
+	0x65, 0x00, 0x00, 0x00, 0x8e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x8e, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x1c, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0xee, 0x42, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xb0, 0x4a, 0x02, 0xae, 0x6e, 0x01, 0x00, 0x00, 0x80, 0x4a, 0x16, 0xae,
+	0x6e, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x8e, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xc5, 0x96, 0xcc, 0x46, 0xff, 0x7f, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00,
+	0xc8, 0x4a, 0x16, 0xae, 0x6e, 0x01, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0xec, 0x2f, 0x80, 0x6d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0xec, 0x2f, 0x80, 0x6d, 0x00, 0x00, 0x00,
+	0xa0, 0x4a, 0x16, 0xae, 0x6e, 0x01, 0x00, 0x00, 0x00, 0x00, 0x79, 0xad,
+	0x6e, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xf4, 0xed, 0x2f, 0x80, 0x6d, 0x00, 0x00, 0x00, 0x60, 0xe8, 0x2f, 0x80,
+	0x6d, 0x00, 0x00, 0x00, 0xe0, 0xea, 0x2f, 0x80, 0x6d, 0x00, 0x00, 0x00,
+	0x20, 0xec, 0x2f, 0x80, 0x6d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x16, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x57, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x64, 0x00,
+	0x6f, 0x00, 0x77, 0x00, 0x73, 0x00, 0x20, 0x00, 0x31, 0x00, 0x30, 0x00,
+	0x20, 0x00, 0x45, 0x00, 0x6e, 0x00, 0x74, 0x00, 0x65, 0x00, 0x72, 0x00,
+	0x70, 0x00, 0x72, 0x00, 0x69, 0x00, 0x73, 0x00, 0x65, 0x00
+};
+
+static bool netrlogongetdomaininfo_in_check_osversion(struct torture_context *tctx,
+						      struct netr_LogonGetDomainInfo *r)
+{
+	return true;
+}
+
+struct torture_suite *ndr_netlogon_suite(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "netlogon");
+
+	torture_suite_add_ndr_pull_fn_test(suite,
+					   netr_ServerReqChallenge,
+					   netrserverreqchallenge_in_data,
+					   NDR_IN,
+					   netrserverreqchallenge_in_check);
+	torture_suite_add_ndr_pull_fn_test(suite,
+					   netr_ServerReqChallenge,
+					   netrserverreqchallenge_out_data,
+					   NDR_OUT,
+					   netrserverreqchallenge_out_check);
+
+	torture_suite_add_ndr_pull_fn_test(suite,
+					   netr_ServerAuthenticate3,
+					   netrserverauthenticate3_in_data,
+					   NDR_IN,
+					   netrserverauthenticate3_in_check);
+	torture_suite_add_ndr_pull_fn_test(suite,
+					   netr_ServerAuthenticate3,
+					   netrserverauthenticate3_out_data,
+					   NDR_OUT,
+					   netrserverauthenticate3_out_check);
+
+	torture_suite_add_ndr_pull_fn_test(suite,
+					   netr_LogonSamLogon,
+					   netrlogonsamlogon_w2k_in_data,
+					   NDR_IN,
+					   netrlogonsamlogon_w2k_in_check);
+#if 0
+	/* samba currently fails to parse a validation level 6 samlogon reply
+	 * from w2k and other servers - gd */
+	torture_suite_add_ndr_pull_io_test(suite,
+					   netr_LogonSamLogon,
+					   netrlogonsamlogon_w2k_in_data,
+					   netrlogonsamlogon_w2k_out_data,
+					   netrlogonsamlogon_w2k_out_check);
+#endif
+	torture_suite_add_ndr_pull_fn_test(suite,
+					   netr_LogonGetDomainInfo,
+					   netrlogongetdomaininfo_in_data,
+					   NDR_IN,
+					   netrlogongetdomaininfo_in_check);
+	torture_suite_add_ndr_pull_io_test(suite,
+					   netr_LogonGetDomainInfo,
+					   netrlogongetdomaininfo_in_data,
+					   netrlogongetdomaininfo_out_data,
+					   netrlogongetdomaininfo_out_check);
+
+	torture_suite_add_ndr_pull_fn_test_flags(suite,
+						 netr_LogonGetDomainInfo,
+						 netrlogongetdomaininfo_in_data64,
+						 NDR_IN,
+						 LIBNDR_FLAG_NDR64,
+						 netrlogongetdomaininfo_in_check);
+	torture_suite_add_ndr_pull_io_test_flags(suite,
+						 netr_LogonGetDomainInfo,
+						 netrlogongetdomaininfo_in_data64,
+						 netrlogongetdomaininfo_out_data64,
+						 LIBNDR_FLAG_NDR64,
+						 netrlogongetdomaininfo_out_check64);
+
+	torture_suite_add_ndr_pull_fn_test_flags(suite,
+						 netr_LogonGetDomainInfo,
+						 netrlogongetdomaininfo_in_data64_osversion,
+						 NDR_IN,
+						 LIBNDR_FLAG_NDR64,
+						 netrlogongetdomaininfo_in_check_osversion);
+#if 0
+	/* currently fails, most likely due to pointer value calculations - gd */
+	torture_suite_add_ndr_pullpush_fn_test_flags(suite,
+						     netr_LogonGetDomainInfo,
+						     netrlogongetdomaininfo_in_data64_osversion,
+						     NDR_IN,
+						     LIBNDR_FLAG_NDR64,
+						     netrlogongetdomaininfo_in_check_osversion);
+#endif
+
+	return suite;
+}
diff --git a/source4/torture/ndr/ntlmssp.c b/source4/torture/ndr/ntlmssp.c
new file mode 100644
index 0000000..4127ce8
--- /dev/null
+++ b/source4/torture/ndr/ntlmssp.c
@@ -0,0 +1,296 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for ntlmssp ndr operations
+
+   Copyright (C) Guenther Deschner 2010,2015
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/ndr/ndr.h"
+#include "librpc/gen_ndr/ndr_ntlmssp.h"
+#include "torture/ndr/proto.h"
+
+static const uint8_t ntlmssp_NEGOTIATE_MESSAGE_data[] = {
+	0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x01, 0x00, 0x00, 0x00,
+	0x97, 0x82, 0x08, 0xe2, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x01, 0xb0, 0x1d,
+	0x00, 0x00, 0x00, 0x0f
+};
+
+static bool ntlmssp_NEGOTIATE_MESSAGE_check(struct torture_context *tctx,
+					    struct NEGOTIATE_MESSAGE *r)
+{
+	torture_assert_str_equal(tctx, r->Signature, "NTLMSSP", "Signature");
+	torture_assert_int_equal(tctx, r->MessageType, NtLmNegotiate, "MessageType");
+	torture_assert_int_equal(tctx, r->NegotiateFlags, 0xe2088297, "NegotiateFlags");
+	torture_assert_int_equal(tctx, r->DomainNameLen, 0, "DomainNameLen");
+	torture_assert_int_equal(tctx, r->DomainNameMaxLen, 0, "DomainNameMaxLen");
+	torture_assert(tctx, r->DomainName == NULL, "DomainName");
+	torture_assert_int_equal(tctx, r->WorkstationLen, 0, "WorkstationLen");
+	torture_assert_int_equal(tctx, r->WorkstationMaxLen, 0, "WorkstationMaxLen");
+	torture_assert(tctx, r->Workstation == NULL, "Workstation");
+	torture_assert_int_equal(tctx, r->Version.version.ProductMajorVersion, NTLMSSP_WINDOWS_MAJOR_VERSION_6, "ProductMajorVersion");
+	torture_assert_int_equal(tctx, r->Version.version.ProductMinorVersion, NTLMSSP_WINDOWS_MINOR_VERSION_1, "ProductMinorVersion");
+	torture_assert_int_equal(tctx, r->Version.version.ProductBuild, 0x1db0, "ProductBuild");
+	torture_assert_int_equal(tctx, r->Version.version.Reserved[0], 0x00, "Reserved");
+	torture_assert_int_equal(tctx, r->Version.version.Reserved[1], 0x00, "Reserved");
+	torture_assert_int_equal(tctx, r->Version.version.Reserved[2], 0x00, "Reserved");
+	torture_assert_int_equal(tctx, r->Version.version.NTLMRevisionCurrent, NTLMSSP_REVISION_W2K3, "NTLMRevisionCurrent");
+
+	return true;
+}
+
+static const uint8_t ntlmssp_CHALLENGE_MESSAGE_data[] = {
+	0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x02, 0x00, 0x00, 0x00,
+	0x0a, 0x00, 0x0a, 0x00, 0x38, 0x00, 0x00, 0x00, 0x95, 0x82, 0x89, 0xe2,
+	0xed, 0xc8, 0x2b, 0x7d, 0x2e, 0xd7, 0xd0, 0xd9, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x78, 0x00, 0x78, 0x00, 0x42, 0x00, 0x00, 0x00,
+	0x06, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0f, 0x53, 0x00, 0x41, 0x00,
+	0x4d, 0x00, 0x42, 0x00, 0x41, 0x00, 0x02, 0x00, 0x0a, 0x00, 0x53, 0x00,
+	0x41, 0x00, 0x4d, 0x00, 0x42, 0x00, 0x41, 0x00, 0x01, 0x00, 0x10, 0x00,
+	0x4d, 0x00, 0x54, 0x00, 0x48, 0x00, 0x45, 0x00, 0x4c, 0x00, 0x45, 0x00,
+	0x4e, 0x00, 0x41, 0x00, 0x04, 0x00, 0x1c, 0x00, 0x62, 0x00, 0x65, 0x00,
+	0x72, 0x00, 0x2e, 0x00, 0x72, 0x00, 0x65, 0x00, 0x64, 0x00, 0x68, 0x00,
+	0x61, 0x00, 0x74, 0x00, 0x2e, 0x00, 0x63, 0x00, 0x6f, 0x00, 0x6d, 0x00,
+	0x03, 0x00, 0x2e, 0x00, 0x6d, 0x00, 0x74, 0x00, 0x68, 0x00, 0x65, 0x00,
+	0x6c, 0x00, 0x65, 0x00, 0x6e, 0x00, 0x61, 0x00, 0x2e, 0x00, 0x62, 0x00,
+	0x65, 0x00, 0x72, 0x00, 0x2e, 0x00, 0x72, 0x00, 0x65, 0x00, 0x64, 0x00,
+	0x68, 0x00, 0x61, 0x00, 0x74, 0x00, 0x2e, 0x00, 0x63, 0x00, 0x6f, 0x00,
+	0x6d, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool ntlmssp_CHALLENGE_MESSAGE_check(struct torture_context *tctx,
+					    struct CHALLENGE_MESSAGE *r)
+{
+	uint8_t chal[8] = { 0xed, 0xc8, 0x2b, 0x7d, 0x2e, 0xd7, 0xd0, 0xd9 };
+	uint8_t data[8] = { 0 };
+
+	torture_assert_str_equal(tctx, r->Signature, "NTLMSSP", "Signature");
+	torture_assert_int_equal(tctx, r->MessageType, NtLmChallenge, "MessageType");
+	torture_assert_int_equal(tctx, r->TargetNameLen, 10, "TargetNameLen");
+	torture_assert_int_equal(tctx, r->TargetNameMaxLen, 10, "TargetNameMaxLen");
+	torture_assert_str_equal(tctx, r->TargetName, "SAMBA", "TargetName");
+	torture_assert_int_equal(tctx, r->NegotiateFlags, 0xe2898295, "NegotiateFlags");
+	torture_assert_mem_equal(tctx, r->ServerChallenge, chal, 8, "ServerChallenge");
+	torture_assert_mem_equal(tctx, r->Reserved, data, 8, "Reserved");
+	torture_assert_int_equal(tctx, r->TargetInfoLen, 120, "TargetInfoLen");
+	torture_assert_int_equal(tctx, r->TargetInfoMaxLen, 120, "TargetInfoMaxLen");
+	torture_assert_int_equal(tctx, r->TargetInfo->count, 5, "TargetInfo->count");
+
+	torture_assert_int_equal(tctx, r->TargetInfo->pair[0].AvId, MsvAvNbDomainName, "AvId");
+	torture_assert_int_equal(tctx, r->TargetInfo->pair[0].AvLen, 10, "AvLen");
+	torture_assert_str_equal(tctx, r->TargetInfo->pair[0].Value.AvNbDomainName, "SAMBA", "AvNbDomainName");
+
+	torture_assert_int_equal(tctx, r->TargetInfo->pair[1].AvId, MsvAvNbComputerName, "AvId");
+	torture_assert_int_equal(tctx, r->TargetInfo->pair[1].AvLen, 16, "AvLen");
+	torture_assert_str_equal(tctx, r->TargetInfo->pair[1].Value.AvNbComputerName, "MTHELENA", "AvNbComputerName");
+
+	torture_assert_int_equal(tctx, r->TargetInfo->pair[2].AvId, MsvAvDnsDomainName, "AvId");
+	torture_assert_int_equal(tctx, r->TargetInfo->pair[2].AvLen, 28, "AvLen");
+	torture_assert_str_equal(tctx, r->TargetInfo->pair[2].Value.AvDnsDomainName, "ber.redhat.com", "AvDnsDomainName");
+
+	torture_assert_int_equal(tctx, r->TargetInfo->pair[3].AvId, MsvAvDnsComputerName, "AvId");
+	torture_assert_int_equal(tctx, r->TargetInfo->pair[3].AvLen, 46, "AvLen");
+	torture_assert_str_equal(tctx, r->TargetInfo->pair[3].Value.AvDnsComputerName, "mthelena.ber.redhat.com", "AvDnsComputerName");
+
+	torture_assert_int_equal(tctx, r->TargetInfo->pair[4].AvId, MsvAvEOL, "AvId");
+	torture_assert_int_equal(tctx, r->TargetInfo->pair[4].AvLen, 0, "AvLen");
+
+	torture_assert_int_equal(tctx, r->Version.version.ProductMajorVersion, NTLMSSP_WINDOWS_MAJOR_VERSION_6, "ProductMajorVersion");
+	torture_assert_int_equal(tctx, r->Version.version.ProductMinorVersion, NTLMSSP_WINDOWS_MINOR_VERSION_1, "ProductMinorVersion");
+	torture_assert_int_equal(tctx, r->Version.version.ProductBuild, 0, "ProductBuild");
+	torture_assert_int_equal(tctx, r->Version.version.Reserved[0], 0x00, "Reserved");
+	torture_assert_int_equal(tctx, r->Version.version.Reserved[1], 0x00, "Reserved");
+	torture_assert_int_equal(tctx, r->Version.version.Reserved[2], 0x00, "Reserved");
+	torture_assert_int_equal(tctx, r->Version.version.NTLMRevisionCurrent, NTLMSSP_REVISION_W2K3, "NTLMRevisionCurrent");
+
+	return true;
+}
+
+static const uint8_t ntlmssp_AUTHENTICATE_MESSAGE_data[] = {
+	0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x03, 0x00, 0x00, 0x00,
+	0x18, 0x00, 0x18, 0x00, 0x8c, 0x00, 0x00, 0x00, 0x0e, 0x01, 0x0e, 0x01,
+	0xa4, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x0e, 0x00, 0x58, 0x00, 0x00, 0x00,
+	0x1a, 0x00, 0x1a, 0x00, 0x66, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x0c, 0x00,
+	0x80, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0xb2, 0x01, 0x00, 0x00,
+	0x15, 0x82, 0x88, 0xe2, 0x06, 0x01, 0xb0, 0x1d, 0x00, 0x00, 0x00, 0x0f,
+	0x50, 0xe2, 0xb2, 0xa7, 0xf5, 0x83, 0x3e, 0xda, 0x71, 0xa7, 0xe8, 0x6e,
+	0x95, 0x1e, 0x3a, 0x57, 0x57, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x38, 0x00,
+	0x44, 0x00, 0x4f, 0x00, 0x4d, 0x00, 0x41, 0x00, 0x64, 0x00, 0x6d, 0x00,
+	0x69, 0x00, 0x6e, 0x00, 0x69, 0x00, 0x73, 0x00, 0x74, 0x00, 0x72, 0x00,
+	0x61, 0x00, 0x74, 0x00, 0x6f, 0x00, 0x72, 0x00, 0x57, 0x00, 0x32, 0x00,
+	0x4b, 0x00, 0x38, 0x00, 0x52, 0x00, 0x32, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x38, 0xcf, 0xfb, 0x39,
+	0x5a, 0xb3, 0x4c, 0x58, 0x86, 0x35, 0xa3, 0xe7, 0x1e, 0x00, 0x98, 0x43,
+	0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x96, 0x79, 0x02, 0x77,
+	0x1e, 0x54, 0xcb, 0x01, 0x3c, 0x21, 0x0a, 0xe9, 0xde, 0x61, 0xc0, 0x7e,
+	0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x0a, 0x00, 0x53, 0x00, 0x41, 0x00,
+	0x4d, 0x00, 0x42, 0x00, 0x41, 0x00, 0x01, 0x00, 0x10, 0x00, 0x4d, 0x00,
+	0x54, 0x00, 0x48, 0x00, 0x45, 0x00, 0x4c, 0x00, 0x45, 0x00, 0x4e, 0x00,
+	0x41, 0x00, 0x04, 0x00, 0x1c, 0x00, 0x62, 0x00, 0x65, 0x00, 0x72, 0x00,
+	0x2e, 0x00, 0x72, 0x00, 0x65, 0x00, 0x64, 0x00, 0x68, 0x00, 0x61, 0x00,
+	0x74, 0x00, 0x2e, 0x00, 0x63, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x03, 0x00,
+	0x2e, 0x00, 0x6d, 0x00, 0x74, 0x00, 0x68, 0x00, 0x65, 0x00, 0x6c, 0x00,
+	0x65, 0x00, 0x6e, 0x00, 0x61, 0x00, 0x2e, 0x00, 0x62, 0x00, 0x65, 0x00,
+	0x72, 0x00, 0x2e, 0x00, 0x72, 0x00, 0x65, 0x00, 0x64, 0x00, 0x68, 0x00,
+	0x61, 0x00, 0x74, 0x00, 0x2e, 0x00, 0x63, 0x00, 0x6f, 0x00, 0x6d, 0x00,
+	0x08, 0x00, 0x30, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x0a, 0xfd, 0x3b, 0x2c,
+	0xad, 0x43, 0x46, 0x8b, 0x49, 0x01, 0x6c, 0xa5, 0xf3, 0xbc, 0xd2, 0x13,
+	0xbb, 0x70, 0xe2, 0x65, 0x96, 0xba, 0x0d, 0x8d, 0x5d, 0x31, 0xe6, 0x47,
+	0x94, 0x61, 0xed, 0x28, 0x0a, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x09, 0x00, 0x1a, 0x00, 0x63, 0x00, 0x69, 0x00, 0x66, 0x00, 0x73, 0x00,
+	0x2f, 0x00, 0x6d, 0x00, 0x74, 0x00, 0x68, 0x00, 0x65, 0x00, 0x6c, 0x00,
+	0x65, 0x00, 0x6e, 0x00, 0x61, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0xa4, 0x23, 0xd4, 0x5c, 0x16, 0x52, 0x8d, 0x56, 0x34, 0x2d,
+	0x1c, 0xff, 0x86, 0x17, 0xc9, 0x4f
+};
+
+static bool ntlmssp_AUTHENTICATE_MESSAGE_check(struct torture_context *tctx,
+					       struct AUTHENTICATE_MESSAGE *r)
+{
+	uint8_t lm_challenge_response[24] = { 0 };
+	struct NTLMv2_RESPONSE v2;
+	struct AV_PAIR_LIST AvPairs;
+	uint8_t Response[16] = {
+		0x38, 0xcf, 0xfb, 0x39, 0x5a, 0xb3, 0x4c, 0x58,
+		0x86, 0x35, 0xa3, 0xe7, 0x1e, 0x00, 0x98, 0x43
+	};
+	uint8_t ChallengeFromClient[8] = {
+		0x3c, 0x21, 0x0a, 0xe9, 0xde, 0x61, 0xc0, 0x7e
+	};
+	uint8_t MachineId[32] = {
+		0x0a, 0xfd, 0x3b, 0x2c, 0xad, 0x43, 0x46, 0x8b,
+		0x49, 0x01, 0x6c, 0xa5, 0xf3, 0xbc, 0xd2, 0x13,
+		0xbb, 0x70, 0xe2, 0x65, 0x96, 0xba, 0x0d, 0x8d,
+		0x5d, 0x31, 0xe6, 0x47, 0x94, 0x61, 0xed, 0x28
+	};
+	uint8_t EncryptedRandomSessionKey[16] = {
+		0xA4, 0x23, 0xD4, 0x5C, 0x16, 0x52, 0x8D, 0x56,
+		0x34, 0x2D, 0x1C, 0xFF, 0x86, 0x17, 0xC9, 0x4F
+	};
+
+	torture_assert_str_equal(tctx, r->Signature, "NTLMSSP", "Signature");
+	torture_assert_int_equal(tctx, r->MessageType, NtLmAuthenticate, "MessageType");
+	torture_assert_int_equal(tctx, r->LmChallengeResponseLen, 24, "LmChallengeResponseLen");
+	torture_assert_int_equal(tctx, r->LmChallengeResponseMaxLen, 24, "LmChallengeResponseMaxLen");
+	torture_assert_mem_equal(tctx, r->LmChallengeResponse->v1.Response, lm_challenge_response, 24, "LmChallengeResponse");
+
+	torture_assert_int_equal(tctx, r->NtChallengeResponseLen, 270, "NtChallengeResponseLen");
+	torture_assert_int_equal(tctx, r->NtChallengeResponseMaxLen, 270, "NtChallengeResponseMaxLen");
+
+	v2 = r->NtChallengeResponse->v2;
+
+	torture_assert_mem_equal(tctx, v2.Response, Response, 16, "v2.Response");
+	torture_assert_int_equal(tctx, v2.Challenge.RespType, 1, "RespType");
+	torture_assert_int_equal(tctx, v2.Challenge.HiRespType, 1, "HiRespType");
+	torture_assert_int_equal(tctx, v2.Challenge.Reserved1, 0, "Reserved1");
+	torture_assert_int_equal(tctx, v2.Challenge.Reserved2, 0, "Reserved2");
+	/* 	TimeStamp                : Tue Sep 14 17:06:53 2010 CEST */
+	torture_assert_mem_equal(tctx, v2.Challenge.ChallengeFromClient, ChallengeFromClient, 8, "v2.Challenge.ChallengeFromClient");
+	torture_assert_int_equal(tctx, v2.Challenge.Reserved3, 0, "Reserved3");
+
+	AvPairs = v2.Challenge.AvPairs;
+
+	torture_assert_int_equal(tctx, AvPairs.count, 8, "AvPairs.count");
+
+	torture_assert_int_equal(tctx, AvPairs.pair[0].AvId, MsvAvNbDomainName, "AvId");
+	torture_assert_int_equal(tctx, AvPairs.pair[0].AvLen, 10, "AvLen");
+	torture_assert_str_equal(tctx, AvPairs.pair[0].Value.AvNbDomainName, "SAMBA", "Value.AvNbDomainName");
+
+	torture_assert_int_equal(tctx, AvPairs.pair[1].AvId, MsvAvNbComputerName, "AvId");
+	torture_assert_int_equal(tctx, AvPairs.pair[1].AvLen, 16, "AvLen");
+	torture_assert_str_equal(tctx, AvPairs.pair[1].Value.AvNbComputerName, "MTHELENA", "Value.AvNbComputerName");
+
+	torture_assert_int_equal(tctx, AvPairs.pair[2].AvId, MsvAvDnsDomainName, "AvId");
+	torture_assert_int_equal(tctx, AvPairs.pair[2].AvLen, 28, "AvLen");
+	torture_assert_str_equal(tctx, AvPairs.pair[2].Value.AvDnsDomainName, "ber.redhat.com", "Value.AvDnsDomainName");
+
+	torture_assert_int_equal(tctx, AvPairs.pair[3].AvId, MsvAvDnsComputerName, "AvId");
+	torture_assert_int_equal(tctx, AvPairs.pair[3].AvLen, 46, "AvLen");
+	torture_assert_str_equal(tctx, AvPairs.pair[3].Value.AvDnsComputerName, "mthelena.ber.redhat.com", "Value.AvDnsComputerName");
+
+	torture_assert_int_equal(tctx, AvPairs.pair[4].AvId, MsvAvSingleHost, "AvId");
+	torture_assert_int_equal(tctx, AvPairs.pair[4].AvLen, 48, "AvLen");
+	torture_assert_int_equal(tctx, AvPairs.pair[4].Value.AvSingleHost.Size, 48, "Value.AvSingleHost.Size");
+	torture_assert_int_equal(tctx, AvPairs.pair[4].Value.AvSingleHost.Z4, 0, "Value.AvSingleHost.Z4");
+	torture_assert_int_equal(tctx, AvPairs.pair[4].Value.AvSingleHost.token_info.Flags, 0, "Value.AvSingleHost.token_info.Flags");
+	torture_assert_int_equal(tctx, AvPairs.pair[4].Value.AvSingleHost.token_info.TokenIL, 0x00003000, "Value.AvSingleHost.token_info.TokenIL");
+	torture_assert_mem_equal(tctx, AvPairs.pair[4].Value.AvSingleHost.token_info.MachineId, MachineId, 32, "Value.AvSingleHost.token_info.MachineId");
+	torture_assert_int_equal(tctx, AvPairs.pair[4].Value.AvSingleHost.remaining.length, 0, "Value.AvSingleHost.remaining.length");
+
+	torture_assert_int_equal(tctx, AvPairs.pair[5].AvId, MsvChannelBindings, "AvId");
+	torture_assert_int_equal(tctx, AvPairs.pair[5].AvLen, 16, "AvLen");
+	torture_assert_mem_equal(tctx, AvPairs.pair[5].Value.ChannelBindings, lm_challenge_response, 16, "Value.ChannelBindings");
+
+	torture_assert_int_equal(tctx, AvPairs.pair[6].AvId, MsvAvTargetName, "AvId");
+	torture_assert_int_equal(tctx, AvPairs.pair[6].AvLen, 26, "AvLen");
+	torture_assert_str_equal(tctx, AvPairs.pair[6].Value.AvTargetName, "cifs/mthelena", "Value.AvTargetName");
+
+	torture_assert_int_equal(tctx, AvPairs.pair[7].AvId, MsvAvEOL, "AvId");
+	torture_assert_int_equal(tctx, AvPairs.pair[7].AvLen, 0, "AvLen");
+
+	torture_assert_int_equal(tctx, r->DomainNameLen, 14, "DomainNameLen");
+	torture_assert_int_equal(tctx, r->DomainNameMaxLen, 14, "DomainNameMaxLen");
+	torture_assert_str_equal(tctx, r->DomainName, "W2K8DOM", "DomainName");
+
+	torture_assert_int_equal(tctx, r->UserNameLen, 26, "UserNameLen");
+	torture_assert_int_equal(tctx, r->UserNameMaxLen, 26, "UserNameMaxLen");
+	torture_assert_str_equal(tctx, r->UserName, "Administrator", "UserName");
+
+	torture_assert_int_equal(tctx, r->WorkstationLen, 12, "WorkstationLen");
+	torture_assert_int_equal(tctx, r->WorkstationMaxLen, 12, "WorkstationMaxLen");
+	torture_assert_str_equal(tctx, r->Workstation, "W2K8R2", "Workstation");
+
+	torture_assert_int_equal(tctx, r->EncryptedRandomSessionKeyLen, 16, "EncryptedRandomSessionKeyLen");
+	torture_assert_int_equal(tctx, r->EncryptedRandomSessionKeyMaxLen, 16, "EncryptedRandomSessionKeyMaxLen");
+	torture_assert_mem_equal(tctx, r->EncryptedRandomSessionKey->data, EncryptedRandomSessionKey, 16, "EncryptedRandomSessionKeyMaxLen");
+
+	torture_assert_int_equal(tctx, r->NegotiateFlags, 0xe2888215, "NegotiateFlags");
+
+	torture_assert_int_equal(tctx, r->Version.version.ProductMajorVersion, NTLMSSP_WINDOWS_MAJOR_VERSION_6, "ProductMajorVersion");
+	torture_assert_int_equal(tctx, r->Version.version.ProductMinorVersion, NTLMSSP_WINDOWS_MINOR_VERSION_1, "ProductMinorVersion");
+	torture_assert_int_equal(tctx, r->Version.version.ProductBuild, 0x1db0, "ProductBuild");
+	torture_assert_int_equal(tctx, r->Version.version.Reserved[0], 0x00, "Reserved");
+	torture_assert_int_equal(tctx, r->Version.version.Reserved[1], 0x00, "Reserved");
+	torture_assert_int_equal(tctx, r->Version.version.Reserved[2], 0x00, "Reserved");
+	torture_assert_int_equal(tctx, r->Version.version.NTLMRevisionCurrent, NTLMSSP_REVISION_W2K3, "NTLMRevisionCurrent");
+
+	return true;
+}
+
+struct torture_suite *ndr_ntlmssp_suite(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "ntlmssp");
+
+	torture_suite_add_ndr_pull_test(suite, NEGOTIATE_MESSAGE, ntlmssp_NEGOTIATE_MESSAGE_data, ntlmssp_NEGOTIATE_MESSAGE_check);
+	torture_suite_add_ndr_pull_test(suite, CHALLENGE_MESSAGE, ntlmssp_CHALLENGE_MESSAGE_data, ntlmssp_CHALLENGE_MESSAGE_check);
+	torture_suite_add_ndr_pull_test(suite, AUTHENTICATE_MESSAGE, ntlmssp_AUTHENTICATE_MESSAGE_data, ntlmssp_AUTHENTICATE_MESSAGE_check);
+
+	torture_suite_add_ndr_pull_validate_test(suite,
+					    NEGOTIATE_MESSAGE,
+					    ntlmssp_NEGOTIATE_MESSAGE_data,
+					    ntlmssp_NEGOTIATE_MESSAGE_check);
+
+	torture_suite_add_ndr_pull_validate_test(suite,
+					    CHALLENGE_MESSAGE,
+					    ntlmssp_CHALLENGE_MESSAGE_data,
+					    ntlmssp_CHALLENGE_MESSAGE_check);
+
+	return suite;
+}
diff --git a/source4/torture/ndr/ntprinting.c b/source4/torture/ndr/ntprinting.c
new file mode 100644
index 0000000..d5e7e90
--- /dev/null
+++ b/source4/torture/ndr/ntprinting.c
@@ -0,0 +1,655 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for ntprinting ndr operations
+
+   Copyright (C) Guenther Deschner 2012
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/ndr/ndr.h"
+#include "librpc/gen_ndr/ndr_ntprinting.h"
+#include "torture/ndr/proto.h"
+#include "param/param.h"
+
+static const uint8_t ntprinting_printer_data[] = {
+	0x48, 0x10, 0x08, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x9d, 0x0e, 0x03, 0x09,
+	0x00, 0x00, 0x00, 0x00, 0x24, 0x13, 0xb8, 0x4e, 0x00, 0x4b, 0x79, 0x6f,
+	0x63, 0x65, 0x72, 0x61, 0x2d, 0x35, 0x30, 0x30, 0x00, 0x6b, 0x79, 0x6f,
+	0x63, 0x65, 0x72, 0x61, 0x2d, 0x35, 0x30, 0x30, 0x00, 0x53, 0x61, 0x6d,
+	0x62, 0x61, 0x20, 0x50, 0x72, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x20, 0x50,
+	0x6f, 0x72, 0x74, 0x00, 0x6b, 0x79, 0x6f, 0x63, 0x65, 0x72, 0x61, 0x2d,
+	0x35, 0x30, 0x30, 0x00, 0x4b, 0x79, 0x6f, 0x63, 0x65, 0x72, 0x61, 0x20,
+	0x54, 0x61, 0x73, 0x6b, 0x41, 0x6c, 0x66, 0x61, 0x20, 0x35, 0x30, 0x30,
+	0x63, 0x69, 0x00, 0x62, 0x75, 0x6c, 0x6c, 0x70, 0x65, 0x6e, 0x00, 0x00,
+	0x77, 0x69, 0x6e, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x00, 0x52, 0x41, 0x57,
+	0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x5c, 0x5c, 0x69, 0x72, 0x6f, 0x62,
+	0x6f, 0x74, 0x5c, 0x4b, 0x79, 0x6f, 0x63, 0x65, 0x72, 0x61, 0x2d, 0x35,
+	0x30, 0x30, 0x00, 0x4c, 0x65, 0x74, 0x74, 0x65, 0x72, 0x00, 0x01, 0x04,
+	0x00, 0x06, 0xdc, 0x00, 0x60, 0x08, 0x01, 0x00, 0x01, 0x00, 0xea, 0x0a,
+	0x6f, 0x08, 0x64, 0x00, 0x01, 0x00, 0x0f, 0x00, 0x58, 0x02, 0x02, 0x00,
+	0x01, 0x00, 0x58, 0x02, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x53, 0xff,
+	0x81, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00,
+	0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x60, 0x08,
+	0x00, 0x00, 0x50, 0x52, 0x49, 0x56, 0xe2, 0x30, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x10, 0x27, 0x10, 0x27, 0x10, 0x27, 0x00, 0x00, 0x10, 0x27, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x03, 0x54, 0x06, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x03, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x02, 0x10, 0x00, 0x5c, 0x4b,
+	0x03, 0x00, 0x68, 0x43, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc6, 0x75,
+	0xbf, 0xbb, 0x29, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x0e, 0x00, 0xff, 0x00, 0xff, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x03, 0x00, 0x00, 0x53, 0x4d,
+	0x54, 0x4a, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x70, 0x03, 0x6b, 0x00,
+	0x79, 0x00, 0x6f, 0x00, 0x63, 0x00, 0x65, 0x00, 0x72, 0x00, 0x61, 0x00,
+	0x2d, 0x00, 0x35, 0x00, 0x30, 0x00, 0x30, 0x00, 0x00, 0x00, 0x4a, 0x43,
+	0x4c, 0x54, 0x72, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x00, 0x4d, 0x65,
+	0x64, 0x69, 0x75, 0x6d, 0x00, 0x4a, 0x43, 0x4c, 0x48, 0x61, 0x6c, 0x66,
+	0x74, 0x6f, 0x6e, 0x65, 0x00, 0x47, 0x72, 0x61, 0x64, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x00, 0x4a, 0x43, 0x4c, 0x52, 0x65, 0x64, 0x4c, 0x65, 0x76,
+	0x65, 0x6c, 0x00, 0x4e, 0x6f, 0x6e, 0x65, 0x00, 0x4a, 0x43, 0x4c, 0x47,
+	0x72, 0x65, 0x65, 0x6e, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x00, 0x4e, 0x6f,
+	0x6e, 0x65, 0x00, 0x4a, 0x43, 0x4c, 0x42, 0x6c, 0x75, 0x65, 0x4c, 0x65,
+	0x76, 0x65, 0x6c, 0x00, 0x4e, 0x6f, 0x6e, 0x65, 0x00, 0x4a, 0x43, 0x4c,
+	0x48, 0x75, 0x65, 0x4d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00, 0x4e, 0x6f,
+	0x6e, 0x65, 0x00, 0x4a, 0x43, 0x4c, 0x48, 0x75, 0x65, 0x52, 0x65, 0x64,
+	0x00, 0x4e, 0x6f, 0x6e, 0x65, 0x00, 0x4a, 0x43, 0x4c, 0x48, 0x75, 0x65,
+	0x59, 0x65, 0x6c, 0x6c, 0x6f, 0x77, 0x00, 0x4e, 0x6f, 0x6e, 0x65, 0x00,
+	0x4a, 0x43, 0x4c, 0x48, 0x75, 0x65, 0x47, 0x72, 0x65, 0x65, 0x6e, 0x00,
+	0x4e, 0x6f, 0x6e, 0x65, 0x00, 0x4a, 0x43, 0x4c, 0x48, 0x75, 0x65, 0x43,
+	0x79, 0x61, 0x6e, 0x00, 0x4e, 0x6f, 0x6e, 0x65, 0x00, 0x4a, 0x43, 0x4c,
+	0x48, 0x75, 0x65, 0x42, 0x6c, 0x75, 0x65, 0x00, 0x4e, 0x6f, 0x6e, 0x65,
+	0x00, 0x4a, 0x43, 0x4c, 0x48, 0x75, 0x65, 0x4d, 0x61, 0x67, 0x65, 0x6e,
+	0x74, 0x61, 0x00, 0x4e, 0x6f, 0x6e, 0x65, 0x00, 0x4a, 0x43, 0x4c, 0x4c,
+	0x69, 0x67, 0x68, 0x74, 0x6e, 0x65, 0x73, 0x73, 0x47, 0x61, 0x6d, 0x6d,
+	0x61, 0x00, 0x4e, 0x6f, 0x6e, 0x65, 0x00, 0x4a, 0x43, 0x4c, 0x4c, 0x69,
+	0x67, 0x68, 0x74, 0x6e, 0x65, 0x73, 0x73, 0x43, 0x6f, 0x6e, 0x74, 0x72,
+	0x61, 0x73, 0x74, 0x00, 0x4e, 0x6f, 0x6e, 0x65, 0x00, 0x4a, 0x43, 0x4c,
+	0x53, 0x61, 0x74, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x00, 0x4e,
+	0x6f, 0x6e, 0x65, 0x00, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69,
+	0x6f, 0x6e, 0x00, 0x36, 0x30, 0x30, 0x64, 0x70, 0x69, 0x00, 0x4b, 0x43,
+	0x45, 0x63, 0x6f, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x00, 0x4f, 0x66, 0x66,
+	0x00, 0x43, 0x6f, 0x6c, 0x6f, 0x72, 0x4d, 0x6f, 0x64, 0x65, 0x6c, 0x00,
+	0x43, 0x4d, 0x59, 0x4b, 0x00, 0x43, 0x6f, 0x6c, 0x6f, 0x72, 0x72, 0x65,
+	0x70, 0x72, 0x6f, 0x64, 0x00, 0x50, 0x72, 0x69, 0x6e, 0x74, 0x65, 0x72,
+	0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x00, 0x43, 0x49, 0x45,
+	0x00, 0x50, 0x72, 0x6e, 0x44, 0x65, 0x66, 0x00, 0x50, 0x61, 0x67, 0x65,
+	0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x00, 0x4f, 0x6e, 0x00, 0x50, 0x61,
+	0x67, 0x65, 0x53, 0x69, 0x7a, 0x65, 0x00, 0x4c, 0x65, 0x74, 0x74, 0x65,
+	0x72, 0x00, 0x50, 0x61, 0x67, 0x65, 0x52, 0x65, 0x67, 0x69, 0x6f, 0x6e,
+	0x00, 0x00, 0x4c, 0x65, 0x61, 0x64, 0x69, 0x6e, 0x67, 0x45, 0x64, 0x67,
+	0x65, 0x00, 0x00, 0x49, 0x6e, 0x70, 0x75, 0x74, 0x53, 0x6c, 0x6f, 0x74,
+	0x00, 0x2a, 0x55, 0x73, 0x65, 0x46, 0x6f, 0x72, 0x6d, 0x54, 0x72, 0x61,
+	0x79, 0x54, 0x61, 0x62, 0x6c, 0x65, 0x00, 0x4d, 0x65, 0x64, 0x69, 0x61,
+	0x54, 0x79, 0x70, 0x65, 0x00, 0x41, 0x75, 0x74, 0x6f, 0x00, 0x4f, 0x75,
+	0x74, 0x70, 0x75, 0x74, 0x42, 0x69, 0x6e, 0x00, 0x4e, 0x6f, 0x6e, 0x65,
+	0x00, 0x4b, 0x43, 0x53, 0x74, 0x61, 0x70, 0x6c, 0x65, 0x00, 0x4e, 0x6f,
+	0x6e, 0x65, 0x00, 0x53, 0x74, 0x61, 0x70, 0x6c, 0x65, 0x43, 0x6f, 0x75,
+	0x6e, 0x74, 0x00, 0x4e, 0x6f, 0x6e, 0x65, 0x00, 0x4b, 0x43, 0x50, 0x75,
+	0x6e, 0x63, 0x68, 0x00, 0x4e, 0x6f, 0x6e, 0x65, 0x00, 0x4b, 0x43, 0x42,
+	0x6f, 0x6f, 0x6b, 0x6c, 0x65, 0x74, 0x00, 0x4e, 0x6f, 0x6e, 0x65, 0x00,
+	0x4b, 0x43, 0x46, 0x6f, 0x6c, 0x64, 0x00, 0x4e, 0x6f, 0x6e, 0x65, 0x00,
+	0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x00, 0x46, 0x61, 0x6c, 0x73, 0x65,
+	0x00, 0x4a, 0x6f, 0x67, 0x00, 0x4e, 0x6f, 0x6e, 0x65, 0x00, 0x44, 0x75,
+	0x70, 0x6c, 0x65, 0x78, 0x00, 0x4e, 0x6f, 0x6e, 0x65, 0x00, 0x4b, 0x43,
+	0x43, 0x6f, 0x6c, 0x6c, 0x61, 0x74, 0x65, 0x00, 0x50, 0x72, 0x6e, 0x44,
+	0x65, 0x66, 0x00, 0x4b, 0x6d, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x6d, 0x65,
+	0x6e, 0x74, 0x00, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x00, 0x4b,
+	0x43, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x00, 0x44, 0x65, 0x66,
+	0x61, 0x75, 0x6c, 0x74, 0x00, 0x63, 0x75, 0x70, 0x73, 0x4a, 0x6f, 0x62,
+	0x48, 0x6f, 0x6c, 0x64, 0x55, 0x6e, 0x74, 0x69, 0x6c, 0x00, 0x6e, 0x6f,
+	0x2d, 0x68, 0x6f, 0x6c, 0x64, 0x00, 0x63, 0x75, 0x70, 0x73, 0x4a, 0x6f,
+	0x62, 0x53, 0x68, 0x65, 0x65, 0x74, 0x73, 0x53, 0x74, 0x61, 0x72, 0x74,
+	0x00, 0x6e, 0x6f, 0x6e, 0x65, 0x00, 0x63, 0x75, 0x70, 0x73, 0x4a, 0x6f,
+	0x62, 0x53, 0x68, 0x65, 0x65, 0x74, 0x73, 0x45, 0x6e, 0x64, 0x00, 0x6e,
+	0x6f, 0x6e, 0x65, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x0c, 0x02, 0x00, 0x00, 0x53, 0x50, 0x55, 0x43, 0x00, 0x06,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00,
+	0x00, 0x00, 0x50, 0x72, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x44, 0x72, 0x69,
+	0x76, 0x65, 0x72, 0x44, 0x61, 0x74, 0x61, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x50, 0x72, 0x69, 0x6e,
+	0x74, 0x65, 0x72, 0x44, 0x72, 0x69, 0x76, 0x65, 0x72, 0x44, 0x61, 0x74,
+	0x61, 0x5c, 0x54, 0x72, 0x61, 0x79, 0x46, 0x6f, 0x72, 0x6d, 0x53, 0x69,
+	0x7a, 0x65, 0x00, 0x04, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0xce,
+	0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x50, 0x72, 0x69, 0x6e, 0x74,
+	0x65, 0x72, 0x44, 0x72, 0x69, 0x76, 0x65, 0x72, 0x44, 0x61, 0x74, 0x61,
+	0x5c, 0x54, 0x72, 0x61, 0x79, 0x46, 0x6f, 0x72, 0x6d, 0x54, 0x61, 0x62,
+	0x6c, 0x65, 0x00, 0x03, 0x00, 0x00, 0x00, 0xce, 0x00, 0x00, 0x00, 0xce,
+	0x00, 0x43, 0x00, 0x61, 0x00, 0x73, 0x00, 0x73, 0x00, 0x65, 0x00, 0x74,
+	0x00, 0x74, 0x00, 0x65, 0x00, 0x20, 0x00, 0x31, 0x00, 0x00, 0x00, 0x4c,
+	0x00, 0x65, 0x00, 0x74, 0x00, 0x74, 0x00, 0x65, 0x00, 0x72, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x43, 0x00, 0x61, 0x00, 0x73, 0x00, 0x73,
+	0x00, 0x65, 0x00, 0x74, 0x00, 0x74, 0x00, 0x65, 0x00, 0x20, 0x00, 0x32,
+	0x00, 0x00, 0x00, 0x4c, 0x00, 0x65, 0x00, 0x74, 0x00, 0x74, 0x00, 0x65,
+	0x00, 0x72, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x43, 0x00, 0x61,
+	0x00, 0x73, 0x00, 0x73, 0x00, 0x65, 0x00, 0x74, 0x00, 0x74, 0x00, 0x65,
+	0x00, 0x20, 0x00, 0x33, 0x00, 0x00, 0x00, 0x4c, 0x00, 0x65, 0x00, 0x74,
+	0x00, 0x74, 0x00, 0x65, 0x00, 0x72, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x43, 0x00, 0x61, 0x00, 0x73, 0x00, 0x73, 0x00, 0x65, 0x00, 0x74,
+	0x00, 0x74, 0x00, 0x65, 0x00, 0x20, 0x00, 0x34, 0x00, 0x00, 0x00, 0x4c,
+	0x00, 0x65, 0x00, 0x74, 0x00, 0x74, 0x00, 0x65, 0x00, 0x72, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x42, 0x00, 0x79, 0x00, 0x70, 0x00, 0x61,
+	0x00, 0x73, 0x00, 0x73, 0x00, 0x20, 0x00, 0x54, 0x00, 0x72, 0x00, 0x61,
+	0x00, 0x79, 0x00, 0x00, 0x00, 0x4c, 0x00, 0x65, 0x00, 0x74, 0x00, 0x74,
+	0x00, 0x65, 0x00, 0x72, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x01, 0x00, 0x00, 0x00, 0x50, 0x72, 0x69, 0x6e, 0x74, 0x65, 0x72,
+	0x44, 0x72, 0x69, 0x76, 0x65, 0x72, 0x44, 0x61, 0x74, 0x61, 0x5c, 0x54,
+	0x72, 0x61, 0x79, 0x46, 0x6f, 0x72, 0x6d, 0x4d, 0x61, 0x70, 0x53, 0x69,
+	0x7a, 0x65, 0x00, 0x04, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x39,
+	0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x50, 0x72, 0x69, 0x6e, 0x74,
+	0x65, 0x72, 0x44, 0x72, 0x69, 0x76, 0x65, 0x72, 0x44, 0x61, 0x74, 0x61,
+	0x5c, 0x54, 0x72, 0x61, 0x79, 0x46, 0x6f, 0x72, 0x6d, 0x4d, 0x61, 0x70,
+	0x00, 0x03, 0x00, 0x00, 0x00, 0x39, 0x00, 0x00, 0x00, 0x50, 0x46, 0x37,
+	0x30, 0x30, 0x41, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50, 0x46, 0x37, 0x30,
+	0x30, 0x42, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50, 0x46, 0x37, 0x30, 0x30,
+	0x43, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50, 0x46, 0x37, 0x30, 0x30, 0x44,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x4d, 0x46, 0x31, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x50, 0x72,
+	0x69, 0x6e, 0x74, 0x65, 0x72, 0x44, 0x72, 0x69, 0x76, 0x65, 0x72, 0x44,
+	0x61, 0x74, 0x61, 0x5c, 0x54, 0x72, 0x61, 0x79, 0x46, 0x6f, 0x72, 0x6d,
+	0x4b, 0x65, 0x79, 0x77, 0x6f, 0x72, 0x64, 0x53, 0x69, 0x7a, 0x65, 0x00,
+	0x04, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x26, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x50, 0x72, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x44,
+	0x72, 0x69, 0x76, 0x65, 0x72, 0x44, 0x61, 0x74, 0x61, 0x5c, 0x54, 0x72,
+	0x61, 0x79, 0x46, 0x6f, 0x72, 0x6d, 0x4b, 0x65, 0x79, 0x77, 0x6f, 0x72,
+	0x64, 0x00, 0x03, 0x00, 0x00, 0x00, 0x26, 0x00, 0x00, 0x00, 0x50, 0x46,
+	0x37, 0x30, 0x30, 0x41, 0x00, 0x00, 0x50, 0x46, 0x37, 0x30, 0x30, 0x42,
+	0x00, 0x00, 0x50, 0x46, 0x37, 0x30, 0x30, 0x43, 0x00, 0x00, 0x50, 0x46,
+	0x37, 0x30, 0x30, 0x44, 0x00, 0x00, 0x4d, 0x46, 0x31, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x44, 0x73, 0x53, 0x70, 0x6f, 0x6f, 0x6c, 0x65,
+	0x72, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00,
+	0x00, 0x00, 0x44, 0x73, 0x53, 0x70, 0x6f, 0x6f, 0x6c, 0x65, 0x72, 0x5c,
+	0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x00, 0x01,
+	0x00, 0x00, 0x00, 0x0e, 0x00, 0x00, 0x00, 0x49, 0x00, 0x52, 0x00, 0x4f,
+	0x00, 0x42, 0x00, 0x4f, 0x00, 0x54, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
+	0x00, 0x44, 0x73, 0x53, 0x70, 0x6f, 0x6f, 0x6c, 0x65, 0x72, 0x5c, 0x73,
+	0x68, 0x6f, 0x72, 0x74, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61,
+	0x6d, 0x65, 0x00, 0x01, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x00, 0x00, 0x49,
+	0x00, 0x52, 0x00, 0x4f, 0x00, 0x42, 0x00, 0x4f, 0x00, 0x54, 0x00, 0x00,
+	0x00, 0x01, 0x00, 0x00, 0x00, 0x44, 0x73, 0x53, 0x70, 0x6f, 0x6f, 0x6c,
+	0x65, 0x72, 0x5c, 0x75, 0x4e, 0x43, 0x4e, 0x61, 0x6d, 0x65, 0x00, 0x01,
+	0x00, 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x5c, 0x00, 0x49,
+	0x00, 0x52, 0x00, 0x4f, 0x00, 0x42, 0x00, 0x4f, 0x00, 0x54, 0x00, 0x5c,
+	0x00, 0x6b, 0x00, 0x79, 0x00, 0x6f, 0x00, 0x63, 0x00, 0x65, 0x00, 0x72,
+	0x00, 0x61, 0x00, 0x2d, 0x00, 0x35, 0x00, 0x30, 0x00, 0x30, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static const uint8_t ntprinting_printer_data_latin1[] = {
+	0x48, 0x1a, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x94, 0x46, 0x50, 0x0e, 0x00, 0x00, 0x00, 0x00,
+	0x94, 0xee, 0xb9, 0x50, 0x00, 0x53, 0x30, 0x42,
+	0x43, 0x00, 0x53, 0x30, 0x42, 0x43, 0x00, 0x53,
+	0x61, 0x6d, 0x62, 0x61, 0x20, 0x50, 0x72, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x20, 0x50, 0x6f, 0x72,
+	0x74, 0x00, 0x48, 0x50, 0x20, 0x44, 0x65, 0x73,
+	0x69, 0x67, 0x6e, 0x6a, 0x65, 0x74, 0x20, 0x38,
+	0x30, 0x30, 0x50, 0x53, 0x20, 0x34, 0x32, 0x20,
+	0x62, 0x79, 0x20, 0x48, 0x50, 0x00, 0x22, 0x20,
+	0x53, 0x41, 0x4c, 0x41, 0x20, 0x44, 0x41, 0x20,
+	0x52, 0x45, 0x43, 0x45, 0x50, 0xc7, 0xc3, 0x4f,
+	0x20, 0x44, 0x41, 0x20, 0x43, 0x4f, 0x4e, 0x53,
+	0x54, 0x52, 0x55, 0xc7, 0xc3, 0x4f, 0x20, 0x2d,
+	0x20, 0x52, 0x41, 0x4e, 0x44, 0x30, 0x20, 0x4c,
+	0x4f, 0x43, 0x41, 0x54, 0x49, 0x4f, 0x00, 0x55,
+	0x54, 0x47, 0x43, 0x41, 0x20, 0x00, 0x00, 0x77,
+	0x69, 0x6e, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x00,
+	0x52, 0x41, 0x57, 0x00, 0x00, 0x01, 0x00, 0x00,
+	0x00, 0x5c, 0x5c, 0x4c, 0x4f, 0x43, 0x41, 0x4c,
+	0x48, 0x4f, 0x53, 0x54, 0x5c, 0x53, 0x30, 0x42,
+	0x43, 0x00, 0x4c, 0x65, 0x74, 0x74, 0x65, 0x72,
+	0x00, 0x01, 0x04, 0x00, 0x04, 0xdc, 0x00, 0x00,
+	0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x64, 0x00, 0x01, 0x00, 0x0f, 0x00, 0xfc,
+	0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x03,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x13, 0x47, 0x01,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x01, 0x00, 0x00, 0x00, 0x50, 0x72, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x44, 0x72, 0x69, 0x76,
+	0x65, 0x72, 0x44, 0x61, 0x74, 0x61, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+	0x00, 0x00, 0x00, 0x50, 0x72, 0x69, 0x6e, 0x74,
+	0x65, 0x72, 0x44, 0x72, 0x69, 0x76, 0x65, 0x72,
+	0x44, 0x61, 0x74, 0x61, 0x5c, 0x44, 0x72, 0x76,
+	0x50, 0x61, 0x70, 0x65, 0x72, 0x53, 0x74, 0x61,
+	0x6e, 0x64, 0x61, 0x72, 0x64, 0x73, 0x00, 0x04,
+	0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x61,
+	0xc2, 0x00, 0xc0, 0x01, 0x00, 0x00, 0x00, 0x50,
+	0x72, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x44, 0x72,
+	0x69, 0x76, 0x65, 0x72, 0x44, 0x61, 0x74, 0x61,
+	0x5c, 0x44, 0x72, 0x76, 0x44, 0x65, 0x76, 0x4d,
+	0x6f, 0x64, 0x65, 0x00, 0x01, 0x00, 0x00, 0x00,
+	0x42, 0x02, 0x00, 0x00, 0x31, 0x00, 0x3b, 0x00,
+	0x31, 0x00, 0x3b, 0x00, 0x32, 0x00, 0x36, 0x00,
+	0x36, 0x00, 0x3b, 0x00, 0x2d, 0x00, 0x33, 0x00,
+	0x3b, 0x00, 0x31, 0x00, 0x3b, 0x00, 0x31, 0x00,
+	0x30, 0x00, 0x3b, 0x00, 0x30, 0x00, 0x3b, 0x00,
+	0x30, 0x00, 0x3b, 0x00, 0x31, 0x00, 0x3b, 0x00,
+	0x31, 0x00, 0x30, 0x00, 0x37, 0x00, 0x33, 0x00,
+	0x37, 0x00, 0x34, 0x00, 0x31, 0x00, 0x39, 0x00,
+	0x30, 0x00, 0x35, 0x00, 0x3b, 0x00, 0x30, 0x00,
+	0x3b, 0x00, 0x30, 0x00, 0x3b, 0x00, 0x30, 0x00,
+	0x3b, 0x00, 0x31, 0x00, 0x3b, 0x00, 0x35, 0x00,
+	0x30, 0x00, 0x3b, 0x00, 0x34, 0x00, 0x3b, 0x00,
+	0x35, 0x00, 0x3b, 0x00, 0x30, 0x00, 0x3b, 0x00,
+	0x32, 0x00, 0x30, 0x00, 0x30, 0x00, 0x3b, 0x00,
+	0x30, 0x00, 0x3b, 0x00, 0x30, 0x00, 0x3b, 0x00,
+	0x30, 0x00, 0x3b, 0x00, 0x30, 0x00, 0x3b, 0x00,
+	0x32, 0x00, 0x3b, 0x00, 0x32, 0x00, 0x3b, 0x00,
+	0x32, 0x00, 0x3b, 0x00, 0x31, 0x00, 0x3b, 0x00,
+	0x31, 0x00, 0x3b, 0x00, 0x31, 0x00, 0x3b, 0x00,
+	0x30, 0x00, 0x3b, 0x00, 0x32, 0x00, 0x36, 0x00,
+	0x32, 0x00, 0x3b, 0x00, 0x31, 0x00, 0x30, 0x00,
+	0x30, 0x00, 0x3b, 0x00, 0x31, 0x00, 0x36, 0x00,
+	0x37, 0x00, 0x37, 0x00, 0x37, 0x00, 0x32, 0x00,
+	0x31, 0x00, 0x36, 0x00, 0x3b, 0x00, 0x30, 0x00,
+	0x3b, 0x00, 0x31, 0x00, 0x3b, 0x00, 0x30, 0x00,
+	0x3b, 0x00, 0x31, 0x00, 0x36, 0x00, 0x3b, 0x00,
+	0x32, 0x00, 0x31, 0x00, 0x3b, 0x00, 0x32, 0x00,
+	0x30, 0x00, 0x3b, 0x00, 0x31, 0x00, 0x3b, 0x00,
+	0x31, 0x00, 0x3b, 0x00, 0x30, 0x00, 0x3b, 0x00,
+	0x30, 0x00, 0x3b, 0x00, 0x30, 0x00, 0x3b, 0x00,
+	0x30, 0x00, 0x3b, 0x00, 0x31, 0x00, 0x3b, 0x00,
+	0x31, 0x00, 0x3b, 0x00, 0x30, 0x00, 0x3b, 0x00,
+	0x34, 0x00, 0x3b, 0x00, 0x36, 0x00, 0x35, 0x00,
+	0x35, 0x00, 0x33, 0x00, 0x35, 0x00, 0x3b, 0x00,
+	0x32, 0x00, 0x36, 0x00, 0x33, 0x00, 0x31, 0x00,
+	0x37, 0x00, 0x32, 0x00, 0x3b, 0x00, 0x30, 0x00,
+	0x3b, 0x00, 0x30, 0x00, 0x3b, 0x00, 0x31, 0x00,
+	0x3b, 0x00, 0x30, 0x00, 0x3b, 0x00, 0x37, 0x00,
+	0x3b, 0x00, 0x31, 0x00, 0x30, 0x00, 0x32, 0x00,
+	0x37, 0x00, 0x3b, 0x00, 0x31, 0x00, 0x3b, 0x00,
+	0x30, 0x00, 0x3b, 0x00, 0x32, 0x00, 0x3b, 0x00,
+	0x31, 0x00, 0x3b, 0x00, 0x32, 0x00, 0x31, 0x00,
+	0x35, 0x00, 0x39, 0x00, 0x3b, 0x00, 0x32, 0x00,
+	0x37, 0x00, 0x39, 0x00, 0x34, 0x00, 0x3b, 0x00,
+	0x32, 0x00, 0x31, 0x00, 0x35, 0x00, 0x39, 0x00,
+	0x3b, 0x00, 0x32, 0x00, 0x37, 0x00, 0x39, 0x00,
+	0x34, 0x00, 0x3b, 0x00, 0x32, 0x00, 0x31, 0x00,
+	0x35, 0x00, 0x39, 0x00, 0x3b, 0x00, 0x32, 0x00,
+	0x37, 0x00, 0x39, 0x00, 0x34, 0x00, 0x3b, 0x00,
+	0x32, 0x00, 0x31, 0x00, 0x35, 0x00, 0x39, 0x00,
+	0x3b, 0x00, 0x32, 0x00, 0x37, 0x00, 0x39, 0x00,
+	0x34, 0x00, 0x3b, 0x00, 0x32, 0x00, 0x31, 0x00,
+	0x35, 0x00, 0x39, 0x00, 0x3b, 0x00, 0x32, 0x00,
+	0x37, 0x00, 0x39, 0x00, 0x34, 0x00, 0x3b, 0x00,
+	0x32, 0x00, 0x31, 0x00, 0x35, 0x00, 0x39, 0x00,
+	0x3b, 0x00, 0x32, 0x00, 0x37, 0x00, 0x39, 0x00,
+	0x34, 0x00, 0x3b, 0x00, 0x32, 0x00, 0x31, 0x00,
+	0x35, 0x00, 0x39, 0x00, 0x3b, 0x00, 0x32, 0x00,
+	0x37, 0x00, 0x39, 0x00, 0x34, 0x00, 0x3b, 0x00,
+	0x32, 0x00, 0x31, 0x00, 0x35, 0x00, 0x39, 0x00,
+	0x3b, 0x00, 0x32, 0x00, 0x37, 0x00, 0x39, 0x00,
+	0x34, 0x00, 0x3b, 0x00, 0x32, 0x00, 0x31, 0x00,
+	0x35, 0x00, 0x39, 0x00, 0x3b, 0x00, 0x32, 0x00,
+	0x37, 0x00, 0x39, 0x00, 0x34, 0x00, 0x3b, 0x00,
+	0x32, 0x00, 0x31, 0x00, 0x35, 0x00, 0x39, 0x00,
+	0x3b, 0x00, 0x32, 0x00, 0x37, 0x00, 0x39, 0x00,
+	0x34, 0x00, 0x3b, 0x00, 0x30, 0x00, 0x3b, 0x00,
+	0x3b, 0x00, 0x3b, 0x00, 0x3b, 0x00, 0x3b, 0x00,
+	0x3b, 0x00, 0x31, 0x00, 0x30, 0x00, 0x30, 0x00,
+	0x3b, 0x00, 0x31, 0x00, 0x30, 0x00, 0x30, 0x00,
+	0x3b, 0x00, 0x31, 0x00, 0x30, 0x00, 0x30, 0x00,
+	0x3b, 0x00, 0x30, 0x00, 0x3b, 0x00, 0x30, 0x00,
+	0x3b, 0x00, 0x3b, 0x00, 0x00, 0x00, 0x01, 0x00,
+	0x00, 0x00, 0x50, 0x72, 0x69, 0x6e, 0x74, 0x65,
+	0x72, 0x44, 0x72, 0x69, 0x76, 0x65, 0x72, 0x44,
+	0x61, 0x74, 0x61, 0x5c, 0x44, 0x72, 0x76, 0x45,
+	0x57, 0x53, 0x49, 0x50, 0x00, 0x01, 0x00, 0x00,
+	0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+	0x00, 0x00, 0x00, 0x44, 0x73, 0x53, 0x70, 0x6f,
+	0x6f, 0x6c, 0x65, 0x72, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
+	0x00, 0x44, 0x73, 0x53, 0x70, 0x6f, 0x6f, 0x6c,
+	0x65, 0x72, 0x5c, 0x70, 0x72, 0x69, 0x6e, 0x74,
+	0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x00, 0x01,
+	0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x53,
+	0x00, 0x30, 0x00, 0x42, 0x00, 0x43, 0x00, 0x00,
+	0x00, 0x01, 0x00, 0x00, 0x00, 0x44, 0x73, 0x53,
+	0x70, 0x6f, 0x6f, 0x6c, 0x65, 0x72, 0x5c, 0x73,
+	0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d,
+	0x65, 0x00, 0x01, 0x00, 0x00, 0x00, 0x14, 0x00,
+	0x00, 0x00, 0x53, 0x00, 0x36, 0x00, 0x30, 0x00,
+	0x32, 0x00, 0x30, 0x00, 0x50, 0x00, 0x53, 0x00,
+	0x36, 0x00, 0x36, 0x00, 0x00, 0x00, 0x01, 0x00,
+	0x00, 0x00, 0x44, 0x73, 0x53, 0x70, 0x6f, 0x6f,
+	0x6c, 0x65, 0x72, 0x5c, 0x73, 0x68, 0x6f, 0x72,
+	0x74, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e,
+	0x61, 0x6d, 0x65, 0x00, 0x01, 0x00, 0x00, 0x00,
+	0x14, 0x00, 0x00, 0x00, 0x53, 0x00, 0x36, 0x00,
+	0x30, 0x00, 0x32, 0x00, 0x30, 0x00, 0x50, 0x00,
+	0x53, 0x00, 0x36, 0x00, 0x36, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x44, 0x73, 0x53, 0x70,
+	0x6f, 0x6f, 0x6c, 0x65, 0x72, 0x5c, 0x75, 0x4e,
+	0x43, 0x4e, 0x61, 0x6d, 0x65, 0x00, 0x01, 0x00,
+	0x00, 0x00, 0x22, 0x00, 0x00, 0x00, 0x5c, 0x00,
+	0x5c, 0x00, 0x53, 0x00, 0x36, 0x00, 0x30, 0x00,
+	0x32, 0x00, 0x30, 0x00, 0x50, 0x00, 0x53, 0x00,
+	0x36, 0x00, 0x36, 0x00, 0x5c, 0x00, 0x53, 0x00,
+	0x30, 0x00, 0x42, 0x00, 0x43, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00
+};
+
+static bool ntprinting_printer_check(struct torture_context *tctx,
+				     struct ntprinting_printer *r)
+{
+	torture_assert_int_equal(tctx, r->info.attributes, 0x00081048, "attributes");
+	torture_assert_int_equal(tctx, r->info.priority, 1, "priority");
+	torture_assert_int_equal(tctx, r->info.default_priority, 1, "default_priority");
+	torture_assert_int_equal(tctx, r->info.starttime, 0, "startime");
+	torture_assert_int_equal(tctx, r->info.untiltime, 0, "untiltime");
+	torture_assert_int_equal(tctx, r->info.status, 0, "status");
+	torture_assert_int_equal(tctx, r->info.cjobs, 5, "cjobs");
+	torture_assert_int_equal(tctx, r->info.averageppm, 0, "averageppm");
+	torture_assert_int_equal(tctx, r->info.changeid, 0x09030e9d, "changeid");
+	torture_assert_int_equal(tctx, r->info.c_setprinter, 0, "c_setprinter");
+	torture_assert_int_equal(tctx, r->info.setuptime, 0x4eb81324, "setuptime");
+	torture_assert_str_equal(tctx, r->info.servername, "", "servername");
+	torture_assert_str_equal(tctx, r->info.printername, "Kyocera-500", "printername");
+	torture_assert_str_equal(tctx, r->info.sharename, "kyocera-500", "sharename");
+	torture_assert_str_equal(tctx, r->info.portname, "Samba Printer Port", "portname");
+	torture_assert_str_equal(tctx, r->info.drivername, "kyocera-500", "drivername");
+	torture_assert_str_equal(tctx, r->info.comment, "Kyocera TaskAlfa 500ci", "comment");
+	torture_assert_str_equal(tctx, r->info.location, "bullpen", "comment");
+	torture_assert_str_equal(tctx, r->info.sepfile, "", "sepfile");
+	torture_assert_str_equal(tctx, r->info.printprocessor, "winprint", "printprocessor");
+	torture_assert_str_equal(tctx, r->info.datatype, "RAW", "datatype");
+	torture_assert_str_equal(tctx, r->info.parameters, "", "parameters");
+
+	torture_assert(tctx, r->devmode, "devmode");
+	torture_assert_str_equal(tctx, r->devmode->devicename, "\\\\irobot\\Kyocera-500", "devicename");
+	torture_assert_str_equal(tctx, r->devmode->formname, "Letter", "formname");
+	torture_assert_int_equal(tctx, r->devmode->specversion, 0x0401, "specversion");
+	torture_assert_int_equal(tctx, r->devmode->driverversion, 0x0600, "driverversion");
+	torture_assert_int_equal(tctx, r->devmode->size, 0x00dc, "size");
+	torture_assert_int_equal(tctx, r->devmode->driverextra, 0x0860, "driverextra");
+	torture_assert_int_equal(tctx, r->devmode->orientation, 1, "orientation");
+	torture_assert_int_equal(tctx, r->devmode->papersize, 1, "papersize");
+	torture_assert_int_equal(tctx, r->devmode->paperlength, 0x0aea, "paperlength");
+	torture_assert_int_equal(tctx, r->devmode->paperwidth, 0x086f, "paperwidth");
+	torture_assert_int_equal(tctx, r->devmode->scale, 0x0064, "scale");
+	torture_assert_int_equal(tctx, r->devmode->copies, 1, "copies");
+	torture_assert_int_equal(tctx, r->devmode->defaultsource, 0x000f, "defaultsource");
+	torture_assert_int_equal(tctx, r->devmode->printquality, 0x0258, "printquality");
+	torture_assert_int_equal(tctx, r->devmode->color, 2, "color");
+	torture_assert_int_equal(tctx, r->devmode->duplex, 1, "duplex");
+	torture_assert_int_equal(tctx, r->devmode->yresolution, 0x0258, "yresolution");
+	torture_assert_int_equal(tctx, r->devmode->ttoption, 2, "ttoption");
+	torture_assert_int_equal(tctx, r->devmode->collate, 1, "collate");
+	torture_assert_int_equal(tctx, r->devmode->logpixels, 0, "logpixels");
+	torture_assert_int_equal(tctx, r->devmode->fields, 0x0381ff53, "fields");
+	torture_assert_int_equal(tctx, r->devmode->bitsperpel, 0, "bitsperpel");
+	torture_assert_int_equal(tctx, r->devmode->pelswidth, 0, "pelswidth");
+	torture_assert_int_equal(tctx, r->devmode->pelsheight, 0, "pelsheight");
+	torture_assert_int_equal(tctx, r->devmode->displayflags, 1, "displayflags");
+	torture_assert_int_equal(tctx, r->devmode->displayfrequency, 0, "displayfrequency");
+	torture_assert_int_equal(tctx, r->devmode->icmmethod, 1, "icmmethod");
+	torture_assert_int_equal(tctx, r->devmode->icmintent, 2, "icmintent");
+	torture_assert_int_equal(tctx, r->devmode->mediatype, 0x00000101, "mediatype");
+	torture_assert_int_equal(tctx, r->devmode->dithertype, 0, "dithertype");
+	torture_assert_int_equal(tctx, r->devmode->reserved1, 0, "reserved1");
+	torture_assert_int_equal(tctx, r->devmode->reserved2, 0, "reserved2");
+	torture_assert_int_equal(tctx, r->devmode->panningwidth, 0, "panningwidth");
+	torture_assert_int_equal(tctx, r->devmode->panningheight, 0, "panningheight");
+
+	torture_assert(tctx, r->devmode->nt_dev_private, "nt_dev_private");
+	torture_assert_int_equal(tctx, r->devmode->nt_dev_private->length, 2144, "nt_dev_private->length");
+
+	torture_assert_int_equal(tctx, r->count, 11, "count");
+
+	torture_assert_int_equal(tctx, r->printer_data[0].ptr, 1, "ptr");
+	torture_assert_str_equal(tctx, r->printer_data[0].name, "PrinterDriverData", "name");
+	torture_assert_int_equal(tctx, r->printer_data[0].type, 0, "type");
+	torture_assert_int_equal(tctx, r->printer_data[0].data.length, 0, "data.length");
+
+	torture_assert_int_equal(tctx, r->printer_data[1].ptr, 1, "ptr");
+	torture_assert_str_equal(tctx, r->printer_data[1].name, "PrinterDriverData\\TrayFormSize", "name");
+	torture_assert_int_equal(tctx, r->printer_data[1].type, 4, "type");
+	torture_assert_int_equal(tctx, r->printer_data[1].data.length, 4, "data.length");
+
+	torture_assert_int_equal(tctx, r->printer_data[2].ptr, 1, "ptr");
+	torture_assert_str_equal(tctx, r->printer_data[2].name, "PrinterDriverData\\TrayFormTable", "name");
+	torture_assert_int_equal(tctx, r->printer_data[2].type, 3, "type");
+	torture_assert_int_equal(tctx, r->printer_data[2].data.length, 206, "data.length");
+
+	torture_assert_int_equal(tctx, r->printer_data[3].ptr, 1, "ptr");
+	torture_assert_str_equal(tctx, r->printer_data[3].name, "PrinterDriverData\\TrayFormMapSize", "name");
+	torture_assert_int_equal(tctx, r->printer_data[3].type, 4, "type");
+	torture_assert_int_equal(tctx, r->printer_data[3].data.length, 4, "data.length");
+
+	torture_assert_int_equal(tctx, r->printer_data[4].ptr, 1, "ptr");
+	torture_assert_str_equal(tctx, r->printer_data[4].name, "PrinterDriverData\\TrayFormMap", "name");
+	torture_assert_int_equal(tctx, r->printer_data[4].type, 3, "type");
+	torture_assert_int_equal(tctx, r->printer_data[4].data.length, 57, "data.length");
+
+	torture_assert_int_equal(tctx, r->printer_data[5].ptr, 1, "ptr");
+	torture_assert_str_equal(tctx, r->printer_data[5].name, "PrinterDriverData\\TrayFormKeywordSize", "name");
+	torture_assert_int_equal(tctx, r->printer_data[5].type, 4, "type");
+	torture_assert_int_equal(tctx, r->printer_data[5].data.length, 4, "data.length");
+
+	torture_assert_int_equal(tctx, r->printer_data[6].ptr, 1, "ptr");
+	torture_assert_str_equal(tctx, r->printer_data[6].name, "PrinterDriverData\\TrayFormKeyword", "name");
+	torture_assert_int_equal(tctx, r->printer_data[6].type, 3, "type");
+	torture_assert_int_equal(tctx, r->printer_data[6].data.length, 38, "data.length");
+
+	torture_assert_int_equal(tctx, r->printer_data[7].ptr, 1, "ptr");
+	torture_assert_str_equal(tctx, r->printer_data[7].name, "DsSpooler", "name");
+	torture_assert_int_equal(tctx, r->printer_data[7].type, 0, "type");
+	torture_assert_int_equal(tctx, r->printer_data[7].data.length, 0, "data.length");
+
+	torture_assert_int_equal(tctx, r->printer_data[8].ptr, 1, "ptr");
+	torture_assert_str_equal(tctx, r->printer_data[8].name, "DsSpooler\\serverName", "name");
+	torture_assert_int_equal(tctx, r->printer_data[8].type, 1, "type");
+	torture_assert_int_equal(tctx, r->printer_data[8].data.length, 14, "data.length");
+
+	torture_assert_int_equal(tctx, r->printer_data[9].ptr, 1, "ptr");
+	torture_assert_str_equal(tctx, r->printer_data[9].name, "DsSpooler\\shortServerName", "name");
+	torture_assert_int_equal(tctx, r->printer_data[9].type, 1, "type");
+	torture_assert_int_equal(tctx, r->printer_data[9].data.length, 14, "data.length");
+
+	torture_assert_int_equal(tctx, r->printer_data[10].ptr, 1, "ptr");
+	torture_assert_str_equal(tctx, r->printer_data[10].name, "DsSpooler\\uNCName", "name");
+	torture_assert_int_equal(tctx, r->printer_data[10].type, 1, "type");
+	torture_assert_int_equal(tctx, r->printer_data[10].data.length, 42, "data.length");
+
+	return true;
+}
+
+static bool ntprinting_printer_latin1_check(struct torture_context *tctx)
+{
+	enum ndr_err_code ndr_err;
+	struct ntprinting_printer r;
+	DATA_BLOB blob;
+	bool ok;
+
+	ok = lpcfg_do_global_parameter(tctx->lp_ctx, "dos charset", "CP1252");
+	if (!ok) {
+		torture_comment(tctx, "Could not set 'dos charset' option.\n");
+		return false;
+	}
+	reload_charcnv(tctx->lp_ctx);
+
+	ZERO_STRUCT(r);
+	r.info.string_flags = LIBNDR_FLAG_STR_ASCII;
+
+	blob = data_blob_const(ntprinting_printer_data_latin1,
+			       sizeof(ntprinting_printer_data_latin1));
+
+	ndr_err = ndr_pull_struct_blob(&blob, tctx, &r,
+		   (ndr_pull_flags_fn_t)ndr_pull_ntprinting_printer);
+
+	torture_assert_ndr_success(tctx,
+				   ndr_err,
+				   "ndr_pull_ntprinting_printer");
+#if 0
+	NDR_PRINT_DEBUG(1, ntprinting_printer, &r);
+#endif
+	torture_assert_str_equal(tctx,
+				 r.info.printername,
+				 "S0BC",
+				 "printername");
+	/* latin1 encoding check */
+	torture_assert_str_equal(tctx,
+				 r.info.comment,
+				 "\" SALA DA RECEPÇÃO DA CONSTRUÇÃO - RAND0 LOCATIO",
+				 "comment");
+	torture_assert_str_equal(tctx,
+				 r.info.location,
+				 "UTGCA ",
+				 "location");
+
+	return true;
+}
+
+struct torture_suite *ndr_ntprinting_suite(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "ntprinting");
+
+	torture_suite_add_simple_test(suite,
+				      "ntprinting latin1 check",
+				      ntprinting_printer_latin1_check);
+
+	torture_suite_add_ndr_pull_test(suite,
+					ntprinting_printer,
+					ntprinting_printer_data,
+					ntprinting_printer_check);
+
+	/* pullpush not working atm.
+	torture_suite_add_ndr_pull_validate_test(suite,
+					    ntprinting_printer,
+					    data_blob_const(ntprinting_printer_data, sizeof(ntprinting_printer_data)),
+					    ntprinting_printer_check);
+	*/
+	return suite;
+}
diff --git a/source4/torture/ndr/odj.c b/source4/torture/ndr/odj.c
new file mode 100644
index 0000000..78d4725
--- /dev/null
+++ b/source4/torture/ndr/odj.c
@@ -0,0 +1,210 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for Windows Offline Join files
+
+   Copyright (C) Guenther Deschner 2021
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/ndr/ndr.h"
+#include "librpc/gen_ndr/ndr_ODJ.h"
+#include "torture/ndr/proto.h"
+
+static const uint8_t ODJ_PROVISION_DATA_data[] = {
+	0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc, 0xb0, 0x07, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
+	0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x02, 0x00, 0x02, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x18, 0x03, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00,
+	0x02, 0x00, 0x00, 0x00, 0x60, 0x04, 0x00, 0x00, 0x0c, 0x00, 0x02, 0x00,
+	0x18, 0x03, 0x00, 0x00, 0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc,
+	0x08, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x9c, 0x4f, 0x93,
+	0x20, 0xfc, 0x4f, 0x93, 0x90, 0xbf, 0x50, 0x93, 0x60, 0xbf, 0x50, 0x93,
+	0x10, 0x00, 0x12, 0x00, 0x40, 0x7f, 0x4f, 0x93, 0x2e, 0x00, 0x30, 0x00,
+	0x60, 0xf3, 0x4f, 0x93, 0x2e, 0x00, 0x30, 0x00, 0x50, 0xf4, 0x4f, 0x93,
+	0x96, 0x1a, 0x76, 0xc0, 0x42, 0xe2, 0xc2, 0x4e, 0x91, 0x60, 0x7a, 0x66,
+	0xa4, 0xac, 0x49, 0x29, 0x00, 0x85, 0x4f, 0x93, 0x30, 0xa1, 0x4f, 0x93,
+	0x80, 0xf1, 0x4f, 0x93, 0x01, 0x00, 0x00, 0x00, 0x96, 0x1a, 0x76, 0xc0,
+	0x42, 0xe2, 0xc2, 0x4e, 0x91, 0x60, 0x7a, 0x66, 0xa4, 0xac, 0x49, 0x29,
+	0x10, 0xfd, 0x4f, 0x93, 0x40, 0xf5, 0x4f, 0x93, 0xfd, 0xf3, 0x03, 0xe0,
+	0xf0, 0xf9, 0x4f, 0x93, 0xb0, 0xfd, 0x4f, 0x93, 0x04, 0x00, 0x00, 0x00,
+	0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00,
+	0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x31, 0x00, 0x39, 0x00, 0x64, 0x00,
+	0x6f, 0x00, 0x6d, 0x00, 0x2e, 0x00, 0x62, 0x00, 0x65, 0x00, 0x72, 0x00,
+	0x2e, 0x00, 0x72, 0x00, 0x65, 0x00, 0x64, 0x00, 0x68, 0x00, 0x61, 0x00,
+	0x74, 0x00, 0x2e, 0x00, 0x63, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x00, 0x00,
+	0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
+	0x77, 0x00, 0x75, 0x00, 0x72, 0x00, 0x73, 0x00, 0x74, 0x00, 0x32, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x07, 0x00, 0x00, 0x00, 0x77, 0x00, 0x75, 0x00, 0x72, 0x00, 0x73, 0x00,
+	0x74, 0x00, 0x32, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x57, 0x00, 0x32, 0x00,
+	0x4b, 0x00, 0x31, 0x00, 0x39, 0x00, 0x44, 0x00, 0x4f, 0x00, 0x4d, 0x00,
+	0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00,
+	0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x31, 0x00, 0x39, 0x00, 0x64, 0x00,
+	0x6f, 0x00, 0x6d, 0x00, 0x2e, 0x00, 0x62, 0x00, 0x65, 0x00, 0x72, 0x00,
+	0x2e, 0x00, 0x72, 0x00, 0x65, 0x00, 0x64, 0x00, 0x68, 0x00, 0x61, 0x00,
+	0x74, 0x00, 0x2e, 0x00, 0x63, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x00, 0x00,
+	0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00,
+	0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x31, 0x00, 0x39, 0x00, 0x64, 0x00,
+	0x6f, 0x00, 0x6d, 0x00, 0x2e, 0x00, 0x62, 0x00, 0x65, 0x00, 0x72, 0x00,
+	0x2e, 0x00, 0x72, 0x00, 0x65, 0x00, 0x64, 0x00, 0x68, 0x00, 0x61, 0x00,
+	0x74, 0x00, 0x2e, 0x00, 0x63, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x00, 0x00,
+	0x04, 0x00, 0x00, 0x00, 0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+	0x15, 0x00, 0x00, 0x00, 0xe8, 0xf2, 0x4b, 0x12, 0x6a, 0xe6, 0x55, 0x41,
+	0x43, 0xa4, 0xb4, 0x74, 0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x24, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x5c, 0x00, 0x67, 0x00, 0x64, 0x00,
+	0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x31, 0x00, 0x39, 0x00, 0x64, 0x00,
+	0x63, 0x00, 0x2e, 0x00, 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x31, 0x00,
+	0x39, 0x00, 0x64, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x2e, 0x00, 0x62, 0x00,
+	0x65, 0x00, 0x72, 0x00, 0x2e, 0x00, 0x72, 0x00, 0x65, 0x00, 0x64, 0x00,
+	0x68, 0x00, 0x61, 0x00, 0x74, 0x00, 0x2e, 0x00, 0x63, 0x00, 0x6f, 0x00,
+	0x6d, 0x00, 0x00, 0x00, 0x11, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x11, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x5c, 0x00, 0x31, 0x00, 0x39, 0x00,
+	0x32, 0x00, 0x2e, 0x00, 0x31, 0x00, 0x36, 0x00, 0x38, 0x00, 0x2e, 0x00,
+	0x35, 0x00, 0x36, 0x00, 0x2e, 0x00, 0x31, 0x00, 0x30, 0x00, 0x38, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x18, 0x00, 0x00, 0x00, 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x31, 0x00,
+	0x39, 0x00, 0x64, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x2e, 0x00, 0x62, 0x00,
+	0x65, 0x00, 0x72, 0x00, 0x2e, 0x00, 0x72, 0x00, 0x65, 0x00, 0x64, 0x00,
+	0x68, 0x00, 0x61, 0x00, 0x74, 0x00, 0x2e, 0x00, 0x63, 0x00, 0x6f, 0x00,
+	0x6d, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x18, 0x00, 0x00, 0x00, 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x31, 0x00,
+	0x39, 0x00, 0x64, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x2e, 0x00, 0x62, 0x00,
+	0x65, 0x00, 0x72, 0x00, 0x2e, 0x00, 0x72, 0x00, 0x65, 0x00, 0x64, 0x00,
+	0x68, 0x00, 0x61, 0x00, 0x74, 0x00, 0x2e, 0x00, 0x63, 0x00, 0x6f, 0x00,
+	0x6d, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x18, 0x00, 0x00, 0x00, 0x44, 0x00, 0x65, 0x00, 0x66, 0x00, 0x61, 0x00,
+	0x75, 0x00, 0x6c, 0x00, 0x74, 0x00, 0x2d, 0x00, 0x46, 0x00, 0x69, 0x00,
+	0x72, 0x00, 0x73, 0x00, 0x74, 0x00, 0x2d, 0x00, 0x53, 0x00, 0x69, 0x00,
+	0x74, 0x00, 0x65, 0x00, 0x2d, 0x00, 0x4e, 0x00, 0x61, 0x00, 0x6d, 0x00,
+	0x65, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x18, 0x00, 0x00, 0x00, 0x44, 0x00, 0x65, 0x00, 0x66, 0x00, 0x61, 0x00,
+	0x75, 0x00, 0x6c, 0x00, 0x74, 0x00, 0x2d, 0x00, 0x46, 0x00, 0x69, 0x00,
+	0x72, 0x00, 0x73, 0x00, 0x74, 0x00, 0x2d, 0x00, 0x53, 0x00, 0x69, 0x00,
+	0x74, 0x00, 0x65, 0x00, 0x2d, 0x00, 0x4e, 0x00, 0x61, 0x00, 0x6d, 0x00,
+	0x65, 0x00, 0x00, 0x00, 0x60, 0x04, 0x00, 0x00, 0x01, 0x10, 0x08, 0x00,
+	0xcc, 0xcc, 0xcc, 0xcc, 0x50, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x18, 0x04, 0x00, 0x00, 0x04, 0x00, 0x02, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x18, 0x04, 0x00, 0x00, 0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc,
+	0x08, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
+	0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x21, 0x76, 0x1c, 0x63,
+	0x89, 0x52, 0x21, 0x43, 0xbc, 0x9e, 0x80, 0xf8, 0x43, 0xf8, 0x68, 0xc3,
+	0x01, 0x00, 0x00, 0x00, 0x18, 0x03, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x25, 0xcf, 0x0c, 0xfc,
+	0xfa, 0x7f, 0x4a, 0x47, 0x86, 0x11, 0x69, 0xff, 0xe2, 0x69, 0x64, 0x5f,
+	0x00, 0x00, 0x00, 0x00, 0x88, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x02, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x03, 0x00, 0x00,
+	0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc, 0x08, 0x03, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x80, 0x9c, 0x4f, 0x93, 0x20, 0xfc, 0x4f, 0x93,
+	0x90, 0xbf, 0x50, 0x93, 0x60, 0xbf, 0x50, 0x93, 0x10, 0x00, 0x12, 0x00,
+	0x40, 0x7f, 0x4f, 0x93, 0x2e, 0x00, 0x30, 0x00, 0x60, 0xf3, 0x4f, 0x93,
+	0x2e, 0x00, 0x30, 0x00, 0x50, 0xf4, 0x4f, 0x93, 0x96, 0x1a, 0x76, 0xc0,
+	0x42, 0xe2, 0xc2, 0x4e, 0x91, 0x60, 0x7a, 0x66, 0xa4, 0xac, 0x49, 0x29,
+	0x00, 0x85, 0x4f, 0x93, 0x30, 0xa1, 0x4f, 0x93, 0x80, 0xf1, 0x4f, 0x93,
+	0x01, 0x00, 0x00, 0x00, 0x96, 0x1a, 0x76, 0xc0, 0x42, 0xe2, 0xc2, 0x4e,
+	0x91, 0x60, 0x7a, 0x66, 0xa4, 0xac, 0x49, 0x29, 0x10, 0xfd, 0x4f, 0x93,
+	0x40, 0xf5, 0x4f, 0x93, 0xfd, 0xf3, 0x03, 0xe0, 0xf0, 0xf9, 0x4f, 0x93,
+	0xb0, 0xfd, 0x4f, 0x93, 0x04, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00, 0x77, 0x00, 0x32, 0x00,
+	0x6b, 0x00, 0x31, 0x00, 0x39, 0x00, 0x64, 0x00, 0x6f, 0x00, 0x6d, 0x00,
+	0x2e, 0x00, 0x62, 0x00, 0x65, 0x00, 0x72, 0x00, 0x2e, 0x00, 0x72, 0x00,
+	0x65, 0x00, 0x64, 0x00, 0x68, 0x00, 0x61, 0x00, 0x74, 0x00, 0x2e, 0x00,
+	0x63, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x77, 0x00, 0x75, 0x00,
+	0x72, 0x00, 0x73, 0x00, 0x74, 0x00, 0x32, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
+	0x77, 0x00, 0x75, 0x00, 0x72, 0x00, 0x73, 0x00, 0x74, 0x00, 0x32, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x08, 0x00, 0x00, 0x00, 0x57, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x31, 0x00,
+	0x39, 0x00, 0x44, 0x00, 0x4f, 0x00, 0x4d, 0x00, 0x18, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x77, 0x00, 0x32, 0x00,
+	0x6b, 0x00, 0x31, 0x00, 0x39, 0x00, 0x64, 0x00, 0x6f, 0x00, 0x6d, 0x00,
+	0x2e, 0x00, 0x62, 0x00, 0x65, 0x00, 0x72, 0x00, 0x2e, 0x00, 0x72, 0x00,
+	0x65, 0x00, 0x64, 0x00, 0x68, 0x00, 0x61, 0x00, 0x74, 0x00, 0x2e, 0x00,
+	0x63, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x77, 0x00, 0x32, 0x00,
+	0x6b, 0x00, 0x31, 0x00, 0x39, 0x00, 0x64, 0x00, 0x6f, 0x00, 0x6d, 0x00,
+	0x2e, 0x00, 0x62, 0x00, 0x65, 0x00, 0x72, 0x00, 0x2e, 0x00, 0x72, 0x00,
+	0x65, 0x00, 0x64, 0x00, 0x68, 0x00, 0x61, 0x00, 0x74, 0x00, 0x2e, 0x00,
+	0x63, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+	0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00,
+	0xe8, 0xf2, 0x4b, 0x12, 0x6a, 0xe6, 0x55, 0x41, 0x43, 0xa4, 0xb4, 0x74,
+	0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00, 0x00, 0x00,
+	0x5c, 0x00, 0x5c, 0x00, 0x67, 0x00, 0x64, 0x00, 0x77, 0x00, 0x32, 0x00,
+	0x6b, 0x00, 0x31, 0x00, 0x39, 0x00, 0x64, 0x00, 0x63, 0x00, 0x2e, 0x00,
+	0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x31, 0x00, 0x39, 0x00, 0x64, 0x00,
+	0x6f, 0x00, 0x6d, 0x00, 0x2e, 0x00, 0x62, 0x00, 0x65, 0x00, 0x72, 0x00,
+	0x2e, 0x00, 0x72, 0x00, 0x65, 0x00, 0x64, 0x00, 0x68, 0x00, 0x61, 0x00,
+	0x74, 0x00, 0x2e, 0x00, 0x63, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x00, 0x00,
+	0x11, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x11, 0x00, 0x00, 0x00,
+	0x5c, 0x00, 0x5c, 0x00, 0x31, 0x00, 0x39, 0x00, 0x32, 0x00, 0x2e, 0x00,
+	0x31, 0x00, 0x36, 0x00, 0x38, 0x00, 0x2e, 0x00, 0x35, 0x00, 0x36, 0x00,
+	0x2e, 0x00, 0x31, 0x00, 0x30, 0x00, 0x38, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00,
+	0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x31, 0x00, 0x39, 0x00, 0x64, 0x00,
+	0x6f, 0x00, 0x6d, 0x00, 0x2e, 0x00, 0x62, 0x00, 0x65, 0x00, 0x72, 0x00,
+	0x2e, 0x00, 0x72, 0x00, 0x65, 0x00, 0x64, 0x00, 0x68, 0x00, 0x61, 0x00,
+	0x74, 0x00, 0x2e, 0x00, 0x63, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x00, 0x00,
+	0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00,
+	0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x31, 0x00, 0x39, 0x00, 0x64, 0x00,
+	0x6f, 0x00, 0x6d, 0x00, 0x2e, 0x00, 0x62, 0x00, 0x65, 0x00, 0x72, 0x00,
+	0x2e, 0x00, 0x72, 0x00, 0x65, 0x00, 0x64, 0x00, 0x68, 0x00, 0x61, 0x00,
+	0x74, 0x00, 0x2e, 0x00, 0x63, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x00, 0x00,
+	0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00,
+	0x44, 0x00, 0x65, 0x00, 0x66, 0x00, 0x61, 0x00, 0x75, 0x00, 0x6c, 0x00,
+	0x74, 0x00, 0x2d, 0x00, 0x46, 0x00, 0x69, 0x00, 0x72, 0x00, 0x73, 0x00,
+	0x74, 0x00, 0x2d, 0x00, 0x53, 0x00, 0x69, 0x00, 0x74, 0x00, 0x65, 0x00,
+	0x2d, 0x00, 0x4e, 0x00, 0x61, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x00, 0x00,
+	0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00,
+	0x44, 0x00, 0x65, 0x00, 0x66, 0x00, 0x61, 0x00, 0x75, 0x00, 0x6c, 0x00,
+	0x74, 0x00, 0x2d, 0x00, 0x46, 0x00, 0x69, 0x00, 0x72, 0x00, 0x73, 0x00,
+	0x74, 0x00, 0x2d, 0x00, 0x53, 0x00, 0x69, 0x00, 0x74, 0x00, 0x65, 0x00,
+	0x2d, 0x00, 0x4e, 0x00, 0x61, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x00, 0x00,
+	0x88, 0x00, 0x00, 0x00, 0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc,
+	0x78, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
+	0x45, 0x06, 0x00, 0x00, 0x04, 0x00, 0x02, 0x00, 0x2e, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x2e, 0x00, 0x00, 0x00, 0x53, 0x00, 0x2d, 0x00,
+	0x31, 0x00, 0x2d, 0x00, 0x35, 0x00, 0x2d, 0x00, 0x32, 0x00, 0x31, 0x00,
+	0x2d, 0x00, 0x33, 0x00, 0x30, 0x00, 0x36, 0x00, 0x39, 0x00, 0x36, 0x00,
+	0x37, 0x00, 0x32, 0x00, 0x37, 0x00, 0x32, 0x00, 0x2d, 0x00, 0x31, 0x00,
+	0x30, 0x00, 0x39, 0x00, 0x36, 0x00, 0x31, 0x00, 0x34, 0x00, 0x38, 0x00,
+	0x35, 0x00, 0x38, 0x00, 0x36, 0x00, 0x2d, 0x00, 0x31, 0x00, 0x39, 0x00,
+	0x35, 0x00, 0x37, 0x00, 0x39, 0x00, 0x39, 0x00, 0x35, 0x00, 0x35, 0x00,
+	0x38, 0x00, 0x37, 0x00, 0x2d, 0x00, 0x31, 0x00, 0x36, 0x00, 0x30, 0x00,
+	0x35, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00
+};
+
+static bool ODJ_PROVISION_DATA_check(struct torture_context *tctx,
+				     struct ODJ_PROVISION_DATA_serialized_ptr *r)
+{
+	return true;
+}
+
+struct torture_suite *ndr_ODJ_suite(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "ODJ");
+
+	torture_suite_add_ndr_pull_test(suite,
+					ODJ_PROVISION_DATA_serialized_ptr,
+					ODJ_PROVISION_DATA_data,
+					ODJ_PROVISION_DATA_check);
+	return suite;
+}
diff --git a/source4/torture/ndr/samr.c b/source4/torture/ndr/samr.c
new file mode 100644
index 0000000..9f2f8ee
--- /dev/null
+++ b/source4/torture/ndr/samr.c
@@ -0,0 +1,355 @@
+/* 
+   Unix SMB/CIFS implementation.
+   test suite for samr ndr operations
+
+   Copyright (C) Jelmer Vernooij 2007
+   Copyright (C) Guenther Deschner 2011
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/ndr/ndr.h"
+#include "librpc/gen_ndr/ndr_samr.h"
+#include "torture/ndr/proto.h"
+
+static const uint8_t samr_connect5_in_data[] = {
+  0xa8, 0x71, 0x0e, 0x00, 0x1a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x1a, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x5c, 0x00, 0x61, 0x00, 0x6d, 0x00,
+  0x79, 0x00, 0x2e, 0x00, 0x73, 0x00, 0x61, 0x00, 0x6d, 0x00, 0x62, 0x00,
+  0x61, 0x00, 0x34, 0x00, 0x2e, 0x00, 0x61, 0x00, 0x62, 0x00, 0x61, 0x00,
+  0x72, 0x00, 0x74, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x74, 0x00, 0x2e, 0x00,
+  0x6e, 0x00, 0x65, 0x00, 0x74, 0x00, 0x00, 0x00, 0x21, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00
+};
+
+static const uint8_t samr_connect5_out_data[] = {
+  0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc9, 0xe9, 0xb9, 0x40,
+  0x50, 0x94, 0xa5, 0x4d, 0xb1, 0x9b, 0x3a, 0x32, 0xd0, 0xd4, 0x45, 0x0b,
+  0x00, 0x00, 0x00, 0x00
+};
+
+static const uint8_t samr_opendomain_in_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0xc9, 0xe9, 0xb9, 0x40, 0x50, 0x94, 0xa5, 0x4d,
+  0xb1, 0x9b, 0x3a, 0x32, 0xd0, 0xd4, 0x45, 0x0b, 0x00, 0x02, 0x00, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+  0x15, 0x00, 0x00, 0x00, 0xfa, 0x50, 0x5e, 0x04, 0x12, 0x95, 0x23, 0x02,
+  0xe5, 0xa3, 0xd0, 0x03
+};
+
+static const uint8_t samr_opendomain_out_data[] = {
+  0x01, 0x00, 0x00, 0x00, 0x60, 0xf0, 0x16, 0x2b, 0x52, 0x19, 0x4a, 0x47,
+  0x9e, 0x88, 0x8b, 0xe8, 0x93, 0xe6, 0xbf, 0x36, 0x00, 0x00, 0x00, 0x00
+};
+
+static const uint8_t samr_lookupnamesindomain_in_data[] = {
+  0x01, 0x00, 0x00, 0x00, 0x60, 0xf0, 0x16, 0x2b, 0x52, 0x19, 0x4a, 0x47,
+  0x9e, 0x88, 0x8b, 0xe8, 0x93, 0xe6, 0xbf, 0x36, 0x01, 0x00, 0x00, 0x00,
+  0xe8, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x12, 0x00, 0x14, 0x00, 0x60, 0x6f, 0x15, 0x00, 0x0a, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x58, 0x00, 0x50, 0x00,
+  0x50, 0x00, 0x52, 0x00, 0x4f, 0x00, 0x53, 0x00, 0x50, 0x00, 0x32, 0x00,
+  0x24, 0x00
+};
+
+static const uint8_t samr_lookupnamesindomain_out_data[] = {
+  0x01, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0xeb, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static const uint8_t samr_openuser_in_data[] = {
+  0x01, 0x00, 0x00, 0x00, 0x60, 0xf0, 0x16, 0x2b, 0x52, 0x19, 0x4a, 0x47,
+  0x9e, 0x88, 0x8b, 0xe8, 0x93, 0xe6, 0xbf, 0x36, 0xb0, 0x00, 0x00, 0x00,
+  0xeb, 0x03, 0x00, 0x00
+};
+
+static const uint8_t samr_openuser_out_data[] = {
+  0x02, 0x00, 0x00, 0x00, 0xd8, 0x6e, 0xec, 0x8c, 0xe1, 0x1f, 0x2d, 0x41,
+  0x99, 0x53, 0x13, 0xe9, 0xa4, 0x51, 0xe8, 0x1d, 0x00, 0x00, 0x00, 0x00
+};
+
+static const uint8_t samr_queryuserinfo_in_data[] = {
+  0x02, 0x00, 0x00, 0x00, 0xd8, 0x6e, 0xec, 0x8c, 0xe1, 0x1f, 0x2d, 0x41,
+  0x99, 0x53, 0x13, 0xe9, 0xa4, 0x51, 0xe8, 0x1d, 0x10, 0x00
+};
+
+static const uint8_t samr_queryuserinfo_out_data[] = {
+  0x01, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00
+};
+
+static const uint8_t samr_setuserinfo_in_data[] = {
+  0x02, 0x00, 0x00, 0x00, 0xd8, 0x6e, 0xec, 0x8c, 0xe1, 0x1f, 0x2d, 0x41,
+  0x99, 0x53, 0x13, 0xe9, 0xa4, 0x51, 0xe8, 0x1d, 0x10, 0x00, 0x10, 0x00,
+  0x80, 0x00, 0x00, 0x00
+};
+
+static const uint8_t samr_setuserinfo_out_data[] = {
+  0x00, 0x00, 0x00, 0x00
+};
+
+static const uint8_t samr_setuserinfo2_in_data[] = {
+  0x02, 0x00, 0x00, 0x00, 0xd8, 0x6e, 0xec, 0x8c, 0xe1, 0x1f, 0x2d, 0x41,
+  0x99, 0x53, 0x13, 0xe9, 0xa4, 0x51, 0xe8, 0x1d, 0x1a, 0x00, 0x1a, 0x00,
+  0xe9, 0x83, 0x46, 0xc5, 0x1b, 0xc6, 0xd9, 0x97, 0xaf, 0x87, 0xf4, 0xb4,
+  0xd4, 0x58, 0x0f, 0xfe, 0x00, 0x86, 0x28, 0x09, 0xc6, 0x76, 0x77, 0x85,
+  0xd7, 0xa1, 0xf6, 0xb1, 0xe4, 0xed, 0xe1, 0xca, 0x6a, 0xf8, 0x44, 0x2a,
+  0x11, 0x10, 0x16, 0x70, 0x9c, 0x55, 0x03, 0x0f, 0xfe, 0xdb, 0x41, 0xb7,
+  0xed, 0x10, 0xc9, 0x3c, 0x8b, 0x28, 0xe6, 0x94, 0x6e, 0x69, 0xc2, 0x9d,
+  0x81, 0x22, 0xe1, 0xc8, 0xb3, 0xb8, 0xc0, 0x81, 0x50, 0x2f, 0xf3, 0xad,
+  0x2b, 0x2e, 0xfe, 0xf6, 0x58, 0x14, 0x2d, 0x33, 0x4a, 0x74, 0x58, 0x4c,
+  0xfe, 0x38, 0xe6, 0x21, 0xc3, 0x65, 0x29, 0xc3, 0xc7, 0x77, 0xb7, 0x1c,
+  0xfe, 0x0b, 0x22, 0xb7, 0x2b, 0xab, 0x3e, 0x9b, 0xd1, 0x8f, 0xd9, 0x07,
+  0x14, 0x65, 0x37, 0x35, 0x9d, 0x08, 0xdb, 0x81, 0x7d, 0x8d, 0x96, 0x96,
+  0x9d, 0x14, 0x8d, 0xeb, 0x4f, 0x0b, 0x68, 0xee, 0xf1, 0x64, 0xf4, 0x27,
+  0x75, 0x13, 0xaf, 0x1a, 0x41, 0xc8, 0x96, 0x98, 0xe2, 0x8c, 0x33, 0x98,
+  0x4b, 0xa3, 0x98, 0xa9, 0xdd, 0xfe, 0x37, 0x86, 0xdd, 0x18, 0xea, 0x77,
+  0x44, 0xfc, 0xba, 0xdb, 0xfd, 0xfb, 0x40, 0x01, 0x65, 0x05, 0x1e, 0x73,
+  0x93, 0x25, 0xc4, 0x73, 0xf7, 0x1b, 0xd9, 0xd8, 0xbc, 0xb4, 0xc4, 0x0c,
+  0x47, 0x3c, 0xc3, 0x62, 0xd5, 0xf3, 0x0b, 0x00, 0x74, 0x75, 0x09, 0x7e,
+  0x58, 0x40, 0x9c, 0x0b, 0x2f, 0x15, 0x26, 0xa9, 0xdc, 0xe6, 0xd2, 0x5a,
+  0xf2, 0xef, 0xd2, 0x4d, 0x6f, 0x2f, 0x86, 0xe9, 0x95, 0xba, 0xfe, 0xe0,
+  0x13, 0x7a, 0xb3, 0x01, 0x93, 0x23, 0x0f, 0x43, 0xf7, 0x40, 0x1c, 0xbe,
+  0x2e, 0x25, 0x61, 0x35, 0xda, 0x5a, 0x43, 0x82, 0x3b, 0xff, 0x05, 0x08,
+  0x7f, 0x64, 0xf2, 0xc9, 0xeb, 0x71, 0x34, 0x9c, 0x37, 0x77, 0xe9, 0x5a,
+  0x23, 0x89, 0xdc, 0x88, 0xa5, 0x27, 0x16, 0x05, 0xc8, 0xf1, 0xbf, 0xbb,
+  0xb3, 0xe7, 0xa8, 0x08, 0xf5, 0xe9, 0x46, 0xc9, 0x63, 0xb4, 0x5d, 0x11,
+  0x38, 0x69, 0x49, 0x5d, 0x92, 0x95, 0x25, 0x35, 0x56, 0x4b, 0x3e, 0xba,
+  0x6b, 0xb3, 0x99, 0x72, 0x70, 0x1c, 0xb5, 0x7e, 0x26, 0x5c, 0xbf, 0xd0,
+  0xbf, 0xd8, 0x58, 0xf4, 0xeb, 0xc2, 0x37, 0xad, 0x98, 0x7d, 0xa8, 0x05,
+  0x7e, 0xf7, 0x48, 0xd9, 0x73, 0x49, 0x39, 0xaa, 0x02, 0x75, 0x67, 0x5b,
+  0x44, 0xda, 0xda, 0x01, 0xe6, 0x5b, 0x4e, 0x0a, 0x15, 0xe7, 0x63, 0x70,
+  0x1c, 0x16, 0x73, 0x79, 0x24, 0x3d, 0x69, 0x30, 0x85, 0xb1, 0x50, 0x65,
+  0xa1, 0x12, 0x73, 0xf1, 0xaf, 0x8d, 0xe9, 0x23, 0x25, 0x99, 0xa2, 0x8a,
+  0x83, 0x6a, 0x39, 0x99, 0xe6, 0x6c, 0xd0, 0xe1, 0x58, 0x9a, 0xb2, 0x3f,
+  0x02, 0x77, 0x48, 0x3a, 0xb0, 0x9e, 0x1a, 0x33, 0x51, 0x5e, 0xe2, 0x46,
+  0xe6, 0x3d, 0x0f, 0x01, 0x64, 0xc6, 0xd1, 0xe9, 0x42, 0xf6, 0xe0, 0x38,
+  0x1a, 0x33, 0xc7, 0x30, 0x80, 0xa6, 0x28, 0xc5, 0x18, 0xbb, 0xe0, 0x5a,
+  0x8b, 0xf2, 0x33, 0x53, 0x4d, 0xbf, 0xe1, 0x4c, 0x98, 0x7e, 0x79, 0x1a,
+  0x0a, 0xdc, 0xdc, 0x04, 0x2e, 0x58, 0x57, 0xba, 0xde, 0x09, 0xa1, 0xe0,
+  0x5b, 0xfc, 0x38, 0x90, 0x58, 0x00, 0xf1, 0xa3, 0x9e, 0x3d, 0x51, 0x7c,
+  0x1e, 0x50, 0xfa, 0x15, 0x55, 0xb2, 0xde, 0x8b, 0x27, 0xc2, 0xbe, 0xbf,
+  0x27, 0xa4, 0x5b, 0x56, 0x38, 0x97, 0xbf, 0x3d, 0xe1, 0x73, 0x22, 0x98,
+  0x9e, 0x25, 0x6d, 0x5d, 0xc5, 0x05, 0xdd, 0x72, 0x7d, 0x50, 0x06, 0x32,
+  0xd8, 0x3f, 0x16, 0x13, 0x7e, 0x5e, 0xc9, 0x45, 0xf0, 0xa7, 0xc2, 0xeb,
+  0xda, 0x79, 0xef, 0x62, 0x3a, 0x96, 0x58, 0x4a, 0xc7, 0xf8, 0xc1, 0xba,
+  0x0b, 0x94, 0xb8, 0xd6, 0x78, 0x6d, 0xc1, 0x42, 0xff, 0xc4, 0x8f, 0x5f,
+  0x3f, 0x21, 0xc1, 0x0f, 0x5f, 0x42, 0xc9, 0xbb, 0xfd, 0x0f, 0x71, 0xf6,
+  0xcc, 0xfe, 0x81, 0x20, 0x00
+};
+
+static const uint8_t samr_setuserinfo2_out_data[] = {
+  0x00, 0x00, 0x00, 0x00
+};
+
+static const uint8_t samr_getuserpwinfo_in_data[] = {
+  0x02, 0x00, 0x00, 0x00, 0xd8, 0x6e, 0xec, 0x8c, 0xe1, 0x1f, 0x2d, 0x41,
+  0x99, 0x53, 0x13, 0xe9, 0xa4, 0x51, 0xe8, 0x1d
+};
+
+static const uint8_t samr_getuserpwinfo_out_data[] = {
+  0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static const uint8_t samr_closehandle_in_data[] = {
+  0x02, 0x00, 0x00, 0x00, 0xd8, 0x6e, 0xec, 0x8c, 0xe1, 0x1f, 0x2d, 0x41,
+  0x99, 0x53, 0x13, 0xe9, 0xa4, 0x51, 0xe8, 0x1d
+};
+
+static const uint8_t samr_closehandle_out_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static const uint8_t samr_changepassworduser3_w2k_in_data[] = {
+	0x00, 0x00, 0x02, 0x00, 0x10, 0x00, 0x10, 0x00, 0x04, 0x00, 0x02, 0x00,
+	0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00,
+	0x5c, 0x00, 0x5c, 0x00, 0x57, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x53, 0x00,
+	0x52, 0x00, 0x56, 0x00, 0x04, 0x00, 0x04, 0x00, 0x08, 0x00, 0x02, 0x00,
+	0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+	0x67, 0x00, 0x64, 0x00, 0x0c, 0x00, 0x02, 0x00, 0x8a, 0x5d, 0x1b, 0x5c,
+	0xf4, 0xf8, 0xb6, 0x79, 0xe0, 0xbf, 0x34, 0x0a, 0x9b, 0x73, 0xdb, 0x34,
+	0x6e, 0xbe, 0xe1, 0x1f, 0x75, 0x33, 0xff, 0x3c, 0xa1, 0xca, 0xc0, 0xa8,
+	0xfa, 0x78, 0xbe, 0x93, 0x9d, 0xb7, 0x9e, 0x15, 0xad, 0x6e, 0x27, 0xb3,
+	0x01, 0xdb, 0x6c, 0xb8, 0x5a, 0x2b, 0x73, 0xb9, 0x5a, 0x25, 0xd1, 0xf7,
+	0x33, 0xe8, 0x7e, 0x97, 0x7e, 0xb4, 0x90, 0x89, 0x85, 0xc8, 0x20, 0x8d,
+	0x25, 0x02, 0x68, 0xb9, 0xe4, 0x09, 0xd1, 0xd5, 0x50, 0x6e, 0x83, 0x0a,
+	0x21, 0x45, 0x33, 0xb2, 0xe8, 0x3b, 0xb6, 0x5a, 0x8e, 0x3c, 0x36, 0x51,
+	0xe9, 0xb5, 0x22, 0xfe, 0xeb, 0x19, 0x44, 0xa1, 0x01, 0xa9, 0x0c, 0x2c,
+	0x5a, 0xd1, 0xfe, 0x69, 0x10, 0x86, 0xae, 0x78, 0x01, 0xaa, 0x5d, 0xbb,
+	0x16, 0x02, 0x2b, 0xa5, 0x26, 0xcc, 0x7c, 0x9d, 0xc0, 0x6c, 0x9c, 0x24,
+	0x5b, 0x8b, 0x34, 0xc3, 0xbc, 0x40, 0x5e, 0x3d, 0x7c, 0x2a, 0x55, 0x36,
+	0xfd, 0x34, 0x08, 0x08, 0x05, 0xca, 0xd2, 0xd1, 0x0e, 0xe4, 0x8f, 0xea,
+	0xfe, 0x3f, 0x7d, 0x56, 0x3c, 0x9a, 0x59, 0x68, 0x83, 0x89, 0x21, 0x3e,
+	0x7d, 0x33, 0xfd, 0x73, 0x70, 0xa6, 0xec, 0x36, 0xe8, 0x9d, 0x62, 0x40,
+	0x0e, 0x97, 0x3d, 0xb0, 0xc9, 0x9d, 0x11, 0xb1, 0x55, 0x51, 0xd0, 0x1d,
+	0x72, 0xdb, 0xf1, 0x18, 0x0a, 0x39, 0x94, 0x0f, 0xf8, 0x9a, 0xba, 0x79,
+	0x75, 0x37, 0x83, 0x8d, 0x1a, 0x8e, 0x8b, 0x38, 0x0a, 0x44, 0xf1, 0x46,
+	0x60, 0xef, 0x8b, 0xd8, 0x83, 0xb7, 0x10, 0x91, 0x2a, 0x42, 0x09, 0x0f,
+	0x6a, 0x43, 0xa9, 0xca, 0x44, 0x5d, 0x7f, 0x3b, 0x96, 0xde, 0xa9, 0xd3,
+	0x69, 0x3f, 0x0e, 0x27, 0x52, 0x32, 0x54, 0xcf, 0x4c, 0xcb, 0xf1, 0x84,
+	0xab, 0x13, 0x5e, 0x56, 0x18, 0x96, 0xce, 0x67, 0x4f, 0x73, 0xf8, 0xb2,
+	0xde, 0x82, 0xa6, 0x0c, 0x15, 0x72, 0x73, 0x1a, 0x00, 0x9a, 0x54, 0x85,
+	0x4d, 0x83, 0x6d, 0x78, 0x13, 0xc5, 0x7c, 0x86, 0xa9, 0x4b, 0x34, 0x54,
+	0xbc, 0x40, 0x13, 0x9d, 0x99, 0x0d, 0xa4, 0xc8, 0xeb, 0x6e, 0xef, 0x3f,
+	0x94, 0x6f, 0xc4, 0x4d, 0x2d, 0x13, 0x9f, 0xd6, 0x29, 0xc6, 0x55, 0xc1,
+	0x73, 0x86, 0xe7, 0x77, 0xe2, 0x85, 0xb4, 0x03, 0xaf, 0xe2, 0x7a, 0x9c,
+	0x62, 0x8e, 0xc7, 0xcb, 0xa5, 0x0c, 0x1f, 0xd5, 0xa2, 0x6b, 0x59, 0xb5,
+	0xe7, 0xde, 0xf9, 0x1c, 0xa0, 0x96, 0x48, 0xcd, 0x20, 0x52, 0x23, 0x23,
+	0xfb, 0x88, 0x91, 0xda, 0x64, 0x41, 0x24, 0xd4, 0x30, 0x1e, 0x92, 0x69,
+	0x4e, 0xad, 0xb9, 0x41, 0x0f, 0x7f, 0x00, 0xdc, 0xdd, 0x17, 0xe8, 0x56,
+	0xfc, 0xbd, 0x2f, 0x57, 0x46, 0x41, 0x5a, 0xab, 0xe8, 0xbc, 0x81, 0xc1,
+	0xdf, 0x2b, 0x5b, 0xd0, 0xb8, 0x2b, 0x54, 0xaf, 0x8c, 0xd1, 0x1a, 0x91,
+	0x93, 0x61, 0x21, 0xd7, 0x65, 0xc4, 0x3a, 0x8b, 0xf5, 0xb5, 0x4e, 0x9b,
+	0xf9, 0xe5, 0x77, 0x59, 0x25, 0x60, 0xd0, 0xe4, 0x73, 0x58, 0x1b, 0x03,
+	0x9c, 0xf4, 0x80, 0x82, 0xd1, 0xa2, 0x27, 0xe9, 0x60, 0x87, 0xfd, 0x7d,
+	0x8f, 0x25, 0x6d, 0x66, 0x8c, 0xb3, 0x7e, 0x92, 0x6a, 0xae, 0x10, 0x10,
+	0x29, 0xcc, 0x7a, 0xeb, 0x07, 0x6e, 0x82, 0x01, 0xd0, 0xee, 0xa0, 0xb3,
+	0x2f, 0xf0, 0x9d, 0x4c, 0x82, 0x1d, 0x3e, 0x07, 0xf1, 0xbe, 0x64, 0x01,
+	0x6a, 0xf8, 0x28, 0xb4, 0x08, 0x51, 0xf0, 0x01, 0x1b, 0x1b, 0x58, 0x5e,
+	0x4b, 0x8c, 0x02, 0x92, 0xcb, 0x80, 0x26, 0x9d, 0x60, 0x33, 0xee, 0x6a,
+	0x17, 0x39, 0x46, 0x3d, 0x10, 0x04, 0x6d, 0x60, 0x91, 0xdd, 0xb7, 0x6c,
+	0xd5, 0x28, 0x36, 0x75, 0x32, 0xf8, 0xd7, 0xc3, 0xe7, 0x90, 0x82, 0xdc,
+	0x2a, 0xe8, 0x72, 0x05, 0x95, 0x96, 0x07, 0x40, 0x10, 0x00, 0x02, 0x00,
+	0xa7, 0x0f, 0x62, 0x18, 0xfb, 0xca, 0x87, 0x81, 0x92, 0x4a, 0x42, 0xa1,
+	0x04, 0x9b, 0xf8, 0x65, 0x01, 0x00, 0x00, 0x00, 0x14, 0x00, 0x02, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x18, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+/*
+static const uint8_t samr_changepassworduser3_w2k_out_data[] = {
+	0xbb, 0x00, 0x00, 0xc0
+};
+*/
+
+static const uint8_t samr_changepassworduser3_w2k8r2_out_data[] = {
+	0x00, 0x00, 0x02, 0x00, 0x07, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+	0x00, 0x80, 0xa6, 0x0a, 0xff, 0xde, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x02, 0x00, 0x05, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x6c, 0x00, 0x00, 0xc0
+};
+
+static bool samr_changepassworduser3_w2k8r2_out_check(struct torture_context *tctx,
+						      struct samr_ChangePasswordUser3 *r)
+{
+	struct samr_DomInfo1 *dominfo = *r->out.dominfo;
+	struct userPwdChangeFailureInformation *reject = *r->out.reject;
+
+	torture_assert_int_equal(tctx, dominfo->min_password_length, 7, "min_password_length");
+	torture_assert_int_equal(tctx, dominfo->password_history_length, 0, "password_history_length");
+	torture_assert_int_equal(tctx, dominfo->password_properties, DOMAIN_PASSWORD_COMPLEX, "password_properties");
+	torture_assert_u64_equal(tctx, dominfo->max_password_age, 0xffffdeff0aa68000, "max_password_age");
+	torture_assert_u64_equal(tctx, dominfo->min_password_age, 0x0000000000000000, "min_password_age");
+
+	torture_assert_int_equal(tctx, reject->extendedFailureReason, SAM_PWD_CHANGE_NOT_COMPLEX, "extendedFailureReason");
+	torture_assert_int_equal(tctx, reject->filterModuleName.length, 0, "filterModuleName.length");
+	torture_assert_int_equal(tctx, reject->filterModuleName.size, 0, "filterModuleName.size");
+
+	torture_assert_ntstatus_equal(tctx, r->out.result, NT_STATUS_PASSWORD_RESTRICTION, "result");
+
+	return true;
+}
+
+struct torture_suite *ndr_samr_suite(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "samr");
+
+	torture_suite_add_ndr_pull_fn_test(suite, samr_Connect5, samr_connect5_in_data, NDR_IN, NULL);
+	torture_suite_add_ndr_pull_fn_test(suite, samr_Connect5, samr_connect5_out_data, NDR_OUT, NULL);
+
+	torture_suite_add_ndr_pull_fn_test(suite, samr_LookupNames, samr_lookupnamesindomain_in_data, NDR_IN, NULL);
+	torture_suite_add_ndr_pull_fn_test(suite, samr_LookupNames, samr_lookupnamesindomain_out_data, NDR_OUT, NULL);
+
+	torture_suite_add_ndr_pull_fn_test(suite, samr_OpenDomain, samr_opendomain_in_data, NDR_IN, NULL);
+	torture_suite_add_ndr_pull_fn_test(suite, samr_OpenDomain, samr_opendomain_out_data, NDR_OUT, NULL);
+
+	torture_suite_add_ndr_pull_fn_test(suite, samr_OpenUser, samr_openuser_in_data, NDR_IN, NULL);
+	torture_suite_add_ndr_pull_fn_test(suite, samr_OpenUser, samr_openuser_out_data, NDR_OUT, NULL);
+
+	torture_suite_add_ndr_pull_fn_test(suite, samr_QueryUserInfo, samr_queryuserinfo_in_data, NDR_IN, NULL);
+	torture_suite_add_ndr_pull_io_test(suite, samr_QueryUserInfo, samr_queryuserinfo_in_data, samr_queryuserinfo_out_data, NULL);
+
+	torture_suite_add_ndr_pull_fn_test(suite, samr_SetUserInfo, samr_setuserinfo_in_data, NDR_IN, NULL);
+	torture_suite_add_ndr_pull_fn_test(suite, samr_SetUserInfo, samr_setuserinfo_out_data, NDR_OUT, NULL);
+
+	torture_suite_add_ndr_pull_fn_test(suite, samr_SetUserInfo2, samr_setuserinfo2_in_data, NDR_IN, NULL);
+	torture_suite_add_ndr_pull_fn_test(suite, samr_SetUserInfo2, samr_setuserinfo2_out_data, NDR_OUT, NULL);
+
+	torture_suite_add_ndr_pull_fn_test(suite, samr_GetUserPwInfo, samr_getuserpwinfo_in_data, NDR_IN, NULL);
+	torture_suite_add_ndr_pull_fn_test(suite, samr_GetUserPwInfo, samr_getuserpwinfo_out_data, NDR_OUT, NULL);
+
+	torture_suite_add_ndr_pull_fn_test(suite, samr_Close, samr_closehandle_in_data, NDR_IN, NULL);
+	torture_suite_add_ndr_pull_fn_test(suite, samr_Close, samr_closehandle_out_data, NDR_OUT, NULL);
+
+	torture_suite_add_ndr_pull_fn_test(suite, samr_ChangePasswordUser3, samr_changepassworduser3_w2k_in_data, NDR_IN, NULL);
+#if 0
+	/* Samba currently fails to parse a w2k reply */
+	torture_suite_add_ndr_pull_fn_test(suite, samr_ChangePasswordUser3, samr_changepassworduser3_w2k_out_data, NDR_OUT, NULL);
+#endif
+	torture_suite_add_ndr_pull_fn_test(suite,
+					   samr_ChangePasswordUser3,
+					   samr_changepassworduser3_w2k8r2_out_data,
+					   NDR_OUT,
+					   samr_changepassworduser3_w2k8r2_out_check);
+
+	return suite;
+}
+
diff --git a/source4/torture/ndr/spoolss.c b/source4/torture/ndr/spoolss.c
new file mode 100644
index 0000000..1628665
--- /dev/null
+++ b/source4/torture/ndr/spoolss.c
@@ -0,0 +1,2064 @@
+/* 
+   Unix SMB/CIFS implementation.
+   test suite for spoolss ndr operations
+
+   Copyright (C) Jelmer Vernooij 2007
+   Copyright (C) Guenther Deschner 2009-2011
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/ndr/ndr.h"
+#include "librpc/gen_ndr/ndr_spoolss.h"
+#include "librpc/gen_ndr/ndr_winspool.h"
+#include "torture/ndr/proto.h"
+
+static const uint8_t openprinterex_req_data[] = {
+  0xf0, 0xa8, 0x39, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x09, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x5c, 0x00, 0x77, 0x00, 0x32, 0x00,
+  0x6b, 0x00, 0x33, 0x00, 0x64, 0x00, 0x63, 0x00, 0x00, 0x00, 0xc9, 0x11,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x1c, 0xf5, 0x89, 0x00, 0x1c, 0x00, 0x00, 0x00, 0x08, 0x66, 0x39, 0x00,
+  0x78, 0xf5, 0x89, 0x00, 0x28, 0x0a, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x5c, 0x00,
+  0x57, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x58, 0x00, 0x50, 0x00, 0x00, 0x00,
+  0x0e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x00, 0x00,
+  0x41, 0x00, 0x64, 0x00, 0x6d, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x69, 0x00,
+  0x73, 0x00, 0x74, 0x00, 0x72, 0x00, 0x61, 0x00, 0x74, 0x00, 0x6f, 0x00,
+  0x72, 0x00, 0x00, 0x00
+};
+
+static const uint8_t openprinterex_resp_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x9f, 0xf8, 0xb9, 0x70, 0x9e, 0x14, 0x6b, 0x47,
+  0xb1, 0x95, 0x57, 0xe2, 0x90, 0x94, 0xfb, 0xdc, 0x00, 0x00, 0x00, 0x00
+};
+
+static const uint8_t openprinterex_devmode_req_data[] = {
+	0x00, 0x00, 0x02, 0x00, 0x1a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x1a, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x5c, 0x00, 0x4c, 0x00, 0x6f, 0x00,
+	0x67, 0x00, 0x6f, 0x00, 0x6e, 0x00, 0x2d, 0x00, 0x6d, 0x00, 0x75, 0x00,
+	0x63, 0x00, 0x5c, 0x00, 0x6b, 0x00, 0x79, 0x00, 0x6f, 0x00, 0x63, 0x00,
+	0x65, 0x00, 0x72, 0x00, 0x61, 0x00, 0x2d, 0x00, 0x6d, 0x00, 0x75, 0x00,
+	0x63, 0x00, 0x2d, 0x00, 0x6e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x7c, 0x07, 0x00, 0x00, 0x04, 0x00, 0x02, 0x00, 0x7c, 0x07, 0x00, 0x00,
+	0x5c, 0x00, 0x5c, 0x00, 0x4c, 0x00, 0x6f, 0x00, 0x67, 0x00, 0x6f, 0x00,
+	0x6e, 0x00, 0x2d, 0x00, 0x6d, 0x00, 0x75, 0x00, 0x63, 0x00, 0x5c, 0x00,
+	0x6b, 0x00, 0x79, 0x00, 0x6f, 0x00, 0x63, 0x00, 0x65, 0x00, 0x72, 0x00,
+	0x61, 0x00, 0x2d, 0x00, 0x6d, 0x00, 0x75, 0x00, 0x63, 0x00, 0x2d, 0x00,
+	0x6e, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0xd8, 0x2a, 0x00, 0x00, 0x00,
+	0x76, 0x00, 0x6d, 0x00, 0x01, 0x04, 0x00, 0x06, 0xdc, 0x00, 0xa0, 0x06,
+	0x53, 0xff, 0x00, 0x02, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x64, 0x00, 0x02, 0x00, 0x0f, 0x00, 0xb0, 0x04, 0x01, 0x00, 0x01, 0x00,
+	0xb0, 0x04, 0x03, 0x00, 0x01, 0x00, 0x41, 0x00, 0x34, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x04, 0x00, 0x33, 0x00, 0xf3, 0xd8, 0x08, 0x02, 0x08, 0x34, 0x00, 0x0c,
+	0x00, 0xf8, 0xfb, 0x0b, 0x08, 0x34, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+	0x02, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x50, 0x52, 0x49, 0x56, 0xe2, 0x30, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x10, 0x27, 0x10, 0x27, 0x10, 0x27, 0x00, 0x00, 0x10, 0x27,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x01, 0x94, 0x04,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x02, 0x10, 0x00,
+	0x28, 0x88, 0x04, 0x00, 0x50, 0x34, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x3d, 0xc1, 0xf9, 0x00, 0x12, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0xff, 0x00, 0x02, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x01, 0x00, 0x00,
+	0x53, 0x4d, 0x54, 0x4a, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0xb0, 0x01,
+	0x6b, 0x00, 0x79, 0x00, 0x6f, 0x00, 0x63, 0x00, 0x65, 0x00, 0x72, 0x00,
+	0x61, 0x00, 0x2d, 0x00, 0x6d, 0x00, 0x75, 0x00, 0x63, 0x00, 0x00, 0x00,
+	0x52, 0x65, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x00, 0x31,
+	0x32, 0x30, 0x30, 0x64, 0x70, 0x69, 0x00, 0x4b, 0x43, 0x45, 0x63, 0x6f,
+	0x70, 0x72, 0x69, 0x6e, 0x74, 0x00, 0x4f, 0x66, 0x66, 0x00, 0x53, 0x6d,
+	0x6f, 0x6f, 0x74, 0x68, 0x69, 0x6e, 0x67, 0x00, 0x54, 0x72, 0x75, 0x65,
+	0x00, 0x50, 0x61, 0x67, 0x65, 0x53, 0x69, 0x7a, 0x65, 0x00, 0x41, 0x34,
+	0x00, 0x50, 0x61, 0x67, 0x65, 0x52, 0x65, 0x67, 0x69, 0x6f, 0x6e, 0x00,
+	0x00, 0x4c, 0x65, 0x61, 0x64, 0x69, 0x6e, 0x67, 0x45, 0x64, 0x67, 0x65,
+	0x00, 0x00, 0x49, 0x6e, 0x70, 0x75, 0x74, 0x53, 0x6c, 0x6f, 0x74, 0x00,
+	0x50, 0x46, 0x36, 0x30, 0x41, 0x00, 0x4d, 0x65, 0x64, 0x69, 0x61, 0x54,
+	0x79, 0x70, 0x65, 0x00, 0x50, 0x72, 0x6e, 0x44, 0x65, 0x66, 0x00, 0x4f,
+	0x75, 0x74, 0x70, 0x75, 0x74, 0x42, 0x69, 0x6e, 0x00, 0x4e, 0x6f, 0x6e,
+	0x65, 0x00, 0x44, 0x75, 0x70, 0x6c, 0x65, 0x78, 0x00, 0x4e, 0x6f, 0x6e,
+	0x65, 0x00, 0x4b, 0x43, 0x43, 0x6f, 0x6c, 0x6c, 0x61, 0x74, 0x65, 0x00,
+	0x4e, 0x6f, 0x6e, 0x65, 0x00, 0x4b, 0x6d, 0x4d, 0x61, 0x6e, 0x61, 0x67,
+	0x6d, 0x65, 0x6e, 0x74, 0x00, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74,
+	0x00, 0x4b, 0x43, 0x53, 0x75, 0x70, 0x65, 0x72, 0x57, 0x61, 0x74, 0x65,
+	0x72, 0x6d, 0x61, 0x72, 0x6b, 0x00, 0x4e, 0x6f, 0x6e, 0x65, 0x00, 0x50,
+	0x61, 0x67, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x00, 0x4f, 0x6e,
+	0x00, 0x4b, 0x4d, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x00, 0x44,
+	0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x00, 0x63, 0x75, 0x70, 0x73, 0x4a,
+	0x6f, 0x62, 0x48, 0x6f, 0x6c, 0x64, 0x55, 0x6e, 0x74, 0x69, 0x6c, 0x00,
+	0x6e, 0x6f, 0x2d, 0x68, 0x6f, 0x6c, 0x64, 0x00, 0x63, 0x75, 0x70, 0x73,
+	0x4a, 0x6f, 0x62, 0x53, 0x68, 0x65, 0x65, 0x74, 0x73, 0x53, 0x74, 0x61,
+	0x72, 0x74, 0x00, 0x6e, 0x6f, 0x6e, 0x65, 0x00, 0x63, 0x75, 0x70, 0x73,
+	0x4a, 0x6f, 0x62, 0x53, 0x68, 0x65, 0x65, 0x74, 0x73, 0x45, 0x6e, 0x64,
+	0x00, 0x6e, 0x6f, 0x6e, 0x65, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x0c, 0x02, 0x00, 0x00, 0x53, 0x50, 0x55, 0x43, 0x00, 0x06, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00,
+	0x1c, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x02, 0x00, 0x10, 0x00, 0x02, 0x00,
+	0xce, 0x0e, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x11, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x11, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x5c, 0x00, 0x54, 0x00, 0x45, 0x00,
+	0x52, 0x00, 0x4d, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x41, 0x00, 0x4c, 0x00,
+	0x53, 0x00, 0x45, 0x00, 0x52, 0x00, 0x56, 0x00, 0x45, 0x00, 0x52, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x06, 0x00, 0x00, 0x00, 0x6b, 0x00, 0x61, 0x00, 0x73, 0x00, 0x73, 0x00,
+	0x65, 0x00, 0x00, 0x00
+};
+
+static const uint8_t closeprinter_req_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x9f, 0xf8, 0xb9, 0x70, 0x9e, 0x14, 0x6b, 0x47,
+  0xb1, 0x95, 0x57, 0xe2, 0x90, 0x94, 0xfb, 0xdc
+};
+
+static const uint8_t closeprinter_resp_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static const uint8_t getprinter_req_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x1d, 0x7e, 0x6c, 0xfd, 0x7c, 0x90, 0x53, 0x4c,
+  0xb8, 0x6f, 0x66, 0xb5, 0xff, 0x73, 0xd9, 0xac, 0x02, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static const uint8_t getprinter_resp_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x08, 0x06, 0x00, 0x00, 0x7a, 0x00, 0x00, 0x00
+};
+
+static const uint8_t getprinterdata_req_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0xbf, 0xee, 0x56, 0x27, 0x7f, 0xef, 0xf7, 0x42,
+  0x84, 0x54, 0xd5, 0x7b, 0xec, 0xe3, 0xcc, 0x55, 0x18, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00, 0x55, 0x00, 0x49, 0x00,
+  0x53, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x67, 0x00, 0x6c, 0x00, 0x65, 0x00,
+  0x4a, 0x00, 0x6f, 0x00, 0x62, 0x00, 0x53, 0x00, 0x74, 0x00, 0x61, 0x00,
+  0x74, 0x00, 0x75, 0x00, 0x73, 0x00, 0x53, 0x00, 0x74, 0x00, 0x72, 0x00,
+  0x69, 0x00, 0x6e, 0x00, 0x67, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00
+};
+
+static const uint8_t getprinterdata_resp_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x57, 0x00, 0x00, 0x00
+};
+
+static const uint8_t replyopenprinter_req_data[] = {
+  0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00,
+  0x5c, 0x00, 0x5c, 0x00, 0x57, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x58, 0x00,
+  0x50, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static const uint8_t replyopenprinter_resp_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0xef, 0x4a, 0x33, 0x05, 0x22, 0xf4, 0xc4, 0x4a,
+  0xa2, 0xde, 0x52, 0x17, 0xa6, 0xc8, 0x19, 0xd0, 0x00, 0x00, 0x00, 0x00
+};
+
+static const uint8_t RFFPCNEX_in_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0xbf, 0xee, 0x56, 0x27, 0x7f, 0xef, 0xf7, 0x42,
+  0x84, 0x54, 0xd5, 0x7b, 0xec, 0xe3, 0xcc, 0x55, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0xe0, 0x21, 0x26, 0x74, 0x08, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x5c, 0x00,
+  0x57, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x58, 0x00, 0x50, 0x00, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x4c, 0x0d, 0x0b, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x60, 0x0d, 0x0b, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x78, 0x0d, 0x0b, 0x00,
+  0x09, 0x00, 0x00, 0x00, 0x01, 0x00, 0x14, 0x00, 0x12, 0x00, 0x05, 0x00,
+  0x06, 0x00, 0x04, 0x00, 0x03, 0x00, 0x0c, 0x00, 0x0d, 0x00
+};
+
+static const uint8_t RFFPCNEX_out_data[] = {
+  0x00, 0x00, 0x00, 0x00
+};
+
+static const uint8_t RRPCN_in_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x1e, 0x9b, 0x8b, 0xe5, 0x32, 0x9a, 0xd5, 0x45,
+  0xa8, 0x0a, 0x10, 0x30, 0x5b, 0x87, 0x6f, 0x69, 0x01, 0x00, 0x00, 0x00,
+  0x44, 0x0d, 0x0b, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static const uint8_t RRPCN_out_data[] = {
+  0x00, 0x00, 0x02, 0x00, 0x1a, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x1a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x12, 0x00, 0x00, 0x00, 0x04, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x38, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, 0x00, 0x00, 0x0d, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x08, 0x22, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x02, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x02, 0x00, 0x01, 0x00, 0x03, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x1c, 0x00, 0x00, 0x00, 0x10, 0x00, 0x02, 0x00, 0x01, 0x00, 0x0a, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x0b, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x14, 0x00, 0x02, 0x00, 0x01, 0x00, 0x0d, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x14, 0x00, 0x00, 0x00, 0x18, 0x00, 0x02, 0x00, 0x01, 0x00, 0x0f, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x10, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x10, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x02, 0x00, 0x01, 0x00, 0x14, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x15, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x16, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x8c, 0x22, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x17, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x02, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x20, 0x00, 0x02, 0x00, 0x01, 0x00, 0x03, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x1c, 0x00, 0x00, 0x00, 0x24, 0x00, 0x02, 0x00, 0x01, 0x00, 0x0a, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x0b, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x28, 0x00, 0x02, 0x00, 0x01, 0x00, 0x0d, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x14, 0x00, 0x00, 0x00, 0x2c, 0x00, 0x02, 0x00, 0x01, 0x00, 0x0f, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x10, 0x00,
+  0x04, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x10, 0x00, 0x00, 0x00, 0x30, 0x00, 0x02, 0x00, 0x01, 0x00, 0x14, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x15, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x16, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x8c, 0x22, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x17, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00,
+  0x5c, 0x00, 0x5c, 0x00, 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x33, 0x00,
+  0x64, 0x00, 0x63, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x00, 0x00,
+  0x41, 0x00, 0x70, 0x00, 0x70, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x20, 0x00,
+  0x4c, 0x00, 0x61, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x57, 0x00,
+  0x72, 0x00, 0x69, 0x00, 0x74, 0x00, 0x65, 0x00, 0x72, 0x00, 0x20, 0x00,
+  0x31, 0x00, 0x32, 0x00, 0x2f, 0x00, 0x36, 0x00, 0x34, 0x00, 0x30, 0x00,
+  0x20, 0x00, 0x50, 0x00, 0x53, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x00, 0x00, 0x41, 0x00, 0x64, 0x00,
+  0x6d, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x69, 0x00, 0x73, 0x00, 0x74, 0x00,
+  0x72, 0x00, 0x61, 0x00, 0x74, 0x00, 0x6f, 0x00, 0x72, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00,
+  0x54, 0x00, 0x65, 0x00, 0x73, 0x00, 0x74, 0x00, 0x73, 0x00, 0x65, 0x00,
+  0x69, 0x00, 0x74, 0x00, 0x65, 0x00, 0x00, 0x00, 0xd6, 0x07, 0x07, 0x00,
+  0x06, 0x00, 0x16, 0x00, 0x0b, 0x00, 0x11, 0x00, 0x01, 0x00, 0x60, 0x03,
+  0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x00, 0x00,
+  0x41, 0x00, 0x64, 0x00, 0x6d, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x69, 0x00,
+  0x73, 0x00, 0x74, 0x00, 0x72, 0x00, 0x61, 0x00, 0x74, 0x00, 0x6f, 0x00,
+  0x72, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x00, 0x00, 0x54, 0x00, 0x65, 0x00, 0x73, 0x00, 0x74, 0x00,
+  0x73, 0x00, 0x65, 0x00, 0x69, 0x00, 0x74, 0x00, 0x65, 0x00, 0x00, 0x00,
+  0xd6, 0x07, 0x07, 0x00, 0x06, 0x00, 0x16, 0x00, 0x0b, 0x00, 0x11, 0x00,
+  0x0b, 0x00, 0x85, 0x02, 0x00, 0x00, 0x00, 0x00
+};
+
+static const uint8_t enumforms_in_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x22, 0x5c, 0x46, 0xe5, 0x74, 0xa1, 0x9e, 0x46,
+  0x95, 0x80, 0x19, 0xf1, 0xaa, 0x63, 0xc9, 0x01, 0x01, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static const uint8_t enumforms_out_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x6c, 0x1e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x7a, 0x00, 0x00, 0x00
+};
+
+static const uint8_t enumprinterdataex_in_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x22, 0x5c, 0x46, 0xe5, 0x74, 0xa1, 0x9e, 0x46,
+  0x95, 0x80, 0x19, 0xf1, 0xaa, 0x63, 0xc9, 0x01, 0x09, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x44, 0x00, 0x73, 0x00,
+  0x44, 0x00, 0x72, 0x00, 0x69, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static const uint8_t enumprinterdataex_out_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0xe0, 0x06, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
+  0xea, 0x00, 0x00, 0x00
+};
+
+static const uint8_t enumprinterdataex_w2k8r2_in_data[] = {
+	0x00, 0x00, 0x00, 0x00, 0x62, 0x2a, 0xa4, 0x60, 0x12, 0x99, 0xea, 0x4f,
+	0x88, 0xc9, 0xea, 0x0d, 0xb7, 0xc3, 0x61, 0x99, 0x12, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x12, 0x00, 0x00, 0x00, 0x50, 0x00, 0x72, 0x00,
+	0x69, 0x00, 0x6e, 0x00, 0x74, 0x00, 0x65, 0x00, 0x72, 0x00, 0x44, 0x00,
+	0x72, 0x00, 0x69, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00, 0x44, 0x00,
+	0x61, 0x00, 0x74, 0x00, 0x61, 0x00, 0x00, 0x00, 0x0c, 0x21, 0x00, 0x00
+};
+
+static const uint8_t enumprinterdataex_w2k8r2_out_data[] = {
+	0x0c, 0x21, 0x00, 0x00, 0xf4, 0x01, 0x00, 0x00, 0x24, 0x00, 0x00, 0x00,
+	0x04, 0x00, 0x00, 0x00, 0x18, 0x02, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+	0x08, 0x02, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+	0x18, 0x02, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x08, 0x02, 0x00, 0x00,
+	0x16, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x20, 0x02, 0x00, 0x00,
+	0x04, 0x00, 0x00, 0x00, 0x10, 0x02, 0x00, 0x00, 0x12, 0x00, 0x00, 0x00,
+	0x04, 0x00, 0x00, 0x00, 0x24, 0x02, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+	0x14, 0x02, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+	0x34, 0x02, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x24, 0x02, 0x00, 0x00,
+	0x18, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x3c, 0x02, 0x00, 0x00,
+	0x30, 0x02, 0x00, 0x00, 0x58, 0x04, 0x00, 0x00, 0x26, 0x00, 0x00, 0x00,
+	0x04, 0x00, 0x00, 0x00, 0x80, 0x04, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+	0x70, 0x04, 0x00, 0x00, 0x1e, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00,
+	0x90, 0x04, 0x00, 0x00, 0xfd, 0x01, 0x00, 0x00, 0x7a, 0x06, 0x00, 0x00,
+	0x0e, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x88, 0x06, 0x00, 0x00,
+	0x04, 0x00, 0x00, 0x00, 0x78, 0x06, 0x00, 0x00, 0x1e, 0x00, 0x00, 0x00,
+	0x07, 0x00, 0x00, 0x00, 0x96, 0x06, 0x00, 0x00, 0xcc, 0x02, 0x00, 0x00,
+	0x4e, 0x09, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+	0x68, 0x09, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x58, 0x09, 0x00, 0x00,
+	0x24, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x7c, 0x09, 0x00, 0x00,
+	0x10, 0x04, 0x00, 0x00, 0x78, 0x0d, 0x00, 0x00, 0x1a, 0x00, 0x00, 0x00,
+	0x04, 0x00, 0x00, 0x00, 0x94, 0x0d, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+	0x84, 0x0d, 0x00, 0x00, 0x26, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00,
+	0xac, 0x0d, 0x00, 0x00, 0xdc, 0x0b, 0x00, 0x00, 0x74, 0x19, 0x00, 0x00,
+	0x14, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x88, 0x19, 0x00, 0x00,
+	0x04, 0x00, 0x00, 0x00, 0x78, 0x19, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x90, 0x19, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00,
+	0xa4, 0x19, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+	0xcc, 0x19, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0xbc, 0x19, 0x00, 0x00,
+	0x2a, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0xe8, 0x19, 0x00, 0x00,
+	0x04, 0x00, 0x00, 0x00, 0xd8, 0x19, 0x00, 0x00, 0x1a, 0x00, 0x00, 0x00,
+	0x04, 0x00, 0x00, 0x00, 0xf4, 0x19, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+	0xe4, 0x19, 0x00, 0x00, 0x1c, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00,
+	0x00, 0x1a, 0x00, 0x00, 0xe4, 0x02, 0x00, 0x00, 0xd0, 0x1c, 0x00, 0x00,
+	0x20, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0xf0, 0x1c, 0x00, 0x00,
+	0x04, 0x00, 0x00, 0x00, 0xe0, 0x1c, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00,
+	0x03, 0x00, 0x00, 0x00, 0xf8, 0x1c, 0x00, 0x00, 0xd1, 0x00, 0x00, 0x00,
+	0xb6, 0x1d, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+	0xe0, 0x1d, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0xd0, 0x1d, 0x00, 0x00,
+	0x20, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0xf0, 0x1d, 0x00, 0x00,
+	0x39, 0x01, 0x00, 0x00, 0x16, 0x1f, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
+	0x04, 0x00, 0x00, 0x00, 0x28, 0x1f, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+	0x49, 0x00, 0x6e, 0x00, 0x69, 0x00, 0x74, 0x00, 0x44, 0x00, 0x72, 0x00,
+	0x69, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00, 0x56, 0x00, 0x65, 0x00,
+	0x72, 0x00, 0x73, 0x00, 0x69, 0x00, 0x6f, 0x00, 0x6e, 0x00, 0x00, 0x00,
+	0x00, 0x06, 0x00, 0x00, 0x46, 0x00, 0x72, 0x00, 0x65, 0x00, 0x65, 0x00,
+	0x4d, 0x00, 0x65, 0x00, 0x6d, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00,
+	0x4a, 0x00, 0x6f, 0x00, 0x62, 0x00, 0x54, 0x00, 0x69, 0x00, 0x6d, 0x00,
+	0x65, 0x00, 0x4f, 0x00, 0x75, 0x00, 0x74, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x50, 0x00, 0x72, 0x00, 0x6f, 0x00, 0x74, 0x00,
+	0x6f, 0x00, 0x63, 0x00, 0x6f, 0x00, 0x6c, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x50, 0x00, 0x72, 0x00, 0x69, 0x00, 0x6e, 0x00,
+	0x74, 0x00, 0x65, 0x00, 0x72, 0x00, 0x44, 0x00, 0x61, 0x00, 0x74, 0x00,
+	0x61, 0x00, 0x53, 0x00, 0x69, 0x00, 0x7a, 0x00, 0x65, 0x00, 0x00, 0x00,
+	0x30, 0x02, 0x00, 0x00, 0x50, 0x00, 0x72, 0x00, 0x69, 0x00, 0x6e, 0x00,
+	0x74, 0x00, 0x65, 0x00, 0x72, 0x00, 0x44, 0x00, 0x61, 0x00, 0x74, 0x00,
+	0x61, 0x00, 0x00, 0x00, 0x00, 0x06, 0x30, 0x02, 0x80, 0x0c, 0x00, 0x00,
+	0x00, 0x00, 0x60, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2c, 0x01, 0x00, 0x00,
+	0x64, 0x00, 0x58, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc6, 0x97, 0xda, 0x0b,
+	0x12, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00,
+	0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x46, 0x00, 0x65, 0x00, 0x61, 0x00, 0x74, 0x00, 0x75, 0x00, 0x72, 0x00,
+	0x65, 0x00, 0x4b, 0x00, 0x65, 0x00, 0x79, 0x00, 0x77, 0x00, 0x6f, 0x00,
+	0x72, 0x00, 0x64, 0x00, 0x53, 0x00, 0x69, 0x00, 0x7a, 0x00, 0x65, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0xfd, 0x01, 0x00, 0x00, 0x46, 0x00, 0x65, 0x00,
+	0x61, 0x00, 0x74, 0x00, 0x75, 0x00, 0x72, 0x00, 0x65, 0x00, 0x4b, 0x00,
+	0x65, 0x00, 0x79, 0x00, 0x77, 0x00, 0x6f, 0x00, 0x72, 0x00, 0x64, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x44, 0x75, 0x70, 0x6c, 0x65, 0x78, 0x55, 0x6e,
+	0x69, 0x74, 0x00, 0x4e, 0x6f, 0x74, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6c,
+	0x6c, 0x65, 0x64, 0x00, 0x0a, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6f,
+	0x72, 0x79, 0x4f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x42, 0x69, 0x6e, 0x73,
+	0x00, 0x4e, 0x6f, 0x6e, 0x65, 0x00, 0x0a, 0x49, 0x6e, 0x73, 0x74, 0x61,
+	0x6c, 0x6c, 0x65, 0x64, 0x4d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x00, 0x33,
+	0x38, 0x34, 0x2d, 0x34, 0x39, 0x35, 0x4d, 0x42, 0x00, 0x0a, 0x50, 0x72,
+	0x69, 0x6e, 0x74, 0x65, 0x72, 0x48, 0x61, 0x72, 0x64, 0x44, 0x69, 0x73,
+	0x6b, 0x00, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6c, 0x6c, 0x65, 0x64, 0x00,
+	0x0a, 0x4a, 0x6f, 0x62, 0x52, 0x65, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f,
+	0x6e, 0x00, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6c, 0x6c, 0x65, 0x64, 0x00,
+	0x0a, 0x48, 0x50, 0x50, 0x61, 0x73, 0x73, 0x74, 0x68, 0x72, 0x6f, 0x75,
+	0x67, 0x68, 0x00, 0x54, 0x72, 0x75, 0x65, 0x00, 0x0a, 0x44, 0x65, 0x76,
+	0x69, 0x63, 0x65, 0x49, 0x73, 0x4d, 0x6f, 0x70, 0x69, 0x65, 0x72, 0x00,
+	0x4e, 0x6f, 0x74, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6c, 0x6c, 0x65, 0x64,
+	0x00, 0x0a, 0x41, 0x75, 0x74, 0x6f, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x00, 0x4e, 0x6f, 0x74, 0x49,
+	0x6e, 0x73, 0x74, 0x61, 0x6c, 0x6c, 0x65, 0x64, 0x00, 0x0a, 0x48, 0x50,
+	0x4d, 0x65, 0x64, 0x69, 0x61, 0x50, 0x4d, 0x4c, 0x52, 0x61, 0x6e, 0x67,
+	0x65, 0x00, 0x31, 0x35, 0x2d, 0x31, 0x39, 0x00, 0x0a, 0x48, 0x50, 0x4f,
+	0x75, 0x74, 0x70, 0x75, 0x74, 0x42, 0x69, 0x6e, 0x50, 0x4d, 0x4c, 0x52,
+	0x61, 0x6e, 0x67, 0x65, 0x00, 0x30, 0x2d, 0x30, 0x00, 0x0a, 0x48, 0x50,
+	0x50, 0x72, 0x6e, 0x50, 0x72, 0x6f, 0x70, 0x52, 0x65, 0x73, 0x6f, 0x75,
+	0x72, 0x63, 0x65, 0x44, 0x61, 0x74, 0x61, 0x00, 0x48, 0x50, 0x43, 0x61,
+	0x62, 0x46, 0x69, 0x6c, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x00, 0x0a, 0x48,
+	0x50, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6c, 0x6c, 0x61, 0x62, 0x6c, 0x65,
+	0x48, 0x43, 0x4f, 0x00, 0x33, 0x30, 0x30, 0x30, 0x53, 0x74, 0x61, 0x63,
+	0x6b, 0x65, 0x72, 0x2d, 0x43, 0x38, 0x30, 0x38, 0x34, 0x00, 0x0a, 0x48,
+	0x50, 0x4d, 0x4f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x42, 0x69, 0x6e, 0x48,
+	0x43, 0x4f, 0x4d, 0x61, 0x70, 0x00, 0x4e, 0x6f, 0x6e, 0x65, 0x00, 0x0a,
+	0x48, 0x50, 0x4d, 0x4f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x42, 0x69, 0x6e,
+	0x48, 0x43, 0x4f, 0x50, 0x4d, 0x4c, 0x4d, 0x61, 0x70, 0x00, 0x4e, 0x6f,
+	0x6e, 0x65, 0x00, 0x0a, 0x48, 0x50, 0x50, 0x44, 0x4c, 0x54, 0x79, 0x70,
+	0x65, 0x00, 0x50, 0x44, 0x4c, 0x5f, 0x50, 0x53, 0x00, 0x0a, 0x53, 0x63,
+	0x61, 0x6c, 0x65, 0x46, 0x72, 0x6f, 0x6d, 0x4c, 0x61, 0x72, 0x67, 0x65,
+	0x50, 0x61, 0x70, 0x65, 0x72, 0x00, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6c,
+	0x6c, 0x65, 0x64, 0x00, 0x0a, 0x41, 0x63, 0x74, 0x75, 0x61, 0x6c, 0x43,
+	0x75, 0x73, 0x74, 0x6f, 0x6d, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x00, 0x33,
+	0x30, 0x36, 0x30, 0x37, 0x30, 0x5f, 0x34, 0x36, 0x39, 0x39, 0x30, 0x30,
+	0x00, 0x0a, 0x43, 0x6f, 0x6d, 0x62, 0x69, 0x6e, 0x65, 0x4d, 0x65, 0x64,
+	0x69, 0x61, 0x54, 0x79, 0x70, 0x65, 0x73, 0x41, 0x6e, 0x64, 0x49, 0x6e,
+	0x70, 0x75, 0x74, 0x42, 0x69, 0x6e, 0x73, 0x00, 0x49, 0x6e, 0x73, 0x74,
+	0x61, 0x6c, 0x6c, 0x65, 0x64, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x46, 0x00,
+	0x6f, 0x00, 0x72, 0x00, 0x6d, 0x00, 0x73, 0x00, 0x3f, 0x00, 0x00, 0x00,
+	0xc6, 0x97, 0xda, 0x0b, 0x44, 0x00, 0x65, 0x00, 0x70, 0x00, 0x65, 0x00,
+	0x6e, 0x00, 0x64, 0x00, 0x65, 0x00, 0x6e, 0x00, 0x74, 0x00, 0x46, 0x00,
+	0x69, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x73, 0x00, 0x00, 0x00, 0x48, 0x00,
+	0x50, 0x00, 0x5a, 0x00, 0x45, 0x00, 0x4e, 0x00, 0x4c, 0x00, 0x48, 0x00,
+	0x4e, 0x00, 0x2e, 0x00, 0x43, 0x00, 0x48, 0x00, 0x4d, 0x00, 0x00, 0x00,
+	0x48, 0x00, 0x50, 0x00, 0x5a, 0x00, 0x4c, 0x00, 0x53, 0x00, 0x4c, 0x00,
+	0x48, 0x00, 0x4e, 0x00, 0x2e, 0x00, 0x44, 0x00, 0x4c, 0x00, 0x4c, 0x00,
+	0x00, 0x00, 0x48, 0x00, 0x50, 0x00, 0x5a, 0x00, 0x53, 0x00, 0x53, 0x00,
+	0x4c, 0x00, 0x48, 0x00, 0x4e, 0x00, 0x2e, 0x00, 0x44, 0x00, 0x4c, 0x00,
+	0x4c, 0x00, 0x00, 0x00, 0x48, 0x00, 0x50, 0x00, 0x5a, 0x00, 0x55, 0x00,
+	0x49, 0x00, 0x4c, 0x00, 0x48, 0x00, 0x4e, 0x00, 0x2e, 0x00, 0x44, 0x00,
+	0x4c, 0x00, 0x4c, 0x00, 0x00, 0x00, 0x48, 0x00, 0x50, 0x00, 0x5a, 0x00,
+	0x53, 0x00, 0x52, 0x00, 0x4c, 0x00, 0x48, 0x00, 0x4e, 0x00, 0x2e, 0x00,
+	0x44, 0x00, 0x4c, 0x00, 0x4c, 0x00, 0x00, 0x00, 0x48, 0x00, 0x50, 0x00,
+	0x5a, 0x00, 0x53, 0x00, 0x43, 0x00, 0x4c, 0x00, 0x48, 0x00, 0x4e, 0x00,
+	0x2e, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x49, 0x00, 0x00, 0x00, 0x48, 0x00,
+	0x50, 0x00, 0x4d, 0x00, 0x43, 0x00, 0x50, 0x00, 0x44, 0x00, 0x50, 0x00,
+	0x53, 0x00, 0x2e, 0x00, 0x58, 0x00, 0x4d, 0x00, 0x4c, 0x00, 0x00, 0x00,
+	0x48, 0x00, 0x50, 0x00, 0x5a, 0x00, 0x53, 0x00, 0x43, 0x00, 0x4c, 0x00,
+	0x48, 0x00, 0x4e, 0x00, 0x2e, 0x00, 0x44, 0x00, 0x54, 0x00, 0x44, 0x00,
+	0x00, 0x00, 0x48, 0x00, 0x50, 0x00, 0x5a, 0x00, 0x46, 0x00, 0x4e, 0x00,
+	0x4c, 0x00, 0x48, 0x00, 0x4e, 0x00, 0x2e, 0x00, 0x4e, 0x00, 0x54, 0x00,
+	0x46, 0x00, 0x00, 0x00, 0x48, 0x00, 0x50, 0x00, 0x4d, 0x00, 0x43, 0x00,
+	0x50, 0x00, 0x44, 0x00, 0x32, 0x00, 0x35, 0x00, 0x2e, 0x00, 0x43, 0x00,
+	0x46, 0x00, 0x47, 0x00, 0x00, 0x00, 0x48, 0x00, 0x50, 0x00, 0x5a, 0x00,
+	0x53, 0x00, 0x54, 0x00, 0x4c, 0x00, 0x48, 0x00, 0x4e, 0x00, 0x2e, 0x00,
+	0x44, 0x00, 0x4c, 0x00, 0x4c, 0x00, 0x00, 0x00, 0x48, 0x00, 0x50, 0x00,
+	0x5a, 0x00, 0x45, 0x00, 0x56, 0x00, 0x4c, 0x00, 0x48, 0x00, 0x4e, 0x00,
+	0x2e, 0x00, 0x44, 0x00, 0x4c, 0x00, 0x4c, 0x00, 0x00, 0x00, 0x48, 0x00,
+	0x50, 0x00, 0x43, 0x00, 0x44, 0x00, 0x4d, 0x00, 0x43, 0x00, 0x4c, 0x00,
+	0x48, 0x00, 0x2e, 0x00, 0x44, 0x00, 0x4c, 0x00, 0x4c, 0x00, 0x00, 0x00,
+	0x48, 0x00, 0x50, 0x00, 0x5a, 0x00, 0x49, 0x00, 0x44, 0x00, 0x52, 0x00,
+	0x31, 0x00, 0x32, 0x00, 0x2e, 0x00, 0x44, 0x00, 0x4c, 0x00, 0x4c, 0x00,
+	0x00, 0x00, 0x48, 0x00, 0x50, 0x00, 0x5a, 0x00, 0x49, 0x00, 0x4e, 0x00,
+	0x57, 0x00, 0x31, 0x00, 0x32, 0x00, 0x2e, 0x00, 0x44, 0x00, 0x4c, 0x00,
+	0x4c, 0x00, 0x00, 0x00, 0x48, 0x00, 0x50, 0x00, 0x5a, 0x00, 0x49, 0x00,
+	0x50, 0x00, 0x4d, 0x00, 0x31, 0x00, 0x32, 0x00, 0x2e, 0x00, 0x44, 0x00,
+	0x4c, 0x00, 0x4c, 0x00, 0x00, 0x00, 0x48, 0x00, 0x50, 0x00, 0x5a, 0x00,
+	0x49, 0x00, 0x50, 0x00, 0x52, 0x00, 0x31, 0x00, 0x32, 0x00, 0x2e, 0x00,
+	0x44, 0x00, 0x4c, 0x00, 0x4c, 0x00, 0x00, 0x00, 0x48, 0x00, 0x50, 0x00,
+	0x5a, 0x00, 0x49, 0x00, 0x50, 0x00, 0x54, 0x00, 0x31, 0x00, 0x32, 0x00,
+	0x2e, 0x00, 0x44, 0x00, 0x4c, 0x00, 0x4c, 0x00, 0x00, 0x00, 0x48, 0x00,
+	0x50, 0x00, 0x5a, 0x00, 0x49, 0x00, 0x53, 0x00, 0x4e, 0x00, 0x31, 0x00,
+	0x32, 0x00, 0x2e, 0x00, 0x44, 0x00, 0x4c, 0x00, 0x4c, 0x00, 0x00, 0x00,
+	0x48, 0x00, 0x50, 0x00, 0x42, 0x00, 0x4d, 0x00, 0x49, 0x00, 0x41, 0x00,
+	0x50, 0x00, 0x49, 0x00, 0x2e, 0x00, 0x44, 0x00, 0x4c, 0x00, 0x4c, 0x00,
+	0x00, 0x00, 0x48, 0x00, 0x50, 0x00, 0x42, 0x00, 0x4d, 0x00, 0x49, 0x00,
+	0x4e, 0x00, 0x49, 0x00, 0x2e, 0x00, 0x44, 0x00, 0x4c, 0x00, 0x4c, 0x00,
+	0x00, 0x00, 0x48, 0x00, 0x50, 0x00, 0x42, 0x00, 0x4f, 0x00, 0x49, 0x00,
+	0x44, 0x00, 0x2e, 0x00, 0x44, 0x00, 0x4c, 0x00, 0x4c, 0x00, 0x00, 0x00,
+	0x48, 0x00, 0x50, 0x00, 0x42, 0x00, 0x4f, 0x00, 0x49, 0x00, 0x44, 0x00,
+	0x50, 0x00, 0x53, 0x00, 0x2e, 0x00, 0x44, 0x00, 0x4c, 0x00, 0x4c, 0x00,
+	0x00, 0x00, 0x48, 0x00, 0x50, 0x00, 0x42, 0x00, 0x50, 0x00, 0x52, 0x00,
+	0x4f, 0x00, 0x2e, 0x00, 0x44, 0x00, 0x4c, 0x00, 0x4c, 0x00, 0x00, 0x00,
+	0x48, 0x00, 0x50, 0x00, 0x42, 0x00, 0x50, 0x00, 0x52, 0x00, 0x4f, 0x00,
+	0x50, 0x00, 0x53, 0x00, 0x2e, 0x00, 0x44, 0x00, 0x4c, 0x00, 0x4c, 0x00,
+	0x00, 0x00, 0x48, 0x00, 0x50, 0x00, 0x45, 0x00, 0x41, 0x00, 0x43, 0x00,
+	0x4c, 0x00, 0x48, 0x00, 0x4e, 0x00, 0x2e, 0x00, 0x48, 0x00, 0x50, 0x00,
+	0x49, 0x00, 0x00, 0x00, 0x50, 0x00, 0x53, 0x00, 0x43, 0x00, 0x52, 0x00,
+	0x49, 0x00, 0x50, 0x00, 0x54, 0x00, 0x2e, 0x00, 0x4e, 0x00, 0x54, 0x00,
+	0x46, 0x00, 0x00, 0x00, 0x50, 0x00, 0x53, 0x00, 0x5f, 0x00, 0x53, 0x00,
+	0x43, 0x00, 0x48, 0x00, 0x4d, 0x00, 0x2e, 0x00, 0x47, 0x00, 0x44, 0x00,
+	0x4c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x48, 0x00, 0x50, 0x00, 0x54, 0x00,
+	0x72, 0x00, 0x61, 0x00, 0x79, 0x00, 0x43, 0x00, 0x6f, 0x00, 0x75, 0x00,
+	0x6e, 0x00, 0x74, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, 0x00, 0x00, 0x00,
+	0x48, 0x00, 0x50, 0x00, 0x54, 0x00, 0x52, 0x00, 0x41, 0x00, 0x59, 0x00,
+	0x49, 0x00, 0x4e, 0x00, 0x46, 0x00, 0x4f, 0x00, 0x52, 0x00, 0x45, 0x00,
+	0x47, 0x00, 0x44, 0x00, 0x41, 0x00, 0x54, 0x00, 0x41, 0x00, 0x00, 0x00,
+	0x41, 0x00, 0x75, 0x00, 0x74, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x61, 0x00,
+	0x74, 0x00, 0x69, 0x00, 0x63, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x6c, 0x00,
+	0x79, 0x00, 0x20, 0x00, 0x53, 0x00, 0x65, 0x00, 0x6c, 0x00, 0x65, 0x00,
+	0x63, 0x00, 0x74, 0x00, 0x00, 0x00, 0x00, 0x0f, 0x00, 0x00, 0x00, 0x50,
+	0x00, 0x72, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x74, 0x00, 0x65, 0x00, 0x72,
+	0x00, 0x20, 0x00, 0x41, 0x00, 0x75, 0x00, 0x74, 0x00, 0x6f, 0x00, 0x20,
+	0x00, 0x53, 0x00, 0x65, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x63, 0x00, 0x74,
+	0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x4d, 0x00, 0x61, 0x00,
+	0x6e, 0x00, 0x75, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x20, 0x00, 0x46, 0x00,
+	0x65, 0x00, 0x65, 0x00, 0x64, 0x00, 0x20, 0x00, 0x69, 0x00, 0x6e, 0x00,
+	0x20, 0x00, 0x54, 0x00, 0x72, 0x00, 0x61, 0x00, 0x79, 0x00, 0x20, 0x00,
+	0x31, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01, 0x00, 0x00, 0x54, 0x00, 0x72,
+	0x00, 0x61, 0x00, 0x79, 0x00, 0x20, 0x00, 0x31, 0x00, 0x00, 0x00, 0x00,
+	0x03, 0x01, 0x00, 0x00, 0x54, 0x00, 0x72, 0x00, 0x61, 0x00, 0x79, 0x00,
+	0x20, 0x00, 0x32, 0x00, 0x00, 0x00, 0x00, 0x04, 0x01, 0x00, 0x00, 0x54,
+	0x00, 0x72, 0x00, 0x61, 0x00, 0x79, 0x00, 0x20, 0x00, 0x33, 0x00, 0x00,
+	0x00, 0x00, 0x05, 0x01, 0x00, 0x00, 0x54, 0x00, 0x72, 0x00, 0x61, 0x00,
+	0x79, 0x00, 0x20, 0x00, 0x34, 0x00, 0x00, 0x00, 0x00, 0x06, 0x01, 0x00,
+	0x00, 0x54, 0x00, 0x72, 0x00, 0x61, 0x00, 0x79, 0x00, 0x20, 0x00, 0x35,
+	0x00, 0x00, 0x00, 0x00, 0x07, 0x01, 0x00, 0x00, 0x54, 0x00, 0x72, 0x00,
+	0x61, 0x00, 0x79, 0x00, 0x20, 0x00, 0x36, 0x00, 0x00, 0x00, 0x00, 0x08,
+	0x01, 0x00, 0x00, 0x54, 0x00, 0x72, 0x00, 0x61, 0x00, 0x79, 0x00, 0x20,
+	0x00, 0x37, 0x00, 0x00, 0x00, 0x00, 0x09, 0x01, 0x00, 0x00, 0x54, 0x00,
+	0x72, 0x00, 0x61, 0x00, 0x79, 0x00, 0x20, 0x00, 0x38, 0x00, 0x00, 0x00,
+	0x00, 0x0a, 0x01, 0x00, 0x00, 0x54, 0x00, 0x72, 0x00, 0x61, 0x00, 0x79,
+	0x00, 0x20, 0x00, 0x39, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x01, 0x00, 0x00,
+	0x45, 0x00, 0x78, 0x00, 0x20, 0x00, 0x54, 0x00, 0x72, 0x00, 0x61, 0x00,
+	0x79, 0x00, 0x20, 0x00, 0x28, 0x00, 0x4d, 0x00, 0x50, 0x00, 0x35, 0x00,
+	0x29, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x01, 0x00, 0x00, 0x45, 0x00, 0x78,
+	0x00, 0x20, 0x00, 0x54, 0x00, 0x72, 0x00, 0x61, 0x00, 0x79, 0x00, 0x20,
+	0x00, 0x28, 0x00, 0x4d, 0x00, 0x50, 0x00, 0x36, 0x00, 0x29, 0x00, 0x00,
+	0x00, 0x00, 0x0d, 0x01, 0x00, 0x00, 0x45, 0x00, 0x78, 0x00, 0x20, 0x00,
+	0x54, 0x00, 0x72, 0x00, 0x61, 0x00, 0x79, 0x00, 0x20, 0x00, 0x28, 0x00,
+	0x4d, 0x00, 0x50, 0x00, 0x37, 0x00, 0x29, 0x00, 0x00, 0x00, 0x00, 0x0e,
+	0x01, 0x00, 0x00, 0x45, 0x00, 0x78, 0x00, 0x20, 0x00, 0x54, 0x00, 0x72,
+	0x00, 0x61, 0x00, 0x79, 0x00, 0x20, 0x00, 0x28, 0x00, 0x4d, 0x00, 0x50,
+	0x00, 0x38, 0x00, 0x29, 0x00, 0x00, 0x00, 0x00, 0x0f, 0x01, 0x00, 0x00,
+	0x45, 0x00, 0x78, 0x00, 0x20, 0x00, 0x54, 0x00, 0x72, 0x00, 0x61, 0x00,
+	0x79, 0x00, 0x20, 0x00, 0x28, 0x00, 0x4d, 0x00, 0x50, 0x00, 0x39, 0x00,
+	0x29, 0x00, 0x00, 0x00, 0x00, 0x10, 0x01, 0x00, 0x00, 0x45, 0x00, 0x78,
+	0x00, 0x20, 0x00, 0x54, 0x00, 0x72, 0x00, 0x61, 0x00, 0x79, 0x00, 0x20,
+	0x00, 0x28, 0x00, 0x4d, 0x00, 0x50, 0x00, 0x31, 0x00, 0x30, 0x00, 0x29,
+	0x00, 0x00, 0x00, 0x00, 0x11, 0x01, 0x00, 0x00, 0x45, 0x00, 0x6e, 0x00,
+	0x76, 0x00, 0x65, 0x00, 0x6c, 0x00, 0x6f, 0x00, 0x70, 0x00, 0x65, 0x00,
+	0x20, 0x00, 0x46, 0x00, 0x65, 0x00, 0x65, 0x00, 0x64, 0x00, 0x65, 0x00,
+	0x72, 0x00, 0x00, 0x00, 0x00, 0x12, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x48, 0x00, 0x50, 0x00,
+	0x4d, 0x00, 0x65, 0x00, 0x64, 0x00, 0x69, 0x00, 0x61, 0x00, 0x43, 0x00,
+	0x6f, 0x00, 0x75, 0x00, 0x6e, 0x00, 0x74, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x16, 0x00, 0x00, 0x00, 0x48, 0x00, 0x50, 0x00, 0x4d, 0x00, 0x45, 0x00,
+	0x44, 0x00, 0x49, 0x00, 0x41, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x46, 0x00,
+	0x4f, 0x00, 0x52, 0x00, 0x45, 0x00, 0x47, 0x00, 0x44, 0x00, 0x41, 0x00,
+	0x54, 0x00, 0x41, 0x00, 0x00, 0x00, 0x00, 0x00, 0x55, 0x00, 0x6e, 0x00,
+	0x73, 0x00, 0x70, 0x00, 0x65, 0x00, 0x63, 0x00, 0x69, 0x00, 0x66, 0x00,
+	0x69, 0x00, 0x65, 0x00, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00,
+	0x00, 0x50, 0x00, 0x6c, 0x00, 0x61, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x00,
+	0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x50, 0x00, 0x72, 0x00, 0x65, 0x00,
+	0x70, 0x00, 0x72, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x74, 0x00, 0x65, 0x00,
+	0x64, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01, 0x00, 0x00, 0x4c, 0x00, 0x65,
+	0x00, 0x74, 0x00, 0x74, 0x00, 0x65, 0x00, 0x72, 0x00, 0x68, 0x00, 0x65,
+	0x00, 0x61, 0x00, 0x64, 0x00, 0x00, 0x00, 0x00, 0x03, 0x01, 0x00, 0x00,
+	0x54, 0x00, 0x72, 0x00, 0x61, 0x00, 0x6e, 0x00, 0x73, 0x00, 0x70, 0x00,
+	0x61, 0x00, 0x72, 0x00, 0x65, 0x00, 0x6e, 0x00, 0x63, 0x00, 0x79, 0x00,
+	0x00, 0x00, 0x00, 0x04, 0x01, 0x00, 0x00, 0x50, 0x00, 0x72, 0x00, 0x65,
+	0x00, 0x70, 0x00, 0x75, 0x00, 0x6e, 0x00, 0x63, 0x00, 0x68, 0x00, 0x65,
+	0x00, 0x64, 0x00, 0x00, 0x00, 0x00, 0x05, 0x01, 0x00, 0x00, 0x4c, 0x00,
+	0x61, 0x00, 0x62, 0x00, 0x65, 0x00, 0x6c, 0x00, 0x73, 0x00, 0x00, 0x00,
+	0x00, 0x06, 0x01, 0x00, 0x00, 0x42, 0x00, 0x6f, 0x00, 0x6e, 0x00, 0x64,
+	0x00, 0x00, 0x00, 0x00, 0x07, 0x01, 0x00, 0x00, 0x52, 0x00, 0x65, 0x00,
+	0x63, 0x00, 0x79, 0x00, 0x63, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x64, 0x00,
+	0x00, 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x43, 0x00, 0x6f, 0x00, 0x6c,
+	0x00, 0x6f, 0x00, 0x72, 0x00, 0x00, 0x00, 0x00, 0x09, 0x01, 0x00, 0x00,
+	0x4c, 0x00, 0x69, 0x00, 0x67, 0x00, 0x68, 0x00, 0x74, 0x00, 0x20, 0x00,
+	0x3c, 0x00, 0x37, 0x00, 0x35, 0x00, 0x20, 0x00, 0x67, 0x00, 0x2f, 0x00,
+	0x6d, 0x00, 0x32, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x48,
+	0x00, 0x65, 0x00, 0x61, 0x00, 0x76, 0x00, 0x79, 0x00, 0x00, 0x00, 0x00,
+	0x0b, 0x01, 0x00, 0x00, 0x43, 0x00, 0x61, 0x00, 0x72, 0x00, 0x64, 0x00,
+	0x73, 0x00, 0x74, 0x00, 0x6f, 0x00, 0x63, 0x00, 0x6b, 0x00, 0x20, 0x00,
+	0x3e, 0x00, 0x31, 0x00, 0x36, 0x00, 0x33, 0x00, 0x20, 0x00, 0x67, 0x00,
+	0x2f, 0x00, 0x6d, 0x00, 0x32, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x01, 0x00,
+	0x00, 0x47, 0x00, 0x6c, 0x00, 0x6f, 0x00, 0x73, 0x00, 0x73, 0x00, 0x79,
+	0x00, 0x00, 0x00, 0x00, 0x0d, 0x01, 0x00, 0x00, 0x48, 0x00, 0x50, 0x00,
+	0x20, 0x00, 0x48, 0x00, 0x65, 0x00, 0x61, 0x00, 0x76, 0x00, 0x79, 0x00,
+	0x20, 0x00, 0x47, 0x00, 0x6c, 0x00, 0x6f, 0x00, 0x73, 0x00, 0x73, 0x00,
+	0x79, 0x00, 0x00, 0x00, 0x00, 0x0e, 0x01, 0x00, 0x00, 0x54, 0x00, 0x6f,
+	0x00, 0x75, 0x00, 0x67, 0x00, 0x68, 0x00, 0x20, 0x00, 0x70, 0x00, 0x61,
+	0x00, 0x70, 0x00, 0x65, 0x00, 0x72, 0x00, 0x00, 0x00, 0x00, 0x0f, 0x01,
+	0x00, 0x00, 0x45, 0x00, 0x6e, 0x00, 0x76, 0x00, 0x65, 0x00, 0x6c, 0x00,
+	0x6f, 0x00, 0x70, 0x00, 0x65, 0x00, 0x00, 0x00, 0x00, 0x10, 0x01, 0x00,
+	0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x11, 0x01, 0x00, 0x00, 0x20, 0x00,
+	0x00, 0x00, 0x00, 0x12, 0x01, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00,
+	0x13, 0x01, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x14, 0x01, 0x00,
+	0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x15, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x42, 0x00, 0x69, 0x00,
+	0x64, 0x00, 0x69, 0x00, 0x53, 0x00, 0x74, 0x00, 0x61, 0x00, 0x74, 0x00,
+	0x65, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x49, 0x00, 0x6e, 0x00,
+	0x73, 0x00, 0x74, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x6c, 0x00, 0x44, 0x00,
+	0x61, 0x00, 0x74, 0x00, 0x65, 0x00, 0x00, 0x00, 0x31, 0x00, 0x31, 0x00,
+	0x2f, 0x00, 0x32, 0x00, 0x36, 0x00, 0x2f, 0x00, 0x32, 0x00, 0x30, 0x00,
+	0x30, 0x00, 0x39, 0x00, 0x3a, 0x00, 0x31, 0x00, 0x32, 0x00, 0x3a, 0x00,
+	0x31, 0x00, 0x38, 0x00, 0x3a, 0x00, 0x31, 0x00, 0x37, 0x00, 0x00, 0x00,
+	0x43, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x62, 0x00, 0x69, 0x00, 0x6e, 0x00,
+	0x65, 0x00, 0x64, 0x00, 0x4d, 0x00, 0x65, 0x00, 0x64, 0x00, 0x69, 0x00,
+	0x61, 0x00, 0x53, 0x00, 0x74, 0x00, 0x61, 0x00, 0x74, 0x00, 0x75, 0x00,
+	0x73, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x49, 0x00, 0x6e, 0x00,
+	0x73, 0x00, 0x74, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x6c, 0x00, 0x61, 0x00,
+	0x74, 0x00, 0x69, 0x00, 0x6f, 0x00, 0x6e, 0x00, 0x43, 0x00, 0x6f, 0x00,
+	0x6d, 0x00, 0x70, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x74, 0x00, 0x65, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x54, 0x00, 0x72, 0x00,
+	0x61, 0x00, 0x79, 0x00, 0x46, 0x00, 0x6f, 0x00, 0x72, 0x00, 0x6d, 0x00,
+	0x53, 0x00, 0x69, 0x00, 0x7a, 0x00, 0x65, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xe4, 0x02, 0x00, 0x00, 0x54, 0x00, 0x72, 0x00, 0x61, 0x00, 0x79, 0x00,
+	0x46, 0x00, 0x6f, 0x00, 0x72, 0x00, 0x6d, 0x00, 0x54, 0x00, 0x61, 0x00,
+	0x62, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x00, 0x00, 0xe4, 0x02, 0x50, 0x00,
+	0x72, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x74, 0x00, 0x65, 0x00, 0x72, 0x00,
+	0x20, 0x00, 0x41, 0x00, 0x75, 0x00, 0x74, 0x00, 0x6f, 0x00, 0x20, 0x00,
+	0x53, 0x00, 0x65, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x63, 0x00, 0x74, 0x00,
+	0x00, 0x00, 0x4c, 0x00, 0x65, 0x00, 0x74, 0x00, 0x74, 0x00, 0x65, 0x00,
+	0x72, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x4d, 0x00, 0x61, 0x00,
+	0x6e, 0x00, 0x75, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x20, 0x00, 0x46, 0x00,
+	0x65, 0x00, 0x65, 0x00, 0x64, 0x00, 0x20, 0x00, 0x69, 0x00, 0x6e, 0x00,
+	0x20, 0x00, 0x54, 0x00, 0x72, 0x00, 0x61, 0x00, 0x79, 0x00, 0x20, 0x00,
+	0x31, 0x00, 0x00, 0x00, 0x4c, 0x00, 0x65, 0x00, 0x74, 0x00, 0x74, 0x00,
+	0x65, 0x00, 0x72, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x54, 0x00,
+	0x72, 0x00, 0x61, 0x00, 0x79, 0x00, 0x20, 0x00, 0x31, 0x00, 0x00, 0x00,
+	0x4c, 0x00, 0x65, 0x00, 0x74, 0x00, 0x74, 0x00, 0x65, 0x00, 0x72, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x54, 0x00, 0x72, 0x00, 0x61, 0x00,
+	0x79, 0x00, 0x20, 0x00, 0x32, 0x00, 0x00, 0x00, 0x4c, 0x00, 0x65, 0x00,
+	0x74, 0x00, 0x74, 0x00, 0x65, 0x00, 0x72, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x54, 0x00, 0x72, 0x00, 0x61, 0x00, 0x79, 0x00, 0x20, 0x00,
+	0x33, 0x00, 0x00, 0x00, 0x4c, 0x00, 0x65, 0x00, 0x74, 0x00, 0x74, 0x00,
+	0x65, 0x00, 0x72, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x54, 0x00,
+	0x72, 0x00, 0x61, 0x00, 0x79, 0x00, 0x20, 0x00, 0x34, 0x00, 0x00, 0x00,
+	0x4c, 0x00, 0x65, 0x00, 0x74, 0x00, 0x74, 0x00, 0x65, 0x00, 0x72, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x54, 0x00, 0x72, 0x00, 0x61, 0x00,
+	0x79, 0x00, 0x20, 0x00, 0x35, 0x00, 0x00, 0x00, 0x4c, 0x00, 0x65, 0x00,
+	0x74, 0x00, 0x74, 0x00, 0x65, 0x00, 0x72, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x54, 0x00, 0x72, 0x00, 0x61, 0x00, 0x79, 0x00, 0x20, 0x00,
+	0x36, 0x00, 0x00, 0x00, 0x4c, 0x00, 0x65, 0x00, 0x74, 0x00, 0x74, 0x00,
+	0x65, 0x00, 0x72, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x54, 0x00,
+	0x72, 0x00, 0x61, 0x00, 0x79, 0x00, 0x20, 0x00, 0x37, 0x00, 0x00, 0x00,
+	0x4c, 0x00, 0x65, 0x00, 0x74, 0x00, 0x74, 0x00, 0x65, 0x00, 0x72, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x54, 0x00, 0x72, 0x00, 0x61, 0x00,
+	0x79, 0x00, 0x20, 0x00, 0x38, 0x00, 0x00, 0x00, 0x4c, 0x00, 0x65, 0x00,
+	0x74, 0x00, 0x74, 0x00, 0x65, 0x00, 0x72, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x54, 0x00, 0x72, 0x00, 0x61, 0x00, 0x79, 0x00, 0x20, 0x00,
+	0x39, 0x00, 0x00, 0x00, 0x4c, 0x00, 0x65, 0x00, 0x74, 0x00, 0x74, 0x00,
+	0x65, 0x00, 0x72, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x45, 0x00,
+	0x78, 0x00, 0x20, 0x00, 0x54, 0x00, 0x72, 0x00, 0x61, 0x00, 0x79, 0x00,
+	0x20, 0x00, 0x28, 0x00, 0x4d, 0x00, 0x50, 0x00, 0x35, 0x00, 0x29, 0x00,
+	0x00, 0x00, 0x4c, 0x00, 0x65, 0x00, 0x74, 0x00, 0x74, 0x00, 0x65, 0x00,
+	0x72, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x45, 0x00, 0x78, 0x00,
+	0x20, 0x00, 0x54, 0x00, 0x72, 0x00, 0x61, 0x00, 0x79, 0x00, 0x20, 0x00,
+	0x28, 0x00, 0x4d, 0x00, 0x50, 0x00, 0x36, 0x00, 0x29, 0x00, 0x00, 0x00,
+	0x4c, 0x00, 0x65, 0x00, 0x74, 0x00, 0x74, 0x00, 0x65, 0x00, 0x72, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x45, 0x00, 0x78, 0x00, 0x20, 0x00,
+	0x54, 0x00, 0x72, 0x00, 0x61, 0x00, 0x79, 0x00, 0x20, 0x00, 0x28, 0x00,
+	0x4d, 0x00, 0x50, 0x00, 0x37, 0x00, 0x29, 0x00, 0x00, 0x00, 0x4c, 0x00,
+	0x65, 0x00, 0x74, 0x00, 0x74, 0x00, 0x65, 0x00, 0x72, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x45, 0x00, 0x78, 0x00, 0x20, 0x00, 0x54, 0x00,
+	0x72, 0x00, 0x61, 0x00, 0x79, 0x00, 0x20, 0x00, 0x28, 0x00, 0x4d, 0x00,
+	0x50, 0x00, 0x38, 0x00, 0x29, 0x00, 0x00, 0x00, 0x4c, 0x00, 0x65, 0x00,
+	0x74, 0x00, 0x74, 0x00, 0x65, 0x00, 0x72, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x45, 0x00, 0x78, 0x00, 0x20, 0x00, 0x54, 0x00, 0x72, 0x00,
+	0x61, 0x00, 0x79, 0x00, 0x20, 0x00, 0x28, 0x00, 0x4d, 0x00, 0x50, 0x00,
+	0x39, 0x00, 0x29, 0x00, 0x00, 0x00, 0x4c, 0x00, 0x65, 0x00, 0x74, 0x00,
+	0x74, 0x00, 0x65, 0x00, 0x72, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x45, 0x00, 0x78, 0x00, 0x20, 0x00, 0x54, 0x00, 0x72, 0x00, 0x61, 0x00,
+	0x79, 0x00, 0x20, 0x00, 0x28, 0x00, 0x4d, 0x00, 0x50, 0x00, 0x31, 0x00,
+	0x30, 0x00, 0x29, 0x00, 0x00, 0x00, 0x4c, 0x00, 0x65, 0x00, 0x74, 0x00,
+	0x74, 0x00, 0x65, 0x00, 0x72, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x45, 0x00, 0x6e, 0x00, 0x76, 0x00, 0x65, 0x00, 0x6c, 0x00, 0x6f, 0x00,
+	0x70, 0x00, 0x65, 0x00, 0x20, 0x00, 0x46, 0x00, 0x65, 0x00, 0x65, 0x00,
+	0x64, 0x00, 0x65, 0x00, 0x72, 0x00, 0x00, 0x00, 0x4c, 0x00, 0x65, 0x00,
+	0x74, 0x00, 0x74, 0x00, 0x65, 0x00, 0x72, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x54, 0x00, 0x72, 0x00, 0x61, 0x00, 0x79, 0x00,
+	0x46, 0x00, 0x6f, 0x00, 0x72, 0x00, 0x6d, 0x00, 0x4d, 0x00, 0x61, 0x00,
+	0x70, 0x00, 0x53, 0x00, 0x69, 0x00, 0x7a, 0x00, 0x65, 0x00, 0x00, 0x00,
+	0xd1, 0x00, 0x00, 0x00, 0x54, 0x00, 0x72, 0x00, 0x61, 0x00, 0x79, 0x00,
+	0x46, 0x00, 0x6f, 0x00, 0x72, 0x00, 0x6d, 0x00, 0x4d, 0x00, 0x61, 0x00,
+	0x70, 0x00, 0x00, 0x00, 0x41, 0x75, 0x74, 0x6f, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x4d, 0x61, 0x6e, 0x75, 0x61, 0x6c, 0x46, 0x65, 0x65, 0x64, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x54, 0x72, 0x61, 0x79, 0x31, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x54, 0x72, 0x61, 0x79, 0x32, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x54, 0x72, 0x61, 0x79, 0x33, 0x00, 0x00, 0x00, 0x00, 0x00, 0x54, 0x72,
+	0x61, 0x79, 0x34, 0x00, 0x00, 0x00, 0x00, 0x00, 0x54, 0x72, 0x61, 0x79,
+	0x35, 0x00, 0x00, 0x00, 0x00, 0x00, 0x54, 0x72, 0x61, 0x79, 0x36, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x54, 0x72, 0x61, 0x79, 0x37, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x54, 0x72, 0x61, 0x79, 0x38, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x54, 0x72, 0x61, 0x79, 0x39, 0x00, 0x00, 0x00, 0x00, 0x00, 0x54, 0x72,
+	0x61, 0x79, 0x45, 0x78, 0x74, 0x31, 0x00, 0x00, 0x00, 0x00, 0x00, 0x54,
+	0x72, 0x61, 0x79, 0x45, 0x78, 0x74, 0x32, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x54, 0x72, 0x61, 0x79, 0x45, 0x78, 0x74, 0x33, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x54, 0x72, 0x61, 0x79, 0x45, 0x78, 0x74, 0x34, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x54, 0x72, 0x61, 0x79, 0x45, 0x78, 0x74, 0x35, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x54, 0x72, 0x61, 0x79, 0x45, 0x78, 0x74, 0x36, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x45, 0x6e, 0x76, 0x46, 0x65, 0x65, 0x64, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x54, 0x00,
+	0x72, 0x00, 0x61, 0x00, 0x79, 0x00, 0x46, 0x00, 0x6f, 0x00, 0x72, 0x00,
+	0x6d, 0x00, 0x4b, 0x00, 0x65, 0x00, 0x79, 0x00, 0x77, 0x00, 0x6f, 0x00,
+	0x72, 0x00, 0x64, 0x00, 0x53, 0x00, 0x69, 0x00, 0x7a, 0x00, 0x65, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x39, 0x01, 0x00, 0x00, 0x54, 0x00, 0x72, 0x00,
+	0x61, 0x00, 0x79, 0x00, 0x46, 0x00, 0x6f, 0x00, 0x72, 0x00, 0x6d, 0x00,
+	0x4b, 0x00, 0x65, 0x00, 0x79, 0x00, 0x77, 0x00, 0x6f, 0x00, 0x72, 0x00,
+	0x64, 0x00, 0x00, 0x00, 0x41, 0x75, 0x74, 0x6f, 0x00, 0x4c, 0x45, 0x54,
+	0x54, 0x45, 0x52, 0x3a, 0x48, 0x50, 0x00, 0x4d, 0x61, 0x6e, 0x75, 0x61,
+	0x6c, 0x46, 0x65, 0x65, 0x64, 0x00, 0x4c, 0x45, 0x54, 0x54, 0x45, 0x52,
+	0x3a, 0x48, 0x50, 0x00, 0x54, 0x72, 0x61, 0x79, 0x31, 0x00, 0x4c, 0x45,
+	0x54, 0x54, 0x45, 0x52, 0x3a, 0x48, 0x50, 0x00, 0x54, 0x72, 0x61, 0x79,
+	0x32, 0x00, 0x4c, 0x45, 0x54, 0x54, 0x45, 0x52, 0x3a, 0x48, 0x50, 0x00,
+	0x54, 0x72, 0x61, 0x79, 0x33, 0x00, 0x4c, 0x45, 0x54, 0x54, 0x45, 0x52,
+	0x3a, 0x48, 0x50, 0x00, 0x54, 0x72, 0x61, 0x79, 0x34, 0x00, 0x4c, 0x45,
+	0x54, 0x54, 0x45, 0x52, 0x3a, 0x48, 0x50, 0x00, 0x54, 0x72, 0x61, 0x79,
+	0x35, 0x00, 0x4c, 0x45, 0x54, 0x54, 0x45, 0x52, 0x3a, 0x48, 0x50, 0x00,
+	0x54, 0x72, 0x61, 0x79, 0x36, 0x00, 0x4c, 0x45, 0x54, 0x54, 0x45, 0x52,
+	0x3a, 0x48, 0x50, 0x00, 0x54, 0x72, 0x61, 0x79, 0x37, 0x00, 0x4c, 0x45,
+	0x54, 0x54, 0x45, 0x52, 0x3a, 0x48, 0x50, 0x00, 0x54, 0x72, 0x61, 0x79,
+	0x38, 0x00, 0x4c, 0x45, 0x54, 0x54, 0x45, 0x52, 0x3a, 0x48, 0x50, 0x00,
+	0x54, 0x72, 0x61, 0x79, 0x39, 0x00, 0x4c, 0x45, 0x54, 0x54, 0x45, 0x52,
+	0x3a, 0x48, 0x50, 0x00, 0x54, 0x72, 0x61, 0x79, 0x45, 0x78, 0x74, 0x31,
+	0x00, 0x4c, 0x45, 0x54, 0x54, 0x45, 0x52, 0x3a, 0x48, 0x50, 0x00, 0x54,
+	0x72, 0x61, 0x79, 0x45, 0x78, 0x74, 0x32, 0x00, 0x4c, 0x45, 0x54, 0x54,
+	0x45, 0x52, 0x3a, 0x48, 0x50, 0x00, 0x54, 0x72, 0x61, 0x79, 0x45, 0x78,
+	0x74, 0x33, 0x00, 0x4c, 0x45, 0x54, 0x54, 0x45, 0x52, 0x3a, 0x48, 0x50,
+	0x00, 0x54, 0x72, 0x61, 0x79, 0x45, 0x78, 0x74, 0x34, 0x00, 0x4c, 0x45,
+	0x54, 0x54, 0x45, 0x52, 0x3a, 0x48, 0x50, 0x00, 0x54, 0x72, 0x61, 0x79,
+	0x45, 0x78, 0x74, 0x35, 0x00, 0x4c, 0x45, 0x54, 0x54, 0x45, 0x52, 0x3a,
+	0x48, 0x50, 0x00, 0x54, 0x72, 0x61, 0x79, 0x45, 0x78, 0x74, 0x36, 0x00,
+	0x4c, 0x45, 0x54, 0x54, 0x45, 0x52, 0x3a, 0x48, 0x50, 0x00, 0x45, 0x6e,
+	0x76, 0x46, 0x65, 0x65, 0x64, 0x00, 0x4c, 0x45, 0x54, 0x54, 0x45, 0x52,
+	0x3a, 0x48, 0x50, 0x00, 0x00, 0x00, 0x48, 0x00, 0x50, 0x00, 0x44, 0x00,
+	0x55, 0x00, 0x4d, 0x00, 0x4d, 0x00, 0x59, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x0c, 0x21, 0x00, 0x00, 0x19, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00
+};
+
+static const uint8_t enumprinterkey_in_data2[] = {
+  0x00, 0x00, 0x00, 0x00, 0x2a, 0xcc, 0x89, 0x90, 0x8a, 0xfc, 0xca, 0x4c,
+  0xa5, 0x44, 0xdc, 0x30, 0x10, 0x20, 0xd9, 0x8f, 0x01, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x53, 0x00,
+  0x00, 0x00, 0x00, 0x00
+};
+
+static const uint8_t enumprinterkey_out_data2[] = {
+  0x00, 0x00, 0x00, 0x00, 0x76, 0x00, 0x00, 0x00, 0xea, 0x00, 0x00, 0x00
+};
+
+static const uint8_t enumprinterkey_in_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x22, 0x5c, 0x46, 0xe5, 0x74, 0xa1, 0x9e, 0x46,
+  0x95, 0x80, 0x19, 0xf1, 0xaa, 0x63, 0xc9, 0x01, 0x01, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc9, 0x11,
+  0x00, 0x00, 0x00, 0x00
+};
+
+static const uint8_t enumprinterkey_out_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x00, 0x00, 0xea, 0x00, 0x00, 0x00
+};
+
+static const uint8_t FCPN_in_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x03, 0xfc, 0xcf, 0xe5, 0x98, 0xfd, 0x15, 0x4b,
+  0xba, 0x28, 0x03, 0x70, 0x74, 0x35, 0x8d, 0x14
+};
+
+static const uint8_t FCPN_out_data[] = {
+  0x00, 0x00, 0x00, 0x00
+};
+
+static const uint8_t replycloseprinter_in_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x60, 0xe4, 0xdf, 0x77, 0xb1, 0xbf, 0x43, 0x4f,
+  0xbf, 0xb4, 0x58, 0x5c, 0x44, 0xc6, 0x3e, 0x09
+};
+
+static const uint8_t replycloseprinter_out_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static const uint8_t getprinterdriverdir_in_data[] = {
+  0x00, 0x00, 0x02, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x5c, 0x00, 0x73, 0x00, 0x65, 0x00,
+  0x72, 0x00, 0x6e, 0x00, 0x6f, 0x00, 0x78, 0x00, 0x34, 0x00, 0x00, 0x00,
+  0x04, 0x00, 0x02, 0x00, 0x0f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x0f, 0x00, 0x00, 0x00, 0x57, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x64, 0x00,
+  0x6f, 0x00, 0x77, 0x00, 0x73, 0x00, 0x20, 0x00, 0x4e, 0x00, 0x54, 0x00,
+  0x20, 0x00, 0x78, 0x00, 0x38, 0x00, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, 0x08, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x18, 0xac, 0x26, 0x00, 0x7f, 0xde, 0x15, 0x5f,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x69, 0x4d, 0x88, 0x7f, 0x94, 0xd2, 0xa9, 0x01,
+  0xdb, 0xe4, 0x15, 0x5f, 0x01, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00,
+  0xfc, 0xd2, 0xa9, 0x01, 0x7f, 0xe5, 0x15, 0x5f, 0xfc, 0xdb, 0xa9, 0x01,
+  0x18, 0xac, 0x26, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x14, 0x01, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0xce, 0x0e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0xe8, 0xd2, 0xa9, 0x01, 0x00, 0x00, 0x00, 0x00, 0x97, 0x7c, 0xf3, 0x77,
+  0x40, 0x9e, 0x0a, 0x00, 0xe1, 0x67, 0xf3, 0x77, 0x18, 0x07, 0x08, 0x00,
+  0xf9, 0x67, 0xf3, 0x77, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x48, 0x9e, 0x0a, 0x00, 0x18, 0x00, 0x00, 0x00,
+  0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00,
+  0x98, 0xd0, 0xa9, 0x01, 0x00, 0x00, 0x00, 0x00, 0xe8, 0xd2, 0xa9, 0x01,
+  0x34, 0x5a, 0xf3, 0x77, 0x70, 0x95, 0xf7, 0x77, 0xff, 0xff, 0xff, 0xff,
+  0xf3, 0x73, 0xf3, 0x77, 0x08, 0x02, 0x00, 0x00
+};
+
+static const uint8_t getprinterdriverdir_out_data[] = {
+  0x04, 0x00, 0x00, 0x00, 0x08, 0x02, 0x00, 0x00, 0x5c, 0x00, 0x5c, 0x00,
+  0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x6e, 0x00, 0x6f, 0x00, 0x78, 0x00,
+  0x34, 0x00, 0x5c, 0x00, 0x70, 0x00, 0x72, 0x00, 0x69, 0x00, 0x6e, 0x00,
+  0x74, 0x00, 0x24, 0x00, 0x5c, 0x00, 0x57, 0x00, 0x33, 0x00, 0x32, 0x00,
+  0x58, 0x00, 0x38, 0x00, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static const uint8_t addprinterdriverex_in_data[] = {
+  0x00, 0x00, 0x02, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x0a, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x5c, 0x00, 0x73, 0x00, 0x65, 0x00,
+  0x72, 0x00, 0x6e, 0x00, 0x6f, 0x00, 0x78, 0x00, 0x34, 0x00, 0x00, 0x00,
+  0x06, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x04, 0x00, 0x02, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, 0x0c, 0x00, 0x02, 0x00,
+  0x10, 0x00, 0x02, 0x00, 0x14, 0x00, 0x02, 0x00, 0x18, 0x00, 0x02, 0x00,
+  0x1c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x20, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x24, 0x00, 0x02, 0x00, 0x00, 0x40, 0x2a, 0x7c, 0xdd, 0x68, 0xc2, 0x01,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xce, 0x0e, 0x02, 0x00, 0x05, 0x00,
+  0x28, 0x00, 0x02, 0x00, 0x2c, 0x00, 0x02, 0x00, 0x30, 0x00, 0x02, 0x00,
+  0x34, 0x00, 0x02, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x20, 0x00, 0x00, 0x00, 0x48, 0x00, 0x65, 0x00, 0x77, 0x00, 0x6c, 0x00,
+  0x65, 0x00, 0x74, 0x00, 0x74, 0x00, 0x2d, 0x00, 0x50, 0x00, 0x61, 0x00,
+  0x63, 0x00, 0x6b, 0x00, 0x61, 0x00, 0x72, 0x00, 0x64, 0x00, 0x20, 0x00,
+  0x48, 0x00, 0x50, 0x00, 0x2d, 0x00, 0x47, 0x00, 0x4c, 0x00, 0x2f, 0x00,
+  0x32, 0x00, 0x20, 0x00, 0x50, 0x00, 0x6c, 0x00, 0x6f, 0x00, 0x74, 0x00,
+  0x74, 0x00, 0x65, 0x00, 0x72, 0x00, 0x00, 0x00, 0x0f, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x0f, 0x00, 0x00, 0x00, 0x57, 0x00, 0x69, 0x00,
+  0x6e, 0x00, 0x64, 0x00, 0x6f, 0x00, 0x77, 0x00, 0x73, 0x00, 0x20, 0x00,
+  0x4e, 0x00, 0x54, 0x00, 0x20, 0x00, 0x78, 0x00, 0x38, 0x00, 0x36, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x2d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x2d, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x5c, 0x00, 0x73, 0x00, 0x65, 0x00,
+  0x72, 0x00, 0x6e, 0x00, 0x6f, 0x00, 0x78, 0x00, 0x34, 0x00, 0x5c, 0x00,
+  0x70, 0x00, 0x72, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x74, 0x00, 0x24, 0x00,
+  0x5c, 0x00, 0x57, 0x00, 0x33, 0x00, 0x32, 0x00, 0x58, 0x00, 0x38, 0x00,
+  0x36, 0x00, 0x5c, 0x00, 0x34, 0x00, 0x30, 0x00, 0x34, 0x00, 0x30, 0x00,
+  0x33, 0x00, 0x31, 0x00, 0x31, 0x00, 0x36, 0x00, 0x5c, 0x00, 0x50, 0x00,
+  0x4c, 0x00, 0x4f, 0x00, 0x54, 0x00, 0x54, 0x00, 0x45, 0x00, 0x52, 0x00,
+  0x2e, 0x00, 0x44, 0x00, 0x4c, 0x00, 0x4c, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x2e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2e, 0x00, 0x00, 0x00,
+  0x5c, 0x00, 0x5c, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x6e, 0x00,
+  0x6f, 0x00, 0x78, 0x00, 0x34, 0x00, 0x5c, 0x00, 0x70, 0x00, 0x72, 0x00,
+  0x69, 0x00, 0x6e, 0x00, 0x74, 0x00, 0x24, 0x00, 0x5c, 0x00, 0x57, 0x00,
+  0x33, 0x00, 0x32, 0x00, 0x58, 0x00, 0x38, 0x00, 0x36, 0x00, 0x5c, 0x00,
+  0x34, 0x00, 0x30, 0x00, 0x34, 0x00, 0x30, 0x00, 0x33, 0x00, 0x31, 0x00,
+  0x31, 0x00, 0x36, 0x00, 0x5c, 0x00, 0x48, 0x00, 0x50, 0x00, 0x47, 0x00,
+  0x4c, 0x00, 0x32, 0x00, 0x50, 0x00, 0x45, 0x00, 0x4e, 0x00, 0x2e, 0x00,
+  0x50, 0x00, 0x43, 0x00, 0x44, 0x00, 0x00, 0x00, 0x2c, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x2c, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x5c, 0x00,
+  0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x6e, 0x00, 0x6f, 0x00, 0x78, 0x00,
+  0x34, 0x00, 0x5c, 0x00, 0x70, 0x00, 0x72, 0x00, 0x69, 0x00, 0x6e, 0x00,
+  0x74, 0x00, 0x24, 0x00, 0x5c, 0x00, 0x57, 0x00, 0x33, 0x00, 0x32, 0x00,
+  0x58, 0x00, 0x38, 0x00, 0x36, 0x00, 0x5c, 0x00, 0x34, 0x00, 0x30, 0x00,
+  0x34, 0x00, 0x30, 0x00, 0x33, 0x00, 0x31, 0x00, 0x31, 0x00, 0x36, 0x00,
+  0x5c, 0x00, 0x50, 0x00, 0x4c, 0x00, 0x4f, 0x00, 0x54, 0x00, 0x55, 0x00,
+  0x49, 0x00, 0x2e, 0x00, 0x44, 0x00, 0x4c, 0x00, 0x4c, 0x00, 0x00, 0x00,
+  0x2c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2c, 0x00, 0x00, 0x00,
+  0x5c, 0x00, 0x5c, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x6e, 0x00,
+  0x6f, 0x00, 0x78, 0x00, 0x34, 0x00, 0x5c, 0x00, 0x70, 0x00, 0x72, 0x00,
+  0x69, 0x00, 0x6e, 0x00, 0x74, 0x00, 0x24, 0x00, 0x5c, 0x00, 0x57, 0x00,
+  0x33, 0x00, 0x32, 0x00, 0x58, 0x00, 0x38, 0x00, 0x36, 0x00, 0x5c, 0x00,
+  0x34, 0x00, 0x30, 0x00, 0x34, 0x00, 0x30, 0x00, 0x33, 0x00, 0x31, 0x00,
+  0x31, 0x00, 0x36, 0x00, 0x5c, 0x00, 0x50, 0x00, 0x4c, 0x00, 0x4f, 0x00,
+  0x54, 0x00, 0x55, 0x00, 0x49, 0x00, 0x2e, 0x00, 0x48, 0x00, 0x4c, 0x00,
+  0x50, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x48, 0x00, 0x50, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x41, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x41, 0x00, 0x00, 0x00, 0x68, 0x00, 0x74, 0x00, 0x74, 0x00, 0x70, 0x00,
+  0x3a, 0x00, 0x2f, 0x00, 0x2f, 0x00, 0x67, 0x00, 0x6f, 0x00, 0x2e, 0x00,
+  0x6d, 0x00, 0x69, 0x00, 0x63, 0x00, 0x72, 0x00, 0x6f, 0x00, 0x73, 0x00,
+  0x6f, 0x00, 0x66, 0x00, 0x74, 0x00, 0x2e, 0x00, 0x63, 0x00, 0x6f, 0x00,
+  0x6d, 0x00, 0x2f, 0x00, 0x66, 0x00, 0x77, 0x00, 0x6c, 0x00, 0x69, 0x00,
+  0x6e, 0x00, 0x6b, 0x00, 0x2f, 0x00, 0x3f, 0x00, 0x4c, 0x00, 0x69, 0x00,
+  0x6e, 0x00, 0x6b, 0x00, 0x49, 0x00, 0x44, 0x00, 0x3d, 0x00, 0x33, 0x00,
+  0x37, 0x00, 0x26, 0x00, 0x70, 0x00, 0x72, 0x00, 0x64, 0x00, 0x3d, 0x00,
+  0x31, 0x00, 0x30, 0x00, 0x37, 0x00, 0x39, 0x00, 0x38, 0x00, 0x26, 0x00,
+  0x73, 0x00, 0x62, 0x00, 0x70, 0x00, 0x3d, 0x00, 0x50, 0x00, 0x72, 0x00,
+  0x69, 0x00, 0x6e, 0x00, 0x74, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x19, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x19, 0x00, 0x00, 0x00, 0x68, 0x00, 0x70, 0x00, 0x68, 0x00, 0x65, 0x00,
+  0x77, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x74, 0x00, 0x74, 0x00, 0x2d, 0x00,
+  0x70, 0x00, 0x61, 0x00, 0x63, 0x00, 0x6b, 0x00, 0x61, 0x00, 0x72, 0x00,
+  0x64, 0x00, 0x5f, 0x00, 0x68, 0x00, 0x70, 0x00, 0x37, 0x00, 0x33, 0x00,
+  0x31, 0x00, 0x39, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x4d, 0x00, 0x69, 0x00,
+  0x63, 0x00, 0x72, 0x00, 0x6f, 0x00, 0x73, 0x00, 0x6f, 0x00, 0x66, 0x00,
+  0x74, 0x00, 0x00, 0x00, 0x18, 0x00, 0x01, 0x00
+};
+
+static const uint8_t getprinterdriver2_in_data[] = {
+	0x00, 0x00, 0x00, 0x00, 0x80, 0x74, 0xc9, 0xc0, 0x9f, 0x5f, 0x6f, 0x46,
+	0xbb, 0x14, 0x48, 0xe6, 0xb6, 0xa8, 0x47, 0x40, 0x00, 0x00, 0x02, 0x00,
+	0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00,
+	0x57, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x64, 0x00, 0x6f, 0x00, 0x77, 0x00,
+	0x73, 0x00, 0x20, 0x00, 0x78, 0x00, 0x36, 0x00, 0x34, 0x00, 0x00, 0x00,
+	0x06, 0x00, 0x00, 0x00, 0x04, 0x00, 0x02, 0x00, 0x88, 0x04, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x88, 0x04, 0x00, 0x00,
+	0x03, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00
+};
+
+static bool getprinterdriver2_in_check(struct torture_context *tctx,
+				       struct spoolss_GetPrinterDriver2 *r)
+{
+	torture_assert_str_equal(tctx, r->in.architecture, "Windows x64", "architecture");
+	torture_assert_int_equal(tctx, r->in.level, 6, "level");
+	torture_assert_int_equal(tctx, r->in.offered, 1160, "offered");
+	torture_assert_int_equal(tctx, r->in.client_major_version, 3, "client_major_version");
+	torture_assert_int_equal(tctx, r->in.client_minor_version, 2, "client_minor_version");
+
+	return true;
+}
+
+static const uint8_t getprinterdriver2_out_data[] = {
+	0x00, 0x00, 0x02, 0x00, 0x88, 0x04, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00,
+	0x58, 0x04, 0x00, 0x00, 0x40, 0x04, 0x00, 0x00, 0xf4, 0x03, 0x00, 0x00,
+	0xa8, 0x03, 0x00, 0x00, 0x62, 0x03, 0x00, 0x00, 0x18, 0x03, 0x00, 0x00,
+	0x8c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x8c, 0xa3, 0xc5, 0x94, 0xc6, 0x01,
+	0x00, 0x00, 0x00, 0x00, 0x01, 0x40, 0xb0, 0x1d, 0x01, 0x00, 0x06, 0x00,
+	0x0c, 0x03, 0x00, 0x00, 0x8a, 0x02, 0x00, 0x00, 0x58, 0x02, 0x00, 0x00,
+	0x4c, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x80, 0x8c, 0xa3, 0xc5, 0x94, 0xc6, 0x01, 0x01, 0x40, 0xb0, 0x1d,
+	0x01, 0x00, 0x06, 0x00, 0x0c, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x8a, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x58, 0x02, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x4c, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x5c, 0x00, 0x52, 0x00, 0x48, 0x00,
+	0x2d, 0x00, 0x57, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x38, 0x00, 0x52, 0x00,
+	0x32, 0x00, 0x5c, 0x00, 0x70, 0x00, 0x72, 0x00, 0x69, 0x00, 0x6e, 0x00,
+	0x74, 0x00, 0x24, 0x00, 0x5c, 0x00, 0x78, 0x00, 0x36, 0x00, 0x34, 0x00,
+	0x5c, 0x00, 0x33, 0x00, 0x5c, 0x00, 0x50, 0x00, 0x53, 0x00, 0x43, 0x00,
+	0x52, 0x00, 0x49, 0x00, 0x50, 0x00, 0x54, 0x00, 0x2e, 0x00, 0x4e, 0x00,
+	0x54, 0x00, 0x46, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x5c, 0x00, 0x52, 0x00,
+	0x48, 0x00, 0x2d, 0x00, 0x57, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x38, 0x00,
+	0x52, 0x00, 0x32, 0x00, 0x5c, 0x00, 0x70, 0x00, 0x72, 0x00, 0x69, 0x00,
+	0x6e, 0x00, 0x74, 0x00, 0x24, 0x00, 0x5c, 0x00, 0x78, 0x00, 0x36, 0x00,
+	0x34, 0x00, 0x5c, 0x00, 0x33, 0x00, 0x5c, 0x00, 0x50, 0x00, 0x53, 0x00,
+	0x5f, 0x00, 0x53, 0x00, 0x43, 0x00, 0x48, 0x00, 0x4d, 0x00, 0x2e, 0x00,
+	0x47, 0x00, 0x44, 0x00, 0x4c, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x5c, 0x00,
+	0x52, 0x00, 0x48, 0x00, 0x2d, 0x00, 0x57, 0x00, 0x32, 0x00, 0x4b, 0x00,
+	0x38, 0x00, 0x52, 0x00, 0x32, 0x00, 0x5c, 0x00, 0x70, 0x00, 0x72, 0x00,
+	0x69, 0x00, 0x6e, 0x00, 0x74, 0x00, 0x24, 0x00, 0x5c, 0x00, 0x78, 0x00,
+	0x36, 0x00, 0x34, 0x00, 0x5c, 0x00, 0x33, 0x00, 0x5c, 0x00, 0x52, 0x00,
+	0x49, 0x00, 0x43, 0x00, 0x4f, 0x00, 0x48, 0x00, 0x50, 0x00, 0x53, 0x00,
+	0x37, 0x00, 0x2e, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x49, 0x00, 0x00, 0x00,
+	0x5c, 0x00, 0x5c, 0x00, 0x52, 0x00, 0x48, 0x00, 0x2d, 0x00, 0x57, 0x00,
+	0x32, 0x00, 0x4b, 0x00, 0x38, 0x00, 0x52, 0x00, 0x32, 0x00, 0x5c, 0x00,
+	0x70, 0x00, 0x72, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x74, 0x00, 0x24, 0x00,
+	0x5c, 0x00, 0x78, 0x00, 0x36, 0x00, 0x34, 0x00, 0x5c, 0x00, 0x33, 0x00,
+	0x5c, 0x00, 0x52, 0x00, 0x49, 0x00, 0x50, 0x00, 0x53, 0x00, 0x55, 0x00,
+	0x49, 0x00, 0x37, 0x00, 0x2e, 0x00, 0x44, 0x00, 0x4c, 0x00, 0x4c, 0x00,
+	0x00, 0x00, 0x5c, 0x00, 0x5c, 0x00, 0x52, 0x00, 0x48, 0x00, 0x2d, 0x00,
+	0x57, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x38, 0x00, 0x52, 0x00, 0x32, 0x00,
+	0x5c, 0x00, 0x70, 0x00, 0x72, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x74, 0x00,
+	0x24, 0x00, 0x5c, 0x00, 0x78, 0x00, 0x36, 0x00, 0x34, 0x00, 0x5c, 0x00,
+	0x33, 0x00, 0x5c, 0x00, 0x52, 0x00, 0x49, 0x00, 0x50, 0x00, 0x53, 0x00,
+	0x52, 0x00, 0x45, 0x00, 0x53, 0x00, 0x37, 0x00, 0x2e, 0x00, 0x44, 0x00,
+	0x4c, 0x00, 0x4c, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x5c, 0x00, 0x52, 0x00,
+	0x48, 0x00, 0x2d, 0x00, 0x57, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x38, 0x00,
+	0x52, 0x00, 0x32, 0x00, 0x5c, 0x00, 0x70, 0x00, 0x72, 0x00, 0x69, 0x00,
+	0x6e, 0x00, 0x74, 0x00, 0x24, 0x00, 0x5c, 0x00, 0x78, 0x00, 0x36, 0x00,
+	0x34, 0x00, 0x5c, 0x00, 0x33, 0x00, 0x5c, 0x00, 0x52, 0x00, 0x49, 0x00,
+	0x43, 0x00, 0x46, 0x00, 0x47, 0x00, 0x37, 0x00, 0x2e, 0x00, 0x58, 0x00,
+	0x4d, 0x00, 0x4c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x52, 0x00, 0x69, 0x00,
+	0x63, 0x00, 0x6f, 0x00, 0x68, 0x00, 0x00, 0x00, 0x72, 0x00, 0x69, 0x00,
+	0x63, 0x00, 0x6f, 0x00, 0x68, 0x00, 0x72, 0x00, 0x69, 0x00, 0x63, 0x00,
+	0x6f, 0x00, 0x68, 0x00, 0x5f, 0x00, 0x61, 0x00, 0x66, 0x00, 0x69, 0x00,
+	0x63, 0x00, 0x69, 0x00, 0x6f, 0x00, 0x5f, 0x00, 0x6d, 0x00, 0x70, 0x00,
+	0x35, 0x00, 0x30, 0x00, 0x36, 0x00, 0x33, 0x00, 0x00, 0x00, 0x68, 0x00,
+	0x74, 0x00, 0x74, 0x00, 0x70, 0x00, 0x3a, 0x00, 0x2f, 0x00, 0x2f, 0x00,
+	0x67, 0x00, 0x6f, 0x00, 0x2e, 0x00, 0x6d, 0x00, 0x69, 0x00, 0x63, 0x00,
+	0x72, 0x00, 0x6f, 0x00, 0x73, 0x00, 0x6f, 0x00, 0x66, 0x00, 0x74, 0x00,
+	0x2e, 0x00, 0x63, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x2f, 0x00, 0x66, 0x00,
+	0x77, 0x00, 0x6c, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x6b, 0x00, 0x2f, 0x00,
+	0x3f, 0x00, 0x4c, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x6b, 0x00, 0x49, 0x00,
+	0x44, 0x00, 0x3d, 0x00, 0x34, 0x00, 0x37, 0x00, 0x26, 0x00, 0x70, 0x00,
+	0x72, 0x00, 0x64, 0x00, 0x3d, 0x00, 0x31, 0x00, 0x30, 0x00, 0x37, 0x00,
+	0x39, 0x00, 0x38, 0x00, 0x26, 0x00, 0x73, 0x00, 0x62, 0x00, 0x70, 0x00,
+	0x3d, 0x00, 0x50, 0x00, 0x72, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x74, 0x00,
+	0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x00, 0x00, 0x52, 0x00, 0x69, 0x00,
+	0x63, 0x00, 0x6f, 0x00, 0x68, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x5c, 0x00,
+	0x52, 0x00, 0x48, 0x00, 0x2d, 0x00, 0x57, 0x00, 0x32, 0x00, 0x4b, 0x00,
+	0x38, 0x00, 0x52, 0x00, 0x32, 0x00, 0x5c, 0x00, 0x70, 0x00, 0x72, 0x00,
+	0x69, 0x00, 0x6e, 0x00, 0x74, 0x00, 0x24, 0x00, 0x5c, 0x00, 0x78, 0x00,
+	0x36, 0x00, 0x34, 0x00, 0x5c, 0x00, 0x33, 0x00, 0x5c, 0x00, 0x50, 0x00,
+	0x53, 0x00, 0x43, 0x00, 0x52, 0x00, 0x49, 0x00, 0x50, 0x00, 0x54, 0x00,
+	0x2e, 0x00, 0x48, 0x00, 0x4c, 0x00, 0x50, 0x00, 0x00, 0x00, 0x5c, 0x00,
+	0x5c, 0x00, 0x52, 0x00, 0x48, 0x00, 0x2d, 0x00, 0x57, 0x00, 0x32, 0x00,
+	0x4b, 0x00, 0x38, 0x00, 0x52, 0x00, 0x32, 0x00, 0x5c, 0x00, 0x70, 0x00,
+	0x72, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x74, 0x00, 0x24, 0x00, 0x5c, 0x00,
+	0x78, 0x00, 0x36, 0x00, 0x34, 0x00, 0x5c, 0x00, 0x33, 0x00, 0x5c, 0x00,
+	0x50, 0x00, 0x53, 0x00, 0x35, 0x00, 0x55, 0x00, 0x49, 0x00, 0x2e, 0x00,
+	0x44, 0x00, 0x4c, 0x00, 0x4c, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x5c, 0x00,
+	0x52, 0x00, 0x48, 0x00, 0x2d, 0x00, 0x57, 0x00, 0x32, 0x00, 0x4b, 0x00,
+	0x38, 0x00, 0x52, 0x00, 0x32, 0x00, 0x5c, 0x00, 0x70, 0x00, 0x72, 0x00,
+	0x69, 0x00, 0x6e, 0x00, 0x74, 0x00, 0x24, 0x00, 0x5c, 0x00, 0x78, 0x00,
+	0x36, 0x00, 0x34, 0x00, 0x5c, 0x00, 0x33, 0x00, 0x5c, 0x00, 0x52, 0x00,
+	0x49, 0x00, 0x31, 0x00, 0x34, 0x00, 0x30, 0x00, 0x33, 0x00, 0x45, 0x00,
+	0x33, 0x00, 0x2e, 0x00, 0x50, 0x00, 0x50, 0x00, 0x44, 0x00, 0x00, 0x00,
+	0x5c, 0x00, 0x5c, 0x00, 0x52, 0x00, 0x48, 0x00, 0x2d, 0x00, 0x57, 0x00,
+	0x32, 0x00, 0x4b, 0x00, 0x38, 0x00, 0x52, 0x00, 0x32, 0x00, 0x5c, 0x00,
+	0x70, 0x00, 0x72, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x74, 0x00, 0x24, 0x00,
+	0x5c, 0x00, 0x78, 0x00, 0x36, 0x00, 0x34, 0x00, 0x5c, 0x00, 0x33, 0x00,
+	0x5c, 0x00, 0x50, 0x00, 0x53, 0x00, 0x43, 0x00, 0x52, 0x00, 0x49, 0x00,
+	0x50, 0x00, 0x54, 0x00, 0x35, 0x00, 0x2e, 0x00, 0x44, 0x00, 0x4c, 0x00,
+	0x4c, 0x00, 0x00, 0x00, 0x57, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x64, 0x00,
+	0x6f, 0x00, 0x77, 0x00, 0x73, 0x00, 0x20, 0x00, 0x78, 0x00, 0x36, 0x00,
+	0x34, 0x00, 0x00, 0x00, 0x52, 0x00, 0x69, 0x00, 0x63, 0x00, 0x6f, 0x00,
+	0x68, 0x00, 0x20, 0x00, 0x41, 0x00, 0x66, 0x00, 0x69, 0x00, 0x63, 0x00,
+	0x69, 0x00, 0x6f, 0x00, 0x20, 0x00, 0x4d, 0x00, 0x50, 0x00, 0x20, 0x00,
+	0x35, 0x00, 0x30, 0x00, 0x30, 0x00, 0x30, 0x00, 0x20, 0x00, 0x50, 0x00,
+	0x53, 0x00, 0x00, 0x00, 0x88, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool getprinterdriver2_out_check(struct torture_context *tctx,
+					struct spoolss_GetPrinterDriver2 *r)
+{
+	torture_assert(tctx, r->out.info, "info");
+	torture_assert_int_equal(tctx, r->out.info->info6.version, SPOOLSS_DRIVER_VERSION_200X, "version");
+	torture_assert_str_equal(tctx, r->out.info->info6.driver_name, "Ricoh Aficio MP 5000 PS", "driver_name");
+	torture_assert_str_equal(tctx, r->out.info->info6.architecture, "Windows x64", "architecture");
+	torture_assert_str_equal(tctx, r->out.info->info6.driver_path, "\\\\RH-W2K8R2\\print$\\x64\\3\\PSCRIPT5.DLL", "driver_path");
+	torture_assert_str_equal(tctx, r->out.info->info6.data_file, "\\\\RH-W2K8R2\\print$\\x64\\3\\RI1403E3.PPD", "data_file");
+	torture_assert_str_equal(tctx, r->out.info->info6.config_file, "\\\\RH-W2K8R2\\print$\\x64\\3\\PS5UI.DLL", "config_file");
+	torture_assert_str_equal(tctx, r->out.info->info6.help_file, "\\\\RH-W2K8R2\\print$\\x64\\3\\PSCRIPT.HLP", "help_file");
+	torture_assert_str_equal(tctx, r->out.info->info6.help_file, "\\\\RH-W2K8R2\\print$\\x64\\3\\PSCRIPT.HLP", "help_file");
+	torture_assert_str_equal(tctx, r->out.info->info6.dependent_files[0], "\\\\RH-W2K8R2\\print$\\x64\\3\\PSCRIPT.NTF", "dependent_files[0]");
+	torture_assert_str_equal(tctx, r->out.info->info6.dependent_files[1], "\\\\RH-W2K8R2\\print$\\x64\\3\\PS_SCHM.GDL", "dependent_files[1]");
+	torture_assert_str_equal(tctx, r->out.info->info6.dependent_files[2], "\\\\RH-W2K8R2\\print$\\x64\\3\\RICOHPS7.INI", "dependent_files[2]");
+	torture_assert_str_equal(tctx, r->out.info->info6.dependent_files[3], "\\\\RH-W2K8R2\\print$\\x64\\3\\RIPSUI7.DLL", "dependent_files[3]");
+	torture_assert_str_equal(tctx, r->out.info->info6.dependent_files[4], "\\\\RH-W2K8R2\\print$\\x64\\3\\RIPSRES7.DLL", "dependent_files[4]");
+	torture_assert_str_equal(tctx, r->out.info->info6.dependent_files[5], "\\\\RH-W2K8R2\\print$\\x64\\3\\RICFG7.XML", "dependent_files[5]");
+	torture_assert(tctx, r->out.info->info6.monitor_name == NULL, "monitor_name");
+	torture_assert(tctx, r->out.info->info6.default_datatype == NULL, "default_datatype");
+	torture_assert(tctx, r->out.info->info6.previous_names == NULL, "previous_names");
+	/* driver_date              : Wed Jun 21 02:00:00 2006 CEST */
+	torture_assert_u64_equal(tctx, r->out.info->info6.driver_version, 0x000600011db04001ULL, "driver_version");
+	torture_assert_str_equal(tctx, r->out.info->info6.manufacturer_name, "Ricoh", "manufacturer_name");
+	torture_assert_str_equal(tctx, r->out.info->info6.manufacturer_url, "http://go.microsoft.com/fwlink/?LinkID=47&prd=10798&sbp=Printers", "manufacturer_url");
+	torture_assert_str_equal(tctx, r->out.info->info6.hardware_id, "ricohricoh_aficio_mp5063", "hardware_id");
+	torture_assert_str_equal(tctx, r->out.info->info6.provider, "Ricoh", "provider");
+	torture_assert_int_equal(tctx, *r->out.needed, 1160, "needed");
+	torture_assert_int_equal(tctx, *r->out.server_major_version, 0, "server_major_version");
+	torture_assert_int_equal(tctx, *r->out.server_minor_version, 0, "server_minor_version");
+	torture_assert_werr_ok(tctx, r->out.result, "result");
+
+	return true;
+}
+
+static const uint8_t openprinterex_64_req_data[] = {
+	0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x12, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x5c, 0x00,
+	0x31, 0x00, 0x39, 0x00, 0x32, 0x00, 0x2e, 0x00, 0x31, 0x00, 0x36, 0x00,
+	0x38, 0x00, 0x2e, 0x00, 0x33, 0x00, 0x2e, 0x00, 0x37, 0x00, 0x35, 0x00,
+	0x5c, 0x00, 0x68, 0x00, 0x70, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0xf0, 0x23, 0x00, 0x00,
+	0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00,
+	0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x57, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x38, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x53, 0x00, 0x41, 0x00, 0x4d, 0x00, 0x42, 0x00,
+	0x41, 0x00, 0x5c, 0x00, 0x41, 0x00, 0x64, 0x00, 0x6d, 0x00, 0x69, 0x00,
+	0x6e, 0x00, 0x69, 0x00, 0x73, 0x00, 0x74, 0x00, 0x72, 0x00, 0x61, 0x00,
+	0x74, 0x00, 0x6f, 0x00, 0x72, 0x00, 0x00, 0x00
+};
+
+static const uint8_t setprinter_64_req_data[] = {
+	0x00, 0x00, 0x00, 0x00, 0x13, 0xbe, 0x52, 0x2a, 0xe4, 0x67, 0xe8, 0x45,
+	0x8b, 0xb2, 0xd4, 0x15, 0x55, 0xff, 0xbf, 0xfc, 0x00, 0x00, 0x00, 0x00,
+	0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x02, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x0f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0f, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x5c, 0x00, 0x31, 0x00, 0x39, 0x00,
+	0x32, 0x00, 0x2e, 0x00, 0x31, 0x00, 0x36, 0x00, 0x38, 0x00, 0x2e, 0x00,
+	0x33, 0x00, 0x2e, 0x00, 0x37, 0x00, 0x35, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x38, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x38, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x5c, 0x00, 0x5c, 0x00, 0x31, 0x00, 0x39, 0x00, 0x32, 0x00, 0x2e, 0x00,
+	0x31, 0x00, 0x36, 0x00, 0x38, 0x00, 0x2e, 0x00, 0x33, 0x00, 0x2e, 0x00,
+	0x37, 0x00, 0x35, 0x00, 0x5c, 0x00, 0x48, 0x00, 0x50, 0x00, 0x20, 0x00,
+	0x43, 0x00, 0x6f, 0x00, 0x6c, 0x00, 0x6f, 0x00, 0x72, 0x00, 0x20, 0x00,
+	0x4c, 0x00, 0x61, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x4a, 0x00,
+	0x65, 0x00, 0x74, 0x00, 0x20, 0x00, 0x32, 0x00, 0x35, 0x00, 0x30, 0x00,
+	0x30, 0x00, 0x20, 0x00, 0x50, 0x00, 0x43, 0x00, 0x4c, 0x00, 0x36, 0x00,
+	0x20, 0x00, 0x43, 0x00, 0x6c, 0x00, 0x61, 0x00, 0x73, 0x00, 0x73, 0x00,
+	0x20, 0x00, 0x44, 0x00, 0x72, 0x00, 0x69, 0x00, 0x76, 0x00, 0x65, 0x00,
+	0x72, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x68, 0x00, 0x70, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x4c, 0x00, 0x50, 0x00, 0x54, 0x00, 0x31, 0x00, 0x3a, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x4d, 0x00, 0x69, 0x00, 0x63, 0x00, 0x72, 0x00,
+	0x6f, 0x00, 0x73, 0x00, 0x6f, 0x00, 0x66, 0x00, 0x74, 0x00, 0x20, 0x00,
+	0x65, 0x00, 0x6e, 0x00, 0x68, 0x00, 0x61, 0x00, 0x6e, 0x00, 0x63, 0x00,
+	0x65, 0x00, 0x64, 0x00, 0x20, 0x00, 0x50, 0x00, 0x6f, 0x00, 0x69, 0x00,
+	0x6e, 0x00, 0x74, 0x00, 0x20, 0x00, 0x61, 0x00, 0x6e, 0x00, 0x64, 0x00,
+	0x20, 0x00, 0x50, 0x00, 0x72, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x74, 0x00,
+	0x20, 0x00, 0x64, 0x00, 0x72, 0x00, 0x69, 0x00, 0x76, 0x00, 0x65, 0x00,
+	0x72, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x62, 0x00, 0x6c, 0x00,
+	0x61, 0x00, 0x20, 0x00, 0x62, 0x00, 0x6c, 0x00, 0x61, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x77, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x70, 0x00,
+	0x72, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x74, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x52, 0x00, 0x41, 0x00, 0x57, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static const uint8_t getcoreprinterdrivers_64_req_data[] = {
+	0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0f, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x0f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x5c, 0x00,
+	0x31, 0x00, 0x39, 0x00, 0x32, 0x00, 0x2e, 0x00, 0x31, 0x00, 0x36, 0x00,
+	0x38, 0x00, 0x2e, 0x00, 0x33, 0x00, 0x2e, 0x00, 0x34, 0x00, 0x38, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x57, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x64, 0x00,
+	0x6f, 0x00, 0x77, 0x00, 0x73, 0x00, 0x20, 0x00, 0x78, 0x00, 0x36, 0x00,
+	0x34, 0x00, 0x00, 0x00, 0x9d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x9d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, 0x00, 0x44, 0x00,
+	0x32, 0x00, 0x30, 0x00, 0x45, 0x00, 0x41, 0x00, 0x33, 0x00, 0x37, 0x00,
+	0x32, 0x00, 0x2d, 0x00, 0x44, 0x00, 0x44, 0x00, 0x33, 0x00, 0x35, 0x00,
+	0x2d, 0x00, 0x34, 0x00, 0x39, 0x00, 0x35, 0x00, 0x30, 0x00, 0x2d, 0x00,
+	0x39, 0x00, 0x45, 0x00, 0x44, 0x00, 0x38, 0x00, 0x2d, 0x00, 0x41, 0x00,
+	0x36, 0x00, 0x33, 0x00, 0x33, 0x00, 0x35, 0x00, 0x41, 0x00, 0x46, 0x00,
+	0x45, 0x00, 0x37, 0x00, 0x39, 0x00, 0x46, 0x00, 0x30, 0x00, 0x7d, 0x00,
+	0x00, 0x00, 0x7b, 0x00, 0x44, 0x00, 0x32, 0x00, 0x30, 0x00, 0x45, 0x00,
+	0x41, 0x00, 0x33, 0x00, 0x37, 0x00, 0x32, 0x00, 0x2d, 0x00, 0x44, 0x00,
+	0x44, 0x00, 0x33, 0x00, 0x35, 0x00, 0x2d, 0x00, 0x34, 0x00, 0x39, 0x00,
+	0x35, 0x00, 0x30, 0x00, 0x2d, 0x00, 0x39, 0x00, 0x45, 0x00, 0x44, 0x00,
+	0x38, 0x00, 0x2d, 0x00, 0x41, 0x00, 0x36, 0x00, 0x33, 0x00, 0x33, 0x00,
+	0x35, 0x00, 0x41, 0x00, 0x46, 0x00, 0x45, 0x00, 0x37, 0x00, 0x39, 0x00,
+	0x46, 0x00, 0x31, 0x00, 0x7d, 0x00, 0x00, 0x00, 0x7b, 0x00, 0x44, 0x00,
+	0x32, 0x00, 0x30, 0x00, 0x45, 0x00, 0x41, 0x00, 0x33, 0x00, 0x37, 0x00,
+	0x32, 0x00, 0x2d, 0x00, 0x44, 0x00, 0x44, 0x00, 0x33, 0x00, 0x35, 0x00,
+	0x2d, 0x00, 0x34, 0x00, 0x39, 0x00, 0x35, 0x00, 0x30, 0x00, 0x2d, 0x00,
+	0x39, 0x00, 0x45, 0x00, 0x44, 0x00, 0x38, 0x00, 0x2d, 0x00, 0x41, 0x00,
+	0x36, 0x00, 0x33, 0x00, 0x33, 0x00, 0x35, 0x00, 0x41, 0x00, 0x46, 0x00,
+	0x45, 0x00, 0x37, 0x00, 0x39, 0x00, 0x46, 0x00, 0x32, 0x00, 0x7d, 0x00,
+	0x00, 0x00, 0x7b, 0x00, 0x44, 0x00, 0x32, 0x00, 0x30, 0x00, 0x45, 0x00,
+	0x41, 0x00, 0x33, 0x00, 0x37, 0x00, 0x32, 0x00, 0x2d, 0x00, 0x44, 0x00,
+	0x44, 0x00, 0x33, 0x00, 0x35, 0x00, 0x2d, 0x00, 0x34, 0x00, 0x39, 0x00,
+	0x35, 0x00, 0x30, 0x00, 0x2d, 0x00, 0x39, 0x00, 0x45, 0x00, 0x44, 0x00,
+	0x38, 0x00, 0x2d, 0x00, 0x41, 0x00, 0x36, 0x00, 0x33, 0x00, 0x33, 0x00,
+	0x35, 0x00, 0x41, 0x00, 0x46, 0x00, 0x45, 0x00, 0x37, 0x00, 0x39, 0x00,
+	0x46, 0x00, 0x33, 0x00, 0x7d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x04, 0x00, 0x00, 0x00
+};
+
+static const uint8_t getcoreprinterdrivers_req_data[] = {
+	0x00, 0x00, 0x02, 0x00, 0x0e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x0e, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x5c, 0x00, 0x47, 0x00, 0x44, 0x00,
+	0x57, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x38, 0x00, 0x52, 0x00, 0x32, 0x00,
+	0x44, 0x00, 0x43, 0x00, 0x31, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x57, 0x00, 0x69, 0x00,
+	0x6e, 0x00, 0x64, 0x00, 0x6f, 0x00, 0x77, 0x00, 0x73, 0x00, 0x20, 0x00,
+	0x78, 0x00, 0x36, 0x00, 0x34, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x00, 0x00,
+	0x0e, 0x00, 0x00, 0x00, 0x63, 0x00, 0x3a, 0x00, 0x5c, 0x00, 0x6e, 0x00,
+	0x6f, 0x00, 0x6e, 0x00, 0x5c, 0x00, 0x73, 0x00, 0x65, 0x00, 0x6e, 0x00,
+	0x73, 0x00, 0x65, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+};
+
+static const uint8_t getcoreprinterdrivers_rep_data[] = {
+	0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x90, 0x04, 0x07, 0x80,
+};
+
+static const uint8_t getcoreprinterdrivers_req_data_unknown_guid[] = {
+	0x00, 0x00, 0x02, 0x00, 0x0e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x0e, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x5c, 0x00, 0x47, 0x00, 0x44, 0x00,
+	0x57, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x38, 0x00, 0x52, 0x00, 0x32, 0x00,
+	0x44, 0x00, 0x43, 0x00, 0x31, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x57, 0x00, 0x69, 0x00,
+	0x6e, 0x00, 0x64, 0x00, 0x6f, 0x00, 0x77, 0x00, 0x73, 0x00, 0x20, 0x00,
+	0x78, 0x00, 0x36, 0x00, 0x34, 0x00, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00,
+	0x28, 0x00, 0x00, 0x00, 0x7b, 0x00, 0x62, 0x00, 0x38, 0x00, 0x62, 0x00,
+	0x37, 0x00, 0x33, 0x00, 0x61, 0x00, 0x36, 0x00, 0x34, 0x00, 0x2d, 0x00,
+	0x65, 0x00, 0x35, 0x00, 0x66, 0x00, 0x65, 0x00, 0x2d, 0x00, 0x34, 0x00,
+	0x65, 0x00, 0x65, 0x00, 0x32, 0x00, 0x2d, 0x00, 0x61, 0x00, 0x62, 0x00,
+	0x61, 0x00, 0x65, 0x00, 0x2d, 0x00, 0x66, 0x00, 0x39, 0x00, 0x38, 0x00,
+	0x64, 0x00, 0x61, 0x00, 0x64, 0x00, 0x32, 0x00, 0x33, 0x00, 0x32, 0x00,
+	0x37, 0x00, 0x38, 0x00, 0x32, 0x00, 0x7d, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00
+};
+
+static const uint8_t getcoreprinterdrivers_rep_data_unknown_guid[] = {
+	0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x90, 0x04, 0x07, 0x80
+};
+
+static const uint8_t setjobnamedproperty_req_data[] = {
+	0x00, 0x00, 0x00, 0x00, 0x3d, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xff, 0x50, 0xdf, 0xe4, 0xce, 0x1a, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x02, 0x00, 0x14, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00, 0x53, 0x00, 0x70, 0x00,
+	0x6f, 0x00, 0x6f, 0x00, 0x6c, 0x00, 0x20, 0x00, 0x46, 0x00, 0x69, 0x00,
+	0x6c, 0x00, 0x65, 0x00, 0x20, 0x00, 0x43, 0x00, 0x6f, 0x00, 0x6e, 0x00,
+	0x74, 0x00, 0x65, 0x00, 0x6e, 0x00, 0x74, 0x00, 0x73, 0x00, 0x00, 0x00,
+	0x11, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x11, 0x00, 0x00, 0x00,
+	0x54, 0x00, 0x59, 0x00, 0x50, 0x00, 0x45, 0x00, 0x5f, 0x00, 0x50, 0x00,
+	0x44, 0x00, 0x4c, 0x00, 0x5f, 0x00, 0x55, 0x00, 0x4e, 0x00, 0x4b, 0x00,
+	0x4e, 0x00, 0x4f, 0x00, 0x57, 0x00, 0x4e, 0x00, 0x00, 0x00
+};
+
+static bool setjobnamedproperty_req_check(struct torture_context *tctx,
+					  struct spoolss_SetJobNamedProperty *r)
+{
+	/* FIXME hPrinter */
+	torture_assert_int_equal(tctx, r->in.JobId, 0x00000005, "JobId");
+	torture_assert(tctx, r->in.pProperty, "pProperty");
+	torture_assert_str_equal(tctx, r->in.pProperty->propertyName, SPLFILE_CONTENT_TYPE_PROP_NAME, "propertyName");
+	torture_assert_int_equal(tctx, r->in.pProperty->propertyValue.ePropertyType, kRpcPropertyTypeString, "ePropertyType");
+	torture_assert_str_equal(tctx, r->in.pProperty->propertyValue.value.propertyString, SPLFILE_CONTENT_TYPE_PDL_UNKNOWN, "propertyString");
+
+	return true;
+}
+
+static const uint8_t setprinter_level_3_xpsp3_req_data[] = {
+	0x00, 0x00, 0x00, 0x00, 0x3c, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x2b, 0x55, 0x94, 0xbe, 0x50, 0x28, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00,
+	0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x08, 0xd1, 0xe9, 0x06,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xb4, 0x00, 0x00, 0x00,
+	0x04, 0x00, 0x02, 0x00, 0xb4, 0x00, 0x00, 0x00, 0x01, 0x00, 0x04, 0x80,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x14, 0x00, 0x00, 0x00, 0x02, 0x00, 0xa0, 0x00, 0x06, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x18, 0x00, 0x0c, 0x00, 0x0f, 0x00, 0x01, 0x02, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x20, 0x02, 0x00, 0x00,
+	0x00, 0x09, 0x18, 0x00, 0x30, 0x00, 0x0f, 0x00, 0x01, 0x02, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x20, 0x02, 0x00, 0x00,
+	0x00, 0x00, 0x24, 0x00, 0x08, 0x00, 0x02, 0x00, 0x01, 0x05, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00, 0xa4, 0xc0, 0x7d, 0x3b,
+	0xcc, 0xce, 0x29, 0xa7, 0xd1, 0xc7, 0xe9, 0xd4, 0x50, 0x04, 0x00, 0x00,
+	0x00, 0x00, 0x18, 0x00, 0x0c, 0x00, 0x0f, 0x00, 0x01, 0x02, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x26, 0x02, 0x00, 0x00,
+	0x00, 0x09, 0x18, 0x00, 0x30, 0x00, 0x0f, 0x00, 0x01, 0x02, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x26, 0x02, 0x00, 0x00,
+	0x00, 0x00, 0x14, 0x00, 0x08, 0x00, 0x02, 0x00, 0x01, 0x01, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool setprinter_level_3_xpsp3_req_check(struct torture_context *tctx,
+					       struct spoolss_SetPrinter *r)
+{
+	struct GUID guid;
+
+	torture_assert_ntstatus_ok(tctx,
+		GUID_from_string("0000053c-0000-0000-2b55-94be50280000", &guid),
+		"failed to parse GUID");
+	torture_assert_int_equal(tctx, r->in.handle->handle_type, 0, "handle_type");
+	torture_assert_guid_equal(tctx, r->in.handle->uuid, guid, "handle.uuid");
+
+	torture_assert(tctx, r->in.info_ctr, "info_ctr");
+	torture_assert_int_equal(tctx, r->in.info_ctr->level, 3, "level");
+	torture_assert_int_equal(tctx, r->in.info_ctr->info.info3->sec_desc_ptr, 0x06e9d108, "sec_desc_ptr");
+
+	torture_assert(tctx, r->in.devmode_ctr, "devmode_ctr");
+	torture_assert_int_equal(tctx, r->in.devmode_ctr->_ndr_size, 0, "_ndr_size");
+	torture_assert(tctx, r->in.devmode_ctr->devmode == NULL, "devmode");
+
+	torture_assert(tctx, r->in.secdesc_ctr, "secdesc_ctr");
+	torture_assert_int_equal(tctx, r->in.secdesc_ctr->sd_size, 0x000000b4, "sd_size");
+	torture_assert_int_equal(tctx, r->in.secdesc_ctr->sd->revision, SECURITY_DESCRIPTOR_REVISION_1, "revision");
+	torture_assert_int_equal(tctx, r->in.secdesc_ctr->sd->type, 0x8004, "type");
+	torture_assert(tctx, r->in.secdesc_ctr->sd, "sd");
+	torture_assert(tctx, r->in.secdesc_ctr->sd->owner_sid == NULL, "owner_sid");
+	torture_assert(tctx, r->in.secdesc_ctr->sd->group_sid == NULL, "group_sid");
+	torture_assert(tctx, r->in.secdesc_ctr->sd->sacl == NULL, "sacl");
+	torture_assert(tctx, r->in.secdesc_ctr->sd->dacl, "dacl");
+
+	return true;
+}
+
+struct torture_suite *ndr_spoolss_suite(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "spoolss");
+
+	torture_suite_add_ndr_pull_fn_test(suite, spoolss_OpenPrinterEx, openprinterex_req_data, NDR_IN, NULL );
+	torture_suite_add_ndr_pull_fn_test(suite, spoolss_OpenPrinterEx, openprinterex_resp_data, NDR_OUT, NULL );
+	torture_suite_add_ndr_pull_fn_test(suite, winspool_AsyncOpenPrinter, openprinterex_req_data, NDR_IN, NULL);
+	torture_suite_add_ndr_pull_fn_test(suite, winspool_AsyncOpenPrinter, openprinterex_resp_data, NDR_OUT, NULL);
+
+	torture_suite_add_ndr_pull_fn_test(suite, spoolss_OpenPrinterEx, openprinterex_devmode_req_data, NDR_IN, NULL );
+	torture_suite_add_ndr_pull_fn_test(suite, winspool_AsyncOpenPrinter, openprinterex_devmode_req_data, NDR_IN, NULL);
+
+	torture_suite_add_ndr_pull_fn_test(suite, spoolss_ClosePrinter, closeprinter_req_data, NDR_IN, NULL );
+	torture_suite_add_ndr_pull_fn_test(suite, spoolss_ClosePrinter, closeprinter_resp_data, NDR_OUT, NULL );
+	torture_suite_add_ndr_pull_fn_test(suite, winspool_AsyncClosePrinter, closeprinter_req_data, NDR_IN, NULL);
+	torture_suite_add_ndr_pull_fn_test(suite, winspool_AsyncClosePrinter, closeprinter_resp_data, NDR_OUT, NULL);
+
+	torture_suite_add_ndr_pull_fn_test(suite, spoolss_GetPrinter, getprinter_req_data, NDR_IN, NULL );
+	torture_suite_add_ndr_pull_fn_test(suite, spoolss_GetPrinter, getprinter_resp_data, NDR_OUT, NULL );
+	torture_suite_add_ndr_pull_fn_test(suite, winspool_AsyncGetPrinter, getprinter_req_data, NDR_IN, NULL);
+	torture_suite_add_ndr_pull_fn_test(suite, winspool_AsyncGetPrinter, getprinter_resp_data, NDR_OUT, NULL);
+
+	torture_suite_add_ndr_pull_fn_test(suite, spoolss_GetPrinterData, getprinterdata_req_data, NDR_IN, NULL );
+	torture_suite_add_ndr_pull_io_test(suite, spoolss_GetPrinterData, getprinterdata_req_data, getprinterdata_resp_data, NULL );
+	torture_suite_add_ndr_pull_fn_test(suite, winspool_AsyncGetPrinterData, getprinterdata_req_data, NDR_IN, NULL);
+	torture_suite_add_ndr_pull_io_test(suite, winspool_AsyncGetPrinterData, getprinterdata_req_data, getprinterdata_resp_data, NULL);
+
+	torture_suite_add_ndr_pull_fn_test(suite, spoolss_ReplyOpenPrinter, replyopenprinter_req_data, NDR_IN, NULL );
+	torture_suite_add_ndr_pull_fn_test(suite, spoolss_ReplyOpenPrinter, replyopenprinter_resp_data, NDR_OUT, NULL );
+
+	torture_suite_add_ndr_pull_fn_test(suite, spoolss_ReplyClosePrinter, replycloseprinter_in_data, NDR_IN, NULL );
+	torture_suite_add_ndr_pull_fn_test(suite, spoolss_ReplyClosePrinter, replycloseprinter_out_data, NDR_OUT, NULL );
+
+	torture_suite_add_ndr_pull_fn_test(suite, spoolss_RemoteFindFirstPrinterChangeNotifyEx, RFFPCNEX_in_data, NDR_IN, NULL );
+	torture_suite_add_ndr_pull_fn_test(suite, spoolss_RemoteFindFirstPrinterChangeNotifyEx, RFFPCNEX_out_data, NDR_OUT, NULL );
+
+	torture_suite_add_ndr_pull_fn_test(suite, spoolss_RouterRefreshPrinterChangeNotify, RRPCN_in_data, NDR_IN, NULL );
+	torture_suite_add_ndr_pull_fn_test(suite, spoolss_RouterRefreshPrinterChangeNotify, RRPCN_out_data, NDR_OUT, NULL );
+
+	torture_suite_add_ndr_pull_fn_test(suite, spoolss_EnumForms, enumforms_in_data, NDR_IN, NULL );
+	torture_suite_add_ndr_pull_fn_test(suite, spoolss_EnumForms, enumforms_out_data, NDR_OUT, NULL );
+	torture_suite_add_ndr_pull_fn_test(suite, winspool_AsyncEnumForms, enumforms_in_data, NDR_IN, NULL);
+	torture_suite_add_ndr_pull_fn_test(suite, winspool_AsyncEnumForms, enumforms_out_data, NDR_OUT, NULL);
+
+	torture_suite_add_ndr_pull_fn_test(suite, spoolss_EnumPrinterDataEx, enumprinterdataex_in_data, NDR_IN, NULL );
+	torture_suite_add_ndr_pull_fn_test(suite, spoolss_EnumPrinterDataEx, enumprinterdataex_out_data, NDR_OUT, NULL );
+	torture_suite_add_ndr_pull_fn_test(suite, winspool_AsyncEnumPrinterDataEx, enumprinterdataex_in_data, NDR_IN, NULL);
+	torture_suite_add_ndr_pull_fn_test(suite, winspool_AsyncEnumPrinterDataEx, enumprinterdataex_out_data, NDR_OUT, NULL);
+
+	torture_suite_add_ndr_pull_io_test(suite, spoolss_EnumPrinterDataEx, enumprinterdataex_w2k8r2_in_data, enumprinterdataex_w2k8r2_out_data, NULL);
+	torture_suite_add_ndr_pull_io_test(suite, winspool_AsyncEnumPrinterDataEx, enumprinterdataex_w2k8r2_in_data, enumprinterdataex_w2k8r2_out_data, NULL);
+
+	torture_suite_add_ndr_pull_fn_test(suite, spoolss_EnumPrinterKey, enumprinterkey_in_data, NDR_IN, NULL );
+	torture_suite_add_ndr_pull_fn_test(suite, spoolss_EnumPrinterKey, enumprinterkey_out_data, NDR_OUT, NULL );
+	torture_suite_add_ndr_pull_fn_test(suite, winspool_AsyncEnumPrinterKey, enumprinterkey_in_data, NDR_IN, NULL);
+	torture_suite_add_ndr_pull_fn_test(suite, winspool_AsyncEnumPrinterKey, enumprinterkey_out_data, NDR_OUT, NULL);
+
+	torture_suite_add_ndr_pull_fn_test(suite, spoolss_EnumPrinterKey, enumprinterkey_in_data2, NDR_IN, NULL );
+	torture_suite_add_ndr_pull_fn_test(suite, spoolss_EnumPrinterKey, enumprinterkey_out_data2, NDR_OUT, NULL );
+	torture_suite_add_ndr_pull_fn_test(suite, winspool_AsyncEnumPrinterKey, enumprinterkey_in_data2, NDR_IN, NULL);
+	torture_suite_add_ndr_pull_fn_test(suite, winspool_AsyncEnumPrinterKey, enumprinterkey_out_data2, NDR_OUT, NULL);
+
+	torture_suite_add_ndr_pull_fn_test(suite, spoolss_FindClosePrinterNotify, FCPN_in_data, NDR_IN, NULL );
+	torture_suite_add_ndr_pull_fn_test(suite, spoolss_FindClosePrinterNotify, FCPN_out_data, NDR_OUT, NULL );
+
+	torture_suite_add_ndr_pull_fn_test(suite, spoolss_GetPrinterDriverDirectory, getprinterdriverdir_in_data, NDR_IN, NULL );
+	torture_suite_add_ndr_pull_io_test(suite, spoolss_GetPrinterDriverDirectory, getprinterdriverdir_in_data, getprinterdriverdir_out_data, NULL );
+	torture_suite_add_ndr_pull_fn_test(suite, winspool_AsyncGetPrinterDriverDirectory, getprinterdriverdir_in_data, NDR_IN, NULL);
+	torture_suite_add_ndr_pull_io_test(suite, winspool_AsyncGetPrinterDriverDirectory, getprinterdriverdir_in_data, getprinterdriverdir_out_data, NULL);
+
+	torture_suite_add_ndr_pull_fn_test(suite, spoolss_AddPrinterDriverEx, addprinterdriverex_in_data, NDR_IN, NULL );
+	torture_suite_add_ndr_pull_fn_test(suite, winspool_AsyncAddPrinterDriver, addprinterdriverex_in_data, NDR_IN, NULL);
+
+	torture_suite_add_ndr_pull_fn_test(suite, spoolss_GetPrinterDriver2, getprinterdriver2_in_data, NDR_IN, getprinterdriver2_in_check);
+	torture_suite_add_ndr_pull_fn_test(suite, winspool_AsyncGetPrinterDriver, getprinterdriver2_in_data, NDR_IN, NULL);
+	torture_suite_add_ndr_pull_io_test(suite, spoolss_GetPrinterDriver2, getprinterdriver2_in_data, getprinterdriver2_out_data, getprinterdriver2_out_check);
+	torture_suite_add_ndr_pull_io_test(suite, winspool_AsyncGetPrinterDriver, getprinterdriver2_in_data, getprinterdriver2_out_data, NULL);
+
+	torture_suite_add_ndr_pull_fn_test_flags(suite, spoolss_OpenPrinterEx, openprinterex_64_req_data, NDR_IN, LIBNDR_FLAG_NDR64, NULL);
+	torture_suite_add_ndr_pull_fn_test_flags(suite, winspool_AsyncOpenPrinter, openprinterex_64_req_data, NDR_IN, LIBNDR_FLAG_NDR64, NULL);
+
+	torture_suite_add_ndr_pull_fn_test_flags(suite, spoolss_SetPrinter, setprinter_64_req_data, NDR_IN, LIBNDR_FLAG_NDR64, NULL);
+	torture_suite_add_ndr_pull_fn_test_flags(suite, winspool_AsyncSetPrinter, setprinter_64_req_data, NDR_IN, LIBNDR_FLAG_NDR64, NULL);
+
+	torture_suite_add_ndr_pull_fn_test_flags(suite, spoolss_GetCorePrinterDrivers, getcoreprinterdrivers_64_req_data, NDR_IN, LIBNDR_FLAG_NDR64, NULL);
+	torture_suite_add_ndr_pull_fn_test_flags(suite, winspool_AsyncGetCorePrinterDrivers, getcoreprinterdrivers_64_req_data, NDR_IN, LIBNDR_FLAG_NDR64, NULL);
+
+	torture_suite_add_ndr_pull_fn_test(suite, spoolss_GetCorePrinterDrivers, getcoreprinterdrivers_req_data, NDR_IN, NULL);
+	torture_suite_add_ndr_pull_fn_test(suite, winspool_AsyncGetCorePrinterDrivers, getcoreprinterdrivers_req_data, NDR_IN, NULL);
+
+	torture_suite_add_ndr_pull_io_test(suite, spoolss_GetCorePrinterDrivers, getcoreprinterdrivers_req_data, getcoreprinterdrivers_rep_data, NULL);
+	torture_suite_add_ndr_pull_io_test(suite, winspool_AsyncGetCorePrinterDrivers, getcoreprinterdrivers_req_data, getcoreprinterdrivers_rep_data, NULL);
+
+	torture_suite_add_ndr_pull_fn_test(suite, spoolss_GetCorePrinterDrivers, getcoreprinterdrivers_req_data_unknown_guid, NDR_IN, NULL);
+	torture_suite_add_ndr_pull_fn_test(suite, winspool_AsyncGetCorePrinterDrivers, getcoreprinterdrivers_req_data_unknown_guid, NDR_IN, NULL);
+
+	torture_suite_add_ndr_pull_io_test(suite, spoolss_GetCorePrinterDrivers, getcoreprinterdrivers_req_data_unknown_guid, getcoreprinterdrivers_rep_data_unknown_guid, NULL);
+	torture_suite_add_ndr_pull_io_test(suite, winspool_AsyncGetCorePrinterDrivers, getcoreprinterdrivers_req_data_unknown_guid, getcoreprinterdrivers_rep_data_unknown_guid, NULL);
+
+	torture_suite_add_ndr_pull_fn_test(suite, spoolss_SetJobNamedProperty, setjobnamedproperty_req_data, NDR_IN, setjobnamedproperty_req_check);
+	torture_suite_add_ndr_pull_fn_test(suite, winspool_AsyncSetJobNamedProperty, setjobnamedproperty_req_data, NDR_IN, NULL);
+
+	torture_suite_add_ndr_pull_fn_test(suite, spoolss_SetPrinter, setprinter_level_3_xpsp3_req_data, NDR_IN, setprinter_level_3_xpsp3_req_check);
+	torture_suite_add_ndr_pull_fn_test(suite, winspool_AsyncSetPrinter, setprinter_level_3_xpsp3_req_data, NDR_IN, NULL);
+
+	return suite;
+}
diff --git a/source4/torture/ndr/string.c b/source4/torture/ndr/string.c
new file mode 100644
index 0000000..16d3fc3
--- /dev/null
+++ b/source4/torture/ndr/string.c
@@ -0,0 +1,223 @@
+#include "includes.h"
+#include "torture/ndr/ndr.h"
+#include "torture/ndr/proto.h"
+#include "../lib/util/dlinklist.h"
+#include "param/param.h"
+
+static const char *ascii = "ascii";
+/* the following is equivalent to "kamelåså öäüÿéèóò" in latin1 */
+static const char latin1[] = { 0x6b, 0x61, 0x6d, 0x65, 0x6c, 0xe5, 0x73,
+			       0xe5, 0x20, 0xF6, 0xE4, 0xFC, 0xFF, 0xE9,
+			       0xE8, 0xF3, 0xF2, 0x00 };
+/* the following is equivalent to "kamelåså ☺☺☺ öäüÿéèóò" in utf8 */
+static const char utf8[] = { 0x6b, 0x61, 0x6d, 0x65, 0x6c, 0xc3, 0xa5,
+			     0x73, 0xc3, 0xa5, 0x20, 0xE2, 0x98, 0xBA,
+			     0xE2, 0x98, 0xBA, 0xE2, 0x98, 0xBA, 0x20,
+			     0xc3, 0xb6, 0xc3, 0xa4, 0xc3, 0xbc, 0xc3,
+			     0xbf, 0xc3, 0xa9, 0xc3, 0xa8, 0xc3, 0xb3,
+			     0xc3, 0xb2, 0x00 };
+
+/* purely for convenience */
+static const libndr_flags fl_ascii_null = LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_NULLTERM;
+static const libndr_flags fl_ascii_noterm = LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_NOTERM|LIBNDR_FLAG_REMAINING;
+static const libndr_flags fl_utf8_null = LIBNDR_FLAG_STR_UTF8|LIBNDR_FLAG_STR_NULLTERM;
+static const libndr_flags fl_raw8_null = LIBNDR_FLAG_STR_RAW8|LIBNDR_FLAG_STR_NULLTERM;
+
+static bool
+test_ndr_push_string (struct torture_context *tctx, const char *string,
+                      libndr_flags flags, enum ndr_err_code exp_ndr_err,
+                      bool strcmp_pass)
+{
+	TALLOC_CTX *mem_ctx;
+	struct ndr_push *ndr;
+	enum ndr_err_code err;
+
+	torture_comment(tctx,
+                        "test_ndr_push_string %s flags 0x%"PRI_LIBNDR_FLAGS" expecting "
+	                "err 0x%x and strcmp %s\n", string, flags, exp_ndr_err,
+	                strcmp_pass?"pass":"fail");
+	if (exp_ndr_err != NDR_ERR_SUCCESS) {
+		torture_comment(tctx, "(ignore any Conversion error) ");
+	}
+
+	mem_ctx = talloc_named (NULL, 0, "test_ndr_push_string");
+	ndr = ndr_push_init_ctx(mem_ctx);
+	ndr_set_flags (&ndr->flags, flags);
+
+	err = ndr_push_string (ndr, NDR_SCALARS, string);
+	torture_assert_ndr_err_equal(tctx, err, exp_ndr_err,
+	               "ndr_push_string: unexpected return code");
+
+	if (exp_ndr_err == NDR_ERR_SUCCESS) {
+		uint32_t expected_offset = strlen(string);
+
+		if (flags & LIBNDR_FLAG_STR_NULLTERM) {
+			expected_offset += 1;
+		}
+
+		torture_assert_int_equal(tctx,
+					 ndr->offset, expected_offset,
+					 "ndr_push_string: invalid length");
+
+		torture_assert(tctx, ndr->data != NULL,
+		               "ndr_push_string: succeeded but NULL data");
+
+		torture_assert(tctx,
+			       strcmp_pass == !strcmp(string, (char *)ndr->data),
+		               "ndr_push_string: post-push strcmp");
+
+	}
+
+	talloc_free(mem_ctx);
+	return true;
+}
+
+static bool
+test_ndr_pull_string (struct torture_context *tctx, const char *string,
+                      libndr_flags flags, enum ndr_err_code exp_ndr_err,
+                      bool strcmp_pass)
+{
+	TALLOC_CTX *mem_ctx;
+	DATA_BLOB blob;
+	struct ndr_pull *ndr;
+	enum ndr_err_code err;
+	const char *result = NULL;
+
+	torture_comment(tctx,
+                        "test_ndr_pull_string '%s' flags 0x%"PRI_LIBNDR_FLAGS" expecting "
+	                "err 0x%x and strcmp %s\n", string, flags, exp_ndr_err,
+	                strcmp_pass?"pass":"fail");
+	if (exp_ndr_err != NDR_ERR_SUCCESS) {
+		torture_comment(tctx, "(ignore any Conversion error) ");
+	}
+
+	mem_ctx = talloc_named (NULL, 0, "test_ndr_pull_string");
+
+	blob = data_blob_string_const(string);
+	ndr = ndr_pull_init_blob(&blob, mem_ctx);
+	torture_assert(mem_ctx, ndr, "ndr init failed");
+	ndr_set_flags (&ndr->flags, flags);
+
+	err = ndr_pull_string (ndr, NDR_SCALARS, &result);
+	torture_assert_ndr_err_equal(tctx, err, exp_ndr_err,
+	               "ndr_pull_string: unexpected return code");
+
+	if (exp_ndr_err == NDR_ERR_SUCCESS) {
+		torture_assert(tctx, result != NULL,
+		               "ndr_pull_string: NULL data");
+		torture_assert(tctx, strcmp_pass == !strcmp(string, result),
+		               "ndr_pull_string: post-pull strcmp");
+		torture_assert(tctx, result != NULL,
+		               "ndr_pull_string succeeded but result NULL");
+	}
+
+	talloc_free(mem_ctx);
+	return true;
+}
+
+static bool
+torture_ndr_string(struct torture_context *torture)
+{
+	const char *saved_dos_cp = talloc_strdup(torture, lpcfg_dos_charset(torture->lp_ctx));
+
+	torture_assert(torture,
+	               test_ndr_push_string (torture, ascii, fl_ascii_null,
+	                                     NDR_ERR_SUCCESS, true),
+	               "test_ndr_push_string(ASCII, STR_ASCII|STR_NULL)");
+	torture_assert(torture,
+	               test_ndr_push_string (torture, ascii, fl_ascii_noterm,
+	                                     NDR_ERR_SUCCESS, true),
+	               "test_ndr_push_string(ASCII, STR_ASCII|STR_NOTERM|REMAINING)");
+	torture_assert(torture,
+	               test_ndr_push_string (torture, "", fl_ascii_null,
+	                                     NDR_ERR_SUCCESS, true),
+	               "test_ndr_push_string('', STR_ASCII|STR_NULL)");
+	torture_assert(torture,
+	               test_ndr_push_string (torture, "", fl_ascii_noterm,
+	                                     NDR_ERR_SUCCESS, true),
+	               "test_ndr_push_string('', STR_ASCII|STR_NOTERM|REMAINING)");
+	torture_assert(torture,
+	               test_ndr_push_string (torture, utf8, fl_utf8_null,
+	                                     NDR_ERR_SUCCESS, true),
+	               "test_ndr_push_string(UTF8, STR_UTF8|STR_NULL)");
+	torture_assert(torture,
+	               test_ndr_push_string (torture, utf8, fl_raw8_null,
+	                                     NDR_ERR_SUCCESS, true),
+	               "test_ndr_push_string(UTF8, STR_RAW8|STR_NULL)");
+	torture_assert(torture,
+	               test_ndr_push_string (torture, latin1, fl_raw8_null,
+	                                     NDR_ERR_SUCCESS, true),
+	               "test_ndr_push_string(LATIN1, STR_RAW8|STR_NULL)");
+	torture_assert(torture,
+	               test_ndr_push_string (torture, utf8, fl_ascii_null,
+	                                     NDR_ERR_CHARCNV, false),
+	               "test_ndr_push_string(UTF8, STR_ASCII|STR_NULL)");
+	torture_assert(torture,
+	               test_ndr_push_string (torture, latin1, fl_ascii_null,
+	                                     NDR_ERR_CHARCNV, false),
+	               "test_ndr_push_string(LATIN1, STR_ASCII|STR_NULL)");
+
+
+	torture_assert(torture,
+	               test_ndr_pull_string (torture, ascii, fl_ascii_null,
+	                                     NDR_ERR_SUCCESS, true),
+	               "test_ndr_pull_string(ASCII, STR_ASCII|STR_NULL)");
+	torture_assert(torture,
+	               test_ndr_pull_string (torture, utf8, fl_utf8_null,
+	                                     NDR_ERR_SUCCESS, true),
+	               "test_ndr_pull_string(UTF8, STR_UTF8|STR_NULL)");
+	torture_assert(torture,
+	               test_ndr_pull_string (torture, utf8, fl_raw8_null,
+	                                     NDR_ERR_SUCCESS, true),
+	               "test_ndr_pull_string(UTF8, STR_RAW8|STR_NULL)");
+	torture_assert(torture,
+	               test_ndr_pull_string (torture, latin1, fl_raw8_null,
+	                                     NDR_ERR_SUCCESS, true),
+	               "test_ndr_pull_string(LATIN1, STR_RAW8|STR_NULL)");
+
+	/* Depending on runtime config, the behavior of ndr_pull_string on
+	 * incorrect combinations of strings and flags (latin1 with ASCII
+	 * flags, for example) may differ; it may return NDR_ERR_CHARCNV, or
+	 * it may return NDR_ERR_SUCCESS but with a string that has been
+	 * mutilated, depending on the value of "dos charset".  We test for
+	 * both cases here. */
+
+	lpcfg_do_global_parameter(torture->lp_ctx, "dos charset", "ASCII");
+	reload_charcnv(torture->lp_ctx);
+
+	torture_assert(torture,
+	               test_ndr_pull_string (torture, latin1, fl_ascii_null,
+	                                     NDR_ERR_CHARCNV, false),
+	               "test_ndr_pull_string(LATIN1, STR_ASCII|STR_NULL)");
+	torture_assert(torture,
+	               test_ndr_pull_string (torture, utf8, fl_ascii_null,
+	                                     NDR_ERR_CHARCNV, false),
+	               "test_ndr_pull_string(UTF8, STR_ASCII|STR_NULL)");
+
+	lpcfg_do_global_parameter(torture->lp_ctx, "dos charset", "CP850");
+	reload_charcnv(torture->lp_ctx);
+
+	torture_assert(torture,
+	               test_ndr_pull_string (torture, latin1, fl_ascii_null,
+	                                     NDR_ERR_SUCCESS, false),
+	               "test_ndr_pull_string(LATIN1, STR_ASCII|STR_NULL)");
+	torture_assert(torture,
+	               test_ndr_pull_string (torture, utf8, fl_ascii_null,
+	                                     NDR_ERR_SUCCESS, false),
+	               "test_ndr_pull_string(UTF8, STR_ASCII|STR_NULL)");
+
+	lpcfg_do_global_parameter(torture->lp_ctx, "dos charset", saved_dos_cp);
+	reload_charcnv(torture->lp_ctx);
+
+	return true;
+}
+
+struct torture_suite *ndr_string_suite(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "ndr_string");
+
+	torture_suite_add_simple_test(suite, "ndr_string", torture_ndr_string);
+	suite->description = talloc_strdup(suite, "NDR - string-conversion focused push/pull tests");
+
+	return suite;
+}
diff --git a/source4/torture/ndr/svcctl.c b/source4/torture/ndr/svcctl.c
new file mode 100644
index 0000000..6592bed
--- /dev/null
+++ b/source4/torture/ndr/svcctl.c
@@ -0,0 +1,88 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for svcctl ndr operations
+
+   Copyright (C) Guenther Deschner 2020
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/ndr/ndr.h"
+#include "librpc/gen_ndr/ndr_svcctl.h"
+#include "torture/ndr/proto.h"
+#include "param/param.h"
+
+static const uint8_t svcctl_ChangeServiceConfigW_req_data[] = {
+	0x00, 0x00, 0x00, 0x00, 0xcd, 0x94, 0x05, 0x40, 0x30, 0x28, 0x00, 0x49,
+	0x8d, 0xe4, 0x8e, 0x85, 0xb7, 0x19, 0x5c, 0x83, 0x10, 0x01, 0x00, 0x00,
+	0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool svcctl_ChangeServiceConfigW_req_check(struct torture_context *tctx,
+						  struct svcctl_ChangeServiceConfigW *r)
+{
+	struct policy_handle handle = { 0 };
+	GUID_from_string("400594cd-2830-4900-8de4-8e85b7195c83", &handle.uuid);
+
+	torture_assert_guid_equal(tctx, r->in.handle->uuid, handle.uuid, "handle");
+	torture_assert_u32_equal(tctx, r->in.type, 0x00000110, "type");
+	torture_assert_u32_equal(tctx, r->in.start_type, SVCCTL_AUTO_START, "start_type");
+	torture_assert_u32_equal(tctx, r->in.error_control, SVCCTL_SVC_ERROR_NORMAL, "error_control");
+	torture_assert_str_equal(tctx, r->in.binary_path, NULL, "binary_path");
+	torture_assert_str_equal(tctx, r->in.load_order_group, NULL, "load_order_group");
+	torture_assert(tctx, r->in.tag_id == NULL, "tag_id");
+	torture_assert_str_equal(tctx, r->in.dependencies, NULL, "dependencies");
+	torture_assert_u32_equal(tctx, r->in.dwDependSize, 0, "dwDependSize");
+	torture_assert_str_equal(tctx, r->in.service_start_name, NULL, "service_start_name");
+	torture_assert_str_equal(tctx, r->in.password, NULL, "password");
+	torture_assert_u32_equal(tctx, r->in.dwPwSize, 0, "dwPwSize");
+	torture_assert_str_equal(tctx, r->in.display_name, NULL, "display_name");
+
+	return true;
+}
+
+static const uint8_t svcctl_ChangeServiceConfigW_rep_data[] = {
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool svcctl_ChangeServiceConfigW_rep_check(struct torture_context *tctx,
+						  struct svcctl_ChangeServiceConfigW *r)
+{
+	torture_assert(tctx, r->out.tag_id == NULL, "tag_id");
+	torture_assert_werr_ok(tctx, r->out.result, "result");
+
+	return true;
+}
+
+struct torture_suite *ndr_svcctl_suite(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "svcctl");
+
+	torture_suite_add_ndr_pull_fn_test(suite,
+					   svcctl_ChangeServiceConfigW,
+					   svcctl_ChangeServiceConfigW_req_data,
+					   NDR_IN,
+					   svcctl_ChangeServiceConfigW_req_check);
+
+	torture_suite_add_ndr_pull_fn_test(suite,
+					   svcctl_ChangeServiceConfigW,
+					   svcctl_ChangeServiceConfigW_rep_data,
+					   NDR_OUT,
+					   svcctl_ChangeServiceConfigW_rep_check);
+	return suite;
+}
diff --git a/source4/torture/ndr/winreg.c b/source4/torture/ndr/winreg.c
new file mode 100644
index 0000000..4eaff8d
--- /dev/null
+++ b/source4/torture/ndr/winreg.c
@@ -0,0 +1,620 @@
+/* 
+   Unix SMB/CIFS implementation.
+   test suite for winreg ndr operations
+
+   Copyright (C) Jelmer Vernooij 2007
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/ndr/ndr.h"
+#include "librpc/gen_ndr/ndr_winreg.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "libcli/security/security.h"
+#include "torture/ndr/proto.h"
+
+static const uint8_t closekey_in_data[] = { 
+        0x00, 0x00, 0x00, 0x00, 0x1d, 0xd8, 0xd7, 0xaa, 0x8d, 0x6c, 0x3f, 0x48, 
+        0xa7, 0x1e, 0x02, 0x6a, 0x47, 0xf6, 0x7b, 0xae
+};
+
+static bool closekey_in_check(struct torture_context *tctx, 
+								  struct winreg_CloseKey *ck)
+{
+	torture_assert(tctx, ck->in.handle != NULL, "handle invalid");
+	torture_assert_int_equal(tctx, ck->in.handle->handle_type, 0, "handle type");
+	return true;
+}
+
+const static uint8_t closekey_out_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool closekey_out_check(struct torture_context *tctx, 
+							   struct winreg_CloseKey *ck)
+{
+	torture_assert_int_equal(tctx, ck->out.handle->handle_type, 0, "handle type");
+	torture_assert_werr_ok(tctx, ck->out.result, "return code");
+	return true;
+}
+
+static const uint8_t OpenHKLM_In[] = {
+  0x01, 0x00, 0x00, 0x00, 0xe0, 0x84, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02
+};
+
+static bool openhklm_in_check(struct torture_context *tctx, 
+								  struct winreg_OpenHKLM *r)
+{
+	torture_assert(tctx, r->in.system_name != NULL, "system name pointer");
+	torture_assert_int_equal(tctx, *r->in.system_name, 34016, "system name");
+	torture_assert_int_equal(tctx, r->in.access_mask, 0x02000000, "access mask");
+	return true;
+}
+
+static const uint8_t openhklm_out_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0xb2, 0x64, 0xbc, 0xb3, 0x7f, 0x90, 0x29, 0x4a,
+  0xb4, 0xb3, 0x91, 0xe7, 0xe4, 0x4a, 0x58, 0xe3, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool openhklm_out_check(struct torture_context *tctx, 
+								  struct winreg_OpenHKLM *r)
+{
+	torture_assert(tctx, r->out.handle != NULL, "handle pointer");
+	torture_assert_int_equal(tctx, r->out.handle->handle_type, 0, "handle_type");
+	torture_assert_werr_ok(tctx, r->out.result, "return code");
+	return true;
+}
+
+static const uint8_t createkey_in_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0xb2, 0x64, 0xbc, 0xb3, 0x7f, 0x90, 0x29, 0x4a,
+  0xb4, 0xb3, 0x91, 0xe7, 0xe4, 0x4a, 0x58, 0xe3, 0x16, 0x00, 0x16, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x0b, 0x00, 0x00, 0x00, 0x73, 0x00, 0x70, 0x00, 0x6f, 0x00, 0x74, 0x00,
+  0x74, 0x00, 0x79, 0x00, 0x66, 0x00, 0x6f, 0x00, 0x6f, 0x00, 0x74, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00
+};
+
+static bool createkey_in_check(struct torture_context *tctx, 
+								  struct winreg_CreateKey *r)
+{
+	torture_assert_str_equal(tctx, r->in.name.name, "spottyfoot", "name");
+	torture_assert(tctx, r->in.keyclass.name == NULL, "keyclass");
+	torture_assert_int_equal(tctx, r->in.options, 0, "option");
+	torture_assert_int_equal(tctx, r->in.access_mask, 0x2000000, "access mask");
+	torture_assert(tctx, r->in.secdesc == NULL, "secdesc");
+	torture_assert(tctx, r->in.action_taken == NULL, "action_taken");
+
+	return true;
+}
+
+static const uint8_t createkey_out_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x57, 0x00, 0x00, 0x00
+};
+
+static bool createkey_out_check(struct torture_context *tctx, 
+								  struct winreg_CreateKey *r)
+{
+	torture_assert(tctx, GUID_all_zero(&r->out.new_handle->uuid), "new_handle");
+	torture_assert(tctx, r->out.action_taken == NULL, "action_taken pointer");
+	torture_assert_werr_equal(tctx, r->out.result, WERR_INVALID_PARAMETER,
+							  "return code");
+
+	return true;
+}
+
+static const uint8_t enumvalue_in_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0xae, 0x1a, 0xbd, 0xbe, 0xbb, 0x94, 0xce, 0x4e,
+  0xba, 0xcf, 0x56, 0xeb, 0xe5, 0xb3, 0x6c, 0xa3, 0x05, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x02, 0x01, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0xff, 0xff, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0xff, 0xff, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool enumvalue_in_check(struct torture_context *tctx, 
+								  struct winreg_EnumValue *r)
+{
+	torture_assert_int_equal(tctx, r->in.enum_index, 5, "enum index");
+	torture_assert(tctx, r->in.type != NULL, "type pointer");
+	torture_assert_int_equal(tctx, *r->in.type, 0, "type");
+	torture_assert_int_equal(tctx, *r->in.size, 65535, "size");
+	torture_assert_int_equal(tctx, *r->in.length, 0, "length");
+	torture_assert_int_equal(tctx, r->in.name->size, 512, "name size");
+	torture_assert_int_equal(tctx, r->in.name->length, 0, "name length");
+
+	return true;
+}
+
+static const uint8_t enumvalue_out_data[] = {
+  0x12, 0x00, 0x00, 0x02, 0x28, 0x91, 0x08, 0x00, 0x00, 0x01, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x48, 0x00, 0x4f, 0x00,
+  0x4d, 0x00, 0x45, 0x00, 0x50, 0x00, 0x41, 0x00, 0x54, 0x00, 0x48, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0xd8, 0x8c, 0x07, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0xe0, 0x00, 0x0c, 0x00, 0x4c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x4c, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x44, 0x00, 0x6f, 0x00, 0x63, 0x00,
+  0x75, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x6e, 0x00, 0x74, 0x00, 0x73, 0x00,
+  0x20, 0x00, 0x61, 0x00, 0x6e, 0x00, 0x64, 0x00, 0x20, 0x00, 0x53, 0x00,
+  0x65, 0x00, 0x74, 0x00, 0x74, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x67, 0x00,
+  0x73, 0x00, 0x5c, 0x00, 0x41, 0x00, 0x64, 0x00, 0x6d, 0x00, 0x69, 0x00,
+  0x6e, 0x00, 0x69, 0x00, 0x73, 0x00, 0x74, 0x00, 0x72, 0x00, 0x61, 0x00,
+  0x74, 0x00, 0x6f, 0x00, 0x72, 0x00, 0x00, 0x00, 0xf0, 0x8c, 0x07, 0x00,
+  0x4c, 0x00, 0x00, 0x00, 0xf8, 0x8c, 0x07, 0x00, 0x4c, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00
+};
+
+static bool enumvalue_out_check(struct torture_context *tctx, 
+								  struct winreg_EnumValue *r)
+{
+	torture_assert_int_equal(tctx, r->out.name->size, 512, "name size");
+	torture_assert_int_equal(tctx, r->out.name->length, 18, "name length");
+	torture_assert_str_equal(tctx, r->out.name->name, "HOMEPATH", "name");
+	torture_assert_int_equal(tctx, *r->out.type, 1, "type");
+	torture_assert_int_equal(tctx, *r->out.size, 76, "size");
+	torture_assert_int_equal(tctx, *r->out.length, 76, "length");
+	torture_assert_werr_ok(tctx, r->out.result, "return code");
+
+	return true;
+}
+
+unsigned char enumvalue_in_data2[] = {
+  0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0xda, 0x45, 0x9c, 0xed, 0xe2, 0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x02, 0xcc, 0xf9, 0x06, 0x00, 0x00, 0x01, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xa0, 0xf9, 0x06, 0x00,
+  0x39, 0xa6, 0x07, 0x00, 0x00, 0xc4, 0x04, 0x01, 0x00, 0x80, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xb0, 0xf9, 0x06, 0x00,
+  0x00, 0x80, 0x00, 0x00, 0x94, 0xf9, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static const uint8_t queryvalue_in_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0xae, 0x1a, 0xbd, 0xbe, 0xbb, 0x94, 0xce, 0x4e,
+  0xba, 0xcf, 0x56, 0xeb, 0xe5, 0xb3, 0x6c, 0xa3, 0x12, 0x00, 0x12, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x09, 0x00, 0x00, 0x00, 0x48, 0x00, 0x4f, 0x00, 0x4d, 0x00, 0x45, 0x00,
+  0x50, 0x00, 0x41, 0x00, 0x54, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x03, 0x00, 0x00, 0x00, 0xff, 0x0f, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00
+};
+
+static bool queryvalue_in_check(struct torture_context *tctx, 
+								  struct winreg_QueryValue *r)
+{
+	torture_assert_str_equal(tctx, r->in.value_name->name, "HOMEPATH", "name");
+	torture_assert_int_equal(tctx, *r->in.type, 0, "type");
+	torture_assert_int_equal(tctx, *r->in.data_size, 4095, "size");
+	torture_assert_int_equal(tctx, *r->in.data_length, 0, "length");
+	torture_assert(tctx, r->in.data == NULL, "data pointer");
+
+	return true;
+}
+
+static const uint8_t queryvalue_out_data[] = {
+  0xd8, 0xf5, 0x0b, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0xe4, 0xf5, 0x0b, 0x00, 0x4c, 0x00, 0x00, 0x00, 0xec, 0xf5, 0x0b, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool queryvalue_out_check(struct torture_context *tctx, 
+								  struct winreg_QueryValue *r)
+{
+	torture_assert_werr_ok(tctx, r->out.result, "return code");
+	torture_assert_int_equal(tctx, *r->out.type, 1, "type");
+	torture_assert(tctx, r->out.data == NULL, "data pointer");
+	torture_assert_int_equal(tctx, *r->out.data_size, 76, "size");
+	torture_assert_int_equal(tctx, *r->out.data_length, 0, "length");
+
+	return true;
+}
+
+static const uint8_t querymultiplevalues_in_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0xae, 0x1a, 0xbd, 0xbe, 0xbb, 0x94, 0xce, 0x4e,
+  0xba, 0xcf, 0x56, 0xeb, 0xe5, 0xb3, 0x6c, 0xa3, 0x01, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x12, 0x00, 0x12, 0x00, 0x02, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x48, 0x00, 0x4f, 0x00,
+  0x4d, 0x00, 0x45, 0x00, 0x50, 0x00, 0x41, 0x00, 0x54, 0x00, 0x48, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00,
+  0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00
+};
+
+static bool querymultiplevalues_in_check(struct torture_context *tctx, 
+					 struct winreg_QueryMultipleValues *r)
+{
+	torture_assert_int_equal(tctx, r->in.num_values, 1, "num values");
+	torture_assert_str_equal(tctx, r->in.values_in[0].ve_valuename->name, "HOMEPATH", "name");
+	torture_assert_int_equal(tctx, r->in.values_in[0].ve_valuename->length, 18, "name len");
+	torture_assert_int_equal(tctx, r->in.values_in[0].ve_valuename->size, 18, "name size");
+	torture_assert_int_equal(tctx, r->in.values_in[0].ve_valuelen, 0, "length");
+	torture_assert_int_equal(tctx, r->in.values_in[0].ve_valueptr, 0, "ve_valueptr");
+	torture_assert_int_equal(tctx, r->in.values_in[0].ve_type, 0, "type");
+	torture_assert_int_equal(tctx, *r->in.buffer_size, 32, "buffer size");
+
+	return true;
+}
+
+static const uint8_t querymultiplevalues_out_data[] = {
+  0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+  0xd8, 0x8c, 0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x12, 0x00, 0x38, 0x87, 0x07, 0x00,
+  0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00,
+  0x48, 0x00, 0x4f, 0x00, 0x4d, 0x00, 0x45, 0x00, 0x50, 0x00, 0x41, 0x00,
+  0x54, 0x00, 0x48, 0x00, 0xc8, 0x95, 0x08, 0x00, 0x4c, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x4c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x4c, 0x4d, 0x45, 0x4d, 0xc8, 0x95, 0x08, 0x00,
+  0x50, 0x87, 0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x07, 0x00,
+  0x00, 0x01, 0x0c, 0x00, 0x50, 0x95, 0x08, 0x00, 0x48, 0x96, 0x08, 0x00,
+  0xdc, 0x00, 0x00, 0x00, 0xc0, 0x83, 0x00, 0x01, 0x0d, 0xf0, 0xff, 0xff,
+  0x4c, 0x00, 0x00, 0x00, 0xea, 0x00, 0x00, 0x00
+};
+
+static bool querymultiplevalues_out_check(struct torture_context *tctx, 
+					  struct winreg_QueryMultipleValues *r)
+{
+	torture_assert_str_equal(tctx, r->out.values_out[0].ve_valuename->name, "HOMEPATH", "name");
+	torture_assert_int_equal(tctx, r->out.values_out[0].ve_type, 0, "type");
+	torture_assert_int_equal(tctx, r->out.values_out[0].ve_valuelen, 0, "length");
+	/* FIXME: r->out.buffer */
+	torture_assert_int_equal(tctx, *r->out.buffer_size, 76, "buffer size");
+	torture_assert_werr_equal(tctx, r->out.result, WERR_MORE_DATA, "return code");
+
+	return true;
+}
+
+const uint8_t querymultiplevalues2_in_data[] = {
+	0x00, 0x00, 0x00, 0x00, 0x98, 0xe4, 0xdf, 0x3c, 0x70, 0xde, 0x69, 0x4a,
+	0x90, 0xb4, 0x85, 0x36, 0x33, 0x79, 0x89, 0x32, 0x01, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x0a, 0x00, 0x0a, 0x00, 0x04, 0x00, 0x02, 0x00, 0x05, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x54, 0x00, 0x45, 0x00,
+	0x4d, 0x00, 0x50, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool querymultiplevalues2_in_check(struct torture_context *tctx,
+					  struct winreg_QueryMultipleValues2 *r)
+{
+	torture_assert_int_equal(tctx, r->in.num_values, 1, "num values");
+	torture_assert_str_equal(tctx, r->in.values_in[0].ve_valuename->name, "TEMP", "name");
+	torture_assert_int_equal(tctx, r->in.values_in[0].ve_valuename->length, 10, "name len");
+	torture_assert_int_equal(tctx, r->in.values_in[0].ve_valuename->size, 10, "name size");
+	torture_assert_int_equal(tctx, r->in.values_in[0].ve_valuelen, 0, "length");
+	torture_assert_int_equal(tctx, r->in.values_in[0].ve_valueptr, 0,  "ve_valueptr");
+	torture_assert_int_equal(tctx, r->in.values_in[0].ve_type, 0, "type");
+	torture_assert_int_equal(tctx, *r->in.offered, 0, "buffer size");
+
+	return true;
+}
+
+const uint8_t querymultiplevalues2_out_data[] = {
+	0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x0a, 0x00, 0x04, 0x00, 0x02, 0x00,
+	0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+	0x54, 0x00, 0x45, 0x00, 0x4d, 0x00, 0x50, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x42, 0x00, 0x00, 0x00, 0xea, 0x00, 0x00, 0x00
+};
+
+static bool querymultiplevalues2_out_check(struct torture_context *tctx,
+					   struct winreg_QueryMultipleValues2 *r)
+{
+	return true;
+}
+
+static const uint8_t flushkey_in_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0xb2, 0x64, 0xbc, 0xb3, 0x7f, 0x90, 0x29, 0x4a,
+  0xb4, 0xb3, 0x91, 0xe7, 0xe4, 0x4a, 0x58, 0xe3
+};
+
+static bool flushkey_in_check(struct torture_context *tctx, 
+							   struct winreg_FlushKey *r)
+{
+	torture_assert_int_equal(tctx, r->in.handle->handle_type, 0, "handle type");
+	return true;
+}
+
+static const uint8_t flushkey_out_data[] = {
+  0x00, 0x00, 0x00, 0x00
+};
+
+static bool flushkey_out_check(struct torture_context *tctx, 
+							   struct winreg_FlushKey *r)
+{
+	torture_assert_werr_ok(tctx, r->out.result, "return code");
+	return true;
+}
+
+
+static const uint8_t openkey_in_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0xb2, 0x64, 0xbc, 0xb3, 0x7f, 0x90, 0x29, 0x4a,
+  0xb4, 0xb3, 0x91, 0xe7, 0xe4, 0x4a, 0x58, 0xe3, 0x16, 0x00, 0x16, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x0b, 0x00, 0x00, 0x00, 0x73, 0x00, 0x70, 0x00, 0x6f, 0x00, 0x74, 0x00,
+  0x74, 0x00, 0x79, 0x00, 0x66, 0x00, 0x6f, 0x00, 0x6f, 0x00, 0x74, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02
+};
+
+static bool openkey_in_check(struct torture_context *tctx, struct winreg_OpenKey *r)
+{
+	torture_assert_int_equal(tctx, r->in.options, 0, "unknown");
+	torture_assert_int_equal(tctx, r->in.access_mask, 0x02000000, "access mask");
+	torture_assert_str_equal(tctx, r->in.keyname.name, "spottyfoot", "keyname");
+	/* FIXME: parent handle */
+	return true;
+}
+
+static const uint8_t openkey_out_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00
+};
+
+static bool openkey_out_check(struct torture_context *tctx, struct winreg_OpenKey *r)
+{
+	torture_assert(tctx, GUID_all_zero(&r->out.handle->uuid), "handle");
+	torture_assert_werr_equal(tctx, r->out.result, WERR_FILE_NOT_FOUND, "return code");
+	return true;
+}
+
+static const uint8_t deletekey_in_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0xb2, 0x64, 0xbc, 0xb3, 0x7f, 0x90, 0x29, 0x4a,
+  0xb4, 0xb3, 0x91, 0xe7, 0xe4, 0x4a, 0x58, 0xe3, 0x16, 0x00, 0x16, 0x00,
+  0x01, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x0b, 0x00, 0x00, 0x00, 0x73, 0x00, 0x70, 0x00, 0x6f, 0x00, 0x74, 0x00,
+  0x74, 0x00, 0x79, 0x00, 0x66, 0x00, 0x6f, 0x00, 0x6f, 0x00, 0x74, 0x00,
+  0x00, 0x00
+};
+
+static bool deletekey_in_check(struct torture_context *tctx, struct winreg_DeleteKey *r)
+{
+	/* FIXME: Handle */
+	torture_assert_str_equal(tctx, r->in.key.name, "spottyfoot", "key name");
+	return true;
+}
+
+static const uint8_t deletekey_out_data[] = {
+  0x02, 0x00, 0x00, 0x00
+};
+
+static bool deletekey_out_check(struct torture_context *tctx, struct winreg_DeleteKey *r)
+{
+	torture_assert_werr_equal(tctx, r->out.result, WERR_FILE_NOT_FOUND, "return code");
+	return true;
+}
+
+static const uint8_t getversion_in_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0xb2, 0x64, 0xbc, 0xb3, 0x7f, 0x90, 0x29, 0x4a,
+  0xb4, 0xb3, 0x91, 0xe7, 0xe4, 0x4a, 0x58, 0xe3
+};
+
+static bool getversion_in_check(struct torture_context *tctx, struct winreg_GetVersion *r)
+{
+	/* FIXME: Handle */
+	return true;
+}
+
+static const uint8_t getversion_out_data[] = {
+  0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool getversion_out_check(struct torture_context *tctx, struct winreg_GetVersion *r)
+{
+	torture_assert_int_equal(tctx, *r->out.version, 5, "version");
+	torture_assert_werr_ok(tctx, r->out.result, "return code");
+	return true;
+}
+
+static const uint8_t queryinfokey_in_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0xb2, 0x64, 0xbc, 0xb3, 0x7f, 0x90, 0x29, 0x4a,
+  0xb4, 0xb3, 0x91, 0xe7, 0xe4, 0x4a, 0x58, 0xe3, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00
+};
+
+static bool queryinfokey_in_check(struct torture_context *tctx, struct winreg_QueryInfoKey *r)
+{
+	/* FIXME: Handle */
+	torture_assert(tctx, r->in.classname->name == NULL, "class in");
+	return true;
+}
+
+#if 0
+static const uint8_t queryinfokey_out_data[] = {
+  0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+  0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x8c, 0x00, 0x00, 0x00,
+  0x10, 0x48, 0x02, 0x3a, 0xcf, 0xfd, 0xc4, 0x01, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool queryinfokey_out_check(struct torture_context *tctx, struct winreg_QueryInfoKey *r)
+{
+	torture_assert(tctx, r->out.classname != NULL, "class out");
+	torture_assert(tctx, r->out.classname->name != NULL, "class out name");
+	torture_assert_str_equal(tctx, r->out.classname->name, "", "class out name");
+	torture_assert_int_equal(tctx, *r->out.num_subkeys, 0, "num subkeys");
+	torture_assert_int_equal(tctx, *r->out.max_subkeylen, 0, "subkey length");
+	torture_assert_int_equal(tctx, *r->out.max_classlen, 140, "subkey size");
+	torture_assert_werr_ok(tctx, r->out.result, "return code");
+	return true;
+}
+#endif
+
+static const uint8_t notifychangekeyvalue_in_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0xb2, 0x64, 0xbc, 0xb3, 0x7f, 0x90, 0x29, 0x4a,
+  0xb4, 0xb3, 0x91, 0xe7, 0xe4, 0x4a, 0x58, 0xe3, 0x01, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00
+};
+
+static bool notifychangekeyvalue_in_check(struct torture_context *tctx, struct winreg_NotifyChangeKeyValue *r)
+{
+	torture_assert_int_equal(tctx, r->in.watch_subtree, 1, "watch subtree");
+	torture_assert_int_equal(tctx, r->in.notify_filter, 0, "notify filter");
+	torture_assert_int_equal(tctx, r->in.unknown, 0, "unknown");
+	torture_assert(tctx, r->in.string1.name == NULL, "string1");
+	torture_assert(tctx, r->in.string2.name == NULL, "string2");
+	torture_assert_int_equal(tctx, r->in.unknown2, 0, "unknown2");
+	return true;
+}
+
+static const uint8_t notifychangekeyvalue_out_data[] = {
+  0x57, 0x00, 0x00, 0x00
+};
+
+static bool notifychangekeyvalue_out_check(struct torture_context *tctx, struct winreg_NotifyChangeKeyValue *r)
+{
+	torture_assert_werr_equal(tctx, r->out.result, WERR_INVALID_PARAMETER, "notify change key value");
+	return true;
+}
+
+#if 0
+static const uint8_t getkeysecurity_in_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0xbd, 0xaa, 0xf6, 0x59, 0xc1, 0x82, 0x1f, 0x4d,
+  0x84, 0xa9, 0xdd, 0xae, 0x60, 0x77, 0x1e, 0x45, 0x00, 0x00, 0x00, 0x02,
+  0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool getkeysecurity_in_check(struct torture_context *tctx, 
+				    struct winreg_GetKeySecurity *r)
+{
+	/* FIXME: Handle */
+	torture_assert_int_equal(tctx, r->in.sec_info, 2, "sec info");
+	torture_assert_int_equal(tctx, r->in.sd->size, 65536, "sd size");
+	torture_assert_int_equal(tctx, r->in.sd->len, 0, "sd len");
+	torture_assert(tctx, r->in.sd->data == NULL, "sd data");
+	return true;
+}
+
+static const uint8_t getkeysecurity_out_data[] = {
+  0x08, 0x91, 0x08, 0x00, 0x14, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
+  0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
+  0x01, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool getkeysecurity_out_check(struct torture_context *tctx, 
+				     struct winreg_GetKeySecurity *r)
+{
+	torture_assert_int_equal(tctx, r->in.sd->size, 20, "sd size");
+	torture_assert_int_equal(tctx, r->in.sd->len, 20, "sd len");
+	torture_assert_werr_ok(tctx, r->out.result, "return code");
+	return true;
+}
+#endif
+
+static const uint8_t enumkey_in_data[] = {
+  0x00, 0x00, 0x00, 0x00, 0x85, 0xb8, 0x41, 0xb0, 0x17, 0xe4, 0x28, 0x45,
+  0x8a, 0x69, 0xbf, 0x40, 0x79, 0x82, 0x8b, 0xcb, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x14, 0x04, 0x01, 0x00, 0x00, 0x00, 0x0a, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00,
+  0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f
+};
+
+static bool enumkey_in_check(struct torture_context *tctx, struct winreg_EnumKey *r)
+{
+	torture_assert_int_equal(tctx, r->in.enum_index, 0, "enum index");
+	torture_assert_int_equal(tctx, r->in.name->size, 1044, "name size");
+	torture_assert_int_equal(tctx, r->in.name->length, 0, "name len");
+	torture_assert(tctx, r->in.keyclass != NULL, "keyclass pointer");
+	torture_assert(tctx, r->in.keyclass->name == NULL, "keyclass");
+	torture_assert(tctx, r->in.last_changed_time != NULL, "last_changed_time != NULL");
+	return true;
+}
+
+static const uint8_t enumkey_out_data[] = {
+  0x08, 0x00, 0x14, 0x04, 0x18, 0xe8, 0x07, 0x00, 0x0a, 0x02, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x53, 0x00, 0x41, 0x00,
+  0x4d, 0x00, 0x00, 0x00, 0xd0, 0x62, 0x07, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0xdc, 0x62, 0x07, 0x00, 0x50, 0x67, 0xd0, 0x8b,
+  0x16, 0x06, 0xc2, 0x01, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool enumkey_out_check(struct torture_context *tctx, struct winreg_EnumKey *r)
+{
+	torture_assert_int_equal(tctx, r->out.name->size, 1044, "name size");
+	torture_assert_int_equal(tctx, r->out.name->length, 8, "name len");
+	torture_assert(tctx, r->out.keyclass != NULL, "keyclass pointer");
+	torture_assert(tctx, r->out.keyclass->name == NULL, "keyclass");
+	torture_assert(tctx, r->out.last_changed_time != NULL, "last_changed_time pointer");
+	/* FIXME: *last_changed_time */
+	return true;
+}
+
+struct torture_suite *ndr_winreg_suite(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "winreg");
+
+	torture_suite_add_ndr_pull_fn_test(suite, winreg_CloseKey, closekey_in_data, NDR_IN, closekey_in_check );
+	torture_suite_add_ndr_pull_fn_test(suite, winreg_CloseKey, closekey_out_data, NDR_OUT, closekey_out_check );
+
+	torture_suite_add_ndr_pull_fn_test(suite, winreg_OpenHKLM, OpenHKLM_In, NDR_IN, openhklm_in_check );
+	torture_suite_add_ndr_pull_fn_test(suite, winreg_OpenHKLM, openhklm_out_data, NDR_OUT, openhklm_out_check );
+
+	torture_suite_add_ndr_pull_fn_test(suite, winreg_CreateKey, createkey_in_data, NDR_IN, createkey_in_check );
+	torture_suite_add_ndr_pull_fn_test(suite, winreg_CreateKey, createkey_out_data, NDR_OUT, createkey_out_check );
+
+	torture_suite_add_ndr_pull_fn_test(suite, winreg_EnumValue, enumvalue_in_data, NDR_IN, enumvalue_in_check );
+	torture_suite_add_ndr_pull_fn_test(suite, winreg_EnumValue, enumvalue_out_data, NDR_OUT, enumvalue_out_check );
+	torture_suite_add_ndr_pull_fn_test(suite, winreg_EnumValue, enumvalue_in_data2, NDR_IN, NULL);
+
+	torture_suite_add_ndr_pull_fn_test(suite, winreg_QueryValue, queryvalue_in_data, NDR_IN, queryvalue_in_check );
+	torture_suite_add_ndr_pull_fn_test(suite, winreg_QueryValue, queryvalue_out_data, NDR_OUT, queryvalue_out_check );
+
+	torture_suite_add_ndr_pull_fn_test(suite, winreg_QueryMultipleValues, querymultiplevalues_in_data, NDR_IN, querymultiplevalues_in_check );
+	torture_suite_add_ndr_pull_io_test(suite, winreg_QueryMultipleValues, querymultiplevalues_in_data, querymultiplevalues_out_data, querymultiplevalues_out_check);
+
+	torture_suite_add_ndr_pull_fn_test(suite, winreg_QueryMultipleValues2, querymultiplevalues2_in_data, NDR_IN, querymultiplevalues2_in_check );
+	torture_suite_add_ndr_pull_io_test(suite, winreg_QueryMultipleValues2, querymultiplevalues2_in_data, querymultiplevalues2_out_data, querymultiplevalues2_out_check);
+
+	torture_suite_add_ndr_pull_fn_test(suite, winreg_FlushKey, flushkey_in_data, NDR_IN, flushkey_in_check );
+	torture_suite_add_ndr_pull_fn_test(suite, winreg_FlushKey, flushkey_out_data, NDR_OUT, flushkey_out_check );
+
+	torture_suite_add_ndr_pull_fn_test(suite, winreg_OpenKey, openkey_in_data, NDR_IN, openkey_in_check );
+	torture_suite_add_ndr_pull_fn_test(suite, winreg_OpenKey, openkey_out_data, NDR_OUT, openkey_out_check );
+
+	torture_suite_add_ndr_pull_fn_test(suite, winreg_DeleteKey, deletekey_in_data, NDR_IN, deletekey_in_check );
+	torture_suite_add_ndr_pull_fn_test(suite, winreg_DeleteKey, deletekey_out_data, NDR_OUT, deletekey_out_check );
+
+	torture_suite_add_ndr_pull_fn_test(suite, winreg_GetVersion, getversion_in_data, NDR_IN, getversion_in_check );
+	torture_suite_add_ndr_pull_fn_test(suite, winreg_GetVersion, getversion_out_data, NDR_OUT, getversion_out_check );
+
+	torture_suite_add_ndr_pull_fn_test(suite, winreg_QueryInfoKey, queryinfokey_in_data, NDR_IN, queryinfokey_in_check );
+	/*torture_suite_add_ndr_pull_fn_test(suite, winreg_QueryInfoKey, queryinfokey_out_data, NDR_OUT, queryinfokey_out_check );*/
+
+	torture_suite_add_ndr_pull_fn_test(suite, winreg_NotifyChangeKeyValue, notifychangekeyvalue_in_data, NDR_IN, notifychangekeyvalue_in_check );
+	torture_suite_add_ndr_pull_fn_test(suite, winreg_NotifyChangeKeyValue, notifychangekeyvalue_out_data, NDR_OUT, notifychangekeyvalue_out_check );
+
+	/*torture_suite_add_ndr_pull_fn_test(suite, winreg_GetKeySecurity, getkeysecurity_in_data, NDR_IN, getkeysecurity_in_check );
+	torture_suite_add_ndr_pull_fn_test(suite, winreg_GetKeySecurity, getkeysecurity_out_data, NDR_OUT, getkeysecurity_out_check );*/
+
+	torture_suite_add_ndr_pull_fn_test(suite, winreg_EnumKey, enumkey_in_data, NDR_IN, enumkey_in_check );
+	torture_suite_add_ndr_pull_fn_test(suite, winreg_EnumKey, enumkey_out_data, NDR_OUT, enumkey_out_check );
+
+	return suite;
+}
+
diff --git a/source4/torture/ndr/winspool.c b/source4/torture/ndr/winspool.c
new file mode 100644
index 0000000..e5242b9
--- /dev/null
+++ b/source4/torture/ndr/winspool.c
@@ -0,0 +1,173 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for spoolss ndr operations
+
+   Copyright (C) Jelmer Vernooij 2007
+   Copyright (C) Guenther Deschner 2013
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/ndr/ndr.h"
+#include "librpc/gen_ndr/ndr_winspool.h"
+#include "torture/ndr/proto.h"
+
+static const uint8_t registerforremotenotifications_req_data[] = {
+	0x00, 0x00, 0x00, 0x00, 0x6e, 0x61, 0x4c, 0x7b, 0xc1, 0x46, 0xde, 0x4b,
+	0x81, 0x29, 0xcb, 0xa4, 0xd2, 0xf4, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00,
+	0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x19, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x19, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x52, 0x00, 0x65, 0x00,
+	0x6d, 0x00, 0x6f, 0x00, 0x74, 0x00, 0x65, 0x00, 0x4e, 0x00, 0x6f, 0x00,
+	0x74, 0x00, 0x69, 0x00, 0x66, 0x00, 0x79, 0x00, 0x46, 0x00, 0x69, 0x00,
+	0x6c, 0x00, 0x74, 0x00, 0x65, 0x00, 0x72, 0x00, 0x20, 0x00, 0x46, 0x00,
+	0x6c, 0x00, 0x61, 0x00, 0x67, 0x00, 0x73, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x1b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1b, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x52, 0x00, 0x65, 0x00, 0x6d, 0x00, 0x6f, 0x00,
+	0x74, 0x00, 0x65, 0x00, 0x4e, 0x00, 0x6f, 0x00, 0x74, 0x00, 0x69, 0x00,
+	0x66, 0x00, 0x79, 0x00, 0x46, 0x00, 0x69, 0x00, 0x6c, 0x00, 0x74, 0x00,
+	0x65, 0x00, 0x72, 0x00, 0x20, 0x00, 0x4f, 0x00, 0x70, 0x00, 0x74, 0x00,
+	0x69, 0x00, 0x6f, 0x00, 0x6e, 0x00, 0x73, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x19, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x19, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x52, 0x00, 0x65, 0x00, 0x6d, 0x00, 0x6f, 0x00, 0x74, 0x00, 0x65, 0x00,
+	0x4e, 0x00, 0x6f, 0x00, 0x74, 0x00, 0x69, 0x00, 0x66, 0x00, 0x79, 0x00,
+	0x46, 0x00, 0x69, 0x00, 0x6c, 0x00, 0x74, 0x00, 0x65, 0x00, 0x72, 0x00,
+	0x20, 0x00, 0x43, 0x00, 0x6f, 0x00, 0x6c, 0x00, 0x6f, 0x00, 0x72, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x21, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x52, 0x00, 0x65, 0x00,
+	0x6d, 0x00, 0x6f, 0x00, 0x74, 0x00, 0x65, 0x00, 0x4e, 0x00, 0x6f, 0x00,
+	0x74, 0x00, 0x69, 0x00, 0x66, 0x00, 0x79, 0x00, 0x46, 0x00, 0x69, 0x00,
+	0x6c, 0x00, 0x74, 0x00, 0x65, 0x00, 0x72, 0x00, 0x20, 0x00, 0x4e, 0x00,
+	0x6f, 0x00, 0x74, 0x00, 0x69, 0x00, 0x66, 0x00, 0x79, 0x00, 0x4f, 0x00,
+	0x70, 0x00, 0x74, 0x00, 0x69, 0x00, 0x6f, 0x00, 0x6e, 0x00, 0x73, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x04, 0x00, 0x05, 0x00,
+	0x06, 0x00, 0x0d, 0x00, 0x12, 0x00, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00,
+	0x02, 0x00, 0x03, 0x00, 0x04, 0x00, 0x08, 0x00, 0x0a, 0x00, 0x0b, 0x00,
+	0x0d, 0x00, 0x0f, 0x00, 0x10, 0x00, 0x13, 0x00, 0x14, 0x00, 0x15, 0x00,
+	0x16, 0x00, 0x17, 0x00
+};
+
+static bool registerforremotenotifications_req_check(struct torture_context *tctx,
+						     struct winspool_SyncRegisterForRemoteNotifications *r)
+{
+	struct winspool_PrintNamedProperty *p = r->in.pNotifyFilter->propertiesCollection;
+	struct spoolss_NotifyOption *o;
+
+	/* r->in.hPrinter */
+	torture_assert(tctx, r->in.pNotifyFilter, "pNotifyFilter NULL");
+
+	torture_assert_int_equal(tctx, r->in.pNotifyFilter->numberOfProperties, 4, "numberOfProperties");
+
+	torture_assert_str_equal(tctx, p[0].propertyName, "RemoteNotifyFilter Flags", "propertyName");
+	torture_assert_int_equal(tctx, p[0].propertyValue.PropertyType, winspool_PropertyTypeInt32, "PropertyType");
+	torture_assert_int_equal(tctx, p[0].propertyValue.value.propertyInt32, 255, "propertyInt32");
+
+	torture_assert_str_equal(tctx, p[1].propertyName, "RemoteNotifyFilter Options", "propertyName");
+	torture_assert_int_equal(tctx, p[1].propertyValue.PropertyType, winspool_PropertyTypeInt32, "PropertyType");
+	torture_assert_int_equal(tctx, p[1].propertyValue.value.propertyInt32, 0, "propertyInt32");
+
+	torture_assert_str_equal(tctx, p[2].propertyName, "RemoteNotifyFilter Color", "propertyName");
+	torture_assert_int_equal(tctx, p[2].propertyValue.PropertyType, winspool_PropertyTypeInt32, "PropertyType");
+	torture_assert_int_equal(tctx, p[2].propertyValue.value.propertyInt32, 0, "propertyInt32");
+
+	torture_assert_str_equal(tctx, p[3].propertyName, "RemoteNotifyFilter NotifyOptions", "propertyName");
+	torture_assert_int_equal(tctx, p[3].propertyValue.PropertyType, winspool_PropertyTypeNotificationOptions, "PropertyType");
+
+	o = p[3].propertyValue.value.propertyOptionsContainer.pOptions;
+
+	torture_assert_int_equal(tctx, o->version, 2, "version");
+	torture_assert_int_equal(tctx, o->flags, 0, "flags");
+	torture_assert_int_equal(tctx, o->count, 2, "count");
+
+	torture_assert_int_equal(tctx, o->types[0].type, PRINTER_NOTIFY_TYPE, "type");
+	torture_assert_int_equal(tctx, o->types[0].u1, 0, "u1");
+	torture_assert_int_equal(tctx, o->types[0].u2, 0, "u2");
+	torture_assert_int_equal(tctx, o->types[0].u3, 0, "u3");
+	torture_assert_int_equal(tctx, o->types[0].count, 10, "count");
+
+	torture_assert_int_equal(tctx, o->types[0].fields[0].field, PRINTER_NOTIFY_FIELD_SERVER_NAME, "field");
+	torture_assert_int_equal(tctx, o->types[0].fields[1].field, PRINTER_NOTIFY_FIELD_PRINTER_NAME, "field");
+	torture_assert_int_equal(tctx, o->types[0].fields[2].field, PRINTER_NOTIFY_FIELD_SHARE_NAME, "field");
+	torture_assert_int_equal(tctx, o->types[0].fields[3].field, PRINTER_NOTIFY_FIELD_PORT_NAME, "field");
+	torture_assert_int_equal(tctx, o->types[0].fields[4].field, PRINTER_NOTIFY_FIELD_DRIVER_NAME, "field");
+	torture_assert_int_equal(tctx, o->types[0].fields[5].field, PRINTER_NOTIFY_FIELD_COMMENT, "field");
+	torture_assert_int_equal(tctx, o->types[0].fields[6].field, PRINTER_NOTIFY_FIELD_LOCATION, "field");
+	torture_assert_int_equal(tctx, o->types[0].fields[7].field, PRINTER_NOTIFY_FIELD_ATTRIBUTES, "field");
+	torture_assert_int_equal(tctx, o->types[0].fields[8].field, PRINTER_NOTIFY_FIELD_STATUS, "field");
+	torture_assert_int_equal(tctx, o->types[0].fields[9].field, PRINTER_NOTIFY_FIELD_CJOBS, "field");
+
+	torture_assert_int_equal(tctx, o->types[1].type, JOB_NOTIFY_TYPE, "type");
+	torture_assert_int_equal(tctx, o->types[1].u1, 0, "u1");
+	torture_assert_int_equal(tctx, o->types[1].u2, 0, "u2");
+	torture_assert_int_equal(tctx, o->types[1].u3, 0, "u3");
+	torture_assert_int_equal(tctx, o->types[1].count, 16, "count");
+
+	torture_assert_int_equal(tctx, o->types[1].fields[0].field, JOB_NOTIFY_FIELD_PRINTER_NAME, "field");
+	torture_assert_int_equal(tctx, o->types[1].fields[1].field, JOB_NOTIFY_FIELD_MACHINE_NAME, "field");
+	torture_assert_int_equal(tctx, o->types[1].fields[2].field, JOB_NOTIFY_FIELD_PORT_NAME, "field");
+	torture_assert_int_equal(tctx, o->types[1].fields[3].field, JOB_NOTIFY_FIELD_USER_NAME, "field");
+	torture_assert_int_equal(tctx, o->types[1].fields[4].field, JOB_NOTIFY_FIELD_NOTIFY_NAME, "field");
+	torture_assert_int_equal(tctx, o->types[1].fields[5].field, JOB_NOTIFY_FIELD_DRIVER_NAME, "field");
+	torture_assert_int_equal(tctx, o->types[1].fields[6].field, JOB_NOTIFY_FIELD_STATUS, "field");
+	torture_assert_int_equal(tctx, o->types[1].fields[7].field, JOB_NOTIFY_FIELD_STATUS_STRING, "field");
+	torture_assert_int_equal(tctx, o->types[1].fields[8].field, JOB_NOTIFY_FIELD_DOCUMENT, "field");
+	torture_assert_int_equal(tctx, o->types[1].fields[9].field, JOB_NOTIFY_FIELD_POSITION, "field");
+	torture_assert_int_equal(tctx, o->types[1].fields[10].field, JOB_NOTIFY_FIELD_SUBMITTED, "field");
+	torture_assert_int_equal(tctx, o->types[1].fields[11].field, JOB_NOTIFY_FIELD_TIME, "field");
+	torture_assert_int_equal(tctx, o->types[1].fields[12].field, JOB_NOTIFY_FIELD_TOTAL_PAGES, "field");
+	torture_assert_int_equal(tctx, o->types[1].fields[13].field, JOB_NOTIFY_FIELD_PAGES_PRINTED, "field");
+	torture_assert_int_equal(tctx, o->types[1].fields[14].field, JOB_NOTIFY_FIELD_TOTAL_BYTES, "field");
+	torture_assert_int_equal(tctx, o->types[1].fields[15].field, JOB_NOTIFY_FIELD_BYTES_PRINTED, "field");
+
+	return true;
+}
+
+struct torture_suite *ndr_winspool_suite(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "winspool");
+
+	torture_suite_add_ndr_pull_fn_test_flags(suite,
+						 winspool_SyncRegisterForRemoteNotifications,
+						 registerforremotenotifications_req_data,
+						 NDR_IN,
+						 LIBNDR_FLAG_NDR64,
+						 registerforremotenotifications_req_check);
+
+	return suite;
+}
diff --git a/source4/torture/ndr/witness.c b/source4/torture/ndr/witness.c
new file mode 100644
index 0000000..496d045
--- /dev/null
+++ b/source4/torture/ndr/witness.c
@@ -0,0 +1,411 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for witness ndr operations
+
+   Copyright (C) Guenther Deschner 2015
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/ndr/ndr.h"
+#include "librpc/gen_ndr/ndr_witness.h"
+#include "torture/ndr/proto.h"
+#include "param/param.h"
+
+static const uint8_t witness_GetInterfaceList_data[] = {
+	0x00, 0x00, 0x02, 0x00, 0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x02, 0x00,
+	0x02, 0x00, 0x00, 0x00, 0x4e, 0x00, 0x4f, 0x00, 0x44, 0x00, 0x45, 0x00,
+	0x32, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
+	0x01, 0x00, 0x00, 0x00, 0xc0, 0xa8, 0x03, 0x2c, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x05, 0x00, 0x00, 0x00, 0x4e, 0x00, 0x4f, 0x00, 0x44, 0x00, 0x45, 0x00,
+	0x31, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
+	0x01, 0x00, 0x00, 0x00, 0xc0, 0xa8, 0x03, 0x2d, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool witness_GetInterfaceList_check(struct torture_context *tctx,
+					   struct witness_GetInterfaceList *r)
+{
+	struct witness_interfaceList *l;
+
+	torture_assert(tctx, r->out.interface_list, "r->out.interface_list");
+
+	l = *(r->out.interface_list);
+
+	torture_assert_int_equal(tctx, l->num_interfaces, 2, "l->num_interfaces");
+	torture_assert(tctx, l->interfaces, "l->interfaces");
+
+	torture_assert_str_equal(tctx, l->interfaces[0].group_name, "NODE2", "l->interfaces[0].group_name");
+	torture_assert_int_equal(tctx, l->interfaces[0].version, -1, "l->interfaces[0].version");
+	torture_assert_int_equal(tctx, l->interfaces[0].state, 1, "l->interfaces[0].state");
+	torture_assert_str_equal(tctx, l->interfaces[0].ipv4, "192.168.3.44", "l->interfaces[0].state");
+	torture_assert_int_equal(tctx, l->interfaces[0].flags, 5, "l->interfaces[0].flags");
+
+	torture_assert_str_equal(tctx, l->interfaces[1].group_name, "NODE1", "l->interfaces[0].group_name");
+	torture_assert_int_equal(tctx, l->interfaces[1].version, -1, "l->interfaces[0].version");
+	torture_assert_int_equal(tctx, l->interfaces[1].state, 1, "l->interfaces[0].state");
+	torture_assert_str_equal(tctx, l->interfaces[1].ipv4, "192.168.3.45", "l->interfaces[0].state");
+	torture_assert_int_equal(tctx, l->interfaces[1].flags, 1, "l->interfaces[0].flags");
+	torture_assert_werr_ok(tctx, r->out.result, "r->out.result");
+
+	return true;
+}
+
+static const uint8_t witness_Register_data_IN[] = {
+	0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x02, 0x00, 0x05, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x73, 0x00, 0x6f, 0x00,
+	0x66, 0x00, 0x73, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x02, 0x00,
+	0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x00, 0x00,
+	0x31, 0x00, 0x39, 0x00, 0x32, 0x00, 0x2e, 0x00, 0x31, 0x00, 0x36, 0x00,
+	0x38, 0x00, 0x2e, 0x00, 0x33, 0x00, 0x2e, 0x00, 0x34, 0x00, 0x35, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, 0x09, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x4d, 0x00, 0x54, 0x00,
+	0x48, 0x00, 0x45, 0x00, 0x4c, 0x00, 0x45, 0x00, 0x4e, 0x00, 0x41, 0x00,
+	0x00, 0x00
+};
+
+static bool witness_Register_check_IN(struct torture_context *tctx,
+				      struct witness_Register *r)
+{
+	torture_assert_int_equal(tctx, r->in.version, 65537, "r->in.version");
+	torture_assert_str_equal(tctx, r->in.net_name, "sofs", "r->in.net_name");
+	torture_assert_str_equal(tctx, r->in.ip_address, "192.168.3.45", "r->in.ip_address");
+	torture_assert_str_equal(tctx, r->in.client_computer_name, "MTHELENA", "r->in.client_computer_name");
+
+	return true;
+}
+
+static const uint8_t witness_Register_data_OUT[] = {
+	0x00, 0x00, 0x00, 0x00, 0x33, 0x86, 0xb8, 0x3a, 0x57, 0x1e, 0x1a, 0x4c,
+	0x85, 0x6c, 0xd1, 0xbc, 0x4b, 0x15, 0xbb, 0xb1, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool witness_Register_check_OUT(struct torture_context *tctx,
+				       struct witness_Register *r)
+{
+	struct GUID guid;
+
+	torture_assert(tctx, r->out.context_handle, "r->out.context_handle");
+	torture_assert_int_equal(tctx, r->out.context_handle->handle_type, 0, "r->out.context_handle->handle_type");
+	torture_assert_ntstatus_ok(tctx, GUID_from_string("3ab88633-1e57-4c1a-856c-d1bc4b15bbb1", &guid), "");
+	torture_assert_mem_equal(tctx, &r->out.context_handle->uuid, &guid, sizeof(guid), "r->out.context_handle->uuid");
+	torture_assert_werr_ok(tctx, r->out.result, "r->out.result");
+
+	return true;
+}
+
+static const uint8_t witness_UnRegister_data_IN[] = {
+	0x00, 0x00, 0x00, 0x00, 0x33, 0x86, 0xb8, 0x3a, 0x57, 0x1e, 0x1a, 0x4c,
+	0x85, 0x6c, 0xd1, 0xbc, 0x4b, 0x15, 0xbb, 0xb1
+};
+
+static bool witness_UnRegister_check_IN(struct torture_context *tctx,
+					struct witness_UnRegister *r)
+{
+	struct GUID guid;
+
+	torture_assert_int_equal(tctx, r->in.context_handle.handle_type, 0, "r->in.context_handle.handle_type");
+	torture_assert_ntstatus_ok(tctx, GUID_from_string("3ab88633-1e57-4c1a-856c-d1bc4b15bbb1", &guid), "");
+	torture_assert_mem_equal(tctx, &r->in.context_handle.uuid, &guid, sizeof(guid), "r->in.context_handle.uuid");
+
+	return true;
+}
+
+static const uint8_t witness_UnRegister_data_OUT[] = {
+	0x00, 0x00, 0x00, 0x00
+};
+
+static bool witness_UnRegister_check_OUT(struct torture_context *tctx,
+					 struct witness_UnRegister *r)
+{
+	torture_assert_werr_ok(tctx, r->out.result, "r->out.result");
+
+	return true;
+}
+
+static const uint8_t witness_AsyncNotify_data_IN[] = {
+	0x00, 0x00, 0x00, 0x00, 0xee, 0xf2, 0xb9, 0x1f, 0x4d, 0x2a, 0xf8, 0x4b,
+	0xaf, 0x8b, 0xcb, 0x9d, 0x45, 0x29, 0xa9, 0xab
+};
+
+static bool witness_AsyncNotify_check_IN(struct torture_context *tctx,
+					 struct witness_AsyncNotify *r)
+{
+	struct GUID guid;
+
+	torture_assert_int_equal(tctx, r->in.context_handle.handle_type, 0, "r->in.context_handle.handle_type");
+	torture_assert_ntstatus_ok(tctx, GUID_from_string("1fb9f2ee-2a4d-4bf8-af8b-cb9d4529a9ab", &guid), "");
+	torture_assert_mem_equal(tctx, &r->in.context_handle.uuid, &guid, sizeof(guid), "r->in.context_handle.uuid");
+
+	return true;
+}
+
+static const uint8_t witness_AsyncNotify_data_OUT[] = {
+	0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x12, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x04, 0x00, 0x02, 0x00, 0x12, 0x00, 0x00, 0x00,
+	0x12, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x00, 0x53, 0x00, 0x4f, 0x00,
+	0x46, 0x00, 0x53, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+};
+
+static bool witness_AsyncNotify_check_OUT(struct torture_context *tctx,
+					  struct witness_AsyncNotify *r)
+{
+	struct witness_notifyResponse *n;
+	struct witness_ResourceChange *c;
+
+	torture_assert(tctx, r->out.response, "r->out.response");
+
+	n = *(r->out.response);
+
+	torture_assert_int_equal(tctx, n->type, WITNESS_NOTIFY_RESOURCE_CHANGE, "type");
+	torture_assert_int_equal(tctx, n->length, 18, "length");
+	torture_assert_int_equal(tctx, n->num, 1, "num");
+
+	c = &n->messages[0].resource_change;
+
+	torture_assert_int_equal(tctx, c->length, 18, "c->length");
+	torture_assert_int_equal(tctx, c->type, WITNESS_RESOURCE_STATE_UNAVAILABLE, "c->type");
+	torture_assert_str_equal(tctx, c->name, "SOFS", "c->name");
+
+	return true;
+}
+
+static const uint8_t witness_AsyncNotify_data_move_OUT[] = {
+	0x00, 0x00, 0x02, 0x00, 0x02, 0x00, 0x00, 0x00, 0x24, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x04, 0x00, 0x02, 0x00, 0x24, 0x00, 0x00, 0x00,
+	0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0xc0, 0xa8, 0x03, 0x2d, 0x00, 0x00, 0x00, 0x00,
+	0x38, 0xe8, 0xeb, 0x26, 0x8e, 0x00, 0x00, 0x00, 0x00, 0x9e, 0x60, 0x26,
+	0x00, 0x00, 0x00, 0x00
+};
+
+static bool witness_AsyncNotify_check_move_OUT(struct torture_context *tctx,
+					       struct witness_AsyncNotify *r)
+{
+	struct witness_notifyResponse *n;
+	struct witness_IPaddrInfoList *i;
+
+	torture_assert(tctx, r->out.response, "r->out.response");
+
+	n = *(r->out.response);
+
+	torture_assert_int_equal(tctx, n->type, WITNESS_NOTIFY_CLIENT_MOVE, "type");
+	torture_assert_int_equal(tctx, n->length, 36, "length");
+	torture_assert_int_equal(tctx, n->num, 1, "num");
+
+	i = &n->messages[0].client_move;
+
+	torture_assert_int_equal(tctx, i->length, 36, "i->length");
+	torture_assert_int_equal(tctx, i->reserved, 0, "i->reserved");
+	torture_assert_int_equal(tctx, i->num, 1, "i->num");
+
+	torture_assert_int_equal(tctx, i->addr[0].flags, WITNESS_IPADDR_V4, "i->addr[0].flags");
+	torture_assert_str_equal(tctx, i->addr[0].ipv4, "192.168.3.45", "i->addr[0].ipv4");
+	torture_assert_str_equal(tctx, i->addr[0].ipv6, "0000:0000:38e8:eb26:8e00:0000:009e:6026", "i->addr[0].ipv6");
+
+	return true;
+}
+
+static const uint8_t witness_AsyncNotify_data_fuzz1_OUT[] = {
+	0x00, 0x00, 0x02, 0x00, 0x02, 0x00, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x04, 0x00, 0x02, 0x00, 0x0C, 0x00, 0x00, 0x00,
+	0x0C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00,
+};
+
+static bool witness_AsyncNotify_check_fuzz1_OUT(struct torture_context *tctx,
+					        struct witness_AsyncNotify *r)
+{
+	struct witness_notifyResponse *n;
+	struct witness_IPaddrInfoList *i;
+
+	torture_assert(tctx, r->out.response, "r->out.response");
+
+	n = *(r->out.response);
+
+	torture_assert_int_equal(tctx, n->type, WITNESS_NOTIFY_CLIENT_MOVE, "type");
+	torture_assert_int_equal(tctx, n->length, 12, "length");
+	torture_assert_int_equal(tctx, n->num, 1, "num");
+
+	i = &n->messages[0].client_move;
+
+	torture_assert_int_equal(tctx, i->length, 12, "i->length");
+	torture_assert_int_equal(tctx, i->reserved, 0, "i->reserved");
+	torture_assert_int_equal(tctx, i->num, 0, "i->num");
+
+	return true;
+}
+
+struct torture_suite *ndr_witness_suite(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "witness");
+
+	torture_suite_add_ndr_pull_fn_test(suite,
+					   witness_GetInterfaceList,
+					   witness_GetInterfaceList_data,
+					   NDR_OUT,
+					   witness_GetInterfaceList_check);
+
+	torture_suite_add_ndr_pull_fn_test(suite,
+					   witness_Register,
+					   witness_Register_data_IN,
+					   NDR_IN,
+					   witness_Register_check_IN);
+
+	torture_suite_add_ndr_pull_fn_test(suite,
+					   witness_Register,
+					   witness_Register_data_OUT,
+					   NDR_OUT,
+					   witness_Register_check_OUT);
+
+	torture_suite_add_ndr_pull_fn_test(suite,
+					   witness_UnRegister,
+					   witness_UnRegister_data_IN,
+					   NDR_IN,
+					   witness_UnRegister_check_IN);
+
+	torture_suite_add_ndr_pull_fn_test(suite,
+					   witness_UnRegister,
+					   witness_UnRegister_data_OUT,
+					   NDR_OUT,
+					   witness_UnRegister_check_OUT);
+
+	torture_suite_add_ndr_pull_fn_test(suite,
+					   witness_AsyncNotify,
+					   witness_AsyncNotify_data_IN,
+					   NDR_IN,
+					   witness_AsyncNotify_check_IN);
+
+	torture_suite_add_ndr_pull_fn_test(suite,
+					   witness_AsyncNotify,
+					   witness_AsyncNotify_data_OUT,
+					   NDR_OUT,
+					   witness_AsyncNotify_check_OUT);
+
+	torture_suite_add_ndr_pullpush_fn_test_flags(suite,
+					    witness_AsyncNotify,
+					    witness_AsyncNotify_data_OUT,
+					    NDR_OUT,
+					    0,
+					    witness_AsyncNotify_check_OUT);
+
+	torture_suite_add_ndr_pullpush_fn_test_flags(suite,
+					    witness_AsyncNotify,
+					    witness_AsyncNotify_data_move_OUT,
+					    NDR_OUT,
+					    0,
+					    witness_AsyncNotify_check_move_OUT);
+
+	torture_suite_add_ndr_pull_fn_test(suite,
+					   witness_AsyncNotify,
+					   witness_AsyncNotify_data_fuzz1_OUT,
+					   NDR_OUT,
+					   witness_AsyncNotify_check_fuzz1_OUT);
+
+	torture_suite_add_ndr_pullpush_fn_test_flags(suite,
+					    witness_AsyncNotify,
+					    witness_AsyncNotify_data_fuzz1_OUT,
+					    NDR_OUT,
+					    0,
+					    witness_AsyncNotify_check_fuzz1_OUT);
+
+	return suite;
+}
diff --git a/source4/torture/ntp/ntp_signd.c b/source4/torture/ntp/ntp_signd.c
new file mode 100644
index 0000000..fd7da67
--- /dev/null
+++ b/source4/torture/ntp/ntp_signd.c
@@ -0,0 +1,306 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Test NTP authentication support
+
+   Copyright (C) Andrew Bartlet <abartlet@samba.org> 2008
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/smbtorture.h"
+#include <tevent.h>
+#include "lib/stream/packet.h"
+#include "lib/tsocket/tsocket.h"
+#include "libcli/util/tstream.h"
+#include "torture/rpc/torture_rpc.h"
+#include "libcli/auth/libcli_auth.h"
+#include "librpc/gen_ndr/ndr_netlogon_c.h"
+#include "librpc/gen_ndr/ndr_ntp_signd.h"
+#include "param/param.h"
+#include "system/network.h"
+#include "torture/ntp/proto.h"
+
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+
+#define TEST_MACHINE_NAME "ntpsigndtest"
+
+struct signd_client_state {
+	struct tsocket_address *local_address;
+	struct tsocket_address *remote_address;
+
+	struct tstream_context *tstream;
+	struct tevent_queue *send_queue;
+
+	uint8_t request_hdr[4];
+	struct iovec request_iov[2];
+
+	DATA_BLOB reply;
+
+	NTSTATUS status;
+};
+
+/*
+ * A torture test to show that the unix domain socket protocol is
+ * operating correctly, and the signatures are as expected
+ */
+static bool test_ntp_signd(struct torture_context *tctx,
+			   struct dcerpc_pipe *p,
+			   struct cli_credentials *credentials)
+{
+	struct netlogon_creds_CredentialState *creds;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+
+	struct netr_ServerReqChallenge r;
+	struct netr_ServerAuthenticate3 a;
+	struct netr_Credential credentials1, credentials2, credentials3;
+	uint32_t rid;
+	const char *machine_name;
+	const struct samr_Password *pwhash = cli_credentials_get_nt_hash(credentials, mem_ctx);
+	uint32_t negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS | NETLOGON_NEG_SUPPORTS_AES;
+
+	struct sign_request sign_req;
+	struct signed_reply signed_reply;
+	DATA_BLOB sign_req_blob;
+
+	struct signd_client_state *signd_client;
+	struct tevent_req *req;
+	char *unix_address;
+	int sys_errno;
+
+	gnutls_hash_hd_t hash_hnd;
+	uint8_t sig[16];
+	enum ndr_err_code ndr_err;
+	bool ok;
+	int rc;
+
+	machine_name = cli_credentials_get_workstation(credentials);
+
+	torture_comment(tctx, "Testing ServerReqChallenge\n");
+
+	r.in.server_name = NULL;
+	r.in.computer_name = machine_name;
+	r.in.credentials = &credentials1;
+	r.out.return_credentials = &credentials2;
+
+	generate_random_buffer(credentials1.data, sizeof(credentials1.data));
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_netr_ServerReqChallenge_r(p->binding_handle, tctx, &r),
+		"ServerReqChallenge failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+		"ServerReqChallenge failed");
+
+	a.in.server_name = NULL;
+	a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
+	a.in.secure_channel_type = SEC_CHAN_WKSTA;
+	a.in.computer_name = machine_name;
+	a.in.negotiate_flags = &negotiate_flags;
+	a.in.credentials = &credentials3;
+	a.out.return_credentials = &credentials3;
+	a.out.negotiate_flags = &negotiate_flags;
+	a.out.rid = &rid;
+
+	creds = netlogon_creds_client_init(tctx, a.in.account_name,
+					   a.in.computer_name,
+					   a.in.secure_channel_type,
+					   &credentials1, &credentials2, 
+					   pwhash, &credentials3,
+					   negotiate_flags);
+	
+	torture_assert(tctx, creds != NULL, "memory allocation");
+
+	torture_comment(tctx, "Testing ServerAuthenticate3\n");
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_netr_ServerAuthenticate3_r(p->binding_handle, tctx, &a),
+		"ServerAuthenticate3 failed");
+	torture_assert_ntstatus_ok(tctx, a.out.result,
+		"ServerAuthenticate3 failed");
+	torture_assert(tctx,
+		       netlogon_creds_client_check(creds, &credentials3),
+		       "Credential chaining failed");
+
+	sign_req.op = SIGN_TO_CLIENT;
+	sign_req.packet_id = 1;
+	sign_req.key_id = rid;
+	sign_req.packet_to_sign = data_blob_string_const("I am a tea pot");
+	
+	ndr_err = ndr_push_struct_blob(&sign_req_blob,
+				       mem_ctx,
+				       &sign_req,
+				       (ndr_push_flags_fn_t)ndr_push_sign_request);
+	torture_assert(tctx,
+		       NDR_ERR_CODE_IS_SUCCESS(ndr_err),
+		       "Failed to push sign_req");
+
+	signd_client = talloc(mem_ctx, struct signd_client_state);
+
+	/* Create socket addresses */
+	torture_comment(tctx, "Creating the socket addresses\n");
+	rc = tsocket_address_unix_from_path(signd_client, "",
+				       &signd_client->local_address);
+	torture_assert(tctx, rc == 0,
+		       "Failed to create local address from unix path.");
+
+	unix_address = talloc_asprintf(signd_client,
+					"%s/socket",
+					lpcfg_ntp_signd_socket_directory(tctx->lp_ctx));
+	rc = tsocket_address_unix_from_path(mem_ctx,
+					    unix_address,
+					    &signd_client->remote_address);
+	torture_assert(tctx, rc == 0,
+		       "Failed to create remote address from unix path.");
+
+	/* Connect to the unix socket */
+	torture_comment(tctx, "Connecting to the unix socket\n");
+	req = tstream_unix_connect_send(signd_client,
+					tctx->ev,
+					signd_client->local_address,
+					signd_client->remote_address);
+	torture_assert(tctx, req != NULL,
+		       "Failed to create a tstream unix connect request.");
+
+	ok = tevent_req_poll(req, tctx->ev);
+	torture_assert(tctx, ok == true,
+		       "Failed to poll for tstream_unix_connect_send.");
+
+	rc = tstream_unix_connect_recv(req,
+				       &sys_errno,
+				       signd_client,
+				       &signd_client->tstream);
+	TALLOC_FREE(req);
+	torture_assert(tctx, rc == 0, "Failed to connect to signd!");
+
+	/* Allocate the send queue */
+	signd_client->send_queue = tevent_queue_create(signd_client,
+						       "signd_client_queue");
+	torture_assert(tctx, signd_client->send_queue != NULL,
+		       "Failed to create send queue!");
+
+	/*
+	 * Create the request buffer.
+	 * First add the length of the request buffer
+	 */
+	RSIVAL(signd_client->request_hdr, 0, sign_req_blob.length);
+	signd_client->request_iov[0].iov_base = (char *) signd_client->request_hdr;
+	signd_client->request_iov[0].iov_len = 4;
+
+	signd_client->request_iov[1].iov_base = (char *) sign_req_blob.data;
+	signd_client->request_iov[1].iov_len = sign_req_blob.length;
+
+	/* Fire the request buffer */
+	torture_comment(tctx, "Sending the request\n");
+	req = tstream_writev_queue_send(signd_client,
+					tctx->ev,
+					signd_client->tstream,
+					signd_client->send_queue,
+					signd_client->request_iov, 2);
+	torture_assert(tctx, req != NULL,
+		       "Failed to send the signd request.");
+
+	ok = tevent_req_poll(req, tctx->ev);
+	torture_assert(tctx, ok == true,
+		       "Failed to poll for tstream_writev_queue_send.");
+
+	rc = tstream_writev_queue_recv(req, &sys_errno);
+	TALLOC_FREE(req);
+	torture_assert(tctx, rc > 0, "Failed to send data");
+
+	/* Wait for a reply */
+	torture_comment(tctx, "Waiting for the reply\n");
+	req = tstream_read_pdu_blob_send(signd_client,
+					 tctx->ev,
+					 signd_client->tstream,
+					 4, /*initial_read_size */
+					 tstream_full_request_u32,
+					 NULL);
+	torture_assert(tctx, req != NULL,
+		       "Failed to setup a read for pdu_blob.");
+
+	ok = tevent_req_poll(req, tctx->ev);
+	torture_assert(tctx, ok == true,
+		       "Failed to poll for tstream_read_pdu_blob_send.");
+
+	signd_client->status = tstream_read_pdu_blob_recv(req,
+							  signd_client,
+							  &signd_client->reply);
+	torture_assert_ntstatus_ok(tctx, signd_client->status,
+				   "Error reading signd_client reply packet");
+
+	/* Skip length header */
+	signd_client->reply.data += 4;
+	signd_client->reply.length -= 4;
+
+	/* Check if the reply buffer is valid */
+	torture_comment(tctx, "Validating the reply buffer\n");
+	ndr_err = ndr_pull_struct_blob_all(&signd_client->reply,
+					   mem_ctx,
+					   &signed_reply,
+					   (ndr_pull_flags_fn_t)ndr_pull_signed_reply);
+	torture_assert(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err),
+			ndr_map_error2string(ndr_err));
+
+	torture_assert_u64_equal(tctx, signed_reply.version,
+				 NTP_SIGND_PROTOCOL_VERSION_0,
+				 "Invalid Version");
+	torture_assert_u64_equal(tctx, signed_reply.packet_id,
+				 sign_req.packet_id, "Invalid Packet ID");
+	torture_assert_u64_equal(tctx, signed_reply.op,
+				 SIGNING_SUCCESS,
+				 "Should have replied with signing success");
+	torture_assert_u64_equal(tctx, signed_reply.signed_packet.length,
+				 sign_req.packet_to_sign.length + 20,
+				 "Invalid reply length from signd");
+	torture_assert_u64_equal(tctx, rid,
+				 IVAL(signed_reply.signed_packet.data,
+				 sign_req.packet_to_sign.length),
+				 "Incorrect RID in reply");
+
+	/* Check computed signature */
+	gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
+	gnutls_hash(hash_hnd, pwhash->hash, sizeof(pwhash->hash));
+	gnutls_hash(hash_hnd,
+		    sign_req.packet_to_sign.data,
+		    sign_req.packet_to_sign.length);
+	gnutls_hash_deinit(hash_hnd, sig);
+
+	torture_assert_mem_equal(tctx,
+				 &signed_reply.signed_packet.data[sign_req.packet_to_sign.length + 4],
+				 sig, 16, "Signature on reply was incorrect!");
+
+	talloc_free(mem_ctx);
+
+	return true;
+}
+
+NTSTATUS torture_ntp_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "ntp");
+	struct torture_rpc_tcase *tcase;
+
+	tcase = torture_suite_add_machine_workstation_rpc_iface_tcase(suite,
+				  "signd", &ndr_table_netlogon, TEST_MACHINE_NAME);
+
+	torture_rpc_tcase_add_test_creds(tcase, "ntp_signd", test_ntp_signd);
+
+	suite->description = talloc_strdup(suite, "NTP tests");
+
+	torture_register_suite(ctx, suite);
+
+	return NT_STATUS_OK;
+}
+
diff --git a/source4/torture/rap/printing.c b/source4/torture/rap/printing.c
new file mode 100644
index 0000000..af76b26
--- /dev/null
+++ b/source4/torture/rap/printing.c
@@ -0,0 +1,711 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for SMB printing operations
+
+   Copyright (C) Guenther Deschner 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/libcli.h"
+#include "torture/torture.h"
+#include "torture/util.h"
+#include "system/filesys.h"
+
+#include "torture/smbtorture.h"
+#include "torture/util.h"
+#include "libcli/rap/rap.h"
+#include "torture/rap/proto.h"
+#include "param/param.h"
+
+/* TODO:
+
+ printing half the file,
+ finding job
+ delete job
+ try writing 2nd half
+
+ SMBsplretq
+
+*/
+
+#define TORTURE_PRINT_FILE "torture_print_file"
+
+static bool print_printjob(struct torture_context *tctx,
+			   struct smbcli_tree *tree)
+{
+	int fnum;
+	DATA_BLOB data;
+	ssize_t size_written;
+	const char *str;
+
+	torture_comment(tctx, "creating printjob %s\n", TORTURE_PRINT_FILE);
+
+	fnum = smbcli_open(tree, TORTURE_PRINT_FILE, O_RDWR|O_CREAT|O_TRUNC, DENY_NONE);
+	if (fnum == -1) {
+		torture_fail(tctx, "failed to open file");
+	}
+
+	str = talloc_asprintf(tctx, "TortureTestPage: %d\nData\n",0);
+
+	data = data_blob_string_const(str);
+
+	size_written = smbcli_write(tree, fnum, 0, data.data, 0, data.length);
+	if (size_written != data.length) {
+		torture_fail(tctx, "failed to write file");
+	}
+
+	torture_assert_ntstatus_ok(tctx,
+		smbcli_close(tree, fnum),
+		"failed to close file");
+
+	return true;
+}
+
+static bool test_raw_print(struct torture_context *tctx,
+			   struct smbcli_state *cli)
+{
+	return print_printjob(tctx, cli->tree);
+}
+
+static bool test_netprintqenum(struct torture_context *tctx,
+			       struct smbcli_state *cli)
+{
+	struct rap_NetPrintQEnum r;
+	int i, q;
+	uint16_t levels[] = { 0, 1, 2, 3, 4, 5 };
+
+	for (i=0; i < ARRAY_SIZE(levels); i++) {
+
+		r.in.level = levels[i];
+		r.in.bufsize = 8192;
+
+		torture_comment(tctx,
+			"Testing rap_NetPrintQEnum level %d\n", r.in.level);
+
+		torture_assert_ntstatus_ok(tctx,
+			smbcli_rap_netprintqenum(cli->tree, tctx, &r),
+			"smbcli_rap_netprintqenum failed");
+		torture_assert_werr_ok(tctx, W_ERROR(r.out.status),
+			"failed to enum printq");
+
+		for (q=0; q<r.out.count; q++) {
+			switch (r.in.level) {
+			case 0:
+				printf("%s\n", r.out.info[q].info0.PrintQName);
+				break;
+			}
+		}
+	}
+
+	return true;
+}
+
+static bool test_netprintqgetinfo(struct torture_context *tctx,
+				  struct smbcli_state *cli)
+{
+	struct rap_NetPrintQGetInfo r;
+	struct rap_NetPrintQEnum r_enum;
+	int i, p;
+	uint16_t levels[] = { 0, 1, 2, 3, 4, 5 };
+
+	r.in.level = 0;
+	r.in.bufsize = 0;
+	r.in.PrintQueueName = "";
+
+	torture_assert_ntstatus_ok(tctx,
+		smbcli_rap_netprintqgetinfo(cli->tree, tctx, &r),
+		"smbcli_rap_netprintqgetinfo failed");
+	torture_assert_werr_equal(tctx,
+				  W_ERROR(r.out.status),
+				  WERR_INVALID_PARAMETER,
+				  "smbcli_rap_netprintqgetinfo failed");
+
+	r_enum.in.level = 5;
+	r_enum.in.bufsize = 8192;
+
+	torture_assert_ntstatus_ok(tctx,
+		smbcli_rap_netprintqenum(cli->tree, tctx, &r_enum),
+		"failed to enum printq");
+	torture_assert_werr_ok(tctx, W_ERROR(r_enum.out.status),
+		"failed to enum printq");
+
+	for (p=0; p < r_enum.out.count; p++) {
+
+		for (i=0; i < ARRAY_SIZE(levels); i++) {
+
+			r.in.level = levels[i];
+			r.in.bufsize = 8192;
+			r.in.PrintQueueName = r_enum.out.info[p].info5.PrintQueueName;
+
+			torture_comment(tctx, "Testing rap_NetPrintQGetInfo(%s) level %d\n",
+				r.in.PrintQueueName, r.in.level);
+
+			torture_assert_ntstatus_ok(tctx,
+				smbcli_rap_netprintqgetinfo(cli->tree, tctx, &r),
+				"smbcli_rap_netprintqgetinfo failed");
+			torture_assert_werr_ok(tctx,
+				W_ERROR(r.out.status),
+				"smbcli_rap_netprintqgetinfo failed");
+
+			switch (r.in.level) {
+			case 0:
+				printf("%s\n", r.out.info.info0.PrintQName);
+				break;
+			}
+		}
+	}
+
+	return true;
+}
+
+static bool test_netprintjob_pause(struct torture_context *tctx,
+				   struct smbcli_state *cli,
+				   uint16_t job_id)
+{
+	struct rap_NetPrintJobPause r;
+
+	r.in.JobID = job_id;
+
+	torture_comment(tctx, "Testing rap_NetPrintJobPause(%d)\n", r.in.JobID);
+
+	torture_assert_ntstatus_ok(tctx,
+		smbcli_rap_netprintjobpause(cli->tree, tctx, &r),
+		"smbcli_rap_netprintjobpause failed");
+
+	return true;
+}
+
+static bool test_netprintjob_continue(struct torture_context *tctx,
+				      struct smbcli_state *cli,
+				      uint16_t job_id)
+{
+	struct rap_NetPrintJobContinue r;
+
+	r.in.JobID = job_id;
+
+	torture_comment(tctx, "Testing rap_NetPrintJobContinue(%d)\n", r.in.JobID);
+
+	torture_assert_ntstatus_ok(tctx,
+		smbcli_rap_netprintjobcontinue(cli->tree, tctx, &r),
+		"smbcli_rap_netprintjobcontinue failed");
+
+	return true;
+}
+
+static bool test_netprintjob_delete(struct torture_context *tctx,
+				    struct smbcli_state *cli,
+				    uint16_t job_id)
+{
+	struct rap_NetPrintJobDelete r;
+
+	r.in.JobID = job_id;
+
+	torture_comment(tctx, "Testing rap_NetPrintJobDelete(%d)\n", r.in.JobID);
+
+	torture_assert_ntstatus_ok(tctx,
+		smbcli_rap_netprintjobdelete(cli->tree, tctx, &r),
+		"smbcli_rap_netprintjobdelete failed");
+
+	return true;
+}
+
+static bool test_netprintjob(struct torture_context *tctx,
+			     struct smbcli_state *cli)
+{
+	uint16_t job_id = 400;
+
+	torture_assert(tctx,
+		test_netprintjob_pause(tctx, cli, job_id),
+		"failed to pause job");
+	torture_assert(tctx,
+		test_netprintjob_continue(tctx, cli, job_id),
+		"failed to continue job");
+	torture_assert(tctx,
+		test_netprintjob_delete(tctx, cli, job_id),
+		"failed to delete job");
+
+	return true;
+}
+
+static bool test_netprintq_pause(struct torture_context *tctx,
+				 struct smbcli_state *cli,
+				 const char *PrintQueueName)
+{
+	struct rap_NetPrintQueuePause r;
+
+	r.in.PrintQueueName = PrintQueueName;
+
+	torture_comment(tctx, "Testing rap_NetPrintQueuePause(%s)\n", r.in.PrintQueueName);
+
+	torture_assert_ntstatus_ok(tctx,
+		smbcli_rap_netprintqueuepause(cli->tree, tctx, &r),
+		"smbcli_rap_netprintqueuepause failed");
+	torture_assert_werr_ok(tctx, W_ERROR(r.out.status),
+		"smbcli_rap_netprintqueuepause failed");
+
+	return true;
+}
+
+static bool test_netprintq_resume(struct torture_context *tctx,
+				  struct smbcli_state *cli,
+				  const char *PrintQueueName)
+{
+	struct rap_NetPrintQueueResume r;
+
+	r.in.PrintQueueName = PrintQueueName;
+
+	torture_comment(tctx, "Testing rap_NetPrintQueueResume(%s)\n", r.in.PrintQueueName);
+
+	torture_assert_ntstatus_ok(tctx,
+		smbcli_rap_netprintqueueresume(cli->tree, tctx, &r),
+		"smbcli_rap_netprintqueueresume failed");
+	torture_assert_werr_ok(tctx, W_ERROR(r.out.status),
+		"smbcli_rap_netprintqueueresume failed");
+
+	return true;
+}
+
+static bool test_netprintq(struct torture_context *tctx,
+			   struct smbcli_state *cli)
+{
+	struct rap_NetPrintQEnum r;
+	int i;
+
+	r.in.level = 5;
+	r.in.bufsize = 8192;
+
+	torture_assert_ntstatus_ok(tctx,
+		smbcli_rap_netprintqenum(cli->tree, tctx, &r),
+		"failed to enum printq");
+	torture_assert_werr_ok(tctx, W_ERROR(r.out.status),
+		"failed to enum printq");
+
+	for (i=0; i < r.out.count; i++) {
+
+		const char *printqname = r.out.info[i].info5.PrintQueueName;
+
+		torture_assert(tctx,
+			test_netprintq_pause(tctx, cli, printqname),
+			"failed to pause print queue");
+
+		torture_assert(tctx,
+			test_netprintq_resume(tctx, cli, printqname),
+			"failed to resume print queue");
+	}
+
+	return true;
+}
+
+static bool test_netprintjobenum_args(struct torture_context *tctx,
+				      struct smbcli_state *cli,
+				      const char *PrintQueueName,
+				      uint16_t level,
+				      uint16_t *count_p,
+				      union rap_printj_info **info_p)
+{
+	struct rap_NetPrintJobEnum r;
+
+	r.in.PrintQueueName = PrintQueueName;
+	r.in.bufsize = 8192;
+	r.in.level = level;
+
+	torture_comment(tctx,
+		"Testing rap_NetPrintJobEnum(%s) level %d\n", r.in.PrintQueueName, r.in.level);
+
+	torture_assert_ntstatus_ok(tctx,
+		smbcli_rap_netprintjobenum(cli->tree, tctx, &r),
+		"smbcli_rap_netprintjobenum failed");
+
+	if (count_p) {
+		*count_p = r.out.count;
+	}
+	if (info_p) {
+		*info_p = r.out.info;
+	}
+
+	return true;
+}
+
+static bool test_netprintjobenum_one(struct torture_context *tctx,
+				     struct smbcli_state *cli,
+				     const char *PrintQueueName)
+{
+	struct rap_NetPrintJobEnum r;
+	int i;
+	uint16_t levels[] = { 0, 1, 2 };
+
+	r.in.PrintQueueName = PrintQueueName;
+	r.in.bufsize = 8192;
+
+	for (i=0; i < ARRAY_SIZE(levels); i++) {
+
+		r.in.level = levels[i];
+
+		torture_comment(tctx,
+			"Testing rap_NetPrintJobEnum(%s) level %d\n", r.in.PrintQueueName, r.in.level);
+
+		torture_assert_ntstatus_ok(tctx,
+			smbcli_rap_netprintjobenum(cli->tree, tctx, &r),
+			"smbcli_rap_netprintjobenum failed");
+	}
+
+	return true;
+}
+
+static bool test_netprintjobgetinfo_byid(struct torture_context *tctx,
+					 struct smbcli_state *cli,
+					 uint16_t JobID)
+{
+	struct rap_NetPrintJobGetInfo r;
+	uint16_t levels[] = { 0, 1, 2 };
+	int i;
+
+	r.in.JobID = JobID;
+	r.in.bufsize = 8192;
+
+	for (i=0; i < ARRAY_SIZE(levels); i++) {
+
+		r.in.level = levels[i];
+
+		torture_comment(tctx, "Testing rap_NetPrintJobGetInfo(%d) level %d\n", r.in.JobID, r.in.level);
+
+		torture_assert_ntstatus_ok(tctx,
+			smbcli_rap_netprintjobgetinfo(cli->tree, tctx, &r),
+			"smbcli_rap_netprintjobgetinfo failed");
+	}
+
+	return true;
+}
+
+static bool test_netprintjobsetinfo_byid(struct torture_context *tctx,
+					 struct smbcli_state *cli,
+					 uint16_t JobID)
+{
+	struct rap_NetPrintJobSetInfo r;
+	uint16_t levels[] = { 0, 1, 2 };
+	int i;
+	const char *comment = "tortured by samba";
+
+	r.in.JobID = JobID;
+	r.in.bufsize = strlen(comment);
+	r.in.ParamNum = RAP_PARAM_JOBCOMMENT;
+	r.in.Param.string = comment;
+
+	for (i=0; i < ARRAY_SIZE(levels); i++) {
+
+		r.in.level = levels[i];
+
+		torture_comment(tctx, "Testing rap_NetPrintJobSetInfo(%d) level %d\n", r.in.JobID, r.in.level);
+
+		torture_assert_ntstatus_ok(tctx,
+			smbcli_rap_netprintjobsetinfo(cli->tree, tctx, &r),
+			"smbcli_rap_netprintjobsetinfo failed");
+	}
+
+	return true;
+}
+
+
+static bool test_netprintjobgetinfo_byqueue(struct torture_context *tctx,
+					    struct smbcli_state *cli,
+					    const char *PrintQueueName)
+{
+	struct rap_NetPrintJobEnum r;
+	int i;
+
+	r.in.PrintQueueName = PrintQueueName;
+	r.in.bufsize = 8192;
+	r.in.level = 0;
+
+	torture_assert_ntstatus_ok(tctx,
+		smbcli_rap_netprintjobenum(cli->tree, tctx, &r),
+		"failed to enumerate jobs");
+
+	for (i=0; i < r.out.count; i++) {
+
+		torture_assert(tctx,
+			test_netprintjobgetinfo_byid(tctx, cli, r.out.info[i].info0.JobID),
+			"failed to get job info");
+	}
+
+	return true;
+}
+
+static bool test_netprintjobsetinfo_byqueue(struct torture_context *tctx,
+					    struct smbcli_state *cli,
+					    const char *PrintQueueName)
+{
+	struct rap_NetPrintJobEnum r;
+	int i;
+
+	r.in.PrintQueueName = PrintQueueName;
+	r.in.bufsize = 8192;
+	r.in.level = 0;
+
+	torture_assert_ntstatus_ok(tctx,
+		smbcli_rap_netprintjobenum(cli->tree, tctx, &r),
+		"failed to enumerate jobs");
+
+	for (i=0; i < r.out.count; i++) {
+
+		torture_assert(tctx,
+			test_netprintjobsetinfo_byid(tctx, cli, r.out.info[i].info0.JobID),
+			"failed to set job info");
+	}
+
+	return true;
+}
+
+static bool test_netprintjobenum(struct torture_context *tctx,
+				 struct smbcli_state *cli)
+{
+	struct rap_NetPrintQEnum r;
+	int i;
+
+	r.in.level = 5;
+	r.in.bufsize = 8192;
+
+	torture_assert_ntstatus_ok(tctx,
+		smbcli_rap_netprintqenum(cli->tree, tctx, &r),
+		"failed to enum printq");
+	torture_assert_werr_ok(tctx, W_ERROR(r.out.status),
+		"failed to enum printq");
+
+	for (i=0; i < r.out.count; i++) {
+
+		const char *printqname = r.out.info[i].info5.PrintQueueName;
+
+		torture_assert(tctx,
+			test_netprintjobenum_one(tctx, cli, printqname),
+			"failed to enumerate printjobs on print queue");
+	}
+
+	return true;
+}
+
+static bool test_netprintjobgetinfo(struct torture_context *tctx,
+				    struct smbcli_state *cli)
+{
+	struct rap_NetPrintQEnum r;
+	int i;
+
+	r.in.level = 5;
+	r.in.bufsize = 8192;
+
+	torture_assert_ntstatus_ok(tctx,
+		smbcli_rap_netprintqenum(cli->tree, tctx, &r),
+		"failed to enum printq");
+	torture_assert_werr_ok(tctx, W_ERROR(r.out.status),
+		"failed to enum printq");
+
+	for (i=0; i < r.out.count; i++) {
+
+		const char *printqname = r.out.info[i].info5.PrintQueueName;
+
+		torture_assert(tctx,
+			test_netprintjobgetinfo_byqueue(tctx, cli, printqname),
+			"failed to enumerate printjobs on print queue");
+	}
+
+	return true;
+}
+
+static bool test_netprintjobsetinfo(struct torture_context *tctx,
+				    struct smbcli_state *cli)
+{
+	struct rap_NetPrintQEnum r;
+	int i;
+
+	r.in.level = 5;
+	r.in.bufsize = 8192;
+
+	torture_assert_ntstatus_ok(tctx,
+		smbcli_rap_netprintqenum(cli->tree, tctx, &r),
+		"failed to enum printq");
+	torture_assert_werr_ok(tctx, W_ERROR(r.out.status),
+		"failed to enum printq");
+
+	for (i=0; i < r.out.count; i++) {
+
+		const char *printqname = r.out.info[i].info5.PrintQueueName;
+
+		torture_assert(tctx,
+			test_netprintjobsetinfo_byqueue(tctx, cli, printqname),
+			"failed to set printjobs on print queue");
+	}
+
+	return true;
+}
+
+static bool test_netprintdestenum(struct torture_context *tctx,
+				  struct smbcli_state *cli)
+{
+	struct rap_NetPrintDestEnum r;
+	int i;
+	uint16_t levels[] = { 0, 1, 2, 3 };
+
+	for (i=0; i < ARRAY_SIZE(levels); i++) {
+
+		r.in.level = levels[i];
+		r.in.bufsize = 8192;
+
+		torture_comment(tctx,
+			"Testing rap_NetPrintDestEnum level %d\n", r.in.level);
+
+		torture_assert_ntstatus_ok(tctx,
+			smbcli_rap_netprintdestenum(cli->tree, tctx, &r),
+			"smbcli_rap_netprintdestenum failed");
+	}
+
+	return true;
+}
+
+static bool test_netprintdestgetinfo_bydest(struct torture_context *tctx,
+					    struct smbcli_state *cli,
+					    const char *PrintDestName)
+{
+	struct rap_NetPrintDestGetInfo r;
+	int i;
+	uint16_t levels[] = { 0, 1, 2, 3 };
+
+	for (i=0; i < ARRAY_SIZE(levels); i++) {
+
+		r.in.PrintDestName = PrintDestName;
+		r.in.level = levels[i];
+		r.in.bufsize = 8192;
+
+		torture_comment(tctx,
+			"Testing rap_NetPrintDestGetInfo(%s) level %d\n", r.in.PrintDestName, r.in.level);
+
+		torture_assert_ntstatus_ok(tctx,
+			smbcli_rap_netprintdestgetinfo(cli->tree, tctx, &r),
+			"smbcli_rap_netprintdestgetinfo failed");
+	}
+
+	return true;
+}
+
+
+static bool test_netprintdestgetinfo(struct torture_context *tctx,
+				     struct smbcli_state *cli)
+{
+	struct rap_NetPrintDestEnum r;
+	int i;
+
+	r.in.level = 2;
+	r.in.bufsize = 8192;
+
+	torture_comment(tctx,
+		"Testing rap_NetPrintDestEnum level %d\n", r.in.level);
+
+	torture_assert_ntstatus_ok(tctx,
+		smbcli_rap_netprintdestenum(cli->tree, tctx, &r),
+		"smbcli_rap_netprintdestenum failed");
+
+	for (i=0; i < r.out.count; i++) {
+
+		torture_assert(tctx,
+			test_netprintdestgetinfo_bydest(tctx, cli, r.out.info[i].info2.PrinterName),
+			"failed to get printdest info");
+
+	}
+
+	return true;
+}
+
+static bool test_rap_print(struct torture_context *tctx,
+			   struct smbcli_state *cli)
+{
+	struct rap_NetPrintQEnum r;
+	int i;
+
+	r.in.level = 5;
+	r.in.bufsize = 8192;
+
+	torture_assert_ntstatus_ok(tctx,
+		smbcli_rap_netprintqenum(cli->tree, tctx, &r),
+		"failed to enum printq");
+	torture_assert_werr_ok(tctx, W_ERROR(r.out.status),
+		"failed to enum printq");
+
+	for (i=0; i < r.out.count; i++) {
+
+		const char *printqname = r.out.info[i].info5.PrintQueueName;
+		struct smbcli_tree *res_queue = NULL;
+		uint16_t num_jobs;
+		union rap_printj_info *job_info;
+		int j;
+
+		torture_assert(tctx,
+			test_netprintq_pause(tctx, cli, printqname),
+			"failed to set printjobs on print queue");
+
+		torture_assert_ntstatus_ok(tctx,
+			torture_second_tcon(tctx, cli->session, printqname, &res_queue),
+			"failed to open 2nd connection");
+
+		torture_assert(tctx,
+			print_printjob(tctx, res_queue),
+			"failed to print job on 2nd connection");
+
+		talloc_free(res_queue);
+
+		torture_assert(tctx,
+			test_netprintjobenum_args(tctx, cli, printqname, 1,
+			&num_jobs, &job_info),
+			"failed to enum printjobs on print queue");
+
+		for (j=0; j < num_jobs; j++) {
+
+			uint16_t job_id = job_info[j].info1.JobID;
+
+			torture_assert(tctx,
+				test_netprintjobgetinfo_byid(tctx, cli, job_id),
+				"failed to getinfo on new printjob");
+
+			torture_assert(tctx,
+				test_netprintjob_delete(tctx, cli, job_id),
+				"failed to delete job");
+		}
+
+		torture_assert(tctx,
+			test_netprintq_resume(tctx, cli, printqname),
+			"failed to resume print queue");
+
+	}
+
+	return true;
+}
+
+struct torture_suite *torture_rap_printing(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "printing");
+
+	torture_suite_add_1smb_test(suite, "raw_print", test_raw_print);
+	torture_suite_add_1smb_test(suite, "rap_print", test_rap_print);
+	torture_suite_add_1smb_test(suite, "rap_printq_enum", test_netprintqenum);
+	torture_suite_add_1smb_test(suite, "rap_printq_getinfo", test_netprintqgetinfo);
+	torture_suite_add_1smb_test(suite, "rap_printq", test_netprintq);
+	torture_suite_add_1smb_test(suite, "rap_printjob_enum", test_netprintjobenum);
+	torture_suite_add_1smb_test(suite, "rap_printjob_getinfo", test_netprintjobgetinfo);
+	torture_suite_add_1smb_test(suite, "rap_printjob_setinfo", test_netprintjobsetinfo);
+	torture_suite_add_1smb_test(suite, "rap_printjob", test_netprintjob);
+	torture_suite_add_1smb_test(suite, "rap_printdest_enum", test_netprintdestenum);
+	torture_suite_add_1smb_test(suite, "rap_printdest_getinfo", test_netprintdestgetinfo);
+
+	return suite;
+}
diff --git a/source4/torture/rap/rap.c b/source4/torture/rap/rap.c
new file mode 100644
index 0000000..054e011
--- /dev/null
+++ b/source4/torture/rap/rap.c
@@ -0,0 +1,275 @@
+/* 
+   Unix SMB/CIFS implementation.
+   test suite for various RAP operations
+   Copyright (C) Volker Lendecke 2004
+   Copyright (C) Tim Potter 2005
+   Copyright (C) Jelmer Vernooij 2007
+   Copyright (C) Guenther Deschner 2010
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/libcli.h"
+#include "torture/smbtorture.h"
+#include "torture/util.h"
+#include "param/param.h"
+#include "libcli/rap/rap.h"
+#include "torture/rap/proto.h"
+
+static bool test_netshareenum(struct torture_context *tctx, 
+			      struct smbcli_state *cli)
+{
+	struct rap_NetShareEnum r;
+	int i;
+
+	r.in.level = 1;
+	r.in.bufsize = 8192;
+
+	torture_assert_ntstatus_ok(tctx, 
+		smbcli_rap_netshareenum(cli->tree, tctx, &r), "");
+
+	for (i=0; i<r.out.count; i++) {
+		printf("%s %d %s\n", r.out.info[i].info1.share_name,
+		       r.out.info[i].info1.share_type,
+		       r.out.info[i].info1.comment);
+	}
+
+	return true;
+}
+
+static bool test_netserverenum(struct torture_context *tctx, 
+			       struct smbcli_state *cli)
+{
+	struct rap_NetServerEnum2 r;
+	int i;
+
+	r.in.level = 0;
+	r.in.bufsize = 8192;
+	r.in.servertype = 0xffffffff;
+	r.in.servertype = 0x80000000;
+	r.in.domain = NULL;
+
+	torture_assert_ntstatus_ok(tctx, 
+		   smbcli_rap_netserverenum2(cli->tree, tctx, &r), "");
+
+	for (i=0; i<r.out.count; i++) {
+		switch (r.in.level) {
+		case 0:
+			printf("%s\n", r.out.info[i].info0.name);
+			break;
+		case 1:
+			printf("%s %x %s\n", r.out.info[i].info1.name,
+			       r.out.info[i].info1.servertype,
+			       r.out.info[i].info1.comment);
+			break;
+		}
+	}
+
+	return true;
+}
+
+static bool test_netservergetinfo(struct torture_context *tctx, 
+				  struct smbcli_state *cli)
+{
+	struct rap_WserverGetInfo r;
+	bool res = true;
+
+	r.in.bufsize = 0xffff;
+
+	r.in.level = 0;
+	torture_assert_ntstatus_ok(tctx,
+		smbcli_rap_netservergetinfo(cli->tree, tctx, &r),
+		"rap_netservergetinfo level 0 failed");
+	torture_assert_werr_ok(tctx, W_ERROR(r.out.status),
+		"rap_netservergetinfo level 0 failed");
+
+	r.in.level = 1;
+	torture_assert_ntstatus_ok(tctx,
+		smbcli_rap_netservergetinfo(cli->tree, tctx, &r),
+		"rap_netservergetinfo level 1 failed");
+	torture_assert_werr_ok(tctx, W_ERROR(r.out.status),
+		"rap_netservergetinfo level 1 failed");
+
+	return res;
+}
+
+static bool test_netsessionenum(struct torture_context *tctx,
+				struct smbcli_state *cli)
+{
+	struct rap_NetSessionEnum r;
+	int i,n;
+	uint16_t levels[] = { 2 };
+
+	for (i=0; i < ARRAY_SIZE(levels); i++) {
+
+		r.in.level = levels[i];
+		r.in.bufsize = 8192;
+
+		torture_comment(tctx,
+			"Testing rap_NetSessionEnum level %d\n", r.in.level);
+
+		torture_assert_ntstatus_ok(tctx,
+			smbcli_rap_netsessionenum(cli->tree, tctx, &r),
+			"smbcli_rap_netsessionenum failed");
+		torture_assert_werr_ok(tctx, W_ERROR(r.out.status),
+			"smbcli_rap_netsessionenum failed");
+
+		for (n=0; n < r.out.count; n++) {
+			switch (r.in.level) {
+			case 2:
+				torture_comment(tctx, "ComputerName: %s\n",
+					r.out.info[n].info2.ComputerName);
+
+				torture_comment(tctx, "UserName: %s\n",
+					r.out.info[n].info2.UserName);
+
+				torture_assert(tctx, r.out.info[n].info2.ComputerName,
+					"ComputerName empty");
+				torture_assert(tctx, r.out.info[n].info2.UserName,
+					"UserName empty");
+				break;
+			default:
+				break;
+			}
+		}
+	}
+
+	return true;
+}
+
+static bool test_netsessiongetinfo_bysession(struct torture_context *tctx,
+					     struct smbcli_state *cli,
+					     const char *session)
+{
+	struct rap_NetSessionGetInfo r;
+	int i;
+	uint16_t levels[] = { 2 };
+
+	if (session && session[0] == '\\' && session[1] == '\\') {
+		r.in.SessionName = session;
+	} else {
+		r.in.SessionName = talloc_asprintf(tctx, "\\\\%s", session);
+	}
+	r.in.bufsize = 0xffff;
+
+	for (i=0; i < ARRAY_SIZE(levels); i++) {
+
+		r.in.level = levels[i];
+
+		torture_assert_ntstatus_ok(tctx,
+			smbcli_rap_netsessiongetinfo(cli->tree, tctx, &r),
+			"rap_netsessiongetinfo failed");
+		torture_assert_werr_ok(tctx, W_ERROR(r.out.status),
+			"rap_netsessiongetinfo failed");
+	}
+
+	return true;
+}
+
+static bool test_netsessiongetinfo(struct torture_context *tctx,
+				   struct smbcli_state *cli)
+{
+	struct rap_NetSessionEnum r;
+	int i,n;
+	uint16_t levels[] = { 2 };
+
+	for (i=0; i < ARRAY_SIZE(levels); i++) {
+
+		r.in.level = levels[i];
+		r.in.bufsize = 8192;
+
+		torture_assert_ntstatus_ok(tctx,
+			smbcli_rap_netsessionenum(cli->tree, tctx, &r),
+			"smbcli_rap_netsessionenum failed");
+		torture_assert_werr_ok(tctx, W_ERROR(r.out.status),
+			"smbcli_rap_netsessionenum failed");
+
+		for (n=0; n < r.out.count; n++) {
+			torture_assert(tctx,
+				test_netsessiongetinfo_bysession(tctx, cli, r.out.info[n].info2.ComputerName),
+				"failed to query sessioninfo");
+		}
+	}
+
+	return true;
+}
+
+static bool test_netremotetod(struct torture_context *tctx,
+			      struct smbcli_state *cli)
+{
+	struct rap_NetRemoteTOD r;
+
+	r.in.bufsize = 8192;
+
+	torture_assert_ntstatus_ok(tctx,
+		smbcli_rap_netremotetod(cli->tree, tctx, &r),
+		"smbcli_rap_netremotetod failed");
+	torture_assert_werr_ok(tctx, W_ERROR(r.out.status),
+		"smbcli_rap_netremotetod failed");
+
+	return true;
+}
+
+bool torture_rap_scan(struct torture_context *torture, struct smbcli_state *cli)
+{
+	int callno;
+
+	for (callno = 0; callno < 0xffff; callno++) {
+		struct rap_call *call = new_rap_cli_call(torture, callno);
+		NTSTATUS result;
+
+		result = rap_cli_do_call(cli->tree, call);
+
+		if (!NT_STATUS_EQUAL(result, NT_STATUS_INVALID_PARAMETER))
+			continue;
+
+		printf("callno %d is RAP call\n", callno);
+	}
+
+	return true;
+}
+
+NTSTATUS torture_rap_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "rap");
+	struct torture_suite *suite_basic = torture_suite_create(suite, "basic");
+
+	torture_suite_add_suite(suite, suite_basic);
+	torture_suite_add_suite(suite, torture_rap_rpc(suite));
+	torture_suite_add_suite(suite, torture_rap_printing(suite));
+	torture_suite_add_suite(suite, torture_rap_sam(suite));
+
+	torture_suite_add_1smb_test(suite_basic, "netserverenum", 
+				    test_netserverenum);
+	torture_suite_add_1smb_test(suite_basic, "netshareenum",
+				    test_netshareenum);
+	torture_suite_add_1smb_test(suite_basic, "netservergetinfo",
+				    test_netservergetinfo);
+	torture_suite_add_1smb_test(suite_basic, "netsessionenum",
+				    test_netsessionenum);
+	torture_suite_add_1smb_test(suite_basic, "netsessiongetinfo",
+				    test_netsessiongetinfo);
+	torture_suite_add_1smb_test(suite_basic, "netremotetod",
+				    test_netremotetod);
+
+	torture_suite_add_1smb_test(suite, "scan", torture_rap_scan);
+
+	suite->description = talloc_strdup(suite, 
+						"Remote Administration Protocol tests");
+
+	torture_register_suite(ctx, suite);
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/torture/rap/rpc.c b/source4/torture/rap/rpc.c
new file mode 100644
index 0000000..6c8c86c
--- /dev/null
+++ b/source4/torture/rap/rpc.c
@@ -0,0 +1,100 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for RAP / DCERPC consistency
+   Copyright (C) Guenther Deschner 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/libcli.h"
+#include "torture/smbtorture.h"
+#include "torture/util.h"
+#include "libcli/rap/rap.h"
+#include "torture/rap/proto.h"
+#include "param/param.h"
+#include "torture/rpc/torture_rpc.h"
+#include "librpc/gen_ndr/ndr_srvsvc_c.h"
+
+static bool test_rpc_netservergetinfo(struct torture_context *tctx,
+				      struct smbcli_state *cli)
+{
+	struct rap_WserverGetInfo r;
+	struct dcerpc_pipe *p;
+	struct dcerpc_binding_handle *b;
+	struct srvsvc_NetSrvGetInfo s;
+	union srvsvc_NetSrvInfo info;
+
+	const char *server_name;
+
+	torture_assert_ntstatus_ok(tctx,
+		torture_rpc_connection(tctx, &p, &ndr_table_srvsvc),
+		"failed to open srvsvc");
+
+	b = p->binding_handle;
+
+	s.in.server_unc = NULL;
+	s.in.level = 101;
+	s.out.info = &info;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_srvsvc_NetSrvGetInfo_r(b, tctx, &s),
+		"srvsvc_NetSrvGetInfo level 101 failed");
+	torture_assert_werr_ok(tctx, s.out.result,
+		"srvsvc_NetSrvGetInfo level 101 failed");
+
+	r.in.bufsize = 0xffff;
+	r.in.level = 0;
+
+	torture_assert_ntstatus_ok(tctx,
+		smbcli_rap_netservergetinfo(cli->tree, tctx, &r),
+		"rap_netservergetinfo level 0 failed");
+	torture_assert_int_equal(tctx, r.out.status, 0,
+		"rap_netservergetinfo level 0 failed");
+
+	server_name = talloc_strndup(tctx, info.info101->server_name, 16);
+
+	torture_assert_str_equal(tctx, (const char *)r.out.info.info0.name, server_name, "server name");
+
+	r.in.level = 1;
+
+	torture_assert_ntstatus_ok(tctx,
+		smbcli_rap_netservergetinfo(cli->tree, tctx, &r),
+		"rap_netservergetinfo level 1 failed");
+	torture_assert_int_equal(tctx, r.out.status, 0,
+		"rap_netservergetinfo level 1 failed");
+
+	torture_assert_str_equal(tctx, (const char *)r.out.info.info1.name, server_name, "server name");
+	torture_assert_int_equal(tctx, r.out.info.info1.version_major, info.info101->version_major, "version major");
+	torture_assert_int_equal(tctx, r.out.info.info1.version_minor, info.info101->version_minor, "version minor");
+	torture_assert_int_equal(tctx, r.out.info.info1.servertype, info.info101->server_type, "server_type");
+	torture_assert_str_equal(tctx, r.out.info.info1.comment, info.info101->comment, "comment");
+
+	talloc_free(p);
+
+	return true;
+}
+
+struct torture_suite *torture_rap_rpc(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "rpc");
+
+	torture_suite_add_1smb_test(suite, "netservergetinfo",
+				    test_rpc_netservergetinfo);
+
+	suite->description = talloc_strdup(suite,
+					   "RAP / DCERPC consistency tests");
+
+	return suite;
+}
diff --git a/source4/torture/rap/sam.c b/source4/torture/rap/sam.c
new file mode 100644
index 0000000..3c13849
--- /dev/null
+++ b/source4/torture/rap/sam.c
@@ -0,0 +1,376 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for RAP sam operations
+
+   Copyright (C) Guenther Deschner 2010-2011
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/libcli.h"
+#include "torture/torture.h"
+#include "torture/util.h"
+#include "torture/smbtorture.h"
+#include "torture/util.h"
+#include "libcli/rap/rap.h"
+#include "torture/rap/proto.h"
+#include "../libcli/auth/libcli_auth.h"
+#include "torture/rpc/torture_rpc.h"
+
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+
+#define TEST_RAP_USER "torture_rap_user"
+
+static char *samr_rand_pass(TALLOC_CTX *mem_ctx, int min_len)
+{
+	size_t len = MAX(8, min_len);
+	char *s = generate_random_password(mem_ctx, len, len+6);
+	printf("Generated password '%s'\n", s);
+	return s;
+}
+
+static bool test_userpasswordset2_args(struct torture_context *tctx,
+				       struct smbcli_state *cli,
+				       const char *username,
+				       const char **password)
+{
+	struct rap_NetUserPasswordSet2 r;
+	char *newpass = samr_rand_pass(tctx, 8);
+
+	ZERO_STRUCT(r);
+
+	r.in.UserName = username;
+
+	memcpy(r.in.OldPassword, *password, MIN(strlen(*password), 16));
+	memcpy(r.in.NewPassword, newpass, MIN(strlen(newpass), 16));
+	r.in.EncryptedPassword = 0;
+	r.in.RealPasswordLength = strlen(newpass);
+
+	torture_comment(tctx, "Testing rap_NetUserPasswordSet2(%s)\n", r.in.UserName);
+
+	torture_assert_ntstatus_ok(tctx,
+		smbcli_rap_netuserpasswordset2(cli->tree, tctx, &r),
+		"smbcli_rap_netuserpasswordset2 failed");
+	if (!W_ERROR_IS_OK(W_ERROR(r.out.status))) {
+		torture_warning(tctx, "RAP NetUserPasswordSet2 gave: %s\n",
+			win_errstr(W_ERROR(r.out.status)));
+	} else {
+		*password = newpass;
+	}
+
+	return true;
+}
+
+static bool test_userpasswordset2_crypt_args(struct torture_context *tctx,
+					     struct smbcli_state *cli,
+					     const char *username,
+					     const char **password)
+{
+	struct rap_NetUserPasswordSet2 r;
+	char *newpass = samr_rand_pass(tctx, 8);
+
+	r.in.UserName = username;
+
+	E_deshash(*password, r.in.OldPassword);
+	E_deshash(newpass, r.in.NewPassword);
+
+	r.in.RealPasswordLength = strlen(newpass);
+	r.in.EncryptedPassword = 1;
+
+	torture_comment(tctx, "Testing rap_NetUserPasswordSet2(%s)\n", r.in.UserName);
+
+	torture_assert_ntstatus_ok(tctx,
+		smbcli_rap_netuserpasswordset2(cli->tree, tctx, &r),
+		"smbcli_rap_netuserpasswordset2 failed");
+	if (!W_ERROR_IS_OK(W_ERROR(r.out.status))) {
+		torture_warning(tctx, "RAP NetUserPasswordSet2 gave: %s\n",
+			win_errstr(W_ERROR(r.out.status)));
+	} else {
+		*password = newpass;
+	}
+
+	return true;
+}
+
+static bool test_userpasswordset2(struct torture_context *tctx,
+				  struct smbcli_state *cli)
+{
+	struct test_join *join_ctx;
+	const char *password;
+	bool ret = true;
+
+	join_ctx = torture_create_testuser_max_pwlen(tctx, TEST_RAP_USER,
+						     torture_setting_string(tctx, "workgroup", NULL),
+						     ACB_NORMAL,
+						     &password, 14);
+	if (join_ctx == NULL) {
+		torture_fail(tctx, "failed to create user\n");
+	}
+
+	ret &= test_userpasswordset2_args(tctx, cli, TEST_RAP_USER, &password);
+	ret &= test_userpasswordset2_crypt_args(tctx, cli, TEST_RAP_USER, &password);
+
+	torture_leave_domain(tctx, join_ctx);
+
+	return ret;
+}
+
+static bool test_oemchangepassword_args(struct torture_context *tctx,
+					struct smbcli_state *cli,
+					const char *username,
+					const char **password)
+{
+	struct rap_NetOEMChangePassword r;
+
+	const char *oldpass = *password;
+	char *newpass = samr_rand_pass(tctx, 9);
+	uint8_t old_pw_hash[16];
+	uint8_t new_pw_hash[16];
+	gnutls_cipher_hd_t cipher_hnd = NULL;
+	gnutls_datum_t pw_key = {
+		.data = old_pw_hash,
+		.size = sizeof(old_pw_hash),
+	};
+
+	r.in.UserName = username;
+
+	E_deshash(oldpass, old_pw_hash);
+	E_deshash(newpass, new_pw_hash);
+
+	encode_pw_buffer(r.in.crypt_password, newpass, STR_ASCII);
+
+	gnutls_cipher_init(&cipher_hnd,
+			   GNUTLS_CIPHER_ARCFOUR_128,
+			   &pw_key,
+			   NULL);
+	gnutls_cipher_encrypt(cipher_hnd,
+			      r.in.crypt_password,
+			      516);
+	gnutls_cipher_deinit(cipher_hnd);
+	E_old_pw_hash(new_pw_hash, old_pw_hash, r.in.password_hash);
+
+	torture_comment(tctx, "Testing rap_NetOEMChangePassword(%s)\n", r.in.UserName);
+
+	torture_assert_ntstatus_ok(tctx,
+		smbcli_rap_netoemchangepassword(cli->tree, tctx, &r),
+		"smbcli_rap_netoemchangepassword failed");
+	if (!W_ERROR_IS_OK(W_ERROR(r.out.status))) {
+		torture_warning(tctx, "RAP NetOEMChangePassword gave: %s\n",
+			win_errstr(W_ERROR(r.out.status)));
+	} else {
+		*password = newpass;
+	}
+
+	return true;
+}
+
+static bool test_oemchangepassword(struct torture_context *tctx,
+				   struct smbcli_state *cli)
+{
+
+	struct test_join *join_ctx;
+	const char *password;
+	bool ret;
+
+	join_ctx = torture_create_testuser_max_pwlen(tctx, TEST_RAP_USER,
+						     torture_setting_string(tctx, "workgroup", NULL),
+						     ACB_NORMAL,
+						     &password, 14);
+	if (join_ctx == NULL) {
+		torture_fail(tctx, "failed to create user\n");
+	}
+
+	ret = test_oemchangepassword_args(tctx, cli, TEST_RAP_USER, &password);
+
+	torture_leave_domain(tctx, join_ctx);
+
+	return ret;
+}
+
+static bool test_usergetinfo_byname(struct torture_context *tctx,
+				    struct smbcli_state *cli,
+				    const char *UserName)
+{
+	struct rap_NetUserGetInfo r;
+	int i;
+	uint16_t levels[] = { 0, 1, 2, 10, 11 };
+
+	for (i=0; i < ARRAY_SIZE(levels); i++) {
+
+		r.in.UserName = UserName;
+		r.in.level = levels[i];
+		r.in.bufsize = 8192;
+
+		torture_comment(tctx,
+			"Testing rap_NetUserGetInfo(%s) level %d\n", r.in.UserName, r.in.level);
+
+		torture_assert_ntstatus_ok(tctx,
+			smbcli_rap_netusergetinfo(cli->tree, tctx, &r),
+			"smbcli_rap_netusergetinfo failed");
+		torture_assert_werr_ok(tctx, W_ERROR(r.out.status),
+			"smbcli_rap_netusergetinfo failed");
+	}
+
+	return true;
+}
+
+static bool test_usergetinfo(struct torture_context *tctx,
+			     struct smbcli_state *cli)
+{
+
+	struct test_join *join_ctx;
+	const char *password;
+	bool ret;
+
+	join_ctx = torture_create_testuser_max_pwlen(tctx, TEST_RAP_USER,
+						     torture_setting_string(tctx, "workgroup", NULL),
+						     ACB_NORMAL,
+						     &password, 14);
+	if (join_ctx == NULL) {
+		torture_fail(tctx, "failed to create user\n");
+	}
+
+	ret = test_usergetinfo_byname(tctx, cli, TEST_RAP_USER);
+
+	torture_leave_domain(tctx, join_ctx);
+
+	return ret;
+}
+
+static bool test_useradd(struct torture_context *tctx,
+			 struct smbcli_state *cli)
+{
+
+	struct rap_NetUserAdd r;
+	struct rap_NetUserInfo1 info1;
+	int i;
+	uint16_t levels[] = { 1 };
+	const char *username = TEST_RAP_USER;
+
+	for (i=0; i < ARRAY_SIZE(levels); i++) {
+
+		const char *pwd;
+
+		pwd = generate_random_password(tctx, 9, 16);
+
+		r.in.level = levels[i];
+		r.in.bufsize = 0xffff;
+		r.in.pwdlength = strlen(pwd);
+		r.in.unknown = 0;
+
+		switch (r.in.level) {
+		case 1:
+			ZERO_STRUCT(info1);
+
+			info1.Name = username;
+			memcpy(info1.Password, pwd, MIN(strlen(pwd), 16));
+			info1.Priv = USER_PRIV_USER;
+			info1.Flags = 0x21;
+			info1.HomeDir = "home_dir";
+			info1.Comment = "comment";
+			info1.ScriptPath = "logon_script";
+
+			r.in.info.info1 = info1;
+			break;
+		}
+
+		torture_comment(tctx,
+			"Testing rap_NetUserAdd(%s) level %d\n", username, r.in.level);
+
+		torture_assert_ntstatus_ok(tctx,
+			smbcli_rap_netuseradd(cli->tree, tctx, &r),
+			"smbcli_rap_netuseradd failed");
+		torture_assert_werr_ok(tctx, W_ERROR(r.out.status),
+			"smbcli_rap_netuseradd failed");
+
+		torture_assert_ntstatus_ok(tctx,
+			smbcli_rap_netuseradd(cli->tree, tctx, &r),
+			"2nd smbcli_rap_netuseradd failed");
+		torture_assert_werr_equal(tctx, W_ERROR(r.out.status), WERR_NERR_USEREXISTS,
+			"2nd smbcli_rap_netuseradd failed");
+
+		{
+			struct rap_NetUserDelete d;
+
+			d.in.UserName = username;
+
+			smbcli_rap_netuserdelete(cli->tree, tctx, &d);
+		}
+	}
+
+	return true;
+}
+
+static bool test_userdelete(struct torture_context *tctx,
+			    struct smbcli_state *cli)
+{
+
+	struct rap_NetUserDelete r;
+
+	{
+		struct rap_NetUserAdd a;
+		const char *pwd;
+
+		ZERO_STRUCT(a.in.info.info1);
+
+		pwd = generate_random_password(tctx, 9, 16);
+
+		a.in.level = 1;
+		a.in.bufsize = 0xffff;
+		a.in.pwdlength = strlen(pwd);
+		a.in.unknown = 0;
+		a.in.info.info1.Name = TEST_RAP_USER;
+		a.in.info.info1.Priv = USER_PRIV_USER;
+
+		memcpy(a.in.info.info1.Password, pwd, MIN(strlen(pwd), 16));
+
+		torture_assert_ntstatus_ok(tctx,
+			smbcli_rap_netuseradd(cli->tree, tctx, &a),
+			"smbcli_rap_netuseradd failed");
+	}
+
+	r.in.UserName = TEST_RAP_USER;
+
+	torture_comment(tctx,
+		"Testing rap_NetUserDelete(%s)\n", r.in.UserName);
+
+	torture_assert_ntstatus_ok(tctx,
+		smbcli_rap_netuserdelete(cli->tree, tctx, &r),
+		"smbcli_rap_netuserdelete failed");
+	torture_assert_werr_ok(tctx, W_ERROR(r.out.status),
+		"smbcli_rap_netuserdelete failed");
+
+	torture_assert_ntstatus_ok(tctx,
+		smbcli_rap_netuserdelete(cli->tree, tctx, &r),
+		"2nd smbcli_rap_netuserdelete failed");
+	torture_assert_werr_equal(tctx, W_ERROR(r.out.status), WERR_NERR_USERNOTFOUND,
+		"2nd smbcli_rap_netuserdelete failed");
+
+	return true;
+}
+
+struct torture_suite *torture_rap_sam(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "sam");
+
+	torture_suite_add_1smb_test(suite, "userpasswordset2", test_userpasswordset2);
+	torture_suite_add_1smb_test(suite, "oemchangepassword", test_oemchangepassword);
+	torture_suite_add_1smb_test(suite, "usergetinfo", test_usergetinfo);
+	torture_suite_add_1smb_test(suite, "useradd", test_useradd);
+	torture_suite_add_1smb_test(suite, "userdelete", test_userdelete);
+
+	return suite;
+}
diff --git a/source4/torture/raw/acls.c b/source4/torture/raw/acls.c
new file mode 100644
index 0000000..6a56514
--- /dev/null
+++ b/source4/torture/raw/acls.c
@@ -0,0 +1,2556 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   test security descriptor operations
+
+   Copyright (C) Andrew Tridgell 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/torture.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/libcli.h"
+#include "librpc/gen_ndr/lsa.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/util/clilsa.h"
+#include "libcli/security/security.h"
+#include "torture/util.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "torture/raw/proto.h"
+
+#define BASEDIR "\\testsd"
+
+#define CHECK_STATUS(status, correct) do { \
+	if (!NT_STATUS_EQUAL(status, correct)) { \
+		ret = false; \
+		torture_result(tctx, TORTURE_FAIL, "(%s) Incorrect status %s - should be %s\n", \
+		       __location__, nt_errstr(status), nt_errstr(correct)); \
+		goto done; \
+	}} while (0)
+
+#define FAIL_UNLESS(__cond)					\
+	do {							\
+		if (__cond) {} else {				\
+			ret = false; \
+			torture_result(tctx, TORTURE_FAIL, "%s) condition violated: %s\n", \
+			    __location__, #__cond); \
+			goto done; \
+		}						\
+	} while(0)
+
+#define CHECK_SECURITY_DESCRIPTOR(_sd1, _sd2) do { \
+	if (!security_descriptor_equal(_sd1, _sd2)) { \
+		torture_warning(tctx, "%s: security descriptors don't match!\n", __location__); \
+		torture_warning(tctx, "got:\n"); \
+		NDR_PRINT_DEBUG(security_descriptor, _sd1); \
+		torture_warning(tctx, "expected:\n"); \
+		NDR_PRINT_DEBUG(security_descriptor, _sd2); \
+		ret = false; \
+	} \
+} while (0)
+
+/*
+ * Helper function to verify a security descriptor, by querying
+ * and comparing against the passed in sd.
+ * Copied to smb2_util_verify_sd() for SMB2.
+ */
+static bool verify_sd(TALLOC_CTX *tctx, struct smbcli_state *cli,
+    int fnum, struct security_descriptor *sd)
+{
+	NTSTATUS status;
+	bool ret = true;
+	union smb_fileinfo q = {};
+
+	if (sd) {
+		q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+		q.query_secdesc.in.file.fnum = fnum;
+		q.query_secdesc.in.secinfo_flags =
+		    SECINFO_OWNER |
+		    SECINFO_GROUP |
+		    SECINFO_DACL;
+		status = smb_raw_fileinfo(cli->tree, tctx, &q);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		/* More work is needed if we're going to check this bit. */
+		sd->type &= ~SEC_DESC_DACL_AUTO_INHERITED;
+
+		CHECK_SECURITY_DESCRIPTOR(q.query_secdesc.out.sd, sd);
+	}
+
+ done:
+	return ret;
+}
+
+/*
+ * Helper function to verify attributes, by querying
+ * and comparing against the passed attrib.
+ * Copied to smb2_util_verify_attrib() for SMB2.
+ */
+static bool verify_attrib(TALLOC_CTX *tctx, struct smbcli_state *cli,
+    int fnum, uint32_t attrib)
+{
+	NTSTATUS status;
+	bool ret = true;
+	union smb_fileinfo q2 = {};
+
+	if (attrib) {
+		q2.standard.level = RAW_FILEINFO_STANDARD;
+		q2.standard.in.file.fnum = fnum;
+		status = smb_raw_fileinfo(cli->tree, tctx, &q2);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		q2.standard.out.attrib &= ~FILE_ATTRIBUTE_ARCHIVE;
+
+		if (q2.standard.out.attrib != attrib) {
+			torture_warning(tctx, "%s: attributes don't match! "
+			    "got %x, expected %x\n", __location__,
+			    (uint32_t)q2.standard.out.attrib,
+			    (uint32_t)attrib);
+			ret = false;
+		}
+	}
+
+ done:
+	return ret;
+}
+
+/**
+ * Test setting and removing a DACL.
+ * Test copied to torture_smb2_setinfo() for SMB2.
+ */
+static bool test_sd(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	NTSTATUS status;
+	union smb_open io;
+	const char *fname = BASEDIR "\\sd.txt";
+	bool ret = true;
+	int fnum = -1;
+	union smb_fileinfo q;
+	union smb_setfileinfo set;
+	struct security_ace ace = {};
+	struct security_descriptor *sd;
+	const struct dom_sid *test_sid;
+
+	if (!torture_setup_dir(cli, BASEDIR))
+		return false;
+
+	torture_comment(tctx, "TESTING SETFILEINFO EA_SET\n");
+
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = 
+		NTCREATEX_SHARE_ACCESS_READ | 
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.fnum = fnum;
+	q.query_secdesc.in.secinfo_flags = 
+		SECINFO_OWNER |
+		SECINFO_GROUP |
+		SECINFO_DACL;
+	status = smb_raw_fileinfo(cli->tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	sd = q.query_secdesc.out.sd;
+
+	torture_comment(tctx, "add a new ACE to the DACL\n");
+
+	test_sid = &global_sid_Authenticated_Users;
+
+	ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
+	ace.flags = 0;
+	ace.access_mask = SEC_STD_ALL;
+	ace.trustee = *test_sid;
+
+	status = security_descriptor_dacl_add(sd, &ace);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+	set.set_secdesc.in.file.fnum = fnum;
+	set.set_secdesc.in.secinfo_flags = q.query_secdesc.in.secinfo_flags;
+	set.set_secdesc.in.sd = sd;
+
+	status = smb_raw_setfileinfo(cli->tree, &set);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	FAIL_UNLESS(verify_sd(tctx, cli, fnum, sd));
+
+	torture_comment(tctx, "remove it again\n");
+
+	status = security_descriptor_dacl_del(sd, test_sid);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb_raw_setfileinfo(cli->tree, &set);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	FAIL_UNLESS(verify_sd(tctx, cli, fnum, sd));
+
+done:
+	smbcli_close(cli->tree, fnum);
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+
+/*
+  test using nttrans create to create a file with an initial acl set
+  Test copied to test_create_acl() for SMB2.
+*/
+static bool test_nttrans_create_ext(struct torture_context *tctx,
+				    struct smbcli_state *cli, bool test_dir)
+{
+	NTSTATUS status;
+	union smb_open io;
+	const char *fname = BASEDIR "\\acl2.txt";
+	bool ret = true;
+	int fnum = -1;
+	union smb_fileinfo q = {};
+	struct security_ace ace;
+	struct security_descriptor *sd;
+	const struct dom_sid *test_sid;
+	uint32_t attrib =
+	    FILE_ATTRIBUTE_HIDDEN |
+	    FILE_ATTRIBUTE_SYSTEM |
+	    (test_dir ? FILE_ATTRIBUTE_DIRECTORY : 0);
+	NTSTATUS (*delete_func)(struct smbcli_tree *, const char *) =
+	    test_dir ? smbcli_rmdir : smbcli_unlink;
+
+	ZERO_STRUCT(ace);
+
+	if (!torture_setup_dir(cli, BASEDIR))
+		return false;
+
+	io.generic.level = RAW_OPEN_NTTRANS_CREATE;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.ntcreatex.in.create_options =
+	    test_dir ? NTCREATEX_OPTIONS_DIRECTORY : 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = 
+		NTCREATEX_SHARE_ACCESS_READ | 
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+	io.ntcreatex.in.sec_desc = NULL;
+	io.ntcreatex.in.ea_list = NULL;
+
+	torture_comment(tctx, "basic create\n");
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	torture_comment(tctx, "querying ACL\n");
+
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.fnum = fnum;
+	q.query_secdesc.in.secinfo_flags = 
+		SECINFO_OWNER |
+		SECINFO_GROUP |
+		SECINFO_DACL;
+	status = smb_raw_fileinfo(cli->tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	sd = q.query_secdesc.out.sd;
+
+	status = smbcli_close(cli->tree, fnum);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = delete_func(cli->tree, fname);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "adding a new ACE\n");
+	test_sid = &global_sid_Authenticated_Users;
+
+	ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
+	ace.flags = 0;
+	ace.access_mask = SEC_STD_ALL;
+	ace.trustee = *test_sid;
+
+	status = security_descriptor_dacl_add(sd, &ace);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	
+	torture_comment(tctx, "creating with an initial ACL\n");
+
+	io.ntcreatex.in.sec_desc = sd;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	
+	FAIL_UNLESS(verify_sd(tctx, cli, fnum, sd));
+
+	status = smbcli_close(cli->tree, fnum);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = delete_func(cli->tree, fname);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "creating with attributes\n");
+
+	io.ntcreatex.in.sec_desc = NULL;
+	io.ntcreatex.in.file_attr = attrib;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	FAIL_UNLESS(verify_attrib(tctx, cli, fnum, attrib));
+
+	status = smbcli_close(cli->tree, fnum);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = delete_func(cli->tree, fname);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "creating with attributes and ACL\n");
+
+	io.ntcreatex.in.sec_desc = sd;
+	io.ntcreatex.in.file_attr = attrib;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	FAIL_UNLESS(verify_sd(tctx, cli, fnum, sd));
+	FAIL_UNLESS(verify_attrib(tctx, cli, fnum, attrib));
+
+	status = smbcli_close(cli->tree, fnum);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = delete_func(cli->tree, fname);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+ done:
+	smbcli_close(cli->tree, fnum);
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+/*
+  test using nttrans create to create a file and directory with an initial acl
+  and owner.
+*/
+static bool test_nttrans_create_ext_owner(
+	struct torture_context *tctx,
+	struct smbcli_state *cli, bool test_dir)
+{
+	NTSTATUS status;
+	union smb_open io;
+	const char *fname = BASEDIR "\\foo.txt";
+	bool ret = true;
+	int fnum = -1;
+	struct security_ace ace;
+	struct security_descriptor *sd;
+	uint32_t attrib =
+	    FILE_ATTRIBUTE_HIDDEN |
+	    FILE_ATTRIBUTE_SYSTEM |
+	    (test_dir ? FILE_ATTRIBUTE_DIRECTORY : 0);
+	NTSTATUS (*delete_func)(struct smbcli_tree *, const char *) =
+	    test_dir ? smbcli_rmdir : smbcli_unlink;
+
+	ZERO_STRUCT(ace);
+
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	if (!torture_setup_dir(cli, BASEDIR))
+		return false;
+
+	io.generic.level = RAW_OPEN_NTTRANS_CREATE;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.ntcreatex.in.create_options =
+	    test_dir ? NTCREATEX_OPTIONS_DIRECTORY : 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access =
+		NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+	io.ntcreatex.in.sec_desc = NULL;
+	io.ntcreatex.in.ea_list = NULL;
+
+	torture_comment(tctx, "creating with attributes, ACL and owner\n");
+
+	sd = security_descriptor_dacl_create(tctx,
+					0, SID_WORLD, SID_BUILTIN_USERS,
+					SID_WORLD,
+					SEC_ACE_TYPE_ACCESS_ALLOWED,
+					SEC_RIGHTS_FILE_READ | SEC_STD_ALL,
+					0,
+					NULL);
+
+	io.ntcreatex.in.sec_desc = sd;
+	io.ntcreatex.in.file_attr = attrib;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	FAIL_UNLESS(verify_sd(tctx, cli, fnum, sd));
+	FAIL_UNLESS(verify_attrib(tctx, cli, fnum, attrib));
+
+	status = smbcli_close(cli->tree, fnum);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = delete_func(cli->tree, fname);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+ done:
+	smbcli_close(cli->tree, fnum);
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+static bool test_nttrans_create_file(struct torture_context *tctx,
+    struct smbcli_state *cli)
+{
+	torture_comment(tctx, "Testing nttrans create with sec_desc on files\n");
+
+	return test_nttrans_create_ext(tctx, cli, false);
+}
+
+static bool test_nttrans_create_dir(struct torture_context *tctx,
+    struct smbcli_state *cli)
+{
+	torture_comment(tctx, "Testing nttrans create with sec_desc on directories\n");
+
+	return test_nttrans_create_ext(tctx, cli, true);
+}
+
+static bool test_nttrans_create_owner_file(struct torture_context *tctx,
+    struct smbcli_state *cli)
+{
+	torture_comment(tctx, "Testing nttrans create with sec_desc with owner on file\n");
+
+	return test_nttrans_create_ext_owner(tctx, cli, false);
+}
+
+static bool test_nttrans_create_owner_dir(struct torture_context *tctx,
+    struct smbcli_state *cli)
+{
+	torture_comment(tctx, "Testing nttrans create with sec_desc with owner on directory\n");
+
+	return test_nttrans_create_ext_owner(tctx, cli, true);
+}
+
+#define CHECK_ACCESS_FLAGS(_fnum, flags) do { \
+	union smb_fileinfo _q; \
+	_q.access_information.level = RAW_FILEINFO_ACCESS_INFORMATION; \
+	_q.access_information.in.file.fnum = (_fnum); \
+	status = smb_raw_fileinfo(cli->tree, tctx, &_q); \
+	CHECK_STATUS(status, NT_STATUS_OK); \
+	if (_q.access_information.out.access_flags != (flags)) { \
+		ret = false; \
+		torture_result(tctx, TORTURE_FAIL, "(%s) Incorrect access_flags 0x%08x - should be 0x%08x\n", \
+		       __location__, _q.access_information.out.access_flags, (flags)); \
+		goto done; \
+	} \
+} while (0)
+
+/*
+  test using NTTRANS CREATE to create a file with a null ACL set
+  Test copied to test_create_null_dacl() for SMB2.
+*/
+static bool test_nttrans_create_null_dacl(struct torture_context *tctx,
+					  struct smbcli_state *cli)
+{
+	NTSTATUS status;
+	union smb_open io;
+	const char *fname = BASEDIR "\\nulldacl.txt";
+	bool ret = true;
+	int fnum = -1;
+	union smb_fileinfo q;
+	union smb_setfileinfo s;
+	struct security_descriptor *sd = security_descriptor_initialise(tctx);
+	struct security_acl dacl;
+
+	if (!torture_setup_dir(cli, BASEDIR))
+		return false;
+
+	torture_comment(tctx, "TESTING SEC_DESC WITH A NULL DACL\n");
+
+	io.generic.level = RAW_OPEN_NTTRANS_CREATE;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_STD_READ_CONTROL | SEC_STD_WRITE_DAC
+		| SEC_STD_WRITE_OWNER;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access =
+		NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+	io.ntcreatex.in.sec_desc = sd;
+	io.ntcreatex.in.ea_list = NULL;
+
+	torture_comment(tctx, "creating a file with a empty sd\n");
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	torture_comment(tctx, "get the original sd\n");
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.fnum = fnum;
+	q.query_secdesc.in.secinfo_flags =
+		SECINFO_OWNER |
+		SECINFO_GROUP |
+		SECINFO_DACL;
+	status = smb_raw_fileinfo(cli->tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * Testing the created DACL,
+	 * the server should add the inherited DACL
+	 * when SEC_DESC_DACL_PRESENT isn't specified
+	 */
+	if (!(q.query_secdesc.out.sd->type & SEC_DESC_DACL_PRESENT)) {
+		ret = false;
+		torture_result(tctx, TORTURE_FAIL, "DACL_PRESENT flag not set by the server!\n");
+		goto done;
+	}
+	if (q.query_secdesc.out.sd->dacl == NULL) {
+		ret = false;
+		torture_result(tctx, TORTURE_FAIL, "no DACL has been created on the server!\n");
+		goto done;
+	}
+
+	torture_comment(tctx, "set NULL DACL\n");
+	sd->type |= SEC_DESC_DACL_PRESENT;
+
+	s.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+	s.set_secdesc.in.file.fnum = fnum;
+	s.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+	s.set_secdesc.in.sd = sd;
+	status = smb_raw_setfileinfo(cli->tree, &s);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "get the sd\n");
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.fnum = fnum;
+	q.query_secdesc.in.secinfo_flags =
+		SECINFO_OWNER |
+		SECINFO_GROUP |
+		SECINFO_DACL;
+	status = smb_raw_fileinfo(cli->tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Testing the modified DACL */
+	if (!(q.query_secdesc.out.sd->type & SEC_DESC_DACL_PRESENT)) {
+		ret = false;
+		torture_result(tctx, TORTURE_FAIL, "DACL_PRESENT flag not set by the server!\n");
+		goto done;
+	}
+	if (q.query_secdesc.out.sd->dacl != NULL) {
+		ret = false;
+		torture_result(tctx, TORTURE_FAIL, "DACL has been created on the server!\n");
+		goto done;
+	}
+
+	torture_comment(tctx, "try open for read control\n");
+	io.ntcreatex.in.access_mask = SEC_STD_READ_CONTROL;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_ACCESS_FLAGS(io.ntcreatex.out.file.fnum,
+		SEC_STD_READ_CONTROL | SEC_FILE_READ_ATTRIBUTE);
+	smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+
+	torture_comment(tctx, "try open for write\n");
+	io.ntcreatex.in.access_mask = SEC_FILE_WRITE_DATA;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_ACCESS_FLAGS(io.ntcreatex.out.file.fnum,
+		SEC_FILE_WRITE_DATA | SEC_FILE_READ_ATTRIBUTE);
+	smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+
+	torture_comment(tctx, "try open for read\n");
+	io.ntcreatex.in.access_mask = SEC_FILE_READ_DATA;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_ACCESS_FLAGS(io.ntcreatex.out.file.fnum,
+		SEC_FILE_READ_DATA | SEC_FILE_READ_ATTRIBUTE);
+	smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+
+	torture_comment(tctx, "try open for generic write\n");
+	io.ntcreatex.in.access_mask = SEC_GENERIC_WRITE;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_ACCESS_FLAGS(io.ntcreatex.out.file.fnum,
+		SEC_RIGHTS_FILE_WRITE | SEC_FILE_READ_ATTRIBUTE);
+	smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+
+	torture_comment(tctx, "try open for generic read\n");
+	io.ntcreatex.in.access_mask = SEC_GENERIC_READ;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_ACCESS_FLAGS(io.ntcreatex.out.file.fnum,
+		SEC_RIGHTS_FILE_READ | SEC_FILE_READ_ATTRIBUTE);
+	smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+
+	torture_comment(tctx, "set DACL with 0 aces\n");
+	ZERO_STRUCT(dacl);
+	dacl.revision = SECURITY_ACL_REVISION_NT4;
+	dacl.num_aces = 0;
+	sd->dacl = &dacl;
+
+	s.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+	s.set_secdesc.in.file.fnum = fnum;
+	s.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+	s.set_secdesc.in.sd = sd;
+	status = smb_raw_setfileinfo(cli->tree, &s);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "get the sd\n");
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.fnum = fnum;
+	q.query_secdesc.in.secinfo_flags =
+		SECINFO_OWNER |
+		SECINFO_GROUP |
+		SECINFO_DACL;
+	status = smb_raw_fileinfo(cli->tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Testing the modified DACL */
+	if (!(q.query_secdesc.out.sd->type & SEC_DESC_DACL_PRESENT)) {
+		ret = false;
+		torture_result(tctx, TORTURE_FAIL, "DACL_PRESENT flag not set by the server!\n");
+		goto done;
+	}
+	if (q.query_secdesc.out.sd->dacl == NULL) {
+		ret = false;
+		torture_result(tctx, TORTURE_FAIL, "no DACL has been created on the server!\n");
+		goto done;
+	}
+	if (q.query_secdesc.out.sd->dacl->num_aces != 0) {
+		ret = false;
+		torture_result(tctx, TORTURE_FAIL, "DACL has %u aces!\n",
+		       q.query_secdesc.out.sd->dacl->num_aces);
+		goto done;
+	}
+
+	torture_comment(tctx, "try open for read control\n");
+	io.ntcreatex.in.access_mask = SEC_STD_READ_CONTROL;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_ACCESS_FLAGS(io.ntcreatex.out.file.fnum,
+		SEC_STD_READ_CONTROL | SEC_FILE_READ_ATTRIBUTE);
+	smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+
+	torture_comment(tctx, "try open for write => access_denied\n");
+	io.ntcreatex.in.access_mask = SEC_FILE_WRITE_DATA;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	torture_comment(tctx, "try open for read => access_denied\n");
+	io.ntcreatex.in.access_mask = SEC_FILE_READ_DATA;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	torture_comment(tctx, "try open for generic write => access_denied\n");
+	io.ntcreatex.in.access_mask = SEC_GENERIC_WRITE;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	torture_comment(tctx, "try open for generic read => access_denied\n");
+	io.ntcreatex.in.access_mask = SEC_GENERIC_READ;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	torture_comment(tctx, "set empty sd\n");
+	sd->type &= ~SEC_DESC_DACL_PRESENT;
+	sd->dacl = NULL;
+
+	s.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+	s.set_secdesc.in.file.fnum = fnum;
+	s.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+	s.set_secdesc.in.sd = sd;
+	status = smb_raw_setfileinfo(cli->tree, &s);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "get the sd\n");
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.fnum = fnum;
+	q.query_secdesc.in.secinfo_flags =
+		SECINFO_OWNER |
+		SECINFO_GROUP |
+		SECINFO_DACL;
+	status = smb_raw_fileinfo(cli->tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Testing the modified DACL */
+	if (!(q.query_secdesc.out.sd->type & SEC_DESC_DACL_PRESENT)) {
+		ret = false;
+		torture_result(tctx, TORTURE_FAIL, "DACL_PRESENT flag not set by the server!\n");
+		goto done;
+	}
+	if (q.query_secdesc.out.sd->dacl != NULL) {
+		ret = false;
+		torture_result(tctx, TORTURE_FAIL, "DACL has been created on the server!\n");
+		goto done;
+	}
+done:
+	smbcli_close(cli->tree, fnum);
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+/*
+  test the behaviour of the well known SID_CREATOR_OWNER sid, and some generic
+  mapping bits
+  Test copied to smb2/acls.c for SMB2.
+*/
+static bool test_creator_sid(struct torture_context *tctx, 
+							 struct smbcli_state *cli)
+{
+	NTSTATUS status;
+	union smb_open io;
+	const char *fname = BASEDIR "\\creator.txt";
+	bool ret = true;
+	int fnum = -1;
+	union smb_fileinfo q;
+	union smb_setfileinfo set;
+	struct security_descriptor *sd, *sd_orig, *sd2;
+	const char *owner_sid;
+
+	if (!torture_setup_dir(cli, BASEDIR))
+		return false;
+
+	torture_comment(tctx, "TESTING SID_CREATOR_OWNER\n");
+
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_STD_READ_CONTROL | SEC_STD_WRITE_DAC | SEC_STD_WRITE_OWNER;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = 
+		NTCREATEX_SHARE_ACCESS_READ | 
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	torture_comment(tctx, "get the original sd\n");
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.fnum = fnum;
+	q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+	status = smb_raw_fileinfo(cli->tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	sd_orig = q.query_secdesc.out.sd;
+
+	owner_sid = dom_sid_string(tctx, sd_orig->owner_sid);
+
+	torture_comment(tctx, "set a sec desc allowing no write by CREATOR_OWNER\n");
+	sd = security_descriptor_dacl_create(tctx,
+					0, NULL, NULL,
+					SID_CREATOR_OWNER,
+					SEC_ACE_TYPE_ACCESS_ALLOWED,
+					SEC_RIGHTS_FILE_READ | SEC_STD_ALL,
+					0,
+					NULL);
+
+	set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+	set.set_secdesc.in.file.fnum = fnum;
+	set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+	set.set_secdesc.in.sd = sd;
+
+	status = smb_raw_setfileinfo(cli->tree, &set);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "try open for write\n");
+	io.ntcreatex.in.access_mask = SEC_FILE_WRITE_DATA;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	torture_comment(tctx, "try open for read\n");
+	io.ntcreatex.in.access_mask = SEC_FILE_READ_DATA;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	torture_comment(tctx, "try open for generic write\n");
+	io.ntcreatex.in.access_mask = SEC_GENERIC_WRITE;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	torture_comment(tctx, "try open for generic read\n");
+	io.ntcreatex.in.access_mask = SEC_GENERIC_READ;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	torture_comment(tctx, "set a sec desc allowing no write by owner\n");
+	sd = security_descriptor_dacl_create(tctx,
+					0, owner_sid, NULL,
+					owner_sid,
+					SEC_ACE_TYPE_ACCESS_ALLOWED,
+					SEC_RIGHTS_FILE_READ | SEC_STD_ALL,
+					0,
+					NULL);
+
+	set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+	set.set_secdesc.in.file.fnum = fnum;
+	set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+	set.set_secdesc.in.sd = sd;
+	status = smb_raw_setfileinfo(cli->tree, &set);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "check that sd has been mapped correctly\n");
+	status = smb_raw_fileinfo(cli->tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_SECURITY_DESCRIPTOR(q.query_secdesc.out.sd, sd);
+
+	torture_comment(tctx, "try open for write\n");
+	io.ntcreatex.in.access_mask = SEC_FILE_WRITE_DATA;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	torture_comment(tctx, "try open for read\n");
+	io.ntcreatex.in.access_mask = SEC_FILE_READ_DATA;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_ACCESS_FLAGS(io.ntcreatex.out.file.fnum, 
+			   SEC_FILE_READ_DATA|
+			   SEC_FILE_READ_ATTRIBUTE);
+	smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+
+	torture_comment(tctx, "try open for generic write\n");
+	io.ntcreatex.in.access_mask = SEC_GENERIC_WRITE;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	torture_comment(tctx, "try open for generic read\n");
+	io.ntcreatex.in.access_mask = SEC_GENERIC_READ;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_ACCESS_FLAGS(io.ntcreatex.out.file.fnum, 
+			   SEC_RIGHTS_FILE_READ);
+	smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+
+	torture_comment(tctx, "set a sec desc allowing generic read by owner\n");
+	sd = security_descriptor_dacl_create(tctx,
+					0, NULL, NULL,
+					owner_sid,
+					SEC_ACE_TYPE_ACCESS_ALLOWED,
+					SEC_GENERIC_READ | SEC_STD_ALL,
+					0,
+					NULL);
+
+	set.set_secdesc.in.sd = sd;
+	status = smb_raw_setfileinfo(cli->tree, &set);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "check that generic read has been mapped correctly\n");
+	sd2 = security_descriptor_dacl_create(tctx,
+					 0, owner_sid, NULL,
+					 owner_sid,
+					 SEC_ACE_TYPE_ACCESS_ALLOWED,
+					 SEC_RIGHTS_FILE_READ | SEC_STD_ALL,
+					 0,
+					 NULL);
+
+	status = smb_raw_fileinfo(cli->tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_SECURITY_DESCRIPTOR(q.query_secdesc.out.sd, sd2);
+
+	torture_comment(tctx, "try open for write\n");
+	io.ntcreatex.in.access_mask = SEC_FILE_WRITE_DATA;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	torture_comment(tctx, "try open for read\n");
+	io.ntcreatex.in.access_mask = SEC_FILE_READ_DATA;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_ACCESS_FLAGS(io.ntcreatex.out.file.fnum, 
+			   SEC_FILE_READ_DATA | 
+			   SEC_FILE_READ_ATTRIBUTE);
+	smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+
+	torture_comment(tctx, "try open for generic write\n");
+	io.ntcreatex.in.access_mask = SEC_GENERIC_WRITE;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	torture_comment(tctx, "try open for generic read\n");
+	io.ntcreatex.in.access_mask = SEC_GENERIC_READ;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_ACCESS_FLAGS(io.ntcreatex.out.file.fnum, SEC_RIGHTS_FILE_READ);
+	smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+
+
+	torture_comment(tctx, "put back original sd\n");
+	set.set_secdesc.in.sd = sd_orig;
+	status = smb_raw_setfileinfo(cli->tree, &set);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+
+done:
+	smbcli_close(cli->tree, fnum);
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+
+/*
+  test the mapping of the SEC_GENERIC_xx bits to SEC_STD_xx and
+  SEC_FILE_xx bits
+  Test copied to smb2/acls.c for SMB2.
+*/
+static bool test_generic_bits(struct torture_context *tctx, 
+							  struct smbcli_state *cli)
+{
+	NTSTATUS status;
+	union smb_open io;
+	const char *fname = BASEDIR "\\generic.txt";
+	bool ret = true;
+	int fnum = -1, i;
+	union smb_fileinfo q;
+	union smb_setfileinfo set;
+	struct security_descriptor *sd, *sd_orig, *sd2;
+	const char *owner_sid;
+	const struct {
+		uint32_t gen_bits;
+		uint32_t specific_bits;
+	} file_mappings[] = {
+		{ 0,                       0 },
+		{ SEC_GENERIC_READ,        SEC_RIGHTS_FILE_READ },
+		{ SEC_GENERIC_WRITE,       SEC_RIGHTS_FILE_WRITE },
+		{ SEC_GENERIC_EXECUTE,     SEC_RIGHTS_FILE_EXECUTE },
+		{ SEC_GENERIC_ALL,         SEC_RIGHTS_FILE_ALL },
+		{ SEC_FILE_READ_DATA,      SEC_FILE_READ_DATA },
+		{ SEC_FILE_READ_ATTRIBUTE, SEC_FILE_READ_ATTRIBUTE }
+	};
+	const struct {
+		uint32_t gen_bits;
+		uint32_t specific_bits;
+	} dir_mappings[] = {
+		{ 0,                   0 },
+		{ SEC_GENERIC_READ,    SEC_RIGHTS_DIR_READ },
+		{ SEC_GENERIC_WRITE,   SEC_RIGHTS_DIR_WRITE },
+		{ SEC_GENERIC_EXECUTE, SEC_RIGHTS_DIR_EXECUTE },
+		{ SEC_GENERIC_ALL,     SEC_RIGHTS_DIR_ALL }
+	};
+	bool has_restore_privilege;
+	bool has_take_ownership_privilege;
+
+	if (!torture_setup_dir(cli, BASEDIR))
+		return false;
+
+	torture_comment(tctx, "TESTING FILE GENERIC BITS\n");
+
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = 
+		SEC_STD_READ_CONTROL | 
+		SEC_STD_WRITE_DAC | 
+		SEC_STD_WRITE_OWNER;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = 
+		NTCREATEX_SHARE_ACCESS_READ | 
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	torture_comment(tctx, "get the original sd\n");
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.fnum = fnum;
+	q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+	status = smb_raw_fileinfo(cli->tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	sd_orig = q.query_secdesc.out.sd;
+
+	owner_sid = dom_sid_string(tctx, sd_orig->owner_sid);
+
+	status = torture_check_privilege(cli, 
+					    owner_sid, 
+					    sec_privilege_name(SEC_PRIV_RESTORE));
+	has_restore_privilege = NT_STATUS_IS_OK(status);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_warning(tctx, "torture_check_privilege - %s\n",
+		    nt_errstr(status));
+	}
+	torture_comment(tctx, "SEC_PRIV_RESTORE - %s\n", has_restore_privilege?"Yes":"No");
+
+	status = torture_check_privilege(cli, 
+					    owner_sid, 
+					    sec_privilege_name(SEC_PRIV_TAKE_OWNERSHIP));
+	has_take_ownership_privilege = NT_STATUS_IS_OK(status);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_warning(tctx, "torture_check_privilege - %s\n",
+		    nt_errstr(status));
+	}
+	torture_comment(tctx, "SEC_PRIV_TAKE_OWNERSHIP - %s\n", has_take_ownership_privilege?"Yes":"No");
+
+	for (i=0;i<ARRAY_SIZE(file_mappings);i++) {
+		uint32_t expected_mask = 
+			SEC_STD_WRITE_DAC | 
+			SEC_STD_READ_CONTROL | 
+			SEC_FILE_READ_ATTRIBUTE |
+			SEC_STD_DELETE;
+		uint32_t expected_mask_anon = SEC_FILE_READ_ATTRIBUTE;
+
+		if (has_restore_privilege) {
+			expected_mask_anon |= SEC_STD_DELETE;
+		}
+
+		torture_comment(tctx, "Testing generic bits 0x%08x\n",
+		       file_mappings[i].gen_bits);
+		sd = security_descriptor_dacl_create(tctx,
+						0, owner_sid, NULL,
+						owner_sid,
+						SEC_ACE_TYPE_ACCESS_ALLOWED,
+						file_mappings[i].gen_bits,
+						0,
+						NULL);
+
+		set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+		set.set_secdesc.in.file.fnum = fnum;
+		set.set_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+		set.set_secdesc.in.sd = sd;
+
+		status = smb_raw_setfileinfo(cli->tree, &set);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		sd2 = security_descriptor_dacl_create(tctx,
+						 0, owner_sid, NULL,
+						 owner_sid,
+						 SEC_ACE_TYPE_ACCESS_ALLOWED,
+						 file_mappings[i].specific_bits,
+						 0,
+						 NULL);
+
+		status = smb_raw_fileinfo(cli->tree, tctx, &q);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		CHECK_SECURITY_DESCRIPTOR(q.query_secdesc.out.sd, sd2);
+
+		io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+		status = smb_raw_open(cli->tree, tctx, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		CHECK_ACCESS_FLAGS(io.ntcreatex.out.file.fnum, 
+				   expected_mask | file_mappings[i].specific_bits);
+		smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+
+		if (!has_take_ownership_privilege) {
+			continue;
+		}
+
+		torture_comment(tctx, "Testing generic bits 0x%08x (anonymous)\n",
+		       file_mappings[i].gen_bits);
+		sd = security_descriptor_dacl_create(tctx,
+						0, SID_NT_ANONYMOUS, NULL,
+						owner_sid,
+						SEC_ACE_TYPE_ACCESS_ALLOWED,
+						file_mappings[i].gen_bits,
+						0,
+						NULL);
+
+		set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+		set.set_secdesc.in.file.fnum = fnum;
+		set.set_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+		set.set_secdesc.in.sd = sd;
+
+		status = smb_raw_setfileinfo(cli->tree, &set);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		sd2 = security_descriptor_dacl_create(tctx,
+						 0, SID_NT_ANONYMOUS, NULL,
+						 owner_sid,
+						 SEC_ACE_TYPE_ACCESS_ALLOWED,
+						 file_mappings[i].specific_bits,
+						 0,
+						 NULL);
+
+		status = smb_raw_fileinfo(cli->tree, tctx, &q);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		CHECK_SECURITY_DESCRIPTOR(q.query_secdesc.out.sd, sd2);
+
+		io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+		status = smb_raw_open(cli->tree, tctx, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		CHECK_ACCESS_FLAGS(io.ntcreatex.out.file.fnum, 
+				   expected_mask_anon | file_mappings[i].specific_bits);
+		smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+	}
+
+	torture_comment(tctx, "put back original sd\n");
+	set.set_secdesc.in.sd = sd_orig;
+	status = smb_raw_setfileinfo(cli->tree, &set);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	smbcli_close(cli->tree, fnum);
+	smbcli_unlink(cli->tree, fname);
+
+
+	torture_comment(tctx, "TESTING DIR GENERIC BITS\n");
+
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = 
+		SEC_STD_READ_CONTROL | 
+		SEC_STD_WRITE_DAC | 
+		SEC_STD_WRITE_OWNER;
+	io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_DIRECTORY;
+	io.ntcreatex.in.share_access = 
+		NTCREATEX_SHARE_ACCESS_READ | 
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	torture_comment(tctx, "get the original sd\n");
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.fnum = fnum;
+	q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+	status = smb_raw_fileinfo(cli->tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	sd_orig = q.query_secdesc.out.sd;
+
+	owner_sid = dom_sid_string(tctx, sd_orig->owner_sid);
+
+	status = torture_check_privilege(cli, 
+					    owner_sid, 
+					    sec_privilege_name(SEC_PRIV_RESTORE));
+	has_restore_privilege = NT_STATUS_IS_OK(status);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_warning(tctx, "torture_check_privilege - %s\n",
+		    nt_errstr(status));
+	}
+	torture_comment(tctx, "SEC_PRIV_RESTORE - %s\n", has_restore_privilege?"Yes":"No");
+
+	status = torture_check_privilege(cli, 
+					    owner_sid, 
+					    sec_privilege_name(SEC_PRIV_TAKE_OWNERSHIP));
+	has_take_ownership_privilege = NT_STATUS_IS_OK(status);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_warning(tctx, "torture_check_privilege - %s\n",
+		    nt_errstr(status));
+	}
+	torture_comment(tctx, "SEC_PRIV_TAKE_OWNERSHIP - %s\n", has_take_ownership_privilege?"Yes":"No");
+
+	for (i=0;i<ARRAY_SIZE(dir_mappings);i++) {
+		uint32_t expected_mask = 
+			SEC_STD_WRITE_DAC | 
+			SEC_STD_READ_CONTROL | 
+			SEC_FILE_READ_ATTRIBUTE |
+			SEC_STD_DELETE;
+		uint32_t expected_mask_anon = SEC_FILE_READ_ATTRIBUTE;
+
+		if (has_restore_privilege) {
+			expected_mask_anon |= SEC_STD_DELETE;
+		}
+
+		torture_comment(tctx, "Testing generic bits 0x%08x\n",
+		       file_mappings[i].gen_bits);
+		sd = security_descriptor_dacl_create(tctx,
+						0, owner_sid, NULL,
+						owner_sid,
+						SEC_ACE_TYPE_ACCESS_ALLOWED,
+						dir_mappings[i].gen_bits,
+						0,
+						NULL);
+
+		set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+		set.set_secdesc.in.file.fnum = fnum;
+		set.set_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+		set.set_secdesc.in.sd = sd;
+
+		status = smb_raw_setfileinfo(cli->tree, &set);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		sd2 = security_descriptor_dacl_create(tctx,
+						 0, owner_sid, NULL,
+						 owner_sid,
+						 SEC_ACE_TYPE_ACCESS_ALLOWED,
+						 dir_mappings[i].specific_bits,
+						 0,
+						 NULL);
+
+		status = smb_raw_fileinfo(cli->tree, tctx, &q);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		CHECK_SECURITY_DESCRIPTOR(q.query_secdesc.out.sd, sd2);
+
+		io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+		status = smb_raw_open(cli->tree, tctx, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		CHECK_ACCESS_FLAGS(io.ntcreatex.out.file.fnum, 
+				   expected_mask | dir_mappings[i].specific_bits);
+		smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+
+		if (!has_take_ownership_privilege) {
+			continue;
+		}
+
+		torture_comment(tctx, "Testing generic bits 0x%08x (anonymous)\n",
+		       file_mappings[i].gen_bits);
+		sd = security_descriptor_dacl_create(tctx,
+						0, SID_NT_ANONYMOUS, NULL,
+						owner_sid,
+						SEC_ACE_TYPE_ACCESS_ALLOWED,
+						file_mappings[i].gen_bits,
+						0,
+						NULL);
+
+		set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+		set.set_secdesc.in.file.fnum = fnum;
+		set.set_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+		set.set_secdesc.in.sd = sd;
+
+		status = smb_raw_setfileinfo(cli->tree, &set);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		sd2 = security_descriptor_dacl_create(tctx,
+						 0, SID_NT_ANONYMOUS, NULL,
+						 owner_sid,
+						 SEC_ACE_TYPE_ACCESS_ALLOWED,
+						 file_mappings[i].specific_bits,
+						 0,
+						 NULL);
+
+		status = smb_raw_fileinfo(cli->tree, tctx, &q);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		CHECK_SECURITY_DESCRIPTOR(q.query_secdesc.out.sd, sd2);
+
+		io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+		status = smb_raw_open(cli->tree, tctx, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		CHECK_ACCESS_FLAGS(io.ntcreatex.out.file.fnum, 
+				   expected_mask_anon | dir_mappings[i].specific_bits);
+		smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+	}
+
+	torture_comment(tctx, "put back original sd\n");
+	set.set_secdesc.in.sd = sd_orig;
+	status = smb_raw_setfileinfo(cli->tree, &set);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	smbcli_close(cli->tree, fnum);
+	smbcli_unlink(cli->tree, fname);
+
+done:
+	smbcli_close(cli->tree, fnum);
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+
+/*
+  see what access bits the owner of a file always gets
+  Test copied to smb2/acls.c for SMB2.
+*/
+static bool test_owner_bits(struct torture_context *tctx, 
+							struct smbcli_state *cli)
+{
+	NTSTATUS status;
+	union smb_open io;
+	const char *fname = BASEDIR "\\test_owner_bits.txt";
+	bool ret = true;
+	int fnum = -1, i;
+	union smb_fileinfo q;
+	union smb_setfileinfo set;
+	struct security_descriptor *sd, *sd_orig;
+	const char *owner_sid;
+	bool has_restore_privilege;
+	bool has_take_ownership_privilege;
+	uint32_t expected_bits;
+
+	if (!torture_setup_dir(cli, BASEDIR))
+		return false;
+
+	torture_comment(tctx, "TESTING FILE OWNER BITS\n");
+
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = 
+		SEC_STD_READ_CONTROL | 
+		SEC_STD_WRITE_DAC | 
+		SEC_STD_WRITE_OWNER;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = 
+		NTCREATEX_SHARE_ACCESS_READ | 
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	torture_comment(tctx, "get the original sd\n");
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.fnum = fnum;
+	q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+	status = smb_raw_fileinfo(cli->tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	sd_orig = q.query_secdesc.out.sd;
+
+	owner_sid = dom_sid_string(tctx, sd_orig->owner_sid);
+
+	status = torture_check_privilege(cli, 
+					    owner_sid, 
+					    sec_privilege_name(SEC_PRIV_RESTORE));
+	has_restore_privilege = NT_STATUS_IS_OK(status);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_warning(tctx, "torture_check_privilege - %s\n", nt_errstr(status));
+	}
+	torture_comment(tctx, "SEC_PRIV_RESTORE - %s\n", has_restore_privilege?"Yes":"No");
+
+	status = torture_check_privilege(cli, 
+					    owner_sid, 
+					    sec_privilege_name(SEC_PRIV_TAKE_OWNERSHIP));
+	has_take_ownership_privilege = NT_STATUS_IS_OK(status);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_warning(tctx, "torture_check_privilege - %s\n", nt_errstr(status));
+	}
+	torture_comment(tctx, "SEC_PRIV_TAKE_OWNERSHIP - %s\n", has_take_ownership_privilege?"Yes":"No");
+
+	sd = security_descriptor_dacl_create(tctx,
+					0, NULL, NULL,
+					owner_sid,
+					SEC_ACE_TYPE_ACCESS_ALLOWED,
+					SEC_FILE_WRITE_DATA,
+					0,
+					NULL);
+
+	set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+	set.set_secdesc.in.file.fnum = fnum;
+	set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+	set.set_secdesc.in.sd = sd;
+
+	status = smb_raw_setfileinfo(cli->tree, &set);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	expected_bits = SEC_FILE_WRITE_DATA | SEC_FILE_READ_ATTRIBUTE;
+
+	for (i=0;i<16;i++) {
+		uint32_t bit = (1<<i);
+		io.ntcreatex.in.access_mask = bit;
+		status = smb_raw_open(cli->tree, tctx, &io);
+		if (expected_bits & bit) {
+			if (!NT_STATUS_IS_OK(status)) {
+				torture_warning(tctx, "failed with access mask 0x%08x of expected 0x%08x\n",
+				       bit, expected_bits);
+			}
+			CHECK_STATUS(status, NT_STATUS_OK);
+			CHECK_ACCESS_FLAGS(io.ntcreatex.out.file.fnum, bit | SEC_FILE_READ_ATTRIBUTE);
+			smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+		} else {
+			if (NT_STATUS_IS_OK(status)) {
+				torture_warning(tctx, "open succeeded with access mask 0x%08x of "
+					"expected 0x%08x - should fail\n",
+				       bit, expected_bits);
+			}
+			CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+		}
+	}
+
+	torture_comment(tctx, "put back original sd\n");
+	set.set_secdesc.in.sd = sd_orig;
+	status = smb_raw_setfileinfo(cli->tree, &set);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+done:
+	smbcli_close(cli->tree, fnum);
+	smbcli_unlink(cli->tree, fname);
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+
+
+/*
+  test the inheritance of ACL flags onto new files and directories
+  Test copied to smb2/acls.c for SMB2.
+*/
+static bool test_inheritance(struct torture_context *tctx, 
+							 struct smbcli_state *cli)
+{
+	NTSTATUS status;
+	union smb_open io;
+	const char *dname = BASEDIR "\\inheritance";
+	const char *fname1 = BASEDIR "\\inheritance\\testfile";
+	const char *fname2 = BASEDIR "\\inheritance\\testdir";
+	bool ret = true;
+	int fnum=0, fnum2, i;
+	union smb_fileinfo q;
+	union smb_setfileinfo set;
+	struct security_descriptor *sd, *sd2, *sd_orig=NULL, *sd_def1, *sd_def2;
+	const char *owner_sid, *group_sid;
+	const struct dom_sid *creator_owner;
+	const struct {
+		uint32_t parent_flags;
+		uint32_t file_flags;
+		uint32_t dir_flags;
+	} test_flags[] = {
+		{
+			0, 
+			0,
+			0
+		},
+		{
+			SEC_ACE_FLAG_OBJECT_INHERIT,
+			0,
+			SEC_ACE_FLAG_OBJECT_INHERIT | 
+			SEC_ACE_FLAG_INHERIT_ONLY,
+		},
+		{
+			SEC_ACE_FLAG_CONTAINER_INHERIT,
+			0,
+			SEC_ACE_FLAG_CONTAINER_INHERIT,
+		},
+		{
+			SEC_ACE_FLAG_OBJECT_INHERIT | 
+			SEC_ACE_FLAG_CONTAINER_INHERIT,
+			0,
+			SEC_ACE_FLAG_OBJECT_INHERIT | 
+			SEC_ACE_FLAG_CONTAINER_INHERIT,
+		},
+		{
+			SEC_ACE_FLAG_NO_PROPAGATE_INHERIT,
+			0,
+			0,
+		},
+		{
+			SEC_ACE_FLAG_NO_PROPAGATE_INHERIT | 
+			SEC_ACE_FLAG_OBJECT_INHERIT,
+			0,
+			0,
+		},
+		{
+			SEC_ACE_FLAG_NO_PROPAGATE_INHERIT | 
+			SEC_ACE_FLAG_CONTAINER_INHERIT,
+			0,
+			0,
+		},
+		{
+			SEC_ACE_FLAG_NO_PROPAGATE_INHERIT | 
+			SEC_ACE_FLAG_CONTAINER_INHERIT | 
+			SEC_ACE_FLAG_OBJECT_INHERIT,
+			0,
+			0,
+		},
+		{
+			SEC_ACE_FLAG_INHERIT_ONLY,
+			0,
+			0,
+		},
+		{
+			SEC_ACE_FLAG_INHERIT_ONLY | 
+			SEC_ACE_FLAG_OBJECT_INHERIT,
+			0,
+			SEC_ACE_FLAG_OBJECT_INHERIT | 
+			SEC_ACE_FLAG_INHERIT_ONLY,
+		},
+		{
+			SEC_ACE_FLAG_INHERIT_ONLY | 
+			SEC_ACE_FLAG_CONTAINER_INHERIT,
+			0,
+			SEC_ACE_FLAG_CONTAINER_INHERIT,
+		},
+		{
+			SEC_ACE_FLAG_INHERIT_ONLY | 
+			SEC_ACE_FLAG_CONTAINER_INHERIT | 
+			SEC_ACE_FLAG_OBJECT_INHERIT,
+			0,
+			SEC_ACE_FLAG_CONTAINER_INHERIT | 
+			SEC_ACE_FLAG_OBJECT_INHERIT,
+		},
+		{
+			SEC_ACE_FLAG_INHERIT_ONLY | 
+			SEC_ACE_FLAG_NO_PROPAGATE_INHERIT,
+			0,
+			0,
+		},
+		{
+			SEC_ACE_FLAG_INHERIT_ONLY | 
+			SEC_ACE_FLAG_NO_PROPAGATE_INHERIT | 
+			SEC_ACE_FLAG_OBJECT_INHERIT,
+			0,
+			0,
+		},
+		{
+			SEC_ACE_FLAG_INHERIT_ONLY | 
+			SEC_ACE_FLAG_NO_PROPAGATE_INHERIT | 
+			SEC_ACE_FLAG_CONTAINER_INHERIT,
+			0,
+			0,
+		},
+		{
+			SEC_ACE_FLAG_INHERIT_ONLY | 
+			SEC_ACE_FLAG_NO_PROPAGATE_INHERIT | 
+			SEC_ACE_FLAG_CONTAINER_INHERIT | 
+			SEC_ACE_FLAG_OBJECT_INHERIT,
+			0,
+			0,
+		}
+	};
+
+	if (!torture_setup_dir(cli, BASEDIR))
+		return false;
+
+	torture_comment(tctx, "TESTING ACL INHERITANCE\n");
+
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_DIRECTORY;
+	io.ntcreatex.in.share_access = 0;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = dname;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	torture_comment(tctx, "get the original sd\n");
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.fnum = fnum;
+	q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER | SECINFO_GROUP;
+	status = smb_raw_fileinfo(cli->tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	sd_orig = q.query_secdesc.out.sd;
+
+	owner_sid = dom_sid_string(tctx, sd_orig->owner_sid);
+	group_sid = dom_sid_string(tctx, sd_orig->group_sid);
+
+	torture_comment(tctx, "owner_sid is %s\n", owner_sid);
+	torture_comment(tctx, "group_sid is %s\n", group_sid);
+
+	q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+
+	if (torture_setting_bool(tctx, "samba4", false)) {
+		/* the default ACL in Samba4 includes the group and
+		   other permissions */
+		sd_def1 = security_descriptor_dacl_create(tctx,
+							 0, owner_sid, NULL,
+							 owner_sid,
+							 SEC_ACE_TYPE_ACCESS_ALLOWED,
+							 SEC_RIGHTS_FILE_ALL,
+							 0,
+							 group_sid,
+							 SEC_ACE_TYPE_ACCESS_ALLOWED,
+							 SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE,
+							 0,
+							 SID_WORLD,
+							 SEC_ACE_TYPE_ACCESS_ALLOWED,
+							 SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE,
+							 0,
+							 SID_NT_SYSTEM,
+							 SEC_ACE_TYPE_ACCESS_ALLOWED,
+							 SEC_RIGHTS_FILE_ALL,
+							 0,
+							 NULL);
+	} else {
+		/*
+		 * The Windows Default ACL for a new file, when there is no ACL to be
+		 * inherited: FullControl for the owner and SYSTEM.
+		 */
+		sd_def1 = security_descriptor_dacl_create(tctx,
+							 0, owner_sid, NULL,
+							 owner_sid,
+							 SEC_ACE_TYPE_ACCESS_ALLOWED,
+							 SEC_RIGHTS_FILE_ALL,
+							 0,
+							 SID_NT_SYSTEM,
+							 SEC_ACE_TYPE_ACCESS_ALLOWED,
+							 SEC_RIGHTS_FILE_ALL,
+							 0,
+							 NULL);
+	}
+
+	/*
+	 * Use this in the case the system being tested does not add an ACE for
+	 * the SYSTEM SID.
+	 */
+	sd_def2 = security_descriptor_dacl_create(tctx,
+					    0, owner_sid, NULL,
+					    owner_sid,
+					    SEC_ACE_TYPE_ACCESS_ALLOWED,
+					    SEC_RIGHTS_FILE_ALL,
+					    0,
+					    NULL);
+
+	creator_owner = dom_sid_parse_talloc(tctx, SID_CREATOR_OWNER);
+
+	for (i=0;i<ARRAY_SIZE(test_flags);i++) {
+		sd = security_descriptor_dacl_create(tctx,
+						0, NULL, NULL,
+						SID_CREATOR_OWNER,
+						SEC_ACE_TYPE_ACCESS_ALLOWED,
+						SEC_FILE_WRITE_DATA,
+						test_flags[i].parent_flags,
+						SID_WORLD,
+						SEC_ACE_TYPE_ACCESS_ALLOWED,
+						SEC_FILE_ALL | SEC_STD_ALL,
+						0,
+						NULL);
+		set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+		set.set_secdesc.in.file.fnum = fnum;
+		set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+		set.set_secdesc.in.sd = sd;
+		status = smb_raw_setfileinfo(cli->tree, &set);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		io.ntcreatex.in.fname = fname1;
+		io.ntcreatex.in.create_options = 0;
+		status = smb_raw_open(cli->tree, tctx, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		fnum2 = io.ntcreatex.out.file.fnum;
+
+		q.query_secdesc.in.file.fnum = fnum2;
+		status = smb_raw_fileinfo(cli->tree, tctx, &q);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		smbcli_close(cli->tree, fnum2);
+		smbcli_unlink(cli->tree, fname1);
+
+		if (!(test_flags[i].parent_flags & SEC_ACE_FLAG_OBJECT_INHERIT)) {
+			if (!security_descriptor_equal(q.query_secdesc.out.sd, sd_def1) &&
+			    !security_descriptor_equal(q.query_secdesc.out.sd, sd_def2)) {
+				torture_warning(tctx, "Expected default sd "
+				    "for i=%d:\n", i);
+				NDR_PRINT_DEBUG(security_descriptor, sd_def1);
+				torture_warning(tctx, "at %d - got:\n", i);
+				NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd);
+			}
+			goto check_dir;
+		}
+
+		if (q.query_secdesc.out.sd->dacl == NULL ||
+		    q.query_secdesc.out.sd->dacl->num_aces != 1 ||
+		    q.query_secdesc.out.sd->dacl->aces[0].access_mask != SEC_FILE_WRITE_DATA ||
+		    !dom_sid_equal(&q.query_secdesc.out.sd->dacl->aces[0].trustee,
+				   sd_orig->owner_sid)) {
+			ret = false;
+			torture_warning(tctx, "Bad sd in child file at %d\n", i);
+			NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd);
+			goto check_dir;
+		}
+
+		if (q.query_secdesc.out.sd->dacl->aces[0].flags != 
+		    test_flags[i].file_flags) {
+			torture_warning(tctx, "incorrect file_flags 0x%x - expected 0x%x for parent 0x%x with (i=%d)\n",
+			       q.query_secdesc.out.sd->dacl->aces[0].flags,
+			       test_flags[i].file_flags,
+			       test_flags[i].parent_flags,
+			       i);
+			ret = false;
+		}
+
+	check_dir:
+		io.ntcreatex.in.fname = fname2;
+		io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+		status = smb_raw_open(cli->tree, tctx, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		fnum2 = io.ntcreatex.out.file.fnum;
+
+		q.query_secdesc.in.file.fnum = fnum2;
+		status = smb_raw_fileinfo(cli->tree, tctx, &q);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		smbcli_close(cli->tree, fnum2);
+		smbcli_rmdir(cli->tree, fname2);
+
+		if (!(test_flags[i].parent_flags & SEC_ACE_FLAG_CONTAINER_INHERIT) &&
+		    (!(test_flags[i].parent_flags & SEC_ACE_FLAG_OBJECT_INHERIT) ||
+		     (test_flags[i].parent_flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT))) {
+			if (!security_descriptor_equal(q.query_secdesc.out.sd, sd_def1) &&
+			    !security_descriptor_equal(q.query_secdesc.out.sd, sd_def2)) {
+				torture_warning(tctx, "Expected default sd for dir at %d:\n", i);
+				NDR_PRINT_DEBUG(security_descriptor, sd_def1);
+				torture_warning(tctx, "got:\n");
+				NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd);
+			}
+			continue;
+		}
+
+		if ((test_flags[i].parent_flags & SEC_ACE_FLAG_CONTAINER_INHERIT) && 
+		    (test_flags[i].parent_flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT)) {
+			if (q.query_secdesc.out.sd->dacl == NULL ||
+			    q.query_secdesc.out.sd->dacl->num_aces != 1 ||
+			    q.query_secdesc.out.sd->dacl->aces[0].access_mask != SEC_FILE_WRITE_DATA ||
+			    !dom_sid_equal(&q.query_secdesc.out.sd->dacl->aces[0].trustee,
+					   sd_orig->owner_sid) ||
+			    q.query_secdesc.out.sd->dacl->aces[0].flags != test_flags[i].dir_flags) {
+				torture_warning(tctx, "(CI & NP) Bad sd in child dir - expected 0x%x for parent 0x%x (i=%d)\n",
+				       test_flags[i].dir_flags,
+				       test_flags[i].parent_flags, i);
+				NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd);
+				torture_comment(tctx, "FYI, here is the parent sd:\n");
+				NDR_PRINT_DEBUG(security_descriptor, sd);
+				ret = false;
+				continue;
+			}
+		} else if (test_flags[i].parent_flags & SEC_ACE_FLAG_CONTAINER_INHERIT) {
+			if (q.query_secdesc.out.sd->dacl == NULL ||
+			    q.query_secdesc.out.sd->dacl->num_aces != 2 ||
+			    q.query_secdesc.out.sd->dacl->aces[0].access_mask != SEC_FILE_WRITE_DATA ||
+			    !dom_sid_equal(&q.query_secdesc.out.sd->dacl->aces[0].trustee,
+					   sd_orig->owner_sid) ||
+			    q.query_secdesc.out.sd->dacl->aces[1].access_mask != SEC_FILE_WRITE_DATA ||
+			    !dom_sid_equal(&q.query_secdesc.out.sd->dacl->aces[1].trustee,
+					   creator_owner) ||
+			    q.query_secdesc.out.sd->dacl->aces[0].flags != 0 ||
+			    q.query_secdesc.out.sd->dacl->aces[1].flags != 
+			    (test_flags[i].dir_flags | SEC_ACE_FLAG_INHERIT_ONLY)) {
+				torture_warning(tctx, "(CI) Bad sd in child dir - expected 0x%x for parent 0x%x (i=%d)\n",
+				       test_flags[i].dir_flags,
+				       test_flags[i].parent_flags, i);
+				NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd);
+				torture_comment(tctx, "FYI, here is the parent sd:\n");
+				NDR_PRINT_DEBUG(security_descriptor, sd);
+				ret = false;
+				continue;
+			}
+		} else {
+			if (q.query_secdesc.out.sd->dacl == NULL ||
+			    q.query_secdesc.out.sd->dacl->num_aces != 1 ||
+			    q.query_secdesc.out.sd->dacl->aces[0].access_mask != SEC_FILE_WRITE_DATA ||
+			    !dom_sid_equal(&q.query_secdesc.out.sd->dacl->aces[0].trustee,
+					   creator_owner) ||
+			    q.query_secdesc.out.sd->dacl->aces[0].flags != test_flags[i].dir_flags) {
+				torture_warning(tctx, "(0) Bad sd in child dir - expected 0x%x for parent 0x%x (i=%d)\n",
+				       test_flags[i].dir_flags,
+				       test_flags[i].parent_flags, i);
+				NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd);
+				torture_comment(tctx, "FYI, here is the parent sd:\n");
+				NDR_PRINT_DEBUG(security_descriptor, sd);
+				ret = false;
+				continue;
+			}
+		}
+	}
+
+	torture_comment(tctx, "Testing access checks on inherited create with %s\n", fname1);
+	sd = security_descriptor_dacl_create(tctx,
+					0, NULL, NULL,
+					owner_sid,
+					SEC_ACE_TYPE_ACCESS_ALLOWED,
+					SEC_FILE_WRITE_DATA | SEC_STD_WRITE_DAC,
+					SEC_ACE_FLAG_OBJECT_INHERIT,
+					SID_WORLD,
+					SEC_ACE_TYPE_ACCESS_ALLOWED,
+					SEC_FILE_ALL | SEC_STD_ALL,
+					0,
+					NULL);
+	set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+	set.set_secdesc.in.file.fnum = fnum;
+	set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+	set.set_secdesc.in.sd = sd;
+	status = smb_raw_setfileinfo(cli->tree, &set);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Check DACL we just set. */
+	torture_comment(tctx, "checking new sd\n");
+	q.query_secdesc.in.file.fnum = fnum;
+	q.query_secdesc.in.secinfo_flags = SECINFO_DACL;
+	status = smb_raw_fileinfo(cli->tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_SECURITY_DESCRIPTOR(q.query_secdesc.out.sd, sd);
+
+	io.ntcreatex.in.fname = fname1;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum2 = io.ntcreatex.out.file.fnum;
+	CHECK_ACCESS_FLAGS(fnum2, SEC_RIGHTS_FILE_ALL);
+
+	q.query_secdesc.in.file.fnum = fnum2;
+	q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+	status = smb_raw_fileinfo(cli->tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smbcli_close(cli->tree, fnum2);
+
+	sd2 = security_descriptor_dacl_create(tctx,
+					 0, owner_sid, NULL,
+					 owner_sid,
+					 SEC_ACE_TYPE_ACCESS_ALLOWED,
+					 SEC_FILE_WRITE_DATA | SEC_STD_WRITE_DAC,
+					 0,
+					 NULL);
+	CHECK_SECURITY_DESCRIPTOR(q.query_secdesc.out.sd, sd2);
+
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	if (NT_STATUS_IS_OK(status)) {
+		torture_warning(tctx, "failed: w2k3 ACL bug (allowed open when ACL should deny)\n");
+		ret = false;
+		fnum2 = io.ntcreatex.out.file.fnum;
+		CHECK_ACCESS_FLAGS(fnum2, SEC_RIGHTS_FILE_ALL);
+		smbcli_close(cli->tree, fnum2);
+	} else {
+		if (TARGET_IS_WIN7(tctx)) {
+			CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+		} else {
+			CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+		}
+	}
+
+	torture_comment(tctx, "trying without execute\n");
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL & ~SEC_FILE_EXECUTE;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	if (TARGET_IS_WIN7(tctx)) {
+		CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+	} else {
+		CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+	}
+
+	torture_comment(tctx, "and with full permissions again\n");
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	if (TARGET_IS_WIN7(tctx)) {
+		CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+	} else {
+		CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+	}
+
+	io.ntcreatex.in.access_mask = SEC_FILE_WRITE_DATA;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum2 = io.ntcreatex.out.file.fnum;
+	CHECK_ACCESS_FLAGS(fnum2, SEC_FILE_WRITE_DATA | SEC_FILE_READ_ATTRIBUTE);
+	smbcli_close(cli->tree, fnum2);
+
+	torture_comment(tctx, "put back original sd\n");
+	set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+	set.set_secdesc.in.file.fnum = fnum;
+	set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+	set.set_secdesc.in.sd = sd_orig;
+	status = smb_raw_setfileinfo(cli->tree, &set);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	smbcli_close(cli->tree, fnum);
+
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	if (TARGET_IS_WIN7(tctx)) {
+		CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+	} else {
+		CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+	}
+
+	io.ntcreatex.in.access_mask = SEC_FILE_WRITE_DATA;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum2 = io.ntcreatex.out.file.fnum;
+	CHECK_ACCESS_FLAGS(fnum2, SEC_FILE_WRITE_DATA | SEC_FILE_READ_ATTRIBUTE);
+	smbcli_close(cli->tree, fnum2);
+
+done:
+	if (sd_orig != NULL) {
+		set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+		set.set_secdesc.in.file.fnum = fnum;
+		set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+		set.set_secdesc.in.sd = sd_orig;
+		status = smb_raw_setfileinfo(cli->tree, &set);
+	}
+
+	smbcli_close(cli->tree, fnum);
+	smbcli_unlink(cli->tree, fname1);
+	smbcli_rmdir(cli->tree, dname);
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	if (!ret) {
+		torture_result(tctx,
+			TORTURE_FAIL, "(%s) test_inheritance\n",
+			__location__);
+	}
+
+	return ret;
+}
+
+static bool test_inheritance_flags(struct torture_context *tctx,
+    struct smbcli_state *cli)
+{
+	NTSTATUS status;
+	union smb_open io;
+	const char *dname = BASEDIR "\\inheritance";
+	const char *fname1 = BASEDIR "\\inheritance\\testfile";
+	bool ret = true;
+	int fnum=0, fnum2, i, j;
+	union smb_fileinfo q;
+	union smb_setfileinfo set;
+	struct security_descriptor *sd, *sd2, *sd_orig=NULL;
+	const char *owner_sid;
+	struct {
+		uint32_t parent_set_sd_type; /* 3 options */
+		uint32_t parent_set_ace_inherit; /* 1 option */
+		uint32_t parent_get_sd_type;
+		uint32_t parent_get_ace_inherit;
+		uint32_t child_get_sd_type;
+		uint32_t child_get_ace_inherit;
+	} tflags[16] = {{0}}; /* 2^4 */
+
+	for (i = 0; i < 15; i++) {
+		torture_comment(tctx, "i=%d:", i);
+
+		ZERO_STRUCT(tflags[i]);
+
+		if (i & 1) {
+			tflags[i].parent_set_sd_type |=
+			    SEC_DESC_DACL_AUTO_INHERITED;
+			torture_comment(tctx, "AUTO_INHERITED, ");
+		}
+		if (i & 2) {
+			tflags[i].parent_set_sd_type |=
+			    SEC_DESC_DACL_AUTO_INHERIT_REQ;
+			torture_comment(tctx, "AUTO_INHERIT_REQ, ");
+		}
+		if (i & 4) {
+			tflags[i].parent_set_sd_type |=
+			    SEC_DESC_DACL_PROTECTED;
+			tflags[i].parent_get_sd_type |=
+			    SEC_DESC_DACL_PROTECTED;
+			torture_comment(tctx, "PROTECTED, ");
+		}
+		if (i & 8) {
+			tflags[i].parent_set_ace_inherit |=
+			    SEC_ACE_FLAG_INHERITED_ACE;
+			tflags[i].parent_get_ace_inherit |=
+			    SEC_ACE_FLAG_INHERITED_ACE;
+			torture_comment(tctx, "INHERITED, ");
+		}
+
+		if ((tflags[i].parent_set_sd_type &
+		    (SEC_DESC_DACL_AUTO_INHERITED | SEC_DESC_DACL_AUTO_INHERIT_REQ)) ==
+		    (SEC_DESC_DACL_AUTO_INHERITED | SEC_DESC_DACL_AUTO_INHERIT_REQ)) {
+			tflags[i].parent_get_sd_type |=
+			    SEC_DESC_DACL_AUTO_INHERITED;
+			tflags[i].child_get_sd_type |=
+			    SEC_DESC_DACL_AUTO_INHERITED;
+			tflags[i].child_get_ace_inherit |=
+			    SEC_ACE_FLAG_INHERITED_ACE;
+			torture_comment(tctx, "  ... parent is AUTO INHERITED");
+		}
+
+		if (tflags[i].parent_set_ace_inherit &
+		    SEC_ACE_FLAG_INHERITED_ACE) {
+			tflags[i].parent_get_ace_inherit =
+			    SEC_ACE_FLAG_INHERITED_ACE;
+			torture_comment(tctx, "  ... parent ACE is INHERITED");
+		}
+
+		torture_comment(tctx, "\n");
+	}
+
+	if (!torture_setup_dir(cli, BASEDIR))
+		return false;
+
+	torture_comment(tctx, "TESTING ACL INHERITANCE FLAGS\n");
+
+	ZERO_STRUCT(io);
+
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_DIRECTORY;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = dname;
+
+	torture_comment(tctx, "creating initial directory %s\n", dname);
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	torture_comment(tctx, "getting original sd\n");
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.fnum = fnum;
+	q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+	status = smb_raw_fileinfo(cli->tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	sd_orig = q.query_secdesc.out.sd;
+
+	owner_sid = dom_sid_string(tctx, sd_orig->owner_sid);
+	torture_comment(tctx, "owner_sid is %s\n", owner_sid);
+
+	for (i=0; i < ARRAY_SIZE(tflags); i++) {
+		torture_comment(tctx, "setting a new sd on directory, pass #%d\n", i);
+
+		sd = security_descriptor_dacl_create(tctx,
+						tflags[i].parent_set_sd_type,
+						NULL, NULL,
+						owner_sid,
+						SEC_ACE_TYPE_ACCESS_ALLOWED,
+						SEC_FILE_WRITE_DATA | SEC_STD_WRITE_DAC,
+						SEC_ACE_FLAG_OBJECT_INHERIT |
+						SEC_ACE_FLAG_CONTAINER_INHERIT |
+						tflags[i].parent_set_ace_inherit,
+						SID_WORLD,
+						SEC_ACE_TYPE_ACCESS_ALLOWED,
+						SEC_FILE_ALL | SEC_STD_ALL,
+						0,
+						NULL);
+		set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+		set.set_secdesc.in.file.fnum = fnum;
+		set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+		set.set_secdesc.in.sd = sd;
+		status = smb_raw_setfileinfo(cli->tree, &set);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		/*
+		 * Check DACL we just set, except change the bits to what they
+		 * should be.
+		 */
+		torture_comment(tctx, "  checking new sd\n");
+
+		/* REQ bit should always be false. */
+		sd->type &= ~SEC_DESC_DACL_AUTO_INHERIT_REQ;
+
+		if ((tflags[i].parent_get_sd_type & SEC_DESC_DACL_AUTO_INHERITED) == 0)
+			sd->type &= ~SEC_DESC_DACL_AUTO_INHERITED;
+
+		q.query_secdesc.in.file.fnum = fnum;
+		q.query_secdesc.in.secinfo_flags = SECINFO_DACL;
+		status = smb_raw_fileinfo(cli->tree, tctx, &q);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		CHECK_SECURITY_DESCRIPTOR(q.query_secdesc.out.sd, sd);
+
+		/* Create file. */
+		torture_comment(tctx, "  creating file %s\n", fname1);
+		io.ntcreatex.in.fname = fname1;
+		io.ntcreatex.in.create_options = 0;
+		io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+		io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+		io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+		status = smb_raw_open(cli->tree, tctx, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		fnum2 = io.ntcreatex.out.file.fnum;
+		CHECK_ACCESS_FLAGS(fnum2, SEC_RIGHTS_FILE_ALL);
+
+		q.query_secdesc.in.file.fnum = fnum2;
+		q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+		status = smb_raw_fileinfo(cli->tree, tctx, &q);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		torture_comment(tctx, "  checking sd on file %s\n", fname1);
+		sd2 = security_descriptor_dacl_create(tctx,
+						 tflags[i].child_get_sd_type,
+						 owner_sid, NULL,
+						 owner_sid,
+						 SEC_ACE_TYPE_ACCESS_ALLOWED,
+						 SEC_FILE_WRITE_DATA | SEC_STD_WRITE_DAC,
+						 tflags[i].child_get_ace_inherit,
+						 NULL);
+		CHECK_SECURITY_DESCRIPTOR(q.query_secdesc.out.sd, sd2);
+
+		/*
+		 * Set new sd on file ... prove that the bits have nothing to
+		 * do with the parents bits when manually setting an ACL. The
+		 * _AUTO_INHERITED bit comes directly from the ACL set.
+		 */
+		for (j = 0; j < ARRAY_SIZE(tflags); j++) {
+			torture_comment(tctx, "  setting new file sd, pass #%d\n", j);
+
+			/* Change sd type. */
+			sd2->type &= ~(SEC_DESC_DACL_AUTO_INHERITED |
+			    SEC_DESC_DACL_AUTO_INHERIT_REQ |
+			    SEC_DESC_DACL_PROTECTED);
+			sd2->type |= tflags[j].parent_set_sd_type;
+
+			sd2->dacl->aces[0].flags &=
+			    ~SEC_ACE_FLAG_INHERITED_ACE;
+			sd2->dacl->aces[0].flags |=
+			    tflags[j].parent_set_ace_inherit;
+
+			set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+			set.set_secdesc.in.file.fnum = fnum2;
+			set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+			set.set_secdesc.in.sd = sd2;
+			status = smb_raw_setfileinfo(cli->tree, &set);
+			CHECK_STATUS(status, NT_STATUS_OK);
+
+			/* Check DACL we just set. */
+			sd2->type &= ~SEC_DESC_DACL_AUTO_INHERIT_REQ;
+			if ((tflags[j].parent_get_sd_type & SEC_DESC_DACL_AUTO_INHERITED) == 0)
+				sd2->type &= ~SEC_DESC_DACL_AUTO_INHERITED;
+
+			q.query_secdesc.in.file.fnum = fnum2;
+			q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+			status = smb_raw_fileinfo(cli->tree, tctx, &q);
+			CHECK_STATUS(status, NT_STATUS_OK);
+
+			CHECK_SECURITY_DESCRIPTOR(q.query_secdesc.out.sd, sd2);
+		}
+
+		smbcli_close(cli->tree, fnum2);
+		smbcli_unlink(cli->tree, fname1);
+	}
+
+done:
+	smbcli_close(cli->tree, fnum);
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	if (!ret) {
+		torture_result(tctx,
+			TORTURE_FAIL, "(%s) test_inheritance_flags\n",
+			__location__);
+	}
+
+	return ret;
+}
+
+/*
+  test dynamic acl inheritance
+  Test copied to smb2/acls.c for SMB2.
+*/
+static bool test_inheritance_dynamic(struct torture_context *tctx, 
+									 struct smbcli_state *cli)
+{
+	NTSTATUS status;
+	union smb_open io;
+	const char *dname = BASEDIR "\\inheritance2";
+	const char *fname1 = BASEDIR "\\inheritance2\\testfile";
+	bool ret = true;
+	int fnum=0, fnum2;
+	union smb_fileinfo q;
+	union smb_setfileinfo set;
+	struct security_descriptor *sd, *sd_orig=NULL;
+	const char *owner_sid;
+	
+	torture_comment(tctx, "TESTING DYNAMIC ACL INHERITANCE\n");
+
+	if (!torture_setup_dir(cli, BASEDIR))
+		return false;
+
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_DIRECTORY;
+	io.ntcreatex.in.share_access = 0;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = dname;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	torture_comment(tctx, "get the original sd\n");
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.fnum = fnum;
+	q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+	status = smb_raw_fileinfo(cli->tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	sd_orig = q.query_secdesc.out.sd;
+
+	owner_sid = dom_sid_string(tctx, sd_orig->owner_sid);
+
+	torture_comment(tctx, "owner_sid is %s\n", owner_sid);
+
+	sd = security_descriptor_dacl_create(tctx,
+					0, NULL, NULL,
+					owner_sid,
+					SEC_ACE_TYPE_ACCESS_ALLOWED,
+					SEC_FILE_WRITE_DATA | SEC_STD_DELETE | SEC_FILE_READ_ATTRIBUTE,
+					SEC_ACE_FLAG_OBJECT_INHERIT,
+					NULL);
+	sd->type |= SEC_DESC_DACL_AUTO_INHERITED | SEC_DESC_DACL_AUTO_INHERIT_REQ;
+
+	set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+	set.set_secdesc.in.file.fnum = fnum;
+	set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+	set.set_secdesc.in.sd = sd;
+	status = smb_raw_setfileinfo(cli->tree, &set);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "create a file with an inherited acl\n");
+	io.ntcreatex.in.fname = fname1;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.access_mask = SEC_FILE_READ_ATTRIBUTE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum2 = io.ntcreatex.out.file.fnum;
+	smbcli_close(cli->tree, fnum2);
+
+	torture_comment(tctx, "try and access file with base rights - should be OK\n");
+	io.ntcreatex.in.access_mask = SEC_FILE_WRITE_DATA;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum2 = io.ntcreatex.out.file.fnum;
+	smbcli_close(cli->tree, fnum2);
+
+	torture_comment(tctx, "try and access file with extra rights - should be denied\n");
+	io.ntcreatex.in.access_mask = SEC_FILE_WRITE_DATA | SEC_FILE_EXECUTE;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	torture_comment(tctx, "update parent sd\n");
+	sd = security_descriptor_dacl_create(tctx,
+					0, NULL, NULL,
+					owner_sid,
+					SEC_ACE_TYPE_ACCESS_ALLOWED,
+					SEC_FILE_WRITE_DATA | SEC_STD_DELETE | SEC_FILE_READ_ATTRIBUTE | SEC_FILE_EXECUTE,
+					SEC_ACE_FLAG_OBJECT_INHERIT,
+					NULL);
+	sd->type |= SEC_DESC_DACL_AUTO_INHERITED | SEC_DESC_DACL_AUTO_INHERIT_REQ;
+
+	set.set_secdesc.in.sd = sd;
+	status = smb_raw_setfileinfo(cli->tree, &set);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "try and access file with base rights - should be OK\n");
+	io.ntcreatex.in.access_mask = SEC_FILE_WRITE_DATA;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum2 = io.ntcreatex.out.file.fnum;
+	smbcli_close(cli->tree, fnum2);
+
+
+	torture_comment(tctx, "try and access now - should be OK if dynamic inheritance works\n");
+	io.ntcreatex.in.access_mask = SEC_FILE_WRITE_DATA | SEC_FILE_EXECUTE;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+		torture_comment(tctx, "Server does not have dynamic inheritance\n");
+	}
+	if (NT_STATUS_EQUAL(status, NT_STATUS_OK)) {
+		torture_comment(tctx, "Server does have dynamic inheritance\n");
+	}
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	smbcli_unlink(cli->tree, fname1);
+
+done:
+	if (sd_orig != NULL) {
+		torture_comment(tctx, "put back original sd\n");
+		set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+		set.set_secdesc.in.file.fnum = fnum;
+		set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+		set.set_secdesc.in.sd = sd_orig;
+		status = smb_raw_setfileinfo(cli->tree, &set);
+	}
+	smbcli_close(cli->tree, fnum);
+	smbcli_rmdir(cli->tree, dname);
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+#define CHECK_STATUS_FOR_BIT_ACTION(status, bits, action) do { \
+	if (!(bits & desired_64)) {\
+		CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); \
+		action; \
+	} else { \
+		CHECK_STATUS(status, NT_STATUS_OK); \
+	} \
+} while (0)
+
+#define CHECK_STATUS_FOR_BIT(status, bits, access) do { \
+	if (NT_STATUS_IS_OK(status)) { \
+		if (!(granted & access)) {\
+			ret = false; \
+			torture_result(tctx, TORTURE_FAIL, "(%s) %s but flags 0x%08X are not granted! granted[0x%08X] desired[0x%08X]\n", \
+			       __location__, nt_errstr(status), access, granted, desired); \
+			goto done; \
+		} \
+	} else { \
+		if (granted & access) {\
+			ret = false; \
+			torture_result(tctx, TORTURE_FAIL, "(%s) %s but flags 0x%08X are granted! granted[0x%08X] desired[0x%08X]\n", \
+			       __location__, nt_errstr(status), access, granted, desired); \
+			goto done; \
+		} \
+	} \
+	CHECK_STATUS_FOR_BIT_ACTION(status, bits, do {} while (0)); \
+} while (0)
+
+#if 0
+
+/* test what access mask is needed for getting and setting security_descriptors
+  Test copied to smb2/acls.c for SMB2. */
+static bool test_sd_get_set(struct torture_context *tctx, 
+							struct smbcli_state *cli)
+{
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	union smb_fileinfo fi;
+	union smb_setfileinfo si;
+	struct security_descriptor *sd;
+	struct security_descriptor *sd_owner = NULL;
+	struct security_descriptor *sd_group = NULL;
+	struct security_descriptor *sd_dacl = NULL;
+	struct security_descriptor *sd_sacl = NULL;
+	int fnum=0;
+	const char *fname = BASEDIR "\\sd_get_set.txt";
+	uint64_t desired_64;
+	uint32_t desired = 0, granted;
+	int i = 0;
+#define NO_BITS_HACK (((uint64_t)1)<<32)
+	uint64_t open_bits =
+		SEC_MASK_GENERIC |
+		SEC_FLAG_SYSTEM_SECURITY |
+		SEC_FLAG_MAXIMUM_ALLOWED |
+		SEC_STD_ALL |
+		SEC_FILE_ALL | 
+		NO_BITS_HACK;
+	uint64_t get_owner_bits = SEC_MASK_GENERIC | SEC_FLAG_MAXIMUM_ALLOWED | SEC_STD_READ_CONTROL;
+	uint64_t set_owner_bits = SEC_GENERIC_ALL  | SEC_FLAG_MAXIMUM_ALLOWED | SEC_STD_WRITE_OWNER;
+	uint64_t get_group_bits = SEC_MASK_GENERIC | SEC_FLAG_MAXIMUM_ALLOWED | SEC_STD_READ_CONTROL;
+	uint64_t set_group_bits = SEC_GENERIC_ALL  | SEC_FLAG_MAXIMUM_ALLOWED | SEC_STD_WRITE_OWNER;
+	uint64_t get_dacl_bits  = SEC_MASK_GENERIC | SEC_FLAG_MAXIMUM_ALLOWED | SEC_STD_READ_CONTROL;
+	uint64_t set_dacl_bits  = SEC_GENERIC_ALL  | SEC_FLAG_MAXIMUM_ALLOWED | SEC_STD_WRITE_DAC;
+	uint64_t get_sacl_bits  = SEC_FLAG_SYSTEM_SECURITY;
+	uint64_t set_sacl_bits  = SEC_FLAG_SYSTEM_SECURITY;
+
+	if (!torture_setup_dir(cli, BASEDIR))
+		return false;
+
+	torture_comment(tctx, "TESTING ACCESS MASKS FOR SD GET/SET\n");
+
+	/* first create a file with full access for everyone */
+	sd = security_descriptor_dacl_create(tctx,
+					0, SID_NT_ANONYMOUS, SID_BUILTIN_USERS,
+					SID_WORLD,
+					SEC_ACE_TYPE_ACCESS_ALLOWED,
+					SEC_GENERIC_ALL,
+					0,
+					NULL);
+	sd->type |= SEC_DESC_SACL_PRESENT;
+	sd->sacl = NULL;
+	io.ntcreatex.level = RAW_OPEN_NTTRANS_CREATE;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_GENERIC_ALL;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+	io.ntcreatex.in.sec_desc = sd;
+	io.ntcreatex.in.ea_list = NULL;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	status = smbcli_close(cli->tree, fnum);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* 
+	 * now try each access_mask bit and no bit at all in a loop
+	 * and see what's allowed
+	 * NOTE: if i == 32 it means access_mask = 0 (see NO_BITS_HACK above)
+	 */
+	for (i=0; i <= 32; i++) {
+		desired_64 = ((uint64_t)1) << i;
+		desired = (uint32_t)desired_64;
+
+		/* first open the file with the desired access */
+		io.ntcreatex.level = RAW_OPEN_NTCREATEX;
+		io.ntcreatex.in.access_mask = desired;
+		io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+		status = smb_raw_open(cli->tree, tctx, &io);
+		CHECK_STATUS_FOR_BIT_ACTION(status, open_bits, goto next);
+		fnum = io.ntcreatex.out.file.fnum;
+
+		/* then check what access was granted */
+		fi.access_information.level		= RAW_FILEINFO_ACCESS_INFORMATION;
+		fi.access_information.in.file.fnum	= fnum;
+		status = smb_raw_fileinfo(cli->tree, tctx, &fi);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		granted = fi.access_information.out.access_flags;
+
+		/* test the owner */
+		ZERO_STRUCT(fi);
+		fi.query_secdesc.level			= RAW_FILEINFO_SEC_DESC;
+		fi.query_secdesc.in.file.fnum		= fnum;
+		fi.query_secdesc.in.secinfo_flags	= SECINFO_OWNER;
+		status = smb_raw_fileinfo(cli->tree, tctx, &fi);
+		CHECK_STATUS_FOR_BIT(status, get_owner_bits, SEC_STD_READ_CONTROL);
+		if (fi.query_secdesc.out.sd) {
+			sd_owner = fi.query_secdesc.out.sd;
+		} else if (!sd_owner) {
+			sd_owner = sd;
+		}
+		si.set_secdesc.level			= RAW_SFILEINFO_SEC_DESC;
+		si.set_secdesc.in.file.fnum		= fnum;
+		si.set_secdesc.in.secinfo_flags		= SECINFO_OWNER;
+		si.set_secdesc.in.sd			= sd_owner;
+		status = smb_raw_setfileinfo(cli->tree, &si);
+		CHECK_STATUS_FOR_BIT(status, set_owner_bits, SEC_STD_WRITE_OWNER);
+
+		/* test the group */
+		ZERO_STRUCT(fi);
+		fi.query_secdesc.level			= RAW_FILEINFO_SEC_DESC;
+		fi.query_secdesc.in.file.fnum		= fnum;
+		fi.query_secdesc.in.secinfo_flags	= SECINFO_GROUP;
+		status = smb_raw_fileinfo(cli->tree, tctx, &fi);
+		CHECK_STATUS_FOR_BIT(status, get_group_bits, SEC_STD_READ_CONTROL);
+		if (fi.query_secdesc.out.sd) {
+			sd_group = fi.query_secdesc.out.sd;
+		} else if (!sd_group) {
+			sd_group = sd;
+		}
+		si.set_secdesc.level			= RAW_SFILEINFO_SEC_DESC;
+		si.set_secdesc.in.file.fnum		= fnum;
+		si.set_secdesc.in.secinfo_flags		= SECINFO_GROUP;
+		si.set_secdesc.in.sd			= sd_group;
+		status = smb_raw_setfileinfo(cli->tree, &si);
+		CHECK_STATUS_FOR_BIT(status, set_group_bits, SEC_STD_WRITE_OWNER);
+
+		/* test the DACL */
+		ZERO_STRUCT(fi);
+		fi.query_secdesc.level			= RAW_FILEINFO_SEC_DESC;
+		fi.query_secdesc.in.file.fnum		= fnum;
+		fi.query_secdesc.in.secinfo_flags	= SECINFO_DACL;
+		status = smb_raw_fileinfo(cli->tree, tctx, &fi);
+		CHECK_STATUS_FOR_BIT(status, get_dacl_bits, SEC_STD_READ_CONTROL);
+		if (fi.query_secdesc.out.sd) {
+			sd_dacl = fi.query_secdesc.out.sd;
+		} else if (!sd_dacl) {
+			sd_dacl = sd;
+		}
+		si.set_secdesc.level			= RAW_SFILEINFO_SEC_DESC;
+		si.set_secdesc.in.file.fnum		= fnum;
+		si.set_secdesc.in.secinfo_flags		= SECINFO_DACL;
+		si.set_secdesc.in.sd			= sd_dacl;
+		status = smb_raw_setfileinfo(cli->tree, &si);
+		CHECK_STATUS_FOR_BIT(status, set_dacl_bits, SEC_STD_WRITE_DAC);
+
+		/* test the SACL */
+		ZERO_STRUCT(fi);
+		fi.query_secdesc.level			= RAW_FILEINFO_SEC_DESC;
+		fi.query_secdesc.in.file.fnum		= fnum;
+		fi.query_secdesc.in.secinfo_flags	= SECINFO_SACL;
+		status = smb_raw_fileinfo(cli->tree, tctx, &fi);
+		CHECK_STATUS_FOR_BIT(status, get_sacl_bits, SEC_FLAG_SYSTEM_SECURITY);
+		if (fi.query_secdesc.out.sd) {
+			sd_sacl = fi.query_secdesc.out.sd;
+		} else if (!sd_sacl) {
+			sd_sacl = sd;
+		}
+		si.set_secdesc.level			= RAW_SFILEINFO_SEC_DESC;
+		si.set_secdesc.in.file.fnum		= fnum;
+		si.set_secdesc.in.secinfo_flags		= SECINFO_SACL;
+		si.set_secdesc.in.sd			= sd_sacl;
+		status = smb_raw_setfileinfo(cli->tree, &si);
+		CHECK_STATUS_FOR_BIT(status, set_sacl_bits, SEC_FLAG_SYSTEM_SECURITY);
+
+		/* close the handle */
+		status = smbcli_close(cli->tree, fnum);
+		CHECK_STATUS(status, NT_STATUS_OK);
+next:
+		continue;
+	}
+
+done:
+	smbcli_close(cli->tree, fnum);
+	smbcli_unlink(cli->tree, fname);
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+#endif
+
+/* 
+   basic testing of security descriptor calls
+*/
+struct torture_suite *torture_raw_acls(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "acls");
+
+	torture_suite_add_1smb_test(suite, "sd", test_sd);
+	torture_suite_add_1smb_test(suite, "create_file", test_nttrans_create_file);
+	torture_suite_add_1smb_test(suite, "create_dir", test_nttrans_create_dir);
+	torture_suite_add_1smb_test(suite, "create_owner_file", test_nttrans_create_owner_file);
+	torture_suite_add_1smb_test(suite, "create_owner_dir", test_nttrans_create_owner_dir);
+	torture_suite_add_1smb_test(suite, "nulldacl", test_nttrans_create_null_dacl);
+	torture_suite_add_1smb_test(suite, "creator", test_creator_sid);
+	torture_suite_add_1smb_test(suite, "generic", test_generic_bits);
+	torture_suite_add_1smb_test(suite, "owner", test_owner_bits);
+	torture_suite_add_1smb_test(suite, "inheritance", test_inheritance);
+
+	torture_suite_add_1smb_test(suite, "INHERITFLAGS", test_inheritance_flags);
+	torture_suite_add_1smb_test(suite, "dynamic", test_inheritance_dynamic);
+#if 0
+	/* XXX This test does not work against XP or Vista. */
+	torture_suite_add_1smb_test(suite, "GETSET", test_sd_get_set);
+#endif
+
+	return suite;
+}
diff --git a/source4/torture/raw/chkpath.c b/source4/torture/raw/chkpath.c
new file mode 100644
index 0000000..2afd7ea
--- /dev/null
+++ b/source4/torture/raw/chkpath.c
@@ -0,0 +1,390 @@
+/* 
+   Unix SMB/CIFS implementation.
+   chkpath individual test suite
+   Copyright (C) Andrew Tridgell 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/locale.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "torture/raw/proto.h"
+
+#define BASEDIR "\\rawchkpath"
+
+#define CHECK_STATUS(status, correct, dos_correct) do { \
+	if (!NT_STATUS_EQUAL(status, correct) && !NT_STATUS_EQUAL(status, dos_correct)) { \
+		printf("(%d) Incorrect status %s - should be %s\n", \
+		       __LINE__, nt_errstr(status), nt_errstr(correct)); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+
+static NTSTATUS single_search(struct smbcli_state *cli,
+                              TALLOC_CTX *mem_ctx, const char *pattern)
+{
+	union smb_search_first io;
+	NTSTATUS status;
+
+	io.t2ffirst.level = RAW_SEARCH_TRANS2;
+	io.t2ffirst.data_level = RAW_SEARCH_DATA_STANDARD;
+	io.t2ffirst.in.search_attrib = 0;
+	io.t2ffirst.in.max_count = 1;
+	io.t2ffirst.in.flags = FLAG_TRANS2_FIND_CLOSE;
+	io.t2ffirst.in.storage_type = 0;
+	io.t2ffirst.in.pattern = pattern;
+
+	status = smb_raw_search_first(cli->tree, mem_ctx,
+				      &io, NULL, NULL);
+
+	return status;
+}
+
+static bool test_path_ex(struct smbcli_state *cli, struct torture_context *tctx,
+			 const char *path, const char *path_expected,
+			 NTSTATUS expected, NTSTATUS dos_expected)
+{
+	union smb_chkpath io;
+	union smb_fileinfo finfo;
+	NTSTATUS status;
+
+	io.chkpath.in.path = path;
+	status = smb_raw_chkpath(cli->tree, &io);
+	if (!NT_STATUS_EQUAL(status, expected) && !NT_STATUS_EQUAL(status, dos_expected)) {
+		printf("FAILED %-30s chkpath %s should be %s or %s\n",
+		       path, nt_errstr(status), nt_errstr(expected), nt_errstr(dos_expected));
+		return false;
+	} else {
+		printf("%-30s chkpath correct (%s)\n", path, nt_errstr(status));
+	}
+
+	if (NT_STATUS_EQUAL(expected, NT_STATUS_NOT_A_DIRECTORY)) {
+		expected = NT_STATUS_OK;
+	}
+
+	ZERO_STRUCT(finfo);
+	finfo.generic.level = RAW_FILEINFO_NAME_INFO;
+	finfo.generic.in.file.path = path;
+	status = smb_raw_pathinfo(cli->tree, cli, &finfo);
+	if (!NT_STATUS_EQUAL(status, expected) && !NT_STATUS_EQUAL(status, dos_expected)) {
+		printf("FAILED: %-30s pathinfo %s should be %s or %s\n",
+		       path, nt_errstr(status), nt_errstr(expected), nt_errstr(dos_expected));
+		return false;
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("%-30s chkpath correct (%s)\n", path, nt_errstr(status));
+		return true;
+	}
+
+	if (path_expected &&
+	    (!finfo.name_info.out.fname.s ||
+	     strcmp(finfo.name_info.out.fname.s, path_expected) != 0)) {
+		if (tctx && torture_setting_bool(tctx, "samba4", false)) {
+			printf("IGNORE: %-30s => %-20s should be %s\n",
+				path, finfo.name_info.out.fname.s, path_expected);
+			return true;
+		}
+		printf("FAILED: %-30s => %-20s should be %s\n",
+			path, finfo.name_info.out.fname.s, path_expected);
+		return false;
+	}
+	printf("%-30s => %-20s correct\n",
+		path, finfo.name_info.out.fname.s);
+
+	return true;
+}
+
+static bool test_path(struct smbcli_state *cli, const char *path,
+		      NTSTATUS expected, NTSTATUS dos_expected)
+{
+	return test_path_ex(cli, NULL, path, path, expected, dos_expected);
+}
+
+static bool test_chkpath(struct smbcli_state *cli, struct torture_context *tctx)
+{
+	union smb_chkpath io;
+	NTSTATUS status;
+	bool ret = true;
+	int fnum = -1;
+
+	io.chkpath.in.path = BASEDIR;
+
+	status = smb_raw_chkpath(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK, NT_STATUS_OK);
+
+	ret &= test_path(cli, BASEDIR "\\nodir", NT_STATUS_OBJECT_NAME_NOT_FOUND, NT_STATUS_DOS(ERRDOS,ERRbadpath));
+
+	fnum = create_complex_file(cli, tctx, BASEDIR "\\test.txt..");
+	if (fnum == -1) {
+		printf("failed to open test.txt - %s\n", smbcli_errstr(cli->tree));
+		ret = false;
+		goto done;
+	}
+
+	ret &= test_path(cli, BASEDIR "\\test.txt..", NT_STATUS_NOT_A_DIRECTORY, NT_STATUS_DOS(ERRDOS,ERRbadpath));
+	
+	if (!torture_set_file_attribute(cli->tree, BASEDIR, FILE_ATTRIBUTE_HIDDEN)) {
+		printf("failed to set basedir hidden\n");
+		ret = false;
+		goto done;
+	}
+
+	ret &= test_path_ex(cli, tctx, BASEDIR, BASEDIR, NT_STATUS_OK, NT_STATUS_OK);
+	ret &= test_path_ex(cli, tctx, ((const char *)BASEDIR) + 1, BASEDIR, NT_STATUS_OK, NT_STATUS_OK);
+	ret &= test_path_ex(cli, tctx, ((const char *)BASEDIR"\\\\") + 1, BASEDIR, NT_STATUS_OK, NT_STATUS_OK);
+	ret &= test_path_ex(cli, tctx, ((const char *)BASEDIR"\\foo\\..") + 1, BASEDIR, NT_STATUS_OK, NT_STATUS_OK);
+	ret &= test_path_ex(cli, tctx, ((const char *)BASEDIR"\\f\\o\\o\\..\\..\\..") + 1, BASEDIR, NT_STATUS_OK, NT_STATUS_OK);
+	ret &= test_path_ex(cli, tctx, ((const char *)BASEDIR"\\foo\\\\..\\\\") + 1, BASEDIR, NT_STATUS_OK, NT_STATUS_OK);
+	ret &= test_path_ex(cli, tctx, BASEDIR"\\", BASEDIR, NT_STATUS_OK, NT_STATUS_OK);
+	ret &= test_path_ex(cli, tctx, BASEDIR"\\\\..\\"BASEDIR, BASEDIR, NT_STATUS_OK, NT_STATUS_OK);
+	ret &= test_path_ex(cli, tctx, BASEDIR"\\\\\\", BASEDIR, NT_STATUS_OK, NT_STATUS_OK);
+	ret &= test_path_ex(cli, tctx, "\\\\\\\\"BASEDIR"\\\\\\\\", BASEDIR, NT_STATUS_OK, NT_STATUS_OK);
+	ret &= test_path_ex(cli, tctx, "\\\\\\\\"BASEDIR, BASEDIR, NT_STATUS_OK, NT_STATUS_OK);
+	ret &= test_path_ex(cli, tctx, BASEDIR "\\foo\\..\\test.txt..", BASEDIR "\\test.txt..",
+			    NT_STATUS_NOT_A_DIRECTORY, NT_STATUS_DOS(ERRDOS,ERRbadpath));
+	ret &= test_path_ex(cli, tctx, "", "\\", NT_STATUS_OK, NT_STATUS_OK);
+	ret &= test_path(cli, ".", NT_STATUS_OBJECT_NAME_INVALID, NT_STATUS_DOS(ERRDOS,ERRbadpath));
+	ret &= test_path(cli, ".\\", NT_STATUS_OBJECT_NAME_INVALID, NT_STATUS_DOS(ERRDOS,ERRbadpath));
+	ret &= test_path(cli, "\\\\\\.\\", NT_STATUS_OBJECT_NAME_INVALID, NT_STATUS_DOS(ERRDOS,ERRbadpath));
+	ret &= test_path(cli, ".\\.", NT_STATUS_OBJECT_PATH_NOT_FOUND, NT_STATUS_DOS(ERRDOS,ERRbadpath));
+	ret &= test_path(cli, "." BASEDIR, NT_STATUS_OBJECT_PATH_NOT_FOUND, NT_STATUS_DOS(ERRDOS,ERRbadpath));
+	ret &= test_path(cli, BASEDIR "\\.", NT_STATUS_OBJECT_NAME_INVALID, NT_STATUS_DOS(ERRDOS,ERRbadpath));
+	ret &= test_path(cli, BASEDIR "\\.\\test.txt..", NT_STATUS_OBJECT_PATH_NOT_FOUND, NT_STATUS_DOS(ERRDOS,ERRbadpath));
+	ret &= test_path(cli, ".\\.\\", NT_STATUS_OBJECT_PATH_NOT_FOUND,NT_STATUS_DOS(ERRDOS,ERRbadpath));
+	ret &= test_path(cli, ".\\.\\.", NT_STATUS_OBJECT_PATH_NOT_FOUND,NT_STATUS_DOS(ERRDOS,ERRbadpath));
+	ret &= test_path(cli, ".\\.\\.aaaaa", NT_STATUS_OBJECT_PATH_NOT_FOUND,NT_STATUS_DOS(ERRDOS,ERRbadpath));
+	ret &= test_path(cli, "\\.\\", NT_STATUS_OBJECT_NAME_INVALID,NT_STATUS_DOS(ERRDOS,ERRbadpath));
+	ret &= test_path(cli, "\\.\\\\", NT_STATUS_OBJECT_NAME_INVALID,NT_STATUS_DOS(ERRDOS,ERRbadpath));
+	ret &= test_path(cli, "\\.\\\\\\\\\\\\", NT_STATUS_OBJECT_NAME_INVALID,NT_STATUS_DOS(ERRDOS,ERRbadpath));
+
+	/* Note that the two following paths are identical but
+	  give different NT status returns for chkpth and findfirst. */
+
+	printf("Testing findfirst on %s\n", "\\.\\\\\\\\\\\\.");
+	status = single_search(cli, tctx, "\\.\\\\\\\\\\\\.");
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_INVALID,NT_STATUS_DOS(ERRDOS,ERRinvalidname));
+
+	ret &= test_path(cli, "\\.\\\\\\\\\\\\.", NT_STATUS_OBJECT_PATH_NOT_FOUND,NT_STATUS_DOS(ERRDOS,ERRbadpath));
+
+	/* We expect this open to fail with the same error code as the chkpath below. */
+	printf("Testing Open on %s\n", "\\.\\\\\\\\\\\\.");
+	/* findfirst seems to fail with a different error. */
+	(void)smbcli_nt_create_full(cli->tree, "\\.\\\\\\\\\\\\.",
+				      0, SEC_RIGHTS_FILE_ALL,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_DELETE|
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE,
+				      NTCREATEX_DISP_OVERWRITE_IF,
+				      0, 0);
+	status = smbcli_nt_error(cli->tree);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_PATH_NOT_FOUND,NT_STATUS_DOS(ERRDOS,ERRbadpath));
+
+
+	ret &= test_path(cli, "\\.\\\\xxx", NT_STATUS_OBJECT_PATH_NOT_FOUND,NT_STATUS_DOS(ERRDOS,ERRbadpath));
+	ret &= test_path(cli, "..\\..\\..", NT_STATUS_OBJECT_PATH_SYNTAX_BAD,NT_STATUS_DOS(ERRDOS,ERRinvalidpath));
+	ret &= test_path(cli, "\\..", NT_STATUS_OBJECT_PATH_SYNTAX_BAD,NT_STATUS_DOS(ERRDOS,ERRinvalidpath));
+	ret &= test_path(cli, "\\.\\\\\\\\\\\\xxx", NT_STATUS_OBJECT_PATH_NOT_FOUND,NT_STATUS_DOS(ERRDOS,ERRbadpath));
+	ret &= test_path(cli, BASEDIR"\\.\\", NT_STATUS_OBJECT_NAME_INVALID,NT_STATUS_DOS(ERRDOS,ERRbadpath));
+	ret &= test_path(cli, BASEDIR"\\.\\\\", NT_STATUS_OBJECT_NAME_INVALID,NT_STATUS_DOS(ERRDOS,ERRbadpath));
+	ret &= test_path(cli, BASEDIR"\\.\\nt", NT_STATUS_OBJECT_PATH_NOT_FOUND,NT_STATUS_DOS(ERRDOS,ERRbadpath));
+	ret &= test_path(cli, BASEDIR"\\.\\.\\nt", NT_STATUS_OBJECT_PATH_NOT_FOUND,NT_STATUS_DOS(ERRDOS,ERRbadpath));
+	ret &= test_path(cli, BASEDIR"\\nt", NT_STATUS_OK, NT_STATUS_OK);
+	ret &= test_path(cli, BASEDIR".\\foo", NT_STATUS_OBJECT_PATH_NOT_FOUND,NT_STATUS_DOS(ERRDOS,ERRbadpath));
+	ret &= test_path(cli, BASEDIR"xx\\foo", NT_STATUS_OBJECT_PATH_NOT_FOUND,NT_STATUS_DOS(ERRDOS,ERRbadpath));
+	ret &= test_path(cli, ".\\", NT_STATUS_OBJECT_NAME_INVALID,NT_STATUS_DOS(ERRDOS,ERRbadpath));
+	ret &= test_path(cli, ".\\.", NT_STATUS_OBJECT_PATH_NOT_FOUND,NT_STATUS_DOS(ERRDOS,ERRbadpath));
+	ret &= test_path(cli, ".\\.\\.\\.\\foo\\.\\.\\", NT_STATUS_OBJECT_PATH_NOT_FOUND,NT_STATUS_DOS(ERRDOS,ERRbadpath));
+	ret &= test_path(cli, BASEDIR".\\.\\.\\.\\foo\\.\\.\\", NT_STATUS_OBJECT_PATH_NOT_FOUND,NT_STATUS_DOS(ERRDOS,ERRbadpath));
+	ret &= test_path(cli, BASEDIR".\\.\\.\\.\\foo\\..\\.\\", NT_STATUS_OBJECT_PATH_NOT_FOUND,NT_STATUS_DOS(ERRDOS,ERRbadpath));
+	ret &= test_path(cli, BASEDIR".", NT_STATUS_OBJECT_NAME_NOT_FOUND,NT_STATUS_DOS(ERRDOS,ERRbadpath));
+	ret &= test_path(cli, "\\", NT_STATUS_OK,NT_STATUS_OK);
+	ret &= test_path(cli, "\\.", NT_STATUS_OBJECT_NAME_INVALID,NT_STATUS_DOS(ERRDOS,ERRbadpath));
+	ret &= test_path(cli, "\\..\\", NT_STATUS_OBJECT_PATH_SYNTAX_BAD,NT_STATUS_DOS(ERRDOS,ERRinvalidpath));
+	ret &= test_path(cli, "\\..", NT_STATUS_OBJECT_PATH_SYNTAX_BAD,NT_STATUS_DOS(ERRDOS,ERRinvalidpath));
+	ret &= test_path(cli, BASEDIR "\\.", NT_STATUS_OBJECT_NAME_INVALID,NT_STATUS_DOS(ERRDOS,ERRbadpath));
+	ret &= test_path_ex(cli, tctx, BASEDIR "\\..", "\\", NT_STATUS_OK,NT_STATUS_OK);
+	ret &= test_path(cli, BASEDIR "\\nt\\V S\\VB98\\vb600", NT_STATUS_OBJECT_NAME_NOT_FOUND,NT_STATUS_DOS(ERRDOS,ERRbadpath));
+	ret &= test_path(cli, BASEDIR "\\nt\\V S\\VB98\\vb6.exe", NT_STATUS_NOT_A_DIRECTORY,NT_STATUS_DOS(ERRDOS,ERRbadpath));
+
+	/* We expect this open to fail with the same error code as the chkpath below. */
+	printf("Testing Open on %s\n", BASEDIR".\\.\\.\\.\\foo\\..\\.\\");
+	/* findfirst seems to fail with a different error. */
+	(void)smbcli_nt_create_full(cli->tree, BASEDIR".\\.\\.\\.\\foo\\..\\.\\",
+				      0, SEC_RIGHTS_FILE_ALL,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_DELETE|
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE,
+				      NTCREATEX_DISP_OVERWRITE_IF,
+				      0, 0);
+	status = smbcli_nt_error(cli->tree);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_PATH_NOT_FOUND,NT_STATUS_DOS(ERRDOS,ERRbadpath));
+
+	printf("Testing findfirst on %s\n", BASEDIR".\\.\\.\\.\\foo\\..\\.\\");
+	status = single_search(cli, tctx, BASEDIR".\\.\\.\\.\\foo\\..\\.\\");
+	CHECK_STATUS(status, NT_STATUS_OBJECT_PATH_NOT_FOUND,NT_STATUS_DOS(ERRDOS,ERRbadpath));
+
+	/* We expect this open to fail with the same error code as the chkpath below. */
+	/* findfirst seems to fail with a different error. */
+	printf("Testing Open on %s\n", BASEDIR "\\nt\\V S\\VB98\\vb6.exe\\3");
+	(void)smbcli_nt_create_full(cli->tree, BASEDIR "\\nt\\V S\\VB98\\vb6.exe\\3",
+				      0, SEC_RIGHTS_FILE_ALL,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_DELETE|
+				      NTCREATEX_SHARE_ACCESS_READ|
+				      NTCREATEX_SHARE_ACCESS_WRITE,
+				      NTCREATEX_DISP_OVERWRITE_IF,
+				      0, 0);
+	status = smbcli_nt_error(cli->tree);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_PATH_NOT_FOUND,NT_STATUS_DOS(ERRDOS,ERRbadpath));
+
+	ret &= test_path(cli, BASEDIR "\\nt\\V S\\VB98\\vb6.exe\\3", NT_STATUS_OBJECT_PATH_NOT_FOUND,NT_STATUS_DOS(ERRDOS,ERRbadpath));
+	ret &= test_path(cli, BASEDIR "\\nt\\V S\\VB98\\vb6.exe\\3\\foo", NT_STATUS_OBJECT_PATH_NOT_FOUND,NT_STATUS_DOS(ERRDOS,ERRbadpath));
+	ret &= test_path(cli, BASEDIR "\\nt\\3\\foo", NT_STATUS_OBJECT_PATH_NOT_FOUND,NT_STATUS_DOS(ERRDOS,ERRbadpath));
+	ret &= test_path(cli, BASEDIR "\\nt\\V S\\*\\vb6.exe\\3", NT_STATUS_OBJECT_NAME_INVALID,NT_STATUS_DOS(ERRDOS,ERRbadpath));
+	ret &= test_path(cli, BASEDIR "\\nt\\V S\\*\\*\\vb6.exe\\3", NT_STATUS_OBJECT_NAME_INVALID,NT_STATUS_DOS(ERRDOS,ERRbadpath));
+
+done:
+	smbcli_close(cli->tree, fnum);
+	return ret;
+}
+
+static bool test_chkpath_names(struct smbcli_state *cli, struct torture_context *tctx)
+{
+	union smb_chkpath io;
+	union smb_fileinfo finfo;
+	NTSTATUS status;
+	bool ret = true;
+	uint8_t i;
+
+	/*
+	 * we don't test characters >= 0x80 yet,
+	 * as somehow our client libraries can't do that
+	 */
+	for (i=0x01; i <= 0x7F; i++) {
+		/*
+		 * it's important that we test the last character
+		 * because of the error code with ':' 0x3A
+		 * and servers without stream support
+		 */
+		char *path = talloc_asprintf(tctx, "%s\\File0x%02X%c",
+					     BASEDIR, i, i);
+		NTSTATUS expected;
+		NTSTATUS expected_dos1;
+		NTSTATUS expected_dos2;
+
+		expected = NT_STATUS_OBJECT_NAME_NOT_FOUND;
+		expected_dos1 = NT_STATUS_DOS(ERRDOS,ERRbadpath);
+		expected_dos2 = NT_STATUS_DOS(ERRDOS,ERRbadfile);
+
+		switch (i) {
+		case '"':/*0x22*/
+		case '*':/*0x2A*/
+		case '/':/*0x2F*/
+		case ':':/*0x3A*/
+		case '<':/*0x3C*/
+		case '>':/*0x3E*/
+		case '?':/*0x3F*/
+		case '|':/*0x7C*/
+			if (i == '/' &&
+			    torture_setting_bool(tctx, "samba3", false)) {
+				/* samba 3 handles '/' as '\\' */
+				break;
+			}
+			expected = NT_STATUS_OBJECT_NAME_INVALID;
+			expected_dos1 = NT_STATUS_DOS(ERRDOS,ERRbadpath);
+			expected_dos2 = NT_STATUS_DOS(ERRDOS,ERRinvalidname);
+			break;
+		default:
+			if (i <= 0x1F) {
+				expected = NT_STATUS_OBJECT_NAME_INVALID;
+				expected_dos1 = NT_STATUS_DOS(ERRDOS,ERRbadpath);
+				expected_dos2 = NT_STATUS_DOS(ERRDOS,ERRinvalidname);
+			}
+			break;
+		}
+
+		printf("Checking File0x%02X%c%s expected[%s|%s|%s]\n",
+		       i, isprint(i)?(char)i:' ',
+		       isprint(i)?"":"(not printable)",
+		       nt_errstr(expected),
+		       nt_errstr(expected_dos1),
+		       nt_errstr(expected_dos2));
+
+		io.chkpath.in.path = path;
+		status = smb_raw_chkpath(cli->tree, &io);
+		CHECK_STATUS(status, expected, expected_dos1);
+
+		ZERO_STRUCT(finfo);
+		finfo.generic.level = RAW_FILEINFO_NAME_INFO;
+		finfo.generic.in.file.path = path;
+		status = smb_raw_pathinfo(cli->tree, cli, &finfo);
+		CHECK_STATUS(status, expected, expected_dos2);
+
+		talloc_free(path);
+	}
+
+done:
+	return ret;
+}
+
+/* 
+   basic testing of chkpath calls 
+*/
+bool torture_raw_chkpath(struct torture_context *torture, 
+			 struct smbcli_state *cli)
+{
+	bool ret = true;
+	int fnum;
+
+	torture_assert(torture, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	if (NT_STATUS_IS_ERR(smbcli_mkdir(cli->tree, BASEDIR "\\nt"))) {
+		printf("Failed to create " BASEDIR " - %s\n", smbcli_errstr(cli->tree));
+		return false;
+	}
+
+	if (NT_STATUS_IS_ERR(smbcli_mkdir(cli->tree, BASEDIR "\\nt\\V S"))) {
+		printf("Failed to create " BASEDIR " - %s\n", smbcli_errstr(cli->tree));
+		return false;
+	}
+
+	if (NT_STATUS_IS_ERR(smbcli_mkdir(cli->tree, BASEDIR "\\nt\\V S\\VB98"))) {
+		printf("Failed to create " BASEDIR " - %s\n", smbcli_errstr(cli->tree));
+		return false;
+	}
+
+	fnum = create_complex_file(cli, torture, BASEDIR "\\nt\\V S\\VB98\\vb6.exe");
+	if (fnum == -1) {
+		printf("failed to open \\nt\\V S\\VB98\\vb6.exe - %s\n", smbcli_errstr(cli->tree));
+		ret = false;
+		goto done;
+	}
+
+	ret &= test_chkpath(cli, torture);
+	ret &= test_chkpath_names(cli, torture);
+
+ done:
+
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
diff --git a/source4/torture/raw/close.c b/source4/torture/raw/close.c
new file mode 100644
index 0000000..56b63c6
--- /dev/null
+++ b/source4/torture/raw/close.c
@@ -0,0 +1,178 @@
+/* 
+   Unix SMB/CIFS implementation.
+   RAW_CLOSE_* individual test suite
+   Copyright (C) Andrew Tridgell 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/torture.h"
+#include "system/time.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "torture/raw/proto.h"
+
+/**
+ * basic testing of all RAW_CLOSE_* calls 
+*/
+bool torture_raw_close(struct torture_context *torture,
+		       struct smbcli_state *cli)
+{
+	bool ret = true;
+	union smb_close io;
+	union smb_flush io_flush;
+	int fnum;
+	const char *fname = "\\torture_close.txt";
+	time_t basetime = (time(NULL) + 3*86400) & ~1;
+	union smb_fileinfo finfo, finfo2;
+	NTSTATUS status;
+
+#define REOPEN do { \
+	fnum = create_complex_file(cli, torture, fname); \
+	if (fnum == -1) { \
+		printf("(%d) Failed to create %s\n", __LINE__, fname); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+#define CHECK_STATUS(status, correct) do { \
+	if (!NT_STATUS_EQUAL(status, correct)) { \
+		printf("(%d) Incorrect status %s - should be %s\n", \
+		       __LINE__, nt_errstr(status), nt_errstr(correct)); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+	REOPEN;
+
+	io.close.level = RAW_CLOSE_CLOSE;
+	io.close.in.file.fnum = fnum;
+	io.close.in.write_time = basetime;
+	status = smb_raw_close(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb_raw_close(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE);
+	
+	printf("Testing close.in.write_time\n");
+
+	/* the file should have the write time set */
+	finfo.generic.level = RAW_FILEINFO_ALL_INFO;
+	finfo.generic.in.file.path = fname;
+	status = smb_raw_pathinfo(cli->tree, torture, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	if (basetime != nt_time_to_unix(finfo.all_info.out.write_time)) {
+		printf("Incorrect write time on file - %s - %s\n",
+		       timestring(torture, basetime), 
+		       nt_time_string(torture, finfo.all_info.out.write_time));
+		dump_all_info(torture, &finfo);
+		ret = false;
+	}
+
+	printf("Testing other times\n");
+
+	/* none of the other times should be set to that time */
+	if (nt_time_equal(&finfo.all_info.out.write_time, 
+			  &finfo.all_info.out.access_time) ||
+	    nt_time_equal(&finfo.all_info.out.write_time, 
+			  &finfo.all_info.out.create_time) ||
+	    nt_time_equal(&finfo.all_info.out.write_time, 
+			  &finfo.all_info.out.change_time)) {
+		printf("Incorrect times after close - only write time should be set\n");
+		dump_all_info(torture, &finfo);
+
+		if (!torture_setting_bool(torture, "samba3", false)) {
+			/*
+			 * In Samba3 as of 3.0.23d we don't yet support all
+			 * file times, so don't mark this as a critical
+			 * failure
+			 */
+			ret = false;
+		}
+	}
+	    
+
+	smbcli_unlink(cli->tree, fname);
+	REOPEN;
+
+	finfo2.generic.level = RAW_FILEINFO_ALL_INFO;
+	finfo2.generic.in.file.path = fname;
+	status = smb_raw_pathinfo(cli->tree, torture, &finfo2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	io.close.level = RAW_CLOSE_CLOSE;
+	io.close.in.file.fnum = fnum;
+	io.close.in.write_time = 0;
+	status = smb_raw_close(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* the file should have the write time set equal to access time */
+	finfo.generic.level = RAW_FILEINFO_ALL_INFO;
+	finfo.generic.in.file.path = fname;
+	status = smb_raw_pathinfo(cli->tree, torture, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	if (!nt_time_equal(&finfo.all_info.out.write_time, 
+			   &finfo2.all_info.out.write_time)) {
+		printf("Incorrect write time on file - 0 time should be ignored\n");
+		dump_all_info(torture, &finfo);
+		ret = false;
+	}
+
+	printf("Testing splclose\n");
+
+	/* check splclose on a file */
+	REOPEN;
+	io.splclose.level = RAW_CLOSE_SPLCLOSE;
+	io.splclose.in.file.fnum = fnum;
+	status = smb_raw_close(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_DOS(ERRSRV, ERRerror));
+
+	printf("Testing flush\n");
+	smbcli_close(cli->tree, fnum);
+
+	io_flush.flush.level		= RAW_FLUSH_FLUSH;
+	io_flush.flush.in.file.fnum	= fnum;
+	status = smb_raw_flush(cli->tree, &io_flush);
+	CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE);
+
+	io_flush.flush_all.level	= RAW_FLUSH_ALL;
+	status = smb_raw_flush(cli->tree, &io_flush);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	REOPEN;
+
+	io_flush.flush.level		= RAW_FLUSH_FLUSH;
+	io_flush.flush.in.file.fnum	= fnum;
+	status = smb_raw_flush(cli->tree, &io_flush);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	printf("Testing SMBexit\n");
+	smb_raw_exit(cli->session);
+
+	io_flush.flush.level		= RAW_FLUSH_FLUSH;
+	io_flush.flush.in.file.fnum	= fnum;
+	status = smb_raw_flush(cli->tree, &io_flush);
+	CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE);
+	
+
+done:
+	smbcli_close(cli->tree, fnum);
+	smbcli_unlink(cli->tree, fname);
+	return ret;
+}
diff --git a/source4/torture/raw/composite.c b/source4/torture/raw/composite.c
new file mode 100644
index 0000000..7eb682c
--- /dev/null
+++ b/source4/torture/raw/composite.c
@@ -0,0 +1,417 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   libcli composite function testing
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/torture.h"
+#include "lib/events/events.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/libcli.h"
+#include "libcli/security/security.h"
+#include "libcli/composite/composite.h"
+#include "libcli/smb_composite/smb_composite.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "lib/cmdline/cmdline.h"
+#include "torture/util.h"
+#include "param/param.h"
+#include "libcli/resolve/resolve.h"
+#include "torture/raw/proto.h"
+
+#define BASEDIR "\\composite"
+
+static void loadfile_complete(struct composite_context *c)
+{
+	int *count = talloc_get_type(c->async.private_data, int);
+	(*count)++;
+}
+
+/*
+  test a simple savefile/loadfile combination
+*/
+static bool test_loadfile(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	const char *fname = BASEDIR "\\test.txt";
+	NTSTATUS status;
+	struct smb_composite_savefile io1;
+	struct smb_composite_loadfile *io2;
+	struct composite_context **c;
+	uint8_t *data;
+	size_t len = random() % 100000;
+	const int num_ops = 50;
+	int i;
+	int *count = talloc_zero(tctx, int);
+
+	data = talloc_array(tctx, uint8_t, len);
+
+	generate_random_buffer(data, len);
+
+	io1.in.fname = fname;
+	io1.in.data  = data;
+	io1.in.size  = len;
+
+	torture_comment(tctx, "Testing savefile\n");
+
+	status = smb_composite_savefile(cli->tree, &io1);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OK, "savefile failed");
+
+	torture_comment(tctx, "Testing parallel loadfile with %d ops\n", num_ops);
+
+	c = talloc_array(tctx, struct composite_context *, num_ops);
+	io2 = talloc_zero_array(tctx, struct smb_composite_loadfile, num_ops);
+
+	for (i=0;i<num_ops;i++) {
+		io2[i].in.fname = fname;
+		c[i] = smb_composite_loadfile_send(cli->tree, &io2[i]);
+		c[i]->async.fn = loadfile_complete;
+		c[i]->async.private_data = count;
+	}
+
+	torture_comment(tctx, "waiting for completion\n");
+	while (*count != num_ops) {
+		tevent_loop_once(tctx->ev);
+		if (torture_setting_bool(tctx, "progress", true)) {
+			torture_comment(tctx, "(%s) count=%d\r", __location__, *count);
+			fflush(stdout);
+		}
+	}
+	torture_comment(tctx, "count=%d\n", *count);
+	
+	for (i=0;i<num_ops;i++) {
+		status = smb_composite_loadfile_recv(c[i], tctx);
+		torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OK, "loadfile failed");
+
+		torture_assert_int_equal(tctx, io2[i].out.size, len, "wrong length in returned data");
+		torture_assert_mem_equal(tctx, io2[i].out.data, data, len, "wrong data in loadfile");
+	}
+
+	talloc_free(data);
+
+	return true;
+}
+
+static bool test_loadfile_t(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	int ret;
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "failed to setup " BASEDIR);
+
+	ret = test_loadfile(tctx, cli);
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+/*
+  test a simple savefile/loadfile combination
+*/
+static bool test_fetchfile(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	const char *fname = BASEDIR "\\test.txt";
+	NTSTATUS status;
+	struct smb_composite_savefile io1;
+	struct smb_composite_fetchfile io2;
+	struct composite_context **c;
+	uint8_t *data;
+	int i;
+	size_t len = random() % 10000;
+	extern int torture_numops;
+	struct tevent_context *event_ctx;
+	int *count = talloc_zero(tctx, int);
+	bool ret = true;
+
+	data = talloc_array(tctx, uint8_t, len);
+
+	generate_random_buffer(data, len);
+
+	ZERO_STRUCT(io1);
+	io1.in.fname = fname;
+	io1.in.data  = data;
+	io1.in.size  = len;
+
+	torture_comment(tctx, "Testing savefile\n");
+
+	status = smb_composite_savefile(cli->tree, &io1);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OK, "savefile failed");
+
+	ZERO_STRUCT(io2);
+
+	io2.in.dest_host = torture_setting_string(tctx, "host", NULL);
+	io2.in.ports = lpcfg_smb_ports(tctx->lp_ctx);
+	io2.in.called_name = torture_setting_string(tctx, "host", NULL);
+	io2.in.service = torture_setting_string(tctx, "share", NULL);
+	io2.in.service_type = "A:";
+	io2.in.socket_options = lpcfg_socket_options(tctx->lp_ctx);
+
+	io2.in.credentials = samba_cmdline_get_creds();
+	io2.in.workgroup  = lpcfg_workgroup(tctx->lp_ctx);
+	io2.in.filename = fname;
+	lpcfg_smbcli_options(tctx->lp_ctx, &io2.in.options);
+	lpcfg_smbcli_session_options(tctx->lp_ctx, &io2.in.session_options);
+	io2.in.resolve_ctx = lpcfg_resolve_context(tctx->lp_ctx);
+	io2.in.gensec_settings = lpcfg_gensec_settings(tctx, tctx->lp_ctx);
+
+	torture_comment(tctx, "Testing parallel fetchfile with %d ops\n", torture_numops);
+
+	event_ctx = tctx->ev;
+	c = talloc_array(tctx, struct composite_context *, torture_numops);
+
+	for (i=0; i<torture_numops; i++) {
+		c[i] = smb_composite_fetchfile_send(&io2, event_ctx);
+		c[i]->async.fn = loadfile_complete;
+		c[i]->async.private_data = count;
+	}
+
+	torture_comment(tctx, "waiting for completion\n");
+
+	while (*count != torture_numops) {
+		tevent_loop_once(event_ctx);
+		if (torture_setting_bool(tctx, "progress", true)) {
+			torture_comment(tctx, "(%s) count=%d\r", __location__, *count);
+			fflush(stdout);
+		}
+	}
+	torture_comment(tctx, "count=%d\n", *count);
+
+	for (i=0;i<torture_numops;i++) {
+		status = smb_composite_fetchfile_recv(c[i], tctx);
+		torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OK, "loadfile failed");
+
+		torture_assert_int_equal(tctx, io2.out.size, len, "wrong length in returned data");
+		torture_assert_mem_equal(tctx, io2.out.data, data, len, "wrong data in loadfile");
+	}
+
+	return ret;
+}
+
+static bool test_fetchfile_t(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	int ret;
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "failed to setup " BASEDIR);
+	ret = test_fetchfile(tctx, cli);
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+/*
+  test setfileacl
+*/
+static bool test_appendacl(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	struct smb_composite_appendacl **io;
+	struct smb_composite_appendacl **io_orig;
+	struct composite_context **c;
+	struct tevent_context *event_ctx;
+
+	struct security_descriptor *test_sd;
+	struct security_ace *ace;
+	struct dom_sid *test_sid;
+
+	const int num_ops = 50;
+	int *count = talloc_zero(tctx, int);
+	struct smb_composite_savefile io1;
+
+	NTSTATUS status;
+	int i;
+
+	io_orig = talloc_array(tctx, struct smb_composite_appendacl *, num_ops);
+
+	printf ("creating %d empty files and getting their acls with appendacl\n", num_ops);
+
+	for (i = 0; i < num_ops; i++) {
+		io1.in.fname = talloc_asprintf(io_orig, BASEDIR "\\test%d.txt", i);
+		io1.in.data  = NULL;
+		io1.in.size  = 0;
+	  
+		status = smb_composite_savefile(cli->tree, &io1);
+		torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OK, "savefile failed");
+
+		io_orig[i] = talloc (io_orig, struct smb_composite_appendacl);
+		io_orig[i]->in.fname = talloc_steal(io_orig[i], io1.in.fname);
+		io_orig[i]->in.sd = security_descriptor_initialise(io_orig[i]);
+		status = smb_composite_appendacl(cli->tree, io_orig[i], io_orig[i]);
+		torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OK, "appendacl failed");
+	}
+	
+
+	/* fill Security Descriptor with aces to be added */
+
+	test_sd = security_descriptor_initialise(tctx);
+	test_sid = dom_sid_parse_talloc (tctx, "S-1-5-32-1234-5432");
+
+	ace = talloc_zero(tctx, struct security_ace);
+
+	ace->type = SEC_ACE_TYPE_ACCESS_ALLOWED;
+	ace->flags = 0;
+	ace->access_mask = SEC_STD_ALL;
+	ace->trustee = *test_sid;
+
+	status = security_descriptor_dacl_add(test_sd, ace);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OK, "appendacl failed");
+
+	/* set parameters for appendacl async call */
+
+	torture_comment(tctx, "Testing parallel appendacl with %d ops\n", num_ops);
+
+	c = talloc_array(tctx, struct composite_context *, num_ops);
+	io = talloc_array(tctx, struct  smb_composite_appendacl *, num_ops);
+
+	for (i=0; i < num_ops; i++) {
+		io[i] = talloc (io, struct smb_composite_appendacl);
+		io[i]->in.sd = test_sd;
+		io[i]->in.fname = talloc_asprintf(io[i], BASEDIR "\\test%d.txt", i);
+
+		c[i] = smb_composite_appendacl_send(cli->tree, io[i]);
+		c[i]->async.fn = loadfile_complete;
+		c[i]->async.private_data = count;
+	}
+
+	event_ctx = tctx->ev;
+	torture_comment(tctx, "waiting for completion\n");
+	while (*count != num_ops) {
+		tevent_loop_once(event_ctx);
+		if (torture_setting_bool(tctx, "progress", true)) {
+			torture_comment(tctx, "(%s) count=%d\r", __location__, *count);
+			fflush(stdout);
+		}
+	}
+	torture_comment(tctx, "count=%d\n", *count);
+
+	for (i=0; i < num_ops; i++) {
+		status = smb_composite_appendacl_recv(c[i], io[i]);
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_comment(tctx, "(%s) appendacl[%d] failed - %s\n", __location__, i, nt_errstr(status));
+			return false;
+		}
+		
+		security_descriptor_dacl_add(io_orig[i]->out.sd, ace);
+		torture_assert(tctx,
+			       security_acl_equal(io_orig[i]->out.sd->dacl,
+						  io[i]->out.sd->dacl),
+			       "appendacl failed - needed acl isn't set");
+	}
+	
+
+	talloc_free (ace);
+	talloc_free (test_sid);
+	talloc_free (test_sd);
+		
+	return true;
+}
+
+static bool test_appendacl_t(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	int ret;
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "failed to setup " BASEDIR);
+	ret = test_appendacl(tctx, cli);
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+/* test a query FS info by asking for share's GUID */
+static bool test_fsinfo(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	char *guid = NULL;
+	NTSTATUS status;
+	struct smb_composite_fsinfo io1;
+	struct composite_context **c;
+
+	int i;
+	extern int torture_numops;
+	struct tevent_context *event_ctx;
+	int *count = talloc_zero(tctx, int);
+	bool ret = true;
+
+	io1.in.dest_host = torture_setting_string(tctx, "host", NULL);
+	io1.in.dest_ports = lpcfg_smb_ports(tctx->lp_ctx);
+	io1.in.socket_options = lpcfg_socket_options(tctx->lp_ctx);
+	io1.in.called_name = torture_setting_string(tctx, "host", NULL);
+	io1.in.service = torture_setting_string(tctx, "share", NULL);
+	io1.in.service_type = "A:";
+	io1.in.credentials = samba_cmdline_get_creds();
+	io1.in.workgroup = lpcfg_workgroup(tctx->lp_ctx);
+	io1.in.level = RAW_QFS_OBJECTID_INFORMATION;
+	io1.in.gensec_settings = lpcfg_gensec_settings(tctx, tctx->lp_ctx);
+
+	torture_comment(tctx, "Testing parallel queryfsinfo [Object ID] with %d ops\n",
+			torture_numops);
+
+	event_ctx = tctx->ev;
+	c = talloc_array(tctx, struct composite_context *, torture_numops);
+
+	for (i=0; i<torture_numops; i++) {
+		c[i] = smb_composite_fsinfo_send(cli->tree, &io1, lpcfg_resolve_context(tctx->lp_ctx), event_ctx);
+		torture_assert(tctx, c[i], "smb_composite_fsinfo_send failed!");
+		c[i]->async.fn = loadfile_complete;
+		c[i]->async.private_data = count;
+	}
+
+	torture_comment(tctx, "waiting for completion\n");
+
+	while (*count < torture_numops) {
+		tevent_loop_once(event_ctx);
+		if (torture_setting_bool(tctx, "progress", true)) {
+			torture_comment(tctx, "(%s) count=%d\r", __location__, *count);
+			fflush(stdout);
+		}
+	}
+	torture_comment(tctx, "count=%d\n", *count);
+
+	for (i=0;i<torture_numops;i++) {
+		status = smb_composite_fsinfo_recv(c[i], tctx);
+		torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OK, "smb_composite_fsinfo_recv failed");
+
+		torture_assert_int_equal(tctx, io1.out.fsinfo->generic.level, RAW_QFS_OBJECTID_INFORMATION, "wrong level in returned info");
+
+		guid=GUID_string(tctx, &io1.out.fsinfo->objectid_information.out.guid);
+		torture_comment(tctx, "[%d] GUID: %s\n", i, guid);
+	}
+
+	return ret;
+}
+
+static bool test_fsinfo_t(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	int ret;
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "failed to setup " BASEDIR);
+	ret = test_fsinfo(tctx, cli);
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+/*
+   basic testing of all RAW_SEARCH_* calls using a single file
+*/
+struct torture_suite *torture_raw_composite(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "composite");
+
+	torture_suite_add_1smb_test(suite, "fetchfile", test_fetchfile_t);
+	torture_suite_add_1smb_test(suite, "loadfile", test_loadfile_t);
+	torture_suite_add_1smb_test(suite, "appendacl", test_appendacl_t);
+	torture_suite_add_1smb_test(suite, "fsinfo", test_fsinfo_t);
+
+	return suite;
+}
diff --git a/source4/torture/raw/context.c b/source4/torture/raw/context.c
new file mode 100644
index 0000000..b984ffe
--- /dev/null
+++ b/source4/torture/raw/context.c
@@ -0,0 +1,893 @@
+/* 
+   Unix SMB/CIFS implementation.
+   test suite for session setup operations
+   Copyright (C) Andrew Tridgell 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/smb_composite/smb_composite.h"
+#include "lib/cmdline/cmdline.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "auth/credentials/credentials.h"
+#include "param/param.h"
+#include "torture/raw/proto.h"
+
+#define BASEDIR "\\rawcontext"
+
+#define CHECK_STATUS(status, correct) \
+	torture_assert_ntstatus_equal_goto(tctx, status, correct, ret, done, __location__)
+
+#define CHECK_VALUE(v, correct) \
+	torture_assert_int_equal_goto(tctx, v, correct, ret, done, __location__)
+
+#define CHECK_NOT_VALUE(v, correct) \
+	torture_assert_goto(tctx, ((v) != (correct)), ret, done, \
+		talloc_asprintf(tctx, "(%s) Incorrect value %s=%d - should not be %d\n", \
+		       __location__, #v, v, correct));
+
+
+/*
+  test session ops
+*/
+static bool test_session(struct torture_context *tctx,
+			 struct smbcli_state *cli)
+{
+	NTSTATUS status;
+	bool ret = true;
+	struct smbcli_session *session;
+	struct smbcli_session *session2;
+	uint16_t vuid3;
+	struct smbcli_session *session3;
+	struct smbcli_session *session4;
+	struct cli_credentials *anon_creds;
+	struct smbcli_session *sessions[15];
+	struct composite_context *composite_contexts[15];
+	struct smbcli_tree *tree;
+	struct smb_composite_sesssetup setup;
+	struct smb_composite_sesssetup setups[15];
+	struct gensec_settings *gensec_settings;
+	union smb_open io;
+	union smb_write wr;
+	union smb_close cl;
+	int fnum;
+	const char *fname = BASEDIR "\\test.txt";
+	uint8_t c = 1;
+	int i;
+	struct smbcli_session_options options;
+
+	torture_comment(tctx, "TESTING SESSION HANDLING\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	torture_comment(tctx, "create a second security context on the same transport\n");
+
+	lpcfg_smbcli_session_options(tctx->lp_ctx, &options);
+	gensec_settings = lpcfg_gensec_settings(tctx, tctx->lp_ctx);
+
+	session = smbcli_session_init(cli->transport, tctx, false, options);
+
+	setup.in.sesskey = cli->transport->negotiate.sesskey;
+	setup.in.capabilities = cli->transport->negotiate.capabilities; /* ignored in secondary session setup, except by our libs, which care about the extended security bit */
+	setup.in.workgroup = lpcfg_workgroup(tctx->lp_ctx);
+
+	setup.in.credentials = samba_cmdline_get_creds();
+	setup.in.gensec_settings = gensec_settings;
+
+	status = smb_composite_sesssetup(session, &setup);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	
+	session->vuid = setup.out.vuid;
+
+	torture_comment(tctx, "create a third security context on the same transport, with given vuid\n");
+	session2 = smbcli_session_init(cli->transport, tctx, false, options);
+
+	if (cli->transport->negotiate.capabilities & CAP_EXTENDED_SECURITY) {
+		vuid3 = session->vuid+1;
+		if (vuid3 == cli->session->vuid) {
+			vuid3 += 1;
+		}
+		if (vuid3 == UINT16_MAX) {
+			vuid3 += 2;
+		}
+	} else {
+		vuid3 = session->vuid;
+	}
+	session2->vuid = vuid3;
+
+	setup.in.sesskey = cli->transport->negotiate.sesskey;
+	setup.in.capabilities = cli->transport->negotiate.capabilities; /* ignored in secondary session setup, except by our libs, which care about the extended security bit */
+	setup.in.workgroup = lpcfg_workgroup(tctx->lp_ctx);
+
+	setup.in.credentials = samba_cmdline_get_creds();
+
+	torture_comment(tctx, "vuid1=%d vuid2=%d vuid3=%d\n", cli->session->vuid, session->vuid, vuid3);
+
+	status = smb_composite_sesssetup(session2, &setup);
+	if (cli->transport->negotiate.capabilities & CAP_EXTENDED_SECURITY) {
+		CHECK_STATUS(status, NT_STATUS_DOS(ERRSRV, ERRbaduid));
+	} else {
+		CHECK_STATUS(status, NT_STATUS_OK);
+		session2->vuid = setup.out.vuid;
+		CHECK_NOT_VALUE(session2->vuid, vuid3);
+	}
+
+	torture_comment(tctx, "vuid1=%d vuid2=%d vuid3=%d=>%d (%s)\n",
+			cli->session->vuid, session->vuid,
+			vuid3, session2->vuid, nt_errstr(status));
+
+	talloc_free(session2);
+
+	if (cli->transport->negotiate.capabilities & CAP_EXTENDED_SECURITY) {
+		torture_comment(tctx, "create a fourth security context on the same transport, without extended security\n");
+		session3 = smbcli_session_init(cli->transport, tctx, false, options);
+
+		session3->vuid = vuid3;
+		setup.in.sesskey = cli->transport->negotiate.sesskey;
+		setup.in.capabilities &= ~CAP_EXTENDED_SECURITY; /* force a non extended security login (should fail) */
+		setup.in.workgroup = lpcfg_workgroup(tctx->lp_ctx);
+	
+		setup.in.credentials = samba_cmdline_get_creds();
+
+		status = smb_composite_sesssetup(session3, &setup);
+		if (!NT_STATUS_EQUAL(status, NT_STATUS_LOGON_FAILURE)) {
+			/*
+			 * Windows 2008 R2 returns INVALID_PARAMETER
+			 * while Windows 2000 sp4 returns LOGON_FAILURE...
+			 */
+			CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+		}
+
+		torture_comment(tctx, "create a fourth anonymous security context on the same transport, without extended security\n");
+		session4 = smbcli_session_init(cli->transport, tctx, false, options);
+
+		session4->vuid = vuid3;
+		setup.in.sesskey = cli->transport->negotiate.sesskey;
+		setup.in.capabilities &= ~CAP_EXTENDED_SECURITY; /* force a non extended security login (should fail) */
+		setup.in.workgroup = lpcfg_workgroup(tctx->lp_ctx);
+		
+		anon_creds = cli_credentials_init(tctx);
+		cli_credentials_set_conf(anon_creds, tctx->lp_ctx);
+		cli_credentials_set_anonymous(anon_creds);
+
+		setup.in.credentials = anon_creds;
+	
+		status = smb_composite_sesssetup(session3, &setup);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		talloc_free(session4);
+	}
+		
+	torture_comment(tctx, "use the same tree as the existing connection\n");
+	tree = smbcli_tree_init(session, tctx, false);
+	tree->tid = cli->tree->tid;
+
+	torture_comment(tctx, "create a file using the new vuid\n");
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+	status = smb_raw_open(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	torture_comment(tctx, "write using the old vuid\n");
+	wr.generic.level = RAW_WRITE_WRITEX;
+	wr.writex.in.file.fnum = fnum;
+	wr.writex.in.offset = 0;
+	wr.writex.in.wmode = 0;
+	wr.writex.in.remaining = 0;
+	wr.writex.in.count = 1;
+	wr.writex.in.data = &c;
+
+	status = smb_raw_write(cli->tree, &wr);
+	CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE);
+
+	torture_comment(tctx, "write with the new vuid\n");
+	status = smb_raw_write(tree, &wr);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(wr.writex.out.nwritten, 1);
+
+	torture_comment(tctx, "logoff the new vuid\n");
+	status = smb_raw_ulogoff(session);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "the new vuid should not now be accessible\n");
+	status = smb_raw_write(tree, &wr);
+	CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE);
+
+	torture_comment(tctx, "second logoff for the new vuid should fail\n");
+	status = smb_raw_ulogoff(session);
+	CHECK_STATUS(status, NT_STATUS_DOS(ERRSRV, ERRbaduid));
+	talloc_free(tree);
+	talloc_free(session);
+
+	torture_comment(tctx, "the fnum should have been auto-closed\n");
+	cl.close.level = RAW_CLOSE_CLOSE;
+	cl.close.in.file.fnum = fnum;
+	cl.close.in.write_time = 0;
+	status = smb_raw_close(cli->tree, &cl);
+	CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE);
+
+	torture_comment(tctx, "create %d secondary security contexts on the same transport\n",
+	       (int)ARRAY_SIZE(sessions));
+	for (i=0; i <ARRAY_SIZE(sessions); i++) {
+		setups[i].in.sesskey = cli->transport->negotiate.sesskey;
+		setups[i].in.capabilities = cli->transport->negotiate.capabilities; /* ignored in secondary session setup, except by our libs, which care about the extended security bit */
+		setups[i].in.workgroup = lpcfg_workgroup(tctx->lp_ctx);
+		
+		setups[i].in.credentials = samba_cmdline_get_creds();
+		setups[i].in.gensec_settings = gensec_settings;
+
+		sessions[i] = smbcli_session_init(cli->transport, tctx, false, options);
+		composite_contexts[i] = smb_composite_sesssetup_send(sessions[i], &setups[i]);
+
+	}
+
+
+	torture_comment(tctx, "finishing %d secondary security contexts on the same transport\n",
+	       (int)ARRAY_SIZE(sessions));
+	for (i=0; i< ARRAY_SIZE(sessions); i++) {
+		status = smb_composite_sesssetup_recv(composite_contexts[i]);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		sessions[i]->vuid = setups[i].out.vuid;
+		torture_comment(tctx, "VUID: %d\n", sessions[i]->vuid);
+		status = smb_raw_ulogoff(sessions[i]);
+		CHECK_STATUS(status, NT_STATUS_OK);
+	}
+
+done:
+	return ret;
+}
+
+
+/*
+  test tree ops
+*/
+static bool test_tree(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	NTSTATUS status;
+	bool ret = true;
+	const char *share, *host;
+	struct smbcli_tree *tree;
+	union smb_tcon tcon;
+	union smb_open io;
+	union smb_write wr;
+	union smb_close cl;
+	int fnum;
+	const char *fname = BASEDIR "\\test.txt";
+	uint8_t c = 1;
+
+	torture_comment(tctx, "TESTING TREE HANDLING\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	share = torture_setting_string(tctx, "share", NULL);
+	host  = torture_setting_string(tctx, "host", NULL);
+	
+	torture_comment(tctx, "create a second tree context on the same session\n");
+	tree = smbcli_tree_init(cli->session, tctx, false);
+
+	tcon.generic.level = RAW_TCON_TCONX;
+	tcon.tconx.in.flags = TCONX_FLAG_EXTENDED_RESPONSE;
+	tcon.tconx.in.password = data_blob(NULL, 0);
+	tcon.tconx.in.path = talloc_asprintf(tctx, "\\\\%s\\%s", host, share);
+	tcon.tconx.in.device = "A:";	
+	status = smb_raw_tcon(tree, tctx, &tcon);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	
+
+	tree->tid = tcon.tconx.out.tid;
+	torture_comment(tctx, "tid1=%d tid2=%d\n", cli->tree->tid, tree->tid);
+
+	torture_comment(tctx, "try a tconx with a bad device type\n");
+	tcon.tconx.in.device = "FOO";	
+	status = smb_raw_tcon(tree, tctx, &tcon);
+	CHECK_STATUS(status, NT_STATUS_BAD_DEVICE_TYPE);
+
+
+	torture_comment(tctx, "create a file using the new tid\n");
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+	status = smb_raw_open(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	torture_comment(tctx, "write using the old tid\n");
+	wr.generic.level = RAW_WRITE_WRITEX;
+	wr.writex.in.file.fnum = fnum;
+	wr.writex.in.offset = 0;
+	wr.writex.in.wmode = 0;
+	wr.writex.in.remaining = 0;
+	wr.writex.in.count = 1;
+	wr.writex.in.data = &c;
+
+	status = smb_raw_write(cli->tree, &wr);
+	CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE);
+
+	torture_comment(tctx, "write with the new tid\n");
+	status = smb_raw_write(tree, &wr);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(wr.writex.out.nwritten, 1);
+
+	torture_comment(tctx, "disconnect the new tid\n");
+	status = smb_tree_disconnect(tree);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "the new tid should not now be accessible\n");
+	status = smb_raw_write(tree, &wr);
+	CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE);
+
+	torture_comment(tctx, "the fnum should have been auto-closed\n");
+	cl.close.level = RAW_CLOSE_CLOSE;
+	cl.close.in.file.fnum = fnum;
+	cl.close.in.write_time = 0;
+	status = smb_raw_close(cli->tree, &cl);
+	CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE);
+
+	/* close down the new tree */
+	talloc_free(tree);
+	
+done:
+	return ret;
+}
+
+/*
+  test tree with ulogoff
+  this demonstrates that a tcon isn't autoclosed by a ulogoff
+  the tcon can be reused using any other valid session later
+*/
+static bool test_tree_ulogoff(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	NTSTATUS status;
+	bool ret = true;
+	const char *share, *host;
+	struct smbcli_session *session1;
+	struct smbcli_session *session2;
+	struct smb_composite_sesssetup setup;
+	struct smbcli_tree *tree;
+	union smb_tcon tcon;
+	union smb_open io;
+	union smb_write wr;
+	int fnum1, fnum2;
+	const char *fname1 = BASEDIR "\\test1.txt";
+	const char *fname2 = BASEDIR "\\test2.txt";
+	uint8_t c = 1;
+	struct smbcli_session_options options;
+
+	torture_comment(tctx, "TESTING TREE with ulogoff\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	share = torture_setting_string(tctx, "share", NULL);
+	host  = torture_setting_string(tctx, "host", NULL);
+
+	lpcfg_smbcli_session_options(tctx->lp_ctx, &options);
+
+	torture_comment(tctx, "create the first new sessions\n");
+	session1 = smbcli_session_init(cli->transport, tctx, false, options);
+	setup.in.sesskey = cli->transport->negotiate.sesskey;
+	setup.in.capabilities = cli->transport->negotiate.capabilities;
+	setup.in.workgroup = lpcfg_workgroup(tctx->lp_ctx);
+	setup.in.credentials = samba_cmdline_get_creds();
+	setup.in.gensec_settings = lpcfg_gensec_settings(tctx, tctx->lp_ctx);
+	status = smb_composite_sesssetup(session1, &setup);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	session1->vuid = setup.out.vuid;
+	torture_comment(tctx, "vuid1=%d\n", session1->vuid);
+
+	torture_comment(tctx, "create a tree context on the with vuid1\n");
+	tree = smbcli_tree_init(session1, tctx, false);
+	tcon.generic.level = RAW_TCON_TCONX;
+	tcon.tconx.in.flags = TCONX_FLAG_EXTENDED_RESPONSE;
+	tcon.tconx.in.password = data_blob(NULL, 0);
+	tcon.tconx.in.path = talloc_asprintf(tctx, "\\\\%s\\%s", host, share);
+	tcon.tconx.in.device = "A:";
+	status = smb_raw_tcon(tree, tctx, &tcon);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	tree->tid = tcon.tconx.out.tid;
+	torture_comment(tctx, "tid=%d\n", tree->tid);
+
+	torture_comment(tctx, "create a file using vuid1\n");
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname1;
+	status = smb_raw_open(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum1 = io.ntcreatex.out.file.fnum;
+
+	torture_comment(tctx, "write using vuid1\n");
+	wr.generic.level = RAW_WRITE_WRITEX;
+	wr.writex.in.file.fnum = fnum1;
+	wr.writex.in.offset = 0;
+	wr.writex.in.wmode = 0;
+	wr.writex.in.remaining = 0;
+	wr.writex.in.count = 1;
+	wr.writex.in.data = &c;
+	status = smb_raw_write(tree, &wr);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(wr.writex.out.nwritten, 1);
+
+	torture_comment(tctx, "ulogoff the vuid1\n");
+	status = smb_raw_ulogoff(session1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "create the second new sessions\n");
+	session2 = smbcli_session_init(cli->transport, tctx, false, options);
+	setup.in.sesskey = cli->transport->negotiate.sesskey;
+	setup.in.capabilities = cli->transport->negotiate.capabilities;
+	setup.in.workgroup = lpcfg_workgroup(tctx->lp_ctx);
+	setup.in.credentials = samba_cmdline_get_creds();
+	setup.in.gensec_settings = lpcfg_gensec_settings(tctx, tctx->lp_ctx);
+	status = smb_composite_sesssetup(session2, &setup);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	session2->vuid = setup.out.vuid;
+	torture_comment(tctx, "vuid2=%d\n", session2->vuid);
+
+	torture_comment(tctx, "use the existing tree with vuid2\n");
+	tree->session = session2;
+
+	torture_comment(tctx, "create a file using vuid2\n");
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname2;
+	status = smb_raw_open(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum2 = io.ntcreatex.out.file.fnum;
+
+	torture_comment(tctx, "write using vuid2\n");
+	wr.generic.level = RAW_WRITE_WRITEX;
+	wr.writex.in.file.fnum = fnum2;
+	wr.writex.in.offset = 0;
+	wr.writex.in.wmode = 0;
+	wr.writex.in.remaining = 0;
+	wr.writex.in.count = 1;
+	wr.writex.in.data = &c;
+	status = smb_raw_write(tree, &wr);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(wr.writex.out.nwritten, 1);
+
+	torture_comment(tctx, "ulogoff the vuid2\n");
+	status = smb_raw_ulogoff(session2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* this also demonstrates that SMBtdis doesn't need a valid vuid */
+	torture_comment(tctx, "disconnect the existing tree connection\n");
+	status = smb_tree_disconnect(tree);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "disconnect the existing tree connection\n");
+	status = smb_tree_disconnect(tree);
+	CHECK_STATUS(status, NT_STATUS_DOS(ERRSRV,ERRinvnid));
+
+	/* close down the new tree */
+	talloc_free(tree);
+	
+done:
+	return ret;
+}
+
+/*
+  test pid ops
+  this test demonstrates that exit() only sees the PID
+  used for the open() calls
+*/
+static bool test_pid_exit_only_sees_open(struct torture_context *tctx,
+					 struct smbcli_state *cli)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = tctx;
+	bool ret = true;
+	union smb_open io;
+	union smb_write wr;
+	union smb_close cl;
+	int fnum;
+	const char *fname = BASEDIR "\\test.txt";
+	uint8_t c = 1;
+	uint16_t pid1, pid2;
+
+	torture_comment(tctx, "TESTING PID HANDLING exit() only cares about open() PID\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	pid1 = cli->session->pid;
+	pid2 = pid1 + 1;
+
+	torture_comment(tctx, "pid1=%d pid2=%d\n", pid1, pid2);
+
+	torture_comment(tctx, "create a file using pid1\n");
+	cli->session->pid = pid1;
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+	status = smb_raw_open(cli->tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	torture_comment(tctx, "write using pid2\n");
+	cli->session->pid = pid2;
+	wr.generic.level = RAW_WRITE_WRITEX;
+	wr.writex.in.file.fnum = fnum;
+	wr.writex.in.offset = 0;
+	wr.writex.in.wmode = 0;
+	wr.writex.in.remaining = 0;
+	wr.writex.in.count = 1;
+	wr.writex.in.data = &c;
+	status = smb_raw_write(cli->tree, &wr);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(wr.writex.out.nwritten, 1);
+
+	torture_comment(tctx, "exit pid2\n");
+	cli->session->pid = pid2;
+	status = smb_raw_exit(cli->session);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "the fnum should still be accessible via pid2\n");
+	cli->session->pid = pid2;
+	status = smb_raw_write(cli->tree, &wr);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(wr.writex.out.nwritten, 1);
+
+	torture_comment(tctx, "exit pid2\n");
+	cli->session->pid = pid2;
+	status = smb_raw_exit(cli->session);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "the fnum should still be accessible via pid1 and pid2\n");
+	cli->session->pid = pid1;
+	status = smb_raw_write(cli->tree, &wr);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(wr.writex.out.nwritten, 1);
+	cli->session->pid = pid2;
+	status = smb_raw_write(cli->tree, &wr);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(wr.writex.out.nwritten, 1);
+
+	torture_comment(tctx, "exit pid1\n");
+	cli->session->pid = pid1;
+	status = smb_raw_exit(cli->session);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "the fnum should not now be accessible via pid1 or pid2\n");
+	cli->session->pid = pid1;
+	status = smb_raw_write(cli->tree, &wr);
+	CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE);
+	cli->session->pid = pid2;
+	status = smb_raw_write(cli->tree, &wr);
+	CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE);
+
+	torture_comment(tctx, "the fnum should have been auto-closed\n");
+	cli->session->pid = pid1;
+	cl.close.level = RAW_CLOSE_CLOSE;
+	cl.close.in.file.fnum = fnum;
+	cl.close.in.write_time = 0;
+	status = smb_raw_close(cli->tree, &cl);
+	CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE);
+
+done:
+	return ret;
+}
+
+/*
+  test pid ops with 2 sessions
+*/
+static bool test_pid_2sess(struct torture_context *tctx,
+			   struct smbcli_state *cli)
+{
+	NTSTATUS status;
+	bool ret = true;
+	struct smbcli_session *session;
+	struct smb_composite_sesssetup setup;
+	union smb_open io;
+	union smb_write wr;
+	union smb_close cl;
+	int fnum;
+	const char *fname = BASEDIR "\\test.txt";
+	uint8_t c = 1;
+	uint16_t vuid1, vuid2;
+	struct smbcli_session_options options;
+
+	torture_comment(tctx, "TESTING PID HANDLING WITH 2 SESSIONS\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	lpcfg_smbcli_session_options(tctx->lp_ctx, &options);
+
+	torture_comment(tctx, "create a second security context on the same transport\n");
+	session = smbcli_session_init(cli->transport, tctx, false, options);
+
+	setup.in.sesskey = cli->transport->negotiate.sesskey;
+	setup.in.capabilities = cli->transport->negotiate.capabilities; /* ignored in secondary session setup, except by our libs, which care about the extended security bit */
+	setup.in.workgroup = lpcfg_workgroup(tctx->lp_ctx);
+	setup.in.credentials = samba_cmdline_get_creds();
+	setup.in.gensec_settings = lpcfg_gensec_settings(tctx, tctx->lp_ctx);
+
+	status = smb_composite_sesssetup(session, &setup);
+	CHECK_STATUS(status, NT_STATUS_OK);	
+	session->vuid = setup.out.vuid;
+
+	vuid1 = cli->session->vuid;
+	vuid2 = session->vuid;
+
+	torture_comment(tctx, "vuid1=%d vuid2=%d\n", vuid1, vuid2);
+
+	torture_comment(tctx, "create a file using the vuid1\n");
+	cli->session->vuid = vuid1;
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	torture_comment(tctx, "write using the vuid1 (fnum=%d)\n", fnum);
+	cli->session->vuid = vuid1;
+	wr.generic.level = RAW_WRITE_WRITEX;
+	wr.writex.in.file.fnum = fnum;
+	wr.writex.in.offset = 0;
+	wr.writex.in.wmode = 0;
+	wr.writex.in.remaining = 0;
+	wr.writex.in.count = 1;
+	wr.writex.in.data = &c;
+
+	status = smb_raw_write(cli->tree, &wr);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(wr.writex.out.nwritten, 1);
+
+	torture_comment(tctx, "exit the pid with vuid2\n");
+	cli->session->vuid = vuid2;
+	status = smb_raw_exit(cli->session);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "the fnum should still be accessible\n");
+	cli->session->vuid = vuid1;
+	status = smb_raw_write(cli->tree, &wr);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(wr.writex.out.nwritten, 1);
+
+	torture_comment(tctx, "exit the pid with vuid1\n");
+	cli->session->vuid = vuid1;
+	status = smb_raw_exit(cli->session);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "the fnum should not now be accessible\n");
+	status = smb_raw_write(cli->tree, &wr);
+	CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE);
+
+	torture_comment(tctx, "the fnum should have been auto-closed\n");
+	cl.close.level = RAW_CLOSE_CLOSE;
+	cl.close.in.file.fnum = fnum;
+	cl.close.in.write_time = 0;
+	status = smb_raw_close(cli->tree, &cl);
+	CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE);
+
+done:
+	return ret;
+}
+
+/*
+  test pid ops with 2 tcons
+*/
+static bool test_pid_2tcon(struct torture_context *tctx,
+			   struct smbcli_state *cli)
+{
+	NTSTATUS status;
+	bool ret = true;
+	const char *share, *host;
+	struct smbcli_tree *tree;
+	union smb_tcon tcon;
+	union smb_open io;
+	union smb_write wr;
+	union smb_close cl;
+	int fnum1, fnum2;
+	const char *fname1 = BASEDIR "\\test1.txt";
+	const char *fname2 = BASEDIR "\\test2.txt";
+	uint8_t c = 1;
+	uint16_t tid1, tid2;
+
+	torture_comment(tctx, "TESTING PID HANDLING WITH 2 TCONS\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	share = torture_setting_string(tctx, "share", NULL);
+	host  = torture_setting_string(tctx, "host", NULL);
+	
+	torture_comment(tctx, "create a second tree context on the same session\n");
+	tree = smbcli_tree_init(cli->session, tctx, false);
+
+	tcon.generic.level = RAW_TCON_TCONX;
+	tcon.tconx.in.flags = TCONX_FLAG_EXTENDED_RESPONSE;
+	tcon.tconx.in.password = data_blob(NULL, 0);
+	tcon.tconx.in.path = talloc_asprintf(tctx, "\\\\%s\\%s", host, share);
+	tcon.tconx.in.device = "A:";	
+	status = smb_raw_tcon(tree, tctx, &tcon);
+	CHECK_STATUS(status, NT_STATUS_OK);	
+
+	tree->tid = tcon.tconx.out.tid;
+
+	tid1 = cli->tree->tid;
+	tid2 = tree->tid;
+	torture_comment(tctx, "tid1=%d tid2=%d\n", tid1, tid2);
+
+	torture_comment(tctx, "create a file using the tid1\n");
+	cli->tree->tid = tid1;
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname1;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum1 = io.ntcreatex.out.file.fnum;
+
+	torture_comment(tctx, "write using the tid1\n");
+	wr.generic.level = RAW_WRITE_WRITEX;
+	wr.writex.in.file.fnum = fnum1;
+	wr.writex.in.offset = 0;
+	wr.writex.in.wmode = 0;
+	wr.writex.in.remaining = 0;
+	wr.writex.in.count = 1;
+	wr.writex.in.data = &c;
+
+	status = smb_raw_write(cli->tree, &wr);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(wr.writex.out.nwritten, 1);
+
+	torture_comment(tctx, "create a file using the tid2\n");
+	cli->tree->tid = tid2;
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname2;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum2 = io.ntcreatex.out.file.fnum;
+
+	torture_comment(tctx, "write using the tid2\n");
+	wr.generic.level = RAW_WRITE_WRITEX;
+	wr.writex.in.file.fnum = fnum2;
+	wr.writex.in.offset = 0;
+	wr.writex.in.wmode = 0;
+	wr.writex.in.remaining = 0;
+	wr.writex.in.count = 1;
+	wr.writex.in.data = &c;
+
+	status = smb_raw_write(cli->tree, &wr);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(wr.writex.out.nwritten, 1);
+
+	torture_comment(tctx, "exit the pid\n");
+	status = smb_raw_exit(cli->session);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "the fnum1 on tid1 should not be accessible\n");
+	cli->tree->tid = tid1;
+	wr.writex.in.file.fnum = fnum1;
+	status = smb_raw_write(cli->tree, &wr);
+	CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE);
+
+	torture_comment(tctx, "the fnum1 on tid1 should have been auto-closed\n");
+	cl.close.level = RAW_CLOSE_CLOSE;
+	cl.close.in.file.fnum = fnum1;
+	cl.close.in.write_time = 0;
+	status = smb_raw_close(cli->tree, &cl);
+	CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE);
+
+	torture_comment(tctx, "the fnum2 on tid2 should not be accessible\n");
+	cli->tree->tid = tid2;
+	wr.writex.in.file.fnum = fnum2;
+	status = smb_raw_write(cli->tree, &wr);
+	CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE);
+
+	torture_comment(tctx, "the fnum2 on tid2 should have been auto-closed\n");
+	cl.close.level = RAW_CLOSE_CLOSE;
+	cl.close.in.file.fnum = fnum2;
+	cl.close.in.write_time = 0;
+	status = smb_raw_close(cli->tree, &cl);
+	CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE);
+
+done:
+	return ret;
+}
+
+struct torture_suite *torture_raw_context(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "context");
+
+	torture_suite_add_1smb_test(suite, "session1", test_session);
+	/*
+	 * TODO: add test_session with 'use spnego = false'
+	 * torture_suite_add_1smb_test(suite, "session1", test_session);
+	 */
+	torture_suite_add_1smb_test(suite, "tree", test_tree);
+	torture_suite_add_1smb_test(suite, "tree_ulogoff", test_tree_ulogoff);
+	torture_suite_add_1smb_test(suite, "pid_only_sess", test_pid_exit_only_sees_open);
+	torture_suite_add_1smb_test(suite, "pid_2sess", test_pid_2sess);
+	torture_suite_add_1smb_test(suite, "pid_2tcon", test_pid_2tcon);
+
+	return suite;
+}
diff --git a/source4/torture/raw/eas.c b/source4/torture/raw/eas.c
new file mode 100644
index 0000000..59baae5
--- /dev/null
+++ b/source4/torture/raw/eas.c
@@ -0,0 +1,594 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   test DOS extended attributes
+
+   Copyright (C) Andrew Tridgell 2004
+   Copyright (C) Guenter Kukkukk 2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/torture.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "torture/raw/proto.h"
+
+#define BASEDIR "\\testeas"
+
+#define CHECK_STATUS(status, correct) do { \
+	torture_assert_ntstatus_equal_goto(tctx, status, correct, ret, done, "Incorrect status"); \
+	} while (0)
+
+static	bool maxeadebug; /* need that here, to allow no file delete in debug case */
+
+static bool check_ea(struct smbcli_state *cli,
+		     const char *fname, const char *eaname, const char *value)
+{
+	NTSTATUS status = torture_check_ea(cli, fname, eaname, value);
+	return NT_STATUS_IS_OK(status);
+}
+
+static char bad_ea_chars[] = "\"*+,/:;<=>?[\\]|";
+
+static bool test_eas(struct smbcli_state *cli, struct torture_context *tctx)
+{
+	NTSTATUS status;
+	union smb_setfileinfo setfile;
+	union smb_open io;
+	const char *fname = BASEDIR "\\ea.txt";
+	bool ret = true;
+	char bad_ea_name[7];
+	int i;
+	int fnum = -1;
+
+	torture_comment(tctx, "TESTING SETFILEINFO EA_SET\n");
+
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access =
+		NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	ret &= check_ea(cli, fname, "EAONE", NULL);
+
+	torture_comment(tctx, "Adding first two EAs\n");
+	setfile.generic.level = RAW_SFILEINFO_EA_SET;
+	setfile.generic.in.file.fnum = fnum;
+	setfile.ea_set.in.num_eas = 2;
+	setfile.ea_set.in.eas = talloc_array(tctx, struct ea_struct, 2);
+	setfile.ea_set.in.eas[0].flags = 0;
+	setfile.ea_set.in.eas[0].name.s = "EAONE";
+	setfile.ea_set.in.eas[0].value = data_blob_string_const("VALUE1");
+	setfile.ea_set.in.eas[1].flags = 0;
+	setfile.ea_set.in.eas[1].name.s = "SECONDEA";
+	setfile.ea_set.in.eas[1].value = data_blob_string_const("ValueTwo");
+
+	status = smb_raw_setfileinfo(cli->tree, &setfile);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ret &= check_ea(cli, fname, "EAONE", "VALUE1");
+	ret &= check_ea(cli, fname, "SECONDEA", "ValueTwo");
+
+	torture_comment(tctx, "Modifying 2nd EA\n");
+	setfile.ea_set.in.num_eas = 1;
+	setfile.ea_set.in.eas[0].name.s = "SECONDEA";
+	setfile.ea_set.in.eas[0].value = data_blob_string_const(" Changed Value");
+	status = smb_raw_setfileinfo(cli->tree, &setfile);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ret &= check_ea(cli, fname, "EAONE", "VALUE1");
+	ret &= check_ea(cli, fname, "SECONDEA", " Changed Value");
+
+	torture_comment(tctx, "Setting a NULL EA\n");
+	setfile.ea_set.in.eas[0].value = data_blob(NULL, 0);
+	setfile.ea_set.in.eas[0].name.s = "NULLEA";
+	status = smb_raw_setfileinfo(cli->tree, &setfile);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ret &= check_ea(cli, fname, "EAONE", "VALUE1");
+	ret &= check_ea(cli, fname, "SECONDEA", " Changed Value");
+	ret &= check_ea(cli, fname, "NULLEA", NULL);
+
+	torture_comment(tctx, "Deleting first EA\n");
+	setfile.ea_set.in.eas[0].flags = 0;
+	setfile.ea_set.in.eas[0].name.s = "EAONE";
+	setfile.ea_set.in.eas[0].value = data_blob(NULL, 0);
+	status = smb_raw_setfileinfo(cli->tree, &setfile);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ret &= check_ea(cli, fname, "EAONE", NULL);
+	ret &= check_ea(cli, fname, "SECONDEA", " Changed Value");
+
+	torture_comment(tctx, "Deleting second EA\n");
+	setfile.ea_set.in.eas[0].flags = 0;
+	setfile.ea_set.in.eas[0].name.s = "SECONDEA";
+	setfile.ea_set.in.eas[0].value = data_blob(NULL, 0);
+	status = smb_raw_setfileinfo(cli->tree, &setfile);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ret &= check_ea(cli, fname, "EAONE", NULL);
+	ret &= check_ea(cli, fname, "SECONDEA", NULL);
+
+	/* Check EA name containing colon. All EA's set
+	   must be ignored, not just the one with the bad
+	   name. */
+
+	torture_comment(tctx, "Adding bad EA name\n");
+	setfile.generic.level = RAW_SFILEINFO_EA_SET;
+	setfile.generic.in.file.fnum = fnum;
+	setfile.ea_set.in.num_eas = 3;
+	setfile.ea_set.in.eas = talloc_array(tctx, struct ea_struct, 3);
+	setfile.ea_set.in.eas[0].flags = 0;
+	setfile.ea_set.in.eas[0].name.s = "EAONE";
+	setfile.ea_set.in.eas[0].value = data_blob_string_const("VALUE1");
+	setfile.ea_set.in.eas[1].flags = 0;
+	setfile.ea_set.in.eas[1].name.s = "SECOND:EA";
+	setfile.ea_set.in.eas[1].value = data_blob_string_const("ValueTwo");
+	setfile.ea_set.in.eas[2].flags = 0;
+	setfile.ea_set.in.eas[2].name.s = "THIRDEA";
+	setfile.ea_set.in.eas[2].value = data_blob_string_const("ValueThree");
+
+	status = smb_raw_setfileinfo(cli->tree, &setfile);
+	CHECK_STATUS(status, STATUS_INVALID_EA_NAME);
+
+	ret &= check_ea(cli, fname, "EAONE", NULL);
+	ret &= check_ea(cli, fname, "THIRDEA", NULL);
+
+	setfile.generic.level = RAW_SFILEINFO_EA_SET;
+	setfile.generic.in.file.fnum = fnum;
+	setfile.ea_set.in.num_eas = 1;
+	setfile.ea_set.in.eas = talloc_array(tctx, struct ea_struct, 1);
+	setfile.ea_set.in.eas[0].flags = 0;
+	strlcpy(bad_ea_name, "TEST_X", sizeof(bad_ea_name));
+	setfile.ea_set.in.eas[0].name.s = bad_ea_name;
+
+	torture_comment(tctx, "Testing bad EA name range.\n");
+
+	for (i = 1; i < 256; i++) {
+		setfile.ea_set.in.eas[0].value = data_blob_string_const("VALUE1");
+		bad_ea_name[5] = (char)i;
+		torture_comment(tctx, "Testing bad EA name %d.\n", i);
+		status = smb_raw_setfileinfo(cli->tree, &setfile);
+		if (i < 32 || strchr(bad_ea_chars, i)) {
+			CHECK_STATUS(status, STATUS_INVALID_EA_NAME);
+		} else {
+			CHECK_STATUS(status, NT_STATUS_OK);
+
+			/* Now delete the EA we just set to make
+			   sure we don't run out of room. */
+			setfile.ea_set.in.eas[0].value = data_blob(NULL, 0);
+			status = smb_raw_setfileinfo(cli->tree, &setfile);
+			CHECK_STATUS(status, NT_STATUS_OK);
+		}
+	}
+
+done:
+	smbcli_close(cli->tree, fnum);
+	return ret;
+}
+
+
+/*
+ * Helper function to retrieve the max. ea size for one ea name
+ */
+static int test_one_eamax(struct torture_context *tctx,
+			  struct smbcli_state *cli, const int fnum,
+			  const char *eaname, DATA_BLOB eablob,
+			  const int eastart, const int eadebug)
+{
+	NTSTATUS status;
+	struct ea_struct eastruct;
+	union smb_setfileinfo setfile;
+	int i, high, low, maxeasize;
+
+	setfile.generic.level = RAW_SFILEINFO_EA_SET;
+	setfile.generic.in.file.fnum = fnum;
+	setfile.ea_set.in.num_eas = 1;
+	setfile.ea_set.in.eas = &eastruct;
+	setfile.ea_set.in.eas->flags = 0;
+	setfile.ea_set.in.eas->name.s = eaname;
+	setfile.ea_set.in.eas->value = eablob;
+
+	maxeasize = eablob.length;
+	i = eastart;
+	low = 0;
+	high = maxeasize;
+
+	do {
+		if (eadebug) {
+			torture_comment(tctx, "Testing EA size: %d\n", i);
+		}
+		setfile.ea_set.in.eas->value.length = i;
+
+		status = smb_raw_setfileinfo(cli->tree, &setfile);
+
+		if (NT_STATUS_EQUAL(status, NT_STATUS_OK)) {
+			if (eadebug) {
+				torture_comment(tctx, "[%s] EA size %d succeeded! "
+					"(high=%d low=%d)\n",
+					eaname, i, high, low);
+			}
+			low = i;
+			if (low == maxeasize) {
+				torture_comment(tctx, "Max. EA size for \"%s\"=%d "
+					"[but could be possibly larger]\n",
+					eaname, low);
+				break;
+			}
+			if (high - low == 1 && high != maxeasize) {
+				torture_comment(tctx, "Max. EA size for \"%s\"=%d\n",
+					eaname, low);
+				break;
+			}
+			i += (high - low + 1) / 2;
+		} else {
+			if (eadebug) {
+				torture_comment(tctx, "[%s] EA size %d failed!    "
+					"(high=%d low=%d) [%s]\n",
+					eaname, i, high, low,
+					nt_errstr(status));
+			}
+			high = i;
+			if (high - low <= 1) {
+				torture_comment(tctx, "Max. EA size for \"%s\"=%d\n",
+					eaname, low);
+				break;
+			}
+			i -= (high - low + 1) / 2;
+		}
+	} while (true);
+
+	return low;
+}
+
+/*
+ * Test for maximum ea size - more than one ea name is checked.
+ *
+ * Additional parameters can be passed, to allow further testing:
+ *
+ *             default
+ * maxeasize    65536   limit the max. size for a single EA name
+ * maxeanames     101   limit of the number of tested names
+ * maxeastart       1   this EA size is used to test for the 1st EA (atm)
+ * maxeadebug       0   if set true, further debug output is done - in addition
+ *                      the testfile is not deleted for further inspection!
+ *
+ * Set some/all of these options on the cmdline with:
+ * --option torture:maxeasize=1024 --option torture:maxeadebug=1 ...
+ *
+ */
+static bool test_max_eas(struct smbcli_state *cli, struct torture_context *tctx)
+{
+	NTSTATUS status;
+	union smb_open io;
+	const char *fname = BASEDIR "\\ea_max.txt";
+	int fnum = -1;
+	bool ret = true;
+	bool err = false;
+
+	int       i, j, k, last;
+	size_t total;
+	DATA_BLOB eablob;
+	char      *eaname = NULL;
+	int       maxeasize;
+	int       maxeanames;
+	int       maxeastart;
+
+	torture_comment(tctx, "TESTING SETFILEINFO MAX. EA_SET\n");
+
+	maxeasize  = torture_setting_int(tctx, "maxeasize", 65536);
+	maxeanames = torture_setting_int(tctx, "maxeanames", 101);
+	maxeastart = torture_setting_int(tctx, "maxeastart", 1);
+	maxeadebug = torture_setting_bool(tctx, "maxeadebug", false);
+
+	/* Do some sanity check on possibly passed parms */
+	if (maxeasize <= 0) {
+		torture_comment(tctx, "Invalid parameter 'maxeasize=%d'",maxeasize);
+		err = true;
+	}
+	if (maxeanames <= 0) {
+		torture_comment(tctx, "Invalid parameter 'maxeanames=%d'",maxeanames);
+		err = true;
+	}
+	if (maxeastart <= 0) {
+		torture_comment(tctx, "Invalid parameter 'maxeastart=%d'",maxeastart);
+		err = true;
+	}
+	if (err) {
+	  torture_comment(tctx, "\n\n");
+	  goto done;
+	}
+	if (maxeastart > maxeasize) {
+		maxeastart = maxeasize;
+		torture_comment(tctx, "'maxeastart' outside range - corrected to %d\n",
+			maxeastart);
+	}
+	torture_comment(tctx, "MAXEA parms: maxeasize=%d maxeanames=%d maxeastart=%d"
+	       " maxeadebug=%d\n", maxeasize, maxeanames, maxeastart,
+	       maxeadebug);
+
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access =
+		NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	eablob = data_blob_talloc(tctx, NULL, maxeasize);
+	if (eablob.data == NULL) {
+		goto done;
+	}
+	/*
+	 * Fill in some EA data - the offset could be easily checked
+	 * during a hexdump.
+	 */
+	for (i = 0, k = 0; i < eablob.length / 4; i++, k+=4) {
+		eablob.data[k]   = k & 0xff;
+		eablob.data[k+1] = (k >>  8) & 0xff;
+		eablob.data[k+2] = (k >> 16) & 0xff;
+		eablob.data[k+3] = (k >> 24) & 0xff;
+	}
+
+	i = eablob.length % 4;
+	if (i-- > 0) {
+		eablob.data[k] = k & 0xff;
+		if (i-- > 0) {
+			eablob.data[k+1] = (k >>  8) & 0xff;
+			if (i-- > 0) {
+				eablob.data[k+2] = (k >> 16) & 0xff;
+			}
+		}
+	}
+	/*
+	 * Filesystems might allow max. EAs data for different EA names.
+	 * So more than one EA name should be checked.
+	 */
+	total = 0;
+	last  = maxeastart;
+
+	for (i = 0; i < maxeanames; i++) {
+		if (eaname != NULL) {
+			talloc_free(eaname);
+		}
+		eaname = talloc_asprintf(tctx, "MAX%d", i);
+		if(eaname == NULL) {
+			goto done;
+		}
+		j = test_one_eamax(tctx, cli, fnum, eaname, eablob, last, maxeadebug);
+		if (j <= 0) {
+			break;
+		}
+		total += j;
+		last = j;
+	}
+
+	torture_comment(tctx, "Total EA size:%zu\n", total);
+	if (i == maxeanames) {
+		torture_comment(tctx, "NOTE: More EAs could be available!\n");
+	}
+	if (total == 0) {
+		ret = false;
+	}
+done:
+	smbcli_close(cli->tree, fnum);
+	return ret;
+}
+
+/*
+  test using NTTRANS CREATE to create a file with an initial EA set
+*/
+static bool test_nttrans_create(struct smbcli_state *cli, struct torture_context *tctx)
+{
+	NTSTATUS status;
+	union smb_open io;
+	const char *fname = BASEDIR "\\ea2.txt";
+	const char *fname_bad = BASEDIR "\\ea2_bad.txt";
+	bool ret = true;
+	int fnum = -1;
+	struct ea_struct eas[3];
+	struct smb_ea_list ea_list;
+
+	torture_comment(tctx, "TESTING NTTRANS CREATE WITH EAS\n");
+
+	io.generic.level = RAW_OPEN_NTTRANS_CREATE;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access =
+		NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	ea_list.num_eas = 3;
+	ea_list.eas = eas;
+
+	eas[0].flags = 0;
+	eas[0].name.s = "1st EA";
+	eas[0].value = data_blob_string_const("Value One");
+
+	eas[1].flags = 0;
+	eas[1].name.s = "2nd EA";
+	eas[1].value = data_blob_string_const("Second Value");
+
+	eas[2].flags = 0;
+	eas[2].name.s = "and 3rd";
+	eas[2].value = data_blob_string_const("final value");
+
+	io.ntcreatex.in.ea_list = &ea_list;
+	io.ntcreatex.in.sec_desc = NULL;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	ret &= check_ea(cli, fname, "EAONE", NULL);
+	ret &= check_ea(cli, fname, "1st EA", "Value One");
+	ret &= check_ea(cli, fname, "2nd EA", "Second Value");
+	ret &= check_ea(cli, fname, "and 3rd", "final value");
+
+	smbcli_close(cli->tree, fnum);
+
+	torture_comment(tctx, "Trying to add EAs on non-create\n");
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io.ntcreatex.in.fname = fname;
+
+	ea_list.num_eas = 1;
+	eas[0].flags = 0;
+	eas[0].name.s = "Fourth EA";
+	eas[0].value = data_blob_string_const("Value Four");
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	ret &= check_ea(cli, fname, "1st EA", "Value One");
+	ret &= check_ea(cli, fname, "2nd EA", "Second Value");
+	ret &= check_ea(cli, fname, "and 3rd", "final value");
+	ret &= check_ea(cli, fname, "Fourth EA", NULL);
+
+	torture_comment(tctx, "TESTING NTTRANS CREATE WITH BAD EA NAMES\n");
+
+	io.generic.level = RAW_OPEN_NTTRANS_CREATE;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access =
+		NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname_bad;
+
+	ea_list.num_eas = 3;
+	ea_list.eas = eas;
+
+	eas[0].flags = 0;
+	eas[0].name.s = "1st EA";
+	eas[0].value = data_blob_string_const("Value One");
+
+	eas[1].flags = 0;
+	eas[1].name.s = "2nd:BAD:EA";
+	eas[1].value = data_blob_string_const("Second Value");
+
+	eas[2].flags = 0;
+	eas[2].name.s = "and 3rd";
+	eas[2].value = data_blob_string_const("final value");
+
+	io.ntcreatex.in.ea_list = &ea_list;
+	io.ntcreatex.in.sec_desc = NULL;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, STATUS_INVALID_EA_NAME);
+
+	/* File must not exist. */
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access =
+		NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname_bad;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+done:
+	smbcli_close(cli->tree, fnum);
+	return ret;
+}
+
+/*
+   basic testing of EA calls
+*/
+bool torture_raw_eas(struct torture_context *torture, struct smbcli_state *cli)
+{
+	bool ret = true;
+
+	torture_assert(torture, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	ret &= test_eas(cli, torture);
+	ret &= test_nttrans_create(cli, torture);
+
+	smb_raw_exit(cli->session);
+
+	return ret;
+}
+
+/*
+   test max EA size
+*/
+bool torture_max_eas(struct torture_context *torture)
+{
+	struct smbcli_state *cli;
+	bool ret = true;
+
+	if (!torture_open_connection(&cli, torture, 0)) {
+		return false;
+	}
+
+	torture_assert(torture, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	ret &= test_max_eas(cli, torture);
+
+	smb_raw_exit(cli->session);
+	if (!maxeadebug) {
+		/* in no ea debug case, all files are gone now */
+		smbcli_deltree(cli->tree, BASEDIR);
+	}
+
+	torture_close_connection(cli);
+	return ret;
+}
diff --git a/source4/torture/raw/ioctl.c b/source4/torture/raw/ioctl.c
new file mode 100644
index 0000000..0dc0ac9
--- /dev/null
+++ b/source4/torture/raw/ioctl.c
@@ -0,0 +1,191 @@
+/* 
+   Unix SMB/CIFS implementation.
+   ioctl individual test suite
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) James J Myers 2003 <myersjj@samba.org>
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "../libcli/smb/smb_constants.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "torture/raw/proto.h"
+
+#define BASEDIR "\\rawioctl"
+
+#define CHECK_STATUS(status, correct) do { \
+	if (!NT_STATUS_EQUAL(status, correct)) { \
+		printf("(%d) Incorrect status %s - should be %s\n", \
+		       __LINE__, nt_errstr(status), nt_errstr(correct)); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+
+/* test some ioctls */
+static bool test_ioctl(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
+{
+	union smb_ioctl ctl;
+	int fnum;
+	NTSTATUS status;
+	bool ret = true;
+	const char *fname = BASEDIR "\\test.dat";
+
+	printf("TESTING IOCTL FUNCTIONS\n");
+
+	fnum = create_complex_file(cli, mem_ctx, fname);
+	if (fnum == -1) {
+		printf("Failed to create test.dat - %s\n", smbcli_errstr(cli->tree));
+		ret = false;
+		goto done;
+	}
+
+ 	printf("Trying 0xFFFF\n");
+ 	ctl.ioctl.level = RAW_IOCTL_IOCTL;
+	ctl.ioctl.in.file.fnum = fnum;
+	ctl.ioctl.in.request = 0xFFFF;
+
+	status = smb_raw_ioctl(cli->tree, mem_ctx, &ctl);
+	CHECK_STATUS(status, NT_STATUS_DOS(ERRSRV, ERRerror));
+
+ 	printf("Trying QUERY_JOB_INFO\n");
+ 	ctl.ioctl.level = RAW_IOCTL_IOCTL;
+	ctl.ioctl.in.file.fnum = fnum;
+	ctl.ioctl.in.request = IOCTL_QUERY_JOB_INFO;
+
+	status = smb_raw_ioctl(cli->tree, mem_ctx, &ctl);
+	CHECK_STATUS(status, NT_STATUS_DOS(ERRSRV, ERRerror));
+
+ 	printf("Trying bad handle\n");
+	ctl.ioctl.in.file.fnum = fnum+1;
+	status = smb_raw_ioctl(cli->tree, mem_ctx, &ctl);
+	CHECK_STATUS(status, NT_STATUS_DOS(ERRSRV, ERRerror));
+
+done:
+	smbcli_close(cli->tree, fnum);
+	return ret;
+}
+
+/* test some filesystem control functions */
+static bool test_fsctl(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
+{
+	int fnum;
+	NTSTATUS status;
+	bool ret = true;
+	const char *fname = BASEDIR "\\test.dat";
+	union smb_ioctl nt;
+
+	printf("\nTESTING FSCTL FUNCTIONS\n");
+
+	fnum = create_complex_file(cli, mem_ctx, fname);
+	if (fnum == -1) {
+		printf("Failed to create test.dat - %s\n", smbcli_errstr(cli->tree));
+		ret = false;
+		goto done;
+	}
+
+	printf("Trying FSCTL_FIND_FILES_BY_SID\n");
+	nt.ioctl.level = RAW_IOCTL_NTIOCTL;
+	nt.ntioctl.in.function = FSCTL_FIND_FILES_BY_SID;
+	nt.ntioctl.in.file.fnum = fnum;
+	nt.ntioctl.in.fsctl = true;
+	nt.ntioctl.in.filter = 0;
+	nt.ntioctl.in.max_data = 0;
+	nt.ntioctl.in.blob = data_blob(NULL, 1024);
+	/* definitely not a sid... */
+	generate_random_buffer(nt.ntioctl.in.blob.data,
+			       nt.ntioctl.in.blob.length);
+	nt.ntioctl.in.blob.data[1] = 15+1;
+	status = smb_raw_ioctl(cli->tree, mem_ctx, &nt);
+	if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER) &&
+	    !NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED) &&
+	    !NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
+		printf("Got unexpected error code: %s\n",
+			nt_errstr(status));
+		ret = false;
+		goto done;
+	}
+
+	printf("trying sparse file\n");
+	nt.ioctl.level = RAW_IOCTL_NTIOCTL;
+	nt.ntioctl.in.function = FSCTL_SET_SPARSE;
+	nt.ntioctl.in.file.fnum = fnum;
+	nt.ntioctl.in.fsctl = true;
+	nt.ntioctl.in.filter = 0;
+	nt.ntioctl.in.max_data = 0;
+	nt.ntioctl.in.blob = data_blob(NULL, 0);
+
+	status = smb_raw_ioctl(cli->tree, mem_ctx, &nt);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	printf("trying batch oplock\n");
+	nt.ioctl.level = RAW_IOCTL_NTIOCTL;
+	nt.ntioctl.in.function = FSCTL_REQUEST_BATCH_OPLOCK;
+	nt.ntioctl.in.file.fnum = fnum;
+	nt.ntioctl.in.fsctl = true;
+	nt.ntioctl.in.filter = 0;
+	nt.ntioctl.in.max_data = 0;
+	nt.ntioctl.in.blob = data_blob(NULL, 0);
+
+	status = smb_raw_ioctl(cli->tree, mem_ctx, &nt);
+	if (NT_STATUS_IS_OK(status)) {
+		printf("Server supports batch oplock upgrades on open files\n");
+	} else {
+		printf("Server does not support batch oplock upgrades on open files\n");
+	}
+
+ 	printf("Trying bad handle\n");
+	nt.ntioctl.in.file.fnum = fnum+1;
+	status = smb_raw_ioctl(cli->tree, mem_ctx, &nt);
+	CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE);
+
+#if 0
+	nt.ntioctl.in.file.fnum = fnum;
+	for (i=0;i<100;i++) {
+		nt.ntioctl.in.function = FSCTL_FILESYSTEM + (i<<2);
+		status = smb_raw_ioctl(cli->tree, mem_ctx, &nt);
+		if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
+			printf("filesystem fsctl 0x%x - %s\n",
+			       i, nt_errstr(status));
+		}
+	}
+#endif
+
+done:
+	smbcli_close(cli->tree, fnum);
+	return ret;
+}
+
+/* 
+   basic testing of some ioctl calls 
+*/
+bool torture_raw_ioctl(struct torture_context *torture, 
+		       struct smbcli_state *cli)
+{
+	bool ret = true;
+
+	torture_assert(torture, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	ret &= test_ioctl(cli, torture);
+	ret &= test_fsctl(cli, torture);
+
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
diff --git a/source4/torture/raw/lock.c b/source4/torture/raw/lock.c
new file mode 100644
index 0000000..6dbc9e9
--- /dev/null
+++ b/source4/torture/raw/lock.c
@@ -0,0 +1,3586 @@
+/* 
+   Unix SMB/CIFS implementation.
+   test suite for various lock operations
+   Copyright (C) Andrew Tridgell 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/torture.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "system/time.h"
+#include "system/filesys.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "libcli/composite/composite.h"
+#include "libcli/smb_composite/smb_composite.h"
+#include "lib/cmdline/cmdline.h"
+#include "param/param.h"
+#include "torture/raw/proto.h"
+
+#define CHECK_STATUS(status, correct) do { \
+	if (!NT_STATUS_EQUAL(status, correct)) { \
+		torture_result(tctx, TORTURE_FAIL, \
+			"(%s) Incorrect status %s - should be %s\n", \
+			__location__, nt_errstr(status), nt_errstr(correct)); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+#define CHECK_STATUS_CONT(status, correct) do { \
+	if (!NT_STATUS_EQUAL(status, correct)) { \
+		torture_result(tctx, TORTURE_FAIL, \
+			"(%s) Incorrect status %s - should be %s\n", \
+			__location__, nt_errstr(status), nt_errstr(correct)); \
+		ret = false; \
+	}} while (0)
+
+#define CHECK_STATUS_OR(status, correct1, correct2) do { \
+	if ((!NT_STATUS_EQUAL(status, correct1)) && \
+	    (!NT_STATUS_EQUAL(status, correct2))) { \
+		torture_result(tctx, TORTURE_FAIL, \
+			"(%s) Incorrect status %s - should be %s or %s\n", \
+			__location__, nt_errstr(status), nt_errstr(correct1), \
+			nt_errstr(correct2)); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+#define CHECK_STATUS_OR_CONT(status, correct1, correct2) do { \
+	if ((!NT_STATUS_EQUAL(status, correct1)) && \
+	    (!NT_STATUS_EQUAL(status, correct2))) { \
+		torture_result(tctx, TORTURE_FAIL, \
+			"(%s) Incorrect status %s - should be %s or %s\n", \
+			__location__, nt_errstr(status), nt_errstr(correct1), \
+			nt_errstr(correct2)); \
+		ret = false; \
+	}} while (0)
+#define BASEDIR "\\testlock"
+
+#define TARGET_IS_W2K8(_tctx) (torture_setting_bool(_tctx, "w2k8", false))
+#define TARGET_IS_WIN7(_tctx) (torture_setting_bool(_tctx, "win7", false))
+#define TARGET_IS_WINDOWS(_tctx) \
+	((torture_setting_bool(_tctx, "w2k3", false)) || \
+	 (torture_setting_bool(_tctx, "w2k8", false)) || \
+	 (torture_setting_bool(_tctx, "win7", false)))
+#define TARGET_IS_SAMBA3(_tctx) (torture_setting_bool(_tctx, "samba3", false))
+#define TARGET_IS_SAMBA4(_tctx) (torture_setting_bool(_tctx, "samba4", false))
+
+#define TARGET_SUPPORTS_INVALID_LOCK_RANGE(_tctx) \
+	(torture_setting_bool(_tctx, "invalid_lock_range_support", true))
+#define TARGET_SUPPORTS_SMBEXIT(_tctx) \
+    (torture_setting_bool(_tctx, "smbexit_pdu_support", true))
+#define TARGET_SUPPORTS_SMBLOCK(_tctx) \
+    (torture_setting_bool(_tctx, "smblock_pdu_support", true))
+#define TARGET_SUPPORTS_OPENX_DENY_DOS(_tctx) \
+    (torture_setting_bool(_tctx, "openx_deny_dos_support", true))
+#define TARGET_RETURNS_RANGE_NOT_LOCKED(_tctx) \
+    (torture_setting_bool(_tctx, "range_not_locked_on_file_close", true))
+/*
+  test SMBlock and SMBunlock ops
+*/
+static bool test_lock(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	union smb_lock io;
+	NTSTATUS status;
+	bool ret = true;
+	int fnum;
+	const char *fname = BASEDIR "\\test.txt";
+
+	if (!TARGET_SUPPORTS_SMBLOCK(tctx))
+		torture_skip(tctx, "Target does not support the SMBlock PDU");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	torture_comment(tctx, "Testing RAW_LOCK_LOCK\n");
+	io.generic.level = RAW_LOCK_LOCK;
+	
+	fnum = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	torture_assert(tctx,(fnum != -1), talloc_asprintf(tctx,
+		       "Failed to create %s - %s\n",
+		       fname, smbcli_errstr(cli->tree)));
+
+	torture_comment(tctx, "Trying 0/0 lock\n");
+	io.lock.level = RAW_LOCK_LOCK;
+	io.lock.in.file.fnum = fnum;
+	io.lock.in.count = 0;
+	io.lock.in.offset = 0;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	cli->session->pid++;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	cli->session->pid--;
+	io.lock.level = RAW_LOCK_UNLOCK;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "Trying 0/1 lock\n");
+	io.lock.level = RAW_LOCK_LOCK;
+	io.lock.in.file.fnum = fnum;
+	io.lock.in.count = 1;
+	io.lock.in.offset = 0;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	cli->session->pid++;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+	cli->session->pid--;
+	io.lock.level = RAW_LOCK_UNLOCK;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	io.lock.level = RAW_LOCK_UNLOCK;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+	torture_comment(tctx, "Trying 0xEEFFFFFF lock\n");
+	io.lock.level = RAW_LOCK_LOCK;
+	io.lock.in.file.fnum = fnum;
+	io.lock.in.count = 4000;
+	io.lock.in.offset = 0xEEFFFFFF;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	cli->session->pid++;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+	cli->session->pid--;
+	io.lock.level = RAW_LOCK_UNLOCK;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	io.lock.level = RAW_LOCK_UNLOCK;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+	torture_comment(tctx, "Trying 0xEEFFFFFF lock\n");
+	io.lock.level = RAW_LOCK_LOCK;
+	io.lock.in.file.fnum = fnum;
+	io.lock.in.count = 4000;
+	io.lock.in.offset = 0xEEFFFFFF;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	cli->session->pid++;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+	cli->session->pid--;
+	io.lock.level = RAW_LOCK_UNLOCK;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	io.lock.level = RAW_LOCK_UNLOCK;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+	torture_comment(tctx, "Trying max lock\n");
+	io.lock.level = RAW_LOCK_LOCK;
+	io.lock.in.file.fnum = fnum;
+	io.lock.in.count = 4000;
+	io.lock.in.offset = 0xEF000000;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	cli->session->pid++;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+	cli->session->pid--;
+	io.lock.level = RAW_LOCK_UNLOCK;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	io.lock.level = RAW_LOCK_UNLOCK;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+	torture_comment(tctx, "Trying wrong pid unlock\n");
+	io.lock.level = RAW_LOCK_LOCK;
+	io.lock.in.file.fnum = fnum;
+	io.lock.in.count = 4002;
+	io.lock.in.offset = 10001;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	cli->session->pid++;
+	io.lock.level = RAW_LOCK_UNLOCK;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+	cli->session->pid--;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+done:
+	smbcli_close(cli->tree, fnum);
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+
+/*
+  test locking&X ops
+*/
+static bool test_lockx(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	union smb_lock io;
+	struct smb_lock_entry lock[1];
+	NTSTATUS status;
+	bool ret = true;
+	int fnum;
+	const char *fname = BASEDIR "\\test.txt";
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	torture_comment(tctx, "Testing RAW_LOCK_LOCKX\n");
+	io.generic.level = RAW_LOCK_LOCKX;
+	
+	fnum = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	torture_assert(tctx,(fnum != -1), talloc_asprintf(tctx,
+		       "Failed to create %s - %s\n",
+		       fname, smbcli_errstr(cli->tree)));
+
+	io.lockx.level = RAW_LOCK_LOCKX;
+	io.lockx.in.file.fnum = fnum;
+	io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+	io.lockx.in.timeout = 0;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	lock[0].pid = cli->session->pid;
+	lock[0].offset = 10;
+	lock[0].count = 1;
+	io.lockx.in.locks = &lock[0];
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+
+	torture_comment(tctx, "Trying 0xEEFFFFFF lock\n");
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	lock[0].count = 4000;
+	lock[0].offset = 0xEEFFFFFF;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	lock[0].pid++;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+	lock[0].pid--;
+	io.lockx.in.ulock_cnt = 1;
+	io.lockx.in.lock_cnt = 0;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+	torture_comment(tctx, "Trying 0xEF000000 lock\n");
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	lock[0].count = 4000;
+	lock[0].offset = 0xEF000000;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	lock[0].pid++;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+	lock[0].pid--;
+	io.lockx.in.ulock_cnt = 1;
+	io.lockx.in.lock_cnt = 0;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+	torture_comment(tctx, "Trying zero lock\n");
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	lock[0].count = 0;
+	lock[0].offset = ~0;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	lock[0].pid++;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	lock[0].pid--;
+	io.lockx.in.ulock_cnt = 1;
+	io.lockx.in.lock_cnt = 0;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+	torture_comment(tctx, "Trying max lock\n");
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	lock[0].count = 0;
+	lock[0].offset = ~0;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	lock[0].pid++;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	lock[0].pid--;
+	io.lockx.in.ulock_cnt = 1;
+	io.lockx.in.lock_cnt = 0;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+	torture_comment(tctx, "Trying 2^63\n");
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	lock[0].count = 1;
+	lock[0].offset = 1;
+	lock[0].offset <<= 63;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	lock[0].pid++;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+	lock[0].pid--;
+	io.lockx.in.ulock_cnt = 1;
+	io.lockx.in.lock_cnt = 0;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+	torture_comment(tctx, "Trying 2^63 - 1\n");
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	lock[0].count = 1;
+	lock[0].offset = 1;
+	lock[0].offset <<= 63;
+	lock[0].offset--;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	lock[0].pid++;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+	lock[0].pid--;
+	io.lockx.in.ulock_cnt = 1;
+	io.lockx.in.lock_cnt = 0;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+	torture_comment(tctx, "Trying max lock 2\n");
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	lock[0].count = 1;
+	lock[0].offset = ~0;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	lock[0].pid++;
+	lock[0].count = 2;
+	status = smb_raw_lock(cli->tree, &io);
+	if (TARGET_SUPPORTS_INVALID_LOCK_RANGE(tctx))
+		CHECK_STATUS(status, NT_STATUS_INVALID_LOCK_RANGE);
+	else
+		CHECK_STATUS(status, NT_STATUS_OK);
+	lock[0].pid--;
+	io.lockx.in.ulock_cnt = 1;
+	io.lockx.in.lock_cnt = 0;
+	lock[0].count = 1;
+	status = smb_raw_lock(cli->tree, &io);
+
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+done:
+	smbcli_close(cli->tree, fnum);
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+/*
+  test high pid
+*/
+static bool test_pidhigh(struct torture_context *tctx, 
+						 struct smbcli_state *cli)
+{
+	union smb_lock io;
+	struct smb_lock_entry lock[1];
+	NTSTATUS status;
+	bool ret = true;
+	int fnum;
+	const char *fname = BASEDIR "\\test.txt";
+	uint8_t c = 1;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	torture_comment(tctx, "Testing high pid\n");
+	io.generic.level = RAW_LOCK_LOCKX;
+
+	cli->session->pid = 1;
+	
+	fnum = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	torture_assert(tctx,(fnum != -1), talloc_asprintf(tctx,
+		       "Failed to create %s - %s\n",
+		       fname, smbcli_errstr(cli->tree)));
+
+	if (smbcli_write(cli->tree, fnum, 0, &c, 0, 1) != 1) {
+		torture_result(tctx, TORTURE_FAIL,
+			"Failed to write 1 byte - %s\n",
+			smbcli_errstr(cli->tree));
+		ret = false;
+		goto done;
+	}
+
+	io.lockx.level = RAW_LOCK_LOCKX;
+	io.lockx.in.file.fnum = fnum;
+	io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+	io.lockx.in.timeout = 0;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	lock[0].pid = cli->session->pid;
+	lock[0].offset = 0;
+	lock[0].count = 0xFFFFFFFF;
+	io.lockx.in.locks = &lock[0];
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	if (smbcli_read(cli->tree, fnum, &c, 0, 1) != 1) {
+		torture_result(tctx, TORTURE_FAIL,
+			"Failed to read 1 byte - %s\n",
+			smbcli_errstr(cli->tree));
+		ret = false;
+		goto done;
+	}
+
+	cli->session->pid = 2;
+
+	if (smbcli_read(cli->tree, fnum, &c, 0, 1) == 1) {
+		torture_result(tctx, TORTURE_FAIL,
+			"pid is incorrect handled for read with lock!\n");
+		ret = false;
+		goto done;
+	}
+
+	cli->session->pid = 0x10001;
+
+	if (smbcli_read(cli->tree, fnum, &c, 0, 1) != 1) {
+		torture_result(tctx, TORTURE_FAIL,
+			"High pid is used on this server!\n");
+		ret = false;
+	} else {
+		torture_warning(tctx, "High pid is not used on this server (correct)\n");
+	}
+
+done:
+	smbcli_close(cli->tree, fnum);
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+
+/*
+  test locking&X async operation
+*/
+static bool test_async(struct torture_context *tctx, 
+					   struct smbcli_state *cli)
+{
+	struct smbcli_session *session;
+	struct smb_composite_sesssetup setup;
+	struct smbcli_tree *tree;
+	union smb_tcon tcon;
+	const char *host, *share;
+	union smb_lock io;
+	struct smb_lock_entry lock[2];
+	NTSTATUS status;
+	bool ret = true;
+	int fnum;
+	const char *fname = BASEDIR "\\test.txt";
+	time_t t;
+	struct smbcli_request *req, *req2;
+	struct smbcli_session_options options;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	lpcfg_smbcli_session_options(tctx->lp_ctx, &options);
+
+	torture_comment(tctx, "Testing LOCKING_ANDX_CANCEL_LOCK\n");
+	io.generic.level = RAW_LOCK_LOCKX;
+
+	fnum = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	torture_assert(tctx,(fnum != -1), talloc_asprintf(tctx,
+		       "Failed to create %s - %s\n",
+		       fname, smbcli_errstr(cli->tree)));
+
+	io.lockx.level = RAW_LOCK_LOCKX;
+	io.lockx.in.file.fnum = fnum;
+	io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+	io.lockx.in.timeout = 0;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	lock[0].pid = cli->session->pid;
+	lock[0].offset = 100;
+	lock[0].count = 10;
+	lock[1].pid = cli->session->pid;
+	lock[1].offset = 110;
+	lock[1].count = 10;
+	io.lockx.in.locks = &lock[0];
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	t = time_mono(NULL);
+
+	torture_comment(tctx, "Testing cancel by CANCEL_LOCK\n");
+
+	/* setup a timed lock */
+	io.lockx.in.timeout = 10000;
+	req = smb_raw_lock_send(cli->tree, &io);
+	torture_assert(tctx,(req != NULL), talloc_asprintf(tctx,
+		       "Failed to setup timed lock (%s)\n", __location__));
+
+	/* cancel the wrong range */
+	lock[0].offset = 0;
+	io.lockx.in.timeout = 0;
+	io.lockx.in.mode = LOCKING_ANDX_CANCEL_LOCK;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_DOS(ERRDOS, ERRcancelviolation));
+
+	/* cancel with the wrong bits set */
+	lock[0].offset = 100;
+	io.lockx.in.timeout = 0;
+	io.lockx.in.mode = LOCKING_ANDX_CANCEL_LOCK;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_DOS(ERRDOS, ERRcancelviolation));
+
+	/* cancel the right range */
+	lock[0].offset = 100;
+	io.lockx.in.timeout = 0;
+	io.lockx.in.mode = LOCKING_ANDX_CANCEL_LOCK | LOCKING_ANDX_LARGE_FILES;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* receive the failed lock request */
+	status = smbcli_request_simple_recv(req);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	torture_assert(tctx,!(time_mono(NULL) > t+2), talloc_asprintf(tctx,
+		       "lock cancel was not immediate (%s)\n", __location__));
+
+	/* MS-CIFS (2.2.4.32.1) states that a cancel is honored if and only
+	 * if the lock vector contains one entry. When given multiple cancel
+	 * requests in a single PDU we expect the server to return an
+	 * error. Samba4 handles this correctly. Windows servers seem to
+	 * accept the request but only cancel the first lock.  Samba3
+	 * now does what Windows does (JRA).
+	 */
+	torture_comment(tctx, "Testing multiple cancel\n");
+
+	/* acquire second lock */
+	io.lockx.in.timeout = 0;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+	io.lockx.in.locks = &lock[1];
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* setup 2 timed locks */
+	t = time_mono(NULL);
+	io.lockx.in.timeout = 10000;
+	io.lockx.in.lock_cnt = 1;
+	io.lockx.in.locks = &lock[0];
+	req = smb_raw_lock_send(cli->tree, &io);
+	torture_assert(tctx,(req != NULL), talloc_asprintf(tctx,
+		       "Failed to setup timed lock (%s)\n", __location__));
+	io.lockx.in.locks = &lock[1];
+	req2 = smb_raw_lock_send(cli->tree, &io);
+	torture_assert(tctx,(req2 != NULL), talloc_asprintf(tctx,
+		       "Failed to setup timed lock (%s)\n", __location__));
+
+	/* try to cancel both locks in the same packet */
+	io.lockx.in.timeout = 0;
+	io.lockx.in.lock_cnt = 2;
+	io.lockx.in.mode = LOCKING_ANDX_CANCEL_LOCK | LOCKING_ANDX_LARGE_FILES;
+	io.lockx.in.locks = lock;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_warning(tctx, "Target server accepted a lock cancel "
+			      "request with multiple locks. This violates "
+			      "MS-CIFS 2.2.4.32.1.\n");
+
+	/* receive the failed lock requests */
+	status = smbcli_request_simple_recv(req);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	torture_assert(tctx,!(time_mono(NULL) > t+2), talloc_asprintf(tctx,
+		       "first lock was not cancelled immediately (%s)\n",
+		       __location__));
+
+	/* send cancel to second lock */
+	io.lockx.in.timeout = 0;
+	io.lockx.in.lock_cnt = 1;
+	io.lockx.in.mode = LOCKING_ANDX_CANCEL_LOCK |
+			   LOCKING_ANDX_LARGE_FILES;
+	io.lockx.in.locks = &lock[1];
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smbcli_request_simple_recv(req2);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	torture_assert(tctx,!(time_mono(NULL) > t+2), talloc_asprintf(tctx,
+		       "second lock was not cancelled immediately (%s)\n",
+		       __location__));
+
+	/* cleanup the second lock */
+	io.lockx.in.ulock_cnt = 1;
+	io.lockx.in.lock_cnt = 0;
+	io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+	io.lockx.in.locks = &lock[1];
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* If a lock request contained multiple ranges and we are cancelling
+	 * one while it's still pending, what happens? */
+	torture_comment(tctx, "Testing cancel 1/2 lock request\n");
+
+	/* Send request with two ranges */
+	io.lockx.in.timeout = -1;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 2;
+	io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+	io.lockx.in.locks = lock;
+	req = smb_raw_lock_send(cli->tree, &io);
+	torture_assert(tctx,(req != NULL), talloc_asprintf(tctx,
+		       "Failed to setup pending lock (%s)\n", __location__));
+
+	/* Try to cancel the first lock range */
+	io.lockx.in.timeout = 0;
+	io.lockx.in.lock_cnt = 1;
+	io.lockx.in.mode = LOCKING_ANDX_CANCEL_LOCK | LOCKING_ANDX_LARGE_FILES;
+	io.lockx.in.locks = &lock[0];
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Locking request should've failed and second range should be
+	 * unlocked */
+	status = smbcli_request_simple_recv(req);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	io.lockx.in.timeout = 0;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+	io.lockx.in.locks = &lock[1];
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Cleanup both locks */
+	io.lockx.in.ulock_cnt = 2;
+	io.lockx.in.lock_cnt = 0;
+	io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+	io.lockx.in.locks = lock;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "Testing cancel 2/2 lock request\n");
+
+	/* Lock second range so it contends */
+	io.lockx.in.timeout = 0;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+	io.lockx.in.locks = &lock[1];
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Send request with two ranges */
+	io.lockx.in.timeout = -1;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 2;
+	io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+	io.lockx.in.locks = lock;
+	req = smb_raw_lock_send(cli->tree, &io);
+	torture_assert(tctx,(req != NULL), talloc_asprintf(tctx,
+		       "Failed to setup pending lock (%s)\n", __location__));
+
+	/* Try to cancel the second lock range */
+	io.lockx.in.timeout = 0;
+	io.lockx.in.lock_cnt = 1;
+	io.lockx.in.mode = LOCKING_ANDX_CANCEL_LOCK | LOCKING_ANDX_LARGE_FILES;
+	io.lockx.in.locks = &lock[1];
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Locking request should've failed and first range should be
+	 * unlocked */
+	status = smbcli_request_simple_recv(req);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	io.lockx.in.timeout = 0;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+	io.lockx.in.locks = &lock[0];
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Cleanup both locks */
+	io.lockx.in.ulock_cnt = 2;
+	io.lockx.in.lock_cnt = 0;
+	io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+	io.lockx.in.locks = lock;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "Testing cancel by unlock\n");
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+	io.lockx.in.timeout = 0;
+	io.lockx.in.locks = &lock[0];
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	io.lockx.in.timeout = 5000;
+	req = smb_raw_lock_send(cli->tree, &io);
+	torture_assert(tctx,(req != NULL), talloc_asprintf(tctx,
+		       "Failed to setup timed lock (%s)\n", __location__));
+
+	io.lockx.in.ulock_cnt = 1;
+	io.lockx.in.lock_cnt = 0;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	t = time_mono(NULL);
+	status = smbcli_request_simple_recv(req);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_assert(tctx,!(time_mono(NULL) > t+2), talloc_asprintf(tctx,
+		       "lock cancel by unlock was not immediate (%s) - took %d secs\n",
+		       __location__, (int)(time_mono(NULL)-t)));
+
+	torture_comment(tctx, "Testing cancel by close\n");
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+	io.lockx.in.timeout = 0;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	{
+		/*
+		 * Make the test block on the second lock
+		 * request. This is to regression-test 64c0367.
+		 */
+		uint64_t tmp = lock[1].offset;
+		lock[1].offset = lock[0].offset;
+		lock[0].offset = tmp;
+	}
+
+	t = time_mono(NULL);
+	io.lockx.in.timeout = 10000;
+	io.lockx.in.lock_cnt = 2;
+	req = smb_raw_lock_send(cli->tree, &io);
+	torture_assert(tctx,(req != NULL), talloc_asprintf(tctx,
+		       "Failed to setup timed lock (%s)\n", __location__));
+
+	status = smbcli_close(cli->tree, fnum);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smbcli_request_simple_recv(req);
+	if (TARGET_RETURNS_RANGE_NOT_LOCKED(tctx))
+		CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+	else
+		CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	torture_assert(tctx,!(time_mono(NULL) > t+2), talloc_asprintf(tctx,
+		       "lock cancel by close was not immediate (%s)\n", __location__));
+
+	{
+		/*
+		 * Undo the change for 64c0367
+		 */
+		uint64_t tmp = lock[1].offset;
+		lock[1].offset = lock[0].offset;
+		lock[0].offset = tmp;
+	}
+
+	torture_comment(tctx, "create a new sessions\n");
+	session = smbcli_session_init(cli->transport, tctx, false, options);
+	setup.in.sesskey = cli->transport->negotiate.sesskey;
+	setup.in.capabilities = cli->transport->negotiate.capabilities;
+	setup.in.workgroup = lpcfg_workgroup(tctx->lp_ctx);
+	setup.in.credentials = samba_cmdline_get_creds();
+	setup.in.gensec_settings = lpcfg_gensec_settings(tctx, tctx->lp_ctx);
+	status = smb_composite_sesssetup(session, &setup);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	session->vuid = setup.out.vuid;
+
+	torture_comment(tctx, "create new tree context\n");
+	share = torture_setting_string(tctx, "share", NULL);
+	host  = torture_setting_string(tctx, "host", NULL);
+	tree = smbcli_tree_init(session, tctx, false);
+	tcon.generic.level = RAW_TCON_TCONX;
+	tcon.tconx.in.flags = TCONX_FLAG_EXTENDED_RESPONSE;
+	tcon.tconx.in.password = data_blob(NULL, 0);
+	tcon.tconx.in.path = talloc_asprintf(tctx, "\\\\%s\\%s", host, share);
+	tcon.tconx.in.device = "A:";
+	status = smb_raw_tcon(tree, tctx, &tcon);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	tree->tid = tcon.tconx.out.tid;
+
+	torture_comment(tctx, "Testing cancel by exit\n");
+	if (TARGET_SUPPORTS_SMBEXIT(tctx)) {
+		fname = BASEDIR "\\test_exit.txt";
+		fnum = smbcli_open(tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+		torture_assert(tctx,(fnum != -1), talloc_asprintf(tctx,
+			       "Failed to reopen %s - %s\n",
+			       fname, smbcli_errstr(tree)));
+
+		io.lockx.level = RAW_LOCK_LOCKX;
+		io.lockx.in.file.fnum = fnum;
+		io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+		io.lockx.in.timeout = 0;
+		io.lockx.in.ulock_cnt = 0;
+		io.lockx.in.lock_cnt = 1;
+		lock[0].pid = session->pid;
+		lock[0].offset = 100;
+		lock[0].count = 10;
+		io.lockx.in.locks = &lock[0];
+		status = smb_raw_lock(tree, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		io.lockx.in.ulock_cnt = 0;
+		io.lockx.in.lock_cnt = 1;
+		io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+		io.lockx.in.timeout = 0;
+		status = smb_raw_lock(tree, &io);
+		CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+		io.lockx.in.timeout = 10000;
+		t = time_mono(NULL);
+		req = smb_raw_lock_send(tree, &io);
+		torture_assert(tctx,(req != NULL), talloc_asprintf(tctx,
+			       "Failed to setup timed lock (%s)\n",
+			       __location__));
+
+		status = smb_raw_exit(session);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		status = smbcli_request_simple_recv(req);
+		if (TARGET_RETURNS_RANGE_NOT_LOCKED(tctx))
+			CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+		else
+			CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+		torture_assert(tctx,!(time_mono(NULL) > t+2), talloc_asprintf(tctx,
+			       "lock cancel by exit was not immediate (%s)\n",
+			       __location__));
+	}
+	else {
+		torture_comment(tctx,
+				"  skipping test, SMBExit not supported\n");
+	}
+
+	torture_comment(tctx, "Testing cancel by ulogoff\n");
+	fname = BASEDIR "\\test_ulogoff.txt";
+	fnum = smbcli_open(tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	torture_assert(tctx,(fnum != -1), talloc_asprintf(tctx,
+		       "Failed to reopen %s - %s\n",
+		       fname, smbcli_errstr(tree)));
+
+	io.lockx.level = RAW_LOCK_LOCKX;
+	io.lockx.in.file.fnum = fnum;
+	io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+	io.lockx.in.timeout = 0;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	lock[0].pid = session->pid;
+	lock[0].offset = 100;
+	lock[0].count = 10;
+	io.lockx.in.locks = &lock[0];
+	status = smb_raw_lock(tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+	io.lockx.in.timeout = 0;
+	status = smb_raw_lock(tree, &io);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	io.lockx.in.timeout = 10000;
+	t = time_mono(NULL);
+	req = smb_raw_lock_send(tree, &io);
+	torture_assert(tctx,(req != NULL), talloc_asprintf(tctx,
+		       "Failed to setup timed lock (%s)\n", __location__));
+
+	status = smb_raw_ulogoff(session);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smbcli_request_simple_recv(req);
+	if (TARGET_RETURNS_RANGE_NOT_LOCKED(tctx)) {
+		if (NT_STATUS_EQUAL(NT_STATUS_FILE_LOCK_CONFLICT, status)) {
+			torture_result(tctx, TORTURE_FAIL,
+				"lock not canceled by ulogoff - %s "
+				"(ignored because of vfs_vifs fails it)\n",
+				nt_errstr(status));
+			smb_tree_disconnect(tree);
+			smb_raw_exit(session);
+			goto done;
+		}
+		CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+	} else {
+		CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+	}
+
+	torture_assert(tctx,!(time_mono(NULL) > t+2), talloc_asprintf(tctx,
+		       "lock cancel by ulogoff was not immediate (%s)\n", __location__));
+
+	torture_comment(tctx, "Testing cancel by tdis\n");
+	tree->session = cli->session;
+
+	fname = BASEDIR "\\test_tdis.txt";
+	fnum = smbcli_open(tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	torture_assert(tctx,(fnum != -1), talloc_asprintf(tctx,
+		       "Failed to reopen %s - %s\n",
+		       fname, smbcli_errstr(tree)));
+
+	io.lockx.level = RAW_LOCK_LOCKX;
+	io.lockx.in.file.fnum = fnum;
+	io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+	io.lockx.in.timeout = 0;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	lock[0].pid = cli->session->pid;
+	lock[0].offset = 100;
+	lock[0].count = 10;
+	io.lockx.in.locks = &lock[0];
+	status = smb_raw_lock(tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb_raw_lock(tree, &io);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	io.lockx.in.timeout = 10000;
+	t = time_mono(NULL);
+	req = smb_raw_lock_send(tree, &io);
+	torture_assert(tctx,(req != NULL), talloc_asprintf(tctx,
+		       "Failed to setup timed lock (%s)\n", __location__));
+
+	status = smb_tree_disconnect(tree);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smbcli_request_simple_recv(req);
+	if (TARGET_RETURNS_RANGE_NOT_LOCKED(tctx))
+		CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+	else
+		CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	torture_assert(tctx,!(time_mono(NULL) > t+2), talloc_asprintf(tctx,
+		       "lock cancel by tdis was not immediate (%s)\n", __location__));
+
+done:
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+/*
+  test NT_STATUS_LOCK_NOT_GRANTED vs. NT_STATUS_FILE_LOCK_CONFLICT
+*/
+static bool test_errorcode(struct torture_context *tctx, 
+						   struct smbcli_state *cli)
+{
+	union smb_lock io;
+	union smb_open op;
+	struct smb_lock_entry lock[2];
+	NTSTATUS status;
+	bool ret = true;
+	int fnum, fnum2;
+	const char *fname;
+	struct smbcli_request *req;
+	time_t start;
+	int t;
+	int delay;
+	uint16_t deny_mode = 0;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	torture_comment(tctx, "Testing LOCK_NOT_GRANTED vs. FILE_LOCK_CONFLICT\n");
+
+	torture_comment(tctx, "Testing with timeout = 0\n");
+	fname = BASEDIR "\\test0.txt";
+	t = 0;
+
+	/*
+	 * the first run is with t = 0,
+	 * the second with t > 0 (=1)
+	 */
+next_run:
+	/*
+	 * use the DENY_DOS mode, that creates two fnum's of one low-level
+	 * file handle, this demonstrates that the cache is per fnum, not
+	 * per file handle
+	 */
+	if (TARGET_SUPPORTS_OPENX_DENY_DOS(tctx))
+	    deny_mode = OPENX_MODE_DENY_DOS;
+	else
+	    deny_mode = OPENX_MODE_DENY_NONE;
+
+	op.openx.level = RAW_OPEN_OPENX;
+	op.openx.in.fname = fname;
+	op.openx.in.flags = OPENX_FLAGS_ADDITIONAL_INFO;
+	op.openx.in.open_mode = OPENX_MODE_ACCESS_RDWR | deny_mode;
+	op.openx.in.open_func = OPENX_OPEN_FUNC_OPEN | OPENX_OPEN_FUNC_CREATE;
+	op.openx.in.search_attrs = 0;
+	op.openx.in.file_attrs = 0;
+	op.openx.in.write_time = 0;
+	op.openx.in.size = 0;
+	op.openx.in.timeout = 0;
+
+	status = smb_raw_open(cli->tree, tctx, &op);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = op.openx.out.file.fnum;
+
+	status = smb_raw_open(cli->tree, tctx, &op);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum2 = op.openx.out.file.fnum;
+
+	io.lockx.level = RAW_LOCK_LOCKX;
+	io.lockx.in.file.fnum = fnum;
+	io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+	io.lockx.in.timeout = t;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	lock[0].pid = cli->session->pid;
+	lock[0].offset = 100;
+	lock[0].count = 10;
+	io.lockx.in.locks = &lock[0];
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * demonstrate that the first conflicting lock on each handle give LOCK_NOT_GRANTED
+	 * this also demonstrates that the error code cache is per file handle
+	 * (LOCK_NOT_GRANTED is only be used when timeout is 0!)
+	 */
+	io.lockx.in.file.fnum = fnum2;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, (t?NT_STATUS_FILE_LOCK_CONFLICT:NT_STATUS_LOCK_NOT_GRANTED));
+
+	io.lockx.in.file.fnum = fnum;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, (t?NT_STATUS_FILE_LOCK_CONFLICT:NT_STATUS_LOCK_NOT_GRANTED));
+
+	/* demonstrate that each following conflict gives FILE_LOCK_CONFLICT */
+	io.lockx.in.file.fnum = fnum;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	io.lockx.in.file.fnum = fnum2;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	io.lockx.in.file.fnum = fnum;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	io.lockx.in.file.fnum = fnum2;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	/* demonstrate that the smbpid doesn't matter */
+	lock[0].pid++;
+	io.lockx.in.file.fnum = fnum;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	io.lockx.in.file.fnum = fnum2;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+	lock[0].pid--;
+
+	/* 
+	 * demonstrate that a successful lock with count = 0 and the same offset,
+	 * doesn't reset the error cache
+	 */
+	lock[0].offset = 100;
+	lock[0].count = 0;
+	io.lockx.in.file.fnum = fnum;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	io.lockx.in.file.fnum = fnum2;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	lock[0].offset = 100;
+	lock[0].count = 10;
+	io.lockx.in.file.fnum = fnum;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	io.lockx.in.file.fnum = fnum2;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	/* 
+	 * demonstrate that a successful lock with count = 0 and outside the locked range,
+	 * doesn't reset the error cache
+	 */
+	lock[0].offset = 110;
+	lock[0].count = 0;
+	io.lockx.in.file.fnum = fnum;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	io.lockx.in.file.fnum = fnum2;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	lock[0].offset = 100;
+	lock[0].count = 10;
+	io.lockx.in.file.fnum = fnum;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	io.lockx.in.file.fnum = fnum2;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	lock[0].offset = 99;
+	lock[0].count = 0;
+	io.lockx.in.file.fnum = fnum;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	io.lockx.in.file.fnum = fnum2;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	lock[0].offset = 100;
+	lock[0].count = 10;
+	io.lockx.in.file.fnum = fnum;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	io.lockx.in.file.fnum = fnum2;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	/* demonstrate that a changing count doesn't reset the error cache */
+	lock[0].offset = 100;
+	lock[0].count = 5;
+	io.lockx.in.file.fnum = fnum;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	io.lockx.in.file.fnum = fnum2;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	lock[0].offset = 100;
+	lock[0].count = 15;
+	io.lockx.in.file.fnum = fnum;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	io.lockx.in.file.fnum = fnum2;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	/* 
+	 * demonstrate that a lock with count = 0 and inside the locked range,
+	 * fails and resets the error cache
+	 */
+	lock[0].offset = 101;
+	lock[0].count = 0;
+	io.lockx.in.file.fnum = fnum;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, (t?NT_STATUS_FILE_LOCK_CONFLICT:NT_STATUS_LOCK_NOT_GRANTED));
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	io.lockx.in.file.fnum = fnum2;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, (t?NT_STATUS_FILE_LOCK_CONFLICT:NT_STATUS_LOCK_NOT_GRANTED));
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	lock[0].offset = 100;
+	lock[0].count = 10;
+	io.lockx.in.file.fnum = fnum;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, (t?NT_STATUS_FILE_LOCK_CONFLICT:NT_STATUS_LOCK_NOT_GRANTED));
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	io.lockx.in.file.fnum = fnum2;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, (t?NT_STATUS_FILE_LOCK_CONFLICT:NT_STATUS_LOCK_NOT_GRANTED));
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	/* demonstrate that a changing offset resets the error cache */
+	lock[0].offset = 105;
+	lock[0].count = 10;
+	io.lockx.in.file.fnum = fnum;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, (t?NT_STATUS_FILE_LOCK_CONFLICT:NT_STATUS_LOCK_NOT_GRANTED));
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	io.lockx.in.file.fnum = fnum2;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, (t?NT_STATUS_FILE_LOCK_CONFLICT:NT_STATUS_LOCK_NOT_GRANTED));
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	lock[0].offset = 100;
+	lock[0].count = 10;
+	io.lockx.in.file.fnum = fnum;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, (t?NT_STATUS_FILE_LOCK_CONFLICT:NT_STATUS_LOCK_NOT_GRANTED));
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	io.lockx.in.file.fnum = fnum2;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, (t?NT_STATUS_FILE_LOCK_CONFLICT:NT_STATUS_LOCK_NOT_GRANTED));
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	lock[0].offset = 95;
+	lock[0].count = 9;
+	io.lockx.in.file.fnum = fnum;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, (t?NT_STATUS_FILE_LOCK_CONFLICT:NT_STATUS_LOCK_NOT_GRANTED));
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	io.lockx.in.file.fnum = fnum2;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, (t?NT_STATUS_FILE_LOCK_CONFLICT:NT_STATUS_LOCK_NOT_GRANTED));
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	lock[0].offset = 100;
+	lock[0].count = 10;
+	io.lockx.in.file.fnum = fnum;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, (t?NT_STATUS_FILE_LOCK_CONFLICT:NT_STATUS_LOCK_NOT_GRANTED));
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	io.lockx.in.file.fnum = fnum2;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, (t?NT_STATUS_FILE_LOCK_CONFLICT:NT_STATUS_LOCK_NOT_GRANTED));
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	/* 
+	 * demonstrate that a successful lock in a different range
+	 * doesn't reset the cache, the failing lock on the 2nd handle
+	 * resets the cache
+	 */
+	lock[0].offset = 120;
+	lock[0].count = 15;
+	io.lockx.in.file.fnum = fnum;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	io.lockx.in.file.fnum = fnum2;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, (t?NT_STATUS_FILE_LOCK_CONFLICT:NT_STATUS_LOCK_NOT_GRANTED));
+
+	lock[0].offset = 100;
+	lock[0].count = 10;
+	io.lockx.in.file.fnum = fnum;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	io.lockx.in.file.fnum = fnum2;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, (t?NT_STATUS_FILE_LOCK_CONFLICT:NT_STATUS_LOCK_NOT_GRANTED));
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	/* end of the loop */
+	if (t == 0) {
+		smb_raw_exit(cli->session);
+		t = 1;
+		torture_comment(tctx, "Testing with timeout > 0 (=%d)\n",
+				t);
+		fname = BASEDIR "\\test1.txt";
+		goto next_run;
+	}
+
+	t = 4000;
+	torture_comment(tctx, "Testing special cases with timeout > 0 (=%d)\n",
+			t);
+
+	/*
+	 * the following 3 test sections demonstrate that
+	 * the cache is only set when the error is reported
+	 * to the client (after the timeout went by)
+	 */
+	smb_raw_exit(cli->session);
+	torture_comment(tctx, "Testing a conflict while a lock is pending\n");
+	fname = BASEDIR "\\test2.txt";
+	fnum = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	torture_assert(tctx,(fnum != -1), talloc_asprintf(tctx,
+		       "Failed to reopen %s - %s\n",
+		       fname, smbcli_errstr(cli->tree)));
+
+	io.lockx.level = RAW_LOCK_LOCKX;
+	io.lockx.in.file.fnum = fnum;
+	io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+	io.lockx.in.timeout = 0;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	lock[0].pid = cli->session->pid;
+	lock[0].offset = 100;
+	lock[0].count = 10;
+	io.lockx.in.locks = &lock[0];
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	start = time_mono(NULL);
+	io.lockx.in.timeout = t;
+	req = smb_raw_lock_send(cli->tree, &io);
+	torture_assert(tctx,(req != NULL), talloc_asprintf(tctx,
+		       "Failed to setup timed lock (%s)\n", __location__));
+
+	io.lockx.in.timeout = 0;
+	lock[0].offset = 105;
+	lock[0].count = 10;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	status = smbcli_request_simple_recv(req);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	delay = t / 1000;
+	if (TARGET_IS_W2K8(tctx) || TARGET_IS_WIN7(tctx)) {
+		delay /= 2;
+	}
+
+	torture_assert(tctx,!(time_mono(NULL) < start+delay), talloc_asprintf(tctx,
+		       "lock comes back to early timeout[%d] delay[%d]"
+		       "(%s)\n", t, delay, __location__));
+
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	smbcli_close(cli->tree, fnum);
+	fname = BASEDIR "\\test3.txt";
+	fnum = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	torture_assert(tctx,(fnum != -1), talloc_asprintf(tctx,
+		       "Failed to reopen %s - %s\n",
+		       fname, smbcli_errstr(cli->tree)));
+
+	io.lockx.level = RAW_LOCK_LOCKX;
+	io.lockx.in.file.fnum = fnum;
+	io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+	io.lockx.in.timeout = 0;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	lock[0].pid = cli->session->pid;
+	lock[0].offset = 100;
+	lock[0].count = 10;
+	io.lockx.in.locks = &lock[0];
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	start = time_mono(NULL);
+	io.lockx.in.timeout = t;
+	req = smb_raw_lock_send(cli->tree, &io);
+	torture_assert(tctx,(req != NULL), talloc_asprintf(tctx,
+		       "Failed to setup timed lock (%s)\n", __location__));
+
+	io.lockx.in.timeout = 0;
+	lock[0].offset = 105;
+	lock[0].count = 10;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	status = smbcli_request_simple_recv(req);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	delay = t / 1000;
+	if (TARGET_IS_W2K8(tctx) || TARGET_IS_WIN7(tctx)) {
+		delay /= 2;
+	}
+
+	torture_assert(tctx,!(time_mono(NULL) < start+delay), talloc_asprintf(tctx,
+		       "lock comes back to early timeout[%d] delay[%d]"
+		       "(%s)\n", t, delay, __location__));
+
+	lock[0].offset = 100;
+	lock[0].count = 10;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	smbcli_close(cli->tree, fnum);
+	fname = BASEDIR "\\test4.txt";
+	fnum = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	torture_assert(tctx,(fnum != -1), talloc_asprintf(tctx,
+		       "Failed to reopen %s - %s\n",
+		       fname, smbcli_errstr(cli->tree)));
+
+	io.lockx.level = RAW_LOCK_LOCKX;
+	io.lockx.in.file.fnum = fnum;
+	io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+	io.lockx.in.timeout = 0;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	lock[0].pid = cli->session->pid;
+	lock[0].offset = 100;
+	lock[0].count = 10;
+	io.lockx.in.locks = &lock[0];
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	start = time_mono(NULL);
+	io.lockx.in.timeout = t;
+	req = smb_raw_lock_send(cli->tree, &io);
+	torture_assert(tctx,(req != NULL), talloc_asprintf(tctx,
+		       "Failed to setup timed lock (%s)\n", __location__));
+
+	io.lockx.in.timeout = 0;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	status = smbcli_request_simple_recv(req);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	delay = t / 1000;
+	if (TARGET_IS_W2K8(tctx) || TARGET_IS_WIN7(tctx)) {
+		delay /= 2;
+	}
+
+	torture_assert(tctx,!(time_mono(NULL) < start+delay), talloc_asprintf(tctx,
+		       "lock comes back to early timeout[%d] delay[%d]"
+		       "(%s)\n", t, delay, __location__));
+
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+done:
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+
+/*
+  test LOCKING_ANDX_CHANGE_LOCKTYPE
+*/
+static bool test_changetype(struct torture_context *tctx, 
+							struct smbcli_state *cli)
+{
+	union smb_lock io;
+	struct smb_lock_entry lock[2];
+	NTSTATUS status;
+	bool ret = true;
+	int fnum;
+	uint8_t c = 0;
+	const char *fname = BASEDIR "\\test.txt";
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	torture_comment(tctx, "Testing LOCKING_ANDX_CHANGE_LOCKTYPE\n");
+	io.generic.level = RAW_LOCK_LOCKX;
+	
+	fnum = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	torture_assert(tctx,(fnum != -1), talloc_asprintf(tctx,
+		       "Failed to create %s - %s\n",
+		       fname, smbcli_errstr(cli->tree)));
+
+	io.lockx.level = RAW_LOCK_LOCKX;
+	io.lockx.in.file.fnum = fnum;
+	io.lockx.in.mode = LOCKING_ANDX_SHARED_LOCK;
+	io.lockx.in.timeout = 0;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	lock[0].pid = cli->session->pid;
+	lock[0].offset = 100;
+	lock[0].count = 10;
+	io.lockx.in.locks = &lock[0];
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	if (smbcli_write(cli->tree, fnum, 0, &c, 100, 1) == 1) {
+		torture_result(tctx, TORTURE_FAIL,
+			"allowed write on read locked region (%s)\n", __location__);
+		ret = false;
+		goto done;
+	}
+
+	/* windows server don't seem to support this */
+	io.lockx.in.mode = LOCKING_ANDX_CHANGE_LOCKTYPE;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_DOS(ERRDOS, ERRnoatomiclocks));
+
+	if (smbcli_write(cli->tree, fnum, 0, &c, 100, 1) == 1) {
+		torture_result(tctx, TORTURE_FAIL,
+			"allowed write after lock change (%s)\n", __location__);
+		ret = false;
+		goto done;
+	}
+
+done:
+	smbcli_close(cli->tree, fnum);
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+struct double_lock_test {
+	struct smb_lock_entry lock1;
+	struct smb_lock_entry lock2;
+	NTSTATUS exp_status;
+};
+
+/**
+ * Tests zero byte locks.
+ */
+static struct double_lock_test zero_byte_tests[] = {
+	/* {pid, offset, count}, {pid, offset, count}, status */
+
+	/** First, takes a zero byte lock at offset 10. Then:
+	*   - Taking 0 byte lock at 10 should succeed.
+	*   - Taking 1 byte locks at 9,10,11 should succeed.
+	*   - Taking 2 byte lock at 9 should fail.
+	*   - Taking 2 byte lock at 10 should succeed.
+	*   - Taking 3 byte lock at 9 should fail.
+	*/
+	{{1000, 10, 0}, {1001, 10, 0}, NT_STATUS_OK},
+	{{1000, 10, 0}, {1001, 9, 1},  NT_STATUS_OK},
+	{{1000, 10, 0}, {1001, 10, 1}, NT_STATUS_OK},
+	{{1000, 10, 0}, {1001, 11, 1}, NT_STATUS_OK},
+	{{1000, 10, 0}, {1001, 9, 2},  NT_STATUS_LOCK_NOT_GRANTED},
+	{{1000, 10, 0}, {1001, 10, 2}, NT_STATUS_OK},
+	{{1000, 10, 0}, {1001, 9, 3},  NT_STATUS_LOCK_NOT_GRANTED},
+
+	/** Same, but opposite order. */
+	{{1001, 10, 0}, {1000, 10, 0}, NT_STATUS_OK},
+	{{1001, 9, 1},  {1000, 10, 0}, NT_STATUS_OK},
+	{{1001, 10, 1}, {1000, 10, 0}, NT_STATUS_OK},
+	{{1001, 11, 1}, {1000, 10, 0}, NT_STATUS_OK},
+	{{1001, 9, 2},  {1000, 10, 0}, NT_STATUS_LOCK_NOT_GRANTED},
+	{{1001, 10, 2}, {1000, 10, 0}, NT_STATUS_OK},
+	{{1001, 9, 3},  {1000, 10, 0}, NT_STATUS_LOCK_NOT_GRANTED},
+
+	/** Zero zero case. */
+	{{1000, 0, 0},  {1001, 0, 0},  NT_STATUS_OK},
+};
+
+static bool test_zerobytelocks(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	union smb_lock io;
+	NTSTATUS status;
+	bool ret = true;
+	int fnum, i;
+	const char *fname = BASEDIR "\\zero.txt";
+
+	torture_comment(tctx, "Testing zero length byte range locks:\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	io.generic.level = RAW_LOCK_LOCKX;
+
+	fnum = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	torture_assert(tctx,(fnum != -1), talloc_asprintf(tctx,
+		       "Failed to create %s - %s\n",
+		       fname, smbcli_errstr(cli->tree)));
+
+	/* Setup initial parameters */
+	io.lockx.level = RAW_LOCK_LOCKX;
+	io.lockx.in.file.fnum = fnum;
+	io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES; /* Exclusive */
+	io.lockx.in.timeout = 0;
+
+	/* Try every combination of locks in zero_byte_tests. The first lock is
+	 * assumed to succeed. The second lock may contend, depending on the
+	 * expected status. */
+	for (i = 0;
+	     i < ARRAY_SIZE(zero_byte_tests);
+	     i++) {
+		torture_comment(tctx, "  ... {%d, %llu, %llu} + {%d, %llu, %llu} = %s\n",
+		    zero_byte_tests[i].lock1.pid,
+		    (unsigned long long) zero_byte_tests[i].lock1.offset,
+		    (unsigned long long) zero_byte_tests[i].lock1.count,
+		    zero_byte_tests[i].lock2.pid,
+		    (unsigned long long) zero_byte_tests[i].lock2.offset,
+		    (unsigned long long) zero_byte_tests[i].lock2.count,
+		    nt_errstr(zero_byte_tests[i].exp_status));
+
+		/* Lock both locks. */
+		io.lockx.in.ulock_cnt = 0;
+		io.lockx.in.lock_cnt = 1;
+
+		io.lockx.in.locks = discard_const_p(struct smb_lock_entry,
+						    &zero_byte_tests[i].lock1);
+		status = smb_raw_lock(cli->tree, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		io.lockx.in.locks = discard_const_p(struct smb_lock_entry,
+						    &zero_byte_tests[i].lock2);
+		status = smb_raw_lock(cli->tree, &io);
+
+		if (NT_STATUS_EQUAL(zero_byte_tests[i].exp_status,
+			NT_STATUS_LOCK_NOT_GRANTED)) {
+			/* Allow either of the failure messages and keep going
+			 * if we see the wrong status. */
+			CHECK_STATUS_OR_CONT(status,
+			    NT_STATUS_LOCK_NOT_GRANTED,
+			    NT_STATUS_FILE_LOCK_CONFLICT);
+
+		} else {
+			CHECK_STATUS_CONT(status,
+			    zero_byte_tests[i].exp_status);
+		}
+
+		/* Unlock both locks. */
+		io.lockx.in.ulock_cnt = 1;
+		io.lockx.in.lock_cnt = 0;
+
+		if (NT_STATUS_EQUAL(status, NT_STATUS_OK)) {
+			status = smb_raw_lock(cli->tree, &io);
+			CHECK_STATUS(status, NT_STATUS_OK);
+		}
+
+		io.lockx.in.locks = discard_const_p(struct smb_lock_entry,
+						    &zero_byte_tests[i].lock1);
+		status = smb_raw_lock(cli->tree, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+	}
+
+done:
+	smbcli_close(cli->tree, fnum);
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+static bool test_unlock(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	union smb_lock io;
+	NTSTATUS status;
+	bool ret = true;
+	int fnum1, fnum2;
+	const char *fname = BASEDIR "\\unlock.txt";
+	struct smb_lock_entry lock1;
+	struct smb_lock_entry lock2;
+
+	torture_comment(tctx, "Testing LOCKX unlock:\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	fnum1 = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	torture_assert(tctx,(fnum1 != -1), talloc_asprintf(tctx,
+		       "Failed to create %s - %s\n",
+		       fname, smbcli_errstr(cli->tree)));
+
+	fnum2 = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	torture_assert(tctx,(fnum2 != -1), talloc_asprintf(tctx,
+		       "Failed to create %s - %s\n",
+		       fname, smbcli_errstr(cli->tree)));
+
+	/* Setup initial parameters */
+	io.lockx.level = RAW_LOCK_LOCKX;
+	io.lockx.in.timeout = 0;
+
+	lock1.pid = cli->session->pid;
+	lock1.offset = 0;
+	lock1.count = 10;
+	lock2.pid = cli->session->pid - 1;
+	lock2.offset = 0;
+	lock2.count = 10;
+
+	/**
+	 * Take exclusive lock, then unlock it with a shared-unlock call.
+	 */
+	torture_comment(tctx, "  taking exclusive lock.\n");
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	io.lockx.in.mode = 0;
+	io.lockx.in.file.fnum = fnum1;
+	io.lockx.in.locks = &lock1;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "  unlock the exclusive with a shared unlock call.\n");
+	io.lockx.in.ulock_cnt = 1;
+	io.lockx.in.lock_cnt = 0;
+	io.lockx.in.mode = LOCKING_ANDX_SHARED_LOCK;
+	io.lockx.in.file.fnum = fnum1;
+	io.lockx.in.locks = &lock1;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "  try shared lock on pid2/fnum2, testing the unlock.\n");
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	io.lockx.in.mode = LOCKING_ANDX_SHARED_LOCK;
+	io.lockx.in.file.fnum = fnum2;
+	io.lockx.in.locks = &lock2;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/**
+	 * Unlock a shared lock with an exclusive-unlock call.
+	 */
+	torture_comment(tctx, "  unlock new shared lock with exclusive unlock call.\n");
+	io.lockx.in.ulock_cnt = 1;
+	io.lockx.in.lock_cnt = 0;
+	io.lockx.in.mode = 0;
+	io.lockx.in.file.fnum = fnum2;
+	io.lockx.in.locks = &lock2;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "  try exclusive lock on pid1, testing the unlock.\n");
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	io.lockx.in.mode = 0;
+	io.lockx.in.file.fnum = fnum1;
+	io.lockx.in.locks = &lock1;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* cleanup */
+	io.lockx.in.ulock_cnt = 1;
+	io.lockx.in.lock_cnt = 0;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/**
+	 * Test unlocking of 0-byte locks.
+	 */
+
+	torture_comment(tctx, "  lock shared and exclusive 0-byte locks, testing that Windows "
+	    "always unlocks the exclusive first.\n");
+	lock1.pid = cli->session->pid;
+	lock1.offset = 10;
+	lock1.count = 0;
+	lock2.pid = cli->session->pid;
+	lock2.offset = 5;
+	lock2.count = 10;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	io.lockx.in.file.fnum = fnum1;
+	io.lockx.in.locks = &lock1;
+
+	/* lock 0-byte shared
+	 * Note: Order of the shared/exclusive locks doesn't matter. */
+	io.lockx.in.mode = LOCKING_ANDX_SHARED_LOCK;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* lock 0-byte exclusive */
+	io.lockx.in.mode = 0;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* test contention */
+	io.lockx.in.mode = LOCKING_ANDX_SHARED_LOCK;
+	io.lockx.in.locks = &lock2;
+	io.lockx.in.file.fnum = fnum2;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS_OR(status, NT_STATUS_LOCK_NOT_GRANTED,
+	    NT_STATUS_FILE_LOCK_CONFLICT);
+
+	/* unlock */
+	io.lockx.in.ulock_cnt = 1;
+	io.lockx.in.lock_cnt = 0;
+	io.lockx.in.file.fnum = fnum1;
+	io.lockx.in.locks = &lock1;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* test - can we take a shared lock? */
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	io.lockx.in.mode = LOCKING_ANDX_SHARED_LOCK;
+	io.lockx.in.file.fnum = fnum2;
+	io.lockx.in.locks = &lock2;
+	status = smb_raw_lock(cli->tree, &io);
+
+	/* XXX Samba 3 will fail this test. This is temporary(because this isn't
+	 * new to Win7, it succeeds in WinXP too), until I can come to a
+	 * resolution as to whether Samba should support this or not. There is
+	 * code to preference unlocking exclusive locks before shared locks,
+	 * but its wrapped with "#ifdef ZERO_ZERO". -zkirsch */
+	if (TARGET_IS_SAMBA3(tctx)) {
+		CHECK_STATUS_OR(status, NT_STATUS_LOCK_NOT_GRANTED,
+		    NT_STATUS_FILE_LOCK_CONFLICT);
+	} else {
+		CHECK_STATUS(status, NT_STATUS_OK);
+	}
+
+	/* cleanup */
+	io.lockx.in.ulock_cnt = 1;
+	io.lockx.in.lock_cnt = 0;
+	status = smb_raw_lock(cli->tree, &io);
+
+	/* XXX Same as above. */
+	if (TARGET_IS_SAMBA3(tctx)) {
+		CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+	} else {
+		CHECK_STATUS(status, NT_STATUS_OK);
+	}
+
+	io.lockx.in.file.fnum = fnum1;
+	io.lockx.in.locks = &lock1;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+done:
+	smbcli_close(cli->tree, fnum1);
+	smbcli_close(cli->tree, fnum2);
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+static bool test_multiple_unlock(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	union smb_lock io;
+	NTSTATUS status;
+	bool ret = true;
+	int fnum1;
+	const char *fname = BASEDIR "\\unlock_multiple.txt";
+	struct smb_lock_entry lock1;
+	struct smb_lock_entry lock2;
+	struct smb_lock_entry locks[2];
+
+	torture_comment(tctx, "Testing LOCKX multiple unlock:\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	fnum1 = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	torture_assert(tctx,(fnum1 != -1), talloc_asprintf(tctx,
+		       "Failed to create %s - %s\n",
+		       fname, smbcli_errstr(cli->tree)));
+
+	/* Setup initial parameters */
+	io.lockx.level = RAW_LOCK_LOCKX;
+	io.lockx.in.timeout = 0;
+
+	lock1.pid = cli->session->pid;
+	lock1.offset = 0;
+	lock1.count = 10;
+	lock2.pid = cli->session->pid;
+	lock2.offset = 10;
+	lock2.count = 10;
+
+	locks[0] = lock1;
+	locks[1] = lock2;
+
+	io.lockx.in.file.fnum = fnum1;
+	io.lockx.in.mode = 0; /* exclusive */
+
+	/** Test1: Take second lock, but not first. */
+	torture_comment(tctx, "  unlock 2 locks, first one not locked. Expect no locks "
+	    "unlocked. \n");
+
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	io.lockx.in.locks = &lock2;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Try to unlock both locks. */
+	io.lockx.in.ulock_cnt = 2;
+	io.lockx.in.lock_cnt = 0;
+	io.lockx.in.locks = locks;
+
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+	/* Second lock should not be unlocked. */
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	io.lockx.in.locks = &lock2;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	/* cleanup */
+	io.lockx.in.ulock_cnt = 1;
+	io.lockx.in.lock_cnt = 0;
+	io.lockx.in.locks = &lock2;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/** Test2: Take first lock, but not second. */
+	torture_comment(tctx, "  unlock 2 locks, second one not locked. Expect first lock "
+	    "unlocked.\n");
+
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	io.lockx.in.locks = &lock1;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Try to unlock both locks. */
+	io.lockx.in.ulock_cnt = 2;
+	io.lockx.in.lock_cnt = 0;
+	io.lockx.in.locks = locks;
+
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+	/* First lock should be unlocked. */
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	io.lockx.in.locks = &lock1;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* cleanup */
+	io.lockx.in.ulock_cnt = 1;
+	io.lockx.in.lock_cnt = 0;
+	io.lockx.in.locks = &lock1;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Test3: Request 2 locks, second will contend.  What happens to the
+	 * first? */
+	torture_comment(tctx, "  request 2 locks, second one will contend. "
+	   "Expect both to fail.\n");
+
+	/* Lock the second range */
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	io.lockx.in.locks = &lock2;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Request both locks */
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 2;
+	io.lockx.in.locks = locks;
+
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	/* First lock should be unlocked. */
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	io.lockx.in.locks = &lock1;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* cleanup */
+	io.lockx.in.ulock_cnt = 2;
+	io.lockx.in.lock_cnt = 0;
+	io.lockx.in.locks = locks;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Test4: Request unlock and lock. The lock contends, is the unlock
+	 * then re-locked? */
+	torture_comment(tctx, "  request unlock and lock, second one will "
+	   "contend. Expect the unlock to succeed.\n");
+
+	/* Lock both ranges */
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 2;
+	io.lockx.in.locks = locks;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Attempt to unlock the first range and lock the second */
+	io.lockx.in.ulock_cnt = 1;
+	io.lockx.in.lock_cnt = 1;
+	io.lockx.in.locks = locks;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	/* The first lock should've been unlocked */
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	io.lockx.in.locks = &lock1;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* cleanup */
+	io.lockx.in.ulock_cnt = 2;
+	io.lockx.in.lock_cnt = 0;
+	io.lockx.in.locks = locks;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+done:
+	smbcli_close(cli->tree, fnum1);
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+/**
+ * torture_locktest5 covers stacking pretty well, but its missing two tests:
+ * - stacking an exclusive on top of shared fails
+ * - stacking two exclusives fail
+ */
+static bool test_stacking(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	union smb_lock io;
+	NTSTATUS status;
+	bool ret = true;
+	int fnum1;
+	const char *fname = BASEDIR "\\stacking.txt";
+	struct smb_lock_entry lock1;
+
+	torture_comment(tctx, "Testing stacking:\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	io.generic.level = RAW_LOCK_LOCKX;
+
+	fnum1 = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	torture_assert(tctx,(fnum1 != -1), talloc_asprintf(tctx,
+		       "Failed to create %s - %s\n",
+		       fname, smbcli_errstr(cli->tree)));
+
+	/* Setup initial parameters */
+	io.lockx.level = RAW_LOCK_LOCKX;
+	io.lockx.in.timeout = 0;
+
+	lock1.pid = cli->session->pid;
+	lock1.offset = 0;
+	lock1.count = 10;
+
+	/**
+	 * Try to take a shared lock, then stack an exclusive.
+	 */
+	torture_comment(tctx, "  stacking an exclusive on top of a shared lock fails.\n");
+	io.lockx.in.file.fnum = fnum1;
+	io.lockx.in.locks = &lock1;
+
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	io.lockx.in.mode = LOCKING_ANDX_SHARED_LOCK;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	io.lockx.in.mode = 0;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS_OR(status, NT_STATUS_LOCK_NOT_GRANTED,
+	    NT_STATUS_FILE_LOCK_CONFLICT);
+
+	/* cleanup */
+	io.lockx.in.ulock_cnt = 1;
+	io.lockx.in.lock_cnt = 0;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/**
+	 * Prove that two exclusive locks do not stack.
+	 */
+	torture_comment(tctx, "  two exclusive locks do not stack.\n");
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	io.lockx.in.mode = 0;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS_OR(status, NT_STATUS_LOCK_NOT_GRANTED,
+	    NT_STATUS_FILE_LOCK_CONFLICT);
+
+	/* cleanup */
+	io.lockx.in.ulock_cnt = 1;
+	io.lockx.in.lock_cnt = 0;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+done:
+	smbcli_close(cli->tree, fnum1);
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+/**
+ * Test how 0-byte read requests contend with byte range locks
+ */
+static bool test_zerobyteread(struct torture_context *tctx,
+			      struct smbcli_state *cli)
+{
+	union smb_lock io;
+	union smb_read rd;
+	NTSTATUS status;
+	bool ret = true;
+	int fnum1, fnum2;
+	const char *fname = BASEDIR "\\zerobyteread.txt";
+	struct smb_lock_entry lock1;
+	uint8_t c = 1;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	io.generic.level = RAW_LOCK_LOCKX;
+
+	fnum1 = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	torture_assert(tctx,(fnum1 != -1), talloc_asprintf(tctx,
+		       "Failed to create %s - %s\n",
+		       fname, smbcli_errstr(cli->tree)));
+
+	fnum2 = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	torture_assert(tctx,(fnum2 != -1), talloc_asprintf(tctx,
+		       "Failed to create %s - %s\n",
+		       fname, smbcli_errstr(cli->tree)));
+
+	/* Setup initial parameters */
+	io.lockx.level = RAW_LOCK_LOCKX;
+	io.lockx.in.timeout = 0;
+
+	lock1.pid = cli->session->pid;
+	lock1.offset = 0;
+	lock1.count = 10;
+
+	ZERO_STRUCT(rd);
+	rd.readx.level = RAW_READ_READX;
+
+	torture_comment(tctx, "Testing zero byte read on lock range:\n");
+
+	/* Take an exclusive lock */
+	torture_comment(tctx, "  taking exclusive lock.\n");
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	io.lockx.in.mode = LOCKING_ANDX_EXCLUSIVE_LOCK;
+	io.lockx.in.file.fnum = fnum1;
+	io.lockx.in.locks = &lock1;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Try a zero byte read */
+	torture_comment(tctx, "  reading 0 bytes.\n");
+	rd.readx.in.file.fnum = fnum2;
+	rd.readx.in.offset    = 5;
+	rd.readx.in.mincnt    = 0;
+	rd.readx.in.maxcnt    = 0;
+	rd.readx.in.remaining = 0;
+	rd.readx.in.read_for_execute = false;
+	rd.readx.out.data     = &c;
+	status = smb_raw_read(cli->tree, &rd);
+	torture_assert_int_equal_goto(tctx, rd.readx.out.nread, 0, ret, done,
+				      "zero byte read did not return 0 bytes");
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Unlock lock */
+	io.lockx.in.ulock_cnt = 1;
+	io.lockx.in.lock_cnt = 0;
+	io.lockx.in.mode = LOCKING_ANDX_EXCLUSIVE_LOCK;
+	io.lockx.in.file.fnum = fnum1;
+	io.lockx.in.locks = &lock1;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "Testing zero byte read on zero byte lock "
+			      "range:\n");
+
+	/* Take an exclusive lock */
+	torture_comment(tctx, "  taking exclusive 0-byte lock.\n");
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	io.lockx.in.mode = LOCKING_ANDX_EXCLUSIVE_LOCK;
+	io.lockx.in.file.fnum = fnum1;
+	io.lockx.in.locks = &lock1;
+	lock1.offset = 5;
+	lock1.count = 0;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Try a zero byte read before the lock */
+	torture_comment(tctx, "  reading 0 bytes before the lock.\n");
+	rd.readx.in.file.fnum = fnum2;
+	rd.readx.in.offset    = 4;
+	rd.readx.in.mincnt    = 0;
+	rd.readx.in.maxcnt    = 0;
+	rd.readx.in.remaining = 0;
+	rd.readx.in.read_for_execute = false;
+	rd.readx.out.data     = &c;
+	status = smb_raw_read(cli->tree, &rd);
+	torture_assert_int_equal_goto(tctx, rd.readx.out.nread, 0, ret, done,
+				      "zero byte read did not return 0 bytes");
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Try a zero byte read on the lock */
+	torture_comment(tctx, "  reading 0 bytes on the lock.\n");
+	rd.readx.in.file.fnum = fnum2;
+	rd.readx.in.offset    = 5;
+	rd.readx.in.mincnt    = 0;
+	rd.readx.in.maxcnt    = 0;
+	rd.readx.in.remaining = 0;
+	rd.readx.in.read_for_execute = false;
+	rd.readx.out.data     = &c;
+	status = smb_raw_read(cli->tree, &rd);
+	torture_assert_int_equal_goto(tctx, rd.readx.out.nread, 0, ret, done,
+				      "zero byte read did not return 0 bytes");
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Try a zero byte read after the lock */
+	torture_comment(tctx, "  reading 0 bytes after the lock.\n");
+	rd.readx.in.file.fnum = fnum2;
+	rd.readx.in.offset    = 6;
+	rd.readx.in.mincnt    = 0;
+	rd.readx.in.maxcnt    = 0;
+	rd.readx.in.remaining = 0;
+	rd.readx.in.read_for_execute = false;
+	rd.readx.out.data     = &c;
+	status = smb_raw_read(cli->tree, &rd);
+	torture_assert_int_equal_goto(tctx, rd.readx.out.nread, 0, ret, done,
+				      "zero byte read did not return 0 bytes");
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Unlock lock */
+	io.lockx.in.ulock_cnt = 1;
+	io.lockx.in.lock_cnt = 0;
+	io.lockx.in.mode = LOCKING_ANDX_EXCLUSIVE_LOCK;
+	io.lockx.in.file.fnum = fnum1;
+	io.lockx.in.locks = &lock1;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+done:
+	smbcli_close(cli->tree, fnum1);
+	smbcli_close(cli->tree, fnum2);
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+/*
+  test multi Locking&X operation
+*/
+static bool test_multilock(struct torture_context *tctx,
+					   struct smbcli_state *cli)
+{
+	union smb_lock io;
+	struct smb_lock_entry lock[2];
+	NTSTATUS status;
+	bool ret = true;
+	int fnum;
+	const char *fname = BASEDIR "\\multilock_test.txt";
+	time_t t;
+	struct smbcli_request *req;
+	struct smbcli_session_options options;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	lpcfg_smbcli_session_options(tctx->lp_ctx, &options);
+
+	torture_comment(tctx, "Testing LOCKING_ANDX multi-lock\n");
+	io.generic.level = RAW_LOCK_LOCKX;
+
+	/* Create the test file. */
+	fnum = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	torture_assert(tctx,(fnum != -1), talloc_asprintf(tctx,
+		       "Failed to create %s - %s\n",
+		       fname, smbcli_errstr(cli->tree)));
+
+	/*
+	 * Lock regions 100->109, 120->129 as
+	 * two separate write locks in one request.
+	 */
+	io.lockx.level = RAW_LOCK_LOCKX;
+	io.lockx.in.file.fnum = fnum;
+	io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+	io.lockx.in.timeout = 0;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 2;
+	io.lockx.in.mode = LOCKING_ANDX_EXCLUSIVE_LOCK;
+	lock[0].pid = cli->session->pid;
+	lock[0].offset = 100;
+	lock[0].count = 10;
+	lock[1].pid = cli->session->pid;
+	lock[1].offset = 120;
+	lock[1].count = 10;
+	io.lockx.in.locks = &lock[0];
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * Now request the same locks on a different
+	 * context as blocking locks with infinite timeout.
+	 */
+
+	io.lockx.in.timeout = 20000;
+	lock[0].pid = cli->session->pid+1;
+	lock[1].pid = cli->session->pid+1;
+	req = smb_raw_lock_send(cli->tree, &io);
+	torture_assert(tctx,(req != NULL), talloc_asprintf(tctx,
+		       "Failed to setup timed locks (%s)\n", __location__));
+
+	/* Unlock lock[0] */
+	io.lockx.in.timeout = 0;
+	io.lockx.in.ulock_cnt = 1;
+	io.lockx.in.lock_cnt = 0;
+	io.lockx.in.locks = &lock[0];
+	lock[0].pid = cli->session->pid;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Start the clock. */
+	t = time_mono(NULL);
+
+	/* Unlock lock[1] */
+	io.lockx.in.timeout = 0;
+	io.lockx.in.ulock_cnt = 1;
+	io.lockx.in.lock_cnt = 0;
+	io.lockx.in.locks = &lock[1];
+	lock[1].pid = cli->session->pid;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* receive the successful blocked lock requests */
+	status = smbcli_request_simple_recv(req);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Fail if this took more than 2 seconds. */
+	torture_assert(tctx,!(time_mono(NULL) > t+2), talloc_asprintf(tctx,
+		       "Blocking locks were not granted immediately (%s)\n",
+		       __location__));
+done:
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+/*
+  test multi2 Locking&X operation
+  This test is designed to show that
+  lock precedence on the server is based
+  on the order received, not on the ability
+  to grant. For example:
+
+  A blocked lock request containing 2 locks
+  will be satisfied before a subsequent blocked
+  lock request over one of the same regions,
+  even if that region is then unlocked. E.g.
+
+  (a) lock 100->109, 120->129 (granted)
+  (b) lock 100->109, 120-129 (blocks)
+  (c) lock 100->109          (blocks)
+  (d) unlock 100->109
+
+  lock (c) will not be granted as lock (b)
+  will take precedence.
+*/
+static bool test_multilock2(struct torture_context *tctx,
+					   struct smbcli_state *cli)
+{
+	union smb_lock io;
+	struct smb_lock_entry lock[2];
+	NTSTATUS status;
+	bool ret = true;
+	int fnum;
+	const char *fname = BASEDIR "\\multilock2_test.txt";
+	time_t t;
+	struct smbcli_request *req;
+	struct smbcli_request *req2;
+	struct smbcli_session_options options;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	lpcfg_smbcli_session_options(tctx->lp_ctx, &options);
+
+	torture_comment(tctx, "Testing LOCKING_ANDX multi-lock 2\n");
+	io.generic.level = RAW_LOCK_LOCKX;
+
+	/* Create the test file. */
+	fnum = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	torture_assert(tctx,(fnum != -1), talloc_asprintf(tctx,
+		       "Failed to create %s - %s\n",
+		       fname, smbcli_errstr(cli->tree)));
+
+	/*
+	 * Lock regions 100->109, 120->129 as
+	 * two separate write locks in one request.
+	 */
+	io.lockx.level = RAW_LOCK_LOCKX;
+	io.lockx.in.file.fnum = fnum;
+	io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+	io.lockx.in.timeout = 0;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 2;
+	io.lockx.in.mode = LOCKING_ANDX_EXCLUSIVE_LOCK;
+	lock[0].pid = cli->session->pid;
+	lock[0].offset = 100;
+	lock[0].count = 10;
+	lock[1].pid = cli->session->pid;
+	lock[1].offset = 120;
+	lock[1].count = 10;
+	io.lockx.in.locks = &lock[0];
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * Now request the same locks on a different
+	 * context as blocking locks.
+	 */
+
+	io.lockx.in.timeout = 20000;
+	lock[0].pid = cli->session->pid+1;
+	lock[1].pid = cli->session->pid+1;
+	req = smb_raw_lock_send(cli->tree, &io);
+	torture_assert(tctx,(req != NULL), talloc_asprintf(tctx,
+		       "Failed to setup timed locks (%s)\n", __location__));
+
+	/*
+	 * Request the first lock again on a separate context.
+	 * Wait 2 seconds. This should time out (the previous
+	 * multi-lock request should take precedence).
+	 */
+
+	io.lockx.in.timeout = 2000;
+	lock[0].pid = cli->session->pid+2;
+	io.lockx.in.lock_cnt = 1;
+	req2 = smb_raw_lock_send(cli->tree, &io);
+	torture_assert(tctx,(req2 != NULL), talloc_asprintf(tctx,
+		       "Failed to setup timed locks (%s)\n", __location__));
+
+	/* Unlock lock[0] */
+	io.lockx.in.timeout = 0;
+	io.lockx.in.ulock_cnt = 1;
+	io.lockx.in.lock_cnt = 0;
+	io.lockx.in.locks = &lock[0];
+	lock[0].pid = cli->session->pid;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Did the second lock complete (should time out) ? */
+	status = smbcli_request_simple_recv(req2);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	torture_assert(tctx, req->state <= SMBCLI_REQUEST_RECV,
+		       "req should still wait");
+
+	/* Start the clock. */
+	t = time_mono(NULL);
+
+	/* Unlock lock[1] */
+	io.lockx.in.timeout = 0;
+	io.lockx.in.ulock_cnt = 1;
+	io.lockx.in.lock_cnt = 0;
+	io.lockx.in.locks = &lock[1];
+	lock[1].pid = cli->session->pid;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* receive the successful blocked lock requests */
+	status = smbcli_request_simple_recv(req);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Fail if this took more than 2 seconds. */
+	torture_assert(tctx,!(time_mono(NULL) > t+2), talloc_asprintf(tctx,
+		       "Blocking locks were not granted immediately (%s)\n",
+		       __location__));
+done:
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+/*
+  test multi3 Locking&X operation
+  This test is designed to show that
+  lock precedence on the server is based
+  on the order received, not on the ability
+  to grant.
+
+  Compared to test_multilock2() (above)
+  this test demonstrates that completely
+  unrelated ranges work independently.
+
+  For example:
+
+  A blocked lock request containing 2 locks
+  will be satisfied before a subsequent blocked
+  lock request over one of the same regions,
+  even if that region is then unlocked. But
+  a lock of a different region goes through. E.g.
+
+  All locks are LOCKING_ANDX_EXCLUSIVE_LOCK (rw).
+
+  (a) lock 100->109, 120->129 (granted)
+  (b) lock 100->109, 120->129 (blocks, timeout=20s)
+  (c) lock 100->109           (blocks, timeout=2s)
+  (d) lock 110->119           (granted)
+  (e) lock 110->119           (blocks, timeout=20s)
+  (f) unlock 100->109 (a)
+  (g) lock 100->109           (not granted, blocked by (b))
+  (h) lock 100->109           (not granted, blocked by itself (b))
+  (i) lock (c) will not be granted(conflict, times out)
+      as lock (b) will take precedence.
+  (j) unlock 110-119 (d)
+  (k) lock (e) completes and is not blocked by (a) nor (b)
+  (l) lock 100->109           (not granted(conflict), blocked by (b))
+  (m) lock 100->109           (not granted(conflict), blocked by itself (b))
+  (n) unlock 120-129 (a)
+  (o) lock (b) completes
+*/
+static bool test_multilock3(struct torture_context *tctx,
+			    struct smbcli_state *cli)
+{
+	union smb_lock io;
+	struct smb_lock_entry lock[2];
+	union smb_lock io3;
+	struct smb_lock_entry lock3[1];
+	NTSTATUS status;
+	bool ret = true;
+	int fnum;
+	const char *fname = BASEDIR "\\multilock3_test.txt";
+	time_t t;
+	struct smbcli_request *req = NULL;
+	struct smbcli_request *req2 = NULL;
+	struct smbcli_request *req4 = NULL;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR),
+		       "Failed to setup up test directory: " BASEDIR);
+
+	torture_comment(tctx, "Testing LOCKING_ANDX multi-lock 3\n");
+	io.generic.level = RAW_LOCK_LOCKX;
+
+	/* Create the test file. */
+	fnum = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	torture_assert(tctx,(fnum != -1), talloc_asprintf(tctx,
+		       "Failed to create %s - %s\n",
+		       fname, smbcli_errstr(cli->tree)));
+
+	/*
+	 * a)
+	 * Lock regions 100->109, 120->129 as
+	 * two separate write locks in one request.
+	 */
+	io.lockx.level = RAW_LOCK_LOCKX;
+	io.lockx.in.file.fnum = fnum;
+	io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+	io.lockx.in.timeout = 0;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 2;
+	io.lockx.in.mode = LOCKING_ANDX_EXCLUSIVE_LOCK;
+	lock[0].pid = cli->session->pid;
+	lock[0].offset = 100;
+	lock[0].count = 10;
+	lock[1].pid = cli->session->pid;
+	lock[1].offset = 120;
+	lock[1].count = 10;
+	io.lockx.in.locks = &lock[0];
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * b)
+	 * Now request the same locks on a different
+	 * context as blocking locks.
+	 */
+	io.lockx.in.timeout = 20000;
+	lock[0].pid = cli->session->pid+1;
+	lock[1].pid = cli->session->pid+1;
+	req = smb_raw_lock_send(cli->tree, &io);
+	torture_assert(tctx,(req != NULL), talloc_asprintf(tctx,
+		       "Failed to setup timed locks (%s)\n", __location__));
+
+	/*
+	 * c)
+	 * Request the first lock again on a separate context.
+	 * Wait 2 seconds. This should time out (the previous
+	 * multi-lock request should take precedence).
+	 */
+	io.lockx.in.timeout = 2000;
+	lock[0].pid = cli->session->pid+2;
+	io.lockx.in.lock_cnt = 1;
+	req2 = smb_raw_lock_send(cli->tree, &io);
+	torture_assert(tctx,(req2 != NULL), talloc_asprintf(tctx,
+		       "Failed to setup timed locks (%s)\n", __location__));
+
+	/*
+	 * d)
+	 * Lock regions 110->119
+	 */
+	io3.lockx.level = RAW_LOCK_LOCKX;
+	io3.lockx.in.file.fnum = fnum;
+	io3.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+	io3.lockx.in.timeout = 0;
+	io3.lockx.in.ulock_cnt = 0;
+	io3.lockx.in.lock_cnt = 1;
+	io3.lockx.in.mode = LOCKING_ANDX_EXCLUSIVE_LOCK;
+	lock3[0].pid = cli->session->pid+3;
+	lock3[0].offset = 110;
+	lock3[0].count = 10;
+	io3.lockx.in.locks = &lock3[0];
+	status = smb_raw_lock(cli->tree, &io3);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * e)
+	 * try 110-119 again
+	 */
+	io3.lockx.in.timeout = 20000;
+	lock3[0].pid = cli->session->pid+4;
+	req4 = smb_raw_lock_send(cli->tree, &io3);
+	torture_assert(tctx,(req4 != NULL), talloc_asprintf(tctx,
+		       "Failed to setup timed locks (%s)\n", __location__));
+
+	/*
+	 * f)
+	 * Unlock (a) lock[0] 100-109
+	 */
+	io.lockx.in.timeout = 0;
+	io.lockx.in.ulock_cnt = 1;
+	io.lockx.in.lock_cnt = 0;
+	io.lockx.in.locks = &lock[0];
+	lock[0].pid = cli->session->pid;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * g)
+	 * try to lock lock[0] 100-109 again
+	 */
+	lock[0].pid = cli->session->pid+5;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	/*
+	 * h)
+	 * try to lock lock[0] 100-109 again with
+	 * the pid that's still waiting
+	 */
+	lock[0].pid = cli->session->pid+1;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	torture_assert(tctx, req2->state <= SMBCLI_REQUEST_RECV,
+		       "req2 should still wait");
+
+	/*
+	 * i)
+	 * Did the second lock complete (should time out) ?
+	 */
+	status = smbcli_request_simple_recv(req2);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	torture_assert(tctx, req->state <= SMBCLI_REQUEST_RECV,
+		       "req should still wait");
+	torture_assert(tctx, req4->state <= SMBCLI_REQUEST_RECV,
+		       "req4 should still wait");
+
+	/*
+	 * j)
+	 * Unlock (d) lock[0] 110-119
+	 */
+	io3.lockx.in.timeout = 0;
+	io3.lockx.in.ulock_cnt = 1;
+	io3.lockx.in.lock_cnt = 0;
+	lock3[0].pid = cli->session->pid+3;
+	status = smb_raw_lock(cli->tree, &io3);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * k)
+	 * receive the successful blocked lock request (e)
+	 * on 110-119 while the 100-109/120-129 is still waiting.
+	 */
+	status = smbcli_request_simple_recv(req4);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * l)
+	 * try to lock lock[0] 100-109 again
+	 */
+	lock[0].pid = cli->session->pid+6;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	torture_assert(tctx, req->state <= SMBCLI_REQUEST_RECV,
+		       "req should still wait");
+
+	/*
+	 * m)
+	 * try to lock lock[0] 100-109 again with
+	 * the pid that's still waiting
+	 */
+	lock[0].pid = cli->session->pid+1;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	torture_assert(tctx, req->state <= SMBCLI_REQUEST_RECV,
+		       "req should still wait");
+
+	/* Start the clock. */
+	t = time_mono(NULL);
+
+	/*
+	 * n)
+	 * Unlock lock[1] 120-129 */
+	io.lockx.in.timeout = 0;
+	io.lockx.in.ulock_cnt = 1;
+	io.lockx.in.lock_cnt = 0;
+	io.lockx.in.locks = &lock[1];
+	lock[1].pid = cli->session->pid;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * o)
+	 * receive the successful blocked lock request (b)
+	 */
+	status = smbcli_request_simple_recv(req);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Fail if this took more than 2 seconds. */
+	torture_assert(tctx,!(time_mono(NULL) > t+2), talloc_asprintf(tctx,
+		       "Blocking locks were not granted immediately (%s)\n",
+		       __location__));
+done:
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+/*
+  test multi4 Locking&X operation
+  This test is designed to show that
+  lock precedence on the server is based
+  on the order received, not on the ability
+  to grant.
+
+  Compared to test_multilock3() (above)
+  this test demonstrates that pending read-only/shared
+  locks doesn't block shared locks others.
+
+  The outstanding requests build an implicit
+  database that's checked before checking
+  the already granted locks in the real database.
+
+  For example:
+
+  A blocked read-lock request containing 2 locks
+  will be still be blocked, while one region
+  is still write-locked. While it doesn't block
+  other read-lock requests for the other region. E.g.
+
+  (a) lock(rw) 100->109, 120->129 (granted)
+  (b) lock(ro) 100->109, 120->129 (blocks, timeout=20s)
+  (c) lock(ro) 100->109           (blocks, timeout=MAX)
+  (d) lock(rw) 110->119           (granted)
+  (e) lock(rw) 110->119           (blocks, timeout=20s)
+  (f) unlock 100->109 (a)
+  (g) lock(ro) (c) completes and is not blocked by (a) nor (b)
+  (h) lock(rw) 100->109           (not granted, blocked by (c))
+  (i) lock(rw) 100->109 (pid (b)) (not granted(conflict), blocked by (c))
+  (j) unlock 110-119
+  (k) lock (e) completes and is not blocked by (a) nor (b)
+  (l) lock 100->109               (not granted(conflict), blocked by (b))
+  (m) lock 100->109 (pid (b))     (not granted(conflict), blocked by itself (b))
+  (n) unlock 120-129 (a)
+  (o) lock (b) completes
+*/
+static bool test_multilock4(struct torture_context *tctx,
+			    struct smbcli_state *cli)
+{
+	union smb_lock io;
+	struct smb_lock_entry lock[2];
+	union smb_lock io3;
+	struct smb_lock_entry lock3[1];
+	NTSTATUS status;
+	bool ret = true;
+	int fnum;
+	const char *fname = BASEDIR "\\multilock4_test.txt";
+	time_t t;
+	struct smbcli_request *req = NULL;
+	struct smbcli_request *req2 = NULL;
+	struct smbcli_request *req4 = NULL;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR),
+		       "Failed to setup up test directory: " BASEDIR);
+
+	torture_comment(tctx, "Testing LOCKING_ANDX multi-lock 4\n");
+	io.generic.level = RAW_LOCK_LOCKX;
+
+	/* Create the test file. */
+	fnum = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	torture_assert(tctx,(fnum != -1), talloc_asprintf(tctx,
+		       "Failed to create %s - %s\n",
+		       fname, smbcli_errstr(cli->tree)));
+
+	/*
+	 * a)
+	 * Lock regions 100->109, 120->129 as
+	 * two separate write locks in one request.
+	 */
+	io.lockx.level = RAW_LOCK_LOCKX;
+	io.lockx.in.file.fnum = fnum;
+	io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+	io.lockx.in.timeout = 0;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 2;
+	io.lockx.in.mode = LOCKING_ANDX_EXCLUSIVE_LOCK;
+	lock[0].pid = cli->session->pid;
+	lock[0].offset = 100;
+	lock[0].count = 10;
+	lock[1].pid = cli->session->pid;
+	lock[1].offset = 120;
+	lock[1].count = 10;
+	io.lockx.in.locks = &lock[0];
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * b)
+	 * Now request the same locks on a different
+	 * context as blocking locks. But readonly.
+	 */
+	io.lockx.in.timeout = 20000;
+	io.lockx.in.mode = LOCKING_ANDX_SHARED_LOCK;
+	lock[0].pid = cli->session->pid+1;
+	lock[1].pid = cli->session->pid+1;
+	req = smb_raw_lock_send(cli->tree, &io);
+	torture_assert(tctx,(req != NULL), talloc_asprintf(tctx,
+		       "Failed to setup timed locks (%s)\n", __location__));
+
+	/*
+	 * c)
+	 * Request the first lock again on a separate context.
+	 * Wait forever. The previous multi-lock request (b)
+	 * should take precedence. Also readonly.
+	 */
+	io.lockx.in.timeout = UINT32_MAX;
+	lock[0].pid = cli->session->pid+2;
+	io.lockx.in.lock_cnt = 1;
+	req2 = smb_raw_lock_send(cli->tree, &io);
+	torture_assert(tctx,(req2 != NULL), talloc_asprintf(tctx,
+		       "Failed to setup timed locks (%s)\n", __location__));
+
+	/*
+	 * d)
+	 * Lock regions 110->119
+	 */
+	io3.lockx.level = RAW_LOCK_LOCKX;
+	io3.lockx.in.file.fnum = fnum;
+	io3.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+	io3.lockx.in.timeout = 0;
+	io3.lockx.in.ulock_cnt = 0;
+	io3.lockx.in.lock_cnt = 1;
+	io3.lockx.in.mode = LOCKING_ANDX_EXCLUSIVE_LOCK;
+	lock3[0].pid = cli->session->pid+3;
+	lock3[0].offset = 110;
+	lock3[0].count = 10;
+	io3.lockx.in.locks = &lock3[0];
+	status = smb_raw_lock(cli->tree, &io3);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * e)
+	 * try 110-119 again
+	 */
+	io3.lockx.in.timeout = 20000;
+	lock3[0].pid = cli->session->pid+4;
+	req4 = smb_raw_lock_send(cli->tree, &io3);
+	torture_assert(tctx,(req4 != NULL), talloc_asprintf(tctx,
+		       "Failed to setup timed locks (%s)\n", __location__));
+
+	/*
+	 * f)
+	 * Unlock (a) lock[0] 100-109
+	 */
+	io.lockx.in.mode = LOCKING_ANDX_EXCLUSIVE_LOCK;
+	io.lockx.in.timeout = 0;
+	io.lockx.in.ulock_cnt = 1;
+	io.lockx.in.lock_cnt = 0;
+	io.lockx.in.locks = &lock[0];
+	lock[0].pid = cli->session->pid;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * g)
+	 * receive the successful blocked lock request (c)
+	 * on 110-119 while (b) 100-109/120-129 is still waiting.
+	 */
+	status = smbcli_request_simple_recv(req2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * h)
+	 * try to lock lock[0] 100-109 again
+	 * (read/write)
+	 */
+	lock[0].pid = cli->session->pid+5;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	/*
+	 * i)
+	 * try to lock lock[0] 100-109 again with the pid (b)
+	 * that's still waiting.
+	 */
+	lock[0].pid = cli->session->pid+1;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	torture_assert(tctx, req->state <= SMBCLI_REQUEST_RECV,
+		       "req should still wait");
+	torture_assert(tctx, req4->state <= SMBCLI_REQUEST_RECV,
+		       "req4 should still wait");
+
+	/*
+	 * j)
+	 * Unlock (d) lock[0] 110-119
+	 */
+	io3.lockx.in.timeout = 0;
+	io3.lockx.in.ulock_cnt = 1;
+	io3.lockx.in.lock_cnt = 0;
+	lock3[0].pid = cli->session->pid+3;
+	status = smb_raw_lock(cli->tree, &io3);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * k)
+	 * receive the successful blocked
+	 * lock request (e) on 110-119.
+	 */
+	status = smbcli_request_simple_recv(req4);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * l)
+	 * try to lock lock[0] 100-109 again
+	 */
+	lock[0].pid = cli->session->pid+6;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	/*
+	 * m)
+	 * try to lock lock[0] 100-109 again with the pid (b)
+	 * that's still waiting
+	 */
+	lock[0].pid = cli->session->pid+1;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	torture_assert(tctx, req->state <= SMBCLI_REQUEST_RECV,
+		       "req should still wait");
+
+	/* Start the clock. */
+	t = time_mono(NULL);
+
+	/*
+	 * n)
+	 * Unlock (a) lock[1] 120-129
+	 */
+	io.lockx.in.timeout = 0;
+	io.lockx.in.ulock_cnt = 1;
+	io.lockx.in.lock_cnt = 0;
+	io.lockx.in.locks = &lock[1];
+	lock[1].pid = cli->session->pid;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * o)
+	 * receive the successful blocked lock request (b)
+	 */
+	status = smbcli_request_simple_recv(req);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Fail if this took more than 2 seconds. */
+	torture_assert(tctx,!(time_mono(NULL) > t+2), talloc_asprintf(tctx,
+		       "Blocking locks were not granted immediately (%s)\n",
+		       __location__));
+done:
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+/*
+  test multi5 Locking&X operation
+  This test is designed to show that
+  lock precedence on the server is based
+  on the order received, not on the ability
+  to grant.
+
+  Compared to test_multilock3() (above)
+  this test demonstrates that the initial
+  lock request that block the following
+  exclusive locks can be a shared lock.
+
+  For example:
+
+  All locks except (a) are LOCKING_ANDX_EXCLUSIVE_LOCK (rw).
+
+  (a) lock(ro) 100->109, 120->129 (granted)
+  (b) lock 100->109, 120->129 (blocks, timeout=20s)
+  (c) lock 100->109           (blocks, timeout=2s)
+  (d) lock 110->119           (granted)
+  (e) lock 110->119           (blocks, timeout=20s)
+  (f) unlock 100->109 (a)
+  (g) lock 100->109           (not granted, blocked by (b))
+  (h) lock 100->109           (not granted, blocked by itself (b))
+  (i) lock (c) will not be granted(conflict, times out)
+      as lock (b) will take precedence.
+  (j) unlock 110-119 (d)
+  (k) lock (e) completes and is not blocked by (a) nor (b)
+  (l) lock 100->109           (not granted(conflict), blocked by (b))
+  (m) lock 100->109           (not granted(conflict), blocked by itself (b))
+  (n) unlock 120-129 (a)
+  (o) lock (b) completes
+*/
+static bool test_multilock5(struct torture_context *tctx,
+			    struct smbcli_state *cli)
+{
+	union smb_lock io;
+	struct smb_lock_entry lock[2];
+	union smb_lock io3;
+	struct smb_lock_entry lock3[1];
+	NTSTATUS status;
+	bool ret = true;
+	int fnum;
+	const char *fname = BASEDIR "\\multilock5_test.txt";
+	time_t t;
+	struct smbcli_request *req = NULL;
+	struct smbcli_request *req2 = NULL;
+	struct smbcli_request *req4 = NULL;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR),
+		       "Failed to setup up test directory: " BASEDIR);
+
+	torture_comment(tctx, "Testing LOCKING_ANDX multi-lock 5\n");
+	io.generic.level = RAW_LOCK_LOCKX;
+
+	/* Create the test file. */
+	fnum = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	torture_assert(tctx,(fnum != -1), talloc_asprintf(tctx,
+		       "Failed to create %s - %s\n",
+		       fname, smbcli_errstr(cli->tree)));
+
+	/*
+	 * a)
+	 * Lock regions 100->109, 120->129 as
+	 * two separate write locks in one request.
+	 * (read only)
+	 */
+	io.lockx.level = RAW_LOCK_LOCKX;
+	io.lockx.in.file.fnum = fnum;
+	io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+	io.lockx.in.timeout = 0;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 2;
+	io.lockx.in.mode = LOCKING_ANDX_SHARED_LOCK;
+	lock[0].pid = cli->session->pid;
+	lock[0].offset = 100;
+	lock[0].count = 10;
+	lock[1].pid = cli->session->pid;
+	lock[1].offset = 120;
+	lock[1].count = 10;
+	io.lockx.in.locks = &lock[0];
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * b)
+	 * Now request the same locks on a different
+	 * context as blocking locks.
+	 * (read write)
+	 */
+	io.lockx.in.timeout = 20000;
+	io.lockx.in.mode = LOCKING_ANDX_EXCLUSIVE_LOCK;
+	lock[0].pid = cli->session->pid+1;
+	lock[1].pid = cli->session->pid+1;
+	req = smb_raw_lock_send(cli->tree, &io);
+	torture_assert(tctx,(req != NULL), talloc_asprintf(tctx,
+		       "Failed to setup timed locks (%s)\n", __location__));
+
+	/*
+	 * c)
+	 * Request the first lock again on a separate context.
+	 * Wait 2 seconds. This should time out (the previous
+	 * multi-lock request should take precedence).
+	 * (read write)
+	 */
+	io.lockx.in.timeout = 2000;
+	lock[0].pid = cli->session->pid+2;
+	io.lockx.in.lock_cnt = 1;
+	req2 = smb_raw_lock_send(cli->tree, &io);
+	torture_assert(tctx,(req2 != NULL), talloc_asprintf(tctx,
+		       "Failed to setup timed locks (%s)\n", __location__));
+
+	/*
+	 * d)
+	 * Lock regions 110->119
+	 */
+	io3.lockx.level = RAW_LOCK_LOCKX;
+	io3.lockx.in.file.fnum = fnum;
+	io3.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+	io3.lockx.in.timeout = 0;
+	io3.lockx.in.ulock_cnt = 0;
+	io3.lockx.in.lock_cnt = 1;
+	io3.lockx.in.mode = LOCKING_ANDX_EXCLUSIVE_LOCK;
+	lock3[0].pid = cli->session->pid+3;
+	lock3[0].offset = 110;
+	lock3[0].count = 10;
+	io3.lockx.in.locks = &lock3[0];
+	status = smb_raw_lock(cli->tree, &io3);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * e)
+	 * try 110-119 again
+	 */
+	io3.lockx.in.timeout = 20000;
+	lock3[0].pid = cli->session->pid+4;
+	req4 = smb_raw_lock_send(cli->tree, &io3);
+	torture_assert(tctx,(req4 != NULL), talloc_asprintf(tctx,
+		       "Failed to setup timed locks (%s)\n", __location__));
+
+	/*
+	 * f)
+	 * Unlock (a) lock[0] 100-109
+	 *
+	 * Note we send LOCKING_ANDX_EXCLUSIVE_LOCK
+	 * while the lock used LOCKING_ANDX_SHARED_LOCK
+	 * to check if that also works.
+	 */
+	io.lockx.in.timeout = 0;
+	io.lockx.in.ulock_cnt = 1;
+	io.lockx.in.lock_cnt = 0;
+	io.lockx.in.locks = &lock[0];
+	lock[0].pid = cli->session->pid;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * g)
+	 * try to lock lock[0] 100-109 again
+	 */
+	lock[0].pid = cli->session->pid+5;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	/*
+	 * h)
+	 * try to lock lock[0] 100-109 again with the pid (b)
+	 * that's still waiting.
+	 * (read write)
+	 */
+	lock[0].pid = cli->session->pid+1;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	torture_assert(tctx, req2->state <= SMBCLI_REQUEST_RECV,
+		       "req2 should still wait");
+
+	/*
+	 * i)
+	 * Did the second lock complete (should time out) ?
+	 */
+	status = smbcli_request_simple_recv(req2);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	torture_assert(tctx, req->state <= SMBCLI_REQUEST_RECV,
+		       "req should still wait");
+	torture_assert(tctx, req4->state <= SMBCLI_REQUEST_RECV,
+		       "req4 should still wait");
+
+	/*
+	 * j)
+	 * Unlock (d) lock[0] 110-119
+	 */
+	io3.lockx.in.timeout = 0;
+	io3.lockx.in.ulock_cnt = 1;
+	io3.lockx.in.lock_cnt = 0;
+	lock3[0].pid = cli->session->pid+3;
+	status = smb_raw_lock(cli->tree, &io3);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * k)
+	 * receive the successful blocked lock requests
+	 * on 110-119 while the 100-109/120-129 is still waiting.
+	 */
+	status = smbcli_request_simple_recv(req4);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * l)
+	 * try to lock lock[0] 100-109 again
+	 */
+	lock[0].pid = cli->session->pid+6;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	/*
+	 * m)
+	 * try to lock lock[0] 100-109 again with the pid (b)
+	 * that's still waiting
+	 */
+	lock[0].pid = cli->session->pid+1;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	torture_assert(tctx, req->state <= SMBCLI_REQUEST_RECV,
+		       "req should still wait");
+
+	/* Start the clock. */
+	t = time_mono(NULL);
+
+	/*
+	 * n)
+	 * Unlock (a) lock[1] 120-129
+	 */
+	io.lockx.in.timeout = 0;
+	io.lockx.in.ulock_cnt = 1;
+	io.lockx.in.lock_cnt = 0;
+	io.lockx.in.locks = &lock[1];
+	lock[1].pid = cli->session->pid;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * o)
+	 * receive the successful blocked lock request (b)
+	 */
+	status = smbcli_request_simple_recv(req);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Fail if this took more than 2 seconds. */
+	torture_assert(tctx,!(time_mono(NULL) > t+2), talloc_asprintf(tctx,
+		       "Blocking locks were not granted immediately (%s)\n",
+		       __location__));
+done:
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+/*
+  test multi6 Locking&X operation
+  This test is designed to show that
+  lock precedence on the server is based
+  on the order received, not on the ability
+  to grant.
+
+  Compared to test_multilock4() (above)
+  this test demonstrates the behavior if
+  only just the first blocking lock
+  being a shared lock.
+
+  For example:
+
+  All locks except (b) are LOCKING_ANDX_EXCLUSIVE_LOCK (rw).
+
+  (a) lock 100->109, 120->129 (granted)
+  (b) lock(ro) 100->109, 120->129 (blocks, timeout=20s)
+  (c) lock 100->109           (blocks, timeout=2s)
+  (d) lock 110->119           (granted)
+  (e) lock 110->119           (blocks, timeout=20s)
+  (f) unlock 100->109 (a)
+  (g) lock 100->109           (not granted, blocked by (b))
+  (h) lock 100->109           (not granted, blocked by itself (b))
+  (i) lock (c) will not be granted(conflict, times out)
+      as lock (b) will take precedence.
+  (j) unlock 110-119 (d)
+  (k) lock (e) completes and is not blocked by (a) nor (b)
+  (l) lock 100->109           (not granted(conflict), blocked by (b))
+  (m) lock 100->109           (not granted(conflict), blocked by itself (b))
+  (n) unlock 120-129 (a)
+  (o) lock (b) completes
+*/
+static bool test_multilock6(struct torture_context *tctx,
+			    struct smbcli_state *cli)
+{
+	union smb_lock io;
+	struct smb_lock_entry lock[2];
+	union smb_lock io3;
+	struct smb_lock_entry lock3[1];
+	NTSTATUS status;
+	bool ret = true;
+	int fnum;
+	const char *fname = BASEDIR "\\multilock6_test.txt";
+	time_t t;
+	struct smbcli_request *req = NULL;
+	struct smbcli_request *req2 = NULL;
+	struct smbcli_request *req4 = NULL;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR),
+		       "Failed to setup up test directory: " BASEDIR);
+
+	torture_comment(tctx, "Testing LOCKING_ANDX multi-lock 6\n");
+	io.generic.level = RAW_LOCK_LOCKX;
+
+	/* Create the test file. */
+	fnum = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	torture_assert(tctx,(fnum != -1), talloc_asprintf(tctx,
+		       "Failed to create %s - %s\n",
+		       fname, smbcli_errstr(cli->tree)));
+
+	/*
+	 * a)
+	 * Lock regions 100->109, 120->129 as
+	 * two separate write locks in one request.
+	 */
+	io.lockx.level = RAW_LOCK_LOCKX;
+	io.lockx.in.file.fnum = fnum;
+	io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+	io.lockx.in.timeout = 0;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 2;
+	io.lockx.in.mode = LOCKING_ANDX_EXCLUSIVE_LOCK;
+	lock[0].pid = cli->session->pid;
+	lock[0].offset = 100;
+	lock[0].count = 10;
+	lock[1].pid = cli->session->pid;
+	lock[1].offset = 120;
+	lock[1].count = 10;
+	io.lockx.in.locks = &lock[0];
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * b)
+	 * Now request the same locks on a different
+	 * context as blocking locks.
+	 * (read only)
+	 */
+	io.lockx.in.timeout = 20000;
+	io.lockx.in.mode = LOCKING_ANDX_SHARED_LOCK;
+	lock[0].pid = cli->session->pid+1;
+	lock[1].pid = cli->session->pid+1;
+	req = smb_raw_lock_send(cli->tree, &io);
+	torture_assert(tctx,(req != NULL), talloc_asprintf(tctx,
+		       "Failed to setup timed locks (%s)\n", __location__));
+
+	/*
+	 * c)
+	 * Request the first lock again on a separate context.
+	 * Wait 2 seconds. This should time out (the previous
+	 * multi-lock request should take precedence).
+	 */
+	io.lockx.in.timeout = 2000;
+	io.lockx.in.mode = LOCKING_ANDX_EXCLUSIVE_LOCK;
+	lock[0].pid = cli->session->pid+2;
+	io.lockx.in.lock_cnt = 1;
+	req2 = smb_raw_lock_send(cli->tree, &io);
+	torture_assert(tctx,(req2 != NULL), talloc_asprintf(tctx,
+		       "Failed to setup timed locks (%s)\n", __location__));
+
+	/*
+	 * d)
+	 * Lock regions 110->119
+	 */
+	io3.lockx.level = RAW_LOCK_LOCKX;
+	io3.lockx.in.file.fnum = fnum;
+	io3.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+	io3.lockx.in.timeout = 0;
+	io3.lockx.in.ulock_cnt = 0;
+	io3.lockx.in.lock_cnt = 1;
+	io3.lockx.in.mode = LOCKING_ANDX_EXCLUSIVE_LOCK;
+	lock3[0].pid = cli->session->pid+3;
+	lock3[0].offset = 110;
+	lock3[0].count = 10;
+	io3.lockx.in.locks = &lock3[0];
+	status = smb_raw_lock(cli->tree, &io3);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * e)
+	 * try 110-119 again
+	 */
+	io3.lockx.in.timeout = 20000;
+	lock3[0].pid = cli->session->pid+4;
+	req4 = smb_raw_lock_send(cli->tree, &io3);
+	torture_assert(tctx,(req4 != NULL), talloc_asprintf(tctx,
+		       "Failed to setup timed locks (%s)\n", __location__));
+
+	/*
+	 * f)
+	 * Unlock (a) lock[0] 100-109
+	 */
+	io.lockx.in.timeout = 0;
+	io.lockx.in.ulock_cnt = 1;
+	io.lockx.in.lock_cnt = 0;
+	io.lockx.in.locks = &lock[0];
+	lock[0].pid = cli->session->pid;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * g)
+	 * try to lock lock[0] 100-109 again
+	 */
+	lock[0].pid = cli->session->pid+5;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	/*
+	 * h)
+	 * try to lock lock[0] 100-109 again with the pid (b)
+	 * that's still waiting
+	 */
+	lock[0].pid = cli->session->pid+1;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	torture_assert(tctx, req2->state <= SMBCLI_REQUEST_RECV,
+		       "req2 should still wait");
+
+	/*
+	 * i)
+	 * Did the second lock (c) complete (should time out) ?
+	 */
+	status = smbcli_request_simple_recv(req2);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	torture_assert(tctx, req->state <= SMBCLI_REQUEST_RECV,
+		       "req should still wait");
+	torture_assert(tctx, req4->state <= SMBCLI_REQUEST_RECV,
+		       "req4 should still wait");
+
+	/*
+	 * j)
+	 * Unlock (d) lock[0] 110-119
+	 */
+	io3.lockx.in.timeout = 0;
+	io3.lockx.in.ulock_cnt = 1;
+	io3.lockx.in.lock_cnt = 0;
+	lock3[0].pid = cli->session->pid+3;
+	status = smb_raw_lock(cli->tree, &io3);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * k)
+	 * receive the successful blocked lock request (e)
+	 * on 110-119 while (b) 100-109/120-129 is still waiting.
+	 */
+	status = smbcli_request_simple_recv(req4);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * l)
+	 * try to lock lock[0] 100-109 again
+	 */
+	lock[0].pid = cli->session->pid+6;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	/*
+	 * m)
+	 * try to lock lock[0] 100-109 again with the pid (b)
+	 * that's still waiting
+	 */
+	lock[0].pid = cli->session->pid+1;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	torture_assert(tctx, req->state <= SMBCLI_REQUEST_RECV,
+		       "req should still wait");
+
+	/* Start the clock. */
+	t = time_mono(NULL);
+
+	/*
+	 * n)
+	 * Unlock (a) lock[1] 120-129
+	 */
+	io.lockx.in.timeout = 0;
+	io.lockx.in.ulock_cnt = 1;
+	io.lockx.in.lock_cnt = 0;
+	io.lockx.in.locks = &lock[1];
+	lock[1].pid = cli->session->pid;
+	status = smb_raw_lock(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * o)
+	 * receive the successful blocked lock request (b)
+	 */
+	status = smbcli_request_simple_recv(req);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Fail if this took more than 2 seconds. */
+	torture_assert(tctx,!(time_mono(NULL) > t+2), talloc_asprintf(tctx,
+		       "Blocking locks were not granted immediately (%s)\n",
+		       __location__));
+done:
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+/*
+   basic testing of lock calls
+*/
+struct torture_suite *torture_raw_lock(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "lock");
+
+	torture_suite_add_1smb_test(suite, "lockx", test_lockx);
+	torture_suite_add_1smb_test(suite, "lock", test_lock);
+	torture_suite_add_1smb_test(suite, "pidhigh", test_pidhigh);
+	torture_suite_add_1smb_test(suite, "async", test_async);
+	torture_suite_add_1smb_test(suite, "errorcode", test_errorcode);
+	torture_suite_add_1smb_test(suite, "changetype", test_changetype);
+
+	torture_suite_add_1smb_test(suite, "stacking", test_stacking);
+	torture_suite_add_1smb_test(suite, "unlock", test_unlock);
+	torture_suite_add_1smb_test(suite, "multiple_unlock",
+	    test_multiple_unlock);
+	torture_suite_add_1smb_test(suite, "zerobytelocks", test_zerobytelocks);
+	torture_suite_add_1smb_test(suite, "zerobyteread", test_zerobyteread);
+	torture_suite_add_1smb_test(suite, "multilock", test_multilock);
+	torture_suite_add_1smb_test(suite, "multilock2", test_multilock2);
+	torture_suite_add_1smb_test(suite, "multilock3", test_multilock3);
+	torture_suite_add_1smb_test(suite, "multilock4", test_multilock4);
+	torture_suite_add_1smb_test(suite, "multilock5", test_multilock5);
+	torture_suite_add_1smb_test(suite, "multilock6", test_multilock6);
+
+	return suite;
+}
diff --git a/source4/torture/raw/lockbench.c b/source4/torture/raw/lockbench.c
new file mode 100644
index 0000000..f122976
--- /dev/null
+++ b/source4/torture/raw/lockbench.c
@@ -0,0 +1,447 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   locking benchmark
+
+   Copyright (C) Andrew Tridgell 2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "system/time.h"
+#include "system/filesys.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "lib/events/events.h"
+#include "lib/cmdline/cmdline.h"
+#include "libcli/composite/composite.h"
+#include "libcli/smb_composite/smb_composite.h"
+#include "libcli/resolve/resolve.h"
+#include "param/param.h"
+#include "torture/raw/proto.h"
+#include "libcli/smb/smbXcli_base.h"
+#include "../lib/util/util_net.h"
+
+#define BASEDIR "\\benchlock"
+#define FNAME BASEDIR "\\lock.dat"
+
+static int nprocs;
+static int lock_failed;
+static int num_connected;
+
+enum lock_stage {LOCK_INITIAL, LOCK_LOCK, LOCK_UNLOCK};
+
+struct benchlock_state {
+	struct torture_context *tctx;
+	struct tevent_context *ev;
+	struct smbcli_tree *tree;
+	TALLOC_CTX *mem_ctx;
+	int client_num;
+	int fnum;
+	enum lock_stage stage;
+	int lock_offset;
+	int unlock_offset;
+	int count;
+	int lastcount;
+	struct smbcli_request *req;
+	struct smb_composite_connect reconnect;
+	struct tevent_timer *te;
+
+	/* these are used for reconnections */
+	const char **dest_ports;
+	const char *dest_host;
+	const char *called_name;
+	const char *service_type;
+};
+
+static void lock_completion(struct smbcli_request *);
+
+/*
+  send the next lock request
+*/
+static void lock_send(struct benchlock_state *state)
+{
+	union smb_lock io;
+	struct smb_lock_entry lock;
+
+	switch (state->stage) {
+	case LOCK_INITIAL:
+		io.lockx.in.ulock_cnt = 0;
+		io.lockx.in.lock_cnt = 1;
+		state->lock_offset = 0;
+		state->unlock_offset = 0;
+		lock.offset = state->lock_offset;
+		break;
+	case LOCK_LOCK:
+		io.lockx.in.ulock_cnt = 0;
+		io.lockx.in.lock_cnt = 1;
+		state->lock_offset = (state->lock_offset+1)%(nprocs+1);
+		lock.offset = state->lock_offset;
+		break;
+	case LOCK_UNLOCK:
+		io.lockx.in.ulock_cnt = 1;
+		io.lockx.in.lock_cnt = 0;
+		lock.offset = state->unlock_offset;
+		state->unlock_offset = (state->unlock_offset+1)%(nprocs+1);
+		break;
+	}
+
+	lock.count = 1;
+	lock.pid = state->tree->session->pid;
+
+	io.lockx.level = RAW_LOCK_LOCKX;
+	io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+	io.lockx.in.timeout = 100000;
+	io.lockx.in.locks = &lock;
+	io.lockx.in.file.fnum = state->fnum;
+
+	state->req = smb_raw_lock_send(state->tree, &io);
+	if (state->req == NULL) {
+		DEBUG(0,("Failed to setup lock\n"));
+		lock_failed++;
+	}
+	state->req->async.private_data = state;
+	state->req->async.fn      = lock_completion;
+}
+
+static void reopen_connection(struct tevent_context *ev, struct tevent_timer *te, 
+			      struct timeval t, void *private_data);
+
+
+static void reopen_file(struct tevent_context *ev, struct tevent_timer *te, 
+				      struct timeval t, void *private_data)
+{
+	struct benchlock_state *state = (struct benchlock_state *)private_data;
+
+	/* reestablish our open file */
+	state->fnum = smbcli_open(state->tree, FNAME, O_RDWR|O_CREAT, DENY_NONE);
+	if (state->fnum == -1) {
+		printf("Failed to open %s on connection %d\n", FNAME, state->client_num);
+		exit(1);
+	}
+
+	num_connected++;
+
+	DEBUG(0,("reconnect to %s finished (%u connected)\n", state->dest_host,
+		 num_connected));
+
+	state->stage = LOCK_INITIAL;
+	lock_send(state);
+}
+
+/*
+  complete an async reconnect
+ */
+static void reopen_connection_complete(struct composite_context *ctx)
+{
+	struct benchlock_state *state = (struct benchlock_state *)ctx->async.private_data;
+	NTSTATUS status;
+	struct smb_composite_connect *io = &state->reconnect;
+
+	status = smb_composite_connect_recv(ctx, state->mem_ctx);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(state->te);
+		state->te = tevent_add_timer(state->ev, state->mem_ctx,
+					    timeval_current_ofs(1,0), 
+					    reopen_connection, state);
+		return;
+	}
+
+	talloc_free(state->tree);
+	state->tree = io->out.tree;
+
+	/* do the reopen as a separate event */
+	tevent_add_timer(state->ev, state->mem_ctx, timeval_zero(), reopen_file, state);
+}
+
+	
+
+/*
+  reopen a connection
+ */
+static void reopen_connection(struct tevent_context *ev, struct tevent_timer *te, 
+			      struct timeval t, void *private_data)
+{
+	struct benchlock_state *state = (struct benchlock_state *)private_data;
+	struct composite_context *ctx;
+	struct smb_composite_connect *io = &state->reconnect;
+	char *host, *share;
+
+	state->te = NULL;
+
+	if (!torture_get_conn_index(state->client_num, state->mem_ctx, state->tctx, &host, &share)) {
+		DEBUG(0,("Can't find host/share for reconnect?!\n"));
+		exit(1);
+	}
+
+	io->in.dest_host    = state->dest_host;
+	io->in.dest_ports   = state->dest_ports;
+	io->in.gensec_settings = lpcfg_gensec_settings(state->mem_ctx, state->tctx->lp_ctx);
+	io->in.socket_options = lpcfg_socket_options(state->tctx->lp_ctx);
+	io->in.called_name  = state->called_name;
+	io->in.service      = share;
+	io->in.service_type = state->service_type;
+	io->in.credentials  = samba_cmdline_get_creds();
+	io->in.fallback_to_anonymous = false;
+	io->in.workgroup    = lpcfg_workgroup(state->tctx->lp_ctx);
+	lpcfg_smbcli_options(state->tctx->lp_ctx, &io->in.options);
+	lpcfg_smbcli_session_options(state->tctx->lp_ctx, &io->in.session_options);
+
+	/* kill off the remnants of the old connection */
+	talloc_free(state->tree);
+	state->tree = NULL;
+
+	ctx = smb_composite_connect_send(io, state->mem_ctx, 
+					 lpcfg_resolve_context(state->tctx->lp_ctx),
+					 state->ev);
+	if (ctx == NULL) {
+		DEBUG(0,("Failed to setup async reconnect\n"));
+		exit(1);
+	}
+
+	ctx->async.fn = reopen_connection_complete;
+	ctx->async.private_data = state;
+}
+
+
+/*
+  called when a lock completes
+*/
+static void lock_completion(struct smbcli_request *req)
+{
+	struct benchlock_state *state = (struct benchlock_state *)req->async.private_data;
+	NTSTATUS status = smbcli_request_simple_recv(req);
+	state->req = NULL;
+	if (!NT_STATUS_IS_OK(status)) {
+		if (NT_STATUS_EQUAL(status, NT_STATUS_END_OF_FILE) ||
+		    NT_STATUS_EQUAL(status, NT_STATUS_LOCAL_DISCONNECT) ||
+		    NT_STATUS_EQUAL(status, NT_STATUS_CONNECTION_RESET)) {
+			talloc_free(state->tree);
+			state->tree = NULL;
+			num_connected--;	
+			DEBUG(0,("reopening connection to %s\n", state->dest_host));
+			talloc_free(state->te);
+			state->te = tevent_add_timer(state->ev, state->mem_ctx,
+						    timeval_current_ofs(1,0), 
+						    reopen_connection, state);
+		} else {
+			DEBUG(0,("Lock failed - %s\n", nt_errstr(status)));
+			lock_failed++;
+		}
+		return;
+	}
+
+	switch (state->stage) {
+	case LOCK_INITIAL:
+		state->stage = LOCK_LOCK;
+		break;
+	case LOCK_LOCK:
+		state->stage = LOCK_UNLOCK;
+		break;
+	case LOCK_UNLOCK:
+		state->stage = LOCK_LOCK;
+		break;
+	}
+
+	state->count++;
+	lock_send(state);
+}
+
+
+static void echo_completion(struct smbcli_request *req)
+{
+	struct benchlock_state *state = (struct benchlock_state *)req->async.private_data;
+	NTSTATUS status = smbcli_request_simple_recv(req);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_END_OF_FILE) ||
+	    NT_STATUS_EQUAL(status, NT_STATUS_LOCAL_DISCONNECT) ||
+	    NT_STATUS_EQUAL(status, NT_STATUS_CONNECTION_RESET)) {
+		talloc_free(state->tree);
+		state->tree = NULL;
+		num_connected--;	
+		DEBUG(0,("reopening connection to %s\n", state->dest_host));
+		talloc_free(state->te);
+		state->te = tevent_add_timer(state->ev, state->mem_ctx,
+					    timeval_current_ofs(1,0), 
+					    reopen_connection, state);
+	}
+}
+
+static void report_rate(struct tevent_context *ev, struct tevent_timer *te, 
+			struct timeval t, void *private_data)
+{
+	struct benchlock_state *state = talloc_get_type(private_data, 
+							struct benchlock_state);
+	int i;
+	for (i=0;i<nprocs;i++) {
+		printf("%5u ", (unsigned)(state[i].count - state[i].lastcount));
+		state[i].lastcount = state[i].count;
+	}
+	printf("\r");
+	fflush(stdout);
+	tevent_add_timer(ev, state, timeval_current_ofs(1, 0), report_rate, state);
+
+	/* send an echo on each interface to ensure it stays alive - this helps
+	   with IP takeover */
+	for (i=0;i<nprocs;i++) {
+		struct smb_echo p;
+		struct smbcli_request *req;
+
+		if (!state[i].tree) {
+			continue;
+		}
+
+		p.in.repeat_count = 1;
+		p.in.size = 0;
+		p.in.data = NULL;
+		req = smb_raw_echo_send(state[i].tree->session->transport, &p);
+		req->async.private_data = &state[i];
+		req->async.fn      = echo_completion;
+	}
+}
+
+/* 
+   benchmark locking calls
+*/
+bool torture_bench_lock(struct torture_context *torture)
+{
+	bool ret = true;
+	TALLOC_CTX *mem_ctx = talloc_new(torture);
+	int i, j;
+	int timelimit = torture_setting_int(torture, "timelimit", 10);
+	struct timeval tv;
+	struct benchlock_state *state;
+	int total = 0, minops=0;
+	struct smbcli_state *cli;
+	bool progress;
+	off_t offset;
+	int initial_locks = torture_setting_int(torture, "initial_locks", 0);
+
+	progress = torture_setting_bool(torture, "progress", true);
+
+	nprocs = torture_setting_int(torture, "nprocs", 4);
+
+	state = talloc_zero_array(mem_ctx, struct benchlock_state, nprocs);
+
+	printf("Opening %d connections\n", nprocs);
+	for (i=0;i<nprocs;i++) {
+		const struct sockaddr_storage *dest_ss;
+		char addrstr[INET6_ADDRSTRLEN];
+		const char *dest_str;
+		uint16_t dest_port;
+
+		state[i].tctx = torture;
+		state[i].mem_ctx = talloc_new(state);
+		state[i].client_num = i;
+		state[i].ev = torture->ev;
+		if (!torture_open_connection_ev(&cli, i, torture, torture->ev)) {
+			return false;
+		}
+		talloc_steal(state[i].mem_ctx, cli);
+		state[i].tree = cli->tree;
+
+		dest_ss = smbXcli_conn_remote_sockaddr(
+				state[i].tree->session->transport->conn);
+		dest_str = print_sockaddr(addrstr, sizeof(addrstr), dest_ss);
+		dest_port = get_sockaddr_port(dest_ss);
+
+		state[i].dest_host = talloc_strdup(state[i].mem_ctx, dest_str);
+		state[i].dest_ports = talloc_array(state[i].mem_ctx, 
+						   const char *, 2);
+		state[i].dest_ports[0] = talloc_asprintf(state[i].dest_ports, 
+							 "%u", dest_port);
+		state[i].dest_ports[1] = NULL;
+		state[i].called_name  = talloc_strdup(state[i].mem_ctx,
+				smbXcli_conn_remote_name(cli->tree->session->transport->conn));
+		state[i].service_type = talloc_strdup(state[i].mem_ctx, "?????");
+	}
+
+	num_connected = i;
+
+	if (!torture_setup_dir(cli, BASEDIR)) {
+		goto failed;
+	}
+
+	for (i=0;i<nprocs;i++) {
+		state[i].fnum = smbcli_open(state[i].tree, 
+					    FNAME, 
+					    O_RDWR|O_CREAT, DENY_NONE);
+		if (state[i].fnum == -1) {
+			printf("Failed to open %s on connection %d\n", FNAME, i);
+			goto failed;
+		}
+
+		/* Optionally, lock initial_locks for each proc beforehand. */
+		if (i == 0 && initial_locks > 0) {
+			printf("Initializing %d locks on each proc.\n",
+			    initial_locks);
+		}
+
+		for (j = 0; j < initial_locks; j++) {
+			offset = (0xFFFFFED8LLU * (i+2)) + j;
+			if (!NT_STATUS_IS_OK(smbcli_lock64(state[i].tree,
+			    state[i].fnum, offset, 1, 0, WRITE_LOCK))) {
+				printf("Failed initializing, lock=%d\n", j);
+				goto failed;
+			}
+		}
+
+		state[i].stage = LOCK_INITIAL;
+		lock_send(&state[i]);
+	}
+
+	tv = timeval_current();	
+
+	if (progress) {
+		tevent_add_timer(torture->ev, state, timeval_current_ofs(1, 0), report_rate, state);
+	}
+
+	printf("Running for %d seconds\n", timelimit);
+	while (timeval_elapsed(&tv) < timelimit) {
+		tevent_loop_once(torture->ev);
+
+		if (lock_failed) {
+			DEBUG(0,("locking failed\n"));
+			goto failed;
+		}
+	}
+
+	printf("%.2f ops/second\n", total/timeval_elapsed(&tv));
+	minops = state[0].count;
+	for (i=0;i<nprocs;i++) {
+		printf("[%d] %u ops\n", i, state[i].count);
+		if (state[i].count < minops) minops = state[i].count;
+	}
+	if (minops < 0.5*total/nprocs) {
+		printf("Failed: unbalanced locking\n");
+		goto failed;
+	}
+
+	for (i=0;i<nprocs;i++) {
+		talloc_free(state[i].req);
+		smb_raw_exit(state[i].tree->session);
+	}
+
+	smbcli_deltree(state[0].tree, BASEDIR);
+	talloc_free(mem_ctx);
+	printf("\n");
+	return ret;
+
+failed:
+	smbcli_deltree(state[0].tree, BASEDIR);
+	talloc_free(mem_ctx);
+	return false;
+}
diff --git a/source4/torture/raw/lookuprate.c b/source4/torture/raw/lookuprate.c
new file mode 100644
index 0000000..4243e35
--- /dev/null
+++ b/source4/torture/raw/lookuprate.c
@@ -0,0 +1,318 @@
+/*
+   File lookup rate test.
+
+   Copyright (C) James Peach 2006
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "torture/smbtorture.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "torture/raw/proto.h"
+
+#define BASEDIR "\\lookuprate"
+#define MISSINGNAME BASEDIR "\\foo"
+
+#define FUZZ_PERCENT 10
+
+#define usec_to_sec(s) ((s) / 1000000)
+#define sec_to_usec(s) ((s) * 1000000)
+
+struct rate_record
+{
+    unsigned	dirent_count;
+    unsigned	querypath_persec;
+    unsigned	findfirst_persec;
+};
+
+static struct rate_record records[] =
+{
+    { 0, 0, 0 },	/* Base (optimal) lookup rate. */
+    { 100, 0, 0},
+    { 1000, 0, 0},
+    { 10000, 0, 0},
+    { 100000, 0, 0}
+};
+
+typedef NTSTATUS lookup_function(struct smbcli_tree *tree, const char * path);
+
+/* Test whether rhs is within fuzz% of lhs. */
+static bool fuzzily_equal(unsigned lhs, unsigned rhs, int percent)
+{
+	double fuzz = (double)lhs * (double)percent/100.0;
+
+	if (((double)rhs >= ((double)lhs - fuzz)) &&
+	    ((double)rhs <= ((double)lhs + fuzz))) {
+		return true;
+	}
+
+	return false;
+
+}
+
+static NTSTATUS fill_directory(struct smbcli_tree *tree,
+	    const char * path, unsigned count)
+{
+	NTSTATUS	status;
+	char		*fname = NULL;
+	unsigned	i;
+	unsigned	current;
+
+	struct timeval start;
+	struct timeval now;
+
+	status = smbcli_mkdir(tree, path);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	printf("filling directory %s with %u files... ", path, count);
+	fflush(stdout);
+
+	current = random();
+	start = timeval_current();
+
+	for (i = 0; i < count; ++i) {
+		int fnum;
+
+		++current;
+		fname = talloc_asprintf(NULL, "%s\\fill%u",
+				    path, current);
+
+		fnum = smbcli_open(tree, fname, O_RDONLY|O_CREAT,
+				DENY_NONE);
+		if (fnum < 0) {
+			talloc_free(fname);
+			return smbcli_nt_error(tree);
+		}
+
+		smbcli_close(tree, fnum);
+		talloc_free(fname);
+	}
+
+	if (count) {
+		double rate;
+		now = timeval_current();
+		rate = (double)count / usec_to_sec((double)usec_time_diff(&now, &start));
+		printf("%u/sec\n", (unsigned)rate);
+	} else {
+		printf("done\n");
+	}
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS squash_lookup_error(NTSTATUS status)
+{
+	if (NT_STATUS_IS_OK(status)) {
+		return NT_STATUS_OK;
+	}
+
+	/* We don't care if the file isn't there. */
+	if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_PATH_NOT_FOUND)) {
+		return NT_STATUS_OK;
+	}
+
+	if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+		return NT_STATUS_OK;
+	}
+
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_FILE)) {
+		return NT_STATUS_OK;
+	}
+
+	return status;
+}
+
+/* Look up a pathname using TRANS2_QUERY_PATH_INFORMATION. */
+static NTSTATUS querypath_lookup(struct smbcli_tree *tree, const char * path)
+{
+	NTSTATUS	status;
+	time_t		ftimes[3];
+	size_t		fsize;
+	uint16_t	fmode;
+
+	status = smbcli_qpathinfo(tree, path, &ftimes[0], &ftimes[1], &ftimes[2],
+			&fsize, &fmode);
+
+	return squash_lookup_error(status);
+}
+
+/* Look up a pathname using TRANS2_FIND_FIRST2. */
+static NTSTATUS findfirst_lookup(struct smbcli_tree *tree, const char * path)
+{
+	NTSTATUS status = NT_STATUS_OK;
+
+	if (smbcli_list(tree, path, 0, NULL, NULL) < 0) {
+		status = smbcli_nt_error(tree);
+	}
+
+	return squash_lookup_error(status);
+}
+
+static NTSTATUS lookup_rate_convert(struct smbcli_tree *tree,
+	lookup_function lookup, const char * path, unsigned * rate)
+{
+	NTSTATUS	status;
+
+	struct timeval	start;
+	struct timeval	now;
+	unsigned	count = 0;
+	int64_t		elapsed = 0;
+
+#define LOOKUP_PERIOD_SEC (2)
+
+	start = timeval_current();
+	while (elapsed < sec_to_usec(LOOKUP_PERIOD_SEC)) {
+
+		status = lookup(tree, path);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+
+		++count;
+		now = timeval_current();
+		elapsed = usec_time_diff(&now, &start);
+	}
+
+#undef LOOKUP_PERIOD_SEC
+
+	*rate = (unsigned)((double)count / (double)usec_to_sec(elapsed));
+	return NT_STATUS_OK;
+}
+
+static bool remove_working_directory(struct smbcli_tree *tree,
+		const char * path)
+{
+	int tries;
+
+	/* Using smbcli_deltree to delete a very large number of files
+	 * doesn't work against all servers. Work around this by
+	 * retrying.
+	 */
+	for (tries = 0; tries < 5; ) {
+		int ret;
+
+		ret = smbcli_deltree(tree, BASEDIR);
+		if (ret == -1) {
+			tries++;
+			printf("(%s) failed to deltree %s: %s\n",
+				__location__, BASEDIR,
+				smbcli_errstr(tree));
+			continue;
+		}
+
+		return true;
+	}
+
+	return false;
+
+}
+
+/* Verify that looking up a file name takes constant time.
+ *
+ * This test samples the lookup rate for a non-existent filename in a
+ * directory, while varying the number of files in the directory. The
+ * lookup rate should continue to approximate the lookup rate for the
+ * empty directory case.
+ */
+bool torture_bench_lookup(struct torture_context *torture)
+{
+	NTSTATUS	status;
+	bool		result = false;
+
+	int i;
+	struct smbcli_state *cli = NULL;
+
+	if (!torture_open_connection(&cli, torture, 0)) {
+		goto done;
+	}
+
+	remove_working_directory(cli->tree, BASEDIR);
+
+	for (i = 0; i < ARRAY_SIZE(records); ++i) {
+		printf("Testing lookup rate with %u directory entries\n",
+				records[i].dirent_count);
+
+		status = fill_directory(cli->tree, BASEDIR,
+				records[i].dirent_count);
+		if (!NT_STATUS_IS_OK(status)) {
+			printf("failed to fill directory: %s\n", nt_errstr(status));
+			goto done;
+		}
+
+		status = lookup_rate_convert(cli->tree, querypath_lookup,
+			MISSINGNAME, &records[i].querypath_persec);
+		if (!NT_STATUS_IS_OK(status)) {
+			printf("querypathinfo of %s failed: %s\n",
+				MISSINGNAME, nt_errstr(status));
+			goto done;
+		}
+
+		status = lookup_rate_convert(cli->tree, findfirst_lookup,
+			MISSINGNAME, &records[i].findfirst_persec);
+		if (!NT_STATUS_IS_OK(status)) {
+			printf("findfirst of %s failed: %s\n",
+				MISSINGNAME, nt_errstr(status));
+			goto done;
+		}
+
+		printf("entries = %u, querypath = %u/sec, findfirst = %u/sec\n",
+				records[i].dirent_count,
+				records[i].querypath_persec,
+				records[i].findfirst_persec);
+
+		if (!remove_working_directory(cli->tree, BASEDIR)) {
+			goto done;
+		}
+	}
+
+	/* Ok. We have run all our tests. Walk through the records we
+	 * accumulated and figure out whether the lookups took constant
+	 * time or not.
+	 */
+	result = true;
+	for (i = 0; i < ARRAY_SIZE(records); ++i) {
+		if (!fuzzily_equal(records[0].querypath_persec,
+				    records[i].querypath_persec,
+				    FUZZ_PERCENT)) {
+			printf("querypath rate for %d entries differed by "
+				"more than %d%% from base rate\n",
+				records[i].dirent_count, FUZZ_PERCENT);
+			result = false;
+		}
+
+		if (!fuzzily_equal(records[0].findfirst_persec,
+				    records[i].findfirst_persec,
+				    FUZZ_PERCENT)) {
+			printf("findfirst rate for %d entries differed by "
+				"more than %d%% from base rate\n",
+				records[i].dirent_count, FUZZ_PERCENT);
+			result = false;
+		}
+	}
+
+done:
+	if (cli) {
+		remove_working_directory(cli->tree, BASEDIR);
+		talloc_free(cli);
+	}
+
+	return result;
+}
+
+/* vim: set sts=8 sw=8 : */
diff --git a/source4/torture/raw/missing.txt b/source4/torture/raw/missing.txt
new file mode 100644
index 0000000..0f4104b
--- /dev/null
+++ b/source4/torture/raw/missing.txt
@@ -0,0 +1,160 @@
+- RAW-CONTEXT passes on nt4 but TCON doesn't !!??
+
+- all messaging commands
+
+- writebraw
+
+- writebmpx
+
+- acl ops
+
+- readbmpx
+
+- rap commands
+
+- rpc commands
+
+- SMBcopy
+
+- SMBtcon
+
+- SMBecho
+
+- SMBfunique
+
+- SMBsearch vs SMBffirst?
+
+- SMBfclose
+
+- SMBkeepalive
+
+- secondary trans2 and nttrans
+
+- trans2 ioctl
+
+- trans2 session setup
+
+- trans2 DFS ops
+
+- unix ops
+
+--------------
+done:
+
+mkdir
+rmdir
+open
+create
+close
+flush
+unlink
+mv
+getatr
+setatr
+read
+write
+lock
+unlock
+ctemp
+mknew
+chkpath
+exit
+lseek
+tconX
+tdis
+negprot
+dskattr
+search
+lockread
+writeunlock
+readbraw
+setattrE
+getattrE
+lockingX
+ioctl
+openX
+readX
+writeX
+sesssetupX
+trans2
+findclose
+ulogoffX
+nttrans
+ntcreateX
+ntcancel
+trans2_open
+trans2_findfirst
+trans2_findnext?
+trans2_qfsinfo
+trans2_setfsinfo
+trans2_qpathinfo
+trans2_setpathinfo
+trans2_qfileinfo
+trans2_setfileinfo
+trans2_fsctl
+trans2_mkdir
+trans2_findnext
+NTrename
+SMB_QFS_ALLOCATION
+SMB_QFS_VOLUME
+SMB_QFS_VOLUME_INFO
+SMB_QFS_SIZE_INFO
+SMB_QFS_DEVICE_INFO
+SMB_QFS_ATTRIBUTE_INFO
+SMB_QFS_VOLUME_INFORMATION
+SMB_QFS_SIZE_INFORMATION
+SMB_QFS_DEVICE_INFORMATION
+SMB_QFS_ATTRIBUTE_INFORMATION
+SMB_QFS_QUOTA_INFORMATION
+SMB_QFS_FULL_SIZE_INFORMATION
+SMB_QFS_OBJECTID_INFORMATION
+SMB_QFILEINFO_STANDARD
+SMB_QFILEINFO_EA_SIZE
+SMB_QFILEINFO_ALL_EAS
+SMB_QFILEINFO_IS_NAME_VALID
+SMB_QFILEINFO_BASIC_INFO
+SMB_QFILEINFO_STANDARD_INFO
+SMB_QFILEINFO_EA_INFO
+SMB_QFILEINFO_NAME_INFO
+SMB_QFILEINFO_ALL_INFO
+SMB_QFILEINFO_ALT_NAME_INFO
+SMB_QFILEINFO_STREAM_INFO
+SMB_QFILEINFO_COMPRESSION_INFO
+SMB_QFILEINFO_BASIC_INFORMATION
+SMB_QFILEINFO_STANDARD_INFORMATION
+SMB_QFILEINFO_INTERNAL_INFORMATION
+SMB_QFILEINFO_EA_INFORMATION
+SMB_QFILEINFO_ACCESS_INFORMATION
+SMB_QFILEINFO_NAME_INFORMATION
+SMB_QFILEINFO_POSITION_INFORMATION
+SMB_QFILEINFO_MODE_INFORMATION
+SMB_QFILEINFO_ALIGNMENT_INFORMATION
+SMB_QFILEINFO_ALL_INFORMATION
+SMB_QFILEINFO_ALT_NAME_INFORMATION
+SMB_QFILEINFO_STREAM_INFORMATION
+SMB_QFILEINFO_COMPRESSION_INFORMATION
+SMB_QFILEINFO_NETWORK_OPEN_INFORMATION
+SMB_QFILEINFO_ATTRIBUTE_TAG_INFORMATION
+SMB_SFILEINFO_STANDARD
+SMB_SFILEINFO_EA_SET
+SMB_SFILEINFO_BASIC_INFO
+SMB_SFILEINFO_DISPOSITION_INFO
+SMB_SFILEINFO_ALLOCATION_INFO
+SMB_SFILEINFO_END_OF_FILE_INFO
+SMB_SFILEINFO_UNIX_BASIC
+SMB_SFILEINFO_UNIX_LINK
+SMB_SFILEINFO_BASIC_INFORMATION
+SMB_SFILEINFO_RENAME_INFORMATION
+SMB_SFILEINFO_DISPOSITION_INFORMATION
+SMB_SFILEINFO_POSITION_INFORMATION
+SMB_SFILEINFO_MODE_INFORMATION
+SMB_SFILEINFO_ALLOCATION_INFORMATION
+SMB_SFILEINFO_END_OF_FILE_INFORMATION
+SMB_FIND_STANDARD
+SMB_FIND_EA_SIZE
+SMB_FIND_DIRECTORY_INFO
+SMB_FIND_FULL_DIRECTORY_INFO
+SMB_FIND_NAME_INFO
+SMB_FIND_BOTH_DIRECTORY_INFO
+SMB_FIND_261
+SMB_FIND_262
diff --git a/source4/torture/raw/mkdir.c b/source4/torture/raw/mkdir.c
new file mode 100644
index 0000000..4775016
--- /dev/null
+++ b/source4/torture/raw/mkdir.c
@@ -0,0 +1,171 @@
+/* 
+   Unix SMB/CIFS implementation.
+   RAW_MKDIR_* and RAW_RMDIR_* individual test suite
+   Copyright (C) Andrew Tridgell 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "torture/raw/proto.h"
+
+#define BASEDIR "\\mkdirtest"
+
+#define CHECK_STATUS(status, correct) do { \
+	if (!NT_STATUS_EQUAL(status, correct)) { \
+		printf("(%s) Incorrect status %s - should be %s\n", \
+		       __location__, nt_errstr(status), nt_errstr(correct)); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+/*
+  test mkdir ops
+*/
+static bool test_mkdir(struct smbcli_state *cli, struct torture_context *tctx)
+{
+	union smb_mkdir md;
+	struct smb_rmdir rd;
+	const char *path = BASEDIR "\\mkdir.dir";
+	NTSTATUS status;
+	bool ret = true;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	/* 
+	   basic mkdir
+	*/
+	md.mkdir.level = RAW_MKDIR_MKDIR;
+	md.mkdir.in.path = path;
+
+	status = smb_raw_mkdir(cli->tree, &md);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	printf("Testing mkdir collision\n");
+
+	/* 2nd create */
+	status = smb_raw_mkdir(cli->tree, &md);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_COLLISION);
+
+	/* basic rmdir */
+	rd.in.path = path;
+	status = smb_raw_rmdir(cli->tree, &rd);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb_raw_rmdir(cli->tree, &rd);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	printf("Testing mkdir collision with file\n");
+
+	/* name collision with a file */
+	smbcli_close(cli->tree, create_complex_file(cli, tctx, path));
+	status = smb_raw_mkdir(cli->tree, &md);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_COLLISION);
+
+	printf("Testing rmdir with file\n");
+
+	/* delete a file with rmdir */
+	status = smb_raw_rmdir(cli->tree, &rd);
+	CHECK_STATUS(status, NT_STATUS_NOT_A_DIRECTORY);
+
+	smbcli_unlink(cli->tree, path);
+
+	printf("Testing invalid dir\n");
+
+	/* create an invalid dir */
+	md.mkdir.in.path = "..\\..\\..";
+	status = smb_raw_mkdir(cli->tree, &md);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_PATH_SYNTAX_BAD);
+	
+	printf("Testing t2mkdir\n");
+
+	/* try a t2mkdir - need to work out why this fails! */
+	md.t2mkdir.level = RAW_MKDIR_T2MKDIR;
+	md.t2mkdir.in.path = path;
+	md.t2mkdir.in.num_eas = 0;	
+	status = smb_raw_mkdir(cli->tree, &md);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb_raw_rmdir(cli->tree, &rd);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	printf("Testing t2mkdir bad path\n");
+	md.t2mkdir.in.path = talloc_asprintf(tctx, "%s\\bad_path\\bad_path",
+					     BASEDIR);
+	status = smb_raw_mkdir(cli->tree, &md);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_PATH_NOT_FOUND);
+
+	printf("Testing t2mkdir with EAs\n");
+
+	/* with EAs */
+	md.t2mkdir.level = RAW_MKDIR_T2MKDIR;
+	md.t2mkdir.in.path = path;
+	md.t2mkdir.in.num_eas = 3;
+	md.t2mkdir.in.eas = talloc_array(tctx, struct ea_struct, md.t2mkdir.in.num_eas);
+	md.t2mkdir.in.eas[0].flags = 0;
+	md.t2mkdir.in.eas[0].name.s = "EAONE";
+	md.t2mkdir.in.eas[0].value = data_blob_talloc(tctx, "blah", 4);
+	md.t2mkdir.in.eas[1].flags = 0;
+	md.t2mkdir.in.eas[1].name.s = "EA TWO";
+	md.t2mkdir.in.eas[1].value = data_blob_talloc(tctx, "foo bar", 7);
+	md.t2mkdir.in.eas[2].flags = 0;
+	md.t2mkdir.in.eas[2].name.s = "EATHREE";
+	md.t2mkdir.in.eas[2].value = data_blob_talloc(tctx, "xx1", 3);
+	status = smb_raw_mkdir(cli->tree, &md);
+
+	if (torture_setting_bool(tctx, "samba3", false)
+	    && NT_STATUS_EQUAL(status, NT_STATUS_EAS_NOT_SUPPORTED)) {
+		d_printf("EAS not supported -- not treating as fatal\n");
+	}
+	else {
+		/*
+		 * In Samba3, don't see this error as fatal
+		 */
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		status = torture_check_ea(cli, path, "EAONE", "blah");
+		CHECK_STATUS(status, NT_STATUS_OK);
+		status = torture_check_ea(cli, path, "EA TWO", "foo bar");
+		CHECK_STATUS(status, NT_STATUS_OK);
+		status = torture_check_ea(cli, path, "EATHREE", "xx1");
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		status = smb_raw_rmdir(cli->tree, &rd);
+		CHECK_STATUS(status, NT_STATUS_OK);
+	}
+
+done:
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+
+/* 
+   basic testing of all RAW_MKDIR_* calls 
+*/
+bool torture_raw_mkdir(struct torture_context *torture, 
+		       struct smbcli_state *cli)
+{
+	bool ret = true;
+
+	if (!test_mkdir(cli, torture)) {
+		ret = false;
+	}
+
+	return ret;
+}
diff --git a/source4/torture/raw/mux.c b/source4/torture/raw/mux.c
new file mode 100644
index 0000000..4fd5a9e
--- /dev/null
+++ b/source4/torture/raw/mux.c
@@ -0,0 +1,342 @@
+/* 
+   Unix SMB/CIFS implementation.
+   basic raw test suite for multiplexing
+   Copyright (C) Andrew Tridgell 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "torture/raw/proto.h"
+
+#define BASEDIR "\\test_mux"
+
+/*
+  test the delayed reply to a open that leads to a sharing violation
+*/
+static bool test_mux_open(struct torture_context *tctx, struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
+{
+	union smb_open io;
+	NTSTATUS status;
+	int fnum1, fnum2;
+	bool ret = true;
+	struct smbcli_request *req1, *req2;
+	struct timeval tv;
+	double d;
+
+	torture_comment(tctx, "Testing multiplexed open/open/close\n");
+
+	torture_comment(tctx, "send first open\n");
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FILE_READ_DATA;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = BASEDIR "\\open.dat";
+	status = smb_raw_open(cli->tree, mem_ctx, &io);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OK, "send first open");
+	fnum1 = io.ntcreatex.out.file.fnum;
+
+	torture_comment(tctx, "send 2nd open, non-conflicting\n");
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	status = smb_raw_open(cli->tree, mem_ctx, &io);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OK, "send 2nd open, non-conflicting");
+	fnum2 = io.ntcreatex.out.file.fnum;
+
+	tv = timeval_current();
+
+	torture_comment(tctx, "send 3rd open, conflicting\n");
+	io.ntcreatex.in.share_access = 0;
+	status = smb_raw_open(cli->tree, mem_ctx, &io);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_SHARING_VIOLATION, "send 3rd open, conflicting");
+
+	d = timeval_elapsed(&tv);
+	if (d < 0.5 || d > 1.5) {
+		torture_comment(tctx, "bad timeout for conflict - %.2f should be 1.0\n", d);
+	} else {
+		torture_comment(tctx, "open delay %.2f\n", d);
+	}
+
+	torture_comment(tctx, "send async open, conflicting\n");
+	tv = timeval_current();
+	req1 = smb_raw_open_send(cli->tree, &io);
+
+	torture_comment(tctx, "send 2nd async open, conflicting\n");
+	tv = timeval_current();
+	req2 = smb_raw_open_send(cli->tree, &io);
+	
+	torture_comment(tctx, "close first sync open\n");
+	smbcli_close(cli->tree, fnum1);
+
+	torture_comment(tctx, "cancel 2nd async open (should be ignored)\n");
+	smb_raw_ntcancel(req2);
+
+	d = timeval_elapsed(&tv);
+	if (d > 0.25) {
+		torture_comment(tctx, "bad timeout after cancel - %.2f should be <0.25\n", d);
+		torture_assert(tctx, d <= 0.25, "bad timeout after cancel");
+	}
+
+	torture_comment(tctx, "close the 2nd sync open\n");
+	smbcli_close(cli->tree, fnum2);
+
+	torture_comment(tctx, "see if the 1st async open now succeeded\n");
+	status = smb_raw_open_recv(req1, mem_ctx, &io);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OK, "see if the 1st async open now succeeded");
+
+	d = timeval_elapsed(&tv);
+	if (d > 0.25) {
+		torture_comment(tctx, "bad timeout for async conflict - %.2f should be <0.25\n", d);
+		torture_assert(tctx, d <= 0.25, "bad timeout for async conflict");
+	} else {
+		torture_comment(tctx, "async open delay %.2f\n", d);
+	}
+
+	torture_comment(tctx, "2nd async open should have timed out\n");
+	status = smb_raw_open_recv(req2, mem_ctx, &io);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_SHARING_VIOLATION, "2nd async open should have timed out");
+	d = timeval_elapsed(&tv);
+	if (d < 0.8) {
+		torture_comment(tctx, "bad timeout for async conflict - %.2f should be 1.0\n", d);
+	}
+
+	torture_comment(tctx, "close the 1st async open\n");
+	smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+
+	return ret;
+}
+
+
+/*
+  test a write that hits a byte range lock and send the close after the write
+*/
+static bool test_mux_write(struct torture_context *tctx, struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
+{
+	union smb_write io;
+	NTSTATUS status;
+	int fnum;
+	bool ret = true;
+	struct smbcli_request *req;
+
+	torture_comment(tctx, "Testing multiplexed lock/write/close\n");
+
+	fnum = smbcli_open(cli->tree, BASEDIR "\\write.dat", O_RDWR | O_CREAT, DENY_NONE);
+	if (fnum == -1) {
+		torture_comment(tctx, "open failed in mux_write - %s\n", smbcli_errstr(cli->tree));
+		torture_assert(tctx, fnum != -1, "open failed in mux_write");
+	}
+
+	cli->session->pid = 1;
+
+	status = smbcli_lock(cli->tree, fnum, 0, 4, 0, WRITE_LOCK);
+
+	/* lock a range */
+	if (NT_STATUS_IS_ERR(status)) {
+		torture_assert_ntstatus_ok(tctx, status, "lock failed in mux_write");
+	}
+
+	cli->session->pid = 2;
+
+	/* send an async write */
+	io.generic.level = RAW_WRITE_WRITEX;
+	io.writex.in.file.fnum = fnum;
+	io.writex.in.offset = 0;
+	io.writex.in.wmode = 0;
+	io.writex.in.remaining = 0;
+	io.writex.in.count = 4;
+	io.writex.in.data = (const uint8_t *)&fnum;	
+	req = smb_raw_write_send(cli->tree, &io);
+
+	/* unlock the range */
+	cli->session->pid = 1;
+	smbcli_unlock(cli->tree, fnum, 0, 4);
+
+	/* and recv the async write reply */
+	status = smb_raw_write_recv(req, &io);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_FILE_LOCK_CONFLICT, "recv the async write reply");
+
+	smbcli_close(cli->tree, fnum);
+
+	return ret;
+}
+
+
+/*
+  test a lock that conflicts with an existing lock
+*/
+static bool test_mux_lock(struct torture_context *tctx, struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
+{
+	union smb_lock io;
+	NTSTATUS status;
+	int fnum;
+	bool ret = true;
+	struct smbcli_request *req;
+	struct smb_lock_entry lock[1];
+	struct timeval t;
+
+	torture_comment(tctx, "TESTING MULTIPLEXED LOCK/LOCK/UNLOCK\n");
+
+	fnum = smbcli_open(cli->tree, BASEDIR "\\write.dat", O_RDWR | O_CREAT, DENY_NONE);
+	if (fnum == -1) {
+		torture_comment(tctx, "open failed in mux_lock - %s\n", smbcli_errstr(cli->tree));
+		torture_assert(tctx, fnum != -1, "open failed in mux_lock");
+	}
+
+	torture_comment(tctx, "establishing a lock\n");
+	io.lockx.level = RAW_LOCK_LOCKX;
+	io.lockx.in.file.fnum = fnum;
+	io.lockx.in.mode = 0;
+	io.lockx.in.timeout = 0;
+	io.lockx.in.lock_cnt = 1;
+	io.lockx.in.ulock_cnt = 0;
+	lock[0].pid = 1;
+	lock[0].offset = 0;
+	lock[0].count = 4;
+	io.lockx.in.locks = &lock[0];
+
+	status = smb_raw_lock(cli->tree, &io);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OK, "establishing a lock");
+
+	torture_comment(tctx, "the second lock will conflict with the first\n");
+	lock[0].pid = 2;
+	io.lockx.in.timeout = 1000;
+	status = smb_raw_lock(cli->tree, &io);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_FILE_LOCK_CONFLICT, "the second lock will conflict with the first");
+
+	torture_comment(tctx, "this will too, but we'll unlock while waiting\n");
+	t = timeval_current();
+	req = smb_raw_lock_send(cli->tree, &io);
+
+	torture_comment(tctx, "unlock the first range\n");
+	lock[0].pid = 1;
+	io.lockx.in.ulock_cnt = 1;
+	io.lockx.in.lock_cnt = 0;
+	io.lockx.in.timeout = 0;
+	status = smb_raw_lock(cli->tree, &io);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OK, "unlock the first range");
+
+	torture_comment(tctx, "recv the async reply\n");
+	status = smbcli_request_simple_recv(req);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OK, "recv the async reply");
+
+	torture_comment(tctx, "async lock took %.2f msec\n", timeval_elapsed(&t) * 1000);
+	torture_assert(tctx, timeval_elapsed(&t) <= 0.1, "failed to trigger early lock retry\n");
+
+	torture_comment(tctx, "reopening with an exit\n");
+	smb_raw_exit(cli->session);
+	fnum = smbcli_open(cli->tree, BASEDIR "\\write.dat", O_RDWR | O_CREAT, DENY_NONE);
+
+	torture_comment(tctx, "Now trying with a cancel\n");
+
+	io.lockx.level = RAW_LOCK_LOCKX;
+	io.lockx.in.file.fnum = fnum;
+	io.lockx.in.mode = 0;
+	io.lockx.in.timeout = 0;
+	io.lockx.in.lock_cnt = 1;
+	io.lockx.in.ulock_cnt = 0;
+	lock[0].pid = 1;
+	lock[0].offset = 0;
+	lock[0].count = 4;
+	io.lockx.in.locks = &lock[0];
+
+	status = smb_raw_lock(cli->tree, &io);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OK, "Now trying with a cancel");
+
+	lock[0].pid = 2;
+	io.lockx.in.timeout = 1000;
+	status = smb_raw_lock(cli->tree, &io);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_FILE_LOCK_CONFLICT, "Now trying with a cancel pid 2");
+
+	req = smb_raw_lock_send(cli->tree, &io);
+
+	/* cancel the blocking lock */
+	smb_raw_ntcancel(req);
+
+	torture_comment(tctx, "sending 2nd cancel\n");
+	/* the 2nd cancel is totally harmless, but tests the server trying to 
+	   cancel an already cancelled request */
+	smb_raw_ntcancel(req);
+
+	torture_comment(tctx, "sent 2nd cancel\n");
+
+	lock[0].pid = 1;
+	io.lockx.in.ulock_cnt = 1;
+	io.lockx.in.lock_cnt = 0;
+	io.lockx.in.timeout = 0;
+	status = smb_raw_lock(cli->tree, &io);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OK, "clear lock");
+
+	status = smbcli_request_simple_recv(req);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_FILE_LOCK_CONFLICT, "recv 2nd cancel");
+
+	torture_comment(tctx, "cancel a lock using exit to close file\n");
+	lock[0].pid = 1;
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+	io.lockx.in.timeout = 1000;
+
+	status = smb_raw_lock(cli->tree, &io);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OK, "cancel a lock using exit to close file");
+
+	t = timeval_current();
+	lock[0].pid = 2;
+	req = smb_raw_lock_send(cli->tree, &io);
+
+	smb_raw_exit(cli->session);
+	smb_raw_exit(cli->session);
+	smb_raw_exit(cli->session);
+	smb_raw_exit(cli->session);
+
+	torture_comment(tctx, "recv the async reply\n");
+	status = smbcli_request_simple_recv(req);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_RANGE_NOT_LOCKED, "recv the async reply");
+	torture_comment(tctx, "async lock exit took %.2f msec\n", timeval_elapsed(&t) * 1000);
+	torture_assert(tctx, timeval_elapsed(&t) <= 0.1, "failed to trigger early lock failure\n");
+
+	return ret;
+}
+
+
+
+/* 
+   basic testing of multiplexing notify
+*/
+bool torture_raw_mux(struct torture_context *torture, struct smbcli_state *cli)
+{
+	bool ret = true;
+	TALLOC_CTX *frame;
+
+	torture_assert(torture, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+	frame = talloc_stackframe();
+
+	ret &= test_mux_open(torture, cli, frame);
+	ret &= test_mux_write(torture, cli, frame);
+	ret &= test_mux_lock(torture, cli, frame);
+
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	TALLOC_FREE(frame);
+	return ret;
+}
diff --git a/source4/torture/raw/notify.c b/source4/torture/raw/notify.c
new file mode 100644
index 0000000..f3c3806
--- /dev/null
+++ b/source4/torture/raw/notify.c
@@ -0,0 +1,2297 @@
+/* 
+   Unix SMB/CIFS implementation.
+   basic raw test suite for change notify
+   Copyright (C) Andrew Tridgell 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/libcli.h"
+#include "system/filesys.h"
+#include "torture/util.h"
+#include "torture/raw/proto.h"
+#include "lib/events/events.h"
+
+#define BASEDIR "\\test_notify"
+
+#define CHECK_WSTR(tctx, field, value, flags) \
+do { \
+	torture_assert_str_equal(tctx, field.s, value, "values don't match"); \
+	torture_assert(tctx, \
+		       !wire_bad_flags(&field, STR_UNICODE, cli->transport), \
+		       "wire_bad_flags"); \
+} while (0)
+
+#define BASEDIR_CN1_DIR BASEDIR "_CN1_DIR"
+
+/* 
+   basic testing of change notify on directories
+*/
+static bool test_notify_dir(struct torture_context *tctx,
+			    struct smbcli_state *cli,
+			    struct smbcli_state *cli2)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_notify notify;
+	union smb_open io;
+	union smb_close cl;
+	int i, count, fnum, fnum2;
+	struct smbcli_request *req, *req2;
+	extern int torture_numops;
+
+	torture_comment(tctx, "TESTING CHANGE NOTIFY ON DIRECTORIES\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR_CN1_DIR),
+		       "Failed to setup up test directory: " BASEDIR_CN1_DIR);
+
+	/*
+	  get a handle on the directory
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FILE_ALL;
+	io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = BASEDIR_CN1_DIR;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_open");
+	fnum = io.ntcreatex.out.file.fnum;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_open");
+	fnum2 = io.ntcreatex.out.file.fnum;
+
+	/* ask for a change notify,
+	   on file or directory name changes */
+	notify.nttrans.level = RAW_NOTIFY_NTTRANS;
+	notify.nttrans.in.buffer_size = 1000;
+	notify.nttrans.in.completion_filter = FILE_NOTIFY_CHANGE_NAME;
+	notify.nttrans.in.file.fnum = fnum;
+	notify.nttrans.in.recursive = true;
+
+	torture_comment(tctx, "Testing notify cancel\n");
+
+	req = smb_raw_changenotify_send(cli->tree, &notify);
+	smb_raw_ntcancel(req);
+	status = smb_raw_changenotify_recv(req, tctx, &notify);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_CANCELLED,
+					   ret, done,
+					   "smb_raw_changenotify_recv");
+
+	torture_comment(tctx, "Testing notify mkdir\n");
+
+	req = smb_raw_changenotify_send(cli->tree, &notify);
+	smbcli_mkdir(cli2->tree, BASEDIR_CN1_DIR "\\subdir-name");
+
+	status = smb_raw_changenotify_recv(req, tctx, &notify);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_changenotify_recv");
+
+	torture_assert_int_equal_goto(tctx, notify.nttrans.out.num_changes,
+				      1, ret, done, "more than one change");
+	torture_assert_int_equal_goto(tctx,
+				      notify.nttrans.out.changes[0].action,
+				      NOTIFY_ACTION_ADDED, ret, done,
+				      "wrong action (exp: ADDED)");
+	CHECK_WSTR(tctx, notify.nttrans.out.changes[0].name, "subdir-name",
+		   STR_UNICODE);
+
+	torture_comment(tctx, "Testing notify rmdir\n");
+
+	req = smb_raw_changenotify_send(cli->tree, &notify);
+	smbcli_rmdir(cli2->tree, BASEDIR_CN1_DIR "\\subdir-name");
+
+	status = smb_raw_changenotify_recv(req, tctx, &notify);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_changenotify_recv");
+	torture_assert_int_equal_goto(tctx, notify.nttrans.out.num_changes,
+				      1, ret, done, "more than one change");
+	torture_assert_int_equal_goto(tctx,
+				      notify.nttrans.out.changes[0].action,
+				      NOTIFY_ACTION_REMOVED, ret, done,
+				      "wrong action (exp: REMOVED)");
+	CHECK_WSTR(tctx, notify.nttrans.out.changes[0].name, "subdir-name",
+		   STR_UNICODE);
+
+	torture_comment(tctx, "Testing notify mkdir - rmdir - mkdir - rmdir\n");
+
+	smbcli_mkdir(cli2->tree, BASEDIR_CN1_DIR "\\subdir-name");
+	smbcli_rmdir(cli2->tree, BASEDIR_CN1_DIR "\\subdir-name");
+	smbcli_mkdir(cli2->tree, BASEDIR_CN1_DIR "\\subdir-name");
+	smbcli_rmdir(cli2->tree, BASEDIR_CN1_DIR "\\subdir-name");
+	smb_msleep(200);
+	req = smb_raw_changenotify_send(cli->tree, &notify);
+	status = smb_raw_changenotify_recv(req, tctx, &notify);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_changenotify_recv");
+	torture_assert_int_equal_goto(tctx, notify.nttrans.out.num_changes,
+				      4, ret, done, "wrong number of changes");
+	torture_assert_int_equal_goto(tctx,
+				      notify.nttrans.out.changes[0].action,
+				      NOTIFY_ACTION_ADDED, ret, done,
+				      "wrong action (exp: ADDED)");
+	CHECK_WSTR(tctx, notify.nttrans.out.changes[0].name, "subdir-name",
+		   STR_UNICODE);
+	torture_assert_int_equal_goto(tctx,
+				      notify.nttrans.out.changes[1].action,
+				      NOTIFY_ACTION_REMOVED, ret, done,
+				      "wrong action (exp: REMOVED)");
+	CHECK_WSTR(tctx, notify.nttrans.out.changes[1].name, "subdir-name",
+		   STR_UNICODE);
+	torture_assert_int_equal_goto(tctx,
+				      notify.nttrans.out.changes[2].action,
+				      NOTIFY_ACTION_ADDED, ret, done,
+				      "wrong action (exp: ADDED)");
+	CHECK_WSTR(tctx, notify.nttrans.out.changes[2].name, "subdir-name",
+		   STR_UNICODE);
+	torture_assert_int_equal_goto(tctx,
+				      notify.nttrans.out.changes[3].action,
+				      NOTIFY_ACTION_REMOVED, ret, done,
+				      "wrong action (exp: REMOVED)");
+	CHECK_WSTR(tctx, notify.nttrans.out.changes[3].name, "subdir-name",
+		   STR_UNICODE);
+
+	count = torture_numops;
+	torture_comment(tctx, "Testing buffered notify on create of %d files\n", count);
+	for (i=0;i<count;i++) {
+		char *fname = talloc_asprintf(cli,
+				BASEDIR_CN1_DIR "\\test%d.txt",
+				i);
+		int fnum3 = smbcli_open(cli->tree, fname, O_CREAT|O_RDWR, DENY_NONE);
+		torture_assert_int_not_equal_goto(tctx, fnum3, -1, ret, done,
+			talloc_asprintf(tctx, "Failed to create %s - %s",
+					fname, smbcli_errstr(cli->tree)));
+		talloc_free(fname);
+		smbcli_close(cli->tree, fnum3);
+	}
+
+	/* (1st notify) setup a new notify on a different directory handle.
+	   This new notify won't see the events above. */
+	notify.nttrans.in.file.fnum = fnum2;
+	req2 = smb_raw_changenotify_send(cli->tree, &notify);
+
+	/* (2nd notify) whereas this notify will see the above buffered events,
+	   and it directly returns the buffered events */
+	notify.nttrans.in.file.fnum = fnum;
+	req = smb_raw_changenotify_send(cli->tree, &notify);
+
+	status = smbcli_unlink(cli->tree, BASEDIR_CN1_DIR "\\nonexistent.txt");
+	torture_assert_ntstatus_equal_goto(tctx, status,
+					   NT_STATUS_OBJECT_NAME_NOT_FOUND,
+					   ret, done,
+					   "smbcli_unlink");
+
+	/* (1st unlink) as the 2nd notify directly returns,
+	   this unlink is only seen by the 1st notify and 
+	   the 3rd notify (later) */
+	torture_comment(tctx, "Testing notify on unlink for the first file\n");
+	status = smbcli_unlink(cli2->tree, BASEDIR_CN1_DIR "\\test0.txt");
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smbcli_unlink");
+
+	/* receive the reply from the 2nd notify */
+	status = smb_raw_changenotify_recv(req, tctx, &notify);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_changenotify_recv");
+
+	torture_assert_int_equal_goto(tctx, notify.nttrans.out.num_changes,
+				      count, ret, done,
+				      "wrong number of changes");
+	for (i=1;i<count;i++) {
+		torture_assert_int_equal_goto(tctx,
+					notify.nttrans.out.changes[i].action,
+					NOTIFY_ACTION_ADDED, ret, done,
+					"wrong action (exp: ADDED)");
+	}
+	CHECK_WSTR(tctx, notify.nttrans.out.changes[0].name, "test0.txt",
+		   STR_UNICODE);
+
+	torture_comment(tctx, "and now from the 1st notify\n");
+	status = smb_raw_changenotify_recv(req2, tctx, &notify);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_changenotify_recv");
+	torture_assert_int_equal_goto(tctx, notify.nttrans.out.num_changes,
+				      1, ret, done, "wrong number of changes");
+	torture_assert_int_equal_goto(tctx,
+				      notify.nttrans.out.changes[0].action,
+				      NOTIFY_ACTION_REMOVED, ret, done,
+				      "wrong action (exp: REMOVED)");
+	CHECK_WSTR(tctx, notify.nttrans.out.changes[0].name, "test0.txt",
+		   STR_UNICODE);
+
+	torture_comment(tctx, "(3rd notify) this notify will only see the 1st unlink\n");
+	req = smb_raw_changenotify_send(cli->tree, &notify);
+
+	status = smbcli_unlink(cli->tree, BASEDIR_CN1_DIR "\\nonexistent.txt");
+	torture_assert_ntstatus_equal_goto(tctx, status,
+					   NT_STATUS_OBJECT_NAME_NOT_FOUND,
+					   ret, done,
+					   "smbcli_unlink");
+
+	torture_comment(tctx, "Testing notify on wildcard unlink for %d files\n", count-1);
+	/* (2nd unlink) do a wildcard unlink */
+	status = smbcli_unlink_wcard(cli2->tree, BASEDIR_CN1_DIR "\\test*.txt");
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_changenotify_recv");
+
+	/* receive the 3rd notify */
+	status = smb_raw_changenotify_recv(req, tctx, &notify);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_changenotify_recv");
+	torture_assert_int_equal_goto(tctx, notify.nttrans.out.num_changes,
+				      1, ret, done, "wrong number of changes");
+	torture_assert_int_equal_goto(tctx,
+				      notify.nttrans.out.changes[0].action,
+				      NOTIFY_ACTION_REMOVED, ret, done,
+				      "wrong action (exp: REMOVED)");
+	CHECK_WSTR(tctx, notify.nttrans.out.changes[0].name, "test0.txt",
+		   STR_UNICODE);
+
+	/* and we now see the rest of the unlink calls on both directory handles */
+	notify.nttrans.in.file.fnum = fnum;
+	sleep(3);
+	req = smb_raw_changenotify_send(cli->tree, &notify);
+	status = smb_raw_changenotify_recv(req, tctx, &notify);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_changenotify_recv");
+	torture_assert_int_equal_goto(tctx, notify.nttrans.out.num_changes,
+				      count - 1, ret, done,
+				      "wrong number of changes");
+	for (i=0;i<notify.nttrans.out.num_changes;i++) {
+		torture_assert_int_equal_goto(tctx,
+					notify.nttrans.out.changes[i].action,
+					NOTIFY_ACTION_REMOVED, ret, done,
+					"wrong action (exp: REMOVED)");
+	}
+	notify.nttrans.in.file.fnum = fnum2;
+	req = smb_raw_changenotify_send(cli->tree, &notify);
+	status = smb_raw_changenotify_recv(req, tctx, &notify);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_changenotify_recv");
+	torture_assert_int_equal_goto(tctx, notify.nttrans.out.num_changes,
+				      count - 1, ret, done,
+				      "wrong number of changes");
+	for (i=0;i<notify.nttrans.out.num_changes;i++) {
+		torture_assert_int_equal_goto(tctx,
+					notify.nttrans.out.changes[i].action,
+					NOTIFY_ACTION_REMOVED, ret, done,
+					"wrong action (exp: REMOVED)");
+	}
+
+	torture_comment(tctx, "Testing if a close() on the dir handle triggers the notify reply\n");
+
+	notify.nttrans.in.file.fnum = fnum;
+	req = smb_raw_changenotify_send(cli->tree, &notify);
+
+	cl.close.level = RAW_CLOSE_CLOSE;
+	cl.close.in.file.fnum = fnum;
+	cl.close.in.write_time = 0;
+	status = smb_raw_close(cli->tree, &cl);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_close");
+
+	status = smb_raw_changenotify_recv(req, tctx, &notify);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_changenotify_recv");
+	torture_assert_int_equal_goto(tctx, notify.nttrans.out.num_changes,
+				      0, ret, done, "no changes expected");
+
+done:
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR_CN1_DIR);
+	return ret;
+}
+
+/*
+ * Check notify reply for a rename action. Not sure if this is a valid thing
+ * to do, but depending on timing between inotify and messaging we get the
+ * add/remove/modify in any order. This routines tries to find the action/name
+ * pair in any of the three following notify_changes.
+ */
+
+static bool check_rename_reply(struct torture_context *tctx,
+			       struct smbcli_state *cli,
+			       int line,
+			       struct notify_changes *actions,
+			       uint32_t action, const char *name)
+{
+	int i;
+
+	for (i=0; i<3; i++) {
+		if (actions[i].action == action) {
+			CHECK_WSTR(tctx, actions[i].name, name, STR_UNICODE);
+			return true;
+		}
+	}
+
+	torture_result(tctx, TORTURE_FAIL,
+		       __location__": (%d) expected action %d, not found\n",
+		       line, action);
+	return false;
+}
+
+/* 
+   testing of recursive change notify
+*/
+
+#define BASEDIR_CN1_RECUR BASEDIR "_CN1_RECUR"
+
+static bool test_notify_recursive(struct torture_context *tctx,
+				  struct smbcli_state *cli,
+				  struct smbcli_state *cli2)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_notify notify;
+	union smb_open io;
+	int fnum;
+	struct smbcli_request *req1, *req2;
+
+	torture_comment(tctx, "TESTING CHANGE NOTIFY WITH RECURSION\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR_CN1_RECUR),
+		       "Failed to setup up test directory: " BASEDIR_CN1_RECUR);
+
+	/*
+	  get a handle on the directory
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FILE_ALL;
+	io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = BASEDIR_CN1_RECUR;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_open");
+	fnum = io.ntcreatex.out.file.fnum;
+
+	/* ask for a change notify, on file or directory name
+	   changes. Setup both with and without recursion */
+	notify.nttrans.level = RAW_NOTIFY_NTTRANS;
+	notify.nttrans.in.buffer_size = 1000;
+	notify.nttrans.in.completion_filter = FILE_NOTIFY_CHANGE_NAME | FILE_NOTIFY_CHANGE_ATTRIBUTES | FILE_NOTIFY_CHANGE_CREATION;
+	notify.nttrans.in.file.fnum = fnum;
+
+	notify.nttrans.in.recursive = true;
+	req1 = smb_raw_changenotify_send(cli->tree, &notify);
+
+	notify.nttrans.in.recursive = false;
+	req2 = smb_raw_changenotify_send(cli->tree, &notify);
+
+	/* cancel initial requests so the buffer is setup */
+	smb_raw_ntcancel(req1);
+	status = smb_raw_changenotify_recv(req1, tctx, &notify);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+					   NT_STATUS_CANCELLED,
+					   ret, done,
+					   "smb_raw_changenotify_recv");
+
+	smb_raw_ntcancel(req2);
+	status = smb_raw_changenotify_recv(req2, tctx, &notify);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+					   NT_STATUS_CANCELLED,
+					   ret, done,
+					   "smb_raw_changenotify_recv");
+
+	/*
+	 * Make notifies a bit more interesting in a cluster by doing
+	 * the changes against different nodes with --unclist
+	 */
+	smbcli_mkdir(cli->tree, BASEDIR_CN1_RECUR "\\subdir-name");
+	smbcli_mkdir(cli2->tree, BASEDIR_CN1_RECUR "\\subdir-name\\subname1");
+	smbcli_close(cli->tree, 
+		     smbcli_open(cli->tree,
+				BASEDIR_CN1_RECUR "\\subdir-name\\subname2",
+				O_CREAT, 0));
+	smbcli_rename(cli2->tree, BASEDIR_CN1_RECUR "\\subdir-name\\subname1",
+		      BASEDIR_CN1_RECUR "\\subdir-name\\subname1-r");
+	smbcli_rename(cli->tree,
+		BASEDIR_CN1_RECUR "\\subdir-name\\subname2",
+		BASEDIR_CN1_RECUR "\\subname2-r");
+	smbcli_rename(cli2->tree, BASEDIR_CN1_RECUR "\\subname2-r",
+		      BASEDIR_CN1_RECUR "\\subname3-r");
+
+	notify.nttrans.in.completion_filter = 0;
+	notify.nttrans.in.recursive = true;
+	smb_msleep(200);
+	req1 = smb_raw_changenotify_send(cli->tree, &notify);
+
+	smbcli_rmdir(cli->tree, BASEDIR_CN1_RECUR "\\subdir-name\\subname1-r");
+	smbcli_rmdir(cli2->tree, BASEDIR_CN1_RECUR "\\subdir-name");
+	smbcli_unlink(cli->tree, BASEDIR_CN1_RECUR "\\subname3-r");
+
+	smb_msleep(200);
+	notify.nttrans.in.recursive = false;
+	req2 = smb_raw_changenotify_send(cli->tree, &notify);
+
+	status = smb_raw_changenotify_recv(req1, tctx, &notify);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_changenotify_recv");
+
+	torture_assert_int_equal_goto(tctx, notify.nttrans.out.num_changes,
+				      11, ret, done, "wrong number of changes");
+	torture_assert_int_equal_goto(tctx,
+				      notify.nttrans.out.changes[0].action,
+				      NOTIFY_ACTION_ADDED, ret, done,
+				      "wrong action (exp: ADDED)");
+	CHECK_WSTR(tctx, notify.nttrans.out.changes[0].name, "subdir-name",
+		   STR_UNICODE);
+	torture_assert_int_equal_goto(tctx,
+				      notify.nttrans.out.changes[1].action,
+				      NOTIFY_ACTION_ADDED, ret, done,
+				      "wrong action (exp: ADDED)");
+	CHECK_WSTR(tctx, notify.nttrans.out.changes[1].name,
+		   "subdir-name\\subname1", STR_UNICODE);
+	torture_assert_int_equal_goto(tctx,
+				      notify.nttrans.out.changes[2].action,
+				      NOTIFY_ACTION_ADDED, ret, done,
+				      "wrong action (exp: ADDED)");
+	CHECK_WSTR(tctx, notify.nttrans.out.changes[2].name,
+		   "subdir-name\\subname2", STR_UNICODE);
+	torture_assert_int_equal_goto(tctx,
+				      notify.nttrans.out.changes[3].action,
+				      NOTIFY_ACTION_OLD_NAME, ret, done,
+				      "wrong action (exp: OLD_NAME)");
+	CHECK_WSTR(tctx, notify.nttrans.out.changes[3].name,
+		   "subdir-name\\subname1", STR_UNICODE);
+	torture_assert_int_equal_goto(tctx,
+				      notify.nttrans.out.changes[4].action,
+				      NOTIFY_ACTION_NEW_NAME, ret, done,
+				      "wrong action (exp: NEW_NAME)");
+	CHECK_WSTR(tctx, notify.nttrans.out.changes[4].name,
+		   "subdir-name\\subname1-r", STR_UNICODE);
+
+	ret &= check_rename_reply(tctx,
+		cli, __LINE__, &notify.nttrans.out.changes[5],
+		NOTIFY_ACTION_ADDED, "subname2-r");
+	ret &= check_rename_reply(tctx,
+		cli, __LINE__, &notify.nttrans.out.changes[5],
+		NOTIFY_ACTION_REMOVED, "subdir-name\\subname2");
+	ret &= check_rename_reply(tctx,
+		cli, __LINE__, &notify.nttrans.out.changes[5],
+		NOTIFY_ACTION_MODIFIED, "subname2-r");
+		
+	ret &= check_rename_reply(tctx,
+		cli, __LINE__, &notify.nttrans.out.changes[8],
+		NOTIFY_ACTION_OLD_NAME, "subname2-r");
+	ret &= check_rename_reply(tctx,
+		cli, __LINE__, &notify.nttrans.out.changes[8],
+		NOTIFY_ACTION_NEW_NAME, "subname3-r");
+	ret &= check_rename_reply(tctx,
+		cli, __LINE__, &notify.nttrans.out.changes[8],
+		NOTIFY_ACTION_MODIFIED, "subname3-r");
+
+	if (!ret) {
+		goto done;
+	}
+
+	status = smb_raw_changenotify_recv(req2, tctx, &notify);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_changenotify_recv");
+
+	torture_assert_int_equal_goto(tctx, notify.nttrans.out.num_changes,
+				      3, ret, done, "wrong number of changes");
+	torture_assert_int_equal_goto(tctx,
+				      notify.nttrans.out.changes[0].action,
+				      NOTIFY_ACTION_REMOVED, ret, done,
+				      "wrong action (exp: REMOVED)");
+	CHECK_WSTR(tctx, notify.nttrans.out.changes[0].name,
+		   "subdir-name\\subname1-r", STR_UNICODE);
+	torture_assert_int_equal_goto(tctx,
+				      notify.nttrans.out.changes[1].action,
+				      NOTIFY_ACTION_REMOVED, ret, done,
+				      "wrong action (exp: REMOVED)");
+	CHECK_WSTR(tctx, notify.nttrans.out.changes[1].name, "subdir-name",
+		   STR_UNICODE);
+	torture_assert_int_equal_goto(tctx,
+				      notify.nttrans.out.changes[2].action,
+				      NOTIFY_ACTION_REMOVED, ret, done,
+				      "wrong action (exp: REMOVED)");
+	CHECK_WSTR(tctx, notify.nttrans.out.changes[2].name, "subname3-r",
+		   STR_UNICODE);
+
+done:
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR_CN1_RECUR);
+	return ret;
+}
+
+/* 
+   testing of change notify mask change
+*/
+
+#define BASEDIR_CN1_CNMC BASEDIR "_CN1_CNMC"
+
+static bool test_notify_mask_change(struct torture_context *tctx,
+				    struct smbcli_state *cli)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_notify notify;
+	union smb_open io;
+	int fnum;
+	struct smbcli_request *req1, *req2;
+
+	torture_comment(tctx, "TESTING CHANGE NOTIFY WITH MASK CHANGE\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR_CN1_CNMC),
+		       "Failed to setup up test directory: " BASEDIR_CN1_CNMC);
+
+	/*
+	  get a handle on the directory
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FILE_ALL;
+	io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = BASEDIR_CN1_CNMC;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_open");
+	fnum = io.ntcreatex.out.file.fnum;
+
+	/* ask for a change notify, on file or directory name
+	   changes. Setup both with and without recursion */
+	notify.nttrans.level = RAW_NOTIFY_NTTRANS;
+	notify.nttrans.in.buffer_size = 1000;
+	notify.nttrans.in.completion_filter = FILE_NOTIFY_CHANGE_ATTRIBUTES;
+	notify.nttrans.in.file.fnum = fnum;
+
+	notify.nttrans.in.recursive = true;
+	req1 = smb_raw_changenotify_send(cli->tree, &notify);
+
+	notify.nttrans.in.recursive = false;
+	req2 = smb_raw_changenotify_send(cli->tree, &notify);
+
+	/* cancel initial requests so the buffer is setup */
+	smb_raw_ntcancel(req1);
+	status = smb_raw_changenotify_recv(req1, tctx, &notify);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+					   NT_STATUS_CANCELLED,
+					   ret, done,
+					   "smb_raw_changenotify_recv");
+
+	smb_raw_ntcancel(req2);
+	status = smb_raw_changenotify_recv(req2, tctx, &notify);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+					   NT_STATUS_CANCELLED,
+					   ret, done,
+					   "smb_raw_changenotify_recv");
+
+	notify.nttrans.in.recursive = true;
+	req1 = smb_raw_changenotify_send(cli->tree, &notify);
+
+	/* Set to hidden then back again. */
+	smbcli_close(cli->tree,
+		smbcli_open(cli->tree,BASEDIR_CN1_CNMC "\\tname1", O_CREAT, 0));
+	smbcli_setatr(cli->tree, BASEDIR_CN1_CNMC "\\tname1",
+		FILE_ATTRIBUTE_HIDDEN, 0);
+	smbcli_unlink(cli->tree, BASEDIR_CN1_CNMC "\\tname1");
+
+	status = smb_raw_changenotify_recv(req1, tctx, &notify);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_changenotify_recv");
+
+	torture_assert_int_equal_goto(tctx, notify.nttrans.out.num_changes,
+				      1, ret, done, "wrong number of changes");
+	torture_assert_int_equal_goto(tctx,
+				      notify.nttrans.out.changes[0].action,
+				      NOTIFY_ACTION_MODIFIED, ret, done,
+				      "wrong action (exp: MODIFIED)");
+	CHECK_WSTR(tctx, notify.nttrans.out.changes[0].name, "tname1",
+		   STR_UNICODE);
+
+	/* Now try and change the mask to include other events.
+	 * This should not work - once the mask is set on a directory
+	 * fnum it seems to be fixed until the fnum is closed. */
+
+	notify.nttrans.in.completion_filter = FILE_NOTIFY_CHANGE_NAME | FILE_NOTIFY_CHANGE_ATTRIBUTES | FILE_NOTIFY_CHANGE_CREATION;
+	notify.nttrans.in.recursive = true;
+	req1 = smb_raw_changenotify_send(cli->tree, &notify);
+
+	notify.nttrans.in.recursive = false;
+	req2 = smb_raw_changenotify_send(cli->tree, &notify);
+
+	smbcli_mkdir(cli->tree, BASEDIR_CN1_CNMC "\\subdir-name");
+	smbcli_mkdir(cli->tree, BASEDIR_CN1_CNMC "\\subdir-name\\subname1");
+	smbcli_close(cli->tree, 
+		     smbcli_open(cli->tree,
+			BASEDIR_CN1_CNMC "\\subdir-name\\subname2",
+			O_CREAT, 0));
+	smbcli_rename(cli->tree,
+			BASEDIR_CN1_CNMC "\\subdir-name\\subname1",
+			BASEDIR_CN1_CNMC "\\subdir-name\\subname1-r");
+	smbcli_rename(cli->tree,
+			BASEDIR_CN1_CNMC "\\subdir-name\\subname2",
+			BASEDIR_CN1_CNMC "\\subname2-r");
+	smbcli_rename(cli->tree,
+			BASEDIR_CN1_CNMC "\\subname2-r",
+			BASEDIR_CN1_CNMC "\\subname3-r");
+
+	smbcli_rmdir(cli->tree, BASEDIR_CN1_CNMC "\\subdir-name\\subname1-r");
+	smbcli_rmdir(cli->tree, BASEDIR_CN1_CNMC "\\subdir-name");
+	smbcli_unlink(cli->tree, BASEDIR_CN1_CNMC "\\subname3-r");
+
+	status = smb_raw_changenotify_recv(req1, tctx, &notify);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_changenotify_recv");
+
+	torture_assert_int_equal_goto(tctx, notify.nttrans.out.num_changes,
+				      1, ret, done, "wrong number of changes");
+	torture_assert_int_equal_goto(tctx,
+				      notify.nttrans.out.changes[0].action,
+				      NOTIFY_ACTION_MODIFIED, ret, done,
+				      "wrong action (exp: MODIFIED)");
+	CHECK_WSTR(tctx, notify.nttrans.out.changes[0].name, "subname2-r",
+		   STR_UNICODE);
+
+	status = smb_raw_changenotify_recv(req2, tctx, &notify);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_changenotify_recv");
+
+	torture_assert_int_equal_goto(tctx, notify.nttrans.out.num_changes,
+				      1, ret, done, "wrong number of changes");
+	torture_assert_int_equal_goto(tctx,
+				      notify.nttrans.out.changes[0].action,
+				      NOTIFY_ACTION_MODIFIED, ret, done,
+				      "wrong action (exp: MODIFIED)");
+	CHECK_WSTR(tctx, notify.nttrans.out.changes[0].name, "subname3-r",
+		   STR_UNICODE);
+
+done:
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR_CN1_CNMC);
+	return ret;
+}
+
+
+/* 
+   testing of mask bits for change notify
+*/
+
+#define BASEDIR_CN1_NOTM BASEDIR "_CN1_NOTM"
+
+static bool test_notify_mask(struct torture_context *tctx,
+			     struct smbcli_state *cli,
+			     struct smbcli_state *cli2)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_notify notify;
+	union smb_open io;
+	union smb_chkpath chkpath;
+	int fnum, fnum2;
+	uint32_t mask;
+	int i;
+	char c = 1;
+	struct timeval tv;
+	NTTIME t;
+
+	torture_comment(tctx, "TESTING CHANGE NOTIFY COMPLETION FILTERS\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR_CN1_NOTM),
+		       "Failed to setup up test directory: " BASEDIR_CN1_NOTM);
+
+	tv = timeval_current_ofs(1000, 0);
+	t = timeval_to_nttime(&tv);
+
+	/*
+	  get a handle on the directory
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FILE_ALL;
+	io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = BASEDIR_CN1_NOTM;
+
+	notify.nttrans.level = RAW_NOTIFY_NTTRANS;
+	notify.nttrans.in.buffer_size = 1000;
+	notify.nttrans.in.recursive = true;
+
+	chkpath.chkpath.in.path = "\\";
+
+#define NOTIFY_MASK_TEST(test_name, setup, op, cleanup, Action, expected, nchanges) \
+	do { \
+	smbcli_getatr(cli->tree, test_name, NULL, NULL, NULL); \
+	for (mask=i=0;i<32;i++) { \
+		struct smbcli_request *req; \
+		status = smb_raw_open(cli->tree, tctx, &io); \
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done, \
+						"smb_raw_open"); \
+		fnum = io.ntcreatex.out.file.fnum; \
+		setup \
+		notify.nttrans.in.file.fnum = fnum;	\
+		notify.nttrans.in.completion_filter = ((uint32_t)1<<i); \
+		req = smb_raw_changenotify_send(cli->tree, &notify); \
+		smb_raw_chkpath(cli->tree, &chkpath); \
+		op \
+		smb_msleep(200); smb_raw_ntcancel(req); \
+		status = smb_raw_changenotify_recv(req, tctx, &notify); \
+		cleanup \
+		smbcli_close(cli->tree, fnum); \
+		if (NT_STATUS_EQUAL(status, NT_STATUS_CANCELLED)) continue; \
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done, \
+						"smbcli_close"); \
+		/* special case to cope with file rename behaviour */ \
+		if (nchanges == 2 && notify.nttrans.out.num_changes == 1 && \
+		    notify.nttrans.out.changes[0].action == NOTIFY_ACTION_MODIFIED && \
+		    ((expected) & FILE_NOTIFY_CHANGE_ATTRIBUTES) && \
+		    Action == NOTIFY_ACTION_OLD_NAME) { \
+			torture_comment(tctx, "(rename file special handling OK)\n"); \
+		} else { \
+			torture_assert_int_equal_goto(tctx, \
+				notify.nttrans.out.num_changes,\
+				nchanges, ret, done, \
+				talloc_asprintf(tctx, \
+					"nchanges=%d expected=%d action=%d " \
+					"filter=0x%08x\n", \
+					notify.nttrans.out.num_changes, \
+					nchanges, \
+					notify.nttrans.out.changes[0].action, \
+					notify.nttrans.in.completion_filter)); \
+			torture_assert_int_equal_goto(tctx, \
+				notify.nttrans.out.changes[0].action, \
+				Action, ret, done, \
+				talloc_asprintf(tctx, \
+					"nchanges=%d action=%d " \
+					"expectedAction=%d filter=0x%08x\n", \
+					notify.nttrans.out.num_changes, \
+					notify.nttrans.out.changes[0].action, \
+					Action, \
+					notify.nttrans.in.completion_filter)); \
+			torture_assert_str_equal_goto(tctx, \
+				notify.nttrans.out.changes[0].name.s, \
+				"tname1", ret, done, \
+				talloc_asprintf(tctx, \
+					"nchanges=%d action=%d filter=0x%08x " \
+					"name=%s expected_name=tname1\n", \
+					notify.nttrans.out.num_changes, \
+					notify.nttrans.out.changes[0].action, \
+					notify.nttrans.in.completion_filter, \
+					notify.nttrans.out.changes[0].name.s));\
+		} \
+		mask |= ((uint32_t)1<<i); \
+	} \
+	if ((expected) != mask) { \
+		torture_assert_int_not_equal_goto(tctx, ((expected) & ~mask), \
+				0, ret, done, "Too few bits"); \
+		torture_comment(tctx, "WARNING: trigger on too many bits. mask=0x%08x expected=0x%08x\n", \
+		       mask, expected); \
+	} \
+	} while (0);
+
+	torture_comment(tctx, "Testing mkdir\n");
+	NOTIFY_MASK_TEST("Testing mkdir",;,
+			 smbcli_mkdir(cli->tree, BASEDIR_CN1_NOTM "\\tname1");,
+			 smbcli_rmdir(cli2->tree, BASEDIR_CN1_NOTM "\\tname1");,
+			 NOTIFY_ACTION_ADDED,
+			 FILE_NOTIFY_CHANGE_DIR_NAME, 1);
+
+	torture_comment(tctx, "Testing create file\n");
+	NOTIFY_MASK_TEST("Testing create file",;,
+			 smbcli_close(cli->tree,
+				smbcli_open(cli->tree,
+					BASEDIR_CN1_NOTM "\\tname1",
+					O_CREAT, 0));,
+			 smbcli_unlink(cli2->tree,
+				BASEDIR_CN1_NOTM "\\tname1");,
+			 NOTIFY_ACTION_ADDED,
+			 FILE_NOTIFY_CHANGE_FILE_NAME, 1);
+
+	torture_comment(tctx, "Testing unlink\n");
+	NOTIFY_MASK_TEST("Testing unlink",
+			 smbcli_close(cli->tree,
+				smbcli_open(cli->tree,
+					BASEDIR_CN1_NOTM "\\tname1",
+					O_CREAT, 0));,
+			 smbcli_unlink(cli2->tree,
+				BASEDIR_CN1_NOTM "\\tname1");,
+			 ;,
+			 NOTIFY_ACTION_REMOVED,
+			 FILE_NOTIFY_CHANGE_FILE_NAME, 1);
+
+	torture_comment(tctx, "Testing rmdir\n");
+	NOTIFY_MASK_TEST("Testing rmdir",
+			 smbcli_mkdir(cli->tree, BASEDIR_CN1_NOTM "\\tname1");,
+			 smbcli_rmdir(cli2->tree, BASEDIR_CN1_NOTM "\\tname1");,
+			 ;,
+			 NOTIFY_ACTION_REMOVED,
+			 FILE_NOTIFY_CHANGE_DIR_NAME, 1);
+
+	torture_comment(tctx, "Testing rename file\n");
+	NOTIFY_MASK_TEST("Testing rename file",
+			 smbcli_close(cli->tree,
+				smbcli_open(cli->tree,
+					BASEDIR_CN1_NOTM "\\tname1",
+					O_CREAT, 0));,
+			 smbcli_rename(cli2->tree,
+				BASEDIR_CN1_NOTM "\\tname1",
+				BASEDIR_CN1_NOTM "\\tname2");,
+			 smbcli_unlink(cli->tree, BASEDIR_CN1_NOTM "\\tname2");,
+			 NOTIFY_ACTION_OLD_NAME,
+			 FILE_NOTIFY_CHANGE_FILE_NAME|FILE_NOTIFY_CHANGE_ATTRIBUTES|FILE_NOTIFY_CHANGE_CREATION, 2);
+
+	torture_comment(tctx, "Testing rename dir\n");
+	NOTIFY_MASK_TEST("Testing rename dir",
+		smbcli_mkdir(cli->tree, BASEDIR_CN1_NOTM "\\tname1");,
+		smbcli_rename(cli2->tree,
+			BASEDIR_CN1_NOTM "\\tname1",
+			BASEDIR_CN1_NOTM "\\tname2");,
+		smbcli_rmdir(cli->tree, BASEDIR_CN1_NOTM "\\tname2");,
+		NOTIFY_ACTION_OLD_NAME,
+		FILE_NOTIFY_CHANGE_DIR_NAME, 2);
+
+	torture_comment(tctx, "Testing set path attribute\n");
+	NOTIFY_MASK_TEST("Testing set path attribute",
+		smbcli_close(cli->tree,
+			smbcli_open(cli->tree,
+				BASEDIR_CN1_NOTM "\\tname1", O_CREAT, 0));,
+		smbcli_setatr(cli2->tree,
+			BASEDIR_CN1_NOTM "\\tname1", FILE_ATTRIBUTE_HIDDEN, 0);,
+		smbcli_unlink(cli->tree, BASEDIR_CN1_NOTM "\\tname1");,
+		NOTIFY_ACTION_MODIFIED,
+		FILE_NOTIFY_CHANGE_ATTRIBUTES, 1);
+
+	torture_comment(tctx, "Testing set path write time\n");
+	NOTIFY_MASK_TEST("Testing set path write time",
+		smbcli_close(cli->tree, smbcli_open(cli->tree,
+			BASEDIR_CN1_NOTM "\\tname1", O_CREAT, 0));,
+		smbcli_setatr(cli2->tree,
+			BASEDIR_CN1_NOTM "\\tname1",
+			FILE_ATTRIBUTE_NORMAL, 1000);,
+		smbcli_unlink(cli->tree, BASEDIR_CN1_NOTM "\\tname1");,
+		NOTIFY_ACTION_MODIFIED,
+		FILE_NOTIFY_CHANGE_LAST_WRITE, 1);
+
+	torture_comment(tctx, "Testing set file attribute\n");
+	NOTIFY_MASK_TEST("Testing set file attribute",
+		fnum2 = create_complex_file(cli2, tctx,
+			BASEDIR_CN1_NOTM "\\tname1");,
+		smbcli_fsetatr(cli2->tree, fnum2, FILE_ATTRIBUTE_HIDDEN, 0, 0, 0, 0);,
+		(smbcli_close(cli2->tree, fnum2),
+		smbcli_unlink(cli2->tree, BASEDIR_CN1_NOTM "\\tname1"));,
+		NOTIFY_ACTION_MODIFIED,
+		FILE_NOTIFY_CHANGE_ATTRIBUTES, 1);
+
+	if (torture_setting_bool(tctx, "samba3", false)) {
+		torture_comment(tctx, "Samba3 does not yet support create times "
+		       "everywhere\n");
+	}
+	else {
+		torture_comment(tctx, "Testing set file create time\n");
+		NOTIFY_MASK_TEST("Testing set file create time",
+			fnum2 = create_complex_file(cli, tctx,
+					    BASEDIR_CN1_NOTM "\\tname1");,
+			smbcli_fsetatr(cli->tree, fnum2, 0, t, 0, 0, 0);,
+			(smbcli_close(cli->tree, fnum2),
+			 smbcli_unlink(cli->tree,
+					BASEDIR_CN1_NOTM "\\tname1"));,
+			NOTIFY_ACTION_MODIFIED,
+			FILE_NOTIFY_CHANGE_CREATION, 1);
+	}
+
+	torture_comment(tctx, "Testing set file access time\n");
+	NOTIFY_MASK_TEST("Testing set file access time",
+		fnum2 = create_complex_file(cli, tctx,
+				BASEDIR_CN1_NOTM "\\tname1");,
+		smbcli_fsetatr(cli->tree, fnum2, 0, 0, t, 0, 0);,
+		(smbcli_close(cli->tree, fnum2),
+			smbcli_unlink(cli->tree, BASEDIR_CN1_NOTM "\\tname1"));,
+		NOTIFY_ACTION_MODIFIED,
+		FILE_NOTIFY_CHANGE_LAST_ACCESS, 1);
+
+	torture_comment(tctx, "Testing set file write time\n");
+	NOTIFY_MASK_TEST("Testing set file write time",
+		fnum2 = create_complex_file(cli, tctx,
+			BASEDIR_CN1_NOTM "\\tname1");,
+		smbcli_fsetatr(cli->tree, fnum2, 0, 0, 0, t, 0);,
+		(smbcli_close(cli->tree, fnum2),
+		smbcli_unlink(cli->tree, BASEDIR_CN1_NOTM "\\tname1"));,
+		NOTIFY_ACTION_MODIFIED,
+		FILE_NOTIFY_CHANGE_LAST_WRITE, 1);
+
+	torture_comment(tctx, "Testing set file change time\n");
+	NOTIFY_MASK_TEST("Testing set file change time",
+		fnum2 = create_complex_file(cli, tctx,
+			BASEDIR_CN1_NOTM "\\tname1");,
+		smbcli_fsetatr(cli->tree, fnum2, 0, 0, 0, 0, t);,
+		(smbcli_close(cli->tree, fnum2),
+		smbcli_unlink(cli->tree, BASEDIR_CN1_NOTM "\\tname1"));,
+		NOTIFY_ACTION_MODIFIED,
+		0, 1);
+
+
+	torture_comment(tctx, "Testing write\n");
+	NOTIFY_MASK_TEST("Testing write",
+		fnum2 = create_complex_file(cli2, tctx,
+			BASEDIR_CN1_NOTM "\\tname1");,
+		smbcli_write(cli2->tree, fnum2, 1, &c, 10000, 1);,
+		(smbcli_close(cli2->tree, fnum2),
+			smbcli_unlink(cli->tree, BASEDIR_CN1_NOTM "\\tname1"));,
+		NOTIFY_ACTION_MODIFIED,
+		0, 1);
+
+	torture_comment(tctx, "Testing truncate\n");
+	NOTIFY_MASK_TEST("Testing truncate",
+		fnum2 = create_complex_file(cli2, tctx,
+			BASEDIR_CN1_NOTM "\\tname1");,
+		smbcli_ftruncate(cli2->tree, fnum2, 10000);,
+		(smbcli_close(cli2->tree, fnum2),
+		smbcli_unlink(cli2->tree, BASEDIR_CN1_NOTM "\\tname1"));,
+		NOTIFY_ACTION_MODIFIED,
+		FILE_NOTIFY_CHANGE_SIZE | FILE_NOTIFY_CHANGE_ATTRIBUTES, 1);
+
+done:
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR_CN1_NOTM);
+	return ret;
+}
+
+/*
+  basic testing of change notify on files
+*/
+
+#define BASEDIR_CN1_FILE BASEDIR "_CN1_FILE"
+
+static bool test_notify_file(struct torture_context *tctx,
+			     struct smbcli_state *cli)
+{
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	union smb_close cl;
+	union smb_notify notify;
+	struct smbcli_request *req;
+	int fnum;
+	const char *fname = BASEDIR_CN1_FILE "\\file.txt";
+
+	torture_comment(tctx, "TESTING CHANGE NOTIFY ON FILES\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR_CN1_FILE),
+		       "Failed to setup up test directory: " BASEDIR_CN1_FILE);
+
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_open");
+	fnum = io.ntcreatex.out.file.fnum;
+
+	/* ask for a change notify,
+	   on file or directory name changes */
+	notify.nttrans.level = RAW_NOTIFY_NTTRANS;
+	notify.nttrans.in.file.fnum = fnum;
+	notify.nttrans.in.buffer_size = 1000;
+	notify.nttrans.in.completion_filter = FILE_NOTIFY_CHANGE_STREAM_NAME;
+	notify.nttrans.in.recursive = false;
+
+	torture_comment(tctx, "Testing if notifies on file handles are invalid (should be)\n");
+
+	req = smb_raw_changenotify_send(cli->tree, &notify);
+	status = smb_raw_changenotify_recv(req, tctx, &notify);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+					   NT_STATUS_INVALID_PARAMETER,
+					   ret, done,
+					   "smb_raw_changenotify_recv");
+
+	cl.close.level = RAW_CLOSE_CLOSE;
+	cl.close.in.file.fnum = fnum;
+	cl.close.in.write_time = 0;
+	status = smb_raw_close(cli->tree, &cl);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_close");
+
+	status = smbcli_unlink(cli->tree, fname);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smbcli_unlink");
+
+done:
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR_CN1_FILE);
+	return ret;
+}
+
+/*
+  basic testing of change notifies followed by a tdis
+*/
+#define BASEDIR_CN1_TDIS BASEDIR "_CN1_TDIS"
+
+static bool test_notify_tdis(struct torture_context *tctx,
+			     struct smbcli_state *cli1)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_notify notify;
+	union smb_open io;
+	int fnum;
+	struct smbcli_request *req;
+	struct smbcli_state *cli = NULL;
+
+	torture_comment(tctx, "TESTING CHANGE NOTIFY FOLLOWED BY TDIS\n");
+
+	torture_assert(tctx, torture_setup_dir(cli1, BASEDIR_CN1_TDIS),
+		       "Failed to setup up test directory: " BASEDIR_CN1_TDIS);
+
+	torture_assert(tctx, torture_open_connection(&cli, tctx, 0),
+		       "Failed to open connection.");
+
+	/*
+	  get a handle on the directory
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FILE_ALL;
+	io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = BASEDIR_CN1_TDIS;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_open");
+	fnum = io.ntcreatex.out.file.fnum;
+
+	/* ask for a change notify,
+	   on file or directory name changes */
+	notify.nttrans.level = RAW_NOTIFY_NTTRANS;
+	notify.nttrans.in.buffer_size = 1000;
+	notify.nttrans.in.completion_filter = FILE_NOTIFY_CHANGE_NAME;
+	notify.nttrans.in.file.fnum = fnum;
+	notify.nttrans.in.recursive = true;
+
+	req = smb_raw_changenotify_send(cli->tree, &notify);
+
+	status = smbcli_tdis(cli);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smbcli_tdis");
+	cli->tree = NULL;
+
+	status = smb_raw_changenotify_recv(req, tctx, &notify);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_changenotify_recv");
+	torture_assert_int_equal_goto(tctx, notify.nttrans.out.num_changes,
+				      0, ret, done, "no changes expected");
+
+done:
+	torture_close_connection(cli);
+	smbcli_deltree(cli1->tree, BASEDIR_CN1_TDIS);
+	return ret;
+}
+
+/*
+  basic testing of change notifies followed by a exit
+*/
+
+#define BASEDIR_CN1_EX BASEDIR "_CN1_EX"
+
+static bool test_notify_exit(struct torture_context *tctx,
+			     struct smbcli_state *cli1)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_notify notify;
+	union smb_open io;
+	int fnum;
+	struct smbcli_request *req;
+	struct smbcli_state *cli = NULL;
+
+	torture_comment(tctx, "TESTING CHANGE NOTIFY FOLLOWED BY EXIT\n");
+
+	torture_assert(tctx, torture_setup_dir(cli1, BASEDIR_CN1_EX),
+		       "Failed to setup up test directory: " BASEDIR_CN1_EX);
+
+	torture_assert(tctx, torture_open_connection(&cli, tctx, 0),
+		       "Failed to open connection.");
+
+	/*
+	  get a handle on the directory
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FILE_ALL;
+	io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = BASEDIR_CN1_EX;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_open");
+	fnum = io.ntcreatex.out.file.fnum;
+
+	/* ask for a change notify,
+	   on file or directory name changes */
+	notify.nttrans.level = RAW_NOTIFY_NTTRANS;
+	notify.nttrans.in.buffer_size = 1000;
+	notify.nttrans.in.completion_filter = FILE_NOTIFY_CHANGE_NAME;
+	notify.nttrans.in.file.fnum = fnum;
+	notify.nttrans.in.recursive = true;
+
+	req = smb_raw_changenotify_send(cli->tree, &notify);
+
+	status = smb_raw_exit(cli->session);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_exit");
+
+	status = smb_raw_changenotify_recv(req, tctx, &notify);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_changenotify_recv");
+	torture_assert_int_equal_goto(tctx, notify.nttrans.out.num_changes,
+				      0, ret, done, "no changes expected");
+
+done:
+	torture_close_connection(cli);
+	smbcli_deltree(cli1->tree, BASEDIR_CN1_EX);
+	return ret;
+}
+
+/*
+  basic testing of change notifies followed by a ulogoff
+*/
+
+#define BASEDIR_CN1_UL BASEDIR "_CN1_UL"
+
+static bool test_notify_ulogoff(struct torture_context *tctx,
+				struct smbcli_state *cli1)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_notify notify;
+	union smb_open io;
+	int fnum;
+	struct smbcli_request *req;
+	struct smbcli_state *cli = NULL;
+
+	torture_comment(tctx, "TESTING CHANGE NOTIFY FOLLOWED BY ULOGOFF\n");
+
+	torture_assert(tctx, torture_setup_dir(cli1, BASEDIR_CN1_UL),
+		       "Failed to setup up test directory: " BASEDIR_CN1_UL);
+
+	torture_assert(tctx, torture_open_connection(&cli, tctx, 0),
+		       "Failed to open connection.");
+
+	/*
+	  get a handle on the directory
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FILE_ALL;
+	io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = BASEDIR_CN1_UL;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_open");
+	fnum = io.ntcreatex.out.file.fnum;
+
+	/* ask for a change notify,
+	   on file or directory name changes */
+	notify.nttrans.level = RAW_NOTIFY_NTTRANS;
+	notify.nttrans.in.buffer_size = 1000;
+	notify.nttrans.in.completion_filter = FILE_NOTIFY_CHANGE_NAME;
+	notify.nttrans.in.file.fnum = fnum;
+	notify.nttrans.in.recursive = true;
+
+	req = smb_raw_changenotify_send(cli->tree, &notify);
+
+	status = smb_raw_ulogoff(cli->session);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_ulogoff");
+
+	status = smb_raw_changenotify_recv(req, tctx, &notify);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_changenotify_recv");
+	torture_assert_int_equal_goto(tctx, notify.nttrans.out.num_changes,
+				      0, ret, done, "no changes expected");
+
+done:
+	torture_close_connection(cli);
+	smbcli_deltree(cli1->tree, BASEDIR_CN1_UL);
+	return ret;
+}
+
+static void tcp_dis_handler(struct smbcli_transport *t, void *p)
+{
+	struct smbcli_state *cli = (struct smbcli_state *)p;
+	smbcli_transport_dead(cli->transport, NT_STATUS_LOCAL_DISCONNECT);
+	cli->transport = NULL;
+	cli->tree = NULL;
+}
+/*
+  basic testing of change notifies followed by tcp disconnect
+*/
+
+#define BASEDIR_CN1_TCPDIS BASEDIR "_CN1_TCPDIS"
+
+static bool test_notify_tcp_dis(struct torture_context *tctx,
+				struct smbcli_state *cli1)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_notify notify;
+	union smb_open io;
+	int fnum;
+	struct smbcli_request *req;
+	struct smbcli_state *cli = NULL;
+
+	torture_comment(tctx, "TESTING CHANGE NOTIFY FOLLOWED BY TCP DISCONNECT\n");
+
+	torture_assert(tctx, torture_setup_dir(cli1, BASEDIR_CN1_TCPDIS),
+		       "Failed to setup up test directory: "
+			BASEDIR_CN1_TCPDIS);
+
+	torture_assert(tctx, torture_open_connection(&cli, tctx, 0),
+		       "Failed to open connection.");
+
+	/*
+	  get a handle on the directory
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FILE_ALL;
+	io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = BASEDIR_CN1_TCPDIS;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_open");
+	fnum = io.ntcreatex.out.file.fnum;
+
+	/* ask for a change notify,
+	   on file or directory name changes */
+	notify.nttrans.level = RAW_NOTIFY_NTTRANS;
+	notify.nttrans.in.buffer_size = 1000;
+	notify.nttrans.in.completion_filter = FILE_NOTIFY_CHANGE_NAME;
+	notify.nttrans.in.file.fnum = fnum;
+	notify.nttrans.in.recursive = true;
+
+	req = smb_raw_changenotify_send(cli->tree, &notify);
+
+	smbcli_transport_idle_handler(cli->transport, tcp_dis_handler, 250000, cli);
+
+	status = smb_raw_changenotify_recv(req, tctx, &notify);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+					   NT_STATUS_LOCAL_DISCONNECT,
+					   ret, done,
+					   "smb_raw_changenotify_recv");
+
+done:
+	torture_close_connection(cli);
+	smbcli_deltree(cli1->tree, BASEDIR_CN1_TCPDIS);
+	return ret;
+}
+
+/* 
+   test setting up two change notify requests on one handle
+*/
+
+#define BASEDIR_CN1_DBL BASEDIR "_CN1_DBL"
+
+static bool test_notify_double(struct torture_context *tctx,
+			       struct smbcli_state *cli)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_notify notify;
+	union smb_open io;
+	int fnum;
+	struct smbcli_request *req1, *req2;
+
+	torture_comment(tctx, "TESTING CHANGE NOTIFY TWICE ON ONE DIRECTORY\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR_CN1_DBL),
+		       "Failed to setup up test directory: " BASEDIR_CN1_DBL);
+
+	/*
+	  get a handle on the directory
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FILE_ALL;
+	io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = BASEDIR_CN1_DBL;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_open");
+	fnum = io.ntcreatex.out.file.fnum;
+
+	/* ask for a change notify,
+	   on file or directory name changes */
+	notify.nttrans.level = RAW_NOTIFY_NTTRANS;
+	notify.nttrans.in.buffer_size = 1000;
+	notify.nttrans.in.completion_filter = FILE_NOTIFY_CHANGE_NAME;
+	notify.nttrans.in.file.fnum = fnum;
+	notify.nttrans.in.recursive = true;
+
+	req1 = smb_raw_changenotify_send(cli->tree, &notify);
+	req2 = smb_raw_changenotify_send(cli->tree, &notify);
+
+	smbcli_mkdir(cli->tree, BASEDIR_CN1_DBL "\\subdir-name");
+
+	status = smb_raw_changenotify_recv(req1, tctx, &notify);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_changenotify_recv");
+	torture_assert_int_equal_goto(tctx, notify.nttrans.out.num_changes,
+				      1, ret, done, "wrong number of changes");
+	CHECK_WSTR(tctx, notify.nttrans.out.changes[0].name, "subdir-name",
+		   STR_UNICODE);
+
+	smbcli_mkdir(cli->tree, BASEDIR_CN1_DBL "\\subdir-name2");
+
+	status = smb_raw_changenotify_recv(req2, tctx, &notify);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_changenotify_recv");
+	torture_assert_int_equal_goto(tctx, notify.nttrans.out.num_changes,
+				      1, ret, done, "wrong number of changes");
+	CHECK_WSTR(tctx, notify.nttrans.out.changes[0].name, "subdir-name2",
+		   STR_UNICODE);
+
+done:
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR_CN1_DBL);
+	return ret;
+}
+
+
+/* 
+   test multiple change notifies at different depths and with/without recursion
+*/
+
+#define BASEDIR_CN1_TNT BASEDIR "_CN1_TNT"
+
+static bool test_notify_tree(struct torture_context *tctx,
+			     struct smbcli_state *cli,
+			     struct smbcli_state *cli2)
+{
+	bool ret = true;
+	union smb_notify notify;
+	union smb_open io;
+	struct smbcli_request *req;
+	struct timeval tv;
+	struct {
+		const char *path;
+		bool recursive;
+		uint32_t filter;
+		int expected;
+		int fnum;
+		int counted;
+	} dirs[] = {
+		{
+			.path      = BASEDIR_CN1_TNT "\\abc",
+			.recursive = true,
+			.filter    = FILE_NOTIFY_CHANGE_NAME,
+			.expected  = 30,
+		},
+		{
+			.path      = BASEDIR_CN1_TNT "\\zqy",
+			.recursive = true,
+			.filter    = FILE_NOTIFY_CHANGE_NAME,
+			.expected  = 8,
+		},
+		{
+			.path      = BASEDIR_CN1_TNT "\\atsy",
+			.recursive = true,
+			.filter    = FILE_NOTIFY_CHANGE_NAME,
+			.expected  = 4,
+		},
+		{
+			.path      = BASEDIR_CN1_TNT "\\abc\\foo",
+			.recursive = true,
+			.filter    = FILE_NOTIFY_CHANGE_NAME,
+			.expected  = 2,
+		},
+		{
+			.path      = BASEDIR_CN1_TNT "\\abc\\blah",
+			.recursive = true,
+			.filter    = FILE_NOTIFY_CHANGE_NAME,
+			.expected  = 13,
+		},
+		{
+			.path      = BASEDIR_CN1_TNT "\\abc\\blah",
+			.recursive = false,
+			.filter    = FILE_NOTIFY_CHANGE_NAME,
+			.expected  = 7,
+		},
+		{
+			.path      = BASEDIR_CN1_TNT "\\abc\\blah\\a",
+			.recursive = true,
+			.filter    = FILE_NOTIFY_CHANGE_NAME,
+			.expected  = 2,
+		},
+		{
+			.path      = BASEDIR_CN1_TNT "\\abc\\blah\\b",
+			.recursive = true,
+			.filter    = FILE_NOTIFY_CHANGE_NAME,
+			.expected  = 2,
+		},
+		{
+			.path      = BASEDIR_CN1_TNT "\\abc\\blah\\c",
+			.recursive = true,
+			.filter    = FILE_NOTIFY_CHANGE_NAME,
+			.expected  = 2,
+		},
+		{
+			.path      = BASEDIR_CN1_TNT "\\abc\\fooblah",
+			.recursive = true,
+			.filter    = FILE_NOTIFY_CHANGE_NAME,
+			.expected  = 2,
+		},
+		{
+			.path      = BASEDIR_CN1_TNT "\\zqy\\xx",
+			.recursive = true,
+			.filter    = FILE_NOTIFY_CHANGE_NAME,
+			.expected  = 2,
+		},
+		{
+			.path      = BASEDIR_CN1_TNT "\\zqy\\yyy",
+			.recursive = true,
+			.filter    = FILE_NOTIFY_CHANGE_NAME,
+			.expected  = 2,
+		},
+		{
+			.path      = BASEDIR_CN1_TNT "\\zqy\\..",
+			.recursive = true,
+			.filter    = FILE_NOTIFY_CHANGE_NAME,
+			.expected  = 40,
+		},
+		{
+			.path      = BASEDIR_CN1_TNT,
+			.recursive = true,
+			.filter    = FILE_NOTIFY_CHANGE_NAME,
+			.expected  = 40,
+		},
+		{
+			.path      = BASEDIR_CN1_TNT,
+			.recursive = false,
+			.filter    = FILE_NOTIFY_CHANGE_NAME,
+			.expected  = 6,
+		},
+		{
+			.path      = BASEDIR_CN1_TNT "\\atsy",
+			.recursive = false,
+			.filter    = FILE_NOTIFY_CHANGE_NAME,
+			.expected  = 4,
+		},
+		{
+			.path      = BASEDIR_CN1_TNT "\\abc",
+			.recursive = true,
+			.filter    = FILE_NOTIFY_CHANGE_NAME,
+			.expected  = 24,
+		},
+		{
+			.path      = BASEDIR_CN1_TNT "\\abc",
+			.recursive = false,
+			.filter    = FILE_NOTIFY_CHANGE_FILE_NAME,
+			.expected  = 0,
+		},
+		{
+			.path      = BASEDIR_CN1_TNT "\\abc",
+			.recursive = true,
+			.filter    = FILE_NOTIFY_CHANGE_FILE_NAME,
+			.expected  = 0,
+		},
+		{
+			.path      = BASEDIR_CN1_TNT "\\abc",
+			.recursive = true,
+			.filter    = FILE_NOTIFY_CHANGE_NAME,
+			.expected  = 24,
+		},
+	};
+	int i;
+	NTSTATUS status;
+	bool all_done = false;
+
+	torture_comment(tctx, "TESTING CHANGE NOTIFY FOR DIFFERENT DEPTHS\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR_CN1_TNT),
+		       "Failed to setup up test directory: " BASEDIR_CN1_TNT);
+
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FILE_ALL;
+	io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+
+	notify.nttrans.level = RAW_NOTIFY_NTTRANS;
+	notify.nttrans.in.buffer_size = 20000;
+
+	/*
+	  setup the directory tree, and the notify buffer on each directory
+	*/
+	for (i=0;i<ARRAY_SIZE(dirs);i++) {
+		io.ntcreatex.in.fname = dirs[i].path;
+		status = smb_raw_open(cli->tree, tctx, &io);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"smb_raw_open");
+		dirs[i].fnum = io.ntcreatex.out.file.fnum;
+
+		notify.nttrans.in.completion_filter = dirs[i].filter;
+		notify.nttrans.in.file.fnum = dirs[i].fnum;
+		notify.nttrans.in.recursive = dirs[i].recursive;
+		req = smb_raw_changenotify_send(cli->tree, &notify);
+		smb_raw_ntcancel(req);
+		status = smb_raw_changenotify_recv(req, tctx, &notify);
+		torture_assert_ntstatus_equal_goto(tctx, status,
+						   NT_STATUS_CANCELLED,
+						   ret, done,
+						   "smb_raw_changenotify_recv");
+	}
+
+	/* trigger 2 events in each dir */
+	for (i=0;i<ARRAY_SIZE(dirs);i++) {
+		char *path = talloc_asprintf(tctx, "%s\\test.dir", dirs[i].path);
+		/*
+		 * Make notifies a bit more interesting in a cluster
+		 * by doing the changes against different nodes with
+		 * --unclist
+		 */
+		smbcli_mkdir(cli->tree, path);
+		smbcli_rmdir(cli2->tree, path);
+		talloc_free(path);
+	}
+
+	/* give a bit of time for the events to propagate */
+	tv = timeval_current();
+
+	do {
+		/* count events that have happened in each dir */
+		for (i=0;i<ARRAY_SIZE(dirs);i++) {
+			notify.nttrans.in.file.fnum = dirs[i].fnum;
+			req = smb_raw_changenotify_send(cli->tree, &notify);
+			smb_raw_ntcancel(req);
+			notify.nttrans.out.num_changes = 0;
+			status = smb_raw_changenotify_recv(req, tctx, &notify);
+			dirs[i].counted += notify.nttrans.out.num_changes;
+		}
+		
+		all_done = true;
+
+		for (i=0;i<ARRAY_SIZE(dirs);i++) {
+			if (dirs[i].counted != dirs[i].expected) {
+				all_done = false;
+			}
+		}
+	} while (!all_done && timeval_elapsed(&tv) < 20);
+
+	torture_comment(tctx, "took %.4f seconds to propagate all events\n", timeval_elapsed(&tv));
+
+	for (i=0;i<ARRAY_SIZE(dirs);i++) {
+		torture_assert_int_equal_goto(tctx,
+			dirs[i].counted, dirs[i].expected, ret, done,
+			talloc_asprintf(tctx,
+					"unexpected number of events for '%s'",
+					dirs[i].path));
+	}
+
+	/*
+	  run from the back, closing and deleting
+	*/
+	for (i=ARRAY_SIZE(dirs)-1;i>=0;i--) {
+		smbcli_close(cli->tree, dirs[i].fnum);
+		smbcli_rmdir(cli->tree, dirs[i].path);
+	}
+
+done:
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR_CN1_TNT);
+	return ret;
+}
+
+/*
+   Test response when cached server events exceed single NT NOTFIY response
+   packet size.
+*/
+
+#define BASEDIR_CN1_NO BASEDIR "_CN1_NO"
+
+static bool test_notify_overflow(struct torture_context *tctx,
+				 struct smbcli_state *cli)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_notify notify;
+	union smb_open io;
+	int fnum;
+	int count = 100;
+	struct smbcli_request *req1;
+	int i;
+
+	torture_comment(tctx, "TESTING CHANGE NOTIFY EVENT OVERFLOW\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR_CN1_NO),
+		       "Failed to setup up test directory: " BASEDIR_CN1_NO);
+
+	/* get a handle on the directory */
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FILE_ALL;
+	io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+	    NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = BASEDIR_CN1_NO;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_open");
+	fnum = io.ntcreatex.out.file.fnum;
+
+	/* ask for a change notify, on name changes. */
+	notify.nttrans.level = RAW_NOTIFY_NTTRANS;
+	notify.nttrans.in.buffer_size = 1000;
+	notify.nttrans.in.completion_filter = FILE_NOTIFY_CHANGE_NAME;
+	notify.nttrans.in.file.fnum = fnum;
+
+	notify.nttrans.in.recursive = true;
+	req1 = smb_raw_changenotify_send(cli->tree, &notify);
+
+	/* cancel initial requests so the buffer is setup */
+	smb_raw_ntcancel(req1);
+	status = smb_raw_changenotify_recv(req1, tctx, &notify);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+					   NT_STATUS_CANCELLED,
+					   ret, done,
+					   "smb_raw_changenotify_recv");
+
+	/* open a lot of files, filling up the server side notify buffer */
+	torture_comment(tctx, "Testing overflowed buffer notify on create of %d files\n",
+	       count);
+	for (i=0;i<count;i++) {
+		char *fname = talloc_asprintf(cli,
+				BASEDIR_CN1_NO "\\test%d.txt", i);
+		int fnum2 = smbcli_open(cli->tree, fname, O_CREAT|O_RDWR,
+					DENY_NONE);
+		torture_assert_int_not_equal_goto(tctx, fnum2, -1, ret, done,
+			talloc_asprintf(tctx, "Failed to create %s - %s",
+					fname, smbcli_errstr(cli->tree)));
+		talloc_free(fname);
+		smbcli_close(cli->tree, fnum2);
+	}
+
+	/* expect that 0 events will be returned with NT_STATUS_OK */
+	req1 = smb_raw_changenotify_send(cli->tree, &notify);
+	status = smb_raw_changenotify_recv(req1, tctx, &notify);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_changenotify_recv");
+	torture_assert_int_equal_goto(tctx, notify.nttrans.out.num_changes,
+				      0, ret, done, "no changes expected");
+
+done:
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR_CN1_NO);
+	return ret;
+}
+
+/*
+   Test if notifications are returned for changes to the base directory.
+   They shouldn't be.
+*/
+
+#define BASEDIR_CN1_NBASE BASEDIR "_CN1_NBASE"
+
+static bool test_notify_basedir(struct torture_context *tctx,
+				struct smbcli_state *cli)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_notify notify;
+	union smb_open io;
+	int fnum;
+	struct smbcli_request *req1;
+
+	torture_comment(tctx, "TESTING CHANGE NOTIFY BASEDIR EVENTS\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR_CN1_NBASE),
+		       "Failed to setup up test directory: " BASEDIR_CN1_NBASE);
+
+	/* get a handle on the directory */
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FILE_ALL;
+	io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+	    NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = BASEDIR_CN1_NBASE;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_open");
+	fnum = io.ntcreatex.out.file.fnum;
+
+	/* create a test file that will also be modified */
+	smbcli_close(cli->tree, smbcli_open(cli->tree,
+				BASEDIR_CN1_NBASE "\\tname1",
+					    O_CREAT, 0));
+
+	/* ask for a change notify, on attribute changes. */
+	notify.nttrans.level = RAW_NOTIFY_NTTRANS;
+	notify.nttrans.in.buffer_size = 1000;
+	notify.nttrans.in.completion_filter = FILE_NOTIFY_CHANGE_ATTRIBUTES;
+	notify.nttrans.in.file.fnum = fnum;
+	notify.nttrans.in.recursive = true;
+
+	req1 = smb_raw_changenotify_send(cli->tree, &notify);
+
+	/* set attribute on the base dir */
+	smbcli_setatr(cli->tree, BASEDIR_CN1_NBASE, FILE_ATTRIBUTE_HIDDEN, 0);
+
+	/* set attribute on a file to assure we receive a notification */
+	smbcli_setatr(cli->tree, BASEDIR_CN1_NBASE "\\tname1",
+			FILE_ATTRIBUTE_HIDDEN, 0);
+	smb_msleep(200);
+
+	/* check how many responses were given, expect only 1 for the file */
+	status = smb_raw_changenotify_recv(req1, tctx, &notify);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_changenotify_recv");
+	torture_assert_int_equal_goto(tctx, notify.nttrans.out.num_changes,
+				      1, ret, done, "wrong number of  changes");
+	torture_assert_int_equal_goto(tctx,
+				      notify.nttrans.out.changes[0].action,
+				      NOTIFY_ACTION_MODIFIED, ret, done,
+				      "wrong action (exp: MODIFIED)");
+	CHECK_WSTR(tctx, notify.nttrans.out.changes[0].name, "tname1",
+		   STR_UNICODE);
+
+done:
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR_CN1_NBASE);
+	return ret;
+}
+
+
+/*
+  create a secondary tree connect - used to test for a bug in Samba3 messaging
+  with change notify
+*/
+
+static struct smbcli_tree *secondary_tcon(struct smbcli_state *cli, 
+					  struct torture_context *tctx)
+{
+	NTSTATUS status;
+	const char *share, *host;
+	struct smbcli_tree *tree;
+	union smb_tcon tcon;
+
+	share = torture_setting_string(tctx, "share", NULL);
+	host  = torture_setting_string(tctx, "host", NULL);
+	
+	torture_comment(tctx, "create a second tree context on the same session\n");
+	tree = smbcli_tree_init(cli->session, tctx, false);
+
+	tcon.generic.level = RAW_TCON_TCONX;
+	tcon.tconx.in.flags = TCONX_FLAG_EXTENDED_RESPONSE;
+	tcon.tconx.in.password = data_blob(NULL, 0);
+	tcon.tconx.in.path = talloc_asprintf(tctx, "\\\\%s\\%s", host, share);
+	tcon.tconx.in.device = "A:";	
+	status = smb_raw_tcon(tree, tctx, &tcon);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(tree);
+		torture_comment(tctx, "Failed to create secondary tree\n");
+		return NULL;
+	}
+
+	tree->tid = tcon.tconx.out.tid;
+	torture_comment(tctx, "tid1=%d tid2=%d\n", cli->tree->tid, tree->tid);
+
+	return tree;
+}
+
+
+/* 
+   very simple change notify test
+*/
+
+#define BASEDIR_CN1_NTCON BASEDIR "_CN1_NTCON"
+
+static bool test_notify_tcon(struct torture_context *tctx,
+			     struct smbcli_state *cli)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_notify notify;
+	union smb_open io;
+	int fnum;
+	struct smbcli_request *req;
+	extern int torture_numops;
+	struct smbcli_tree *tree = NULL;
+		
+	torture_comment(tctx, "TESTING SIMPLE CHANGE NOTIFY\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR_CN1_NTCON),
+		       "Failed to setup up test directory: " BASEDIR_CN1_NTCON);
+
+	/*
+	  get a handle on the directory
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FILE_ALL;
+	io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = BASEDIR_CN1_NTCON;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_open");
+	fnum = io.ntcreatex.out.file.fnum;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_open");
+
+	/* ask for a change notify,
+	   on file or directory name changes */
+	notify.nttrans.level = RAW_NOTIFY_NTTRANS;
+	notify.nttrans.in.buffer_size = 1000;
+	notify.nttrans.in.completion_filter = FILE_NOTIFY_CHANGE_NAME;
+	notify.nttrans.in.file.fnum = fnum;
+	notify.nttrans.in.recursive = true;
+
+	torture_comment(tctx, "Testing notify mkdir\n");
+	req = smb_raw_changenotify_send(cli->tree, &notify);
+	smbcli_mkdir(cli->tree, BASEDIR_CN1_NTCON "\\subdir-name");
+
+	status = smb_raw_changenotify_recv(req, tctx, &notify);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_changenotify_recv");
+
+	torture_assert_int_equal_goto(tctx, notify.nttrans.out.num_changes,
+				      1, ret, done, "wrong number of changes");
+	torture_assert_int_equal_goto(tctx,
+				      notify.nttrans.out.changes[0].action,
+				      NOTIFY_ACTION_ADDED, ret, done,
+				      "wrong action (exp: ADDED)");
+	CHECK_WSTR(tctx, notify.nttrans.out.changes[0].name, "subdir-name",
+		   STR_UNICODE);
+
+	torture_comment(tctx, "Testing notify rmdir\n");
+	req = smb_raw_changenotify_send(cli->tree, &notify);
+	smbcli_rmdir(cli->tree, BASEDIR_CN1_NTCON "\\subdir-name");
+
+	status = smb_raw_changenotify_recv(req, tctx, &notify);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_changenotify_recv");
+	torture_assert_int_equal_goto(tctx, notify.nttrans.out.num_changes,
+				      1, ret, done, "wrong number of changes");
+	torture_assert_int_equal_goto(tctx,
+				      notify.nttrans.out.changes[0].action,
+				      NOTIFY_ACTION_REMOVED, ret, done,
+				      "wrong action (exp: REMOVED)");
+	CHECK_WSTR(tctx, notify.nttrans.out.changes[0].name, "subdir-name",
+		   STR_UNICODE);
+
+	torture_comment(tctx, "SIMPLE CHANGE NOTIFY OK\n");
+
+	torture_comment(tctx, "TESTING WITH SECONDARY TCON\n");
+	tree = secondary_tcon(cli, tctx);
+	torture_assert_not_null_goto(tctx, tree, ret, done,
+				     "failed to create secondary tcon");
+
+	torture_comment(tctx, "Testing notify mkdir\n");
+	req = smb_raw_changenotify_send(cli->tree, &notify);
+	smbcli_mkdir(cli->tree, BASEDIR_CN1_NTCON "\\subdir-name");
+
+	status = smb_raw_changenotify_recv(req, tctx, &notify);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_changenotify_recv");
+
+	torture_assert_int_equal_goto(tctx, notify.nttrans.out.num_changes,
+				      1, ret, done, "wrong number of changes");
+	torture_assert_int_equal_goto(tctx,
+				      notify.nttrans.out.changes[0].action,
+				      NOTIFY_ACTION_ADDED, ret, done,
+				      "wrong action (exp: ADDED)");
+	CHECK_WSTR(tctx, notify.nttrans.out.changes[0].name, "subdir-name",
+		   STR_UNICODE);
+
+	torture_comment(tctx, "Testing notify rmdir\n");
+	req = smb_raw_changenotify_send(cli->tree, &notify);
+	smbcli_rmdir(cli->tree, BASEDIR_CN1_NTCON "\\subdir-name");
+
+	status = smb_raw_changenotify_recv(req, tctx, &notify);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_changenotify_recv");
+	torture_assert_int_equal_goto(tctx, notify.nttrans.out.num_changes,
+				      1, ret, done, "wrong number of changes");
+	torture_assert_int_equal_goto(tctx,
+				      notify.nttrans.out.changes[0].action,
+				      NOTIFY_ACTION_REMOVED, ret, done,
+				      "wrong action (exp: REMOVED)");
+	CHECK_WSTR(tctx, notify.nttrans.out.changes[0].name, "subdir-name",
+		   STR_UNICODE);
+
+	torture_comment(tctx, "CHANGE NOTIFY WITH TCON OK\n");
+
+	torture_comment(tctx, "Disconnecting secondary tree\n");
+	status = smb_tree_disconnect(tree);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_tree_disconnect");
+	talloc_free(tree);
+
+	torture_comment(tctx, "Testing notify mkdir\n");
+	req = smb_raw_changenotify_send(cli->tree, &notify);
+	smbcli_mkdir(cli->tree, BASEDIR_CN1_NTCON "\\subdir-name");
+
+	status = smb_raw_changenotify_recv(req, tctx, &notify);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_changenotify_recv");
+
+	torture_assert_int_equal_goto(tctx, notify.nttrans.out.num_changes,
+				      1, ret, done, "wrong number of changes");
+	torture_assert_int_equal_goto(tctx,
+				      notify.nttrans.out.changes[0].action,
+				      NOTIFY_ACTION_ADDED, ret, done,
+				      "wrong action (exp: ADDED)");
+	CHECK_WSTR(tctx, notify.nttrans.out.changes[0].name, "subdir-name",
+		   STR_UNICODE);
+
+	torture_comment(tctx, "Testing notify rmdir\n");
+	req = smb_raw_changenotify_send(cli->tree, &notify);
+	smbcli_rmdir(cli->tree, BASEDIR_CN1_NTCON "\\subdir-name");
+
+	status = smb_raw_changenotify_recv(req, tctx, &notify);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb_raw_changenotify_recv");
+	torture_assert_int_equal_goto(tctx, notify.nttrans.out.num_changes,
+				      1, ret, done, "wrong number of changes");
+	torture_assert_int_equal_goto(tctx,
+				      notify.nttrans.out.changes[0].action,
+				      NOTIFY_ACTION_REMOVED, ret, done,
+				      "wrong action (exp: REMOVED)");
+	CHECK_WSTR(tctx, notify.nttrans.out.changes[0].name, "subdir-name",
+		   STR_UNICODE);
+
+	torture_comment(tctx, "CHANGE NOTIFY WITH TDIS OK\n");
+done:
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR_CN1_NTCON);
+	return ret;
+}
+
+struct cb_data {
+	struct smbcli_request *req;
+	bool timed_out;
+};
+
+static void timeout_cb(struct tevent_context *ev,
+			struct tevent_timer *te,
+			struct timeval current_time,
+			void *private_data)
+{
+	struct cb_data *cbp = (struct cb_data *)private_data;
+	cbp->req->state = SMBCLI_REQUEST_ERROR;
+	cbp->timed_out = true;
+}
+
+/*
+   testing alignment of multiple change notify infos
+*/
+
+#define BASEDIR_CN1_NALIGN BASEDIR "_CN1_NALIGN"
+
+static bool test_notify_alignment(struct torture_context *tctx,
+				  struct smbcli_state *cli)
+{
+	NTSTATUS status;
+	union smb_notify notify;
+	union smb_open io;
+	int fnum, fnum2;
+	struct smbcli_request *req;
+	const char *fname = BASEDIR_CN1_NALIGN "\\starter";
+	const char *fnames[] = { "a",
+				 "ab",
+				 "abc",
+				 "abcd" };
+	bool fnames_received[] = {false,
+				  false,
+				  false,
+				  false};
+	size_t total_names_received = 0;
+	size_t num_names = ARRAY_SIZE(fnames);
+	size_t i;
+	char *fpath = NULL;
+
+	torture_comment(tctx, "TESTING CHANGE NOTIFY REPLY ALIGNMENT\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR_CN1_NALIGN),
+		"Failed to setup up test directory: " BASEDIR_CN1_NALIGN);
+
+	/* get a handle on the directory */
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FILE_ALL;
+	io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				       NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = BASEDIR_CN1_NALIGN;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	torture_assert_ntstatus_ok(tctx, status, "smb_raw_open");
+	fnum = io.ntcreatex.out.file.fnum;
+
+	/* ask for a change notify, on file creation */
+	notify.nttrans.level = RAW_NOTIFY_NTTRANS;
+	notify.nttrans.in.buffer_size = 1000;
+	notify.nttrans.in.completion_filter = FILE_NOTIFY_CHANGE_FILE_NAME;
+	notify.nttrans.in.file.fnum = fnum;
+	notify.nttrans.in.recursive = false;
+
+	/* start change tracking */
+	req = smb_raw_changenotify_send(cli->tree, &notify);
+
+	fnum2 = smbcli_open(cli->tree, fname, O_CREAT|O_RDWR, DENY_NONE);
+	torture_assert(tctx, fnum2 != -1, smbcli_errstr(cli->tree));
+	smbcli_close(cli->tree, fnum2);
+
+	status = smb_raw_changenotify_recv(req, tctx, &notify);
+	torture_assert_ntstatus_ok(tctx, status, "smb_raw_changenotify_recv");
+
+	/* create 4 files that will cause CHANGE_NOTIFY_INFO structures
+	 * to be returned in the same packet with all possible 4-byte padding
+	 * permutations.  As per MS-CIFS 2.2.7.4.2 these structures should be
+	 * 4-byte aligned. */
+
+	for (i = 0; i < num_names; i++) {
+		fpath = talloc_asprintf(tctx, "%s\\%s",
+				BASEDIR_CN1_NALIGN, fnames[i]);
+		fnum2 = smbcli_open(cli->tree, fpath,
+		    O_CREAT|O_RDWR, DENY_NONE);
+		torture_assert(tctx, fnum2 != -1, smbcli_errstr(cli->tree));
+		smbcli_close(cli->tree, fnum2);
+		talloc_free(fpath);
+	}
+
+	/*
+	 * Slow cloud filesystems mean we might
+	 * not get everything in one go. Keep going
+	 * until we get them all.
+	 */
+	while (total_names_received < num_names) {
+		struct tevent_timer *te = NULL;
+		struct cb_data to_data = {0};
+
+		/*
+		 * We send a notify packet, and let
+		 * smb_raw_changenotify_recv() do
+		 * the alignment checking for us.
+		 */
+		req = smb_raw_changenotify_send(cli->tree, &notify);
+		torture_assert(tctx,
+			req != NULL,
+			"smb_raw_changenotify_send failed\n");
+
+		/* Ensure we don't wait more than 30 seconds. */
+		to_data.req = req;
+		to_data.timed_out = false;
+
+		te = tevent_add_timer(tctx->ev,
+				req,
+				tevent_timeval_current_ofs(30, 0),
+				timeout_cb,
+				&to_data);
+		if (te == NULL) {
+			torture_fail(tctx, "tevent_add_timer fail\n");
+		}
+
+		status = smb_raw_changenotify_recv(req, tctx, &notify);
+		if (!NT_STATUS_IS_OK(status)) {
+			if (to_data.timed_out == true) {
+				torture_fail(tctx, "smb_raw_changenotify_recv "
+					"timed out\n");
+			}
+		}
+
+		torture_assert_ntstatus_ok(tctx, status,
+			"smb_raw_changenotify_recv");
+
+		for (i = 0; i < notify.nttrans.out.num_changes; i++) {
+			size_t j;
+
+			/* Ensure it was an 'add'. */
+			torture_assert(tctx,
+				notify.nttrans.out.changes[i].action ==
+					NOTIFY_ACTION_ADDED,
+				"");
+
+			for (j = 0; j < num_names; j++) {
+				if (strcmp(notify.nttrans.out.changes[i].name.s,
+						fnames[j]) == 0) {
+					if (fnames_received[j] == true) {
+						const char *err =
+							talloc_asprintf(tctx,
+								"Duplicate "
+								"name %s\n",
+								fnames[j]);
+						if (err == NULL) {
+							torture_fail(tctx,
+								"talloc "
+								"fail\n");
+						}
+						/* already got this. */
+						torture_fail(tctx, err);
+					}
+					fnames_received[j] = true;
+					break;
+				}
+			}
+			if (j == num_names) {
+				/* No name match. */
+				const char *err = talloc_asprintf(tctx,
+					"Unexpected name %s\n",
+					notify.nttrans.out.changes[i].name.s);
+				if (err == NULL) {
+					torture_fail(tctx, "talloc fail\n");
+				}
+				torture_fail(tctx, err);
+			}
+			total_names_received++;
+		}
+	}
+
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR_CN1_NALIGN);
+	return true;
+}
+
+struct torture_suite *torture_raw_notify(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "notify");
+
+	torture_suite_add_1smb_test(suite, "tcon", test_notify_tcon);
+	torture_suite_add_2smb_test(suite, "dir", test_notify_dir);
+	torture_suite_add_2smb_test(suite, "mask", test_notify_mask);
+	torture_suite_add_2smb_test(suite, "recursive", test_notify_recursive);
+	torture_suite_add_1smb_test(suite, "mask_change",
+				    test_notify_mask_change);
+	torture_suite_add_1smb_test(suite, "file", test_notify_file);
+	torture_suite_add_1smb_test(suite, "tdis", test_notify_tdis);
+	torture_suite_add_1smb_test(suite, "exit", test_notify_exit);
+	torture_suite_add_1smb_test(suite, "ulogoff", test_notify_ulogoff);
+	torture_suite_add_1smb_test(suite, "tcp_dis", test_notify_tcp_dis);
+	torture_suite_add_1smb_test(suite, "double", test_notify_double);
+	torture_suite_add_2smb_test(suite, "tree", test_notify_tree);
+	torture_suite_add_1smb_test(suite, "overflow", test_notify_overflow);
+	torture_suite_add_1smb_test(suite, "basedir", test_notify_basedir);
+	torture_suite_add_1smb_test(suite, "alignment", test_notify_alignment);
+
+	return suite;
+}
diff --git a/source4/torture/raw/offline.c b/source4/torture/raw/offline.c
new file mode 100644
index 0000000..262003f
--- /dev/null
+++ b/source4/torture/raw/offline.c
@@ -0,0 +1,514 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Andrew Tridgell 2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+  test offline files
+ */
+
+#include "includes.h"
+#include "system/time.h"
+#include "system/filesys.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "lib/events/events.h"
+#include "libcli/composite/composite.h"
+#include "libcli/smb_composite/smb_composite.h"
+#include "torture/raw/proto.h"
+
+#define BASEDIR "\\testoffline"
+
+static int nconnections;
+static int numstates;
+static int num_connected;
+static int test_failed;
+extern int torture_numops;
+extern int torture_entries;
+static bool test_finished;
+
+enum offline_op {OP_LOADFILE, OP_SAVEFILE, OP_SETOFFLINE, OP_GETOFFLINE, OP_ENDOFLIST};
+
+static double latencies[OP_ENDOFLIST];
+static double worst_latencies[OP_ENDOFLIST];
+
+#define FILE_SIZE 8192
+
+
+struct offline_state {
+	struct torture_context *tctx;
+	struct tevent_context *ev;
+	struct smbcli_tree *tree;
+	TALLOC_CTX *mem_ctx;
+	int client;
+	int fnum;
+	uint32_t count;
+	uint32_t lastcount;
+	uint32_t fnumber;
+	uint32_t offline_count;
+	uint32_t online_count;
+	char *fname;
+	struct smb_composite_loadfile *loadfile;
+	struct smb_composite_savefile *savefile;
+	struct smbcli_request *req;
+	enum offline_op op;
+	struct timeval tv_start;
+};
+
+static void test_offline(struct offline_state *state);
+
+
+static char *filename(TALLOC_CTX *ctx, int i)
+{
+	char *s = talloc_asprintf(ctx, BASEDIR "\\file%u.dat", i);
+	return s;
+}
+
+
+/*
+  called when a loadfile completes
+ */
+static void loadfile_callback(struct composite_context *ctx)
+{
+	struct offline_state *state = ctx->async.private_data;
+	NTSTATUS status;
+	int i;
+
+	status = smb_composite_loadfile_recv(ctx, state->mem_ctx);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("Failed to read file '%s' - %s\n",
+		       state->loadfile->in.fname, nt_errstr(status));
+		test_failed++;
+		return;
+	}
+
+	/* check the data is correct */
+	if (state->loadfile->out.size != FILE_SIZE) {
+		printf("Wrong file size %u - expected %u\n",
+		       state->loadfile->out.size, FILE_SIZE);
+		test_failed++;
+		return;
+	}
+
+	for (i=0;i<FILE_SIZE;i++) {
+		if (state->loadfile->out.data[i] != 1+(state->fnumber % 255)) {
+			printf("Bad data in file %u (got %u expected %u)\n",
+			       state->fnumber,
+			       state->loadfile->out.data[i],
+			       1+(state->fnumber % 255));
+			test_failed++;
+			return;
+		}
+	}
+
+	talloc_steal(state->loadfile, state->loadfile->out.data);
+
+	state->count++;
+	talloc_free(state->loadfile);
+	state->loadfile = NULL;
+
+	if (!test_finished) {
+		test_offline(state);
+	}
+}
+
+
+/*
+  called when a savefile completes
+ */
+static void savefile_callback(struct composite_context *ctx)
+{
+	struct offline_state *state = ctx->async.private_data;
+	NTSTATUS status;
+
+	status = smb_composite_savefile_recv(ctx);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("Failed to save file '%s' - %s\n",
+		       state->savefile->in.fname, nt_errstr(status));
+		test_failed++;
+	}
+
+	state->count++;
+	talloc_free(state->savefile);
+	state->savefile = NULL;
+
+	if (!test_finished) {
+		test_offline(state);
+	}
+}
+
+
+/*
+  called when a setoffline completes
+ */
+static void setoffline_callback(struct smbcli_request *req)
+{
+	struct offline_state *state = req->async.private_data;
+	NTSTATUS status;
+
+	status = smbcli_request_simple_recv(req);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("Failed to set offline file '%s' - %s\n",
+		       state->fname, nt_errstr(status));
+		test_failed++;
+	}
+
+	state->req = NULL;
+	state->count++;
+
+	if (!test_finished) {
+		test_offline(state);
+	}
+}
+
+
+/*
+  called when a getoffline completes
+ */
+static void getoffline_callback(struct smbcli_request *req)
+{
+	struct offline_state *state = req->async.private_data;
+	NTSTATUS status;
+	union smb_fileinfo io;
+
+	ZERO_STRUCT(io);
+
+	io.getattr.level = RAW_FILEINFO_GETATTR;
+
+	status = smb_raw_pathinfo_recv(req, state->mem_ctx, &io);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("Failed to get offline file '%s' - %s\n",
+		       state->fname, nt_errstr(status));
+		test_failed++;
+	}
+
+	if (io.getattr.out.attrib & FILE_ATTRIBUTE_OFFLINE) {
+		state->offline_count++;
+	} else {
+		state->online_count++;
+	}
+
+	state->req = NULL;
+	state->count++;
+
+	if (!test_finished) {
+		test_offline(state);
+	}
+}
+
+
+/*
+  send the next offline file fetch request
+*/
+static void test_offline(struct offline_state *state)
+{
+	struct composite_context *ctx;
+	double lat;
+
+	lat = timeval_elapsed(&state->tv_start);
+	if (latencies[state->op] < lat) {
+		latencies[state->op] = lat;
+	}
+
+	state->op = (enum offline_op) (random() % OP_ENDOFLIST);
+
+	state->fnumber = random() % torture_numops;
+	talloc_free(state->fname);
+	state->fname = filename(state->mem_ctx, state->fnumber);
+
+	state->tv_start = timeval_current();
+
+	switch (state->op) {
+	case OP_LOADFILE:
+		state->loadfile = talloc_zero(state->mem_ctx, struct smb_composite_loadfile);
+		state->loadfile->in.fname = state->fname;
+
+		ctx = smb_composite_loadfile_send(state->tree, state->loadfile);
+		if (ctx == NULL) {
+			printf("Failed to setup loadfile for %s\n", state->fname);
+			test_failed = true;
+		}
+
+		talloc_steal(state->loadfile, ctx);
+
+		ctx->async.fn = loadfile_callback;
+		ctx->async.private_data = state;
+		break;
+
+	case OP_SAVEFILE:
+		state->savefile = talloc_zero(state->mem_ctx, struct smb_composite_savefile);
+
+		state->savefile->in.fname = state->fname;
+		state->savefile->in.data  = talloc_size(state->savefile, FILE_SIZE);
+		state->savefile->in.size  = FILE_SIZE;
+		memset(state->savefile->in.data, 1+(state->fnumber%255), FILE_SIZE);
+
+		ctx = smb_composite_savefile_send(state->tree, state->savefile);
+		if (ctx == NULL) {
+			printf("Failed to setup savefile for %s\n", state->fname);
+			test_failed = true;
+		}
+
+		talloc_steal(state->savefile, ctx);
+
+		ctx->async.fn = savefile_callback;
+		ctx->async.private_data = state;
+		break;
+
+	case OP_SETOFFLINE: {
+		union smb_setfileinfo io;
+		ZERO_STRUCT(io);
+		io.setattr.level = RAW_SFILEINFO_SETATTR;
+		io.setattr.in.attrib = FILE_ATTRIBUTE_OFFLINE;
+		io.setattr.in.file.path = state->fname;
+		/* make the file 1 hour old, to get past minimum age restrictions
+		   for HSM systems */
+		io.setattr.in.write_time = time(NULL) - 60*60;
+
+		state->req = smb_raw_setpathinfo_send(state->tree, &io);
+		if (state->req == NULL) {
+			printf("Failed to setup setoffline for %s\n", state->fname);
+			test_failed = true;
+		}
+
+		state->req->async.fn = setoffline_callback;
+		state->req->async.private_data = state;
+		break;
+	}
+
+	case OP_GETOFFLINE: {
+		union smb_fileinfo io;
+		ZERO_STRUCT(io);
+		io.getattr.level = RAW_FILEINFO_GETATTR;
+		io.getattr.in.file.path = state->fname;
+
+		state->req = smb_raw_pathinfo_send(state->tree, &io);
+		if (state->req == NULL) {
+			printf("Failed to setup getoffline for %s\n", state->fname);
+			test_failed = true;
+		}
+
+		state->req->async.fn = getoffline_callback;
+		state->req->async.private_data = state;
+		break;
+	}
+
+	default:
+		printf("bad operation??\n");
+		break;
+	}
+}
+
+
+
+
+static void echo_completion(struct smbcli_request *req)
+{
+	struct offline_state *state = (struct offline_state *)req->async.private_data;
+	NTSTATUS status = smbcli_request_simple_recv(req);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_END_OF_FILE) ||
+	    NT_STATUS_EQUAL(status, NT_STATUS_LOCAL_DISCONNECT) ||
+	    NT_STATUS_EQUAL(status, NT_STATUS_CONNECTION_RESET)) {
+		talloc_free(state->tree);
+		state->tree = NULL;
+		num_connected--;
+		DEBUG(0,("lost connection\n"));
+		test_failed++;
+	}
+}
+
+static void report_rate(struct tevent_context *ev, struct tevent_timer *te,
+			struct timeval t, void *private_data)
+{
+	struct offline_state *state = talloc_get_type(private_data,
+							struct offline_state);
+	int i;
+	uint32_t total=0, total_offline=0, total_online=0;
+	for (i=0;i<numstates;i++) {
+		total += state[i].count - state[i].lastcount;
+		if (timeval_elapsed(&state[i].tv_start) > latencies[state[i].op]) {
+			latencies[state[i].op] = timeval_elapsed(&state[i].tv_start);
+		}
+		state[i].lastcount = state[i].count;
+		total_online += state[i].online_count;
+		total_offline += state[i].offline_count;
+	}
+	printf("ops/s=%4u  offline=%5u online=%4u  set_lat=%.1f/%.1f get_lat=%.1f/%.1f save_lat=%.1f/%.1f load_lat=%.1f/%.1f\n",
+	       total, total_offline, total_online,
+	       latencies[OP_SETOFFLINE],
+	       worst_latencies[OP_SETOFFLINE],
+	       latencies[OP_GETOFFLINE],
+	       worst_latencies[OP_GETOFFLINE],
+	       latencies[OP_SAVEFILE],
+	       worst_latencies[OP_SAVEFILE],
+	       latencies[OP_LOADFILE],
+	       worst_latencies[OP_LOADFILE]);
+	fflush(stdout);
+	tevent_add_timer(ev, state, timeval_current_ofs(1, 0), report_rate, state);
+
+	for (i=0;i<OP_ENDOFLIST;i++) {
+		if (latencies[i] > worst_latencies[i]) {
+			worst_latencies[i] = latencies[i];
+		}
+		latencies[i] = 0;
+	}
+
+	/* send an echo on each interface to ensure it stays alive - this helps
+	   with IP takeover */
+	for (i=0;i<numstates;i++) {
+		struct smb_echo p;
+		struct smbcli_request *req;
+
+		if (!state[i].tree) {
+			continue;
+		}
+
+		p.in.repeat_count = 1;
+		p.in.size = 0;
+		p.in.data = NULL;
+		req = smb_raw_echo_send(state[i].tree->session->transport, &p);
+		req->async.private_data = &state[i];
+		req->async.fn      = echo_completion;
+	}
+}
+
+/*
+   test offline file handling
+*/
+bool torture_test_offline(struct torture_context *torture)
+{
+	bool ret = true;
+	TALLOC_CTX *mem_ctx = talloc_new(torture);
+	int i;
+	int timelimit = torture_setting_int(torture, "timelimit", 10);
+	struct timeval tv;
+	struct offline_state *state;
+	struct smbcli_state *cli;
+	bool progress;
+	progress = torture_setting_bool(torture, "progress", true);
+
+	nconnections = torture_setting_int(torture, "nprocs", 4);
+	numstates = nconnections * torture_entries;
+
+	state = talloc_zero_array(mem_ctx, struct offline_state, numstates);
+
+	printf("Opening %d connections with %d simultaneous operations and %u files\n", nconnections, numstates, torture_numops);
+	for (i=0;i<nconnections;i++) {
+		state[i].tctx = torture;
+		state[i].mem_ctx = talloc_new(state);
+		state[i].ev = torture->ev;
+		if (!torture_open_connection_ev(&cli, i, torture, torture->ev)) {
+			return false;
+		}
+		state[i].tree = cli->tree;
+		state[i].client = i;
+		/* allow more time for offline files */
+		state[i].tree->session->transport->options.request_timeout = 200;
+	}
+
+	/* the others are repeats on the earlier connections */
+	for (i=nconnections;i<numstates;i++) {
+		state[i].tctx = torture;
+		state[i].mem_ctx = talloc_new(state);
+		state[i].ev = torture->ev;
+		state[i].tree = state[i % nconnections].tree;
+		state[i].client = i;
+	}
+
+	num_connected = i;
+
+	if (!torture_setup_dir(cli, BASEDIR)) {
+		goto failed;
+	}
+
+	/* pre-create files */
+	printf("Pre-creating %u files ....\n", torture_numops);
+	for (i=0;i<torture_numops;i++) {
+		int fnum;
+		char *fname = filename(mem_ctx, i);
+		char buf[FILE_SIZE];
+		NTSTATUS status;
+
+		memset(buf, 1+(i % 255), sizeof(buf));
+
+		fnum = smbcli_open(state[0].tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+		if (fnum == -1) {
+			printf("Failed to open %s on connection %d\n", fname, i);
+			goto failed;
+		}
+
+		if (smbcli_write(state[0].tree, fnum, 0, buf, 0, sizeof(buf)) != sizeof(buf)) {
+			printf("Failed to write file of size %u\n", FILE_SIZE);
+			goto failed;
+		}
+
+		status = smbcli_close(state[0].tree, fnum);
+		if (!NT_STATUS_IS_OK(status)) {
+			printf("Close failed - %s\n", nt_errstr(status));
+			goto failed;
+		}
+
+		talloc_free(fname);
+	}
+
+	/* start the async ops */
+	for (i=0;i<numstates;i++) {
+		state[i].tv_start = timeval_current();
+		test_offline(&state[i]);
+	}
+
+	tv = timeval_current();
+
+	if (progress) {
+		tevent_add_timer(torture->ev, state, timeval_current_ofs(1, 0), report_rate, state);
+	}
+
+	printf("Running for %d seconds\n", timelimit);
+	while (timeval_elapsed(&tv) < timelimit) {
+		tevent_loop_once(torture->ev);
+
+		if (test_failed) {
+			DEBUG(0,("test failed\n"));
+			goto failed;
+		}
+	}
+
+	printf("\nWaiting for completion\n");
+	test_finished = true;
+	for (i=0;i<numstates;i++) {
+		while (state[i].loadfile ||
+		       state[i].savefile ||
+		       state[i].req) {
+			tevent_loop_once(torture->ev);
+		}
+	}
+
+	printf("worst latencies: set_lat=%.1f get_lat=%.1f save_lat=%.1f load_lat=%.1f\n",
+	       worst_latencies[OP_SETOFFLINE],
+	       worst_latencies[OP_GETOFFLINE],
+	       worst_latencies[OP_SAVEFILE],
+	       worst_latencies[OP_LOADFILE]);
+
+	smbcli_deltree(state[0].tree, BASEDIR);
+	talloc_free(mem_ctx);
+	printf("\n");
+	return ret;
+
+failed:
+	talloc_free(mem_ctx);
+	return false;
+}
diff --git a/source4/torture/raw/open.c b/source4/torture/raw/open.c
new file mode 100644
index 0000000..697079c
--- /dev/null
+++ b/source4/torture/raw/open.c
@@ -0,0 +1,2253 @@
+/* 
+   Unix SMB/CIFS implementation.
+   RAW_OPEN_* individual test suite
+   Copyright (C) Andrew Tridgell 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "system/time.h"
+#include "system/filesys.h"
+#include "lib/events/events.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "torture/raw/proto.h"
+
+/* enum for whether reads/writes are possible on a file */
+enum rdwr_mode {RDWR_NONE, RDWR_RDONLY, RDWR_WRONLY, RDWR_RDWR};
+
+#define BASEDIR "\\rawopen"
+
+/*
+  check if a open file can be read/written
+*/
+static enum rdwr_mode check_rdwr(struct smbcli_tree *tree, int fnum)
+{
+	uint8_t c = 1;
+	bool can_read  = (smbcli_read(tree, fnum, &c, 0, 1) == 1);
+	bool can_write = (smbcli_write(tree, fnum, 0, &c, 0, 1) == 1);
+	if ( can_read &&  can_write) return RDWR_RDWR;
+	if ( can_read && !can_write) return RDWR_RDONLY;
+	if (!can_read &&  can_write) return RDWR_WRONLY;
+	return RDWR_NONE;
+}
+
+/*
+  describe a RDWR mode as a string
+*/
+static const char *rdwr_string(enum rdwr_mode m)
+{
+	switch (m) {
+	case RDWR_NONE: return "NONE";
+	case RDWR_RDONLY: return "RDONLY";
+	case RDWR_WRONLY: return "WRONLY";
+	case RDWR_RDWR: return "RDWR";
+	}
+	return "-";
+}
+
+#define CHECK_STATUS(status, correct) do { \
+	if (!NT_STATUS_EQUAL(status, correct)) { \
+		torture_result(tctx, TORTURE_FAIL, \
+			"(%s) Incorrect status %s - should be %s\n", \
+		       __location__, nt_errstr(status), nt_errstr(correct)); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+#define CREATE_FILE do { \
+	fnum = create_complex_file(cli, tctx, fname); \
+	if (fnum == -1) { \
+		torture_result(tctx, TORTURE_FAIL, \
+			"(%s) Failed to create %s - %s\n", \
+			 __location__, fname, smbcli_errstr(cli->tree)); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+#define CHECK_RDWR(fnum, correct) do { \
+	enum rdwr_mode m = check_rdwr(cli->tree, fnum); \
+	if (m != correct) { \
+		torture_result(tctx, TORTURE_FAIL, \
+		       "(%s) Incorrect readwrite mode %s - expected %s\n", \
+		       __location__, rdwr_string(m), rdwr_string(correct)); \
+		ret = false; \
+	}} while (0)
+
+#define CHECK_TIME(t, field) do { \
+	time_t t1, t2; \
+	finfo.all_info.level = RAW_FILEINFO_ALL_INFO; \
+	finfo.all_info.in.file.path = fname; \
+	status = smb_raw_pathinfo(cli->tree, tctx, &finfo); \
+	CHECK_STATUS(status, NT_STATUS_OK); \
+	t1 = t & ~1; \
+	t2 = nt_time_to_unix(finfo.all_info.out.field) & ~1; \
+	if (labs(t1-t2) > 2) { \
+		torture_result(tctx, TORTURE_FAIL, \
+		       "(%s) wrong time for field %s  %s - %s\n", \
+		       __location__, #field, \
+		       timestring(tctx, t1), \
+		       timestring(tctx, t2)); \
+		dump_all_info(tctx, &finfo); \
+		ret = false; \
+	}} while (0)
+
+#define CHECK_NTTIME(t, field) do { \
+	NTTIME t2; \
+	finfo.all_info.level = RAW_FILEINFO_ALL_INFO; \
+	finfo.all_info.in.file.path = fname; \
+	status = smb_raw_pathinfo(cli->tree, tctx, &finfo); \
+	CHECK_STATUS(status, NT_STATUS_OK); \
+	t2 = finfo.all_info.out.field; \
+	if (llabs((int64_t)(t-t2)) > 20000) { \
+		torture_result(tctx, TORTURE_FAIL, \
+		       "(%s) wrong time for field %s  %s - %s\n", \
+		       __location__, #field, \
+		       nt_time_string(tctx, t), \
+		       nt_time_string(tctx, t2)); \
+		dump_all_info(tctx, &finfo); \
+		ret = false; \
+	}} while (0)
+
+#define CHECK_ALL_INFO(v, field) do { \
+	finfo.all_info.level = RAW_FILEINFO_ALL_INFO; \
+	finfo.all_info.in.file.path = fname; \
+	status = smb_raw_pathinfo(cli->tree, tctx, &finfo); \
+	CHECK_STATUS(status, NT_STATUS_OK); \
+	if ((v) != (finfo.all_info.out.field)) { \
+		torture_result(tctx, TORTURE_FAIL, \
+		       "(%s) wrong value for field %s  0x%x - 0x%x\n", \
+		       __location__, #field, (unsigned int)(v), (unsigned int)(finfo.all_info.out.field)); \
+		dump_all_info(tctx, &finfo); \
+		ret = false; \
+	}} while (0)
+
+#define CHECK_VAL(v, correct) do { \
+	if ((v) != (correct)) { \
+		torture_result(tctx, TORTURE_FAIL, \
+		       "(%s) wrong value for %s  0x%x - should be 0x%x\n", \
+		       __location__, #v, (unsigned int)(v), (unsigned int)(correct)); \
+		ret = false; \
+	}} while (0)
+
+#define SET_ATTRIB(sattrib) do { \
+	union smb_setfileinfo sfinfo; \
+	ZERO_STRUCT(sfinfo.basic_info.in); \
+	sfinfo.basic_info.level = RAW_SFILEINFO_BASIC_INFORMATION; \
+	sfinfo.basic_info.in.file.path = fname; \
+	sfinfo.basic_info.in.attrib = sattrib; \
+	status = smb_raw_setpathinfo(cli->tree, &sfinfo); \
+	if (!NT_STATUS_IS_OK(status)) { \
+		torture_warning(tctx, "(%s) Failed to set attrib 0x%x on %s\n", \
+		       __location__, (unsigned int)(sattrib), fname); \
+	}} while (0)
+
+/*
+  test RAW_OPEN_OPEN
+*/
+static bool test_open(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	union smb_open io;
+	union smb_fileinfo finfo;
+	const char *fname = BASEDIR "\\torture_open.txt";
+	NTSTATUS status;
+	int fnum = -1, fnum2;
+	bool ret = true;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	io.openold.level = RAW_OPEN_OPEN;
+	io.openold.in.fname = fname;
+	io.openold.in.open_mode = OPEN_FLAGS_FCB;
+	io.openold.in.search_attrs = 0;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+	fnum = io.openold.out.file.fnum;
+
+	smbcli_unlink(cli->tree, fname);
+	CREATE_FILE;
+	smbcli_close(cli->tree, fnum);
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.openold.out.file.fnum;
+	CHECK_RDWR(fnum, RDWR_RDWR);
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum2 = io.openold.out.file.fnum;
+	CHECK_RDWR(fnum2, RDWR_RDWR);
+	smbcli_close(cli->tree, fnum2);
+	smbcli_close(cli->tree, fnum);
+
+	/* check the read/write modes */
+	io.openold.level = RAW_OPEN_OPEN;
+	io.openold.in.fname = fname;
+	io.openold.in.search_attrs = 0;
+
+	io.openold.in.open_mode = OPEN_FLAGS_OPEN_READ;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.openold.out.file.fnum;
+	CHECK_RDWR(fnum, RDWR_RDONLY);
+	smbcli_close(cli->tree, fnum);
+
+	io.openold.in.open_mode = OPEN_FLAGS_OPEN_WRITE;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.openold.out.file.fnum;
+	CHECK_RDWR(fnum, RDWR_WRONLY);
+	smbcli_close(cli->tree, fnum);
+
+	io.openold.in.open_mode = OPEN_FLAGS_OPEN_RDWR;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.openold.out.file.fnum;
+	CHECK_RDWR(fnum, RDWR_RDWR);
+	smbcli_close(cli->tree, fnum);
+
+	/* check the share modes roughly - not a complete matrix */
+	io.openold.in.open_mode = OPEN_FLAGS_OPEN_RDWR | OPEN_FLAGS_DENY_WRITE;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.openold.out.file.fnum;
+	CHECK_RDWR(fnum, RDWR_RDWR);
+	
+	if (io.openold.in.open_mode != io.openold.out.rmode) {
+		torture_warning(tctx, "(%s) rmode should equal open_mode - 0x%x 0x%x\n",
+		       __location__, io.openold.out.rmode, io.openold.in.open_mode);
+	}
+
+	io.openold.in.open_mode = OPEN_FLAGS_OPEN_RDWR | OPEN_FLAGS_DENY_NONE;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_SHARING_VIOLATION);
+
+	io.openold.in.open_mode = OPEN_FLAGS_OPEN_READ | OPEN_FLAGS_DENY_NONE;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum2 = io.openold.out.file.fnum;
+	CHECK_RDWR(fnum2, RDWR_RDONLY);
+	smbcli_close(cli->tree, fnum);
+	smbcli_close(cli->tree, fnum2);
+
+
+	/* check the returned write time */
+	io.openold.level = RAW_OPEN_OPEN;
+	io.openold.in.fname = fname;
+	io.openold.in.search_attrs = 0;
+	io.openold.in.open_mode = OPEN_FLAGS_OPEN_READ;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.openold.out.file.fnum;
+
+	/* check other reply fields */
+	CHECK_TIME(io.openold.out.write_time, write_time);
+	CHECK_ALL_INFO(io.openold.out.size, size);
+	CHECK_ALL_INFO(io.openold.out.attrib, attrib & ~FILE_ATTRIBUTE_NONINDEXED);
+
+done:
+	smbcli_close(cli->tree, fnum);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+
+/*
+  test RAW_OPEN_OPENX
+*/
+static bool test_openx(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	union smb_open io;
+	union smb_fileinfo finfo;
+	const char *fname = BASEDIR "\\torture_openx.txt";
+	const char *fname_exe = BASEDIR "\\torture_openx.exe";
+	NTSTATUS status;
+	int fnum = -1, fnum2;
+	bool ret = true;
+	int i;
+	struct timeval tv;
+	struct {
+		uint16_t open_func;
+		bool with_file;
+		NTSTATUS correct_status;
+	} open_funcs[] = {
+		{ OPENX_OPEN_FUNC_OPEN, 	                  true,  NT_STATUS_OK },
+		{ OPENX_OPEN_FUNC_OPEN,  	                  false, NT_STATUS_OBJECT_NAME_NOT_FOUND },
+		{ OPENX_OPEN_FUNC_OPEN  | OPENX_OPEN_FUNC_CREATE, true,  NT_STATUS_OK },
+		{ OPENX_OPEN_FUNC_OPEN  | OPENX_OPEN_FUNC_CREATE, false, NT_STATUS_OK },
+		{ OPENX_OPEN_FUNC_FAIL, 	                  true,  NT_STATUS_DOS(ERRDOS, ERRbadaccess) },
+		{ OPENX_OPEN_FUNC_FAIL, 	                  false, NT_STATUS_DOS(ERRDOS, ERRbadaccess) },
+		{ OPENX_OPEN_FUNC_FAIL  | OPENX_OPEN_FUNC_CREATE, true,  NT_STATUS_OBJECT_NAME_COLLISION },
+		{ OPENX_OPEN_FUNC_FAIL  | OPENX_OPEN_FUNC_CREATE, false, NT_STATUS_OK },
+		{ OPENX_OPEN_FUNC_TRUNC, 	                  true,  NT_STATUS_OK },
+		{ OPENX_OPEN_FUNC_TRUNC, 	                  false, NT_STATUS_OBJECT_NAME_NOT_FOUND },
+		{ OPENX_OPEN_FUNC_TRUNC | OPENX_OPEN_FUNC_CREATE, true,  NT_STATUS_OK },
+		{ OPENX_OPEN_FUNC_TRUNC | OPENX_OPEN_FUNC_CREATE, false, NT_STATUS_OK },
+	};
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	io.openx.level = RAW_OPEN_OPENX;
+	io.openx.in.fname = fname;
+	io.openx.in.flags = OPENX_FLAGS_ADDITIONAL_INFO;
+	io.openx.in.open_mode = OPENX_MODE_ACCESS_RDWR;
+	io.openx.in.search_attrs = 0;
+	io.openx.in.file_attrs = 0;
+	io.openx.in.write_time = 0;
+	io.openx.in.size = 1024*1024;
+	io.openx.in.timeout = 0;
+
+	/* check all combinations of open_func */
+	for (i=0; i<ARRAY_SIZE(open_funcs); i++) {
+		if (open_funcs[i].with_file) {
+			fnum = create_complex_file(cli, tctx, fname);
+			if (fnum == -1) {
+				torture_result(tctx, TORTURE_FAIL,
+					"Failed to create file %s - %s\n",
+					fname, smbcli_errstr(cli->tree));
+				ret = false;
+				goto done;
+			}
+			smbcli_close(cli->tree, fnum);
+		}
+		io.openx.in.open_func = open_funcs[i].open_func;
+		status = smb_raw_open(cli->tree, tctx, &io);
+		if (!NT_STATUS_EQUAL(status, open_funcs[i].correct_status)) {
+			torture_result(tctx, TORTURE_FAIL,
+				"(%s) incorrect status %s should be %s "
+				"(i=%d with_file=%d open_func=0x%x)\n",
+				__location__, nt_errstr(status),
+				nt_errstr(open_funcs[i].correct_status),
+				i, (int)open_funcs[i].with_file,
+				open_funcs[i].open_func);
+			ret = false;
+		}
+		if (NT_STATUS_IS_OK(status)) {
+			smbcli_close(cli->tree, io.openx.out.file.fnum);
+		}
+		if (open_funcs[i].with_file) {
+			smbcli_unlink(cli->tree, fname);
+		}
+	}
+
+	smbcli_unlink(cli->tree, fname);
+
+	/* check the basic return fields */
+	io.openx.in.open_func = OPENX_OPEN_FUNC_OPEN | OPENX_OPEN_FUNC_CREATE;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.openx.out.file.fnum;
+
+	CHECK_ALL_INFO(io.openx.out.size, size);
+	CHECK_TIME(io.openx.out.write_time, write_time);
+	CHECK_ALL_INFO(io.openx.out.attrib, attrib & ~FILE_ATTRIBUTE_NONINDEXED);
+	CHECK_VAL(io.openx.out.access, OPENX_MODE_ACCESS_RDWR);
+	CHECK_VAL(io.openx.out.ftype, 0);
+	CHECK_VAL(io.openx.out.devstate, 0);
+	CHECK_VAL(io.openx.out.action, OPENX_ACTION_CREATED);
+	CHECK_VAL(io.openx.out.size, 1024*1024);
+	CHECK_ALL_INFO(io.openx.in.size, size);
+	smbcli_close(cli->tree, fnum);
+	smbcli_unlink(cli->tree, fname);
+
+	/* check the fields when the file already existed */
+	fnum2 = create_complex_file(cli, tctx, fname);
+	if (fnum2 == -1) {
+		ret = false;
+		goto done;
+	}
+	smbcli_close(cli->tree, fnum2);
+
+	io.openx.in.open_func = OPENX_OPEN_FUNC_OPEN;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.openx.out.file.fnum;
+
+	CHECK_ALL_INFO(io.openx.out.size, size);
+	CHECK_TIME(io.openx.out.write_time, write_time);
+	CHECK_VAL(io.openx.out.action, OPENX_ACTION_EXISTED);
+	CHECK_VAL(io.openx.out.unknown, 0);
+	CHECK_ALL_INFO(io.openx.out.attrib, attrib & ~FILE_ATTRIBUTE_NONINDEXED);
+	smbcli_close(cli->tree, fnum);
+
+	/* now check the search attrib for hidden files - win2003 ignores this? */
+	SET_ATTRIB(FILE_ATTRIBUTE_HIDDEN);
+	CHECK_ALL_INFO(FILE_ATTRIBUTE_HIDDEN, attrib);
+
+	io.openx.in.search_attrs = FILE_ATTRIBUTE_HIDDEN;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smbcli_close(cli->tree, io.openx.out.file.fnum);
+
+	io.openx.in.search_attrs = 0;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smbcli_close(cli->tree, io.openx.out.file.fnum);
+
+	SET_ATTRIB(FILE_ATTRIBUTE_NORMAL);
+	smbcli_unlink(cli->tree, fname);
+
+	/* and check attrib on create */
+	io.openx.in.open_func = OPENX_OPEN_FUNC_FAIL | OPENX_OPEN_FUNC_CREATE;
+	io.openx.in.search_attrs = 0;
+	io.openx.in.file_attrs = FILE_ATTRIBUTE_SYSTEM;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	if (torture_setting_bool(tctx, "samba3", false)) {
+		CHECK_ALL_INFO(FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_ARCHIVE, 
+			       attrib & ~(FILE_ATTRIBUTE_NONINDEXED|
+					  FILE_ATTRIBUTE_SPARSE));
+	}
+	else {
+		CHECK_ALL_INFO(FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_ARCHIVE, 
+			       attrib & ~(FILE_ATTRIBUTE_NONINDEXED));
+	}
+	smbcli_close(cli->tree, io.openx.out.file.fnum);
+	smbcli_unlink(cli->tree, fname);
+
+	/* check timeout on create - win2003 ignores the timeout! */
+	io.openx.in.open_func = OPENX_OPEN_FUNC_OPEN | OPENX_OPEN_FUNC_CREATE;
+	io.openx.in.file_attrs = 0;
+	io.openx.in.open_mode = OPENX_MODE_ACCESS_RDWR | OPENX_MODE_DENY_ALL;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.openx.out.file.fnum;
+
+	io.openx.in.timeout = 20000;
+	tv = timeval_current();
+	io.openx.in.open_mode = OPENX_MODE_ACCESS_RDWR | OPENX_MODE_DENY_NONE;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_SHARING_VIOLATION);
+	if (timeval_elapsed(&tv) > 3.0) {
+		torture_result(tctx, TORTURE_FAIL,
+			"(%s) Incorrect timing in openx with timeout "
+			"- waited %.2f seconds\n",
+			__location__, timeval_elapsed(&tv));
+		ret = false;
+	}
+	smbcli_close(cli->tree, fnum);
+	smbcli_unlink(cli->tree, fname);
+
+	/* now this is a really weird one - open for execute implies create?! */
+	io.openx.in.fname = fname;
+	io.openx.in.flags = OPENX_FLAGS_ADDITIONAL_INFO;
+	io.openx.in.open_mode = OPENX_MODE_ACCESS_EXEC | OPENX_MODE_DENY_NONE;
+	io.openx.in.search_attrs = 0;
+	io.openx.in.open_func = OPENX_OPEN_FUNC_FAIL;
+	io.openx.in.file_attrs = 0;
+	io.openx.in.write_time = 0;
+	io.openx.in.size = 0;
+	io.openx.in.timeout = 0;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smbcli_close(cli->tree, io.openx.out.file.fnum);
+
+	/* check the extended return flag */
+	io.openx.in.flags = OPENX_FLAGS_ADDITIONAL_INFO | OPENX_FLAGS_EXTENDED_RETURN;
+	io.openx.in.open_func = OPENX_OPEN_FUNC_OPEN;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(io.openx.out.access_mask, SEC_STD_ALL);
+	smbcli_close(cli->tree, io.openx.out.file.fnum);
+
+	io.openx.in.fname = "\\A.+,;=[].B";
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	/* Check the mapping for open exec. */
+
+	/* First create an .exe file. */
+	smbcli_unlink(cli->tree, fname_exe);
+	fnum = create_complex_file(cli, tctx, fname_exe);
+	smbcli_close(cli->tree, fnum);
+
+	io.openx.level = RAW_OPEN_OPENX;
+	io.openx.in.fname = fname_exe;
+	io.openx.in.flags = OPENX_FLAGS_ADDITIONAL_INFO;
+	io.openx.in.open_mode = OPENX_MODE_ACCESS_EXEC | OPENX_MODE_DENY_NONE;
+	io.openx.in.search_attrs = 0;
+	io.openx.in.file_attrs = 0;
+	io.openx.in.write_time = 0;
+	io.openx.in.size = 0;
+	io.openx.in.timeout = 0;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Can we read and write ? */
+	CHECK_RDWR(io.openx.out.file.fnum, RDWR_RDONLY);
+	smbcli_close(cli->tree, io.openx.out.file.fnum);
+	smbcli_unlink(cli->tree, fname);
+
+done:
+	smbcli_close(cli->tree, fnum);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+
+/*
+  test RAW_OPEN_T2OPEN
+
+  many thanks to kukks for a sniff showing how this works with os2->w2k
+*/
+static bool test_t2open(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	union smb_open io;
+	union smb_fileinfo finfo;
+	const char *fname1 = BASEDIR "\\torture_t2open_yes.txt";
+	const char *fname2 = BASEDIR "\\torture_t2open_no.txt";
+	const char *fname = BASEDIR "\\torture_t2open_3.txt";
+	NTSTATUS status;
+	int fnum;
+	bool ret = true;
+	int i;
+	struct {
+		uint16_t open_func;
+		bool with_file;
+		NTSTATUS correct_status;
+	} open_funcs[] = {
+		{ OPENX_OPEN_FUNC_OPEN, 	                  true,  NT_STATUS_OK },
+		{ OPENX_OPEN_FUNC_OPEN,  	                  false, NT_STATUS_OBJECT_NAME_NOT_FOUND },
+		{ OPENX_OPEN_FUNC_OPEN  | OPENX_OPEN_FUNC_CREATE, true,  NT_STATUS_OK },
+		{ OPENX_OPEN_FUNC_OPEN  | OPENX_OPEN_FUNC_CREATE, false, NT_STATUS_OK },
+		{ OPENX_OPEN_FUNC_FAIL, 	                  true,  NT_STATUS_OBJECT_NAME_COLLISION },
+		{ OPENX_OPEN_FUNC_FAIL, 	                  false, NT_STATUS_OBJECT_NAME_COLLISION },
+		{ OPENX_OPEN_FUNC_FAIL  | OPENX_OPEN_FUNC_CREATE, true,  NT_STATUS_OBJECT_NAME_COLLISION },
+		{ OPENX_OPEN_FUNC_FAIL  | OPENX_OPEN_FUNC_CREATE, false, NT_STATUS_OBJECT_NAME_COLLISION },
+		{ OPENX_OPEN_FUNC_TRUNC, 	                  true,  NT_STATUS_OK },
+		{ OPENX_OPEN_FUNC_TRUNC, 	                  false, NT_STATUS_OK },
+		{ OPENX_OPEN_FUNC_TRUNC | OPENX_OPEN_FUNC_CREATE, true,  NT_STATUS_OK },
+		{ OPENX_OPEN_FUNC_TRUNC | OPENX_OPEN_FUNC_CREATE, false, NT_STATUS_OK },
+	};
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	fnum = create_complex_file(cli, tctx, fname1);
+	if (fnum == -1) {
+		torture_result(tctx, TORTURE_FAIL,
+			"(%s): Failed to create file %s - %s\n",
+			__location__, fname1, smbcli_errstr(cli->tree));
+		ret = false;
+		goto done;
+	}
+	smbcli_close(cli->tree, fnum);
+
+	io.t2open.level = RAW_OPEN_T2OPEN;
+	io.t2open.in.flags = OPENX_FLAGS_ADDITIONAL_INFO;
+	io.t2open.in.open_mode = OPENX_MODE_DENY_NONE | OPENX_MODE_ACCESS_RDWR;
+	io.t2open.in.open_func = OPENX_OPEN_FUNC_OPEN | OPENX_OPEN_FUNC_CREATE;
+	io.t2open.in.search_attrs = 0;
+	io.t2open.in.file_attrs = 0;
+	io.t2open.in.write_time = 0;
+	io.t2open.in.size = 0;
+	io.t2open.in.timeout = 0;
+
+	io.t2open.in.num_eas = 3;
+	io.t2open.in.eas = talloc_array(tctx, struct ea_struct, io.t2open.in.num_eas);
+	io.t2open.in.eas[0].flags = 0;
+	io.t2open.in.eas[0].name.s = ".CLASSINFO";
+	io.t2open.in.eas[0].value = data_blob_talloc(tctx, "first value", 11);
+	io.t2open.in.eas[1].flags = 0;
+	io.t2open.in.eas[1].name.s = "EA TWO";
+	io.t2open.in.eas[1].value = data_blob_talloc(tctx, "foo", 3);
+	io.t2open.in.eas[2].flags = 0;
+	io.t2open.in.eas[2].name.s = "X THIRD";
+	io.t2open.in.eas[2].value = data_blob_talloc(tctx, "xy", 2);
+
+	/* check all combinations of open_func */
+	for (i=0; i<ARRAY_SIZE(open_funcs); i++) {
+	again:
+		if (open_funcs[i].with_file) {
+			io.t2open.in.fname = fname1;
+		} else {
+			io.t2open.in.fname = fname2;
+		}
+		io.t2open.in.open_func = open_funcs[i].open_func;
+		status = smb_raw_open(cli->tree, tctx, &io);
+		if ((io.t2open.in.num_eas != 0)
+		    && NT_STATUS_EQUAL(status, NT_STATUS_EAS_NOT_SUPPORTED)
+		    && torture_setting_bool(tctx, "samba3", false)) {
+			torture_warning(tctx, "(%s) EAs not supported, not "
+				"treating as fatal in Samba3 test\n",
+				__location__);
+			io.t2open.in.num_eas = 0;
+			goto again;
+		}
+
+		if (!NT_STATUS_EQUAL(status, open_funcs[i].correct_status)) {
+			torture_result(tctx, TORTURE_FAIL,
+				"(%s) incorrect status %s should be %s "
+				"(i=%d with_file=%d open_func=0x%x)\n",
+				 __location__, nt_errstr(status),
+				nt_errstr(open_funcs[i].correct_status),
+				i, (int)open_funcs[i].with_file,
+				open_funcs[i].open_func);
+			ret = false;
+		}
+		if (NT_STATUS_IS_OK(status)) {
+			smbcli_close(cli->tree, io.t2open.out.file.fnum);
+		}
+	}
+
+	smbcli_unlink(cli->tree, fname1);
+	smbcli_unlink(cli->tree, fname2);
+
+	/* check the basic return fields */
+	io.t2open.in.open_func = OPENX_OPEN_FUNC_OPEN | OPENX_OPEN_FUNC_CREATE;
+	io.t2open.in.write_time = 0;
+	io.t2open.in.fname = fname;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.t2open.out.file.fnum;
+
+	CHECK_ALL_INFO(io.t2open.out.size, size);
+#if 0
+	/* windows appears to leak uninitialised memory here */
+	CHECK_VAL(io.t2open.out.write_time, 0);
+#endif
+	CHECK_ALL_INFO(io.t2open.out.attrib, attrib & ~FILE_ATTRIBUTE_NONINDEXED);
+	CHECK_VAL(io.t2open.out.access, OPENX_MODE_DENY_NONE | OPENX_MODE_ACCESS_RDWR);
+	CHECK_VAL(io.t2open.out.ftype, 0);
+	CHECK_VAL(io.t2open.out.devstate, 0);
+	CHECK_VAL(io.t2open.out.action, OPENX_ACTION_CREATED);
+	smbcli_close(cli->tree, fnum);
+
+	status = torture_check_ea(cli, fname, ".CLASSINFO", "first value");
+	CHECK_STATUS(status, io.t2open.in.num_eas
+		     ? NT_STATUS_OK : NT_STATUS_EAS_NOT_SUPPORTED);
+	status = torture_check_ea(cli, fname, "EA TWO", "foo");
+	CHECK_STATUS(status, io.t2open.in.num_eas
+		     ? NT_STATUS_OK : NT_STATUS_EAS_NOT_SUPPORTED);
+	status = torture_check_ea(cli, fname, "X THIRD", "xy");
+	CHECK_STATUS(status, io.t2open.in.num_eas
+		     ? NT_STATUS_OK : NT_STATUS_EAS_NOT_SUPPORTED);
+
+	/* now check the search attrib for hidden files - win2003 ignores this? */
+	SET_ATTRIB(FILE_ATTRIBUTE_HIDDEN);
+	CHECK_ALL_INFO(FILE_ATTRIBUTE_HIDDEN, attrib);
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smbcli_close(cli->tree, io.t2open.out.file.fnum);
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smbcli_close(cli->tree, io.t2open.out.file.fnum);
+
+	SET_ATTRIB(FILE_ATTRIBUTE_NORMAL);
+	smbcli_unlink(cli->tree, fname);
+
+	/* and check attrib on create */
+	io.t2open.in.open_func = OPENX_OPEN_FUNC_FAIL | OPENX_OPEN_FUNC_CREATE;
+	io.t2open.in.file_attrs = FILE_ATTRIBUTE_SYSTEM;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* check timeout on create - win2003 ignores the timeout! */
+	io.t2open.in.open_func = OPENX_OPEN_FUNC_OPEN | OPENX_OPEN_FUNC_CREATE;
+	io.t2open.in.file_attrs = 0;
+	io.t2open.in.timeout = 20000;
+	io.t2open.in.open_mode = OPENX_MODE_ACCESS_RDWR | OPENX_MODE_DENY_ALL;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_SHARING_VIOLATION);
+
+done:
+	smbcli_close(cli->tree, fnum);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+	
+
+/*
+  test RAW_OPEN_NTCREATEX
+*/
+static bool test_ntcreatex(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	union smb_open io;
+	union smb_fileinfo finfo;
+	const char *fname = BASEDIR "\\torture_ntcreatex.txt";
+	const char *dname = BASEDIR "\\torture_ntcreatex.dir";
+	NTSTATUS status;
+	int fnum = -1;
+	bool ret = true;
+	int i;
+	struct {
+		uint32_t open_disp;
+		bool with_file;
+		NTSTATUS correct_status;
+	} open_funcs[] = {
+		{ NTCREATEX_DISP_SUPERSEDE, 	true,  NT_STATUS_OK },
+		{ NTCREATEX_DISP_SUPERSEDE, 	false, NT_STATUS_OK },
+		{ NTCREATEX_DISP_OPEN, 	        true,  NT_STATUS_OK },
+		{ NTCREATEX_DISP_OPEN, 	        false, NT_STATUS_OBJECT_NAME_NOT_FOUND },
+		{ NTCREATEX_DISP_CREATE, 	true,  NT_STATUS_OBJECT_NAME_COLLISION },
+		{ NTCREATEX_DISP_CREATE, 	false, NT_STATUS_OK },
+		{ NTCREATEX_DISP_OPEN_IF, 	true,  NT_STATUS_OK },
+		{ NTCREATEX_DISP_OPEN_IF, 	false, NT_STATUS_OK },
+		{ NTCREATEX_DISP_OVERWRITE, 	true,  NT_STATUS_OK },
+		{ NTCREATEX_DISP_OVERWRITE, 	false, NT_STATUS_OBJECT_NAME_NOT_FOUND },
+		{ NTCREATEX_DISP_OVERWRITE_IF, 	true,  NT_STATUS_OK },
+		{ NTCREATEX_DISP_OVERWRITE_IF, 	false, NT_STATUS_OK },
+		{ 6, 			        true,  NT_STATUS_INVALID_PARAMETER },
+		{ 6, 	                        false, NT_STATUS_INVALID_PARAMETER },
+	};
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	/* reasonable default parameters */
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 1024*1024;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	/* test the open disposition */
+	for (i=0; i<ARRAY_SIZE(open_funcs); i++) {
+		if (open_funcs[i].with_file) {
+			fnum = smbcli_open(cli->tree, fname, O_CREAT|O_RDWR|O_TRUNC, DENY_NONE);
+			if (fnum == -1) {
+				torture_result(tctx, TORTURE_FAIL,
+					"Failed to create file %s - %s\n",
+					fname, smbcli_errstr(cli->tree));
+				ret = false;
+				goto done;
+			}
+			smbcli_close(cli->tree, fnum);
+		}
+		io.ntcreatex.in.open_disposition = open_funcs[i].open_disp;
+		status = smb_raw_open(cli->tree, tctx, &io);
+		if (!NT_STATUS_EQUAL(status, open_funcs[i].correct_status)) {
+			torture_result(tctx, TORTURE_FAIL,
+				"(%s) incorrect status %s should be %s "
+				"(i=%d with_file=%d open_disp=%d)\n",
+				__location__, nt_errstr(status),
+				nt_errstr(open_funcs[i].correct_status),
+				i, (int)open_funcs[i].with_file,
+				(int)open_funcs[i].open_disp);
+			ret = false;
+		}
+		if (NT_STATUS_IS_OK(status) || open_funcs[i].with_file) {
+			smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+			smbcli_unlink(cli->tree, fname);
+		}
+	}
+
+	/* basic field testing */
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	CHECK_VAL(io.ntcreatex.out.oplock_level, 0);
+	CHECK_VAL(io.ntcreatex.out.create_action, NTCREATEX_ACTION_CREATED);
+	CHECK_NTTIME(io.ntcreatex.out.create_time, create_time);
+	CHECK_NTTIME(io.ntcreatex.out.access_time, access_time);
+	CHECK_NTTIME(io.ntcreatex.out.write_time, write_time);
+	CHECK_NTTIME(io.ntcreatex.out.change_time, change_time);
+	CHECK_ALL_INFO(io.ntcreatex.out.attrib, attrib);
+	CHECK_ALL_INFO(io.ntcreatex.out.alloc_size, alloc_size);
+	CHECK_ALL_INFO(io.ntcreatex.out.size, size);
+	CHECK_ALL_INFO(io.ntcreatex.out.is_directory, directory);
+	CHECK_VAL(io.ntcreatex.out.file_type, FILE_TYPE_DISK);
+
+	/* check fields when the file already existed */
+	smbcli_close(cli->tree, fnum);
+	smbcli_unlink(cli->tree, fname);
+	fnum = create_complex_file(cli, tctx, fname);
+	if (fnum == -1) {
+		ret = false;
+		goto done;
+	}
+	smbcli_close(cli->tree, fnum);
+
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	CHECK_VAL(io.ntcreatex.out.oplock_level, 0);
+	CHECK_VAL(io.ntcreatex.out.create_action, NTCREATEX_ACTION_EXISTED);
+	CHECK_NTTIME(io.ntcreatex.out.create_time, create_time);
+	CHECK_NTTIME(io.ntcreatex.out.access_time, access_time);
+	CHECK_NTTIME(io.ntcreatex.out.write_time, write_time);
+	CHECK_NTTIME(io.ntcreatex.out.change_time, change_time);
+	CHECK_ALL_INFO(io.ntcreatex.out.attrib, attrib);
+	CHECK_ALL_INFO(io.ntcreatex.out.alloc_size, alloc_size);
+	CHECK_ALL_INFO(io.ntcreatex.out.size, size);
+	CHECK_ALL_INFO(io.ntcreatex.out.is_directory, directory);
+	CHECK_VAL(io.ntcreatex.out.file_type, FILE_TYPE_DISK);
+	smbcli_close(cli->tree, fnum);
+	smbcli_unlink(cli->tree, fname);
+
+
+	/* create a directory */
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_DIRECTORY;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.fname = dname;
+	fname = dname;
+
+	smbcli_rmdir(cli->tree, fname);
+	smbcli_unlink(cli->tree, fname);
+
+	io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	CHECK_VAL(io.ntcreatex.out.oplock_level, 0);
+	CHECK_VAL(io.ntcreatex.out.create_action, NTCREATEX_ACTION_CREATED);
+	CHECK_NTTIME(io.ntcreatex.out.create_time, create_time);
+	CHECK_NTTIME(io.ntcreatex.out.access_time, access_time);
+	CHECK_NTTIME(io.ntcreatex.out.write_time, write_time);
+	CHECK_NTTIME(io.ntcreatex.out.change_time, change_time);
+	CHECK_ALL_INFO(io.ntcreatex.out.attrib, attrib);
+	CHECK_VAL(io.ntcreatex.out.attrib & ~FILE_ATTRIBUTE_NONINDEXED, 
+		  FILE_ATTRIBUTE_DIRECTORY);
+	CHECK_ALL_INFO(io.ntcreatex.out.alloc_size, alloc_size);
+	CHECK_ALL_INFO(io.ntcreatex.out.size, size);
+	CHECK_ALL_INFO(io.ntcreatex.out.is_directory, directory);
+	CHECK_VAL(io.ntcreatex.out.is_directory, 1);
+	CHECK_VAL(io.ntcreatex.out.size, 0);
+	CHECK_VAL(io.ntcreatex.out.file_type, FILE_TYPE_DISK);
+	smbcli_unlink(cli->tree, fname);
+	
+
+done:
+	smbcli_close(cli->tree, fnum);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+
+/*
+  test RAW_OPEN_NTTRANS_CREATE
+*/
+static bool test_nttrans_create(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	union smb_open io;
+	union smb_fileinfo finfo;
+	const char *fname = BASEDIR "\\torture_ntcreatex.txt";
+	const char *dname = BASEDIR "\\torture_ntcreatex.dir";
+	NTSTATUS status;
+	int fnum = -1;
+	bool ret = true;
+	int i;
+	uint32_t ok_mask, not_supported_mask, invalid_parameter_mask;
+	uint32_t not_a_directory_mask, unexpected_mask;
+	struct {
+		uint32_t open_disp;
+		bool with_file;
+		NTSTATUS correct_status;
+	} open_funcs[] = {
+		{ NTCREATEX_DISP_SUPERSEDE, 	true,  NT_STATUS_OK },
+		{ NTCREATEX_DISP_SUPERSEDE, 	false, NT_STATUS_OK },
+		{ NTCREATEX_DISP_OPEN, 	        true,  NT_STATUS_OK },
+		{ NTCREATEX_DISP_OPEN, 	        false, NT_STATUS_OBJECT_NAME_NOT_FOUND },
+		{ NTCREATEX_DISP_CREATE, 	true,  NT_STATUS_OBJECT_NAME_COLLISION },
+		{ NTCREATEX_DISP_CREATE, 	false, NT_STATUS_OK },
+		{ NTCREATEX_DISP_OPEN_IF, 	true,  NT_STATUS_OK },
+		{ NTCREATEX_DISP_OPEN_IF, 	false, NT_STATUS_OK },
+		{ NTCREATEX_DISP_OVERWRITE, 	true,  NT_STATUS_OK },
+		{ NTCREATEX_DISP_OVERWRITE, 	false, NT_STATUS_OBJECT_NAME_NOT_FOUND },
+		{ NTCREATEX_DISP_OVERWRITE_IF, 	true,  NT_STATUS_OK },
+		{ NTCREATEX_DISP_OVERWRITE_IF, 	false, NT_STATUS_OK },
+		{ 6, 			        true,  NT_STATUS_INVALID_PARAMETER },
+		{ 6, 	                        false, NT_STATUS_INVALID_PARAMETER },
+	};
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	/* reasonable default parameters */
+	io.generic.level = RAW_OPEN_NTTRANS_CREATE;
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 1024*1024;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+	io.ntcreatex.in.sec_desc = NULL;
+	io.ntcreatex.in.ea_list = NULL;
+
+	/* test the open disposition */
+	for (i=0; i<ARRAY_SIZE(open_funcs); i++) {
+		if (open_funcs[i].with_file) {
+			fnum = smbcli_open(cli->tree, fname, O_CREAT|O_RDWR|O_TRUNC, DENY_NONE);
+			if (fnum == -1) {
+				torture_result(tctx, TORTURE_FAIL,
+					"Failed to create file %s - %s\n",
+					fname, smbcli_errstr(cli->tree));
+				ret = false;
+				goto done;
+			}
+			smbcli_close(cli->tree, fnum);
+		}
+		io.ntcreatex.in.open_disposition = open_funcs[i].open_disp;
+		status = smb_raw_open(cli->tree, tctx, &io);
+		if (!NT_STATUS_EQUAL(status, open_funcs[i].correct_status)) {
+			torture_result(tctx, TORTURE_FAIL,
+				"(%s) incorrect status %s should be %s "
+				"(i=%d with_file=%d open_disp=%d)\n",
+				__location__, nt_errstr(status),
+				nt_errstr(open_funcs[i].correct_status),
+				i, (int)open_funcs[i].with_file,
+				(int)open_funcs[i].open_disp);
+			ret = false;
+		}
+		if (NT_STATUS_IS_OK(status) || open_funcs[i].with_file) {
+			smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+			smbcli_unlink(cli->tree, fname);
+		}
+	}
+
+	/* basic field testing */
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	CHECK_VAL(io.ntcreatex.out.oplock_level, 0);
+	CHECK_VAL(io.ntcreatex.out.create_action, NTCREATEX_ACTION_CREATED);
+	CHECK_NTTIME(io.ntcreatex.out.create_time, create_time);
+	CHECK_NTTIME(io.ntcreatex.out.access_time, access_time);
+	CHECK_NTTIME(io.ntcreatex.out.write_time, write_time);
+	CHECK_NTTIME(io.ntcreatex.out.change_time, change_time);
+	CHECK_ALL_INFO(io.ntcreatex.out.attrib, attrib);
+	CHECK_ALL_INFO(io.ntcreatex.out.alloc_size, alloc_size);
+	CHECK_ALL_INFO(io.ntcreatex.out.size, size);
+	CHECK_ALL_INFO(io.ntcreatex.out.is_directory, directory);
+	CHECK_VAL(io.ntcreatex.out.file_type, FILE_TYPE_DISK);
+
+	/* check fields when the file already existed */
+	smbcli_close(cli->tree, fnum);
+	smbcli_unlink(cli->tree, fname);
+	fnum = create_complex_file(cli, tctx, fname);
+	if (fnum == -1) {
+		ret = false;
+		goto done;
+	}
+	smbcli_close(cli->tree, fnum);
+
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	CHECK_VAL(io.ntcreatex.out.oplock_level, 0);
+	CHECK_VAL(io.ntcreatex.out.create_action, NTCREATEX_ACTION_EXISTED);
+	CHECK_NTTIME(io.ntcreatex.out.create_time, create_time);
+	CHECK_NTTIME(io.ntcreatex.out.access_time, access_time);
+	CHECK_NTTIME(io.ntcreatex.out.write_time, write_time);
+	CHECK_NTTIME(io.ntcreatex.out.change_time, change_time);
+	CHECK_ALL_INFO(io.ntcreatex.out.attrib, attrib);
+	CHECK_ALL_INFO(io.ntcreatex.out.alloc_size, alloc_size);
+	CHECK_ALL_INFO(io.ntcreatex.out.size, size);
+	CHECK_ALL_INFO(io.ntcreatex.out.is_directory, directory);
+	CHECK_VAL(io.ntcreatex.out.file_type, FILE_TYPE_DISK);
+	smbcli_close(cli->tree, fnum);
+
+	/* check no-recall - don't pull a file from tape on a HSM */
+	io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_NO_RECALL;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	CHECK_VAL(io.ntcreatex.out.oplock_level, 0);
+	CHECK_VAL(io.ntcreatex.out.create_action, NTCREATEX_ACTION_EXISTED);
+	CHECK_NTTIME(io.ntcreatex.out.create_time, create_time);
+	CHECK_NTTIME(io.ntcreatex.out.access_time, access_time);
+	CHECK_NTTIME(io.ntcreatex.out.write_time, write_time);
+	CHECK_NTTIME(io.ntcreatex.out.change_time, change_time);
+	CHECK_ALL_INFO(io.ntcreatex.out.attrib, attrib);
+	CHECK_ALL_INFO(io.ntcreatex.out.alloc_size, alloc_size);
+	CHECK_ALL_INFO(io.ntcreatex.out.size, size);
+	CHECK_ALL_INFO(io.ntcreatex.out.is_directory, directory);
+	CHECK_VAL(io.ntcreatex.out.file_type, FILE_TYPE_DISK);
+	smbcli_close(cli->tree, fnum);
+
+	/* Check some create options (these all should be ignored) */
+	for (i=0; i < 32; i++) {
+		uint32_t create_option =
+			((uint32_t)1 << i) & NTCREATEX_OPTIONS_MUST_IGNORE_MASK;
+		if (create_option == 0) {
+			continue;
+		}
+		io.ntcreatex.in.create_options = create_option;
+		status = smb_raw_open(cli->tree, tctx, &io);
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_warning(tctx, "ntcreatex create option 0x%08x "
+				"gave %s - should give NT_STATUS_OK\n",
+				create_option, nt_errstr(status));
+		}
+		CHECK_STATUS(status, NT_STATUS_OK);
+		fnum = io.ntcreatex.out.file.fnum;
+
+		CHECK_VAL(io.ntcreatex.out.oplock_level, 0);
+		CHECK_VAL(io.ntcreatex.out.create_action, NTCREATEX_ACTION_EXISTED);
+		CHECK_NTTIME(io.ntcreatex.out.create_time, create_time);
+		CHECK_NTTIME(io.ntcreatex.out.access_time, access_time);
+		CHECK_NTTIME(io.ntcreatex.out.write_time, write_time);
+		CHECK_NTTIME(io.ntcreatex.out.change_time, change_time);
+		CHECK_ALL_INFO(io.ntcreatex.out.attrib, attrib);
+		CHECK_ALL_INFO(io.ntcreatex.out.alloc_size, alloc_size);
+		CHECK_ALL_INFO(io.ntcreatex.out.size, size);
+		CHECK_ALL_INFO(io.ntcreatex.out.is_directory, directory);
+		CHECK_VAL(io.ntcreatex.out.file_type, FILE_TYPE_DISK);
+		smbcli_close(cli->tree, fnum);
+	}
+
+	io.ntcreatex.in.file_attr = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.access_mask     = SEC_FLAG_MAXIMUM_ALLOWED;
+
+	/* Check for options that should return NOT_SUPPORTED, OK or INVALID_PARAMETER */
+	ok_mask = 0;
+	not_supported_mask = 0;
+	invalid_parameter_mask = 0;
+	not_a_directory_mask = 0;
+	unexpected_mask = 0;
+	for (i=0; i < 32; i++) {
+		uint32_t create_option = (uint32_t)1<<i;
+		if (create_option & NTCREATEX_OPTIONS_DELETE_ON_CLOSE) {
+			continue;
+		}
+		io.ntcreatex.in.create_options = create_option;
+		status = smb_raw_open(cli->tree, tctx, &io);
+		if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
+			not_supported_mask |= create_option;
+		} else if (NT_STATUS_EQUAL(status, NT_STATUS_OK)) {
+			ok_mask |= create_option;
+			smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+		} else if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
+			invalid_parameter_mask |= create_option;
+		} else if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_A_DIRECTORY)) {
+			not_a_directory_mask |= 1<<i;
+		} else {
+			unexpected_mask |= 1<<i;
+			torture_comment(tctx, "create option 0x%08x returned %s\n",
+					create_option, nt_errstr(status));
+		}
+	}
+
+	CHECK_VAL(ok_mask,                0x00efcfce);
+	CHECK_VAL(not_a_directory_mask,   0x00000001);
+	CHECK_VAL(not_supported_mask,     0x00002000);
+	CHECK_VAL(invalid_parameter_mask, 0xff100030);
+	CHECK_VAL(unexpected_mask,        0x00000000);
+
+	smbcli_unlink(cli->tree, fname);
+
+
+	/* create a directory */
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_DIRECTORY;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.fname = dname;
+	fname = dname;
+
+	smbcli_rmdir(cli->tree, fname);
+	smbcli_unlink(cli->tree, fname);
+
+	io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	CHECK_VAL(io.ntcreatex.out.oplock_level, 0);
+	CHECK_VAL(io.ntcreatex.out.create_action, NTCREATEX_ACTION_CREATED);
+	CHECK_NTTIME(io.ntcreatex.out.create_time, create_time);
+	CHECK_NTTIME(io.ntcreatex.out.access_time, access_time);
+	CHECK_NTTIME(io.ntcreatex.out.write_time, write_time);
+	CHECK_NTTIME(io.ntcreatex.out.change_time, change_time);
+	CHECK_ALL_INFO(io.ntcreatex.out.attrib, attrib);
+	CHECK_VAL(io.ntcreatex.out.attrib & ~FILE_ATTRIBUTE_NONINDEXED, 
+		  FILE_ATTRIBUTE_DIRECTORY);
+	CHECK_ALL_INFO(io.ntcreatex.out.alloc_size, alloc_size);
+	CHECK_ALL_INFO(io.ntcreatex.out.size, size);
+	CHECK_ALL_INFO(io.ntcreatex.out.is_directory, directory);
+	CHECK_VAL(io.ntcreatex.out.is_directory, 1);
+	CHECK_VAL(io.ntcreatex.out.size, 0);
+	CHECK_VAL(io.ntcreatex.out.file_type, FILE_TYPE_DISK);
+	smbcli_unlink(cli->tree, fname);
+	
+
+done:
+	smbcli_close(cli->tree, fnum);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+/*
+  test RAW_OPEN_NTCREATEX with an already opened and byte range locked file
+
+  I've got an application that does a similar sequence of ntcreate&x,
+  locking&x and another ntcreate&x with
+  open_disposition==NTCREATEX_DISP_OVERWRITE_IF. Windows 2003 allows the
+  second open.
+*/
+static bool test_ntcreatex_brlocked(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	union smb_open io, io1;
+	union smb_lock io2;
+	struct smb_lock_entry lock[1];
+	const char *fname = BASEDIR "\\torture_ntcreatex.txt";
+	NTSTATUS status;
+	bool ret = true;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	torture_comment(tctx, "Testing ntcreatex with a byte range locked file\n");
+
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = 0x2019f;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_IMPERSONATION;
+	io.ntcreatex.in.security_flags = NTCREATEX_SECURITY_DYNAMIC |
+		NTCREATEX_SECURITY_ALL;
+	io.ntcreatex.in.fname = fname;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	io2.lockx.level = RAW_LOCK_LOCKX;
+	io2.lockx.in.file.fnum = io.ntcreatex.out.file.fnum;
+	io2.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+	io2.lockx.in.timeout = 0;
+	io2.lockx.in.ulock_cnt = 0;
+	io2.lockx.in.lock_cnt = 1;
+	lock[0].pid = cli->session->pid;
+	lock[0].offset = 0;
+	lock[0].count = 0x1;
+	io2.lockx.in.locks = &lock[0];
+	status = smb_raw_lock(cli->tree, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	io1.generic.level = RAW_OPEN_NTCREATEX;
+	io1.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
+	io1.ntcreatex.in.root_fid.fnum = 0;
+	io1.ntcreatex.in.access_mask = 0x20196;
+	io1.ntcreatex.in.alloc_size = 0;
+	io1.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io1.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io1.ntcreatex.in.open_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+	io1.ntcreatex.in.create_options = 0;
+	io1.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_IMPERSONATION;
+	io1.ntcreatex.in.security_flags = NTCREATEX_SECURITY_DYNAMIC |
+		NTCREATEX_SECURITY_ALL;
+	io1.ntcreatex.in.fname = fname;
+
+	status = smb_raw_open(cli->tree, tctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+ done:
+	smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+	smbcli_close(cli->tree, io1.ntcreatex.out.file.fnum);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+/*
+  test RAW_OPEN_MKNEW
+*/
+static bool test_mknew(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	union smb_open io;
+	const char *fname = BASEDIR "\\torture_mknew.txt";
+	NTSTATUS status;
+	int fnum = -1;
+	bool ret = true;
+	time_t basetime = (time(NULL) + 3600*24*3) & ~1;
+	union smb_fileinfo finfo;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	io.mknew.level = RAW_OPEN_MKNEW;
+	io.mknew.in.attrib = 0;
+	io.mknew.in.write_time = 0;
+	io.mknew.in.fname = fname;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.mknew.out.file.fnum;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_COLLISION);
+
+	smbcli_close(cli->tree, fnum);
+	smbcli_unlink(cli->tree, fname);
+
+	/* make sure write_time works */
+	io.mknew.in.write_time = basetime;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.mknew.out.file.fnum;
+	CHECK_TIME(basetime, write_time);
+
+	smbcli_close(cli->tree, fnum);
+	smbcli_unlink(cli->tree, fname);
+
+	/* make sure file_attrs works */
+	io.mknew.in.attrib = FILE_ATTRIBUTE_HIDDEN;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.mknew.out.file.fnum;
+	CHECK_ALL_INFO(FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_ARCHIVE, 
+		       attrib & ~FILE_ATTRIBUTE_NONINDEXED);
+	
+done:
+	smbcli_close(cli->tree, fnum);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+
+/*
+  test RAW_OPEN_CREATE
+*/
+static bool test_create(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	union smb_open io;
+	const char *fname = BASEDIR "\\torture_create.txt";
+	NTSTATUS status;
+	int fnum = -1;
+	bool ret = true;
+	time_t basetime = (time(NULL) + 3600*24*3) & ~1;
+	union smb_fileinfo finfo;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	io.create.level = RAW_OPEN_CREATE;
+	io.create.in.attrib = 0;
+	io.create.in.write_time = 0;
+	io.create.in.fname = fname;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.create.out.file.fnum;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	smbcli_close(cli->tree, io.create.out.file.fnum);
+	smbcli_close(cli->tree, fnum);
+	smbcli_unlink(cli->tree, fname);
+
+	/* make sure write_time works */
+	io.create.in.write_time = basetime;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.create.out.file.fnum;
+	CHECK_TIME(basetime, write_time);
+
+	smbcli_close(cli->tree, fnum);
+	smbcli_unlink(cli->tree, fname);
+
+	/* make sure file_attrs works */
+	io.create.in.attrib = FILE_ATTRIBUTE_HIDDEN;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.create.out.file.fnum;
+	CHECK_ALL_INFO(FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_ARCHIVE, 
+		       attrib & ~FILE_ATTRIBUTE_NONINDEXED);
+	
+done:
+	smbcli_close(cli->tree, fnum);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+
+/*
+  test RAW_OPEN_CTEMP
+*/
+static bool test_ctemp(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	union smb_open io;
+	NTSTATUS status;
+	int fnum = -1;
+	bool ret = true;
+	time_t basetime = (time(NULL) + 3600*24*3) & ~1;
+	union smb_fileinfo finfo;
+	const char *name, *fname = NULL;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	io.ctemp.level = RAW_OPEN_CTEMP;
+	io.ctemp.in.attrib = FILE_ATTRIBUTE_HIDDEN;
+	io.ctemp.in.write_time = basetime;
+	io.ctemp.in.directory = BASEDIR;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ctemp.out.file.fnum;
+
+	name = io.ctemp.out.name;
+
+	finfo.generic.level = RAW_FILEINFO_NAME_INFO;
+	finfo.generic.in.file.fnum = fnum;
+	status = smb_raw_fileinfo(cli->tree, tctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	fname = finfo.name_info.out.fname.s;
+	torture_comment(tctx, "ctemp name=%s  real name=%s\n", name, fname);
+
+done:
+	smbcli_close(cli->tree, fnum);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+
+/*
+  test chained RAW_OPEN_OPENX_READX
+*/
+static bool test_chained(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	union smb_open io;
+	const char *fname = BASEDIR "\\torture_chained.txt";
+	NTSTATUS status;
+	int fnum = -1;
+	bool ret = true;
+	const char buf[] = "test";
+	char buf2[4];
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	fnum = create_complex_file(cli, tctx, fname);
+
+	smbcli_write(cli->tree, fnum, 0, buf, 0, sizeof(buf));
+
+	smbcli_close(cli->tree, fnum);	
+
+	io.openxreadx.level = RAW_OPEN_OPENX_READX;
+	io.openxreadx.in.fname = fname;
+	io.openxreadx.in.flags = OPENX_FLAGS_ADDITIONAL_INFO;
+	io.openxreadx.in.open_mode = OPENX_MODE_ACCESS_RDWR;
+	io.openxreadx.in.open_func = OPENX_OPEN_FUNC_OPEN;
+	io.openxreadx.in.search_attrs = 0;
+	io.openxreadx.in.file_attrs = 0;
+	io.openxreadx.in.write_time = 0;
+	io.openxreadx.in.size = 1024*1024;
+	io.openxreadx.in.timeout = 0;
+	
+	io.openxreadx.in.offset = 0;
+	io.openxreadx.in.mincnt = sizeof(buf2);
+	io.openxreadx.in.maxcnt = sizeof(buf2);
+	io.openxreadx.in.remaining = 0;
+	io.openxreadx.out.data = (uint8_t *)buf2;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.openxreadx.out.file.fnum;
+
+	if (memcmp(buf, buf2, MIN(sizeof(buf), sizeof(buf2))) != 0) {
+		torture_result(tctx, TORTURE_FAIL,
+			"wrong data in reply buffer\n");
+		ret = false;
+	}
+
+done:
+	smbcli_close(cli->tree, fnum);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+/*
+  test RAW_OPEN_OPENX without a leading slash on the path.
+  NetApp filers are known to fail on this.
+  
+*/
+static bool test_no_leading_slash(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	union smb_open io;
+	const char *fname = BASEDIR "\\torture_no_leading_slash.txt";
+	NTSTATUS status;
+	int fnum = -1;
+	bool ret = true;
+	const char buf[] = "test";
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	smbcli_unlink(cli->tree, fname);
+
+	/* Create the file */
+	fnum = create_complex_file(cli, tctx, fname);
+	smbcli_write(cli->tree, fnum, 0, buf, 0, sizeof(buf));
+	smbcli_close(cli->tree, fnum);	
+
+	/* Prepare to open the file using path without leading slash */
+	io.openx.level = RAW_OPEN_OPENX;
+	io.openx.in.fname = fname + 1;
+	io.openx.in.flags = OPENX_FLAGS_ADDITIONAL_INFO;
+	io.openx.in.open_mode = OPENX_MODE_ACCESS_RDWR;
+	io.openx.in.open_func = OPENX_OPEN_FUNC_OPEN;
+	io.openx.in.search_attrs = 0;
+	io.openx.in.file_attrs = 0;
+	io.openx.in.write_time = 0;
+	io.openx.in.size = 1024*1024;
+	io.openx.in.timeout = 0;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.openx.out.file.fnum;
+
+done:
+	smbcli_close(cli->tree, fnum);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+/*
+  test RAW_OPEN_OPENX against an existing directory to
+  ensure it returns NT_STATUS_FILE_IS_A_DIRECTORY.
+  Samba 3.2.0 - 3.2.6 are known to fail this.
+  
+*/
+static bool test_openx_over_dir(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	union smb_open io;
+	const char *fname = BASEDIR "\\openx_over_dir";
+	NTSTATUS status;
+	int d_fnum = -1;
+	int fnum = -1;
+	bool ret = true;
+
+	ZERO_STRUCT(io);
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	/* Create the Directory */
+	status = create_directory_handle(cli->tree, fname, &d_fnum);
+	smbcli_close(cli->tree, d_fnum);	
+
+	/* Prepare to open the file over the directory. */
+	io.openx.level = RAW_OPEN_OPENX;
+	io.openx.in.fname = fname;
+	io.openx.in.flags = OPENX_FLAGS_ADDITIONAL_INFO;
+	io.openx.in.open_mode = OPENX_MODE_ACCESS_RDWR;
+	io.openx.in.open_func = OPENX_OPEN_FUNC_OPEN;
+	io.openx.in.search_attrs = 0;
+	io.openx.in.file_attrs = 0;
+	io.openx.in.write_time = 0;
+	io.openx.in.size = 1024*1024;
+	io.openx.in.timeout = 0;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_IS_A_DIRECTORY);
+	fnum = io.openx.out.file.fnum;
+
+done:
+	smbcli_close(cli->tree, fnum);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+
+/* A little torture test to expose a race condition in Samba 3.0.20 ... :-) */
+
+static bool test_raw_open_multi(struct torture_context *tctx, struct smbcli_state *cli_ignored)
+{
+	struct smbcli_state *cli;
+	TALLOC_CTX *mem_ctx = talloc_init("torture_test_oplock_multi");
+	const char *fname = "\\test_oplock.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	struct smbcli_state **clients;
+	struct smbcli_request **requests;
+	union smb_open *ios;
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *share = torture_setting_string(tctx, "share", NULL);
+	int i, num_files = 3;
+	int num_ok = 0;
+	int num_collision = 0;
+	
+	clients = talloc_array(mem_ctx, struct smbcli_state *, num_files);
+	requests = talloc_array(mem_ctx, struct smbcli_request *, num_files);
+	ios = talloc_array(mem_ctx, union smb_open, num_files);
+	if ((tctx->ev == NULL) || (clients == NULL) || (requests == NULL) ||
+	    (ios == NULL)) {
+		torture_result(tctx, TORTURE_FAIL, "(%s): talloc failed\n",
+				__location__);
+		return false;
+	}
+
+	if (!torture_open_connection_share(mem_ctx, &cli, tctx, host, share, tctx->ev)) {
+		return false;
+	}
+
+	cli->tree->session->transport->options.request_timeout = 60;
+
+	for (i=0; i<num_files; i++) {
+		if (!torture_open_connection_share(mem_ctx, &(clients[i]),
+						   tctx, host, share, tctx->ev)) {
+			torture_result(tctx, TORTURE_FAIL,
+				       "(%s): Could not open %d'th connection\n",
+				       __location__, i);
+			return false;
+		}
+		clients[i]->tree->session->transport->options.request_timeout = 60;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli->tree, fname);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE|
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+	io.ntcreatex.in.flags = 0;
+
+	for (i=0; i<num_files; i++) {
+		ios[i] = io;
+		requests[i] = smb_raw_open_send(clients[i]->tree, &ios[i]);
+		if (requests[i] == NULL) {
+			torture_result(tctx, TORTURE_FAIL,
+				"(%s): could not send %d'th request\n",
+				__location__, i);
+			return false;
+		}
+	}
+
+	torture_comment(tctx, "waiting for replies\n");
+	while (1) {
+		bool unreplied = false;
+		for (i=0; i<num_files; i++) {
+			if (requests[i] == NULL) {
+				continue;
+			}
+			if (requests[i]->state < SMBCLI_REQUEST_DONE) {
+				unreplied = true;
+				break;
+			}
+			status = smb_raw_open_recv(requests[i], mem_ctx,
+						   &ios[i]);
+
+			torture_comment(tctx, "File %d returned status %s\n", i,
+				  nt_errstr(status));
+
+			if (NT_STATUS_IS_OK(status)) {
+				num_ok += 1;
+			} 
+
+			if (NT_STATUS_EQUAL(status,
+					    NT_STATUS_OBJECT_NAME_COLLISION)) {
+				num_collision += 1;
+			}
+
+			requests[i] = NULL;
+		}
+		if (!unreplied) {
+			break;
+		}
+
+		if (tevent_loop_once(tctx->ev) != 0) {
+			torture_result(tctx, TORTURE_FAIL,
+				"(%s): tevent_loop_once failed\n", __location__);
+			return false;
+		}
+	}
+
+	if ((num_ok != 1) || (num_ok + num_collision != num_files)) {
+		ret = false;
+	}
+
+	for (i=0; i<num_files; i++) {
+		torture_close_connection(clients[i]);
+	}
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+/*
+  test opening for delete on a read-only attribute file.
+*/
+static bool test_open_for_delete(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	union smb_open io;
+	union smb_fileinfo finfo;
+	const char *fname = BASEDIR "\\torture_open_for_delete.txt";
+	NTSTATUS status;
+	int fnum = -1;
+	bool ret = true;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	/* reasonable default parameters */
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_READONLY;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	/* Create the readonly file. */
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	CHECK_VAL(io.ntcreatex.out.oplock_level, 0);
+	io.ntcreatex.in.create_options = 0;
+	CHECK_VAL(io.ntcreatex.out.create_action, NTCREATEX_ACTION_CREATED);
+	CHECK_ALL_INFO(io.ntcreatex.out.attrib, attrib);
+	smbcli_close(cli->tree, fnum);
+
+	/* Now try and open for delete only - should succeed. */
+	io.ntcreatex.in.access_mask = SEC_STD_DELETE;
+	io.ntcreatex.in.file_attr = 0;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE | NTCREATEX_SHARE_ACCESS_DELETE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	smbcli_unlink(cli->tree, fname);
+
+done:
+	smbcli_close(cli->tree, fnum);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+/*
+  test chained RAW_OPEN_NTCREATEX_READX
+  Send chained NTCREATEX_READX on a file that doesn't exist, then create
+  the file and try again.
+*/
+static bool test_chained_ntcreatex_readx(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	union smb_open io;
+	const char *fname = BASEDIR "\\torture_chained.txt";
+	NTSTATUS status;
+	int fnum = -1;
+	bool ret = true;
+	const char buf[] = "test";
+	char buf2[4];
+
+	ZERO_STRUCT(io);
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	torture_comment(tctx, "Checking RAW_NTCREATEX_READX chained on "
+			      "non-existent file \n");
+
+	/* ntcreatex parameters */
+	io.generic.level = RAW_OPEN_NTCREATEX_READX;
+	io.ntcreatexreadx.in.flags = 0;
+	io.ntcreatexreadx.in.root_fid.fnum = 0;
+	io.ntcreatexreadx.in.access_mask = SEC_FILE_READ_DATA;
+	io.ntcreatexreadx.in.alloc_size = 0;
+	io.ntcreatexreadx.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatexreadx.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE | NTCREATEX_SHARE_ACCESS_DELETE;
+	io.ntcreatexreadx.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io.ntcreatexreadx.in.create_options = 0;
+	io.ntcreatexreadx.in.impersonation = NTCREATEX_IMPERSONATION_IMPERSONATION;
+	io.ntcreatexreadx.in.security_flags = 0;
+	io.ntcreatexreadx.in.fname = fname;
+
+	/* readx parameters */
+	io.ntcreatexreadx.in.offset = 0;
+	io.ntcreatexreadx.in.mincnt = sizeof(buf2);
+	io.ntcreatexreadx.in.maxcnt = sizeof(buf2);
+	io.ntcreatexreadx.in.remaining = 0;
+	io.ntcreatexreadx.out.data = (uint8_t *)buf2;
+
+	/* try to open the non-existent file */
+	status = smb_raw_open(cli->tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+	fnum = io.ntcreatexreadx.out.file.fnum;
+
+	smbcli_close(cli->tree, fnum);
+	smbcli_unlink(cli->tree, fname);
+
+	torture_comment(tctx, "Checking RAW_NTCREATEX_READX chained on "
+			      "existing file \n");
+
+	fnum = create_complex_file(cli, mem_ctx, fname);
+	smbcli_write(cli->tree, fnum, 0, buf, 0, sizeof(buf));
+	smbcli_close(cli->tree, fnum);
+
+	status = smb_raw_open(cli->tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatexreadx.out.file.fnum;
+
+	if (memcmp(buf, buf2, MIN(sizeof(buf), sizeof(buf2))) != 0) {
+		torture_result(tctx, TORTURE_FAIL,
+			"(%s): wrong data in reply buffer\n", __location__);
+		ret = false;
+	}
+
+done:
+	smbcli_close(cli->tree, fnum);
+	smbcli_deltree(cli->tree, BASEDIR);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+static bool test_ntcreatex_opendisp_dir(struct torture_context *tctx,
+					struct smbcli_state *cli)
+{
+	const char *dname = BASEDIR "\\torture_ntcreatex_opendisp_dir";
+	NTSTATUS status;
+	bool ret = true;
+	int i;
+	struct {
+		uint32_t open_disp;
+		bool dir_exists;
+		NTSTATUS correct_status;
+	} open_funcs_dir[] = {
+		{ NTCREATEX_DISP_SUPERSEDE,     true,  NT_STATUS_INVALID_PARAMETER },
+		{ NTCREATEX_DISP_SUPERSEDE,     false, NT_STATUS_INVALID_PARAMETER },
+		{ NTCREATEX_DISP_OPEN,          true,  NT_STATUS_OK },
+		{ NTCREATEX_DISP_OPEN,          false, NT_STATUS_OBJECT_NAME_NOT_FOUND },
+		{ NTCREATEX_DISP_CREATE,        true,  NT_STATUS_OBJECT_NAME_COLLISION },
+		{ NTCREATEX_DISP_CREATE,        false, NT_STATUS_OK },
+		{ NTCREATEX_DISP_OPEN_IF,       true,  NT_STATUS_OK },
+		{ NTCREATEX_DISP_OPEN_IF,       false, NT_STATUS_OK },
+		{ NTCREATEX_DISP_OVERWRITE,     true,  NT_STATUS_INVALID_PARAMETER },
+		{ NTCREATEX_DISP_OVERWRITE,     false, NT_STATUS_INVALID_PARAMETER },
+		{ NTCREATEX_DISP_OVERWRITE_IF,  true,  NT_STATUS_INVALID_PARAMETER },
+		{ NTCREATEX_DISP_OVERWRITE_IF,  false, NT_STATUS_INVALID_PARAMETER },
+		{ 6,                            true,  NT_STATUS_INVALID_PARAMETER },
+		{ 6,                            false, NT_STATUS_INVALID_PARAMETER },
+	};
+	union smb_open io;
+
+	ZERO_STRUCT(io);
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
+	io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_DIRECTORY;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.ntcreatex.in.fname = dname;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	smbcli_rmdir(cli->tree, dname);
+	smbcli_unlink(cli->tree, dname);
+
+	/* test the open disposition for directories */
+	torture_comment(tctx, "Testing open dispositions for directories...\n");
+
+	for (i=0; i<ARRAY_SIZE(open_funcs_dir); i++) {
+		if (open_funcs_dir[i].dir_exists) {
+			status = smbcli_mkdir(cli->tree, dname);
+			if (!NT_STATUS_IS_OK(status)) {
+				torture_result(tctx, TORTURE_FAIL,
+					"(%s): Failed to make directory "
+					"%s - %s\n", __location__, dname,
+					smbcli_errstr(cli->tree));
+				ret = false;
+				goto done;
+			}
+		}
+
+		io.ntcreatex.in.open_disposition = open_funcs_dir[i].open_disp;
+		status = smb_raw_open(cli->tree, tctx, &io);
+		if (!NT_STATUS_EQUAL(status, open_funcs_dir[i].correct_status)) {
+			torture_result(tctx, TORTURE_FAIL,
+				"(%s) incorrect status %s should be %s "
+				"(i=%d dir_exists=%d open_disp=%d)\n",
+				__location__, nt_errstr(status),
+				nt_errstr(open_funcs_dir[i].correct_status),
+				i, (int)open_funcs_dir[i].dir_exists,
+				(int)open_funcs_dir[i].open_disp);
+			ret = false;
+		}
+		if (NT_STATUS_IS_OK(status) || open_funcs_dir[i].dir_exists) {
+			smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+			smbcli_rmdir(cli->tree, dname);
+		}
+	}
+
+done:
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+/**
+ * Test what happens when trying to open a file with directory parameters and
+ * vice-versa.  Also test that NTCREATEX_OPTIONS_DIRECTORY is treated as
+ * mandatory and FILE_ATTRIBUTE_DIRECTORY is advisory for directory
+ * creation/opening.
+ */
+static bool test_ntcreatexdir(struct torture_context *tctx,
+    struct smbcli_state *cli)
+{
+	union smb_open io;
+	const char *fname = BASEDIR "\\torture_ntcreatex.txt";
+	const char *dname = BASEDIR "\\torture_ntcreatex_dir";
+	NTSTATUS status;
+	int i;
+
+	struct {
+		uint32_t open_disp;
+		uint32_t file_attr;
+		uint32_t create_options;
+		NTSTATUS correct_status;
+	} open_funcs[] = {
+		{ NTCREATEX_DISP_SUPERSEDE, 	0, NTCREATEX_OPTIONS_DIRECTORY,
+		  NT_STATUS_INVALID_PARAMETER },
+		{ NTCREATEX_DISP_OPEN, 	        0, NTCREATEX_OPTIONS_DIRECTORY,
+		  NT_STATUS_OBJECT_NAME_NOT_FOUND },
+		{ NTCREATEX_DISP_CREATE, 	0, NTCREATEX_OPTIONS_DIRECTORY,
+		  NT_STATUS_OK },
+		{ NTCREATEX_DISP_OPEN_IF, 	0, NTCREATEX_OPTIONS_DIRECTORY,
+		  NT_STATUS_OK },
+		{ NTCREATEX_DISP_OVERWRITE, 	0, NTCREATEX_OPTIONS_DIRECTORY,
+		  NT_STATUS_INVALID_PARAMETER },
+		{ NTCREATEX_DISP_OVERWRITE_IF, 	0, NTCREATEX_OPTIONS_DIRECTORY,
+		  NT_STATUS_INVALID_PARAMETER },
+		{ NTCREATEX_DISP_SUPERSEDE, 	FILE_ATTRIBUTE_DIRECTORY, 0,
+		  NT_STATUS_OK },
+		{ NTCREATEX_DISP_OPEN, 	        FILE_ATTRIBUTE_DIRECTORY, 0,
+		  NT_STATUS_OBJECT_NAME_NOT_FOUND },
+		{ NTCREATEX_DISP_CREATE, 	FILE_ATTRIBUTE_DIRECTORY, 0,
+		  NT_STATUS_OK },
+		{ NTCREATEX_DISP_OPEN_IF, 	FILE_ATTRIBUTE_DIRECTORY, 0,
+		  NT_STATUS_OK },
+		{ NTCREATEX_DISP_OVERWRITE, 	FILE_ATTRIBUTE_DIRECTORY, 0,
+		  NT_STATUS_OBJECT_NAME_NOT_FOUND },
+		{ NTCREATEX_DISP_OVERWRITE_IF, 	FILE_ATTRIBUTE_DIRECTORY, 0,
+		  NT_STATUS_OK },
+
+	};
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	/* setup some base params. */
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	/*
+	 * Test the validity checking for create dispositions, which is done
+	 * against the requested parameters rather than what's actually on
+	 * disk.
+	 */
+	for (i=0; i<ARRAY_SIZE(open_funcs); i++) {
+		io.ntcreatex.in.open_disposition = open_funcs[i].open_disp;
+		io.ntcreatex.in.file_attr = open_funcs[i].file_attr;
+		io.ntcreatex.in.create_options = open_funcs[i].create_options;
+		status = smb_raw_open(cli->tree, tctx, &io);
+		if (!NT_STATUS_EQUAL(status, open_funcs[i].correct_status)) {
+			torture_result(tctx, TORTURE_FAIL,
+				"(%s) incorrect status %s should be %s "
+				"(i=%d open_disp=%d)\n",
+				__location__, nt_errstr(status),
+				nt_errstr(open_funcs[i].correct_status),
+				i, (int)open_funcs[i].open_disp);
+			return false;
+		}
+		/* Close and delete the file. */
+		if (NT_STATUS_IS_OK(status)) {
+			if (open_funcs[i].create_options != 0) {
+				/* out attrib should be a directory. */
+				torture_assert_int_equal(tctx,
+				    io.ntcreatex.out.attrib,
+				    FILE_ATTRIBUTE_DIRECTORY, "should have "
+				    "created a directory");
+
+				smbcli_close(cli->tree,
+				    io.ntcreatex.out.file.fnum);
+
+				/* Make sure unlink fails. */
+				status = smbcli_unlink(cli->tree, fname);
+				torture_assert_ntstatus_equal(tctx, status,
+				    NT_STATUS_FILE_IS_A_DIRECTORY,
+				    "unlink should fail for a directory");
+
+				status = smbcli_rmdir(cli->tree, fname);
+				torture_assert_ntstatus_ok(tctx, status,
+				    "rmdir failed");
+			} else {
+				torture_assert_int_equal(tctx,
+				    io.ntcreatex.out.attrib,
+				    FILE_ATTRIBUTE_ARCHIVE, "should not have "
+				    "created a directory");
+
+				smbcli_close(cli->tree,
+				    io.ntcreatex.out.file.fnum);
+
+				/* Make sure rmdir fails. */
+				status = smbcli_rmdir(cli->tree, fname);
+				torture_assert_ntstatus_equal(tctx, status,
+				    NT_STATUS_NOT_A_DIRECTORY,
+				    "rmdir should fail for a file");
+
+				status = smbcli_unlink(cli->tree, fname);
+				torture_assert_ntstatus_ok(tctx, status,
+				    "unlink failed");
+			}
+		}
+	}
+
+	/* Create a file. */
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	torture_assert_ntstatus_ok(tctx, status, "Failed to create file.");
+	smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+
+	/* Try and open the file with file_attr_dir and check the error. */
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_DIRECTORY;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	torture_assert_ntstatus_ok(tctx, status, "FILE_ATTRIBUTE_DIRECTORY "
+	    "doesn't produce a hard failure.");
+	smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+
+	/* Try and open file with createx_option_dir and check the error. */
+	io.ntcreatex.in.file_attr = 0;
+	io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_NOT_A_DIRECTORY,
+	    "NTCREATEX_OPTIONS_DIRECTORY will a file from being opened.");
+	smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+
+	/* Delete the file and move onto directory testing. */
+	smbcli_unlink(cli->tree, fname);
+
+	/* Now try some tests on a directory. */
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.file_attr = 0;
+	io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.ntcreatex.in.fname = dname;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	torture_assert_ntstatus_ok(tctx, status, "Failed to create dir.");
+
+	/* out attrib should be a directory. */
+	torture_assert_int_equal(tctx, io.ntcreatex.out.attrib,
+	    FILE_ATTRIBUTE_DIRECTORY, "should have created a directory");
+
+	smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+
+	/* Try and open it with normal attr and check the error. */
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	torture_assert_ntstatus_ok(tctx, status, "FILE_ATTRIBUTE_NORMAL "
+	    "doesn't produce a hard failure.");
+	smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+
+	/* Try and open it with file create_options and check the error. */
+	io.ntcreatex.in.file_attr = 0;
+	io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	torture_assert_ntstatus_equal(tctx, status,
+	    NT_STATUS_FILE_IS_A_DIRECTORY,
+	    "NTCREATEX_OPTIONS_NON_DIRECTORY_FILE should be returned ");
+	smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return true;
+}
+
+/*
+  test opening with truncate on an already open file
+  returns share violation and doesn't truncate the file.
+  Regression test for bug #10671.
+*/
+static bool test_open_for_truncate(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	union smb_open io;
+	union smb_fileinfo finfo;
+	const char *fname = BASEDIR "\\torture_open_for_truncate.txt";
+	NTSTATUS status;
+	int fnum = -1;
+	ssize_t val = 0;
+	char c = '\0';
+	bool ret = true;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR),
+		"Failed to setup up test directory: " BASEDIR);
+
+	torture_comment(tctx, "Testing open truncate disposition.\n");
+
+	/* reasonable default parameters */
+	ZERO_STRUCT(io);
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	/* Write a byte at offset 1k-1. */
+	val =smbcli_write(cli->tree, fnum, 0, &c, 1023, 1);
+	torture_assert_int_equal(tctx, val, 1, "write failed\n");
+
+	/* Now try and open for read/write with truncate - should fail. */
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_WRITE|SEC_RIGHTS_FILE_READ;
+	io.ntcreatex.in.file_attr = 0;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+			NTCREATEX_SHARE_ACCESS_WRITE |
+			NTCREATEX_SHARE_ACCESS_DELETE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OVERWRITE;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_SHARING_VIOLATION);
+
+	/* Ensure file size is still 1k */
+	finfo.generic.level = RAW_FILEINFO_GETATTRE;
+	finfo.generic.in.file.fnum = fnum;
+	status = smb_raw_fileinfo(cli->tree, tctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(finfo.getattre.out.size, 1024);
+
+	smbcli_close(cli->tree, fnum);
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	/* Ensure truncate actually works */
+	finfo.generic.level = RAW_FILEINFO_GETATTRE;
+	finfo.generic.in.file.fnum = fnum;
+	status = smb_raw_fileinfo(cli->tree, tctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(finfo.getattre.out.size, 0);
+
+	smbcli_close(cli->tree, fnum);
+	smbcli_unlink(cli->tree, fname);
+
+done:
+	smbcli_close(cli->tree, fnum);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+/**
+ * Test for file size to be 0 after create with FILE_SUPERSEDE
+ */
+static bool test_ntcreatex_supersede(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	union smb_open io;
+	union smb_setfileinfo sfi;
+	union smb_fileinfo finfo;
+	const char *fname = BASEDIR "\\torture_ntcreatex_supersede.txt";
+	NTSTATUS status;
+	int fnum = -1;
+	bool ret = true;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	/* reasonable default parameters */
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	CHECK_VAL(io.ntcreatex.out.oplock_level, 0);
+	CHECK_VAL(io.ntcreatex.out.create_action, NTCREATEX_ACTION_CREATED);
+	CHECK_NTTIME(io.ntcreatex.out.create_time, create_time);
+	CHECK_NTTIME(io.ntcreatex.out.access_time, access_time);
+	CHECK_NTTIME(io.ntcreatex.out.write_time, write_time);
+	CHECK_NTTIME(io.ntcreatex.out.change_time, change_time);
+	CHECK_ALL_INFO(io.ntcreatex.out.attrib, attrib);
+	CHECK_ALL_INFO(io.ntcreatex.out.alloc_size, alloc_size);
+	CHECK_ALL_INFO(io.ntcreatex.out.size, size);
+	CHECK_ALL_INFO(io.ntcreatex.out.is_directory, directory);
+	CHECK_VAL(io.ntcreatex.out.file_type, FILE_TYPE_DISK);
+
+	/* extend the file size */
+	ZERO_STRUCT(sfi);
+	sfi.generic.level = RAW_SFILEINFO_END_OF_FILE_INFO;
+	sfi.generic.in.file.fnum = fnum;
+	sfi.end_of_file_info.in.size = 512;
+	status = smb_raw_setfileinfo(cli->tree, &sfi);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* close the file and re-open with to verify new size */
+	smbcli_close(cli->tree, fnum);
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_READ;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	CHECK_VAL(io.ntcreatex.out.oplock_level, 0);
+	CHECK_VAL(io.ntcreatex.out.create_action, NTCREATEX_ACTION_EXISTED);
+	CHECK_NTTIME(io.ntcreatex.out.create_time, create_time);
+	CHECK_NTTIME(io.ntcreatex.out.access_time, access_time);
+	CHECK_NTTIME(io.ntcreatex.out.write_time, write_time);
+	CHECK_NTTIME(io.ntcreatex.out.change_time, change_time);
+	CHECK_ALL_INFO(io.ntcreatex.out.attrib, attrib);
+	CHECK_ALL_INFO(io.ntcreatex.out.alloc_size, alloc_size);
+	CHECK_VAL(io.ntcreatex.out.size, 512);
+	CHECK_ALL_INFO(io.ntcreatex.out.is_directory, directory);
+	CHECK_VAL(io.ntcreatex.out.file_type, FILE_TYPE_DISK);
+
+	/* close and re-open the file with SUPERSEDE flag */
+	smbcli_close(cli->tree, fnum);
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_SUPERSEDE;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_READ;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.create_options = 0;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	/* The file size in the superseded create response should be 0 */
+	CHECK_VAL(io.ntcreatex.out.size, 0);
+	CHECK_VAL(io.ntcreatex.out.oplock_level, 0);
+	CHECK_VAL(io.ntcreatex.out.create_action, FILE_WAS_SUPERSEDED);
+	CHECK_NTTIME(io.ntcreatex.out.create_time, create_time);
+	CHECK_NTTIME(io.ntcreatex.out.access_time, access_time);
+	CHECK_ALL_INFO(io.ntcreatex.out.attrib, attrib);
+	CHECK_ALL_INFO(io.ntcreatex.out.alloc_size, alloc_size);
+	CHECK_ALL_INFO(io.ntcreatex.out.is_directory, directory);
+	CHECK_VAL(io.ntcreatex.out.file_type, FILE_TYPE_DISK);
+done:
+	smbcli_close(cli->tree, fnum);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+/* basic testing of all RAW_OPEN_* calls
+*/
+struct torture_suite *torture_raw_open(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "open");
+
+	torture_suite_add_1smb_test(suite, "brlocked", test_ntcreatex_brlocked);
+	torture_suite_add_1smb_test(suite, "open", test_open);
+	torture_suite_add_1smb_test(suite, "open-multi", test_raw_open_multi);
+	torture_suite_add_1smb_test(suite, "openx", test_openx);
+	torture_suite_add_1smb_test(suite, "ntcreatex", test_ntcreatex);
+	torture_suite_add_1smb_test(suite, "nttrans-create", test_nttrans_create);
+	torture_suite_add_1smb_test(suite, "t2open", test_t2open);
+	torture_suite_add_1smb_test(suite, "mknew", test_mknew);
+	torture_suite_add_1smb_test(suite, "create", test_create);
+	torture_suite_add_1smb_test(suite, "ctemp", test_ctemp);
+	torture_suite_add_1smb_test(suite, "chained-openx", test_chained);
+	torture_suite_add_1smb_test(suite, "chained-ntcreatex", test_chained_ntcreatex_readx);
+	torture_suite_add_1smb_test(suite, "no-leading-slash", test_no_leading_slash);
+	torture_suite_add_1smb_test(suite, "openx-over-dir", test_openx_over_dir);
+	torture_suite_add_1smb_test(suite, "open-for-delete", test_open_for_delete);
+	torture_suite_add_1smb_test(suite, "opendisp-dir", test_ntcreatex_opendisp_dir);
+	torture_suite_add_1smb_test(suite, "ntcreatedir", test_ntcreatexdir);
+	torture_suite_add_1smb_test(suite, "open-for-truncate", test_open_for_truncate);
+	torture_suite_add_1smb_test(suite, "ntcreatex_supersede", test_ntcreatex_supersede);
+
+	return suite;
+}
diff --git a/source4/torture/raw/openbench.c b/source4/torture/raw/openbench.c
new file mode 100644
index 0000000..8349f6e
--- /dev/null
+++ b/source4/torture/raw/openbench.c
@@ -0,0 +1,502 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   open benchmark
+
+   Copyright (C) Andrew Tridgell 2007
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/torture.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "system/time.h"
+#include "system/filesys.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "lib/events/events.h"
+#include "lib/cmdline/cmdline.h"
+#include "libcli/composite/composite.h"
+#include "libcli/smb_composite/smb_composite.h"
+#include "libcli/resolve/resolve.h"
+#include "param/param.h"
+#include "torture/raw/proto.h"
+#include "libcli/smb/smbXcli_base.h"
+#include "../lib/util/util_net.h"
+
+#define BASEDIR "\\benchopen"
+
+static int nprocs;
+static int open_failed;
+static int close_failed;
+static char **fnames;
+static int num_connected;
+static struct tevent_timer *report_te;
+
+struct benchopen_state {
+	struct torture_context *tctx;
+	TALLOC_CTX *mem_ctx;
+	struct tevent_context *ev;
+	struct smbcli_state *cli;
+	struct smbcli_tree *tree;
+	int client_num;
+	int close_fnum;
+	int open_fnum;
+	int close_file_num;
+	int open_file_num;
+	int pending_file_num;
+	int next_file_num;
+	int count;
+	int lastcount;
+	union smb_open open_parms;
+	int open_retries;
+	union smb_close close_parms;
+	struct smbcli_request *req_open;
+	struct smbcli_request *req_close;
+	struct smb_composite_connect reconnect;
+	struct tevent_timer *te;
+
+	/* these are used for reconnections */
+	const char **dest_ports;
+	const char *dest_host;
+	const char *called_name;
+	const char *service_type;
+};
+
+static void next_open(struct benchopen_state *state);
+static void reopen_connection(struct tevent_context *ev, struct tevent_timer *te, 
+			      struct timeval t, void *private_data);
+
+
+/*
+  complete an async reconnect
+ */
+static void reopen_connection_complete(struct composite_context *ctx)
+{
+	struct benchopen_state *state = (struct benchopen_state *)ctx->async.private_data;
+	NTSTATUS status;
+	struct smb_composite_connect *io = &state->reconnect;
+
+	status = smb_composite_connect_recv(ctx, state->mem_ctx);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(state->te);
+		state->te = tevent_add_timer(state->ev, state->mem_ctx,
+					    timeval_current_ofs(1,0), 
+					    reopen_connection, state);
+		return;
+	}
+
+	state->tree = io->out.tree;
+
+	num_connected++;
+
+	DEBUG(0,("[%u] reconnect to %s finished (%u connected)\n",
+		 state->client_num, state->dest_host, num_connected));
+
+	state->open_fnum = -1;
+	state->close_fnum = -1;
+	next_open(state);
+}
+
+	
+
+/*
+  reopen a connection
+ */
+static void reopen_connection(struct tevent_context *ev, struct tevent_timer *te, 
+			      struct timeval t, void *private_data)
+{
+	struct benchopen_state *state = (struct benchopen_state *)private_data;
+	struct composite_context *ctx;
+	struct smb_composite_connect *io = &state->reconnect;
+	char *host, *share;
+
+	state->te = NULL;
+
+	if (!torture_get_conn_index(state->client_num, state->mem_ctx, state->tctx, &host, &share)) {
+		DEBUG(0,("Can't find host/share for reconnect?!\n"));
+		exit(1);
+	}
+
+	io->in.dest_host    = state->dest_host;
+	io->in.dest_ports   = state->dest_ports;
+	io->in.socket_options = lpcfg_socket_options(state->tctx->lp_ctx);
+	io->in.called_name  = state->called_name;
+	io->in.service      = share;
+	io->in.service_type = state->service_type;
+	io->in.credentials  = samba_cmdline_get_creds();
+	io->in.fallback_to_anonymous = false;
+	io->in.workgroup    = lpcfg_workgroup(state->tctx->lp_ctx);
+	io->in.gensec_settings = lpcfg_gensec_settings(state->mem_ctx, state->tctx->lp_ctx);
+	lpcfg_smbcli_options(state->tctx->lp_ctx, &io->in.options);
+	lpcfg_smbcli_session_options(state->tctx->lp_ctx, &io->in.session_options);
+
+	/* kill off the remnants of the old connection */
+	talloc_free(state->tree);
+	state->tree = NULL;
+	state->open_fnum = -1;
+	state->close_fnum = -1;
+
+	ctx = smb_composite_connect_send(io, state->mem_ctx, 
+					 lpcfg_resolve_context(state->tctx->lp_ctx),
+					 state->ev);
+	if (ctx == NULL) {
+		DEBUG(0,("Failed to setup async reconnect\n"));
+		exit(1);
+	}
+
+	ctx->async.fn = reopen_connection_complete;
+	ctx->async.private_data = state;
+}
+
+static void open_completed(struct smbcli_request *req);
+static void close_completed(struct smbcli_request *req);
+
+
+static void next_open(struct benchopen_state *state)
+{
+	state->count++;
+
+	state->pending_file_num = state->next_file_num;
+	state->next_file_num = (state->next_file_num+1) % (3*nprocs);
+
+	DEBUG(2,("[%d] opening %u\n", state->client_num, state->pending_file_num));
+	state->open_parms.ntcreatex.level = RAW_OPEN_NTCREATEX;
+	state->open_parms.ntcreatex.in.flags = 0;
+	state->open_parms.ntcreatex.in.root_fid.fnum = 0;
+	state->open_parms.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	state->open_parms.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	state->open_parms.ntcreatex.in.alloc_size = 0;
+	state->open_parms.ntcreatex.in.share_access = 0;
+	state->open_parms.ntcreatex.in.open_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+	state->open_parms.ntcreatex.in.create_options = 0;
+	state->open_parms.ntcreatex.in.impersonation = 0;
+	state->open_parms.ntcreatex.in.security_flags = 0;
+	state->open_parms.ntcreatex.in.fname = fnames[state->pending_file_num];
+
+	state->req_open = smb_raw_open_send(state->tree, &state->open_parms);
+	state->req_open->async.fn = open_completed;
+	state->req_open->async.private_data = state;
+}
+
+
+static void next_close(struct benchopen_state *state)
+{
+	if (state->close_fnum == -1) {
+		return;
+	}
+	DEBUG(2,("[%d] closing %d (fnum[%d])\n",
+		 state->client_num, state->close_file_num, state->close_fnum));
+	state->close_parms.close.level = RAW_CLOSE_CLOSE;
+	state->close_parms.close.in.file.fnum = state->close_fnum;
+	state->close_parms.close.in.write_time = 0;
+
+	state->req_close = smb_raw_close_send(state->tree, &state->close_parms);
+	state->req_close->async.fn = close_completed;
+	state->req_close->async.private_data = state;
+}
+
+/*
+  called when a open completes
+*/
+static void open_completed(struct smbcli_request *req)
+{
+	struct benchopen_state *state = (struct benchopen_state *)req->async.private_data;
+	TALLOC_CTX *tmp_ctx = talloc_new(state->mem_ctx);
+	NTSTATUS status;
+
+	status = smb_raw_open_recv(req, tmp_ctx, &state->open_parms);
+
+	talloc_free(tmp_ctx);
+
+	state->req_open = NULL;
+
+	if (NT_STATUS_EQUAL(status, NT_STATUS_END_OF_FILE) ||
+	    NT_STATUS_EQUAL(status, NT_STATUS_LOCAL_DISCONNECT) ||
+	    NT_STATUS_EQUAL(status, NT_STATUS_CONNECTION_RESET)) {
+		talloc_free(state->tree);
+		talloc_free(state->cli);
+		state->tree = NULL;
+		state->cli = NULL;
+		num_connected--;	
+		DEBUG(0,("[%u] reopening connection to %s\n",
+			 state->client_num, state->dest_host));
+		talloc_free(state->te);
+		state->te = tevent_add_timer(state->ev, state->mem_ctx,
+					    timeval_current_ofs(1,0), 
+					    reopen_connection, state);
+		return;
+	}
+
+	if (NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION)) {
+		DEBUG(2,("[%d] retrying open %d\n",
+			 state->client_num, state->pending_file_num));
+		state->open_retries++;
+		state->req_open = smb_raw_open_send(state->tree, &state->open_parms);
+		state->req_open->async.fn = open_completed;
+		state->req_open->async.private_data = state;
+		return;
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		open_failed++;
+		DEBUG(0,("[%u] open failed %d - %s\n",
+			 state->client_num, state->pending_file_num,
+			 nt_errstr(status)));
+		return;
+	}
+
+	state->close_file_num = state->open_file_num;
+	state->close_fnum = state->open_fnum;
+	state->open_file_num = state->pending_file_num;
+	state->open_fnum = state->open_parms.ntcreatex.out.file.fnum;
+
+	DEBUG(2,("[%d] open completed %d (fnum[%d])\n",
+		 state->client_num, state->open_file_num, state->open_fnum));
+
+	if (state->close_fnum != -1) {
+		next_close(state);
+	}
+
+	next_open(state);
+}	
+
+/*
+  called when a close completes
+*/
+static void close_completed(struct smbcli_request *req)
+{
+	struct benchopen_state *state = (struct benchopen_state *)req->async.private_data;
+	NTSTATUS status = smbcli_request_simple_recv(req);
+
+	state->req_close = NULL;
+
+	if (NT_STATUS_EQUAL(status, NT_STATUS_END_OF_FILE) ||
+	    NT_STATUS_EQUAL(status, NT_STATUS_LOCAL_DISCONNECT) ||
+	    NT_STATUS_EQUAL(status, NT_STATUS_CONNECTION_RESET)) {
+		talloc_free(state->tree);
+		talloc_free(state->cli);
+		state->tree = NULL;
+		state->cli = NULL;
+		num_connected--;	
+		DEBUG(0,("[%u] reopening connection to %s\n",
+			 state->client_num, state->dest_host));
+		talloc_free(state->te);
+		state->te = tevent_add_timer(state->ev, state->mem_ctx,
+					    timeval_current_ofs(1,0), 
+					    reopen_connection, state);
+		return;
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		close_failed++;
+		DEBUG(0,("[%u] close failed %d (fnum[%d]) - %s\n",
+			 state->client_num, state->close_file_num,
+			 state->close_fnum,
+			 nt_errstr(status)));
+		return;
+	}
+
+	DEBUG(2,("[%d] close completed %d (fnum[%d])\n",
+		 state->client_num, state->close_file_num,
+		 state->close_fnum));
+}	
+
+static void echo_completion(struct smbcli_request *req)
+{
+	struct benchopen_state *state = (struct benchopen_state *)req->async.private_data;
+	NTSTATUS status = smbcli_request_simple_recv(req);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_END_OF_FILE) ||
+	    NT_STATUS_EQUAL(status, NT_STATUS_LOCAL_DISCONNECT) ||
+	    NT_STATUS_EQUAL(status, NT_STATUS_CONNECTION_RESET)) {
+		talloc_free(state->tree);
+		state->tree = NULL;
+		num_connected--;	
+		DEBUG(0,("[%u] reopening connection to %s\n",
+			 state->client_num, state->dest_host));
+		talloc_free(state->te);
+		state->te = tevent_add_timer(state->ev, state->mem_ctx,
+					    timeval_current_ofs(1,0), 
+					    reopen_connection, state);
+	}
+}
+
+static void report_rate(struct tevent_context *ev, struct tevent_timer *te, 
+			struct timeval t, void *private_data)
+{
+	struct benchopen_state *state = talloc_get_type(private_data, 
+							struct benchopen_state);
+	int i;
+	for (i=0;i<nprocs;i++) {
+		printf("%5u ", (unsigned)(state[i].count - state[i].lastcount));
+		state[i].lastcount = state[i].count;
+	}
+	printf("\r");
+	fflush(stdout);
+	report_te = tevent_add_timer(ev, state, timeval_current_ofs(1, 0),
+				    report_rate, state);
+
+	/* send an echo on each interface to ensure it stays alive - this helps
+	   with IP takeover */
+	for (i=0;i<nprocs;i++) {
+		struct smb_echo p;
+		struct smbcli_request *req;
+
+		if (!state[i].tree) {
+			continue;
+		}
+
+		p.in.repeat_count = 1;
+		p.in.size = 0;
+		p.in.data = NULL;
+		req = smb_raw_echo_send(state[i].tree->session->transport, &p);
+		req->async.private_data = &state[i];
+		req->async.fn      = echo_completion;
+	}
+}
+
+/* 
+   benchmark open calls
+*/
+bool torture_bench_open(struct torture_context *torture)
+{
+	bool ret = true;
+	TALLOC_CTX *mem_ctx = talloc_new(torture);
+	int i;
+	int timelimit = torture_setting_int(torture, "timelimit", 10);
+	struct timeval tv;
+	struct benchopen_state *state;
+	int total = 0;
+	int total_retries = 0;
+	int minops = 0;
+	bool progress=false;
+
+	progress = torture_setting_bool(torture, "progress", true);
+	
+	nprocs = torture_setting_int(torture, "nprocs", 4);
+
+	state = talloc_zero_array(mem_ctx, struct benchopen_state, nprocs);
+
+	printf("Opening %d connections\n", nprocs);
+	for (i=0;i<nprocs;i++) {
+		const struct sockaddr_storage *dest_ss;
+		char addrstr[INET6_ADDRSTRLEN];
+		const char *dest_str;
+		uint16_t dest_port;
+
+		state[i].tctx = torture;
+		state[i].mem_ctx = talloc_new(state);
+		state[i].client_num = i;
+		state[i].ev = torture->ev;
+		if (!torture_open_connection_ev(&state[i].cli, i, torture, torture->ev)) {
+			return false;
+		}
+		talloc_steal(state[i].mem_ctx, state[i].cli);
+		state[i].tree = state[i].cli->tree;
+
+		dest_ss = smbXcli_conn_remote_sockaddr(
+				state[i].tree->session->transport->conn);
+		dest_str = print_sockaddr(addrstr, sizeof(addrstr), dest_ss);
+		dest_port = get_sockaddr_port(dest_ss);
+
+		state[i].dest_host = talloc_strdup(state[i].mem_ctx, dest_str);
+		state[i].dest_ports = talloc_array(state[i].mem_ctx, 
+						   const char *, 2);
+		state[i].dest_ports[0] = talloc_asprintf(state[i].dest_ports, 
+							 "%u", dest_port);
+		state[i].dest_ports[1] = NULL;
+		state[i].called_name  = talloc_strdup(state[i].mem_ctx,
+				smbXcli_conn_remote_name(state[i].tree->session->transport->conn));
+		state[i].service_type = talloc_strdup(state[i].mem_ctx, "?????");
+	}
+
+	num_connected = i;
+
+	if (!torture_setup_dir(state[0].cli, BASEDIR)) {
+		goto failed;
+	}
+
+	fnames = talloc_array(mem_ctx, char *, 3*nprocs);
+	for (i=0;i<3*nprocs;i++) {
+		fnames[i] = talloc_asprintf(fnames, "%s\\file%d.dat", BASEDIR, i);
+	}
+
+	for (i=0;i<nprocs;i++) {
+		/* all connections start with the same file */
+		state[i].next_file_num = 0;
+		state[i].open_fnum = -1;
+		state[i].close_fnum = -1;
+		next_open(&state[i]);
+	}
+
+	tv = timeval_current();	
+
+	if (progress) {
+		report_te = tevent_add_timer(torture->ev, state, timeval_current_ofs(1, 0),
+					    report_rate, state);
+	}
+
+	printf("Running for %d seconds\n", timelimit);
+	while (timeval_elapsed(&tv) < timelimit) {
+		tevent_loop_once(torture->ev);
+
+		if (open_failed) {
+			DEBUG(0,("open failed\n"));
+			goto failed;
+		}
+		if (close_failed) {
+			DEBUG(0,("open failed\n"));
+			goto failed;
+		}
+	}
+
+	talloc_free(report_te);
+	if (progress) {
+		for (i=0;i<nprocs;i++) {
+			printf("      ");
+		}
+		printf("\r");
+	}
+
+	minops = state[0].count;
+	for (i=0;i<nprocs;i++) {
+		total += state[i].count;
+		total_retries += state[i].open_retries;
+		printf("[%d] %u ops (%u retries)\n",
+		       i, state[i].count, state[i].open_retries);
+		if (state[i].count < minops) minops = state[i].count;
+	}
+	printf("%.2f ops/second (%d retries)\n",
+	       total/timeval_elapsed(&tv), total_retries);
+	if (minops < 0.5*total/nprocs) {
+		printf("Failed: unbalanced open\n");
+		goto failed;
+	}
+
+	for (i=0;i<nprocs;i++) {
+		talloc_free(state[i].req_open);
+		talloc_free(state[i].req_close);
+		smb_raw_exit(state[i].tree->session);
+	}
+
+	smbcli_deltree(state[0].tree, BASEDIR);
+	talloc_free(mem_ctx);
+	return ret;
+
+failed:
+	talloc_free(mem_ctx);
+	return false;
+}
diff --git a/source4/torture/raw/oplock.c b/source4/torture/raw/oplock.c
new file mode 100644
index 0000000..173d5ca
--- /dev/null
+++ b/source4/torture/raw/oplock.c
@@ -0,0 +1,4672 @@
+/* 
+   Unix SMB/CIFS implementation.
+   basic raw test suite for oplocks
+   Copyright (C) Andrew Tridgell 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "lib/events/events.h"
+#include "param/param.h"
+#include "lib/cmdline/cmdline.h"
+#include "libcli/resolve/resolve.h"
+#include "torture/raw/proto.h"
+
+#define CHECK_VAL(v, correct) do { \
+	if ((v) != (correct)) { \
+		torture_result(tctx, TORTURE_FAIL, "(%s): wrong value for %s got 0x%x - should be 0x%x\n", \
+				__location__, #v, (int)v, (int)correct); \
+		ret = false; \
+	}} while (0)
+
+#define CHECK_RANGE(v, min, max) do {					\
+	if ((v) < (min) || (v) > (max)) {				\
+		torture_warning(tctx, "(%s): wrong value for %s got "	\
+		    "%d - should be between %d and %d\n",		\
+		    __location__, #v, (int)v, (int)min, (int)max);	\
+	}} while (0)
+
+#define CHECK_STRMATCH(v, correct) do { \
+	if (!v || strstr((v),(correct)) == NULL) { \
+		torture_result(tctx, TORTURE_FAIL,  "(%s): wrong value for %s got '%s' - should be '%s'\n", \
+				__location__, #v, v?v:"NULL", correct); \
+		ret = false; \
+	} \
+} while (0)
+
+#define CHECK_STATUS(tctx, status, correct) do { \
+	if (!NT_STATUS_EQUAL(status, correct)) { \
+		torture_result(tctx, TORTURE_FAIL, __location__": Incorrect status %s - should be %s", \
+		       nt_errstr(status), nt_errstr(correct)); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+
+static struct {
+	int fnum;
+	uint8_t level;
+	int count;
+	int failures;
+} break_info;
+
+#define BASEDIR "\\test_oplock"
+
+/*
+  a handler function for oplock break requests. Ack it as a break to level II if possible
+*/
+static bool oplock_handler_ack_to_given(struct smbcli_transport *transport,
+					uint16_t tid, uint16_t fnum,
+					uint8_t level, void *private_data)
+{
+	struct smbcli_tree *tree = (struct smbcli_tree *)private_data;
+	const char *name;
+
+	break_info.fnum = fnum;
+	break_info.level = level;
+	break_info.count++;
+
+	switch (level) {
+	case OPLOCK_BREAK_TO_LEVEL_II:
+		name = "level II";
+		break;
+	case OPLOCK_BREAK_TO_NONE:
+		name = "none";
+		break;
+	default:
+		name = "unknown";
+		break_info.failures++;
+	}
+	printf("Acking to %s [0x%02X] in oplock handler\n",
+		name, level);
+
+	return smbcli_oplock_ack(tree, fnum, level);
+}
+
+/*
+  a handler function for oplock break requests. Ack it as a break to none
+*/
+static bool oplock_handler_ack_to_none(struct smbcli_transport *transport, 
+				       uint16_t tid, uint16_t fnum, 
+				       uint8_t level, void *private_data)
+{
+	struct smbcli_tree *tree = (struct smbcli_tree *)private_data;
+	break_info.fnum = fnum;
+	break_info.level = level;
+	break_info.count++;
+
+	printf("Acking to none in oplock handler\n");
+
+	return smbcli_oplock_ack(tree, fnum, OPLOCK_BREAK_TO_NONE);
+}
+
+/*
+  a handler function for oplock break requests. Let it timeout
+*/
+static bool oplock_handler_timeout(struct smbcli_transport *transport,
+				   uint16_t tid, uint16_t fnum,
+				   uint8_t level, void *private_data)
+{
+	break_info.fnum = fnum;
+	break_info.level = level;
+	break_info.count++;
+
+	printf("Let oplock break timeout\n");
+	return true;
+}
+
+static void oplock_handler_close_recv(struct smbcli_request *req)
+{
+	NTSTATUS status;
+	status = smbcli_request_simple_recv(req);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("close failed in oplock_handler_close\n");
+		break_info.failures++;
+	}
+}
+
+/*
+  a handler function for oplock break requests - close the file
+*/
+static bool oplock_handler_close(struct smbcli_transport *transport, uint16_t tid, 
+				 uint16_t fnum, uint8_t level, void *private_data)
+{
+	union smb_close io;
+	struct smbcli_tree *tree = (struct smbcli_tree *)private_data;
+	struct smbcli_request *req;
+
+	break_info.fnum = fnum;
+	break_info.level = level;
+	break_info.count++;
+
+	io.close.level = RAW_CLOSE_CLOSE;
+	io.close.in.file.fnum = fnum;
+	io.close.in.write_time = 0;
+	req = smb_raw_close_send(tree, &io);
+	if (req == NULL) {
+		printf("failed to send close in oplock_handler_close\n");
+		return false;
+	}
+
+	req->async.fn = oplock_handler_close_recv;
+	req->async.private_data = NULL;
+
+	return true;
+}
+
+static bool open_connection_no_level2_oplocks(struct torture_context *tctx,
+					      struct smbcli_state **c)
+{
+	NTSTATUS status;
+	struct smbcli_options options;
+	struct smbcli_session_options session_options;
+
+	lpcfg_smbcli_options(tctx->lp_ctx, &options);
+	lpcfg_smbcli_session_options(tctx->lp_ctx, &session_options);
+
+	options.use_level2_oplocks = false;
+
+	status = smbcli_full_connection(tctx, c,
+					torture_setting_string(tctx, "host", NULL),
+					lpcfg_smb_ports(tctx->lp_ctx),
+					torture_setting_string(tctx, "share", NULL),
+					NULL, lpcfg_socket_options(tctx->lp_ctx),
+					samba_cmdline_get_creds(),
+					lpcfg_resolve_context(tctx->lp_ctx),
+					tctx->ev, &options, &session_options,
+					lpcfg_gensec_settings(tctx, tctx->lp_ctx));
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "Failed to open connection - %s\n",
+				nt_errstr(status));
+		return false;
+	}
+
+	return true;
+}
+
+/*
+   Timer handler function notifies the registering function that time is up
+*/
+static void timeout_cb(struct tevent_context *ev,
+		       struct tevent_timer *te,
+		       struct timeval current_time,
+		       void *private_data)
+{
+	bool *timesup = (bool *)private_data;
+	*timesup = true;
+	return;
+}
+
+/*
+   Wait a short period of time to receive a single oplock break request
+*/
+static void torture_wait_for_oplock_break(struct torture_context *tctx)
+{
+	TALLOC_CTX *tmp_ctx = talloc_new(NULL);
+	struct tevent_timer *te = NULL;
+	struct timeval ne;
+	bool timesup = false;
+	int old_count = break_info.count;
+
+	/* Wait .1 seconds for an oplock break */
+	ne = tevent_timeval_current_ofs(0, 100000);
+
+	if ((te = tevent_add_timer(tctx->ev, tmp_ctx, ne, timeout_cb, &timesup))
+	    == NULL)
+	{
+		torture_comment(tctx, "Failed to wait for an oplock break. "
+				      "test results may not be accurate.");
+		goto done;
+	}
+
+	while (!timesup && break_info.count < old_count + 1) {
+		if (tevent_loop_once(tctx->ev) != 0) {
+			torture_comment(tctx, "Failed to wait for an oplock "
+					      "break. test results may not be "
+					      "accurate.");
+			goto done;
+		}
+	}
+
+done:
+	/* We don't know if the timed event fired and was freed, we received
+	 * our oplock break, or some other event triggered the loop.  Thus,
+	 * we create a tmp_ctx to be able to safely free/remove the timed
+	 * event in all 3 cases. */
+	talloc_free(tmp_ctx);
+
+	return;
+}
+
+static uint8_t get_break_level1_to_none_count(struct torture_context *tctx)
+{
+	return torture_setting_bool(tctx, "2_step_break_to_none", false) ?
+	    2 : 1;
+}
+
+static uint8_t get_setinfo_break_count(struct torture_context *tctx)
+{
+	if (TARGET_IS_W2K12(tctx)) {
+		return 2;
+	}
+	if (TARGET_IS_SAMBA3(tctx)) {
+		return 2;
+	}
+	return 1;
+}
+
+static bool test_raw_oplock_exclusive1(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\test_exclusive1.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	union smb_unlink unl;
+	uint16_t fnum=0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	torture_comment(tctx, "EXCLUSIVE1: open a file with an exclusive oplock (share mode: none)\n");
+	ZERO_STRUCT(break_info);
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED | NTCREATEX_FLAGS_REQUEST_OPLOCK;
+
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, EXCLUSIVE_OPLOCK_RETURN);
+
+	torture_comment(tctx, "a 2nd open should not cause a break\n");
+	status = smb_raw_open(cli2->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_SHARING_VIOLATION);
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.failures, 0);
+
+	torture_comment(tctx, "unlink it - should also be no break\n");
+	unl.unlink.in.pattern = fname;
+	unl.unlink.in.attrib = 0;
+	status = smb_raw_unlink(cli2->tree, &unl);
+	CHECK_STATUS(tctx, status, NT_STATUS_SHARING_VIOLATION);
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.failures, 0);
+
+	smbcli_close(cli1->tree, fnum);
+
+done:
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+static bool test_raw_oplock_exclusive2(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\test_exclusive2.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	union smb_unlink unl;
+	uint16_t fnum=0, fnum2=0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	torture_comment(tctx, "EXCLUSIVE2: open a file with an exclusive oplock (share mode: all)\n");
+	ZERO_STRUCT(break_info);
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED | NTCREATEX_FLAGS_REQUEST_OPLOCK;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE|
+		NTCREATEX_SHARE_ACCESS_DELETE;
+
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, EXCLUSIVE_OPLOCK_RETURN);
+
+	torture_comment(tctx, "a 2nd open should cause a break to level 2\n");
+	status = smb_raw_open(cli2->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum2 = io.ntcreatex.out.file.fnum;
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(io.ntcreatex.out.oplock_level, LEVEL_II_OPLOCK_RETURN);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.fnum, fnum);
+	CHECK_VAL(break_info.level, OPLOCK_BREAK_TO_LEVEL_II);
+	CHECK_VAL(break_info.failures, 0);
+	ZERO_STRUCT(break_info);
+
+	/* now we have 2 level II oplocks... */
+	torture_comment(tctx, "try to unlink it - should not cause a break, but a sharing violation\n");
+	unl.unlink.in.pattern = fname;
+	unl.unlink.in.attrib = 0;
+	status = smb_raw_unlink(cli2->tree, &unl);
+	CHECK_STATUS(tctx, status, NT_STATUS_SHARING_VIOLATION);
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.failures, 0);
+
+	torture_comment(tctx, "close 1st handle\n");
+	smbcli_close(cli1->tree, fnum);
+
+	torture_comment(tctx, "try to unlink it - should not cause a break, but a sharing violation\n");
+	unl.unlink.in.pattern = fname;
+	unl.unlink.in.attrib = 0;
+	status = smb_raw_unlink(cli2->tree, &unl);
+	CHECK_STATUS(tctx, status, NT_STATUS_SHARING_VIOLATION);
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.failures, 0);
+
+	torture_comment(tctx, "close 2nd handle\n");
+	smbcli_close(cli2->tree, fnum2);
+
+	torture_comment(tctx, "unlink it\n");
+	unl.unlink.in.pattern = fname;
+	unl.unlink.in.attrib = 0;
+	status = smb_raw_unlink(cli2->tree, &unl);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.failures, 0);
+
+done:
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+static bool test_raw_oplock_exclusive3(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\test_exclusive3.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	union smb_setfileinfo sfi;
+	uint16_t fnum=0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	torture_comment(tctx, "EXCLUSIVE3: open a file with an exclusive oplock (share mode: none)\n");
+
+	ZERO_STRUCT(break_info);
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED | NTCREATEX_FLAGS_REQUEST_OPLOCK;
+
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, EXCLUSIVE_OPLOCK_RETURN);
+
+	torture_comment(tctx, "setpathinfo EOF should trigger a break to none\n");
+	ZERO_STRUCT(sfi);
+	sfi.generic.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
+	sfi.generic.in.file.path = fname;
+	sfi.end_of_file_info.in.size = 100;
+
+	status = smb_raw_setpathinfo(cli2->tree, &sfi);
+
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, get_setinfo_break_count(tctx));
+	CHECK_VAL(break_info.failures, 0);
+	CHECK_VAL(break_info.level, OPLOCK_BREAK_TO_NONE);
+
+	smbcli_close(cli1->tree, fnum);
+
+done:
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+static bool test_raw_oplock_exclusive4(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\test_exclusive4.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	uint16_t fnum=0, fnum2=0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	torture_comment(tctx, "EXCLUSIVE4: open with exclusive oplock\n");
+	ZERO_STRUCT(break_info);
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED | NTCREATEX_FLAGS_REQUEST_OPLOCK;
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, EXCLUSIVE_OPLOCK_RETURN);
+
+	ZERO_STRUCT(break_info);
+	torture_comment(tctx, "second open with attributes only shouldn't cause oplock break\n");
+
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED | NTCREATEX_FLAGS_REQUEST_OPLOCK;
+	io.ntcreatex.in.access_mask = SEC_FILE_READ_ATTRIBUTE|SEC_FILE_WRITE_ATTRIBUTE|SEC_STD_SYNCHRONIZE;
+	status = smb_raw_open(cli2->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum2 = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, NO_OPLOCK_RETURN);
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.failures, 0);
+
+	/*
+	 * Open another non-stat open. This reproduces bug 10216. Make sure it
+	 * won't happen again...
+	 */
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FILE_READ_DATA;
+	status = smb_raw_open(cli2->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_SHARING_VIOLATION);
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.failures, 0);
+
+	smbcli_close(cli1->tree, fnum);
+	smbcli_close(cli2->tree, fnum2);
+
+done:
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+static bool test_raw_oplock_exclusive5(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\test_exclusive5.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	uint16_t fnum=0, fnum2=0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+	smbcli_oplock_handler(cli2->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	torture_comment(tctx, "EXCLUSIVE5: open with exclusive oplock\n");
+	ZERO_STRUCT(break_info);
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+
+
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED | NTCREATEX_FLAGS_REQUEST_OPLOCK;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE|
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, EXCLUSIVE_OPLOCK_RETURN);
+
+	ZERO_STRUCT(break_info);
+
+	torture_comment(tctx, "second open with attributes only and NTCREATEX_DISP_OVERWRITE_IF disposition causes oplock break\n");
+
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED | NTCREATEX_FLAGS_REQUEST_OPLOCK;
+	io.ntcreatex.in.access_mask = SEC_FILE_READ_ATTRIBUTE|SEC_FILE_WRITE_ATTRIBUTE|SEC_STD_SYNCHRONIZE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+	status = smb_raw_open(cli2->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum2 = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, LEVEL_II_OPLOCK_RETURN);
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, get_break_level1_to_none_count(tctx));
+	CHECK_VAL(break_info.level, OPLOCK_BREAK_TO_NONE);
+	CHECK_VAL(break_info.failures, 0);
+
+	smbcli_close(cli1->tree, fnum);
+	smbcli_close(cli2->tree, fnum2);
+
+done:
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+static bool test_raw_oplock_exclusive6(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	const char *fname1 = BASEDIR "\\test_exclusive6_1.dat";
+	const char *fname2 = BASEDIR "\\test_exclusive6_2.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	union smb_rename rn;
+	uint16_t fnum=0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname1);
+	smbcli_unlink(cli1->tree, fname2);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname1;
+
+	torture_comment(tctx, "EXCLUSIVE6: open a file with an exclusive "
+			"oplock (share mode: none)\n");
+	ZERO_STRUCT(break_info);
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED | NTCREATEX_FLAGS_REQUEST_OPLOCK;
+
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, EXCLUSIVE_OPLOCK_RETURN);
+
+	torture_comment(tctx, "rename should not generate a break but get a "
+			"sharing violation\n");
+	ZERO_STRUCT(rn);
+	rn.generic.level = RAW_RENAME_RENAME;
+	rn.rename.in.pattern1 = fname1;
+	rn.rename.in.pattern2 = fname2;
+	rn.rename.in.attrib = 0;
+
+	torture_comment(tctx, "trying rename while first file open\n");
+	status = smb_raw_rename(cli2->tree, &rn);
+
+	CHECK_STATUS(tctx, status, NT_STATUS_SHARING_VIOLATION);
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.failures, 0);
+
+	smbcli_close(cli1->tree, fnum);
+
+done:
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+/**
+ * Exclusive version of batch19
+ */
+static bool test_raw_oplock_exclusive7(struct torture_context *tctx,
+    struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	const char *fname1 = BASEDIR "\\test_exclusiv6_1.dat";
+	const char *fname2 = BASEDIR "\\test_exclusiv6_2.dat";
+	const char *fname3 = BASEDIR "\\test_exclusiv6_3.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	union smb_fileinfo qfi;
+	union smb_setfileinfo sfi;
+	uint16_t fnum=0;
+	uint16_t fnum2 = 0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname1);
+	smbcli_unlink(cli1->tree, fname2);
+	smbcli_unlink(cli1->tree, fname3);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given,
+	    cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+	    NTCREATEX_SHARE_ACCESS_WRITE | NTCREATEX_SHARE_ACCESS_DELETE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname1;
+
+	torture_comment(tctx, "open a file with an exclusive oplock (share "
+	    "mode: none)\n");
+	ZERO_STRUCT(break_info);
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
+		NTCREATEX_FLAGS_REQUEST_OPLOCK;
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, EXCLUSIVE_OPLOCK_RETURN);
+
+	torture_comment(tctx, "setpathinfo rename info should trigger a break "
+	    "to none\n");
+	ZERO_STRUCT(sfi);
+	sfi.generic.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sfi.generic.in.file.path = fname1;
+	sfi.rename_information.in.overwrite	= 0;
+	sfi.rename_information.in.root_fid	= 0;
+	sfi.rename_information.in.new_name	= fname2+strlen(BASEDIR)+1;
+
+        status = smb_raw_setpathinfo(cli2->tree, &sfi);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.failures, 0);
+
+	if (TARGET_IS_WINXP(tctx) || TARGET_IS_W2K12(tctx)) {
+		/* XP incorrectly breaks to level2. */
+		CHECK_VAL(break_info.count, 1);
+		CHECK_VAL(break_info.level, OPLOCK_BREAK_TO_LEVEL_II);
+	} else {
+		/* Exclusive oplocks should not be broken on rename. */
+		CHECK_VAL(break_info.failures, 0);
+		CHECK_VAL(break_info.count, 0);
+	}
+
+	ZERO_STRUCT(qfi);
+	qfi.generic.level = RAW_FILEINFO_ALL_INFORMATION;
+	qfi.generic.in.file.fnum = fnum;
+
+	status = smb_raw_fileinfo(cli1->tree, tctx, &qfi);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	CHECK_STRMATCH(qfi.all_info.out.fname.s, fname2);
+
+	/* Try breaking to level2 and then see if rename breaks the level2.*/
+	ZERO_STRUCT(break_info);
+	io.ntcreatex.in.fname = fname2;
+	status = smb_raw_open(cli2->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum2 = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, LEVEL_II_OPLOCK_RETURN);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.failures, 0);
+
+	if (TARGET_IS_WINXP(tctx)) {
+		/* XP already broke to level2. */
+		CHECK_VAL(break_info.failures, 0);
+		CHECK_VAL(break_info.count, 0);
+	} else if (TARGET_IS_W2K12(tctx)) {
+		/* no break */
+		CHECK_VAL(break_info.count, 0);
+		CHECK_VAL(break_info.level, 0);
+	} else {
+		/* Break to level 2 expected. */
+		CHECK_VAL(break_info.count, 1);
+		CHECK_VAL(break_info.level, OPLOCK_BREAK_TO_LEVEL_II);
+	}
+
+	ZERO_STRUCT(break_info);
+	sfi.generic.in.file.path = fname2;
+	sfi.rename_information.in.overwrite	= 0;
+	sfi.rename_information.in.root_fid	= 0;
+	sfi.rename_information.in.new_name	= fname1+strlen(BASEDIR)+1;
+
+	status = smb_raw_setpathinfo(cli2->tree, &sfi);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	/* Level2 oplocks are not broken on rename. */
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.failures, 0);
+	CHECK_VAL(break_info.count, 0);
+
+	/* Close and re-open file with oplock. */
+	smbcli_close(cli1->tree, fnum);
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, EXCLUSIVE_OPLOCK_RETURN);
+
+	torture_comment(tctx, "setfileinfo rename info on a client's own fid "
+	    "should not trigger a break nor a violation\n");
+	ZERO_STRUCT(break_info);
+	ZERO_STRUCT(sfi);
+	sfi.generic.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sfi.generic.in.file.fnum = fnum;
+	sfi.rename_information.in.overwrite	= 0;
+	sfi.rename_information.in.root_fid	= 0;
+	sfi.rename_information.in.new_name	= fname3+strlen(BASEDIR)+1;
+
+	status = smb_raw_setfileinfo(cli1->tree, &sfi);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	torture_wait_for_oplock_break(tctx);
+	if (TARGET_IS_WINXP(tctx)) {
+		/* XP incorrectly breaks to level2. */
+		CHECK_VAL(break_info.count, 1);
+		CHECK_VAL(break_info.level, OPLOCK_BREAK_TO_LEVEL_II);
+	} else {
+		CHECK_VAL(break_info.count, 0);
+	}
+
+	ZERO_STRUCT(qfi);
+	qfi.generic.level = RAW_FILEINFO_ALL_INFORMATION;
+	qfi.generic.in.file.fnum = fnum;
+
+	status = smb_raw_fileinfo(cli1->tree, tctx, &qfi);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	CHECK_STRMATCH(qfi.all_info.out.fname.s, fname3);
+
+done:
+	smbcli_close(cli1->tree, fnum);
+	smbcli_close(cli2->tree, fnum2);
+
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+static bool test_raw_oplock_exclusive8(struct torture_context *tctx,
+				       struct smbcli_state *cli1,
+				       struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\test_exclusive8.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	uint16_t fnum1 = 0;
+	uint16_t fnum2 = 0;
+	uint16_t fnum3 = 0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given,
+			      cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE | NTCREATEX_SHARE_ACCESS_DELETE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	torture_comment(tctx, "open a file with an exclusive oplock (share "
+			"mode: all)\n");
+	ZERO_STRUCT(break_info);
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
+		NTCREATEX_FLAGS_REQUEST_OPLOCK;
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum1 = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, EXCLUSIVE_OPLOCK_RETURN);
+
+	torture_comment(tctx, "second open with delete should trigger a "
+			"break\n");
+
+	io.ntcreatex.in.access_mask = SEC_STD_DELETE;
+	io.ntcreatex.in.flags = 0;
+	status = smb_raw_open(cli2->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum2 = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(break_info.count, get_break_level1_to_none_count(tctx));
+	CHECK_VAL(break_info.failures, 0);
+	CHECK_VAL(break_info.level, OPLOCK_BREAK_TO_LEVEL_II);
+
+	/* Trigger a little panic in "old" samba code.. */
+	status = smb_raw_open(cli2->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum3 = io.ntcreatex.out.file.fnum;
+
+	smbcli_close(cli2->tree, fnum3);
+	smbcli_close(cli2->tree, fnum2);
+	smbcli_close(cli1->tree, fnum1);
+
+done:
+	smbcli_deltree(cli1->tree, BASEDIR);
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	return ret;
+}
+
+static bool test_raw_oplock_exclusive9(struct torture_context *tctx,
+				       struct smbcli_state *cli1,
+				       struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\test_exclusive9.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	uint16_t fnum=0, fnum2=0;
+	int i;
+
+	struct {
+		uint32_t create_disposition;
+		uint32_t break_level;
+	} levels[] = {
+		{ NTCREATEX_DISP_SUPERSEDE, OPLOCK_BREAK_TO_NONE },
+		{ NTCREATEX_DISP_OPEN, OPLOCK_BREAK_TO_LEVEL_II },
+		{ NTCREATEX_DISP_OVERWRITE_IF, OPLOCK_BREAK_TO_NONE },
+		{ NTCREATEX_DISP_OPEN_IF, OPLOCK_BREAK_TO_LEVEL_II },
+	};
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given,
+			      cli1->tree);
+	smbcli_oplock_handler(cli2->transport, oplock_handler_ack_to_given,
+			      cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	ZERO_STRUCT(break_info);
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given,
+			      cli1->tree);
+
+	for (i=0; i<ARRAY_SIZE(levels); i++) {
+
+		io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
+			NTCREATEX_FLAGS_REQUEST_OPLOCK;
+		io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+			NTCREATEX_SHARE_ACCESS_WRITE|
+			NTCREATEX_SHARE_ACCESS_DELETE;
+		io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+		status = smb_raw_open(cli1->tree, tctx, &io);
+		CHECK_STATUS(tctx, status, NT_STATUS_OK);
+		fnum = io.ntcreatex.out.file.fnum;
+		CHECK_VAL(io.ntcreatex.out.oplock_level,
+			  EXCLUSIVE_OPLOCK_RETURN);
+
+		ZERO_STRUCT(break_info);
+
+		io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
+			NTCREATEX_FLAGS_REQUEST_OPLOCK;
+		io.ntcreatex.in.access_mask = SEC_FILE_READ_DATA;
+		io.ntcreatex.in.open_disposition =
+			levels[i].create_disposition;
+		status = smb_raw_open(cli2->tree, tctx, &io);
+		CHECK_STATUS(tctx, status, NT_STATUS_OK);
+		fnum2 = io.ntcreatex.out.file.fnum;
+		CHECK_VAL(io.ntcreatex.out.oplock_level,
+			  LEVEL_II_OPLOCK_RETURN);
+		torture_wait_for_oplock_break(tctx);
+		CHECK_VAL(break_info.count, 1);
+		CHECK_VAL(break_info.level, levels[i].break_level);
+		CHECK_VAL(break_info.failures, 0);
+
+		smbcli_close(cli1->tree, fnum);
+		smbcli_close(cli2->tree, fnum2);
+	}
+
+done:
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+static bool test_raw_oplock_level_ii_1(struct torture_context *tctx,
+				       struct smbcli_state *cli1,
+				       struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\test_level_ii_1.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	uint16_t fnum=0, fnum2=0;
+	char c = 0;
+	ssize_t written;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given,
+			      cli1->tree);
+	smbcli_oplock_handler(cli2->transport, oplock_handler_ack_to_given,
+			      cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
+		NTCREATEX_FLAGS_REQUEST_OPLOCK;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE|
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, EXCLUSIVE_OPLOCK_RETURN);
+
+	ZERO_STRUCT(break_info);
+
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
+		NTCREATEX_FLAGS_REQUEST_OPLOCK;
+	io.ntcreatex.in.access_mask = SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	status = smb_raw_open(cli2->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum2 = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, LEVEL_II_OPLOCK_RETURN);
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.level, OPLOCK_BREAK_TO_LEVEL_II);
+	CHECK_VAL(break_info.failures, 0);
+
+	status = smbcli_close(cli2->tree, fnum2);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	/*
+	 * fnum1 has a level2 oplock now
+	 */
+
+	ZERO_STRUCT(break_info);
+
+	/*
+	 * Don't answer the break to none that will come in
+	 */
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_timeout,
+			      cli1->tree);
+
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+
+	status = smb_raw_open(cli2->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum2 = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, NO_OPLOCK_RETURN);
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.level, OPLOCK_BREAK_TO_NONE);
+	CHECK_VAL(break_info.failures, 0);
+
+	/*
+	 * Check that a write does not cause another break. This used to be a
+	 * bug in smbd.
+	 */
+
+	ZERO_STRUCT(break_info);
+	written = smbcli_write(cli2->tree, fnum2, 0, &c, 0, 1);
+	CHECK_VAL(written, 1);
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.failures, 0);
+
+	status = smbcli_close(cli2->tree, fnum2);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	status = smbcli_close(cli1->tree, fnum);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+done:
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+static bool test_raw_oplock_batch1(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\test_batch1.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	union smb_unlink unl;
+	uint16_t fnum=0;
+	char c = 0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	/*
+	  with a batch oplock we get a break
+	*/
+	torture_comment(tctx, "BATCH1: open with batch oplock\n");
+	ZERO_STRUCT(break_info);
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED | 
+		NTCREATEX_FLAGS_REQUEST_OPLOCK | 
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, BATCH_OPLOCK_RETURN);
+
+	torture_comment(tctx, "unlink should generate a break\n");
+	unl.unlink.in.pattern = fname;
+	unl.unlink.in.attrib = 0;
+	status = smb_raw_unlink(cli2->tree, &unl);
+	CHECK_STATUS(tctx, status, NT_STATUS_SHARING_VIOLATION);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.fnum, fnum);
+	CHECK_VAL(break_info.level, OPLOCK_BREAK_TO_LEVEL_II);
+	CHECK_VAL(break_info.failures, 0);
+
+	torture_comment(tctx, "2nd unlink should not generate a break\n");
+	ZERO_STRUCT(break_info);
+	status = smb_raw_unlink(cli2->tree, &unl);
+	CHECK_STATUS(tctx, status, NT_STATUS_SHARING_VIOLATION);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+
+	torture_comment(tctx, "writing should generate a self break to none\n");
+	smbcli_write(cli1->tree, fnum, 0, &c, 0, 1);
+
+	torture_wait_for_oplock_break(tctx);
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.fnum, fnum);
+	CHECK_VAL(break_info.level, OPLOCK_BREAK_TO_NONE);
+	CHECK_VAL(break_info.failures, 0);
+
+	smbcli_close(cli1->tree, fnum);
+
+done:
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+static bool test_raw_oplock_batch2(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\test_batch2.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	union smb_unlink unl;
+	uint16_t fnum=0;
+	char c = 0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	torture_comment(tctx, "BATCH2: open with batch oplock\n");
+	ZERO_STRUCT(break_info);
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED | 
+		NTCREATEX_FLAGS_REQUEST_OPLOCK | 
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, BATCH_OPLOCK_RETURN);
+
+	torture_comment(tctx, "unlink should generate a break, which we ack as break to none\n");
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_none, cli1->tree);
+	unl.unlink.in.pattern = fname;
+	unl.unlink.in.attrib = 0;
+	status = smb_raw_unlink(cli2->tree, &unl);
+	CHECK_STATUS(tctx, status, NT_STATUS_SHARING_VIOLATION);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.fnum, fnum);
+	CHECK_VAL(break_info.level, OPLOCK_BREAK_TO_LEVEL_II);
+	CHECK_VAL(break_info.failures, 0);
+
+	torture_comment(tctx, "2nd unlink should not generate a break\n");
+	ZERO_STRUCT(break_info);
+	status = smb_raw_unlink(cli2->tree, &unl);
+	CHECK_STATUS(tctx, status, NT_STATUS_SHARING_VIOLATION);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+
+	torture_comment(tctx, "writing should not generate a break\n");
+	smbcli_write(cli1->tree, fnum, 0, &c, 0, 1);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+
+	smbcli_close(cli1->tree, fnum);
+
+done:
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+static bool test_raw_oplock_batch3(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\test_batch3.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	union smb_unlink unl;
+	uint16_t fnum=0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	torture_comment(tctx, "BATCH3: if we close on break then the unlink can succeed\n");
+	ZERO_STRUCT(break_info);
+	smbcli_oplock_handler(cli1->transport, oplock_handler_close, cli1->tree);
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED | 
+		NTCREATEX_FLAGS_REQUEST_OPLOCK | 
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, BATCH_OPLOCK_RETURN);
+
+	unl.unlink.in.pattern = fname;
+	unl.unlink.in.attrib = 0;
+	ZERO_STRUCT(break_info);
+	status = smb_raw_unlink(cli2->tree, &unl);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.fnum, fnum);
+	CHECK_VAL(break_info.level, 1);
+	CHECK_VAL(break_info.failures, 0);
+
+	smbcli_close(cli1->tree, fnum);
+
+done:
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+static bool test_raw_oplock_batch4(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\test_batch4.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	union smb_read rd;
+	uint16_t fnum=0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	torture_comment(tctx, "BATCH4: a self read should not cause a break\n");
+	ZERO_STRUCT(break_info);
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED | 
+		NTCREATEX_FLAGS_REQUEST_OPLOCK | 
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, BATCH_OPLOCK_RETURN);
+
+	rd.readx.level = RAW_READ_READX;
+	rd.readx.in.file.fnum = fnum;
+	rd.readx.in.mincnt = 1;
+	rd.readx.in.maxcnt = 1;
+	rd.readx.in.offset = 0;
+	rd.readx.in.remaining = 0;
+	rd.readx.in.read_for_execute = false;
+	status = smb_raw_read(cli1->tree, &rd);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.failures, 0);
+
+	smbcli_close(cli1->tree, fnum);
+
+done:
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+static bool test_raw_oplock_batch5(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\test_batch5.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	uint16_t fnum=0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	torture_comment(tctx, "BATCH5: a 2nd open should give a break\n");
+	ZERO_STRUCT(break_info);
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED | 
+		NTCREATEX_FLAGS_REQUEST_OPLOCK | 
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, BATCH_OPLOCK_RETURN);
+
+	ZERO_STRUCT(break_info);
+
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
+	status = smb_raw_open(cli2->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_SHARING_VIOLATION);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.fnum, fnum);
+	CHECK_VAL(break_info.level, 1);
+	CHECK_VAL(break_info.failures, 0);
+
+	smbcli_close(cli1->tree, fnum);
+
+done:
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+static bool test_raw_oplock_batch6(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\test_batch6.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	uint16_t fnum=0, fnum2=0;
+	char c = 0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+	smbcli_oplock_handler(cli2->transport, oplock_handler_ack_to_given, cli2->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	torture_comment(tctx, "BATCH6: a 2nd open should give a break to level II if the first open allowed shared read\n");
+	ZERO_STRUCT(break_info);
+
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_READ | SEC_RIGHTS_FILE_WRITE;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED | 
+		NTCREATEX_FLAGS_REQUEST_OPLOCK | 
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, BATCH_OPLOCK_RETURN);
+
+	ZERO_STRUCT(break_info);
+
+	status = smb_raw_open(cli2->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum2 = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, LEVEL_II_OPLOCK_RETURN);
+
+	//torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.fnum, fnum);
+	CHECK_VAL(break_info.level, 1);
+	CHECK_VAL(break_info.failures, 0);
+	ZERO_STRUCT(break_info);
+
+	torture_comment(tctx, "write should trigger a break to none on both\n");
+	smbcli_write(cli1->tree, fnum, 0, &c, 0, 1);
+
+	/* We expect two breaks */
+	torture_wait_for_oplock_break(tctx);
+	torture_wait_for_oplock_break(tctx);
+
+	CHECK_VAL(break_info.count, 2);
+	CHECK_VAL(break_info.level, 0);
+	CHECK_VAL(break_info.failures, 0);
+
+	smbcli_close(cli1->tree, fnum);
+	smbcli_close(cli2->tree, fnum2);
+
+done:
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+static bool test_raw_oplock_batch7(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\test_batch7.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	uint16_t fnum=0, fnum2=0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	torture_comment(tctx, "BATCH7: a 2nd open should get an oplock when we close instead of ack\n");
+	ZERO_STRUCT(break_info);
+	smbcli_oplock_handler(cli1->transport, oplock_handler_close, cli1->tree);
+
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED | 
+		NTCREATEX_FLAGS_REQUEST_OPLOCK | 
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum2 = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, BATCH_OPLOCK_RETURN);
+
+	ZERO_STRUCT(break_info);
+
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED | 
+		NTCREATEX_FLAGS_REQUEST_OPLOCK | 
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	status = smb_raw_open(cli2->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, BATCH_OPLOCK_RETURN);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.fnum, fnum2);
+	CHECK_VAL(break_info.level, 1);
+	CHECK_VAL(break_info.failures, 0);
+
+	smbcli_close(cli2->tree, fnum);
+
+done:
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+static bool test_raw_oplock_batch8(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\test_batch8.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	uint16_t fnum=0, fnum2=0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	torture_comment(tctx, "BATCH8: open with batch oplock\n");
+	ZERO_STRUCT(break_info);
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED | 
+		NTCREATEX_FLAGS_REQUEST_OPLOCK | 
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, BATCH_OPLOCK_RETURN);
+
+	ZERO_STRUCT(break_info);
+	torture_comment(tctx, "second open with attributes only shouldn't cause oplock break\n");
+
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED | 
+		NTCREATEX_FLAGS_REQUEST_OPLOCK | 
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	io.ntcreatex.in.access_mask = SEC_FILE_READ_ATTRIBUTE|SEC_FILE_WRITE_ATTRIBUTE|SEC_STD_SYNCHRONIZE;
+	status = smb_raw_open(cli2->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum2 = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, NO_OPLOCK_RETURN);
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.failures, 0);
+
+	smbcli_close(cli1->tree, fnum);
+	smbcli_close(cli2->tree, fnum2);
+
+done:
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+static bool test_raw_oplock_batch9(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\test_batch9.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	uint16_t fnum=0, fnum2=0;
+	char c = 0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	torture_comment(tctx, "BATCH9: open with attributes only can create file\n");
+
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED | 
+		NTCREATEX_FLAGS_REQUEST_OPLOCK | 
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	io.ntcreatex.in.access_mask = SEC_FILE_READ_ATTRIBUTE|SEC_FILE_WRITE_ATTRIBUTE|SEC_STD_SYNCHRONIZE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, BATCH_OPLOCK_RETURN);
+
+	torture_comment(tctx, "Subsequent normal open should break oplock on attribute only open to level II\n");
+
+	ZERO_STRUCT(break_info);
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED | 
+		NTCREATEX_FLAGS_REQUEST_OPLOCK | 
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	status = smb_raw_open(cli2->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum2 = io.ntcreatex.out.file.fnum;
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.fnum, fnum);
+	CHECK_VAL(break_info.failures, 0);
+	CHECK_VAL(break_info.level, OPLOCK_BREAK_TO_LEVEL_II);
+	CHECK_VAL(io.ntcreatex.out.oplock_level, LEVEL_II_OPLOCK_RETURN);
+	smbcli_close(cli2->tree, fnum2);
+
+	torture_comment(tctx, "third oplocked open should grant level2 without break\n");
+	ZERO_STRUCT(break_info);
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+	smbcli_oplock_handler(cli2->transport, oplock_handler_ack_to_given, cli2->tree);
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED | 
+		NTCREATEX_FLAGS_REQUEST_OPLOCK | 
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	status = smb_raw_open(cli2->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum2 = io.ntcreatex.out.file.fnum;
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.failures, 0);
+	CHECK_VAL(io.ntcreatex.out.oplock_level, LEVEL_II_OPLOCK_RETURN);
+
+	ZERO_STRUCT(break_info);
+
+	torture_comment(tctx, "write should trigger a break to none on both\n");
+	smbcli_write(cli2->tree, fnum2, 0, &c, 0, 1);
+
+	/* We expect two breaks */
+	torture_wait_for_oplock_break(tctx);
+	torture_wait_for_oplock_break(tctx);
+
+	CHECK_VAL(break_info.count, 2);
+	CHECK_VAL(break_info.level, 0);
+	CHECK_VAL(break_info.failures, 0);
+
+	smbcli_close(cli1->tree, fnum);
+	smbcli_close(cli2->tree, fnum2);
+
+done:
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+static bool test_raw_oplock_batch9a(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\test_batch9a.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	uint16_t fnum=0, fnum2=0;
+	char c = 0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	torture_comment(tctx, "BATCH9: open with attributes only can create file\n");
+
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
+		NTCREATEX_FLAGS_REQUEST_OPLOCK |
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	io.ntcreatex.in.access_mask = SEC_FILE_READ_ATTRIBUTE|SEC_FILE_WRITE_ATTRIBUTE|SEC_STD_SYNCHRONIZE;
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.create_action, FILE_WAS_CREATED);
+	CHECK_VAL(io.ntcreatex.out.oplock_level, BATCH_OPLOCK_RETURN);
+
+	torture_comment(tctx, "Subsequent attributes open should not break\n");
+
+	ZERO_STRUCT(break_info);
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	status = smb_raw_open(cli2->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum2 = io.ntcreatex.out.file.fnum;
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(io.ntcreatex.out.create_action, FILE_WAS_OPENED);
+	CHECK_VAL(io.ntcreatex.out.oplock_level, NO_OPLOCK_RETURN);
+	smbcli_close(cli2->tree, fnum2);
+
+	torture_comment(tctx, "Subsequent normal open should break oplock on attribute only open to level II\n");
+
+	ZERO_STRUCT(break_info);
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
+		NTCREATEX_FLAGS_REQUEST_OPLOCK |
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	status = smb_raw_open(cli2->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum2 = io.ntcreatex.out.file.fnum;
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.fnum, fnum);
+	CHECK_VAL(break_info.failures, 0);
+	CHECK_VAL(break_info.level, OPLOCK_BREAK_TO_LEVEL_II);
+	CHECK_VAL(io.ntcreatex.out.oplock_level, LEVEL_II_OPLOCK_RETURN);
+	smbcli_close(cli2->tree, fnum2);
+
+	torture_comment(tctx, "third oplocked open should grant level2 without break\n");
+	ZERO_STRUCT(break_info);
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+	smbcli_oplock_handler(cli2->transport, oplock_handler_ack_to_given, cli2->tree);
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
+		NTCREATEX_FLAGS_REQUEST_OPLOCK |
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	status = smb_raw_open(cli2->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum2 = io.ntcreatex.out.file.fnum;
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.failures, 0);
+	CHECK_VAL(io.ntcreatex.out.oplock_level, LEVEL_II_OPLOCK_RETURN);
+
+	ZERO_STRUCT(break_info);
+
+	torture_comment(tctx, "write should trigger a break to none on both\n");
+	smbcli_write(cli2->tree, fnum2, 0, &c, 0, 1);
+
+	/* We expect two breaks */
+	torture_wait_for_oplock_break(tctx);
+	torture_wait_for_oplock_break(tctx);
+
+	CHECK_VAL(break_info.count, 2);
+	CHECK_VAL(break_info.level, 0);
+	CHECK_VAL(break_info.failures, 0);
+
+	smbcli_close(cli1->tree, fnum);
+	smbcli_close(cli2->tree, fnum2);
+
+done:
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+static bool test_raw_oplock_batch10(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\test_batch10.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	uint16_t fnum=0, fnum2=0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	torture_comment(tctx, "BATCH10: Open with oplock after a non-oplock open should grant level2\n");
+	ZERO_STRUCT(break_info);
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE|
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.failures, 0);
+	CHECK_VAL(io.ntcreatex.out.oplock_level, 0);
+
+	{
+		union smb_write wr;
+		wr.write.level = RAW_WRITE_WRITE;
+		wr.write.in.file.fnum = fnum;
+		wr.write.in.count = 1;
+		wr.write.in.offset = 0;
+		wr.write.in.remaining = 0;
+		wr.write.in.data = (const uint8_t *)"x";
+		status = smb_raw_write(cli1->tree, &wr);
+		CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	}
+
+	smbcli_oplock_handler(cli2->transport, oplock_handler_ack_to_given, cli2->tree);
+
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
+		NTCREATEX_FLAGS_REQUEST_OPLOCK | 
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE|
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	status = smb_raw_open(cli2->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum2 = io.ntcreatex.out.file.fnum;
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.failures, 0);
+	CHECK_VAL(io.ntcreatex.out.oplock_level, LEVEL_II_OPLOCK_RETURN);
+
+	torture_comment(tctx, "write should trigger a break to none\n");
+	{
+		union smb_write wr;
+		wr.write.level = RAW_WRITE_WRITE;
+		wr.write.in.file.fnum = fnum;
+		wr.write.in.count = 1;
+		wr.write.in.offset = 0;
+		wr.write.in.remaining = 0;
+		wr.write.in.data = (const uint8_t *)"x";
+		status = smb_raw_write(cli1->tree, &wr);
+		CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	}
+
+	torture_wait_for_oplock_break(tctx);
+
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.fnum, fnum2);
+	CHECK_VAL(break_info.level, 0);
+	CHECK_VAL(break_info.failures, 0);
+
+	smbcli_close(cli1->tree, fnum);
+	smbcli_close(cli2->tree, fnum2);
+
+done:
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+static bool test_raw_oplock_batch11(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\test_batch11.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	union smb_setfileinfo sfi;
+	uint16_t fnum=0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	/* Test if a set-eof on pathname breaks an exclusive oplock. */
+	torture_comment(tctx, "BATCH11: Test if setpathinfo set EOF breaks oplocks.\n");
+
+	ZERO_STRUCT(break_info);
+
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
+		NTCREATEX_FLAGS_REQUEST_OPLOCK |
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE|
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.failures, 0);
+	CHECK_VAL(io.ntcreatex.out.oplock_level, BATCH_OPLOCK_RETURN);
+
+	ZERO_STRUCT(sfi);
+	sfi.generic.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
+	sfi.generic.in.file.path = fname;
+	sfi.end_of_file_info.in.size = 100;
+
+        status = smb_raw_setpathinfo(cli2->tree, &sfi);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, get_setinfo_break_count(tctx));
+	CHECK_VAL(break_info.failures, 0);
+	CHECK_VAL(break_info.level, 0);
+
+	smbcli_close(cli1->tree, fnum);
+
+done:
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+static bool test_raw_oplock_batch12(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\test_batch12.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	union smb_setfileinfo sfi;
+	uint16_t fnum=0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	/* Test if a set-allocation size on pathname breaks an exclusive oplock. */
+	torture_comment(tctx, "BATCH12: Test if setpathinfo allocation size breaks oplocks.\n");
+
+	ZERO_STRUCT(break_info);
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
+		NTCREATEX_FLAGS_REQUEST_OPLOCK |
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE|
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.failures, 0);
+	CHECK_VAL(io.ntcreatex.out.oplock_level, BATCH_OPLOCK_RETURN);
+
+	ZERO_STRUCT(sfi);
+	sfi.generic.level = SMB_SFILEINFO_ALLOCATION_INFORMATION;
+	sfi.generic.in.file.path = fname;
+	sfi.allocation_info.in.alloc_size = 65536 * 8;
+
+        status = smb_raw_setpathinfo(cli2->tree, &sfi);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, get_setinfo_break_count(tctx));
+	CHECK_VAL(break_info.failures, 0);
+	CHECK_VAL(break_info.level, 0);
+
+	smbcli_close(cli1->tree, fnum);
+
+done:
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+static bool test_raw_oplock_batch13(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\test_batch13.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	uint16_t fnum=0, fnum2=0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+	smbcli_oplock_handler(cli2->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	torture_comment(tctx, "BATCH13: open with batch oplock\n");
+	ZERO_STRUCT(break_info);
+
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED | 
+		NTCREATEX_FLAGS_REQUEST_OPLOCK | 
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE|
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, BATCH_OPLOCK_RETURN);
+
+	ZERO_STRUCT(break_info);
+
+	torture_comment(tctx, "second open with attributes only and NTCREATEX_DISP_OVERWRITE disposition causes oplock break\n");
+
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED | 
+		NTCREATEX_FLAGS_REQUEST_OPLOCK | 
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	io.ntcreatex.in.access_mask = SEC_FILE_READ_ATTRIBUTE|SEC_FILE_WRITE_ATTRIBUTE|SEC_STD_SYNCHRONIZE;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE|
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OVERWRITE;
+	status = smb_raw_open(cli2->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum2 = io.ntcreatex.out.file.fnum;
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(io.ntcreatex.out.oplock_level, LEVEL_II_OPLOCK_RETURN);
+	CHECK_VAL(break_info.count, get_break_level1_to_none_count(tctx));
+	CHECK_VAL(break_info.failures, 0);
+
+	smbcli_close(cli1->tree, fnum);
+	smbcli_close(cli2->tree, fnum2);
+
+done:
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+static bool test_raw_oplock_batch14(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\test_batch14.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	uint16_t fnum=0, fnum2=0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	torture_comment(tctx, "BATCH14: open with batch oplock\n");
+	ZERO_STRUCT(break_info);
+
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED | 
+		NTCREATEX_FLAGS_REQUEST_OPLOCK | 
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE|
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, BATCH_OPLOCK_RETURN);
+
+	ZERO_STRUCT(break_info);
+
+	torture_comment(tctx, "second open with attributes only and NTCREATEX_DISP_SUPERSEDE disposition causes oplock break\n");
+
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED | 
+		NTCREATEX_FLAGS_REQUEST_OPLOCK | 
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	io.ntcreatex.in.access_mask = SEC_FILE_READ_ATTRIBUTE|SEC_FILE_WRITE_ATTRIBUTE|SEC_STD_SYNCHRONIZE;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE|
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OVERWRITE;
+	status = smb_raw_open(cli2->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum2 = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, LEVEL_II_OPLOCK_RETURN);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, get_break_level1_to_none_count(tctx));
+	CHECK_VAL(break_info.failures, 0);
+
+	smbcli_close(cli1->tree, fnum);
+	smbcli_close(cli2->tree, fnum2);
+done:
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+static bool test_raw_oplock_batch15(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\test_batch15.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	union smb_fileinfo qfi;
+	uint16_t fnum=0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	/* Test if a qpathinfo all info on pathname breaks a batch oplock. */
+	torture_comment(tctx, "BATCH15: Test if qpathinfo all info breaks a batch oplock (should not).\n");
+
+	ZERO_STRUCT(break_info);
+
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
+		NTCREATEX_FLAGS_REQUEST_OPLOCK |
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE|
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.failures, 0);
+	CHECK_VAL(io.ntcreatex.out.oplock_level, BATCH_OPLOCK_RETURN);
+
+	ZERO_STRUCT(qfi);
+	qfi.generic.level = RAW_FILEINFO_ALL_INFORMATION;
+	qfi.generic.in.file.path = fname;
+
+	status = smb_raw_pathinfo(cli2->tree, tctx, &qfi);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+
+	smbcli_close(cli1->tree, fnum);
+
+done:
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+static bool test_raw_oplock_batch16(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\test_batch16.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	uint16_t fnum=0, fnum2=0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+	smbcli_oplock_handler(cli2->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	torture_comment(tctx, "BATCH16: open with batch oplock\n");
+	ZERO_STRUCT(break_info);
+
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
+		NTCREATEX_FLAGS_REQUEST_OPLOCK |
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE|
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, BATCH_OPLOCK_RETURN);
+
+	ZERO_STRUCT(break_info);
+
+	torture_comment(tctx, "second open with attributes only and NTCREATEX_DISP_OVERWRITE_IF disposition causes oplock break\n");
+
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
+		NTCREATEX_FLAGS_REQUEST_OPLOCK |
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	io.ntcreatex.in.access_mask = SEC_FILE_READ_ATTRIBUTE|SEC_FILE_WRITE_ATTRIBUTE|SEC_STD_SYNCHRONIZE;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE|
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+	status = smb_raw_open(cli2->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum2 = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, LEVEL_II_OPLOCK_RETURN);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, get_break_level1_to_none_count(tctx));
+	CHECK_VAL(break_info.failures, 0);
+
+	smbcli_close(cli1->tree, fnum);
+	smbcli_close(cli2->tree, fnum2);
+
+done:
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+static bool test_raw_oplock_batch17(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	const char *fname1 = BASEDIR "\\test_batch17_1.dat";
+	const char *fname2 = BASEDIR "\\test_batch17_2.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	union smb_rename rn;
+	uint16_t fnum=0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname1);
+	smbcli_unlink(cli1->tree, fname2);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname1;
+
+	torture_comment(tctx, "BATCH17: open a file with an batch oplock (share mode: none)\n");
+
+	ZERO_STRUCT(break_info);
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
+		NTCREATEX_FLAGS_REQUEST_OPLOCK |
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, BATCH_OPLOCK_RETURN);
+
+	torture_comment(tctx, "rename should trigger a break\n");
+	ZERO_STRUCT(rn);
+	rn.generic.level = RAW_RENAME_RENAME;
+	rn.rename.in.pattern1 = fname1;
+	rn.rename.in.pattern2 = fname2;
+	rn.rename.in.attrib = 0;
+
+	torture_comment(tctx, "trying rename while first file open\n");
+	status = smb_raw_rename(cli2->tree, &rn);
+	CHECK_STATUS(tctx, status, NT_STATUS_SHARING_VIOLATION);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.failures, 0);
+	CHECK_VAL(break_info.level, OPLOCK_BREAK_TO_LEVEL_II);
+
+	smbcli_close(cli1->tree, fnum);
+
+done:
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+static bool test_raw_oplock_batch18(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	const char *fname1 = BASEDIR "\\test_batch18_1.dat";
+	const char *fname2 = BASEDIR "\\test_batch18_2.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	union smb_rename rn;
+	uint16_t fnum=0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname1);
+	smbcli_unlink(cli1->tree, fname2);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname1;
+
+	torture_comment(tctx, "BATCH18: open a file with an batch oplock (share mode: none)\n");
+
+	ZERO_STRUCT(break_info);
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
+		NTCREATEX_FLAGS_REQUEST_OPLOCK |
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, BATCH_OPLOCK_RETURN);
+
+	torture_comment(tctx, "ntrename should trigger a break\n");
+	ZERO_STRUCT(rn);
+	rn.generic.level = RAW_RENAME_NTRENAME;
+	rn.ntrename.in.attrib	= 0;
+	rn.ntrename.in.flags	= RENAME_FLAG_RENAME;
+	rn.ntrename.in.old_name = fname1;
+	rn.ntrename.in.new_name = fname2;
+	torture_comment(tctx, "trying rename while first file open\n");
+	status = smb_raw_rename(cli2->tree, &rn);
+	CHECK_STATUS(tctx, status, NT_STATUS_SHARING_VIOLATION);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.failures, 0);
+	CHECK_VAL(break_info.level, OPLOCK_BREAK_TO_LEVEL_II);
+
+	smbcli_close(cli1->tree, fnum);
+
+done:
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+static bool test_raw_oplock_batch19(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	const char *fname1 = BASEDIR "\\test_batch19_1.dat";
+	const char *fname2 = BASEDIR "\\test_batch19_2.dat";
+	const char *fname3 = BASEDIR "\\test_batch19_3.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	union smb_fileinfo qfi;
+	union smb_setfileinfo sfi;
+	uint16_t fnum=0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname1);
+	smbcli_unlink(cli1->tree, fname2);
+	smbcli_unlink(cli1->tree, fname3);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+	    NTCREATEX_SHARE_ACCESS_WRITE | NTCREATEX_SHARE_ACCESS_DELETE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname1;
+
+	torture_comment(tctx, "BATCH19: open a file with an batch oplock (share mode: none)\n");
+	ZERO_STRUCT(break_info);
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
+		NTCREATEX_FLAGS_REQUEST_OPLOCK |
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, BATCH_OPLOCK_RETURN);
+
+	torture_comment(tctx, "setpathinfo rename info should trigger a break "
+	    "to none\n");
+	ZERO_STRUCT(sfi);
+	sfi.generic.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sfi.generic.in.file.path = fname1;
+	sfi.rename_information.in.overwrite	= 0;
+	sfi.rename_information.in.root_fid	= 0;
+	sfi.rename_information.in.new_name	= fname2+strlen(BASEDIR)+1;
+
+        status = smb_raw_setpathinfo(cli2->tree, &sfi);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	torture_wait_for_oplock_break(tctx);
+
+	CHECK_VAL(break_info.failures, 0);
+
+	if (TARGET_IS_WINXP(tctx) || TARGET_IS_W2K12(tctx)) {
+		/* Win XP breaks to level2. */
+		CHECK_VAL(break_info.count, 1);
+		CHECK_VAL(break_info.level, OPLOCK_BREAK_TO_LEVEL_II);
+	} else if (TARGET_IS_W2K3(tctx) || TARGET_IS_W2K8(tctx) ||
+	    TARGET_IS_SAMBA3(tctx) || TARGET_IS_SAMBA4(tctx)) {
+		/* Win2K3/2k8 incorrectly doesn't break at all. */
+		CHECK_VAL(break_info.count, 0);
+	} else {
+		/* win7/2k8r2 break to none. */
+		CHECK_VAL(break_info.count, 1);
+		CHECK_VAL(break_info.level, OPLOCK_BREAK_TO_NONE);
+	}
+
+	ZERO_STRUCT(qfi);
+	qfi.generic.level = RAW_FILEINFO_ALL_INFORMATION;
+	qfi.generic.in.file.fnum = fnum;
+
+	status = smb_raw_fileinfo(cli1->tree, tctx, &qfi);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	CHECK_STRMATCH(qfi.all_info.out.fname.s, fname2);
+
+	/* Close and re-open file with oplock. */
+	smbcli_close(cli1->tree, fnum);
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, BATCH_OPLOCK_RETURN);
+
+	torture_comment(tctx, "setfileinfo rename info on a client's own fid "
+	    "should not trigger a break nor a violation\n");
+	ZERO_STRUCT(break_info);
+	ZERO_STRUCT(sfi);
+	sfi.generic.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sfi.generic.in.file.fnum = fnum;
+	sfi.rename_information.in.overwrite	= 0;
+	sfi.rename_information.in.root_fid	= 0;
+	sfi.rename_information.in.new_name	= fname3+strlen(BASEDIR)+1;
+
+	status = smb_raw_setfileinfo(cli1->tree, &sfi);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	torture_wait_for_oplock_break(tctx);
+	if (TARGET_IS_WINXP(tctx)) {
+		/* XP incorrectly breaks to level2. */
+		CHECK_VAL(break_info.count, 1);
+		CHECK_VAL(break_info.level, OPLOCK_BREAK_TO_LEVEL_II);
+	} else {
+		CHECK_VAL(break_info.count, 0);
+	}
+
+	ZERO_STRUCT(qfi);
+	qfi.generic.level = RAW_FILEINFO_ALL_INFORMATION;
+	qfi.generic.in.file.fnum = fnum;
+
+	status = smb_raw_fileinfo(cli1->tree, tctx, &qfi);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	CHECK_STRMATCH(qfi.all_info.out.fname.s, fname3);
+
+done:
+	smbcli_close(cli1->tree, fnum);
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+/****************************************************
+ Called from raw-rename - we need oplock handling for
+ this test so this is why it's in oplock.c, not rename.c
+****************************************************/
+
+bool test_trans2rename(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	const char *fname1 = BASEDIR "\\test_trans2rename_1.dat";
+	const char *fname2 = BASEDIR "\\test_trans2rename_2.dat";
+	const char *fname3 = BASEDIR "\\test_trans2rename_3.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	union smb_fileinfo qfi;
+	union smb_setfileinfo sfi;
+	uint16_t fnum=0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname1);
+	smbcli_unlink(cli1->tree, fname2);
+	smbcli_unlink(cli1->tree, fname3);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+	    NTCREATEX_SHARE_ACCESS_WRITE | NTCREATEX_SHARE_ACCESS_DELETE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname1;
+
+	torture_comment(tctx, "open a file with an exclusive oplock (share mode: none)\n");
+	ZERO_STRUCT(break_info);
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
+		NTCREATEX_FLAGS_REQUEST_OPLOCK;
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, EXCLUSIVE_OPLOCK_RETURN);
+
+	torture_comment(tctx, "setpathinfo rename info should not trigger a break nor a violation\n");
+	ZERO_STRUCT(sfi);
+	sfi.generic.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sfi.generic.in.file.path = fname1;
+	sfi.rename_information.in.overwrite	= 0;
+	sfi.rename_information.in.root_fid	= 0;
+	sfi.rename_information.in.new_name	= fname2+strlen(BASEDIR)+1;
+
+        status = smb_raw_setpathinfo(cli2->tree, &sfi);
+
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+
+	ZERO_STRUCT(qfi);
+	qfi.generic.level = RAW_FILEINFO_ALL_INFORMATION;
+	qfi.generic.in.file.fnum = fnum;
+
+	status = smb_raw_fileinfo(cli1->tree, tctx, &qfi);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	CHECK_STRMATCH(qfi.all_info.out.fname.s, fname2);
+
+	torture_comment(tctx, "setfileinfo rename info should not trigger a break nor a violation\n");
+	ZERO_STRUCT(sfi);
+	sfi.generic.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sfi.generic.in.file.fnum = fnum;
+	sfi.rename_information.in.overwrite	= 0;
+	sfi.rename_information.in.root_fid	= 0;
+	sfi.rename_information.in.new_name	= fname3+strlen(BASEDIR)+1;
+
+	status = smb_raw_setfileinfo(cli1->tree, &sfi);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+
+	ZERO_STRUCT(qfi);
+	qfi.generic.level = RAW_FILEINFO_ALL_INFORMATION;
+	qfi.generic.in.file.fnum = fnum;
+
+	status = smb_raw_fileinfo(cli1->tree, tctx, &qfi);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	CHECK_STRMATCH(qfi.all_info.out.fname.s, fname3);
+
+done:
+	smbcli_close(cli1->tree, fnum);
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+/****************************************************
+ Called from raw-rename - we need oplock handling for
+ this test so this is why it's in oplock.c, not rename.c
+****************************************************/
+
+bool test_nttransrename(struct torture_context *tctx, struct smbcli_state *cli1)
+{
+	const char *fname1 = BASEDIR "\\test_nttransrename_1.dat";
+	const char *fname2 = BASEDIR "\\test_nttransrename_2.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	union smb_fileinfo qfi, qpi;
+	union smb_rename rn;
+	uint16_t fnum=0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname1);
+	smbcli_unlink(cli1->tree, fname2);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname1;
+
+	torture_comment(tctx, "nttrans_rename: open a file with an exclusive oplock (share mode: none)\n");
+	ZERO_STRUCT(break_info);
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
+		NTCREATEX_FLAGS_REQUEST_OPLOCK;
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, EXCLUSIVE_OPLOCK_RETURN);
+
+	torture_comment(tctx, "nttrans_rename: should not trigger a break nor a share mode violation\n");
+	ZERO_STRUCT(rn);
+	rn.generic.level = RAW_RENAME_NTTRANS;
+	rn.nttrans.in.file.fnum = fnum;
+	rn.nttrans.in.flags	= 0;
+	rn.nttrans.in.new_name	= fname2+strlen(BASEDIR)+1;
+
+        status = smb_raw_rename(cli1->tree, &rn);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+
+	/* w2k3 does nothing, it doesn't rename the file */
+	torture_comment(tctx, "nttrans_rename: the server should have done nothing\n");
+	ZERO_STRUCT(qfi);
+	qfi.generic.level = RAW_FILEINFO_ALL_INFORMATION;
+	qfi.generic.in.file.fnum = fnum;
+
+	status = smb_raw_fileinfo(cli1->tree, tctx, &qfi);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	CHECK_STRMATCH(qfi.all_info.out.fname.s, fname1);
+
+	ZERO_STRUCT(qpi);
+	qpi.generic.level = RAW_FILEINFO_ALL_INFORMATION;
+	qpi.generic.in.file.path = fname1;
+
+	status = smb_raw_pathinfo(cli1->tree, tctx, &qpi);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	CHECK_STRMATCH(qpi.all_info.out.fname.s, fname1);
+
+	ZERO_STRUCT(qpi);
+	qpi.generic.level = RAW_FILEINFO_ALL_INFORMATION;
+	qpi.generic.in.file.path = fname2;
+
+	status = smb_raw_pathinfo(cli1->tree, tctx, &qpi);
+	CHECK_STATUS(tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	torture_comment(tctx, "nttrans_rename: after closing the file the file is still not renamed\n");
+	status = smbcli_close(cli1->tree, fnum);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	ZERO_STRUCT(qpi);
+	qpi.generic.level = RAW_FILEINFO_ALL_INFORMATION;
+	qpi.generic.in.file.path = fname1;
+
+	status = smb_raw_pathinfo(cli1->tree, tctx, &qpi);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	CHECK_STRMATCH(qpi.all_info.out.fname.s, fname1);
+
+	ZERO_STRUCT(qpi);
+	qpi.generic.level = RAW_FILEINFO_ALL_INFORMATION;
+	qpi.generic.in.file.path = fname2;
+
+	status = smb_raw_pathinfo(cli1->tree, tctx, &qpi);
+	CHECK_STATUS(tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	torture_comment(tctx, "nttrans_rename: rename with an invalid handle gives NT_STATUS_INVALID_HANDLE\n");
+	ZERO_STRUCT(rn);
+	rn.generic.level = RAW_RENAME_NTTRANS;
+	rn.nttrans.in.file.fnum = fnum+1;
+	rn.nttrans.in.flags	= 0;
+	rn.nttrans.in.new_name	= fname2+strlen(BASEDIR)+1;
+
+	status = smb_raw_rename(cli1->tree, &rn);
+
+	CHECK_STATUS(tctx, status, NT_STATUS_INVALID_HANDLE);
+
+done:
+	smb_raw_exit(cli1->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+
+static bool test_raw_oplock_batch20(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	const char *fname1 = BASEDIR "\\test_batch20_1.dat";
+	const char *fname2 = BASEDIR "\\test_batch20_2.dat";
+	const char *fname3 = BASEDIR "\\test_batch20_3.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	union smb_fileinfo qfi;
+	union smb_setfileinfo sfi;
+	uint16_t fnum=0,fnum2=0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname1);
+	smbcli_unlink(cli1->tree, fname2);
+	smbcli_unlink(cli1->tree, fname3);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname1;
+
+	torture_comment(tctx, "BATCH20: open a file with an batch oplock (share mode: all)\n");
+	ZERO_STRUCT(break_info);
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
+		NTCREATEX_FLAGS_REQUEST_OPLOCK |
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE|
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, BATCH_OPLOCK_RETURN);
+
+	ZERO_STRUCT(sfi);
+	sfi.generic.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sfi.generic.in.file.path = fname1;
+	sfi.rename_information.in.overwrite	= 0;
+	sfi.rename_information.in.root_fid	= 0;
+	sfi.rename_information.in.new_name	= fname2+strlen(BASEDIR)+1;
+
+	status = smb_raw_setpathinfo(cli2->tree, &sfi);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.failures, 0);
+
+	if (TARGET_IS_WINXP(tctx) || TARGET_IS_W2K12(tctx)) {
+		/* Win XP breaks to level2. */
+		CHECK_VAL(break_info.count, 1);
+		CHECK_VAL(break_info.level, OPLOCK_BREAK_TO_LEVEL_II);
+	} else if (TARGET_IS_W2K3(tctx) || TARGET_IS_W2K8(tctx) ||
+	    TARGET_IS_SAMBA3(tctx) || TARGET_IS_SAMBA4(tctx)) {
+		/* Win2K3/2k8 incorrectly doesn't break at all. */
+		CHECK_VAL(break_info.count, 0);
+	} else {
+		/* win7/2k8r2 break to none. */
+		CHECK_VAL(break_info.count, 1);
+		CHECK_VAL(break_info.level, OPLOCK_BREAK_TO_NONE);
+	}
+
+	ZERO_STRUCT(qfi);
+	qfi.generic.level = RAW_FILEINFO_ALL_INFORMATION;
+	qfi.generic.in.file.fnum = fnum;
+
+	status = smb_raw_fileinfo(cli1->tree, tctx, &qfi);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	CHECK_STRMATCH(qfi.all_info.out.fname.s, fname2);
+
+	torture_comment(tctx, "open a file with the new name an batch oplock (share mode: all)\n");
+	ZERO_STRUCT(break_info);
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
+		NTCREATEX_FLAGS_REQUEST_OPLOCK |
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE|
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	io.ntcreatex.in.fname = fname2;
+	status = smb_raw_open(cli2->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum2 = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, LEVEL_II_OPLOCK_RETURN);
+
+	torture_wait_for_oplock_break(tctx);
+
+	if (TARGET_IS_WINXP(tctx)) {
+		/* XP broke to level2, and doesn't break again. */
+		CHECK_VAL(break_info.count, 0);
+	} else if (TARGET_IS_W2K3(tctx) || TARGET_IS_W2K8(tctx) ||
+	    TARGET_IS_SAMBA3(tctx) || TARGET_IS_SAMBA4(tctx)) {
+		/* Win2K3 incorrectly didn't break before so break now. */
+		CHECK_VAL(break_info.count, 1);
+		CHECK_VAL(break_info.level, OPLOCK_BREAK_TO_LEVEL_II);
+	} else {
+		/* win7/2k8r2 broke to none, and doesn't break again. */
+		CHECK_VAL(break_info.count, 0);
+	}
+
+	ZERO_STRUCT(break_info);
+
+	ZERO_STRUCT(sfi);
+	sfi.generic.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sfi.generic.in.file.fnum = fnum;
+	sfi.rename_information.in.overwrite	= 0;
+	sfi.rename_information.in.root_fid	= 0;
+	sfi.rename_information.in.new_name	= fname3+strlen(BASEDIR)+1;
+
+	status = smb_raw_setfileinfo(cli1->tree, &sfi);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+
+	ZERO_STRUCT(qfi);
+	qfi.generic.level = RAW_FILEINFO_ALL_INFORMATION;
+	qfi.generic.in.file.fnum = fnum;
+
+	status = smb_raw_fileinfo(cli1->tree, tctx, &qfi);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	CHECK_STRMATCH(qfi.all_info.out.fname.s, fname3);
+
+	ZERO_STRUCT(qfi);
+	qfi.generic.level = RAW_FILEINFO_ALL_INFORMATION;
+	qfi.generic.in.file.fnum = fnum2;
+
+	status = smb_raw_fileinfo(cli2->tree, tctx, &qfi);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	CHECK_STRMATCH(qfi.all_info.out.fname.s, fname3);
+
+
+done:
+	smbcli_close(cli1->tree, fnum);
+	smbcli_close(cli2->tree, fnum2);
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+static bool test_raw_oplock_batch21(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\test_batch21.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	struct smb_echo e;
+	uint16_t fnum=0;
+	char c = 0;
+	ssize_t wr;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	/*
+	  with a batch oplock we get a break
+	*/
+	torture_comment(tctx, "BATCH21: open with batch oplock\n");
+	ZERO_STRUCT(break_info);
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
+		NTCREATEX_FLAGS_REQUEST_OPLOCK |
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, BATCH_OPLOCK_RETURN);
+
+	torture_comment(tctx, "writing should not generate a break\n");
+	wr = smbcli_write(cli1->tree, fnum, 0, &c, 0, 1);
+	CHECK_VAL(wr, 1);
+	CHECK_STATUS(tctx, smbcli_nt_error(cli1->tree), NT_STATUS_OK);
+
+	ZERO_STRUCT(e);
+	e.in.repeat_count = 1;
+	status = smb_raw_echo(cli1->transport, &e);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+
+	smbcli_close(cli1->tree, fnum);
+
+done:
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+static bool test_raw_oplock_batch22(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\test_batch22.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	uint16_t fnum = 0, fnum2 = 0, fnum3 = 0;
+	struct timeval tv;
+	int timeout = torture_setting_int(tctx, "oplocktimeout", 30);
+	int te;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	/*
+	  with a batch oplock we get a break
+	*/
+	torture_comment(tctx, "BATCH22: open with batch oplock\n");
+	ZERO_STRUCT(break_info);
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
+		NTCREATEX_FLAGS_REQUEST_OPLOCK |
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE|
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, BATCH_OPLOCK_RETURN);
+
+	torture_comment(tctx, "a 2nd open should not succeed after the oplock "
+			"break timeout\n");
+	tv = timeval_current();
+	smbcli_oplock_handler(cli1->transport, oplock_handler_timeout, cli1->tree);
+	status = smb_raw_open(cli1->tree, tctx, &io);
+
+	if (TARGET_IS_W2K3(tctx)) {
+		/* 2k3 has an issue here. xp/win7 are ok. */
+		CHECK_STATUS(tctx, status, NT_STATUS_SHARING_VIOLATION);
+	} else {
+		CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	}
+
+	fnum2 = io.ntcreatex.out.file.fnum;
+
+	torture_wait_for_oplock_break(tctx);
+	te = (int)timeval_elapsed(&tv);
+
+	/*
+	 * Some servers detect clients that let oplocks timeout, so this check
+	 * only shows a warning message instead failing the test to eliminate
+	 * failures from repeated runs of the test.  This isn't ideal, but
+	 * it's better than not running the test at all.
+	 */
+	CHECK_RANGE(te, timeout - 1, timeout + 15);
+
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.fnum, fnum);
+	CHECK_VAL(break_info.level, OPLOCK_BREAK_TO_LEVEL_II);
+	CHECK_VAL(break_info.failures, 0);
+	ZERO_STRUCT(break_info);
+
+	torture_comment(tctx, "a 2nd open should succeed after the oplock "
+			"release without break\n");
+	tv = timeval_current();
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+#if 0
+	/* Samba 3.6.0 and above behave as Windows. */
+	if (TARGET_IS_SAMBA3(tctx)) {
+		/* samba3 doesn't grant additional oplocks to bad clients. */
+		CHECK_VAL(io.ntcreatex.out.oplock_level, NO_OPLOCK_RETURN);
+	} else {
+		CHECK_VAL(io.ntcreatex.out.oplock_level,
+			LEVEL_II_OPLOCK_RETURN);
+	}
+#else
+	CHECK_VAL(io.ntcreatex.out.oplock_level,
+		  LEVEL_II_OPLOCK_RETURN);
+#endif
+	torture_wait_for_oplock_break(tctx);
+	te = (int)timeval_elapsed(&tv);
+	/* it should come in without delay */
+	CHECK_RANGE(te+1, 0, timeout);
+	fnum3 = io.ntcreatex.out.file.fnum;
+
+	CHECK_VAL(break_info.count, 0);
+
+	smbcli_close(cli1->tree, fnum);
+	smbcli_close(cli1->tree, fnum2);
+	smbcli_close(cli1->tree, fnum3);
+
+done:
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+static bool test_raw_oplock_batch23(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\test_batch23.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	uint16_t fnum=0, fnum2=0,fnum3=0;
+	struct smbcli_state *cli3 = NULL;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname);
+
+	ret = open_connection_no_level2_oplocks(tctx, &cli3);
+	CHECK_VAL(ret, true);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+	smbcli_oplock_handler(cli2->transport, oplock_handler_ack_to_given, cli2->tree);
+	smbcli_oplock_handler(cli3->transport, oplock_handler_ack_to_given, cli3->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	torture_comment(tctx, "BATCH23: a open and ask for a batch oplock\n");
+	ZERO_STRUCT(break_info);
+
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_READ | SEC_RIGHTS_FILE_WRITE;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
+		NTCREATEX_FLAGS_REQUEST_OPLOCK |
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, BATCH_OPLOCK_RETURN);
+
+	ZERO_STRUCT(break_info);
+
+	torture_comment(tctx, "a 2nd open without level2 oplock support should generate a break to level2\n");
+	status = smb_raw_open(cli3->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum3 = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, NO_OPLOCK_RETURN);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.fnum, fnum);
+	CHECK_VAL(break_info.level, OPLOCK_BREAK_TO_LEVEL_II);
+	CHECK_VAL(break_info.failures, 0);
+
+	ZERO_STRUCT(break_info);
+
+	torture_comment(tctx, "a 3rd open with level2 oplock support should not generate a break\n");
+	status = smb_raw_open(cli2->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum2 = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, LEVEL_II_OPLOCK_RETURN);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+
+	smbcli_close(cli1->tree, fnum);
+	smbcli_close(cli2->tree, fnum2);
+	smbcli_close(cli3->tree, fnum3);
+
+done:
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smb_raw_exit(cli3->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+static bool test_raw_oplock_batch24(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\test_batch24.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	uint16_t fnum2=0,fnum3=0;
+	struct smbcli_state *cli3 = NULL;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname);
+
+	ret = open_connection_no_level2_oplocks(tctx, &cli3);
+	CHECK_VAL(ret, true);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+	smbcli_oplock_handler(cli2->transport, oplock_handler_ack_to_given, cli2->tree);
+	smbcli_oplock_handler(cli3->transport, oplock_handler_ack_to_given, cli3->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	torture_comment(tctx, "BATCH24: a open without level support and ask for a batch oplock\n");
+	ZERO_STRUCT(break_info);
+
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_READ | SEC_RIGHTS_FILE_WRITE;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
+		NTCREATEX_FLAGS_REQUEST_OPLOCK |
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	status = smb_raw_open(cli3->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum3 = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, BATCH_OPLOCK_RETURN);
+
+	ZERO_STRUCT(break_info);
+
+	torture_comment(tctx, "a 2nd open with level2 oplock support should generate a break to none\n");
+	status = smb_raw_open(cli2->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum2 = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, LEVEL_II_OPLOCK_RETURN);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.fnum, fnum3);
+	CHECK_VAL(break_info.level, OPLOCK_BREAK_TO_NONE);
+	CHECK_VAL(break_info.failures, 0);
+
+	smbcli_close(cli3->tree, fnum3);
+	smbcli_close(cli2->tree, fnum2);
+
+done:
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smb_raw_exit(cli3->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+static bool test_raw_oplock_batch25(struct torture_context *tctx,
+				    struct smbcli_state *cli1,
+				    struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\test_batch25.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	union smb_setfileinfo sfi;
+	uint16_t fnum=0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	torture_comment(tctx, "BATCH25: open a file with an batch oplock "
+			"(share mode: none)\n");
+
+	ZERO_STRUCT(break_info);
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
+		NTCREATEX_FLAGS_REQUEST_OPLOCK |
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, BATCH_OPLOCK_RETURN);
+
+	torture_comment(tctx, "setpathinfo attribute info should not trigger "
+			"a break nor a violation\n");
+	ZERO_STRUCT(sfi);
+	sfi.generic.level = RAW_SFILEINFO_SETATTR;
+	sfi.generic.in.file.path	= fname;
+	sfi.setattr.in.attrib		= FILE_ATTRIBUTE_HIDDEN;
+	sfi.setattr.in.write_time	= 0;
+
+        status = smb_raw_setpathinfo(cli2->tree, &sfi);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+
+	smbcli_close(cli1->tree, fnum);
+
+done:
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+/**
+ * Similar to batch17/18, but test with open share mode rather than
+ * share_none.
+ */
+static bool test_raw_oplock_batch26(struct torture_context *tctx,
+    struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	const char *fname1 = BASEDIR "\\test_batch26_1.dat";
+	const char *fname2 = BASEDIR "\\test_batch26_2.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	union smb_rename rn;
+	uint16_t fnum=0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname1);
+	smbcli_unlink(cli1->tree, fname2);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given,
+	    cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+	    NTCREATEX_SHARE_ACCESS_WRITE | NTCREATEX_SHARE_ACCESS_DELETE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname1;
+
+	torture_comment(tctx,
+			"BATCH26: open a file with an batch oplock "
+			"(share mode: all)\n");
+
+	ZERO_STRUCT(break_info);
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
+		NTCREATEX_FLAGS_REQUEST_OPLOCK |
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+
+
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, BATCH_OPLOCK_RETURN);
+
+	torture_comment(tctx, "rename should trigger a break\n");
+	ZERO_STRUCT(rn);
+	rn.generic.level = RAW_RENAME_RENAME;
+	rn.rename.in.pattern1 = fname1;
+	rn.rename.in.pattern2 = fname2;
+	rn.rename.in.attrib = 0;
+
+	torture_comment(tctx, "trying rename while first file open\n");
+	status = smb_raw_rename(cli2->tree, &rn);
+	CHECK_STATUS(tctx, status, NT_STATUS_SHARING_VIOLATION);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.failures, 0);
+	CHECK_VAL(break_info.level, OPLOCK_BREAK_TO_LEVEL_II);
+
+	/* Close and reopen with batch again. */
+	smbcli_close(cli1->tree, fnum);
+	ZERO_STRUCT(break_info);
+
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, BATCH_OPLOCK_RETURN);
+
+	/* Now try ntrename. */
+	torture_comment(tctx, "ntrename should trigger a break\n");
+	ZERO_STRUCT(rn);
+	rn.generic.level = RAW_RENAME_NTRENAME;
+	rn.ntrename.in.attrib	= 0;
+	rn.ntrename.in.flags	= RENAME_FLAG_RENAME;
+	rn.ntrename.in.old_name = fname1;
+	rn.ntrename.in.new_name = fname2;
+	torture_comment(tctx, "trying rename while first file open\n");
+	status = smb_raw_rename(cli2->tree, &rn);
+	CHECK_STATUS(tctx, status, NT_STATUS_SHARING_VIOLATION);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.failures, 0);
+	CHECK_VAL(break_info.level, OPLOCK_BREAK_TO_LEVEL_II);
+
+	smbcli_close(cli1->tree, fnum);
+
+done:
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+/* Test how oplocks work on streams. */
+static bool test_raw_oplock_stream1(struct torture_context *tctx,
+				    struct smbcli_state *cli1,
+				    struct smbcli_state *cli2)
+{
+	NTSTATUS status;
+	union smb_open io;
+	const char *fname_base = BASEDIR "\\test_stream1.txt";
+	const char *stream = "Stream One:$DATA";
+	const char *fname_stream, *fname_default_stream;
+	const char *default_stream = "::$DATA";
+	bool ret = true;
+	int fnum = -1;
+	int i;
+	int stream_fnum = -1;
+	uint32_t batch_req = NTCREATEX_FLAGS_REQUEST_OPLOCK |
+	    NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK | NTCREATEX_FLAGS_EXTENDED;
+	uint32_t exclusive_req = NTCREATEX_FLAGS_REQUEST_OPLOCK |
+	    NTCREATEX_FLAGS_EXTENDED;
+
+#define NSTREAM_OPLOCK_RESULTS 8
+	struct {
+		const char **fname;
+		bool open_base_file;
+		uint32_t oplock_req;
+		uint32_t oplock_granted;
+	} stream_oplock_results[NSTREAM_OPLOCK_RESULTS] = {
+		/* Request oplock on stream without the base file open. */
+		{&fname_stream, false, batch_req, NO_OPLOCK_RETURN},
+		{&fname_default_stream, false, batch_req, NO_OPLOCK_RETURN},
+		{&fname_stream, false, exclusive_req, EXCLUSIVE_OPLOCK_RETURN},
+		{&fname_default_stream, false,  exclusive_req, EXCLUSIVE_OPLOCK_RETURN},
+
+		/* Request oplock on stream with the base file open. */
+		{&fname_stream, true, batch_req, NO_OPLOCK_RETURN},
+		{&fname_default_stream, true, batch_req, NO_OPLOCK_RETURN},
+		{&fname_stream, true, exclusive_req, EXCLUSIVE_OPLOCK_RETURN},
+		{&fname_default_stream, true,  exclusive_req, LEVEL_II_OPLOCK_RETURN},
+
+	};
+
+
+	/* Only passes against windows at the moment. */
+	if (torture_setting_bool(tctx, "samba3", false) ||
+	    torture_setting_bool(tctx, "samba4", false)) {
+		torture_skip(tctx, "STREAM1 disabled against samba3+4\n");
+	}
+
+	fname_stream = talloc_asprintf(tctx, "%s:%s", fname_base, stream);
+	fname_default_stream = talloc_asprintf(tctx, "%s%s", fname_base,
+					       default_stream);
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+	smbcli_unlink(cli1->tree, fname_base);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given, cli1->tree);
+	smbcli_oplock_handler(cli2->transport, oplock_handler_ack_to_given, cli2->tree);
+
+	/* Setup generic open parameters. */
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = (SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA|
+	    SEC_FILE_APPEND_DATA|SEC_STD_READ_CONTROL);
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+	    NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+
+	/* Create the file with a stream */
+	io.ntcreatex.in.fname = fname_stream;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	smbcli_close(cli1->tree, io.ntcreatex.out.file.fnum);
+
+	/* Change the disposition to open now that the file has been created. */
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+
+	/* Try some permutations of taking oplocks on streams. */
+	for (i = 0; i < NSTREAM_OPLOCK_RESULTS; i++) {
+		const char *fname = *stream_oplock_results[i].fname;
+		bool open_base_file = stream_oplock_results[i].open_base_file;
+		uint32_t oplock_req = stream_oplock_results[i].oplock_req;
+		uint32_t oplock_granted =
+		    stream_oplock_results[i].oplock_granted;
+		int base_fnum = -1;
+
+		if (open_base_file) {
+			torture_comment(tctx, "Opening base file: %s with "
+			    "%d\n", fname_base, batch_req);
+			io.ntcreatex.in.fname = fname_base;
+			io.ntcreatex.in.flags = batch_req;
+			status = smb_raw_open(cli2->tree, tctx, &io);
+			CHECK_STATUS(tctx, status, NT_STATUS_OK);
+			CHECK_VAL(io.ntcreatex.out.oplock_level,
+			    BATCH_OPLOCK_RETURN);
+			base_fnum = io.ntcreatex.out.file.fnum;
+		}
+
+		torture_comment(tctx, "%d: Opening stream: %s with %d\n", i,
+		    fname, oplock_req);
+		io.ntcreatex.in.fname = fname;
+		io.ntcreatex.in.flags = oplock_req;
+
+		/* Do the open with the desired oplock on the stream. */
+		status = smb_raw_open(cli1->tree, tctx, &io);
+		CHECK_STATUS(tctx, status, NT_STATUS_OK);
+		CHECK_VAL(io.ntcreatex.out.oplock_level, oplock_granted);
+		smbcli_close(cli1->tree, io.ntcreatex.out.file.fnum);
+
+		/* Cleanup the base file if it was opened. */
+		if (base_fnum != -1) {
+			smbcli_close(cli2->tree, base_fnum);
+		}
+	}
+
+	/* Open the stream with an exclusive oplock. */
+	torture_comment(tctx, "Opening stream: %s with %d\n",
+	    fname_stream, exclusive_req);
+	io.ntcreatex.in.fname = fname_stream;
+	io.ntcreatex.in.flags = exclusive_req;
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	CHECK_VAL(io.ntcreatex.out.oplock_level, EXCLUSIVE_OPLOCK_RETURN);
+	stream_fnum = io.ntcreatex.out.file.fnum;
+
+	/* Open the base file and see if it contends. */
+	ZERO_STRUCT(break_info);
+	torture_comment(tctx, "Opening base file: %s with "
+	    "%d\n", fname_base, batch_req);
+	io.ntcreatex.in.fname = fname_base;
+	io.ntcreatex.in.flags = batch_req;
+	status = smb_raw_open(cli2->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	CHECK_VAL(io.ntcreatex.out.oplock_level,
+	    BATCH_OPLOCK_RETURN);
+	smbcli_close(cli2->tree, io.ntcreatex.out.file.fnum);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.failures, 0);
+
+	/* Open the stream again to see if it contends. */
+	ZERO_STRUCT(break_info);
+	torture_comment(tctx, "Opening stream again: %s with "
+	    "%d\n", fname_base, batch_req);
+	io.ntcreatex.in.fname = fname_stream;
+	io.ntcreatex.in.flags = exclusive_req;
+	status = smb_raw_open(cli2->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	CHECK_VAL(io.ntcreatex.out.oplock_level,
+	    LEVEL_II_OPLOCK_RETURN);
+	smbcli_close(cli2->tree, io.ntcreatex.out.file.fnum);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.level, OPLOCK_BREAK_TO_LEVEL_II);
+	CHECK_VAL(break_info.failures, 0);
+
+	/* Close the stream. */
+	if (stream_fnum != -1) {
+		smbcli_close(cli1->tree, stream_fnum);
+	}
+
+ done:
+	smbcli_close(cli1->tree, fnum);
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+static bool test_raw_oplock_doc(struct torture_context *tctx,
+				struct smbcli_state *cli,
+				struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\test_oplock_doc.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	uint16_t fnum=0;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to set up test directory: " BASEDIR);
+
+	/* cleanup */
+	smbcli_unlink(cli->tree, fname);
+
+	smbcli_oplock_handler(cli->transport, oplock_handler_ack_to_given,
+			      cli->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	torture_comment(tctx, "open a file with a batch oplock\n");
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
+	    NTCREATEX_FLAGS_REQUEST_OPLOCK |
+	    NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, BATCH_OPLOCK_RETURN);
+
+	torture_comment(tctx, "Set delete-on-close\n");
+	status = smbcli_nt_delete_on_close(cli->tree, fnum, true);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	torture_comment(tctx, "2nd open should not break and get "
+			"DELETE_PENDING\n");
+	ZERO_STRUCT(break_info);
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.access_mask = SEC_FILE_READ_DATA;
+	status = smb_raw_open(cli2->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_DELETE_PENDING);
+	CHECK_VAL(break_info.count, 0);
+
+	smbcli_close(cli->tree, fnum);
+
+done:
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+/* Open a file with a batch oplock, then open it again from a second client
+ * requesting no oplock. Having two open file handles should break our own
+ * oplock during BRL acquisition.
+ */
+static bool test_raw_oplock_brl1(struct torture_context *tctx,
+				 struct smbcli_state *cli1,
+				 struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\test_batch_brl.dat";
+	/*int fname, f;*/
+	bool ret = true;
+	uint8_t buf[1000];
+	union smb_open io;
+	NTSTATUS status;
+	uint16_t fnum=0;
+	uint16_t fnum2=0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given,
+			      cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_READ |
+				      SEC_RIGHTS_FILE_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				       NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	/*
+	  with a batch oplock we get a break
+	*/
+	torture_comment(tctx, "open with batch oplock\n");
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
+		NTCREATEX_FLAGS_REQUEST_OPLOCK |
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, BATCH_OPLOCK_RETURN);
+	/* create a file with bogus data */
+	memset(buf, 0, sizeof(buf));
+
+	if (smbcli_write(cli1->tree, fnum, 0, buf, 0, sizeof(buf)) !=
+			 sizeof(buf))
+	{
+		torture_comment(tctx, "Failed to create file\n");
+		goto done;
+	}
+
+	torture_comment(tctx, "a 2nd open should give a break\n");
+	ZERO_STRUCT(break_info);
+
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
+	status = smb_raw_open(cli2->tree, tctx, &io);
+	fnum2 = io.ntcreatex.out.file.fnum;
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.level, OPLOCK_BREAK_TO_LEVEL_II);
+	CHECK_VAL(break_info.failures, 0);
+	CHECK_VAL(break_info.fnum, fnum);
+
+	ZERO_STRUCT(break_info);
+
+	torture_comment(tctx, "a self BRL acquisition should break to none\n");
+
+	status = smbcli_lock(cli1->tree, fnum, 0, 4, 0, WRITE_LOCK);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.level, OPLOCK_BREAK_TO_NONE);
+	CHECK_VAL(break_info.fnum, fnum);
+	CHECK_VAL(break_info.failures, 0);
+
+	/* expect no oplock break */
+	ZERO_STRUCT(break_info);
+	status = smbcli_lock(cli1->tree, fnum, 2, 4, 0, WRITE_LOCK);
+	CHECK_STATUS(tctx, status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.level, 0);
+	CHECK_VAL(break_info.fnum, 0);
+	CHECK_VAL(break_info.failures, 0);
+
+	smbcli_close(cli1->tree, fnum);
+	smbcli_close(cli2->tree, fnum2);
+
+done:
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+
+}
+
+/* Open a file with a batch oplock on one client and then acquire a brl.
+ * We should not contend our own oplock.
+ */
+static bool test_raw_oplock_brl2(struct torture_context *tctx, struct smbcli_state *cli1)
+{
+	const char *fname = BASEDIR "\\test_batch_brl.dat";
+	/*int fname, f;*/
+	bool ret = true;
+	uint8_t buf[1000];
+	union smb_open io;
+	NTSTATUS status;
+	uint16_t fnum=0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given,
+			      cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_READ |
+				      SEC_RIGHTS_FILE_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				       NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	/*
+	  with a batch oplock we get a break
+	*/
+	torture_comment(tctx, "open with batch oplock\n");
+	ZERO_STRUCT(break_info);
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
+		NTCREATEX_FLAGS_REQUEST_OPLOCK |
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, BATCH_OPLOCK_RETURN);
+
+	/* create a file with bogus data */
+	memset(buf, 0, sizeof(buf));
+
+	if (smbcli_write(cli1->tree, fnum, 0, buf, 0, sizeof(buf)) !=
+			 sizeof(buf))
+	{
+		torture_comment(tctx, "Failed to create file\n");
+		goto done;
+	}
+
+	torture_comment(tctx, "a self BRL acquisition should not break to "
+			"none\n");
+
+	status = smbcli_lock(cli1->tree, fnum, 0, 4, 0, WRITE_LOCK);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	status = smbcli_lock(cli1->tree, fnum, 2, 4, 0, WRITE_LOCK);
+	CHECK_STATUS(tctx, status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	/* With one file handle open a BRL should not contend our oplock.
+	 * Thus, no oplock break will be received and the entire break_info
+	 * struct will be 0 */
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.fnum, 0);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.level, 0);
+	CHECK_VAL(break_info.failures, 0);
+
+	smbcli_close(cli1->tree, fnum);
+
+done:
+	smb_raw_exit(cli1->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+/* Open a file with a batch oplock twice from one client and then acquire a
+ * brl. BRL acquisition should break our own oplock.
+ */
+static bool test_raw_oplock_brl3(struct torture_context *tctx,
+				 struct smbcli_state *cli1)
+{
+	const char *fname = BASEDIR "\\test_batch_brl.dat";
+	bool ret = true;
+	uint8_t buf[1000];
+	union smb_open io;
+	NTSTATUS status;
+	uint16_t fnum=0;
+	uint16_t fnum2=0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given,
+			      cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_READ |
+				      SEC_RIGHTS_FILE_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				       NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	/*
+	  with a batch oplock we get a break
+	*/
+	torture_comment(tctx, "open with batch oplock\n");
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
+		NTCREATEX_FLAGS_REQUEST_OPLOCK |
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, BATCH_OPLOCK_RETURN);
+
+	/* create a file with bogus data */
+	memset(buf, 0, sizeof(buf));
+
+	if (smbcli_write(cli1->tree, fnum, 0, buf, 0, sizeof(buf)) !=
+			 sizeof(buf))
+	{
+		torture_comment(tctx, "Failed to create file\n");
+		ret = false;
+		goto done;
+	}
+
+	torture_comment(tctx, "a 2nd open should give a break\n");
+	ZERO_STRUCT(break_info);
+
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	fnum2 = io.ntcreatex.out.file.fnum;
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.level, OPLOCK_BREAK_TO_LEVEL_II);
+	CHECK_VAL(break_info.failures, 0);
+	CHECK_VAL(break_info.fnum, fnum);
+
+	ZERO_STRUCT(break_info);
+
+	torture_comment(tctx, "a self BRL acquisition should break to none\n");
+
+	status = smbcli_lock(cli1->tree, fnum, 0, 4, 0, WRITE_LOCK);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.level, OPLOCK_BREAK_TO_NONE);
+	CHECK_VAL(break_info.fnum, fnum);
+	CHECK_VAL(break_info.failures, 0);
+
+	/* expect no oplock break */
+	ZERO_STRUCT(break_info);
+	status = smbcli_lock(cli1->tree, fnum, 2, 4, 0, WRITE_LOCK);
+	CHECK_STATUS(tctx, status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.level, 0);
+	CHECK_VAL(break_info.fnum, 0);
+	CHECK_VAL(break_info.failures, 0);
+
+	smbcli_close(cli1->tree, fnum);
+	smbcli_close(cli1->tree, fnum2);
+
+done:
+	smb_raw_exit(cli1->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+/*
+ * Open a file with an exclusive oplock from the 1st client and acquire a
+ * brl. Then open the same file from the 2nd client that should give oplock
+ * break with level2 to the 1st and return no oplock to the 2nd.
+ */
+static bool test_raw_oplock_brl4(struct torture_context *tctx,
+				 struct smbcli_state *cli1,
+				 struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\test_batch_brl.dat";
+	bool ret = true;
+	uint8_t buf[1000];
+	union smb_open io;
+	NTSTATUS status;
+	uint16_t fnum = 0;
+	uint16_t fnum2 = 0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname);
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_given,
+			      cli1->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_READ |
+				      SEC_RIGHTS_FILE_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				       NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	torture_comment(tctx, "open with exclusive oplock\n");
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
+		NTCREATEX_FLAGS_REQUEST_OPLOCK;
+
+	status = smb_raw_open(cli1->tree, tctx, &io);
+
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, EXCLUSIVE_OPLOCK_RETURN);
+
+	/* create a file with bogus data */
+	memset(buf, 0, sizeof(buf));
+
+	if (smbcli_write(cli1->tree, fnum, 0, buf, 0, sizeof(buf)) !=
+			 sizeof(buf))
+	{
+		torture_comment(tctx, "Failed to create file\n");
+		goto done;
+	}
+
+	status = smbcli_lock(cli1->tree, fnum, 0, 1, 0, WRITE_LOCK);
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+
+	torture_comment(tctx, "a 2nd open should give a break to the 1st\n");
+	ZERO_STRUCT(break_info);
+
+	status = smb_raw_open(cli2->tree, tctx, &io);
+
+	CHECK_STATUS(tctx, status, NT_STATUS_OK);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.level, OPLOCK_BREAK_TO_LEVEL_II);
+	CHECK_VAL(break_info.failures, 0);
+	CHECK_VAL(break_info.fnum, fnum);
+
+	torture_comment(tctx, "and return no oplock to the 2nd\n");
+	fnum2 = io.ntcreatex.out.file.fnum;
+	CHECK_VAL(io.ntcreatex.out.oplock_level, NO_OPLOCK_RETURN);
+
+	smbcli_close(cli1->tree, fnum);
+	smbcli_close(cli2->tree, fnum2);
+
+done:
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+/*
+   basic testing of oplocks
+*/
+struct torture_suite *torture_raw_oplock(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "oplock");
+
+	torture_suite_add_2smb_test(suite, "exclusive1", test_raw_oplock_exclusive1);
+	torture_suite_add_2smb_test(suite, "exclusive2", test_raw_oplock_exclusive2);
+	torture_suite_add_2smb_test(suite, "exclusive3", test_raw_oplock_exclusive3);
+	torture_suite_add_2smb_test(suite, "exclusive4", test_raw_oplock_exclusive4);
+	torture_suite_add_2smb_test(suite, "exclusive5", test_raw_oplock_exclusive5);
+	torture_suite_add_2smb_test(suite, "exclusive6", test_raw_oplock_exclusive6);
+	torture_suite_add_2smb_test(suite, "exclusive7", test_raw_oplock_exclusive7);
+	torture_suite_add_2smb_test(suite, "exclusive8",
+				    test_raw_oplock_exclusive8);
+	torture_suite_add_2smb_test(suite, "exclusive9",
+				    test_raw_oplock_exclusive9);
+	torture_suite_add_2smb_test(suite, "level_ii_1",
+				    test_raw_oplock_level_ii_1);
+	torture_suite_add_2smb_test(suite, "batch1", test_raw_oplock_batch1);
+	torture_suite_add_2smb_test(suite, "batch2", test_raw_oplock_batch2);
+	torture_suite_add_2smb_test(suite, "batch3", test_raw_oplock_batch3);
+	torture_suite_add_2smb_test(suite, "batch4", test_raw_oplock_batch4);
+	torture_suite_add_2smb_test(suite, "batch5", test_raw_oplock_batch5);
+	torture_suite_add_2smb_test(suite, "batch6", test_raw_oplock_batch6);
+	torture_suite_add_2smb_test(suite, "batch7", test_raw_oplock_batch7);
+	torture_suite_add_2smb_test(suite, "batch8", test_raw_oplock_batch8);
+	torture_suite_add_2smb_test(suite, "batch9", test_raw_oplock_batch9);
+	torture_suite_add_2smb_test(suite, "batch9a", test_raw_oplock_batch9a);
+	torture_suite_add_2smb_test(suite, "batch10", test_raw_oplock_batch10);
+	torture_suite_add_2smb_test(suite, "batch11", test_raw_oplock_batch11);
+	torture_suite_add_2smb_test(suite, "batch12", test_raw_oplock_batch12);
+	torture_suite_add_2smb_test(suite, "batch13", test_raw_oplock_batch13);
+	torture_suite_add_2smb_test(suite, "batch14", test_raw_oplock_batch14);
+	torture_suite_add_2smb_test(suite, "batch15", test_raw_oplock_batch15);
+	torture_suite_add_2smb_test(suite, "batch16", test_raw_oplock_batch16);
+	torture_suite_add_2smb_test(suite, "batch17", test_raw_oplock_batch17);
+	torture_suite_add_2smb_test(suite, "batch18", test_raw_oplock_batch18);
+	torture_suite_add_2smb_test(suite, "batch19", test_raw_oplock_batch19);
+	torture_suite_add_2smb_test(suite, "batch20", test_raw_oplock_batch20);
+	torture_suite_add_2smb_test(suite, "batch21", test_raw_oplock_batch21);
+	torture_suite_add_2smb_test(suite, "batch22", test_raw_oplock_batch22);
+	torture_suite_add_2smb_test(suite, "batch23", test_raw_oplock_batch23);
+	torture_suite_add_2smb_test(suite, "batch24", test_raw_oplock_batch24);
+	torture_suite_add_2smb_test(suite, "batch25", test_raw_oplock_batch25);
+	torture_suite_add_2smb_test(suite, "batch26", test_raw_oplock_batch26);
+	torture_suite_add_2smb_test(suite, "stream1", test_raw_oplock_stream1);
+	torture_suite_add_2smb_test(suite, "doc1", test_raw_oplock_doc);
+	torture_suite_add_2smb_test(suite, "brl1", test_raw_oplock_brl1);
+	torture_suite_add_1smb_test(suite, "brl2", test_raw_oplock_brl2);
+	torture_suite_add_1smb_test(suite, "brl3", test_raw_oplock_brl3);
+	torture_suite_add_2smb_test(suite, "brl4", test_raw_oplock_brl4);
+
+	return suite;
+}
+
+/*
+   stress testing of oplocks
+*/
+bool torture_bench_oplock(struct torture_context *torture)
+{
+	struct smbcli_state **cli;
+	bool ret = true;
+	TALLOC_CTX *mem_ctx = talloc_new(torture);
+	int torture_nprocs = torture_setting_int(torture, "nprocs", 4);
+	int i, count=0;
+	int timelimit = torture_setting_int(torture, "timelimit", 10);
+	union smb_open io;
+	struct timeval tv;
+
+	cli = talloc_array(mem_ctx, struct smbcli_state *, torture_nprocs);
+
+	torture_comment(torture, "Opening %d connections\n", torture_nprocs);
+	for (i=0;i<torture_nprocs;i++) {
+		if (!torture_open_connection_ev(&cli[i], i, torture, torture->ev)) {
+			return false;
+		}
+		talloc_steal(mem_ctx, cli[i]);
+		smbcli_oplock_handler(cli[i]->transport, oplock_handler_close, 
+				      cli[i]->tree);
+	}
+
+	if (!torture_setup_dir(cli[0], BASEDIR)) {
+		ret = false;
+		goto done;
+	}
+
+	io.ntcreatex.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = BASEDIR "\\test.dat";
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED | 
+		NTCREATEX_FLAGS_REQUEST_OPLOCK | 
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+
+	tv = timeval_current();	
+
+	/*
+	  we open the same file with SHARE_ACCESS_NONE from all the
+	  connections in a round robin fashion. Each open causes an
+	  oplock break on the previous connection, which is answered
+	  by the oplock_handler_close() to close the file.
+
+	  This measures how fast we can pass on oplocks, and stresses
+	  the oplock handling code
+	*/
+	torture_comment(torture, "Running for %d seconds\n", timelimit);
+	while (timeval_elapsed(&tv) < timelimit) {
+		for (i=0;i<torture_nprocs;i++) {
+			NTSTATUS status;
+
+			status = smb_raw_open(cli[i]->tree, mem_ctx, &io);
+			CHECK_STATUS(torture, status, NT_STATUS_OK);
+			count++;
+		}
+
+		if (torture_setting_bool(torture, "progress", true)) {
+			torture_comment(torture, "%.2f ops/second\r", count/timeval_elapsed(&tv));
+		}
+	}
+
+	torture_comment(torture, "%.2f ops/second\n", count/timeval_elapsed(&tv));
+
+	smb_raw_exit(cli[torture_nprocs-1]->session);
+	
+done:
+	smb_raw_exit(cli[0]->session);
+	smbcli_deltree(cli[0]->tree, BASEDIR);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+
+static struct hold_oplock_info {
+	const char *fname;
+	bool close_on_break;
+	uint32_t share_access;
+	uint16_t fnum;
+} hold_info[] = {
+	{
+		.fname          = BASEDIR "\\notshared_close",
+		.close_on_break = true,
+		.share_access   = NTCREATEX_SHARE_ACCESS_NONE,
+	},
+	{
+		.fname          = BASEDIR "\\notshared_noclose",
+		.close_on_break = false,
+		.share_access   = NTCREATEX_SHARE_ACCESS_NONE,
+	},
+	{
+		.fname          = BASEDIR "\\shared_close",
+		.close_on_break = true,
+		.share_access   = NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE,
+	},
+	{
+		.fname          = BASEDIR "\\shared_noclose",
+		.close_on_break = false,
+		.share_access   = NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE,
+	},
+};
+
+static bool oplock_handler_hold(struct smbcli_transport *transport, 
+				uint16_t tid, uint16_t fnum, uint8_t level, 
+				void *private_data)
+{
+	struct smbcli_tree *tree = (struct smbcli_tree *)private_data;
+	struct hold_oplock_info *info;
+	int i;
+
+	for (i=0;i<ARRAY_SIZE(hold_info);i++) {
+		if (hold_info[i].fnum == fnum) break;
+	}
+
+	if (i == ARRAY_SIZE(hold_info)) {
+		printf("oplock break for unknown fnum %u\n", fnum);
+		return false;
+	}
+
+	info = &hold_info[i];
+
+	if (info->close_on_break) {
+		printf("oplock break on %s - closing\n",
+		       info->fname);
+		oplock_handler_close(transport, tid, fnum, level, private_data);
+		return true;
+	}
+
+	printf("oplock break on %s - acking break\n", info->fname);
+
+	return smbcli_oplock_ack(tree, fnum, OPLOCK_BREAK_TO_NONE);
+}
+
+
+/* 
+   used for manual testing of oplocks - especially interaction with
+   other filesystems (such as NFS and local access)
+*/
+bool torture_hold_oplock(struct torture_context *torture, 
+			 struct smbcli_state *cli)
+{
+	struct tevent_context *ev = torture->ev;
+	int i;
+
+	printf("Setting up open files with oplocks in %s\n", BASEDIR);
+
+	torture_assert(torture, torture_setup_dir(cli, BASEDIR), "Failed to set up test directory: " BASEDIR);
+
+	smbcli_oplock_handler(cli->transport, oplock_handler_hold, cli->tree);
+
+	/* setup the files */
+	for (i=0;i<ARRAY_SIZE(hold_info);i++) {
+		union smb_open io;
+		NTSTATUS status;
+		char c = 1;
+
+		io.generic.level = RAW_OPEN_NTCREATEX;
+		io.ntcreatex.in.root_fid.fnum = 0;
+		io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+		io.ntcreatex.in.alloc_size = 0;
+		io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+		io.ntcreatex.in.share_access = hold_info[i].share_access;
+		io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+		io.ntcreatex.in.create_options = 0;
+		io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+		io.ntcreatex.in.security_flags = 0;
+		io.ntcreatex.in.fname = hold_info[i].fname;
+		io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED | 
+			NTCREATEX_FLAGS_REQUEST_OPLOCK |
+			NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+		printf("opening %s\n", hold_info[i].fname);
+
+		status = smb_raw_open(cli->tree, cli, &io);
+		if (!NT_STATUS_IS_OK(status)) {
+			printf("Failed to open %s - %s\n", 
+			       hold_info[i].fname, nt_errstr(status));
+			return false;
+		}
+
+		if (io.ntcreatex.out.oplock_level != BATCH_OPLOCK_RETURN) {
+			printf("Oplock not granted for %s - expected %d but got %d\n", 
+			       hold_info[i].fname, BATCH_OPLOCK_RETURN, 
+				io.ntcreatex.out.oplock_level);
+			return false;
+		}
+		hold_info[i].fnum = io.ntcreatex.out.file.fnum;
+
+		/* make the file non-zero size */
+		if (smbcli_write(cli->tree, hold_info[i].fnum, 0, &c, 0, 1) != 1) {
+			printf("Failed to write to file\n");
+			return false;
+		}
+	}
+
+	printf("Waiting for oplock events\n");
+	tevent_loop_wait(ev);
+
+	return true;
+}
diff --git a/source4/torture/raw/pingpong.c b/source4/torture/raw/pingpong.c
new file mode 100644
index 0000000..61f1d6b
--- /dev/null
+++ b/source4/torture/raw/pingpong.c
@@ -0,0 +1,248 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   ping pong test
+
+   Copyright (C) Ronnie Sahlberg 2007
+
+   Significantly based on and borrowed from lockbench.c by
+   Copyright (C) Andrew Tridgell 2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+   filename is specified by
+	 --option=torture:filename=...
+
+   number of locks is specified by
+	 --option=torture:num_locks=...
+
+   locktimeout is specified in ms by
+	 --option=torture:locktimeout=...
+
+       default is 100 seconds
+       if set to 0 pingpong will instead loop trying the lock operation
+       over and over until it completes.
+
+   reading from the file can be enabled with
+	 --option=torture:read=true
+
+   writing to the file can be enabled with
+	 --option=torture:write=true
+
+*/
+#include "includes.h"
+#include "system/time.h"
+#include "system/filesys.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "torture/raw/proto.h"
+
+static void lock_byte(struct smbcli_state *cli, int fd, int offset, int lock_timeout)
+{
+	union smb_lock io;
+	struct smb_lock_entry lock;
+	NTSTATUS status;
+
+try_again:
+	ZERO_STRUCT(lock);
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+
+	lock.count = 1;
+	lock.offset = offset;
+	lock.pid = cli->tree->session->pid;
+	io.lockx.level = RAW_LOCK_LOCKX;
+	io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+	io.lockx.in.timeout = lock_timeout;
+	io.lockx.in.locks = &lock;
+	io.lockx.in.file.fnum = fd;
+
+	status = smb_raw_lock(cli->tree, &io);
+
+	/* If we don't use timeouts and we got file lock conflict
+	   just try the lock again.
+	*/
+	if (lock_timeout==0) {
+		if ( (NT_STATUS_EQUAL(NT_STATUS_FILE_LOCK_CONFLICT, status))
+		   ||(NT_STATUS_EQUAL(NT_STATUS_LOCK_NOT_GRANTED, status)) ) {
+			goto try_again;
+		}
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("Lock failed\n"));
+		exit(1);
+	}
+}
+
+static void unlock_byte(struct smbcli_state *cli, int fd, int offset)
+{
+	union smb_lock io;
+	struct smb_lock_entry lock;
+	NTSTATUS status;
+
+	ZERO_STRUCT(lock);
+	io.lockx.in.ulock_cnt = 1;
+	io.lockx.in.lock_cnt = 0;
+
+	lock.count = 1;
+	lock.offset = offset;
+	lock.pid = cli->tree->session->pid;
+	io.lockx.level = RAW_LOCK_LOCKX;
+	io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+	io.lockx.in.timeout = 100000;
+	io.lockx.in.locks = &lock;
+	io.lockx.in.file.fnum = fd;
+
+	status = smb_raw_lock(cli->tree, &io);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("Unlock failed\n"));
+		exit(1);
+	}
+}
+
+static void write_byte(struct smbcli_state *cli, int fd, uint8_t c, int offset)
+{
+	union smb_write io;
+	NTSTATUS status;
+
+	io.generic.level = RAW_WRITE_WRITEX;
+	io.writex.in.file.fnum = fd;
+	io.writex.in.offset = offset;
+	io.writex.in.wmode = 0;
+	io.writex.in.remaining = 0;
+	io.writex.in.count = 1;
+	io.writex.in.data = &c;
+
+	status = smb_raw_write(cli->tree, &io);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("write failed\n");
+		exit(1);
+	}
+}	
+
+static void read_byte(struct smbcli_state *cli, int fd, uint8_t *c, int offset)
+{
+	union smb_read io;
+	NTSTATUS status;
+
+	io.generic.level = RAW_READ_READX;
+	io.readx.in.file.fnum = fd;
+	io.readx.in.mincnt = 1;
+	io.readx.in.maxcnt = 1;
+	io.readx.in.offset = offset;
+	io.readx.in.remaining = 0;
+	io.readx.in.read_for_execute = false;
+	io.readx.out.data = c;
+
+	status = smb_raw_read(cli->tree, &io);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("read failed\n");
+		exit(1);
+	}
+}	
+
+/* 
+   ping pong
+*/
+bool torture_ping_pong(struct torture_context *torture)
+{
+	const char *fn;
+	int num_locks;
+	TALLOC_CTX *mem_ctx = talloc_new(torture);
+	static bool do_reads;
+	static bool do_writes;
+	int lock_timeout;
+	int fd;
+	struct smbcli_state *cli;
+	int i;
+	uint8_t incr=0, last_incr=0;
+	uint8_t *val;
+	int count, loops;
+	struct timeval start;
+
+	fn = torture_setting_string(torture, "filename", NULL);
+	if (fn == NULL) {
+		DEBUG(0,("You must specify the filename using --option=torture:filename=...\n"));
+		return false;
+	}
+
+	num_locks = torture_setting_int(torture, "num_locks", -1);
+	if (num_locks == -1) {
+		DEBUG(0,("You must specify num_locks using --option=torture:num_locks=...\n"));
+		return false;
+	}
+
+	do_reads     = torture_setting_bool(torture, "read", false);
+	do_writes    = torture_setting_bool(torture, "write", false);
+	lock_timeout =  torture_setting_int(torture, "lock_timeout", 100000);
+
+	if (!torture_open_connection(&cli, torture, 0)) {
+		DEBUG(0,("Could not open connection\n"));
+		return false;
+	}
+
+	fd = smbcli_open(cli->tree, fn, O_RDWR|O_CREAT, DENY_NONE);
+	if (fd == -1) {
+		printf("Failed to open %s\n", fn);
+		exit(1);
+	}
+
+	write_byte(cli, fd, 0, num_locks);
+	lock_byte(cli, fd, 0, lock_timeout);
+
+
+	start = timeval_current();
+	val = talloc_zero_array(mem_ctx, uint8_t, num_locks);
+	i = 0;
+	count = 0;
+	loops = 0;
+	while (1) {
+		lock_byte(cli, fd, (i+1)%num_locks, lock_timeout);
+
+		if (do_reads) {
+			uint8_t c;
+			read_byte(cli, fd, &c, i);
+			incr   = c-val[i];
+			val[i] = c;			
+		}
+
+		if (do_writes) {
+			uint8_t c = val[i] + 1;
+			write_byte(cli, fd, c, i);
+		}
+
+		unlock_byte(cli, fd, i);
+
+		i = (i+1)%num_locks;
+		count++;
+		if (loops>num_locks && incr!=last_incr) {
+			last_incr = incr;
+			printf("data increment = %u\n", incr);
+			fflush(stdout);
+		}
+		if (timeval_elapsed(&start) > 1.0) {
+			printf("%8u locks/sec\r", 
+			       (unsigned)(2*count/timeval_elapsed(&start)));
+			fflush(stdout);
+			start = timeval_current();
+			count=0;
+		}
+		loops++;
+	}
+}
+
diff --git a/source4/torture/raw/qfileinfo.c b/source4/torture/raw/qfileinfo.c
new file mode 100644
index 0000000..1d29281
--- /dev/null
+++ b/source4/torture/raw/qfileinfo.c
@@ -0,0 +1,1084 @@
+/* 
+   Unix SMB/CIFS implementation.
+   RAW_FILEINFO_* individual test suite
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2007
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "torture/rpc/torture_rpc.h"
+#include "param/param.h"
+#include "torture/raw/proto.h"
+
+static struct {
+	const char *name;
+	enum smb_fileinfo_level level;
+	unsigned int only_paths:1;
+	unsigned int only_handles:1;
+	uint32_t capability_mask;
+	unsigned int expected_ipc_access_denied:1;
+	NTSTATUS expected_ipc_fnum_status;
+	NTSTATUS fnum_status, fname_status;
+	union smb_fileinfo fnum_finfo, fname_finfo;
+} levels[] = {
+	{
+		.name = "GETATTR",
+		.level = RAW_FILEINFO_GETATTR,
+		.only_paths = 1,
+		.only_handles = 0,
+		.expected_ipc_access_denied = 1,
+	},
+	{
+		.name ="GETATTRE",
+		.level = RAW_FILEINFO_GETATTRE,
+		.only_paths = 0,
+		.only_handles = 1,
+	},
+	{
+		.name ="STANDARD",
+		.level = RAW_FILEINFO_STANDARD,
+	},
+	{
+		.name ="EA_SIZE",
+		.level = RAW_FILEINFO_EA_SIZE,
+	},
+	{
+		.name ="ALL_EAS",
+		.level = RAW_FILEINFO_ALL_EAS,
+		.expected_ipc_fnum_status = NT_STATUS_ACCESS_DENIED,
+		.fnum_status = NT_STATUS_SUCCESS,
+		.fname_status = NT_STATUS_SUCCESS,
+		.fnum_finfo = {
+			.generic = {
+				.level = 0,
+			},
+		},
+		.fname_finfo = {
+			.generic = {
+				.level = 0,
+			},
+		},
+	},
+	{
+		.name ="IS_NAME_VALID",
+		.level =  RAW_FILEINFO_IS_NAME_VALID,
+		.only_paths =  1,
+		.only_handles =  0,
+	},
+	{
+		.name ="BASIC_INFO",
+		.level =  RAW_FILEINFO_BASIC_INFO,
+	},
+	{
+		.name ="STANDARD_INFO",
+		.level =  RAW_FILEINFO_STANDARD_INFO,
+	},
+	{
+		.name ="EA_INFO",
+		.level =  RAW_FILEINFO_EA_INFO,
+	},
+	{
+		.name ="NAME_INFO",
+		.level =  RAW_FILEINFO_NAME_INFO,
+	},
+	{
+		.name ="ALL_INFO",
+		.level =  RAW_FILEINFO_ALL_INFO,
+	},
+	{
+		.name ="ALT_NAME_INFO",
+		.level =  RAW_FILEINFO_ALT_NAME_INFO,
+		.expected_ipc_fnum_status = NT_STATUS_INVALID_PARAMETER,
+		.fnum_status = NT_STATUS_SUCCESS,
+		.fname_status = NT_STATUS_SUCCESS,
+		.fnum_finfo = {
+			.generic = {
+				.level = 0,
+			},
+		},
+		.fname_finfo = {
+			.generic = {
+				.level = 0,
+			},
+		},
+	},
+	{
+		.name ="STREAM_INFO",
+		.level =  RAW_FILEINFO_STREAM_INFO,
+		.expected_ipc_fnum_status = NT_STATUS_INVALID_PARAMETER,
+		.fnum_status = NT_STATUS_SUCCESS,
+		.fname_status = NT_STATUS_SUCCESS,
+		.fnum_finfo = {
+			.generic = {
+				.level = 0,
+			},
+		},
+		.fname_finfo = {
+			.generic = {
+				.level = 0,
+			},
+		},
+	},
+	{
+		.name ="COMPRESSION_INFO",
+		.level =  RAW_FILEINFO_COMPRESSION_INFO,
+		.expected_ipc_fnum_status = NT_STATUS_INVALID_PARAMETER,
+		.fnum_status = NT_STATUS_SUCCESS,
+		.fname_status = NT_STATUS_SUCCESS,
+		.fnum_finfo = {
+			.generic = {
+				.level = 0,
+			},
+		},
+		.fname_finfo = {
+			.generic = {
+				.level = 0,
+			},
+		},
+	},
+	{
+		.name ="UNIX_BASIC_INFO",
+		.level =  RAW_FILEINFO_UNIX_BASIC,
+		.only_paths =  0,
+		.only_handles = 0,
+		.capability_mask = CAP_UNIX,
+	},
+	{
+		.name ="UNIX_LINK_INFO",
+		.level =  RAW_FILEINFO_UNIX_LINK,
+		.only_paths = 0,
+		.only_handles = 0,
+		.capability_mask = CAP_UNIX,
+	},
+	{
+		.name ="BASIC_INFORMATION",
+		.level =  RAW_FILEINFO_BASIC_INFORMATION,
+	},
+	{
+		.name ="STANDARD_INFORMATION",
+		.level =  RAW_FILEINFO_STANDARD_INFORMATION,
+	},
+	{
+		.name ="INTERNAL_INFORMATION",
+		.level =  RAW_FILEINFO_INTERNAL_INFORMATION,
+	},
+	{
+		.name ="EA_INFORMATION",
+		.level =  RAW_FILEINFO_EA_INFORMATION,
+	},
+	{
+		.name = "ACCESS_INFORMATION",
+		.level =  RAW_FILEINFO_ACCESS_INFORMATION,
+	},
+	{
+		.name = "NAME_INFORMATION",
+		.level =  RAW_FILEINFO_NAME_INFORMATION,
+	},
+	{
+		.name ="POSITION_INFORMATION",
+		.level =  RAW_FILEINFO_POSITION_INFORMATION,
+	},
+	{
+		.name ="MODE_INFORMATION",
+		.level =  RAW_FILEINFO_MODE_INFORMATION,
+	},
+	{
+		.name ="ALIGNMENT_INFORMATION",
+		.level =  RAW_FILEINFO_ALIGNMENT_INFORMATION,
+	},
+	{
+		.name ="ALL_INFORMATION",
+		.level =  RAW_FILEINFO_ALL_INFORMATION,
+	},
+	{
+		.name ="ALT_NAME_INFORMATION",
+		.level =  RAW_FILEINFO_ALT_NAME_INFORMATION,
+		.expected_ipc_fnum_status = NT_STATUS_INVALID_PARAMETER,
+		.fnum_status = NT_STATUS_SUCCESS,
+		.fname_status = NT_STATUS_SUCCESS,
+		.fnum_finfo = {
+			.generic = {
+				.level = 0,
+			},
+		},
+		.fname_finfo = {
+			.generic = {
+				.level = 0,
+			},
+		},
+	},
+	{
+		.name ="STREAM_INFORMATION",
+		.level =  RAW_FILEINFO_STREAM_INFORMATION,
+		.expected_ipc_fnum_status = NT_STATUS_INVALID_PARAMETER,
+		.fnum_status = NT_STATUS_SUCCESS,
+		.fname_status = NT_STATUS_SUCCESS,
+		.fnum_finfo = {
+			.generic = {
+				.level = 0,
+			},
+		},
+		.fname_finfo = {
+			.generic = {
+				.level = 0,
+			},
+		},
+	},
+	{
+		.name = "COMPRESSION_INFORMATION",
+		.level =  RAW_FILEINFO_COMPRESSION_INFORMATION,
+		.expected_ipc_fnum_status = NT_STATUS_INVALID_PARAMETER,
+		.fnum_status = NT_STATUS_SUCCESS,
+		.fname_status = NT_STATUS_SUCCESS,
+		.fnum_finfo = {
+			.generic = {
+				.level = 0,
+			},
+		},
+		.fname_finfo = {
+			.generic = {
+				.level = 0,
+			},
+		},
+	},
+	{
+		.name ="NETWORK_OPEN_INFORMATION",
+		.level =  RAW_FILEINFO_NETWORK_OPEN_INFORMATION,
+		.expected_ipc_fnum_status = NT_STATUS_INVALID_PARAMETER,
+		.fnum_status = NT_STATUS_SUCCESS,
+		.fname_status = NT_STATUS_SUCCESS,
+		.fnum_finfo = {
+			.generic = {
+				.level = 0,
+			},
+		},
+		.fname_finfo = {
+			.generic = {
+				.level = 0,
+			},
+		},
+	},
+	{
+		.name = "ATTRIBUTE_TAG_INFORMATION",
+		.level =  RAW_FILEINFO_ATTRIBUTE_TAG_INFORMATION,
+		.expected_ipc_fnum_status = NT_STATUS_INVALID_PARAMETER,
+		.fnum_status = NT_STATUS_SUCCESS,
+		.fname_status = NT_STATUS_SUCCESS,
+		.fnum_finfo = {
+			.generic = {
+				.level = 0,
+			},
+		},
+		.fname_finfo = {
+			.generic = {
+				.level = 0,
+			},
+		},
+	},
+	{ .name = NULL, },
+};
+
+/*
+  compare a dos time (2 second resolution) to a nt time
+*/
+static int dos_nt_time_cmp(time_t t, NTTIME nt)
+{
+	time_t t2 = nt_time_to_unix(nt);
+	if (labs(t2 - t) <= 2) return 0;
+	return t2 > t ? 1 : -1;
+}
+
+
+/*
+  find a level in the levels[] table
+*/
+static union smb_fileinfo *fnum_find(const char *name)
+{
+	int i;
+	for (i=0; levels[i].name; i++) {
+		if (NT_STATUS_IS_OK(levels[i].fnum_status) &&
+		    strcmp(name, levels[i].name) == 0 && 
+		    !levels[i].only_paths) {
+			return &levels[i].fnum_finfo;
+		}
+	}
+	return NULL;
+}
+
+/*
+  find a level in the levels[] table
+*/
+static union smb_fileinfo *fname_find(bool is_ipc, const char *name)
+{
+	int i;
+	if (is_ipc) {
+		return NULL;
+	}
+	for (i=0; levels[i].name; i++) {
+		if (NT_STATUS_IS_OK(levels[i].fname_status) &&
+		    strcmp(name, levels[i].name) == 0 && 
+		    !levels[i].only_handles) {
+			return &levels[i].fname_finfo;
+		}
+	}
+	return NULL;
+}
+
+/* local macros to make the code below more readable */
+#define VAL_EQUAL(n1, v1, n2, v2) do {if (s1->n1.out.v1 != s2->n2.out.v2) { \
+        printf("%s/%s [%u] != %s/%s [%u] at %s(%d)\n", \
+               #n1, #v1, (unsigned int)s1->n1.out.v1, \
+               #n2, #v2, (unsigned int)s2->n2.out.v2, \
+	       __FILE__, __LINE__); \
+        ret = false; \
+}} while(0)
+
+#define STR_EQUAL(n1, v1, n2, v2) do {if (strcmp_safe(s1->n1.out.v1.s, s2->n2.out.v2.s) || \
+					  s1->n1.out.v1.private_length != s2->n2.out.v2.private_length) { \
+        printf("%s/%s [%s/%d] != %s/%s [%s/%d] at %s(%d)\n", \
+               #n1, #v1, s1->n1.out.v1.s, s1->n1.out.v1.private_length, \
+               #n2, #v2, s2->n2.out.v2.s, s2->n2.out.v2.private_length, \
+	       __FILE__, __LINE__); \
+        ret = false; \
+}} while(0)
+
+#define STRUCT_EQUAL(n1, v1, n2, v2) do {if (memcmp(&s1->n1.out.v1,&s2->n2.out.v2,sizeof(s1->n1.out.v1))) { \
+        printf("%s/%s != %s/%s at %s(%d)\n", \
+               #n1, #v1, \
+               #n2, #v2, \
+	       __FILE__, __LINE__); \
+        ret = false; \
+}} while(0)
+
+/* used to find hints on unknown values - and to make sure 
+   we zero-fill */
+#if 0 /* unused */
+#define VAL_UNKNOWN(n1, v1) do {if (s1->n1.out.v1 != 0) { \
+        printf("%s/%s non-zero unknown - %u (0x%x) at %s(%d)\n", \
+               #n1, #v1, \
+	       (unsigned int)s1->n1.out.v1, \
+	       (unsigned int)s1->n1.out.v1, \
+	       __FILE__, __LINE__); \
+        ret = false; \
+}} while(0)
+#endif
+
+/* basic testing of all RAW_FILEINFO_* calls 
+   for each call we test that it succeeds, and where possible test 
+   for consistency between the calls. 
+*/
+static bool torture_raw_qfileinfo_internals(struct torture_context *torture, 
+					    TALLOC_CTX *mem_ctx, 	
+					    struct smbcli_tree *tree, 
+					    int fnum, const char *fname,
+					    bool is_ipc)
+{
+	size_t i;
+	bool ret = true;
+	size_t count;
+	union smb_fileinfo *s1, *s2;	
+	NTTIME correct_time;
+	uint64_t correct_size;
+	uint32_t correct_attrib;
+	const char *correct_name;
+	bool skip_streams = false;
+
+	/* scan all the fileinfo and pathinfo levels */
+	for (i=0; levels[i].name; i++) {
+		if (!levels[i].only_paths) {
+			levels[i].fnum_finfo.generic.level = levels[i].level;
+			levels[i].fnum_finfo.generic.in.file.fnum = fnum;
+			levels[i].fnum_status = smb_raw_fileinfo(tree, mem_ctx, 
+								 &levels[i].fnum_finfo);
+		}
+
+		if (!levels[i].only_handles) {
+			levels[i].fname_finfo.generic.level = levels[i].level;
+			levels[i].fname_finfo.generic.in.file.path = talloc_strdup(mem_ctx, fname);
+			levels[i].fname_status = smb_raw_pathinfo(tree, mem_ctx, 
+								  &levels[i].fname_finfo);
+		}
+	}
+
+	/* check for completely broken levels */
+	for (count=i=0; levels[i].name; i++) {
+		uint32_t cap = tree->session->transport->negotiate.capabilities;
+		/* see if this server claims to support this level */
+		if ((cap & levels[i].capability_mask) != levels[i].capability_mask) {
+			continue;
+		}
+
+		if (is_ipc) {
+			if (levels[i].expected_ipc_access_denied && NT_STATUS_EQUAL(NT_STATUS_ACCESS_DENIED, levels[i].fname_status)) {
+			} else if (!levels[i].only_handles &&
+				   NT_STATUS_EQUAL(levels[i].fname_status,
+				   NT_STATUS_NOT_SUPPORTED)) {
+				torture_warning(torture, "fname level %s %s",
+					levels[i].name,
+					nt_errstr(levels[i].fname_status));
+				continue;
+			} else if (!levels[i].only_handles && !NT_STATUS_EQUAL(NT_STATUS_INVALID_DEVICE_REQUEST, levels[i].fname_status)) {
+				printf("ERROR: fname level %s failed, expected NT_STATUS_INVALID_DEVICE_REQUEST - %s\n", 
+				       levels[i].name, nt_errstr(levels[i].fname_status));
+				count++;
+			}
+			if (!levels[i].only_paths &&
+			   (NT_STATUS_EQUAL(levels[i].fnum_status,
+			    NT_STATUS_NOT_SUPPORTED) ||
+			    NT_STATUS_EQUAL(levels[i].fnum_status,
+			    NT_STATUS_NOT_IMPLEMENTED))) {
+				torture_warning(torture, "fnum level %s %s",
+					levels[i].name,
+					nt_errstr(levels[i].fnum_status));
+				continue;
+			}
+			if (!levels[i].only_paths && !NT_STATUS_EQUAL(levels[i].expected_ipc_fnum_status, levels[i].fnum_status)) {
+				printf("ERROR: fnum level %s failed, expected %s - %s\n", 
+				       levels[i].name, nt_errstr(levels[i].expected_ipc_fnum_status), 
+				       nt_errstr(levels[i].fnum_status));
+				count++;
+			}
+		} else {
+			if (!levels[i].only_paths &&
+			   (NT_STATUS_EQUAL(levels[i].fnum_status,
+			    NT_STATUS_NOT_SUPPORTED) ||
+			    NT_STATUS_EQUAL(levels[i].fnum_status,
+			    NT_STATUS_NOT_IMPLEMENTED))) {
+				torture_warning(torture, "fnum level %s %s",
+					levels[i].name,
+					nt_errstr(levels[i].fnum_status));
+				continue;
+			}
+
+			if (!levels[i].only_handles &&
+			   (NT_STATUS_EQUAL(levels[i].fname_status,
+			    NT_STATUS_NOT_SUPPORTED) ||
+			    NT_STATUS_EQUAL(levels[i].fname_status,
+			    NT_STATUS_NOT_IMPLEMENTED))) {
+                                torture_warning(torture, "fname level %s %s",
+					levels[i].name,
+					nt_errstr(levels[i].fname_status));
+				continue;
+			}
+
+			if (!levels[i].only_paths && !NT_STATUS_IS_OK(levels[i].fnum_status)) {
+				printf("ERROR: fnum level %s failed - %s\n", 
+				       levels[i].name, nt_errstr(levels[i].fnum_status));
+				count++;
+			}
+			if (!levels[i].only_handles && !NT_STATUS_IS_OK(levels[i].fname_status)) {
+				printf("ERROR: fname level %s failed - %s\n", 
+				       levels[i].name, nt_errstr(levels[i].fname_status));
+				count++;
+			}
+		}
+		
+	}
+
+	if (count != 0) {
+		ret = false;
+		printf("%zu levels failed\n", count);
+		if (count > 35) {
+			torture_fail(torture, "too many level failures - giving up");
+		}
+	}
+
+	/* see if we can do streams */
+	s1 = fnum_find("STREAM_INFO");
+	if (!s1 || s1->stream_info.out.num_streams == 0) {
+		if (!is_ipc) {
+			printf("STREAM_INFO broken (%d) - skipping streams checks\n",
+			       s1 ? s1->stream_info.out.num_streams : -1);
+		}
+		skip_streams = true;
+	}	
+
+
+	/* this code is incredibly repititive but doesn't lend itself to loops, so
+	   we use lots of macros to make it less painful */
+
+	/* first off we check the levels that are supposed to be aliases. It will be quite rare for 
+	   this code to fail, but we need to check it for completeness */
+
+
+
+#define ALIAS_CHECK(sname1, sname2) \
+	do { \
+		s1 = fnum_find(sname1);	 s2 = fnum_find(sname2); \
+		if (s1 && s2) { INFO_CHECK } \
+		s1 = fname_find(is_ipc, sname1); s2 = fname_find(is_ipc, sname2); \
+		if (s1 && s2) { INFO_CHECK } \
+		s1 = fnum_find(sname1);	 s2 = fname_find(is_ipc, sname2); \
+		if (s1 && s2) { INFO_CHECK } \
+	} while (0)
+
+#define INFO_CHECK \
+		STRUCT_EQUAL(basic_info,  create_time, basic_info, create_time); \
+		STRUCT_EQUAL(basic_info,  access_time, basic_info, access_time); \
+		STRUCT_EQUAL(basic_info,  write_time,  basic_info, write_time); \
+		STRUCT_EQUAL(basic_info,  change_time, basic_info, change_time); \
+		VAL_EQUAL   (basic_info,  attrib,      basic_info, attrib);
+
+	ALIAS_CHECK("BASIC_INFO", "BASIC_INFORMATION");
+
+#undef INFO_CHECK
+#define INFO_CHECK \
+		VAL_EQUAL(standard_info,  alloc_size,     standard_info, alloc_size); \
+		VAL_EQUAL(standard_info,  size,           standard_info, size); \
+		VAL_EQUAL(standard_info,  nlink,          standard_info, nlink); \
+		VAL_EQUAL(standard_info,  delete_pending, standard_info, delete_pending); \
+		VAL_EQUAL(standard_info,  directory,      standard_info, directory);
+
+	ALIAS_CHECK("STANDARD_INFO", "STANDARD_INFORMATION");
+
+#undef INFO_CHECK
+#define INFO_CHECK \
+		VAL_EQUAL(ea_info,  ea_size,     ea_info, ea_size);
+
+	ALIAS_CHECK("EA_INFO", "EA_INFORMATION");
+
+#undef INFO_CHECK
+#define INFO_CHECK \
+		STR_EQUAL(name_info,  fname,   name_info, fname);
+
+	ALIAS_CHECK("NAME_INFO", "NAME_INFORMATION");
+
+#undef INFO_CHECK
+#define INFO_CHECK \
+		STRUCT_EQUAL(all_info,  create_time,           all_info, create_time); \
+		STRUCT_EQUAL(all_info,  access_time,           all_info, access_time); \
+		STRUCT_EQUAL(all_info,  write_time,            all_info, write_time); \
+		STRUCT_EQUAL(all_info,  change_time,           all_info, change_time); \
+		   VAL_EQUAL(all_info,  attrib,                all_info, attrib); \
+		   VAL_EQUAL(all_info,  alloc_size,            all_info, alloc_size); \
+		   VAL_EQUAL(all_info,  size,                  all_info, size); \
+		   VAL_EQUAL(all_info,  nlink,                 all_info, nlink); \
+		   VAL_EQUAL(all_info,  delete_pending,        all_info, delete_pending); \
+		   VAL_EQUAL(all_info,  directory,             all_info, directory); \
+		   VAL_EQUAL(all_info,  ea_size,               all_info, ea_size); \
+		   STR_EQUAL(all_info,  fname,                 all_info, fname);
+
+	ALIAS_CHECK("ALL_INFO", "ALL_INFORMATION");
+
+#undef INFO_CHECK
+#define INFO_CHECK \
+		VAL_EQUAL(compression_info, compressed_size,compression_info, compressed_size); \
+		VAL_EQUAL(compression_info, format,         compression_info, format); \
+		VAL_EQUAL(compression_info, unit_shift,     compression_info, unit_shift); \
+		VAL_EQUAL(compression_info, chunk_shift,    compression_info, chunk_shift); \
+		VAL_EQUAL(compression_info, cluster_shift,  compression_info, cluster_shift);
+
+	ALIAS_CHECK("COMPRESSION_INFO", "COMPRESSION_INFORMATION");
+
+
+#undef INFO_CHECK
+#define INFO_CHECK \
+		STR_EQUAL(alt_name_info,  fname,   alt_name_info, fname);
+
+	ALIAS_CHECK("ALT_NAME_INFO", "ALT_NAME_INFORMATION");
+
+
+#define TIME_CHECK_NT(sname, stype, tfield) do { \
+	s1 = fnum_find(sname); \
+	if (s1 && memcmp(&s1->stype.out.tfield, &correct_time, sizeof(correct_time)) != 0) { \
+		printf("(%d) handle %s/%s incorrect - %s should be %s\n", __LINE__, #stype, #tfield,  \
+		       nt_time_string(mem_ctx, s1->stype.out.tfield), \
+		       nt_time_string(mem_ctx, correct_time)); \
+		ret = false; \
+	} \
+	s1 = fname_find(is_ipc, sname); \
+	if (s1 && memcmp(&s1->stype.out.tfield, &correct_time, sizeof(correct_time)) != 0) { \
+		printf("(%d) path %s/%s incorrect - %s should be %s\n", __LINE__, #stype, #tfield,  \
+		       nt_time_string(mem_ctx, s1->stype.out.tfield), \
+		       nt_time_string(mem_ctx, correct_time)); \
+		ret = false; \
+	}} while (0)
+
+#define TIME_CHECK_DOS(sname, stype, tfield) do { \
+	s1 = fnum_find(sname); \
+	if (s1 && dos_nt_time_cmp(s1->stype.out.tfield, correct_time) != 0) { \
+		printf("(%d) handle %s/%s incorrect - %s should be %s\n", __LINE__, #stype, #tfield,  \
+		       timestring(mem_ctx, s1->stype.out.tfield), \
+		       nt_time_string(mem_ctx, correct_time)); \
+		ret = false; \
+	} \
+	s1 = fname_find(is_ipc, sname); \
+	if (s1 && dos_nt_time_cmp(s1->stype.out.tfield, correct_time) != 0) { \
+		printf("(%d) path %s/%s incorrect - %s should be %s\n", __LINE__, #stype, #tfield,  \
+		       timestring(mem_ctx, s1->stype.out.tfield), \
+		       nt_time_string(mem_ctx, correct_time)); \
+		ret = false; \
+	}} while (0)
+
+#if 0 /* unused */
+#define TIME_CHECK_UNX(sname, stype, tfield) do { \
+	s1 = fnum_find(sname); \
+	if (s1 && unx_nt_time_cmp(s1->stype.out.tfield, correct_time) != 0) { \
+		printf("(%d) handle %s/%s incorrect - %s should be %s\n", __LINE__, #stype, #tfield,  \
+		       timestring(mem_ctx, s1->stype.out.tfield), \
+		       nt_time_string(mem_ctx, correct_time)); \
+		ret = false; \
+	} \
+	s1 = fname_find(is_ipc, sname); \
+	if (s1 && unx_nt_time_cmp(s1->stype.out.tfield, correct_time) != 0) { \
+		printf("(%d) path %s/%s incorrect - %s should be %s\n", __LINE__, #stype, #tfield,  \
+		       timestring(mem_ctx, s1->stype.out.tfield), \
+		       nt_time_string(mem_ctx, correct_time)); \
+		ret = false; \
+	}} while (0)
+#endif
+
+	/* now check that all the times that are supposed to be equal are correct */
+	s1 = fnum_find("BASIC_INFO");
+	correct_time = s1->basic_info.out.create_time;
+	torture_comment(torture, "create_time: %s\n", nt_time_string(mem_ctx, correct_time));
+
+	TIME_CHECK_NT ("BASIC_INFO",               basic_info, create_time);
+	TIME_CHECK_NT ("BASIC_INFORMATION",        basic_info, create_time);
+	TIME_CHECK_DOS("GETATTRE",                 getattre,   create_time);
+	TIME_CHECK_DOS("STANDARD",                 standard,   create_time);
+	TIME_CHECK_DOS("EA_SIZE",                  ea_size,    create_time);
+	TIME_CHECK_NT ("ALL_INFO",                 all_info,   create_time);
+	TIME_CHECK_NT ("NETWORK_OPEN_INFORMATION", network_open_information, create_time);
+
+	s1 = fnum_find("BASIC_INFO");
+	correct_time = s1->basic_info.out.access_time;
+	torture_comment(torture, "access_time: %s\n", nt_time_string(mem_ctx, correct_time));
+
+	TIME_CHECK_NT ("BASIC_INFO",               basic_info, access_time);
+	TIME_CHECK_NT ("BASIC_INFORMATION",        basic_info, access_time);
+	TIME_CHECK_DOS("GETATTRE",                 getattre,   access_time);
+	TIME_CHECK_DOS("STANDARD",                 standard,   access_time);
+	TIME_CHECK_DOS("EA_SIZE",                  ea_size,    access_time);
+	TIME_CHECK_NT ("ALL_INFO",                 all_info,   access_time);
+	TIME_CHECK_NT ("NETWORK_OPEN_INFORMATION", network_open_information, access_time);
+
+	s1 = fnum_find("BASIC_INFO");
+	correct_time = s1->basic_info.out.write_time;
+	torture_comment(torture, "write_time : %s\n", nt_time_string(mem_ctx, correct_time));
+
+	TIME_CHECK_NT ("BASIC_INFO",               basic_info, write_time);
+	TIME_CHECK_NT ("BASIC_INFORMATION",        basic_info, write_time);
+	TIME_CHECK_DOS("GETATTR",                  getattr,    write_time);
+	TIME_CHECK_DOS("GETATTRE",                 getattre,   write_time);
+	TIME_CHECK_DOS("STANDARD",                 standard,   write_time);
+	TIME_CHECK_DOS("EA_SIZE",                  ea_size,    write_time);
+	TIME_CHECK_NT ("ALL_INFO",                 all_info,   write_time);
+	TIME_CHECK_NT ("NETWORK_OPEN_INFORMATION", network_open_information, write_time);
+
+	s1 = fnum_find("BASIC_INFO");
+	correct_time = s1->basic_info.out.change_time;
+	torture_comment(torture, "change_time: %s\n", nt_time_string(mem_ctx, correct_time));
+
+	TIME_CHECK_NT ("BASIC_INFO",               basic_info, change_time);
+	TIME_CHECK_NT ("BASIC_INFORMATION",        basic_info, change_time);
+	TIME_CHECK_NT ("ALL_INFO",                 all_info,   change_time);
+	TIME_CHECK_NT ("NETWORK_OPEN_INFORMATION", network_open_information, change_time);
+
+
+#define SIZE_CHECK(sname, stype, tfield) do { \
+	s1 = fnum_find(sname); \
+	if (s1 && s1->stype.out.tfield != correct_size) { \
+		printf("(%d) handle %s/%s incorrect - %u should be %u\n", __LINE__, #stype, #tfield,  \
+		       (unsigned int)s1->stype.out.tfield, \
+		       (unsigned int)correct_size); \
+		ret = false; \
+	} \
+	s1 = fname_find(is_ipc, sname); \
+	if (s1 && s1->stype.out.tfield != correct_size) { \
+		printf("(%d) path %s/%s incorrect - %u should be %u\n", __LINE__, #stype, #tfield,  \
+		       (unsigned int)s1->stype.out.tfield, \
+		       (unsigned int)correct_size); \
+		ret = false; \
+	}} while (0)
+
+	s1 = fnum_find("STANDARD_INFO");
+	correct_size = s1->standard_info.out.size;
+	torture_comment(torture, "size: %u\n", (unsigned int)correct_size);
+	
+	SIZE_CHECK("GETATTR",                  getattr,                  size);
+	SIZE_CHECK("GETATTRE",                 getattre,                 size);
+	SIZE_CHECK("STANDARD",                 standard,                 size);
+	SIZE_CHECK("EA_SIZE",                  ea_size,                  size);
+	SIZE_CHECK("STANDARD_INFO",            standard_info,            size);
+	SIZE_CHECK("STANDARD_INFORMATION",     standard_info,            size);
+	SIZE_CHECK("ALL_INFO",                 all_info,                 size);
+	SIZE_CHECK("ALL_INFORMATION",          all_info,                 size);
+	SIZE_CHECK("COMPRESSION_INFO",         compression_info,         compressed_size);
+	SIZE_CHECK("COMPRESSION_INFORMATION",  compression_info,         compressed_size);
+	SIZE_CHECK("NETWORK_OPEN_INFORMATION", network_open_information, size);
+	if (!skip_streams) {
+		SIZE_CHECK("STREAM_INFO",              stream_info,   streams[0].size);
+		SIZE_CHECK("STREAM_INFORMATION",       stream_info,   streams[0].size);
+	}
+
+
+	s1 = fnum_find("STANDARD_INFO");
+	correct_size = s1->standard_info.out.alloc_size;
+	torture_comment(torture, "alloc_size: %u\n", (unsigned int)correct_size);
+	
+	SIZE_CHECK("GETATTRE",                 getattre,                 alloc_size);
+	SIZE_CHECK("STANDARD",                 standard,                 alloc_size);
+	SIZE_CHECK("EA_SIZE",                  ea_size,                  alloc_size);
+	SIZE_CHECK("STANDARD_INFO",            standard_info,            alloc_size);
+	SIZE_CHECK("STANDARD_INFORMATION",     standard_info,            alloc_size);
+	SIZE_CHECK("ALL_INFO",                 all_info,                 alloc_size);
+	SIZE_CHECK("ALL_INFORMATION",          all_info,                 alloc_size);
+	SIZE_CHECK("NETWORK_OPEN_INFORMATION", network_open_information, alloc_size);
+	if (!skip_streams) {
+		SIZE_CHECK("STREAM_INFO",              stream_info,   streams[0].alloc_size);
+		SIZE_CHECK("STREAM_INFORMATION",       stream_info,   streams[0].alloc_size);
+	}
+
+#define ATTRIB_CHECK(sname, stype, tfield) do { \
+	s1 = fnum_find(sname); \
+	if (s1 && s1->stype.out.tfield != correct_attrib) { \
+		printf("(%d) handle %s/%s incorrect - 0x%x should be 0x%x\n", __LINE__, #stype, #tfield,  \
+		       (unsigned int)s1->stype.out.tfield, \
+		       (unsigned int)correct_attrib); \
+		ret = false; \
+	} \
+	s1 = fname_find(is_ipc, sname); \
+	if (s1 && s1->stype.out.tfield != correct_attrib) { \
+		printf("(%d) path %s/%s incorrect - 0x%x should be 0x%x\n", __LINE__, #stype, #tfield,  \
+		       (unsigned int)s1->stype.out.tfield, \
+		       (unsigned int)correct_attrib); \
+		ret = false; \
+	}} while (0)
+
+	s1 = fnum_find("BASIC_INFO");
+	correct_attrib = s1->basic_info.out.attrib;
+	torture_comment(torture, "attrib: 0x%x\n", (unsigned int)correct_attrib);
+	
+	ATTRIB_CHECK("GETATTR",                   getattr,                   attrib);
+	if (!is_ipc) {
+		ATTRIB_CHECK("GETATTRE",                  getattre,                  attrib);
+		ATTRIB_CHECK("STANDARD",                  standard,                  attrib);
+		ATTRIB_CHECK("EA_SIZE",                   ea_size,                   attrib);
+	}
+	ATTRIB_CHECK("BASIC_INFO",                basic_info,                attrib);
+	ATTRIB_CHECK("BASIC_INFORMATION",         basic_info,                attrib);
+	ATTRIB_CHECK("ALL_INFO",                  all_info,                  attrib);
+	ATTRIB_CHECK("ALL_INFORMATION",           all_info,                  attrib);
+	ATTRIB_CHECK("NETWORK_OPEN_INFORMATION",  network_open_information,  attrib);
+	ATTRIB_CHECK("ATTRIBUTE_TAG_INFORMATION", attribute_tag_information, attrib);
+
+	correct_name = fname;
+	torture_comment(torture, "name: %s\n", correct_name);
+
+#define NAME_CHECK(sname, stype, tfield, flags) do { \
+	s1 = fnum_find(sname); \
+	if (s1 && (strcmp_safe(s1->stype.out.tfield.s, correct_name) != 0 || \
+	    		wire_bad_flags(&s1->stype.out.tfield, flags, tree->session->transport))) { \
+		printf("(%d) handle %s/%s incorrect - '%s/%d'\n", __LINE__, #stype, #tfield,  \
+		       s1->stype.out.tfield.s, s1->stype.out.tfield.private_length); \
+		ret = false; \
+	} \
+	s1 = fname_find(is_ipc, sname); \
+	if (s1 && (strcmp_safe(s1->stype.out.tfield.s, correct_name) != 0 || \
+	    		wire_bad_flags(&s1->stype.out.tfield, flags, tree->session->transport))) { \
+		printf("(%d) path %s/%s incorrect - '%s/%d'\n", __LINE__, #stype, #tfield,  \
+		       s1->stype.out.tfield.s, s1->stype.out.tfield.private_length); \
+		ret = false; \
+	}} while (0)
+
+	NAME_CHECK("NAME_INFO",        name_info, fname, STR_UNICODE);
+	NAME_CHECK("NAME_INFORMATION", name_info, fname, STR_UNICODE);
+
+	/* the ALL_INFO file name is the full path on the filesystem */
+	s1 = fnum_find("ALL_INFO");
+	if (s1 && !s1->all_info.out.fname.s) {
+		torture_fail(torture, "ALL_INFO didn't give a filename");
+	}
+	if (s1 && s1->all_info.out.fname.s) {
+		char *p = strrchr(s1->all_info.out.fname.s, '\\');
+		if (!p) {
+			printf("Not a full path in all_info/fname? - '%s'\n", 
+			       s1->all_info.out.fname.s);
+			ret = false;
+		} else {
+			if (strcmp_safe(correct_name, p) != 0) {
+				printf("incorrect basename in all_info/fname - '%s'\n",
+				       s1->all_info.out.fname.s);
+				ret = false;
+			}
+		}
+		if (wire_bad_flags(&s1->all_info.out.fname, STR_UNICODE, tree->session->transport)) {
+			printf("Should not null terminate all_info/fname\n");
+			ret = false;
+		}
+	}
+
+	s1 = fnum_find("ALT_NAME_INFO");
+	if (s1) {
+		correct_name = s1->alt_name_info.out.fname.s;
+	}
+
+	if (!correct_name) {
+		torture_comment(torture, "no alternate name information\n");
+	} else {
+		torture_comment(torture, "alt_name: %s\n", correct_name);
+		
+		NAME_CHECK("ALT_NAME_INFO",        alt_name_info, fname, STR_UNICODE);
+		NAME_CHECK("ALT_NAME_INFORMATION", alt_name_info, fname, STR_UNICODE);
+		
+		/* and make sure we can open by alternate name */
+		smbcli_close(tree, fnum);
+		fnum = smbcli_nt_create_full(tree, correct_name, 0, 
+					     SEC_RIGHTS_FILE_ALL,
+					     FILE_ATTRIBUTE_NORMAL,
+					     NTCREATEX_SHARE_ACCESS_DELETE|
+					     NTCREATEX_SHARE_ACCESS_READ|
+					     NTCREATEX_SHARE_ACCESS_WRITE, 
+					     NTCREATEX_DISP_OVERWRITE_IF, 
+					     0, 0);
+		if (fnum == -1) {
+			printf("Unable to open by alt_name - %s\n", smbcli_errstr(tree));
+			ret = false;
+		}
+		
+		if (!skip_streams) {
+			correct_name = "::$DATA";
+			torture_comment(torture, "stream_name: %s\n", correct_name);
+			
+			NAME_CHECK("STREAM_INFO",        stream_info, streams[0].stream_name, STR_UNICODE);
+			NAME_CHECK("STREAM_INFORMATION", stream_info, streams[0].stream_name, STR_UNICODE);
+		}
+	}
+		
+	/* make sure the EAs look right */
+	s1 = fnum_find("ALL_EAS");
+	s2 = fnum_find("ALL_INFO");
+	if (s1) {
+		for (i=0;i<s1->all_eas.out.num_eas;i++) {
+			printf("  flags=%d %s=%*.*s\n", 
+			       s1->all_eas.out.eas[i].flags,
+			       s1->all_eas.out.eas[i].name.s,
+			       (int)s1->all_eas.out.eas[i].value.length,
+			       (int)s1->all_eas.out.eas[i].value.length,
+			       s1->all_eas.out.eas[i].value.data);
+		}
+	}
+	if (s1 && s2) {
+		if (s1->all_eas.out.num_eas == 0) {
+			if (s2->all_info.out.ea_size != 0) {
+				printf("ERROR: num_eas==0 but fnum all_info.out.ea_size == %d\n",
+				       s2->all_info.out.ea_size);
+			}
+		} else {
+			if (s2->all_info.out.ea_size != 
+			    ea_list_size(s1->all_eas.out.num_eas, s1->all_eas.out.eas)) {
+				printf("ERROR: ea_list_size=%d != fnum all_info.out.ea_size=%d\n",
+				       (int)ea_list_size(s1->all_eas.out.num_eas, s1->all_eas.out.eas),
+				       (int)s2->all_info.out.ea_size);
+			}
+		}
+	}
+	s2 = fname_find(is_ipc, "ALL_EAS");
+	if (s2) {
+		VAL_EQUAL(all_eas, num_eas, all_eas, num_eas);
+		for (i=0;i<s1->all_eas.out.num_eas;i++) {
+			VAL_EQUAL(all_eas, eas[i].flags, all_eas, eas[i].flags);
+			STR_EQUAL(all_eas, eas[i].name, all_eas, eas[i].name);
+			VAL_EQUAL(all_eas, eas[i].value.length, all_eas, eas[i].value.length);
+		}
+	}
+
+#define VAL_CHECK(sname1, stype1, tfield1, sname2, stype2, tfield2) do { \
+	s1 = fnum_find(sname1); s2 = fnum_find(sname2); \
+	if (s1 && s2 && s1->stype1.out.tfield1 != s2->stype2.out.tfield2) { \
+		printf("(%d) handle %s/%s != %s/%s - 0x%x vs 0x%x\n", __LINE__, \
+                       #stype1, #tfield1, #stype2, #tfield2,  \
+		       s1->stype1.out.tfield1, s2->stype2.out.tfield2); \
+		ret = false; \
+	} \
+	s1 = fname_find(is_ipc, sname1); s2 = fname_find(is_ipc, sname2); \
+	if (s1 && s2 && s1->stype1.out.tfield1 != s2->stype2.out.tfield2) { \
+		printf("(%d) path %s/%s != %s/%s - 0x%x vs 0x%x\n", __LINE__, \
+                       #stype1, #tfield1, #stype2, #tfield2,  \
+		       s1->stype1.out.tfield1, s2->stype2.out.tfield2); \
+		ret = false; \
+	} \
+	s1 = fnum_find(sname1); s2 = fname_find(is_ipc, sname2); \
+	if (s1 && s2 && s1->stype1.out.tfield1 != s2->stype2.out.tfield2) { \
+		printf("(%d) handle %s/%s != path %s/%s - 0x%x vs 0x%x\n", __LINE__, \
+                       #stype1, #tfield1, #stype2, #tfield2,  \
+		       s1->stype1.out.tfield1, s2->stype2.out.tfield2); \
+		ret = false; \
+	} \
+	s1 = fname_find(is_ipc, sname1); s2 = fnum_find(sname2); \
+	if (s1 && s2 && s1->stype1.out.tfield1 != s2->stype2.out.tfield2) { \
+		printf("(%d) path %s/%s != handle %s/%s - 0x%x vs 0x%x\n", __LINE__, \
+                       #stype1, #tfield1, #stype2, #tfield2,  \
+		       s1->stype1.out.tfield1, s2->stype2.out.tfield2); \
+		ret = false; \
+	}} while (0)
+
+	VAL_CHECK("STANDARD_INFO", standard_info, delete_pending, 
+		  "ALL_INFO",      all_info,      delete_pending);
+	VAL_CHECK("STANDARD_INFO", standard_info, directory, 
+		  "ALL_INFO",      all_info,      directory);
+	VAL_CHECK("STANDARD_INFO", standard_info, nlink, 
+		  "ALL_INFO",      all_info,      nlink);
+	s1 = fnum_find("BASIC_INFO");
+	if (s1 && is_ipc) {
+		if (s1->basic_info.out.attrib != FILE_ATTRIBUTE_NORMAL) {
+			printf("(%d) attrib basic_info/nlink incorrect - %d should be %d\n", __LINE__, s1->basic_info.out.attrib, (int)FILE_ATTRIBUTE_NORMAL);
+			ret = false;
+		}
+	}
+	s1 = fnum_find("STANDARD_INFO");
+	if (s1 && is_ipc) {
+		if (s1->standard_info.out.nlink != 1) {
+			printf("(%d) nlinks standard_info/nlink incorrect - %d should be 1\n", __LINE__, s1->standard_info.out.nlink);
+			ret = false;
+		}
+		if (s1->standard_info.out.delete_pending != 1) {
+			printf("(%d) nlinks standard_info/delete_pending incorrect - %d should be 1\n", __LINE__, s1->standard_info.out.delete_pending);
+			ret = false;
+		}
+	}
+	VAL_CHECK("EA_INFO",       ea_info,       ea_size, 
+		  "ALL_INFO",      all_info,      ea_size);
+	if (!is_ipc) {
+		VAL_CHECK("EA_SIZE",       ea_size,       ea_size, 
+			  "ALL_INFO",      all_info,      ea_size);
+	}
+
+#define NAME_PATH_CHECK(sname, stype, field) do { \
+	s1 = fname_find(is_ipc, sname); s2 = fnum_find(sname); \
+        if (s1 && s2) { \
+		VAL_EQUAL(stype, field, stype, field); \
+	} \
+} while (0)
+
+
+	s1 = fnum_find("INTERNAL_INFORMATION");
+	if (s1) {
+		torture_comment(torture, "file_id=%.0f\n", (double)s1->internal_information.out.file_id);
+	}
+
+	NAME_PATH_CHECK("INTERNAL_INFORMATION", internal_information, file_id);
+	NAME_PATH_CHECK("POSITION_INFORMATION", position_information, position);
+	if (s1 && s2) {
+		printf("fnum pos = %.0f, fname pos = %.0f\n",
+		       (double)s2->position_information.out.position,
+		       (double)s1->position_information.out.position );
+	}
+	NAME_PATH_CHECK("MODE_INFORMATION", mode_information, mode);
+	NAME_PATH_CHECK("ALIGNMENT_INFORMATION", alignment_information, alignment_requirement);
+	NAME_PATH_CHECK("ATTRIBUTE_TAG_INFORMATION", attribute_tag_information, attrib);
+	NAME_PATH_CHECK("ATTRIBUTE_TAG_INFORMATION", attribute_tag_information, reparse_tag);
+
+#if 0
+	/* these are expected to differ */
+	NAME_PATH_CHECK("ACCESS_INFORMATION", access_information, access_flags);
+#endif
+
+#if 0 /* unused */
+#define UNKNOWN_CHECK(sname, stype, tfield) do { \
+	s1 = fnum_find(sname); \
+	if (s1 && s1->stype.out.tfield != 0) { \
+		printf("(%d) handle %s/%s unknown != 0 (0x%x)\n", __LINE__, \
+                       #stype, #tfield, \
+		       (unsigned int)s1->stype.out.tfield); \
+	} \
+	s1 = fname_find(is_ipc, sname); \
+	if (s1 && s1->stype.out.tfield != 0) { \
+		printf("(%d) path %s/%s unknown != 0 (0x%x)\n", __LINE__, \
+                       #stype, #tfield, \
+		       (unsigned int)s1->stype.out.tfield); \
+	}} while (0)
+#endif
+	/* now get a bit fancier .... */
+	
+	/* when we set the delete disposition then the link count should drop
+	   to 0 and delete_pending should be 1 */
+	
+	return ret;
+}
+
+/* basic testing of all RAW_FILEINFO_* calls 
+   for each call we test that it succeeds, and where possible test 
+   for consistency between the calls. 
+*/
+bool torture_raw_qfileinfo(struct torture_context *torture, 
+						   struct smbcli_state *cli)
+{
+	int fnum;
+	bool ret;
+	const char *fname = "\\torture_qfileinfo.txt";
+
+	fnum = create_complex_file(cli, torture, fname);
+	if (fnum == -1) {
+		printf("ERROR: open of %s failed (%s)\n", fname, smbcli_errstr(cli->tree));
+		return false;
+	}
+
+	ret = torture_raw_qfileinfo_internals(torture, torture, cli->tree, fnum, fname, false /* is_ipc */);
+	
+	smbcli_close(cli->tree, fnum);
+	smbcli_unlink(cli->tree, fname);
+
+	return ret;
+}
+
+bool torture_raw_qfileinfo_pipe(struct torture_context *torture, 
+				struct smbcli_state *cli)
+{
+	bool ret = true;
+	int fnum;
+	const char *fname = "\\lsass";
+	union smb_open op;
+	NTSTATUS status;
+
+	op.ntcreatex.level = RAW_OPEN_NTCREATEX;
+	op.ntcreatex.in.flags = 0;
+	op.ntcreatex.in.root_fid.fnum = 0;
+	op.ntcreatex.in.access_mask =
+		SEC_STD_READ_CONTROL |
+		SEC_FILE_WRITE_ATTRIBUTE |
+		SEC_FILE_WRITE_EA |
+		SEC_FILE_READ_DATA |
+		SEC_FILE_WRITE_DATA;
+	op.ntcreatex.in.file_attr = 0;
+	op.ntcreatex.in.alloc_size = 0;
+	op.ntcreatex.in.share_access =
+		NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	op.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	op.ntcreatex.in.create_options = 0;
+	op.ntcreatex.in.impersonation =
+		NTCREATEX_IMPERSONATION_IMPERSONATION;
+	op.ntcreatex.in.security_flags = 0;
+	op.ntcreatex.in.fname = fname;
+
+	status = smb_raw_open(cli->tree, torture, &op);
+	torture_assert_ntstatus_ok(torture, status, "smb_raw_open failed");
+
+	fnum = op.ntcreatex.out.file.fnum;
+
+	ret = torture_raw_qfileinfo_internals(torture, torture, cli->tree,
+					      fnum, fname,
+					      true /* is_ipc */);
+
+	smbcli_close(cli->tree, fnum);
+	return ret;
+}
diff --git a/source4/torture/raw/qfsinfo.c b/source4/torture/raw/qfsinfo.c
new file mode 100644
index 0000000..6be6c42
--- /dev/null
+++ b/source4/torture/raw/qfsinfo.c
@@ -0,0 +1,340 @@
+/* 
+   Unix SMB/CIFS implementation.
+   RAW_QFS_* individual test suite
+   Copyright (C) Andrew Tridgell 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <math.h>
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "torture/basic/proto.h"
+#include "torture/raw/proto.h"
+
+
+static struct {
+	const char *name;
+	enum smb_fsinfo_level level;
+	uint32_t capability_mask;
+	NTSTATUS status;
+	union smb_fsinfo fsinfo;
+} levels[] = {
+	{
+		.name = "DSKATTR",
+		.level = RAW_QFS_DSKATTR,
+	},
+	{
+		.name = "ALLOCATION",
+		.level = RAW_QFS_ALLOCATION,
+	},
+	{
+		.name = "VOLUME",
+		.level = RAW_QFS_VOLUME,
+	},
+	{
+		.name = "VOLUME_INFO",
+		.level = RAW_QFS_VOLUME_INFO,
+	},
+	{
+		.name = "SIZE_INFO",
+		.level = RAW_QFS_SIZE_INFO,
+	},
+	{
+		.name = "DEVICE_INFO",
+		.level = RAW_QFS_DEVICE_INFO,
+	},
+	{
+		.name = "ATTRIBUTE_INFO",
+		.level = RAW_QFS_ATTRIBUTE_INFO,
+	},
+	{
+		.name = "UNIX_INFO",
+		.level = RAW_QFS_UNIX_INFO,
+		.capability_mask = CAP_UNIX,
+	},
+	{
+		.name = "VOLUME_INFORMATION",
+		.level = RAW_QFS_VOLUME_INFORMATION,
+	},
+	{
+		.name = "SIZE_INFORMATION",
+		.level = RAW_QFS_SIZE_INFORMATION,
+	},
+	{
+		.name = "DEVICE_INFORMATION",
+		.level = RAW_QFS_DEVICE_INFORMATION,
+	},
+	{
+		.name = "ATTRIBUTE_INFORMATION",
+		.level = RAW_QFS_ATTRIBUTE_INFORMATION,
+	},
+	{
+		.name = "QUOTA_INFORMATION",
+		.level = RAW_QFS_QUOTA_INFORMATION,
+	},
+	{
+		.name = "FULL_SIZE_INFORMATION",
+		.level = RAW_QFS_FULL_SIZE_INFORMATION,
+	},
+#if 0
+	/* w2k3 seems to no longer support this */
+	{"OBJECTID_INFORMATION",  RAW_QFS_OBJECTID_INFORMATION, },
+#endif
+	{ .name = NULL, },
+};
+
+
+/*
+  find a level in the levels[] table
+*/
+static union smb_fsinfo *find(const char *name)
+{
+	int i;
+	for (i=0; levels[i].name; i++) {
+		if (strcmp(name, levels[i].name) == 0 &&
+		    NT_STATUS_IS_OK(levels[i].status)) {
+			return &levels[i].fsinfo;
+		}
+	}
+	return NULL;
+}
+
+/* local macros to make the code below more readable */
+#define VAL_EQUAL(n1, v1, n2, v2) do {if (s1->n1.out.v1 != s2->n2.out.v2) { \
+        printf("%s/%s [%u] != %s/%s [%u] at %s(%d)\n", \
+               #n1, #v1, (unsigned int)s1->n1.out.v1, \
+               #n2, #v2, (unsigned int)s2->n2.out.v2, \
+	       __FILE__, __LINE__); \
+        ret = false; \
+}} while(0)
+
+#define VAL_APPROX_EQUAL(n1, v1, n2, v2) do {if (abs((int)(s1->n1.out.v1) - (int)(s2->n2.out.v2)) > 0.1*s1->n1.out.v1) { \
+        printf("%s/%s [%u] != %s/%s [%u] at %s(%d)\n", \
+               #n1, #v1, (unsigned int)s1->n1.out.v1, \
+               #n2, #v2, (unsigned int)s2->n2.out.v2, \
+	       __FILE__, __LINE__); \
+        ret = false; \
+}} while(0)
+
+#define STR_EQUAL(n1, v1, n2, v2) do { \
+       if (strcmp_safe(s1->n1.out.v1, s2->n2.out.v2)) { \
+         printf("%s/%s [%s] != %s/%s [%s] at %s(%d)\n", \
+               #n1, #v1, s1->n1.out.v1, \
+               #n2, #v2, s2->n2.out.v2, \
+	       __FILE__, __LINE__); \
+        ret = false; \
+}} while(0)
+
+#define STRUCT_EQUAL(n1, v1, n2, v2) do {if (memcmp(&s1->n1.out.v1,&s2->n2.out.v2,sizeof(s1->n1.out.v1))) { \
+        printf("%s/%s != %s/%s at %s(%d)\n", \
+               #n1, #v1, \
+               #n2, #v2, \
+	       __FILE__, __LINE__); \
+        ret = false; \
+}} while(0)
+
+/* used to find hints on unknown values - and to make sure 
+   we zero-fill */
+#define VAL_UNKNOWN(n1, v1) do {if (s1->n1.out.v1 != 0) { \
+        printf("%s/%s non-zero unknown - %u (0x%x) at %s(%d)\n", \
+               #n1, #v1, \
+	       (unsigned int)s1->n1.out.v1, \
+	       (unsigned int)s1->n1.out.v1, \
+	       __FILE__, __LINE__); \
+        ret = false; \
+}} while(0)
+
+/* basic testing of all RAW_QFS_* calls 
+   for each call we test that it succeeds, and where possible test 
+   for consistency between the calls. 
+
+   Some of the consistency tests assume that the target filesystem is
+   quiescent, which is sometimes hard to achieve
+*/
+bool torture_raw_qfsinfo(struct torture_context *torture, 
+			 struct smbcli_state *cli)
+{
+	size_t i;
+	bool ret = true;
+	size_t count;
+	union smb_fsinfo *s1, *s2;	
+
+	/* scan all the levels, pulling the results */
+	for (i=0; levels[i].name; i++) {
+		torture_comment(torture, "Running level %s\n", levels[i].name);
+		levels[i].fsinfo.generic.level = levels[i].level;
+		levels[i].status = smb_raw_fsinfo(cli->tree, torture, &levels[i].fsinfo);
+	}
+
+	/* check for completely broken levels */
+	for (count=i=0; levels[i].name; i++) {
+		uint32_t cap = cli->transport->negotiate.capabilities;
+		/* see if this server claims to support this level */
+		if ((cap & levels[i].capability_mask) != levels[i].capability_mask) {
+			continue;
+		}
+		
+		if (!NT_STATUS_IS_OK(levels[i].status)) {
+			printf("ERROR: level %s failed - %s\n", 
+			       levels[i].name, nt_errstr(levels[i].status));
+			count++;
+		}
+	}
+
+	if (count != 0) {
+		torture_comment(torture, "%zu levels failed\n", count);
+		torture_assert(torture, count > 13, "too many level failures - giving up");
+	}
+
+	torture_comment(torture, "check for correct aliases\n");
+	s1 = find("SIZE_INFO");
+	s2 = find("SIZE_INFORMATION");
+	if (s1 && s2) {
+		VAL_EQUAL(size_info, total_alloc_units, size_info, total_alloc_units);
+		VAL_APPROX_EQUAL(size_info, avail_alloc_units, size_info, avail_alloc_units);
+		VAL_EQUAL(size_info, sectors_per_unit,  size_info, sectors_per_unit);
+		VAL_EQUAL(size_info, bytes_per_sector,  size_info, bytes_per_sector);
+	}	
+
+	s1 = find("DEVICE_INFO");
+	s2 = find("DEVICE_INFORMATION");
+	if (s1 && s2) {
+		VAL_EQUAL(device_info, device_type,     device_info, device_type);
+		VAL_EQUAL(device_info, characteristics, device_info, characteristics);
+	}	
+
+	s1 = find("VOLUME_INFO");
+	s2 = find("VOLUME_INFORMATION");
+	if (s1 && s2) {
+		STRUCT_EQUAL(volume_info, create_time,    volume_info, create_time);
+		VAL_EQUAL   (volume_info, serial_number,  volume_info, serial_number);
+		STR_EQUAL   (volume_info, volume_name.s,    volume_info, volume_name.s);
+		torture_comment(torture, "volume_info.volume_name = '%s'\n", s1->volume_info.out.volume_name.s);
+	}	
+
+	s1 = find("ATTRIBUTE_INFO");
+	s2 = find("ATTRIBUTE_INFORMATION");
+	if (s1 && s2) {
+		VAL_EQUAL(attribute_info, fs_attr,    
+			  attribute_info, fs_attr);
+		VAL_EQUAL(attribute_info, max_file_component_length, 
+			  attribute_info, max_file_component_length);
+		STR_EQUAL(attribute_info, fs_type.s, attribute_info, fs_type.s);
+		torture_comment(torture, "attribute_info.fs_type = '%s'\n", s1->attribute_info.out.fs_type.s);
+	}	
+
+	torture_comment(torture, "check for consistent disk sizes\n");
+	s1 = find("DSKATTR");
+	s2 = find("ALLOCATION");
+	if (s1 && s2) {
+		double size1, size2;
+		double scale = s1->dskattr.out.blocks_per_unit * s1->dskattr.out.block_size;
+		size1 = 1.0 * 
+			s1->dskattr.out.units_total * 
+			s1->dskattr.out.blocks_per_unit * 
+			s1->dskattr.out.block_size / scale;
+		size2 = 1.0 *
+			s2->allocation.out.sectors_per_unit *
+			s2->allocation.out.total_alloc_units *
+			s2->allocation.out.bytes_per_sector / scale;
+		if (fabs(size1 - size2) > 1) {
+			printf("Inconsistent total size in DSKATTR and ALLOCATION - size1=%.0f size2=%.0f\n", 
+			       size1, size2);
+			ret = false;
+		}
+		torture_comment(torture, "total disk = %.0f MB\n", size1*scale/1.0e6);
+	}
+
+	torture_comment(torture, "check consistent free disk space\n");
+	s1 = find("DSKATTR");
+	s2 = find("ALLOCATION");
+	if (s1 && s2) {
+		double size1, size2;
+		double scale = s1->dskattr.out.blocks_per_unit * s1->dskattr.out.block_size;
+		size1 = 1.0 * 
+			s1->dskattr.out.units_free * 
+			s1->dskattr.out.blocks_per_unit * 
+			s1->dskattr.out.block_size / scale;
+		size2 = 1.0 *
+			s2->allocation.out.sectors_per_unit *
+			s2->allocation.out.avail_alloc_units *
+			s2->allocation.out.bytes_per_sector / scale;
+		if (fabs(size1 - size2) > 1) {
+			printf("Inconsistent avail size in DSKATTR and ALLOCATION - size1=%.0f size2=%.0f\n", 
+			       size1, size2);
+			ret = false;
+		}
+		torture_comment(torture, "free disk = %.0f MB\n", size1*scale/1.0e6);
+	}
+	
+	torture_comment(torture, "volume info consistency\n");
+	s1 = find("VOLUME");
+	s2 = find("VOLUME_INFO");
+	if (s1 && s2) {
+		VAL_EQUAL(volume, serial_number,  volume_info, serial_number);
+		STR_EQUAL(volume, volume_name.s,  volume_info, volume_name.s);
+	}	
+
+	/* disk size consistency - notice that 'avail_alloc_units' maps to the caller
+	   available allocation units, not the total */
+	s1 = find("SIZE_INFO");
+	s2 = find("FULL_SIZE_INFORMATION");
+	if (s1 && s2) {
+		VAL_EQUAL(size_info, total_alloc_units, full_size_information, total_alloc_units);
+		VAL_APPROX_EQUAL(size_info, avail_alloc_units, full_size_information, call_avail_alloc_units);
+		VAL_EQUAL(size_info, sectors_per_unit,  full_size_information, sectors_per_unit);
+		VAL_EQUAL(size_info, bytes_per_sector,  full_size_information, bytes_per_sector);
+	}	
+
+	printf("check for non-zero unknown fields\n");
+	s1 = find("QUOTA_INFORMATION");
+	if (s1) {
+		VAL_UNKNOWN(quota_information, unknown[0]);
+		VAL_UNKNOWN(quota_information, unknown[1]);
+		VAL_UNKNOWN(quota_information, unknown[2]);
+	}
+
+	s1 = find("OBJECTID_INFORMATION");
+	if (s1) {
+		VAL_UNKNOWN(objectid_information, unknown[0]);
+		VAL_UNKNOWN(objectid_information, unknown[1]);
+		VAL_UNKNOWN(objectid_information, unknown[2]);
+		VAL_UNKNOWN(objectid_information, unknown[3]);
+		VAL_UNKNOWN(objectid_information, unknown[4]);
+		VAL_UNKNOWN(objectid_information, unknown[5]);
+	}
+
+
+#define STR_CHECK(sname, stype, field, flags) do { \
+	s1 = find(sname); \
+	if (s1) { \
+		if (s1->stype.out.field.s && wire_bad_flags(&s1->stype.out.field, flags, cli->transport)) { \
+			printf("(%d) incorrect string termination in %s/%s\n", \
+			       __LINE__, #stype, #field); \
+			ret = false; \
+		} \
+	}} while (0)
+
+	torture_comment(torture, "check for correct termination\n");
+	
+	STR_CHECK("VOLUME",                volume,         volume_name, 0);
+	STR_CHECK("VOLUME_INFO",           volume_info,    volume_name, STR_UNICODE);
+	STR_CHECK("VOLUME_INFORMATION",    volume_info,    volume_name, STR_UNICODE);
+	STR_CHECK("ATTRIBUTE_INFO",        attribute_info, fs_type, STR_UNICODE);
+	STR_CHECK("ATTRIBUTE_INFORMATION", attribute_info, fs_type, STR_UNICODE);
+
+	return ret;
+}
diff --git a/source4/torture/raw/raw.c b/source4/torture/raw/raw.c
new file mode 100644
index 0000000..b3716b6
--- /dev/null
+++ b/source4/torture/raw/raw.c
@@ -0,0 +1,87 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB torture tester
+   Copyright (C) Jelmer Vernooij 2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "torture/util.h"
+#include "torture/smbtorture.h"
+#include "torture/raw/proto.h"
+
+NTSTATUS torture_raw_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(
+		ctx, "raw");
+	/* RAW smb tests */
+	torture_suite_add_simple_test(suite, "bench-oplock", torture_bench_oplock);
+	torture_suite_add_simple_test(suite, "ping-pong", torture_ping_pong);
+	torture_suite_add_simple_test(suite, "bench-lock", torture_bench_lock);
+	torture_suite_add_simple_test(suite, "bench-open", torture_bench_open);
+	torture_suite_add_simple_test(suite, "bench-lookup",
+		torture_bench_lookup);
+	torture_suite_add_simple_test(suite, "bench-tcon",
+		torture_bench_treeconnect);
+	torture_suite_add_simple_test(suite, "offline", torture_test_offline);
+	torture_suite_add_1smb_test(suite, "qfsinfo", torture_raw_qfsinfo);
+	torture_suite_add_1smb_test(suite, "qfileinfo", torture_raw_qfileinfo);
+	torture_suite_add_1smb_test(suite, "qfileinfo.ipc", torture_raw_qfileinfo_pipe);
+	torture_suite_add_suite(suite, torture_raw_sfileinfo(suite));
+	torture_suite_add_suite(suite, torture_raw_search(suite));
+	torture_suite_add_1smb_test(suite, "close", torture_raw_close);
+	torture_suite_add_suite(suite, torture_raw_open(suite));
+	torture_suite_add_1smb_test(suite, "mkdir", torture_raw_mkdir);
+	torture_suite_add_suite(suite, torture_raw_oplock(suite));
+	torture_suite_add_1smb_test(suite, "hold-oplock", torture_hold_oplock);
+	torture_suite_add_suite(suite, torture_raw_notify(suite));
+	torture_suite_add_1smb_test(suite, "mux", torture_raw_mux);
+	torture_suite_add_1smb_test(suite, "ioctl", torture_raw_ioctl);
+	torture_suite_add_1smb_test(suite, "chkpath", torture_raw_chkpath);
+	torture_suite_add_suite(suite, torture_raw_unlink(suite));
+	torture_suite_add_suite(suite, torture_raw_read(suite));
+	torture_suite_add_suite(suite, torture_raw_write(suite));
+	torture_suite_add_suite(suite, torture_raw_lock(suite));
+	torture_suite_add_suite(suite, torture_raw_context(suite));
+	torture_suite_add_suite(suite, torture_raw_session(suite));
+	torture_suite_add_suite(suite, torture_raw_rename(suite));
+	torture_suite_add_1smb_test(suite, "seek", torture_raw_seek);
+	torture_suite_add_1smb_test(suite, "eas", torture_raw_eas);
+	torture_suite_add_suite(suite, torture_raw_streams(suite));
+	torture_suite_add_suite(suite, torture_raw_acls(suite));
+	torture_suite_add_suite(suite, torture_raw_composite(suite));
+	torture_suite_add_1smb_test(suite, "samba3hide", torture_samba3_hide);
+	torture_suite_add_1smb_test(suite, "samba3closeerr", torture_samba3_closeerr);
+	torture_suite_add_1smb_test(suite, "samba3rootdirfid",
+				      torture_samba3_rootdirfid);
+	torture_suite_add_1smb_test(suite, "samba3rootdirfid2",
+				      torture_samba3_rootdirfid2);
+	torture_suite_add_1smb_test(suite, "samba3checkfsp", torture_samba3_checkfsp);
+	torture_suite_add_1smb_test(suite, "samba3oplocklogoff", torture_samba3_oplock_logoff);
+	torture_suite_add_1smb_test(suite, "samba3badnameblob", torture_samba3_check_openX_badname);
+	torture_suite_add_simple_test(suite, "samba3badpath", torture_samba3_badpath);
+	torture_suite_add_1smb_test(suite, "samba3caseinsensitive",
+				      torture_samba3_caseinsensitive);
+	torture_suite_add_1smb_test(suite, "samba3posixtimedlock",
+				      torture_samba3_posixtimedlock);
+	torture_suite_add_simple_test(suite, "scan-eamax", torture_max_eas);
+
+	suite->description = talloc_strdup(suite, "Tests for the raw SMB interface");
+
+	torture_register_suite(ctx, suite);
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/torture/raw/read.c b/source4/torture/raw/read.c
new file mode 100644
index 0000000..6160e3e
--- /dev/null
+++ b/source4/torture/raw/read.c
@@ -0,0 +1,1039 @@
+/* 
+   Unix SMB/CIFS implementation.
+   test suite for various read operations
+   Copyright (C) Andrew Tridgell 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "system/time.h"
+#include "system/filesys.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "torture/raw/proto.h"
+
+#define CHECK_STATUS(status, correct) do { \
+		torture_assert_ntstatus_equal_goto(tctx, status, correct, ret, \
+						   done, "incorrect status"); \
+	} while (0)
+
+#define CHECK_VALUE(v, correct) do { \
+		torture_assert_int_equal_goto(tctx, (v), (correct), ret, done, \
+					      "Incorrect value"); \
+	} while (0)
+
+#define CHECK_BUFFER(buf, seed, len) do { \
+	if (!check_buffer(tctx, buf, seed, len, __LINE__)) {	\
+		ret = false; \
+		torture_fail_goto(tctx, done, "buffer check failed\n"); \
+	}} while (0)
+
+#define CHECK_READX_ALIGN(io) do {			      \
+	if ((io.readx.out.flags2 & FLAGS2_UNICODE_STRINGS) && \
+	    (io.readx.out.data_offset % 2 != 0)) { \
+		ret = false; \
+		torture_fail_goto(tctx, done, "data not 16 bit aligned\n"); \
+	}} while (0)
+
+#define BASEDIR "\\testread"
+
+
+/*
+  setup a random buffer based on a seed
+*/
+static void setup_buffer(uint8_t *buf, unsigned int seed, int len)
+{
+	int i;
+	srandom(seed);
+	for (i=0;i<len;i++) buf[i] = random();
+}
+
+/*
+  check a random buffer based on a seed
+*/
+static bool check_buffer(struct torture_context *tctx, uint8_t *buf,
+			 unsigned int seed, int len, int line)
+{
+	int i;
+	srandom(seed);
+	for (i=0;i<len;i++) {
+		uint8_t v = random();
+		if (buf[i] != v) {
+			torture_warning(tctx, "Buffer incorrect at line %d! "
+					"ofs=%d v1=0x%x v2=0x%x\n", line, i,
+					buf[i], v);
+			return false;
+		}
+	}
+	return true;
+}
+
+/*
+  test read ops
+*/
+static bool test_read(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	union smb_read io;
+	NTSTATUS status;
+	bool ret = true;
+	int fnum;
+	uint8_t *buf;
+	const int maxsize = 90000;
+	const char *fname = BASEDIR "\\test.txt";
+	const char *test_data = "TEST DATA";
+	unsigned int seed = time(NULL);
+
+	buf = talloc_zero_array(tctx, uint8_t, maxsize);
+
+	if (!torture_setting_bool(tctx, "read_support", true)) {
+		printf("server refuses to support READ\n");
+		return true;
+	}
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	printf("Testing RAW_READ_READ\n");
+	io.generic.level = RAW_READ_READ;
+
+	fnum = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	if (fnum == -1) {
+		printf("Failed to create %s - %s\n", fname, smbcli_errstr(cli->tree));
+		ret = false;
+		goto done;
+	}
+
+	printf("Trying empty file read\n");
+	io.read.in.file.fnum = fnum;
+	io.read.in.count = 1;
+	io.read.in.offset = 0;
+	io.read.in.remaining = 0;
+	io.read.out.data = buf;
+	status = smb_raw_read(cli->tree, &io);
+
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.read.out.nread, 0);
+
+	printf("Trying zero file read\n");
+	io.read.in.count = 0;
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.read.out.nread, 0);
+
+	printf("Trying bad fnum\n");
+	io.read.in.file.fnum = fnum+1;
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE);
+	io.read.in.file.fnum = fnum;
+
+	smbcli_write(cli->tree, fnum, 0, test_data, 0, strlen(test_data));
+
+	printf("Trying small read\n");
+	io.read.in.file.fnum = fnum;
+	io.read.in.offset = 0;
+	io.read.in.remaining = 0;
+	io.read.in.count = strlen(test_data);
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.read.out.nread, strlen(test_data));
+	if (memcmp(buf, test_data, strlen(test_data)) != 0) {
+		ret = false;
+		printf("incorrect data at %d!? (%s:%s)\n", __LINE__, test_data, buf);
+		goto done;
+	}
+
+	printf("Trying short read\n");
+	io.read.in.offset = 1;
+	io.read.in.count = strlen(test_data);
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.read.out.nread, strlen(test_data)-1);
+	if (memcmp(buf, test_data+1, strlen(test_data)-1) != 0) {
+		ret = false;
+		printf("incorrect data at %d!? (%s:%s)\n", __LINE__, test_data+1, buf);
+		goto done;
+	}
+
+	if (cli->transport->negotiate.capabilities & CAP_LARGE_FILES) {
+		printf("Trying max offset\n");
+		io.read.in.offset = ~0;
+		io.read.in.count = strlen(test_data);
+		status = smb_raw_read(cli->tree, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		CHECK_VALUE(io.read.out.nread, 0);
+	}
+
+	setup_buffer(buf, seed, maxsize);
+	smbcli_write(cli->tree, fnum, 0, buf, 0, maxsize);
+	memset(buf, 0, maxsize);
+
+	printf("Trying large read\n");
+	io.read.in.offset = 0;
+	io.read.in.count = ~0;
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_BUFFER(buf, seed, io.read.out.nread);
+
+
+	printf("Trying locked region\n");
+	cli->session->pid++;
+	if (NT_STATUS_IS_ERR(smbcli_lock(cli->tree, fnum, 103, 1, 0, WRITE_LOCK))) {
+		printf("Failed to lock file at %d\n", __LINE__);
+		ret = false;
+		goto done;
+	}
+	cli->session->pid--;
+	memset(buf, 0, maxsize);
+	io.read.in.offset = 0;
+	io.read.in.count = ~0;
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+	
+
+done:
+	smbcli_close(cli->tree, fnum);
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+
+/*
+  test lockread ops
+*/
+static bool test_lockread(struct torture_context *tctx, 
+						  struct smbcli_state *cli)
+{
+	union smb_read io;
+	NTSTATUS status;
+	bool ret = true;
+	int fnum;
+	uint8_t *buf;
+	const int maxsize = 90000;
+	const char *fname = BASEDIR "\\test.txt";
+	const char *test_data = "TEST DATA";
+	unsigned int seed = time(NULL);
+
+	if (!cli->transport->negotiate.lockread_supported) {
+		printf("Server does not support lockread - skipping\n");
+		return true;
+	}
+
+	buf = talloc_zero_array(tctx, uint8_t, maxsize);
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	printf("Testing RAW_READ_LOCKREAD\n");
+	io.generic.level = RAW_READ_LOCKREAD;
+	
+	fnum = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	if (fnum == -1) {
+		printf("Failed to create %s - %s\n", fname, smbcli_errstr(cli->tree));
+		ret = false;
+		goto done;
+	}
+
+	printf("Trying empty file read\n");
+	io.lockread.in.file.fnum = fnum;
+	io.lockread.in.count = 1;
+	io.lockread.in.offset = 1;
+	io.lockread.in.remaining = 0;
+	io.lockread.out.data = buf;
+	status = smb_raw_read(cli->tree, &io);
+
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.lockread.out.nread, 0);
+
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	printf("Trying zero file read\n");
+	io.lockread.in.count = 0;
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	smbcli_unlock(cli->tree, fnum, 1, 1);
+
+	printf("Trying bad fnum\n");
+	io.lockread.in.file.fnum = fnum+1;
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE);
+	io.lockread.in.file.fnum = fnum;
+
+	smbcli_write(cli->tree, fnum, 0, test_data, 0, strlen(test_data));
+
+	printf("Trying small read\n");
+	io.lockread.in.file.fnum = fnum;
+	io.lockread.in.offset = 0;
+	io.lockread.in.remaining = 0;
+	io.lockread.in.count = strlen(test_data);
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	smbcli_unlock(cli->tree, fnum, 1, 0);
+
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.lockread.out.nread, strlen(test_data));
+	if (memcmp(buf, test_data, strlen(test_data)) != 0) {
+		ret = false;
+		printf("incorrect data at %d!? (%s:%s)\n", __LINE__, test_data, buf);
+		goto done;
+	}
+
+	printf("Trying short read\n");
+	io.lockread.in.offset = 1;
+	io.lockread.in.count = strlen(test_data);
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+	smbcli_unlock(cli->tree, fnum, 0, strlen(test_data));
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	CHECK_VALUE(io.lockread.out.nread, strlen(test_data)-1);
+	if (memcmp(buf, test_data+1, strlen(test_data)-1) != 0) {
+		ret = false;
+		printf("incorrect data at %d!? (%s:%s)\n", __LINE__, test_data+1, buf);
+		goto done;
+	}
+
+	if (cli->transport->negotiate.capabilities & CAP_LARGE_FILES) {
+		printf("Trying max offset\n");
+		io.lockread.in.offset = ~0;
+		io.lockread.in.count = strlen(test_data);
+		status = smb_raw_read(cli->tree, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		CHECK_VALUE(io.lockread.out.nread, 0);
+	}
+
+	setup_buffer(buf, seed, maxsize);
+	smbcli_write(cli->tree, fnum, 0, buf, 0, maxsize);
+	memset(buf, 0, maxsize);
+
+	printf("Trying large read\n");
+	io.lockread.in.offset = 0;
+	io.lockread.in.count = ~0;
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+	smbcli_unlock(cli->tree, fnum, 1, strlen(test_data));
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_BUFFER(buf, seed, io.lockread.out.nread);
+	smbcli_unlock(cli->tree, fnum, 0, 0xFFFF);
+
+
+	printf("Trying locked region\n");
+	cli->session->pid++;
+	if (NT_STATUS_IS_ERR(smbcli_lock(cli->tree, fnum, 103, 1, 0, WRITE_LOCK))) {
+		printf("Failed to lock file at %d\n", __LINE__);
+		ret = false;
+		goto done;
+	}
+	cli->session->pid--;
+	memset(buf, 0, maxsize);
+	io.lockread.in.offset = 0;
+	io.lockread.in.count = ~0;
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+	
+
+done:
+	smbcli_close(cli->tree, fnum);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+
+/*
+  test readx ops
+*/
+static bool test_readx(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	union smb_read io;
+	NTSTATUS status;
+	bool ret = true;
+	int fnum;
+	uint8_t *buf;
+	const int maxsize = 90000;
+	const char *fname = BASEDIR "\\test.txt";
+	const char *test_data = "TEST DATA";
+	unsigned int seed = time(NULL);
+	struct smbcli_request *smbreq = NULL;
+	unsigned int i;
+
+	buf = talloc_zero_array(tctx, uint8_t, maxsize);
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	printf("Testing RAW_READ_READX\n");
+	
+	fnum = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	if (fnum == -1) {
+		printf("Failed to create %s - %s\n", fname, smbcli_errstr(cli->tree));
+		ret = false;
+		goto done;
+	}
+
+	printf("Trying empty file read\n");
+	io.generic.level = RAW_READ_READX;
+	io.readx.in.file.fnum = fnum;
+	io.readx.in.mincnt = 1;
+	io.readx.in.maxcnt = 1;
+	io.readx.in.offset = 0;
+	io.readx.in.remaining = 0;
+	io.readx.in.read_for_execute = false;
+	io.readx.out.data = buf;
+	status = smb_raw_read(cli->tree, &io);
+
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.readx.out.nread, 0);
+	CHECK_VALUE(io.readx.out.remaining, 0xFFFF);
+	CHECK_VALUE(io.readx.out.compaction_mode, 0);
+	CHECK_READX_ALIGN(io);
+
+	printf("Trying zero file read\n");
+	io.readx.in.mincnt = 0;
+	io.readx.in.maxcnt = 0;
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.readx.out.nread, 0);
+	CHECK_VALUE(io.readx.out.remaining, 0xFFFF);
+	CHECK_VALUE(io.readx.out.compaction_mode, 0);
+	CHECK_READX_ALIGN(io);
+
+	printf("Trying bad fnum\n");
+	io.readx.in.file.fnum = fnum+1;
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE);
+	io.readx.in.file.fnum = fnum;
+
+	smbcli_write(cli->tree, fnum, 0, test_data, 0, strlen(test_data));
+
+	printf("Checking reserved fields are [0]\n");
+	io.readx.in.file.fnum = fnum;
+	io.readx.in.offset = 0;
+	io.readx.in.remaining = 0;
+	io.readx.in.read_for_execute = false;
+	io.readx.in.mincnt = strlen(test_data);
+	io.readx.in.maxcnt = strlen(test_data);
+	smbreq = smb_raw_read_send(cli->tree, &io);
+	if (smbreq == NULL) {
+		ret = false;
+		torture_fail_goto(tctx, done, "smb_raw_read_send failed\n");
+	}
+	if (!smbcli_request_receive(smbreq) ||
+	     smbcli_request_is_error(smbreq)) {
+		status = smbcli_request_destroy(smbreq);
+		torture_fail_goto(tctx, done, "receive failed\n");
+	}
+
+	if (smbreq->in.wct != 12) {
+		ret = false;
+		printf("Incorrect wct %u (should be 12)\n",
+			(unsigned int)smbreq->in.wct);
+		status = smbcli_request_destroy(smbreq);
+		torture_fail_goto(tctx, done, "bad wct\n");
+	}
+
+	/* Ensure VWV8 - WVW11 are zero. */
+	for (i = 8; i < 12; i++) {
+		uint16_t br = SVAL(smbreq->in.vwv, VWV(i));
+		if (br != 0) {
+			status = smbcli_request_destroy(smbreq);
+			ret = false;
+			printf("reserved field %u is %u not zero\n",
+				i,
+				(unsigned int)br);
+			torture_fail_goto(tctx, done, "bad reserved field\n");
+		}
+	}
+
+	smbcli_request_destroy(smbreq);
+
+	printf("Trying small read\n");
+	io.readx.in.file.fnum = fnum;
+	io.readx.in.offset = 0;
+	io.readx.in.remaining = 0;
+	io.readx.in.read_for_execute = false;
+	io.readx.in.mincnt = strlen(test_data);
+	io.readx.in.maxcnt = strlen(test_data);
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.readx.out.nread, strlen(test_data));
+	CHECK_VALUE(io.readx.out.remaining, 0xFFFF);
+	CHECK_VALUE(io.readx.out.compaction_mode, 0);
+	CHECK_READX_ALIGN(io);
+	if (memcmp(buf, test_data, strlen(test_data)) != 0) {
+		ret = false;
+		printf("incorrect data at %d!? (%s:%s)\n", __LINE__, test_data, buf);
+		goto done;
+	}
+
+	printf("Trying short read\n");
+	io.readx.in.offset = 1;
+	io.readx.in.mincnt = strlen(test_data);
+	io.readx.in.maxcnt = strlen(test_data);
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.readx.out.nread, strlen(test_data)-1);
+	CHECK_VALUE(io.readx.out.remaining, 0xFFFF);
+	CHECK_VALUE(io.readx.out.compaction_mode, 0);
+	CHECK_READX_ALIGN(io);
+	if (memcmp(buf, test_data+1, strlen(test_data)-1) != 0) {
+		ret = false;
+		printf("incorrect data at %d!? (%s:%s)\n", __LINE__, test_data+1, buf);
+		goto done;
+	}
+
+	if (cli->transport->negotiate.capabilities & CAP_LARGE_FILES) {
+		printf("Trying max offset\n");
+		io.readx.in.offset = 0xffffffff;
+		io.readx.in.mincnt = strlen(test_data);
+		io.readx.in.maxcnt = strlen(test_data);
+		status = smb_raw_read(cli->tree, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		CHECK_VALUE(io.readx.out.nread, 0);
+		CHECK_VALUE(io.readx.out.remaining, 0xFFFF);
+		CHECK_VALUE(io.readx.out.compaction_mode, 0);
+		CHECK_READX_ALIGN(io);
+	}
+
+	printf("Trying mincnt past EOF\n");
+	memset(buf, 0, maxsize);
+	io.readx.in.offset = 0;
+	io.readx.in.mincnt = 100;
+	io.readx.in.maxcnt = 110;
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.readx.out.remaining, 0xFFFF);
+	CHECK_VALUE(io.readx.out.compaction_mode, 0);
+	CHECK_VALUE(io.readx.out.nread, strlen(test_data));
+	CHECK_READX_ALIGN(io);
+	if (memcmp(buf, test_data, strlen(test_data)) != 0) {
+		ret = false;
+		printf("incorrect data at %d!? (%s:%s)\n", __LINE__, test_data, buf);
+		goto done;
+	}
+
+
+	setup_buffer(buf, seed, maxsize);
+	smbcli_write(cli->tree, fnum, 0, buf, 0, maxsize);
+	memset(buf, 0, maxsize);
+
+	printf("Trying page sized read\n");
+	io.readx.in.offset = 0;
+	io.readx.in.mincnt = 0x1000;
+	io.readx.in.maxcnt = 0x1000;
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.readx.out.remaining, 0xFFFF);
+	CHECK_VALUE(io.readx.out.compaction_mode, 0);
+	CHECK_VALUE(io.readx.out.nread, io.readx.in.maxcnt);
+	CHECK_BUFFER(buf, seed, io.readx.out.nread);
+	CHECK_READX_ALIGN(io);
+
+	printf("Trying page + 1 sized read (check alignment)\n");
+	io.readx.in.offset = 0;
+	io.readx.in.mincnt = 0x1001;
+	io.readx.in.maxcnt = 0x1001;
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.readx.out.remaining, 0xFFFF);
+	CHECK_VALUE(io.readx.out.compaction_mode, 0);
+	CHECK_VALUE(io.readx.out.nread, io.readx.in.maxcnt);
+	CHECK_BUFFER(buf, seed, io.readx.out.nread);
+	CHECK_READX_ALIGN(io);
+
+	printf("Trying large read (UINT16_MAX)\n");
+	io.readx.in.offset = 0;
+	io.readx.in.mincnt = 0xFFFF;
+	io.readx.in.maxcnt = 0xFFFF;
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.readx.out.remaining, 0xFFFF);
+	CHECK_VALUE(io.readx.out.compaction_mode, 0);
+	CHECK_VALUE(io.readx.out.nread, io.readx.in.maxcnt);
+	CHECK_BUFFER(buf, seed, io.readx.out.nread);
+	CHECK_READX_ALIGN(io);
+
+	printf("Trying extra large read\n");
+	io.readx.in.offset = 0;
+	io.readx.in.mincnt = 100;
+	io.readx.in.maxcnt = 80000;
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.readx.out.remaining, 0xFFFF);
+	CHECK_VALUE(io.readx.out.compaction_mode, 0);
+	if (io.readx.out.nread == io.readx.in.maxcnt) {
+		printf("SAMBA: large read extension\n");
+		CHECK_VALUE(io.readx.out.nread, 80000);
+	} else {
+		CHECK_VALUE(io.readx.out.nread, 0x10000);
+	}
+	CHECK_BUFFER(buf, seed, io.readx.out.nread);
+	CHECK_READX_ALIGN(io);
+
+	printf("Trying mincnt > maxcnt\n");
+	memset(buf, 0, maxsize);
+	io.readx.in.offset = 0;
+	io.readx.in.mincnt = 30000;
+	io.readx.in.maxcnt = 20000;
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.readx.out.remaining, 0xFFFF);
+	CHECK_VALUE(io.readx.out.compaction_mode, 0);
+	CHECK_VALUE(io.readx.out.nread, io.readx.in.maxcnt);
+	CHECK_BUFFER(buf, seed, io.readx.out.nread);
+	CHECK_READX_ALIGN(io);
+
+	printf("Trying mincnt < maxcnt\n");
+	memset(buf, 0, maxsize);
+	io.readx.in.offset = 0;
+	io.readx.in.mincnt = 20000;
+	io.readx.in.maxcnt = 30000;
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.readx.out.remaining, 0xFFFF);
+	CHECK_VALUE(io.readx.out.compaction_mode, 0);
+	CHECK_VALUE(io.readx.out.nread, io.readx.in.maxcnt);
+	CHECK_BUFFER(buf, seed, io.readx.out.nread);
+	CHECK_READX_ALIGN(io);
+
+	if (cli->transport->negotiate.capabilities & CAP_LARGE_READX) {
+		printf("Trying large readx\n");
+		io.readx.in.offset = 0;
+		io.readx.in.mincnt = 0;
+		io.readx.in.maxcnt = 0x10000 - 1;
+		status = smb_raw_read(cli->tree, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		CHECK_VALUE(io.readx.out.nread, 0xFFFF);
+		CHECK_READX_ALIGN(io);
+
+		io.readx.in.maxcnt = 0x10000;
+		status = smb_raw_read(cli->tree, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		CHECK_VALUE(io.readx.out.nread, 0x10000);
+		CHECK_READX_ALIGN(io);
+
+		io.readx.in.maxcnt = 0x10001;
+		status = smb_raw_read(cli->tree, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		if (io.readx.out.nread == io.readx.in.maxcnt) {
+			printf("SAMBA: large read extension\n");
+			CHECK_VALUE(io.readx.out.nread, 0x10001);
+		} else {
+			CHECK_VALUE(io.readx.out.nread, 0x10000);
+		}
+	} else {
+		printf("Server does not support the CAP_LARGE_READX extension\n");
+	}
+
+	printf("Trying locked region\n");
+	cli->session->pid++;
+	if (NT_STATUS_IS_ERR(smbcli_lock(cli->tree, fnum, 103, 1, 0, WRITE_LOCK))) {
+		printf("Failed to lock file at %d\n", __LINE__);
+		ret = false;
+		goto done;
+	}
+	cli->session->pid--;
+	memset(buf, 0, maxsize);
+	io.readx.in.offset = 0;
+	io.readx.in.mincnt = 100;
+	io.readx.in.maxcnt = 200;
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);	
+
+	if (!(cli->transport->negotiate.capabilities & CAP_LARGE_FILES)) {
+		printf("skipping large file tests - CAP_LARGE_FILES not set\n");
+		goto done;
+	}
+
+	printf("Trying large offset read\n");
+	io.readx.in.offset = ((uint64_t)0x2) << 32;
+	io.readx.in.mincnt = 10;
+	io.readx.in.maxcnt = 10;
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.readx.out.nread, 0);
+	CHECK_READX_ALIGN(io);
+
+	if (NT_STATUS_IS_ERR(smbcli_lock64(cli->tree, fnum, io.readx.in.offset, 1, 0, WRITE_LOCK))) {
+		printf("Failed to lock file at %d\n", __LINE__);
+		ret = false;
+		goto done;
+	}
+
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.readx.out.nread, 0);
+	CHECK_READX_ALIGN(io);
+
+done:
+	smbcli_close(cli->tree, fnum);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+
+/*
+  test readbraw ops
+*/
+static bool test_readbraw(struct torture_context *tctx, 
+						  struct smbcli_state *cli)
+{
+	union smb_read io;
+	NTSTATUS status;
+	bool ret = true;
+	int fnum;
+	uint8_t *buf;
+	const int maxsize = 90000;
+	const char *fname = BASEDIR "\\test.txt";
+	const char *test_data = "TEST DATA";
+	unsigned int seed = time(NULL);
+
+	if (!cli->transport->negotiate.readbraw_supported) {
+		printf("Server does not support readbraw - skipping\n");
+		return true;
+	}
+
+	buf = talloc_zero_array(tctx, uint8_t, maxsize);
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	printf("Testing RAW_READ_READBRAW\n");
+	
+	fnum = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	if (fnum == -1) {
+		printf("Failed to create %s - %s\n", fname, smbcli_errstr(cli->tree));
+		ret = false;
+		goto done;
+	}
+
+	printf("Trying empty file read\n");
+	io.generic.level = RAW_READ_READBRAW;
+	io.readbraw.in.file.fnum = fnum;
+	io.readbraw.in.mincnt = 1;
+	io.readbraw.in.maxcnt = 1;
+	io.readbraw.in.offset = 0;
+	io.readbraw.in.timeout = 0;
+	io.readbraw.out.data = buf;
+	status = smb_raw_read(cli->tree, &io);
+
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.readbraw.out.nread, 0);
+
+	printf("Trying zero file read\n");
+	io.readbraw.in.mincnt = 0;
+	io.readbraw.in.maxcnt = 0;
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.readbraw.out.nread, 0);
+
+	printf("Trying bad fnum\n");
+	io.readbraw.in.file.fnum = fnum+1;
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.readbraw.out.nread, 0);
+	io.readbraw.in.file.fnum = fnum;
+
+	smbcli_write(cli->tree, fnum, 0, test_data, 0, strlen(test_data));
+
+	printf("Trying small read\n");
+	io.readbraw.in.file.fnum = fnum;
+	io.readbraw.in.offset = 0;
+	io.readbraw.in.mincnt = strlen(test_data);
+	io.readbraw.in.maxcnt = strlen(test_data);
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.readbraw.out.nread, strlen(test_data));
+	if (memcmp(buf, test_data, strlen(test_data)) != 0) {
+		ret = false;
+		printf("incorrect data at %d!? (%s:%s)\n", __LINE__, test_data, buf);
+		goto done;
+	}
+
+	printf("Trying short read\n");
+	io.readbraw.in.offset = 1;
+	io.readbraw.in.mincnt = strlen(test_data);
+	io.readbraw.in.maxcnt = strlen(test_data);
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.readbraw.out.nread, strlen(test_data)-1);
+	if (memcmp(buf, test_data+1, strlen(test_data)-1) != 0) {
+		ret = false;
+		printf("incorrect data at %d!? (%s:%s)\n", __LINE__, test_data+1, buf);
+		goto done;
+	}
+
+	if (cli->transport->negotiate.capabilities & CAP_LARGE_FILES) {
+		printf("Trying max offset\n");
+		io.readbraw.in.offset = ~0;
+		io.readbraw.in.mincnt = strlen(test_data);
+		io.readbraw.in.maxcnt = strlen(test_data);
+		status = smb_raw_read(cli->tree, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		CHECK_VALUE(io.readbraw.out.nread, 0);
+	}
+
+	setup_buffer(buf, seed, maxsize);
+	smbcli_write(cli->tree, fnum, 0, buf, 0, maxsize);
+	memset(buf, 0, maxsize);
+
+	printf("Trying large read\n");
+	io.readbraw.in.offset = 0;
+	io.readbraw.in.mincnt = ~0;
+	io.readbraw.in.maxcnt = ~0;
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.readbraw.out.nread, 0xFFFF);
+	CHECK_BUFFER(buf, seed, io.readbraw.out.nread);
+
+	printf("Trying mincnt > maxcnt\n");
+	memset(buf, 0, maxsize);
+	io.readbraw.in.offset = 0;
+	io.readbraw.in.mincnt = 30000;
+	io.readbraw.in.maxcnt = 20000;
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.readbraw.out.nread, io.readbraw.in.maxcnt);
+	CHECK_BUFFER(buf, seed, io.readbraw.out.nread);
+
+	printf("Trying mincnt < maxcnt\n");
+	memset(buf, 0, maxsize);
+	io.readbraw.in.offset = 0;
+	io.readbraw.in.mincnt = 20000;
+	io.readbraw.in.maxcnt = 30000;
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.readbraw.out.nread, io.readbraw.in.maxcnt);
+	CHECK_BUFFER(buf, seed, io.readbraw.out.nread);
+
+	printf("Trying locked region\n");
+	cli->session->pid++;
+	if (NT_STATUS_IS_ERR(smbcli_lock(cli->tree, fnum, 103, 1, 0, WRITE_LOCK))) {
+		printf("Failed to lock file at %d\n", __LINE__);
+		ret = false;
+		goto done;
+	}
+	cli->session->pid--;
+	memset(buf, 0, maxsize);
+	io.readbraw.in.offset = 0;
+	io.readbraw.in.mincnt = 100;
+	io.readbraw.in.maxcnt = 200;
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.readbraw.out.nread, 0);
+
+	printf("Trying locked region with timeout\n");
+	memset(buf, 0, maxsize);
+	io.readbraw.in.offset = 0;
+	io.readbraw.in.mincnt = 100;
+	io.readbraw.in.maxcnt = 200;
+	io.readbraw.in.timeout = 10000;
+	status = smb_raw_read(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.readbraw.out.nread, 0);
+
+	if (cli->transport->negotiate.capabilities & CAP_LARGE_FILES) {
+		printf("Trying large offset read\n");
+		io.readbraw.in.offset = ((uint64_t)0x2) << 32;
+		io.readbraw.in.mincnt = 10;
+		io.readbraw.in.maxcnt = 10;
+		io.readbraw.in.timeout = 0;
+		status = smb_raw_read(cli->tree, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		CHECK_VALUE(io.readbraw.out.nread, 0);
+	}
+
+done:
+	smbcli_close(cli->tree, fnum);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+/*
+  test read for execute
+*/
+static bool test_read_for_execute(struct torture_context *tctx, 
+								  struct smbcli_state *cli)
+{
+	union smb_open op;
+	union smb_write wr;
+	union smb_read rd;
+	NTSTATUS status;
+	bool ret = true;
+	int fnum=0;
+	uint8_t *buf;
+	const int maxsize = 900;
+	const char *fname = BASEDIR "\\test.txt";
+	const uint8_t data[] = "TEST DATA";
+
+	buf = talloc_zero_array(tctx, uint8_t, maxsize);
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	printf("Testing RAW_READ_READX with read_for_execute\n");
+
+	op.generic.level = RAW_OPEN_NTCREATEX;
+	op.ntcreatex.in.root_fid.fnum = 0;
+	op.ntcreatex.in.flags = 0;
+	op.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	op.ntcreatex.in.create_options = 0;
+	op.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	op.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	op.ntcreatex.in.alloc_size = 0;
+	op.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	op.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	op.ntcreatex.in.security_flags = 0;
+	op.ntcreatex.in.fname = fname;
+	status = smb_raw_open(cli->tree, tctx, &op);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = op.ntcreatex.out.file.fnum;
+
+	wr.generic.level = RAW_WRITE_WRITEX;
+	wr.writex.in.file.fnum = fnum;
+	wr.writex.in.offset = 0;
+	wr.writex.in.wmode = 0;
+	wr.writex.in.remaining = 0;
+	wr.writex.in.count = ARRAY_SIZE(data);
+	wr.writex.in.data = data;
+	status = smb_raw_write(cli->tree, &wr);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(wr.writex.out.nwritten, ARRAY_SIZE(data));
+
+	status = smbcli_close(cli->tree, fnum);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	printf("open file with SEC_FILE_EXECUTE\n");
+	op.generic.level = RAW_OPEN_NTCREATEX;
+	op.ntcreatex.in.root_fid.fnum = 0;
+	op.ntcreatex.in.flags = 0;
+	op.ntcreatex.in.access_mask = SEC_FILE_EXECUTE;
+	op.ntcreatex.in.create_options = 0;
+	op.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	op.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	op.ntcreatex.in.alloc_size = 0;
+	op.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	op.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	op.ntcreatex.in.security_flags = 0;
+	op.ntcreatex.in.fname = fname;
+	status = smb_raw_open(cli->tree, tctx, &op);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = op.ntcreatex.out.file.fnum;
+
+	printf("read with FLAGS2_READ_PERMIT_EXECUTE\n");
+	rd.generic.level = RAW_READ_READX;
+	rd.readx.in.file.fnum = fnum;
+	rd.readx.in.mincnt = 0;
+	rd.readx.in.maxcnt = maxsize;
+	rd.readx.in.offset = 0;
+	rd.readx.in.remaining = 0;
+	rd.readx.in.read_for_execute = true;
+	rd.readx.out.data = buf;
+	status = smb_raw_read(cli->tree, &rd);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(rd.readx.out.nread, ARRAY_SIZE(data));
+	CHECK_VALUE(rd.readx.out.remaining, 0xFFFF);
+	CHECK_VALUE(rd.readx.out.compaction_mode, 0);
+
+	printf("read without FLAGS2_READ_PERMIT_EXECUTE (should fail)\n");
+	rd.generic.level = RAW_READ_READX;
+	rd.readx.in.file.fnum = fnum;
+	rd.readx.in.mincnt = 0;
+	rd.readx.in.maxcnt = maxsize;
+	rd.readx.in.offset = 0;
+	rd.readx.in.remaining = 0;
+	rd.readx.in.read_for_execute = false;
+	rd.readx.out.data = buf;
+	status = smb_raw_read(cli->tree, &rd);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	status = smbcli_close(cli->tree, fnum);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	printf("open file with SEC_FILE_READ_DATA\n");
+	op.generic.level = RAW_OPEN_NTCREATEX;
+	op.ntcreatex.in.root_fid.fnum = 0;
+	op.ntcreatex.in.flags = 0;
+	op.ntcreatex.in.access_mask = SEC_FILE_READ_DATA;
+	op.ntcreatex.in.create_options = 0;
+	op.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	op.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	op.ntcreatex.in.alloc_size = 0;
+	op.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	op.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	op.ntcreatex.in.security_flags = 0;
+	op.ntcreatex.in.fname = fname;
+	status = smb_raw_open(cli->tree, tctx, &op);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = op.ntcreatex.out.file.fnum;
+
+	printf("read with FLAGS2_READ_PERMIT_EXECUTE\n");
+	rd.generic.level = RAW_READ_READX;
+	rd.readx.in.file.fnum = fnum;
+	rd.readx.in.mincnt = 0;
+	rd.readx.in.maxcnt = maxsize;
+	rd.readx.in.offset = 0;
+	rd.readx.in.remaining = 0;
+	rd.readx.in.read_for_execute = true;
+	rd.readx.out.data = buf;
+	status = smb_raw_read(cli->tree, &rd);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(rd.readx.out.nread, ARRAY_SIZE(data));
+	CHECK_VALUE(rd.readx.out.remaining, 0xFFFF);
+	CHECK_VALUE(rd.readx.out.compaction_mode, 0);
+
+	printf("read without FLAGS2_READ_PERMIT_EXECUTE\n");
+	rd.generic.level = RAW_READ_READX;
+	rd.readx.in.file.fnum = fnum;
+	rd.readx.in.mincnt = 0;
+	rd.readx.in.maxcnt = maxsize;
+	rd.readx.in.offset = 0;
+	rd.readx.in.remaining = 0;
+	rd.readx.in.read_for_execute = false;
+	rd.readx.out.data = buf;
+	status = smb_raw_read(cli->tree, &rd);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(rd.readx.out.nread, ARRAY_SIZE(data));
+	CHECK_VALUE(rd.readx.out.remaining, 0xFFFF);
+	CHECK_VALUE(rd.readx.out.compaction_mode, 0);
+
+done:
+	smbcli_close(cli->tree, fnum);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+
+/* 
+   basic testing of read calls
+*/
+struct torture_suite *torture_raw_read(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "read");
+
+	torture_suite_add_1smb_test(suite, "read", test_read);
+	torture_suite_add_1smb_test(suite, "readx", test_readx);
+	torture_suite_add_1smb_test(suite, "lockread", test_lockread);
+	torture_suite_add_1smb_test(suite, "readbraw", test_readbraw);
+	torture_suite_add_1smb_test(suite, "read for execute", 
+		test_read_for_execute);
+
+	return suite;
+}
diff --git a/source4/torture/raw/rename.c b/source4/torture/raw/rename.c
new file mode 100644
index 0000000..5f48c05
--- /dev/null
+++ b/source4/torture/raw/rename.c
@@ -0,0 +1,692 @@
+/* 
+   Unix SMB/CIFS implementation.
+   rename test suite
+   Copyright (C) Andrew Tridgell 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "torture/raw/proto.h"
+
+#define CHECK_STATUS(status, correct) do { \
+	if (!NT_STATUS_EQUAL(status, correct)) { \
+		torture_result(tctx, TORTURE_FAIL, \
+			"(%s) Incorrect status %s - should be %s\n", \
+			__location__, nt_errstr(status), nt_errstr(correct)); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+#define CHECK_VALUE(v, correct) do { \
+	if ((v) != (correct)) { \
+		torture_result(tctx, TORTURE_FAIL, \
+			"(%s) Incorrect %s %d - should be %d\n", \
+			__location__, #v, (int)v, (int)correct); \
+		ret = false; \
+	}} while (0)
+
+#define BASEDIR "\\testrename"
+
+/*
+  test SMBmv ops
+*/
+static bool test_mv(struct torture_context *tctx, 
+					struct smbcli_state *cli)
+{
+	union smb_rename io;
+	NTSTATUS status;
+	bool ret = true;
+	int fnum = -1;
+	const char *fname1 = BASEDIR "\\test1.txt";
+	const char *fname2 = BASEDIR "\\test2.txt";
+	const char *Fname1 = BASEDIR "\\Test1.txt";
+	union smb_fileinfo finfo;
+	union smb_open op;
+
+	torture_comment(tctx, "Testing SMBmv\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	torture_comment(tctx, "Trying simple rename\n");
+
+	op.generic.level = RAW_OPEN_NTCREATEX;
+	op.ntcreatex.in.root_fid.fnum = 0;
+	op.ntcreatex.in.flags = 0;
+	op.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	op.ntcreatex.in.create_options = 0;
+	op.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	op.ntcreatex.in.share_access = 
+		NTCREATEX_SHARE_ACCESS_READ | 
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	op.ntcreatex.in.alloc_size = 0;
+	op.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	op.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	op.ntcreatex.in.security_flags = 0;
+	op.ntcreatex.in.fname = fname1;
+
+	status = smb_raw_open(cli->tree, tctx, &op);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = op.ntcreatex.out.file.fnum;
+
+	io.generic.level = RAW_RENAME_RENAME;
+	io.rename.in.pattern1 = fname1;
+	io.rename.in.pattern2 = fname2;
+	io.rename.in.attrib = 0;
+	
+	torture_comment(tctx, "trying rename while first file open\n");
+	status = smb_raw_rename(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_SHARING_VIOLATION);
+
+	smbcli_close(cli->tree, fnum);
+
+	op.ntcreatex.in.access_mask = SEC_FILE_READ_DATA;
+	op.ntcreatex.in.share_access = 
+		NTCREATEX_SHARE_ACCESS_DELETE | 
+		NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	status = smb_raw_open(cli->tree, tctx, &op);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = op.ntcreatex.out.file.fnum;
+
+	torture_comment(tctx, "trying rename while first file open with SHARE_ACCESS_DELETE\n");
+	status = smb_raw_rename(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	io.rename.in.pattern1 = fname2;
+	io.rename.in.pattern2 = fname1;
+	status = smb_raw_rename(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "Trying case-changing rename\n");
+	io.rename.in.pattern1 = fname1;
+	io.rename.in.pattern2 = Fname1;
+	status = smb_raw_rename(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	finfo.generic.level = RAW_FILEINFO_ALL_INFO;
+	finfo.all_info.in.file.path = fname1;
+	status = smb_raw_pathinfo(cli->tree, tctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	if (strcmp(finfo.all_info.out.fname.s, Fname1) != 0) {
+		torture_warning(tctx, "(%s) Incorrect filename [%s] after case-changing "
+		       "rename, should be [%s]\n", __location__,
+		       finfo.all_info.out.fname.s, Fname1);
+	}
+
+	io.rename.in.pattern1 = fname1;
+	io.rename.in.pattern2 = fname2;
+
+	torture_comment(tctx, "trying rename while not open\n");
+	smb_raw_exit(cli->session);
+	status = smb_raw_rename(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	
+	torture_comment(tctx, "Trying self rename\n");
+	io.rename.in.pattern1 = fname2;
+	io.rename.in.pattern2 = fname2;
+	status = smb_raw_rename(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	io.rename.in.pattern1 = fname1;
+	io.rename.in.pattern2 = fname1;
+	status = smb_raw_rename(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+done:
+	smbcli_close(cli->tree, fnum);
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+
+static bool test_osxrename(struct torture_context *tctx,
+			   struct smbcli_state *cli)
+{
+	union smb_rename io;
+	union smb_unlink io_un;
+	NTSTATUS status;
+	bool ret = true;
+	int fnum = -1;
+	const char *fname1 = BASEDIR "\\test1";
+	const char *FNAME1 = BASEDIR "\\TEST1";
+	union smb_fileinfo finfo;
+	union smb_open op;
+
+	torture_comment(tctx, "\nTesting OSX Rename\n");
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+	op.generic.level = RAW_OPEN_NTCREATEX;
+	op.ntcreatex.in.root_fid.fnum = 0;
+	op.ntcreatex.in.flags = 0;
+	op.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	op.ntcreatex.in.create_options = 0;
+	op.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	op.ntcreatex.in.share_access =
+		NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	op.ntcreatex.in.alloc_size = 0;
+	op.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	op.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	op.ntcreatex.in.security_flags = 0;
+	op.ntcreatex.in.fname = fname1;
+
+	status = smb_raw_open(cli->tree, tctx, &op);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = op.ntcreatex.out.file.fnum;
+
+	io.generic.level = RAW_RENAME_RENAME;
+	io.rename.in.attrib = 0;
+
+	smbcli_close(cli->tree, fnum);
+
+	/* Rename by changing case. First check for the
+	 * existence of the file with the "newname".
+	 * If we find one and both the output and input are same case,
+	 * delete it. */
+
+	torture_comment(tctx, "Checking os X rename (case changing)\n");
+
+	finfo.generic.level = RAW_FILEINFO_ALL_INFO;
+	finfo.all_info.in.file.path = FNAME1;
+	torture_comment(tctx, "Looking for file %s \n",FNAME1);
+	status = smb_raw_pathinfo(cli->tree, tctx, &finfo);
+
+	if (NT_STATUS_EQUAL(status, NT_STATUS_OK)) {
+		torture_comment(tctx, "Name of the file found %s \n", finfo.all_info.out.fname.s);
+		if (strcmp(finfo.all_info.out.fname.s, finfo.all_info.in.file.path) == 0) {
+			/* If file is found with the same case delete it */
+			torture_comment(tctx, "Deleting File %s \n", finfo.all_info.out.fname.s);
+			io_un.unlink.in.pattern = finfo.all_info.out.fname.s;
+			io_un.unlink.in.attrib = 0;
+			status = smb_raw_unlink(cli->tree, &io_un);
+			CHECK_STATUS(status, NT_STATUS_OK);
+		}
+	}
+
+	io.rename.in.pattern1 = fname1;
+	io.rename.in.pattern2 = FNAME1;
+	status = smb_raw_rename(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	finfo.generic.level = RAW_FILEINFO_ALL_INFO;
+	finfo.all_info.in.file.path = fname1;
+	status = smb_raw_pathinfo(cli->tree, tctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	torture_comment(tctx, "File name after rename %s \n",finfo.all_info.out.fname.s);
+
+done:
+	smbcli_close(cli->tree, fnum);
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+/*
+  test SMBntrename ops
+*/
+static bool test_ntrename(struct torture_context *tctx, 
+						  struct smbcli_state *cli)
+{
+	union smb_rename io;
+	NTSTATUS status;
+	bool ret = true;
+	int fnum, i;
+	const char *fname1 = BASEDIR "\\test1.txt";
+	const char *fname2 = BASEDIR "\\test2.txt";
+	union smb_fileinfo finfo;
+
+	torture_comment(tctx, "Testing SMBntrename\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	torture_comment(tctx, "Trying simple rename\n");
+
+	fnum = create_complex_file(cli, tctx, fname1);
+	
+	io.generic.level = RAW_RENAME_NTRENAME;
+	io.ntrename.in.old_name = fname1;
+	io.ntrename.in.new_name = fname2;
+	io.ntrename.in.attrib = 0;
+	io.ntrename.in.cluster_size = 0;
+	io.ntrename.in.flags = RENAME_FLAG_RENAME;
+	
+	status = smb_raw_rename(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_SHARING_VIOLATION);
+	
+	smbcli_close(cli->tree, fnum);
+	status = smb_raw_rename(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "Trying self rename\n");
+	io.ntrename.in.old_name = fname2;
+	io.ntrename.in.new_name = fname2;
+	status = smb_raw_rename(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	io.ntrename.in.old_name = fname1;
+	io.ntrename.in.new_name = fname1;
+	status = smb_raw_rename(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	torture_comment(tctx, "trying wildcard rename\n");
+	io.ntrename.in.old_name = BASEDIR "\\*.txt";
+	io.ntrename.in.new_name = fname1;
+	
+	status = smb_raw_rename(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_PATH_SYNTAX_BAD);
+
+	torture_comment(tctx, "Checking attrib handling\n");
+	torture_set_file_attribute(cli->tree, fname2, FILE_ATTRIBUTE_HIDDEN);
+	io.ntrename.in.old_name = fname2;
+	io.ntrename.in.new_name = fname1;
+	io.ntrename.in.attrib = 0;
+	status = smb_raw_rename(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_NO_SUCH_FILE);
+
+	io.ntrename.in.attrib = FILE_ATTRIBUTE_HIDDEN;
+	status = smb_raw_rename(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_set_file_attribute(cli->tree, fname1, FILE_ATTRIBUTE_NORMAL);
+
+	torture_comment(tctx, "Checking hard link\n");
+	io.ntrename.in.old_name = fname1;
+	io.ntrename.in.new_name = fname2;
+	io.ntrename.in.attrib = 0;
+	io.ntrename.in.flags = RENAME_FLAG_HARD_LINK;
+	status = smb_raw_rename(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_set_file_attribute(cli->tree, fname1, FILE_ATTRIBUTE_SYSTEM);
+
+	finfo.generic.level = RAW_FILEINFO_ALL_INFO;
+	finfo.generic.in.file.path = fname2;
+	status = smb_raw_pathinfo(cli->tree, tctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(finfo.all_info.out.nlink, 2);
+	CHECK_VALUE(finfo.all_info.out.attrib, FILE_ATTRIBUTE_SYSTEM);
+
+	finfo.generic.in.file.path = fname1;
+	status = smb_raw_pathinfo(cli->tree, tctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(finfo.all_info.out.nlink, 2);
+	CHECK_VALUE(finfo.all_info.out.attrib, FILE_ATTRIBUTE_SYSTEM);
+
+	torture_set_file_attribute(cli->tree, fname1, FILE_ATTRIBUTE_NORMAL);
+
+	smbcli_unlink(cli->tree, fname2);
+
+	finfo.generic.in.file.path = fname1;
+	status = smb_raw_pathinfo(cli->tree, tctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(finfo.all_info.out.nlink, 1);
+	CHECK_VALUE(finfo.all_info.out.attrib, FILE_ATTRIBUTE_NORMAL);
+
+	torture_comment(tctx, "Checking copy\n");
+	io.ntrename.in.old_name = fname1;
+	io.ntrename.in.new_name = fname2;
+	io.ntrename.in.attrib = 0;
+	io.ntrename.in.flags = RENAME_FLAG_COPY;
+	status = smb_raw_rename(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	finfo.generic.level = RAW_FILEINFO_ALL_INFO;
+	finfo.generic.in.file.path = fname1;
+	status = smb_raw_pathinfo(cli->tree, tctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(finfo.all_info.out.nlink, 1);
+	CHECK_VALUE(finfo.all_info.out.attrib, FILE_ATTRIBUTE_NORMAL);
+
+	finfo.generic.level = RAW_FILEINFO_ALL_INFO;
+	finfo.generic.in.file.path = fname2;
+	status = smb_raw_pathinfo(cli->tree, tctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(finfo.all_info.out.nlink, 1);
+	CHECK_VALUE(finfo.all_info.out.attrib, FILE_ATTRIBUTE_NORMAL);
+
+	torture_set_file_attribute(cli->tree, fname1, FILE_ATTRIBUTE_SYSTEM);
+
+	finfo.generic.level = RAW_FILEINFO_ALL_INFO;
+	finfo.generic.in.file.path = fname2;
+	status = smb_raw_pathinfo(cli->tree, tctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(finfo.all_info.out.nlink, 1);
+	CHECK_VALUE(finfo.all_info.out.attrib, FILE_ATTRIBUTE_NORMAL);
+
+	finfo.generic.in.file.path = fname1;
+	status = smb_raw_pathinfo(cli->tree, tctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(finfo.all_info.out.nlink, 1);
+	CHECK_VALUE(finfo.all_info.out.attrib, FILE_ATTRIBUTE_SYSTEM);
+
+	torture_set_file_attribute(cli->tree, fname1, FILE_ATTRIBUTE_NORMAL);
+
+	smbcli_unlink(cli->tree, fname2);
+
+	finfo.generic.in.file.path = fname1;
+	status = smb_raw_pathinfo(cli->tree, tctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(finfo.all_info.out.nlink, 1);
+
+	torture_comment(tctx, "Checking invalid flags\n");
+	io.ntrename.in.old_name = fname1;
+	io.ntrename.in.new_name = fname2;
+	io.ntrename.in.attrib = 0;
+	io.ntrename.in.flags = 0;
+	status = smb_raw_rename(cli->tree, &io);
+	if (TARGET_IS_WIN7(tctx)) {
+		CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+	} else {
+		CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+	}
+
+	io.ntrename.in.flags = 300;
+	status = smb_raw_rename(cli->tree, &io);
+	if (TARGET_IS_WIN7(tctx)) {
+		CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+	} else {
+		CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+	}
+
+	io.ntrename.in.flags = 0x106;
+	status = smb_raw_rename(cli->tree, &io);
+	if (TARGET_IS_WIN7(tctx)) {
+		CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+	} else {
+		CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+	}
+
+	torture_comment(tctx, "Checking unknown field\n");
+	io.ntrename.in.old_name = fname1;
+	io.ntrename.in.new_name = fname2;
+	io.ntrename.in.attrib = 0;
+	io.ntrename.in.flags = RENAME_FLAG_RENAME;
+	io.ntrename.in.cluster_size = 0xff;
+	status = smb_raw_rename(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "Trying RENAME_FLAG_MOVE_CLUSTER_INFORMATION\n");
+
+	io.ntrename.in.old_name = fname2;
+	io.ntrename.in.new_name = fname1;
+	io.ntrename.in.attrib = 0;
+	io.ntrename.in.flags = RENAME_FLAG_MOVE_CLUSTER_INFORMATION;
+	io.ntrename.in.cluster_size = 1;
+	status = smb_raw_rename(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	io.ntrename.in.flags = RENAME_FLAG_COPY;
+	status = smb_raw_rename(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+#if 0
+	{
+		char buf[16384];
+		fnum = smbcli_open(cli->tree, fname1, O_RDWR, DENY_NONE);
+		memset(buf, 1, sizeof(buf));
+		smbcli_write(cli->tree, fnum, 0, buf, 0, sizeof(buf));
+		smbcli_close(cli->tree, fnum);
+
+		fnum = smbcli_open(cli->tree, fname2, O_RDWR, DENY_NONE);
+		memset(buf, 1, sizeof(buf));
+		smbcli_write(cli->tree, fnum, 0, buf, 0, sizeof(buf)-1);
+		smbcli_close(cli->tree, fnum);
+
+		torture_all_info(cli->tree, fname1);
+		torture_all_info(cli->tree, fname2);
+	}
+	
+
+	io.ntrename.in.flags = RENAME_FLAG_MOVE_CLUSTER_INFORMATION;
+	status = smb_raw_rename(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	for (i=0;i<20000;i++) {
+		io.ntrename.in.cluster_size = i;
+		status = smb_raw_rename(cli->tree, &io);
+		if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
+			torture_warning(tctx, "i=%d status=%s\n", i, nt_errstr(status));
+		}
+	}
+#endif
+
+	torture_comment(tctx, "Checking other flags\n");
+
+	for (i=0;i<0xFFF;i++) {
+		if (i == RENAME_FLAG_RENAME ||
+		    i == RENAME_FLAG_HARD_LINK ||
+		    i == RENAME_FLAG_COPY) {
+			continue;
+		}
+
+		io.ntrename.in.old_name = fname2;
+		io.ntrename.in.new_name = fname1;
+		io.ntrename.in.flags = i;
+		io.ntrename.in.attrib = 0;
+		io.ntrename.in.cluster_size = 0;
+		status = smb_raw_rename(cli->tree, &io);
+		if (TARGET_IS_WIN7(tctx)){
+			if (!NT_STATUS_EQUAL(status,
+					     NT_STATUS_INVALID_PARAMETER)) {
+				torture_warning(tctx, "flags=0x%x status=%s\n",
+						i, nt_errstr(status));
+			}
+		} else {
+			if (!NT_STATUS_EQUAL(status,
+					     NT_STATUS_ACCESS_DENIED)) {
+				torture_warning(tctx, "flags=0x%x status=%s\n",
+						i, nt_errstr(status));
+			}
+		}
+	}
+	
+done:
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+/*
+  test dir rename.
+*/
+static bool test_dir_rename(struct torture_context *tctx, struct smbcli_state *cli)
+{
+        union smb_open io;
+	union smb_rename ren_io;
+	NTSTATUS status;
+        const char *dname1 = BASEDIR "\\dir_for_rename";
+        const char *dname2 = BASEDIR "\\renamed_dir";
+        const char *dname1_long = BASEDIR "\\dir_for_rename_long";
+        const char *fname = BASEDIR "\\dir_for_rename\\file.txt";
+	const char *sname = BASEDIR "\\renamed_dir:a stream:$DATA";
+	bool ret = true;
+	int fnum = -1;
+
+	torture_comment(tctx, "Checking rename on a directory containing an open file.\n");
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+        /* create a directory */
+        smbcli_rmdir(cli->tree, dname1);
+        smbcli_rmdir(cli->tree, dname2);
+        smbcli_rmdir(cli->tree, dname1_long);
+        smbcli_unlink(cli->tree, dname1);
+        smbcli_unlink(cli->tree, dname2);
+        smbcli_unlink(cli->tree, dname1_long);
+
+        ZERO_STRUCT(io);
+        io.generic.level = RAW_OPEN_NTCREATEX;
+        io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+        io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+        io.ntcreatex.in.alloc_size = 0;
+        io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+        io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+        io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+        io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+        io.ntcreatex.in.fname = dname1;
+        status = smb_raw_open(cli->tree, tctx, &io);
+        CHECK_STATUS(status, NT_STATUS_OK);
+
+        fnum = io.ntcreatex.out.file.fnum;
+	smbcli_close(cli->tree, fnum);
+
+        /* create the longname directory */
+        io.ntcreatex.in.fname = dname1_long;
+        status = smb_raw_open(cli->tree, tctx, &io);
+        CHECK_STATUS(status, NT_STATUS_OK);
+
+        fnum = io.ntcreatex.out.file.fnum;
+	smbcli_close(cli->tree, fnum);
+
+        /* Now create and hold open a file. */
+        ZERO_STRUCT(io);
+
+        io.generic.level = RAW_OPEN_NTCREATEX;
+        io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
+        io.ntcreatex.in.root_fid.fnum = 0;
+        io.ntcreatex.in.alloc_size = 0;
+        io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+        io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+        io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE | NTCREATEX_SHARE_ACCESS_DELETE;
+        io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+        io.ntcreatex.in.create_options = 0;
+        io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+        io.ntcreatex.in.security_flags = 0;
+        io.ntcreatex.in.fname = fname;
+
+        /* Create the file. */
+
+        status = smb_raw_open(cli->tree, tctx, &io);
+        CHECK_STATUS(status, NT_STATUS_OK);
+        fnum = io.ntcreatex.out.file.fnum;
+
+        /* Now try and rename the directory. */
+
+        ZERO_STRUCT(ren_io);
+	ren_io.generic.level = RAW_RENAME_RENAME;
+	ren_io.rename.in.pattern1 = dname1;
+	ren_io.rename.in.pattern2 = dname2;
+	ren_io.rename.in.attrib = 0;
+	
+	status = smb_raw_rename(cli->tree, &ren_io);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	/* Close the file and try the rename. */
+	smbcli_close(cli->tree, fnum);
+
+	status = smb_raw_rename(cli->tree, &ren_io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * Now try just holding a second handle on the directory and holding
+	 * it open across a rename.  This should be allowed.
+	 */
+	io.ntcreatex.in.fname = dname2;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+
+	io.ntcreatex.in.access_mask = SEC_STD_READ_CONTROL |
+	    SEC_FILE_READ_ATTRIBUTE | SEC_FILE_READ_EA | SEC_FILE_READ_DATA;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+        CHECK_STATUS(status, NT_STATUS_OK);
+        fnum = io.ntcreatex.out.file.fnum;
+
+	ren_io.generic.level = RAW_RENAME_RENAME;
+	ren_io.rename.in.pattern1 = dname2;
+	ren_io.rename.in.pattern2 = dname1;
+	ren_io.rename.in.attrib = 0;
+
+	status = smb_raw_rename(cli->tree, &ren_io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* close our handle to the directory. */
+	smbcli_close(cli->tree, fnum);
+
+	/* Open a handle on the long name, and then
+	 * try a rename. This would catch a regression
+	 * in bug #6781.
+	 */
+	io.ntcreatex.in.fname = dname1_long;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+
+	io.ntcreatex.in.access_mask = SEC_STD_READ_CONTROL |
+	    SEC_FILE_READ_ATTRIBUTE | SEC_FILE_READ_EA | SEC_FILE_READ_DATA;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+        CHECK_STATUS(status, NT_STATUS_OK);
+        fnum = io.ntcreatex.out.file.fnum;
+
+	ren_io.generic.level = RAW_RENAME_RENAME;
+	ren_io.rename.in.pattern1 = dname1;
+	ren_io.rename.in.pattern2 = dname2;
+	ren_io.rename.in.attrib = 0;
+
+	status = smb_raw_rename(cli->tree, &ren_io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* close our handle to the longname directory. */
+	smbcli_close(cli->tree, fnum);
+
+	/*
+	 * Now try opening a stream on the directory and holding it open
+	 * across a rename.  This should be allowed.
+	 */
+	io.ntcreatex.in.fname = sname;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+        CHECK_STATUS(status, NT_STATUS_OK);
+        fnum = io.ntcreatex.out.file.fnum;
+
+	ren_io.generic.level = RAW_RENAME_RENAME;
+	ren_io.rename.in.pattern1 = dname2;
+	ren_io.rename.in.pattern2 = dname1;
+	ren_io.rename.in.attrib = 0;
+
+	status = smb_raw_rename(cli->tree, &ren_io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+done:
+
+	if (fnum != -1) {
+		smbcli_close(cli->tree, fnum);
+	}
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+extern bool test_trans2rename(struct torture_context *tctx, struct smbcli_state *cli1, struct smbcli_state *cli2);
+extern bool test_nttransrename(struct torture_context *tctx, struct smbcli_state *cli1);
+
+/* 
+   basic testing of rename calls
+*/
+struct torture_suite *torture_raw_rename(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "rename");
+
+	torture_suite_add_1smb_test(suite, "mv", test_mv);
+	/* test_trans2rename and test_nttransrename are actually in torture/raw/oplock.c to
+	   use the handlers and macros there. */
+	torture_suite_add_2smb_test(suite, "trans2rename", test_trans2rename);
+	torture_suite_add_1smb_test(suite, "nttransrename", test_nttransrename);
+	torture_suite_add_1smb_test(suite, "ntrename", test_ntrename);
+	torture_suite_add_1smb_test(suite, "osxrename", test_osxrename);
+	torture_suite_add_1smb_test(suite, "directory rename", test_dir_rename);
+
+	return suite;
+}
diff --git a/source4/torture/raw/samba3hide.c b/source4/torture/raw/samba3hide.c
new file mode 100644
index 0000000..d28f91e
--- /dev/null
+++ b/source4/torture/raw/samba3hide.c
@@ -0,0 +1,326 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Test samba3 hide unreadable/unwriteable
+   Copyright (C) Volker Lendecke 2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/time.h"
+#include "system/filesys.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "torture/raw/proto.h"
+
+static void init_unixinfo_nochange(union smb_setfileinfo *info)
+{
+	ZERO_STRUCTP(info);
+	info->unix_basic.level = RAW_SFILEINFO_UNIX_BASIC;
+	info->unix_basic.in.mode = SMB_MODE_NO_CHANGE;
+
+	info->unix_basic.in.end_of_file = SMB_SIZE_NO_CHANGE_HI;
+	info->unix_basic.in.end_of_file <<= 32;
+	info->unix_basic.in.end_of_file |= SMB_SIZE_NO_CHANGE_LO;
+	
+	info->unix_basic.in.num_bytes = SMB_SIZE_NO_CHANGE_HI;
+	info->unix_basic.in.num_bytes <<= 32;
+	info->unix_basic.in.num_bytes |= SMB_SIZE_NO_CHANGE_LO;
+	
+	info->unix_basic.in.status_change_time = SMB_TIME_NO_CHANGE_HI;
+	info->unix_basic.in.status_change_time <<= 32;
+	info->unix_basic.in.status_change_time |= SMB_TIME_NO_CHANGE_LO;
+
+	info->unix_basic.in.access_time = SMB_TIME_NO_CHANGE_HI;
+	info->unix_basic.in.access_time <<= 32;
+	info->unix_basic.in.access_time |= SMB_TIME_NO_CHANGE_LO;
+
+	info->unix_basic.in.change_time = SMB_TIME_NO_CHANGE_HI;
+	info->unix_basic.in.change_time <<= 32;
+	info->unix_basic.in.change_time |= SMB_TIME_NO_CHANGE_LO;
+
+	info->unix_basic.in.uid = SMB_UID_NO_CHANGE;
+	info->unix_basic.in.gid = SMB_GID_NO_CHANGE;
+}
+
+struct list_state {
+	const char *fname;
+	bool visible;
+};
+
+static void set_visible(struct clilist_file_info *i, const char *mask,
+			void *priv)
+{
+	struct list_state *state = (struct list_state *)priv;
+
+	if (strcasecmp_m(state->fname, i->name) == 0)
+		state->visible = true;
+}
+
+static bool is_visible(struct smbcli_tree *tree, const char *fname)
+{
+	struct list_state state;
+
+	state.visible = false;
+	state.fname = fname;
+
+	if (smbcli_list(tree, "*.*", 0, set_visible, &state) < 0) {
+		return false;
+	}
+	return state.visible;
+}
+
+static bool is_readable(struct smbcli_tree *tree, const char *fname)
+{
+	int fnum;
+	fnum = smbcli_open(tree, fname, O_RDONLY, DENY_NONE);
+	if (fnum < 0) {
+		return false;
+	}
+	smbcli_close(tree, fnum);
+	return true;
+}
+
+static bool is_writeable(TALLOC_CTX *mem_ctx, struct smbcli_tree *tree,
+			 const char *fname)
+{
+	int fnum;
+	fnum = smbcli_open(tree, fname, O_WRONLY, DENY_NONE);
+	if (fnum < 0) {
+		return false;
+	}
+	smbcli_close(tree, fnum);
+	return true;
+}
+
+/*
+ * This is not an exact method because there's a ton of reasons why a getatr
+ * might fail. But for our purposes it's sufficient.
+ */
+
+static bool smbcli_file_exists(struct smbcli_tree *tree, const char *fname)
+{
+	return NT_STATUS_IS_OK(smbcli_getatr(tree, fname, NULL, NULL, NULL));
+}
+
+static NTSTATUS smbcli_setup_unix(struct smbcli_tree *tree)
+{
+	union smb_fsinfo fsinfo;
+	union smb_setfsinfo set_fsinfo;
+	NTSTATUS status;
+
+	ZERO_STRUCT(fsinfo);
+	ZERO_STRUCT(set_fsinfo);
+
+	fsinfo.generic.level = RAW_QFS_UNIX_INFO;
+	status = smb_raw_fsinfo(tree, NULL, &fsinfo);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("smb_raw_fsinfo failed %s\n",
+			nt_errstr(status));
+		return status;
+	}
+
+	set_fsinfo.generic.level = RAW_SETFS_UNIX_INFO;
+	set_fsinfo.unix_info.in.major_version = fsinfo.unix_info.out.major_version;
+	set_fsinfo.unix_info.in.minor_version = fsinfo.unix_info.out.minor_version;
+	set_fsinfo.unix_info.in.capability = fsinfo.unix_info.out.capability;
+
+	status = smb_raw_setfsinfo(tree, NULL, &set_fsinfo);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("smb_raw_setfsinfo failed %s\n",
+			nt_errstr(status));
+	}
+	return status;
+}
+
+static NTSTATUS smbcli_chmod(struct smbcli_tree *tree, const char *fname,
+			     uint64_t permissions)
+{
+	union smb_setfileinfo sfinfo;
+	init_unixinfo_nochange(&sfinfo);
+	sfinfo.unix_basic.in.file.path = fname;
+	sfinfo.unix_basic.in.permissions = permissions;
+	return smb_raw_setpathinfo(tree, &sfinfo);
+}
+
+bool torture_samba3_hide(struct torture_context *torture, struct smbcli_state *cli)
+{
+	const char *fname = "torture_samba3_hide.txt";
+	int fnum;
+	NTSTATUS status;
+	struct smbcli_tree *hideunread;
+	struct smbcli_tree *hideunwrite;
+
+	status = smbcli_setup_unix(cli->tree);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_fail(torture,
+			talloc_asprintf(torture, "smbcli_setup_unix failed %s\n",
+				nt_errstr(status)));
+	}
+
+	status = torture_second_tcon(torture, cli->session, "hideunread",
+				     &hideunread);
+	torture_assert_ntstatus_ok(torture, status, "second_tcon(hideunread) failed\n");
+
+	status = torture_second_tcon(torture, cli->session, "hideunwrite",
+				     &hideunwrite);
+	torture_assert_ntstatus_ok(torture, status, "second_tcon(hideunwrite) failed\n");
+
+	status = smbcli_unlink(cli->tree, fname);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_CANNOT_DELETE)) {
+		smbcli_setatr(cli->tree, fname, 0, -1);
+		smbcli_unlink(cli->tree, fname);
+	}
+
+	fnum = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	if (fnum == -1) {
+		torture_fail(torture,
+			talloc_asprintf(torture, "Failed to create %s - %s\n", fname, smbcli_errstr(cli->tree)));
+	}
+
+	smbcli_close(cli->tree, fnum);
+
+	if (!smbcli_file_exists(cli->tree, fname)) {
+		torture_fail(torture, talloc_asprintf(torture, "%s does not exist\n", fname));
+	}
+
+	/* R/W file should be visible everywhere */
+
+	status = smbcli_chmod(cli->tree, fname, UNIX_R_USR|UNIX_W_USR);
+	torture_assert_ntstatus_ok(torture, status, "smbcli_chmod failed\n");
+
+	if (!is_writeable(torture, cli->tree, fname)) {
+		torture_fail(torture, "File not writable\n");
+	}
+	if (!is_readable(cli->tree, fname)) {
+		torture_fail(torture, "File not readable\n");
+	}
+	if (!is_visible(cli->tree, fname)) {
+		torture_fail(torture, "r/w file not visible via normal share\n");
+	}
+	if (!is_visible(hideunread, fname)) {
+		torture_fail(torture, "r/w file not visible via hide unreadable\n");
+	}
+	if (!is_visible(hideunwrite, fname)) {
+		torture_fail(torture, "r/w file not visible via hide unwriteable\n");
+	}
+
+	/* R/O file should not be visible via hide unwriteable files */
+
+	status = smbcli_chmod(cli->tree, fname, UNIX_R_USR);
+	torture_assert_ntstatus_ok(torture, status, "smbcli_chmod failed\n");
+
+	if (is_writeable(torture, cli->tree, fname)) {
+		torture_fail(torture, "r/o is writable\n");
+	}
+	if (!is_readable(cli->tree, fname)) {
+		torture_fail(torture, "r/o not readable\n");
+	}
+	if (!is_visible(cli->tree, fname)) {
+		torture_fail(torture, "r/o file not visible via normal share\n");
+	}
+	if (!is_visible(hideunread, fname)) {
+		torture_fail(torture, "r/o file not visible via hide unreadable\n");
+	}
+	if (is_visible(hideunwrite, fname)) {
+		torture_fail(torture, "r/o file visible via hide unwriteable\n");
+	}
+
+	/* inaccessible file should be only visible on normal share */
+
+	status = smbcli_chmod(cli->tree, fname, 0);
+	torture_assert_ntstatus_ok(torture, status, "smbcli_chmod failed\n");
+
+	if (is_writeable(torture, cli->tree, fname)) {
+		torture_fail(torture, "inaccessible file is writable\n");
+	}
+	if (is_readable(cli->tree, fname)) {
+		torture_fail(torture, "inaccessible file is readable\n");
+	}
+	if (!is_visible(cli->tree, fname)) {
+		torture_fail(torture, "inaccessible file not visible via normal share\n");
+	}
+	if (is_visible(hideunread, fname)) {
+		torture_fail(torture, "inaccessible file visible via hide unreadable\n");
+	}
+	if (is_visible(hideunwrite, fname)) {
+		torture_fail(torture, "inaccessible file visible via hide unwriteable\n");
+	}
+
+	smbcli_chmod(cli->tree, fname, UNIX_R_USR|UNIX_W_USR);
+	smbcli_unlink(cli->tree, fname);
+	
+	return true;
+}
+
+/*
+ * Try to force smb_close to return an error. The only way I can think of is
+ * to open a file with delete on close, chmod the parent dir to 000 and then
+ * close. smb_close should return NT_STATUS_ACCESS_DENIED.
+ */
+
+bool torture_samba3_closeerr(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	bool result = false;
+	NTSTATUS status;
+	const char *dname = "closeerr.dir";
+	const char *fname = "closeerr.dir\\closerr.txt";
+	int fnum;
+
+	smbcli_deltree(cli->tree, dname);
+
+	torture_assert_ntstatus_ok(
+		tctx, smbcli_mkdir(cli->tree, dname),
+		talloc_asprintf(tctx, "smbcli_mdir failed: (%s)\n",
+				smbcli_errstr(cli->tree)));
+
+	fnum = smbcli_open(cli->tree, fname, O_CREAT|O_RDWR,
+			    DENY_NONE);
+	torture_assert(tctx, fnum != -1, 
+		       talloc_asprintf(tctx, "smbcli_open failed: %s\n",
+				       smbcli_errstr(cli->tree)));
+	smbcli_close(cli->tree, fnum);
+
+	fnum = smbcli_nt_create_full(cli->tree, fname, 0, 
+				      SEC_RIGHTS_FILE_ALL,
+				      FILE_ATTRIBUTE_NORMAL,
+				      NTCREATEX_SHARE_ACCESS_DELETE,
+				      NTCREATEX_DISP_OPEN, 0, 0);
+
+	torture_assert(tctx, fnum != -1, 
+		       talloc_asprintf(tctx, "smbcli_open failed: %s\n",
+				       smbcli_errstr(cli->tree)));
+
+	status = smbcli_nt_delete_on_close(cli->tree, fnum, true);
+
+	torture_assert_ntstatus_ok(tctx, status, 
+				   "setting delete_on_close on file failed !");
+
+	status = smbcli_chmod(cli->tree, dname, 0);
+
+	torture_assert_ntstatus_ok(tctx, status, 
+				   "smbcli_chmod on file failed !");
+
+	status = smbcli_close(cli->tree, fnum);
+
+	smbcli_chmod(cli->tree, dname, UNIX_R_USR|UNIX_W_USR|UNIX_X_USR);
+	smbcli_deltree(cli->tree, dname);
+
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_ACCESS_DENIED,
+				      "smbcli_close");
+
+	result = true;
+	
+	return result;
+}
diff --git a/source4/torture/raw/samba3misc.c b/source4/torture/raw/samba3misc.c
new file mode 100644
index 0000000..35271aa
--- /dev/null
+++ b/source4/torture/raw/samba3misc.c
@@ -0,0 +1,1137 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Test some misc Samba3 code paths
+   Copyright (C) Volker Lendecke 2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/torture.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "system/time.h"
+#include "system/filesys.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "lib/events/events.h"
+#include "param/param.h"
+#include "torture/raw/proto.h"
+
+/*
+ The next 2 functions are stolen from source4/libcli/raw/rawfile.c
+ but allow us to send a raw data blob instead of an OpenX name.
+*/
+
+#define SETUP_REQUEST(cmd, wct, buflen) do { \
+        req = smbcli_request_setup(tree, cmd, wct, buflen); \
+        if (!req) return NULL; \
+} while (0)
+
+static struct smbcli_request *smb_raw_openX_name_blob_send(struct smbcli_tree *tree,
+					union smb_open *parms,
+					const DATA_BLOB *pname_blob)
+{
+        struct smbcli_request *req = NULL;
+
+	if (parms->generic.level != RAW_OPEN_OPENX) {
+		return NULL;
+	}
+
+	SETUP_REQUEST(SMBopenX, 15, 0);
+	SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
+	SSVAL(req->out.vwv, VWV(1), 0);
+	SSVAL(req->out.vwv, VWV(2), parms->openx.in.flags);
+	SSVAL(req->out.vwv, VWV(3), parms->openx.in.open_mode);
+	SSVAL(req->out.vwv, VWV(4), parms->openx.in.search_attrs);
+	SSVAL(req->out.vwv, VWV(5), parms->openx.in.file_attrs);
+	raw_push_dos_date3(tree->session->transport,
+			req->out.vwv, VWV(6), parms->openx.in.write_time);
+	SSVAL(req->out.vwv, VWV(8), parms->openx.in.open_func);
+	SIVAL(req->out.vwv, VWV(9), parms->openx.in.size);
+	SIVAL(req->out.vwv, VWV(11),parms->openx.in.timeout);
+	SIVAL(req->out.vwv, VWV(13),0); /* reserved */
+	smbcli_req_append_blob(req, pname_blob);
+
+	if (!smbcli_request_send(req)) {
+		smbcli_request_destroy(req);
+		return NULL;
+	}
+
+	return req;
+}
+
+static NTSTATUS smb_raw_openX_name_blob(struct smbcli_tree *tree,
+			TALLOC_CTX *mem_ctx,
+			union smb_open *parms,
+			const DATA_BLOB *pname_blob)
+{
+	struct smbcli_request *req = smb_raw_openX_name_blob_send(tree, parms, pname_blob);
+	return smb_raw_open_recv(req, mem_ctx, parms);
+}
+
+static NTSTATUS raw_smbcli_openX_name_blob(struct smbcli_tree *tree,
+				const DATA_BLOB *pname_blob,
+				int flags,
+				int share_mode,
+				int *fnum)
+{
+        union smb_open open_parms;
+        unsigned int openfn=0;
+        unsigned int accessmode=0;
+        TALLOC_CTX *mem_ctx;
+        NTSTATUS status;
+
+        mem_ctx = talloc_init("raw_openX_name_blob");
+        if (!mem_ctx) return NT_STATUS_NO_MEMORY;
+
+        if (flags & O_CREAT) {
+                openfn |= OPENX_OPEN_FUNC_CREATE;
+        }
+        if (!(flags & O_EXCL)) {
+                if (flags & O_TRUNC) {
+                        openfn |= OPENX_OPEN_FUNC_TRUNC;
+                } else {
+                        openfn |= OPENX_OPEN_FUNC_OPEN;
+                }
+        }
+
+        accessmode = (share_mode<<OPENX_MODE_DENY_SHIFT);
+
+        if ((flags & O_ACCMODE) == O_RDWR) {
+                accessmode |= OPENX_MODE_ACCESS_RDWR;
+        } else if ((flags & O_ACCMODE) == O_WRONLY) {
+                accessmode |= OPENX_MODE_ACCESS_WRITE;
+        } else if ((flags & O_ACCMODE) == O_RDONLY) {
+                accessmode |= OPENX_MODE_ACCESS_READ;
+	}
+
+#if defined(O_SYNC)
+        if ((flags & O_SYNC) == O_SYNC) {
+                accessmode |= OPENX_MODE_WRITE_THRU;
+        }
+#endif
+
+        if (share_mode == DENY_FCB) {
+                accessmode = OPENX_MODE_ACCESS_FCB | OPENX_MODE_DENY_FCB;
+        }
+
+        open_parms.openx.level = RAW_OPEN_OPENX;
+        open_parms.openx.in.flags = 0;
+        open_parms.openx.in.open_mode = accessmode;
+        open_parms.openx.in.search_attrs = FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN;
+        open_parms.openx.in.file_attrs = 0;
+        open_parms.openx.in.write_time = 0;
+        open_parms.openx.in.open_func = openfn;
+        open_parms.openx.in.size = 0;
+        open_parms.openx.in.timeout = 0;
+        open_parms.openx.in.fname = NULL;
+
+        status = smb_raw_openX_name_blob(tree, mem_ctx, &open_parms, pname_blob);
+        talloc_free(mem_ctx);
+
+        if (fnum && NT_STATUS_IS_OK(status)) {
+                *fnum = open_parms.openx.out.file.fnum;
+        }
+
+        return status;
+}
+
+
+#define CHECK_STATUS(torture, status, correct) do {	\
+	if (!NT_STATUS_EQUAL(status, correct)) { \
+		torture_result(torture, TORTURE_FAIL, "%s: Incorrect status %s - should be %s\n", \
+		       __location__, nt_errstr(status), nt_errstr(correct)); \
+		ret = false; \
+	} \
+} while (0)
+
+bool torture_samba3_checkfsp(struct torture_context *torture, struct smbcli_state *cli)
+{
+	const char *fname = "test.txt";
+	const char *dirname = "testdir";
+	int fnum;
+	NTSTATUS status;
+	bool ret = true;
+	TALLOC_CTX *mem_ctx;
+	ssize_t nread;
+	char buf[16];
+	struct smbcli_tree *tree2;
+
+	torture_assert(torture, mem_ctx = talloc_init("torture_samba3_checkfsp"), "talloc_init failed\n");
+
+	torture_assert_ntstatus_equal(torture, torture_second_tcon(torture, cli->session,
+								   torture_setting_string(torture, "share", NULL),
+								   &tree2), 
+				      NT_STATUS_OK,
+				      "creating second tcon");
+
+	/* Try a read on an invalid FID */
+
+	nread = smbcli_read(cli->tree, 4711, buf, 0, sizeof(buf));
+	CHECK_STATUS(torture, smbcli_nt_error(cli->tree), NT_STATUS_INVALID_HANDLE);
+
+	/* Try a read on a directory handle */
+
+	torture_assert(torture, torture_setup_dir(cli, dirname), "creating test directory");
+
+	/* Open the directory */
+	{
+		union smb_open io;
+		io.generic.level = RAW_OPEN_NTCREATEX;
+		io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
+		io.ntcreatex.in.root_fid.fnum = 0;
+		io.ntcreatex.in.security_flags = 0;
+		io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+		io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+		io.ntcreatex.in.alloc_size = 0;
+		io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_DIRECTORY;
+		io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+		io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+		io.ntcreatex.in.create_options = 0;
+		io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+		io.ntcreatex.in.fname = dirname;
+		status = smb_raw_open(cli->tree, mem_ctx, &io);
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_result(torture, TORTURE_FAIL, "smb_open on the directory failed: %s\n",
+				 nt_errstr(status));
+			ret = false;
+			goto done;
+		}
+		fnum = io.ntcreatex.out.file.fnum;
+	}
+
+	/* Try a read on the directory */
+
+	nread = smbcli_read(cli->tree, fnum, buf, 0, sizeof(buf));
+	if (nread >= 0) {
+		torture_result(torture, TORTURE_FAIL, "smbcli_read on a directory succeeded, expected "
+			 "failure\n");
+		ret = false;
+	}
+
+	CHECK_STATUS(torture, smbcli_nt_error(cli->tree),
+		     NT_STATUS_INVALID_DEVICE_REQUEST);
+
+	/* Same test on the second tcon */
+
+	nread = smbcli_read(tree2, fnum, buf, 0, sizeof(buf));
+	if (nread >= 0) {
+		torture_result(torture, TORTURE_FAIL, "smbcli_read on a directory succeeded, expected "
+			 "failure\n");
+		ret = false;
+	}
+
+	CHECK_STATUS(torture, smbcli_nt_error(tree2), NT_STATUS_INVALID_HANDLE);
+
+	smbcli_close(cli->tree, fnum);
+
+	/* Try a normal file read on a second tcon */
+
+	fnum = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	if (fnum == -1) {
+		torture_result(torture, TORTURE_FAIL, "Failed to create %s - %s\n", fname,
+			 smbcli_errstr(cli->tree));
+		ret = false;
+		goto done;
+	}
+
+	nread = smbcli_read(tree2, fnum, buf, 0, sizeof(buf));
+	CHECK_STATUS(torture, smbcli_nt_error(tree2), NT_STATUS_INVALID_HANDLE);
+
+	smbcli_close(cli->tree, fnum);
+
+ done:
+	smbcli_deltree(cli->tree, dirname);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+static NTSTATUS raw_smbcli_open(struct smbcli_tree *tree, const char *fname, int flags, int share_mode, int *fnum)
+{
+        union smb_open open_parms;
+        unsigned int openfn=0;
+        unsigned int accessmode=0;
+        TALLOC_CTX *mem_ctx;
+        NTSTATUS status;
+
+        mem_ctx = talloc_init("raw_open");
+        if (!mem_ctx) return NT_STATUS_NO_MEMORY;
+
+        if (flags & O_CREAT) {
+                openfn |= OPENX_OPEN_FUNC_CREATE;
+        }
+        if (!(flags & O_EXCL)) {
+                if (flags & O_TRUNC) {
+                        openfn |= OPENX_OPEN_FUNC_TRUNC;
+                } else {
+                        openfn |= OPENX_OPEN_FUNC_OPEN;
+                }
+        }
+
+        accessmode = (share_mode<<OPENX_MODE_DENY_SHIFT);
+
+        if ((flags & O_ACCMODE) == O_RDWR) {
+                accessmode |= OPENX_MODE_ACCESS_RDWR;
+        } else if ((flags & O_ACCMODE) == O_WRONLY) {
+                accessmode |= OPENX_MODE_ACCESS_WRITE;
+        } else if ((flags & O_ACCMODE) == O_RDONLY) {
+                accessmode |= OPENX_MODE_ACCESS_READ;
+	}
+
+#if defined(O_SYNC)
+        if ((flags & O_SYNC) == O_SYNC) {
+                accessmode |= OPENX_MODE_WRITE_THRU;
+        }
+#endif
+
+        if (share_mode == DENY_FCB) {
+                accessmode = OPENX_MODE_ACCESS_FCB | OPENX_MODE_DENY_FCB;
+        }
+
+        open_parms.openx.level = RAW_OPEN_OPENX;
+        open_parms.openx.in.flags = 0;
+        open_parms.openx.in.open_mode = accessmode;
+        open_parms.openx.in.search_attrs = FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN;
+        open_parms.openx.in.file_attrs = 0;
+        open_parms.openx.in.write_time = 0;
+        open_parms.openx.in.open_func = openfn;
+        open_parms.openx.in.size = 0;
+        open_parms.openx.in.timeout = 0;
+        open_parms.openx.in.fname = fname;
+
+        status = smb_raw_open(tree, mem_ctx, &open_parms);
+        talloc_free(mem_ctx);
+
+        if (fnum && NT_STATUS_IS_OK(status)) {
+                *fnum = open_parms.openx.out.file.fnum;
+        }
+
+        return status;
+}
+
+static NTSTATUS raw_smbcli_t2open(struct smbcli_tree *tree, const char *fname, int flags, int share_mode, int *fnum)
+{
+        union smb_open io;
+        unsigned int openfn=0;
+        unsigned int accessmode=0;
+        TALLOC_CTX *mem_ctx;
+        NTSTATUS status;
+
+        mem_ctx = talloc_init("raw_t2open");
+        if (!mem_ctx) return NT_STATUS_NO_MEMORY;
+
+        if (flags & O_CREAT) {
+                openfn |= OPENX_OPEN_FUNC_CREATE;
+        }
+        if (!(flags & O_EXCL)) {
+                if (flags & O_TRUNC) {
+                        openfn |= OPENX_OPEN_FUNC_TRUNC;
+                } else {
+                        openfn |= OPENX_OPEN_FUNC_OPEN;
+                }
+        }
+
+        accessmode = (share_mode<<OPENX_MODE_DENY_SHIFT);
+
+        if ((flags & O_ACCMODE) == O_RDWR) {
+                accessmode |= OPENX_MODE_ACCESS_RDWR;
+        } else if ((flags & O_ACCMODE) == O_WRONLY) {
+                accessmode |= OPENX_MODE_ACCESS_WRITE;
+        } else if ((flags & O_ACCMODE) == O_RDONLY) {
+                accessmode |= OPENX_MODE_ACCESS_READ;
+	}
+
+#if defined(O_SYNC)
+        if ((flags & O_SYNC) == O_SYNC) {
+                accessmode |= OPENX_MODE_WRITE_THRU;
+        }
+#endif
+
+        if (share_mode == DENY_FCB) {
+                accessmode = OPENX_MODE_ACCESS_FCB | OPENX_MODE_DENY_FCB;
+        }
+
+	memset(&io, '\0', sizeof(io));
+        io.t2open.level = RAW_OPEN_T2OPEN;
+        io.t2open.in.flags = 0;
+        io.t2open.in.open_mode = accessmode;
+        io.t2open.in.search_attrs = FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN;
+        io.t2open.in.file_attrs = 0;
+        io.t2open.in.write_time = 0;
+        io.t2open.in.open_func = openfn;
+        io.t2open.in.size = 0;
+        io.t2open.in.timeout = 0;
+        io.t2open.in.fname = fname;
+
+        io.t2open.in.num_eas = 1;
+	io.t2open.in.eas = talloc_array(mem_ctx, struct ea_struct, io.t2open.in.num_eas);
+	io.t2open.in.eas[0].flags = 0;
+	io.t2open.in.eas[0].name.s = ".CLASSINFO";
+	io.t2open.in.eas[0].value = data_blob_talloc(mem_ctx, "first value", 11);
+
+        status = smb_raw_open(tree, mem_ctx, &io);
+        talloc_free(mem_ctx);
+
+        if (fnum && NT_STATUS_IS_OK(status)) {
+                *fnum = io.openx.out.file.fnum;
+        }
+
+        return status;
+}
+
+static NTSTATUS raw_smbcli_ntcreate(struct smbcli_tree *tree, const char *fname, int *fnum)
+{
+        union smb_open io;
+        TALLOC_CTX *mem_ctx;
+        NTSTATUS status;
+
+        mem_ctx = talloc_init("raw_t2open");
+        if (!mem_ctx) return NT_STATUS_NO_MEMORY;
+
+	memset(&io, '\0', sizeof(io));
+        io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+        status = smb_raw_open(tree, mem_ctx, &io);
+        talloc_free(mem_ctx);
+
+        if (fnum && NT_STATUS_IS_OK(status)) {
+                *fnum = io.openx.out.file.fnum;
+        }
+
+        return status;
+}
+
+
+bool torture_samba3_badpath(struct torture_context *torture)
+{
+	struct smbcli_state *cli_nt = NULL;
+	struct smbcli_state *cli_dos = NULL;
+	const char *fname = "test.txt";
+	const char *fname1 = "test1.txt";
+	const char *dirname = "testdir";
+	char *fpath;
+	char *fpath1;
+	int fnum;
+	NTSTATUS status;
+	bool ret = true;
+	TALLOC_CTX *mem_ctx;
+	bool nt_status_support;
+	bool client_ntlmv2_auth;
+
+	torture_assert(torture, mem_ctx = talloc_init("torture_samba3_badpath"), "talloc_init failed");
+
+	nt_status_support = lpcfg_nt_status_support(torture->lp_ctx);
+	client_ntlmv2_auth = lpcfg_client_ntlmv2_auth(torture->lp_ctx);
+
+	torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "nt status support", "yes"), ret, fail, "Could not set 'nt status support = yes'\n");
+	torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "client ntlmv2 auth", "yes"), ret, fail, "Could not set 'client ntlmv2 auth = yes'\n");
+
+	torture_assert_goto(torture, torture_open_connection(&cli_nt, torture, 0), ret, fail, "Could not open NTSTATUS connection\n");
+
+	torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "nt status support", "no"), ret, fail, "Could not set 'nt status support = no'\n");
+	torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "client ntlmv2 auth", "no"), ret, fail, "Could not set 'client ntlmv2 auth = no'\n");
+
+	torture_assert_goto(torture, torture_open_connection(&cli_dos, torture, 1), ret, fail, "Could not open DOS connection\n");
+
+	torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "nt status support",
+						       nt_status_support ? "yes":"no"), 
+			    ret, fail, "Could not set 'nt status support' back to where it was\n");
+	torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "client ntlmv2 auth",
+						       client_ntlmv2_auth ? "yes":"no"),
+			    ret, fail, "Could not set 'client ntlmv2 auth' back to where it was\n");
+
+	torture_assert(torture, torture_setup_dir(cli_nt, dirname), "creating test directory");
+
+	status = smbcli_chkpath(cli_nt->tree, dirname);
+	CHECK_STATUS(torture, status, NT_STATUS_OK);
+
+	status = smbcli_chkpath(cli_nt->tree,
+				talloc_asprintf(mem_ctx, "%s\\bla", dirname));
+	CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	status = smbcli_chkpath(cli_dos->tree,
+				talloc_asprintf(mem_ctx, "%s\\bla", dirname));
+	CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRbadpath));
+
+	status = smbcli_chkpath(cli_nt->tree,
+				talloc_asprintf(mem_ctx, "%s\\bla\\blub",
+						dirname));
+	CHECK_STATUS(torture, status, NT_STATUS_OBJECT_PATH_NOT_FOUND);
+	status = smbcli_chkpath(cli_dos->tree,
+				talloc_asprintf(mem_ctx, "%s\\bla\\blub",
+						dirname));
+	CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRbadpath));
+
+	torture_assert_goto(torture, fpath = talloc_asprintf(mem_ctx, "%s\\%s", dirname, fname), 
+			    ret, fail, "Could not allocate fpath\n");
+
+	fnum = smbcli_open(cli_nt->tree, fpath, O_RDWR | O_CREAT, DENY_NONE);
+	if (fnum == -1) {
+		torture_result(torture, TORTURE_FAIL, "Could not create file %s: %s\n", fpath,
+			 smbcli_errstr(cli_nt->tree));
+		goto fail;
+	}
+	smbcli_close(cli_nt->tree, fnum);
+
+	if (!(fpath1 = talloc_asprintf(mem_ctx, "%s\\%s", dirname, fname1))) {
+		goto fail;
+	}
+	fnum = smbcli_open(cli_nt->tree, fpath1, O_RDWR | O_CREAT, DENY_NONE);
+	if (fnum == -1) {
+		torture_result(torture, TORTURE_FAIL, "Could not create file %s: %s\n", fpath1,
+			 smbcli_errstr(cli_nt->tree));
+		goto fail;
+	}
+	smbcli_close(cli_nt->tree, fnum);
+
+	/*
+	 * Do a whole bunch of error code checks on chkpath
+	 */
+
+	status = smbcli_chkpath(cli_nt->tree, fpath);
+	CHECK_STATUS(torture, status, NT_STATUS_NOT_A_DIRECTORY);
+	status = smbcli_chkpath(cli_dos->tree, fpath);
+	CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRbadpath));
+
+	status = smbcli_chkpath(cli_nt->tree, "..");
+	CHECK_STATUS(torture, status, NT_STATUS_OBJECT_PATH_SYNTAX_BAD);
+	status = smbcli_chkpath(cli_dos->tree, "..");
+	CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidpath));
+
+	status = smbcli_chkpath(cli_nt->tree, ".");
+	CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID);
+	status = smbcli_chkpath(cli_dos->tree, ".");
+	CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRbadpath));
+
+	status = smbcli_chkpath(cli_nt->tree, "\t");
+	CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID);
+	status = smbcli_chkpath(cli_dos->tree, "\t");
+	CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRbadpath));
+
+	status = smbcli_chkpath(cli_nt->tree, "\t\\bla");
+	CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID);
+	status = smbcli_chkpath(cli_dos->tree, "\t\\bla");
+	CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRbadpath));
+
+	status = smbcli_chkpath(cli_nt->tree, "<");
+	CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID);
+	status = smbcli_chkpath(cli_dos->tree, "<");
+	CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRbadpath));
+
+	status = smbcli_chkpath(cli_nt->tree, "<\\bla");
+	CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID);
+	status = smbcli_chkpath(cli_dos->tree, "<\\bla");
+	CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRbadpath));
+
+	/*
+	 * .... And the same gang against getatr. Note that the DOS error codes
+	 * differ....
+	 */
+
+	status = smbcli_getatr(cli_nt->tree, fpath, NULL, NULL, NULL);
+	CHECK_STATUS(torture, status, NT_STATUS_OK);
+	status = smbcli_getatr(cli_dos->tree, fpath, NULL, NULL, NULL);
+	CHECK_STATUS(torture, status, NT_STATUS_OK);
+
+	status = smbcli_getatr(cli_nt->tree, "..", NULL, NULL, NULL);
+	CHECK_STATUS(torture, status, NT_STATUS_OBJECT_PATH_SYNTAX_BAD);
+	status = smbcli_getatr(cli_dos->tree, "..", NULL, NULL, NULL);
+	CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidpath));
+
+	status = smbcli_getatr(cli_nt->tree, ".", NULL, NULL, NULL);
+	CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID);
+	status = smbcli_getatr(cli_dos->tree, ".", NULL, NULL, NULL);
+	CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidname));
+
+	status = smbcli_getatr(cli_nt->tree, "\t", NULL, NULL, NULL);
+	CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID);
+	status = smbcli_getatr(cli_dos->tree, "\t", NULL, NULL, NULL);
+	CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidname));
+
+	status = smbcli_getatr(cli_nt->tree, "\t\\bla", NULL, NULL, NULL);
+	CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID);
+	status = smbcli_getatr(cli_dos->tree, "\t\\bla", NULL, NULL, NULL);
+	CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidname));
+
+	status = smbcli_getatr(cli_nt->tree, "<", NULL, NULL, NULL);
+	CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID);
+	status = smbcli_getatr(cli_dos->tree, "<", NULL, NULL, NULL);
+	CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidname));
+
+	status = smbcli_getatr(cli_nt->tree, "<\\bla", NULL, NULL, NULL);
+	CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID);
+	status = smbcli_getatr(cli_dos->tree, "<\\bla", NULL, NULL, NULL);
+	CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidname));
+
+	/* Try the same set with openX. */
+
+	status = raw_smbcli_open(cli_nt->tree, "..", O_RDONLY, DENY_NONE, NULL);
+	CHECK_STATUS(torture, status, NT_STATUS_OBJECT_PATH_SYNTAX_BAD);
+	status = raw_smbcli_open(cli_dos->tree, "..", O_RDONLY, DENY_NONE, NULL);
+	CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidpath));
+
+	status = raw_smbcli_open(cli_nt->tree, ".", O_RDONLY, DENY_NONE, NULL);
+	CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID);
+	status = raw_smbcli_open(cli_dos->tree, ".", O_RDONLY, DENY_NONE, NULL);
+	CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidname));
+
+	status = raw_smbcli_open(cli_nt->tree, "\t", O_RDONLY, DENY_NONE, NULL);
+	CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID);
+	status = raw_smbcli_open(cli_dos->tree, "\t", O_RDONLY, DENY_NONE, NULL);
+	CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidname));
+
+	status = raw_smbcli_open(cli_nt->tree, "\t\\bla", O_RDONLY, DENY_NONE, NULL);
+	CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID);
+	status = raw_smbcli_open(cli_dos->tree, "\t\\bla", O_RDONLY, DENY_NONE, NULL);
+	CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidname));
+
+	status = raw_smbcli_open(cli_nt->tree, "<", O_RDONLY, DENY_NONE, NULL);
+	CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID);
+	status = raw_smbcli_open(cli_dos->tree, "<", O_RDONLY, DENY_NONE, NULL);
+	CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidname));
+
+	status = raw_smbcli_open(cli_nt->tree, "<\\bla", O_RDONLY, DENY_NONE, NULL);
+	CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID);
+	status = raw_smbcli_open(cli_dos->tree, "<\\bla", O_RDONLY, DENY_NONE, NULL);
+	CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidname));
+
+	/* Let's test EEXIST error code mapping. */
+	status = raw_smbcli_open(cli_nt->tree, fpath, O_RDONLY | O_CREAT| O_EXCL, DENY_NONE, NULL);
+	CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_COLLISION);
+	status = raw_smbcli_open(cli_dos->tree, fpath, O_RDONLY | O_CREAT| O_EXCL, DENY_NONE, NULL);
+	CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS,ERRfilexists));
+
+	status = raw_smbcli_t2open(cli_nt->tree, fpath, O_RDONLY | O_CREAT| O_EXCL, DENY_NONE, NULL);
+	if (!NT_STATUS_EQUAL(status, NT_STATUS_EAS_NOT_SUPPORTED)
+	    || !torture_setting_bool(torture, "samba3", false)) {
+		/* Against samba3, treat EAS_NOT_SUPPORTED as acceptable */
+		CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_COLLISION);
+	}
+	status = raw_smbcli_t2open(cli_dos->tree, fpath, O_RDONLY | O_CREAT| O_EXCL, DENY_NONE, NULL);
+	if (!NT_STATUS_EQUAL(status, NT_STATUS_DOS(ERRDOS,ERReasnotsupported))
+	    || !torture_setting_bool(torture, "samba3", false)) {
+		/* Against samba3, treat EAS_NOT_SUPPORTED as acceptable */
+		CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS,ERRfilexists));
+	}
+
+	status = raw_smbcli_ntcreate(cli_nt->tree, fpath, NULL);
+	CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_COLLISION);
+	status = raw_smbcli_ntcreate(cli_dos->tree, fpath, NULL);
+	CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS,ERRfilexists));
+
+	/* Try the rename test. */
+	{
+		union smb_rename io;
+		memset(&io, '\0', sizeof(io));
+		io.rename.in.pattern1 = fpath1;
+		io.rename.in.pattern2 = fpath;
+
+		/* Try with SMBmv rename. */
+		status = smb_raw_rename(cli_nt->tree, &io);
+		CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_COLLISION);
+		status = smb_raw_rename(cli_dos->tree, &io);
+		CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS,ERRrename));
+
+		/* Try with NT rename. */
+		io.generic.level = RAW_RENAME_NTRENAME;
+		io.ntrename.in.old_name = fpath1;
+		io.ntrename.in.new_name = fpath;
+		io.ntrename.in.attrib = 0;
+		io.ntrename.in.cluster_size = 0;
+		io.ntrename.in.flags = RENAME_FLAG_RENAME;
+
+		status = smb_raw_rename(cli_nt->tree, &io);
+		CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_COLLISION);
+		status = smb_raw_rename(cli_dos->tree, &io);
+		CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS,ERRrename));
+	}
+
+	goto done;
+
+ fail:
+	ret = false;
+
+ done:
+	if (cli_nt != NULL) {
+		smbcli_deltree(cli_nt->tree, dirname);
+		torture_close_connection(cli_nt);
+	}
+	if (cli_dos != NULL) {
+		torture_close_connection(cli_dos);
+	}
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+static void count_fn(struct clilist_file_info *info, const char *name,
+		     void *private_data)
+{
+	int *counter = (int *)private_data;
+	*counter += 1;
+}
+
+bool torture_samba3_caseinsensitive(struct torture_context *torture, struct smbcli_state *cli)
+{
+	TALLOC_CTX *mem_ctx;
+	const char *dirname = "insensitive";
+	const char *ucase_dirname = "InSeNsItIvE";
+	const char *fname = "foo";
+	char *fpath;
+	int fnum;
+	int counter = 0;
+	bool ret = false;
+
+	if (!(mem_ctx = talloc_init("torture_samba3_caseinsensitive"))) {
+		torture_result(torture, TORTURE_FAIL, "talloc_init failed\n");
+		return false;
+	}
+
+	torture_assert(torture, torture_setup_dir(cli, dirname), "creating test directory");
+
+	if (!(fpath = talloc_asprintf(mem_ctx, "%s\\%s", dirname, fname))) {
+		goto done;
+	}
+	fnum = smbcli_open(cli->tree, fpath, O_RDWR | O_CREAT, DENY_NONE);
+	if (fnum == -1) {
+		torture_result(torture, TORTURE_FAIL,
+			"Could not create file %s: %s", fpath,
+			 smbcli_errstr(cli->tree));
+		goto done;
+	}
+	smbcli_close(cli->tree, fnum);
+
+	smbcli_list(cli->tree, talloc_asprintf(
+			    mem_ctx, "%s\\*", ucase_dirname),
+		    FILE_ATTRIBUTE_DIRECTORY|FILE_ATTRIBUTE_HIDDEN
+		    |FILE_ATTRIBUTE_SYSTEM,
+		    count_fn, (void *)&counter);
+
+	if (counter == 3) {
+		ret = true;
+	}
+	else {
+		torture_result(torture, TORTURE_FAIL,
+			"expected 3 entries, got %d", counter);
+		ret = false;
+	}
+
+ done:
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static void close_locked_file(struct tevent_context *ev,
+			      struct tevent_timer *te,
+			      struct timeval now,
+			      void *private_data)
+{
+	int *pfd = (int *)private_data;
+
+	TALLOC_FREE(te);
+
+	if (*pfd != -1) {
+		close(*pfd);
+		*pfd = -1;
+	}
+}
+
+struct lock_result_state {
+	NTSTATUS status;
+	bool done;
+};
+
+static void receive_lock_result(struct smbcli_request *req)
+{
+	struct lock_result_state *state =
+		(struct lock_result_state *)req->async.private_data;
+
+	state->status = smbcli_request_simple_recv(req);
+	state->done = true;
+}
+
+/*
+ * Check that Samba3 correctly deals with conflicting local posix byte range
+ * locks on an underlying file via "normal" SMB1 (without unix extensions).
+ *
+ * Note: This test depends on "posix locking = yes".
+ * Note: To run this test, use "--option=torture:localdir=<LOCALDIR>"
+ */
+
+bool torture_samba3_posixtimedlock(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	NTSTATUS status;
+	bool ret = true;
+	const char *dirname = "posixlock";
+	const char *fname = "locked";
+	const char *fpath;
+	const char *localdir;
+	const char *localname;
+	int fnum = -1;
+
+	int fd = -1;
+	struct flock posix_lock;
+
+	union smb_lock io;
+	struct smb_lock_entry lock_entry;
+	struct smbcli_request *req;
+	struct lock_result_state lock_result;
+
+	struct tevent_timer *te;
+
+	torture_assert(tctx, torture_setup_dir(cli, dirname), "creating test directory");
+
+	if (!(fpath = talloc_asprintf(tctx, "%s\\%s", dirname, fname))) {
+		torture_warning(tctx, "talloc failed\n");
+		ret = false;
+		goto done;
+	}
+	fnum = smbcli_open(cli->tree, fpath, O_RDWR | O_CREAT, DENY_NONE);
+	if (fnum == -1) {
+		torture_warning(tctx, "Could not create file %s: %s\n", fpath,
+				smbcli_errstr(cli->tree));
+		ret = false;
+		goto done;
+	}
+
+	if (!(localdir = torture_setting_string(tctx, "localdir", NULL))) {
+		torture_warning(tctx, "Need 'localdir' setting\n");
+		ret = false;
+		goto done;
+	}
+
+	if (!(localname = talloc_asprintf(tctx, "%s/%s/%s", localdir, dirname,
+					  fname))) {
+		torture_warning(tctx, "talloc failed\n");
+		ret = false;
+		goto done;
+	}
+
+	/*
+	 * Lock a byte range from posix
+	 */
+
+	fd = open(localname, O_RDWR);
+	if (fd == -1) {
+		torture_warning(tctx, "open(%s) failed: %s\n",
+				localname, strerror(errno));
+		goto done;
+	}
+
+	posix_lock.l_type = F_WRLCK;
+	posix_lock.l_whence = SEEK_SET;
+	posix_lock.l_start = 0;
+	posix_lock.l_len = 1;
+
+	if (fcntl(fd, F_SETLK, &posix_lock) == -1) {
+		torture_warning(tctx, "fcntl failed: %s\n", strerror(errno));
+		ret = false;
+		goto done;
+	}
+
+	/*
+	 * Try a cifs brlock without timeout to see if posix locking = yes
+	 */
+
+	io.lockx.in.ulock_cnt = 0;
+	io.lockx.in.lock_cnt = 1;
+
+	lock_entry.count = 1;
+	lock_entry.offset = 0;
+	lock_entry.pid = cli->tree->session->pid;
+
+	io.lockx.level = RAW_LOCK_LOCKX;
+	io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+	io.lockx.in.timeout = 0;
+	io.lockx.in.locks = &lock_entry;
+	io.lockx.in.file.fnum = fnum;
+
+	status = smb_raw_lock(cli->tree, &io);
+
+	ret = true;
+	CHECK_STATUS(tctx, status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	if (!ret) {
+		goto done;
+	}
+
+	/*
+	 * Now fire off a timed brlock, unlock the posix lock and see if the
+	 * timed lock gets through.
+	 */
+
+	io.lockx.in.timeout = 5000;
+
+	req = smb_raw_lock_send(cli->tree, &io);
+	if (req == NULL) {
+		torture_warning(tctx, "smb_raw_lock_send failed\n");
+		ret = false;
+		goto done;
+	}
+
+	lock_result.done = false;
+	req->async.fn = receive_lock_result;
+	req->async.private_data = &lock_result;
+
+	te = tevent_add_timer(tctx->ev,
+			      tctx, timeval_current_ofs(1, 0),
+			      close_locked_file, &fd);
+	if (te == NULL) {
+		torture_warning(tctx, "tevent_add_timer failed\n");
+		ret = false;
+		goto done;
+	}
+
+	while ((fd != -1) || (!lock_result.done)) {
+		if (tevent_loop_once(tctx->ev) == -1) {
+			torture_warning(tctx, "tevent_loop_once failed: %s\n",
+					strerror(errno));
+			ret = false;
+			goto done;
+		}
+	}
+
+	CHECK_STATUS(tctx, lock_result.status, NT_STATUS_OK);
+
+ done:
+	if (fnum != -1) {
+		smbcli_close(cli->tree, fnum);
+	}
+	if (fd != -1) {
+		close(fd);
+	}
+	smbcli_deltree(cli->tree, dirname);
+	return ret;
+}
+
+bool torture_samba3_rootdirfid(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	uint16_t dnum;
+	union smb_open io;
+	const char *fname = "testfile";
+	bool ret = false;
+
+	smbcli_unlink(cli->tree, fname);
+
+	ZERO_STRUCT(io);
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.access_mask =
+		SEC_STD_SYNCHRONIZE | SEC_FILE_EXECUTE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_DIRECTORY;
+	io.ntcreatex.in.share_access =
+		NTCREATEX_SHARE_ACCESS_READ
+		| NTCREATEX_SHARE_ACCESS_READ;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.fname = "\\";
+	torture_assert_ntstatus_equal_goto(tctx, smb_raw_open(cli->tree, tctx, &io), 
+					   NT_STATUS_OK,
+					   ret, done, "smb_open on the directory failed: %s\n");
+
+	dnum = io.ntcreatex.out.file.fnum;
+
+	io.ntcreatex.in.flags =
+		NTCREATEX_FLAGS_REQUEST_OPLOCK
+		| NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	io.ntcreatex.in.root_fid.fnum = dnum;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.fname = fname;
+
+	torture_assert_ntstatus_equal_goto(tctx, smb_raw_open(cli->tree, tctx, &io),
+					   NT_STATUS_OK,
+					   ret, done, "smb_open on the file failed");
+
+	smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+	smbcli_close(cli->tree, dnum);
+	smbcli_unlink(cli->tree, fname);
+
+	ret = true;
+ done:
+	return ret;
+}
+
+bool torture_samba3_rootdirfid2(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	int fnum;
+	uint16_t dnum;
+	union smb_open io;
+	const char *dirname1 = "dir1";
+	const char *dirname2 = "dir1/dir2";
+	const char *path = "dir1/dir2/testfile";
+	const char *relname = "dir2/testfile";
+	bool ret = false;
+
+	smbcli_deltree(cli->tree, dirname1);
+
+	torture_assert(tctx, torture_setup_dir(cli, dirname1), "creating test directory");
+	torture_assert(tctx, torture_setup_dir(cli, dirname2), "creating test directory");
+
+	fnum = smbcli_open(cli->tree, path, O_RDWR | O_CREAT, DENY_NONE);
+	if (fnum == -1) {
+		torture_result(tctx, TORTURE_FAIL,
+			"Could not create file: %s",
+			 smbcli_errstr(cli->tree));
+		goto done;
+	}
+	smbcli_close(cli->tree, fnum);
+
+	ZERO_STRUCT(io);
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.access_mask =
+		SEC_STD_SYNCHRONIZE | SEC_FILE_EXECUTE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_DIRECTORY;
+	io.ntcreatex.in.share_access =
+		NTCREATEX_SHARE_ACCESS_READ
+		| NTCREATEX_SHARE_ACCESS_READ;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.fname = dirname1;
+	torture_assert_ntstatus_equal_goto(tctx, smb_raw_open(cli->tree, tctx, &io),
+					   NT_STATUS_OK,
+					   ret, done, "smb_open on the directory failed: %s\n");
+
+	dnum = io.ntcreatex.out.file.fnum;
+
+	io.ntcreatex.in.flags =
+		NTCREATEX_FLAGS_REQUEST_OPLOCK
+		| NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+	io.ntcreatex.in.root_fid.fnum = dnum;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.fname = relname;
+
+	torture_assert_ntstatus_equal_goto(tctx, smb_raw_open(cli->tree, tctx, &io),
+					   NT_STATUS_OK,
+					   ret, done, "smb_open on the file failed");
+
+	smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+	smbcli_close(cli->tree, dnum);
+
+	ret = true;
+done:
+	smbcli_deltree(cli->tree, dirname1);
+	return ret;
+}
+
+bool torture_samba3_oplock_logoff(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	union smb_open io;
+	const char *fname = "testfile";
+	bool ret = false;
+	struct smbcli_request *req;
+	struct smb_echo echo_req;
+
+	smbcli_unlink(cli->tree, fname);
+
+	ZERO_STRUCT(io);
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.access_mask =
+		SEC_STD_SYNCHRONIZE | SEC_FILE_EXECUTE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.fname = "testfile";
+	torture_assert_ntstatus_equal_goto(tctx, smb_raw_open(cli->tree, tctx, &io),
+					   NT_STATUS_OK,
+					   ret, done, "first smb_open on the file failed");
+
+	/*
+	 * Create a conflicting open, causing the one-second delay
+	 */
+
+	torture_assert_goto(tctx, req = smb_raw_open_send(cli->tree, &io),
+			    ret, done, "smb_raw_open_send on the file failed");
+
+	/*
+	 * Pull the VUID from under that request. As of Nov 3, 2008 all Samba3
+	 * versions (3.0, 3.2 and master) would spin sending ERRinvuid errors
+	 * as long as the client is still connected.
+	 */
+
+	torture_assert_ntstatus_equal_goto(tctx, smb_raw_ulogoff(cli->session),
+					   NT_STATUS_OK,
+					   ret, done, "ulogoff failed failed");
+
+	echo_req.in.repeat_count = 1;
+	echo_req.in.size = 1;
+	echo_req.in.data = discard_const_p(uint8_t, "");
+
+	torture_assert_ntstatus_equal_goto(tctx, smb_raw_echo(cli->session->transport, &echo_req),
+					   NT_STATUS_OK,
+					   ret, done, "smb_raw_echo failed");
+
+	ret = true;
+ done:
+	return ret;
+}
+
+bool torture_samba3_check_openX_badname(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	NTSTATUS status;
+	bool ret = false;
+	int fnum = -1;
+	DATA_BLOB name_blob = data_blob_talloc(cli->tree, NULL, 65535);
+
+	if (name_blob.data == NULL) {
+		return false;
+	}
+	memset(name_blob.data, 0xcc, 65535);
+	status = raw_smbcli_openX_name_blob(cli->tree, &name_blob, O_RDWR, DENY_NONE, &fnum);
+	CHECK_STATUS(tctx, status, NT_STATUS_OBJECT_NAME_INVALID);
+	ret = true;
+
+	return ret;
+}
diff --git a/source4/torture/raw/search.c b/source4/torture/raw/search.c
new file mode 100644
index 0000000..575bbd0
--- /dev/null
+++ b/source4/torture/raw/search.c
@@ -0,0 +1,1653 @@
+/* 
+   Unix SMB/CIFS implementation.
+   RAW_SEARCH_* individual test suite
+   Copyright (C) Andrew Tridgell 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "lib/util/tsort.h"
+#include "torture/raw/proto.h"
+
+#undef strncasecmp
+
+#define BASEDIR "\\testsearch"
+
+#define CHECK_STATUS_LEVEL(__tctx, __status, __level, __supp)		\
+	do {								\
+		if (NT_STATUS_EQUAL(__status,				\
+			NT_STATUS_NOT_SUPPORTED) ||			\
+		    NT_STATUS_EQUAL(__status,				\
+			NT_STATUS_NOT_IMPLEMENTED)) {			\
+			__supp = false;					\
+		} else {						\
+			__supp = true;					\
+		}							\
+		if (__supp) {						\
+			torture_assert_ntstatus_ok_goto(__tctx,		\
+			    __status, ret, done, #__level" failed");	\
+		} else {						\
+			torture_warning(__tctx, "(%s) Info "		\
+			    "level "#__level" is %s",			\
+			    __location__, nt_errstr(__status));		\
+		}							\
+	} while (0)
+
+/*
+  callback function for single_search
+*/
+static bool single_search_callback(void *private_data, const union smb_search_data *file)
+{
+	union smb_search_data *data = (union smb_search_data *)private_data;
+
+	*data = *file;
+
+	return true;
+}
+
+/*
+  do a single file (non-wildcard) search 
+*/
+NTSTATUS torture_single_search(struct smbcli_state *cli, 
+			       TALLOC_CTX *tctx,
+			       const char *pattern,
+			       enum smb_search_level level,
+			       enum smb_search_data_level data_level,
+			       uint16_t attrib,
+			       union smb_search_data *data)
+{
+	union smb_search_first io;
+	union smb_search_close c;
+	NTSTATUS status;
+
+	switch (level) {
+	case RAW_SEARCH_SEARCH:
+	case RAW_SEARCH_FFIRST:
+	case RAW_SEARCH_FUNIQUE:
+		io.search_first.level = level;
+		io.search_first.data_level = RAW_SEARCH_DATA_SEARCH;
+		io.search_first.in.max_count = 1;
+		io.search_first.in.search_attrib = attrib;
+		io.search_first.in.pattern = pattern;
+		break;
+
+	case RAW_SEARCH_TRANS2:
+		io.t2ffirst.level = RAW_SEARCH_TRANS2;
+		io.t2ffirst.data_level = data_level;
+		io.t2ffirst.in.search_attrib = attrib;
+		io.t2ffirst.in.max_count = 1;
+		io.t2ffirst.in.flags = FLAG_TRANS2_FIND_CLOSE;
+		io.t2ffirst.in.storage_type = 0;
+		io.t2ffirst.in.pattern = pattern;
+		break;
+
+	case RAW_SEARCH_SMB2:
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	status = smb_raw_search_first(cli->tree, tctx,
+				      &io, (void *)data, single_search_callback);
+
+	if (NT_STATUS_IS_OK(status) && level == RAW_SEARCH_FFIRST) {
+		c.fclose.level = RAW_FINDCLOSE_FCLOSE;
+		c.fclose.in.max_count = 1;
+		c.fclose.in.search_attrib = 0;
+		c.fclose.in.id = data->search.id;
+		status = smb_raw_search_close(cli->tree, &c);
+	}
+	
+	return status;
+}
+
+
+static struct {
+	const char *name;
+	enum smb_search_level level;
+	enum smb_search_data_level data_level;
+	int name_offset;
+	int resume_key_offset;
+	uint32_t capability_mask;
+	NTSTATUS status;
+	union smb_search_data data;
+} levels[] = {
+	{
+		.name              = "FFIRST",
+		.level             = RAW_SEARCH_FFIRST,
+		.data_level        = RAW_SEARCH_DATA_SEARCH,
+		.name_offset       = offsetof(union smb_search_data,
+					      search.name),
+		.resume_key_offset = -1,
+	},
+	{
+		.name              = "FUNIQUE",
+		.level             = RAW_SEARCH_FUNIQUE,
+		.data_level        = RAW_SEARCH_DATA_SEARCH,
+		.name_offset       = offsetof(union smb_search_data,
+					      search.name),
+		.resume_key_offset = -1,
+	},
+	{
+		.name              = "SEARCH",
+		.level             = RAW_SEARCH_SEARCH,
+		.data_level        = RAW_SEARCH_DATA_SEARCH,
+		.name_offset       = offsetof(union smb_search_data,
+				              search.name),
+		.resume_key_offset = -1,
+	},
+	{
+		.name              = "STANDARD",
+		.level             = RAW_SEARCH_TRANS2,
+		.data_level        = RAW_SEARCH_DATA_STANDARD,
+		.name_offset       =  offsetof(union smb_search_data,
+					       standard.name.s),
+		.resume_key_offset =  offsetof(union smb_search_data,
+				               standard.resume_key),
+	},
+	{
+		.name              = "EA_SIZE",
+		.level             = RAW_SEARCH_TRANS2,
+		.data_level        = RAW_SEARCH_DATA_EA_SIZE,
+		.name_offset       = offsetof(union smb_search_data,
+					      ea_size.name.s),
+		.resume_key_offset = offsetof(union smb_search_data,
+					      ea_size.resume_key),
+	},
+	{
+		.name              = "DIRECTORY_INFO",
+		.level             = RAW_SEARCH_TRANS2,
+		.data_level        = RAW_SEARCH_DATA_DIRECTORY_INFO,
+		.name_offset       = offsetof(union smb_search_data,
+					      directory_info.name.s),
+		.resume_key_offset = offsetof(union smb_search_data,
+					      directory_info.file_index),
+	},
+	{
+		.name              = "FULL_DIRECTORY_INFO",
+		.level             = RAW_SEARCH_TRANS2,
+		.data_level        = RAW_SEARCH_DATA_FULL_DIRECTORY_INFO,
+		.name_offset       = offsetof(union smb_search_data,
+					      full_directory_info.name.s),
+		.resume_key_offset = offsetof(union smb_search_data,
+					      full_directory_info.file_index),
+	},
+	{
+		.name              = "NAME_INFO",
+		.level             = RAW_SEARCH_TRANS2,
+		.data_level        = RAW_SEARCH_DATA_NAME_INFO,
+		.name_offset       =  offsetof(union smb_search_data,
+					       name_info.name.s),
+		.resume_key_offset =  offsetof(union smb_search_data,
+					       name_info.file_index),
+	},
+	{
+		.name              = "BOTH_DIRECTORY_INFO",
+		.level             = RAW_SEARCH_TRANS2,
+		.data_level        = RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO,
+		.name_offset       = offsetof(union smb_search_data,
+					      both_directory_info.name.s),
+		.resume_key_offset = offsetof(union smb_search_data,
+					      both_directory_info.file_index),
+	},
+	{
+		.name              = "ID_FULL_DIRECTORY_INFO",
+		.level             = RAW_SEARCH_TRANS2,
+		.data_level        = RAW_SEARCH_DATA_ID_FULL_DIRECTORY_INFO,
+		.name_offset       = offsetof(union smb_search_data,
+					      id_full_directory_info.name.s),
+		.resume_key_offset = offsetof(union smb_search_data,
+					      id_full_directory_info.file_index),
+	},
+	{
+		.name              = "ID_BOTH_DIRECTORY_INFO",
+		.level             = RAW_SEARCH_TRANS2,
+		.data_level        = RAW_SEARCH_DATA_ID_BOTH_DIRECTORY_INFO,
+		.name_offset       = offsetof(union smb_search_data,
+					      id_both_directory_info.name.s),
+		.resume_key_offset = offsetof(union smb_search_data,
+					      id_both_directory_info.file_index),
+	},
+	{
+		.name              = "UNIX_INFO",
+		.level             = RAW_SEARCH_TRANS2,
+		.data_level        = RAW_SEARCH_DATA_UNIX_INFO,
+		.name_offset       = offsetof(union smb_search_data,
+					      unix_info.name),
+		.resume_key_offset = offsetof(union smb_search_data,
+					      unix_info.file_index),
+		.capability_mask = CAP_UNIX
+	},
+};
+
+
+/*
+  return level name
+*/
+static const char *level_name(enum smb_search_level level,
+			      enum smb_search_data_level data_level)
+{
+	int i;
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		if (level == levels[i].level &&
+		    data_level == levels[i].data_level) {
+			return levels[i].name;
+		}
+	}
+	return NULL;
+}
+
+/*
+  extract the name from a smb_data structure and level
+*/
+static const char *extract_name(void *data, enum smb_search_level level,
+				enum smb_search_data_level data_level)
+{
+	int i;
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		if (level == levels[i].level &&
+		    data_level == levels[i].data_level) {
+			return *(const char **)(levels[i].name_offset + (char *)data);
+		}
+	}
+	return NULL;
+}
+
+/*
+  extract the name from a smb_data structure and level
+*/
+static uint32_t extract_resume_key(void *data, enum smb_search_level level,
+				   enum smb_search_data_level data_level)
+{
+	int i;
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		if (level == levels[i].level &&
+		    data_level == levels[i].data_level) {
+			return *(uint32_t *)(levels[i].resume_key_offset + (char *)data);
+		}
+	}
+	return 0;
+}
+
+/* find a level in the table by name */
+static union smb_search_data *find(const char *name)
+{
+	int i;
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		if (NT_STATUS_IS_OK(levels[i].status) && 
+		    strcmp(levels[i].name, name) == 0) {
+			return &levels[i].data;
+		}
+	}
+	return NULL;
+}
+
+/*
+ * Negotiate SMB1+POSIX.
+ */
+
+static NTSTATUS setup_smb1_posix(struct torture_context *tctx,
+				 struct smbcli_state *cli_unix)
+{
+	struct smb_trans2 tp;
+	uint16_t setup;
+	uint8_t data[12];
+	uint8_t params[4];
+	uint32_t cap = cli_unix->transport->negotiate.capabilities;
+
+	if ((cap & CAP_UNIX) == 0) {
+		/*
+		 * Server doesn't support SMB1+POSIX.
+		 * The caller will skip the UNIX info
+		 * level anyway.
+		 */
+		torture_comment(tctx,
+			"Server doesn't support SMB1+POSIX\n");
+		return NT_STATUS_OK;
+	}
+
+	/* Setup POSIX on this connection. */
+	SSVAL(data, 0, CIFS_UNIX_MAJOR_VERSION);
+	SSVAL(data, 2, CIFS_UNIX_MINOR_VERSION);
+	SBVAL(data,4,((uint64_t)(
+		CIFS_UNIX_POSIX_ACLS_CAP|
+		CIFS_UNIX_POSIX_PATHNAMES_CAP|
+		CIFS_UNIX_FCNTL_LOCKS_CAP|
+		CIFS_UNIX_EXTATTR_CAP|
+		CIFS_UNIX_POSIX_PATH_OPERATIONS_CAP)));
+	setup = TRANSACT2_SETFSINFO;
+	tp.in.max_setup = 0;
+	tp.in.flags = 0;
+	tp.in.timeout = 0;
+	tp.in.setup_count = 1;
+	tp.in.max_param = 0;
+	tp.in.max_data = 0;
+	tp.in.setup = &setup;
+	tp.in.trans_name = NULL;
+	SSVAL(params, 0, 0);
+	SSVAL(params, 2, SMB_SET_CIFS_UNIX_INFO);
+	tp.in.params = data_blob_talloc(tctx, params, 4);
+	tp.in.data = data_blob_talloc(tctx, data, 12);
+	return smb_raw_trans2(cli_unix->tree, tctx, &tp);
+}
+
+/* 
+   basic testing of all RAW_SEARCH_* calls using a single file
+*/
+static bool test_one_file(struct torture_context *tctx,
+			  struct smbcli_state *cli,
+			  struct smbcli_state *cli_unix)
+{
+	bool ret = true;
+	int fnum;
+	const char *fname = "torture_search.txt";
+	const char *fname2 = "torture_search-NOTEXIST.txt";
+	NTSTATUS status;
+	int i;
+	union smb_fileinfo all_info, alt_info, name_info, internal_info;
+	bool all_info_supported, alt_info_supported, name_info_supported,
+	    internal_info_supported;
+	union smb_search_data *s;
+
+	status = setup_smb1_posix(tctx, cli_unix);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_result(tctx,
+			TORTURE_FAIL,
+			__location__"setup_smb1_posix() failed (%s)\n",
+			nt_errstr(status));
+		ret = false;
+		goto done;
+	}
+
+	fnum = create_complex_file(cli, tctx, fname);
+	if (fnum == -1) {
+		torture_result(tctx,
+			TORTURE_FAIL,
+			__location__"ERROR: open of %s failed (%s)\n",
+			fname,
+			smbcli_errstr(cli->tree));
+		ret = false;
+		goto done;
+	}
+
+	/* call all the levels */
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		NTSTATUS expected_status;
+		uint32_t cap = cli->transport->negotiate.capabilities;
+		struct smbcli_state *cli_search = cli;
+
+		torture_comment(tctx, "Testing %s\n", levels[i].name);
+
+		if (levels[i].data_level == RAW_SEARCH_DATA_UNIX_INFO) {
+			/*
+			 * For an SMB1+POSIX info level, use the cli_unix
+			 * connection.
+			 */
+			cli_search = cli_unix;
+		}
+
+		levels[i].status = torture_single_search(cli_search, tctx, fname,
+							 levels[i].level,
+							 levels[i].data_level,
+							 0,
+							 &levels[i].data);
+
+		/* see if this server claims to support this level */
+		if (((cap & levels[i].capability_mask) != levels[i].capability_mask)
+		    || NT_STATUS_EQUAL(levels[i].status, NT_STATUS_NOT_SUPPORTED)) {
+			printf("search level %s(%d) not supported by server\n",
+			       levels[i].name, (int)levels[i].level);
+			continue;
+		}
+
+		if (!NT_STATUS_IS_OK(levels[i].status)) {
+			torture_result(tctx,
+				TORTURE_FAIL,
+				__location__"search level %s(%d) failed - %s\n",
+				levels[i].name, (int)levels[i].level,
+				nt_errstr(levels[i].status));
+			ret = false;
+			continue;
+		}
+
+		status = torture_single_search(cli_search, tctx, fname2,
+					       levels[i].level,
+					       levels[i].data_level,
+					       0,
+					       &levels[i].data);
+		
+		expected_status = NT_STATUS_NO_SUCH_FILE;
+		if (levels[i].level == RAW_SEARCH_SEARCH ||
+		    levels[i].level == RAW_SEARCH_FFIRST ||
+		    levels[i].level == RAW_SEARCH_FUNIQUE) {
+			expected_status = STATUS_NO_MORE_FILES;
+		}
+		if (!NT_STATUS_EQUAL(status, expected_status)) {
+			torture_result(tctx,
+				TORTURE_FAIL,
+				__location__"search level %s(%d) should fail with %s - %s\n",
+			       levels[i].name, (int)levels[i].level, 
+			       nt_errstr(expected_status),
+			       nt_errstr(status));
+			ret = false;
+		}
+	}
+
+	/* get the all_info file into to check against */
+	all_info.generic.level = RAW_FILEINFO_ALL_INFO;
+	all_info.generic.in.file.path = fname;
+	status = smb_raw_pathinfo(cli->tree, tctx, &all_info);
+	CHECK_STATUS_LEVEL(tctx, status, "RAW_FILEINFO_ALL_INFO",
+	    all_info_supported);
+
+	alt_info.generic.level = RAW_FILEINFO_ALT_NAME_INFO;
+	alt_info.generic.in.file.path = fname;
+	status = smb_raw_pathinfo(cli->tree, tctx, &alt_info);
+	CHECK_STATUS_LEVEL(tctx, status, "RAW_FILEINFO_ALT_NAME_INFO",
+	    alt_info_supported);
+
+	internal_info.generic.level = RAW_FILEINFO_INTERNAL_INFORMATION;
+	internal_info.generic.in.file.path = fname;
+	status = smb_raw_pathinfo(cli->tree, tctx, &internal_info);
+	CHECK_STATUS_LEVEL(tctx, status, "RAW_FILEINFO_INTERNAL_INFORMATION",
+	    internal_info_supported);
+
+	name_info.generic.level = RAW_FILEINFO_NAME_INFO;
+	name_info.generic.in.file.path = fname;
+	status = smb_raw_pathinfo(cli->tree, tctx, &name_info);
+	CHECK_STATUS_LEVEL(tctx, status, "RAW_FILEINFO_NAME_INFO",
+	    name_info_supported);
+
+#define CHECK_VAL(name, sname1, field1, v, sname2, field2) do { \
+	s = find(name); \
+	if (s) { \
+		if ((s->sname1.field1) != (v.sname2.out.field2)) { \
+			torture_result(tctx,\
+				TORTURE_FAIL,\
+				"(%s) %s/%s [0x%x] != %s/%s [0x%x]\n", \
+				__location__, \
+				#sname1, #field1, (int)s->sname1.field1, \
+				#sname2, #field2, (int)v.sname2.out.field2); \
+			ret = false; \
+		} \
+	}} while (0)
+
+#define CHECK_TIME(name, sname1, field1, v, sname2, field2) do { \
+	s = find(name); \
+	if (s) { \
+		if (s->sname1.field1 != (~1 & nt_time_to_unix(v.sname2.out.field2))) { \
+			torture_result(tctx,\
+				TORTURE_FAIL,\
+				"(%s) %s/%s [%s] != %s/%s [%s]\n", \
+				__location__, \
+				#sname1, #field1, timestring(tctx, s->sname1.field1), \
+				#sname2, #field2, nt_time_string(tctx, v.sname2.out.field2)); \
+			ret = false; \
+		} \
+	}} while (0)
+
+#define CHECK_NTTIME(name, sname1, field1, v, sname2, field2) do { \
+	s = find(name); \
+	if (s) { \
+		if (s->sname1.field1 != v.sname2.out.field2) { \
+			torture_result(tctx,\
+				TORTURE_FAIL,\
+				"(%s) %s/%s [%s] != %s/%s [%s]\n", \
+				__location__, \
+				#sname1, #field1, nt_time_string(tctx, s->sname1.field1), \
+				#sname2, #field2, nt_time_string(tctx, v.sname2.out.field2)); \
+			ret = false; \
+		} \
+	}} while (0)
+
+#define CHECK_STR(name, sname1, field1, v, sname2, field2) do { \
+	s = find(name); \
+	if (s) { \
+		if (!s->sname1.field1 || strcmp(s->sname1.field1, v.sname2.out.field2.s)) { \
+			torture_result(tctx,\
+				TORTURE_FAIL,\
+				"(%s) %s/%s [%s] != %s/%s [%s]\n", \
+				__location__, \
+				#sname1, #field1, s->sname1.field1, \
+				#sname2, #field2, v.sname2.out.field2.s); \
+			ret = false; \
+		} \
+	}} while (0)
+
+#define CHECK_WSTR(name, sname1, field1, v, sname2, field2, flags) do { \
+	s = find(name); \
+	if (s) { \
+		if (!s->sname1.field1.s || \
+		    strcmp(s->sname1.field1.s, v.sname2.out.field2.s) || \
+		    wire_bad_flags(&s->sname1.field1, flags, cli->transport)) { \
+			torture_result(tctx,\
+				TORTURE_FAIL,\
+				"(%s) %s/%s [%s] != %s/%s [%s]\n", \
+				__location__, \
+				#sname1, #field1, s->sname1.field1.s, \
+				#sname2, #field2, v.sname2.out.field2.s); \
+			ret = false; \
+		} \
+	}} while (0)
+
+#define CHECK_NAME(name, sname1, field1, fname, flags) do { \
+	s = find(name); \
+	if (s) { \
+		if (!s->sname1.field1.s || \
+		    strcmp(s->sname1.field1.s, fname) || \
+		    wire_bad_flags(&s->sname1.field1, flags, cli->transport)) { \
+			torture_result(tctx,\
+				TORTURE_FAIL,\
+				"(%s) %s/%s [%s] != %s\n", \
+				__location__, \
+				#sname1, #field1, s->sname1.field1.s, \
+				fname); \
+			ret = false; \
+		} \
+	}} while (0)
+
+#define CHECK_UNIX_NAME(name, sname1, field1, fname, flags) do { \
+	s = find(name); \
+	if (s) { \
+		if (!s->sname1.field1 || \
+		    strcmp(s->sname1.field1, fname)) { \
+			torture_result(tctx,\
+				TORTURE_FAIL,\
+				"(%s) %s/%s [%s] != %s\n", \
+				__location__, \
+				#sname1, #field1, s->sname1.field1, \
+				fname); \
+			ret = false; \
+		} \
+	}} while (0)
+	
+	/* check that all the results are as expected */
+	CHECK_VAL("SEARCH",              search,              attrib, all_info, all_info, attrib&0xFFF);
+	CHECK_VAL("STANDARD",            standard,            attrib, all_info, all_info, attrib&0xFFF);
+	CHECK_VAL("EA_SIZE",             ea_size,             attrib, all_info, all_info, attrib&0xFFF);
+	CHECK_VAL("DIRECTORY_INFO",      directory_info,      attrib, all_info, all_info, attrib);
+	CHECK_VAL("FULL_DIRECTORY_INFO", full_directory_info, attrib, all_info, all_info, attrib);
+	CHECK_VAL("BOTH_DIRECTORY_INFO", both_directory_info, attrib, all_info, all_info, attrib);
+	CHECK_VAL("ID_FULL_DIRECTORY_INFO", id_full_directory_info,           attrib, all_info, all_info, attrib);
+	CHECK_VAL("ID_BOTH_DIRECTORY_INFO", id_both_directory_info,           attrib, all_info, all_info, attrib);
+
+	CHECK_TIME("SEARCH",             search,              write_time, all_info, all_info, write_time);
+	CHECK_TIME("STANDARD",           standard,            write_time, all_info, all_info, write_time);
+	CHECK_TIME("EA_SIZE",            ea_size,             write_time, all_info, all_info, write_time);
+	CHECK_TIME("STANDARD",           standard,            create_time, all_info, all_info, create_time);
+	CHECK_TIME("EA_SIZE",            ea_size,             create_time, all_info, all_info, create_time);
+	CHECK_TIME("STANDARD",           standard,            access_time, all_info, all_info, access_time);
+	CHECK_TIME("EA_SIZE",            ea_size,             access_time, all_info, all_info, access_time);
+
+	CHECK_NTTIME("DIRECTORY_INFO",      directory_info,      write_time, all_info, all_info, write_time);
+	CHECK_NTTIME("FULL_DIRECTORY_INFO", full_directory_info, write_time, all_info, all_info, write_time);
+	CHECK_NTTIME("BOTH_DIRECTORY_INFO", both_directory_info, write_time, all_info, all_info, write_time);
+	CHECK_NTTIME("ID_FULL_DIRECTORY_INFO", id_full_directory_info,           write_time, all_info, all_info, write_time);
+	CHECK_NTTIME("ID_BOTH_DIRECTORY_INFO", id_both_directory_info,           write_time, all_info, all_info, write_time);
+
+	CHECK_NTTIME("DIRECTORY_INFO",      directory_info,      create_time, all_info, all_info, create_time);
+	CHECK_NTTIME("FULL_DIRECTORY_INFO", full_directory_info, create_time, all_info, all_info, create_time);
+	CHECK_NTTIME("BOTH_DIRECTORY_INFO", both_directory_info, create_time, all_info, all_info, create_time);
+	CHECK_NTTIME("ID_FULL_DIRECTORY_INFO", id_full_directory_info,           create_time, all_info, all_info, create_time);
+	CHECK_NTTIME("ID_BOTH_DIRECTORY_INFO", id_both_directory_info,           create_time, all_info, all_info, create_time);
+
+	CHECK_NTTIME("DIRECTORY_INFO",      directory_info,      access_time, all_info, all_info, access_time);
+	CHECK_NTTIME("FULL_DIRECTORY_INFO", full_directory_info, access_time, all_info, all_info, access_time);
+	CHECK_NTTIME("BOTH_DIRECTORY_INFO", both_directory_info, access_time, all_info, all_info, access_time);
+	CHECK_NTTIME("ID_FULL_DIRECTORY_INFO", id_full_directory_info,           access_time, all_info, all_info, access_time);
+	CHECK_NTTIME("ID_BOTH_DIRECTORY_INFO", id_both_directory_info,           access_time, all_info, all_info, access_time);
+
+	CHECK_NTTIME("DIRECTORY_INFO",      directory_info,      change_time, all_info, all_info, change_time);
+	CHECK_NTTIME("FULL_DIRECTORY_INFO", full_directory_info, change_time, all_info, all_info, change_time);
+	CHECK_NTTIME("BOTH_DIRECTORY_INFO", both_directory_info, change_time, all_info, all_info, change_time);
+	CHECK_NTTIME("ID_FULL_DIRECTORY_INFO", id_full_directory_info,           change_time, all_info, all_info, change_time);
+	CHECK_NTTIME("ID_BOTH_DIRECTORY_INFO", id_both_directory_info,           change_time, all_info, all_info, change_time);
+
+	CHECK_VAL("SEARCH",              search,              size, all_info, all_info, size);
+	CHECK_VAL("STANDARD",            standard,            size, all_info, all_info, size);
+	CHECK_VAL("EA_SIZE",             ea_size,             size, all_info, all_info, size);
+	CHECK_VAL("DIRECTORY_INFO",      directory_info,      size, all_info, all_info, size);
+	CHECK_VAL("FULL_DIRECTORY_INFO", full_directory_info, size, all_info, all_info, size);
+	CHECK_VAL("BOTH_DIRECTORY_INFO", both_directory_info, size, all_info, all_info, size);
+	CHECK_VAL("ID_FULL_DIRECTORY_INFO", id_full_directory_info,           size, all_info, all_info, size);
+	CHECK_VAL("ID_BOTH_DIRECTORY_INFO", id_both_directory_info,           size, all_info, all_info, size);
+	CHECK_VAL("UNIX_INFO",           unix_info,           size, all_info, all_info, size);
+
+	CHECK_VAL("STANDARD",            standard,            alloc_size, all_info, all_info, alloc_size);
+	CHECK_VAL("EA_SIZE",             ea_size,             alloc_size, all_info, all_info, alloc_size);
+	CHECK_VAL("DIRECTORY_INFO",      directory_info,      alloc_size, all_info, all_info, alloc_size);
+	CHECK_VAL("FULL_DIRECTORY_INFO", full_directory_info, alloc_size, all_info, all_info, alloc_size);
+	CHECK_VAL("BOTH_DIRECTORY_INFO", both_directory_info, alloc_size, all_info, all_info, alloc_size);
+	CHECK_VAL("ID_FULL_DIRECTORY_INFO", id_full_directory_info,           alloc_size, all_info, all_info, alloc_size);
+	CHECK_VAL("ID_BOTH_DIRECTORY_INFO", id_both_directory_info,           alloc_size, all_info, all_info, alloc_size);
+	CHECK_VAL("UNIX_INFO",           unix_info,           alloc_size, all_info, all_info, alloc_size);
+
+	CHECK_VAL("EA_SIZE",             ea_size,             ea_size, all_info, all_info, ea_size);
+	CHECK_VAL("FULL_DIRECTORY_INFO", full_directory_info, ea_size, all_info, all_info, ea_size);
+	CHECK_VAL("BOTH_DIRECTORY_INFO", both_directory_info, ea_size, all_info, all_info, ea_size);
+	CHECK_VAL("ID_FULL_DIRECTORY_INFO", id_full_directory_info,           ea_size, all_info, all_info, ea_size);
+	CHECK_VAL("ID_BOTH_DIRECTORY_INFO", id_both_directory_info,           ea_size, all_info, all_info, ea_size);
+
+	if (alt_info_supported) {
+		CHECK_STR("SEARCH", search, name, alt_info, alt_name_info,
+		    fname);
+		CHECK_WSTR("BOTH_DIRECTORY_INFO", both_directory_info,
+		    short_name, alt_info, alt_name_info, fname, STR_UNICODE);
+	}
+
+	CHECK_NAME("STANDARD",            standard,            name, fname, 0);
+	CHECK_NAME("EA_SIZE",             ea_size,             name, fname, 0);
+	CHECK_NAME("DIRECTORY_INFO",      directory_info,      name, fname, STR_TERMINATE_ASCII);
+	CHECK_NAME("FULL_DIRECTORY_INFO", full_directory_info, name, fname, STR_TERMINATE_ASCII);
+
+	if (name_info_supported) {
+		CHECK_NAME("NAME_INFO", name_info, name, fname,
+		    STR_TERMINATE_ASCII);
+	}
+
+	CHECK_NAME("BOTH_DIRECTORY_INFO", both_directory_info, name, fname, STR_TERMINATE_ASCII);
+	CHECK_NAME("ID_FULL_DIRECTORY_INFO", id_full_directory_info,           name, fname, STR_TERMINATE_ASCII);
+	CHECK_NAME("ID_BOTH_DIRECTORY_INFO", id_both_directory_info,           name, fname, STR_TERMINATE_ASCII);
+	CHECK_UNIX_NAME("UNIX_INFO",           unix_info,           name, fname, STR_TERMINATE_ASCII);
+
+	if (internal_info_supported) {
+		CHECK_VAL("ID_FULL_DIRECTORY_INFO", id_full_directory_info,
+		    file_id, internal_info, internal_information, file_id);
+		CHECK_VAL("ID_BOTH_DIRECTORY_INFO", id_both_directory_info,
+		    file_id, internal_info, internal_information, file_id);
+	}
+
+done:
+	smb_raw_exit(cli->session);
+	smbcli_unlink(cli->tree, fname);
+
+	return ret;
+}
+
+
+struct multiple_result {
+	TALLOC_CTX *tctx;
+	int count;
+	union smb_search_data *list;
+};
+
+/*
+  callback function for multiple_search
+*/
+static bool multiple_search_callback(void *private_data, const union smb_search_data *file)
+{
+	struct multiple_result *data = (struct multiple_result *)private_data;
+
+
+	data->count++;
+	data->list = talloc_realloc(data->tctx,
+				      data->list, 
+				      union smb_search_data,
+				      data->count);
+
+	data->list[data->count-1] = *file;
+
+	return true;
+}
+
+enum continue_type {CONT_FLAGS, CONT_NAME, CONT_RESUME_KEY};
+
+/*
+  do a single file (non-wildcard) search 
+*/
+static NTSTATUS multiple_search(struct smbcli_state *cli, 
+				TALLOC_CTX *tctx,
+				const char *pattern,
+				enum smb_search_data_level data_level,
+				enum continue_type cont_type,
+				void *data)
+{
+	union smb_search_first io;
+	union smb_search_next io2;
+	NTSTATUS status;
+	const int per_search = 100;
+	struct multiple_result *result = (struct multiple_result *)data;
+
+	if (data_level == RAW_SEARCH_DATA_SEARCH) {
+		io.search_first.level = RAW_SEARCH_SEARCH;
+		io.search_first.data_level = RAW_SEARCH_DATA_SEARCH;
+		io.search_first.in.max_count = per_search;
+		io.search_first.in.search_attrib = 0;
+		io.search_first.in.pattern = pattern;
+	} else {
+		io.t2ffirst.level = RAW_SEARCH_TRANS2;
+		io.t2ffirst.data_level = data_level;
+		io.t2ffirst.in.search_attrib = 0;
+		io.t2ffirst.in.max_count = per_search;
+		io.t2ffirst.in.flags = FLAG_TRANS2_FIND_CLOSE_IF_END;
+		io.t2ffirst.in.storage_type = 0;
+		io.t2ffirst.in.pattern = pattern;
+		if (cont_type == CONT_RESUME_KEY) {
+			io.t2ffirst.in.flags |= FLAG_TRANS2_FIND_REQUIRE_RESUME | 
+				FLAG_TRANS2_FIND_BACKUP_INTENT;
+		}
+	}
+
+	status = smb_raw_search_first(cli->tree, tctx,
+				      &io, data, multiple_search_callback);
+	
+
+	while (NT_STATUS_IS_OK(status)) {
+		if (data_level == RAW_SEARCH_DATA_SEARCH) {
+			io2.search_next.level = RAW_SEARCH_SEARCH;
+			io2.search_next.data_level = RAW_SEARCH_DATA_SEARCH;
+			io2.search_next.in.max_count = per_search;
+			io2.search_next.in.search_attrib = 0;
+			io2.search_next.in.id = result->list[result->count-1].search.id;
+		} else {
+			io2.t2fnext.level = RAW_SEARCH_TRANS2;
+			io2.t2fnext.data_level = data_level;
+			io2.t2fnext.in.handle = io.t2ffirst.out.handle;
+			io2.t2fnext.in.max_count = per_search;
+			io2.t2fnext.in.resume_key = 0;
+			io2.t2fnext.in.flags = FLAG_TRANS2_FIND_CLOSE_IF_END;
+			io2.t2fnext.in.last_name = "";
+			switch (cont_type) {
+			case CONT_RESUME_KEY:
+				io2.t2fnext.in.resume_key = extract_resume_key(&result->list[result->count-1],
+									       io2.t2fnext.level, io2.t2fnext.data_level);
+				if (io2.t2fnext.in.resume_key == 0) {
+					printf("Server does not support resume by key for level %s\n",
+					       level_name(io2.t2fnext.level, io2.t2fnext.data_level));
+					return NT_STATUS_NOT_SUPPORTED;
+				}
+				io2.t2fnext.in.flags |= FLAG_TRANS2_FIND_REQUIRE_RESUME |
+					FLAG_TRANS2_FIND_BACKUP_INTENT;
+				break;
+			case CONT_NAME:
+				io2.t2fnext.in.last_name = extract_name(&result->list[result->count-1],
+									io2.t2fnext.level, io2.t2fnext.data_level);
+				break;
+			case CONT_FLAGS:
+				io2.t2fnext.in.flags |= FLAG_TRANS2_FIND_CONTINUE;
+				break;
+			}
+		}
+
+		status = smb_raw_search_next(cli->tree, tctx,
+					     &io2, data, multiple_search_callback);
+		if (!NT_STATUS_IS_OK(status)) {
+			break;
+		}
+		if (data_level == RAW_SEARCH_DATA_SEARCH) {
+			if (io2.search_next.out.count == 0) {
+				break;
+			}
+		} else if (io2.t2fnext.out.count == 0 ||
+			   io2.t2fnext.out.end_of_search) {
+			break;
+		}
+	}
+
+	return status;
+}
+
+#define CHECK_STATUS(status, correct) torture_assert_ntstatus_equal(tctx, status, correct, "incorrect status")
+
+#define CHECK_VALUE(v, correct) torture_assert_int_equal(tctx, (v), (correct), "incorrect value");
+
+#define CHECK_STRING(v, correct) torture_assert_casestr_equal(tctx, v, correct, "incorrect value");
+
+
+static enum smb_search_data_level compare_data_level;
+
+static int search_compare(union smb_search_data *d1, union smb_search_data *d2)
+{
+	const char *s1, *s2;
+	enum smb_search_level level;
+
+	if (compare_data_level == RAW_SEARCH_DATA_SEARCH) {
+		level = RAW_SEARCH_SEARCH;
+	} else {
+		level = RAW_SEARCH_TRANS2;
+	}
+
+	s1 = extract_name(d1, level, compare_data_level);
+	s2 = extract_name(d2, level, compare_data_level);
+	return strcmp_safe(s1, s2);
+}
+
+
+
+/* 
+   basic testing of search calls using many files
+*/
+static bool test_many_files(struct torture_context *tctx, 
+			    struct smbcli_state *cli)
+{
+	const int num_files = 700;
+	int i, fnum, t;
+	char *fname;
+	bool ret = true;
+	NTSTATUS status;
+	struct multiple_result result;
+	struct {
+		const char *name;
+		const char *cont_name;
+		enum smb_search_data_level data_level;
+		enum continue_type cont_type;
+	} search_types[] = {
+		{"SEARCH",              "ID",    RAW_SEARCH_DATA_SEARCH,              CONT_RESUME_KEY},
+		{"BOTH_DIRECTORY_INFO", "NAME",  RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO, CONT_NAME},
+		{"BOTH_DIRECTORY_INFO", "FLAGS", RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO, CONT_FLAGS},
+		{"BOTH_DIRECTORY_INFO", "KEY",   RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO, CONT_RESUME_KEY},
+		{"STANDARD",            "FLAGS", RAW_SEARCH_DATA_STANDARD,            CONT_FLAGS},
+		{"STANDARD",            "KEY",   RAW_SEARCH_DATA_STANDARD,            CONT_RESUME_KEY},
+		{"STANDARD",            "NAME",  RAW_SEARCH_DATA_STANDARD,            CONT_NAME},
+		{"EA_SIZE",             "FLAGS", RAW_SEARCH_DATA_EA_SIZE,             CONT_FLAGS},
+		{"EA_SIZE",             "KEY",   RAW_SEARCH_DATA_EA_SIZE,             CONT_RESUME_KEY},
+		{"EA_SIZE",             "NAME",  RAW_SEARCH_DATA_EA_SIZE,             CONT_NAME},
+		{"DIRECTORY_INFO",      "FLAGS", RAW_SEARCH_DATA_DIRECTORY_INFO,      CONT_FLAGS},
+		{"DIRECTORY_INFO",      "KEY",   RAW_SEARCH_DATA_DIRECTORY_INFO,      CONT_RESUME_KEY},
+		{"DIRECTORY_INFO",      "NAME",  RAW_SEARCH_DATA_DIRECTORY_INFO,      CONT_NAME},
+		{"FULL_DIRECTORY_INFO",    "FLAGS", RAW_SEARCH_DATA_FULL_DIRECTORY_INFO,    CONT_FLAGS},
+		{"FULL_DIRECTORY_INFO",    "KEY",   RAW_SEARCH_DATA_FULL_DIRECTORY_INFO,    CONT_RESUME_KEY},
+		{"FULL_DIRECTORY_INFO",    "NAME",  RAW_SEARCH_DATA_FULL_DIRECTORY_INFO,    CONT_NAME},
+		{"ID_FULL_DIRECTORY_INFO", "FLAGS", RAW_SEARCH_DATA_ID_FULL_DIRECTORY_INFO, CONT_FLAGS},
+		{"ID_FULL_DIRECTORY_INFO", "KEY",   RAW_SEARCH_DATA_ID_FULL_DIRECTORY_INFO, CONT_RESUME_KEY},
+		{"ID_FULL_DIRECTORY_INFO", "NAME",  RAW_SEARCH_DATA_ID_FULL_DIRECTORY_INFO, CONT_NAME},
+		{"ID_BOTH_DIRECTORY_INFO", "NAME",  RAW_SEARCH_DATA_ID_BOTH_DIRECTORY_INFO, CONT_NAME},
+		{"ID_BOTH_DIRECTORY_INFO", "FLAGS", RAW_SEARCH_DATA_ID_BOTH_DIRECTORY_INFO, CONT_FLAGS},
+		{"ID_BOTH_DIRECTORY_INFO", "KEY",   RAW_SEARCH_DATA_ID_BOTH_DIRECTORY_INFO, CONT_RESUME_KEY}
+	};
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	torture_comment(tctx, "Testing with %d files\n", num_files);
+
+	for (i=0;i<num_files;i++) {
+		fname = talloc_asprintf(cli, BASEDIR "\\t%03d-%d.txt", i, i);
+		fnum = smbcli_open(cli->tree, fname, O_CREAT|O_RDWR, DENY_NONE);
+		torture_assert(tctx, fnum != -1, "Failed to create");
+		talloc_free(fname);
+		smbcli_close(cli->tree, fnum);
+	}
+
+
+	for (t=0;t<ARRAY_SIZE(search_types);t++) {
+		ZERO_STRUCT(result);
+
+		if ((search_types[t].cont_type == CONT_RESUME_KEY) &&
+		    (search_types[t].data_level != RAW_SEARCH_DATA_SEARCH) &&
+		    !torture_setting_bool(tctx, "resume_key_support", true)) {
+			torture_comment(tctx,
+					"SKIP: Continue %s via %s\n",
+					search_types[t].name, search_types[t].cont_name);
+			continue;
+		}
+
+		result.tctx = talloc_new(tctx);
+	
+		torture_comment(tctx,
+				"Continue %s via %s\n", search_types[t].name, search_types[t].cont_name);
+
+		status = multiple_search(cli, tctx, BASEDIR "\\*.*", 
+					 search_types[t].data_level,
+					 search_types[t].cont_type,
+					 &result);
+		if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
+			torture_warning(tctx, "search level %s not supported "
+					"by server",
+					search_types[t].name);
+			continue;
+		}
+		torture_assert_ntstatus_ok(tctx, status, "search failed");
+		CHECK_VALUE(result.count, num_files);
+
+		compare_data_level = search_types[t].data_level;
+
+		TYPESAFE_QSORT(result.list, result.count, search_compare);
+
+		for (i=0;i<result.count;i++) {
+			const char *s;
+			enum smb_search_level level;
+			if (compare_data_level == RAW_SEARCH_DATA_SEARCH) {
+				level = RAW_SEARCH_SEARCH;
+			} else {
+				level = RAW_SEARCH_TRANS2;
+			}
+			s = extract_name(&result.list[i], level, compare_data_level);
+			fname = talloc_asprintf(cli, "t%03d-%d.txt", i, i);
+			torture_assert_str_equal(tctx, fname, s, "Incorrect name");
+			talloc_free(fname);
+		}
+		talloc_free(result.tctx);
+	}
+
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+/*
+  check a individual file result
+*/
+static bool check_result(struct multiple_result *result, const char *name, bool exist, uint32_t attrib)
+{
+	int i;
+	for (i=0;i<result->count;i++) {
+		if (strcmp(name, result->list[i].both_directory_info.name.s) == 0) break;
+	}
+	if (i == result->count) {
+		if (exist) {
+			printf("failed: '%s' should exist with attribute %s\n", 
+			       name, attrib_string(result->list, attrib));
+			return false;
+		}
+		return true;
+	}
+
+	if (!exist) {
+		printf("failed: '%s' should NOT exist (has attribute %s)\n", 
+		       name, attrib_string(result->list, result->list[i].both_directory_info.attrib));
+		return false;
+	}
+
+	if ((result->list[i].both_directory_info.attrib&0xFFF) != attrib) {
+		printf("failed: '%s' should have attribute 0x%x (has 0x%x)\n",
+		       name, 
+		       attrib, result->list[i].both_directory_info.attrib);
+		return false;
+	}
+	return true;
+}
+
+/* 
+   test what happens when the directory is modified during a search
+*/
+static bool test_modify_search(struct torture_context *tctx, 
+							   struct smbcli_state *cli)
+{
+	const int num_files = 20;
+	int i, fnum;
+	char *fname;
+	bool ret = true;
+	NTSTATUS status;
+	struct multiple_result result;
+	union smb_search_first io;
+	union smb_search_next io2;
+	union smb_setfileinfo sfinfo;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	printf("Creating %d files\n", num_files);
+
+	for (i=num_files-1;i>=0;i--) {
+		fname = talloc_asprintf(cli, BASEDIR "\\t%03d-%d.txt", i, i);
+		fnum = smbcli_open(cli->tree, fname, O_CREAT|O_RDWR, DENY_NONE);
+		if (fnum == -1) {
+			printf("Failed to create %s - %s\n", fname, smbcli_errstr(cli->tree));
+			ret = false;
+			goto done;
+		}
+		talloc_free(fname);
+		smbcli_close(cli->tree, fnum);
+	}
+
+	printf("pulling the first file\n");
+	ZERO_STRUCT(result);
+	result.tctx = talloc_new(tctx);
+
+	io.t2ffirst.level = RAW_SEARCH_TRANS2;
+	io.t2ffirst.data_level = RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO;
+	io.t2ffirst.in.search_attrib = 0;
+	io.t2ffirst.in.max_count = 0;
+	io.t2ffirst.in.flags = 0;
+	io.t2ffirst.in.storage_type = 0;
+	io.t2ffirst.in.pattern = BASEDIR "\\*.*";
+
+	status = smb_raw_search_first(cli->tree, tctx,
+				      &io, &result, multiple_search_callback);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(result.count, 1);
+	
+	printf("pulling the second file\n");
+	io2.t2fnext.level = RAW_SEARCH_TRANS2;
+	io2.t2fnext.data_level = RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO;
+	io2.t2fnext.in.handle = io.t2ffirst.out.handle;
+	io2.t2fnext.in.max_count = 1;
+	io2.t2fnext.in.resume_key = 0;
+	io2.t2fnext.in.flags = 0;
+	io2.t2fnext.in.last_name = result.list[result.count-1].both_directory_info.name.s;
+
+	status = smb_raw_search_next(cli->tree, tctx,
+				     &io2, &result, multiple_search_callback);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(result.count, 2);
+
+	result.count = 0;
+
+	printf("Changing attributes and deleting\n");
+	smbcli_open(cli->tree, BASEDIR "\\T003-03.txt.2", O_CREAT|O_RDWR, DENY_NONE);
+	smbcli_open(cli->tree, BASEDIR "\\T013-13.txt.2", O_CREAT|O_RDWR, DENY_NONE);
+	fnum = create_complex_file(cli, tctx, BASEDIR "\\T013-13.txt.3");
+	smbcli_unlink(cli->tree, BASEDIR "\\T014-14.txt");
+	torture_set_file_attribute(cli->tree, BASEDIR "\\T015-15.txt", FILE_ATTRIBUTE_HIDDEN);
+	torture_set_file_attribute(cli->tree, BASEDIR "\\T016-16.txt", FILE_ATTRIBUTE_NORMAL);
+	torture_set_file_attribute(cli->tree, BASEDIR "\\T017-17.txt", FILE_ATTRIBUTE_SYSTEM);	
+	torture_set_file_attribute(cli->tree, BASEDIR "\\T018-18.txt", 0);	
+	sfinfo.generic.level = RAW_SFILEINFO_DISPOSITION_INFORMATION;
+	sfinfo.generic.in.file.fnum = fnum;
+	sfinfo.disposition_info.in.delete_on_close = 1;
+	status = smb_raw_setfileinfo(cli->tree, &sfinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	io2.t2fnext.level = RAW_SEARCH_TRANS2;
+	io2.t2fnext.data_level = RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO;
+	io2.t2fnext.in.handle = io.t2ffirst.out.handle;
+	io2.t2fnext.in.max_count = num_files + 3;
+	io2.t2fnext.in.resume_key = 0;
+	io2.t2fnext.in.flags = 0;
+	io2.t2fnext.in.last_name = ".";
+
+	status = smb_raw_search_next(cli->tree, tctx,
+				     &io2, &result, multiple_search_callback);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(result.count, 20);
+
+	ret &= check_result(&result, "t009-9.txt", true, FILE_ATTRIBUTE_ARCHIVE);
+	ret &= check_result(&result, "t014-14.txt", false, 0);
+	ret &= check_result(&result, "t015-15.txt", false, 0);
+	ret &= check_result(&result, "t016-16.txt", true, FILE_ATTRIBUTE_NORMAL);
+	ret &= check_result(&result, "t017-17.txt", false, 0);
+	ret &= check_result(&result, "t018-18.txt", true, FILE_ATTRIBUTE_ARCHIVE);
+	ret &= check_result(&result, "t019-19.txt", true, FILE_ATTRIBUTE_ARCHIVE);
+	ret &= check_result(&result, "T013-13.txt.2", true, FILE_ATTRIBUTE_ARCHIVE);
+	ret &= check_result(&result, "T003-3.txt.2", false, 0);
+	ret &= check_result(&result, "T013-13.txt.3", true, FILE_ATTRIBUTE_ARCHIVE);
+
+	if (!ret) {
+		for (i=0;i<result.count;i++) {
+			printf("%s %s (0x%x)\n", 
+			       result.list[i].both_directory_info.name.s, 
+			       attrib_string(tctx, result.list[i].both_directory_info.attrib),
+			       result.list[i].both_directory_info.attrib);
+		}
+	}
+
+done:
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+
+/* 
+   testing if directories always come back sorted
+*/
+static bool test_sorted(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	const int num_files = 700;
+	int i, fnum;
+	char *fname;
+	bool ret = true;
+	NTSTATUS status;
+	struct multiple_result result;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	printf("Creating %d files\n", num_files);
+
+	for (i=0;i<num_files;i++) {
+		fname = talloc_asprintf(cli, BASEDIR "\\%s.txt", generate_random_str_list(tctx, 10, "abcdefgh"));
+		fnum = smbcli_open(cli->tree, fname, O_CREAT|O_RDWR, DENY_NONE);
+		if (fnum == -1) {
+			printf("Failed to create %s - %s\n", fname, smbcli_errstr(cli->tree));
+			ret = false;
+			goto done;
+		}
+		talloc_free(fname);
+		smbcli_close(cli->tree, fnum);
+	}
+
+
+	ZERO_STRUCT(result);
+	result.tctx = tctx;
+	
+	status = multiple_search(cli, tctx, BASEDIR "\\*.*", 
+				 RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO,
+				 CONT_NAME, &result);	
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(result.count, num_files);
+
+	for (i=0;i<num_files-1;i++) {
+		const char *name1, *name2;
+		name1 = result.list[i].both_directory_info.name.s;
+		name2 = result.list[i+1].both_directory_info.name.s;
+		if (strcasecmp_m(name1, name2) > 0) {
+			printf("non-alphabetical order at entry %d  '%s' '%s'\n", 
+			       i, name1, name2);
+			printf("Server does not produce sorted directory listings (not an error)\n");
+			goto done;
+		}
+	}
+
+	talloc_free(result.list);
+
+done:
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+
+
+/* 
+   basic testing of many old style search calls using separate dirs
+*/
+static bool test_many_dirs(struct torture_context *tctx, 
+						   struct smbcli_state *cli)
+{
+	const int num_dirs = 20;
+	int i, fnum, n;
+	char *fname, *dname;
+	bool ret = true;
+	NTSTATUS status;
+	union smb_search_data *file, *file2, *file3;
+
+	if (!torture_setting_bool(tctx, "raw_search_search", true)) {
+		torture_comment(tctx, "Skipping these tests as the server "
+			"doesn't support old style search calls\n");
+		return true;
+	}
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	printf("Creating %d dirs\n", num_dirs);
+
+	for (i=0;i<num_dirs;i++) {
+		dname = talloc_asprintf(cli, BASEDIR "\\d%d", i);
+		status = smbcli_mkdir(cli->tree, dname);
+		if (!NT_STATUS_IS_OK(status)) {
+			printf("(%s) Failed to create %s - %s\n", 
+			       __location__, dname, nt_errstr(status));
+			ret = false;
+			goto done;
+		}
+
+		for (n=0;n<3;n++) {
+			fname = talloc_asprintf(cli, BASEDIR "\\d%d\\f%d-%d.txt", i, i, n);
+			fnum = smbcli_open(cli->tree, fname, O_CREAT|O_RDWR, DENY_NONE);
+			if (fnum == -1) {
+				printf("(%s) Failed to create %s - %s\n", 
+				       __location__, fname, smbcli_errstr(cli->tree));
+				ret = false;
+				goto done;
+			}
+			talloc_free(fname);
+			smbcli_close(cli->tree, fnum);
+		}
+
+		talloc_free(dname);
+	}
+
+	file  = talloc_zero_array(tctx, union smb_search_data, num_dirs);
+	file2 = talloc_zero_array(tctx, union smb_search_data, num_dirs);
+	file3 = talloc_zero_array(tctx, union smb_search_data, num_dirs);
+
+	printf("Search first on %d dirs\n", num_dirs);
+
+	for (i=0;i<num_dirs;i++) {
+		union smb_search_first io;
+		io.search_first.level = RAW_SEARCH_SEARCH;
+		io.search_first.data_level = RAW_SEARCH_DATA_SEARCH;
+		io.search_first.in.max_count = 1;
+		io.search_first.in.search_attrib = 0;
+		io.search_first.in.pattern = talloc_asprintf(tctx, BASEDIR "\\d%d\\*.txt", i);
+		fname = talloc_asprintf(tctx, "f%d-", i);
+
+		io.search_first.out.count = 0;
+
+		status = smb_raw_search_first(cli->tree, tctx,
+					      &io, (void *)&file[i], single_search_callback);
+		if (io.search_first.out.count != 1) {
+			printf("(%s) search first gave %d entries for dir %d - %s\n",
+			       __location__, io.search_first.out.count, i, nt_errstr(status));
+			ret = false;
+			goto done;
+		}
+		CHECK_STATUS(status, NT_STATUS_OK);
+		if (strncasecmp(file[i].search.name, fname, strlen(fname)) != 0) {
+			printf("(%s) incorrect name '%s' expected '%s'[12].txt\n", 
+			       __location__, file[i].search.name, fname);
+			ret = false;
+			goto done;
+		}
+
+		talloc_free(fname);
+	}
+
+	printf("Search next on %d dirs\n", num_dirs);
+
+	for (i=0;i<num_dirs;i++) {
+		union smb_search_next io2;
+
+		io2.search_next.level = RAW_SEARCH_SEARCH;
+		io2.search_next.data_level = RAW_SEARCH_DATA_SEARCH;
+		io2.search_next.in.max_count = 1;
+		io2.search_next.in.search_attrib = 0;
+		io2.search_next.in.id = file[i].search.id;
+		fname = talloc_asprintf(tctx, "f%d-", i);
+
+		io2.search_next.out.count = 0;
+
+		status = smb_raw_search_next(cli->tree, tctx,
+					     &io2, (void *)&file2[i], single_search_callback);
+		if (io2.search_next.out.count != 1) {
+			printf("(%s) search next gave %d entries for dir %d - %s\n",
+			       __location__, io2.search_next.out.count, i, nt_errstr(status));
+			ret = false;
+			goto done;
+		}
+		CHECK_STATUS(status, NT_STATUS_OK);
+		if (strncasecmp(file2[i].search.name, fname, strlen(fname)) != 0) {
+			printf("(%s) incorrect name '%s' expected '%s'[12].txt\n", 
+			       __location__, file2[i].search.name, fname);
+			ret = false;
+			goto done;
+		}
+
+		talloc_free(fname);
+	}
+
+
+	printf("Search next (rewind) on %d dirs\n", num_dirs);
+
+	for (i=0;i<num_dirs;i++) {
+		union smb_search_next io2;
+
+		io2.search_next.level = RAW_SEARCH_SEARCH;
+		io2.search_next.data_level = RAW_SEARCH_DATA_SEARCH;
+		io2.search_next.in.max_count = 1;
+		io2.search_next.in.search_attrib = 0;
+		io2.search_next.in.id = file[i].search.id;
+		fname = talloc_asprintf(tctx, "f%d-", i);
+		io2.search_next.out.count = 0;
+
+		status = smb_raw_search_next(cli->tree, tctx,
+					     &io2, (void *)&file3[i], single_search_callback);
+		if (io2.search_next.out.count != 1) {
+			printf("(%s) search next gave %d entries for dir %d - %s\n",
+			       __location__, io2.search_next.out.count, i, nt_errstr(status));
+			ret = false;
+			goto done;
+		}
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		if (strncasecmp(file3[i].search.name, file2[i].search.name, 3) != 0) {
+			printf("(%s) incorrect name '%s' on rewind at dir %d\n", 
+			       __location__, file2[i].search.name, i);
+			ret = false;
+			goto done;
+		}
+
+		if (torture_setting_bool(tctx, "rewind_support", true) &&
+		    strcmp(file3[i].search.name, file2[i].search.name) != 0) {
+			printf("(%s) server did not rewind - got '%s' expected '%s'\n", 
+			       __location__, file3[i].search.name, file2[i].search.name);
+			ret = false;
+			goto done;
+		}
+
+		talloc_free(fname);
+	}
+
+
+done:
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+
+/* 
+   testing of OS/2 style delete
+*/
+static bool test_os2_delete(struct torture_context *tctx, 
+							struct smbcli_state *cli)
+{
+	const int num_files = 700;
+	const int delete_count = 4;
+	int total_deleted = 0;
+	int i, fnum;
+	char *fname;
+	bool ret = true;
+	NTSTATUS status;
+	union smb_search_first io;
+	union smb_search_next io2;
+	struct multiple_result result;
+
+	if (!torture_setting_bool(tctx, "search_ea_size", true)){
+		torture_comment(tctx,
+				"Server does not support RAW_SEARCH_EA_SIZE "
+				"level. Skipping this test\n");
+		return true;
+	}
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	printf("Testing OS/2 style delete on %d files\n", num_files);
+
+	for (i=0;i<num_files;i++) {
+		fname = talloc_asprintf(cli, BASEDIR "\\file%u.txt", i);
+		fnum = smbcli_open(cli->tree, fname, O_CREAT|O_RDWR, DENY_NONE);
+		if (fnum == -1) {
+			printf("Failed to create %s - %s\n", fname, smbcli_errstr(cli->tree));
+			ret = false;
+			goto done;
+		}
+		talloc_free(fname);
+		smbcli_close(cli->tree, fnum);
+	}
+
+
+	ZERO_STRUCT(result);
+	result.tctx = tctx;
+
+	io.t2ffirst.level = RAW_SEARCH_TRANS2;
+	io.t2ffirst.data_level = RAW_SEARCH_DATA_EA_SIZE;
+	io.t2ffirst.in.search_attrib = 0;
+	io.t2ffirst.in.max_count = 100;
+	io.t2ffirst.in.flags = FLAG_TRANS2_FIND_REQUIRE_RESUME;
+	io.t2ffirst.in.storage_type = 0;
+	io.t2ffirst.in.pattern = BASEDIR "\\*";
+
+	status = smb_raw_search_first(cli->tree, tctx,
+				      &io, &result, multiple_search_callback);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	for (i=0;i<MIN(result.count, delete_count);i++) {
+		fname = talloc_asprintf(cli, BASEDIR "\\%s", result.list[i].ea_size.name.s);
+		status = smbcli_unlink(cli->tree, fname);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		total_deleted++;
+		talloc_free(fname);
+	}
+
+	io2.t2fnext.level = RAW_SEARCH_TRANS2;
+	io2.t2fnext.data_level = RAW_SEARCH_DATA_EA_SIZE;
+	io2.t2fnext.in.handle = io.t2ffirst.out.handle;
+	io2.t2fnext.in.max_count = 100;
+	io2.t2fnext.in.resume_key = result.list[i-1].ea_size.resume_key;
+	io2.t2fnext.in.flags = FLAG_TRANS2_FIND_REQUIRE_RESUME;
+	io2.t2fnext.in.last_name = result.list[i-1].ea_size.name.s;
+
+	do {
+		ZERO_STRUCT(result);
+		result.tctx = tctx;
+
+		status = smb_raw_search_next(cli->tree, tctx,
+					     &io2, &result, multiple_search_callback);
+		if (!NT_STATUS_IS_OK(status)) {
+			break;
+		}
+
+		for (i=0;i<MIN(result.count, delete_count);i++) {
+			fname = talloc_asprintf(cli, BASEDIR "\\%s", result.list[i].ea_size.name.s);
+			status = smbcli_unlink(cli->tree, fname);
+			CHECK_STATUS(status, NT_STATUS_OK);
+			total_deleted++;
+			talloc_free(fname);
+		}
+
+		if (i>0) {
+			io2.t2fnext.in.resume_key = result.list[i-1].ea_size.resume_key;
+			io2.t2fnext.in.last_name = result.list[i-1].ea_size.name.s;
+		}
+	} while (NT_STATUS_IS_OK(status) && result.count != 0);
+
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	if (total_deleted != num_files) {
+		printf("error: deleted %d - expected to delete %d\n", 
+		       total_deleted, num_files);
+		ret = false;
+	}
+
+done:
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+
+static int ealist_cmp(union smb_search_data *r1, union smb_search_data *r2)
+{
+	return strcmp(r1->ea_list.name.s, r2->ea_list.name.s);
+}
+
+/* 
+   testing of the rather strange ea_list level
+*/
+static bool test_ea_list(struct torture_context *tctx, 
+						 struct smbcli_state *cli)
+{
+	int  fnum;
+	bool ret = true;
+	NTSTATUS status;
+	union smb_search_first io;
+	union smb_search_next nxt;
+	struct multiple_result result;
+	union smb_setfileinfo setfile;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	printf("Testing RAW_SEARCH_EA_LIST level\n");
+
+	if (!torture_setting_bool(tctx, "search_ea_support", true) ||
+	    !torture_setting_bool(tctx, "ea_support", true)) {
+		printf("..skipped per target configuration.\n");
+		return true;
+	}
+
+	fnum = smbcli_open(cli->tree, BASEDIR "\\file1.txt", O_CREAT|O_RDWR, DENY_NONE);
+	smbcli_close(cli->tree, fnum);
+
+	fnum = smbcli_open(cli->tree, BASEDIR "\\file2.txt", O_CREAT|O_RDWR, DENY_NONE);
+	smbcli_close(cli->tree, fnum);
+
+	fnum = smbcli_open(cli->tree, BASEDIR "\\file3.txt", O_CREAT|O_RDWR, DENY_NONE);
+	smbcli_close(cli->tree, fnum);
+
+	setfile.generic.level = RAW_SFILEINFO_EA_SET;
+	setfile.generic.in.file.path = BASEDIR "\\file2.txt";
+	setfile.ea_set.in.num_eas = 2;
+	setfile.ea_set.in.eas = talloc_array(tctx, struct ea_struct, 2);
+	setfile.ea_set.in.eas[0].flags = 0;
+	setfile.ea_set.in.eas[0].name.s = "EA ONE";
+	setfile.ea_set.in.eas[0].value = data_blob_string_const("VALUE 1");
+	setfile.ea_set.in.eas[1].flags = 0;
+	setfile.ea_set.in.eas[1].name.s = "SECOND EA";
+	setfile.ea_set.in.eas[1].value = data_blob_string_const("Value Two");
+
+	status = smb_raw_setpathinfo(cli->tree, &setfile);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	setfile.generic.in.file.path = BASEDIR "\\file3.txt";
+	status = smb_raw_setpathinfo(cli->tree, &setfile);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	
+	ZERO_STRUCT(result);
+	result.tctx = tctx;
+
+	io.t2ffirst.level = RAW_SEARCH_TRANS2;
+	io.t2ffirst.data_level = RAW_SEARCH_DATA_EA_LIST;
+	io.t2ffirst.in.search_attrib = 0;
+	io.t2ffirst.in.max_count = 2;
+	io.t2ffirst.in.flags = FLAG_TRANS2_FIND_REQUIRE_RESUME;
+	io.t2ffirst.in.storage_type = 0;
+	io.t2ffirst.in.pattern = BASEDIR "\\*";
+	io.t2ffirst.in.num_names = 2;
+	io.t2ffirst.in.ea_names = talloc_array(tctx, struct ea_name, 2);
+	io.t2ffirst.in.ea_names[0].name.s = "SECOND EA";
+	io.t2ffirst.in.ea_names[1].name.s = "THIRD EA";
+
+	status = smb_raw_search_first(cli->tree, tctx,
+				      &io, &result, multiple_search_callback);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(result.count, 2);
+
+	nxt.t2fnext.level = RAW_SEARCH_TRANS2;
+	nxt.t2fnext.data_level = RAW_SEARCH_DATA_EA_LIST;
+	nxt.t2fnext.in.handle = io.t2ffirst.out.handle;
+	nxt.t2fnext.in.max_count = 2;
+	nxt.t2fnext.in.resume_key = result.list[1].ea_list.resume_key;
+	nxt.t2fnext.in.flags = FLAG_TRANS2_FIND_REQUIRE_RESUME | FLAG_TRANS2_FIND_CONTINUE;
+	nxt.t2fnext.in.last_name = result.list[1].ea_list.name.s;
+	nxt.t2fnext.in.num_names = 2;
+	nxt.t2fnext.in.ea_names = talloc_array(tctx, struct ea_name, 2);
+	nxt.t2fnext.in.ea_names[0].name.s = "SECOND EA";
+	nxt.t2fnext.in.ea_names[1].name.s = "THIRD EA";
+
+	status = smb_raw_search_next(cli->tree, tctx,
+				     &nxt, &result, multiple_search_callback);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* we have to sort the result as different servers can return directories
+	   in different orders */
+	TYPESAFE_QSORT(result.list, result.count, ealist_cmp);
+
+	CHECK_VALUE(result.count, 3);
+	CHECK_VALUE(result.list[0].ea_list.eas.num_eas, 2);
+	CHECK_STRING(result.list[0].ea_list.name.s, "file1.txt");
+	CHECK_STRING(result.list[0].ea_list.eas.eas[0].name.s, "SECOND EA");
+	CHECK_VALUE(result.list[0].ea_list.eas.eas[0].value.length, 0);
+	CHECK_STRING(result.list[0].ea_list.eas.eas[1].name.s, "THIRD EA");
+	CHECK_VALUE(result.list[0].ea_list.eas.eas[1].value.length, 0);
+
+	CHECK_STRING(result.list[1].ea_list.name.s, "file2.txt");
+	CHECK_STRING(result.list[1].ea_list.eas.eas[0].name.s, "SECOND EA");
+	CHECK_VALUE(result.list[1].ea_list.eas.eas[0].value.length, 9);
+	CHECK_STRING((const char *)result.list[1].ea_list.eas.eas[0].value.data, "Value Two");
+	CHECK_STRING(result.list[1].ea_list.eas.eas[1].name.s, "THIRD EA");
+	CHECK_VALUE(result.list[1].ea_list.eas.eas[1].value.length, 0);
+
+	CHECK_STRING(result.list[2].ea_list.name.s, "file3.txt");
+	CHECK_STRING(result.list[2].ea_list.eas.eas[0].name.s, "SECOND EA");
+	CHECK_VALUE(result.list[2].ea_list.eas.eas[0].value.length, 9);
+	CHECK_STRING((const char *)result.list[2].ea_list.eas.eas[0].value.data, "Value Two");
+	CHECK_STRING(result.list[2].ea_list.eas.eas[1].name.s, "THIRD EA");
+	CHECK_VALUE(result.list[2].ea_list.eas.eas[1].value.length, 0);
+
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+/*
+ Test the behavior of max count parameter in TRANS2_FIND_FIRST2 and
+ TRANS2_FIND_NEXT2 queries
+*/
+static bool test_max_count(struct torture_context *tctx,
+			   struct smbcli_state *cli)
+{
+	const int num_files = 2;
+	int i, fnum;
+	char *fname;
+	bool ret = true;
+	NTSTATUS status;
+	struct multiple_result result;
+	union smb_search_first io;
+	union smb_search_next io2;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	torture_comment(tctx, "Creating %d files\n", num_files);
+
+	for (i=num_files-1;i>=0;i--) {
+		fname = talloc_asprintf(cli, BASEDIR "\\t%03d-%d.txt", i, i);
+		fnum = smbcli_open(cli->tree, fname, O_CREAT|O_RDWR, DENY_NONE);
+		if (fnum == -1) {
+			torture_comment(tctx,
+				"Failed to create %s - %s\n",
+				fname, smbcli_errstr(cli->tree));
+			ret = false;
+			goto done;
+		}
+		talloc_free(fname);
+		smbcli_close(cli->tree, fnum);
+	}
+
+	torture_comment(tctx, "Set max_count parameter to 0. "
+			"This should return 1 entry\n");
+	ZERO_STRUCT(result);
+	result.tctx = talloc_new(tctx);
+
+	io.t2ffirst.level = RAW_SEARCH_TRANS2;
+	io.t2ffirst.data_level = RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO;
+	io.t2ffirst.in.search_attrib = 0;
+	io.t2ffirst.in.max_count = 0;
+	io.t2ffirst.in.flags = 0;
+	io.t2ffirst.in.storage_type = 0;
+	io.t2ffirst.in.pattern = BASEDIR "\\*.*";
+
+	status = smb_raw_search_first(cli->tree, tctx,
+				      &io, &result, multiple_search_callback);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(result.count, 1);
+
+	torture_comment(tctx, "Set max_count to 1. This should also "
+			"return 1 entry\n");
+	io2.t2fnext.level = RAW_SEARCH_TRANS2;
+	io2.t2fnext.data_level = RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO;
+	io2.t2fnext.in.handle = io.t2ffirst.out.handle;
+	io2.t2fnext.in.max_count = 1;
+	io2.t2fnext.in.resume_key = 0;
+	io2.t2fnext.in.flags = 0;
+	io2.t2fnext.in.last_name =
+		result.list[result.count-1].both_directory_info.name.s;
+
+	status = smb_raw_search_next(cli->tree, tctx,
+				     &io2, &result, multiple_search_callback);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(result.count, 2);
+done:
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+
+	return ret;
+}
+
+/* 
+   basic testing of all RAW_SEARCH_* calls using a single file
+*/
+struct torture_suite *torture_raw_search(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "search");
+
+	torture_suite_add_2smb_test(suite, "one file search", test_one_file);
+	torture_suite_add_1smb_test(suite, "many files", test_many_files);
+	torture_suite_add_1smb_test(suite, "sorted", test_sorted);
+	torture_suite_add_1smb_test(suite, "modify search", test_modify_search);
+	torture_suite_add_1smb_test(suite, "many dirs", test_many_dirs);
+	torture_suite_add_1smb_test(suite, "os2 delete", test_os2_delete);
+	torture_suite_add_1smb_test(suite, "ea list", test_ea_list);
+	torture_suite_add_1smb_test(suite, "max count", test_max_count);
+
+	return suite;
+}
diff --git a/source4/torture/raw/seek.c b/source4/torture/raw/seek.c
new file mode 100644
index 0000000..6bac828
--- /dev/null
+++ b/source4/torture/raw/seek.c
@@ -0,0 +1,242 @@
+/* 
+   Unix SMB/CIFS implementation.
+   seek test suite
+   Copyright (C) Andrew Tridgell 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "torture/raw/proto.h"
+
+#define CHECK_STATUS(status, correct) do { \
+	if (!NT_STATUS_EQUAL(status, correct)) { \
+		printf("(%d) Incorrect status %s - should be %s\n", \
+		       __LINE__, nt_errstr(status), nt_errstr(correct)); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+#define CHECK_VALUE(v, correct) do { \
+	if ((v) != (correct)) { \
+		printf("(%d) Incorrect value %s=%d - should be %d\n", \
+		       __LINE__, #v, (int)v, (int)correct); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+#define BASEDIR "\\testseek"
+
+/*
+  test seek ops
+*/
+static bool test_seek(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
+{
+	union smb_seek io;
+	union smb_fileinfo finfo;
+	union smb_setfileinfo sfinfo;
+	NTSTATUS status;
+	bool ret = true;
+	int fnum, fnum2;
+	const char *fname = BASEDIR "\\test.txt";
+	uint8_t c[2];
+
+	if (!torture_setup_dir(cli, BASEDIR)) {
+		return false;
+	}
+
+	fnum = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT|O_TRUNC, DENY_NONE);
+	if (fnum == -1) {
+		printf("Failed to open test.txt - %s\n", smbcli_errstr(cli->tree));
+		ret = false;
+		goto done;
+	}
+
+	finfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
+	finfo.position_information.in.file.fnum = fnum;
+	
+	printf("Trying bad handle\n");
+	io.lseek.in.file.fnum = fnum+1;
+	io.lseek.in.mode = SEEK_MODE_START;
+	io.lseek.in.offset = 0;
+	status = smb_raw_seek(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE);
+
+	printf("Trying simple seek\n");
+	io.lseek.in.file.fnum = fnum;
+	io.lseek.in.mode = SEEK_MODE_START;
+	io.lseek.in.offset = 17;
+	status = smb_raw_seek(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.lseek.out.offset, 17);
+	status = smb_raw_fileinfo(cli->tree, mem_ctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(finfo.position_information.out.position, 0);
+	
+	printf("Trying relative seek\n");
+	io.lseek.in.file.fnum = fnum;
+	io.lseek.in.mode = SEEK_MODE_CURRENT;
+	io.lseek.in.offset = -3;
+	status = smb_raw_seek(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.lseek.out.offset, 14);
+
+	printf("Trying end seek\n");
+	io.lseek.in.file.fnum = fnum;
+	io.lseek.in.mode = SEEK_MODE_END;
+	io.lseek.in.offset = 0;
+	status = smb_raw_seek(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	finfo.generic.level = RAW_FILEINFO_ALL_INFO;
+	finfo.all_info.in.file.fnum = fnum;
+	status = smb_raw_fileinfo(cli->tree, mem_ctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.lseek.out.offset, finfo.all_info.out.size);
+
+	printf("Trying max seek\n");
+	io.lseek.in.file.fnum = fnum;
+	io.lseek.in.mode = SEEK_MODE_START;
+	io.lseek.in.offset = -1;
+	status = smb_raw_seek(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.lseek.out.offset, 0xffffffff);
+
+	printf("Testing position information change\n");
+	finfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
+	finfo.position_information.in.file.fnum = fnum;
+	status = smb_raw_fileinfo(cli->tree, mem_ctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(finfo.position_information.out.position, 0);
+
+	printf("Trying max overflow\n");
+	io.lseek.in.file.fnum = fnum;
+	io.lseek.in.mode = SEEK_MODE_CURRENT;
+	io.lseek.in.offset = 1000;
+	status = smb_raw_seek(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.lseek.out.offset, 999);
+
+	printf("Testing position information change\n");
+	finfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
+	finfo.position_information.in.file.fnum = fnum;
+	status = smb_raw_fileinfo(cli->tree, mem_ctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(finfo.position_information.out.position, 0);
+
+	printf("trying write to update offset\n");
+	ZERO_STRUCT(c);
+	if (smbcli_write(cli->tree, fnum, 0, c, 0, 2) != 2) {
+		printf("Write failed - %s\n", smbcli_errstr(cli->tree));
+		ret = false;
+		goto done;		
+	}
+
+	printf("Testing position information change\n");
+	finfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
+	finfo.position_information.in.file.fnum = fnum;
+	status = smb_raw_fileinfo(cli->tree, mem_ctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(finfo.position_information.out.position, 0);
+
+	io.lseek.in.file.fnum = fnum;
+	io.lseek.in.mode = SEEK_MODE_CURRENT;
+	io.lseek.in.offset = 0;
+	status = smb_raw_seek(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.lseek.out.offset, 2);
+	
+	if (smbcli_read(cli->tree, fnum, c, 0, 1) != 1) {
+		printf("Read failed - %s\n", smbcli_errstr(cli->tree));
+		ret = false;
+		goto done;		
+	}
+
+	printf("Testing position information change\n");
+	finfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
+	finfo.position_information.in.file.fnum = fnum;
+	status = smb_raw_fileinfo(cli->tree, mem_ctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(finfo.position_information.out.position, 1);
+
+	status = smb_raw_seek(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.lseek.out.offset, 1);
+
+	printf("Testing position information\n");
+	fnum2 = smbcli_open(cli->tree, fname, O_RDWR, DENY_NONE);
+	if (fnum2 == -1) {
+		printf("2nd open failed - %s\n", smbcli_errstr(cli->tree));
+		ret = false;
+		goto done;
+	}
+	sfinfo.generic.level = RAW_SFILEINFO_POSITION_INFORMATION;
+	sfinfo.position_information.in.file.fnum = fnum2;
+	sfinfo.position_information.in.position = 25;
+	status = smb_raw_setfileinfo(cli->tree, &sfinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	finfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
+	finfo.position_information.in.file.fnum = fnum2;
+	status = smb_raw_fileinfo(cli->tree, mem_ctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(finfo.position_information.out.position, 25);
+
+	finfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
+	finfo.position_information.in.file.fnum = fnum;
+	status = smb_raw_fileinfo(cli->tree, mem_ctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(finfo.position_information.out.position, 1);
+
+	printf("position_information via paths\n");
+
+	sfinfo.generic.level = RAW_SFILEINFO_POSITION_INFORMATION;
+	sfinfo.position_information.in.file.path = fname;
+	sfinfo.position_information.in.position = 32;
+	status = smb_raw_setpathinfo(cli->tree, &sfinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	finfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
+	finfo.position_information.in.file.fnum = fnum2;
+	status = smb_raw_fileinfo(cli->tree, mem_ctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(finfo.position_information.out.position, 25);
+
+	finfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
+	finfo.position_information.in.file.path = fname;
+	status = smb_raw_pathinfo(cli->tree, mem_ctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(finfo.position_information.out.position, 0);
+	
+
+done:
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+
+/* 
+   basic testing of seek calls
+*/
+bool torture_raw_seek(struct torture_context *torture, struct smbcli_state *cli)
+{
+	bool ret = true;
+
+	ret &= test_seek(cli, torture);
+
+	return ret;
+}
diff --git a/source4/torture/raw/session.c b/source4/torture/raw/session.c
new file mode 100644
index 0000000..76ae808
--- /dev/null
+++ b/source4/torture/raw/session.c
@@ -0,0 +1,446 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for session setup operations
+   Copyright (C) Gregor Beck 2012
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture.h"
+#include "libcli/libcli.h"
+#include "torture/raw/proto.h"
+#include "smb_composite/smb_composite.h"
+#include "lib/cmdline/cmdline.h"
+#include "param/param.h"
+#include "torture/util.h"
+#include "auth/credentials/credentials.h"
+#include "libcli/resolve/resolve.h"
+
+
+static bool test_session_reauth1(struct torture_context *tctx,
+				 struct smbcli_state *cli)
+{
+	NTSTATUS status;
+	struct smb_composite_sesssetup io;
+	int fnum, num;
+	const int dlen = 255;
+	char *data;
+	char fname[256];
+	char buf[dlen+1];
+	bool ok = true;
+	uint16_t vuid1 = cli->session->vuid;
+
+	data = generate_random_str(tctx, dlen);
+	torture_assert(tctx, (data != NULL), "memory allocation failed");
+	snprintf(fname, sizeof(fname), "raw_session_reconnect_%.8s.dat", data);
+
+	fnum = smbcli_nt_create_full(cli->tree, fname, 0,
+				     SEC_RIGHTS_FILE_ALL,
+				     FILE_ATTRIBUTE_NORMAL,
+				     NTCREATEX_SHARE_ACCESS_NONE,
+				     NTCREATEX_DISP_OPEN_IF,
+				     NTCREATEX_OPTIONS_DELETE_ON_CLOSE,
+				     0);
+	torture_assert_ntstatus_ok_goto(tctx, smbcli_nt_error(cli->tree), ok,
+					done, "create file");
+	torture_assert_goto(tctx, fnum > 0, ok, done, "create file");
+
+	num = smbcli_smbwrite(cli->tree, fnum, data, 0, dlen);
+	torture_assert_int_equal_goto(tctx, num, dlen, ok, done, "write file");
+
+	ZERO_STRUCT(io);
+	io.in.sesskey         = cli->transport->negotiate.sesskey;
+	io.in.capabilities    = cli->transport->negotiate.capabilities;
+	io.in.credentials     = samba_cmdline_get_creds();
+	io.in.workgroup       = lpcfg_workgroup(tctx->lp_ctx);
+	io.in.gensec_settings = lpcfg_gensec_settings(tctx, tctx->lp_ctx);
+	status = smb_composite_sesssetup(cli->session, &io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ok, done, "setup2");
+	torture_assert_int_equal_goto(tctx, io.out.vuid, vuid1, ok, done, "setup2");
+
+	buf[dlen] = '\0';
+
+	num = smbcli_read(cli->tree, fnum, &buf, 0, dlen);
+	torture_assert_int_equal_goto(tctx, num, dlen, ok, done, "read file");
+	torture_assert_str_equal_goto(tctx, buf, data, ok, done, "read file");
+
+done:
+	talloc_free(data);
+
+	if (fnum > 0) {
+		status = smbcli_close(cli->tree, fnum);
+		torture_assert_ntstatus_ok(tctx, status, "close");
+	}
+	return ok;
+}
+
+static bool test_session_reauth2_oplock_timeout(
+	struct smbcli_transport *transport, uint16_t tid, uint16_t fnum,
+	uint8_t level, void *private_data)
+{
+	return true;
+}
+
+static bool test_session_reauth2(struct torture_context *tctx,
+				 struct smbcli_state *cli)
+{
+	char *random_string;
+	char *fname;
+	union smb_open io_open;
+	struct smb_composite_sesssetup io_sesssetup;
+	union smb_fileinfo io_qsecdesc;
+	struct smbcli_request *req;
+	struct cli_credentials *anon_creds;
+	NTSTATUS status;
+	uint16_t fnum;
+	ssize_t nwritten;
+	uint16_t vuid1 = cli->session->vuid;
+
+	random_string = generate_random_str(tctx, 8);
+	torture_assert(tctx, (random_string != NULL),
+		       "memory allocation failed");
+	fname = talloc_asprintf(tctx, "raw_session_reauth2_%s.dat",
+				random_string);
+	talloc_free(random_string);
+	torture_assert(tctx, (fname != NULL), "memory allocation failed");
+
+	smbcli_unlink(cli->tree, fname);
+	smbcli_oplock_handler(cli->transport,
+			      test_session_reauth2_oplock_timeout,
+			      cli->tree);
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io_open);
+	io_open.generic.level = RAW_OPEN_NTCREATEX;
+	io_open.ntcreatex.in.root_fid.fnum = 0;
+	io_open.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_READ |
+		SEC_RIGHTS_FILE_WRITE | SEC_STD_DELETE;
+	io_open.ntcreatex.in.alloc_size = 0;
+	io_open.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io_open.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				       NTCREATEX_SHARE_ACCESS_WRITE;
+	io_open.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io_open.ntcreatex.in.create_options = 0;
+	io_open.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io_open.ntcreatex.in.security_flags = 0;
+	io_open.ntcreatex.in.fname = fname;
+
+	torture_comment(tctx, "open with batch oplock\n");
+	io_open.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
+		NTCREATEX_FLAGS_REQUEST_OPLOCK |
+		NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+
+	status = smb_raw_open(cli->tree, tctx, &io_open);
+	torture_assert_ntstatus_ok(tctx, status, "smb_raw_open failed");
+
+	fnum = io_open.ntcreatex.out.file.fnum;
+	torture_assert(
+		tctx,
+		(io_open.ntcreatex.out.oplock_level == BATCH_OPLOCK_RETURN),
+		"did not get batch oplock");
+
+	io_open.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
+	req = smb_raw_open_send(cli->tree, &io_open);
+	torture_assert(tctx, (req != NULL), "memory allocation failed");
+
+	/*
+	 * Make sure the open went through
+	 */
+	status = smbcli_chkpath(cli->tree, "\\");
+	torture_assert_ntstatus_ok(tctx, status, "smb_chkpath failed");
+
+	status = smbcli_nt_delete_on_close(cli->tree, fnum, true);
+	torture_assert_ntstatus_ok(tctx, status, "could not set delete on "
+				   "close");
+
+	anon_creds = cli_credentials_init_anon(tctx);
+	torture_assert(tctx, (anon_creds != NULL), "memory allocation failed");
+
+	ZERO_STRUCT(io_sesssetup);
+	io_sesssetup.in.sesskey      = cli->transport->negotiate.sesskey;
+	io_sesssetup.in.capabilities = cli->transport->negotiate.capabilities;
+	io_sesssetup.in.credentials  = anon_creds;
+	io_sesssetup.in.workgroup    = lpcfg_workgroup(tctx->lp_ctx);
+	io_sesssetup.in.gensec_settings = lpcfg_gensec_settings(
+		tctx, tctx->lp_ctx);
+	status = smb_composite_sesssetup(cli->session, &io_sesssetup);
+	torture_assert_ntstatus_ok(tctx, status, "setup2 failed");
+	torture_assert_int_equal(tctx, io_sesssetup.out.vuid, vuid1, "setup2");
+
+	status = smbcli_close(cli->tree, fnum);
+	torture_assert_ntstatus_ok(tctx, status, "close failed");
+
+	status = smb_raw_open_recv(req, tctx, &io_open);
+	torture_assert_ntstatus_ok(tctx, status, "2nd open failed");
+
+	fnum = io_open.ntcreatex.out.file.fnum;
+
+	nwritten = smbcli_write(cli->tree, fnum, 0, fname, 0, strlen(fname));
+	torture_assert(tctx, (nwritten == strlen(fname)),
+		       "smbcli_write failed");
+
+	ZERO_STRUCT(io_qsecdesc);
+	io_qsecdesc.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	io_qsecdesc.query_secdesc.in.file.fnum = fnum;
+	io_qsecdesc.query_secdesc.in.secinfo_flags = SECINFO_OWNER;
+	status = smb_raw_fileinfo(cli->tree, tctx, &io_qsecdesc);
+	torture_assert_ntstatus_equal(
+		tctx, status, NT_STATUS_ACCESS_DENIED,
+		"anon qsecdesc did not return ACCESS_DENIED");
+
+	ZERO_STRUCT(io_sesssetup);
+	io_sesssetup.in.sesskey      = cli->transport->negotiate.sesskey;
+	io_sesssetup.in.capabilities = cli->transport->negotiate.capabilities;
+	io_sesssetup.in.credentials  = samba_cmdline_get_creds();
+	io_sesssetup.in.workgroup    = lpcfg_workgroup(tctx->lp_ctx);
+	io_sesssetup.in.gensec_settings = lpcfg_gensec_settings(
+		tctx, tctx->lp_ctx);
+	status = smb_composite_sesssetup(cli->session, &io_sesssetup);
+	torture_assert_ntstatus_ok(tctx, status, "setup3 failed");
+	torture_assert_int_equal(tctx, io_sesssetup.out.vuid, vuid1, "setup2");
+
+	status = smb_raw_fileinfo(cli->tree, tctx, &io_qsecdesc);
+	torture_assert_ntstatus_ok(tctx, status, "2nd qsecdesc failed");
+
+	status = smbcli_nt_delete_on_close(cli->tree, fnum, true);
+	torture_assert_ntstatus_ok(tctx, status, "could not set delete on "
+				   "close");
+
+	status = smbcli_close(cli->tree, fnum);
+	torture_assert_ntstatus_ok(tctx, status, "close failed");
+
+	return true;
+}
+
+static bool test_session_expire1(struct torture_context *tctx)
+{
+	NTSTATUS status;
+	bool ret = false;
+	struct smbcli_options options;
+	struct smbcli_session_options session_options;
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *share = torture_setting_string(tctx, "share", NULL);
+	struct smbcli_state *cli = NULL;
+	enum credentials_use_kerberos use_kerberos;
+	char fname[256];
+	union smb_fileinfo qfinfo;
+	uint16_t vuid;
+	uint16_t fnum = 0;
+	struct smb_composite_sesssetup io_sesssetup;
+	size_t i;
+
+	use_kerberos = cli_credentials_get_kerberos_state(
+				samba_cmdline_get_creds());
+	if (use_kerberos != CRED_USE_KERBEROS_REQUIRED) {
+		torture_warning(tctx,
+				"smb2.session.expire1 requires "
+				"--use-kerberos=required!");
+		torture_skip(tctx,
+			     "smb2.session.expire1 requires "
+			     "--use-kerberos=required!");
+	}
+
+	torture_assert_int_equal(tctx,
+				 use_kerberos,
+				 CRED_USE_KERBEROS_REQUIRED,
+				 "please use --use-kerberos=required");
+
+	lpcfg_set_option(tctx->lp_ctx, "gensec_gssapi:requested_life_time=4");
+
+	lpcfg_smbcli_options(tctx->lp_ctx, &options);
+
+	lpcfg_smbcli_session_options(tctx->lp_ctx, &session_options);
+
+	status = smbcli_full_connection(tctx, &cli,
+					host,
+					lpcfg_smb_ports(tctx->lp_ctx),
+					share, NULL,
+					lpcfg_socket_options(tctx->lp_ctx),
+					samba_cmdline_get_creds(),
+					lpcfg_resolve_context(tctx->lp_ctx),
+					tctx->ev, &options, &session_options,
+					lpcfg_gensec_settings(tctx, tctx->lp_ctx));
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smbcli_full_connection failed");
+
+	vuid = cli->session->vuid;
+
+	/* Add some random component to the file name. */
+	snprintf(fname, 256, "session_expire1_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smbcli_unlink(cli->tree, fname);
+
+	fnum = smbcli_nt_create_full(cli->tree, fname, 0,
+				     SEC_RIGHTS_FILE_ALL,
+				     FILE_ATTRIBUTE_NORMAL,
+				     NTCREATEX_SHARE_ACCESS_NONE,
+				     NTCREATEX_DISP_OPEN_IF,
+				     NTCREATEX_OPTIONS_DELETE_ON_CLOSE,
+				     0);
+	torture_assert_ntstatus_ok_goto(tctx, smbcli_nt_error(cli->tree), ret,
+					done, "create file");
+	torture_assert_goto(tctx, fnum > 0, ret, done, "create file");
+
+	/* get the access information */
+
+	ZERO_STRUCT(qfinfo);
+
+	qfinfo.access_information.level = RAW_FILEINFO_ACCESS_INFORMATION;
+	qfinfo.access_information.in.file.fnum = fnum;
+
+	for (i=0; i < 2; i++) {
+		torture_comment(tctx, "query info => OK\n");
+		ZERO_STRUCT(qfinfo.access_information.out);
+		status = smb_raw_fileinfo(cli->tree, tctx, &qfinfo);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"raw_fileinfo failed");
+
+		torture_comment(tctx, "sleep 10 seconds\n");
+		smb_msleep(10*1000);
+	}
+
+	/*
+	 * the krb5 library may not handle expired creds
+	 * well, lets start with an empty ccache.
+	 */
+	cli_credentials_invalidate_ccache(samba_cmdline_get_creds(),
+				CRED_SPECIFIED);
+
+	/*
+	 * now with CAP_DYNAMIC_REAUTH
+	 *
+	 * This should trigger NT_STATUS_NETWORK_SESSION_EXPIRED
+	 */
+	ZERO_STRUCT(io_sesssetup);
+	io_sesssetup.in.sesskey      = cli->transport->negotiate.sesskey;
+	io_sesssetup.in.capabilities = cli->transport->negotiate.capabilities;
+	io_sesssetup.in.capabilities |= CAP_DYNAMIC_REAUTH;
+	io_sesssetup.in.credentials  = samba_cmdline_get_creds();
+	io_sesssetup.in.workgroup    = lpcfg_workgroup(tctx->lp_ctx);
+	io_sesssetup.in.gensec_settings = lpcfg_gensec_settings(tctx,
+							tctx->lp_ctx);
+
+	torture_comment(tctx, "reauth with CAP_DYNAMIC_REAUTH => OK\n");
+	ZERO_STRUCT(io_sesssetup.out);
+	status = smb_composite_sesssetup(cli->session, &io_sesssetup);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"reauth failed");
+	torture_assert_int_equal_goto(tctx, io_sesssetup.out.vuid, vuid,
+				      ret, done, "reauth");
+
+	for (i=0; i < 2; i++) {
+		torture_comment(tctx, "query info => OK\n");
+		ZERO_STRUCT(qfinfo.access_information.out);
+		status = smb_raw_fileinfo(cli->tree, tctx, &qfinfo);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"raw_fileinfo failed");
+
+		torture_comment(tctx, "sleep 10 seconds\n");
+		smb_msleep(10*1000);
+
+		torture_comment(tctx, "query info => EXPIRED\n");
+		ZERO_STRUCT(qfinfo.access_information.out);
+		status = smb_raw_fileinfo(cli->tree, tctx, &qfinfo);
+		torture_assert_ntstatus_equal_goto(tctx, status,
+					NT_STATUS_NETWORK_SESSION_EXPIRED,
+					ret, done, "raw_fileinfo expired");
+
+		/*
+		 * the krb5 library may not handle expired creds
+		 * well, lets start with an empty ccache.
+		 */
+		cli_credentials_invalidate_ccache(
+			samba_cmdline_get_creds(), CRED_SPECIFIED);
+
+		torture_comment(tctx, "reauth with CAP_DYNAMIC_REAUTH => OK\n");
+		ZERO_STRUCT(io_sesssetup.out);
+		status = smb_composite_sesssetup(cli->session, &io_sesssetup);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"reauth failed");
+		torture_assert_int_equal_goto(tctx, io_sesssetup.out.vuid, vuid,
+					      ret, done, "reauth");
+	}
+
+	torture_comment(tctx, "query info => OK\n");
+	ZERO_STRUCT(qfinfo.access_information.out);
+	status = smb_raw_fileinfo(cli->tree, tctx, &qfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"raw_fileinfo failed");
+
+	/*
+	 * the krb5 library may not handle expired creds
+	 * well, lets start with an empty ccache.
+	 */
+	cli_credentials_invalidate_ccache(samba_cmdline_get_creds(),
+				CRED_SPECIFIED);
+
+	/*
+	 * now without CAP_DYNAMIC_REAUTH
+	 *
+	 * This should not trigger NT_STATUS_NETWORK_SESSION_EXPIRED
+	 */
+	torture_comment(tctx, "reauth without CAP_DYNAMIC_REAUTH => OK\n");
+	io_sesssetup.in.capabilities &= ~CAP_DYNAMIC_REAUTH;
+
+	ZERO_STRUCT(io_sesssetup.out);
+	status = smb_composite_sesssetup(cli->session, &io_sesssetup);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"reauth failed");
+	torture_assert_int_equal_goto(tctx, io_sesssetup.out.vuid, vuid,
+				      ret, done, "reauth");
+
+	for (i=0; i < 2; i++) {
+		torture_comment(tctx, "query info => OK\n");
+
+		ZERO_STRUCT(qfinfo.access_information.out);
+		status = smb_raw_fileinfo(cli->tree, tctx, &qfinfo);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"raw_fileinfo failed");
+
+		torture_comment(tctx, "sleep 5 seconds\n");
+		smb_msleep(5*1000);
+	}
+
+	torture_comment(tctx, "query info => OK\n");
+	ZERO_STRUCT(qfinfo.access_information.out);
+	status = smb_raw_fileinfo(cli->tree, tctx, &qfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"raw_fileinfo failed");
+
+	ret = true;
+done:
+	if (fnum > 0) {
+		smbcli_close(cli->tree, fnum);
+	}
+
+	talloc_free(cli);
+	lpcfg_set_option(tctx->lp_ctx, "gensec_gssapi:requested_life_time=0");
+	return ret;
+}
+
+struct torture_suite *torture_raw_session(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "session");
+	suite->description = talloc_strdup(suite, "RAW-SESSION tests");
+
+	torture_suite_add_1smb_test(suite, "reauth1", test_session_reauth1);
+	torture_suite_add_1smb_test(suite, "reauth2", test_session_reauth2);
+	torture_suite_add_simple_test(suite, "expire1", test_session_expire1);
+
+	return suite;
+}
diff --git a/source4/torture/raw/setfileinfo.c b/source4/torture/raw/setfileinfo.c
new file mode 100644
index 0000000..45ff819
--- /dev/null
+++ b/source4/torture/raw/setfileinfo.c
@@ -0,0 +1,1152 @@
+/* 
+   Unix SMB/CIFS implementation.
+   RAW_SFILEINFO_* individual test suite
+   Copyright (C) Andrew Tridgell 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/time.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "torture/raw/proto.h"
+
+#define BASEDIR "\\testsfileinfo"
+
+/* basic testing of all RAW_SFILEINFO_* calls 
+   for each call we test that it succeeds, and where possible test 
+   for consistency between the calls. 
+*/
+static bool
+torture_raw_sfileinfo_base(struct torture_context *torture, struct smbcli_state *cli)
+{
+	bool ret = true;
+	int fnum = -1;
+	char *fnum_fname;
+	char *path_fname;
+	char *path_fname_new;
+	union smb_fileinfo finfo1, finfo2;
+	union smb_setfileinfo sfinfo;
+	NTSTATUS status, status2;
+	const char *call_name;
+	time_t basetime = (time(NULL) - 86400) & ~1;
+	bool check_fnum;
+	int n = time(NULL) % 100;
+	
+	path_fname = talloc_asprintf(torture, BASEDIR "\\fname_test_%d.txt", n);
+	path_fname_new = talloc_asprintf(torture, BASEDIR "\\fname_test_new_%d.txt", n);
+	fnum_fname = talloc_asprintf(torture, BASEDIR "\\fnum_test_%d.txt", n);
+
+	torture_assert(torture, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+#define RECREATE_FILE(fname) do { \
+	if (fnum != -1) smbcli_close(cli->tree, fnum); \
+	fnum = create_complex_file(cli, torture, fname); \
+	if (fnum == -1) { \
+		printf("(%s) ERROR: open of %s failed (%s)\n", \
+		       __location__, fname, smbcli_errstr(cli->tree)); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+#define RECREATE_BOTH do { \
+		RECREATE_FILE(path_fname); \
+		smbcli_close(cli->tree, fnum); \
+		RECREATE_FILE(fnum_fname); \
+	} while (0)
+
+	RECREATE_BOTH;
+	
+#define CHECK_CALL_FNUM(call, rightstatus) do { \
+	check_fnum = true; \
+	call_name = #call; \
+	sfinfo.generic.level = RAW_SFILEINFO_ ## call; \
+	sfinfo.generic.in.file.fnum = fnum; \
+	status = smb_raw_setfileinfo(cli->tree, &sfinfo); \
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) { \
+                torture_warning(torture, \
+			"(%s) %s - %s", __location__, #call, \
+                        nt_errstr(status)); \
+        } else if (!NT_STATUS_EQUAL(status, rightstatus)) { \
+		printf("(%s) %s - %s (should be %s)\n", __location__, #call, \
+			nt_errstr(status), nt_errstr(rightstatus)); \
+		ret = false; \
+	} \
+	finfo1.generic.level = RAW_FILEINFO_ALL_INFO; \
+	finfo1.generic.in.file.fnum = fnum; \
+	status2 = smb_raw_fileinfo(cli->tree, torture, &finfo1); \
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) { \
+                torture_warning(torture, \
+			"(%s) %s - %s", __location__, #call, \
+                        nt_errstr(status)); \
+        } else if (!NT_STATUS_IS_OK(status2)) { \
+		printf("(%s) %s pathinfo - %s\n", __location__, #call, nt_errstr(status)); \
+		ret = false; \
+	}} while (0)
+
+#define CHECK_CALL_PATH(call, rightstatus) do { \
+	check_fnum = false; \
+	call_name = #call; \
+	sfinfo.generic.level = RAW_SFILEINFO_ ## call; \
+	sfinfo.generic.in.file.path = path_fname; \
+	status = smb_raw_setpathinfo(cli->tree, &sfinfo); \
+	if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) { \
+		sfinfo.generic.in.file.path = path_fname_new; \
+		status = smb_raw_setpathinfo(cli->tree, &sfinfo); \
+	} \
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) { \
+                torture_warning(torture, \
+			"(%s) %s - %s", __location__, #call, \
+                        nt_errstr(status)); \
+        } else if (!NT_STATUS_EQUAL(status, rightstatus)) { \
+		printf("(%s) %s - %s (should be %s)\n", __location__, #call, \
+			nt_errstr(status), nt_errstr(rightstatus)); \
+		ret = false; \
+	} \
+	finfo1.generic.level = RAW_FILEINFO_ALL_INFO; \
+	finfo1.generic.in.file.path = path_fname; \
+	status2 = smb_raw_pathinfo(cli->tree, torture, &finfo1); \
+	if (NT_STATUS_EQUAL(status2, NT_STATUS_OBJECT_NAME_NOT_FOUND)) { \
+		finfo1.generic.in.file.path = path_fname_new; \
+		status2 = smb_raw_pathinfo(cli->tree, torture, &finfo1); \
+	} \
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) { \
+                torture_warning(torture, \
+			"(%s) %s - %s", __location__, #call, \
+                        nt_errstr(status)); \
+        } else if (!NT_STATUS_IS_OK(status2)) { \
+		printf("(%s) %s pathinfo - %s\n", __location__, #call, nt_errstr(status2)); \
+		ret = false; \
+	}} while (0)
+
+#define CHECK1(call) \
+	do { if (NT_STATUS_IS_OK(status)) { \
+		finfo2.generic.level = RAW_FILEINFO_ ## call; \
+		if (check_fnum) { \
+			finfo2.generic.in.file.fnum = fnum; \
+			status2 = smb_raw_fileinfo(cli->tree, torture, &finfo2); \
+		} else { \
+			finfo2.generic.in.file.path = path_fname; \
+			status2 = smb_raw_pathinfo(cli->tree, torture, &finfo2); \
+			if (NT_STATUS_EQUAL(status2, NT_STATUS_OBJECT_NAME_NOT_FOUND)) { \
+				finfo2.generic.in.file.path = path_fname_new; \
+				status2 = smb_raw_pathinfo(cli->tree, torture, &finfo2); \
+			} \
+		} \
+		if (!NT_STATUS_IS_OK(status2)) { \
+			printf("%s - %s\n", #call, nt_errstr(status2)); \
+			ret = false; \
+		} \
+	}} while (0)
+
+#define CHECK_VALUE(call, stype, field, value) do { \
+ 	CHECK1(call); \
+	if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(status2) && finfo2.stype.out.field != value) { \
+		printf("(%s) %s - %s/%s should be 0x%x - 0x%x\n", __location__, \
+		       call_name, #stype, #field, \
+		       (unsigned int)value, (unsigned int)finfo2.stype.out.field); \
+		dump_all_info(torture, &finfo1); \
+		ret = false; \
+	}} while (0)
+
+#define CHECK_TIME(call, stype, field, value) do { \
+ 	CHECK1(call); \
+	if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(status2) && nt_time_to_unix(finfo2.stype.out.field) != value) { \
+		printf("(%s) %s - %s/%s should be 0x%x - 0x%x\n", __location__, \
+		        call_name, #stype, #field, \
+		        (unsigned int)value, \
+			(unsigned int)nt_time_to_unix(finfo2.stype.out.field)); \
+		printf("\t%s", timestring(torture, value)); \
+		printf("\t%s\n", nt_time_string(torture, finfo2.stype.out.field)); \
+		dump_all_info(torture, &finfo1); \
+		ret = false; \
+	}} while (0)
+
+#define CHECK_STR(call, stype, field, value) do { \
+ 	CHECK1(call); \
+	if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(status2) && strcmp(finfo2.stype.out.field, value) != 0) { \
+		printf("(%s) %s - %s/%s should be '%s' - '%s'\n", __location__, \
+		        call_name, #stype, #field, \
+		        value, \
+			finfo2.stype.out.field); \
+		dump_all_info(torture, &finfo1); \
+		ret = false; \
+	}} while (0)
+
+#define CHECK_STATUS(status, correct) do { \
+	if (!NT_STATUS_EQUAL(status, correct)) { \
+		printf("(%s) Incorrect status %s - should be %s\n", \
+		       __location__, nt_errstr(status), nt_errstr(correct)); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+	
+	printf("Test setattr\n");
+	sfinfo.setattr.in.attrib = FILE_ATTRIBUTE_READONLY;
+	sfinfo.setattr.in.write_time = basetime;
+	CHECK_CALL_PATH(SETATTR, NT_STATUS_OK);
+	CHECK_VALUE  (ALL_INFO, all_info, attrib,     FILE_ATTRIBUTE_READONLY);
+	CHECK_TIME   (ALL_INFO, all_info, write_time, basetime);
+
+	printf("setting to NORMAL doesn't do anything\n");
+	sfinfo.setattr.in.attrib = FILE_ATTRIBUTE_NORMAL;
+	sfinfo.setattr.in.write_time = 0;
+	CHECK_CALL_PATH(SETATTR, NT_STATUS_OK);
+	CHECK_VALUE(ALL_INFO, all_info, attrib,     FILE_ATTRIBUTE_READONLY);
+	CHECK_TIME (ALL_INFO, all_info, write_time, basetime);
+
+	printf("a zero write_time means don't change\n");
+	sfinfo.setattr.in.attrib = 0;
+	sfinfo.setattr.in.write_time = 0;
+	CHECK_CALL_PATH(SETATTR, NT_STATUS_OK);
+	CHECK_VALUE(ALL_INFO, all_info, attrib,     FILE_ATTRIBUTE_NORMAL);
+	CHECK_TIME (ALL_INFO, all_info, write_time, basetime);
+
+	printf("Test setattre\n");
+	sfinfo.setattre.in.create_time = basetime + 20;
+	sfinfo.setattre.in.access_time = basetime + 30;
+	sfinfo.setattre.in.write_time  = basetime + 40;
+	CHECK_CALL_FNUM(SETATTRE, NT_STATUS_OK);
+	CHECK_TIME(ALL_INFO, all_info, create_time, basetime + 20);
+	CHECK_TIME(ALL_INFO, all_info, access_time, basetime + 30);
+	CHECK_TIME(ALL_INFO, all_info, write_time,  basetime + 40);
+
+	sfinfo.setattre.in.create_time = 0;
+	sfinfo.setattre.in.access_time = 0;
+	sfinfo.setattre.in.write_time  = 0;
+	CHECK_CALL_FNUM(SETATTRE, NT_STATUS_OK);
+	CHECK_TIME(ALL_INFO, all_info, create_time, basetime + 20);
+	CHECK_TIME(ALL_INFO, all_info, access_time, basetime + 30);
+	CHECK_TIME(ALL_INFO, all_info, write_time,  basetime + 40);
+
+	printf("Test standard level\n");
+	sfinfo.standard.in.create_time = basetime + 100;
+	sfinfo.standard.in.access_time = basetime + 200;
+	sfinfo.standard.in.write_time  = basetime + 300;
+	CHECK_CALL_FNUM(STANDARD, NT_STATUS_OK);
+	CHECK_TIME(ALL_INFO, all_info, create_time, basetime + 100);
+	CHECK_TIME(ALL_INFO, all_info, access_time, basetime + 200);
+	CHECK_TIME(ALL_INFO, all_info, write_time,  basetime + 300);
+
+	printf("Test basic_info level\n");
+	basetime += 86400;
+	unix_to_nt_time(&sfinfo.basic_info.in.create_time, basetime + 100);
+	unix_to_nt_time(&sfinfo.basic_info.in.access_time, basetime + 200);
+	unix_to_nt_time(&sfinfo.basic_info.in.write_time,  basetime + 300);
+	unix_to_nt_time(&sfinfo.basic_info.in.change_time, basetime + 400);
+	sfinfo.basic_info.in.attrib = FILE_ATTRIBUTE_READONLY;
+	CHECK_CALL_FNUM(BASIC_INFO, NT_STATUS_OK);
+	CHECK_TIME(ALL_INFO, all_info, create_time, basetime + 100);
+	CHECK_TIME(ALL_INFO, all_info, access_time, basetime + 200);
+	CHECK_TIME(ALL_INFO, all_info, write_time,  basetime + 300);
+	CHECK_TIME(ALL_INFO, all_info, change_time, basetime + 400);
+	CHECK_VALUE(ALL_INFO, all_info, attrib,     FILE_ATTRIBUTE_READONLY);
+
+	printf("a zero time means don't change\n");
+	unix_to_nt_time(&sfinfo.basic_info.in.create_time, 0);
+	unix_to_nt_time(&sfinfo.basic_info.in.access_time, 0);
+	unix_to_nt_time(&sfinfo.basic_info.in.write_time,  0);
+	unix_to_nt_time(&sfinfo.basic_info.in.change_time, 0);
+	sfinfo.basic_info.in.attrib = 0;
+	CHECK_CALL_FNUM(BASIC_INFO, NT_STATUS_OK);
+	CHECK_TIME(ALL_INFO, all_info, create_time, basetime + 100);
+	CHECK_TIME(ALL_INFO, all_info, access_time, basetime + 200);
+	CHECK_TIME(ALL_INFO, all_info, write_time,  basetime + 300);
+	CHECK_TIME(ALL_INFO, all_info, change_time, basetime + 400);
+	CHECK_VALUE(ALL_INFO, all_info, attrib,     FILE_ATTRIBUTE_READONLY);
+
+	printf("Test basic_information level\n");
+	basetime += 86400;
+	unix_to_nt_time(&sfinfo.basic_info.in.create_time, basetime + 100);
+	unix_to_nt_time(&sfinfo.basic_info.in.access_time, basetime + 200);
+	unix_to_nt_time(&sfinfo.basic_info.in.write_time,  basetime + 300);
+	unix_to_nt_time(&sfinfo.basic_info.in.change_time, basetime + 400);
+	sfinfo.basic_info.in.attrib = FILE_ATTRIBUTE_NORMAL;
+	CHECK_CALL_FNUM(BASIC_INFORMATION, NT_STATUS_OK);
+	CHECK_TIME(ALL_INFO, all_info, create_time, basetime + 100);
+	CHECK_TIME(ALL_INFO, all_info, access_time, basetime + 200);
+	CHECK_TIME(ALL_INFO, all_info, write_time,  basetime + 300);
+	CHECK_TIME(ALL_INFO, all_info, change_time, basetime + 400);
+	CHECK_VALUE(ALL_INFO, all_info, attrib,     FILE_ATTRIBUTE_NORMAL);
+
+	CHECK_CALL_PATH(BASIC_INFORMATION, NT_STATUS_OK);
+	CHECK_TIME(ALL_INFO, all_info, create_time, basetime + 100);
+	CHECK_TIME(ALL_INFO, all_info, access_time, basetime + 200);
+	CHECK_TIME(ALL_INFO, all_info, write_time,  basetime + 300);
+	CHECK_TIME(ALL_INFO, all_info, change_time, basetime + 400);
+	CHECK_VALUE(ALL_INFO, all_info, attrib,     FILE_ATTRIBUTE_NORMAL);
+
+	torture_comment(torture, "try to change a file to a directory\n");
+	sfinfo.basic_info.in.attrib = FILE_ATTRIBUTE_DIRECTORY;
+	CHECK_CALL_FNUM(BASIC_INFO, NT_STATUS_INVALID_PARAMETER);
+
+	printf("a zero time means don't change\n");
+	unix_to_nt_time(&sfinfo.basic_info.in.create_time, 0);
+	unix_to_nt_time(&sfinfo.basic_info.in.access_time, 0);
+	unix_to_nt_time(&sfinfo.basic_info.in.write_time,  0);
+	unix_to_nt_time(&sfinfo.basic_info.in.change_time, 0);
+	sfinfo.basic_info.in.attrib = FILE_ATTRIBUTE_NORMAL;
+	CHECK_CALL_FNUM(BASIC_INFORMATION, NT_STATUS_OK);
+	CHECK_TIME(ALL_INFO, all_info, create_time, basetime + 100);
+	CHECK_TIME(ALL_INFO, all_info, access_time, basetime + 200);
+	CHECK_TIME(ALL_INFO, all_info, write_time,  basetime + 300);
+	CHECK_TIME(ALL_INFO, all_info, change_time, basetime + 400);
+	CHECK_VALUE(ALL_INFO, all_info, attrib,     FILE_ATTRIBUTE_NORMAL);
+
+	CHECK_CALL_PATH(BASIC_INFORMATION, NT_STATUS_OK);
+	CHECK_TIME(ALL_INFO, all_info, create_time, basetime + 100);
+	CHECK_TIME(ALL_INFO, all_info, access_time, basetime + 200);
+	CHECK_TIME(ALL_INFO, all_info, write_time,  basetime + 300);
+
+	/* interesting - w2k3 leaves change_time as current time for 0 change time
+	   in setpathinfo
+	  CHECK_TIME(ALL_INFO, all_info, change_time, basetime + 400);
+	*/
+	CHECK_VALUE(ALL_INFO, all_info, attrib,     FILE_ATTRIBUTE_NORMAL);
+
+	printf("Test disposition_info level\n");
+	sfinfo.disposition_info.in.delete_on_close = 1;
+	CHECK_CALL_FNUM(DISPOSITION_INFO, NT_STATUS_OK);
+	CHECK_VALUE(ALL_INFO, all_info, delete_pending, 1);
+	CHECK_VALUE(ALL_INFO, all_info, nlink, 0);
+
+	sfinfo.disposition_info.in.delete_on_close = 0;
+	CHECK_CALL_FNUM(DISPOSITION_INFO, NT_STATUS_OK);
+	CHECK_VALUE(ALL_INFO, all_info, delete_pending, 0);
+	CHECK_VALUE(ALL_INFO, all_info, nlink, 1);
+
+	printf("Test disposition_information level\n");
+	sfinfo.disposition_info.in.delete_on_close = 1;
+	CHECK_CALL_FNUM(DISPOSITION_INFORMATION, NT_STATUS_OK);
+	CHECK_VALUE(ALL_INFO, all_info, delete_pending, 1);
+	CHECK_VALUE(ALL_INFO, all_info, nlink, 0);
+
+	/* this would delete the file! */
+	/*
+	  CHECK_CALL_PATH(DISPOSITION_INFORMATION, NT_STATUS_OK);
+	  CHECK_VALUE(ALL_INFO, all_info, delete_pending, 1);
+	  CHECK_VALUE(ALL_INFO, all_info, nlink, 0);
+	*/
+
+	sfinfo.disposition_info.in.delete_on_close = 0;
+	CHECK_CALL_FNUM(DISPOSITION_INFORMATION, NT_STATUS_OK);
+	CHECK_VALUE(ALL_INFO, all_info, delete_pending, 0);
+	CHECK_VALUE(ALL_INFO, all_info, nlink, 1);
+
+	CHECK_CALL_PATH(DISPOSITION_INFORMATION, NT_STATUS_OK);
+	CHECK_VALUE(ALL_INFO, all_info, delete_pending, 0);
+	CHECK_VALUE(ALL_INFO, all_info, nlink, 1);
+
+	printf("Test allocation_info level\n");
+	sfinfo.allocation_info.in.alloc_size = 0;
+	CHECK_CALL_FNUM(ALLOCATION_INFO, NT_STATUS_OK);
+	CHECK_VALUE(ALL_INFO, all_info, size, 0);
+	CHECK_VALUE(ALL_INFO, all_info, alloc_size, 0);
+
+	sfinfo.allocation_info.in.alloc_size = 4096;
+	CHECK_CALL_FNUM(ALLOCATION_INFO, NT_STATUS_OK);
+	CHECK_VALUE(ALL_INFO, all_info, alloc_size, 4096);
+	CHECK_VALUE(ALL_INFO, all_info, size, 0);
+
+	RECREATE_BOTH;
+	sfinfo.allocation_info.in.alloc_size = 0;
+	CHECK_CALL_FNUM(ALLOCATION_INFORMATION, NT_STATUS_OK);
+	CHECK_VALUE(ALL_INFO, all_info, size, 0);
+	CHECK_VALUE(ALL_INFO, all_info, alloc_size, 0);
+
+	CHECK_CALL_PATH(ALLOCATION_INFORMATION, NT_STATUS_OK);
+	CHECK_VALUE(ALL_INFO, all_info, size, 0);
+	CHECK_VALUE(ALL_INFO, all_info, alloc_size, 0);
+
+	sfinfo.allocation_info.in.alloc_size = 4096;
+	CHECK_CALL_FNUM(ALLOCATION_INFORMATION, NT_STATUS_OK);
+	CHECK_VALUE(ALL_INFO, all_info, alloc_size, 4096);
+	CHECK_VALUE(ALL_INFO, all_info, size, 0);
+
+	/* setting the allocation size up via setpathinfo seems
+	   to be broken in w2k3 */
+	CHECK_CALL_PATH(ALLOCATION_INFORMATION, NT_STATUS_OK);
+	CHECK_VALUE(ALL_INFO, all_info, alloc_size, 0);
+	CHECK_VALUE(ALL_INFO, all_info, size, 0);
+
+	printf("Test end_of_file_info level\n");
+	sfinfo.end_of_file_info.in.size = 37;
+	CHECK_CALL_FNUM(END_OF_FILE_INFO, NT_STATUS_OK);
+	CHECK_VALUE(ALL_INFO, all_info, size, 37);
+
+	sfinfo.end_of_file_info.in.size = 7;
+	CHECK_CALL_FNUM(END_OF_FILE_INFO, NT_STATUS_OK);
+	CHECK_VALUE(ALL_INFO, all_info, size, 7);
+
+	sfinfo.end_of_file_info.in.size = 37;
+	CHECK_CALL_FNUM(END_OF_FILE_INFORMATION, NT_STATUS_OK);
+	CHECK_VALUE(ALL_INFO, all_info, size, 37);
+
+	CHECK_CALL_PATH(END_OF_FILE_INFORMATION, NT_STATUS_OK);
+	CHECK_VALUE(ALL_INFO, all_info, size, 37);
+
+	sfinfo.end_of_file_info.in.size = 7;
+	CHECK_CALL_FNUM(END_OF_FILE_INFORMATION, NT_STATUS_OK);
+	CHECK_VALUE(ALL_INFO, all_info, size, 7);
+
+	CHECK_CALL_PATH(END_OF_FILE_INFORMATION, NT_STATUS_OK);
+	CHECK_VALUE(ALL_INFO, all_info, size, 7);
+
+	printf("Test position_information level\n");
+	sfinfo.position_information.in.position = 123456;
+	CHECK_CALL_FNUM(POSITION_INFORMATION, NT_STATUS_OK);
+	CHECK_VALUE(POSITION_INFORMATION, position_information, position, 123456);
+
+	CHECK_CALL_PATH(POSITION_INFORMATION, NT_STATUS_OK);
+	CHECK_VALUE(POSITION_INFORMATION, position_information, position, 0);
+
+	printf("Test mode_information level\n");
+	sfinfo.mode_information.in.mode = 2;
+	CHECK_CALL_FNUM(MODE_INFORMATION, NT_STATUS_OK);
+	CHECK_VALUE(MODE_INFORMATION, mode_information, mode, 2);
+
+	CHECK_CALL_PATH(MODE_INFORMATION, NT_STATUS_OK);
+	CHECK_VALUE(MODE_INFORMATION, mode_information, mode, 0);
+
+	sfinfo.mode_information.in.mode = 1;
+	CHECK_CALL_FNUM(MODE_INFORMATION, NT_STATUS_INVALID_PARAMETER);
+	CHECK_CALL_PATH(MODE_INFORMATION, NT_STATUS_INVALID_PARAMETER);
+
+	sfinfo.mode_information.in.mode = 0;
+	CHECK_CALL_FNUM(MODE_INFORMATION, NT_STATUS_OK);
+	CHECK_VALUE(MODE_INFORMATION, mode_information, mode, 0);
+
+	CHECK_CALL_PATH(MODE_INFORMATION, NT_STATUS_OK);
+	CHECK_VALUE(MODE_INFORMATION, mode_information, mode, 0);
+
+#if 0
+	printf("Test unix_basic level\n");
+	CHECK_CALL_FNUM(UNIX_BASIC, NT_STATUS_OK);
+	CHECK_CALL_PATH(UNIX_BASIC, NT_STATUS_OK);
+
+	printf("Test unix_link level\n");
+	CHECK_CALL_FNUM(UNIX_LINK, NT_STATUS_OK);
+	CHECK_CALL_PATH(UNIX_LINK, NT_STATUS_OK);
+#endif
+
+done:
+	smb_raw_exit(cli->session);
+	smbcli_close(cli->tree, fnum);
+	if (NT_STATUS_IS_ERR(smbcli_unlink(cli->tree, fnum_fname))) {
+		printf("Failed to delete %s - %s\n", fnum_fname, smbcli_errstr(cli->tree));
+	}
+	if (NT_STATUS_IS_ERR(smbcli_unlink(cli->tree, path_fname))) {
+		printf("Failed to delete %s - %s\n", path_fname, smbcli_errstr(cli->tree));
+	}
+
+	return ret;
+}
+
+/*
+ * basic testing of all RAW_SFILEINFO_RENAME call
+ */
+static bool
+torture_raw_sfileinfo_rename(struct torture_context *torture,
+    struct smbcli_state *cli)
+{
+	bool ret = true;
+	int fnum_saved, d_fnum, fnum2, fnum = -1;
+	char *fnum_fname;
+	char *fnum_fname_new;
+	char *path_fname;
+	char *path_fname_new;
+	char *path_dname;
+	char *path_dname_new;
+	char *saved_name;
+	char *saved_name_new;
+	union smb_fileinfo finfo1, finfo2;
+	union smb_setfileinfo sfinfo;
+	NTSTATUS status, status2;
+	const char *call_name;
+	bool check_fnum;
+	int n = time(NULL) % 100;
+
+	path_fname = talloc_asprintf(torture, BASEDIR "\\fname_test_%d.txt", n);
+	path_fname_new = talloc_asprintf(torture, BASEDIR "\\fname_test_new_%d.txt", n);
+	fnum_fname = talloc_asprintf(torture, BASEDIR "\\fnum_test_%d.txt", n);
+	fnum_fname_new = talloc_asprintf(torture, BASEDIR "\\fnum_test_new_%d.txt", n);
+	path_dname = talloc_asprintf(torture, BASEDIR "\\dname_test_%d", n);
+	path_dname_new = talloc_asprintf(torture, BASEDIR "\\dname_test_new_%d", n);
+
+	torture_assert(torture, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	RECREATE_BOTH;
+
+	ZERO_STRUCT(sfinfo);
+
+	smbcli_close(cli->tree, create_complex_file(cli, torture, fnum_fname_new));
+	smbcli_close(cli->tree, create_complex_file(cli, torture, path_fname_new));
+
+	sfinfo.rename_information.in.overwrite = 0;
+	sfinfo.rename_information.in.root_fid  = 0;
+	sfinfo.rename_information.in.new_name  = fnum_fname_new+strlen(BASEDIR)+1;
+	CHECK_CALL_FNUM(RENAME_INFORMATION, NT_STATUS_OBJECT_NAME_COLLISION);
+
+	sfinfo.rename_information.in.new_name  = path_fname_new+strlen(BASEDIR)+1;
+	CHECK_CALL_PATH(RENAME_INFORMATION, NT_STATUS_OBJECT_NAME_COLLISION);
+
+	sfinfo.rename_information.in.new_name  = fnum_fname_new;
+	sfinfo.rename_information.in.overwrite = 1;
+	CHECK_CALL_FNUM(RENAME_INFORMATION, NT_STATUS_NOT_SUPPORTED);
+
+	sfinfo.rename_information.in.new_name  = fnum_fname_new+strlen(BASEDIR)+1;
+	sfinfo.rename_information.in.overwrite = 1;
+	CHECK_CALL_FNUM(RENAME_INFORMATION, NT_STATUS_OK);
+	CHECK_STR(NAME_INFO, name_info, fname.s, fnum_fname_new);
+
+	printf("Trying rename with dest file open\n");
+	fnum2 = create_complex_file(cli, torture, fnum_fname);
+	sfinfo.rename_information.in.new_name  = fnum_fname+strlen(BASEDIR)+1;
+	sfinfo.rename_information.in.overwrite = 1;
+	CHECK_CALL_FNUM(RENAME_INFORMATION, NT_STATUS_ACCESS_DENIED);
+	CHECK_STR(NAME_INFO, name_info, fname.s, fnum_fname_new);
+
+	fnum_saved = fnum;
+	fnum = fnum2;
+	sfinfo.disposition_info.in.delete_on_close = 1;
+	CHECK_CALL_FNUM(DISPOSITION_INFO, NT_STATUS_OK);
+	fnum = fnum_saved;
+
+	printf("Trying rename with dest file open and delete_on_close\n");
+	sfinfo.rename_information.in.new_name  = fnum_fname+strlen(BASEDIR)+1;
+	sfinfo.rename_information.in.overwrite = 1;
+	CHECK_CALL_FNUM(RENAME_INFORMATION, NT_STATUS_ACCESS_DENIED);
+
+	smbcli_close(cli->tree, fnum2);
+	CHECK_CALL_FNUM(RENAME_INFORMATION, NT_STATUS_OK);
+	CHECK_STR(NAME_INFO, name_info, fname.s, fnum_fname);
+
+	printf("Trying rename with source file open twice\n");
+	sfinfo.rename_information.in.new_name  = fnum_fname+strlen(BASEDIR)+1;
+	sfinfo.rename_information.in.overwrite = 1;
+	CHECK_CALL_FNUM(RENAME_INFORMATION, NT_STATUS_OK);
+	CHECK_STR(NAME_INFO, name_info, fname.s, fnum_fname);
+
+	fnum2 = create_complex_file(cli, torture, fnum_fname);
+	sfinfo.rename_information.in.new_name  = fnum_fname_new+strlen(BASEDIR)+1;
+	sfinfo.rename_information.in.overwrite = 0;
+	CHECK_CALL_FNUM(RENAME_INFORMATION, NT_STATUS_OK);
+	CHECK_STR(NAME_INFO, name_info, fname.s, fnum_fname_new);
+	smbcli_close(cli->tree, fnum2);
+
+	sfinfo.rename_information.in.new_name  = fnum_fname+strlen(BASEDIR)+1;
+	sfinfo.rename_information.in.overwrite = 0;
+	CHECK_CALL_FNUM(RENAME_INFORMATION, NT_STATUS_OK);
+	CHECK_STR(NAME_INFO, name_info, fname.s, fnum_fname);
+
+	sfinfo.rename_information.in.new_name  = path_fname_new+strlen(BASEDIR)+1;
+	sfinfo.rename_information.in.overwrite = 1;
+	CHECK_CALL_PATH(RENAME_INFORMATION, NT_STATUS_OK);
+	CHECK_STR(NAME_INFO, name_info, fname.s, path_fname_new);
+
+	sfinfo.rename_information.in.new_name  = fnum_fname+strlen(BASEDIR)+1;
+	CHECK_CALL_FNUM(RENAME_INFORMATION, NT_STATUS_OK);
+	CHECK_STR(NAME_INFO, name_info, fname.s, fnum_fname);
+
+	sfinfo.rename_information.in.new_name  = path_fname+strlen(BASEDIR)+1;
+	CHECK_CALL_PATH(RENAME_INFORMATION, NT_STATUS_OK);
+	CHECK_STR(NAME_INFO, name_info, fname.s, path_fname);
+
+	printf("Trying rename with a root fid\n");
+	status = create_directory_handle(cli->tree, BASEDIR, &d_fnum);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	sfinfo.rename_information.in.new_name  = fnum_fname_new+strlen(BASEDIR)+1;
+	sfinfo.rename_information.in.root_fid = d_fnum;
+	CHECK_CALL_FNUM(RENAME_INFORMATION, NT_STATUS_INVALID_PARAMETER);
+	CHECK_STR(NAME_INFO, name_info, fname.s, fnum_fname);
+	smbcli_close(cli->tree, d_fnum);
+
+	printf("Trying rename directory\n");
+	if (!torture_setup_dir(cli, path_dname)) {
+		ret = false;
+		goto done;
+	}
+	saved_name = path_fname;
+	saved_name_new = path_fname_new;
+	path_fname = path_dname;
+	path_fname_new = path_dname_new;
+	sfinfo.rename_information.in.new_name  = path_dname_new+strlen(BASEDIR)+1;
+	sfinfo.rename_information.in.overwrite = 0;
+	sfinfo.rename_information.in.root_fid  = 0;
+	CHECK_CALL_PATH(RENAME_INFORMATION, NT_STATUS_OK);
+	CHECK_STR(NAME_INFO, name_info, fname.s, path_dname_new);
+	path_fname = saved_name;
+	path_fname_new = saved_name_new;
+
+	if (torture_setting_bool(torture, "samba3", false)) {
+		printf("SKIP: Trying rename directory with a handle\n");
+		printf("SKIP: Trying rename by path while a handle is open\n");
+		printf("SKIP: Trying rename directory by path while a handle is open\n");
+		goto done;
+	}
+
+	printf("Trying rename directory with a handle\n");
+	status = create_directory_handle(cli->tree, path_dname_new, &d_fnum);
+	fnum_saved = fnum;
+	fnum = d_fnum;
+	saved_name = fnum_fname;
+	saved_name_new = fnum_fname_new;
+	fnum_fname = path_dname;
+	fnum_fname_new = path_dname_new;
+	sfinfo.rename_information.in.new_name  = path_dname+strlen(BASEDIR)+1;
+	sfinfo.rename_information.in.overwrite = 0;
+	sfinfo.rename_information.in.root_fid  = 0;
+	CHECK_CALL_FNUM(RENAME_INFORMATION, NT_STATUS_OK);
+	CHECK_STR(NAME_INFO, name_info, fname.s, path_dname);
+	smbcli_close(cli->tree, d_fnum);
+	fnum = fnum_saved;
+	fnum_fname = saved_name;
+	fnum_fname_new = saved_name_new;
+
+	printf("Trying rename by path while a handle is open\n");
+	fnum_saved = fnum;
+	fnum = create_complex_file(cli, torture, path_fname);
+	sfinfo.rename_information.in.new_name  = path_fname_new+strlen(BASEDIR)+1;
+	sfinfo.rename_information.in.overwrite = 0;
+	sfinfo.rename_information.in.root_fid  = 0;
+	CHECK_CALL_PATH(RENAME_INFORMATION, NT_STATUS_OK);
+	CHECK_STR(NAME_INFO, name_info, fname.s, path_fname_new);
+	/* check that the handle returns the same name */
+	check_fnum = true;
+	CHECK_STR(NAME_INFO, name_info, fname.s, path_fname_new);
+	/* rename it back on the handle */
+	sfinfo.rename_information.in.new_name  = path_fname+strlen(BASEDIR)+1;
+	CHECK_CALL_FNUM(RENAME_INFORMATION, NT_STATUS_OK);
+	CHECK_STR(NAME_INFO, name_info, fname.s, path_fname);
+	check_fnum = false;
+	CHECK_STR(NAME_INFO, name_info, fname.s, path_fname);
+	smbcli_close(cli->tree, fnum);
+	fnum = fnum_saved;
+
+	printf("Trying rename directory by path while a handle is open\n");
+	status = create_directory_handle(cli->tree, path_dname, &d_fnum);
+	fnum_saved = fnum;
+	fnum = d_fnum;
+	saved_name = path_fname;
+	saved_name_new = path_fname_new;
+	path_fname = path_dname;
+	path_fname_new = path_dname_new;
+	sfinfo.rename_information.in.new_name  = path_dname_new+strlen(BASEDIR)+1;
+	sfinfo.rename_information.in.overwrite = 0;
+	sfinfo.rename_information.in.root_fid  = 0;
+	CHECK_CALL_PATH(RENAME_INFORMATION, NT_STATUS_OK);
+	CHECK_STR(NAME_INFO, name_info, fname.s, path_dname_new);
+	path_fname = saved_name;
+	path_fname_new = saved_name_new;
+	saved_name = fnum_fname;
+	saved_name_new = fnum_fname_new;
+	fnum_fname = path_dname;
+	fnum_fname_new = path_dname_new;
+	/* check that the handle returns the same name */
+	check_fnum = true;
+	CHECK_STR(NAME_INFO, name_info, fname.s, path_dname_new);
+	/* rename it back on the handle */
+	sfinfo.rename_information.in.new_name  = path_dname+strlen(BASEDIR)+1;
+	CHECK_CALL_FNUM(RENAME_INFORMATION, NT_STATUS_OK);
+	CHECK_STR(NAME_INFO, name_info, fname.s, path_dname);
+	fnum_fname = saved_name;
+	fnum_fname_new = saved_name_new;
+	saved_name = path_fname;
+	saved_name_new = path_fname_new;
+	path_fname = path_dname;
+	path_fname_new = path_dname_new;
+	check_fnum = false;
+	CHECK_STR(NAME_INFO, name_info, fname.s, path_dname);
+	smbcli_close(cli->tree, d_fnum);
+	fnum = fnum_saved;
+	path_fname = saved_name;
+	path_fname_new = saved_name_new;
+
+done:
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+/* 
+   look for the w2k3 setpathinfo STANDARD bug
+*/
+static bool torture_raw_sfileinfo_bug(struct torture_context *torture,
+    struct smbcli_state *cli)
+{
+	const char *fname = "\\bug3.txt";
+	union smb_setfileinfo sfinfo;
+	NTSTATUS status;
+	int fnum;
+
+	if (!torture_setting_bool(torture, "dangerous", false))
+		torture_skip(torture, 
+			"torture_raw_sfileinfo_bug disabled - enable dangerous tests to use\n");
+
+	fnum = create_complex_file(cli, torture, fname);
+	smbcli_close(cli->tree, fnum);
+
+	sfinfo.generic.level = RAW_SFILEINFO_STANDARD;
+	sfinfo.generic.in.file.path = fname;
+
+	sfinfo.standard.in.create_time = 0;
+	sfinfo.standard.in.access_time = 0;
+	sfinfo.standard.in.write_time  = 0;
+
+	status = smb_raw_setpathinfo(cli->tree, &sfinfo);
+	printf("%s - %s\n", fname, nt_errstr(status));
+
+	printf("now try and delete %s\n", fname);
+
+	return true;
+}
+
+/**
+ * Test both the snia cifs RAW_SFILEINFO_END_OF_FILE_INFO and the undocumented
+ * pass-through RAW_SFILEINFO_END_OF_FILE_INFORMATION in the context of
+ * trans2setpathinfo.
+ */
+static bool
+torture_raw_sfileinfo_eof(struct torture_context *tctx,
+    struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\test_sfileinfo_end_of_file.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	union smb_setfileinfo sfi;
+	union smb_fileinfo qfi;
+	uint16_t fnum = 0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname);
+
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+	io.ntcreatex.in.flags = 0;
+
+	/* Open the file sharing none. */
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OK, ret,
+	    done, "Status should be OK");
+	fnum = io.ntcreatex.out.file.fnum;
+
+	/* Try to sfileinfo to extend the file. */
+	ZERO_STRUCT(sfi);
+	sfi.generic.level = RAW_SFILEINFO_END_OF_FILE_INFO;
+	sfi.generic.in.file.path = fname;
+	sfi.end_of_file_info.in.size = 100;
+	status = smb_raw_setpathinfo(cli2->tree, &sfi);
+
+	/* There should be share mode contention in this case. */
+	torture_assert_ntstatus_equal_goto(tctx, status,
+	    NT_STATUS_SHARING_VIOLATION, ret, done, "Status should be "
+	    "SHARING_VIOLATION");
+
+	/* Make sure the size is still 0. */
+	ZERO_STRUCT(qfi);
+	qfi.generic.level = RAW_FILEINFO_STANDARD_INFO;
+	qfi.generic.in.file.path = fname;
+	status = smb_raw_pathinfo(cli2->tree, tctx, &qfi);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OK, ret,
+	    done, "Status should be OK");
+
+	torture_assert_u64_equal(tctx, qfi.standard_info.out.size, 0,
+	    "alloc_size should be 0 since the setpathinfo failed.");
+
+	/* Try again with the pass through instead of documented version. */
+	ZERO_STRUCT(sfi);
+	sfi.generic.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
+	sfi.generic.in.file.path = fname;
+	sfi.end_of_file_info.in.size = 100;
+	status = smb_raw_setpathinfo(cli2->tree, &sfi);
+
+	/*
+	 * Looks like a windows bug:
+	 * http://lists.samba.org/archive/cifs-protocol/2009-November/001130.html
+	 */
+	if (TARGET_IS_W2K8(tctx) || TARGET_IS_WIN7(tctx)) {
+		/* It succeeds! This is just weird! */
+		torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OK,
+		    ret, done, "Status should be OK");
+
+		/* Verify that the file was actually extended to 100. */
+		ZERO_STRUCT(qfi);
+		qfi.generic.level = RAW_FILEINFO_STANDARD_INFO;
+		qfi.generic.in.file.path = fname;
+		status = smb_raw_pathinfo(cli2->tree, tctx, &qfi);
+		torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OK,
+		    ret, done, "Status should be OK");
+
+		torture_assert_u64_equal(tctx, qfi.standard_info.out.size, 100,
+		    "alloc_size should be 100 since the setpathinfo "
+		    "succeeded.");
+	} else {
+		torture_assert_ntstatus_equal_goto(tctx, status,
+		    NT_STATUS_SHARING_VIOLATION, ret, done, "Status should be "
+		    "SHARING_VIOLATION");
+	}
+
+	/* close the first file. */
+	smbcli_close(cli1->tree, fnum);
+	fnum = 0;
+
+	/* Try to sfileinfo to extend the file again (non-pass-through). */
+	ZERO_STRUCT(sfi);
+	sfi.generic.level = RAW_SFILEINFO_END_OF_FILE_INFO;
+	sfi.generic.in.file.path = fname;
+	sfi.end_of_file_info.in.size = 200;
+	status = smb_raw_setpathinfo(cli2->tree, &sfi);
+
+	/* This should cause the client to return invalid level. */
+	if (TARGET_IS_W2K8(tctx) || TARGET_IS_WIN7(tctx)) {
+		/*
+		 * Windows sends back an invalid packet that smbclient sees
+		 * and returns INTERNAL_ERROR.
+		 */
+		torture_assert_ntstatus_equal_goto(tctx, status,
+		    NT_STATUS_INTERNAL_ERROR, ret, done, "Status should be "
+		    "INTERNAL_ERROR");
+	} else {
+		torture_assert_ntstatus_equal_goto(tctx, status,
+		    NT_STATUS_INVALID_LEVEL, ret, done, "Status should be "
+		    "INVALID_LEVEL");
+	}
+
+	/* Try to extend the file now with the passthrough level. */
+	sfi.generic.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
+	status = smb_raw_setpathinfo(cli2->tree, &sfi);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OK, ret,
+	    done, "Status should be OK");
+
+	/* Verify that the file was actually extended to 200. */
+	ZERO_STRUCT(qfi);
+	qfi.generic.level = RAW_FILEINFO_STANDARD_INFO;
+	qfi.generic.in.file.path = fname;
+	status = smb_raw_pathinfo(cli2->tree, tctx, &qfi);
+
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OK, ret,
+	    done, "Status should be OK");
+	torture_assert_u64_equal(tctx, qfi.standard_info.out.size, 200,
+	    "alloc_size should be 200 since the setpathinfo succeeded.");
+
+	/* Open the file so end of file can be set by handle. */
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_WRITE;
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OK, ret,
+	    done, "Status should be OK");
+	fnum = io.ntcreatex.out.file.fnum;
+
+	/* Try sfileinfo to extend the file by handle (non-pass-through). */
+	ZERO_STRUCT(sfi);
+	sfi.generic.level = RAW_SFILEINFO_END_OF_FILE_INFO;
+	sfi.generic.in.file.fnum = fnum;
+	sfi.end_of_file_info.in.size = 300;
+	status = smb_raw_setfileinfo(cli1->tree, &sfi);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OK, ret,
+	    done, "Status should be OK");
+
+	/* Verify that the file was actually extended to 300. */
+	ZERO_STRUCT(qfi);
+	qfi.generic.level = RAW_FILEINFO_STANDARD_INFO;
+	qfi.generic.in.file.path = fname;
+	status = smb_raw_pathinfo(cli1->tree, tctx, &qfi);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OK, ret,
+	    done, "Status should be OK");
+	torture_assert_u64_equal(tctx, qfi.standard_info.out.size, 300,
+	    "alloc_size should be 300 since the setpathinfo succeeded.");
+
+	/* Try sfileinfo to extend the file by handle (pass-through). */
+	ZERO_STRUCT(sfi);
+	sfi.generic.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
+	sfi.generic.in.file.fnum = fnum;
+	sfi.end_of_file_info.in.size = 400;
+	status = smb_raw_setfileinfo(cli1->tree, &sfi);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OK, ret,
+	    done, "Status should be OK");
+
+	/* Verify that the file was actually extended to 300. */
+	ZERO_STRUCT(qfi);
+	qfi.generic.level = RAW_FILEINFO_STANDARD_INFO;
+	qfi.generic.in.file.path = fname;
+	status = smb_raw_pathinfo(cli1->tree, tctx, &qfi);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OK, ret,
+	    done, "Status should be OK");
+	torture_assert_u64_equal(tctx, qfi.standard_info.out.size, 400,
+	    "alloc_size should be 400 since the setpathinfo succeeded.");
+ done:
+	if (fnum > 0) {
+		smbcli_close(cli1->tree, fnum);
+		fnum = 0;
+	}
+
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+static bool
+torture_raw_sfileinfo_eof_access(struct torture_context *tctx,
+    struct smbcli_state *cli1, struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\test_exclusive3.dat";
+	NTSTATUS status, expected_status;
+	bool ret = true;
+	union smb_open io;
+	union smb_setfileinfo sfi;
+	uint16_t fnum=0;
+	uint32_t access_mask = 0;
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname);
+
+	/*
+	 * base ntcreatex parms
+	 */
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+	io.ntcreatex.in.flags = 0;
+
+
+	for (access_mask = 1; access_mask <= 0x00001FF; access_mask++) {
+		io.ntcreatex.in.access_mask = access_mask;
+
+		status = smb_raw_open(cli1->tree, tctx, &io);
+		if (!NT_STATUS_IS_OK(status)) {
+			continue;
+		}
+
+		fnum = io.ntcreatex.out.file.fnum;
+
+		ZERO_STRUCT(sfi);
+		sfi.generic.level = RAW_SFILEINFO_END_OF_FILE_INFO;
+		sfi.generic.in.file.fnum = fnum;
+		sfi.end_of_file_info.in.size = 100;
+
+		status = smb_raw_setfileinfo(cli1->tree, &sfi);
+
+		expected_status = (access_mask & SEC_FILE_WRITE_DATA) ?
+		    NT_STATUS_OK : NT_STATUS_ACCESS_DENIED;
+
+		if (!NT_STATUS_EQUAL(expected_status, status)) {
+			torture_comment(tctx, "0x%x wrong\n", access_mask);
+		}
+
+		torture_assert_ntstatus_equal_goto(tctx, status,
+		    expected_status, ret, done, "Status Wrong");
+
+		smbcli_close(cli1->tree, fnum);
+	}
+
+done:
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+static bool
+torture_raw_sfileinfo_archive(struct torture_context *tctx,
+    struct smbcli_state *cli)
+{
+	const char *fname = BASEDIR "\\test_archive.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	union smb_setfileinfo sfinfo;
+	union smb_fileinfo finfo;
+	uint16_t fnum=0;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	/* cleanup */
+	smbcli_unlink(cli->tree, fname);
+
+	/*
+	 * create a normal file, verify archive bit
+	 */
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+	io.ntcreatex.in.flags = 0;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OK,
+	    ret, done, "open failed");
+	fnum = io.ntcreatex.out.file.fnum;
+
+	torture_assert_int_equal(tctx,
+	    io.ntcreatex.out.attrib & ~FILE_ATTRIBUTE_NONINDEXED,
+	    FILE_ATTRIBUTE_ARCHIVE,
+	    "archive bit not set");
+
+	/*
+	 * try to turn off archive bit
+	 */
+	ZERO_STRUCT(sfinfo);
+	sfinfo.generic.level = RAW_SFILEINFO_BASIC_INFO;
+	sfinfo.generic.in.file.fnum = fnum;
+	sfinfo.basic_info.in.attrib = FILE_ATTRIBUTE_NORMAL;
+	status = smb_raw_setfileinfo(cli->tree, &sfinfo);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OK,
+	    ret, done, "setfileinfo failed");
+
+	finfo.generic.level = RAW_FILEINFO_ALL_INFO;
+	finfo.generic.in.file.fnum = fnum;
+	status = smb_raw_fileinfo(cli->tree, tctx, &finfo);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OK,
+	    ret, done, "fileinfo failed");
+
+	torture_assert_int_equal(tctx,
+	    finfo.all_info.out.attrib & ~FILE_ATTRIBUTE_NONINDEXED,
+	    FILE_ATTRIBUTE_NORMAL,
+	    "archive bit set");
+
+	status = smbcli_close(cli->tree, fnum);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OK,
+	    ret, done, "close failed");
+
+	status = smbcli_unlink(cli->tree, fname);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OK,
+	    ret, done, "unlink failed");
+
+	/*
+	 * create a directory, verify no archive bit
+	 */
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_DIR_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_DIRECTORY;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+	io.ntcreatex.in.flags = 0;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OK,
+	    ret, done, "directory open failed");
+	fnum = io.ntcreatex.out.file.fnum;
+
+	torture_assert_int_equal(tctx,
+	    io.ntcreatex.out.attrib & ~FILE_ATTRIBUTE_NONINDEXED,
+	    FILE_ATTRIBUTE_DIRECTORY,
+	    "archive bit set");
+
+	/*
+	 * verify you can turn on archive bit
+	 */
+	sfinfo.generic.level = RAW_SFILEINFO_BASIC_INFO;
+	sfinfo.generic.in.file.fnum = fnum;
+	sfinfo.basic_info.in.attrib = FILE_ATTRIBUTE_DIRECTORY|FILE_ATTRIBUTE_ARCHIVE;
+	status = smb_raw_setfileinfo(cli->tree, &sfinfo);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OK,
+	    ret, done, "setfileinfo failed");
+
+	finfo.generic.level = RAW_FILEINFO_ALL_INFO;
+	finfo.generic.in.file.fnum = fnum;
+	status = smb_raw_fileinfo(cli->tree, tctx, &finfo);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OK,
+	    ret, done, "fileinfo failed");
+
+	torture_assert_int_equal(tctx,
+	    finfo.all_info.out.attrib & ~FILE_ATTRIBUTE_NONINDEXED,
+	    FILE_ATTRIBUTE_DIRECTORY|FILE_ATTRIBUTE_ARCHIVE,
+	    "archive bit not set");
+
+	/*
+	 * and try to turn it back off
+	 */
+	sfinfo.generic.level = RAW_SFILEINFO_BASIC_INFO;
+	sfinfo.generic.in.file.fnum = fnum;
+	sfinfo.basic_info.in.attrib = FILE_ATTRIBUTE_DIRECTORY;
+	status = smb_raw_setfileinfo(cli->tree, &sfinfo);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OK,
+	    ret, done, "setfileinfo failed");
+
+	finfo.generic.level = RAW_FILEINFO_ALL_INFO;
+	finfo.generic.in.file.fnum = fnum;
+	status = smb_raw_fileinfo(cli->tree, tctx, &finfo);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OK,
+	    ret, done, "fileinfo failed");
+
+	torture_assert_int_equal(tctx,
+	    finfo.all_info.out.attrib & ~FILE_ATTRIBUTE_NONINDEXED,
+	    FILE_ATTRIBUTE_DIRECTORY,
+	    "archive bit set");
+
+	status = smbcli_close(cli->tree, fnum);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OK,
+	    ret, done, "close failed");
+
+done:
+	smbcli_close(cli->tree, fnum);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+struct torture_suite *torture_raw_sfileinfo(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "sfileinfo");
+
+	torture_suite_add_1smb_test(suite, "base", torture_raw_sfileinfo_base);
+	torture_suite_add_1smb_test(suite, "rename", torture_raw_sfileinfo_rename);
+	torture_suite_add_1smb_test(suite, "bug", torture_raw_sfileinfo_bug);
+	torture_suite_add_2smb_test(suite, "end-of-file",
+	    torture_raw_sfileinfo_eof);
+	torture_suite_add_2smb_test(suite, "end-of-file-access",
+	    torture_raw_sfileinfo_eof_access);
+	torture_suite_add_1smb_test(suite, "archive",
+								torture_raw_sfileinfo_archive);
+
+	return suite;
+}
diff --git a/source4/torture/raw/streams.c b/source4/torture/raw/streams.c
new file mode 100644
index 0000000..3b16db3
--- /dev/null
+++ b/source4/torture/raw/streams.c
@@ -0,0 +1,2091 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   test alternate data streams
+
+   Copyright (C) Andrew Tridgell 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/locale.h"
+#include "torture/torture.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/security/dom_sid.h"
+#include "libcli/security/security_descriptor.h"
+#include "system/filesys.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "lib/util/tsort.h"
+#include "torture/raw/proto.h"
+
+#define BASEDIR "\\teststreams"
+
+#define CHECK_STATUS(status, correct) \
+	torture_assert_ntstatus_equal_goto(tctx,status,correct,ret,done,"CHECK_STATUS")
+
+#define CHECK_VALUE(v, correct) \
+	torture_assert_int_equal(tctx,v,correct,"CHECK_VALUE")
+
+#define CHECK_NTTIME(v, correct) \
+	torture_assert_u64_equal(tctx,v,correct,"CHECK_NTTIME")
+
+#define CHECK_STR(v, correct) do { \
+	bool ok; \
+	if ((v) && !(correct)) { \
+		ok = false; \
+	} else if (!(v) && (correct)) { \
+		ok = false; \
+	} else if (!(v) && !(correct)) { \
+		ok = true; \
+	} else if (strcmp((v), (correct)) == 0) { \
+		ok = true; \
+	} else { \
+		ok = false; \
+	} \
+	torture_assert(tctx,ok,\
+		       talloc_asprintf(tctx, "got '%s', expected '%s'",\
+		       (v)?(v):"NULL", (correct)?(correct):"NULL")); \
+} while (0)
+
+/*
+  check that a stream has the right contents
+*/
+static bool check_stream(struct smbcli_state *cli, const char *location,
+			 TALLOC_CTX *mem_ctx,
+			 const char *fname, const char *sname, 
+			 const char *value)
+{
+	int fnum;
+	const char *full_name;
+	uint8_t *buf;
+	ssize_t ret;
+
+	full_name = talloc_asprintf(mem_ctx, "%s:%s", fname, sname);
+
+	fnum = smbcli_open(cli->tree, full_name, O_RDONLY, DENY_NONE);
+
+	if (value == NULL) {
+		if (fnum != -1) {
+			printf("(%s) should have failed stream open of %s\n",
+			       location, full_name);
+			return false;
+		}
+		return true;
+	}
+	    
+	if (fnum == -1) {
+		printf("(%s) Failed to open stream '%s' - %s\n",
+		       location, full_name, smbcli_errstr(cli->tree));
+		return false;
+	}
+
+	buf = talloc_array(mem_ctx, uint8_t, strlen(value)+11);
+	
+	ret = smbcli_read(cli->tree, fnum, buf, 0, strlen(value)+11);
+	if (ret != strlen(value)) {
+		printf("(%s) Failed to read %lu bytes from stream '%s' - got %d\n",
+		       location, (long)strlen(value), full_name, (int)ret);
+		return false;
+	}
+
+	if (memcmp(buf, value, strlen(value)) != 0) {
+		printf("(%s) Bad data in stream\n", location);
+		return false;
+	}
+
+	smbcli_close(cli->tree, fnum);
+	return true;
+}
+
+static int qsort_string(char * const *s1, char * const *s2)
+{
+	return strcmp(*s1, *s2);
+}
+
+static int qsort_stream(const struct stream_struct *s1, const struct stream_struct *s2)
+{
+	return strcmp(s1->stream_name.s, s2->stream_name.s);
+}
+
+static bool check_stream_list(struct torture_context *tctx,
+			      struct smbcli_state *cli, const char *fname,
+			      int num_exp, const char **exp)
+{
+	union smb_fileinfo finfo;
+	NTSTATUS status;
+	int i;
+	TALLOC_CTX *tmp_ctx = talloc_new(cli);
+	char **exp_sort;
+	struct stream_struct *stream_sort;
+	bool ret = false;
+	int fail = -1;
+
+	finfo.generic.level = RAW_FILEINFO_STREAM_INFO;
+	finfo.generic.in.file.path = fname;
+
+	status = smb_raw_pathinfo(cli->tree, tmp_ctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	CHECK_VALUE(finfo.stream_info.out.num_streams, num_exp);
+
+	if (num_exp == 0) {
+		ret = true;
+		goto done;
+	}
+
+	exp_sort = (char **)talloc_memdup(tmp_ctx, exp, num_exp * sizeof(*exp));
+
+	if (exp_sort == NULL) {
+		goto done;
+	}
+
+	TYPESAFE_QSORT(exp_sort, num_exp, qsort_string);
+
+	stream_sort = (struct stream_struct *)talloc_memdup(tmp_ctx,
+				finfo.stream_info.out.streams,
+				finfo.stream_info.out.num_streams *
+				sizeof(*stream_sort));
+
+	if (stream_sort == NULL) {
+		goto done;
+	}
+
+	TYPESAFE_QSORT(stream_sort, finfo.stream_info.out.num_streams, qsort_stream);
+
+	for (i=0; i<num_exp; i++) {
+		if (strcmp(exp_sort[i], stream_sort[i].stream_name.s) != 0) {
+			fail = i;
+			goto show_streams;
+		}
+	}
+
+	ret = true;
+done:
+	talloc_free(tmp_ctx);
+	return ret;
+
+show_streams:
+	for (i=0; i<num_exp; i++) {
+		torture_comment(tctx, "stream names '%s' '%s'\n",
+				exp_sort[i], stream_sort[i].stream_name.s);
+	}
+	CHECK_STR(stream_sort[fail].stream_name.s, exp_sort[fail]);
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+/*
+  test behavior of streams on directories
+*/
+static bool test_stream_dir(struct torture_context *tctx,
+			   struct smbcli_state *cli)
+{
+	NTSTATUS status;
+	union smb_open io;
+	const char *fname = BASEDIR "\\stream.txt";
+	const char *sname1;
+	bool ret = true;
+	const char *basedir_data;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	basedir_data = talloc_asprintf(tctx, "%s::$DATA", BASEDIR);
+	sname1 = talloc_asprintf(tctx, "%s:%s", fname, "Stream One");
+
+	printf("(%s) opening non-existent directory stream\n", __location__);
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FILE_WRITE_DATA;
+	io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = 0;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = sname1;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_NOT_A_DIRECTORY);
+
+	printf("(%s) opening basedir  stream\n", __location__);
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FILE_WRITE_DATA;
+	io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_DIRECTORY;
+	io.ntcreatex.in.share_access = 0;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = basedir_data;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_NOT_A_DIRECTORY);
+
+	printf("(%s) opening basedir ::$DATA stream\n", __location__);
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0x10;
+	io.ntcreatex.in.access_mask = SEC_FILE_WRITE_DATA;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = 0;
+	io.ntcreatex.in.share_access = 0;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = basedir_data;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_IS_A_DIRECTORY);
+
+	printf("(%s) list the streams on the basedir\n", __location__);
+	ret &= check_stream_list(tctx, cli, BASEDIR, 0, NULL);
+done:
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+/*
+  test basic behavior of streams on directories
+*/
+static bool test_stream_io(struct torture_context *tctx,
+			   struct smbcli_state *cli)
+{
+	NTSTATUS status;
+	union smb_open io;
+	const char *fname = BASEDIR "\\stream.txt";
+	const char *sname1, *sname2;
+	bool ret = true;
+	int fnum = -1;
+	ssize_t retsize;
+
+	const char *one[] = { "::$DATA" };
+	const char *two[] = { "::$DATA", ":Second Stream:$DATA" };
+	const char *three[] = { "::$DATA", ":Stream One:$DATA",
+				":Second Stream:$DATA" };
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	sname1 = talloc_asprintf(tctx, "%s:%s", fname, "Stream One");
+	sname2 = talloc_asprintf(tctx, "%s:%s:$DaTa", fname, "Second Stream");
+
+	printf("(%s) creating a stream on a non-existent file\n", __location__);
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FILE_WRITE_DATA;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = 0;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = sname1;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	ret &= check_stream(cli, __location__, tctx, fname, "Stream One", NULL);
+
+	printf("(%s) check that open of base file is allowed\n", __location__);
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io.ntcreatex.in.fname = fname;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+
+	printf("(%s) writing to stream\n", __location__);
+	retsize = smbcli_write(cli->tree, fnum, 0, "test data", 0, 9);
+	CHECK_VALUE(retsize, 9);
+
+	smbcli_close(cli->tree, fnum);
+
+	ret &= check_stream(cli, __location__, tctx, fname, "Stream One", "test data");
+
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io.ntcreatex.in.fname = sname1;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	printf("(%s) modifying stream\n", __location__);
+	retsize = smbcli_write(cli->tree, fnum, 0, "MORE DATA ", 5, 10);
+	CHECK_VALUE(retsize, 10);
+
+	smbcli_close(cli->tree, fnum);
+
+	ret &= check_stream(cli, __location__, tctx, fname, "Stream One:$FOO", NULL);
+
+	printf("(%s) creating a stream2 on a existing file\n", __location__);
+	io.ntcreatex.in.fname = sname2;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	printf("(%s) modifying stream\n", __location__);
+	retsize = smbcli_write(cli->tree, fnum, 0, "SECOND STREAM", 0, 13);
+	CHECK_VALUE(retsize, 13);
+
+	smbcli_close(cli->tree, fnum);
+
+	ret &= check_stream(cli, __location__, tctx, fname, "Stream One", "test MORE DATA ");
+	ret &= check_stream(cli, __location__, tctx, fname, "Stream One:$DATA", "test MORE DATA ");
+	ret &= check_stream(cli, __location__, tctx, fname, "Stream One:", NULL);
+	ret &= check_stream(cli, __location__, tctx, fname, "Second Stream", "SECOND STREAM");
+	ret &= check_stream(cli, __location__, tctx, fname,
+			    "SECOND STREAM:$DATA", "SECOND STREAM");
+	ret &= check_stream(cli, __location__, tctx, fname, "Second Stream:$DATA", "SECOND STREAM");
+	ret &= check_stream(cli, __location__, tctx, fname, "Second Stream:", NULL);
+	ret &= check_stream(cli, __location__, tctx, fname, "Second Stream:$FOO", NULL);
+
+	check_stream_list(tctx, cli, fname, 3, three);
+
+	printf("(%s) deleting stream\n", __location__);
+	status = smbcli_unlink(cli->tree, sname1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	check_stream_list(tctx, cli, fname, 2, two);
+
+	printf("(%s) delete a stream via delete-on-close\n", __location__);
+	io.ntcreatex.in.fname = sname2;
+	io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_DELETE;
+	io.ntcreatex.in.access_mask = SEC_STD_DELETE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	
+	smbcli_close(cli->tree, fnum);
+	status = smbcli_unlink(cli->tree, sname2);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	check_stream_list(tctx, cli, fname, 1, one);
+
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.fname = sname1;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+	io.ntcreatex.in.fname = sname2;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+
+	printf("(%s) deleting file\n", __location__);
+	status = smbcli_unlink(cli->tree, fname);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+done:
+	smbcli_close(cli->tree, fnum);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+/*
+  test stream sharemodes
+*/
+static bool test_stream_sharemodes(struct torture_context *tctx,
+				   struct smbcli_state *cli)
+{
+	NTSTATUS status;
+	union smb_open io;
+	const char *fname = BASEDIR "\\stream.txt";
+	const char *sname1, *sname2;
+	bool ret = true;
+	int fnum1 = -1;
+	int fnum2 = -1;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	sname1 = talloc_asprintf(tctx, "%s:%s", fname, "Stream One");
+	sname2 = talloc_asprintf(tctx, "%s:%s:$DaTa", fname, "Second Stream");
+
+	printf("(%s) testing stream share mode conflicts\n", __location__);
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FILE_WRITE_DATA;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = 0;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = sname1;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum1 = io.ntcreatex.out.file.fnum;
+
+	/*
+	 * A different stream does not give a sharing violation
+	 */
+
+	io.ntcreatex.in.fname = sname2;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum2 = io.ntcreatex.out.file.fnum;
+
+	/*
+	 * ... whereas the same stream does with unchanged access/share_access
+	 * flags
+	 */
+
+	io.ntcreatex.in.fname = sname1;
+	io.ntcreatex.in.open_disposition = 0;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_SHARING_VIOLATION);
+
+	io.ntcreatex.in.fname = sname2;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_SHARING_VIOLATION);
+
+done:
+	if (fnum1 != -1) smbcli_close(cli->tree, fnum1);
+	if (fnum2 != -1) smbcli_close(cli->tree, fnum2);
+	status = smbcli_unlink(cli->tree, fname);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+/* 
+ *  Test FILE_SHARE_DELETE on streams
+ *
+ * A stream opened with !FILE_SHARE_DELETE prevents the main file to be opened
+ * with SEC_STD_DELETE.
+ *
+ * The main file opened with !FILE_SHARE_DELETE does *not* prevent a stream to
+ * be opened with SEC_STD_DELETE.
+ *
+ * A stream held open with FILE_SHARE_DELETE allows the file to be
+ * deleted. After the main file is deleted, access to the open file descriptor
+ * still works, but all name-based access to both the main file as well as the
+ * stream is denied with DELETE pending.
+ *
+ * This means, an open of the main file with SEC_STD_DELETE should walk all
+ * streams and also open them with SEC_STD_DELETE. If any of these opens gives
+ * SHARING_VIOLATION, the main open fails.
+ *
+ * Closing the main file after delete_on_close has been set does not really
+ * unlink it but leaves the corresponding share mode entry with
+ * delete_on_close being set around until all streams are closed.
+ *
+ * Opening a stream must also look at the main file's share mode entry, look
+ * at the delete_on_close bit and potentially return DELETE_PENDING.
+ */
+
+static bool test_stream_delete(struct torture_context *tctx,
+			       struct smbcli_state *cli)
+{
+	NTSTATUS status;
+	union smb_open io;
+	const char *fname = BASEDIR "\\stream.txt";
+	const char *sname1;
+	bool ret = true;
+	int fnum = -1;
+	uint8_t buf[9];
+	ssize_t retsize;
+	union smb_fileinfo finfo;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	sname1 = talloc_asprintf(tctx, "%s:%s", fname, "Stream One");
+
+	printf("(%s) opening non-existent file stream\n", __location__);
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = 0;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = sname1;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	retsize = smbcli_write(cli->tree, fnum, 0, "test data", 0, 9);
+	CHECK_VALUE(retsize, 9);
+
+	/*
+	 * One stream opened without FILE_SHARE_DELETE prevents the main file
+	 * to be deleted or even opened with DELETE access
+	 */
+
+	status = smbcli_unlink(cli->tree, fname);
+	CHECK_STATUS(status, NT_STATUS_SHARING_VIOLATION);
+
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io.ntcreatex.in.fname = fname;
+	io.ntcreatex.in.access_mask = SEC_STD_DELETE;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_SHARING_VIOLATION);
+
+	smbcli_close(cli->tree, fnum);
+
+	/*
+	 * ... but unlink works if a stream is opened with FILE_SHARE_DELETE
+	 */
+
+	io.ntcreatex.in.fname = sname1;
+	io.ntcreatex.in.access_mask = SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_DELETE;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	status = smbcli_unlink(cli->tree, fname);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * file access still works on the stream while the main file is closed
+	 */
+
+	retsize = smbcli_read(cli->tree, fnum, buf, 0, 9);
+	CHECK_VALUE(retsize, 9);
+
+	finfo.generic.level = RAW_FILEINFO_STANDARD;
+	finfo.generic.in.file.path = fname;
+
+	/*
+	 * name-based access to both the main file and the stream does not
+	 * work anymore but gives DELETE_PENDING
+	 */
+
+	status = smb_raw_pathinfo(cli->tree, tctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_DELETE_PENDING);
+
+	/*
+	 * older S3 doesn't do this
+	 */
+	finfo.generic.in.file.path = sname1;
+	status = smb_raw_pathinfo(cli->tree, tctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_DELETE_PENDING);
+
+	/*
+	 * fd-based qfileinfo on the stream still works, the stream does not
+	 * have the delete-on-close bit set. This could mean that open on the
+	 * stream first opens the main file
+	 */
+
+	finfo.all_info.level = RAW_FILEINFO_ALL_INFO;
+	finfo.all_info.in.file.fnum = fnum;
+
+	status = smb_raw_fileinfo(cli->tree, tctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* w2k and w2k3 return 0 and w2k8 returns 1 */
+	if (TARGET_IS_WINXP(tctx) || TARGET_IS_W2K3(tctx) ||
+	    TARGET_IS_SAMBA3(tctx)) {
+		CHECK_VALUE(finfo.all_info.out.delete_pending, 0);
+	} else {
+		CHECK_VALUE(finfo.all_info.out.delete_pending, 1);
+	}
+
+	smbcli_close(cli->tree, fnum);
+
+	/*
+	 * After closing the stream the file is really gone.
+	 */
+
+	finfo.generic.in.file.path = fname;
+	status = smb_raw_pathinfo(cli->tree, tctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	io.ntcreatex.in.access_mask = SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA
+		|SEC_STD_DELETE;
+	io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	finfo.generic.in.file.path = fname;
+	status = smb_raw_pathinfo(cli->tree, tctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	smbcli_close(cli->tree, fnum);
+
+	status = smb_raw_pathinfo(cli->tree, tctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+done:
+	smbcli_close(cli->tree, fnum);
+	smbcli_unlink(cli->tree, fname);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+/*
+  test stream names
+*/
+static bool test_stream_names(struct torture_context *tctx,
+			      struct smbcli_state *cli)
+{
+	NTSTATUS status;
+	union smb_open io;
+	union smb_fileinfo info;
+	union smb_fileinfo finfo;
+	union smb_fileinfo stinfo;
+	union smb_setfileinfo sinfo;
+	const char *fname = BASEDIR "\\stream_names.txt";
+	const char *sname1, *sname1b, *sname1c, *sname1d;
+	const char *sname2, *snamew, *snamew2;
+	const char *snamer1;
+	bool ret = true;
+	int fnum1 = -1;
+	int fnum2 = -1;
+	int fnum3 = -1;
+	int i;
+	const char *four[4] = {
+		"::$DATA",
+		":\x05Stream\n One:$DATA",
+		":MStream Two:$DATA",
+		":?Stream*:$DATA"
+	};
+	const char *five1[5] = {
+		"::$DATA",
+		":\x05Stream\n One:$DATA",
+		":BeforeRename:$DATA",
+		":MStream Two:$DATA",
+		":?Stream*:$DATA"
+	};
+	const char *five2[5] = {
+		"::$DATA",
+		":\x05Stream\n One:$DATA",
+		":AfterRename:$DATA",
+		":MStream Two:$DATA",
+		":?Stream*:$DATA"
+	};
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	sname1 = talloc_asprintf(tctx, "%s:%s", fname, "\x05Stream\n One");
+	sname1b = talloc_asprintf(tctx, "%s:", sname1);
+	sname1c = talloc_asprintf(tctx, "%s:$FOO", sname1);
+	sname1d = talloc_asprintf(tctx, "%s:?D*a", sname1);
+	sname2 = talloc_asprintf(tctx, "%s:%s:$DaTa", fname, "MStream Two");
+	snamew = talloc_asprintf(tctx, "%s:%s:$DATA", fname, "?Stream*");
+	snamew2 = talloc_asprintf(tctx, "%s\\stream*:%s:$DATA", BASEDIR, "?Stream*");
+	snamer1 = talloc_asprintf(tctx, "%s:%s:$DATA", fname, "BeforeRename");
+
+	printf("(%s) testing stream names\n", __location__);
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access =
+		NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum1 = io.ntcreatex.out.file.fnum;
+
+	torture_comment(tctx, "Adding two EAs to base file\n");
+	ZERO_STRUCT(sinfo);
+	sinfo.generic.level = RAW_SFILEINFO_EA_SET;
+	sinfo.generic.in.file.fnum = fnum1;
+	sinfo.ea_set.in.num_eas = 2;
+	sinfo.ea_set.in.eas = talloc_array(tctx, struct ea_struct, 2);
+	sinfo.ea_set.in.eas[0].flags = 0;
+	sinfo.ea_set.in.eas[0].name.s = "EAONE";
+	sinfo.ea_set.in.eas[0].value = data_blob_string_const("VALUE1");
+	sinfo.ea_set.in.eas[1].flags = 0;
+	sinfo.ea_set.in.eas[1].name.s = "SECONDEA";
+	sinfo.ea_set.in.eas[1].value = data_blob_string_const("ValueTwo");
+
+	status = smb_raw_setfileinfo(cli->tree, &sinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * Make sure the create time of the streams are different from the
+	 * base file.
+	 */
+	sleep(2);
+	smbcli_close(cli->tree, fnum1);
+
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access =
+		NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = sname1;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum1 = io.ntcreatex.out.file.fnum;
+
+	torture_comment(tctx, "Adding one EAs to first stream file\n");
+	ZERO_STRUCT(sinfo);
+	sinfo.generic.level = RAW_SFILEINFO_EA_SET;
+	sinfo.generic.in.file.fnum = fnum1;
+	sinfo.ea_set.in.num_eas = 1;
+	sinfo.ea_set.in.eas = talloc_array(tctx, struct ea_struct, 1);
+	sinfo.ea_set.in.eas[0].flags = 0;
+	sinfo.ea_set.in.eas[0].name.s = "STREAMEA";
+	sinfo.ea_set.in.eas[0].value = data_blob_string_const("EA_VALUE1");
+
+	status = smb_raw_setfileinfo(cli->tree, &sinfo);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	status = torture_check_ea(cli, sname1, "STREAMEA", "EA_VALUE1");
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	ZERO_STRUCT(info);
+	info.generic.level = RAW_FILEINFO_ALL_EAS;
+	info.all_eas.in.file.path = sname1;
+
+	status = smb_raw_pathinfo(cli->tree, tctx, &info);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	/*
+	 * A different stream does not give a sharing violation
+	 */
+
+	io.ntcreatex.in.fname = sname2;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum2 = io.ntcreatex.out.file.fnum;
+
+	/*
+	 * ... whereas the same stream does with unchanged access/share_access
+	 * flags
+	 */
+
+	io.ntcreatex.in.fname = sname1;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_SUPERSEDE;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_SHARING_VIOLATION);
+
+	io.ntcreatex.in.fname = sname1b;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_INVALID);
+
+	io.ntcreatex.in.fname = sname1c;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
+		/* w2k returns INVALID_PARAMETER */
+		CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+	} else {
+		CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_INVALID);
+	}
+
+	io.ntcreatex.in.fname = sname1d;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
+		/* w2k returns INVALID_PARAMETER */
+		CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+	} else {
+		CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_INVALID);
+	}
+
+	io.ntcreatex.in.fname = sname2;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_SHARING_VIOLATION);
+
+	io.ntcreatex.in.fname = snamew;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum3 = io.ntcreatex.out.file.fnum;
+
+	io.ntcreatex.in.fname = snamew2;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_INVALID);
+
+	ret &= check_stream_list(tctx, cli, fname, 4, four);
+
+	smbcli_close(cli->tree, fnum1);
+	smbcli_close(cli->tree, fnum2);
+	smbcli_close(cli->tree, fnum3);
+
+	finfo.generic.level = RAW_FILEINFO_ALL_INFO;
+	finfo.generic.in.file.path = fname;
+	status = smb_raw_pathinfo(cli->tree, tctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ret &= check_stream_list(tctx, cli, fname, 4, four);
+
+	for (i=0; i < 4; i++) {
+		NTTIME write_time;
+		uint64_t stream_size;
+		char *path = talloc_asprintf(tctx, "%s%s",
+					     fname, four[i]);
+
+		char *rpath = talloc_strdup(path, path);
+		char *p = strrchr(rpath, ':');
+		/* eat :$DATA */
+		*p = 0;
+		p--;
+		if (*p == ':') {
+			/* eat ::$DATA */
+			*p = 0;
+		}
+		printf("(%s): i[%u][%s]\n", __location__, i, path);
+		io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+		io.ntcreatex.in.access_mask = SEC_FILE_READ_ATTRIBUTE |
+					      SEC_FILE_WRITE_ATTRIBUTE |
+					    SEC_RIGHTS_FILE_ALL;
+		io.ntcreatex.in.fname = path;
+		status = smb_raw_open(cli->tree, tctx, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		fnum1 = io.ntcreatex.out.file.fnum;
+
+		finfo.generic.level = RAW_FILEINFO_ALL_INFO;
+		finfo.generic.in.file.path = fname;
+		status = smb_raw_pathinfo(cli->tree, tctx, &finfo);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		stinfo.generic.level = RAW_FILEINFO_ALL_INFO;
+		stinfo.generic.in.file.fnum = fnum1;
+		status = smb_raw_fileinfo(cli->tree, tctx, &stinfo);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		if (!torture_setting_bool(tctx, "samba3", false)) {
+			CHECK_NTTIME(stinfo.all_info.out.create_time,
+				     finfo.all_info.out.create_time);
+			CHECK_NTTIME(stinfo.all_info.out.access_time,
+				     finfo.all_info.out.access_time);
+			CHECK_NTTIME(stinfo.all_info.out.write_time,
+				     finfo.all_info.out.write_time);
+			CHECK_NTTIME(stinfo.all_info.out.change_time,
+				     finfo.all_info.out.change_time);
+		}
+		CHECK_VALUE(stinfo.all_info.out.attrib,
+			    finfo.all_info.out.attrib);
+		CHECK_VALUE(stinfo.all_info.out.size,
+			    finfo.all_info.out.size);
+		CHECK_VALUE(stinfo.all_info.out.delete_pending,
+			    finfo.all_info.out.delete_pending);
+		CHECK_VALUE(stinfo.all_info.out.directory,
+			    finfo.all_info.out.directory);
+		CHECK_VALUE(stinfo.all_info.out.ea_size,
+			    finfo.all_info.out.ea_size);
+
+		stinfo.generic.level = RAW_FILEINFO_NAME_INFO;
+		stinfo.generic.in.file.fnum = fnum1;
+		status = smb_raw_fileinfo(cli->tree, tctx, &stinfo);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		if (!torture_setting_bool(tctx, "samba3", false)) {
+			CHECK_STR(stinfo.name_info.out.fname.s, rpath);
+		}
+
+		write_time = finfo.all_info.out.write_time;
+		write_time += i*1000000;
+		write_time /= 1000000;
+		write_time *= 1000000;
+
+		ZERO_STRUCT(sinfo);
+		sinfo.basic_info.level = RAW_SFILEINFO_BASIC_INFO;
+		sinfo.basic_info.in.file.fnum = fnum1;
+		sinfo.basic_info.in.write_time = write_time;
+		sinfo.basic_info.in.attrib = stinfo.all_info.out.attrib;
+		status = smb_raw_setfileinfo(cli->tree, &sinfo);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		stream_size = i*8192;
+
+		ZERO_STRUCT(sinfo);
+		sinfo.end_of_file_info.level = RAW_SFILEINFO_END_OF_FILE_INFO;
+		sinfo.end_of_file_info.in.file.fnum = fnum1;
+		sinfo.end_of_file_info.in.size = stream_size;
+		status = smb_raw_setfileinfo(cli->tree, &sinfo);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		stinfo.generic.level = RAW_FILEINFO_ALL_INFO;
+		stinfo.generic.in.file.fnum = fnum1;
+		status = smb_raw_fileinfo(cli->tree, tctx, &stinfo);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		if (!torture_setting_bool(tctx, "samba3", false)) {
+			CHECK_NTTIME(stinfo.all_info.out.write_time,
+				     write_time);
+			CHECK_VALUE(stinfo.all_info.out.attrib,
+				    finfo.all_info.out.attrib);
+		}
+		CHECK_VALUE(stinfo.all_info.out.size,
+			    stream_size);
+		CHECK_VALUE(stinfo.all_info.out.delete_pending,
+			    finfo.all_info.out.delete_pending);
+		CHECK_VALUE(stinfo.all_info.out.directory,
+			    finfo.all_info.out.directory);
+		CHECK_VALUE(stinfo.all_info.out.ea_size,
+			    finfo.all_info.out.ea_size);
+
+		ret &= check_stream_list(tctx, cli, fname, 4, four);
+
+		smbcli_close(cli->tree, fnum1);
+		talloc_free(path);
+	}
+
+	printf("(%s): testing stream renames\n", __location__);
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.access_mask = SEC_FILE_READ_ATTRIBUTE |
+				      SEC_FILE_WRITE_ATTRIBUTE |
+				    SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.fname = snamer1;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum1 = io.ntcreatex.out.file.fnum;
+
+	ret &= check_stream_list(tctx, cli, fname, 5, five1);
+
+	ZERO_STRUCT(sinfo);
+	sinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sinfo.rename_information.in.file.fnum = fnum1;
+	sinfo.rename_information.in.overwrite = true;
+	sinfo.rename_information.in.root_fid = 0;
+	sinfo.rename_information.in.new_name = ":AfterRename:$DATA";
+	status = smb_raw_setfileinfo(cli->tree, &sinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ret &= check_stream_list(tctx, cli, fname, 5, five2);
+
+	ZERO_STRUCT(sinfo);
+	sinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sinfo.rename_information.in.file.fnum = fnum1;
+	sinfo.rename_information.in.overwrite = false;
+	sinfo.rename_information.in.root_fid = 0;
+	sinfo.rename_information.in.new_name = ":MStream Two:$DATA";
+	status = smb_raw_setfileinfo(cli->tree, &sinfo);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_COLLISION);
+
+	ret &= check_stream_list(tctx, cli, fname, 5, five2);
+
+	ZERO_STRUCT(sinfo);
+	sinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sinfo.rename_information.in.file.fnum = fnum1;
+	sinfo.rename_information.in.overwrite = true;
+	sinfo.rename_information.in.root_fid = 0;
+	sinfo.rename_information.in.new_name = ":MStream Two:$DATA";
+	status = smb_raw_setfileinfo(cli->tree, &sinfo);
+	if (torture_setting_bool(tctx, "samba4", false) ||
+	    torture_setting_bool(tctx, "samba3", false)) {
+		/* why should this rename be considered invalid?? */
+		CHECK_STATUS(status, NT_STATUS_OK);
+		ret &= check_stream_list(tctx, cli, fname, 4, four);
+	} else {
+		CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+		ret &= check_stream_list(tctx, cli, fname, 5, five2);
+	}
+
+
+	/* TODO: we need to test more rename combinations */
+
+done:
+	if (fnum1 != -1) smbcli_close(cli->tree, fnum1);
+	if (fnum2 != -1) smbcli_close(cli->tree, fnum2);
+	if (fnum3 != -1) smbcli_close(cli->tree, fnum3);
+	status = smbcli_unlink(cli->tree, fname);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+/*
+  test stream names
+*/
+static bool test_stream_names2(struct torture_context *tctx,
+			       struct smbcli_state *cli)
+{
+	NTSTATUS status;
+	union smb_open io;
+	const char *fname = BASEDIR "\\stream_names2.txt";
+	bool ret = true;
+	int fnum1 = -1;
+	uint8_t i;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	printf("(%s) testing stream names\n", __location__);
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FILE_WRITE_DATA;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = 0;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum1 = io.ntcreatex.out.file.fnum;
+
+	for (i=0x01; i < 0x7F; i++) {
+		char *path = talloc_asprintf(tctx, "%s:Stream%c0x%02X:$DATA",
+					     fname, i, i);
+		NTSTATUS expected;
+
+		switch (i) {
+		case '/':/*0x2F*/
+		case ':':/*0x3A*/
+		case '\\':/*0x5C*/
+			expected = NT_STATUS_OBJECT_NAME_INVALID;
+			break;
+		default:
+			expected = NT_STATUS_OBJECT_NAME_NOT_FOUND;
+			break;
+		}
+
+
+		io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+		io.ntcreatex.in.fname = path;
+		status = smb_raw_open(cli->tree, tctx, &io);
+		if (!NT_STATUS_EQUAL(status, expected)) {
+			printf("(%s) %s:Stream%c0x%02X:$DATA%s => expected[%s]\n",
+				__location__, fname, isprint(i)?(char)i:' ', i,
+				isprint(i)?"":" (not printable)",
+				nt_errstr(expected));
+		}
+		CHECK_STATUS(status, expected);
+
+		talloc_free(path);
+	}
+
+done:
+	if (fnum1 != -1) smbcli_close(cli->tree, fnum1);
+	status = smbcli_unlink(cli->tree, fname);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+#define CHECK_CALL_FNUM(call, rightstatus) do { \
+        sfinfo.generic.level = RAW_SFILEINFO_ ## call; \
+        sfinfo.generic.in.file.fnum = fnum; \
+        status = smb_raw_setfileinfo(cli->tree, &sfinfo); \
+        if (!NT_STATUS_EQUAL(status, rightstatus)) { \
+                printf("(%s) %s - %s (should be %s)\n", __location__, #call, \
+                        nt_errstr(status), nt_errstr(rightstatus)); \
+                ret = false; \
+        } \
+        finfo1.generic.level = RAW_FILEINFO_ALL_INFO; \
+        finfo1.generic.in.file.fnum = fnum; \
+        status2 = smb_raw_fileinfo(cli->tree, tctx, &finfo1); \
+        if (!NT_STATUS_IS_OK(status2)) { \
+                printf("(%s) %s pathinfo - %s\n", __location__, #call, nt_errstr(status)); \
+                ret = false; \
+        }} while (0)
+
+/*
+  test stream renames
+*/
+static bool test_stream_rename(struct torture_context *tctx,
+				   struct smbcli_state *cli)
+{
+	NTSTATUS status, status2;
+	union smb_open io;
+	const char *fname = BASEDIR "\\stream_rename.txt";
+	const char *sname1, *sname2;
+	union smb_fileinfo finfo1;
+	union smb_setfileinfo sfinfo;
+	bool ret = true;
+	int fnum = -1;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	sname1 = talloc_asprintf(tctx, "%s:%s", fname, "Stream One");
+	sname2 = talloc_asprintf(tctx, "%s:%s:$DaTa", fname, "Second Stream");
+
+	printf("(%s) testing stream renames\n", __location__);
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FILE_READ_ATTRIBUTE |
+				      SEC_FILE_WRITE_ATTRIBUTE |
+				    SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE | NTCREATEX_SHARE_ACCESS_DELETE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = sname1;
+
+	/* Create two streams. */
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	if (fnum != -1) smbcli_close(cli->tree, fnum);
+
+	io.ntcreatex.in.fname = sname2;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	if (fnum != -1) smbcli_close(cli->tree, fnum);
+
+	/*
+	 * Open the second stream.
+	 */
+
+	io.ntcreatex.in.access_mask = SEC_STD_DELETE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	/*
+	 * Now rename the second stream onto the first.
+	 */
+
+	ZERO_STRUCT(sfinfo);
+
+	sfinfo.rename_information.in.overwrite = 1;
+	sfinfo.rename_information.in.root_fid  = 0;
+	sfinfo.rename_information.in.new_name  = ":Stream One";
+	CHECK_CALL_FNUM(RENAME_INFORMATION, NT_STATUS_OK);
+
+done:
+	if (fnum != -1) smbcli_close(cli->tree, fnum);
+	status = smbcli_unlink(cli->tree, fname);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+static bool test_stream_rename2(struct torture_context *tctx,
+			       struct smbcli_state *cli)
+{
+	NTSTATUS status;
+	union smb_open io;
+	const char *fname1 = BASEDIR "\\stream.txt";
+	const char *fname2 = BASEDIR "\\stream2.txt";
+	const char *stream_name1 = ":Stream One:$DATA";
+	const char *stream_name2 = ":Stream Two:$DATA";
+	const char *stream_name_default = "::$DATA";
+	const char *sname1;
+	const char *sname2;
+	bool ret = true;
+	int fnum = -1;
+	union smb_setfileinfo sinfo;
+	union smb_rename rio;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	sname1 = talloc_asprintf(tctx, "%s:%s", fname1, "Stream One");
+	sname2 = talloc_asprintf(tctx, "%s:%s", fname1, "Stream Two");
+
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = (SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA|
+	    SEC_STD_DELETE|SEC_FILE_APPEND_DATA|SEC_STD_READ_CONTROL);
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = (NTCREATEX_SHARE_ACCESS_READ |
+					NTCREATEX_SHARE_ACCESS_WRITE |
+					NTCREATEX_SHARE_ACCESS_DELETE);
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = sname1;
+
+	/* Open/create new stream. */
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+
+	/*
+	 * Check raw rename with <base>:<stream>.
+	 */
+	printf("(%s) Checking NTRENAME of a stream using <base>:<stream>\n",
+	       __location__);
+	rio.generic.level = RAW_RENAME_NTRENAME;
+	rio.ntrename.in.old_name = sname1;
+	rio.ntrename.in.new_name = sname2;
+	rio.ntrename.in.attrib = 0;
+	rio.ntrename.in.cluster_size = 0;
+	rio.ntrename.in.flags = RENAME_FLAG_RENAME;
+	status = smb_raw_rename(cli->tree, &rio);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	/*
+	 * Check raw rename to the default stream using :<stream>.
+	 */
+	printf("(%s) Checking NTRENAME to default stream using :<stream>\n",
+	       __location__);
+	rio.ntrename.in.new_name = stream_name_default;
+	status = smb_raw_rename(cli->tree, &rio);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_COLLISION);
+
+	/*
+	 * Check raw rename using :<stream>.
+	 */
+	printf("(%s) Checking NTRENAME of a stream using :<stream>\n",
+	       __location__);
+	rio.ntrename.in.new_name = stream_name2;
+	status = smb_raw_rename(cli->tree, &rio);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * Check raw rename of a stream to a file.
+	 */
+	printf("(%s) Checking NTRENAME of a stream to a file\n",
+	       __location__);
+	rio.ntrename.in.old_name = sname2;
+	rio.ntrename.in.new_name = fname2;
+	status = smb_raw_rename(cli->tree, &rio);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	/*
+	 * Check raw rename of a file to a stream.
+	 */
+	printf("(%s) Checking NTRENAME of a file to a stream\n",
+	       __location__);
+
+	/* Create the file. */
+	io.ntcreatex.in.fname = fname2;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+
+	/* Try the rename. */
+	rio.ntrename.in.old_name = fname2;
+	rio.ntrename.in.new_name = sname1;
+	status = smb_raw_rename(cli->tree, &rio);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_INVALID);
+
+	/*
+	 * Reopen the stream for trans2 renames.
+	 */
+	io.ntcreatex.in.fname = sname2;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	/*
+	 * Check trans2 rename of a stream using :<stream>.
+	 */
+	printf("(%s) Checking trans2 rename of a stream using :<stream>\n",
+	       __location__);
+	ZERO_STRUCT(sinfo);
+	sinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sinfo.rename_information.in.file.fnum = fnum;
+	sinfo.rename_information.in.overwrite = 1;
+	sinfo.rename_information.in.root_fid = 0;
+	sinfo.rename_information.in.new_name = stream_name1;
+	status = smb_raw_setfileinfo(cli->tree, &sinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * Check trans2 rename of an overwriting stream using :<stream>.
+	 */
+	printf("(%s) Checking trans2 rename of an overwriting stream using "
+	       ":<stream>\n", __location__);
+
+	/* Create second stream. */
+	io.ntcreatex.in.fname = sname2;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+
+	/* Rename the first stream onto the second. */
+	sinfo.rename_information.in.file.fnum = fnum;
+	sinfo.rename_information.in.new_name = stream_name2;
+	status = smb_raw_setfileinfo(cli->tree, &sinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	smbcli_close(cli->tree, fnum);
+
+	/*
+	 * Reopen the stream with the new name.
+	 */
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io.ntcreatex.in.fname = sname2;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	/*
+	 * Check trans2 rename of a stream using <base>:<stream>.
+	 */
+	printf("(%s) Checking trans2 rename of a stream using "
+	       "<base>:<stream>\n", __location__);
+	sinfo.rename_information.in.file.fnum = fnum;
+	sinfo.rename_information.in.new_name = sname1;
+	status = smb_raw_setfileinfo(cli->tree, &sinfo);
+	CHECK_STATUS(status, NT_STATUS_NOT_SUPPORTED);
+
+	/*
+	 * Samba3 doesn't currently support renaming a stream to the default
+	 * stream.  This test does pass on windows.
+	 */
+	if (torture_setting_bool(tctx, "samba3", false) ||
+	    torture_setting_bool(tctx, "samba4", false)) {
+		goto done;
+	}
+
+	/*
+	 * Check trans2 rename to the default stream using :<stream>.
+	 */
+	printf("(%s) Checking trans2 rename to defaualt stream using "
+	       ":<stream>\n", __location__);
+	sinfo.rename_information.in.file.fnum = fnum;
+	sinfo.rename_information.in.new_name = stream_name_default;
+	status = smb_raw_setfileinfo(cli->tree, &sinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	smbcli_close(cli->tree, fnum);
+
+ done:
+	smbcli_close(cli->tree, fnum);
+	status = smbcli_unlink(cli->tree, fname1);
+	status = smbcli_unlink(cli->tree, fname2);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+/*
+  test stream renames
+*/
+static bool test_stream_rename3(struct torture_context *tctx,
+				   struct smbcli_state *cli)
+{
+	NTSTATUS status, status2;
+	union smb_open io;
+	const char *fname = BASEDIR "\\stream_rename.txt";
+	const char *sname1, *sname2;
+	union smb_fileinfo finfo1;
+	union smb_setfileinfo sfinfo;
+	bool ret = true;
+	int fnum = -1;
+	int fnum2 = -1;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	sname1 = talloc_asprintf(tctx, "%s:%s", fname, "MStream Two:$DATA");
+	sname2 = talloc_asprintf(tctx, "%s:%s:$DaTa", fname, "Second Stream");
+
+	printf("(%s) testing stream renames\n", __location__);
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FILE_READ_ATTRIBUTE |
+				      SEC_FILE_WRITE_ATTRIBUTE |
+				    SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+	    NTCREATEX_SHARE_ACCESS_WRITE | NTCREATEX_SHARE_ACCESS_DELETE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = sname1;
+
+	/* Create two streams. */
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+	if (fnum != -1) smbcli_close(cli->tree, fnum);
+
+	io.ntcreatex.in.fname = sname2;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	if (fnum != -1) smbcli_close(cli->tree, fnum);
+
+	/* open the second stream. */
+	io.ntcreatex.in.access_mask = SEC_STD_DELETE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	/* Keep a handle to the first stream open. */
+	io.ntcreatex.in.fname = sname1;
+	io.ntcreatex.in.access_mask = SEC_STD_DELETE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum2 = io.ntcreatex.out.file.fnum;
+
+	ZERO_STRUCT(sfinfo);
+	sfinfo.rename_information.in.overwrite = 1;
+	sfinfo.rename_information.in.root_fid  = 0;
+	sfinfo.rename_information.in.new_name  = ":MStream Two:$DATA";
+	if (torture_setting_bool(tctx, "samba4", false) ||
+	    torture_setting_bool(tctx, "samba3", false)) {
+		CHECK_CALL_FNUM(RENAME_INFORMATION, NT_STATUS_OK);
+	} else {
+		CHECK_CALL_FNUM(RENAME_INFORMATION,
+		    NT_STATUS_INVALID_PARAMETER);
+	}
+
+
+done:
+	if (fnum != -1) smbcli_close(cli->tree, fnum);
+	if (fnum2 != -1) smbcli_close(cli->tree, fnum2);
+	status = smbcli_unlink(cli->tree, fname);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+static bool create_file_with_stream(struct torture_context *tctx,
+				    struct smbcli_state *cli,
+				    const char *stream)
+{
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+
+	ZERO_STRUCT(io);
+
+	/* Create a file with a stream */
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = (SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA|
+	    SEC_FILE_APPEND_DATA|SEC_STD_READ_CONTROL);
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = 0;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = stream;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+ done:
+	smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+	return ret;
+}
+
+/* Test how streams interact with create dispositions */
+static bool test_stream_create_disposition(struct torture_context *tctx,
+					   struct smbcli_state *cli)
+{
+	NTSTATUS status;
+	union smb_open io;
+	const char *fname = BASEDIR "\\stream.txt";
+	const char *stream = "Stream One:$DATA";
+	const char *fname_stream;
+	const char *default_stream_name = "::$DATA";
+	const char *stream_list[2];
+	bool ret = false;
+	int fnum = -1;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	fname_stream = talloc_asprintf(tctx, "%s:%s", fname, stream);
+
+	stream_list[0] = talloc_asprintf(tctx, ":%s", stream);
+	stream_list[1] = default_stream_name;
+
+	if (!create_file_with_stream(tctx, cli, fname_stream)) {
+		goto done;
+	}
+
+	/* Open the base file with OPEN */
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = (SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA|
+	    SEC_FILE_APPEND_DATA|SEC_STD_READ_CONTROL);
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = 0;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	/*
+	 * check ntcreatex open: sanity check
+	 */
+	printf("(%s) Checking ntcreatex disp: open\n", __location__);
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+	if (!check_stream_list(tctx, cli, fname, 2, stream_list)) {
+		goto done;
+	}
+
+	/*
+	 * check ntcreatex overwrite
+	 */
+	printf("(%s) Checking ntcreatex disp: overwrite\n", __location__);
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OVERWRITE;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+	if (!check_stream_list(tctx, cli, fname, 1, &default_stream_name)) {
+		goto done;
+	}
+
+	/*
+	 * check ntcreatex overwrite_if
+	 */
+	printf("(%s) Checking ntcreatex disp: overwrite_if\n", __location__);
+	smbcli_unlink(cli->tree, fname);
+	if (!create_file_with_stream(tctx, cli, fname_stream)) {
+		goto done;
+	}
+
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+	if (!check_stream_list(tctx, cli, fname, 1, &default_stream_name)) {
+		goto done;
+	}
+
+	/*
+	 * check ntcreatex supersede
+	 */
+	printf("(%s) Checking ntcreatex disp: supersede\n", __location__);
+	smbcli_unlink(cli->tree, fname);
+	if (!create_file_with_stream(tctx, cli, fname_stream)) {
+		goto done;
+	}
+
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_SUPERSEDE;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+	if (!check_stream_list(tctx, cli, fname, 1, &default_stream_name)) {
+		goto done;
+	}
+
+	/*
+	 * check ntcreatex overwrite_if on a stream.
+	 */
+	printf("(%s) Checking ntcreatex disp: overwrite_if on stream\n",
+	       __location__);
+	smbcli_unlink(cli->tree, fname);
+	if (!create_file_with_stream(tctx, cli, fname_stream)) {
+		goto done;
+	}
+
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+	io.ntcreatex.in.fname = fname_stream;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+	if (!check_stream_list(tctx, cli, fname, 2, stream_list)) {
+		goto done;
+	}
+
+	/*
+	 * check openx overwrite_if
+	 */
+	printf("(%s) Checking openx disp: overwrite_if\n", __location__);
+	smbcli_unlink(cli->tree, fname);
+	if (!create_file_with_stream(tctx, cli, fname_stream)) {
+		goto done;
+	}
+
+	io.openx.level = RAW_OPEN_OPENX;
+	io.openx.in.flags = OPENX_FLAGS_ADDITIONAL_INFO;
+	io.openx.in.open_mode = OPENX_MODE_ACCESS_RDWR | OPEN_FLAGS_DENY_NONE;
+	io.openx.in.search_attrs = 0;
+	io.openx.in.file_attrs = 0;
+	io.openx.in.write_time = 0;
+	io.openx.in.size = 1024*1024;
+	io.openx.in.timeout = 0;
+	io.openx.in.fname = fname;
+
+	io.openx.in.open_func = OPENX_OPEN_FUNC_TRUNC | OPENX_OPEN_FUNC_CREATE;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smbcli_close(cli->tree, io.openx.out.file.fnum);
+	if (!check_stream_list(tctx, cli, fname, 1, &default_stream_name)) {
+		goto done;
+	}
+
+	ret = true;
+
+ done:
+	smbcli_close(cli->tree, fnum);
+	smbcli_unlink(cli->tree, fname);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+#if 0
+/* Test streaminfo with enough streams on a file to fill up the buffer.  */
+static bool test_stream_large_streaminfo(struct torture_context *tctx,
+					 struct smbcli_state *cli)
+{
+#define LONG_STREAM_SIZE 2
+	char *lstream_name;
+	const char *fname = BASEDIR "\\stream.txt";
+	const char *fname_stream;
+	NTSTATUS status;
+	bool ret = true;
+	int i;
+	union smb_fileinfo finfo;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	lstream_name = talloc_array(tctx, char, LONG_STREAM_SIZE);
+
+	for (i = 0; i < LONG_STREAM_SIZE - 1; i++) {
+		lstream_name[i] = (char)('a' + i%26);
+	}
+	lstream_name[LONG_STREAM_SIZE - 1] = '\0';
+
+	torture_comment(tctx, "(%s) Creating a file with a lot of streams\n", __location__);
+	for (i = 0; i < 10000; i++) {
+		fname_stream = talloc_asprintf(tctx, "%s:%s%d", fname,
+					       lstream_name, i);
+		ret = create_file_with_stream(tctx, cli, fname_stream);
+		if (!ret) {
+			goto done;
+		}
+	}
+
+	finfo.generic.level = RAW_FILEINFO_STREAM_INFO;
+	finfo.generic.in.file.path = fname;
+
+	status = smb_raw_pathinfo(cli->tree, tctx, &finfo);
+	CHECK_STATUS(status, STATUS_BUFFER_OVERFLOW);
+
+ done:
+	smbcli_unlink(cli->tree, fname);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+#endif
+
+/* Test the effect of setting attributes on a stream. */
+static bool test_stream_attributes(struct torture_context *tctx,
+					 struct smbcli_state *cli)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_open io;
+	const char *fname = BASEDIR "\\stream_attr.txt";
+	const char *stream = "Stream One:$DATA";
+	const char *fname_stream;
+	int fnum = -1;
+	union smb_fileinfo finfo;
+	union smb_setfileinfo sfinfo;
+	time_t basetime = (time(NULL) - 86400) & ~1;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	torture_comment(tctx, "(%s) testing attribute setting on stream\n", __location__);
+
+	fname_stream = talloc_asprintf(tctx, "%s:%s", fname, stream);
+
+	/* Create a file with a stream with attribute FILE_ATTRIBUTE_ARCHIVE. */
+	ret = create_file_with_stream(tctx, cli, fname_stream);
+	if (!ret) {
+		goto done;
+	}
+
+	ZERO_STRUCT(finfo);
+	finfo.generic.level = RAW_FILEINFO_BASIC_INFO;
+	finfo.generic.in.file.path = fname;
+	status = smb_raw_pathinfo(cli->tree, tctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_assert_int_equal_goto(tctx, finfo.all_info.out.attrib & ~FILE_ATTRIBUTE_NONINDEXED, FILE_ATTRIBUTE_ARCHIVE, ret, done, "attrib incorrect");
+
+	/* Now open the stream name. */
+
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = (SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA|
+	    SEC_FILE_APPEND_DATA|SEC_STD_READ_CONTROL|SEC_FILE_WRITE_ATTRIBUTE);
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = 0;
+	io.ntcreatex.in.share_access = 0;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname_stream;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	fnum = io.ntcreatex.out.file.fnum;
+
+	/* Change the attributes + time on the stream fnum. */
+	ZERO_STRUCT(sfinfo);
+	sfinfo.basic_info.in.attrib = FILE_ATTRIBUTE_READONLY;
+	unix_to_nt_time(&sfinfo.basic_info.in.write_time, basetime);
+
+        sfinfo.generic.level = RAW_SFILEINFO_BASIC_INFORMATION;
+        sfinfo.generic.in.file.fnum = fnum;
+        status = smb_raw_setfileinfo(cli->tree, &sfinfo);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OK, ret, done, "smb_raw_setfileinfo failed");
+
+	smbcli_close(cli->tree, fnum);
+	fnum = -1;
+
+	ZERO_STRUCT(finfo);
+	finfo.generic.level = RAW_FILEINFO_ALL_INFO;
+	finfo.generic.in.file.path = fname;
+	status = smb_raw_pathinfo(cli->tree, tctx, &finfo);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OK, ret, done, "smb_raw_pathinfo failed");
+
+	torture_assert_int_equal_goto(tctx, finfo.all_info.out.attrib & ~FILE_ATTRIBUTE_NONINDEXED, FILE_ATTRIBUTE_READONLY, ret, done, "attrib incorrect");
+
+	torture_assert_int_equal_goto(tctx, nt_time_to_unix(finfo.all_info.out.write_time), basetime, ret, done, "time incorrect");
+
+ done:
+
+	if (fnum != -1) {
+		smbcli_close(cli->tree, fnum);
+	}
+	smbcli_unlink(cli->tree, fname);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+/**
+ * A rough approximation of how a windows client creates the streams for use
+ * in the summary tab.
+ */
+static bool test_stream_summary_tab(struct torture_context *tctx,
+				    struct smbcli_state *cli)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_open io;
+	const char *fname = BASEDIR "\\stream_summary.txt";
+	const char *stream = ":\005SummaryInformation:$DATA";
+	const char *fname_stream = NULL;
+	const char *tmp_stream = ":Updt_\005SummaryInformation:$DATA";
+	const char *fname_tmp_stream = NULL;
+	int fnum = -1;
+	union smb_fileinfo finfo;
+	union smb_rename rio;
+	ssize_t retsize;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	fname_stream = talloc_asprintf(tctx, "%s%s", fname, stream);
+	fname_tmp_stream = talloc_asprintf(tctx, "%s%s", fname,
+					   tmp_stream);
+
+	/* Create summary info stream */
+	ret = create_file_with_stream(tctx, cli, fname_stream);
+	if (!ret) {
+		goto done;
+	}
+
+	/* Create summary info tmp update stream */
+	ret = create_file_with_stream(tctx, cli, fname_tmp_stream);
+	if (!ret) {
+		goto done;
+	}
+
+	/* Open tmp stream and write to it */
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = 0;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname_tmp_stream;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	retsize = smbcli_write(cli->tree, fnum, 0, "test data", 0, 9);
+	CHECK_VALUE(retsize, 9);
+
+	/* close the tmp stream. */
+	smbcli_close(cli->tree, fnum);
+	fnum = -1;
+
+	/* Delete the current stream */
+	smbcli_unlink(cli->tree, fname_stream);
+
+	/* Do the rename. */
+	rio.generic.level = RAW_RENAME_RENAME;
+	rio.rename.in.pattern1 = fname_tmp_stream;
+	rio.rename.in.pattern2 = stream;
+	rio.rename.in.attrib = FILE_ATTRIBUTE_SYSTEM |
+	    FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_DIRECTORY;
+	status = smb_raw_rename(cli->tree, &rio);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Try to open the tmp stream that we just renamed away. */
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	/* Query the base file to make sure it's still there.  */
+	finfo.generic.level = RAW_FILEINFO_BASIC_INFO;
+	finfo.generic.in.file.path = fname;
+
+	status = smb_raw_pathinfo(cli->tree, tctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+ done:
+
+	if (fnum != -1) {
+		smbcli_close(cli->tree, fnum);
+	}
+	smbcli_unlink(cli->tree, fname);
+
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+/* Test how streams interact with base file permissions */
+/* Regression test for bug:
+   https://bugzilla.samba.org/show_bug.cgi?id=10229
+   bug #10229 - No access check verification on stream files.
+*/
+static bool test_stream_permissions(struct torture_context *tctx,
+					   struct smbcli_state *cli)
+{
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	const char *fname = BASEDIR "\\stream_permissions.txt";
+	const char *stream = "Stream One:$DATA";
+	const char *fname_stream;
+	union smb_fileinfo finfo;
+	union smb_setfileinfo sfinfo;
+	int fnum = -1;
+	union smb_fileinfo q;
+	union smb_setfileinfo set;
+	struct security_ace ace = {};
+	struct security_descriptor *sd;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR),
+		"Failed to setup up test directory: " BASEDIR);
+
+	torture_comment(tctx, "(%s) testing permissions on streams\n", __location__);
+
+	fname_stream = talloc_asprintf(tctx, "%s:%s", fname, stream);
+
+	/* Create a file with a stream with attribute FILE_ATTRIBUTE_ARCHIVE. */
+	ret = create_file_with_stream(tctx, cli, fname_stream);
+	if (!ret) {
+		goto done;
+	}
+
+	ZERO_STRUCT(finfo);
+	finfo.generic.level = RAW_FILEINFO_BASIC_INFO;
+	finfo.generic.in.file.path = fname;
+	status = smb_raw_pathinfo(cli->tree, tctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_assert_int_equal_goto(tctx,
+		finfo.all_info.out.attrib & ~FILE_ATTRIBUTE_NONINDEXED,
+		FILE_ATTRIBUTE_ARCHIVE, ret, done, "attrib incorrect");
+
+	/* Change the attributes on the base file name. */
+	ZERO_STRUCT(sfinfo);
+	sfinfo.generic.level = RAW_SFILEINFO_SETATTR;
+	sfinfo.generic.in.file.path        = fname;
+	sfinfo.setattr.in.attrib           = FILE_ATTRIBUTE_READONLY;
+
+	status = smb_raw_setpathinfo(cli->tree, &sfinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Try and open the stream name for WRITE_DATA. Should
+	   fail with ACCESS_DENIED. */
+
+	ZERO_STRUCT(io);
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FILE_WRITE_DATA;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = 0;
+	io.ntcreatex.in.share_access = 0;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname_stream;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	/* Change the attributes on the base file back. */
+	ZERO_STRUCT(sfinfo);
+	sfinfo.generic.level = RAW_SFILEINFO_SETATTR;
+	sfinfo.generic.in.file.path        = fname;
+	sfinfo.setattr.in.attrib           = 0;
+
+	status = smb_raw_setpathinfo(cli->tree, &sfinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Re-open the file name. */
+
+	ZERO_STRUCT(io);
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = (SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA|
+		SEC_STD_READ_CONTROL|SEC_STD_WRITE_DAC|
+		SEC_FILE_WRITE_ATTRIBUTE);
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = 0;
+	io.ntcreatex.in.share_access = 0;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	fnum = io.ntcreatex.out.file.fnum;
+
+	/* Get the existing security descriptor. */
+	ZERO_STRUCT(q);
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.fnum = fnum;
+	q.query_secdesc.in.secinfo_flags =
+		SECINFO_OWNER |
+		SECINFO_GROUP |
+		SECINFO_DACL;
+	status = smb_raw_fileinfo(cli->tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	sd = q.query_secdesc.out.sd;
+
+	/* Now add a DENY WRITE security descriptor for Everyone. */
+	torture_comment(tctx, "add a new ACE to the DACL\n");
+
+	ace.type = SEC_ACE_TYPE_ACCESS_DENIED;
+	ace.flags = 0;
+	ace.access_mask = SEC_FILE_WRITE_DATA;
+	ace.trustee = global_sid_World;
+
+	status = security_descriptor_dacl_add(sd, &ace);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* security_descriptor_dacl_add adds to the *end* of
+	   the ace array, we need it at the start. Swap.. */
+	ace = sd->dacl->aces[0];
+	sd->dacl->aces[0] = sd->dacl->aces[sd->dacl->num_aces-1];
+	sd->dacl->aces[sd->dacl->num_aces-1] = ace;
+
+	ZERO_STRUCT(set);
+	set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+	set.set_secdesc.in.file.fnum = fnum;
+	set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+	set.set_secdesc.in.sd = sd;
+
+	status = smb_raw_setfileinfo(cli->tree, &set);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	smbcli_close(cli->tree, fnum);
+	fnum = -1;
+
+	/* Try and open the stream name for WRITE_DATA. Should
+	   fail with ACCESS_DENIED. */
+
+	ZERO_STRUCT(io);
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FILE_WRITE_DATA;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = 0;
+	io.ntcreatex.in.share_access = 0;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname_stream;
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+ done:
+
+	if (fnum != -1) {
+		smbcli_close(cli->tree, fnum);
+	}
+	smbcli_unlink(cli->tree, fname);
+
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+/* 
+   basic testing of streams calls
+*/
+struct torture_suite *torture_raw_streams(TALLOC_CTX *tctx)
+{
+	struct torture_suite *suite = torture_suite_create(tctx, "streams");
+
+	torture_suite_add_1smb_test(suite, "dir", test_stream_dir);
+	torture_suite_add_1smb_test(suite, "io", test_stream_io);
+	torture_suite_add_1smb_test(suite, "sharemodes", test_stream_sharemodes);
+	torture_suite_add_1smb_test(suite, "delete", test_stream_delete);
+	torture_suite_add_1smb_test(suite, "names", test_stream_names);
+	torture_suite_add_1smb_test(suite, "names2", test_stream_names2);
+	torture_suite_add_1smb_test(suite, "rename", test_stream_rename);
+	torture_suite_add_1smb_test(suite, "rename2", test_stream_rename2);
+	torture_suite_add_1smb_test(suite, "rename3", test_stream_rename3);
+	torture_suite_add_1smb_test(suite, "createdisp",
+	    test_stream_create_disposition);
+	torture_suite_add_1smb_test(suite, "attr", test_stream_attributes);
+	torture_suite_add_1smb_test(suite, "sumtab", test_stream_summary_tab);
+	torture_suite_add_1smb_test(suite, "perms", test_stream_permissions);
+
+#if 0
+	torture_suite_add_1smb_test(suite, "LARGESTREAMINFO",
+		test_stream_large_streaminfo);
+#endif
+
+	return suite;
+}
diff --git a/source4/torture/raw/tconrate.c b/source4/torture/raw/tconrate.c
new file mode 100644
index 0000000..e514e7a
--- /dev/null
+++ b/source4/torture/raw/tconrate.c
@@ -0,0 +1,208 @@
+/*
+   SMB tree connection rate test
+
+   Copyright (C) 2006-2007 James Peach
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/libcli.h"
+#include "libcli/resolve/resolve.h"
+#include "torture/smbtorture.h"
+#include "lib/cmdline/cmdline.h"
+#include "param/param.h"
+
+#include "system/filesys.h"
+#include "system/shmem.h"
+#include "torture/raw/proto.h"
+
+#define TIME_LIMIT_SECS 30
+#define usec_to_sec(s) ((s) / 1000000)
+
+/* Map a shared memory buffer of at least nelem counters. */
+static void * map_count_buffer(unsigned nelem, size_t elemsz)
+{
+	void * buf;
+	size_t bufsz;
+	size_t pagesz = getpagesize();
+
+	bufsz = nelem * elemsz;
+	bufsz = (bufsz + pagesz) % pagesz; /* round up to pagesz */
+
+#ifdef MAP_ANON
+	/* BSD */
+	buf = mmap(NULL, bufsz, PROT_READ|PROT_WRITE, MAP_ANON|MAP_SHARED,
+			-1 /* fd */, 0 /* offset */);
+#else
+	buf = mmap(NULL, bufsz, PROT_READ|PROT_WRITE, MAP_FILE|MAP_SHARED,
+			open("/dev/zero", O_RDWR), 0 /* offset */);
+#endif
+
+	if (buf == MAP_FAILED) {
+		printf("failed to map count buffer: %s\n",
+				strerror(errno));
+		return NULL;
+	}
+
+	return buf;
+
+}
+
+static int fork_tcon_client(struct torture_context *tctx,
+		int *tcon_count, unsigned tcon_timelimit,
+		const char *host, const char *share)
+{
+	pid_t child;
+	struct smbcli_state *cli;
+	struct timeval end;
+	struct timeval now;
+	struct smbcli_options options;
+	struct smbcli_session_options session_options;
+
+	lpcfg_smbcli_options(tctx->lp_ctx, &options);
+	lpcfg_smbcli_session_options(tctx->lp_ctx, &session_options);
+
+	child = fork();
+	if (child == -1) {
+		printf("failed to fork child: %s\n,", strerror(errno));
+		return -1;
+	} else if (child != 0) {
+		/* Parent, just return. */
+		return 0;
+	}
+
+	/* Child. Just make as many connections as possible within the
+	 * time limit. Don't bother synchronising the child start times
+	 * because it's probably not work the effort, and a bit of startup
+	 * jitter is probably a more realistic test.
+	 */
+
+
+	end = timeval_current();
+	now = timeval_current();
+	end.tv_sec += tcon_timelimit;
+	*tcon_count = 0;
+
+	while (timeval_compare(&now, &end) == -1) {
+		NTSTATUS status;
+
+		status = smbcli_full_connection(NULL, &cli,
+				host, lpcfg_smb_ports(tctx->lp_ctx), share,
+				NULL, lpcfg_socket_options(tctx->lp_ctx),
+				samba_cmdline_get_creds(),
+				lpcfg_resolve_context(tctx->lp_ctx),
+				tctx->ev, &options, &session_options,
+				lpcfg_gensec_settings(tctx, tctx->lp_ctx));
+
+		if (!NT_STATUS_IS_OK(status)) {
+			printf("failed to connect to //%s/%s: %s\n",
+				host, share, nt_errstr(status));
+			goto done;
+		}
+
+		smbcli_tdis(cli);
+		talloc_free(cli);
+
+		*tcon_count = *tcon_count + 1;
+		now = timeval_current();
+	}
+
+done:
+	exit(0);
+}
+
+static bool children_remain(void)
+{
+	bool res;
+
+	/* Reap as many children as possible. */
+	for (;;) {
+		pid_t ret = waitpid(-1, NULL, WNOHANG);
+		if (ret == 0) {
+			/* no children ready */
+			res = true;
+			break;
+		}
+		if (ret == -1) {
+			/* no children left. maybe */
+			res = errno != ECHILD;
+			break;
+		}
+	}
+	return res;
+}
+
+static double rate_convert_secs(unsigned count,
+		const struct timeval *start, const struct timeval *end)
+{
+	return (double)count /
+		usec_to_sec((double)usec_time_diff(end, start));
+}
+
+/* Test the rate at which the server will accept connections.  */
+bool torture_bench_treeconnect(struct torture_context *tctx)
+{
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *share = torture_setting_string(tctx, "share", NULL);
+
+	int timelimit = torture_setting_int(tctx, "timelimit",
+					TIME_LIMIT_SECS);
+	int nprocs = torture_setting_int(tctx, "nprocs", 4);
+
+	int *curr_counts = map_count_buffer(nprocs, sizeof(int));
+	int *last_counts = talloc_zero_array(tctx, int, nprocs);
+
+	struct timeval now, last, start;
+	int i, delta;
+
+	torture_assert(tctx, nprocs > 0, "bad proc count");
+	torture_assert(tctx, timelimit > 0, "bad timelimit");
+	torture_assert(tctx, curr_counts, "allocation failure");
+	torture_assert(tctx, last_counts, "allocation failure");
+
+	start = last = timeval_current();
+	for (i = 0; i < nprocs; ++i) {
+		fork_tcon_client(tctx, &curr_counts[i], timelimit, host, share);
+	}
+
+	while (children_remain()) {
+
+		sleep(1);
+		now = timeval_current();
+
+		for (i = 0, delta = 0; i < nprocs; ++i) {
+			delta += curr_counts[i] - last_counts[i];
+		}
+
+		printf("%u connections/sec\n",
+			(unsigned)rate_convert_secs(delta, &last, &now));
+
+		memcpy(last_counts, curr_counts, nprocs * sizeof(int));
+		last = timeval_current();
+	}
+
+	now = timeval_current();
+
+	for (i = 0, delta = 0; i < nprocs; ++i) {
+		delta += curr_counts[i];
+	}
+
+	printf("TOTAL: %u connections/sec over %u secs\n",
+			(unsigned)rate_convert_secs(delta, &start, &now),
+			timelimit);
+	return true;
+}
+
+/* vim: set sts=8 sw=8 : */
diff --git a/source4/torture/raw/unlink.c b/source4/torture/raw/unlink.c
new file mode 100644
index 0000000..53059aa
--- /dev/null
+++ b/source4/torture/raw/unlink.c
@@ -0,0 +1,470 @@
+/* 
+   Unix SMB/CIFS implementation.
+   unlink test suite
+   Copyright (C) Andrew Tridgell 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/torture.h"
+#include "system/filesys.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "torture/raw/proto.h"
+
+#define CHECK_STATUS(status, correct) do { \
+	if (!NT_STATUS_EQUAL(status, correct)) { \
+		printf("(%s) Incorrect status %s - should be %s\n", \
+		       __location__, nt_errstr(status), nt_errstr(correct)); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+#define BASEDIR "\\testunlink"
+
+/*
+  test unlink ops
+*/
+static bool test_unlink(struct torture_context *tctx, struct smbcli_state *cli)
+{
+	union smb_unlink io;
+	NTSTATUS status;
+	bool ret = true;
+	const char *fname = BASEDIR "\\test.txt";
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	printf("Trying non-existent file\n");
+	io.unlink.in.pattern = fname;
+	io.unlink.in.attrib = 0;
+	status = smb_raw_unlink(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	smbcli_close(cli->tree, smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE));
+
+	io.unlink.in.pattern = fname;
+	io.unlink.in.attrib = 0;
+	status = smb_raw_unlink(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	printf("Trying a hidden file\n");
+	smbcli_close(cli->tree, smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE));
+	torture_set_file_attribute(cli->tree, fname, FILE_ATTRIBUTE_HIDDEN);
+
+	io.unlink.in.pattern = fname;
+	io.unlink.in.attrib = 0;
+	status = smb_raw_unlink(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_NO_SUCH_FILE);
+
+	io.unlink.in.pattern = fname;
+	io.unlink.in.attrib = FILE_ATTRIBUTE_HIDDEN;
+	status = smb_raw_unlink(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	io.unlink.in.pattern = fname;
+	io.unlink.in.attrib = FILE_ATTRIBUTE_HIDDEN;
+	status = smb_raw_unlink(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	printf("Trying a directory\n");
+	io.unlink.in.pattern = BASEDIR;
+	io.unlink.in.attrib = 0;
+	status = smb_raw_unlink(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_IS_A_DIRECTORY);
+
+	io.unlink.in.pattern = BASEDIR;
+	io.unlink.in.attrib = FILE_ATTRIBUTE_DIRECTORY;
+	status = smb_raw_unlink(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_IS_A_DIRECTORY);
+
+	printf("Trying a bad path\n");
+	io.unlink.in.pattern = "..";
+	io.unlink.in.attrib = 0;
+	status = smb_raw_unlink(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_PATH_SYNTAX_BAD);
+
+	io.unlink.in.pattern = "\\..";
+	io.unlink.in.attrib = 0;
+	status = smb_raw_unlink(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_PATH_SYNTAX_BAD);
+
+	io.unlink.in.pattern = BASEDIR "\\..\\..";
+	io.unlink.in.attrib = 0;
+	status = smb_raw_unlink(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_PATH_SYNTAX_BAD);
+
+	io.unlink.in.pattern = BASEDIR "\\..";
+	io.unlink.in.attrib = 0;
+	status = smb_raw_unlink(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_IS_A_DIRECTORY);
+
+done:
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+
+/*
+  test delete on close 
+*/
+static bool test_delete_on_close(struct torture_context *tctx, 
+								 struct smbcli_state *cli)
+{
+	union smb_open op;
+	union smb_unlink io;
+	struct smb_rmdir dio;
+	NTSTATUS status;
+	bool ret = true;
+	int fnum, fnum2;
+	const char *fname = BASEDIR "\\test.txt";
+	const char *dname = BASEDIR "\\test.dir";
+	const char *inside = BASEDIR "\\test.dir\\test.txt";
+	union smb_setfileinfo sfinfo;
+
+	torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
+
+	dio.in.path = dname;
+
+	io.unlink.in.pattern = fname;
+	io.unlink.in.attrib = 0;
+	status = smb_raw_unlink(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	printf("Testing with delete_on_close 0\n");
+	fnum = create_complex_file(cli, tctx, fname);
+
+	sfinfo.disposition_info.level = RAW_SFILEINFO_DISPOSITION_INFO;
+	sfinfo.disposition_info.in.file.fnum = fnum;
+	sfinfo.disposition_info.in.delete_on_close = 0;
+	status = smb_raw_setfileinfo(cli->tree, &sfinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	smbcli_close(cli->tree, fnum);
+
+	status = smb_raw_unlink(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	printf("Testing with delete_on_close 1\n");
+	fnum = create_complex_file(cli, tctx, fname);
+	sfinfo.disposition_info.in.file.fnum = fnum;
+	sfinfo.disposition_info.in.delete_on_close = 1;
+	status = smb_raw_setfileinfo(cli->tree, &sfinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	smbcli_close(cli->tree, fnum);
+
+	status = smb_raw_unlink(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+
+	printf("Testing with directory and delete_on_close 0\n");
+	status = create_directory_handle(cli->tree, dname, &fnum);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	sfinfo.disposition_info.level = RAW_SFILEINFO_DISPOSITION_INFO;
+	sfinfo.disposition_info.in.file.fnum = fnum;
+	sfinfo.disposition_info.in.delete_on_close = 0;
+	status = smb_raw_setfileinfo(cli->tree, &sfinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	smbcli_close(cli->tree, fnum);
+
+	status = smb_raw_rmdir(cli->tree, &dio);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	printf("Testing with directory delete_on_close 1\n");
+	status = create_directory_handle(cli->tree, dname, &fnum);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	
+	sfinfo.disposition_info.in.file.fnum = fnum;
+	sfinfo.disposition_info.in.delete_on_close = 1;
+	status = smb_raw_setfileinfo(cli->tree, &sfinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	smbcli_close(cli->tree, fnum);
+
+	status = smb_raw_rmdir(cli->tree, &dio);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+
+	if (!torture_setting_bool(tctx, "samba3", false)) {
+
+		/*
+		 * Known deficiency, also skipped in base-delete.
+		 */
+
+		printf("Testing with non-empty directory delete_on_close\n");
+		status = create_directory_handle(cli->tree, dname, &fnum);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		fnum2 = create_complex_file(cli, tctx, inside);
+
+		sfinfo.disposition_info.in.file.fnum = fnum;
+		sfinfo.disposition_info.in.delete_on_close = 1;
+		status = smb_raw_setfileinfo(cli->tree, &sfinfo);
+		CHECK_STATUS(status, NT_STATUS_DIRECTORY_NOT_EMPTY);
+
+		sfinfo.disposition_info.in.file.fnum = fnum2;
+		status = smb_raw_setfileinfo(cli->tree, &sfinfo);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		sfinfo.disposition_info.in.file.fnum = fnum;
+		status = smb_raw_setfileinfo(cli->tree, &sfinfo);
+		CHECK_STATUS(status, NT_STATUS_DIRECTORY_NOT_EMPTY);
+
+		smbcli_close(cli->tree, fnum2);
+
+		status = smb_raw_setfileinfo(cli->tree, &sfinfo);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		smbcli_close(cli->tree, fnum);
+
+		status = smb_raw_rmdir(cli->tree, &dio);
+		CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+	}
+
+	printf("Testing open dir with delete_on_close\n");
+	status = create_directory_handle(cli->tree, dname, &fnum);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	
+	smbcli_close(cli->tree, fnum);
+	fnum2 = create_complex_file(cli, tctx, inside);
+	smbcli_close(cli->tree, fnum2);
+
+	op.generic.level = RAW_OPEN_NTCREATEX;
+	op.ntcreatex.in.root_fid.fnum = 0;
+	op.ntcreatex.in.flags = 0;
+	op.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	op.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY |NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
+	op.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	op.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	op.ntcreatex.in.alloc_size = 0;
+	op.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	op.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	op.ntcreatex.in.security_flags = 0;
+	op.ntcreatex.in.fname = dname;
+
+	status = smb_raw_open(cli->tree, tctx, &op);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = op.ntcreatex.out.file.fnum;
+
+	smbcli_close(cli->tree, fnum);
+
+	status = smb_raw_rmdir(cli->tree, &dio);
+	CHECK_STATUS(status, NT_STATUS_DIRECTORY_NOT_EMPTY);
+
+	smbcli_deltree(cli->tree, dname);
+
+	printf("Testing double open dir with second delete_on_close\n");
+	status = create_directory_handle(cli->tree, dname, &fnum);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smbcli_close(cli->tree, fnum);
+	
+	fnum2 = create_complex_file(cli, tctx, inside);
+	smbcli_close(cli->tree, fnum2);
+
+	op.generic.level = RAW_OPEN_NTCREATEX;
+	op.ntcreatex.in.root_fid.fnum = 0;
+	op.ntcreatex.in.flags = 0;
+	op.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	op.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY |NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
+	op.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	op.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	op.ntcreatex.in.alloc_size = 0;
+	op.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	op.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	op.ntcreatex.in.security_flags = 0;
+	op.ntcreatex.in.fname = dname;
+
+	status = smb_raw_open(cli->tree, tctx, &op);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum2 = op.ntcreatex.out.file.fnum;
+
+	smbcli_close(cli->tree, fnum2);
+
+	status = smb_raw_rmdir(cli->tree, &dio);
+	CHECK_STATUS(status, NT_STATUS_DIRECTORY_NOT_EMPTY);
+
+	smbcli_deltree(cli->tree, dname);
+
+	printf("Testing pre-existing open dir with second delete_on_close\n");
+	status = create_directory_handle(cli->tree, dname, &fnum);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	
+	smbcli_close(cli->tree, fnum);
+
+	fnum = create_complex_file(cli, tctx, inside);
+	smbcli_close(cli->tree, fnum);
+
+	/* we have a dir with a file in it, no handles open */
+
+	op.generic.level = RAW_OPEN_NTCREATEX;
+	op.ntcreatex.in.root_fid.fnum = 0;
+	op.ntcreatex.in.flags = 0;
+	op.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	op.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY |NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
+	op.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	op.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE | NTCREATEX_SHARE_ACCESS_DELETE;
+	op.ntcreatex.in.alloc_size = 0;
+	op.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	op.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	op.ntcreatex.in.security_flags = 0;
+	op.ntcreatex.in.fname = dname;
+
+	status = smb_raw_open(cli->tree, tctx, &op);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = op.ntcreatex.out.file.fnum;
+
+	/* open without delete on close */
+	op.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	status = smb_raw_open(cli->tree, tctx, &op);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum2 = op.ntcreatex.out.file.fnum;
+
+	/* close 2nd file handle */
+	smbcli_close(cli->tree, fnum2);
+
+	status = smb_raw_rmdir(cli->tree, &dio);
+	CHECK_STATUS(status, NT_STATUS_DIRECTORY_NOT_EMPTY);
+	
+
+	smbcli_close(cli->tree, fnum);
+
+	status = smb_raw_rmdir(cli->tree, &dio);
+	CHECK_STATUS(status, NT_STATUS_DIRECTORY_NOT_EMPTY);
+	
+done:
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+
+struct unlink_defer_cli_state {
+	struct torture_context *tctx;
+	struct smbcli_state *cli1;
+};
+
+/*
+ * A handler function for oplock break requests. Ack it as a break to none
+ */
+static bool oplock_handler_ack_to_none(struct smbcli_transport *transport,
+				       uint16_t tid, uint16_t fnum,
+				       uint8_t level, void *private_data)
+{
+	struct unlink_defer_cli_state *ud_cli_state =
+	    (struct unlink_defer_cli_state *)private_data;
+	union smb_setfileinfo sfinfo;
+	bool ret;
+	struct smbcli_request *req = NULL;
+
+	torture_comment(ud_cli_state->tctx, "delete the file before sending "
+			"the ack.");
+
+	/* cli1: set delete on close */
+	sfinfo.disposition_info.level = RAW_SFILEINFO_DISPOSITION_INFO;
+	sfinfo.disposition_info.in.file.fnum = fnum;
+	sfinfo.disposition_info.in.delete_on_close = 1;
+	req = smb_raw_setfileinfo_send(ud_cli_state->cli1->tree, &sfinfo);
+	if (!req) {
+		torture_comment(ud_cli_state->tctx, "smb_raw_setfileinfo_send "
+			"failed.");
+	}
+
+	smbcli_close(ud_cli_state->cli1->tree, fnum);
+
+	torture_comment(ud_cli_state->tctx, "Acking the oplock to NONE\n");
+
+	ret = smbcli_oplock_ack(ud_cli_state->cli1->tree, fnum,
+				 OPLOCK_BREAK_TO_NONE);
+
+	return ret;
+}
+
+static bool test_unlink_defer(struct torture_context *tctx,
+			      struct smbcli_state *cli1,
+			      struct smbcli_state *cli2)
+{
+	const char *fname = BASEDIR "\\test_unlink_defer.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	union smb_unlink unl;
+	struct unlink_defer_cli_state ud_cli_state = {};
+
+	if (!torture_setup_dir(cli1, BASEDIR)) {
+		return false;
+	}
+
+	/* cleanup */
+	smbcli_unlink(cli1->tree, fname);
+
+	ud_cli_state.tctx = tctx;
+	ud_cli_state.cli1 = cli1;
+
+	smbcli_oplock_handler(cli1->transport, oplock_handler_ack_to_none,
+			      &ud_cli_state);
+
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+	    NTCREATEX_SHARE_ACCESS_WRITE |
+	    NTCREATEX_SHARE_ACCESS_DELETE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+
+	/* cli1: open file with a batch oplock. */
+	io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED |
+	    NTCREATEX_FLAGS_REQUEST_OPLOCK |
+	    NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK;
+
+	status = smb_raw_open(cli1->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* cli2: Try to unlink it, but block on the oplock */
+	torture_comment(tctx, "Try an unlink (should defer the open\n");
+	unl.unlink.in.pattern = fname;
+	unl.unlink.in.attrib = 0;
+	status = smb_raw_unlink(cli2->tree, &unl);
+
+done:
+	smb_raw_exit(cli1->session);
+	smb_raw_exit(cli2->session);
+	smbcli_deltree(cli1->tree, BASEDIR);
+	return ret;
+}
+
+/* 
+   basic testing of unlink calls
+*/
+struct torture_suite *torture_raw_unlink(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "unlink");
+
+	torture_suite_add_1smb_test(suite, "unlink", test_unlink);
+	torture_suite_add_1smb_test(suite, "delete_on_close", test_delete_on_close);
+	torture_suite_add_2smb_test(suite, "unlink-defer", test_unlink_defer);
+
+	return suite;
+}
diff --git a/source4/torture/raw/write.c b/source4/torture/raw/write.c
new file mode 100644
index 0000000..e47225a
--- /dev/null
+++ b/source4/torture/raw/write.c
@@ -0,0 +1,799 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for various write operations
+
+   Copyright (C) Andrew Tridgell 2003
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "system/time.h"
+#include "system/filesys.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "torture/raw/proto.h"
+#include "libcli/raw/raw_proto.h"
+
+#define CHECK_STATUS(status, correct) do { \
+	if (!NT_STATUS_EQUAL(status, correct)) { \
+		torture_fail(tctx, talloc_asprintf(tctx, "(%s) Incorrect status %s - should be %s\n", \
+		       __location__, nt_errstr(status), nt_errstr(correct))); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+#define CHECK_VALUE(v, correct) do { \
+	if ((v) != (correct)) { \
+		torture_fail(tctx, talloc_asprintf(tctx, "(%s) Incorrect value %s=%d - should be %d\n", \
+		       __location__, #v, v, correct)); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+#define CHECK_BUFFER(buf, seed, len) do { \
+	if (!check_buffer(tctx, buf, seed, len, __location__)) { \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+#define CHECK_ALL_INFO(v, field) do { \
+	finfo.all_info.level = RAW_FILEINFO_ALL_INFO; \
+	finfo.all_info.in.file.path = fname; \
+	status = smb_raw_pathinfo(cli->tree, tctx, &finfo); \
+	CHECK_STATUS(status, NT_STATUS_OK); \
+	if ((v) != finfo.all_info.out.field) { \
+		torture_comment(tctx, "(%s) wrong value for field %s  %.0f - %.0f\n", \
+		       __location__, #field, (double)v, (double)finfo.all_info.out.field); \
+		dump_all_info(tctx, &finfo); \
+		ret = false; \
+	}} while (0)
+
+
+#define BASEDIR "\\testwrite"
+
+
+/*
+  setup a random buffer based on a seed
+*/
+static void setup_buffer(uint8_t *buf, unsigned int seed, int len)
+{
+	int i;
+	srandom(seed);
+	for (i=0;i<len;i++) buf[i] = random();
+}
+
+/*
+  check a random buffer based on a seed
+*/
+static bool check_buffer(struct torture_context *tctx,
+			 uint8_t *buf, unsigned int seed, int len, const char *location)
+{
+	int i;
+	srandom(seed);
+	for (i=0;i<len;i++) {
+		uint8_t v = random();
+		if (buf[i] != v) {
+			torture_fail(tctx, talloc_asprintf(tctx, "Buffer incorrect at %s! ofs=%d buf=0x%x correct=0x%x\n",
+			       location, i, buf[i], v));
+			return false;
+		}
+	}
+	return true;
+}
+
+/*
+  test write ops
+*/
+static bool test_write(struct torture_context *tctx,
+		       struct smbcli_state *cli)
+{
+	union smb_write io;
+	NTSTATUS status;
+	bool ret = true;
+	int fnum;
+	uint8_t *buf;
+	const int maxsize = 90000;
+	const char *fname = BASEDIR "\\test.txt";
+	unsigned int seed = time(NULL);
+	union smb_fileinfo finfo;
+
+	buf = talloc_zero_array(tctx, uint8_t, maxsize);
+
+	if (!torture_setup_dir(cli, BASEDIR)) {
+		torture_fail(tctx, "failed to setup basedir");
+	}
+
+	torture_comment(tctx, "Testing RAW_WRITE_WRITE\n");
+	io.generic.level = RAW_WRITE_WRITE;
+
+	fnum = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	if (fnum == -1) {
+		ret = false;
+		torture_fail_goto(tctx, done,
+			talloc_asprintf(tctx, "Failed to create %s - %s\n", fname, smbcli_errstr(cli->tree)));
+	}
+
+	torture_comment(tctx, "Trying zero write\n");
+	io.write.in.file.fnum = fnum;
+	io.write.in.count = 0;
+	io.write.in.offset = 0;
+	io.write.in.remaining = 0;
+	io.write.in.data = buf;
+	status = smb_raw_write(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.write.out.nwritten, 0);
+
+	setup_buffer(buf, seed, maxsize);
+
+	torture_comment(tctx, "Trying small write\n");
+	io.write.in.count = 9;
+	io.write.in.offset = 4;
+	io.write.in.data = buf;
+	status = smb_raw_write(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.write.out.nwritten, io.write.in.count);
+
+	memset(buf, 0, maxsize);
+	if (smbcli_read(cli->tree, fnum, buf, 0, 13) != 13) {
+		ret = false;
+		torture_fail_goto(tctx, done, talloc_asprintf(tctx, "read failed at %s\n", __location__));
+	}
+	CHECK_BUFFER(buf+4, seed, 9);
+	CHECK_VALUE(IVAL(buf,0), 0);
+
+	setup_buffer(buf, seed, maxsize);
+
+	torture_comment(tctx, "Trying large write\n");
+	io.write.in.count = 4000;
+	io.write.in.offset = 0;
+	io.write.in.data = buf;
+	status = smb_raw_write(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.write.out.nwritten, 4000);
+
+	memset(buf, 0, maxsize);
+	if (smbcli_read(cli->tree, fnum, buf, 0, 4000) != 4000) {
+		ret = false;
+		torture_fail_goto(tctx, done, talloc_asprintf(tctx, "read failed at %s\n", __location__));
+	}
+	CHECK_BUFFER(buf, seed, 4000);
+
+	torture_comment(tctx, "Trying bad fnum\n");
+	io.write.in.file.fnum = fnum+1;
+	io.write.in.count = 4000;
+	io.write.in.offset = 0;
+	io.write.in.data = buf;
+	status = smb_raw_write(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE);
+
+	torture_comment(tctx, "Setting file as sparse\n");
+	status = torture_set_sparse(cli->tree, fnum);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	if (!(cli->transport->negotiate.capabilities & CAP_LARGE_FILES)) {
+		torture_comment(tctx, "skipping large file tests - CAP_LARGE_FILES not set\n");
+		goto done;
+	}
+
+	torture_comment(tctx, "Trying 2^32 offset\n");
+	setup_buffer(buf, seed, maxsize);
+	io.write.in.file.fnum = fnum;
+	io.write.in.count = 4000;
+	io.write.in.offset = 0xFFFFFFFF - 2000;
+	io.write.in.data = buf;
+	status = smb_raw_write(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.write.out.nwritten, 4000);
+	CHECK_ALL_INFO(io.write.in.count + (uint64_t)io.write.in.offset, size);
+
+	memset(buf, 0, maxsize);
+	if (smbcli_read(cli->tree, fnum, buf, io.write.in.offset, 4000) != 4000) {
+		ret = false;
+		torture_fail_goto(tctx, done, talloc_asprintf(tctx, "read failed at %s\n", __location__));
+	}
+	CHECK_BUFFER(buf, seed, 4000);
+
+done:
+	smbcli_close(cli->tree, fnum);
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+
+/*
+  test writex ops
+*/
+static bool test_writex(struct torture_context *tctx,
+			struct smbcli_state *cli)
+{
+	union smb_write io;
+	NTSTATUS status;
+	bool ret = true;
+	int fnum, i;
+	uint8_t *buf;
+	const int maxsize = 90000;
+	const char *fname = BASEDIR "\\test.txt";
+	unsigned int seed = time(NULL);
+	union smb_fileinfo finfo;
+	int max_bits=63;
+
+	if (!torture_setting_bool(tctx, "dangerous", false)) {
+		max_bits=33;
+		torture_comment(tctx, "dangerous not set - limiting range of test to 2^%d\n", max_bits);
+	}
+
+	buf = talloc_zero_array(tctx, uint8_t, maxsize);
+
+	if (!cli->transport->negotiate.lockread_supported) {
+		torture_comment(tctx, "Server does not support writeunlock - skipping\n");
+		return true;
+	}
+
+	if (!torture_setup_dir(cli, BASEDIR)) {
+		torture_fail(tctx, "failed to setup basedir");
+	}
+
+	torture_comment(tctx, "Testing RAW_WRITE_WRITEX\n");
+	io.generic.level = RAW_WRITE_WRITEX;
+
+	fnum = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	if (fnum == -1) {
+		ret = false;
+		torture_fail_goto(tctx, done, talloc_asprintf(tctx, "Failed to create %s - %s\n", fname, smbcli_errstr(cli->tree)));
+	}
+
+	torture_comment(tctx, "Trying zero write\n");
+	io.writex.in.file.fnum = fnum;
+	io.writex.in.offset = 0;
+	io.writex.in.wmode = 0;
+	io.writex.in.remaining = 0;
+	io.writex.in.count = 0;
+	io.writex.in.data = buf;
+	status = smb_raw_write(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.writex.out.nwritten, 0);
+
+	setup_buffer(buf, seed, maxsize);
+
+	torture_comment(tctx, "Trying small write\n");
+	io.writex.in.count = 9;
+	io.writex.in.offset = 4;
+	io.writex.in.data = buf;
+	status = smb_raw_write(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.writex.out.nwritten, io.writex.in.count);
+
+	memset(buf, 0, maxsize);
+	if (smbcli_read(cli->tree, fnum, buf, 0, 13) != 13) {
+		ret = false;
+		torture_fail_goto(tctx, done, talloc_asprintf(tctx, "read failed at %s\n", __location__));
+	}
+	CHECK_BUFFER(buf+4, seed, 9);
+	CHECK_VALUE(IVAL(buf,0), 0);
+
+	setup_buffer(buf, seed, maxsize);
+
+	torture_comment(tctx, "Trying large write\n");
+	io.writex.in.count = 4000;
+	io.writex.in.offset = 0;
+	io.writex.in.data = buf;
+	status = smb_raw_write(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.writex.out.nwritten, 4000);
+
+	memset(buf, 0, maxsize);
+	if (smbcli_read(cli->tree, fnum, buf, 0, 4000) != 4000) {
+		ret = false;
+		torture_fail_goto(tctx, done, talloc_asprintf(tctx, "read failed at %s\n", __location__));
+	}
+	CHECK_BUFFER(buf, seed, 4000);
+
+	torture_comment(tctx, "Trying bad fnum\n");
+	io.writex.in.file.fnum = fnum+1;
+	io.writex.in.count = 4000;
+	io.writex.in.offset = 0;
+	io.writex.in.data = buf;
+	status = smb_raw_write(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE);
+
+	torture_comment(tctx, "Testing wmode\n");
+	io.writex.in.file.fnum = fnum;
+	io.writex.in.count = 1;
+	io.writex.in.offset = 0;
+	io.writex.in.wmode = 1;
+	io.writex.in.data = buf;
+	status = smb_raw_write(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.writex.out.nwritten, io.writex.in.count);
+
+	io.writex.in.wmode = 2;
+	status = smb_raw_write(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.writex.out.nwritten, io.writex.in.count);
+
+
+	torture_comment(tctx, "Trying locked region\n");
+	cli->session->pid++;
+	if (NT_STATUS_IS_ERR(smbcli_lock(cli->tree, fnum, 3, 1, 0, WRITE_LOCK))) {
+		ret = false;
+		torture_fail_goto(tctx, done, talloc_asprintf(tctx, "Failed to lock file at %s\n", __location__));
+	}
+	cli->session->pid--;
+	io.writex.in.wmode = 0;
+	io.writex.in.count = 4;
+	io.writex.in.offset = 0;
+	status = smb_raw_write(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
+
+	torture_comment(tctx, "Setting file as sparse\n");
+	status = torture_set_sparse(cli->tree, fnum);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	if (!(cli->transport->negotiate.capabilities & CAP_LARGE_FILES)) {
+		torture_skip(tctx, "skipping large file tests - CAP_LARGE_FILES not set\n");
+	}
+
+	torture_comment(tctx, "Trying 2^32 offset\n");
+	setup_buffer(buf, seed, maxsize);
+	io.writex.in.file.fnum = fnum;
+	io.writex.in.count = 4000;
+	io.writex.in.offset = 0xFFFFFFFF - 2000;
+	io.writex.in.data = buf;
+	status = smb_raw_write(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.writex.out.nwritten, 4000);
+	CHECK_ALL_INFO(io.writex.in.count + (uint64_t)io.writex.in.offset, size);
+
+	memset(buf, 0, maxsize);
+	if (smbcli_read(cli->tree, fnum, buf, io.writex.in.offset, 4000) != 4000) {
+		ret = false;
+		torture_fail_goto(tctx, done, talloc_asprintf(tctx, "read failed at %s\n", __location__));
+	}
+	CHECK_BUFFER(buf, seed, 4000);
+
+	for (i=33;i<max_bits;i++) {
+		torture_comment(tctx, "Trying 2^%d offset\n", i);
+		setup_buffer(buf, seed+1, maxsize);
+		io.writex.in.file.fnum = fnum;
+		io.writex.in.count = 4000;
+		io.writex.in.offset = ((uint64_t)1) << i;
+		io.writex.in.data = buf;
+		status = smb_raw_write(cli->tree, &io);
+		if (i>33 &&
+		    NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
+			break;
+		}
+		CHECK_STATUS(status, NT_STATUS_OK);
+		CHECK_VALUE(io.writex.out.nwritten, 4000);
+		CHECK_ALL_INFO(io.writex.in.count + (uint64_t)io.writex.in.offset, size);
+
+		memset(buf, 0, maxsize);
+		if (smbcli_read(cli->tree, fnum, buf, io.writex.in.offset, 4000) != 4000) {
+			ret = false;
+			torture_fail_goto(tctx, done, talloc_asprintf(tctx, "read failed at %s\n", __location__));
+		}
+		CHECK_BUFFER(buf, seed+1, 4000);
+	}
+	torture_comment(tctx, "limit is 2^%d\n", i);
+
+	setup_buffer(buf, seed, maxsize);
+
+done:
+	smbcli_close(cli->tree, fnum);
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+
+/*
+  test write unlock ops
+*/
+static bool test_writeunlock(struct torture_context *tctx,
+			     struct smbcli_state *cli)
+{
+	union smb_write io;
+	NTSTATUS status;
+	bool ret = true;
+	int fnum;
+	uint8_t *buf;
+	const int maxsize = 90000;
+	const char *fname = BASEDIR "\\test.txt";
+	unsigned int seed = time(NULL);
+	union smb_fileinfo finfo;
+
+	buf = talloc_zero_array(tctx, uint8_t, maxsize);
+
+	if (!cli->transport->negotiate.lockread_supported) {
+		torture_skip(tctx, "Server does not support writeunlock - skipping\n");
+	}
+
+	if (!torture_setup_dir(cli, BASEDIR)) {
+		torture_fail(tctx, "failed to setup basedir");
+	}
+
+	torture_comment(tctx, "Testing RAW_WRITE_WRITEUNLOCK\n");
+	io.generic.level = RAW_WRITE_WRITEUNLOCK;
+
+	fnum = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	if (fnum == -1) {
+		ret = false;
+		torture_fail_goto(tctx, done, talloc_asprintf(tctx, "Failed to create %s - %s\n", fname, smbcli_errstr(cli->tree)));
+	}
+
+	torture_comment(tctx, "Trying zero write\n");
+	io.writeunlock.in.file.fnum = fnum;
+	io.writeunlock.in.count = 0;
+	io.writeunlock.in.offset = 0;
+	io.writeunlock.in.remaining = 0;
+	io.writeunlock.in.data = buf;
+	status = smb_raw_write(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.writeunlock.out.nwritten, io.writeunlock.in.count);
+
+	setup_buffer(buf, seed, maxsize);
+
+	torture_comment(tctx, "Trying small write\n");
+	io.writeunlock.in.count = 9;
+	io.writeunlock.in.offset = 4;
+	io.writeunlock.in.data = buf;
+	status = smb_raw_write(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+	if (smbcli_read(cli->tree, fnum, buf, 0, 13) != 13) {
+		ret = false;
+		torture_fail_goto(tctx, done, talloc_asprintf(tctx, "read failed at %s\n", __location__));
+	}
+	CHECK_BUFFER(buf+4, seed, 9);
+	CHECK_VALUE(IVAL(buf,0), 0);
+
+	setup_buffer(buf, seed, maxsize);
+	smbcli_lock(cli->tree, fnum, io.writeunlock.in.offset, io.writeunlock.in.count,
+		 0, WRITE_LOCK);
+	status = smb_raw_write(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.writeunlock.out.nwritten, io.writeunlock.in.count);
+
+	memset(buf, 0, maxsize);
+	if (smbcli_read(cli->tree, fnum, buf, 0, 13) != 13) {
+		ret = false;
+		torture_fail_goto(tctx, done, talloc_asprintf(tctx, "read failed at %s\n", __location__));
+	}
+	CHECK_BUFFER(buf+4, seed, 9);
+	CHECK_VALUE(IVAL(buf,0), 0);
+
+	setup_buffer(buf, seed, maxsize);
+
+	torture_comment(tctx, "Trying large write\n");
+	io.writeunlock.in.count = 4000;
+	io.writeunlock.in.offset = 0;
+	io.writeunlock.in.data = buf;
+	smbcli_lock(cli->tree, fnum, io.writeunlock.in.offset, io.writeunlock.in.count,
+		 0, WRITE_LOCK);
+	status = smb_raw_write(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.writeunlock.out.nwritten, 4000);
+
+	status = smb_raw_write(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+	memset(buf, 0, maxsize);
+	if (smbcli_read(cli->tree, fnum, buf, 0, 4000) != 4000) {
+		ret = false;
+		torture_fail_goto(tctx, done, talloc_asprintf(tctx, "read failed at %s\n", __location__));
+	}
+	CHECK_BUFFER(buf, seed, 4000);
+
+	torture_comment(tctx, "Trying bad fnum\n");
+	io.writeunlock.in.file.fnum = fnum+1;
+	io.writeunlock.in.count = 4000;
+	io.writeunlock.in.offset = 0;
+	io.writeunlock.in.data = buf;
+	status = smb_raw_write(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE);
+
+	torture_comment(tctx, "Setting file as sparse\n");
+	status = torture_set_sparse(cli->tree, fnum);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	if (!(cli->transport->negotiate.capabilities & CAP_LARGE_FILES)) {
+		torture_skip(tctx, "skipping large file tests - CAP_LARGE_FILES not set\n");
+	}
+
+	torture_comment(tctx, "Trying 2^32 offset\n");
+	setup_buffer(buf, seed, maxsize);
+	io.writeunlock.in.file.fnum = fnum;
+	io.writeunlock.in.count = 4000;
+	io.writeunlock.in.offset = 0xFFFFFFFF - 2000;
+	io.writeunlock.in.data = buf;
+	smbcli_lock(cli->tree, fnum, io.writeunlock.in.offset, io.writeunlock.in.count,
+		 0, WRITE_LOCK);
+	status = smb_raw_write(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.writeunlock.out.nwritten, 4000);
+	CHECK_ALL_INFO(io.writeunlock.in.count + (uint64_t)io.writeunlock.in.offset, size);
+
+	memset(buf, 0, maxsize);
+	if (smbcli_read(cli->tree, fnum, buf, io.writeunlock.in.offset, 4000) != 4000) {
+		ret = false;
+		torture_fail_goto(tctx, done, talloc_asprintf(tctx, "read failed at %s\n", __location__));
+	}
+	CHECK_BUFFER(buf, seed, 4000);
+
+done:
+	smbcli_close(cli->tree, fnum);
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+
+/*
+  test write close ops
+*/
+static bool test_writeclose(struct torture_context *tctx,
+			    struct smbcli_state *cli)
+{
+	union smb_write io;
+	NTSTATUS status;
+	bool ret = true;
+	int fnum;
+	uint8_t *buf;
+	const int maxsize = 90000;
+	const char *fname = BASEDIR "\\test.txt";
+	unsigned int seed = time(NULL);
+	union smb_fileinfo finfo;
+
+	buf = talloc_zero_array(tctx, uint8_t, maxsize);
+
+	if (!torture_setting_bool(tctx, "writeclose_support", true)) {
+		torture_skip(tctx, "Server does not support writeclose - skipping\n");
+	}
+
+	if (!torture_setup_dir(cli, BASEDIR)) {
+		torture_fail(tctx, "failed to setup basedir");
+	}
+
+	torture_comment(tctx, "Testing RAW_WRITE_WRITECLOSE\n");
+	io.generic.level = RAW_WRITE_WRITECLOSE;
+
+	fnum = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	if (fnum == -1) {
+		ret = false;
+		torture_fail_goto(tctx, done, talloc_asprintf(tctx, "Failed to create %s - %s\n", fname, smbcli_errstr(cli->tree)));
+	}
+
+	torture_comment(tctx, "Trying zero write\n");
+	io.writeclose.in.file.fnum = fnum;
+	io.writeclose.in.count = 0;
+	io.writeclose.in.offset = 0;
+	io.writeclose.in.mtime = 0;
+	io.writeclose.in.data = buf;
+	status = smb_raw_write(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.writeclose.out.nwritten, io.writeclose.in.count);
+
+	status = smb_raw_write(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.writeclose.out.nwritten, io.writeclose.in.count);
+
+	setup_buffer(buf, seed, maxsize);
+
+	torture_comment(tctx, "Trying small write\n");
+	io.writeclose.in.count = 9;
+	io.writeclose.in.offset = 4;
+	io.writeclose.in.data = buf;
+	status = smb_raw_write(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb_raw_write(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE);
+
+	fnum = smbcli_open(cli->tree, fname, O_RDWR, DENY_NONE);
+	io.writeclose.in.file.fnum = fnum;
+
+	if (smbcli_read(cli->tree, fnum, buf, 0, 13) != 13) {
+		ret = false;
+		torture_fail_goto(tctx, done, talloc_asprintf(tctx, "read failed at %s\n", __location__));
+	}
+	CHECK_BUFFER(buf+4, seed, 9);
+	CHECK_VALUE(IVAL(buf,0), 0);
+
+	setup_buffer(buf, seed, maxsize);
+	status = smb_raw_write(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.writeclose.out.nwritten, io.writeclose.in.count);
+
+	fnum = smbcli_open(cli->tree, fname, O_RDWR, DENY_NONE);
+	io.writeclose.in.file.fnum = fnum;
+
+	memset(buf, 0, maxsize);
+	if (smbcli_read(cli->tree, fnum, buf, 0, 13) != 13) {
+		ret = false;
+		torture_fail_goto(tctx, done, talloc_asprintf(tctx, "read failed at %s\n", __location__));
+	}
+	CHECK_BUFFER(buf+4, seed, 9);
+	CHECK_VALUE(IVAL(buf,0), 0);
+
+	setup_buffer(buf, seed, maxsize);
+
+	torture_comment(tctx, "Trying large write\n");
+	io.writeclose.in.count = 4000;
+	io.writeclose.in.offset = 0;
+	io.writeclose.in.data = buf;
+	status = smb_raw_write(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.writeclose.out.nwritten, 4000);
+
+	status = smb_raw_write(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE);
+
+	fnum = smbcli_open(cli->tree, fname, O_RDWR, DENY_NONE);
+	io.writeclose.in.file.fnum = fnum;
+
+	memset(buf, 0, maxsize);
+	if (smbcli_read(cli->tree, fnum, buf, 0, 4000) != 4000) {
+		ret = false;
+		torture_fail_goto(tctx, done, talloc_asprintf(tctx, "read failed at %s\n", __location__));
+	}
+	CHECK_BUFFER(buf, seed, 4000);
+
+	torture_comment(tctx, "Trying bad fnum\n");
+	io.writeclose.in.file.fnum = fnum+1;
+	io.writeclose.in.count = 4000;
+	io.writeclose.in.offset = 0;
+	io.writeclose.in.data = buf;
+	status = smb_raw_write(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE);
+
+	torture_comment(tctx, "Setting file as sparse\n");
+	status = torture_set_sparse(cli->tree, fnum);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	if (!(cli->transport->negotiate.capabilities & CAP_LARGE_FILES)) {
+		torture_skip(tctx, "skipping large file tests - CAP_LARGE_FILES not set\n");
+	}
+
+	torture_comment(tctx, "Trying 2^32 offset\n");
+	setup_buffer(buf, seed, maxsize);
+	io.writeclose.in.file.fnum = fnum;
+	io.writeclose.in.count = 4000;
+	io.writeclose.in.offset = 0xFFFFFFFF - 2000;
+	io.writeclose.in.data = buf;
+	status = smb_raw_write(cli->tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(io.writeclose.out.nwritten, 4000);
+	CHECK_ALL_INFO(io.writeclose.in.count + (uint64_t)io.writeclose.in.offset, size);
+
+	fnum = smbcli_open(cli->tree, fname, O_RDWR, DENY_NONE);
+	io.writeclose.in.file.fnum = fnum;
+
+	memset(buf, 0, maxsize);
+	if (smbcli_read(cli->tree, fnum, buf, io.writeclose.in.offset, 4000) != 4000) {
+		ret = false;
+		torture_fail_goto(tctx, done, talloc_asprintf(tctx, "read failed at %s\n", __location__));
+	}
+	CHECK_BUFFER(buf, seed, 4000);
+
+done:
+	smbcli_close(cli->tree, fnum);
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+/*
+  test a deliberately bad SMB1 write.
+*/
+static bool test_bad_write(struct torture_context *tctx,
+		       struct smbcli_state *cli)
+{
+	bool ret = false;
+	int fnum = -1;
+	struct smbcli_request *req = NULL;
+	const char *fname = BASEDIR "\\badwrite.txt";
+	bool ok = false;
+
+	if (!torture_setup_dir(cli, BASEDIR)) {
+		torture_fail(tctx, "failed to setup basedir");
+	}
+
+	torture_comment(tctx, "Testing RAW_BAD_WRITE\n");
+
+	fnum = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+	if (fnum == -1) {
+		torture_fail_goto(tctx,
+			done,
+			talloc_asprintf(tctx,
+				"Failed to create %s - %s\n",
+				fname,
+				smbcli_errstr(cli->tree)));
+	}
+
+	req = smbcli_request_setup(cli->tree,
+				   SMBwrite,
+				   5,
+				   0);
+	if (req == NULL) {
+		torture_fail_goto(tctx,
+			done,
+			talloc_asprintf(tctx, "talloc fail\n"));
+	}
+
+	SSVAL(req->out.vwv, VWV(0), fnum);
+	SSVAL(req->out.vwv, VWV(1), 65535); /* bad write length. */
+	SIVAL(req->out.vwv, VWV(2), 0); /* offset */
+	SSVAL(req->out.vwv, VWV(4), 0); /* remaining. */
+
+        if (!smbcli_request_send(req)) {
+		torture_fail_goto(tctx,
+			done,
+			talloc_asprintf(tctx, "Send failed\n"));
+        }
+
+        if (!smbcli_request_receive(req)) {
+		torture_fail_goto(tctx,
+			done,
+			talloc_asprintf(tctx, "Receive failed\n"));
+	}
+
+	/*
+	 * Check for expected error codes.
+	 * ntvfs returns NT_STATUS_UNSUCCESSFUL.
+	 */
+	ok = (NT_STATUS_EQUAL(req->status, NT_STATUS_INVALID_PARAMETER) ||
+	     NT_STATUS_EQUAL(req->status, NT_STATUS_UNSUCCESSFUL));
+
+	if (!ok) {
+		torture_fail_goto(tctx,
+			done,
+			talloc_asprintf(tctx,
+				"Should have returned "
+				"NT_STATUS_INVALID_PARAMETER or "
+				"NT_STATUS_UNSUCCESSFUL "
+				"got %s\n",
+				nt_errstr(req->status)));
+        }
+
+	ret = true;
+
+done:
+	if (req != NULL) {
+		smbcli_request_destroy(req);
+	}
+	if (fnum != -1) {
+		smbcli_close(cli->tree, fnum);
+	}
+	smb_raw_exit(cli->session);
+	smbcli_deltree(cli->tree, BASEDIR);
+	return ret;
+}
+
+/*
+   basic testing of write calls
+*/
+struct torture_suite *torture_raw_write(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "write");
+
+	torture_suite_add_1smb_test(suite, "write", test_write);
+	torture_suite_add_1smb_test(suite, "write unlock", test_writeunlock);
+	torture_suite_add_1smb_test(suite, "write close", test_writeclose);
+	torture_suite_add_1smb_test(suite, "writex", test_writex);
+	torture_suite_add_1smb_test(suite, "bad-write", test_bad_write);
+
+	return suite;
+}
diff --git a/source4/torture/rpc/alter_context.c b/source4/torture/rpc/alter_context.c
new file mode 100644
index 0000000..9b69727
--- /dev/null
+++ b/source4/torture/rpc/alter_context.c
@@ -0,0 +1,112 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   test suite for dcerpc alter_context operations
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_lsa.h"
+#include "librpc/gen_ndr/ndr_dssetup.h"
+#include "torture/rpc/torture_rpc.h"
+
+bool torture_rpc_alter_context(struct torture_context *torture)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p, *p2, *p3;
+	struct policy_handle *handle;
+	struct ndr_interface_table tmptbl;
+	bool ret = true;
+
+	torture_comment(torture, "opening LSA connection\n");
+	status = torture_rpc_connection(torture, &p, &ndr_table_lsarpc);
+	torture_assert_ntstatus_ok(torture, status, "connecting");
+
+	torture_comment(torture, "Testing change of primary context\n");
+	status = dcerpc_alter_context(p, torture, &p->syntax, &p->transfer_syntax);
+	torture_assert_ntstatus_ok(torture, status, "dcerpc_alter_context failed");
+
+	if (!test_lsa_OpenPolicy2(p->binding_handle, torture, &handle)) {
+		ret = false;
+	}
+
+	torture_comment(torture, "Testing change of primary context\n");
+	status = dcerpc_alter_context(p, torture, &p->syntax, &p->transfer_syntax);
+	torture_assert_ntstatus_ok(torture, status, "dcerpc_alter_context failed");
+
+	torture_comment(torture, "Opening secondary DSSETUP context\n");
+	status = dcerpc_secondary_context(p, &p2, &ndr_table_dssetup);
+	torture_assert_ntstatus_ok(torture, status, "dcerpc_alter_context failed");
+
+	torture_comment(torture, "Testing change of primary context\n");
+	status = dcerpc_alter_context(p2, torture, &p2->syntax, &p2->transfer_syntax);
+	torture_assert_ntstatus_ok(torture, status, "dcerpc_alter_context failed");
+
+	tmptbl = ndr_table_dssetup;
+	tmptbl.syntax_id.if_version += 100;
+	torture_comment(torture, "Opening bad secondary connection\n");
+	status = dcerpc_secondary_context(p, &p3, &tmptbl);
+	torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_UNSUPPORTED_NAME_SYNTAX,
+				      "dcerpc_alter_context with wrong version should fail");
+
+	torture_comment(torture, "Testing DSSETUP pipe operations\n");
+	ret &= test_DsRoleGetPrimaryDomainInformation(torture, p2);
+
+	if (handle) {
+		ret &= test_lsa_Close(p->binding_handle, torture, handle);
+	}
+
+	torture_comment(torture, "Testing change of primary context\n");
+	status = dcerpc_alter_context(p, torture, &p->syntax, &p->transfer_syntax);
+	torture_assert_ntstatus_ok(torture, status, "dcerpc_alter_context failed");
+
+	ret &= test_lsa_OpenPolicy2(p->binding_handle, torture, &handle);
+
+	if (handle) {
+		ret &= test_lsa_Close(p->binding_handle, torture, handle);
+	}
+
+	torture_comment(torture, "Testing change of primary context\n");
+	status = dcerpc_alter_context(p, torture, &p2->syntax, &p2->transfer_syntax);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTOCOL_ERROR)) {
+
+		ret &= test_lsa_OpenPolicy2_ex(p->binding_handle, torture, &handle,
+					       NT_STATUS_CONNECTION_DISCONNECTED,
+					       NT_STATUS_CONNECTION_RESET);
+
+		torture_assert(torture, !dcerpc_binding_handle_is_connected(p->binding_handle),
+			       "dcerpc disconnected");
+
+		return ret;
+	}
+	torture_assert_ntstatus_ok(torture, status, "dcerpc_alter_context failed");
+
+	torture_comment(torture, "Testing DSSETUP pipe operations - should fault\n");
+	ret &= test_DsRoleGetPrimaryDomainInformation_ext(torture, p, NT_STATUS_RPC_BAD_STUB_DATA);
+
+	ret &= test_lsa_OpenPolicy2(p->binding_handle, torture, &handle);
+
+	if (handle) {
+		ret &= test_lsa_Close(p->binding_handle, torture, handle);
+	}
+
+	torture_comment(torture, "Testing DSSETUP pipe operations\n");
+
+	ret &= test_DsRoleGetPrimaryDomainInformation(torture, p2);
+
+	return ret;
+}
diff --git a/source4/torture/rpc/async_bind.c b/source4/torture/rpc/async_bind.c
new file mode 100644
index 0000000..e86d0ab
--- /dev/null
+++ b/source4/torture/rpc/async_bind.c
@@ -0,0 +1,86 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   dcerpc torture tests
+
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) Rafal Szczesniak 2006
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_lsa.h"
+#include "lib/cmdline/cmdline.h"
+#include "torture/rpc/torture_rpc.h"
+
+/*
+  This test initiates multiple rpc bind requests and verifies
+  whether all of them are served.
+*/
+
+
+bool torture_async_bind(struct torture_context *torture)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx;
+	int i;
+	const char *binding_string;
+	struct cli_credentials *creds;
+	extern int torture_numasync;
+
+	struct composite_context **bind_req;
+	struct dcerpc_pipe **pipes;
+	const struct ndr_interface_table **table;
+
+	if (!torture_setting_bool(torture, "async", false)) {
+		printf("async bind test disabled - enable async tests to use\n");
+		return true;
+	}
+	
+	binding_string = torture_setting_string(torture, "binding", NULL);
+
+	/* talloc context */
+	mem_ctx = talloc_init("torture_async_bind");
+	if (mem_ctx == NULL) return false;
+
+	bind_req = talloc_array(torture, struct composite_context*, torture_numasync);
+	if (bind_req == NULL) return false;
+	pipes    = talloc_array(torture, struct dcerpc_pipe*, torture_numasync);
+	if (pipes == NULL) return false;
+	table    = talloc_array(torture, const struct ndr_interface_table*, torture_numasync);
+	if (table == NULL) return false;
+	
+	/* credentials */
+	creds = samba_cmdline_get_creds();
+
+	/* send bind requests */
+	for (i = 0; i < torture_numasync; i++) {
+		table[i] = &ndr_table_lsarpc;
+		bind_req[i] = dcerpc_pipe_connect_send(mem_ctx, binding_string,
+						       table[i], creds, torture->ev, torture->lp_ctx);
+	}
+
+	/* recv bind requests */
+	for (i = 0; i < torture_numasync; i++) {
+		status = dcerpc_pipe_connect_recv(bind_req[i], mem_ctx, &pipes[i]);
+		if (!NT_STATUS_IS_OK(status)) {
+			printf("async rpc connection failed: %s\n", nt_errstr(status));
+			return false;
+		}
+	}
+
+	talloc_free(mem_ctx);
+	return true;
+}
diff --git a/source4/torture/rpc/atsvc.c b/source4/torture/rpc/atsvc.c
new file mode 100644
index 0000000..729a7ca
--- /dev/null
+++ b/source4/torture/rpc/atsvc.c
@@ -0,0 +1,138 @@
+/* 
+   Unix SMB/CIFS implementation.
+   test suite for atsvc rpc operations
+
+   Copyright (C) Tim Potter 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_atsvc_c.h"
+#include "torture/rpc/torture_rpc.h"
+
+static bool test_JobGetInfo(struct dcerpc_pipe *p, struct torture_context *tctx, uint32_t job_id)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct atsvc_JobGetInfo r;
+	struct atsvc_JobInfo *info = talloc(tctx, struct atsvc_JobInfo);
+	if (!info) {
+		return false;
+	}
+
+	r.in.servername = dcerpc_server_name(p);
+	r.in.job_id = job_id;
+	r.out.job_info = &info;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_atsvc_JobGetInfo_r(b, tctx, &r),
+		"JobGetInfo failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "JobGetInfo failed");
+
+	return true;
+}
+
+static bool test_JobDel(struct dcerpc_pipe *p, struct torture_context *tctx, uint32_t min_job_id,
+			uint32_t max_job_id)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct atsvc_JobDel r;
+
+	r.in.servername = dcerpc_server_name(p);
+	r.in.min_job_id = min_job_id;
+	r.in.max_job_id = max_job_id;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_atsvc_JobDel_r(b, tctx, &r),
+		"JobDel failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "JobDel failed");
+
+	return true;
+}
+
+static bool test_JobEnum(struct torture_context *tctx, struct dcerpc_pipe *p)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct atsvc_JobEnum r;
+	struct atsvc_enum_ctr ctr;
+	uint32_t resume_handle = 0, i, total_entries = 0;
+	
+	bool ret = true;
+
+	r.in.servername = dcerpc_server_name(p);
+	ctr.entries_read = 0;
+	ctr.first_entry = NULL;
+	r.in.ctr = r.out.ctr = &ctr;
+	r.in.preferred_max_len = 0xffffffff;
+	r.in.resume_handle = r.out.resume_handle = &resume_handle;
+	r.out.total_entries = &total_entries;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_atsvc_JobEnum_r(b, tctx, &r),
+		"JobEnum failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "JobEnum failed");
+
+	for (i = 0; i < r.out.ctr->entries_read; i++) {
+		if (!test_JobGetInfo(p, tctx, r.out.ctr->first_entry[i].job_id)) {
+			ret = false;
+		}
+	}
+
+	return ret;
+}
+
+static bool test_JobAdd(struct torture_context *tctx, struct dcerpc_pipe *p)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct atsvc_JobAdd r;
+	struct atsvc_JobInfo info;
+
+	r.in.servername = dcerpc_server_name(p);
+	info.job_time = 0x050ae4c0; /* 11:30pm */
+	info.days_of_month = 0;	    /* n/a */
+	info.days_of_week = 0x02;   /* Tuesday */
+	info.flags = 0x11;	    /* periodic, non-interactive */
+	info.command = "foo.exe";
+	r.in.job_info = &info;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_atsvc_JobAdd_r(b, tctx, &r),
+		"JobAdd failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "JobAdd failed");
+
+	/* Run EnumJobs again in case there were no jobs to begin with */
+
+	if (!test_JobEnum(tctx, p)) {
+		return false;
+	}
+
+	if (!test_JobGetInfo(p, tctx, *r.out.job_id)) {
+		return false;
+	}
+
+	if (!test_JobDel(p, tctx, *r.out.job_id, *r.out.job_id)) {
+		return false;
+	}
+
+	return true;
+}
+
+struct torture_suite *torture_rpc_atsvc(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "atsvc");
+	struct torture_rpc_tcase *tcase;
+	
+	tcase = torture_suite_add_rpc_iface_tcase(suite, "atsvc", &ndr_table_atsvc);
+
+	torture_rpc_tcase_add_test(tcase, "JobEnum", test_JobEnum);
+	torture_rpc_tcase_add_test(tcase, "JobAdd", test_JobAdd);
+
+	return suite;
+}
diff --git a/source4/torture/rpc/backupkey.c b/source4/torture/rpc/backupkey.c
new file mode 100644
index 0000000..71cdf0f
--- /dev/null
+++ b/source4/torture/rpc/backupkey.c
@@ -0,0 +1,2431 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for backupkey remote protocol rpc operations
+
+   Copyright (C) Matthieu Patou 2010-2011
+   Copyright (C) Andreas Schneider <asn@samba.org> 2015
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "../libcli/security/security.h"
+
+#include "torture/rpc/torture_rpc.h"
+#include "torture/ndr/ndr.h"
+
+#include "librpc/gen_ndr/ndr_backupkey_c.h"
+#include "librpc/gen_ndr/ndr_backupkey.h"
+#include "librpc/gen_ndr/ndr_lsa_c.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "lib/cmdline/cmdline.h"
+#include "libcli/auth/proto.h"
+#include <system/network.h>
+
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+#include <gnutls/x509.h>
+#include <gnutls/abstract.h>
+
+enum test_wrong {
+	WRONG_MAGIC,
+	WRONG_R2,
+	WRONG_PAYLOAD_LENGTH,
+	WRONG_CIPHERTEXT_LENGTH,
+	SHORT_PAYLOAD_LENGTH,
+	SHORT_CIPHERTEXT_LENGTH,
+	ZERO_PAYLOAD_LENGTH,
+	ZERO_CIPHERTEXT_LENGTH,
+	RIGHT_KEY,
+	WRONG_KEY,
+	WRONG_SID,
+};
+
+/* Our very special and valued secret */
+/* No need to put const as we cast the array in uint8_t
+ * we will get a warning about the discarded const
+ */
+static const char secret[] = "tata yoyo mais qu'est ce qu'il y a sous ton grand chapeau ?";
+
+/* Get the SID from a user */
+static struct dom_sid *get_user_sid(struct torture_context *tctx,
+				    TALLOC_CTX *mem_ctx,
+				    const char *user)
+{
+	struct lsa_ObjectAttribute attr;
+	struct lsa_QosInfo qos;
+	struct lsa_OpenPolicy2 r;
+	struct lsa_Close c;
+	NTSTATUS status;
+	struct policy_handle handle;
+	struct lsa_LookupNames l;
+	struct lsa_TransSidArray sids;
+	struct lsa_RefDomainList *domains = NULL;
+	struct lsa_String lsa_name;
+	uint32_t count = 0;
+	struct dom_sid *result;
+	TALLOC_CTX *tmp_ctx;
+	struct dcerpc_pipe *p2;
+	struct dcerpc_binding_handle *b;
+
+	const char *domain = cli_credentials_get_domain(
+			samba_cmdline_get_creds());
+
+	torture_assert_ntstatus_ok(tctx,
+				torture_rpc_connection(tctx, &p2, &ndr_table_lsarpc),
+				"could not open lsarpc pipe");
+	b = p2->binding_handle;
+
+	if (!(tmp_ctx = talloc_new(mem_ctx))) {
+		return NULL;
+	}
+	qos.len = 0;
+	qos.impersonation_level = 2;
+	qos.context_mode = 1;
+	qos.effective_only = 0;
+
+	attr.len = 0;
+	attr.root_dir = NULL;
+	attr.object_name = NULL;
+	attr.attributes = 0;
+	attr.sec_desc = NULL;
+	attr.sec_qos = &qos;
+
+	r.in.system_name = "\\";
+	r.in.attr = &attr;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.handle = &handle;
+
+	status = dcerpc_lsa_OpenPolicy2_r(b, tmp_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx,
+				"OpenPolicy2 failed - %s\n",
+				nt_errstr(status));
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		torture_comment(tctx,
+				"OpenPolicy2_ failed - %s\n",
+				nt_errstr(r.out.result));
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+
+	sids.count = 0;
+	sids.sids = NULL;
+
+	lsa_name.string = talloc_asprintf(tmp_ctx, "%s\\%s", domain, user);
+
+	l.in.handle = &handle;
+	l.in.num_names = 1;
+	l.in.names = &lsa_name;
+	l.in.sids = &sids;
+	l.in.level = 1;
+	l.in.count = &count;
+	l.out.count = &count;
+	l.out.sids = &sids;
+	l.out.domains = &domains;
+
+	status = dcerpc_lsa_LookupNames_r(b, tmp_ctx, &l);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx,
+				"LookupNames of %s failed - %s\n",
+				lsa_name.string,
+				nt_errstr(status));
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+
+	if (domains->count == 0) {
+		return NULL;
+	}
+
+	result = dom_sid_add_rid(mem_ctx,
+				 domains->domains[0].sid,
+				 l.out.sids->sids[0].rid);
+	c.in.handle = &handle;
+	c.out.handle = &handle;
+
+	status = dcerpc_lsa_Close_r(b, tmp_ctx, &c);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx,
+				"dcerpc_lsa_Close failed - %s\n",
+				nt_errstr(status));
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+
+	if (!NT_STATUS_IS_OK(c.out.result)) {
+		torture_comment(tctx,
+				"dcerpc_lsa_Close failed - %s\n",
+				nt_errstr(c.out.result));
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+
+	talloc_free(tmp_ctx);
+	talloc_free(p2);
+
+	torture_comment(tctx, "Get_user_sid finished\n");
+	return result;
+}
+
+/*
+ * Create a bkrp_encrypted_secret_vX structure
+ * the version depends on the version parameter
+ * the structure is returned as a blob.
+ * The broken flag is to indicate if we want
+ * to create a non conform to specification structure
+ */
+static DATA_BLOB *create_unencryptedsecret(TALLOC_CTX *mem_ctx,
+					   bool broken,
+					   int version)
+{
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	DATA_BLOB *blob = talloc_zero(mem_ctx, DATA_BLOB);
+	enum ndr_err_code ndr_err;
+
+	if (version == 2) {
+		struct bkrp_encrypted_secret_v2 unenc_sec;
+
+		ZERO_STRUCT(unenc_sec);
+		unenc_sec.secret_len = sizeof(secret);
+		unenc_sec.secret = discard_const_p(uint8_t, secret);
+		generate_random_buffer(unenc_sec.payload_key,
+				       sizeof(unenc_sec.payload_key));
+
+		ndr_err = ndr_push_struct_blob(blob, blob, &unenc_sec,
+				(ndr_push_flags_fn_t)ndr_push_bkrp_encrypted_secret_v2);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			return NULL;
+		}
+
+		if (broken) {
+			/* The magic value is correctly set by the NDR push
+			 * but we want to test the behavior of the server
+			 * if a different value is provided
+			 */
+			((uint8_t*)blob->data)[4] = 79; /* A great year !!! */
+		}
+	}
+
+	if (version == 3) {
+		struct bkrp_encrypted_secret_v3 unenc_sec;
+
+		ZERO_STRUCT(unenc_sec);
+		unenc_sec.secret_len = sizeof(secret);
+		unenc_sec.secret = discard_const_p(uint8_t, secret);
+		generate_random_buffer(unenc_sec.payload_key,
+				       sizeof(unenc_sec.payload_key));
+
+		ndr_err = ndr_push_struct_blob(blob, blob, &unenc_sec,
+					(ndr_push_flags_fn_t)ndr_push_bkrp_encrypted_secret_v3);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			return NULL;
+		}
+
+		if (broken) {
+			/*
+			 * The magic value is correctly set by the NDR push
+			 * but we want to test the behavior of the server
+			 * if a different value is provided
+			 */
+			((uint8_t*)blob->data)[4] = 79; /* A great year !!! */
+		}
+	}
+	talloc_free(tmp_ctx);
+	return blob;
+}
+
+/*
+ * Create an access check structure, the format depends on the version parameter.
+ * If broken is specified then we create a structure that isn't conform to the
+ * specification.
+ *
+ * If the structure can't be created then NULL is returned.
+ */
+static DATA_BLOB *create_access_check(struct torture_context *tctx,
+				      struct dcerpc_pipe *p,
+				      TALLOC_CTX *mem_ctx,
+				      const char *user,
+				      bool broken,
+				      uint32_t version)
+{
+	TALLOC_CTX *tmp_ctx = NULL;
+	DATA_BLOB *blob = NULL;
+	enum ndr_err_code ndr_err;
+	const struct dom_sid *sid = NULL;
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		return NULL;
+	}
+
+	sid = get_user_sid(tctx, tmp_ctx, user);
+	if (sid == NULL) {
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+
+	blob = talloc_zero(mem_ctx, DATA_BLOB);
+	if (blob == NULL) {
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+
+	if (version == 2) {
+		struct bkrp_access_check_v2 access_struct;
+		gnutls_hash_hd_t dig_ctx;
+		uint8_t nonce[32];
+		int rc;
+
+		ZERO_STRUCT(access_struct);
+		generate_random_buffer(nonce, sizeof(nonce));
+		access_struct.nonce_len = sizeof(nonce);
+		access_struct.nonce = nonce;
+		access_struct.sid = *sid;
+
+		ndr_err = ndr_push_struct_blob(blob, blob, &access_struct,
+				(ndr_push_flags_fn_t)ndr_push_bkrp_access_check_v2);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			talloc_free(blob);
+			talloc_free(tmp_ctx);
+			return NULL;
+		}
+
+		/*
+		 * We pushed the whole structure including a null hash
+		 * but the hash need to be calculated only up to the hash field
+		 * so we reduce the size of what has to be calculated
+		 */
+
+		rc = gnutls_hash_init(&dig_ctx, GNUTLS_DIG_SHA1);
+		if (rc != GNUTLS_E_SUCCESS) {
+			talloc_free(blob);
+			talloc_free(tmp_ctx);
+			return NULL;
+		}
+		rc = gnutls_hash(dig_ctx,
+				 blob->data,
+				 blob->length - sizeof(access_struct.hash));
+		gnutls_hash_deinit(dig_ctx,
+				   blob->data + blob->length - sizeof(access_struct.hash));
+		if (rc != GNUTLS_E_SUCCESS) {
+			talloc_free(blob);
+			talloc_free(tmp_ctx);
+			return NULL;
+		}
+
+		/* Altering the SHA */
+		if (broken) {
+			blob->data[blob->length - 1]++;
+		}
+	}
+
+	if (version == 3) {
+		struct bkrp_access_check_v3 access_struct;
+		gnutls_hash_hd_t dig_ctx;
+		uint8_t nonce[32];
+		int rc;
+
+		ZERO_STRUCT(access_struct);
+		generate_random_buffer(nonce, sizeof(nonce));
+		access_struct.nonce_len = sizeof(nonce);
+		access_struct.nonce = nonce;
+		access_struct.sid = *sid;
+
+		ndr_err = ndr_push_struct_blob(blob, blob, &access_struct,
+				(ndr_push_flags_fn_t)ndr_push_bkrp_access_check_v3);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			talloc_free(blob);
+			talloc_free(tmp_ctx);
+			return NULL;
+		}
+
+		/*We pushed the whole structure including a null hash
+		* but the hash need to be calculated only up to the hash field
+		* so we reduce the size of what has to be calculated
+		*/
+
+		rc = gnutls_hash_init(&dig_ctx, GNUTLS_DIG_SHA512);
+		if (rc != GNUTLS_E_SUCCESS) {
+			talloc_free(blob);
+			talloc_free(tmp_ctx);
+			return NULL;
+		}
+		rc = gnutls_hash(dig_ctx,
+				 blob->data,
+				 blob->length - sizeof(access_struct.hash));
+		gnutls_hash_deinit(dig_ctx,
+				   blob->data + blob->length - sizeof(access_struct.hash));
+		if (rc != GNUTLS_E_SUCCESS) {
+			talloc_free(blob);
+			talloc_free(tmp_ctx);
+			return NULL;
+		}
+
+		/* Altering the SHA */
+		if (broken) {
+			blob->data[blob->length -1]++;
+		}
+	}
+	talloc_free(tmp_ctx);
+	return blob;
+}
+
+
+static DATA_BLOB *encrypt_blob(struct torture_context *tctx,
+				    TALLOC_CTX *mem_ctx,
+				    DATA_BLOB *key,
+				    DATA_BLOB *iv,
+				    DATA_BLOB *to_encrypt,
+				    gnutls_cipher_algorithm_t cipher_algo)
+{
+	gnutls_cipher_hd_t cipher_handle = { 0 };
+	gnutls_datum_t gkey = {
+		.data = key->data,
+		.size = key->length,
+	};
+	gnutls_datum_t giv = {
+		.data = iv->data,
+		.size = iv->length,
+	};
+	DATA_BLOB *blob;
+	int rc;
+
+	blob = talloc(mem_ctx, DATA_BLOB);
+	if (blob == NULL) {
+		return NULL;
+	}
+
+	*blob = data_blob_talloc_zero(mem_ctx, to_encrypt->length);
+	if (blob->data == NULL) {
+		talloc_free(blob);
+		return NULL;
+	}
+
+	rc = gnutls_cipher_init(&cipher_handle,
+				cipher_algo,
+				&gkey,
+				&giv);
+	if (rc != GNUTLS_E_SUCCESS) {
+		torture_comment(tctx,
+				"gnutls_cipher_init failed: %s\n",
+				gnutls_strerror(rc));
+		talloc_free(blob);
+		return NULL;
+	}
+
+	rc = gnutls_cipher_encrypt2(cipher_handle,
+				    to_encrypt->data,
+				    to_encrypt->length,
+				    blob->data,
+				    blob->length);
+	gnutls_cipher_deinit(cipher_handle);
+	if (rc != GNUTLS_E_SUCCESS) {
+		torture_comment(tctx,
+				"gnutls_cipher_decrypt2 failed: %s\n",
+				gnutls_strerror(rc));
+		return NULL;
+	}
+
+	return blob;
+}
+
+/*
+ * Certs used for this protocol have a GUID in the issuer_uniq_id field.
+ * This function fetch it.
+ */
+static struct GUID *get_cert_guid(struct torture_context *tctx,
+				  TALLOC_CTX *mem_ctx,
+				  uint8_t *cert_data,
+				  uint32_t cert_len)
+{
+	gnutls_x509_crt_t x509_cert = NULL;
+	gnutls_datum_t x509_crt_data = {
+		.data = cert_data,
+		.size = cert_len,
+	};
+	uint8_t dummy[1] = {0};
+	DATA_BLOB issuer_unique_id = {
+		.data = dummy,
+		.length = 0,
+	};
+	struct GUID *guid = talloc_zero(mem_ctx, struct GUID);
+	NTSTATUS status;
+	int rc;
+
+	rc = gnutls_x509_crt_init(&x509_cert);
+	if (rc != GNUTLS_E_SUCCESS) {
+		torture_comment(tctx,
+				"gnutls_x509_crt_init failed - %s",
+				gnutls_strerror(rc));
+		return NULL;
+	}
+
+	rc = gnutls_x509_crt_import(x509_cert,
+				    &x509_crt_data,
+				    GNUTLS_X509_FMT_DER);
+	if (rc != GNUTLS_E_SUCCESS) {
+		torture_comment(tctx,
+				"gnutls_x509_crt_import failed - %s",
+				gnutls_strerror(rc));
+		gnutls_x509_crt_deinit(x509_cert);
+		return NULL;
+	}
+
+	/* Get the buffer size */
+	rc = gnutls_x509_crt_get_issuer_unique_id(x509_cert,
+						  (char *)issuer_unique_id.data,
+						  &issuer_unique_id.length);
+	if (rc != GNUTLS_E_SHORT_MEMORY_BUFFER ||
+	    issuer_unique_id.length == 0) {
+		gnutls_x509_crt_deinit(x509_cert);
+		return NULL;
+	}
+
+	issuer_unique_id = data_blob_talloc_zero(mem_ctx,
+						 issuer_unique_id.length);
+	if (issuer_unique_id.data == NULL) {
+		gnutls_x509_crt_deinit(x509_cert);
+		return NULL;
+	}
+
+	rc = gnutls_x509_crt_get_issuer_unique_id(x509_cert,
+						  (char *)issuer_unique_id.data,
+						  &issuer_unique_id.length);
+	gnutls_x509_crt_deinit(x509_cert);
+	if (rc != GNUTLS_E_SUCCESS) {
+		torture_comment(tctx,
+				"gnutls_x509_crt_get_issuer_unique_id failed - %s",
+				gnutls_strerror(rc));
+		return NULL;
+	}
+
+	status = GUID_from_data_blob(&issuer_unique_id, guid);
+	if (!NT_STATUS_IS_OK(status)) {
+		return NULL;
+	}
+
+	return guid;
+}
+
+/*
+ * Encrypt a blob with the private key of the certificate
+ * passed as a parameter.
+ */
+static DATA_BLOB *encrypt_blob_pk(struct torture_context *tctx,
+				  TALLOC_CTX *mem_ctx,
+				  uint8_t *cert_data,
+				  uint32_t cert_len,
+				  DATA_BLOB *to_encrypt)
+{
+	gnutls_x509_crt_t x509_cert;
+	gnutls_datum_t x509_crt_data = {
+		.data = cert_data,
+		.size = cert_len,
+	};
+	gnutls_pubkey_t pubkey;
+	gnutls_datum_t plaintext = {
+		.data = to_encrypt->data,
+		.size = to_encrypt->length,
+	};
+	gnutls_datum_t ciphertext = {
+		.data = NULL,
+	};
+	DATA_BLOB *blob;
+	int rc;
+
+	rc = gnutls_x509_crt_init(&x509_cert);
+	if (rc != GNUTLS_E_SUCCESS) {
+		return NULL;
+	}
+
+	rc = gnutls_x509_crt_import(x509_cert,
+				    &x509_crt_data,
+				    GNUTLS_X509_FMT_DER);
+	if (rc != GNUTLS_E_SUCCESS) {
+		gnutls_x509_crt_deinit(x509_cert);
+		return NULL;
+	}
+
+	rc = gnutls_pubkey_init(&pubkey);
+	if (rc != GNUTLS_E_SUCCESS) {
+		gnutls_x509_crt_deinit(x509_cert);
+		return NULL;
+	}
+
+	rc = gnutls_pubkey_import_x509(pubkey,
+				       x509_cert,
+				       0);
+	gnutls_x509_crt_deinit(x509_cert);
+	if (rc != GNUTLS_E_SUCCESS) {
+		gnutls_pubkey_deinit(pubkey);
+		return NULL;
+	}
+
+	rc = gnutls_pubkey_encrypt_data(pubkey,
+					0,
+					&plaintext,
+					&ciphertext);
+	gnutls_pubkey_deinit(pubkey);
+	if (rc != GNUTLS_E_SUCCESS) {
+		return NULL;
+	}
+
+	blob = talloc_zero(mem_ctx, DATA_BLOB);
+	if (blob == NULL) {
+		gnutls_pubkey_deinit(pubkey);
+		return NULL;
+	}
+
+	*blob = data_blob_talloc(blob, ciphertext.data, ciphertext.size);
+	gnutls_free(ciphertext.data);
+	if (blob->data == NULL) {
+		gnutls_pubkey_deinit(pubkey);
+		return NULL;
+	}
+
+	return blob;
+}
+
+static struct bkrp_BackupKey *createRetrieveBackupKeyGUIDStruct(struct torture_context *tctx,
+				struct dcerpc_pipe *p, int version, DATA_BLOB *out)
+{
+	struct dcerpc_binding *binding;
+	struct bkrp_client_side_wrapped data;
+	struct GUID *g = talloc(tctx, struct GUID);
+	struct bkrp_BackupKey *r = talloc_zero(tctx, struct bkrp_BackupKey);
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	NTSTATUS status;
+
+	if (r == NULL) {
+		return NULL;
+	}
+
+	binding = dcerpc_binding_dup(tctx, p->binding);
+	if (binding == NULL) {
+		return NULL;
+	}
+
+	status = dcerpc_binding_set_flags(binding, DCERPC_SEAL|DCERPC_AUTH_SPNEGO, 0);
+	if (!NT_STATUS_IS_OK(status)) {
+		return NULL;
+	}
+
+	ZERO_STRUCT(data);
+	status = GUID_from_string(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, g);
+	if (!NT_STATUS_IS_OK(status)) {
+		return NULL;
+	}
+
+	r->in.guidActionAgent = g;
+	data.version = version;
+	ndr_err = ndr_push_struct_blob(&blob, tctx, &data,
+			(ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return NULL;
+	}
+	r->in.data_in = blob.data;
+	r->in.data_in_len = blob.length;
+	r->out.data_out = &out->data;
+	r->out.data_out_len = talloc(r, uint32_t);
+	return r;
+}
+
+static struct bkrp_BackupKey *createRestoreGUIDStruct(struct torture_context *tctx,
+				struct dcerpc_pipe *p, int version, DATA_BLOB *out,
+				bool norevert,
+				bool broken_version,
+				bool broken_user,
+				bool broken_magic_secret,
+				bool broken_magic_access,
+				bool broken_hash_access,
+				bool broken_cert_guid)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct bkrp_client_side_wrapped data;
+	DATA_BLOB *xs;
+	DATA_BLOB *sec;
+	DATA_BLOB *enc_sec = NULL;
+	DATA_BLOB *enc_xs = NULL;
+	DATA_BLOB *blob2;
+	DATA_BLOB enc_sec_reverted;
+	DATA_BLOB key;
+	DATA_BLOB iv;
+	DATA_BLOB out_blob;
+	struct GUID *guid, *g;
+	int t;
+	uint32_t size;
+	enum ndr_err_code ndr_err;
+	NTSTATUS status;
+	const char *user;
+	gnutls_cipher_algorithm_t cipher_algo;
+	struct bkrp_BackupKey *r = createRetrieveBackupKeyGUIDStruct(tctx, p, version, &out_blob);
+	if (r == NULL) {
+		return NULL;
+	}
+
+	if (broken_user) {
+		/* we take a fake user*/
+		user = "guest";
+	} else {
+		user = cli_credentials_get_username(
+				samba_cmdline_get_creds());
+	}
+
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r),
+					"Get GUID");
+	torture_assert_werr_ok(tctx, r->out.result,
+			       "Get GUID");
+
+	/*
+	 * We have to set it outside of the function createRetrieveBackupKeyGUIDStruct
+	 * the len of the blob, this is due to the fact that they don't have the
+	 * same size (one is 32bits the other 64bits)
+	 */
+	out_blob.length = *r->out.data_out_len;
+
+	sec = create_unencryptedsecret(tctx, broken_magic_secret, version);
+	if (sec == NULL) {
+		return NULL;
+	}
+
+	xs = create_access_check(tctx, p, tctx, user, broken_hash_access, version);
+	if (xs == NULL) {
+		return NULL;
+	}
+
+	if (broken_magic_access){
+		/* The start of the access_check structure contains the
+		 * GUID of the certificate
+		 */
+		xs->data[0]++;
+	}
+
+	enc_sec = encrypt_blob_pk(tctx, tctx, out_blob.data, out_blob.length, sec);
+	if (!enc_sec) {
+		return NULL;
+	}
+	enc_sec_reverted.data = talloc_array(tctx, uint8_t, enc_sec->length);
+	if (enc_sec_reverted.data == NULL) {
+		return NULL;
+	}
+	enc_sec_reverted.length = enc_sec->length;
+
+	/*
+	* We DO NOT revert the array on purpose it's in order to check that
+	* when the server is not able to decrypt then it answer the correct error
+	*/
+	if (norevert) {
+		for(t=0; t< enc_sec->length; t++) {
+			enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[t];
+		}
+	} else {
+		for(t=0; t< enc_sec->length; t++) {
+			enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[enc_sec->length - t -1];
+		}
+	}
+
+	size = sec->length;
+	switch (version) {
+	case 2:
+		cipher_algo = GNUTLS_CIPHER_3DES_CBC;
+		break;
+	case 3:
+		cipher_algo = GNUTLS_CIPHER_AES_256_CBC;
+		break;
+	default:
+		return NULL;
+	}
+	iv.length = gnutls_cipher_get_iv_size(cipher_algo);
+	iv.data = sec->data + (size - iv.length);
+
+	key.length = gnutls_cipher_get_key_size(cipher_algo);
+	key.data = sec->data + (size - (key.length + iv.length));
+
+	enc_xs = encrypt_blob(tctx, tctx, &key, &iv, xs, cipher_algo);
+	if (!enc_xs) {
+		return NULL;
+	}
+
+	/* To cope with the fact that heimdal do padding at the end for the moment */
+	enc_xs->length = xs->length;
+
+	guid = get_cert_guid(tctx, tctx, out_blob.data, out_blob.length);
+	if (guid == NULL) {
+		return NULL;
+	}
+
+	if (broken_version) {
+		data.version = 1;
+	} else {
+		data.version = version;
+	}
+
+	data.guid = *guid;
+	data.encrypted_secret = enc_sec_reverted.data;
+	data.access_check = enc_xs->data;
+	data.encrypted_secret_len = enc_sec->length;
+	data.access_check_len = enc_xs->length;
+
+	/* We want the blob to persist after this function so we don't
+	 * allocate it in the stack
+	 */
+	blob2 = talloc(tctx, DATA_BLOB);
+	if (blob2 == NULL) {
+		return NULL;
+	}
+
+	ndr_err = ndr_push_struct_blob(blob2, tctx, &data,
+			(ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return NULL;
+	}
+
+	if (broken_cert_guid) {
+		blob2->data[12]++;
+	}
+
+	ZERO_STRUCT(*r);
+
+	g = talloc(tctx, struct GUID);
+	if (g == NULL) {
+		return NULL;
+	}
+
+	status = GUID_from_string(BACKUPKEY_RESTORE_GUID, g);
+	if (!NT_STATUS_IS_OK(status)) {
+		return NULL;
+	}
+
+	r->in.guidActionAgent = g;
+	r->in.data_in = blob2->data;
+	r->in.data_in_len = blob2->length;
+	r->in.param = 0;
+	r->out.data_out = &(out->data);
+	r->out.data_out_len = talloc(r, uint32_t);
+	return r;
+}
+
+/* Check that we are able to receive the certificate of the DCs
+ * used for client wrap version of the backup key protocol
+ */
+static bool test_RetrieveBackupKeyGUID(struct torture_context *tctx,
+					struct dcerpc_pipe *p)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	DATA_BLOB out_blob;
+	struct bkrp_BackupKey *r = createRetrieveBackupKeyGUIDStruct(tctx, p, 2, &out_blob);
+	enum dcerpc_AuthType auth_type;
+	enum dcerpc_AuthLevel auth_level;
+
+	if (r == NULL) {
+		return false;
+	}
+
+	dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
+
+	if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
+		torture_assert_ntstatus_ok(tctx,
+				dcerpc_bkrp_BackupKey_r(b, tctx, r),
+				"Get GUID");
+
+		out_blob.length = *r->out.data_out_len;
+		torture_assert_werr_equal(tctx,
+						r->out.result,
+						WERR_OK,
+						"Wrong dce/rpc error code");
+	} else {
+		torture_assert_ntstatus_equal(tctx,
+						dcerpc_bkrp_BackupKey_r(b, tctx, r),
+						NT_STATUS_ACCESS_DENIED,
+						"Get GUID");
+	}
+	return true;
+}
+
+/* Test to check the failure to recover a secret because the
+ * secret blob is not reversed
+ */
+static bool test_RestoreGUID_ko(struct torture_context *tctx,
+				struct dcerpc_pipe *p)
+{
+	enum ndr_err_code ndr_err;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	DATA_BLOB out_blob;
+	struct bkrp_client_side_unwrapped resp;
+	enum dcerpc_AuthType auth_type;
+	enum dcerpc_AuthLevel auth_level;
+
+	dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
+
+	if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
+		struct bkrp_BackupKey *r = createRestoreGUIDStruct(tctx, p, 2, &out_blob,
+					true, false, false, false, false, false, false);
+		torture_assert(tctx, r != NULL, "createRestoreGUIDStruct failed");
+		torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r), "Restore GUID");
+		out_blob.length = *r->out.data_out_len;
+		ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
+		torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped");
+		torture_assert_werr_equal(tctx, r->out.result, WERR_INVALID_PARAMETER, "Wrong error code");
+	} else {
+		struct bkrp_BackupKey *r = createRetrieveBackupKeyGUIDStruct(tctx, p, 2, &out_blob);
+		torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r),
+			NT_STATUS_ACCESS_DENIED, "Get GUID");
+	}
+
+	return true;
+}
+
+static bool test_RestoreGUID_wrongversion(struct torture_context *tctx,
+					  struct dcerpc_pipe *p)
+{
+	enum ndr_err_code ndr_err;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	DATA_BLOB out_blob;
+	struct bkrp_client_side_unwrapped resp;
+	enum dcerpc_AuthType auth_type;
+	enum dcerpc_AuthLevel auth_level;
+
+	dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
+
+	if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
+		struct bkrp_BackupKey *r = createRestoreGUIDStruct(tctx, p, 2, &out_blob,
+					false, true, false, false, false, false, false);
+		torture_assert(tctx, r != NULL, "createRestoreGUIDStruct failed");
+		torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r), "Restore GUID");
+		out_blob.length = *r->out.data_out_len;
+		ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
+		torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped");
+		torture_assert_werr_equal(tctx, r->out.result, WERR_INVALID_PARAMETER, "Wrong error code on wrong version");
+	} else {
+		struct bkrp_BackupKey *r = createRetrieveBackupKeyGUIDStruct(tctx, p, 2, &out_blob);
+		torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r),
+			NT_STATUS_ACCESS_DENIED, "Get GUID");
+	}
+
+	return true;
+}
+
+static bool test_RestoreGUID_wronguser(struct torture_context *tctx,
+				       struct dcerpc_pipe *p)
+{
+	enum ndr_err_code ndr_err;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	DATA_BLOB out_blob;
+	struct bkrp_client_side_unwrapped resp;
+	enum dcerpc_AuthType auth_type;
+	enum dcerpc_AuthLevel auth_level;
+
+	dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
+
+	if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
+		struct bkrp_BackupKey *r = createRestoreGUIDStruct(tctx, p, 2, &out_blob,
+					false, false, true, false, false, false, false);
+		torture_assert(tctx, r != NULL, "createRestoreGUIDStruct failed");
+		torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r), "Restore GUID");
+		out_blob.length = *r->out.data_out_len;
+		ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
+		torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped");
+		torture_assert_werr_equal(tctx, r->out.result, WERR_INVALID_ACCESS, "Restore GUID");
+	} else {
+		struct bkrp_BackupKey *r = createRetrieveBackupKeyGUIDStruct(tctx, p, 2, &out_blob);
+		torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r),
+			NT_STATUS_ACCESS_DENIED, "Get GUID");
+	}
+
+	return true;
+}
+
+static bool test_RestoreGUID_v3(struct torture_context *tctx,
+				struct dcerpc_pipe *p)
+{
+	enum ndr_err_code ndr_err;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	DATA_BLOB out_blob;
+	struct bkrp_client_side_unwrapped resp;
+	enum dcerpc_AuthType auth_type;
+	enum dcerpc_AuthLevel auth_level;
+
+	dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
+
+	if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
+		struct bkrp_BackupKey *r = createRestoreGUIDStruct(tctx, p, 3, &out_blob,
+					false, false, false, false, false, false, false);
+		torture_assert(tctx, r != NULL, "createRestoreGUIDStruct failed");
+		torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r), "Restore GUID");
+		out_blob.length = *r->out.data_out_len;
+		ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
+		torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 1, "Unable to unmarshall bkrp_client_side_unwrapped");
+		torture_assert_werr_equal(tctx, r->out.result, WERR_OK, "Restore GUID");
+		torture_assert_str_equal(tctx, (char*)resp.secret.data, secret, "Wrong secret");
+	} else {
+		struct bkrp_BackupKey *r = createRetrieveBackupKeyGUIDStruct(tctx, p, 2, &out_blob);
+		torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r),
+			NT_STATUS_ACCESS_DENIED, "Get GUID");
+	}
+
+	return true;
+}
+
+static bool test_RestoreGUID(struct torture_context *tctx,
+			     struct dcerpc_pipe *p)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	DATA_BLOB out_blob;
+	struct bkrp_client_side_unwrapped resp;
+	enum dcerpc_AuthType auth_type;
+	enum dcerpc_AuthLevel auth_level;
+
+	dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
+
+	if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
+		struct bkrp_BackupKey *r = createRestoreGUIDStruct(tctx, p, 2, &out_blob,
+					false, false, false, false, false, false, false);
+		torture_assert(tctx, r != NULL, "createRestoreGUIDStruct failed");
+		torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r), "Restore GUID");
+		out_blob.length = *r->out.data_out_len;
+		torture_assert_werr_equal(tctx, r->out.result, WERR_OK, "Restore GUID");
+		torture_assert_ndr_err_equal(tctx,
+					     ndr_pull_struct_blob(&out_blob, tctx, &resp,
+								(ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped),
+					     NDR_ERR_SUCCESS,
+					     "Unable to unmarshall bkrp_client_side_unwrapped");
+		torture_assert_str_equal(tctx, (char*)resp.secret.data, secret, "Wrong secret");
+	} else {
+		struct bkrp_BackupKey *r = createRetrieveBackupKeyGUIDStruct(tctx, p, 2, &out_blob);
+		torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r),
+			NT_STATUS_ACCESS_DENIED, "Get GUID");
+	}
+
+	return true;
+}
+
+static bool test_RestoreGUID_badmagiconsecret(struct torture_context *tctx,
+					      struct dcerpc_pipe *p)
+{
+	enum ndr_err_code ndr_err;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	DATA_BLOB out_blob;
+	struct bkrp_client_side_unwrapped resp;
+	enum dcerpc_AuthType auth_type;
+	enum dcerpc_AuthLevel auth_level;
+
+	dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
+
+	if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
+		struct bkrp_BackupKey *r = createRestoreGUIDStruct(tctx, p, 3, &out_blob,
+					false, false, false, true, false, false, false);
+		torture_assert(tctx, r != NULL, "createRestoreGUIDStruct failed");
+		torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r), "Restore GUID");
+		out_blob.length = *r->out.data_out_len;
+		ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
+		torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped");
+		torture_assert_werr_equal(tctx, r->out.result, WERR_INVALID_DATA, "Wrong error code while providing bad magic in secret");
+	} else {
+		struct bkrp_BackupKey *r = createRetrieveBackupKeyGUIDStruct(tctx, p, 2, &out_blob);
+		torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r),
+			NT_STATUS_ACCESS_DENIED, "Get GUID");
+	}
+
+	return true;
+}
+
+static bool test_RestoreGUID_emptyrequest(struct torture_context *tctx,
+					  struct dcerpc_pipe *p)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	DATA_BLOB out_blob;
+	enum dcerpc_AuthType auth_type;
+	enum dcerpc_AuthLevel auth_level;
+
+	dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
+
+	if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
+		struct bkrp_BackupKey *r = createRestoreGUIDStruct(tctx, p, 3, &out_blob,
+					false, false, false, true, false, false, true);
+
+		torture_assert(tctx, r != NULL, "createRestoreGUIDStruct failed");
+		r->in.data_in = talloc(tctx, uint8_t);
+		r->in.data_in_len = 0;
+		r->in.param = 0;
+		torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r), "Restore GUID");
+		out_blob.length = *r->out.data_out_len;
+		torture_assert_werr_equal(tctx, r->out.result, WERR_INVALID_PARAMETER, "Bad error code on wrong has in access check");
+	} else {
+		struct bkrp_BackupKey *r = createRetrieveBackupKeyGUIDStruct(tctx, p, 2, &out_blob);
+		torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r),
+			NT_STATUS_ACCESS_DENIED, "Get GUID");
+	}
+
+	return true;
+}
+
+static bool test_RestoreGUID_badcertguid(struct torture_context *tctx,
+					 struct dcerpc_pipe *p)
+{
+	enum ndr_err_code ndr_err;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	DATA_BLOB out_blob;
+	struct bkrp_client_side_unwrapped resp;
+	enum dcerpc_AuthType auth_type;
+	enum dcerpc_AuthLevel auth_level;
+
+	dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
+
+	if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
+		struct bkrp_BackupKey *r = createRestoreGUIDStruct(tctx, p, 3, &out_blob,
+					false, false, false, false, false, false, true);
+		torture_assert(tctx, r != NULL, "createRestoreGUIDStruct() failed");
+		torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r), "Restore GUID");
+		out_blob.length = *r->out.data_out_len;
+		ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
+		torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped");
+
+		/*
+		 * Windows 2012R2 has, presumably, a programming error
+		 * returning an NTSTATUS code on this interface
+		 */
+		if (W_ERROR_V(r->out.result) != NT_STATUS_V(NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+			torture_assert_werr_equal(tctx, r->out.result, WERR_INVALID_DATA, "Bad error code on wrong has in access check");
+		}
+	} else {
+		struct bkrp_BackupKey *r = createRetrieveBackupKeyGUIDStruct(tctx, p, 2, &out_blob);
+		torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r),
+			NT_STATUS_ACCESS_DENIED, "Get GUID");
+	}
+
+	return true;
+}
+
+static bool test_RestoreGUID_badmagicaccesscheck(struct torture_context *tctx,
+						 struct dcerpc_pipe *p)
+{
+	enum ndr_err_code ndr_err;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	DATA_BLOB out_blob;
+	struct bkrp_client_side_unwrapped resp;
+	enum dcerpc_AuthType auth_type;
+	enum dcerpc_AuthLevel auth_level;
+
+	dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
+
+	if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
+		struct bkrp_BackupKey *r = createRestoreGUIDStruct(tctx, p, 2, &out_blob,
+					false, false, false, false, true, false, false);
+		torture_assert(tctx, r != NULL, "createRestoreGUIDStruct failed");
+		torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r), "Restore GUID");
+		out_blob.length = *r->out.data_out_len;
+		ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
+		torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped");
+		torture_assert_werr_equal(tctx, r->out.result, WERR_INVALID_DATA, "Bad error code on wrong has in access check");
+	} else {
+		struct bkrp_BackupKey *r = createRetrieveBackupKeyGUIDStruct(tctx, p, 2, &out_blob);
+		torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r),
+			NT_STATUS_ACCESS_DENIED, "Get GUID");
+	}
+
+	return true;
+}
+
+static bool test_RestoreGUID_badhashaccesscheck(struct torture_context *tctx,
+						struct dcerpc_pipe *p)
+{
+	enum ndr_err_code ndr_err;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	DATA_BLOB out_blob;
+	struct bkrp_client_side_unwrapped resp;
+	enum dcerpc_AuthType auth_type;
+	enum dcerpc_AuthLevel auth_level;
+
+	dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
+
+	if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
+		struct bkrp_BackupKey *r = createRestoreGUIDStruct(tctx, p, 2, &out_blob,
+					false, false, false, false, false, true, false);
+		torture_assert(tctx, r != NULL, "createRestoreGUIDStruct failed");
+		torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r), "Restore GUID");
+		out_blob.length = *r->out.data_out_len;
+		ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
+		torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped");
+		torture_assert_werr_equal(tctx, r->out.result, WERR_INVALID_DATA, "Bad error code on wrong has in access check");
+	} else {
+		struct bkrp_BackupKey *r = createRetrieveBackupKeyGUIDStruct(tctx, p, 2, &out_blob);
+		torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r),
+			NT_STATUS_ACCESS_DENIED, "Get GUID");
+	}
+
+	return true;
+}
+
+/*
+ * Check that the RSA modulus in the certificate of the DCs has 2048 bits.
+ */
+static bool test_RetrieveBackupKeyGUID_validate(struct torture_context *tctx,
+						struct dcerpc_pipe *p)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	DATA_BLOB out_blob;
+	struct bkrp_BackupKey *r = createRetrieveBackupKeyGUIDStruct(tctx, p, 2, &out_blob);
+	enum dcerpc_AuthType auth_type;
+	enum dcerpc_AuthLevel auth_level;
+
+	torture_assert(tctx, r != NULL, "test_RetrieveBackupKeyGUID_validate failed");
+
+	if (r == NULL) {
+		return false;
+	}
+
+	dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
+
+	if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
+		gnutls_x509_crt_t x509_cert = NULL;
+		gnutls_pubkey_t pubkey = NULL;
+		gnutls_datum_t x509_crt_data;
+		gnutls_pk_algorithm_t pubkey_algo;
+		uint8_t dummy[1] = {0};
+		DATA_BLOB subject_unique_id = {
+			.data = dummy,
+			.length = 0,
+		};
+		DATA_BLOB issuer_unique_id = {
+			.data = dummy,
+			.length = 0,
+		};
+		DATA_BLOB reversed = {
+			.data = dummy,
+			.length = 0,
+		};
+		DATA_BLOB serial_number;
+		unsigned int RSA_returned_bits = 0;
+		int version;
+		size_t i;
+		int cmp;
+		int rc;
+
+		torture_assert_ntstatus_ok(tctx,
+				dcerpc_bkrp_BackupKey_r(b, tctx, r),
+				"Get GUID");
+
+		torture_assert_werr_ok(tctx, r->out.result,
+				       "Get GUID");
+
+		out_blob.length = *r->out.data_out_len;
+
+		x509_crt_data.data = out_blob.data;
+		x509_crt_data.size = out_blob.length;
+
+		rc = gnutls_x509_crt_init(&x509_cert);
+		if (rc != GNUTLS_E_SUCCESS) {
+			return NULL;
+		}
+
+		rc = gnutls_x509_crt_import(x509_cert,
+					    &x509_crt_data,
+					    GNUTLS_X509_FMT_DER);
+		torture_assert_int_equal(tctx,
+					 rc,
+					 GNUTLS_E_SUCCESS,
+					 "gnutls_x509_crt_import failed");
+
+		/* Compare unique ids */
+
+		/* Get buffer size */
+		rc = gnutls_x509_crt_get_subject_unique_id(x509_cert,
+							   (char *)subject_unique_id.data,
+							   &subject_unique_id.length);
+		torture_assert_int_equal(tctx,
+					 rc,
+					 GNUTLS_E_SHORT_MEMORY_BUFFER,
+					 "gnutls_x509_crt_get_subject_unique_id "
+					 "get buffer size failed");
+
+		subject_unique_id = data_blob_talloc_zero(tctx,
+							  subject_unique_id.length);
+
+		rc = gnutls_x509_crt_get_subject_unique_id(x509_cert,
+							   (char *)subject_unique_id.data,
+							   &subject_unique_id.length);
+		torture_assert_int_equal(tctx,
+					 rc,
+					 GNUTLS_E_SUCCESS,
+					 "gnutls_x509_crt_get_subject_unique_id failed");
+
+		rc = gnutls_x509_crt_get_issuer_unique_id(x509_cert,
+							  (char *)issuer_unique_id.data,
+							  &issuer_unique_id.length);
+		torture_assert_int_equal(tctx,
+					 rc,
+					 GNUTLS_E_SHORT_MEMORY_BUFFER,
+					 "gnutls_x509_crt_get_issuer_unique_id "
+					 "get buffer size failed");
+
+		issuer_unique_id = data_blob_talloc_zero(tctx,
+							 issuer_unique_id.length);
+
+		rc = gnutls_x509_crt_get_issuer_unique_id(x509_cert,
+							  (char *)issuer_unique_id.data,
+							  &issuer_unique_id.length);
+		torture_assert_int_equal(tctx,
+					 rc,
+					 GNUTLS_E_SUCCESS,
+					 "gnutls_x509_crt_get_issuer_unique_id failed");
+
+		cmp = data_blob_cmp(&subject_unique_id, &issuer_unique_id);
+		torture_assert(tctx,
+			       cmp == 0,
+			       "The GUID to identify the public key is not "
+			       "identical");
+
+		rc = gnutls_x509_crt_get_serial(x509_cert,
+						reversed.data,
+						&reversed.length);
+		torture_assert_int_equal(tctx,
+					 rc,
+					 GNUTLS_E_SHORT_MEMORY_BUFFER,
+					 "gnutls_x509_crt_get_serial "
+					 "get buffer size failed");
+
+		reversed = data_blob_talloc_zero(tctx,
+						 reversed.length);
+
+		rc = gnutls_x509_crt_get_serial(x509_cert,
+						reversed.data,
+						&reversed.length);
+		torture_assert_int_equal(tctx,
+					 rc,
+					 GNUTLS_E_SUCCESS,
+					 "gnutls_x509_crt_get_serial failed");
+
+		/*
+		 * Heimdal sometimes adds a leading byte to the data buffer of
+		 * the serial number. So lets uses the subject_unique_id size
+		 * and ignore the leading byte.
+		 */
+		serial_number = data_blob_talloc_zero(tctx,
+						      subject_unique_id.length);
+
+		for (i = 0; i < serial_number.length; i++) {
+			serial_number.data[i] = reversed.data[reversed.length - i - 1];
+		}
+
+		cmp = data_blob_cmp(&subject_unique_id, &serial_number);
+		torture_assert(tctx,
+			       cmp == 0,
+			       "The GUID to identify the public key is not "
+			       "identical");
+
+		/* Check certificate version */
+		version = gnutls_x509_crt_get_version(x509_cert);
+		torture_assert_int_equal(tctx,
+					 version,
+					 3,
+					 "Invalid certificate version");
+
+		/* Get the public key */
+		rc = gnutls_pubkey_init(&pubkey);
+		torture_assert_int_equal(tctx,
+					 rc,
+					 GNUTLS_E_SUCCESS,
+					 "gnutls_pubkey_init failed");
+
+		rc = gnutls_pubkey_import_x509(pubkey,
+					       x509_cert,
+					       0);
+		gnutls_x509_crt_deinit(x509_cert);
+		torture_assert_int_equal(tctx,
+					 rc,
+					 GNUTLS_E_SUCCESS,
+					 "gnutls_pubkey_import_x509 failed");
+
+		pubkey_algo = gnutls_pubkey_get_pk_algorithm(pubkey,
+							     &RSA_returned_bits);
+		gnutls_pubkey_deinit(pubkey);
+		torture_assert_int_equal(tctx,
+					 pubkey_algo,
+					 GNUTLS_PK_RSA,
+					 "gnutls_pubkey_get_pk_algorithm did "
+					 "not return a RSA key");
+		torture_assert_int_equal(tctx,
+						RSA_returned_bits,
+						2048,
+						"RSA Key doesn't have 2048 bits");
+	} else {
+		torture_assert_ntstatus_equal(tctx,
+						dcerpc_bkrp_BackupKey_r(b, tctx, r),
+						NT_STATUS_ACCESS_DENIED,
+						"Get GUID");
+	}
+
+	return true;
+}
+
+static bool test_ServerWrap_encrypt_decrypt(struct torture_context *tctx,
+					    struct dcerpc_pipe *p)
+{
+	struct bkrp_BackupKey r;
+	struct GUID guid;
+	DATA_BLOB plaintext = data_blob_const(secret, sizeof(secret));
+	DATA_BLOB encrypted;
+	uint32_t enclen;
+	DATA_BLOB decrypted;
+	uint32_t declen;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	enum dcerpc_AuthType auth_type;
+	enum dcerpc_AuthLevel auth_level;
+	ZERO_STRUCT(r);
+
+	dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
+
+	/* Encrypt */
+	torture_assert_ntstatus_ok(tctx,
+				   GUID_from_string(BACKUPKEY_BACKUP_GUID, &guid),
+				   "obtain GUID");
+
+	r.in.guidActionAgent = &guid;
+	r.in.data_in = plaintext.data;
+	r.in.data_in_len = plaintext.length;
+	r.in.param = 0;
+	r.out.data_out = &encrypted.data;
+	r.out.data_out_len = &enclen;
+	if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
+		torture_assert_ntstatus_ok(tctx,
+					   dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+					   "encrypt");
+	} else {
+		torture_assert_ntstatus_equal(tctx,
+					      dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+					      NT_STATUS_ACCESS_DENIED,
+					      "encrypt");
+		return true;
+	}
+	torture_assert_werr_ok(tctx,
+			       r.out.result,
+			       "encrypt");
+	encrypted.length = *r.out.data_out_len;
+
+	/* Decrypt */
+	torture_assert_ntstatus_ok(tctx,
+				   GUID_from_string(BACKUPKEY_RESTORE_GUID, &guid),
+				   "obtain GUID");
+
+	r.in.guidActionAgent = &guid;
+	r.in.data_in = encrypted.data;
+	r.in.data_in_len = encrypted.length;
+	r.in.param = 0;
+	r.out.data_out = &(decrypted.data);
+	r.out.data_out_len = &declen;
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+				   "decrypt");
+	torture_assert_werr_ok(tctx,
+			       r.out.result,
+			       "decrypt");
+	decrypted.length = *r.out.data_out_len;
+
+	/* Compare */
+	torture_assert_data_blob_equal(tctx, plaintext, decrypted, "Decrypt failed");
+
+	/* Decrypt */
+	torture_assert_ntstatus_ok(tctx,
+				   GUID_from_string(BACKUPKEY_RESTORE_GUID_WIN2K, &guid),
+				   "obtain GUID");
+
+	r.in.guidActionAgent = &guid;
+	r.in.data_in = encrypted.data;
+	r.in.data_in_len = encrypted.length;
+	r.in.param = 0;
+	r.out.data_out = &(decrypted.data);
+	r.out.data_out_len = &declen;
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+				   "decrypt");
+	torture_assert_werr_ok(tctx,
+			       r.out.result,
+			       "decrypt");
+	decrypted.length = *r.out.data_out_len;
+
+	/* Compare */
+	torture_assert_data_blob_equal(tctx, plaintext, decrypted, "Decrypt failed");
+	return true;
+}
+
+static bool test_ServerWrap_decrypt_wrong_keyGUID(struct torture_context *tctx,
+						  struct dcerpc_pipe *p)
+{
+	struct bkrp_BackupKey r;
+	struct GUID guid;
+	DATA_BLOB plaintext = data_blob_const(secret, sizeof(secret));
+	DATA_BLOB encrypted;
+	uint32_t enclen;
+	DATA_BLOB decrypted;
+	uint32_t declen;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	enum ndr_err_code ndr_err;
+	struct bkrp_server_side_wrapped server_side_wrapped;
+	enum dcerpc_AuthType auth_type;
+	enum dcerpc_AuthLevel auth_level;
+	ZERO_STRUCT(r);
+
+	dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
+
+	/* Encrypt */
+	torture_assert_ntstatus_ok(tctx,
+				   GUID_from_string(BACKUPKEY_BACKUP_GUID, &guid),
+				   "obtain GUID");
+
+	r.in.guidActionAgent = &guid;
+	r.in.data_in = plaintext.data;
+	r.in.data_in_len = plaintext.length;
+	r.in.param = 0;
+	r.out.data_out = &encrypted.data;
+	r.out.data_out_len = &enclen;
+	if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
+		torture_assert_ntstatus_ok(tctx,
+					   dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+					   "encrypt");
+	} else {
+		torture_assert_ntstatus_equal(tctx,
+					      dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+					      NT_STATUS_ACCESS_DENIED,
+					      "encrypt");
+		return true;
+	}
+	torture_assert_werr_ok(tctx,
+			       r.out.result,
+			       "encrypt");
+	encrypted.length = *r.out.data_out_len;
+
+	ndr_err = ndr_pull_struct_blob(&encrypted, tctx, &server_side_wrapped,
+				       (ndr_pull_flags_fn_t)ndr_pull_bkrp_server_side_wrapped);
+	torture_assert_ndr_err_equal(tctx, ndr_err, NDR_ERR_SUCCESS, "pull of server_side_wrapped");
+
+	/* Change the GUID */
+	server_side_wrapped.guid = GUID_random();
+
+	ndr_err = ndr_push_struct_blob(&encrypted, tctx, &server_side_wrapped,
+				       (ndr_push_flags_fn_t)ndr_push_bkrp_server_side_wrapped);
+	torture_assert_ndr_err_equal(tctx, ndr_err, NDR_ERR_SUCCESS, "push of server_side_wrapped");
+
+	/* Decrypt */
+	torture_assert_ntstatus_ok(tctx,
+				   GUID_from_string(BACKUPKEY_RESTORE_GUID, &guid),
+				   "obtain GUID");
+
+	r.in.guidActionAgent = &guid;
+	r.in.data_in = encrypted.data;
+	r.in.data_in_len = encrypted.length;
+	r.in.param = 0;
+	r.out.data_out = &(decrypted.data);
+	r.out.data_out_len = &declen;
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+				   "decrypt");
+	torture_assert_werr_equal(tctx,
+				  r.out.result,
+				  WERR_INVALID_DATA,
+				  "decrypt should fail with WERR_INVALID_DATA");
+
+	/* Decrypt */
+	torture_assert_ntstatus_ok(tctx,
+				   GUID_from_string(BACKUPKEY_RESTORE_GUID_WIN2K, &guid),
+				   "obtain GUID");
+
+	r.in.guidActionAgent = &guid;
+	r.in.data_in = encrypted.data;
+	r.in.data_in_len = encrypted.length;
+	r.in.param = 0;
+	r.out.data_out = &(decrypted.data);
+	r.out.data_out_len = &declen;
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+				   "decrypt");
+	torture_assert_werr_equal(tctx,
+				  r.out.result,
+				  WERR_INVALID_DATA,
+				  "decrypt should fail with WERR_INVALID_DATA");
+
+	return true;
+}
+
+static bool test_ServerWrap_decrypt_empty_request(struct torture_context *tctx,
+						 struct dcerpc_pipe *p)
+{
+	struct bkrp_BackupKey r;
+	struct GUID guid;
+	DATA_BLOB decrypted;
+	uint32_t declen;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	uint8_t short_request[4] = { 1, 0, 0, 0 };
+	enum dcerpc_AuthType auth_type;
+	enum dcerpc_AuthLevel auth_level;
+	ZERO_STRUCT(r);
+
+	dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
+
+	/* Decrypt */
+	torture_assert_ntstatus_ok(tctx,
+				   GUID_from_string(BACKUPKEY_RESTORE_GUID, &guid),
+				   "obtain GUID");
+
+	r.in.guidActionAgent = &guid;
+	r.in.data_in = short_request;
+	r.in.data_in_len = 0;
+	r.in.param = 0;
+	r.out.data_out = &(decrypted.data);
+	r.out.data_out_len = &declen;
+	if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
+		torture_assert_ntstatus_ok(tctx,
+					   dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+					   "encrypt");
+	} else {
+		torture_assert_ntstatus_equal(tctx,
+					      dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+					      NT_STATUS_ACCESS_DENIED,
+					      "encrypt");
+		return true;
+	}
+	torture_assert_werr_equal(tctx,
+				  r.out.result,
+				  WERR_INVALID_PARAMETER,
+				  "decrypt should fail with WERR_INVALID_PARAMETER");
+
+	/* Decrypt */
+	torture_assert_ntstatus_ok(tctx,
+				   GUID_from_string(BACKUPKEY_RESTORE_GUID_WIN2K, &guid),
+				   "obtain GUID");
+
+	r.in.guidActionAgent = &guid;
+	r.in.data_in = short_request;
+	r.in.data_in_len = 0;
+	r.in.param = 0;
+	r.out.data_out = &(decrypted.data);
+	r.out.data_out_len = &declen;
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+				   "decrypt");
+	torture_assert_werr_equal(tctx,
+				  r.out.result,
+				  WERR_INVALID_PARAMETER,
+				  "decrypt should fail with WERR_INVALID_PARAMETER");
+
+	/* Decrypt */
+	torture_assert_ntstatus_ok(tctx,
+				   GUID_from_string(BACKUPKEY_RESTORE_GUID, &guid),
+				   "obtain GUID");
+
+	r.in.guidActionAgent = &guid;
+	r.in.data_in = NULL;
+	r.in.data_in_len = 0;
+	r.in.param = 0;
+	r.out.data_out = &(decrypted.data);
+	r.out.data_out_len = &declen;
+	torture_assert_ntstatus_equal(tctx,
+				      dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+				      NT_STATUS_INVALID_PARAMETER_MIX,
+				      "decrypt");
+
+	/* Decrypt */
+	torture_assert_ntstatus_ok(tctx,
+				   GUID_from_string(BACKUPKEY_RESTORE_GUID_WIN2K, &guid),
+				   "obtain GUID");
+
+	r.in.guidActionAgent = &guid;
+	r.in.data_in = NULL;
+	r.in.data_in_len = 0;
+	r.in.param = 0;
+	r.out.data_out = &(decrypted.data);
+	r.out.data_out_len = &declen;
+	torture_assert_ntstatus_equal(tctx,
+				      dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+				      NT_STATUS_INVALID_PARAMETER_MIX,
+				      "decrypt");
+
+	return true;
+}
+
+
+static bool test_ServerWrap_decrypt_short_request(struct torture_context *tctx,
+						 struct dcerpc_pipe *p)
+{
+	struct bkrp_BackupKey r;
+	struct GUID guid;
+	DATA_BLOB decrypted;
+	uint32_t declen;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	uint8_t short_request[4] = { 1, 0, 0, 0 };
+	enum dcerpc_AuthType auth_type;
+	enum dcerpc_AuthLevel auth_level;
+	ZERO_STRUCT(r);
+
+	dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
+
+	/* Decrypt */
+	torture_assert_ntstatus_ok(tctx,
+				   GUID_from_string(BACKUPKEY_RESTORE_GUID, &guid),
+				   "obtain GUID");
+
+	r.in.guidActionAgent = &guid;
+	r.in.data_in = short_request;
+	r.in.data_in_len = 4;
+	r.in.param = 0;
+	r.out.data_out = &(decrypted.data);
+	r.out.data_out_len = &declen;
+	if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
+		torture_assert_ntstatus_ok(tctx,
+					   dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+					   "encrypt");
+	} else {
+		torture_assert_ntstatus_equal(tctx,
+					      dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+					      NT_STATUS_ACCESS_DENIED,
+					      "encrypt");
+		return true;
+	}
+	torture_assert_werr_equal(tctx,
+				  r.out.result,
+				  WERR_INVALID_PARAMETER,
+				  "decrypt should fail with WERR_INVALID_PARM");
+
+	/* Decrypt */
+	torture_assert_ntstatus_ok(tctx,
+				   GUID_from_string(BACKUPKEY_RESTORE_GUID_WIN2K, &guid),
+				   "obtain GUID");
+
+	r.in.guidActionAgent = &guid;
+	r.in.data_in = short_request;
+	r.in.data_in_len = 4;
+	r.in.param = 0;
+	r.out.data_out = &(decrypted.data);
+	r.out.data_out_len = &declen;
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+				   "decrypt");
+	torture_assert_werr_equal(tctx,
+				  r.out.result,
+				  WERR_INVALID_PARAMETER,
+				  "decrypt should fail with WERR_INVALID_PARAMETER");
+
+	/* Decrypt */
+	torture_assert_ntstatus_ok(tctx,
+				   GUID_from_string(BACKUPKEY_RESTORE_GUID, &guid),
+				   "obtain GUID");
+
+	r.in.guidActionAgent = &guid;
+	r.in.data_in = short_request;
+	r.in.data_in_len = 1;
+	r.in.param = 0;
+	r.out.data_out = &(decrypted.data);
+	r.out.data_out_len = &declen;
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+				   "decrypt");
+	torture_assert_werr_equal(tctx,
+				  r.out.result,
+				  WERR_INVALID_PARAMETER,
+				  "decrypt should fail with WERR_INVALID_PARAMETER");
+
+	/* Decrypt */
+	torture_assert_ntstatus_ok(tctx,
+				   GUID_from_string(BACKUPKEY_RESTORE_GUID_WIN2K, &guid),
+				   "obtain GUID");
+
+	r.in.guidActionAgent = &guid;
+	r.in.data_in = short_request;
+	r.in.data_in_len = 1;
+	r.in.param = 0;
+	r.out.data_out = &(decrypted.data);
+	r.out.data_out_len = &declen;
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+				   "decrypt");
+	torture_assert_werr_equal(tctx,
+				  r.out.result,
+				  WERR_INVALID_PARAMETER,
+				  "decrypt should fail with WERR_INVALID_PARAMETER");
+
+	return true;
+}
+
+static bool test_ServerWrap_encrypt_decrypt_manual(struct torture_context *tctx,
+						   struct bkrp_server_side_wrapped *server_side_wrapped,
+						   enum test_wrong wrong)
+{
+	char *lsa_binding_string = NULL;
+	struct dcerpc_binding *lsa_binding = NULL;
+	struct dcerpc_pipe *lsa_p = NULL;
+	struct dcerpc_binding_handle *lsa_b = NULL;
+	struct lsa_OpenSecret r_secret;
+	struct lsa_QuerySecret r_query_secret;
+	struct policy_handle *handle, sec_handle;
+	struct bkrp_BackupKey r;
+	struct GUID preferred_key_guid;
+	DATA_BLOB plaintext = data_blob_const(secret, sizeof(secret));
+	DATA_BLOB preferred_key, preferred_key_clear, session_key,
+		decrypt_key, decrypt_key_clear, encrypted_blob,
+		sid_blob;
+	struct bkrp_dc_serverwrap_key server_key;
+	struct lsa_DATA_BUF_PTR bufp1;
+	char *key_guid_string;
+	struct bkrp_rc4encryptedpayload rc4payload;
+	struct dom_sid *caller_sid;
+	uint8_t symkey[20]; /* SHA-1 hash len */
+	uint8_t mackey[20]; /* SHA-1 hash len */
+	uint8_t mac[20]; /* SHA-1 hash len */
+	gnutls_hmac_hd_t hmac_hnd;
+	gnutls_cipher_hd_t cipher_hnd;
+	gnutls_datum_t cipher_key;
+	int rc;
+
+	ZERO_STRUCT(r);
+	ZERO_STRUCT(r_secret);
+	ZERO_STRUCT(r_query_secret);
+
+	/* Now read BCKUPKEY_P and prove we can do a matching decrypt and encrypt */
+
+	/* lsa_OpenSecret only works with ncacn_np and AUTH_LEVEL_NONE */
+	lsa_binding_string = talloc_asprintf(tctx, "ncacn_np:%s",
+				torture_setting_string(tctx, "host", NULL));
+	torture_assert(tctx, lsa_binding_string != NULL, "lsa_binding_string");
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_parse_binding(tctx, lsa_binding_string, &lsa_binding),
+		"Failed to parse dcerpc binding");
+
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_pipe_connect_b(tctx, &lsa_p,
+					lsa_binding, &ndr_table_lsarpc,
+					samba_cmdline_get_creds(),
+					tctx->ev, tctx->lp_ctx),
+				   "Opening LSA pipe");
+	lsa_b = lsa_p->binding_handle;
+
+	torture_assert(tctx, test_lsa_OpenPolicy2(lsa_b, tctx, &handle), "OpenPolicy failed");
+	r_secret.in.name.string = "G$BCKUPKEY_P";
+
+	r_secret.in.handle = handle;
+	r_secret.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r_secret.out.sec_handle = &sec_handle;
+
+	torture_comment(tctx, "Testing OpenSecret\n");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_OpenSecret_r(lsa_b, tctx, &r_secret),
+				   "OpenSecret failed");
+	torture_assert_ntstatus_ok(tctx, r_secret.out.result,
+				   "OpenSecret failed");
+
+	r_query_secret.in.sec_handle = &sec_handle;
+	r_query_secret.in.new_val = &bufp1;
+	bufp1.buf = NULL;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_QuerySecret_r(lsa_b, tctx, &r_query_secret),
+		"QuerySecret failed");
+	torture_assert_ntstatus_ok(tctx, r_query_secret.out.result,
+				   "QuerySecret failed");
+
+
+	preferred_key.data = r_query_secret.out.new_val->buf->data;
+	preferred_key.length = r_query_secret.out.new_val->buf->size;
+	torture_assert_ntstatus_ok(tctx, dcerpc_fetch_session_key(lsa_p, &session_key),
+				   "dcerpc_fetch_session_key failed");
+
+	torture_assert_ntstatus_ok(tctx,
+				   sess_decrypt_blob(tctx,
+						     &preferred_key, &session_key, &preferred_key_clear),
+				   "sess_decrypt_blob failed");
+
+	torture_assert_ntstatus_ok(tctx, GUID_from_ndr_blob(&preferred_key_clear, &preferred_key_guid),
+				   "GUID parse failed");
+
+	torture_assert_guid_equal(tctx, server_side_wrapped->guid,
+				  preferred_key_guid,
+				  "GUID didn't match value pointed at by G$BCKUPKEY_P");
+
+	/* And read BCKUPKEY_<guid> and get the actual key */
+
+	key_guid_string = GUID_string(tctx, &server_side_wrapped->guid);
+	r_secret.in.name.string = talloc_asprintf(tctx, "G$BCKUPKEY_%s", key_guid_string);
+
+	r_secret.in.handle = handle;
+	r_secret.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r_secret.out.sec_handle = &sec_handle;
+
+	torture_comment(tctx, "Testing OpenSecret\n");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_OpenSecret_r(lsa_b, tctx, &r_secret),
+				   "OpenSecret failed");
+	torture_assert_ntstatus_ok(tctx, r_secret.out.result,
+				   "OpenSecret failed");
+
+	r_query_secret.in.sec_handle = &sec_handle;
+	r_query_secret.in.new_val = &bufp1;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_QuerySecret_r(lsa_b, tctx, &r_query_secret),
+				   "QuerySecret failed");
+	torture_assert_ntstatus_ok(tctx, r_query_secret.out.result,
+				   "QuerySecret failed");
+
+
+	decrypt_key.data = r_query_secret.out.new_val->buf->data;
+	decrypt_key.length = r_query_secret.out.new_val->buf->size;
+
+	torture_assert_ntstatus_ok(tctx,
+				   sess_decrypt_blob(tctx,
+						     &decrypt_key, &session_key, &decrypt_key_clear),
+				   "sess_decrypt_blob failed");
+
+	torture_assert_ndr_err_equal(tctx, ndr_pull_struct_blob(&decrypt_key_clear, tctx, &server_key,
+								(ndr_pull_flags_fn_t)ndr_pull_bkrp_dc_serverwrap_key),
+				     NDR_ERR_SUCCESS, "Failed to parse server_key");
+
+	torture_assert_int_equal(tctx, server_key.magic, 1, "Failed to correctly decrypt server key");
+
+	/*
+	 * This is *not* the leading 64 bytes, as indicated in MS-BKRP 3.1.4.1.1
+	 * BACKUPKEY_BACKUP_GUID, it really is the whole key
+	 */
+	gnutls_hmac_init(&hmac_hnd,
+			 GNUTLS_MAC_SHA1,
+			 server_key.key,
+			 sizeof(server_key.key));
+	gnutls_hmac(hmac_hnd,
+		    server_side_wrapped->r2,
+		    sizeof(server_side_wrapped->r2));
+	gnutls_hmac_output(hmac_hnd, symkey);
+
+	/* rc4 decrypt sid and secret using sym key */
+	cipher_key.data = symkey;
+	cipher_key.size = sizeof(symkey);
+
+	encrypted_blob = data_blob_talloc(tctx, server_side_wrapped->rc4encryptedpayload,
+					  server_side_wrapped->ciphertext_length);
+
+	rc = gnutls_cipher_init(&cipher_hnd,
+				GNUTLS_CIPHER_ARCFOUR_128,
+				&cipher_key,
+				NULL);
+	torture_assert_int_equal(tctx,
+				 rc,
+				 GNUTLS_E_SUCCESS,
+				 "gnutls_cipher_init failed");
+	rc = gnutls_cipher_encrypt2(cipher_hnd,
+				    encrypted_blob.data,
+				    encrypted_blob.length,
+				    encrypted_blob.data,
+				    encrypted_blob.length);
+	torture_assert_int_equal(tctx,
+				 rc,
+				 GNUTLS_E_SUCCESS,
+				 "gnutls_cipher_encrypt failed");
+	gnutls_cipher_deinit(cipher_hnd);
+
+	torture_assert_ndr_err_equal(tctx, ndr_pull_struct_blob(&encrypted_blob, tctx, &rc4payload,
+				       (ndr_pull_flags_fn_t)ndr_pull_bkrp_rc4encryptedpayload),
+				     NDR_ERR_SUCCESS, "Failed to parse rc4encryptedpayload");
+
+	torture_assert_int_equal(tctx, rc4payload.secret_data.length,
+				 server_side_wrapped->payload_length,
+				 "length of decrypted payload not the length declared in surrounding structure");
+
+	/*
+	 * This is *not* the leading 64 bytes, as indicated in MS-BKRP 3.1.4.1.1
+	 * BACKUPKEY_BACKUP_GUID, it really is the whole key
+	 */
+	gnutls_hmac(hmac_hnd,
+		    rc4payload.r3,
+		    sizeof(rc4payload.r3));
+	gnutls_hmac_deinit(hmac_hnd, mackey);
+
+	torture_assert_ndr_err_equal(tctx, ndr_push_struct_blob(&sid_blob, tctx, &rc4payload.sid,
+								(ndr_push_flags_fn_t)ndr_push_dom_sid),
+				     NDR_ERR_SUCCESS, "unable to push SID");
+
+	gnutls_hmac_init(&hmac_hnd,
+			 GNUTLS_MAC_SHA1,
+			 mackey,
+			 sizeof(mackey));
+	/* SID field */
+	gnutls_hmac(hmac_hnd,
+		    sid_blob.data,
+		    sid_blob.length);
+	/* Secret field */
+	gnutls_hmac(hmac_hnd,
+		    rc4payload.secret_data.data,
+		    rc4payload.secret_data.length);
+	gnutls_hmac_output(hmac_hnd, mac);
+
+	torture_assert_mem_equal(tctx, mac, rc4payload.mac, sizeof(mac), "mac not correct");
+	torture_assert_int_equal(tctx, rc4payload.secret_data.length,
+				 plaintext.length, "decrypted data is not correct length");
+	torture_assert_mem_equal(tctx, rc4payload.secret_data.data,
+				 plaintext.data, plaintext.length,
+				 "decrypted data is not correct");
+
+	/* Not strictly correct all the time, but good enough for this test */
+	caller_sid = get_user_sid(tctx, tctx,
+			cli_credentials_get_username(
+				samba_cmdline_get_creds()));
+
+	torture_assert_sid_equal(tctx, &rc4payload.sid, caller_sid, "Secret saved with wrong SID");
+
+
+	/* RE-encrypt */
+
+	if (wrong == WRONG_SID) {
+		rc4payload.sid.sub_auths[rc4payload.sid.num_auths - 1] = DOMAIN_RID_KRBTGT;
+	}
+
+	dump_data_pw("mackey: \n", mackey, sizeof(mackey));
+
+	torture_assert_ndr_err_equal(tctx,
+				     ndr_push_struct_blob(&sid_blob, tctx, &rc4payload.sid,
+							  (ndr_push_flags_fn_t)ndr_push_dom_sid),
+				     NDR_ERR_SUCCESS,
+				     "push of sid failed");
+
+	/* SID field */
+	gnutls_hmac(hmac_hnd,
+		    sid_blob.data,
+		    sid_blob.length);
+	/* Secret field */
+	gnutls_hmac(hmac_hnd,
+		    rc4payload.secret_data.data,
+		    rc4payload.secret_data.length);
+	gnutls_hmac_deinit(hmac_hnd, rc4payload.mac);
+
+	dump_data_pw("rc4payload.mac: \n", rc4payload.mac, sizeof(rc4payload.mac));
+
+	torture_assert_ndr_err_equal(tctx,
+				     ndr_push_struct_blob(&encrypted_blob, tctx, &rc4payload,
+							  (ndr_push_flags_fn_t)ndr_push_bkrp_rc4encryptedpayload),
+				     NDR_ERR_SUCCESS,
+				     "push of rc4payload failed");
+
+	if (wrong == WRONG_KEY) {
+		symkey[0] = 78;
+		symkey[1] = 78;
+		symkey[2] = 78;
+	}
+
+	/* rc4 encrypt sid and secret using sym key */
+	cipher_key.data = symkey;
+	cipher_key.size = sizeof(symkey);
+
+	rc = gnutls_cipher_init(&cipher_hnd,
+				GNUTLS_CIPHER_ARCFOUR_128,
+				&cipher_key,
+				NULL);
+	torture_assert_int_equal(tctx,
+				 rc,
+				 GNUTLS_E_SUCCESS,
+				 "gnutls_cipher_init failed");
+	rc = gnutls_cipher_encrypt2(cipher_hnd,
+				    encrypted_blob.data,
+				    encrypted_blob.length,
+				    encrypted_blob.data,
+				    encrypted_blob.length);
+	torture_assert_int_equal(tctx,
+				 rc,
+				 GNUTLS_E_SUCCESS,
+				 "gnutls_cipher_encrypt failed");
+	gnutls_cipher_deinit(cipher_hnd);
+
+
+	/* re-create server wrap structure */
+
+	torture_assert_int_equal(tctx, encrypted_blob.length,
+				 server_side_wrapped->ciphertext_length,
+				 "expected encrypted length not to change");
+	if (wrong == RIGHT_KEY) {
+		torture_assert_mem_equal(tctx, server_side_wrapped->rc4encryptedpayload,
+					 encrypted_blob.data,
+					 encrypted_blob.length,
+					 "expected encrypted data not to change");
+	}
+
+	server_side_wrapped->payload_length = rc4payload.secret_data.length;
+	server_side_wrapped->ciphertext_length = encrypted_blob.length;
+	server_side_wrapped->rc4encryptedpayload = encrypted_blob.data;
+
+	return true;
+}
+
+
+static bool test_ServerWrap_decrypt_wrong_stuff(struct torture_context *tctx,
+						struct dcerpc_pipe *p,
+						enum test_wrong wrong)
+{
+	struct bkrp_BackupKey r;
+	struct GUID guid;
+	DATA_BLOB plaintext = data_blob_const(secret, sizeof(secret));
+	DATA_BLOB encrypted;
+	uint32_t enclen;
+	DATA_BLOB decrypted;
+	uint32_t declen;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	enum ndr_err_code ndr_err;
+	struct bkrp_server_side_wrapped server_side_wrapped;
+	bool repush = false;
+	enum dcerpc_AuthType auth_type;
+	enum dcerpc_AuthLevel auth_level;
+	ZERO_STRUCT(r);
+
+	dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
+
+	/* Encrypt */
+	torture_assert_ntstatus_ok(tctx,
+				   GUID_from_string(BACKUPKEY_BACKUP_GUID, &guid),
+				   "obtain GUID");
+
+	r.in.guidActionAgent = &guid;
+	r.in.data_in = plaintext.data;
+	r.in.data_in_len = plaintext.length;
+	r.in.param = 0;
+	r.out.data_out = &encrypted.data;
+	r.out.data_out_len = &enclen;
+	if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
+		torture_assert_ntstatus_ok(tctx,
+					   dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+					   "encrypt");
+	} else {
+		torture_assert_ntstatus_equal(tctx,
+					      dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+					      NT_STATUS_ACCESS_DENIED,
+					      "encrypt");
+		return true;
+	}
+	torture_assert_werr_ok(tctx,
+			       r.out.result,
+			       "encrypt");
+	encrypted.length = *r.out.data_out_len;
+
+	ndr_err = ndr_pull_struct_blob(&encrypted, tctx, &server_side_wrapped,
+				       (ndr_pull_flags_fn_t)ndr_pull_bkrp_server_side_wrapped);
+	torture_assert_ndr_err_equal(tctx, ndr_err, NDR_ERR_SUCCESS, "pull of server_side_wrapped");
+
+	torture_assert_int_equal(tctx, server_side_wrapped.payload_length, plaintext.length,
+				 "wrong payload length");
+
+	switch (wrong) {
+	case WRONG_MAGIC:
+		/* Change the magic.  Forced by our NDR layer, so do it raw */
+		SIVAL(encrypted.data, 0, 78);  /* valid values are 1-3 */
+		break;
+	case WRONG_R2:
+		server_side_wrapped.r2[0] = 78;
+		server_side_wrapped.r2[1] = 78;
+		server_side_wrapped.r2[2] = 78;
+		repush = true;
+		break;
+	case WRONG_PAYLOAD_LENGTH:
+		server_side_wrapped.payload_length = UINT32_MAX - 8;
+		repush = true;
+		break;
+	case WRONG_CIPHERTEXT_LENGTH:
+		/*
+		 * Change the ciphertext len.  We can't push this if
+		 * we have it wrong, so do it raw
+		 */
+		SIVAL(encrypted.data, 8, UINT32_MAX - 8);  /* valid values are 1-3 */
+		break;
+	case SHORT_PAYLOAD_LENGTH:
+		server_side_wrapped.payload_length = server_side_wrapped.payload_length - 8;
+		repush = true;
+		break;
+	case SHORT_CIPHERTEXT_LENGTH:
+		/*
+		 * Change the ciphertext len.  We can't push this if
+		 * we have it wrong, so do it raw
+		 */
+		SIVAL(encrypted.data, 8, server_side_wrapped.ciphertext_length - 8);  /* valid values are 1-3 */
+		break;
+	case ZERO_PAYLOAD_LENGTH:
+		server_side_wrapped.payload_length = 0;
+		repush = true;
+		break;
+	case ZERO_CIPHERTEXT_LENGTH:
+		/*
+		 * Change the ciphertext len.  We can't push this if
+		 * we have it wrong, so do it raw
+		 */
+		SIVAL(encrypted.data, 8, 0);  /* valid values are 1-3 */
+		break;
+
+	case RIGHT_KEY:
+	case WRONG_KEY:
+	case WRONG_SID:
+		torture_assert(tctx,
+			       test_ServerWrap_encrypt_decrypt_manual(tctx, &server_side_wrapped, wrong),
+			       "test_ServerWrap_encrypt_decrypt_manual failed");
+		repush = true;
+		break;
+	}
+
+	if (repush) {
+		ndr_err = ndr_push_struct_blob(&encrypted, tctx, &server_side_wrapped,
+					       (ndr_push_flags_fn_t)ndr_push_bkrp_server_side_wrapped);
+		torture_assert_ndr_err_equal(tctx, ndr_err, NDR_ERR_SUCCESS, "push of server_side_wrapped");
+	}
+
+	/* Decrypt */
+	torture_assert_ntstatus_ok(tctx,
+				   GUID_from_string(BACKUPKEY_RESTORE_GUID, &guid),
+				   "obtain GUID");
+
+	r.in.guidActionAgent = &guid;
+	r.in.data_in = encrypted.data;
+	r.in.data_in_len = encrypted.length;
+	r.in.param = 0;
+	r.out.data_out = &(decrypted.data);
+	r.out.data_out_len = &declen;
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+				   "decrypt");
+
+	if ((wrong == WRONG_R2 || wrong == WRONG_KEY)
+	    && W_ERROR_EQUAL(r.out.result, WERR_INVALID_SID)) {
+		torture_assert_werr_equal(tctx,
+					  r.out.result,
+					  WERR_INVALID_SID,
+					  "decrypt should fail with WERR_INVALID_SID or WERR_INVALID_PARAMETER");
+	} else if (wrong == RIGHT_KEY) {
+		torture_assert_werr_equal(tctx,
+					  r.out.result,
+					  WERR_OK,
+					  "decrypt should succeed!");
+	} else if (wrong == WRONG_SID) {
+		torture_assert_werr_equal(tctx,
+					  r.out.result,
+					  WERR_INVALID_ACCESS,
+					  "decrypt should fail with WERR_INVALID_ACCESS");
+	} else {
+		if (!W_ERROR_EQUAL(r.out.result, WERR_INVALID_ACCESS)
+		    && !W_ERROR_EQUAL(r.out.result, WERR_INVALID_PARAMETER)) {
+			torture_assert_werr_equal(tctx, r.out.result,
+						  WERR_INVALID_DATA,
+						  "decrypt should fail with WERR_INVALID_ACCESS, WERR_INVALID_PARAMETER or WERR_INVALID_DATA");
+		}
+	}
+
+	/* Decrypt */
+	torture_assert_ntstatus_ok(tctx,
+				   GUID_from_string(BACKUPKEY_RESTORE_GUID_WIN2K, &guid),
+				   "obtain GUID");
+
+	r.in.guidActionAgent = &guid;
+	r.in.data_in = encrypted.data;
+	r.in.data_in_len = encrypted.length;
+	r.in.param = 0;
+	r.out.data_out = &(decrypted.data);
+	r.out.data_out_len = &declen;
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+				   "decrypt");
+
+	if ((wrong == WRONG_R2 || wrong == WRONG_KEY)
+	    && W_ERROR_EQUAL(r.out.result, WERR_INVALID_SID)) {
+		torture_assert_werr_equal(tctx,
+					  r.out.result,
+					  WERR_INVALID_SID,
+					  "decrypt should fail with WERR_INVALID_SID or WERR_INVALID_PARAMETER");
+	} else if (wrong == RIGHT_KEY) {
+		torture_assert_werr_equal(tctx,
+					  r.out.result,
+					  WERR_OK,
+					  "decrypt should succeed!");
+	} else if (wrong == WRONG_SID) {
+		torture_assert_werr_equal(tctx,
+					  r.out.result,
+					  WERR_INVALID_ACCESS,
+					  "decrypt should fail with WERR_INVALID_ACCESS");
+	} else {
+		if (!W_ERROR_EQUAL(r.out.result, WERR_INVALID_ACCESS)
+		    && !W_ERROR_EQUAL(r.out.result, WERR_INVALID_PARAMETER)) {
+			torture_assert_werr_equal(tctx, r.out.result,
+						  WERR_INVALID_DATA,
+						  "decrypt should fail with WERR_INVALID_ACCESS, WERR_INVALID_PARAMETER or WERR_INVALID_DATA");
+		}
+	}
+
+	return true;
+}
+
+static bool test_ServerWrap_decrypt_wrong_magic(struct torture_context *tctx,
+						struct dcerpc_pipe *p)
+{
+	return test_ServerWrap_decrypt_wrong_stuff(tctx, p, WRONG_MAGIC);
+}
+
+static bool test_ServerWrap_decrypt_wrong_r2(struct torture_context *tctx,
+						struct dcerpc_pipe *p)
+{
+	return test_ServerWrap_decrypt_wrong_stuff(tctx, p, WRONG_R2);
+}
+
+static bool test_ServerWrap_decrypt_wrong_payload_length(struct torture_context *tctx,
+							 struct dcerpc_pipe *p)
+{
+	return test_ServerWrap_decrypt_wrong_stuff(tctx, p, WRONG_PAYLOAD_LENGTH);
+}
+
+static bool test_ServerWrap_decrypt_short_payload_length(struct torture_context *tctx,
+							 struct dcerpc_pipe *p)
+{
+	return test_ServerWrap_decrypt_wrong_stuff(tctx, p, SHORT_PAYLOAD_LENGTH);
+}
+
+static bool test_ServerWrap_decrypt_zero_payload_length(struct torture_context *tctx,
+							 struct dcerpc_pipe *p)
+{
+	return test_ServerWrap_decrypt_wrong_stuff(tctx, p, ZERO_PAYLOAD_LENGTH);
+}
+
+static bool test_ServerWrap_decrypt_wrong_ciphertext_length(struct torture_context *tctx,
+							 struct dcerpc_pipe *p)
+{
+	return test_ServerWrap_decrypt_wrong_stuff(tctx, p, WRONG_CIPHERTEXT_LENGTH);
+}
+
+static bool test_ServerWrap_decrypt_short_ciphertext_length(struct torture_context *tctx,
+							 struct dcerpc_pipe *p)
+{
+	return test_ServerWrap_decrypt_wrong_stuff(tctx, p, SHORT_CIPHERTEXT_LENGTH);
+}
+
+static bool test_ServerWrap_decrypt_zero_ciphertext_length(struct torture_context *tctx,
+							   struct dcerpc_pipe *p)
+{
+	return test_ServerWrap_decrypt_wrong_stuff(tctx, p, ZERO_CIPHERTEXT_LENGTH);
+}
+
+static bool test_ServerWrap_encrypt_decrypt_remote_key(struct torture_context *tctx,
+						       struct dcerpc_pipe *p)
+{
+	return test_ServerWrap_decrypt_wrong_stuff(tctx, p, RIGHT_KEY);
+}
+
+static bool test_ServerWrap_encrypt_decrypt_wrong_key(struct torture_context *tctx,
+						       struct dcerpc_pipe *p)
+{
+	return test_ServerWrap_decrypt_wrong_stuff(tctx, p, WRONG_KEY);
+}
+
+static bool test_ServerWrap_encrypt_decrypt_wrong_sid(struct torture_context *tctx,
+						      struct dcerpc_pipe *p)
+{
+	return test_ServerWrap_decrypt_wrong_stuff(tctx, p, WRONG_SID);
+}
+
+struct torture_suite *torture_rpc_backupkey(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "backupkey");
+
+	struct torture_rpc_tcase *tcase;
+
+	tcase = torture_suite_add_rpc_iface_tcase(suite, "backupkey",
+						  &ndr_table_backupkey);
+
+	torture_rpc_tcase_add_test(tcase, "retreive_backup_key_guid",
+				   test_RetrieveBackupKeyGUID);
+
+	torture_rpc_tcase_add_test(tcase, "restore_guid",
+				   test_RestoreGUID);
+
+	torture_rpc_tcase_add_test(tcase, "restore_guid version 3",
+				   test_RestoreGUID_v3);
+
+/* We double the test in order to be sure that we don't mess stuff (ie. freeing static stuff) */
+
+	torture_rpc_tcase_add_test(tcase, "restore_guid_2nd",
+				   test_RestoreGUID);
+
+	torture_rpc_tcase_add_test(tcase, "unable_to_decrypt_secret",
+				   test_RestoreGUID_ko);
+
+	torture_rpc_tcase_add_test(tcase, "wrong_user_restore_guid",
+				   test_RestoreGUID_wronguser);
+
+	torture_rpc_tcase_add_test(tcase, "wrong_version_restore_guid",
+				   test_RestoreGUID_wrongversion);
+
+	torture_rpc_tcase_add_test(tcase, "bad_magic_on_secret_restore_guid",
+				   test_RestoreGUID_badmagiconsecret);
+
+	torture_rpc_tcase_add_test(tcase, "bad_hash_on_secret_restore_guid",
+				   test_RestoreGUID_badhashaccesscheck);
+
+	torture_rpc_tcase_add_test(tcase, "bad_magic_on_accesscheck_restore_guid",
+				   test_RestoreGUID_badmagicaccesscheck);
+
+	torture_rpc_tcase_add_test(tcase, "bad_cert_guid_restore_guid",
+				   test_RestoreGUID_badcertguid);
+
+	torture_rpc_tcase_add_test(tcase, "empty_request_restore_guid",
+				   test_RestoreGUID_emptyrequest);
+
+	torture_rpc_tcase_add_test(tcase, "retreive_backup_key_guid_validate",
+				   test_RetrieveBackupKeyGUID_validate);
+
+	torture_rpc_tcase_add_test(tcase, "server_wrap_encrypt_decrypt",
+				   test_ServerWrap_encrypt_decrypt);
+
+	torture_rpc_tcase_add_test(tcase, "server_wrap_decrypt_wrong_keyGUID",
+				   test_ServerWrap_decrypt_wrong_keyGUID);
+
+	torture_rpc_tcase_add_test(tcase, "server_wrap_empty_request",
+				   test_ServerWrap_decrypt_empty_request);
+
+	torture_rpc_tcase_add_test(tcase, "server_wrap_decrypt_short_request",
+				   test_ServerWrap_decrypt_short_request);
+
+	torture_rpc_tcase_add_test(tcase, "server_wrap_decrypt_wrong_magic",
+				   test_ServerWrap_decrypt_wrong_magic);
+
+	torture_rpc_tcase_add_test(tcase, "server_wrap_decrypt_wrong_r2",
+				   test_ServerWrap_decrypt_wrong_r2);
+
+	torture_rpc_tcase_add_test(tcase, "server_wrap_decrypt_wrong_payload_length",
+				   test_ServerWrap_decrypt_wrong_payload_length);
+
+	torture_rpc_tcase_add_test(tcase, "server_wrap_decrypt_short_payload_length",
+				   test_ServerWrap_decrypt_short_payload_length);
+
+	torture_rpc_tcase_add_test(tcase, "server_wrap_decrypt_zero_payload_length",
+				   test_ServerWrap_decrypt_zero_payload_length);
+
+	torture_rpc_tcase_add_test(tcase, "server_wrap_decrypt_wrong_ciphertext_length",
+				   test_ServerWrap_decrypt_wrong_ciphertext_length);
+
+	torture_rpc_tcase_add_test(tcase, "server_wrap_decrypt_short_ciphertext_length",
+				   test_ServerWrap_decrypt_short_ciphertext_length);
+
+	torture_rpc_tcase_add_test(tcase, "server_wrap_decrypt_zero_ciphertext_length",
+				   test_ServerWrap_decrypt_zero_ciphertext_length);
+
+	torture_rpc_tcase_add_test(tcase, "server_wrap_encrypt_decrypt_remote_key",
+				   test_ServerWrap_encrypt_decrypt_remote_key);
+
+	torture_rpc_tcase_add_test(tcase, "server_wrap_encrypt_decrypt_wrong_key",
+				   test_ServerWrap_encrypt_decrypt_wrong_key);
+
+	torture_rpc_tcase_add_test(tcase, "server_wrap_encrypt_decrypt_wrong_sid",
+				   test_ServerWrap_encrypt_decrypt_wrong_sid);
+
+	return suite;
+}
diff --git a/source4/torture/rpc/bench.c b/source4/torture/rpc/bench.c
new file mode 100644
index 0000000..88825c5
--- /dev/null
+++ b/source4/torture/rpc/bench.c
@@ -0,0 +1,152 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   simple RPC benchmark
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_srvsvc_c.h"
+#include "torture/rpc/torture_rpc.h"
+
+/**************************/
+/* srvsvc_NetShare        */
+/**************************/
+static bool test_NetShareEnumAll(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
+{
+	NTSTATUS status;
+	struct srvsvc_NetShareEnumAll r;
+	struct srvsvc_NetShareInfoCtr info_ctr;
+	struct srvsvc_NetShareCtr0 c0;
+	struct srvsvc_NetShareCtr1 c1;
+	struct srvsvc_NetShareCtr2 c2;
+	struct srvsvc_NetShareCtr501 c501;
+	struct srvsvc_NetShareCtr502 c502;
+	uint32_t totalentries = 0;
+	uint32_t levels[] = {0, 1, 2, 501, 502};
+	int i;
+	bool ret = true;
+	uint32_t resume_handle;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	ZERO_STRUCT(info_ctr);
+
+	r.in.server_unc = talloc_asprintf(mem_ctx,"\\\\%s",dcerpc_server_name(p));
+	r.in.info_ctr = &info_ctr;
+	r.in.max_buffer = (uint32_t)-1;
+	r.in.resume_handle = &resume_handle;
+	r.out.resume_handle = &resume_handle;
+	r.out.totalentries = &totalentries;
+	r.out.info_ctr = &info_ctr;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		resume_handle = 0;
+		info_ctr.level = levels[i];
+
+		switch (info_ctr.level) {
+		case 0:
+			ZERO_STRUCT(c0);
+			info_ctr.ctr.ctr0 = &c0;
+			break;
+		case 1:
+			ZERO_STRUCT(c1);
+			info_ctr.ctr.ctr1 = &c1;
+			break;
+		case 2:
+			ZERO_STRUCT(c2);
+			info_ctr.ctr.ctr2 = &c2;
+			break;
+		case 501:
+			ZERO_STRUCT(c501);
+			info_ctr.ctr.ctr501 = &c501;
+			break;
+		case 502:
+			ZERO_STRUCT(c502);
+			info_ctr.ctr.ctr502 = &c502;
+			break;
+		}
+
+		status = dcerpc_srvsvc_NetShareEnumAll_r(b, mem_ctx, &r);
+		if (!NT_STATUS_IS_OK(status)) {
+			printf("NetShareEnumAll level %u failed - %s\n", info_ctr.level, nt_errstr(status));
+			ret = false;
+			continue;
+		}
+		if (!W_ERROR_IS_OK(r.out.result)) {
+			printf("NetShareEnumAll level %u failed - %s\n", info_ctr.level, win_errstr(r.out.result));
+			continue;
+		}
+	}
+
+	return ret;
+}
+
+/*
+  benchmark srvsvc netshareenumall queries
+*/
+static bool bench_NetShareEnumAll(struct torture_context *tctx, struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
+{
+	struct timeval tv = timeval_current();
+	bool ret = true;
+	int timelimit = torture_setting_int(tctx, "timelimit", 10);
+	int count=0;
+
+	printf("Running for %d seconds\n", timelimit);
+	while (timeval_elapsed(&tv) < timelimit) {
+		TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+		if (!test_NetShareEnumAll(p, tmp_ctx)) break;
+		talloc_free(tmp_ctx);
+		count++;
+		if (count % 50 == 0) {
+			if (torture_setting_bool(tctx, "progress", true)) {
+				printf("%.1f queries per second  \r", 
+				       count / timeval_elapsed(&tv));
+			}
+		}
+	}
+
+	printf("%.1f queries per second  \n", count / timeval_elapsed(&tv));
+
+	return ret;
+}
+
+
+bool torture_bench_rpc(struct torture_context *torture)
+{
+        NTSTATUS status;
+        struct dcerpc_pipe *p;
+	TALLOC_CTX *mem_ctx;
+	bool ret = true;
+
+	mem_ctx = talloc_init("torture_rpc_srvsvc");
+
+	status = torture_rpc_connection(torture, 
+					&p,
+					&ndr_table_srvsvc);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(mem_ctx);
+		return false;
+	}
+
+	if (!bench_NetShareEnumAll(torture, p, mem_ctx)) {
+		ret = false;
+	}
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
diff --git a/source4/torture/rpc/bind.c b/source4/torture/rpc/bind.c
new file mode 100644
index 0000000..7c0d5e4
--- /dev/null
+++ b/source4/torture/rpc/bind.c
@@ -0,0 +1,245 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for rpc bind operations
+
+   Copyright (C) Guenther Deschner 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "torture/rpc/torture_rpc.h"
+#include "librpc/gen_ndr/ndr_lsa_c.h"
+#include "librpc/gen_ndr/ndr_epmapper_c.h"
+#include "lib/cmdline/cmdline.h"
+
+static bool test_openpolicy(struct torture_context *tctx,
+			    struct dcerpc_pipe *p)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct policy_handle *handle;
+
+	torture_assert(tctx,
+		test_lsa_OpenPolicy2(b, tctx, &handle),
+		"failed to open policy");
+
+	torture_assert(tctx,
+		test_lsa_Close(b, tctx, handle),
+		"failed to close policy");
+
+	return true;
+}
+
+static bool test_bind(struct torture_context *tctx,
+		      const void *private_data)
+{
+	struct dcerpc_binding *binding;
+	struct dcerpc_pipe *p;
+	NTSTATUS status;
+	const uint32_t *flags = (const uint32_t *)private_data;
+
+	torture_assert_ntstatus_ok(tctx,
+		torture_rpc_binding(tctx, &binding),
+		"failed to parse binding string");
+
+	status = dcerpc_binding_set_flags(binding, *flags, DCERPC_AUTH_OPTIONS);
+	torture_assert_ntstatus_ok(tctx, status, "set flags");
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_pipe_connect_b(tctx, &p, binding,
+				      &ndr_table_lsarpc,
+				      samba_cmdline_get_creds(),
+				      tctx->ev,
+				      tctx->lp_ctx),
+		"failed to connect pipe");
+
+	torture_assert(tctx,
+		test_openpolicy(tctx, p),
+		"failed to test openpolicy");
+
+	talloc_free(p);
+
+	return true;
+}
+
+/**
+ * Verifies a handle created in a connection is available on
+ * a second connection when the same association group is
+ * requested in the bind operation. The LSA interface can't be
+ * used because it runs in preforking mode in the selftests.
+ * Association groups should work when binding to interfaces
+ * running in the same process.
+ */
+static bool test_assoc_group_handles_external(struct torture_context *tctx,
+					      const void *private_data)
+{
+	struct dcerpc_binding *binding1 = NULL;
+	struct dcerpc_binding *binding2 = NULL;
+	struct dcerpc_pipe *p1 = NULL;
+	struct dcerpc_pipe *p2 = NULL;
+	struct epm_Lookup r;
+	struct epm_LookupHandleFree f;
+	struct policy_handle handle;
+	uint32_t assoc_group_id;
+	uint32_t num_ents = 0;
+
+	ZERO_STRUCT(handle);
+
+	/* Open first pipe and open a policy handle */
+	torture_assert_ntstatus_ok(tctx,
+		torture_rpc_binding(tctx, &binding1),
+		"failed to parse binding string");
+	dcerpc_binding_set_transport(binding1, NCACN_IP_TCP);
+	dcerpc_binding_set_string_option(binding1, "endpoint", "135");
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_pipe_connect_b(tctx, &p1, binding1,
+				      &ndr_table_epmapper,
+				      samba_cmdline_get_creds(),
+				      tctx->ev,
+				      tctx->lp_ctx),
+		"failed to connect first pipe");
+
+	r.in.inquiry_type = RPC_C_EP_ALL_ELTS;
+	r.in.object = NULL;
+	r.in.interface_id = NULL;
+	r.in.vers_option = RPC_C_VERS_ALL;
+
+	r.in.entry_handle = &handle;
+	r.in.max_ents = 1;
+
+	r.out.entry_handle = &handle;
+	r.out.num_ents = &num_ents;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_epm_Lookup_r(p1->binding_handle, tctx, &r),
+		"failed EPM Lookup");
+	torture_assert_int_equal(tctx,
+		r.out.result,
+		EPMAPPER_STATUS_OK,
+		"failed EPM Lookup");
+
+	/* Open second pipe, different association group. Handle not found */
+	torture_assert_ntstatus_ok(tctx,
+		torture_rpc_binding(tctx, &binding2),
+		"failed to parse binding string");
+	dcerpc_binding_set_transport(binding2, NCACN_IP_TCP);
+	dcerpc_binding_set_string_option(binding2, "endpoint", "135");
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_pipe_connect_b(tctx, &p2, binding2,
+				      &ndr_table_epmapper,
+				      samba_cmdline_get_creds(),
+				      tctx->ev,
+				      tctx->lp_ctx),
+		"failed to connect second pipe");
+
+	torture_assert_ntstatus_equal(tctx,
+		dcerpc_epm_Lookup_r(p2->binding_handle, tctx, &r),
+		NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
+		"Unexpected EPM Lookup success");
+
+	/* Open second pipe, same association group. Handle is found */
+	assoc_group_id = dcerpc_binding_get_assoc_group_id(p1->binding);
+	dcerpc_binding_set_assoc_group_id(binding2, assoc_group_id);
+
+	TALLOC_FREE(p2);
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_pipe_connect_b(tctx, &p2, binding2,
+				      &ndr_table_epmapper,
+				      samba_cmdline_get_creds(),
+				      tctx->ev,
+				      tctx->lp_ctx),
+		"failed to connect second pipe");
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_epm_Lookup_r(p2->binding_handle, tctx, &r),
+		"failed EPM Lookup");
+
+	torture_assert_int_equal(tctx,
+		r.out.result,
+		EPMAPPER_STATUS_OK,
+		"failed EPM Lookup");
+
+	/* Cleanup */
+	f.in.entry_handle = &handle;
+	f.out.entry_handle = &handle;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_epm_LookupHandleFree_r(p1->binding_handle, tctx, &f),
+		"failed EPM LookupHandleFree");
+
+	torture_assert_int_equal(tctx,
+		r.out.result,
+		EPMAPPER_STATUS_OK,
+		"failed EPM LookupHandleFree");
+
+	TALLOC_FREE(p1);
+	TALLOC_FREE(p2);
+	TALLOC_FREE(binding2);
+	TALLOC_FREE(binding1);
+
+	return true;
+}
+
+static void test_bind_op(struct torture_suite *suite,
+			 const char *name,
+			 uint32_t flags)
+{
+	uint32_t *flags_p = talloc(suite, uint32_t);
+
+	*flags_p = flags;
+
+	torture_suite_add_simple_tcase_const(suite, name, test_bind, flags_p);
+}
+
+
+struct torture_suite *torture_rpc_bind(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "bind");
+	struct {
+		const char *test_name;
+		uint32_t flags;
+	} tests[] = {
+		{
+			.test_name	= "ntlm,sign",
+			.flags		= DCERPC_AUTH_NTLM | DCERPC_SIGN
+		},{
+			.test_name	= "ntlm,sign,seal",
+			.flags		= DCERPC_AUTH_NTLM | DCERPC_SIGN | DCERPC_SEAL
+		},{
+			.test_name	= "spnego,sign",
+			.flags		= DCERPC_AUTH_SPNEGO | DCERPC_SIGN
+		},{
+			.test_name	= "spnego,sign,seal",
+			.flags		= DCERPC_AUTH_SPNEGO | DCERPC_SIGN | DCERPC_SEAL
+		}
+	};
+	int i;
+
+	for (i=0; i < ARRAY_SIZE(tests); i++) {
+		test_bind_op(suite, tests[i].test_name, tests[i].flags);
+	}
+	for (i=0; i < ARRAY_SIZE(tests); i++) {
+		test_bind_op(suite, talloc_asprintf(suite, "bigendian,%s", tests[i].test_name), tests[i].flags | DCERPC_PUSH_BIGENDIAN);
+	}
+
+	torture_suite_add_simple_tcase_const(suite,
+					     "assoc_group_handles_external",
+					     test_assoc_group_handles_external,
+					     NULL);
+
+	return suite;
+}
diff --git a/source4/torture/rpc/browser.c b/source4/torture/rpc/browser.c
new file mode 100644
index 0000000..2fbcd4e
--- /dev/null
+++ b/source4/torture/rpc/browser.c
@@ -0,0 +1,124 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   test suite for browser rpc operations
+
+   Copyright (C) Stefan Metzmacher 2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_browser_c.h"
+#include "torture/rpc/torture_rpc.h"
+
+bool test_BrowserrQueryOtherDomains(struct torture_context *tctx,
+				    struct dcerpc_pipe *p)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct BrowserrQueryOtherDomains r;
+	struct BrowserrSrvInfo info;
+	struct BrowserrSrvInfo100Ctr ctr100;
+	struct srvsvc_NetSrvInfo100 entries100[1];
+	struct BrowserrSrvInfo101Ctr ctr101;
+	struct srvsvc_NetSrvInfo101 entries101[1];
+	uint32_t total_entries;
+	NTSTATUS status;
+
+	torture_comment(tctx, "dcerpc_BrowserrQueryOtherDomains\n");
+
+	ZERO_STRUCT(r);
+	ZERO_STRUCT(info);
+	ZERO_STRUCT(ctr100);
+	ZERO_STRUCT(entries100);
+	ZERO_STRUCT(ctr101);
+	ZERO_STRUCT(entries101);
+	total_entries = 0;
+
+	r.in.server_unc = talloc_asprintf(tctx,"\\\\%s",dcerpc_server_name(p));
+	r.in.info = &info;
+	r.out.info = &info;
+	r.out.total_entries = &total_entries;
+
+	info.level = 100;
+	info.info.info100 = &ctr100;
+
+	status = dcerpc_BrowserrQueryOtherDomains_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "BrowserrQueryOtherDomains failed");
+	torture_assert_werr_ok(tctx, r.out.result, "BrowserrQueryOtherDomains failed");
+	torture_assert_int_equal(tctx, *r.out.total_entries, 0, "BrowserrQueryOtherDomains");
+
+	info.info.info100 = &ctr100;
+	ctr100.entries_read = ARRAY_SIZE(entries100);
+	ctr100.entries = entries100;
+
+	status = dcerpc_BrowserrQueryOtherDomains_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "BrowserrQueryOtherDomains failed");
+	torture_assert_werr_ok(tctx, r.out.result, "BrowserrQueryOtherDomains failed");
+	torture_assert_int_equal(tctx, *r.out.total_entries, 0, "BrowserrQueryOtherDomains");
+
+	info.info.info100 = NULL;
+	status = dcerpc_BrowserrQueryOtherDomains_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "BrowserrQueryOtherDomains failed");
+	torture_assert_werr_equal(tctx, WERR_INVALID_PARAMETER, r.out.result,
+				  "BrowserrQueryOtherDomains failed");
+
+	info.level = 101;
+	info.info.info101 = &ctr101;
+
+	status = dcerpc_BrowserrQueryOtherDomains_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "BrowserrQueryOtherDomains failed");
+	torture_assert_werr_equal(tctx, WERR_INVALID_LEVEL, r.out.result,
+				  "BrowserrQueryOtherDomains");
+
+	info.info.info101 = &ctr101;
+	ctr101.entries_read = ARRAY_SIZE(entries101);
+	ctr101.entries = entries101;
+
+	status = dcerpc_BrowserrQueryOtherDomains_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "BrowserrQueryOtherDomains failed");
+	torture_assert_werr_equal(tctx, WERR_INVALID_LEVEL, r.out.result,
+				  "BrowserrQueryOtherDomains");
+
+	info.info.info101 = NULL;
+	status = dcerpc_BrowserrQueryOtherDomains_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "BrowserrQueryOtherDomains failed");
+	torture_assert_werr_equal(tctx, WERR_INVALID_LEVEL, r.out.result,
+				  "BrowserrQueryOtherDomains");
+
+	info.level = 102;
+	status = dcerpc_BrowserrQueryOtherDomains_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "BrowserrQueryOtherDomains failed");
+	torture_assert_werr_equal(tctx, WERR_INVALID_LEVEL, r.out.result,
+				  "BrowserrQueryOtherDomains");
+
+	info.level = 0;
+	status = dcerpc_BrowserrQueryOtherDomains_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "BrowserrQueryOtherDomains failed");
+	torture_assert_werr_equal(tctx, WERR_INVALID_LEVEL, r.out.result,
+				  "BrowserrQueryOtherDomains");
+
+	return true;
+}
+
+struct torture_suite *torture_rpc_browser(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "browser");
+	struct torture_rpc_tcase *tcase = torture_suite_add_rpc_iface_tcase(suite, "browser", &ndr_table_browser);
+
+	torture_rpc_tcase_add_test(tcase, "BrowserrQueryOtherDomains", test_BrowserrQueryOtherDomains);
+
+	return suite;
+}
+
diff --git a/source4/torture/rpc/clusapi.c b/source4/torture/rpc/clusapi.c
new file mode 100644
index 0000000..183ff54
--- /dev/null
+++ b/source4/torture/rpc/clusapi.c
@@ -0,0 +1,4185 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for clusapi rpc operations
+
+   Copyright (C) Günther Deschner 2015
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_clusapi_c.h"
+#include "torture/rpc/torture_rpc.h"
+#include "param/param.h"
+#include "libcli/registry/util_reg.h"
+
+struct torture_clusapi_context {
+	struct dcerpc_pipe *p;
+	const char *NodeName;
+	const char *ClusterName;
+	uint16_t lpwMajorVersion;
+	uint16_t lpwMinorVersion;
+	uint16_t lpwBuildNumber;
+};
+
+static bool test_OpenCluster_int(struct torture_context *tctx,
+				 struct dcerpc_pipe *p,
+				 struct policy_handle *Cluster)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_OpenCluster r;
+	WERROR Status;
+
+	r.out.Status = &Status;
+	r.out.Cluster = Cluster;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_OpenCluster_r(b, tctx, &r),
+		"OpenCluster failed");
+	torture_assert_werr_ok(tctx,
+		*r.out.Status,
+		"OpenCluster failed");
+
+	return true;
+}
+
+static bool test_OpenClusterEx_int(struct torture_context *tctx,
+				   struct dcerpc_pipe *p,
+				   struct policy_handle *Cluster)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_OpenClusterEx r;
+	uint32_t lpdwGrantedAccess;
+	WERROR Status;
+
+	r.in.dwDesiredAccess = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.lpdwGrantedAccess = &lpdwGrantedAccess;
+	r.out.Status = &Status;
+	r.out.hCluster = Cluster;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_OpenClusterEx_r(b, tctx, &r),
+		"OpenClusterEx failed");
+	torture_assert_werr_ok(tctx,
+		*r.out.Status,
+		"OpenClusterEx failed");
+
+	return true;
+}
+
+static bool test_CloseCluster_int(struct torture_context *tctx,
+				  struct dcerpc_pipe *p,
+				  struct policy_handle *Cluster)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_CloseCluster r;
+
+	r.in.Cluster = Cluster;
+	r.out.Cluster = Cluster;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_CloseCluster_r(b, tctx, &r),
+		"CloseCluster failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"CloseCluster failed");
+
+	torture_assert(tctx,
+		ndr_policy_handle_empty(Cluster),
+		"policy_handle non empty after CloseCluster");
+
+	return true;
+}
+
+static bool test_OpenCluster(struct torture_context *tctx,
+			     void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle Cluster;
+
+	if (!test_OpenCluster_int(tctx, t->p, &Cluster)) {
+		return false;
+	}
+
+	test_CloseCluster_int(tctx, t->p, &Cluster);
+
+	return true;
+}
+
+static bool test_OpenClusterEx(struct torture_context *tctx,
+			       void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle Cluster;
+
+	if (!test_OpenClusterEx_int(tctx, t->p, &Cluster)) {
+		return false;
+	}
+
+	test_CloseCluster_int(tctx, t->p, &Cluster);
+
+	return true;
+}
+
+static bool test_CloseCluster(struct torture_context *tctx,
+			      void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle Cluster;
+
+	if (!test_OpenCluster_int(tctx, t->p, &Cluster)) {
+		return false;
+	}
+
+	return test_CloseCluster_int(tctx, t->p, &Cluster);
+}
+
+static bool test_GetClusterName_int(struct torture_context *tctx,
+				    struct dcerpc_pipe *p,
+				    const char **ClusterName)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_GetClusterName r;
+	const char *NodeName;
+
+	r.out.ClusterName = ClusterName;
+	r.out.NodeName = &NodeName;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_GetClusterName_r(b, tctx, &r),
+		"GetClusterName failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"GetClusterName failed");
+
+	return true;
+}
+
+static bool test_SetClusterName(struct torture_context *tctx,
+				void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct dcerpc_binding_handle *b = t->p->binding_handle;
+	struct clusapi_SetClusterName r;
+	const char *NewClusterName;
+	WERROR rpc_status;
+
+	torture_assert(tctx,
+		test_GetClusterName_int(tctx, t->p, &NewClusterName),
+		"failed to query old ClusterName");
+
+	r.in.NewClusterName = NewClusterName;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_SetClusterName_r(b, tctx, &r),
+		"SetClusterName failed");
+	torture_assert_werr_equal(tctx,
+		r.out.result,
+		WERR_RESOURCE_PROPERTIES_STORED,
+		"SetClusterName failed");
+
+	return true;
+}
+
+static bool test_GetClusterName(struct torture_context *tctx,
+				void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	const char *ClusterName;
+
+	return test_GetClusterName_int(tctx, t->p, &ClusterName);
+}
+
+static bool test_GetClusterVersion(struct torture_context *tctx,
+				   void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct dcerpc_binding_handle *b = t->p->binding_handle;
+	struct clusapi_GetClusterVersion r;
+	uint16_t lpwMajorVersion;
+	uint16_t lpwMinorVersion;
+	uint16_t lpwBuildNumber;
+	const char *lpszVendorId;
+	const char *lpszCSDVersion;
+
+	r.out.lpwMajorVersion = &lpwMajorVersion;
+	r.out.lpwMinorVersion = &lpwMinorVersion;
+	r.out.lpwBuildNumber = &lpwBuildNumber;
+	r.out.lpszVendorId = &lpszVendorId;
+	r.out.lpszCSDVersion = &lpszCSDVersion;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_GetClusterVersion_r(b, tctx, &r),
+		"GetClusterVersion failed");
+	torture_assert_werr_equal(tctx,
+		r.out.result,
+		WERR_CALL_NOT_IMPLEMENTED,
+		"GetClusterVersion failed");
+
+	return true;
+}
+
+static bool test_GetClusterVersion2(struct torture_context *tctx,
+				    void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct dcerpc_binding_handle *b = t->p->binding_handle;
+	struct clusapi_GetClusterVersion2 r;
+	uint16_t lpwMajorVersion;
+	uint16_t lpwMinorVersion;
+	uint16_t lpwBuildNumber;
+	const char *lpszVendorId;
+	const char *lpszCSDVersion;
+	struct CLUSTER_OPERATIONAL_VERSION_INFO *ppClusterOpVerInfo;
+	WERROR rpc_status;
+
+	r.out.lpwMajorVersion = &lpwMajorVersion;
+	r.out.lpwMinorVersion = &lpwMinorVersion;
+	r.out.lpwBuildNumber = &lpwBuildNumber;
+	r.out.lpszVendorId = &lpszVendorId;
+	r.out.lpszCSDVersion = &lpszCSDVersion;
+	r.out.ppClusterOpVerInfo = &ppClusterOpVerInfo;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_GetClusterVersion2_r(b, tctx, &r),
+		"GetClusterVersion2 failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"GetClusterVersion2 failed");
+
+	return true;
+}
+
+static bool test_CreateEnum(struct torture_context *tctx,
+			    void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct dcerpc_binding_handle *b = t->p->binding_handle;
+	struct clusapi_CreateEnum r;
+	uint32_t dwType[] = {
+		CLUSTER_ENUM_NODE,
+		CLUSTER_ENUM_RESTYPE,
+		CLUSTER_ENUM_RESOURCE,
+		CLUSTER_ENUM_GROUP,
+		CLUSTER_ENUM_NETWORK,
+		CLUSTER_ENUM_NETINTERFACE,
+		CLUSTER_ENUM_INTERNAL_NETWORK,
+		CLUSTER_ENUM_SHARED_VOLUME_RESOURCE
+	};
+	uint32_t dwType_invalid[] = {
+		0x00000040,
+		0x00000080,
+		0x00000100 /* and many more ... */
+	};
+	struct ENUM_LIST *ReturnEnum;
+	WERROR rpc_status;
+	int i;
+
+	for (i=0; i < ARRAY_SIZE(dwType); i++) {
+
+		r.in.dwType = dwType[i];
+		r.out.ReturnEnum = &ReturnEnum;
+		r.out.rpc_status = &rpc_status;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_clusapi_CreateEnum_r(b, tctx, &r),
+			"CreateEnum failed");
+		torture_assert_werr_ok(tctx,
+			r.out.result,
+			"CreateEnum failed");
+	}
+
+	for (i=0; i < ARRAY_SIZE(dwType_invalid); i++) {
+
+		r.in.dwType = dwType_invalid[i];
+		r.out.ReturnEnum = &ReturnEnum;
+		r.out.rpc_status = &rpc_status;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_clusapi_CreateEnum_r(b, tctx, &r),
+			"CreateEnum failed");
+		torture_assert_werr_equal(tctx,
+			r.out.result,
+			WERR_INVALID_PARAMETER,
+			"CreateEnum failed");
+	}
+
+	return true;
+}
+
+static bool test_CreateEnumEx_int(struct torture_context *tctx,
+				  struct dcerpc_pipe *p,
+				  struct policy_handle *Cluster)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_CreateEnumEx r;
+	uint32_t dwType[] = {
+		CLUSTER_ENUM_NODE,
+		CLUSTER_ENUM_RESTYPE,
+		CLUSTER_ENUM_RESOURCE,
+		CLUSTER_ENUM_GROUP,
+		CLUSTER_ENUM_NETWORK,
+		CLUSTER_ENUM_NETINTERFACE,
+		CLUSTER_ENUM_INTERNAL_NETWORK,
+		CLUSTER_ENUM_SHARED_VOLUME_RESOURCE
+	};
+	uint32_t dwType_invalid[] = {
+		0x00000040,
+		0x00000080,
+		0x00000100 /* and many more ... */
+	};
+	struct ENUM_LIST *ReturnIdEnum;
+	struct ENUM_LIST *ReturnNameEnum;
+	WERROR rpc_status;
+	int i;
+
+	for (i=0; i < ARRAY_SIZE(dwType); i++) {
+
+		r.in.hCluster = *Cluster;
+		r.in.dwType = dwType[i];
+		r.in.dwOptions = 0;
+		r.out.ReturnIdEnum = &ReturnIdEnum;
+		r.out.ReturnNameEnum = &ReturnNameEnum;
+		r.out.rpc_status = &rpc_status;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_clusapi_CreateEnumEx_r(b, tctx, &r),
+			"CreateEnumEx failed");
+		torture_assert_werr_ok(tctx,
+			r.out.result,
+			"CreateEnumEx failed");
+	}
+
+	for (i=0; i < ARRAY_SIZE(dwType_invalid); i++) {
+
+		r.in.hCluster = *Cluster;
+		r.in.dwType = dwType_invalid[i];
+		r.in.dwOptions = 0;
+		r.out.ReturnIdEnum = &ReturnIdEnum;
+		r.out.ReturnNameEnum = &ReturnNameEnum;
+		r.out.rpc_status = &rpc_status;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_clusapi_CreateEnumEx_r(b, tctx, &r),
+			"CreateEnumEx failed");
+		torture_assert_werr_equal(tctx,
+			r.out.result,
+			WERR_INVALID_PARAMETER,
+			"CreateEnumEx failed");
+	}
+
+	return true;
+}
+
+static bool test_CreateEnumEx(struct torture_context *tctx,
+			      void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle Cluster;
+	bool ret;
+
+	if (!test_OpenCluster_int(tctx, t->p, &Cluster)) {
+		return false;
+	}
+
+	ret = test_CreateEnumEx_int(tctx, t->p, &Cluster);
+
+	test_CloseCluster_int(tctx, t->p, &Cluster);
+
+	return ret;
+}
+
+
+static bool test_GetQuorumResource(struct torture_context *tctx,
+				   void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct dcerpc_binding_handle *b = t->p->binding_handle;
+	struct clusapi_GetQuorumResource r;
+	const char *lpszResourceName;
+	const char *lpszDeviceName;
+	uint32_t pdwMaxQuorumLogSize;
+	WERROR rpc_status;
+
+	r.out.lpszResourceName = &lpszResourceName;
+	r.out.lpszDeviceName = &lpszDeviceName;
+	r.out.pdwMaxQuorumLogSize = &pdwMaxQuorumLogSize;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_GetQuorumResource_r(b, tctx, &r),
+		"GetQuorumResource failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"GetQuorumResource failed");
+
+	return true;
+}
+
+static bool test_SetQuorumResource(struct torture_context *tctx,
+				   void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct dcerpc_binding_handle *b = t->p->binding_handle;
+	struct clusapi_SetQuorumResource r;
+	const char *lpszDeviceName = "";
+	uint32_t dwMaxQuorumLogSize = 0;
+	WERROR rpc_status;
+	struct policy_handle hResource;
+
+	/* we need to figure out how this call works and what we provide as
+	   devicename and resource handle - gd
+	 */
+
+	torture_skip(tctx, "skipping SetQuorumResource test");
+
+	ZERO_STRUCT(hResource);
+
+	r.in.hResource = hResource;
+	r.in.lpszDeviceName = lpszDeviceName;
+	r.in.dwMaxQuorumLogSize = dwMaxQuorumLogSize;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_SetQuorumResource_r(b, tctx, &r),
+		"SetQuorumResource failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"SetQuorumResource failed");
+
+	return true;
+}
+
+static bool test_OpenResource_int_exp(struct torture_context *tctx,
+				      struct dcerpc_pipe *p,
+				      const char *lpszResourceName,
+				      struct policy_handle *hResource,
+				      WERROR expected_Status,
+				      WERROR expected_rpc_status)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_OpenResource r;
+	WERROR Status;
+	WERROR rpc_status;
+
+	r.in.lpszResourceName = lpszResourceName;
+	r.out.rpc_status = &rpc_status;
+	r.out.Status = &Status;
+	r.out.hResource = hResource;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_OpenResource_r(b, tctx, &r),
+		"OpenResource failed");
+	torture_assert_werr_equal(tctx,
+		*r.out.Status, expected_Status,
+		"OpenResource failed");
+	torture_assert_werr_equal(tctx,
+		*r.out.rpc_status, expected_rpc_status,
+		"OpenResource failed");
+
+	return true;
+}
+
+bool test_OpenResource_int(struct torture_context *tctx,
+			   struct dcerpc_pipe *p,
+			   const char *lpszResourceName,
+			   struct policy_handle *hResource)
+{
+	return test_OpenResource_int_exp(tctx, p,
+					 lpszResourceName,
+					 hResource,
+					 WERR_OK, WERR_OK);
+}
+
+static bool test_OpenResourceEx_int(struct torture_context *tctx,
+				    struct dcerpc_pipe *p,
+				    const char *lpszResourceName,
+				    struct policy_handle *hResource)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_OpenResourceEx r;
+	uint32_t lpdwGrantedAccess;
+	WERROR Status;
+	WERROR rpc_status;
+
+	r.in.lpszResourceName = lpszResourceName;
+	r.in.dwDesiredAccess = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.lpdwGrantedAccess = &lpdwGrantedAccess;
+	r.out.rpc_status = &rpc_status;
+	r.out.Status = &Status;
+	r.out.hResource = hResource;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_OpenResourceEx_r(b, tctx, &r),
+		"OpenResourceEx failed");
+	torture_assert_werr_ok(tctx,
+		*r.out.Status,
+		"OpenResourceEx failed");
+
+	return true;
+}
+
+bool test_CloseResource_int(struct torture_context *tctx,
+			    struct dcerpc_pipe *p,
+			    struct policy_handle *hResource)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_CloseResource r;
+
+	r.in.Resource = hResource;
+	r.out.Resource = hResource;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_CloseResource_r(b, tctx, &r),
+		"CloseResource failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"CloseResource failed");
+	torture_assert(tctx,
+		ndr_policy_handle_empty(hResource),
+		"policy_handle non empty after CloseResource");
+
+	return true;
+}
+
+static bool test_OpenResource(struct torture_context *tctx,
+			      void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hResource;
+
+	if (!test_OpenResource_int(tctx, t->p, "Cluster Name", &hResource)) {
+		return false;
+	}
+
+	test_CloseResource_int(tctx, t->p, &hResource);
+
+	if (!test_OpenResource_int_exp(tctx, t->p, "", &hResource, WERR_RESOURCE_NOT_FOUND, WERR_OK)) {
+		return false;
+	}
+
+	torture_assert(tctx,
+		ndr_policy_handle_empty(&hResource),
+		"expected empty policy handle");
+
+	if (!test_OpenResource_int_exp(tctx, t->p, "jfUF38fjSNcfn", &hResource, WERR_RESOURCE_NOT_FOUND, WERR_OK)) {
+		return false;
+	}
+
+	torture_assert(tctx,
+		ndr_policy_handle_empty(&hResource),
+		"expected empty policy handle");
+
+	return true;
+}
+
+static bool test_OpenResourceEx(struct torture_context *tctx,
+				void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hResource;
+
+	if (!test_OpenResourceEx_int(tctx, t->p, "Cluster Name", &hResource)) {
+		return false;
+	}
+
+	test_CloseResource_int(tctx, t->p, &hResource);
+
+	return true;
+}
+
+
+static bool test_CloseResource(struct torture_context *tctx,
+			       void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hResource;
+
+	if (!test_OpenResource_int(tctx, t->p, "Cluster Name", &hResource)) {
+		return false;
+	}
+
+	return test_CloseResource_int(tctx, t->p, &hResource);
+}
+
+static bool test_OpenGroup_int(struct torture_context *tctx,
+			       struct dcerpc_pipe *p,
+			       const char *lpszGroupName,
+			       struct policy_handle *hGroup);
+static bool test_CloseGroup_int(struct torture_context *tctx,
+				struct dcerpc_pipe *p,
+				struct policy_handle *Group);
+
+static bool test_CreateResource_int(struct torture_context *tctx,
+				    struct dcerpc_pipe *p,
+				    struct policy_handle *hResource)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_CreateResource r;
+	const char *lpszResourceName = "wurst";
+	const char *lpszResourceType = "Generic Service";
+	WERROR Status;
+	WERROR rpc_status;
+	struct policy_handle hGroup;
+
+	torture_assert(tctx,
+		test_OpenGroup_int(tctx, p, "Cluster Group", &hGroup),
+		"failed to open group");
+
+	r.in.hGroup = hGroup;
+	r.in.lpszResourceName = lpszResourceName;
+	r.in.lpszResourceType = lpszResourceType;
+	r.in.dwFlags = CLUSTER_RESOURCE_DEFAULT_MONITOR;
+	r.out.rpc_status = &rpc_status;
+	r.out.Status = &Status;
+	r.out.hResource = hResource;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_CreateResource_r(b, tctx, &r),
+		"CreateResource failed");
+	torture_assert_werr_ok(tctx,
+		*r.out.Status,
+		"CreateResource failed");
+
+	test_CloseGroup_int(tctx, p, &hGroup);
+
+	return true;
+}
+
+static bool test_DeleteResource_int(struct torture_context *tctx,
+				    struct dcerpc_pipe *p,
+				    struct policy_handle *hResource)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_DeleteResource r;
+	WERROR rpc_status;
+
+	r.in.hResource = *hResource;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_DeleteResource_r(b, tctx, &r),
+		"DeleteResource failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"DeleteResource failed");
+
+	return true;
+}
+
+static bool test_CreateResource(struct torture_context *tctx,
+				void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hResource;
+
+	if (!test_CreateResource_int(tctx, t->p, &hResource)) {
+		return false;
+	}
+
+	test_DeleteResource_int(tctx, t->p, &hResource);
+
+	return true;
+}
+
+static bool test_DeleteResource(struct torture_context *tctx,
+				void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hResource;
+
+	if (!test_CreateResource_int(tctx, t->p, &hResource)) {
+		return false;
+	}
+
+	return test_DeleteResource_int(tctx, t->p, &hResource);
+}
+
+static bool test_SetResourceName_int(struct torture_context *tctx,
+				     struct dcerpc_pipe *p,
+				     struct policy_handle *hResource)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_SetResourceName r;
+	WERROR rpc_status;
+
+	r.in.hResource = *hResource;
+	r.in.lpszResourceName = "wurst";
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_SetResourceName_r(b, tctx, &r),
+		"SetResourceName failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"SetResourceName failed");
+
+	return true;
+}
+
+static bool test_SetResourceName(struct torture_context *tctx,
+				 void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hResource;
+	bool ret = true;
+
+	if (!test_CreateResource_int(tctx, t->p, &hResource)) {
+		return false;
+	}
+
+	ret = test_SetResourceName_int(tctx, t->p, &hResource);
+
+	test_DeleteResource_int(tctx, t->p, &hResource);
+
+	return ret;
+}
+
+static bool test_GetResourceState_int(struct torture_context *tctx,
+				      struct dcerpc_pipe *p,
+				      struct policy_handle *hResource)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_GetResourceState r;
+	enum clusapi_ClusterResourceState State;
+	const char *NodeName;
+	const char *GroupName;
+	WERROR rpc_status;
+
+	r.in.hResource = *hResource;
+	r.out.State = &State;
+	r.out.NodeName = &NodeName;
+	r.out.GroupName = &GroupName;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_GetResourceState_r(b, tctx, &r),
+		"GetResourceState failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"GetResourceState failed");
+
+	return true;
+}
+
+static bool test_GetResourceState(struct torture_context *tctx,
+				  void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hResource;
+	bool ret = true;
+
+	if (!test_OpenResource_int(tctx, t->p, "Cluster Name", &hResource)) {
+		return false;
+	}
+
+	ret = test_GetResourceState_int(tctx, t->p, &hResource);
+
+	test_CloseResource_int(tctx, t->p, &hResource);
+
+	return ret;
+}
+
+static bool test_GetResourceId_int(struct torture_context *tctx,
+				   struct dcerpc_pipe *p,
+				   struct policy_handle *hResource)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_GetResourceId r;
+	const char *pGuid;
+	WERROR rpc_status;
+
+	r.in.hResource = *hResource;
+	r.out.pGuid = &pGuid;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_GetResourceId_r(b, tctx, &r),
+		"GetResourceId failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"GetResourceId failed");
+
+	return true;
+}
+
+static bool test_GetResourceId(struct torture_context *tctx,
+			       void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hResource;
+	bool ret = true;
+
+	if (!test_OpenResource_int(tctx, t->p, "Cluster Name", &hResource)) {
+		return false;
+	}
+
+	ret = test_GetResourceId_int(tctx, t->p, &hResource);
+
+	test_CloseResource_int(tctx, t->p, &hResource);
+
+	return ret;
+}
+
+static bool test_GetResourceType_int(struct torture_context *tctx,
+				     struct dcerpc_pipe *p,
+				     struct policy_handle *hResource)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_GetResourceType r;
+	const char *lpszResourceType;
+	WERROR rpc_status;
+
+	r.in.hResource = *hResource;
+	r.out.lpszResourceType = &lpszResourceType;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_GetResourceType_r(b, tctx, &r),
+		"GetResourceType failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"GetResourceType failed");
+
+	return true;
+}
+
+static bool test_GetResourceType(struct torture_context *tctx,
+				 void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hResource;
+	bool ret = true;
+
+	if (!test_OpenResource_int(tctx, t->p, "Cluster Name", &hResource)) {
+		return false;
+	}
+
+	ret = test_GetResourceType_int(tctx, t->p, &hResource);
+
+	test_CloseResource_int(tctx, t->p, &hResource);
+
+	return ret;
+}
+
+static bool test_FailResource_int(struct torture_context *tctx,
+				  struct dcerpc_pipe *p,
+				  struct policy_handle *hResource)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_FailResource r;
+	WERROR rpc_status;
+
+	r.in.hResource = *hResource;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_FailResource_r(b, tctx, &r),
+		"FailResource failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"FailResource failed");
+
+	return true;
+}
+
+static bool test_FailResource(struct torture_context *tctx,
+			      void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hResource;
+	bool ret = true;
+
+	if (!test_OpenResource_int(tctx, t->p, "Cluster Name", &hResource)) {
+		return false;
+	}
+
+	ret = test_FailResource_int(tctx, t->p, &hResource);
+
+	test_CloseResource_int(tctx, t->p, &hResource);
+
+	return ret;
+}
+
+bool test_OnlineResource_int(struct torture_context *tctx,
+			     struct dcerpc_pipe *p,
+			     struct policy_handle *hResource)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_OnlineResource r;
+	WERROR rpc_status;
+
+	r.in.hResource = *hResource;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_OnlineResource_r(b, tctx, &r),
+		"OnlineResource failed");
+	if (!W_ERROR_IS_OK(r.out.result) &&
+	    !W_ERROR_EQUAL(r.out.result, WERR_IO_PENDING)) {
+		torture_result(tctx, TORTURE_FAIL,
+			       "OnlineResource failed with %s",
+			        win_errstr(r.out.result));
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_OnlineResource(struct torture_context *tctx,
+				void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hResource;
+	bool ret = true;
+
+	if (!test_OpenResource_int(tctx, t->p, "Cluster Name", &hResource)) {
+		return false;
+	}
+
+	ret = test_OnlineResource_int(tctx, t->p, &hResource);
+
+	test_CloseResource_int(tctx, t->p, &hResource);
+
+	return ret;
+}
+
+bool test_OfflineResource_int(struct torture_context *tctx,
+			      struct dcerpc_pipe *p,
+			      struct policy_handle *hResource)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_OfflineResource r;
+	WERROR rpc_status;
+
+	r.in.hResource = *hResource;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_OfflineResource_r(b, tctx, &r),
+		"OfflineResource failed");
+	if (!W_ERROR_IS_OK(r.out.result) &&
+	    !W_ERROR_EQUAL(r.out.result, WERR_IO_PENDING)) {
+		torture_result(tctx, TORTURE_FAIL,
+			       "OfflineResource failed with %s",
+			       win_errstr(r.out.result));
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_OfflineResource(struct torture_context *tctx,
+				 void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hResource;
+	bool ret = true;
+
+	if (!test_OpenResource_int(tctx, t->p, "Cluster Name", &hResource)) {
+		return false;
+	}
+
+	ret = test_OfflineResource_int(tctx, t->p, &hResource);
+
+	test_CloseResource_int(tctx, t->p, &hResource);
+
+	return ret;
+}
+
+static bool test_CreateResEnum_int(struct torture_context *tctx,
+				   struct dcerpc_pipe *p,
+				   struct policy_handle *hResource)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_CreateResEnum r;
+	uint32_t dwType = CLUSTER_ENUM_RESOURCE;
+	struct ENUM_LIST *ReturnEnum;
+	WERROR rpc_status;
+
+	r.in.hResource = *hResource;
+	r.in.dwType = dwType;
+	r.out.ReturnEnum = &ReturnEnum;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_CreateResEnum_r(b, tctx, &r),
+		"CreateResEnum failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"CreateResEnum failed");
+
+	return true;
+}
+
+static bool test_CreateResEnum(struct torture_context *tctx,
+			       void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hResource;
+	bool ret = true;
+
+	if (!test_OpenResource_int(tctx, t->p, "Cluster Name", &hResource)) {
+		return false;
+	}
+
+	ret = test_CreateResEnum_int(tctx, t->p, &hResource);
+
+	test_CloseResource_int(tctx, t->p, &hResource);
+
+	return ret;
+}
+
+static bool test_GetResourceDependencyExpression_int(struct torture_context *tctx,
+						     struct dcerpc_pipe *p,
+						     struct policy_handle *hResource)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_GetResourceDependencyExpression r;
+	const char *lpszDependencyExpression;
+	WERROR rpc_status;
+
+	r.in.hResource = *hResource;
+	r.out.lpszDependencyExpression = &lpszDependencyExpression;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_GetResourceDependencyExpression_r(b, tctx, &r),
+		"GetResourceDependencyExpression failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"GetResourceDependencyExpression failed");
+
+	return true;
+}
+
+static bool test_GetResourceDependencyExpression(struct torture_context *tctx,
+						 void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hResource;
+	bool ret = true;
+
+	if (!test_OpenResource_int(tctx, t->p, "Cluster Name", &hResource)) {
+		return false;
+	}
+
+	ret = test_GetResourceDependencyExpression_int(tctx, t->p, &hResource);
+
+	test_CloseResource_int(tctx, t->p, &hResource);
+
+	return ret;
+}
+
+static bool test_GetResourceNetworkName_int(struct torture_context *tctx,
+					    struct dcerpc_pipe *p,
+					    struct policy_handle *hResource)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_GetResourceNetworkName r;
+	const char *lpszName;
+	WERROR rpc_status;
+
+	r.in.hResource = *hResource;
+	r.out.lpszName = &lpszName;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_GetResourceNetworkName_r(b, tctx, &r),
+		"GetResourceNetworkName failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"GetResourceNetworkName failed");
+
+	return true;
+}
+
+static bool test_GetResourceNetworkName(struct torture_context *tctx,
+					void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hResource;
+	bool ret = true;
+
+	if (!test_OpenResource_int(tctx, t->p, "Network Name", &hResource)) {
+		return false;
+	}
+
+	ret = test_GetResourceNetworkName_int(tctx, t->p, &hResource);
+
+	test_CloseResource_int(tctx, t->p, &hResource);
+
+	return ret;
+}
+
+static bool test_ResourceTypeControl_int(struct torture_context *tctx,
+					 struct dcerpc_pipe *p,
+					 struct policy_handle *Cluster,
+					 const char *resource_type,
+					 enum clusapi_ResourceTypeControlCode dwControlCode)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_ResourceTypeControl r;
+	uint32_t lpBytesReturned;
+	uint32_t lpcbRequired;
+	WERROR rpc_status;
+
+	r.in.hCluster = *Cluster;
+	r.in.lpszResourceTypeName = resource_type;
+	r.in.dwControlCode = 0;
+	r.in.lpInBuffer = NULL;
+	r.in.nInBufferSize = 0;
+	r.in.nOutBufferSize = 0;
+	r.out.lpOutBuffer = NULL;
+	r.out.lpBytesReturned = &lpBytesReturned;
+	r.out.lpcbRequired = &lpcbRequired;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_ResourceTypeControl_r(b, tctx, &r),
+		"ResourceTypeControl failed");
+
+	if (strequal(r.in.lpszResourceTypeName, "MSMQ") ||
+	    strequal(r.in.lpszResourceTypeName, "MSMQTriggers")) {
+		torture_assert_werr_equal(tctx,
+			r.out.result,
+			WERR_CLUSTER_RESTYPE_NOT_SUPPORTED,
+			"ResourceTypeControl failed");
+		return true;
+	}
+
+	torture_assert_werr_equal(tctx,
+		r.out.result,
+		WERR_INVALID_FUNCTION,
+		"ResourceTypeControl failed");
+
+	r.in.dwControlCode = dwControlCode;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_ResourceTypeControl_r(b, tctx, &r),
+		"ResourceTypeControl failed");
+
+	if (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA)) {
+		r.out.lpOutBuffer = talloc_zero_array(tctx, uint8_t, *r.out.lpcbRequired);
+		r.in.nOutBufferSize = *r.out.lpcbRequired;
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_clusapi_ResourceTypeControl_r(b, tctx, &r),
+			"ResourceTypeControl failed");
+	}
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"ResourceTypeControl failed");
+
+	/* now try what happens when we query with a buffer large enough to hold
+	 * the entire packet */
+
+	r.in.nOutBufferSize = 0x4000;
+	r.out.lpOutBuffer = talloc_zero_array(tctx, uint8_t, r.in.nOutBufferSize);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_ResourceTypeControl_r(b, tctx, &r),
+		"ResourceTypeControl failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"ResourceTypeControl failed");
+	torture_assert(tctx, *r.out.lpBytesReturned < r.in.nOutBufferSize,
+		"lpBytesReturned expected to be smaller than input size nOutBufferSize");
+
+	return true;
+}
+
+static bool test_ResourceTypeControl(struct torture_context *tctx,
+				     struct dcerpc_pipe *p,
+				     const char *resourcetype_name)
+{
+	struct policy_handle Cluster;
+	bool ret = true;
+	uint32_t control_codes[] = {
+		CLUSCTL_RESOURCE_TYPE_GET_CLASS_INFO,
+		CLUSCTL_RESOURCE_TYPE_GET_CHARACTERISTICS,
+		CLUSCTL_RESOURCE_TYPE_GET_COMMON_PROPERTIES,
+		CLUSCTL_RESOURCE_TYPE_GET_RO_COMMON_PROPERTIES,
+		CLUSCTL_RESOURCE_TYPE_GET_PRIVATE_PROPERTIES
+	};
+	int i;
+
+	if (!test_OpenCluster_int(tctx, p, &Cluster)) {
+		return false;
+	}
+
+	for (i=0; i < ARRAY_SIZE(control_codes); i++) {
+		ret = test_ResourceTypeControl_int(tctx, p, &Cluster,
+						   resourcetype_name,
+						   control_codes[i]);
+		if (!ret) {
+			goto done;
+		}
+	}
+
+ done:
+	test_CloseCluster_int(tctx, p, &Cluster);
+
+	return ret;
+}
+
+
+
+static bool test_one_resourcetype(struct torture_context *tctx,
+				  struct dcerpc_pipe *p,
+				  const char *resourcetype_name)
+{
+	torture_assert(tctx,
+		test_ResourceTypeControl(tctx, p, resourcetype_name),
+		"failed to query ResourceTypeControl");
+
+	return true;
+}
+
+static bool test_one_resource(struct torture_context *tctx,
+			      struct dcerpc_pipe *p,
+			      const char *resource_name)
+{
+	struct policy_handle hResource;
+
+	torture_assert(tctx,
+		test_OpenResource_int(tctx, p, resource_name, &hResource),
+		"failed to open resource");
+	test_CloseResource_int(tctx, p, &hResource);
+
+	torture_assert(tctx,
+		test_OpenResourceEx_int(tctx, p, resource_name, &hResource),
+		"failed to openex resource");
+
+	torture_assert(tctx,
+		test_GetResourceType_int(tctx, p, &hResource),
+		"failed to query resource type");
+	torture_assert(tctx,
+		test_GetResourceId_int(tctx, p, &hResource),
+		"failed to query resource id");
+	torture_assert(tctx,
+		test_GetResourceState_int(tctx, p, &hResource),
+		"failed to query resource state");
+	torture_assert(tctx,
+		test_CreateResEnum_int(tctx, p, &hResource),
+		"failed to query resource enum");
+	torture_assert(tctx,
+		test_GetResourceDependencyExpression_int(tctx, p, &hResource),
+		"failed to query resource dependency expression");
+	torture_assert(tctx,
+		test_GetResourceNetworkName_int(tctx, p, &hResource),
+		"failed to query resource network name");
+
+	test_CloseResource_int(tctx, p, &hResource);
+
+	return true;
+}
+
+static bool test_all_resources(struct torture_context *tctx,
+			       void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct dcerpc_binding_handle *b = t->p->binding_handle;
+	struct clusapi_CreateEnum r;
+	uint32_t dwType = CLUSTER_ENUM_RESOURCE;
+	struct ENUM_LIST *ReturnEnum;
+	WERROR rpc_status;
+	int i;
+
+	r.in.dwType = dwType;
+	r.out.ReturnEnum = &ReturnEnum;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_CreateEnum_r(b, tctx, &r),
+		"CreateEnum failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"CreateEnum failed");
+
+	for (i=0; i < ReturnEnum->EntryCount; i++) {
+
+		struct ENUM_ENTRY e = ReturnEnum->Entry[i];
+
+		torture_assert_int_equal(tctx, e.Type, CLUSTER_ENUM_RESOURCE, "type mismatch");
+
+		torture_assert(tctx,
+			test_one_resource(tctx, t->p, e.Name),
+			"failed to test one resource");
+	}
+
+	return true;
+}
+
+static bool test_all_resourcetypes(struct torture_context *tctx,
+				   void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct dcerpc_binding_handle *b = t->p->binding_handle;
+	struct clusapi_CreateEnum r;
+	uint32_t dwType = CLUSTER_ENUM_RESTYPE;
+	struct ENUM_LIST *ReturnEnum;
+	WERROR rpc_status;
+	int i;
+
+	r.in.dwType = dwType;
+	r.out.ReturnEnum = &ReturnEnum;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_CreateEnum_r(b, tctx, &r),
+		"CreateEnum failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"CreateEnum failed");
+
+	for (i=0; i < ReturnEnum->EntryCount; i++) {
+
+		struct ENUM_ENTRY e = ReturnEnum->Entry[i];
+
+		torture_assert_int_equal(tctx, e.Type, CLUSTER_ENUM_RESTYPE, "type mismatch");
+
+		torture_assert(tctx,
+			test_one_resourcetype(tctx, t->p, e.Name),
+			"failed to test one resourcetype");
+	}
+
+	return true;
+}
+
+
+static bool test_OpenNode_int(struct torture_context *tctx,
+			      struct dcerpc_pipe *p,
+			      const char *lpszNodeName,
+			      struct policy_handle *hNode)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_OpenNode r;
+	WERROR Status;
+	WERROR rpc_status;
+
+	r.in.lpszNodeName = lpszNodeName;
+	r.out.rpc_status = &rpc_status;
+	r.out.Status = &Status;
+	r.out.hNode= hNode;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_OpenNode_r(b, tctx, &r),
+		"OpenNode failed");
+	torture_assert_werr_ok(tctx,
+		*r.out.Status,
+		"OpenNode failed");
+
+	return true;
+}
+
+static bool test_OpenNodeEx_int(struct torture_context *tctx,
+				struct dcerpc_pipe *p,
+				const char *lpszNodeName,
+				struct policy_handle *hNode)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_OpenNodeEx r;
+	uint32_t lpdwGrantedAccess;
+	WERROR Status;
+	WERROR rpc_status;
+
+	r.in.lpszNodeName = lpszNodeName;
+	r.in.dwDesiredAccess = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.lpdwGrantedAccess = &lpdwGrantedAccess;
+	r.out.rpc_status = &rpc_status;
+	r.out.Status = &Status;
+	r.out.hNode= hNode;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_OpenNodeEx_r(b, tctx, &r),
+		"OpenNodeEx failed");
+	torture_assert_werr_ok(tctx,
+		*r.out.Status,
+		"OpenNodeEx failed");
+
+	return true;
+}
+
+
+static bool test_CloseNode_int(struct torture_context *tctx,
+			       struct dcerpc_pipe *p,
+			       struct policy_handle *Node)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_CloseNode r;
+
+	r.in.Node = Node;
+	r.out.Node = Node;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_CloseNode_r(b, tctx, &r),
+		"CloseNode failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"CloseNode failed");
+	torture_assert(tctx,
+		ndr_policy_handle_empty(Node),
+		"policy_handle non empty after CloseNode");
+
+	return true;
+}
+
+static bool test_OpenNode(struct torture_context *tctx,
+			  void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hNode;
+
+	if (!test_OpenNode_int(tctx, t->p, t->NodeName, &hNode)) {
+		return false;
+	}
+
+	test_CloseNode_int(tctx, t->p, &hNode);
+
+	return true;
+}
+
+static bool test_OpenNodeEx(struct torture_context *tctx,
+			    void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hNode;
+
+	if (!test_OpenNodeEx_int(tctx, t->p, t->NodeName, &hNode)) {
+		return false;
+	}
+
+	test_CloseNode_int(tctx, t->p, &hNode);
+
+	return true;
+}
+
+static bool test_CloseNode(struct torture_context *tctx,
+			   void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hNode;
+
+	if (!test_OpenNode_int(tctx, t->p, t->NodeName, &hNode)) {
+		return false;
+	}
+
+	return test_CloseNode_int(tctx, t->p, &hNode);
+}
+
+static bool test_GetNodeState_int(struct torture_context *tctx,
+				  struct dcerpc_pipe *p,
+				  struct policy_handle *hNode)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_GetNodeState r;
+	enum clusapi_ClusterNodeState State;
+	WERROR rpc_status;
+
+	r.in.hNode = *hNode;
+	r.out.State = &State;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_GetNodeState_r(b, tctx, &r),
+		"GetNodeState failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"GetNodeState failed");
+
+	return true;
+}
+
+static bool test_GetNodeState(struct torture_context *tctx,
+			      void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hNode;
+	bool ret = true;
+
+	if (!test_OpenNode_int(tctx, t->p, t->NodeName, &hNode)) {
+		return false;
+	}
+
+	ret = test_GetNodeState_int(tctx, t->p, &hNode);
+
+	test_CloseNode_int(tctx, t->p, &hNode);
+
+	return ret;
+}
+
+static bool test_GetNodeId_int(struct torture_context *tctx,
+			       struct dcerpc_pipe *p,
+			       struct policy_handle *hNode)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_GetNodeId r;
+	const char *pGuid;
+	WERROR rpc_status;
+
+	r.in.hNode = *hNode;
+	r.out.pGuid = &pGuid;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_GetNodeId_r(b, tctx, &r),
+		"GetNodeId failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"GetNodeId failed");
+
+	return true;
+}
+
+static bool test_GetNodeId(struct torture_context *tctx,
+			   void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hNode;
+	bool ret = true;
+
+	if (!test_OpenNode_int(tctx, t->p, t->NodeName, &hNode)) {
+		return false;
+	}
+
+	ret = test_GetNodeId_int(tctx, t->p, &hNode);
+
+	test_CloseNode_int(tctx, t->p, &hNode);
+
+	return ret;
+}
+
+static bool test_NodeControl_int(struct torture_context *tctx,
+				 struct dcerpc_pipe *p,
+				 struct policy_handle *hNode,
+				 enum clusapi_NodeControlCode dwControlCode)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_NodeControl r;
+	uint32_t lpBytesReturned;
+	uint32_t lpcbRequired;
+	WERROR rpc_status;
+
+	r.in.hNode = *hNode;
+	r.in.dwControlCode = 0;
+	r.in.lpInBuffer = NULL;
+	r.in.nInBufferSize = 0;
+	r.in.nOutBufferSize = 0;
+	r.out.lpOutBuffer = NULL;
+	r.out.lpBytesReturned = &lpBytesReturned;
+	r.out.lpcbRequired = &lpcbRequired;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_NodeControl_r(b, tctx, &r),
+		"NodeControl failed");
+	torture_assert_werr_equal(tctx,
+		r.out.result,
+		WERR_INVALID_FUNCTION,
+		"NodeControl failed");
+
+	r.in.dwControlCode = dwControlCode;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_NodeControl_r(b, tctx, &r),
+		"NodeControl failed");
+
+	if (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA)) {
+		r.out.lpOutBuffer = talloc_zero_array(tctx, uint8_t, *r.out.lpcbRequired);
+		r.in.nOutBufferSize = *r.out.lpcbRequired;
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_clusapi_NodeControl_r(b, tctx, &r),
+			"NodeControl failed");
+	}
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"NodeControl failed");
+
+	/* now try what happens when we query with a buffer large enough to hold
+	 * the entire packet */
+
+	r.in.nOutBufferSize = 0x4000;
+	r.out.lpOutBuffer = talloc_zero_array(tctx, uint8_t, r.in.nOutBufferSize);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_NodeControl_r(b, tctx, &r),
+		"NodeControl failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"NodeControl failed");
+	torture_assert(tctx, *r.out.lpBytesReturned < r.in.nOutBufferSize,
+		"lpBytesReturned expected to be smaller than input size nOutBufferSize");
+
+	if (dwControlCode == CLUSCTL_NODE_GET_ID) {
+		const char *str;
+		DATA_BLOB blob = data_blob_const(r.out.lpOutBuffer, *r.out.lpBytesReturned);
+
+		torture_assert(tctx, *r.out.lpBytesReturned >= 4, "must be at least 4 bytes long");
+		torture_assert(tctx, (*r.out.lpBytesReturned % 2) == 0, "must be a multiple of 2");
+
+		torture_assert(tctx,
+			pull_reg_sz(tctx, &blob, &str),
+			"failed to pull unicode string");
+
+		torture_comment(tctx, "got this node id: '%s'", str);
+	}
+
+	return true;
+}
+
+static bool test_NodeControl(struct torture_context *tctx,
+			     void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hNode;
+	bool ret = true;
+
+	if (!test_OpenNode_int(tctx, t->p, t->NodeName, &hNode)) {
+		return false;
+	}
+
+	ret = test_NodeControl_int(tctx, t->p, &hNode, CLUSCTL_NODE_GET_RO_COMMON_PROPERTIES);
+	if (!ret) {
+		return false;
+	}
+
+	ret = test_NodeControl_int(tctx, t->p, &hNode, CLUSCTL_NODE_GET_ID);
+	if (!ret) {
+		return false;
+	}
+
+	test_CloseNode_int(tctx, t->p, &hNode);
+
+	return ret;
+}
+
+static bool test_PauseNode_int(struct torture_context *tctx,
+			       struct dcerpc_pipe *p,
+			       struct policy_handle *hNode)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_PauseNode r;
+	WERROR rpc_status;
+
+	r.in.hNode = *hNode;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_PauseNode_r(b, tctx, &r),
+		"PauseNode failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"PauseNode failed");
+
+	return true;
+}
+
+static bool test_PauseNode(struct torture_context *tctx,
+			   void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hNode;
+	bool ret = true;
+
+	if (!test_OpenNode_int(tctx, t->p, t->NodeName, &hNode)) {
+		return false;
+	}
+
+	ret = test_PauseNode_int(tctx, t->p, &hNode);
+
+	test_CloseNode_int(tctx, t->p, &hNode);
+
+	return ret;
+}
+
+static bool test_ResumeNode_int(struct torture_context *tctx,
+				struct dcerpc_pipe *p,
+				struct policy_handle *hNode)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_ResumeNode r;
+	WERROR rpc_status;
+
+	r.in.hNode = *hNode;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_ResumeNode_r(b, tctx, &r),
+		"ResumeNode failed");
+	torture_assert_werr_equal(tctx,
+		r.out.result,
+		WERR_CLUSTER_NODE_NOT_PAUSED,
+		"ResumeNode gave unexpected result");
+
+	return true;
+}
+
+static bool test_ResumeNode(struct torture_context *tctx,
+			    void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hNode;
+	bool ret = true;
+
+	if (!test_OpenNode_int(tctx, t->p, t->NodeName, &hNode)) {
+		return false;
+	}
+
+	ret = test_ResumeNode_int(tctx, t->p, &hNode);
+
+	test_CloseNode_int(tctx, t->p, &hNode);
+
+	return ret;
+}
+
+static bool test_EvictNode_int(struct torture_context *tctx,
+			       struct dcerpc_pipe *p,
+			       struct policy_handle *hNode)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_EvictNode r;
+	WERROR rpc_status;
+
+	r.in.hNode = *hNode;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_EvictNode_r(b, tctx, &r),
+		"EvictNode failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"EvictNode failed");
+
+	return true;
+}
+
+static bool test_EvictNode(struct torture_context *tctx,
+			   void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hNode;
+	bool ret = true;
+
+	if (!test_OpenNode_int(tctx, t->p, t->NodeName, &hNode)) {
+		return false;
+	}
+
+	ret = test_EvictNode_int(tctx, t->p, &hNode);
+
+	test_CloseNode_int(tctx, t->p, &hNode);
+
+	return ret;
+}
+
+static bool test_one_node(struct torture_context *tctx,
+			  struct dcerpc_pipe *p,
+			  const char *node_name)
+{
+	struct policy_handle hNode;
+
+	torture_assert(tctx,
+		test_OpenNode_int(tctx, p, node_name, &hNode),
+		"failed to open node");
+	test_CloseNode_int(tctx, p, &hNode);
+
+	torture_assert(tctx,
+		test_OpenNodeEx_int(tctx, p, node_name, &hNode),
+		"failed to openex node");
+
+	torture_assert(tctx,
+		test_GetNodeId_int(tctx, p, &hNode),
+		"failed to query node id");
+	torture_assert(tctx,
+		test_GetNodeState_int(tctx, p, &hNode),
+		"failed to query node id");
+
+	test_CloseNode_int(tctx, p, &hNode);
+
+	return true;
+}
+
+static bool test_all_nodes(struct torture_context *tctx,
+			   void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct dcerpc_binding_handle *b = t->p->binding_handle;
+	struct clusapi_CreateEnum r;
+	uint32_t dwType = CLUSTER_ENUM_NODE;
+	struct ENUM_LIST *ReturnEnum;
+	WERROR rpc_status;
+	int i;
+
+	r.in.dwType = dwType;
+	r.out.ReturnEnum = &ReturnEnum;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_CreateEnum_r(b, tctx, &r),
+		"CreateEnum failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"CreateEnum failed");
+
+	for (i=0; i < ReturnEnum->EntryCount; i++) {
+
+		struct ENUM_ENTRY e = ReturnEnum->Entry[i];
+
+		torture_assert_int_equal(tctx, e.Type, CLUSTER_ENUM_NODE, "type mismatch");
+
+		torture_assert(tctx,
+			test_one_node(tctx, t->p, e.Name),
+			"failed to test one node");
+	}
+
+	return true;
+}
+
+static bool test_OpenGroup_int(struct torture_context *tctx,
+			       struct dcerpc_pipe *p,
+			       const char *lpszGroupName,
+			       struct policy_handle *hGroup)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_OpenGroup r;
+	WERROR Status;
+	WERROR rpc_status;
+
+	r.in.lpszGroupName = lpszGroupName;
+	r.out.rpc_status = &rpc_status;
+	r.out.Status = &Status;
+	r.out.hGroup= hGroup;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_OpenGroup_r(b, tctx, &r),
+		"OpenGroup failed");
+	torture_assert_werr_ok(tctx,
+		*r.out.Status,
+		"OpenGroup failed");
+
+	return true;
+}
+
+static bool test_OpenGroupEx_int(struct torture_context *tctx,
+				 struct dcerpc_pipe *p,
+				 const char *lpszGroupName,
+				 struct policy_handle *hGroup)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_OpenGroupEx r;
+	uint32_t lpdwGrantedAccess;
+	WERROR Status;
+	WERROR rpc_status;
+
+	r.in.lpszGroupName = lpszGroupName;
+	r.in.dwDesiredAccess = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.lpdwGrantedAccess = &lpdwGrantedAccess;
+	r.out.rpc_status = &rpc_status;
+	r.out.Status = &Status;
+	r.out.hGroup= hGroup;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_OpenGroupEx_r(b, tctx, &r),
+		"OpenGroupEx failed");
+	torture_assert_werr_ok(tctx,
+		*r.out.Status,
+		"OpenGroupEx failed");
+
+	return true;
+}
+
+static bool test_CloseGroup_int(struct torture_context *tctx,
+				struct dcerpc_pipe *p,
+				struct policy_handle *Group)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_CloseGroup r;
+
+	r.in.Group = Group;
+	r.out.Group = Group;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_CloseGroup_r(b, tctx, &r),
+		"CloseGroup failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"CloseGroup failed");
+	torture_assert(tctx,
+		ndr_policy_handle_empty(Group),
+		"policy_handle non empty after CloseGroup");
+
+	return true;
+}
+
+static bool test_OpenGroup(struct torture_context *tctx,
+			   void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hGroup;
+
+	if (!test_OpenGroup_int(tctx, t->p, "Cluster Group", &hGroup)) {
+		return false;
+	}
+
+	test_CloseGroup_int(tctx, t->p, &hGroup);
+
+	return true;
+}
+
+static bool test_OpenGroupEx(struct torture_context *tctx,
+			     void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hGroup;
+
+	if (!test_OpenGroupEx_int(tctx, t->p, "Cluster Group", &hGroup)) {
+		return false;
+	}
+
+	test_CloseGroup_int(tctx, t->p, &hGroup);
+
+	return true;
+}
+
+static bool test_CloseGroup(struct torture_context *tctx,
+			    void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hGroup;
+
+	if (!test_OpenGroup_int(tctx, t->p, "Cluster Group", &hGroup)) {
+		return false;
+	}
+
+	return test_CloseGroup_int(tctx, t->p, &hGroup);
+}
+
+static bool test_GetGroupState_int(struct torture_context *tctx,
+				   struct dcerpc_pipe *p,
+				   struct policy_handle *hGroup)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_GetGroupState r;
+	enum clusapi_ClusterGroupState State;
+	const char *NodeName;
+	WERROR rpc_status;
+
+	r.in.hGroup = *hGroup;
+	r.out.State = &State;
+	r.out.NodeName = &NodeName;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_GetGroupState_r(b, tctx, &r),
+		"GetGroupState failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"GetGroupState failed");
+
+	return true;
+}
+
+static bool test_GetGroupState(struct torture_context *tctx,
+			       void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hGroup;
+	bool ret = true;
+
+	if (!test_OpenGroup_int(tctx, t->p, "Cluster Group", &hGroup)) {
+		return false;
+	}
+
+	ret = test_GetGroupState_int(tctx, t->p, &hGroup);
+
+	test_CloseGroup_int(tctx, t->p, &hGroup);
+
+	return ret;
+}
+
+static bool test_GetGroupId_int(struct torture_context *tctx,
+				struct dcerpc_pipe *p,
+				struct policy_handle *hGroup)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_GetGroupId r;
+	const char *pGuid;
+	WERROR rpc_status;
+
+	r.in.hGroup = *hGroup;
+	r.out.pGuid = &pGuid;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_GetGroupId_r(b, tctx, &r),
+		"GetGroupId failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"GetGroupId failed");
+
+	return true;
+}
+
+static bool test_GetGroupId(struct torture_context *tctx,
+			    void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hGroup;
+	bool ret = true;
+
+	if (!test_OpenGroup_int(tctx, t->p, "Cluster Group", &hGroup)) {
+		return false;
+	}
+
+	ret = test_GetGroupId_int(tctx, t->p, &hGroup);
+
+	test_CloseGroup_int(tctx, t->p, &hGroup);
+
+	return ret;
+}
+
+static bool test_GroupControl_int(struct torture_context *tctx,
+				  struct dcerpc_pipe *p,
+				  struct policy_handle *hGroup,
+				  enum clusapi_GroupControlCode dwControlCode)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_GroupControl r;
+	uint32_t lpBytesReturned;
+	uint32_t lpcbRequired;
+	WERROR rpc_status;
+
+	r.in.hGroup = *hGroup;
+	r.in.dwControlCode = 0;
+	r.in.lpInBuffer = NULL;
+	r.in.nInBufferSize = 0;
+	r.in.nOutBufferSize = 0;
+	r.out.lpOutBuffer = NULL;
+	r.out.lpBytesReturned = &lpBytesReturned;
+	r.out.lpcbRequired = &lpcbRequired;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_GroupControl_r(b, tctx, &r),
+		"GroupControl failed");
+	torture_assert_werr_equal(tctx,
+		r.out.result,
+		WERR_INVALID_FUNCTION,
+		"GroupControl failed");
+
+	r.in.dwControlCode = dwControlCode;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_GroupControl_r(b, tctx, &r),
+		"GroupControl failed");
+
+	if (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA)) {
+		r.out.lpOutBuffer = talloc_zero_array(tctx, uint8_t, *r.out.lpcbRequired);
+		r.in.nOutBufferSize = *r.out.lpcbRequired;
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_clusapi_GroupControl_r(b, tctx, &r),
+			"GroupControl failed");
+	}
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"GroupControl failed");
+
+	/* now try what happens when we query with a buffer large enough to hold
+	 * the entire packet */
+
+	r.in.nOutBufferSize = 0x400;
+	r.out.lpOutBuffer = talloc_zero_array(tctx, uint8_t, r.in.nOutBufferSize);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_GroupControl_r(b, tctx, &r),
+		"GroupControl failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"GroupControl failed");
+	torture_assert(tctx, *r.out.lpBytesReturned < r.in.nOutBufferSize,
+		"lpBytesReturned expected to be smaller than input size nOutBufferSize");
+
+	return true;
+}
+
+static bool test_CreateGroupResourceEnum_int(struct torture_context *tctx,
+					     struct dcerpc_pipe *p,
+					     struct policy_handle *hGroup)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_CreateGroupResourceEnum r;
+	uint32_t dwType[] = {
+		CLUSTER_GROUP_ENUM_CONTAINS,
+		CLUSTER_GROUP_ENUM_NODES
+	};
+	uint32_t dwType_invalid[] = {
+		0x00000040,
+		0x00000080,
+		0x00000100 /* and many more ... */
+	};
+	struct ENUM_LIST *ReturnEnum;
+	WERROR rpc_status;
+	int i;
+
+	r.in.hGroup = *hGroup;
+
+	for (i=0; i < ARRAY_SIZE(dwType); i++) {
+
+		r.in.hGroup = *hGroup;
+		r.in.dwType = dwType[i];
+		r.out.ReturnEnum = &ReturnEnum;
+		r.out.rpc_status = &rpc_status;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_clusapi_CreateGroupResourceEnum_r(b, tctx, &r),
+			"CreateGroupResourceEnum failed");
+		torture_assert_werr_ok(tctx,
+			r.out.result,
+			"CreateGroupResourceEnum failed");
+	}
+
+	for (i=0; i < ARRAY_SIZE(dwType_invalid); i++) {
+
+		r.in.dwType = dwType_invalid[i];
+		r.out.ReturnEnum = &ReturnEnum;
+		r.out.rpc_status = &rpc_status;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_clusapi_CreateGroupResourceEnum_r(b, tctx, &r),
+			"CreateGroupResourceEnum failed");
+		torture_assert_werr_ok(tctx,
+			r.out.result,
+			"CreateGroupResourceEnum failed");
+	}
+
+	return true;
+}
+
+
+static bool test_GroupControl(struct torture_context *tctx,
+			      void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hGroup;
+	bool ret = true;
+
+	if (!test_OpenGroup_int(tctx, t->p, "Cluster Group", &hGroup)) {
+		return false;
+	}
+
+	ret = test_GroupControl_int(tctx, t->p, &hGroup, CLUSCTL_GROUP_GET_CHARACTERISTICS);
+	if (!ret) {
+		return false;
+	}
+
+	ret = test_GroupControl_int(tctx, t->p, &hGroup, CLUSCTL_GROUP_GET_RO_COMMON_PROPERTIES);
+	if (!ret) {
+		return false;
+	}
+
+	ret = test_GroupControl_int(tctx, t->p, &hGroup, CLUSCTL_GROUP_GET_FLAGS);
+	if (!ret) {
+		return false;
+	}
+
+	test_CloseGroup_int(tctx, t->p, &hGroup);
+
+	return ret;
+}
+
+static bool test_OnlineGroup_int(struct torture_context *tctx,
+				 struct dcerpc_pipe *p,
+				 struct policy_handle *hGroup)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_OnlineGroup r;
+	WERROR rpc_status;
+
+	r.in.hGroup = *hGroup;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_OnlineGroup_r(b, tctx, &r),
+		"OnlineGroup failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"OnlineGroup failed");
+
+	return true;
+}
+
+static bool test_OnlineGroup(struct torture_context *tctx,
+			     void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hGroup;
+	bool ret = true;
+
+	if (!test_OpenGroup_int(tctx, t->p, "Cluster Group", &hGroup)) {
+		return false;
+	}
+
+	ret = test_OnlineGroup_int(tctx, t->p, &hGroup);
+
+	test_CloseGroup_int(tctx, t->p, &hGroup);
+
+	return ret;
+}
+
+static bool test_OfflineGroup_int(struct torture_context *tctx,
+				  struct dcerpc_pipe *p,
+				  struct policy_handle *hGroup)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_OfflineGroup r;
+	WERROR rpc_status;
+
+	r.in.hGroup = *hGroup;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_OfflineGroup_r(b, tctx, &r),
+		"OfflineGroup failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"OfflineGroup failed");
+
+	return true;
+}
+
+static bool test_OfflineGroup(struct torture_context *tctx,
+			      void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hGroup;
+	bool ret = true;
+
+	if (!test_OpenGroup_int(tctx, t->p, "Cluster Group", &hGroup)) {
+		return false;
+	}
+
+	ret = test_OfflineGroup_int(tctx, t->p, &hGroup);
+
+	test_CloseGroup_int(tctx, t->p, &hGroup);
+
+	return ret;
+}
+
+static bool test_one_group(struct torture_context *tctx,
+			   struct dcerpc_pipe *p,
+			   const char *group_name)
+{
+	struct policy_handle hGroup;
+
+	torture_assert(tctx,
+		test_OpenGroup_int(tctx, p, group_name, &hGroup),
+		"failed to open group");
+	test_CloseGroup_int(tctx, p, &hGroup);
+
+	torture_assert(tctx,
+		test_OpenGroupEx_int(tctx, p, group_name, &hGroup),
+		"failed to openex group");
+
+	torture_assert(tctx,
+		test_GetGroupId_int(tctx, p, &hGroup),
+		"failed to query group id");
+	torture_assert(tctx,
+		test_GetGroupState_int(tctx, p, &hGroup),
+		"failed to query group id");
+
+	torture_assert(tctx,
+		test_GroupControl_int(tctx, p, &hGroup, CLUSCTL_GROUP_GET_FLAGS),
+		"failed to query group control");
+
+	torture_assert(tctx,
+		test_CreateGroupResourceEnum_int(tctx, p, &hGroup),
+		"failed to query resource enum");
+
+	test_CloseGroup_int(tctx, p, &hGroup);
+
+	return true;
+}
+
+static bool test_all_groups(struct torture_context *tctx,
+			    void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct dcerpc_binding_handle *b = t->p->binding_handle;
+	struct clusapi_CreateEnum r;
+	uint32_t dwType = CLUSTER_ENUM_GROUP;
+	struct ENUM_LIST *ReturnEnum;
+	WERROR rpc_status;
+	int i;
+
+	r.in.dwType = dwType;
+	r.out.ReturnEnum = &ReturnEnum;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_CreateEnum_r(b, tctx, &r),
+		"CreateEnum failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"CreateEnum failed");
+
+	for (i=0; i < ReturnEnum->EntryCount; i++) {
+
+		struct ENUM_ENTRY e = ReturnEnum->Entry[i];
+
+		torture_assert_int_equal(tctx, e.Type, CLUSTER_ENUM_GROUP, "type mismatch");
+
+		torture_assert(tctx,
+			test_one_group(tctx, t->p, e.Name),
+			"failed to test one group");
+	}
+
+	return true;
+}
+
+static bool test_BackupClusterDatabase(struct torture_context *tctx,
+				       void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct dcerpc_binding_handle *b = t->p->binding_handle;
+	struct clusapi_BackupClusterDatabase r;
+	WERROR rpc_status;
+
+	r.in.lpszPathName = "c:\\cluster_backup";
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_BackupClusterDatabase_r(b, tctx, &r),
+		"BackupClusterDatabase failed");
+	torture_assert_werr_equal(tctx,
+		r.out.result,
+		WERR_CALL_NOT_IMPLEMENTED,
+		"BackupClusterDatabase failed");
+
+	return true;
+}
+
+static bool test_SetServiceAccountPassword(struct torture_context *tctx,
+					   void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct dcerpc_binding_handle *b = t->p->binding_handle;
+	struct clusapi_SetServiceAccountPassword r;
+	uint32_t SizeReturned;
+	uint32_t ExpectedBufferSize;
+
+	r.in.lpszNewPassword = "P@ssw0rd!";
+	r.in.dwFlags = IDL_CLUSTER_SET_PASSWORD_IGNORE_DOWN_NODES;
+	r.in.ReturnStatusBufferSize = 1024;
+	r.out.ReturnStatusBufferPtr = NULL;
+	r.out.SizeReturned = &SizeReturned;
+	r.out.ExpectedBufferSize = &ExpectedBufferSize;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_SetServiceAccountPassword_r(b, tctx, &r),
+		"SetServiceAccountPassword failed");
+	torture_assert_werr_equal(tctx,
+		r.out.result,
+		WERR_CALL_NOT_IMPLEMENTED,
+		"SetServiceAccountPassword failed");
+
+	return true;
+}
+
+static bool test_ClusterControl_int(struct torture_context *tctx,
+				    struct dcerpc_pipe *p,
+				    struct policy_handle *Cluster,
+				    enum clusapi_ClusterControlCode dwControlCode)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_ClusterControl r;
+	uint32_t lpBytesReturned;
+	uint32_t lpcbRequired;
+	WERROR rpc_status;
+
+	r.in.hCluster = *Cluster;
+	r.in.dwControlCode = 0;
+	r.in.lpInBuffer = NULL;
+	r.in.nInBufferSize = 0;
+	r.in.nOutBufferSize = 0;
+	r.out.lpOutBuffer = NULL;
+	r.out.lpBytesReturned = &lpBytesReturned;
+	r.out.lpcbRequired = &lpcbRequired;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_ClusterControl_r(b, tctx, &r),
+		"ClusterControl failed");
+	torture_assert_werr_equal(tctx,
+		r.out.result,
+		WERR_INVALID_FUNCTION,
+		"ClusterControl failed");
+
+	r.in.dwControlCode = dwControlCode;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_ClusterControl_r(b, tctx, &r),
+		"ClusterControl failed");
+
+	if (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA)) {
+		r.out.lpOutBuffer = talloc_zero_array(tctx, uint8_t, *r.out.lpcbRequired);
+		r.in.nOutBufferSize = *r.out.lpcbRequired;
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_clusapi_ClusterControl_r(b, tctx, &r),
+			"ClusterControl failed");
+	}
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"ClusterControl failed");
+
+	/* now try what happens when we query with a buffer large enough to hold
+	 * the entire packet */
+
+	r.in.nOutBufferSize = 0xffff;
+	r.out.lpOutBuffer = talloc_zero_array(tctx, uint8_t, r.in.nOutBufferSize);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_ClusterControl_r(b, tctx, &r),
+		"ClusterControl failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"ClusterControl failed");
+	torture_assert(tctx, *r.out.lpBytesReturned < r.in.nOutBufferSize,
+		"lpBytesReturned expected to be smaller than input size nOutBufferSize");
+
+	return true;
+}
+
+static bool test_ClusterControl(struct torture_context *tctx,
+				void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle Cluster;
+	bool ret = true;
+	uint32_t control_codes[] = {
+		CLUSCTL_CLUSTER_GET_COMMON_PROPERTIES,
+		CLUSCTL_CLUSTER_GET_RO_COMMON_PROPERTIES,
+		CLUSCTL_CLUSTER_GET_FQDN,
+		CLUSCTL_CLUSTER_GET_PRIVATE_PROPERTIES,
+		CLUSCTL_CLUSTER_CHECK_VOTER_DOWN
+	};
+	int i;
+
+	if (!test_OpenCluster_int(tctx, t->p, &Cluster)) {
+		return false;
+	}
+
+	for (i=0; i < ARRAY_SIZE(control_codes); i++) {
+		ret = test_ClusterControl_int(tctx, t->p, &Cluster,
+					      control_codes[i]);
+		if (!ret) {
+			goto done;
+		}
+	}
+
+ done:
+	test_CloseCluster_int(tctx, t->p, &Cluster);
+
+	return ret;
+}
+
+static bool test_CreateResTypeEnum(struct torture_context *tctx,
+				   void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct dcerpc_binding_handle *b = t->p->binding_handle;
+	struct clusapi_CreateResTypeEnum r;
+	uint32_t dwType[] = {
+		CLUSTER_RESOURCE_TYPE_ENUM_NODES,
+		CLUSTER_RESOURCE_TYPE_ENUM_RESOURCES
+	};
+	uint32_t dwType_invalid[] = {
+		0x00000040,
+		0x00000080,
+		0x00000100 /* and many more ... */
+	};
+	const char *valid_names[] = {
+		"Physical Disk",
+		"Storage Pool"
+	};
+	const char *invalid_names[] = {
+		"INVALID_TYPE_XXXX"
+	};
+	struct ENUM_LIST *ReturnEnum;
+	WERROR rpc_status;
+	int i, s;
+
+	for (s = 0; s < ARRAY_SIZE(valid_names); s++) {
+
+		r.in.lpszTypeName = valid_names[s];
+
+		for (i=0; i < ARRAY_SIZE(dwType); i++) {
+
+			r.in.dwType = dwType[i];
+			r.out.ReturnEnum = &ReturnEnum;
+			r.out.rpc_status = &rpc_status;
+
+			torture_assert_ntstatus_ok(tctx,
+				dcerpc_clusapi_CreateResTypeEnum_r(b, tctx, &r),
+				"CreateResTypeEnum failed");
+			torture_assert_werr_ok(tctx,
+				r.out.result,
+				"CreateResTypeEnum failed");
+		}
+
+		for (i=0; i < ARRAY_SIZE(dwType_invalid); i++) {
+
+			r.in.dwType = dwType_invalid[i];
+			r.out.ReturnEnum = &ReturnEnum;
+			r.out.rpc_status = &rpc_status;
+
+			torture_assert_ntstatus_ok(tctx,
+				dcerpc_clusapi_CreateResTypeEnum_r(b, tctx, &r),
+				"CreateResTypeEnum failed");
+			torture_assert_werr_ok(tctx,
+				r.out.result,
+				"CreateResTypeEnum failed");
+		}
+	}
+
+	for (s = 0; s < ARRAY_SIZE(invalid_names); s++) {
+
+		r.in.lpszTypeName = invalid_names[s];
+
+		for (i=0; i < ARRAY_SIZE(dwType); i++) {
+
+			r.in.dwType = dwType[i];
+			r.out.ReturnEnum = &ReturnEnum;
+			r.out.rpc_status = &rpc_status;
+
+			torture_assert_ntstatus_ok(tctx,
+				dcerpc_clusapi_CreateResTypeEnum_r(b, tctx, &r),
+				"CreateResTypeEnum failed");
+			torture_assert_werr_equal(tctx,
+				r.out.result,
+				WERR_CLUSTER_RESOURCE_TYPE_NOT_FOUND,
+				"CreateResTypeEnum failed");
+		}
+
+		for (i=0; i < ARRAY_SIZE(dwType_invalid); i++) {
+
+			r.in.dwType = dwType_invalid[i];
+			r.out.ReturnEnum = &ReturnEnum;
+			r.out.rpc_status = &rpc_status;
+
+			torture_assert_ntstatus_ok(tctx,
+				dcerpc_clusapi_CreateResTypeEnum_r(b, tctx, &r),
+				"CreateResTypeEnum failed");
+			torture_assert_werr_equal(tctx,
+				r.out.result,
+				WERR_CLUSTER_RESOURCE_TYPE_NOT_FOUND,
+				"CreateResTypeEnum failed");
+		}
+	}
+
+
+	return true;
+}
+
+static bool test_CreateGroupEnum_int(struct torture_context *tctx,
+				     struct dcerpc_pipe *p,
+				     struct policy_handle *Cluster,
+				     const char **multi_sz,
+				     const char **multi_sz_ro)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_CreateGroupEnum r;
+	struct GROUP_ENUM_LIST *pResultList;
+	WERROR rpc_status;
+	DATA_BLOB blob = data_blob_null;
+	DATA_BLOB blob_ro = data_blob_null;
+
+	r.in.hCluster = *Cluster;
+	r.in.pProperties = blob.data;
+	r.in.cbProperties = blob.length;
+	r.in.pRoProperties = blob_ro.data;
+	r.in.cbRoProperties = blob_ro.length;
+	r.out.ppResultList = &pResultList;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_CreateGroupEnum_r(b, tctx, &r),
+		"CreateGroupEnum failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"CreateGroupEnum failed");
+
+	if (!push_reg_multi_sz(tctx, &blob, multi_sz)) {
+		return false;
+	}
+
+	if (!push_reg_multi_sz(tctx, &blob_ro, multi_sz_ro)) {
+		return false;
+	}
+
+	r.in.pProperties = blob.data;
+	r.in.cbProperties = blob.length;
+
+	r.in.pRoProperties = blob_ro.data;
+	r.in.cbRoProperties = blob_ro.length;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_CreateGroupEnum_r(b, tctx, &r),
+		"CreateGroupEnum failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"CreateGroupEnum failed");
+
+#if 0
+	{
+		int i;
+		enum ndr_err_code ndr_err;
+
+		for (i=0; i < pResultList->EntryCount; i++) {
+			struct clusapi_PROPERTY_LIST list;
+			torture_comment(tctx, "entry #%d\n", i);
+
+			blob = data_blob_const(pResultList->Entry[i].Properties,
+					       pResultList->Entry[i].cbProperties);
+
+			ndr_err = ndr_pull_struct_blob(&blob, tctx, &list,
+				(ndr_pull_flags_fn_t)ndr_pull_clusapi_PROPERTY_LIST);
+			if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+				NDR_PRINT_DEBUG(clusapi_PROPERTY_LIST, &list);
+			}
+
+			blob_ro = data_blob_const(pResultList->Entry[i].RoProperties,
+						  pResultList->Entry[i].cbRoProperties);
+
+			ndr_err = ndr_pull_struct_blob(&blob_ro, tctx, &list,
+				(ndr_pull_flags_fn_t)ndr_pull_clusapi_PROPERTY_LIST);
+			if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+				NDR_PRINT_DEBUG(clusapi_PROPERTY_LIST, &list);
+			}
+		}
+	}
+#endif
+
+	return true;
+}
+
+static bool test_CreateGroupEnum(struct torture_context *tctx,
+				 void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle Cluster;
+	bool ret;
+	const char *multi_sz[] = {
+		"Priority", NULL,
+	};
+	const char *multi_sz_ro[] = {
+		"GroupType", NULL,
+	};
+
+	if (!test_OpenCluster_int(tctx, t->p, &Cluster)) {
+		return false;
+	}
+
+	ret = test_CreateGroupEnum_int(tctx, t->p, &Cluster,
+				       multi_sz, multi_sz_ro);
+	if (!ret) {
+		goto done;
+	}
+
+ done:
+	test_CloseCluster_int(tctx, t->p, &Cluster);
+
+	return ret;
+}
+
+static bool test_OpenNetwork_int(struct torture_context *tctx,
+				 struct dcerpc_pipe *p,
+				 const char *lpszNetworkName,
+				 struct policy_handle *hNetwork)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_OpenNetwork r;
+	WERROR Status;
+	WERROR rpc_status;
+
+	r.in.lpszNetworkName = lpszNetworkName;
+	r.out.rpc_status = &rpc_status;
+	r.out.Status = &Status;
+	r.out.hNetwork = hNetwork ;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_OpenNetwork_r(b, tctx, &r),
+		"OpenNetwork failed");
+	torture_assert_werr_ok(tctx,
+		*r.out.Status,
+		"OpenNetwork failed");
+
+	return true;
+}
+
+static bool test_OpenNetworkEx_int(struct torture_context *tctx,
+				   struct dcerpc_pipe *p,
+				   const char *lpszNetworkName,
+				   struct policy_handle *hNetwork)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_OpenNetworkEx r;
+	uint32_t lpdwGrantedAccess;
+	WERROR Status;
+	WERROR rpc_status;
+
+	r.in.lpszNetworkName = lpszNetworkName;
+	r.in.dwDesiredAccess = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.lpdwGrantedAccess = &lpdwGrantedAccess;
+	r.out.rpc_status = &rpc_status;
+	r.out.Status = &Status;
+	r.out.hNetwork = hNetwork ;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_OpenNetworkEx_r(b, tctx, &r),
+		"OpenNetworkEx failed");
+	torture_assert_werr_ok(tctx,
+		*r.out.Status,
+		"OpenNetworkEx failed");
+
+	return true;
+}
+
+static bool test_CloseNetwork_int(struct torture_context *tctx,
+				  struct dcerpc_pipe *p,
+				  struct policy_handle *Network)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_CloseNetwork r;
+
+	r.in.Network = Network;
+	r.out.Network = Network;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_CloseNetwork_r(b, tctx, &r),
+		"CloseNetwork failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"CloseNetwork failed");
+	torture_assert(tctx,
+		ndr_policy_handle_empty(Network),
+		"policy_handle non empty after CloseNetwork");
+
+	return true;
+}
+
+static bool test_OpenNetwork(struct torture_context *tctx,
+			     void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hNetwork;
+
+	if (!test_OpenNetwork_int(tctx, t->p, "Cluster Network 1", &hNetwork)) {
+		return false;
+	}
+
+	test_CloseNetwork_int(tctx, t->p, &hNetwork);
+
+	return true;
+}
+
+static bool test_OpenNetworkEx(struct torture_context *tctx,
+			       void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hNetwork;
+
+	if (!test_OpenNetworkEx_int(tctx, t->p, "Cluster Network 1", &hNetwork)) {
+		return false;
+	}
+
+	test_CloseNetwork_int(tctx, t->p, &hNetwork);
+
+	return true;
+}
+
+static bool test_CloseNetwork(struct torture_context *tctx,
+			      void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hNetwork;
+
+	if (!test_OpenNetwork_int(tctx, t->p, "Cluster Network 1", &hNetwork)) {
+		return false;
+	}
+
+	return test_CloseNetwork_int(tctx, t->p, &hNetwork);
+}
+
+static bool test_GetNetworkState_int(struct torture_context *tctx,
+				     struct dcerpc_pipe *p,
+				     struct policy_handle *hNetwork)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_GetNetworkState r;
+	enum clusapi_ClusterNetworkState State;
+	WERROR rpc_status;
+
+	r.in.hNetwork = *hNetwork;
+	r.out.State = &State;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_GetNetworkState_r(b, tctx, &r),
+		"GetNetworkState failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"GetNetworkState failed");
+
+	return true;
+}
+
+static bool test_GetNetworkState(struct torture_context *tctx,
+				 void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hNetwork;
+	bool ret = true;
+
+	if (!test_OpenNetwork_int(tctx, t->p, "Cluster Network 1", &hNetwork)) {
+		return false;
+	}
+
+	ret = test_GetNetworkState_int(tctx, t->p, &hNetwork);
+
+	test_CloseNetwork_int(tctx, t->p, &hNetwork);
+
+	return ret;
+}
+
+static bool test_GetNetworkId_int(struct torture_context *tctx,
+				  struct dcerpc_pipe *p,
+				  struct policy_handle *hNetwork)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_GetNetworkId r;
+	const char *pGuid;
+	WERROR rpc_status;
+
+	r.in.hNetwork = *hNetwork;
+	r.out.pGuid = &pGuid;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_GetNetworkId_r(b, tctx, &r),
+		"GetNetworkId failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"GetNetworkId failed");
+
+	return true;
+}
+
+static bool test_GetNetworkId(struct torture_context *tctx,
+			      void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hNetwork;
+	bool ret = true;
+
+	if (!test_OpenNetwork_int(tctx, t->p, "Cluster Network 1", &hNetwork)) {
+		return false;
+	}
+
+	ret = test_GetNetworkId_int(tctx, t->p, &hNetwork);
+
+	test_CloseNetwork_int(tctx, t->p, &hNetwork);
+
+	return ret;
+}
+
+static bool test_one_network(struct torture_context *tctx,
+			     struct dcerpc_pipe *p,
+			     const char *network_name)
+{
+	struct policy_handle hNetwork;
+
+	torture_assert(tctx,
+		test_OpenNetwork_int(tctx, p, network_name, &hNetwork),
+		"failed to open network");
+	test_CloseNetwork_int(tctx, p, &hNetwork);
+
+	torture_assert(tctx,
+		test_OpenNetworkEx_int(tctx, p, network_name, &hNetwork),
+		"failed to openex network");
+
+	torture_assert(tctx,
+		test_GetNetworkId_int(tctx, p, &hNetwork),
+		"failed to query network id");
+	torture_assert(tctx,
+		test_GetNetworkState_int(tctx, p, &hNetwork),
+		"failed to query network id");
+
+	test_CloseNetwork_int(tctx, p, &hNetwork);
+
+	return true;
+}
+
+static bool test_all_networks(struct torture_context *tctx,
+			      void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct dcerpc_binding_handle *b = t->p->binding_handle;
+	struct clusapi_CreateEnum r;
+	uint32_t dwType = CLUSTER_ENUM_NETWORK;
+	struct ENUM_LIST *ReturnEnum;
+	WERROR rpc_status;
+	int i;
+
+	r.in.dwType = dwType;
+	r.out.ReturnEnum = &ReturnEnum;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_CreateEnum_r(b, tctx, &r),
+		"CreateEnum failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"CreateEnum failed");
+
+	for (i=0; i < ReturnEnum->EntryCount; i++) {
+
+		struct ENUM_ENTRY e = ReturnEnum->Entry[i];
+
+		torture_assert_int_equal(tctx, e.Type, CLUSTER_ENUM_NETWORK, "type mismatch");
+
+		torture_assert(tctx,
+			test_one_network(tctx, t->p, e.Name),
+			"failed to test one network");
+	}
+
+	return true;
+}
+
+static bool test_OpenNetInterface_int(struct torture_context *tctx,
+				      struct dcerpc_pipe *p,
+				      const char *lpszNetInterfaceName,
+				      struct policy_handle *hNetInterface)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_OpenNetInterface r;
+	WERROR Status;
+	WERROR rpc_status;
+
+	r.in.lpszNetInterfaceName = lpszNetInterfaceName;
+	r.out.rpc_status = &rpc_status;
+	r.out.Status = &Status;
+	r.out.hNetInterface = hNetInterface;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_OpenNetInterface_r(b, tctx, &r),
+		"OpenNetInterface failed");
+	torture_assert_werr_ok(tctx,
+		*r.out.Status,
+		"OpenNetInterface failed");
+
+	return true;
+}
+
+static bool test_OpenNetInterfaceEx_int(struct torture_context *tctx,
+					struct dcerpc_pipe *p,
+					const char *lpszNetInterfaceName,
+					struct policy_handle *hNetInterface)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_OpenNetInterfaceEx r;
+	uint32_t lpdwGrantedAccess;
+	WERROR Status;
+	WERROR rpc_status;
+
+	r.in.lpszNetInterfaceName = lpszNetInterfaceName;
+	r.in.dwDesiredAccess = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.lpdwGrantedAccess = &lpdwGrantedAccess;
+	r.out.rpc_status = &rpc_status;
+	r.out.Status = &Status;
+	r.out.hNetInterface = hNetInterface;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_OpenNetInterfaceEx_r(b, tctx, &r),
+		"OpenNetInterfaceEx failed");
+	torture_assert_werr_ok(tctx,
+		*r.out.Status,
+		"OpenNetInterfaceEx failed");
+
+	return true;
+}
+
+static bool test_CloseNetInterface_int(struct torture_context *tctx,
+				       struct dcerpc_pipe *p,
+				       struct policy_handle *NetInterface)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_CloseNetInterface r;
+
+	r.in.NetInterface = NetInterface;
+	r.out.NetInterface = NetInterface;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_CloseNetInterface_r(b, tctx, &r),
+		"CloseNetInterface failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"CloseNetInterface failed");
+	torture_assert(tctx,
+		ndr_policy_handle_empty(NetInterface),
+		"policy_handle non empty after CloseNetInterface");
+
+	return true;
+}
+
+static bool test_OpenNetInterface(struct torture_context *tctx,
+				  void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hNetInterface;
+
+	if (!test_OpenNetInterface_int(tctx, t->p, "node1 - Ethernet", &hNetInterface)) {
+		return false;
+	}
+
+	test_CloseNetInterface_int(tctx, t->p, &hNetInterface);
+
+	return true;
+}
+
+static bool test_OpenNetInterfaceEx(struct torture_context *tctx,
+				    void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hNetInterface;
+
+	if (!test_OpenNetInterfaceEx_int(tctx, t->p, "node1 - Ethernet", &hNetInterface)) {
+		return false;
+	}
+
+	test_CloseNetInterface_int(tctx, t->p, &hNetInterface);
+
+	return true;
+}
+
+static bool test_CloseNetInterface(struct torture_context *tctx,
+				   void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hNetInterface;
+
+	if (!test_OpenNetInterface_int(tctx, t->p, "node1 - Ethernet", &hNetInterface)) {
+		return false;
+	}
+
+	return test_CloseNetInterface_int(tctx, t->p, &hNetInterface);
+}
+
+static bool test_GetNetInterfaceState_int(struct torture_context *tctx,
+					  struct dcerpc_pipe *p,
+					  struct policy_handle *hNetInterface)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_GetNetInterfaceState r;
+	enum clusapi_ClusterNetInterfaceState State;
+	WERROR rpc_status;
+
+	r.in.hNetInterface = *hNetInterface;
+	r.out.State = &State;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_GetNetInterfaceState_r(b, tctx, &r),
+		"GetNetInterfaceState failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"GetNetInterfaceState failed");
+
+	return true;
+}
+
+static bool test_GetNetInterfaceState(struct torture_context *tctx,
+				      void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hNetInterface;
+	bool ret = true;
+
+	if (!test_OpenNetInterface_int(tctx, t->p, "node1 - Ethernet", &hNetInterface)) {
+		return false;
+	}
+
+	ret = test_GetNetInterfaceState_int(tctx, t->p, &hNetInterface);
+
+	test_CloseNetInterface_int(tctx, t->p, &hNetInterface);
+
+	return ret;
+}
+
+static bool test_GetNetInterfaceId_int(struct torture_context *tctx,
+				       struct dcerpc_pipe *p,
+				       struct policy_handle *hNetInterface)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_GetNetInterfaceId r;
+	const char *pGuid;
+	WERROR rpc_status;
+
+	r.in.hNetInterface = *hNetInterface;
+	r.out.pGuid = &pGuid;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_GetNetInterfaceId_r(b, tctx, &r),
+		"GetNetInterfaceId failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"GetNetInterfaceId failed");
+
+	return true;
+}
+
+static bool test_GetNetInterfaceId(struct torture_context *tctx,
+				   void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hNetInterface;
+	bool ret = true;
+
+	if (!test_OpenNetInterface_int(tctx, t->p, "node1 - Ethernet", &hNetInterface)) {
+		return false;
+	}
+
+	ret = test_GetNetInterfaceId_int(tctx, t->p, &hNetInterface);
+
+	test_CloseNetInterface_int(tctx, t->p, &hNetInterface);
+
+	return ret;
+}
+
+static bool test_one_netinterface(struct torture_context *tctx,
+				  struct dcerpc_pipe *p,
+				  const char *netinterface_name)
+{
+	struct policy_handle hNetInterface;
+
+	torture_assert(tctx,
+		test_OpenNetInterface_int(tctx, p, netinterface_name, &hNetInterface),
+		"failed to open netinterface");
+	test_CloseNetInterface_int(tctx, p, &hNetInterface);
+
+	torture_assert(tctx,
+		test_OpenNetInterfaceEx_int(tctx, p, netinterface_name, &hNetInterface),
+		"failed to openex netinterface");
+
+	torture_assert(tctx,
+		test_GetNetInterfaceId_int(tctx, p, &hNetInterface),
+		"failed to query netinterface id");
+	torture_assert(tctx,
+		test_GetNetInterfaceState_int(tctx, p, &hNetInterface),
+		"failed to query netinterface id");
+
+	test_CloseNetInterface_int(tctx, p, &hNetInterface);
+
+	return true;
+}
+
+static bool test_all_netinterfaces(struct torture_context *tctx,
+				   void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct dcerpc_binding_handle *b = t->p->binding_handle;
+	struct clusapi_CreateEnum r;
+	uint32_t dwType = CLUSTER_ENUM_NETINTERFACE;
+	struct ENUM_LIST *ReturnEnum;
+	WERROR rpc_status;
+	int i;
+
+	r.in.dwType = dwType;
+	r.out.ReturnEnum = &ReturnEnum;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_CreateEnum_r(b, tctx, &r),
+		"CreateEnum failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"CreateEnum failed");
+
+	for (i=0; i < ReturnEnum->EntryCount; i++) {
+
+		struct ENUM_ENTRY e = ReturnEnum->Entry[i];
+
+		torture_assert_int_equal(tctx, e.Type, CLUSTER_ENUM_NETINTERFACE, "type mismatch");
+
+		torture_assert(tctx,
+			test_one_netinterface(tctx, t->p, e.Name),
+			"failed to test one netinterface");
+	}
+
+	return true;
+}
+
+static bool test_CloseKey_int(struct torture_context *tctx,
+			      struct dcerpc_pipe *p,
+			      struct policy_handle *pKey)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_CloseKey r;
+
+	r.in.pKey = pKey;
+	r.out.pKey = pKey;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_CloseKey_r(b, tctx, &r),
+		"CloseKey failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"CloseKey failed");
+	torture_assert(tctx,
+		ndr_policy_handle_empty(pKey),
+		"policy_handle non empty after CloseKey");
+
+	return true;
+}
+
+static bool test_GetRootKey_int(struct torture_context *tctx,
+				struct dcerpc_pipe *p,
+				struct policy_handle *phKey)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_GetRootKey r;
+	WERROR Status;
+	WERROR rpc_status;
+
+	r.in.samDesired = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.Status = &Status;
+	r.out.rpc_status = &rpc_status;
+	r.out.phKey = phKey;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_GetRootKey_r(b, tctx, &r),
+		"GetRootKey failed");
+	torture_assert_werr_ok(tctx,
+		*r.out.Status,
+		"GetRootKey failed");
+
+	return true;
+}
+
+static bool test_EnumKey_int(struct torture_context *tctx,
+			     struct dcerpc_pipe *p,
+			     struct policy_handle *hKey)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_EnumKey r;
+	const char *KeyName;
+	NTTIME lpftLastWriteTime;
+	WERROR rpc_status;
+
+	r.in.hKey = *hKey;
+	r.in.dwIndex = 0;
+	r.out.KeyName = &KeyName;
+	r.out.lpftLastWriteTime = &lpftLastWriteTime;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_EnumKey_r(b, tctx, &r),
+		"EnumKey failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"EnumKey failed");
+
+	return true;
+}
+
+static bool test_OpenKey_int(struct torture_context *tctx,
+			     struct dcerpc_pipe *p,
+			     struct policy_handle *hKey,
+			     const char *lpSubKey,
+			     struct policy_handle *phKey)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_OpenKey r;
+	WERROR Status;
+	WERROR rpc_status;
+
+	r.in.hKey = *hKey;
+	r.in.lpSubKey = lpSubKey;
+	r.in.samDesired = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.Status = &Status;
+	r.out.rpc_status = &rpc_status;
+	r.out.phKey = phKey;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_OpenKey_r(b, tctx, &r),
+		"OpenKey failed");
+	torture_assert_werr_ok(tctx,
+		*r.out.Status,
+		"OpenKey failed");
+
+	return true;
+}
+
+static bool test_EnumValue_int(struct torture_context *tctx,
+			       struct dcerpc_pipe *p,
+			       struct policy_handle *hKey)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_EnumValue r;
+	const char *lpValueName;
+	uint32_t lpType;
+	uint32_t TotalSize;
+	WERROR rpc_status;
+	int i = 0;
+
+	do {
+		uint32_t lpcbData = 2048;
+
+		r.in.hKey = *hKey;
+		r.in.dwIndex = i++;
+		r.in.lpcbData = &lpcbData;
+		r.out.lpValueName = &lpValueName;
+		r.out.lpType = &lpType;
+		r.out.lpData = talloc_array(tctx, uint8_t, lpcbData);
+		r.out.TotalSize = &TotalSize;
+		r.out.rpc_status = &rpc_status;
+		r.out.lpcbData = &lpcbData;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_clusapi_EnumValue_r(b, tctx, &r),
+			"EnumValue failed");
+
+	} while (W_ERROR_IS_OK(r.out.result));
+
+	torture_assert_werr_equal(tctx,
+		r.out.result,
+		WERR_NO_MORE_ITEMS,
+		"EnumValue failed");
+
+	return true;
+}
+
+static bool test_QueryInfoKey_int(struct torture_context *tctx,
+				  struct dcerpc_pipe *p,
+				  struct policy_handle *hKey)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_QueryInfoKey r;
+	uint32_t lpcSubKeys;
+	uint32_t lpcbMaxSubKeyLen;
+	uint32_t lpcValues;
+	uint32_t lpcbMaxValueNameLen;
+	uint32_t lpcbMaxValueLen;
+	uint32_t lpcbSecurityDescriptor;
+	NTTIME lpftLastWriteTime;
+	WERROR rpc_status;
+
+	r.in.hKey = *hKey;
+	r.out.lpcSubKeys = &lpcSubKeys;
+	r.out.lpcbMaxSubKeyLen = &lpcbMaxSubKeyLen;
+	r.out.lpcValues = &lpcValues;
+	r.out.lpcbMaxValueNameLen = &lpcbMaxValueNameLen;
+	r.out.lpcbMaxValueLen = &lpcbMaxValueLen;
+	r.out.lpcbSecurityDescriptor = &lpcbSecurityDescriptor;
+	r.out.lpftLastWriteTime = &lpftLastWriteTime;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_QueryInfoKey_r(b, tctx, &r),
+		"QueryInfoKey failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"QueryInfoKey failed");
+
+	return true;
+}
+
+static bool test_GetKeySecurity_int(struct torture_context *tctx,
+				    struct dcerpc_pipe *p,
+				    struct policy_handle *hKey)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_GetKeySecurity r;
+	uint32_t SecurityInformation = SECINFO_DACL | SECINFO_OWNER | SECINFO_GROUP;
+	struct RPC_SECURITY_DESCRIPTOR pRpcSecurityDescriptor;
+	WERROR rpc_status;
+
+	ZERO_STRUCT(pRpcSecurityDescriptor);
+
+	r.in.hKey = *hKey;
+	r.in.SecurityInformation = SecurityInformation;
+	r.in.pRpcSecurityDescriptor = &pRpcSecurityDescriptor;
+	r.out.rpc_status = &rpc_status;
+	r.out.pRpcSecurityDescriptor = &pRpcSecurityDescriptor;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_GetKeySecurity_r(b, tctx, &r),
+		"GetKeySecurity failed");
+
+	if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {
+		pRpcSecurityDescriptor.lpSecurityDescriptor = talloc_array(tctx,
+		uint8_t, pRpcSecurityDescriptor.cbInSecurityDescriptor);
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_clusapi_GetKeySecurity_r(b, tctx, &r),
+			"GetKeySecurity failed");
+	}
+
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"GetKeySecurity failed");
+
+	return true;
+}
+
+static bool test_GetRootKey(struct torture_context *tctx,
+			    void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hKey;
+
+	if (!test_GetRootKey_int(tctx, t->p, &hKey)) {
+		return false;
+	}
+
+	test_CloseKey_int(tctx, t->p, &hKey);
+
+	return true;
+}
+
+static bool test_CloseKey(struct torture_context *tctx,
+			  void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hKey;
+
+	if (!test_GetRootKey_int(tctx, t->p, &hKey)) {
+		return false;
+	}
+
+	return test_CloseKey_int(tctx, t->p, &hKey);
+}
+
+static bool test_EnumKey(struct torture_context *tctx,
+			 void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hKey;
+	bool ret = true;
+
+	if (!test_GetRootKey_int(tctx, t->p, &hKey)) {
+		return false;
+	}
+
+	ret = test_EnumKey_int(tctx, t->p, &hKey);
+
+	test_CloseKey_int(tctx, t->p, &hKey);
+
+	return ret;
+}
+
+static bool test_QueryValue_int(struct torture_context *tctx,
+				struct dcerpc_pipe *p,
+				struct policy_handle *hKey,
+				const char *ValueName)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_QueryValue r;
+	uint32_t lpValueType;
+	uint32_t lpcbRequired;
+	WERROR rpc_status;
+
+	r.in.hKey = *hKey;
+	r.in.lpValueName = ValueName;
+	r.in.cbData = 0;
+	r.out.lpValueType = &lpValueType;
+	r.out.lpData = NULL;
+	r.out.lpcbRequired = &lpcbRequired;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_QueryValue_r(b, tctx, &r),
+		"QueryValue failed");
+
+	if (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA)) {
+
+		r.in.cbData = lpcbRequired;
+		r.out.lpData = talloc_zero_array(tctx, uint8_t, r.in.cbData);
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_clusapi_QueryValue_r(b, tctx, &r),
+			"QueryValue failed");
+	}
+
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"QueryValue failed");
+
+	if (lpValueType == REG_SZ) {
+		const char *s;
+		DATA_BLOB blob = data_blob_const(r.out.lpData, lpcbRequired);
+		pull_reg_sz(tctx, &blob, &s);
+		torture_comment(tctx, "got: %s\n", s);
+	}
+
+	return true;
+}
+
+static bool test_QueryValue(struct torture_context *tctx,
+			    void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hKey;
+	bool ret = true;
+
+	if (!test_GetRootKey_int(tctx, t->p, &hKey)) {
+		return false;
+	}
+
+	ret = test_QueryValue_int(tctx, t->p, &hKey, "ClusterInstanceID");
+
+	test_CloseKey_int(tctx, t->p, &hKey);
+
+	return ret;
+}
+
+
+static bool test_one_key(struct torture_context *tctx,
+			 struct dcerpc_pipe *p,
+			 struct policy_handle *hKey,
+			 const char *KeyName)
+{
+	struct policy_handle phKey;
+
+	torture_assert(tctx,
+		test_OpenKey_int(tctx, p, hKey, KeyName, &phKey),
+		"failed to open key");
+
+	torture_assert(tctx,
+		test_QueryInfoKey_int(tctx, p, &phKey),
+		"failed to enum values");
+	torture_assert(tctx,
+		test_GetKeySecurity_int(tctx, p, &phKey),
+		"failed to get key security");
+
+	torture_assert(tctx,
+		test_EnumValue_int(tctx, p, &phKey),
+		"failed to enum values");
+
+	torture_assert(tctx,
+		test_CloseKey_int(tctx, p, &phKey),
+		"failed to close key");
+
+	return true;
+}
+
+static bool test_all_keys(struct torture_context *tctx,
+			  void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct dcerpc_binding_handle *b = t->p->binding_handle;
+	struct policy_handle hKey;
+	struct clusapi_EnumKey r;
+	const char *KeyName;
+	NTTIME lpftLastWriteTime;
+	WERROR rpc_status;
+	int i = 0;
+
+	if (!test_GetRootKey_int(tctx, t->p, &hKey)) {
+		return false;
+	}
+
+	do {
+		r.in.hKey = hKey;
+		r.in.dwIndex = i++;
+		r.out.KeyName = &KeyName;
+		r.out.lpftLastWriteTime = &lpftLastWriteTime;
+		r.out.rpc_status = &rpc_status;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_clusapi_EnumKey_r(b, tctx, &r),
+			"EnumKey failed");
+
+		if (W_ERROR_IS_OK(r.out.result)) {
+			torture_assert(tctx,
+				test_one_key(tctx, t->p, &hKey, KeyName),
+				"failed to test one key");
+		}
+
+	} while (W_ERROR_IS_OK(r.out.result));
+
+	torture_assert_werr_equal(tctx,
+		r.out.result,
+		WERR_NO_MORE_ITEMS,
+		"EnumKey failed");
+
+	test_CloseKey_int(tctx, t->p, &hKey);
+
+	return true;
+}
+
+static bool test_OpenGroupSet_int(struct torture_context *tctx,
+				  struct dcerpc_pipe *p,
+				  const char *lpszGroupSetName,
+				  struct policy_handle *hGroupSet)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_OpenGroupSet r;
+	WERROR Status;
+	WERROR rpc_status;
+
+	r.in.lpszGroupSetName = lpszGroupSetName;
+	r.out.rpc_status = &rpc_status;
+	r.out.Status = &Status;
+	r.out.hGroupSet = hGroupSet;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_OpenGroupSet_r(b, tctx, &r),
+		"OpenGroupSet failed");
+	torture_assert_werr_ok(tctx,
+		*r.out.Status,
+		"OpenGroupSet failed");
+
+	return true;
+}
+
+static bool test_CloseGroupSet_int(struct torture_context *tctx,
+				   struct dcerpc_pipe *p,
+				   struct policy_handle *GroupSet)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_CloseGroupSet r;
+
+	r.in.GroupSet = GroupSet;
+	r.out.GroupSet = GroupSet;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_CloseGroupSet_r(b, tctx, &r),
+		"CloseGroupSet failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"CloseGroupSet failed");
+	torture_assert(tctx,
+		ndr_policy_handle_empty(GroupSet),
+		"policy_handle non empty after CloseGroupSet");
+
+	return true;
+}
+
+static bool test_OpenGroupSet(struct torture_context *tctx,
+			      void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hGroupSet;
+
+	if (t->lpwMajorVersion < 0x000a) {
+		torture_skip(tctx, "GroupSet fn not available on old clusters");
+		return true;
+	}
+
+	if (!test_OpenGroupSet_int(tctx, t->p, "Cluster Group", &hGroupSet)) {
+		return false;
+	}
+
+	test_CloseGroupSet_int(tctx, t->p, &hGroupSet);
+
+	return true;
+}
+
+static bool test_CloseGroupSet(struct torture_context *tctx,
+			       void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct policy_handle hGroupSet;
+
+	if (t->lpwMajorVersion < 0x000a) {
+		torture_skip(tctx, "GroupSet fn not available on old clusters");
+		return true;
+	}
+
+	if (!test_OpenGroupSet_int(tctx, t->p, "Cluster Group", &hGroupSet)) {
+		return false;
+	}
+
+	return test_CloseGroupSet_int(tctx, t->p, &hGroupSet);
+}
+
+static bool test_one_groupset(struct torture_context *tctx,
+			      struct dcerpc_pipe *p,
+			      const char *groupset_name)
+{
+	struct policy_handle hGroupSet;
+
+	torture_assert(tctx,
+		test_OpenGroupSet_int(tctx, p, groupset_name, &hGroupSet),
+		"failed to open groupset");
+
+	test_CloseGroupSet_int(tctx, p, &hGroupSet);
+
+	return true;
+}
+
+static bool test_all_groupsets(struct torture_context *tctx,
+			       void *data)
+{
+	struct torture_clusapi_context *t =
+		talloc_get_type_abort(data, struct torture_clusapi_context);
+	struct dcerpc_binding_handle *b = t->p->binding_handle;
+	struct clusapi_CreateGroupSetEnum r;
+	struct ENUM_LIST *ReturnEnum;
+	struct policy_handle Cluster;
+	WERROR rpc_status;
+	int i;
+
+	if (!test_OpenCluster_int(tctx, t->p, &Cluster)) {
+		return false;
+	}
+
+	r.in.hCluster = Cluster;
+	r.out.ReturnEnum = &ReturnEnum;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_CreateGroupSetEnum_r(b, tctx, &r),
+		"CreateGroupSetEnum failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"CreateGroupSetEnum failed");
+
+	test_CloseCluster_int(tctx, t->p, &Cluster);
+
+	for (i=0; i < ReturnEnum->EntryCount; i++) {
+
+		struct ENUM_ENTRY e = ReturnEnum->Entry[i];
+
+		torture_assert(tctx,
+			test_one_groupset(tctx, t->p, e.Name),
+			"failed to test one groupset");
+	}
+
+	return true;
+}
+
+static bool torture_rpc_clusapi_setup_common(struct torture_context *tctx,
+					     struct torture_clusapi_context *t)
+{
+	struct dcerpc_binding_handle *b;
+
+	torture_assert_ntstatus_ok(tctx,
+		torture_rpc_connection(tctx, &t->p, &ndr_table_clusapi),
+		"Error connecting to server");
+
+	b = t->p->binding_handle;
+
+	{
+		struct clusapi_GetClusterName r;
+
+		r.out.ClusterName = &t->ClusterName;
+		r.out.NodeName = &t->NodeName;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_clusapi_GetClusterName_r(b, tctx, &r),
+			"GetClusterName failed");
+		torture_assert_werr_ok(tctx,
+			r.out.result,
+			"GetClusterName failed");
+	}
+	{
+		struct clusapi_GetClusterVersion2 r;
+		const char *lpszVendorId;
+		const char *lpszCSDVersion;
+		struct CLUSTER_OPERATIONAL_VERSION_INFO *ppClusterOpVerInfo;
+		WERROR rpc_status;
+
+		r.out.lpwMajorVersion = &t->lpwMajorVersion;
+		r.out.lpwMinorVersion = &t->lpwMinorVersion;
+		r.out.lpwBuildNumber = &t->lpwBuildNumber;
+		r.out.lpszVendorId = &lpszVendorId;
+		r.out.lpszCSDVersion = &lpszCSDVersion;
+		r.out.ppClusterOpVerInfo = &ppClusterOpVerInfo;
+		r.out.rpc_status = &rpc_status;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_clusapi_GetClusterVersion2_r(b, tctx, &r),
+			"GetClusterVersion2 failed");
+		torture_assert_werr_ok(tctx,
+			r.out.result,
+			"GetClusterVersion2 failed");
+	}
+
+	return true;
+}
+
+static bool torture_rpc_clusapi_setup(struct torture_context *tctx,
+				      void **data)
+{
+	struct torture_clusapi_context *t;
+
+	*data = t = talloc_zero(tctx, struct torture_clusapi_context);
+
+	return torture_rpc_clusapi_setup_common(tctx, t);
+}
+
+static bool torture_rpc_clusapi_teardown(struct torture_context *tctx,
+					 void *data)
+{
+	talloc_free(data);
+
+	return true;
+}
+
+void torture_tcase_cluster(struct torture_tcase *tcase)
+{
+	torture_tcase_add_simple_test(tcase, "OpenCluster",
+				      test_OpenCluster);
+	torture_tcase_add_simple_test(tcase, "OpenClusterEx",
+				      test_OpenClusterEx);
+	torture_tcase_add_simple_test(tcase, "CloseCluster",
+				      test_CloseCluster);
+	torture_tcase_add_simple_test(tcase, "SetClusterName",
+				      test_SetClusterName);
+	torture_tcase_add_simple_test(tcase, "GetClusterName",
+				      test_GetClusterName);
+	torture_tcase_add_simple_test(tcase, "GetClusterVersion",
+				      test_GetClusterVersion);
+	torture_tcase_add_simple_test(tcase, "CreateEnum",
+				      test_CreateEnum);
+	torture_tcase_add_simple_test(tcase, "CreateEnumEx",
+				      test_CreateEnumEx);
+	torture_tcase_add_simple_test(tcase, "GetClusterVersion2",
+				      test_GetClusterVersion2);
+	torture_tcase_add_simple_test(tcase, "BackupClusterDatabase",
+				      test_BackupClusterDatabase);
+	torture_tcase_add_simple_test(tcase, "SetServiceAccountPassword",
+				      test_SetServiceAccountPassword);
+	torture_tcase_add_simple_test(tcase, "ClusterControl",
+				      test_ClusterControl);
+	torture_tcase_add_simple_test(tcase, "CreateResTypeEnum",
+				      test_CreateResTypeEnum);
+	torture_tcase_add_simple_test(tcase, "CreateGroupEnum",
+				      test_CreateGroupEnum);
+
+}
+
+void torture_tcase_resource(struct torture_tcase *tcase)
+{
+	struct torture_test *test;
+
+	torture_tcase_add_simple_test(tcase, "GetQuorumResource",
+				      test_GetQuorumResource);
+	torture_tcase_add_simple_test(tcase, "SetQuorumResource",
+				      test_SetQuorumResource);
+	torture_tcase_add_simple_test(tcase, "OpenResource",
+				      test_OpenResource);
+	torture_tcase_add_simple_test(tcase, "OpenResourceEx",
+				      test_OpenResourceEx);
+	torture_tcase_add_simple_test(tcase, "CloseResource",
+				      test_CloseResource);
+	torture_tcase_add_simple_test(tcase, "CreateResource",
+				      test_CreateResource);
+	torture_tcase_add_simple_test(tcase, "DeleteResource",
+				      test_DeleteResource);
+	torture_tcase_add_simple_test(tcase, "SetResourceName",
+				      test_SetResourceName);
+	torture_tcase_add_simple_test(tcase, "GetResourceState",
+				      test_GetResourceState);
+	torture_tcase_add_simple_test(tcase, "GetResourceId",
+				      test_GetResourceId);
+	torture_tcase_add_simple_test(tcase, "GetResourceType",
+				      test_GetResourceType);
+	torture_tcase_add_simple_test(tcase, "CreateResEnum",
+				      test_CreateResEnum);
+	test = torture_tcase_add_simple_test(tcase, "FailResource",
+				      test_FailResource);
+	test->dangerous = true;
+	torture_tcase_add_simple_test(tcase, "OnlineResource",
+				      test_OnlineResource);
+	test = torture_tcase_add_simple_test(tcase, "OfflineResource",
+				      test_OfflineResource);
+	test->dangerous = true;
+	torture_tcase_add_simple_test(tcase, "GetResourceDependencyExpression",
+				      test_GetResourceDependencyExpression);
+	torture_tcase_add_simple_test(tcase, "GetResourceNetworkName",
+				      test_GetResourceNetworkName);
+	torture_tcase_add_simple_test(tcase, "all_resources",
+				      test_all_resources);
+}
+
+void torture_tcase_resourcetype(struct torture_tcase *tcase)
+{
+	torture_tcase_add_simple_test(tcase, "all_resourcetypes",
+				      test_all_resourcetypes);
+}
+
+void torture_tcase_node(struct torture_tcase *tcase)
+{
+	struct torture_test *test;
+
+	torture_tcase_add_simple_test(tcase, "OpenNode",
+				      test_OpenNode);
+	torture_tcase_add_simple_test(tcase, "OpenNodeEx",
+				      test_OpenNodeEx);
+	torture_tcase_add_simple_test(tcase, "CloseNode",
+				      test_CloseNode);
+	torture_tcase_add_simple_test(tcase, "GetNodeState",
+				      test_GetNodeState);
+	torture_tcase_add_simple_test(tcase, "GetNodeId",
+				      test_GetNodeId);
+	torture_tcase_add_simple_test(tcase, "NodeControl",
+				      test_NodeControl);
+	test = torture_tcase_add_simple_test(tcase, "PauseNode",
+					     test_PauseNode);
+	test->dangerous = true;
+	torture_tcase_add_simple_test(tcase, "ResumeNode",
+				      test_ResumeNode);
+	test = torture_tcase_add_simple_test(tcase, "EvictNode",
+					     test_EvictNode);
+	test->dangerous = true;
+	torture_tcase_add_simple_test(tcase, "all_nodes",
+				      test_all_nodes);
+}
+
+void torture_tcase_group(struct torture_tcase *tcase)
+{
+	struct torture_test *test;
+
+	torture_tcase_add_simple_test(tcase, "OpenGroup",
+				      test_OpenGroup);
+	torture_tcase_add_simple_test(tcase, "OpenGroupEx",
+				      test_OpenGroupEx);
+	torture_tcase_add_simple_test(tcase, "CloseGroup",
+				      test_CloseGroup);
+	torture_tcase_add_simple_test(tcase, "GetGroupState",
+				      test_GetGroupState);
+	torture_tcase_add_simple_test(tcase, "GetGroupId",
+				      test_GetGroupId);
+	torture_tcase_add_simple_test(tcase, "GroupControl",
+				      test_GroupControl);
+	torture_tcase_add_simple_test(tcase, "OnlineGroup",
+				      test_OnlineGroup);
+	test = torture_tcase_add_simple_test(tcase, "OfflineGroup",
+				      test_OfflineGroup);
+	test->dangerous = true;
+	torture_tcase_add_simple_test(tcase, "all_groups",
+				      test_all_groups);
+}
+
+void torture_tcase_network(struct torture_tcase *tcase)
+{
+	torture_tcase_add_simple_test(tcase, "OpenNetwork",
+				      test_OpenNetwork);
+	torture_tcase_add_simple_test(tcase, "OpenNetworkEx",
+				      test_OpenNetworkEx);
+	torture_tcase_add_simple_test(tcase, "CloseNetwork",
+				      test_CloseNetwork);
+	torture_tcase_add_simple_test(tcase, "GetNetworkState",
+				      test_GetNetworkState);
+	torture_tcase_add_simple_test(tcase, "GetNetworkId",
+				      test_GetNetworkId);
+	torture_tcase_add_simple_test(tcase, "all_networks",
+				      test_all_networks);
+}
+
+void torture_tcase_netinterface(struct torture_tcase *tcase)
+{
+	torture_tcase_add_simple_test(tcase, "OpenNetInterface",
+				      test_OpenNetInterface);
+	torture_tcase_add_simple_test(tcase, "OpenNetInterfaceEx",
+				      test_OpenNetInterfaceEx);
+	torture_tcase_add_simple_test(tcase, "CloseNetInterface",
+				      test_CloseNetInterface);
+	torture_tcase_add_simple_test(tcase, "GetNetInterfaceState",
+				      test_GetNetInterfaceState);
+	torture_tcase_add_simple_test(tcase, "GetNetInterfaceId",
+				      test_GetNetInterfaceId);
+	torture_tcase_add_simple_test(tcase, "all_netinterfaces",
+				      test_all_netinterfaces);
+}
+
+void torture_tcase_registry(struct torture_tcase *tcase)
+{
+	torture_tcase_add_simple_test(tcase, "GetRootKey",
+				      test_GetRootKey);
+	torture_tcase_add_simple_test(tcase, "CloseKey",
+				      test_CloseKey);
+	torture_tcase_add_simple_test(tcase, "EnumKey",
+				      test_EnumKey);
+	torture_tcase_add_simple_test(tcase, "QueryValue",
+				      test_QueryValue);
+	torture_tcase_add_simple_test(tcase, "all_keys",
+				      test_all_keys);
+}
+
+void torture_tcase_groupset(struct torture_tcase *tcase)
+{
+	torture_tcase_add_simple_test(tcase, "OpenGroupSet",
+				      test_OpenGroupSet);
+	torture_tcase_add_simple_test(tcase, "CloseGroupSet",
+				      test_CloseGroupSet);
+	torture_tcase_add_simple_test(tcase, "all_groupsets",
+				      test_all_groupsets);
+}
+
+struct torture_suite *torture_rpc_clusapi(TALLOC_CTX *mem_ctx)
+{
+	struct torture_tcase *tcase;
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "clusapi");
+
+	tcase = torture_suite_add_tcase(suite, "cluster");
+
+	torture_tcase_set_fixture(tcase,
+				  torture_rpc_clusapi_setup,
+				  torture_rpc_clusapi_teardown);
+
+	torture_tcase_cluster(tcase);
+
+	tcase = torture_suite_add_tcase(suite, "resource");
+
+	torture_tcase_set_fixture(tcase,
+				  torture_rpc_clusapi_setup,
+				  torture_rpc_clusapi_teardown);
+
+	torture_tcase_resource(tcase);
+
+	tcase = torture_suite_add_tcase(suite, "resourcetype");
+
+	torture_tcase_set_fixture(tcase,
+				  torture_rpc_clusapi_setup,
+				  torture_rpc_clusapi_teardown);
+
+	torture_tcase_resourcetype(tcase);
+
+
+	tcase = torture_suite_add_tcase(suite, "node");
+
+	torture_tcase_set_fixture(tcase,
+				  torture_rpc_clusapi_setup,
+				  torture_rpc_clusapi_teardown);
+
+	torture_tcase_node(tcase);
+
+	tcase = torture_suite_add_tcase(suite, "group");
+
+	torture_tcase_set_fixture(tcase,
+				  torture_rpc_clusapi_setup,
+				  torture_rpc_clusapi_teardown);
+
+	torture_tcase_group(tcase);
+
+	tcase = torture_suite_add_tcase(suite, "network");
+
+	torture_tcase_set_fixture(tcase,
+				  torture_rpc_clusapi_setup,
+				  torture_rpc_clusapi_teardown);
+
+	torture_tcase_network(tcase);
+
+	tcase = torture_suite_add_tcase(suite, "netinterface");
+
+	torture_tcase_set_fixture(tcase,
+				  torture_rpc_clusapi_setup,
+				  torture_rpc_clusapi_teardown);
+
+	torture_tcase_netinterface(tcase);
+
+	tcase = torture_suite_add_tcase(suite, "registry");
+
+	torture_tcase_set_fixture(tcase,
+				  torture_rpc_clusapi_setup,
+				  torture_rpc_clusapi_teardown);
+
+	torture_tcase_registry(tcase);
+
+	tcase = torture_suite_add_tcase(suite, "groupset");
+
+	torture_tcase_set_fixture(tcase,
+				  torture_rpc_clusapi_setup,
+				  torture_rpc_clusapi_teardown);
+
+	torture_tcase_groupset(tcase);
+
+	return suite;
+}
diff --git a/source4/torture/rpc/countcalls.c b/source4/torture/rpc/countcalls.c
new file mode 100644
index 0000000..52be979
--- /dev/null
+++ b/source4/torture/rpc/countcalls.c
@@ -0,0 +1,131 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   count number of calls on an interface
+
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2007
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/ndr/libndr.h"
+#include "librpc/ndr/ndr_table.h"
+#include "torture/rpc/torture_rpc.h"
+#include "param/param.h"
+
+
+	
+bool count_calls(struct torture_context *tctx,
+		 TALLOC_CTX *mem_ctx,
+		 const struct ndr_interface_table *iface,
+	bool all) 
+{
+	struct dcerpc_pipe *p;
+	DATA_BLOB stub_in, stub_out;
+	int i;
+	NTSTATUS status = torture_rpc_connection(tctx, &p, iface);
+	if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_NOT_FOUND, status)
+	    || NT_STATUS_IS_RPC(status)
+	    || NT_STATUS_EQUAL(NT_STATUS_PORT_UNREACHABLE, status)
+	    || NT_STATUS_EQUAL(NT_STATUS_ACCESS_DENIED, status)) {
+		if (all) {
+			/* Not fatal if looking for all pipes */
+			return true;
+		} else {
+			printf("Failed to open '%s' to count calls - %s\n", iface->name, nt_errstr(status));
+			return false;
+		}
+	} else if (!NT_STATUS_IS_OK(status)) {
+		printf("Failed to open '%s' to count calls - %s\n", iface->name, nt_errstr(status));
+		return false;
+	}
+
+	stub_in = data_blob_null;
+
+	printf("\nScanning pipe '%s'\n", iface->name);
+
+	for (i=0;i<500;i++) {
+		uint32_t out_flags = 0;
+
+		status = dcerpc_binding_handle_raw_call(p->binding_handle,
+							NULL, i,
+							0, /* in_flags */
+							stub_in.data,
+							stub_in.length,
+							mem_ctx,
+							&stub_out.data,
+							&stub_out.length,
+							&out_flags);
+		if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) {
+			i--;
+			break;
+		}
+		if (NT_STATUS_EQUAL(status, NT_STATUS_CONNECTION_DISCONNECTED)) {
+			i--;
+			break;
+		}
+		if (NT_STATUS_EQUAL(status, NT_STATUS_PIPE_DISCONNECTED)) {
+			i--;
+			break;
+		}
+		if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+			i--;
+			break;
+		}
+		if (NT_STATUS_EQUAL(status, NT_STATUS_LOGON_FAILURE)) {
+			i--;
+			break;
+		}
+	}
+	
+	if (i==500) {
+		talloc_free(p);
+		printf("no limit on calls: %s!?\n", nt_errstr(status));
+		return false;
+	}
+
+	printf("Found %d calls\n", i);
+
+	talloc_free(p);
+	
+	return true;
+
+}
+
+bool torture_rpc_countcalls(struct torture_context *torture)
+{
+	const struct ndr_interface_table *iface;
+	const char *iface_name;
+	bool ret = true;
+	const struct ndr_interface_list *l;
+	iface_name = lpcfg_parm_string(torture->lp_ctx, NULL, "countcalls", "interface");
+	if (iface_name != NULL) {
+		iface = ndr_table_by_name(iface_name);
+		if (!iface) {
+			printf("Unknown interface '%s'\n", iface_name);
+			return false;
+		}
+		return count_calls(torture, torture, iface, false);
+	}
+
+	for (l=ndr_table_list();l;l=l->next) {		
+		TALLOC_CTX *loop_ctx;
+		loop_ctx = talloc_named(torture, 0, "torture_rpc_councalls loop context");
+		ret &= count_calls(torture, loop_ctx, l->table, true);
+		talloc_free(loop_ctx);
+	}
+	return ret;
+}
diff --git a/source4/torture/rpc/dfs.c b/source4/torture/rpc/dfs.c
new file mode 100644
index 0000000..14af288
--- /dev/null
+++ b/source4/torture/rpc/dfs.c
@@ -0,0 +1,651 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for rpc dfs operations
+
+   Copyright (C) Andrew Tridgell 2003
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "torture/rpc/torture_rpc.h"
+#include "librpc/gen_ndr/ndr_dfs_c.h"
+#include "libnet/libnet.h"
+#include "torture/util.h"
+#include "libcli/libcli.h"
+#include "lib/cmdline/cmdline.h"
+
+#define SMBTORTURE_DFS_SHARENAME "smbtorture_dfs_share"
+#define SMBTORTURE_DFS_DIRNAME "\\smbtorture_dfs_dir"
+#define SMBTORTURE_DFS_PATHNAME "C:"SMBTORTURE_DFS_DIRNAME
+
+#define IS_DFS_VERSION_UNSUPPORTED_CALL_W2K3(x,y)\
+	if (x == DFS_MANAGER_VERSION_W2K3) {\
+		if (!W_ERROR_EQUAL(y,WERR_NOT_SUPPORTED)) {\
+			printf("expected WERR_NOT_SUPPORTED\n");\
+			return false;\
+		}\
+		return true;\
+	}\
+
+static bool test_NetShareAdd(struct torture_context *tctx,
+			     const char *host,
+			     const char *sharename,
+			     const char *dir)
+{
+	NTSTATUS status;
+	struct srvsvc_NetShareInfo2 i;
+	struct libnet_context* libnetctx;
+	struct libnet_AddShare r;
+
+	printf("Creating share %s\n", sharename);
+
+	if (!(libnetctx = libnet_context_init(tctx->ev, tctx->lp_ctx))) {
+		return false;
+	}
+
+	libnetctx->cred = samba_cmdline_get_creds();
+
+	i.name			= sharename;
+	i.type			= STYPE_DISKTREE;
+	i.path			= dir;
+	i.max_users		= (uint32_t) -1;
+	i.comment		= "created by smbtorture";
+	i.password		= NULL;
+	i.permissions		= 0x0;
+	i.current_users		= 0x0;
+
+	r.level 		= 2;
+	r.in.server_name	= host;
+	r.in.share 		= i;
+
+	status = libnet_AddShare(libnetctx, tctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		d_printf("Failed to add new share: %s (%s)\n",
+			nt_errstr(status), r.out.error_string);
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_NetShareDel(struct torture_context *tctx,
+			     const char *host,
+			     const char *sharename)
+{
+	NTSTATUS status;
+	struct libnet_context* libnetctx;
+	struct libnet_DelShare r;
+
+	torture_comment(tctx, "Deleting share %s\n", sharename);
+
+	if (!(libnetctx = libnet_context_init(tctx->ev, tctx->lp_ctx))) {
+		return false;
+	}
+
+	libnetctx->cred = samba_cmdline_get_creds();
+
+	r.in.share_name		= sharename;
+	r.in.server_name	= host;
+
+	status = libnet_DelShare(libnetctx, tctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		d_printf("Failed to delete share: %s (%s)\n",
+			nt_errstr(status), r.out.error_string);
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_CreateDir(TALLOC_CTX *mem_ctx,
+			   struct smbcli_state **cli,
+			   struct torture_context *tctx,
+			   const char *host,
+			   const char *share,
+			   const char *dir)
+{
+	printf("Creating directory %s\n", dir);
+
+	if (!torture_open_connection_share(mem_ctx, cli, tctx, host, share, tctx->ev)) {
+		return false;
+	}
+
+	if (!torture_setup_dir(*cli, dir)) {
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_DeleteDir(struct torture_context *tctx,
+			   struct smbcli_state *cli,
+			   const char *dir)
+{
+	torture_comment(tctx, "Deleting directory %s\n", dir);
+
+	if (smbcli_deltree(cli->tree, dir) == -1) {
+		printf("Unable to delete dir %s - %s\n", dir,
+			smbcli_errstr(cli->tree));
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_GetManagerVersion_opts(struct torture_context *tctx,
+					struct dcerpc_binding_handle *b,
+					enum dfs_ManagerVersion *version_p)
+{
+	struct dfs_GetManagerVersion r;
+	enum dfs_ManagerVersion version;
+
+	r.out.version = &version;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_dfs_GetManagerVersion_r(b, tctx, &r),
+		"GetManagerVersion failed");
+
+	if (version_p) {
+		*version_p = version;
+	}
+
+	return true;
+}
+
+
+static bool test_GetManagerVersion(struct torture_context *tctx,
+				   struct dcerpc_pipe *p)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	return test_GetManagerVersion_opts(tctx, b, NULL);
+}
+
+static bool test_ManagerInitialize(struct torture_context *tctx,
+				   struct dcerpc_pipe *p)
+{
+	enum dfs_ManagerVersion version;
+	struct dfs_ManagerInitialize r;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	const char *host = torture_setting_string(tctx, "host", NULL);
+
+	torture_comment(tctx, "Testing ManagerInitialize\n");
+
+	torture_assert(tctx,
+		test_GetManagerVersion_opts(tctx, b, &version),
+		"GetManagerVersion failed");
+
+	r.in.servername = host;
+	r.in.flags = 0;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_dfs_ManagerInitialize_r(b, tctx, &r),
+		"ManagerInitialize failed");
+	if (!W_ERROR_IS_OK(r.out.result)) {
+		torture_warning(tctx, "dfs_ManagerInitialize failed - %s\n",
+			win_errstr(r.out.result));
+		IS_DFS_VERSION_UNSUPPORTED_CALL_W2K3(version, r.out.result);
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_GetInfoLevel(struct torture_context *tctx,
+			      struct dcerpc_binding_handle *b,
+			      uint16_t level,
+			      const char *root)
+{
+	struct dfs_GetInfo r;
+	union dfs_Info info;
+
+	torture_comment(tctx, "Testing GetInfo level %u on '%s'\n", level, root);
+
+	r.in.dfs_entry_path = root;
+	r.in.servername = NULL;
+	r.in.sharename = NULL;
+	r.in.level = level;
+	r.out.info = &info;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_dfs_GetInfo_r(b, tctx, &r),
+		"GetInfo failed");
+
+	if (!W_ERROR_IS_OK(r.out.result) &&
+	    !W_ERROR_EQUAL(WERR_NO_MORE_ITEMS, r.out.result)) {
+		torture_warning(tctx, "dfs_GetInfo failed - %s\n", win_errstr(r.out.result));
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_GetInfo(struct torture_context *tctx,
+			 struct dcerpc_binding_handle *b,
+			 const char *root)
+{
+	bool ret = true;
+	/* 103, 104, 105, 106 is only available on Set */
+	uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 100, 101, 102, 103, 104, 105, 106};
+	int i;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		if (!test_GetInfoLevel(tctx, b, levels[i], root)) {
+			ret = false;
+		}
+	}
+	return ret;
+}
+
+static bool test_EnumLevelEx(struct torture_context *tctx,
+			     struct dcerpc_binding_handle *b,
+			     uint16_t level,
+			     const char *dfs_name)
+{
+	struct dfs_EnumEx rex;
+	uint32_t total=0;
+	struct dfs_EnumStruct e;
+	struct dfs_Info1 s;
+	struct dfs_EnumArray1 e1;
+	bool ret = true;
+
+	rex.in.level = level;
+	rex.in.bufsize = (uint32_t)-1;
+	rex.in.total = &total;
+	rex.in.info = &e;
+	rex.in.dfs_name = dfs_name;
+
+	e.level = rex.in.level;
+	e.e.info1 = &e1;
+	e.e.info1->count = 0;
+	e.e.info1->s = &s;
+	s.path = NULL;
+
+	torture_comment(tctx, "Testing EnumEx level %u on '%s'\n", level, dfs_name);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_dfs_EnumEx_r(b, tctx, &rex),
+		"EnumEx failed");
+	torture_assert_werr_ok(tctx, rex.out.result,
+		"EnumEx failed");
+
+	if (level == 1 && rex.out.total) {
+		int i;
+		for (i=0;i<*rex.out.total;i++) {
+			const char *root = rex.out.info->e.info1->s[i].path;
+			if (!test_GetInfo(tctx, b, root)) {
+				ret = false;
+			}
+		}
+	}
+
+	if (level == 300 && rex.out.total) {
+		int i,k;
+		for (i=0;i<*rex.out.total;i++) {
+			uint16_t levels[] = {1, 2, 3, 4, 200}; /* 300 */
+			const char *root = rex.out.info->e.info300->s[i].dom_root;
+			for (k=0;k<ARRAY_SIZE(levels);k++) {
+				if (!test_EnumLevelEx(tctx, b,
+						      levels[k], root))
+				{
+					ret = false;
+				}
+			}
+			if (!test_GetInfo(tctx, b, root)) {
+				ret = false;
+			}
+		}
+	}
+
+	return ret;
+}
+
+
+static bool test_EnumLevel(struct torture_context *tctx,
+			   struct dcerpc_binding_handle *b,
+			   uint16_t level)
+{
+	struct dfs_Enum r;
+	uint32_t total=0;
+	struct dfs_EnumStruct e;
+	struct dfs_Info1 s;
+	struct dfs_EnumArray1 e1;
+	bool ret = true;
+
+	r.in.level = level;
+	r.in.bufsize = (uint32_t)-1;
+	r.in.total = &total;
+	r.in.info = &e;
+
+	e.level = r.in.level;
+	e.e.info1 = &e1;
+	e.e.info1->count = 0;
+	e.e.info1->s = &s;
+	s.path = NULL;
+
+	torture_comment(tctx, "Testing Enum level %u\n", level);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_dfs_Enum_r(b, tctx, &r),
+		"Enum failed");
+
+	if (!W_ERROR_IS_OK(r.out.result) &&
+	    !W_ERROR_EQUAL(WERR_NO_MORE_ITEMS, r.out.result)) {
+		torture_warning(tctx, "dfs_Enum failed - %s\n", win_errstr(r.out.result));
+		return false;
+	}
+
+	if (level == 1 && r.out.total) {
+		int i;
+		for (i=0;i<*r.out.total;i++) {
+			const char *root = r.out.info->e.info1->s[i].path;
+			if (!test_GetInfo(tctx, b, root)) {
+				ret = false;
+			}
+		}
+	}
+
+	return ret;
+}
+
+
+static bool test_Enum(struct torture_context *tctx,
+		      struct dcerpc_pipe *p)
+{
+	bool ret = true;
+	uint16_t levels[] = {1, 2, 3, 4, 5, 6, 200, 300};
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		if (!test_EnumLevel(tctx, b, levels[i])) {
+			ret = false;
+		}
+	}
+
+	return ret;
+}
+
+static bool test_EnumEx(struct torture_context *tctx,
+			struct dcerpc_pipe *p)
+{
+	bool ret = true;
+	uint16_t levels[] = {1, 2, 3, 4, 5, 6, 200, 300};
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	const char *host = torture_setting_string(tctx, "host", NULL);
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		if (!test_EnumLevelEx(tctx, b, levels[i], host)) {
+			ret = false;
+		}
+	}
+
+	return ret;
+}
+
+static bool test_RemoveStdRoot(struct torture_context *tctx,
+			       struct dcerpc_binding_handle *b,
+			       const char *host,
+			       const char *sharename)
+{
+	struct dfs_RemoveStdRoot r;
+
+	torture_comment(tctx, "Testing RemoveStdRoot\n");
+
+	r.in.servername	= host;
+	r.in.rootshare	= sharename;
+	r.in.flags	= 0;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_dfs_RemoveStdRoot_r(b, tctx, &r),
+		"RemoveStdRoot failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+		"dfs_RemoveStdRoot failed");
+
+	return true;
+}
+
+static bool test_AddStdRoot(struct torture_context *tctx,
+			    struct dcerpc_binding_handle *b,
+			    const char *host,
+			    const char *sharename)
+{
+	struct dfs_AddStdRoot r;
+
+	torture_comment(tctx, "Testing AddStdRoot\n");
+
+	r.in.servername	= host;
+	r.in.rootshare	= sharename;
+	r.in.comment	= "standard dfs standalone DFS root created by smbtorture (dfs_AddStdRoot)";
+	r.in.flags	= 0;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_dfs_AddStdRoot_r(b, tctx, &r),
+		"AddStdRoot failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+		"AddStdRoot failed");
+
+	return true;
+}
+
+static bool test_AddStdRootForced(struct torture_context *tctx,
+				  struct dcerpc_binding_handle *b,
+				  const char *host,
+				  const char *sharename)
+{
+	struct dfs_AddStdRootForced r;
+	enum dfs_ManagerVersion version;
+
+	torture_comment(tctx, "Testing AddStdRootForced\n");
+
+	torture_assert(tctx,
+		test_GetManagerVersion_opts(tctx, b, &version),
+		"GetManagerVersion failed");
+
+	r.in.servername	= host;
+	r.in.rootshare	= sharename;
+	r.in.comment	= "standard dfs forced standalone DFS root created by smbtorture (dfs_AddStdRootForced)";
+	r.in.store	= SMBTORTURE_DFS_PATHNAME;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_dfs_AddStdRootForced_r(b, tctx, &r),
+		"AddStdRootForced failed");
+	if (!W_ERROR_IS_OK(r.out.result)) {
+		torture_warning(tctx, "dfs_AddStdRootForced failed - %s\n",
+			win_errstr(r.out.result));
+		IS_DFS_VERSION_UNSUPPORTED_CALL_W2K3(version, r.out.result);
+		return false;
+	}
+
+	return test_RemoveStdRoot(tctx, b, host, sharename);
+}
+
+static void test_cleanup_stdroot(struct torture_context *tctx,
+				 struct dcerpc_binding_handle *b,
+				 const char *host,
+				 const char *sharename,
+				 const char *dir)
+{
+	struct smbcli_state *cli;
+
+	torture_comment(tctx, "Cleaning up StdRoot\n");
+
+	test_RemoveStdRoot(tctx, b, host, sharename);
+	test_NetShareDel(tctx, host, sharename);
+	if (torture_open_connection_share(tctx, &cli, tctx, host, "C$", tctx->ev)) {
+		test_DeleteDir(tctx, cli, dir);
+		torture_close_connection(cli);
+	}
+}
+
+static bool test_StdRoot(struct torture_context *tctx,
+			 struct dcerpc_pipe *p)
+{
+	const char *sharename = SMBTORTURE_DFS_SHARENAME;
+	const char *dir = SMBTORTURE_DFS_DIRNAME;
+	const char *path = SMBTORTURE_DFS_PATHNAME;
+	struct smbcli_state *cli;
+	bool ret = true;
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	torture_comment(tctx, "Testing StdRoot\n");
+
+	test_cleanup_stdroot(tctx, b, host, sharename, dir);
+
+	torture_assert(tctx,
+		test_CreateDir(tctx, &cli, tctx, host, "C$", dir),
+		"failed to connect C$ share and to create directory");
+	torture_assert(tctx,
+		test_NetShareAdd(tctx, host, sharename, path),
+		"failed to create new share");
+
+	ret &= test_AddStdRoot(tctx, b, host, sharename);
+	ret &= test_RemoveStdRoot(tctx, b, host, sharename);
+	ret &= test_AddStdRootForced(tctx, b, host, sharename);
+	ret &= test_NetShareDel(tctx, host, sharename);
+	ret &= test_DeleteDir(tctx, cli, dir);
+
+	torture_close_connection(cli);
+
+	return ret;
+}
+
+static bool test_GetDcAddress(struct torture_context *tctx,
+			      struct dcerpc_binding_handle *b,
+			      const char *host)
+{
+	struct dfs_GetDcAddress r;
+	uint8_t is_root = 0;
+	uint32_t ttl = 0;
+	const char *ptr;
+
+	torture_comment(tctx, "Testing GetDcAddress\n");
+
+	ptr = host;
+
+	r.in.servername = host;
+	r.in.server_fullname = r.out.server_fullname = &ptr;
+	r.in.is_root = r.out.is_root = &is_root;
+	r.in.ttl = r.out.ttl = &ttl;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_dfs_GetDcAddress_r(b, tctx, &r),
+		"GetDcAddress failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+		"dfs_GetDcAddress failed");
+
+	return true;
+}
+
+static bool test_SetDcAddress(struct torture_context *tctx,
+			      struct dcerpc_binding_handle *b,
+			      const char *host)
+{
+	struct dfs_SetDcAddress r;
+
+	torture_comment(tctx, "Testing SetDcAddress\n");
+
+	r.in.servername = host;
+	r.in.server_fullname = host;
+	r.in.flags = 0;
+	r.in.ttl = 1000;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_dfs_SetDcAddress_r(b, tctx, &r),
+		"SetDcAddress failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+		"dfs_SetDcAddress failed");
+
+	return true;
+}
+
+static bool test_DcAddress(struct torture_context *tctx,
+			   struct dcerpc_pipe *p)
+{
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (!test_GetDcAddress(tctx, b, host)) {
+		return false;
+	}
+
+	if (!test_SetDcAddress(tctx, b, host)) {
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_FlushFtTable(struct torture_context *tctx,
+			      struct dcerpc_binding_handle *b,
+			      const char *host,
+			      const char *sharename)
+{
+	struct dfs_FlushFtTable r;
+	enum dfs_ManagerVersion version;
+
+	torture_comment(tctx, "Testing FlushFtTable\n");
+
+	torture_assert(tctx,
+		test_GetManagerVersion_opts(tctx, b, &version),
+		"GetManagerVersion failed");
+
+	r.in.servername = host;
+	r.in.rootshare = sharename;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_dfs_FlushFtTable_r(b, tctx, &r),
+		"FlushFtTable failed");
+	if (!W_ERROR_IS_OK(r.out.result)) {
+		torture_warning(tctx, "dfs_FlushFtTable failed - %s\n",
+			win_errstr(r.out.result));
+		IS_DFS_VERSION_UNSUPPORTED_CALL_W2K3(version, r.out.result);
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_FtRoot(struct torture_context *tctx,
+			struct dcerpc_pipe *p)
+{
+	const char *sharename = SMBTORTURE_DFS_SHARENAME;
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	return test_FlushFtTable(tctx, b, host, sharename);
+}
+
+struct torture_suite *torture_rpc_dfs(TALLOC_CTX *mem_ctx)
+{
+	struct torture_rpc_tcase *tcase;
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "dfs");
+
+	tcase = torture_suite_add_rpc_iface_tcase(suite, "netdfs",
+						  &ndr_table_netdfs);
+
+	torture_rpc_tcase_add_test(tcase, "GetManagerVersion", test_GetManagerVersion);
+	torture_rpc_tcase_add_test(tcase, "ManagerInitialize", test_ManagerInitialize);
+	torture_rpc_tcase_add_test(tcase, "Enum", test_Enum);
+	torture_rpc_tcase_add_test(tcase, "EnumEx", test_EnumEx);
+	torture_rpc_tcase_add_test(tcase, "StdRoot", test_StdRoot);
+	torture_rpc_tcase_add_test(tcase, "FtRoot", test_FtRoot);
+	torture_rpc_tcase_add_test(tcase, "DcAddress", test_DcAddress);
+
+	return suite;
+}
diff --git a/source4/torture/rpc/drsuapi.c b/source4/torture/rpc/drsuapi.c
new file mode 100644
index 0000000..4c7e2fc
--- /dev/null
+++ b/source4/torture/rpc/drsuapi.c
@@ -0,0 +1,1049 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   DRSUapi tests
+
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) Stefan (metze) Metzmacher 2004
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2006
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/cmdline/cmdline.h"
+#include "librpc/gen_ndr/ndr_drsuapi_c.h"
+#include "torture/rpc/torture_rpc.h"
+#include "libcli/security/dom_sid.h"
+#include "param/param.h"
+
+#define TEST_MACHINE_NAME "torturetest"
+
+static bool test_DsBind(struct dcerpc_pipe *p,
+			struct torture_context *tctx,
+			struct policy_handle *bind_handle,
+			struct drsuapi_DsBindInfo28 *srv_info28)
+{
+	NTSTATUS status;
+	struct drsuapi_DsBind r;
+	struct GUID bind_guid;
+	struct drsuapi_DsBindInfo28 *bind_info28;
+	struct drsuapi_DsBindInfoCtr bind_info_ctr;
+
+	ZERO_STRUCT(bind_info_ctr);
+	bind_info_ctr.length = 28;
+
+	bind_info28 = &bind_info_ctr.info.info28;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_BASE;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7;
+	bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT;
+
+	GUID_from_string(DRSUAPI_DS_BIND_GUID, &bind_guid);
+
+	r.in.bind_guid = &bind_guid;
+	r.in.bind_info = &bind_info_ctr;
+	r.out.bind_handle = bind_handle;
+
+	torture_comment(tctx, "Testing DsBind\n");
+
+	status = dcerpc_drsuapi_DsBind_r(p->binding_handle, tctx, &r);
+	torture_drsuapi_assert_call(tctx, p, status, &r, "dcerpc_drsuapi_DsBind");
+
+	if (srv_info28 != NULL) {
+		*srv_info28 = r.out.bind_info->info.info28;
+	}
+
+	return true;
+}
+
+static bool test_DsGetDomainControllerInfo(struct torture_context *tctx,
+					   struct DsPrivate *priv)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p = priv->drs_pipe;
+	struct drsuapi_DsGetDomainControllerInfo r;
+	union drsuapi_DsGetDCInfoCtr ctr;
+	union drsuapi_DsGetDCInfoRequest req;
+	int32_t level_out = 0;
+	bool found = false;
+	int i, j, k;
+	
+	struct {
+		const char *name;
+		WERROR expected;
+	} names[] = { 
+		{	
+			.name = torture_join_dom_netbios_name(priv->join),
+			.expected = WERR_OK
+		},
+		{
+			.name = torture_join_dom_dns_name(priv->join),
+			.expected = WERR_OK
+		},
+		{
+			.name = "__UNKNOWN_DOMAIN__",
+			.expected = WERR_DS_OBJ_NOT_FOUND
+		},
+		{
+			.name = "unknown.domain.samba.example.com",
+			.expected = WERR_DS_OBJ_NOT_FOUND
+		},
+	};
+	int levels[] = {1, 2};
+	int level;
+
+	for (i=0; i < ARRAY_SIZE(levels); i++) {
+		for (j=0; j < ARRAY_SIZE(names); j++) {
+			level = levels[i];
+			r.in.bind_handle = &priv->bind_handle;
+			r.in.level = 1;
+			r.in.req = &req;
+			
+			r.in.req->req1.domain_name = names[j].name;
+			r.in.req->req1.level = level;
+
+			r.out.ctr = &ctr;
+			r.out.level_out = &level_out;
+			
+			torture_comment(tctx,
+				   "Testing DsGetDomainControllerInfo level %d on domainname '%s'\n",
+			       r.in.req->req1.level, r.in.req->req1.domain_name);
+		
+			status = dcerpc_drsuapi_DsGetDomainControllerInfo_r(p->binding_handle, tctx, &r);
+			torture_assert_ntstatus_ok(tctx, status,
+				   "dcerpc_drsuapi_DsGetDomainControllerInfo with dns domain failed");
+			torture_assert_werr_equal(tctx,
+									  r.out.result, names[j].expected, 
+					   "DsGetDomainControllerInfo level with dns domain failed");
+		
+			if (!W_ERROR_IS_OK(r.out.result)) {
+				/* If this was an error, we can't read the result structure */
+				continue;
+			}
+
+			torture_assert_int_equal(tctx,
+						 r.in.req->req1.level, *r.out.level_out,
+						 "dcerpc_drsuapi_DsGetDomainControllerInfo in/out level differs");
+
+			switch (level) {
+			case 1:
+				for (k=0; k < r.out.ctr->ctr1.count; k++) {
+					if (strcasecmp_m(r.out.ctr->ctr1.array[k].netbios_name,
+							 torture_join_netbios_name(priv->join)) == 0) {
+						found = true;
+						break;
+					}
+				}
+				break;
+			case 2:
+				for (k=0; k < r.out.ctr->ctr2.count; k++) {
+					if (strcasecmp_m(r.out.ctr->ctr2.array[k].netbios_name,
+							 torture_join_netbios_name(priv->join)) == 0) {
+						found = true;
+						priv->dcinfo	= r.out.ctr->ctr2.array[k];
+						break;
+					}
+				}
+				break;
+			}
+			torture_assert(tctx, found,
+				 "dcerpc_drsuapi_DsGetDomainControllerInfo: Failed to find the domain controller we just created during the join");
+		}
+	}
+
+	r.in.bind_handle = &priv->bind_handle;
+	r.in.level = 1;
+
+	r.out.ctr = &ctr;
+	r.out.level_out = &level_out;
+
+	r.in.req->req1.domain_name = "__UNKNOWN_DOMAIN__"; /* This is clearly ignored for this level */
+	r.in.req->req1.level = -1;
+	
+	torture_comment(tctx, "Testing DsGetDomainControllerInfo level %d on domainname '%s'\n",
+			r.in.req->req1.level, r.in.req->req1.domain_name);
+	
+	status = dcerpc_drsuapi_DsGetDomainControllerInfo_r(p->binding_handle, tctx, &r);
+
+	torture_assert_ntstatus_ok(tctx, status,
+				   "dcerpc_drsuapi_DsGetDomainControllerInfo with dns domain failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+				"DsGetDomainControllerInfo with dns domain failed");
+	
+	{
+		const char *dc_account = talloc_asprintf(tctx, "%s\\%s$",
+							 torture_join_dom_netbios_name(priv->join), 
+							 priv->dcinfo.netbios_name);
+		torture_comment(tctx, "%s: Enum active LDAP sessions searching for %s\n", __func__, dc_account);
+		for (k=0; k < r.out.ctr->ctr01.count; k++) {
+			if (strcasecmp_m(r.out.ctr->ctr01.array[k].client_account,
+					 dc_account)) {
+				found = true;
+				break;
+			}
+		}
+		torture_assert(tctx, found,
+			"dcerpc_drsuapi_DsGetDomainControllerInfo level: Failed to find the domain controller in last logon records");
+	}
+
+
+	return true;
+}
+
+static bool test_DsWriteAccountSpn(struct torture_context *tctx,
+				   struct DsPrivate *priv)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p = priv->drs_pipe;
+	struct drsuapi_DsWriteAccountSpn r;
+	union drsuapi_DsWriteAccountSpnRequest req;
+	struct drsuapi_DsNameString names[2];
+	union drsuapi_DsWriteAccountSpnResult res;
+	uint32_t level_out;
+
+	r.in.bind_handle		= &priv->bind_handle;
+	r.in.level			= 1;
+	r.in.req			= &req;
+
+	torture_comment(tctx, "Testing DsWriteAccountSpn\n");
+
+	r.in.req->req1.operation	= DRSUAPI_DS_SPN_OPERATION_ADD;
+	r.in.req->req1.unknown1	= 0;
+	r.in.req->req1.object_dn	= priv->dcinfo.computer_dn;
+	r.in.req->req1.count		= 2;
+	r.in.req->req1.spn_names	= names;
+	names[0].str = talloc_asprintf(tctx, "smbtortureSPN/%s",priv->dcinfo.netbios_name);
+	names[1].str = talloc_asprintf(tctx, "smbtortureSPN/%s",priv->dcinfo.dns_name);
+
+	r.out.res			= &res;
+	r.out.level_out			= &level_out;
+
+	status = dcerpc_drsuapi_DsWriteAccountSpn_r(p->binding_handle, tctx, &r);
+	torture_drsuapi_assert_call(tctx, p, status, &r, "dcerpc_drsuapi_DsWriteAccountSpn");
+
+	r.in.req->req1.operation	= DRSUAPI_DS_SPN_OPERATION_DELETE;
+	r.in.req->req1.unknown1		= 0;
+
+	status = dcerpc_drsuapi_DsWriteAccountSpn_r(p->binding_handle, tctx, &r);
+	torture_drsuapi_assert_call(tctx, p, status, &r, "dcerpc_drsuapi_DsWriteAccountSpn");
+
+	return true;
+}
+
+static bool test_DsReplicaGetInfo(struct torture_context *tctx,
+				  struct DsPrivate *priv)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p = priv->drs_pipe;
+	struct drsuapi_DsReplicaGetInfo r;
+	union drsuapi_DsReplicaGetInfoRequest req;
+	union drsuapi_DsReplicaInfo info;
+	enum drsuapi_DsReplicaInfoType info_type;
+	int i;
+	struct {
+		int32_t level;
+		int32_t infotype;
+		const char *obj_dn;
+	} array[] = {
+		{	
+			DRSUAPI_DS_REPLICA_GET_INFO,
+			DRSUAPI_DS_REPLICA_INFO_NEIGHBORS,
+			NULL
+		},{
+			DRSUAPI_DS_REPLICA_GET_INFO,
+			DRSUAPI_DS_REPLICA_INFO_CURSORS,
+			NULL
+		},{
+			DRSUAPI_DS_REPLICA_GET_INFO,
+			DRSUAPI_DS_REPLICA_INFO_OBJ_METADATA,
+			NULL
+		},{
+			DRSUAPI_DS_REPLICA_GET_INFO,
+			DRSUAPI_DS_REPLICA_INFO_KCC_DSA_CONNECT_FAILURES,
+			NULL
+		},{
+			DRSUAPI_DS_REPLICA_GET_INFO,
+			DRSUAPI_DS_REPLICA_INFO_KCC_DSA_LINK_FAILURES,
+			NULL
+		},{
+			DRSUAPI_DS_REPLICA_GET_INFO,
+			DRSUAPI_DS_REPLICA_INFO_PENDING_OPS,
+			NULL
+		},{
+			DRSUAPI_DS_REPLICA_GET_INFO2,
+			DRSUAPI_DS_REPLICA_INFO_ATTRIBUTE_VALUE_METADATA,
+			NULL
+		},{
+			DRSUAPI_DS_REPLICA_GET_INFO2,
+			DRSUAPI_DS_REPLICA_INFO_CURSORS2,
+			NULL
+		},{
+			DRSUAPI_DS_REPLICA_GET_INFO2,
+			DRSUAPI_DS_REPLICA_INFO_CURSORS3,
+			NULL
+		},{
+			DRSUAPI_DS_REPLICA_GET_INFO2,
+			DRSUAPI_DS_REPLICA_INFO_OBJ_METADATA2,
+			NULL
+		},{
+			DRSUAPI_DS_REPLICA_GET_INFO2,
+			DRSUAPI_DS_REPLICA_INFO_ATTRIBUTE_VALUE_METADATA2,
+			NULL
+		},{
+			DRSUAPI_DS_REPLICA_GET_INFO2,
+			DRSUAPI_DS_REPLICA_INFO_REPSTO,
+			NULL
+		},{
+			DRSUAPI_DS_REPLICA_GET_INFO2,
+			DRSUAPI_DS_REPLICA_INFO_CLIENT_CONTEXTS,
+			"__IGNORED__"
+		},{
+			DRSUAPI_DS_REPLICA_GET_INFO2,
+			DRSUAPI_DS_REPLICA_INFO_UPTODATE_VECTOR_V1,
+			NULL
+		},{
+			DRSUAPI_DS_REPLICA_GET_INFO2,
+			DRSUAPI_DS_REPLICA_INFO_SERVER_OUTGOING_CALLS,
+			NULL
+		}
+	};
+
+	if (torture_setting_bool(tctx, "samba4", false)) {
+		torture_comment(tctx, "skipping DsReplicaGetInfo test against Samba4\n");
+		return true;
+	}
+
+	r.in.bind_handle	= &priv->bind_handle;
+	r.in.req		= &req;
+
+	for (i=0; i < ARRAY_SIZE(array); i++) {
+		const char *object_dn;
+
+		torture_comment(tctx, "Testing DsReplicaGetInfo level %d infotype %d\n",
+				array[i].level, array[i].infotype);
+
+		object_dn = (array[i].obj_dn ? array[i].obj_dn : priv->domain_obj_dn);
+
+		r.in.level = array[i].level;
+		switch(r.in.level) {
+		case DRSUAPI_DS_REPLICA_GET_INFO:
+			r.in.req->req1.info_type	= array[i].infotype;
+			r.in.req->req1.object_dn	= object_dn;
+			ZERO_STRUCT(r.in.req->req1.source_dsa_guid);
+			break;
+		case DRSUAPI_DS_REPLICA_GET_INFO2:
+			r.in.req->req2.info_type	= array[i].infotype;
+			r.in.req->req2.object_dn	= object_dn;
+			ZERO_STRUCT(r.in.req->req2.source_dsa_guid);
+			r.in.req->req2.flags		= 0;
+			r.in.req->req2.attribute_name	= NULL;
+			r.in.req->req2.value_dn_str	= NULL;
+			r.in.req->req2.enumeration_context = 0;
+			break;
+		}
+
+		r.out.info		= &info;
+		r.out.info_type		= &info_type;
+
+		status = dcerpc_drsuapi_DsReplicaGetInfo_r(p->binding_handle, tctx, &r);
+		torture_drsuapi_assert_call(tctx, p, status, &r, "dcerpc_drsuapi_DsReplicaGetInfo");
+		if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE)) {
+			torture_comment(tctx,
+					"DsReplicaGetInfo level %d and/or infotype %d not supported by server\n",
+					array[i].level, array[i].infotype);
+		} else {
+			torture_drsuapi_assert_call(tctx, p, status, &r, "dcerpc_drsuapi_DsReplicaGetInfo");
+		}
+	}
+
+	return true;
+}
+
+static bool test_DsReplicaSync(struct torture_context *tctx,
+				struct DsPrivate *priv)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p = priv->drs_pipe;
+	int i;
+	struct drsuapi_DsReplicaSync r;
+	union drsuapi_DsReplicaSyncRequest sync_req;
+	struct drsuapi_DsReplicaObjectIdentifier nc;
+	struct dom_sid null_sid;
+	struct {
+		int32_t level;
+	} array[] = {
+		{	
+			1
+		}
+	};
+
+	if (!torture_setting_bool(tctx, "dangerous", false)) {
+		torture_comment(tctx, "DsReplicaSync disabled - enable dangerous tests to use\n");
+		return true;
+	}
+
+	if (torture_setting_bool(tctx, "samba4", false)) {
+		torture_comment(tctx, "skipping DsReplicaSync test against Samba4\n");
+		return true;
+	}
+
+	ZERO_STRUCT(null_sid);
+
+	r.in.bind_handle	= &priv->bind_handle;
+
+	for (i=0; i < ARRAY_SIZE(array); i++) {
+		torture_comment(tctx, "Testing DsReplicaSync level %d\n",
+				array[i].level);
+
+		r.in.level = array[i].level;
+		switch(r.in.level) {
+		case 1:
+			nc.guid					= GUID_zero();
+			nc.sid					= null_sid;
+			nc.dn					= priv->domain_obj_dn?priv->domain_obj_dn:"";
+
+			sync_req.req1.naming_context		= &nc;
+			sync_req.req1.source_dsa_guid		= priv->dcinfo.ntds_guid;
+			sync_req.req1.source_dsa_dns		= NULL;
+			sync_req.req1.options			= 16;
+
+			r.in.req 				= &sync_req;
+			break;
+		}
+
+		status = dcerpc_drsuapi_DsReplicaSync_r(p->binding_handle, tctx, &r);
+		torture_drsuapi_assert_call(tctx, p, status, &r, "dcerpc_drsuapi_DsReplicaSync");
+	}
+
+	return true;
+}
+
+static bool test_DsReplicaUpdateRefs(struct torture_context *tctx,
+				     struct DsPrivate *priv)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p = priv->drs_pipe;
+	struct drsuapi_DsReplicaUpdateRefs r;
+	struct drsuapi_DsReplicaObjectIdentifier nc;
+	struct GUID dest_dsa_guid;
+	const char *dest_dsa_guid_str;
+	struct dom_sid null_sid;
+
+	ZERO_STRUCT(null_sid);
+	dest_dsa_guid = GUID_random();
+	dest_dsa_guid_str = GUID_string(tctx, &dest_dsa_guid);
+
+	r.in.bind_handle = &priv->bind_handle;
+	r.in.level	 = 1; /* Only version 1 is defined presently */
+
+	/* setup NC */
+	nc.guid		= priv->domain_obj_dn ? GUID_zero():priv->domain_guid;
+	nc.sid		= null_sid;
+	nc.dn		= priv->domain_obj_dn ? priv->domain_obj_dn : "";
+
+	/* default setup for request */
+	r.in.req.req1.naming_context	= &nc;
+	r.in.req.req1.dest_dsa_dns_name	= talloc_asprintf(tctx, "%s._msdn.%s",
+								dest_dsa_guid_str,
+								priv->domain_dns_name);
+	r.in.req.req1.dest_dsa_guid	= dest_dsa_guid;
+
+	/* 1. deleting replica dest should fail */
+	torture_comment(tctx, "delete: %s\n", r.in.req.req1.dest_dsa_dns_name);
+	r.in.req.req1.options		= DRSUAPI_DRS_DEL_REF;
+	status = dcerpc_drsuapi_DsReplicaUpdateRefs_r(p->binding_handle, tctx, &r);
+	torture_drsuapi_assert_call_werr(tctx, p,
+					 status, WERR_DS_DRA_REF_NOT_FOUND, &r,
+					 "dcerpc_drsuapi_DsReplicaUpdateRefs");
+
+	/* 2. hopefully adding random replica dest should succeed */
+	torture_comment(tctx, "add    : %s\n", r.in.req.req1.dest_dsa_dns_name);
+	r.in.req.req1.options		= DRSUAPI_DRS_ADD_REF;
+	status = dcerpc_drsuapi_DsReplicaUpdateRefs_r(p->binding_handle, tctx, &r);
+	torture_drsuapi_assert_call_werr(tctx, p,
+					 status, WERR_OK, &r,
+					 "dcerpc_drsuapi_DsReplicaUpdateRefs");
+
+	/* 3. try adding same replica dest - should fail */
+	torture_comment(tctx, "add    : %s\n", r.in.req.req1.dest_dsa_dns_name);
+	r.in.req.req1.options		= DRSUAPI_DRS_ADD_REF;
+	status = dcerpc_drsuapi_DsReplicaUpdateRefs_r(p->binding_handle, tctx, &r);
+	torture_drsuapi_assert_call_werr(tctx, p,
+					 status, WERR_DS_DRA_REF_ALREADY_EXISTS, &r,
+					 "dcerpc_drsuapi_DsReplicaUpdateRefs");
+
+	/* 4. try resetting same replica dest - should succeed */
+	torture_comment(tctx, "reset : %s\n", r.in.req.req1.dest_dsa_dns_name);
+	r.in.req.req1.options		= DRSUAPI_DRS_DEL_REF | DRSUAPI_DRS_ADD_REF;
+	status = dcerpc_drsuapi_DsReplicaUpdateRefs_r(p->binding_handle, tctx, &r);
+	torture_drsuapi_assert_call_werr(tctx, p,
+					 status, WERR_OK, &r,
+					 "dcerpc_drsuapi_DsReplicaUpdateRefs");
+
+	/* 5. delete random replicate added at step 2. */
+	torture_comment(tctx, "delete : %s\n", r.in.req.req1.dest_dsa_dns_name);
+	r.in.req.req1.options		= DRSUAPI_DRS_DEL_REF;
+	status = dcerpc_drsuapi_DsReplicaUpdateRefs_r(p->binding_handle, tctx, &r);
+	torture_drsuapi_assert_call_werr(tctx, p,
+					 status, WERR_OK, &r,
+					 "dcerpc_drsuapi_DsReplicaUpdateRefs");
+
+	/* 6. try replace on non-existing replica dest - should succeed */
+	torture_comment(tctx, "replace: %s\n", r.in.req.req1.dest_dsa_dns_name);
+	r.in.req.req1.options		= DRSUAPI_DRS_DEL_REF | DRSUAPI_DRS_ADD_REF;
+	status = dcerpc_drsuapi_DsReplicaUpdateRefs_r(p->binding_handle, tctx, &r);
+	torture_drsuapi_assert_call_werr(tctx, p,
+					 status, WERR_OK, &r,
+					 "dcerpc_drsuapi_DsReplicaUpdateRefs");
+
+	/* 7. delete random replicate added at step 6. */
+	torture_comment(tctx, "delete : %s\n", r.in.req.req1.dest_dsa_dns_name);
+	r.in.req.req1.options		= DRSUAPI_DRS_DEL_REF;
+	status = dcerpc_drsuapi_DsReplicaUpdateRefs_r(p->binding_handle, tctx, &r);
+	torture_drsuapi_assert_call_werr(tctx, p,
+					 status, WERR_OK, &r,
+					 "dcerpc_drsuapi_DsReplicaUpdateRefs");
+
+	return true;
+}
+
+static bool test_DsGetNCChanges(struct torture_context *tctx,
+				struct DsPrivate *priv)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p = priv->drs_pipe;
+	int i;
+	struct drsuapi_DsGetNCChanges r;
+	union drsuapi_DsGetNCChangesRequest req;
+	union drsuapi_DsGetNCChangesCtr ctr;
+	struct drsuapi_DsReplicaObjectIdentifier nc;
+	struct dom_sid null_sid;
+	uint32_t level_out;
+	struct {
+		uint32_t level;
+	} array[] = {
+		{	
+			5
+		},
+		{	
+			8
+		}
+	};
+
+	if (torture_setting_bool(tctx, "samba4", false)) {
+		torture_comment(tctx, "skipping DsGetNCChanges test against Samba4\n");
+		return true;
+	}
+
+	ZERO_STRUCT(null_sid);
+
+	for (i=0; i < ARRAY_SIZE(array); i++) {
+		torture_comment(tctx,
+				"Testing DsGetNCChanges level %d\n",
+				array[i].level);
+
+		r.in.bind_handle	= &priv->bind_handle;
+		r.in.level		= array[i].level;
+		r.out.level_out		= &level_out;
+		r.out.ctr		= &ctr;
+
+		switch (r.in.level) {
+		case 5:
+			nc.guid	= GUID_zero();
+			nc.sid	= null_sid;
+			nc.dn	= priv->domain_obj_dn ? priv->domain_obj_dn : "";
+
+			r.in.req					= &req;
+			r.in.req->req5.destination_dsa_guid		= GUID_random();
+			r.in.req->req5.source_dsa_invocation_id	= GUID_zero();
+			r.in.req->req5.naming_context			= &nc;
+			r.in.req->req5.highwatermark.tmp_highest_usn	= 0;
+			r.in.req->req5.highwatermark.reserved_usn	= 0;
+			r.in.req->req5.highwatermark.highest_usn	= 0;
+			r.in.req->req5.uptodateness_vector		= NULL;
+			r.in.req->req5.replica_flags			= 0;
+			if (lpcfg_parm_bool(tctx->lp_ctx, NULL, "drsuapi", "compression", false)) {
+				r.in.req->req5.replica_flags		|= DRSUAPI_DRS_USE_COMPRESSION;
+			}
+			r.in.req->req5.max_object_count			= 0;
+			r.in.req->req5.max_ndr_size			= 0;
+			r.in.req->req5.extended_op			= DRSUAPI_EXOP_NONE;
+			r.in.req->req5.fsmo_info			= 0;
+
+			break;
+		case 8:
+			nc.guid	= GUID_zero();
+			nc.sid	= null_sid;
+			nc.dn	= priv->domain_obj_dn ? priv->domain_obj_dn : "";
+
+			r.in.req					= &req;
+			r.in.req->req8.destination_dsa_guid		= GUID_random();
+			r.in.req->req8.source_dsa_invocation_id	= GUID_zero();
+			r.in.req->req8.naming_context			= &nc;
+			r.in.req->req8.highwatermark.tmp_highest_usn	= 0;
+			r.in.req->req8.highwatermark.reserved_usn	= 0;
+			r.in.req->req8.highwatermark.highest_usn	= 0;
+			r.in.req->req8.uptodateness_vector		= NULL;
+			r.in.req->req8.replica_flags			= 0;
+			if (lpcfg_parm_bool(tctx->lp_ctx, NULL, "drsuapi", "compression", false)) {
+				r.in.req->req8.replica_flags		|= DRSUAPI_DRS_USE_COMPRESSION;
+			}
+			if (lpcfg_parm_bool(tctx->lp_ctx, NULL, "drsuapi", "neighbour_writeable", true)) {
+				r.in.req->req8.replica_flags		|= DRSUAPI_DRS_WRIT_REP;
+			}
+			r.in.req->req8.replica_flags			|= DRSUAPI_DRS_INIT_SYNC
+									| DRSUAPI_DRS_PER_SYNC
+									| DRSUAPI_DRS_GET_ANC
+									| DRSUAPI_DRS_NEVER_SYNCED
+									;
+			r.in.req->req8.max_object_count			= 402;
+			r.in.req->req8.max_ndr_size			= 402116;
+			r.in.req->req8.extended_op			= DRSUAPI_EXOP_NONE;
+			r.in.req->req8.fsmo_info			= 0;
+			r.in.req->req8.partial_attribute_set		= NULL;
+			r.in.req->req8.partial_attribute_set_ex		= NULL;
+			r.in.req->req8.mapping_ctr.num_mappings		= 0;
+			r.in.req->req8.mapping_ctr.mappings		= NULL;
+
+			break;
+		}
+
+		status = dcerpc_drsuapi_DsGetNCChanges_r(p->binding_handle, tctx, &r);
+		torture_drsuapi_assert_call(tctx, p, status, &r, "dcerpc_drsuapi_DsGetNCChanges");
+	}
+
+	return true;
+}
+
+bool test_QuerySitesByCost(struct torture_context *tctx,
+			   struct DsPrivate *priv)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p = priv->drs_pipe;
+	struct drsuapi_QuerySitesByCost r;
+	union drsuapi_QuerySitesByCostRequest req;
+
+	const char *my_site = "Default-First-Site-Name";
+	const char *remote_site1 = "smbtorture-nonexisting-site1";
+	const char *remote_site2 = "smbtorture-nonexisting-site2";
+
+	req.req1.site_from = talloc_strdup(tctx, my_site);
+	req.req1.num_req = 2;
+	req.req1.site_to = talloc_zero_array(tctx, const char *, 2);
+	req.req1.site_to[0] = talloc_strdup(tctx, remote_site1);
+	req.req1.site_to[1] = talloc_strdup(tctx, remote_site2);
+	req.req1.flags = 0;
+
+	r.in.bind_handle = &priv->bind_handle;
+	r.in.level = 1;
+	r.in.req = &req;
+
+	status = dcerpc_drsuapi_QuerySitesByCost_r(p->binding_handle, tctx, &r);
+	torture_drsuapi_assert_call(tctx, p, status, &r, "dcerpc_drsuapi_QuerySitesByCost");
+
+	if (W_ERROR_IS_OK(r.out.result)) {
+		torture_assert_werr_equal(tctx,
+					  r.out.ctr->ctr1.info[0].error_code, WERR_DS_OBJ_NOT_FOUND,
+					  "dcerpc_drsuapi_QuerySitesByCost");
+		torture_assert_werr_equal(tctx,
+					  r.out.ctr->ctr1.info[1].error_code, WERR_DS_OBJ_NOT_FOUND,
+					  "dcerpc_drsuapi_QuerySitesByCost expected error_code WERR_DS_OBJ_NOT_FOUND");
+
+		torture_assert_int_equal(tctx,
+					 r.out.ctr->ctr1.info[0].site_cost, -1,
+					 "dcerpc_drsuapi_QuerySitesByCost");
+		torture_assert_int_equal(tctx,
+					 r.out.ctr->ctr1.info[1].site_cost, -1,
+					 "dcerpc_drsuapi_QuerySitesByCost expected site cost");
+	}
+
+	return true;
+
+
+}
+
+bool test_DsUnbind(struct dcerpc_pipe *p,
+		   struct torture_context *tctx,
+		   struct DsPrivate *priv)
+{
+	NTSTATUS status;
+	struct drsuapi_DsUnbind r;
+
+	r.in.bind_handle = &priv->bind_handle;
+	r.out.bind_handle = &priv->bind_handle;
+
+	torture_comment(tctx, "Testing DsUnbind\n");
+
+	status = dcerpc_drsuapi_DsUnbind_r(p->binding_handle, tctx, &r);
+	torture_drsuapi_assert_call(tctx, p, status, &r, "dcerpc_drsuapi_DsUnbind");
+
+	return true;
+}
+
+
+/**
+ * Helper func to collect DC information for testing purposes.
+ * This function is almost identical to test_DsGetDomainControllerInfo
+ */
+bool torture_rpc_drsuapi_get_dcinfo(struct torture_context *torture,
+				    struct DsPrivate *priv)
+{
+	NTSTATUS status;
+	int32_t level_out = 0;
+	struct drsuapi_DsGetDomainControllerInfo r;
+	union drsuapi_DsGetDCInfoCtr ctr;
+	int j, k;
+	const char *names[] = {
+				torture_join_dom_netbios_name(priv->join),
+				torture_join_dom_dns_name(priv->join)};
+
+	for (j=0; j < ARRAY_SIZE(names); j++) {
+		union drsuapi_DsGetDCInfoRequest req;
+		struct dcerpc_binding_handle *b = priv->drs_pipe->binding_handle;
+		r.in.bind_handle = &priv->bind_handle;
+		r.in.level = 1;
+		r.in.req = &req;
+
+		r.in.req->req1.domain_name = names[j];
+		r.in.req->req1.level = 2;
+
+		r.out.ctr = &ctr;
+		r.out.level_out = &level_out;
+
+		status = dcerpc_drsuapi_DsGetDomainControllerInfo_r(b, torture, &r);
+		if (!NT_STATUS_IS_OK(status)) {
+			continue;
+		}
+		if (!W_ERROR_IS_OK(r.out.result)) {
+			/* If this was an error, we can't read the result structure */
+			continue;
+		}
+
+		for (k=0; k < r.out.ctr->ctr2.count; k++) {
+			if (strcasecmp_m(r.out.ctr->ctr2.array[k].netbios_name,
+					 torture_join_netbios_name(priv->join)) == 0) {
+				priv->dcinfo	= r.out.ctr->ctr2.array[k];
+				return true;
+			}
+		}
+	}
+
+	return false;
+}
+
+/**
+ * Common test case setup function to be used
+ * in DRS suit of test when appropriate
+ */
+bool torture_drsuapi_tcase_setup_common(struct torture_context *tctx, struct DsPrivate *priv)
+{
+	NTSTATUS status;
+	int rnd = rand() % 1000;
+	char *name = talloc_asprintf(tctx, "%s%d", TEST_MACHINE_NAME, rnd);
+
+	torture_assert(tctx, priv, "Invalid argument");
+
+	priv->admin_credentials = samba_cmdline_get_creds();
+
+	torture_comment(tctx, "Create DRSUAPI pipe\n");
+	status = torture_rpc_connection(tctx,
+					&priv->drs_pipe,
+					&ndr_table_drsuapi);
+	torture_assert(tctx, NT_STATUS_IS_OK(status), "Unable to connect to DRSUAPI pipe");
+
+	torture_comment(tctx, "About to join domain with name %s\n", name);
+	priv->join = torture_join_domain(tctx, name, ACB_SVRTRUST,
+					 &priv->dc_credentials);
+	torture_assert(tctx, priv->join, "Failed to join as BDC");
+
+	if (!test_DsBind(priv->drs_pipe, tctx,
+			 &priv->bind_handle,
+			 &priv->srv_bind_info))
+	{
+		/* clean up */
+		torture_drsuapi_tcase_teardown_common(tctx, priv);
+		torture_fail(tctx, "Failed execute test_DsBind()");
+	}
+
+	/* try collect some information for testing */
+	torture_rpc_drsuapi_get_dcinfo(tctx, priv);
+
+	return true;
+}
+
+/**
+ * Common test case teardown function to be used
+ * in DRS suit of test when appropriate
+ */
+bool torture_drsuapi_tcase_teardown_common(struct torture_context *tctx, struct DsPrivate *priv)
+{
+	if (priv->join) {
+		torture_leave_domain(tctx, priv->join);
+	}
+
+	return true;
+}
+
+/**
+ * Test case setup for DRSUAPI test case
+ */
+static bool torture_drsuapi_tcase_setup(struct torture_context *tctx, void **data)
+{
+	struct DsPrivate *priv;
+
+	*data = priv = talloc_zero(tctx, struct DsPrivate);
+
+	return torture_drsuapi_tcase_setup_common(tctx, priv);
+}
+
+/**
+ * Test case tear-down for DRSUAPI test case
+ */
+static bool torture_drsuapi_tcase_teardown(struct torture_context *tctx, void *data)
+{
+	bool ret;
+	struct DsPrivate *priv = talloc_get_type(data, struct DsPrivate);
+
+	ret = torture_drsuapi_tcase_teardown_common(tctx, priv);
+
+	talloc_free(priv);
+	return ret;
+}
+
+static bool __test_DsBind_assoc_group(struct torture_context *tctx,
+				      const char *testname,
+				      struct DsPrivate *priv,
+				      struct cli_credentials *creds)
+{
+	NTSTATUS status;
+	const char *err_msg;
+	struct drsuapi_DsCrackNames r;
+	union drsuapi_DsNameRequest req;
+	uint32_t level_out;
+	union drsuapi_DsNameCtr ctr;
+	struct drsuapi_DsNameString names[1];
+	const char *dom_sid = NULL;
+	struct dcerpc_pipe *p1 = NULL;
+	struct dcerpc_pipe *p2 = NULL;
+	TALLOC_CTX *mem_ctx = priv;
+	struct dcerpc_binding *binding = NULL;
+	struct policy_handle ds_bind_handle = { .handle_type = 0, };
+
+	torture_comment(tctx, "%s: starting...\n", testname);
+
+	torture_assert_ntstatus_ok(tctx,
+				   torture_rpc_binding(tctx, &binding),
+				   "torture_rpc_binding");
+
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_pipe_connect_b(tctx,
+							 &p1,
+							 binding,
+							 &ndr_table_drsuapi,
+							 creds,
+							 tctx->ev,
+							 tctx->lp_ctx),
+				   "connect p1");
+
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_pipe_connect_b(tctx,
+							 &p2,
+							 p1->binding,
+							 &ndr_table_drsuapi,
+							 creds,
+							 tctx->ev,
+							 tctx->lp_ctx),
+				   "connect p2");
+
+	torture_assert(tctx, test_DsBind(p1, tctx, &ds_bind_handle, NULL), "DsBind");
+
+	ZERO_STRUCT(r);
+	r.in.bind_handle		= &ds_bind_handle;
+	r.in.level			= 1;
+	r.in.req			= &req;
+	r.in.req->req1.codepage		= 1252; /* german */
+	r.in.req->req1.language		= 0x00000407; /* german */
+	r.in.req->req1.count		= 1;
+	r.in.req->req1.names		= names;
+	r.in.req->req1.format_flags	= DRSUAPI_DS_NAME_FLAG_NO_FLAGS;
+
+	r.in.req->req1.format_offered	= DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY;
+	r.in.req->req1.format_desired	= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
+
+	r.out.level_out			= &level_out;
+	r.out.ctr			= &ctr;
+
+	dom_sid = dom_sid_string(mem_ctx, torture_join_sid(priv->join));
+
+	names[0].str = dom_sid;
+
+	torture_comment(tctx, "Testing DsCrackNames on p1 with name '%s'"
+			      " offered format: %d desired format:%d\n",
+			names[0].str,
+			r.in.req->req1.format_offered,
+			r.in.req->req1.format_desired);
+	status = dcerpc_drsuapi_DsCrackNames_r(p1->binding_handle, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		const char *errstr = nt_errstr(status);
+		err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
+		torture_fail(tctx, err_msg);
+	} else if (!W_ERROR_IS_OK(r.out.result)) {
+		err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
+		torture_fail(tctx, err_msg);
+	} else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
+		err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
+					  r.out.ctr->ctr1->array[0].status);
+		torture_fail(tctx, err_msg);
+	}
+
+	torture_comment(tctx, "Testing DsCrackNames on p2 with name '%s'"
+			      " offered format: %d desired format:%d\n",
+			names[0].str,
+			r.in.req->req1.format_offered,
+			r.in.req->req1.format_desired);
+	status = dcerpc_drsuapi_DsCrackNames_r(p2->binding_handle, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		const char *errstr = nt_errstr(status);
+		err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
+		torture_fail(tctx, err_msg);
+	} else if (!W_ERROR_IS_OK(r.out.result)) {
+		err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
+		torture_fail(tctx, err_msg);
+	} else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
+		err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
+					  r.out.ctr->ctr1->array[0].status);
+		torture_fail(tctx, err_msg);
+	}
+
+	TALLOC_FREE(p1);
+
+	torture_comment(tctx, "Testing DsCrackNames on p2 (with p1 closed) with name '%s'"
+			      " offered format: %d desired format:%d\n",
+			names[0].str,
+			r.in.req->req1.format_offered,
+			r.in.req->req1.format_desired);
+	status = dcerpc_drsuapi_DsCrackNames_r(p2->binding_handle, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		const char *errstr = nt_errstr(status);
+		err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
+		torture_fail(tctx, err_msg);
+	} else if (!W_ERROR_IS_OK(r.out.result)) {
+		err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
+		torture_fail(tctx, err_msg);
+	} else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
+		err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
+					  r.out.ctr->ctr1->array[0].status);
+		torture_fail(tctx, err_msg);
+	}
+
+	torture_comment(tctx, "%s: ... finished\n", testname);
+	return true;
+}
+
+static bool test_DsBindAssocGroupAdmin(struct torture_context *tctx,
+				       struct DsPrivate *priv,
+				       struct cli_credentials *creds)
+{
+	return __test_DsBind_assoc_group(tctx, __func__, priv,
+					 priv->admin_credentials);
+}
+
+static bool test_DsBindAssocGroupDC(struct torture_context *tctx,
+				    struct DsPrivate *priv,
+				    struct cli_credentials *creds)
+{
+	return __test_DsBind_assoc_group(tctx, __func__, priv,
+					 priv->dc_credentials);
+}
+
+static bool test_DsBindAssocGroupWS(struct torture_context *tctx,
+				    struct DsPrivate *priv,
+				    struct cli_credentials *creds)
+{
+	struct test_join *wks_join = NULL;
+	struct cli_credentials *wks_credentials = NULL;
+	int rnd = rand() % 1000;
+	char *wks_name = talloc_asprintf(tctx, "WKS%s%d", TEST_MACHINE_NAME, rnd);
+	bool ret;
+
+	torture_comment(tctx, "%s: About to join workstation with name %s\n",
+			__func__, wks_name);
+	wks_join = torture_join_domain(tctx, wks_name, ACB_WSTRUST,
+				       &wks_credentials);
+	torture_assert(tctx, wks_join, "Failed to join as WORKSTATION");
+	ret = __test_DsBind_assoc_group(tctx, __func__, priv,
+					wks_credentials);
+	torture_leave_domain(tctx, wks_join);
+	return ret;
+}
+
+/**
+ * DRSUAPI test case implementation
+ */
+void torture_rpc_drsuapi_tcase(struct torture_suite *suite)
+{
+	typedef bool (*run_func) (struct torture_context *test, void *tcase_data);
+
+	struct torture_tcase *tcase = torture_suite_add_tcase(suite, "drsuapi");
+
+	torture_tcase_set_fixture(tcase, torture_drsuapi_tcase_setup,
+				  torture_drsuapi_tcase_teardown);
+
+#if 0
+	test = torture_tcase_add_simple_test(tcase, "QuerySitesByCost", (run_func)test_QuerySitesByCost);
+#endif
+
+	torture_tcase_add_simple_test(tcase, "DsGetDomainControllerInfo", (run_func)test_DsGetDomainControllerInfo);
+
+	torture_tcase_add_simple_test(tcase, "DsCrackNames", (run_func)test_DsCrackNames);
+
+	torture_tcase_add_simple_test(tcase, "DsWriteAccountSpn", (run_func)test_DsWriteAccountSpn);
+
+	torture_tcase_add_simple_test(tcase, "DsReplicaGetInfo", (run_func)test_DsReplicaGetInfo);
+
+	torture_tcase_add_simple_test(tcase, "DsReplicaSync", (run_func)test_DsReplicaSync);
+
+	torture_tcase_add_simple_test(tcase, "DsReplicaUpdateRefs", (run_func)test_DsReplicaUpdateRefs);
+
+	torture_tcase_add_simple_test(tcase, "DsGetNCChanges", (run_func)test_DsGetNCChanges);
+
+	torture_tcase_add_simple_test(tcase, "DsBindAssocGroupAdmin", (run_func)test_DsBindAssocGroupAdmin);
+	torture_tcase_add_simple_test(tcase, "DsBindAssocGroupDC", (run_func)test_DsBindAssocGroupDC);
+	torture_tcase_add_simple_test(tcase, "DsBindAssocGroupWS", (run_func)test_DsBindAssocGroupWS);
+}
diff --git a/source4/torture/rpc/drsuapi.h b/source4/torture/rpc/drsuapi.h
new file mode 100644
index 0000000..3cc4be4
--- /dev/null
+++ b/source4/torture/rpc/drsuapi.h
@@ -0,0 +1,94 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   DRSUapi tests
+
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) Stefan (metze) Metzmacher 2004
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "librpc/gen_ndr/drsuapi.h"
+
+/**
+ * Data structure common for most of DRSUAPI tests
+ */
+struct DsPrivate {
+	struct cli_credentials *admin_credentials;
+	struct dcerpc_pipe *drs_pipe;
+	struct policy_handle bind_handle;
+	struct drsuapi_DsBindInfo28 srv_bind_info;
+
+	const char *domain_obj_dn;
+	const char *domain_guid_str;
+	const char *domain_dns_name;
+	struct GUID domain_guid;
+	struct drsuapi_DsGetDCInfo2 dcinfo;
+	struct test_join *join;
+	struct cli_credentials *dc_credentials;
+};
+
+/**
+ * Data structure of DRSUAPI W2K8 tests
+ * W2K8 Clients use different versions of structs
+ */
+struct DsPrivate_w2k8 {
+	struct dcerpc_pipe *drs_pipe;
+	struct policy_handle bind_handle;
+	struct GUID bind_guid;
+	struct drsuapi_DsBindInfoCtr srv_bind_info;
+
+	const char *domain_obj_dn;
+	const char *domain_guid_str;
+	const char *domain_dns_name;
+	struct GUID domain_guid;
+	struct drsuapi_DsGetDCInfo3 dcinfo;
+	struct test_join *join;
+};
+
+
+/**
+ * Custom torture macro to check dcerpc_drsuapi_ call
+ * return values printing more friendly messages
+ * \param _tctx torture context
+ * \param _p DCERPC pipe handle
+ * \param _ntstatus NTSTATUS for dcerpc_drsuapi_ call
+ * \param _werr_expected Expected windows error to be returned
+ * \param _pr in/out DCEPRC request structure - pointer
+ * \param _msg error message prefix
+ */
+#define torture_drsuapi_assert_call_werr(_tctx, _p, _ntstat, _werr_expected, _pr, _msg) \
+	do { \
+		NTSTATUS __nt = _ntstat; \
+		if (!NT_STATUS_IS_OK(__nt)) { \
+			const char *errstr = nt_errstr(__nt); \
+			torture_fail(tctx, talloc_asprintf(_tctx, "%s failed - %s", _msg, errstr)); \
+		} \
+		torture_assert_werr_equal(_tctx, (_pr)->out.result, _werr_expected, _msg); \
+	} while(0)
+
+/**
+ * Custom torture macro to check dcerpc_drsuapi_ call
+ * return values printing more friendly messages
+ * \param _tctx torture context
+ * \param _p DCERPC pipe handle
+ * \param _ntstatus NTSTATUS for dcerpc_drsuapi_ call
+ * \param _pr in/out DCEPRC request structure
+ * \param _msg error message prefix
+ */
+#define torture_drsuapi_assert_call(_tctx, _p, _ntstat, _pr, _msg) \
+	torture_drsuapi_assert_call_werr(_tctx, _p, _ntstat, WERR_OK, _pr, _msg)
+
diff --git a/source4/torture/rpc/drsuapi_cracknames.c b/source4/torture/rpc/drsuapi_cracknames.c
new file mode 100644
index 0000000..0cbccda
--- /dev/null
+++ b/source4/torture/rpc/drsuapi_cracknames.c
@@ -0,0 +1,1087 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   DRSUapi tests
+
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) Stefan (metze) Metzmacher 2004
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_drsuapi_c.h"
+#include "torture/rpc/torture_rpc.h"
+#include <ldb.h>
+#include "libcli/security/security.h"
+
+#undef strcasecmp
+
+struct DsCrackNamesPrivate {
+	struct DsPrivate base;
+
+	/* following names are used in Crack Names Matrix test */
+	const char *fqdn_name;
+	const char *user_principal_name;
+	const char *service_principal_name;
+};
+
+static bool test_DsCrackNamesMatrix(struct torture_context *tctx,
+				    struct DsPrivate *priv, const char *dn,
+				    const char *user_principal_name, const char *service_principal_name)
+{
+	NTSTATUS status;
+	const char *err_msg;
+	struct drsuapi_DsCrackNames r;
+	union drsuapi_DsNameRequest req;
+	uint32_t level_out;
+	union drsuapi_DsNameCtr ctr;
+	struct dcerpc_pipe *p = priv->drs_pipe;
+	TALLOC_CTX *mem_ctx = priv;
+
+	enum drsuapi_DsNameFormat formats[] = {
+		DRSUAPI_DS_NAME_FORMAT_UNKNOWN,
+		DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+		DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
+		DRSUAPI_DS_NAME_FORMAT_DISPLAY,
+		DRSUAPI_DS_NAME_FORMAT_GUID,
+		DRSUAPI_DS_NAME_FORMAT_CANONICAL,
+		DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
+		DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
+		DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
+		DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
+		DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN
+	};
+	struct drsuapi_DsNameString names[ARRAY_SIZE(formats)];
+	int i, j;
+
+	const char *n_matrix[ARRAY_SIZE(formats)][ARRAY_SIZE(formats)];
+	const char *n_from[ARRAY_SIZE(formats)];
+
+	ZERO_STRUCT(r);
+	r.in.bind_handle		= &priv->bind_handle;
+	r.in.level			= 1;
+	r.in.req			= &req;
+	r.in.req->req1.codepage		= 1252; /* german */
+	r.in.req->req1.language		= 0x00000407; /* german */
+	r.in.req->req1.count		= 1;
+	r.in.req->req1.names		= names;
+	r.in.req->req1.format_flags	= DRSUAPI_DS_NAME_FLAG_NO_FLAGS;
+
+	r.out.level_out			= &level_out;
+	r.out.ctr			= &ctr;
+
+	n_matrix[0][0] = dn;
+
+	for (i = 0; i < ARRAY_SIZE(formats); i++) {
+		r.in.req->req1.format_offered	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
+		r.in.req->req1.format_desired	= formats[i];
+		names[0].str = dn;
+		torture_comment(tctx, "Testing DsCrackNames (matrix prep) with name '%s'"
+				      " offered format: %d desired format:%d\n",
+				names[0].str,
+				r.in.req->req1.format_offered,
+				r.in.req->req1.format_desired);
+		status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
+		if (!NT_STATUS_IS_OK(status)) {
+			const char *errstr = nt_errstr(status);
+			err_msg = talloc_asprintf(mem_ctx,
+					"testing DsCrackNames (matrix prep) with name '%s' from format: %d desired format:%d failed - %s",
+					names[0].str, r.in.req->req1.format_offered, r.in.req->req1.format_desired, errstr);
+			torture_fail(tctx, err_msg);
+		} else if (!W_ERROR_IS_OK(r.out.result)) {
+			err_msg = talloc_asprintf(mem_ctx,
+					"testing DsCrackNames (matrix prep) with name '%s' from format: %d desired format:%d failed - %s",
+			       names[0].str, r.in.req->req1.format_offered, r.in.req->req1.format_desired, win_errstr(r.out.result));
+			torture_fail(tctx, err_msg);
+		}
+			
+		switch (formats[i]) {
+		case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL:	
+			if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE) {
+				err_msg = talloc_asprintf(mem_ctx,
+						"Unexpected error (%d): This name lookup should fail",
+						r.out.ctr->ctr1->array[0].status);
+				torture_fail(tctx, err_msg);
+			}
+			torture_comment(tctx, __location__ ": (expected) error\n");
+			break;
+		case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL:
+			if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_NO_MAPPING) {
+				err_msg = talloc_asprintf(mem_ctx,
+						"Unexpected error (%d): This name lookup should fail",
+						r.out.ctr->ctr1->array[0].status);
+				torture_fail(tctx, err_msg);
+			}
+			torture_comment(tctx, __location__ ": (expected) error\n");
+			break;
+		case DRSUAPI_DS_NAME_FORMAT_UNKNOWN:	/* should fail as we ask server to convert to Unknown format */
+		case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN:	
+			if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR) {
+				err_msg = talloc_asprintf(mem_ctx,
+						"Unexpected error (%d): This name lookup should fail",
+						r.out.ctr->ctr1->array[0].status);
+				torture_fail(tctx, err_msg);
+			}
+			torture_comment(tctx, __location__ ": (expected) error\n");
+			break;
+		default:
+			if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
+				err_msg = talloc_asprintf(mem_ctx,
+						"DsCrackNames error: %d",
+						r.out.ctr->ctr1->array[0].status);
+				torture_fail(tctx, err_msg);
+			}
+			break;
+		}
+
+		switch (formats[i]) {
+		case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL:
+			n_from[i] = user_principal_name;
+			break;
+		case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL:	
+			n_from[i] = service_principal_name;
+			break;
+		case DRSUAPI_DS_NAME_FORMAT_UNKNOWN:
+		case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN:	
+			n_from[i] = NULL;
+			break;
+		default:
+			n_from[i] = r.out.ctr->ctr1->array[0].result_name;
+			printf("%s\n", n_from[i]);
+			break;
+		}
+	}
+
+	for (i = 0; i < ARRAY_SIZE(formats); i++) {
+		for (j = 0; j < ARRAY_SIZE(formats); j++) {
+			r.in.req->req1.format_offered	= formats[i];
+			r.in.req->req1.format_desired	= formats[j];
+			if (!n_from[i]) {
+				n_matrix[i][j] = NULL;
+				continue;
+			}
+			names[0].str = n_from[i];
+			status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
+			if (!NT_STATUS_IS_OK(status)) {
+				const char *errstr = nt_errstr(status);
+				err_msg = talloc_asprintf(mem_ctx,
+						"testing DsCrackNames (matrix) with name '%s' from format: %d desired format:%d failed - %s",
+						names[0].str, r.in.req->req1.format_offered, r.in.req->req1.format_desired, errstr);
+				torture_fail(tctx, err_msg);
+			} else if (!W_ERROR_IS_OK(r.out.result)) {
+				err_msg = talloc_asprintf(mem_ctx,
+						"testing DsCrackNames (matrix) with name '%s' from format: %d desired format:%d failed - %s",
+						names[0].str, r.in.req->req1.format_offered, r.in.req->req1.format_desired,
+						win_errstr(r.out.result));
+				torture_fail(tctx, err_msg);
+			}
+			
+			if (r.out.ctr->ctr1->array[0].status == DRSUAPI_DS_NAME_STATUS_OK) {
+				n_matrix[i][j] = r.out.ctr->ctr1->array[0].result_name;
+			} else {
+				n_matrix[i][j] = NULL;
+			}
+		}
+	}
+
+	for (i = 0; i < ARRAY_SIZE(formats); i++) {
+		for (j = 0; j < ARRAY_SIZE(formats); j++) {
+			torture_comment(tctx, "Converting %s (format %d)"
+						" to %d gave %s\n",
+					n_from[i] == NULL ? "NULL" : n_from[i],
+					formats[i], formats[j],
+					n_matrix[i][j] == NULL ?
+						"NULL" : n_matrix[i][j]);
+
+			if (n_matrix[i][j] == n_from[j]) {
+				
+			/* We don't have a from name for these yet (and we can't map to them to find it out) */
+			} else if (n_matrix[i][j] == NULL && n_from[i] == NULL) {
+				
+			/* we can't map to these two */
+			} else if (n_matrix[i][j] == NULL && formats[j] == DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL) {
+			} else if (n_matrix[i][j] == NULL && formats[j] == DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL) {
+			} else if (n_matrix[i][j] == NULL && n_from[j] != NULL) {
+				err_msg = talloc_asprintf(mem_ctx,
+						"dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: should be %s",
+						formats[i], formats[j], n_from[j]);
+				torture_fail(tctx, err_msg);
+			} else if (n_matrix[i][j] != NULL && n_from[j] == NULL) {
+				err_msg = talloc_asprintf(mem_ctx,
+						"dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: should be %s",
+						formats[i], formats[j], n_matrix[i][j]);
+				torture_fail(tctx, err_msg);
+			} else if (strcmp(n_matrix[i][j], n_from[j]) != 0) {
+				err_msg = talloc_asprintf(mem_ctx,
+						"dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s",
+						formats[i], formats[j], n_matrix[i][j], n_from[j]);
+				torture_fail(tctx, err_msg);
+			}
+		}
+	}
+
+	return true;
+}
+
+bool test_DsCrackNames(struct torture_context *tctx,
+		       struct DsPrivate *priv)
+{
+	NTSTATUS status;
+	const char *err_msg;
+	struct drsuapi_DsCrackNames r;
+	union drsuapi_DsNameRequest req;
+	uint32_t level_out;
+	union drsuapi_DsNameCtr ctr;
+	struct drsuapi_DsNameString names[1];
+	const char *dns_domain;
+	const char *nt4_domain;
+	const char *FQDN_1779_name;
+	struct ldb_context *ldb;
+	struct ldb_dn *FQDN_1779_dn;
+	struct ldb_dn *realm_dn;
+	const char *realm_dn_str;
+	const char *realm_canonical;
+	const char *realm_canonical_ex;
+	const char *user_principal_name;
+	char *user_principal_name_short;
+	const char *service_principal_name;
+	const char *canonical_name;
+	const char *canonical_ex_name;
+	const char *dom_sid;
+	const char *test_dc = torture_join_netbios_name(priv->join);
+	struct dcerpc_pipe *p = priv->drs_pipe;
+	TALLOC_CTX *mem_ctx = priv;
+
+	ZERO_STRUCT(r);
+	r.in.bind_handle		= &priv->bind_handle;
+	r.in.level			= 1;
+	r.in.req			= &req;
+	r.in.req->req1.codepage		= 1252; /* german */
+	r.in.req->req1.language		= 0x00000407; /* german */
+	r.in.req->req1.count		= 1;
+	r.in.req->req1.names		= names;
+	r.in.req->req1.format_flags	= DRSUAPI_DS_NAME_FLAG_NO_FLAGS;
+
+	r.in.req->req1.format_offered	= DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY;
+	r.in.req->req1.format_desired	= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
+
+	r.out.level_out			= &level_out;
+	r.out.ctr			= &ctr;
+
+	dom_sid = dom_sid_string(mem_ctx, torture_join_sid(priv->join));
+	
+	names[0].str = dom_sid;
+
+	torture_comment(tctx, "Testing DsCrackNames with name '%s'"
+			      " offered format: %d desired format:%d\n",
+			names[0].str,
+			r.in.req->req1.format_offered,
+			r.in.req->req1.format_desired);
+
+	status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		const char *errstr = nt_errstr(status);
+		err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
+		torture_fail(tctx, err_msg);
+	} else if (!W_ERROR_IS_OK(r.out.result)) {
+		err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
+		torture_fail(tctx, err_msg);
+	} else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
+		err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
+					  r.out.ctr->ctr1->array[0].status);
+		torture_fail(tctx, err_msg);
+	}
+
+	dns_domain = r.out.ctr->ctr1->array[0].dns_domain_name;
+	nt4_domain = r.out.ctr->ctr1->array[0].result_name;
+
+	r.in.req->req1.format_desired	= DRSUAPI_DS_NAME_FORMAT_GUID;
+
+	torture_comment(tctx, "Testing DsCrackNames with name '%s'"
+			      " offered format: %d desired format:%d\n",
+			names[0].str,
+			r.in.req->req1.format_offered,
+			r.in.req->req1.format_desired);
+
+	status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		const char *errstr = nt_errstr(status);
+		err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
+		torture_fail(tctx, err_msg);
+	} else if (!W_ERROR_IS_OK(r.out.result)) {
+		err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
+		torture_fail(tctx, err_msg);
+	} else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
+		err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
+					  r.out.ctr->ctr1->array[0].status);
+		torture_fail(tctx, err_msg);
+	}
+
+	priv->domain_dns_name = r.out.ctr->ctr1->array[0].dns_domain_name;
+	priv->domain_guid_str = r.out.ctr->ctr1->array[0].result_name;
+	GUID_from_string(priv->domain_guid_str, &priv->domain_guid);
+
+	r.in.req->req1.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
+
+	torture_comment(tctx, "Testing DsCrackNames with name '%s'"
+			      " offered format: %d desired format:%d\n",
+			names[0].str,
+			r.in.req->req1.format_offered,
+			r.in.req->req1.format_desired);
+
+	status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		const char *errstr = nt_errstr(status);
+		err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
+		torture_fail(tctx, err_msg);
+	} else if (!W_ERROR_IS_OK(r.out.result)) {
+		err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
+		torture_fail(tctx, err_msg);
+	} else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
+		err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
+					  r.out.ctr->ctr1->array[0].status);
+		torture_fail(tctx, err_msg);
+	}
+
+	ldb = ldb_init(mem_ctx, tctx->ev);
+	
+	realm_dn_str = r.out.ctr->ctr1->array[0].result_name;
+	realm_dn =  ldb_dn_new(mem_ctx, ldb, realm_dn_str);
+	realm_canonical = ldb_dn_canonical_string(mem_ctx, realm_dn);
+
+	if (strcmp(realm_canonical,
+		   talloc_asprintf(mem_ctx, "%s/", dns_domain))!= 0) {
+		err_msg = talloc_asprintf(mem_ctx, "local Round trip on canonical name failed: %s != %s!",
+				          realm_canonical,
+				          talloc_asprintf(mem_ctx, "%s/", dns_domain));
+		torture_fail(tctx, err_msg);
+	};
+
+	realm_canonical_ex = ldb_dn_canonical_ex_string(mem_ctx, realm_dn);
+
+	if (strcmp(realm_canonical_ex, 
+		   talloc_asprintf(mem_ctx, "%s\n", dns_domain))!= 0) {
+		err_msg = talloc_asprintf(mem_ctx, "local Round trip on canonical ex name failed: %s != %s!",
+				          realm_canonical_ex,
+				          talloc_asprintf(mem_ctx, "%s\n", dns_domain));
+		torture_fail(tctx, err_msg);
+	};
+
+	r.in.req->req1.format_offered	= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
+	r.in.req->req1.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
+	names[0].str = nt4_domain;
+
+	torture_comment(tctx, "Testing DsCrackNames with name '%s'"
+			      " offered format: %d desired format:%d\n",
+			names[0].str,
+			r.in.req->req1.format_offered,
+			r.in.req->req1.format_desired);
+
+	status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		const char *errstr = nt_errstr(status);
+		err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
+		torture_fail(tctx, err_msg);
+	} else if (!W_ERROR_IS_OK(r.out.result)) {
+		err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
+		torture_fail(tctx, err_msg);
+	} else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
+		err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
+					  r.out.ctr->ctr1->array[0].status);
+		torture_fail(tctx, err_msg);
+	}
+
+	priv->domain_obj_dn = r.out.ctr->ctr1->array[0].result_name;
+
+	r.in.req->req1.format_offered	= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
+	r.in.req->req1.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
+	names[0].str = talloc_asprintf(mem_ctx, "%s%s$", nt4_domain, test_dc);
+
+	torture_comment(tctx, "Testing DsCrackNames with name '%s'"
+			      " offered format: %d desired format:%d\n",
+			names[0].str,
+			r.in.req->req1.format_offered,
+			r.in.req->req1.format_desired);
+
+	status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		const char *errstr = nt_errstr(status);
+		err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
+		torture_fail(tctx, err_msg);
+	} else if (!W_ERROR_IS_OK(r.out.result)) {
+		err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
+		torture_fail(tctx, err_msg);
+	} else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
+		err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
+					  r.out.ctr->ctr1->array[0].status);
+		torture_fail(tctx, err_msg);
+	}
+
+	FQDN_1779_name = r.out.ctr->ctr1->array[0].result_name;
+
+	r.in.req->req1.format_offered	= DRSUAPI_DS_NAME_FORMAT_GUID;
+	r.in.req->req1.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
+	names[0].str = priv->domain_guid_str;
+
+	torture_comment(tctx, "Testing DsCrackNames with name '%s'"
+			      " offered format: %d desired format:%d\n",
+			names[0].str,
+			r.in.req->req1.format_offered,
+			r.in.req->req1.format_desired);
+
+	status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		const char *errstr = nt_errstr(status);
+		err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
+		torture_fail(tctx, err_msg);
+	} else if (!W_ERROR_IS_OK(r.out.result)) {
+		err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
+		torture_fail(tctx, err_msg);
+	} else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
+		err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
+					  r.out.ctr->ctr1->array[0].status);
+		torture_fail(tctx, err_msg);
+	}
+
+	if (strcmp(priv->domain_dns_name, r.out.ctr->ctr1->array[0].dns_domain_name) != 0) {
+		err_msg = talloc_asprintf(mem_ctx,
+				"DsCrackNames failed to return same DNS name - expected %s got %s",
+				priv->domain_dns_name, r.out.ctr->ctr1->array[0].dns_domain_name);
+		torture_fail(tctx, err_msg);
+	}
+
+	FQDN_1779_dn = ldb_dn_new(mem_ctx, ldb, FQDN_1779_name);
+
+	canonical_name = ldb_dn_canonical_string(mem_ctx, FQDN_1779_dn);
+	canonical_ex_name = ldb_dn_canonical_ex_string(mem_ctx, FQDN_1779_dn);
+
+	user_principal_name = talloc_asprintf(mem_ctx, "%s$@%s", test_dc, dns_domain);
+
+	/* form up a user@DOMAIN */
+	user_principal_name_short = talloc_asprintf(mem_ctx, "%s$@%s", test_dc, nt4_domain);
+	/* variable nt4_domain includes a trailing \ */
+	user_principal_name_short[strlen(user_principal_name_short) - 1] = '\0';
+	
+	service_principal_name = talloc_asprintf(mem_ctx, "HOST/%s", test_dc);
+	{
+		
+		struct {
+			enum drsuapi_DsNameFormat format_offered;
+			enum drsuapi_DsNameFormat format_desired;
+			const char *comment;
+			const char *str;
+			const char *expected_str;
+			const char *expected_dns;
+			enum drsuapi_DsNameStatus status;
+			enum drsuapi_DsNameStatus alternate_status;
+			enum drsuapi_DsNameFlags flags;
+			bool skip;
+		} crack[] = {
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.str = user_principal_name,
+				.expected_str = FQDN_1779_name,
+				.status = DRSUAPI_DS_NAME_STATUS_OK
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.str = user_principal_name_short,
+				.expected_str = FQDN_1779_name,
+				.status = DRSUAPI_DS_NAME_STATUS_OK
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
+				.str = FQDN_1779_name,
+				.status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.str = service_principal_name,
+				.expected_str = FQDN_1779_name,
+				.status = DRSUAPI_DS_NAME_STATUS_OK
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.str = talloc_asprintf(mem_ctx, "cifs/%s.%s", test_dc, dns_domain),
+				.comment = "ServicePrincipal Name",
+				.expected_str = FQDN_1779_name,
+				.status = DRSUAPI_DS_NAME_STATUS_OK
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_CANONICAL,
+				.str = FQDN_1779_name,
+				.expected_str = canonical_name,
+				.status = DRSUAPI_DS_NAME_STATUS_OK
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_CANONICAL, 
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.str = canonical_name,
+				.expected_str = FQDN_1779_name,
+				.status = DRSUAPI_DS_NAME_STATUS_OK
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
+				.str = FQDN_1779_name,
+				.expected_str = canonical_ex_name,
+				.status = DRSUAPI_DS_NAME_STATUS_OK
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX, 
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.str = canonical_ex_name,
+				.expected_str = FQDN_1779_name,
+				.status = DRSUAPI_DS_NAME_STATUS_OK
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_CANONICAL,
+				.str = FQDN_1779_name,
+				.comment = "DN to cannoical syntactial only",
+				.status = DRSUAPI_DS_NAME_STATUS_OK,
+				.expected_str = canonical_name,
+				.flags = DRSUAPI_DS_NAME_FLAG_SYNTACTICAL_ONLY
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
+				.str = FQDN_1779_name,
+				.comment = "DN to cannoical EX syntactial only",
+				.status = DRSUAPI_DS_NAME_STATUS_OK,
+				.expected_str = canonical_ex_name,
+				.flags = DRSUAPI_DS_NAME_FLAG_SYNTACTICAL_ONLY
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_DISPLAY,
+				.str = FQDN_1779_name,
+				.status = DRSUAPI_DS_NAME_STATUS_OK
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_GUID,
+				.str = FQDN_1779_name,
+				.status = DRSUAPI_DS_NAME_STATUS_OK
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_GUID,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
+				.str = priv->domain_guid_str,
+				.comment = "Domain GUID to NT4 ACCOUNT",
+				.expected_str = nt4_domain,
+				.status = DRSUAPI_DS_NAME_STATUS_OK
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_GUID,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_CANONICAL,
+				.str = priv->domain_guid_str,
+				.comment = "Domain GUID to Canonical",
+				.expected_str = talloc_asprintf(mem_ctx, "%s/", dns_domain),
+				.status = DRSUAPI_DS_NAME_STATUS_OK
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_GUID,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
+				.str = priv->domain_guid_str,
+				.comment = "Domain GUID to Canonical EX",
+				.expected_str = talloc_asprintf(mem_ctx, "%s\n", dns_domain),
+				.status = DRSUAPI_DS_NAME_STATUS_OK
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_DISPLAY,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.str = "CN=Microsoft Corporation,L=Redmond,S=Washington,C=US",
+				.comment = "display name for Microsoft Support Account",
+				.status = DRSUAPI_DS_NAME_STATUS_OK,
+				.alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE,
+				.skip = torture_setting_bool(tctx, "samba4", false)
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_GUID,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.str = GUID_string2(mem_ctx, torture_join_user_guid(priv->join)),
+				.comment = "Account GUID -> DN",
+				.expected_str = FQDN_1779_name,
+				.status = DRSUAPI_DS_NAME_STATUS_OK
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_GUID,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
+				.str = GUID_string2(mem_ctx, torture_join_user_guid(priv->join)),
+				.comment = "Account GUID -> NT4 Account",
+				.expected_str = talloc_asprintf(mem_ctx, "%s%s$", nt4_domain, test_dc),
+				.status = DRSUAPI_DS_NAME_STATUS_OK
+			},
+			{		
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_GUID,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.str = GUID_string2(mem_ctx, &priv->dcinfo.site_guid),
+				.comment = "Site GUID",
+				.expected_str = priv->dcinfo.site_dn,
+				.status = DRSUAPI_DS_NAME_STATUS_OK
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_GUID,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.str = GUID_string2(mem_ctx, &priv->dcinfo.computer_guid),
+				.comment = "Computer GUID",
+				.expected_str = priv->dcinfo.computer_dn,
+				.status = DRSUAPI_DS_NAME_STATUS_OK
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_GUID,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
+				.str = GUID_string2(mem_ctx, &priv->dcinfo.computer_guid),
+				.comment = "Computer GUID -> NT4 Account",
+				.status = DRSUAPI_DS_NAME_STATUS_OK
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_GUID,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.str = GUID_string2(mem_ctx, &priv->dcinfo.server_guid),
+				.comment = "Server GUID",
+				.expected_str = priv->dcinfo.server_dn,
+				.status = DRSUAPI_DS_NAME_STATUS_OK
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_GUID,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.str = GUID_string2(mem_ctx, &priv->dcinfo.ntds_guid),
+				.comment = "NTDS GUID",
+				.expected_str = priv->dcinfo.ntds_dn,
+				.status = DRSUAPI_DS_NAME_STATUS_OK,
+				.skip = GUID_all_zero(&priv->dcinfo.ntds_guid)
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_DISPLAY,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.str = test_dc,
+				.comment = "DISPLAY NAME search for DC short name",
+				.status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.str = talloc_asprintf(mem_ctx, "krbtgt/%s", dns_domain),
+				.comment = "Looking for KRBTGT as a service principal",
+				.status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
+				.expected_dns = dns_domain
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.str = talloc_asprintf(mem_ctx, "bogus/%s", dns_domain),
+				.comment = "Looking for bogus service principal",
+				.status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
+				.expected_dns = dns_domain
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.str = talloc_asprintf(mem_ctx, "bogus/%s.%s", test_dc, dns_domain),
+				.comment = "Looking for bogus service on test DC",
+				.status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
+				.expected_dns = talloc_asprintf(mem_ctx, "%s.%s", test_dc, dns_domain)
+			},
+			{ 
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.str = talloc_asprintf(mem_ctx, "krbtgt"),
+				.status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
+			},
+			{ 
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.comment = "Looking for the kadmin/changepw service as a service principal",
+				.str = talloc_asprintf(mem_ctx, "kadmin/changepw"),
+				.status = DRSUAPI_DS_NAME_STATUS_OK,
+				.expected_str = talloc_asprintf(mem_ctx, "CN=krbtgt,CN=Users,%s", realm_dn_str),
+				.alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.str = talloc_asprintf(mem_ctx, "cifs/%s.%s@%s", 
+						       test_dc, dns_domain,
+						       dns_domain),
+				.status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.str = talloc_asprintf(mem_ctx, "cifs/%s.%s@%s", 
+						       test_dc, dns_domain,
+						       "BOGUS"),
+				.status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
+				.expected_dns = "BOGUS"
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.str = talloc_asprintf(mem_ctx, "cifs/%s.%s@%s", 
+						       test_dc, "REALLY",
+						       "BOGUS"),
+				.status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
+				.expected_dns = "BOGUS"
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.str = talloc_asprintf(mem_ctx, "cifs/%s.%s", 
+						       test_dc, dns_domain),
+				.status = DRSUAPI_DS_NAME_STATUS_OK
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.str = talloc_asprintf(mem_ctx, "cifs/%s", 
+						       test_dc),
+				.status = DRSUAPI_DS_NAME_STATUS_OK
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_GUID,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.str = "NOT A GUID",
+				.status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.str = "NOT A SID",
+				.status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.str = "NOT AN NT4 NAME",
+				.status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_GUID,
+				.comment = "Unparsable DN",
+				.str = "NOT A DN",
+				.status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.comment = "Unparsable user principal",
+				.str = "NOT A PRINCIPAL",
+				.status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.comment = "Unparsable service principal",
+				.str = "NOT A SERVICE PRINCIPAL",
+				.status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_GUID,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.comment = "BIND GUID (ie, not in the directory)",
+				.str = DRSUAPI_DS_BIND_GUID,
+				.status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.comment = "Unqualified Machine account as user principal",
+				.str = talloc_asprintf(mem_ctx, "%s$", test_dc),
+				.status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.comment = "Machine account as service principal",
+				.str = talloc_asprintf(mem_ctx, "%s$", test_dc),
+				.status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.comment = "Full Machine account as service principal",
+				.str = user_principal_name,
+				.status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.comment = "Realm as an NT4 domain lookup",
+				.str = talloc_asprintf(mem_ctx, "%s\\", dns_domain),
+				.status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
+			}, 
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.comment = "BUILTIN\\ -> DN",
+				.str = "BUILTIN\\",
+				.status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
+			}, 
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.comment = "NT AUTHORITY\\ -> DN",
+				.str = "NT AUTHORITY\\",
+				.status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
+			}, 
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.comment = "NT AUTHORITY\\ANONYMOUS LOGON -> DN",
+				.str = "NT AUTHORITY\\ANONYMOUS LOGON",
+				.status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
+			}, 
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.comment = "NT AUTHORITY\\SYSTEM -> DN",
+				.str = "NT AUTHORITY\\SYSTEM",
+				.status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
+			}, 
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
+				.comment = "BUILTIN SID -> NT4 account",
+				.str = SID_BUILTIN,
+				.status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING,
+				.alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
+			}, 
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.str = SID_BUILTIN,
+				.comment = "Builtin Domain SID -> DN",
+				.status = DRSUAPI_DS_NAME_STATUS_OK,
+				.expected_str = talloc_asprintf(mem_ctx, "CN=Builtin,%s", realm_dn_str),
+				.alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.str = SID_BUILTIN_ADMINISTRATORS,
+				.comment = "Builtin Administrors SID -> DN",
+				.status = DRSUAPI_DS_NAME_STATUS_OK,
+				.alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
+				.str = SID_BUILTIN_ADMINISTRATORS,
+				.comment = "Builtin Administrors SID -> NT4 Account",
+				.status = DRSUAPI_DS_NAME_STATUS_OK,
+				.alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
+				.str = SID_NT_ANONYMOUS,
+				.comment = "NT Anonymous SID -> NT4 Account",
+				.status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
+				.str = SID_NT_SYSTEM,
+				.comment = "NT SYSTEM SID -> NT4 Account",
+				.status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.comment = "Domain SID -> DN",
+				.str = dom_sid,
+				.expected_str = realm_dn_str,
+				.status = DRSUAPI_DS_NAME_STATUS_OK
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
+				.comment = "Domain SID -> NT4 account",
+				.str = dom_sid,
+				.expected_str = nt4_domain,
+				.status = DRSUAPI_DS_NAME_STATUS_OK
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.comment = "invalid user principal name",
+				.str = "foo@bar",
+				.status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
+				.expected_dns = "bar"
+			},
+			{
+				.format_offered	= DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
+				.format_desired	= DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+				.comment = "invalid user principal name in valid domain",
+				.str = talloc_asprintf(mem_ctx, "invalidusername@%s", dns_domain),
+				.status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
+			}
+		};
+		int i;
+		
+		for (i=0; i < ARRAY_SIZE(crack); i++) {
+			const char *comment;
+
+			torture_comment(tctx, "Testing DsCrackNames with name '%s'"
+					" offered format: %d desired format:%d\n",
+					crack[i].str,
+					crack[i].format_offered,
+					crack[i].format_desired);
+
+			r.in.req->req1.format_flags   = crack[i].flags;
+			r.in.req->req1.format_offered = crack[i].format_offered;
+			r.in.req->req1.format_desired = crack[i].format_desired;
+			names[0].str = crack[i].str;
+			
+			if (crack[i].comment) {
+				comment = talloc_asprintf(mem_ctx,
+							  "'%s' with name '%s' offered format:%d desired format:%d\n",
+							  crack[i].comment, names[0].str,
+							  r.in.req->req1.format_offered,
+							  r.in.req->req1.format_desired);
+			} else {
+				comment = talloc_asprintf(mem_ctx, "'%s' offered format:%d desired format:%d\n",
+							  names[0].str,
+							  r.in.req->req1.format_offered,
+							  r.in.req->req1.format_desired);
+			}
+			if (crack[i].skip) {
+				torture_comment(tctx, "skipping: %s", comment);
+				continue;
+			}
+			status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
+			if (!NT_STATUS_IS_OK(status)) {
+				const char *errstr = nt_errstr(status);
+				err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
+				torture_fail(tctx, err_msg);
+			} else if (!W_ERROR_IS_OK(r.out.result)) {
+				err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
+				torture_fail(tctx, err_msg);
+			} else if (r.out.ctr->ctr1->array[0].status != crack[i].status) {
+				if (crack[i].alternate_status) {
+					if (r.out.ctr->ctr1->array[0].status != crack[i].alternate_status) {
+						err_msg = talloc_asprintf(mem_ctx,
+								"DsCrackNames unexpected status %d, wanted %d or %d on: %s",
+								r.out.ctr->ctr1->array[0].status,
+								crack[i].status,
+								crack[i].alternate_status,
+								comment);
+						torture_fail(tctx, err_msg);
+					}
+				} else {
+					err_msg = talloc_asprintf(mem_ctx,
+							"DsCrackNames unexpected status %d, wanted %d on: %s\n",
+							r.out.ctr->ctr1->array[0].status,
+							crack[i].status,
+							comment);
+					torture_fail(tctx, err_msg);
+				}
+			} else if (crack[i].expected_str &&
+				   (!r.out.ctr->ctr1->count ||
+				    !r.out.ctr->ctr1->array[0].result_name))
+			{
+				if (!r.out.ctr->ctr1->count) {
+					err_msg = talloc_asprintf(mem_ctx,
+								  "DsCrackNames failed - got 0 entries, expected %s on %s",
+								  crack[i].expected_str, comment);
+					torture_fail(tctx, err_msg);
+				} else {
+					err_msg = talloc_asprintf(mem_ctx,
+								  "DsCrackNames failed - got NULL pointer, expected %s on %s",
+								  crack[i].expected_str, comment);
+					torture_fail(tctx, err_msg);
+				}
+			} else if (crack[i].expected_str
+				   && (strcmp(r.out.ctr->ctr1->array[0].result_name,
+					      crack[i].expected_str) != 0))
+			{
+				if (strcasecmp(r.out.ctr->ctr1->array[0].result_name,
+					       crack[i].expected_str) != 0) {
+					err_msg = talloc_asprintf(mem_ctx,
+							"DsCrackNames failed - got %s, expected %s on %s",
+							r.out.ctr->ctr1->array[0].result_name,
+							crack[i].expected_str, comment);
+					torture_fail(tctx, err_msg);
+				} else {
+					torture_comment(tctx,
+							"(warning) DsCrackNames returned different case - got %s, expected %s on %s\n",
+							r.out.ctr->ctr1->array[0].result_name,
+							crack[i].expected_str, comment);
+				}
+			} else if (crack[i].expected_dns
+				   && (strcmp(r.out.ctr->ctr1->array[0].dns_domain_name,
+					      crack[i].expected_dns) != 0)) {
+				err_msg = talloc_asprintf(mem_ctx,
+						"DsCrackNames failed - got DNS name %s, expected %s on %s",
+						r.out.ctr->ctr1->array[0].result_name,
+						crack[i].expected_str, comment);
+				torture_fail(tctx, err_msg);
+			}
+
+		        torture_comment(tctx, "Testing DsCrackNames got %s\n", r.out.ctr->ctr1->array[0].result_name);
+		}
+	}
+
+	return test_DsCrackNamesMatrix(tctx, priv, FQDN_1779_name,
+					user_principal_name, service_principal_name);
+}
+
+/**
+ * Test case setup for CrackNames
+ */
+static bool torture_drsuapi_cracknames_setup(struct torture_context *tctx, void **data)
+{
+	struct DsCrackNamesPrivate *priv;
+
+	*data = priv = talloc_zero(tctx, struct DsCrackNamesPrivate);
+
+	return torture_drsuapi_tcase_setup_common(tctx, &priv->base);
+}
+
+/**
+ * Test case tear-down for CrackNames
+ */
+static bool torture_drsuapi_cracknames_teardown(struct torture_context *tctx, void *data)
+{
+	struct DsCrackNamesPrivate *priv = talloc_get_type(data, struct DsCrackNamesPrivate);
+
+	return torture_drsuapi_tcase_teardown_common(tctx, &priv->base);
+}
+
+/**
+ * CRACKNAMES test suite implementation
+ */
+void torture_rpc_drsuapi_cracknames_tcase(struct torture_suite *suite)
+{
+	typedef bool (*run_func) (struct torture_context *test, void *tcase_data);
+
+	struct torture_tcase *tcase = torture_suite_add_tcase(suite, "cracknames");
+
+	torture_tcase_set_fixture(tcase,
+				  torture_drsuapi_cracknames_setup,
+				  torture_drsuapi_cracknames_teardown);
+
+	torture_tcase_add_simple_test(tcase, "cracknames-test", (run_func)test_DsCrackNames);
+}
diff --git a/source4/torture/rpc/drsuapi_w2k8.c b/source4/torture/rpc/drsuapi_w2k8.c
new file mode 100644
index 0000000..9ff37ed
--- /dev/null
+++ b/source4/torture/rpc/drsuapi_w2k8.c
@@ -0,0 +1,334 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   DRSUapi tests
+
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) Stefan (metze) Metzmacher 2004
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2006
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_drsuapi_c.h"
+#include "torture/rpc/torture_rpc.h"
+#include "param/param.h"
+
+#define TEST_MACHINE_NAME "torturetest"
+
+/*
+ * DsBind as sent from W2K8 Client.
+ * This should work regardless of functional level, and accept
+ * any info <=48
+ */
+bool test_DsBind_w2k8(struct torture_context *tctx,
+		      struct DsPrivate_w2k8 *priv)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p = priv->drs_pipe;
+	struct drsuapi_DsBind r;
+	struct drsuapi_DsBindInfo48 *bind_info48;
+	struct drsuapi_DsBindInfoCtr bind_info_ctr;
+
+	/* We send info48 */
+	ZERO_STRUCT(bind_info_ctr);
+	bind_info_ctr.length = 48;
+
+	bind_info48 = &bind_info_ctr.info.info48;
+	bind_info48->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_BASE;
+	bind_info48->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION;
+	bind_info48->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI;
+	bind_info48->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2;
+	bind_info48->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS;
+	bind_info48->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1;
+	bind_info48->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION;
+	bind_info48->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE;
+	bind_info48->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2;
+	bind_info48->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION;
+	bind_info48->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2;
+	bind_info48->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD;
+	bind_info48->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND;
+	bind_info48->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO;
+	bind_info48->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION;
+	bind_info48->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01;
+	bind_info48->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP;
+	bind_info48->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY;
+	bind_info48->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3;
+	bind_info48->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2;
+	bind_info48->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6;
+	bind_info48->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS;
+	bind_info48->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8;
+	bind_info48->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5;
+	bind_info48->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6;
+	bind_info48->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3;
+	bind_info48->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7;
+	bind_info48->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT;
+
+	/*
+	 * We wish for DRSUAPI_SUPPORTED_EXTENSION_LH_BETA2,
+	 * needed for DsGetDomainControllerInfo level 3
+	 */
+	bind_info48->supported_extensions_ext  |= DRSUAPI_SUPPORTED_EXTENSION_LH_BETA2;
+
+	GUID_from_string(DRSUAPI_DS_BIND_GUID, &priv->bind_guid);
+
+	r.in.bind_guid = &priv->bind_guid;
+	r.in.bind_info = &bind_info_ctr;
+	r.out.bind_handle = &priv->bind_handle;
+
+	torture_comment(tctx, "Testing DsBind W2K8\n");
+
+	status = dcerpc_drsuapi_DsBind_r(p->binding_handle, tctx, &r);
+	torture_drsuapi_assert_call(tctx, p, status, &r, "dcerpc_drsuapi_DsBind");
+
+	torture_assert_not_null(tctx, r.out.bind_info,
+				"DsBind with info48 results in NULL");
+
+	/* cache server supported extensions, i.e. bind_info */
+	priv->srv_bind_info = *r.out.bind_info;
+
+	/*
+	 * We do not check for length here, because it should be valid to return
+	 * any valid info
+	 */
+
+	return true;
+}
+
+static bool test_DsGetDomainControllerInfo_w2k8(struct torture_context *tctx,
+					        struct DsPrivate_w2k8 *priv)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p = priv->drs_pipe;
+	struct drsuapi_DsGetDomainControllerInfo r;
+	union drsuapi_DsGetDCInfoCtr ctr;
+	int32_t level_out = 0;
+	uint32_t supported_extensions_ext = 0;
+	bool found = false;
+	int j, k;
+
+	struct {
+		const char *name;
+		WERROR expected;
+	} names[] = {
+		{
+			.name = torture_join_dom_netbios_name(priv->join),
+			.expected = WERR_OK
+		},
+		{
+			.name = torture_join_dom_dns_name(priv->join),
+			.expected = WERR_OK
+		},
+		{
+			.name = "__UNKNOWN_DOMAIN__",
+			.expected = WERR_DS_OBJ_NOT_FOUND
+		},
+		{
+			.name = "unknown.domain.samba.example.com",
+			.expected = WERR_DS_OBJ_NOT_FOUND
+		},
+	};
+
+	/* Levels 1 and 2 are tested in standard drsuapi tests */
+	int level = 3;
+
+	/* Do Bind first. */
+	if (!test_DsBind_w2k8(tctx, priv)) {
+		return false;
+	}
+
+	/*
+	 * We used DsBind_w2k8, so DRSUAPI_SUPPORTED_EXTENSION_LH_BETA2
+	 * should mean support for level 3
+	 */
+
+	/*
+	 * We are looking for an extension found in info32 and later
+	 */
+	switch (priv->srv_bind_info.length) {
+	case 32:
+		supported_extensions_ext = priv->srv_bind_info.info.info32.supported_extensions_ext;
+		break;
+	case 48:
+		supported_extensions_ext = priv->srv_bind_info.info.info48.supported_extensions_ext;
+		break;
+	default:
+		supported_extensions_ext = 0;
+		break;
+	}
+
+	supported_extensions_ext &= DRSUAPI_SUPPORTED_EXTENSION_LH_BETA2;
+	torture_assert(tctx, (supported_extensions_ext > 0),
+		       "Server does not support DRSUAPI_SUPPORTED_EXTENSION_LH_BETA2");
+
+	for (j=0; j < ARRAY_SIZE(names); j++) {
+		union drsuapi_DsGetDCInfoRequest req;
+		r.in.bind_handle = &priv->bind_handle;
+		r.in.level = 1;
+		r.in.req = &req;
+
+		r.in.req->req1.domain_name = names[j].name;
+		r.in.req->req1.level = level;
+
+		r.out.ctr = &ctr;
+		r.out.level_out = &level_out;
+
+		torture_comment(tctx,
+			   "Testing DsGetDomainControllerInfo level %d on domainname '%s'\n",
+		       r.in.req->req1.level, r.in.req->req1.domain_name);
+
+		status = dcerpc_drsuapi_DsGetDomainControllerInfo_r(p->binding_handle, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status,
+			   "dcerpc_drsuapi_DsGetDomainControllerInfo with dns domain failed");
+		torture_assert_werr_equal(tctx, r.out.result, names[j].expected,
+				   "DsGetDomainControllerInfo level with dns domain failed");
+
+		if (!W_ERROR_IS_OK(r.out.result)) {
+			/* If this was an error, we can't read the result structure */
+			continue;
+		}
+
+		torture_assert_int_equal(tctx, r.in.req->req1.level, *r.out.level_out,
+					 "dcerpc_drsuapi_DsGetDomainControllerInfo in/out level differs");
+
+		for (k=0; k < r.out.ctr->ctr3.count; k++) {
+			if (strcasecmp_m(r.out.ctr->ctr3.array[k].netbios_name,
+					 torture_join_netbios_name(priv->join)) == 0) {
+				found = true;
+				priv->dcinfo	= r.out.ctr->ctr3.array[k];
+				break;
+			}
+		}
+		break;
+
+		torture_assert(tctx, found,
+			 "dcerpc_drsuapi_DsGetDomainControllerInfo: Failed to find the domain controller we just created during the join");
+	}
+
+	return true;
+}
+
+
+bool test_DsUnbind_w2k8(struct torture_context *tctx,
+			struct DsPrivate_w2k8 *priv)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p = priv->drs_pipe;
+	struct drsuapi_DsUnbind r;
+
+	r.in.bind_handle = &priv->bind_handle;
+	r.out.bind_handle = &priv->bind_handle;
+
+	torture_comment(tctx, "Testing DsUnbind W2K8\n");
+
+	status = dcerpc_drsuapi_DsUnbind_r(p->binding_handle, tctx, &r);
+	torture_drsuapi_assert_call(tctx, p, status, &r, "dcerpc_drsuapi_DsUnbind");
+
+	return true;
+}
+
+/**
+ * Common test case setup function to be used
+ * in DRS suit of test when appropriate
+ */
+bool torture_drsuapi_w2k8_tcase_setup_common(struct torture_context *tctx,
+					     struct DsPrivate_w2k8 *priv)
+{
+	NTSTATUS status;
+	int rnd = rand() % 1000;
+	char *name = talloc_asprintf(tctx, "%s%d", TEST_MACHINE_NAME, rnd);
+	struct cli_credentials *machine_credentials;
+
+	torture_assert(tctx, priv, "Invalid argument");
+
+	torture_comment(tctx, "Create DRSUAPI pipe\n");
+	status = torture_rpc_connection(tctx,
+					&priv->drs_pipe,
+					&ndr_table_drsuapi);
+	torture_assert(tctx, NT_STATUS_IS_OK(status), "Unable to connect to DRSUAPI pipe");
+
+	torture_comment(tctx, "About to join domain with name %s\n", name);
+	priv->join = torture_join_domain(tctx, name, ACB_SVRTRUST,
+					 &machine_credentials);
+	torture_assert(tctx, priv->join, "Failed to join as BDC");
+
+	/*
+	 * After that every test should use DsBind and DsGetDomainControllerInfo
+	 */
+	if (!test_DsBind_w2k8(tctx, priv)) {
+		/* clean up */
+		torture_drsuapi_w2k8_tcase_teardown_common(tctx, priv);
+		torture_fail(tctx, "Failed execute test_DsBind_w2k8()");
+	}
+
+
+	return true;
+}
+
+/**
+ * Common test case teardown function to be used
+ * in DRS suit of test when appropriate
+ */
+bool torture_drsuapi_w2k8_tcase_teardown_common(struct torture_context *tctx,
+						struct DsPrivate_w2k8 *priv)
+{
+	if (priv->join) {
+		torture_leave_domain(tctx, priv->join);
+	}
+
+	return true;
+}
+
+/**
+ * Test case setup for DRSUAPI test case
+ */
+static bool torture_drsuapi_w2k8_tcase_setup(struct torture_context *tctx, void **data)
+{
+	struct DsPrivate_w2k8 *priv;
+
+	*data = priv = talloc_zero(tctx, struct DsPrivate_w2k8);
+
+	return torture_drsuapi_w2k8_tcase_setup_common(tctx, priv);
+}
+
+/**
+ * Test case tear-down for DRSUAPI test case
+ */
+static bool torture_drsuapi_w2k8_tcase_teardown(struct torture_context *tctx, void *data)
+{
+	bool ret;
+	struct DsPrivate_w2k8 *priv = talloc_get_type(data, struct DsPrivate_w2k8);
+
+	ret = torture_drsuapi_w2k8_tcase_teardown_common(tctx, priv);
+
+	talloc_free(priv);
+	return ret;
+}
+
+/**
+ * DRSUAPI test case implementation
+ */
+void torture_rpc_drsuapi_w2k8_tcase(struct torture_suite *suite)
+{
+	typedef bool (*run_func) (struct torture_context *test, void *tcase_data);
+
+	struct torture_tcase *tcase = torture_suite_add_tcase(suite, "drsuapi_w2k8");
+
+	torture_tcase_set_fixture(tcase, torture_drsuapi_w2k8_tcase_setup,
+				  torture_drsuapi_w2k8_tcase_teardown);
+
+	torture_tcase_add_simple_test(tcase, "DsBind_W2K8", (run_func)test_DsBind_w2k8);
+	torture_tcase_add_simple_test(tcase, "DsGetDomainControllerInfo_W2K8", (run_func)test_DsGetDomainControllerInfo_w2k8);
+}
diff --git a/source4/torture/rpc/dsgetinfo.c b/source4/torture/rpc/dsgetinfo.c
new file mode 100644
index 0000000..b47d6ee
--- /dev/null
+++ b/source4/torture/rpc/dsgetinfo.c
@@ -0,0 +1,452 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   DsGetReplInfo test. Based on code from dssync.c
+
+   Copyright (C) Erick Nogueira do Nascimento 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/cmdline/cmdline.h"
+#include "librpc/gen_ndr/ndr_drsuapi_c.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "libcli/cldap/cldap.h"
+#include "torture/torture.h"
+#include "../libcli/drsuapi/drsuapi.h"
+#include "auth/gensec/gensec.h"
+#include "param/param.h"
+#include "dsdb/samdb/samdb.h"
+#include "torture/rpc/torture_rpc.h"
+#include "torture/drs/proto.h"
+#include "lib/util/util_paths.h"
+
+
+struct DsGetinfoBindInfo {
+	struct dcerpc_pipe *drs_pipe;
+	struct dcerpc_binding_handle *drs_handle;
+	struct drsuapi_DsBind req;
+	struct GUID bind_guid;
+	struct drsuapi_DsBindInfoCtr our_bind_info_ctr;
+	struct drsuapi_DsBindInfo28 our_bind_info28;
+	struct drsuapi_DsBindInfo28 peer_bind_info28;
+	struct policy_handle bind_handle;
+};
+
+struct DsGetinfoTest {
+	struct dcerpc_binding *drsuapi_binding;
+
+	const char *ldap_url;
+	const char *site_name;
+
+	const char *domain_dn;
+
+	/* what we need to do as 'Administrator' */
+	struct {
+		struct cli_credentials *credentials;
+		struct DsGetinfoBindInfo drsuapi;
+	} admin;
+};
+
+
+
+/*
+  return the default DN for a ldap server given a connected RPC pipe to the
+  server
+ */
+static const char *torture_get_ldap_base_dn(struct torture_context *tctx, struct dcerpc_pipe *p)
+{
+	const char *hostname = dcerpc_binding_get_string_option(p->binding, "host");
+	struct ldb_context *ldb;
+	const char *ldap_url = talloc_asprintf(p, "ldap://%s", hostname);
+	const char *attrs[] = { "defaultNamingContext", NULL };
+	const char *dnstr;
+	TALLOC_CTX *tmp_ctx = talloc_new(tctx);
+	int ret;
+	struct ldb_result *res;
+
+	ldb = ldb_init(tmp_ctx, tctx->ev);
+	if (ldb == NULL) {
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+
+	if (ldb_set_opaque(ldb, "loadparm", tctx->lp_ctx)) {
+		talloc_free(ldb);
+		return NULL;
+	}
+
+	ldb_set_modules_dir(ldb,
+			    modules_path(ldb, "ldb"));
+
+	ret = ldb_connect(ldb, ldap_url, 0, NULL);
+	if (ret != LDB_SUCCESS) {
+		torture_comment(tctx, "Failed to make LDB connection to target");
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+
+	ret = dsdb_search_dn(ldb, tmp_ctx, &res, ldb_dn_new(tmp_ctx, ldb, ""),
+			     attrs, 0);
+	if (ret != LDB_SUCCESS) {
+		torture_comment(tctx, "Failed to get defaultNamingContext");
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+
+	dnstr = ldb_msg_find_attr_as_string(res->msgs[0], "defaultNamingContext", NULL);
+	dnstr = talloc_strdup(tctx, dnstr);
+	talloc_free(tmp_ctx);
+	return dnstr;
+}
+
+
+static struct DsGetinfoTest *test_create_context(struct torture_context *tctx)
+{
+	NTSTATUS status;
+	struct DsGetinfoTest *ctx;
+	struct drsuapi_DsBindInfo28 *our_bind_info28;
+	struct drsuapi_DsBindInfoCtr *our_bind_info_ctr;
+	const char *binding = torture_setting_string(tctx, "binding", NULL);
+	ctx = talloc_zero(tctx, struct DsGetinfoTest);
+	if (!ctx) return NULL;
+
+	status = dcerpc_parse_binding(ctx, binding, &ctx->drsuapi_binding);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("Bad binding string %s\n", binding);
+		return NULL;
+	}
+	status = dcerpc_binding_set_flags(ctx->drsuapi_binding, DCERPC_SIGN | DCERPC_SEAL, 0);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("dcerpc_binding_set_flags - %s\n", nt_errstr(status));
+		return NULL;
+	}
+
+	/* ctx->admin ...*/
+	ctx->admin.credentials = samba_cmdline_get_creds();
+
+	our_bind_info28				= &ctx->admin.drsuapi.our_bind_info28;
+	our_bind_info28->supported_extensions	= 0xFFFFFFFF;
+	our_bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3;
+	our_bind_info28->site_guid		= GUID_zero();
+	our_bind_info28->pid			= 0;
+	our_bind_info28->repl_epoch		= 1;
+
+	our_bind_info_ctr			= &ctx->admin.drsuapi.our_bind_info_ctr;
+	our_bind_info_ctr->length		= 28;
+	our_bind_info_ctr->info.info28		= *our_bind_info28;
+
+	GUID_from_string(DRSUAPI_DS_BIND_GUID, &ctx->admin.drsuapi.bind_guid);
+
+	ctx->admin.drsuapi.req.in.bind_guid		= &ctx->admin.drsuapi.bind_guid;
+	ctx->admin.drsuapi.req.in.bind_info		= our_bind_info_ctr;
+	ctx->admin.drsuapi.req.out.bind_handle		= &ctx->admin.drsuapi.bind_handle;
+
+	return ctx;
+}
+
+static bool _test_DsBind(struct torture_context *tctx,
+			 struct DsGetinfoTest *ctx, struct cli_credentials *credentials, struct DsGetinfoBindInfo *b)
+{
+	NTSTATUS status;
+	bool ret = true;
+
+	status = dcerpc_pipe_connect_b(ctx,
+				       &b->drs_pipe, ctx->drsuapi_binding,
+				       &ndr_table_drsuapi,
+				       credentials, tctx->ev, tctx->lp_ctx);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("Failed to connect to server as a BDC: %s\n", nt_errstr(status));
+		return false;
+	}
+	b->drs_handle = b->drs_pipe->binding_handle;
+
+	status = dcerpc_drsuapi_DsBind_r(b->drs_handle, ctx, &b->req);
+	if (!NT_STATUS_IS_OK(status)) {
+		const char *errstr = nt_errstr(status);
+		printf("dcerpc_drsuapi_DsBind failed - %s\n", errstr);
+		ret = false;
+	} else if (!W_ERROR_IS_OK(b->req.out.result)) {
+		printf("DsBind failed - %s\n", win_errstr(b->req.out.result));
+		ret = false;
+	}
+
+	ZERO_STRUCT(b->peer_bind_info28);
+	if (b->req.out.bind_info) {
+		switch (b->req.out.bind_info->length) {
+		case 24: {
+			struct drsuapi_DsBindInfo24 *info24;
+			info24 = &b->req.out.bind_info->info.info24;
+			b->peer_bind_info28.supported_extensions= info24->supported_extensions;
+			b->peer_bind_info28.site_guid		= info24->site_guid;
+			b->peer_bind_info28.pid			= info24->pid;
+			b->peer_bind_info28.repl_epoch		= 0;
+			break;
+		}
+		case 28: {
+			b->peer_bind_info28 = b->req.out.bind_info->info.info28;
+			break;
+		}
+		case 32: {
+			struct drsuapi_DsBindInfo32 *info32;
+			info32 = &b->req.out.bind_info->info.info32;
+			b->peer_bind_info28.supported_extensions= info32->supported_extensions;
+			b->peer_bind_info28.site_guid		= info32->site_guid;
+			b->peer_bind_info28.pid			= info32->pid;
+			b->peer_bind_info28.repl_epoch		= info32->repl_epoch;
+			break;
+		}
+		case 48: {
+			struct drsuapi_DsBindInfo48 *info48;
+			info48 = &b->req.out.bind_info->info.info48;
+			b->peer_bind_info28.supported_extensions= info48->supported_extensions;
+			b->peer_bind_info28.site_guid		= info48->site_guid;
+			b->peer_bind_info28.pid			= info48->pid;
+			b->peer_bind_info28.repl_epoch		= info48->repl_epoch;
+			break;
+		}
+		case 52: {
+			struct drsuapi_DsBindInfo52 *info52;
+			info52 = &b->req.out.bind_info->info.info52;
+			b->peer_bind_info28.supported_extensions= info52->supported_extensions;
+			b->peer_bind_info28.site_guid		= info52->site_guid;
+			b->peer_bind_info28.pid			= info52->pid;
+			b->peer_bind_info28.repl_epoch		= info52->repl_epoch;
+			break;
+		}
+		default:
+			printf("DsBind - warning: unknown BindInfo length: %u\n",
+			       b->req.out.bind_info->length);
+		}
+	}
+
+	return ret;
+}
+
+
+static bool test_getinfo(struct torture_context *tctx,
+			 struct DsGetinfoTest *ctx)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p = ctx->admin.drsuapi.drs_pipe;
+	struct dcerpc_binding_handle *b = ctx->admin.drsuapi.drs_handle;
+	struct drsuapi_DsReplicaGetInfo r;
+	union drsuapi_DsReplicaGetInfoRequest req;
+	union drsuapi_DsReplicaInfo info;
+	enum drsuapi_DsReplicaInfoType info_type;
+	int i;
+	bool no_invalid_levels = true;
+	struct {
+		int32_t level;
+		int32_t infotype;
+		const char *obj_dn;
+		const char *attribute_name;
+		uint32_t flags;
+	} array[] = {
+		{
+			.level = DRSUAPI_DS_REPLICA_GET_INFO,
+			.infotype = DRSUAPI_DS_REPLICA_INFO_NEIGHBORS
+		},{
+			.level = DRSUAPI_DS_REPLICA_GET_INFO,
+			.infotype = DRSUAPI_DS_REPLICA_INFO_CURSORS
+		},{
+			.level = DRSUAPI_DS_REPLICA_GET_INFO,
+			.infotype = DRSUAPI_DS_REPLICA_INFO_OBJ_METADATA
+		},{
+			.level = DRSUAPI_DS_REPLICA_GET_INFO,
+			.infotype = DRSUAPI_DS_REPLICA_INFO_KCC_DSA_CONNECT_FAILURES
+		},{
+			.level = DRSUAPI_DS_REPLICA_GET_INFO,
+			.infotype = DRSUAPI_DS_REPLICA_INFO_KCC_DSA_LINK_FAILURES
+		},{
+			.level = DRSUAPI_DS_REPLICA_GET_INFO,
+			.infotype = DRSUAPI_DS_REPLICA_INFO_PENDING_OPS
+		},{
+			.level = DRSUAPI_DS_REPLICA_GET_INFO2,
+			.infotype = DRSUAPI_DS_REPLICA_INFO_ATTRIBUTE_VALUE_METADATA
+		},{
+			.level = DRSUAPI_DS_REPLICA_GET_INFO2,
+			.infotype = DRSUAPI_DS_REPLICA_INFO_CURSORS2
+		},{
+			.level = DRSUAPI_DS_REPLICA_GET_INFO2,
+			.infotype = DRSUAPI_DS_REPLICA_INFO_CURSORS3
+		},{
+			.level = DRSUAPI_DS_REPLICA_GET_INFO2,
+			.infotype = DRSUAPI_DS_REPLICA_INFO_OBJ_METADATA2,
+			.obj_dn = "CN=Domain Admins,CN=Users,",
+			.flags = 0
+		},{
+			.level = DRSUAPI_DS_REPLICA_GET_INFO2,
+			.infotype = DRSUAPI_DS_REPLICA_INFO_OBJ_METADATA2,
+			.obj_dn = "CN=Domain Admins,CN=Users,",
+			.flags = DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE
+		},{
+			.level = DRSUAPI_DS_REPLICA_GET_INFO2,
+			.infotype = DRSUAPI_DS_REPLICA_INFO_ATTRIBUTE_VALUE_METADATA2
+		},{
+			.level = DRSUAPI_DS_REPLICA_GET_INFO2,
+			.infotype = DRSUAPI_DS_REPLICA_INFO_REPSTO
+		},{
+			.level = DRSUAPI_DS_REPLICA_GET_INFO2,
+			.infotype = DRSUAPI_DS_REPLICA_INFO_CLIENT_CONTEXTS
+		},{
+			.level = DRSUAPI_DS_REPLICA_GET_INFO2,
+			.infotype = DRSUAPI_DS_REPLICA_INFO_UPTODATE_VECTOR_V1
+		},{
+			.level = DRSUAPI_DS_REPLICA_GET_INFO2,
+			.infotype = DRSUAPI_DS_REPLICA_INFO_SERVER_OUTGOING_CALLS
+		}
+	};
+
+	ctx->domain_dn = torture_get_ldap_base_dn(tctx, p);
+	torture_assert(tctx, ctx->domain_dn != NULL, "Cannot get domain_dn");
+
+	if (torture_setting_bool(tctx, "samba4", false)) {
+		torture_comment(tctx, "skipping DsReplicaGetInfo test against Samba4\n");
+		return true;
+	}
+
+	r.in.bind_handle	= &ctx->admin.drsuapi.bind_handle;
+	r.in.req		= &req;
+
+	for (i=0; i < ARRAY_SIZE(array); i++) {
+		const char *object_dn;
+
+		torture_comment(tctx, "Testing DsReplicaGetInfo level %d infotype %d\n",
+				array[i].level, array[i].infotype);
+
+		if (array[i].obj_dn) {
+			object_dn = array[i].obj_dn;
+			if (object_dn[strlen(object_dn)-1] == ',') {
+				/* add the domain DN on the end */
+				object_dn = talloc_asprintf(tctx, "%s%s", object_dn, ctx->domain_dn);
+			}
+		} else {
+			object_dn = ctx->domain_dn;
+		}
+
+		r.in.level = array[i].level;
+		switch(r.in.level) {
+		case DRSUAPI_DS_REPLICA_GET_INFO:
+			r.in.req->req1.info_type	= array[i].infotype;
+			r.in.req->req1.object_dn	= object_dn;
+			ZERO_STRUCT(r.in.req->req1.source_dsa_guid);
+			break;
+		case DRSUAPI_DS_REPLICA_GET_INFO2:
+			r.in.req->req2.info_type	= array[i].infotype;
+			r.in.req->req2.object_dn	= object_dn;
+			ZERO_STRUCT(r.in.req->req2.source_dsa_guid);
+			r.in.req->req2.flags		= 0;
+			r.in.req->req2.attribute_name	= NULL;
+			r.in.req->req2.value_dn_str	= NULL;
+			r.in.req->req2.enumeration_context = 0;
+			break;
+		}
+
+		/* Construct a different request for some of the infoTypes */
+		if (array[i].attribute_name != NULL) {
+			r.in.req->req2.attribute_name = array[i].attribute_name;
+		}
+		if (array[i].flags != 0) {
+			r.in.req->req2.flags |= array[i].flags;
+		}
+
+		r.out.info		= &info;
+		r.out.info_type		= &info_type;
+
+		status = dcerpc_drsuapi_DsReplicaGetInfo_r(b, tctx, &r);
+		if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE)) {
+			torture_comment(tctx,
+					"DsReplicaGetInfo level %d and/or infotype %d not supported by server\n",
+					array[i].level, array[i].infotype);
+			continue;
+		}
+		torture_assert_ntstatus_ok(tctx, status, talloc_asprintf(tctx,
+					"DsReplicaGetInfo level %d and/or infotype %d failed\n",
+					array[i].level, array[i].infotype));
+		if (W_ERROR_EQUAL(r.out.result, WERR_INVALID_LEVEL)) {
+			/* this is a not yet supported level */
+			torture_comment(tctx,
+					"DsReplicaGetInfo level %d and/or infotype %d not yet supported by server\n",
+					array[i].level, array[i].infotype);
+			no_invalid_levels = false;
+			continue;
+		}
+
+		torture_drsuapi_assert_call(tctx, p, status, &r, "dcerpc_drsuapi_DsReplicaGetInfo");
+	}
+
+	return no_invalid_levels;
+}
+
+/**
+ * DSGETINFO test case setup
+ */
+static bool torture_dsgetinfo_tcase_setup(struct torture_context *tctx, void **data)
+{
+	bool bret;
+	struct DsGetinfoTest *ctx;
+
+	*data = ctx = test_create_context(tctx);
+	torture_assert(tctx, ctx, "test_create_context() failed");
+
+	bret = _test_DsBind(tctx, ctx, ctx->admin.credentials, &ctx->admin.drsuapi);
+	torture_assert(tctx, bret, "_test_DsBind() failed");
+
+	return true;
+}
+
+/**
+ * DSGETINFO test case cleanup
+ */
+static bool torture_dsgetinfo_tcase_teardown(struct torture_context *tctx, void *data)
+{
+	struct DsGetinfoTest *ctx;
+	struct drsuapi_DsUnbind r;
+	struct policy_handle bind_handle;
+
+	ctx = talloc_get_type(data, struct DsGetinfoTest);
+
+	ZERO_STRUCT(r);
+	r.out.bind_handle = &bind_handle;
+
+	/* Unbing admin handle */
+	r.in.bind_handle = &ctx->admin.drsuapi.bind_handle;
+	if (ctx->admin.drsuapi.drs_handle) {
+		dcerpc_drsuapi_DsUnbind_r(ctx->admin.drsuapi.drs_handle,
+					  ctx, &r);
+	}
+
+	talloc_free(ctx);
+
+	return true;
+}
+
+/**
+ * DSGETINFO test case implementation
+ */
+void torture_drs_rpc_dsgetinfo_tcase(struct torture_suite *suite)
+{
+	typedef bool (*run_func) (struct torture_context *test, void *tcase_data);
+	struct torture_tcase *tcase = torture_suite_add_tcase(suite, "dsgetinfo");
+
+	torture_tcase_set_fixture(tcase,
+				  torture_dsgetinfo_tcase_setup,
+				  torture_dsgetinfo_tcase_teardown);
+
+	torture_tcase_add_simple_test(tcase, "DsGetReplicaInfo", (run_func)test_getinfo);
+}
+
diff --git a/source4/torture/rpc/dssetup.c b/source4/torture/rpc/dssetup.c
new file mode 100644
index 0000000..9a61199
--- /dev/null
+++ b/source4/torture/rpc/dssetup.c
@@ -0,0 +1,64 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   test suite for dssetup rpc operations
+
+   Copyright (C) Andrew Tridgell 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_dssetup_c.h"
+#include "torture/rpc/torture_rpc.h"
+
+
+bool test_DsRoleGetPrimaryDomainInformation_ext(struct torture_context *tctx, 
+						struct dcerpc_pipe *p,
+						NTSTATUS ext_status)
+{
+	struct dssetup_DsRoleGetPrimaryDomainInformation r;
+	NTSTATUS status;
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	for (i=DS_ROLE_BASIC_INFORMATION; i <= DS_ROLE_OP_STATUS; i++) {
+		r.in.level = i;
+		torture_comment(tctx, "dcerpc_dssetup_DsRoleGetPrimaryDomainInformation level %d\n", i);
+
+		status = dcerpc_dssetup_DsRoleGetPrimaryDomainInformation_r(b, tctx, &r);
+		torture_assert_ntstatus_equal(tctx, ext_status, status, "DsRoleGetPrimaryDomainInformation failed");
+		if (NT_STATUS_IS_OK(ext_status)) {
+			torture_assert_werr_ok(tctx, r.out.result, "DsRoleGetPrimaryDomainInformation failed");
+		}
+	}
+
+	return true;
+}
+
+bool test_DsRoleGetPrimaryDomainInformation(struct torture_context *tctx, 
+					    struct dcerpc_pipe *p)
+{
+	return test_DsRoleGetPrimaryDomainInformation_ext(tctx, p, NT_STATUS_OK);
+}
+
+struct torture_suite *torture_rpc_dssetup(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "dssetup");
+	struct torture_rpc_tcase *tcase = torture_suite_add_rpc_iface_tcase(suite, "dssetup", &ndr_table_dssetup);
+
+	torture_rpc_tcase_add_test(tcase, "DsRoleGetPrimaryDomainInformation", test_DsRoleGetPrimaryDomainInformation);
+
+	return suite;
+}
diff --git a/source4/torture/rpc/echo.c b/source4/torture/rpc/echo.c
new file mode 100644
index 0000000..93fd408
--- /dev/null
+++ b/source4/torture/rpc/echo.c
@@ -0,0 +1,474 @@
+/* 
+   Unix SMB/CIFS implementation.
+   test suite for echo rpc operations
+
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) Stefan (metze) Metzmacher 2005
+   Copyright (C) Jelmer Vernooij 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/rpc/torture_rpc.h"
+#include "lib/events/events.h"
+#include "librpc/gen_ndr/ndr_echo_c.h"
+
+
+/*
+  test the AddOne interface
+*/
+#define TEST_ADDONE(tctx, value) do { \
+	n = i = value; \
+	r.in.in_data = n; \
+	r.out.out_data = &n; \
+	torture_assert_ntstatus_ok(tctx, dcerpc_echo_AddOne_r(b, tctx, &r), \
+		talloc_asprintf(tctx, "AddOne(%d) failed", i)); \
+	torture_assert (tctx, n == i+1, talloc_asprintf(tctx, "%d + 1 != %u (should be %u)\n", i, n, i+1)); \
+	torture_comment (tctx, "%d + 1 = %u\n", i, n); \
+} while(0)
+
+static bool test_addone(struct torture_context *tctx, 
+			struct dcerpc_pipe *p)
+{
+	uint32_t i;
+	uint32_t n;
+	struct echo_AddOne r;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	for (i=0;i<10;i++) {
+		TEST_ADDONE(tctx, i);
+	}
+
+	TEST_ADDONE(tctx, 0x7FFFFFFE);
+	TEST_ADDONE(tctx, 0xFFFFFFFE);
+	TEST_ADDONE(tctx, 0xFFFFFFFF);
+	TEST_ADDONE(tctx, random() & 0xFFFFFFFF);
+	return true;
+}
+
+/*
+  test the EchoData interface
+*/
+static bool test_echodata(struct torture_context *tctx,
+			  struct dcerpc_pipe *p)
+{
+	int i;
+	uint8_t *data_in, *data_out;
+	int len;
+	struct echo_EchoData r;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (torture_setting_bool(tctx, "quick", false) &&
+	    (p->conn->flags & DCERPC_DEBUG_VALIDATE_BOTH)) {
+		len = 1 + (random() % 500);
+	} else {
+		len = 1 + (random() % 5000);
+	}
+
+	data_in = talloc_array(tctx, uint8_t, len);
+	data_out = talloc_array(tctx, uint8_t, len);
+	for (i=0;i<len;i++) {
+		data_in[i] = i;
+	}
+	
+	r.in.len = len;
+	r.in.in_data = data_in;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_echo_EchoData_r(b, tctx, &r),
+		talloc_asprintf(tctx, "EchoData(%d) failed\n", len));
+
+	data_out = r.out.out_data;
+
+	for (i=0;i<len;i++) {
+		if (data_in[i] != data_out[i]) {
+			torture_comment(tctx, "Bad data returned for len %d at offset %d\n", 
+			       len, i);
+			torture_comment(tctx, "in:\n");
+			dump_data(0, data_in+i, MIN(len-i, 16));
+			torture_comment(tctx, "out:\n");
+			dump_data(0, data_out+i, MIN(len-1, 16));
+			return false;
+		}
+	}
+	return true;
+}
+
+/*
+  test the SourceData interface
+*/
+static bool test_sourcedata(struct torture_context *tctx,
+			    struct dcerpc_pipe *p)
+{
+	int i;
+	int len;
+	struct echo_SourceData r;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (torture_setting_bool(tctx, "quick", false) &&
+	    (p->conn->flags & DCERPC_DEBUG_VALIDATE_BOTH)) {
+		len = 100 + (random() % 500);
+	} else {
+		len = 200000 + (random() % 5000);
+	}
+
+	r.in.len = len;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_echo_SourceData_r(b, tctx, &r),
+		talloc_asprintf(tctx, "SourceData(%d) failed", len));
+
+	for (i=0;i<len;i++) {
+		uint8_t *v = (uint8_t *)r.out.data;
+		torture_assert(tctx, v[i] == (i & 0xFF),
+			talloc_asprintf(tctx, 
+						"bad data 0x%x at %d\n", (uint8_t)r.out.data[i], i));
+	}
+	return true;
+}
+
+/*
+  test the SinkData interface
+*/
+static bool test_sinkdata(struct torture_context *tctx, 
+			  struct dcerpc_pipe *p)
+{
+	int i;
+	uint8_t *data_in;
+	int len;
+	struct echo_SinkData r;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (torture_setting_bool(tctx, "quick", false) &&
+	    (p->conn->flags & DCERPC_DEBUG_VALIDATE_BOTH)) {
+		len = 100 + (random() % 5000);
+	} else {
+		len = 200000 + (random() % 5000);
+	}
+
+	data_in = talloc_array(tctx, uint8_t, len);
+	for (i=0;i<len;i++) {
+		data_in[i] = i+1;
+	}
+
+	r.in.len = len;
+	r.in.data = data_in;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_echo_SinkData_r(b, tctx, &r),
+		talloc_asprintf(tctx, "SinkData(%d) failed", len));
+
+	torture_comment(tctx, "sunk %d bytes\n", len);
+	return true;
+}
+
+
+/*
+  test the testcall interface
+*/
+static bool test_testcall(struct torture_context *tctx,
+			  struct dcerpc_pipe *p)
+{
+	struct echo_TestCall r;
+	const char *s = NULL;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.s1 = "input string";
+	r.out.s2 = &s;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_echo_TestCall_r(b, tctx, &r),
+		"TestCall failed");
+
+	torture_assert_str_equal(tctx, s, "input string", "Didn't receive back same string");
+
+	return true;
+}
+
+/*
+  test the testcall interface
+*/
+static bool test_testcall2(struct torture_context *tctx,
+			   struct dcerpc_pipe *p)
+{
+	struct echo_TestCall2 r;
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	for (i=1;i<=7;i++) {
+		r.in.level = i;
+		r.out.info = talloc(tctx, union echo_Info);
+
+		torture_comment(tctx, "Testing TestCall2 level %d\n", i);
+		torture_assert_ntstatus_ok(tctx, dcerpc_echo_TestCall2_r(b, tctx, &r),
+			"TestCall2 failed");
+		torture_assert_ntstatus_ok(tctx, r.out.result, "TestCall2 failed");
+	}
+	return true;
+}
+
+static void test_sleep_done(struct tevent_req *subreq)
+{
+	bool *done1 = (bool *)tevent_req_callback_data_void(subreq);
+	*done1 = true;
+}
+
+/*
+  test the TestSleep interface
+*/
+static bool test_sleep(struct torture_context *tctx,
+		       struct dcerpc_pipe *p)
+{
+	int i;
+#define ASYNC_COUNT 3
+	struct tevent_req *req[ASYNC_COUNT];
+	struct echo_TestSleep r[ASYNC_COUNT];
+	bool done1[ASYNC_COUNT];
+	bool done2[ASYNC_COUNT];
+	struct timeval snd[ASYNC_COUNT];
+	struct timeval rcv[ASYNC_COUNT];
+	struct timeval diff[ASYNC_COUNT];
+	int total_done = 0;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	enum dcerpc_transport_t transport;
+	uint32_t assoc_group_id;
+	struct dcerpc_pipe *p2 = NULL;
+	NTSTATUS status;
+
+	if (torture_setting_bool(tctx, "quick", false)) {
+		torture_skip(tctx, "TestSleep disabled - use \"torture:quick=no\" to enable\n");
+	}
+	torture_comment(tctx, "Testing TestSleep - use \"torture:quick=yes\" to disable\n");
+
+	transport	= dcerpc_binding_get_transport(p->binding);
+	assoc_group_id	= dcerpc_binding_get_assoc_group_id(p->binding);
+
+	torture_comment(tctx, "connect echo connection 2 with "
+			"DCERPC_CONCURRENT_MULTIPLEX\n");
+	status = torture_rpc_connection_transport(tctx, &p2,
+						  &ndr_table_rpcecho,
+						  transport,
+						  assoc_group_id,
+						  DCERPC_CONCURRENT_MULTIPLEX);
+	torture_assert_ntstatus_ok(tctx, status, "opening echo connection 2");
+	b = p2->binding_handle;
+
+	for (i=0;i<ASYNC_COUNT;i++) {
+		done1[i]	= false;
+		done2[i]	= false;
+		snd[i]		= timeval_current();
+		rcv[i]		= timeval_zero();
+		r[i].in.seconds = ASYNC_COUNT-i;
+		req[i] = dcerpc_echo_TestSleep_r_send(tctx, tctx->ev, b, &r[i]);
+		torture_assert(tctx, req[i], "Failed to send async sleep request\n");
+		tevent_req_set_callback(req[i], test_sleep_done, &done1[i]);
+	}
+
+	while (total_done < ASYNC_COUNT) {
+		torture_assert(tctx, tevent_loop_once(tctx->ev) == 0,
+					   "Event context loop failed");
+		for (i=0;i<ASYNC_COUNT;i++) {
+			if (done2[i] == false && done1[i] == true) {
+				int rounded_tdiff;
+				total_done++;
+				done2[i] = true;
+				rcv[i]	= timeval_current();
+				diff[i]	= timeval_until(&snd[i], &rcv[i]);
+				rounded_tdiff = (int)(0.5 + diff[i].tv_sec + (1.0e-6*diff[i].tv_usec));
+				torture_comment(tctx, "rounded_tdiff=%d\n", rounded_tdiff);
+				torture_assert_ntstatus_ok(tctx,
+					dcerpc_echo_TestSleep_r_recv(req[i], tctx),
+					talloc_asprintf(tctx, "TestSleep(%d) failed", i));
+				torture_assert(tctx, r[i].out.result == r[i].in.seconds,
+					talloc_asprintf(tctx, "Failed - Asked to sleep for %u seconds (server replied with %u seconds and the reply takes only %u seconds)", 
+						r[i].out.result, r[i].in.seconds, (unsigned int)diff[i].tv_sec));
+				torture_assert(tctx, r[i].out.result <= rounded_tdiff, 
+					talloc_asprintf(tctx, "Failed - Slept for %u seconds (but reply takes only %u.%06u seconds)", 
+						r[i].out.result, (unsigned int)diff[i].tv_sec, (unsigned int)diff[i].tv_usec));
+				if (r[i].out.result+1 == rounded_tdiff) {
+					torture_comment(tctx, "Slept for %u seconds (but reply takes %u.%06u seconds - busy server?)\n", 
+							r[i].out.result, (unsigned int)diff[i].tv_sec, (unsigned int)diff[i].tv_usec);
+				} else if (r[i].out.result == rounded_tdiff) {
+					torture_comment(tctx, "Slept for %u seconds (reply takes %u.%06u seconds - ok)\n", 
+							r[i].out.result, (unsigned int)diff[i].tv_sec, (unsigned int)diff[i].tv_usec);
+				} else {
+					torture_fail(tctx, talloc_asprintf(tctx,
+						     "(Failed) - Not async - Slept for %u seconds (but reply takes %u.%06u seconds)\n",
+						     r[i].out.result, (unsigned int)diff[i].tv_sec, (unsigned int)diff[i].tv_usec));
+				}
+			}
+		}
+	}
+	torture_comment(tctx, "\n");
+	return true;
+}
+
+/*
+  test enum handling
+*/
+static bool test_enum(struct torture_context *tctx,
+						  struct dcerpc_pipe *p)
+{
+	struct echo_TestEnum r;
+	enum echo_Enum1 v = ECHO_ENUM1;
+	struct echo_Enum2 e2;
+	union echo_Enum3 e3;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.foo1 = &v;
+	r.in.foo2 = &e2;
+	r.in.foo3 = &e3;
+	r.out.foo1 = &v;
+	r.out.foo2 = &e2;
+	r.out.foo3 = &e3;
+
+	e2.e1 = 76;
+	e2.e2 = ECHO_ENUM1_32;
+	e3.e1 = ECHO_ENUM2;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_echo_TestEnum_r(b, tctx, &r),
+		"TestEnum failed");
+	return true;
+}
+
+/*
+  test surrounding conformant array handling
+*/
+static bool test_surrounding(struct torture_context *tctx,
+						  struct dcerpc_pipe *p)
+{
+	struct echo_TestSurrounding r;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	ZERO_STRUCT(r);
+	r.in.data = talloc(tctx, struct echo_Surrounding);
+
+	r.in.data->x = 20;
+	r.in.data->surrounding = talloc_zero_array(tctx, uint16_t, r.in.data->x);
+
+	r.out.data = talloc(tctx, struct echo_Surrounding);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_echo_TestSurrounding_r(b, tctx, &r),
+		"TestSurrounding failed");
+	
+	torture_assert(tctx, r.out.data->x == 2 * r.in.data->x,
+		"TestSurrounding did not make the array twice as large");
+
+	return true;
+}
+
+/*
+  test multiple levels of pointers
+*/
+static bool test_doublepointer(struct torture_context *tctx,
+			       struct dcerpc_pipe *p)
+{
+	struct echo_TestDoublePointer r;
+	uint16_t value = 12;
+	uint16_t *pvalue = &value;
+	uint16_t **ppvalue = &pvalue;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	ZERO_STRUCT(r);
+	r.in.data = &ppvalue;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_echo_TestDoublePointer_r(b, tctx, &r),
+		"TestDoublePointer failed");
+
+	torture_assert_int_equal(tctx, value, r.out.result, 
+					"TestDoublePointer did not return original value");
+	return true;
+}
+
+
+/*
+  test request timeouts
+*/
+#if 0 /* this test needs fixing to work over ncacn_np */
+static bool test_timeout(struct torture_context *tctx,
+						 struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct rpc_request *req;
+	struct echo_TestSleep r;
+	int timeout_saved = p->request_timeout;
+
+	if (torture_setting_bool(tctx, "quick", false)) {
+		torture_skip(tctx, "timeout testing disabled - use \"torture:quick=no\" to enable\n");
+	}
+
+	torture_comment(tctx, "testing request timeouts\n");
+	r.in.seconds = 2;
+	p->request_timeout = 1;
+
+	req = dcerpc_echo_TestSleep_send(p, tctx, &r);
+	if (!req) {
+		torture_comment(tctx, "Failed to send async sleep request\n");
+		goto failed;
+	}
+	req->ignore_timeout = true;
+
+	status	= dcerpc_echo_TestSleep_recv(req);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_IO_TIMEOUT, 
+								  "request should have timed out");
+
+	torture_comment(tctx, "testing request destruction\n");
+	req = dcerpc_echo_TestSleep_send(p, tctx, &r);
+	if (!req) {
+		torture_comment(tctx, "Failed to send async sleep request\n");
+		goto failed;
+	}
+	talloc_free(req);
+
+	req = dcerpc_echo_TestSleep_send(p, tctx, &r);
+	if (!req) {
+		torture_comment(tctx, "Failed to send async sleep request\n");
+		goto failed;
+	}
+	req->ignore_timeout = true;
+	status	= dcerpc_echo_TestSleep_recv(req);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_IO_TIMEOUT, 
+		"request should have timed out");
+
+	p->request_timeout = timeout_saved;
+	
+	return test_addone(tctx, p);
+
+failed:
+	p->request_timeout = timeout_saved;
+	return false;
+}
+#endif
+
+struct torture_suite *torture_rpc_echo(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "echo");
+	struct torture_rpc_tcase *tcase;
+
+	tcase = torture_suite_add_rpc_iface_tcase(suite, "echo", 
+						  &ndr_table_rpcecho);
+
+	torture_rpc_tcase_add_test(tcase, "addone", test_addone);
+	torture_rpc_tcase_add_test(tcase, "sinkdata", test_sinkdata);
+	torture_rpc_tcase_add_test(tcase, "echodata", test_echodata);
+	torture_rpc_tcase_add_test(tcase, "sourcedata", test_sourcedata);
+	torture_rpc_tcase_add_test(tcase, "testcall", test_testcall);
+	torture_rpc_tcase_add_test(tcase, "testcall2", test_testcall2);
+	torture_rpc_tcase_add_test(tcase, "enum", test_enum);
+	torture_rpc_tcase_add_test(tcase, "surrounding", test_surrounding);
+	torture_rpc_tcase_add_test(tcase, "doublepointer", test_doublepointer);
+	torture_rpc_tcase_add_test(tcase, "sleep", test_sleep);
+#if 0 /* this test needs fixing to work over ncacn_np */
+	torture_rpc_tcase_add_test(tcase, "timeout", test_timeout);
+#endif
+
+	return suite;
+}
diff --git a/source4/torture/rpc/epmapper.c b/source4/torture/rpc/epmapper.c
new file mode 100644
index 0000000..d1202c2
--- /dev/null
+++ b/source4/torture/rpc/epmapper.c
@@ -0,0 +1,679 @@
+/* 
+   Unix SMB/CIFS implementation.
+   test suite for epmapper rpc operations
+
+   Copyright (C) Andrew Tridgell 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_epmapper_c.h"
+#include "librpc/ndr/ndr_table.h"
+#include "librpc/rpc/dcerpc_proto.h"
+#include "torture/rpc/torture_rpc.h"
+#include "lib/util/util_net.h"
+#include "librpc/rpc/rpc_common.h"
+
+/*
+  display any protocol tower
+ */
+static void display_tower(struct torture_context *tctx, struct epm_tower *twr)
+{
+	int i;
+
+	for (i = 0; i < twr->num_floors; i++) {
+		torture_comment(tctx,
+				" %s",
+				epm_floor_string(tctx, &twr->floors[i]));
+	}
+	torture_comment(tctx, "\n");
+}
+
+static bool test_Insert(struct torture_context *tctx,
+			struct dcerpc_binding_handle *h,
+			struct ndr_syntax_id object,
+			const char *annotation,
+			const struct dcerpc_binding *b)
+{
+	struct epm_Insert r;
+	NTSTATUS status;
+
+	r.in.num_ents = 1;
+	r.in.entries = talloc_array(tctx, struct epm_entry_t, 1);
+
+	if (torture_setting_bool(tctx, "samba4", false)) {
+		torture_skip(tctx, "Skip Insert test against Samba4");
+	}
+
+	/* FIXME zero */
+	ZERO_STRUCT(r.in.entries[0].object);
+	r.in.entries[0].annotation = annotation;
+
+	r.in.entries[0].tower = talloc(tctx, struct epm_twr_t);
+
+	status = dcerpc_binding_build_tower(tctx,
+					    b,
+					    &r.in.entries[0].tower->tower);
+
+	torture_assert_ntstatus_ok(tctx,
+				   status,
+				   "Unable to build tower from binding struct");
+	r.in.replace = 0;
+
+	/* shoot! */
+	status = dcerpc_epm_Insert_r(h, tctx, &r);
+
+	if (NT_STATUS_IS_ERR(status)) {
+		torture_comment(tctx,
+				"epm_Insert failed - %s\n",
+				nt_errstr(status));
+		return false;
+	}
+
+	if (r.out.result != EPMAPPER_STATUS_OK) {
+		torture_comment(tctx,
+				"epm_Insert failed - internal error: 0x%.4x\n",
+				r.out.result);
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_Delete(struct torture_context *tctx,
+			struct dcerpc_binding_handle *h,
+			const char *annotation,
+			const struct dcerpc_binding *b)
+{
+	NTSTATUS status;
+	struct epm_Delete r;
+
+	r.in.num_ents = 1;
+	r.in.entries = talloc_array(tctx, struct epm_entry_t, 1);
+
+	ZERO_STRUCT(r.in.entries[0].object);
+	r.in.entries[0].annotation = annotation;
+
+	r.in.entries[0].tower = talloc(tctx, struct epm_twr_t);
+
+	status = dcerpc_binding_build_tower(tctx,
+					    b,
+					    &r.in.entries[0].tower->tower);
+
+	torture_assert_ntstatus_ok(tctx,
+				   status,
+				   "Unable to build tower from binding struct");
+	r.in.num_ents = 1;
+
+	status = dcerpc_epm_Delete_r(h, tctx, &r);
+	if (NT_STATUS_IS_ERR(status)) {
+		torture_comment(tctx,
+				"epm_Delete failed - %s\n",
+				nt_errstr(status));
+		return false;
+	}
+
+	if (r.out.result != EPMAPPER_STATUS_OK) {
+		torture_comment(tctx,
+				"epm_Delete failed - internal error: 0x%.4x\n",
+				r.out.result);
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_Map_tcpip(struct torture_context *tctx,
+			   struct dcerpc_binding_handle *h,
+			   struct ndr_syntax_id map_syntax)
+{
+	struct epm_Map r;
+	struct GUID uuid;
+	struct policy_handle entry_handle;
+	struct ndr_syntax_id syntax;
+	struct dcerpc_binding *map_binding;
+	struct epm_twr_t map_tower;
+	struct epm_twr_p_t towers[20];
+	struct epm_tower t;
+	uint32_t num_towers;
+	uint32_t port;
+	uint32_t i;
+	long int p;
+	const char *tmp;
+	const char *ip;
+	char *ptr;
+	NTSTATUS status;
+
+	torture_comment(tctx, "Testing epm_Map\n");
+
+	ZERO_STRUCT(uuid);
+	ZERO_STRUCT(entry_handle);
+
+	r.in.object = &uuid;
+	r.in.map_tower = &map_tower;
+	r.in.entry_handle = &entry_handle;
+	r.out.entry_handle = &entry_handle;
+	r.in.max_towers = 10;
+	r.out.towers = towers;
+	r.out.num_towers = &num_towers;
+
+	/* Create map tower */
+	status = dcerpc_parse_binding(tctx, "ncacn_ip_tcp:[135]", &map_binding);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "epm_Map_tcpip failed: can't create map_binding");
+
+	status = dcerpc_binding_set_abstract_syntax(map_binding, &map_syntax);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "epm_Map_tcpip failed: set map_syntax");
+
+	status = dcerpc_binding_build_tower(tctx, map_binding,
+					    &map_tower.tower);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "epm_Map_tcpip failed: can't create map_tower");
+
+	torture_comment(tctx,
+			"epm_Map request for '%s':\n",
+			ndr_interface_name(&map_syntax.uuid, map_syntax.if_version));
+	display_tower(tctx, &r.in.map_tower->tower);
+
+	status = dcerpc_epm_Map_r(h, tctx, &r);
+
+	torture_assert_ntstatus_ok(tctx, status, "epm_Map_simple failed");
+	torture_assert(tctx, r.out.result == EPMAPPER_STATUS_OK,
+		       "epm_Map_tcpip failed: result is not EPMAPPER_STATUS_OK");
+
+	/* Check the result */
+	t = r.out.towers[0].twr->tower;
+
+	/* Check if we got the correct RPC interface identifier */
+	dcerpc_floor_get_uuid_full(&t.floors[0], &syntax);
+	torture_assert(tctx, ndr_syntax_id_equal(&syntax, &map_syntax),
+		       "epm_Map_tcpip failed: Interface identifier mismatch");
+
+	torture_comment(tctx,
+			"epm_Map_tcpip response for '%s':\n",
+			ndr_interface_name(&syntax.uuid, syntax.if_version));
+
+	dcerpc_floor_get_uuid_full(&t.floors[1], &syntax);
+	torture_assert(tctx, ndr_syntax_id_equal(&syntax, &ndr_transfer_syntax_ndr),
+		       "epm_Map_tcpip failed: floor 2 is not NDR encoded");
+
+	torture_assert(tctx, t.floors[2].lhs.protocol == EPM_PROTOCOL_NCACN,
+		       "epm_Map_tcpip failed: floor 3 is not NCACN_IP_TCP");
+
+	tmp = dcerpc_floor_get_rhs_data(tctx, &t.floors[3]);
+	p = strtol(tmp, &ptr, 10);
+	port = p & 0xffff;
+	torture_assert(tctx, port > 1024 && port < 65535, "epm_Map_tcpip failed");
+
+	ip = dcerpc_floor_get_rhs_data(tctx, &t.floors[4]);
+	torture_assert(tctx, is_ipaddress(ip), "epm_Map_tcpip failed");
+
+	for (i = 0; i < *r.out.num_towers; i++) {
+		if (r.out.towers[i].twr) {
+			display_tower(tctx, &t);
+		}
+	}
+
+	return true;
+}
+
+static bool test_Map_full(struct torture_context *tctx,
+			   struct dcerpc_pipe *p)
+{
+	const struct ndr_syntax_id obj = {
+		{ 0x8a885d04, 0x1ceb, 0x11c9, {0x9f, 0xe8}, {0x08,0x00,0x2b,0x10,0x48,0x60} },
+		2
+	};
+	struct dcerpc_binding_handle *h = p->binding_handle;
+	const char *annotation = "SMBTORTURE";
+	struct dcerpc_binding *b;
+	NTSTATUS status;
+	bool ok;
+
+	status = dcerpc_parse_binding(tctx, "ncacn_ip_tcp:216.83.154.106[41768]", &b);
+	torture_assert_ntstatus_ok(tctx,
+				   status,
+				   "Unable to generate dcerpc_binding struct");
+	status = dcerpc_binding_set_abstract_syntax(b, &obj);
+	torture_assert_ntstatus_ok(tctx, status, "dcerpc_binding_set_abstract_syntax");
+
+	ok = test_Insert(tctx, h, obj, annotation, b);
+	torture_assert(tctx, ok, "test_Insert failed");
+
+	ok = test_Map_tcpip(tctx, h, obj);
+	torture_assert(tctx, ok, "test_Map_tcpip failed");
+
+	ok = test_Delete(tctx, h, annotation, b);
+	torture_assert(tctx, ok, "test_Delete failed");
+
+	return true;
+}
+
+static bool test_Map_display(struct dcerpc_binding_handle *b,
+			     struct torture_context *tctx,
+			     struct epm_entry_t *entry)
+
+{
+	NTSTATUS status;
+	struct epm_twr_t *twr = entry->tower;
+	struct epm_Map r;
+	struct GUID uuid = entry->object;
+	struct policy_handle handle;
+	struct ndr_syntax_id syntax;
+	uint32_t num_towers;
+	uint32_t i;
+
+	ZERO_STRUCT(handle);
+
+	r.in.object = &uuid;
+	r.in.map_tower = twr;
+	r.in.entry_handle = &handle;
+	r.out.entry_handle = &handle;
+	r.in.max_towers = 10;
+	r.out.num_towers = &num_towers;
+
+	dcerpc_floor_get_uuid_full(&twr->tower.floors[0], &syntax);
+
+	torture_comment(tctx,
+			"epm_Map results for '%s':\n",
+			ndr_interface_name(&syntax.uuid, syntax.if_version));
+
+	status = dcerpc_epm_Map_r(b, tctx, &r);
+	if (NT_STATUS_IS_OK(status) && r.out.result == 0) {
+		for (i=0;i<*r.out.num_towers;i++) {
+			if (r.out.towers[i].twr) {
+				display_tower(tctx, &r.out.towers[i].twr->tower);
+			}
+		}
+	}
+
+	/* RPC protocol identifier */
+	twr->tower.floors[2].lhs.protocol = EPM_PROTOCOL_NCACN;
+	twr->tower.floors[2].lhs.lhs_data = data_blob(NULL, 0);
+	twr->tower.floors[2].rhs.ncacn.minor_version = 0;
+
+	/* Port address */
+	twr->tower.floors[3].lhs.protocol = EPM_PROTOCOL_TCP;
+	twr->tower.floors[3].lhs.lhs_data = data_blob(NULL, 0);
+	twr->tower.floors[3].rhs.tcp.port = 0;
+
+	/* Transport */
+	twr->tower.floors[4].lhs.protocol = EPM_PROTOCOL_IP;
+	twr->tower.floors[4].lhs.lhs_data = data_blob(NULL, 0);
+	twr->tower.floors[4].rhs.ip.ipaddr = "0.0.0.0";
+
+	status = dcerpc_epm_Map_r(b, tctx, &r);
+	if (NT_STATUS_IS_OK(status) && r.out.result == 0) {
+		for (i=0;i<*r.out.num_towers;i++) {
+			if (r.out.towers[i].twr) {
+				display_tower(tctx, &r.out.towers[i].twr->tower);
+			}
+		}
+	}
+
+	twr->tower.floors[3].lhs.protocol = EPM_PROTOCOL_HTTP;
+	twr->tower.floors[3].lhs.lhs_data = data_blob(NULL, 0);
+	twr->tower.floors[3].rhs.http.port = 0;
+
+	status = dcerpc_epm_Map_r(b, tctx, &r);
+	if (NT_STATUS_IS_OK(status) && r.out.result == 0) {
+		for (i=0;i<*r.out.num_towers;i++) {
+			if (r.out.towers[i].twr) {
+				display_tower(tctx, &r.out.towers[i].twr->tower);
+			}
+		}
+	}
+
+	twr->tower.floors[3].lhs.protocol = EPM_PROTOCOL_UDP;
+	twr->tower.floors[3].lhs.lhs_data = data_blob(NULL, 0);
+	twr->tower.floors[3].rhs.udp.port = 0;
+
+	status = dcerpc_epm_Map_r(b, tctx, &r);
+	if (NT_STATUS_IS_OK(status) && r.out.result == 0) {
+		for (i=0;i<*r.out.num_towers;i++) {
+			if (r.out.towers[i].twr) {
+				display_tower(tctx, &r.out.towers[i].twr->tower);
+			}
+		}
+	}
+
+	twr->tower.floors[3].lhs.protocol = EPM_PROTOCOL_SMB;
+	twr->tower.floors[3].lhs.lhs_data = data_blob(NULL, 0);
+	twr->tower.floors[3].rhs.smb.unc = "";
+
+	twr->tower.floors[4].lhs.protocol = EPM_PROTOCOL_NETBIOS;
+	twr->tower.floors[4].lhs.lhs_data = data_blob(NULL, 0);
+	twr->tower.floors[4].rhs.netbios.name = "";
+
+	status = dcerpc_epm_Map_r(b, tctx, &r);
+	if (NT_STATUS_IS_OK(status) && r.out.result == 0) {
+		for (i = 0; i < *r.out.num_towers; i++) {
+			if (r.out.towers[i].twr) {
+				display_tower(tctx, &r.out.towers[i].twr->tower);
+			}
+		}
+	}
+
+	/* FIXME: Extend to do other protocols as well (ncacn_unix_stream, ncalrpc) */
+
+	return true;
+}
+
+static bool test_Map_simple(struct torture_context *tctx,
+			    struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct epm_Lookup r;
+	struct policy_handle entry_handle;
+	uint32_t num_ents = 0;
+	struct dcerpc_binding_handle *h = p->binding_handle;
+
+	ZERO_STRUCT(entry_handle);
+
+	torture_comment(tctx, "Testing epm_Map\n");
+
+	/* get all elements */
+	r.in.inquiry_type = RPC_C_EP_ALL_ELTS;
+	r.in.object = NULL;
+	r.in.interface_id = NULL;
+	r.in.vers_option = RPC_C_VERS_ALL;
+
+	r.in.entry_handle = &entry_handle;
+	r.in.max_ents = 10;
+
+	r.out.entry_handle = &entry_handle;
+	r.out.num_ents = &num_ents;
+
+	do {
+		int i;
+
+		status = dcerpc_epm_Lookup_r(h, tctx, &r);
+		if (!NT_STATUS_IS_OK(status) ||
+		    r.out.result != EPMAPPER_STATUS_OK) {
+			break;
+		}
+
+		for (i = 0; i < *r.out.num_ents; i++) {
+			if (r.out.entries[i].tower->tower.num_floors == 5) {
+				test_Map_display(h, tctx, &r.out.entries[i]);
+			}
+		}
+	} while (NT_STATUS_IS_OK(status) &&
+		 r.out.result == EPMAPPER_STATUS_OK &&
+		 *r.out.num_ents == r.in.max_ents &&
+		 !ndr_policy_handle_empty(&entry_handle));
+
+	torture_assert_ntstatus_ok(tctx, status, "epm_Map_simple failed");
+
+	torture_assert(tctx,
+		       ndr_policy_handle_empty(&entry_handle),
+		       "epm_Map_simple failed - The policy handle should be empty.");
+
+	return true;
+}
+
+static bool test_LookupHandleFree(struct torture_context *tctx,
+				  struct dcerpc_binding_handle *h,
+				  struct policy_handle *entry_handle) {
+	NTSTATUS status;
+	struct epm_LookupHandleFree r;
+
+	if (ndr_policy_handle_empty(entry_handle)) {
+		torture_comment(tctx,
+				"epm_LookupHandleFree failed - empty policy_handle\n");
+		return false;
+	}
+
+	r.in.entry_handle = entry_handle;
+	r.out.entry_handle = entry_handle;
+
+	status = dcerpc_epm_LookupHandleFree_r(h, tctx, &r);
+	if (NT_STATUS_IS_ERR(status)) {
+		torture_comment(tctx,
+				"epm_LookupHandleFree failed - %s\n",
+				nt_errstr(status));
+		return false;
+	}
+
+	if (r.out.result != EPMAPPER_STATUS_OK) {
+		torture_comment(tctx,
+				"epm_LookupHandleFree failed - internal error: "
+				"0x%.4x\n",
+				r.out.result);
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_Lookup_simple(struct torture_context *tctx,
+			       struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct epm_Lookup r;
+	struct policy_handle entry_handle;
+	uint32_t num_ents = 0;
+	struct dcerpc_binding_handle *h = p->binding_handle;
+
+	ZERO_STRUCT(entry_handle);
+
+	torture_comment(tctx, "Testing epm_Lookup\n");
+
+	/* get all elements */
+	r.in.inquiry_type = RPC_C_EP_ALL_ELTS;
+	r.in.object = NULL;
+	r.in.interface_id = NULL;
+	r.in.vers_option = RPC_C_VERS_ALL;
+
+	r.in.entry_handle = &entry_handle;
+	r.in.max_ents = 10;
+
+	r.out.entry_handle = &entry_handle;
+	r.out.num_ents = &num_ents;
+
+	do {
+		int i;
+
+		status = dcerpc_epm_Lookup_r(h, tctx, &r);
+		if (!NT_STATUS_IS_OK(status) ||
+		    r.out.result != EPMAPPER_STATUS_OK) {
+			break;
+		}
+
+		torture_comment(tctx,
+				"epm_Lookup returned %d events, entry_handle: %s\n",
+				*r.out.num_ents,
+				GUID_string(tctx, &entry_handle.uuid));
+
+		for (i = 0; i < *r.out.num_ents; i++) {
+			torture_comment(tctx,
+					"\n  Found '%s' Object[%s]\n",
+					r.out.entries[i].annotation,
+					GUID_string(tctx, &r.out.entries[i].object));
+
+			display_tower(tctx, &r.out.entries[i].tower->tower);
+		}
+	} while (NT_STATUS_IS_OK(status) &&
+		 r.out.result == EPMAPPER_STATUS_OK &&
+		 *r.out.num_ents == r.in.max_ents &&
+		 !ndr_policy_handle_empty(&entry_handle));
+
+	torture_assert_ntstatus_ok(tctx, status, "epm_Lookup failed");
+	torture_assert(tctx, r.out.result == EPMAPPER_STATUS_NO_MORE_ENTRIES, "epm_Lookup failed");
+
+	torture_assert(tctx,
+		       ndr_policy_handle_empty(&entry_handle),
+		       "epm_Lookup failed - The policy handle should be empty.");
+
+	return true;
+}
+
+/*
+ * This test starts a epm_Lookup request, but doesn't finish the
+ * call terminates the search. So it will call epm_LookupHandleFree.
+ */
+static bool test_Lookup_terminate_search(struct torture_context *tctx,
+					 struct dcerpc_pipe *p)
+{
+	bool ok;
+	NTSTATUS status;
+	struct epm_Lookup r;
+	struct policy_handle entry_handle;
+	uint32_t i, num_ents = 0;
+	struct dcerpc_binding_handle *h = p->binding_handle;
+
+	ZERO_STRUCT(entry_handle);
+
+	torture_comment(tctx, "Testing epm_Lookup and epm_LookupHandleFree\n");
+
+	/* get all elements */
+	r.in.inquiry_type = RPC_C_EP_ALL_ELTS;
+	r.in.object = NULL;
+	r.in.interface_id = NULL;
+	r.in.vers_option = RPC_C_VERS_ALL;
+
+	r.in.entry_handle = &entry_handle;
+	r.in.max_ents = 2;
+
+	r.out.entry_handle = &entry_handle;
+	r.out.num_ents = &num_ents;
+
+	status = dcerpc_epm_Lookup_r(h, tctx, &r);
+
+	torture_assert_ntstatus_ok(tctx, status, "epm_Lookup failed");
+	torture_assert(tctx, r.out.result == EPMAPPER_STATUS_OK, "epm_Lookup failed");
+
+	torture_comment(tctx,
+			"epm_Lookup returned %d events, entry_handle: %s\n",
+			*r.out.num_ents,
+			GUID_string(tctx, &entry_handle.uuid));
+
+	for (i = 0; i < *r.out.num_ents; i++) {
+		torture_comment(tctx,
+				"\n  Found '%s'\n",
+				r.out.entries[i].annotation);
+	}
+
+	ok = test_LookupHandleFree(tctx,
+				   h,
+				   &entry_handle);
+	if (!ok) {
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_Insert_noreplace(struct torture_context *tctx,
+				  struct dcerpc_pipe *p)
+{
+	bool ok;
+	NTSTATUS status;
+	struct epm_Insert r;
+	struct dcerpc_binding *b;
+	struct dcerpc_binding_handle *h = p->binding_handle;
+
+	torture_comment(tctx, "Testing epm_Insert(noreplace) and epm_Delete\n");
+
+	if (torture_setting_bool(tctx, "samba4", false)) {
+		torture_skip(tctx, "Skip Insert test against Samba4");
+	}
+
+	r.in.num_ents = 1;
+	r.in.entries = talloc_array(tctx, struct epm_entry_t, 1);
+
+	ZERO_STRUCT(r.in.entries[0].object);
+	r.in.entries[0].annotation = "smbtorture endpoint";
+
+	status = dcerpc_parse_binding(tctx, "ncalrpc:[SMBTORTURE]", &b);
+	torture_assert_ntstatus_ok(tctx,
+				   status,
+				   "Unable to generate dcerpc_binding struct");
+
+	r.in.entries[0].tower = talloc(tctx, struct epm_twr_t);
+
+	status = dcerpc_binding_build_tower(tctx,
+					    b,
+					    &r.in.entries[0].tower->tower);
+	torture_assert_ntstatus_ok(tctx,
+				   status,
+				   "Unable to build tower from binding struct");
+	r.in.replace = 0;
+
+	status = dcerpc_epm_Insert_r(h, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "epm_Insert failed");
+
+	torture_assert(tctx, r.out.result == 0, "epm_Insert failed");
+
+	ok = test_Delete(tctx, h, "smbtorture", b);
+	if (!ok) {
+		return false;
+	}
+
+	return true;
+}
+
+#if 0
+/*
+ * The MS-RPCE documentation states that this function isn't implemented and
+ * SHOULD NOT be called by a client.
+ */
+static bool test_InqObject(struct torture_context *tctx, struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct epm_InqObject r;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.epm_object = talloc(tctx, struct GUID);
+	*r.in.epm_object = ndr_table_epmapper.syntax_id.uuid;
+
+	status = dcerpc_epm_InqObject_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "InqObject failed");
+
+	return true;
+}
+#endif
+
+struct torture_suite *torture_rpc_epmapper(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "epmapper");
+	struct torture_rpc_tcase *tcase;
+
+	tcase = torture_suite_add_rpc_iface_tcase(suite,
+						  "epmapper",
+						  &ndr_table_epmapper);
+
+	/* This is a stack */
+	torture_rpc_tcase_add_test(tcase,
+				   "Map_simple",
+				   test_Map_simple);
+	torture_rpc_tcase_add_test(tcase,
+				   "Map_full",
+				   test_Map_full);
+	torture_rpc_tcase_add_test(tcase,
+				   "Lookup_simple",
+				   test_Lookup_simple);
+	torture_rpc_tcase_add_test(tcase,
+				   "Lookup_terminate_search",
+				   test_Lookup_terminate_search);
+	torture_rpc_tcase_add_test(tcase,
+				   "Insert_noreplace",
+				   test_Insert_noreplace);
+
+	return suite;
+}
+
+/* vim: set ts=8 sw=8 noet cindent syntax=c.doxygen: */
diff --git a/source4/torture/rpc/eventlog.c b/source4/torture/rpc/eventlog.c
new file mode 100644
index 0000000..87dc6a2
--- /dev/null
+++ b/source4/torture/rpc/eventlog.c
@@ -0,0 +1,501 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for eventlog rpc operations
+
+   Copyright (C) Tim Potter 2003,2005
+   Copyright (C) Jelmer Vernooij 2004
+   Copyright (C) Guenther Deschner 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_eventlog.h"
+#include "librpc/gen_ndr/ndr_eventlog_c.h"
+#include "torture/rpc/torture_rpc.h"
+#include "param/param.h"
+
+#define TEST_BACKUP_NAME "samrtorturetest"
+
+static void init_lsa_String(struct lsa_String *name, const char *s)
+{
+	name->string = s;
+	name->length = 2*strlen_m(s);
+	name->size = name->length;
+}
+
+static bool get_policy_handle(struct torture_context *tctx,
+			      struct dcerpc_binding_handle *b,
+			      struct policy_handle *handle)
+{
+	struct eventlog_OpenEventLogW r;
+	struct eventlog_OpenUnknown0 unknown0;
+	struct lsa_String logname, servername;
+
+	unknown0.unknown0 = 0x005c;
+	unknown0.unknown1 = 0x0001;
+
+	r.in.unknown0 = &unknown0;
+	init_lsa_String(&logname, "dns server");
+	init_lsa_String(&servername, NULL);
+	r.in.logname = &logname;
+	r.in.servername = &servername;
+	r.in.major_version = 0x00000001;
+	r.in.minor_version = 0x00000001;
+	r.out.handle = handle;
+
+	torture_assert_ntstatus_ok(tctx,
+			dcerpc_eventlog_OpenEventLogW_r(b, tctx, &r),
+			"OpenEventLog failed");
+
+	torture_assert_ntstatus_ok(tctx, r.out.result, "OpenEventLog failed");
+
+	return true;
+}
+
+
+
+static bool test_GetNumRecords(struct torture_context *tctx, struct dcerpc_pipe *p)
+{
+	struct eventlog_GetNumRecords r;
+	struct eventlog_CloseEventLog cr;
+	struct policy_handle handle;
+	uint32_t number = 0;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (!get_policy_handle(tctx, b, &handle))
+		return false;
+
+	ZERO_STRUCT(r);
+	r.in.handle = &handle;
+	r.out.number = &number;
+
+	torture_assert_ntstatus_ok(tctx,
+			dcerpc_eventlog_GetNumRecords_r(b, tctx, &r),
+			"GetNumRecords failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+			"GetNumRecords failed");
+	torture_comment(tctx, "%d records\n", *r.out.number);
+
+	cr.in.handle = cr.out.handle = &handle;
+
+	torture_assert_ntstatus_ok(tctx,
+			dcerpc_eventlog_CloseEventLog_r(b, tctx, &cr),
+			"CloseEventLog failed");
+	torture_assert_ntstatus_ok(tctx, cr.out.result,
+			"CloseEventLog failed");
+	return true;
+}
+
+static bool test_ReadEventLog(struct torture_context *tctx,
+			      struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct eventlog_ReadEventLogW r;
+	struct eventlog_CloseEventLog cr;
+	struct policy_handle handle;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	uint32_t sent_size = 0;
+	uint32_t real_size = 0;
+
+	if (!get_policy_handle(tctx, b, &handle))
+		return false;
+
+	ZERO_STRUCT(r);
+	r.in.offset = 0;
+	r.in.handle = &handle;
+	r.in.flags = 0;
+	r.out.data = NULL;
+	r.out.sent_size = &sent_size;
+	r.out.real_size = &real_size;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_eventlog_ReadEventLogW_r(b, tctx, &r),
+		"ReadEventLog failed");
+
+	torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_INVALID_PARAMETER,
+			"ReadEventLog failed");
+
+	while (1) {
+		struct EVENTLOGRECORD rec;
+		enum ndr_err_code ndr_err;
+		uint32_t size = 0;
+		uint32_t pos = 0;
+
+		/* Read first for number of bytes in record */
+
+		r.in.number_of_bytes = 0;
+		r.in.flags = EVENTLOG_BACKWARDS_READ|EVENTLOG_SEQUENTIAL_READ;
+		r.out.data = NULL;
+		r.out.sent_size = &sent_size;
+		r.out.real_size = &real_size;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_eventlog_ReadEventLogW_r(b, tctx, &r),
+			"ReadEventLogW failed");
+
+		if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_END_OF_FILE)) {
+			/* FIXME: still need to decode then */
+			break;
+		}
+
+		torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_BUFFER_TOO_SMALL,
+			"ReadEventLog failed");
+
+		/* Now read the actual record */
+
+		r.in.number_of_bytes = *r.out.real_size;
+		r.out.data = talloc_array(tctx, uint8_t, r.in.number_of_bytes);
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_eventlog_ReadEventLogW_r(b, tctx, &r),
+			"ReadEventLogW failed");
+
+		torture_assert_ntstatus_ok(tctx, r.out.result, "ReadEventLog failed");
+
+		/* Decode a user-marshalled record */
+		size = IVAL(r.out.data, pos);
+
+		while (size > 0) {
+			DATA_BLOB blob = data_blob_const(
+				r.out.data + pos, size);
+			dump_data(0, blob.data, blob.length);
+
+			ndr_err = ndr_pull_struct_blob_all(&blob, tctx, &rec,
+				(ndr_pull_flags_fn_t)ndr_pull_EVENTLOGRECORD);
+			if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+				status = ndr_map_error2ntstatus(ndr_err);
+				torture_assert_ntstatus_ok(tctx, status,
+					"ReadEventLog failed parsing event log record");
+			}
+
+			NDR_PRINT_DEBUG(EVENTLOGRECORD, &rec);
+
+			pos += size;
+
+			if (pos + 4 > *r.out.sent_size) {
+				break;
+			}
+
+			size = IVAL(r.out.data, pos);
+		}
+
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+				"ReadEventLog failed parsing event log record");
+
+		r.in.offset++;
+	}
+
+	cr.in.handle = cr.out.handle = &handle;
+
+	torture_assert_ntstatus_ok(tctx,
+			dcerpc_eventlog_CloseEventLog_r(b, tctx, &cr),
+			"CloseEventLog failed");
+	torture_assert_ntstatus_ok(tctx, cr.out.result,
+			"CloseEventLog failed");
+
+	return true;
+}
+
+static bool test_ReportEventLog(struct torture_context *tctx,
+				struct dcerpc_pipe *p)
+{
+	struct eventlog_ReportEventW r;
+	struct eventlog_CloseEventLog cr;
+	struct policy_handle handle;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	uint32_t record_number = 0;
+	time_t time_written = 0;
+	struct lsa_String servername, *strings;
+
+	if (!get_policy_handle(tctx, b, &handle))
+		return false;
+
+	init_lsa_String(&servername, NULL);
+
+	strings = talloc_array(tctx, struct lsa_String, 1);
+	init_lsa_String(&strings[0], "Currently tortured by samba 4");
+
+	ZERO_STRUCT(r);
+
+	r.in.handle = &handle;
+	r.in.timestamp = time(NULL);
+	r.in.event_type = EVENTLOG_INFORMATION_TYPE;
+	r.in.event_category = 0;
+	r.in.event_id = 0;
+	r.in.num_of_strings = 1;
+	r.in.data_size = 0;
+	r.in.servername = &servername;
+	r.in.user_sid = NULL;
+	r.in.strings = &strings;
+	r.in.data = NULL;
+	r.in.flags = 0;
+	r.in.record_number = r.out.record_number = &record_number;
+	r.in.time_written = r.out.time_written = &time_written;
+
+	torture_assert_ntstatus_ok(tctx,
+			dcerpc_eventlog_ReportEventW_r(b, tctx, &r),
+			"ReportEventW failed");
+
+	torture_assert_ntstatus_ok(tctx, r.out.result, "ReportEventW failed");
+
+	cr.in.handle = cr.out.handle = &handle;
+
+	torture_assert_ntstatus_ok(tctx,
+			dcerpc_eventlog_CloseEventLog_r(b, tctx, &cr),
+			"CloseEventLog failed");
+	torture_assert_ntstatus_ok(tctx, cr.out.result,
+			"CloseEventLog failed");
+
+	return true;
+}
+
+static bool test_FlushEventLog(struct torture_context *tctx,
+			       struct dcerpc_pipe *p)
+{
+	struct eventlog_FlushEventLog r;
+	struct eventlog_CloseEventLog cr;
+	struct policy_handle handle;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (!get_policy_handle(tctx, b, &handle))
+		return false;
+
+	r.in.handle = &handle;
+
+	/* Huh?  Does this RPC always return access denied? */
+	torture_assert_ntstatus_ok(tctx,
+			dcerpc_eventlog_FlushEventLog_r(b, tctx, &r),
+			"FlushEventLog failed");
+
+	torture_assert_ntstatus_equal(tctx,
+			r.out.result,
+			NT_STATUS_ACCESS_DENIED,
+			"FlushEventLog failed");
+
+	cr.in.handle = cr.out.handle = &handle;
+
+	torture_assert_ntstatus_ok(tctx,
+			dcerpc_eventlog_CloseEventLog_r(b, tctx, &cr),
+			"CloseEventLog failed");
+	torture_assert_ntstatus_ok(tctx, cr.out.result,
+			"CloseEventLog failed");
+
+	return true;
+}
+
+static bool test_ClearEventLog(struct torture_context *tctx,
+			       struct dcerpc_pipe *p)
+{
+	struct eventlog_ClearEventLogW r;
+	struct eventlog_CloseEventLog cr;
+	struct policy_handle handle;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (!get_policy_handle(tctx, b, &handle))
+		return false;
+
+	r.in.handle = &handle;
+	r.in.backupfile = NULL;
+
+	torture_assert_ntstatus_ok(tctx,
+			dcerpc_eventlog_ClearEventLogW_r(b, tctx, &r),
+			"ClearEventLog failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+			"ClearEventLog failed");
+
+	cr.in.handle = cr.out.handle = &handle;
+
+	torture_assert_ntstatus_ok(tctx,
+			dcerpc_eventlog_CloseEventLog_r(b, tctx, &cr),
+			"CloseEventLog failed");
+	torture_assert_ntstatus_ok(tctx, cr.out.result,
+			"CloseEventLog failed");
+
+	return true;
+}
+
+static bool test_GetLogInformation(struct torture_context *tctx,
+				   struct dcerpc_pipe *p)
+{
+	struct eventlog_GetLogInformation r;
+	struct eventlog_CloseEventLog cr;
+	struct policy_handle handle;
+	uint32_t bytes_needed = 0;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (!get_policy_handle(tctx, b, &handle))
+		return false;
+
+	r.in.handle = &handle;
+	r.in.level = 1;
+	r.in.buf_size = 0;
+	r.out.buffer = NULL;
+	r.out.bytes_needed = &bytes_needed;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_eventlog_GetLogInformation_r(b, tctx, &r),
+				   "GetLogInformation failed");
+
+	torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_INVALID_LEVEL,
+				      "GetLogInformation failed");
+
+	r.in.level = 0;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_eventlog_GetLogInformation_r(b, tctx, &r),
+				   "GetLogInformation failed");
+
+	torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_BUFFER_TOO_SMALL,
+				      "GetLogInformation failed");
+
+	r.in.buf_size = bytes_needed;
+	r.out.buffer = talloc_array(tctx, uint8_t, bytes_needed);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_eventlog_GetLogInformation_r(b, tctx, &r),
+				   "GetLogInformation failed");
+
+	torture_assert_ntstatus_ok(tctx, r.out.result, "GetLogInformation failed");
+
+	cr.in.handle = cr.out.handle = &handle;
+
+	torture_assert_ntstatus_ok(tctx,
+			dcerpc_eventlog_CloseEventLog_r(b, tctx, &cr),
+			"CloseEventLog failed");
+	torture_assert_ntstatus_ok(tctx, cr.out.result,
+			"CloseEventLog failed");
+
+	return true;
+}
+
+
+static bool test_OpenEventLog(struct torture_context *tctx,
+			      struct dcerpc_pipe *p)
+{
+	struct policy_handle handle;
+	struct eventlog_CloseEventLog cr;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (!get_policy_handle(tctx, b, &handle))
+		return false;
+
+	cr.in.handle = cr.out.handle = &handle;
+
+	torture_assert_ntstatus_ok(tctx,
+			dcerpc_eventlog_CloseEventLog_r(b, tctx, &cr),
+			"CloseEventLog failed");
+	torture_assert_ntstatus_ok(tctx, cr.out.result,
+			"CloseEventLog failed");
+
+	return true;
+}
+
+static bool test_BackupLog(struct torture_context *tctx,
+			   struct dcerpc_pipe *p)
+{
+	struct policy_handle handle, backup_handle;
+	struct eventlog_BackupEventLogW r;
+	struct eventlog_OpenBackupEventLogW br;
+	struct eventlog_CloseEventLog cr;
+	const char *tmp;
+	struct lsa_String backup_filename;
+	struct eventlog_OpenUnknown0 unknown0;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (torture_setting_bool(tctx, "samba3", false)) {
+		torture_skip(tctx, "skipping BackupLog test against samba");
+	}
+
+	if (!get_policy_handle(tctx, b, &handle))
+		return false;
+
+	tmp = talloc_asprintf(tctx, "C:\\%s", TEST_BACKUP_NAME);
+	init_lsa_String(&backup_filename, tmp);
+
+	r.in.handle = &handle;
+	r.in.backup_filename = &backup_filename;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_eventlog_BackupEventLogW_r(b, tctx, &r),
+		"BackupEventLogW failed");
+	torture_assert_ntstatus_equal(tctx, r.out.result,
+		NT_STATUS_OBJECT_PATH_SYNTAX_BAD, "BackupEventLogW failed");
+
+	tmp = talloc_asprintf(tctx, "\\??\\C:\\%s", TEST_BACKUP_NAME);
+	init_lsa_String(&backup_filename, tmp);
+
+	r.in.handle = &handle;
+	r.in.backup_filename = &backup_filename;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_eventlog_BackupEventLogW_r(b, tctx, &r),
+		"BackupEventLogW failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "BackupEventLogW failed");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_eventlog_BackupEventLogW_r(b, tctx, &r),
+		"BackupEventLogW failed");
+	torture_assert_ntstatus_equal(tctx, r.out.result,
+		NT_STATUS_OBJECT_NAME_COLLISION, "BackupEventLogW failed");
+
+	cr.in.handle = cr.out.handle = &handle;
+
+	torture_assert_ntstatus_ok(tctx,
+			dcerpc_eventlog_CloseEventLog_r(b, tctx, &cr),
+			"BackupLog failed");
+	torture_assert_ntstatus_ok(tctx, cr.out.result,
+			"BackupLog failed");
+
+	unknown0.unknown0 = 0x005c;
+	unknown0.unknown1 = 0x0001;
+
+	br.in.unknown0 = &unknown0;
+	br.in.backup_logname = &backup_filename;
+	br.in.major_version = 1;
+	br.in.minor_version = 1;
+	br.out.handle = &backup_handle;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_eventlog_OpenBackupEventLogW_r(b, tctx, &br),
+		"OpenBackupEventLogW failed");
+
+	torture_assert_ntstatus_ok(tctx, br.out.result, "OpenBackupEventLogW failed");
+
+	cr.in.handle = cr.out.handle = &backup_handle;
+
+	torture_assert_ntstatus_ok(tctx,
+			dcerpc_eventlog_CloseEventLog_r(b, tctx, &cr),
+			"CloseEventLog failed");
+	torture_assert_ntstatus_ok(tctx, cr.out.result,
+			"CloseEventLog failed");
+
+	return true;
+}
+
+struct torture_suite *torture_rpc_eventlog(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite;
+	struct torture_rpc_tcase *tcase;
+	struct torture_test *test;
+
+	suite = torture_suite_create(mem_ctx, "eventlog");
+	tcase = torture_suite_add_rpc_iface_tcase(suite, "eventlog",
+						  &ndr_table_eventlog);
+
+	torture_rpc_tcase_add_test(tcase, "OpenEventLog", test_OpenEventLog);
+	test = torture_rpc_tcase_add_test(tcase, "ClearEventLog",
+					  test_ClearEventLog);
+	test->dangerous = true;
+	torture_rpc_tcase_add_test(tcase, "GetNumRecords", test_GetNumRecords);
+	torture_rpc_tcase_add_test(tcase, "ReadEventLog", test_ReadEventLog);
+	torture_rpc_tcase_add_test(tcase, "ReportEventLog", test_ReportEventLog);
+	torture_rpc_tcase_add_test(tcase, "FlushEventLog", test_FlushEventLog);
+	torture_rpc_tcase_add_test(tcase, "GetLogIntormation", test_GetLogInformation);
+	torture_rpc_tcase_add_test(tcase, "BackupLog", test_BackupLog);
+
+	return suite;
+}
diff --git a/source4/torture/rpc/forest_trust.c b/source4/torture/rpc/forest_trust.c
new file mode 100644
index 0000000..e7b641e
--- /dev/null
+++ b/source4/torture/rpc/forest_trust.c
@@ -0,0 +1,914 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for forest trust
+
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
+   Copyright (C) Sumit Bose <sbose@redhat.com> 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/torture.h"
+#include "librpc/gen_ndr/ndr_lsa_c.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "librpc/gen_ndr/ndr_netlogon_c.h"
+#include "libcli/security/security.h"
+#include "libcli/auth/credentials.h"
+#include "libcli/auth/libcli_auth.h"
+#include "torture/rpc/torture_rpc.h"
+#include "param/param.h"
+
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+
+#undef strcasecmp
+
+#define TEST_DOM "torturedom"
+#define TEST_DOM_DNS "torturedom.samba.example.com"
+#define TEST_DOM_SID "S-1-5-21-97398-379795-10000"
+#define TEST_MACHINE_NAME "lsatestmach"
+
+
+static bool test_get_policy_handle(struct torture_context *tctx,
+				   struct dcerpc_pipe *p,
+				   uint32_t access_mask,
+				   struct policy_handle **handle  )
+{
+	struct policy_handle *h;
+	struct lsa_OpenPolicy2 pr;
+	struct lsa_ObjectAttribute attr;
+	NTSTATUS status;
+
+	h = talloc(tctx, struct policy_handle);
+	torture_assert(tctx, h != NULL, "talloc(tctx, struct policy_handle)");
+
+	attr.len = 0;
+	attr.root_dir = NULL;
+	attr.object_name = NULL;
+	attr.attributes = 0;
+	attr.sec_desc = NULL;
+	attr.sec_qos = NULL;
+
+	pr.in.system_name = "\\";
+	pr.in.attr = &attr;
+	pr.in.access_mask = access_mask;
+	pr.out.handle = h;
+
+	status = dcerpc_lsa_OpenPolicy2_r(p->binding_handle, tctx, &pr);
+	torture_assert_ntstatus_ok(tctx, status, "OpenPolicy2 failed");
+	torture_assert_ntstatus_ok(tctx, pr.out.result, "OpenPolicy2 failed");
+
+	*handle = h;
+	return true;
+}
+
+static bool test_create_trust_and_set_info(struct dcerpc_pipe *p,
+					   struct torture_context *tctx,
+					   const char *trust_name,
+					   const char *trust_name_dns,
+					   struct dom_sid *domsid,
+					   struct lsa_TrustDomainInfoAuthInfoInternal *authinfo)
+{
+	struct policy_handle *handle;
+	struct lsa_lsaRSetForestTrustInformation fti;
+	struct lsa_ForestTrustCollisionInfo *collision_info = NULL;
+	struct lsa_Close cr;
+	struct policy_handle closed_handle;
+	struct lsa_CreateTrustedDomainEx2 r;
+	struct lsa_TrustDomainInfoInfoEx trustinfo;
+	struct policy_handle trustdom_handle;
+	struct lsa_QueryTrustedDomainInfo q;
+	union lsa_TrustedDomainInfo *info = NULL;
+
+	if (!test_get_policy_handle(tctx, p,
+				   (LSA_POLICY_VIEW_LOCAL_INFORMATION |
+				    LSA_POLICY_TRUST_ADMIN |
+				    LSA_POLICY_CREATE_SECRET), &handle)) {
+		return false;
+	}
+
+	torture_comment(tctx, "\nTesting CreateTrustedDomainEx2\n");
+
+	trustinfo.sid = domsid;
+	trustinfo.netbios_name.string = trust_name;
+	trustinfo.domain_name.string = trust_name_dns;
+
+	trustinfo.trust_direction = LSA_TRUST_DIRECTION_INBOUND |
+				    LSA_TRUST_DIRECTION_OUTBOUND;
+
+	trustinfo.trust_type = LSA_TRUST_TYPE_UPLEVEL;
+
+	/*
+	 * MS-LSAD: Section 3.1.4.7.10 makes it clear that Win2k3
+	 * functional level and above return
+	 * NT_STATUS_INVALID_DOMAIN_STATE if
+	 * TRUST_ATTRIBUTE_FOREST_TRANSITIVE or
+	 * TRUST_ATTRIBUTE_CROSS_ORGANIZATION is set here.
+	 *
+	 * But we really want to test forest trusts here.
+	 */
+	trustinfo.trust_attributes = LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE;
+
+	r.in.policy_handle = handle;
+	r.in.info = &trustinfo;
+	r.in.auth_info_internal = authinfo;
+	/* LSA_TRUSTED_QUERY_DOMAIN_NAME is needed for for following
+	 * QueryTrustedDomainInfo call, although it seems that Windows does not
+	 * expect this */
+	r.in.access_mask = LSA_TRUSTED_SET_POSIX | LSA_TRUSTED_SET_AUTH | LSA_TRUSTED_QUERY_DOMAIN_NAME;
+	r.out.trustdom_handle = &trustdom_handle;
+
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_lsa_CreateTrustedDomainEx2_r(p->binding_handle, tctx, &r),
+				   "CreateTrustedDomainEx2 failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "CreateTrustedDomainEx2 failed");
+
+	q.in.trustdom_handle = &trustdom_handle;
+	q.in.level = LSA_TRUSTED_DOMAIN_INFO_INFO_EX;
+	q.out.info = &info;
+
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_lsa_QueryTrustedDomainInfo_r(p->binding_handle, tctx, &q),
+				   "QueryTrustedDomainInfo failed");
+	torture_assert_ntstatus_ok(tctx, q.out.result, "QueryTrustedDomainInfo level 1");
+	torture_assert(tctx, q.out.info != NULL, "QueryTrustedDomainInfo level 1 failed to return an info pointer");
+	torture_assert_str_equal(tctx, info->info_ex.netbios_name.string,
+				 trustinfo.netbios_name.string,
+				 "QueryTrustedDomainInfo returned inconsistent short name");
+	torture_assert_int_equal(tctx, info->info_ex.trust_type, trustinfo.trust_type,
+				 "QueryTrustedDomainInfo returned incorrect trust type");
+	torture_assert_int_equal(tctx, info->info_ex.trust_attributes, trustinfo.trust_attributes,
+				 "QueryTrustedDomainInfo of returned incorrect trust attributes");
+	torture_assert_int_equal(tctx, info->info_ex.trust_direction, trustinfo.trust_direction,
+				 "QueryTrustedDomainInfo of returned incorrect trust direction");
+
+	fti.in.handle = handle;
+	fti.in.trusted_domain_name = talloc_zero(tctx, struct lsa_StringLarge);
+	fti.in.trusted_domain_name->string = trust_name_dns;
+	fti.in.highest_record_type = 2;
+	fti.in.forest_trust_info = talloc_zero(tctx, struct lsa_ForestTrustInformation);
+	fti.in.forest_trust_info->count = 2;
+	fti.in.forest_trust_info->entries = talloc_array(tctx, struct lsa_ForestTrustRecord *, 2);
+	fti.in.forest_trust_info->entries[0] = talloc_zero(tctx, struct lsa_ForestTrustRecord);
+	fti.in.forest_trust_info->entries[0]->flags = 0;
+	fti.in.forest_trust_info->entries[0]->type = LSA_FOREST_TRUST_TOP_LEVEL_NAME;
+	fti.in.forest_trust_info->entries[0]->time = 0;
+	fti.in.forest_trust_info->entries[0]->forest_trust_data.top_level_name.string = trust_name_dns;
+	fti.in.forest_trust_info->entries[1] = talloc_zero(tctx, struct lsa_ForestTrustRecord);
+	fti.in.forest_trust_info->entries[1]->flags = 0;
+	fti.in.forest_trust_info->entries[1]->type = LSA_FOREST_TRUST_DOMAIN_INFO;
+	fti.in.forest_trust_info->entries[1]->time = 0;
+	fti.in.forest_trust_info->entries[1]->forest_trust_data.domain_info.domain_sid = domsid;
+	fti.in.forest_trust_info->entries[1]->forest_trust_data.domain_info.dns_domain_name.string = trust_name_dns;
+	fti.in.forest_trust_info->entries[1]->forest_trust_data.domain_info.netbios_domain_name.string = trust_name;
+	fti.in.check_only = 0;
+	fti.out.collision_info = &collision_info;
+
+	torture_comment(tctx, "\nTesting SetForestTrustInformation\n");
+
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_lsa_lsaRSetForestTrustInformation_r(p->binding_handle, tctx, &fti),
+				   "lsaRSetForestTrustInformation failed");
+	torture_assert_ntstatus_ok(tctx, fti.out.result, "lsaRSetForestTrustInformation failed");
+
+	cr.in.handle = handle;
+	cr.out.handle = &closed_handle;
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_lsa_Close_r(p->binding_handle, tctx, &cr),
+				   "Close failed");
+	torture_assert_ntstatus_ok(tctx, cr.out.result, "Close failed");
+
+	return true;
+}
+
+struct get_set_info {
+	enum lsa_TrustDomInfoEnum info_level;
+	NTSTATUS get_result;
+	NTSTATUS set_result;
+};
+
+static bool get_and_set_info(struct dcerpc_pipe *p,
+			     struct torture_context *tctx,
+			     const char *name)
+{
+	struct policy_handle *handle;
+	NTSTATUS status;
+	struct lsa_QueryTrustedDomainInfoByName qr;
+	struct lsa_SetTrustedDomainInfoByName sr;
+	union lsa_TrustedDomainInfo *info;
+	struct lsa_Close cr;
+	struct policy_handle closed_handle;
+	size_t c;
+
+	struct get_set_info il[] = {
+		{LSA_TRUSTED_DOMAIN_INFO_NAME, NT_STATUS_OK, NT_STATUS_INVALID_PARAMETER},
+		/* {LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS, NT_STATUS_INVALID_PARAMETER, NT_STATUS_INVALID_INFO_CLASS}, */
+		{LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET, NT_STATUS_OK, NT_STATUS_OK},
+		/* {LSA_TRUSTED_DOMAIN_INFO_PASSWORD, NT_STATUS_INVALID_PARAMETER, NT_STATUS_INVALID_INFO_CLASS}, */
+		/* {LSA_TRUSTED_DOMAIN_INFO_BASIC, NT_STATUS_INVALID_PARAMETER, NT_STATUS_INVALID_INFO_CLASS}, */
+		{LSA_TRUSTED_DOMAIN_INFO_INFO_EX, NT_STATUS_OK, NT_STATUS_OK},
+		/* {LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO, NT_STATUS_INVALID_PARAMETER, NT_STATUS_INVALID_INFO_CLASS}, */
+		{LSA_TRUSTED_DOMAIN_INFO_FULL_INFO, NT_STATUS_OK, NT_STATUS_OK},
+		/* {LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO_INTERNAL, NT_STATUS_INVALID_PARAMETER, NT_STATUS_INVALID_INFO_CLASS}, */
+		/* {LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL, NT_STATUS_INVALID_PARAMETER, NT_STATUS_INVALID_INFO_CLASS}, */
+		/* {LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL, NT_STATUS_INVALID_PARAMETER, NT_STATUS_INVALID_INFO_CLASS}, */
+		{LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL, NT_STATUS_OK, NT_STATUS_INVALID_PARAMETER},
+		{LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES, NT_STATUS_OK, NT_STATUS_OK},
+		{ .info_level = -1, },
+	};
+
+	torture_comment(tctx, "\nGetting/Setting dom info\n");
+
+	if(!test_get_policy_handle(tctx, p, LSA_POLICY_VIEW_LOCAL_INFORMATION,
+				   &handle)) {
+		return false;
+	}
+
+	qr.in.handle = handle;
+	qr.in.trusted_domain = talloc_zero(tctx, struct lsa_String);
+	qr.in.trusted_domain->string = name;
+	qr.out.info = &info;
+
+	sr.in.handle = handle;
+	sr.in.trusted_domain = talloc_zero(tctx, struct lsa_String);
+	sr.in.trusted_domain->string = name;
+	sr.in.info = info;
+
+	for (c = 0; il[c].info_level != -1; c++) {
+		torture_comment(tctx, "\nGetting/Setting dom info [%d]\n",il[c].info_level);
+
+		qr.in.level = il[c].info_level;
+		status = dcerpc_lsa_QueryTrustedDomainInfoByName_r(p->binding_handle,
+								   tctx, &qr);
+		torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OK,
+					      "QueryTrustedDomainInfoByName failed");
+		if (!NT_STATUS_EQUAL(qr.out.result, il[c].get_result)) {
+			torture_comment(tctx, "QueryTrustedDomainInfoByName did not return "
+					      "%s but %s\n",
+					      nt_errstr(il[c].get_result),
+					      nt_errstr(qr.out.result));
+			
+			/* We may be testing a server without support for this level */
+			if (qr.in.level == LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES && NT_STATUS_EQUAL(qr.out.result, NT_STATUS_INVALID_PARAMETER)) {
+				return true;
+			}
+			return false;
+		}
+
+		sr.in.level = il[c].info_level;
+		sr.in.info = info;
+		status = dcerpc_lsa_SetTrustedDomainInfoByName_r(p->binding_handle,
+								 tctx, &sr);
+		torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OK,
+					      "SetTrustedDomainInfoByName failed");
+		if (!NT_STATUS_EQUAL(sr.out.result, il[c].set_result)) {
+			torture_comment(tctx, "SetTrustedDomainInfoByName did not return "
+					      "%s but %s\n",
+					      nt_errstr(il[c].set_result),
+					      nt_errstr(sr.out.result));
+			return false;
+		}
+	}
+
+	cr.in.handle = handle;
+	cr.out.handle = &closed_handle;
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_lsa_Close_r(p->binding_handle, tctx, &cr),
+				   "Close failed");
+	torture_assert_ntstatus_ok(tctx, cr.out.result, "Close failed");
+
+	return true;
+}
+
+static bool check_name(struct dcerpc_pipe *p, struct torture_context *tctx,
+		       const char *name)
+{
+	struct policy_handle *handle;
+	NTSTATUS status;
+	struct lsa_QueryTrustedDomainInfoByName qr;
+	union lsa_TrustedDomainInfo *info;
+	struct lsa_Close cr;
+	struct policy_handle closed_handle;
+
+	torture_comment(tctx, "\nGetting LSA_TRUSTED_DOMAIN_INFO_FULL_INFO\n");
+
+	if(!test_get_policy_handle(tctx, p, LSA_POLICY_VIEW_LOCAL_INFORMATION,
+				   &handle)) {
+		return false;
+	}
+
+	qr.in.handle = handle;
+	qr.in.trusted_domain = talloc_zero(tctx, struct lsa_String);
+	qr.in.trusted_domain->string = name;
+	qr.in.level = LSA_TRUSTED_DOMAIN_INFO_FULL_INFO;
+	qr.out.info = &info;
+	status = dcerpc_lsa_QueryTrustedDomainInfoByName_r(p->binding_handle,
+							   tctx, &qr);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "QueryInfoPolicy2 failed");
+	torture_assert_ntstatus_equal(tctx, qr.out.result, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+				      "QueryInfoPolicy2 did not return "
+				      "NT_STATUS_OBJECT_NAME_NOT_FOUND");
+
+	cr.in.handle = handle;
+	cr.out.handle = &closed_handle;
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_lsa_Close_r(p->binding_handle, tctx, &cr),
+				   "Close failed");
+	torture_assert_ntstatus_ok(tctx, cr.out.result, "Close failed");
+
+	return true;
+}
+
+static bool get_lsa_policy_info_dns(struct dcerpc_pipe *p,
+				    struct torture_context *tctx,
+				    union lsa_PolicyInformation **info)
+{
+	struct policy_handle *handle;
+	NTSTATUS status;
+	struct lsa_QueryInfoPolicy2 qr;
+	struct lsa_Close cr;
+	struct policy_handle closed_handle;
+
+	torture_comment(tctx, "\nGetting LSA_POLICY_INFO_DNS\n");
+
+	if (!test_get_policy_handle(tctx, p, LSA_POLICY_VIEW_LOCAL_INFORMATION,
+				    &handle)) {
+		return false;
+	}
+
+	qr.in.handle = handle;
+	qr.in.level = LSA_POLICY_INFO_DNS;
+	qr.out.info = info;
+	status = dcerpc_lsa_QueryInfoPolicy2_r(p->binding_handle, tctx, &qr);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OK,
+				      "QueryInfoPolicy2 failed");
+	if (!NT_STATUS_IS_OK(qr.out.result)) {
+		torture_comment(tctx, "QueryInfoPolicy2 failed - %s\n",
+				nt_errstr(qr.out.result));
+		return false;
+	}
+
+	cr.in.handle = handle;
+	cr.out.handle = &closed_handle;
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_lsa_Close_r(p->binding_handle, tctx, &cr),
+				   "Close failed");
+	torture_assert_ntstatus_ok(tctx, cr.out.result, "Close failed");
+
+	return true;
+}
+
+static bool delete_trusted_domain_by_sid(struct dcerpc_pipe *p,
+					 struct torture_context *tctx,
+					 struct dom_sid *domsid)
+{
+	struct policy_handle *handle;
+	struct lsa_Close cr;
+	struct policy_handle closed_handle;
+	struct lsa_DeleteTrustedDomain dr;
+
+	torture_comment(tctx, "\nDeleting trusted domain.\n");
+
+	/* Against a windows server it was sufficient to have
+	 * LSA_POLICY_VIEW_LOCAL_INFORMATION although the documentations says
+	 * otherwise. */
+	if (!test_get_policy_handle(tctx, p, LSA_POLICY_TRUST_ADMIN,
+				    &handle)) {
+		return false;
+	}
+
+	dr.in.handle = handle;
+	dr.in.dom_sid = domsid;
+
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_lsa_DeleteTrustedDomain_r(p->binding_handle, tctx, &dr),
+				   "DeleteTrustedDomain failed");
+	torture_assert_ntstatus_ok(tctx, dr.out.result, "DeleteTrustedDomain failed");
+
+	cr.in.handle = handle;
+	cr.out.handle = &closed_handle;
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_lsa_Close_r(p->binding_handle, tctx, &cr),
+				   "Close failed");
+	torture_assert_ntstatus_ok(tctx, cr.out.result, "Close failed");
+
+	return true;
+}
+
+/*
+static const uint8_t my_blob[] = {
+0xa3,0x0b,0x32,0x45,0x8b,0x84,0x3b,0x01,0x68,0xe8,0x2b,0xbb,0x00,0x13,0x69,0x1f,
+0x10,0x35,0x72,0xa9,0x4f,0x77,0xb7,0xeb,0x59,0x08,0x07,0xc3,0xe8,0x17,0x00,0xc5,
+0xf2,0xa9,0x6d,0xb7,0x69,0x45,0x63,0x20,0xcb,0x44,0x44,0x22,0x02,0xe3,0x28,0x84,
+0x9b,0xd5,0x43,0x6f,0x8d,0x36,0x9b,0x9b,0x3b,0x31,0x86,0x84,0x8b,0xf2,0x36,0xd4,
+0xe8,0xc4,0xee,0x90,0x0c,0xcb,0x3e,0x11,0x2f,0x86,0xfe,0x87,0x6d,0xce,0xae,0x0c,
+0x83,0xfb,0x21,0x22,0x6d,0x7f,0x5e,0x08,0x71,0x1a,0x35,0xf4,0x5a,0x76,0x9b,0xf7,
+0x54,0x62,0xa5,0x4c,0xcd,0xf6,0xa5,0xb0,0x0b,0xc7,0x79,0xe1,0x6f,0x85,0x16,0x6f,
+0x82,0xdd,0x15,0x11,0x4c,0x9d,0x26,0x01,0x74,0x7e,0xbb,0xec,0x88,0x1d,0x71,0x9e,
+0x5f,0xb2,0x9c,0xab,0x66,0x20,0x08,0x3d,0xae,0x07,0x2d,0xbb,0xa6,0xfb,0xec,0xcc,
+0x51,0x58,0x48,0x47,0x38,0x3b,0x47,0x66,0xe8,0x17,0xfa,0x54,0x5c,0x95,0x73,0x29,
+0xdf,0x7e,0x4a,0xb4,0x45,0x30,0xf7,0xbf,0xc0,0x56,0x6d,0x80,0xf6,0x11,0x56,0x93,
+0xeb,0x97,0xd5,0x10,0xd6,0xd6,0xf7,0x23,0xc3,0xc0,0x93,0xa7,0x5c,0xa9,0xc0,0x81,
+0x55,0x3d,0xec,0x03,0x31,0x7e,0x9d,0xf9,0xd0,0x9e,0xb5,0xc7,0xef,0xa8,0x54,0xf6,
+0x9c,0xdc,0x0d,0xd4,0xd7,0xee,0x8d,0x5f,0xbd,0x89,0x48,0x3b,0x63,0xff,0xe8,0xca,
+0x10,0x64,0x61,0xdf,0xfd,0x50,0xff,0x51,0xa0,0x2c,0xd7,0x8a,0xf1,0x13,0x02,0x02,
+0x71,0xe9,0xff,0x0d,0x03,0x48,0xf8,0x08,0x8d,0xd5,0xe6,0x31,0x9f,0xf0,0x26,0x07,
+0x91,0x6d,0xd3,0x01,0x91,0x92,0xc7,0x28,0x18,0x58,0xd8,0xf6,0x1b,0x97,0x8d,0xd0,
+0xd2,0xa1,0x7c,0xae,0xc1,0xca,0xfe,0x20,0x91,0x1c,0x4d,0x15,0x89,0x29,0x37,0xd5,
+0xf5,0xca,0x40,0x2b,0x03,0x8f,0x7b,0xc2,0x10,0xb4,0xd3,0xe8,0x14,0xb0,0x9b,0x5d,
+0x85,0x30,0xe5,0x13,0x24,0xf7,0x78,0xec,0xbe,0x0b,0x9a,0x3f,0xb5,0x76,0xd9,0x0d,
+0x49,0x64,0xa4,0xa7,0x33,0x88,0xdd,0xe9,0xe2,0x5f,0x04,0x51,0xdd,0x89,0xe2,0x68,
+0x5b,0x5f,0x64,0x35,0xe3,0x23,0x4a,0x0e,0x09,0x15,0xcc,0x97,0x47,0xf4,0xc2,0x4f,
+0x06,0xc3,0x96,0xa9,0x2f,0xb3,0xde,0x29,0x10,0xc7,0xf5,0x16,0xc5,0x3c,0x84,0xd2,
+0x9b,0x6b,0xaa,0x54,0x59,0x8d,0x94,0xde,0xd1,0x75,0xb6,0x08,0x0d,0x7d,0xf1,0x18,
+0xc8,0xf5,0xdf,0xaa,0xcd,0xec,0xab,0xb6,0xd1,0xcb,0xdb,0xe7,0x75,0x5d,0xbe,0x76,
+0xea,0x1d,0x01,0xc8,0x0b,0x2d,0x32,0xe9,0xa8,0x65,0xbb,0x4a,0xcb,0x72,0xbc,0xda,
+0x04,0x7f,0x82,0xfb,0x04,0xeb,0xd8,0xe1,0xb9,0xb1,0x1e,0xdc,0xb3,0x60,0xf3,0x55,
+0x1e,0xcf,0x90,0x6a,0x15,0x74,0x4d,0xff,0xb4,0xc7,0xc9,0xc2,0x4f,0x67,0x9e,0xeb,
+0x00,0x61,0x02,0xe3,0x9e,0x59,0x88,0x20,0xf1,0x0c,0xbe,0xe0,0x26,0x69,0x63,0x67,
+0x72,0x3c,0x06,0x00,0x9e,0x4f,0xc7,0xa6,0x4d,0x6c,0xbe,0x68,0x8e,0xf4,0x32,0x36,
+0x2e,0x5f,0xa6,0xcf,0xa7,0x19,0x40,0x2b,0xbd,0xa2,0x22,0x73,0xc4,0xb6,0xe3,0x86,
+0x64,0xeb,0xb1,0xc7,0x45,0x7d,0xd6,0xd9,0x36,0xf1,0x04,0xd4,0x61,0xdc,0x41,0xb7,
+0x01,0x00,0x00,0x00,0x0c,0x00,0x00,0x00,     0x30,0x00,0x00,0x00,     0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+0x02,0x00,0x00,0x00,0x14,0x00,0x00,0x00,0x31,0x00,0x32,0x00,0x33,0x00,0x34,0x00,
+0x35,0x00,0x36,0x00,0x37,0x00,0x38,0x00,0x39,0x00,0x30,0x00,0x01,0x00,0x00,0x00,
+0x0c,0x00,0x00,0x00,     0x30,0x00,0x00,0x00,     0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02,0x00,0x00,0x00,
+0x14,0x00,0x00,0x00,0x31,0x00,0x32,0x00,0x33,0x00,0x34,0x00,0x35,0x00,0x36,0x00,
+0x37,0x00,0x38,0x00,0x39,0x00,0x30,0x00,0x30,0x00,0x00,0x00,0x30,0x00,0x00,0x00
+};
+*/
+static bool get_trust_domain_passwords_auth_blob(TALLOC_CTX *mem_ctx,
+						 const char *password,
+						 DATA_BLOB *auth_blob)
+{
+	struct trustDomainPasswords auth_struct;
+	struct AuthenticationInformation *auth_info_array;
+	enum ndr_err_code ndr_err;
+	size_t converted_size;
+
+	generate_random_buffer(auth_struct.confounder,
+			       sizeof(auth_struct.confounder));
+
+	auth_info_array = talloc_array(mem_ctx,
+				       struct AuthenticationInformation, 1);
+	if (auth_info_array == NULL) {
+		return false;
+	}
+
+	auth_info_array[0].AuthType = TRUST_AUTH_TYPE_CLEAR;
+	if (!convert_string_talloc(mem_ctx, CH_UNIX, CH_UTF16, password,
+				  strlen(password),
+				  &auth_info_array[0].AuthInfo.clear.password,
+				  &converted_size)) {
+		return false;
+	}
+
+	auth_info_array[0].AuthInfo.clear.size = converted_size;
+
+	auth_struct.outgoing.count = 1;
+	auth_struct.outgoing.current.count = 1;
+	auth_struct.outgoing.current.array = auth_info_array;
+	auth_struct.outgoing.previous.count = 0;
+	auth_struct.outgoing.previous.array = NULL;
+
+	auth_struct.incoming.count = 1;
+	auth_struct.incoming.current.count = 1;
+	auth_struct.incoming.current.array = auth_info_array;
+	auth_struct.incoming.previous.count = 0;
+	auth_struct.incoming.previous.array = NULL;
+
+	ndr_err = ndr_push_struct_blob(auth_blob, mem_ctx, &auth_struct,
+				       (ndr_push_flags_fn_t)ndr_push_trustDomainPasswords);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_validate_trust(struct torture_context *tctx,
+				const char *binding,
+				const char *trusting_dom_name,
+				const char *trusting_dom_dns_name,
+				const char *trusted_dom_name,
+				const char *trusted_dom_dns_name,
+				const char *trust_password)
+{
+	struct netr_ServerGetTrustInfo r;
+
+	struct netr_Authenticator a;
+	struct netr_Authenticator return_authenticator;
+	struct samr_Password new_owf_password;
+	struct samr_Password old_owf_password;
+	struct netr_TrustInfo *trust_info;
+
+	struct netlogon_creds_CredentialState *creds;
+
+	NTSTATUS status;
+	struct cli_credentials *credentials;
+	struct dcerpc_binding *b;
+	struct dcerpc_pipe *p1 = NULL;
+	struct dcerpc_pipe *p = NULL;
+
+	struct netr_GetForestTrustInformation fr;
+	struct lsa_ForestTrustInformation *forest_trust_info;
+	struct lsa_ForestTrustRecord *tln = NULL;
+	struct lsa_ForestTrustRecord *di = NULL;
+	int i;
+	struct samr_Password *new_nt_hash;
+	struct samr_Password *old_nt_hash;
+	char *dummy;
+	uint32_t trust_attributes = LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE;
+
+	status = dcerpc_parse_binding(tctx, binding, &b);
+	torture_assert_ntstatus_ok(tctx, status, "Bad binding string");
+
+	credentials = cli_credentials_init(tctx);
+	torture_assert(tctx, credentials != NULL, "cli_credentials_init()");
+
+	dummy = talloc_asprintf(tctx, "%s$", trusted_dom_name);
+	cli_credentials_set_username(credentials, dummy,
+				     CRED_SPECIFIED);
+	cli_credentials_set_domain(credentials, trusting_dom_name,
+				   CRED_SPECIFIED);
+	cli_credentials_set_realm(credentials, trusting_dom_dns_name,
+				  CRED_SPECIFIED);
+	cli_credentials_set_password(credentials, trust_password, CRED_SPECIFIED);
+	cli_credentials_set_old_password(credentials, trust_password, CRED_SPECIFIED);
+	cli_credentials_set_workstation(credentials,
+					trusted_dom_name, CRED_SPECIFIED);
+	cli_credentials_set_secure_channel_type(credentials, SEC_CHAN_DOMAIN);
+
+	status = dcerpc_pipe_connect_b(tctx, &p1, b,
+				       &ndr_table_netlogon, credentials,
+				       tctx->ev, tctx->lp_ctx);
+
+	if (NT_STATUS_IS_ERR(status)) {
+		torture_comment(tctx, "Failed to connect to remote server: %s  with %s - %s\n",
+				binding,
+				cli_credentials_get_unparsed_name(credentials, tctx),
+				nt_errstr(status));
+		return false;
+	}
+
+	if (!test_SetupCredentials3(p1, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS | NETLOGON_NEG_SUPPORTS_AES,
+				    credentials, &creds)) {
+		torture_comment(tctx, "test_SetupCredentials3 failed.\n");
+		return false;
+	}
+	if (!test_SetupCredentialsPipe(p1, tctx, credentials, creds,
+				       DCERPC_SIGN | DCERPC_SEAL, &p)) {
+		torture_comment(tctx, "test_SetupCredentialsPipe failed.\n");
+		return false;
+	}
+
+	netlogon_creds_client_authenticator(creds, &a);
+
+	r.in.server_name = talloc_asprintf(tctx, "\\\\%s",
+					   dcerpc_server_name(p));
+	r.in.account_name = talloc_asprintf(tctx, "%s$", trusted_dom_name);
+	r.in.secure_channel_type = cli_credentials_get_secure_channel_type(credentials);
+	r.in.computer_name = trusted_dom_name;
+	r.in.credential = &a;
+
+	r.out.return_authenticator = &return_authenticator;
+	r.out.new_owf_password = &new_owf_password;
+	r.out.old_owf_password = &old_owf_password;
+	r.out.trust_info = &trust_info;
+
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_netr_ServerGetTrustInfo_r(p->binding_handle, tctx, &r),
+				   "ServerGetTrustInfo failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+				   "ServerGetTrustInfo failed");
+
+	torture_assert(tctx, trust_info != NULL, "ServerGetTrustInfo got no trust_info");
+	torture_assert_int_equal(tctx, trust_info->count, 1,
+				 "Unexpected number of results");
+	torture_assert_int_equal(tctx, trust_info->data[0], trust_attributes,
+				 "Unexpected trust_attributes");
+
+	new_nt_hash = cli_credentials_get_nt_hash(credentials, tctx);
+	torture_assert(tctx, new_nt_hash != NULL, "cli_credentials_get_nt_hash()");
+
+	old_nt_hash = cli_credentials_get_old_nt_hash(credentials, tctx);
+	torture_assert(tctx, old_nt_hash != NULL, "cli_credentials_get_old_nt_hash()");
+
+	netlogon_creds_des_decrypt(creds, &new_owf_password);
+	netlogon_creds_des_decrypt(creds, &old_owf_password);
+
+	dump_data(1, new_owf_password.hash, 16);
+	dump_data(1, new_nt_hash->hash, 16);
+	dump_data(1, old_owf_password.hash, 16);
+	dump_data(1, old_nt_hash->hash, 16);
+
+	torture_assert_mem_equal(tctx, new_owf_password.hash, new_nt_hash->hash, 16,
+		"received unexpected new owf password\n");
+
+	torture_assert_mem_equal(tctx, old_owf_password.hash, old_nt_hash->hash, 16,
+		"received unexpected old owf password\n");
+
+	netlogon_creds_client_authenticator(creds, &a);
+
+	fr.in.server_name = talloc_asprintf(tctx, "\\\\%s",
+					    dcerpc_server_name(p));
+	fr.in.computer_name = trusted_dom_name;
+	fr.in.credential = &a;
+	fr.in.flags = 0;
+	fr.out.return_authenticator = &return_authenticator;
+	fr.out.forest_trust_info = &forest_trust_info;
+
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_netr_GetForestTrustInformation_r(p->binding_handle, tctx, &fr),
+				   "netr_GetForestTrustInformation failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+				   "netr_GetForestTrustInformation failed");
+
+	for(i = 0; i < forest_trust_info->count; i++) {
+		struct lsa_ForestTrustRecord *e = forest_trust_info->entries[i];
+
+		switch (e->type) {
+		case LSA_FOREST_TRUST_TOP_LEVEL_NAME:
+			if (strcmp(e->forest_trust_data.top_level_name.string, trusting_dom_dns_name) != 0) {
+				break;
+			}
+
+			torture_assert(tctx, tln == NULL, "TOP_LEVEL_NAME found twice");
+
+			tln = e;
+			break;
+
+		case LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX:
+			break;
+
+		case LSA_FOREST_TRUST_DOMAIN_INFO:
+			if (strcmp(e->forest_trust_data.domain_info.dns_domain_name.string, trusting_dom_dns_name) != 0) {
+				break;
+			}
+
+			torture_assert(tctx, di == NULL, "DOMAIN_INFO found twice");
+
+			di = e;
+			break;
+		default:
+			torture_assert_int_equal(tctx, e->type, LSA_FOREST_TRUST_TOP_LEVEL_NAME,
+						 "Unexpected LSA_FOREST_TRUST_* type");
+		}
+	}
+
+	torture_assert(tctx, tln != NULL, "TOP_LEVEL_NAME entry missing");
+	torture_assert(tctx, di != NULL, "DOMAIN_INFO entry missing");
+
+	torture_assert_str_equal(tctx, di->forest_trust_data.domain_info.netbios_domain_name.string,
+				 trusting_dom_name,
+				 "netbios_domain_name mismatch");
+
+	return true;
+}
+
+static bool test_setup_trust(struct torture_context *tctx,
+			     struct dcerpc_pipe *p,
+			     const char *netbios_name,
+			     const char *dns_name,
+			     struct dom_sid *sid,
+			     DATA_BLOB *auth_blob)
+
+{
+	DATA_BLOB session_key;
+	struct lsa_TrustDomainInfoAuthInfoInternal authinfo;
+	NTSTATUS status;
+	gnutls_cipher_hd_t cipher_hnd = NULL;
+	gnutls_datum_t _session_key;
+
+	if (!check_name(p, tctx, netbios_name)) {
+		return false;
+	}
+	if (!check_name(p, tctx, dns_name)) {
+		return false;
+	}
+
+	status = dcerpc_fetch_session_key(p, &session_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "dcerpc_fetch_session_key failed - %s\n",
+				nt_errstr(status));
+		return false;
+	}
+
+	authinfo.auth_blob.data = talloc_memdup(tctx, auth_blob->data,
+						auth_blob->length);
+	if (authinfo.auth_blob.data == NULL) {
+		return false;
+	}
+	authinfo.auth_blob.size = auth_blob->length;
+
+	_session_key = (gnutls_datum_t) {
+		.data = session_key.data,
+		.size = session_key.length,
+	};
+
+	gnutls_cipher_init(&cipher_hnd,
+			   GNUTLS_CIPHER_ARCFOUR_128,
+			   &_session_key,
+			   NULL);
+	gnutls_cipher_encrypt(cipher_hnd,
+			      authinfo.auth_blob.data,
+			      authinfo.auth_blob.size);
+	gnutls_cipher_deinit(cipher_hnd);
+
+	if (!test_create_trust_and_set_info(p, tctx, netbios_name,
+					    dns_name, sid, &authinfo)) {
+		return false;
+	}
+
+	return true;
+}
+
+static bool testcase_ForestTrusts(struct torture_context *tctx,
+				  struct dcerpc_pipe *p)
+{
+	const char *dom2_binding_string;
+	const char * dom2_cred_string;
+	NTSTATUS status;
+	struct dom_sid *domsid;
+	DATA_BLOB auth_blob;
+	struct dcerpc_binding *dom2_binding;
+	struct dcerpc_pipe *dom2_p;
+	struct cli_credentials *dom2_credentials;
+	union lsa_PolicyInformation *dom1_info_dns = NULL;
+	union lsa_PolicyInformation *dom2_info_dns = NULL;
+	const char *binding = torture_setting_string(tctx, "binding", NULL);
+	char *test_password;
+
+	torture_comment(tctx, "Testing Forest Trusts\n");
+
+	test_password = generate_random_password(tctx, 32, 64);
+	torture_assert(tctx, test_password != NULL, "test password must be generated");
+
+	if (!get_trust_domain_passwords_auth_blob(tctx, test_password, &auth_blob)) {
+		torture_comment(tctx,
+				"get_trust_domain_passwords_auth_blob failed\n");
+		return false;
+	}
+
+#if 0
+	/* Use the following if get_trust_domain_passwords_auth_blob() cannot
+	 * generate a usable blob due to errors in the IDL */
+	auth_blob.data = talloc_memdup(tctx, my_blob, sizeof(my_blob));
+	auth_blob.length = sizeof(my_blob);
+
+	test_password = "1234567890"
+#endif
+
+	domsid = dom_sid_parse_talloc(tctx, TEST_DOM_SID);
+	if (domsid == NULL) {
+		return false;
+	}
+
+	if (!test_setup_trust(tctx, p, TEST_DOM, TEST_DOM_DNS, domsid,
+			      &auth_blob)) {
+		return false;
+	}
+
+	if (!get_lsa_policy_info_dns(p, tctx, &dom1_info_dns)) {
+		return false;
+	}
+
+	if (!get_and_set_info(p, tctx, TEST_DOM)) {
+		return false;
+	}
+
+	if (!test_validate_trust(tctx, binding,
+				 dom1_info_dns->dns.name.string,
+				 dom1_info_dns->dns.dns_domain.string,
+				 TEST_DOM, TEST_DOM_DNS, test_password)) {
+		return false;
+	}
+
+	if (!delete_trusted_domain_by_sid(p, tctx, domsid)) {
+		return false;
+	}
+
+	dom2_binding_string = torture_setting_string(tctx,
+						     "Forest_Trust_Dom2_Binding",
+						     NULL);
+	if (dom2_binding_string == NULL) {
+		torture_skip(tctx, "torture:Forest_Trust_Dom2_Binding not specified\n");
+	}
+
+	status = dcerpc_parse_binding(tctx, dom2_binding_string, &dom2_binding);
+	torture_assert_ntstatus_ok(tctx, status, "dcerpc_parse_binding()");
+
+	dom2_cred_string = torture_setting_string(tctx,
+						  "Forest_Trust_Dom2_Creds",
+						  NULL);
+	torture_assert(tctx, dom2_cred_string != NULL, "torture:Forest_Trust_Dom2_Creds missing");
+
+	dom2_credentials = cli_credentials_init(tctx);
+	torture_assert(tctx, dom2_credentials != NULL, "cli_credentials_init()");
+
+	cli_credentials_parse_string(dom2_credentials, dom2_cred_string,
+				     CRED_SPECIFIED);
+	cli_credentials_set_workstation(dom2_credentials,
+					TEST_MACHINE_NAME, CRED_SPECIFIED);
+
+	status = dcerpc_pipe_connect_b(tctx, &dom2_p, dom2_binding,
+				       &ndr_table_lsarpc, dom2_credentials,
+				       tctx->ev, tctx->lp_ctx);
+	torture_assert_ntstatus_ok(tctx, status, talloc_asprintf(tctx,
+				   "Failed to connect to remote server: %s\n",
+				   dcerpc_binding_string(tctx, dom2_binding)));
+
+	if (!get_lsa_policy_info_dns(dom2_p, tctx, &dom2_info_dns)) {
+		return false;
+	}
+
+	if (strcasecmp(dom1_info_dns->dns.name.string,
+		       dom2_info_dns->dns.name.string) == 0 ||
+	    strcasecmp(dom1_info_dns->dns.dns_domain.string,
+		       dom2_info_dns->dns.dns_domain.string) == 0)
+	{
+		torture_assert(tctx, false, talloc_asprintf(tctx,
+			       "Trusting (%s;%s) and trusted domain (%s;%s) have the "
+			       "same name",
+			       dom1_info_dns->dns.name.string,
+			       dom1_info_dns->dns.dns_domain.string,
+			       dom2_info_dns->dns.name.string,
+			       dom2_info_dns->dns.dns_domain.string));
+	}
+
+	if (!test_setup_trust(tctx, p, dom2_info_dns->dns.name.string,
+			       dom2_info_dns->dns.dns_domain.string,
+			       dom2_info_dns->dns.sid, &auth_blob)) {
+		return false;
+	}
+	if (!test_setup_trust(tctx, dom2_p, dom1_info_dns->dns.name.string,
+			      dom1_info_dns->dns.dns_domain.string,
+			      dom1_info_dns->dns.sid, &auth_blob)) {
+		return false;
+	}
+
+	if (!test_validate_trust(tctx, binding,
+				 dom1_info_dns->dns.name.string,
+				 dom1_info_dns->dns.dns_domain.string,
+				 dom2_info_dns->dns.name.string,
+				 dom2_info_dns->dns.dns_domain.string, test_password)) {
+		return false;
+	}
+
+	if (!test_validate_trust(tctx, dom2_binding_string,
+				 dom2_info_dns->dns.name.string,
+				 dom2_info_dns->dns.dns_domain.string,
+				 dom1_info_dns->dns.name.string,
+				 dom1_info_dns->dns.dns_domain.string, test_password)) {
+		return false;
+	}
+
+	if (!delete_trusted_domain_by_sid(p, tctx, dom2_info_dns->dns.sid)) {
+		return false;
+	}
+
+	if (!delete_trusted_domain_by_sid(dom2_p, tctx, dom1_info_dns->dns.sid)) {
+		return false;
+	}
+
+	return true;
+}
+
+/* By default this test creates a trust object in the destination server to a
+ * dummy domain. If a second server from a different domain is specified on the
+ * command line a trust is created between those two domains.
+ *
+ * Example:
+ * smbtorture ncacn_np:srv1.dom1.test[print] RPC-LSA-FOREST-TRUST \
+ *  -U 'dom1\testadm1%12345678' \
+ *  --option=torture:Forest_Trust_Dom2_Binding=ncacn_np:srv2.dom2.test[print]  \
+ *  --option=torture:Forest_Trust_Dom2_Creds='dom2\testadm2%12345678'
+ */
+
+struct torture_suite *torture_rpc_lsa_forest_trust(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite;
+	struct torture_rpc_tcase *tcase;
+
+	suite = torture_suite_create(mem_ctx, "lsa.forest.trust");
+
+	tcase = torture_suite_add_rpc_iface_tcase(suite, "lsa-forest-trust",
+						  &ndr_table_lsarpc);
+	torture_rpc_tcase_add_test(tcase, "ForestTrust", testcase_ForestTrusts);
+
+	return suite;
+}
diff --git a/source4/torture/rpc/frsapi.c b/source4/torture/rpc/frsapi.c
new file mode 100644
index 0000000..710826a
--- /dev/null
+++ b/source4/torture/rpc/frsapi.c
@@ -0,0 +1,276 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for rpc frsapi operations
+
+   Copyright (C) Guenther Deschner 2007
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "torture/rpc/torture_rpc.h"
+#include "librpc/gen_ndr/ndr_frsapi_c.h"
+#include "param/param.h"
+
+static bool test_GetDsPollingIntervalW(struct torture_context *tctx,
+				       struct dcerpc_binding_handle *b,
+				       uint32_t *CurrentInterval,
+				       uint32_t *DsPollingLongInterval,
+				       uint32_t *DsPollingShortInterval)
+{
+	struct frsapi_GetDsPollingIntervalW r;
+
+	ZERO_STRUCT(r);
+
+	r.out.CurrentInterval = CurrentInterval;
+	r.out.DsPollingLongInterval = DsPollingLongInterval;
+	r.out.DsPollingShortInterval = DsPollingShortInterval;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_frsapi_GetDsPollingIntervalW_r(b, tctx, &r),
+		"GetDsPollingIntervalW failed");
+
+	torture_assert_werr_ok(tctx, r.out.result,
+			       "GetDsPollingIntervalW failed");
+
+	return true;
+}
+
+static bool test_SetDsPollingIntervalW(struct torture_context *tctx,
+				       struct dcerpc_binding_handle *b,
+				       uint32_t CurrentInterval,
+				       uint32_t DsPollingLongInterval,
+				       uint32_t DsPollingShortInterval)
+{
+	struct frsapi_SetDsPollingIntervalW r;
+
+	ZERO_STRUCT(r);
+
+	r.in.CurrentInterval = CurrentInterval;
+	r.in.DsPollingLongInterval = DsPollingLongInterval;
+	r.in.DsPollingShortInterval = DsPollingShortInterval;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_frsapi_SetDsPollingIntervalW_r(b, tctx, &r),
+		"SetDsPollingIntervalW failed");
+
+	torture_assert_werr_ok(tctx, r.out.result,
+			       "SetDsPollingIntervalW failed");
+
+	return true;
+}
+
+static bool test_DsPollingIntervalW(struct torture_context *tctx,
+				    struct dcerpc_pipe *p)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	uint32_t i1, i2, i3;
+	uint32_t k1, k2, k3;
+
+	if (!test_GetDsPollingIntervalW(tctx, b, &i1, &i2, &i3)) {
+		return false;
+	}
+
+	if (!test_SetDsPollingIntervalW(tctx, b, i1, i2, i3)) {
+		return false;
+	}
+
+	k1 = i1;
+	k2 = k3 = 0;
+
+	if (!test_SetDsPollingIntervalW(tctx, b, k1, k2, k3)) {
+		return false;
+	}
+
+	if (!test_GetDsPollingIntervalW(tctx, b, &k1, &k2, &k3)) {
+		return false;
+	}
+
+	if ((i1 != k1) || (i2 != k2) || (i3 != k3)) {
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_IsPathReplicated_err(struct torture_context *tctx,
+				      struct dcerpc_binding_handle *b,
+				      const char *path,
+				      uint32_t type,
+				      WERROR werr)
+{
+	struct frsapi_IsPathReplicated r;
+	struct GUID guid;
+	uint32_t replicated, primary, root;
+
+	ZERO_STRUCT(r);
+
+	r.in.path = path;
+	r.in.replica_set_type = type;
+	r.out.replicated = &replicated;
+	r.out.primary = &primary;
+	r.out.root = &root;
+	r.out.replica_set_guid = &guid;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_frsapi_IsPathReplicated_r(b, tctx, &r),
+		"IsPathReplicated failed");
+
+	torture_assert_werr_equal(tctx, r.out.result, werr,
+			          "GetDsPollingIntervalW failed");
+
+	return true;
+}
+
+static bool _test_IsPathReplicated(struct torture_context *tctx,
+				  struct dcerpc_binding_handle *b,
+				  const char *path,
+				  uint32_t type)
+{
+	return test_IsPathReplicated_err(tctx, b, path, type, WERR_OK);
+}
+
+static bool test_IsPathReplicated(struct torture_context *tctx,
+				  struct dcerpc_pipe *p)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	const uint32_t lvls[] = {
+		FRSAPI_REPLICA_SET_TYPE_0,
+		FRSAPI_REPLICA_SET_TYPE_DOMAIN,
+		FRSAPI_REPLICA_SET_TYPE_DFS };
+	int i;
+	bool ret = true;
+
+	if (!test_IsPathReplicated_err(tctx, b, NULL, 0,
+				       WERR_FRS_ERR_INVALID_SERVICE_PARAMETER)) {
+		ret = false;
+	}
+
+	for (i=0; i<ARRAY_SIZE(lvls); i++) {
+		if (!_test_IsPathReplicated(tctx, b, dcerpc_server_name(p),
+					    lvls[i])) {
+			ret = false;
+		}
+	}
+
+	for (i=0; i<ARRAY_SIZE(lvls); i++) {
+		const char *path = talloc_asprintf(tctx, "\\\\%s\\SYSVOL",
+						   dcerpc_server_name(p));
+		if (!_test_IsPathReplicated(tctx, b, path, lvls[i])) {
+			ret = false;
+		}
+	}
+
+	for (i=0; i<ARRAY_SIZE(lvls); i++) {
+		if (!_test_IsPathReplicated(tctx, b,
+					    "C:\\windows\\sysvol\\domain",
+					    lvls[i])) {
+			ret = false;
+		}
+	}
+
+	return ret;
+}
+
+static bool test_ForceReplication(struct torture_context *tctx,
+				  struct dcerpc_pipe *p)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct frsapi_ForceReplication r;
+
+	ZERO_STRUCT(r);
+
+	r.in.replica_set_guid = NULL;
+	r.in.connection_guid = NULL;
+	r.in.replica_set_name = lpcfg_dnsdomain(tctx->lp_ctx);
+	r.in.partner_dns_name = dcerpc_server_name(p);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_frsapi_ForceReplication_r(b, tctx, &r),
+		"ForceReplication failed");
+
+	torture_assert_werr_ok(tctx, r.out.result,
+			       "ForceReplication failed");
+
+	return true;
+}
+
+static bool test_InfoW(struct torture_context *tctx,
+		       struct dcerpc_pipe *p)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	int i;
+
+	for (i=0; i<10; i++) {
+
+		struct frsapi_InfoW r;
+		struct frsapi_Info *info;
+		int d;
+		DATA_BLOB blob;
+
+		ZERO_STRUCT(r);
+
+		info = talloc_zero(tctx, struct frsapi_Info);
+
+		r.in.length = 0x1000;
+		r.in.info = r.out.info = info;
+
+		info->length = r.in.length;
+		info->length2 = r.in.length;
+		info->level = i;
+		info->offset = 0x2c;
+		info->blob_len = 0x2c;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_frsapi_InfoW_r(b, tctx, &r),
+			"InfoW failed");
+
+		torture_assert_werr_ok(tctx, r.out.result, "InfoW failed");
+
+		/* display the formatted blob text */
+		blob = r.out.info->blob;
+		for (d = 0; d < blob.length; d++) {
+			if (blob.data[d]) {
+				printf("%c", blob.data[d]);
+			}
+		}
+		printf("\n");
+	}
+
+	return true;
+}
+
+struct torture_suite *torture_rpc_frsapi(TALLOC_CTX *mem_ctx)
+{
+	struct torture_rpc_tcase *tcase;
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "frsapi");
+
+	tcase = torture_suite_add_rpc_iface_tcase(suite, "frsapi",
+						  &ndr_table_frsapi);
+
+	torture_rpc_tcase_add_test(tcase, "DsPollingIntervalW",
+				   test_DsPollingIntervalW);
+
+	torture_rpc_tcase_add_test(tcase, "IsPathReplicated",
+				   test_IsPathReplicated);
+
+	torture_rpc_tcase_add_test(tcase, "ForceReplication",
+				   test_ForceReplication);
+
+	torture_rpc_tcase_add_test(tcase, "InfoW",
+				   test_InfoW);
+
+	return suite;
+}
diff --git a/source4/torture/rpc/fsrvp.c b/source4/torture/rpc/fsrvp.c
new file mode 100644
index 0000000..1b38947
--- /dev/null
+++ b/source4/torture/rpc/fsrvp.c
@@ -0,0 +1,973 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   test suite for File Server Remote VSS Protocol operations
+
+   Copyright (C) David Disseldorp 2012-2013
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ * Windows Server "8" Beta is very picky in how it accepts FSRVP requests, the
+ * client must be a member of the same AD domain, ndr64 and signing must be
+ * negotiated for the DCE/RPC bind. E.g.
+ *
+ * smbtorture ncacn_np:LUTZE[/pipe/FssagentRpc,smb2,ndr64,sign] \
+ * 	      -U 'DOM\user%pw' rpc.fsrvp
+ *
+ * This test suite requires a snapshotable share named FSHARE (see #def below).
+ */
+#include "includes.h"
+#include "lib/param/param.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "libcli/smb_composite/smb_composite.h"
+#include "libcli/resolve/resolve.h"
+#include "libcli/util/hresult.h"
+#include "libcli/security/dom_sid.h"
+#include "libcli/security/security_descriptor.h"
+#include "torture/torture.h"
+#include "torture/smb2/proto.h"
+#include "torture/rpc/torture_rpc.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "librpc/gen_ndr/ndr_srvsvc_c.h"
+#include "librpc/gen_ndr/ndr_fsrvp_c.h"
+#include "lib/cmdline/cmdline.h"
+
+#define FSHARE	"fsrvp_share"
+#define FNAME	"testfss.dat"
+
+static bool test_fsrvp_is_path_supported(struct torture_context *tctx,
+					 struct dcerpc_pipe *p)
+{
+	struct fss_IsPathSupported r;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	NTSTATUS status;
+
+	ZERO_STRUCT(r);
+	r.in.ShareName = talloc_asprintf(tctx,"\\\\%s\\%s\\",
+					 dcerpc_server_name(p),
+					 FSHARE);
+	status = dcerpc_fss_IsPathSupported_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "IsPathSupported failed");
+
+	torture_assert(tctx, *r.out.SupportedByThisProvider,
+		       "path not supported");
+
+	torture_comment(tctx, "path %s is supported by fsrvp server %s\n",
+			r.in.ShareName, *r.out.OwnerMachineName);
+
+	return true;
+}
+
+static bool test_fsrvp_get_version(struct torture_context *tctx,
+				   struct dcerpc_pipe *p)
+{
+	struct fss_GetSupportedVersion r;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	NTSTATUS status;
+
+	ZERO_STRUCT(r);
+	status = dcerpc_fss_GetSupportedVersion_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "GetSupportedVersion failed");
+
+	torture_comment(tctx, "got MinVersion %u\n", *r.out.MinVersion);
+	torture_comment(tctx, "got MaxVersion %u\n", *r.out.MaxVersion);
+
+	return true;
+}
+
+static bool test_fsrvp_set_ctx(struct torture_context *tctx,
+			       struct dcerpc_pipe *p)
+{
+	struct fss_SetContext r;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	NTSTATUS status;
+
+	ZERO_STRUCT(r);
+	r.in.Context = FSRVP_CTX_BACKUP;
+	status = dcerpc_fss_SetContext_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "SetContext failed");
+
+	return true;
+}
+
+enum test_fsrvp_inject {
+	TEST_FSRVP_TOUT_NONE = 0,
+	TEST_FSRVP_TOUT_SET_CTX,
+	TEST_FSRVP_TOUT_START_SET,
+	TEST_FSRVP_TOUT_ADD_TO_SET,
+	TEST_FSRVP_TOUT_PREPARE,
+	TEST_FSRVP_TOUT_COMMIT,
+
+	TEST_FSRVP_STOP_B4_EXPOSE,
+};
+
+static bool test_fsrvp_sc_create(struct torture_context *tctx,
+				 struct dcerpc_pipe *p,
+				 const char *share,
+				 enum test_fsrvp_inject inject,
+				 struct fssagent_share_mapping_1 **sc_map)
+{
+	struct fss_IsPathSupported r_pathsupport_get;
+	struct fss_GetSupportedVersion r_version_get;
+	struct fss_SetContext r_context_set;
+	struct fss_StartShadowCopySet r_scset_start;
+	struct fss_AddToShadowCopySet r_scset_add1;
+	struct fss_AddToShadowCopySet r_scset_add2;
+	struct fss_PrepareShadowCopySet r_scset_prep;
+	struct fss_CommitShadowCopySet r_scset_commit;
+	struct fss_ExposeShadowCopySet r_scset_expose;
+	struct fss_GetShareMapping r_sharemap_get;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	NTSTATUS status;
+	time_t start_time;
+	TALLOC_CTX *tmp_ctx = talloc_new(tctx);
+	struct fssagent_share_mapping_1 *map = NULL;
+	int sleep_time;
+
+	/*
+	 * PrepareShadowCopySet & CommitShadowCopySet often exceed the default
+	 * 60 second dcerpc request timeout against Windows Server "8" Beta.
+	 */
+	dcerpc_binding_handle_set_timeout(b, 240);
+
+	ZERO_STRUCT(r_pathsupport_get);
+	r_pathsupport_get.in.ShareName = share;
+	status = dcerpc_fss_IsPathSupported_r(b, tmp_ctx, &r_pathsupport_get);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "IsPathSupported failed");
+	torture_assert_int_equal(tctx, r_pathsupport_get.out.result, 0,
+				 "failed IsPathSupported response");
+	torture_assert(tctx, r_pathsupport_get.out.SupportedByThisProvider,
+		       "path not supported");
+
+	ZERO_STRUCT(r_version_get);
+	status = dcerpc_fss_GetSupportedVersion_r(b, tmp_ctx, &r_version_get);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "GetSupportedVersion failed");
+	torture_assert_int_equal(tctx, r_version_get.out.result, 0,
+				 "failed GetSupportedVersion response");
+
+	ZERO_STRUCT(r_context_set);
+	r_context_set.in.Context = FSRVP_CTX_BACKUP;
+	status = dcerpc_fss_SetContext_r(b, tmp_ctx, &r_context_set);
+	torture_assert_ntstatus_ok(tctx, status, "SetContext failed");
+	torture_assert_int_equal(tctx, r_context_set.out.result, 0,
+				 "failed SetContext response");
+
+	if (inject == TEST_FSRVP_TOUT_SET_CTX) {
+		sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss",
+					    "sequence timeout", 180);
+		torture_comment(tctx, "sleeping for %d\n", sleep_time);
+		smb_msleep((sleep_time * 1000) + 500);
+	}
+
+	ZERO_STRUCT(r_scset_start);
+	r_scset_start.in.ClientShadowCopySetId = GUID_random();
+	status = dcerpc_fss_StartShadowCopySet_r(b, tmp_ctx, &r_scset_start);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "StartShadowCopySet failed");
+	if (inject == TEST_FSRVP_TOUT_SET_CTX) {
+		/* expect error due to message sequence timeout after set_ctx */
+		torture_assert_int_equal(tctx, r_scset_start.out.result,
+					 FSRVP_E_BAD_STATE,
+					 "StartShadowCopySet timeout response");
+		goto done;
+	}
+	torture_assert_int_equal(tctx, r_scset_start.out.result, 0,
+				 "failed StartShadowCopySet response");
+	torture_comment(tctx, "%s: shadow-copy set created\n",
+			GUID_string(tmp_ctx, r_scset_start.out.pShadowCopySetId));
+
+	if (inject == TEST_FSRVP_TOUT_START_SET) {
+		sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss",
+					    "sequence timeout", 180);
+		torture_comment(tctx, "sleeping for %d\n", sleep_time);
+		smb_msleep((sleep_time * 1000) + 500);
+	}
+
+	ZERO_STRUCT(r_scset_add1);
+	r_scset_add1.in.ClientShadowCopyId = GUID_random();
+	r_scset_add1.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId;
+	r_scset_add1.in.ShareName = share;
+	status = dcerpc_fss_AddToShadowCopySet_r(b, tmp_ctx, &r_scset_add1);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "AddToShadowCopySet failed");
+	if (inject == TEST_FSRVP_TOUT_START_SET) {
+		torture_assert_int_equal(tctx, r_scset_add1.out.result,
+					 HRES_ERROR_V(HRES_E_INVALIDARG),
+					 "AddToShadowCopySet timeout response");
+		goto done;
+	}
+	torture_assert_int_equal(tctx, r_scset_add1.out.result, 0,
+				 "failed AddToShadowCopySet response");
+	torture_comment(tctx, "%s(%s): %s added to shadow-copy set\n",
+			GUID_string(tmp_ctx, r_scset_start.out.pShadowCopySetId),
+			GUID_string(tmp_ctx, r_scset_add1.out.pShadowCopyId),
+			r_scset_add1.in.ShareName);
+
+	/* attempts to add the same share twice should fail */
+	ZERO_STRUCT(r_scset_add2);
+	r_scset_add2.in.ClientShadowCopyId = GUID_random();
+	r_scset_add2.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId;
+	r_scset_add2.in.ShareName = share;
+	status = dcerpc_fss_AddToShadowCopySet_r(b, tmp_ctx, &r_scset_add2);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "AddToShadowCopySet failed");
+	torture_assert_int_equal(tctx, r_scset_add2.out.result,
+				 FSRVP_E_OBJECT_ALREADY_EXISTS,
+				 "failed AddToShadowCopySet response");
+
+	if (inject == TEST_FSRVP_TOUT_ADD_TO_SET) {
+		sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss",
+					    "sequence timeout", 1800);
+		torture_comment(tctx, "sleeping for %d\n", sleep_time);
+		smb_msleep((sleep_time * 1000) + 500);
+	}
+
+	start_time = time_mono(NULL);
+	ZERO_STRUCT(r_scset_prep);
+	r_scset_prep.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId;
+//	r_scset_prep.in.TimeOutInMilliseconds = (1800 * 1000);	/* win8 */
+	r_scset_prep.in.TimeOutInMilliseconds = (240 * 1000);
+	status = dcerpc_fss_PrepareShadowCopySet_r(b, tmp_ctx, &r_scset_prep);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "PrepareShadowCopySet failed");
+	if (inject == TEST_FSRVP_TOUT_ADD_TO_SET) {
+		torture_assert_int_equal(tctx, r_scset_prep.out.result,
+					 HRES_ERROR_V(HRES_E_INVALIDARG),
+					 "PrepareShadowCopySet tout response");
+		goto done;
+	}
+	torture_assert_int_equal(tctx, r_scset_prep.out.result, 0,
+				 "failed PrepareShadowCopySet response");
+	torture_comment(tctx, "%s: prepare completed in %llu secs\n",
+			GUID_string(tmp_ctx, r_scset_start.out.pShadowCopySetId),
+			(unsigned long long)(time_mono(NULL) - start_time));
+
+	if (inject == TEST_FSRVP_TOUT_PREPARE) {
+		sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss",
+					    "sequence timeout", 1800);
+		torture_comment(tctx, "sleeping for %d\n", sleep_time);
+		smb_msleep((sleep_time * 1000) + 500);
+	}
+
+	start_time = time_mono(NULL);
+	ZERO_STRUCT(r_scset_commit);
+	r_scset_commit.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId;
+	r_scset_commit.in.TimeOutInMilliseconds = (180 * 1000);	/* win8 */
+	status = dcerpc_fss_CommitShadowCopySet_r(b, tmp_ctx, &r_scset_commit);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "CommitShadowCopySet failed");
+	if (inject == TEST_FSRVP_TOUT_PREPARE) {
+		torture_assert_int_equal(tctx, r_scset_commit.out.result,
+					 HRES_ERROR_V(HRES_E_INVALIDARG),
+					 "CommitShadowCopySet tout response");
+		goto done;
+	}
+	torture_assert_int_equal(tctx, r_scset_commit.out.result, 0,
+				 "failed CommitShadowCopySet response");
+	torture_comment(tctx, "%s: commit completed in %llu secs\n",
+			GUID_string(tmp_ctx, r_scset_start.out.pShadowCopySetId),
+			(unsigned long long)(time_mono(NULL) - start_time));
+
+	if (inject == TEST_FSRVP_TOUT_COMMIT) {
+		sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss",
+					    "sequence timeout", 180);
+		torture_comment(tctx, "sleeping for %d\n", sleep_time);
+		smb_msleep((sleep_time * 1000) + 500);
+	} else if (inject == TEST_FSRVP_STOP_B4_EXPOSE) {
+		/* return partial snapshot information */
+		map = talloc_zero(tctx, struct fssagent_share_mapping_1);
+		map->ShadowCopySetId = *r_scset_start.out.pShadowCopySetId;
+		map->ShadowCopyId = *r_scset_add1.out.pShadowCopyId;
+		goto done;
+	}
+
+	start_time = time_mono(NULL);
+	ZERO_STRUCT(r_scset_expose);
+	r_scset_expose.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId;
+	r_scset_expose.in.TimeOutInMilliseconds = (120 * 1000);	/* win8 */
+	status = dcerpc_fss_ExposeShadowCopySet_r(b, tmp_ctx, &r_scset_expose);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "ExposeShadowCopySet failed");
+	if (inject == TEST_FSRVP_TOUT_COMMIT) {
+		torture_assert_int_equal(tctx, r_scset_expose.out.result,
+					 HRES_ERROR_V(HRES_E_INVALIDARG),
+					 "ExposeShadowCopySet tout response");
+		goto done;
+	}
+	torture_assert_int_equal(tctx, r_scset_expose.out.result, 0,
+				 "failed ExposeShadowCopySet response");
+	torture_comment(tctx, "%s: expose completed in %llu secs\n",
+			GUID_string(tmp_ctx, r_scset_start.out.pShadowCopySetId),
+			(unsigned long long)(time_mono(NULL) - start_time));
+
+	ZERO_STRUCT(r_sharemap_get);
+	r_sharemap_get.in.ShadowCopyId = *r_scset_add1.out.pShadowCopyId;
+	r_sharemap_get.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId;
+	r_sharemap_get.in.ShareName = r_scset_add1.in.ShareName;
+	r_sharemap_get.in.Level = 1;
+	status = dcerpc_fss_GetShareMapping_r(b, tmp_ctx, &r_sharemap_get);
+	torture_assert_ntstatus_ok(tctx, status, "GetShareMapping failed");
+	torture_assert_int_equal(tctx, r_sharemap_get.out.result, 0,
+				 "failed GetShareMapping response");
+	torture_comment(tctx, "%s(%s): %s is a snapshot of %s at %s\n",
+			GUID_string(tmp_ctx, &r_sharemap_get.out.ShareMapping->ShareMapping1->ShadowCopySetId),
+			GUID_string(tmp_ctx, &r_sharemap_get.out.ShareMapping->ShareMapping1->ShadowCopyId),
+			r_sharemap_get.out.ShareMapping->ShareMapping1->ShadowCopyShareName,
+			r_sharemap_get.out.ShareMapping->ShareMapping1->ShareNameUNC,
+			nt_time_string(tmp_ctx, r_sharemap_get.out.ShareMapping->ShareMapping1->tstamp));
+
+	map = talloc_zero(tctx, struct fssagent_share_mapping_1);
+	map->ShadowCopySetId = r_sharemap_get.out.ShareMapping->ShareMapping1->ShadowCopySetId;
+	map->ShadowCopyId = r_sharemap_get.out.ShareMapping->ShareMapping1->ShadowCopyId;
+	map->ShadowCopyShareName
+		= talloc_strdup(tctx, r_sharemap_get.out.ShareMapping->ShareMapping1->ShadowCopyShareName);
+	map->ShareNameUNC
+		= talloc_strdup(tctx, r_sharemap_get.out.ShareMapping->ShareMapping1->ShareNameUNC);
+	map->tstamp = r_sharemap_get.out.ShareMapping->ShareMapping1->tstamp;
+
+	torture_assert(tctx, !GUID_compare(&r_sharemap_get.in.ShadowCopySetId,
+					   &map->ShadowCopySetId),
+		       "sc_set GUID mismatch in GetShareMapping");
+	torture_assert(tctx, !GUID_compare(&r_sharemap_get.in.ShadowCopyId,
+					   &map->ShadowCopyId),
+		       "sc GUID mismatch in GetShareMapping");
+
+done:
+	talloc_free(tmp_ctx);
+	*sc_map = map;
+
+	return true;
+}
+
+static bool test_fsrvp_sc_delete(struct torture_context *tctx,
+				 struct dcerpc_pipe *p,
+				 struct fssagent_share_mapping_1 *sc_map)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct fss_DeleteShareMapping r_sharemap_del;
+	NTSTATUS status;
+
+	ZERO_STRUCT(r_sharemap_del);
+	r_sharemap_del.in.ShadowCopySetId = sc_map->ShadowCopySetId;
+	r_sharemap_del.in.ShadowCopyId = sc_map->ShadowCopyId;
+	r_sharemap_del.in.ShareName = sc_map->ShareNameUNC;
+	status = dcerpc_fss_DeleteShareMapping_r(b, tctx, &r_sharemap_del);
+	torture_assert_ntstatus_ok(tctx, status, "DeleteShareMapping failed");
+	torture_assert_int_equal(tctx, r_sharemap_del.out.result, 0,
+				 "failed DeleteShareMapping response");
+
+	return true;
+}
+
+static bool test_fsrvp_sc_create_simple(struct torture_context *tctx,
+					 struct dcerpc_pipe *p)
+{
+	struct fssagent_share_mapping_1 *sc_map;
+	/* no trailing backslash - should work. See note in cmd_fss.c */
+	char *share_unc = talloc_asprintf(tctx, "\\\\%s\\%s",
+					  dcerpc_server_name(p), FSHARE);
+
+	torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc, TEST_FSRVP_TOUT_NONE, &sc_map),
+		       "sc create");
+
+	torture_assert(tctx, test_fsrvp_sc_delete(tctx, p, sc_map), "sc del");
+
+	return true;
+}
+
+static bool test_fsrvp_sc_set_abort(struct torture_context *tctx,
+				    struct dcerpc_pipe *p)
+{
+	char *share_unc = talloc_asprintf(tctx, "\\\\%s\\%s\\",
+					  dcerpc_server_name(p), FSHARE);
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct fss_IsPathSupported r_pathsupport_get;
+	struct fss_GetSupportedVersion r_version_get;
+	struct fss_SetContext r_context_set;
+	struct fss_StartShadowCopySet r_scset_start;
+	struct fss_AbortShadowCopySet r_scset_abort;
+	struct fss_AddToShadowCopySet r_scset_add;
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(tctx);
+
+	ZERO_STRUCT(r_pathsupport_get);
+	r_pathsupport_get.in.ShareName = share_unc;
+	status = dcerpc_fss_IsPathSupported_r(b, tmp_ctx, &r_pathsupport_get);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "IsPathSupported failed");
+	torture_assert(tctx, r_pathsupport_get.out.SupportedByThisProvider,
+		       "path not supported");
+
+	ZERO_STRUCT(r_version_get);
+	status = dcerpc_fss_GetSupportedVersion_r(b, tmp_ctx, &r_version_get);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "GetSupportedVersion failed");
+
+	ZERO_STRUCT(r_context_set);
+	r_context_set.in.Context = FSRVP_CTX_BACKUP;
+	status = dcerpc_fss_SetContext_r(b, tmp_ctx, &r_context_set);
+	torture_assert_ntstatus_ok(tctx, status, "SetContext failed");
+
+	ZERO_STRUCT(r_scset_start);
+	r_scset_start.in.ClientShadowCopySetId = GUID_random();
+	status = dcerpc_fss_StartShadowCopySet_r(b, tmp_ctx, &r_scset_start);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "StartShadowCopySet failed");
+
+	ZERO_STRUCT(r_scset_abort);
+	r_scset_abort.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId;
+	status = dcerpc_fss_AbortShadowCopySet_r(b, tmp_ctx, &r_scset_abort);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "AbortShadowCopySet failed");
+
+	ZERO_STRUCT(r_scset_add);
+	r_scset_add.in.ClientShadowCopyId = GUID_random();
+	r_scset_add.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId;
+	r_scset_add.in.ShareName = share_unc;
+	status = dcerpc_fss_AddToShadowCopySet_r(b, tmp_ctx, &r_scset_add);
+	torture_assert_ntstatus_ok(tctx, status, "AddToShadowCopySet failed "
+				   "following abort");
+	/*
+	 * XXX Windows 8 server beta returns FSRVP_E_BAD_STATE here rather than
+	 * FSRVP_E_BAD_ID / HRES_E_INVALIDARG.
+	 */
+	torture_assert(tctx, (r_scset_add.out.result != 0),
+		       "incorrect AddToShadowCopySet response following abort");
+
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_fsrvp_bad_id(struct torture_context *tctx,
+			      struct dcerpc_pipe *p)
+{
+	struct fssagent_share_mapping_1 *sc_map;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct fss_DeleteShareMapping r_sharemap_del;
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(tctx);
+	char *share_unc = talloc_asprintf(tmp_ctx, "\\\\%s\\%s\\",
+					  dcerpc_server_name(p), FSHARE);
+
+	torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc, TEST_FSRVP_TOUT_NONE, &sc_map),
+		       "sc create");
+
+	ZERO_STRUCT(r_sharemap_del);
+	r_sharemap_del.in.ShadowCopySetId = sc_map->ShadowCopySetId;
+	r_sharemap_del.in.ShadowCopySetId.time_low++;	/* bogus */
+	r_sharemap_del.in.ShadowCopyId = sc_map->ShadowCopyId;
+	r_sharemap_del.in.ShareName = sc_map->ShareNameUNC;
+	status = dcerpc_fss_DeleteShareMapping_r(b, tmp_ctx, &r_sharemap_del);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "DeleteShareMapping failed");
+	torture_assert_int_equal(tctx, r_sharemap_del.out.result,
+				 FSRVP_E_OBJECT_NOT_FOUND,
+				 "incorrect DeleteShareMapping response");
+
+	r_sharemap_del.in.ShadowCopySetId = sc_map->ShadowCopySetId;
+	r_sharemap_del.in.ShadowCopyId.time_mid++;	/* bogus */
+	status = dcerpc_fss_DeleteShareMapping_r(b, tmp_ctx, &r_sharemap_del);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "DeleteShareMapping failed");
+	torture_assert_int_equal(tctx, r_sharemap_del.out.result,
+				 HRES_ERROR_V(HRES_E_INVALIDARG),
+				 "incorrect DeleteShareMapping response");
+
+	torture_assert(tctx, test_fsrvp_sc_delete(tctx, p, sc_map), "sc del");
+
+	talloc_free(sc_map);
+	talloc_free(tmp_ctx);
+
+	return true;
+}
+
+static bool test_fsrvp_sc_share_io(struct torture_context *tctx,
+				   struct dcerpc_pipe *p)
+{
+	struct fssagent_share_mapping_1 *sc_map;
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(tctx);
+	char *share_unc = talloc_asprintf(tmp_ctx, "\\\\%s\\%s",
+					  dcerpc_server_name(p), FSHARE);
+	struct smb2_tree *tree_base;
+	struct smb2_tree *tree_snap;
+	struct smbcli_options options;
+	struct smb2_handle base_fh;
+	struct smb2_read r;
+	struct smb2_create io;
+	lpcfg_smbcli_options(tctx->lp_ctx, &options);
+
+	status = smb2_connect(tmp_ctx,
+			      dcerpc_server_name(p),
+			      lpcfg_smb_ports(tctx->lp_ctx),
+			      FSHARE,
+			      lpcfg_resolve_context(tctx->lp_ctx),
+			      samba_cmdline_get_creds(),
+			      &tree_base,
+			      tctx->ev,
+			      &options,
+			      lpcfg_socket_options(tctx->lp_ctx),
+			      lpcfg_gensec_settings(tctx, tctx->lp_ctx));
+	torture_assert_ntstatus_ok(tctx, status,
+				   "Failed to connect to SMB2 share");
+
+	smb2_util_unlink(tree_base, FNAME);
+	status = torture_smb2_testfile(tree_base, FNAME, &base_fh);
+	torture_assert_ntstatus_ok(tctx, status, "base write open");
+
+	status = smb2_util_write(tree_base, base_fh, "pre-snap", 0,
+				 sizeof("pre-snap"));
+	torture_assert_ntstatus_ok(tctx, status, "src write");
+
+
+	torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc, TEST_FSRVP_TOUT_NONE, &sc_map),
+		       "sc create");
+
+	status = smb2_util_write(tree_base, base_fh, "post-snap", 0,
+				 sizeof("post-snap"));
+	torture_assert_ntstatus_ok(tctx, status, "base write");
+
+	/* connect to snapshot share and verify pre-snapshot data */
+	status = smb2_connect(tmp_ctx,
+			      dcerpc_server_name(p),
+			      lpcfg_smb_ports(tctx->lp_ctx),
+			      sc_map->ShadowCopyShareName,
+			      lpcfg_resolve_context(tctx->lp_ctx),
+			      samba_cmdline_get_creds(),
+			      &tree_snap,
+			      tctx->ev,
+			      &options,
+			      lpcfg_socket_options(tctx->lp_ctx),
+			      lpcfg_gensec_settings(tctx, tctx->lp_ctx));
+	torture_assert_ntstatus_ok(tctx, status,
+				   "Failed to connect to SMB2 shadow-copy share");
+	/* Windows server 8 allows RW open to succeed here for a ro snapshot */
+	ZERO_STRUCT(io);
+	io.in.desired_access = SEC_RIGHTS_FILE_READ;
+	io.in.file_attributes   = FILE_ATTRIBUTE_NORMAL;
+	io.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.in.share_access =
+		NTCREATEX_SHARE_ACCESS_DELETE|
+		NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.in.create_options = 0;
+	io.in.fname = FNAME;
+	status = smb2_create(tree_snap, tmp_ctx, &io);
+	torture_assert_ntstatus_ok(tctx, status, "snap read open");
+
+	ZERO_STRUCT(r);
+	r.in.file.handle = io.out.file.handle;
+	r.in.length      = sizeof("pre-snap");
+	status = smb2_read(tree_snap, tmp_ctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "read");
+	torture_assert_u64_equal(tctx, r.out.data.length, r.in.length,
+				 "read data len mismatch");
+	torture_assert_str_equal(tctx, (char *)r.out.data.data, "pre-snap",
+				 "bad snapshot data");
+
+	torture_assert(tctx, test_fsrvp_sc_delete(tctx, p, sc_map), "sc del");
+
+	talloc_free(sc_map);
+	talloc_free(tmp_ctx);
+
+	return true;
+}
+
+static bool test_fsrvp_enum_snaps(struct torture_context *tctx,
+				  TALLOC_CTX *mem_ctx,
+				  struct smb2_tree *tree,
+				  struct smb2_handle fh,
+				  int *_count)
+{
+	struct smb2_ioctl io;
+	NTSTATUS status;
+
+	ZERO_STRUCT(io);
+	io.level = RAW_IOCTL_SMB2;
+	io.in.file.handle = fh;
+	io.in.function = FSCTL_SRV_ENUM_SNAPS;
+	io.in.max_output_response = 16;
+	io.in.flags = SMB2_IOCTL_FLAG_IS_FSCTL;
+
+	status = smb2_ioctl(tree, mem_ctx, &io);
+	torture_assert_ntstatus_ok(tctx, status, "enum ioctl");
+
+	*_count = IVAL(io.out.out.data, 0);
+
+	/* with max_output_response=16, no labels should be sent */
+	torture_assert_int_equal(tctx, IVAL(io.out.out.data, 4), 0,
+				 "enum snaps labels");
+
+	/* TODO with 0 snaps, needed_data_count should be 0? */
+	if (*_count != 0) {
+		torture_assert(tctx, IVAL(io.out.out.data, 8) != 0,
+			       "enum snaps needed non-zero");
+	}
+
+	return true;
+}
+
+static bool test_fsrvp_enum_created(struct torture_context *tctx,
+				    struct dcerpc_pipe *p)
+{
+	struct fssagent_share_mapping_1 *sc_map;
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(tctx);
+	char *share_unc = talloc_asprintf(tmp_ctx, "\\\\%s\\%s\\",
+					  dcerpc_server_name(p), FSHARE);
+	struct smb2_tree *tree_base;
+	struct smbcli_options options;
+	struct smb2_handle base_fh;
+	int count;
+	lpcfg_smbcli_options(tctx->lp_ctx, &options);
+
+	status = smb2_connect(tmp_ctx,
+			      dcerpc_server_name(p),
+			      lpcfg_smb_ports(tctx->lp_ctx),
+			      FSHARE,
+			      lpcfg_resolve_context(tctx->lp_ctx),
+			      samba_cmdline_get_creds(),
+			      &tree_base,
+			      tctx->ev,
+			      &options,
+			      lpcfg_socket_options(tctx->lp_ctx),
+			      lpcfg_gensec_settings(tctx, tctx->lp_ctx));
+	torture_assert_ntstatus_ok(tctx, status,
+				   "Failed to connect to SMB2 share");
+
+	smb2_util_unlink(tree_base, FNAME);
+	status = torture_smb2_testfile(tree_base, FNAME, &base_fh);
+	torture_assert_ntstatus_ok(tctx, status, "base write open");
+
+	status = smb2_util_write(tree_base, base_fh, "pre-snap", 0,
+				 sizeof("pre-snap"));
+	torture_assert_ntstatus_ok(tctx, status, "src write");
+
+	torture_assert(tctx,
+		       test_fsrvp_enum_snaps(tctx, tmp_ctx, tree_base, base_fh,
+					     &count),
+		       "count");
+	torture_assert_int_equal(tctx, count, 0, "num snaps");
+
+	torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc, TEST_FSRVP_TOUT_NONE, &sc_map),
+		       "sc create");
+	talloc_free(sc_map);
+
+	torture_assert(tctx,
+		       test_fsrvp_enum_snaps(tctx, tmp_ctx, tree_base, base_fh,
+					     &count),
+		       "count");
+	/*
+	 * Snapshots created via FSRVP on Windows Server 2012 are not added to
+	 * the previous versions list, so it will fail here...
+	 */
+	torture_assert_int_equal(tctx, count, 1, "num snaps");
+
+	smb_msleep(1100);	/* @GMT tokens have a 1 second resolution */
+	torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc, TEST_FSRVP_TOUT_NONE, &sc_map),
+		       "sc create");
+	talloc_free(sc_map);
+
+	torture_assert(tctx,
+		       test_fsrvp_enum_snaps(tctx, tmp_ctx, tree_base, base_fh,
+					     &count),
+		       "count");
+	torture_assert_int_equal(tctx, count, 2, "num snaps");
+
+	smb2_util_close(tree_base, base_fh);
+	ZERO_STRUCT(base_fh);
+
+	smb2_util_unlink(tree_base, FNAME);
+
+	talloc_free(tmp_ctx);
+
+	return true;
+}
+
+static bool test_fsrvp_seq_timeout(struct torture_context *tctx,
+				   struct dcerpc_pipe *p)
+{
+	int i;
+	struct fssagent_share_mapping_1 *sc_map;
+	char *share_unc = talloc_asprintf(tctx, "\\\\%s\\%s",
+					  dcerpc_server_name(p), FSHARE);
+
+	for (i = TEST_FSRVP_TOUT_NONE; i <= TEST_FSRVP_TOUT_COMMIT; i++) {
+		torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc,
+							  i, &sc_map),
+			       "sc create");
+
+		/* only need to delete if create process didn't timeout */
+		if (i == TEST_FSRVP_TOUT_NONE) {
+			torture_assert(tctx, test_fsrvp_sc_delete(tctx, p, sc_map),
+				       "sc del");
+		}
+	}
+
+	return true;
+}
+
+static bool test_fsrvp_share_sd(struct torture_context *tctx,
+				struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *srvsvc_p;
+	struct srvsvc_NetShareGetInfo q;
+	struct srvsvc_NetShareSetInfo s;
+	struct srvsvc_NetShareInfo502 *info502;
+	struct fssagent_share_mapping_1 *sc_map;
+	struct fss_ExposeShadowCopySet r_scset_expose;
+	struct fss_GetShareMapping r_sharemap_get;
+	struct security_descriptor *sd_old;
+	struct security_descriptor *sd_base;
+	struct security_descriptor *sd_snap;
+	struct security_ace *ace;
+	int i;
+	int aces_found;
+	char *share_unc = talloc_asprintf(tctx, "\\\\%s\\%s",
+					  dcerpc_server_name(p), FSHARE);
+	ZERO_STRUCT(q);
+	q.in.server_unc = dcerpc_server_name(p);
+	q.in.share_name = FSHARE;
+	q.in.level = 502;
+
+	status = torture_rpc_connection(tctx, &srvsvc_p, &ndr_table_srvsvc);
+	torture_assert_ntstatus_ok(tctx, status, "srvsvc rpc conn failed");
+
+	/* ensure srvsvc out pointers are allocated during unmarshalling */
+	srvsvc_p->conn->flags |= DCERPC_NDR_REF_ALLOC;
+
+	/* obtain the existing DACL for the base share */
+	status = dcerpc_srvsvc_NetShareGetInfo_r(srvsvc_p->binding_handle,
+						 tctx, &q);
+	torture_assert_ntstatus_ok(tctx, status, "NetShareGetInfo failed");
+	torture_assert_werr_ok(tctx, q.out.result, "NetShareGetInfo failed");
+
+	info502 = q.out.info->info502;
+
+	/* back up the existing share SD, so it can be restored on completion */
+	sd_old = info502->sd_buf.sd;
+	sd_base = security_descriptor_copy(tctx, info502->sd_buf.sd);
+	torture_assert(tctx, sd_base != NULL, "sd dup");
+	torture_assert(tctx, sd_base->dacl != NULL, "no existing share DACL");
+
+	/* the Builtin_X_Operators placeholder ACEs need to be unique */
+	for (i = 0; i < sd_base->dacl->num_aces; i++) {
+		ace = &sd_base->dacl->aces[i];
+		if (dom_sid_equal(&ace->trustee,
+				  &global_sid_Builtin_Backup_Operators)
+		 || dom_sid_equal(&ace->trustee,
+				  &global_sid_Builtin_Print_Operators)) {
+			torture_skip(tctx, "placeholder ACE already exists\n");
+		}
+	}
+
+	/* add Backup_Operators placeholder ACE and set base share DACL */
+	ace = talloc_zero(tctx, struct security_ace);
+	ace->type = SEC_ACE_TYPE_ACCESS_ALLOWED;
+	ace->access_mask = SEC_STD_SYNCHRONIZE;
+	ace->trustee = global_sid_Builtin_Backup_Operators;
+
+	status = security_descriptor_dacl_add(sd_base, ace);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "failed to add placeholder ACE to DACL");
+
+	info502->sd_buf.sd = sd_base;
+	info502->sd_buf.sd_size = ndr_size_security_descriptor(sd_base, 0);
+
+	ZERO_STRUCT(s);
+	s.in.server_unc = dcerpc_server_name(p);
+	s.in.share_name = FSHARE;
+	s.in.level = 502;
+	s.in.info = q.out.info;
+
+	status = dcerpc_srvsvc_NetShareSetInfo_r(srvsvc_p->binding_handle,
+						 tctx, &s);
+	torture_assert_ntstatus_ok(tctx, status, "NetShareSetInfo failed");
+	torture_assert_werr_ok(tctx, s.out.result, "NetShareSetInfo failed");
+
+	/* create a snapshot, but don't expose yet */
+	torture_assert(tctx,
+		       test_fsrvp_sc_create(tctx, p, share_unc,
+					    TEST_FSRVP_STOP_B4_EXPOSE, &sc_map),
+		       "sc create");
+
+	/*
+	 * Add another unique placeholder ACE.
+	 * By changing the share DACL between snapshot creation and exposure we
+	 * can determine at which point the server clones the base share DACL.
+	 */
+	ace = talloc_zero(tctx, struct security_ace);
+	ace->type = SEC_ACE_TYPE_ACCESS_ALLOWED;
+	ace->access_mask = SEC_STD_SYNCHRONIZE;
+	ace->trustee = global_sid_Builtin_Print_Operators;
+
+	status = security_descriptor_dacl_add(sd_base, ace);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "failed to add placeholder ACE to DACL");
+
+	info502->sd_buf.sd = sd_base;
+	info502->sd_buf.sd_size = ndr_size_security_descriptor(sd_base, 0);
+
+	ZERO_STRUCT(s);
+	s.in.server_unc = dcerpc_server_name(p);
+	s.in.share_name = FSHARE;
+	s.in.level = 502;
+	s.in.info = q.out.info;
+
+	status = dcerpc_srvsvc_NetShareSetInfo_r(srvsvc_p->binding_handle,
+						 tctx, &s);
+	torture_assert_ntstatus_ok(tctx, status, "NetShareSetInfo failed");
+	torture_assert_werr_ok(tctx, s.out.result, "NetShareSetInfo failed");
+
+	/* expose the snapshot share and get the new share details */
+	ZERO_STRUCT(r_scset_expose);
+	r_scset_expose.in.ShadowCopySetId = sc_map->ShadowCopySetId;
+	r_scset_expose.in.TimeOutInMilliseconds = (120 * 1000);	/* win8 */
+	status = dcerpc_fss_ExposeShadowCopySet_r(p->binding_handle, tctx,
+						  &r_scset_expose);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "ExposeShadowCopySet failed");
+	torture_assert_int_equal(tctx, r_scset_expose.out.result, 0,
+				 "failed ExposeShadowCopySet response");
+
+	ZERO_STRUCT(r_sharemap_get);
+	r_sharemap_get.in.ShadowCopyId = sc_map->ShadowCopyId;
+	r_sharemap_get.in.ShadowCopySetId = sc_map->ShadowCopySetId;
+	r_sharemap_get.in.ShareName = share_unc;
+	r_sharemap_get.in.Level = 1;
+	status = dcerpc_fss_GetShareMapping_r(p->binding_handle, tctx,
+					      &r_sharemap_get);
+	torture_assert_ntstatus_ok(tctx, status, "GetShareMapping failed");
+	torture_assert_int_equal(tctx, r_sharemap_get.out.result, 0,
+				 "failed GetShareMapping response");
+	talloc_free(sc_map);
+	sc_map = r_sharemap_get.out.ShareMapping->ShareMapping1;
+
+	/* restore the original base share ACL */
+	info502->sd_buf.sd = sd_old;
+	info502->sd_buf.sd_size = ndr_size_security_descriptor(sd_old, 0);
+	status = dcerpc_srvsvc_NetShareSetInfo_r(srvsvc_p->binding_handle,
+						 tctx, &s);
+	torture_assert_ntstatus_ok(tctx, status, "NetShareSetInfo failed");
+	torture_assert_werr_ok(tctx, s.out.result, "NetShareSetInfo failed");
+
+	/* check for placeholder ACEs in the snapshot share DACL */
+	ZERO_STRUCT(q);
+	q.in.server_unc = dcerpc_server_name(p);
+	q.in.share_name = sc_map->ShadowCopyShareName;
+	q.in.level = 502;
+	status = dcerpc_srvsvc_NetShareGetInfo_r(srvsvc_p->binding_handle,
+						 tctx, &q);
+	torture_assert_ntstatus_ok(tctx, status, "NetShareGetInfo failed");
+	torture_assert_werr_ok(tctx, q.out.result, "NetShareGetInfo failed");
+	info502 = q.out.info->info502;
+
+	sd_snap = info502->sd_buf.sd;
+	torture_assert(tctx, sd_snap != NULL, "sd");
+	torture_assert(tctx, sd_snap->dacl != NULL, "no snap share DACL");
+
+	aces_found = 0;
+	for (i = 0; i < sd_snap->dacl->num_aces; i++) {
+		ace = &sd_snap->dacl->aces[i];
+		if (dom_sid_equal(&ace->trustee,
+				  &global_sid_Builtin_Backup_Operators)) {
+			torture_comment(tctx,
+				"found share ACE added before snapshot\n");
+			aces_found++;
+		} else if (dom_sid_equal(&ace->trustee,
+					 &global_sid_Builtin_Print_Operators)) {
+			torture_comment(tctx,
+				"found share ACE added after snapshot\n");
+			aces_found++;
+		}
+	}
+	/*
+	 * Expect snapshot share to match the base share DACL at the time of
+	 * exposure, not at the time of snapshot creation. This is in line with
+	 * Windows Server 2012 behaviour.
+	 */
+	torture_assert_int_equal(tctx, aces_found, 2,
+				"placeholder ACE missing from snap share DACL");
+
+	torture_assert(tctx, test_fsrvp_sc_delete(tctx, p, sc_map), "sc del");
+
+	return true;
+}
+
+static bool fsrvp_rpc_setup(struct torture_context *tctx, void **data)
+{
+	NTSTATUS status;
+	struct torture_rpc_tcase *tcase = talloc_get_type(
+						tctx->active_tcase, struct torture_rpc_tcase);
+	struct torture_rpc_tcase_data *tcase_data;
+
+	*data = tcase_data = talloc_zero(tctx, struct torture_rpc_tcase_data);
+	tcase_data->credentials = samba_cmdline_get_creds();
+
+	status = torture_rpc_connection(tctx,
+				&(tcase_data->pipe),
+				tcase->table);
+
+	torture_assert_ntstatus_ok(tctx, status, "Error connecting to server");
+
+	/* XXX required, otherwise ndr out ptrs are not allocated */
+	tcase_data->pipe->conn->flags |= DCERPC_NDR_REF_ALLOC;
+
+	return true;
+}
+
+/*
+   testing of FSRVP (FSS agent)
+*/
+struct torture_suite *torture_rpc_fsrvp(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "fsrvp");
+
+	struct torture_rpc_tcase *tcase
+		= torture_suite_add_rpc_iface_tcase(suite, "fsrvp",
+						&ndr_table_FileServerVssAgent);
+	/* override torture_rpc_setup() to set DCERPC_NDR_REF_ALLOC */
+	tcase->tcase.setup = fsrvp_rpc_setup;
+
+	torture_rpc_tcase_add_test(tcase, "share_sd",
+				   test_fsrvp_share_sd);
+	torture_rpc_tcase_add_test(tcase, "enum_created",
+				   test_fsrvp_enum_created);
+	torture_rpc_tcase_add_test(tcase, "sc_share_io",
+				   test_fsrvp_sc_share_io);
+	torture_rpc_tcase_add_test(tcase, "bad_id",
+				   test_fsrvp_bad_id);
+	torture_rpc_tcase_add_test(tcase, "sc_set_abort",
+				   test_fsrvp_sc_set_abort);
+	torture_rpc_tcase_add_test(tcase, "create_simple",
+				   test_fsrvp_sc_create_simple);
+	torture_rpc_tcase_add_test(tcase, "set_ctx",
+				   test_fsrvp_set_ctx);
+	torture_rpc_tcase_add_test(tcase, "get_version",
+				   test_fsrvp_get_version);
+	torture_rpc_tcase_add_test(tcase, "is_path_supported",
+				   test_fsrvp_is_path_supported);
+	torture_rpc_tcase_add_test(tcase, "seq_timeout",
+				   test_fsrvp_seq_timeout);
+
+	return suite;
+}
diff --git a/source4/torture/rpc/handles.c b/source4/torture/rpc/handles.c
new file mode 100644
index 0000000..7c108e5
--- /dev/null
+++ b/source4/torture/rpc/handles.c
@@ -0,0 +1,622 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   test suite for behaviour of rpc policy handles
+
+   Copyright (C) Andrew Tridgell 2007
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_samr_c.h"
+#include "librpc/gen_ndr/ndr_lsa_c.h"
+#include "librpc/gen_ndr/ndr_drsuapi_c.h"
+#include "torture/rpc/torture_rpc.h"
+
+/*
+  this tests the use of policy handles between connections
+*/
+
+static bool test_handles_lsa(struct torture_context *torture)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p1, *p2;
+	struct dcerpc_binding_handle *b1, *b2;
+	struct policy_handle handle;
+	struct policy_handle handle2;
+	struct lsa_ObjectAttribute attr;
+	struct lsa_QosInfo qos;
+	struct lsa_OpenPolicy r;
+	struct lsa_Close c;
+	uint16_t system_name = '\\';
+	TALLOC_CTX *mem_ctx = talloc_new(torture);
+
+	torture_comment(torture, "RPC-HANDLE-LSARPC\n");
+
+	status = torture_rpc_connection(torture, &p1, &ndr_table_lsarpc);
+	torture_assert_ntstatus_ok(torture, status, "opening lsa pipe1");
+	b1 = p1->binding_handle;
+
+	status = torture_rpc_connection(torture, &p2, &ndr_table_lsarpc);
+	torture_assert_ntstatus_ok(torture, status, "opening lsa pipe1");
+	b2 = p2->binding_handle;
+
+	qos.len = 0;
+	qos.impersonation_level = 2;
+	qos.context_mode = 1;
+	qos.effective_only = 0;
+
+	attr.len = 0;
+	attr.root_dir = NULL;
+	attr.object_name = NULL;
+	attr.attributes = 0;
+	attr.sec_desc = NULL;
+	attr.sec_qos = &qos;
+
+	r.in.system_name = &system_name;
+	r.in.attr = &attr;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.handle = &handle;
+
+	torture_assert_ntstatus_ok(torture, dcerpc_lsa_OpenPolicy_r(b1, mem_ctx, &r),
+		"OpenPolicy failed");
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		torture_comment(torture, "lsa_OpenPolicy not supported - skipping\n");
+		talloc_free(mem_ctx);
+		return true;
+	}
+
+	c.in.handle = &handle;
+	c.out.handle = &handle2;
+
+	status = dcerpc_lsa_Close_r(b2, mem_ctx, &c);
+	torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
+				      "closing policy handle on p2");
+
+	torture_assert_ntstatus_ok(torture, dcerpc_lsa_Close_r(b1, mem_ctx, &c),
+		"Close failed");
+	torture_assert_ntstatus_ok(torture, c.out.result, "closing policy handle on p1");
+
+	status = dcerpc_lsa_Close_r(b1, mem_ctx, &c);
+	torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
+				      "closing policy handle on p1 again");
+
+	talloc_free(mem_ctx);
+
+	return true;
+}
+
+static bool test_handles_lsa_shared(struct torture_context *torture)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p1, *p2, *p3, *p4, *p5;
+	struct dcerpc_binding_handle *b1, *b2, *b3, *b4;
+	struct policy_handle handle;
+	struct policy_handle handle2;
+	struct lsa_ObjectAttribute attr;
+	struct lsa_QosInfo qos;
+	struct lsa_OpenPolicy r;
+	struct lsa_Close c;
+	struct lsa_QuerySecurity qsec;
+	struct sec_desc_buf *sdbuf = NULL;
+	uint16_t system_name = '\\';
+	TALLOC_CTX *mem_ctx = talloc_new(torture);
+	enum dcerpc_transport_t transport;
+	uint32_t assoc_group_id;
+
+	torture_comment(torture, "RPC-HANDLE-LSARPC-SHARED\n");
+
+	torture_comment(torture, "connect lsa pipe1\n");
+	status = torture_rpc_connection(torture, &p1, &ndr_table_lsarpc);
+	torture_assert_ntstatus_ok(torture, status, "opening lsa pipe1");
+	b1 = p1->binding_handle;
+
+	transport	= p1->conn->transport.transport;
+	assoc_group_id	= dcerpc_binding_get_assoc_group_id(p1->binding);
+
+	torture_comment(torture, "use assoc_group_id[0x%08X] for new connections\n", assoc_group_id);
+
+	torture_comment(torture, "connect lsa pipe2\n");
+	status = torture_rpc_connection_transport(torture, &p2, &ndr_table_lsarpc,
+						  transport,
+						  assoc_group_id,
+						  0);
+	torture_assert_ntstatus_ok(torture, status, "opening lsa pipe2");
+	b2 = p2->binding_handle;
+
+	torture_comment(torture, "got assoc_group_id[0x%08X] for p2\n", 
+			dcerpc_binding_get_assoc_group_id(p2->binding));
+
+	qos.len = 0;
+	qos.impersonation_level = 2;
+	qos.context_mode = 1;
+	qos.effective_only = 0;
+
+	attr.len = 0;
+	attr.root_dir = NULL;
+	attr.object_name = NULL;
+	attr.attributes = 0;
+	attr.sec_desc = NULL;
+	attr.sec_qos = &qos;
+
+	r.in.system_name = &system_name;
+	r.in.attr = &attr;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.handle = &handle;
+
+	torture_comment(torture, "open lsa policy handle\n");
+	torture_assert_ntstatus_ok(torture, dcerpc_lsa_OpenPolicy_r(b1, mem_ctx, &r),
+		"OpenPolicy failed");
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		torture_comment(torture, "lsa_OpenPolicy not supported - skipping\n");
+		talloc_free(mem_ctx);
+		return true;
+	}
+
+	/*
+	 * connect p3 after the policy handle is opened
+	 */
+	torture_comment(torture, "connect lsa pipe3 after the policy handle is opened\n");
+	status = torture_rpc_connection_transport(torture, &p3, &ndr_table_lsarpc,
+						  transport,
+						  assoc_group_id,
+						  0);
+	torture_assert_ntstatus_ok(torture, status, "opening lsa pipe3");
+	b3 = p3->binding_handle;
+
+	qsec.in.handle 		= &handle;
+	qsec.in.sec_info	= 0;
+	qsec.out.sdbuf		= &sdbuf;
+	c.in.handle = &handle;
+	c.out.handle = &handle2;
+
+	/*
+	 * use policy handle on all 3 connections
+	 */
+	torture_comment(torture, "use the policy handle on p1,p2,p3\n");
+	torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b1, mem_ctx, &qsec),
+		"QuerySecurity failed");
+	torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
+				      "use policy handle on p1");
+
+	torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b2, mem_ctx, &qsec),
+		"QuerySecurity failed");
+	torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
+				      "use policy handle on p2");
+
+	torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b3, mem_ctx, &qsec),
+		"QuerySecurity failed");
+	torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
+				      "use policy handle on p3");
+
+	/*
+	 * close policy handle on connection 2 and the others get a fault
+	 */
+	torture_comment(torture, "close the policy handle on p2 others get a fault\n");
+	torture_assert_ntstatus_ok(torture, dcerpc_lsa_Close_r(b2, mem_ctx, &c),
+		"Close failed");
+	torture_assert_ntstatus_equal(torture, c.out.result, NT_STATUS_OK,
+				      "closing policy handle on p2");
+
+	status = dcerpc_lsa_Close_r(b1, mem_ctx, &c);
+
+	torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
+				      "closing policy handle on p1 again");
+
+	status = dcerpc_lsa_Close_r(b3, mem_ctx, &c);
+	torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
+				      "closing policy handle on p3");
+
+	status = dcerpc_lsa_Close_r(b2, mem_ctx, &c);
+	torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
+				      "closing policy handle on p2 again");
+
+	/*
+	 * open a new policy handle on p3
+	 */
+	torture_comment(torture, "open a new policy handle on p3\n");
+	torture_assert_ntstatus_ok(torture, dcerpc_lsa_OpenPolicy_r(b3, mem_ctx, &r),
+		"OpenPolicy failed");
+	torture_assert_ntstatus_equal(torture, r.out.result, NT_STATUS_OK,
+				      "open policy handle on p3");
+
+	/*
+	 * use policy handle on all 3 connections
+	 */
+	torture_comment(torture, "use the policy handle on p1,p2,p3\n");
+	torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b1, mem_ctx, &qsec),
+		"Query Security failed");
+	torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK, 
+				      "use policy handle on p1");
+
+	torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b2, mem_ctx, &qsec),
+		"Query Security failed");
+	torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK, 
+				      "use policy handle on p2");
+
+	torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b3, mem_ctx, &qsec),
+		"Query Security failed");
+	torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK, 
+				      "use policy handle on p3");
+
+	/*
+	 * close policy handle on connection 2 and the others get a fault
+	 */
+	torture_comment(torture, "close the policy handle on p2 others get a fault\n");
+	torture_assert_ntstatus_ok(torture, dcerpc_lsa_Close_r(b2, mem_ctx, &c),
+		"Close failed");
+	torture_assert_ntstatus_equal(torture, c.out.result, NT_STATUS_OK,
+				      "closing policy handle on p2");
+
+	status = dcerpc_lsa_Close_r(b1, mem_ctx, &c);
+	torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
+				      "closing policy handle on p1 again");
+
+	status = dcerpc_lsa_Close_r(b3, mem_ctx, &c);
+	torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
+				      "closing policy handle on p3");
+
+	status = dcerpc_lsa_Close_r(b2, mem_ctx, &c);
+	torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
+				      "closing policy handle on p2 again");
+
+	/*
+	 * open a new policy handle
+	 */
+	torture_comment(torture, "open a new policy handle on p1 and use it\n");
+	torture_assert_ntstatus_ok(torture, dcerpc_lsa_OpenPolicy_r(b1, mem_ctx, &r),
+		"OpenPolicy failed");
+	torture_assert_ntstatus_equal(torture, r.out.result, NT_STATUS_OK,
+				      "open 2nd policy handle on p1");
+
+	torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b1, mem_ctx, &qsec),
+		"QuerySecurity failed");
+	torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
+				      "QuerySecurity handle on p1");
+
+	/* close first connection */
+	torture_comment(torture, "disconnect p1\n");
+	talloc_free(p1);
+	smb_msleep(5);
+
+	/*
+	 * and it's still available on p2,p3
+	 */
+	torture_comment(torture, "use policy handle on p2,p3\n");
+	torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b2, mem_ctx, &qsec),
+		"QuerySecurity failed");
+	torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
+				      "QuerySecurity handle on p2 after p1 was disconnected");
+
+	torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b3, mem_ctx, &qsec),
+		"QuerySecurity failed");
+	torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
+				      "QuerySecurity handle on p3 after p1 was disconnected");
+
+	/*
+	 * now open p4
+	 * and use the handle on it
+	 */
+	torture_comment(torture, "connect lsa pipe4 and use policy handle\n");
+	status = torture_rpc_connection_transport(torture, &p4, &ndr_table_lsarpc,
+						  transport,
+						  assoc_group_id,
+						  0);
+	torture_assert_ntstatus_ok(torture, status, "opening lsa pipe4");
+	b4 = p4->binding_handle;
+
+	torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b4, mem_ctx, &qsec),
+		"QuerySecurity failed");
+	torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
+				      "using policy handle on p4");
+
+	/*
+	 * now close p2,p3,p4
+	 * without closing the policy handle
+	 */
+	torture_comment(torture, "disconnect p2,p3,p4\n");
+	talloc_free(p2);
+	talloc_free(p3);
+	talloc_free(p4);
+	smb_msleep(10);
+
+	/*
+	 * now open p5
+	 */
+	torture_comment(torture, "connect lsa pipe5 - should fail\n");
+	status = torture_rpc_connection_transport(torture, &p5, &ndr_table_lsarpc,
+						  transport,
+						  assoc_group_id,
+						  0);
+	torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
+				      "opening lsa pipe5");
+
+	talloc_free(mem_ctx);
+
+	return true;
+}
+
+
+static bool test_handles_samr(struct torture_context *torture)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p1, *p2;
+	struct dcerpc_binding_handle *b1, *b2;
+	struct policy_handle handle;
+	struct policy_handle handle2;
+	struct samr_Connect r;
+	struct samr_Close c;
+	TALLOC_CTX *mem_ctx = talloc_new(torture);
+
+	torture_comment(torture, "RPC-HANDLE-SAMR\n");
+
+	status = torture_rpc_connection(torture, &p1, &ndr_table_samr);
+	torture_assert_ntstatus_ok(torture, status, "opening samr pipe1");
+	b1 = p1->binding_handle;
+
+	status = torture_rpc_connection(torture, &p2, &ndr_table_samr);
+	torture_assert_ntstatus_ok(torture, status, "opening samr pipe2");
+	b2 = p2->binding_handle;
+
+	r.in.system_name = 0;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.connect_handle = &handle;
+
+	torture_assert_ntstatus_ok(torture, dcerpc_samr_Connect_r(b1, mem_ctx, &r),
+		"Connect failed");
+	torture_assert_ntstatus_ok(torture, r.out.result, "opening policy handle on p1");
+
+	c.in.handle = &handle;
+	c.out.handle = &handle2;
+
+	status = dcerpc_samr_Close_r(b2, mem_ctx, &c);
+	torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
+				      "closing policy handle on p2");
+
+	torture_assert_ntstatus_ok(torture, dcerpc_samr_Close_r(b1, mem_ctx, &c),
+		"Close failed");
+	torture_assert_ntstatus_ok(torture, c.out.result, "closing policy handle on p1");
+
+	status = dcerpc_samr_Close_r(b1, mem_ctx, &c);
+	torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
+				      "closing policy handle on p1 again");
+	
+	talloc_free(mem_ctx);
+
+	return true;
+}
+
+static bool test_handles_mixed_shared(struct torture_context *torture)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p1, *p2, *p3, *p4, *p5, *p6;
+	struct dcerpc_binding_handle *b1, *b2;
+	struct policy_handle handle;
+	struct policy_handle handle2;
+	struct samr_Connect r;
+	struct lsa_Close lc;
+	struct samr_Close sc;
+	TALLOC_CTX *mem_ctx = talloc_new(torture);
+	enum dcerpc_transport_t transport;
+	uint32_t assoc_group_id;
+
+	torture_comment(torture, "RPC-HANDLE-MIXED-SHARED\n");
+
+	torture_comment(torture, "connect samr pipe1\n");
+	status = torture_rpc_connection(torture, &p1, &ndr_table_samr);
+	torture_assert_ntstatus_ok(torture, status, "opening samr pipe1");
+	b1 = p1->binding_handle;
+
+	transport	= p1->conn->transport.transport;
+	assoc_group_id	= dcerpc_binding_get_assoc_group_id(p1->binding);
+
+	torture_comment(torture, "use assoc_group_id[0x%08X] for new connections\n", assoc_group_id);
+
+	torture_comment(torture, "connect lsa pipe2\n");
+	status = torture_rpc_connection_transport(torture, &p2, &ndr_table_lsarpc,
+						  transport,
+						  assoc_group_id,
+						  0);
+	torture_assert_ntstatus_ok(torture, status, "opening lsa pipe2");
+	b2 = p2->binding_handle;
+
+	torture_comment(torture, "got assoc_group_id[0x%08X] for p2\n", 
+			dcerpc_binding_get_assoc_group_id(p2->binding));
+	r.in.system_name = 0;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.connect_handle = &handle;
+
+	torture_comment(torture, "samr_Connect to open a policy handle on samr p1\n");
+	torture_assert_ntstatus_ok(torture, dcerpc_samr_Connect_r(b1, mem_ctx, &r),
+		"Connect failed");
+	torture_assert_ntstatus_ok(torture, r.out.result, "opening policy handle on p1");
+
+	lc.in.handle 		= &handle;
+	lc.out.handle		= &handle2;
+	sc.in.handle		= &handle;
+	sc.out.handle		= &handle2;
+
+	torture_comment(torture, "use policy handle on lsa p2 - should fail\n");
+	status = dcerpc_lsa_Close_r(b2, mem_ctx, &lc);
+	torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
+				      "closing handle on lsa p2");
+
+	torture_comment(torture, "closing policy handle on samr p1\n");
+	torture_assert_ntstatus_ok(torture, dcerpc_samr_Close_r(b1, mem_ctx, &sc),
+		"Close failed");
+	torture_assert_ntstatus_ok(torture, sc.out.result, "closing policy handle on p1");
+
+	talloc_free(p1);
+	talloc_free(p2);
+	smb_msleep(10);
+
+	torture_comment(torture, "connect samr pipe3 - should fail\n");
+	status = torture_rpc_connection_transport(torture, &p3, &ndr_table_samr,
+						  transport,
+						  assoc_group_id,
+						  0);
+	torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
+				      "opening samr pipe3");
+
+	torture_comment(torture, "connect lsa pipe4 - should fail\n");
+	status = torture_rpc_connection_transport(torture, &p4, &ndr_table_lsarpc,
+						  transport,
+						  assoc_group_id,
+						  0);
+	torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
+				      "opening lsa pipe4");
+
+	/*
+	 * We use ~assoc_group_id instead of p1->assoc_group_id, because
+	 * this way we are less likely to use an id which is already in use.
+	 */
+	assoc_group_id = ~assoc_group_id;
+	torture_comment(torture, "connect samr pipe5 with assoc_group_id[0x%08X]- should fail\n", ++assoc_group_id);
+	status = torture_rpc_connection_transport(torture, &p5, &ndr_table_samr,
+						  transport,
+						  assoc_group_id,
+						  0);
+	torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
+				      "opening samr pipe5");
+
+	torture_comment(torture, "connect lsa pipe6 with assoc_group_id[0x%08X]- should fail\n", ++assoc_group_id);
+	status = torture_rpc_connection_transport(torture, &p6, &ndr_table_lsarpc,
+						  transport,
+						  assoc_group_id,
+						  0);
+	torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
+				      "opening lsa pipe6");
+
+	talloc_free(mem_ctx);
+
+	return true;
+}
+
+static bool test_handles_random_assoc(struct torture_context *torture)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p1, *p2, *p3;
+	TALLOC_CTX *mem_ctx = talloc_new(torture);
+	enum dcerpc_transport_t transport;
+	uint32_t assoc_group_id;
+
+	torture_comment(torture, "RPC-HANDLE-RANDOM-ASSOC\n");
+
+	torture_comment(torture, "connect samr pipe1\n");
+	status = torture_rpc_connection(torture, &p1, &ndr_table_samr);
+	torture_assert_ntstatus_ok(torture, status, "opening samr pipe1");
+
+	torture_comment(torture, "pipe1 uses assoc_group_id[0x%08X]\n",
+			dcerpc_binding_get_assoc_group_id(p1->binding));
+
+	transport	= p1->conn->transport.transport;
+	/*
+	 * We use ~p1->assoc_group_id instead of p1->assoc_group_id, because
+	 * this way we are less likely to use an id which is already in use.
+	 *
+	 * And make sure it doesn't wrap.
+	 */
+	assoc_group_id = dcerpc_binding_get_assoc_group_id(p1->binding);
+	assoc_group_id = ~MIN(assoc_group_id, UINT32_MAX - 3);
+
+	torture_comment(torture, "connect samr pipe2 with assoc_group_id[0x%08X]- should fail\n", ++assoc_group_id);
+	status = torture_rpc_connection_transport(torture, &p2, &ndr_table_samr,
+						  transport,
+						  assoc_group_id,
+						  0);
+	torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
+				      "opening samr pipe2");
+
+	torture_comment(torture, "connect samr pipe3 with assoc_group_id[0x%08X]- should fail\n", ++assoc_group_id);
+	status = torture_rpc_connection_transport(torture, &p3, &ndr_table_samr,
+						  transport,
+						  assoc_group_id,
+						  0);
+	torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
+				      "opening samr pipe3");
+
+	talloc_free(mem_ctx);
+
+	return true;
+}
+
+
+static bool test_handles_drsuapi(struct torture_context *torture)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p1, *p2;
+	struct dcerpc_binding_handle *b1, *b2;
+	struct policy_handle handle;
+	struct policy_handle handle2;
+	struct GUID bind_guid;
+	struct drsuapi_DsBind r;
+	struct drsuapi_DsUnbind c;
+	TALLOC_CTX *mem_ctx = talloc_new(torture);
+
+	torture_comment(torture, "RPC-HANDLE-DRSUAPI\n");
+
+	status = torture_rpc_connection(torture, &p1, &ndr_table_drsuapi);
+	torture_assert_ntstatus_ok(torture, status, "opening drsuapi pipe1");
+	b1 = p1->binding_handle;
+
+	status = torture_rpc_connection(torture, &p2, &ndr_table_drsuapi);
+	torture_assert_ntstatus_ok(torture, status, "opening drsuapi pipe1");
+	b2 = p2->binding_handle;
+
+	GUID_from_string(DRSUAPI_DS_BIND_GUID, &bind_guid);
+
+	r.in.bind_guid = &bind_guid;
+	r.in.bind_info = NULL;
+	r.out.bind_handle = &handle;
+
+	status = dcerpc_drsuapi_DsBind_r(b1, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(torture, "drsuapi_DsBind not supported - skipping\n");
+		talloc_free(mem_ctx);
+		return true;
+	}
+
+	c.in.bind_handle = &handle;
+	c.out.bind_handle = &handle2;
+
+	status = dcerpc_drsuapi_DsUnbind_r(b2, mem_ctx, &c);
+	torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
+				      "closing policy handle on p2");
+
+	status = dcerpc_drsuapi_DsUnbind_r(b1, mem_ctx, &c);
+	torture_assert_ntstatus_ok(torture, status, "closing policy handle on p1");
+
+	status = dcerpc_drsuapi_DsUnbind_r(b1, mem_ctx, &c);
+	torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
+				      "closing policy handle on p1 again");
+	
+	talloc_free(mem_ctx);
+
+	return true;
+}
+
+struct torture_suite *torture_rpc_handles(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite;
+
+	suite = torture_suite_create(mem_ctx, "handles");
+	torture_suite_add_simple_test(suite, "lsarpc", test_handles_lsa);
+	torture_suite_add_simple_test(suite, "lsarpc-shared", test_handles_lsa_shared);
+	torture_suite_add_simple_test(suite, "samr", test_handles_samr);
+	torture_suite_add_simple_test(suite, "mixed-shared", test_handles_mixed_shared);
+	torture_suite_add_simple_test(suite, "random-assoc", test_handles_random_assoc);
+	torture_suite_add_simple_test(suite, "drsuapi", test_handles_drsuapi);
+	return suite;
+}
diff --git a/source4/torture/rpc/initshutdown.c b/source4/torture/rpc/initshutdown.c
new file mode 100644
index 0000000..28eaacd
--- /dev/null
+++ b/source4/torture/rpc/initshutdown.c
@@ -0,0 +1,116 @@
+/* 
+   Unix SMB/CIFS implementation.
+   test suite for initshutdown operations
+
+   Copyright (C) Tim Potter 2003
+   Copyright (C) Jelmer Vernooij 2004-2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_initshutdown_c.h"
+#include "torture/rpc/torture_rpc.h"
+
+static void init_lsa_StringLarge(struct lsa_StringLarge *name, const char *s)
+{
+	name->string = s;
+}
+
+
+static bool test_Abort(struct torture_context *tctx, 
+					   struct dcerpc_pipe *p)
+{
+	struct initshutdown_Abort r;
+	NTSTATUS status;
+	uint16_t server = 0x0;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.server = &server;
+	
+	status = dcerpc_initshutdown_Abort_r(b, tctx, &r);
+
+	torture_assert_ntstatus_ok(tctx, status, 
+							   "initshutdown_Abort failed");
+
+	torture_assert_werr_ok(tctx, r.out.result, "initshutdown_Abort failed");
+
+	return true;
+}
+
+static bool test_Init(struct torture_context *tctx, 
+		      struct dcerpc_pipe *p)
+{
+	struct initshutdown_Init r;
+	NTSTATUS status;
+	uint16_t hostname = 0x0;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.hostname = &hostname;
+	r.in.message = talloc(tctx, struct lsa_StringLarge);
+	init_lsa_StringLarge(r.in.message, "spottyfood");
+	r.in.force_apps = 1;
+	r.in.timeout = 30;
+	r.in.do_reboot = 1;
+
+	status = dcerpc_initshutdown_Init_r(b, tctx, &r);
+
+	torture_assert_ntstatus_ok(tctx, status, "initshutdown_Init failed");
+	torture_assert_werr_ok(tctx, r.out.result, "initshutdown_Init failed");
+
+	return test_Abort(tctx, p);
+}
+
+static bool test_InitEx(struct torture_context *tctx, 
+						struct dcerpc_pipe *p)
+{
+	struct initshutdown_InitEx r;
+	NTSTATUS status;
+	uint16_t hostname = 0x0;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.hostname = &hostname;
+	r.in.message = talloc(tctx, struct lsa_StringLarge);
+	init_lsa_StringLarge(r.in.message, "spottyfood");
+	r.in.force_apps = 1;
+	r.in.timeout = 30;
+	r.in.do_reboot = 1;
+	r.in.reason = 0;
+
+	status = dcerpc_initshutdown_InitEx_r(b, tctx, &r);
+
+	torture_assert_ntstatus_ok(tctx, status, "initshutdown_InitEx failed");
+
+	torture_assert_werr_ok(tctx, r.out.result, "initshutdown_InitEx failed");
+
+	return test_Abort(tctx, p);
+}
+
+
+struct torture_suite *torture_rpc_initshutdown(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "initshutdown");
+	struct torture_rpc_tcase *tcase;
+	struct torture_test *test;
+
+	tcase = torture_suite_add_rpc_iface_tcase(suite, "initshutdown", 
+						  &ndr_table_initshutdown);
+
+	test = torture_rpc_tcase_add_test(tcase, "Init", test_Init);
+	test->dangerous = true;
+	test = torture_rpc_tcase_add_test(tcase, "InitEx", test_InitEx);
+	test->dangerous = true;
+
+	return suite;
+}
diff --git a/source4/torture/rpc/iremotewinspool.c b/source4/torture/rpc/iremotewinspool.c
new file mode 100644
index 0000000..3a7ee64
--- /dev/null
+++ b/source4/torture/rpc/iremotewinspool.c
@@ -0,0 +1,1090 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for iremotewinspool rpc operations
+
+   Copyright (C) Guenther Deschner 2013,2023
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/torture.h"
+#include "librpc/gen_ndr/ndr_winspool.h"
+#include "librpc/gen_ndr/ndr_winspool_c.h"
+#include "librpc/gen_ndr/ndr_spoolss_c.h"
+#include "torture/rpc/torture_rpc.h"
+#include "libcli/registry/util_reg.h"
+#include "torture/rpc/iremotewinspool_common.h"
+
+static bool torture_rpc_iremotewinspool_setup_common(struct torture_context *tctx,
+						     struct test_iremotewinspool_context *t)
+{
+	const char *printer_name;
+	struct spoolss_UserLevel1 client_info;
+	struct dcerpc_binding *binding;
+
+	torture_assert_ntstatus_ok(tctx,
+		GUID_from_string(IREMOTEWINSPOOL_OBJECT_GUID, &t->object_uuid),
+		"failed to parse GUID");
+
+	torture_assert_ntstatus_ok(tctx,
+		torture_rpc_binding(tctx, &binding),
+		"failed to retrieve torture binding");
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_binding_set_object(binding, t->object_uuid),
+		"failed to set object_uuid");
+
+	torture_assert_ntstatus_ok(tctx,
+		torture_rpc_connection_with_binding(tctx, binding, &t->iremotewinspool_pipe, &ndr_table_iremotewinspool),
+		"Error connecting to server");
+
+	printer_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(t->iremotewinspool_pipe));
+
+	client_info = test_get_client_info(tctx, WIN_7, 6, 1, "testclient_machine", "testclient_user");
+
+	torture_assert(tctx,
+		test_AsyncOpenPrinter_byprinter(tctx, t,
+						t->iremotewinspool_pipe, printer_name,
+						client_info, &t->server_handle),
+						"failed to open printserver");
+	torture_assert(tctx,
+		test_get_environment(tctx,
+				     t->iremotewinspool_pipe->binding_handle,
+				     &t->server_handle, &t->environment),
+				     "failed to get environment");
+
+	return true;
+}
+
+static bool torture_rpc_iremotewinspool_setup(struct torture_context *tctx,
+					      void **data)
+{
+	struct test_iremotewinspool_context *t;
+
+	*data = t = talloc_zero(tctx, struct test_iremotewinspool_context);
+
+	return torture_rpc_iremotewinspool_setup_common(tctx, t);
+}
+
+static bool torture_rpc_iremotewinspool_teardown_common(struct torture_context *tctx,
+							struct test_iremotewinspool_context *t)
+{
+
+	test_AsyncClosePrinter_byhandle(tctx, t, t->iremotewinspool_pipe, &t->server_handle);
+
+	return true;
+}
+
+static bool torture_rpc_iremotewinspool_teardown(struct torture_context *tctx,
+						 void *data)
+{
+	struct test_iremotewinspool_context *t = talloc_get_type(data, struct test_iremotewinspool_context);
+	bool ret;
+
+	ret = torture_rpc_iremotewinspool_teardown_common(tctx, t);
+	talloc_free(t);
+
+	return ret;
+}
+
+static bool test_AsyncClosePrinter(struct torture_context *tctx,
+				   void *private_data)
+{
+	struct test_iremotewinspool_context *ctx =
+		talloc_get_type_abort(private_data, struct test_iremotewinspool_context);
+
+	struct dcerpc_pipe *p = ctx->iremotewinspool_pipe;
+	const char *printer_name;
+	struct spoolss_UserLevel1 client_info;
+	struct policy_handle handle;
+
+	printer_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+
+	client_info = test_get_client_info(tctx, WIN_7, 6, 1, "testclient_machine", "testclient_user");
+
+	torture_assert(tctx,
+		test_AsyncOpenPrinter_byprinter(tctx, ctx, p, printer_name, client_info, &handle),
+		"failed to test AsyncOpenPrinter");
+
+	torture_assert(tctx,
+		test_AsyncClosePrinter_byhandle(tctx, ctx, p, &handle),
+		"failed to test AsyncClosePrinter");
+
+	return true;
+}
+
+static bool test_AsyncOpenPrinter(struct torture_context *tctx,
+				  void *private_data)
+{
+	struct test_iremotewinspool_context *ctx =
+		talloc_get_type_abort(private_data, struct test_iremotewinspool_context);
+
+	struct dcerpc_pipe *p = ctx->iremotewinspool_pipe;
+	const char *printer_name;
+	struct spoolss_UserLevel1 client_info;
+	struct policy_handle handle;
+
+	printer_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+
+	client_info = test_get_client_info(tctx, WIN_7, 6, 1, "testclient_machine", "testclient_user");
+
+	torture_assert(tctx,
+		test_AsyncOpenPrinter_byprinter(tctx, ctx, p, printer_name, client_info, &handle),
+		"failed to test AsyncOpenPrinter");
+
+	test_AsyncClosePrinter_byhandle(tctx, ctx, p, &handle);
+
+	return true;
+}
+
+/*
+ * Validate the result of AsyncOpenPrinter calls based on client info
+ * build number. Windows Server 2016 rejects an advertised build
+ * number less than 6000(Windows Vista and Windows Server 2008, or older)
+ */
+static bool test_AsyncOpenPrinterValidateBuildNumber(struct torture_context *tctx,
+						     void *private_data)
+{
+	struct test_iremotewinspool_context *ctx =
+		talloc_get_type_abort(private_data, struct test_iremotewinspool_context);
+
+	struct dcerpc_pipe *p = ctx->iremotewinspool_pipe;
+	const char *printer_name;
+	struct spoolss_UserLevel1 client_info;
+	struct policy_handle handle;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct spoolss_DevmodeContainer devmode_ctr;
+	struct spoolss_UserLevelCtr client_info_ctr = {
+		.level = 1,
+	};
+	uint32_t access_mask = SERVER_ALL_ACCESS;
+	struct winspool_AsyncOpenPrinter r;
+	NTSTATUS status;
+	bool ok = false;
+
+	printer_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	torture_assert_not_null(tctx, printer_name, "Cannot allocate memory");
+
+	/* fail with Windows 2000 build number */
+	client_info = test_get_client_info(tctx, WIN_2000, 3, SPOOLSS_MINOR_VERSION_0,
+					   "testclient_machine", "testclient_user");
+
+	ZERO_STRUCT(devmode_ctr);
+
+	client_info_ctr.user_info.level1 = &client_info;
+
+	r.in.pPrinterName	= printer_name;
+	r.in.pDatatype		= NULL;
+	r.in.pDevModeContainer	= &devmode_ctr;
+	r.in.AccessRequired	= access_mask;
+	r.in.pClientInfo	= &client_info_ctr;
+	r.out.pHandle		= &handle;
+
+	status = dcerpc_winspool_AsyncOpenPrinter_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "AsyncOpenPrinter failed");
+	torture_assert_werr_equal(tctx, r.out.result, WERR_ACCESS_DENIED,
+		"AsyncOpenPrinter should have failed");
+
+	/* succeed with Windows 7 build number */
+	client_info = test_get_client_info(tctx, WIN_7, 6, 1,
+					   "testclient_machine", "testclient_user");
+	client_info_ctr.user_info.level1 = &client_info;
+	r.in.pClientInfo	= &client_info_ctr;
+
+	status = dcerpc_winspool_AsyncOpenPrinter_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "AsyncOpenPrinter failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+		"AsyncOpenPrinter failed");
+
+	ok = test_AsyncClosePrinter_byhandle(tctx, ctx, p, &handle);
+	torture_assert(tctx, ok, "failed to AsyncClosePrinter handle");
+
+	return true;
+
+}
+
+static struct spoolss_NotifyOption *setup_printserver_NotifyOption(struct torture_context *tctx)
+{
+	struct spoolss_NotifyOption *o;
+
+	o = talloc_zero(tctx, struct spoolss_NotifyOption);
+	if (o == NULL) {
+		return NULL;
+	}
+
+	o->version = 2;
+	o->flags = PRINTER_NOTIFY_OPTIONS_REFRESH;
+
+	o->count = 2;
+	o->types = talloc_zero_array(o, struct spoolss_NotifyOptionType, o->count);
+	if (o->types == NULL) {
+		talloc_free(o);
+		return NULL;
+	}
+
+	o->types[0].type = PRINTER_NOTIFY_TYPE;
+	o->types[0].count = 1;
+	o->types[0].fields = talloc_array(o->types, union spoolss_Field, o->types[0].count);
+	if (o->types[0].fields == NULL) {
+		talloc_free(o);
+		return NULL;
+	}
+	o->types[0].fields[0].field = PRINTER_NOTIFY_FIELD_SERVER_NAME;
+
+	o->types[1].type = JOB_NOTIFY_TYPE;
+	o->types[1].count = 1;
+	o->types[1].fields = talloc_array(o->types, union spoolss_Field, o->types[1].count);
+	if (o->types[1].fields == NULL) {
+		talloc_free(o);
+		return NULL;
+	}
+	o->types[1].fields[0].field = JOB_NOTIFY_FIELD_MACHINE_NAME;
+
+	return o;
+}
+
+static bool test_SyncUnRegisterForRemoteNotifications_args(struct torture_context *tctx,
+							   struct dcerpc_pipe *p,
+							   struct policy_handle *notify_handle)
+{
+	struct winspool_SyncUnRegisterForRemoteNotifications r;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.phRpcHandle = notify_handle;
+	r.out.phRpcHandle = notify_handle;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_winspool_SyncUnRegisterForRemoteNotifications_r(b, tctx, &r),
+		"SyncUnRegisterForRemoteNotifications failed");
+	torture_assert_hresult_ok(tctx, r.out.result,
+		"SyncUnRegisterForRemoteNotifications failed");
+
+	return true;
+}
+
+static bool test_SyncRegisterForRemoteNotifications_args(struct torture_context *tctx,
+							 struct dcerpc_pipe *p,
+							 struct policy_handle *server_handle,
+							 struct policy_handle *notify_handle);
+
+static bool test_SyncUnRegisterForRemoteNotifications(struct torture_context *tctx,
+						      void *private_data)
+{
+	struct test_iremotewinspool_context *ctx =
+		talloc_get_type_abort(private_data, struct test_iremotewinspool_context);
+	struct policy_handle notify_handle;
+
+	torture_assert(tctx,
+		test_SyncRegisterForRemoteNotifications_args(tctx,
+							     ctx->iremotewinspool_pipe,
+							     &ctx->server_handle,
+							     &notify_handle),
+		"failed to test SyncRegisterForRemoteNotifications");
+
+	torture_assert(tctx,
+		test_SyncUnRegisterForRemoteNotifications_args(tctx,
+							       ctx->iremotewinspool_pipe,
+							       &notify_handle),
+		"failed to test UnSyncRegisterForRemoteNotifications");
+
+	return true;
+}
+
+static bool test_SyncRegisterForRemoteNotifications_args(struct torture_context *tctx,
+							 struct dcerpc_pipe *p,
+							 struct policy_handle *server_handle,
+							 struct policy_handle *notify_handle)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	struct winspool_SyncRegisterForRemoteNotifications r;
+	struct winspool_PrintPropertiesCollection NotifyFilter;
+	struct winspool_PrintNamedProperty *c;
+	struct spoolss_NotifyOption *options;
+
+	ZERO_STRUCT(NotifyFilter);
+
+	options = setup_printserver_NotifyOption(tctx);
+	torture_assert(tctx, options, "out of memory");
+
+	c = talloc_zero_array(tctx, struct winspool_PrintNamedProperty, 4);
+	torture_assert(tctx, c, "out of memory");
+
+	c[0].propertyName = "RemoteNotifyFilter Flags";
+	c[0].propertyValue.PropertyType = winspool_PropertyTypeInt32;
+	c[0].propertyValue.value.propertyInt32 = 0xff;
+
+	c[1].propertyName = "RemoteNotifyFilter Options";
+	c[1].propertyValue.PropertyType = winspool_PropertyTypeInt32;
+	c[1].propertyValue.value.propertyInt32 = 0;
+
+	c[2].propertyName = "RemoteNotifyFilter Color";
+	c[2].propertyValue.PropertyType = winspool_PropertyTypeInt32;
+	c[2].propertyValue.value.propertyInt32 = 0;
+
+	c[3].propertyName = "RemoteNotifyFilter NotifyOptions";
+	c[3].propertyValue.PropertyType = winspool_PropertyTypeNotificationOptions;
+	c[3].propertyValue.value.propertyOptionsContainer.pOptions = options;
+
+	NotifyFilter.numberOfProperties = 4;
+	NotifyFilter.propertiesCollection = c;
+
+	r.in.hPrinter = *server_handle;
+	r.in.pNotifyFilter = &NotifyFilter;
+	r.out.phRpcHandle = notify_handle;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_winspool_SyncRegisterForRemoteNotifications_r(b, tctx, &r),
+		"SyncRegisterForRemoteNotifications failed");
+	torture_assert_hresult_ok(tctx, r.out.result,
+		"SyncRegisterForRemoteNotifications failed");
+
+	return true;
+}
+
+static bool test_SyncRegisterForRemoteNotifications(struct torture_context *tctx,
+						    void *private_data)
+{
+	struct test_iremotewinspool_context *ctx =
+		talloc_get_type_abort(private_data, struct test_iremotewinspool_context);
+	struct policy_handle notify_handle;
+
+	torture_assert(tctx,
+		test_SyncRegisterForRemoteNotifications_args(tctx,
+							     ctx->iremotewinspool_pipe,
+							     &ctx->server_handle,
+							     &notify_handle),
+		"failed to test SyncRegisterForRemoteNotifications");
+
+	test_SyncUnRegisterForRemoteNotifications_args(tctx, ctx->iremotewinspool_pipe, &notify_handle);
+
+	return true;
+}
+
+static bool test_AsyncUploadPrinterDriverPackage(struct torture_context *tctx,
+						 void *private_data)
+{
+	struct test_iremotewinspool_context *ctx =
+		talloc_get_type_abort(private_data, struct test_iremotewinspool_context);
+
+	struct dcerpc_pipe *p = ctx->iremotewinspool_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	struct winspool_AsyncUploadPrinterDriverPackage r;
+	uint32_t pcchDestInfPath = 0;
+
+	r.in.pszServer = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.pszInfPath = "";
+	r.in.pszEnvironment = "";
+	r.in.dwFlags = 0;
+	r.in.pszDestInfPath = NULL;
+	r.in.pcchDestInfPath = &pcchDestInfPath;
+	r.out.pszDestInfPath = NULL;
+	r.out.pcchDestInfPath = &pcchDestInfPath;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_winspool_AsyncUploadPrinterDriverPackage_r(b, tctx, &r),
+		"AsyncUploadPrinterDriverPackage failed");
+	torture_assert_hresult_equal(tctx, r.out.result, HRES_E_INVALIDARG,
+		"AsyncUploadPrinterDriverPackage failed");
+
+	pcchDestInfPath = 260;
+	r.in.pszDestInfPath = talloc_zero(tctx, const char);
+	r.out.pszDestInfPath = talloc_zero(tctx, const char);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_winspool_AsyncUploadPrinterDriverPackage_r(b, tctx, &r),
+		"AsyncUploadPrinterDriverPackage failed");
+	torture_assert_werr_equal(tctx,
+		W_ERROR(WIN32_FROM_HRESULT(r.out.result)), WERR_INVALID_ENVIRONMENT,
+		"AsyncUploadPrinterDriverPackage failed");
+
+	r.in.pszEnvironment = SPOOLSS_ARCHITECTURE_x64;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_winspool_AsyncUploadPrinterDriverPackage_r(b, tctx, &r),
+		"AsyncUploadPrinterDriverPackage failed");
+	torture_assert_werr_equal(tctx,
+		W_ERROR(WIN32_FROM_HRESULT(r.out.result)), WERR_FILE_NOT_FOUND,
+		"AsyncUploadPrinterDriverPackage failed");
+
+	r.in.pszInfPath = "\\\\mthelena\\print$\\x64\\{BD443844-ED00-4D96-8CAE-95E49492312A}\\prnbrcl1.inf";
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_winspool_AsyncUploadPrinterDriverPackage_r(b, tctx, &r),
+		"AsyncUploadPrinterDriverPackage failed");
+	torture_assert_werr_equal(tctx,
+		W_ERROR(WIN32_FROM_HRESULT(r.out.result)), WERR_FILE_NOT_FOUND,
+		"AsyncUploadPrinterDriverPackage failed");
+
+	return true;
+}
+
+static bool test_AsyncEnumPrinters(struct torture_context *tctx,
+				   void *private_data)
+{
+	struct test_iremotewinspool_context *ctx =
+		talloc_get_type_abort(private_data, struct test_iremotewinspool_context);
+
+	struct dcerpc_pipe *p = ctx->iremotewinspool_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	struct winspool_AsyncEnumPrinters r;
+	uint32_t levels[] = { 1, 2, /*3,*/ 4, 5 };
+	int i;
+
+	uint32_t needed;
+	uint32_t returned;
+
+	for (i = 0; i < ARRAY_SIZE(levels); i++) {
+
+		r.in.Flags = PRINTER_ENUM_LOCAL;
+		r.in.pName = NULL;
+		r.in.Level = levels[i];
+		r.in.cbBuf = 0;
+		r.in.pPrinterEnum = NULL;
+		r.out.pcbNeeded = &needed;
+		r.out.pcReturned = &returned;
+		r.out.pPrinterEnum = NULL;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_winspool_AsyncEnumPrinters_r(b, tctx, &r),
+			"AsyncEnumPrinters failed");
+		torture_assert_werr_equal(tctx, r.out.result, WERR_INSUFFICIENT_BUFFER,
+			"AsyncEnumPrinters failed");
+
+		r.in.cbBuf = needed;
+		r.in.pPrinterEnum = talloc_zero_array(tctx, uint8_t, r.in.cbBuf);
+		r.out.pPrinterEnum = r.in.pPrinterEnum;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_winspool_AsyncEnumPrinters_r(b, tctx, &r),
+			"AsyncEnumPrinters failed");
+		torture_assert_werr_ok(tctx, r.out.result,
+			"AsyncEnumPrinters failed");
+	}
+
+	return true;
+}
+
+static bool test_AsyncGetPrinterData(struct torture_context *tctx,
+				     void *private_data)
+{
+	struct test_iremotewinspool_context *ctx =
+		talloc_get_type_abort(private_data, struct test_iremotewinspool_context);
+
+	struct dcerpc_pipe *p = ctx->iremotewinspool_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	DATA_BLOB blob;
+	const char *s;
+	bool ok;
+
+	uint32_t pType;
+	uint32_t pcbNeeded;
+	uint8_t *pData;
+
+	torture_assert(tctx,
+		test_AsyncGetPrinterData_args(tctx, b, &ctx->server_handle,
+					      "MajorVersion",
+					      &pType, &pData, &pcbNeeded),
+		"failed to check for MajorVersion");
+
+	torture_assert_int_equal(tctx, pcbNeeded, 4, "pcbNeeded");
+	torture_assert_int_equal(tctx, pType, REG_DWORD, "pType");
+	torture_assert_int_equal(tctx, IVAL(pData, 0), 3, "pData");
+
+	torture_assert(tctx,
+		test_AsyncGetPrinterData_args(tctx, b, &ctx->server_handle,
+					      "Architecture",
+					      &pType, &pData, &pcbNeeded),
+		"failed to check for Architecture");
+
+	blob = data_blob_const(pData, pcbNeeded);
+
+	torture_assert_int_equal(tctx, pType, REG_SZ, "pType");
+	torture_assert(tctx, pull_reg_sz(tctx, &blob, &s), "");
+	ok = strequal(s, SPOOLSS_ARCHITECTURE_x64) || strequal(s, SPOOLSS_ARCHITECTURE_NT_X86);
+	torture_assert(tctx, ok, "unexpected architecture returned");
+
+	return true;
+}
+
+static bool test_AsyncCorePrinterDriverInstalled(struct torture_context *tctx,
+						 void *private_data)
+{
+	struct test_iremotewinspool_context *ctx =
+		talloc_get_type_abort(private_data, struct test_iremotewinspool_context);
+
+	struct dcerpc_pipe *p = ctx->iremotewinspool_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	struct winspool_AsyncCorePrinterDriverInstalled r;
+	int32_t pbDriverInstalled;
+	struct GUID guid;
+
+	r.in.pszServer = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.pszEnvironment = "";
+	r.in.CoreDriverGUID = GUID_zero();
+	r.in.ftDriverDate = 0;
+	r.in.dwlDriverVersion = 0;
+	r.out.pbDriverInstalled = &pbDriverInstalled;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_winspool_AsyncCorePrinterDriverInstalled_r(b, tctx, &r),
+		"AsyncCorePrinterDriverInstalled failed");
+	torture_assert_werr_equal(tctx,
+		W_ERROR(WIN32_FROM_HRESULT(r.out.result)), WERR_INVALID_ENVIRONMENT,
+		"AsyncCorePrinterDriverInstalled failed");
+
+	r.in.pszEnvironment = SPOOLSS_ARCHITECTURE_x64;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_winspool_AsyncCorePrinterDriverInstalled_r(b, tctx, &r),
+		"AsyncCorePrinterDriverInstalled failed");
+	torture_assert_hresult_ok(tctx, r.out.result,
+		"AsyncCorePrinterDriverInstalled failed");
+	torture_assert_int_equal(tctx, *r.out.pbDriverInstalled, false,
+				"unexpected driver installed");
+
+	r.in.CoreDriverGUID = GUID_random();
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_winspool_AsyncCorePrinterDriverInstalled_r(b, tctx, &r),
+		"AsyncCorePrinterDriverInstalled failed");
+	torture_assert_hresult_ok(tctx, r.out.result,
+		"AsyncCorePrinterDriverInstalled failed");
+	torture_assert_int_equal(tctx, *r.out.pbDriverInstalled, false,
+				"unexpected driver installed");
+
+	torture_assert_ntstatus_ok(tctx,
+		GUID_from_string(SPOOLSS_CORE_PRINT_PACKAGE_FILES_XPSDRV, &guid), "");
+
+	r.in.CoreDriverGUID = guid;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_winspool_AsyncCorePrinterDriverInstalled_r(b, tctx, &r),
+		"AsyncCorePrinterDriverInstalled failed");
+	torture_assert_hresult_ok(tctx, r.out.result,
+		"AsyncCorePrinterDriverInstalled failed");
+	torture_assert_int_equal(tctx, *r.out.pbDriverInstalled, true,
+				"xps core driver not installed?");
+
+	r.in.dwlDriverVersion = 0xffffffff;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_winspool_AsyncCorePrinterDriverInstalled_r(b, tctx, &r),
+		"AsyncCorePrinterDriverInstalled failed");
+	torture_assert_hresult_ok(tctx, r.out.result,
+		"AsyncCorePrinterDriverInstalled failed");
+	torture_assert_int_equal(tctx, *r.out.pbDriverInstalled, true,
+				"xps core driver not installed?");
+
+	r.in.dwlDriverVersion = 1234;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_winspool_AsyncCorePrinterDriverInstalled_r(b, tctx, &r),
+		"AsyncCorePrinterDriverInstalled failed");
+	torture_assert_hresult_ok(tctx, r.out.result,
+		"AsyncCorePrinterDriverInstalled failed");
+	torture_assert_int_equal(tctx, *r.out.pbDriverInstalled, true,
+				"xps core driver not installed?");
+
+	r.in.ftDriverDate = unix_timespec_to_nt_time(timespec_current());
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_winspool_AsyncCorePrinterDriverInstalled_r(b, tctx, &r),
+		"AsyncCorePrinterDriverInstalled failed");
+	torture_assert_hresult_ok(tctx, r.out.result,
+		"AsyncCorePrinterDriverInstalled failed");
+	torture_assert_int_equal(tctx, *r.out.pbDriverInstalled, false,
+				"driver too old ?");
+
+	r.in.dwlDriverVersion = 0;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_winspool_AsyncCorePrinterDriverInstalled_r(b, tctx, &r),
+		"AsyncCorePrinterDriverInstalled failed");
+	torture_assert_hresult_ok(tctx, r.out.result,
+		"AsyncCorePrinterDriverInstalled failed");
+	torture_assert_int_equal(tctx, *r.out.pbDriverInstalled, false,
+				"unexpected driver installed");
+
+	return true;
+}
+
+static bool test_get_core_printer_drivers_arch_guid(struct torture_context *tctx,
+						    struct dcerpc_pipe *p,
+						    const char *architecture,
+						    const char *guid_str,
+						    const char **package_id)
+{
+	struct winspool_AsyncGetCorePrinterDrivers r;
+	DATA_BLOB blob;
+	const char **s;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	s = talloc_zero_array(tctx, const char *, 2);
+	s[0] = guid_str;
+
+	torture_assert(tctx,
+		push_reg_multi_sz(tctx, &blob, s),
+		"push_reg_multi_sz failed");
+
+	r.in.pszServer = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.pszEnvironment = architecture;
+	r.in.cchCoreDrivers = blob.length/2;
+	r.in.pszzCoreDriverDependencies = (uint16_t *)blob.data;
+	r.in.cCorePrinterDrivers = 1;
+	r.out.pCorePrinterDrivers = talloc_zero_array(tctx, struct spoolss_CorePrinterDriver, r.in.cCorePrinterDrivers);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_winspool_AsyncGetCorePrinterDrivers_r(b, tctx, &r),
+		"winspool_AsyncCorePrinterDrivers failed");
+	torture_assert_hresult_ok(tctx, r.out.result,
+		"winspool_AsyncCorePrinterDrivers failed");
+
+	if (package_id) {
+		*package_id = r.out.pCorePrinterDrivers[0].szPackageID;
+	}
+
+	return true;
+}
+
+static bool test_AsyncDeletePrintDriverPackage(struct torture_context *tctx,
+					       void *private_data)
+{
+	struct test_iremotewinspool_context *ctx =
+		talloc_get_type_abort(private_data, struct test_iremotewinspool_context);
+
+	struct dcerpc_pipe *p = ctx->iremotewinspool_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct winspool_AsyncDeletePrinterDriverPackage r;
+
+	const char *architectures[] = {
+/*		SPOOLSS_ARCHITECTURE_NT_X86, */
+		SPOOLSS_ARCHITECTURE_x64
+	};
+	int i;
+
+	for (i=0; i < ARRAY_SIZE(architectures); i++) {
+
+		const char *package_id;
+
+		torture_assert(tctx,
+			test_get_core_printer_drivers_arch_guid(tctx, p,
+								architectures[i],
+								SPOOLSS_CORE_PRINT_PACKAGE_FILES_XPSDRV,
+								&package_id),
+			"failed to get core printer driver");
+
+		r.in.pszServer = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+		r.in.pszEnvironment = "";
+		r.in.pszInfPath = "";
+
+		torture_comment(tctx, "Testing AsyncDeletePrinterDriverPackage(%s, %s, %s)\n",
+			r.in.pszServer, architectures[i], package_id);
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_winspool_AsyncDeletePrinterDriverPackage_r(b, tctx, &r),
+			"AsyncDeletePrinterDriverPackage failed");
+		torture_assert_werr_equal(tctx,
+			W_ERROR(WIN32_FROM_HRESULT(r.out.result)), WERR_NOT_FOUND,
+			"AsyncDeletePrinterDriverPackage failed");
+
+		r.in.pszInfPath = package_id;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_winspool_AsyncDeletePrinterDriverPackage_r(b, tctx, &r),
+			"AsyncDeletePrinterDriverPackage failed");
+		torture_assert_werr_equal(tctx,
+			W_ERROR(WIN32_FROM_HRESULT(r.out.result)), WERR_INVALID_ENVIRONMENT,
+			"AsyncDeletePrinterDriverPackage failed");
+
+		r.in.pszEnvironment = architectures[i];
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_winspool_AsyncDeletePrinterDriverPackage_r(b, tctx, &r),
+			"AsyncDeletePrinterDriverPackage failed");
+		torture_assert_hresult_equal(tctx, r.out.result, HRES_E_ACCESSDENIED,
+			"AsyncDeletePrinterDriverPackage failed");
+	}
+
+	return true;
+}
+
+static bool test_AsyncGetPrinterDriverDirectory(struct torture_context *tctx,
+						void *private_data)
+{
+	struct test_iremotewinspool_context *ctx =
+		talloc_get_type_abort(private_data, struct test_iremotewinspool_context);
+
+	struct dcerpc_pipe *p = ctx->iremotewinspool_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct winspool_AsyncGetPrinterDriverDirectory r;
+	uint32_t pcbNeeded;
+	DATA_BLOB blob;
+	const char *s;
+
+	r.in.pName = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.pEnvironment = ctx->environment;
+	r.in.Level = 1;
+	r.in.cbBuf = 0x200;
+	r.in.pDriverDirectory = talloc_zero_array(tctx, uint8_t, r.in.cbBuf);
+	r.out.pcbNeeded = &pcbNeeded;
+	r.out.pDriverDirectory = r.in.pDriverDirectory;
+
+	torture_comment(tctx, "Testing AsyncGetPrinterDriverDirectory(%s, %s)\n",
+		r.in.pName, r.in.pEnvironment);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_winspool_AsyncGetPrinterDriverDirectory_r(b, tctx, &r),
+		"AsyncGetPrinterDriverDirectory failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+		"AsyncGetPrinterDriverDirectory failed");
+
+	blob = data_blob_const(r.out.pDriverDirectory, pcbNeeded);
+
+	torture_assert(tctx,
+		pull_reg_sz(tctx, &blob, &s),
+		"failed to pull reg_sz");
+
+	torture_comment(tctx, "got: %s\n", s);
+
+	return true;
+}
+
+/*
+ * Test if one can close a printserver handle that has been acquired via
+ * winspool_AsyncOpenPrinter with a spoolss_ClosePrinter operation.
+ */
+
+static bool test_OpenPrinter(struct torture_context *tctx,
+			     void *private_data)
+{
+	struct test_iremotewinspool_context *ctx =
+		talloc_get_type_abort(private_data, struct test_iremotewinspool_context);
+
+	struct dcerpc_pipe *p = ctx->iremotewinspool_pipe;
+	const char *printer_name;
+	struct policy_handle handle;
+	struct dcerpc_pipe *s;
+	struct dcerpc_binding *binding;
+	struct spoolss_UserLevel1 client_info;
+	struct spoolss_ClosePrinter r;
+
+	torture_assert_ntstatus_ok(tctx,
+		torture_rpc_binding(tctx, &binding),
+		"failed to get binding");
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_binding_set_transport(binding, NCACN_NP),
+		"failed to set ncacn_np transport");
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_binding_set_object(binding, GUID_zero()),
+		"failed to set object uuid to zero");
+
+	torture_assert_ntstatus_ok(tctx,
+		torture_rpc_connection_with_binding(tctx, binding, &s, &ndr_table_spoolss),
+		"failed to connect to spoolss");
+
+	printer_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+
+	client_info = test_get_client_info(tctx, WIN_7, 6, 1, "testclient_machine", "testclient_user");
+
+	torture_assert(tctx,
+		test_AsyncOpenPrinter_byprinter(tctx, ctx, p, printer_name, client_info, &handle),
+		"failed to open printserver via winspool");
+
+
+	r.in.handle = &handle;
+	r.out.handle = &handle;
+
+	torture_assert_ntstatus_equal(tctx,
+		dcerpc_spoolss_ClosePrinter_r(s->binding_handle, tctx, &r),
+		NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
+		"ClosePrinter failed");
+
+	talloc_free(s);
+
+	return true;
+}
+
+static bool test_object_one_uuid(struct torture_context *tctx,
+				 const struct GUID *object_uuid,
+				 NTSTATUS expected_status,
+				 uint32_t expected_fault_code)
+{
+	const char *printer_name;
+	struct spoolss_UserLevel1 client_info;
+	struct dcerpc_binding *binding;
+	struct dcerpc_pipe *p;
+	struct policy_handle server_handle;
+
+	torture_comment(tctx, "Testing with object_uuid: %s\n",
+			GUID_string(tctx, object_uuid));
+
+	torture_assert_ntstatus_ok(tctx,
+		torture_rpc_binding(tctx, &binding),
+		"failed to retrieve torture binding");
+
+	if (object_uuid) {
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_binding_set_object(binding, *object_uuid),
+			"failed to set object_uuid");
+	}
+
+	torture_assert_ntstatus_ok(tctx,
+		torture_rpc_connection_with_binding(tctx, binding, &p,
+			&ndr_table_iremotewinspool),
+		"Error connecting to server");
+
+	printer_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	torture_assert(tctx, printer_name, "out of memory");
+
+	client_info = test_get_client_info(tctx,
+		WIN_7, 6, 1, "testclient_machine", "testclient_user");
+
+	torture_assert(tctx,
+		test_AsyncOpenPrinter_byprinter_expect(tctx, NULL,
+						       p,
+						       printer_name,
+						       SEC_FLAG_MAXIMUM_ALLOWED,
+						       client_info,
+						       expected_status,
+						       WERR_OK,
+						       expected_fault_code,
+						       &server_handle),
+						"failed to open printserver");
+	if (NT_STATUS_IS_OK(expected_status)) {
+		test_AsyncClosePrinter_byhandle(tctx, NULL, p, &server_handle);
+	}
+
+	talloc_free(p);
+
+	return true;
+}
+
+static bool test_object_uuid(struct torture_context *tctx,
+			     void *private_data)
+{
+	struct GUID object_uuid;
+
+	torture_assert(tctx,
+		test_object_one_uuid(tctx, NULL,
+			NT_STATUS_RPC_NOT_RPC_ERROR,
+			DCERPC_NCA_S_UNSUPPORTED_TYPE),
+		"failed to test NULL object uuid");
+
+	object_uuid = GUID_zero();
+	torture_assert(tctx,
+		test_object_one_uuid(tctx, &object_uuid,
+			NT_STATUS_RPC_NOT_RPC_ERROR,
+			DCERPC_NCA_S_UNSUPPORTED_TYPE),
+		"failed to test zeroed object uuid");
+
+	object_uuid = GUID_random();
+	torture_assert(tctx,
+		test_object_one_uuid(tctx, &object_uuid,
+			NT_STATUS_RPC_NOT_RPC_ERROR,
+			DCERPC_NCA_S_UNSUPPORTED_TYPE),
+		"failed to test random object uuid");
+
+	GUID_from_string(IREMOTEWINSPOOL_OBJECT_GUID, &object_uuid);
+	torture_assert(tctx,
+		test_object_one_uuid(tctx, &object_uuid,
+			NT_STATUS_OK,
+			0),
+		"failed to test IREMOTEWINSPOOL_OBJECT_GUID");
+
+	torture_assert(tctx,
+		test_object_one_uuid(tctx, &ndr_table_spoolss.syntax_id.uuid,
+			NT_STATUS_RPC_NOT_RPC_ERROR,
+			DCERPC_NCA_S_UNSUPPORTED_TYPE),
+		"failed to test spoolss interface uuid");
+
+	torture_assert(tctx,
+		test_object_one_uuid(tctx, &ndr_table_iremotewinspool.syntax_id.uuid,
+			NT_STATUS_RPC_NOT_RPC_ERROR,
+			DCERPC_NCA_S_UNSUPPORTED_TYPE),
+		"failed to test iremotewinspool interface uuid");
+
+	return true;
+}
+
+static bool test_setup_binding_handle(struct torture_context *tctx,
+				      struct GUID object_uuid,
+				      enum dcerpc_transport_t transport,
+				      const struct ndr_interface_table *table,
+				      struct dcerpc_pipe **p)
+{
+	struct dcerpc_binding *binding;
+
+	torture_assert_ntstatus_ok(tctx,
+		torture_rpc_binding(tctx, &binding),
+		"failed to retrieve torture binding");
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_binding_set_object(binding, object_uuid),
+		"failed to set object_uuid");
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_binding_set_transport(binding, transport),
+		"failed to set transport");
+
+	torture_assert_ntstatus_ok(tctx,
+		torture_rpc_connection_with_binding(tctx, binding, p, table),
+		"Error connecting to server");
+
+	return true;
+}
+
+static enum ndr_err_code ndr_push_inout_blob(DATA_BLOB *blob,
+					     TALLOC_CTX *mem_ctx,
+					     ndr_flags_type flags,
+					     const void *p,
+					     ndr_push_flags_fn_t fn)
+{
+	struct ndr_push *ndr;
+	ndr = ndr_push_init_ctx(mem_ctx);
+	NDR_ERR_HAVE_NO_MEMORY(ndr);
+
+	NDR_CHECK_FREE(fn(ndr, flags, p));
+
+	*blob = ndr_push_blob(ndr);
+	talloc_steal(mem_ctx, blob->data);
+	talloc_free(ndr);
+
+	return NDR_ERR_SUCCESS;
+}
+
+static bool test_compare_spoolss(struct torture_context *tctx,
+				 void *private_data)
+{
+	DATA_BLOB reply_iremotewinspool, reply_spoolss, request_spoolss;
+	struct dcerpc_pipe *iremotewinspool_pipe, *spoolss_pipe;
+	struct GUID object_uuid;
+	uint32_t out_flags;
+	NTSTATUS status;
+	struct spoolss_EnumPrinters r;
+	DATA_BLOB blob;
+
+	/* setup two dcerpc pipes */
+
+	torture_assert_ntstatus_ok(tctx,
+		GUID_from_string(IREMOTEWINSPOOL_OBJECT_GUID, &object_uuid),
+		"failed to parse GUID");
+
+	torture_assert(tctx,
+		test_setup_binding_handle(tctx, object_uuid, NCACN_IP_TCP,
+			&ndr_table_iremotewinspool, &iremotewinspool_pipe),
+		"failed to setup binding handle");
+
+	torture_assert(tctx,
+		test_setup_binding_handle(tctx, GUID_zero(), NCACN_NP,
+			&ndr_table_spoolss, &spoolss_pipe),
+		"failed to setup binding handle");
+
+
+	/* create a spoolss enumprinters request */
+
+	ZERO_STRUCT(r);
+
+	blob = data_blob_talloc_zero(tctx, 0x1000);
+
+	r.in.flags	= PRINTER_ENUM_LOCAL;
+	r.in.server	= talloc_asprintf(tctx, "\\\\%s",
+				dcerpc_server_name(spoolss_pipe));
+	r.in.level	= 1;
+	r.in.buffer	= &blob;
+	r.in.offered	= blob.length;
+
+	torture_assert_ndr_success(tctx,
+		ndr_push_inout_blob(&request_spoolss, tctx, NDR_IN | NDR_SET_VALUES, &r,
+			(ndr_push_flags_fn_t)ndr_push_spoolss_EnumPrinters),
+		"failed to push EnumPrinters request");
+
+	/* send same request to both endpoints */
+
+	status = dcerpc_binding_handle_raw_call(iremotewinspool_pipe->binding_handle,
+						NULL,
+						NDR_WINSPOOL_ASYNCENUMPRINTERS,
+						0, /* in_flags */
+						request_spoolss.data,
+						request_spoolss.length,
+						tctx,
+						&reply_iremotewinspool.data,
+						&reply_iremotewinspool.length,
+						&out_flags);
+	torture_assert_ntstatus_ok(tctx, status, "dcerpc_binding_handle_raw_call failed");
+
+	status = dcerpc_binding_handle_raw_call(spoolss_pipe->binding_handle,
+						NULL,
+						NDR_SPOOLSS_ENUMPRINTERS,
+						0, /* in_flags */
+						request_spoolss.data,
+						request_spoolss.length,
+						tctx,
+						&reply_spoolss.data,
+						&reply_spoolss.length,
+						&out_flags);
+	torture_assert_ntstatus_ok(tctx, status, "dcerpc_binding_handle_raw_call failed");
+
+	torture_assert_data_blob_equal(tctx,
+		reply_iremotewinspool,
+		reply_spoolss,
+		"unexpected difference in replies from spoolss and iremotewinspool servers");
+
+	talloc_free(iremotewinspool_pipe);
+	talloc_free(spoolss_pipe);
+
+	return true;
+}
+
+struct torture_suite *torture_rpc_iremotewinspool(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "iremotewinspool");
+	struct torture_tcase *tcase = torture_suite_add_tcase(suite, "printserver");
+
+	torture_tcase_set_fixture(tcase,
+				  torture_rpc_iremotewinspool_setup,
+				  torture_rpc_iremotewinspool_teardown);
+
+	torture_tcase_add_simple_test(tcase, "AsyncOpenPrinter", test_AsyncOpenPrinter);
+	torture_tcase_add_simple_test(tcase, "SyncRegisterForRemoteNotifications", test_SyncRegisterForRemoteNotifications);
+	torture_tcase_add_simple_test(tcase, "SyncUnRegisterForRemoteNotifications", test_SyncUnRegisterForRemoteNotifications);
+	torture_tcase_add_simple_test(tcase, "AsyncClosePrinter", test_AsyncClosePrinter);
+	torture_tcase_add_simple_test(tcase, "AsyncUploadPrinterDriverPackage", test_AsyncUploadPrinterDriverPackage);
+	torture_tcase_add_simple_test(tcase, "AsyncEnumPrinters", test_AsyncEnumPrinters);
+	torture_tcase_add_simple_test(tcase, "AsyncGetPrinterData", test_AsyncGetPrinterData);
+	torture_tcase_add_simple_test(tcase, "AsyncCorePrinterDriverInstalled", test_AsyncCorePrinterDriverInstalled);
+	torture_tcase_add_simple_test(tcase, "AsyncDeletePrintDriverPackage", test_AsyncDeletePrintDriverPackage);
+	torture_tcase_add_simple_test(tcase, "AsyncGetPrinterDriverDirectory", test_AsyncGetPrinterDriverDirectory);
+	torture_tcase_add_simple_test(tcase, "AsyncOpenPrinterValidateBuildNumber", test_AsyncOpenPrinterValidateBuildNumber);
+
+	tcase = torture_suite_add_tcase(suite, "handles");
+
+	torture_tcase_set_fixture(tcase,
+				  torture_rpc_iremotewinspool_setup,
+				  torture_rpc_iremotewinspool_teardown);
+
+	torture_tcase_add_simple_test(tcase, "OpenPrinter", test_OpenPrinter);
+
+	tcase = torture_suite_add_tcase(suite, "protocol");
+	torture_tcase_add_simple_test(tcase, "object_uuid", test_object_uuid);
+	torture_tcase_add_simple_test(tcase, "compare_spoolss", test_compare_spoolss);
+
+	return suite;
+}
diff --git a/source4/torture/rpc/iremotewinspool_common.c b/source4/torture/rpc/iremotewinspool_common.c
new file mode 100644
index 0000000..d4dd19a
--- /dev/null
+++ b/source4/torture/rpc/iremotewinspool_common.c
@@ -0,0 +1,269 @@
+#include "includes.h"
+#include "torture/torture.h"
+#include "librpc/gen_ndr/ndr_winspool.h"
+#include "librpc/gen_ndr/ndr_winspool_c.h"
+#include "librpc/gen_ndr/ndr_spoolss_c.h"
+#include "torture/rpc/torture_rpc.h"
+#include "libcli/registry/util_reg.h"
+#include "torture/rpc/iremotewinspool_common.h"
+#include "lib/printer_driver/printer_driver.h"
+
+void init_winreg_String(struct winreg_String *name, const char *s)
+{
+	name->name = s;
+	if (s != NULL) {
+		name->name_len = 2 * (strlen_m(s) + 1);
+		name->name_size = name->name_len;
+	} else {
+		name->name_len = 0;
+		name->name_size = 0;
+	}
+}
+
+struct spoolss_UserLevel1 test_get_client_info(struct torture_context *tctx,
+						      enum client_os_version os,
+						      enum spoolss_MajorVersion major_number,
+						      enum spoolss_MinorVersion minor_number,
+						      const char *machine,
+						      const char *user)
+{
+	struct spoolss_UserLevel1 level1;
+
+	level1.size	= 28;
+	level1.client	= talloc_asprintf(tctx, "\\\\%s", machine);
+	level1.user	= user;
+	level1.processor = PROCESSOR_ARCHITECTURE_AMD64;
+	level1.major	= major_number;
+	level1.minor	= minor_number;
+
+	if (os == WIN_SERVER_2016 || os == WIN_10) {
+		level1.build = 10586;
+	} else if (os == WIN_SERVER_2012 || os == WIN_8) {
+		level1.build = 9200;
+	} else if (os == WIN_SERVER_2008R2 || os == WIN_7) {
+		level1.build = 7007;
+	} else if (os == WIN_SERVER_2008 || os == WIN_VISTA) {
+		level1.build = 6000;
+	} else if (os == WIN_2000) {
+		level1.build = 1382;
+	}
+
+	return level1;
+}
+
+bool test_AsyncOpenPrinter_byprinter_expect(struct torture_context *tctx,
+					    struct test_iremotewinspool_context *ctx,
+					    struct dcerpc_pipe *p,
+					    const char *printer_name,
+					    uint32_t access_mask,
+					    struct spoolss_UserLevel1 cinfo,
+					    NTSTATUS expected_status,
+					    WERROR expected_result,
+					    uint32_t expected_fault_code,
+					    struct policy_handle *handle)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct spoolss_DevmodeContainer devmode_ctr;
+	struct spoolss_UserLevelCtr client_info_ctr;
+	struct winspool_AsyncOpenPrinter r;
+	NTSTATUS status;
+	bool ok = true;
+
+	ZERO_STRUCT(r);
+	ZERO_STRUCT(devmode_ctr);
+
+	client_info_ctr.level = 1;
+	client_info_ctr.user_info.level1 = &cinfo;
+
+	r.in.pPrinterName	= printer_name;
+	r.in.pDatatype		= NULL;
+	r.in.pDevModeContainer	= &devmode_ctr;
+	r.in.AccessRequired	= access_mask;
+	r.in.pClientInfo	= &client_info_ctr;
+	r.out.pHandle		= handle;
+
+	status = dcerpc_winspool_AsyncOpenPrinter_r(b, tctx, &r);
+	torture_assert_ntstatus_equal(tctx, status, expected_status, "AsyncOpenPrinter failed");
+	torture_assert_werr_equal(tctx, r.out.result, expected_result,
+		"AsyncOpenPrinter failed");
+	torture_assert_u32_equal(tctx, p->last_fault_code, expected_fault_code,
+			"unexpected DCERPC fault code");
+
+	return ok;
+}
+
+bool test_AsyncOpenPrinter_byprinter(struct torture_context *tctx,
+				     struct test_iremotewinspool_context *ctx,
+				     struct dcerpc_pipe *p,
+				     const char *printer_name,
+				     struct spoolss_UserLevel1 cinfo,
+				     struct policy_handle *handle)
+{
+	return test_AsyncOpenPrinter_byprinter_expect(tctx,
+						      ctx,
+						      p,
+						      printer_name,
+						      SERVER_ALL_ACCESS,
+						      cinfo,
+						      NT_STATUS_OK,
+						      WERR_OK,
+						      0,
+						      handle);
+}
+
+bool test_get_environment(struct torture_context *tctx,
+				 struct dcerpc_binding_handle *b,
+				 struct policy_handle *handle,
+				 const char **architecture)
+{
+	DATA_BLOB blob;
+	enum winreg_Type type;
+	uint8_t *data;
+	uint32_t needed;
+	bool ok;
+
+	ok = test_AsyncGetPrinterData_args(tctx, b, handle, "Architecture", &type, &data, &needed);
+	torture_assert(tctx, ok, "failed to get Architecture");
+
+	torture_assert_int_equal(tctx, type, REG_SZ, "unexpected type");
+
+	blob = data_blob_const(data, needed);
+
+	torture_assert(tctx,
+		pull_reg_sz(tctx, &blob, architecture),
+		"failed to pull environment");
+
+	return true;
+}
+
+bool test_AsyncClosePrinter_byhandle(struct torture_context *tctx,
+					    struct test_iremotewinspool_context *ctx,
+					    struct dcerpc_pipe *p,
+					    struct policy_handle *handle)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	struct winspool_AsyncClosePrinter r;
+	NTSTATUS status;
+	bool ok = true;
+
+	r.in.phPrinter = handle;
+	r.out.phPrinter = handle;
+
+	status = dcerpc_winspool_AsyncClosePrinter_r(b, tctx, &r);
+	torture_assert_ntstatus_ok_goto(tctx, status, ok, done, "AsyncClosePrinter failed");
+
+	torture_assert_werr_ok(tctx, r.out.result,
+		"AsyncClosePrinter failed");
+
+done:
+
+	return ok;
+}
+
+static bool test_AsyncGetPrinterData_checktype(struct torture_context *tctx,
+					       struct dcerpc_binding_handle *b,
+					       struct policy_handle *handle,
+					       const char *value_name,
+					       enum winreg_Type *expected_type,
+					       enum winreg_Type *type_p,
+					       uint8_t **data_p,
+					       uint32_t *needed_p)
+{
+	struct winspool_AsyncGetPrinterData r;
+	enum winreg_Type type;
+	uint32_t needed;
+	NTSTATUS status;
+	bool ok = true;
+
+	r.in.hPrinter = *handle;
+	r.in.pValueName = value_name;
+	r.in.nSize = 0;
+	r.out.pType = &type;
+	r.out.pData = talloc_zero_array(tctx, uint8_t, r.in.nSize);
+	r.out.pcbNeeded = &needed;
+
+	torture_comment(tctx, "Testing AsyncGetPrinterData(%s)\n",
+		r.in.pValueName);
+
+	status = dcerpc_winspool_AsyncGetPrinterData_r(b, tctx, &r);
+	torture_assert_ntstatus_ok_goto(tctx, status, ok, done, "AsyncGetPrinterData failed");
+
+	if (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA)) {
+		if (expected_type) {
+			torture_assert_int_equal(tctx, type, *expected_type, "unexpected type");
+		}
+		r.in.nSize = needed;
+		r.out.pData = talloc_zero_array(tctx, uint8_t, r.in.nSize);
+
+		status = dcerpc_winspool_AsyncGetPrinterData_r(b, tctx, &r);
+		torture_assert_ntstatus_ok_goto(tctx, status, ok, done, "AsyncGetPrinterData failed");
+	}
+
+	torture_assert_werr_ok(tctx, r.out.result,
+		"AsyncGetPrinterData failed");
+
+	if (type_p) {
+		*type_p = type;
+	}
+
+	if (data_p) {
+		*data_p = r.out.pData;
+	}
+
+	if (needed_p) {
+		*needed_p = needed;
+	}
+
+done:
+
+	return ok;
+}
+
+bool test_AsyncGetPrinterData_args(struct torture_context *tctx,
+					  struct dcerpc_binding_handle *b,
+					  struct policy_handle *handle,
+					  const char *value_name,
+					  enum winreg_Type *type_p,
+					  uint8_t **data_p,
+					  uint32_t *needed_p)
+{
+	return test_AsyncGetPrinterData_checktype(tctx, b, handle,
+						  value_name,
+						  NULL,
+						  type_p, data_p, needed_p);
+}
+
+/* Parse a driver inf file */
+bool parse_inf_driver(struct torture_context *tctx,
+		      const char *driver_name,
+		      const char *abs_inf_path,
+		      const char *driver_arch,
+		      const char *core_driver_inf,
+		      struct spoolss_AddDriverInfo8 **_parsed_dinfo)
+{
+	struct spoolss_AddDriverInfo8 *drv_info;
+	const char *source_disk_name = NULL;
+	NTSTATUS status;
+	bool ok = true;
+
+	drv_info = talloc_zero(tctx, struct spoolss_AddDriverInfo8);
+	torture_assert_not_null_goto(tctx, drv_info, ok, done, "Cannot allocate memory");
+
+	status = driver_inf_parse(tctx,
+				  core_driver_inf,
+				  abs_inf_path,
+				  driver_arch,
+				  driver_name,
+				  drv_info,
+				  &source_disk_name);
+
+	if (NT_STATUS_EQUAL(status, NT_STATUS_DRIVER_INTERNAL_ERROR)) {
+		torture_comment(tctx, "--- Verify the correct torture option:driver_name is provided\n");
+	}
+	torture_assert_ntstatus_ok_goto(tctx, status, ok, done, "Failed to parse driver inf\n");
+
+	*_parsed_dinfo = drv_info;
+done:
+	return ok;
+}
diff --git a/source4/torture/rpc/iremotewinspool_common.h b/source4/torture/rpc/iremotewinspool_common.h
new file mode 100644
index 0000000..5887416
--- /dev/null
+++ b/source4/torture/rpc/iremotewinspool_common.h
@@ -0,0 +1,110 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   iremotewinspool rpc test operations
+
+   Copyright (C) 2018 Justin Stephenson
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "torture/rpc/torture_rpc.h"
+
+#define REG_DRIVER_CONTROL_KEY "SYSTEM\\CurrentControlSet\\Control\\Print"
+
+struct test_driver_info {
+	struct smbcli_state *cli;
+	struct spoolss_AddDriverInfo8 *info;
+	const char *local_driver_path;
+	size_t driver_path_len;
+	char *server_name;
+	char *share_name;
+	char *print_upload_guid_dir;
+	const char *inf_file;
+	const char *uploaded_inf_path;
+	const char *driver_name;
+	const char *driver_arch;
+	const char *core_driver_inf;
+};
+
+struct test_iremotewinspool_context {
+	struct GUID object_uuid;
+	struct dcerpc_pipe *iremotewinspool_pipe;
+	struct policy_handle server_handle;
+	struct test_driver_info *dinfo;
+	const char *environment;
+};
+
+enum client_os_version
+{
+	WIN_2000,
+	WIN_VISTA,
+	WIN_SERVER_2008,
+	WIN_7,
+	WIN_SERVER_2008R2,
+	WIN_8,
+	WIN_SERVER_2012,
+	WIN_10,
+	WIN_SERVER_2016
+};
+
+void init_winreg_String(struct winreg_String *name, const char *s);
+
+struct spoolss_UserLevel1 test_get_client_info(struct torture_context *tctx,
+						      enum client_os_version os,
+						      enum spoolss_MajorVersion major_number,
+						      enum spoolss_MinorVersion minor_number,
+						      const char *machine,
+						      const char *user);
+
+bool test_AsyncOpenPrinter_byprinter(struct torture_context *tctx,
+					    struct test_iremotewinspool_context *ctx,
+					    struct dcerpc_pipe *p,
+					    const char *printer_name,
+					    struct spoolss_UserLevel1 cinfo,
+					    struct policy_handle *handle);
+bool test_AsyncOpenPrinter_byprinter_expect(struct torture_context *tctx,
+					    struct test_iremotewinspool_context *ctx,
+					    struct dcerpc_pipe *p,
+					    const char *printer_name,
+					    uint32_t access_mask,
+					    struct spoolss_UserLevel1 cinfo,
+					    NTSTATUS exected_status,
+					    WERROR exected_result,
+					    uint32_t expected_fault_code,
+					    struct policy_handle *handle);
+bool test_get_environment(struct torture_context *tctx,
+				 struct dcerpc_binding_handle *b,
+				 struct policy_handle *handle,
+				 const char **architecture);
+
+bool test_AsyncClosePrinter_byhandle(struct torture_context *tctx,
+					    struct test_iremotewinspool_context *ctx,
+					    struct dcerpc_pipe *p,
+					    struct policy_handle *handle);
+
+bool test_AsyncGetPrinterData_args(struct torture_context *tctx,
+					  struct dcerpc_binding_handle *b,
+					  struct policy_handle *handle,
+					  const char *value_name,
+					  enum winreg_Type *type_p,
+					  uint8_t **data_p,
+					  uint32_t *needed_p);
+
+bool parse_inf_driver(struct torture_context *tctx,
+		      const char *driver_name,
+		      const char *abs_inf_path,
+		      const char *driver_arch,
+		      const char *core_driver_inf,
+		      struct spoolss_AddDriverInfo8 **_parsed_dinfo);
diff --git a/source4/torture/rpc/iremotewinspool_driver.c b/source4/torture/rpc/iremotewinspool_driver.c
new file mode 100644
index 0000000..4e558ef
--- /dev/null
+++ b/source4/torture/rpc/iremotewinspool_driver.c
@@ -0,0 +1,840 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for iremotewinspool driver rpc operations
+
+   Copyright (C) Justin Stephenson 2018
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <dirent.h>
+#include <talloc.h>
+#include <libgen.h>
+#include "includes.h"
+#include "torture/torture.h"
+#include "librpc/gen_ndr/ndr_winspool.h"
+#include "librpc/gen_ndr/ndr_winspool_c.h"
+#include "librpc/gen_ndr/ndr_spoolss_c.h"
+#include "librpc/gen_ndr/ndr_winreg_c.h"
+#include "torture/rpc/torture_rpc.h"
+#include "libcli/registry/util_reg.h"
+#include "torture/rpc/iremotewinspool_common.h"
+#include "libcli/libcli.h"
+#include "param/param.h"
+#include "lib/registry/registry.h"
+#include "libcli/libcli.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/resolve/resolve.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "lib/cmdline/cmdline.h"
+#include "system/filesys.h"
+#include "lib/util/tftw.h"
+
+/* Connect to print driver share //server_name/share */
+static bool smb_connect_print_share(struct torture_context *tctx,
+				    const char *server_name,
+				    const char *share_name,
+				    struct smbcli_state **cli)
+{
+	NTSTATUS status;
+	bool ok = true;
+
+	struct smbcli_options smb_options;
+	struct smbcli_session_options smb_session_options;
+
+	torture_comment(tctx, "Connecting to printer driver share '//%s/%s'\n",
+			server_name, share_name);
+
+	lpcfg_smbcli_options(tctx->lp_ctx, &smb_options);
+	lpcfg_smbcli_session_options(tctx->lp_ctx, &smb_session_options);
+
+	/* On Windows, SMB1 must be enabled! */
+	status = smbcli_full_connection(tctx, cli, server_name,
+					lpcfg_smb_ports(tctx->lp_ctx),
+					share_name, NULL,
+					lpcfg_socket_options(tctx->lp_ctx),
+					samba_cmdline_get_creds(),
+					lpcfg_resolve_context(tctx->lp_ctx),
+					tctx->ev,
+					&smb_options,
+					&smb_session_options,
+					lpcfg_gensec_settings(tctx, tctx->lp_ctx));
+
+	torture_assert_ntstatus_ok_goto(tctx, status, ok, done, "Failed to connect to print$ share");
+
+done:
+
+	return ok;
+}
+
+/* Copy file to destination where dst_fpath is a smb share path,
+ * files are either created or overwritten */
+static bool smb_copy_files(TALLOC_CTX *tctx,
+				const char *fpath,
+				const char *dst_fpath,
+				struct test_driver_info *dinfo)
+{
+	FILE *fp;
+	int smbfp = 0;
+	char *buffer = NULL;
+	int maxwrite = 64512;
+	size_t nread;
+	ssize_t nwrote;
+	bool ok = true;
+	size_t total_read;
+
+	fp = fopen(fpath, "r");
+	torture_assert_goto(tctx, fp, ok, done, "Failed to open local file\n");
+
+	smbfp = smbcli_open(dinfo->cli->tree, dst_fpath, O_RDWR|O_CREAT|O_TRUNC, DENY_NONE);
+	torture_assert_int_not_equal_goto(tctx, smbfp, -1, ok, done, "Failed to open dst file\n");
+
+	buffer = talloc_array(tctx, char, maxwrite);
+	torture_assert_not_null_goto(tctx, buffer, ok, done, "Failed to allocate buffer\n");
+
+	total_read = 0;
+
+	while (!feof(fp)) {
+		nread = fread(buffer, 1, maxwrite, fp);
+		if (ferror(fp)) {
+			torture_warning(tctx, "Error reading file [%s]\n", fpath);
+			continue;
+		}
+
+		nwrote = smbcli_write(dinfo->cli->tree, smbfp, 0, buffer, total_read, nread);
+		if (nwrote != nread) {
+			torture_warning(tctx, "Not all data in stream written!\n");
+		}
+
+		total_read += nread;
+	}
+
+	fclose(fp);
+	smbcli_close(dinfo->cli->tree, smbfp);
+done:
+
+	TALLOC_FREE(buffer);
+	return ok;
+}
+
+/* Callback function provided to tftw() to
+ * copy driver files to smb share */
+static int copy_driver_files(TALLOC_CTX *tctx,
+			     const char *fpath,
+			     const struct stat *sb,
+			     enum tftw_flags_e flag,
+			     void *userdata)
+{
+	char *dst_fpath = NULL;
+	struct test_driver_info *dinfo = userdata;
+	char *path = NULL;
+	NTSTATUS status;
+	bool ok = true;
+
+	path = talloc_strdup(tctx, fpath + dinfo->driver_path_len);
+	torture_assert_not_null_goto(tctx, path, ok, done, "Cannot allocate memory");
+
+	string_replace(path, '/', '\\');
+
+	dst_fpath = talloc_asprintf(tctx, "%s%s", dinfo->print_upload_guid_dir, path);
+	torture_assert_not_null_goto(tctx, dst_fpath, ok, done, "Cannot allocate memory");
+
+	switch (flag) {
+		case TFTW_FLAG_FILE:
+			ok = smb_copy_files(tctx, fpath, dst_fpath, dinfo);
+			torture_assert_goto(tctx, ok, ok, done, "Failed to copy files over smb");
+			break;
+		case TFTW_FLAG_DIR:
+			status = smbcli_mkdir(dinfo->cli->tree, dst_fpath);
+			torture_assert_ntstatus_ok_goto(tctx, status, ok, done, "Failed to create directories");
+			break;
+		case TFTW_FLAG_SLINK:
+		case TFTW_FLAG_DNR:
+		case TFTW_FLAG_NSTAT:
+		case TFTW_FLAG_SPEC:
+		case TFTW_FLAG_DP:
+		case TFTW_FLAG_SLN:
+			torture_warning(tctx, "WARN: Unhandled typeflag [%s]\n", fpath);
+			break;
+	}
+
+done:
+	TALLOC_FREE(path);
+	TALLOC_FREE(dst_fpath);
+
+	if (ok == true) {
+		return 0;
+	} else {
+		return 1;
+	}
+}
+
+static bool test_get_driver_torture_options(struct torture_context *tctx,
+					    const char **_local_driver_path,
+					    const char **_inf_file,
+					    const char **_driver_name,
+					    const char **_driver_arch,
+					    const char **_core_driver_inf)
+{
+	const char *local_driver_path = NULL;
+	const char *inf_file = NULL;
+	const char *driver_name = NULL;
+	const char *driver_arch = NULL;
+	const char *core_driver_inf = NULL;
+	const char *arches_list[] = {
+		SPOOLSS_ARCHITECTURE_x64,
+		SPOOLSS_ARCHITECTURE_NT_X86,
+		SPOOLSS_ARCHITECTURE_IA_64,
+		SPOOLSS_ARCHITECTURE_ARM,
+		SPOOLSS_ARCHITECTURE_4_0,
+		NULL,
+	};
+	const char **p;
+	bool valid = false;
+	bool ok = true;
+
+	local_driver_path = torture_setting_string(tctx, "driver_path", NULL);
+	if (local_driver_path == NULL) {
+		torture_fail(tctx,
+			     "option --option=torture:driver_path="
+			     "/full/path/to/local/driver/dir\n");
+	}
+
+	inf_file = torture_setting_string(tctx, "inf_file", NULL);
+	if (inf_file == NULL) {
+		torture_fail(tctx,
+			     "option --option=torture:inf_file="
+			     "filename.inf\n");
+	}
+
+	driver_name = torture_setting_string(tctx, "driver_name", NULL);
+	if (driver_name == NULL) {
+		torture_fail(tctx,
+			     "option --option=torture:driver_name="
+			     "driver name\n");
+	}
+
+	driver_arch = torture_setting_string(tctx, "driver_arch", NULL);
+	if (driver_arch == NULL) {
+		torture_fail(tctx,
+			     "option --option=torture:driver_arch="
+			     "driver arch\n");
+	}
+
+	core_driver_inf = torture_setting_string(tctx, "core_driver_inf", NULL);
+
+	for (p = arches_list; *p != NULL; p++) {
+		if (strequal(*p, driver_arch) == 0) {
+			valid = true;
+			break;
+		}
+	}
+	torture_assert_goto(tctx, valid, ok, done, "Invalid driver arch provided");
+
+	*_local_driver_path = local_driver_path;
+	*_inf_file = inf_file;
+	*_driver_name = driver_name;
+	*_driver_arch = driver_arch;
+	*_core_driver_inf = core_driver_inf;
+done:
+	return ok;
+}
+
+
+static bool test_get_misc_driver_info(struct torture_context *tctx,
+				      struct test_driver_info *dinfo,
+				      const char **_abs_inf_path,
+				      size_t *_driver_path_len)
+{
+	const char *abs_inf_path;
+	size_t driver_path_len;
+	bool ok = true;
+
+	driver_path_len = strlen(dinfo->local_driver_path);
+	torture_assert_int_not_equal_goto(tctx, driver_path_len, 0, ok, done, "driver path length is 0");
+
+	abs_inf_path = talloc_asprintf(tctx, "%s/%s", dinfo->local_driver_path, dinfo->inf_file);
+	torture_assert_not_null_goto(tctx, abs_inf_path, ok, done, "Cannot allocate memory");
+
+	*_abs_inf_path = abs_inf_path;
+	*_driver_path_len = driver_path_len;
+done:
+
+	return ok;
+}
+
+/* Uninstall the previously installed print driver */
+static bool test_uninstall_printer_driver(struct torture_context *tctx,
+					  struct test_iremotewinspool_context *ctx)
+{
+	struct dcerpc_pipe *p = ctx->iremotewinspool_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct winspool_AsyncDeletePrinterDriverEx r;
+	bool ok = true;
+	NTSTATUS status;
+
+	r.in.pName = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+
+	r.in.pDriverName = talloc_strdup(tctx, ctx->dinfo->driver_name);
+	torture_assert_not_null_goto(tctx, r.in.pDriverName, ok, done, "Cannot allocate memory");
+
+	r.in.pEnvironment = SPOOLSS_ARCHITECTURE_x64;
+
+	r.in.dwDeleteFlag = 0;
+	r.in.dwVersionNum = 0;
+
+	status = dcerpc_winspool_AsyncDeletePrinterDriverEx_r(b, tctx, &r);
+	torture_assert_ntstatus_ok_goto(tctx, status, ok, done, "AsyncDeletePrinterDriverEx failed");
+
+	torture_assert_werr_ok(tctx, r.out.result, "AsyncDeletePrinterDriverEx failed");
+done:
+
+	return ok;
+}
+
+/* Remove the leftover print driver package files from the driver store */
+static bool test_remove_driver_package(struct torture_context *tctx,
+				       struct test_iremotewinspool_context *ctx)
+{
+	struct dcerpc_pipe *p = ctx->iremotewinspool_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct winspool_AsyncDeletePrinterDriverPackage r;
+	bool ok = true;
+	NTSTATUS status;
+
+	r.in.pszServer = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	torture_assert_not_null_goto(tctx, r.in.pszServer, ok, done, "Cannot allocate memory");
+
+	r.in.pszInfPath = ctx->dinfo->uploaded_inf_path;
+
+	r.in.pszEnvironment = SPOOLSS_ARCHITECTURE_x64;
+
+	status = dcerpc_winspool_AsyncDeletePrinterDriverPackage_r(b, tctx, &r);
+	torture_assert_ntstatus_ok_goto(tctx, status, ok, done, "AsyncDeletePrinterPackage failed");
+
+	torture_assert_hresult_ok(tctx, r.out.result, "AsyncDeletePrinterDriverPackage failed");
+done:
+
+	return ok;
+}
+
+static bool test_winreg_iremotewinspool_openhklm(struct torture_context *tctx,
+						 struct dcerpc_binding_handle *winreg_bh,
+						 struct policy_handle *_hklm_handle)
+{
+	struct winreg_OpenHKLM r;
+	NTSTATUS status;
+	bool ok = true;
+
+	r.in.system_name = NULL;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.handle = _hklm_handle;
+
+	status = dcerpc_winreg_OpenHKLM_r(winreg_bh, tctx, &r);
+	torture_assert_ntstatus_ok_goto(tctx, status, ok, done, "Failed to Open HKLM");
+
+	torture_assert_werr_ok(tctx, r.out.result, "Failed to Open HKLM");
+done:
+
+	return ok;
+}
+
+static bool test_winreg_iremotewinspool_openkey(struct torture_context *tctx,
+						struct dcerpc_binding_handle *winreg_bh,
+						struct policy_handle *hklm_handle,
+						const char *keyname,
+						struct policy_handle *_key_handle)
+{
+	struct winreg_OpenKey r;
+	NTSTATUS status;
+	bool ok = true;
+
+	r.in.parent_handle = hklm_handle;
+	init_winreg_String(&r.in.keyname, keyname);
+	r.in.options = REG_OPTION_NON_VOLATILE;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.handle = _key_handle;
+
+	status = dcerpc_winreg_OpenKey_r(winreg_bh, tctx, &r);
+	torture_assert_ntstatus_ok_goto(tctx, status, ok, done, "OpenKey failed");
+
+	torture_assert_werr_ok(tctx, r.out.result, "OpenKey failed");
+done:
+
+	return ok;
+}
+
+static bool test_winreg_iremotewinspool_queryvalue(struct torture_context *tctx,
+						   struct dcerpc_binding_handle *b,
+						   struct policy_handle *key_handle,
+						   const char *value_name,
+						   const char **_valuestr)
+{
+	struct winreg_QueryValue r;
+	enum winreg_Type type = REG_NONE;
+	struct winreg_String valuename;
+	DATA_BLOB blob;
+	const char *str;
+	uint32_t data_size = 0;
+	uint32_t data_length = 0;
+	uint8_t *data = NULL;
+	NTSTATUS status;
+	bool ok = true;
+
+	init_winreg_String(&valuename, value_name);
+
+	data = talloc_zero_array(tctx, uint8_t, 0);
+
+	r.in.handle = key_handle;
+	r.in.value_name = &valuename;
+	r.in.type = &type;
+	r.in.data_size = &data_size;
+	r.in.data_length = &data_length;
+	r.in.data = data;
+
+	r.out.type = &type;
+	r.out.data = data;
+	r.out.data_size = &data_size;
+	r.out.data_length = &data_length;
+
+	status = dcerpc_winreg_QueryValue_r(b, tctx, &r);
+	torture_assert_ntstatus_ok_goto(tctx, status, ok, done, "winreg_QueryValue failure");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_winreg_QueryValue_r(b, tctx, &r), "QueryValue failed");
+	if (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA)) {
+		*r.in.data_size = *r.out.data_size;
+		data = talloc_zero_array(tctx, uint8_t, *r.in.data_size);
+		r.in.data = data;
+		r.out.data = data;
+		status = dcerpc_winreg_QueryValue_r(b, tctx, &r);
+		torture_assert_ntstatus_ok_goto(tctx, status, ok, done, "QueryValue failed");
+	}
+	torture_assert_werr_ok(tctx, r.out.result, "QueryValue failed");
+
+	torture_assert_int_equal_goto(tctx, *r.out.type, REG_SZ, ok, done, "unexpected type");
+	blob = data_blob(r.out.data, *r.out.data_size);
+	str = reg_val_data_string(tctx, REG_SZ, blob);
+
+	*_valuestr = str;
+done:
+
+	return ok;
+}
+
+/* Validate the installed driver subkey exists, and the InfPath
+ * value matches the pszDestInfPath from test_UploadPrinterDriverPackage */
+static bool test_winreg_validate_driver(struct torture_context *tctx,
+					struct dcerpc_pipe *winreg_pipe,
+					struct test_driver_info *dinfo)
+{
+	struct policy_handle hklm_handle;
+	struct policy_handle key_handle;
+	char *driver_key = NULL;
+	const char *val_name = NULL;
+	const char *val_str = NULL;
+	bool ok = true;
+
+	struct dcerpc_binding_handle *winreg_bh;
+	struct spoolss_AddDriverInfo8 *parsed_dinfo;
+
+	winreg_bh = winreg_pipe->binding_handle;
+	parsed_dinfo = dinfo->info;
+
+	/* OpenHKLM */
+	ok = test_winreg_iremotewinspool_openhklm(tctx, winreg_bh, &hklm_handle);
+	torture_assert_goto(tctx, ok, ok, done, "Failed to perform winreg OpenHKLM");
+
+	/* Open registry subkey for the installed print driver */
+	driver_key = talloc_asprintf(tctx, "%s\\Environments\\%s\\Drivers\\Version-%d\\%s",
+				     REG_DRIVER_CONTROL_KEY,
+				     parsed_dinfo->architecture,
+				     parsed_dinfo->version,
+				     parsed_dinfo->driver_name);
+	torture_assert_not_null_goto(tctx, driver_key, ok, done, "Cannot allocate driver_key string");
+	ok = test_winreg_iremotewinspool_openkey(tctx, winreg_bh, &hklm_handle,
+						 driver_key,
+						 &key_handle);
+	torture_assert_goto(tctx, ok, ok, done, "Failed to perform winreg OpenKey");
+
+	/* Read infpath value and validate this matches what was uploaded */
+	val_name = "InfPath";
+	ok = test_winreg_iremotewinspool_queryvalue(tctx, winreg_bh, &key_handle, val_name,
+						    &val_str);
+	torture_assert_goto(tctx, ok, ok, done, "QueryValue failed");
+
+	torture_assert_casestr_equal(tctx, val_str,
+				 dinfo->uploaded_inf_path,
+				 "InfPath does not match uploaded inf");
+done:
+
+	return ok;
+}
+
+static bool test_init_iremotewinspool_conn(struct torture_context *tctx,
+					   struct test_iremotewinspool_context *t)
+{
+	struct dcerpc_binding *binding = {0};
+	bool ok = true;
+	NTSTATUS status;
+
+	status = GUID_from_string(IREMOTEWINSPOOL_OBJECT_GUID, &t->object_uuid);
+	torture_assert_ntstatus_ok_goto(tctx, status, ok, done, "failed to parse GUID");
+
+	status = torture_rpc_binding(tctx, &binding);
+	torture_assert_ntstatus_ok_goto(tctx, status, ok, done, "failed to retrieve torture binding");
+
+	status = dcerpc_binding_set_object(binding, t->object_uuid);
+	torture_assert_ntstatus_ok_goto(tctx, status, ok, done, "failed to set object_uuid");
+
+	status = torture_rpc_connection_with_binding(tctx, binding, &t->iremotewinspool_pipe,
+						     &ndr_table_iremotewinspool);
+	torture_assert_ntstatus_ok_goto(tctx, status, ok, done, "Error connecting to server");
+
+done:
+
+	return ok;
+
+}
+
+static bool test_init_iremotewinspool_openprinter(struct torture_context *tctx,
+						  struct test_iremotewinspool_context *t)
+{
+	struct spoolss_UserLevel1 client_info = {0};
+	char *printer_name = NULL;
+	bool ok = true;
+
+	printer_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(t->iremotewinspool_pipe));
+	torture_assert_not_null_goto(tctx, printer_name, ok, done, "Cannot allocate memory");
+
+	client_info = test_get_client_info(tctx, WIN_7, 3, SPOOLSS_MINOR_VERSION_0,
+					   "testclient_machine", "testclient_user");
+
+	ok = test_AsyncOpenPrinter_byprinter(tctx, t, t->iremotewinspool_pipe, printer_name,
+					     client_info, &t->server_handle);
+	torture_assert_goto(tctx, ok, ok, done, "failed to open printserver");
+
+	ok = test_get_environment(tctx, t->iremotewinspool_pipe->binding_handle,
+				  &t->server_handle, &t->environment);
+	torture_assert_goto(tctx, ok, ok, done, "failed to get environment");
+
+done:
+	TALLOC_FREE(printer_name);
+
+	return ok;
+}
+
+static bool test_init_driver_info(struct torture_context *tctx,
+				  struct test_iremotewinspool_context *t)
+{
+	bool ok = true;
+	const char *abs_inf_path;
+	struct test_driver_info *drv_info = {0};
+
+	drv_info = talloc_zero(tctx, struct test_driver_info);
+	torture_assert_not_null_goto(tctx, drv_info, ok, done, "Cannot allocate memory");
+
+	t->dinfo = drv_info;
+
+	ok = test_get_driver_torture_options(tctx,
+					     &drv_info->local_driver_path,
+					     &drv_info->inf_file,
+					     &drv_info->driver_name,
+					     &drv_info->driver_arch,
+					     &drv_info->core_driver_inf);
+	torture_assert_goto(tctx, ok, ok, done, "Failed to get driver torture options");
+
+	ok = test_get_misc_driver_info(tctx, drv_info,
+				       &abs_inf_path,
+				       &drv_info->driver_path_len);
+	torture_assert_goto(tctx, ok, ok, done, "Failed to get misc driver info");
+
+	ok = parse_inf_driver(tctx, drv_info->driver_name, abs_inf_path, drv_info->driver_arch,
+			      drv_info->core_driver_inf, &drv_info->info);
+	torture_assert_goto(tctx, ok, ok, done, "Failed to parse inf driver");
+
+	/* Ensure that we are trying to install the correct device class:
+	 * https://docs.microsoft.com/en-us/windows-hardware/drivers/install/system-defined-device-setup-classes-available-to-vendors
+	 */
+	if (!(drv_info->info->printer_driver_attributes & PRINTER_DRIVER_CLASS)) {
+				ok = false;
+				torture_fail_goto(tctx, done, "Inf file Class value must be Printer");
+	}
+done:
+	return ok;
+
+}
+
+static bool test_init_server_and_share_info(struct torture_context *tctx,
+					    struct test_iremotewinspool_context *t)
+{
+	struct GUID guid;
+	bool ok = true;
+
+	t->dinfo->server_name = talloc_asprintf(tctx, "%s", dcerpc_server_name(t->iremotewinspool_pipe));
+	torture_assert_not_null_goto(tctx, t->dinfo->server_name, ok, done, "Cannot allocate memory");
+
+	t->dinfo->share_name = talloc_strdup(tctx, "print$");
+	torture_assert_not_null_goto(tctx, t->dinfo->share_name, ok, done, "Cannot allocate memory");
+
+	guid = GUID_random();
+	t->dinfo->print_upload_guid_dir = GUID_string2(tctx, &guid);
+done:
+	return ok;
+}
+
+
+static bool torture_rpc_iremotewinspool_drv_setup_common(struct torture_context *tctx,
+						     struct test_iremotewinspool_context *t)
+{
+	bool ok = true;
+	int ret = 0;
+
+	ok = test_init_driver_info(tctx, t);
+	torture_assert_goto(tctx, ok, ok, done, "failed to init driver info");
+
+	ok = test_init_iremotewinspool_conn(tctx, t);
+	torture_assert_goto(tctx, ok, ok, done, "failed to init iremotewinspool conn");
+
+	ok = test_init_iremotewinspool_openprinter(tctx, t);
+	torture_assert_goto(tctx, ok, ok, done, "failed to init iremotewinspool openprinter");
+
+	ok = test_init_server_and_share_info(tctx, t);
+	torture_assert_goto(tctx, ok, ok, done, "failed to init server and share info");
+
+	ret = smb_connect_print_share(tctx, t->dinfo->server_name, t->dinfo->share_name, &t->dinfo->cli);
+	torture_assert_goto(tctx, ret, ok, done, "Failed to connect to print share");
+
+done:
+
+	return ok;
+}
+
+static bool torture_rpc_iremotewinspool_drv_setup(struct torture_context *tctx,
+					      void **data)
+{
+	struct test_iremotewinspool_context *t;
+
+	*data = t = talloc_zero(tctx, struct test_iremotewinspool_context);
+
+	return torture_rpc_iremotewinspool_drv_setup_common(tctx, t);
+}
+
+static bool torture_rpc_iremotewinspool_drv_teardown_common(struct torture_context *tctx,
+							struct test_iremotewinspool_context *t)
+{
+	smbcli_deltree(t->dinfo->cli->tree, t->dinfo->print_upload_guid_dir);
+	smb_raw_exit(t->dinfo->cli->session);
+
+	test_uninstall_printer_driver(tctx, t);
+	test_remove_driver_package(tctx, t);
+
+	test_AsyncClosePrinter_byhandle(tctx, t, t->iremotewinspool_pipe, &t->server_handle);
+
+	return true;
+}
+
+static bool torture_rpc_iremotewinspool_drv_teardown(struct torture_context *tctx,
+						 void *data)
+{
+	struct test_iremotewinspool_context *t = talloc_get_type(data, struct test_iremotewinspool_context);
+	bool ret;
+
+	ret = torture_rpc_iremotewinspool_drv_teardown_common(tctx, t);
+	talloc_free(t);
+
+	return ret;
+}
+
+/* Creates {GUID} directory inside //server/print$ then copies driver files
+ * and directories from torture option driver_path to this directory over smb */
+static bool test_CopyDriverFiles(struct torture_context *tctx,
+				   void *private_data)
+{
+	struct test_iremotewinspool_context *ctx =
+	talloc_get_type_abort(private_data, struct test_iremotewinspool_context);
+
+	bool ret = false;
+	bool ok = true;
+	NTSTATUS status;
+
+	status = smbcli_mkdir(ctx->dinfo->cli->tree, ctx->dinfo->print_upload_guid_dir);
+	torture_assert_ntstatus_ok_goto(tctx, status, ok, done, "Failed to create upload directory");
+
+	/* Walk the provided torture option driver_path file tree, creating the directory hierarchy and
+	 * copying all files to print$/{GUID}/ share */
+	ret = tftw(tctx, ctx->dinfo->local_driver_path, copy_driver_files, TFTW_MAX_DEPTH, ctx->dinfo);
+	torture_assert_int_equal_goto(tctx, ret, 0, ok, done, "Failed to copy driver files to print$/{GUID}/ dir");
+
+done:
+
+	return ok;
+}
+
+/*
+ * Upload print driver package files and inf file, preparing the print server
+ * for driver installation
+ */
+static bool test_UploadPrinterDriverPackage(struct torture_context *tctx,
+					    void *private_data)
+{
+	struct test_iremotewinspool_context *ctx =
+		talloc_get_type_abort(private_data, struct test_iremotewinspool_context);
+
+	struct dcerpc_pipe *p = ctx->iremotewinspool_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	struct spoolss_AddDriverInfo8 *parsed_dinfo;
+	struct winspool_AsyncUploadPrinterDriverPackage r;
+	uint32_t pcchDestInfPath = 0;
+	NTSTATUS status;
+	bool ok = true;
+
+	parsed_dinfo = ctx->dinfo->info;
+
+	r.in.pszServer = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	torture_assert_not_null_goto(tctx, r.in.pszServer, ok, done, "Cannot allocate memory");
+
+	r.in.pszInfPath = talloc_asprintf(tctx, "\\\\%s\\%s\\%s\\%s", ctx->dinfo->server_name,
+								      ctx->dinfo->share_name,
+							              ctx->dinfo->print_upload_guid_dir,
+							              ctx->dinfo->inf_file);
+	torture_assert_not_null_goto(tctx, r.in.pszInfPath, ok, done, "Cannot allocate memory");
+
+	r.in.pszEnvironment = parsed_dinfo->architecture;
+	/* Upload driver package files even if the driver package is already present
+	 * on the print server */
+	r.in.dwFlags = UPDP_UPLOAD_ALWAYS;
+	pcchDestInfPath = 260;
+	r.in.pszDestInfPath = NULL;
+	r.in.pcchDestInfPath = &pcchDestInfPath;
+	r.out.pszDestInfPath = NULL;
+	r.out.pcchDestInfPath = &pcchDestInfPath;
+
+	r.in.pszDestInfPath = talloc_zero(tctx, const char);
+	torture_assert_not_null_goto(tctx, r.in.pszDestInfPath, ok, done, "Cannot allocate memory");
+	r.out.pszDestInfPath = talloc_zero(tctx, const char);
+	torture_assert_not_null_goto(tctx, r.out.pszDestInfPath, ok, done, "Cannot allocate memory");
+
+	status = dcerpc_winspool_AsyncUploadPrinterDriverPackage_r(b, tctx, &r);
+	torture_assert_ntstatus_ok_goto(tctx, status, ok, done, "AsyncUploadPrinterDriverPackage failed");
+
+	torture_assert_hresult_ok(tctx, r.out.result, "AsyncUploadPrinterDriverPackage failed");
+
+	ctx->dinfo->uploaded_inf_path = talloc_strdup(tctx, r.out.pszDestInfPath);
+	torture_assert_not_null_goto(tctx, ctx->dinfo->uploaded_inf_path, ok, done, "Cannot allocate memory");
+
+done:
+
+	return ok;
+}
+
+/* Install the driver that was successfully uploaded to the printer driver
+ * store, note that Windows validates the pszDriverName as mentioned below */
+static bool test_InstallPrinterDriverFromPackage(struct torture_context *tctx,
+					     void *private_data)
+{
+	struct test_iremotewinspool_context *ctx =
+		talloc_get_type_abort(private_data, struct test_iremotewinspool_context);
+
+	struct dcerpc_pipe *p = ctx->iremotewinspool_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	char *abs_inf_path = NULL;
+	struct spoolss_AddDriverInfo8 *parsed_dinfo;
+	struct winspool_AsyncInstallPrinterDriverFromPackage r;
+	bool ok = true;
+	NTSTATUS status;
+
+	parsed_dinfo = ctx->dinfo->info;
+
+	r.in.pszServer = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	torture_assert_not_null_goto(tctx, r.in.pszServer, ok, done, "Cannot allocate memory");
+
+	/* output string(pszDestInfPath) from test_UploadPrinterDriverPackage() */
+	r.in.pszInfPath = talloc_strdup(tctx, ctx->dinfo->uploaded_inf_path);
+	torture_assert_not_null_goto(tctx, r.in.pszInfPath, ok, done, "Cannot allocate memory");
+
+	abs_inf_path = talloc_asprintf(tctx, "%s/%s", ctx->dinfo->local_driver_path, ctx->dinfo->inf_file);
+	torture_assert_not_null_goto(tctx, abs_inf_path, ok, done, "Cannot allocate memory");
+
+	r.in.pszEnvironment = parsed_dinfo->architecture;
+	torture_assert_not_null_goto(tctx, r.in.pszEnvironment, ok, done, "Cannot allocate memory");
+
+	/* Windows validates the print driver name by checking the pszDriverName input against the inf file:
+	 * 1) "DriverName" value
+	 * 2) "CompatName" value
+	 * 3) left-hand-side value under the [Model] section
+	 * otherwise ERROR_UNKNOWN_PRINTER_DRIVER is returned */
+	r.in.pszDriverName = parsed_dinfo->driver_name;
+	torture_assert_not_null_goto(tctx, r.in.pszDriverName, ok, done, "Cannot allocate memory");
+
+	/* All files should be installed, even if doing so would overwrite some newer
+	 * versions */
+	r.in.dwFlags = IPDFP_COPY_ALL_FILES;
+
+	status = dcerpc_winspool_AsyncInstallPrinterDriverFromPackage_r(b, tctx, &r);
+	torture_assert_ntstatus_ok_goto(tctx, status, ok, done, "AsyncInstallPrinterDriverFromPackage failed");
+
+	torture_assert_hresult_ok(tctx, r.out.result, "AsyncInstallPrinterDriverFromPackage failed");
+done:
+	TALLOC_FREE(abs_inf_path);
+
+	return ok;
+}
+
+/* Check the registry to validate the print driver installed successfully */
+static bool test_ValidatePrinterDriverInstalled(struct torture_context *tctx,
+						 void *private_data)
+{
+	struct test_iremotewinspool_context *ctx =
+		talloc_get_type_abort(private_data, struct test_iremotewinspool_context);
+
+	struct dcerpc_pipe *winreg_pipe = NULL;
+	NTSTATUS status;
+	bool ok = true;
+
+	/* winreg is not available over ncacn_ip_tcp */
+	status = torture_rpc_connection_transport(tctx, &winreg_pipe, &ndr_table_winreg, NCACN_NP, 0, 0);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_PIPE_NOT_AVAILABLE)) {
+		/* retry */
+		status = torture_rpc_connection_transport(tctx, &winreg_pipe, &ndr_table_winreg, NCACN_NP, 0, 0);
+	}
+	torture_assert_ntstatus_ok_goto(tctx, status, ok, done, "Failed to connect to winreg");
+
+	ok = test_winreg_validate_driver(tctx, winreg_pipe, ctx->dinfo);
+	torture_assert_goto(tctx, ok, ok, done, "Failed to validate driver with winreg");
+
+done:
+	TALLOC_FREE(winreg_pipe);
+
+	return ok;
+}
+
+struct torture_suite *torture_rpc_iremotewinspool_drv(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "iremotewinspool_driver");
+	struct torture_tcase *tcase = torture_suite_add_tcase(suite, "drivers");
+
+	torture_tcase_set_fixture(tcase,
+				  torture_rpc_iremotewinspool_drv_setup,
+				  torture_rpc_iremotewinspool_drv_teardown);
+
+	torture_tcase_add_simple_test(tcase, "CopyDriverFiles", test_CopyDriverFiles);
+	torture_tcase_add_simple_test(tcase, "UploadPrinterDriverPackage", test_UploadPrinterDriverPackage);
+	torture_tcase_add_simple_test(tcase, "InstallPrinterDriverFromPackage", test_InstallPrinterDriverFromPackage);
+	torture_tcase_add_simple_test(tcase, "ValidatePrinterDriverInstalled", test_ValidatePrinterDriverInstalled);
+
+	return suite;
+}
diff --git a/source4/torture/rpc/join.c b/source4/torture/rpc/join.c
new file mode 100644
index 0000000..6e0afca
--- /dev/null
+++ b/source4/torture/rpc/join.c
@@ -0,0 +1,86 @@
+#include "includes.h"
+#include "libcli/libcli.h"
+
+#include "torture/rpc/torture_rpc.h"
+
+#include "libcli/resolve/resolve.h"
+#include "param/param.h"
+
+#define TORTURE_NETBIOS_NAME "smbtorturejoin"
+
+
+bool torture_rpc_join(struct torture_context *torture)
+{
+	NTSTATUS status;
+	struct test_join *tj;
+	struct cli_credentials *machine_account;
+	struct smbcli_state *cli;
+	const char *host = torture_setting_string(torture, "host", NULL);
+	struct smbcli_options options;
+	struct smbcli_session_options session_options;
+
+	/* Join domain as a member server. */
+	tj = torture_join_domain(torture,
+				 TORTURE_NETBIOS_NAME,
+				 ACB_WSTRUST,
+				 &machine_account);
+
+	if (!tj) {
+		DEBUG(0, ("%s failed to join domain as workstation\n",
+			  TORTURE_NETBIOS_NAME));
+		return false;
+	}
+
+	lpcfg_smbcli_options(torture->lp_ctx, &options);
+	lpcfg_smbcli_session_options(torture->lp_ctx, &session_options);
+
+	status = smbcli_full_connection(tj, &cli, host,
+					lpcfg_smb_ports(torture->lp_ctx),
+					"IPC$", NULL,
+					lpcfg_socket_options(torture->lp_ctx),
+					machine_account,
+					lpcfg_resolve_context(torture->lp_ctx),
+					torture->ev, &options, &session_options,
+					lpcfg_gensec_settings(torture, torture->lp_ctx));
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("%s failed to connect to IPC$ with workstation credentials\n",
+			  TORTURE_NETBIOS_NAME));
+		return false;	
+	}
+	smbcli_tdis(cli);
+        
+	/* Leave domain. */                          
+	torture_leave_domain(torture, tj);
+        
+	/* Join domain as a domain controller. */
+	tj = torture_join_domain(torture, TORTURE_NETBIOS_NAME,
+				 ACB_SVRTRUST,
+				 &machine_account);
+	if (!tj) {
+		DEBUG(0, ("%s failed to join domain as domain controller\n",
+			  TORTURE_NETBIOS_NAME));
+		return false;
+	}
+
+	status = smbcli_full_connection(tj, &cli, host,
+					lpcfg_smb_ports(torture->lp_ctx),
+					"IPC$", NULL,
+					lpcfg_socket_options(torture->lp_ctx),
+					machine_account,
+					lpcfg_resolve_context(torture->lp_ctx),
+					torture->ev, &options, &session_options,
+					lpcfg_gensec_settings(torture, torture->lp_ctx));
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("%s failed to connect to IPC$ with workstation credentials\n",
+			  TORTURE_NETBIOS_NAME));
+		return false;	
+	}
+
+	smbcli_tdis(cli);
+
+	/* Leave domain. */
+	torture_leave_domain(torture, tj);
+
+	return true;
+}
+
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
new file mode 100644
index 0000000..c2190e5
--- /dev/null
+++ b/source4/torture/rpc/lsa.c
@@ -0,0 +1,5645 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for lsa rpc operations
+
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/torture.h"
+#include "libcli/cldap/cldap.h"
+#include "../lib/tsocket/tsocket.h"
+#include "librpc/gen_ndr/ndr_lsa_c.h"
+#include "librpc/gen_ndr/netlogon.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "librpc/gen_ndr/ndr_netlogon_c.h"
+#include "lib/events/events.h"
+#include "libcli/security/security.h"
+#include "libcli/auth/libcli_auth.h"
+#include "torture/rpc/torture_rpc.h"
+#include "param/param.h"
+#include "source4/auth/kerberos/kerberos.h"
+#include "source4/auth/kerberos/kerberos_util.h"
+#include "lib/util/util_net.h"
+#include "libcli/resolve/resolve.h"
+
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+
+#define TEST_MACHINENAME "lsatestmach"
+#define TRUSTPW "12345678"
+
+static void init_lsa_String(struct lsa_String *name, const char *s)
+{
+	name->string = s;
+}
+
+static bool test_OpenPolicy(struct dcerpc_binding_handle *b,
+			    struct torture_context *tctx)
+{
+	struct lsa_ObjectAttribute attr;
+	struct policy_handle handle;
+	struct lsa_QosInfo qos;
+	struct lsa_OpenPolicy r;
+	uint16_t system_name = '\\';
+
+	torture_comment(tctx, "\nTesting OpenPolicy\n");
+
+	qos.len = 0;
+	qos.impersonation_level = 2;
+	qos.context_mode = 1;
+	qos.effective_only = 0;
+
+	attr.len = 0;
+	attr.root_dir = NULL;
+	attr.object_name = NULL;
+	attr.attributes = 0;
+	attr.sec_desc = NULL;
+	attr.sec_qos = &qos;
+
+	r.in.system_name = &system_name;
+	r.in.attr = &attr;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.handle = &handle;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_OpenPolicy_r(b, tctx, &r),
+				   "OpenPolicy failed");
+
+	torture_assert_ntstatus_ok(tctx,
+				   r.out.result,
+				   "OpenPolicy failed");
+
+	return true;
+}
+
+static bool test_OpenPolicy_fail(struct dcerpc_binding_handle *b,
+				 struct torture_context *tctx)
+{
+	struct lsa_ObjectAttribute attr;
+	struct policy_handle handle;
+	struct lsa_QosInfo qos;
+	struct lsa_OpenPolicy r;
+	uint16_t system_name = '\\';
+	NTSTATUS status;
+
+	torture_comment(tctx, "\nTesting OpenPolicy_fail\n");
+
+	qos.len = 0;
+	qos.impersonation_level = 2;
+	qos.context_mode = 1;
+	qos.effective_only = 0;
+
+	attr.len = 0;
+	attr.root_dir = NULL;
+	attr.object_name = NULL;
+	attr.attributes = 0;
+	attr.sec_desc = NULL;
+	attr.sec_qos = &qos;
+
+	r.in.system_name = &system_name;
+	r.in.attr = &attr;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.handle = &handle;
+
+	status = dcerpc_lsa_OpenPolicy_r(b, tctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+			torture_comment(tctx,
+					"OpenPolicy correctly returned with "
+					"status: %s\n",
+					nt_errstr(status));
+			return true;
+		}
+
+		torture_assert_ntstatus_equal(tctx,
+					      status,
+					      NT_STATUS_ACCESS_DENIED,
+					      "OpenPolicy return value should "
+					      "be ACCESS_DENIED");
+		return true;
+	}
+
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_ACCESS_DENIED) ||
+		    NT_STATUS_EQUAL(r.out.result, NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED)) {
+			torture_comment(tctx,
+					"OpenPolicy correctly returned with "
+					"result: %s\n",
+					nt_errstr(r.out.result));
+			return true;
+		}
+	}
+
+	torture_assert_ntstatus_equal(tctx,
+				      r.out.result,
+				      NT_STATUS_OK,
+				      "OpenPolicy return value should be "
+				      "ACCESS_DENIED");
+
+	return false;
+}
+
+
+bool test_lsa_OpenPolicy2_ex(struct dcerpc_binding_handle *b,
+			     struct torture_context *tctx,
+			     struct policy_handle **handle,
+			     NTSTATUS expected_status,
+			     NTSTATUS expected_status2)
+{
+	struct lsa_ObjectAttribute attr;
+	struct lsa_QosInfo qos;
+	struct lsa_OpenPolicy2 r;
+	NTSTATUS status;
+
+	torture_comment(tctx, "\nTesting OpenPolicy2\n");
+
+	*handle = talloc(tctx, struct policy_handle);
+	torture_assert(tctx, *handle != NULL, "talloc(tctx, struct policy_handle)");
+
+	qos.len = 0;
+	qos.impersonation_level = 2;
+	qos.context_mode = 1;
+	qos.effective_only = 0;
+
+	attr.len = 0;
+	attr.root_dir = NULL;
+	attr.object_name = NULL;
+	attr.attributes = 0;
+	attr.sec_desc = NULL;
+	attr.sec_qos = &qos;
+
+	r.in.system_name = "\\";
+	r.in.attr = &attr;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.handle = *handle;
+
+	status = dcerpc_lsa_OpenPolicy2_r(b, tctx, &r);
+
+	/* Allow two possible failure status codes */
+	if (!NT_STATUS_EQUAL(status, expected_status2)) {
+		torture_assert_ntstatus_equal(tctx, status,
+					      expected_status,
+					      "OpenPolicy2 failed");
+	}
+	if (!NT_STATUS_IS_OK(expected_status) ||
+	    !NT_STATUS_IS_OK(expected_status2)) {
+		return true;
+	}
+
+	torture_assert_ntstatus_ok(tctx,
+				   r.out.result,
+				   "OpenPolicy2 failed");
+
+	return true;
+}
+
+
+bool test_lsa_OpenPolicy2(struct dcerpc_binding_handle *b,
+			  struct torture_context *tctx,
+			  struct policy_handle **handle)
+{
+	return test_lsa_OpenPolicy2_ex(b, tctx, handle,
+				       NT_STATUS_OK, NT_STATUS_OK);
+}
+
+static bool test_OpenPolicy2_fail(struct dcerpc_binding_handle *b,
+				  struct torture_context *tctx)
+{
+	struct lsa_ObjectAttribute attr;
+	struct policy_handle handle;
+	struct lsa_QosInfo qos;
+	struct lsa_OpenPolicy2 r;
+	NTSTATUS status;
+
+	torture_comment(tctx, "\nTesting OpenPolicy2_fail\n");
+
+	qos.len = 0;
+	qos.impersonation_level = 2;
+	qos.context_mode = 1;
+	qos.effective_only = 0;
+
+	attr.len = 0;
+	attr.root_dir = NULL;
+	attr.object_name = NULL;
+	attr.attributes = 0;
+	attr.sec_desc = NULL;
+	attr.sec_qos = &qos;
+
+	r.in.system_name = "\\";
+	r.in.attr = &attr;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.handle = &handle;
+
+	status = dcerpc_lsa_OpenPolicy2_r(b, tctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		if (NT_STATUS_EQUAL(status, NT_STATUS_CONNECTION_DISCONNECTED) ||
+		    NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+			torture_comment(tctx,
+					"OpenPolicy2 correctly returned with "
+					"status: %s\n",
+					nt_errstr(status));
+			return true;
+		}
+
+		torture_assert_ntstatus_equal(tctx,
+					      status,
+					      NT_STATUS_ACCESS_DENIED,
+					      "OpenPolicy2 return value should "
+					      "be ACCESS_DENIED");
+		return true;
+	}
+
+	if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_ACCESS_DENIED) ||
+	    NT_STATUS_EQUAL(r.out.result, NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED)) {
+		torture_comment(tctx,
+				"OpenPolicy2 correctly returned with "
+				"result: %s\n",
+				nt_errstr(r.out.result));
+		return true;
+	}
+
+	torture_fail(tctx,
+		     "OpenPolicy2 return value should be "
+		     "ACCESS_DENIED or RPC_PROTSEQ_NOT_SUPPORTED");
+
+	return false;
+}
+
+bool test_lsa_OpenPolicy3_ex(struct dcerpc_binding_handle *b,
+			     struct torture_context *tctx,
+			     struct policy_handle **handle,
+			     NTSTATUS expected_status,
+			     NTSTATUS expected_status2)
+{
+	struct lsa_QosInfo qos = {
+		.impersonation_level = 2,
+		.context_mode = 1,
+	};
+	struct lsa_ObjectAttribute attr = {
+		.len = 0,
+		.sec_qos = &qos,
+	};
+	struct lsa_revision_info1 in_rinfo1 = {
+		.revision = 1,
+		.supported_features = 0,
+	};
+	union lsa_revision_info in_rinfo = {
+		.info1 = in_rinfo1,
+	};
+	struct lsa_revision_info1 out_rinfo1 = {
+		.revision = 0,
+	};
+	union lsa_revision_info out_rinfo = {
+		.info1 = out_rinfo1,
+	};
+	uint32_t out_version = 0;
+	struct lsa_OpenPolicy3 r = {
+		.in.system_name = "\\",
+		.in.attr = &attr,
+		.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED,
+		.in.in_version = 1,
+		.in.in_revision_info = &in_rinfo,
+		.out.out_version = &out_version,
+		.out.out_revision_info = &out_rinfo,
+	};
+	NTSTATUS status;
+
+	torture_comment(tctx, "\nTesting OpenPolicy3\n");
+
+	*handle = talloc(tctx, struct policy_handle);
+	torture_assert(tctx,
+		       *handle != NULL,
+		       "talloc(tctx, struct policy_handle)");
+	r.out.handle = *handle;
+
+	status = dcerpc_lsa_OpenPolicy3_r(b, tctx, &r);
+
+	/* Allow two possible failure status codes */
+	if (!NT_STATUS_EQUAL(status, expected_status2)) {
+		torture_assert_ntstatus_equal(tctx,
+					      status,
+					      expected_status,
+					      "OpenPolicy3 failed");
+	}
+	if (!NT_STATUS_IS_OK(expected_status) ||
+	    !NT_STATUS_IS_OK(expected_status2)) {
+		return true;
+	}
+
+	torture_assert_ntstatus_ok(tctx, r.out.result, "OpenPolicy3 failed");
+	torture_assert_int_equal(tctx, out_version, 1, "Invalid out_version");
+	torture_assert_int_equal(tctx,
+				 out_rinfo1.revision,
+				 1,
+				 "Invalid revision");
+#if 0 /* TODO: Enable as soon as it is supported */
+	torture_assert_int_equal(tctx,
+				 out_rinfo1.supported_features,
+				 LSA_FEATURE_TDO_AUTH_INFO_AES_CIPHER,
+				 "Invalid supported feature set");
+#endif
+
+	return true;
+}
+
+bool test_lsa_OpenPolicy3(struct dcerpc_binding_handle *b,
+			  struct torture_context *tctx,
+			  struct policy_handle **handle)
+{
+	return test_lsa_OpenPolicy3_ex(b,
+				       tctx,
+				       handle,
+				       NT_STATUS_OK,
+				       NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE);
+}
+
+static bool test_OpenPolicy3_fail(struct dcerpc_binding_handle *b,
+				  struct torture_context *tctx)
+{
+	struct policy_handle handle = {
+		.handle_type = 0,
+	};
+	struct lsa_QosInfo qos = {
+		.impersonation_level = 2,
+		.context_mode = 1,
+	};
+	struct lsa_ObjectAttribute attr = {
+		.len = 0,
+		.sec_qos = &qos,
+	};
+	struct lsa_revision_info1 in_rinfo1 = {
+		.revision = 0,
+		.supported_features = 0,
+	};
+	union lsa_revision_info in_rinfo = {
+		.info1 = in_rinfo1,
+	};
+	struct lsa_revision_info1 out_rinfo1 = {
+		.revision = 0,
+	};
+	union lsa_revision_info out_rinfo = {
+		.info1 = out_rinfo1,
+	};
+	uint32_t out_version = 0;
+	struct lsa_OpenPolicy3 r = {
+		.in.system_name = "\\",
+		.in.attr = &attr,
+		.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED,
+		.in.in_version = 1,
+		.in.in_revision_info = &in_rinfo,
+		.out.out_version = &out_version,
+		.out.out_revision_info = &out_rinfo,
+		.out.handle = &handle,
+	};
+	NTSTATUS status;
+
+	torture_comment(tctx, "\nTesting OpenPolicy3_fail\n");
+
+	status = dcerpc_lsa_OpenPolicy3_r(b, tctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		if (NT_STATUS_EQUAL(status, NT_STATUS_CONNECTION_DISCONNECTED) ||
+		    NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) ||
+		    NT_STATUS_EQUAL(status,
+				    NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) {
+			torture_comment(tctx,
+					"OpenPolicy3 correctly returned with "
+					"status: %s\n",
+					nt_errstr(status));
+			return true;
+		}
+
+		torture_assert_ntstatus_equal(tctx,
+					      status,
+					      NT_STATUS_ACCESS_DENIED,
+					      "OpenPolicy3 return value should "
+					      "be ACCESS_DENIED or CONNECTION_DISCONNECTED");
+		return true;
+	}
+
+	if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_ACCESS_DENIED) ||
+	    NT_STATUS_EQUAL(r.out.result,
+			    NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED)) {
+		torture_comment(tctx,
+				"OpenPolicy3 correctly returned with "
+				"result: %s\n",
+				nt_errstr(r.out.result));
+		return true;
+	}
+
+	torture_fail(tctx,
+		     "OpenPolicy3 return value should be "
+		     "ACCESS_DENIED or RPC_PROTSEQ_NOT_SUPPORTED");
+
+	return false;
+}
+
+static bool test_LookupNames(struct dcerpc_binding_handle *b,
+			     struct torture_context *tctx,
+			     struct policy_handle *handle,
+			     enum lsa_LookupNamesLevel level,
+			     struct lsa_TransNameArray *tnames)
+{
+	struct lsa_LookupNames r;
+	struct lsa_TransSidArray sids;
+	struct lsa_RefDomainList *domains = NULL;
+	struct lsa_String *names;
+	uint32_t count = 0;
+	int i;
+	uint32_t *input_idx;
+
+	torture_comment(tctx, "\nTesting LookupNames with %d names\n", tnames->count);
+
+	sids.count = 0;
+	sids.sids = NULL;
+
+
+	r.in.num_names = 0;
+
+	input_idx = talloc_array(tctx, uint32_t, tnames->count);
+	names = talloc_array(tctx, struct lsa_String, tnames->count);
+
+	for (i=0;i<tnames->count;i++) {
+		if (tnames->names[i].sid_type != SID_NAME_UNKNOWN) {
+			init_lsa_String(&names[r.in.num_names], tnames->names[i].name.string);
+			input_idx[r.in.num_names] = i;
+			r.in.num_names++;
+		}
+	}
+
+	r.in.handle = handle;
+	r.in.names = names;
+	r.in.sids = &sids;
+	r.in.level = level;
+	r.in.count = &count;
+	r.out.count = &count;
+	r.out.sids = &sids;
+	r.out.domains = &domains;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_LookupNames_r(b, tctx, &r),
+				   "LookupNames failed");
+	if (NT_STATUS_EQUAL(r.out.result, STATUS_SOME_UNMAPPED) ||
+	    NT_STATUS_EQUAL(r.out.result, NT_STATUS_NONE_MAPPED)) {
+		for (i=0;i< r.in.num_names;i++) {
+			if (i < count && sids.sids[i].sid_type == SID_NAME_UNKNOWN) {
+				torture_comment(tctx, "LookupName of %s was unmapped\n",
+				       tnames->names[i].name.string);
+			} else if (i >=count) {
+				torture_comment(tctx, "LookupName of %s failed to return a result\n",
+				       tnames->names[i].name.string);
+			}
+		}
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+					   "LookupNames failed");
+	} else if (!NT_STATUS_IS_OK(r.out.result)) {
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+					   "LookupNames failed");
+	}
+
+	for (i=0;i< r.in.num_names;i++) {
+		torture_assert(tctx, (i < count),
+			       talloc_asprintf(tctx,
+			       "LookupName of %s failed to return a result\n",
+			       tnames->names[input_idx[i]].name.string));
+
+		torture_assert_int_equal(tctx,
+					 sids.sids[i].sid_type,
+					 tnames->names[input_idx[i]].sid_type,
+					 talloc_asprintf(tctx,
+					 "LookupName of %s got unexpected name type: %s\n",
+					 tnames->names[input_idx[i]].name.string,
+					 sid_type_lookup(sids.sids[i].sid_type)));
+		if (sids.sids[i].sid_type != SID_NAME_DOMAIN) {
+			continue;
+		}
+		torture_assert_int_equal(tctx,
+					 sids.sids[i].rid,
+					 UINT32_MAX,
+					 talloc_asprintf(tctx,
+					 "LookupName of %s got unexpected rid: %d\n",
+					 tnames->names[input_idx[i]].name.string,
+					 sids.sids[i].rid));
+	}
+
+	return true;
+}
+
+static bool test_LookupNames_bogus(struct dcerpc_binding_handle *b,
+				   struct torture_context *tctx,
+				   struct policy_handle *handle,
+				   enum lsa_LookupNamesLevel level)
+{
+	struct lsa_LookupNames r;
+	struct lsa_TransSidArray sids;
+	struct lsa_RefDomainList *domains = NULL;
+	struct lsa_String names[1];
+	uint32_t count = 0;
+
+	torture_comment(tctx, "\nTesting LookupNames with bogus name\n");
+
+	sids.count = 0;
+	sids.sids = NULL;
+
+	init_lsa_String(&names[0], "NT AUTHORITY\\BOGUS");
+
+	r.in.handle = handle;
+	r.in.num_names = 1;
+	r.in.names = names;
+	r.in.sids = &sids;
+	r.in.level = level;
+	r.in.count = &count;
+	r.out.count = &count;
+	r.out.sids = &sids;
+	r.out.domains = &domains;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_LookupNames_r(b, tctx, &r),
+				   "LookupNames bogus failed");
+	if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_NONE_MAPPED)) {
+		torture_comment(tctx, "LookupNames failed - %s\n",
+				nt_errstr(r.out.result));
+		return false;
+	}
+
+	torture_comment(tctx, "\n");
+
+	return true;
+}
+
+static bool test_LookupNames_NULL(struct dcerpc_binding_handle *b,
+				  struct torture_context *tctx,
+				  struct policy_handle *handle,
+				  enum lsa_LookupNamesLevel level)
+{
+	struct lsa_LookupNames r;
+	struct lsa_TransSidArray sids;
+	struct lsa_RefDomainList *domains = NULL;
+	struct lsa_String names[1];
+	uint32_t count = 0;
+
+	torture_comment(tctx, "\nTesting LookupNames with NULL name\n");
+
+	sids.count = 0;
+	sids.sids = NULL;
+
+	names[0].string = NULL;
+
+	r.in.handle = handle;
+	r.in.num_names = 1;
+	r.in.names = names;
+	r.in.sids = &sids;
+	r.in.level = level;
+	r.in.count = &count;
+	r.out.count = &count;
+	r.out.sids = &sids;
+	r.out.domains = &domains;
+
+	/* nt4 returns NT_STATUS_NONE_MAPPED with sid_type
+	 * SID_NAME_UNKNOWN, rid 0, and sid_index -1;
+	 *
+	 * w2k3/w2k8 return NT_STATUS_OK with sid_type
+	 * SID_NAME_DOMAIN, rid -1 and sid_index 0 and BUILTIN domain
+	 */
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_LookupNames_r(b, tctx, &r),
+		"LookupNames with NULL name failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+		"LookupNames with NULL name failed");
+
+	torture_comment(tctx, "\n");
+
+	return true;
+}
+
+static bool test_LookupNames_wellknown(struct dcerpc_binding_handle *b,
+				       struct torture_context *tctx,
+				       struct policy_handle *handle,
+				       enum lsa_LookupNamesLevel level)
+{
+	struct lsa_TranslatedName name;
+	struct lsa_TransNameArray tnames;
+	bool ret = true;
+
+	torture_comment(tctx, "Testing LookupNames with well known names\n");
+
+	tnames.names = &name;
+	tnames.count = 1;
+	name.name.string = "NT AUTHORITY\\SYSTEM";
+	name.sid_type = SID_NAME_WKN_GRP;
+	ret &= test_LookupNames(b, tctx, handle, level, &tnames);
+
+	name.name.string = "NT AUTHORITY\\ANONYMOUS LOGON";
+	name.sid_type = SID_NAME_WKN_GRP;
+	ret &= test_LookupNames(b, tctx, handle, level, &tnames);
+
+	name.name.string = "NT AUTHORITY\\Authenticated Users";
+	name.sid_type = SID_NAME_WKN_GRP;
+	ret &= test_LookupNames(b, tctx, handle, level, &tnames);
+
+#if 0
+	name.name.string = "NT AUTHORITY";
+	ret &= test_LookupNames(b, tctx, handle, level, &tnames);
+
+	name.name.string = "NT AUTHORITY\\";
+	ret &= test_LookupNames(b, tctx, handle, level, &tnames);
+#endif
+
+	name.name.string = "BUILTIN\\";
+	name.sid_type = SID_NAME_DOMAIN;
+	ret &= test_LookupNames(b, tctx, handle, level, &tnames);
+
+	name.name.string = "BUILTIN\\Administrators";
+	name.sid_type = SID_NAME_ALIAS;
+	ret &= test_LookupNames(b, tctx, handle, level, &tnames);
+
+	name.name.string = "SYSTEM";
+	name.sid_type = SID_NAME_WKN_GRP;
+	ret &= test_LookupNames(b, tctx, handle, level, &tnames);
+
+	name.name.string = "Everyone";
+	name.sid_type = SID_NAME_WKN_GRP;
+	ret &= test_LookupNames(b, tctx, handle, level, &tnames);
+	return ret;
+}
+
+static bool test_LookupNames2(struct dcerpc_binding_handle *b,
+			      struct torture_context *tctx,
+			      struct policy_handle *handle,
+			      enum lsa_LookupNamesLevel level,
+			      struct lsa_TransNameArray2 *tnames,
+			      bool check_result)
+{
+	struct lsa_LookupNames2 r;
+	struct lsa_TransSidArray2 sids;
+	struct lsa_RefDomainList *domains = NULL;
+	struct lsa_String *names;
+	uint32_t *input_idx;
+	uint32_t count = 0;
+	int i;
+
+	torture_comment(tctx, "\nTesting LookupNames2 with %d names\n", tnames->count);
+
+	sids.count = 0;
+	sids.sids = NULL;
+
+	r.in.num_names = 0;
+
+	input_idx = talloc_array(tctx, uint32_t, tnames->count);
+	names = talloc_array(tctx, struct lsa_String, tnames->count);
+
+	for (i=0;i<tnames->count;i++) {
+		if (tnames->names[i].sid_type != SID_NAME_UNKNOWN) {
+			init_lsa_String(&names[r.in.num_names], tnames->names[i].name.string);
+			input_idx[r.in.num_names] = i;
+			r.in.num_names++;
+		}
+	}
+
+	r.in.handle = handle;
+	r.in.names = names;
+	r.in.sids = &sids;
+	r.in.level = level;
+	r.in.count = &count;
+	r.in.lookup_options = 0;
+	r.in.client_revision = 0;
+	r.out.count = &count;
+	r.out.sids = &sids;
+	r.out.domains = &domains;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_LookupNames2_r(b, tctx, &r),
+		"LookupNames2 failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "LookupNames2 failed");
+
+	if (check_result) {
+		torture_assert_int_equal(tctx, count, sids.count,
+			"unexpected number of results returned");
+		if (sids.count > 0) {
+			torture_assert(tctx, sids.sids, "invalid sid buffer");
+		}
+	}
+
+	torture_comment(tctx, "\n");
+
+	return true;
+}
+
+
+static bool test_LookupNames3(struct dcerpc_binding_handle *b,
+			      struct torture_context *tctx,
+			      struct policy_handle *handle,
+			      enum lsa_LookupNamesLevel level,
+			      struct lsa_TransNameArray2 *tnames,
+			      bool check_result)
+{
+	struct lsa_LookupNames3 r;
+	struct lsa_TransSidArray3 sids;
+	struct lsa_RefDomainList *domains = NULL;
+	struct lsa_String *names;
+	uint32_t count = 0;
+	int i;
+	uint32_t *input_idx;
+
+	torture_comment(tctx, "\nTesting LookupNames3 with %d names\n", tnames->count);
+
+	sids.count = 0;
+	sids.sids = NULL;
+
+	r.in.num_names = 0;
+
+	input_idx = talloc_array(tctx, uint32_t, tnames->count);
+	names = talloc_array(tctx, struct lsa_String, tnames->count);
+	for (i=0;i<tnames->count;i++) {
+		if (tnames->names[i].sid_type != SID_NAME_UNKNOWN) {
+			init_lsa_String(&names[r.in.num_names], tnames->names[i].name.string);
+			input_idx[r.in.num_names] = i;
+			r.in.num_names++;
+		}
+	}
+
+	r.in.handle = handle;
+	r.in.names = names;
+	r.in.sids = &sids;
+	r.in.level = level;
+	r.in.count = &count;
+	r.in.lookup_options = 0;
+	r.in.client_revision = 0;
+	r.out.count = &count;
+	r.out.sids = &sids;
+	r.out.domains = &domains;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_LookupNames3_r(b, tctx, &r),
+		"LookupNames3 failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+		"LookupNames3 failed");
+
+	if (check_result) {
+		torture_assert_int_equal(tctx, count, sids.count,
+			"unexpected number of results returned");
+		if (sids.count > 0) {
+			torture_assert(tctx, sids.sids, "invalid sid buffer");
+		}
+	}
+
+	torture_comment(tctx, "\n");
+
+	return true;
+}
+
+static bool test_LookupNames4(struct dcerpc_binding_handle *b,
+			      struct torture_context *tctx,
+			      enum lsa_LookupNamesLevel level,
+			      struct lsa_TransNameArray2 *tnames,
+			      bool check_result)
+{
+	struct lsa_LookupNames4 r;
+	struct lsa_TransSidArray3 sids;
+	struct lsa_RefDomainList *domains = NULL;
+	struct lsa_String *names;
+	uint32_t count = 0;
+	int i;
+	uint32_t *input_idx;
+
+	torture_comment(tctx, "\nTesting LookupNames4 with %d names\n", tnames->count);
+
+	sids.count = 0;
+	sids.sids = NULL;
+
+	r.in.num_names = 0;
+
+	input_idx = talloc_array(tctx, uint32_t, tnames->count);
+	names = talloc_array(tctx, struct lsa_String, tnames->count);
+	for (i=0;i<tnames->count;i++) {
+		if (tnames->names[i].sid_type != SID_NAME_UNKNOWN) {
+			init_lsa_String(&names[r.in.num_names], tnames->names[i].name.string);
+			input_idx[r.in.num_names] = i;
+			r.in.num_names++;
+		}
+	}
+
+	r.in.num_names = tnames->count;
+	r.in.names = names;
+	r.in.sids = &sids;
+	r.in.level = level;
+	r.in.count = &count;
+	r.in.lookup_options = 0;
+	r.in.client_revision = 0;
+	r.out.count = &count;
+	r.out.sids = &sids;
+	r.out.domains = &domains;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_LookupNames4_r(b, tctx, &r),
+		"LookupNames4 failed");
+
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NONE_MAPPED)) {
+			torture_comment(tctx,
+					"LookupNames4 failed: %s - not considered as an error",
+					nt_errstr(r.out.result));
+
+			return true;
+		}
+	}
+	torture_assert_ntstatus_ok(tctx,
+				   r.out.result,
+				   "LookupNames4 failed");
+
+	if (check_result) {
+		torture_assert_int_equal(tctx, count, sids.count,
+			"unexpected number of results returned");
+		if (sids.count > 0) {
+			torture_assert(tctx, sids.sids, "invalid sid buffer");
+		}
+	}
+
+	torture_comment(tctx, "\n");
+
+	return true;
+}
+
+static bool test_LookupNames4_fail(struct dcerpc_binding_handle *b,
+				   struct torture_context *tctx,
+				   enum lsa_LookupNamesLevel level)
+{
+	struct lsa_LookupNames4 r;
+	struct lsa_TransSidArray3 sids;
+	struct lsa_RefDomainList *domains = NULL;
+	struct lsa_String *names = NULL;
+	uint32_t count = 0;
+	NTSTATUS status;
+
+	torture_comment(tctx, "\nTesting LookupNames4_fail");
+
+	sids.count = 0;
+	sids.sids = NULL;
+
+	r.in.num_names = 0;
+
+	r.in.num_names = count;
+	r.in.names = names;
+	r.in.sids = &sids;
+	r.in.level = level;
+	r.in.count = &count;
+	r.in.lookup_options = 0;
+	r.in.client_revision = 0;
+	r.out.count = &count;
+	r.out.sids = &sids;
+	r.out.domains = &domains;
+
+	status = dcerpc_lsa_LookupNames4_r(b, tctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) ||
+		    NT_STATUS_EQUAL(status, NT_STATUS_CONNECTION_DISCONNECTED)) {
+			torture_comment(tctx,
+					"LookupNames4 correctly returned with "
+					"status: %s\n",
+					nt_errstr(status));
+			return true;
+		}
+
+		torture_assert_ntstatus_equal(tctx,
+					      status,
+					      NT_STATUS_ACCESS_DENIED,
+					      "LookupNames4 return value should "
+					      "be ACCESS_DENIED");
+		return true;
+	}
+
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_ACCESS_DENIED) ||
+		    NT_STATUS_EQUAL(r.out.result, NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED)) {
+			torture_comment(tctx,
+					"LookupSids3 correctly returned with "
+					"result: %s\n",
+					nt_errstr(r.out.result));
+			return true;
+		}
+	}
+
+	torture_fail(tctx,
+		     "LookupNames4 return value should be "
+		     "ACCESS_DENIED or RPC_PROTSEQ_NOT_SUPPORTED");
+
+	return false;
+}
+
+
+static bool test_LookupSids(struct dcerpc_binding_handle *b,
+			    struct torture_context *tctx,
+			    struct policy_handle *handle,
+			    enum lsa_LookupNamesLevel level,
+			    struct lsa_SidArray *sids)
+{
+	struct lsa_LookupSids r;
+	struct lsa_TransNameArray names;
+	struct lsa_RefDomainList *domains = NULL;
+	uint32_t count = sids->num_sids;
+
+	torture_comment(tctx, "\nTesting LookupSids\n");
+
+	names.count = 0;
+	names.names = NULL;
+
+	r.in.handle = handle;
+	r.in.sids = sids;
+	r.in.names = &names;
+	r.in.level = level;
+	r.in.count = &count;
+	r.out.count = &count;
+	r.out.names = &names;
+	r.out.domains = &domains;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_LookupSids_r(b, tctx, &r),
+		"LookupSids failed");
+	if (!NT_STATUS_EQUAL(r.out.result, STATUS_SOME_UNMAPPED)) {
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"LookupSids failed");
+	}
+
+	torture_comment(tctx, "\n");
+
+	if (!test_LookupNames(b, tctx, handle, level, &names)) {
+		return false;
+	}
+
+	return true;
+}
+
+
+static bool test_LookupSids2(struct dcerpc_binding_handle *b,
+			    struct torture_context *tctx,
+			    struct policy_handle *handle,
+			    enum lsa_LookupNamesLevel level,
+			    struct lsa_SidArray *sids)
+{
+	struct lsa_LookupSids2 r;
+	struct lsa_TransNameArray2 names;
+	struct lsa_RefDomainList *domains = NULL;
+	uint32_t count = sids->num_sids;
+
+	torture_comment(tctx, "\nTesting LookupSids2\n");
+
+	names.count = 0;
+	names.names = NULL;
+
+	r.in.handle = handle;
+	r.in.sids = sids;
+	r.in.names = &names;
+	r.in.level = level;
+	r.in.count = &count;
+	r.in.lookup_options = 0;
+	r.in.client_revision = 0;
+	r.out.count = &count;
+	r.out.names = &names;
+	r.out.domains = &domains;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_LookupSids2_r(b, tctx, &r),
+		"LookupSids2 failed");
+	if (!NT_STATUS_IS_OK(r.out.result) &&
+	    !NT_STATUS_EQUAL(r.out.result, STATUS_SOME_UNMAPPED)) {
+		torture_comment(tctx, "LookupSids2 failed - %s\n",
+				nt_errstr(r.out.result));
+		return false;
+	}
+
+	torture_comment(tctx, "\n");
+
+	if (!test_LookupNames2(b, tctx, handle, level, &names, false)) {
+		return false;
+	}
+
+	if (!test_LookupNames3(b, tctx, handle, level, &names, false)) {
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_LookupSids3(struct dcerpc_binding_handle *b,
+			    struct torture_context *tctx,
+			    enum lsa_LookupNamesLevel level,
+			    struct lsa_SidArray *sids)
+{
+	struct lsa_LookupSids3 r;
+	struct lsa_TransNameArray2 names;
+	struct lsa_RefDomainList *domains = NULL;
+	uint32_t count = sids->num_sids;
+
+	torture_comment(tctx, "\nTesting LookupSids3\n");
+
+	names.count = 0;
+	names.names = NULL;
+
+	r.in.sids = sids;
+	r.in.names = &names;
+	r.in.level = level;
+	r.in.count = &count;
+	r.in.lookup_options = 0;
+	r.in.client_revision = 0;
+	r.out.domains = &domains;
+	r.out.count = &count;
+	r.out.names = &names;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_LookupSids3_r(b, tctx, &r),
+		"LookupSids3 failed");
+
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NONE_MAPPED)) {
+			torture_comment(tctx,
+					"LookupSids3 failed: %s - not considered as an error",
+					nt_errstr(r.out.result));
+
+			return true;
+		}
+
+		torture_assert_ntstatus_ok(tctx,
+					   r.out.result,
+					   "LookupSids3 failed");
+
+		return false;
+	}
+
+	torture_comment(tctx, "\n");
+
+	if (!test_LookupNames4(b, tctx, level, &names, true)) {
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_LookupSids3_fail(struct dcerpc_binding_handle *b,
+				  struct torture_context *tctx,
+				  enum lsa_LookupNamesLevel level,
+				  struct lsa_SidArray *sids)
+{
+	struct lsa_LookupSids3 r;
+	struct lsa_TransNameArray2 names;
+	struct lsa_RefDomainList *domains = NULL;
+	uint32_t count = sids->num_sids;
+	NTSTATUS status;
+
+	torture_comment(tctx, "\nTesting LookupSids3\n");
+
+	names.count = 0;
+	names.names = NULL;
+
+	r.in.sids = sids;
+	r.in.names = &names;
+	r.in.level = level;
+	r.in.count = &count;
+	r.in.lookup_options = 0;
+	r.in.client_revision = 0;
+	r.out.domains = &domains;
+	r.out.count = &count;
+	r.out.names = &names;
+
+	status = dcerpc_lsa_LookupSids3_r(b, tctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) ||
+		    NT_STATUS_EQUAL(status, NT_STATUS_CONNECTION_DISCONNECTED)) {
+			torture_comment(tctx,
+					"LookupSids3 correctly returned with "
+					"status: %s\n",
+					nt_errstr(status));
+			return true;
+		}
+
+		torture_assert_ntstatus_equal(tctx,
+					      status,
+					      NT_STATUS_ACCESS_DENIED,
+					      "LookupSids3 return value should "
+					      "be ACCESS_DENIED");
+		return true;
+	}
+
+	if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_ACCESS_DENIED) ||
+	    NT_STATUS_EQUAL(r.out.result, NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED)) {
+		torture_comment(tctx,
+				"LookupNames4 correctly returned with "
+				"result: %s\n",
+				nt_errstr(r.out.result));
+		return true;
+	}
+
+	torture_fail(tctx,
+		     "LookupSids3 return value should be "
+		     "ACCESS_DENIED or RPC_PROTSEQ_NOT_SUPPORTED");
+
+	return false;
+}
+
+bool test_many_LookupSids(struct dcerpc_pipe *p,
+			  struct torture_context *tctx,
+			  struct policy_handle *handle,
+			  enum lsa_LookupNamesLevel level)
+{
+	uint32_t count;
+	struct lsa_SidArray sids;
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	enum dcerpc_transport_t transport = dcerpc_binding_get_transport(p->binding);
+
+	torture_comment(tctx, "\nTesting LookupSids with lots of SIDs\n");
+
+	sids.num_sids = 100;
+
+	sids.sids = talloc_array(tctx, struct lsa_SidPtr, sids.num_sids);
+
+	for (i=0; i<sids.num_sids; i++) {
+		const char *sidstr = "S-1-5-32-545";
+		sids.sids[i].sid = dom_sid_parse_talloc(tctx, sidstr);
+	}
+
+	count = sids.num_sids;
+
+	if (handle) {
+		struct lsa_LookupSids r;
+		struct lsa_TransNameArray names;
+		struct lsa_RefDomainList *domains = NULL;
+		names.count = 0;
+		names.names = NULL;
+
+		r.in.handle = handle;
+		r.in.sids = &sids;
+		r.in.names = &names;
+		r.in.level = level;
+		r.in.count = &names.count;
+		r.out.count = &count;
+		r.out.names = &names;
+		r.out.domains = &domains;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_LookupSids_r(b, tctx, &r),
+			"LookupSids failed");
+		if (!NT_STATUS_IS_OK(r.out.result)) {
+			torture_comment(tctx, "LookupSids failed - %s\n",
+					nt_errstr(r.out.result));
+			return false;
+		}
+
+		torture_comment(tctx, "\n");
+
+		if (!test_LookupNames(b, tctx, handle, level, &names)) {
+			return false;
+		}
+	}
+
+	if (transport == NCACN_NP) {
+		if (!test_LookupSids3_fail(b, tctx, level, &sids)) {
+			return false;
+		}
+		if (!test_LookupNames4_fail(b, tctx, level)) {
+			return false;
+		}
+	} else if (transport == NCACN_IP_TCP) {
+		struct lsa_TransNameArray2 names;
+		enum dcerpc_AuthType auth_type;
+		enum dcerpc_AuthLevel auth_level;
+
+		names.count = 0;
+		names.names = NULL;
+
+		dcerpc_binding_handle_auth_info(p->binding_handle,
+						&auth_type, &auth_level);
+
+		if (auth_type == DCERPC_AUTH_TYPE_SCHANNEL &&
+		    auth_level >= DCERPC_AUTH_LEVEL_INTEGRITY) {
+			if (!test_LookupSids3(b, tctx, level, &sids)) {
+				return false;
+			}
+			if (!test_LookupNames4(b, tctx, level, &names, true)) {
+				return false;
+			}
+		} else {
+			/*
+			 * If we don't have a secure channel these tests must
+			 * fail with ACCESS_DENIED.
+			 */
+			if (!test_LookupSids3_fail(b, tctx, level, &sids)) {
+				return false;
+			}
+			if (!test_LookupNames4_fail(b, tctx, level)) {
+				return false;
+			}
+		}
+	}
+
+	torture_comment(tctx, "\n");
+
+
+
+	return true;
+}
+
+static void lookupsids_cb(struct tevent_req *subreq)
+{
+	int *replies = (int *)tevent_req_callback_data_void(subreq);
+	NTSTATUS status;
+
+	status = dcerpc_lsa_LookupSids_r_recv(subreq, subreq);
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("lookupsids returned %s\n", nt_errstr(status));
+		*replies = -1;
+	}
+
+	if (*replies >= 0) {
+		*replies += 1;
+	}
+}
+
+static bool test_LookupSids_async(struct dcerpc_binding_handle *b,
+				  struct torture_context *tctx,
+				  struct policy_handle *handle,
+				  enum lsa_LookupNamesLevel level)
+{
+	struct lsa_SidArray sids;
+	struct lsa_SidPtr sidptr;
+	uint32_t *count;
+	struct lsa_TransNameArray *names;
+	struct lsa_LookupSids *r;
+	struct lsa_RefDomainList *domains = NULL;
+	struct tevent_req **req;
+	int i, replies;
+	bool ret = true;
+	const int num_async_requests = 50;
+
+	count = talloc_array(tctx, uint32_t, num_async_requests);
+	names = talloc_array(tctx, struct lsa_TransNameArray, num_async_requests);
+	r = talloc_array(tctx, struct lsa_LookupSids, num_async_requests);
+
+	torture_comment(tctx, "\nTesting %d async lookupsids request\n", num_async_requests);
+
+	req = talloc_array(tctx, struct tevent_req *, num_async_requests);
+
+	sids.num_sids = 1;
+	sids.sids = &sidptr;
+	sidptr.sid = dom_sid_parse_talloc(tctx, "S-1-5-32-545");
+
+	replies = 0;
+
+	for (i=0; i<num_async_requests; i++) {
+		count[i] = 0;
+		names[i].count = 0;
+		names[i].names = NULL;
+
+		r[i].in.handle = handle;
+		r[i].in.sids = &sids;
+		r[i].in.names = &names[i];
+		r[i].in.level = level;
+		r[i].in.count = &names[i].count;
+		r[i].out.count = &count[i];
+		r[i].out.names = &names[i];
+		r[i].out.domains = &domains;
+
+		req[i] = dcerpc_lsa_LookupSids_r_send(tctx, tctx->ev, b, &r[i]);
+		if (req[i] == NULL) {
+			ret = false;
+			break;
+		}
+
+		tevent_req_set_callback(req[i], lookupsids_cb, &replies);
+	}
+
+	while (replies >= 0 && replies < num_async_requests) {
+		tevent_loop_once(tctx->ev);
+	}
+
+	talloc_free(req);
+
+	if (replies < 0) {
+		ret = false;
+	}
+
+	return ret;
+}
+
+static bool test_LookupPrivValue(struct dcerpc_binding_handle *b,
+				 struct torture_context *tctx,
+				 struct policy_handle *handle,
+				 struct lsa_String *name)
+{
+	struct lsa_LookupPrivValue r;
+	struct lsa_LUID luid;
+
+	r.in.handle = handle;
+	r.in.name = name;
+	r.out.luid = &luid;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_LookupPrivValue_r(b, tctx, &r),
+		"LookupPrivValue failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+		"LookupPrivValue failed");
+
+	return true;
+}
+
+static bool test_LookupPrivName(struct dcerpc_binding_handle *b,
+				struct torture_context *tctx,
+				struct policy_handle *handle,
+				struct lsa_LUID *luid)
+{
+	struct lsa_LookupPrivName r;
+	struct lsa_StringLarge *name = NULL;
+
+	r.in.handle = handle;
+	r.in.luid = luid;
+	r.out.name = &name;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_LookupPrivName_r(b, tctx, &r),
+		"LookupPrivName failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "LookupPrivName failed");
+
+	return true;
+}
+
+static bool test_RemovePrivilegesFromAccount(struct dcerpc_binding_handle *b,
+					     struct torture_context *tctx,
+					     struct policy_handle *handle,
+					     struct policy_handle *acct_handle,
+					     struct lsa_LUID *luid)
+{
+	struct lsa_RemovePrivilegesFromAccount r;
+	struct lsa_PrivilegeSet privs;
+	bool ret = true;
+
+	torture_comment(tctx, "\nTesting RemovePrivilegesFromAccount\n");
+
+	r.in.handle = acct_handle;
+	r.in.remove_all = 0;
+	r.in.privs = &privs;
+
+	privs.count = 1;
+	privs.unknown = 0;
+	privs.set = talloc_array(tctx, struct lsa_LUIDAttribute, 1);
+	privs.set[0].luid = *luid;
+	privs.set[0].attribute = 0;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_RemovePrivilegesFromAccount_r(b, tctx, &r),
+		"RemovePrivilegesFromAccount failed");
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+
+		struct lsa_LookupPrivName r_name;
+		struct lsa_StringLarge *name = NULL;
+
+		r_name.in.handle = handle;
+		r_name.in.luid = luid;
+		r_name.out.name = &name;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_LookupPrivName_r(b, tctx, &r_name),
+			"LookupPrivName failed");
+		if (!NT_STATUS_IS_OK(r_name.out.result)) {
+			torture_comment(tctx, "\nLookupPrivName failed - %s\n",
+					nt_errstr(r_name.out.result));
+			return false;
+		}
+		/* Windows 2008 does not allow this to be removed */
+		if (strcmp("SeAuditPrivilege", name->string) == 0) {
+			return ret;
+		}
+
+		torture_comment(tctx, "RemovePrivilegesFromAccount failed to remove %s - %s\n",
+		       name->string,
+		       nt_errstr(r.out.result));
+		return false;
+	}
+
+	return ret;
+}
+
+static bool test_AddPrivilegesToAccount(struct dcerpc_binding_handle *b,
+					struct torture_context *tctx,
+					struct policy_handle *acct_handle,
+					struct lsa_LUID *luid)
+{
+	struct lsa_AddPrivilegesToAccount r;
+	struct lsa_PrivilegeSet privs;
+	bool ret = true;
+
+	torture_comment(tctx, "\nTesting AddPrivilegesToAccount\n");
+
+	r.in.handle = acct_handle;
+	r.in.privs = &privs;
+
+	privs.count = 1;
+	privs.unknown = 0;
+	privs.set = talloc_array(tctx, struct lsa_LUIDAttribute, 1);
+	privs.set[0].luid = *luid;
+	privs.set[0].attribute = 0;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_AddPrivilegesToAccount_r(b, tctx, &r),
+		"AddPrivilegesToAccount failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+		"AddPrivilegesToAccount failed");
+	return ret;
+}
+
+static bool test_EnumPrivsAccount(struct dcerpc_binding_handle *b,
+				  struct torture_context *tctx,
+				  struct policy_handle *handle,
+				  struct policy_handle *acct_handle)
+{
+	struct lsa_EnumPrivsAccount r;
+	struct lsa_PrivilegeSet *privs = NULL;
+	bool ret = true;
+
+	torture_comment(tctx, "\nTesting EnumPrivsAccount\n");
+
+	r.in.handle = acct_handle;
+	r.out.privs = &privs;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_EnumPrivsAccount_r(b, tctx, &r),
+		"EnumPrivsAccount failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+		"EnumPrivsAccount failed");
+
+	if (privs && privs->count > 0) {
+		int i;
+		for (i=0;i<privs->count;i++) {
+			test_LookupPrivName(b, tctx, handle,
+					    &privs->set[i].luid);
+		}
+
+		ret &= test_RemovePrivilegesFromAccount(b, tctx, handle, acct_handle,
+							&privs->set[0].luid);
+		ret &= test_AddPrivilegesToAccount(b, tctx, acct_handle,
+						   &privs->set[0].luid);
+	}
+
+	return ret;
+}
+
+static bool test_GetSystemAccessAccount(struct dcerpc_binding_handle *b,
+					struct torture_context *tctx,
+					struct policy_handle *handle,
+					struct policy_handle *acct_handle)
+{
+	uint32_t access_mask;
+	struct lsa_GetSystemAccessAccount r;
+
+	torture_comment(tctx, "\nTesting GetSystemAccessAccount\n");
+
+	r.in.handle = acct_handle;
+	r.out.access_mask = &access_mask;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_GetSystemAccessAccount_r(b, tctx, &r),
+		"GetSystemAccessAccount failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+		"GetSystemAccessAccount failed");
+
+	if (r.out.access_mask != NULL) {
+		torture_comment(tctx, "Rights:");
+		if (*(r.out.access_mask) & LSA_POLICY_MODE_INTERACTIVE)
+			torture_comment(tctx, " LSA_POLICY_MODE_INTERACTIVE");
+		if (*(r.out.access_mask) & LSA_POLICY_MODE_NETWORK)
+			torture_comment(tctx, " LSA_POLICY_MODE_NETWORK");
+		if (*(r.out.access_mask) & LSA_POLICY_MODE_BATCH)
+			torture_comment(tctx, " LSA_POLICY_MODE_BATCH");
+		if (*(r.out.access_mask) & LSA_POLICY_MODE_SERVICE)
+			torture_comment(tctx, " LSA_POLICY_MODE_SERVICE");
+		if (*(r.out.access_mask) & LSA_POLICY_MODE_PROXY)
+			torture_comment(tctx, " LSA_POLICY_MODE_PROXY");
+		if (*(r.out.access_mask) & LSA_POLICY_MODE_DENY_INTERACTIVE)
+			torture_comment(tctx, " LSA_POLICY_MODE_DENY_INTERACTIVE");
+		if (*(r.out.access_mask) & LSA_POLICY_MODE_DENY_NETWORK)
+			torture_comment(tctx, " LSA_POLICY_MODE_DENY_NETWORK");
+		if (*(r.out.access_mask) & LSA_POLICY_MODE_DENY_BATCH)
+			torture_comment(tctx, " LSA_POLICY_MODE_DENY_BATCH");
+		if (*(r.out.access_mask) & LSA_POLICY_MODE_DENY_SERVICE)
+			torture_comment(tctx, " LSA_POLICY_MODE_DENY_SERVICE");
+		if (*(r.out.access_mask) & LSA_POLICY_MODE_REMOTE_INTERACTIVE)
+			torture_comment(tctx, " LSA_POLICY_MODE_REMOTE_INTERACTIVE");
+		if (*(r.out.access_mask) & LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE)
+			torture_comment(tctx, " LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE");
+		if (*(r.out.access_mask) & LSA_POLICY_MODE_ALL)
+			torture_comment(tctx, " LSA_POLICY_MODE_ALL");
+		if (*(r.out.access_mask) & LSA_POLICY_MODE_ALL_NT4)
+			torture_comment(tctx, " LSA_POLICY_MODE_ALL_NT4");
+		torture_comment(tctx, "\n");
+	}
+
+	return true;
+}
+
+static bool test_Delete(struct dcerpc_binding_handle *b,
+			struct torture_context *tctx,
+			struct policy_handle *handle)
+{
+	struct lsa_Delete r;
+
+	torture_comment(tctx, "\nTesting Delete\n");
+
+	r.in.handle = handle;
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_Delete_r(b, tctx, &r),
+		"Delete failed");
+	torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_NOT_SUPPORTED,
+		"Delete should have failed NT_STATUS_NOT_SUPPORTED");
+
+	return true;
+}
+
+static bool test_DeleteObject(struct dcerpc_binding_handle *b,
+			      struct torture_context *tctx,
+			      struct policy_handle *handle)
+{
+	struct lsa_DeleteObject r;
+
+	torture_comment(tctx, "\nTesting DeleteObject\n");
+
+	r.in.handle = handle;
+	r.out.handle = handle;
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_DeleteObject_r(b, tctx, &r),
+		"DeleteObject failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+		"DeleteObject failed");
+
+	return true;
+}
+
+
+static bool test_CreateAccount(struct dcerpc_binding_handle *b,
+			       struct torture_context *tctx,
+			       struct policy_handle *handle)
+{
+	struct lsa_CreateAccount r;
+	struct dom_sid2 *newsid;
+	struct policy_handle acct_handle;
+
+	newsid = dom_sid_parse_talloc(tctx, "S-1-5-12349876-4321-2854");
+
+	torture_comment(tctx, "\nTesting CreateAccount\n");
+
+	r.in.handle = handle;
+	r.in.sid = newsid;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.acct_handle = &acct_handle;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_CreateAccount_r(b, tctx, &r),
+		"CreateAccount failed");
+	if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_OBJECT_NAME_COLLISION)) {
+		struct lsa_OpenAccount r_o;
+		r_o.in.handle = handle;
+		r_o.in.sid = newsid;
+		r_o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+		r_o.out.acct_handle = &acct_handle;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_OpenAccount_r(b, tctx, &r_o),
+			"OpenAccount failed");
+		torture_assert_ntstatus_ok(tctx, r_o.out.result,
+			"OpenAccount failed");
+	} else {
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+					   "CreateAccount failed");
+	}
+
+	if (!test_Delete(b, tctx, &acct_handle)) {
+		return false;
+	}
+
+	if (!test_DeleteObject(b, tctx, &acct_handle)) {
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_DeleteTrustedDomain(struct dcerpc_binding_handle *b,
+				     struct torture_context *tctx,
+				     struct policy_handle *handle,
+				     struct lsa_StringLarge name)
+{
+	struct lsa_OpenTrustedDomainByName r;
+	struct policy_handle trustdom_handle;
+
+	r.in.handle = handle;
+	r.in.name.string = name.string;
+	r.in.access_mask = SEC_STD_DELETE;
+	r.out.trustdom_handle = &trustdom_handle;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_OpenTrustedDomainByName_r(b, tctx, &r),
+		"OpenTrustedDomainByName failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+		"OpenTrustedDomainByName failed");
+
+	if (!test_Delete(b, tctx, &trustdom_handle)) {
+		return false;
+	}
+
+	if (!test_DeleteObject(b, tctx, &trustdom_handle)) {
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_DeleteTrustedDomainBySid(struct dcerpc_binding_handle *b,
+					  struct torture_context *tctx,
+					  struct policy_handle *handle,
+					  struct dom_sid *sid)
+{
+	struct lsa_DeleteTrustedDomain r;
+
+	r.in.handle = handle;
+	r.in.dom_sid = sid;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_DeleteTrustedDomain_r(b, tctx, &r),
+		"DeleteTrustedDomain failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+		"DeleteTrustedDomain failed");
+
+	return true;
+}
+
+
+static bool test_CreateSecret(struct dcerpc_pipe *p,
+			      struct torture_context *tctx,
+			      struct policy_handle *handle)
+{
+	struct lsa_CreateSecret r;
+	struct lsa_OpenSecret r2;
+	struct lsa_SetSecret r3;
+	struct lsa_QuerySecret r4;
+	struct lsa_SetSecret r5;
+	struct lsa_QuerySecret r6;
+	struct lsa_SetSecret r7;
+	struct lsa_QuerySecret r8;
+	struct policy_handle sec_handle, sec_handle2, sec_handle3;
+	struct lsa_DeleteObject d_o;
+	struct lsa_DATA_BUF buf1;
+	struct lsa_DATA_BUF_PTR bufp1;
+	struct lsa_DATA_BUF_PTR bufp2;
+	DATA_BLOB enc_key;
+	bool ret = true;
+	DATA_BLOB session_key;
+	NTTIME old_mtime, new_mtime;
+	DATA_BLOB blob1;
+	const char *secret1 = "abcdef12345699qwerty";
+	char *secret2;
+ 	const char *secret3 = "ABCDEF12345699QWERTY";
+	char *secret4;
+ 	const char *secret5 = "NEW-SAMBA4-SECRET";
+	char *secret6;
+	char *secname[2];
+	int i;
+	const int LOCAL = 0;
+	const int GLOBAL = 1;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	secname[LOCAL] = talloc_asprintf(tctx, "torturesecret-%u", (unsigned int)random());
+	secname[GLOBAL] = talloc_asprintf(tctx, "G$torturesecret-%u", (unsigned int)random());
+
+	for (i=0; i< 2; i++) {
+		torture_comment(tctx, "\nTesting CreateSecret of %s\n", secname[i]);
+
+		init_lsa_String(&r.in.name, secname[i]);
+
+		r.in.handle = handle;
+		r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+		r.out.sec_handle = &sec_handle;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_CreateSecret_r(b, tctx, &r),
+			"CreateSecret failed");
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"CreateSecret failed");
+
+		r.in.handle = handle;
+		r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+		r.out.sec_handle = &sec_handle3;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_CreateSecret_r(b, tctx, &r),
+			"CreateSecret failed");
+		torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_OBJECT_NAME_COLLISION,
+					      "CreateSecret should have failed OBJECT_NAME_COLLISION");
+
+		r2.in.handle = handle;
+		r2.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+		r2.in.name = r.in.name;
+		r2.out.sec_handle = &sec_handle2;
+
+		torture_comment(tctx, "Testing OpenSecret\n");
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_OpenSecret_r(b, tctx, &r2),
+			"OpenSecret failed");
+		torture_assert_ntstatus_ok(tctx, r2.out.result,
+					   "OpenSecret failed");
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_fetch_session_key(p, &session_key),
+					   "dcerpc_fetch_session_key failed");
+
+		enc_key = sess_encrypt_string(secret1, &session_key);
+
+		r3.in.sec_handle = &sec_handle;
+		r3.in.new_val = &buf1;
+		r3.in.old_val = NULL;
+		r3.in.new_val->data = enc_key.data;
+		r3.in.new_val->length = enc_key.length;
+		r3.in.new_val->size = enc_key.length;
+
+		torture_comment(tctx, "Testing SetSecret\n");
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_SetSecret_r(b, tctx, &r3),
+			"SetSecret failed");
+		torture_assert_ntstatus_ok(tctx, r3.out.result,
+			"SetSecret failed");
+
+		r3.in.sec_handle = &sec_handle;
+		r3.in.new_val = &buf1;
+		r3.in.old_val = NULL;
+		r3.in.new_val->data = enc_key.data;
+		r3.in.new_val->length = enc_key.length;
+		r3.in.new_val->size = enc_key.length;
+
+		/* break the encrypted data */
+		enc_key.data[0]++;
+
+		torture_comment(tctx, "Testing SetSecret with broken key\n");
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_SetSecret_r(b, tctx, &r3),
+					   "SetSecret failed");
+		torture_assert_ntstatus_equal(tctx, r3.out.result, NT_STATUS_UNKNOWN_REVISION,
+					      "SetSecret should have failed UNKNOWN_REVISION");
+
+		data_blob_free(&enc_key);
+
+		ZERO_STRUCT(new_mtime);
+		ZERO_STRUCT(old_mtime);
+
+		/* fetch the secret back again */
+		r4.in.sec_handle = &sec_handle;
+		r4.in.new_val = &bufp1;
+		r4.in.new_mtime = &new_mtime;
+		r4.in.old_val = NULL;
+		r4.in.old_mtime = NULL;
+
+		bufp1.buf = NULL;
+
+		torture_comment(tctx, "Testing QuerySecret\n");
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_QuerySecret_r(b, tctx, &r4),
+			"QuerySecret failed");
+		if (!NT_STATUS_IS_OK(r4.out.result)) {
+			torture_comment(tctx, "QuerySecret failed - %s\n", nt_errstr(r4.out.result));
+			ret = false;
+		} else {
+			if (r4.out.new_val == NULL || r4.out.new_val->buf == NULL) {
+				torture_comment(tctx, "No secret buffer returned\n");
+				ret = false;
+			} else {
+				blob1.data = r4.out.new_val->buf->data;
+				blob1.length = r4.out.new_val->buf->size;
+
+				secret2 = sess_decrypt_string(tctx,
+							      &blob1, &session_key);
+
+				if (strcmp(secret1, secret2) != 0) {
+					torture_comment(tctx, "Returned secret (r4) '%s' doesn't match '%s'\n",
+					       secret2, secret1);
+					ret = false;
+				}
+			}
+		}
+
+		enc_key = sess_encrypt_string(secret3, &session_key);
+
+		r5.in.sec_handle = &sec_handle;
+		r5.in.new_val = &buf1;
+		r5.in.old_val = NULL;
+		r5.in.new_val->data = enc_key.data;
+		r5.in.new_val->length = enc_key.length;
+		r5.in.new_val->size = enc_key.length;
+
+
+		smb_msleep(200);
+		torture_comment(tctx, "Testing SetSecret (existing value should move to old)\n");
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_SetSecret_r(b, tctx, &r5),
+			"SetSecret failed");
+		if (!NT_STATUS_IS_OK(r5.out.result)) {
+			torture_comment(tctx, "SetSecret failed - %s\n", nt_errstr(r5.out.result));
+			ret = false;
+		}
+
+		data_blob_free(&enc_key);
+
+		ZERO_STRUCT(new_mtime);
+		ZERO_STRUCT(old_mtime);
+
+		/* fetch the secret back again */
+		r6.in.sec_handle = &sec_handle;
+		r6.in.new_val = &bufp1;
+		r6.in.new_mtime = &new_mtime;
+		r6.in.old_val = &bufp2;
+		r6.in.old_mtime = &old_mtime;
+
+		bufp1.buf = NULL;
+		bufp2.buf = NULL;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_QuerySecret_r(b, tctx, &r6),
+			"QuerySecret failed");
+		if (!NT_STATUS_IS_OK(r6.out.result)) {
+			torture_comment(tctx, "QuerySecret failed - %s\n", nt_errstr(r6.out.result));
+			ret = false;
+			secret4 = NULL;
+		} else {
+
+			if (r6.out.new_val->buf == NULL || r6.out.old_val->buf == NULL
+				|| r6.out.new_mtime == NULL || r6.out.old_mtime == NULL) {
+				torture_comment(tctx, "Both secret buffers and both times not returned\n");
+				ret = false;
+				secret4 = NULL;
+			} else {
+				blob1.data = r6.out.new_val->buf->data;
+				blob1.length = r6.out.new_val->buf->size;
+
+				secret4 = sess_decrypt_string(tctx,
+							      &blob1, &session_key);
+
+				if (strcmp(secret3, secret4) != 0) {
+					torture_comment(tctx, "Returned NEW secret %s doesn't match %s\n", secret4, secret3);
+					ret = false;
+				}
+
+				blob1.data = r6.out.old_val->buf->data;
+				blob1.length = r6.out.old_val->buf->length;
+
+				secret2 = sess_decrypt_string(tctx,
+							      &blob1, &session_key);
+
+				if (strcmp(secret1, secret2) != 0) {
+					torture_comment(tctx, "Returned OLD secret %s doesn't match %s\n", secret2, secret1);
+					ret = false;
+				}
+
+				if (*r6.out.new_mtime == *r6.out.old_mtime) {
+					torture_comment(tctx, "Returned secret (r6-%d) %s must not have same mtime for both secrets: %s != %s\n",
+					       i,
+					       secname[i],
+					       nt_time_string(tctx, *r6.out.old_mtime),
+					       nt_time_string(tctx, *r6.out.new_mtime));
+					ret = false;
+				}
+			}
+		}
+
+		enc_key = sess_encrypt_string(secret5, &session_key);
+
+		r7.in.sec_handle = &sec_handle;
+		r7.in.old_val = &buf1;
+		r7.in.old_val->data = enc_key.data;
+		r7.in.old_val->length = enc_key.length;
+		r7.in.old_val->size = enc_key.length;
+		r7.in.new_val = NULL;
+
+		torture_comment(tctx, "Testing SetSecret of old Secret only\n");
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_SetSecret_r(b, tctx, &r7),
+			"SetSecret failed");
+		if (!NT_STATUS_IS_OK(r7.out.result)) {
+			torture_comment(tctx, "SetSecret failed - %s\n", nt_errstr(r7.out.result));
+			ret = false;
+		}
+
+		data_blob_free(&enc_key);
+
+		/* fetch the secret back again */
+		r8.in.sec_handle = &sec_handle;
+		r8.in.new_val = &bufp1;
+		r8.in.new_mtime = &new_mtime;
+		r8.in.old_val = &bufp2;
+		r8.in.old_mtime = &old_mtime;
+
+		bufp1.buf = NULL;
+		bufp2.buf = NULL;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_QuerySecret_r(b, tctx, &r8),
+			"QuerySecret failed");
+		if (!NT_STATUS_IS_OK(r8.out.result)) {
+			torture_comment(tctx, "QuerySecret failed - %s\n", nt_errstr(r8.out.result));
+			ret = false;
+		} else {
+			if (!r8.out.new_val || !r8.out.old_val) {
+				torture_comment(tctx, "in/out pointers not returned, despite being set on in for QuerySecret\n");
+				ret = false;
+			} else if (r8.out.new_val->buf != NULL) {
+				torture_comment(tctx, "NEW secret buffer must not be returned after OLD set\n");
+				ret = false;
+			} else if (r8.out.old_val->buf == NULL) {
+				torture_comment(tctx, "OLD secret buffer was not returned after OLD set\n");
+				ret = false;
+			} else if (r8.out.new_mtime == NULL || r8.out.old_mtime == NULL) {
+				torture_comment(tctx, "Both times not returned after OLD set\n");
+				ret = false;
+			} else {
+				blob1.data = r8.out.old_val->buf->data;
+				blob1.length = r8.out.old_val->buf->size;
+
+				secret6 = sess_decrypt_string(tctx,
+							      &blob1, &session_key);
+
+				if (strcmp(secret5, secret6) != 0) {
+					torture_comment(tctx, "Returned OLD secret %s doesn't match %s\n", secret5, secret6);
+					ret = false;
+				}
+
+				if (*r8.out.new_mtime != *r8.out.old_mtime) {
+					torture_comment(tctx, "Returned secret (r8) %s did not had same mtime for both secrets: %s != %s\n",
+					       secname[i],
+					       nt_time_string(tctx, *r8.out.old_mtime),
+					       nt_time_string(tctx, *r8.out.new_mtime));
+					ret = false;
+				}
+			}
+		}
+
+		if (!test_Delete(b, tctx, &sec_handle)) {
+			ret = false;
+		}
+
+		if (!test_DeleteObject(b, tctx, &sec_handle)) {
+			return false;
+		}
+
+		d_o.in.handle = &sec_handle2;
+		d_o.out.handle = &sec_handle2;
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_DeleteObject_r(b, tctx, &d_o),
+			"DeleteObject failed");
+		torture_assert_ntstatus_equal(tctx, d_o.out.result, NT_STATUS_INVALID_HANDLE,
+					      "OpenSecret expected INVALID_HANDLE");
+
+		torture_comment(tctx, "Testing OpenSecret of just-deleted secret\n");
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_OpenSecret_r(b, tctx, &r2),
+					   "OpenSecret failed");
+		torture_assert_ntstatus_equal(tctx, r2.out.result, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+					      "OpenSecret expected OBJECT_NAME_NOT_FOUND");
+	}
+	return ret;
+}
+
+
+static bool test_EnumAccountRights(struct dcerpc_binding_handle *b,
+				   struct torture_context *tctx,
+				   struct policy_handle *acct_handle,
+				   struct dom_sid *sid)
+{
+	struct lsa_EnumAccountRights r;
+	struct lsa_RightSet rights;
+
+	torture_comment(tctx, "\nTesting EnumAccountRights\n");
+
+	r.in.handle = acct_handle;
+	r.in.sid = sid;
+	r.out.rights = &rights;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_EnumAccountRights_r(b, tctx, &r),
+		"EnumAccountRights failed");
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		torture_comment(tctx, "EnumAccountRights of %s failed - %s\n",
+		       dom_sid_string(tctx, sid), nt_errstr(r.out.result));
+	}
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+		"EnumAccountRights failed");
+
+	return true;
+}
+
+
+static bool test_QuerySecurity(struct dcerpc_binding_handle *b,
+			     struct torture_context *tctx,
+			     struct policy_handle *handle,
+			     struct policy_handle *acct_handle)
+{
+	struct lsa_QuerySecurity r;
+	struct sec_desc_buf *sdbuf = NULL;
+
+	if (torture_setting_bool(tctx, "samba4", false)) {
+		torture_comment(tctx, "\nskipping QuerySecurity test against Samba4\n");
+		return true;
+	}
+
+	torture_comment(tctx, "\nTesting QuerySecurity\n");
+
+	r.in.handle = acct_handle;
+	r.in.sec_info = SECINFO_OWNER |
+			SECINFO_GROUP |
+			SECINFO_DACL;
+	r.out.sdbuf = &sdbuf;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_QuerySecurity_r(b, tctx, &r),
+		"QuerySecurity failed");
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		torture_comment(tctx, "QuerySecurity failed - %s\n", nt_errstr(r.out.result));
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_OpenAccount(struct dcerpc_binding_handle *b,
+			     struct torture_context *tctx,
+			     struct policy_handle *handle,
+			     struct dom_sid *sid)
+{
+	struct lsa_OpenAccount r;
+	struct policy_handle acct_handle;
+
+	torture_comment(tctx, "\nTesting OpenAccount\n");
+
+	r.in.handle = handle;
+	r.in.sid = sid;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.acct_handle = &acct_handle;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_OpenAccount_r(b, tctx, &r),
+		"OpenAccount failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+		"OpenAccount failed");
+
+	if (!test_EnumPrivsAccount(b, tctx, handle, &acct_handle)) {
+		return false;
+	}
+
+	if (!test_GetSystemAccessAccount(b, tctx, handle, &acct_handle)) {
+		return false;
+	}
+
+	if (!test_QuerySecurity(b, tctx, handle, &acct_handle)) {
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_EnumAccounts(struct dcerpc_binding_handle *b,
+			      struct torture_context *tctx,
+			      struct policy_handle *handle)
+{
+	struct lsa_EnumAccounts r;
+	struct lsa_SidArray sids1, sids2;
+	uint32_t resume_handle = 0;
+	int i;
+	bool ret = true;
+
+	torture_comment(tctx, "\nTesting EnumAccounts\n");
+
+	r.in.handle = handle;
+	r.in.resume_handle = &resume_handle;
+	r.in.num_entries = 100;
+	r.out.resume_handle = &resume_handle;
+	r.out.sids = &sids1;
+
+	resume_handle = 0;
+	while (true) {
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_EnumAccounts_r(b, tctx, &r),
+			"EnumAccounts failed");
+		if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NO_MORE_ENTRIES)) {
+			break;
+		}
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"EnumAccounts failed");
+
+		if (!test_LookupSids(b, tctx, handle, LSA_LOOKUP_NAMES_ALL, &sids1)) {
+			return false;
+		}
+
+		if (!test_LookupSids2(b, tctx, handle, LSA_LOOKUP_NAMES_ALL, &sids1)) {
+			return false;
+		}
+
+		/* Can't test lookupSids3 here, as clearly we must not
+		 * be on schannel, or we would not be able to do the
+		 * rest */
+
+		torture_comment(tctx, "Testing all accounts\n");
+		for (i=0;i<sids1.num_sids;i++) {
+			ret &= test_OpenAccount(b, tctx, handle, sids1.sids[i].sid);
+			ret &= test_EnumAccountRights(b, tctx, handle, sids1.sids[i].sid);
+		}
+		torture_comment(tctx, "\n");
+	}
+
+	if (sids1.num_sids < 3) {
+		return ret;
+	}
+
+	torture_comment(tctx, "Trying EnumAccounts partial listing (asking for 1 at 2)\n");
+	resume_handle = 2;
+	r.in.num_entries = 1;
+	r.out.sids = &sids2;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_EnumAccounts_r(b, tctx, &r),
+		"EnumAccounts failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+		"EnumAccounts failed");
+
+	if (sids2.num_sids != 1) {
+		torture_comment(tctx, "Returned wrong number of entries (%d)\n", sids2.num_sids);
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_LookupPrivDisplayName(struct dcerpc_binding_handle *b,
+				       struct torture_context *tctx,
+				       struct policy_handle *handle,
+				       struct lsa_String *priv_name)
+{
+	struct lsa_LookupPrivDisplayName r;
+	/* produce a reasonable range of language output without screwing up
+	   terminals */
+	uint16_t language_id = (random() % 4) + 0x409;
+	uint16_t returned_language_id = 0;
+	struct lsa_StringLarge *disp_name = NULL;
+
+	torture_comment(tctx, "\nTesting LookupPrivDisplayName(%s)\n", priv_name->string);
+
+	r.in.handle = handle;
+	r.in.name = priv_name;
+	r.in.language_id = language_id;
+	r.in.language_id_sys = 0;
+	r.out.returned_language_id = &returned_language_id;
+	r.out.disp_name = &disp_name;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_LookupPrivDisplayName_r(b, tctx, &r),
+		"LookupPrivDisplayName failed");
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		torture_comment(tctx, "LookupPrivDisplayName failed - %s\n", nt_errstr(r.out.result));
+		return false;
+	}
+	torture_comment(tctx, "%s -> \"%s\"  (language 0x%x/0x%x)\n",
+	       priv_name->string, disp_name->string,
+	       r.in.language_id, *r.out.returned_language_id);
+
+	return true;
+}
+
+static bool test_EnumAccountsWithUserRight(struct dcerpc_binding_handle *b,
+					   struct torture_context *tctx,
+					   struct policy_handle *handle,
+					   struct lsa_String *priv_name)
+{
+	struct lsa_EnumAccountsWithUserRight r;
+	struct lsa_SidArray sids;
+
+	ZERO_STRUCT(sids);
+
+	torture_comment(tctx, "\nTesting EnumAccountsWithUserRight(%s)\n", priv_name->string);
+
+	r.in.handle = handle;
+	r.in.name = priv_name;
+	r.out.sids = &sids;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_EnumAccountsWithUserRight_r(b, tctx, &r),
+		"EnumAccountsWithUserRight failed");
+
+	/* NT_STATUS_NO_MORE_ENTRIES means no one has this privilege */
+	if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NO_MORE_ENTRIES)) {
+		return true;
+	}
+
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		torture_comment(tctx, "EnumAccountsWithUserRight failed - %s\n", nt_errstr(r.out.result));
+		return false;
+	}
+
+	return true;
+}
+
+
+static bool test_EnumPrivs(struct dcerpc_binding_handle *b,
+			   struct torture_context *tctx,
+			   struct policy_handle *handle)
+{
+	struct lsa_EnumPrivs r;
+	struct lsa_PrivArray privs1;
+	uint32_t resume_handle = 0;
+	int i;
+	bool ret = true;
+
+	torture_comment(tctx, "\nTesting EnumPrivs\n");
+
+	r.in.handle = handle;
+	r.in.resume_handle = &resume_handle;
+	r.in.max_count = 100;
+	r.out.resume_handle = &resume_handle;
+	r.out.privs = &privs1;
+
+	resume_handle = 0;
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_EnumPrivs_r(b, tctx, &r),
+		"EnumPrivs failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+		"EnumPrivs failed");
+
+	for (i = 0; i< privs1.count; i++) {
+		test_LookupPrivDisplayName(b, tctx, handle, (struct lsa_String *)&privs1.privs[i].name);
+		test_LookupPrivValue(b, tctx, handle, (struct lsa_String *)&privs1.privs[i].name);
+		if (!test_EnumAccountsWithUserRight(b, tctx, handle, (struct lsa_String *)&privs1.privs[i].name)) {
+			ret = false;
+		}
+	}
+
+	return ret;
+}
+
+static bool test_QueryForestTrustInformation(struct dcerpc_binding_handle *b,
+					     struct torture_context *tctx,
+					     struct policy_handle *handle,
+					     const char *trusted_domain_name)
+{
+	bool ret = true;
+	struct lsa_lsaRQueryForestTrustInformation r;
+	struct lsa_String string;
+	struct lsa_ForestTrustInformation info, *info_ptr;
+
+	torture_comment(tctx, "\nTesting lsaRQueryForestTrustInformation\n");
+
+	if (torture_setting_bool(tctx, "samba4", false)) {
+		torture_comment(tctx, "skipping QueryForestTrustInformation against Samba4\n");
+		return true;
+	}
+
+	ZERO_STRUCT(string);
+
+	if (trusted_domain_name) {
+		init_lsa_String(&string, trusted_domain_name);
+	}
+
+	info_ptr = &info;
+
+	r.in.handle = handle;
+	r.in.trusted_domain_name = &string;
+	r.in.highest_record_type = LSA_FOREST_TRUST_TOP_LEVEL_NAME;
+	r.out.forest_trust_info = &info_ptr;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_lsaRQueryForestTrustInformation_r(b, tctx, &r),
+		"lsaRQueryForestTrustInformation failed");
+
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		torture_comment(tctx, "lsaRQueryForestTrustInformation of %s failed - %s\n", trusted_domain_name, nt_errstr(r.out.result));
+		ret = false;
+	}
+
+	return ret;
+}
+
+static bool test_query_each_TrustDomEx(struct dcerpc_binding_handle *b,
+				       struct torture_context *tctx,
+				       struct policy_handle *handle,
+				       struct lsa_DomainListEx *domains)
+{
+	int i;
+	bool ret = true;
+
+	for (i=0; i< domains->count; i++) {
+
+		if (domains->domains[i].trust_attributes & LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) {
+			ret &= test_QueryForestTrustInformation(b, tctx, handle,
+								domains->domains[i].domain_name.string);
+		}
+	}
+
+	return ret;
+}
+
+static bool test_query_each_TrustDom(struct dcerpc_binding_handle *b,
+				     struct torture_context *tctx,
+				     struct policy_handle *handle,
+				     struct lsa_DomainList *domains)
+{
+	int i,j;
+	bool ret = true;
+
+	torture_comment(tctx, "\nTesting OpenTrustedDomain, OpenTrustedDomainByName and QueryInfoTrustedDomain\n");
+	for (i=0; i< domains->count; i++) {
+		struct lsa_OpenTrustedDomain trust;
+		struct lsa_OpenTrustedDomainByName trust_by_name;
+		struct policy_handle trustdom_handle;
+		struct policy_handle handle2;
+		struct lsa_Close c;
+		struct lsa_CloseTrustedDomainEx c_trust;
+		int levels [] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13};
+		int ok[]      = {1, 0, 1, 0, 0, 1, 0, 1, 0,  0,  0,  1, 1};
+
+		if (domains->domains[i].sid) {
+			trust.in.handle = handle;
+			trust.in.sid = domains->domains[i].sid;
+			trust.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+			trust.out.trustdom_handle = &trustdom_handle;
+
+			torture_assert_ntstatus_ok(tctx, dcerpc_lsa_OpenTrustedDomain_r(b, tctx, &trust),
+				"OpenTrustedDomain failed");
+
+			if (NT_STATUS_EQUAL(trust.out.result, NT_STATUS_NO_SUCH_DOMAIN)) {
+				torture_comment(tctx, "DOMAIN(%s, %s) not a direct trust?\n",
+						domains->domains[i].name.string,
+						dom_sid_string(tctx, domains->domains[i].sid));
+				continue;
+			}
+			if (!NT_STATUS_IS_OK(trust.out.result)) {
+				torture_comment(tctx, "OpenTrustedDomain failed - %s\n", nt_errstr(trust.out.result));
+				return false;
+			}
+
+			c.in.handle = &trustdom_handle;
+			c.out.handle = &handle2;
+
+			c_trust.in.handle = &trustdom_handle;
+			c_trust.out.handle = &handle2;
+
+			for (j=0; j < ARRAY_SIZE(levels); j++) {
+				struct lsa_QueryTrustedDomainInfo q;
+				union lsa_TrustedDomainInfo *info = NULL;
+				q.in.trustdom_handle = &trustdom_handle;
+				q.in.level = levels[j];
+				q.out.info = &info;
+				torture_assert_ntstatus_ok(tctx, dcerpc_lsa_QueryTrustedDomainInfo_r(b, tctx, &q),
+					"QueryTrustedDomainInfo failed");
+				if (!NT_STATUS_IS_OK(q.out.result) && ok[j]) {
+					torture_comment(tctx, "QueryTrustedDomainInfo level %d failed - %s\n",
+					       levels[j], nt_errstr(q.out.result));
+					ret = false;
+				} else if (NT_STATUS_IS_OK(q.out.result) && !ok[j]) {
+					torture_comment(tctx, "QueryTrustedDomainInfo level %d unexpectedly succeeded - %s\n",
+					       levels[j], nt_errstr(q.out.result));
+					ret = false;
+				}
+			}
+
+			torture_assert_ntstatus_ok(tctx, dcerpc_lsa_CloseTrustedDomainEx_r(b, tctx, &c_trust),
+				"CloseTrustedDomainEx failed");
+			if (!NT_STATUS_EQUAL(c_trust.out.result, NT_STATUS_NOT_IMPLEMENTED)) {
+				torture_comment(tctx, "Expected CloseTrustedDomainEx to return NT_STATUS_NOT_IMPLEMENTED, instead - %s\n", nt_errstr(c_trust.out.result));
+				return false;
+			}
+
+			c.in.handle = &trustdom_handle;
+			c.out.handle = &handle2;
+
+			torture_assert_ntstatus_ok(tctx, dcerpc_lsa_Close_r(b, tctx, &c),
+				"Close failed");
+			if (!NT_STATUS_IS_OK(c.out.result)) {
+				torture_comment(tctx, "Close of trusted domain failed - %s\n", nt_errstr(c.out.result));
+				return false;
+			}
+
+			for (j=0; j < ARRAY_SIZE(levels); j++) {
+				struct lsa_QueryTrustedDomainInfoBySid q;
+				union lsa_TrustedDomainInfo *info = NULL;
+
+				if (!domains->domains[i].sid) {
+					continue;
+				}
+
+				q.in.handle  = handle;
+				q.in.dom_sid = domains->domains[i].sid;
+				q.in.level   = levels[j];
+				q.out.info   = &info;
+
+				torture_assert_ntstatus_ok(tctx, dcerpc_lsa_QueryTrustedDomainInfoBySid_r(b, tctx, &q),
+					"lsa_QueryTrustedDomainInfoBySid failed");
+				if (!NT_STATUS_IS_OK(q.out.result) && ok[j]) {
+					torture_comment(tctx, "QueryTrustedDomainInfoBySid level %d failed - %s\n",
+					       levels[j], nt_errstr(q.out.result));
+					ret = false;
+				} else if (NT_STATUS_IS_OK(q.out.result) && !ok[j]) {
+					torture_comment(tctx, "QueryTrustedDomainInfoBySid level %d unexpectedly succeeded - %s\n",
+					       levels[j], nt_errstr(q.out.result));
+					ret = false;
+				}
+			}
+		}
+
+		trust_by_name.in.handle = handle;
+		trust_by_name.in.name.string = domains->domains[i].name.string;
+		trust_by_name.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+		trust_by_name.out.trustdom_handle = &trustdom_handle;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_OpenTrustedDomainByName_r(b, tctx, &trust_by_name),
+			"OpenTrustedDomainByName failed");
+
+		if (NT_STATUS_EQUAL(trust_by_name.out.result, NT_STATUS_NO_SUCH_DOMAIN)) {
+			torture_comment(tctx, "DOMAIN(%s, %s) not a direct trust?\n",
+					domains->domains[i].name.string,
+					dom_sid_string(tctx, domains->domains[i].sid));
+			continue;
+		}
+		if (!NT_STATUS_IS_OK(trust_by_name.out.result)) {
+			torture_comment(tctx, "OpenTrustedDomainByName failed - %s\n", nt_errstr(trust_by_name.out.result));
+			return false;
+		}
+
+		for (j=0; j < ARRAY_SIZE(levels); j++) {
+			struct lsa_QueryTrustedDomainInfo q;
+			union lsa_TrustedDomainInfo *info = NULL;
+			q.in.trustdom_handle = &trustdom_handle;
+			q.in.level = levels[j];
+			q.out.info = &info;
+			torture_assert_ntstatus_ok(tctx, dcerpc_lsa_QueryTrustedDomainInfo_r(b, tctx, &q),
+				"QueryTrustedDomainInfo failed");
+			if (!NT_STATUS_IS_OK(q.out.result) && ok[j]) {
+				torture_comment(tctx, "QueryTrustedDomainInfo level %d failed - %s\n",
+				       levels[j], nt_errstr(q.out.result));
+				ret = false;
+			} else if (NT_STATUS_IS_OK(q.out.result) && !ok[j]) {
+				torture_comment(tctx, "QueryTrustedDomainInfo level %d unexpectedly succeeded - %s\n",
+				       levels[j], nt_errstr(q.out.result));
+				ret = false;
+			}
+		}
+
+		c.in.handle = &trustdom_handle;
+		c.out.handle = &handle2;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_Close_r(b, tctx, &c),
+			"Close failed");
+		if (!NT_STATUS_IS_OK(c.out.result)) {
+			torture_comment(tctx, "Close of trusted domain failed - %s\n", nt_errstr(c.out.result));
+			return false;
+		}
+
+		for (j=0; j < ARRAY_SIZE(levels); j++) {
+			struct lsa_QueryTrustedDomainInfoByName q;
+			union lsa_TrustedDomainInfo *info = NULL;
+			struct lsa_String name;
+
+			name.string = domains->domains[i].name.string;
+
+			q.in.handle         = handle;
+			q.in.trusted_domain = &name;
+			q.in.level          = levels[j];
+			q.out.info          = &info;
+			torture_assert_ntstatus_ok(tctx, dcerpc_lsa_QueryTrustedDomainInfoByName_r(b, tctx, &q),
+				"QueryTrustedDomainInfoByName failed");
+			if (!NT_STATUS_IS_OK(q.out.result) && ok[j]) {
+				torture_comment(tctx, "QueryTrustedDomainInfoByName level %d failed - %s\n",
+				       levels[j], nt_errstr(q.out.result));
+				ret = false;
+			} else if (NT_STATUS_IS_OK(q.out.result) && !ok[j]) {
+				torture_comment(tctx, "QueryTrustedDomainInfoByName level %d unexpectedly succeeded - %s\n",
+				       levels[j], nt_errstr(q.out.result));
+				ret = false;
+			}
+		}
+	}
+	return ret;
+}
+
+static bool test_EnumTrustDom(struct dcerpc_binding_handle *b,
+			      struct torture_context *tctx,
+			      struct policy_handle *handle)
+{
+	struct lsa_EnumTrustDom r;
+	uint32_t in_resume_handle = 0;
+	uint32_t out_resume_handle;
+	struct lsa_DomainList domains;
+	bool ret = true;
+
+	torture_comment(tctx, "\nTesting EnumTrustDom\n");
+
+	r.in.handle = handle;
+	r.in.resume_handle = &in_resume_handle;
+	r.in.max_size = 0;
+	r.out.domains = &domains;
+	r.out.resume_handle = &out_resume_handle;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_EnumTrustDom_r(b, tctx, &r),
+		"lsa_EnumTrustDom failed");
+
+	/* according to MS-LSAD 3.1.4.7.8 output resume handle MUST
+	 * always be larger than the previous input resume handle, in
+	 * particular when hitting the last query it is vital to set the
+	 * resume handle correctly to avoid infinite client loops, as
+	 * seen e.g.  with Windows XP SP3 when resume handle is 0 and
+	 * status is NT_STATUS_OK - gd */
+
+	if (NT_STATUS_IS_OK(r.out.result) ||
+	    NT_STATUS_EQUAL(r.out.result, NT_STATUS_NO_MORE_ENTRIES) ||
+	    NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES))
+	{
+		if (out_resume_handle <= in_resume_handle) {
+			torture_comment(tctx, "EnumTrustDom failed - should have returned output resume_handle (0x%08x) larger than input resume handle (0x%08x)\n",
+				out_resume_handle, in_resume_handle);
+			return false;
+		}
+	}
+
+	if (NT_STATUS_IS_OK(r.out.result)) {
+		if (domains.count == 0) {
+			torture_comment(tctx, "EnumTrustDom failed - should have returned 'NT_STATUS_NO_MORE_ENTRIES' for 0 trusted domains\n");
+			return false;
+		}
+	} else if (!(NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES) || NT_STATUS_EQUAL(r.out.result, NT_STATUS_NO_MORE_ENTRIES))) {
+		torture_comment(tctx, "EnumTrustDom of zero size failed - %s\n", nt_errstr(r.out.result));
+		return false;
+	}
+
+	/* Start from the bottom again */
+	in_resume_handle = 0;
+
+	do {
+		r.in.handle = handle;
+		r.in.resume_handle = &in_resume_handle;
+		r.in.max_size = LSA_ENUM_TRUST_DOMAIN_MULTIPLIER * 3;
+		r.out.domains = &domains;
+		r.out.resume_handle = &out_resume_handle;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_EnumTrustDom_r(b, tctx, &r),
+			"EnumTrustDom failed");
+
+		/* according to MS-LSAD 3.1.4.7.8 output resume handle MUST
+		 * always be larger than the previous input resume handle, in
+		 * particular when hitting the last query it is vital to set the
+		 * resume handle correctly to avoid infinite client loops, as
+		 * seen e.g.  with Windows XP SP3 when resume handle is 0 and
+		 * status is NT_STATUS_OK - gd */
+
+		if (NT_STATUS_IS_OK(r.out.result) ||
+		    NT_STATUS_EQUAL(r.out.result, NT_STATUS_NO_MORE_ENTRIES) ||
+		    NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES))
+		{
+			if (out_resume_handle <= in_resume_handle) {
+				torture_comment(tctx, "EnumTrustDom failed - should have returned output resume_handle (0x%08x) larger than input resume handle (0x%08x)\n",
+					out_resume_handle, in_resume_handle);
+				return false;
+			}
+		}
+
+		/* NO_MORE_ENTRIES is allowed */
+		if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NO_MORE_ENTRIES)) {
+			if (domains.count == 0) {
+				return true;
+			}
+			torture_comment(tctx, "EnumTrustDom failed - should have returned 0 trusted domains with 'NT_STATUS_NO_MORE_ENTRIES'\n");
+			return false;
+		} else if (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES)) {
+			/* Windows 2003 gets this off by one on the first run */
+			if (r.out.domains->count < 3 || r.out.domains->count > 4) {
+				torture_comment(tctx, "EnumTrustDom didn't fill the buffer we "
+				       "asked it to (got %d, expected %d / %d == %d entries)\n",
+				       r.out.domains->count, LSA_ENUM_TRUST_DOMAIN_MULTIPLIER * 3,
+				       LSA_ENUM_TRUST_DOMAIN_MULTIPLIER, r.in.max_size);
+				ret = false;
+			}
+		} else if (!NT_STATUS_IS_OK(r.out.result)) {
+			torture_comment(tctx, "EnumTrustDom failed - %s\n", nt_errstr(r.out.result));
+			return false;
+		}
+
+		if (domains.count == 0) {
+			torture_comment(tctx, "EnumTrustDom failed - should have returned 'NT_STATUS_NO_MORE_ENTRIES' for 0 trusted domains\n");
+			return false;
+		}
+
+		ret &= test_query_each_TrustDom(b, tctx, handle, &domains);
+
+		in_resume_handle = out_resume_handle;
+
+	} while (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES));
+
+	return ret;
+}
+
+static bool test_EnumTrustDomEx(struct dcerpc_binding_handle *b,
+				struct torture_context *tctx,
+				struct policy_handle *handle)
+{
+	struct lsa_EnumTrustedDomainsEx r_ex;
+	uint32_t in_resume_handle = 0;
+	uint32_t out_resume_handle;
+	struct lsa_DomainListEx domains_ex;
+	bool ret = true;
+
+	torture_comment(tctx, "\nTesting EnumTrustedDomainsEx\n");
+
+	r_ex.in.handle = handle;
+	r_ex.in.resume_handle = &in_resume_handle;
+	r_ex.in.max_size = 0;
+	r_ex.out.domains = &domains_ex;
+	r_ex.out.resume_handle = &out_resume_handle;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_EnumTrustedDomainsEx_r(b, tctx, &r_ex),
+		"EnumTrustedDomainsEx failed");
+
+	/* according to MS-LSAD 3.1.4.7.8 output resume handle MUST
+	 * always be larger than the previous input resume handle, in
+	 * particular when hitting the last query it is vital to set the
+	 * resume handle correctly to avoid infinite client loops, as
+	 * seen e.g.  with Windows XP SP3 when resume handle is 0 and
+	 * status is NT_STATUS_OK - gd */
+
+	if (NT_STATUS_IS_OK(r_ex.out.result) ||
+	    NT_STATUS_EQUAL(r_ex.out.result, NT_STATUS_NO_MORE_ENTRIES) ||
+	    NT_STATUS_EQUAL(r_ex.out.result, STATUS_MORE_ENTRIES))
+	{
+		if (out_resume_handle <= in_resume_handle) {
+			torture_comment(tctx, "EnumTrustDomEx failed - should have returned output resume_handle (0x%08x) larger than input resume handle (0x%08x)\n",
+				out_resume_handle, in_resume_handle);
+			return false;
+		}
+	}
+
+	if (NT_STATUS_IS_OK(r_ex.out.result)) {
+		if (domains_ex.count == 0) {
+			torture_comment(tctx, "EnumTrustDom failed - should have returned 'NT_STATUS_NO_MORE_ENTRIES' for 0 trusted domains\n");
+			return false;
+		}
+	} else if (!(NT_STATUS_EQUAL(r_ex.out.result, STATUS_MORE_ENTRIES) ||
+		    NT_STATUS_EQUAL(r_ex.out.result, NT_STATUS_NO_MORE_ENTRIES))) {
+		torture_comment(tctx, "EnumTrustDom of zero size failed - %s\n",
+				nt_errstr(r_ex.out.result));
+		return false;
+	}
+
+	in_resume_handle = 0;
+	do {
+		r_ex.in.handle = handle;
+		r_ex.in.resume_handle = &in_resume_handle;
+		r_ex.in.max_size = LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER * 3;
+		r_ex.out.domains = &domains_ex;
+		r_ex.out.resume_handle = &out_resume_handle;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_EnumTrustedDomainsEx_r(b, tctx, &r_ex),
+			"EnumTrustedDomainsEx failed");
+
+		in_resume_handle = out_resume_handle;
+
+		/* NO_MORE_ENTRIES is allowed */
+		if (NT_STATUS_EQUAL(r_ex.out.result, NT_STATUS_NO_MORE_ENTRIES)) {
+			if (domains_ex.count == 0) {
+				return true;
+			}
+			torture_comment(tctx, "EnumTrustDomainsEx failed - should have returned 0 trusted domains with 'NT_STATUS_NO_MORE_ENTRIES'\n");
+			return false;
+		} else if (NT_STATUS_EQUAL(r_ex.out.result, STATUS_MORE_ENTRIES)) {
+			/* Windows 2003 gets this off by one on the first run */
+			if (r_ex.out.domains->count < 3 || r_ex.out.domains->count > 4) {
+				torture_comment(tctx, "EnumTrustDom didn't fill the buffer we "
+				       "asked it to (got %d, expected %d / %d == %d entries)\n",
+				       r_ex.out.domains->count,
+				       r_ex.in.max_size,
+				       LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER,
+				       r_ex.in.max_size / LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER);
+			}
+		} else if (!NT_STATUS_IS_OK(r_ex.out.result)) {
+			torture_comment(tctx, "EnumTrustedDomainEx failed - %s\n", nt_errstr(r_ex.out.result));
+			return false;
+		}
+
+		if (domains_ex.count == 0) {
+			torture_comment(tctx, "EnumTrustDomainEx failed - should have returned 'NT_STATUS_NO_MORE_ENTRIES' for 0 trusted domains\n");
+			return false;
+		}
+
+		ret &= test_query_each_TrustDomEx(b, tctx, handle, &domains_ex);
+
+	} while (NT_STATUS_EQUAL(r_ex.out.result, STATUS_MORE_ENTRIES));
+
+	return ret;
+}
+
+
+static bool test_CreateTrustedDomain(struct dcerpc_binding_handle *b,
+				     struct torture_context *tctx,
+				     struct policy_handle *handle,
+				     uint32_t num_trusts)
+{
+	bool ret = true;
+	struct lsa_CreateTrustedDomain r;
+	struct lsa_DomainInfo trustinfo;
+	struct dom_sid **domsid;
+	struct policy_handle *trustdom_handle;
+	struct lsa_QueryTrustedDomainInfo q;
+	union lsa_TrustedDomainInfo *info = NULL;
+	int i;
+
+	torture_comment(tctx, "\nTesting CreateTrustedDomain for %d domains\n", num_trusts);
+
+	if (!test_EnumTrustDom(b, tctx, handle)) {
+		ret = false;
+	}
+
+	if (!test_EnumTrustDomEx(b, tctx, handle)) {
+		ret = false;
+	}
+
+	domsid = talloc_array(tctx, struct dom_sid *, num_trusts);
+	trustdom_handle = talloc_array(tctx, struct policy_handle, num_trusts);
+
+	for (i=0; i< num_trusts; i++) {
+		char *trust_name = talloc_asprintf(tctx, "TORTURE1%02d", i);
+		char *trust_sid = talloc_asprintf(tctx, "S-1-5-21-97398-379795-1%02d", i);
+
+		domsid[i] = dom_sid_parse_talloc(tctx, trust_sid);
+
+		trustinfo.sid = domsid[i];
+		init_lsa_String((struct lsa_String *)&trustinfo.name, trust_name);
+
+		r.in.policy_handle = handle;
+		r.in.info = &trustinfo;
+		r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+		r.out.trustdom_handle = &trustdom_handle[i];
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_CreateTrustedDomain_r(b, tctx, &r),
+			"CreateTrustedDomain failed");
+		if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_OBJECT_NAME_COLLISION)) {
+			test_DeleteTrustedDomain(b, tctx, handle, trustinfo.name);
+			torture_assert_ntstatus_ok(tctx, dcerpc_lsa_CreateTrustedDomain_r(b, tctx, &r),
+				"CreateTrustedDomain failed");
+		}
+		if (!NT_STATUS_IS_OK(r.out.result)) {
+			torture_comment(tctx, "CreateTrustedDomain failed - %s\n", nt_errstr(r.out.result));
+			ret = false;
+		} else {
+
+			q.in.trustdom_handle = &trustdom_handle[i];
+			q.in.level = LSA_TRUSTED_DOMAIN_INFO_INFO_EX;
+			q.out.info = &info;
+			torture_assert_ntstatus_ok(tctx, dcerpc_lsa_QueryTrustedDomainInfo_r(b, tctx, &q),
+				"QueryTrustedDomainInfo failed");
+			if (!NT_STATUS_IS_OK(q.out.result)) {
+				torture_comment(tctx, "QueryTrustedDomainInfo level %d failed - %s\n", q.in.level, nt_errstr(q.out.result));
+				ret = false;
+			} else if (!q.out.info) {
+				ret = false;
+			} else {
+				if (strcmp(info->info_ex.domain_name.string, trustinfo.name.string) != 0) {
+					torture_comment(tctx, "QueryTrustedDomainInfo returned inconsistent long name: %s != %s\n",
+					       info->info_ex.domain_name.string, trustinfo.name.string);
+					ret = false;
+				}
+				if (strcmp(info->info_ex.netbios_name.string, trustinfo.name.string) != 0) {
+					torture_comment(tctx, "QueryTrustedDomainInfo returned inconsistent short name: %s != %s\n",
+					       info->info_ex.netbios_name.string, trustinfo.name.string);
+					ret = false;
+				}
+				if (info->info_ex.trust_type != LSA_TRUST_TYPE_DOWNLEVEL) {
+					torture_comment(tctx, "QueryTrustedDomainInfo of %s returned incorrect trust type %d != %d\n",
+					       trust_name, info->info_ex.trust_type, LSA_TRUST_TYPE_DOWNLEVEL);
+					ret = false;
+				}
+				if (info->info_ex.trust_attributes != 0) {
+					torture_comment(tctx, "QueryTrustedDomainInfo of %s returned incorrect trust attributes %d != %d\n",
+					       trust_name, info->info_ex.trust_attributes, 0);
+					ret = false;
+				}
+				if (info->info_ex.trust_direction != LSA_TRUST_DIRECTION_OUTBOUND) {
+					torture_comment(tctx, "QueryTrustedDomainInfo of %s returned incorrect trust direction %d != %d\n",
+					       trust_name, info->info_ex.trust_direction, LSA_TRUST_DIRECTION_OUTBOUND);
+					ret = false;
+				}
+			}
+		}
+	}
+
+	/* now that we have some domains to look over, we can test the enum calls */
+	if (!test_EnumTrustDom(b, tctx, handle)) {
+		ret = false;
+	}
+
+	if (!test_EnumTrustDomEx(b, tctx, handle)) {
+		ret = false;
+	}
+
+	for (i=0; i<num_trusts; i++) {
+		if (!test_DeleteTrustedDomainBySid(b, tctx, handle, domsid[i])) {
+			ret = false;
+		}
+	}
+
+	return ret;
+}
+
+static bool gen_authinfo_internal(TALLOC_CTX *mem_ctx,
+				  const char *incoming_old, const char *incoming_new,
+				  const char *outgoing_old, const char *outgoing_new,
+				  DATA_BLOB session_key,
+				  struct lsa_TrustDomainInfoAuthInfoInternal **_authinfo_internal)
+{
+	struct lsa_TrustDomainInfoAuthInfoInternal *authinfo_internal;
+	struct trustDomainPasswords auth_struct;
+	struct AuthenticationInformation in_info;
+	struct AuthenticationInformation io_info;
+	struct AuthenticationInformation on_info;
+	struct AuthenticationInformation oo_info;
+	size_t converted_size;
+	DATA_BLOB auth_blob;
+	enum ndr_err_code ndr_err;
+	bool ok;
+	gnutls_cipher_hd_t cipher_hnd = NULL;
+	gnutls_datum_t _session_key;
+
+	authinfo_internal = talloc_zero(mem_ctx, struct lsa_TrustDomainInfoAuthInfoInternal);
+	if (authinfo_internal == NULL) {
+		return false;
+	}
+
+	in_info.AuthType = TRUST_AUTH_TYPE_CLEAR;
+	ok = convert_string_talloc(mem_ctx, CH_UNIX, CH_UTF16,
+				   incoming_new,
+				   strlen(incoming_new),
+				   &in_info.AuthInfo.clear.password,
+				   &converted_size);
+	if (!ok) {
+		return false;
+	}
+	in_info.AuthInfo.clear.size = converted_size;
+
+	io_info.AuthType = TRUST_AUTH_TYPE_CLEAR;
+	ok = convert_string_talloc(mem_ctx, CH_UNIX, CH_UTF16,
+				   incoming_old,
+				   strlen(incoming_old),
+				   &io_info.AuthInfo.clear.password,
+				   &converted_size);
+	if (!ok) {
+		return false;
+	}
+	io_info.AuthInfo.clear.size = converted_size;
+
+	on_info.AuthType = TRUST_AUTH_TYPE_CLEAR;
+	ok = convert_string_talloc(mem_ctx, CH_UNIX, CH_UTF16,
+				   outgoing_new,
+				   strlen(outgoing_new),
+				   &on_info.AuthInfo.clear.password,
+				   &converted_size);
+	if (!ok) {
+		return false;
+	}
+	on_info.AuthInfo.clear.size = converted_size;
+
+	oo_info.AuthType = TRUST_AUTH_TYPE_CLEAR;
+	ok = convert_string_talloc(mem_ctx, CH_UNIX, CH_UTF16,
+				   outgoing_old,
+				   strlen(outgoing_old),
+				   &oo_info.AuthInfo.clear.password,
+				   &converted_size);
+	if (!ok) {
+		return false;
+	}
+	oo_info.AuthInfo.clear.size = converted_size;
+
+	generate_random_buffer(auth_struct.confounder, sizeof(auth_struct.confounder));
+	auth_struct.outgoing.count = 1;
+	auth_struct.outgoing.current.count = 1;
+	auth_struct.outgoing.current.array = &on_info;
+	auth_struct.outgoing.previous.count = 1;
+	auth_struct.outgoing.previous.array = &oo_info;
+
+	auth_struct.incoming.count = 1;
+	auth_struct.incoming.current.count = 1;
+	auth_struct.incoming.current.array = &in_info;
+	auth_struct.incoming.previous.count = 1;
+	auth_struct.incoming.previous.array = &io_info;
+
+	ndr_err = ndr_push_struct_blob(&auth_blob, mem_ctx, &auth_struct,
+				       (ndr_push_flags_fn_t)ndr_push_trustDomainPasswords);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return false;
+	}
+
+	_session_key = (gnutls_datum_t) {
+		.data = session_key.data,
+		.size = session_key.length,
+	};
+
+	gnutls_cipher_init(&cipher_hnd,
+			   GNUTLS_CIPHER_ARCFOUR_128,
+			   &_session_key,
+			   NULL);
+	gnutls_cipher_encrypt(cipher_hnd,
+			      auth_blob.data,
+			      auth_blob.length);
+	gnutls_cipher_deinit(cipher_hnd);
+
+	authinfo_internal->auth_blob.size = auth_blob.length;
+	authinfo_internal->auth_blob.data = auth_blob.data;
+
+	*_authinfo_internal = authinfo_internal;
+
+	return true;
+}
+
+static bool gen_authinfo(TALLOC_CTX *mem_ctx,
+			 const char *incoming_old, const char *incoming_new,
+			 const char *outgoing_old, const char *outgoing_new,
+			 struct lsa_TrustDomainInfoAuthInfo **_authinfo)
+{
+	struct lsa_TrustDomainInfoAuthInfo *authinfo;
+	struct lsa_TrustDomainInfoBuffer *in_buffer;
+	struct lsa_TrustDomainInfoBuffer *io_buffer;
+	struct lsa_TrustDomainInfoBuffer *on_buffer;
+	struct lsa_TrustDomainInfoBuffer *oo_buffer;
+	size_t converted_size;
+	bool ok;
+
+	authinfo = talloc_zero(mem_ctx, struct lsa_TrustDomainInfoAuthInfo);
+	if (authinfo == NULL) {
+		return false;
+	}
+
+	in_buffer = talloc_zero(authinfo, struct lsa_TrustDomainInfoBuffer);
+	if (in_buffer == NULL) {
+		return false;
+	}
+	in_buffer->AuthType = TRUST_AUTH_TYPE_CLEAR;
+	ok = convert_string_talloc(in_buffer, CH_UNIX, CH_UTF16,
+				   incoming_new,
+				   strlen(incoming_new),
+				   &in_buffer->data.data,
+				   &converted_size);
+	if (!ok) {
+		return false;
+	}
+	in_buffer->data.size = converted_size;
+
+	io_buffer = talloc_zero(authinfo, struct lsa_TrustDomainInfoBuffer);
+	if (io_buffer == NULL) {
+		return false;
+	}
+	io_buffer->AuthType = TRUST_AUTH_TYPE_CLEAR;
+	ok = convert_string_talloc(io_buffer, CH_UNIX, CH_UTF16,
+				   incoming_old,
+				   strlen(incoming_old),
+				   &io_buffer->data.data,
+				   &converted_size);
+	if (!ok) {
+		return false;
+	}
+	io_buffer->data.size = converted_size;
+
+	on_buffer = talloc_zero(authinfo, struct lsa_TrustDomainInfoBuffer);
+	if (on_buffer == NULL) {
+		return false;
+	}
+	on_buffer->AuthType = TRUST_AUTH_TYPE_CLEAR;
+	ok = convert_string_talloc(on_buffer, CH_UNIX, CH_UTF16,
+				   outgoing_new,
+				   strlen(outgoing_new),
+				   &on_buffer->data.data,
+				   &converted_size);
+	if (!ok) {
+		return false;
+	}
+	on_buffer->data.size = converted_size;
+
+	oo_buffer = talloc_zero(authinfo, struct lsa_TrustDomainInfoBuffer);
+	if (oo_buffer == NULL) {
+		return false;
+	}
+	oo_buffer->AuthType = TRUST_AUTH_TYPE_CLEAR;
+	ok = convert_string_talloc(oo_buffer, CH_UNIX, CH_UTF16,
+				   outgoing_old,
+				   strlen(outgoing_old),
+				   &oo_buffer->data.data,
+				   &converted_size);
+	if (!ok) {
+		return false;
+	}
+	oo_buffer->data.size = converted_size;
+
+	authinfo->incoming_count = 1;
+	authinfo->incoming_current_auth_info = in_buffer;
+	authinfo->incoming_previous_auth_info = io_buffer;
+	authinfo->outgoing_count = 1;
+	authinfo->outgoing_current_auth_info = on_buffer;
+	authinfo->outgoing_previous_auth_info = oo_buffer;
+
+	*_authinfo = authinfo;
+
+	return true;
+}
+
+static bool check_pw_with_ServerAuthenticate3(struct dcerpc_pipe *p,
+					     struct torture_context *tctx,
+					     uint32_t negotiate_flags,
+					     const char *server_name,
+					     struct cli_credentials *machine_credentials,
+					     struct netlogon_creds_CredentialState **creds_out)
+{
+	struct netr_ServerReqChallenge r;
+	struct netr_ServerAuthenticate3 a;
+	struct netr_Credential credentials1, credentials2, credentials3;
+	struct netlogon_creds_CredentialState *creds;
+	const struct samr_Password *new_password = NULL;
+	const struct samr_Password *old_password = NULL;
+	uint32_t rid;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	new_password = cli_credentials_get_nt_hash(machine_credentials, tctx);
+	old_password = cli_credentials_get_old_nt_hash(machine_credentials, tctx);
+
+	r.in.server_name = server_name;
+	r.in.computer_name = cli_credentials_get_workstation(machine_credentials);
+	r.in.credentials = &credentials1;
+	r.out.return_credentials = &credentials2;
+
+	netlogon_creds_random_challenge(&credentials1);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
+		"ServerReqChallenge failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed");
+
+	a.in.server_name = server_name;
+	a.in.account_name = cli_credentials_get_username(machine_credentials);
+	a.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
+	a.in.computer_name = cli_credentials_get_workstation(machine_credentials);
+	a.in.negotiate_flags = &negotiate_flags;
+	a.in.credentials = &credentials3;
+	a.out.return_credentials = &credentials3;
+	a.out.negotiate_flags = &negotiate_flags;
+	a.out.rid = &rid;
+
+	creds = netlogon_creds_client_init(tctx, a.in.account_name,
+					   a.in.computer_name,
+					   a.in.secure_channel_type,
+					   &credentials1, &credentials2,
+					   new_password, &credentials3,
+					   negotiate_flags);
+
+	torture_assert(tctx, creds != NULL, "memory allocation");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate3_r(b, tctx, &a),
+		"ServerAuthenticate3 failed");
+	if (!NT_STATUS_IS_OK(a.out.result)) {
+		if (!NT_STATUS_EQUAL(a.out.result, NT_STATUS_ACCESS_DENIED)) {
+			torture_assert_ntstatus_ok(tctx, a.out.result,
+						   "ServerAuthenticate3 failed");
+		}
+		return false;
+	}
+	torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3), "Credential chaining failed");
+
+	if (old_password != NULL) {
+		torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
+			"ServerReqChallenge failed");
+		torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed");
+
+		creds = netlogon_creds_client_init(tctx, a.in.account_name,
+						   a.in.computer_name,
+						   a.in.secure_channel_type,
+						   &credentials1, &credentials2,
+						   old_password, &credentials3,
+						   negotiate_flags);
+
+		torture_assert(tctx, creds != NULL, "memory allocation");
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate3_r(b, tctx, &a),
+			"ServerAuthenticate3 failed");
+		if (!NT_STATUS_IS_OK(a.out.result)) {
+			if (!NT_STATUS_EQUAL(a.out.result, NT_STATUS_ACCESS_DENIED)) {
+				torture_assert_ntstatus_ok(tctx, a.out.result,
+							   "ServerAuthenticate3 (old) failed");
+			}
+			return false;
+		}
+		torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3), "Credential (old) chaining failed");
+	}
+
+	/* Prove that requesting a challenge again won't break it */
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
+		"ServerReqChallenge failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed");
+
+	*creds_out = creds;
+	return true;
+}
+
+#ifdef SAMBA4_USES_HEIMDAL
+
+/*
+ * This function is set in torture_krb5_init_context as krb5
+ * send_and_recv function.  This allows us to override what server the
+ * test is aimed at, and to inspect the packets just before they are
+ * sent to the network, and before they are processed on the recv
+ * side.
+ *
+ * The torture_krb5_pre_send_test() and torture_krb5_post_recv_test()
+ * functions are implement the actual tests.
+ *
+ * When this asserts, the caller will get a spurious 'cannot contact
+ * any KDC' message.
+ *
+ */
+struct check_pw_with_krb5_ctx {
+	struct addrinfo *server;
+	const char *server_nb_domain;
+	const char *server_dns_domain;
+	struct {
+		unsigned io;
+		unsigned fail;
+		unsigned errors;
+		unsigned error_io;
+		unsigned ok;
+	} counts;
+	krb5_error error;
+	struct smb_krb5_context *smb_krb5_context;
+	krb5_get_init_creds_opt *krb_options;
+	krb5_creds my_creds;
+	krb5_get_creds_opt opt_canon;
+	krb5_get_creds_opt opt_nocanon;
+	krb5_principal upn_realm;
+	krb5_principal upn_dns;
+	krb5_principal upn_netbios;
+	krb5_ccache krbtgt_ccache;
+	krb5_principal krbtgt_trust_realm;
+	krb5_creds *krbtgt_trust_realm_creds;
+	krb5_principal krbtgt_trust_dns;
+	krb5_creds *krbtgt_trust_dns_creds;
+	krb5_principal krbtgt_trust_netbios;
+	krb5_creds *krbtgt_trust_netbios_creds;
+	krb5_principal cifs_trust_dns;
+	krb5_creds *cifs_trust_dns_creds;
+	krb5_principal cifs_trust_netbios;
+	krb5_creds *cifs_trust_netbios_creds;
+	krb5_principal drs_trust_dns;
+	krb5_creds *drs_trust_dns_creds;
+	krb5_principal drs_trust_netbios;
+	krb5_creds *drs_trust_netbios_creds;
+	krb5_principal four_trust_dns;
+	krb5_creds *four_trust_dns_creds;
+	krb5_creds krbtgt_referral_creds;
+	Ticket krbtgt_referral_ticket;
+	krb5_keyblock krbtgt_referral_keyblock;
+	EncTicketPart krbtgt_referral_enc_part;
+};
+
+static krb5_error_code check_pw_with_krb5_send_to_realm(
+					struct smb_krb5_context *smb_krb5_context,
+					void *data, /* struct check_pw_with_krb5_ctx */
+					krb5_const_realm realm,
+					time_t timeout,
+					const krb5_data *send_buf,
+					krb5_data *recv_buf)
+{
+	struct check_pw_with_krb5_ctx *ctx =
+		talloc_get_type_abort(data, struct check_pw_with_krb5_ctx);
+	krb5_error_code k5ret;
+	size_t used;
+	int ret;
+
+	SMB_ASSERT(smb_krb5_context == ctx->smb_krb5_context);
+
+	if (!strequal_m(realm, ctx->server_nb_domain) &&
+	    !strequal_m(realm, ctx->server_dns_domain))
+	{
+		return KRB5_KDC_UNREACH;
+	}
+
+	krb5_free_error_contents(ctx->smb_krb5_context->krb5_context,
+				 &ctx->error);
+	ctx->counts.io++;
+
+	k5ret = smb_krb5_send_and_recv_func_forced_tcp(ctx->smb_krb5_context,
+						       ctx->server,
+						       timeout, send_buf, recv_buf);
+	if (k5ret != 0) {
+		ctx->counts.fail++;
+		return k5ret;
+	}
+
+	ret = decode_KRB_ERROR(recv_buf->data, recv_buf->length,
+			       &ctx->error, &used);
+	if (ret == 0) {
+		ctx->counts.errors++;
+		ctx->counts.error_io = ctx->counts.io;
+	} else {
+		ctx->counts.ok++;
+	}
+
+	return k5ret;
+}
+
+static int check_pw_with_krb5_ctx_destructor(struct check_pw_with_krb5_ctx *ctx)
+{
+	if (ctx->server != NULL) {
+		freeaddrinfo(ctx->server);
+		ctx->server = NULL;
+	}
+
+	if (ctx->krb_options != NULL) {
+		krb5_get_init_creds_opt_free(ctx->smb_krb5_context->krb5_context,
+					     ctx->krb_options);
+		ctx->krb_options = NULL;
+	}
+
+	krb5_free_cred_contents(ctx->smb_krb5_context->krb5_context,
+				&ctx->my_creds);
+
+	if (ctx->opt_canon != NULL) {
+		krb5_get_creds_opt_free(ctx->smb_krb5_context->krb5_context,
+					ctx->opt_canon);
+		ctx->opt_canon = NULL;
+	}
+
+	if (ctx->opt_nocanon != NULL) {
+		krb5_get_creds_opt_free(ctx->smb_krb5_context->krb5_context,
+					ctx->opt_nocanon);
+		ctx->opt_nocanon = NULL;
+	}
+
+	if (ctx->krbtgt_ccache != NULL) {
+		krb5_cc_close(ctx->smb_krb5_context->krb5_context,
+			      ctx->krbtgt_ccache);
+		ctx->krbtgt_ccache = NULL;
+	}
+
+	if (ctx->upn_realm != NULL) {
+		krb5_free_principal(ctx->smb_krb5_context->krb5_context,
+				    ctx->upn_realm);
+		ctx->upn_realm = NULL;
+	}
+
+	if (ctx->upn_dns != NULL) {
+		krb5_free_principal(ctx->smb_krb5_context->krb5_context,
+				    ctx->upn_dns);
+		ctx->upn_dns = NULL;
+	}
+
+	if (ctx->upn_netbios != NULL) {
+		krb5_free_principal(ctx->smb_krb5_context->krb5_context,
+				    ctx->upn_netbios);
+		ctx->upn_netbios = NULL;
+	}
+
+	if (ctx->krbtgt_trust_realm != NULL) {
+		krb5_free_principal(ctx->smb_krb5_context->krb5_context,
+				    ctx->krbtgt_trust_realm);
+		ctx->krbtgt_trust_realm = NULL;
+	}
+
+	if (ctx->krbtgt_trust_realm_creds != NULL) {
+		krb5_free_creds(ctx->smb_krb5_context->krb5_context,
+				ctx->krbtgt_trust_realm_creds);
+		ctx->krbtgt_trust_realm_creds = NULL;
+	}
+
+	if (ctx->krbtgt_trust_dns != NULL) {
+		krb5_free_principal(ctx->smb_krb5_context->krb5_context,
+				    ctx->krbtgt_trust_dns);
+		ctx->krbtgt_trust_dns = NULL;
+	}
+
+	if (ctx->krbtgt_trust_dns_creds != NULL) {
+		krb5_free_creds(ctx->smb_krb5_context->krb5_context,
+				ctx->krbtgt_trust_dns_creds);
+		ctx->krbtgt_trust_dns_creds = NULL;
+	}
+
+	if (ctx->krbtgt_trust_netbios != NULL) {
+		krb5_free_principal(ctx->smb_krb5_context->krb5_context,
+				    ctx->krbtgt_trust_netbios);
+		ctx->krbtgt_trust_netbios = NULL;
+	}
+
+	if (ctx->krbtgt_trust_netbios_creds != NULL) {
+		krb5_free_creds(ctx->smb_krb5_context->krb5_context,
+				ctx->krbtgt_trust_netbios_creds);
+		ctx->krbtgt_trust_netbios_creds = NULL;
+	}
+
+	if (ctx->cifs_trust_dns != NULL) {
+		krb5_free_principal(ctx->smb_krb5_context->krb5_context,
+				    ctx->cifs_trust_dns);
+		ctx->cifs_trust_dns = NULL;
+	}
+
+	if (ctx->cifs_trust_dns_creds != NULL) {
+		krb5_free_creds(ctx->smb_krb5_context->krb5_context,
+				ctx->cifs_trust_dns_creds);
+		ctx->cifs_trust_dns_creds = NULL;
+	}
+
+	if (ctx->cifs_trust_netbios != NULL) {
+		krb5_free_principal(ctx->smb_krb5_context->krb5_context,
+				    ctx->cifs_trust_netbios);
+		ctx->cifs_trust_netbios = NULL;
+	}
+
+	if (ctx->cifs_trust_netbios_creds != NULL) {
+		krb5_free_creds(ctx->smb_krb5_context->krb5_context,
+				ctx->cifs_trust_netbios_creds);
+		ctx->cifs_trust_netbios_creds = NULL;
+	}
+
+	if (ctx->drs_trust_dns != NULL) {
+		krb5_free_principal(ctx->smb_krb5_context->krb5_context,
+				    ctx->drs_trust_dns);
+		ctx->drs_trust_dns = NULL;
+	}
+
+	if (ctx->drs_trust_dns_creds != NULL) {
+		krb5_free_creds(ctx->smb_krb5_context->krb5_context,
+				ctx->drs_trust_dns_creds);
+		ctx->drs_trust_dns_creds = NULL;
+	}
+
+	if (ctx->drs_trust_netbios != NULL) {
+		krb5_free_principal(ctx->smb_krb5_context->krb5_context,
+				    ctx->drs_trust_netbios);
+		ctx->drs_trust_netbios = NULL;
+	}
+
+	if (ctx->drs_trust_netbios_creds != NULL) {
+		krb5_free_creds(ctx->smb_krb5_context->krb5_context,
+				ctx->drs_trust_netbios_creds);
+		ctx->drs_trust_netbios_creds = NULL;
+	}
+
+	if (ctx->four_trust_dns != NULL) {
+		krb5_free_principal(ctx->smb_krb5_context->krb5_context,
+				    ctx->four_trust_dns);
+		ctx->four_trust_dns = NULL;
+	}
+
+	if (ctx->four_trust_dns_creds != NULL) {
+		krb5_free_creds(ctx->smb_krb5_context->krb5_context,
+				ctx->four_trust_dns_creds);
+		ctx->four_trust_dns_creds = NULL;
+	}
+
+	krb5_free_cred_contents(ctx->smb_krb5_context->krb5_context,
+				&ctx->krbtgt_referral_creds);
+
+	free_Ticket(&ctx->krbtgt_referral_ticket);
+
+	krb5_free_keyblock_contents(ctx->smb_krb5_context->krb5_context,
+				    &ctx->krbtgt_referral_keyblock);
+
+	free_EncTicketPart(&ctx->krbtgt_referral_enc_part);
+
+	krb5_free_error_contents(ctx->smb_krb5_context->krb5_context,
+				 &ctx->error);
+
+	talloc_unlink(ctx, ctx->smb_krb5_context);
+	ctx->smb_krb5_context = NULL;
+	return 0;
+}
+
+static bool check_pw_with_krb5(struct torture_context *tctx,
+			       struct cli_credentials *credentials,
+			       const struct lsa_TrustDomainInfoInfoEx *trusted)
+{
+	const char *trusted_dns_name = trusted->domain_name.string;
+	const char *trusted_netbios_name = trusted->netbios_name.string;
+	char *trusted_realm_name = NULL;
+	krb5_principal principal = NULL;
+	enum credentials_obtained obtained;
+	const char *error_string = NULL;
+	const char *workstation = cli_credentials_get_workstation(credentials);
+	const char *password = cli_credentials_get_password(credentials);
+#ifndef USING_EMBEDDED_HEIMDAL
+	const struct samr_Password *nthash = NULL;
+	const struct samr_Password *old_nthash = NULL;
+#endif
+	const char *old_password = cli_credentials_get_old_password(credentials);
+#ifndef USING_EMBEDDED_HEIMDAL
+	int kvno = cli_credentials_get_kvno(credentials);
+	int expected_kvno = 0;
+	krb5uint32 t_kvno = 0;
+#endif
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	krb5_error_code k5ret;
+	krb5_boolean k5ok;
+	int type;
+	bool ok;
+	struct check_pw_with_krb5_ctx *ctx = NULL;
+	char *assertion_message = NULL;
+	const char *realm = NULL;
+	char *upn_realm_string = NULL;
+	char *upn_dns_string = NULL;
+	char *upn_netbios_string = NULL;
+	char *krbtgt_cc_name = NULL;
+	char *krbtgt_trust_realm_string = NULL;
+	char *krbtgt_trust_dns_string = NULL;
+	char *krbtgt_trust_netbios_string = NULL;
+	char *cifs_trust_dns_string = NULL;
+	char *cifs_trust_netbios_string = NULL;
+	char *drs_trust_dns_string = NULL;
+	char *drs_trust_netbios_string = NULL;
+	char *four_trust_dns_string = NULL;
+
+	ctx = talloc_zero(tctx, struct check_pw_with_krb5_ctx);
+	torture_assert(tctx, ctx != NULL, "Failed to allocate");
+
+	realm = cli_credentials_get_realm(credentials);
+	trusted_realm_name = strupper_talloc(tctx, trusted_dns_name);
+
+#ifndef USING_EMBEDDED_HEIMDAL
+	nthash = cli_credentials_get_nt_hash(credentials, ctx);
+	old_nthash = cli_credentials_get_old_nt_hash(credentials, ctx);
+#endif
+
+	k5ret = smb_krb5_init_context(ctx, tctx->lp_ctx, &ctx->smb_krb5_context);
+	torture_assert_int_equal(tctx, k5ret, 0, "smb_krb5_init_context failed");
+
+	ctx->server_nb_domain = cli_credentials_get_domain(credentials);
+	ctx->server_dns_domain = cli_credentials_get_realm(credentials);
+
+	ok = interpret_string_addr_internal(&ctx->server, host, 0);
+	torture_assert(tctx, ok, "Failed to parse target server");
+	talloc_set_destructor(ctx, check_pw_with_krb5_ctx_destructor);
+
+	set_sockaddr_port(ctx->server->ai_addr, 88);
+
+	k5ret = smb_krb5_set_send_to_kdc_func(ctx->smb_krb5_context,
+					      check_pw_with_krb5_send_to_realm,
+					      NULL, /* send_to_kdc */
+					      ctx);
+	torture_assert_int_equal(tctx, k5ret, 0, "krb5_set_send_to_kdc_func failed");
+
+	torture_assert_int_equal(tctx,
+			krb5_get_init_creds_opt_alloc(ctx->smb_krb5_context->krb5_context,
+						      &ctx->krb_options),
+			0, "krb5_get_init_creds_opt_alloc failed");
+	torture_assert_int_equal(tctx,
+			krb5_get_init_creds_opt_set_pac_request(
+				ctx->smb_krb5_context->krb5_context,
+				ctx->krb_options, true),
+			0, "krb5_get_init_creds_opt_set_pac_request failed");
+
+	upn_realm_string = talloc_asprintf(ctx, "user@%s",
+					   trusted_realm_name);
+	torture_assert_int_equal(tctx,
+			smb_krb5_make_principal(ctx->smb_krb5_context->krb5_context,
+						&ctx->upn_realm,
+						realm, upn_realm_string, NULL),
+			0, "smb_krb5_make_principal failed");
+	smb_krb5_principal_set_type(ctx->smb_krb5_context->krb5_context,
+				    ctx->upn_realm, KRB5_NT_ENTERPRISE_PRINCIPAL);
+
+	upn_dns_string = talloc_asprintf(ctx, "user@%s",
+					 trusted_dns_name);
+	torture_assert_int_equal(tctx,
+			smb_krb5_make_principal(ctx->smb_krb5_context->krb5_context,
+						&ctx->upn_dns,
+						realm, upn_dns_string, NULL),
+			0, "smb_krb5_make_principal failed");
+	smb_krb5_principal_set_type(ctx->smb_krb5_context->krb5_context,
+				    ctx->upn_dns, KRB5_NT_ENTERPRISE_PRINCIPAL);
+
+	upn_netbios_string = talloc_asprintf(ctx, "user@%s",
+					 trusted_netbios_name);
+	torture_assert_int_equal(tctx,
+			smb_krb5_make_principal(ctx->smb_krb5_context->krb5_context,
+						&ctx->upn_netbios,
+						realm, upn_netbios_string, NULL),
+			0, "smb_krb5_make_principal failed");
+	smb_krb5_principal_set_type(ctx->smb_krb5_context->krb5_context,
+				    ctx->upn_netbios, KRB5_NT_ENTERPRISE_PRINCIPAL);
+
+	k5ret = principal_from_credentials(ctx, credentials, ctx->smb_krb5_context,
+					   &principal, &obtained,  &error_string);
+	torture_assert_int_equal(tctx, k5ret, 0, error_string);
+
+	ZERO_STRUCT(ctx->counts);
+	k5ret = krb5_get_init_creds_password(ctx->smb_krb5_context->krb5_context,
+					     &ctx->my_creds, ctx->upn_realm,
+					     "_none_", NULL, NULL, 0,
+					     NULL, ctx->krb_options);
+	assertion_message = talloc_asprintf(ctx,
+				"krb5_get_init_creds_password(%s, canon) for failed: "
+				"(%d) %s; t[d=0x%x,t=0x%x,a=0x%x] [io=%u,error=%u/%u,ok=%u]",
+				upn_realm_string,
+				k5ret,
+				smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
+							   k5ret, ctx),
+				trusted->trust_direction,
+				trusted->trust_type,
+				trusted->trust_attributes,
+				ctx->counts.io, ctx->counts.error_io, ctx->counts.errors, ctx->counts.ok);
+	torture_assert_int_equal(tctx, k5ret, KRB5_KDC_UNREACH, assertion_message);
+	torture_assert_int_equal(tctx, ctx->counts.io, 1, assertion_message);
+	torture_assert_int_equal(tctx, ctx->counts.error_io, 1, assertion_message);
+	torture_assert_int_equal(tctx, KRB5_ERROR_CODE(&ctx->error), 68, assertion_message);
+	torture_assert(tctx, ctx->error.crealm != NULL, assertion_message);
+	torture_assert_str_equal(tctx, *ctx->error.crealm, trusted_realm_name, assertion_message);
+#ifdef USING_EMBEDDED_HEIMDAL
+	torture_assert(tctx, ctx->error.cname != NULL, assertion_message);
+	torture_assert_int_equal(tctx, ctx->error.cname->name_type, KRB5_NT_ENTERPRISE_PRINCIPAL, assertion_message);
+	torture_assert_int_equal(tctx, ctx->error.cname->name_string.len, 1, assertion_message);
+	torture_assert_str_equal(tctx, ctx->error.cname->name_string.val[0], upn_realm_string, assertion_message);
+#else
+	torture_assert(tctx, ctx->error.cname == NULL, assertion_message);
+#endif
+	torture_assert_str_equal(tctx, ctx->error.realm, realm, assertion_message);
+
+	ZERO_STRUCT(ctx->counts);
+	k5ret = krb5_get_init_creds_password(ctx->smb_krb5_context->krb5_context,
+					     &ctx->my_creds, ctx->upn_dns,
+					     "_none_", NULL, NULL, 0,
+					     NULL, ctx->krb_options);
+	assertion_message = talloc_asprintf(ctx,
+				"krb5_get_init_creds_password(%s, canon) for failed: "
+				"(%d) %s; t[d=0x%x,t=0x%x,a=0x%x] [io=%u,error=%u/%u,ok=%u]",
+				upn_dns_string,
+				k5ret,
+				smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
+							   k5ret, ctx),
+				trusted->trust_direction,
+				trusted->trust_type,
+				trusted->trust_attributes,
+				ctx->counts.io, ctx->counts.error_io, ctx->counts.errors, ctx->counts.ok);
+	torture_assert_int_equal(tctx, k5ret, KRB5_KDC_UNREACH, assertion_message);
+	torture_assert_int_equal(tctx, ctx->counts.io, 1, assertion_message);
+	torture_assert_int_equal(tctx, ctx->counts.error_io, 1, assertion_message);
+	torture_assert_int_equal(tctx, KRB5_ERROR_CODE(&ctx->error), 68, assertion_message);
+	torture_assert(tctx, ctx->error.crealm != NULL, assertion_message);
+	torture_assert_str_equal(tctx, *ctx->error.crealm, trusted_realm_name, assertion_message);
+#ifdef USING_EMBEDDED_HEIMDAL
+	torture_assert(tctx, ctx->error.cname != NULL, assertion_message);
+	torture_assert_int_equal(tctx, ctx->error.cname->name_type, KRB5_NT_ENTERPRISE_PRINCIPAL, assertion_message);
+	torture_assert_int_equal(tctx, ctx->error.cname->name_string.len, 1, assertion_message);
+	torture_assert_str_equal(tctx, ctx->error.cname->name_string.val[0], upn_dns_string, assertion_message);
+#else
+	torture_assert(tctx, ctx->error.cname == NULL, assertion_message);
+#endif
+	torture_assert_str_equal(tctx, ctx->error.realm, realm, assertion_message);
+
+	ZERO_STRUCT(ctx->counts);
+	k5ret = krb5_get_init_creds_password(ctx->smb_krb5_context->krb5_context,
+					     &ctx->my_creds, ctx->upn_netbios,
+					     "_none_", NULL, NULL, 0,
+					     NULL, ctx->krb_options);
+	assertion_message = talloc_asprintf(ctx,
+				"krb5_get_init_creds_password(%s, canon) for failed: "
+				"(%d) %s; t[d=0x%x,t=0x%x,a=0x%x] [io=%u,error=%u/%u,ok=%u]",
+				upn_netbios_string,
+				k5ret,
+				smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
+							   k5ret, ctx),
+				trusted->trust_direction,
+				trusted->trust_type,
+				trusted->trust_attributes,
+				ctx->counts.io, ctx->counts.error_io, ctx->counts.errors, ctx->counts.ok);
+	torture_assert_int_equal(tctx, k5ret, KRB5_KDC_UNREACH, assertion_message);
+	torture_assert_int_equal(tctx, ctx->counts.io, 1, assertion_message);
+	torture_assert_int_equal(tctx, ctx->counts.error_io, 1, assertion_message);
+	torture_assert_int_equal(tctx, KRB5_ERROR_CODE(&ctx->error), 68, assertion_message);
+	torture_assert(tctx, ctx->error.crealm != NULL, assertion_message);
+	torture_assert_str_equal(tctx, *ctx->error.crealm, trusted_realm_name, assertion_message);
+#ifdef USING_EMBEDDED_HEIMDAL
+	torture_assert(tctx, ctx->error.cname != NULL, assertion_message);
+	torture_assert_int_equal(tctx, ctx->error.cname->name_type, KRB5_NT_ENTERPRISE_PRINCIPAL, assertion_message);
+	torture_assert_int_equal(tctx, ctx->error.cname->name_string.len, 1, assertion_message);
+	torture_assert_str_equal(tctx, ctx->error.cname->name_string.val[0], upn_netbios_string, assertion_message);
+#else
+	torture_assert(tctx, ctx->error.cname == NULL, assertion_message);
+#endif
+	torture_assert_str_equal(tctx, ctx->error.realm, realm, assertion_message);
+
+	torture_comment(tctx, "(%s:%s) password[%s] old_password[%s]\n",
+			__location__, __FUNCTION__,
+			password, old_password);
+	if (old_password != NULL) {
+		k5ret = krb5_get_init_creds_password(ctx->smb_krb5_context->krb5_context,
+						     &ctx->my_creds, principal,
+						     old_password, NULL, NULL, 0,
+						     NULL, ctx->krb_options);
+		torture_assert_int_equal(tctx, k5ret, KRB5KDC_ERR_PREAUTH_FAILED,
+					 "preauth should fail with old password");
+	}
+
+	k5ret = krb5_get_init_creds_password(ctx->smb_krb5_context->krb5_context,
+					     &ctx->my_creds, principal,
+					     password, NULL, NULL, 0,
+					     NULL, ctx->krb_options);
+	if (k5ret == KRB5KDC_ERR_PREAUTH_FAILED) {
+		TALLOC_FREE(ctx);
+		return false;
+	}
+
+	assertion_message = talloc_asprintf(ctx,
+				"krb5_get_init_creds_password for failed: %s",
+				smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
+							   k5ret, ctx));
+	torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+
+	torture_assert_int_equal(tctx,
+			krb5_get_creds_opt_alloc(ctx->smb_krb5_context->krb5_context,
+						 &ctx->opt_canon),
+			0, "krb5_get_creds_opt_alloc");
+
+	krb5_get_creds_opt_add_options(ctx->smb_krb5_context->krb5_context,
+				       ctx->opt_canon,
+				       KRB5_GC_CANONICALIZE);
+
+	krb5_get_creds_opt_add_options(ctx->smb_krb5_context->krb5_context,
+				       ctx->opt_canon,
+				       KRB5_GC_NO_STORE);
+
+	torture_assert_int_equal(tctx,
+			krb5_get_creds_opt_alloc(ctx->smb_krb5_context->krb5_context,
+						 &ctx->opt_nocanon),
+			0, "krb5_get_creds_opt_alloc");
+
+	krb5_get_creds_opt_add_options(ctx->smb_krb5_context->krb5_context,
+				       ctx->opt_nocanon,
+				       KRB5_GC_NO_STORE);
+
+	krbtgt_cc_name = talloc_asprintf(ctx, "MEMORY:%p.krbtgt", ctx->smb_krb5_context);
+	torture_assert_int_equal(tctx,
+			krb5_cc_resolve(ctx->smb_krb5_context->krb5_context,
+					krbtgt_cc_name,
+					&ctx->krbtgt_ccache),
+			0, "krb5_cc_resolve failed");
+
+	torture_assert_int_equal(tctx,
+			krb5_cc_initialize(ctx->smb_krb5_context->krb5_context,
+					   ctx->krbtgt_ccache,
+					   ctx->my_creds.client),
+			0, "krb5_cc_initialize failed");
+
+	torture_assert_int_equal(tctx,
+			krb5_cc_store_cred(ctx->smb_krb5_context->krb5_context,
+					   ctx->krbtgt_ccache,
+					   &ctx->my_creds),
+			0, "krb5_cc_store_cred failed");
+
+	krbtgt_trust_realm_string = talloc_asprintf(ctx, "krbtgt/%s@%s",
+						    trusted_realm_name, realm);
+	torture_assert_int_equal(tctx,
+			smb_krb5_make_principal(ctx->smb_krb5_context->krb5_context,
+						&ctx->krbtgt_trust_realm,
+						realm, "krbtgt",
+						trusted_realm_name, NULL),
+			0, "smb_krb5_make_principal failed");
+
+	krbtgt_trust_dns_string = talloc_asprintf(ctx, "krbtgt/%s@%s",
+						  trusted_dns_name, realm);
+	torture_assert_int_equal(tctx,
+			smb_krb5_make_principal(ctx->smb_krb5_context->krb5_context,
+						&ctx->krbtgt_trust_dns,
+						realm, "krbtgt",
+						trusted_dns_name, NULL),
+			0, "smb_krb5_make_principal failed");
+
+	krbtgt_trust_netbios_string = talloc_asprintf(ctx, "krbtgt/%s@%s",
+						      trusted_netbios_name, realm);
+	torture_assert_int_equal(tctx,
+			smb_krb5_make_principal(ctx->smb_krb5_context->krb5_context,
+						&ctx->krbtgt_trust_netbios,
+						realm, "krbtgt",
+						trusted_netbios_name, NULL),
+			0, "smb_krb5_make_principal failed");
+
+	/* Confirm if we can do a TGS for krbtgt/trusted_realm */
+	ZERO_STRUCT(ctx->counts);
+	k5ret = krb5_get_creds(ctx->smb_krb5_context->krb5_context,
+			       ctx->opt_nocanon,
+			       ctx->krbtgt_ccache,
+			       ctx->krbtgt_trust_realm,
+			       &ctx->krbtgt_trust_realm_creds);
+	assertion_message = talloc_asprintf(ctx,
+				"krb5_get_creds(%s, canon) for failed: "
+				"(%d) %s; t[d=0x%x,t=0x%x,a=0x%x] [io=%u,error=%u,ok=%u]",
+				krbtgt_trust_realm_string,
+				k5ret,
+				smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
+							   k5ret, ctx),
+				trusted->trust_direction,
+				trusted->trust_type,
+				trusted->trust_attributes,
+				ctx->counts.io, ctx->counts.errors, ctx->counts.ok);
+	torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+	torture_assert_int_equal(tctx, ctx->counts.io, 1, assertion_message);
+	torture_assert_int_equal(tctx, ctx->counts.ok, 1, assertion_message);
+
+	k5ok = krb5_principal_compare(ctx->smb_krb5_context->krb5_context,
+				      ctx->krbtgt_trust_realm_creds->server,
+				      ctx->krbtgt_trust_realm);
+	torture_assert(tctx, k5ok, assertion_message);
+	type = smb_krb5_principal_get_type(ctx->smb_krb5_context->krb5_context,
+					   ctx->krbtgt_trust_realm_creds->server);
+	torture_assert_int_equal(tctx, type, KRB5_NT_SRV_INST, assertion_message);
+
+	/* Confirm if we have no referral ticket in the cache */
+	krb5_free_cred_contents(ctx->smb_krb5_context->krb5_context,
+				&ctx->krbtgt_referral_creds);
+	k5ret = krb5_cc_retrieve_cred(ctx->smb_krb5_context->krb5_context,
+				      ctx->krbtgt_ccache,
+				      0,
+				      ctx->krbtgt_trust_realm_creds,
+				      &ctx->krbtgt_referral_creds);
+	assertion_message = talloc_asprintf(ctx,
+				"krb5_cc_retrieve_cred(%s) for failed: (%d) %s",
+				krbtgt_trust_realm_string,
+				k5ret,
+				smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
+							   k5ret, ctx));
+	torture_assert_int_equal(tctx, k5ret, KRB5_CC_END, assertion_message);
+
+	/* Confirm if we can do a TGS for krbtgt/trusted_dns with CANON */
+	ZERO_STRUCT(ctx->counts);
+	k5ret = krb5_get_creds(ctx->smb_krb5_context->krb5_context,
+			       ctx->opt_canon,
+			       ctx->krbtgt_ccache,
+			       ctx->krbtgt_trust_dns,
+			       &ctx->krbtgt_trust_dns_creds);
+	assertion_message = talloc_asprintf(ctx,
+				"krb5_get_creds(%s, canon) for failed: "
+				"(%d) %s; t[d=0x%x,t=0x%x,a=0x%x] [io=%u,error=%u,ok=%u]",
+				krbtgt_trust_dns_string,
+				k5ret,
+				smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
+							   k5ret, ctx),
+				trusted->trust_direction,
+				trusted->trust_type,
+				trusted->trust_attributes,
+				ctx->counts.io, ctx->counts.errors, ctx->counts.ok);
+#ifdef USING_EMBEDDED_HEIMDAL
+	torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+#else
+	torture_assert_int_equal(tctx, k5ret, KRB5_KDC_UNREACH, assertion_message);
+#endif
+	torture_assert_int_equal(tctx, ctx->counts.io, 1, assertion_message);
+	torture_assert_int_equal(tctx, ctx->counts.ok, 1, assertion_message);
+
+	/* Confirm if we have the referral ticket in the cache */
+	krb5_free_cred_contents(ctx->smb_krb5_context->krb5_context,
+				&ctx->krbtgt_referral_creds);
+	k5ret = krb5_cc_retrieve_cred(ctx->smb_krb5_context->krb5_context,
+				      ctx->krbtgt_ccache,
+				      0,
+				      ctx->krbtgt_trust_realm_creds,
+				      &ctx->krbtgt_referral_creds);
+	assertion_message = talloc_asprintf(ctx,
+				"krb5_cc_retrieve_cred(%s) for failed: (%d) %s",
+				krbtgt_trust_realm_string,
+				k5ret,
+				smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
+							   k5ret, ctx));
+#ifdef USING_EMBEDDED_HEIMDAL
+	torture_assert_int_equal(tctx, k5ret, KRB5_CC_END, assertion_message);
+#else
+	torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+
+	k5ok = krb5_principal_compare(ctx->smb_krb5_context->krb5_context,
+				      ctx->krbtgt_referral_creds.server,
+				      ctx->krbtgt_trust_realm);
+	torture_assert(tctx, k5ok, assertion_message);
+	type = smb_krb5_principal_get_type(ctx->smb_krb5_context->krb5_context,
+					   ctx->krbtgt_referral_creds.server);
+	torture_assert_int_equal(tctx, type, KRB5_NT_SRV_INST, assertion_message);
+	k5ret = decode_Ticket(ctx->krbtgt_referral_creds.ticket.data,
+			      ctx->krbtgt_referral_creds.ticket.length,
+			      &ctx->krbtgt_referral_ticket, NULL);
+	torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+	if (kvno > 0) {
+		expected_kvno = kvno - 1;
+	}
+	if (ctx->krbtgt_referral_ticket.enc_part.kvno != NULL) {
+		t_kvno = *ctx->krbtgt_referral_ticket.enc_part.kvno;
+		assertion_message = talloc_asprintf(ctx,
+				"krbtgt_referral_ticket(%s) kvno(%u) expected(%u) current(%u)",
+				krbtgt_trust_realm_string,
+				(unsigned)t_kvno, (unsigned)expected_kvno,(unsigned)kvno);
+		torture_comment(tctx, "%s\n", assertion_message);
+		torture_assert_int_not_equal(tctx, t_kvno, 0, assertion_message);
+	} else {
+		assertion_message = talloc_asprintf(ctx,
+				"krbtgt_referral_ticket(%s) kvno(NULL) expected(%u) current(%u)",
+				krbtgt_trust_realm_string,
+				(unsigned)expected_kvno,(unsigned)kvno);
+		torture_comment(tctx, "%s\n", assertion_message);
+	}
+	torture_assert_int_equal(tctx, t_kvno, expected_kvno, assertion_message);
+
+	if (old_nthash != NULL && expected_kvno != kvno) {
+		torture_comment(tctx, "old_nthash: %s\n", assertion_message);
+		k5ret = smb_krb5_keyblock_init_contents(ctx->smb_krb5_context->krb5_context,
+							ENCTYPE_ARCFOUR_HMAC,
+							old_nthash->hash,
+							sizeof(old_nthash->hash),
+							&ctx->krbtgt_referral_keyblock);
+		torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+	} else {
+		torture_comment(tctx, "nthash: %s\n", assertion_message);
+		k5ret = smb_krb5_keyblock_init_contents(ctx->smb_krb5_context->krb5_context,
+							ENCTYPE_ARCFOUR_HMAC,
+							nthash->hash,
+							sizeof(nthash->hash),
+							&ctx->krbtgt_referral_keyblock);
+		torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+	}
+	k5ret = krb5_decrypt_ticket(ctx->smb_krb5_context->krb5_context,
+				    &ctx->krbtgt_referral_ticket,
+				    &ctx->krbtgt_referral_keyblock,
+				    &ctx->krbtgt_referral_enc_part,
+				    0);
+	torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+
+	/* Delete the referral ticket from the cache */
+	k5ret = krb5_cc_remove_cred(ctx->smb_krb5_context->krb5_context,
+				    ctx->krbtgt_ccache,
+				    0,
+				    &ctx->krbtgt_referral_creds);
+	assertion_message = talloc_asprintf(ctx,
+				"krb5_cc_remove_cred(%s) for failed: (%d) %s",
+				krbtgt_trust_realm_string,
+				k5ret,
+				smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
+							   k5ret, ctx));
+	torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+#endif
+
+	/* Confirm if we can do a TGS for krbtgt/trusted_dns no CANON */
+	ZERO_STRUCT(ctx->counts);
+	k5ret = krb5_get_creds(ctx->smb_krb5_context->krb5_context,
+			       ctx->opt_nocanon,
+			       ctx->krbtgt_ccache,
+			       ctx->krbtgt_trust_dns,
+			       &ctx->krbtgt_trust_dns_creds);
+	assertion_message = talloc_asprintf(ctx,
+				"krb5_get_creds(%s, nocanon) for failed: "
+				"(%d) %s; t[d=0x%x,t=0x%x,a=0x%x] [io=%u,error=%u,ok=%u]",
+				krbtgt_trust_dns_string,
+				k5ret,
+				smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
+							   k5ret, ctx),
+				trusted->trust_direction,
+				trusted->trust_type,
+				trusted->trust_attributes,
+				ctx->counts.io, ctx->counts.errors, ctx->counts.ok);
+	torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+#ifdef USING_EMBEDDED_HEIMDAL
+	torture_assert_int_equal(tctx, ctx->counts.io, 1, assertion_message);
+	torture_assert_int_equal(tctx, ctx->counts.ok, 1, assertion_message);
+#else
+	torture_assert_int_equal(tctx, ctx->counts.io, 2, assertion_message);
+	torture_assert_int_equal(tctx, ctx->counts.ok, 2, assertion_message);
+#endif
+
+	k5ok = krb5_principal_compare(ctx->smb_krb5_context->krb5_context,
+				      ctx->krbtgt_trust_dns_creds->server,
+#ifdef USING_EMBEDDED_HEIMDAL
+				      ctx->krbtgt_trust_dns);
+#else
+				      ctx->krbtgt_trust_realm);
+#endif
+	torture_assert(tctx, k5ok, assertion_message);
+	type = smb_krb5_principal_get_type(ctx->smb_krb5_context->krb5_context,
+					   ctx->krbtgt_trust_dns_creds->server);
+	torture_assert_int_equal(tctx, type, KRB5_NT_SRV_INST, assertion_message);
+
+	/* Confirm if we have the referral ticket in the cache */
+	krb5_free_cred_contents(ctx->smb_krb5_context->krb5_context,
+				&ctx->krbtgt_referral_creds);
+	k5ret = krb5_cc_retrieve_cred(ctx->smb_krb5_context->krb5_context,
+				      ctx->krbtgt_ccache,
+				      0,
+				      ctx->krbtgt_trust_realm_creds,
+				      &ctx->krbtgt_referral_creds);
+	assertion_message = talloc_asprintf(ctx,
+				"krb5_cc_retrieve_cred(%s) for failed: (%d) %s",
+				krbtgt_trust_realm_string,
+				k5ret,
+				smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
+							   k5ret, ctx));
+#ifdef USING_EMBEDDED_HEIMDAL
+	torture_assert_int_equal(tctx, k5ret, KRB5_CC_END, assertion_message);
+#else
+	torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+
+	k5ok = krb5_principal_compare(ctx->smb_krb5_context->krb5_context,
+				      ctx->krbtgt_referral_creds.server,
+				      ctx->krbtgt_trust_realm);
+	torture_assert(tctx, k5ok, assertion_message);
+	type = smb_krb5_principal_get_type(ctx->smb_krb5_context->krb5_context,
+					   ctx->krbtgt_referral_creds.server);
+	torture_assert_int_equal(tctx, type, KRB5_NT_SRV_INST, assertion_message);
+
+	/* Delete the referral ticket from the cache */
+	k5ret = krb5_cc_remove_cred(ctx->smb_krb5_context->krb5_context,
+				    ctx->krbtgt_ccache,
+				    0,
+				    &ctx->krbtgt_referral_creds);
+	assertion_message = talloc_asprintf(ctx,
+				"krb5_cc_remove_cred(%s) for failed: (%d) %s",
+				krbtgt_trust_realm_string,
+				k5ret,
+				smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
+							   k5ret, ctx));
+	torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+#endif
+
+	/* Confirm if we can do a TGS for krbtgt/NETBIOS with CANON */
+	ZERO_STRUCT(ctx->counts);
+	k5ret = krb5_get_creds(ctx->smb_krb5_context->krb5_context,
+			       ctx->opt_canon,
+			       ctx->krbtgt_ccache,
+			       ctx->krbtgt_trust_netbios,
+			       &ctx->krbtgt_trust_netbios_creds);
+	assertion_message = talloc_asprintf(ctx,
+				"krb5_get_creds(%s, canon) for failed: "
+				"(%d) %s; t[d=0x%x,t=0x%x,a=0x%x] [io=%u,error=%u,ok=%u]",
+				krbtgt_trust_netbios_string,
+				k5ret,
+				smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
+							   k5ret, ctx),
+				trusted->trust_direction,
+				trusted->trust_type,
+				trusted->trust_attributes,
+				ctx->counts.io, ctx->counts.errors, ctx->counts.ok);
+#ifdef USING_EMBEDDED_HEIMDAL
+	torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+#else
+	torture_assert_int_equal(tctx, k5ret, KRB5_KDC_UNREACH, assertion_message);
+#endif
+	torture_assert_int_equal(tctx, ctx->counts.io, 1, assertion_message);
+	torture_assert_int_equal(tctx, ctx->counts.ok, 1, assertion_message);
+
+	/* Confirm if we have the referral ticket in the cache */
+	krb5_free_cred_contents(ctx->smb_krb5_context->krb5_context,
+				&ctx->krbtgt_referral_creds);
+	k5ret = krb5_cc_retrieve_cred(ctx->smb_krb5_context->krb5_context,
+				      ctx->krbtgt_ccache,
+				      0,
+				      ctx->krbtgt_trust_realm_creds,
+				      &ctx->krbtgt_referral_creds);
+	assertion_message = talloc_asprintf(ctx,
+				"krb5_cc_retrieve_cred(%s) for failed: (%d) %s",
+				krbtgt_trust_netbios_string,
+				k5ret,
+				smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
+							   k5ret, ctx));
+#ifdef USING_EMBEDDED_HEIMDAL
+	torture_assert_int_equal(tctx, k5ret, KRB5_CC_END, assertion_message);
+#else
+	torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+
+	k5ok = krb5_principal_compare(ctx->smb_krb5_context->krb5_context,
+				      ctx->krbtgt_referral_creds.server,
+				      ctx->krbtgt_trust_realm);
+	torture_assert(tctx, k5ok, assertion_message);
+	type = smb_krb5_principal_get_type(ctx->smb_krb5_context->krb5_context,
+					   ctx->krbtgt_referral_creds.server);
+	torture_assert_int_equal(tctx, type, KRB5_NT_SRV_INST, assertion_message);
+
+	/* Delete the referral ticket from the cache */
+	k5ret = krb5_cc_remove_cred(ctx->smb_krb5_context->krb5_context,
+				    ctx->krbtgt_ccache,
+				    0,
+				    &ctx->krbtgt_referral_creds);
+	assertion_message = talloc_asprintf(ctx,
+				"krb5_cc_remove_cred(%s) for failed: (%d) %s",
+				krbtgt_trust_realm_string,
+				k5ret,
+				smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
+							   k5ret, ctx));
+	torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+#endif
+
+	/* Confirm if we can do a TGS for krbtgt/NETBIOS no CANON */
+	ZERO_STRUCT(ctx->counts);
+	k5ret = krb5_get_creds(ctx->smb_krb5_context->krb5_context,
+			       ctx->opt_nocanon,
+			       ctx->krbtgt_ccache,
+			       ctx->krbtgt_trust_netbios,
+			       &ctx->krbtgt_trust_netbios_creds);
+	assertion_message = talloc_asprintf(ctx,
+				"krb5_get_creds(%s, nocanon) for failed: "
+				"(%d) %s; t[d=0x%x,t=0x%x,a=0x%x] [io=%u,error=%u,ok=%u]",
+				krbtgt_trust_netbios_string,
+				k5ret,
+				smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
+							   k5ret, ctx),
+				trusted->trust_direction,
+				trusted->trust_type,
+				trusted->trust_attributes,
+				ctx->counts.io, ctx->counts.errors, ctx->counts.ok);
+	torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+#ifdef USING_EMBEDDED_HEIMDAL
+	torture_assert_int_equal(tctx, ctx->counts.io, 1, assertion_message);
+	torture_assert_int_equal(tctx, ctx->counts.ok, 1, assertion_message);
+#else
+	torture_assert_int_equal(tctx, ctx->counts.io, 2, assertion_message);
+	torture_assert_int_equal(tctx, ctx->counts.ok, 2, assertion_message);
+#endif
+
+	k5ok = krb5_principal_compare(ctx->smb_krb5_context->krb5_context,
+				      ctx->krbtgt_trust_netbios_creds->server,
+#ifdef USING_EMBEDDED_HEIMDAL
+				      ctx->krbtgt_trust_netbios);
+#else
+				      ctx->krbtgt_trust_realm);
+#endif
+	torture_assert(tctx, k5ok, assertion_message);
+	type = smb_krb5_principal_get_type(ctx->smb_krb5_context->krb5_context,
+					   ctx->krbtgt_trust_netbios_creds->server);
+	torture_assert_int_equal(tctx, type, KRB5_NT_SRV_INST, assertion_message);
+
+	/* Confirm if we have the referral ticket in the cache */
+	krb5_free_cred_contents(ctx->smb_krb5_context->krb5_context,
+				&ctx->krbtgt_referral_creds);
+	k5ret = krb5_cc_retrieve_cred(ctx->smb_krb5_context->krb5_context,
+				      ctx->krbtgt_ccache,
+				      0,
+				      ctx->krbtgt_trust_realm_creds,
+				      &ctx->krbtgt_referral_creds);
+	assertion_message = talloc_asprintf(ctx,
+				"krb5_cc_retrieve_cred(%s) for failed: (%d) %s",
+				krbtgt_trust_realm_string,
+				k5ret,
+				smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
+							   k5ret, ctx));
+#ifdef USING_EMBEDDED_HEIMDAL
+	torture_assert_int_equal(tctx, k5ret, KRB5_CC_END, assertion_message);
+#else
+	torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+
+	k5ok = krb5_principal_compare(ctx->smb_krb5_context->krb5_context,
+				      ctx->krbtgt_referral_creds.server,
+				      ctx->krbtgt_trust_realm);
+	torture_assert(tctx, k5ok, assertion_message);
+	type = smb_krb5_principal_get_type(ctx->smb_krb5_context->krb5_context,
+					   ctx->krbtgt_referral_creds.server);
+	torture_assert_int_equal(tctx, type, KRB5_NT_SRV_INST, assertion_message);
+
+	/* Delete the referral ticket from the cache */
+	k5ret = krb5_cc_remove_cred(ctx->smb_krb5_context->krb5_context,
+				    ctx->krbtgt_ccache,
+				    0,
+				    &ctx->krbtgt_referral_creds);
+	assertion_message = talloc_asprintf(ctx,
+				"krb5_cc_remove_cred(%s) for failed: (%d) %s",
+				krbtgt_trust_realm_string,
+				k5ret,
+				smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
+							   k5ret, ctx));
+	torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+#endif
+
+	cifs_trust_dns_string = talloc_asprintf(ctx, "cifs/%s@%s",
+						trusted_dns_name, realm);
+	torture_assert_int_equal(tctx,
+			smb_krb5_make_principal(ctx->smb_krb5_context->krb5_context,
+						&ctx->cifs_trust_dns,
+						realm, "cifs",
+						trusted_dns_name, NULL),
+			0, "smb_krb5_make_principal failed");
+
+	/* Confirm if we get krbtgt/trusted_realm back when asking for cifs/trusted_realm */
+	ZERO_STRUCT(ctx->counts);
+	k5ret = krb5_get_creds(ctx->smb_krb5_context->krb5_context,
+			       ctx->opt_canon,
+			       ctx->krbtgt_ccache,
+			       ctx->cifs_trust_dns,
+			       &ctx->cifs_trust_dns_creds);
+	assertion_message = talloc_asprintf(ctx,
+				"krb5_get_creds(%s) for failed: (%d) %s; t[d=0x%x,t=0x%x,a=0x%x] [io=%u,error=%u,ok=%u]",
+				cifs_trust_dns_string,
+				k5ret,
+				smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
+							   k5ret, ctx),
+				trusted->trust_direction,
+				trusted->trust_type,
+				trusted->trust_attributes,
+				ctx->counts.io, ctx->counts.errors, ctx->counts.ok);
+	torture_assert_int_equal(tctx, k5ret, KRB5_KDC_UNREACH, assertion_message);
+#ifdef USING_EMBEDDED_HEIMDAL
+	torture_assert_int_equal(tctx, ctx->counts.io, 2, assertion_message);
+	torture_assert_int_equal(tctx, ctx->counts.ok, 2, assertion_message);
+#else
+	torture_assert_int_equal(tctx, ctx->counts.io, 1, assertion_message);
+	torture_assert_int_equal(tctx, ctx->counts.ok, 1, assertion_message);
+#endif
+
+	/* Confirm if we have the referral ticket in the cache */
+	krb5_free_cred_contents(ctx->smb_krb5_context->krb5_context,
+				&ctx->krbtgt_referral_creds);
+	k5ret = krb5_cc_retrieve_cred(ctx->smb_krb5_context->krb5_context,
+				      ctx->krbtgt_ccache,
+				      0,
+				      ctx->krbtgt_trust_realm_creds,
+				      &ctx->krbtgt_referral_creds);
+	assertion_message = talloc_asprintf(ctx,
+				"krb5_cc_retrieve_cred(%s) for failed: (%d) %s",
+				krbtgt_trust_realm_string,
+				k5ret,
+				smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
+							   k5ret, ctx));
+#ifdef USING_EMBEDDED_HEIMDAL
+	torture_assert_int_equal(tctx, k5ret, KRB5_CC_END, assertion_message);
+#else
+	torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+
+	k5ok = krb5_principal_compare(ctx->smb_krb5_context->krb5_context,
+				      ctx->krbtgt_referral_creds.server,
+				      ctx->krbtgt_trust_realm);
+	torture_assert(tctx, k5ok, assertion_message);
+	type = smb_krb5_principal_get_type(ctx->smb_krb5_context->krb5_context,
+					   ctx->krbtgt_referral_creds.server);
+	torture_assert_int_equal(tctx, type, KRB5_NT_SRV_INST, assertion_message);
+
+	/* Delete the referral ticket from the cache */
+	k5ret = krb5_cc_remove_cred(ctx->smb_krb5_context->krb5_context,
+				    ctx->krbtgt_ccache,
+				    0,
+				    &ctx->krbtgt_referral_creds);
+	assertion_message = talloc_asprintf(ctx,
+				"krb5_cc_remove_cred(%s) for failed: (%d) %s",
+				krbtgt_trust_realm_string,
+				k5ret,
+				smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
+							   k5ret, ctx));
+	torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+#endif
+
+	cifs_trust_netbios_string = talloc_asprintf(ctx, "cifs/%s@%s",
+						trusted_netbios_name, realm);
+	torture_assert_int_equal(tctx,
+			smb_krb5_make_principal(ctx->smb_krb5_context->krb5_context,
+						&ctx->cifs_trust_netbios,
+						realm, "cifs",
+						trusted_netbios_name, NULL),
+			0, "smb_krb5_make_principal failed");
+
+	/* Confirm if we get krbtgt/trusted_realm back when asking for cifs/trusted_realm */
+	ZERO_STRUCT(ctx->counts);
+	k5ret = krb5_get_creds(ctx->smb_krb5_context->krb5_context,
+			       ctx->opt_canon,
+			       ctx->krbtgt_ccache,
+			       ctx->cifs_trust_netbios,
+			       &ctx->cifs_trust_netbios_creds);
+	assertion_message = talloc_asprintf(ctx,
+				"krb5_get_creds(%s) for failed: (%d) %s; t[d=0x%x,t=0x%x,a=0x%x] [io=%u,error=%u,ok=%u]",
+				cifs_trust_netbios_string,
+				k5ret,
+				smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
+							   k5ret, ctx),
+				trusted->trust_direction,
+				trusted->trust_type,
+				trusted->trust_attributes,
+				ctx->counts.io, ctx->counts.errors, ctx->counts.ok);
+	torture_assert_int_equal(tctx, k5ret, KRB5_KDC_UNREACH, assertion_message);
+#ifdef USING_EMBEDDED_HEIMDAL
+	torture_assert_int_equal(tctx, ctx->counts.io, 2, assertion_message);
+	torture_assert_int_equal(tctx, ctx->counts.ok, 2, assertion_message);
+#else
+	torture_assert_int_equal(tctx, ctx->counts.io, 1, assertion_message);
+	torture_assert_int_equal(tctx, ctx->counts.ok, 1, assertion_message);
+#endif
+
+	/* Confirm if we have the referral ticket in the cache */
+	krb5_free_cred_contents(ctx->smb_krb5_context->krb5_context,
+				&ctx->krbtgt_referral_creds);
+	k5ret = krb5_cc_retrieve_cred(ctx->smb_krb5_context->krb5_context,
+				      ctx->krbtgt_ccache,
+				      0,
+				      ctx->krbtgt_trust_realm_creds,
+				      &ctx->krbtgt_referral_creds);
+	assertion_message = talloc_asprintf(ctx,
+				"krb5_cc_retrieve_cred(%s) for failed: (%d) %s",
+				krbtgt_trust_realm_string,
+				k5ret,
+				smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
+							   k5ret, ctx));
+#ifdef USING_EMBEDDED_HEIMDAL
+	torture_assert_int_equal(tctx, k5ret, KRB5_CC_END, assertion_message);
+#else
+	torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+
+	k5ok = krb5_principal_compare(ctx->smb_krb5_context->krb5_context,
+				      ctx->krbtgt_referral_creds.server,
+				      ctx->krbtgt_trust_realm);
+	torture_assert(tctx, k5ok, assertion_message);
+	type = smb_krb5_principal_get_type(ctx->smb_krb5_context->krb5_context,
+					   ctx->krbtgt_referral_creds.server);
+	torture_assert_int_equal(tctx, type, KRB5_NT_SRV_INST, assertion_message);
+
+	/* Delete the referral ticket from the cache */
+	k5ret = krb5_cc_remove_cred(ctx->smb_krb5_context->krb5_context,
+				    ctx->krbtgt_ccache,
+				    0,
+				    &ctx->krbtgt_referral_creds);
+	assertion_message = talloc_asprintf(ctx,
+				"krb5_cc_remove_cred(%s) for failed: (%d) %s",
+				krbtgt_trust_realm_string,
+				k5ret,
+				smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
+							   k5ret, ctx));
+	torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+#endif
+
+	drs_trust_dns_string = talloc_asprintf(ctx,
+			"E3514235-4B06-11D1-AB04-00C04FC2DCD2/%s/%s@%s",
+			workstation, trusted_dns_name, realm);
+	torture_assert_int_equal(tctx,
+			smb_krb5_make_principal(ctx->smb_krb5_context->krb5_context,
+						&ctx->drs_trust_dns,
+						realm, "E3514235-4B06-11D1-AB04-00C04FC2DCD2",
+						workstation, trusted_dns_name, NULL),
+			0, "smb_krb5_make_principal failed");
+
+	/* Confirm if we get krbtgt/trusted_realm back when asking for a 3 part principal */
+	ZERO_STRUCT(ctx->counts);
+	k5ret = krb5_get_creds(ctx->smb_krb5_context->krb5_context,
+			       ctx->opt_canon,
+			       ctx->krbtgt_ccache,
+			       ctx->drs_trust_dns,
+			       &ctx->drs_trust_dns_creds);
+	assertion_message = talloc_asprintf(ctx,
+				"krb5_get_creds(%s) for failed: (%d) %s; t[d=0x%x,t=0x%x,a=0x%x] [io=%u,error=%u,ok=%u]",
+				drs_trust_dns_string,
+				k5ret,
+				smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
+							   k5ret, ctx),
+				trusted->trust_direction,
+				trusted->trust_type,
+				trusted->trust_attributes,
+				ctx->counts.io, ctx->counts.errors, ctx->counts.ok);
+	torture_assert_int_equal(tctx, k5ret, KRB5_KDC_UNREACH, assertion_message);
+#ifdef USING_EMBEDDED_HEIMDAL
+	torture_assert_int_equal(tctx, ctx->counts.io, 2, assertion_message);
+	torture_assert_int_equal(tctx, ctx->counts.ok, 2, assertion_message);
+#else
+	torture_assert_int_equal(tctx, ctx->counts.io, 1, assertion_message);
+	torture_assert_int_equal(tctx, ctx->counts.ok, 1, assertion_message);
+#endif
+
+	/* Confirm if we have the referral ticket in the cache */
+	krb5_free_cred_contents(ctx->smb_krb5_context->krb5_context,
+				&ctx->krbtgt_referral_creds);
+	k5ret = krb5_cc_retrieve_cred(ctx->smb_krb5_context->krb5_context,
+				      ctx->krbtgt_ccache,
+				      0,
+				      ctx->krbtgt_trust_realm_creds,
+				      &ctx->krbtgt_referral_creds);
+	assertion_message = talloc_asprintf(ctx,
+				"krb5_cc_retrieve_cred(%s) for failed: (%d) %s",
+				krbtgt_trust_realm_string,
+				k5ret,
+				smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
+							   k5ret, ctx));
+#ifdef USING_EMBEDDED_HEIMDAL
+	torture_assert_int_equal(tctx, k5ret, KRB5_CC_END, assertion_message);
+#else
+	torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+
+	k5ok = krb5_principal_compare(ctx->smb_krb5_context->krb5_context,
+				      ctx->krbtgt_referral_creds.server,
+				      ctx->krbtgt_trust_realm);
+	torture_assert(tctx, k5ok, assertion_message);
+	type = smb_krb5_principal_get_type(ctx->smb_krb5_context->krb5_context,
+					   ctx->krbtgt_referral_creds.server);
+	torture_assert_int_equal(tctx, type, KRB5_NT_SRV_INST, assertion_message);
+
+	/* Delete the referral ticket from the cache */
+	k5ret = krb5_cc_remove_cred(ctx->smb_krb5_context->krb5_context,
+				    ctx->krbtgt_ccache,
+				    0,
+				    &ctx->krbtgt_referral_creds);
+	assertion_message = talloc_asprintf(ctx,
+				"krb5_cc_remove_cred(%s) for failed: (%d) %s",
+				krbtgt_trust_realm_string,
+				k5ret,
+				smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
+							   k5ret, ctx));
+	torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+#endif
+
+	drs_trust_netbios_string = talloc_asprintf(ctx,
+			"E3514235-4B06-11D1-AB04-00C04FC2DCD2/%s/%s@%s",
+			workstation, trusted_netbios_name, realm);
+	torture_assert_int_equal(tctx,
+			smb_krb5_make_principal(ctx->smb_krb5_context->krb5_context,
+						&ctx->drs_trust_netbios,
+						realm, "E3514235-4B06-11D1-AB04-00C04FC2DCD2",
+						workstation, trusted_netbios_name, NULL),
+			0, "smb_krb5_make_principal failed");
+
+	/* Confirm if we get krbtgt/trusted_realm back when asking for a 3 part principal */
+	ZERO_STRUCT(ctx->counts);
+	k5ret = krb5_get_creds(ctx->smb_krb5_context->krb5_context,
+			       ctx->opt_canon,
+			       ctx->krbtgt_ccache,
+			       ctx->drs_trust_netbios,
+			       &ctx->drs_trust_netbios_creds);
+	assertion_message = talloc_asprintf(ctx,
+				"krb5_get_creds(%s) for failed: (%d) %s; t[d=0x%x,t=0x%x,a=0x%x] [io=%u,error=%u,ok=%u]",
+				drs_trust_netbios_string,
+				k5ret,
+				smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
+							   k5ret, ctx),
+				trusted->trust_direction,
+				trusted->trust_type,
+				trusted->trust_attributes,
+				ctx->counts.io, ctx->counts.errors, ctx->counts.ok);
+	torture_assert_int_equal(tctx, k5ret, KRB5_KDC_UNREACH, assertion_message);
+#ifdef USING_EMBEDDED_HEIMDAL
+	torture_assert_int_equal(tctx, ctx->counts.io, 2, assertion_message);
+	torture_assert_int_equal(tctx, ctx->counts.ok, 2, assertion_message);
+#else
+	torture_assert_int_equal(tctx, ctx->counts.io, 1, assertion_message);
+	torture_assert_int_equal(tctx, ctx->counts.ok, 1, assertion_message);
+#endif
+
+	/* Confirm if we have the referral ticket in the cache */
+	krb5_free_cred_contents(ctx->smb_krb5_context->krb5_context,
+				&ctx->krbtgt_referral_creds);
+	k5ret = krb5_cc_retrieve_cred(ctx->smb_krb5_context->krb5_context,
+				      ctx->krbtgt_ccache,
+				      0,
+				      ctx->krbtgt_trust_realm_creds,
+				      &ctx->krbtgt_referral_creds);
+	assertion_message = talloc_asprintf(ctx,
+				"krb5_cc_retrieve_cred(%s) for failed: (%d) %s",
+				krbtgt_trust_realm_string,
+				k5ret,
+				smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
+							   k5ret, ctx));
+#ifdef USING_EMBEDDED_HEIMDAL
+	torture_assert_int_equal(tctx, k5ret, KRB5_CC_END, assertion_message);
+#else
+	torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+
+	k5ok = krb5_principal_compare(ctx->smb_krb5_context->krb5_context,
+				      ctx->krbtgt_referral_creds.server,
+				      ctx->krbtgt_trust_realm);
+	torture_assert(tctx, k5ok, assertion_message);
+	type = smb_krb5_principal_get_type(ctx->smb_krb5_context->krb5_context,
+					   ctx->krbtgt_referral_creds.server);
+	torture_assert_int_equal(tctx, type, KRB5_NT_SRV_INST, assertion_message);
+
+	/* Delete the referral ticket from the cache */
+	k5ret = krb5_cc_remove_cred(ctx->smb_krb5_context->krb5_context,
+				    ctx->krbtgt_ccache,
+				    0,
+				    &ctx->krbtgt_referral_creds);
+	assertion_message = talloc_asprintf(ctx,
+				"krb5_cc_remove_cred(%s) for failed: (%d) %s",
+				krbtgt_trust_realm_string,
+				k5ret,
+				smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
+							   k5ret, ctx));
+	torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
+#endif
+
+	four_trust_dns_string = talloc_asprintf(ctx, "four/tree/two/%s@%s",
+						trusted_dns_name, realm);
+	torture_assert_int_equal(tctx,
+			smb_krb5_make_principal(ctx->smb_krb5_context->krb5_context,
+						&ctx->four_trust_dns,
+						realm, "four", "tree", "two",
+						trusted_dns_name, NULL),
+			0, "smb_krb5_make_principal failed");
+
+	/* Confirm if we get an error back for a 4 part principal */
+	ZERO_STRUCT(ctx->counts);
+	k5ret = krb5_get_creds(ctx->smb_krb5_context->krb5_context,
+			       ctx->opt_canon,
+			       ctx->krbtgt_ccache,
+			       ctx->four_trust_dns,
+			       &ctx->four_trust_dns_creds);
+	assertion_message = talloc_asprintf(ctx,
+				"krb5_get_creds(%s) for failed: (%d) %s; t[d=0x%x,t=0x%x,a=0x%x] [io=%u,error=%u,ok=%u]",
+				four_trust_dns_string,
+				k5ret,
+				smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
+							   k5ret, ctx),
+				trusted->trust_direction,
+				trusted->trust_type,
+				trusted->trust_attributes,
+				ctx->counts.io, ctx->counts.errors, ctx->counts.ok);
+	torture_assert_int_equal(tctx, k5ret, KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN, assertion_message);
+#ifdef USING_EMBEDDED_HEIMDAL
+	torture_assert_int_equal(tctx, ctx->counts.io, 2, assertion_message);
+	torture_assert_int_equal(tctx, ctx->counts.error_io, 2, assertion_message);
+#else
+	torture_assert_int_equal(tctx, ctx->counts.io, 1, assertion_message);
+	torture_assert_int_equal(tctx, ctx->counts.error_io, 1, assertion_message);
+#endif
+	torture_assert_int_equal(tctx, KRB5_ERROR_CODE(&ctx->error), 7, assertion_message);
+
+	/* Confirm if we have no referral ticket in the cache */
+	krb5_free_cred_contents(ctx->smb_krb5_context->krb5_context,
+				&ctx->krbtgt_referral_creds);
+	k5ret = krb5_cc_retrieve_cred(ctx->smb_krb5_context->krb5_context,
+				      ctx->krbtgt_ccache,
+				      0,
+				      ctx->krbtgt_trust_realm_creds,
+				      &ctx->krbtgt_referral_creds);
+	assertion_message = talloc_asprintf(ctx,
+				"krb5_cc_retrieve_cred(%s) for failed: (%d) %s",
+				krbtgt_trust_realm_string,
+				k5ret,
+				smb_get_krb5_error_message(ctx->smb_krb5_context->krb5_context,
+							   k5ret, ctx));
+	torture_assert_int_equal(tctx, k5ret, KRB5_CC_END, assertion_message);
+
+	TALLOC_FREE(ctx);
+	return true;
+}
+#endif
+
+static bool check_dom_trust_pw(struct dcerpc_pipe *p,
+			       struct torture_context *tctx,
+			       const char *our_netbios_name,
+			       const char *our_dns_name,
+			       enum netr_SchannelType secure_channel_type,
+			       const struct lsa_TrustDomainInfoInfoEx *trusted,
+			       const char *previous_password,
+			       const char *current_password,
+			       uint32_t current_version,
+			       const char *next_password,
+			       uint32_t next_version,
+			       bool expected_result)
+{
+	struct cli_credentials *incoming_creds;
+	char *server_name = NULL;
+	char *account = NULL;
+	char *principal = NULL;
+	char *workstation = NULL;
+	const char *binding = torture_setting_string(tctx, "binding", NULL);
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *ip;
+	struct nbt_name nbt_name;
+	struct dcerpc_binding *b2;
+	struct netlogon_creds_CredentialState *creds;
+	struct samr_CryptPassword samr_crypt_password;
+	struct netr_CryptPassword netr_crypt_password;
+	struct netr_Authenticator req_auth;
+	struct netr_Authenticator rep_auth;
+	struct netr_ServerPasswordSet2 s;
+	struct dcerpc_pipe *p1 = NULL;
+	struct dcerpc_pipe *p2 = NULL;
+	NTSTATUS status;
+	bool ok;
+	int rc;
+	const char *trusted_netbios_name = trusted->netbios_name.string;
+	const char *trusted_dns_name = trusted->domain_name.string;
+	struct tsocket_address *dest_addr;
+	struct cldap_socket *cldap;
+	struct cldap_netlogon cldap1;
+
+	incoming_creds = cli_credentials_init(tctx);
+	torture_assert(tctx, incoming_creds, "cli_credentials_init");
+
+	cli_credentials_set_domain(incoming_creds, our_netbios_name, CRED_SPECIFIED);
+	cli_credentials_set_realm(incoming_creds, our_dns_name, CRED_SPECIFIED);
+
+	if (secure_channel_type == SEC_CHAN_DNS_DOMAIN) {
+		account = talloc_asprintf(tctx, "%s.", trusted_dns_name);
+		torture_assert(tctx, account, __location__);
+
+		principal = talloc_asprintf(tctx, "%s$@%s",
+					    trusted_netbios_name,
+					    cli_credentials_get_realm(incoming_creds));
+		torture_assert(tctx, principal, __location__);
+
+		workstation = talloc_asprintf(tctx, "%sUP",
+					      trusted_netbios_name);
+		torture_assert(tctx, workstation, __location__);
+	} else {
+		account = talloc_asprintf(tctx, "%s$", trusted_netbios_name);
+		torture_assert(tctx, account, __location__);
+
+		workstation = talloc_asprintf(tctx, "%sDOWN",
+					      trusted_netbios_name);
+		torture_assert(tctx, workstation, __location__);
+	}
+
+	cli_credentials_set_username(incoming_creds, account, CRED_SPECIFIED);
+	if (principal != NULL) {
+		cli_credentials_set_principal(incoming_creds, principal,
+					      CRED_SPECIFIED);
+	}
+	cli_credentials_set_kvno(incoming_creds, current_version);
+	cli_credentials_set_password(incoming_creds, current_password, CRED_SPECIFIED);
+	cli_credentials_set_old_password(incoming_creds, previous_password, CRED_SPECIFIED);
+	cli_credentials_set_workstation(incoming_creds, workstation, CRED_SPECIFIED);
+	cli_credentials_set_secure_channel_type(incoming_creds, secure_channel_type);
+
+	make_nbt_name_server(&nbt_name, host);
+
+	status = resolve_name_ex(lpcfg_resolve_context(tctx->lp_ctx),
+				 0, 0, &nbt_name, tctx, &ip, tctx->ev);
+	torture_assert_ntstatus_ok(tctx, status,
+			talloc_asprintf(tctx,"Failed to resolve %s: %s",
+					nbt_name.name, nt_errstr(status)));
+
+	rc = tsocket_address_inet_from_strings(tctx, "ip",
+					       ip,
+					       lpcfg_cldap_port(tctx->lp_ctx),
+					       &dest_addr);
+	torture_assert_int_equal(tctx, rc, 0,
+				 talloc_asprintf(tctx,
+						 "tsocket_address_inet_from_strings failed parsing %s:%d",
+						 host, lpcfg_cldap_port(tctx->lp_ctx)));
+
+	/* cldap_socket_init should now know about the dest. address */
+	status = cldap_socket_init(tctx, NULL, dest_addr, &cldap);
+	torture_assert_ntstatus_ok(tctx, status, "cldap_socket_init");
+
+	ZERO_STRUCT(cldap1);
+	cldap1.in.dest_address = NULL;
+	cldap1.in.dest_port = 0;
+	cldap1.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
+	cldap1.in.user = account;
+	if (secure_channel_type == SEC_CHAN_DNS_DOMAIN) {
+		cldap1.in.acct_control = ACB_AUTOLOCK;
+	} else {
+		cldap1.in.acct_control = ACB_DOMTRUST;
+	}
+	status = cldap_netlogon(cldap, tctx, &cldap1);
+	torture_assert_ntstatus_ok(tctx, status, "cldap_netlogon");
+	torture_assert_int_equal(tctx, cldap1.out.netlogon.ntver,
+				 NETLOGON_NT_VERSION_5EX,
+				 "ntver");
+	torture_assert_int_equal(tctx, cldap1.out.netlogon.data.nt5_ex.nt_version,
+				 NETLOGON_NT_VERSION_1 | NETLOGON_NT_VERSION_5EX,
+				 "nt_version");
+	torture_assert_int_equal(tctx, cldap1.out.netlogon.data.nt5_ex.command,
+				 LOGON_SAM_LOGON_RESPONSE_EX,
+				 "command");
+	torture_assert_str_equal(tctx, cldap1.out.netlogon.data.nt5_ex.user_name,
+				 cldap1.in.user,
+				 "user_name");
+	server_name = talloc_asprintf(tctx, "\\\\%s",
+			cldap1.out.netlogon.data.nt5_ex.pdc_dns_name);
+	torture_assert(tctx, server_name, __location__);
+
+	status = dcerpc_parse_binding(tctx, binding, &b2);
+	torture_assert_ntstatus_ok(tctx, status, "Bad binding string");
+
+	status = dcerpc_pipe_connect_b(tctx, &p1, b2,
+				       &ndr_table_netlogon,
+				       cli_credentials_init_anon(tctx),
+				       tctx->ev, tctx->lp_ctx);
+	torture_assert_ntstatus_ok(tctx, status, "dcerpc_pipe_connect_b");
+
+	ok = check_pw_with_ServerAuthenticate3(p1, tctx,
+					       NETLOGON_NEG_AUTH2_ADS_FLAGS | NETLOGON_NEG_SUPPORTS_AES,
+					       server_name,
+					       incoming_creds, &creds);
+	torture_assert_int_equal(tctx, ok, expected_result,
+				 "check_pw_with_ServerAuthenticate3");
+	if (expected_result == true) {
+		ok = test_SetupCredentialsPipe(p1, tctx, incoming_creds, creds,
+					       DCERPC_SIGN | DCERPC_SEAL, &p2);
+		torture_assert_int_equal(tctx, ok, true,
+					 "test_SetupCredentialsPipe");
+	}
+	TALLOC_FREE(p1);
+
+	if (trusted->trust_type != LSA_TRUST_TYPE_DOWNLEVEL) {
+#ifdef SAMBA4_USES_HEIMDAL
+		ok = check_pw_with_krb5(tctx, incoming_creds, trusted);
+		torture_assert_int_equal(tctx, ok, expected_result,
+					 "check_pw_with_krb5");
+#else
+		torture_comment(tctx, "skipping check_pw_with_krb5 for MIT Kerberos build");
+#endif
+	}
+
+	if (expected_result != true || next_password == NULL) {
+		TALLOC_FREE(p2);
+		return true;
+	}
+
+	/*
+	 * netr_ServerPasswordSet2
+	 */
+	ok = encode_pw_buffer(samr_crypt_password.data,
+			      next_password, STR_UNICODE);
+	torture_assert(tctx, ok, "encode_pw_buffer");
+
+	if (next_version != 0) {
+		struct NL_PASSWORD_VERSION version;
+		uint32_t len = IVAL(samr_crypt_password.data, 512);
+		uint32_t ofs = 512 - len;
+		uint8_t *ptr;
+
+		ofs -= 12;
+
+		version.ReservedField = 0;
+		version.PasswordVersionNumber = next_version;
+		version.PasswordVersionPresent =
+			NETLOGON_PASSWORD_VERSION_NUMBER_PRESENT;
+
+		ptr = samr_crypt_password.data + ofs;
+		SIVAL(ptr, 0, version.ReservedField);
+		SIVAL(ptr, 4, version.PasswordVersionNumber);
+		SIVAL(ptr, 8, version.PasswordVersionPresent);
+	}
+
+	netlogon_creds_client_authenticator(creds, &req_auth);
+	ZERO_STRUCT(rep_auth);
+
+	if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+		netlogon_creds_aes_encrypt(creds,
+					   samr_crypt_password.data,
+					   516);
+	} else {
+		netlogon_creds_arcfour_crypt(creds,
+					     samr_crypt_password.data,
+					     516);
+	}
+
+	memcpy(netr_crypt_password.data,
+	       samr_crypt_password.data, 512);
+	netr_crypt_password.length = IVAL(samr_crypt_password.data, 512);
+
+
+	s.in.server_name = server_name;
+	s.in.account_name = cli_credentials_get_username(incoming_creds);
+	s.in.secure_channel_type = cli_credentials_get_secure_channel_type(incoming_creds);
+	s.in.computer_name = cli_credentials_get_workstation(incoming_creds);
+	s.in.credential = &req_auth;
+	s.in.new_password = &netr_crypt_password;
+	s.out.return_authenticator = &rep_auth;
+	status = dcerpc_netr_ServerPasswordSet2_r(p2->binding_handle, tctx, &s);
+	torture_assert_ntstatus_ok(tctx, status, "failed to set password");
+
+	ok = netlogon_creds_client_check(creds, &rep_auth.cred);
+	torture_assert(tctx, ok, "netlogon_creds_client_check");
+
+	cli_credentials_set_kvno(incoming_creds, next_version);
+	cli_credentials_set_password(incoming_creds, next_password, CRED_SPECIFIED);
+	cli_credentials_set_old_password(incoming_creds, current_password, CRED_SPECIFIED);
+
+	TALLOC_FREE(p2);
+	status = dcerpc_pipe_connect_b(tctx, &p2, b2,
+				       &ndr_table_netlogon,
+				       cli_credentials_init_anon(tctx),
+				       tctx->ev, tctx->lp_ctx);
+	torture_assert_ntstatus_ok(tctx, status, "dcerpc_pipe_connect_b");
+
+	ok = check_pw_with_ServerAuthenticate3(p2, tctx,
+					       NETLOGON_NEG_AUTH2_ADS_FLAGS | NETLOGON_NEG_SUPPORTS_AES,
+					       server_name,
+					       incoming_creds, &creds);
+	torture_assert(tctx, ok, "check_pw_with_ServerAuthenticate3 with changed password");
+
+	if (trusted->trust_type != LSA_TRUST_TYPE_DOWNLEVEL) {
+#if SAMBA4_USES_HEIMDAL
+		ok = check_pw_with_krb5(tctx, incoming_creds, trusted);
+		torture_assert(tctx, ok, "check_pw_with_krb5 with changed password");
+#else
+		torture_comment(tctx, "skipping check_pw_with_krb5 for MIT Kerberos build");
+#endif
+	}
+
+	TALLOC_FREE(p2);
+	return true;
+}
+
+static bool test_CreateTrustedDomainEx_common(struct dcerpc_pipe *p,
+					      struct torture_context *tctx,
+					      struct policy_handle *handle,
+					      uint32_t num_trusts,
+					      bool ex2_call)
+{
+	NTSTATUS status;
+	bool ret = true;
+	struct lsa_QueryInfoPolicy2 p2;
+	union lsa_PolicyInformation *our_info = NULL;
+	struct lsa_CreateTrustedDomainEx r;
+	struct lsa_CreateTrustedDomainEx2 r2;
+	struct lsa_TrustDomainInfoInfoEx trustinfo;
+	struct lsa_TrustDomainInfoAuthInfoInternal *authinfo_internal = NULL;
+	struct lsa_TrustDomainInfoAuthInfo *authinfo = NULL;
+	struct dom_sid **domsid;
+	struct policy_handle *trustdom_handle;
+	struct lsa_QueryTrustedDomainInfo q;
+	union lsa_TrustedDomainInfo *info = NULL;
+	DATA_BLOB session_key;
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	const char *id;
+	const char *incoming_v00 = TRUSTPW "InV00";
+	const char *incoming_v0 = TRUSTPW "InV0";
+	const char *incoming_v1 = TRUSTPW "InV1";
+	const char *incoming_v2 = TRUSTPW "InV2";
+	const char *incoming_v40 = TRUSTPW "InV40";
+	const char *outgoing_v00 = TRUSTPW "OutV00";
+	const char *outgoing_v0 = TRUSTPW "OutV0";
+
+	if (ex2_call) {
+		torture_comment(tctx, "\nTesting CreateTrustedDomainEx2 for %d domains\n", num_trusts);
+		id = "3";
+	} else {
+		torture_comment(tctx, "\nTesting CreateTrustedDomainEx for %d domains\n", num_trusts);
+		id = "2";
+	}
+
+	domsid = talloc_array(tctx, struct dom_sid *, num_trusts);
+	trustdom_handle = talloc_array(tctx, struct policy_handle, num_trusts);
+
+	status = dcerpc_fetch_session_key(p, &session_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "dcerpc_fetch_session_key failed - %s\n", nt_errstr(status));
+		return false;
+	}
+
+	ZERO_STRUCT(p2);
+	p2.in.handle = handle;
+	p2.in.level = LSA_POLICY_INFO_DNS;
+	p2.out.info = &our_info;
+
+	torture_assert_ntstatus_ok(tctx,
+				dcerpc_lsa_QueryInfoPolicy2_r(b, tctx, &p2),
+				"lsa_QueryInfoPolicy2 failed");
+	torture_assert_ntstatus_ok(tctx, p2.out.result,
+				"lsa_QueryInfoPolicy2 failed");
+	torture_assert(tctx, our_info != NULL, "lsa_QueryInfoPolicy2 our_info");
+
+	for (i=0; i< num_trusts; i++) {
+		char *trust_name = talloc_asprintf(tctx, "TORTURE%s%02d", id, i);
+		char *trust_name_dns = talloc_asprintf(tctx, "torturedom%s%02d.samba._none_.example.com", id, i);
+		char *trust_sid = talloc_asprintf(tctx, "S-1-5-21-97398-379795-%s%02d", id, i);
+		bool ok;
+
+		domsid[i] = dom_sid_parse_talloc(tctx, trust_sid);
+
+		trustinfo.sid = domsid[i];
+		trustinfo.netbios_name.string = trust_name;
+		trustinfo.domain_name.string = trust_name_dns;
+
+		/* Create inbound, some outbound, and some
+		 * bi-directional trusts in a repeating pattern based
+		 * on i */
+
+		/* 1 == inbound, 2 == outbound, 3 == both */
+		trustinfo.trust_direction = (i % 3) + 1;
+
+		/* Try different trust types too */
+
+		/* 1 == downlevel (NT4), 2 == uplevel (ADS), 3 == MIT (kerberos but not AD) */
+		trustinfo.trust_type = (((i / 3) + 1) % 3) + 1;
+
+		trustinfo.trust_attributes = LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION;
+
+		ok = gen_authinfo_internal(tctx, incoming_v00, incoming_v0,
+				  outgoing_v00, outgoing_v0,
+				  session_key, &authinfo_internal);
+		if (!ok) {
+			torture_comment(tctx, "gen_authinfo_internal failed");
+			ret = false;
+		}
+
+		ok = gen_authinfo(tctx, incoming_v00, incoming_v0,
+				  outgoing_v00, outgoing_v0,
+				  &authinfo);
+		if (!ok) {
+			torture_comment(tctx, "gen_authinfonfo failed");
+			ret = false;
+		}
+
+		if (ex2_call) {
+
+			r2.in.policy_handle = handle;
+			r2.in.info = &trustinfo;
+			r2.in.auth_info_internal = authinfo_internal;
+			r2.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+			r2.out.trustdom_handle = &trustdom_handle[i];
+
+			torture_assert_ntstatus_ok(tctx,
+				dcerpc_lsa_CreateTrustedDomainEx2_r(b, tctx, &r2),
+				"CreateTrustedDomainEx2 failed");
+
+			status = r2.out.result;
+		} else {
+
+			r.in.policy_handle = handle;
+			r.in.info = &trustinfo;
+			r.in.auth_info = authinfo;
+			r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+			r.out.trustdom_handle = &trustdom_handle[i];
+
+			torture_assert_ntstatus_ok(tctx,
+				dcerpc_lsa_CreateTrustedDomainEx_r(b, tctx, &r),
+				"CreateTrustedDomainEx failed");
+
+			status = r.out.result;
+		}
+
+		if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_COLLISION)) {
+			test_DeleteTrustedDomain(b, tctx, handle, trustinfo.netbios_name);
+			if (ex2_call) {
+				torture_assert_ntstatus_ok(tctx,
+					dcerpc_lsa_CreateTrustedDomainEx2_r(b, tctx, &r2),
+					"CreateTrustedDomainEx2 failed");
+				status = r2.out.result;
+			} else {
+				torture_assert_ntstatus_ok(tctx,
+					dcerpc_lsa_CreateTrustedDomainEx_r(b, tctx, &r),
+					"CreateTrustedDomainEx2 failed");
+				status = r.out.result;
+			}
+		}
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_comment(tctx, "CreateTrustedDomainEx failed2 - %s\n", nt_errstr(status));
+			ret = false;
+		} else {
+			/* For outbound and MIT trusts there is no trust account */
+			if (trustinfo.trust_direction != 2 &&
+			    trustinfo.trust_type != 3) {
+
+				if (torture_setting_bool(tctx, "samba3", false)) {
+					torture_comment(tctx, "skipping trusted domain auth tests against samba3\n");
+				} else if (ex2_call == false &&
+					   torture_setting_bool(tctx, "samba4", false)) {
+					torture_comment(tctx, "skipping CreateTrustedDomainEx trusted domain auth tests against samba4\n");
+
+				} else {
+					ok = check_dom_trust_pw(p, tctx,
+								our_info->dns.name.string,
+								our_info->dns.dns_domain.string,
+								SEC_CHAN_DOMAIN,
+								&trustinfo,
+								NULL,
+								"x" TRUSTPW "x", 0,
+								NULL, 0,
+								false);
+					if (!ok) {
+						torture_comment(tctx, "Password check passed unexpectedly\n");
+						ret = false;
+					}
+					ok = check_dom_trust_pw(p, tctx,
+								our_info->dns.name.string,
+								our_info->dns.dns_domain.string,
+								SEC_CHAN_DOMAIN,
+								&trustinfo,
+								incoming_v00,
+								incoming_v0, 0,
+								incoming_v1, 1,
+								true);
+					if (!ok) {
+						torture_comment(tctx, "Password check failed (SEC_CHAN_DOMAIN)\n");
+						ret = false;
+					}
+					ok = check_dom_trust_pw(p, tctx,
+								our_info->dns.name.string,
+								our_info->dns.dns_domain.string,
+								SEC_CHAN_DNS_DOMAIN,
+								&trustinfo,
+								incoming_v0,
+								incoming_v1, 1,
+								incoming_v2, 2,
+								true);
+					if (!ok) {
+						torture_comment(tctx, "Password check failed v2 (SEC_CHAN_DNS_DOMAIN)\n");
+						ret = false;
+					}
+					ok = check_dom_trust_pw(p, tctx,
+								our_info->dns.name.string,
+								our_info->dns.dns_domain.string,
+								SEC_CHAN_DNS_DOMAIN,
+								&trustinfo,
+								incoming_v1,
+								incoming_v2, 2,
+								incoming_v40, 40,
+								true);
+					if (!ok) {
+						torture_comment(tctx, "Password check failed v4 (SEC_CHAN_DNS_DOMAIN)\n");
+						ret = false;
+					}
+				}
+			}
+
+			q.in.trustdom_handle = &trustdom_handle[i];
+			q.in.level = LSA_TRUSTED_DOMAIN_INFO_INFO_EX;
+			q.out.info = &info;
+			torture_assert_ntstatus_ok(tctx, dcerpc_lsa_QueryTrustedDomainInfo_r(b, tctx, &q),
+				"QueryTrustedDomainInfo failed");
+			if (!NT_STATUS_IS_OK(q.out.result)) {
+				torture_comment(tctx, "QueryTrustedDomainInfo level 1 failed - %s\n", nt_errstr(q.out.result));
+				ret = false;
+			} else if (!q.out.info) {
+				torture_comment(tctx, "QueryTrustedDomainInfo level 1 failed to return an info pointer\n");
+				ret = false;
+			} else {
+				if (strcmp(info->info_ex.domain_name.string, trustinfo.domain_name.string) != 0) {
+					torture_comment(tctx, "QueryTrustedDomainInfo returned inconsistent long name: %s != %s\n",
+					       info->info_ex.domain_name.string, trustinfo.domain_name.string);
+					ret = false;
+				}
+				if (strcmp(info->info_ex.netbios_name.string, trustinfo.netbios_name.string) != 0) {
+					torture_comment(tctx, "QueryTrustedDomainInfo returned inconsistent short name: %s != %s\n",
+					       info->info_ex.netbios_name.string, trustinfo.netbios_name.string);
+					ret = false;
+				}
+				if (info->info_ex.trust_type != trustinfo.trust_type) {
+					torture_comment(tctx, "QueryTrustedDomainInfo of %s returned incorrect trust type %d != %d\n",
+					       trust_name, info->info_ex.trust_type, trustinfo.trust_type);
+					ret = false;
+				}
+				if (info->info_ex.trust_attributes != LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION) {
+					torture_comment(tctx, "QueryTrustedDomainInfo of %s returned incorrect trust attributes %d != %d\n",
+					       trust_name, info->info_ex.trust_attributes, LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION);
+					ret = false;
+				}
+				if (info->info_ex.trust_direction != trustinfo.trust_direction) {
+					torture_comment(tctx, "QueryTrustedDomainInfo of %s returned incorrect trust direction %d != %d\n",
+					       trust_name, info->info_ex.trust_direction, trustinfo.trust_direction);
+					ret = false;
+				}
+			}
+		}
+	}
+
+	/* now that we have some domains to look over, we can test the enum calls */
+	if (!test_EnumTrustDom(b, tctx, handle)) {
+		torture_comment(tctx, "test_EnumTrustDom failed\n");
+		ret = false;
+	}
+
+	if (!test_EnumTrustDomEx(b, tctx, handle)) {
+		torture_comment(tctx, "test_EnumTrustDomEx failed\n");
+		ret = false;
+	}
+
+	for (i=0; i<num_trusts; i++) {
+		if (!test_DeleteTrustedDomainBySid(b, tctx, handle, domsid[i])) {
+			torture_comment(tctx, "test_DeleteTrustedDomainBySid failed\n");
+			ret = false;
+		}
+	}
+
+	return ret;
+}
+
+static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p,
+					struct torture_context *tctx,
+					struct policy_handle *handle,
+					uint32_t num_trusts)
+{
+	return test_CreateTrustedDomainEx_common(p, tctx, handle, num_trusts, true);
+}
+
+static bool test_CreateTrustedDomainEx(struct dcerpc_pipe *p,
+				       struct torture_context *tctx,
+				       struct policy_handle *handle,
+				       uint32_t num_trusts)
+{
+	return test_CreateTrustedDomainEx_common(p, tctx, handle, num_trusts, false);
+}
+
+static bool test_QueryDomainInfoPolicy(struct dcerpc_binding_handle *b,
+				 struct torture_context *tctx,
+				 struct policy_handle *handle)
+{
+	struct lsa_QueryDomainInformationPolicy r;
+	union lsa_DomainInformationPolicy *info = NULL;
+	int i;
+	bool ret = true;
+
+	if (torture_setting_bool(tctx, "samba3", false)) {
+		torture_skip(tctx, "skipping QueryDomainInformationPolicy test\n");
+	}
+
+	torture_comment(tctx, "\nTesting QueryDomainInformationPolicy\n");
+
+	for (i=2;i<4;i++) {
+		r.in.handle = handle;
+		r.in.level = i;
+		r.out.info = &info;
+
+		torture_comment(tctx, "\nTrying QueryDomainInformationPolicy level %d\n", i);
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_QueryDomainInformationPolicy_r(b, tctx, &r),
+			"QueryDomainInformationPolicy failed");
+
+		/* If the server does not support EFS, then this is the correct return */
+		if (i == LSA_DOMAIN_INFO_POLICY_EFS && NT_STATUS_EQUAL(r.out.result, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+			continue;
+		} else if (!NT_STATUS_IS_OK(r.out.result)) {
+			torture_comment(tctx, "QueryDomainInformationPolicy failed - %s\n", nt_errstr(r.out.result));
+			ret = false;
+			continue;
+		}
+	}
+
+	return ret;
+}
+
+
+static bool test_QueryInfoPolicyCalls(	bool version2,
+					struct dcerpc_binding_handle *b,
+					struct torture_context *tctx,
+					struct policy_handle *handle)
+{
+	struct lsa_QueryInfoPolicy r;
+	union lsa_PolicyInformation *info = NULL;
+	int i;
+	bool ret = true;
+	const char *call = talloc_asprintf(tctx, "QueryInfoPolicy%s", version2 ? "2":"");
+
+	torture_comment(tctx, "\nTesting %s\n", call);
+
+	if (version2 && torture_setting_bool(tctx, "samba3", false)) {
+		torture_skip(tctx, "skipping QueryInfoPolicy2 tests\n");
+	}
+
+	for (i=1;i<=14;i++) {
+		r.in.handle = handle;
+		r.in.level = i;
+		r.out.info = &info;
+
+		torture_comment(tctx, "\nTrying %s level %d\n", call, i);
+
+		if (version2)
+			/* We can perform the cast, because both types are
+			   structurally equal */
+			torture_assert_ntstatus_ok(tctx, dcerpc_lsa_QueryInfoPolicy2_r(b, tctx,
+				 (struct lsa_QueryInfoPolicy2*) &r),
+				 "QueryInfoPolicy2 failed");
+		else
+			torture_assert_ntstatus_ok(tctx, dcerpc_lsa_QueryInfoPolicy_r(b, tctx, &r),
+				"QueryInfoPolicy2 failed");
+
+		switch (i) {
+		case LSA_POLICY_INFO_MOD:
+		case LSA_POLICY_INFO_AUDIT_FULL_SET:
+		case LSA_POLICY_INFO_AUDIT_FULL_QUERY:
+			if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_INVALID_PARAMETER)) {
+				torture_comment(tctx, "Server should have failed level %u: %s\n", i, nt_errstr(r.out.result));
+				ret = false;
+			}
+			break;
+		case LSA_POLICY_INFO_DOMAIN:
+		case LSA_POLICY_INFO_ACCOUNT_DOMAIN:
+		case LSA_POLICY_INFO_REPLICA:
+		case LSA_POLICY_INFO_QUOTA:
+		case LSA_POLICY_INFO_ROLE:
+		case LSA_POLICY_INFO_AUDIT_LOG:
+		case LSA_POLICY_INFO_AUDIT_EVENTS:
+		case LSA_POLICY_INFO_PD:
+			if (!NT_STATUS_IS_OK(r.out.result)) {
+				torture_comment(tctx, "%s failed - %s\n", call, nt_errstr(r.out.result));
+				ret = false;
+			}
+			break;
+		case LSA_POLICY_INFO_L_ACCOUNT_DOMAIN:
+		case LSA_POLICY_INFO_DNS_INT:
+		case LSA_POLICY_INFO_DNS:
+			if (torture_setting_bool(tctx, "samba3", false)) {
+				/* Other levels not implemented yet */
+				if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_INVALID_INFO_CLASS)) {
+					torture_comment(tctx, "%s failed - %s\n", call, nt_errstr(r.out.result));
+					ret = false;
+				}
+			} else if (!NT_STATUS_IS_OK(r.out.result)) {
+				torture_comment(tctx, "%s failed - %s\n", call, nt_errstr(r.out.result));
+				ret = false;
+			}
+			break;
+		default:
+			if (torture_setting_bool(tctx, "samba4", false)) {
+				/* Other levels not implemented yet */
+				if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_INVALID_INFO_CLASS)) {
+					torture_comment(tctx, "%s failed - %s\n", call, nt_errstr(r.out.result));
+					ret = false;
+				}
+			} else if (!NT_STATUS_IS_OK(r.out.result)) {
+				torture_comment(tctx, "%s failed - %s\n", call, nt_errstr(r.out.result));
+				ret = false;
+			}
+			break;
+		}
+
+		if (NT_STATUS_IS_OK(r.out.result) && (i == LSA_POLICY_INFO_DNS
+			|| i == LSA_POLICY_INFO_DNS_INT)) {
+			/* Let's look up some of these names */
+
+			struct lsa_TransNameArray tnames, dnames;
+			tnames.count = 14;
+			tnames.names = talloc_zero_array(tctx, struct lsa_TranslatedName, tnames.count);
+			tnames.names[0].name.string = info->dns.name.string;
+			tnames.names[0].sid_type = SID_NAME_DOMAIN;
+			tnames.names[1].name.string = info->dns.dns_domain.string;
+			tnames.names[1].sid_type = SID_NAME_DOMAIN;
+			tnames.names[2].name.string = talloc_asprintf(tctx, "%s\\", info->dns.name.string);
+			tnames.names[2].sid_type = SID_NAME_DOMAIN;
+			tnames.names[3].name.string = talloc_asprintf(tctx, "%s\\", info->dns.dns_domain.string);
+			tnames.names[3].sid_type = SID_NAME_DOMAIN;
+			tnames.names[4].name.string = talloc_asprintf(tctx, "%s\\guest", info->dns.name.string);
+			tnames.names[4].sid_type = SID_NAME_USER;
+			tnames.names[5].name.string = talloc_asprintf(tctx, "%s\\krbtgt", info->dns.name.string);
+			tnames.names[5].sid_type = SID_NAME_USER;
+			tnames.names[6].name.string = talloc_asprintf(tctx, "%s\\guest", info->dns.dns_domain.string);
+			tnames.names[6].sid_type = SID_NAME_USER;
+			tnames.names[7].name.string = talloc_asprintf(tctx, "%s\\krbtgt", info->dns.dns_domain.string);
+			tnames.names[7].sid_type = SID_NAME_USER;
+			tnames.names[8].name.string = talloc_asprintf(tctx, "krbtgt@%s", info->dns.name.string);
+			tnames.names[8].sid_type = SID_NAME_USER;
+			tnames.names[9].name.string = talloc_asprintf(tctx, "krbtgt@%s", info->dns.dns_domain.string);
+			tnames.names[9].sid_type = SID_NAME_USER;
+			tnames.names[10].name.string = talloc_asprintf(tctx, "%s\\"TEST_MACHINENAME "$", info->dns.name.string);
+			tnames.names[10].sid_type = SID_NAME_USER;
+			tnames.names[11].name.string = talloc_asprintf(tctx, "%s\\"TEST_MACHINENAME "$", info->dns.dns_domain.string);
+			tnames.names[11].sid_type = SID_NAME_USER;
+			tnames.names[12].name.string = talloc_asprintf(tctx, TEST_MACHINENAME "$@%s", info->dns.name.string);
+			tnames.names[12].sid_type = SID_NAME_USER;
+			tnames.names[13].name.string = talloc_asprintf(tctx, TEST_MACHINENAME "$@%s", info->dns.dns_domain.string);
+			tnames.names[13].sid_type = SID_NAME_USER;
+			ret &= test_LookupNames(b, tctx, handle, LSA_LOOKUP_NAMES_ALL, &tnames);
+
+			/* Try to use in-forest search for the test machine */
+			dnames.count = 1;
+			dnames.names = talloc_zero_array(tctx, struct lsa_TranslatedName, dnames.count);
+			dnames.names[0].name.string = talloc_asprintf(tctx, "%s\\"TEST_MACHINENAME "$", info->dns.name.string);
+			dnames.names[0].sid_type = SID_NAME_USER;
+			ret &= test_LookupNames(b, tctx, handle, LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2, &dnames);
+		}
+	}
+
+	return ret;
+}
+
+static bool test_QueryInfoPolicy(struct dcerpc_binding_handle *b,
+				 struct torture_context *tctx,
+				 struct policy_handle *handle)
+{
+	return test_QueryInfoPolicyCalls(false, b, tctx, handle);
+}
+
+static bool test_QueryInfoPolicy2(struct dcerpc_binding_handle *b,
+				  struct torture_context *tctx,
+				  struct policy_handle *handle)
+{
+	return test_QueryInfoPolicyCalls(true, b, tctx, handle);
+}
+
+static bool test_GetUserName(struct dcerpc_binding_handle *b,
+			     struct torture_context *tctx)
+{
+	struct lsa_GetUserName r;
+	struct lsa_String *authority_name_p = NULL;
+	struct lsa_String *account_name_p = NULL;
+
+	torture_comment(tctx, "\nTesting GetUserName\n");
+
+	r.in.system_name	= "\\";
+	r.in.account_name	= &account_name_p;
+	r.in.authority_name	= NULL;
+	r.out.account_name	= &account_name_p;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_GetUserName_r(b, tctx, &r),
+		"GetUserName failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+		"GetUserName result failed");
+	torture_assert_not_null(tctx, r.out.account_name, "r.out.account_name");
+	torture_assert_not_null(tctx, *r.out.account_name, "*r.out.account_name");
+	torture_assert(tctx, r.out.authority_name == NULL, "r.out.authority_name");
+
+	account_name_p = NULL;
+	r.in.account_name	= &account_name_p;
+	r.in.authority_name	= &authority_name_p;
+	r.out.account_name	= &account_name_p;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_GetUserName_r(b, tctx, &r),
+		"GetUserName failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+		"GetUserName result failed");
+	torture_assert_not_null(tctx, r.out.account_name, "r.out.account_name");
+	torture_assert_not_null(tctx, *r.out.account_name, "*r.out.account_name");
+	torture_assert_not_null(tctx, r.out.authority_name, "r.out.authority_name");
+	torture_assert_not_null(tctx, *r.out.authority_name, "*r.out.authority_name");
+
+	torture_comment(tctx,
+			"Account Name: %s, Authority Name: %s\n",
+			(*r.out.account_name)->string,
+			(*r.out.authority_name)->string);
+
+	return true;
+}
+
+static bool test_GetUserName_fail(struct dcerpc_binding_handle *b,
+				  struct torture_context *tctx)
+{
+	struct lsa_GetUserName r;
+	struct lsa_String *account_name_p = NULL;
+	NTSTATUS status;
+
+	torture_comment(tctx, "\nTesting GetUserName_fail\n");
+
+	r.in.system_name	= "\\";
+	r.in.account_name	= &account_name_p;
+	r.in.authority_name	= NULL;
+	r.out.account_name	= &account_name_p;
+
+	status = dcerpc_lsa_GetUserName_r(b, tctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+			torture_comment(tctx,
+					"GetUserName correctly returned with "
+					"status: %s\n",
+					nt_errstr(status));
+			return true;
+		}
+
+		torture_assert_ntstatus_equal(tctx,
+					      status,
+					      NT_STATUS_ACCESS_DENIED,
+					      "GetUserName return value should "
+					      "be ACCESS_DENIED");
+		return true;
+	}
+
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_ACCESS_DENIED) ||
+		    NT_STATUS_EQUAL(r.out.result, NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED)) {
+			torture_comment(tctx,
+					"GetUserName correctly returned with "
+					"result: %s\n",
+					nt_errstr(r.out.result));
+			return true;
+		}
+	}
+
+	torture_assert_ntstatus_equal(tctx,
+				      r.out.result,
+				      NT_STATUS_OK,
+				      "GetUserName return value should be "
+				      "ACCESS_DENIED");
+
+	return false;
+}
+
+bool test_lsa_Close(struct dcerpc_binding_handle *b,
+		    struct torture_context *tctx,
+		    struct policy_handle *handle)
+{
+	struct lsa_Close r;
+	struct policy_handle handle2;
+
+	torture_comment(tctx, "\nTesting Close\n");
+
+	r.in.handle = handle;
+	r.out.handle = &handle2;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_Close_r(b, tctx, &r),
+		"Close failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+		"Close failed");
+
+	torture_assert_ntstatus_equal(tctx, dcerpc_lsa_Close_r(b, tctx, &r),
+		NT_STATUS_RPC_SS_CONTEXT_MISMATCH, "Close should failed");
+
+	torture_comment(tctx, "\n");
+
+	return true;
+}
+
+bool torture_rpc_lsa(struct torture_context *tctx)
+{
+        NTSTATUS status;
+        struct dcerpc_pipe *p;
+	bool ret = true;
+	struct policy_handle *handle = NULL;
+	struct test_join *join = NULL;
+	struct cli_credentials *machine_creds;
+	struct dcerpc_binding_handle *b;
+	enum dcerpc_transport_t transport;
+
+	status = torture_rpc_connection(tctx, &p, &ndr_table_lsarpc);
+	torture_assert_ntstatus_ok(tctx, status, "Error connecting to server");
+
+	b = p->binding_handle;
+	transport = dcerpc_binding_get_transport(p->binding);
+
+	/* Test lsaLookupSids3 and lsaLookupNames4 over tcpip */
+	if (transport == NCACN_IP_TCP) {
+		if (!test_OpenPolicy_fail(b, tctx)) {
+			ret = false;
+		}
+
+		if (!test_OpenPolicy2_fail(b, tctx)) {
+			ret = false;
+		}
+
+		if (!test_OpenPolicy3_fail(b, tctx)) {
+			ret = false;
+		}
+
+		if (!test_many_LookupSids(p, tctx, handle, LSA_LOOKUP_NAMES_ALL)) {
+			ret = false;
+		}
+
+		return ret;
+	}
+
+	if (!test_OpenPolicy(b, tctx)) {
+		ret = false;
+	}
+
+	if (!test_lsa_OpenPolicy2(b, tctx, &handle)) {
+		ret = false;
+	}
+
+	if (!test_lsa_OpenPolicy3(b, tctx, &handle)) {
+		ret = false;
+	}
+
+	if (handle) {
+		join = torture_join_domain(tctx, TEST_MACHINENAME, ACB_WSTRUST, &machine_creds);
+		if (!join) {
+			ret = false;
+		}
+
+		if (!test_LookupSids_async(b, tctx, handle, LSA_LOOKUP_NAMES_ALL)) {
+			ret = false;
+		}
+
+		if (!test_QueryDomainInfoPolicy(b, tctx, handle)) {
+			ret = false;
+		}
+
+		if (!test_CreateSecret(p, tctx, handle)) {
+			ret = false;
+		}
+
+		if (!test_QueryInfoPolicy(b, tctx, handle)) {
+			ret = false;
+		}
+
+		if (!test_QueryInfoPolicy2(b, tctx, handle)) {
+			ret = false;
+		}
+
+		if (!test_Delete(b, tctx, handle)) {
+			ret = false;
+		}
+
+		if (!test_many_LookupSids(p, tctx, handle, LSA_LOOKUP_NAMES_ALL)) {
+			ret = false;
+		}
+
+		if (!test_lsa_Close(b, tctx, handle)) {
+			ret = false;
+		}
+
+		torture_leave_domain(tctx, join);
+
+	} else {
+		if (!test_many_LookupSids(p, tctx, handle, LSA_LOOKUP_NAMES_ALL)) {
+			ret = false;
+		}
+	}
+
+	if (!test_GetUserName(b, tctx)) {
+		ret = false;
+	}
+
+	return ret;
+}
+
+bool torture_rpc_lsa_get_user(struct torture_context *tctx)
+{
+        NTSTATUS status;
+        struct dcerpc_pipe *p;
+	bool ret = true;
+	struct dcerpc_binding_handle *b;
+	enum dcerpc_transport_t transport;
+
+	status = torture_rpc_connection(tctx, &p, &ndr_table_lsarpc);
+	torture_assert_ntstatus_ok(tctx, status, "Error connecting to server");
+
+	b = p->binding_handle;
+	transport = dcerpc_binding_get_transport(p->binding);
+
+	if (transport == NCACN_IP_TCP) {
+		if (!test_GetUserName_fail(b, tctx)) {
+			ret = false;
+		}
+		return ret;
+	}
+
+	if (!test_GetUserName(b, tctx)) {
+		ret = false;
+	}
+
+	return ret;
+}
+
+static bool testcase_LookupNames(struct torture_context *tctx,
+				 struct dcerpc_pipe *p)
+{
+	bool ret = true;
+	struct policy_handle *handle;
+	struct lsa_TransNameArray tnames;
+	struct lsa_TransNameArray2 tnames2;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	enum dcerpc_transport_t transport = dcerpc_binding_get_transport(p->binding);
+
+	if (transport != NCACN_NP && transport != NCALRPC) {
+		torture_comment(tctx, "testcase_LookupNames is only available "
+				"over NCACN_NP or NCALRPC");
+		return true;
+	}
+
+	if (!test_OpenPolicy(b, tctx)) {
+		ret = false;
+	}
+
+	if (!test_lsa_OpenPolicy2(b, tctx, &handle)) {
+		ret = false;
+	}
+
+	if (!handle) {
+		ret = false;
+	}
+
+	tnames.count = 1;
+	tnames.names = talloc_array(tctx, struct lsa_TranslatedName, tnames.count);
+	ZERO_STRUCT(tnames.names[0]);
+	tnames.names[0].name.string = "BUILTIN";
+	tnames.names[0].sid_type = SID_NAME_DOMAIN;
+
+	if (!test_LookupNames(b, tctx, handle, LSA_LOOKUP_NAMES_ALL, &tnames)) {
+		ret = false;
+	}
+
+	tnames2.count = 1;
+	tnames2.names = talloc_array(tctx, struct lsa_TranslatedName2, tnames2.count);
+	ZERO_STRUCT(tnames2.names[0]);
+	tnames2.names[0].name.string = "BUILTIN";
+	tnames2.names[0].sid_type = SID_NAME_DOMAIN;
+
+	if (!test_LookupNames2(b, tctx, handle, LSA_LOOKUP_NAMES_ALL, &tnames2, true)) {
+		ret = false;
+	}
+
+	if (!test_LookupNames3(b, tctx, handle, LSA_LOOKUP_NAMES_ALL, &tnames2, true)) {
+		ret = false;
+	}
+
+	if (!test_LookupNames_wellknown(b, tctx, handle, LSA_LOOKUP_NAMES_ALL)) {
+		ret = false;
+	}
+
+	if (!test_LookupNames_NULL(b, tctx, handle, LSA_LOOKUP_NAMES_ALL)) {
+		ret = false;
+	}
+
+	if (!test_LookupNames_bogus(b, tctx, handle, LSA_LOOKUP_NAMES_ALL)) {
+		ret = false;
+	}
+
+	if (!test_lsa_Close(b, tctx, handle)) {
+		ret = false;
+	}
+
+	return ret;
+}
+
+struct torture_suite *torture_rpc_lsa_lookup_names(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite;
+	struct torture_rpc_tcase *tcase;
+
+	suite = torture_suite_create(mem_ctx, "lsa.lookupnames");
+
+	tcase = torture_suite_add_rpc_iface_tcase(suite, "lsa",
+						  &ndr_table_lsarpc);
+	torture_rpc_tcase_add_test(tcase, "LookupNames",
+				   testcase_LookupNames);
+
+	return suite;
+}
+
+struct lsa_trustdom_state {
+	uint32_t num_trusts;
+};
+
+static bool testcase_TrustedDomains(struct torture_context *tctx,
+				    struct dcerpc_pipe *p,
+				    void *data)
+{
+	bool ret = true;
+	struct policy_handle *handle;
+	struct lsa_trustdom_state *state =
+		talloc_get_type_abort(data, struct lsa_trustdom_state);
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	enum dcerpc_transport_t transport = dcerpc_binding_get_transport(p->binding);
+
+	if (transport != NCACN_NP && transport != NCALRPC) {
+		torture_comment(tctx, "testcase_TrustedDomains is only available "
+				"over NCACN_NP or NCALRPC");
+		return true;
+	}
+
+	torture_comment(tctx, "Testing %d domains\n", state->num_trusts);
+
+	if (!test_OpenPolicy(b, tctx)) {
+		ret = false;
+	}
+
+	if (!test_lsa_OpenPolicy2(b, tctx, &handle)) {
+		ret = false;
+	}
+
+	if (!handle) {
+		ret = false;
+	}
+
+	if (!test_CreateTrustedDomain(b, tctx, handle, state->num_trusts)) {
+		ret = false;
+	}
+
+	if (!test_CreateTrustedDomainEx(p, tctx, handle, state->num_trusts)) {
+		ret = false;
+	}
+
+	if (!test_CreateTrustedDomainEx2(p, tctx, handle, state->num_trusts)) {
+		ret = false;
+	}
+
+	if (!test_lsa_Close(b, tctx, handle)) {
+		ret = false;
+	}
+
+	return ret;
+}
+
+struct torture_suite *torture_rpc_lsa_trusted_domains(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite;
+	struct torture_rpc_tcase *tcase;
+	struct lsa_trustdom_state *state;
+
+	state = talloc(mem_ctx, struct lsa_trustdom_state);
+
+	state->num_trusts = 12;
+
+	suite = torture_suite_create(mem_ctx, "lsa.trusted.domains");
+
+	tcase = torture_suite_add_rpc_iface_tcase(suite, "lsa",
+						  &ndr_table_lsarpc);
+	torture_rpc_tcase_add_test_ex(tcase, "TrustedDomains",
+				      testcase_TrustedDomains,
+				      state);
+
+	return suite;
+}
+
+static bool testcase_Privileges(struct torture_context *tctx,
+				struct dcerpc_pipe *p)
+{
+	struct policy_handle *handle;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	enum dcerpc_transport_t transport = dcerpc_binding_get_transport(p->binding);
+
+	if (transport != NCACN_NP && transport != NCALRPC) {
+		torture_skip(tctx, "testcase_Privileges is only available "
+				"over NCACN_NP or NCALRPC");
+	}
+
+	if (!test_OpenPolicy(b, tctx)) {
+		return false;
+	}
+
+	if (!test_lsa_OpenPolicy2(b, tctx, &handle)) {
+		return false;
+	}
+
+	if (!handle) {
+		return false;
+	}
+
+	if (!test_CreateAccount(b, tctx, handle)) {
+		return false;
+	}
+
+	if (!test_EnumAccounts(b, tctx, handle)) {
+		return false;
+	}
+
+	if (!test_EnumPrivs(b, tctx, handle)) {
+		return false;
+	}
+
+	if (!test_lsa_Close(b, tctx, handle)) {
+		return false;
+	}
+
+	return true;
+}
+
+
+struct torture_suite *torture_rpc_lsa_privileges(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite;
+	struct torture_rpc_tcase *tcase;
+
+	suite = torture_suite_create(mem_ctx, "lsa.privileges");
+
+	tcase = torture_suite_add_rpc_iface_tcase(suite, "lsa",
+						  &ndr_table_lsarpc);
+	torture_rpc_tcase_add_test(tcase, "Privileges",
+				   testcase_Privileges);
+
+	return suite;
+}
diff --git a/source4/torture/rpc/lsa_lookup.c b/source4/torture/rpc/lsa_lookup.c
new file mode 100644
index 0000000..f641827
--- /dev/null
+++ b/source4/torture/rpc/lsa_lookup.c
@@ -0,0 +1,428 @@
+/* 
+   Unix SMB/CIFS implementation.
+   test suite for lsa rpc lookup operations
+
+   Copyright (C) Volker Lendecke 2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/rpc/torture_rpc.h"
+#include "librpc/gen_ndr/ndr_lsa_c.h"
+#include "libcli/security/security.h"
+
+static bool open_policy(struct torture_context *tctx,
+			struct dcerpc_binding_handle *b,
+			struct policy_handle **handle)
+{
+	struct lsa_ObjectAttribute attr;
+	struct lsa_QosInfo qos;
+	struct lsa_OpenPolicy2 r;
+
+	*handle = talloc(tctx, struct policy_handle);
+	if (!*handle) {
+		return false;
+	}
+
+	qos.len = 0;
+	qos.impersonation_level = 2;
+	qos.context_mode = 1;
+	qos.effective_only = 0;
+
+	attr.len = 0;
+	attr.root_dir = NULL;
+	attr.object_name = NULL;
+	attr.attributes = 0;
+	attr.sec_desc = NULL;
+	attr.sec_qos = &qos;
+
+	r.in.system_name = "\\";
+	r.in.attr = &attr;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.handle = *handle;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_OpenPolicy2_r(b, tctx, &r),
+		"OpenPolicy2 failed");
+
+	return NT_STATUS_IS_OK(r.out.result);
+}
+
+static bool get_domainsid(struct torture_context *tctx,
+			  struct dcerpc_binding_handle *b,
+			  struct policy_handle *handle,
+			  struct dom_sid **sid)
+{
+	struct lsa_QueryInfoPolicy r;
+	union lsa_PolicyInformation *info = NULL;
+
+	r.in.level = LSA_POLICY_INFO_DOMAIN;
+	r.in.handle = handle;
+	r.out.info = &info;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_QueryInfoPolicy_r(b, tctx, &r),
+		"QueryInfoPolicy failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "QueryInfoPolicy failed");
+
+	*sid = info->domain.sid;
+	return true;
+}
+
+static NTSTATUS lookup_sids(struct torture_context *tctx,
+			    uint16_t level,
+			    struct dcerpc_binding_handle *b,
+			    struct policy_handle *handle,
+			    struct dom_sid **sids, uint32_t num_sids,
+			    struct lsa_TransNameArray *names)
+{
+	struct lsa_LookupSids r;
+	struct lsa_SidArray sidarray;
+	struct lsa_RefDomainList *domains;
+	uint32_t count = 0;
+	uint32_t i;
+	NTSTATUS status;
+
+	names->count = 0;
+	names->names = NULL;
+
+	sidarray.num_sids = num_sids;
+	sidarray.sids = talloc_array(tctx, struct lsa_SidPtr, num_sids);
+
+	for (i=0; i<num_sids; i++) {
+		sidarray.sids[i].sid = sids[i];
+	}
+
+	r.in.handle = handle;
+	r.in.sids = &sidarray;
+	r.in.names = names;
+	r.in.level = level;
+	r.in.count = &count;
+	r.out.names = names;
+	r.out.count = &count;
+	r.out.domains = &domains;
+
+	status = dcerpc_lsa_LookupSids_r(b, tctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+	return r.out.result;
+}
+
+static bool test_lookupsids(struct torture_context *tctx,
+			    struct dcerpc_binding_handle *b,
+			    struct policy_handle *handle,
+			    struct dom_sid **sids, uint32_t num_sids,
+			    int level, NTSTATUS expected_result, 
+			    enum lsa_SidType *types)
+{
+	struct lsa_TransNameArray names;
+	NTSTATUS status;
+	uint32_t i;
+	bool ret = true;
+
+	status = lookup_sids(tctx, level, b, handle, sids, num_sids,
+			     &names);
+	if (!NT_STATUS_EQUAL(status, expected_result)) {
+		printf("For level %d expected %s, got %s\n",
+		       level, nt_errstr(expected_result),
+		       nt_errstr(status));
+		return false;
+	}
+
+	if (!NT_STATUS_EQUAL(status, NT_STATUS_OK) &&
+	    !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
+		return true;
+	}
+
+	for (i=0; i<num_sids; i++) {
+		if (names.names[i].sid_type != types[i]) {
+			printf("In level %d, for sid %s expected %s, "
+			       "got %s\n", level,
+			       dom_sid_string(tctx, sids[i]),
+			       sid_type_lookup(types[i]),
+			       sid_type_lookup(names.names[i].sid_type));
+			ret = false;
+		}
+	}
+	return ret;
+}
+
+static bool get_downleveltrust(struct torture_context *tctx, struct dcerpc_binding_handle *b,
+			       struct policy_handle *handle,
+			       struct dom_sid **sid)
+{
+	struct lsa_EnumTrustDom r;
+	uint32_t resume_handle = 0;
+	struct lsa_DomainList domains;
+	int i;
+
+	r.in.handle = handle;
+	r.in.resume_handle = &resume_handle;
+	r.in.max_size = 1000;
+	r.out.domains = &domains;
+	r.out.resume_handle = &resume_handle;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_EnumTrustDom_r(b, tctx, &r),
+		"EnumTrustDom failed");
+
+	if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NO_MORE_ENTRIES))
+		torture_fail(tctx, "no trusts");
+
+	if (domains.count == 0) {
+		torture_fail(tctx, "no trusts");
+	}
+
+	for (i=0; i<domains.count; i++) {
+		struct lsa_QueryTrustedDomainInfoBySid q;
+		union lsa_TrustedDomainInfo *info = NULL;
+
+		if (domains.domains[i].sid == NULL)
+			continue;
+
+		q.in.handle = handle;
+		q.in.dom_sid = domains.domains[i].sid;
+		q.in.level = 6;
+		q.out.info = &info;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_QueryTrustedDomainInfoBySid_r(b, tctx, &q),
+			"QueryTrustedDomainInfoBySid failed");
+		if (!NT_STATUS_IS_OK(q.out.result)) continue;
+
+		if ((info->info_ex.trust_direction & 2) &&
+		    (info->info_ex.trust_type == 1)) {
+			*sid = domains.domains[i].sid;
+			return true;
+		}
+	}
+
+	torture_fail(tctx, "I need a AD DC with an outgoing trust to NT4");
+}
+
+#define NUM_SIDS 8
+
+bool torture_rpc_lsa_lookup(struct torture_context *torture)
+{
+        NTSTATUS status;
+        struct dcerpc_pipe *p;
+	bool ret = true;
+	struct policy_handle *handle;
+	struct dom_sid *dom_sid = NULL;
+	struct dom_sid *trusted_sid = NULL;
+	struct dom_sid *sids[NUM_SIDS];
+	struct dcerpc_binding_handle *b;
+	enum dcerpc_transport_t transport;
+
+	status = torture_rpc_connection(torture, &p, &ndr_table_lsarpc);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_fail(torture, "unable to connect to table");
+	}
+	b = p->binding_handle;
+	transport = dcerpc_binding_get_transport(p->binding);
+
+	if (transport != NCACN_NP && transport != NCALRPC) {
+		torture_comment(torture,
+				"torture_rpc_lsa_lookup is only available "
+				"over NCACN_NP or NCALRPC");
+		return true;
+	}
+
+	ret &= open_policy(torture, b, &handle);
+	if (!ret) return false;
+
+	ret &= get_domainsid(torture, b, handle, &dom_sid);
+	if (!ret) return false;
+
+	ret &= get_downleveltrust(torture, b, handle, &trusted_sid);
+	if (!ret) return false;
+
+	torture_comment(torture, "domain sid: %s\n", 
+					dom_sid_string(torture, dom_sid));
+
+	sids[0] = dom_sid_parse_talloc(torture, "S-1-1-0");
+	sids[1] = dom_sid_parse_talloc(torture, "S-1-5-4");
+	sids[2] = dom_sid_parse_talloc(torture, "S-1-5-32");
+	sids[3] = dom_sid_parse_talloc(torture, "S-1-5-32-545");
+	sids[4] = dom_sid_dup(torture, dom_sid);
+	sids[5] = dom_sid_add_rid(torture, dom_sid, 512);
+	sids[6] = dom_sid_dup(torture, trusted_sid);
+	sids[7] = dom_sid_add_rid(torture, trusted_sid, 512);
+
+	ret &= test_lookupsids(torture, b, handle, sids, NUM_SIDS, 0,
+			       NT_STATUS_INVALID_PARAMETER, NULL);
+
+	{
+		enum lsa_SidType types[NUM_SIDS] =
+			{ SID_NAME_WKN_GRP, SID_NAME_WKN_GRP, SID_NAME_DOMAIN,
+			  SID_NAME_ALIAS, SID_NAME_DOMAIN, SID_NAME_DOM_GRP,
+			  SID_NAME_DOMAIN, SID_NAME_DOM_GRP };
+
+		ret &= test_lookupsids(torture, b, handle, sids, NUM_SIDS, 1,
+				       NT_STATUS_OK, types);
+	}
+
+	{
+		enum lsa_SidType types[NUM_SIDS] =
+			{ SID_NAME_UNKNOWN, SID_NAME_UNKNOWN,
+			  SID_NAME_UNKNOWN, SID_NAME_UNKNOWN,
+			  SID_NAME_DOMAIN, SID_NAME_DOM_GRP,
+			  SID_NAME_DOMAIN, SID_NAME_DOM_GRP };
+		ret &= test_lookupsids(torture, b, handle, sids, NUM_SIDS, 2,
+				       STATUS_SOME_UNMAPPED, types);
+	}
+
+	{
+		enum lsa_SidType types[NUM_SIDS] =
+			{ SID_NAME_UNKNOWN, SID_NAME_UNKNOWN,
+			  SID_NAME_UNKNOWN, SID_NAME_UNKNOWN,
+			  SID_NAME_DOMAIN, SID_NAME_DOM_GRP,
+			  SID_NAME_UNKNOWN, SID_NAME_UNKNOWN };
+		ret &= test_lookupsids(torture, b, handle, sids, NUM_SIDS, 3,
+				       STATUS_SOME_UNMAPPED, types);
+	}
+
+	{
+		enum lsa_SidType types[NUM_SIDS] =
+			{ SID_NAME_UNKNOWN, SID_NAME_UNKNOWN,
+			  SID_NAME_UNKNOWN, SID_NAME_UNKNOWN,
+			  SID_NAME_DOMAIN, SID_NAME_DOM_GRP,
+			  SID_NAME_UNKNOWN, SID_NAME_UNKNOWN };
+		ret &= test_lookupsids(torture, b, handle, sids, NUM_SIDS, 4,
+				       STATUS_SOME_UNMAPPED, types);
+	}
+
+	ret &= test_lookupsids(torture, b, handle, sids, NUM_SIDS, 5,
+			       NT_STATUS_NONE_MAPPED, NULL);
+
+	{
+		enum lsa_SidType types[NUM_SIDS] =
+			{ SID_NAME_UNKNOWN, SID_NAME_UNKNOWN,
+			  SID_NAME_UNKNOWN, SID_NAME_UNKNOWN,
+			  SID_NAME_DOMAIN, SID_NAME_DOM_GRP,
+			  SID_NAME_UNKNOWN, SID_NAME_UNKNOWN };
+		ret &= test_lookupsids(torture, b, handle, sids, NUM_SIDS, 6,
+				       STATUS_SOME_UNMAPPED, types);
+	}
+
+	ret &= test_lookupsids(torture, b, handle, sids, NUM_SIDS, 7,
+			       NT_STATUS_INVALID_PARAMETER, NULL);
+	ret &= test_lookupsids(torture, b, handle, sids, NUM_SIDS, 8,
+			       NT_STATUS_INVALID_PARAMETER, NULL);
+	ret &= test_lookupsids(torture, b, handle, sids, NUM_SIDS, 9,
+			       NT_STATUS_INVALID_PARAMETER, NULL);
+	ret &= test_lookupsids(torture, b, handle, sids, NUM_SIDS, 10,
+			       NT_STATUS_INVALID_PARAMETER, NULL);
+
+	return ret;
+}
+
+static bool test_LookupSidsReply(struct torture_context *tctx,
+				 struct dcerpc_pipe *p)
+{
+	struct policy_handle *handle = NULL;
+
+	struct dom_sid **sids = NULL;
+	uint32_t num_sids = 1;
+
+	struct lsa_LookupSids r;
+	struct lsa_SidArray sidarray;
+	struct lsa_RefDomainList *domains = NULL;
+	struct lsa_TransNameArray names;
+	uint32_t count = 0;
+
+	uint32_t i;
+	const char *dom_sid = "S-1-5-21-1111111111-2222222222-3333333333";
+	const char *dom_admin_sid;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	enum dcerpc_transport_t transport = dcerpc_binding_get_transport(p->binding);
+
+	ZERO_STRUCT(r);
+	ZERO_STRUCT(sidarray);
+	ZERO_STRUCT(names);
+
+	if (transport != NCACN_NP && transport != NCALRPC) {
+		torture_comment(tctx,
+				"test_LookupSidsReply is only available "
+				"over NCACN_NP or NCALRPC");
+		return true;
+	}
+
+	if (!open_policy(tctx, b, &handle)) {
+		return false;
+	}
+
+	dom_admin_sid = talloc_asprintf(tctx, "%s-%d", dom_sid, 512);
+
+	sids = talloc_zero_array(tctx, struct dom_sid *, num_sids);
+
+	sids[0] = dom_sid_parse_talloc(tctx, dom_admin_sid);
+
+	names.count = 0;
+	names.names = NULL;
+
+	sidarray.num_sids = num_sids;
+	sidarray.sids = talloc_zero_array(tctx, struct lsa_SidPtr, num_sids);
+
+	for (i=0; i<num_sids; i++) {
+		sidarray.sids[i].sid = sids[i];
+	}
+
+	r.in.handle	= handle;
+	r.in.sids	= &sidarray;
+	r.in.names	= &names;
+	r.in.level	= LSA_LOOKUP_NAMES_ALL;
+	r.in.count	= &count;
+	r.out.names	= &names;
+	r.out.count	= &count;
+	r.out.domains	= &domains;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_LookupSids_r(b, tctx, &r),
+		"LookupSids failed");
+
+	torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_NONE_MAPPED,
+		"unexpected error code");
+
+	torture_assert_int_equal(tctx, names.count, num_sids,
+		"unexpected names count");
+	torture_assert(tctx, names.names,
+		"unexpected names pointer");
+	torture_assert_str_equal(tctx, names.names[0].name.string, dom_admin_sid,
+		"unexpected names[0].string");
+
+#if 0
+	/* vista sp1 passes, w2k3 sp2 fails */
+	torture_assert_int_equal(tctx, domains->count, num_sids,
+		"unexpected domains count");
+	torture_assert(tctx, domains->domains,
+		"unexpected domains pointer");
+	torture_assert_str_equal(tctx, dom_sid_string(tctx, domains->domains[0].sid), dom_sid,
+		"unexpected domain sid");
+#endif
+
+	return true;
+}
+
+/* check for lookup sids results */
+struct torture_suite *torture_rpc_lsa_lookup_sids(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite;
+	struct torture_rpc_tcase *tcase;
+
+	suite = torture_suite_create(mem_ctx, "lsa.lookupsids");
+	tcase = torture_suite_add_rpc_iface_tcase(suite, "lsa",
+						  &ndr_table_lsarpc);
+
+	torture_rpc_tcase_add_test(tcase, "LookupSidsReply", test_LookupSidsReply);
+
+	return suite;
+}
diff --git a/source4/torture/rpc/mdssvc.c b/source4/torture/rpc/mdssvc.c
new file mode 100644
index 0000000..2096ed7
--- /dev/null
+++ b/source4/torture/rpc/mdssvc.c
@@ -0,0 +1,1056 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for the mdssvc RPC service
+
+   Copyright (C) Ralph Boehme 2019
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "torture/rpc/torture_rpc.h"
+#include "librpc/gen_ndr/ndr_mdssvc_c.h"
+#include "param/param.h"
+#include "lib/cmdline/cmdline.h"
+#include "rpc_server/mdssvc/dalloc.h"
+#include "rpc_server/mdssvc/marshalling.h"
+
+struct torture_mdsscv_state {
+	struct dcerpc_pipe *p;
+	struct policy_handle ph;
+
+	/* Known fields used across multiple commands */
+	uint32_t dev;
+	uint32_t flags;
+
+	/* cmd specific or unknown fields */
+	struct {
+		const char share_path[1025];
+		uint32_t unkn2;
+		uint32_t unkn3;
+	} mdscmd_open;
+	struct {
+		uint32_t status;
+		uint32_t unkn7;
+	} mdscmd_unknown1;
+	struct {
+		uint32_t fragment;
+		uint32_t unkn9;
+	} mdscmd_cmd;
+	struct {
+		uint32_t status;
+	} mdscmd_close;
+};
+
+static bool torture_rpc_mdssvc_setup(struct torture_context *tctx,
+				     void **data)
+{
+	struct torture_mdsscv_state *state = NULL;
+	NTSTATUS status;
+
+	state = talloc_zero(tctx, struct torture_mdsscv_state);
+	if (state == NULL) {
+		return false;
+	}
+	*data = state;
+
+	status = torture_rpc_connection(tctx, &state->p, &ndr_table_mdssvc);
+	torture_assert_ntstatus_ok(tctx, status,  "Error connecting to server");
+
+	return true;
+}
+
+static bool torture_rpc_mdssvc_teardown(struct torture_context *tctx,
+					void *data)
+{
+	struct torture_mdsscv_state *state = talloc_get_type_abort(
+		data, struct torture_mdsscv_state);
+
+	TALLOC_FREE(state->p);
+	TALLOC_FREE(state);
+	return true;
+}
+
+static bool torture_rpc_mdssvc_open(struct torture_context *tctx,
+				    void **data)
+{
+	struct torture_mdsscv_state *state = NULL;
+	struct dcerpc_binding_handle *b = NULL;
+	const char *share_name = NULL;
+	const char *share_mount_path = NULL;
+	NTSTATUS status;
+	bool ok = true;
+
+	state = talloc_zero(tctx, struct torture_mdsscv_state);
+	if (state == NULL) {
+		return false;
+	}
+	*data = state;
+
+	status = torture_rpc_connection(tctx, &state->p, &ndr_table_mdssvc);
+	torture_assert_ntstatus_ok(tctx, status,  "Error connecting to server");
+	b = state->p->binding_handle;
+
+	share_name = torture_setting_string(
+		tctx, "spotlight_share", "spotlight");
+	share_mount_path = torture_setting_string(
+		tctx, "share_mount_path", "/foo/bar");
+
+	state->dev = generate_random();
+	state->mdscmd_open.unkn2 = 23;
+	state->mdscmd_open.unkn3 = 0;
+
+	ZERO_STRUCT(state->ph);
+
+	status = dcerpc_mdssvc_open(b,
+				    state,
+				    &state->dev,
+				    &state->mdscmd_open.unkn2,
+				    &state->mdscmd_open.unkn3,
+				    share_mount_path,
+				    share_name,
+				    state->mdscmd_open.share_path,
+				    &state->ph);
+	torture_assert_ntstatus_ok_goto(tctx, status, ok, done,
+					"dcerpc_mdssvc_open failed\n");
+
+	status = dcerpc_mdssvc_unknown1(b,
+					state,
+					&state->ph,
+					0,
+					state->dev,
+					state->mdscmd_open.unkn2,
+					0,
+					geteuid(),
+					getegid(),
+					&state->mdscmd_unknown1.status,
+					&state->flags,
+					&state->mdscmd_unknown1.unkn7);
+	torture_assert_ntstatus_ok_goto(tctx, status, ok, done,
+					"dcerpc_mdssvc_unknown1 failed\n");
+
+done:
+	if (!ok) {
+		(void)dcerpc_mdssvc_close(b,
+					  state,
+					  &state->ph,
+					  0,
+					  state->dev,
+					  state->mdscmd_open.unkn2,
+					  0,
+					  &state->ph,
+					  &state->mdscmd_close.status);
+		ZERO_STRUCTP(state);
+	}
+	return ok;
+}
+
+static bool torture_rpc_mdssvc_close(struct torture_context *tctx,
+				     void *data)
+{
+	struct torture_mdsscv_state *state = talloc_get_type_abort(
+		data, struct torture_mdsscv_state);
+	NTSTATUS status;
+	bool ok = true;
+
+	torture_comment(tctx, "test_teardown_mdssvc_disconnect\n");
+
+	if (state->p == NULL) {
+		/* We have already been disconnected. */
+		goto done;
+	}
+
+	status = dcerpc_mdssvc_close(state->p->binding_handle,
+				     state,
+				     &state->ph,
+				     0,
+				     state->dev,
+				     state->mdscmd_open.unkn2,
+				     0,
+				     &state->ph,
+				     &state->mdscmd_close.status);
+	torture_assert_ntstatus_ok_goto(tctx, status, ok, done,
+					"dcerpc_mdssvc_close failed\n");
+
+	ZERO_STRUCTP(state);
+
+done:
+	return ok;
+}
+
+/*
+ * Test unknown share name
+ */
+static bool test_mdssvc_open_unknown_share(struct torture_context *tctx,
+					   void *data)
+{
+	struct torture_mdsscv_state *state = talloc_get_type_abort(
+		data, struct torture_mdsscv_state);
+	struct dcerpc_binding_handle *b = state->p->binding_handle;
+	struct policy_handle ph;
+	struct policy_handle nullh;
+	uint32_t device_id;
+	uint32_t unkn2;
+	uint32_t unkn3;
+	uint32_t device_id_out;
+	uint32_t unkn2_out;
+	uint32_t unkn3_out;
+	const char *share_mount_path = NULL;
+	const char *share_name = NULL;
+	const char share_path[1025] = "X";
+	NTSTATUS status;
+	bool ok = true;
+
+	share_name = torture_setting_string(
+		tctx, "unknown_share", "choukawoohoo");
+	share_mount_path = torture_setting_string(
+		tctx, "share_mount_path", "/foo/bar");
+
+	device_id_out = device_id = generate_random();
+	unkn2_out = unkn2 = generate_random();
+	unkn3_out = unkn3 = generate_random();
+
+	ZERO_STRUCT(ph);
+	ZERO_STRUCT(nullh);
+
+	status = dcerpc_mdssvc_open(b,
+				    tctx,
+				    &device_id_out,
+				    &unkn2_out,
+				    &unkn3_out,
+				    share_mount_path,
+				    share_name,
+				    share_path,
+				    &ph);
+
+	torture_assert_ntstatus_ok_goto(tctx, status, ok, done,
+					"dcerpc_mdssvc_open failed\n");
+
+	torture_assert_u32_equal_goto(tctx, device_id_out, device_id, ok, done,
+				      "Bad device_id\n");
+
+	torture_assert_u32_equal_goto(tctx, unkn2_out, unkn2, ok, done,
+				      "Bad unkn2\n");
+
+	torture_assert_u32_equal_goto(tctx, unkn3_out, unkn3, ok, done,
+				      "Bad unkn3\n");
+
+	torture_assert_goto(tctx, share_path[0] == '\0', ok, done,
+			    "Expected empty string as share path\n");
+
+	torture_assert_mem_equal_goto(tctx, &ph, &nullh,
+				      sizeof(ph), ok, done,
+				      "Expected all-zero policy handle\n");
+
+done:
+	return ok;
+}
+
+/*
+ * Test on a share where Spotlight is not enabled
+ */
+static bool test_mdssvc_open_spotlight_disabled(struct torture_context *tctx,
+						void *data)
+{
+	struct torture_mdsscv_state *state = talloc_get_type_abort(
+		data, struct torture_mdsscv_state);
+	struct dcerpc_binding_handle *b = state->p->binding_handle;
+	struct policy_handle ph;
+	struct policy_handle nullh;
+	uint32_t device_id;
+	uint32_t unkn2;
+	uint32_t unkn3;
+	uint32_t device_id_out;
+	uint32_t unkn2_out;
+	uint32_t unkn3_out;
+	const char *share_mount_path = NULL;
+	const char *share_name = NULL;
+	const char share_path[1025] = "";
+	NTSTATUS status;
+	bool ok = true;
+
+	share_name = torture_setting_string(
+		tctx, "no_spotlight_share", "no_spotlight");
+	share_mount_path = torture_setting_string(
+		tctx, "share_mount_path", "/foo/bar");
+
+	device_id_out = device_id = generate_random();
+	unkn2_out = unkn2 = 23;
+	unkn3_out = unkn3 = 0;
+
+	ZERO_STRUCT(ph);
+	ZERO_STRUCT(nullh);
+
+	status = dcerpc_mdssvc_open(b,
+				    tctx,
+				    &device_id_out,
+				    &unkn2_out,
+				    &unkn3_out,
+				    share_mount_path,
+				    share_name,
+				    share_path,
+				    &ph);
+	torture_assert_ntstatus_ok_goto(tctx, status, ok, done,
+					"dcerpc_mdssvc_open failed\n");
+
+	torture_assert_u32_equal_goto(tctx, device_id, device_id_out, ok, done,
+				      "Bad device_id\n");
+
+	torture_assert_u32_equal_goto(tctx, unkn2, unkn2_out,
+				      ok, done, "Bad unkn2\n");
+
+	torture_assert_u32_equal_goto(tctx, unkn3, unkn3_out,
+				      ok, done, "Bad unkn3\n");
+
+	torture_assert_goto(tctx, share_path[0] == '\0', ok, done,
+			    "Expected empty string as share path\n");
+
+	torture_assert_mem_equal_goto(tctx, &ph, &nullh,
+				      sizeof(ph), ok, done,
+				      "Expected all-zero policy handle\n");
+
+done:
+	return ok;
+}
+
+static bool test_mdssvc_close(struct torture_context *tctx,
+			      void *data)
+{
+	struct torture_mdsscv_state *state = talloc_get_type_abort(
+		data, struct torture_mdsscv_state);
+	struct dcerpc_binding_handle *b = state->p->binding_handle;
+	struct policy_handle ph;
+	struct policy_handle close_ph;
+	uint32_t device_id;
+	uint32_t unkn2;
+	uint32_t unkn3;
+	const char *share_mount_path = NULL;
+	const char *share_name = NULL;
+	const char share_path[1025] = "";
+	uint32_t close_status;
+	DATA_BLOB ph_blob;
+	DATA_BLOB close_ph_blob;
+	NTSTATUS status;
+	bool ok = true;
+
+	share_name = torture_setting_string(
+		tctx, "spotlight_share", "spotlight");
+	share_mount_path = torture_setting_string(
+		tctx, "share_mount_path", "/foo/bar");
+
+	device_id = generate_random();
+	unkn2 = 23;
+	unkn3 = 0;
+
+	ZERO_STRUCT(ph);
+	ZERO_STRUCT(close_ph);
+
+	status = dcerpc_mdssvc_open(b,
+				    tctx,
+				    &device_id,
+				    &unkn2,
+				    &unkn3,
+				    share_mount_path,
+				    share_name,
+				    share_path,
+				    &ph);
+	torture_assert_ntstatus_ok_goto(tctx, status, ok, done,
+					"dcerpc_mdssvc_open failed\n");
+
+	status = dcerpc_mdssvc_close(b,
+				     tctx,
+				     &ph,
+				     0,
+				     device_id,
+				     unkn2,
+				     0,
+				     &close_ph,
+				     &close_status);
+	torture_assert_ntstatus_ok_goto(tctx, status, ok, done,
+					"dcerpc_mdssvc_open failed\n");
+
+	ph_blob = (DATA_BLOB) {
+		.data = (uint8_t *)&ph,
+		.length = sizeof(struct policy_handle)
+	};
+	close_ph_blob = (DATA_BLOB) {
+		.data = (uint8_t *)&close_ph,
+		.length = sizeof(struct policy_handle),
+	};
+
+	torture_assert_data_blob_equal(tctx, close_ph_blob, ph_blob,
+				       "bad blob");
+
+	torture_comment(tctx, "Test close with a all-zero handle\n");
+
+	ZERO_STRUCT(ph);
+	status = dcerpc_mdssvc_close(b,
+				     tctx,
+				     &ph,
+				     0,
+				     device_id,
+				     unkn2,
+				     0,
+				     &close_ph,
+				     &close_status);
+	torture_assert_ntstatus_ok_goto(tctx, status, ok, done,
+					"dcerpc_mdssvc_close failed\n");
+
+	torture_assert_data_blob_equal(tctx, close_ph_blob, ph_blob,
+				       "bad blob");
+
+done:
+	return ok;
+}
+
+static bool test_mdssvc_null_ph(struct torture_context *tctx,
+				void *data)
+{
+	struct torture_mdsscv_state *state = talloc_get_type_abort(
+		data, struct torture_mdsscv_state);
+	struct dcerpc_binding_handle *b = state->p->binding_handle;
+	struct policy_handle nullh;
+	struct policy_handle ph;
+	uint32_t device_id;
+	uint32_t unkn2;
+	uint32_t unkn7;
+	uint32_t cmd_status;
+	uint32_t flags;
+	NTSTATUS status;
+	bool ok = true;
+
+	device_id = generate_random();
+	unkn2 = 23;
+	unkn7 = 0;
+	cmd_status = 0;
+
+	ZERO_STRUCT(nullh);
+	ZERO_STRUCT(ph);
+
+	status = dcerpc_mdssvc_unknown1(b,
+					tctx,
+					&ph,
+					0,
+					device_id,
+					unkn2,
+					0,
+					geteuid(),
+					getegid(),
+					&cmd_status,
+					&flags,
+					&unkn7);
+	torture_assert_ntstatus_ok_goto(tctx, status, ok, done,
+					"dcerpc_mdssvc_unknown1 failed\n");
+
+	torture_assert_mem_equal_goto(tctx, &ph, &nullh,
+				      sizeof(ph), ok, done,
+				      "Expected all-zero policy handle\n");
+
+done:
+	return ok;
+}
+
+static bool test_mdssvc_invalid_ph_unknown1(struct torture_context *tctx,
+					    void *data)
+{
+	struct torture_mdsscv_state *state = talloc_get_type_abort(
+		data, struct torture_mdsscv_state);
+	struct dcerpc_binding_handle *b = state->p->binding_handle;
+	struct policy_handle ph;
+	uint32_t device_id;
+	uint32_t unkn2;
+	uint32_t unkn7;
+	uint32_t cmd_status;
+	uint32_t flags;
+	NTSTATUS status;
+	bool ok = true;
+
+	device_id = generate_random();
+	unkn2 = 23;
+	unkn7 = 0;
+	cmd_status = 0;
+
+	ZERO_STRUCT(ph);
+	ph.uuid = GUID_random();
+
+	status = dcerpc_mdssvc_unknown1(b,
+					tctx,
+					&ph,
+					0,
+					device_id,
+					unkn2,
+					0,
+					geteuid(),
+					getegid(),
+					&cmd_status,
+					&flags,
+					&unkn7);
+	torture_assert_ntstatus_equal_goto(
+		tctx, status, NT_STATUS_RPC_PROTOCOL_ERROR, ok, done,
+		"dcerpc_mdssvc_unknown1 failed\n");
+
+	/* Free and set to NULL the no-longer-usable pipe. */
+	b = NULL;
+	TALLOC_FREE(state->p);
+
+done:
+	return ok;
+}
+
+static bool test_mdssvc_invalid_ph_cmd(struct torture_context *tctx,
+				       void *data)
+{
+	struct torture_mdsscv_state *state = talloc_get_type_abort(
+		data, struct torture_mdsscv_state);
+	struct dcerpc_binding_handle *b = state->p->binding_handle;
+	struct policy_handle ph;
+	struct mdssvc_blob request_blob;
+	struct mdssvc_blob response_blob;
+	uint32_t device_id;
+	uint32_t unkn2;
+	uint32_t unkn9;
+	uint32_t fragment;
+	uint32_t flags;
+	NTSTATUS status;
+	bool ok = true;
+
+	device_id = generate_random();
+	unkn2 = 23;
+	unkn9 = 0;
+	fragment = 0;
+	flags = UINT32_C(0x6b000001);
+
+	ZERO_STRUCT(ph);
+	ph.uuid = GUID_random();
+
+	request_blob.spotlight_blob = talloc_array(state,
+						   uint8_t,
+						   0);
+	torture_assert_not_null_goto(tctx, request_blob.spotlight_blob,
+				     ok, done, "dalloc_zero failed\n");
+	request_blob.size = 0;
+	request_blob.length = 0;
+	request_blob.size = 0;
+
+	status =  dcerpc_mdssvc_cmd(b,
+				    state,
+				    &ph,
+				    0,
+				    device_id,
+				    unkn2,
+				    0,
+				    flags,
+				    request_blob,
+				    0,
+				    64 * 1024,
+				    1,
+				    64 * 1024,
+				    0,
+				    0,
+				    &fragment,
+				    &response_blob,
+				    &unkn9);
+	torture_assert_ntstatus_equal_goto(
+		tctx, status, NT_STATUS_RPC_PROTOCOL_ERROR, ok, done,
+		"dcerpc_mdssvc_unknown1 failed\n");
+
+	/* Free and set to NULL the no-longer-usable pipe. */
+	b = NULL;
+	TALLOC_FREE(state->p);
+
+done:
+	return ok;
+}
+
+static uint8_t test_sl_unpack_loop_buf[] = {
+	0x34, 0x33, 0x32, 0x31, 0x33, 0x30, 0x64, 0x6d,
+	0x1d, 0x00, 0x00, 0x00, 0x16, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x02, 0x01, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x02, 0x03, 0x00, 0x00, 0x00,
+	0x06, 0x00, 0x00, 0x07, 0x04, 0x00, 0x00, 0x00,
+	0x66, 0x65, 0x74, 0x63, 0x68, 0x41, 0x74, 0x74,
+	0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x3a,
+	0x66, 0x6f, 0x72, 0x4f, 0x49, 0x44, 0x41, 0x72,
+	0x72, 0x61, 0x79, 0x3a, 0x63, 0x6f, 0x6e, 0x74,
+	0x65, 0x78, 0x74, 0x3a, 0x00, 0x00, 0x00, 0xea,
+	0x02, 0x00, 0x00, 0x84, 0x02, 0x00, 0x00, 0x00,
+	0x0a, 0x50, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x02, 0x04, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00,
+	0x03, 0x00, 0x00, 0x07, 0x03, 0x00, 0x00, 0x00,
+	0x6b, 0x4d, 0x44, 0x49, 0x74, 0x65, 0x6d, 0x50,
+	0x61, 0x74, 0x68, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x02, 0x06, 0x00, 0x00, 0x00,
+	0x03, 0x00, 0x00, 0x87, 0x08, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0xdd, 0x0a, 0x20, 0x00, 0x00, 0x6b,
+	0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x07, 0x00, 0x00, 0x88, 0x00, 0x00, 0x00, 0x00,
+	0x02, 0x00, 0x00, 0x0a, 0x03, 0x00, 0x00, 0x00,
+	0x03, 0x00, 0x00, 0x0a, 0x03, 0x00, 0x00, 0x00,
+	0x04, 0x00, 0x00, 0x0c, 0x04, 0x00, 0x00, 0x00,
+	0x0e, 0x00, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x00,
+	0x0f, 0x00, 0x00, 0x0c, 0x03, 0x00, 0x00, 0x00,
+	0x13, 0x00, 0x00, 0x1a, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00
+};
+
+static bool test_mdssvc_sl_unpack_loop(struct torture_context *tctx,
+				       void *data)
+{
+	struct torture_mdsscv_state *state = talloc_get_type_abort(
+		data, struct torture_mdsscv_state);
+	struct dcerpc_binding_handle *b = state->p->binding_handle;
+	struct mdssvc_blob request_blob;
+	struct mdssvc_blob response_blob;
+	uint32_t device_id;
+	uint32_t unkn2;
+	uint32_t unkn9;
+	uint32_t fragment;
+	uint32_t flags;
+	NTSTATUS status;
+	bool ok = true;
+
+	device_id = UINT32_C(0x2f000045);
+	unkn2 = 23;
+	unkn9 = 0;
+	fragment = 0;
+	flags = UINT32_C(0x6b000001);
+
+	request_blob.spotlight_blob = test_sl_unpack_loop_buf;
+	request_blob.size = sizeof(test_sl_unpack_loop_buf);
+	request_blob.length = sizeof(test_sl_unpack_loop_buf);
+
+	status = dcerpc_mdssvc_cmd(b,
+				   state,
+				   &state->ph,
+				   0,
+				   device_id,
+				   unkn2,
+				   0,
+				   flags,
+				   request_blob,
+				   0,
+				   64 * 1024,
+				   1,
+				   64 * 1024,
+				   0,
+				   0,
+				   &fragment,
+				   &response_blob,
+				   &unkn9);
+	torture_assert_ntstatus_ok_goto(
+		tctx, status, ok, done,
+		"dcerpc_mdssvc_unknown1 failed\n");
+
+done:
+	return ok;
+}
+
+static bool test_sl_dict_type_safety(struct torture_context *tctx,
+				     void *data)
+{
+	struct torture_mdsscv_state *state = talloc_get_type_abort(
+		data, struct torture_mdsscv_state);
+	struct dcerpc_binding_handle *b = state->p->binding_handle;
+	struct mdssvc_blob request_blob;
+	struct mdssvc_blob response_blob;
+	uint64_t ctx1 = 0xdeadbeef;
+	uint64_t ctx2 = 0xcafebabe;
+	uint32_t device_id;
+	uint32_t unkn2;
+	uint32_t unkn9;
+	uint32_t fragment;
+	uint32_t flags;
+	DALLOC_CTX *d = NULL;
+	sl_array_t *array1 = NULL, *array2 = NULL;
+	sl_dict_t *arg = NULL;
+	int result;
+	NTSTATUS status;
+	bool ok = true;
+
+	device_id = UINT32_C(0x2f000045);
+	unkn2 = 23;
+	unkn9 = 0;
+	fragment = 0;
+	flags = UINT32_C(0x6b000001);
+
+	d = dalloc_new(tctx);
+	torture_assert_not_null_goto(tctx, d,
+				     ok, done, "dalloc_new failed\n");
+
+	array1 = dalloc_zero(d, sl_array_t);
+	torture_assert_not_null_goto(tctx, array1,
+				     ok, done, "dalloc_zero failed\n");
+
+	array2 = dalloc_zero(d, sl_array_t);
+	torture_assert_not_null_goto(tctx, array2,
+				     ok, done, "dalloc_new failed\n");
+
+	result = dalloc_stradd(array2, "openQueryWithParams:forContext:");
+	torture_assert_goto(tctx, result == 0,
+			    ok, done, "dalloc_stradd failed\n");
+
+	result = dalloc_add_copy(array2, &ctx1, uint64_t);
+	torture_assert_goto(tctx, result == 0,
+			    ok, done, "dalloc_stradd failed\n");
+
+	result = dalloc_add_copy(array2, &ctx2, uint64_t);
+	torture_assert_goto(tctx, result == 0,
+			    ok, done, "dalloc_stradd failed\n");
+
+	arg = dalloc_zero(array1, sl_dict_t);
+	torture_assert_not_null_goto(tctx, d,
+				     ok, done, "dalloc_zero failed\n");
+
+	result = dalloc_stradd(arg, "kMDQueryString");
+	torture_assert_goto(tctx, result == 0,
+			    ok, done, "dalloc_stradd failed\n");
+
+	result = dalloc_stradd(arg, "*");
+	torture_assert_goto(tctx, result == 0,
+			    ok, done, "dalloc_stradd failed\n");
+
+	result = dalloc_stradd(arg, "kMDScopeArray");
+	torture_assert_goto(tctx, result == 0,
+			    ok, done, "dalloc_stradd failed\n");
+
+	result = dalloc_stradd(arg, "AAAABBBB");
+	torture_assert_goto(tctx, result == 0,
+			    ok, done, "dalloc_stradd failed\n");
+
+	result = dalloc_add(array1, array2, sl_array_t);
+	torture_assert_goto(tctx, result == 0,
+			    ok, done, "dalloc_add failed\n");
+
+	result = dalloc_add(array1, arg, sl_dict_t);
+	torture_assert_goto(tctx, result == 0,
+			    ok, done, "dalloc_add failed\n");
+
+	result = dalloc_add(d, array1, sl_array_t);
+	torture_assert_goto(tctx, result == 0,
+			    ok, done, "dalloc_add failed\n");
+
+	torture_comment(tctx, "%s", dalloc_dump(d, 0));
+
+	request_blob.spotlight_blob = talloc_array(tctx,
+						   uint8_t,
+						   64 * 1024);
+	torture_assert_not_null_goto(tctx, request_blob.spotlight_blob,
+				     ok, done, "dalloc_new failed\n");
+	request_blob.size = 64 * 1024;
+
+	status = sl_pack_alloc(tctx, d, &request_blob, 64 * 1024);
+	torture_assert_ntstatus_ok_goto(tctx, status, ok, done,
+					"sl_pack_alloc() failed\n");
+
+	status = dcerpc_mdssvc_cmd(b,
+				   state,
+				   &state->ph,
+				   0,
+				   device_id,
+				   unkn2,
+				   0,
+				   flags,
+				   request_blob,
+				   0,
+				   64 * 1024,
+				   1,
+				   64 * 1024,
+				   0,
+				   0,
+				   &fragment,
+				   &response_blob,
+				   &unkn9);
+	torture_assert_ntstatus_ok_goto(
+		tctx, status, ok, done,
+		"dcerpc_mdssvc_cmd failed\n");
+
+done:
+	return ok;
+}
+
+static bool test_mdssvc_invalid_ph_close(struct torture_context *tctx,
+					 void *data)
+{
+	struct torture_mdsscv_state *state = talloc_get_type_abort(
+		data, struct torture_mdsscv_state);
+	struct dcerpc_binding_handle *b = state->p->binding_handle;
+	struct policy_handle ph;
+	uint32_t device_id;
+	uint32_t unkn2;
+	uint32_t close_status;
+	NTSTATUS status;
+	bool ok = true;
+
+	device_id = generate_random();
+	unkn2 = 23;
+	close_status = 0;
+
+	ZERO_STRUCT(ph);
+	ph.uuid = GUID_random();
+
+	status = dcerpc_mdssvc_close(b,
+				     state,
+				     &ph,
+				     0,
+				     device_id,
+				     unkn2,
+				     0,
+				     &ph,
+				     &close_status);
+	torture_assert_ntstatus_equal_goto(
+		tctx, status, NT_STATUS_RPC_PROTOCOL_ERROR, ok, done,
+		"dcerpc_mdssvc_unknown1 failed\n");
+
+	/* Free and set to NULL the no-longer-usable pipe. */
+	b = NULL;
+	TALLOC_FREE(state->p);
+
+done:
+	return ok;
+}
+
+/*
+ * Test fetchAttributes with unknown CNID
+ */
+static bool test_mdssvc_fetch_attr_unknown_cnid(struct torture_context *tctx,
+						void *data)
+{
+	struct torture_mdsscv_state *state = talloc_get_type_abort(
+		data, struct torture_mdsscv_state);
+	struct dcerpc_binding_handle *b = state->p->binding_handle;
+	uint32_t max_fragment_size = 64 * 1024;
+	struct mdssvc_blob request_blob;
+	struct mdssvc_blob response_blob;
+	DALLOC_CTX *d = NULL, *mds_reply = NULL;
+	uint64_t *uint64var = NULL;
+	sl_array_t *array = NULL;
+	sl_array_t *cmd_array = NULL;
+	sl_array_t *attr_array = NULL;
+	sl_cnids_t *cnids = NULL;
+	void *path = NULL;
+	const char *path_type = NULL;
+	uint64_t ino64;
+	NTSTATUS status;
+	int ret;
+	bool ok = true;
+
+	d = dalloc_new(state);
+	torture_assert_not_null_goto(tctx, d, ret, done, "dalloc_new failed\n");
+
+	array = dalloc_zero(d, sl_array_t);
+	torture_assert_not_null_goto(tctx, array, ret, done,
+				     "dalloc_zero failed\n");
+
+	ret = dalloc_add(d, array, sl_array_t);
+	torture_assert_goto(tctx, ret == 0, ret, done, "dalloc_add failed\n");
+
+	cmd_array = dalloc_zero(d, sl_array_t);
+	torture_assert_not_null_goto(tctx, cmd_array, ret, done,
+				     "dalloc_zero failed\n");
+
+	ret = dalloc_add(array, cmd_array, sl_array_t);
+	torture_assert_goto(tctx, ret == 0, ret, done, "dalloc_add failed\n");
+
+	ret = dalloc_stradd(cmd_array, "fetchAttributes:forOIDArray:context:");
+	torture_assert_goto(tctx, ret == 0, ret, done, "dalloc_stradd failed\n");
+
+	uint64var = talloc_zero_array(cmd_array, uint64_t, 2);
+	torture_assert_not_null_goto(tctx, uint64var, ret, done,
+				     "talloc_zero_array failed\n");
+	talloc_set_name(uint64var, "uint64_t *");
+
+	uint64var[0] = 0x500a;
+	uint64var[1] = 0;
+
+	ret = dalloc_add(cmd_array, &uint64var[0], uint64_t *);
+	torture_assert_goto(tctx, ret == 0, ret, done, "dalloc_add failed\n");
+
+	attr_array = dalloc_zero(d, sl_array_t);
+	torture_assert_not_null_goto(tctx, attr_array, ret, done,
+				     "dalloc_zero failed\n");
+
+	ret = dalloc_add(array, attr_array, sl_array_t);
+	torture_assert_goto(tctx, ret == 0, ret, done, "dalloc_add failed\n");
+
+	ret = dalloc_stradd(attr_array, "kMDItemPath");
+	torture_assert_goto(tctx, ret == 0, ret, done, "dalloc_stradd failed\n");
+
+	/* CNIDs */
+	cnids = talloc_zero(array, sl_cnids_t);
+	torture_assert_not_null_goto(tctx, cnids, ret, done,
+				     "talloc_zero failed\n");
+
+	cnids->ca_cnids = dalloc_new(cnids);
+	torture_assert_not_null_goto(tctx, cnids->ca_cnids, ret, done,
+				     "dalloc_new failed\n");
+
+	cnids->ca_unkn1 = 0xadd;
+	cnids->ca_context = 0x6b000020;
+
+	ino64 = UINT64_C(64382947389618974);
+	ret = dalloc_add_copy(cnids->ca_cnids, &ino64, uint64_t);
+	torture_assert_goto(tctx, ret == 0, ret, done,
+			    "dalloc_add_copy failed\n");
+
+	ret = dalloc_add(array, cnids, sl_cnids_t);
+	torture_assert_goto(tctx, ret == 0, ret, done, "dalloc_add failed\n");
+
+	status = sl_pack_alloc(tctx, d, &request_blob, max_fragment_size);
+	torture_assert_ntstatus_ok_goto(tctx, status, ok, done,
+					"sl_pack_alloc() failed\n");
+
+	status =  dcerpc_mdssvc_cmd(b,
+				    state,
+				    &state->ph,
+				    0,
+				    state->dev,
+				    state->mdscmd_open.unkn2,
+				    0,
+				    state->flags,
+				    request_blob,
+				    0,
+				    max_fragment_size,
+				    1,
+				    max_fragment_size,
+				    0,
+				    0,
+				    &state->mdscmd_cmd.fragment,
+				    &response_blob,
+				    &state->mdscmd_cmd.unkn9);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"dcerpc_mdssvc_cmd failed\n");
+
+	mds_reply = dalloc_new(state);
+	torture_assert_not_null_goto(tctx, mds_reply, ret, done,
+				     "dalloc_zero failed\n");
+
+	ok = sl_unpack(mds_reply,
+		       (char *)response_blob.spotlight_blob,
+		       response_blob.length);
+	torture_assert_goto(tctx, ok, ret, done, "dalloc_add failed\n");
+
+	torture_comment(tctx, "%s", dalloc_dump(mds_reply, 0));
+
+	path = dalloc_get(mds_reply,
+			  "DALLOC_CTX", 0,
+			  "DALLOC_CTX", 2,
+			  "DALLOC_CTX", 0,
+			  "sl_nil_t", 1);
+	torture_assert_not_null_goto(tctx, path, ret, done,
+				     "dalloc_get path failed\n");
+
+	path_type = talloc_get_name(path);
+
+	torture_assert_str_equal_goto(tctx, path_type, "sl_nil_t", ret, done,
+				      "Wrong dalloc object type\n");
+
+done:
+	return ok;
+}
+
+struct torture_suite *torture_rpc_mdssvc(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(
+		mem_ctx, "mdssvc");
+	struct torture_tcase *tcase = NULL;
+
+	tcase = torture_suite_add_tcase(suite, "rpccmd");
+	if (tcase == NULL) {
+		return NULL;
+	}
+	torture_tcase_set_fixture(tcase,
+				  torture_rpc_mdssvc_setup,
+				  torture_rpc_mdssvc_teardown);
+
+	torture_tcase_add_simple_test(tcase,
+				      "open_unknown_share",
+				      test_mdssvc_open_unknown_share);
+
+	torture_tcase_add_simple_test(tcase,
+				      "open_spotlight_disabled",
+				      test_mdssvc_open_spotlight_disabled);
+
+	torture_tcase_add_simple_test(tcase,
+				      "close",
+				      test_mdssvc_close);
+
+	torture_tcase_add_simple_test(tcase,
+				      "null_ph",
+				      test_mdssvc_null_ph);
+
+	tcase = torture_suite_add_tcase(suite, "disconnect1");
+	if (tcase == NULL) {
+		return NULL;
+	}
+	torture_tcase_set_fixture(tcase,
+				  torture_rpc_mdssvc_open,
+				  torture_rpc_mdssvc_close);
+
+	torture_tcase_add_simple_test(tcase,
+				      "invalid_ph_unknown1",
+				      test_mdssvc_invalid_ph_unknown1);
+
+	tcase = torture_suite_add_tcase(suite, "disconnect2");
+	if (tcase == NULL) {
+		return NULL;
+	}
+	torture_tcase_set_fixture(tcase,
+				  torture_rpc_mdssvc_open,
+				  torture_rpc_mdssvc_close);
+
+	torture_tcase_add_simple_test(tcase,
+				      "invalid_ph_cmd",
+				      test_mdssvc_invalid_ph_cmd);
+
+	tcase = torture_suite_add_tcase(suite, "disconnect3");
+	if (tcase == NULL) {
+		return NULL;
+	}
+	torture_tcase_set_fixture(tcase,
+				  torture_rpc_mdssvc_open,
+				  torture_rpc_mdssvc_close);
+
+	torture_tcase_add_simple_test(tcase,
+				      "invalid_ph_close",
+				      test_mdssvc_invalid_ph_close);
+
+	tcase = torture_suite_add_tcase(suite, "mdscmd");
+	if (tcase == NULL) {
+		return NULL;
+	}
+	torture_tcase_set_fixture(tcase,
+				  torture_rpc_mdssvc_open,
+				  torture_rpc_mdssvc_close);
+
+	torture_tcase_add_simple_test(tcase,
+				      "fetch_unknown_cnid",
+				      test_mdssvc_fetch_attr_unknown_cnid);
+
+	torture_tcase_add_simple_test(tcase,
+				      "mdssvc_sl_unpack_loop",
+				      test_mdssvc_sl_unpack_loop);
+
+	torture_tcase_add_simple_test(tcase,
+				      "sl_dict_type_safety",
+				      test_sl_dict_type_safety);
+
+	return suite;
+}
diff --git a/source4/torture/rpc/mgmt.c b/source4/torture/rpc/mgmt.c
new file mode 100644
index 0000000..e873d4b
--- /dev/null
+++ b/source4/torture/rpc/mgmt.c
@@ -0,0 +1,328 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for mgmt rpc operations
+
+   Copyright (C) Andrew Tridgell 2003
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_mgmt_c.h"
+#include "auth/gensec/gensec.h"
+#include "librpc/ndr/ndr_table.h"
+#include "torture/rpc/torture_rpc.h"
+#include "param/param.h"
+
+
+/*
+  ask the server what interface IDs are available on this endpoint
+*/
+bool test_inq_if_ids(struct torture_context *tctx,
+		     struct dcerpc_binding_handle *b,
+		     TALLOC_CTX *mem_ctx,
+		     bool (*per_id_test)(struct torture_context *,
+					 const struct ndr_interface_table *iface,
+					 TALLOC_CTX *mem_ctx,
+					 struct ndr_syntax_id *id),
+		     const void *priv)
+{
+	struct mgmt_inq_if_ids r;
+	struct rpc_if_id_vector_t *vector;
+	int i;
+
+	vector = talloc(mem_ctx, struct rpc_if_id_vector_t);
+	r.out.if_id_vector = &vector;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_mgmt_inq_if_ids_r(b, mem_ctx, &r),
+		"inq_if_ids failed");
+
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"inq_if_ids gave unexpected error code");
+
+	if (!vector) {
+		torture_comment(tctx, "inq_if_ids gave NULL if_id_vector\n");
+		return false;
+	}
+
+	for (i=0;i<vector->count;i++) {
+		struct ndr_syntax_id *id = vector->if_id[i].id;
+		if (!id) continue;
+
+		torture_comment(tctx, "\tuuid %s  version 0x%08x  '%s'\n",
+		       GUID_string(mem_ctx, &id->uuid),
+		       id->if_version,
+		       ndr_interface_name(&id->uuid, id->if_version));
+
+		if (per_id_test) {
+			per_id_test(tctx, priv, mem_ctx, id);
+		}
+	}
+
+	return true;
+}
+
+static bool test_inq_stats(struct torture_context *tctx,
+			   struct dcerpc_binding_handle *b,
+			   TALLOC_CTX *mem_ctx)
+{
+	struct mgmt_inq_stats r;
+	struct mgmt_statistics statistics;
+
+	r.in.max_count = MGMT_STATS_ARRAY_MAX_SIZE;
+	r.in.unknown = 0;
+	r.out.statistics = &statistics;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_mgmt_inq_stats_r(b, mem_ctx, &r),
+		"inq_stats failed");
+
+	if (statistics.count != MGMT_STATS_ARRAY_MAX_SIZE) {
+		torture_comment(tctx, "Unexpected array size %d\n", statistics.count);
+		return false;
+	}
+
+	torture_comment(tctx, "\tcalls_in %6d  calls_out %6d\n\tpkts_in  %6d  pkts_out  %6d\n",
+	       statistics.statistics[MGMT_STATS_CALLS_IN],
+	       statistics.statistics[MGMT_STATS_CALLS_OUT],
+	       statistics.statistics[MGMT_STATS_PKTS_IN],
+	       statistics.statistics[MGMT_STATS_PKTS_OUT]);
+
+	return true;
+}
+
+static bool test_inq_princ_name_size(struct torture_context *tctx,
+				     struct dcerpc_binding_handle *b,
+				     uint32_t authn_proto,
+				     const char *expected_princ_name)
+{
+	struct mgmt_inq_princ_name r;
+	uint32_t len, i;
+
+	len = strlen(expected_princ_name);
+
+	r.in.authn_proto = authn_proto;
+
+	/*
+	 * 0 gives NT_STATUS_RPC_BAD_STUB_DATA
+	 */
+	r.in.princ_name_size = 0;
+
+	torture_assert_ntstatus_equal(tctx,
+			dcerpc_mgmt_inq_princ_name_r(b, tctx, &r),
+			NT_STATUS_RPC_BAD_STUB_DATA,
+			"mgmt_inq_princ_name failed");
+
+	for (i=1; i <= len; i++) {
+		r.in.princ_name_size = i;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_mgmt_inq_princ_name_r(b, tctx, &r),
+			"mgmt_inq_princ_name failed");
+		torture_assert_werr_equal(tctx,
+			r.out.result,
+			WERR_INSUFFICIENT_BUFFER,
+			"mgmt_inq_princ_name failed");
+	}
+
+	r.in.princ_name_size = len + 1;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_mgmt_inq_princ_name_r(b, tctx, &r),
+		"mgmt_inq_princ_name failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"mgmt_inq_princ_name failed");
+
+	return true;
+}
+
+static bool test_inq_princ_name(struct torture_context *tctx,
+				struct dcerpc_binding_handle *b,
+				TALLOC_CTX *mem_ctx)
+{
+	NTSTATUS status;
+	struct mgmt_inq_princ_name r;
+	int i;
+	bool ret = false;
+
+	for (i=0;i<256;i++) {
+		r.in.authn_proto = i;  /* DCERPC_AUTH_TYPE_* */
+		r.in.princ_name_size = 100;
+
+		status = dcerpc_mgmt_inq_princ_name_r(b, mem_ctx, &r);
+		if (!NT_STATUS_IS_OK(status)) {
+			continue;
+		}
+		if (W_ERROR_IS_OK(r.out.result)) {
+			const char *name = gensec_get_name_by_authtype(NULL, i);
+			ret = true;
+			if (name) {
+				torture_comment(tctx, "\tprinciple name for proto %u (%s) is '%s'\n",
+				       i, name, r.out.princ_name);
+			} else {
+				torture_comment(tctx, "\tprinciple name for proto %u is '%s'\n",
+				       i, r.out.princ_name);
+			}
+
+			switch (i) {
+			case DCERPC_AUTH_TYPE_KRB5:
+			case DCERPC_AUTH_TYPE_NTLMSSP:
+			case DCERPC_AUTH_TYPE_SPNEGO:
+				torture_assert(tctx,
+					test_inq_princ_name_size(tctx, b, i, r.out.princ_name),
+					"failed");
+				break;
+			case DCERPC_AUTH_TYPE_SCHANNEL:
+				/*
+				 * for some reason schannel behaves differently
+				 *
+				 */
+			default:
+				break;
+			}
+		}
+	}
+
+	if (!ret) {
+		torture_comment(tctx, "\tno principle names?\n");
+	}
+
+	return true;
+}
+
+static bool test_is_server_listening(struct torture_context *tctx,
+				     struct dcerpc_binding_handle *b,
+				     TALLOC_CTX *mem_ctx)
+{
+	struct mgmt_is_server_listening r;
+	r.out.status = talloc(mem_ctx, uint32_t);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_mgmt_is_server_listening_r(b, mem_ctx, &r),
+		"is_server_listening failed");
+
+	if (*r.out.status != 0 || r.out.result == 0) {
+		torture_comment(tctx, "\tserver is NOT listening\n");
+	} else {
+		torture_comment(tctx, "\tserver is listening\n");
+	}
+
+	return true;
+}
+
+static bool test_stop_server_listening(struct torture_context *tctx,
+				       struct dcerpc_binding_handle *b,
+				       TALLOC_CTX *mem_ctx)
+{
+	struct mgmt_stop_server_listening r;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_mgmt_stop_server_listening_r(b, mem_ctx, &r),
+		"stop_server_listening failed");
+
+	if (!W_ERROR_IS_OK(r.out.result)) {
+		torture_comment(tctx, "\tserver refused to stop listening - %s\n", win_errstr(r.out.result));
+	} else {
+		torture_comment(tctx, "\tserver allowed a stop_server_listening request\n");
+		return false;
+	}
+
+	return true;
+}
+
+
+bool torture_rpc_mgmt(struct torture_context *tctx)
+{
+        NTSTATUS status;
+        struct dcerpc_pipe *p;
+	TALLOC_CTX *mem_ctx, *loop_ctx;
+	bool ret = true;
+	const struct ndr_interface_list *l;
+	struct dcerpc_binding *b;
+
+	mem_ctx = talloc_init("torture_rpc_mgmt");
+
+	status = torture_rpc_binding(tctx, &b);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(mem_ctx);
+		return false;
+	}
+
+	for (l=ndr_table_list();l;l=l->next) {
+		struct dcerpc_binding_handle *bh;
+
+		loop_ctx = talloc_named(mem_ctx, 0, "torture_rpc_mgmt loop context");
+
+		/* some interfaces are not mappable */
+		if (l->table->num_calls == 0 ||
+		    strcmp(l->table->name, "mgmt") == 0) {
+			talloc_free(loop_ctx);
+			continue;
+		}
+
+		torture_comment(tctx, "\nTesting pipe '%s'\n", l->table->name);
+
+		status = dcerpc_epm_map_binding(loop_ctx, b, l->table,
+						tctx->ev, tctx->lp_ctx);
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_comment(tctx, "Failed to map port for uuid %s\n",
+				   GUID_string(loop_ctx, &l->table->syntax_id.uuid));
+			talloc_free(loop_ctx);
+			continue;
+		}
+
+		lpcfg_set_cmdline(tctx->lp_ctx, "torture:binding", dcerpc_binding_string(loop_ctx, b));
+
+		status = torture_rpc_connection(tctx, &p, &ndr_table_mgmt);
+		if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+			torture_comment(tctx, "Interface not available - skipping\n");
+			talloc_free(loop_ctx);
+			continue;
+		}
+
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(loop_ctx);
+			torture_comment(tctx, "Interface not available (%s) - skipping\n", nt_errstr(status));
+			ret = false;
+			continue;
+		}
+		bh = p->binding_handle;
+
+		if (!test_is_server_listening(tctx, bh, loop_ctx)) {
+			ret = false;
+		}
+
+		if (!test_stop_server_listening(tctx, bh, loop_ctx)) {
+			ret = false;
+		}
+
+		if (!test_inq_stats(tctx, bh, loop_ctx)) {
+			ret = false;
+		}
+
+		if (!test_inq_princ_name(tctx, bh, loop_ctx)) {
+			ret = false;
+		}
+
+		if (!test_inq_if_ids(tctx, bh, loop_ctx, NULL, NULL)) {
+			ret = false;
+		}
+
+	}
+
+	return ret;
+}
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
new file mode 100644
index 0000000..c371561
--- /dev/null
+++ b/source4/torture/rpc/netlogon.c
@@ -0,0 +1,6038 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   test suite for netlogon rpc operations
+
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003-2004
+   Copyright (C) Tim Potter      2003
+   Copyright (C) Matthias Dieter Wallnöfer            2009-2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include "lib/cmdline/cmdline.h"
+#include "torture/rpc/torture_rpc.h"
+#include "../lib/crypto/crypto.h"
+#include "libcli/auth/libcli_auth.h"
+#include "librpc/gen_ndr/ndr_netlogon_c.h"
+#include "librpc/gen_ndr/ndr_lsa_c.h"
+#include "param/param.h"
+#include "libcli/security/security.h"
+#include <ldb.h>
+#include "lib/util/util_ldb.h"
+#include "ldb_wrap.h"
+#include "lib/replace/system/network.h"
+#include "dsdb/samdb/samdb.h"
+
+#undef strcasecmp
+
+#define TEST_MACHINE_NAME "torturetest"
+
+static bool test_netr_broken_binding_handle(struct torture_context *tctx,
+					    struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct netr_DsRGetSiteName r;
+	const char *site = NULL;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.computer_name	= talloc_asprintf(tctx, "\\\\%s",
+						  dcerpc_server_name(p));
+	r.out.site		= &site;
+
+	torture_comment(tctx,
+			"Testing netlogon request with correct binding handle: %s\n",
+			r.in.computer_name);
+
+	status = dcerpc_netr_DsRGetSiteName_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "Netlogon request with broken binding handle");
+	torture_assert_werr_ok(tctx, r.out.result,
+			       "Netlogon request with broken binding handle");
+
+	if (torture_setting_bool(tctx, "samba3", false) ||
+	    torture_setting_bool(tctx, "samba4", false)) {
+		torture_skip(tctx,
+			     "Skipping broken binding handle check against Samba");
+	}
+
+	r.in.computer_name	= talloc_asprintf(tctx, "\\\\\\\\%s",
+						  dcerpc_server_name(p));
+
+	torture_comment(tctx,
+			"Testing netlogon request with broken binding handle: %s\n",
+			r.in.computer_name);
+
+	status = dcerpc_netr_DsRGetSiteName_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "Netlogon request with broken binding handle");
+	torture_assert_werr_equal(tctx, r.out.result,
+				  WERR_INVALID_COMPUTERNAME,
+				  "Netlogon request with broken binding handle");
+
+	r.in.computer_name	= "\\\\\\\\THIS_IS_NOT_VALID";
+
+	torture_comment(tctx,
+			"Testing netlogon request with broken binding handle: %s\n",
+			r.in.computer_name);
+
+	status = dcerpc_netr_DsRGetSiteName_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "Netlogon request with broken binding handle");
+	torture_assert_werr_equal(tctx, r.out.result,
+				  WERR_INVALID_COMPUTERNAME,
+				  "Netlogon request with broken binding handle");
+
+	return true;
+}
+
+static bool test_LogonUasLogon(struct torture_context *tctx,
+			       struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct netr_LogonUasLogon r;
+	struct netr_UasInfo *info = NULL;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.server_name = NULL;
+	r.in.account_name = cli_credentials_get_username(
+				samba_cmdline_get_creds());
+	r.in.workstation = TEST_MACHINE_NAME;
+	r.out.info = &info;
+
+	status = dcerpc_netr_LogonUasLogon_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "LogonUasLogon");
+
+	return true;
+}
+
+static bool test_LogonUasLogoff(struct torture_context *tctx,
+				struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct netr_LogonUasLogoff r;
+	struct netr_UasLogoffInfo info;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.server_name = NULL;
+	r.in.account_name = cli_credentials_get_username(
+				samba_cmdline_get_creds());
+	r.in.workstation = TEST_MACHINE_NAME;
+	r.out.info = &info;
+
+	status = dcerpc_netr_LogonUasLogoff_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "LogonUasLogoff");
+
+	return true;
+}
+
+bool test_SetupCredentials(struct dcerpc_pipe *p, struct torture_context *tctx,
+				  struct cli_credentials *credentials,
+				  struct netlogon_creds_CredentialState **creds_out)
+{
+	struct netr_ServerReqChallenge r;
+	struct netr_ServerAuthenticate a;
+	struct netr_Credential credentials1, credentials2, credentials3;
+	struct netlogon_creds_CredentialState *creds;
+	const struct samr_Password *mach_password;
+   	const char *machine_name;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	mach_password = cli_credentials_get_nt_hash(credentials, tctx);
+	machine_name = cli_credentials_get_workstation(credentials);
+
+	torture_comment(tctx, "Testing ServerReqChallenge\n");
+
+	r.in.server_name = NULL;
+	r.in.computer_name = machine_name;
+	r.in.credentials = &credentials1;
+	r.out.return_credentials = &credentials2;
+
+	netlogon_creds_random_challenge(&credentials1);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
+		"ServerReqChallenge failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed");
+
+	a.in.server_name = NULL;
+	a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
+	a.in.secure_channel_type = cli_credentials_get_secure_channel_type(credentials);
+	a.in.computer_name = machine_name;
+	a.in.credentials = &credentials3;
+	a.out.return_credentials = &credentials3;
+
+	creds = netlogon_creds_client_init(tctx, a.in.account_name,
+					   a.in.computer_name,
+					   a.in.secure_channel_type,
+					   &credentials1, &credentials2,
+					   mach_password, &credentials3,
+					   0);
+	torture_assert(tctx, creds != NULL, "memory allocation");
+
+
+	torture_comment(tctx, "Testing ServerAuthenticate\n");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate_r(b, tctx, &a),
+		"ServerAuthenticate failed");
+
+	/* This allows the tests to continue against the more fussy windows 2008 */
+	if (NT_STATUS_EQUAL(a.out.result, NT_STATUS_DOWNGRADE_DETECTED)) {
+		return test_SetupCredentials2(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS | NETLOGON_NEG_SUPPORTS_AES,
+					      credentials,
+					      cli_credentials_get_secure_channel_type(credentials),
+					      creds_out);
+	}
+
+	torture_assert_ntstatus_ok(tctx, a.out.result, "ServerAuthenticate");
+
+	torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3),
+		       "Credential chaining failed");
+
+	*creds_out = creds;
+	return true;
+}
+
+bool test_SetupCredentials2ex(struct dcerpc_pipe *p, struct torture_context *tctx,
+			      uint32_t negotiate_flags,
+			      struct cli_credentials *machine_credentials,
+			      const char *computer_name,
+			      enum netr_SchannelType sec_chan_type,
+			      NTSTATUS expected_result,
+			      struct netlogon_creds_CredentialState **creds_out)
+{
+	struct netr_ServerReqChallenge r;
+	struct netr_ServerAuthenticate2 a;
+	struct netr_Credential credentials1, credentials2, credentials3;
+	struct netlogon_creds_CredentialState *creds;
+	const struct samr_Password *mach_password;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	const char *account_name = cli_credentials_get_username(machine_credentials);
+
+	mach_password = cli_credentials_get_nt_hash(machine_credentials, tctx);
+
+	torture_comment(tctx, "Testing ServerReqChallenge\n");
+
+	r.in.server_name = NULL;
+	r.in.computer_name = computer_name;
+	r.in.credentials = &credentials1;
+	r.out.return_credentials = &credentials2;
+
+	netlogon_creds_random_challenge(&credentials1);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
+		"ServerReqChallenge failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed");
+
+	a.in.server_name = NULL;
+	a.in.account_name = account_name;
+	a.in.secure_channel_type = sec_chan_type;
+	a.in.computer_name = computer_name;
+	a.in.negotiate_flags = &negotiate_flags;
+	a.out.negotiate_flags = &negotiate_flags;
+	a.in.credentials = &credentials3;
+	a.out.return_credentials = &credentials3;
+
+	creds = netlogon_creds_client_init(tctx, a.in.account_name,
+					   a.in.computer_name,
+					   a.in.secure_channel_type,
+					   &credentials1, &credentials2,
+					   mach_password, &credentials3,
+					   negotiate_flags);
+
+	torture_assert(tctx, creds != NULL, "memory allocation");
+
+	torture_comment(tctx, "Testing ServerAuthenticate2\n");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate2_r(b, tctx, &a),
+		"ServerAuthenticate2 failed");
+	torture_assert_ntstatus_equal(tctx, a.out.result, expected_result,
+				      "ServerAuthenticate2 unexpected");
+
+	if (NT_STATUS_IS_OK(expected_result)) {
+		torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3),
+			       "Credential chaining failed");
+	} else {
+		torture_assert(tctx, !netlogon_creds_client_check(creds, &credentials3),
+			       "Credential chaining passed unexpected");
+	}
+
+	torture_comment(tctx, "negotiate_flags=0x%08x\n", negotiate_flags);
+
+	*creds_out = creds;
+	return true;
+}
+
+bool test_SetupCredentials2(struct dcerpc_pipe *p, struct torture_context *tctx,
+			    uint32_t negotiate_flags,
+			    struct cli_credentials *machine_credentials,
+			    enum netr_SchannelType sec_chan_type,
+			    struct netlogon_creds_CredentialState **creds_out)
+{
+	const char *computer_name =
+		cli_credentials_get_workstation(machine_credentials);
+
+	return test_SetupCredentials2ex(p, tctx, negotiate_flags,
+					machine_credentials,
+					computer_name,
+					sec_chan_type,
+					NT_STATUS_OK,
+					creds_out);
+}
+
+bool test_SetupCredentials3(struct dcerpc_pipe *p, struct torture_context *tctx,
+			    uint32_t negotiate_flags,
+			    struct cli_credentials *machine_credentials,
+			    struct netlogon_creds_CredentialState **creds_out)
+{
+	struct netr_ServerReqChallenge r;
+	struct netr_ServerAuthenticate3 a;
+	struct netr_Credential credentials1, credentials2, credentials3;
+	struct netlogon_creds_CredentialState *creds;
+	struct samr_Password mach_password;
+	uint32_t rid;
+	const char *machine_name;
+	const char *plain_pass;
+	struct dcerpc_binding_handle *b = NULL;
+
+	if (p == NULL) {
+		return false;
+	}
+
+	b = p->binding_handle;
+
+	machine_name = cli_credentials_get_workstation(machine_credentials);
+	torture_assert(tctx, machine_name != NULL, "machine_name");
+	plain_pass = cli_credentials_get_password(machine_credentials);
+	torture_assert(tctx, plain_pass != NULL, "plain_pass");
+
+	torture_comment(tctx, "Testing ServerReqChallenge\n");
+
+	r.in.server_name = NULL;
+	r.in.computer_name = machine_name;
+	r.in.credentials = &credentials1;
+	r.out.return_credentials = &credentials2;
+
+	netlogon_creds_random_challenge(&credentials1);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
+		"ServerReqChallenge failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed");
+
+	E_md4hash(plain_pass, mach_password.hash);
+
+	a.in.server_name = NULL;
+	a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
+	a.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
+	a.in.computer_name = machine_name;
+	a.in.negotiate_flags = &negotiate_flags;
+	a.in.credentials = &credentials3;
+	a.out.return_credentials = &credentials3;
+	a.out.negotiate_flags = &negotiate_flags;
+	a.out.rid = &rid;
+
+	creds = netlogon_creds_client_init(tctx, a.in.account_name,
+					   a.in.computer_name,
+					   a.in.secure_channel_type,
+					   &credentials1, &credentials2,
+					   &mach_password, &credentials3,
+					   negotiate_flags);
+
+	torture_assert(tctx, creds != NULL, "memory allocation");
+
+	torture_comment(tctx, "Testing ServerAuthenticate3\n");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate3_r(b, tctx, &a),
+		"ServerAuthenticate3 failed");
+	torture_assert_ntstatus_ok(tctx, a.out.result, "ServerAuthenticate3 failed");
+	torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3), "Credential chaining failed");
+
+	torture_comment(tctx, "negotiate_flags=0x%08x\n", negotiate_flags);
+
+	/* Prove that requesting a challenge again won't break it */
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
+		"ServerReqChallenge failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed");
+
+	*creds_out = creds;
+	return true;
+}
+
+bool test_SetupCredentialsDowngrade(struct torture_context *tctx,
+					struct dcerpc_pipe *p,
+					struct cli_credentials *machine_credentials)
+{
+	struct netr_ServerReqChallenge r;
+	struct netr_ServerAuthenticate3 a;
+	struct netr_Credential credentials1, credentials2, credentials3;
+	struct netlogon_creds_CredentialState *creds;
+	struct samr_Password mach_password;
+	uint32_t rid;
+	const char *machine_name;
+	const char *plain_pass;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	uint32_t negotiate_flags = 0;
+
+	machine_name = cli_credentials_get_workstation(machine_credentials);
+	torture_assert(tctx, machine_name != NULL, "machine_name");
+	plain_pass = cli_credentials_get_password(machine_credentials);
+	torture_assert(tctx, plain_pass != NULL, "plain_pass");
+
+	torture_comment(tctx, "Testing ServerReqChallenge\n");
+
+	r.in.server_name = NULL;
+	r.in.computer_name = machine_name;
+	r.in.credentials = &credentials1;
+	r.out.return_credentials = &credentials2;
+
+	netlogon_creds_random_challenge(&credentials1);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
+		"ServerReqChallenge failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed");
+
+	E_md4hash(plain_pass, mach_password.hash);
+
+	a.in.server_name = NULL;
+	a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
+	a.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
+	a.in.computer_name = machine_name;
+	a.in.negotiate_flags = &negotiate_flags;
+	a.in.credentials = &credentials3;
+	a.out.return_credentials = &credentials3;
+	a.out.negotiate_flags = &negotiate_flags;
+	a.out.rid = &rid;
+
+	creds = netlogon_creds_client_init(tctx, a.in.account_name,
+					   a.in.computer_name,
+					   a.in.secure_channel_type,
+					   &credentials1, &credentials2,
+					   &mach_password, &credentials3,
+					   negotiate_flags);
+
+	torture_assert(tctx, creds != NULL, "memory allocation");
+
+	torture_comment(tctx, "Testing ServerAuthenticate3\n");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate3_r(b, tctx, &a),
+		"ServerAuthenticate3 failed");
+	torture_assert_ntstatus_equal(tctx, a.out.result, NT_STATUS_DOWNGRADE_DETECTED, "ServerAuthenticate3 should have failed");
+
+	negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS | NETLOGON_NEG_SUPPORTS_AES;
+	creds = netlogon_creds_client_init(tctx, a.in.account_name,
+					   a.in.computer_name,
+					   a.in.secure_channel_type,
+					   &credentials1, &credentials2,
+					   &mach_password, &credentials3,
+					   negotiate_flags);
+
+	torture_assert(tctx, creds != NULL, "memory allocation");
+
+	torture_comment(tctx, "Testing ServerAuthenticate3\n");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate3_r(b, tctx, &a),
+		"ServerAuthenticate3 failed");
+	torture_assert_ntstatus_ok(tctx, a.out.result, "ServerAuthenticate3 should succeed");
+
+	torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3), "Credential chaining failed");
+
+	torture_comment(tctx, "negotiate_flags=0x%08x\n", negotiate_flags);
+
+	/* Prove that requesting a challenge again won't break it */
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
+		"ServerReqChallenge failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed");
+
+	return true;
+}
+
+bool test_SetupCredentialsPipe(const struct dcerpc_pipe *p1,
+			       struct torture_context *tctx,
+			       struct cli_credentials *machine_credentials,
+			       struct netlogon_creds_CredentialState *creds,
+			       uint32_t additional_flags,
+			       struct dcerpc_pipe **_p2)
+{
+	NTSTATUS status;
+	struct dcerpc_binding *b2 = NULL;
+	struct dcerpc_pipe *p2 = NULL;
+
+	b2 = dcerpc_binding_dup(tctx, p1->binding);
+	torture_assert(tctx, b2 != NULL, "dcerpc_binding_dup");
+	dcerpc_binding_set_flags(b2,
+				 DCERPC_SCHANNEL | additional_flags,
+				 DCERPC_AUTH_OPTIONS);
+
+	cli_credentials_set_netlogon_creds(machine_credentials, creds);
+	status = dcerpc_pipe_connect_b(tctx, &p2, b2,
+				       &ndr_table_netlogon,
+				       machine_credentials,
+				       tctx->ev, tctx->lp_ctx);
+	cli_credentials_set_netlogon_creds(machine_credentials, NULL);
+	torture_assert_ntstatus_ok(tctx, status, "dcerpc_pipe_connect_b schannel");
+
+	*_p2 = p2;
+	return true;
+}
+
+static bool test_ServerReqChallenge(
+	struct torture_context *tctx,
+	struct dcerpc_pipe *p,
+	struct cli_credentials *credentials)
+{
+	struct netr_ServerReqChallenge r;
+	struct netr_Credential credentials1, credentials2, credentials3;
+	const char *machine_name;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct netr_ServerAuthenticate2 a;
+	uint32_t in_negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS | NETLOGON_NEG_SUPPORTS_AES;
+	uint32_t out_negotiate_flags = 0;
+	const struct samr_Password *mach_password = NULL;
+	enum netr_SchannelType sec_chan_type = 0;
+	struct netlogon_creds_CredentialState *creds = NULL;
+	const char *account_name = NULL;
+
+	machine_name = cli_credentials_get_workstation(credentials);
+	mach_password = cli_credentials_get_nt_hash(credentials, tctx);
+	account_name = cli_credentials_get_username(credentials);
+	sec_chan_type = cli_credentials_get_secure_channel_type(credentials);
+
+	torture_comment(tctx, "Testing ServerReqChallenge\n");
+
+	r.in.server_name = NULL;
+	r.in.computer_name = machine_name;
+	r.in.credentials = &credentials1;
+	r.out.return_credentials = &credentials2;
+
+	netlogon_creds_random_challenge(&credentials1);
+
+	torture_assert_ntstatus_ok(
+		tctx,
+		dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
+		"ServerReqChallenge failed");
+	torture_assert_ntstatus_ok(
+		tctx,
+		r.out.result,
+		"ServerReqChallenge failed");
+	a.in.server_name = NULL;
+	a.in.account_name = account_name;
+	a.in.secure_channel_type = sec_chan_type;
+	a.in.computer_name = machine_name;
+	a.in.negotiate_flags = &in_negotiate_flags;
+	a.out.negotiate_flags = &out_negotiate_flags;
+	a.in.credentials = &credentials3;
+	a.out.return_credentials = &credentials3;
+
+	creds = netlogon_creds_client_init(tctx, a.in.account_name,
+					   a.in.computer_name,
+					   a.in.secure_channel_type,
+					   &credentials1, &credentials2,
+					   mach_password, &credentials3,
+					   in_negotiate_flags);
+
+	torture_assert(tctx, creds != NULL, "memory allocation");
+
+	torture_comment(tctx, "Testing ServerAuthenticate2\n");
+
+	torture_assert_ntstatus_ok(
+		tctx,
+		dcerpc_netr_ServerAuthenticate2_r(b, tctx, &a),
+		"ServerAuthenticate2 failed");
+	torture_assert_ntstatus_equal(
+		tctx,
+		a.out.result,
+		NT_STATUS_OK,
+		"ServerAuthenticate2 unexpected");
+
+	return true;
+}
+
+static bool test_ServerReqChallenge_zero_challenge(
+	struct torture_context *tctx,
+	struct dcerpc_pipe *p,
+	struct cli_credentials *credentials)
+{
+	struct netr_ServerReqChallenge r;
+	struct netr_Credential credentials1, credentials2, credentials3;
+	const char *machine_name;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct netr_ServerAuthenticate2 a;
+	uint32_t in_negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS | NETLOGON_NEG_SUPPORTS_AES;
+	uint32_t out_negotiate_flags = 0;
+	const struct samr_Password *mach_password = NULL;
+	enum netr_SchannelType sec_chan_type = 0;
+	struct netlogon_creds_CredentialState *creds = NULL;
+	const char *account_name = NULL;
+
+	machine_name = cli_credentials_get_workstation(credentials);
+	mach_password = cli_credentials_get_nt_hash(credentials, tctx);
+	account_name = cli_credentials_get_username(credentials);
+	sec_chan_type = cli_credentials_get_secure_channel_type(credentials);
+
+	torture_comment(tctx, "Testing ServerReqChallenge\n");
+
+	r.in.server_name = NULL;
+	r.in.computer_name = machine_name;
+	r.in.credentials = &credentials1;
+	r.out.return_credentials = &credentials2;
+
+	/*
+	 * Set the client challenge to zero, this should fail
+	 * CVE-2020-1472(ZeroLogon)
+	 * BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
+	 */
+	ZERO_STRUCT(credentials1);
+
+	torture_assert_ntstatus_ok(
+		tctx,
+		dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
+		"ServerReqChallenge failed");
+	torture_assert_ntstatus_ok(
+		tctx,
+		r.out.result,
+		"ServerReqChallenge failed");
+	a.in.server_name = NULL;
+	a.in.account_name = account_name;
+	a.in.secure_channel_type = sec_chan_type;
+	a.in.computer_name = machine_name;
+	a.in.negotiate_flags = &in_negotiate_flags;
+	a.out.negotiate_flags = &out_negotiate_flags;
+	a.in.credentials = &credentials3;
+	a.out.return_credentials = &credentials3;
+
+	creds = netlogon_creds_client_init(tctx, a.in.account_name,
+					   a.in.computer_name,
+					   a.in.secure_channel_type,
+					   &credentials1, &credentials2,
+					   mach_password, &credentials3,
+					   in_negotiate_flags);
+
+	torture_assert(tctx, creds != NULL, "memory allocation");
+
+	torture_comment(tctx, "Testing ServerAuthenticate2\n");
+
+	torture_assert_ntstatus_ok(
+		tctx,
+		dcerpc_netr_ServerAuthenticate2_r(b, tctx, &a),
+		"ServerAuthenticate2 failed");
+	torture_assert_ntstatus_equal(
+		tctx,
+		a.out.result,
+		NT_STATUS_ACCESS_DENIED,
+		"ServerAuthenticate2 unexpected");
+
+	return true;
+}
+
+static bool test_ServerReqChallenge_5_repeats(
+	struct torture_context *tctx,
+	struct dcerpc_pipe *p,
+	struct cli_credentials *credentials)
+{
+	struct netr_ServerReqChallenge r;
+	struct netr_Credential credentials1, credentials2, credentials3;
+	const char *machine_name;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct netr_ServerAuthenticate2 a;
+	uint32_t in_negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS | NETLOGON_NEG_SUPPORTS_AES;
+	uint32_t out_negotiate_flags = 0;
+	const struct samr_Password *mach_password = NULL;
+	enum netr_SchannelType sec_chan_type = 0;
+	struct netlogon_creds_CredentialState *creds = NULL;
+	const char *account_name = NULL;
+
+	machine_name = cli_credentials_get_workstation(credentials);
+	mach_password = cli_credentials_get_nt_hash(credentials, tctx);
+	account_name = cli_credentials_get_username(credentials);
+	sec_chan_type = cli_credentials_get_secure_channel_type(credentials);
+
+	torture_comment(tctx, "Testing ServerReqChallenge\n");
+
+	r.in.server_name = NULL;
+	r.in.computer_name = machine_name;
+	r.in.credentials = &credentials1;
+	r.out.return_credentials = &credentials2;
+
+	/*
+	 * Set the first 5 bytes of the client challenge to the same value,
+	 * this should fail CVE-2020-1472(ZeroLogon)
+	 * BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
+	 */
+	credentials1.data[0] = 'A';
+	credentials1.data[1] = 'A';
+	credentials1.data[2] = 'A';
+	credentials1.data[3] = 'A';
+	credentials1.data[4] = 'A';
+	credentials1.data[5] = 'B';
+	credentials1.data[6] = 'C';
+	credentials1.data[7] = 'D';
+
+	torture_assert_ntstatus_ok(
+		tctx,
+		dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
+		"ServerReqChallenge failed");
+	torture_assert_ntstatus_ok(
+		tctx,
+		r.out.result,
+		"ServerReqChallenge failed");
+	a.in.server_name = NULL;
+	a.in.account_name = account_name;
+	a.in.secure_channel_type = sec_chan_type;
+	a.in.computer_name = machine_name;
+	a.in.negotiate_flags = &in_negotiate_flags;
+	a.out.negotiate_flags = &out_negotiate_flags;
+	a.in.credentials = &credentials3;
+	a.out.return_credentials = &credentials3;
+
+	creds = netlogon_creds_client_init(tctx, a.in.account_name,
+					   a.in.computer_name,
+					   a.in.secure_channel_type,
+					   &credentials1, &credentials2,
+					   mach_password, &credentials3,
+					   in_negotiate_flags);
+
+	torture_assert(tctx, creds != NULL, "memory allocation");
+
+	torture_comment(tctx, "Testing ServerAuthenticate2\n");
+
+	torture_assert_ntstatus_ok(
+		tctx,
+		dcerpc_netr_ServerAuthenticate2_r(b, tctx, &a),
+		"ServerAuthenticate2 failed");
+	torture_assert_ntstatus_equal(
+		tctx,
+		a.out.result,
+		NT_STATUS_ACCESS_DENIED,
+		"ServerAuthenticate2 unexpected");
+
+	return true;
+}
+
+static bool test_ServerReqChallenge_4_repeats(
+	struct torture_context *tctx,
+	struct dcerpc_pipe *p,
+	struct cli_credentials *credentials)
+{
+	struct netr_ServerReqChallenge r;
+	struct netr_Credential credentials1, credentials2, credentials3;
+	const char *machine_name;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct netr_ServerAuthenticate2 a;
+	uint32_t in_negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS | NETLOGON_NEG_SUPPORTS_AES;
+	uint32_t out_negotiate_flags = 0;
+	const struct samr_Password *mach_password = NULL;
+	enum netr_SchannelType sec_chan_type = 0;
+	struct netlogon_creds_CredentialState *creds = NULL;
+	const char *account_name = NULL;
+
+	machine_name = cli_credentials_get_workstation(credentials);
+	mach_password = cli_credentials_get_nt_hash(credentials, tctx);
+	account_name = cli_credentials_get_username(credentials);
+	sec_chan_type = cli_credentials_get_secure_channel_type(credentials);
+
+	torture_comment(tctx, "Testing ServerReqChallenge\n");
+
+	r.in.server_name = NULL;
+	r.in.computer_name = machine_name;
+	r.in.credentials = &credentials1;
+	r.out.return_credentials = &credentials2;
+
+	/*
+	 * Set the first 4 bytes of the client challenge to the same
+	 * value, this should pass as 5 bytes identical are needed to
+	 * fail for CVE-2020-1472(ZeroLogon)
+	 *
+	 * BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
+	 */
+	credentials1.data[0] = 'A';
+	credentials1.data[1] = 'A';
+	credentials1.data[2] = 'A';
+	credentials1.data[3] = 'A';
+	credentials1.data[4] = 'B';
+	credentials1.data[5] = 'C';
+	credentials1.data[6] = 'D';
+	credentials1.data[7] = 'E';
+
+	torture_assert_ntstatus_ok(
+		tctx,
+		dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
+		"ServerReqChallenge failed");
+	torture_assert_ntstatus_ok(
+		tctx,
+		r.out.result,
+		"ServerReqChallenge failed");
+	a.in.server_name = NULL;
+	a.in.account_name = account_name;
+	a.in.secure_channel_type = sec_chan_type;
+	a.in.computer_name = machine_name;
+	a.in.negotiate_flags = &in_negotiate_flags;
+	a.out.negotiate_flags = &out_negotiate_flags;
+	a.in.credentials = &credentials3;
+	a.out.return_credentials = &credentials3;
+
+	creds = netlogon_creds_client_init(tctx, a.in.account_name,
+					   a.in.computer_name,
+					   a.in.secure_channel_type,
+					   &credentials1, &credentials2,
+					   mach_password, &credentials3,
+					   in_negotiate_flags);
+
+	torture_assert(tctx, creds != NULL, "memory allocation");
+
+	torture_comment(tctx, "Testing ServerAuthenticate2\n");
+
+	torture_assert_ntstatus_ok(
+		tctx,
+		dcerpc_netr_ServerAuthenticate2_r(b, tctx, &a),
+		"ServerAuthenticate2 failed");
+	torture_assert_ntstatus_equal(
+		tctx,
+		a.out.result,
+		NT_STATUS_OK,
+		"ServerAuthenticate2 unexpected");
+
+	return true;
+}
+
+/*
+ * Establish a NetLogon session, using a session key that encrypts the
+ * target character to zero
+ */
+static bool test_ServerAuthenticate2_encrypts_to_zero(
+	struct torture_context *tctx,
+	struct dcerpc_pipe *p,
+	struct cli_credentials *machine_credentials,
+	const char target,
+	struct netlogon_creds_CredentialState **creds_out)
+{
+	const char *computer_name =
+		cli_credentials_get_workstation(machine_credentials);
+	struct netr_ServerReqChallenge r;
+	struct netr_ServerAuthenticate2 a;
+	struct netr_Credential credentials1, credentials2, credentials3;
+	struct netlogon_creds_CredentialState *creds  = NULL;
+	const struct samr_Password *mach_password;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	const char *account_name = cli_credentials_get_username(
+		machine_credentials);
+	uint32_t flags =
+		NETLOGON_NEG_AUTH2_ADS_FLAGS |
+		NETLOGON_NEG_SUPPORTS_AES;
+	enum netr_SchannelType sec_chan_type =
+		cli_credentials_get_secure_channel_type(machine_credentials);
+	/*
+	 * Limit the number of attempts to generate a suitable session key.
+	 */
+	const unsigned MAX_ITER = 4096;
+	unsigned i = 0;
+
+	mach_password = cli_credentials_get_nt_hash(machine_credentials, tctx);
+
+	r.in.server_name = NULL;
+	r.in.computer_name = computer_name;
+	r.in.credentials = &credentials1;
+	r.out.return_credentials = &credentials2;
+
+	netlogon_creds_random_challenge(&credentials1);
+	credentials1.data[0] = target;
+	i = 0;
+	torture_comment(tctx, "Generating candidate session keys\n");
+	do {
+		TALLOC_FREE(creds);
+		i++;
+
+		torture_assert_ntstatus_ok(
+			tctx,
+			dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
+			"ServerReqChallenge failed");
+		torture_assert_ntstatus_ok(
+			tctx,
+			r.out.result,
+			"ServerReqChallenge failed");
+
+		a.in.server_name = NULL;
+		a.in.account_name = account_name;
+		a.in.secure_channel_type = sec_chan_type;
+		a.in.computer_name = computer_name;
+		a.in.negotiate_flags = &flags;
+		a.out.negotiate_flags = &flags;
+		a.in.credentials = &credentials3;
+		a.out.return_credentials = &credentials3;
+
+		creds = netlogon_creds_client_init(
+			tctx,
+			a.in.account_name,
+			a.in.computer_name,
+			a.in.secure_channel_type,
+			&credentials1,
+			&credentials2,
+			mach_password,
+			&credentials3,
+			flags);
+
+		torture_assert(tctx, creds != NULL, "memory allocation");
+	} while (credentials3.data[0] != 0 && i < MAX_ITER);
+
+	if (i >= MAX_ITER) {
+		torture_comment(
+			tctx,
+			"Unable to obtain a suitable session key, "
+			"after [%u] attempts\n",
+			i);
+		torture_fail(tctx, "Unable to obtain suitable session key");
+	}
+
+	torture_assert_ntstatus_ok(
+		tctx,
+		dcerpc_netr_ServerAuthenticate2_r(b, tctx, &a),
+		"ServerAuthenticate2 failed");
+	torture_assert_ntstatus_equal(
+		tctx,
+		a.out.result,
+		NT_STATUS_OK,
+		"ServerAuthenticate2 unexpected result code");
+
+	*creds_out = creds;
+	return true;
+}
+
+/*
+  try a change password for our machine account
+*/
+static bool test_SetPassword(struct torture_context *tctx,
+			     struct dcerpc_pipe *p,
+			     struct cli_credentials *machine_credentials)
+{
+	struct netr_ServerPasswordSet r;
+	const char *password;
+	struct netlogon_creds_CredentialState *creds;
+	struct netr_Authenticator credential, return_authenticator;
+	struct samr_Password new_password;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
+		return false;
+	}
+
+	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
+	r.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
+	r.in.computer_name = TEST_MACHINE_NAME;
+	r.in.credential = &credential;
+	r.in.new_password = &new_password;
+	r.out.return_authenticator = &return_authenticator;
+
+	password = generate_random_password(tctx, 8, 255);
+	E_md4hash(password, new_password.hash);
+
+	netlogon_creds_des_encrypt(creds, &new_password);
+
+	torture_comment(tctx, "Testing ServerPasswordSet on machine account\n");
+	torture_comment(tctx, "Changing machine account password to '%s'\n",
+			password);
+
+	netlogon_creds_client_authenticator(creds, &credential);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet_r(b, tctx, &r),
+		"ServerPasswordSet failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet failed");
+
+	if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
+		torture_comment(tctx, "Credential chaining failed\n");
+	}
+
+	/* by changing the machine password twice we test the
+	   credentials chaining fully, and we verify that the server
+	   allows the password to be set to the same value twice in a
+	   row (match win2k3) */
+	torture_comment(tctx,
+		"Testing a second ServerPasswordSet on machine account\n");
+	torture_comment(tctx,
+		"Changing machine account password to '%s' (same as previous run)\n", password);
+
+	netlogon_creds_client_authenticator(creds, &credential);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet_r(b, tctx, &r),
+		"ServerPasswordSet (2) failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet (2) failed");
+
+	if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
+		torture_comment(tctx, "Credential chaining failed\n");
+	}
+
+	cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
+
+	torture_assert(tctx,
+		test_SetupCredentials(p, tctx, machine_credentials, &creds),
+		"ServerPasswordSet failed to actually change the password");
+
+	return true;
+}
+
+/*
+  try a change password for our machine account
+*/
+static bool test_SetPassword_flags(struct torture_context *tctx,
+				   struct dcerpc_pipe *p1,
+				   struct cli_credentials *machine_credentials,
+				   uint32_t negotiate_flags)
+{
+	struct netr_ServerPasswordSet r;
+	const char *password;
+	struct netlogon_creds_CredentialState *creds;
+	struct netr_Authenticator credential, return_authenticator;
+	struct samr_Password new_password;
+	struct dcerpc_pipe *p = NULL;
+	struct dcerpc_binding_handle *b = NULL;
+
+	if (!test_SetupCredentials2(p1, tctx, negotiate_flags,
+				    machine_credentials,
+				    cli_credentials_get_secure_channel_type(machine_credentials),
+				    &creds)) {
+		return false;
+	}
+	if (!test_SetupCredentialsPipe(p1, tctx, machine_credentials, creds,
+				       DCERPC_SIGN | DCERPC_SEAL, &p)) {
+		return false;
+	}
+	b = p->binding_handle;
+
+	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
+	r.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
+	r.in.computer_name = TEST_MACHINE_NAME;
+	r.in.credential = &credential;
+	r.in.new_password = &new_password;
+	r.out.return_authenticator = &return_authenticator;
+
+	password = generate_random_password(tctx, 8, 255);
+	E_md4hash(password, new_password.hash);
+
+	netlogon_creds_des_encrypt(creds, &new_password);
+
+	torture_comment(tctx, "Testing ServerPasswordSet on machine account\n");
+	torture_comment(tctx, "Changing machine account password to '%s'\n",
+			password);
+
+	netlogon_creds_client_authenticator(creds, &credential);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet_r(b, tctx, &r),
+		"ServerPasswordSet failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet failed");
+
+	if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
+		torture_comment(tctx, "Credential chaining failed\n");
+	}
+
+	/* by changing the machine password twice we test the
+	   credentials chaining fully, and we verify that the server
+	   allows the password to be set to the same value twice in a
+	   row (match win2k3) */
+	torture_comment(tctx,
+		"Testing a second ServerPasswordSet on machine account\n");
+	torture_comment(tctx,
+		"Changing machine account password to '%s' (same as previous run)\n", password);
+
+	netlogon_creds_client_authenticator(creds, &credential);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet_r(b, tctx, &r),
+		"ServerPasswordSet (2) failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet (2) failed");
+
+	if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
+		torture_comment(tctx, "Credential chaining failed\n");
+	}
+
+	cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
+
+	torture_assert(tctx,
+		test_SetupCredentials(p, tctx, machine_credentials, &creds),
+		"ServerPasswordSet failed to actually change the password");
+
+	return true;
+}
+
+
+/*
+  generate a random password for password change tests
+*/
+static DATA_BLOB netlogon_very_rand_pass(TALLOC_CTX *mem_ctx, int len)
+{
+	int i;
+	DATA_BLOB password = data_blob_talloc(mem_ctx, NULL, len * 2 /* number of unicode chars */);
+	generate_random_buffer(password.data, password.length);
+
+	for (i=0; i < len; i++) {
+		if (((uint16_t *)password.data)[i] == 0) {
+			((uint16_t *)password.data)[i] = 1;
+		}
+	}
+
+	return password;
+}
+
+/*
+  try a change password for our machine account
+*/
+static bool test_SetPassword2_with_flags(struct torture_context *tctx,
+					 struct dcerpc_pipe *p1,
+					 struct cli_credentials *machine_credentials,
+					 uint32_t flags)
+{
+	struct netr_ServerPasswordSet2 r;
+	const char *password;
+	DATA_BLOB new_random_pass;
+	struct netlogon_creds_CredentialState *creds;
+	struct samr_CryptPassword password_buf;
+	struct samr_Password nt_hash;
+	struct netr_Authenticator credential, return_authenticator;
+	struct netr_CryptPassword new_password;
+	struct dcerpc_pipe *p = NULL;
+	struct dcerpc_binding_handle *b = NULL;
+
+	if (!test_SetupCredentials2(p1, tctx, flags, machine_credentials,
+				    cli_credentials_get_secure_channel_type(machine_credentials),
+				    &creds)) {
+		return false;
+	}
+	if (!test_SetupCredentialsPipe(p1, tctx, machine_credentials, creds,
+				       DCERPC_SIGN | DCERPC_SEAL, &p)) {
+		return false;
+	}
+	b = p->binding_handle;
+
+	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
+	r.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
+	r.in.computer_name = TEST_MACHINE_NAME;
+	r.in.credential = &credential;
+	r.in.new_password = &new_password;
+	r.out.return_authenticator = &return_authenticator;
+
+	password = generate_random_password(tctx, 8, 255);
+	encode_pw_buffer(password_buf.data, password, STR_UNICODE);
+	if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+		netlogon_creds_aes_encrypt(creds, password_buf.data, 516);
+	} else {
+		netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
+	}
+
+	memcpy(new_password.data, password_buf.data, 512);
+	new_password.length = IVAL(password_buf.data, 512);
+
+	torture_comment(tctx, "Testing ServerPasswordSet2 on machine account\n");
+	torture_comment(tctx, "Changing machine account password to '%s'\n", password);
+
+	netlogon_creds_client_authenticator(creds, &credential);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
+		"ServerPasswordSet2 failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet2 failed");
+
+	if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
+		torture_comment(tctx, "Credential chaining failed\n");
+	}
+
+	cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
+
+	/*
+	 * As a consequence of CVE-2020-1472(ZeroLogon)
+	 * Samba explicitly disallows the setting of an empty machine account
+	 * password.
+	 *
+	 * Note that this may fail against Windows, and leave a machine account
+	 * with an empty password.
+	 */
+	password = "";
+	encode_pw_buffer(password_buf.data, password, STR_UNICODE);
+	if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+		netlogon_creds_aes_encrypt(creds, password_buf.data, 516);
+	} else {
+		netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
+	}
+	memcpy(new_password.data, password_buf.data, 512);
+	new_password.length = IVAL(password_buf.data, 512);
+
+	torture_comment(tctx,
+		"Testing ServerPasswordSet2 on machine account\n");
+	torture_comment(tctx,
+		"Changing machine account password to '%s'\n", password);
+
+	netlogon_creds_client_authenticator(creds, &credential);
+
+	torture_assert_ntstatus_ok(
+		tctx, dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
+		"ServerPasswordSet2 failed");
+	torture_assert_ntstatus_equal(
+		tctx,
+		r.out.result,
+		NT_STATUS_WRONG_PASSWORD,
+		"ServerPasswordSet2 did not return NT_STATUS_WRONG_PASSWORD");
+
+	/* now try a random password */
+	password = generate_random_password(tctx, 8, 255);
+	encode_pw_buffer(password_buf.data, password, STR_UNICODE);
+	if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+		netlogon_creds_aes_encrypt(creds, password_buf.data, 516);
+	} else {
+		netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
+	}
+	memcpy(new_password.data, password_buf.data, 512);
+	new_password.length = IVAL(password_buf.data, 512);
+
+	torture_comment(tctx, "Testing second ServerPasswordSet2 on machine account\n");
+	torture_comment(tctx, "Changing machine account password to '%s'\n", password);
+
+	netlogon_creds_client_authenticator(creds, &credential);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
+		"ServerPasswordSet2 (2) failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet2 (2) failed");
+
+	if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
+		torture_comment(tctx, "Credential chaining failed\n");
+	}
+
+	/* by changing the machine password twice we test the
+	   credentials chaining fully, and we verify that the server
+	   allows the password to be set to the same value twice in a
+	   row (match win2k3) */
+	torture_comment(tctx,
+		"Testing a second ServerPasswordSet2 on machine account\n");
+	torture_comment(tctx,
+		"Changing machine account password to '%s' (same as previous run)\n", password);
+
+	netlogon_creds_client_authenticator(creds, &credential);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
+		"ServerPasswordSet (3) failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet (3) failed");
+
+	if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
+		torture_comment(tctx, "Credential chaining failed\n");
+	}
+
+	cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
+
+	torture_assert (tctx,
+		test_SetupCredentials(p, tctx, machine_credentials, &creds),
+		"ServerPasswordSet failed to actually change the password");
+
+	new_random_pass = netlogon_very_rand_pass(tctx, 128);
+
+	/* now try a random stream of bytes for a password */
+	set_pw_in_buffer(password_buf.data, &new_random_pass);
+
+	if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+		netlogon_creds_aes_encrypt(creds, password_buf.data, 516);
+	} else {
+		netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
+	}
+
+	memcpy(new_password.data, password_buf.data, 512);
+	new_password.length = IVAL(password_buf.data, 512);
+
+	torture_comment(tctx,
+		"Testing a third ServerPasswordSet2 on machine account, with a completely random password\n");
+
+	netlogon_creds_client_authenticator(creds, &credential);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
+		"ServerPasswordSet (3) failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet (3) failed");
+
+	if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
+		torture_comment(tctx, "Credential chaining failed\n");
+	}
+
+	mdfour(nt_hash.hash, new_random_pass.data, new_random_pass.length);
+
+	cli_credentials_set_password(machine_credentials, NULL, CRED_UNINITIALISED);
+	cli_credentials_set_nt_hash(machine_credentials, &nt_hash, CRED_SPECIFIED);
+
+	torture_assert (tctx,
+		test_SetupCredentials(p, tctx, machine_credentials, &creds),
+		"ServerPasswordSet failed to actually change the password");
+
+	return true;
+}
+
+/*
+  try to change the password of our machine account using a buffer of all zeros,
+  and a session key that encrypts that to all zeros.
+
+Note: The test does use sign and seal, it's purpose is to exercise
+      the detection code in dcesrv_netr_ServerPasswordSet2
+*/
+static bool test_SetPassword2_encrypted_to_all_zeros(
+	struct torture_context *tctx,
+	struct dcerpc_pipe *p1,
+	struct cli_credentials *machine_credentials)
+{
+	struct netr_ServerPasswordSet2 r;
+	struct netlogon_creds_CredentialState *creds;
+	struct samr_CryptPassword password_buf;
+	struct netr_Authenticator credential, return_authenticator;
+	struct netr_CryptPassword new_password;
+	struct dcerpc_pipe *p = NULL;
+	struct dcerpc_binding_handle *b = NULL;
+
+	if (!test_ServerAuthenticate2_encrypts_to_zero(
+		tctx,
+		p1,
+		machine_credentials,
+		'\0',
+		&creds)) {
+
+		return false;
+	}
+
+	if (!test_SetupCredentialsPipe(
+		p1,
+		tctx,
+		machine_credentials,
+		creds,
+		DCERPC_SIGN | DCERPC_SEAL,
+		&p))
+	{
+		return false;
+	}
+	b = p->binding_handle;
+
+	r.in.server_name = talloc_asprintf(
+		tctx,
+		"\\\\%s", dcerpc_server_name(p));
+	r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
+	r.in.secure_channel_type =
+		cli_credentials_get_secure_channel_type(machine_credentials);
+	r.in.computer_name = TEST_MACHINE_NAME;
+	r.in.credential = &credential;
+	r.in.new_password = &new_password;
+	r.out.return_authenticator = &return_authenticator;
+
+	ZERO_STRUCT(password_buf);
+
+	if (!(creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES)) {
+		torture_fail(tctx, "NETLOGON_NEG_SUPPORTS_AES not set");
+	}
+	netlogon_creds_aes_encrypt(creds, password_buf.data, 516);
+	if(!all_zero(password_buf.data, 516)) {
+		torture_fail(tctx, "Password did not encrypt to all zeros\n");
+	}
+
+	memcpy(new_password.data, password_buf.data, 512);
+	new_password.length = IVAL(password_buf.data, 512);
+	torture_assert_int_equal(
+		tctx,
+		new_password.length,
+		0,
+		"Length should have encrypted to 0");
+
+	netlogon_creds_client_authenticator(creds, &credential);
+
+	torture_assert_ntstatus_ok(
+		tctx,
+		dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
+		"ServerPasswordSet2 zero length check failed");
+	torture_assert_ntstatus_equal(
+		tctx, r.out.result, NT_STATUS_WRONG_PASSWORD, "");
+
+	return true;
+}
+
+/*
+ * Choose a session key that encrypts a password of all zeros to all zeros.
+ * Then try to set the password, using a zeroed buffer, with a non zero
+ * length.
+ *
+ * This exercises the password self encryption check.
+ *
+ * Note: The test does use sign and seal, it's purpose is to exercise
+ *     the detection code in dcesrv_netr_ServerPasswordSet2
+*/
+static bool test_SetPassword2_password_encrypts_to_zero(
+	struct torture_context *tctx,
+	struct dcerpc_pipe *p1,
+	struct cli_credentials *machine_credentials)
+{
+	struct netr_ServerPasswordSet2 r;
+	struct netlogon_creds_CredentialState *creds;
+	struct samr_CryptPassword password_buf;
+	struct netr_Authenticator credential, return_authenticator;
+	struct netr_CryptPassword new_password;
+	struct dcerpc_pipe *p = NULL;
+	struct dcerpc_binding_handle *b = NULL;
+
+	if (!test_ServerAuthenticate2_encrypts_to_zero(
+		tctx,
+		p1,
+		machine_credentials,
+		0x00,
+		&creds)) {
+
+		return false;
+	}
+
+	if (!test_SetupCredentialsPipe(
+		p1,
+		tctx,
+		machine_credentials,
+		creds,
+		DCERPC_SIGN | DCERPC_SEAL,
+		&p))
+	{
+		return false;
+	}
+	b = p->binding_handle;
+
+	r.in.server_name = talloc_asprintf(
+		tctx,
+		"\\\\%s", dcerpc_server_name(p));
+	r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
+	r.in.secure_channel_type =
+		cli_credentials_get_secure_channel_type(machine_credentials);
+	r.in.computer_name = TEST_MACHINE_NAME;
+	r.in.credential = &credential;
+	r.in.new_password = &new_password;
+	r.out.return_authenticator = &return_authenticator;
+
+	ZERO_STRUCT(password_buf);
+	SIVAL(password_buf.data, 512, 512);
+
+	if (!(creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES)) {
+		torture_fail(tctx, "NETLOGON_NEG_SUPPORTS_AES not set");
+	}
+	netlogon_creds_aes_encrypt(creds, password_buf.data, 516);
+
+	memcpy(new_password.data, password_buf.data, 512);
+	new_password.length = IVAL(password_buf.data, 512);
+
+	netlogon_creds_client_authenticator(creds, &credential);
+
+	torture_assert_ntstatus_ok(
+		tctx,
+		dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
+		"ServerPasswordSet2 password encrypts to zero check failed");
+	torture_assert_ntstatus_equal(
+		tctx, r.out.result, NT_STATUS_WRONG_PASSWORD, "");
+
+	return true;
+}
+
+/*
+ * Check that an all zero confounder, that encrypts to all zeros is
+ * rejected.
+ *
+ * Note: The test does use sign and seal, it's purpose is to exercise
+ *       the detection code in dcesrv_netr_ServerPasswordSet2
+ */
+static bool test_SetPassword2_confounder(
+	struct torture_context *tctx,
+	struct dcerpc_pipe *p1,
+	struct cli_credentials *machine_credentials)
+{
+	struct netr_ServerPasswordSet2 r;
+	struct netlogon_creds_CredentialState *creds;
+	struct samr_CryptPassword password_buf;
+	struct netr_Authenticator credential, return_authenticator;
+	struct netr_CryptPassword new_password;
+	struct dcerpc_pipe *p = NULL;
+	struct dcerpc_binding_handle *b = NULL;
+
+	if (!test_ServerAuthenticate2_encrypts_to_zero(
+		tctx,
+		p1,
+		machine_credentials,
+		'\0',
+		&creds)) {
+
+		return false;
+	}
+
+	if (!test_SetupCredentialsPipe(
+		p1,
+		tctx,
+		machine_credentials,
+		creds,
+		DCERPC_SIGN | DCERPC_SEAL,
+		&p))
+	{
+		return false;
+	}
+	b = p->binding_handle;
+
+	r.in.server_name = talloc_asprintf(
+		tctx,
+		"\\\\%s", dcerpc_server_name(p));
+	r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
+	r.in.secure_channel_type =
+		cli_credentials_get_secure_channel_type(machine_credentials);
+	r.in.computer_name = TEST_MACHINE_NAME;
+	r.in.credential = &credential;
+	r.in.new_password = &new_password;
+	r.out.return_authenticator = &return_authenticator;
+
+	ZERO_STRUCT(password_buf);
+	password_buf.data[511] = 'A';
+	SIVAL(password_buf.data, 512, 2);
+
+	if (!(creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES)) {
+		torture_fail(tctx, "NETLOGON_NEG_SUPPORTS_AES not set");
+	}
+	netlogon_creds_aes_encrypt(creds, password_buf.data, 516);
+
+	memcpy(new_password.data, password_buf.data, 512);
+	new_password.length = IVAL(password_buf.data, 512);
+
+	netlogon_creds_client_authenticator(creds, &credential);
+
+	torture_assert_ntstatus_ok(
+		tctx,
+		dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
+		"ServerPasswordSet2 confounder check failed");
+	torture_assert_ntstatus_equal(
+		tctx, r.out.result, NT_STATUS_WRONG_PASSWORD, "");
+
+	return true;
+}
+
+/*
+ * try a change password for our machine account, using an all zero
+ *  request. This should fail on the zero length check.
+ *
+ * Note: This test uses ARC4 encryption to exercise the desired check.
+ */
+static bool test_SetPassword2_all_zeros(
+	struct torture_context *tctx,
+	struct dcerpc_pipe *p1,
+	struct cli_credentials *machine_credentials)
+{
+	struct netr_ServerPasswordSet2 r;
+	struct netlogon_creds_CredentialState *creds;
+	struct samr_CryptPassword password_buf;
+	struct netr_Authenticator credential, return_authenticator;
+	struct netr_CryptPassword new_password;
+	struct dcerpc_pipe *p = NULL;
+	struct dcerpc_binding_handle *b = NULL;
+	uint32_t flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; /* no AES desired here */
+
+	if (!test_SetupCredentials2(
+		p1,
+		tctx,
+		flags,
+		machine_credentials,
+		cli_credentials_get_secure_channel_type(machine_credentials),
+		&creds))
+	{
+		return false;
+	}
+	if (!test_SetupCredentialsPipe(
+		p1,
+		tctx,
+		machine_credentials,
+		creds,
+		DCERPC_SIGN | DCERPC_SEAL,
+		&p))
+	{
+		return false;
+	}
+	b = p->binding_handle;
+
+	r.in.server_name = talloc_asprintf(
+		tctx,
+		"\\\\%s", dcerpc_server_name(p));
+	r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
+	r.in.secure_channel_type =
+		cli_credentials_get_secure_channel_type(machine_credentials);
+	r.in.computer_name = TEST_MACHINE_NAME;
+	r.in.credential = &credential;
+	r.in.new_password = &new_password;
+	r.out.return_authenticator = &return_authenticator;
+
+	ZERO_STRUCT(password_buf.data);
+	if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+		torture_fail(tctx, "NETLOGON_NEG_SUPPORTS_AES enabled\n");
+	}
+	netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
+
+	memcpy(new_password.data, password_buf.data, 512);
+	new_password.length = IVAL(password_buf.data, 512);
+
+	torture_comment(
+		tctx,
+		"Testing ServerPasswordSet2 on machine account\n");
+
+	netlogon_creds_client_authenticator(creds, &credential);
+
+	torture_assert_ntstatus_ok(
+		tctx,
+		dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
+		"ServerPasswordSet2 zero length check failed");
+	torture_assert_ntstatus_equal(
+		tctx, r.out.result, NT_STATUS_WRONG_PASSWORD, "");
+
+	return true;
+}
+
+/*
+  try a change password for our machine account, using a maximum length
+  password
+*/
+static bool test_SetPassword2_maximum_length_password(
+	struct torture_context *tctx,
+	struct dcerpc_pipe *p1,
+	struct cli_credentials *machine_credentials)
+{
+	struct netr_ServerPasswordSet2 r;
+	struct netlogon_creds_CredentialState *creds;
+	struct samr_CryptPassword password_buf;
+	struct netr_Authenticator credential, return_authenticator;
+	struct netr_CryptPassword new_password;
+	struct dcerpc_pipe *p = NULL;
+	struct dcerpc_binding_handle *b = NULL;
+	uint32_t flags = NETLOGON_NEG_AUTH2_ADS_FLAGS | NETLOGON_NEG_SUPPORTS_AES;
+	DATA_BLOB new_random_pass = data_blob_null;
+
+	if (!test_SetupCredentials2(
+		p1,
+		tctx,
+		flags,
+		machine_credentials,
+		cli_credentials_get_secure_channel_type(machine_credentials),
+		&creds))
+	{
+		return false;
+	}
+	if (!test_SetupCredentialsPipe(
+		p1,
+		tctx,
+		machine_credentials,
+		creds,
+		DCERPC_SIGN | DCERPC_SEAL,
+		&p))
+	{
+		return false;
+	}
+	b = p->binding_handle;
+
+	r.in.server_name = talloc_asprintf(
+		tctx,
+		"\\\\%s", dcerpc_server_name(p));
+	r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
+	r.in.secure_channel_type =
+		cli_credentials_get_secure_channel_type(machine_credentials);
+	r.in.computer_name = TEST_MACHINE_NAME;
+	r.in.credential = &credential;
+	r.in.new_password = &new_password;
+	r.out.return_authenticator = &return_authenticator;
+
+	new_random_pass = netlogon_very_rand_pass(tctx, 256);
+	set_pw_in_buffer(password_buf.data, &new_random_pass);
+	SIVAL(password_buf.data, 512, 512);
+	if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+		netlogon_creds_aes_encrypt(creds, password_buf.data, 516);
+	} else {
+		netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
+	}
+
+	memcpy(new_password.data, password_buf.data, 512);
+	new_password.length = IVAL(password_buf.data, 512);
+
+	torture_comment(
+		tctx,
+		"Testing ServerPasswordSet2 on machine account\n");
+
+	netlogon_creds_client_authenticator(creds, &credential);
+
+	torture_assert_ntstatus_ok(
+		tctx,
+		dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
+		"ServerPasswordSet2 zero length check failed");
+	torture_assert_ntstatus_equal(
+		tctx, r.out.result, NT_STATUS_OK, "");
+
+	return true;
+}
+
+/*
+  try a change password for our machine account, using a password of
+  all zeros, and a non zero password length.
+
+  This test relies on the buffer being encrypted with ARC4, to
+  trigger the appropriate check in the rpc server code
+*/
+static bool test_SetPassword2_all_zero_password(
+	struct torture_context *tctx,
+	struct dcerpc_pipe *p1,
+	struct cli_credentials *machine_credentials)
+{
+	struct netr_ServerPasswordSet2 r;
+	struct netlogon_creds_CredentialState *creds;
+	struct samr_CryptPassword password_buf;
+	struct netr_Authenticator credential, return_authenticator;
+	struct netr_CryptPassword new_password;
+	struct dcerpc_pipe *p = NULL;
+	struct dcerpc_binding_handle *b = NULL;
+	uint32_t flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; /* no AES desired here */
+
+	if (!test_SetupCredentials2(
+		p1,
+		tctx,
+		flags,
+		machine_credentials,
+		cli_credentials_get_secure_channel_type(machine_credentials),
+		&creds))
+	{
+		return false;
+	}
+	if (!test_SetupCredentialsPipe(
+		p1,
+		tctx,
+		machine_credentials,
+		creds,
+		DCERPC_SIGN | DCERPC_SEAL,
+		&p))
+	{
+		return false;
+	}
+	b = p->binding_handle;
+
+	r.in.server_name = talloc_asprintf(
+		tctx,
+		"\\\\%s", dcerpc_server_name(p));
+	r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
+	r.in.secure_channel_type =
+		cli_credentials_get_secure_channel_type(machine_credentials);
+	r.in.computer_name = TEST_MACHINE_NAME;
+	r.in.credential = &credential;
+	r.in.new_password = &new_password;
+	r.out.return_authenticator = &return_authenticator;
+
+	ZERO_STRUCT(password_buf.data);
+	SIVAL(password_buf.data, 512, 128);
+	if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+		torture_fail(tctx, "NETLOGON_NEG_SUPPORTS_AES set");
+	}
+	netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
+
+	memcpy(new_password.data, password_buf.data, 512);
+	new_password.length = IVAL(password_buf.data, 512);
+
+	torture_comment(
+		tctx,
+		"Testing ServerPasswordSet2 on machine account\n");
+
+	netlogon_creds_client_authenticator(creds, &credential);
+
+	torture_assert_ntstatus_ok(
+		tctx,
+		dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
+		"ServerPasswordSet2 all zero password check failed");
+	torture_assert_ntstatus_equal(
+		tctx, r.out.result, NT_STATUS_WRONG_PASSWORD, "");
+
+	return true;
+}
+
+
+static bool test_SetPassword2(struct torture_context *tctx,
+			      struct dcerpc_pipe *p,
+			      struct cli_credentials *machine_credentials)
+{
+	return test_SetPassword2_with_flags(tctx, p, machine_credentials, NETLOGON_NEG_AUTH2_ADS_FLAGS);
+}
+
+static bool test_SetPassword2_AES(struct torture_context *tctx,
+				  struct dcerpc_pipe *p,
+				  struct cli_credentials *machine_credentials)
+{
+	return test_SetPassword2_with_flags(tctx, p, machine_credentials, NETLOGON_NEG_AUTH2_ADS_FLAGS | NETLOGON_NEG_SUPPORTS_AES);
+}
+
+static bool test_GetPassword(struct torture_context *tctx,
+			     struct dcerpc_pipe *p,
+			     struct cli_credentials *machine_credentials)
+{
+	struct netr_ServerPasswordGet r;
+	struct netlogon_creds_CredentialState *creds;
+	struct netr_Authenticator credential;
+	NTSTATUS status;
+	struct netr_Authenticator return_authenticator;
+	struct samr_Password password;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
+		return false;
+	}
+
+	netlogon_creds_client_authenticator(creds, &credential);
+
+	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
+	r.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
+	r.in.computer_name = TEST_MACHINE_NAME;
+	r.in.credential = &credential;
+	r.out.return_authenticator = &return_authenticator;
+	r.out.password = &password;
+
+	status = dcerpc_netr_ServerPasswordGet_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "ServerPasswordGet");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordGet");
+
+	return true;
+}
+
+static bool test_GetTrustPasswords(struct torture_context *tctx,
+				   struct dcerpc_pipe *p,
+				   struct cli_credentials *machine_credentials)
+{
+	struct netr_ServerTrustPasswordsGet r;
+	struct netlogon_creds_CredentialState *creds;
+	struct netr_Authenticator credential;
+	struct netr_Authenticator return_authenticator;
+	struct samr_Password password, password2;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
+		return false;
+	}
+
+	netlogon_creds_client_authenticator(creds, &credential);
+
+	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
+	r.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
+	r.in.computer_name = TEST_MACHINE_NAME;
+	r.in.credential = &credential;
+	r.out.return_authenticator = &return_authenticator;
+	r.out.new_owf_password = &password;
+	r.out.old_owf_password = &password2;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerTrustPasswordsGet_r(b, tctx, &r),
+		"ServerTrustPasswordsGet failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "ServerTrustPasswordsGet failed");
+
+	return true;
+}
+
+/*
+  try a netlogon SamLogon
+*/
+static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context *tctx,
+				   struct cli_credentials *credentials,
+				   struct netlogon_creds_CredentialState *creds,
+				   bool null_domain)
+{
+	NTSTATUS status;
+	struct netr_LogonSamLogon r;
+	struct netr_Authenticator auth, auth2;
+	union netr_LogonLevel logon;
+	union netr_Validation validation;
+	uint8_t authoritative;
+	struct netr_NetworkInfo ninfo;
+	DATA_BLOB names_blob, chal, lm_resp, nt_resp;
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	int flags = CLI_CRED_NTLM_AUTH;
+	if (lpcfg_client_lanman_auth(tctx->lp_ctx)) {
+		flags |= CLI_CRED_LANMAN_AUTH;
+	}
+
+	if (lpcfg_client_ntlmv2_auth(tctx->lp_ctx) && !null_domain) {
+		flags |= CLI_CRED_NTLMv2_AUTH;
+	}
+
+	cli_credentials_get_ntlm_username_domain(samba_cmdline_get_creds(),
+						 tctx,
+						 &ninfo.identity_info.account_name.string,
+						 &ninfo.identity_info.domain_name.string);
+
+	if (null_domain) {
+		ninfo.identity_info.domain_name.string = NULL;
+	}
+
+	generate_random_buffer(ninfo.challenge,
+			       sizeof(ninfo.challenge));
+	chal = data_blob_const(ninfo.challenge,
+			       sizeof(ninfo.challenge));
+
+	names_blob = NTLMv2_generate_names_blob(tctx, cli_credentials_get_workstation(credentials),
+						cli_credentials_get_domain(credentials));
+
+	status = cli_credentials_get_ntlm_response(
+				samba_cmdline_get_creds(), tctx,
+				&flags,
+				chal,
+				NULL, /* server_timestamp */
+				names_blob,
+				&lm_resp, &nt_resp,
+				NULL, NULL);
+	torture_assert_ntstatus_ok(tctx, status, "cli_credentials_get_ntlm_response failed");
+
+	ninfo.lm.data = lm_resp.data;
+	ninfo.lm.length = lm_resp.length;
+
+	ninfo.nt.data = nt_resp.data;
+	ninfo.nt.length = nt_resp.length;
+
+	ninfo.identity_info.parameter_control = 0;
+	ninfo.identity_info.logon_id = 0;
+	ninfo.identity_info.workstation.string = cli_credentials_get_workstation(credentials);
+
+	logon.network = &ninfo;
+
+	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.computer_name = cli_credentials_get_workstation(credentials);
+	r.in.credential = &auth;
+	r.in.return_authenticator = &auth2;
+	r.in.logon_level = NetlogonNetworkInformation;
+	r.in.logon = &logon;
+	r.out.validation = &validation;
+	r.out.authoritative = &authoritative;
+
+	d_printf("Testing LogonSamLogon with name %s\n", ninfo.identity_info.account_name.string);
+
+	for (i=2;i<=3;i++) {
+		ZERO_STRUCT(auth2);
+		netlogon_creds_client_authenticator(creds, &auth);
+
+		r.in.validation_level = i;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
+			"LogonSamLogon failed");
+		torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed");
+
+		torture_assert(tctx, netlogon_creds_client_check(creds,
+								 &r.out.return_authenticator->cred),
+			"Credential chaining failed");
+		torture_assert_int_equal(tctx, *r.out.authoritative, 1,
+					 "LogonSamLogon invalid  *r.out.authoritative");
+	}
+
+	/* this makes sure we get the unmarshalling right for invalid levels */
+	for (i=52;i<53;i++) {
+		ZERO_STRUCT(auth2);
+		/* the authenticator should be ignored by the server */
+		generate_random_buffer((uint8_t *) &auth, sizeof(auth));
+
+		r.in.validation_level = i;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
+					   "LogonSamLogon failed");
+		torture_assert_ntstatus_equal(tctx, r.out.result,
+					      NT_STATUS_INVALID_INFO_CLASS,
+					      "LogonSamLogon failed");
+
+		torture_assert_int_equal(tctx, *r.out.authoritative, 1,
+					 "LogonSamLogon invalid  *r.out.authoritative");
+		torture_assert(tctx,
+			       all_zero((uint8_t *)&auth2, sizeof(auth2)),
+			       "Return authenticator non zero");
+	}
+
+	for (i=2;i<=3;i++) {
+		ZERO_STRUCT(auth2);
+		netlogon_creds_client_authenticator(creds, &auth);
+
+		r.in.validation_level = i;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
+			"LogonSamLogon failed");
+		torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed");
+
+		torture_assert(tctx, netlogon_creds_client_check(creds,
+								 &r.out.return_authenticator->cred),
+			"Credential chaining failed");
+		torture_assert_int_equal(tctx, *r.out.authoritative, 1,
+					 "LogonSamLogon invalid  *r.out.authoritative");
+	}
+
+	r.in.logon_level = 52;
+
+	for (i=2;i<=3;i++) {
+		ZERO_STRUCT(auth2);
+		/* the authenticator should be ignored by the server */
+		generate_random_buffer((uint8_t *) &auth, sizeof(auth));
+
+		r.in.validation_level = i;
+
+		torture_comment(tctx, "Testing SamLogon with validation level %d and a NULL credential\n", i);
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
+			"LogonSamLogon failed");
+		torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_INVALID_PARAMETER,
+			"LogonSamLogon expected INVALID_PARAMETER");
+
+		torture_assert(tctx,
+			       all_zero((uint8_t *)&auth2, sizeof(auth2)),
+			       "Return authenticator non zero");
+		torture_assert_int_equal(tctx, *r.out.authoritative, 1,
+					 "LogonSamLogon invalid  *r.out.authoritative");
+	}
+
+	r.in.credential = NULL;
+
+	for (i=2;i<=3;i++) {
+		ZERO_STRUCT(auth2);
+
+		r.in.validation_level = i;
+
+		torture_comment(tctx, "Testing SamLogon with validation level %d and a NULL credential\n", i);
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
+			"LogonSamLogon failed");
+		torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_INVALID_PARAMETER,
+			"LogonSamLogon expected INVALID_PARAMETER");
+
+		torture_assert(tctx,
+			       all_zero((uint8_t *)&auth2, sizeof(auth2)),
+			       "Return authenticator non zero");
+		torture_assert_int_equal(tctx, *r.out.authoritative, 1,
+					 "LogonSamLogon invalid  *r.out.authoritative");
+	}
+
+	r.in.logon_level = NetlogonNetworkInformation;
+	r.in.credential = &auth;
+
+	for (i=2;i<=3;i++) {
+		ZERO_STRUCT(auth2);
+		netlogon_creds_client_authenticator(creds, &auth);
+
+		r.in.validation_level = i;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
+			"LogonSamLogon failed");
+		torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed");
+
+		torture_assert(tctx, netlogon_creds_client_check(creds,
+								 &r.out.return_authenticator->cred),
+			"Credential chaining failed");
+		torture_assert_int_equal(tctx, *r.out.authoritative, 1,
+					 "LogonSamLogon invalid  *r.out.authoritative");
+	}
+
+	return true;
+}
+
+bool test_netlogon_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
+		       struct cli_credentials *credentials,
+		       struct netlogon_creds_CredentialState *creds)
+{
+	return test_netlogon_ops_args(p, tctx, credentials, creds, false);
+}
+
+/*
+  try a netlogon GetCapabilities
+*/
+bool test_netlogon_capabilities(struct dcerpc_pipe *p, struct torture_context *tctx,
+				struct cli_credentials *credentials,
+				struct netlogon_creds_CredentialState *creds)
+{
+	NTSTATUS status;
+	struct netr_LogonGetCapabilities r;
+	union netr_Capabilities capabilities;
+	struct netr_Authenticator auth, return_auth;
+	struct netlogon_creds_CredentialState tmp_creds;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.computer_name = cli_credentials_get_workstation(credentials);
+	r.in.credential = &auth;
+	r.in.return_authenticator = &return_auth;
+	r.in.query_level = 1;
+	r.out.capabilities = &capabilities;
+	r.out.return_authenticator = &return_auth;
+
+	torture_comment(tctx, "Testing LogonGetCapabilities with query_level=0\n");
+
+	r.in.query_level = 0;
+	ZERO_STRUCT(return_auth);
+
+	/*
+	 * we need to operate on a temporary copy of creds
+	 * because dcerpc_netr_LogonGetCapabilities with
+	 * an unknown query level returns DCERPC_NCA_S_FAULT_INVALID_TAG
+	 * => NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE
+	 * without looking at the authenticator.
+	 */
+	tmp_creds = *creds;
+	netlogon_creds_client_authenticator(&tmp_creds, &auth);
+
+	status = dcerpc_netr_LogonGetCapabilities_r(b, tctx, &r);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE,
+				      "LogonGetCapabilities query_level=0 failed");
+
+	torture_comment(tctx, "Testing LogonGetCapabilities with query_level=3\n");
+
+	r.in.query_level = 3;
+	ZERO_STRUCT(return_auth);
+
+	/*
+	 * we need to operate on a temporary copy of creds
+	 * because dcerpc_netr_LogonGetCapabilities with
+	 * an unknown query level returns DCERPC_NCA_S_FAULT_INVALID_TAG
+	 * => NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE
+	 * without looking at the authenticator.
+	 */
+	tmp_creds = *creds;
+	netlogon_creds_client_authenticator(&tmp_creds, &auth);
+
+	status = dcerpc_netr_LogonGetCapabilities_r(b, tctx, &r);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE,
+				      "LogonGetCapabilities query_level=0 failed");
+
+	torture_comment(tctx, "Testing LogonGetCapabilities with query_level=1\n");
+
+	r.in.query_level = 1;
+	ZERO_STRUCT(return_auth);
+
+	/*
+	 * we need to operate on a temporary copy of creds
+	 * because dcerpc_netr_LogonGetCapabilities was
+	 * dcerpc_netr_DummyFunction and returns NT_STATUS_NOT_IMPLEMENTED
+	 * without looking at the authenticator.
+	 */
+	tmp_creds = *creds;
+	netlogon_creds_client_authenticator(&tmp_creds, &auth);
+
+	status = dcerpc_netr_LogonGetCapabilities_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "LogonGetCapabilities failed");
+	if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_IMPLEMENTED)) {
+		return true;
+	}
+
+	*creds = tmp_creds;
+
+	torture_assert(tctx, netlogon_creds_client_check(creds,
+							 &r.out.return_authenticator->cred),
+		       "Credential chaining failed");
+
+	torture_assert_int_equal(tctx, creds->negotiate_flags,
+				 capabilities.server_capabilities,
+				 "negotiate flags");
+
+	torture_comment(tctx, "Testing LogonGetCapabilities with query_level=2\n");
+
+	r.in.query_level = 2;
+	ZERO_STRUCT(return_auth);
+
+	/*
+	 * we need to operate on a temporary copy of creds
+	 * because dcerpc_netr_LogonGetCapabilities with
+	 * an query level 2 may returns DCERPC_NCA_S_FAULT_INVALID_TAG
+	 * => NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE
+	 * without looking at the authenticator.
+	 */
+	tmp_creds = *creds;
+	netlogon_creds_client_authenticator(&tmp_creds, &auth);
+
+	status = dcerpc_netr_LogonGetCapabilities_r(b, tctx, &r);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE)) {
+		/*
+		 * an server without KB5028166 returns
+		 * DCERPC_NCA_S_FAULT_INVALID_TAG =>
+		 * NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE
+		 */
+		return true;
+	}
+	torture_assert_ntstatus_ok(tctx, status, "LogonGetCapabilities query_level=2 failed");
+
+	*creds = tmp_creds;
+
+	torture_assert(tctx, netlogon_creds_client_check(creds,
+							 &r.out.return_authenticator->cred),
+		       "Credential chaining failed");
+
+	torture_assert_int_equal(tctx, creds->negotiate_flags,
+				 capabilities.server_capabilities,
+				 "negotiate flags");
+
+	return true;
+}
+
+/*
+  try a netlogon SamLogon
+*/
+static bool test_SamLogon(struct torture_context *tctx,
+			  struct dcerpc_pipe *p,
+			  struct cli_credentials *credentials)
+{
+	struct netlogon_creds_CredentialState *creds;
+
+	if (!test_SetupCredentials(p, tctx, credentials, &creds)) {
+		return false;
+	}
+
+	return test_netlogon_ops(p, tctx, credentials, creds);
+}
+
+static bool test_invalidAuthenticate2(struct torture_context *tctx,
+				      struct dcerpc_pipe *p,
+				      struct cli_credentials *credentials)
+{
+	struct netlogon_creds_CredentialState *creds;
+	uint32_t flags = NETLOGON_NEG_AUTH2_FLAGS | NETLOGON_NEG_SUPPORTS_AES;
+
+	torture_comment(tctx, "Testing invalidAuthenticate2\n");
+
+	if (!test_SetupCredentials2(p, tctx, flags,
+				    credentials,
+				    cli_credentials_get_secure_channel_type(credentials),
+				    &creds)) {
+		return false;
+	}
+
+	if (!test_SetupCredentials2ex(p, tctx, flags,
+				      credentials,
+				      "1234567890123456",
+				      cli_credentials_get_secure_channel_type(credentials),
+				      STATUS_BUFFER_OVERFLOW,
+				      &creds)) {
+		return false;
+	}
+
+	if (!test_SetupCredentials2ex(p, tctx, flags,
+				      credentials,
+				      "123456789012345",
+				      cli_credentials_get_secure_channel_type(credentials),
+				      NT_STATUS_OK,
+				      &creds)) {
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_ServerReqChallengeGlobal(struct torture_context *tctx,
+					  struct dcerpc_pipe *p1,
+					  struct cli_credentials *machine_credentials)
+{
+	uint32_t flags = NETLOGON_NEG_AUTH2_FLAGS | NETLOGON_NEG_SUPPORTS_AES;
+	struct netr_ServerReqChallenge r;
+	struct netr_ServerAuthenticate3 a;
+	struct netr_Credential credentials1, credentials2, credentials3;
+	struct netlogon_creds_CredentialState *creds;
+	struct samr_Password mach_password;
+	uint32_t rid;
+	const char *machine_name;
+	const char *plain_pass;
+	struct dcerpc_binding_handle *b1 = p1->binding_handle;
+	struct dcerpc_pipe *p2 = NULL;
+	struct dcerpc_binding_handle *b2 = NULL;
+
+	machine_name = cli_credentials_get_workstation(machine_credentials);
+	torture_assert(tctx, machine_name != NULL, "machine_name");
+	plain_pass = cli_credentials_get_password(machine_credentials);
+	torture_assert(tctx, plain_pass != NULL, "plain_pass");
+
+	torture_comment(tctx, "Testing ServerReqChallenge on b1\n");
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_pipe_connect_b(tctx, &p2, p1->binding,
+				      &ndr_table_netlogon,
+				      machine_credentials,
+				      tctx->ev, tctx->lp_ctx),
+		"dcerpc_pipe_connect_b failed");
+	b2 = p2->binding_handle;
+
+	r.in.server_name = NULL;
+	r.in.computer_name = machine_name;
+	r.in.credentials = &credentials1;
+	r.out.return_credentials = &credentials2;
+
+	netlogon_creds_random_challenge(&credentials1);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b1, tctx, &r),
+		"ServerReqChallenge failed on b1");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed on b1");
+
+	E_md4hash(plain_pass, mach_password.hash);
+
+	a.in.server_name = NULL;
+	a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
+	a.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
+	a.in.computer_name = machine_name;
+	a.in.negotiate_flags = &flags;
+	a.in.credentials = &credentials3;
+	a.out.return_credentials = &credentials3;
+	a.out.negotiate_flags = &flags;
+	a.out.rid = &rid;
+
+	creds = netlogon_creds_client_init(tctx, a.in.account_name,
+					   a.in.computer_name,
+					   a.in.secure_channel_type,
+					   &credentials1, &credentials2,
+					   &mach_password, &credentials3,
+					   flags);
+
+	torture_assert(tctx, creds != NULL, "memory allocation");
+
+	torture_comment(tctx, "Testing ServerAuthenticate3 on b2\n");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate3_r(b2, tctx, &a),
+		"ServerAuthenticate3 failed on b2");
+	torture_assert_ntstatus_ok(tctx, a.out.result, "ServerAuthenticate3 failed on b2");
+	torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3), "Credential chaining failed");
+
+	return true;
+}
+
+/*
+ * Test the re-use of the challenge is not possible on a third
+ * connection, after first using it second one.
+ */
+
+static bool test_ServerReqChallengeReuseGlobal(struct torture_context *tctx,
+					  struct dcerpc_pipe *p1,
+					  struct cli_credentials *machine_credentials)
+{
+	uint32_t flags = NETLOGON_NEG_AUTH2_FLAGS | NETLOGON_NEG_SUPPORTS_AES;
+	struct netr_ServerReqChallenge r;
+	struct netr_ServerAuthenticate3 a;
+	struct netr_Credential credentials1, credentials2, credentials3;
+	struct netlogon_creds_CredentialState *creds;
+	struct samr_Password mach_password;
+	uint32_t rid;
+	const char *machine_name;
+	const char *plain_pass;
+	struct dcerpc_binding_handle *b1 = p1->binding_handle;
+	struct dcerpc_pipe *p2 = NULL;
+	struct dcerpc_binding_handle *b2 = NULL;
+	struct dcerpc_pipe *p3 = NULL;
+	struct dcerpc_binding_handle *b3 = NULL;
+
+	machine_name = cli_credentials_get_workstation(machine_credentials);
+	torture_assert(tctx, machine_name != NULL, "machine_name");
+	plain_pass = cli_credentials_get_password(machine_credentials);
+	torture_assert(tctx, plain_pass != NULL, "plain_pass");
+
+	torture_comment(tctx, "Testing ServerReqChallenge on b1\n");
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_pipe_connect_b(tctx, &p2, p1->binding,
+				      &ndr_table_netlogon,
+				      machine_credentials,
+				      tctx->ev, tctx->lp_ctx),
+		"dcerpc_pipe_connect_b failed");
+	b2 = p2->binding_handle;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_pipe_connect_b(tctx, &p3, p1->binding,
+				      &ndr_table_netlogon,
+				      machine_credentials,
+				      tctx->ev, tctx->lp_ctx),
+		"dcerpc_pipe_connect_b failed");
+	b3 = p3->binding_handle;
+
+	r.in.server_name = NULL;
+	r.in.computer_name = machine_name;
+	r.in.credentials = &credentials1;
+	r.out.return_credentials = &credentials2;
+
+	netlogon_creds_random_challenge(&credentials1);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b1, tctx, &r),
+		"ServerReqChallenge failed on b1");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed on b1");
+
+	E_md4hash(plain_pass, mach_password.hash);
+
+	a.in.server_name = NULL;
+	a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
+	a.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
+	a.in.computer_name = machine_name;
+	a.in.negotiate_flags = &flags;
+	a.in.credentials = &credentials3;
+	a.out.return_credentials = &credentials3;
+	a.out.negotiate_flags = &flags;
+	a.out.rid = &rid;
+
+	creds = netlogon_creds_client_init(tctx, a.in.account_name,
+					   a.in.computer_name,
+					   a.in.secure_channel_type,
+					   &credentials1, &credentials2,
+					   &mach_password, &credentials3,
+					   flags);
+
+	torture_assert(tctx, creds != NULL, "memory allocation");
+
+	torture_comment(tctx, "Testing ServerAuthenticate3 on b2\n");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate3_r(b2, tctx, &a),
+		"ServerAuthenticate3 failed on b2");
+	torture_assert_ntstatus_ok(tctx, a.out.result, "ServerAuthenticate3 failed on b2");
+	torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3), "Credential chaining failed");
+
+	/* We have to re-run this part */
+	creds = netlogon_creds_client_init(tctx, a.in.account_name,
+					   a.in.computer_name,
+					   a.in.secure_channel_type,
+					   &credentials1, &credentials2,
+					   &mach_password, &credentials3,
+					   flags);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate3_r(b3, tctx, &a),
+		"ServerAuthenticate3 failed on b3");
+	torture_assert_ntstatus_equal(tctx, a.out.result, NT_STATUS_ACCESS_DENIED,
+				      "ServerAuthenticate3 should have failed on b3, due to credential reuse");
+	return true;
+}
+
+/*
+ * Test if use of the per-pipe challenge will wipe out the globally cached challenge
+ */
+static bool test_ServerReqChallengeReuseGlobal2(struct torture_context *tctx,
+						struct dcerpc_pipe *p1,
+						struct cli_credentials *machine_credentials)
+{
+	uint32_t flags = NETLOGON_NEG_AUTH2_FLAGS | NETLOGON_NEG_SUPPORTS_AES;
+	struct netr_ServerReqChallenge r;
+	struct netr_ServerAuthenticate3 a;
+	struct netr_Credential credentials1, credentials2, credentials3;
+	struct netlogon_creds_CredentialState *creds;
+	struct samr_Password mach_password;
+	uint32_t rid;
+	const char *machine_name;
+	const char *plain_pass;
+	struct dcerpc_binding_handle *b1 = p1->binding_handle;
+	struct dcerpc_pipe *p2 = NULL;
+	struct dcerpc_binding_handle *b2 = NULL;
+
+	machine_name = cli_credentials_get_workstation(machine_credentials);
+	torture_assert(tctx, machine_name != NULL, "machine_name");
+	plain_pass = cli_credentials_get_password(machine_credentials);
+	torture_assert(tctx, plain_pass != NULL, "plain_pass");
+
+	torture_comment(tctx, "Testing ServerReqChallenge on b1\n");
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_pipe_connect_b(tctx, &p2, p1->binding,
+				      &ndr_table_netlogon,
+				      machine_credentials,
+				      tctx->ev, tctx->lp_ctx),
+		"dcerpc_pipe_connect_b failed");
+	b2 = p2->binding_handle;
+
+	r.in.server_name = NULL;
+	r.in.computer_name = machine_name;
+	r.in.credentials = &credentials1;
+	r.out.return_credentials = &credentials2;
+
+	netlogon_creds_random_challenge(&credentials1);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b1, tctx, &r),
+		"ServerReqChallenge failed on b1");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed on b1");
+
+	E_md4hash(plain_pass, mach_password.hash);
+
+	a.in.server_name = NULL;
+	a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
+	a.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
+	a.in.computer_name = machine_name;
+	a.in.negotiate_flags = &flags;
+	a.in.credentials = &credentials3;
+	a.out.return_credentials = &credentials3;
+	a.out.negotiate_flags = &flags;
+	a.out.rid = &rid;
+
+	creds = netlogon_creds_client_init(tctx, a.in.account_name,
+					   a.in.computer_name,
+					   a.in.secure_channel_type,
+					   &credentials1, &credentials2,
+					   &mach_password, &credentials3,
+					   flags);
+
+	torture_assert(tctx, creds != NULL, "memory allocation");
+
+	torture_comment(tctx, "Testing ServerAuthenticate3 on b2\n");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate3_r(b1, tctx, &a),
+		"ServerAuthenticate3 failed on b");
+	torture_assert_ntstatus_ok(tctx, a.out.result, "ServerAuthenticate3 failed on b");
+	torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3), "Credential chaining failed");
+
+	/* We have to re-run this part */
+	creds = netlogon_creds_client_init(tctx, a.in.account_name,
+					   a.in.computer_name,
+					   a.in.secure_channel_type,
+					   &credentials1, &credentials2,
+					   &mach_password, &credentials3,
+					   flags);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate3_r(b2, tctx, &a),
+		"ServerAuthenticate3 failed on b2");
+	torture_assert_ntstatus_equal(tctx, a.out.result, NT_STATUS_ACCESS_DENIED,
+				      "ServerAuthenticate3 should have failed on b2, due to credential reuse");
+	return true;
+}
+
+/*
+ * Test if use of the globally cached challenge will wipe out the
+ * per-pipe challenge
+ */
+static bool test_ServerReqChallengeReuseGlobal3(struct torture_context *tctx,
+						struct dcerpc_pipe *p1,
+						struct cli_credentials *machine_credentials)
+{
+	uint32_t flags = NETLOGON_NEG_AUTH2_FLAGS | NETLOGON_NEG_SUPPORTS_AES;
+	struct netr_ServerReqChallenge r;
+	struct netr_ServerAuthenticate3 a;
+	struct netr_Credential credentials1, credentials2, credentials3;
+	struct netlogon_creds_CredentialState *creds;
+	struct samr_Password mach_password;
+	uint32_t rid;
+	const char *machine_name;
+	const char *plain_pass;
+	struct dcerpc_binding_handle *b1 = p1->binding_handle;
+	struct dcerpc_pipe *p2 = NULL;
+	struct dcerpc_binding_handle *b2 = NULL;
+
+	machine_name = cli_credentials_get_workstation(machine_credentials);
+	torture_assert(tctx, machine_name != NULL, "machine_name");
+	plain_pass = cli_credentials_get_password(machine_credentials);
+	torture_assert(tctx, plain_pass != NULL, "plain_pass");
+
+	torture_comment(tctx, "Testing ServerReqChallenge on b1\n");
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_pipe_connect_b(tctx, &p2, p1->binding,
+				      &ndr_table_netlogon,
+				      machine_credentials,
+				      tctx->ev, tctx->lp_ctx),
+		"dcerpc_pipe_connect_b failed");
+	b2 = p2->binding_handle;
+
+	r.in.server_name = NULL;
+	r.in.computer_name = machine_name;
+	r.in.credentials = &credentials1;
+	r.out.return_credentials = &credentials2;
+
+	netlogon_creds_random_challenge(&credentials1);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b1, tctx, &r),
+		"ServerReqChallenge failed on b1");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed on b1");
+
+	E_md4hash(plain_pass, mach_password.hash);
+
+	a.in.server_name = NULL;
+	a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
+	a.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
+	a.in.computer_name = machine_name;
+	a.in.negotiate_flags = &flags;
+	a.in.credentials = &credentials3;
+	a.out.return_credentials = &credentials3;
+	a.out.negotiate_flags = &flags;
+	a.out.rid = &rid;
+
+	creds = netlogon_creds_client_init(tctx, a.in.account_name,
+					   a.in.computer_name,
+					   a.in.secure_channel_type,
+					   &credentials1, &credentials2,
+					   &mach_password, &credentials3,
+					   flags);
+
+	torture_assert(tctx, creds != NULL, "memory allocation");
+
+	torture_comment(tctx, "Testing ServerAuthenticate3 on b2\n");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate3_r(b2, tctx, &a),
+		"ServerAuthenticate3 failed on b2");
+	torture_assert_ntstatus_ok(tctx, a.out.result, "ServerAuthenticate3 failed on b");
+	torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3), "Credential chaining failed");
+
+	/* We have to re-run this part */
+	creds = netlogon_creds_client_init(tctx, a.in.account_name,
+					   a.in.computer_name,
+					   a.in.secure_channel_type,
+					   &credentials1, &credentials2,
+					   &mach_password, &credentials3,
+					   flags);
+
+	torture_assert(tctx, creds != NULL, "memory allocation");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate3_r(b1, tctx, &a),
+		"ServerAuthenticate3 failed on b1");
+	torture_assert_ntstatus_equal(tctx, a.out.result, NT_STATUS_ACCESS_DENIED,
+				      "ServerAuthenticate3 should have failed on b1, due to credential reuse");
+	return true;
+}
+
+/*
+ * Test if more than one globally cached challenge works
+ */
+static bool test_ServerReqChallengeReuseGlobal4(struct torture_context *tctx,
+						struct dcerpc_pipe *p1,
+						struct cli_credentials *machine_credentials)
+{
+	uint32_t flags = NETLOGON_NEG_AUTH2_FLAGS | NETLOGON_NEG_SUPPORTS_AES;
+	struct netr_ServerReqChallenge r;
+	struct netr_ServerAuthenticate3 a;
+	struct netr_Credential credentials1, credentials1_random,
+		credentials2, credentials3, credentials_discard;
+	struct netlogon_creds_CredentialState *creds;
+	struct samr_Password mach_password;
+	uint32_t rid;
+	const char *machine_name;
+	const char *plain_pass;
+	struct dcerpc_binding_handle *b1 = p1->binding_handle;
+	struct dcerpc_pipe *p2 = NULL;
+	struct dcerpc_binding_handle *b2 = NULL;
+
+	machine_name = cli_credentials_get_workstation(machine_credentials);
+	torture_assert(tctx, machine_name != NULL, "machine_name");
+	plain_pass = cli_credentials_get_password(machine_credentials);
+	torture_assert(tctx, plain_pass != NULL, "plain_pass");
+
+	torture_comment(tctx, "Testing ServerReqChallenge on b1\n");
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_pipe_connect_b(tctx, &p2, p1->binding,
+				      &ndr_table_netlogon,
+				      machine_credentials,
+				      tctx->ev, tctx->lp_ctx),
+		"dcerpc_pipe_connect_b failed");
+	b2 = p2->binding_handle;
+
+	r.in.server_name = NULL;
+	r.in.computer_name = "CHALTEST1";
+	r.in.credentials = &credentials1_random;
+	r.out.return_credentials = &credentials_discard;
+
+	netlogon_creds_random_challenge(&credentials1_random);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b1, tctx, &r),
+		"ServerReqChallenge failed on b1");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed on b1");
+
+	/* Now ask for the actual client name */
+	r.in.server_name = NULL;
+	r.in.computer_name = machine_name;
+	r.in.credentials = &credentials1;
+	r.out.return_credentials = &credentials2;
+
+	netlogon_creds_random_challenge(&credentials1);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b1, tctx, &r),
+		"ServerReqChallenge failed on b1");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed on b1");
+
+	r.in.server_name = NULL;
+	r.in.computer_name = "CHALTEST2";
+	r.in.credentials = &credentials1_random;
+	r.out.return_credentials = &credentials_discard;
+
+	netlogon_creds_random_challenge(&credentials1_random);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b1, tctx, &r),
+		"ServerReqChallenge failed on b1");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed on b1");
+
+	E_md4hash(plain_pass, mach_password.hash);
+
+	a.in.server_name = NULL;
+	a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
+	a.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
+	a.in.computer_name = machine_name;
+	a.in.negotiate_flags = &flags;
+	a.in.credentials = &credentials3;
+	a.out.return_credentials = &credentials3;
+	a.out.negotiate_flags = &flags;
+	a.out.rid = &rid;
+
+	creds = netlogon_creds_client_init(tctx, a.in.account_name,
+					   a.in.computer_name,
+					   a.in.secure_channel_type,
+					   &credentials1, &credentials2,
+					   &mach_password, &credentials3,
+					   flags);
+
+	torture_assert(tctx, creds != NULL, "memory allocation");
+
+	torture_comment(tctx, "Testing ServerAuthenticate3 on b2 (must use global credentials)\n");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate3_r(b2, tctx, &a),
+		"ServerAuthenticate3 failed on b2");
+	torture_assert_ntstatus_ok(tctx, a.out.result, "ServerAuthenticate3 failed on b2");
+	torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3), "Credential chaining failed");
+
+	/* We have to re-run this part */
+	creds = netlogon_creds_client_init(tctx, a.in.account_name,
+					   a.in.computer_name,
+					   a.in.secure_channel_type,
+					   &credentials1, &credentials2,
+					   &mach_password, &credentials3,
+					   flags);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate3_r(b1, tctx, &a),
+		"ServerAuthenticate3 failed on b1");
+	torture_assert_ntstatus_equal(tctx, a.out.result, NT_STATUS_ACCESS_DENIED,
+				      "ServerAuthenticate3 should have failed on b1, due to credential reuse");
+	return true;
+}
+
+static bool test_ServerReqChallengeReuse(struct torture_context *tctx,
+					 struct dcerpc_pipe *p,
+					 struct cli_credentials *machine_credentials)
+{
+	uint32_t flags = NETLOGON_NEG_AUTH2_FLAGS | NETLOGON_NEG_SUPPORTS_AES;
+	struct netr_ServerReqChallenge r;
+	struct netr_ServerAuthenticate3 a;
+	struct netr_Credential credentials1, credentials2, credentials3;
+	struct netlogon_creds_CredentialState *creds;
+	struct samr_Password mach_password;
+	uint32_t rid;
+	const char *machine_name;
+	const char *plain_pass;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	machine_name = cli_credentials_get_workstation(machine_credentials);
+	torture_assert(tctx, machine_name != NULL, "machine_name");
+	plain_pass = cli_credentials_get_password(machine_credentials);
+	torture_assert(tctx, plain_pass != NULL, "plain_pass");
+
+	torture_comment(tctx, "Testing ServerReqChallenge on b1\n");
+
+	r.in.server_name = NULL;
+	r.in.computer_name = machine_name;
+	r.in.credentials = &credentials1;
+	r.out.return_credentials = &credentials2;
+
+	netlogon_creds_random_challenge(&credentials1);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
+		"ServerReqChallenge");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed on b1");
+
+	E_md4hash(plain_pass, mach_password.hash);
+
+	a.in.server_name = NULL;
+	a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
+	a.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
+	a.in.computer_name = machine_name;
+	a.in.negotiate_flags = &flags;
+	a.in.credentials = &credentials3;
+	a.out.return_credentials = &credentials3;
+	a.out.negotiate_flags = &flags;
+	a.out.rid = &rid;
+
+	creds = netlogon_creds_client_init(tctx, a.in.account_name,
+					   a.in.computer_name,
+					   a.in.secure_channel_type,
+					   &credentials1, &credentials2,
+					   &mach_password, &credentials3,
+					   flags);
+
+	torture_assert(tctx, creds != NULL, "memory allocation");
+
+	torture_comment(tctx, "Testing ServerAuthenticate3\n");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate3_r(b, tctx, &a),
+		"ServerAuthenticate3 failed");
+	torture_assert_ntstatus_ok(tctx, a.out.result, "ServerAuthenticate3 failed");
+	torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3), "Credential chaining failed");
+
+	/* We have to re-run this part */
+	creds = netlogon_creds_client_init(tctx, a.in.account_name,
+					   a.in.computer_name,
+					   a.in.secure_channel_type,
+					   &credentials1, &credentials2,
+					   &mach_password, &credentials3,
+					   flags);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate3_r(b, tctx, &a),
+		"ServerAuthenticate3 failed");
+	torture_assert_ntstatus_equal(tctx, a.out.result, NT_STATUS_ACCESS_DENIED,
+				      "ServerAuthenticate3 should have failed on b3, due to credential reuse");
+
+	ZERO_STRUCT(credentials1.data);
+	ZERO_STRUCT(credentials2.data);
+	creds = netlogon_creds_client_init(tctx, a.in.account_name,
+					   a.in.computer_name,
+					   a.in.secure_channel_type,
+					   &credentials1, &credentials2,
+					   &mach_password, &credentials3,
+					   flags);
+
+	torture_assert(tctx, creds != NULL, "memory allocation");
+
+	torture_comment(tctx, "Testing ServerAuthenticate3 with zero'ed challenge\n");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate3_r(b, tctx, &a),
+		"ServerAuthenticate3 failed");
+	torture_assert_ntstatus_equal(tctx, a.out.result, NT_STATUS_ACCESS_DENIED,
+				      "ServerAuthenticate3 should have failed on b3, due to credential reuse");
+	return true;
+}
+
+static bool test_SamLogon_NULL_domain(struct torture_context *tctx,
+				      struct dcerpc_pipe *p,
+				      struct cli_credentials *credentials)
+{
+	struct netlogon_creds_CredentialState *creds;
+
+	if (!test_SetupCredentials(p, tctx, credentials, &creds)) {
+		return false;
+	}
+
+	return test_netlogon_ops_args(p, tctx, credentials, creds, true);
+}
+
+/* we remember the sequence numbers so we can easily do a DatabaseDelta */
+static uint64_t sequence_nums[3];
+
+/*
+  try a netlogon DatabaseSync
+*/
+static bool test_DatabaseSync(struct torture_context *tctx,
+			      struct dcerpc_pipe *p,
+			      struct cli_credentials *machine_credentials)
+{
+	struct netr_DatabaseSync r;
+	struct netlogon_creds_CredentialState *creds;
+	const uint32_t database_ids[] = {SAM_DATABASE_DOMAIN, SAM_DATABASE_BUILTIN, SAM_DATABASE_PRIVS};
+	int i;
+	struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
+	struct netr_Authenticator credential, return_authenticator;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
+		return false;
+	}
+
+	ZERO_STRUCT(return_authenticator);
+
+	r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.computername = TEST_MACHINE_NAME;
+	r.in.preferredmaximumlength = (uint32_t)-1;
+	r.in.return_authenticator = &return_authenticator;
+	r.out.delta_enum_array = &delta_enum_array;
+	r.out.return_authenticator = &return_authenticator;
+
+	for (i=0;i<ARRAY_SIZE(database_ids);i++) {
+
+		uint32_t sync_context = 0;
+
+		r.in.database_id = database_ids[i];
+		r.in.sync_context = &sync_context;
+		r.out.sync_context = &sync_context;
+
+		torture_comment(tctx, "Testing DatabaseSync of id %d\n", r.in.database_id);
+
+		do {
+			netlogon_creds_client_authenticator(creds, &credential);
+
+			r.in.credential = &credential;
+
+			torture_assert_ntstatus_ok(tctx, dcerpc_netr_DatabaseSync_r(b, tctx, &r),
+				"DatabaseSync failed");
+			if (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES))
+			    break;
+
+			/* Native mode servers don't do this */
+			if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_SUPPORTED)) {
+				return true;
+			}
+			torture_assert_ntstatus_ok(tctx, r.out.result, "DatabaseSync");
+
+			if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
+				torture_comment(tctx, "Credential chaining failed\n");
+			}
+
+			if (delta_enum_array &&
+			    delta_enum_array->num_deltas > 0 &&
+			    delta_enum_array->delta_enum[0].delta_type == NETR_DELTA_DOMAIN &&
+			    delta_enum_array->delta_enum[0].delta_union.domain) {
+				sequence_nums[r.in.database_id] =
+					delta_enum_array->delta_enum[0].delta_union.domain->sequence_num;
+				torture_comment(tctx, "\tsequence_nums[%d]=%llu\n",
+				       r.in.database_id,
+				       (unsigned long long)sequence_nums[r.in.database_id]);
+			}
+		} while (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES));
+	}
+
+	return true;
+}
+
+
+/*
+  try a netlogon DatabaseDeltas
+*/
+static bool test_DatabaseDeltas(struct torture_context *tctx,
+				struct dcerpc_pipe *p,
+				struct cli_credentials *machine_credentials)
+{
+	struct netr_DatabaseDeltas r;
+	struct netlogon_creds_CredentialState *creds;
+	struct netr_Authenticator credential;
+	struct netr_Authenticator return_authenticator;
+	struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
+	const uint32_t database_ids[] = {0, 1, 2};
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
+		return false;
+	}
+
+	r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.computername = TEST_MACHINE_NAME;
+	r.in.preferredmaximumlength = (uint32_t)-1;
+	ZERO_STRUCT(r.in.return_authenticator);
+	r.out.return_authenticator = &return_authenticator;
+	r.out.delta_enum_array = &delta_enum_array;
+
+	for (i=0;i<ARRAY_SIZE(database_ids);i++) {
+		r.in.database_id = database_ids[i];
+		r.in.sequence_num = &sequence_nums[r.in.database_id];
+
+		if (*r.in.sequence_num == 0) continue;
+
+		*r.in.sequence_num -= 1;
+
+		torture_comment(tctx, "Testing DatabaseDeltas of id %d at %llu\n",
+		       r.in.database_id, (unsigned long long)*r.in.sequence_num);
+
+		do {
+			netlogon_creds_client_authenticator(creds, &credential);
+
+			torture_assert_ntstatus_ok(tctx, dcerpc_netr_DatabaseDeltas_r(b, tctx, &r),
+				"DatabaseDeltas failed");
+			if (NT_STATUS_EQUAL(r.out.result,
+					     NT_STATUS_SYNCHRONIZATION_REQUIRED)) {
+				torture_comment(tctx, "not considering %s to be an error\n",
+				       nt_errstr(r.out.result));
+				return true;
+			}
+			if (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES))
+			    break;
+
+			torture_assert_ntstatus_ok(tctx, r.out.result, "DatabaseDeltas");
+
+			if (!netlogon_creds_client_check(creds, &return_authenticator.cred)) {
+				torture_comment(tctx, "Credential chaining failed\n");
+			}
+
+			(*r.in.sequence_num)++;
+		} while (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES));
+	}
+
+	return true;
+}
+
+static bool test_DatabaseRedo(struct torture_context *tctx,
+			      struct dcerpc_pipe *p,
+			      struct cli_credentials *machine_credentials)
+{
+	struct netr_DatabaseRedo r;
+	struct netlogon_creds_CredentialState *creds;
+	struct netr_Authenticator credential;
+	struct netr_Authenticator return_authenticator;
+	struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
+	struct netr_ChangeLogEntry e;
+	struct dom_sid null_sid, *sid;
+	int i,d;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	ZERO_STRUCT(null_sid);
+
+	sid = dom_sid_parse_talloc(tctx, "S-1-5-21-1111111111-2222222222-333333333-500");
+
+	{
+
+	struct {
+		uint32_t rid;
+		uint16_t flags;
+		uint8_t db_index;
+		uint8_t delta_type;
+		struct dom_sid sid;
+		const char *name;
+		NTSTATUS expected_error;
+		uint32_t expected_num_results;
+		uint8_t expected_delta_type_1;
+		uint8_t expected_delta_type_2;
+		const char *comment;
+	} changes[] = {
+
+		/* SAM_DATABASE_DOMAIN */
+
+		{
+			.rid			= 0,
+			.flags			= 0,
+			.db_index		= SAM_DATABASE_DOMAIN,
+			.delta_type		= NETR_DELTA_MODIFY_COUNT,
+			.sid			= null_sid,
+			.name			= NULL,
+			.expected_error		= NT_STATUS_SYNCHRONIZATION_REQUIRED,
+			.expected_num_results   = 0,
+			.comment		= "NETR_DELTA_MODIFY_COUNT"
+		},
+		{
+			.rid			= 0,
+			.flags			= 0,
+			.db_index		= SAM_DATABASE_DOMAIN,
+			.delta_type		= 0,
+			.sid			= null_sid,
+			.name			= NULL,
+			.expected_error		= NT_STATUS_OK,
+			.expected_num_results	= 1,
+			.expected_delta_type_1	= NETR_DELTA_DOMAIN,
+			.comment		= "NULL DELTA"
+		},
+		{
+			.rid			= 0,
+			.flags			= 0,
+			.db_index		= SAM_DATABASE_DOMAIN,
+			.delta_type		= NETR_DELTA_DOMAIN,
+			.sid			= null_sid,
+			.name			= NULL,
+			.expected_error		= NT_STATUS_OK,
+			.expected_num_results	= 1,
+			.expected_delta_type_1	= NETR_DELTA_DOMAIN,
+			.comment		= "NETR_DELTA_DOMAIN"
+		},
+		{
+			.rid			= DOMAIN_RID_ADMINISTRATOR,
+			.flags			= 0,
+			.db_index		= SAM_DATABASE_DOMAIN,
+			.delta_type		= NETR_DELTA_USER,
+			.sid			= null_sid,
+			.name			= NULL,
+			.expected_error		= NT_STATUS_OK,
+			.expected_num_results   = 1,
+			.expected_delta_type_1	= NETR_DELTA_USER,
+			.comment		= "NETR_DELTA_USER by rid 500"
+		},
+		{
+			.rid			= DOMAIN_RID_GUEST,
+			.flags			= 0,
+			.db_index		= SAM_DATABASE_DOMAIN,
+			.delta_type		= NETR_DELTA_USER,
+			.sid			= null_sid,
+			.name			= NULL,
+			.expected_error		= NT_STATUS_OK,
+			.expected_num_results   = 1,
+			.expected_delta_type_1	= NETR_DELTA_USER,
+			.comment		= "NETR_DELTA_USER by rid 501"
+		},
+		{
+			.rid			= 0,
+			.flags			= NETR_CHANGELOG_SID_INCLUDED,
+			.db_index		= SAM_DATABASE_DOMAIN,
+			.delta_type		= NETR_DELTA_USER,
+			.sid			= *sid,
+			.name			= NULL,
+			.expected_error		= NT_STATUS_OK,
+			.expected_num_results   = 1,
+			.expected_delta_type_1	= NETR_DELTA_DELETE_USER,
+			.comment		= "NETR_DELTA_USER by sid and flags"
+		},
+		{
+			.rid			= 0,
+			.flags			= NETR_CHANGELOG_SID_INCLUDED,
+			.db_index		= SAM_DATABASE_DOMAIN,
+			.delta_type		= NETR_DELTA_USER,
+			.sid			= null_sid,
+			.name			= NULL,
+			.expected_error		= NT_STATUS_OK,
+			.expected_num_results   = 1,
+			.expected_delta_type_1	= NETR_DELTA_DELETE_USER,
+			.comment		= "NETR_DELTA_USER by null_sid and flags"
+		},
+		{
+			.rid			= 0,
+			.flags			= NETR_CHANGELOG_NAME_INCLUDED,
+			.db_index		= SAM_DATABASE_DOMAIN,
+			.delta_type		= NETR_DELTA_USER,
+			.sid			= null_sid,
+			.name			= "administrator",
+			.expected_error		= NT_STATUS_OK,
+			.expected_num_results   = 1,
+			.expected_delta_type_1	= NETR_DELTA_DELETE_USER,
+			.comment		= "NETR_DELTA_USER by name 'administrator'"
+		},
+		{
+			.rid			= DOMAIN_RID_ADMINS,
+			.flags			= 0,
+			.db_index		= SAM_DATABASE_DOMAIN,
+			.delta_type		= NETR_DELTA_GROUP,
+			.sid			= null_sid,
+			.name			= NULL,
+			.expected_error		= NT_STATUS_OK,
+			.expected_num_results   = 2,
+			.expected_delta_type_1	= NETR_DELTA_GROUP,
+			.expected_delta_type_2	= NETR_DELTA_GROUP_MEMBER,
+			.comment		= "NETR_DELTA_GROUP by rid 512"
+		},
+		{
+			.rid			= DOMAIN_RID_ADMINS,
+			.flags			= 0,
+			.db_index		= SAM_DATABASE_DOMAIN,
+			.delta_type		= NETR_DELTA_GROUP_MEMBER,
+			.sid			= null_sid,
+			.name			= NULL,
+			.expected_error		= NT_STATUS_OK,
+			.expected_num_results   = 2,
+			.expected_delta_type_1	= NETR_DELTA_GROUP,
+			.expected_delta_type_2	= NETR_DELTA_GROUP_MEMBER,
+			.comment		= "NETR_DELTA_GROUP_MEMBER by rid 512"
+		},
+
+
+		/* SAM_DATABASE_BUILTIN */
+
+		{
+			.rid			= 0,
+			.flags			= 0,
+			.db_index		= SAM_DATABASE_BUILTIN,
+			.delta_type		= NETR_DELTA_MODIFY_COUNT,
+			.sid			= null_sid,
+			.name			= NULL,
+			.expected_error		= NT_STATUS_SYNCHRONIZATION_REQUIRED,
+			.expected_num_results   = 0,
+			.comment		= "NETR_DELTA_MODIFY_COUNT"
+		},
+		{
+			.rid			= 0,
+			.flags			= 0,
+			.db_index		= SAM_DATABASE_BUILTIN,
+			.delta_type		= NETR_DELTA_DOMAIN,
+			.sid			= null_sid,
+			.name			= NULL,
+			.expected_error		= NT_STATUS_OK,
+			.expected_num_results   = 1,
+			.expected_delta_type_1	= NETR_DELTA_DOMAIN,
+			.comment		= "NETR_DELTA_DOMAIN"
+		},
+		{
+			.rid			= DOMAIN_RID_ADMINISTRATOR,
+			.flags			= 0,
+			.db_index		= SAM_DATABASE_BUILTIN,
+			.delta_type		= NETR_DELTA_USER,
+			.sid			= null_sid,
+			.name			= NULL,
+			.expected_error		= NT_STATUS_OK,
+			.expected_num_results   = 1,
+			.expected_delta_type_1	= NETR_DELTA_DELETE_USER,
+			.comment		= "NETR_DELTA_USER by rid 500"
+		},
+		{
+			.rid			= 0,
+			.flags			= 0,
+			.db_index		= SAM_DATABASE_BUILTIN,
+			.delta_type		= NETR_DELTA_USER,
+			.sid			= null_sid,
+			.name			= NULL,
+			.expected_error		= NT_STATUS_OK,
+			.expected_num_results   = 1,
+			.expected_delta_type_1	= NETR_DELTA_DELETE_USER,
+			.comment		= "NETR_DELTA_USER"
+		},
+		{
+			.rid			= 544,
+			.flags			= 0,
+			.db_index		= SAM_DATABASE_BUILTIN,
+			.delta_type		= NETR_DELTA_ALIAS,
+			.sid			= null_sid,
+			.name			= NULL,
+			.expected_error		= NT_STATUS_OK,
+			.expected_num_results   = 2,
+			.expected_delta_type_1	= NETR_DELTA_ALIAS,
+			.expected_delta_type_2	= NETR_DELTA_ALIAS_MEMBER,
+			.comment		= "NETR_DELTA_ALIAS by rid 544"
+		},
+		{
+			.rid			= 544,
+			.flags			= 0,
+			.db_index		= SAM_DATABASE_BUILTIN,
+			.delta_type		= NETR_DELTA_ALIAS_MEMBER,
+			.sid			= null_sid,
+			.name			= NULL,
+			.expected_error		= NT_STATUS_OK,
+			.expected_num_results   = 2,
+			.expected_delta_type_1	= NETR_DELTA_ALIAS,
+			.expected_delta_type_2	= NETR_DELTA_ALIAS_MEMBER,
+			.comment		= "NETR_DELTA_ALIAS_MEMBER by rid 544"
+		},
+		{
+			.rid			= 544,
+			.flags			= 0,
+			.db_index		= SAM_DATABASE_BUILTIN,
+			.delta_type		= 0,
+			.sid			= null_sid,
+			.name			= NULL,
+			.expected_error		= NT_STATUS_OK,
+			.expected_num_results   = 1,
+			.expected_delta_type_1	= NETR_DELTA_DOMAIN,
+			.comment		= "NULL DELTA by rid 544"
+		},
+		{
+			.rid			= 544,
+			.flags			= NETR_CHANGELOG_SID_INCLUDED,
+			.db_index		= SAM_DATABASE_BUILTIN,
+			.delta_type		= 0,
+			.sid			= *dom_sid_parse_talloc(tctx, "S-1-5-32-544"),
+			.name			= NULL,
+			.expected_error		= NT_STATUS_OK,
+			.expected_num_results   = 1,
+			.expected_delta_type_1	= NETR_DELTA_DOMAIN,
+			.comment		= "NULL DELTA by rid 544 sid S-1-5-32-544 and flags"
+		},
+		{
+			.rid			= 544,
+			.flags			= NETR_CHANGELOG_SID_INCLUDED,
+			.db_index		= SAM_DATABASE_BUILTIN,
+			.delta_type		= NETR_DELTA_ALIAS,
+			.sid			= *dom_sid_parse_talloc(tctx, "S-1-5-32-544"),
+			.name			= NULL,
+			.expected_error		= NT_STATUS_OK,
+			.expected_num_results   = 2,
+			.expected_delta_type_1	= NETR_DELTA_ALIAS,
+			.expected_delta_type_2	= NETR_DELTA_ALIAS_MEMBER,
+			.comment		= "NETR_DELTA_ALIAS by rid 544 and sid S-1-5-32-544 and flags"
+		},
+		{
+			.rid			= 0,
+			.flags			= NETR_CHANGELOG_SID_INCLUDED,
+			.db_index		= SAM_DATABASE_BUILTIN,
+			.delta_type		= NETR_DELTA_ALIAS,
+			.sid			= *dom_sid_parse_talloc(tctx, "S-1-5-32-544"),
+			.name			= NULL,
+			.expected_error		= NT_STATUS_OK,
+			.expected_num_results   = 1,
+			.expected_delta_type_1	= NETR_DELTA_DELETE_ALIAS,
+			.comment		= "NETR_DELTA_ALIAS by sid S-1-5-32-544 and flags"
+		},
+
+		/* SAM_DATABASE_PRIVS */
+
+		{
+			.rid			= 0,
+			.flags			= 0,
+			.db_index		= SAM_DATABASE_PRIVS,
+			.delta_type		= 0,
+			.sid			= null_sid,
+			.name			= NULL,
+			.expected_error		= NT_STATUS_ACCESS_DENIED,
+			.expected_num_results   = 0,
+			.comment		= "NULL DELTA"
+		},
+		{
+			.rid			= 0,
+			.flags			= 0,
+			.db_index		= SAM_DATABASE_PRIVS,
+			.delta_type		= NETR_DELTA_MODIFY_COUNT,
+			.sid			= null_sid,
+			.name			= NULL,
+			.expected_error		= NT_STATUS_SYNCHRONIZATION_REQUIRED,
+			.expected_num_results   = 0,
+			.comment		= "NETR_DELTA_MODIFY_COUNT"
+		},
+		{
+			.rid			= 0,
+			.flags			= 0,
+			.db_index		= SAM_DATABASE_PRIVS,
+			.delta_type		= NETR_DELTA_POLICY,
+			.sid			= null_sid,
+			.name			= NULL,
+			.expected_error		= NT_STATUS_OK,
+			.expected_num_results   = 1,
+			.expected_delta_type_1	= NETR_DELTA_POLICY,
+			.comment		= "NETR_DELTA_POLICY"
+		},
+		{
+			.rid			= 0,
+			.flags			= NETR_CHANGELOG_SID_INCLUDED,
+			.db_index		= SAM_DATABASE_PRIVS,
+			.delta_type		= NETR_DELTA_POLICY,
+			.sid			= null_sid,
+			.name			= NULL,
+			.expected_error		= NT_STATUS_OK,
+			.expected_num_results   = 1,
+			.expected_delta_type_1	= NETR_DELTA_POLICY,
+			.comment		= "NETR_DELTA_POLICY by null sid and flags"
+		},
+		{
+			.rid			= 0,
+			.flags			= NETR_CHANGELOG_SID_INCLUDED,
+			.db_index		= SAM_DATABASE_PRIVS,
+			.delta_type		= NETR_DELTA_POLICY,
+			.sid			= *dom_sid_parse_talloc(tctx, "S-1-5-32"),
+			.name			= NULL,
+			.expected_error		= NT_STATUS_OK,
+			.expected_num_results   = 1,
+			.expected_delta_type_1	= NETR_DELTA_POLICY,
+			.comment		= "NETR_DELTA_POLICY by sid S-1-5-32 and flags"
+		},
+		{
+			.rid			= DOMAIN_RID_ADMINISTRATOR,
+			.flags			= 0,
+			.db_index		= SAM_DATABASE_PRIVS,
+			.delta_type		= NETR_DELTA_ACCOUNT,
+			.sid			= null_sid,
+			.name			= NULL,
+			.expected_error		= NT_STATUS_SYNCHRONIZATION_REQUIRED, /* strange */
+			.expected_num_results   = 0,
+			.comment		= "NETR_DELTA_ACCOUNT by rid 500"
+		},
+		{
+			.rid			= 0,
+			.flags			= NETR_CHANGELOG_SID_INCLUDED,
+			.db_index		= SAM_DATABASE_PRIVS,
+			.delta_type		= NETR_DELTA_ACCOUNT,
+			.sid			= *dom_sid_parse_talloc(tctx, "S-1-1-0"),
+			.name			= NULL,
+			.expected_error		= NT_STATUS_OK,
+			.expected_num_results   = 1,
+			.expected_delta_type_1	= NETR_DELTA_ACCOUNT,
+			.comment		= "NETR_DELTA_ACCOUNT by sid S-1-1-0 and flags"
+		},
+		{
+			.rid			= 0,
+			.flags			= NETR_CHANGELOG_SID_INCLUDED |
+						  NETR_CHANGELOG_IMMEDIATE_REPL_REQUIRED,
+			.db_index		= SAM_DATABASE_PRIVS,
+			.delta_type		= NETR_DELTA_ACCOUNT,
+			.sid			= *dom_sid_parse_talloc(tctx, "S-1-1-0"),
+			.name			= NULL,
+			.expected_error		= NT_STATUS_OK,
+			.expected_num_results   = 1,
+			.expected_delta_type_1	= NETR_DELTA_ACCOUNT,
+			.comment		= "NETR_DELTA_ACCOUNT by sid S-1-1-0 and 2 flags"
+		},
+		{
+			.rid			= 0,
+			.flags			= NETR_CHANGELOG_SID_INCLUDED |
+						  NETR_CHANGELOG_NAME_INCLUDED,
+			.db_index		= SAM_DATABASE_PRIVS,
+			.delta_type		= NETR_DELTA_ACCOUNT,
+			.sid			= *dom_sid_parse_talloc(tctx, "S-1-1-0"),
+			.name			= NULL,
+			.expected_error		= NT_STATUS_INVALID_PARAMETER,
+			.expected_num_results   = 0,
+			.comment		= "NETR_DELTA_ACCOUNT by sid S-1-1-0 and invalid flags"
+		},
+		{
+			.rid			= DOMAIN_RID_ADMINISTRATOR,
+			.flags			= NETR_CHANGELOG_SID_INCLUDED,
+			.db_index		= SAM_DATABASE_PRIVS,
+			.delta_type		= NETR_DELTA_ACCOUNT,
+			.sid			= *sid,
+			.name			= NULL,
+			.expected_error		= NT_STATUS_OK,
+			.expected_num_results   = 1,
+			.expected_delta_type_1	= NETR_DELTA_DELETE_ACCOUNT,
+			.comment		= "NETR_DELTA_ACCOUNT by rid 500, sid and flags"
+		},
+		{
+			.rid			= 0,
+			.flags			= NETR_CHANGELOG_NAME_INCLUDED,
+			.db_index		= SAM_DATABASE_PRIVS,
+			.delta_type		= NETR_DELTA_SECRET,
+			.sid			= null_sid,
+			.name			= "IsurelydontexistIhope",
+			.expected_error		= NT_STATUS_OK,
+			.expected_num_results   = 1,
+			.expected_delta_type_1	= NETR_DELTA_DELETE_SECRET,
+			.comment		= "NETR_DELTA_SECRET by name 'IsurelydontexistIhope' and flags"
+		},
+		{
+			.rid			= 0,
+			.flags			= NETR_CHANGELOG_NAME_INCLUDED,
+			.db_index		= SAM_DATABASE_PRIVS,
+			.delta_type		= NETR_DELTA_SECRET,
+			.sid			= null_sid,
+			.name			= "G$BCKUPKEY_P",
+			.expected_error		= NT_STATUS_OK,
+			.expected_num_results   = 1,
+			.expected_delta_type_1	= NETR_DELTA_SECRET,
+			.comment		= "NETR_DELTA_SECRET by name 'G$BCKUPKEY_P' and flags"
+		}
+	};
+
+	ZERO_STRUCT(return_authenticator);
+
+	r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.computername = TEST_MACHINE_NAME;
+	r.in.return_authenticator = &return_authenticator;
+	r.out.return_authenticator = &return_authenticator;
+	r.out.delta_enum_array = &delta_enum_array;
+
+	for (d=0; d<3; d++) {
+		const char *database = NULL;
+
+		switch (d) {
+		case 0:
+			database = "SAM";
+			break;
+		case 1:
+			database = "BUILTIN";
+			break;
+		case 2:
+			database = "LSA";
+			break;
+		default:
+			break;
+		}
+
+		torture_comment(tctx, "Testing DatabaseRedo\n");
+
+		if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
+			return false;
+		}
+
+		for (i=0;i<ARRAY_SIZE(changes);i++) {
+
+			if (d != changes[i].db_index) {
+				continue;
+			}
+
+			netlogon_creds_client_authenticator(creds, &credential);
+
+			r.in.credential = &credential;
+
+			e.serial_number1	= 0;
+			e.serial_number2	= 0;
+			e.object_rid		= changes[i].rid;
+			e.flags			= changes[i].flags;
+			e.db_index		= changes[i].db_index;
+			e.delta_type		= changes[i].delta_type;
+
+			switch (changes[i].flags & (NETR_CHANGELOG_NAME_INCLUDED | NETR_CHANGELOG_SID_INCLUDED)) {
+			case NETR_CHANGELOG_SID_INCLUDED:
+				e.object.object_sid		= changes[i].sid;
+				break;
+			case NETR_CHANGELOG_NAME_INCLUDED:
+				e.object.object_name		= changes[i].name;
+				break;
+			default:
+				break;
+			}
+
+			r.in.change_log_entry = e;
+
+			torture_comment(tctx, "Testing DatabaseRedo with database %s and %s\n",
+				database, changes[i].comment);
+
+			torture_assert_ntstatus_ok(tctx, dcerpc_netr_DatabaseRedo_r(b, tctx, &r),
+				"DatabaseRedo failed");
+			if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_SUPPORTED)) {
+				return true;
+			}
+
+			torture_assert_ntstatus_equal(tctx, r.out.result, changes[i].expected_error, changes[i].comment);
+			if (delta_enum_array) {
+				torture_assert_int_equal(tctx,
+					delta_enum_array->num_deltas,
+					changes[i].expected_num_results,
+					changes[i].comment);
+				if (delta_enum_array->num_deltas > 0) {
+					torture_assert_int_equal(tctx,
+						delta_enum_array->delta_enum[0].delta_type,
+						changes[i].expected_delta_type_1,
+						changes[i].comment);
+				}
+				if (delta_enum_array->num_deltas > 1) {
+					torture_assert_int_equal(tctx,
+						delta_enum_array->delta_enum[1].delta_type,
+						changes[i].expected_delta_type_2,
+						changes[i].comment);
+				}
+			}
+
+			if (!netlogon_creds_client_check(creds, &return_authenticator.cred)) {
+				torture_comment(tctx, "Credential chaining failed\n");
+				if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
+					return false;
+				}
+			}
+		}
+	}
+	}
+
+	return true;
+}
+
+/*
+  try a netlogon AccountDeltas
+*/
+static bool test_AccountDeltas(struct torture_context *tctx,
+			       struct dcerpc_pipe *p,
+			       struct cli_credentials *machine_credentials)
+{
+	struct netr_AccountDeltas r;
+	struct netlogon_creds_CredentialState *creds;
+
+	struct netr_AccountBuffer buffer;
+	uint32_t count_returned = 0;
+	uint32_t total_entries = 0;
+	struct netr_UAS_INFO_0 recordid;
+	struct netr_Authenticator return_authenticator;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
+		return false;
+	}
+
+	ZERO_STRUCT(return_authenticator);
+
+	r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.computername = TEST_MACHINE_NAME;
+	r.in.return_authenticator = &return_authenticator;
+	netlogon_creds_client_authenticator(creds, &r.in.credential);
+	ZERO_STRUCT(r.in.uas);
+	r.in.count=10;
+	r.in.level=0;
+	r.in.buffersize=100;
+	r.out.buffer = &buffer;
+	r.out.count_returned = &count_returned;
+	r.out.total_entries = &total_entries;
+	r.out.recordid = &recordid;
+	r.out.return_authenticator = &return_authenticator;
+
+	/* w2k3 returns "NOT IMPLEMENTED" for this call */
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_AccountDeltas_r(b, tctx, &r),
+		"AccountDeltas failed");
+	torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_NOT_IMPLEMENTED, "AccountDeltas");
+
+	return true;
+}
+
+/*
+  try a netlogon AccountSync
+*/
+static bool test_AccountSync(struct torture_context *tctx, struct dcerpc_pipe *p,
+			     struct cli_credentials *machine_credentials)
+{
+	struct netr_AccountSync r;
+	struct netlogon_creds_CredentialState *creds;
+
+	struct netr_AccountBuffer buffer;
+	uint32_t count_returned = 0;
+	uint32_t total_entries = 0;
+	uint32_t next_reference = 0;
+	struct netr_UAS_INFO_0 recordid;
+	struct netr_Authenticator return_authenticator;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	ZERO_STRUCT(recordid);
+	ZERO_STRUCT(return_authenticator);
+
+	if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
+		return false;
+	}
+
+	r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.computername = TEST_MACHINE_NAME;
+	r.in.return_authenticator = &return_authenticator;
+	netlogon_creds_client_authenticator(creds, &r.in.credential);
+	r.in.recordid = &recordid;
+	r.in.reference=0;
+	r.in.level=0;
+	r.in.buffersize=100;
+	r.out.buffer = &buffer;
+	r.out.count_returned = &count_returned;
+	r.out.total_entries = &total_entries;
+	r.out.next_reference = &next_reference;
+	r.out.recordid = &recordid;
+	r.out.return_authenticator = &return_authenticator;
+
+	/* w2k3 returns "NOT IMPLEMENTED" for this call */
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_AccountSync_r(b, tctx, &r),
+		"AccountSync failed");
+	torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_NOT_IMPLEMENTED, "AccountSync");
+
+	return true;
+}
+
+/*
+  try a netlogon GetDcName
+*/
+static bool test_GetDcName(struct torture_context *tctx,
+			   struct dcerpc_pipe *p)
+{
+	struct netr_GetDcName r;
+	const char *dcname = NULL;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.domainname = lpcfg_workgroup(tctx->lp_ctx);
+	r.out.dcname = &dcname;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_GetDcName_r(b, tctx, &r),
+		"GetDcName failed");
+	torture_assert_werr_ok(tctx, r.out.result, "GetDcName failed");
+
+	torture_comment(tctx, "\tDC is at '%s'\n", dcname);
+
+	return true;
+}
+
+static const char *function_code_str(TALLOC_CTX *mem_ctx,
+				     enum netr_LogonControlCode function_code)
+{
+	switch (function_code) {
+	case NETLOGON_CONTROL_QUERY:
+		return "NETLOGON_CONTROL_QUERY";
+	case NETLOGON_CONTROL_REPLICATE:
+		return "NETLOGON_CONTROL_REPLICATE";
+	case NETLOGON_CONTROL_SYNCHRONIZE:
+		return "NETLOGON_CONTROL_SYNCHRONIZE";
+	case NETLOGON_CONTROL_PDC_REPLICATE:
+		return "NETLOGON_CONTROL_PDC_REPLICATE";
+	case NETLOGON_CONTROL_REDISCOVER:
+		return "NETLOGON_CONTROL_REDISCOVER";
+	case NETLOGON_CONTROL_TC_QUERY:
+		return "NETLOGON_CONTROL_TC_QUERY";
+	case NETLOGON_CONTROL_TRANSPORT_NOTIFY:
+		return "NETLOGON_CONTROL_TRANSPORT_NOTIFY";
+	case NETLOGON_CONTROL_FIND_USER:
+		return "NETLOGON_CONTROL_FIND_USER";
+	case NETLOGON_CONTROL_CHANGE_PASSWORD:
+		return "NETLOGON_CONTROL_CHANGE_PASSWORD";
+	case NETLOGON_CONTROL_TC_VERIFY:
+		return "NETLOGON_CONTROL_TC_VERIFY";
+	case NETLOGON_CONTROL_FORCE_DNS_REG:
+		return "NETLOGON_CONTROL_FORCE_DNS_REG";
+	case NETLOGON_CONTROL_QUERY_DNS_REG:
+		return "NETLOGON_CONTROL_QUERY_DNS_REG";
+	case NETLOGON_CONTROL_BACKUP_CHANGE_LOG:
+		return "NETLOGON_CONTROL_BACKUP_CHANGE_LOG";
+	case NETLOGON_CONTROL_TRUNCATE_LOG:
+		return "NETLOGON_CONTROL_TRUNCATE_LOG";
+	case NETLOGON_CONTROL_SET_DBFLAG:
+		return "NETLOGON_CONTROL_SET_DBFLAG";
+	case NETLOGON_CONTROL_BREAKPOINT:
+		return "NETLOGON_CONTROL_BREAKPOINT";
+	default:
+		return talloc_asprintf(mem_ctx, "unknown function code: %d",
+				       function_code);
+	}
+}
+
+
+/*
+  try a netlogon LogonControl
+*/
+static bool test_LogonControl(struct torture_context *tctx,
+			      struct dcerpc_pipe *p,
+			      struct cli_credentials *machine_credentials)
+
+{
+	NTSTATUS status;
+	struct netr_LogonControl r;
+	union netr_CONTROL_QUERY_INFORMATION query;
+	int i,f;
+	enum netr_SchannelType secure_channel_type = SEC_CHAN_NULL;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	uint32_t function_codes[] = {
+		NETLOGON_CONTROL_QUERY,
+		NETLOGON_CONTROL_REPLICATE,
+		NETLOGON_CONTROL_SYNCHRONIZE,
+		NETLOGON_CONTROL_PDC_REPLICATE,
+		NETLOGON_CONTROL_REDISCOVER,
+		NETLOGON_CONTROL_TC_QUERY,
+		NETLOGON_CONTROL_TRANSPORT_NOTIFY,
+		NETLOGON_CONTROL_FIND_USER,
+		NETLOGON_CONTROL_CHANGE_PASSWORD,
+		NETLOGON_CONTROL_TC_VERIFY,
+		NETLOGON_CONTROL_FORCE_DNS_REG,
+		NETLOGON_CONTROL_QUERY_DNS_REG,
+		NETLOGON_CONTROL_BACKUP_CHANGE_LOG,
+		NETLOGON_CONTROL_TRUNCATE_LOG,
+		NETLOGON_CONTROL_SET_DBFLAG,
+		NETLOGON_CONTROL_BREAKPOINT
+	};
+
+	if (machine_credentials) {
+		secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
+	}
+
+	torture_comment(tctx, "Testing LogonControl with secure channel type: %d\n",
+		secure_channel_type);
+
+	r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.function_code = 1;
+	r.out.query = &query;
+
+	for (f=0;f<ARRAY_SIZE(function_codes); f++) {
+	for (i=1;i<5;i++) {
+
+		r.in.function_code = function_codes[f];
+		r.in.level = i;
+
+		torture_comment(tctx, "Testing LogonControl function code %s (%d) level %d\n",
+				function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
+
+		status = dcerpc_netr_LogonControl_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "LogonControl");
+
+		switch (r.in.level) {
+		case 1:
+			switch (r.in.function_code) {
+			case NETLOGON_CONTROL_REPLICATE:
+			case NETLOGON_CONTROL_SYNCHRONIZE:
+			case NETLOGON_CONTROL_PDC_REPLICATE:
+			case NETLOGON_CONTROL_BREAKPOINT:
+			case NETLOGON_CONTROL_BACKUP_CHANGE_LOG:
+				if ((secure_channel_type == SEC_CHAN_BDC) ||
+				    (secure_channel_type == SEC_CHAN_WKSTA)) {
+					torture_assert_werr_equal(tctx, r.out.result, WERR_ACCESS_DENIED,
+						"LogonControl returned unexpected error code");
+				} else {
+					torture_assert_werr_equal(tctx, r.out.result, WERR_NOT_SUPPORTED,
+						"LogonControl returned unexpected error code");
+				}
+				break;
+
+			case NETLOGON_CONTROL_REDISCOVER:
+			case NETLOGON_CONTROL_TC_QUERY:
+			case NETLOGON_CONTROL_TRANSPORT_NOTIFY:
+			case NETLOGON_CONTROL_FIND_USER:
+			case NETLOGON_CONTROL_CHANGE_PASSWORD:
+			case NETLOGON_CONTROL_TC_VERIFY:
+			case NETLOGON_CONTROL_FORCE_DNS_REG:
+			case NETLOGON_CONTROL_QUERY_DNS_REG:
+			case NETLOGON_CONTROL_SET_DBFLAG:
+				torture_assert_werr_equal(tctx, r.out.result, WERR_NOT_SUPPORTED,
+					"LogonControl returned unexpected error code");
+				break;
+			case NETLOGON_CONTROL_TRUNCATE_LOG:
+				if ((secure_channel_type == SEC_CHAN_BDC) ||
+				    (secure_channel_type == SEC_CHAN_WKSTA)) {
+					torture_assert_werr_equal(tctx, r.out.result, WERR_ACCESS_DENIED,
+						"LogonControl returned unexpected error code");
+				} else if (!W_ERROR_EQUAL(r.out.result, WERR_NOT_SUPPORTED)) {
+					torture_assert_werr_ok(tctx, r.out.result,
+						"LogonControl returned unexpected result");
+				}
+				break;
+			default:
+				torture_assert_werr_ok(tctx, r.out.result,
+					"LogonControl returned unexpected result");
+				break;
+			}
+			break;
+		case 2:
+			torture_assert_werr_equal(tctx, r.out.result, WERR_NOT_SUPPORTED,
+				"LogonControl returned unexpected error code");
+			break;
+		default:
+			torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_LEVEL,
+				"LogonControl returned unexpected error code");
+			break;
+		}
+	}
+	}
+
+	r.in.level = 52;
+	torture_comment(tctx, "Testing LogonControl function code %s (%d) level %d\n",
+			function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
+	status = dcerpc_netr_LogonControl_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "LogonControl");
+	torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_LEVEL, "LogonControl");
+
+	return true;
+}
+
+
+/*
+  try a netlogon GetAnyDCName
+*/
+static bool test_GetAnyDCName(struct torture_context *tctx,
+			      struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct netr_GetAnyDCName r;
+	const char *dcname = NULL;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.domainname = lpcfg_workgroup(tctx->lp_ctx);
+	r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.out.dcname = &dcname;
+
+	status = dcerpc_netr_GetAnyDCName_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
+	if ((!W_ERROR_IS_OK(r.out.result)) &&
+	    (!W_ERROR_EQUAL(r.out.result, WERR_NO_SUCH_DOMAIN))) {
+		return false;
+	}
+
+	if (dcname) {
+	    torture_comment(tctx, "\tDC is at '%s'\n", dcname);
+	}
+
+	r.in.domainname = NULL;
+
+	status = dcerpc_netr_GetAnyDCName_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
+	if ((!W_ERROR_IS_OK(r.out.result)) &&
+	    (!W_ERROR_EQUAL(r.out.result, WERR_NO_SUCH_DOMAIN))) {
+		return false;
+	}
+
+	r.in.domainname = "";
+
+	status = dcerpc_netr_GetAnyDCName_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
+	if ((!W_ERROR_IS_OK(r.out.result)) &&
+	    (!W_ERROR_EQUAL(r.out.result, WERR_NO_SUCH_DOMAIN))) {
+		return false;
+	}
+
+	return true;
+}
+
+
+/*
+  try a netlogon LogonControl2
+*/
+static bool test_LogonControl2(struct torture_context *tctx,
+			       struct dcerpc_pipe *p,
+			       struct cli_credentials *machine_credentials)
+
+{
+	NTSTATUS status;
+	struct netr_LogonControl2 r;
+	union netr_CONTROL_DATA_INFORMATION data;
+	union netr_CONTROL_QUERY_INFORMATION query;
+	enum netr_SchannelType secure_channel_type = SEC_CHAN_NULL;
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	data.domain = lpcfg_workgroup(tctx->lp_ctx);
+
+	if (machine_credentials) {
+		secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
+	}
+
+	torture_comment(tctx, "Testing LogonControl2 with secure channel type: %d\n",
+		secure_channel_type);
+
+	r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+
+	r.in.function_code = NETLOGON_CONTROL_REDISCOVER;
+	r.in.data = &data;
+	r.out.query = &query;
+
+	for (i=1;i<4;i++) {
+		r.in.level = i;
+
+		torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
+			function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
+
+		status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
+	}
+
+	data.domain = lpcfg_workgroup(tctx->lp_ctx);
+
+	r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
+	r.in.data = &data;
+
+	for (i=1;i<4;i++) {
+		r.in.level = i;
+
+		torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
+			function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
+
+		status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
+	}
+
+	data.domain = lpcfg_workgroup(tctx->lp_ctx);
+
+	r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
+	r.in.data = &data;
+
+	for (i=1;i<4;i++) {
+		r.in.level = i;
+
+		torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
+			function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
+
+		status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
+	}
+
+	data.debug_level = ~0;
+
+	r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
+	r.in.data = &data;
+
+	for (i=1;i<4;i++) {
+		r.in.level = i;
+
+		torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
+			function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
+
+		status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
+	}
+
+	ZERO_STRUCT(data);
+	r.in.function_code = 52;
+	r.in.data = &data;
+
+	torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
+			function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
+
+	status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
+	switch (secure_channel_type) {
+	case SEC_CHAN_NULL:
+		torture_assert_werr_equal(tctx, r.out.result, WERR_NOT_SUPPORTED, "LogonControl2");
+		break;
+	default:
+		torture_assert_werr_equal(tctx, r.out.result, WERR_ACCESS_DENIED, "LogonControl2");
+		break;
+	}
+	data.debug_level = ~0;
+
+	r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
+	r.in.data = &data;
+
+	r.in.level = 52;
+	torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
+			function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
+
+	status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
+	torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_LEVEL, "LogonControl2");
+
+	return true;
+}
+
+/*
+  try a netlogon DatabaseSync2
+*/
+static bool test_DatabaseSync2(struct torture_context *tctx,
+			       struct dcerpc_pipe *p,
+			       struct cli_credentials *machine_credentials)
+{
+	struct netr_DatabaseSync2 r;
+	struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
+	struct netr_Authenticator return_authenticator, credential;
+
+	struct netlogon_creds_CredentialState *creds;
+	const uint32_t database_ids[] = {0, 1, 2};
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (!test_SetupCredentials2(p, tctx, NETLOGON_NEG_AUTH2_FLAGS,
+				    machine_credentials,
+				    cli_credentials_get_secure_channel_type(machine_credentials),
+				    &creds)) {
+		return false;
+	}
+
+	ZERO_STRUCT(return_authenticator);
+
+	r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.computername = TEST_MACHINE_NAME;
+	r.in.preferredmaximumlength = (uint32_t)-1;
+	r.in.return_authenticator = &return_authenticator;
+	r.out.return_authenticator = &return_authenticator;
+	r.out.delta_enum_array = &delta_enum_array;
+
+	for (i=0;i<ARRAY_SIZE(database_ids);i++) {
+
+		uint32_t sync_context = 0;
+
+		r.in.database_id = database_ids[i];
+		r.in.sync_context = &sync_context;
+		r.out.sync_context = &sync_context;
+		r.in.restart_state = 0;
+
+		torture_comment(tctx, "Testing DatabaseSync2 of id %d\n", r.in.database_id);
+
+		do {
+			netlogon_creds_client_authenticator(creds, &credential);
+
+			r.in.credential = &credential;
+
+			torture_assert_ntstatus_ok(tctx, dcerpc_netr_DatabaseSync2_r(b, tctx, &r),
+				"DatabaseSync2 failed");
+			if (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES))
+			    break;
+
+			/* Native mode servers don't do this */
+			if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_SUPPORTED)) {
+				return true;
+			}
+
+			torture_assert_ntstatus_ok(tctx, r.out.result, "DatabaseSync2");
+
+			if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
+				torture_comment(tctx, "Credential chaining failed\n");
+			}
+
+		} while (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES));
+	}
+
+	return true;
+}
+
+
+/*
+  try a netlogon LogonControl2Ex
+*/
+static bool test_LogonControl2Ex(struct torture_context *tctx,
+				 struct dcerpc_pipe *p,
+				 struct cli_credentials *machine_credentials)
+
+{
+	NTSTATUS status;
+	struct netr_LogonControl2Ex r;
+	union netr_CONTROL_DATA_INFORMATION data;
+	union netr_CONTROL_QUERY_INFORMATION query;
+	enum netr_SchannelType secure_channel_type = SEC_CHAN_NULL;
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	data.domain = lpcfg_workgroup(tctx->lp_ctx);
+
+	if (machine_credentials) {
+		secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
+	}
+
+	torture_comment(tctx, "Testing LogonControl2Ex with secure channel type: %d\n",
+		secure_channel_type);
+
+	r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+
+	r.in.function_code = NETLOGON_CONTROL_REDISCOVER;
+	r.in.data = &data;
+	r.out.query = &query;
+
+	for (i=1;i<4;i++) {
+		r.in.level = i;
+
+		torture_comment(tctx, "Testing LogonControl2Ex function code %s (%d) level %d\n",
+			function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
+
+		status = dcerpc_netr_LogonControl2Ex_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "LogonControl2Ex");
+	}
+
+	data.domain = lpcfg_workgroup(tctx->lp_ctx);
+
+	r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
+	r.in.data = &data;
+
+	for (i=1;i<4;i++) {
+		r.in.level = i;
+
+		torture_comment(tctx, "Testing LogonControl2Ex function code %s (%d) level %d\n",
+			function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
+
+		status = dcerpc_netr_LogonControl2Ex_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "LogonControl2Ex");
+	}
+
+	data.domain = lpcfg_workgroup(tctx->lp_ctx);
+
+	r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
+	r.in.data = &data;
+
+	for (i=1;i<4;i++) {
+		r.in.level = i;
+
+		torture_comment(tctx, "Testing LogonControl2Ex function code %s (%d) level %d\n",
+			function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
+
+		status = dcerpc_netr_LogonControl2Ex_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "LogonControl2Ex");
+	}
+
+	data.debug_level = ~0;
+
+	r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
+	r.in.data = &data;
+
+	for (i=1;i<4;i++) {
+		r.in.level = i;
+
+		torture_comment(tctx, "Testing LogonControl2Ex function code %s (%d) level %d\n",
+			function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
+
+		status = dcerpc_netr_LogonControl2Ex_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "LogonControl2Ex");
+	}
+
+	ZERO_STRUCT(data);
+	r.in.function_code = 52;
+	r.in.data = &data;
+
+	torture_comment(tctx, "Testing LogonControl2Ex function code %s (%d) level %d\n",
+			function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
+
+	status = dcerpc_netr_LogonControl2Ex_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "LogonControl2Ex");
+	switch (secure_channel_type) {
+	case SEC_CHAN_NULL:
+		torture_assert_werr_equal(tctx, r.out.result, WERR_NOT_SUPPORTED, "LogonControl2Ex");
+		break;
+	default:
+		torture_assert_werr_equal(tctx, r.out.result, WERR_ACCESS_DENIED, "LogonControl2Ex");
+		break;
+	}
+	data.debug_level = ~0;
+
+	r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
+	r.in.data = &data;
+
+	r.in.level = 52;
+	torture_comment(tctx, "Testing LogonControl2Ex function code %s (%d) level %d\n",
+			function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
+
+	status = dcerpc_netr_LogonControl2Ex_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "LogonControl2Ex");
+	torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_LEVEL, "LogonControl2Ex");
+
+	return true;
+}
+
+static bool test_netr_GetForestTrustInformation(struct torture_context *tctx,
+						struct dcerpc_pipe *p1,
+						struct cli_credentials *machine_credentials)
+{
+	struct netr_GetForestTrustInformation r;
+	struct netlogon_creds_CredentialState *creds;
+	struct netr_Authenticator a;
+	struct netr_Authenticator return_authenticator;
+	struct lsa_ForestTrustInformation *forest_trust_info;
+	struct dcerpc_pipe *p = NULL;
+	struct dcerpc_binding_handle *b = NULL;
+
+	if (!test_SetupCredentials3(p1, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS | NETLOGON_NEG_SUPPORTS_AES,
+				    machine_credentials, &creds)) {
+		return false;
+	}
+	if (!test_SetupCredentialsPipe(p1, tctx, machine_credentials, creds,
+				       DCERPC_SIGN | DCERPC_SEAL, &p)) {
+		return false;
+	}
+	b = p->binding_handle;
+
+	netlogon_creds_client_authenticator(creds, &a);
+
+	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.computer_name = TEST_MACHINE_NAME;
+	r.in.credential = &a;
+	r.in.flags = 0;
+	r.out.return_authenticator = &return_authenticator;
+	r.out.forest_trust_info = &forest_trust_info;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_netr_GetForestTrustInformation_r(b, tctx, &r),
+		"netr_GetForestTrustInformation failed");
+	if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_IMPLEMENTED)) {
+		torture_comment(tctx, "not considering NT_STATUS_NOT_IMPLEMENTED as an error\n");
+	} else {
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"netr_GetForestTrustInformation failed");
+	}
+
+	torture_assert(tctx,
+		netlogon_creds_client_check(creds, &return_authenticator.cred),
+		"Credential chaining failed");
+
+	return true;
+}
+
+static bool test_netr_DsRGetForestTrustInformation(struct torture_context *tctx,
+						   struct dcerpc_pipe *p, const char *trusted_domain_name)
+{
+	NTSTATUS status;
+	struct netr_DsRGetForestTrustInformation r;
+	struct lsa_ForestTrustInformation info, *info_ptr;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	info_ptr = &info;
+
+	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.trusted_domain_name = trusted_domain_name;
+	r.in.flags = 0;
+	r.out.forest_trust_info = &info_ptr;
+
+	torture_comment(tctx ,"Testing netr_DsRGetForestTrustInformation\n");
+
+	status = dcerpc_netr_DsRGetForestTrustInformation_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "DsRGetForestTrustInformation");
+	torture_assert_werr_ok(tctx, r.out.result, "DsRGetForestTrustInformation");
+
+	return true;
+}
+
+/*
+  try a netlogon netr_DsrEnumerateDomainTrusts
+*/
+static bool test_DsrEnumerateDomainTrusts(struct torture_context *tctx,
+					  struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct netr_DsrEnumerateDomainTrusts r;
+	struct netr_DomainTrustList trusts;
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.trust_flags = 0x3f;
+	r.out.trusts = &trusts;
+
+	status = dcerpc_netr_DsrEnumerateDomainTrusts_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "DsrEnumerateDomaintrusts");
+	torture_assert_werr_ok(tctx, r.out.result, "DsrEnumerateDomaintrusts");
+
+	/* when trusted_domain_name is NULL, netr_DsRGetForestTrustInformation
+	 * will show non-forest trusts and all UPN suffixes of the own forest
+	 * as LSA_FOREST_TRUST_TOP_LEVEL_NAME types */
+
+	if (r.out.trusts->count) {
+		if (!test_netr_DsRGetForestTrustInformation(tctx, p, NULL)) {
+			return false;
+		}
+	}
+
+	for (i=0; i<r.out.trusts->count; i++) {
+
+		/* get info for transitive forest trusts */
+
+		if (r.out.trusts->array[i].trust_attributes & LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) {
+			if (!test_netr_DsRGetForestTrustInformation(tctx, p,
+								    r.out.trusts->array[i].dns_name)) {
+				return false;
+			}
+		}
+	}
+
+	return true;
+}
+
+static bool test_netr_NetrEnumerateTrustedDomains(struct torture_context *tctx,
+						  struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct netr_NetrEnumerateTrustedDomains r;
+	struct netr_Blob trusted_domains_blob;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.out.trusted_domains_blob = &trusted_domains_blob;
+
+	status = dcerpc_netr_NetrEnumerateTrustedDomains_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "netr_NetrEnumerateTrustedDomains");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "NetrEnumerateTrustedDomains");
+
+	return true;
+}
+
+static bool test_netr_NetrEnumerateTrustedDomainsEx(struct torture_context *tctx,
+						    struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct netr_NetrEnumerateTrustedDomainsEx r;
+	struct netr_DomainTrustList dom_trust_list;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.out.dom_trust_list = &dom_trust_list;
+
+	status = dcerpc_netr_NetrEnumerateTrustedDomainsEx_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "netr_NetrEnumerateTrustedDomainsEx");
+	torture_assert_werr_ok(tctx, r.out.result, "NetrEnumerateTrustedDomainsEx");
+
+	return true;
+}
+
+
+static bool test_netr_DsRGetSiteName(struct dcerpc_pipe *p, struct torture_context *tctx,
+				     const char *computer_name,
+				     const char *expected_site)
+{
+	NTSTATUS status;
+	struct netr_DsRGetSiteName r;
+	const char *site = NULL;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.computer_name		= computer_name;
+	r.out.site			= &site;
+	torture_comment(tctx, "Testing netr_DsRGetSiteName\n");
+
+	status = dcerpc_netr_DsRGetSiteName_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "DsRGetSiteName");
+	torture_assert_werr_ok(tctx, r.out.result, "DsRGetSiteName");
+	torture_assert_str_equal(tctx, expected_site, site, "netr_DsRGetSiteName");
+
+	return true;
+}
+
+/*
+  try a netlogon netr_DsRGetDCName
+*/
+static bool test_netr_DsRGetDCName(struct torture_context *tctx,
+				   struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct netr_DsRGetDCName r;
+	struct netr_DsRGetDCNameInfo *info = NULL;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.server_unc		= talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.domain_name	= lpcfg_dnsdomain(tctx->lp_ctx);
+	r.in.domain_guid	= NULL;
+	r.in.site_guid	        = NULL;
+	r.in.flags		= DS_RETURN_DNS_NAME;
+	r.out.info		= &info;
+
+	status = dcerpc_netr_DsRGetDCName_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "DsRGetDCName");
+	torture_assert_werr_ok(tctx, r.out.result, "DsRGetDCName");
+
+	torture_assert_int_equal(tctx,
+				 (info->dc_flags & (DS_DNS_CONTROLLER)),
+				 DS_DNS_CONTROLLER,
+				 "DsRGetDCName");
+	torture_assert_int_equal(tctx,
+				 (info->dc_flags & (DS_DNS_DOMAIN)),
+				 DS_DNS_DOMAIN,
+				 "DsRGetDCName");
+	torture_assert_int_equal(tctx,
+				 (info->dc_flags & (DS_DNS_FOREST_ROOT)),
+				 DS_DNS_FOREST_ROOT,
+				 "DsRGetDCName");
+
+	r.in.domain_name	= lpcfg_workgroup(tctx->lp_ctx);
+	r.in.flags		= 0;
+
+	status = dcerpc_netr_DsRGetDCName_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "DsRGetDCName");
+	torture_assert_werr_ok(tctx, r.out.result, "DsRGetDCName");
+
+	torture_assert_int_equal(tctx,
+				 (info->dc_flags & (DS_DNS_CONTROLLER)), 0,
+				 "DsRGetDCName");
+	torture_assert_int_equal(tctx,
+				 (info->dc_flags & (DS_DNS_DOMAIN)), 0,
+				 "DsRGetDCName");
+	torture_assert_int_equal(tctx,
+				 (info->dc_flags & (DS_DNS_FOREST_ROOT)),
+				 DS_DNS_FOREST_ROOT,
+				 "DsRGetDCName");
+
+	if (strcasecmp(info->dc_site_name, info->client_site_name) == 0) {
+		torture_assert_int_equal(tctx,
+					 (info->dc_flags & (DS_SERVER_CLOSEST)),
+					 DS_SERVER_CLOSEST,
+					 "DsRGetDCName");
+	}
+
+	return test_netr_DsRGetSiteName(p, tctx,
+				       info->dc_unc,
+				       info->dc_site_name);
+}
+
+/*
+  try a netlogon netr_DsRGetDCNameEx
+*/
+static bool test_netr_DsRGetDCNameEx(struct torture_context *tctx,
+				     struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct netr_DsRGetDCNameEx r;
+	struct netr_DsRGetDCNameInfo *info = NULL;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.server_unc		= talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.domain_name	= lpcfg_dnsdomain(tctx->lp_ctx);
+	r.in.domain_guid	= NULL;
+	r.in.site_name	        = NULL;
+	r.in.flags		= DS_RETURN_DNS_NAME;
+	r.out.info		= &info;
+
+	status = dcerpc_netr_DsRGetDCNameEx_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx");
+	torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx");
+
+	torture_assert_int_equal(tctx,
+				 (info->dc_flags & (DS_DNS_CONTROLLER)),
+				 DS_DNS_CONTROLLER,
+				 "DsRGetDCNameEx");
+	torture_assert_int_equal(tctx,
+				 (info->dc_flags & (DS_DNS_DOMAIN)),
+				 DS_DNS_DOMAIN,
+				 "DsRGetDCNameEx");
+	torture_assert_int_equal(tctx,
+				 (info->dc_flags & (DS_DNS_FOREST_ROOT)),
+				 DS_DNS_FOREST_ROOT,
+				 "DsRGetDCNameEx");
+
+	r.in.domain_name	= lpcfg_workgroup(tctx->lp_ctx);
+	r.in.flags		= 0;
+
+	status = dcerpc_netr_DsRGetDCNameEx_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx");
+	torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx");
+
+	torture_assert_int_equal(tctx,
+				 (info->dc_flags & (DS_DNS_CONTROLLER)), 0,
+				 "DsRGetDCNameEx");
+	torture_assert_int_equal(tctx,
+				 (info->dc_flags & (DS_DNS_DOMAIN)), 0,
+				 "DsRGetDCNameEx");
+	torture_assert_int_equal(tctx,
+				 (info->dc_flags & (DS_DNS_FOREST_ROOT)),
+				 DS_DNS_FOREST_ROOT,
+				 "DsRGetDCNameEx");
+
+	if (strcasecmp(info->dc_site_name, info->client_site_name) == 0) {
+		torture_assert_int_equal(tctx,
+					 (info->dc_flags & (DS_SERVER_CLOSEST)),
+					 DS_SERVER_CLOSEST,
+					 "DsRGetDCNameEx");
+	}
+
+	return test_netr_DsRGetSiteName(p, tctx, info->dc_unc,
+				        info->dc_site_name);
+}
+
+/*
+  try a netlogon netr_DsRGetDCNameEx2
+*/
+static bool test_netr_DsRGetDCNameEx2(struct torture_context *tctx,
+				      struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct netr_DsRGetDCNameEx2 r;
+	struct netr_DsRGetDCNameInfo *info = NULL;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	torture_comment(tctx, "Testing netr_DsRGetDCNameEx2 with no inputs\n");
+	ZERO_STRUCT(r.in);
+	r.in.flags		= DS_RETURN_DNS_NAME;
+	r.out.info		= &info;
+
+	status = dcerpc_netr_DsRGetDCNameEx2_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
+	torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
+
+	torture_assert_int_equal(tctx,
+				 (info->dc_flags & (DS_DNS_CONTROLLER)),
+				 DS_DNS_CONTROLLER,
+				 "DsRGetDCNameEx2");
+	torture_assert_int_equal(tctx,
+				 (info->dc_flags & (DS_DNS_DOMAIN)),
+				 DS_DNS_DOMAIN,
+				 "DsRGetDCNameEx2");
+	torture_assert_int_equal(tctx,
+				 (info->dc_flags & (DS_DNS_FOREST_ROOT)),
+				 DS_DNS_FOREST_ROOT,
+				 "DsRGetDCNameEx2");
+
+	r.in.server_unc		= talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.client_account	= NULL;
+	r.in.mask		= 0x00000000;
+	r.in.domain_name	= lpcfg_dnsdomain(tctx->lp_ctx);
+	r.in.domain_guid	= NULL;
+	r.in.site_name		= NULL;
+	r.in.flags		= DS_RETURN_DNS_NAME;
+	r.out.info		= &info;
+
+	torture_comment(tctx, "Testing netr_DsRGetDCNameEx2 without client account\n");
+
+	status = dcerpc_netr_DsRGetDCNameEx2_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
+	torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
+
+	r.in.domain_name	= lpcfg_workgroup(tctx->lp_ctx);
+	r.in.flags		= 0;
+
+	status = dcerpc_netr_DsRGetDCNameEx2_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
+	torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
+
+	torture_assert_int_equal(tctx,
+				 (info->dc_flags & (DS_DNS_CONTROLLER)), 0,
+				 "DsRGetDCNameEx2");
+	torture_assert_int_equal(tctx,
+				 (info->dc_flags & (DS_DNS_DOMAIN)), 0,
+				 "DsRGetDCNameEx2");
+	torture_assert_int_equal(tctx,
+				 (info->dc_flags & (DS_DNS_FOREST_ROOT)),
+				 DS_DNS_FOREST_ROOT,
+				 "DsRGetDCNameEx2");
+
+	if (strcasecmp(info->dc_site_name, info->client_site_name) == 0) {
+		torture_assert_int_equal(tctx,
+					 (info->dc_flags & (DS_SERVER_CLOSEST)),
+					 DS_SERVER_CLOSEST,
+					 "DsRGetDCNameEx2");
+	}
+
+	torture_comment(tctx, "Testing netr_DsRGetDCNameEx2 with client account\n");
+	r.in.client_account	= TEST_MACHINE_NAME"$";
+	r.in.mask		= ACB_SVRTRUST;
+	r.in.flags		= DS_RETURN_FLAT_NAME;
+	r.out.info		= &info;
+
+	status = dcerpc_netr_DsRGetDCNameEx2_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
+	torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
+
+	return test_netr_DsRGetSiteName(p, tctx, info->dc_unc,
+					info->dc_site_name);
+}
+
+/* This is a substitution for "samdb_server_site_name" which relies on the
+ * correct "lp_ctx" and therefore can't be used here. */
+static const char *server_site_name(struct torture_context *tctx,
+				    struct ldb_context *ldb)
+{
+	TALLOC_CTX *tmp_ctx;
+	struct ldb_dn *dn, *server_dn;
+	const struct ldb_val *site_name_val;
+	const char *server_dn_str, *site_name;
+
+	tmp_ctx = talloc_new(ldb);
+	if (tmp_ctx == NULL) {
+		goto failed;
+	}
+
+	dn = ldb_dn_new(tmp_ctx, ldb, "");
+	if (dn == NULL) {
+		goto failed;
+	}
+
+	server_dn_str = samdb_search_string(ldb, tmp_ctx, dn, "serverName",
+					    NULL);
+	if (server_dn_str == NULL) {
+		goto failed;
+	}
+
+	server_dn = ldb_dn_new(tmp_ctx, ldb, server_dn_str);
+	if (server_dn == NULL) {
+		goto failed;
+	}
+
+	/* CN=<Server name>, CN=Servers, CN=<Site name>, CN=Sites, ... */
+	site_name_val = ldb_dn_get_component_val(server_dn, 2);
+	if (site_name_val == NULL) {
+		goto failed;
+	}
+
+	site_name = (const char *) site_name_val->data;
+
+	talloc_steal(tctx, site_name);
+	talloc_free(tmp_ctx);
+
+	return site_name;
+
+failed:
+	talloc_free(tmp_ctx);
+	return NULL;
+}
+
+static bool test_netr_DsrGetDcSiteCoverageW(struct torture_context *tctx,
+					    struct dcerpc_pipe *p)
+{
+	char *url;
+	struct ldb_context *sam_ctx = NULL;
+	NTSTATUS status;
+	struct netr_DsrGetDcSiteCoverageW r;
+	struct DcSitesCtr *ctr = NULL;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	torture_comment(tctx, "This does only pass with the default site\n");
+
+	/* We won't double-check this when we are over 'local' transports */
+	if (dcerpc_server_name(p)) {
+		/* Set up connection to SAMDB on DC */
+		url = talloc_asprintf(tctx, "ldap://%s", dcerpc_server_name(p));
+		sam_ctx = ldb_wrap_connect(tctx, tctx->ev, tctx->lp_ctx, url,
+					   NULL,
+					   samba_cmdline_get_creds(),
+					   0);
+
+		torture_assert(tctx, sam_ctx, "Connection to the SAMDB on DC failed!");
+        }
+
+	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.out.ctr = &ctr;
+
+	status = dcerpc_netr_DsrGetDcSiteCoverageW_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "failed");
+	torture_assert_werr_ok(tctx, r.out.result, "failed");
+
+	torture_assert(tctx, ctr->num_sites == 1,
+		       "we should per default only get the default site");
+	if (sam_ctx != NULL) {
+		torture_assert_casestr_equal(tctx, ctr->sites[0].string,
+					     server_site_name(tctx, sam_ctx),
+					     "didn't return default site");
+	}
+
+	return true;
+}
+
+static bool test_netr_DsRAddressToSitenamesW(struct torture_context *tctx,
+					     struct dcerpc_pipe *p)
+{
+	char *url;
+	struct ldb_context *sam_ctx = NULL;
+	NTSTATUS status;
+	struct netr_DsRAddressToSitenamesW r;
+	struct netr_DsRAddress addrs[6];
+	struct sockaddr_in *addr;
+#ifdef HAVE_IPV6
+	struct sockaddr_in6 *addr6;
+#endif
+	struct netr_DsRAddressToSitenamesWCtr *ctr;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	uint32_t i;
+	int ret;
+
+	torture_comment(tctx, "This does only pass with the default site\n");
+
+	/* We won't double-check this when we are over 'local' transports */
+	if (dcerpc_server_name(p)) {
+		/* Set up connection to SAMDB on DC */
+		url = talloc_asprintf(tctx, "ldap://%s", dcerpc_server_name(p));
+		sam_ctx = ldb_wrap_connect(tctx, tctx->ev, tctx->lp_ctx, url,
+					   NULL,
+					   samba_cmdline_get_creds(),
+					   0);
+
+		torture_assert(tctx, sam_ctx, "Connection to the SAMDB on DC failed!");
+        }
+
+	/* First try valid IP addresses */
+
+	addrs[0].size = sizeof(struct sockaddr_in);
+	addrs[0].buffer = talloc_zero_array(tctx, uint8_t, addrs[0].size);
+	addr = (struct sockaddr_in *) addrs[0].buffer;
+	addrs[0].buffer[0] = AF_INET;
+	ret = inet_pton(AF_INET, "127.0.0.1", &addr->sin_addr);
+	torture_assert(tctx, ret > 0, "inet_pton failed");
+
+	addrs[1].size = sizeof(struct sockaddr_in);
+	addrs[1].buffer = talloc_zero_array(tctx, uint8_t, addrs[1].size);
+	addr = (struct sockaddr_in *) addrs[1].buffer;
+	addrs[1].buffer[0] = AF_INET;
+	ret = inet_pton(AF_INET, "0.0.0.0", &addr->sin_addr);
+	torture_assert(tctx, ret > 0, "inet_pton failed");
+
+	addrs[2].size = sizeof(struct sockaddr_in);
+	addrs[2].buffer = talloc_zero_array(tctx, uint8_t, addrs[2].size);
+	addr = (struct sockaddr_in *) addrs[2].buffer;
+	addrs[2].buffer[0] = AF_INET;
+	ret = inet_pton(AF_INET, "255.255.255.255", &addr->sin_addr);
+	torture_assert(tctx, ret > 0, "inet_pton failed");
+
+#ifdef HAVE_IPV6
+	addrs[3].size = sizeof(struct sockaddr_in6);
+	addrs[3].buffer = talloc_zero_array(tctx, uint8_t, addrs[3].size);
+	addr6 = (struct sockaddr_in6 *) addrs[3].buffer;
+	addrs[3].buffer[0] = AF_INET6;
+	ret = inet_pton(AF_INET6, "::1", &addr6->sin6_addr);
+	torture_assert(tctx, ret > 0, "inet_pton failed");
+
+	addrs[4].size = sizeof(struct sockaddr_in6);
+	addrs[4].buffer = talloc_zero_array(tctx, uint8_t, addrs[4].size);
+	addr6 = (struct sockaddr_in6 *) addrs[4].buffer;
+	addrs[4].buffer[0] = AF_INET6;
+	ret = inet_pton(AF_INET6, "::", &addr6->sin6_addr);
+	torture_assert(tctx, ret > 0, "inet_pton failed");
+
+	addrs[5].size = sizeof(struct sockaddr_in6);
+	addrs[5].buffer = talloc_zero_array(tctx, uint8_t, addrs[5].size);
+	addr6 = (struct sockaddr_in6 *) addrs[5].buffer;
+	addrs[5].buffer[0] = AF_INET6;
+	ret = inet_pton(AF_INET6, "ff02::1", &addr6->sin6_addr);
+	torture_assert(tctx, ret > 0, "inet_pton failed");
+#else
+	/* the test cases are repeated to have exactly 6. This is for
+	 * compatibility with IPv4-only machines */
+	addrs[3].size = sizeof(struct sockaddr_in);
+	addrs[3].buffer = talloc_zero_array(tctx, uint8_t, addrs[3].size);
+	addr = (struct sockaddr_in *) addrs[3].buffer;
+	addrs[3].buffer[0] = AF_INET;
+	ret = inet_pton(AF_INET, "127.0.0.1", &addr->sin_addr);
+	torture_assert(tctx, ret > 0, "inet_pton failed");
+
+	addrs[4].size = sizeof(struct sockaddr_in);
+	addrs[4].buffer = talloc_zero_array(tctx, uint8_t, addrs[4].size);
+	addr = (struct sockaddr_in *) addrs[4].buffer;
+	addrs[4].buffer[0] = AF_INET;
+	ret = inet_pton(AF_INET, "0.0.0.0", &addr->sin_addr);
+	torture_assert(tctx, ret > 0, "inet_pton failed");
+
+	addrs[5].size = sizeof(struct sockaddr_in);
+	addrs[5].buffer = talloc_zero_array(tctx, uint8_t, addrs[5].size);
+	addr = (struct sockaddr_in *) addrs[5].buffer;
+	addrs[5].buffer[0] = AF_INET;
+	ret = inet_pton(AF_INET, "255.255.255.255", &addr->sin_addr);
+	torture_assert(tctx, ret > 0, "inet_pton failed");
+#endif
+
+	ctr = talloc(tctx, struct netr_DsRAddressToSitenamesWCtr);
+
+	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.count = 6;
+	r.in.addresses = addrs;
+	r.out.ctr = &ctr;
+
+	status = dcerpc_netr_DsRAddressToSitenamesW_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "failed");
+	torture_assert_werr_ok(tctx, r.out.result, "failed");
+
+	if (sam_ctx != NULL) {
+		for (i = 0; i < 3; i++) {
+			torture_assert_casestr_equal(tctx,
+						     ctr->sitename[i].string,
+						     server_site_name(tctx, sam_ctx),
+						     "didn't return default site");
+		}
+		for (i = 3; i < 6; i++) {
+			/* Windows returns "NULL" for the sitename if it isn't
+			 * IPv6 configured */
+			if (torture_setting_bool(tctx, "samba4", false)) {
+				torture_assert_casestr_equal(tctx,
+							     ctr->sitename[i].string,
+							     server_site_name(tctx, sam_ctx),
+							     "didn't return default site");
+			}
+		}
+	}
+
+	/* Now try invalid ones (too short buffers) */
+
+	addrs[0].size = 0;
+	addrs[1].size = 1;
+	addrs[2].size = 4;
+
+	addrs[3].size = 0;
+	addrs[4].size = 1;
+	addrs[5].size = 4;
+
+	status = dcerpc_netr_DsRAddressToSitenamesW_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "failed");
+	torture_assert_werr_ok(tctx, r.out.result, "failed");
+
+	for (i = 0; i < 6; i++) {
+		torture_assert(tctx, ctr->sitename[i].string == NULL,
+			       "sitename should be null");
+	}
+
+	/* Now try invalid ones (wrong address types) */
+
+	addrs[0].size = 10;
+	addrs[0].buffer[0] = AF_UNSPEC;
+	addrs[1].size = 10;
+	addrs[1].buffer[0] = AF_UNIX; /* AF_LOCAL = AF_UNIX */
+	addrs[2].size = 10;
+	addrs[2].buffer[0] = AF_UNIX;
+
+	addrs[3].size = 10;
+	addrs[3].buffer[0] = 250;
+	addrs[4].size = 10;
+	addrs[4].buffer[0] = 251;
+	addrs[5].size = 10;
+	addrs[5].buffer[0] = 252;
+
+	status = dcerpc_netr_DsRAddressToSitenamesW_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "failed");
+	torture_assert_werr_ok(tctx, r.out.result, "failed");
+
+	for (i = 0; i < 6; i++) {
+		torture_assert(tctx, ctr->sitename[i].string == NULL,
+			       "sitename should be null");
+	}
+
+	return true;
+}
+
+static bool test_netr_DsRAddressToSitenamesExW(struct torture_context *tctx,
+					       struct dcerpc_pipe *p)
+{
+	char *url;
+	struct ldb_context *sam_ctx = NULL;
+	NTSTATUS status;
+	struct netr_DsRAddressToSitenamesExW r;
+	struct netr_DsRAddress addrs[6];
+	struct sockaddr_in *addr;
+#ifdef HAVE_IPV6
+	struct sockaddr_in6 *addr6;
+#endif
+	struct netr_DsRAddressToSitenamesExWCtr *ctr;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	uint32_t i;
+	int ret;
+
+	torture_comment(tctx, "This does pass with the default site\n");
+
+	/* We won't double-check this when we are over 'local' transports */
+	if (dcerpc_server_name(p)) {
+		/* Set up connection to SAMDB on DC */
+		url = talloc_asprintf(tctx, "ldap://%s", dcerpc_server_name(p));
+		sam_ctx = ldb_wrap_connect(tctx, tctx->ev, tctx->lp_ctx, url,
+					   NULL,
+					   samba_cmdline_get_creds(),
+					   0);
+
+		torture_assert(tctx, sam_ctx, "Connection to the SAMDB on DC failed!");
+        }
+
+	/* First try valid IP addresses */
+
+	addrs[0].size = sizeof(struct sockaddr_in);
+	addrs[0].buffer = talloc_zero_array(tctx, uint8_t, addrs[0].size);
+	addr = (struct sockaddr_in *) addrs[0].buffer;
+	addrs[0].buffer[0] = AF_INET;
+	ret = inet_pton(AF_INET, "127.0.0.1", &addr->sin_addr);
+	torture_assert(tctx, ret > 0, "inet_pton failed");
+
+	addrs[1].size = sizeof(struct sockaddr_in);
+	addrs[1].buffer = talloc_zero_array(tctx, uint8_t, addrs[1].size);
+	addr = (struct sockaddr_in *) addrs[1].buffer;
+	addrs[1].buffer[0] = AF_INET;
+	ret = inet_pton(AF_INET, "0.0.0.0", &addr->sin_addr);
+	torture_assert(tctx, ret > 0, "inet_pton failed");
+
+	addrs[2].size = sizeof(struct sockaddr_in);
+	addrs[2].buffer = talloc_zero_array(tctx, uint8_t, addrs[2].size);
+	addr = (struct sockaddr_in *) addrs[2].buffer;
+	addrs[2].buffer[0] = AF_INET;
+	ret = inet_pton(AF_INET, "255.255.255.255", &addr->sin_addr);
+	torture_assert(tctx, ret > 0, "inet_pton failed");
+
+#ifdef HAVE_IPV6
+	addrs[3].size = sizeof(struct sockaddr_in6);
+	addrs[3].buffer = talloc_zero_array(tctx, uint8_t, addrs[3].size);
+	addr6 = (struct sockaddr_in6 *) addrs[3].buffer;
+	addrs[3].buffer[0] = AF_INET6;
+	ret = inet_pton(AF_INET6, "::1", &addr6->sin6_addr);
+	torture_assert(tctx, ret > 0, "inet_pton failed");
+
+	addrs[4].size = sizeof(struct sockaddr_in6);
+	addrs[4].buffer = talloc_zero_array(tctx, uint8_t, addrs[4].size);
+	addr6 = (struct sockaddr_in6 *) addrs[4].buffer;
+	addrs[4].buffer[0] = AF_INET6;
+	ret = inet_pton(AF_INET6, "::", &addr6->sin6_addr);
+	torture_assert(tctx, ret > 0, "inet_pton failed");
+
+	addrs[5].size = sizeof(struct sockaddr_in6);
+	addrs[5].buffer = talloc_zero_array(tctx, uint8_t, addrs[5].size);
+	addr6 = (struct sockaddr_in6 *) addrs[5].buffer;
+	addrs[5].buffer[0] = AF_INET6;
+	ret = inet_pton(AF_INET6, "ff02::1", &addr6->sin6_addr);
+	torture_assert(tctx, ret > 0, "inet_pton failed");
+#else
+	/* the test cases are repeated to have exactly 6. This is for
+	 * compatibility with IPv4-only machines */
+	addrs[3].size = sizeof(struct sockaddr_in);
+	addrs[3].buffer = talloc_zero_array(tctx, uint8_t, addrs[3].size);
+	addr = (struct sockaddr_in *) addrs[3].buffer;
+	addrs[3].buffer[0] = AF_INET;
+	ret = inet_pton(AF_INET, "127.0.0.1", &addr->sin_addr);
+	torture_assert(tctx, ret > 0, "inet_pton failed");
+
+	addrs[4].size = sizeof(struct sockaddr_in);
+	addrs[4].buffer = talloc_zero_array(tctx, uint8_t, addrs[4].size);
+	addr = (struct sockaddr_in *) addrs[4].buffer;
+	addrs[4].buffer[0] = AF_INET;
+	ret = inet_pton(AF_INET, "0.0.0.0", &addr->sin_addr);
+	torture_assert(tctx, ret > 0, "inet_pton failed");
+
+	addrs[5].size = sizeof(struct sockaddr_in);
+	addrs[5].buffer = talloc_zero_array(tctx, uint8_t, addrs[5].size);
+	addr = (struct sockaddr_in *) addrs[5].buffer;
+	addrs[5].buffer[0] = AF_INET;
+	ret = inet_pton(AF_INET, "255.255.255.255", &addr->sin_addr);
+	torture_assert(tctx, ret > 0, "inet_pton failed");
+#endif
+
+	ctr = talloc(tctx, struct netr_DsRAddressToSitenamesExWCtr);
+
+	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.count = 6;
+	r.in.addresses = addrs;
+	r.out.ctr = &ctr;
+
+	status = dcerpc_netr_DsRAddressToSitenamesExW_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "failed");
+	torture_assert_werr_ok(tctx, r.out.result, "failed");
+
+	if (sam_ctx != NULL) {
+		for (i = 0; i < 3; i++) {
+			torture_assert_casestr_equal(tctx,
+						     ctr->sitename[i].string,
+						     server_site_name(tctx, sam_ctx),
+						     "didn't return default site");
+			torture_assert(tctx, ctr->subnetname[i].string == NULL,
+				       "subnet should be null");
+		}
+		for (i = 3; i < 6; i++) {
+			/* Windows returns "NULL" for the sitename if it isn't
+			 * IPv6 configured */
+			if (torture_setting_bool(tctx, "samba4", false)) {
+				torture_assert_casestr_equal(tctx,
+							     ctr->sitename[i].string,
+							     server_site_name(tctx, sam_ctx),
+							     "didn't return default site");
+			}
+			torture_assert(tctx, ctr->subnetname[i].string == NULL,
+				       "subnet should be null");
+		}
+	}
+
+	/* Now try invalid ones (too short buffers) */
+
+	addrs[0].size = 0;
+	addrs[1].size = 1;
+	addrs[2].size = 4;
+
+	addrs[3].size = 0;
+	addrs[4].size = 1;
+	addrs[5].size = 4;
+
+	status = dcerpc_netr_DsRAddressToSitenamesExW_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "failed");
+	torture_assert_werr_ok(tctx, r.out.result, "failed");
+
+	for (i = 0; i < 6; i++) {
+		torture_assert(tctx, ctr->sitename[i].string == NULL,
+			       "sitename should be null");
+		torture_assert(tctx, ctr->subnetname[i].string == NULL,
+			       "subnet should be null");
+	}
+
+	addrs[0].size = 10;
+	addrs[0].buffer[0] = AF_UNSPEC;
+	addrs[1].size = 10;
+	addrs[1].buffer[0] = AF_UNIX; /* AF_LOCAL = AF_UNIX */
+	addrs[2].size = 10;
+	addrs[2].buffer[0] = AF_UNIX;
+
+	addrs[3].size = 10;
+	addrs[3].buffer[0] = 250;
+	addrs[4].size = 10;
+	addrs[4].buffer[0] = 251;
+	addrs[5].size = 10;
+	addrs[5].buffer[0] = 252;
+
+	status = dcerpc_netr_DsRAddressToSitenamesExW_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "failed");
+	torture_assert_werr_ok(tctx, r.out.result, "failed");
+
+	for (i = 0; i < 6; i++) {
+		torture_assert(tctx, ctr->sitename[i].string == NULL,
+			       "sitename should be null");
+		torture_assert(tctx, ctr->subnetname[i].string == NULL,
+			       "subnet should be null");
+	}
+
+	return true;
+}
+
+static bool test_netr_ServerGetTrustInfo_flags(struct torture_context *tctx,
+					       struct dcerpc_pipe *p1,
+					       struct cli_credentials *machine_credentials,
+					       uint32_t negotiate_flags)
+{
+	struct netr_ServerGetTrustInfo r;
+
+	struct netr_Authenticator a;
+	struct netr_Authenticator return_authenticator;
+	struct samr_Password new_owf_password;
+	struct samr_Password old_owf_password;
+	struct netr_TrustInfo *trust_info;
+
+	struct netlogon_creds_CredentialState *creds;
+	struct dcerpc_pipe *p = NULL;
+	struct dcerpc_binding_handle *b = NULL;
+
+	struct samr_Password nt_hash;
+
+	if (!test_SetupCredentials3(p1, tctx, negotiate_flags,
+				    machine_credentials, &creds)) {
+		return false;
+	}
+	if (!test_SetupCredentialsPipe(p1, tctx, machine_credentials, creds,
+				       DCERPC_SIGN | DCERPC_SEAL, &p)) {
+		return false;
+	}
+	b = p->binding_handle;
+
+	netlogon_creds_client_authenticator(creds, &a);
+
+	r.in.server_name		= talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.account_name		= talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
+	r.in.secure_channel_type	= cli_credentials_get_secure_channel_type(machine_credentials);
+	r.in.computer_name		= TEST_MACHINE_NAME;
+	r.in.credential			= &a;
+
+	r.out.return_authenticator	= &return_authenticator;
+	r.out.new_owf_password		= &new_owf_password;
+	r.out.old_owf_password		= &old_owf_password;
+	r.out.trust_info		= &trust_info;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerGetTrustInfo_r(b, tctx, &r),
+		"ServerGetTrustInfo failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "ServerGetTrustInfo failed");
+	torture_assert(tctx, netlogon_creds_client_check(creds, &return_authenticator.cred), "Credential chaining failed");
+
+	E_md4hash(cli_credentials_get_password(machine_credentials), nt_hash.hash);
+
+	netlogon_creds_des_decrypt(creds, &new_owf_password);
+
+	dump_data(1, new_owf_password.hash, 16);
+	dump_data(1, nt_hash.hash, 16);
+
+	torture_assert_mem_equal(tctx, new_owf_password.hash, nt_hash.hash, 16,
+		"received unexpected owf password\n");
+
+	return true;
+}
+
+static bool test_netr_ServerGetTrustInfo(struct torture_context *tctx,
+					 struct dcerpc_pipe *p,
+					 struct cli_credentials *machine_credentials)
+{
+	return test_netr_ServerGetTrustInfo_flags(tctx, p, machine_credentials,
+						  NETLOGON_NEG_AUTH2_ADS_FLAGS);
+}
+
+static bool test_netr_ServerGetTrustInfo_AES(struct torture_context *tctx,
+					     struct dcerpc_pipe *p,
+					     struct cli_credentials *machine_credentials)
+{
+	return test_netr_ServerGetTrustInfo_flags(tctx, p, machine_credentials,
+						  NETLOGON_NEG_AUTH2_ADS_FLAGS | NETLOGON_NEG_SUPPORTS_AES);
+}
+
+static bool test_GetDomainInfo(struct torture_context *tctx,
+			       struct dcerpc_pipe *p1,
+			       struct cli_credentials *machine_credentials)
+{
+	struct netr_LogonGetDomainInfo r;
+	struct netr_WorkstationInformation q1;
+	struct netr_Authenticator a;
+	struct netlogon_creds_CredentialState *creds;
+	struct netr_OsVersion os;
+	union netr_WorkstationInfo query;
+	union netr_DomainInfo info;
+	const char* const attrs[] = { "dNSHostName", "operatingSystem",
+		"operatingSystemServicePack", "operatingSystemVersion",
+		"servicePrincipalName", NULL };
+	char *url;
+	struct ldb_context *sam_ctx = NULL;
+	struct ldb_message **res;
+	struct ldb_message_element *spn_el;
+	int ret, i;
+	char *version_str;
+	const char *old_dnsname = NULL;
+	char **spns = NULL;
+	int num_spns = 0;
+	char *temp_str = NULL;
+	char *temp_str2 = NULL;
+	struct dcerpc_pipe *p = NULL;
+	struct dcerpc_binding_handle *b = NULL;
+	struct netr_OneDomainInfo *odi1 = NULL;
+	struct netr_OneDomainInfo *odi2 = NULL;
+	struct netr_trust_extension_info *tex2 = NULL;
+
+	torture_comment(tctx, "Testing netr_LogonGetDomainInfo\n");
+
+	if (!test_SetupCredentials3(p1, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS | NETLOGON_NEG_SUPPORTS_AES,
+				    machine_credentials, &creds)) {
+		return false;
+	}
+	if (!test_SetupCredentialsPipe(p1, tctx, machine_credentials, creds,
+				       DCERPC_SIGN | DCERPC_SEAL, &p)) {
+		return false;
+	}
+	b = p->binding_handle;
+
+	/* We won't double-check this when we are over 'local' transports */
+	if (dcerpc_server_name(p)) {
+		/* Set up connection to SAMDB on DC */
+		url = talloc_asprintf(tctx, "ldap://%s", dcerpc_server_name(p));
+		sam_ctx = ldb_wrap_connect(tctx, tctx->ev, tctx->lp_ctx, url,
+					   NULL,
+					   samba_cmdline_get_creds(),
+					   0);
+
+		torture_assert(tctx, sam_ctx, "Connection to the SAMDB on DC failed!");
+	}
+
+	torture_comment(tctx, "Testing netr_LogonGetDomainInfo 1st call (no variation of DNS hostname)\n");
+	netlogon_creds_client_authenticator(creds, &a);
+
+	ZERO_STRUCT(r);
+	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.computer_name = TEST_MACHINE_NAME;
+	r.in.credential = &a;
+	r.in.level = 1;
+	r.in.return_authenticator = &a;
+	r.in.query = &query;
+	r.out.return_authenticator = &a;
+	r.out.info = &info;
+
+	ZERO_STRUCT(os);
+	os.os.MajorVersion = 123;
+	os.os.MinorVersion = 456;
+	os.os.BuildNumber = 789;
+	os.os.CSDVersion = "Service Pack 10";
+	os.os.ServicePackMajor = 10;
+	os.os.ServicePackMinor = 1;
+	os.os.SuiteMask = NETR_VER_SUITE_SINGLEUSERTS;
+	os.os.ProductType = NETR_VER_NT_SERVER;
+	os.os.Reserved = 0;
+
+	version_str = talloc_asprintf(tctx, "%d.%d (%d)", os.os.MajorVersion,
+		os.os.MinorVersion, os.os.BuildNumber);
+
+	ZERO_STRUCT(q1);
+	q1.dns_hostname = talloc_asprintf(tctx, "%s.%s", TEST_MACHINE_NAME,
+		lpcfg_dnsdomain(tctx->lp_ctx));
+	q1.sitename = "Default-First-Site-Name";
+	q1.os_version.os = &os;
+	q1.os_name.string = talloc_asprintf(tctx,
+					    "Tortured by Samba4 RPC-NETLOGON: %s",
+					    timestring(tctx, time(NULL)));
+
+	/* The workstation handles the "servicePrincipalName" and DNS hostname
+	   updates */
+	q1.workstation_flags = NETR_WS_FLAG_HANDLES_SPN_UPDATE;
+
+	query.workstation_info = &q1;
+
+	if (sam_ctx) {
+		/* Gets back the old DNS hostname in AD */
+		ret = gendb_search(sam_ctx, tctx, NULL, &res, attrs,
+				   "(sAMAccountName=%s$)", TEST_MACHINE_NAME);
+		old_dnsname =
+			ldb_msg_find_attr_as_string(res[0], "dNSHostName", NULL);
+
+		/* Gets back the "servicePrincipalName"s in AD */
+		spn_el = ldb_msg_find_element(res[0], "servicePrincipalName");
+		if (spn_el != NULL) {
+			for (i=0; i < spn_el->num_values; i++) {
+				spns = talloc_realloc(tctx, spns, char *, i + 1);
+				spns[i] = (char *) spn_el->values[i].data;
+			}
+			num_spns = i;
+		}
+	}
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
+		"LogonGetDomainInfo failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
+	torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
+
+	smb_msleep(250);
+
+	if (sam_ctx) {
+		/* AD workstation infos entry check */
+		ret = gendb_search(sam_ctx, tctx, NULL, &res, attrs,
+				   "(sAMAccountName=%s$)", TEST_MACHINE_NAME);
+		torture_assert(tctx, ret == 1, "Test machine account not found in SAMDB on DC! Has the workstation been joined?");
+		torture_assert_str_equal(tctx,
+					 ldb_msg_find_attr_as_string(res[0], "operatingSystem", NULL),
+					 q1.os_name.string, "'operatingSystem' wrong!");
+		torture_assert_str_equal(tctx,
+					 ldb_msg_find_attr_as_string(res[0], "operatingSystemServicePack", NULL),
+					 os.os.CSDVersion, "'operatingSystemServicePack' wrong!");
+		torture_assert_str_equal(tctx,
+					 ldb_msg_find_attr_as_string(res[0], "operatingSystemVersion", NULL),
+					 version_str, "'operatingSystemVersion' wrong!");
+
+		if (old_dnsname != NULL) {
+			/* If before a DNS hostname was set then it should remain
+			   the same in combination with the "servicePrincipalName"s.
+			   The DNS hostname should also be returned by our
+			   "LogonGetDomainInfo" call (in the domain info structure). */
+
+			torture_assert_str_equal(tctx,
+						 ldb_msg_find_attr_as_string(res[0], "dNSHostName", NULL),
+						 old_dnsname, "'DNS hostname' was not set!");
+
+			spn_el = ldb_msg_find_element(res[0], "servicePrincipalName");
+			torture_assert(tctx, ((spns != NULL) && (spn_el != NULL)),
+				       "'servicePrincipalName's not set!");
+			torture_assert(tctx, spn_el->num_values == num_spns,
+				       "'servicePrincipalName's incorrect!");
+			for (i=0; (i < spn_el->num_values) && (i < num_spns); i++)
+				torture_assert_str_equal(tctx,
+							 (char *) spn_el->values[i].data,
+				spns[i], "'servicePrincipalName's incorrect!");
+
+			torture_assert_str_equal(tctx,
+						 info.domain_info->dns_hostname.string,
+						 old_dnsname,
+						 "Out 'DNS hostname' doesn't match the old one!");
+		} else {
+			/* If no DNS hostname was set then also now none should be set,
+			   the "servicePrincipalName"s should remain empty and no DNS
+			   hostname should be returned by our "LogonGetDomainInfo"
+			   call (in the domain info structure). */
+
+			torture_assert(tctx,
+				       ldb_msg_find_attr_as_string(res[0], "dNSHostName", NULL) == NULL,
+				       "'DNS hostname' was set!");
+
+			spn_el = ldb_msg_find_element(res[0], "servicePrincipalName");
+			torture_assert(tctx, ((spns == NULL) && (spn_el == NULL)),
+				       "'servicePrincipalName's were set!");
+
+			torture_assert(tctx,
+				       info.domain_info->dns_hostname.string == NULL,
+				       "Out 'DNS host name' was set!");
+		}
+	}
+
+	/* Checks "workstation flags" */
+	torture_assert(tctx,
+		info.domain_info->workstation_flags
+		== NETR_WS_FLAG_HANDLES_SPN_UPDATE,
+		"Out 'workstation flags' don't match!");
+
+
+	torture_comment(tctx, "Testing netr_LogonGetDomainInfo 2nd call (variation of DNS hostname doesn't work)\n");
+	netlogon_creds_client_authenticator(creds, &a);
+
+	/* Wipe out the CSDVersion, and prove which values still 'stick' */
+	os.os.CSDVersion = "";
+
+	/* Change also the DNS hostname to test differences in behaviour */
+	talloc_free(discard_const_p(char, q1.dns_hostname));
+	q1.dns_hostname = talloc_asprintf(tctx, "%s2.%s", TEST_MACHINE_NAME,
+		lpcfg_dnsdomain(tctx->lp_ctx));
+
+	/* The workstation handles the "servicePrincipalName" and DNS hostname
+	   updates */
+	q1.workstation_flags = NETR_WS_FLAG_HANDLES_SPN_UPDATE;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
+		"LogonGetDomainInfo failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
+
+	torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
+
+	smb_msleep(250);
+
+	if (sam_ctx) {
+		/* AD workstation infos entry check */
+		ret = gendb_search(sam_ctx, tctx, NULL, &res, attrs,
+				   "(sAMAccountName=%s$)", TEST_MACHINE_NAME);
+		torture_assert(tctx, ret == 1, "Test machine account not found in SAMDB on DC! Has the workstation been joined?");
+
+		torture_assert_str_equal(tctx,
+					 ldb_msg_find_attr_as_string(res[0], "operatingSystem", NULL),
+					 q1.os_name.string, "'operatingSystem' should stick!");
+		torture_assert(tctx,
+			       ldb_msg_find_attr_as_string(res[0], "operatingSystemServicePack", NULL) == NULL,
+			       "'operatingSystemServicePack' shouldn't stick!");
+		torture_assert_str_equal(tctx,
+					 ldb_msg_find_attr_as_string(res[0], "operatingSystemVersion", NULL),
+					 version_str, "'operatingSystemVersion' wrong!");
+
+		/* The DNS host name shouldn't have been updated by the server */
+
+		torture_assert_str_equal(tctx,
+					 ldb_msg_find_attr_as_string(res[0], "dNSHostName", NULL),
+					 old_dnsname, "'DNS host name' did change!");
+
+		/* Find the two "servicePrincipalName"s which the DC shouldn't have been
+		   updated (HOST/<Netbios name> and HOST/<FQDN name>) - see MS-NRPC
+		   3.5.4.3.9 */
+		spn_el = ldb_msg_find_element(res[0], "servicePrincipalName");
+		torture_assert(tctx, spn_el != NULL,
+			       "There should exist 'servicePrincipalName's in AD!");
+		temp_str = talloc_asprintf(tctx, "HOST/%s", TEST_MACHINE_NAME);
+		for (i=0; i < spn_el->num_values; i++)
+			if (strcasecmp((char *) spn_el->values[i].data, temp_str) == 0)
+				break;
+		torture_assert(tctx, i != spn_el->num_values,
+			       "'servicePrincipalName' HOST/<Netbios name> not found!");
+		temp_str = talloc_asprintf(tctx, "HOST/%s", old_dnsname);
+		for (i=0; i < spn_el->num_values; i++)
+			if (strcasecmp((char *) spn_el->values[i].data, temp_str) == 0)
+				break;
+		torture_assert(tctx, i != spn_el->num_values,
+			       "'servicePrincipalName' HOST/<FQDN name> not found!");
+
+		/* Check that the out DNS hostname was set properly */
+		torture_assert_str_equal(tctx, info.domain_info->dns_hostname.string,
+					 old_dnsname, "Out 'DNS hostname' doesn't match the old one!");
+	}
+
+	/* Checks "workstation flags" */
+	torture_assert(tctx,
+		info.domain_info->workstation_flags == NETR_WS_FLAG_HANDLES_SPN_UPDATE,
+		"Out 'workstation flags' don't match!");
+
+
+	/* Now try the same but the workstation flags set to 0 */
+
+	torture_comment(tctx, "Testing netr_LogonGetDomainInfo 3rd call (variation of DNS hostname doesn't work)\n");
+	netlogon_creds_client_authenticator(creds, &a);
+
+	/* Change also the DNS hostname to test differences in behaviour */
+	talloc_free(discard_const_p(char, q1.dns_hostname));
+	q1.dns_hostname = talloc_asprintf(tctx, "%s2.%s", TEST_MACHINE_NAME,
+		lpcfg_dnsdomain(tctx->lp_ctx));
+
+	/* Wipe out the osVersion, and prove which values still 'stick' */
+	q1.os_version.os = NULL;
+
+	/* Let the DC handle the "servicePrincipalName" and DNS hostname
+	   updates */
+	q1.workstation_flags = 0;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
+		"LogonGetDomainInfo failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
+	torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
+
+	smb_msleep(250);
+
+	if (sam_ctx) {
+		/* AD workstation infos entry check */
+		ret = gendb_search(sam_ctx, tctx, NULL, &res, attrs,
+				   "(sAMAccountName=%s$)", TEST_MACHINE_NAME);
+		torture_assert(tctx, ret == 1, "Test machine account not found in SAMDB on DC! Has the workstation been joined?");
+
+		torture_assert_str_equal(tctx,
+					 ldb_msg_find_attr_as_string(res[0], "operatingSystem", NULL),
+					 q1.os_name.string, "'operatingSystem' should stick!");
+		torture_assert(tctx,
+			       ldb_msg_find_attr_as_string(res[0], "operatingSystemServicePack", NULL) == NULL,
+			       "'operatingSystemServicePack' shouldn't stick!");
+		torture_assert_str_equal(tctx,
+					 ldb_msg_find_attr_as_string(res[0], "operatingSystemVersion", NULL),
+					 version_str, "'operatingSystemVersion' wrong!");
+
+		/* The DNS host name shouldn't have been updated by the server */
+
+		torture_assert_str_equal(tctx,
+					 ldb_msg_find_attr_as_string(res[0], "dNSHostName", NULL),
+					 old_dnsname, "'DNS host name' did change!");
+
+		/* Find the two "servicePrincipalName"s which the DC shouldn't have been
+		   updated (HOST/<Netbios name> and HOST/<FQDN name>) - see MS-NRPC
+		   3.5.4.3.9 */
+		spn_el = ldb_msg_find_element(res[0], "servicePrincipalName");
+		torture_assert(tctx, spn_el != NULL,
+			       "There should exist 'servicePrincipalName's in AD!");
+		temp_str = talloc_asprintf(tctx, "HOST/%s", TEST_MACHINE_NAME);
+		for (i=0; i < spn_el->num_values; i++)
+			if (strcasecmp((char *) spn_el->values[i].data, temp_str) == 0)
+				break;
+		torture_assert(tctx, i != spn_el->num_values,
+			       "'servicePrincipalName' HOST/<Netbios name> not found!");
+		temp_str = talloc_asprintf(tctx, "HOST/%s", old_dnsname);
+		for (i=0; i < spn_el->num_values; i++)
+			if (strcasecmp((char *) spn_el->values[i].data, temp_str) == 0)
+				break;
+		torture_assert(tctx, i != spn_el->num_values,
+			       "'servicePrincipalName' HOST/<FQDN name> not found!");
+
+		/* Here the server gives us NULL as the out DNS hostname */
+		torture_assert(tctx, info.domain_info->dns_hostname.string == NULL,
+			       "Out 'DNS hostname' should be NULL!");
+	}
+
+	/* Checks "workstation flags" */
+	torture_assert(tctx,
+		info.domain_info->workstation_flags == 0,
+		"Out 'workstation flags' don't match!");
+
+
+	torture_comment(tctx, "Testing netr_LogonGetDomainInfo 4th call (verification of DNS hostname and check for trusted domains)\n");
+	netlogon_creds_client_authenticator(creds, &a);
+
+	/* Put the DNS hostname back */
+	talloc_free(discard_const_p(char, q1.dns_hostname));
+	q1.dns_hostname = talloc_asprintf(tctx, "%s.%s", TEST_MACHINE_NAME,
+		lpcfg_dnsdomain(tctx->lp_ctx));
+
+	/* The workstation handles the "servicePrincipalName" and DNS hostname
+	   updates */
+	q1.workstation_flags = NETR_WS_FLAG_HANDLES_SPN_UPDATE;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
+		"LogonGetDomainInfo failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
+	torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
+
+	smb_msleep(250);
+
+	/* Now the in/out DNS hostnames should be the same */
+	torture_assert_str_equal(tctx,
+		info.domain_info->dns_hostname.string,
+		query.workstation_info->dns_hostname,
+		"In/Out 'DNS hostnames' don't match!");
+	old_dnsname = info.domain_info->dns_hostname.string;
+
+	/* Checks "workstation flags" */
+	torture_assert(tctx,
+		info.domain_info->workstation_flags
+		== NETR_WS_FLAG_HANDLES_SPN_UPDATE,
+		"Out 'workstation flags' don't match!");
+
+	/* Checks for trusted domains */
+	torture_assert(tctx,
+		(info.domain_info->trusted_domain_count != 0)
+		&& (info.domain_info->trusted_domains != NULL),
+		"Trusted domains have been requested!");
+
+
+	torture_comment(tctx, "Testing netr_LogonGetDomainInfo 5th call (check for trusted domains)\n");
+	netlogon_creds_client_authenticator(creds, &a);
+
+	/* The workstation handles the "servicePrincipalName" and DNS hostname
+	   updates and requests inbound trusts */
+	q1.workstation_flags = NETR_WS_FLAG_HANDLES_SPN_UPDATE
+		| NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
+		"LogonGetDomainInfo failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
+	torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
+
+	smb_msleep(250);
+
+	/* Checks "workstation flags" */
+	torture_assert(tctx,
+		info.domain_info->workstation_flags
+		== (NETR_WS_FLAG_HANDLES_SPN_UPDATE
+			| NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS),
+		"Out 'workstation flags' don't match!");
+
+	/* Checks for trusted domains */
+	torture_assert(tctx,
+		(info.domain_info->trusted_domain_count != 0)
+		&& (info.domain_info->trusted_domains != NULL),
+		"Trusted domains have been requested!");
+
+	odi1 = &info.domain_info->primary_domain;
+
+	torture_assert(tctx, !GUID_all_zero(&odi1->domain_guid),
+		       "primary domain_guid needs to be valid");
+
+	for (i=0; i < info.domain_info->trusted_domain_count; i++) {
+		struct netr_OneDomainInfo *odiT =
+			&info.domain_info->trusted_domains[i];
+		struct netr_trust_extension_info *texT = NULL;
+
+		torture_assert_int_equal(tctx, odiT->trust_extension.length, 16,
+					 "trust_list should have extension");
+		torture_assert(tctx, odiT->trust_extension.info != NULL,
+			       "trust_list should have extension");
+		texT = &odiT->trust_extension.info->info;
+
+		if (GUID_equal(&odiT->domain_guid, &odi1->domain_guid)) {
+			odi2 = odiT;
+			tex2 = texT;
+			continue;
+		}
+
+		torture_assert_int_equal(tctx,
+				 texT->flags & NETR_TRUST_FLAG_PRIMARY,
+				 0,
+				 "trust_list flags should not have PRIMARY");
+
+		torture_assert(tctx, odiT->domainname.string != NULL,
+			       "trust_list domainname should be valid");
+		if (texT->trust_type == LSA_TRUST_TYPE_DOWNLEVEL ||
+		    texT->trust_type == LSA_TRUST_TYPE_MIT)
+		{
+			torture_assert(tctx, odiT->dns_domainname.string == NULL,
+			       "trust_list dns_domainname should be NULL for downlevel or MIT");
+		} else {
+			torture_assert(tctx, odiT->dns_domainname.string != NULL,
+			       "trust_list dns_domainname should be valid for uplevel");
+		}
+		torture_assert(tctx, odiT->dns_forestname.string == NULL,
+			       "trust_list dns_forestname needs to be NULL");
+
+		torture_assert(tctx, odiT->domain_sid != NULL,
+			       "trust_list domain_sid needs to be valid");
+	}
+
+	torture_assert(tctx, odi2 != NULL,
+		       "trust_list primary domain not found.");
+
+	torture_assert_str_equal(tctx,
+				 odi1->domainname.string,
+				 odi2->domainname.string,
+				 "netbios name should match");
+
+	temp_str = talloc_strdup(tctx, odi1->dns_domainname.string);
+	torture_assert(tctx, temp_str != NULL,
+		       "primary_domain dns_domainname copy");
+	temp_str2 = strrchr(temp_str, '.');
+	torture_assert(tctx, temp_str2 != NULL && temp_str2[1] == '\0',
+		       "primary_domain dns_domainname needs trailing '.'");
+	temp_str2[0] = '\0';
+	torture_assert_str_equal(tctx,
+				 temp_str,
+				 odi2->dns_domainname.string,
+				 "dns domainname should match "
+				 "(without trailing '.')");
+
+	temp_str = talloc_strdup(tctx, odi1->dns_forestname.string);
+	torture_assert(tctx, temp_str != NULL,
+		       "primary_domain dns_forestname copy");
+	temp_str2 = strrchr(temp_str, '.');
+	torture_assert(tctx, temp_str2 != NULL && temp_str2[1] == '\0',
+		       "primary_domain dns_forestname needs trailing '.'");
+	temp_str2[0] = '\0';
+	torture_assert(tctx, odi2->dns_forestname.string == NULL,
+		       "trust_list dns_forestname needs to be NULL");
+
+	torture_assert_guid_equal(tctx, odi1->domain_guid, odi2->domain_guid,
+				  "domain_guid should match");
+	torture_assert(tctx, odi1->domain_sid != NULL,
+		       "primary domain_sid needs to be valid");
+	torture_assert(tctx, odi2->domain_sid != NULL,
+		       "trust_list domain_sid needs to be valid");
+	torture_assert_sid_equal(tctx, odi1->domain_sid, odi2->domain_sid,
+				 "domain_sid should match");
+
+	torture_assert_int_equal(tctx, odi1->trust_extension.length, 0,
+				 "primary_domain should not have extension");
+	torture_assert_int_equal(tctx, odi2->trust_extension.length, 16,
+				 "trust_list should have extension");
+	torture_assert(tctx, odi2->trust_extension.info != NULL,
+		       "trust_list should have extension");
+	tex2 = &odi2->trust_extension.info->info;
+	torture_assert_int_equal(tctx,
+				 tex2->flags & NETR_TRUST_FLAG_PRIMARY,
+				 NETR_TRUST_FLAG_PRIMARY,
+				 "trust_list flags should have PRIMARY");
+	torture_assert_int_equal(tctx,
+				 tex2->flags & NETR_TRUST_FLAG_IN_FOREST,
+				 NETR_TRUST_FLAG_IN_FOREST,
+				 "trust_list flags should have IN_FOREST");
+	torture_assert_int_equal(tctx,
+				 tex2->flags & NETR_TRUST_FLAG_NATIVE,
+				 NETR_TRUST_FLAG_NATIVE,
+				 "trust_list flags should have NATIVE");
+	torture_assert_int_equal(tctx,
+				 tex2->flags & ~NETR_TRUST_FLAG_TREEROOT,
+				 NETR_TRUST_FLAG_IN_FOREST |
+				 NETR_TRUST_FLAG_PRIMARY |
+				 NETR_TRUST_FLAG_NATIVE,
+				 "trust_list flags IN_FOREST, PRIMARY, NATIVE "
+				 "(TREEROOT optional)");
+	if (strcmp(odi1->dns_domainname.string, odi1->dns_forestname.string) == 0) {
+		torture_assert_int_equal(tctx,
+					 tex2->flags & NETR_TRUST_FLAG_TREEROOT,
+					 NETR_TRUST_FLAG_TREEROOT,
+					 "trust_list flags TREEROOT on forest root");
+		torture_assert_int_equal(tctx,
+					 tex2->parent_index, 0,
+					 "trust_list no parent on forest root");
+	}
+	torture_assert_int_equal(tctx,
+				 tex2->trust_type, LSA_TRUST_TYPE_UPLEVEL,
+				 "trust_list uplevel");
+	torture_assert_int_equal(tctx,
+				 tex2->trust_attributes, 0,
+				 "trust_list no attributes");
+
+	torture_comment(tctx, "Testing netr_LogonGetDomainInfo 6th call (no DNS hostname)\n");
+	netlogon_creds_client_authenticator(creds, &a);
+
+	query.workstation_info->dns_hostname = NULL;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
+		"LogonGetDomainInfo failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
+	torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
+
+	/* The old DNS hostname should stick */
+	torture_assert_str_equal(tctx,
+		info.domain_info->dns_hostname.string,
+		old_dnsname,
+		"'DNS hostname' changed!");
+
+	torture_comment(tctx, "Testing netr_LogonGetDomainInfo 7th call (extra workstation flags)\n");
+	netlogon_creds_client_authenticator(creds, &a);
+
+	q1.workstation_flags = NETR_WS_FLAG_HANDLES_SPN_UPDATE
+		| NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS | 0x4;
+
+	/* Put the DNS hostname back */
+	talloc_free(discard_const_p(char, q1.dns_hostname));
+	q1.dns_hostname = talloc_asprintf(tctx, "%s.%s", TEST_MACHINE_NAME,
+		lpcfg_dnsdomain(tctx->lp_ctx));
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
+		"LogonGetDomainInfo failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
+	torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
+
+	/* Checks "workstation flags" */
+	torture_assert(tctx,
+		info.domain_info->workstation_flags
+		== (NETR_WS_FLAG_HANDLES_SPN_UPDATE
+			| NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS),
+		"Out 'workstation flags' don't match!");
+
+	if (!torture_setting_bool(tctx, "dangerous", false)) {
+		torture_comment(tctx, "Not testing netr_LogonGetDomainInfo 8th call (no workstation info) - enable dangerous tests in order to do so\n");
+	} else {
+		/* Try a call without the workstation information structure */
+
+		torture_comment(tctx, "Testing netr_LogonGetDomainInfo 8th call (no workstation info)\n");
+		netlogon_creds_client_authenticator(creds, &a);
+
+		query.workstation_info = NULL;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
+			"LogonGetDomainInfo failed");
+		torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
+		torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
+	}
+
+	return true;
+}
+
+static bool test_GetDomainInfo_async(struct torture_context *tctx,
+				     struct dcerpc_pipe *p1,
+				     struct cli_credentials *machine_credentials)
+{
+	NTSTATUS status;
+	struct netr_LogonGetDomainInfo r;
+	struct netr_WorkstationInformation q1;
+	struct netr_Authenticator a;
+#define ASYNC_COUNT 100
+	struct netlogon_creds_CredentialState *creds;
+	struct netlogon_creds_CredentialState *creds_async[ASYNC_COUNT];
+	struct tevent_req *req[ASYNC_COUNT];
+	int i;
+	union netr_WorkstationInfo query;
+	union netr_DomainInfo info;
+	struct dcerpc_pipe *p = NULL;
+
+	torture_comment(tctx, "Testing netr_LogonGetDomainInfo - async count %d\n", ASYNC_COUNT);
+
+	if (!test_SetupCredentials3(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS | NETLOGON_NEG_SUPPORTS_AES,
+				    machine_credentials, &creds)) {
+		return false;
+	}
+	if (!test_SetupCredentialsPipe(p1, tctx, machine_credentials, creds,
+				       DCERPC_SIGN | DCERPC_SEAL, &p)) {
+		return false;
+	}
+
+	ZERO_STRUCT(r);
+	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.computer_name = TEST_MACHINE_NAME;
+	r.in.credential = &a;
+	r.in.level = 1;
+	r.in.return_authenticator = &a;
+	r.in.query = &query;
+	r.out.return_authenticator = &a;
+	r.out.info = &info;
+
+	ZERO_STRUCT(q1);
+	q1.dns_hostname = talloc_asprintf(tctx, "%s.%s", TEST_MACHINE_NAME,
+		lpcfg_dnsdomain(tctx->lp_ctx));
+	q1.sitename = "Default-First-Site-Name";
+	q1.os_name.string = "UNIX/Linux or similar";
+
+	query.workstation_info = &q1;
+
+	for (i=0;i<ASYNC_COUNT;i++) {
+		netlogon_creds_client_authenticator(creds, &a);
+
+		creds_async[i] = (struct netlogon_creds_CredentialState *)talloc_memdup(creds, creds, sizeof(*creds));
+		req[i] = dcerpc_netr_LogonGetDomainInfo_r_send(tctx, tctx->ev, p->binding_handle, &r);
+
+		/* even with this flush per request a w2k3 server seems to
+		   clag with multiple outstanding requests. bleergh. */
+		torture_assert_int_equal(tctx, tevent_loop_once(tctx->ev), 0,
+					 "tevent_loop_once failed");
+	}
+
+	for (i=0;i<ASYNC_COUNT;i++) {
+		torture_assert_int_equal(tctx, tevent_req_poll(req[i], tctx->ev), true,
+					 "tevent_req_poll() failed");
+
+		status = dcerpc_netr_LogonGetDomainInfo_r_recv(req[i], tctx);
+
+		torture_assert_ntstatus_ok(tctx, status, "netr_LogonGetDomainInfo_async");
+		torture_assert_ntstatus_ok(tctx, r.out.result, "netr_LogonGetDomainInfo_async");
+
+		torture_assert(tctx, netlogon_creds_client_check(creds_async[i], &a.cred),
+			"Credential chaining failed at async");
+	}
+
+	torture_comment(tctx,
+			"Testing netr_LogonGetDomainInfo - async count %d OK\n", ASYNC_COUNT);
+
+	return true;
+}
+
+static bool test_ManyGetDCName(struct torture_context *tctx,
+			       struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct cli_credentials *anon_creds;
+	struct dcerpc_binding *binding2;
+	struct dcerpc_pipe *p2;
+	struct lsa_ObjectAttribute attr;
+	struct lsa_QosInfo qos;
+	struct lsa_OpenPolicy2 o;
+	struct policy_handle lsa_handle;
+	struct lsa_DomainList domains;
+
+	struct lsa_EnumTrustDom t;
+	uint32_t resume_handle = 0;
+	struct netr_GetAnyDCName d;
+	const char *dcname = NULL;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct dcerpc_binding_handle *b2;
+
+	int i;
+
+	if (p->conn->transport.transport != NCACN_NP) {
+		torture_skip(tctx, "test_ManyGetDCName works only with NCACN_NP");
+	}
+
+	torture_comment(tctx, "Torturing GetDCName\n");
+
+	anon_creds = cli_credentials_init_anon(tctx);
+	torture_assert(tctx, anon_creds != NULL, "cli_credentials_init_anon failed");
+
+	binding2 = dcerpc_binding_dup(tctx, p->binding);
+	/* Swap the binding details from NETLOGON to LSA */
+	status = dcerpc_epm_map_binding(tctx, binding2, &ndr_table_lsarpc, tctx->ev, tctx->lp_ctx);
+	dcerpc_binding_set_assoc_group_id(binding2, 0);
+	torture_assert_ntstatus_ok(tctx, status, "epm map");
+
+	status = dcerpc_secondary_auth_connection(p, binding2, &ndr_table_lsarpc,
+						  anon_creds, tctx->lp_ctx,
+						  tctx, &p2);
+	torture_assert_ntstatus_ok(tctx, status, "Failed to create secondary connection");
+	b2 = p2->binding_handle;
+
+	qos.len = 0;
+	qos.impersonation_level = 2;
+	qos.context_mode = 1;
+	qos.effective_only = 0;
+
+	attr.len = 0;
+	attr.root_dir = NULL;
+	attr.object_name = NULL;
+	attr.attributes = 0;
+	attr.sec_desc = NULL;
+	attr.sec_qos = &qos;
+
+	o.in.system_name = "\\";
+	o.in.attr = &attr;
+	o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	o.out.handle = &lsa_handle;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_OpenPolicy2_r(b2, tctx, &o),
+		"OpenPolicy2 failed");
+	torture_assert_ntstatus_ok(tctx, o.out.result, "OpenPolicy2 failed");
+
+	t.in.handle = &lsa_handle;
+	t.in.resume_handle = &resume_handle;
+	t.in.max_size = 1000;
+	t.out.domains = &domains;
+	t.out.resume_handle = &resume_handle;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_EnumTrustDom_r(b2, tctx, &t),
+		"EnumTrustDom failed");
+
+	if ((!NT_STATUS_IS_OK(t.out.result) &&
+	     (!NT_STATUS_EQUAL(t.out.result, NT_STATUS_NO_MORE_ENTRIES))))
+		torture_fail(tctx, "Could not list domains");
+
+	talloc_free(p2);
+
+	d.in.logon_server = talloc_asprintf(tctx, "\\\\%s",
+					    dcerpc_server_name(p));
+	d.out.dcname = &dcname;
+
+	for (i=0; i<domains.count * 4; i++) {
+		struct lsa_DomainInfo *info =
+			&domains.domains[rand()%domains.count];
+
+		d.in.domainname = info->name.string;
+
+		status = dcerpc_netr_GetAnyDCName_r(b, tctx, &d);
+		torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
+
+		torture_comment(tctx, "\tDC for domain %s is %s\n", info->name.string,
+		       dcname ? dcname : "unknown");
+	}
+
+	return true;
+}
+
+static bool test_lsa_over_netlogon(struct torture_context *tctx,
+				   struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct cli_credentials *anon_creds;
+	const struct dcerpc_binding *binding2;
+	struct dcerpc_pipe *p2;
+	struct lsa_ObjectAttribute attr;
+	struct lsa_QosInfo qos;
+	struct lsa_OpenPolicy2 o;
+	struct policy_handle lsa_handle;
+
+	struct dcerpc_binding_handle *b2;
+
+
+	if (p->conn->transport.transport != NCACN_NP) {
+		torture_skip(tctx, "test_lsa_over_netlogon works only with NCACN_NP");
+	}
+
+	torture_comment(tctx, "Testing if we can access the LSA server over\n"
+			" \\\\pipe\\netlogon rather than \\\\pipe\\lsarpc\n");
+
+	anon_creds = cli_credentials_init_anon(tctx);
+	torture_assert(tctx, anon_creds != NULL, "cli_credentials_init_anon failed");
+
+	binding2 = p->binding;
+
+	status = dcerpc_secondary_auth_connection(p, binding2, &ndr_table_lsarpc,
+						  anon_creds, tctx->lp_ctx,
+						  tctx, &p2);
+	torture_assert_ntstatus_ok(tctx, status, "Failed to create secondary connection");
+	b2 = p2->binding_handle;
+
+	qos.len = 0;
+	qos.impersonation_level = 2;
+	qos.context_mode = 1;
+	qos.effective_only = 0;
+
+	attr.len = 0;
+	attr.root_dir = NULL;
+	attr.object_name = NULL;
+	attr.attributes = 0;
+	attr.sec_desc = NULL;
+	attr.sec_qos = &qos;
+
+	o.in.system_name = "\\";
+	o.in.attr = &attr;
+	o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	o.out.handle = &lsa_handle;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_OpenPolicy2_r(b2, tctx, &o),
+		"OpenPolicy2 failed");
+	torture_assert_ntstatus_ok(tctx, o.out.result, "OpenPolicy2 failed");
+
+	talloc_free(p2);
+
+	return true;
+}
+
+static bool test_SetPassword_with_flags(struct torture_context *tctx,
+					struct dcerpc_pipe *p,
+					struct cli_credentials *machine_credentials)
+{
+	uint32_t flags[] = { 0, NETLOGON_NEG_STRONG_KEYS };
+	struct netlogon_creds_CredentialState *creds;
+	int i;
+
+	if (!test_SetupCredentials2(p, tctx, 0,
+				    machine_credentials,
+				    cli_credentials_get_secure_channel_type(machine_credentials),
+				    &creds)) {
+		torture_skip(tctx, "DC does not support negotiation of 64bit session keys");
+	}
+
+	for (i=0; i < ARRAY_SIZE(flags); i++) {
+		torture_assert(tctx,
+			test_SetPassword_flags(tctx, p, machine_credentials, flags[i]),
+			talloc_asprintf(tctx, "failed to test SetPassword negotiating with 0x%08x flags", flags[i]));
+	}
+
+	return true;
+}
+
+struct torture_suite *torture_rpc_netlogon(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "netlogon");
+	struct torture_rpc_tcase *tcase;
+	struct torture_test *test;
+
+	tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, "netlogon",
+						  &ndr_table_netlogon, TEST_MACHINE_NAME);
+
+	torture_rpc_tcase_add_test_creds(tcase, "SetupCredentialsDowngrade", test_SetupCredentialsDowngrade);
+	torture_rpc_tcase_add_test(tcase, "lsa_over_netlogon", test_lsa_over_netlogon);
+
+	torture_rpc_tcase_add_test_creds(tcase, "GetForestTrustInformation", test_netr_GetForestTrustInformation);
+	torture_rpc_tcase_add_test_creds(tcase, "ServerGetTrustInfo_AES", test_netr_ServerGetTrustInfo_AES);
+	torture_rpc_tcase_add_test_creds(tcase, "ServerGetTrustInfo", test_netr_ServerGetTrustInfo);
+	torture_rpc_tcase_add_test(tcase, "DsRAddressToSitenamesExW", test_netr_DsRAddressToSitenamesExW);
+	torture_rpc_tcase_add_test(tcase, "DsRAddressToSitenamesW", test_netr_DsRAddressToSitenamesW);
+	torture_rpc_tcase_add_test(tcase, "DsrGetDcSiteCoverageW", test_netr_DsrGetDcSiteCoverageW);
+	torture_rpc_tcase_add_test(tcase, "DsRGetDCNameEx2", test_netr_DsRGetDCNameEx2);
+	torture_rpc_tcase_add_test(tcase, "DsRGetDCNameEx", test_netr_DsRGetDCNameEx);
+	torture_rpc_tcase_add_test(tcase, "DsRGetDCName", test_netr_DsRGetDCName);
+	test = torture_rpc_tcase_add_test_creds(tcase, "GetDomainInfo_async", test_GetDomainInfo_async);
+	test->dangerous = true;
+	torture_rpc_tcase_add_test(tcase, "NetrEnumerateTrustedDomainsEx", test_netr_NetrEnumerateTrustedDomainsEx);
+	torture_rpc_tcase_add_test(tcase, "NetrEnumerateTrustedDomains", test_netr_NetrEnumerateTrustedDomains);
+	torture_rpc_tcase_add_test(tcase, "DsrEnumerateDomainTrusts", test_DsrEnumerateDomainTrusts);
+	torture_rpc_tcase_add_test_creds(tcase, "DatabaseSync2", test_DatabaseSync2);
+	torture_rpc_tcase_add_test(tcase, "GetAnyDCName", test_GetAnyDCName);
+	torture_rpc_tcase_add_test(tcase, "ManyGetDCName", test_ManyGetDCName);
+	torture_rpc_tcase_add_test(tcase, "GetDcName", test_GetDcName);
+	torture_rpc_tcase_add_test_creds(tcase, "AccountSync", test_AccountSync);
+	torture_rpc_tcase_add_test_creds(tcase, "AccountDeltas", test_AccountDeltas);
+	torture_rpc_tcase_add_test_creds(tcase, "DatabaseRedo", test_DatabaseRedo);
+	torture_rpc_tcase_add_test_creds(tcase, "DatabaseDeltas", test_DatabaseDeltas);
+	torture_rpc_tcase_add_test_creds(tcase, "DatabaseSync", test_DatabaseSync);
+	torture_rpc_tcase_add_test_creds(tcase, "GetDomainInfo", test_GetDomainInfo);
+	torture_rpc_tcase_add_test_creds(tcase, "GetTrustPasswords", test_GetTrustPasswords);
+	torture_rpc_tcase_add_test_creds(tcase, "GetPassword", test_GetPassword);
+	torture_rpc_tcase_add_test_creds(tcase, "SetPassword2_AES", test_SetPassword2_AES);
+	torture_rpc_tcase_add_test_creds(tcase, "SetPassword2", test_SetPassword2);
+	torture_rpc_tcase_add_test_creds(tcase, "SetPassword", test_SetPassword);
+	torture_rpc_tcase_add_test_creds(tcase, "ServerReqChallengeReuse", test_ServerReqChallengeReuse);
+	torture_rpc_tcase_add_test_creds(tcase, "ServerReqChallengeReuseGlobal4", test_ServerReqChallengeReuseGlobal4);
+	torture_rpc_tcase_add_test_creds(tcase, "ServerReqChallengeReuseGlobal3", test_ServerReqChallengeReuseGlobal3);
+	torture_rpc_tcase_add_test_creds(tcase, "ServerReqChallengeReuseGlobal2", test_ServerReqChallengeReuseGlobal2);
+	torture_rpc_tcase_add_test_creds(tcase, "ServerReqChallengeReuseGlobal", test_ServerReqChallengeReuseGlobal);
+	torture_rpc_tcase_add_test_creds(tcase, "ServerReqChallengeGlobal", test_ServerReqChallengeGlobal);
+	torture_rpc_tcase_add_test_creds(tcase, "invalidAuthenticate2", test_invalidAuthenticate2);
+	torture_rpc_tcase_add_test_creds(tcase, "SamLogon", test_SamLogon);
+	torture_rpc_tcase_add_test(tcase, "LogonUasLogoff", test_LogonUasLogoff);
+	torture_rpc_tcase_add_test(tcase, "LogonUasLogon", test_LogonUasLogon);
+
+	torture_rpc_tcase_add_test(tcase, "Broken RPC binding handle",
+				   test_netr_broken_binding_handle);
+
+	return suite;
+}
+
+struct torture_suite *torture_rpc_netlogon_s3(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "netlogon-s3");
+	struct torture_rpc_tcase *tcase;
+
+	tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, "netlogon",
+						  &ndr_table_netlogon, TEST_MACHINE_NAME);
+
+	torture_rpc_tcase_add_test_creds(tcase, "SamLogon", test_SamLogon);
+	torture_rpc_tcase_add_test_creds(tcase, "SamLogon_NULL_domain", test_SamLogon_NULL_domain);
+	torture_rpc_tcase_add_test_creds(tcase, "SetPassword", test_SetPassword);
+	torture_rpc_tcase_add_test_creds(tcase, "SetPassword_with_flags", test_SetPassword_with_flags);
+	torture_rpc_tcase_add_test_creds(tcase, "SetPassword2", test_SetPassword2);
+	torture_rpc_tcase_add_test_creds(tcase, "SetPassword2_AES", test_SetPassword2_AES);
+	torture_rpc_tcase_add_test(tcase, "NetrEnumerateTrustedDomains", test_netr_NetrEnumerateTrustedDomains);
+
+	return suite;
+}
+
+struct torture_suite *torture_rpc_netlogon_zerologon(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(
+		mem_ctx,
+		"netlogon.zerologon");
+	struct torture_rpc_tcase *tcase;
+
+	tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(
+		suite,
+		"netlogon",
+		&ndr_table_netlogon,
+		TEST_MACHINE_NAME);
+
+	torture_rpc_tcase_add_test_creds(
+		tcase,
+		"ServerReqChallenge",
+		test_ServerReqChallenge);
+	torture_rpc_tcase_add_test_creds(
+		tcase,
+		"ServerReqChallenge_zero_challenge",
+		test_ServerReqChallenge_zero_challenge);
+	torture_rpc_tcase_add_test_creds(
+		tcase,
+		"ServerReqChallenge_5_repeats",
+		test_ServerReqChallenge_5_repeats);
+	torture_rpc_tcase_add_test_creds(
+		tcase,
+		"ServerReqChallenge_4_repeats",
+		test_ServerReqChallenge_4_repeats);
+	torture_rpc_tcase_add_test_creds(
+		tcase,
+		"test_SetPassword2_encrypted_to_all_zeros",
+		test_SetPassword2_encrypted_to_all_zeros);
+	torture_rpc_tcase_add_test_creds(
+		tcase,
+		"test_SetPassword2_password_encrypts_to_zero",
+		test_SetPassword2_password_encrypts_to_zero);
+	torture_rpc_tcase_add_test_creds(
+		tcase,
+		"test_SetPassword2_confounder",
+		test_SetPassword2_confounder);
+	torture_rpc_tcase_add_test_creds(
+		tcase,
+		"test_SetPassword2_all_zeros",
+		test_SetPassword2_all_zeros);
+	torture_rpc_tcase_add_test_creds(
+		tcase,
+		"test_SetPassword2_all_zero_password",
+		test_SetPassword2_all_zero_password);
+	torture_rpc_tcase_add_test_creds(
+		tcase,
+		"test_SetPassword2_maximum_length_password",
+		test_SetPassword2_maximum_length_password);
+
+	return suite;
+}
+
+struct torture_suite *torture_rpc_netlogon_admin(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "netlogon.admin");
+	struct torture_rpc_tcase *tcase;
+
+	tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, "bdc",
+						  &ndr_table_netlogon, TEST_MACHINE_NAME);
+	torture_rpc_tcase_add_test_creds(tcase, "LogonControl", test_LogonControl);
+	torture_rpc_tcase_add_test_creds(tcase, "LogonControl2", test_LogonControl2);
+	torture_rpc_tcase_add_test_creds(tcase, "LogonControl2Ex", test_LogonControl2Ex);
+
+	tcase = torture_suite_add_machine_workstation_rpc_iface_tcase(suite, "wkst",
+						  &ndr_table_netlogon, TEST_MACHINE_NAME);
+	torture_rpc_tcase_add_test_creds(tcase, "LogonControl", test_LogonControl);
+	torture_rpc_tcase_add_test_creds(tcase, "LogonControl2", test_LogonControl2);
+	torture_rpc_tcase_add_test_creds(tcase, "LogonControl2Ex", test_LogonControl2Ex);
+
+	tcase = torture_suite_add_rpc_iface_tcase(suite, "admin",
+						  &ndr_table_netlogon);
+	torture_rpc_tcase_add_test_creds(tcase, "LogonControl", test_LogonControl);
+	torture_rpc_tcase_add_test_creds(tcase, "LogonControl2", test_LogonControl2);
+	torture_rpc_tcase_add_test_creds(tcase, "LogonControl2Ex", test_LogonControl2Ex);
+
+	return suite;
+}
diff --git a/source4/torture/rpc/netlogon.h b/source4/torture/rpc/netlogon.h
new file mode 100644
index 0000000..a4ab8f0
--- /dev/null
+++ b/source4/torture/rpc/netlogon.h
@@ -0,0 +1,37 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB torture tester
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2008-2009
+   Copyright (C) Sumit Bose <sbose@redhat.com> 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+bool test_SetupCredentials2(struct dcerpc_pipe *p, struct torture_context *tctx,
+			    uint32_t negotiate_flags,
+			    struct cli_credentials *machine_credentials,
+			    int sec_chan_type,
+			    struct netlogon_creds_CredentialState **creds_out);
+
+bool test_SetupCredentials3(struct dcerpc_pipe *p, struct torture_context *tctx,
+			    uint32_t negotiate_flags,
+			    struct cli_credentials *machine_credentials,
+			    struct netlogon_creds_CredentialState **creds_out);
+
+bool test_SetupCredentialsPipe(const struct dcerpc_pipe *p1,
+			       struct torture_context *tctx,
+			       struct cli_credentials *machine_credentials,
+			       struct netlogon_creds_CredentialState *creds,
+			       uint32_t additional_flags,
+			       struct dcerpc_pipe **_p2);
diff --git a/source4/torture/rpc/netlogon_crypto.c b/source4/torture/rpc/netlogon_crypto.c
new file mode 100644
index 0000000..8584460
--- /dev/null
+++ b/source4/torture/rpc/netlogon_crypto.c
@@ -0,0 +1,274 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   test suite for netlogon rpc operations
+
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003-2004
+   Copyright (C) Tim Potter      2003
+   Copyright (C) Matthias Dieter Wallnöfer            2009-2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/replace/system/network.h"
+#include "lib/cmdline/cmdline.h"
+#include "torture/rpc/torture_rpc.h"
+#include "libcli/auth/libcli_auth.h"
+#include "librpc/gen_ndr/ndr_netlogon_c.h"
+#include "param/param.h"
+#include "lib/param/loadparm.h"
+#include "libcli/security/security.h"
+
+#undef strcasecmp
+
+#define TEST_MACHINE_NAME "torturetest"
+
+static bool test_ServerAuth3Crypto(struct dcerpc_pipe *p,
+				   struct torture_context *tctx,
+				   uint32_t negotiate_flags,
+				   struct cli_credentials *machine_credentials,
+				   bool force_client_rc4)
+{
+	struct netr_ServerReqChallenge r;
+	struct netr_ServerAuthenticate3 a;
+	struct netr_Credential netr_creds1 = {
+		.data = {0},
+	};
+	struct netr_Credential netr_creds2 = {
+		.data = {0},
+	};
+	struct netr_Credential netr_creds3 = {
+		.data = {0},
+	};
+	struct netlogon_creds_CredentialState *creds_state = NULL;
+	struct samr_Password machine_password = {
+		.hash = {0},
+	};
+	const char *machine_name = NULL;
+	const char *plain_pass = NULL;
+	struct dcerpc_binding_handle *b = NULL;
+	uint32_t rid = 0;
+	NTSTATUS status;
+	bool weak_crypto_allowed =
+		(lpcfg_weak_crypto(tctx->lp_ctx) ==
+		 SAMBA_WEAK_CRYPTO_ALLOWED);
+
+	if (p == NULL) {
+		return false;
+	}
+	b = p->binding_handle;
+
+	ZERO_STRUCT(r);
+	ZERO_STRUCT(a);
+
+	torture_comment(tctx, "client negotiate_flags=0x%08x\n", negotiate_flags);
+
+	machine_name = cli_credentials_get_workstation(machine_credentials);
+	torture_assert_not_null(tctx, machine_name, "machine name is not set");
+
+	plain_pass = cli_credentials_get_password(machine_credentials);
+	torture_assert_not_null(tctx, plain_pass, "plain_pass is not set");
+
+
+	torture_comment(tctx, "Testing ServerReqChallenge\n");
+
+	r.in.server_name = NULL;
+	r.in.computer_name = machine_name;
+	r.in.credentials = &netr_creds1;
+	r.out.return_credentials = &netr_creds2;
+
+	netlogon_creds_random_challenge(&netr_creds1);
+
+	status = dcerpc_netr_ServerReqChallenge_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx,
+				   status,
+				   "ServerReqChallenge failed");
+	torture_assert_ntstatus_ok(tctx,
+				   r.out.result,
+				   "ServerReqChallenge failed");
+
+	E_md4hash(plain_pass, machine_password.hash);
+
+	a.in.server_name = NULL;
+	a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
+	a.in.secure_channel_type =
+		cli_credentials_get_secure_channel_type(machine_credentials);
+	a.in.computer_name = machine_name;
+	a.in.negotiate_flags = &negotiate_flags;
+	a.in.credentials = &netr_creds3;
+	a.out.return_credentials = &netr_creds3;
+	a.out.negotiate_flags = &negotiate_flags;
+	a.out.rid = &rid;
+
+	if (force_client_rc4) {
+		GNUTLS_FIPS140_SET_LAX_MODE();
+	}
+	creds_state = netlogon_creds_client_init(tctx,
+						 a.in.account_name,
+						 a.in.computer_name,
+						 a.in.secure_channel_type,
+						 &netr_creds1,
+						 &netr_creds2,
+						 &machine_password,
+						 &netr_creds3,
+						 negotiate_flags);
+	GNUTLS_FIPS140_SET_STRICT_MODE();
+	/* Test that we fail to encrypt with RC4 */
+	if (creds_state == NULL &&
+	    !weak_crypto_allowed && !force_client_rc4 &&
+	    (negotiate_flags & NETLOGON_NEG_ARCFOUR)) {
+		return false;
+	}
+	torture_assert_not_null(tctx,
+				creds_state,
+				"Failed init netlogon client creds");
+
+
+	torture_comment(tctx, "Testing ServerAuthenticate3\n");
+
+	status = dcerpc_netr_ServerAuthenticate3_r(b, tctx, &a);
+	torture_assert_ntstatus_ok(tctx,
+				   status,
+				   "ServerAuthenticate3 failed");
+
+	/* Check that the server denies RC4 */
+	if (!NT_STATUS_IS_OK(a.out.result) &&
+	    !weak_crypto_allowed &&
+	    force_client_rc4) {
+		torture_assert_ntstatus_equal(tctx,
+					      a.out.result,
+					      NT_STATUS_DOWNGRADE_DETECTED,
+					      "Unexpected status code");
+		return false;
+	}
+	torture_assert_ntstatus_ok(tctx,
+				   a.out.result,
+				   "ServerAuthenticate3 failed");
+	torture_assert(tctx,
+		       netlogon_creds_client_check(creds_state, &netr_creds3),
+		       "Credential chaining failed");
+
+	torture_comment(tctx,
+			"server negotiate_flags=0x%08x\n",
+			negotiate_flags);
+
+	if (!weak_crypto_allowed) {
+		torture_assert(tctx,
+			       (negotiate_flags & NETLOGON_NEG_ARCFOUR) == 0,
+			       "Server should not announce RC4 support");
+	}
+
+	/* Prove that requesting a challenge again won't break it */
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
+		"ServerReqChallenge failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed");
+
+	return true;
+}
+
+
+/* Test that we can successfully authenticate using AES. */
+static bool test_AES_Crypto(struct torture_context *tctx,
+			    struct dcerpc_pipe *p,
+			    struct cli_credentials *machine_credentials)
+{
+	uint32_t negotiate_flags =
+		NETLOGON_NEG_AUTH2_ADS_FLAGS|
+		NETLOGON_NEG_SUPPORTS_AES;
+	bool ok;
+
+	ok = test_ServerAuth3Crypto(p,
+				    tctx,
+				    negotiate_flags,
+				    machine_credentials,
+				    false);
+	if (!ok) {
+		return false;
+	}
+
+	return true;
+}
+
+/* If we try to use RC4, the client code should fail to encrypt. */
+static bool test_RC4_Crypto_Fail(struct torture_context *tctx,
+				 struct dcerpc_pipe *p,
+				 struct cli_credentials *machine_credentials)
+{
+	uint32_t negotiate_flags =
+		NETLOGON_NEG_AUTH2_ADS_FLAGS|
+		NETLOGON_NEG_ARCFOUR;
+	bool ok;
+
+	ok = test_ServerAuth3Crypto(p,
+				    tctx,
+				    negotiate_flags,
+				    machine_credentials,
+				    false);
+	if (!ok) {
+		return true;
+	}
+
+	return false;
+}
+
+/*
+ * Enforce the use of RC4 and try to authenticate. The server should fail
+ * in this case as it doesn't allow RC4
+ */
+static bool test_RC4_Crypto_Force(struct torture_context *tctx,
+				  struct dcerpc_pipe *p,
+				  struct cli_credentials *machine_credentials)
+{
+	uint32_t negotiate_flags =
+		NETLOGON_NEG_AUTH2_ADS_FLAGS|
+		NETLOGON_NEG_ARCFOUR;
+	bool ok;
+
+	ok = test_ServerAuth3Crypto(p,
+				    tctx,
+				    negotiate_flags,
+				    machine_credentials,
+				    true);
+	if (!ok) {
+		return true;
+	}
+
+	return false;
+}
+
+struct torture_suite *torture_rpc_netlogon_crypto_fips(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx,
+							   "fips.netlogon.crypto");
+	struct torture_rpc_tcase *tcase = NULL;
+
+	tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite,
+							      "netlogon",
+							      &ndr_table_netlogon,
+							      TEST_MACHINE_NAME);
+
+	torture_rpc_tcase_add_test_creds(tcase,
+					 "test_AES_Crytpo",
+					 test_AES_Crypto);
+	torture_rpc_tcase_add_test_creds(tcase,
+					 "test_RC4_Crytpo_Fail",
+					 test_RC4_Crypto_Fail);
+	torture_rpc_tcase_add_test_creds(tcase,
+					 "test_RC4_Crytpo_Force",
+					 test_RC4_Crypto_Force);
+
+	return suite;
+}
diff --git a/source4/torture/rpc/ntsvcs.c b/source4/torture/rpc/ntsvcs.c
new file mode 100644
index 0000000..a25129d
--- /dev/null
+++ b/source4/torture/rpc/ntsvcs.c
@@ -0,0 +1,189 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for rpc ntsvcs operations
+
+   Copyright (C) Guenther Deschner 2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "torture/rpc/torture_rpc.h"
+#include "librpc/gen_ndr/ndr_ntsvcs_c.h"
+
+static bool test_PNP_GetVersion(struct torture_context *tctx,
+				struct dcerpc_pipe *p)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	NTSTATUS status;
+	struct PNP_GetVersion r;
+	uint16_t version = 0;
+
+	r.out.version = &version;
+
+	status = dcerpc_PNP_GetVersion_r(b, tctx, &r);
+
+	torture_assert_ntstatus_ok(tctx, status, "PNP_GetVersion");
+	torture_assert_werr_ok(tctx, r.out.result, "PNP_GetVersion");
+	torture_assert_int_equal(tctx, version, 0x400, "invalid version");
+
+	return true;
+}
+
+static bool test_PNP_GetDeviceListSize(struct torture_context *tctx,
+				       struct dcerpc_pipe *p)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct PNP_GetDeviceListSize r;
+	uint32_t size = 0;
+
+	r.in.devicename = NULL;
+	r.in.flags = CM_GETIDLIST_FILTER_SERVICE;
+	r.out.size = &size;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_PNP_GetDeviceListSize_r(b, tctx, &r),
+		"PNP_GetDeviceListSize");
+	torture_assert_werr_equal(tctx, r.out.result, WERR_CM_INVALID_POINTER,
+		"PNP_GetDeviceListSize");
+
+	r.in.devicename = "Spooler";
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_PNP_GetDeviceListSize_r(b, tctx, &r),
+		"PNP_GetDeviceListSize");
+	torture_assert_werr_ok(tctx, r.out.result,
+		"PNP_GetDeviceListSize");
+
+	return true;
+}
+
+static bool test_PNP_GetDeviceList(struct torture_context *tctx,
+				   struct dcerpc_pipe *p)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct PNP_GetDeviceList r;
+	uint16_t *buffer = NULL;
+	uint32_t length = 0;
+
+	buffer = talloc_array(tctx, uint16_t, 0);
+
+	r.in.filter = NULL;
+	r.in.flags = CM_GETIDLIST_FILTER_SERVICE;
+	r.in.length = &length;
+	r.out.length = &length;
+	r.out.buffer = buffer;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_PNP_GetDeviceList_r(b, tctx, &r),
+		"PNP_GetDeviceList failed");
+	torture_assert_werr_equal(tctx, r.out.result, WERR_CM_INVALID_POINTER,
+		"PNP_GetDeviceList failed");
+
+	r.in.filter = "Spooler";
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_PNP_GetDeviceList_r(b, tctx, &r),
+		"PNP_GetDeviceList failed");
+
+	if (W_ERROR_EQUAL(r.out.result, WERR_CM_BUFFER_SMALL)) {
+		struct PNP_GetDeviceListSize s;
+
+		s.in.devicename = "Spooler";
+		s.in.flags = CM_GETIDLIST_FILTER_SERVICE;
+		s.out.size = &length;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_PNP_GetDeviceListSize_r(b, tctx, &s),
+			"PNP_GetDeviceListSize failed");
+		torture_assert_werr_ok(tctx, s.out.result,
+			"PNP_GetDeviceListSize failed");
+	}
+
+	buffer = talloc_array(tctx, uint16_t, length);
+
+	r.in.length = &length;
+	r.out.length = &length;
+	r.out.buffer = buffer;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_PNP_GetDeviceList_r(b, tctx, &r),
+		"PNP_GetDeviceList failed");
+
+	torture_assert_werr_ok(tctx, r.out.result,
+		"PNP_GetDeviceList failed");
+
+	return true;
+}
+
+static bool test_PNP_GetDeviceRegProp(struct torture_context *tctx,
+				      struct dcerpc_pipe *p)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	NTSTATUS status;
+	struct PNP_GetDeviceRegProp r;
+
+	enum winreg_Type reg_data_type = REG_NONE;
+	uint32_t buffer_size = 0;
+	uint32_t needed = 0;
+	uint8_t *buffer;
+
+	buffer = talloc(tctx, uint8_t);
+
+	r.in.devicepath = "ACPI\\ACPI0003\\1";
+	r.in.property = DEV_REGPROP_DESC;
+	r.in.flags = 0;
+	r.in.reg_data_type = &reg_data_type;
+	r.in.buffer_size = &buffer_size;
+	r.in.needed = &needed;
+	r.out.buffer = buffer;
+	r.out.reg_data_type = &reg_data_type;
+	r.out.buffer_size = &buffer_size;
+	r.out.needed = &needed;
+
+	status = dcerpc_PNP_GetDeviceRegProp_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "PNP_GetDeviceRegProp");
+
+	if (W_ERROR_EQUAL(r.out.result, WERR_CM_BUFFER_SMALL)) {
+
+		buffer = talloc_array(tctx, uint8_t, needed);
+		r.in.buffer_size = &needed;
+
+		status = dcerpc_PNP_GetDeviceRegProp_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "PNP_GetDeviceRegProp");
+	}
+
+	return true;
+}
+
+struct torture_suite *torture_rpc_ntsvcs(TALLOC_CTX *mem_ctx)
+{
+	struct torture_rpc_tcase *tcase;
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "ntsvcs");
+
+	tcase = torture_suite_add_rpc_iface_tcase(suite, "ntsvcs",
+						  &ndr_table_ntsvcs);
+
+	torture_rpc_tcase_add_test(tcase, "PNP_GetDeviceRegProp",
+				   test_PNP_GetDeviceRegProp);
+	torture_rpc_tcase_add_test(tcase, "PNP_GetDeviceList",
+				   test_PNP_GetDeviceList);
+	torture_rpc_tcase_add_test(tcase, "PNP_GetDeviceListSize",
+				   test_PNP_GetDeviceListSize);
+	torture_rpc_tcase_add_test(tcase, "PNP_GetVersion",
+				   test_PNP_GetVersion);
+
+	return suite;
+}
diff --git a/source4/torture/rpc/object_uuid.c b/source4/torture/rpc/object_uuid.c
new file mode 100644
index 0000000..2209954
--- /dev/null
+++ b/source4/torture/rpc/object_uuid.c
@@ -0,0 +1,85 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   test suite for behaviour of object uuids in rpc requests
+
+   Copyright (C) Stefan Metzmacher 2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_dssetup.h"
+#include "librpc/gen_ndr/ndr_lsa.h"
+#include "torture/rpc/torture_rpc.h"
+
+/*
+  this tests the send object uuids in the dcerpc request
+*/
+
+static bool test_random_uuid(struct torture_context *torture)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p1, *p2;
+	struct GUID uuid;
+	struct dssetup_DsRoleGetPrimaryDomainInformation r1;
+	struct lsa_GetUserName r2;
+	struct lsa_String *authority_name_p = NULL;
+	struct lsa_String *account_name_p = NULL;
+
+	torture_comment(torture, "RPC-OBJECTUUID-RANDOM\n");
+
+	status = torture_rpc_connection(torture, &p1, &ndr_table_dssetup);
+	torture_assert_ntstatus_ok(torture, status, "opening dsetup pipe1");
+
+	status = torture_rpc_connection(torture, &p2, &ndr_table_lsarpc);
+	torture_assert_ntstatus_ok(torture, status, "opening lsa pipe1");
+
+	uuid = GUID_random();
+
+	r1.in.level = DS_ROLE_BASIC_INFORMATION;
+	status = dcerpc_binding_handle_call(p1->binding_handle,
+				    &uuid,
+				    &ndr_table_dssetup,
+				    NDR_DSSETUP_DSROLEGETPRIMARYDOMAININFORMATION,
+				    torture, &r1);
+	torture_assert_ntstatus_ok(torture, status, "DsRoleGetPrimaryDomainInformation failed");
+	torture_assert_werr_ok(torture, r1.out.result, "DsRoleGetPrimaryDomainInformation failed");
+
+	uuid = GUID_random();
+
+	r2.in.system_name = "\\";
+	r2.in.account_name = &account_name_p;
+	r2.in.authority_name = &authority_name_p;
+	r2.out.account_name = &account_name_p;
+	r2.out.authority_name = &authority_name_p;
+
+	status = dcerpc_binding_handle_call(p2->binding_handle,
+				    &uuid,
+				    &ndr_table_lsarpc,
+				    NDR_LSA_GETUSERNAME,
+				    torture, &r2);
+	torture_assert_ntstatus_ok(torture, status, "lsaClose failed");
+	torture_assert_ntstatus_ok(torture, r2.out.result, "lsaClose failed");
+
+	return true;
+}
+
+struct torture_suite *torture_rpc_object_uuid(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite;
+	suite = torture_suite_create(mem_ctx, "objectuuid");
+	torture_suite_add_simple_test(suite, "random-uuid", test_random_uuid);
+	return suite;
+}
diff --git a/source4/torture/rpc/remote_pac.c b/source4/torture/rpc/remote_pac.c
new file mode 100644
index 0000000..8f4ee2b
--- /dev/null
+++ b/source4/torture/rpc/remote_pac.c
@@ -0,0 +1,1425 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   test suite for netlogon PAC operations
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2012
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "auth/auth.h"
+#include "auth/auth_sam_reply.h"
+#include "auth/gensec/gensec.h"
+#include "system/kerberos.h"
+#include "auth/kerberos/kerberos.h"
+#include "auth/credentials/credentials.h"
+#include "auth/credentials/credentials_krb5.h"
+#include "lib/cmdline/cmdline.h"
+#include "torture/rpc/torture_rpc.h"
+#include "libcli/auth/libcli_auth.h"
+#include "libcli/security/security.h"
+#include "librpc/gen_ndr/ndr_netlogon_c.h"
+#include "librpc/gen_ndr/ndr_krb5pac.h"
+#include "librpc/gen_ndr/ndr_samr_c.h"
+#include "param/param.h"
+#include <ldb.h>
+#include "ldb_wrap.h"
+#include "dsdb/samdb/samdb.h"
+
+#define TEST_MACHINE_NAME_BDC "torturepacbdc"
+#define TEST_MACHINE_NAME_WKSTA "torturepacwksta"
+#define TEST_MACHINE_NAME_S4U2SELF_BDC "tests4u2selfbdc"
+#define TEST_MACHINE_NAME_S4U2SELF_WKSTA "tests4u2selfwk"
+#define TEST_MACHINE_NAME_S4U2PROXY_WKSTA "tests4u2proxywk"
+
+struct pac_data {
+	DATA_BLOB pac_blob;
+	struct PAC_SIGNATURE_DATA *pac_srv_sig;
+	struct PAC_SIGNATURE_DATA *pac_kdc_sig;
+};
+
+/* A helper function which avoids touching the local databases to
+ * generate the session info, as we just want to verify the PAC
+ * details, not the full local token */
+static NTSTATUS test_generate_session_info_pac(struct auth4_context *auth_ctx,
+					       TALLOC_CTX *mem_ctx,
+					       struct smb_krb5_context *smb_krb5_context,
+					       DATA_BLOB *pac_blob,
+					       const char *principal_name,
+					       const struct tsocket_address *remote_address,
+					       uint32_t session_info_flags,
+					       struct auth_session_info **session_info)
+{
+	NTSTATUS nt_status;
+	struct auth_user_info_dc *user_info_dc;
+	TALLOC_CTX *tmp_ctx;
+	struct pac_data *pac_data;
+
+	if (pac_blob == NULL) {
+		DBG_ERR("pac_blob missing\n");
+		return NT_STATUS_NO_IMPERSONATION_TOKEN;
+	}
+
+	tmp_ctx = talloc_named(mem_ctx, 0, "gensec_gssapi_session_info context");
+	NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
+
+	auth_ctx->private_data = pac_data = talloc_zero(auth_ctx, struct pac_data);
+
+	pac_data->pac_blob = data_blob_dup_talloc(pac_data, *pac_blob);
+	if (pac_data->pac_blob.length != pac_blob->length) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	pac_data->pac_srv_sig = talloc(tmp_ctx, struct PAC_SIGNATURE_DATA);
+	if (!pac_data->pac_srv_sig) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+	pac_data->pac_kdc_sig = talloc(tmp_ctx, struct PAC_SIGNATURE_DATA);
+	if (!pac_data->pac_kdc_sig) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	nt_status = kerberos_pac_blob_to_user_info_dc(tmp_ctx,
+						      *pac_blob,
+						      smb_krb5_context->krb5_context,
+						      &user_info_dc,
+						      pac_data->pac_srv_sig,
+						      pac_data->pac_kdc_sig);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(tmp_ctx);
+		return nt_status;
+	}
+
+	talloc_steal(pac_data, pac_data->pac_srv_sig);
+	talloc_steal(pac_data, pac_data->pac_kdc_sig);
+
+	if (!(user_info_dc->info->user_flags & NETLOGON_GUEST)) {
+		session_info_flags |= AUTH_SESSION_INFO_AUTHENTICATED;
+	}
+
+	session_info_flags |= AUTH_SESSION_INFO_SIMPLE_PRIVILEGES;
+	nt_status = auth_generate_session_info(mem_ctx,
+					       NULL,
+					       NULL,
+					       user_info_dc, session_info_flags,
+					       session_info);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(tmp_ctx);
+		return nt_status;
+	}
+
+	talloc_free(tmp_ctx);
+	return nt_status;
+}
+
+/* Check to see if we can pass the PAC across to the NETLOGON server for validation */
+
+static const struct PAC_BUFFER *get_pac_buffer(const struct PAC_DATA *pac_data,
+					       enum PAC_TYPE type)
+{
+	const struct PAC_BUFFER *pac_buf = NULL;
+	uint32_t i;
+
+	for (i = 0; i < pac_data->num_buffers; ++i) {
+		pac_buf = &pac_data->buffers[i];
+
+		if (pac_buf->type == type) {
+			break;
+		}
+	}
+
+	return pac_buf;
+}
+
+/* Also happens to be a really good one-step verification of our Kerberos stack */
+
+static bool netlogon_validate_pac(struct torture_context *tctx,
+				  struct dcerpc_pipe *p1,
+				  struct cli_credentials *server_creds,
+				  enum netr_SchannelType secure_channel_type,
+				  const char *test_machine_name,
+				  uint32_t negotiate_flags,
+				  struct pac_data *pac_data,
+				  struct auth_session_info *session_info);
+
+static bool test_PACVerify(struct torture_context *tctx,
+			   struct dcerpc_pipe *p,
+			   struct cli_credentials *credentials,
+			   enum netr_SchannelType secure_channel_type,
+			   const char *test_machine_name,
+			   uint32_t negotiate_flags)
+{
+	NTSTATUS status;
+	bool ok;
+	const char *pkinit_ccache = torture_setting_string(tctx, "pkinit_ccache", NULL);
+	bool pkinit_in_use = pkinit_ccache != NULL;
+	bool expect_pac_upn_dns_info = torture_setting_bool(tctx, "expect_pac_upn_dns_info", true);
+	size_t num_pac_buffers;
+	struct gensec_security *gensec_client_context;
+	struct gensec_security *gensec_server_context;
+	struct cli_credentials *client_creds;
+	struct cli_credentials *server_creds;
+
+	DATA_BLOB client_to_server, server_to_client;
+	struct PAC_DATA pac_data_struct;
+	enum ndr_err_code ndr_err;
+
+	struct auth4_context *auth_context;
+	struct auth_session_info *session_info;
+	struct pac_data *pac_data;
+	const struct PAC_BUFFER *pac_buf = NULL;
+
+	TALLOC_CTX *tmp_ctx = talloc_new(tctx);
+	torture_assert(tctx, tmp_ctx != NULL, "talloc_new() failed");
+
+	torture_comment(tctx,
+		"Testing PAC Verify (secure_channel_type: %d, machine: %s, negotiate_flags: 0x%08x\n",
+		secure_channel_type, test_machine_name, negotiate_flags);
+
+	if (pkinit_in_use) {
+		struct cli_credentials *tmp_creds = NULL;
+		const char *error_string = NULL;
+		int rc;
+
+		torture_comment(tctx,
+				"Using pkinit_ccache=%s\n",
+				pkinit_ccache);
+
+		tmp_creds = cli_credentials_init(tctx);
+		torture_assert(tctx, tmp_creds, "Failed to create credentials");
+
+		rc = cli_credentials_set_ccache(tmp_creds,
+						tctx->lp_ctx,
+						pkinit_ccache,
+						CRED_SPECIFIED,
+						&error_string);
+		torture_assert_int_equal(tctx,
+					 rc,
+					 0,
+					 "cli_credentials_set_ccache failed");
+		cli_credentials_set_kerberos_state(tmp_creds,
+						   CRED_USE_KERBEROS_REQUIRED,
+						   CRED_SPECIFIED);
+
+		/*
+		 * Copy the credentials in order to use a different MEMORY krb5
+		 * ccache for each client/server setup. The MEMORY cache
+		 * identifier is a pointer to the creds container. If we copy
+		 * it the pointer changes and we will get a new clean memory
+		 * cache.
+		 */
+		client_creds =
+			cli_credentials_shallow_copy(tmp_ctx, tmp_creds);
+		torture_assert(tctx,
+			       client_creds,
+			       "Failed to copy of credentials");
+	} else {
+		/*
+		 * Copy the credentials in order to use a different MEMORY krb5
+		 * ccache for each client/server setup. The MEMORY cache
+		 * identifier is a pointer to the creds container. If we copy
+		 * it the pointer changes and we will get a new clean memory
+		 * cache.
+		 */
+		client_creds =
+			cli_credentials_shallow_copy(tmp_ctx,
+						     samba_cmdline_get_creds());
+		torture_assert(tctx,
+			       client_creds,
+			       "Failed to copy of credentials");
+		cli_credentials_invalidate_ccache(client_creds, CRED_SPECIFIED);
+	}
+
+
+	server_creds = cli_credentials_shallow_copy(tmp_ctx,
+						    credentials);
+	torture_assert(tctx, server_creds, "Failed to copy of credentials");
+
+	auth_context = talloc_zero(tmp_ctx, struct auth4_context);
+	torture_assert(tctx, auth_context != NULL, "talloc_new() failed");
+
+	auth_context->generate_session_info_pac = test_generate_session_info_pac;
+
+	status = gensec_client_start(tctx, &gensec_client_context,
+				     lpcfg_gensec_settings(tctx, tctx->lp_ctx));
+	torture_assert_ntstatus_ok(tctx, status, "gensec_client_start (client) failed");
+
+	status = gensec_set_target_hostname(gensec_client_context, test_machine_name);
+
+	status = gensec_set_credentials(gensec_client_context, client_creds);
+	torture_assert_ntstatus_ok(tctx, status, "gensec_set_credentials (client) failed");
+
+	status = gensec_start_mech_by_sasl_name(gensec_client_context, "GSSAPI");
+	torture_assert_ntstatus_ok(tctx, status, "gensec_start_mech_by_sasl_name (client) failed");
+
+	status = gensec_server_start(tctx,
+				     lpcfg_gensec_settings(tctx, tctx->lp_ctx),
+				     auth_context, &gensec_server_context);
+	torture_assert_ntstatus_ok(tctx, status, "gensec_server_start (server) failed");
+
+	status = gensec_set_credentials(gensec_server_context, server_creds);
+	torture_assert_ntstatus_ok(tctx, status, "gensec_set_credentials (server) failed");
+
+	status = gensec_start_mech_by_sasl_name(gensec_server_context, "GSSAPI");
+	torture_assert_ntstatus_ok(tctx, status, "gensec_start_mech_by_sasl_name (server) failed");
+
+	server_to_client = data_blob(NULL, 0);
+
+	do {
+		/* Do a client-server update dance */
+		status = gensec_update(gensec_client_context, tmp_ctx, server_to_client, &client_to_server);
+		if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {;
+			torture_assert_ntstatus_ok(tctx, status, "gensec_update (client) failed");
+		}
+
+		status = gensec_update(gensec_server_context, tmp_ctx, client_to_server, &server_to_client);
+		if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {;
+			torture_assert_ntstatus_ok(tctx, status, "gensec_update (server) failed");
+		}
+
+		if (NT_STATUS_IS_OK(status)) {
+			break;
+		}
+	} while (1);
+
+	/* Extract the PAC using Samba's code */
+
+	status = gensec_session_info(gensec_server_context, gensec_server_context, &session_info);
+	torture_assert_ntstatus_ok(tctx, status, "gensec_session_info failed");
+
+	pac_data = talloc_get_type(auth_context->private_data, struct pac_data);
+
+	torture_assert(tctx, pac_data != NULL, "gensec_update failed to fill in pac_data in auth_context");
+	torture_assert(tctx, pac_data->pac_srv_sig != NULL, "pac_srv_sig not present");
+	torture_assert(tctx, pac_data->pac_kdc_sig != NULL, "pac_kdc_sig not present");
+
+	ndr_err = ndr_pull_struct_blob(&pac_data->pac_blob, tmp_ctx, &pac_data_struct,
+				       (ndr_pull_flags_fn_t)ndr_pull_PAC_DATA);
+	torture_assert(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), "ndr_pull_struct_blob of PAC_DATA structure failed");
+
+	num_pac_buffers = 7;
+	if (expect_pac_upn_dns_info) {
+		num_pac_buffers += 1;
+	}
+	if (pkinit_in_use) {
+		num_pac_buffers += 1;
+	}
+
+	torture_assert_int_equal(tctx, pac_data_struct.version, 0, "version");
+	torture_assert_int_equal(tctx, pac_data_struct.num_buffers, num_pac_buffers, "num_buffers");
+
+	pac_buf = get_pac_buffer(&pac_data_struct, PAC_TYPE_LOGON_INFO);
+	torture_assert_not_null(tctx, pac_buf, "PAC_TYPE_LOGON_INFO");
+	torture_assert(tctx,
+		       pac_buf->info != NULL,
+		       "PAC_TYPE_LOGON_INFO info");
+
+	if (pkinit_in_use) {
+		pac_buf = get_pac_buffer(&pac_data_struct, PAC_TYPE_CREDENTIAL_INFO);
+		torture_assert_not_null(tctx, pac_buf, "PAC_TYPE_CREDENTIAL_INFO");
+		torture_assert(tctx,
+			       pac_buf->info != NULL,
+			       "PAC_TYPE_CREDENTIAL_INFO info");
+	}
+
+	pac_buf = get_pac_buffer(&pac_data_struct, PAC_TYPE_LOGON_NAME);
+	torture_assert_not_null(tctx, pac_buf, "PAC_TYPE_LOGON_NAME");
+	torture_assert(tctx,
+		       pac_buf->info != NULL,
+		       "PAC_TYPE_LOGON_NAME info");
+
+	if (expect_pac_upn_dns_info) {
+		pac_buf = get_pac_buffer(&pac_data_struct, PAC_TYPE_UPN_DNS_INFO);
+		torture_assert_not_null(tctx, pac_buf, "PAC_TYPE_UPN_DNS_INFO");
+		torture_assert(tctx,
+			       pac_buf->info != NULL,
+			       "PAC_TYPE_UPN_DNS_INFO info");
+	}
+
+	pac_buf = get_pac_buffer(&pac_data_struct, PAC_TYPE_SRV_CHECKSUM);
+	torture_assert_not_null(tctx, pac_buf, "PAC_TYPE_SRV_CHECKSUM");
+	torture_assert(tctx,
+		       pac_buf->info != NULL,
+		       "PAC_TYPE_SRV_CHECKSUM info");
+
+	pac_buf = get_pac_buffer(&pac_data_struct, PAC_TYPE_KDC_CHECKSUM);
+	torture_assert_not_null(tctx, pac_buf, "PAC_TYPE_KDC_CHECKSUM");
+	torture_assert(tctx,
+		       pac_buf->info != NULL,
+		       "PAC_TYPE_KDC_CHECKSUM info");
+
+	pac_buf = get_pac_buffer(&pac_data_struct, PAC_TYPE_TICKET_CHECKSUM);
+	torture_assert_not_null(tctx, pac_buf, "PAC_TYPE_TICKET_CHECKSUM");
+	torture_assert(tctx,
+		       pac_buf->info != NULL,
+		       "PAC_TYPE_TICKET_CHECKSUM info");
+
+	pac_buf = get_pac_buffer(&pac_data_struct, PAC_TYPE_FULL_CHECKSUM);
+	torture_assert_not_null(tctx, pac_buf, "PAC_TYPE_FULL_CHECKSUM");
+	torture_assert(tctx,
+		       pac_buf->info != NULL,
+		       "PAC_TYPE_FULL_CHECKSUM info");
+
+	ok = netlogon_validate_pac(tctx, p, server_creds, secure_channel_type, test_machine_name,
+				   negotiate_flags, pac_data, session_info);
+
+	talloc_free(tmp_ctx);
+
+	return ok;
+}
+
+static bool netlogon_validate_pac(struct torture_context *tctx,
+				  struct dcerpc_pipe *p1,
+				  struct cli_credentials *server_creds,
+				  enum netr_SchannelType secure_channel_type,
+				  const char *test_machine_name,
+				  uint32_t negotiate_flags,
+				  struct pac_data *pac_data,
+				  struct auth_session_info *session_info)
+{
+	struct PAC_Validate pac_wrapped_struct;
+	struct netlogon_creds_CredentialState *creds = NULL;
+	struct netr_Authenticator return_authenticator;
+	struct netr_Authenticator auth, auth2;
+	struct netr_GenericInfo generic;
+	struct netr_LogonSamLogon r;
+	union netr_Validation validation;
+	union netr_LogonLevel logon;
+	uint8_t authoritative;
+	struct dcerpc_pipe *p = NULL;
+	struct dcerpc_binding_handle *b = NULL;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB payload, pac_wrapped;
+
+	if (!test_SetupCredentials2(p1, tctx, negotiate_flags,
+				    server_creds, secure_channel_type,
+				    &creds)) {
+		return false;
+	}
+	if (!test_SetupCredentialsPipe(p1, tctx, server_creds, creds,
+				       DCERPC_SIGN | DCERPC_SEAL, &p)) {
+		return false;
+	}
+	b = p->binding_handle;
+
+	pac_wrapped_struct.ChecksumLength = pac_data->pac_srv_sig->signature.length;
+	pac_wrapped_struct.SignatureType = pac_data->pac_kdc_sig->type;
+	pac_wrapped_struct.SignatureLength = pac_data->pac_kdc_sig->signature.length;
+	pac_wrapped_struct.ChecksumAndSignature = payload
+		= data_blob_talloc(tctx, NULL,
+				   pac_wrapped_struct.ChecksumLength
+				   + pac_wrapped_struct.SignatureLength);
+	memcpy(&payload.data[0],
+	       pac_data->pac_srv_sig->signature.data,
+	       pac_wrapped_struct.ChecksumLength);
+	memcpy(&payload.data[pac_wrapped_struct.ChecksumLength],
+	       pac_data->pac_kdc_sig->signature.data,
+	       pac_wrapped_struct.SignatureLength);
+
+	ndr_err = ndr_push_struct_blob(&pac_wrapped, tctx, &pac_wrapped_struct,
+				       (ndr_push_flags_fn_t)ndr_push_PAC_Validate);
+	torture_assert(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), "ndr_push_struct_blob of PACValidate structure failed");
+
+	torture_assert(tctx, (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR), "not willing to even try a PACValidate without RC4 encryption");
+	if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+		netlogon_creds_aes_encrypt(creds, pac_wrapped.data, pac_wrapped.length);
+	} else {
+		netlogon_creds_arcfour_crypt(creds, pac_wrapped.data, pac_wrapped.length);
+	}
+
+	generic.length = pac_wrapped.length;
+	generic.data = pac_wrapped.data;
+
+	/* Validate it over the netlogon pipe */
+
+	generic.identity_info.parameter_control = 0;
+	generic.identity_info.logon_id = 0;
+	generic.identity_info.domain_name.string = session_info->info->domain_name;
+	generic.identity_info.account_name.string = session_info->info->account_name;
+	generic.identity_info.workstation.string = test_machine_name;
+
+	generic.package_name.string = "Kerberos";
+
+	logon.generic = &generic;
+
+	ZERO_STRUCT(auth2);
+	netlogon_creds_client_authenticator(creds, &auth);
+	r.in.credential = &auth;
+	r.in.return_authenticator = &auth2;
+	r.in.logon = &logon;
+	r.in.logon_level = NetlogonGenericInformation;
+	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.computer_name = cli_credentials_get_workstation(server_creds);
+	r.in.validation_level = NetlogonValidationGenericInfo2;
+	r.out.validation = &validation;
+	r.out.authoritative = &authoritative;
+	r.out.return_authenticator = &return_authenticator;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
+		"LogonSamLogon failed");
+
+	torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed");
+
+	/* This will break the signature nicely (even in the crypto wrapping), check we get a logon failure */
+	generic.data[generic.length-1]++;
+
+	logon.generic = &generic;
+
+	ZERO_STRUCT(auth2);
+	netlogon_creds_client_authenticator(creds, &auth);
+	r.in.credential = &auth;
+	r.in.return_authenticator = &auth2;
+	r.in.logon_level = NetlogonGenericInformation;
+	r.in.logon = &logon;
+	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.computer_name = cli_credentials_get_workstation(server_creds);
+	r.in.validation_level = NetlogonValidationGenericInfo2;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
+		"LogonSamLogon failed");
+
+	torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_LOGON_FAILURE, "LogonSamLogon failed");
+
+	torture_assert(tctx, netlogon_creds_client_check(creds, &r.out.return_authenticator->cred),
+		       "Credential chaining failed");
+
+	/* This will break the parsing nicely (even in the crypto wrapping), check we get INVALID_PARAMETER */
+	generic.length--;
+
+	logon.generic = &generic;
+
+	ZERO_STRUCT(auth2);
+	netlogon_creds_client_authenticator(creds, &auth);
+	r.in.credential = &auth;
+	r.in.return_authenticator = &auth2;
+	r.in.logon_level = NetlogonGenericInformation;
+	r.in.logon = &logon;
+	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.computer_name = cli_credentials_get_workstation(server_creds);
+	r.in.validation_level = NetlogonValidationGenericInfo2;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
+		"LogonSamLogon failed");
+
+	torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_INVALID_PARAMETER, "LogonSamLogon failed");
+
+	torture_assert(tctx, netlogon_creds_client_check(creds,
+							 &r.out.return_authenticator->cred),
+		       "Credential chaining failed");
+
+	pac_wrapped_struct.ChecksumLength = pac_data->pac_srv_sig->signature.length;
+	pac_wrapped_struct.SignatureType = pac_data->pac_kdc_sig->type;
+
+	/* Break the SignatureType */
+	pac_wrapped_struct.SignatureType++;
+
+	pac_wrapped_struct.SignatureLength = pac_data->pac_kdc_sig->signature.length;
+	pac_wrapped_struct.ChecksumAndSignature = payload
+		= data_blob_talloc(tctx, NULL,
+				   pac_wrapped_struct.ChecksumLength
+				   + pac_wrapped_struct.SignatureLength);
+	memcpy(&payload.data[0],
+	       pac_data->pac_srv_sig->signature.data,
+	       pac_wrapped_struct.ChecksumLength);
+	memcpy(&payload.data[pac_wrapped_struct.ChecksumLength],
+	       pac_data->pac_kdc_sig->signature.data,
+	       pac_wrapped_struct.SignatureLength);
+
+	ndr_err = ndr_push_struct_blob(&pac_wrapped, tctx, &pac_wrapped_struct,
+				       (ndr_push_flags_fn_t)ndr_push_PAC_Validate);
+	torture_assert(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), "ndr_push_struct_blob of PACValidate structure failed");
+
+	torture_assert(tctx, (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR), "not willing to even try a PACValidate without RC4 encryption");
+	if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+		netlogon_creds_aes_encrypt(creds, pac_wrapped.data, pac_wrapped.length);
+	} else {
+		netlogon_creds_arcfour_crypt(creds, pac_wrapped.data, pac_wrapped.length);
+	}
+
+	generic.length = pac_wrapped.length;
+	generic.data = pac_wrapped.data;
+
+	logon.generic = &generic;
+
+	ZERO_STRUCT(auth2);
+	netlogon_creds_client_authenticator(creds, &auth);
+	r.in.credential = &auth;
+	r.in.return_authenticator = &auth2;
+	r.in.logon_level = NetlogonGenericInformation;
+	r.in.logon = &logon;
+	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.computer_name = cli_credentials_get_workstation(server_creds);
+	r.in.validation_level = NetlogonValidationGenericInfo2;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
+		"LogonSamLogon failed");
+
+	torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_LOGON_FAILURE, "LogonSamLogon failed");
+
+	torture_assert(tctx, netlogon_creds_client_check(creds, &r.out.return_authenticator->cred),
+		       "Credential chaining failed");
+
+	pac_wrapped_struct.ChecksumLength = pac_data->pac_srv_sig->signature.length;
+	pac_wrapped_struct.SignatureType = pac_data->pac_kdc_sig->type;
+	pac_wrapped_struct.SignatureLength = pac_data->pac_kdc_sig->signature.length;
+
+	pac_wrapped_struct.ChecksumAndSignature = payload
+		= data_blob_talloc(tctx, NULL,
+				   pac_wrapped_struct.ChecksumLength
+				   + pac_wrapped_struct.SignatureLength);
+	memcpy(&payload.data[0],
+	       pac_data->pac_srv_sig->signature.data,
+	       pac_wrapped_struct.ChecksumLength);
+	memcpy(&payload.data[pac_wrapped_struct.ChecksumLength],
+	       pac_data->pac_kdc_sig->signature.data,
+	       pac_wrapped_struct.SignatureLength);
+
+	/* Break the signature length */
+	pac_wrapped_struct.SignatureLength++;
+
+	ndr_err = ndr_push_struct_blob(&pac_wrapped, tctx, &pac_wrapped_struct,
+				       (ndr_push_flags_fn_t)ndr_push_PAC_Validate);
+	torture_assert(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), "ndr_push_struct_blob of PACValidate structure failed");
+
+	torture_assert(tctx, (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR), "not willing to even try a PACValidate without RC4 encryption");
+	if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+		netlogon_creds_aes_encrypt(creds, pac_wrapped.data, pac_wrapped.length);
+	} else {
+		netlogon_creds_arcfour_crypt(creds, pac_wrapped.data, pac_wrapped.length);
+	}
+
+	generic.length = pac_wrapped.length;
+	generic.data = pac_wrapped.data;
+
+	logon.generic = &generic;
+
+	ZERO_STRUCT(auth2);
+	netlogon_creds_client_authenticator(creds, &auth);
+	r.in.credential = &auth;
+	r.in.return_authenticator = &auth2;
+	r.in.logon_level = NetlogonGenericInformation;
+	r.in.logon = &logon;
+	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.computer_name = cli_credentials_get_workstation(server_creds);
+	r.in.validation_level = NetlogonValidationGenericInfo2;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
+		"LogonSamLogon failed");
+
+	torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_INVALID_PARAMETER, "LogonSamLogon failed");
+
+	torture_assert(tctx, netlogon_creds_client_check(creds, &r.out.return_authenticator->cred),
+		       "Credential chaining failed");
+
+	return true;
+}
+
+static bool test_PACVerify_bdc_arcfour(struct torture_context *tctx,
+				       struct dcerpc_pipe *p,
+				       struct cli_credentials *credentials)
+{
+	return test_PACVerify(tctx, p, credentials, SEC_CHAN_BDC,
+			      TEST_MACHINE_NAME_BDC,
+			      NETLOGON_NEG_AUTH2_ADS_FLAGS);
+}
+
+static bool test_PACVerify_bdc_aes(struct torture_context *tctx,
+				   struct dcerpc_pipe *p,
+				   struct cli_credentials *credentials)
+{
+	return test_PACVerify(tctx, p, credentials, SEC_CHAN_BDC,
+			      TEST_MACHINE_NAME_BDC,
+			      NETLOGON_NEG_AUTH2_ADS_FLAGS | NETLOGON_NEG_SUPPORTS_AES);
+}
+
+static bool test_PACVerify_workstation_arcfour(struct torture_context *tctx,
+					       struct dcerpc_pipe *p,
+					       struct cli_credentials *credentials)
+{
+	return test_PACVerify(tctx, p, credentials, SEC_CHAN_WKSTA,
+			      TEST_MACHINE_NAME_WKSTA,
+			      NETLOGON_NEG_AUTH2_ADS_FLAGS);
+}
+
+static bool test_PACVerify_workstation_aes(struct torture_context *tctx,
+					   struct dcerpc_pipe *p,
+					   struct cli_credentials *credentials)
+{
+	return test_PACVerify(tctx, p, credentials, SEC_CHAN_WKSTA,
+			      TEST_MACHINE_NAME_WKSTA,
+			      NETLOGON_NEG_AUTH2_ADS_FLAGS | NETLOGON_NEG_SUPPORTS_AES);
+}
+
+#ifdef SAMBA4_USES_HEIMDAL
+static NTSTATUS check_primary_group_in_validation(TALLOC_CTX *mem_ctx,
+						  uint16_t validation_level,
+						  const union netr_Validation *validation)
+{
+	const struct netr_SamBaseInfo *base = NULL;
+	int i;
+	switch (validation_level) {
+	case 2:
+		if (!validation || !validation->sam2) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+		base = &validation->sam2->base;
+		break;
+	case 3:
+		if (!validation || !validation->sam3) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+		base = &validation->sam3->base;
+		break;
+	case 6:
+		if (!validation || !validation->sam6) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+		base = &validation->sam6->base;
+		break;
+	default:
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	for (i = 0; i < base->groups.count; i++) {
+		if (base->groups.rids[i].rid == base->primary_gid) {
+			return NT_STATUS_OK;
+		}
+	}
+	return NT_STATUS_INVALID_PARAMETER;
+}
+
+/* Check various ways to get the PAC, in particular check the group membership and
+ * other details between the PAC from a normal kinit, S4U2Self and a SamLogon */
+static bool test_S4U2Self(struct torture_context *tctx,
+			  struct dcerpc_pipe *p1,
+			  struct cli_credentials *credentials,
+			  enum netr_SchannelType secure_channel_type,
+			  const char *test_machine_name,
+			  uint32_t negotiate_flags)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p = NULL;
+	struct dcerpc_binding_handle *b = NULL;
+
+	struct netr_LogonSamLogon r;
+
+	union netr_LogonLevel logon;
+	union netr_Validation validation;
+	uint8_t authoritative;
+
+	struct netr_Authenticator auth, auth2;
+
+	DATA_BLOB client_to_server, server_to_client;
+
+	struct netlogon_creds_CredentialState *creds;
+	struct gensec_security *gensec_client_context;
+	struct gensec_security *gensec_server_context;
+	struct cli_credentials *client_creds;
+	struct cli_credentials *server_creds;
+
+	struct auth4_context *auth_context;
+	struct auth_session_info *kinit_session_info;
+	struct auth_session_info *s4u2self_session_info;
+	struct auth_user_info_dc *netlogon_user_info_dc;
+
+	struct netr_NetworkInfo ninfo = {};
+	DATA_BLOB names_blob, chal, lm_resp, nt_resp;
+	size_t i;
+	size_t j;
+	size_t k;
+	int flags = CLI_CRED_NTLMv2_AUTH;
+
+	struct dom_sid *builtin_domain;
+
+	struct dom_sid *ai_auth_authority = NULL;
+	struct dom_sid *ai_service = NULL;
+	struct dom_sid *ai_claims_valid = NULL;
+	size_t ai_auth_authority_count = 0;
+	size_t ai_service_count = 0;
+	size_t ai_claims_valid_count = 0;
+	size_t kinit_asserted_identity_index = 0;
+	size_t kinit_claims_valid_index = 0;
+	size_t s4u2self_asserted_identity_index = 0;
+	size_t s4u2self_claims_valid_index = 0;
+	bool ok;
+
+	TALLOC_CTX *tmp_ctx = talloc_new(tctx);
+
+	torture_assert(tctx, tmp_ctx != NULL, "talloc_new() failed");
+
+	torture_comment(tctx,
+		"Testing S4U2SELF (secure_channel_type: %d, machine: %s, negotiate_flags: 0x%08x\n",
+		secure_channel_type, test_machine_name, negotiate_flags);
+
+	/*
+	 * Copy the credentials in order to use a different MEMORY krb5 ccache
+	 * for each client/server setup. The MEMORY cache identifier is a
+	 * pointer to the creds container. If we copy it the pointer changes and
+	 * we will get a new clean memory cache.
+	 */
+	client_creds = cli_credentials_shallow_copy(tmp_ctx,
+					    samba_cmdline_get_creds());
+	torture_assert(tctx, client_creds, "Failed to copy of credentials");
+	/* We use cli_credentials_get_ntlm_response(), so relax krb5 requirements. */
+	cli_credentials_set_kerberos_state(client_creds,
+					   CRED_USE_KERBEROS_DESIRED,
+					   CRED_SPECIFIED);
+
+	server_creds = cli_credentials_shallow_copy(tmp_ctx,
+						    credentials);
+	torture_assert(tctx, server_creds, "Failed to copy of credentials");
+
+	if (!test_SetupCredentials2(p1, tctx, negotiate_flags,
+				    server_creds, secure_channel_type,
+				    &creds)) {
+		return false;
+	}
+	if (!test_SetupCredentialsPipe(p1, tctx, server_creds, creds,
+				       DCERPC_SIGN | DCERPC_SEAL, &p)) {
+		return false;
+	}
+	b = p->binding_handle;
+
+	auth_context = talloc_zero(tmp_ctx, struct auth4_context);
+	torture_assert(tctx, auth_context != NULL, "talloc_new() failed");
+
+	auth_context->generate_session_info_pac = test_generate_session_info_pac;
+
+	/* First, do a normal Kerberos connection */
+
+	status = gensec_client_start(tctx, &gensec_client_context,
+				     lpcfg_gensec_settings(tctx, tctx->lp_ctx));
+	torture_assert_ntstatus_ok(tctx, status, "gensec_client_start (client) failed");
+
+	status = gensec_set_target_hostname(gensec_client_context, test_machine_name);
+
+	status = gensec_set_credentials(gensec_client_context, client_creds);
+	torture_assert_ntstatus_ok(tctx, status, "gensec_set_credentials (client) failed");
+
+	status = gensec_start_mech_by_sasl_name(gensec_client_context, "GSSAPI");
+	torture_assert_ntstatus_ok(tctx, status, "gensec_start_mech_by_sasl_name (client) failed");
+
+	status = gensec_server_start(tctx,
+				     lpcfg_gensec_settings(tctx, tctx->lp_ctx),
+				     auth_context, &gensec_server_context);
+	torture_assert_ntstatus_ok(tctx, status, "gensec_server_start (server) failed");
+
+	status = gensec_set_credentials(gensec_server_context, server_creds);
+	torture_assert_ntstatus_ok(tctx, status, "gensec_set_credentials (server) failed");
+
+	status = gensec_start_mech_by_sasl_name(gensec_server_context, "GSSAPI");
+	torture_assert_ntstatus_ok(tctx, status, "gensec_start_mech_by_sasl_name (server) failed");
+
+	server_to_client = data_blob(NULL, 0);
+
+	do {
+		/* Do a client-server update dance */
+		status = gensec_update(gensec_client_context, tmp_ctx, server_to_client, &client_to_server);
+		if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {;
+			torture_assert_ntstatus_ok(tctx, status, "gensec_update (client) failed");
+		}
+
+		status = gensec_update(gensec_server_context, tmp_ctx, client_to_server, &server_to_client);
+		if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {;
+			torture_assert_ntstatus_ok(tctx, status, "gensec_update (server) failed");
+		}
+
+		if (NT_STATUS_IS_OK(status)) {
+			break;
+		}
+	} while (1);
+
+	/* Extract the PAC using Samba's code */
+
+	status = gensec_session_info(gensec_server_context, gensec_server_context, &kinit_session_info);
+	torture_assert_ntstatus_ok(tctx, status, "gensec_session_info failed");
+
+
+	/* Now do the dance with S4U2Self */
+
+	/* Wipe out any existing ccache */
+	cli_credentials_invalidate_ccache(client_creds, CRED_SPECIFIED);
+	cli_credentials_invalidate_ccache(server_creds, CRED_SPECIFIED);
+	cli_credentials_set_impersonate_principal(server_creds,
+			cli_credentials_get_principal(client_creds, tmp_ctx),
+			talloc_asprintf(tmp_ctx, "host/%s", test_machine_name));
+
+	status = gensec_client_start(tctx, &gensec_client_context,
+				     lpcfg_gensec_settings(tctx, tctx->lp_ctx));
+	torture_assert_ntstatus_ok(tctx, status, "gensec_client_start (client) failed");
+
+	status = gensec_set_target_hostname(gensec_client_context, test_machine_name);
+
+	/* We now set the same credentials on both client and server contexts */
+	status = gensec_set_credentials(gensec_client_context, server_creds);
+	torture_assert_ntstatus_ok(tctx, status, "gensec_set_credentials (client) failed");
+
+	status = gensec_start_mech_by_sasl_name(gensec_client_context, "GSSAPI");
+	torture_assert_ntstatus_ok(tctx, status, "gensec_start_mech_by_sasl_name (client) failed");
+
+	status = gensec_server_start(tctx,
+				     lpcfg_gensec_settings(tctx, tctx->lp_ctx),
+				     auth_context, &gensec_server_context);
+	torture_assert_ntstatus_ok(tctx, status, "gensec_server_start (server) failed");
+
+	status = gensec_set_credentials(gensec_server_context, server_creds);
+	torture_assert_ntstatus_ok(tctx, status, "gensec_set_credentials (server) failed");
+
+	status = gensec_start_mech_by_sasl_name(gensec_server_context, "GSSAPI");
+	torture_assert_ntstatus_ok(tctx, status, "gensec_start_mech_by_sasl_name (server) failed");
+
+	server_to_client = data_blob(NULL, 0);
+
+	do {
+		/* Do a client-server update dance */
+		status = gensec_update(gensec_client_context, tmp_ctx, server_to_client, &client_to_server);
+		if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {;
+			torture_assert_ntstatus_ok(tctx, status, "gensec_update (client) failed");
+		}
+
+		status = gensec_update(gensec_server_context, tmp_ctx, client_to_server, &server_to_client);
+		if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {;
+			torture_assert_ntstatus_ok(tctx, status, "gensec_update (server) failed");
+		}
+
+		if (NT_STATUS_IS_OK(status)) {
+			break;
+		}
+	} while (1);
+
+	/* Don't pollute the remaining tests with the changed credentials */
+	cli_credentials_invalidate_ccache(server_creds, CRED_SPECIFIED);
+	cli_credentials_set_target_service(server_creds, NULL);
+	cli_credentials_set_impersonate_principal(server_creds, NULL, NULL);
+
+	/* Extract the PAC using Samba's code */
+
+	status = gensec_session_info(gensec_server_context, gensec_server_context, &s4u2self_session_info);
+	torture_assert_ntstatus_ok(tctx, status, "gensec_session_info failed");
+
+	cli_credentials_get_ntlm_username_domain(client_creds, tctx,
+						 &ninfo.identity_info.account_name.string,
+						 &ninfo.identity_info.domain_name.string);
+
+	/* Now try with SamLogon */
+	generate_random_buffer(ninfo.challenge,
+			       sizeof(ninfo.challenge));
+	chal = data_blob_const(ninfo.challenge,
+			       sizeof(ninfo.challenge));
+
+	names_blob = NTLMv2_generate_names_blob(tctx, cli_credentials_get_workstation(server_creds),
+						cli_credentials_get_domain(server_creds));
+
+	status = cli_credentials_get_ntlm_response(client_creds, tctx,
+						   &flags,
+						   chal,
+						   NULL, /* server_timestamp */
+						   names_blob,
+						   &lm_resp, &nt_resp,
+						   NULL, NULL);
+	torture_assert_ntstatus_ok(tctx, status, "cli_credentials_get_ntlm_response failed");
+
+	ninfo.lm.data = lm_resp.data;
+	ninfo.lm.length = lm_resp.length;
+
+	ninfo.nt.data = nt_resp.data;
+	ninfo.nt.length = nt_resp.length;
+
+	ninfo.identity_info.parameter_control = 0;
+	ninfo.identity_info.logon_id = 0;
+	ninfo.identity_info.workstation.string = cli_credentials_get_workstation(server_creds);
+
+	logon.network = &ninfo;
+
+	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.computer_name = cli_credentials_get_workstation(server_creds);
+	r.in.credential = &auth;
+	r.in.return_authenticator = &auth2;
+	r.in.logon_level = NetlogonNetworkInformation;
+	r.in.logon = &logon;
+	r.out.validation = &validation;
+	r.out.authoritative = &authoritative;
+
+	ZERO_STRUCT(auth2);
+	netlogon_creds_client_authenticator(creds, &auth);
+
+	r.in.validation_level = 3;
+
+	status = dcerpc_netr_LogonSamLogon_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "LogonSamLogon failed");
+
+	torture_assert(tctx, netlogon_creds_client_check(creds,
+							 &r.out.return_authenticator->cred),
+		       "Credential chaining failed");
+
+	torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed");
+
+	status = make_user_info_dc_netlogon_validation(tmp_ctx,
+						      ninfo.identity_info.account_name.string,
+						      r.in.validation_level,
+						      r.out.validation,
+							  true, /* This user was authenticated */
+						      &netlogon_user_info_dc);
+
+	torture_assert_ntstatus_ok(tctx, status, "make_user_info_dc_netlogon_validation failed");
+
+	/* Check that the primary group is present in validation's RID array */
+	status = check_primary_group_in_validation(tmp_ctx, r.in.validation_level, r.out.validation);
+	torture_assert_ntstatus_ok(tctx, status, "check_primary_group_in_validation failed");
+
+	torture_assert_str_equal(tctx, netlogon_user_info_dc->info->account_name == NULL ? "" : netlogon_user_info_dc->info->account_name,
+				 kinit_session_info->info->account_name, "Account name differs for kinit-based PAC");
+	torture_assert_str_equal(tctx,netlogon_user_info_dc->info->account_name == NULL ? "" : netlogon_user_info_dc->info->account_name,
+				 s4u2self_session_info->info->account_name, "Account name differs for S4U2Self");
+	torture_assert_str_equal(tctx, netlogon_user_info_dc->info->full_name == NULL ? "" : netlogon_user_info_dc->info->full_name, kinit_session_info->info->full_name, "Full name differs for kinit-based PAC");
+	torture_assert_str_equal(tctx, netlogon_user_info_dc->info->full_name == NULL ? "" : netlogon_user_info_dc->info->full_name, s4u2self_session_info->info->full_name, "Full name differs for S4U2Self");
+
+	builtin_domain = dom_sid_parse_talloc(tmp_ctx, SID_BUILTIN);
+	torture_assert_not_null(tctx, builtin_domain, "failed to parse SID");
+
+	/* KRB5 might have an additional sid, the asserted identity */
+	ai_auth_authority = dom_sid_parse_talloc(
+			tmp_ctx,
+			SID_AUTHENTICATION_AUTHORITY_ASSERTED_IDENTITY);
+	torture_assert_not_null(tctx, ai_auth_authority, "failed to parse SID");
+
+	ai_service = dom_sid_parse_talloc(
+			tmp_ctx,
+			SID_SERVICE_ASSERTED_IDENTITY);
+	torture_assert_not_null(tctx, ai_service, "failed to parse SID");
+
+	/* ...and the Claims Valid SID. */
+	ai_claims_valid = dom_sid_parse_talloc(
+			tmp_ctx,
+			SID_CLAIMS_VALID);
+	torture_assert_not_null(tctx, ai_claims_valid, "failed to parse SID");
+
+	ai_auth_authority_count = 0;
+	ai_service_count = 0;
+	ai_claims_valid_count = 0;
+	for (i = 0; i < kinit_session_info->torture->num_dc_sids; i++) {
+		ok = dom_sid_equal(&kinit_session_info->torture->dc_sids[i].sid,
+				   ai_auth_authority);
+		if (ok) {
+			ai_auth_authority_count++;
+			kinit_asserted_identity_index = i;
+		}
+
+		ok = dom_sid_equal(&kinit_session_info->torture->dc_sids[i].sid,
+				   ai_service);
+		if (ok) {
+			ai_service_count++;
+			kinit_asserted_identity_index = i;
+		}
+
+		ok = dom_sid_equal(&kinit_session_info->torture->dc_sids[i].sid,
+				   ai_claims_valid);
+		if (ok) {
+			ai_claims_valid_count++;
+			kinit_claims_valid_index = i;
+		}
+	}
+
+	torture_assert_int_equal(tctx, ai_auth_authority_count, 1,
+		"Kinit authority asserted identity should be (1)");
+	torture_assert_int_equal(tctx, ai_service_count, 0,
+		"Kinit service asserted identity should be (0)");
+	torture_assert_int_equal(tctx, ai_claims_valid_count, 1,
+		"Kinit Claims Valid should be (1)");
+
+	ai_auth_authority_count = 0;
+	ai_service_count = 0;
+	ai_claims_valid_count = 0;
+	for (i = 0; i < s4u2self_session_info->torture->num_dc_sids; i++) {
+		ok = dom_sid_equal(&s4u2self_session_info->torture->dc_sids[i].sid,
+				   ai_auth_authority);
+		if (ok) {
+			ai_auth_authority_count++;
+			s4u2self_asserted_identity_index = i;
+		}
+
+		ok = dom_sid_equal(&s4u2self_session_info->torture->dc_sids[i].sid,
+				   ai_service);
+		if (ok) {
+			ai_service_count++;
+			s4u2self_asserted_identity_index = i;
+		}
+
+		ok = dom_sid_equal(&s4u2self_session_info->torture->dc_sids[i].sid,
+				   ai_claims_valid);
+		if (ok) {
+			ai_claims_valid_count++;
+			s4u2self_claims_valid_index = i;
+		}
+	}
+
+	torture_assert_int_equal(tctx, ai_auth_authority_count, 0,
+		"S4U2Self authority asserted identity should be (0)");
+	torture_assert_int_equal(tctx, ai_service_count, 1,
+		"S4U2Self service asserted identity should be (1)");
+	torture_assert_int_equal(tctx, ai_claims_valid_count, 1,
+		"S4U2Self Claims Valid should be (1)");
+
+	/*
+	 * Subtract 2 to account for the Asserted Identity and Claims Valid
+	 * SIDs.
+	 */
+	torture_assert_int_equal(tctx, netlogon_user_info_dc->num_sids, kinit_session_info->torture->num_dc_sids - 2, "Different numbers of domain groups for kinit-based PAC");
+	torture_assert_int_equal(tctx, netlogon_user_info_dc->num_sids, s4u2self_session_info->torture->num_dc_sids - 2, "Different numbers of domain groups for S4U2Self");
+
+	/* Loop over all three SID arrays. */
+	for (i = 0, j = 0, k = 0; i < netlogon_user_info_dc->num_sids; i++, j++, k++) {
+		while (j == kinit_asserted_identity_index || j == kinit_claims_valid_index) {
+			/* Skip over the asserted identity and Claims Valid SIDs. */
+			++j;
+		}
+		while (k == s4u2self_asserted_identity_index || k == s4u2self_claims_valid_index) {
+			/* Skip over the asserted identity and Claims Valid SIDs. */
+			++k;
+		}
+		torture_assert_sid_equal(tctx, &netlogon_user_info_dc->sids[i].sid, &kinit_session_info->torture->dc_sids[j].sid, "Different domain groups for kinit-based PAC");
+		torture_assert_u32_equal(tctx, netlogon_user_info_dc->sids[i].attrs, kinit_session_info->torture->dc_sids[j].attrs, "Different domain group attrs for kinit-based PAC");
+		torture_assert_sid_equal(tctx, &netlogon_user_info_dc->sids[i].sid, &s4u2self_session_info->torture->dc_sids[k].sid, "Different domain groups for S4U2Self");
+		torture_assert_u32_equal(tctx, netlogon_user_info_dc->sids[i].attrs, s4u2self_session_info->torture->dc_sids[k].attrs, "Different domain group attrs for S4U2Self");
+		torture_assert(tctx, !dom_sid_in_domain(builtin_domain, &s4u2self_session_info->torture->dc_sids[k].sid), "Returned BUILTIN domain in groups for S4U2Self");
+		torture_assert(tctx, !dom_sid_in_domain(builtin_domain, &kinit_session_info->torture->dc_sids[j].sid), "Returned BUILTIN domain in groups kinit-based PAC");
+		torture_assert(tctx, !dom_sid_in_domain(builtin_domain, &netlogon_user_info_dc->sids[i].sid), "Returned BUILTIN domain in groups from NETLOGON SamLogon reply");
+	}
+
+	return true;
+}
+
+static bool test_S4U2Self_bdc_arcfour(struct torture_context *tctx,
+				      struct dcerpc_pipe *p,
+				      struct cli_credentials *credentials)
+{
+	return test_S4U2Self(tctx, p, credentials, SEC_CHAN_BDC,
+			     TEST_MACHINE_NAME_S4U2SELF_BDC,
+			     NETLOGON_NEG_AUTH2_ADS_FLAGS);
+}
+
+static bool test_S4U2Self_bdc_aes(struct torture_context *tctx,
+				  struct dcerpc_pipe *p,
+				  struct cli_credentials *credentials)
+{
+	return test_S4U2Self(tctx, p, credentials, SEC_CHAN_BDC,
+			     TEST_MACHINE_NAME_S4U2SELF_BDC,
+			     NETLOGON_NEG_AUTH2_ADS_FLAGS | NETLOGON_NEG_SUPPORTS_AES);
+}
+
+static bool test_S4U2Self_workstation_arcfour(struct torture_context *tctx,
+					      struct dcerpc_pipe *p,
+					      struct cli_credentials *credentials)
+{
+	return test_S4U2Self(tctx, p, credentials, SEC_CHAN_WKSTA,
+			     TEST_MACHINE_NAME_S4U2SELF_WKSTA,
+			     NETLOGON_NEG_AUTH2_ADS_FLAGS);
+}
+
+static bool test_S4U2Self_workstation_aes(struct torture_context *tctx,
+					  struct dcerpc_pipe *p,
+					  struct cli_credentials *credentials)
+{
+	return test_S4U2Self(tctx, p, credentials, SEC_CHAN_WKSTA,
+			     TEST_MACHINE_NAME_S4U2SELF_WKSTA,
+			     NETLOGON_NEG_AUTH2_ADS_FLAGS | NETLOGON_NEG_SUPPORTS_AES);
+}
+
+static bool test_S4U2Proxy(struct torture_context *tctx,
+			   struct dcerpc_pipe *p,
+			   struct cli_credentials *credentials,
+			   enum netr_SchannelType secure_channel_type,
+			   const char *test_machine_name,
+			   uint32_t negotiate_flags)
+{
+	NTSTATUS status;
+	struct gensec_security *gensec_client_context = NULL;
+	struct gensec_security *gensec_server_context = NULL;
+	struct cli_credentials *server_creds = NULL;
+	size_t num_pac_buffers;
+	struct auth4_context *auth_context = NULL;
+	struct auth_session_info *session_info = NULL;
+	struct pac_data *pac_data = NULL;
+	const struct PAC_BUFFER *pac_buf = NULL;
+	char *impersonate_princ = NULL, *self_princ = NULL, *target_princ = NULL;
+	enum ndr_err_code ndr_err;
+	struct PAC_DATA pac_data_struct;
+	struct PAC_CONSTRAINED_DELEGATION *deleg = NULL;
+
+	DATA_BLOB client_to_server, server_to_client;
+
+	auth_context = talloc_zero(tctx, struct auth4_context);
+	torture_assert_not_null(tctx, auth_context, "talloc_new() failed");
+
+	auth_context->generate_session_info_pac = test_generate_session_info_pac;
+
+	torture_comment(tctx,
+		"Testing S4U2Proxy (secure_channel_type: %d, machine: %s, negotiate_flags: 0x%08x\n",
+		secure_channel_type, test_machine_name, negotiate_flags);
+
+	impersonate_princ = cli_credentials_get_principal(samba_cmdline_get_creds(), tctx);
+	torture_assert_not_null(tctx, impersonate_princ, "Failed to get impersonate client name");
+
+	server_creds = cli_credentials_shallow_copy(tctx, credentials);
+	torture_assert_not_null(tctx, server_creds, "Failed to copy of credentials");
+
+	self_princ = talloc_asprintf(tctx, "host/%s", test_machine_name);
+	cli_credentials_invalidate_ccache(server_creds, CRED_SPECIFIED);
+	cli_credentials_set_impersonate_principal(server_creds, impersonate_princ, self_princ);
+
+	/* Trigger S4U2Proxy by setting a target_service different than self_principal */
+	target_princ = talloc_asprintf(tctx, "%s$", test_machine_name);
+	cli_credentials_set_target_service(server_creds, target_princ);
+
+	status = gensec_client_start(tctx, &gensec_client_context,
+				     lpcfg_gensec_settings(tctx, tctx->lp_ctx));
+	torture_assert_ntstatus_ok(tctx, status, "gensec_client_start (client) failed");
+
+	status = gensec_set_target_principal(gensec_client_context, target_princ);
+	torture_assert_ntstatus_ok(tctx, status, "gensec_set_target_hostname (client) failed");
+
+	/* We now set the same credentials on both client and server contexts */
+	status = gensec_set_credentials(gensec_client_context, server_creds);
+	torture_assert_ntstatus_ok(tctx, status, "gensec_set_credentials (client) failed");
+
+	status = gensec_start_mech_by_sasl_name(gensec_client_context, "GSSAPI");
+	torture_assert_ntstatus_ok(tctx, status, "gensec_start_mech_by_sasl_name (client) failed");
+
+	status = gensec_server_start(tctx,
+				     lpcfg_gensec_settings(tctx, tctx->lp_ctx),
+				     auth_context, &gensec_server_context);
+	torture_assert_ntstatus_ok(tctx, status, "gensec_server_start (server) failed");
+
+	status = gensec_set_credentials(gensec_server_context, server_creds);
+	torture_assert_ntstatus_ok(tctx, status, "gensec_set_credentials (server) failed");
+
+	status = gensec_start_mech_by_sasl_name(gensec_server_context, "GSSAPI");
+	torture_assert_ntstatus_ok(tctx, status, "gensec_start_mech_by_sasl_name (server) failed");
+
+	server_to_client = data_blob(NULL, 0);
+
+	do {
+		/* Do a client-server update dance */
+		status = gensec_update(gensec_client_context, tctx, server_to_client, &client_to_server);
+		if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {;
+			torture_assert_ntstatus_ok(tctx, status, "gensec_update (client) failed");
+		}
+
+		status = gensec_update(gensec_server_context, tctx, client_to_server, &server_to_client);
+		if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {;
+			torture_assert_ntstatus_ok(tctx, status, "gensec_update (server) failed");
+		}
+
+		if (NT_STATUS_IS_OK(status)) {
+			break;
+		}
+	} while (1);
+
+	/* Extract the PAC using Samba's code */
+
+	status = gensec_session_info(gensec_server_context, gensec_server_context, &session_info);
+	torture_assert_ntstatus_ok(tctx, status, "gensec_session_info failed");
+
+	pac_data = talloc_get_type(auth_context->private_data, struct pac_data);
+
+	torture_assert_not_null(tctx, pac_data, "gensec_update failed to fill in pac_data in auth_context");
+	torture_assert_not_null(tctx, pac_data->pac_srv_sig, "pac_srv_sig not present");
+	torture_assert_not_null(tctx, pac_data->pac_kdc_sig, "pac_kdc_sig not present");
+
+	ndr_err = ndr_pull_struct_blob(&pac_data->pac_blob, tctx, &pac_data_struct,
+				       (ndr_pull_flags_fn_t)ndr_pull_PAC_DATA);
+	torture_assert(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), "ndr_pull_struct_blob of PAC_DATA structure failed");
+
+	num_pac_buffers = 9;
+
+	torture_assert_int_equal(tctx, pac_data_struct.version, 0, "version");
+	torture_assert_int_equal(tctx, pac_data_struct.num_buffers, num_pac_buffers, "num_buffers");
+
+	pac_buf = get_pac_buffer(&pac_data_struct, PAC_TYPE_LOGON_INFO);
+	torture_assert_not_null(tctx, pac_buf, "PAC_TYPE_LOGON_INFO");
+	torture_assert_not_null(tctx, pac_buf->info, "PAC_TYPE_LOGON_INFO info");
+
+	pac_buf = get_pac_buffer(&pac_data_struct, PAC_TYPE_LOGON_NAME);
+	torture_assert_not_null(tctx, pac_buf, "PAC_TYPE_LOGON_NAME");
+	torture_assert_not_null(tctx, pac_buf->info, "PAC_TYPE_LOGON_NAME info");
+
+	pac_buf = get_pac_buffer(&pac_data_struct, PAC_TYPE_UPN_DNS_INFO);
+	torture_assert_not_null(tctx, pac_buf, "PAC_TYPE_UPN_DNS_INFO");
+	torture_assert_not_null(tctx, pac_buf->info, "PAC_TYPE_UPN_DNS_INFO info");
+
+	pac_buf = get_pac_buffer(&pac_data_struct, PAC_TYPE_SRV_CHECKSUM);
+	torture_assert_not_null(tctx, pac_buf, "PAC_TYPE_SRV_CHECKSUM");
+	torture_assert_not_null(tctx, pac_buf->info, "PAC_TYPE_SRV_CHECKSUM info");
+
+	pac_buf = get_pac_buffer(&pac_data_struct, PAC_TYPE_KDC_CHECKSUM);
+	torture_assert_not_null(tctx, pac_buf, "PAC_TYPE_KDC_CHECKSUM");
+	torture_assert_not_null(tctx, pac_buf->info, "PAC_TYPE_KDC_CHECKSUM info");
+
+	pac_buf = get_pac_buffer(&pac_data_struct, PAC_TYPE_TICKET_CHECKSUM);
+	torture_assert_not_null(tctx, pac_buf, "PAC_TYPE_TICKET_CHECKSUM");
+	torture_assert_not_null(tctx, pac_buf->info, "PAC_TYPE_TICKET_CHECKSUM info");
+
+	pac_buf = get_pac_buffer(&pac_data_struct, PAC_TYPE_FULL_CHECKSUM);
+	torture_assert_not_null(tctx, pac_buf, "PAC_TYPE_FULL_CHECKSUM");
+	torture_assert_not_null(tctx, pac_buf->info, "PAC_TYPE_FULL_CHECKSUM info");
+
+	pac_buf = get_pac_buffer(&pac_data_struct, PAC_TYPE_CLIENT_CLAIMS_INFO);
+	torture_assert_not_null(tctx, pac_buf, "PAC_TYPE_CLIENT_CLAIMS_INFO");
+	torture_assert_not_null(tctx, pac_buf->info, "PAC_TYPE_CLIENT_CLAIMS_INFO info");
+
+	pac_buf = get_pac_buffer(&pac_data_struct, PAC_TYPE_CONSTRAINED_DELEGATION);
+	torture_assert_not_null(tctx, pac_buf, "PAC_TYPE_CONSTRAINED_DELEGATION");
+	torture_assert_not_null(tctx, pac_buf->info, "PAC_TYPE_CONSTRAINED_DELEGATION info");
+
+	deleg = pac_buf->info->constrained_delegation.info;
+	torture_assert_str_equal(tctx, deleg->proxy_target.string, target_princ, "wrong proxy_target");
+	torture_assert_int_equal(tctx, deleg->num_transited_services, 1, "wrong transited_services number");
+	torture_assert_str_equal(tctx, deleg->transited_services[0].string,
+				 talloc_asprintf(tctx, "%s@%s", self_princ, cli_credentials_get_realm(credentials)),
+				 "wrong transited_services[0]");
+
+	return netlogon_validate_pac(tctx, p, server_creds, secure_channel_type, test_machine_name,
+				     negotiate_flags, pac_data, session_info);
+}
+
+static bool setup_constrained_delegation(struct torture_context *tctx,
+					 struct dcerpc_pipe *p,
+					 struct test_join *join_ctx,
+					 const char *machine_name)
+{
+	struct samr_SetUserInfo r;
+	union samr_UserInfo user_info;
+	struct dcerpc_pipe *samr_pipe = torture_join_samr_pipe(join_ctx);
+	const char *server_dn_str = NULL;
+	struct ldb_context *sam_ctx = NULL;
+	struct ldb_dn *server_dn = NULL;
+	struct ldb_message *msg = NULL;
+	char *url = NULL;
+	int ret;
+
+	url = talloc_asprintf(tctx, "ldap://%s", dcerpc_server_name(p));
+	sam_ctx = ldb_wrap_connect(tctx, tctx->ev, tctx->lp_ctx, url, NULL, samba_cmdline_get_creds(), 0);
+	torture_assert_not_null(tctx, sam_ctx, "Connection to the SAMDB on DC failed!");
+
+	server_dn_str = samdb_search_string(sam_ctx, tctx, ldb_get_default_basedn(sam_ctx), "distinguishedName",
+					    "samaccountname=%s$", machine_name);
+	torture_assert_not_null(tctx, server_dn_str, "samdb_search_string()");
+
+	server_dn = ldb_dn_new(tctx, sam_ctx, server_dn_str);
+	torture_assert_not_null(tctx, server_dn, "ldb_dn_new()");
+
+	msg = ldb_msg_new(tctx);
+	torture_assert_not_null(tctx, msg, "ldb_msg_new()");
+
+	msg->dn = server_dn;
+	ret = ldb_msg_add_string(msg, "msDS-AllowedToDelegateTo", talloc_asprintf(tctx, "%s$", machine_name));
+	torture_assert_int_equal(tctx, ret, 0, "ldb_msg_add_string())");
+
+	ret = ldb_modify(sam_ctx, msg);
+	torture_assert_int_equal(tctx, ret, 0, "ldb_modify()");
+
+	/* Allow forwardable flag in S4U2Self */
+	user_info.info16.acct_flags = ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION | ACB_WSTRUST;
+	r.in.user_handle = torture_join_samr_user_policy(join_ctx);
+	r.in.level = 16;
+	r.in.info = &user_info;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo_r(samr_pipe->binding_handle, tctx, &r),
+		"failed to set ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION info account flags");
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+		"failed to set ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION into account flags");
+
+	return true;
+}
+
+static bool test_S4U2Proxy_workstation_arcfour(struct torture_context *tctx,
+					       struct dcerpc_pipe *p,
+					       struct cli_credentials *credentials,
+					       struct test_join *join_ctx)
+{
+	torture_assert(tctx, setup_constrained_delegation(tctx, p, join_ctx,
+							  TEST_MACHINE_NAME_S4U2PROXY_WKSTA),
+							  "setup_constrained_delegation() failed");
+	return test_S4U2Proxy(tctx, p, credentials, SEC_CHAN_WKSTA,
+			      TEST_MACHINE_NAME_S4U2PROXY_WKSTA,
+			      NETLOGON_NEG_AUTH2_ADS_FLAGS);
+}
+
+static bool test_S4U2Proxy_workstation_aes(struct torture_context *tctx,
+					   struct dcerpc_pipe *p,
+					   struct cli_credentials *credentials,
+					   struct test_join *join_ctx)
+{
+	torture_assert(tctx, setup_constrained_delegation(tctx, p, join_ctx,
+							  TEST_MACHINE_NAME_S4U2PROXY_WKSTA),
+							  "setup_constrained_delegation() failed");
+	return test_S4U2Proxy(tctx, p, credentials, SEC_CHAN_WKSTA,
+			      TEST_MACHINE_NAME_S4U2PROXY_WKSTA,
+			      NETLOGON_NEG_AUTH2_ADS_FLAGS | NETLOGON_NEG_SUPPORTS_AES);
+}
+#endif
+
+struct torture_suite *torture_rpc_remote_pac(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "pac");
+	struct torture_rpc_tcase *tcase;
+
+	tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, "netr-bdc-arcfour",
+							      &ndr_table_netlogon, TEST_MACHINE_NAME_BDC);
+	torture_rpc_tcase_add_test_creds(tcase, "verify-sig-arcfour", test_PACVerify_bdc_arcfour);
+
+	tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, "netr-bdc-aes",
+							      &ndr_table_netlogon, TEST_MACHINE_NAME_BDC);
+	torture_rpc_tcase_add_test_creds(tcase, "verify-sig-aes", test_PACVerify_bdc_aes);
+
+	tcase = torture_suite_add_machine_workstation_rpc_iface_tcase(suite, "netr-mem-arcfour",
+								      &ndr_table_netlogon, TEST_MACHINE_NAME_WKSTA);
+	torture_rpc_tcase_add_test_creds(tcase, "verify-sig-arcfour", test_PACVerify_workstation_arcfour);
+
+	tcase = torture_suite_add_machine_workstation_rpc_iface_tcase(suite, "netr-mem-aes",
+								      &ndr_table_netlogon, TEST_MACHINE_NAME_WKSTA);
+	torture_rpc_tcase_add_test_creds(tcase, "verify-sig-aes", test_PACVerify_workstation_aes);
+
+#ifdef SAMBA4_USES_HEIMDAL
+	tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, "netr-bdc-arcfour",
+							      &ndr_table_netlogon, TEST_MACHINE_NAME_S4U2SELF_BDC);
+	torture_rpc_tcase_add_test_creds(tcase, "s4u2self-arcfour", test_S4U2Self_bdc_arcfour);
+
+	tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, "netr-bcd-aes",
+							      &ndr_table_netlogon, TEST_MACHINE_NAME_S4U2SELF_BDC);
+	torture_rpc_tcase_add_test_creds(tcase, "s4u2self-aes", test_S4U2Self_bdc_aes);
+
+	tcase = torture_suite_add_machine_workstation_rpc_iface_tcase(suite, "netr-mem-arcfour",
+								      &ndr_table_netlogon, TEST_MACHINE_NAME_S4U2SELF_WKSTA);
+	torture_rpc_tcase_add_test_creds(tcase, "s4u2self-arcfour", test_S4U2Self_workstation_arcfour);
+
+	tcase = torture_suite_add_machine_workstation_rpc_iface_tcase(suite, "netr-mem-aes",
+								      &ndr_table_netlogon, TEST_MACHINE_NAME_S4U2SELF_WKSTA);
+	torture_rpc_tcase_add_test_creds(tcase, "s4u2self-aes", test_S4U2Self_workstation_aes);
+
+	tcase = torture_suite_add_machine_workstation_rpc_iface_tcase(suite, "netr-mem-arcfour",
+								      &ndr_table_netlogon, TEST_MACHINE_NAME_S4U2PROXY_WKSTA);
+	torture_rpc_tcase_add_test_join(tcase, "s4u2proxy-arcfour", test_S4U2Proxy_workstation_arcfour);
+
+	tcase = torture_suite_add_machine_workstation_rpc_iface_tcase(suite, "netr-mem-aes",
+								      &ndr_table_netlogon, TEST_MACHINE_NAME_S4U2PROXY_WKSTA);
+	torture_rpc_tcase_add_test_join(tcase, "s4u2proxy-aes", test_S4U2Proxy_workstation_aes);
+#endif
+	return suite;
+}
diff --git a/source4/torture/rpc/rpc.c b/source4/torture/rpc/rpc.c
new file mode 100644
index 0000000..ea214e0
--- /dev/null
+++ b/source4/torture/rpc/rpc.c
@@ -0,0 +1,661 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB torture tester
+   Copyright (C) Andrew Tridgell 1997-2003
+   Copyright (C) Jelmer Vernooij 2006
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/cmdline/cmdline.h"
+#include "torture/rpc/torture_rpc.h"
+#include "torture/smbtorture.h"
+#include "librpc/ndr/ndr_table.h"
+#include "../lib/util/dlinklist.h"
+
+static bool torture_rpc_teardown (struct torture_context *tcase,
+					  void *data)
+{
+	struct torture_rpc_tcase_data *tcase_data =
+		(struct torture_rpc_tcase_data *)data;
+	if (tcase_data->join_ctx != NULL)
+	    torture_leave_domain(tcase, tcase_data->join_ctx);
+	talloc_free(tcase_data);
+	return true;
+}
+
+/**
+ * Obtain the DCE/RPC binding context associated with a torture context.
+ *
+ * @param tctx Torture context
+ * @param binding Pointer to store DCE/RPC binding
+ */
+NTSTATUS torture_rpc_binding(struct torture_context *tctx,
+			     struct dcerpc_binding **binding)
+{
+	NTSTATUS status;
+	const char *binding_string = torture_setting_string(tctx, "binding",
+							    NULL);
+
+	if (binding_string == NULL) {
+		torture_comment(tctx,
+				"You must specify a DCE/RPC binding string\n");
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	status = dcerpc_parse_binding(tctx, binding_string, binding);
+	if (NT_STATUS_IS_ERR(status)) {
+		torture_comment(tctx,
+				"Failed to parse dcerpc binding '%s'\n",
+				binding_string);
+		return status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/**
+ * open a rpc connection to the chosen binding string
+ */
+_PUBLIC_ NTSTATUS torture_rpc_connection(struct torture_context *tctx,
+				struct dcerpc_pipe **p,
+				const struct ndr_interface_table *table)
+{
+	NTSTATUS status;
+	struct dcerpc_binding *binding;
+
+	status = torture_rpc_binding(tctx, &binding);
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	return torture_rpc_connection_with_binding(tctx, binding, p, table);
+}
+
+/**
+ * open a rpc connection to the chosen binding string
+ */
+_PUBLIC_ NTSTATUS torture_rpc_connection_with_binding(struct torture_context *tctx,
+						      struct dcerpc_binding *binding,
+						      struct dcerpc_pipe **p,
+						      const struct ndr_interface_table *table)
+{
+	NTSTATUS status;
+
+	dcerpc_init();
+
+	status = dcerpc_pipe_connect_b(tctx,
+				     p, binding, table,
+				     samba_cmdline_get_creds(),
+					tctx->ev, tctx->lp_ctx);
+
+	if (NT_STATUS_IS_ERR(status)) {
+		torture_warning(tctx, "Failed to connect to remote server: %s %s\n",
+			   dcerpc_binding_string(tctx, binding), nt_errstr(status));
+	}
+
+	return status;
+}
+
+/**
+ * open a rpc connection to a specific transport
+ */
+NTSTATUS torture_rpc_connection_transport(struct torture_context *tctx,
+					  struct dcerpc_pipe **p,
+					  const struct ndr_interface_table *table,
+					  enum dcerpc_transport_t transport,
+					  uint32_t assoc_group_id,
+					  uint32_t extra_flags)
+{
+	NTSTATUS status;
+	struct dcerpc_binding *binding;
+
+	*p = NULL;
+
+	status = torture_rpc_binding(tctx, &binding);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	status = dcerpc_binding_set_transport(binding, transport);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	status = dcerpc_binding_set_assoc_group_id(binding, assoc_group_id);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	status = dcerpc_binding_set_flags(binding, extra_flags, 0);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	status = dcerpc_pipe_connect_b(tctx, p, binding, table,
+				       samba_cmdline_get_creds(),
+				       tctx->ev, tctx->lp_ctx);
+	if (!NT_STATUS_IS_OK(status)) {
+		*p = NULL;
+		return status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+static bool torture_rpc_setup_machine_workstation(struct torture_context *tctx,
+						  void **data)
+{
+	NTSTATUS status;
+	struct dcerpc_binding *binding;
+	struct torture_rpc_tcase *tcase = talloc_get_type(tctx->active_tcase,
+						struct torture_rpc_tcase);
+	struct torture_rpc_tcase_data *tcase_data;
+
+	status = torture_rpc_binding(tctx, &binding);
+	if (NT_STATUS_IS_ERR(status))
+		return false;
+
+	*data = tcase_data = talloc_zero(tctx, struct torture_rpc_tcase_data);
+	tcase_data->credentials = samba_cmdline_get_creds();
+	tcase_data->join_ctx = torture_join_domain(tctx, tcase->machine_name,
+						   ACB_WSTRUST,
+						   &tcase_data->credentials);
+	if (tcase_data->join_ctx == NULL)
+	    torture_fail(tctx, "Failed to join as WORKSTATION");
+
+	status = dcerpc_pipe_connect_b(tctx,
+				&(tcase_data->pipe),
+				binding,
+				tcase->table,
+				tcase_data->credentials, tctx->ev, tctx->lp_ctx);
+
+	torture_assert_ntstatus_ok(tctx, status, "Error connecting to server");
+
+	return NT_STATUS_IS_OK(status);
+}
+
+static bool torture_rpc_setup_machine_bdc(struct torture_context *tctx,
+					  void **data)
+{
+	NTSTATUS status;
+	struct dcerpc_binding *binding;
+	struct torture_rpc_tcase *tcase = talloc_get_type(tctx->active_tcase,
+						struct torture_rpc_tcase);
+	struct torture_rpc_tcase_data *tcase_data;
+
+	status = torture_rpc_binding(tctx, &binding);
+	if (NT_STATUS_IS_ERR(status))
+		return false;
+
+	*data = tcase_data = talloc_zero(tctx, struct torture_rpc_tcase_data);
+	tcase_data->credentials = samba_cmdline_get_creds();
+	tcase_data->join_ctx = torture_join_domain(tctx, tcase->machine_name,
+						   ACB_SVRTRUST,
+						   &tcase_data->credentials);
+	if (tcase_data->join_ctx == NULL)
+	    torture_fail(tctx, "Failed to join as BDC");
+
+	status = dcerpc_pipe_connect_b(tctx,
+				&(tcase_data->pipe),
+				binding,
+				tcase->table,
+				tcase_data->credentials, tctx->ev, tctx->lp_ctx);
+
+	torture_assert_ntstatus_ok(tctx, status, "Error connecting to server");
+
+	return NT_STATUS_IS_OK(status);
+}
+
+_PUBLIC_ struct torture_rpc_tcase *torture_suite_add_machine_workstation_rpc_iface_tcase(
+				struct torture_suite *suite,
+				const char *name,
+				const struct ndr_interface_table *table,
+				const char *machine_name)
+{
+	struct torture_rpc_tcase *tcase = talloc(suite,
+						 struct torture_rpc_tcase);
+
+	torture_suite_init_rpc_tcase(suite, tcase, name, table);
+
+	tcase->machine_name = talloc_strdup(tcase, machine_name);
+	tcase->tcase.setup = torture_rpc_setup_machine_workstation;
+	tcase->tcase.teardown = torture_rpc_teardown;
+
+	return tcase;
+}
+
+_PUBLIC_ struct torture_rpc_tcase *torture_suite_add_machine_bdc_rpc_iface_tcase(
+				struct torture_suite *suite,
+				const char *name,
+				const struct ndr_interface_table *table,
+				const char *machine_name)
+{
+	struct torture_rpc_tcase *tcase = talloc(suite,
+						 struct torture_rpc_tcase);
+
+	torture_suite_init_rpc_tcase(suite, tcase, name, table);
+
+	tcase->machine_name = talloc_strdup(tcase, machine_name);
+	tcase->tcase.setup = torture_rpc_setup_machine_bdc;
+	tcase->tcase.teardown = torture_rpc_teardown;
+
+	return tcase;
+}
+
+_PUBLIC_ bool torture_suite_init_rpc_tcase(struct torture_suite *suite,
+					   struct torture_rpc_tcase *tcase,
+					   const char *name,
+					   const struct ndr_interface_table *table)
+{
+	if (!torture_suite_init_tcase(suite, (struct torture_tcase *)tcase, name))
+		return false;
+
+	tcase->table = table;
+
+	return true;
+}
+
+static bool torture_rpc_setup_anonymous(struct torture_context *tctx,
+					void **data)
+{
+	NTSTATUS status;
+	struct dcerpc_binding *binding;
+	struct torture_rpc_tcase_data *tcase_data;
+	struct torture_rpc_tcase *tcase = talloc_get_type(tctx->active_tcase,
+							  struct torture_rpc_tcase);
+
+	status = torture_rpc_binding(tctx, &binding);
+	if (NT_STATUS_IS_ERR(status))
+		return false;
+
+	*data = tcase_data = talloc_zero(tctx, struct torture_rpc_tcase_data);
+	tcase_data->credentials = cli_credentials_init_anon(tctx);
+
+	status = dcerpc_pipe_connect_b(tctx,
+				&(tcase_data->pipe),
+				binding,
+				tcase->table,
+				tcase_data->credentials, tctx->ev, tctx->lp_ctx);
+
+	torture_assert_ntstatus_ok(tctx, status, "Error connecting to server");
+
+	return NT_STATUS_IS_OK(status);
+}
+
+static bool torture_rpc_setup (struct torture_context *tctx, void **data)
+{
+	NTSTATUS status;
+	struct torture_rpc_tcase *tcase = talloc_get_type(
+						tctx->active_tcase, struct torture_rpc_tcase);
+	struct torture_rpc_tcase_data *tcase_data;
+
+	*data = tcase_data = talloc_zero(tctx, struct torture_rpc_tcase_data);
+	tcase_data->credentials = samba_cmdline_get_creds();
+
+	status = torture_rpc_connection(tctx,
+				&(tcase_data->pipe),
+				tcase->table);
+
+	torture_assert_ntstatus_ok(tctx, status, "Error connecting to server");
+
+	return NT_STATUS_IS_OK(status);
+}
+
+
+
+_PUBLIC_ struct torture_rpc_tcase *torture_suite_add_anon_rpc_iface_tcase(struct torture_suite *suite,
+								const char *name,
+								const struct ndr_interface_table *table)
+{
+	struct torture_rpc_tcase *tcase = talloc(suite, struct torture_rpc_tcase);
+
+	torture_suite_init_rpc_tcase(suite, tcase, name, table);
+
+	tcase->tcase.setup = torture_rpc_setup_anonymous;
+	tcase->tcase.teardown = torture_rpc_teardown;
+
+	return tcase;
+}
+
+
+_PUBLIC_ struct torture_rpc_tcase *torture_suite_add_rpc_iface_tcase(struct torture_suite *suite,
+								const char *name,
+								const struct ndr_interface_table *table)
+{
+	struct torture_rpc_tcase *tcase = talloc(suite, struct torture_rpc_tcase);
+
+	torture_suite_init_rpc_tcase(suite, tcase, name, table);
+
+	tcase->tcase.setup = torture_rpc_setup;
+	tcase->tcase.teardown = torture_rpc_teardown;
+
+	return tcase;
+}
+
+static bool torture_rpc_wrap_test(struct torture_context *tctx,
+								  struct torture_tcase *tcase,
+								  struct torture_test *test)
+{
+	bool (*fn) (struct torture_context *, struct dcerpc_pipe *);
+	struct torture_rpc_tcase_data *tcase_data =
+		(struct torture_rpc_tcase_data *)tcase->data;
+
+	fn = test->fn;
+
+	return fn(tctx, tcase_data->pipe);
+}
+
+static bool torture_rpc_wrap_test_ex(struct torture_context *tctx,
+								  struct torture_tcase *tcase,
+								  struct torture_test *test)
+{
+	bool (*fn) (struct torture_context *, struct dcerpc_pipe *, const void *);
+	struct torture_rpc_tcase_data *tcase_data =
+		(struct torture_rpc_tcase_data *)tcase->data;
+
+	fn = test->fn;
+
+	return fn(tctx, tcase_data->pipe, test->data);
+}
+
+
+static bool torture_rpc_wrap_test_creds(struct torture_context *tctx,
+								  struct torture_tcase *tcase,
+								  struct torture_test *test)
+{
+	bool (*fn) (struct torture_context *, struct dcerpc_pipe *, struct cli_credentials *);
+	struct torture_rpc_tcase_data *tcase_data =
+		(struct torture_rpc_tcase_data *)tcase->data;
+
+	fn = test->fn;
+
+	return fn(tctx, tcase_data->pipe, tcase_data->credentials);
+}
+
+static bool torture_rpc_wrap_test_join(struct torture_context *tctx,
+				       struct torture_tcase *tcase,
+				       struct torture_test *test)
+{
+	bool (*fn) (struct torture_context *, struct dcerpc_pipe *, struct cli_credentials *, struct test_join *);
+	struct torture_rpc_tcase_data *tcase_data =
+		(struct torture_rpc_tcase_data *)tcase->data;
+
+	fn = test->fn;
+
+	return fn(tctx, tcase_data->pipe, tcase_data->credentials, tcase_data->join_ctx);
+}
+
+_PUBLIC_ struct torture_test *torture_rpc_tcase_add_test(
+					struct torture_rpc_tcase *tcase,
+					const char *name,
+					bool (*fn) (struct torture_context *, struct dcerpc_pipe *))
+{
+	struct torture_test *test;
+
+	test = talloc(tcase, struct torture_test);
+
+	test->name = talloc_strdup(test, name);
+	test->description = NULL;
+	test->run = torture_rpc_wrap_test;
+	test->dangerous = false;
+	test->data = NULL;
+	test->fn = fn;
+
+	DLIST_ADD_END(tcase->tcase.tests, test);
+
+	return test;
+}
+
+_PUBLIC_ struct torture_test *torture_rpc_tcase_add_test_creds(
+					struct torture_rpc_tcase *tcase,
+					const char *name,
+					bool (*fn) (struct torture_context *, struct dcerpc_pipe *, struct cli_credentials *))
+{
+	struct torture_test *test;
+
+	test = talloc(tcase, struct torture_test);
+
+	test->name = talloc_strdup(test, name);
+	test->description = NULL;
+	test->run = torture_rpc_wrap_test_creds;
+	test->dangerous = false;
+	test->data = NULL;
+	test->fn = fn;
+
+	DLIST_ADD_END(tcase->tcase.tests, test);
+
+	return test;
+}
+
+_PUBLIC_ struct torture_test *torture_rpc_tcase_add_test_join(
+					struct torture_rpc_tcase *tcase,
+					const char *name,
+					bool (*fn) (struct torture_context *, struct dcerpc_pipe *,
+						    struct cli_credentials *, struct test_join *))
+{
+	struct torture_test *test;
+
+	test = talloc(tcase, struct torture_test);
+
+	test->name = talloc_strdup(test, name);
+	test->description = NULL;
+	test->run = torture_rpc_wrap_test_join;
+	test->dangerous = false;
+	test->data = NULL;
+	test->fn = fn;
+
+	DLIST_ADD_END(tcase->tcase.tests, test);
+
+	return test;
+}
+
+_PUBLIC_ struct torture_test *torture_rpc_tcase_add_test_ex(
+					struct torture_rpc_tcase *tcase,
+					const char *name,
+					bool (*fn) (struct torture_context *, struct dcerpc_pipe *,
+								void *),
+					void *userdata)
+{
+	struct torture_test *test;
+
+	test = talloc(tcase, struct torture_test);
+
+	test->name = talloc_strdup(test, name);
+	test->description = NULL;
+	test->run = torture_rpc_wrap_test_ex;
+	test->dangerous = false;
+	test->data = userdata;
+	test->fn = fn;
+
+	DLIST_ADD_END(tcase->tcase.tests, test);
+
+	return test;
+}
+
+static bool torture_rpc_wrap_test_setup(struct torture_context *tctx,
+					struct torture_tcase *tcase,
+					struct torture_test *test)
+{
+	bool (*fn)(struct torture_context *, struct dcerpc_pipe *, const void *);
+	struct torture_rpc_tcase *rpc_tcase = talloc_get_type_abort(
+		tctx->active_tcase, struct torture_rpc_tcase);
+	struct torture_rpc_tcase_data *tcase_data = talloc_get_type_abort(
+		tcase->data, struct torture_rpc_tcase_data);
+	void *data = discard_const_p(void, test->data);
+	bool ok;
+
+	ok = rpc_tcase->setup_fn(tctx, tcase_data->pipe, data);
+	if (!ok) {
+		return false;
+	}
+
+	fn = test->fn;
+
+	ok = fn(tctx, tcase_data->pipe, data);
+	if (!ok) {
+		return false;
+	}
+
+	ok = rpc_tcase->teardown_fn(tctx, tcase_data->pipe, data);
+	if (!ok) {
+		return false;
+	}
+
+	return true;
+}
+
+_PUBLIC_ struct torture_test *torture_rpc_tcase_add_test_setup(
+				struct torture_rpc_tcase *tcase,
+				const char *name,
+				bool (*fn)(struct torture_context *,
+					   struct dcerpc_pipe *,
+					   void *),
+				void *userdata)
+{
+	struct torture_test *test = NULL;
+
+	test = talloc(tcase, struct torture_test);
+
+	test->name = talloc_strdup(test, name);
+	test->description = NULL;
+	test->run = torture_rpc_wrap_test_setup;
+	test->dangerous = false;
+	test->data = userdata;
+	test->fn = fn;
+
+	DLIST_ADD_END(tcase->tcase.tests, test);
+
+	return test;
+}
+
+_PUBLIC_ struct torture_rpc_tcase *torture_suite_add_rpc_setup_tcase(
+				struct torture_suite *suite,
+				const char *name,
+				const struct ndr_interface_table *table,
+				bool (*setup_fn)(struct torture_context *,
+						 struct dcerpc_pipe *,
+						 void *),
+				bool (*teardown_fn)(struct torture_context *,
+						    struct dcerpc_pipe *,
+						    void *))
+{
+	struct torture_rpc_tcase *tcase = talloc(
+		suite, struct torture_rpc_tcase);
+
+	torture_suite_init_rpc_tcase(suite, tcase, name, table);
+
+	tcase->setup_fn = setup_fn;
+	tcase->teardown_fn = teardown_fn;
+	tcase->tcase.setup = torture_rpc_setup;
+	tcase->tcase.teardown = torture_rpc_teardown;
+
+	return tcase;
+}
+
+NTSTATUS torture_rpc_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "rpc");
+
+	ndr_table_init();
+
+	torture_suite_add_simple_test(suite, "lsa", torture_rpc_lsa);
+	torture_suite_add_simple_test(suite, "lsalookup", torture_rpc_lsa_lookup);
+	torture_suite_add_simple_test(suite, "lsa-getuser", torture_rpc_lsa_get_user);
+	torture_suite_add_suite(suite, torture_rpc_lsa_lookup_sids(suite));
+	torture_suite_add_suite(suite, torture_rpc_lsa_lookup_names(suite));
+	torture_suite_add_suite(suite, torture_rpc_lsa_secrets(suite));
+	torture_suite_add_suite(suite, torture_rpc_lsa_trusted_domains(suite));
+	torture_suite_add_suite(suite, torture_rpc_lsa_forest_trust(suite));
+	torture_suite_add_suite(suite, torture_rpc_lsa_privileges(suite));
+	torture_suite_add_suite(suite, torture_rpc_echo(suite));
+	torture_suite_add_suite(suite, torture_rpc_dfs(suite));
+	torture_suite_add_suite(suite, torture_rpc_frsapi(suite));
+	torture_suite_add_suite(suite, torture_rpc_unixinfo(suite));
+	torture_suite_add_suite(suite, torture_rpc_eventlog(suite));
+	torture_suite_add_suite(suite, torture_rpc_atsvc(suite));
+	torture_suite_add_suite(suite, torture_rpc_wkssvc(suite));
+	torture_suite_add_suite(suite, torture_rpc_handles(suite));
+	torture_suite_add_suite(suite, torture_rpc_object_uuid(suite));
+	torture_suite_add_suite(suite, torture_rpc_winreg(suite));
+	torture_suite_add_suite(suite, torture_rpc_spoolss(suite));
+#ifdef WITH_NTVFS_FILESERVER
+	torture_suite_add_suite(suite, torture_rpc_spoolss_notify(suite));
+#endif
+	torture_suite_add_suite(suite, torture_rpc_spoolss_win(suite));
+	torture_suite_add_suite(suite, torture_rpc_spoolss_driver(suite));
+	torture_suite_add_suite(suite, torture_rpc_spoolss_access(suite));
+	torture_suite_add_suite(suite, torture_rpc_iremotewinspool(suite));
+	torture_suite_add_suite(suite, torture_rpc_iremotewinspool_drv(suite));
+	torture_suite_add_simple_test(suite, "samr", torture_rpc_samr);
+	torture_suite_add_simple_test(suite, "samr.users", torture_rpc_samr_users);
+	torture_suite_add_simple_test(suite, "samr.passwords.default", torture_rpc_samr_passwords);
+	torture_suite_add_suite(suite, torture_rpc_netlogon(suite));
+	torture_suite_add_suite(suite, torture_rpc_netlogon_s3(suite));
+	torture_suite_add_suite(suite, torture_rpc_netlogon_admin(suite));
+	torture_suite_add_suite(suite, torture_rpc_netlogon_zerologon(suite));
+	torture_suite_add_suite(suite, torture_rpc_netlogon_crypto_fips(suite));
+	torture_suite_add_suite(suite, torture_rpc_remote_pac(suite));
+	torture_suite_add_simple_test(suite, "samlogon", torture_rpc_samlogon);
+	torture_suite_add_simple_test(suite, "samsync", torture_rpc_samsync);
+	torture_suite_add_simple_test(suite, "schannel", torture_rpc_schannel);
+	torture_suite_add_simple_test(suite, "schannel2", torture_rpc_schannel2);
+	torture_suite_add_simple_test(suite, "bench-schannel1", torture_rpc_schannel_bench1);
+	torture_suite_add_simple_test(suite, "schannel_anon_setpw", torture_rpc_schannel_anon_setpw);
+	torture_suite_add_suite(suite, torture_rpc_srvsvc(suite));
+	torture_suite_add_suite(suite, torture_rpc_svcctl(suite));
+	torture_suite_add_suite(suite, torture_rpc_samr_accessmask(suite));
+	torture_suite_add_suite(suite, torture_rpc_samr_handletype(suite));
+	torture_suite_add_suite(suite, torture_rpc_samr_workstation_auth(suite));
+	torture_suite_add_suite(suite, torture_rpc_samr_passwords_pwdlastset(suite));
+	torture_suite_add_suite(suite, torture_rpc_samr_passwords_badpwdcount(suite));
+	torture_suite_add_suite(suite, torture_rpc_samr_passwords_lockout(suite));
+	torture_suite_add_suite(suite, torture_rpc_samr_passwords_validate(suite));
+	torture_suite_add_suite(suite, torture_rpc_samr_user_privileges(suite));
+	torture_suite_add_suite(suite, torture_rpc_samr_large_dc(suite));
+	torture_suite_add_suite(suite, torture_rpc_samr_priv(suite));
+	torture_suite_add_suite(suite, torture_rpc_epmapper(suite));
+	torture_suite_add_suite(suite, torture_rpc_initshutdown(suite));
+	torture_suite_add_simple_test(suite, "mgmt", torture_rpc_mgmt);
+	torture_suite_add_simple_test(suite, "scanner", torture_rpc_scanner);
+	torture_suite_add_simple_test(suite, "countcalls", torture_rpc_countcalls);
+	torture_suite_add_simple_test(suite, "authcontext", torture_bind_authcontext);
+	torture_suite_add_suite(suite, torture_rpc_samba3(suite));
+	torture_rpc_drsuapi_tcase(suite);
+	torture_rpc_drsuapi_w2k8_tcase(suite);
+	torture_rpc_drsuapi_cracknames_tcase(suite);
+	torture_suite_add_suite(suite, torture_rpc_dssetup(suite));
+	torture_suite_add_suite(suite, torture_rpc_browser(suite));
+	torture_suite_add_simple_test(suite, "altercontext", torture_rpc_alter_context);
+	torture_suite_add_simple_test(suite, "join", torture_rpc_join);
+	torture_drs_rpc_dsgetinfo_tcase(suite);
+	torture_suite_add_simple_test(suite, "bench-rpc", torture_bench_rpc);
+	torture_suite_add_simple_test(suite, "asyncbind", torture_async_bind);
+	torture_suite_add_suite(suite, torture_rpc_ntsvcs(suite));
+	torture_suite_add_suite(suite, torture_rpc_bind(suite));
+#ifdef AD_DC_BUILD_IS_ENABLED
+	torture_suite_add_suite(suite, torture_rpc_backupkey(suite));
+#endif
+	torture_suite_add_suite(suite, torture_rpc_fsrvp(suite));
+	torture_suite_add_suite(suite, torture_rpc_clusapi(suite));
+	torture_suite_add_suite(suite, torture_rpc_witness(suite));
+	torture_suite_add_suite(suite, torture_rpc_mdssvc(suite));
+
+	suite->description = talloc_strdup(suite, "DCE/RPC protocol and interface tests");
+
+	torture_register_suite(ctx, suite);
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c
new file mode 100644
index 0000000..10f0fcc
--- /dev/null
+++ b/source4/torture/rpc/samba3rpc.c
@@ -0,0 +1,4729 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   dcerpc torture tests, designed to walk Samba3 code paths
+
+   Copyright (C) Volker Lendecke 2006
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "torture/util.h"
+#include "libcli/rap/rap.h"
+#include "librpc/gen_ndr/ndr_lsa_c.h"
+#include "librpc/gen_ndr/ndr_samr_c.h"
+#include "librpc/gen_ndr/ndr_netlogon_c.h"
+#include "librpc/gen_ndr/ndr_srvsvc_c.h"
+#include "librpc/gen_ndr/ndr_spoolss_c.h"
+#include "librpc/gen_ndr/ndr_winreg_c.h"
+#include "librpc/gen_ndr/ndr_wkssvc_c.h"
+#include "librpc/gen_ndr/ndr_svcctl_c.h"
+#include "lib/cmdline/cmdline.h"
+#include "torture/rpc/torture_rpc.h"
+#include "libcli/libcli.h"
+#include "libcli/smb_composite/smb_composite.h"
+#include "libcli/auth/libcli_auth.h"
+#include "libcli/security/security.h"
+#include "param/param.h"
+#include "lib/registry/registry.h"
+#include "libcli/resolve/resolve.h"
+#include "torture/ndr/ndr.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "librpc/rpc/dcerpc.h"
+#include "librpc/rpc/dcerpc_proto.h"
+#include "libcli/smb/smbXcli_base.h"
+#include "source3/rpc_client/init_samr.h"
+
+/*
+ * open pipe and bind, given an IPC$ context
+ */
+
+static NTSTATUS pipe_bind_smb(struct torture_context *tctx,
+			      TALLOC_CTX *mem_ctx,
+			      struct smbcli_tree *tree,
+			      const char *pipe_name,
+			      const struct ndr_interface_table *iface,
+			      struct dcerpc_pipe **p)
+{
+	struct dcerpc_pipe *result;
+	NTSTATUS status;
+
+	if (!(result = dcerpc_pipe_init(mem_ctx, tctx->ev))) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	status = dcerpc_pipe_open_smb(result, tree, pipe_name);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "dcerpc_pipe_open_smb failed: %s\n",
+			 nt_errstr(status));
+		talloc_free(result);
+		return status;
+	}
+
+	status = dcerpc_bind_auth_none(result, iface);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "dcerpc_bind_auth_none failed: %s\n", nt_errstr(status));
+		talloc_free(result);
+		return status;
+	}
+
+	*p = result;
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS pipe_bind_smb2(struct torture_context *tctx,
+			       TALLOC_CTX *mem_ctx,
+			       struct smb2_tree *tree,
+			       const char *pipe_name,
+			       const struct ndr_interface_table *iface,
+			       struct dcerpc_pipe **p)
+{
+	struct dcerpc_pipe *result;
+	NTSTATUS status;
+
+	if (!(result = dcerpc_pipe_init(mem_ctx, tctx->ev))) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	status = dcerpc_pipe_open_smb2(result, tree, pipe_name);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "dcerpc_pipe_open_smb2 failed: %s\n",
+			 nt_errstr(status));
+		talloc_free(result);
+		return status;
+	}
+
+	status = dcerpc_bind_auth_none(result, iface);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "dcerpc_bind_auth_none failed: %s\n", nt_errstr(status));
+		talloc_free(result);
+		return status;
+	}
+
+	*p = result;
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS pipe_bind_smb_auth(struct torture_context *tctx,
+				   TALLOC_CTX *mem_ctx,
+				   struct smbcli_tree *tree,
+				   struct cli_credentials *creds,
+				   uint8_t auth_type,
+				   uint8_t auth_level,
+				   const char *pipe_name,
+				   const struct ndr_interface_table *iface,
+				   struct dcerpc_pipe **p)
+{
+	struct dcerpc_pipe *result;
+	NTSTATUS status;
+
+	if (!(result = dcerpc_pipe_init(mem_ctx, tctx->ev))) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	status = dcerpc_pipe_open_smb(result, tree, pipe_name);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "dcerpc_pipe_open_smb failed: %s\n",
+			 nt_errstr(status));
+		talloc_free(result);
+		return status;
+	}
+
+	status = dcerpc_bind_auth(result, iface, creds,
+			 lpcfg_gensec_settings(tctx->lp_ctx, tctx->lp_ctx),
+			 auth_type, auth_level, NULL);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "dcerpc_bind_auth failed: %s\n", nt_errstr(status));
+		talloc_free(result);
+		return status;
+	}
+
+	*p = result;
+	return NT_STATUS_OK;
+}
+
+/*
+ * This tests a RPC call using an invalid vuid
+ */
+
+bool torture_bind_authcontext(struct torture_context *torture)
+{
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+	bool ret = false;
+	struct lsa_ObjectAttribute objectattr;
+	struct lsa_OpenPolicy2 openpolicy;
+	struct policy_handle handle;
+	struct lsa_Close close_handle;
+	struct smbcli_session *tmp;
+	uint16_t tmp_vuid;
+	struct smbcli_session *session2;
+	struct smbcli_state *cli;
+	struct dcerpc_pipe *lsa_pipe;
+	struct dcerpc_binding_handle *lsa_handle;
+	struct cli_credentials *anon_creds;
+	struct smb_composite_sesssetup setup;
+	struct smbcli_options options;
+	struct smbcli_session_options session_options;
+
+	mem_ctx = talloc_init("torture_bind_authcontext");
+
+	if (mem_ctx == NULL) {
+		torture_comment(torture, "talloc_init failed\n");
+		return false;
+	}
+
+	lpcfg_smbcli_options(torture->lp_ctx, &options);
+	lpcfg_smbcli_session_options(torture->lp_ctx, &session_options);
+
+	status = smbcli_full_connection(mem_ctx, &cli,
+					torture_setting_string(torture, "host", NULL),
+					lpcfg_smb_ports(torture->lp_ctx),
+					"IPC$", NULL,
+					lpcfg_socket_options(torture->lp_ctx),
+					samba_cmdline_get_creds(),
+					lpcfg_resolve_context(torture->lp_ctx),
+					torture->ev, &options, &session_options,
+					lpcfg_gensec_settings(torture, torture->lp_ctx));
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(torture, "smbcli_full_connection failed: %s\n",
+			 nt_errstr(status));
+		goto done;
+	}
+
+	status = pipe_bind_smb(torture, mem_ctx, cli->tree, "\\lsarpc",
+			       &ndr_table_lsarpc, &lsa_pipe);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"pipe_bind_smb failed");
+	lsa_handle = lsa_pipe->binding_handle;
+
+	openpolicy.in.system_name =talloc_asprintf(
+		mem_ctx, "\\\\%s", dcerpc_server_name(lsa_pipe));
+	ZERO_STRUCT(objectattr);
+	openpolicy.in.attr = &objectattr;
+	openpolicy.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	openpolicy.out.handle = &handle;
+
+	status = dcerpc_lsa_OpenPolicy2_r(lsa_handle, mem_ctx, &openpolicy);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(torture, "dcerpc_lsa_OpenPolicy2 failed: %s\n",
+			 nt_errstr(status));
+		goto done;
+	}
+	if (!NT_STATUS_IS_OK(openpolicy.out.result)) {
+		torture_comment(torture, "dcerpc_lsa_OpenPolicy2 failed: %s\n",
+			 nt_errstr(openpolicy.out.result));
+		goto done;
+	}
+
+	close_handle.in.handle = &handle;
+	close_handle.out.handle = &handle;
+
+	status = dcerpc_lsa_Close_r(lsa_handle, mem_ctx, &close_handle);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(torture, "dcerpc_lsa_Close failed: %s\n",
+			 nt_errstr(status));
+		goto done;
+	}
+	if (!NT_STATUS_IS_OK(close_handle.out.result)) {
+		torture_comment(torture, "dcerpc_lsa_Close failed: %s\n",
+			 nt_errstr(close_handle.out.result));
+		goto done;
+	}
+
+	session2 = smbcli_session_init(cli->transport, mem_ctx, false, session_options);
+	if (session2 == NULL) {
+		torture_comment(torture, "smbcli_session_init failed\n");
+		goto done;
+	}
+
+	if (!(anon_creds = cli_credentials_init_anon(mem_ctx))) {
+		torture_comment(torture, "create_anon_creds failed\n");
+		goto done;
+	}
+
+	setup.in.sesskey = cli->transport->negotiate.sesskey;
+	setup.in.capabilities = cli->transport->negotiate.capabilities;
+	setup.in.workgroup = "";
+	setup.in.credentials = anon_creds;
+	setup.in.gensec_settings = lpcfg_gensec_settings(torture, torture->lp_ctx);
+
+	status = smb_composite_sesssetup(session2, &setup);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(torture, "anon session setup failed: %s\n",
+			 nt_errstr(status));
+		goto done;
+	}
+	session2->vuid = setup.out.vuid;
+
+	tmp = cli->tree->session;
+	tmp_vuid = smb1cli_session_current_id(tmp->smbXcli);
+	smb1cli_session_set_id(tmp->smbXcli, session2->vuid);
+	cli->tree->session = session2;
+
+	status = dcerpc_lsa_OpenPolicy2_r(lsa_handle, mem_ctx, &openpolicy);
+
+	torture_assert(torture, smbXcli_conn_is_connected(cli->transport->conn),
+		       "smb still connected");
+	torture_assert(torture, !dcerpc_binding_handle_is_connected(lsa_handle),
+		       "dcerpc disconnected");
+
+	if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_HANDLE)) {
+		torture_comment(torture, "dcerpc_lsa_OpenPolicy2 with wrong vuid gave %s, "
+			 "expected NT_STATUS_CONNECTION_DISCONNECTED\n",
+			 nt_errstr(status));
+		status = NT_STATUS_CONNECTION_DISCONNECTED;
+	}
+	if (NT_STATUS_EQUAL(status, NT_STATUS_IO_DEVICE_ERROR)) {
+		torture_comment(torture, "dcerpc_lsa_OpenPolicy2 with wrong vuid gave %s, "
+			 "expected NT_STATUS_CONNECTION_DISCONNECTED\n",
+			 nt_errstr(status));
+		status = NT_STATUS_CONNECTION_DISCONNECTED;
+	}
+
+	torture_assert_ntstatus_equal(torture, status, NT_STATUS_CONNECTION_DISCONNECTED,
+				      "lsa connection disconnected");
+
+	smb1cli_session_set_id(tmp->smbXcli, tmp_vuid);
+	cli->tree->session = tmp;
+	talloc_free(lsa_pipe);
+	lsa_pipe = NULL;
+
+	ret = true;
+ done:
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+/*
+ * Bind to lsa using a specific auth method
+ */
+
+static bool bindtest(struct torture_context *tctx,
+		     struct smbcli_state *cli,
+		     struct cli_credentials *credentials,
+		     uint8_t auth_type, uint8_t auth_level)
+{
+	TALLOC_CTX *mem_ctx;
+	bool ret = false;
+	NTSTATUS status;
+
+	struct dcerpc_pipe *lsa_pipe;
+	struct dcerpc_binding_handle *lsa_handle;
+	struct lsa_ObjectAttribute objectattr;
+	struct lsa_OpenPolicy2 openpolicy;
+	struct lsa_QueryInfoPolicy query;
+	union lsa_PolicyInformation *info = NULL;
+	struct policy_handle handle;
+	struct lsa_Close close_handle;
+
+	if ((mem_ctx = talloc_init("bindtest")) == NULL) {
+		torture_comment(tctx, "talloc_init failed\n");
+		return false;
+	}
+
+	status = pipe_bind_smb_auth(tctx, mem_ctx, cli->tree,
+				    credentials, auth_type, auth_level,
+				    "\\lsarpc", &ndr_table_lsarpc, &lsa_pipe);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"pipe_bind_smb_auth failed");
+	lsa_handle = lsa_pipe->binding_handle;
+
+	openpolicy.in.system_name =talloc_asprintf(
+		mem_ctx, "\\\\%s", dcerpc_server_name(lsa_pipe));
+	ZERO_STRUCT(objectattr);
+	openpolicy.in.attr = &objectattr;
+	openpolicy.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	openpolicy.out.handle = &handle;
+
+	status = dcerpc_lsa_OpenPolicy2_r(lsa_handle, mem_ctx, &openpolicy);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "dcerpc_lsa_OpenPolicy2 failed: %s\n",
+			 nt_errstr(status));
+		goto done;
+	}
+	if (!NT_STATUS_IS_OK(openpolicy.out.result)) {
+		torture_comment(tctx, "dcerpc_lsa_OpenPolicy2 failed: %s\n",
+			 nt_errstr(openpolicy.out.result));
+		goto done;
+	}
+
+	query.in.handle = &handle;
+	query.in.level = LSA_POLICY_INFO_DOMAIN;
+	query.out.info = &info;
+
+	status = dcerpc_lsa_QueryInfoPolicy_r(lsa_handle, mem_ctx, &query);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "dcerpc_lsa_QueryInfoPolicy failed: %s\n",
+			 nt_errstr(status));
+		goto done;
+	}
+	if (!NT_STATUS_IS_OK(query.out.result)) {
+		torture_comment(tctx, "dcerpc_lsa_QueryInfoPolicy failed: %s\n",
+			 nt_errstr(query.out.result));
+		goto done;
+	}
+
+	close_handle.in.handle = &handle;
+	close_handle.out.handle = &handle;
+
+	status = dcerpc_lsa_Close_r(lsa_handle, mem_ctx, &close_handle);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "dcerpc_lsa_Close failed: %s\n",
+			 nt_errstr(status));
+		goto done;
+	}
+	if (!NT_STATUS_IS_OK(close_handle.out.result)) {
+		torture_comment(tctx, "dcerpc_lsa_Close failed: %s\n",
+			 nt_errstr(close_handle.out.result));
+		goto done;
+	}
+
+
+	ret = true;
+ done:
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+/*
+ * test authenticated RPC binds with the variants Samba3 does support
+ */
+
+static bool torture_bind_samba3(struct torture_context *torture)
+{
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+	bool ret = false;
+	struct smbcli_state *cli;
+	struct smbcli_options options;
+	struct smbcli_session_options session_options;
+
+	mem_ctx = talloc_init("torture_bind_authcontext");
+
+	if (mem_ctx == NULL) {
+		torture_comment(torture, "talloc_init failed\n");
+		return false;
+	}
+
+	lpcfg_smbcli_options(torture->lp_ctx, &options);
+	lpcfg_smbcli_session_options(torture->lp_ctx, &session_options);
+
+	status = smbcli_full_connection(mem_ctx, &cli,
+					torture_setting_string(torture, "host", NULL),
+					lpcfg_smb_ports(torture->lp_ctx),
+					"IPC$", NULL,
+					lpcfg_socket_options(torture->lp_ctx),
+					samba_cmdline_get_creds(),
+					lpcfg_resolve_context(torture->lp_ctx),
+					torture->ev, &options, &session_options,
+					lpcfg_gensec_settings(torture, torture->lp_ctx));
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(torture, "smbcli_full_connection failed: %s\n",
+			 nt_errstr(status));
+		goto done;
+	}
+
+	ret = true;
+
+	ret &= bindtest(torture, cli, samba_cmdline_get_creds(),
+			DCERPC_AUTH_TYPE_NTLMSSP,
+			DCERPC_AUTH_LEVEL_INTEGRITY);
+	ret &= bindtest(torture, cli, samba_cmdline_get_creds(),
+			DCERPC_AUTH_TYPE_NTLMSSP,
+			DCERPC_AUTH_LEVEL_PRIVACY);
+	ret &= bindtest(torture, cli, samba_cmdline_get_creds(),
+			DCERPC_AUTH_TYPE_SPNEGO,
+			DCERPC_AUTH_LEVEL_INTEGRITY);
+	ret &= bindtest(torture, cli, samba_cmdline_get_creds(),
+			DCERPC_AUTH_TYPE_SPNEGO,
+			DCERPC_AUTH_LEVEL_PRIVACY);
+
+ done:
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+/*
+ * Lookup or create a user and return all necessary info
+ */
+
+static bool get_usr_handle(struct torture_context *tctx,
+			   struct smbcli_state *cli,
+			   TALLOC_CTX *mem_ctx,
+			   struct cli_credentials *admin_creds,
+			   uint8_t auth_type,
+			   uint8_t auth_level,
+			   const char *username,
+			   char **domain,
+			   struct dcerpc_pipe **result_pipe,
+			   struct policy_handle **result_handle,
+			   struct dom_sid **sid_p)
+{
+	struct dcerpc_pipe *samr_pipe;
+	struct dcerpc_binding_handle *samr_handle;
+	NTSTATUS status;
+	struct policy_handle conn_handle;
+	struct policy_handle domain_handle;
+	struct policy_handle *user_handle;
+	struct samr_Connect2 conn;
+	struct samr_EnumDomains enumdom;
+	uint32_t resume_handle = 0;
+	uint32_t num_entries = 0;
+	struct samr_SamArray *sam = NULL;
+	struct samr_LookupDomain l;
+	struct dom_sid2 *sid = NULL;
+	int dom_idx;
+	struct lsa_String domain_name;
+	struct lsa_String user_name;
+	struct samr_OpenDomain o;
+	struct samr_CreateUser2 c;
+	uint32_t user_rid,access_granted;
+
+	if (admin_creds != NULL) {
+		status = pipe_bind_smb_auth(tctx, mem_ctx, cli->tree,
+					    admin_creds, auth_type, auth_level,
+					    "\\samr", &ndr_table_samr, &samr_pipe);
+		torture_assert_ntstatus_ok(tctx, status, "pipe_bind_smb_auth failed");
+	} else {
+		/* We must have an authenticated SMB connection */
+		status = pipe_bind_smb(tctx, mem_ctx, cli->tree,
+				       "\\samr", &ndr_table_samr, &samr_pipe);
+		torture_assert_ntstatus_ok(tctx, status, "pipe_bind_smb_auth failed");
+	}
+#if 0
+	samr_pipe->conn->flags |= DCERPC_DEBUG_PRINT_IN | DCERPC_DEBUG_PRINT_OUT;
+#endif
+	samr_handle = samr_pipe->binding_handle;
+
+	conn.in.system_name = talloc_asprintf(
+		mem_ctx, "\\\\%s", dcerpc_server_name(samr_pipe));
+	conn.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	conn.out.connect_handle = &conn_handle;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_samr_Connect2_r(samr_handle, mem_ctx, &conn),
+		"samr_Connect2 failed");
+	torture_assert_ntstatus_ok(tctx, conn.out.result,
+		"samr_Connect2 failed");
+
+	enumdom.in.connect_handle = &conn_handle;
+	enumdom.in.resume_handle = &resume_handle;
+	enumdom.in.buf_size = (uint32_t)-1;
+	enumdom.out.resume_handle = &resume_handle;
+	enumdom.out.num_entries = &num_entries;
+	enumdom.out.sam = &sam;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_samr_EnumDomains_r(samr_handle, mem_ctx, &enumdom),
+		"samr_EnumDomains failed");
+	torture_assert_ntstatus_ok(tctx, enumdom.out.result,
+		"samr_EnumDomains failed");
+
+	torture_assert_int_equal(tctx, *enumdom.out.num_entries, 2,
+		"samr_EnumDomains returned unexpected num_entries");
+
+	dom_idx = strequal(sam->entries[0].name.string,
+			   "builtin") ? 1:0;
+
+	l.in.connect_handle = &conn_handle;
+	domain_name.string = sam->entries[dom_idx].name.string;
+	*domain = talloc_strdup(mem_ctx, domain_name.string);
+	l.in.domain_name = &domain_name;
+	l.out.sid = &sid;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_samr_LookupDomain_r(samr_handle, mem_ctx, &l),
+		"samr_LookupDomain failed");
+	torture_assert_ntstatus_ok(tctx, l.out.result,
+		"samr_LookupDomain failed");
+
+	o.in.connect_handle = &conn_handle;
+	o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	o.in.sid = *l.out.sid;
+	o.out.domain_handle = &domain_handle;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_samr_OpenDomain_r(samr_handle, mem_ctx, &o),
+		"samr_OpenDomain failed");
+	torture_assert_ntstatus_ok(tctx, o.out.result,
+		"samr_OpenDomain failed");
+
+	c.in.domain_handle = &domain_handle;
+	user_name.string = username;
+	c.in.account_name = &user_name;
+	c.in.acct_flags = ACB_NORMAL;
+	c.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	user_handle = talloc(mem_ctx, struct policy_handle);
+	c.out.user_handle = user_handle;
+	c.out.access_granted = &access_granted;
+	c.out.rid = &user_rid;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_samr_CreateUser2_r(samr_handle, mem_ctx, &c),
+		"samr_CreateUser2 failed");
+
+	if (NT_STATUS_EQUAL(c.out.result, NT_STATUS_USER_EXISTS)) {
+		struct samr_LookupNames ln;
+		struct samr_OpenUser ou;
+		struct samr_Ids rids, types;
+
+		ln.in.domain_handle = &domain_handle;
+		ln.in.num_names = 1;
+		ln.in.names = &user_name;
+		ln.out.rids = &rids;
+		ln.out.types = &types;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_samr_LookupNames_r(samr_handle, mem_ctx, &ln),
+			"samr_LookupNames failed");
+		torture_assert_ntstatus_ok(tctx, ln.out.result,
+			"samr_LookupNames failed");
+
+		ou.in.domain_handle = &domain_handle;
+		ou.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+		user_rid = ou.in.rid = ln.out.rids->ids[0];
+		ou.out.user_handle = user_handle;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_samr_OpenUser_r(samr_handle, mem_ctx, &ou),
+			"samr_OpenUser failed");
+		status = ou.out.result;
+	} else {
+		status = c.out.result;
+	}
+
+	torture_assert_ntstatus_ok(tctx, status,
+		"samr_CreateUser failed");
+
+	*result_pipe = samr_pipe;
+	*result_handle = user_handle;
+	if (sid_p != NULL) {
+		*sid_p = dom_sid_add_rid(mem_ctx, *l.out.sid, user_rid);
+	}
+	return true;
+
+}
+
+/*
+ * Create a test user
+ */
+
+static bool create_user(struct torture_context *tctx,
+			TALLOC_CTX *mem_ctx, struct smbcli_state *cli,
+			struct cli_credentials *admin_creds,
+			const char *username, const char *password,
+			char **domain_name,
+			struct dom_sid **user_sid)
+{
+	TALLOC_CTX *tmp_ctx;
+	NTSTATUS status;
+	struct dcerpc_pipe *samr_pipe;
+	struct dcerpc_binding_handle *samr_handle;
+	struct policy_handle *wks_handle;
+	bool ret = false;
+
+	if (!(tmp_ctx = talloc_new(mem_ctx))) {
+		torture_comment(tctx, "talloc_init failed\n");
+		return false;
+	}
+
+	ret = get_usr_handle(tctx, cli, tmp_ctx, admin_creds,
+			     DCERPC_AUTH_TYPE_NTLMSSP,
+			     DCERPC_AUTH_LEVEL_INTEGRITY,
+			     username, domain_name, &samr_pipe, &wks_handle,
+			     user_sid);
+	if (ret == false) {
+		torture_comment(tctx, "get_usr_handle failed\n");
+		goto done;
+	}
+	samr_handle = samr_pipe->binding_handle;
+
+	{
+		struct samr_SetUserInfo2 sui2;
+		struct samr_SetUserInfo sui;
+		struct samr_QueryUserInfo qui;
+		union samr_UserInfo u_info;
+		union samr_UserInfo *info;
+		DATA_BLOB session_key;
+
+		ZERO_STRUCT(u_info);
+		encode_pw_buffer(u_info.info23.password.data, password,
+				 STR_UNICODE);
+
+		status = dcerpc_fetch_session_key(samr_pipe, &session_key);
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_comment(tctx, "dcerpc_fetch_session_key failed\n");
+			goto done;
+		}
+
+		status = init_samr_CryptPassword(password,
+						 &session_key,
+						 &u_info.info23.password);
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_comment(tctx, "init_samr_CryptPassword failed\n");
+			goto done;
+		}
+
+		u_info.info23.info.password_expired = 0;
+		u_info.info23.info.fields_present = SAMR_FIELD_NT_PASSWORD_PRESENT |
+						    SAMR_FIELD_LM_PASSWORD_PRESENT |
+						    SAMR_FIELD_EXPIRED_FLAG;
+		sui2.in.user_handle = wks_handle;
+		sui2.in.info = &u_info;
+		sui2.in.level = 23;
+
+		status = dcerpc_samr_SetUserInfo2_r(samr_handle, tmp_ctx, &sui2);
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_comment(tctx, "samr_SetUserInfo(23) failed: %s\n",
+				 nt_errstr(status));
+			goto done;
+		}
+		if (!NT_STATUS_IS_OK(sui2.out.result)) {
+			torture_comment(tctx, "samr_SetUserInfo(23) failed: %s\n",
+				 nt_errstr(sui2.out.result));
+			goto done;
+		}
+
+		u_info.info16.acct_flags = ACB_NORMAL;
+		sui.in.user_handle = wks_handle;
+		sui.in.info = &u_info;
+		sui.in.level = 16;
+
+		status = dcerpc_samr_SetUserInfo_r(samr_handle, tmp_ctx, &sui);
+		if (!NT_STATUS_IS_OK(status) || !NT_STATUS_IS_OK(sui.out.result)) {
+			torture_comment(tctx, "samr_SetUserInfo(16) failed\n");
+			goto done;
+		}
+
+		qui.in.user_handle = wks_handle;
+		qui.in.level = 21;
+		qui.out.info = &info;
+
+		status = dcerpc_samr_QueryUserInfo_r(samr_handle, tmp_ctx, &qui);
+		if (!NT_STATUS_IS_OK(status) || !NT_STATUS_IS_OK(qui.out.result)) {
+			torture_comment(tctx, "samr_QueryUserInfo(21) failed\n");
+			goto done;
+		}
+
+		info->info21.allow_password_change = 0;
+		info->info21.force_password_change = 0;
+		info->info21.account_name.string = NULL;
+		info->info21.rid = 0;
+		info->info21.acct_expiry = 0;
+		info->info21.fields_present = 0x81827fa; /* copy usrmgr.exe */
+
+		u_info.info21 = info->info21;
+		sui.in.user_handle = wks_handle;
+		sui.in.info = &u_info;
+		sui.in.level = 21;
+
+		status = dcerpc_samr_SetUserInfo_r(samr_handle, tmp_ctx, &sui);
+		if (!NT_STATUS_IS_OK(status) || !NT_STATUS_IS_OK(sui.out.result)) {
+			torture_comment(tctx, "samr_SetUserInfo(21) failed\n");
+			goto done;
+		}
+	}
+
+	*domain_name= talloc_steal(mem_ctx, *domain_name);
+	*user_sid = talloc_steal(mem_ctx, *user_sid);
+	ret = true;
+ done:
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+/*
+ * Delete a test user
+ */
+
+static bool delete_user(struct torture_context *tctx,
+			struct smbcli_state *cli,
+			struct cli_credentials *admin_creds,
+			const char *username)
+{
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+	char *dom_name;
+	struct dcerpc_pipe *samr_pipe;
+	struct dcerpc_binding_handle *samr_handle;
+	struct policy_handle *user_handle;
+	bool ret = false;
+
+	if ((mem_ctx = talloc_init("leave")) == NULL) {
+		torture_comment(tctx, "talloc_init failed\n");
+		return false;
+	}
+
+	ret = get_usr_handle(tctx, cli, mem_ctx, admin_creds,
+			     DCERPC_AUTH_TYPE_NTLMSSP,
+			     DCERPC_AUTH_LEVEL_INTEGRITY,
+			     username, &dom_name, &samr_pipe,
+			     &user_handle, NULL);
+	if (ret == false) {
+		torture_comment(tctx, "get_wks_handle failed\n");
+		goto done;
+	}
+	samr_handle = samr_pipe->binding_handle;
+
+	{
+		struct samr_DeleteUser d;
+
+		d.in.user_handle = user_handle;
+		d.out.user_handle = user_handle;
+
+		status = dcerpc_samr_DeleteUser_r(samr_handle, mem_ctx, &d);
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_comment(tctx, "samr_DeleteUser failed %s\n", nt_errstr(status));
+			goto done;
+		}
+		if (!NT_STATUS_IS_OK(d.out.result)) {
+			torture_comment(tctx, "samr_DeleteUser failed %s\n", nt_errstr(d.out.result));
+			goto done;
+		}
+
+	}
+
+	ret = true;
+
+ done:
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+/*
+ * Do a Samba3-style join
+ */
+
+static bool join3(struct torture_context *tctx,
+		  struct smbcli_state *cli,
+		  bool use_level25,
+		  struct cli_credentials *admin_creds,
+		  struct cli_credentials *wks_creds)
+{
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+	char *dom_name;
+	struct dcerpc_pipe *samr_pipe;
+	struct dcerpc_binding_handle *samr_handle;
+	struct policy_handle *wks_handle;
+	bool ret = false;
+	NTTIME last_password_change;
+
+	if ((mem_ctx = talloc_init("join3")) == NULL) {
+		torture_comment(tctx, "talloc_init failed\n");
+		return false;
+	}
+
+	ret = get_usr_handle(
+		tctx, cli, mem_ctx, admin_creds,
+		DCERPC_AUTH_TYPE_NTLMSSP,
+		DCERPC_AUTH_LEVEL_PRIVACY,
+		talloc_asprintf(mem_ctx, "%s$",
+				cli_credentials_get_workstation(wks_creds)),
+		&dom_name, &samr_pipe, &wks_handle, NULL);
+	if (ret == false) {
+		torture_comment(tctx, "get_wks_handle failed\n");
+		goto done;
+	}
+	samr_handle = samr_pipe->binding_handle;
+	ret = false;
+	{
+		struct samr_QueryUserInfo q;
+		union samr_UserInfo *info;
+
+		q.in.user_handle = wks_handle;
+		q.in.level = 21;
+		q.out.info = &info;
+
+		status = dcerpc_samr_QueryUserInfo_r(samr_handle, mem_ctx, &q);
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_warning(tctx, "QueryUserInfo failed: %s\n",
+				  nt_errstr(status));
+			goto done;
+		}
+		if (!NT_STATUS_IS_OK(q.out.result)) {
+			torture_warning(tctx, "QueryUserInfo failed: %s\n",
+				  nt_errstr(q.out.result));
+			goto done;
+		}
+
+
+		last_password_change = info->info21.last_password_change;
+	}
+
+	cli_credentials_set_domain(wks_creds, dom_name, CRED_SPECIFIED);
+
+	if (use_level25) {
+		struct samr_SetUserInfo2 sui2;
+		union samr_UserInfo u_info;
+		struct samr_UserInfo21 *i21 = &u_info.info25.info;
+		DATA_BLOB session_key;
+
+		ZERO_STRUCT(u_info);
+
+		i21->full_name.string = talloc_asprintf(
+			mem_ctx, "%s$",
+			cli_credentials_get_workstation(wks_creds));
+		i21->acct_flags = ACB_WSTRUST;
+		i21->fields_present = SAMR_FIELD_FULL_NAME |
+			SAMR_FIELD_ACCT_FLAGS | SAMR_FIELD_NT_PASSWORD_PRESENT;
+		/* this would break the test result expectations
+		i21->fields_present |= SAMR_FIELD_EXPIRED_FLAG;
+		i21->password_expired = 1;
+		*/
+
+		status = dcerpc_fetch_session_key(samr_pipe, &session_key);
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_comment(tctx, "dcerpc_fetch_session_key failed: %s\n",
+				 nt_errstr(status));
+			goto done;
+		}
+
+		status = init_samr_CryptPasswordEx(cli_credentials_get_password(wks_creds),
+						   &session_key,
+						   &u_info.info25.password);
+
+		sui2.in.user_handle = wks_handle;
+		sui2.in.level = 25;
+		sui2.in.info = &u_info;
+
+		status = dcerpc_samr_SetUserInfo2_r(samr_handle, mem_ctx, &sui2);
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_comment(tctx, "samr_SetUserInfo2(25) failed: %s\n",
+				 nt_errstr(status));
+			goto done;
+		}
+		if (!NT_STATUS_IS_OK(sui2.out.result)) {
+			torture_comment(tctx, "samr_SetUserInfo2(25) failed: %s\n",
+				 nt_errstr(sui2.out.result));
+			goto done;
+		}
+	} else {
+		struct samr_SetUserInfo2 sui2;
+		struct samr_SetUserInfo sui;
+		union samr_UserInfo u_info;
+		DATA_BLOB session_key;
+
+		encode_pw_buffer(u_info.info24.password.data,
+				 cli_credentials_get_password(wks_creds),
+				 STR_UNICODE);
+		/* just to make this test pass */
+		u_info.info24.password_expired = 1;
+
+		status = dcerpc_fetch_session_key(samr_pipe, &session_key);
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_comment(tctx, "dcerpc_fetch_session_key failed\n");
+			goto done;
+		}
+
+		status = init_samr_CryptPassword(cli_credentials_get_password(wks_creds),
+						 &session_key,
+						 &u_info.info24.password);
+
+		sui2.in.user_handle = wks_handle;
+		sui2.in.info = &u_info;
+		sui2.in.level = 24;
+
+		status = dcerpc_samr_SetUserInfo2_r(samr_handle, mem_ctx, &sui2);
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_comment(tctx, "samr_SetUserInfo(24) failed: %s\n",
+				 nt_errstr(status));
+			goto done;
+		}
+		if (!NT_STATUS_IS_OK(sui2.out.result)) {
+			torture_comment(tctx, "samr_SetUserInfo(24) failed: %s\n",
+				 nt_errstr(sui2.out.result));
+			goto done;
+		}
+
+		u_info.info16.acct_flags = ACB_WSTRUST;
+		sui.in.user_handle = wks_handle;
+		sui.in.info = &u_info;
+		sui.in.level = 16;
+
+		status = dcerpc_samr_SetUserInfo_r(samr_handle, mem_ctx, &sui);
+		if (!NT_STATUS_IS_OK(status) || !NT_STATUS_IS_OK(sui.out.result)) {
+			torture_comment(tctx, "samr_SetUserInfo(16) failed\n");
+			goto done;
+		}
+	}
+
+	{
+		struct samr_QueryUserInfo q;
+		union samr_UserInfo *info;
+
+		q.in.user_handle = wks_handle;
+		q.in.level = 21;
+		q.out.info = &info;
+
+		status = dcerpc_samr_QueryUserInfo_r(samr_handle, mem_ctx, &q);
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_warning(tctx, "QueryUserInfo failed: %s\n",
+				  nt_errstr(status));
+			goto done;
+		}
+		if (!NT_STATUS_IS_OK(q.out.result)) {
+			torture_warning(tctx, "QueryUserInfo failed: %s\n",
+				  nt_errstr(q.out.result));
+			goto done;
+		}
+
+		if (use_level25) {
+			if (last_password_change
+			    == info->info21.last_password_change) {
+				torture_warning(tctx, "last_password_change unchanged "
+					 "during join, level25 must change "
+					 "it\n");
+				goto done;
+			}
+		}
+		else {
+			if (last_password_change
+			    != info->info21.last_password_change) {
+				torture_warning(tctx, "last_password_change changed "
+					 "during join, level24 doesn't "
+					 "change it\n");
+				goto done;
+			}
+		}
+	}
+
+	ret = true;
+
+ done:
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+/*
+ * Do a ReqChallenge/Auth2 and get the wks creds
+ */
+
+static bool auth2(struct torture_context *tctx,
+		  struct smbcli_state *cli,
+		  struct cli_credentials *wks_cred)
+{
+	TALLOC_CTX *mem_ctx;
+	struct dcerpc_pipe *net_pipe;
+	struct dcerpc_binding_handle *net_handle;
+	bool result = false;
+	NTSTATUS status;
+	struct netr_ServerReqChallenge r;
+	struct netr_Credential netr_cli_creds;
+	struct netr_Credential netr_srv_creds;
+	uint32_t negotiate_flags;
+	struct netr_ServerAuthenticate2 a;
+	struct netlogon_creds_CredentialState *creds_state;
+	struct netr_Credential netr_cred;
+	struct samr_Password mach_pw;
+
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		torture_comment(tctx, "talloc_new failed\n");
+		return false;
+	}
+
+	status = pipe_bind_smb(tctx, mem_ctx, cli->tree, "\\netlogon",
+			       &ndr_table_netlogon, &net_pipe);
+	torture_assert_ntstatus_ok_goto(tctx, status, result, done,
+					"pipe_bind_smb failed");
+	net_handle = net_pipe->binding_handle;
+
+	r.in.computer_name = cli_credentials_get_workstation(wks_cred);
+	r.in.server_name = talloc_asprintf(
+		mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
+	if (r.in.server_name == NULL) {
+		torture_comment(tctx, "talloc_asprintf failed\n");
+		goto done;
+	}
+	generate_random_buffer(netr_cli_creds.data,
+			       sizeof(netr_cli_creds.data));
+	r.in.credentials = &netr_cli_creds;
+	r.out.return_credentials = &netr_srv_creds;
+
+	status = dcerpc_netr_ServerReqChallenge_r(net_handle, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "netr_ServerReqChallenge failed: %s\n",
+			 nt_errstr(status));
+		goto done;
+	}
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		torture_comment(tctx, "netr_ServerReqChallenge failed: %s\n",
+			 nt_errstr(r.out.result));
+		goto done;
+	}
+
+	negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS | NETLOGON_NEG_SUPPORTS_AES;
+	E_md4hash(cli_credentials_get_password(wks_cred), mach_pw.hash);
+
+	a.in.server_name = talloc_asprintf(
+		mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
+	a.in.account_name = talloc_asprintf(
+		mem_ctx, "%s$", cli_credentials_get_workstation(wks_cred));
+	a.in.computer_name = cli_credentials_get_workstation(wks_cred);
+	a.in.secure_channel_type = SEC_CHAN_WKSTA;
+	a.in.negotiate_flags = &negotiate_flags;
+	a.out.negotiate_flags = &negotiate_flags;
+	a.in.credentials = &netr_cred;
+	a.out.return_credentials = &netr_cred;
+
+	creds_state = netlogon_creds_client_init(mem_ctx,
+						 a.in.account_name,
+						 a.in.computer_name,
+						 a.in.secure_channel_type,
+						 r.in.credentials,
+						 r.out.return_credentials, &mach_pw,
+						 &netr_cred, negotiate_flags);
+	torture_assert(tctx, (creds_state != NULL), "memory allocation failed");
+
+	status = dcerpc_netr_ServerAuthenticate2_r(net_handle, mem_ctx, &a);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "netr_ServerServerAuthenticate2 failed: %s\n",
+			 nt_errstr(status));
+		goto done;
+	}
+	if (!NT_STATUS_IS_OK(a.out.result)) {
+		torture_comment(tctx, "netr_ServerServerAuthenticate2 failed: %s\n",
+			 nt_errstr(a.out.result));
+		goto done;
+	}
+
+	if (!netlogon_creds_client_check(creds_state, a.out.return_credentials)) {
+		torture_comment(tctx, "creds_client_check failed\n");
+		goto done;
+	}
+
+	cli_credentials_set_netlogon_creds(wks_cred, creds_state);
+
+	result = true;
+
+ done:
+	talloc_free(mem_ctx);
+	return result;
+}
+
+/*
+ * Do a couple of schannel protected Netlogon ops: Interactive and Network
+ * login, and change the wks password
+ */
+
+static bool schan(struct torture_context *tctx,
+		  struct smbcli_state *cli,
+		  struct cli_credentials *wks_creds,
+		  struct cli_credentials *user_creds)
+{
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+	bool ret = false;
+	struct dcerpc_pipe *net_pipe;
+	struct dcerpc_binding_handle *net_handle;
+	int i;
+
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		torture_comment(tctx, "talloc_new failed\n");
+		return false;
+	}
+
+#if 1
+	status = pipe_bind_smb_auth(tctx, mem_ctx, cli->tree,
+				    wks_creds,
+				    DCERPC_AUTH_TYPE_SCHANNEL,
+				    DCERPC_AUTH_LEVEL_PRIVACY,
+				    "\\netlogon", &ndr_table_netlogon, &net_pipe);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"pipe_bind_smb_auth failed");
+	net_pipe->conn->flags |= (DCERPC_SIGN | DCERPC_SEAL);
+#else
+	status = pipe_bind_smb(tctx, mem_ctx, cli->tree,
+			       "\\netlogon", &ndr_table_netlogon, &net_pipe);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"pipe_bind_smb failed");
+#endif
+#if 0
+	net_pipe->conn->flags |= DCERPC_DEBUG_PRINT_IN |
+		DCERPC_DEBUG_PRINT_OUT;
+#endif
+	net_handle = net_pipe->binding_handle;
+
+
+	for (i=2; i<4; i++) {
+		int flags;
+		DATA_BLOB chal, nt_resp, lm_resp, names_blob;
+		struct netlogon_creds_CredentialState *creds_state;
+		struct netr_Authenticator netr_auth, netr_auth2;
+		struct netr_NetworkInfo ninfo;
+		struct netr_PasswordInfo pinfo;
+		struct netr_LogonSamLogon r;
+		union netr_LogonLevel logon;
+		union netr_Validation validation;
+		uint8_t authoritative;
+		struct netr_Authenticator return_authenticator;
+
+		flags = CLI_CRED_LANMAN_AUTH | CLI_CRED_NTLM_AUTH |
+			CLI_CRED_NTLMv2_AUTH;
+
+		chal = data_blob_talloc(mem_ctx, NULL, 8);
+		if (chal.data == NULL) {
+			torture_comment(tctx, "data_blob_talloc failed\n");
+			goto done;
+		}
+
+		generate_random_buffer(chal.data, chal.length);
+		names_blob = NTLMv2_generate_names_blob(
+			mem_ctx,
+			cli_credentials_get_workstation(wks_creds),
+			cli_credentials_get_domain(wks_creds));
+		status = cli_credentials_get_ntlm_response(
+			user_creds, mem_ctx, &flags, chal, NULL, names_blob,
+			&lm_resp, &nt_resp, NULL, NULL);
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_comment(tctx, "cli_credentials_get_ntlm_response failed:"
+				 " %s\n", nt_errstr(status));
+			goto done;
+		}
+
+		creds_state = cli_credentials_get_netlogon_creds(wks_creds);
+		netlogon_creds_client_authenticator(creds_state, &netr_auth);
+
+		ninfo.identity_info.account_name.string =
+			cli_credentials_get_username(user_creds);
+		ninfo.identity_info.domain_name.string =
+			cli_credentials_get_domain(user_creds);
+		ninfo.identity_info.parameter_control = 0;
+		ninfo.identity_info.logon_id = 0;
+		ninfo.identity_info.workstation.string =
+			cli_credentials_get_workstation(user_creds);
+		memcpy(ninfo.challenge, chal.data, sizeof(ninfo.challenge));
+		ninfo.nt.length = nt_resp.length;
+		ninfo.nt.data = nt_resp.data;
+		ninfo.lm.length = lm_resp.length;
+		ninfo.lm.data = lm_resp.data;
+
+		logon.network = &ninfo;
+
+		r.in.server_name = talloc_asprintf(
+			mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
+		ZERO_STRUCT(netr_auth2);
+		r.in.computer_name =
+			cli_credentials_get_workstation(wks_creds);
+		r.in.credential = &netr_auth;
+		r.in.return_authenticator = &netr_auth2;
+		r.in.logon_level = NetlogonNetworkInformation;
+		r.in.validation_level = i;
+		r.in.logon = &logon;
+		r.out.validation = &validation;
+		r.out.authoritative = &authoritative;
+		r.out.return_authenticator = &return_authenticator;
+
+		status = dcerpc_netr_LogonSamLogon_r(net_handle, mem_ctx, &r);
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_comment(tctx, "netr_LogonSamLogon failed: %s\n",
+				 nt_errstr(status));
+			goto done;
+		}
+		if (!NT_STATUS_IS_OK(r.out.result)) {
+			torture_comment(tctx, "netr_LogonSamLogon failed: %s\n",
+				 nt_errstr(r.out.result));
+			goto done;
+		}
+
+		if ((r.out.return_authenticator == NULL) ||
+		    (!netlogon_creds_client_check(creds_state,
+					 &r.out.return_authenticator->cred))) {
+			torture_comment(tctx, "Credentials check failed!\n");
+			goto done;
+		}
+
+		netlogon_creds_client_authenticator(creds_state, &netr_auth);
+
+		pinfo.identity_info = ninfo.identity_info;
+		ZERO_STRUCT(pinfo.lmpassword.hash);
+		E_md4hash(cli_credentials_get_password(user_creds),
+			  pinfo.ntpassword.hash);
+
+		logon.password = &pinfo;
+
+		/*
+		 * We don't use this here:
+		 *
+		 * netlogon_creds_encrypt_samlogon_logon(creds_state,
+		 *                                       NetlogonInteractiveInformation,
+		 *                                       &logon);
+		 *
+		 * in order to detect bugs
+		 */
+		netlogon_creds_aes_encrypt(creds_state, pinfo.ntpassword.hash, 16);
+
+		r.in.logon_level = NetlogonInteractiveInformation;
+		r.in.logon = &logon;
+		r.out.return_authenticator = &return_authenticator;
+
+		status = dcerpc_netr_LogonSamLogon_r(net_handle, mem_ctx, &r);
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_comment(tctx, "netr_LogonSamLogon failed: %s\n",
+				 nt_errstr(status));
+			goto done;
+		}
+		if (!NT_STATUS_IS_OK(r.out.result)) {
+			torture_comment(tctx, "netr_LogonSamLogon failed: %s\n",
+				 nt_errstr(r.out.result));
+			goto done;
+		}
+
+		if ((r.out.return_authenticator == NULL) ||
+		    (!netlogon_creds_client_check(creds_state,
+					 &r.out.return_authenticator->cred))) {
+			torture_comment(tctx, "Credentials check failed!\n");
+			goto done;
+		}
+	}
+
+	{
+		struct netr_ServerPasswordSet s;
+		char *password = generate_random_password(wks_creds, 8, 255);
+		struct netlogon_creds_CredentialState *creds_state;
+		struct netr_Authenticator credential, return_authenticator;
+		struct samr_Password new_password;
+
+		s.in.server_name = talloc_asprintf(
+			mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
+		s.in.computer_name = cli_credentials_get_workstation(wks_creds);
+		s.in.account_name = talloc_asprintf(
+			mem_ctx, "%s$", s.in.computer_name);
+		s.in.secure_channel_type = SEC_CHAN_WKSTA;
+		s.in.credential = &credential;
+		s.in.new_password = &new_password;
+		s.out.return_authenticator = &return_authenticator;
+
+		E_md4hash(password, new_password.hash);
+
+		creds_state = cli_credentials_get_netlogon_creds(wks_creds);
+		netlogon_creds_des_encrypt(creds_state, &new_password);
+		netlogon_creds_client_authenticator(creds_state, &credential);
+
+		status = dcerpc_netr_ServerPasswordSet_r(net_handle, mem_ctx, &s);
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_comment(tctx, "ServerPasswordSet - %s\n", nt_errstr(status));
+			goto done;
+		}
+		if (!NT_STATUS_IS_OK(s.out.result)) {
+			torture_comment(tctx, "ServerPasswordSet - %s\n", nt_errstr(s.out.result));
+			goto done;
+		}
+
+		if (!netlogon_creds_client_check(creds_state,
+						 &s.out.return_authenticator->cred)) {
+			torture_comment(tctx, "Credential chaining failed\n");
+		}
+
+		cli_credentials_set_password(wks_creds, password,
+					     CRED_SPECIFIED);
+	}
+
+	ret = true;
+ done:
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+/*
+ * Delete the wks account again
+ */
+
+static bool leave(struct torture_context *tctx,
+		  struct smbcli_state *cli,
+		  struct cli_credentials *admin_creds,
+		  struct cli_credentials *wks_creds)
+{
+	char *wks_name = talloc_asprintf(
+		NULL, "%s$", cli_credentials_get_workstation(wks_creds));
+	bool ret;
+
+	ret = delete_user(tctx, cli, admin_creds, wks_name);
+	talloc_free(wks_name);
+	return ret;
+}
+
+/*
+ * Test the Samba3 DC code a bit. Join, do some schan netlogon ops, leave
+ */
+
+static bool torture_netlogon_samba3(struct torture_context *torture)
+{
+	NTSTATUS status;
+	struct smbcli_state *cli;
+	struct cli_credentials *wks_creds;
+	const char *wks_name;
+	int i;
+	struct smbcli_options options;
+	struct smbcli_session_options session_options;
+
+	wks_name = torture_setting_string(torture, "wksname", NULL);
+	torture_assert(torture, wks_name != NULL, "wksname not set");
+
+	lpcfg_smbcli_options(torture->lp_ctx, &options);
+	lpcfg_smbcli_session_options(torture->lp_ctx, &session_options);
+
+	status = smbcli_full_connection(torture, &cli,
+					torture_setting_string(torture, "host", NULL),
+					lpcfg_smb_ports(torture->lp_ctx),
+					"IPC$", NULL,
+					lpcfg_socket_options(torture->lp_ctx),
+					samba_cmdline_get_creds(),
+					lpcfg_resolve_context(torture->lp_ctx),
+					torture->ev, &options, &session_options,
+					lpcfg_gensec_settings(torture, torture->lp_ctx));
+	torture_assert_ntstatus_ok(torture, status, "smbcli_full_connection failed\n");
+
+	wks_creds = cli_credentials_init(torture);
+	if (wks_creds == NULL) {
+		torture_fail(torture, "cli_credentials_init failed\n");
+	}
+
+	cli_credentials_set_conf(wks_creds, torture->lp_ctx);
+	cli_credentials_set_secure_channel_type(wks_creds, SEC_CHAN_WKSTA);
+	cli_credentials_set_username(wks_creds, wks_name, CRED_SPECIFIED);
+	cli_credentials_set_workstation(wks_creds, wks_name, CRED_SPECIFIED);
+	cli_credentials_set_password(wks_creds,
+				     generate_random_password(wks_creds, 8, 255),
+				     CRED_SPECIFIED);
+
+	torture_assert(torture,
+		join3(torture, cli, false, NULL, wks_creds),
+		"join failed");
+
+	cli_credentials_set_domain(
+		samba_cmdline_get_creds(),
+		cli_credentials_get_domain(wks_creds),
+		CRED_SPECIFIED);
+
+	for (i=0; i<2; i++) {
+
+		/* Do this more than once, the routine "schan" changes
+		 * the workstation password using the netlogon
+		 * password change routine */
+
+		int j;
+
+		torture_assert(torture,
+			auth2(torture, cli, wks_creds),
+			"auth2 failed");
+
+		for (j=0; j<2; j++) {
+			torture_assert(torture,
+				schan(torture, cli, wks_creds,
+				samba_cmdline_get_creds()),
+				"schan failed");
+		}
+	}
+
+	torture_assert(torture,
+		leave(torture, cli, NULL, wks_creds),
+		"leave failed");
+
+	return true;
+}
+
+/*
+ * Do a simple join, testjoin and leave using specified smb and samr
+ * credentials
+ */
+
+static bool test_join3(struct torture_context *tctx,
+		       bool use_level25,
+		       struct cli_credentials *smb_creds,
+		       struct cli_credentials *samr_creds,
+		       const char *wks_name)
+{
+	NTSTATUS status;
+	struct smbcli_state *cli;
+	struct cli_credentials *wks_creds;
+	struct smbcli_options options;
+	struct smbcli_session_options session_options;
+
+	lpcfg_smbcli_options(tctx->lp_ctx, &options);
+	lpcfg_smbcli_session_options(tctx->lp_ctx, &session_options);
+
+	status = smbcli_full_connection(tctx, &cli,
+					torture_setting_string(tctx, "host", NULL),
+					lpcfg_smb_ports(tctx->lp_ctx),
+					"IPC$", NULL, lpcfg_socket_options(tctx->lp_ctx),
+					smb_creds, lpcfg_resolve_context(tctx->lp_ctx),
+					tctx->ev, &options, &session_options,
+					lpcfg_gensec_settings(tctx, tctx->lp_ctx));
+	torture_assert_ntstatus_ok(tctx, status,
+		"smbcli_full_connection failed");
+
+	wks_creds = cli_credentials_init(cli);
+	torture_assert(tctx, wks_creds, "cli_credentials_init failed");
+
+	cli_credentials_set_conf(wks_creds, tctx->lp_ctx);
+	cli_credentials_set_secure_channel_type(wks_creds, SEC_CHAN_WKSTA);
+	cli_credentials_set_username(wks_creds, wks_name, CRED_SPECIFIED);
+	cli_credentials_set_workstation(wks_creds, wks_name, CRED_SPECIFIED);
+	cli_credentials_set_password(wks_creds,
+				     generate_random_password(wks_creds, 8, 255),
+				     CRED_SPECIFIED);
+
+	torture_assert(tctx,
+		join3(tctx, cli, use_level25, samr_creds, wks_creds),
+		"join failed");
+
+	cli_credentials_set_domain(
+		samba_cmdline_get_creds(),
+		cli_credentials_get_domain(wks_creds),
+		CRED_SPECIFIED);
+
+	torture_assert(tctx,
+		auth2(tctx, cli, wks_creds),
+		"auth2 failed");
+
+	torture_assert(tctx,
+		leave(tctx, cli, samr_creds, wks_creds),
+		"leave failed");
+
+	talloc_free(cli);
+
+	return true;
+}
+
+/*
+ * Test the different session key variants. Do it by joining, this uses the
+ * session key in the setpassword routine. Test the join by doing the auth2.
+ */
+
+static bool torture_samba3_sessionkey(struct torture_context *torture)
+{
+	struct cli_credentials *anon_creds;
+	const char *wks_name;
+
+
+	wks_name = torture_setting_string(torture, "wksname", NULL);
+	torture_assert(torture, wks_name != NULL, "wksname not set");
+
+	if (!(anon_creds = cli_credentials_init_anon(torture))) {
+		torture_fail(torture, "create_anon_creds failed\n");
+	}
+
+	cli_credentials_set_workstation(anon_creds, wks_name, CRED_SPECIFIED);
+
+
+	if (!torture_setting_bool(torture, "samba3", false)) {
+
+		/* Samba3 in the build farm right now does this happily. Need
+		 * to fix :-) */
+
+		if (test_join3(torture, false, anon_creds, NULL, wks_name)) {
+			torture_fail(torture, "join using anonymous bind on an anonymous smb "
+				 "connection succeeded -- HUH??\n");
+		}
+	}
+
+	torture_assert(torture,
+		test_join3(torture, false, samba_cmdline_get_creds(),
+		NULL, wks_name),
+		"join using anonymous bind on an authenticated smb connection failed");
+
+	/*
+	 * The following two are tests for setuserinfolevel 25
+	 */
+
+	torture_assert(torture,
+		test_join3(torture, true, samba_cmdline_get_creds(),
+		NULL, wks_name),
+		"join using anonymous bind on an authenticated smb connection failed");
+
+	return true;
+}
+
+/*
+ * Sane wrapper around lsa_LookupNames
+ */
+
+static struct dom_sid *name2sid(struct torture_context *tctx,
+				TALLOC_CTX *mem_ctx,
+				struct dcerpc_pipe *p,
+				const char *name,
+				const char *domain)
+{
+	struct lsa_ObjectAttribute attr;
+	struct lsa_QosInfo qos;
+	struct lsa_OpenPolicy2 r;
+	struct lsa_Close c;
+	NTSTATUS status;
+	struct policy_handle handle;
+	struct lsa_LookupNames l;
+	struct lsa_TransSidArray sids;
+	struct lsa_RefDomainList *domains = NULL;
+	struct lsa_String lsa_name;
+	uint32_t count = 0;
+	struct dom_sid *result;
+	TALLOC_CTX *tmp_ctx;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (!(tmp_ctx = talloc_new(mem_ctx))) {
+		return NULL;
+	}
+
+	qos.len = 0;
+	qos.impersonation_level = 2;
+	qos.context_mode = 1;
+	qos.effective_only = 0;
+
+	attr.len = 0;
+	attr.root_dir = NULL;
+	attr.object_name = NULL;
+	attr.attributes = 0;
+	attr.sec_desc = NULL;
+	attr.sec_qos = &qos;
+
+	r.in.system_name = "\\";
+	r.in.attr = &attr;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.handle = &handle;
+
+	status = dcerpc_lsa_OpenPolicy2_r(b, tmp_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "OpenPolicy2 failed - %s\n", nt_errstr(status));
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		torture_comment(tctx, "OpenPolicy2 failed - %s\n", nt_errstr(r.out.result));
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+
+	sids.count = 0;
+	sids.sids = NULL;
+
+	lsa_name.string = talloc_asprintf(tmp_ctx, "%s\\%s", domain, name);
+
+	l.in.handle = &handle;
+	l.in.num_names = 1;
+	l.in.names = &lsa_name;
+	l.in.sids = &sids;
+	l.in.level = 1;
+	l.in.count = &count;
+	l.out.count = &count;
+	l.out.sids = &sids;
+	l.out.domains = &domains;
+
+	status = dcerpc_lsa_LookupNames_r(b, tmp_ctx, &l);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "LookupNames of %s failed - %s\n", lsa_name.string,
+		       nt_errstr(status));
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+	if (!NT_STATUS_IS_OK(l.out.result)) {
+		torture_comment(tctx, "LookupNames of %s failed - %s\n", lsa_name.string,
+		       nt_errstr(l.out.result));
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+
+	result = dom_sid_add_rid(mem_ctx, domains->domains[0].sid,
+				 l.out.sids->sids[0].rid);
+
+	c.in.handle = &handle;
+	c.out.handle = &handle;
+
+	status = dcerpc_lsa_Close_r(b, tmp_ctx, &c);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "dcerpc_lsa_Close failed - %s\n", nt_errstr(status));
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+	if (!NT_STATUS_IS_OK(c.out.result)) {
+		torture_comment(tctx, "dcerpc_lsa_Close failed - %s\n", nt_errstr(c.out.result));
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+
+	talloc_free(tmp_ctx);
+	return result;
+}
+
+/*
+ * Find out the user SID on this connection
+ */
+
+static struct dom_sid *whoami(struct torture_context *tctx,
+			      TALLOC_CTX *mem_ctx,
+			      struct smbcli_tree *tree)
+{
+	struct dcerpc_pipe *lsa;
+	struct dcerpc_binding_handle *lsa_handle;
+	struct lsa_GetUserName r;
+	NTSTATUS status;
+	struct lsa_String *authority_name_p = NULL;
+	struct lsa_String *account_name_p = NULL;
+	struct dom_sid *result;
+
+	status = pipe_bind_smb(tctx, mem_ctx, tree, "\\pipe\\lsarpc",
+			       &ndr_table_lsarpc, &lsa);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_warning(tctx, "Could not bind to LSA: %s\n",
+			 nt_errstr(status));
+		return NULL;
+	}
+	lsa_handle = lsa->binding_handle;
+
+	r.in.system_name = "\\";
+	r.in.account_name = &account_name_p;
+	r.in.authority_name = &authority_name_p;
+	r.out.account_name = &account_name_p;
+
+	status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r);
+
+	authority_name_p = *r.out.authority_name;
+
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_warning(tctx, "GetUserName failed - %s\n",
+		       nt_errstr(status));
+		talloc_free(lsa);
+		return NULL;
+	}
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		torture_warning(tctx, "GetUserName failed - %s\n",
+		       nt_errstr(r.out.result));
+		talloc_free(lsa);
+		return NULL;
+	}
+
+	result = name2sid(tctx, mem_ctx, lsa, account_name_p->string,
+			  authority_name_p->string);
+
+	talloc_free(lsa);
+	return result;
+}
+
+static int destroy_tree(struct smbcli_tree *tree)
+{
+	smb_tree_disconnect(tree);
+	return 0;
+}
+
+/*
+ * Do a tcon, given a session
+ */
+
+static NTSTATUS secondary_tcon(struct torture_context *tctx,
+			       TALLOC_CTX *mem_ctx,
+			       struct smbcli_session *session,
+			       const char *sharename,
+			       struct smbcli_tree **res)
+{
+	struct smbcli_tree *result;
+	TALLOC_CTX *tmp_ctx;
+	union smb_tcon tcon;
+	NTSTATUS status;
+
+	if (!(tmp_ctx = talloc_new(mem_ctx))) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (!(result = smbcli_tree_init(session, mem_ctx, false))) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	tcon.generic.level = RAW_TCON_TCONX;
+	tcon.tconx.in.flags = TCONX_FLAG_EXTENDED_RESPONSE;
+	tcon.tconx.in.flags |= TCONX_FLAG_EXTENDED_SIGNATURES;
+	tcon.tconx.in.password = data_blob(NULL, 0);
+	tcon.tconx.in.path = sharename;
+	tcon.tconx.in.device = "?????";
+
+	status = smb_raw_tcon(result, tmp_ctx, &tcon);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_warning(tctx, "smb_raw_tcon failed: %s\n",
+			 nt_errstr(status));
+		talloc_free(tmp_ctx);
+		return status;
+	}
+
+	result->tid = tcon.tconx.out.tid;
+
+	if (tcon.tconx.out.options & SMB_EXTENDED_SIGNATURES) {
+		smb1cli_session_protect_session_key(result->session->smbXcli);
+	}
+
+	result = talloc_steal(mem_ctx, result);
+	talloc_set_destructor(result, destroy_tree);
+	talloc_free(tmp_ctx);
+	*res = result;
+	return NT_STATUS_OK;
+}
+
+/*
+ * Test the getusername behaviour
+ */
+
+static bool torture_samba3_rpc_getusername(struct torture_context *torture)
+{
+	NTSTATUS status;
+	struct smbcli_state *cli;
+	bool ret = true;
+	struct dom_sid *user_sid;
+	struct dom_sid *created_sid;
+	struct cli_credentials *anon_creds;
+	struct cli_credentials *user_creds;
+	char *domain_name;
+	struct smbcli_options options;
+	struct smbcli_session_options session_options;
+
+	lpcfg_smbcli_options(torture->lp_ctx, &options);
+	lpcfg_smbcli_session_options(torture->lp_ctx, &session_options);
+
+	if (!(anon_creds = cli_credentials_init_anon(torture))) {
+		torture_fail(torture, "create_anon_creds failed\n");
+	}
+
+	status = smbcli_full_connection(
+		torture, &cli, torture_setting_string(torture, "host", NULL),
+		lpcfg_smb_ports(torture->lp_ctx), "IPC$", NULL,
+		lpcfg_socket_options(torture->lp_ctx), anon_creds,
+		lpcfg_resolve_context(torture->lp_ctx),
+		torture->ev, &options, &session_options,
+		lpcfg_gensec_settings(torture, torture->lp_ctx));
+	torture_assert_ntstatus_ok(torture, status, "anon smbcli_full_connection failed\n");
+
+	if (!(user_sid = whoami(torture, torture, cli->tree))) {
+		torture_fail(torture, "whoami on anon connection failed\n");
+	}
+
+	torture_assert_sid_equal(torture, user_sid, dom_sid_parse_talloc(torture, "s-1-5-7"),
+		"Anon lsa_GetUserName returned unexpected SID");
+
+	talloc_free(cli);
+
+	status = smbcli_full_connection(
+		torture, &cli, torture_setting_string(torture, "host", NULL),
+		lpcfg_smb_ports(torture->lp_ctx),
+		"IPC$", NULL, lpcfg_socket_options(torture->lp_ctx),
+		samba_cmdline_get_creds(),
+		lpcfg_resolve_context(torture->lp_ctx), torture->ev, &options,
+		&session_options, lpcfg_gensec_settings(torture, torture->lp_ctx));
+	torture_assert_ntstatus_ok(torture, status, "smbcli_full_connection failed\n");
+
+	if (!(user_sid = whoami(torture, torture, cli->tree))) {
+		torture_fail(torture, "whoami on auth'ed connection failed\n");
+	}
+
+	if (!(user_creds = cli_credentials_init(torture))) {
+		torture_fail(torture, "cli_credentials_init failed\n");
+	}
+
+	cli_credentials_set_conf(user_creds, torture->lp_ctx);
+	cli_credentials_set_username(user_creds, "torture_username",
+				     CRED_SPECIFIED);
+	cli_credentials_set_password(user_creds,
+				     generate_random_password(user_creds, 8, 255),
+				     CRED_SPECIFIED);
+
+	if (!create_user(torture, torture, cli, NULL,
+			 cli_credentials_get_username(user_creds),
+			 cli_credentials_get_password(user_creds),
+			 &domain_name, &created_sid)) {
+		torture_fail(torture, "create_user failed\n");
+	}
+
+	cli_credentials_set_domain(user_creds, domain_name,
+				   CRED_SPECIFIED);
+
+	{
+		struct smbcli_session *session2;
+		struct smb_composite_sesssetup setup;
+		struct smbcli_tree *tree;
+
+		session2 = smbcli_session_init(cli->transport, torture, false, session_options);
+		if (session2 == NULL) {
+			torture_fail(torture, "smbcli_session_init failed\n");
+		}
+
+		setup.in.sesskey = cli->transport->negotiate.sesskey;
+		setup.in.capabilities = cli->transport->negotiate.capabilities;
+		setup.in.workgroup = "";
+		setup.in.credentials = user_creds;
+		setup.in.gensec_settings = lpcfg_gensec_settings(torture, torture->lp_ctx);
+
+		status = smb_composite_sesssetup(session2, &setup);
+		torture_assert_ntstatus_ok(torture, status, "session setup with new user failed");
+
+		session2->vuid = setup.out.vuid;
+
+		if (!NT_STATUS_IS_OK(secondary_tcon(torture, torture, session2,
+						    "IPC$", &tree))) {
+			torture_fail(torture, "secondary_tcon failed\n");
+		}
+
+		if (!(user_sid = whoami(torture, torture, tree))) {
+			torture_fail_goto(torture, del, "whoami on user connection failed\n");
+			ret = false;
+			goto del;
+		}
+
+		talloc_free(tree);
+	}
+
+	torture_comment(torture, "Created %s, found %s\n",
+		 dom_sid_string(torture, created_sid),
+		 dom_sid_string(torture, user_sid));
+
+	if (!dom_sid_equal(created_sid, user_sid)) {
+		ret = false;
+	}
+
+ del:
+	if (!delete_user(torture, cli,
+			 NULL,
+			 cli_credentials_get_username(user_creds))) {
+		torture_fail(torture, "delete_user failed\n");
+	}
+
+	return ret;
+}
+
+static bool test_NetShareGetInfo(struct torture_context *tctx,
+				 struct dcerpc_pipe *p,
+				 const char *sharename)
+{
+	NTSTATUS status;
+	struct srvsvc_NetShareGetInfo r;
+	union srvsvc_NetShareInfo info;
+	uint32_t levels[] = { 0, 1, 2, 501, 502, 1004, 1005, 1006, 1007, 1501 };
+	int i;
+	bool ret = true;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.server_unc = talloc_asprintf(tctx, "\\\\%s",
+					  dcerpc_server_name(p));
+	r.in.share_name = sharename;
+	r.out.info = &info;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		r.in.level = levels[i];
+
+		torture_comment(tctx, "Testing NetShareGetInfo level %u on share '%s'\n",
+		       r.in.level, r.in.share_name);
+
+		status = dcerpc_srvsvc_NetShareGetInfo_r(b, tctx, &r);
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_warning(tctx, "NetShareGetInfo level %u on share '%s' failed"
+			       " - %s\n", r.in.level, r.in.share_name,
+			       nt_errstr(status));
+			ret = false;
+			continue;
+		}
+		if (!W_ERROR_IS_OK(r.out.result)) {
+			torture_warning(tctx, "NetShareGetInfo level %u on share '%s' failed "
+			       "- %s\n", r.in.level, r.in.share_name,
+			       win_errstr(r.out.result));
+			ret = false;
+			continue;
+		}
+	}
+
+	return ret;
+}
+
+static bool test_NetShareEnum(struct torture_context *tctx,
+			      struct dcerpc_pipe *p,
+			      const char **one_sharename)
+{
+	NTSTATUS status;
+	struct srvsvc_NetShareEnum r;
+	struct srvsvc_NetShareInfoCtr info_ctr;
+	struct srvsvc_NetShareCtr0 c0;
+	struct srvsvc_NetShareCtr1 c1;
+	struct srvsvc_NetShareCtr2 c2;
+	struct srvsvc_NetShareCtr501 c501;
+	struct srvsvc_NetShareCtr502 c502;
+	struct srvsvc_NetShareCtr1004 c1004;
+	struct srvsvc_NetShareCtr1005 c1005;
+	struct srvsvc_NetShareCtr1006 c1006;
+	struct srvsvc_NetShareCtr1007 c1007;
+	uint32_t totalentries = 0;
+	uint32_t levels[] = { 0, 1, 2, 501, 502, 1004, 1005, 1006, 1007 };
+	int i;
+	bool ret = true;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	ZERO_STRUCT(info_ctr);
+
+	r.in.server_unc = talloc_asprintf(tctx,"\\\\%s",dcerpc_server_name(p));
+	r.in.info_ctr = &info_ctr;
+	r.in.max_buffer = (uint32_t)-1;
+	r.in.resume_handle = NULL;
+	r.out.totalentries = &totalentries;
+	r.out.info_ctr = &info_ctr;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		info_ctr.level = levels[i];
+
+		switch (info_ctr.level) {
+		case 0:
+			ZERO_STRUCT(c0);
+			info_ctr.ctr.ctr0 = &c0;
+			break;
+		case 1:
+			ZERO_STRUCT(c1);
+			info_ctr.ctr.ctr1 = &c1;
+			break;
+		case 2:
+			ZERO_STRUCT(c2);
+			info_ctr.ctr.ctr2 = &c2;
+			break;
+		case 501:
+			ZERO_STRUCT(c501);
+			info_ctr.ctr.ctr501 = &c501;
+			break;
+		case 502:
+			ZERO_STRUCT(c502);
+			info_ctr.ctr.ctr502 = &c502;
+			break;
+		case 1004:
+			ZERO_STRUCT(c1004);
+			info_ctr.ctr.ctr1004 = &c1004;
+			break;
+		case 1005:
+			ZERO_STRUCT(c1005);
+			info_ctr.ctr.ctr1005 = &c1005;
+			break;
+		case 1006:
+			ZERO_STRUCT(c1006);
+			info_ctr.ctr.ctr1006 = &c1006;
+			break;
+		case 1007:
+			ZERO_STRUCT(c1007);
+			info_ctr.ctr.ctr1007 = &c1007;
+			break;
+		}
+
+		torture_comment(tctx, "Testing NetShareEnum level %u\n", info_ctr.level);
+
+		status = dcerpc_srvsvc_NetShareEnum_r(b, tctx, &r);
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_warning(tctx, "NetShareEnum level %u failed - %s\n",
+			       info_ctr.level, nt_errstr(status));
+			ret = false;
+			continue;
+		}
+		if (!W_ERROR_IS_OK(r.out.result)) {
+			torture_warning(tctx, "NetShareEnum level %u failed - %s\n",
+			       info_ctr.level, win_errstr(r.out.result));
+			continue;
+		}
+		if (info_ctr.level == 0) {
+			struct srvsvc_NetShareCtr0 *ctr = r.out.info_ctr->ctr.ctr0;
+			if (ctr->count > 0) {
+				*one_sharename = ctr->array[0].name;
+			}
+		}
+	}
+
+	return ret;
+}
+
+static bool torture_samba3_rpc_srvsvc(struct torture_context *torture)
+{
+	struct dcerpc_pipe *p;
+	const char *sharename = NULL;
+	bool ret = true;
+
+	torture_assert_ntstatus_ok(torture,
+		torture_rpc_connection(torture, &p, &ndr_table_srvsvc),
+		"failed to open srvsvc");
+
+	ret &= test_NetShareEnum(torture, p, &sharename);
+	if (sharename == NULL) {
+		torture_comment(torture, "did not get sharename\n");
+	} else {
+		ret &= test_NetShareGetInfo(torture, p, sharename);
+	}
+
+	return ret;
+}
+
+/*
+ * Do a ReqChallenge/Auth2 with a random wks name, make sure it returns
+ * NT_STATUS_NO_SAM_ACCOUNT
+ */
+
+static bool torture_samba3_rpc_randomauth2(struct torture_context *torture)
+{
+	TALLOC_CTX *mem_ctx;
+	struct dcerpc_pipe *net_pipe;
+	struct dcerpc_binding_handle *net_handle;
+	char *wksname;
+	bool result = false;
+	NTSTATUS status;
+	struct netr_ServerReqChallenge r;
+	struct netr_Credential netr_cli_creds;
+	struct netr_Credential netr_srv_creds;
+	uint32_t negotiate_flags;
+	struct netr_ServerAuthenticate2 a;
+	struct netlogon_creds_CredentialState *creds_state;
+	struct netr_Credential netr_cred;
+	struct samr_Password mach_pw;
+	struct smbcli_state *cli;
+
+	if (!(mem_ctx = talloc_new(torture))) {
+		torture_comment(torture, "talloc_new failed\n");
+		return false;
+	}
+
+	if (!(wksname = generate_random_str_list(
+		      mem_ctx, 14, "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"))) {
+		torture_comment(torture, "generate_random_str_list failed\n");
+		goto done;
+	}
+
+	if (!(torture_open_connection_share(
+		      mem_ctx, &cli,
+		      torture, torture_setting_string(torture, "host", NULL),
+		      "IPC$", torture->ev))) {
+		torture_comment(torture, "IPC$ connection failed\n");
+		goto done;
+	}
+
+	status = pipe_bind_smb(torture, mem_ctx, cli->tree, "\\netlogon",
+			       &ndr_table_netlogon, &net_pipe);
+	torture_assert_ntstatus_ok_goto(torture, status, result, done,
+					"pipe_bind_smb failed");
+	net_handle = net_pipe->binding_handle;
+
+	r.in.computer_name = wksname;
+	r.in.server_name = talloc_asprintf(
+		mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
+	if (r.in.server_name == NULL) {
+		torture_comment(torture, "talloc_asprintf failed\n");
+		goto done;
+	}
+	generate_random_buffer(netr_cli_creds.data,
+			       sizeof(netr_cli_creds.data));
+	r.in.credentials = &netr_cli_creds;
+	r.out.return_credentials = &netr_srv_creds;
+
+	status = dcerpc_netr_ServerReqChallenge_r(net_handle, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(torture, "netr_ServerReqChallenge failed: %s\n",
+			 nt_errstr(status));
+		goto done;
+	}
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		torture_comment(torture, "netr_ServerReqChallenge failed: %s\n",
+			 nt_errstr(r.out.result));
+		goto done;
+	}
+
+	negotiate_flags = NETLOGON_NEG_AUTH2_FLAGS;
+	E_md4hash("foobar", mach_pw.hash);
+
+	a.in.server_name = talloc_asprintf(
+		mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
+	a.in.account_name = talloc_asprintf(
+		mem_ctx, "%s$", wksname);
+	a.in.computer_name = wksname;
+	a.in.secure_channel_type = SEC_CHAN_WKSTA;
+	a.in.negotiate_flags = &negotiate_flags;
+	a.out.negotiate_flags = &negotiate_flags;
+	a.in.credentials = &netr_cred;
+	a.out.return_credentials = &netr_cred;
+
+	creds_state = netlogon_creds_client_init(mem_ctx,
+						 a.in.account_name,
+						 a.in.computer_name,
+						 a.in.secure_channel_type,
+						 r.in.credentials,
+						 r.out.return_credentials, &mach_pw,
+						 &netr_cred, negotiate_flags);
+	torture_assert(torture, (creds_state != NULL), "memory allocation failed");
+
+	status = dcerpc_netr_ServerAuthenticate2_r(net_handle, mem_ctx, &a);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
+	if (!NT_STATUS_EQUAL(a.out.result, NT_STATUS_NO_TRUST_SAM_ACCOUNT)) {
+		torture_comment(torture, "dcerpc_netr_ServerAuthenticate2 returned %s, "
+			 "expected NT_STATUS_NO_TRUST_SAM_ACCOUNT\n",
+			 nt_errstr(a.out.result));
+		goto done;
+	}
+
+	result = true;
+ done:
+	talloc_free(mem_ctx);
+	return result;
+}
+
+static struct security_descriptor *get_sharesec(struct torture_context *tctx,
+						TALLOC_CTX *mem_ctx,
+						struct smbcli_session *sess,
+						const char *sharename)
+{
+	struct smbcli_tree *tree;
+	TALLOC_CTX *tmp_ctx;
+	struct dcerpc_pipe *p;
+	struct dcerpc_binding_handle *b;
+	NTSTATUS status;
+	struct srvsvc_NetShareGetInfo r;
+	union srvsvc_NetShareInfo info;
+	struct security_descriptor *result;
+
+	if (!(tmp_ctx = talloc_new(mem_ctx))) {
+		torture_comment(tctx, "talloc_new failed\n");
+		return NULL;
+	}
+
+	if (!NT_STATUS_IS_OK(secondary_tcon(tctx, tmp_ctx, sess, "IPC$", &tree))) {
+		torture_comment(tctx, "secondary_tcon failed\n");
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+
+	status = pipe_bind_smb(tctx, mem_ctx, tree, "\\pipe\\srvsvc",
+			       &ndr_table_srvsvc, &p);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_warning(tctx, "could not bind to srvsvc pipe: %s\n",
+			 nt_errstr(status));
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+	b = p->binding_handle;
+
+#if 0
+	p->conn->flags |= DCERPC_DEBUG_PRINT_IN | DCERPC_DEBUG_PRINT_OUT;
+#endif
+
+	r.in.server_unc = talloc_asprintf(tmp_ctx, "\\\\%s",
+					  dcerpc_server_name(p));
+	r.in.share_name = sharename;
+	r.in.level = 502;
+	r.out.info = &info;
+
+	status = dcerpc_srvsvc_NetShareGetInfo_r(b, tmp_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "srvsvc_NetShareGetInfo failed: %s\n",
+			 nt_errstr(status));
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+	if (!W_ERROR_IS_OK(r.out.result)) {
+		torture_comment(tctx, "srvsvc_NetShareGetInfo failed: %s\n",
+			 win_errstr(r.out.result));
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+
+	result = talloc_steal(mem_ctx, info.info502->sd_buf.sd);
+	talloc_free(tmp_ctx);
+	return result;
+}
+
+static NTSTATUS set_sharesec(struct torture_context *tctx,
+			     TALLOC_CTX *mem_ctx,
+			     struct smbcli_session *sess,
+			     const char *sharename,
+			     struct security_descriptor *sd)
+{
+	struct smbcli_tree *tree;
+	TALLOC_CTX *tmp_ctx;
+	struct dcerpc_pipe *p;
+	struct dcerpc_binding_handle *b;
+	NTSTATUS status;
+	struct sec_desc_buf i;
+	struct srvsvc_NetShareSetInfo r;
+	union srvsvc_NetShareInfo info;
+	uint32_t error = 0;
+
+	if (!(tmp_ctx = talloc_new(mem_ctx))) {
+		torture_comment(tctx, "talloc_new failed\n");
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (!NT_STATUS_IS_OK(secondary_tcon(tctx, tmp_ctx, sess, "IPC$", &tree))) {
+		torture_comment(tctx, "secondary_tcon failed\n");
+		talloc_free(tmp_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	status = pipe_bind_smb(tctx, mem_ctx, tree, "\\pipe\\srvsvc",
+			       &ndr_table_srvsvc, &p);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_warning(tctx, "could not bind to srvsvc pipe: %s\n",
+			 nt_errstr(status));
+		talloc_free(tmp_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	b = p->binding_handle;
+
+#if 0
+	p->conn->flags |= DCERPC_DEBUG_PRINT_IN | DCERPC_DEBUG_PRINT_OUT;
+#endif
+
+	r.in.server_unc = talloc_asprintf(tmp_ctx, "\\\\%s",
+					  dcerpc_server_name(p));
+	r.in.share_name = sharename;
+	r.in.level = 1501;
+	i.sd = sd;
+	info.info1501 = &i;
+	r.in.info = &info;
+	r.in.parm_error = &error;
+
+	status = dcerpc_srvsvc_NetShareSetInfo_r(b, tmp_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "srvsvc_NetShareSetInfo failed: %s\n",
+			 nt_errstr(status));
+	}
+	if (!W_ERROR_IS_OK(r.out.result)) {
+		torture_comment(tctx, "srvsvc_NetShareSetInfo failed: %s\n",
+			win_errstr(r.out.result));
+		status = werror_to_ntstatus(r.out.result);
+	}
+	talloc_free(tmp_ctx);
+	return status;
+}
+
+bool try_tcon(struct torture_context *tctx,
+	      TALLOC_CTX *mem_ctx,
+	      struct security_descriptor *orig_sd,
+	      struct smbcli_session *session,
+	      const char *sharename, const struct dom_sid *user_sid,
+	      unsigned int access_mask, NTSTATUS expected_tcon,
+	      NTSTATUS expected_mkdir)
+{
+	TALLOC_CTX *tmp_ctx;
+	struct smbcli_tree *rmdir_tree, *tree;
+	struct dom_sid *domain_sid;
+	uint32_t rid;
+	struct security_descriptor *sd;
+	NTSTATUS status;
+	bool ret = true;
+
+	if (!(tmp_ctx = talloc_new(mem_ctx))) {
+		torture_comment(tctx, "talloc_new failed\n");
+		return false;
+	}
+
+	status = secondary_tcon(tctx, tmp_ctx, session, sharename, &rmdir_tree);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "first tcon to delete dir failed\n");
+		talloc_free(tmp_ctx);
+		return false;
+	}
+
+	smbcli_rmdir(rmdir_tree, "sharesec_testdir");
+
+	if (!NT_STATUS_IS_OK(dom_sid_split_rid(tmp_ctx, user_sid,
+					       &domain_sid, &rid))) {
+		torture_comment(tctx, "dom_sid_split_rid failed\n");
+		talloc_free(tmp_ctx);
+		return false;
+	}
+
+	sd = security_descriptor_dacl_create(
+		tmp_ctx, 0, "S-1-5-32-544",
+		dom_sid_string(mem_ctx, dom_sid_add_rid(mem_ctx, domain_sid,
+							DOMAIN_RID_USERS)),
+		dom_sid_string(mem_ctx, user_sid),
+		SEC_ACE_TYPE_ACCESS_ALLOWED, access_mask, 0, NULL);
+	if (sd == NULL) {
+		torture_comment(tctx, "security_descriptor_dacl_create failed\n");
+		talloc_free(tmp_ctx);
+                return false;
+        }
+
+	status = set_sharesec(tctx, mem_ctx, session, sharename, sd);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "custom set_sharesec failed: %s\n",
+			 nt_errstr(status));
+		talloc_free(tmp_ctx);
+                return false;
+	}
+
+	status = secondary_tcon(tctx, tmp_ctx, session, sharename, &tree);
+	if (!NT_STATUS_EQUAL(status, expected_tcon)) {
+		torture_comment(tctx, "Expected %s, got %s\n", nt_errstr(expected_tcon),
+			 nt_errstr(status));
+		ret = false;
+		goto done;
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		/* An expected non-access, no point in trying to write */
+		goto done;
+	}
+
+	status = smbcli_mkdir(tree, "sharesec_testdir");
+	if (!NT_STATUS_EQUAL(status, expected_mkdir)) {
+		torture_warning(tctx, "Expected %s, got %s\n",
+			 nt_errstr(expected_mkdir), nt_errstr(status));
+		ret = false;
+	}
+
+ done:
+	smbcli_rmdir(rmdir_tree, "sharesec_testdir");
+
+	status = set_sharesec(tctx, mem_ctx, session, sharename, orig_sd);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "custom set_sharesec failed: %s\n",
+			 nt_errstr(status));
+		talloc_free(tmp_ctx);
+                return false;
+	}
+
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+static bool torture_samba3_rpc_sharesec(struct torture_context *torture)
+{
+	struct smbcli_state *cli = NULL;
+	struct security_descriptor *sd = NULL;
+	struct dom_sid *user_sid = NULL;
+	const char *testuser_passwd = NULL;
+	struct cli_credentials *test_credentials = NULL;
+	struct smbcli_options options;
+	struct smbcli_session_options session_options;
+	NTSTATUS status;
+	struct test_join *tj = NULL;
+	struct dcerpc_pipe *lsa_pipe = NULL;
+	const char *priv_array[1];
+
+	/* Create a new user. The normal user has SeBackup and SeRestore
+	   privs so we can't lock them out with a share security descriptor. */
+	tj = torture_create_testuser(torture,
+					"sharesec_user",
+					torture_setting_string(torture, "workgroup", NULL),
+					ACB_NORMAL,
+					&testuser_passwd);
+	if (!tj) {
+		torture_fail(torture, "Creating sharesec_user failed\n");
+	}
+
+	/* Give them SeDiskOperatorPrivilege but no other privs. */
+	status = torture_rpc_connection(torture, &lsa_pipe, &ndr_table_lsarpc);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_delete_testuser(torture, tj, "sharesec_user");
+		talloc_free(tj);
+		torture_fail(torture, "Error connecting to LSA pipe");
+	}
+
+	priv_array[0] = "SeDiskOperatorPrivilege";
+	if (!torture_setup_privs(torture,
+				lsa_pipe,
+				1,
+				priv_array,
+				torture_join_user_sid(tj))) {
+		talloc_free(lsa_pipe);
+		torture_delete_testuser(torture, tj, "sharesec_user");
+		talloc_free(tj);
+		torture_fail(torture, "Failed to setup privs\n");
+	}
+	talloc_free(lsa_pipe);
+
+	test_credentials = cli_credentials_init(torture);
+	cli_credentials_set_workstation(test_credentials, "localhost", CRED_SPECIFIED);
+	cli_credentials_set_domain(test_credentials, lpcfg_workgroup(torture->lp_ctx),
+			CRED_SPECIFIED);
+	cli_credentials_set_username(test_credentials, "sharesec_user", CRED_SPECIFIED);
+	cli_credentials_set_password(test_credentials, testuser_passwd, CRED_SPECIFIED);
+
+	ZERO_STRUCT(options);
+	ZERO_STRUCT(session_options);
+	lpcfg_smbcli_options(torture->lp_ctx, &options);
+	lpcfg_smbcli_session_options(torture->lp_ctx, &session_options);
+
+	status = smbcli_full_connection(torture,
+					&cli,
+					torture_setting_string(torture, "host", NULL),
+					lpcfg_smb_ports(torture->lp_ctx),
+					"IPC$",
+					NULL,
+					lpcfg_socket_options(torture->lp_ctx),
+					test_credentials,
+					lpcfg_resolve_context(torture->lp_ctx),
+					torture->ev,
+					&options,
+					&session_options,
+					lpcfg_gensec_settings(torture, torture->lp_ctx));
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(cli);
+		torture_delete_testuser(torture, tj, "sharesec_user");
+		talloc_free(tj);
+		torture_fail(torture, "Failed to open connection\n");
+	}
+
+	if (!(user_sid = whoami(torture, torture, cli->tree))) {
+		talloc_free(cli);
+		torture_delete_testuser(torture, tj, "sharesec_user");
+		talloc_free(tj);
+		torture_fail(torture, "whoami failed\n");
+	}
+
+	sd = get_sharesec(torture, torture, cli->session,
+			  torture_setting_string(torture, "share", NULL));
+
+	if (!try_tcon(torture, torture, sd, cli->session,
+			torture_setting_string(torture, "share", NULL),
+			user_sid, 0, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK)) {
+		talloc_free(cli);
+		torture_delete_testuser(torture, tj, "sharesec_user");
+		talloc_free(tj);
+		torture_fail(torture, "failed to test tcon with 0 access_mask");
+	}
+
+	if (!try_tcon(torture, torture, sd, cli->session,
+			torture_setting_string(torture, "share", NULL),
+			user_sid, SEC_FILE_READ_DATA, NT_STATUS_OK,
+			NT_STATUS_MEDIA_WRITE_PROTECTED)) {
+		talloc_free(cli);
+		torture_delete_testuser(torture, tj, "sharesec_user");
+		talloc_free(tj);
+		torture_fail(torture, "failed to test tcon with SEC_FILE_READ_DATA access_mask");
+	}
+
+	/* sharesec_user doesn't have any rights on the underlying file system.
+	   Go back to the normal user. */
+
+	talloc_free(cli);
+	cli = NULL;
+	torture_delete_testuser(torture, tj, "sharesec_user");
+	talloc_free(tj);
+	tj = NULL;
+
+	if (!(torture_open_connection_share(
+		      torture, &cli, torture, torture_setting_string(torture, "host", NULL),
+		      "IPC$", torture->ev))) {
+		torture_fail(torture, "IPC$ connection failed\n");
+	}
+
+	if (!(user_sid = whoami(torture, torture, cli->tree))) {
+		torture_fail(torture, "whoami failed\n");
+	}
+	torture_assert(torture, try_tcon(
+			torture, torture, sd, cli->session,
+			torture_setting_string(torture, "share", NULL),
+			user_sid, SEC_FILE_ALL, NT_STATUS_OK, NT_STATUS_OK),
+			"failed to test tcon with SEC_FILE_ALL access_mask");
+
+	return true;
+}
+
+static bool torture_samba3_rpc_lsa(struct torture_context *torture)
+{
+	struct dcerpc_pipe *p;
+	struct dcerpc_binding_handle *b;
+	struct policy_handle lsa_handle;
+
+	torture_assert_ntstatus_ok(torture,
+		torture_rpc_connection(torture, &p, &ndr_table_lsarpc),
+		"failed to setup lsarpc");
+
+	b = p->binding_handle;
+
+	{
+		struct lsa_ObjectAttribute attr;
+		struct lsa_OpenPolicy2 o;
+		o.in.system_name = talloc_asprintf(
+			torture, "\\\\%s", dcerpc_server_name(p));
+		ZERO_STRUCT(attr);
+		o.in.attr = &attr;
+		o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+		o.out.handle = &lsa_handle;
+
+		torture_assert_ntstatus_ok(torture,
+			dcerpc_lsa_OpenPolicy2_r(b, torture, &o),
+			"dcerpc_lsa_OpenPolicy2 failed");
+		torture_assert_ntstatus_ok(torture, o.out.result,
+			"dcerpc_lsa_OpenPolicy2 failed");
+	}
+
+	{
+		int i;
+		int levels[] = { 2,3,5,6 };
+
+		for (i=0; i<ARRAY_SIZE(levels); i++) {
+			struct lsa_QueryInfoPolicy r;
+			union lsa_PolicyInformation *info = NULL;
+			r.in.handle = &lsa_handle;
+			r.in.level = levels[i];
+			r.out.info = &info;
+
+			torture_assert_ntstatus_ok(torture,
+				dcerpc_lsa_QueryInfoPolicy_r(b, torture, &r),
+				talloc_asprintf(torture, "dcerpc_lsa_QueryInfoPolicy level %d failed", levels[i]));
+			torture_assert_ntstatus_ok(torture, r.out.result,
+				talloc_asprintf(torture, "dcerpc_lsa_QueryInfoPolicy level %d failed", levels[i]));
+		}
+	}
+
+	return true;
+}
+
+static NTSTATUS get_servername(TALLOC_CTX *mem_ctx, struct smbcli_tree *tree,
+			       char **name)
+{
+	struct rap_WserverGetInfo r;
+	NTSTATUS status;
+	char servername[17];
+	size_t converted_size;
+
+	r.in.level = 0;
+	r.in.bufsize = 0xffff;
+
+	status = smbcli_rap_netservergetinfo(tree, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	memcpy(servername, r.out.info.info0.name, 16);
+	servername[16] = '\0';
+
+	if (!pull_ascii_talloc(mem_ctx, name, servername, &converted_size)) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	return NT_STATUS_OK;
+}
+
+static bool rap_get_servername(struct torture_context *tctx,
+			       char **servername)
+{
+	struct smbcli_state *cli;
+
+	torture_assert(tctx,
+		torture_open_connection_share(tctx, &cli, tctx, torture_setting_string(tctx, "host", NULL),
+					      "IPC$", tctx->ev),
+		"IPC$ connection failed");
+
+	torture_assert_ntstatus_ok(tctx,
+		get_servername(tctx, cli->tree, servername),
+		"get_servername failed");
+
+	talloc_free(cli);
+
+	return true;
+}
+
+static bool find_printers(struct torture_context *tctx,
+			  struct dcerpc_pipe *p,
+			  const char ***printers,
+			  size_t *num_printers)
+{
+	struct srvsvc_NetShareEnum r;
+	struct srvsvc_NetShareInfoCtr info_ctr;
+	struct srvsvc_NetShareCtr1 c1_in;
+	struct srvsvc_NetShareCtr1 *c1;
+	uint32_t totalentries = 0;
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	ZERO_STRUCT(c1_in);
+	info_ctr.level = 1;
+	info_ctr.ctr.ctr1 = &c1_in;
+
+	r.in.server_unc = talloc_asprintf(
+		tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.info_ctr = &info_ctr;
+	r.in.max_buffer = (uint32_t)-1;
+	r.in.resume_handle = NULL;
+	r.out.totalentries = &totalentries;
+	r.out.info_ctr = &info_ctr;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_srvsvc_NetShareEnum_r(b, tctx, &r),
+		"NetShareEnum level 1 failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+		"NetShareEnum level 1 failed");
+
+	*printers = NULL;
+	*num_printers = 0;
+	c1 = r.out.info_ctr->ctr.ctr1;
+	for (i=0; i<c1->count; i++) {
+		if (c1->array[i].type != STYPE_PRINTQ) {
+			continue;
+		}
+		if (!add_string_to_array(tctx, c1->array[i].name,
+					 printers, num_printers)) {
+			return false;
+		}
+	}
+
+	return true;
+}
+
+static bool enumprinters(struct torture_context *tctx,
+			 struct dcerpc_binding_handle *b,
+			 const char *servername, int level, int *num_printers)
+{
+	struct spoolss_EnumPrinters r;
+	DATA_BLOB blob;
+	uint32_t needed;
+	uint32_t count;
+	union spoolss_PrinterInfo *info;
+
+	r.in.flags = PRINTER_ENUM_LOCAL;
+	r.in.server = talloc_asprintf(tctx, "\\\\%s", servername);
+	r.in.level = level;
+	r.in.buffer = NULL;
+	r.in.offered = 0;
+	r.out.needed = &needed;
+	r.out.count = &count;
+	r.out.info = &info;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_EnumPrinters_r(b, tctx, &r),
+		"dcerpc_spoolss_EnumPrinters failed");
+	torture_assert_werr_equal(tctx, r.out.result, WERR_INSUFFICIENT_BUFFER,
+		"EnumPrinters unexpected return code should be WERR_INSUFFICIENT_BUFFER");
+
+	blob = data_blob_talloc_zero(tctx, needed);
+	if (blob.data == NULL) {
+		return false;
+	}
+
+	r.in.buffer = &blob;
+	r.in.offered = needed;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_EnumPrinters_r(b, tctx, &r),
+		"dcerpc_spoolss_EnumPrinters failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+		"dcerpc_spoolss_EnumPrinters failed");
+
+	*num_printers = count;
+
+	return true;
+}
+
+static bool getprinterinfo(struct torture_context *tctx,
+			   struct dcerpc_binding_handle *b,
+			   struct policy_handle *handle, int level,
+			   union spoolss_PrinterInfo **res)
+{
+	struct spoolss_GetPrinter r;
+	DATA_BLOB blob;
+	uint32_t needed;
+
+	r.in.handle = handle;
+	r.in.level = level;
+	r.in.buffer = NULL;
+	r.in.offered = 0;
+	r.out.needed = &needed;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_GetPrinter_r(b, tctx, &r),
+		"dcerpc_spoolss_GetPrinter failed");
+	torture_assert_werr_equal(tctx, r.out.result, WERR_INSUFFICIENT_BUFFER,
+		"GetPrinter unexpected return code should be WERR_INSUFFICIENT_BUFFER");
+
+	r.in.handle = handle;
+	r.in.level = level;
+	blob = data_blob_talloc_zero(tctx, needed);
+	if (blob.data == NULL) {
+		return false;
+	}
+	r.in.buffer = &blob;
+	r.in.offered = needed;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_GetPrinter_r(b, tctx, &r),
+		"dcerpc_spoolss_GetPrinter failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+		"dcerpc_spoolss_GetPrinter failed");
+
+	if (res != NULL) {
+		*res = talloc_steal(tctx, r.out.info);
+	}
+
+	return true;
+}
+
+static bool torture_samba3_rpc_spoolss(struct torture_context *torture)
+{
+	struct dcerpc_pipe *p, *p2;
+	struct dcerpc_binding_handle *b;
+	struct policy_handle server_handle, printer_handle;
+	const char **printers;
+	size_t num_printers;
+	struct spoolss_UserLevel1 userlevel1;
+	char *servername;
+
+	torture_assert(torture,
+		rap_get_servername(torture, &servername),
+		"failed to rap servername");
+
+	torture_assert_ntstatus_ok(torture,
+		torture_rpc_connection(torture, &p2, &ndr_table_srvsvc),
+		"failed to setup srvsvc");
+
+	torture_assert(torture,
+		find_printers(torture, p2, &printers, &num_printers),
+		"failed to find printers via srvsvc");
+
+	talloc_free(p2);
+
+	if (num_printers == 0) {
+		torture_skip(torture, "Did not find printers\n");
+		return true;
+	}
+
+	torture_assert_ntstatus_ok(torture,
+		torture_rpc_connection(torture, &p, &ndr_table_spoolss),
+		"failed to setup spoolss");
+
+	b = p->binding_handle;
+
+	ZERO_STRUCT(userlevel1);
+	userlevel1.client = talloc_asprintf(
+		torture, "\\\\%s", lpcfg_netbios_name(torture->lp_ctx));
+	userlevel1.user = cli_credentials_get_username(
+				samba_cmdline_get_creds());
+	userlevel1.build = 2600;
+	userlevel1.major = 3;
+	userlevel1.minor = 0;
+	userlevel1.processor = 0;
+
+	{
+		struct spoolss_OpenPrinterEx r;
+
+		ZERO_STRUCT(r);
+		r.in.printername = talloc_asprintf(torture, "\\\\%s",
+						   servername);
+		r.in.datatype = NULL;
+		r.in.access_mask = 0;
+		r.in.userlevel_ctr.level = 1;
+		r.in.userlevel_ctr.user_info.level1 = &userlevel1;
+		r.out.handle = &server_handle;
+
+		torture_assert_ntstatus_ok(torture,
+			dcerpc_spoolss_OpenPrinterEx_r(b, torture, &r),
+			"dcerpc_spoolss_OpenPrinterEx failed");
+		torture_assert_werr_ok(torture, r.out.result,
+			"dcerpc_spoolss_OpenPrinterEx failed");
+	}
+
+	{
+		struct spoolss_ClosePrinter r;
+
+		r.in.handle = &server_handle;
+		r.out.handle = &server_handle;
+
+		torture_assert_ntstatus_ok(torture,
+			dcerpc_spoolss_ClosePrinter_r(b, torture, &r),
+			"dcerpc_spoolss_ClosePrinter failed");
+		torture_assert_werr_ok(torture, r.out.result,
+			"dcerpc_spoolss_ClosePrinter failed");
+	}
+
+	{
+		struct spoolss_OpenPrinterEx r;
+
+		ZERO_STRUCT(r);
+		r.in.printername = talloc_asprintf(
+			torture, "\\\\%s\\%s", servername, printers[0]);
+		r.in.datatype = NULL;
+		r.in.access_mask = 0;
+		r.in.userlevel_ctr.level = 1;
+		r.in.userlevel_ctr.user_info.level1 = &userlevel1;
+		r.out.handle = &printer_handle;
+
+		torture_assert_ntstatus_ok(torture,
+			dcerpc_spoolss_OpenPrinterEx_r(b, torture, &r),
+			"dcerpc_spoolss_OpenPrinterEx failed");
+		torture_assert_werr_ok(torture, r.out.result,
+			"dcerpc_spoolss_OpenPrinterEx failed");
+	}
+
+	{
+		int i;
+
+		for (i=0; i<8; i++) {
+			torture_assert(torture,
+				getprinterinfo(torture, b, &printer_handle, i, NULL),
+				talloc_asprintf(torture, "getprinterinfo %d failed", i));
+		}
+	}
+
+	{
+		struct spoolss_ClosePrinter r;
+
+		r.in.handle = &printer_handle;
+		r.out.handle = &printer_handle;
+
+		torture_assert_ntstatus_ok(torture,
+			dcerpc_spoolss_ClosePrinter_r(b, torture, &r),
+			"dcerpc_spoolss_ClosePrinter failed");
+		torture_assert_werr_ok(torture, r.out.result,
+			"dcerpc_spoolss_ClosePrinter failed");
+	}
+
+	{
+		int num_enumerated;
+
+		torture_assert(torture,
+			enumprinters(torture, b, servername, 1, &num_enumerated),
+			"enumprinters failed");
+
+		torture_assert_int_equal(torture, num_printers, num_enumerated,
+			"netshareenum / enumprinters lvl 1 numprinter mismatch");
+	}
+
+	{
+		int num_enumerated;
+
+		torture_assert(torture,
+			enumprinters(torture, b, servername, 2, &num_enumerated),
+			"enumprinters failed");
+
+		torture_assert_int_equal(torture, num_printers, num_enumerated,
+			"netshareenum / enumprinters lvl 2 numprinter mismatch");
+	}
+
+	return true;
+}
+
+static bool torture_samba3_rpc_wkssvc(struct torture_context *torture)
+{
+	struct dcerpc_pipe *p;
+	struct dcerpc_binding_handle *b;
+	char *servername;
+
+	torture_assert(torture,
+		rap_get_servername(torture, &servername),
+		"failed to rap servername");
+
+	torture_assert_ntstatus_ok(torture,
+		torture_rpc_connection(torture, &p, &ndr_table_wkssvc),
+		"failed to setup wkssvc");
+
+	b = p->binding_handle;
+
+	{
+		struct wkssvc_NetWkstaInfo100 wks100;
+		union wkssvc_NetWkstaInfo info;
+		struct wkssvc_NetWkstaGetInfo r;
+
+		r.in.server_name = "\\foo";
+		r.in.level = 100;
+		info.info100 = &wks100;
+		r.out.info = &info;
+
+		torture_assert_ntstatus_ok(torture,
+			dcerpc_wkssvc_NetWkstaGetInfo_r(b, torture, &r),
+			"dcerpc_wkssvc_NetWksGetInfo failed");
+		torture_assert_werr_ok(torture, r.out.result,
+			"dcerpc_wkssvc_NetWksGetInfo failed");
+
+		torture_assert_str_equal(torture, servername, r.out.info->info100->server_name,
+			"servername RAP / DCERPC inconsistency");
+	}
+
+	return true;
+}
+
+static bool winreg_close(struct torture_context *tctx,
+			 struct dcerpc_binding_handle *b,
+			 struct policy_handle *handle)
+{
+	struct winreg_CloseKey c;
+
+	c.in.handle = c.out.handle = handle;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_winreg_CloseKey_r(b, tctx, &c),
+		"winreg_CloseKey failed");
+	torture_assert_werr_ok(tctx, c.out.result,
+		"winreg_CloseKey failed");
+
+	return true;
+}
+
+static bool enumvalues(struct torture_context *tctx,
+		       struct dcerpc_binding_handle *b,
+		       struct policy_handle *handle)
+{
+	uint32_t enum_index = 0;
+
+	while (1) {
+		struct winreg_EnumValue r;
+		struct winreg_ValNameBuf name;
+		enum winreg_Type type = 0;
+		uint8_t buf8[1024];
+		NTSTATUS status;
+		uint32_t size, length;
+
+		ZERO_STRUCT(buf8);
+		r.in.handle = handle;
+		r.in.enum_index = enum_index;
+		name.name = "";
+		name.size = 1024;
+		r.in.name = r.out.name = &name;
+		size = 1024;
+		length = 5;
+		r.in.type = &type;
+		r.in.value = buf8;
+		r.in.size = &size;
+		r.in.length = &length;
+
+		status = dcerpc_winreg_EnumValue_r(b, tctx, &r);
+		if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
+			return true;
+		}
+		enum_index += 1;
+	}
+}
+
+static bool enumkeys(struct torture_context *tctx,
+		     struct dcerpc_binding_handle *b,
+		     struct policy_handle *handle,
+		     int depth)
+{
+	struct winreg_EnumKey r;
+	struct winreg_StringBuf kclass, name;
+	NTSTATUS status;
+	NTTIME t = 0;
+
+	if (depth <= 0) {
+		return true;
+	}
+
+	kclass.name   = "";
+	kclass.size   = 1024;
+
+	r.in.handle = handle;
+	r.in.enum_index = 0;
+	r.in.name = &name;
+	r.in.keyclass = &kclass;
+	r.out.name = &name;
+	r.in.last_changed_time = &t;
+
+	do {
+		struct winreg_OpenKey o;
+		struct policy_handle key_handle;
+		int i;
+
+		name.name = NULL;
+		name.size = 1024;
+
+		status = dcerpc_winreg_EnumKey_r(b, tctx, &r);
+		if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
+			/* We're done enumerating */
+			return true;
+		}
+
+		for (i=0; i<10-depth; i++) {
+			torture_comment(tctx, " ");
+		}
+		torture_comment(tctx, "%s\n", r.out.name->name);
+
+		o.in.parent_handle = handle;
+		o.in.keyname.name = r.out.name->name;
+		o.in.options = 0;
+		o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+		o.out.handle = &key_handle;
+
+		status = dcerpc_winreg_OpenKey_r(b, tctx, &o);
+		if (NT_STATUS_IS_OK(status) && W_ERROR_IS_OK(o.out.result)) {
+			enumkeys(tctx, b, &key_handle, depth-1);
+			enumvalues(tctx, b, &key_handle);
+			torture_assert(tctx, winreg_close(tctx, b, &key_handle), "");
+		}
+
+		r.in.enum_index += 1;
+	} while(true);
+
+	return true;
+}
+
+typedef NTSTATUS (*winreg_open_fn)(struct dcerpc_binding_handle *, TALLOC_CTX *, void *);
+
+static bool test_Open3(struct torture_context *tctx,
+		       struct dcerpc_binding_handle *b,
+		       const char *name, winreg_open_fn open_fn)
+{
+	struct policy_handle handle;
+	struct winreg_OpenHKLM r;
+
+	r.in.system_name = 0;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.handle = &handle;
+
+	torture_assert_ntstatus_ok(tctx,
+		open_fn(b, tctx, &r),
+		talloc_asprintf(tctx, "%s failed", name));
+	torture_assert_werr_ok(tctx, r.out.result,
+		talloc_asprintf(tctx, "%s failed", name));
+
+	enumkeys(tctx, b, &handle, 4);
+
+	torture_assert(tctx,
+		winreg_close(tctx, b, &handle),
+		"dcerpc_CloseKey failed");
+
+	return true;
+}
+
+static bool torture_samba3_rpc_winreg(struct torture_context *torture)
+{
+	struct dcerpc_pipe *p;
+	struct dcerpc_binding_handle *b;
+	bool ret = true;
+	struct {
+		const char *name;
+		winreg_open_fn fn;
+	} open_fns[] = {
+		{"OpenHKLM", (winreg_open_fn)dcerpc_winreg_OpenHKLM_r },
+		{"OpenHKU",  (winreg_open_fn)dcerpc_winreg_OpenHKU_r },
+		{"OpenHKPD", (winreg_open_fn)dcerpc_winreg_OpenHKPD_r },
+		{"OpenHKPT", (winreg_open_fn)dcerpc_winreg_OpenHKPT_r },
+		{"OpenHKCR", (winreg_open_fn)dcerpc_winreg_OpenHKCR_r }};
+#if 0
+	int i;
+#endif
+
+	torture_assert_ntstatus_ok(torture,
+		torture_rpc_connection(torture, &p, &ndr_table_winreg),
+		"failed to setup winreg");
+
+	b = p->binding_handle;
+
+#if 1
+	ret = test_Open3(torture, b, open_fns[0].name, open_fns[0].fn);
+#else
+	for (i = 0; i < ARRAY_SIZE(open_fns); i++) {
+		if (!test_Open3(torture, b, open_fns[i].name, open_fns[i].fn))
+			ret = false;
+	}
+#endif
+	return ret;
+}
+
+static bool get_shareinfo(struct torture_context *tctx,
+			  struct dcerpc_binding_handle *b,
+			  const char *servername,
+			  const char *share,
+			  struct srvsvc_NetShareInfo502 **info502)
+{
+	struct srvsvc_NetShareGetInfo r;
+	union srvsvc_NetShareInfo info;
+
+	r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", servername);
+	r.in.share_name = share;
+	r.in.level = 502;
+	r.out.info = &info;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_srvsvc_NetShareGetInfo_r(b, tctx, &r),
+		"srvsvc_NetShareGetInfo failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+		"srvsvc_NetShareGetInfo failed");
+
+	*info502 = talloc_move(tctx, &info.info502);
+
+	return true;
+}
+
+/*
+ * Get us a handle on HKLM\
+ */
+
+static bool get_hklm_handle(struct torture_context *tctx,
+			    struct dcerpc_binding_handle *b,
+			    struct policy_handle *handle)
+{
+	struct winreg_OpenHKLM r;
+	struct policy_handle result;
+
+	r.in.system_name = 0;
+        r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+        r.out.handle = &result;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_winreg_OpenHKLM_r(b, tctx, &r),
+		"OpenHKLM failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+		"OpenHKLM failed");
+
+	*handle = result;
+
+	return true;
+}
+
+static bool torture_samba3_createshare(struct torture_context *tctx,
+				       struct dcerpc_binding_handle *b,
+				       const char *sharename)
+{
+	struct policy_handle hklm;
+	struct policy_handle new_handle;
+	struct winreg_CreateKey c;
+	struct winreg_CloseKey cl;
+	enum winreg_CreateAction action_taken = REG_ACTION_NONE;
+
+	ZERO_STRUCT(c);
+	ZERO_STRUCT(cl);
+	ZERO_STRUCT(hklm);
+	ZERO_STRUCT(new_handle);
+
+	c.in.handle = &hklm;
+	c.in.name.name = talloc_asprintf(
+		tctx, "software\\samba\\smbconf\\%s", sharename);
+	torture_assert(tctx, c.in.name.name, "talloc_asprintf failed");
+
+	c.in.keyclass.name = "";
+	c.in.options = 0;
+	c.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	c.in.secdesc = NULL;
+	c.in.action_taken = &action_taken;
+	c.out.new_handle = &new_handle;
+	c.out.action_taken = &action_taken;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_winreg_CreateKey_r(b, tctx, &c),
+		"OpenKey failed");
+	torture_assert_werr_ok(tctx, c.out.result,
+		"OpenKey failed");
+
+	cl.in.handle = &new_handle;
+	cl.out.handle = &new_handle;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_winreg_CloseKey_r(b, tctx, &cl),
+		"CloseKey failed");
+	torture_assert_werr_ok(tctx, cl.out.result,
+		"CloseKey failed");
+
+	return true;
+}
+
+static bool torture_samba3_deleteshare(struct torture_context *tctx,
+				       struct dcerpc_binding_handle *b,
+				       const char *sharename)
+{
+	struct policy_handle hklm;
+	struct winreg_DeleteKey d;
+
+	torture_assert(tctx,
+		get_hklm_handle(tctx, b, &hklm),
+		"get_hklm_handle failed");
+
+	d.in.handle = &hklm;
+	d.in.key.name = talloc_asprintf(
+		tctx, "software\\samba\\smbconf\\%s", sharename);
+	torture_assert(tctx, d.in.key.name, "talloc_asprintf failed");
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_winreg_DeleteKey_r(b, tctx, &d),
+		"DeleteKey failed");
+	torture_assert_werr_ok(tctx, d.out.result,
+		"DeleteKey failed");
+
+	return true;
+}
+
+static bool torture_samba3_setconfig(struct torture_context *tctx,
+				     struct dcerpc_binding_handle *b,
+				     const char *sharename,
+				     const char *parameter,
+				     const char *value)
+{
+	struct policy_handle hklm, key_handle;
+	struct winreg_OpenKey o;
+	struct winreg_SetValue s;
+	uint32_t type;
+	DATA_BLOB val;
+
+	torture_assert(tctx,
+		get_hklm_handle(tctx, b, &hklm),
+		"get_hklm_handle failed");
+
+	o.in.parent_handle = &hklm;
+	o.in.keyname.name = talloc_asprintf(
+		tctx, "software\\samba\\smbconf\\%s", sharename);
+	torture_assert(tctx, o.in.keyname.name, "talloc_asprintf failed");
+
+	o.in.options = 0;
+	o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	o.out.handle = &key_handle;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_winreg_OpenKey_r(b, tctx, &o),
+		"OpenKey failed");
+	torture_assert_werr_ok(tctx, o.out.result,
+		"OpenKey failed");
+
+	torture_assert(tctx,
+		reg_string_to_val(tctx, "REG_SZ", value, &type, &val),
+		"reg_string_to_val failed");
+
+	s.in.handle = &key_handle;
+	s.in.name.name = parameter;
+	s.in.type = type;
+	s.in.data = val.data;
+	s.in.size = val.length;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_winreg_SetValue_r(b, tctx, &s),
+		"SetValue failed");
+	torture_assert_werr_ok(tctx, s.out.result,
+		"SetValue failed");
+
+	return true;
+}
+
+static bool torture_samba3_regconfig(struct torture_context *torture)
+{
+	struct srvsvc_NetShareInfo502 *i = NULL;
+	const char *comment = "Dummer Kommentar";
+	struct dcerpc_pipe *srvsvc_pipe, *winreg_pipe;
+
+	torture_assert_ntstatus_ok(torture,
+		torture_rpc_connection(torture, &srvsvc_pipe, &ndr_table_srvsvc),
+		"failed to setup srvsvc");
+
+	torture_assert_ntstatus_ok(torture,
+		torture_rpc_connection(torture, &winreg_pipe, &ndr_table_winreg),
+		"failed to setup winreg");
+
+	torture_assert(torture,
+		torture_samba3_createshare(torture, winreg_pipe->binding_handle, "blubber"),
+		"torture_samba3_createshare failed");
+
+	torture_assert(torture,
+		torture_samba3_setconfig(torture, winreg_pipe->binding_handle, "blubber", "comment", comment),
+		"torture_samba3_setconfig failed");
+
+	torture_assert(torture,
+		get_shareinfo(torture, srvsvc_pipe->binding_handle, dcerpc_server_name(srvsvc_pipe), "blubber", &i),
+		"get_shareinfo failed");
+
+	torture_assert_str_equal(torture, comment, i->comment,
+		"got unexpected comment");
+
+	torture_assert(torture,
+		torture_samba3_deleteshare(torture, winreg_pipe->binding_handle, "blubber"),
+		"torture_samba3_deleteshare failed");
+
+	return true;
+}
+
+/*
+ * Test that even with a result of 0 rids the array is returned as a
+ * non-NULL pointer. Yes, XP does notice.
+ */
+
+bool torture_samba3_getaliasmembership_0(struct torture_context *torture)
+{
+	struct dcerpc_pipe *p;
+	struct dcerpc_binding_handle *b;
+	struct samr_Connect2 c;
+	struct samr_OpenDomain o;
+	struct dom_sid sid;
+	struct lsa_SidPtr ptr;
+	struct lsa_SidArray sids;
+	struct samr_GetAliasMembership g;
+	struct samr_Ids rids;
+	struct policy_handle samr, domain;
+
+	torture_assert_ntstatus_ok(torture,
+		torture_rpc_connection(torture, &p, &ndr_table_samr),
+		"failed to setup samr");
+
+	b = p->binding_handle;
+
+	c.in.system_name = NULL;
+	c.in.access_mask = SAMR_ACCESS_LOOKUP_DOMAIN;
+	c.out.connect_handle = &samr;
+	torture_assert_ntstatus_ok(torture,
+		dcerpc_samr_Connect2_r(b, torture, &c),
+		"");
+	torture_assert_ntstatus_ok(torture, c.out.result,
+		"");
+	dom_sid_parse("S-1-5-32", &sid);
+	o.in.connect_handle = &samr;
+	o.in.access_mask = SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS;
+	o.in.sid = &sid;
+	o.out.domain_handle = &domain;
+	torture_assert_ntstatus_ok(torture,
+		dcerpc_samr_OpenDomain_r(b, torture, &o),
+		"");
+	torture_assert_ntstatus_ok(torture, o.out.result,
+		"");
+	dom_sid_parse("S-1-2-3-4-5", &sid);
+	ptr.sid = &sid;
+	sids.num_sids = 1;
+	sids.sids = &ptr;
+	g.in.domain_handle = &domain;
+	g.in.sids = &sids;
+	g.out.rids = &rids;
+	torture_assert_ntstatus_ok(torture,
+		dcerpc_samr_GetAliasMembership_r(b, torture, &g),
+		"");
+	torture_assert_ntstatus_ok(torture, g.out.result,
+		"");
+	if (rids.ids == NULL) {
+		/* This is the piece to test here */
+		torture_fail(torture,
+			"torture_samba3_getaliasmembership_0: "
+			"Server returns NULL rids array\n");
+	}
+
+	return true;
+}
+
+/**
+ * Test smb reauthentication while rpc pipe is in use.
+ */
+static bool torture_rpc_smb_reauth1(struct torture_context *torture)
+{
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+	bool ret = false;
+	struct smbcli_state *cli;
+	struct smbcli_options options;
+	struct smbcli_session_options session_options;
+
+	struct dcerpc_pipe *lsa_pipe;
+	struct dcerpc_binding_handle *lsa_handle;
+	struct lsa_GetUserName r;
+	struct lsa_String *authority_name_p = NULL;
+	char *authority_name_saved = NULL;
+	struct lsa_String *account_name_p = NULL;
+	char *account_name_saved = NULL;
+	struct cli_credentials *anon_creds = NULL;
+	struct smb_composite_sesssetup io;
+
+	mem_ctx = talloc_init("torture_samba3_reauth");
+	torture_assert(torture, (mem_ctx != NULL), "talloc_init failed");
+
+	lpcfg_smbcli_options(torture->lp_ctx, &options);
+	lpcfg_smbcli_session_options(torture->lp_ctx, &session_options);
+
+	status = smbcli_full_connection(mem_ctx, &cli,
+					torture_setting_string(torture, "host", NULL),
+					lpcfg_smb_ports(torture->lp_ctx),
+					"IPC$", NULL,
+					lpcfg_socket_options(torture->lp_ctx),
+					samba_cmdline_get_creds(),
+					lpcfg_resolve_context(torture->lp_ctx),
+					torture->ev, &options, &session_options,
+					lpcfg_gensec_settings(torture, torture->lp_ctx));
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smbcli_full_connection failed");
+
+	status = pipe_bind_smb(torture, mem_ctx, cli->tree, "\\lsarpc",
+			       &ndr_table_lsarpc, &lsa_pipe);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"pipe_bind_smb failed");
+	lsa_handle = lsa_pipe->binding_handle;
+
+	/* lsa getusername */
+
+	ZERO_STRUCT(r);
+	r.in.system_name = "\\";
+	r.in.account_name = &account_name_p;
+	r.in.authority_name = &authority_name_p;
+	r.out.account_name = &account_name_p;
+
+	status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r);
+
+	authority_name_p = *r.out.authority_name;
+
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"GetUserName failed");
+	torture_assert_ntstatus_ok_goto(torture, r.out.result, ret, done,
+					"GetUserName failed");
+
+	torture_comment(torture, "lsa_GetUserName gave '%s\\%s'\n",
+			authority_name_p->string,
+			account_name_p->string);
+
+	account_name_saved = talloc_strdup(mem_ctx, account_name_p->string);
+	torture_assert_goto(torture, (account_name_saved != NULL), ret, done,
+			    "talloc failed");
+	authority_name_saved = talloc_strdup(mem_ctx, authority_name_p->string);
+	torture_assert_goto(torture, (authority_name_saved != NULL), ret, done,
+			    "talloc failed");
+
+	/* smb re-authenticate as anonymous */
+
+	anon_creds = cli_credentials_init_anon(mem_ctx);
+
+	ZERO_STRUCT(io);
+	io.in.sesskey         = cli->transport->negotiate.sesskey;
+	io.in.capabilities    = cli->transport->negotiate.capabilities;
+	io.in.credentials     = anon_creds;
+	io.in.workgroup       = lpcfg_workgroup(torture->lp_ctx);
+	io.in.gensec_settings = lpcfg_gensec_settings(torture, torture->lp_ctx);
+
+	status = smb_composite_sesssetup(cli->session, &io);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"session reauth to anon failed");
+
+	/* re-do lsa getusername after reauth */
+
+	TALLOC_FREE(authority_name_p);
+	TALLOC_FREE(account_name_p);
+	ZERO_STRUCT(r);
+	r.in.system_name = "\\";
+	r.in.account_name = &account_name_p;
+	r.in.authority_name = &authority_name_p;
+	r.out.account_name = &account_name_p;
+
+	status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r);
+
+	authority_name_p = *r.out.authority_name;
+
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"GetUserName failed");
+	torture_assert_ntstatus_ok_goto(torture, r.out.result, ret, done,
+					"GetUserName failed");
+
+	torture_assert_goto(torture, (strcmp(authority_name_p->string, authority_name_saved) == 0),
+			    ret, done, "authority_name not equal after reauth to anon");
+	torture_assert_goto(torture, (strcmp(account_name_p->string, account_name_saved) == 0),
+			    ret, done, "account_name not equal after reauth to anon");
+
+	/* smb re-auth again to the original user */
+
+	ZERO_STRUCT(io);
+	io.in.sesskey         = cli->transport->negotiate.sesskey;
+	io.in.capabilities    = cli->transport->negotiate.capabilities;
+	io.in.credentials     = samba_cmdline_get_creds();
+	io.in.workgroup       = lpcfg_workgroup(torture->lp_ctx);
+	io.in.gensec_settings = lpcfg_gensec_settings(torture, torture->lp_ctx);
+
+	status = smb_composite_sesssetup(cli->session, &io);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"session reauth to anon failed");
+
+	/* re-do lsa getusername */
+
+	TALLOC_FREE(authority_name_p);
+	TALLOC_FREE(account_name_p);
+	ZERO_STRUCT(r);
+	r.in.system_name = "\\";
+	r.in.account_name = &account_name_p;
+	r.in.authority_name = &authority_name_p;
+	r.out.account_name = &account_name_p;
+
+	status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r);
+
+	authority_name_p = *r.out.authority_name;
+
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"GetUserName failed");
+	torture_assert_ntstatus_ok_goto(torture, r.out.result, ret, done,
+					"GetUserName failed");
+
+	torture_assert_goto(torture, (strcmp(authority_name_p->string, authority_name_saved) == 0),
+			    ret, done, "authority_name not equal after reauth to anon");
+	torture_assert_goto(torture, (strcmp(account_name_p->string, account_name_saved) == 0),
+			    ret, done, "account_name not equal after reauth to anon");
+
+	ret = true;
+
+done:
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+/**
+ * Test smb reauthentication while rpc pipe is in use.
+ * Open a second lsa bind after reauth to anon.
+ * Do lsa getusername on that second bind.
+ */
+static bool torture_rpc_smb_reauth2(struct torture_context *torture)
+{
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+	bool ret = false;
+	struct smbcli_state *cli;
+	struct smbcli_options options;
+	struct smbcli_session_options session_options;
+
+	struct dcerpc_pipe *lsa_pipe;
+	struct dcerpc_binding_handle *lsa_handle;
+	struct lsa_GetUserName r;
+	struct lsa_String *authority_name_p = NULL;
+	char *authority_name_saved = NULL;
+	struct lsa_String *account_name_p = NULL;
+	char *account_name_saved = NULL;
+	struct cli_credentials *anon_creds = NULL;
+	struct smb_composite_sesssetup io;
+
+	mem_ctx = talloc_init("torture_samba3_reauth");
+	torture_assert(torture, (mem_ctx != NULL), "talloc_init failed");
+
+	lpcfg_smbcli_options(torture->lp_ctx, &options);
+	lpcfg_smbcli_session_options(torture->lp_ctx, &session_options);
+
+	status = smbcli_full_connection(mem_ctx, &cli,
+					torture_setting_string(torture, "host", NULL),
+					lpcfg_smb_ports(torture->lp_ctx),
+					"IPC$", NULL,
+					lpcfg_socket_options(torture->lp_ctx),
+					samba_cmdline_get_creds(),
+					lpcfg_resolve_context(torture->lp_ctx),
+					torture->ev, &options, &session_options,
+					lpcfg_gensec_settings(torture, torture->lp_ctx));
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smbcli_full_connection failed");
+
+	/* smb re-authenticate as anonymous */
+
+	anon_creds = cli_credentials_init_anon(mem_ctx);
+
+	ZERO_STRUCT(io);
+	io.in.sesskey         = cli->transport->negotiate.sesskey;
+	io.in.capabilities    = cli->transport->negotiate.capabilities;
+	io.in.credentials     = anon_creds;
+	io.in.workgroup       = lpcfg_workgroup(torture->lp_ctx);
+	io.in.gensec_settings = lpcfg_gensec_settings(torture, torture->lp_ctx);
+
+	status = smb_composite_sesssetup(cli->session, &io);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"session reauth to anon failed");
+
+	/* open the lsa pipe */
+
+	status = pipe_bind_smb(torture, mem_ctx, cli->tree, "\\lsarpc",
+			       &ndr_table_lsarpc, &lsa_pipe);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"pipe_bind_smb failed");
+	lsa_handle = lsa_pipe->binding_handle;
+
+	/* lsa getusername */
+
+	ZERO_STRUCT(r);
+	r.in.system_name = "\\";
+	r.in.account_name = &account_name_p;
+	r.in.authority_name = &authority_name_p;
+	r.out.account_name = &account_name_p;
+
+	status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r);
+
+	authority_name_p = *r.out.authority_name;
+
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"GetUserName failed");
+	torture_assert_ntstatus_ok_goto(torture, r.out.result, ret, done,
+					"GetUserName failed");
+
+	torture_comment(torture, "lsa_GetUserName gave '%s\\%s'\n",
+			authority_name_p->string,
+			account_name_p->string);
+
+	account_name_saved = talloc_strdup(mem_ctx, account_name_p->string);
+	torture_assert_goto(torture, (account_name_saved != NULL), ret, done,
+			    "talloc failed");
+	authority_name_saved = talloc_strdup(mem_ctx, authority_name_p->string);
+	torture_assert_goto(torture, (authority_name_saved != NULL), ret, done,
+			    "talloc failed");
+
+	/* smb re-auth again to the original user */
+
+	ZERO_STRUCT(io);
+	io.in.sesskey         = cli->transport->negotiate.sesskey;
+	io.in.capabilities    = cli->transport->negotiate.capabilities;
+	io.in.credentials     = samba_cmdline_get_creds();
+	io.in.workgroup       = lpcfg_workgroup(torture->lp_ctx);
+	io.in.gensec_settings = lpcfg_gensec_settings(torture, torture->lp_ctx);
+
+	status = smb_composite_sesssetup(cli->session, &io);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"session reauth to anon failed");
+
+	/* re-do lsa getusername after reauth */
+
+	TALLOC_FREE(authority_name_p);
+	TALLOC_FREE(account_name_p);
+	ZERO_STRUCT(r);
+	r.in.system_name = "\\";
+	r.in.account_name = &account_name_p;
+	r.in.authority_name = &authority_name_p;
+	r.out.account_name = &account_name_p;
+
+	status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r);
+
+	authority_name_p = *r.out.authority_name;
+
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"GetUserName failed");
+	torture_assert_ntstatus_ok_goto(torture, r.out.result, ret, done,
+					"GetUserName failed");
+
+	torture_assert_goto(torture, (strcmp(authority_name_p->string, authority_name_saved) == 0),
+			    ret, done, "authority_name not equal after reauth to anon");
+	torture_assert_goto(torture, (strcmp(account_name_p->string, account_name_saved) == 0),
+			    ret, done, "account_name not equal after reauth to anon");
+
+	ret = true;
+
+done:
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+/**
+ * Test smb2 reauthentication while rpc pipe is in use.
+ */
+static bool torture_rpc_smb2_reauth1(struct torture_context *torture)
+{
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+	bool ret = false;
+	struct smbcli_options options;
+
+	struct dcerpc_pipe *lsa_pipe;
+	struct dcerpc_binding_handle *lsa_handle;
+	struct lsa_GetUserName r;
+	struct lsa_String *authority_name_p = NULL;
+	char *authority_name_saved = NULL;
+	struct lsa_String *account_name_p = NULL;
+	char *account_name_saved = NULL;
+	struct cli_credentials *anon_creds = NULL;
+	const char *host = torture_setting_string(torture, "host", NULL);
+	struct smb2_tree *tree;
+
+	mem_ctx = talloc_init("torture_samba3_reauth");
+	torture_assert(torture, (mem_ctx != NULL), "talloc_init failed");
+
+	lpcfg_smbcli_options(torture->lp_ctx, &options);
+
+	status = smb2_connect(mem_ctx,
+			      host,
+			      lpcfg_smb_ports(torture->lp_ctx),
+			      "IPC$",
+			      lpcfg_resolve_context(torture->lp_ctx),
+			      samba_cmdline_get_creds(),
+			      &tree,
+			      torture->ev,
+			      &options,
+			      lpcfg_socket_options(torture->lp_ctx),
+			      lpcfg_gensec_settings(torture, torture->lp_ctx)
+			      );
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb2_connect failed");
+
+	status = pipe_bind_smb2(torture, mem_ctx, tree, "lsarpc",
+			        &ndr_table_lsarpc, &lsa_pipe);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"pipe_bind_smb2 failed");
+	lsa_handle = lsa_pipe->binding_handle;
+
+	/* lsa getusername */
+
+	ZERO_STRUCT(r);
+	r.in.system_name = "\\";
+	r.in.account_name = &account_name_p;
+	r.in.authority_name = &authority_name_p;
+	r.out.account_name = &account_name_p;
+
+	status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r);
+
+	authority_name_p = *r.out.authority_name;
+
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"GetUserName failed");
+	torture_assert_ntstatus_ok_goto(torture, r.out.result, ret, done,
+					"GetUserName failed");
+
+	torture_comment(torture, "lsa_GetUserName gave '%s\\%s'\n",
+			authority_name_p->string,
+			account_name_p->string);
+
+	account_name_saved = talloc_strdup(mem_ctx, account_name_p->string);
+	torture_assert_goto(torture, (account_name_saved != NULL), ret, done,
+			    "talloc failed");
+	authority_name_saved = talloc_strdup(mem_ctx, authority_name_p->string);
+	torture_assert_goto(torture, (authority_name_saved != NULL), ret, done,
+			    "talloc failed");
+
+	/* smb re-authenticate as anonymous */
+
+	anon_creds = cli_credentials_init_anon(mem_ctx);
+
+	status = smb2_session_setup_spnego(tree->session,
+					   anon_creds,
+					   0 /* previous_session_id */);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"session reauth to anon failed");
+
+	/* re-do lsa getusername after reauth */
+
+	TALLOC_FREE(authority_name_p);
+	TALLOC_FREE(account_name_p);
+	ZERO_STRUCT(r);
+	r.in.system_name = "\\";
+	r.in.account_name = &account_name_p;
+	r.in.authority_name = &authority_name_p;
+	r.out.account_name = &account_name_p;
+
+	status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r);
+
+	authority_name_p = *r.out.authority_name;
+
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"GetUserName failed");
+	torture_assert_ntstatus_ok_goto(torture, r.out.result, ret, done,
+					"GetUserName failed");
+
+	torture_assert_goto(torture, (strcmp(authority_name_p->string, authority_name_saved) == 0),
+			    ret, done, "authority_name not equal after reauth to anon");
+	torture_assert_goto(torture, (strcmp(account_name_p->string, account_name_saved) == 0),
+			    ret, done, "account_name not equal after reauth to anon");
+
+	/* smb re-auth again to the original user */
+
+	status = smb2_session_setup_spnego(tree->session,
+					   samba_cmdline_get_creds(),
+					   0 /* previous_session_id */);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"session reauth to anon failed");
+
+	/* re-do lsa getusername */
+
+	TALLOC_FREE(authority_name_p);
+	TALLOC_FREE(account_name_p);
+	ZERO_STRUCT(r);
+	r.in.system_name = "\\";
+	r.in.account_name = &account_name_p;
+	r.in.authority_name = &authority_name_p;
+	r.out.account_name = &account_name_p;
+
+	status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r);
+
+	authority_name_p = *r.out.authority_name;
+
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"GetUserName failed");
+	torture_assert_ntstatus_ok_goto(torture, r.out.result, ret, done,
+					"GetUserName failed");
+
+	torture_assert_goto(torture, (strcmp(authority_name_p->string, authority_name_saved) == 0),
+			    ret, done, "authority_name not equal after reauth to anon");
+	torture_assert_goto(torture, (strcmp(account_name_p->string, account_name_saved) == 0),
+			    ret, done, "account_name not equal after reauth to anon");
+
+	ret = true;
+
+done:
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+/**
+ * Test smb2 reauthentication while rpc pipe is in use.
+ * Open a second lsa bind after reauth to anon.
+ * Do lsa getusername on that second bind.
+ */
+static bool torture_rpc_smb2_reauth2(struct torture_context *torture)
+{
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+	bool ret = false;
+	struct smbcli_options options;
+
+	struct dcerpc_pipe *lsa_pipe;
+	struct dcerpc_binding_handle *lsa_handle;
+	struct lsa_GetUserName r;
+	struct lsa_String *authority_name_p = NULL;
+	char *authority_name_saved = NULL;
+	struct lsa_String *account_name_p = NULL;
+	char *account_name_saved = NULL;
+	struct cli_credentials *anon_creds = NULL;
+	const char *host = torture_setting_string(torture, "host", NULL);
+	struct smb2_tree *tree;
+
+	mem_ctx = talloc_init("torture_samba3_reauth");
+	torture_assert(torture, (mem_ctx != NULL), "talloc_init failed");
+
+	lpcfg_smbcli_options(torture->lp_ctx, &options);
+
+	status = smb2_connect(mem_ctx,
+			      host,
+			      lpcfg_smb_ports(torture->lp_ctx),
+			      "IPC$",
+			      lpcfg_resolve_context(torture->lp_ctx),
+			      samba_cmdline_get_creds(),
+			      &tree,
+			      torture->ev,
+			      &options,
+			      lpcfg_socket_options(torture->lp_ctx),
+			      lpcfg_gensec_settings(torture, torture->lp_ctx)
+			      );
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb2_connect failed");
+
+	/* smb re-authenticate as anonymous */
+
+	anon_creds = cli_credentials_init_anon(mem_ctx);
+
+	status = smb2_session_setup_spnego(tree->session,
+					   anon_creds,
+					   0 /* previous_session_id */);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"session reauth to anon failed");
+
+	/* open the lsa pipe */
+
+	status = pipe_bind_smb2(torture, mem_ctx, tree, "lsarpc",
+			        &ndr_table_lsarpc, &lsa_pipe);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"pipe_bind_smb2 failed");
+	lsa_handle = lsa_pipe->binding_handle;
+
+	/* lsa getusername */
+
+	ZERO_STRUCT(r);
+	r.in.system_name = "\\";
+	r.in.account_name = &account_name_p;
+	r.in.authority_name = &authority_name_p;
+	r.out.account_name = &account_name_p;
+
+	status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r);
+
+	authority_name_p = *r.out.authority_name;
+
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"GetUserName failed");
+	torture_assert_ntstatus_ok_goto(torture, r.out.result, ret, done,
+					"GetUserName failed");
+
+	torture_comment(torture, "lsa_GetUserName gave '%s\\%s'\n",
+			authority_name_p->string,
+			account_name_p->string);
+
+	account_name_saved = talloc_strdup(mem_ctx, account_name_p->string);
+	torture_assert_goto(torture, (account_name_saved != NULL), ret, done,
+			    "talloc failed");
+	authority_name_saved = talloc_strdup(mem_ctx, authority_name_p->string);
+	torture_assert_goto(torture, (authority_name_saved != NULL), ret, done,
+			    "talloc failed");
+
+	/* smb re-auth again to the original user */
+
+	status = smb2_session_setup_spnego(tree->session,
+					   samba_cmdline_get_creds(),
+					   0 /* previous_session_id */);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"session reauth to anon failed");
+
+	/* re-do lsa getusername */
+
+	TALLOC_FREE(authority_name_p);
+	TALLOC_FREE(account_name_p);
+	ZERO_STRUCT(r);
+	r.in.system_name = "\\";
+	r.in.account_name = &account_name_p;
+	r.in.authority_name = &authority_name_p;
+	r.out.account_name = &account_name_p;
+
+	status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r);
+
+	authority_name_p = *r.out.authority_name;
+
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"GetUserName failed");
+	torture_assert_ntstatus_ok_goto(torture, r.out.result, ret, done,
+					"GetUserName failed");
+
+	torture_assert_goto(torture, (strcmp(authority_name_p->string, authority_name_saved) == 0),
+			    ret, done, "authority_name not equal after reauth to anon");
+	torture_assert_goto(torture, (strcmp(account_name_p->string, account_name_saved) == 0),
+			    ret, done, "account_name not equal after reauth to anon");
+
+	ret = true;
+
+done:
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool torture_rpc_smb1_pipe_name(struct torture_context *torture)
+{
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+	bool ret = false;
+	struct smbcli_state *cli;
+	struct smbcli_options options;
+	struct smbcli_session_options session_options;
+	union smb_open io;
+	union smb_close cl;
+	uint16_t fnum;
+
+	mem_ctx = talloc_init("torture_samba3_smb1_pipe_name");
+	torture_assert(torture, (mem_ctx != NULL), "talloc_init failed");
+
+	lpcfg_smbcli_options(torture->lp_ctx, &options);
+	lpcfg_smbcli_session_options(torture->lp_ctx, &session_options);
+
+	status = smbcli_full_connection(mem_ctx, &cli,
+					torture_setting_string(torture, "host", NULL),
+					lpcfg_smb_ports(torture->lp_ctx),
+					"IPC$", NULL,
+					lpcfg_socket_options(torture->lp_ctx),
+					samba_cmdline_get_creds(),
+					lpcfg_resolve_context(torture->lp_ctx),
+					torture->ev, &options, &session_options,
+					lpcfg_gensec_settings(torture, torture->lp_ctx));
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smbcli_full_connection failed");
+
+	ZERO_STRUCT(io);
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.access_mask = DESIRED_ACCESS_PIPE;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+				       NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_IMPERSONATION;
+	io.ntcreatex.in.security_flags = 0;
+
+	io.ntcreatex.in.fname = "__none__";
+	status = smb_raw_open(cli->tree, torture, &io);
+	torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+					   ret, done,
+					   "smb_raw_open for '__none__'");
+
+	io.ntcreatex.in.fname = "pipe\\srvsvc";
+	status = smb_raw_open(cli->tree, torture, &io);
+	torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+					   ret, done,
+					   "smb_raw_open for 'pipe\\srvsvc'");
+
+	io.ntcreatex.in.fname = "\\pipe\\srvsvc";
+	status = smb_raw_open(cli->tree, torture, &io);
+	torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+					   ret, done,
+					   "smb_raw_open for '\\pipe\\srvsvc'");
+
+	io.ntcreatex.in.fname = "srvsvc";
+	status = smb_raw_open(cli->tree, torture, &io);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb2_create failed for 'srvsvc'");
+	fnum = io.ntcreatex.out.file.fnum;
+	ZERO_STRUCT(cl);
+	cl.generic.level = RAW_CLOSE_CLOSE;
+	cl.close.in.file.fnum = fnum;
+	status = smb_raw_close(cli->tree, &cl);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb_raw_close failed");
+
+	io.ntcreatex.in.fname = "\\srvsvc";
+	status = smb_raw_open(cli->tree, torture, &io);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb2_create failed for '\\srvsvc'");
+	fnum = io.ntcreatex.out.file.fnum;
+	ZERO_STRUCT(cl);
+	cl.generic.level = RAW_CLOSE_CLOSE;
+	cl.close.in.file.fnum = fnum;
+	status = smb_raw_close(cli->tree, &cl);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb_raw_close failed");
+
+	io.ntcreatex.in.fname = "\\\\\\\\\\srvsvc";
+	status = smb_raw_open(cli->tree, torture, &io);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb2_create failed for '\\\\\\\\\\srvsvc'");
+	fnum = io.ntcreatex.out.file.fnum;
+	ZERO_STRUCT(cl);
+	cl.generic.level = RAW_CLOSE_CLOSE;
+	cl.close.in.file.fnum = fnum;
+	status = smb_raw_close(cli->tree, &cl);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb_raw_close failed");
+
+	ZERO_STRUCT(io);
+	io.generic.level = RAW_OPEN_NTTRANS_CREATE;
+	io.nttrans.in.access_mask = DESIRED_ACCESS_PIPE;
+	io.nttrans.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+				       NTCREATEX_SHARE_ACCESS_WRITE;
+	io.nttrans.in.open_disposition = NTCREATEX_DISP_OPEN;
+	io.nttrans.in.impersonation = NTCREATEX_IMPERSONATION_IMPERSONATION;
+	io.nttrans.in.security_flags = 0;
+
+	io.nttrans.in.fname = "__none__";
+	status = smb_raw_open(cli->tree, torture, &io);
+	torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+					   ret, done,
+					   "smb_raw_open for '__none__'");
+
+	io.nttrans.in.fname = "pipe\\srvsvc";
+	status = smb_raw_open(cli->tree, torture, &io);
+	torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+					   ret, done,
+					   "smb_raw_open for 'pipe\\srvsvc'");
+
+	io.nttrans.in.fname = "\\pipe\\srvsvc";
+	status = smb_raw_open(cli->tree, torture, &io);
+	torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+					   ret, done,
+					   "smb_raw_open for '\\pipe\\srvsvc'");
+
+	io.nttrans.in.fname = "srvsvc";
+	status = smb_raw_open(cli->tree, torture, &io);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb2_create failed for 'srvsvc'");
+	fnum = io.nttrans.out.file.fnum;
+	ZERO_STRUCT(cl);
+	cl.generic.level = RAW_CLOSE_CLOSE;
+	cl.close.in.file.fnum = fnum;
+	status = smb_raw_close(cli->tree, &cl);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb_raw_close failed");
+
+	io.nttrans.in.fname = "\\srvsvc";
+	status = smb_raw_open(cli->tree, torture, &io);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb2_create failed for '\\srvsvc'");
+	fnum = io.nttrans.out.file.fnum;
+	ZERO_STRUCT(cl);
+	cl.generic.level = RAW_CLOSE_CLOSE;
+	cl.close.in.file.fnum = fnum;
+	status = smb_raw_close(cli->tree, &cl);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb_raw_close failed");
+
+	io.nttrans.in.fname = "\\\\\\\\\\srvsvc";
+	status = smb_raw_open(cli->tree, torture, &io);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb2_create failed for '\\\\\\\\\\srvsvc'");
+	fnum = io.nttrans.out.file.fnum;
+	ZERO_STRUCT(cl);
+	cl.generic.level = RAW_CLOSE_CLOSE;
+	cl.close.in.file.fnum = fnum;
+	status = smb_raw_close(cli->tree, &cl);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb_raw_close failed");
+
+	ZERO_STRUCT(io);
+	io.generic.level = RAW_OPEN_OPENX;
+	io.openx.in.open_mode = OPENX_MODE_ACCESS_RDWR;
+	io.openx.in.open_func = OPENX_OPEN_FUNC_OPEN;
+
+	io.openx.in.fname = "__none__";
+	status = smb_raw_open(cli->tree, torture, &io);
+	torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_PATH_SYNTAX_BAD,
+					   ret, done,
+					   "smb_raw_open for '__none__'");
+
+	io.openx.in.fname = "srvsvc";
+	status = smb_raw_open(cli->tree, torture, &io);
+	torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_PATH_SYNTAX_BAD,
+					   ret, done,
+					   "smb_raw_open for 'srvsvc'");
+
+	io.openx.in.fname = "\\srvsvc";
+	status = smb_raw_open(cli->tree, torture, &io);
+	torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_PATH_SYNTAX_BAD,
+					   ret, done,
+					   "smb_raw_open for '\\srvsvc'");
+
+	io.openx.in.fname = "\\pipesrvsvc";
+	status = smb_raw_open(cli->tree, torture, &io);
+	torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_PATH_SYNTAX_BAD,
+					   ret, done,
+					   "smb_raw_open for '\\pipesrvsvc'");
+
+	io.openx.in.fname = "pipe\\__none__";
+	status = smb_raw_open(cli->tree, torture, &io);
+	torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+					   ret, done,
+					   "smb_raw_open for 'pipe\\__none__'");
+
+	io.openx.in.fname = "\\pipe\\__none__";
+	status = smb_raw_open(cli->tree, torture, &io);
+	torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+					   ret, done,
+					   "smb_raw_open for '\\pipe\\__none__'");
+
+	io.openx.in.fname = "pipe\\srvsvc";
+	status = smb_raw_open(cli->tree, torture, &io);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb2_create failed for 'pipe\\srvsvc'");
+	fnum = io.openx.out.file.fnum;
+	ZERO_STRUCT(cl);
+	cl.generic.level = RAW_CLOSE_CLOSE;
+	cl.close.in.file.fnum = fnum;
+	status = smb_raw_close(cli->tree, &cl);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb_raw_close failed");
+
+	io.openx.in.fname = "\\pipe\\srvsvc";
+	status = smb_raw_open(cli->tree, torture, &io);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb2_create failed for '\\pipe\\srvsvc'");
+	fnum = io.openx.out.file.fnum;
+	ZERO_STRUCT(cl);
+	cl.generic.level = RAW_CLOSE_CLOSE;
+	cl.close.in.file.fnum = fnum;
+	status = smb_raw_close(cli->tree, &cl);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb_raw_close failed");
+
+	io.openx.in.fname = "\\\\\\\\\\pipe\\srvsvc";
+	status = smb_raw_open(cli->tree, torture, &io);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb2_create failed for '\\\\\\\\\\pipe\\srvsvc'");
+	fnum = io.openx.out.file.fnum;
+	ZERO_STRUCT(cl);
+	cl.generic.level = RAW_CLOSE_CLOSE;
+	cl.close.in.file.fnum = fnum;
+	status = smb_raw_close(cli->tree, &cl);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb_raw_close failed");
+
+	io.openx.in.fname = "\\\\\\\\\\pipe\\\\\\\\\\srvsvc";
+	status = smb_raw_open(cli->tree, torture, &io);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb2_create failed for '\\\\\\\\\\pipe\\\\\\\\\\srvsvc'");
+	fnum = io.openx.out.file.fnum;
+	ZERO_STRUCT(cl);
+	cl.generic.level = RAW_CLOSE_CLOSE;
+	cl.close.in.file.fnum = fnum;
+	status = smb_raw_close(cli->tree, &cl);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb_raw_close failed");
+	ret = true;
+
+done:
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool torture_rpc_smb2_pipe_name(struct torture_context *torture)
+{
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+	bool ret = false;
+	struct smbcli_options options;
+	const char *host = torture_setting_string(torture, "host", NULL);
+	struct smb2_tree *tree;
+	struct smb2_handle h;
+	struct smb2_create io;
+
+	mem_ctx = talloc_init("torture_samba3_smb2_pipe_name");
+	torture_assert(torture, (mem_ctx != NULL), "talloc_init failed");
+
+	lpcfg_smbcli_options(torture->lp_ctx, &options);
+
+	status = smb2_connect(mem_ctx,
+			      host,
+			      lpcfg_smb_ports(torture->lp_ctx),
+			      "IPC$",
+			      lpcfg_resolve_context(torture->lp_ctx),
+			      samba_cmdline_get_creds(),
+			      &tree,
+			      torture->ev,
+			      &options,
+			      lpcfg_socket_options(torture->lp_ctx),
+			      lpcfg_gensec_settings(torture, torture->lp_ctx)
+			      );
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb2_connect failed");
+
+	ZERO_STRUCT(io);
+	io.in.oplock_level = 0;
+	io.in.desired_access = DESIRED_ACCESS_PIPE;
+	io.in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION;
+	io.in.file_attributes = 0;
+	io.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.in.share_access =
+		NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.in.create_options = 0;
+
+	io.in.fname = "__none__";
+	status = smb2_create(tree, tree, &io);
+	torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+					   ret, done,
+					   "smb2_create for '__none__'");
+
+	io.in.fname = "\\srvsvc";
+	status = smb2_create(tree, tree, &io);
+	torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+					   ret, done,
+					   "smb2_create for '\\srvsvc'");
+
+	io.in.fname = "\\pipe\\srvsvc";
+	status = smb2_create(tree, tree, &io);
+	torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+					   ret, done,
+					   "smb2_create for '\\pipe\\srvsvc'");
+
+	io.in.fname = "pipe\\srvsvc";
+	status = smb2_create(tree, tree, &io);
+	torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+					   ret, done,
+					   "smb2_create for 'pipe\\srvsvc'");
+
+	io.in.fname = "srvsvc";
+	status = smb2_create(tree, tree, &io);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb2_create failed for 'srvsvc'");
+
+	h = io.out.file.handle;
+
+	status = smb2_util_close(tree, h);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb2_util_close failed");
+
+	ret = true;
+done:
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+/**
+ * Test behaviour of a waiting read call on a pipe when
+ * the pipe handle is closed:
+ * - open a pipe via smb2
+ * - trigger a read which hangs since there is nothing to read
+ * - close the pipe file handle
+ * - wait for the read to return and check the status
+ *   (STATUS_PIPE_BROKEN)
+ */
+static bool torture_rpc_smb2_pipe_read_close(struct torture_context *torture)
+{
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+	bool ret = false;
+	struct smbcli_options options;
+	const char *host = torture_setting_string(torture, "host", NULL);
+	struct smb2_tree *tree;
+	struct smb2_handle h;
+	struct smb2_request *smb2req;
+	struct smb2_create io;
+	struct smb2_read rd;
+
+	mem_ctx = talloc_init("torture_samba3_pipe_read_close");
+	torture_assert(torture, (mem_ctx != NULL), "talloc_init failed");
+
+	lpcfg_smbcli_options(torture->lp_ctx, &options);
+
+	status = smb2_connect(mem_ctx,
+			      host,
+			      lpcfg_smb_ports(torture->lp_ctx),
+			      "IPC$",
+			      lpcfg_resolve_context(torture->lp_ctx),
+			      samba_cmdline_get_creds(),
+			      &tree,
+			      torture->ev,
+			      &options,
+			      lpcfg_socket_options(torture->lp_ctx),
+			      lpcfg_gensec_settings(torture, torture->lp_ctx)
+			      );
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb2_connect failed");
+
+	ZERO_STRUCT(io);
+	io.in.oplock_level = 0;
+	io.in.desired_access = DESIRED_ACCESS_PIPE;
+	io.in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION;
+	io.in.file_attributes = 0;
+	io.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.in.share_access =
+		NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.in.create_options = 0;
+	io.in.fname = "lsarpc";
+
+	status = smb2_create(tree, tree, &io);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb2_create failed for 'lsarpc'");
+
+	h = io.out.file.handle;
+
+	ZERO_STRUCT(rd);
+	rd.in.file.handle = h;
+	rd.in.length = 1024;
+	rd.in.offset = 0;
+	rd.in.min_count = 0;
+
+	smb2req = smb2_read_send(tree, &rd);
+	torture_assert_goto(torture, (smb2req != NULL), ret, done,
+			    "smb2_read_send failed");
+
+	status = smb2_util_close(tree, h);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb2_util_close failed");
+
+	status = smb2_read_recv(smb2req, mem_ctx, &rd);
+	torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_PIPE_BROKEN, ret, done,
+					   "smb2_read_recv: unexpected return code");
+
+	ret = true;
+done:
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+/**
+ * Test behaviour of a waiting read call on a pipe when
+ * the tree is disconnected.
+ * - open a pipe via smb2
+ * - trigger a read which hangs since there is nothing to read
+ * - do a tree disconnect
+ * - wait for the read to return and check the status
+ *   (STATUS_PIPE_BROKEN)
+ */
+static bool torture_rpc_smb2_pipe_read_tdis(struct torture_context *torture)
+{
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+	bool ret = false;
+	struct smbcli_options options;
+	const char *host = torture_setting_string(torture, "host", NULL);
+	struct smb2_tree *tree;
+	struct smb2_handle h;
+	struct smb2_request *smb2req;
+	struct smb2_create io;
+	struct smb2_read rd;
+
+	mem_ctx = talloc_init("torture_samba3_pipe_read_tdis");
+	torture_assert(torture, (mem_ctx != NULL), "talloc_init failed");
+
+	lpcfg_smbcli_options(torture->lp_ctx, &options);
+
+	status = smb2_connect(mem_ctx,
+			      host,
+			      lpcfg_smb_ports(torture->lp_ctx),
+			      "IPC$",
+			      lpcfg_resolve_context(torture->lp_ctx),
+			      samba_cmdline_get_creds(),
+			      &tree,
+			      torture->ev,
+			      &options,
+			      lpcfg_socket_options(torture->lp_ctx),
+			      lpcfg_gensec_settings(torture, torture->lp_ctx)
+			      );
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb2_connect failed");
+
+	ZERO_STRUCT(io);
+	io.in.oplock_level = 0;
+	io.in.desired_access = DESIRED_ACCESS_PIPE;
+	io.in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION;
+	io.in.file_attributes = 0;
+	io.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.in.share_access =
+		NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.in.create_options = 0;
+	io.in.fname = "lsarpc";
+
+	status = smb2_create(tree, tree, &io);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb2_create failed for 'lsarpc'");
+
+	h = io.out.file.handle;
+
+	ZERO_STRUCT(rd);
+	rd.in.file.handle = h;
+	rd.in.length = 1024;
+	rd.in.offset = 0;
+	rd.in.min_count = 0;
+
+	smb2req = smb2_read_send(tree, &rd);
+	torture_assert_goto(torture, (smb2req != NULL), ret, done,
+			    "smb2_read_send failed");
+
+	status = smb2_tdis(tree);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb2_tdis failed");
+
+	status = smb2_read_recv(smb2req, mem_ctx, &rd);
+	torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_PIPE_BROKEN, ret, done,
+					   "smb2_read_recv: unexpected return code");
+
+	ret = true;
+done:
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+/**
+ * Test behaviour of a waiting read call on a pipe when
+ * the user logs off
+ * - open a pipe via smb2
+ * - trigger a read which hangs since there is nothing to read
+ * - do a logoff
+ * - wait for the read to return and check the status
+ *   (STATUS_PIPE_BROKEN)
+ */
+static bool torture_rpc_smb2_pipe_read_logoff(struct torture_context *torture)
+{
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+	bool ret = false;
+	struct smbcli_options options;
+	const char *host = torture_setting_string(torture, "host", NULL);
+	struct smb2_tree *tree;
+	struct smb2_handle h;
+	struct smb2_request *smb2req;
+	struct smb2_create io;
+	struct smb2_read rd;
+
+	mem_ctx = talloc_init("torture_samba3_pipe_read_tdis");
+	torture_assert(torture, (mem_ctx != NULL), "talloc_init failed");
+
+	lpcfg_smbcli_options(torture->lp_ctx, &options);
+
+	status = smb2_connect(mem_ctx,
+			      host,
+			      lpcfg_smb_ports(torture->lp_ctx),
+			      "IPC$",
+			      lpcfg_resolve_context(torture->lp_ctx),
+			      samba_cmdline_get_creds(),
+			      &tree,
+			      torture->ev,
+			      &options,
+			      lpcfg_socket_options(torture->lp_ctx),
+			      lpcfg_gensec_settings(torture, torture->lp_ctx)
+			      );
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb2_connect failed");
+
+	ZERO_STRUCT(io);
+	io.in.oplock_level = 0;
+	io.in.desired_access = DESIRED_ACCESS_PIPE;
+	io.in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION;
+	io.in.file_attributes = 0;
+	io.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.in.share_access =
+		NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.in.create_options = 0;
+	io.in.fname = "lsarpc";
+
+	status = smb2_create(tree, tree, &io);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb2_create failed for 'lsarpc'");
+
+	h = io.out.file.handle;
+
+	ZERO_STRUCT(rd);
+	rd.in.file.handle = h;
+	rd.in.length = 1024;
+	rd.in.offset = 0;
+	rd.in.min_count = 0;
+
+	smb2req = smb2_read_send(tree, &rd);
+	torture_assert_goto(torture, (smb2req != NULL), ret, done,
+			    "smb2_read_send failed");
+
+	status = smb2_logoff(tree->session);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb2_logoff failed");
+
+	status = smb2_read_recv(smb2req, mem_ctx, &rd);
+	torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_PIPE_BROKEN, ret, done,
+					   "smb2_read_recv: unexpected return code");
+
+	ret = true;
+done:
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool torture_rpc_lsa_over_netlogon(struct torture_context *torture)
+{
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+	bool ret = false;
+	struct smbcli_options options;
+	struct smb2_tree *tree;
+	struct dcerpc_pipe *netlogon_pipe;
+	struct dcerpc_binding_handle *lsa_handle;
+	struct lsa_ObjectAttribute attr;
+	struct lsa_QosInfo qos;
+	struct lsa_OpenPolicy2 o;
+	struct policy_handle handle;
+
+	torture_comment(torture, "Testing if we can access LSA server over "
+			"\\\\pipe\\netlogon rather than \\\\pipe\\lsarpc\n");
+
+	mem_ctx = talloc_init("torture_samba3_rpc_lsa_over_netlogon");
+	torture_assert(torture, (mem_ctx != NULL), "talloc_init failed");
+
+	lpcfg_smbcli_options(torture->lp_ctx, &options);
+
+	status = smb2_connect(mem_ctx,
+			      torture_setting_string(torture, "host", NULL),
+			      lpcfg_smb_ports(torture->lp_ctx),
+			      "IPC$",
+			      lpcfg_resolve_context(torture->lp_ctx),
+			      samba_cmdline_get_creds(),
+			      &tree,
+			      torture->ev,
+			      &options,
+			      lpcfg_socket_options(torture->lp_ctx),
+			      lpcfg_gensec_settings(torture, torture->lp_ctx)
+			      );
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb2_connect failed");
+
+	status = pipe_bind_smb2(torture, mem_ctx, tree, "netlogon",
+			        &ndr_table_lsarpc, &netlogon_pipe);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"pipe_bind_smb2 failed");
+	lsa_handle = netlogon_pipe->binding_handle;
+
+	qos.len = 0;
+	qos.impersonation_level = 2;
+	qos.context_mode = 1;
+	qos.effective_only = 0;
+
+	attr.len = 0;
+	attr.root_dir = NULL;
+	attr.object_name = NULL;
+	attr.attributes = 0;
+	attr.sec_desc = NULL;
+	attr.sec_qos = &qos;
+
+	o.in.system_name = "\\";
+	o.in.attr = &attr;
+	o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	o.out.handle = &handle;
+
+	torture_assert_ntstatus_ok(torture,
+			dcerpc_lsa_OpenPolicy2_r(lsa_handle, torture, &o),
+			"OpenPolicy2 failed");
+	torture_assert_ntstatus_ok(torture,
+				   o.out.result,
+				   "OpenPolicy2 failed");
+
+	ret = true;
+ done:
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool torture_rpc_pipes_supported_interfaces(
+					struct torture_context *torture)
+{
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+	bool ret = false;
+	struct smbcli_options options;
+	struct smb2_tree *tree;
+	struct dcerpc_pipe *pipe1;
+	struct dcerpc_pipe *pipe2;
+	struct dcerpc_pipe *pipe3;
+
+	torture_comment(torture, "Testing only appropriate interfaces are "
+			"available in smb pipes\n");
+
+	mem_ctx = talloc_init("torture_samba3_rpc_pipes_supported_interfaces");
+	torture_assert(torture, (mem_ctx != NULL), "talloc_init failed");
+
+	lpcfg_smbcli_options(torture->lp_ctx, &options);
+
+	status = smb2_connect(mem_ctx,
+			      torture_setting_string(torture, "host", NULL),
+			      lpcfg_smb_ports(torture->lp_ctx),
+			      "IPC$",
+			      lpcfg_resolve_context(torture->lp_ctx),
+			      samba_cmdline_get_creds(),
+			      &tree,
+			      torture->ev,
+			      &options,
+			      lpcfg_socket_options(torture->lp_ctx),
+			      lpcfg_gensec_settings(torture, torture->lp_ctx)
+			      );
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb2_connect failed");
+
+	/* Test embedded services pipes. The svcctl interface is
+	 * not available if we open the winreg pipe. */
+	status = pipe_bind_smb2(torture, mem_ctx, tree, "winreg",
+			        &ndr_table_svcctl, &pipe1);
+	torture_assert_ntstatus_equal(torture,
+			status,
+			NT_STATUS_RPC_UNSUPPORTED_NAME_SYNTAX,
+			"svcctl interface not supported in winreg pipe");
+
+	/* Test it is not possible to bind to S4 server provided services */
+	status = pipe_bind_smb2(torture, mem_ctx, tree, "srvsvc",
+			        &ndr_table_samr, &pipe2);
+	torture_assert_ntstatus_equal(torture,
+			status,
+			NT_STATUS_RPC_UNSUPPORTED_NAME_SYNTAX,
+			"samr interface not supported in srvsvc pipe");
+
+	/* Test pipes in forked daemons like lsassd. The lsarpc interface is
+	 * not available if we open the SAMR pipe. */
+	status = pipe_bind_smb2(torture, mem_ctx, tree, "samr",
+			        &ndr_table_lsarpc, &pipe3);
+	torture_assert_ntstatus_equal(torture,
+			status,
+			NT_STATUS_RPC_UNSUPPORTED_NAME_SYNTAX,
+			"lsarpc interface not supported in samr pipe");
+
+	ret = true;
+ done:
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+struct torture_suite *torture_rpc_samba3(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "samba3");
+
+	torture_suite_add_simple_test(suite, "bind", torture_bind_samba3);
+	torture_suite_add_simple_test(suite, "netlogon", torture_netlogon_samba3);
+	torture_suite_add_simple_test(suite, "sessionkey", torture_samba3_sessionkey);
+	torture_suite_add_simple_test(suite, "srvsvc", torture_samba3_rpc_srvsvc);
+	torture_suite_add_simple_test(suite, "sharesec", torture_samba3_rpc_sharesec);
+	torture_suite_add_simple_test(suite, "getusername", torture_samba3_rpc_getusername);
+	torture_suite_add_simple_test(suite, "randomauth2", torture_samba3_rpc_randomauth2);
+	torture_suite_add_simple_test(suite, "lsa", torture_samba3_rpc_lsa);
+	torture_suite_add_simple_test(suite, "spoolss", torture_samba3_rpc_spoolss);
+	torture_suite_add_simple_test(suite, "wkssvc", torture_samba3_rpc_wkssvc);
+	torture_suite_add_simple_test(suite, "winreg", torture_samba3_rpc_winreg);
+	torture_suite_add_simple_test(suite, "getaliasmembership-0", torture_samba3_getaliasmembership_0);
+	torture_suite_add_simple_test(suite, "regconfig", torture_samba3_regconfig);
+	torture_suite_add_simple_test(suite, "smb-reauth1", torture_rpc_smb_reauth1);
+	torture_suite_add_simple_test(suite, "smb-reauth2", torture_rpc_smb_reauth2);
+	torture_suite_add_simple_test(suite, "smb2-reauth1", torture_rpc_smb2_reauth1);
+	torture_suite_add_simple_test(suite, "smb2-reauth2", torture_rpc_smb2_reauth2);
+	torture_suite_add_simple_test(suite, "smb1-pipe-name", torture_rpc_smb1_pipe_name);
+	torture_suite_add_simple_test(suite, "smb2-pipe-name", torture_rpc_smb2_pipe_name);
+	torture_suite_add_simple_test(suite, "smb2-pipe-read-close", torture_rpc_smb2_pipe_read_close);
+	torture_suite_add_simple_test(suite, "smb2-pipe-read-tdis", torture_rpc_smb2_pipe_read_tdis);
+	torture_suite_add_simple_test(suite, "smb2-pipe-read-logoff", torture_rpc_smb2_pipe_read_logoff);
+	torture_suite_add_simple_test(suite,
+				      "lsa_over_netlogon",
+				      torture_rpc_lsa_over_netlogon);
+	torture_suite_add_simple_test(suite,
+				      "pipes_supported_interfaces",
+				      torture_rpc_pipes_supported_interfaces);
+
+	suite->description = talloc_strdup(suite, "samba3 DCERPC interface tests");
+
+	return suite;
+}
diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c
new file mode 100644
index 0000000..f16db64
--- /dev/null
+++ b/source4/torture/rpc/samlogon.c
@@ -0,0 +1,2121 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   test suite for netlogon SamLogon operations
+
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003-2004
+   Copyright (C) Tim Potter      2003
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_netlogon.h"
+#include "librpc/gen_ndr/ndr_netlogon_c.h"
+#include "librpc/gen_ndr/ndr_samr_c.h"
+#include "lib/cmdline/cmdline.h"
+#include "torture/rpc/torture_rpc.h"
+#include "auth/gensec/gensec.h"
+#include "libcli/auth/libcli_auth.h"
+#include "param/param.h"
+
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+
+#define TEST_MACHINE_NAME "samlogontest"
+#define TEST_USER_NAME "samlogontestuser"
+#define TEST_USER_NAME_WRONG_WKS "samlogontest2"
+#define TEST_USER_NAME_WRONG_TIME "samlogontest3"
+
+enum ntlm_break {
+	BREAK_BOTH,
+	BREAK_NONE,
+	BREAK_LM,
+	BREAK_NT,
+	NO_LM,
+	NO_NT
+};
+
+struct samlogon_state {
+	TALLOC_CTX *mem_ctx;
+	struct torture_context *tctx;
+	const char *comment;
+	const char *account_name;
+	const char *account_domain;
+	const char *netbios_name;
+	const char *password;
+	const char *workgroup;
+	struct dcerpc_pipe *p;
+	int function_level;
+	uint32_t parameter_control;
+	struct netr_LogonSamLogon r;
+	struct netr_LogonSamLogonEx r_ex;
+	struct netr_LogonSamLogonWithFlags r_flags;
+	struct netr_Authenticator auth, auth2;
+	struct netlogon_creds_CredentialState *creds;
+	NTSTATUS expected_error;
+	bool old_password; /* Allow an old password to be accepted or rejected without error, as well as session key bugs */
+	DATA_BLOB chall;
+};
+
+/*
+   Authenticate a user with a challenge/response, checking session key
+   and valid authentication types
+*/
+static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
+			       enum ntlm_break break_which,
+			       uint32_t parameter_control,
+			       DATA_BLOB *chall,
+			       DATA_BLOB *lm_response,
+			       DATA_BLOB *nt_response,
+			       uint8_t lm_key[8],
+			       uint8_t user_session_key[16],
+			       char **error_string)
+{
+	NTSTATUS status;
+	struct netr_LogonSamLogon *r = &samlogon_state->r;
+	struct netr_LogonSamLogonEx *r_ex = &samlogon_state->r_ex;
+	struct netr_LogonSamLogonWithFlags *r_flags = &samlogon_state->r_flags;
+	struct netr_NetworkInfo ninfo;
+	struct netr_SamBaseInfo *base = NULL;
+	uint16_t validation_level = 0;
+
+	samlogon_state->r.in.logon->network = &ninfo;
+	samlogon_state->r_ex.in.logon->network = &ninfo;
+	samlogon_state->r_flags.in.logon->network = &ninfo;
+
+	ninfo.identity_info.domain_name.string = samlogon_state->account_domain;
+	ninfo.identity_info.parameter_control = parameter_control;
+	ninfo.identity_info.logon_id = 0;
+	ninfo.identity_info.account_name.string = samlogon_state->account_name;
+	ninfo.identity_info.workstation.string = TEST_MACHINE_NAME;
+
+	memcpy(ninfo.challenge, chall->data, 8);
+
+	switch (break_which) {
+	case BREAK_NONE:
+		break;
+	case BREAK_LM:
+		if (lm_response && lm_response->data) {
+			lm_response->data[0]++;
+		}
+		break;
+	case BREAK_NT:
+		if (nt_response && nt_response->data) {
+			nt_response->data[0]++;
+		}
+		break;
+	case BREAK_BOTH:
+		if (lm_response && lm_response->data) {
+			lm_response->data[0]++;
+		}
+		if (nt_response && nt_response->data) {
+			nt_response->data[0]++;
+		}
+		break;
+	case NO_LM:
+		data_blob_free(lm_response);
+		break;
+	case NO_NT:
+		data_blob_free(nt_response);
+		break;
+	}
+
+	if (nt_response) {
+		ninfo.nt.data = nt_response->data;
+		ninfo.nt.length = nt_response->length;
+	} else {
+		ninfo.nt.data = NULL;
+		ninfo.nt.length = 0;
+	}
+
+	if (lm_response) {
+		ninfo.lm.data = lm_response->data;
+		ninfo.lm.length = lm_response->length;
+	} else {
+		ninfo.lm.data = NULL;
+		ninfo.lm.length = 0;
+	}
+
+	switch (samlogon_state->function_level) {
+	case NDR_NETR_LOGONSAMLOGON:
+		ZERO_STRUCT(samlogon_state->auth2);
+		netlogon_creds_client_authenticator(samlogon_state->creds, &samlogon_state->auth);
+
+		r->out.return_authenticator = NULL;
+		status = dcerpc_netr_LogonSamLogon_r(samlogon_state->p->binding_handle,
+						     samlogon_state->mem_ctx, r);
+		if (!NT_STATUS_IS_OK(status)) {
+			if (error_string) {
+				*error_string = strdup(nt_errstr(status));
+			}
+			return status;
+		}
+		if (!r->out.return_authenticator ||
+		    !netlogon_creds_client_check(samlogon_state->creds, &r->out.return_authenticator->cred)) {
+			torture_comment(samlogon_state->tctx, "Credential chaining failed\n");
+		}
+		if (!NT_STATUS_IS_OK(r->out.result)) {
+			if (error_string) {
+				*error_string = strdup(nt_errstr(r->out.result));
+			}
+			return r->out.result;
+		}
+
+		validation_level = r->in.validation_level;
+
+		status = netlogon_creds_decrypt_samlogon_validation(samlogon_state->creds,
+								    validation_level,
+								    r->out.validation);
+		if (!NT_STATUS_IS_OK(status)) {
+			if (error_string) {
+				*error_string = strdup(nt_errstr(status));
+			}
+			return status;
+		}
+
+		switch (validation_level) {
+		case 2:
+			base = &r->out.validation->sam2->base;
+			break;
+		case 3:
+			base = &r->out.validation->sam3->base;
+			break;
+		case 6:
+			base = &r->out.validation->sam6->base;
+			break;
+		}
+		break;
+	case NDR_NETR_LOGONSAMLOGONEX:
+		status = dcerpc_netr_LogonSamLogonEx_r(samlogon_state->p->binding_handle,
+						       samlogon_state->mem_ctx, r_ex);
+		if (!NT_STATUS_IS_OK(status)) {
+			if (error_string) {
+				*error_string = strdup(nt_errstr(status));
+			}
+			return status;
+		}
+		if (!NT_STATUS_IS_OK(r_ex->out.result)) {
+			if (error_string) {
+				*error_string = strdup(nt_errstr(r_ex->out.result));
+			}
+			return r_ex->out.result;
+		}
+
+		validation_level = r_ex->in.validation_level;
+
+		status = netlogon_creds_decrypt_samlogon_validation(samlogon_state->creds,
+								    validation_level,
+								    r_ex->out.validation);
+		if (!NT_STATUS_IS_OK(status)) {
+			if (error_string) {
+				*error_string = strdup(nt_errstr(status));
+			}
+			return status;
+		}
+
+		switch (validation_level) {
+		case 2:
+			base = &r_ex->out.validation->sam2->base;
+			break;
+		case 3:
+			base = &r_ex->out.validation->sam3->base;
+			break;
+		case 6:
+			base = &r_ex->out.validation->sam6->base;
+			break;
+		}
+		break;
+	case NDR_NETR_LOGONSAMLOGONWITHFLAGS:
+		ZERO_STRUCT(samlogon_state->auth2);
+		netlogon_creds_client_authenticator(samlogon_state->creds, &samlogon_state->auth);
+
+		r_flags->out.return_authenticator = NULL;
+		status = dcerpc_netr_LogonSamLogonWithFlags_r(samlogon_state->p->binding_handle,
+							      samlogon_state->mem_ctx, r_flags);
+		if (!NT_STATUS_IS_OK(status)) {
+			if (error_string) {
+				*error_string = strdup(nt_errstr(status));
+			}
+			return status;
+		}
+		if (!r_flags->out.return_authenticator ||
+		    !netlogon_creds_client_check(samlogon_state->creds, &r_flags->out.return_authenticator->cred)) {
+			torture_comment(samlogon_state->tctx, "Credential chaining failed\n");
+		}
+		if (!NT_STATUS_IS_OK(r_flags->out.result)) {
+			if (error_string) {
+				*error_string = strdup(nt_errstr(r_flags->out.result));
+			}
+			return r_flags->out.result;
+		}
+
+		validation_level = r_flags->in.validation_level;
+
+		status = netlogon_creds_decrypt_samlogon_validation(samlogon_state->creds,
+								    validation_level,
+								    r_flags->out.validation);
+		if (!NT_STATUS_IS_OK(status)) {
+			if (error_string) {
+				*error_string = strdup(nt_errstr(status));
+			}
+			return status;
+		}
+
+		switch (validation_level) {
+		case 2:
+			base = &r_flags->out.validation->sam2->base;
+			break;
+		case 3:
+			base = &r_flags->out.validation->sam3->base;
+			break;
+		case 6:
+			base = &r_flags->out.validation->sam6->base;
+			break;
+		}
+		break;
+	default:
+		/* can't happen */
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (!base) {
+		torture_comment(samlogon_state->tctx, "No user info returned from 'successful' SamLogon*() call!\n");
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (user_session_key) {
+		memcpy(user_session_key, base->key.key, 16);
+	}
+	if (lm_key) {
+		memcpy(lm_key, base->LMSessKey.key, 8);
+	}
+
+	return status;
+}
+
+
+/*
+ * Test the normal 'LM and NTLM' combination
+ */
+
+static bool test_lm_ntlm_broken(struct samlogon_state *samlogon_state, enum ntlm_break break_which, char **error_string)
+{
+	bool pass = true;
+	bool lm_good;
+	NTSTATUS nt_status;
+	DATA_BLOB lm_response = data_blob_talloc(samlogon_state->mem_ctx, NULL, 24);
+	DATA_BLOB nt_response = data_blob_talloc(samlogon_state->mem_ctx, NULL, 24);
+	DATA_BLOB session_key = data_blob_talloc(samlogon_state->mem_ctx, NULL, 16);
+
+	uint8_t lm_key[8];
+	uint8_t user_session_key[16];
+	uint8_t lm_hash[16];
+	uint8_t nt_hash[16];
+
+	ZERO_STRUCT(lm_key);
+	ZERO_STRUCT(user_session_key);
+
+	lm_good = SMBencrypt(samlogon_state->password, samlogon_state->chall.data, lm_response.data);
+	if (!lm_good) {
+		ZERO_STRUCT(lm_hash);
+	} else {
+		E_deshash(samlogon_state->password, lm_hash);
+	}
+
+	SMBNTencrypt(samlogon_state->password, samlogon_state->chall.data, nt_response.data);
+
+	E_md4hash(samlogon_state->password, nt_hash);
+	SMBsesskeygen_ntv1(nt_hash, session_key.data);
+
+	nt_status = check_samlogon(samlogon_state,
+				   break_which,
+				   samlogon_state->parameter_control,
+				   &samlogon_state->chall,
+				   &lm_response,
+				   &nt_response,
+				   lm_key,
+				   user_session_key,
+				   error_string);
+
+	data_blob_free(&lm_response);
+
+	if (NT_STATUS_EQUAL(NT_STATUS_WRONG_PASSWORD, nt_status)) {
+		/* for 'long' passwords, the LM password is invalid */
+		if (break_which == NO_NT && !lm_good) {
+			return true;
+		}
+		/* for modern servers, the LM password is invalid */
+		if (break_which == NO_NT
+		    && !torture_setting_bool(samlogon_state->tctx, "samba3", false)) {
+			return true;
+		}
+
+		/* for 'old' passwords, we allow the server to be OK or wrong password */
+		if (samlogon_state->old_password) {
+			return true;
+		}
+		return ((break_which == BREAK_NT) || (break_which == BREAK_BOTH));
+	} else if (NT_STATUS_EQUAL(NT_STATUS_NOT_FOUND, nt_status) && strchr_m(samlogon_state->account_name, '@')) {
+		return ((break_which == BREAK_NT) || (break_which == BREAK_BOTH) || (break_which == NO_NT));
+	} else if (!NT_STATUS_EQUAL(samlogon_state->expected_error, nt_status)) {
+		int ret;
+
+		SAFE_FREE(*error_string);
+		ret = asprintf(error_string, "Expected error: %s, got %s", nt_errstr(samlogon_state->expected_error), nt_errstr(nt_status));
+		if (ret == -1) {
+			*error_string = NULL;
+		}
+		return false;
+	} else if (NT_STATUS_EQUAL(samlogon_state->expected_error, nt_status) && !NT_STATUS_IS_OK(nt_status)) {
+		return true;
+	} else if (!NT_STATUS_IS_OK(nt_status)) {
+		return false;
+	}
+
+	if (break_which == NO_NT && !lm_good) {
+	        *error_string = strdup("LM password is 'long' (> 14 chars and therefore invalid) but login did not fail!");
+		return false;
+	}
+
+	/* for modern servers, the LM password is invalid */
+	if (break_which == NO_NT
+	    && !torture_setting_bool(samlogon_state->tctx, "samba3", false)) {
+	        *error_string = strdup("LM password is OK but should have failed against a modern server");
+		return false;
+	}
+
+	if (!all_zero(lm_key, sizeof(lm_key)) != 0) {
+		torture_comment(samlogon_state->tctx, "LM Key does not match expectations!\n");
+		torture_comment(samlogon_state->tctx, "lm_key:\n");
+		dump_data(1, lm_key, 8);
+		torture_comment(samlogon_state->tctx, "expected (all zeros):\n");
+		pass = false;
+	}
+
+	switch (break_which) {
+	case NO_NT:
+	{
+		uint8_t lm_key_expected[16];
+		memcpy(lm_key_expected, session_key.data, 8);
+		memset(lm_key_expected+8, '\0', 8);
+		if (memcmp(lm_key_expected, user_session_key,
+			   16) != 0) {
+			*error_string = strdup("NT Session Key does not match expectations (should be first-8 session key)!\n");
+			torture_comment(samlogon_state->tctx, "user_session_key:\n");
+			dump_data(1, user_session_key, sizeof(user_session_key));
+			torture_comment(samlogon_state->tctx, "expected:\n");
+			dump_data(1, lm_key_expected, sizeof(lm_key_expected));
+			pass = false;
+		}
+		break;
+	}
+	default:
+		if (memcmp(session_key.data, user_session_key,
+			   sizeof(user_session_key)) != 0) {
+			*error_string = strdup("NT Session Key does not match expectations!\n");
+			torture_comment(samlogon_state->tctx, "user_session_key:\n");
+			dump_data(1, user_session_key, 16);
+			torture_comment(samlogon_state->tctx, "expected:\n");
+			dump_data(1, session_key.data, session_key.length);
+			pass = false;
+		}
+	}
+        return pass;
+}
+
+/*
+ * Test LM authentication, no NT response supplied
+ */
+
+static bool test_lm(struct samlogon_state *samlogon_state, char **error_string)
+{
+
+	return test_lm_ntlm_broken(samlogon_state, NO_NT, error_string);
+}
+
+/*
+ * Test the NTLM response only, no LM.
+ */
+
+static bool test_ntlm(struct samlogon_state *samlogon_state, char **error_string)
+{
+	return test_lm_ntlm_broken(samlogon_state, NO_LM, error_string);
+}
+
+/*
+ * Test the NTLM response only, but in the LM field.
+ */
+
+static bool test_ntlm_in_lm(struct samlogon_state *samlogon_state, char **error_string)
+{
+	bool lm_good;
+	bool pass = true;
+	NTSTATUS nt_status;
+	DATA_BLOB nt_response = data_blob_talloc(samlogon_state->mem_ctx, NULL, 24);
+	DATA_BLOB session_key = data_blob_talloc(samlogon_state->mem_ctx, NULL, 16);
+
+	uint8_t lm_key[8];
+	uint8_t lm_hash[16];
+	uint8_t user_session_key[16];
+	uint8_t nt_hash[16];
+
+	ZERO_STRUCT(lm_key);
+	ZERO_STRUCT(user_session_key);
+
+	SMBNTencrypt(samlogon_state->password, samlogon_state->chall.data,
+		     nt_response.data);
+	E_md4hash(samlogon_state->password, nt_hash);
+	SMBsesskeygen_ntv1(nt_hash,
+			   session_key.data);
+
+	lm_good = E_deshash(samlogon_state->password, lm_hash);
+	if (!lm_good) {
+		ZERO_STRUCT(lm_hash);
+	}
+	nt_status = check_samlogon(samlogon_state,
+				   BREAK_NONE,
+				   samlogon_state->parameter_control,
+				   &samlogon_state->chall,
+				   &nt_response,
+				   NULL,
+				   lm_key,
+				   user_session_key,
+				   error_string);
+
+	if (NT_STATUS_EQUAL(NT_STATUS_WRONG_PASSWORD, nt_status)) {
+		/* for 'old' passwords, we allow the server to be OK or wrong password */
+		if (samlogon_state->old_password) {
+			return true;
+		}
+		return false;
+	} else if (!NT_STATUS_EQUAL(samlogon_state->expected_error, nt_status)) {
+		int ret;
+
+		SAFE_FREE(*error_string);
+		ret = asprintf(error_string, "Expected error: %s, got %s", nt_errstr(samlogon_state->expected_error), nt_errstr(nt_status));
+		if (ret == -1) {
+			*error_string = NULL;
+		}
+		return false;
+	} else if (NT_STATUS_EQUAL(samlogon_state->expected_error, nt_status) && !NT_STATUS_IS_OK(nt_status)) {
+		return true;
+	} else if (!NT_STATUS_IS_OK(nt_status)) {
+		return false;
+	}
+
+	if (torture_setting_bool(samlogon_state->tctx, "samba4", false)) {
+		if (!all_zero(lm_key, sizeof(lm_key)) != 0) {
+			torture_comment(samlogon_state->tctx, "LM Key does not match expectations!\n");
+			torture_comment(samlogon_state->tctx, "lm_key:\n");
+			dump_data(1, lm_key, 8);
+			torture_comment(samlogon_state->tctx, "expected (all zeros):\n");
+			pass = false;
+		}
+
+
+		if (!all_zero(user_session_key, sizeof(user_session_key)) != 0) {
+			torture_comment(samlogon_state->tctx, "NT Key does not match expectations!\n");
+			torture_comment(samlogon_state->tctx, "user_session_key:\n");
+			dump_data(1, user_session_key, sizeof(user_session_key));
+			torture_comment(samlogon_state->tctx, "expected (all zeros):\n");
+			pass = false;
+		}
+	} else {
+		if (lm_good) {
+			if (memcmp(lm_hash, lm_key,
+				   sizeof(lm_key)) != 0) {
+				torture_comment(samlogon_state->tctx, "LM Key does not match expectations!\n");
+				torture_comment(samlogon_state->tctx, "lm_key:\n");
+				dump_data(1, lm_key, 8);
+				torture_comment(samlogon_state->tctx, "expected:\n");
+				dump_data(1, lm_hash, 8);
+				pass = false;
+			}
+#if 0
+		} else {
+			if (memcmp(session_key.data, lm_key,
+				   sizeof(lm_key)) != 0) {
+				torture_comment(samlogon_state->tctx, "LM Key does not match expectations (first 8 session key)!\n");
+				torture_comment(samlogon_state->tctx, "lm_key:\n");
+				dump_data(1, lm_key, 8);
+				torture_comment(samlogon_state->tctx, "expected:\n");
+				dump_data(1, session_key.data, 8);
+			pass = false;
+			}
+#endif
+		}
+		if (lm_good && memcmp(lm_hash, user_session_key, 8) != 0) {
+			uint8_t lm_key_expected[16];
+			memcpy(lm_key_expected, lm_hash, 8);
+			memset(lm_key_expected+8, '\0', 8);
+			if (memcmp(lm_key_expected, user_session_key,
+				   16) != 0) {
+				torture_comment(samlogon_state->tctx, "NT Session Key does not match expectations (should be first-8 LM hash)!\n");
+				torture_comment(samlogon_state->tctx, "user_session_key:\n");
+				dump_data(1, user_session_key, sizeof(user_session_key));
+				torture_comment(samlogon_state->tctx, "expected:\n");
+				dump_data(1, lm_key_expected, sizeof(lm_key_expected));
+				pass = false;
+			}
+		}
+	}
+        return pass;
+}
+
+/*
+ * Test the NTLM response only, but in the both the NT and LM fields.
+ */
+
+static bool test_ntlm_in_both(struct samlogon_state *samlogon_state, char **error_string)
+{
+	bool pass = true;
+	bool lm_good;
+	NTSTATUS nt_status;
+	DATA_BLOB nt_response = data_blob_talloc(samlogon_state->mem_ctx, NULL, 24);
+	DATA_BLOB session_key = data_blob_talloc(samlogon_state->mem_ctx, NULL, 16);
+
+	uint8_t lm_key[8];
+	uint8_t lm_hash[16];
+	uint8_t user_session_key[16];
+	uint8_t nt_hash[16];
+
+	ZERO_STRUCT(lm_key);
+	ZERO_STRUCT(user_session_key);
+
+	SMBNTencrypt(samlogon_state->password, samlogon_state->chall.data,
+		     nt_response.data);
+	E_md4hash(samlogon_state->password, nt_hash);
+	SMBsesskeygen_ntv1(nt_hash,
+			   session_key.data);
+
+	lm_good = E_deshash(samlogon_state->password, lm_hash);
+	if (!lm_good) {
+		ZERO_STRUCT(lm_hash);
+	}
+
+	nt_status = check_samlogon(samlogon_state,
+				   BREAK_NONE,
+				   samlogon_state->parameter_control,
+				   &samlogon_state->chall,
+				   NULL,
+				   &nt_response,
+				   lm_key,
+				   user_session_key,
+				   error_string);
+
+	if (NT_STATUS_EQUAL(NT_STATUS_WRONG_PASSWORD, nt_status)) {
+		/* for 'old' passwords, we allow the server to be OK or wrong password */
+		if (samlogon_state->old_password) {
+			return true;
+		}
+		return false;
+	} else if (!NT_STATUS_EQUAL(samlogon_state->expected_error, nt_status)) {
+		int ret;
+
+		SAFE_FREE(*error_string);
+		ret = asprintf(error_string, "Expected error: %s, got %s", nt_errstr(samlogon_state->expected_error), nt_errstr(nt_status));
+		if (ret == -1) {
+			*error_string = NULL;
+		}
+		return false;
+	} else if (NT_STATUS_EQUAL(samlogon_state->expected_error, nt_status) && !NT_STATUS_IS_OK(nt_status)) {
+		return true;
+	} else if (!NT_STATUS_IS_OK(nt_status)) {
+		return false;
+	}
+
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		return false;
+	}
+
+	if (!all_zero(lm_key,
+		      sizeof(lm_key)) != 0) {
+		torture_comment(samlogon_state->tctx, "LM Key does not match expectations!\n");
+		torture_comment(samlogon_state->tctx, "lm_key:\n");
+		dump_data(1, lm_key, 8);
+		torture_comment(samlogon_state->tctx, "expected (all zero)\n");
+		pass = false;
+	}
+	if (memcmp(session_key.data, user_session_key,
+		   sizeof(user_session_key)) != 0) {
+		torture_comment(samlogon_state->tctx, "NT Session Key does not match expectations!\n");
+		torture_comment(samlogon_state->tctx, "user_session_key:\n");
+		dump_data(1, user_session_key, 16);
+		torture_comment(samlogon_state->tctx, "expected:\n");
+		dump_data(1, session_key.data, session_key.length);
+		pass = false;
+	}
+
+
+        return pass;
+}
+
+/*
+ * Test the NTLMv2 and LMv2 responses
+ */
+
+enum ntlmv2_domain {
+	UPPER_DOMAIN,
+	NO_DOMAIN
+};
+
+static bool test_lmv2_ntlmv2_broken(struct samlogon_state *samlogon_state,
+				    enum ntlm_break break_which,
+				    enum ntlmv2_domain ntlmv2_domain,
+				    char **error_string)
+{
+	bool pass = true;
+	NTSTATUS nt_status;
+	DATA_BLOB ntlmv2_response = data_blob(NULL, 0);
+	DATA_BLOB lmv2_response = data_blob(NULL, 0);
+	DATA_BLOB lmv2_session_key = data_blob(NULL, 0);
+	DATA_BLOB ntlmv2_session_key = data_blob(NULL, 0);
+	DATA_BLOB names_blob = NTLMv2_generate_names_blob(samlogon_state->mem_ctx, TEST_MACHINE_NAME, samlogon_state->workgroup);
+
+	uint8_t lm_session_key[8];
+	uint8_t user_session_key[16];
+
+	ZERO_STRUCT(lm_session_key);
+	ZERO_STRUCT(user_session_key);
+
+	switch (ntlmv2_domain) {
+	case UPPER_DOMAIN:
+		if (!SMBNTLMv2encrypt(samlogon_state->mem_ctx,
+				      samlogon_state->account_name, samlogon_state->account_domain,
+				      samlogon_state->password, &samlogon_state->chall,
+				      &names_blob,
+				      &lmv2_response, &ntlmv2_response,
+				      &lmv2_session_key, &ntlmv2_session_key)) {
+			data_blob_free(&names_blob);
+			return false;
+		}
+		break;
+	case NO_DOMAIN:
+		if (!SMBNTLMv2encrypt(samlogon_state->mem_ctx,
+				      samlogon_state->account_name, "",
+				      samlogon_state->password, &samlogon_state->chall,
+				      &names_blob,
+				      &lmv2_response, &ntlmv2_response,
+				      &lmv2_session_key, &ntlmv2_session_key)) {
+			data_blob_free(&names_blob);
+			return false;
+		}
+		break;
+	}
+	data_blob_free(&names_blob);
+
+	nt_status = check_samlogon(samlogon_state,
+				   break_which,
+				   samlogon_state->parameter_control,
+				   &samlogon_state->chall,
+				   &lmv2_response,
+				   &ntlmv2_response,
+				   lm_session_key,
+				   user_session_key,
+				   error_string);
+
+	data_blob_free(&lmv2_response);
+	data_blob_free(&ntlmv2_response);
+
+
+	if (NT_STATUS_EQUAL(NT_STATUS_WRONG_PASSWORD, nt_status)) {
+		/* for 'old' passwords, we allow the server to be OK or wrong password */
+		if (samlogon_state->old_password) {
+			return true;
+		}
+		return break_which == BREAK_BOTH;
+	} else if (NT_STATUS_EQUAL(NT_STATUS_NOT_FOUND, nt_status) && strchr_m(samlogon_state->account_name, '@')) {
+		return ((break_which == BREAK_NT) || (break_which == BREAK_BOTH) || (break_which == NO_NT));
+	} else if (!NT_STATUS_EQUAL(samlogon_state->expected_error, nt_status)) {
+		int ret;
+
+		SAFE_FREE(*error_string);
+		ret = asprintf(error_string, "Expected error: %s, got %s", nt_errstr(samlogon_state->expected_error), nt_errstr(nt_status));
+		if (ret == -1) {
+			*error_string = NULL;
+		}
+		return false;
+	} else if (NT_STATUS_EQUAL(samlogon_state->expected_error, nt_status) && !NT_STATUS_IS_OK(nt_status)) {
+		return true;
+	} else if (!NT_STATUS_IS_OK(nt_status)) {
+		return false;
+	}
+
+
+	switch (break_which) {
+	case NO_NT:
+		if (memcmp(lmv2_session_key.data, user_session_key,
+			   sizeof(user_session_key)) != 0) {
+			torture_comment(samlogon_state->tctx, "USER (LMv2) Session Key does not match expectations!\n");
+			torture_comment(samlogon_state->tctx, "user_session_key:\n");
+			dump_data(1, user_session_key, 16);
+			torture_comment(samlogon_state->tctx, "expected:\n");
+			dump_data(1, lmv2_session_key.data, ntlmv2_session_key.length);
+			pass = false;
+		}
+		if (memcmp(lmv2_session_key.data, lm_session_key,
+				   sizeof(lm_session_key)) != 0) {
+			torture_comment(samlogon_state->tctx, "LM (LMv2) Session Key does not match expectations!\n");
+			torture_comment(samlogon_state->tctx, "lm_session_key:\n");
+			dump_data(1, lm_session_key, 8);
+			torture_comment(samlogon_state->tctx, "expected:\n");
+			dump_data(1, lmv2_session_key.data, 8);
+			pass = false;
+		}
+		break;
+	default:
+		if (memcmp(ntlmv2_session_key.data, user_session_key,
+			   sizeof(user_session_key)) != 0) {
+			if (memcmp(lmv2_session_key.data, user_session_key,
+				   sizeof(user_session_key)) == 0) {
+				torture_comment(samlogon_state->tctx, "USER (NTLMv2) Session Key expected, got LMv2 session key instead:\n");
+				torture_comment(samlogon_state->tctx, "user_session_key:\n");
+				dump_data(1, user_session_key, 16);
+				torture_comment(samlogon_state->tctx, "expected:\n");
+				dump_data(1, ntlmv2_session_key.data, ntlmv2_session_key.length);
+				pass = false;
+
+			} else {
+				torture_comment(samlogon_state->tctx, "USER (NTLMv2) Session Key does not match expectations!\n");
+				torture_comment(samlogon_state->tctx, "user_session_key:\n");
+				dump_data(1, user_session_key, 16);
+				torture_comment(samlogon_state->tctx, "expected:\n");
+				dump_data(1, ntlmv2_session_key.data, ntlmv2_session_key.length);
+				pass = false;
+			}
+		}
+		if (memcmp(ntlmv2_session_key.data, lm_session_key,
+			   sizeof(lm_session_key)) != 0) {
+			if (memcmp(lmv2_session_key.data, lm_session_key,
+				   sizeof(lm_session_key)) == 0) {
+				torture_comment(samlogon_state->tctx, "LM (NTLMv2) Session Key expected, got LMv2 session key instead:\n");
+				torture_comment(samlogon_state->tctx, "user_session_key:\n");
+				dump_data(1, lm_session_key, 8);
+				torture_comment(samlogon_state->tctx, "expected:\n");
+				dump_data(1, ntlmv2_session_key.data, 8);
+				pass = false;
+			} else {
+				torture_comment(samlogon_state->tctx, "LM (NTLMv2) Session Key does not match expectations!\n");
+				torture_comment(samlogon_state->tctx, "lm_session_key:\n");
+				dump_data(1, lm_session_key, 8);
+				torture_comment(samlogon_state->tctx, "expected:\n");
+				dump_data(1, ntlmv2_session_key.data, 8);
+				pass = false;
+			}
+		}
+	}
+
+        return pass;
+}
+
+/*
+ * Test the NTLM and LMv2 responses
+ */
+
+static bool test_lmv2_ntlm_broken(struct samlogon_state *samlogon_state,
+				  enum ntlm_break break_which,
+				  enum ntlmv2_domain ntlmv2_domain,
+				  char **error_string)
+{
+	bool pass = true;
+	NTSTATUS nt_status;
+	DATA_BLOB ntlmv2_response = data_blob(NULL, 0);
+	DATA_BLOB lmv2_response = data_blob(NULL, 0);
+	DATA_BLOB lmv2_session_key = data_blob(NULL, 0);
+	DATA_BLOB ntlmv2_session_key = data_blob(NULL, 0);
+	DATA_BLOB names_blob = NTLMv2_generate_names_blob(samlogon_state->mem_ctx, samlogon_state->netbios_name, samlogon_state->workgroup);
+
+	DATA_BLOB ntlm_response = data_blob_talloc(samlogon_state->mem_ctx, NULL, 24);
+	DATA_BLOB ntlm_session_key = data_blob_talloc(samlogon_state->mem_ctx, NULL, 16);
+
+	bool lm_good;
+	uint8_t lm_hash[16];
+	uint8_t lm_session_key[8];
+	uint8_t user_session_key[16];
+	uint8_t nt_hash[16];
+
+	SMBNTencrypt(samlogon_state->password, samlogon_state->chall.data,
+		     ntlm_response.data);
+	E_md4hash(samlogon_state->password, nt_hash);
+	SMBsesskeygen_ntv1(nt_hash,
+			   ntlm_session_key.data);
+
+	lm_good = E_deshash(samlogon_state->password, lm_hash);
+	if (!lm_good) {
+		ZERO_STRUCT(lm_hash);
+	}
+
+	ZERO_STRUCT(lm_session_key);
+	ZERO_STRUCT(user_session_key);
+
+	switch (ntlmv2_domain) {
+	case UPPER_DOMAIN:
+		/* TODO - test with various domain cases, and without domain */
+		if (!SMBNTLMv2encrypt(samlogon_state->mem_ctx,
+				      samlogon_state->account_name, samlogon_state->account_domain,
+				      samlogon_state->password, &samlogon_state->chall,
+				      &names_blob,
+				      &lmv2_response, &ntlmv2_response,
+				      &lmv2_session_key, &ntlmv2_session_key)) {
+			data_blob_free(&names_blob);
+			return false;
+		}
+		break;
+	case NO_DOMAIN:
+		/* TODO - test with various domain cases, and without domain */
+		if (!SMBNTLMv2encrypt(samlogon_state->mem_ctx,
+				      samlogon_state->account_name, "",
+				      samlogon_state->password, &samlogon_state->chall,
+				      &names_blob,
+				      &lmv2_response, &ntlmv2_response,
+				      &lmv2_session_key, &ntlmv2_session_key)) {
+			data_blob_free(&names_blob);
+			return false;
+		}
+		break;
+	}
+
+	data_blob_free(&names_blob);
+
+	nt_status = check_samlogon(samlogon_state,
+				   break_which,
+				   samlogon_state->parameter_control,
+				   &samlogon_state->chall,
+				   &lmv2_response,
+				   &ntlm_response,
+				   lm_session_key,
+				   user_session_key,
+				   error_string);
+
+	data_blob_free(&lmv2_response);
+	data_blob_free(&ntlmv2_response);
+
+
+	if (NT_STATUS_EQUAL(NT_STATUS_WRONG_PASSWORD, nt_status)) {
+		/* for 'old' passwords, we allow the server to be OK or wrong password */
+		if (samlogon_state->old_password) {
+			return true;
+		}
+		return ((break_which == BREAK_NT) || (break_which == BREAK_BOTH));
+	} else if (NT_STATUS_EQUAL(NT_STATUS_NOT_FOUND, nt_status) && strchr_m(samlogon_state->account_name, '@')) {
+		return ((break_which == BREAK_NT) || (break_which == BREAK_BOTH));
+	} else if (!NT_STATUS_EQUAL(samlogon_state->expected_error, nt_status)) {
+		int ret;
+
+		SAFE_FREE(*error_string);
+		ret = asprintf(error_string, "Expected error: %s, got %s", nt_errstr(samlogon_state->expected_error), nt_errstr(nt_status));
+		if (ret == -1) {
+			*error_string = NULL;
+		}
+		return false;
+	} else if (NT_STATUS_EQUAL(samlogon_state->expected_error, nt_status) && !NT_STATUS_IS_OK(nt_status)) {
+		return true;
+	} else if (!NT_STATUS_IS_OK(nt_status)) {
+		return false;
+	}
+
+	switch (break_which) {
+	case NO_NT:
+		if (memcmp(lmv2_session_key.data, user_session_key,
+			   sizeof(user_session_key)) != 0) {
+			torture_comment(samlogon_state->tctx, "USER (LMv2) Session Key does not match expectations!\n");
+			torture_comment(samlogon_state->tctx, "user_session_key:\n");
+			dump_data(1, user_session_key, 16);
+			torture_comment(samlogon_state->tctx, "expected:\n");
+			dump_data(1, lmv2_session_key.data, ntlmv2_session_key.length);
+			pass = false;
+		}
+		if (memcmp(lmv2_session_key.data, lm_session_key,
+			   sizeof(lm_session_key)) != 0) {
+			torture_comment(samlogon_state->tctx, "LM (LMv2) Session Key does not match expectations!\n");
+			torture_comment(samlogon_state->tctx, "lm_session_key:\n");
+			dump_data(1, lm_session_key, 8);
+			torture_comment(samlogon_state->tctx, "expected:\n");
+			dump_data(1, lmv2_session_key.data, 8);
+			pass = false;
+		}
+		break;
+	case BREAK_LM:
+		if (memcmp(ntlm_session_key.data, user_session_key,
+			   sizeof(user_session_key)) != 0) {
+			torture_comment(samlogon_state->tctx, "USER (NTLMv2) Session Key does not match expectations!\n");
+			torture_comment(samlogon_state->tctx, "user_session_key:\n");
+			dump_data(1, user_session_key, 16);
+			torture_comment(samlogon_state->tctx, "expected:\n");
+			dump_data(1, ntlm_session_key.data, ntlm_session_key.length);
+			pass = false;
+		}
+		if (!all_zero(lm_session_key,
+			      sizeof(lm_session_key))) {
+			torture_comment(samlogon_state->tctx, "LM Session Key does not match expectations (zeros)!\n");
+			torture_comment(samlogon_state->tctx, "lm_session_key:\n");
+			dump_data(1, lm_session_key, 8);
+			pass = false;
+		}
+		break;
+	default:
+		if (memcmp(ntlm_session_key.data, user_session_key,
+			   sizeof(user_session_key)) != 0) {
+			torture_comment(samlogon_state->tctx, "USER (NTLMv2) Session Key does not match expectations!\n");
+			torture_comment(samlogon_state->tctx, "user_session_key:\n");
+			dump_data(1, user_session_key, 16);
+			torture_comment(samlogon_state->tctx, "expected:\n");
+			dump_data(1, ntlm_session_key.data, ntlm_session_key.length);
+			pass = false;
+		}
+		if (memcmp(ntlm_session_key.data, lm_session_key,
+			   sizeof(lm_session_key)) != 0) {
+			torture_comment(samlogon_state->tctx, "LM (NTLMv2) Session Key does not match expectations!\n");
+			torture_comment(samlogon_state->tctx, "lm_session_key:\n");
+			dump_data(1, lm_session_key, 8);
+			torture_comment(samlogon_state->tctx, "expected:\n");
+			dump_data(1, ntlm_session_key.data, 8);
+			pass = false;
+		}
+	}
+
+        return pass;
+}
+
+/*
+ * Test the NTLMv2 and LMv2 responses
+ */
+
+static bool test_lmv2_ntlmv2(struct samlogon_state *samlogon_state, char **error_string)
+{
+	return test_lmv2_ntlmv2_broken(samlogon_state, BREAK_NONE, UPPER_DOMAIN, error_string);
+}
+
+#if 0
+static bool test_lmv2_ntlmv2_no_dom(struct samlogon_state *samlogon_state, char **error_string)
+{
+	return test_lmv2_ntlmv2_broken(samlogon_state, BREAK_NONE, NO_DOMAIN, error_string);
+}
+#endif
+
+/*
+ * Test the LMv2 response only
+ */
+
+static bool test_lmv2(struct samlogon_state *samlogon_state, char **error_string)
+{
+	return test_lmv2_ntlmv2_broken(samlogon_state, NO_NT, UPPER_DOMAIN, error_string);
+}
+
+static bool test_lmv2_no_dom(struct samlogon_state *samlogon_state, char **error_string)
+{
+	return test_lmv2_ntlmv2_broken(samlogon_state, NO_NT, NO_DOMAIN, error_string);
+}
+
+/*
+ * Test the NTLMv2 response only
+ */
+
+static bool test_ntlmv2(struct samlogon_state *samlogon_state, char **error_string)
+{
+	return test_lmv2_ntlmv2_broken(samlogon_state, NO_LM, UPPER_DOMAIN, error_string);
+}
+
+static bool test_ntlmv2_no_dom(struct samlogon_state *samlogon_state, char **error_string)
+{
+	return test_lmv2_ntlmv2_broken(samlogon_state, NO_LM, NO_DOMAIN, error_string);
+}
+
+static bool test_lm_ntlm(struct samlogon_state *samlogon_state, char **error_string)
+{
+	return test_lm_ntlm_broken(samlogon_state, BREAK_NONE, error_string);
+}
+
+static bool test_ntlm_lm_broken(struct samlogon_state *samlogon_state, char **error_string)
+{
+	return test_lm_ntlm_broken(samlogon_state, BREAK_LM, error_string);
+}
+
+static bool test_ntlm_ntlm_broken(struct samlogon_state *samlogon_state, char **error_string)
+{
+	return test_lm_ntlm_broken(samlogon_state, BREAK_NT, error_string);
+}
+
+static bool test_lm_ntlm_both_broken(struct samlogon_state *samlogon_state, char **error_string)
+{
+	return test_lm_ntlm_broken(samlogon_state, BREAK_BOTH, error_string);
+}
+static bool test_ntlmv2_lmv2_broken(struct samlogon_state *samlogon_state, char **error_string)
+{
+	return test_lmv2_ntlmv2_broken(samlogon_state, BREAK_LM, UPPER_DOMAIN, error_string);
+}
+
+static bool test_ntlmv2_lmv2_broken_no_dom(struct samlogon_state *samlogon_state, char **error_string)
+{
+	return test_lmv2_ntlmv2_broken(samlogon_state, BREAK_LM, NO_DOMAIN, error_string);
+}
+
+static bool test_ntlmv2_ntlmv2_broken(struct samlogon_state *samlogon_state, char **error_string)
+{
+	return test_lmv2_ntlmv2_broken(samlogon_state, BREAK_NT, UPPER_DOMAIN, error_string);
+}
+
+#if 0
+static bool test_ntlmv2_ntlmv2_broken_no_dom(struct samlogon_state *samlogon_state, char **error_string)
+{
+	return test_lmv2_ntlmv2_broken(samlogon_state, BREAK_NT, NO_DOMAIN, error_string);
+}
+#endif
+
+static bool test_ntlmv2_both_broken(struct samlogon_state *samlogon_state, char **error_string)
+{
+	return test_lmv2_ntlmv2_broken(samlogon_state, BREAK_BOTH, UPPER_DOMAIN, error_string);
+}
+
+static bool test_ntlmv2_both_broken_no_dom(struct samlogon_state *samlogon_state, char **error_string)
+{
+	return test_lmv2_ntlmv2_broken(samlogon_state, BREAK_BOTH, NO_DOMAIN, error_string);
+}
+
+static bool test_lmv2_ntlm_both_broken(struct samlogon_state *samlogon_state, char **error_string)
+{
+	return test_lmv2_ntlm_broken(samlogon_state, BREAK_BOTH, UPPER_DOMAIN, error_string);
+}
+
+static bool test_lmv2_ntlm_both_broken_no_dom(struct samlogon_state *samlogon_state, char **error_string)
+{
+	return test_lmv2_ntlm_broken(samlogon_state, BREAK_BOTH, NO_DOMAIN, error_string);
+}
+
+static bool test_lmv2_ntlm_break_ntlm(struct samlogon_state *samlogon_state, char **error_string)
+{
+	return test_lmv2_ntlm_broken(samlogon_state, BREAK_NT, UPPER_DOMAIN, error_string);
+}
+
+static bool test_lmv2_ntlm_break_ntlm_no_dom(struct samlogon_state *samlogon_state, char **error_string)
+{
+	return test_lmv2_ntlm_broken(samlogon_state, BREAK_NT, NO_DOMAIN, error_string);
+}
+
+static bool test_lmv2_ntlm_break_lm(struct samlogon_state *samlogon_state, char **error_string)
+{
+	return test_lmv2_ntlm_broken(samlogon_state, BREAK_LM, UPPER_DOMAIN, error_string);
+}
+
+static bool test_lmv2_ntlm_break_lm_no_dom(struct samlogon_state *samlogon_state, char **error_string)
+{
+	return test_lmv2_ntlm_broken(samlogon_state, BREAK_LM, NO_DOMAIN, error_string);
+}
+
+/*
+ * Test the NTLM2 response (extra challenge in LM field)
+ *
+ * This test is the same as the 'break LM' test, but checks that the
+ * server implements NTLM2 session security in the right place
+ * (NETLOGON is the wrong place).
+ */
+
+static bool test_ntlm2(struct samlogon_state *samlogon_state, char **error_string)
+{
+	bool pass = true;
+	NTSTATUS nt_status;
+	DATA_BLOB lm_response = data_blob_talloc(samlogon_state->mem_ctx, NULL, 24);
+	DATA_BLOB nt_response = data_blob_talloc(samlogon_state->mem_ctx, NULL, 24);
+
+	uint8_t lm_key[8];
+	uint8_t nt_hash[16];
+	uint8_t lm_hash[16];
+	uint8_t nt_key[16];
+	uint8_t user_session_key[16];
+	uint8_t expected_user_session_key[16];
+	uint8_t session_nonce_hash[16];
+	uint8_t client_chall[8];
+
+	gnutls_hmac_hd_t hmac_hnd;
+	gnutls_hash_hd_t hash_hnd;
+
+	ZERO_STRUCT(user_session_key);
+	ZERO_STRUCT(lm_key);
+	generate_random_buffer(client_chall, 8);
+
+	gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
+	gnutls_hash(hash_hnd, samlogon_state->chall.data, 8);
+	gnutls_hash(hash_hnd, client_chall, 8);
+	gnutls_hash_deinit(hash_hnd, session_nonce_hash);
+
+	E_md4hash(samlogon_state->password, (uint8_t *)nt_hash);
+	E_deshash(samlogon_state->password, (uint8_t *)lm_hash);
+	SMBsesskeygen_ntv1((const uint8_t *)nt_hash,
+			   nt_key);
+
+	SMBNTencrypt(samlogon_state->password, samlogon_state->chall.data, nt_response.data);
+
+	memcpy(lm_response.data, session_nonce_hash, 8);
+	memset(lm_response.data + 8, 0, 16);
+
+	gnutls_hmac_init(&hmac_hnd,
+			 GNUTLS_MAC_MD5,
+			 nt_key,
+			 16);
+	gnutls_hmac(hmac_hnd, samlogon_state->chall.data, 8);
+	gnutls_hmac(hmac_hnd, client_chall, 8);
+	gnutls_hmac_deinit(hmac_hnd, expected_user_session_key);
+
+	nt_status = check_samlogon(samlogon_state,
+				   BREAK_NONE,
+				   samlogon_state->parameter_control,
+				   &samlogon_state->chall,
+				   &lm_response,
+				   &nt_response,
+				   lm_key,
+				   user_session_key,
+				   error_string);
+
+	if (NT_STATUS_EQUAL(NT_STATUS_WRONG_PASSWORD, nt_status)) {
+		/* for 'old' passwords, we allow the server to be OK or wrong password */
+		if (samlogon_state->old_password) {
+			return true;
+		}
+		return false;
+	} else if (!NT_STATUS_EQUAL(samlogon_state->expected_error, nt_status)) {
+		int ret;
+
+		SAFE_FREE(*error_string);
+		ret = asprintf(error_string, "Expected error: %s, got %s", nt_errstr(samlogon_state->expected_error), nt_errstr(nt_status));
+		if (ret == -1) {
+			*error_string = NULL;
+		}
+		return false;
+	} else if (NT_STATUS_EQUAL(samlogon_state->expected_error, nt_status) && !NT_STATUS_IS_OK(nt_status)) {
+		return true;
+	} else if (!NT_STATUS_IS_OK(nt_status)) {
+		return false;
+	}
+
+	if (!all_zero(lm_key, sizeof(lm_key))) {
+		torture_comment(samlogon_state->tctx, "LM Session Key does not match expectations (zeros)!\n");
+		torture_comment(samlogon_state->tctx, "lm_key:\n");
+		dump_data(1, lm_key, 8);
+		pass = false;
+	}
+	if (memcmp(nt_key, user_session_key, 16) != 0) {
+		torture_comment(samlogon_state->tctx, "NT Session Key does not match expectations (should be NT Key)!\n");
+		torture_comment(samlogon_state->tctx, "user_session_key:\n");
+		dump_data(1, user_session_key, sizeof(user_session_key));
+		torture_comment(samlogon_state->tctx, "expected:\n");
+		dump_data(1, nt_key, sizeof(nt_key));
+		pass = false;
+	}
+        return pass;
+}
+
+static bool test_plaintext(struct samlogon_state *samlogon_state, enum ntlm_break break_which, char **error_string)
+{
+	NTSTATUS nt_status;
+	DATA_BLOB nt_response = data_blob(NULL, 0);
+	DATA_BLOB lm_response = data_blob(NULL, 0);
+	char *password;
+	char *dospw;
+	smb_ucs2_t *unicodepw;
+	size_t converted_size = 0;
+	uint8_t user_session_key[16];
+	uint8_t lm_key[16];
+	uint8_t lm_hash[16];
+	DATA_BLOB chall = data_blob_talloc_zero(samlogon_state->mem_ctx, 8);
+	bool lm_good = E_deshash(samlogon_state->password, lm_hash);
+
+	ZERO_STRUCT(user_session_key);
+
+	if (!push_ucs2_talloc(samlogon_state->mem_ctx,
+			      &unicodepw, samlogon_state->password, &converted_size)) {
+		DEBUG(0, ("push_ucs2_allocate failed!\n"));
+		exit(1);
+	}
+
+	nt_response = data_blob_talloc(samlogon_state->mem_ctx, unicodepw, strlen_m(samlogon_state->password)*2);
+
+	password = strupper_talloc(samlogon_state->mem_ctx, samlogon_state->password);
+
+	if (!convert_string_talloc(samlogon_state->mem_ctx,
+				   CH_UNIX, CH_DOS,
+				   password, strlen(password)+1,
+				   (void**)&dospw, &converted_size)) {
+		DEBUG(0, ("convert_string_talloc failed!\n"));
+		exit(1);
+	}
+
+	lm_response = data_blob_talloc(samlogon_state->mem_ctx, dospw, strlen(dospw));
+
+	nt_status = check_samlogon(samlogon_state,
+				   break_which,
+				   samlogon_state->parameter_control | MSV1_0_CLEARTEXT_PASSWORD_ALLOWED,
+				   &chall,
+				   &lm_response,
+				   &nt_response,
+				   lm_key,
+				   user_session_key,
+				   error_string);
+
+	if (NT_STATUS_EQUAL(NT_STATUS_WRONG_PASSWORD, nt_status)) {
+		/* for 'old' passwords, we allow the server to be OK or wrong password */
+		if (samlogon_state->old_password) {
+			return true;
+		}
+		/* for 'long' passwords, the LM password is invalid */
+		if (break_which == NO_NT && !lm_good) {
+			return true;
+		}
+		/* for modern servers, the LM password is invalid */
+		if (break_which == NO_NT
+		    && !torture_setting_bool(samlogon_state->tctx, "samba3", false)) {
+			return true;
+		}
+
+		return ((break_which == BREAK_NT) || (break_which == BREAK_BOTH));
+	} else if (NT_STATUS_EQUAL(NT_STATUS_NOT_FOUND, nt_status) && strchr_m(samlogon_state->account_name, '@')) {
+		return ((break_which == BREAK_NT) || (break_which == BREAK_BOTH) || (break_which == NO_NT));
+	} else if (!NT_STATUS_EQUAL(samlogon_state->expected_error, nt_status)) {
+		int ret;
+
+		SAFE_FREE(*error_string);
+		ret = asprintf(error_string, "Expected error: %s, got %s", nt_errstr(samlogon_state->expected_error), nt_errstr(nt_status));
+		if (ret == -1) {
+			*error_string = NULL;
+		}
+		return false;
+	} else if (NT_STATUS_EQUAL(samlogon_state->expected_error, nt_status) && !NT_STATUS_IS_OK(nt_status)) {
+		return true;
+	} else if (!NT_STATUS_IS_OK(nt_status)) {
+		return false;
+	}
+
+	if (break_which == NO_NT && !lm_good) {
+	        *error_string = strdup("LM password is 'long' (> 14 chars and therefore invalid) but login did not fail!");
+		return false;
+	}
+
+	/* for modern servers, the LM password is invalid */
+	if (break_which == NO_NT
+	    && !torture_setting_bool(samlogon_state->tctx, "samba3", false)) {
+	        *error_string = strdup("LM password is OK but should have failed against a modern server");
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_plaintext_none_broken(struct samlogon_state *samlogon_state,
+				       char **error_string) {
+	return test_plaintext(samlogon_state, BREAK_NONE, error_string);
+}
+
+static bool test_plaintext_lm_broken(struct samlogon_state *samlogon_state,
+				     char **error_string) {
+	return test_plaintext(samlogon_state, BREAK_LM, error_string);
+}
+
+static bool test_plaintext_nt_broken(struct samlogon_state *samlogon_state,
+				     char **error_string) {
+	return test_plaintext(samlogon_state, BREAK_NT, error_string);
+}
+
+static bool test_plaintext_nt_only(struct samlogon_state *samlogon_state,
+				   char **error_string) {
+	return test_plaintext(samlogon_state, NO_LM, error_string);
+}
+
+static bool test_plaintext_lm_only(struct samlogon_state *samlogon_state,
+				   char **error_string) {
+	return test_plaintext(samlogon_state, NO_NT, error_string);
+}
+
+/*
+   Tests:
+
+   - LM only
+   - NT and LM
+   - NT
+   - NT in LM field
+   - NT in both fields
+   - NTLMv2
+   - NTLMv2 and LMv2
+   - LMv2
+   - plaintext tests (in challenge-response fields)
+
+   check we get the correct session key in each case
+   check what values we get for the LM session key
+
+*/
+
+static const struct ntlm_tests {
+	bool (*fn)(struct samlogon_state *, char **);
+	const char *name;
+	bool expect_fail;
+} test_table[] = {
+	{test_lmv2_ntlmv2, "NTLMv2 and LMv2", false},
+#if 0
+	{test_lmv2_ntlmv2_no_dom, "NTLMv2 and LMv2 (no domain)", false},
+#endif
+	{test_lm, "LM", false},
+	{test_lm_ntlm, "LM and NTLM", false},
+	{test_lm_ntlm_both_broken, "LM and NTLM, both broken", false},
+	{test_ntlm, "NTLM", false},
+	{test_ntlm_in_lm, "NTLM in LM", false},
+	{test_ntlm_in_both, "NTLM in both", false},
+	{test_ntlmv2, "NTLMv2", false},
+	{test_ntlmv2_no_dom, "NTLMv2 (no domain)", false},
+	{test_lmv2, "LMv2", false},
+	{test_lmv2_no_dom, "LMv2 (no domain)", false},
+	{test_ntlmv2_lmv2_broken, "NTLMv2 and LMv2, LMv2 broken", false},
+	{test_ntlmv2_lmv2_broken_no_dom, "NTLMv2 and LMv2, LMv2 broken (no domain)", false},
+	{test_ntlmv2_ntlmv2_broken, "NTLMv2 and LMv2, NTLMv2 broken", false},
+#if 0
+	{test_ntlmv2_ntlmv2_broken_no_dom, "NTLMv2 and LMv2, NTLMv2 broken (no domain)", false},
+#endif
+	{test_ntlmv2_both_broken, "NTLMv2 and LMv2, both broken", false},
+	{test_ntlmv2_both_broken_no_dom, "NTLMv2 and LMv2, both broken (no domain)", false},
+	{test_ntlm_lm_broken, "NTLM and LM, LM broken", false},
+	{test_ntlm_ntlm_broken, "NTLM and LM, NTLM broken", false},
+	{test_ntlm2, "NTLM2 (NTLMv2 session security)", false},
+	{test_lmv2_ntlm_both_broken, "LMv2 and NTLM, both broken", false},
+	{test_lmv2_ntlm_both_broken_no_dom, "LMv2 and NTLM, both broken (no domain)", false},
+	{test_lmv2_ntlm_break_ntlm, "LMv2 and NTLM, NTLM broken", false},
+	{test_lmv2_ntlm_break_ntlm_no_dom, "LMv2 and NTLM, NTLM broken (no domain)", false},
+	{test_lmv2_ntlm_break_lm, "LMv2 and NTLM, LMv2 broken", false},
+	{test_lmv2_ntlm_break_lm_no_dom, "LMv2 and NTLM, LMv2 broken (no domain)", false},
+	{test_plaintext_none_broken, "Plaintext", false},
+	{test_plaintext_lm_broken, "Plaintext LM broken", false},
+	{test_plaintext_nt_broken, "Plaintext NT broken", false},
+	{test_plaintext_nt_only, "Plaintext NT only", false},
+	{test_plaintext_lm_only, "Plaintext LM only", false},
+	{ .name = NULL, }
+};
+
+/*
+  try a netlogon SamLogon
+*/
+static bool test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+			  struct torture_context *tctx,
+			  struct netlogon_creds_CredentialState *creds,
+			  const char *comment,
+			  const char *account_domain, const char *account_name,
+			  const char *plain_pass, uint32_t parameter_control,
+			  NTSTATUS expected_error, bool old_password,
+			  int n_subtests)
+{
+	TALLOC_CTX *fn_ctx = talloc_named(mem_ctx, 0, "test_SamLogon function-level context");
+	int i, v, l, f;
+	bool ret = true;
+	int validation_levels[] = {2,3,6};
+	int logon_levels[] = { NetlogonNetworkInformation, NetlogonNetworkTransitiveInformation };
+	int function_levels[] = {
+		NDR_NETR_LOGONSAMLOGON,
+		NDR_NETR_LOGONSAMLOGONEX,
+		NDR_NETR_LOGONSAMLOGONWITHFLAGS };
+	struct samlogon_state samlogon_state;
+
+	union netr_LogonLevel logon;
+	union netr_Validation validation;
+	uint8_t authoritative = 1;
+	uint32_t flags = 0;
+
+	ZERO_STRUCT(logon);
+
+	torture_comment(tctx, "Testing netr_LogonSamLogon and netr_LogonSamLogonWithFlags\n");
+
+	samlogon_state.comment = comment;
+	samlogon_state.account_name = account_name;
+	samlogon_state.account_domain = account_domain;
+	samlogon_state.password = plain_pass;
+	samlogon_state.workgroup = lpcfg_workgroup(tctx->lp_ctx);
+	samlogon_state.netbios_name = lpcfg_netbios_name(tctx->lp_ctx);
+	samlogon_state.p = p;
+	samlogon_state.creds = creds;
+	samlogon_state.expected_error = expected_error;
+	samlogon_state.chall = data_blob_talloc(fn_ctx, NULL, 8);
+	samlogon_state.parameter_control = parameter_control;
+	samlogon_state.old_password = old_password;
+	samlogon_state.tctx = tctx;
+
+	generate_random_buffer(samlogon_state.chall.data, 8);
+	samlogon_state.r_flags.in.server_name = talloc_asprintf(fn_ctx, "\\\\%s", dcerpc_server_name(p));
+	samlogon_state.r_flags.in.computer_name = TEST_MACHINE_NAME;
+	samlogon_state.r_flags.in.credential = &samlogon_state.auth;
+	samlogon_state.r_flags.in.return_authenticator = &samlogon_state.auth2;
+	samlogon_state.r_flags.in.flags = &flags;
+	samlogon_state.r_flags.in.logon = &logon;
+	samlogon_state.r_flags.out.validation = &validation;
+	samlogon_state.r_flags.out.authoritative = &authoritative;
+	samlogon_state.r_flags.out.flags = &flags;
+
+	samlogon_state.r_ex.in.server_name = talloc_asprintf(fn_ctx, "\\\\%s", dcerpc_server_name(p));
+	samlogon_state.r_ex.in.computer_name = TEST_MACHINE_NAME;
+	samlogon_state.r_ex.in.flags = &flags;
+	samlogon_state.r_ex.in.logon = &logon;
+	samlogon_state.r_ex.out.validation = &validation;
+	samlogon_state.r_ex.out.authoritative = &authoritative;
+	samlogon_state.r_ex.out.flags = &flags;
+
+	samlogon_state.r.in.server_name = talloc_asprintf(fn_ctx, "\\\\%s", dcerpc_server_name(p));
+	samlogon_state.r.in.computer_name = TEST_MACHINE_NAME;
+	samlogon_state.r.in.credential = &samlogon_state.auth;
+	samlogon_state.r.in.return_authenticator = &samlogon_state.auth2;
+	samlogon_state.r.in.logon = &logon;
+	samlogon_state.r.out.validation = &validation;
+	samlogon_state.r.out.authoritative = &authoritative;
+
+
+	for (f=0;f<ARRAY_SIZE(function_levels);f++) {
+		for (i=0; test_table[i].fn; i++) {
+			if (n_subtests && (i > n_subtests)) {
+				continue;
+			}
+			for (v=0;v<ARRAY_SIZE(validation_levels);v++) {
+				for (l=0;l<ARRAY_SIZE(logon_levels);l++) {
+					char *error_string = NULL;
+					TALLOC_CTX *tmp_ctx = talloc_named(fn_ctx, 0, "test_SamLogon inner loop");
+					samlogon_state.mem_ctx = tmp_ctx;
+					samlogon_state.function_level = function_levels[f];
+					samlogon_state.r.in.validation_level = validation_levels[v];
+					samlogon_state.r.in.logon_level = logon_levels[l];
+					samlogon_state.r_ex.in.validation_level = validation_levels[v];
+					samlogon_state.r_ex.in.logon_level = logon_levels[l];
+					samlogon_state.r_flags.in.validation_level = validation_levels[v];
+					samlogon_state.r_flags.in.logon_level = logon_levels[l];
+					if (!test_table[i].fn(&samlogon_state, &error_string)) {
+						torture_comment(tctx, "Testing '%s' [%s]\\[%s] '%s' at validation level %d, logon level %d, function %d: \n",
+						       samlogon_state.comment,
+						       samlogon_state.account_domain,
+						       samlogon_state.account_name,
+						       test_table[i].name, validation_levels[v],
+						       logon_levels[l], function_levels[f]);
+
+						if (test_table[i].expect_fail) {
+							torture_comment(tctx, " failed (expected, test incomplete): %s\n", error_string);
+						} else {
+							torture_comment(tctx, " failed: %s\n", error_string);
+							ret = false;
+						}
+						SAFE_FREE(error_string);
+					}
+					talloc_free(tmp_ctx);
+				}
+			}
+		}
+	}
+	talloc_free(fn_ctx);
+	return ret;
+}
+
+/*
+  test an ADS style interactive domain logon
+*/
+bool test_InteractiveLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+			   struct torture_context *tctx,
+			   struct netlogon_creds_CredentialState *creds,
+			   const char *comment,
+			   const char *workstation_name,
+			   const char *account_domain, const char *account_name,
+			   const char *plain_pass, uint32_t parameter_control,
+			   NTSTATUS expected_error)
+{
+	NTSTATUS status;
+	TALLOC_CTX *fn_ctx = talloc_named(mem_ctx, 0, "test_InteractiveLogon function-level context");
+	bool ret = true;
+	struct netr_LogonSamLogonWithFlags r;
+	struct netr_Authenticator a, ra;
+	struct netr_PasswordInfo pinfo;
+	uint32_t flags = 0;
+
+	union netr_LogonLevel logon;
+	union netr_Validation validation;
+	uint8_t authoritative = 1;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	ZERO_STRUCT(a);
+	ZERO_STRUCT(r);
+	ZERO_STRUCT(ra);
+
+	ZERO_STRUCT(logon);
+	ZERO_STRUCT(validation);
+
+	netlogon_creds_client_authenticator(creds, &a);
+
+	logon.password = &pinfo;
+
+	r.in.server_name = talloc_asprintf(fn_ctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.computer_name = TEST_MACHINE_NAME;
+	r.in.credential = &a;
+	r.in.return_authenticator = &ra;
+	r.in.logon_level = NetlogonInteractiveTransitiveInformation;
+	r.in.logon = &logon;
+	r.in.validation_level = 6;
+	r.in.flags = &flags;
+	r.out.validation = &validation;
+	r.out.authoritative = &authoritative;
+	r.out.flags = &flags;
+
+	pinfo.identity_info.domain_name.string = account_domain;
+	pinfo.identity_info.parameter_control = parameter_control;
+	pinfo.identity_info.logon_id = 0;
+	pinfo.identity_info.account_name.string = account_name;
+	pinfo.identity_info.workstation.string = workstation_name;
+
+	if (!E_deshash(plain_pass, pinfo.lmpassword.hash)) {
+		ZERO_STRUCT(pinfo.lmpassword.hash);
+	}
+	E_md4hash(plain_pass, pinfo.ntpassword.hash);
+
+	if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
+		netlogon_creds_arcfour_crypt(creds, pinfo.lmpassword.hash, 16);
+		netlogon_creds_arcfour_crypt(creds, pinfo.ntpassword.hash, 16);
+	} else {
+		netlogon_creds_des_encrypt(creds, &pinfo.lmpassword);
+		netlogon_creds_des_encrypt(creds, &pinfo.ntpassword);
+	}
+
+	torture_comment(tctx, "Testing netr_LogonSamLogonWithFlags '%s' (Interactive Logon)\n", comment);
+
+	status = dcerpc_netr_LogonSamLogonWithFlags_r(b, fn_ctx, &r);
+	torture_assert_ntstatus_ok_goto(tctx,
+		status,
+		ret, failed,
+		talloc_asprintf(tctx, "%s: netr_LogonSamLogonWithFlags - %s\n",
+			 __location__, nt_errstr(status)));
+
+	if (!r.out.return_authenticator) {
+		talloc_free(fn_ctx);
+		torture_fail(tctx, "no authenticator returned");
+	}
+
+	torture_assert_goto(tctx,
+		netlogon_creds_client_check(creds, &r.out.return_authenticator->cred),
+		ret, failed,
+		"Credential chaining failed\n");
+
+	torture_assert_ntstatus_equal(tctx, r.out.result, expected_error,
+		talloc_asprintf(tctx, "[%s]\\[%s] netr_LogonSamLogonWithFlags - expected %s got %s\n",
+		       account_domain, account_name, nt_errstr(expected_error), nt_errstr(r.out.result)));
+
+	ret = true;
+ failed:
+	talloc_free(fn_ctx);
+
+	return ret;
+}
+
+/* This sets and resets the "minPwdAge" (in order to allow immediate user
+ * password changes). The behaviour is controlled by the "set" boolean. */
+static bool handle_minPwdAge(struct torture_context *torture,
+			     TALLOC_CTX *mem_ctx, bool set)
+{
+	struct dcerpc_pipe *p;
+	struct policy_handle connect_handle, domain_handle;
+	struct samr_Connect c_r;
+	struct samr_LookupDomain ld_r;
+	struct samr_OpenDomain od_r;
+	struct samr_QueryDomainInfo qdi_r;
+	struct samr_SetDomainInfo sdi_r;
+	struct samr_Close cl_r;
+	struct lsa_String domName;
+	struct dom_sid *domSid = NULL;
+	union samr_DomainInfo *domInfo = NULL;
+	static int64_t old_minPwdAge = 0;
+	NTSTATUS status;
+
+	status = torture_rpc_connection(torture, &p, &ndr_table_samr);
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+
+	c_r.in.system_name = 0;
+	c_r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	c_r.out.connect_handle = &connect_handle;
+
+	torture_assert_ntstatus_ok(torture,
+				   dcerpc_samr_Connect_r(p->binding_handle, mem_ctx, &c_r),
+				   "Connect failed");
+	torture_assert_ntstatus_ok(torture, c_r.out.result, "Connect failed");
+
+	ld_r.in.connect_handle = &connect_handle;
+	ld_r.in.domain_name = &domName;
+	ld_r.in.domain_name->string = lpcfg_workgroup(torture->lp_ctx);
+	ld_r.out.sid = &domSid;
+
+	torture_assert_ntstatus_ok(torture,
+				   dcerpc_samr_LookupDomain_r(p->binding_handle, mem_ctx, &ld_r),
+				   "LookupDomain failed");
+	torture_assert_ntstatus_ok(torture, ld_r.out.result,
+				   "LookupDomain failed");
+
+	od_r.in.connect_handle = &connect_handle;
+	od_r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	od_r.in.sid = *ld_r.out.sid;
+	od_r.out.domain_handle = &domain_handle;
+
+	torture_assert_ntstatus_ok(torture,
+				   dcerpc_samr_OpenDomain_r(p->binding_handle, mem_ctx, &od_r),
+				   "OpenDomain failed");
+	torture_assert_ntstatus_ok(torture, od_r.out.result,
+				   "OpenDomain failed");
+
+	qdi_r.in.domain_handle = &domain_handle;
+	qdi_r.in.level = DomainPasswordInformation;
+	qdi_r.out.info = &domInfo;
+
+	torture_assert_ntstatus_ok(torture,
+				   dcerpc_samr_QueryDomainInfo_r(p->binding_handle, mem_ctx, &qdi_r),
+				   "QueryDomainInfo failed");
+	torture_assert_ntstatus_ok(torture, qdi_r.out.result,
+				   "QueryDomainInfo failed");
+
+	if (set) {
+		old_minPwdAge = domInfo->info1.min_password_age;
+		domInfo->info1.min_password_age = 0;
+	} else {
+		domInfo->info1.min_password_age = old_minPwdAge;
+	}
+
+	sdi_r.in.domain_handle = &domain_handle;
+	sdi_r.in.level = DomainPasswordInformation;
+	sdi_r.in.info = domInfo;
+
+	torture_assert_ntstatus_ok(torture,
+				   dcerpc_samr_SetDomainInfo_r(p->binding_handle, mem_ctx, &sdi_r),
+				   "SetDomainInfo failed");
+	torture_assert_ntstatus_ok(torture, sdi_r.out.result,
+				   "SetDomainInfo failed");
+
+	cl_r.in.handle = &connect_handle;
+	cl_r.out.handle = &connect_handle;
+
+	torture_assert_ntstatus_ok(torture,
+				   dcerpc_samr_Close_r(p->binding_handle, mem_ctx, &cl_r),
+				   "Close failed");
+	torture_assert_ntstatus_ok(torture, cl_r.out.result, "Close failed");
+
+	return true;
+}
+
+bool torture_rpc_samlogon(struct torture_context *torture)
+{
+        NTSTATUS status;
+        struct dcerpc_pipe *p;
+	struct dcerpc_binding *b;
+	struct cli_credentials *machine_credentials;
+	TALLOC_CTX *mem_ctx = talloc_init("torture_rpc_netlogon");
+	bool ret = true;
+	struct test_join *join_ctx = NULL;
+	struct test_join *user_ctx = NULL, *user_ctx_wrong_wks = NULL, *user_ctx_wrong_time = NULL;
+	const char *old_user_password, *user_password_wrong_wks, *user_password_wrong_time;
+	char *user_password;
+	const char *userdomain;
+	struct samr_SetUserInfo s;
+	union samr_UserInfo u;
+	int i;
+	int ci;
+
+	unsigned int credential_flags[] = {
+		NETLOGON_NEG_AUTH2_FLAGS,
+		NETLOGON_NEG_ARCFOUR,
+		NETLOGON_NEG_ARCFOUR | NETLOGON_NEG_128BIT,
+		NETLOGON_NEG_AUTH2_ADS_FLAGS,
+		0 /* yes, this is a valid flag, causes the use of DES */
+	};
+
+	struct netlogon_creds_CredentialState *creds;
+	struct dcerpc_pipe *tmp_p = NULL;
+
+	torture_assert(torture, handle_minPwdAge(torture, mem_ctx, true),
+		       "handle_minPwdAge error!");
+
+	/* We only need to join as a workstation here, and in future,
+	 * if we wish to test against trusted domains, we must be a
+	 * workstation here */
+	join_ctx = torture_join_domain(torture, TEST_MACHINE_NAME, ACB_WSTRUST,
+				       &machine_credentials);
+	torture_assert(torture, join_ctx, "Failed to join as Workstation\n");
+
+	userdomain = torture_setting_string(torture, "userdomain", lpcfg_workgroup(torture->lp_ctx));
+
+	user_ctx = torture_create_testuser(torture,
+					   TEST_USER_NAME,
+					   userdomain,
+					   ACB_NORMAL,
+					   &old_user_password);
+	torture_assert(torture, user_ctx, "Failed to create a test user\n");
+
+	user_password = talloc_strdup(torture, old_user_password);
+	torture_assert(torture, user_password != NULL, "Failed to copy old_user_password\n");
+
+	tmp_p = torture_join_samr_pipe(user_ctx);
+	torture_assert(torture, tmp_p, "torture_join_samr_pipe failed\n");
+	test_ChangePasswordUser3(tmp_p, torture,
+				 TEST_USER_NAME, 16 /* > 14 */, &user_password,
+				 NULL, 0, false);
+
+	user_ctx_wrong_wks = torture_create_testuser(torture,
+						     TEST_USER_NAME_WRONG_WKS,
+					   userdomain,
+					   ACB_NORMAL,
+					   &user_password_wrong_wks);
+	torture_assert(torture, user_ctx_wrong_wks,
+		"Failed to create a test user (wrong workstation test)\n");
+
+	ZERO_STRUCT(u);
+	s.in.user_handle = torture_join_samr_user_policy(user_ctx_wrong_wks);
+	s.in.info = &u;
+	s.in.level = 21;
+
+	u.info21.fields_present = SAMR_FIELD_WORKSTATIONS;
+	u.info21.workstations.string = "not" TEST_MACHINE_NAME;
+
+	tmp_p = torture_join_samr_pipe(user_ctx_wrong_wks);
+	status = dcerpc_samr_SetUserInfo_r(tmp_p->binding_handle, mem_ctx, &s);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, failed,
+		talloc_asprintf(torture, "SetUserInfo (list of workstations) failed - %s\n", nt_errstr(status)));
+	torture_assert_ntstatus_ok_goto(torture, s.out.result, ret, failed,
+		talloc_asprintf(torture, "SetUserInfo (list of workstations) failed - %s\n", nt_errstr(s.out.result)));
+
+	user_ctx_wrong_time
+		= torture_create_testuser(torture, TEST_USER_NAME_WRONG_TIME,
+					   userdomain,
+					   ACB_NORMAL,
+					   &user_password_wrong_time);
+	torture_assert(torture, user_ctx_wrong_time,
+		"Failed to create a test user (wrong workstation test)\n");
+
+	ZERO_STRUCT(u);
+	s.in.user_handle = torture_join_samr_user_policy(user_ctx_wrong_time);
+	s.in.info = &u;
+	s.in.level = 21;
+
+	u.info21.fields_present = SAMR_FIELD_WORKSTATIONS | SAMR_FIELD_LOGON_HOURS;
+	u.info21.workstations.string = TEST_MACHINE_NAME;
+	u.info21.logon_hours.units_per_week = 168;
+	u.info21.logon_hours.bits = talloc_zero_array(mem_ctx, uint8_t, 168);
+
+	tmp_p = torture_join_samr_pipe(user_ctx_wrong_time);
+	status = dcerpc_samr_SetUserInfo_r(tmp_p->binding_handle, mem_ctx, &s);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, failed,
+		talloc_asprintf(torture, "SetUserInfo (logon times and list of workstations) failed - %s\n", nt_errstr(status)));
+	torture_assert_ntstatus_ok_goto(torture, s.out.result, ret, failed,
+		talloc_asprintf(torture, "SetUserInfo (list of workstations) failed - %s\n", nt_errstr(s.out.result)));
+
+
+	torture_assert_ntstatus_ok_goto(torture,
+					torture_rpc_binding(torture, &b),
+					ret,
+					failed,
+					"Obtaining binding");
+
+	/* We have to use schannel, otherwise the SamLogonEx fails
+	 * with INTERNAL_ERROR */
+
+	status = dcerpc_binding_set_flags(b,
+					  DCERPC_SCHANNEL |
+					  DCERPC_SIGN | DCERPC_SEAL |
+					  DCERPC_SCHANNEL_128,
+					  DCERPC_AUTH_OPTIONS);
+	torture_assert_ntstatus_ok(torture, status, "set flags");
+
+	status = dcerpc_pipe_connect_b(mem_ctx, &p, b,
+				       &ndr_table_netlogon,
+				       machine_credentials, torture->ev, torture->lp_ctx);
+
+	torture_assert_ntstatus_ok_goto(torture, status, ret, failed,
+		talloc_asprintf(torture, "RPC pipe connect as domain member failed: %s\n", nt_errstr(status)));
+
+	torture_assert_not_null_goto(torture,
+				     creds = cli_credentials_get_netlogon_creds(machine_credentials),
+				     ret,
+				     failed,
+				     "obtaining credentials");
+
+	{
+
+		struct {
+			const char *comment;
+			const char *domain;
+			const char *username;
+			const char *password;
+			bool network_login;
+			NTSTATUS expected_interactive_error;
+			NTSTATUS expected_network_error;
+			uint32_t parameter_control;
+			bool old_password; /* Allow an old password to be accepted or rejected without error, as well as session key bugs */
+		} usercreds[] = {
+			{
+				.comment       = "domain\\user",
+				.domain        = cli_credentials_get_domain(
+					samba_cmdline_get_creds()),
+				.username      = cli_credentials_get_username(
+					samba_cmdline_get_creds()),
+				.password      = cli_credentials_get_password(
+					samba_cmdline_get_creds()),
+				.network_login = true,
+				.expected_interactive_error = NT_STATUS_OK,
+				.expected_network_error     = NT_STATUS_OK,
+				.parameter_control          = 0,
+			},
+			{
+				.comment       = "realm\\user",
+				.domain        = cli_credentials_get_realm(
+					samba_cmdline_get_creds()),
+				.username      = cli_credentials_get_username(
+					samba_cmdline_get_creds()),
+				.password      = cli_credentials_get_password(
+					samba_cmdline_get_creds()),
+				.network_login = true,
+				.expected_interactive_error = NT_STATUS_OK,
+				.expected_network_error     = NT_STATUS_OK,
+				.parameter_control          = 0,
+			},
+			{
+				.comment       = "user@domain",
+				.domain        = NULL,
+				.username      = talloc_asprintf(mem_ctx,
+					"%s@%s",
+					cli_credentials_get_username(
+					samba_cmdline_get_creds()),
+					cli_credentials_get_domain(
+					samba_cmdline_get_creds())
+					),
+				.password      = cli_credentials_get_password(
+					samba_cmdline_get_creds()),
+				.network_login = false, /* works for some things, but not NTLMv2.  Odd */
+				.expected_interactive_error = NT_STATUS_OK,
+				.expected_network_error     = NT_STATUS_OK,
+				.parameter_control          = 0,
+			},
+			{
+				.comment       = "user@realm",
+				.domain        = NULL,
+				.username      = talloc_asprintf(mem_ctx,
+					"%s@%s",
+					cli_credentials_get_username(
+						samba_cmdline_get_creds()),
+					cli_credentials_get_realm(
+						samba_cmdline_get_creds())
+					),
+				.password      = cli_credentials_get_password(
+						samba_cmdline_get_creds()),
+				.network_login = true,
+				.expected_interactive_error = NT_STATUS_OK,
+				.expected_network_error     = NT_STATUS_OK,
+				.parameter_control          = 0,
+			},
+			{
+				.comment      = "machine domain\\user",
+				.domain       = cli_credentials_get_domain(machine_credentials),
+				.username     = cli_credentials_get_username(machine_credentials),
+				.password     = cli_credentials_get_password(machine_credentials),
+				.network_login = true,
+				.expected_interactive_error = NT_STATUS_NO_SUCH_USER,
+				.parameter_control = MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT
+			},
+			{
+				.comment      = "machine domain\\user",
+				.domain       = cli_credentials_get_domain(machine_credentials),
+				.username     = cli_credentials_get_username(machine_credentials),
+				.password     = cli_credentials_get_password(machine_credentials),
+				.network_login = true,
+				.expected_interactive_error = NT_STATUS_NO_SUCH_USER,
+				.expected_network_error = NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT,
+				.parameter_control          = 0,
+			},
+			{
+				.comment       = "machine realm\\user",
+				.domain        = cli_credentials_get_realm(machine_credentials),
+				.username      = cli_credentials_get_username(machine_credentials),
+				.password      = cli_credentials_get_password(machine_credentials),
+				.network_login = true,
+				.expected_interactive_error = NT_STATUS_NO_SUCH_USER,
+				.parameter_control = MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT
+			},
+			{
+				.comment       = "machine user@domain",
+				.domain        = NULL,
+				.username      = talloc_asprintf(mem_ctx,
+								"%s@%s",
+								cli_credentials_get_username(machine_credentials),
+								cli_credentials_get_domain(machine_credentials)
+					),
+				.password      = cli_credentials_get_password(machine_credentials),
+				.network_login = false, /* works for some things, but not NTLMv2.  Odd */
+				.expected_interactive_error = NT_STATUS_NO_SUCH_USER,
+				.parameter_control = MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT
+			},
+			{
+				.comment       = "machine user@realm",
+				.domain        = NULL,
+				.username      = talloc_asprintf(mem_ctx,
+								"%s@%s",
+								cli_credentials_get_username(machine_credentials),
+								cli_credentials_get_realm(machine_credentials)
+					),
+				.password      = cli_credentials_get_password(machine_credentials),
+				.network_login = true,
+				.expected_interactive_error = NT_STATUS_NO_SUCH_USER,
+				.parameter_control = MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT
+			},
+			{
+				.comment       = "test user (long pw): domain\\user",
+				.domain        = userdomain,
+				.username      = TEST_USER_NAME,
+				.password      = user_password,
+				.network_login = true,
+				.expected_interactive_error = NT_STATUS_OK,
+				.expected_network_error     = NT_STATUS_OK,
+				.parameter_control          = 0,
+			},
+			{
+				.comment       = "test user (long pw): user@realm",
+				.domain        = NULL,
+				.username      = talloc_asprintf(mem_ctx,
+								 "%s@%s",
+								 TEST_USER_NAME,
+								 lpcfg_realm(torture->lp_ctx)),
+				.password      = user_password,
+				.network_login = true,
+				.expected_interactive_error = NT_STATUS_OK,
+				.expected_network_error     = NT_STATUS_OK,
+				.parameter_control          = 0,
+			},
+			{
+				.comment       = "test user (long pw): user@domain",
+				.domain        = NULL,
+				.username      = talloc_asprintf(mem_ctx,
+								 "%s@%s",
+								 TEST_USER_NAME,
+								 userdomain),
+				.password      = user_password,
+				.network_login = false, /* works for some things, but not NTLMv2.  Odd */
+				.expected_interactive_error = NT_STATUS_OK,
+				.expected_network_error     = NT_STATUS_OK,
+				.parameter_control          = 0,
+			},
+			/* Oddball, can we use the old password ? */
+			{
+				.comment       = "test user: user\\domain OLD PASSWORD",
+				.domain        = userdomain,
+				.username      = TEST_USER_NAME,
+				.password      = old_user_password,
+				.network_login = true,
+				.expected_interactive_error = NT_STATUS_WRONG_PASSWORD,
+				.expected_network_error     = NT_STATUS_OK,
+				.old_password  = true
+			},
+			{
+				.comment       = "test user (wrong workstation): domain\\user",
+				.domain        = userdomain,
+				.username      = TEST_USER_NAME_WRONG_WKS,
+				.password      = user_password_wrong_wks,
+				.network_login = true,
+				.expected_interactive_error = NT_STATUS_INVALID_WORKSTATION,
+				.expected_network_error     = NT_STATUS_INVALID_WORKSTATION,
+				.parameter_control          = 0,
+			}
+		};
+
+		/* Try all the tests for different username forms */
+		for (ci = 0; ci < ARRAY_SIZE(usercreds); ci++) {
+
+			torture_assert_goto(torture,
+					    test_InteractiveLogon(p, mem_ctx, torture, creds,
+								  usercreds[ci].comment,
+								  TEST_MACHINE_NAME,
+								  usercreds[ci].domain,
+								  usercreds[ci].username,
+								  usercreds[ci].password,
+								  usercreds[ci].parameter_control,
+								  usercreds[ci].expected_interactive_error),
+					    ret,
+					    failed,
+					    talloc_asprintf(mem_ctx, "InteractiveLogon: %s",
+							    usercreds[ci].comment));
+
+			if (usercreds[ci].network_login) {
+				torture_assert_goto(torture,
+						    test_SamLogon(p, mem_ctx, torture, creds,
+								  usercreds[ci].comment,
+								  usercreds[ci].domain,
+								  usercreds[ci].username,
+								  usercreds[ci].password,
+								  usercreds[ci].parameter_control,
+								  usercreds[ci].expected_network_error,
+								  usercreds[ci].old_password,
+								  0),
+						    ret,
+						    failed,
+						    talloc_asprintf(mem_ctx, "SamLogon: %s",
+								    usercreds[ci].comment));
+			}
+		}
+
+		/* Using the first username form, try the different
+		 * credentials flag setups, on only one of the tests (checks
+		 * session key encryption) */
+
+		for (i=0; i < ARRAY_SIZE(credential_flags); i++) {
+			/* TODO:  Somehow we lost setting up the different credential flags here! */
+
+			torture_comment(torture,
+					"Testing with flags: 0x%08x\n",
+					credential_flags[i]);
+
+			torture_assert_goto(torture,
+					    test_InteractiveLogon(p, mem_ctx, torture, creds,
+								  usercreds[0].comment,
+								  TEST_MACHINE_NAME,
+								  usercreds[0].domain,
+								  usercreds[0].username,
+								  usercreds[0].password,
+								  usercreds[0].parameter_control,
+								  usercreds[0].expected_interactive_error),
+					    ret,
+					    failed,
+					    talloc_asprintf(mem_ctx,
+							    "Testing InteractiveLogon with flags: 0x%08x\n",
+							    credential_flags[i]));
+
+			if (usercreds[0].network_login) {
+				torture_assert_goto(torture,
+						    test_SamLogon(p, mem_ctx, torture, creds,
+								  usercreds[0].comment,
+								  usercreds[0].domain,
+								  usercreds[0].username,
+								  usercreds[0].password,
+								  usercreds[0].parameter_control,
+								  usercreds[0].expected_network_error,
+								  usercreds[0].old_password,
+								  1),
+						    ret,
+						    failed,
+						    talloc_asprintf(mem_ctx,
+								    "Testing SamLogon with flags: 0x%08x\n",
+								    credential_flags[i]));
+			}
+		}
+
+	}
+failed:
+	torture_assert(torture, handle_minPwdAge(torture, mem_ctx, false),
+		       "handle_minPwdAge error!");
+
+	talloc_free(mem_ctx);
+
+	torture_leave_domain(torture, join_ctx);
+	torture_leave_domain(torture, user_ctx);
+	torture_leave_domain(torture, user_ctx_wrong_wks);
+	torture_leave_domain(torture, user_ctx_wrong_time);
+	return ret;
+}
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
new file mode 100644
index 0000000..22e0606
--- /dev/null
+++ b/source4/torture/rpc/samr.c
@@ -0,0 +1,9466 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for samr rpc operations
+
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003
+   Copyright (C) Jelmer Vernooij 2005-2007
+   Copyright (C) Guenther Deschner 2008-2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/torture.h"
+#include <tevent.h>
+#include "system/time.h"
+#include "system/network.h"
+#include "librpc/gen_ndr/lsa.h"
+#include "librpc/gen_ndr/ndr_netlogon.h"
+#include "librpc/gen_ndr/ndr_netlogon_c.h"
+#include "librpc/gen_ndr/ndr_samr_c.h"
+#include "librpc/gen_ndr/ndr_lsa_c.h"
+#include "lib/crypto/crypto.h"
+#include "libcli/auth/libcli_auth.h"
+#include "libcli/security/security.h"
+#include "torture/rpc/torture_rpc.h"
+#include "param/param.h"
+#include "auth/gensec/gensec.h"
+#include "auth/gensec/gensec_proto.h"
+#include "../libcli/auth/schannel.h"
+#include "torture/util.h"
+#include "source4/librpc/rpc/dcerpc.h"
+#include "librpc/rpc/dcerpc_samr.h"
+#include "source3/rpc_client/init_samr.h"
+#include "lib/crypto/gnutls_helpers.h"
+
+#undef strcasecmp
+
+#define TEST_ACCOUNT_NAME "samrtorturetest"
+#define TEST_ACCOUNT_NAME_PWD "samrpwdlastset"
+#define TEST_ALIASNAME "samrtorturetestalias"
+#define TEST_GROUPNAME "samrtorturetestgroup"
+#define TEST_MACHINENAME "samrtestmach$"
+#define TEST_DOMAINNAME "samrtestdom$"
+
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+
+enum torture_samr_choice {
+	TORTURE_SAMR_PASSWORDS,
+	TORTURE_SAMR_PASSWORDS_PWDLASTSET,
+	TORTURE_SAMR_PASSWORDS_BADPWDCOUNT,
+	TORTURE_SAMR_PASSWORDS_LOCKOUT,
+	TORTURE_SAMR_USER_ATTRIBUTES,
+	TORTURE_SAMR_USER_PRIVILEGES,
+	TORTURE_SAMR_OTHER,
+	TORTURE_SAMR_MANY_ACCOUNTS,
+	TORTURE_SAMR_MANY_GROUPS,
+	TORTURE_SAMR_MANY_ALIASES
+};
+
+struct torture_samr_context {
+	struct policy_handle handle;
+	struct cli_credentials *machine_credentials;
+	enum torture_samr_choice choice;
+	uint32_t num_objects_large_dc;
+};
+
+static bool test_QueryUserInfo(struct dcerpc_binding_handle *b,
+			       struct torture_context *tctx,
+			       struct policy_handle *handle);
+
+static bool test_QueryUserInfo2(struct dcerpc_binding_handle *b,
+				struct torture_context *tctx,
+				struct policy_handle *handle);
+
+static bool test_QueryAliasInfo(struct dcerpc_binding_handle *b,
+				struct torture_context *tctx,
+				struct policy_handle *handle);
+
+static bool test_ChangePassword(struct dcerpc_pipe *p,
+				struct torture_context *tctx,
+				const char *acct_name,
+				struct policy_handle *domain_handle, char **password);
+
+static void init_lsa_String(struct lsa_String *string, const char *s)
+{
+	string->string = s;
+}
+
+static void init_lsa_StringLarge(struct lsa_StringLarge *string, const char *s)
+{
+	string->string = s;
+}
+
+static void init_lsa_BinaryString(struct lsa_BinaryString *string, const char *s, uint32_t length)
+{
+	string->length = length;
+	string->size = length;
+	string->array = (uint16_t *)discard_const(s);
+}
+
+bool test_samr_handle_Close(struct dcerpc_binding_handle *b,
+			    struct torture_context *tctx,
+			    struct policy_handle *handle)
+{
+	struct samr_Close r;
+
+	r.in.handle = handle;
+	r.out.handle = handle;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_Close_r(b, tctx, &r),
+		"Close failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "Close failed");
+
+	return true;
+}
+
+static bool test_Shutdown(struct dcerpc_binding_handle *b,
+			  struct torture_context *tctx,
+			  struct policy_handle *handle)
+{
+	struct samr_Shutdown r;
+
+	if (!torture_setting_bool(tctx, "dangerous", false)) {
+		torture_skip(tctx, "samr_Shutdown disabled - enable dangerous tests to use\n");
+		return true;
+	}
+
+	r.in.connect_handle = handle;
+
+	torture_comment(tctx, "Testing samr_Shutdown\n");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_Shutdown_r(b, tctx, &r),
+		"Shutdown failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "Shutdown failed");
+
+	return true;
+}
+
+static bool test_SetDsrmPassword(struct dcerpc_binding_handle *b,
+				 struct torture_context *tctx,
+				 struct policy_handle *handle)
+{
+	struct samr_SetDsrmPassword r;
+	struct lsa_String string;
+	struct samr_Password hash;
+
+	if (!torture_setting_bool(tctx, "dangerous", false)) {
+		torture_skip(tctx, "samr_SetDsrmPassword disabled - enable dangerous tests to use");
+	}
+
+	E_md4hash("TeSTDSRM123", hash.hash);
+
+	init_lsa_String(&string, "Administrator");
+
+	r.in.name = &string;
+	r.in.unknown = 0;
+	r.in.hash = &hash;
+
+	torture_comment(tctx, "Testing samr_SetDsrmPassword\n");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetDsrmPassword_r(b, tctx, &r),
+		"SetDsrmPassword failed");
+	torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_NOT_SUPPORTED, "SetDsrmPassword failed");
+
+	return true;
+}
+
+
+static bool test_QuerySecurity(struct dcerpc_binding_handle *b,
+			       struct torture_context *tctx,
+			       struct policy_handle *handle)
+{
+	struct samr_QuerySecurity r;
+	struct samr_SetSecurity s;
+	struct sec_desc_buf *sdbuf = NULL;
+
+	r.in.handle = handle;
+	r.in.sec_info = 7;
+	r.out.sdbuf = &sdbuf;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_QuerySecurity_r(b, tctx, &r),
+		"QuerySecurity failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "QuerySecurity failed");
+
+	torture_assert(tctx, sdbuf != NULL, "sdbuf is NULL");
+
+	s.in.handle = handle;
+	s.in.sec_info = 7;
+	s.in.sdbuf = sdbuf;
+
+	if (torture_setting_bool(tctx, "samba4", false)) {
+		torture_skip(tctx, "skipping SetSecurity test against Samba4\n");
+	}
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetSecurity_r(b, tctx, &s),
+		"SetSecurity failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "SetSecurity failed");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_QuerySecurity_r(b, tctx, &r),
+		"QuerySecurity failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "QuerySecurity failed");
+
+	return true;
+}
+
+
+static bool test_SetUserInfo(struct dcerpc_binding_handle *b, struct torture_context *tctx,
+			     struct policy_handle *handle, uint32_t base_acct_flags,
+			     const char *base_account_name)
+{
+	struct samr_SetUserInfo s;
+	struct samr_SetUserInfo2 s2;
+	struct samr_QueryUserInfo q;
+	struct samr_QueryUserInfo q0;
+	union samr_UserInfo u;
+	union samr_UserInfo *info;
+	bool ret = true;
+	const char *test_account_name;
+
+	uint32_t user_extra_flags = 0;
+
+	if (!torture_setting_bool(tctx, "samba3", false)) {
+		if (base_acct_flags == ACB_NORMAL) {
+			/* When created, accounts are expired by default */
+			user_extra_flags = ACB_PW_EXPIRED;
+		}
+	}
+
+	s.in.user_handle = handle;
+	s.in.info = &u;
+
+	s2.in.user_handle = handle;
+	s2.in.info = &u;
+
+	q.in.user_handle = handle;
+	q.out.info = &info;
+	q0 = q;
+
+#define TESTCALL(call, r) \
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_ ##call## _r(b, tctx, &r),\
+			#call " failed"); \
+		if (!NT_STATUS_IS_OK(r.out.result)) { \
+			torture_result(tctx, TORTURE_FAIL, #call " level %u failed - %s (%s)\n", \
+			       r.in.level, nt_errstr(r.out.result), __location__); \
+			ret = false; \
+			break; \
+		}
+
+#define STRING_EQUAL(s1, s2, field) \
+	torture_assert_str_equal(tctx, s1, s2, "Failed to set " #field)
+
+#define MEM_EQUAL(s1, s2, length, field) \
+	torture_assert_mem_equal(tctx, s1, s2, length, "Failed to set " #field)
+
+#define INT_EQUAL(i1, i2, field) \
+	torture_assert_int_equal(tctx, i1, i2, "Failed to set " #field)
+
+#define TEST_USERINFO_STRING(lvl1, field1, lvl2, field2, value, fpval) do { \
+		torture_comment(tctx, "field test %d/%s vs %d/%s\n", lvl1, #field1, lvl2, #field2); \
+		q.in.level = lvl1; \
+		TESTCALL(QueryUserInfo, q) \
+		s.in.level = lvl1; \
+		s2.in.level = lvl1; \
+		u = *info; \
+		if (lvl1 == 21) { \
+			ZERO_STRUCT(u.info21); \
+			u.info21.fields_present = fpval; \
+		} \
+		init_lsa_String(&u.info ## lvl1.field1, value); \
+		TESTCALL(SetUserInfo, s) \
+		TESTCALL(SetUserInfo2, s2) \
+		init_lsa_String(&u.info ## lvl1.field1, ""); \
+		TESTCALL(QueryUserInfo, q); \
+		u = *info; \
+		STRING_EQUAL(u.info ## lvl1.field1.string, value, field1); \
+		q.in.level = lvl2; \
+		TESTCALL(QueryUserInfo, q) \
+		u = *info; \
+		STRING_EQUAL(u.info ## lvl2.field2.string, value, field2); \
+	} while (0)
+
+#define TEST_USERINFO_BINARYSTRING(lvl1, field1, lvl2, field2, value, fpval) do { \
+		torture_comment(tctx, "field test %d/%s vs %d/%s\n", lvl1, #field1, lvl2, #field2); \
+		q.in.level = lvl1; \
+		TESTCALL(QueryUserInfo, q) \
+		s.in.level = lvl1; \
+		s2.in.level = lvl1; \
+		u = *info; \
+		if (lvl1 == 21) { \
+			ZERO_STRUCT(u.info21); \
+			u.info21.fields_present = fpval; \
+		} \
+		init_lsa_BinaryString(&u.info ## lvl1.field1, value, strlen(value)); \
+		TESTCALL(SetUserInfo, s) \
+		TESTCALL(SetUserInfo2, s2) \
+		init_lsa_BinaryString(&u.info ## lvl1.field1, "", 1); \
+		TESTCALL(QueryUserInfo, q); \
+		u = *info; \
+		MEM_EQUAL(u.info ## lvl1.field1.array, value, strlen(value), field1); \
+		q.in.level = lvl2; \
+		TESTCALL(QueryUserInfo, q) \
+		u = *info; \
+		MEM_EQUAL(u.info ## lvl2.field2.array, value, strlen(value), field2); \
+	} while (0)
+
+#define TEST_USERINFO_INT_EXP(lvl1, field1, lvl2, field2, value, exp_value, fpval) do { \
+		torture_comment(tctx, "field test %d/%s vs %d/%s\n", lvl1, #field1, lvl2, #field2); \
+		q.in.level = lvl1; \
+		TESTCALL(QueryUserInfo, q) \
+		s.in.level = lvl1; \
+		s2.in.level = lvl1; \
+		u = *info; \
+		if (lvl1 == 21) { \
+			uint8_t *bits = u.info21.logon_hours.bits; \
+			ZERO_STRUCT(u.info21); \
+			if (fpval == SAMR_FIELD_LOGON_HOURS) { \
+				u.info21.logon_hours.units_per_week = 168; \
+				u.info21.logon_hours.bits = bits; \
+			} \
+			u.info21.fields_present = fpval; \
+		} \
+		u.info ## lvl1.field1 = value; \
+		TESTCALL(SetUserInfo, s) \
+		TESTCALL(SetUserInfo2, s2) \
+		u.info ## lvl1.field1 = 0; \
+		TESTCALL(QueryUserInfo, q); \
+		u = *info; \
+		INT_EQUAL(u.info ## lvl1.field1, exp_value, field1); \
+		q.in.level = lvl2; \
+		TESTCALL(QueryUserInfo, q) \
+		u = *info; \
+		INT_EQUAL(u.info ## lvl2.field2, exp_value, field1); \
+	} while (0)
+
+#define TEST_USERINFO_INT(lvl1, field1, lvl2, field2, value, fpval) do { \
+        TEST_USERINFO_INT_EXP(lvl1, field1, lvl2, field2, value, value, fpval); \
+        } while (0)
+
+	q0.in.level = 12;
+	do { TESTCALL(QueryUserInfo, q0) } while (0);
+
+	TEST_USERINFO_STRING(2, comment,  1, comment, "xx2-1 comment", 0);
+	TEST_USERINFO_STRING(2, comment, 21, comment, "xx2-21 comment", 0);
+	TEST_USERINFO_STRING(21, comment, 21, comment, "xx21-21 comment",
+			   SAMR_FIELD_COMMENT);
+
+	test_account_name = talloc_asprintf(tctx, "%sxx7-1", base_account_name);
+	TEST_USERINFO_STRING(7, account_name,  1, account_name, test_account_name, 0);
+	test_account_name = talloc_asprintf(tctx, "%sxx7-3", base_account_name);
+	TEST_USERINFO_STRING(7, account_name,  3, account_name, test_account_name, 0);
+	test_account_name = talloc_asprintf(tctx, "%sxx7-5", base_account_name);
+	TEST_USERINFO_STRING(7, account_name,  5, account_name, test_account_name, 0);
+	test_account_name = talloc_asprintf(tctx, "%sxx7-6", base_account_name);
+	TEST_USERINFO_STRING(7, account_name,  6, account_name, test_account_name, 0);
+	test_account_name = talloc_asprintf(tctx, "%sxx7-7", base_account_name);
+	TEST_USERINFO_STRING(7, account_name,  7, account_name, test_account_name, 0);
+	test_account_name = talloc_asprintf(tctx, "%sxx7-21", base_account_name);
+	TEST_USERINFO_STRING(7, account_name, 21, account_name, test_account_name, 0);
+	test_account_name = base_account_name;
+	TEST_USERINFO_STRING(21, account_name, 21, account_name, test_account_name,
+			   SAMR_FIELD_ACCOUNT_NAME);
+
+	TEST_USERINFO_STRING(6, full_name,  1, full_name, "xx6-1 full_name", 0);
+	TEST_USERINFO_STRING(6, full_name,  3, full_name, "xx6-3 full_name", 0);
+	TEST_USERINFO_STRING(6, full_name,  5, full_name, "xx6-5 full_name", 0);
+	TEST_USERINFO_STRING(6, full_name,  6, full_name, "xx6-6 full_name", 0);
+	TEST_USERINFO_STRING(6, full_name,  8, full_name, "xx6-8 full_name", 0);
+	TEST_USERINFO_STRING(6, full_name, 21, full_name, "xx6-21 full_name", 0);
+	TEST_USERINFO_STRING(8, full_name, 21, full_name, "xx8-21 full_name", 0);
+	TEST_USERINFO_STRING(21, full_name, 21, full_name, "xx21-21 full_name",
+			   SAMR_FIELD_FULL_NAME);
+
+	TEST_USERINFO_STRING(6, full_name,  1, full_name, "", 0);
+	TEST_USERINFO_STRING(6, full_name,  3, full_name, "", 0);
+	TEST_USERINFO_STRING(6, full_name,  5, full_name, "", 0);
+	TEST_USERINFO_STRING(6, full_name,  6, full_name, "", 0);
+	TEST_USERINFO_STRING(6, full_name,  8, full_name, "", 0);
+	TEST_USERINFO_STRING(6, full_name, 21, full_name, "", 0);
+	TEST_USERINFO_STRING(8, full_name, 21, full_name, "", 0);
+	TEST_USERINFO_STRING(21, full_name, 21, full_name, "",
+			   SAMR_FIELD_FULL_NAME);
+
+	TEST_USERINFO_STRING(11, logon_script, 3, logon_script, "xx11-3 logon_script", 0);
+	TEST_USERINFO_STRING(11, logon_script, 5, logon_script, "xx11-5 logon_script", 0);
+	TEST_USERINFO_STRING(11, logon_script, 21, logon_script, "xx11-21 logon_script", 0);
+	TEST_USERINFO_STRING(21, logon_script, 21, logon_script, "xx21-21 logon_script",
+			   SAMR_FIELD_LOGON_SCRIPT);
+
+	TEST_USERINFO_STRING(12, profile_path,  3, profile_path, "xx12-3 profile_path", 0);
+	TEST_USERINFO_STRING(12, profile_path,  5, profile_path, "xx12-5 profile_path", 0);
+	TEST_USERINFO_STRING(12, profile_path, 21, profile_path, "xx12-21 profile_path", 0);
+	TEST_USERINFO_STRING(21, profile_path, 21, profile_path, "xx21-21 profile_path",
+			   SAMR_FIELD_PROFILE_PATH);
+
+	TEST_USERINFO_STRING(10, home_directory, 3, home_directory, "xx10-3 home_directory", 0);
+	TEST_USERINFO_STRING(10, home_directory, 5, home_directory, "xx10-5 home_directory", 0);
+	TEST_USERINFO_STRING(10, home_directory, 21, home_directory, "xx10-21 home_directory", 0);
+	TEST_USERINFO_STRING(21, home_directory, 21, home_directory, "xx21-21 home_directory",
+			     SAMR_FIELD_HOME_DIRECTORY);
+	TEST_USERINFO_STRING(21, home_directory, 10, home_directory, "xx21-10 home_directory",
+			     SAMR_FIELD_HOME_DIRECTORY);
+
+	TEST_USERINFO_STRING(10, home_drive, 3, home_drive, "xx10-3 home_drive", 0);
+	TEST_USERINFO_STRING(10, home_drive, 5, home_drive, "xx10-5 home_drive", 0);
+	TEST_USERINFO_STRING(10, home_drive, 21, home_drive, "xx10-21 home_drive", 0);
+	TEST_USERINFO_STRING(21, home_drive, 21, home_drive, "xx21-21 home_drive",
+			     SAMR_FIELD_HOME_DRIVE);
+	TEST_USERINFO_STRING(21, home_drive, 10, home_drive, "xx21-10 home_drive",
+			     SAMR_FIELD_HOME_DRIVE);
+
+	TEST_USERINFO_STRING(13, description,  1, description, "xx13-1 description", 0);
+	TEST_USERINFO_STRING(13, description,  5, description, "xx13-5 description", 0);
+	TEST_USERINFO_STRING(13, description, 21, description, "xx13-21 description", 0);
+	TEST_USERINFO_STRING(21, description, 21, description, "xx21-21 description",
+			   SAMR_FIELD_DESCRIPTION);
+
+	TEST_USERINFO_STRING(14, workstations,  3, workstations, "14workstation3", 0);
+	TEST_USERINFO_STRING(14, workstations,  5, workstations, "14workstation4", 0);
+	TEST_USERINFO_STRING(14, workstations, 21, workstations, "14workstation21", 0);
+	TEST_USERINFO_STRING(21, workstations, 21, workstations, "21workstation21",
+			   SAMR_FIELD_WORKSTATIONS);
+	TEST_USERINFO_STRING(21, workstations, 3, workstations, "21workstation3",
+			   SAMR_FIELD_WORKSTATIONS);
+	TEST_USERINFO_STRING(21, workstations, 5, workstations, "21workstation5",
+			   SAMR_FIELD_WORKSTATIONS);
+	TEST_USERINFO_STRING(21, workstations, 14, workstations, "21workstation14",
+			   SAMR_FIELD_WORKSTATIONS);
+
+	TEST_USERINFO_BINARYSTRING(20, parameters, 21, parameters, "xx20-21 parameters", 0);
+	TEST_USERINFO_BINARYSTRING(21, parameters, 21, parameters, "xx21-21 parameters",
+			   SAMR_FIELD_PARAMETERS);
+	TEST_USERINFO_BINARYSTRING(21, parameters, 20, parameters, "xx21-20 parameters",
+			   SAMR_FIELD_PARAMETERS);
+	/* also empty user parameters are allowed */
+	TEST_USERINFO_BINARYSTRING(20, parameters, 21, parameters, "", 0);
+	TEST_USERINFO_BINARYSTRING(21, parameters, 21, parameters, "",
+			   SAMR_FIELD_PARAMETERS);
+	TEST_USERINFO_BINARYSTRING(21, parameters, 20, parameters, "",
+			   SAMR_FIELD_PARAMETERS);
+
+	/* Samba 3 cannot store country_code and code_page atm. - gd */
+	if (!torture_setting_bool(tctx, "samba3", false)) {
+		TEST_USERINFO_INT(2, country_code, 2, country_code, __LINE__, 0);
+		TEST_USERINFO_INT(2, country_code, 21, country_code, __LINE__, 0);
+		TEST_USERINFO_INT(21, country_code, 21, country_code, __LINE__,
+				  SAMR_FIELD_COUNTRY_CODE);
+		TEST_USERINFO_INT(21, country_code, 2, country_code, __LINE__,
+				  SAMR_FIELD_COUNTRY_CODE);
+
+		TEST_USERINFO_INT(2, code_page, 21, code_page, __LINE__, 0);
+		TEST_USERINFO_INT(21, code_page, 21, code_page, __LINE__,
+				  SAMR_FIELD_CODE_PAGE);
+		TEST_USERINFO_INT(21, code_page, 2, code_page, __LINE__,
+				  SAMR_FIELD_CODE_PAGE);
+	}
+
+	if (!torture_setting_bool(tctx, "samba3", false)) {
+		TEST_USERINFO_INT(17, acct_expiry, 21, acct_expiry, __LINE__, 0);
+		TEST_USERINFO_INT(17, acct_expiry, 5, acct_expiry, __LINE__, 0);
+		TEST_USERINFO_INT(21, acct_expiry, 21, acct_expiry, __LINE__,
+				  SAMR_FIELD_ACCT_EXPIRY);
+		TEST_USERINFO_INT(21, acct_expiry, 5, acct_expiry, __LINE__,
+				  SAMR_FIELD_ACCT_EXPIRY);
+		TEST_USERINFO_INT(21, acct_expiry, 17, acct_expiry, __LINE__,
+				  SAMR_FIELD_ACCT_EXPIRY);
+	} else {
+		/* Samba 3 can only store seconds / time_t in passdb - gd */
+		NTTIME nt;
+		unix_to_nt_time(&nt, time(NULL) + __LINE__);
+		TEST_USERINFO_INT(17, acct_expiry, 21, acct_expiry, nt, 0);
+		unix_to_nt_time(&nt, time(NULL) + __LINE__);
+		TEST_USERINFO_INT(17, acct_expiry, 5, acct_expiry, nt, 0);
+		unix_to_nt_time(&nt, time(NULL) + __LINE__);
+		TEST_USERINFO_INT(21, acct_expiry, 21, acct_expiry, nt, SAMR_FIELD_ACCT_EXPIRY);
+		unix_to_nt_time(&nt, time(NULL) + __LINE__);
+		TEST_USERINFO_INT(21, acct_expiry, 5, acct_expiry, nt, SAMR_FIELD_ACCT_EXPIRY);
+		unix_to_nt_time(&nt, time(NULL) + __LINE__);
+		TEST_USERINFO_INT(21, acct_expiry, 17, acct_expiry, nt, SAMR_FIELD_ACCT_EXPIRY);
+	}
+
+	TEST_USERINFO_INT(4, logon_hours.bits[3],  3, logon_hours.bits[3], 1, 0);
+	TEST_USERINFO_INT(4, logon_hours.bits[3],  5, logon_hours.bits[3], 2, 0);
+	TEST_USERINFO_INT(4, logon_hours.bits[3], 21, logon_hours.bits[3], 3, 0);
+	TEST_USERINFO_INT(21, logon_hours.bits[3], 21, logon_hours.bits[3], 4,
+			  SAMR_FIELD_LOGON_HOURS);
+
+	TEST_USERINFO_INT_EXP(16, acct_flags, 5, acct_flags,
+			      (base_acct_flags  | ACB_DISABLED | ACB_HOMDIRREQ),
+			      (base_acct_flags  | ACB_DISABLED | ACB_HOMDIRREQ | user_extra_flags),
+			      0);
+	TEST_USERINFO_INT_EXP(16, acct_flags, 5, acct_flags,
+			      (base_acct_flags  | ACB_DISABLED),
+			      (base_acct_flags  | ACB_DISABLED | user_extra_flags),
+			      0);
+
+	/* Setting PWNOEXP clears the magic ACB_PW_EXPIRED flag */
+	TEST_USERINFO_INT_EXP(16, acct_flags, 5, acct_flags,
+			      (base_acct_flags  | ACB_DISABLED | ACB_PWNOEXP),
+			      (base_acct_flags  | ACB_DISABLED | ACB_PWNOEXP),
+			      0);
+	TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
+			      (base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ),
+			      (base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ | user_extra_flags),
+			      0);
+
+
+	/* The 'autolock' flag doesn't stick - check this */
+	TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
+			      (base_acct_flags | ACB_DISABLED | ACB_AUTOLOCK),
+			      (base_acct_flags | ACB_DISABLED | user_extra_flags),
+			      0);
+#if 0
+	/* Removing the 'disabled' flag doesn't stick - check this */
+	TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
+			      (base_acct_flags),
+			      (base_acct_flags | ACB_DISABLED | user_extra_flags),
+			      0);
+#endif
+
+	/* Samba3 cannot store these atm */
+	if (!torture_setting_bool(tctx, "samba3", false)) {
+		/* The 'store plaintext' flag does stick */
+		TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
+				      (base_acct_flags | ACB_DISABLED | ACB_ENC_TXT_PWD_ALLOWED),
+				      (base_acct_flags | ACB_DISABLED | ACB_ENC_TXT_PWD_ALLOWED | user_extra_flags),
+				      0);
+		/* The 'use DES' flag does stick */
+		TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
+				      (base_acct_flags | ACB_DISABLED | ACB_USE_DES_KEY_ONLY),
+				      (base_acct_flags | ACB_DISABLED | ACB_USE_DES_KEY_ONLY | user_extra_flags),
+				      0);
+		/* The 'don't require kerberos pre-authentication flag does stick */
+		TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
+				      (base_acct_flags | ACB_DISABLED | ACB_DONT_REQUIRE_PREAUTH),
+				      (base_acct_flags | ACB_DISABLED | ACB_DONT_REQUIRE_PREAUTH | user_extra_flags),
+				      0);
+		/* The 'no kerberos PAC required' flag sticks */
+		TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
+				      (base_acct_flags | ACB_DISABLED | ACB_NO_AUTH_DATA_REQD),
+				      (base_acct_flags | ACB_DISABLED | ACB_NO_AUTH_DATA_REQD | user_extra_flags),
+				      0);
+	}
+	TEST_USERINFO_INT_EXP(21, acct_flags, 21, acct_flags,
+			      (base_acct_flags | ACB_DISABLED),
+			      (base_acct_flags | ACB_DISABLED | user_extra_flags),
+			      SAMR_FIELD_ACCT_FLAGS);
+
+#if 0
+	/* these fail with win2003 - it appears you can't set the primary gid?
+	   the set succeeds, but the gid isn't changed. Very weird! */
+	TEST_USERINFO_INT(9, primary_gid,  1, primary_gid, 513);
+	TEST_USERINFO_INT(9, primary_gid,  3, primary_gid, 513);
+	TEST_USERINFO_INT(9, primary_gid,  5, primary_gid, 513);
+	TEST_USERINFO_INT(9, primary_gid, 21, primary_gid, 513);
+#endif
+
+	return ret;
+}
+
+/*
+  generate a random password for password change tests
+*/
+static char *samr_rand_pass_silent(TALLOC_CTX *mem_ctx, int min_len)
+{
+	size_t len = MAX(8, min_len);
+	char *s = generate_random_password(mem_ctx, len, len+6);
+	return s;
+}
+
+static char *samr_rand_pass(TALLOC_CTX *mem_ctx, int min_len)
+{
+	char *s = samr_rand_pass_silent(mem_ctx, min_len);
+	printf("Generated password '%s'\n", s);
+	return s;
+
+}
+
+/*
+  generate a random password for password change tests
+*/
+static DATA_BLOB samr_very_rand_pass(TALLOC_CTX *mem_ctx, int len)
+{
+	int i;
+	DATA_BLOB password = data_blob_talloc(mem_ctx, NULL, len * 2 /* number of unicode chars */);
+	generate_random_buffer(password.data, password.length);
+
+	for (i=0; i < len; i++) {
+		if (((uint16_t *)password.data)[i] == 0) {
+			((uint16_t *)password.data)[i] = 1;
+		}
+	}
+
+	return password;
+}
+
+/*
+  generate a random password for password change tests (fixed length)
+*/
+static char *samr_rand_pass_fixed_len(TALLOC_CTX *mem_ctx, int len)
+{
+	char *s = generate_random_password(mem_ctx, len, len);
+	printf("Generated password '%s'\n", s);
+	return s;
+}
+
+static bool test_SetUserPass(struct dcerpc_pipe *p, struct torture_context *tctx,
+			     struct policy_handle *handle, char **password)
+{
+	NTSTATUS status;
+	struct samr_SetUserInfo s;
+	union samr_UserInfo u;
+	bool ret = true;
+	DATA_BLOB session_key;
+	char *newpass;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct samr_GetUserPwInfo pwp;
+	struct samr_PwInfo info;
+	int policy_min_pw_len = 0;
+	pwp.in.user_handle = handle;
+	pwp.out.info = &info;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetUserPwInfo_r(b, tctx, &pwp),
+		"GetUserPwInfo failed");
+	if (NT_STATUS_IS_OK(pwp.out.result)) {
+		policy_min_pw_len = pwp.out.info->min_password_length;
+	}
+	newpass = samr_rand_pass(tctx, policy_min_pw_len);
+
+	s.in.user_handle = handle;
+	s.in.info = &u;
+	s.in.level = 24;
+
+	u.info24.password_expired = 0;
+
+	status = dcerpc_fetch_session_key(p, &session_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u - no session key - %s\n",
+		       s.in.level, nt_errstr(status));
+		return false;
+	}
+
+	status = init_samr_CryptPassword(newpass,
+					  &session_key,
+					  &u.info24.password);
+	torture_assert_ntstatus_ok(tctx,
+				   status,
+				   "init_samr_CryptPassword failed");
+
+	torture_comment(tctx, "Testing SetUserInfo level 24 (set password)\n");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo_r(b, tctx, &s),
+		"SetUserInfo failed");
+	torture_comment(tctx, "(%s:%s) new_password[%s] status[%s]\n",
+			__location__, __FUNCTION__,
+			newpass, nt_errstr(s.out.result));
+	if (!NT_STATUS_IS_OK(s.out.result)) {
+		torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u failed - %s\n",
+		       s.in.level, nt_errstr(s.out.result));
+		ret = false;
+	} else {
+		*password = newpass;
+	}
+
+	return ret;
+}
+
+
+static bool test_SetUserPass_23(struct dcerpc_pipe *p, struct torture_context *tctx,
+				struct policy_handle *handle, uint32_t fields_present,
+				char **password)
+{
+	NTSTATUS status;
+	struct samr_SetUserInfo s;
+	union samr_UserInfo u;
+	bool ret = true;
+	DATA_BLOB session_key;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	char *newpass;
+	struct samr_GetUserPwInfo pwp;
+	struct samr_PwInfo info;
+	int policy_min_pw_len = 0;
+	pwp.in.user_handle = handle;
+	pwp.out.info = &info;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetUserPwInfo_r(b, tctx, &pwp),
+		"GetUserPwInfo failed");
+	if (NT_STATUS_IS_OK(pwp.out.result)) {
+		policy_min_pw_len = pwp.out.info->min_password_length;
+	}
+	newpass = samr_rand_pass(tctx, policy_min_pw_len);
+
+	s.in.user_handle = handle;
+	s.in.info = &u;
+	s.in.level = 23;
+
+	ZERO_STRUCT(u);
+
+	u.info23.info.fields_present = fields_present;
+
+	status = dcerpc_fetch_session_key(p, &session_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u - no session key - %s\n",
+		       s.in.level, nt_errstr(status));
+		return false;
+	}
+
+	status = init_samr_CryptPassword(newpass,
+					 &session_key,
+					 &u.info23.password);
+	torture_assert_ntstatus_ok(tctx,
+				   status,
+				   "init_samr_CryptPassword failed");
+
+	torture_comment(tctx, "Testing SetUserInfo level 23 (set password)\n");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo_r(b, tctx, &s),
+		"SetUserInfo failed");
+	torture_comment(tctx, "(%s:%s) new_password[%s] status[%s]\n",
+			__location__, __FUNCTION__,
+			newpass, nt_errstr(s.out.result));
+	if (!NT_STATUS_IS_OK(s.out.result)) {
+		torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u failed - %s\n",
+		       s.in.level, nt_errstr(s.out.result));
+		ret = false;
+	} else {
+		*password = newpass;
+	}
+
+	status = dcerpc_fetch_session_key(p, &session_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u - no session key - %s\n",
+		       s.in.level, nt_errstr(status));
+		return false;
+	}
+
+	/* This should break the key nicely */
+	session_key.data[0]++;
+
+	status = init_samr_CryptPassword(newpass,
+					 &session_key,
+					 &u.info23.password);
+	torture_assert_ntstatus_ok(tctx,
+				   status,
+				   "init_samr_CryptPassword failed");
+
+	/* Reset the session key */
+	session_key.data[0]--;
+
+	torture_comment(tctx, "Testing SetUserInfo level 23 (set password) with wrong password\n");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo_r(b, tctx, &s),
+		"SetUserInfo failed");
+	torture_comment(tctx, "(%s:%s) new_password[%s] status[%s]\n",
+			__location__, __FUNCTION__,
+			newpass, nt_errstr(s.out.result));
+	if (!NT_STATUS_EQUAL(s.out.result, NT_STATUS_WRONG_PASSWORD)) {
+		torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u should have failed with WRONG_PASSWORD- %s\n",
+		       s.in.level, nt_errstr(s.out.result));
+		ret = false;
+	}
+
+	return ret;
+}
+
+static bool test_SetUserPass_32(struct dcerpc_pipe *p, struct torture_context *tctx,
+				struct policy_handle *handle, uint32_t fields_present,
+				char **password)
+{
+	NTSTATUS status;
+	struct samr_SetUserInfo s;
+	union samr_UserInfo u;
+	DATA_BLOB session_key;
+	uint8_t salt_data[16];
+	DATA_BLOB salt = {
+		.data = salt_data,
+		.length = sizeof(salt_data),
+	};
+	char *newpass = NULL;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct samr_GetUserPwInfo pwp;
+	struct samr_PwInfo info;
+	int policy_min_pw_len = 0;
+	bool ret = true;
+
+	pwp.in.user_handle = handle;
+	pwp.out.info = &info;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetUserPwInfo_r(b, tctx, &pwp),
+		"GetUserPwInfo failed");
+	if (NT_STATUS_IS_OK(pwp.out.result)) {
+		policy_min_pw_len = pwp.out.info->min_password_length;
+	}
+	newpass = samr_rand_pass(tctx, policy_min_pw_len);
+
+	s.in.user_handle = handle;
+	s.in.info = &u;
+	s.in.level = 32;
+
+	ZERO_STRUCT(u);
+
+	u.info32.info.fields_present = fields_present;
+
+	status = dcerpc_fetch_session_key(p, &session_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_result(tctx,
+			       TORTURE_FAIL,
+			       "SetUserInfo level %u - no session key - %s\n",
+			       s.in.level,
+			       nt_errstr(status));
+		return false;
+	}
+
+	generate_nonce_buffer(salt.data, salt.length);
+
+	status = init_samr_CryptPasswordAES(tctx,
+					    newpass,
+					    &salt,
+					    &session_key,
+					    &u.info32.password);
+	torture_assert_ntstatus_ok(tctx,
+				   status,
+				   "init_samr_CryptPasswordAES failed");
+
+	torture_comment(tctx,
+			"Testing SetUserInfo level 32 (set password aes)\n");
+
+	status = dcerpc_samr_SetUserInfo_r(b, tctx, &s);
+	torture_assert_ntstatus_ok(tctx, status, "SetUserInfo failed");
+	torture_comment(tctx, "(%s:%s) new_password[%s] status[%s]\n",
+			__location__,
+			__FUNCTION__,
+			newpass,
+			nt_errstr(s.out.result));
+	if (!NT_STATUS_IS_OK(s.out.result)) {
+		torture_result(tctx,
+			       TORTURE_FAIL,
+			       "SetUserInfo level %u failed - %s\n",
+			       s.in.level,
+			       nt_errstr(s.out.result));
+		ret = false;
+	} else {
+		*password = newpass;
+	}
+
+	/* This should break the key nicely */
+	session_key.data[0]++;
+
+	status = init_samr_CryptPasswordAES(tctx,
+					    newpass,
+					    &salt,
+					    &session_key,
+					    &u.info32.password);
+	torture_assert_ntstatus_ok(tctx,
+				   status,
+				   "init_samr_CryptPasswordEx failed");
+
+	/* Reset the key */
+	session_key.data[0]--;
+
+	torture_comment(tctx,
+			"Testing SetUserInfo level 32 (set password aes) with "
+			"wrong session key\n");
+
+	status = dcerpc_samr_SetUserInfo_r(b, tctx, &s);
+	torture_assert_ntstatus_ok(tctx, status, "SetUserInfo failed");
+	torture_comment(tctx,
+			"(%s:%s) new_password[%s] status[%s]\n",
+			__location__,
+			__FUNCTION__,
+			newpass,
+			nt_errstr(s.out.result));
+	if (!NT_STATUS_EQUAL(s.out.result, NT_STATUS_WRONG_PASSWORD)) {
+		torture_result(tctx,
+			       TORTURE_FAIL,
+			       "SetUserInfo level %u should have failed with "
+			       "WRONG_PASSWORD- %s\n",
+			       s.in.level,
+			       nt_errstr(s.out.result));
+		ret = false;
+	}
+
+	return ret;
+}
+
+
+static bool test_SetUserPass_31(struct dcerpc_pipe *p, struct torture_context *tctx,
+			       struct policy_handle *handle, bool makeshort,
+			       char **password)
+{
+	NTSTATUS status;
+	struct samr_SetUserInfo s;
+	union samr_UserInfo u;
+	bool ret = true;
+	DATA_BLOB session_key;
+	uint8_t salt_data[16];
+	DATA_BLOB salt = {
+		.data = salt_data,
+		.length = sizeof(salt_data),
+	};
+	char *newpass;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct samr_GetUserPwInfo pwp;
+	struct samr_PwInfo info;
+	int policy_min_pw_len = 0;
+
+	pwp.in.user_handle = handle;
+	pwp.out.info = &info;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetUserPwInfo_r(b, tctx, &pwp),
+		"GetUserPwInfo failed");
+	if (NT_STATUS_IS_OK(pwp.out.result)) {
+		policy_min_pw_len = pwp.out.info->min_password_length;
+	}
+	if (makeshort && policy_min_pw_len) {
+		newpass = samr_rand_pass_fixed_len(tctx, policy_min_pw_len - 1);
+	} else {
+		newpass = samr_rand_pass(tctx, policy_min_pw_len);
+	}
+
+	s.in.user_handle = handle;
+	s.in.info = &u;
+	s.in.level = 31;
+
+	ZERO_STRUCT(u);
+
+	u.info31.password_expired = 0;
+
+	status = dcerpc_fetch_session_key(p, &session_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u - no session key - %s\n",
+		       s.in.level, nt_errstr(status));
+		return false;
+	}
+
+	generate_nonce_buffer(salt.data, salt.length);
+
+	status = init_samr_CryptPasswordAES(tctx,
+					    newpass,
+					    &salt,
+					    &session_key,
+					    &u.info31.password);
+	torture_assert_ntstatus_ok(tctx,
+				   status,
+				   "init_samr_CryptPasswordEx failed");
+
+	torture_comment(tctx, "Testing SetUserInfo level 31 (set password aes)\n");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo_r(b, tctx, &s),
+		"SetUserInfo failed");
+	torture_comment(tctx, "(%s:%s) new_password[%s] status[%s]\n",
+			__location__, __FUNCTION__,
+			newpass, nt_errstr(s.out.result));
+	if (!NT_STATUS_IS_OK(s.out.result)) {
+		torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u failed - %s\n",
+		       s.in.level, nt_errstr(s.out.result));
+		ret = false;
+	} else {
+		*password = newpass;
+	}
+
+	/* This should break the key nicely */
+	session_key.data[0]++;
+
+	status = init_samr_CryptPasswordAES(tctx,
+					    newpass,
+					    &salt,
+					    &session_key,
+					    &u.info31.password);
+	torture_assert_ntstatus_ok(tctx,
+				   status,
+				   "init_samr_CryptPasswordEx failed");
+
+	/* Reset the key */
+	session_key.data[0]--;
+
+	torture_comment(tctx, "Testing SetUserInfo level 31 (set password aes) with wrong session key\n");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo_r(b, tctx, &s),
+		"SetUserInfo failed");
+	torture_comment(tctx, "(%s:%s) new_password[%s] status[%s]\n",
+			__location__, __FUNCTION__,
+			newpass, nt_errstr(s.out.result));
+	if (!NT_STATUS_EQUAL(s.out.result, NT_STATUS_WRONG_PASSWORD)) {
+		torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u should have failed with WRONG_PASSWORD: %s\n",
+		       s.in.level, nt_errstr(s.out.result));
+		ret = false;
+	} else {
+		*password = newpass;
+	}
+
+	return ret;
+}
+
+
+static bool test_SetUserPassEx(struct dcerpc_pipe *p, struct torture_context *tctx,
+			       struct policy_handle *handle, bool makeshort,
+			       char **password)
+{
+	NTSTATUS status;
+	struct samr_SetUserInfo s;
+	union samr_UserInfo u;
+	bool ret = true;
+	DATA_BLOB session_key;
+	char *newpass;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct samr_GetUserPwInfo pwp;
+	struct samr_PwInfo info;
+	int policy_min_pw_len = 0;
+
+	pwp.in.user_handle = handle;
+	pwp.out.info = &info;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetUserPwInfo_r(b, tctx, &pwp),
+		"GetUserPwInfo failed");
+	if (NT_STATUS_IS_OK(pwp.out.result)) {
+		policy_min_pw_len = pwp.out.info->min_password_length;
+	}
+	if (makeshort && policy_min_pw_len) {
+		newpass = samr_rand_pass_fixed_len(tctx, policy_min_pw_len - 1);
+	} else {
+		newpass = samr_rand_pass(tctx, policy_min_pw_len);
+	}
+
+	s.in.user_handle = handle;
+	s.in.info = &u;
+	s.in.level = 26;
+
+	u.info26.password_expired = 0;
+
+	status = dcerpc_fetch_session_key(p, &session_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u - no session key - %s\n",
+		       s.in.level, nt_errstr(status));
+		return false;
+	}
+
+	status = init_samr_CryptPasswordEx(newpass,
+					   &session_key,
+					   &u.info26.password);
+	torture_assert_ntstatus_ok(tctx,
+				   status,
+				   "init_samr_CryptPasswordEx failed");
+
+	torture_comment(tctx, "Testing SetUserInfo level 26 (set password ex)\n");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo_r(b, tctx, &s),
+		"SetUserInfo failed");
+	torture_comment(tctx, "(%s:%s) new_password[%s] status[%s]\n",
+			__location__, __FUNCTION__,
+			newpass, nt_errstr(s.out.result));
+	if (!NT_STATUS_IS_OK(s.out.result)) {
+		torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u failed - %s\n",
+		       s.in.level, nt_errstr(s.out.result));
+		ret = false;
+	} else {
+		*password = newpass;
+	}
+
+	/* This should break the key nicely */
+	session_key.data[0]++;
+
+	status = init_samr_CryptPasswordEx(newpass,
+					   &session_key,
+					   &u.info26.password);
+	torture_assert_ntstatus_ok(tctx,
+				   status,
+				   "init_samr_CryptPasswordEx failed");
+
+	/* Reset the key */
+	session_key.data[0]--;
+
+	torture_comment(tctx, "Testing SetUserInfo level 26 (set password ex) with wrong session key\n");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo_r(b, tctx, &s),
+		"SetUserInfo failed");
+	torture_comment(tctx, "(%s:%s) new_password[%s] status[%s]\n",
+			__location__, __FUNCTION__,
+			newpass, nt_errstr(s.out.result));
+	if (!NT_STATUS_EQUAL(s.out.result, NT_STATUS_WRONG_PASSWORD)) {
+		torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u should have failed with WRONG_PASSWORD: %s\n",
+		       s.in.level, nt_errstr(s.out.result));
+		ret = false;
+	} else {
+		*password = newpass;
+	}
+
+	return ret;
+}
+
+static bool test_SetUserPass_25(struct dcerpc_pipe *p, struct torture_context *tctx,
+				struct policy_handle *handle, uint32_t fields_present,
+				char **password)
+{
+	NTSTATUS status;
+	struct samr_SetUserInfo s;
+	union samr_UserInfo u;
+	bool ret = true;
+	DATA_BLOB session_key;
+	char *newpass;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct samr_GetUserPwInfo pwp;
+	struct samr_PwInfo info;
+	int policy_min_pw_len = 0;
+
+	pwp.in.user_handle = handle;
+	pwp.out.info = &info;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetUserPwInfo_r(b, tctx, &pwp),
+		"GetUserPwInfo failed");
+	if (NT_STATUS_IS_OK(pwp.out.result)) {
+		policy_min_pw_len = pwp.out.info->min_password_length;
+	}
+	newpass = samr_rand_pass(tctx, policy_min_pw_len);
+
+	s.in.user_handle = handle;
+	s.in.info = &u;
+	s.in.level = 25;
+
+	ZERO_STRUCT(u);
+
+	u.info25.info.fields_present = fields_present;
+
+	status = dcerpc_fetch_session_key(p, &session_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u - no session key - %s\n",
+		       s.in.level, nt_errstr(status));
+		return false;
+	}
+
+	status = init_samr_CryptPasswordEx(newpass,
+					   &session_key,
+					   &u.info25.password);
+	torture_assert_ntstatus_ok(tctx,
+				   status,
+				   "init_samr_CryptPasswordEx failed");
+
+	torture_comment(tctx, "Testing SetUserInfo level 25 (set password ex)\n");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo_r(b, tctx, &s),
+		"SetUserInfo failed");
+	torture_comment(tctx, "(%s:%s) new_password[%s] status[%s]\n",
+			__location__, __FUNCTION__,
+			newpass, nt_errstr(s.out.result));
+	if (!NT_STATUS_IS_OK(s.out.result)) {
+		torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u failed - %s\n",
+		       s.in.level, nt_errstr(s.out.result));
+		ret = false;
+	} else {
+		*password = newpass;
+	}
+
+	/* This should break the key nicely */
+	session_key.data[0]++;
+
+	status = init_samr_CryptPasswordEx(newpass,
+					   &session_key,
+					   &u.info25.password);
+	torture_assert_ntstatus_ok(tctx,
+				   status,
+				   "init_samr_CryptPasswordEx failed");
+
+	/* Reset the key */
+	session_key.data[0]--;
+
+	torture_comment(tctx, "Testing SetUserInfo level 25 (set password ex) with wrong session key\n");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo_r(b, tctx, &s),
+		"SetUserInfo failed");
+	torture_comment(tctx, "(%s:%s) new_password[%s] status[%s]\n",
+			__location__, __FUNCTION__,
+			newpass, nt_errstr(s.out.result));
+	if (!NT_STATUS_EQUAL(s.out.result, NT_STATUS_WRONG_PASSWORD)) {
+		torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u should have failed with WRONG_PASSWORD- %s\n",
+		       s.in.level, nt_errstr(s.out.result));
+		ret = false;
+	}
+
+	return ret;
+}
+
+static bool test_SetUserPass_18(struct dcerpc_pipe *p, struct torture_context *tctx,
+				struct policy_handle *handle, char **password)
+{
+	NTSTATUS status;
+	struct samr_SetUserInfo s;
+	union samr_UserInfo u;
+	bool ret = true;
+	DATA_BLOB session_key;
+	char *newpass;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct samr_GetUserPwInfo pwp;
+	struct samr_PwInfo info;
+	int policy_min_pw_len = 0;
+	uint8_t lm_hash[16], nt_hash[16];
+
+	pwp.in.user_handle = handle;
+	pwp.out.info = &info;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetUserPwInfo_r(b, tctx, &pwp),
+		"GetUserPwInfo failed");
+	if (NT_STATUS_IS_OK(pwp.out.result)) {
+		policy_min_pw_len = pwp.out.info->min_password_length;
+	}
+	newpass = samr_rand_pass(tctx, policy_min_pw_len);
+
+	s.in.user_handle = handle;
+	s.in.info = &u;
+	s.in.level = 18;
+
+	ZERO_STRUCT(u);
+
+	u.info18.nt_pwd_active = true;
+	u.info18.lm_pwd_active = true;
+
+	E_md4hash(newpass, nt_hash);
+	E_deshash(newpass, lm_hash);
+
+	status = dcerpc_fetch_session_key(p, &session_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u - no session key - %s\n",
+		       s.in.level, nt_errstr(status));
+		return false;
+	}
+
+	{
+		DATA_BLOB in,out;
+		in = data_blob_const(nt_hash, 16);
+		out = data_blob_talloc_zero(tctx, 16);
+		sess_crypt_blob(&out, &in, &session_key, SAMBA_GNUTLS_ENCRYPT);
+		memcpy(u.info18.nt_pwd.hash, out.data, out.length);
+	}
+	{
+		DATA_BLOB in,out;
+		in = data_blob_const(lm_hash, 16);
+		out = data_blob_talloc_zero(tctx, 16);
+		sess_crypt_blob(&out, &in, &session_key, SAMBA_GNUTLS_ENCRYPT);
+		memcpy(u.info18.lm_pwd.hash, out.data, out.length);
+	}
+
+	torture_comment(tctx, "Testing SetUserInfo level 18 (set password hash)\n");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo_r(b, tctx, &s),
+		"SetUserInfo failed");
+	if (!NT_STATUS_IS_OK(s.out.result)) {
+		torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u failed - %s\n",
+		       s.in.level, nt_errstr(s.out.result));
+		ret = false;
+	} else {
+		*password = newpass;
+	}
+
+	return ret;
+}
+
+static bool test_SetUserPass_21(struct dcerpc_pipe *p, struct torture_context *tctx,
+				struct policy_handle *handle, uint32_t fields_present,
+				char **password)
+{
+	NTSTATUS status;
+	struct samr_SetUserInfo s;
+	union samr_UserInfo u;
+	bool ret = true;
+	DATA_BLOB session_key;
+	char *newpass;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct samr_GetUserPwInfo pwp;
+	struct samr_PwInfo info;
+	int policy_min_pw_len = 0;
+	uint8_t lm_hash[16], nt_hash[16];
+
+	pwp.in.user_handle = handle;
+	pwp.out.info = &info;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetUserPwInfo_r(b, tctx, &pwp),
+		"GetUserPwInfo failed");
+	if (NT_STATUS_IS_OK(pwp.out.result)) {
+		policy_min_pw_len = pwp.out.info->min_password_length;
+	}
+	newpass = samr_rand_pass(tctx, policy_min_pw_len);
+
+	s.in.user_handle = handle;
+	s.in.info = &u;
+	s.in.level = 21;
+
+	E_md4hash(newpass, nt_hash);
+	E_deshash(newpass, lm_hash);
+
+	ZERO_STRUCT(u);
+
+	u.info21.fields_present = fields_present;
+
+	if (fields_present & SAMR_FIELD_LM_PASSWORD_PRESENT) {
+		u.info21.lm_owf_password.length = 16;
+		u.info21.lm_owf_password.size = 16;
+		u.info21.lm_owf_password.array = (uint16_t *)lm_hash;
+		u.info21.lm_password_set = true;
+	}
+
+	if (fields_present & SAMR_FIELD_NT_PASSWORD_PRESENT) {
+		u.info21.nt_owf_password.length = 16;
+		u.info21.nt_owf_password.size = 16;
+		u.info21.nt_owf_password.array = (uint16_t *)nt_hash;
+		u.info21.nt_password_set = true;
+	}
+
+	status = dcerpc_fetch_session_key(p, &session_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u - no session key - %s\n",
+		       s.in.level, nt_errstr(status));
+		return false;
+	}
+
+	if (fields_present & SAMR_FIELD_LM_PASSWORD_PRESENT) {
+		DATA_BLOB in,out;
+		in = data_blob_const(u.info21.lm_owf_password.array,
+				     u.info21.lm_owf_password.length);
+		out = data_blob_talloc_zero(tctx, 16);
+		sess_crypt_blob(&out, &in, &session_key, SAMBA_GNUTLS_ENCRYPT);
+		u.info21.lm_owf_password.array = (uint16_t *)out.data;
+	}
+
+	if (fields_present & SAMR_FIELD_NT_PASSWORD_PRESENT) {
+		DATA_BLOB in,out;
+		in = data_blob_const(u.info21.nt_owf_password.array,
+				     u.info21.nt_owf_password.length);
+		out = data_blob_talloc_zero(tctx, 16);
+		sess_crypt_blob(&out, &in, &session_key, SAMBA_GNUTLS_ENCRYPT);
+		u.info21.nt_owf_password.array = (uint16_t *)out.data;
+	}
+
+	torture_comment(tctx, "Testing SetUserInfo level 21 (set password hash)\n");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo_r(b, tctx, &s),
+		"SetUserInfo failed");
+	if (!NT_STATUS_IS_OK(s.out.result)) {
+		torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u failed - %s\n",
+		       s.in.level, nt_errstr(s.out.result));
+		ret = false;
+	} else {
+		*password = newpass;
+	}
+
+	/* try invalid length */
+	if (fields_present & SAMR_FIELD_NT_PASSWORD_PRESENT) {
+
+		u.info21.nt_owf_password.length++;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo_r(b, tctx, &s),
+			"SetUserInfo failed");
+		if (!NT_STATUS_EQUAL(s.out.result, NT_STATUS_INVALID_PARAMETER)) {
+			torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u should have failed with NT_STATUS_INVALID_PARAMETER - %s\n",
+			       s.in.level, nt_errstr(s.out.result));
+			ret = false;
+		}
+	}
+
+	if (fields_present & SAMR_FIELD_LM_PASSWORD_PRESENT) {
+
+		u.info21.lm_owf_password.length++;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo_r(b, tctx, &s),
+			"SetUserInfo failed");
+		if (!NT_STATUS_EQUAL(s.out.result, NT_STATUS_INVALID_PARAMETER)) {
+			torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u should have failed with NT_STATUS_INVALID_PARAMETER - %s\n",
+			       s.in.level, nt_errstr(s.out.result));
+			ret = false;
+		}
+	}
+
+	return ret;
+}
+
+static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p,
+				      struct torture_context *tctx,
+				      struct policy_handle *handle,
+				      uint16_t level,
+				      uint32_t fields_present,
+				      char **password, uint8_t password_expired,
+				      bool use_setinfo2,
+				      bool *matched_expected_error)
+{
+	NTSTATUS status;
+	NTSTATUS expected_error = NT_STATUS_OK;
+	struct samr_SetUserInfo s;
+	struct samr_SetUserInfo2 s2;
+	union samr_UserInfo u;
+	bool ret = true;
+	DATA_BLOB session_key;
+	uint8_t salt_data[16];
+	DATA_BLOB salt = {
+		.data = salt_data,
+		.length = sizeof(salt_data),
+	};
+	char *newpass;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct samr_GetUserPwInfo pwp;
+	struct samr_PwInfo info;
+	int policy_min_pw_len = 0;
+	const char *comment = NULL;
+	uint8_t lm_hash[16], nt_hash[16];
+
+	pwp.in.user_handle = handle;
+	pwp.out.info = &info;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetUserPwInfo_r(b, tctx, &pwp),
+		"GetUserPwInfo failed");
+	if (NT_STATUS_IS_OK(pwp.out.result)) {
+		policy_min_pw_len = pwp.out.info->min_password_length;
+	}
+	newpass = samr_rand_pass_silent(tctx, policy_min_pw_len);
+
+	if (use_setinfo2) {
+		s2.in.user_handle = handle;
+		s2.in.info = &u;
+		s2.in.level = level;
+	} else {
+		s.in.user_handle = handle;
+		s.in.info = &u;
+		s.in.level = level;
+	}
+
+	if (fields_present & SAMR_FIELD_COMMENT) {
+		comment = talloc_asprintf(tctx, "comment: %ld\n", (long int) time(NULL));
+	}
+
+	ZERO_STRUCT(u);
+
+	switch (level) {
+	case 18:
+		E_md4hash(newpass, nt_hash);
+		E_deshash(newpass, lm_hash);
+
+		u.info18.nt_pwd_active = true;
+		u.info18.lm_pwd_active = true;
+		u.info18.password_expired = password_expired;
+
+		memcpy(u.info18.lm_pwd.hash, lm_hash, 16);
+		memcpy(u.info18.nt_pwd.hash, nt_hash, 16);
+
+		break;
+	case 21:
+		E_md4hash(newpass, nt_hash);
+		E_deshash(newpass, lm_hash);
+
+		u.info21.fields_present = fields_present;
+		u.info21.password_expired = password_expired;
+		u.info21.comment.string = comment;
+
+		if (fields_present & SAMR_FIELD_LM_PASSWORD_PRESENT) {
+			u.info21.lm_owf_password.length = 16;
+			u.info21.lm_owf_password.size = 16;
+			u.info21.lm_owf_password.array = (uint16_t *)lm_hash;
+			u.info21.lm_password_set = true;
+		}
+
+		if (fields_present & SAMR_FIELD_NT_PASSWORD_PRESENT) {
+			u.info21.nt_owf_password.length = 16;
+			u.info21.nt_owf_password.size = 16;
+			u.info21.nt_owf_password.array = (uint16_t *)nt_hash;
+			u.info21.nt_password_set = true;
+		}
+
+		break;
+	case 23:
+		u.info23.info.fields_present = fields_present;
+		u.info23.info.password_expired = password_expired;
+		u.info23.info.comment.string = comment;
+
+		break;
+	case 24:
+		u.info24.password_expired = password_expired;
+
+		break;
+	case 25:
+		u.info25.info.fields_present = fields_present;
+		u.info25.info.password_expired = password_expired;
+		u.info25.info.comment.string = comment;
+
+		break;
+	case 26:
+		u.info26.password_expired = password_expired;
+
+		break;
+	case 31:
+		u.info31.password_expired = password_expired;
+
+		break;
+	case 28:
+		u.info25.info.fields_present = fields_present;
+		u.info25.info.password_expired = password_expired;
+		u.info25.info.comment.string = comment;
+
+		break;
+	}
+
+	status = dcerpc_fetch_session_key(p, &session_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u - no session key - %s\n",
+		       s.in.level, nt_errstr(status));
+		return false;
+	}
+
+	generate_nonce_buffer(salt.data, salt.length);
+
+	switch (level) {
+	case 18:
+		{
+			DATA_BLOB in,out;
+			in = data_blob_const(u.info18.nt_pwd.hash, 16);
+			out = data_blob_talloc_zero(tctx, 16);
+			sess_crypt_blob(&out, &in, &session_key, SAMBA_GNUTLS_ENCRYPT);
+			memcpy(u.info18.nt_pwd.hash, out.data, out.length);
+		}
+		{
+			DATA_BLOB in,out;
+			in = data_blob_const(u.info18.lm_pwd.hash, 16);
+			out = data_blob_talloc_zero(tctx, 16);
+			sess_crypt_blob(&out, &in, &session_key, SAMBA_GNUTLS_ENCRYPT);
+			memcpy(u.info18.lm_pwd.hash, out.data, out.length);
+		}
+
+		break;
+	case 21:
+		if (fields_present & SAMR_FIELD_LM_PASSWORD_PRESENT) {
+			DATA_BLOB in,out;
+			in = data_blob_const(u.info21.lm_owf_password.array,
+					     u.info21.lm_owf_password.length);
+			out = data_blob_talloc_zero(tctx, 16);
+			sess_crypt_blob(&out, &in, &session_key, SAMBA_GNUTLS_ENCRYPT);
+			u.info21.lm_owf_password.array = (uint16_t *)out.data;
+		}
+		if (fields_present & SAMR_FIELD_NT_PASSWORD_PRESENT) {
+			DATA_BLOB in,out;
+			in = data_blob_const(u.info21.nt_owf_password.array,
+					     u.info21.nt_owf_password.length);
+			out = data_blob_talloc_zero(tctx, 16);
+			sess_crypt_blob(&out, &in, &session_key, SAMBA_GNUTLS_ENCRYPT);
+			u.info21.nt_owf_password.array = (uint16_t *)out.data;
+		}
+		break;
+	case 23:
+		status = init_samr_CryptPassword(newpass,
+						 &session_key,
+						 &u.info23.password);
+		torture_assert_ntstatus_ok(tctx,
+					   status,
+					   "init_samr_CryptPassword failed");
+		break;
+	case 24:
+		status = init_samr_CryptPassword(newpass,
+						 &session_key,
+						 &u.info24.password);
+		torture_assert_ntstatus_ok(tctx,
+					   status,
+					   "init_samr_CryptPassword failed");
+		break;
+	case 25:
+		status = init_samr_CryptPasswordEx(newpass,
+						   &session_key,
+						   &u.info25.password);
+		torture_assert_ntstatus_ok(tctx,
+					   status,
+					   "init_samr_CryptPasswordEx failed");
+		break;
+	case 26:
+		status = init_samr_CryptPasswordEx(newpass,
+						   &session_key,
+						   &u.info26.password);
+		torture_assert_ntstatus_ok(tctx,
+					   status,
+					   "init_samr_CryptPasswordEx failed");
+		break;
+	case 31:
+		status = init_samr_CryptPasswordAES(tctx,
+						    newpass,
+						    &salt,
+						    &session_key,
+						    &u.info31.password);
+
+		break;
+	case 32:
+		status = init_samr_CryptPasswordAES(tctx,
+						    newpass,
+						    &salt,
+						    &session_key,
+						    &u.info32.password);
+
+		break;
+	}
+
+	if (use_setinfo2) {
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo2_r(b, tctx, &s2),
+			"SetUserInfo2 failed");
+		torture_comment(tctx, "(%s:%s) new_password[%s] status[%s]\n",
+				__location__, __FUNCTION__,
+				newpass, nt_errstr(s2.out.result));
+			status = s2.out.result;
+	} else {
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo_r(b, tctx, &s),
+			"SetUserInfo failed");
+		torture_comment(tctx, "(%s:%s) new_password[%s] status[%s]\n",
+				__location__, __FUNCTION__,
+				newpass, nt_errstr(s.out.result));
+		status = s.out.result;
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		if (fields_present == 0) {
+			expected_error = NT_STATUS_INVALID_PARAMETER;
+		}
+		if (fields_present & SAMR_FIELD_LAST_PWD_CHANGE) {
+			expected_error = NT_STATUS_ACCESS_DENIED;
+		}
+	}
+
+	if (!NT_STATUS_IS_OK(expected_error)) {
+		if (use_setinfo2) {
+			torture_assert_ntstatus_equal(tctx,
+				s2.out.result,
+				expected_error, "SetUserInfo2 failed");
+		} else {
+			torture_assert_ntstatus_equal(tctx,
+				s.out.result,
+				expected_error, "SetUserInfo failed");
+		}
+		*matched_expected_error = true;
+		return true;
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_result(tctx, TORTURE_FAIL, "SetUserInfo%s level %u failed - %s\n",
+		       use_setinfo2 ? "2":"", level, nt_errstr(status));
+		ret = false;
+	} else {
+		*password = newpass;
+	}
+
+	return ret;
+}
+
+static bool test_SetAliasInfo(struct dcerpc_binding_handle *b,
+			      struct torture_context *tctx,
+			      struct policy_handle *handle)
+{
+	struct samr_SetAliasInfo r;
+	struct samr_QueryAliasInfo q;
+	union samr_AliasInfo *info;
+	uint16_t levels[] = {2, 3};
+	int i;
+	bool ret = true;
+
+	/* Ignoring switch level 1, as that includes the number of members for the alias
+	 * and setting this to a wrong value might have negative consequences
+	 */
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		torture_comment(tctx, "Testing SetAliasInfo level %u\n", levels[i]);
+
+		r.in.alias_handle = handle;
+		r.in.level = levels[i];
+		r.in.info  = talloc(tctx, union samr_AliasInfo);
+		switch (r.in.level) {
+		    case ALIASINFONAME: init_lsa_String(&r.in.info->name,TEST_ALIASNAME); break;
+		    case ALIASINFODESCRIPTION: init_lsa_String(&r.in.info->description,
+				"Test Description, should test I18N as well"); break;
+		    case ALIASINFOALL: torture_comment(tctx, "ALIASINFOALL ignored\n"); break;
+		}
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetAliasInfo_r(b, tctx, &r),
+			"SetAliasInfo failed");
+		if (!NT_STATUS_IS_OK(r.out.result)) {
+			torture_result(tctx, TORTURE_FAIL, "SetAliasInfo level %u failed - %s\n",
+			       levels[i], nt_errstr(r.out.result));
+			ret = false;
+		}
+
+		q.in.alias_handle = handle;
+		q.in.level = levels[i];
+		q.out.info = &info;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryAliasInfo_r(b, tctx, &q),
+			"QueryAliasInfo failed");
+		if (!NT_STATUS_IS_OK(q.out.result)) {
+			torture_result(tctx, TORTURE_FAIL, "QueryAliasInfo level %u failed - %s\n",
+			       levels[i], nt_errstr(q.out.result));
+			ret = false;
+		}
+	}
+
+	return ret;
+}
+
+static bool test_GetGroupsForUser(struct dcerpc_binding_handle *b,
+				  struct torture_context *tctx,
+				  struct policy_handle *user_handle)
+{
+	struct samr_GetGroupsForUser r;
+	struct samr_RidWithAttributeArray *rids = NULL;
+
+	torture_comment(tctx, "Testing GetGroupsForUser\n");
+
+	r.in.user_handle = user_handle;
+	r.out.rids = &rids;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetGroupsForUser_r(b, tctx, &r),
+		"GetGroupsForUser failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "GetGroupsForUser failed");
+
+	return true;
+
+}
+
+static bool test_GetDomPwInfo(struct dcerpc_pipe *p, struct torture_context *tctx,
+			      struct lsa_String *domain_name)
+{
+	struct samr_GetDomPwInfo r;
+	struct samr_PwInfo info;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.domain_name = domain_name;
+	r.out.info = &info;
+
+	torture_comment(tctx, "Testing GetDomPwInfo with name %s\n", r.in.domain_name->string);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetDomPwInfo_r(b, tctx, &r),
+		"GetDomPwInfo failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "GetDomPwInfo failed");
+
+	r.in.domain_name->string = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	torture_comment(tctx, "Testing GetDomPwInfo with name %s\n", r.in.domain_name->string);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetDomPwInfo_r(b, tctx, &r),
+		"GetDomPwInfo failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "GetDomPwInfo failed");
+
+	r.in.domain_name->string = "\\\\__NONAME__";
+	torture_comment(tctx, "Testing GetDomPwInfo with name %s\n", r.in.domain_name->string);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetDomPwInfo_r(b, tctx, &r),
+		"GetDomPwInfo failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "GetDomPwInfo failed");
+
+	r.in.domain_name->string = "\\\\Builtin";
+	torture_comment(tctx, "Testing GetDomPwInfo with name %s\n", r.in.domain_name->string);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetDomPwInfo_r(b, tctx, &r),
+		"GetDomPwInfo failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "GetDomPwInfo failed");
+
+	return true;
+}
+
+static bool test_GetUserPwInfo(struct dcerpc_binding_handle *b,
+			       struct torture_context *tctx,
+			       struct policy_handle *handle)
+{
+	struct samr_GetUserPwInfo r;
+	struct samr_PwInfo info;
+
+	torture_comment(tctx, "Testing GetUserPwInfo\n");
+
+	r.in.user_handle = handle;
+	r.out.info = &info;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetUserPwInfo_r(b, tctx, &r),
+		"GetUserPwInfo failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "GetUserPwInfo");
+
+	return true;
+}
+
+static NTSTATUS test_LookupName(struct dcerpc_binding_handle *b,
+				struct torture_context *tctx,
+				struct policy_handle *domain_handle, const char *name,
+				uint32_t *rid)
+{
+	NTSTATUS status;
+	struct samr_LookupNames n;
+	struct lsa_String sname[2];
+	struct samr_Ids rids, types;
+
+	init_lsa_String(&sname[0], name);
+
+	n.in.domain_handle = domain_handle;
+	n.in.num_names = 1;
+	n.in.names = sname;
+	n.out.rids = &rids;
+	n.out.types = &types;
+	status = dcerpc_samr_LookupNames_r(b, tctx, &n);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+	if (NT_STATUS_IS_OK(n.out.result)) {
+		*rid = n.out.rids->ids[0];
+	} else {
+		return n.out.result;
+	}
+
+	init_lsa_String(&sname[1], "xxNONAMExx");
+	n.in.num_names = 2;
+	status = dcerpc_samr_LookupNames_r(b, tctx, &n);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+	if (!NT_STATUS_EQUAL(n.out.result, STATUS_SOME_UNMAPPED)) {
+		torture_result(tctx, TORTURE_FAIL, "LookupNames[2] failed - %s\n", nt_errstr(n.out.result));
+		if (NT_STATUS_IS_OK(n.out.result)) {
+			return NT_STATUS_UNSUCCESSFUL;
+		}
+		return n.out.result;
+	}
+
+	n.in.num_names = 0;
+	status = dcerpc_samr_LookupNames_r(b, tctx, &n);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+	if (!NT_STATUS_IS_OK(n.out.result)) {
+		torture_result(tctx, TORTURE_FAIL, "LookupNames[0] failed - %s\n", nt_errstr(status));
+		return n.out.result;
+	}
+
+	init_lsa_String(&sname[0], "xxNONAMExx");
+	n.in.num_names = 1;
+	status = dcerpc_samr_LookupNames_r(b, tctx, &n);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+	if (!NT_STATUS_EQUAL(n.out.result, NT_STATUS_NONE_MAPPED)) {
+		torture_result(tctx, TORTURE_FAIL, "LookupNames[1 bad name] failed - %s\n", nt_errstr(n.out.result));
+		if (NT_STATUS_IS_OK(n.out.result)) {
+			return NT_STATUS_UNSUCCESSFUL;
+		}
+		return n.out.result;
+	}
+
+	init_lsa_String(&sname[0], "xxNONAMExx");
+	init_lsa_String(&sname[1], "xxNONAME2xx");
+	n.in.num_names = 2;
+	status = dcerpc_samr_LookupNames_r(b, tctx, &n);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+	if (!NT_STATUS_EQUAL(n.out.result, NT_STATUS_NONE_MAPPED)) {
+		torture_result(tctx, TORTURE_FAIL, "LookupNames[2 bad names] failed - %s\n", nt_errstr(n.out.result));
+		if (NT_STATUS_IS_OK(n.out.result)) {
+			return NT_STATUS_UNSUCCESSFUL;
+		}
+		return n.out.result;
+	}
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS test_OpenUser_byname(struct dcerpc_binding_handle *b,
+				     struct torture_context *tctx,
+				     struct policy_handle *domain_handle,
+				     const char *name, struct policy_handle *user_handle)
+{
+	NTSTATUS status;
+	struct samr_OpenUser r;
+	uint32_t rid;
+
+	status = test_LookupName(b, tctx, domain_handle, name, &rid);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	r.in.domain_handle = domain_handle;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.in.rid = rid;
+	r.out.user_handle = user_handle;
+	status = dcerpc_samr_OpenUser_r(b, tctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		torture_result(tctx, TORTURE_FAIL, "OpenUser_byname(%s -> %d) failed - %s\n", name, rid, nt_errstr(r.out.result));
+	}
+
+	return r.out.result;
+}
+
+#if 0
+static bool test_ChangePasswordNT3(struct dcerpc_pipe *p,
+				   struct torture_context *tctx,
+				   struct policy_handle *handle)
+{
+	NTSTATUS status;
+	struct samr_ChangePasswordUser r;
+	bool ret = true;
+	struct samr_Password hash1, hash2, hash3, hash4, hash5, hash6;
+	struct policy_handle user_handle;
+	char *oldpass = "test";
+	char *newpass = "test2";
+	uint8_t old_nt_hash[16], new_nt_hash[16];
+	uint8_t old_lm_hash[16], new_lm_hash[16];
+
+	status = test_OpenUser_byname(p, tctx, handle, "testuser", &user_handle);
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+
+	torture_comment(tctx, "Testing ChangePasswordUser for user 'testuser'\n");
+
+	torture_comment(tctx, "old password: %s\n", oldpass);
+	torture_comment(tctx, "new password: %s\n", newpass);
+
+	E_md4hash(oldpass, old_nt_hash);
+	E_md4hash(newpass, new_nt_hash);
+	E_deshash(oldpass, old_lm_hash);
+	E_deshash(newpass, new_lm_hash);
+
+	E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
+	E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
+	E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
+	E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
+	E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
+	E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
+
+	r.in.handle = &user_handle;
+	r.in.lm_present = 1;
+	r.in.old_lm_crypted = &hash1;
+	r.in.new_lm_crypted = &hash2;
+	r.in.nt_present = 1;
+	r.in.old_nt_crypted = &hash3;
+	r.in.new_nt_crypted = &hash4;
+	r.in.cross1_present = 1;
+	r.in.nt_cross = &hash5;
+	r.in.cross2_present = 1;
+	r.in.lm_cross = &hash6;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser_r(b, tctx, &r),
+		"ChangePasswordUser failed");
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		torture_result(tctx, TORTURE_FAIL, "ChangePasswordUser failed - %s\n", nt_errstr(r.out.result));
+		ret = false;
+	}
+
+	if (!test_samr_handle_Close(p, tctx, &user_handle)) {
+		ret = false;
+	}
+
+	return ret;
+}
+#endif
+
+static bool test_ChangePasswordUser(struct dcerpc_binding_handle *b,
+				    struct torture_context *tctx,
+				    const char *acct_name,
+				    struct policy_handle *handle, char **password)
+{
+	NTSTATUS status;
+	struct samr_ChangePasswordUser r;
+	bool ret = true;
+	struct samr_Password hash1, hash2, hash3, hash4, hash5, hash6;
+	struct policy_handle user_handle;
+	char *oldpass;
+	uint8_t old_nt_hash[16], new_nt_hash[16];
+	uint8_t old_lm_hash[16], new_lm_hash[16];
+	bool changed = true;
+
+	char *newpass;
+	struct samr_GetUserPwInfo pwp;
+	struct samr_PwInfo info;
+	int policy_min_pw_len = 0;
+
+	status = test_OpenUser_byname(b, tctx, handle, acct_name, &user_handle);
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+	pwp.in.user_handle = &user_handle;
+	pwp.out.info = &info;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetUserPwInfo_r(b, tctx, &pwp),
+		"GetUserPwInfo failed");
+	if (NT_STATUS_IS_OK(pwp.out.result)) {
+		policy_min_pw_len = pwp.out.info->min_password_length;
+	}
+	newpass = samr_rand_pass(tctx, policy_min_pw_len);
+
+	torture_comment(tctx, "Testing ChangePasswordUser\n");
+
+	torture_assert(tctx, *password != NULL,
+				   "Failing ChangePasswordUser as old password was NULL.  Previous test failed?");
+
+	oldpass = *password;
+
+	E_md4hash(oldpass, old_nt_hash);
+	E_md4hash(newpass, new_nt_hash);
+	E_deshash(oldpass, old_lm_hash);
+	E_deshash(newpass, new_lm_hash);
+
+	E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
+	E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
+	E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
+	E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
+	E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
+	E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
+
+	r.in.user_handle = &user_handle;
+	r.in.lm_present = 1;
+	/* Break the NT hash */
+	hash3.hash[0]++;
+	r.in.old_lm_crypted = &hash1;
+	r.in.new_lm_crypted = &hash2;
+	r.in.nt_present = 1;
+	r.in.old_nt_crypted = &hash3;
+	r.in.new_nt_crypted = &hash4;
+	r.in.cross1_present = 1;
+	r.in.nt_cross = &hash5;
+	r.in.cross2_present = 1;
+	r.in.lm_cross = &hash6;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser_r(b, tctx, &r),
+		"ChangePasswordUser failed");
+	torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+			__location__, __FUNCTION__,
+			oldpass, newpass, nt_errstr(r.out.result));
+
+	/* Do not proceed if this call has been removed */
+	if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_IMPLEMENTED)) {
+		torture_skip(tctx, "ValidatePassword not supported by server\n");
+	}
+
+	if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION)) {
+		torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_WRONG_PASSWORD,
+			"ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD because we broke the LM hash");
+	}
+
+	/* Unbreak the NT hash */
+	hash3.hash[0]--;
+
+	r.in.user_handle = &user_handle;
+	r.in.lm_present = 1;
+	r.in.old_lm_crypted = &hash1;
+	r.in.new_lm_crypted = &hash2;
+	/* Break the LM hash */
+	hash1.hash[0]--;
+	r.in.nt_present = 1;
+	r.in.old_nt_crypted = &hash3;
+	r.in.new_nt_crypted = &hash4;
+	r.in.cross1_present = 1;
+	r.in.nt_cross = &hash5;
+	r.in.cross2_present = 1;
+	r.in.lm_cross = &hash6;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser_r(b, tctx, &r),
+		"ChangePasswordUser failed");
+	torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+			__location__, __FUNCTION__,
+			oldpass, newpass, nt_errstr(r.out.result));
+	if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION)) {
+		torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_WRONG_PASSWORD,
+			"expected NT_STATUS_WRONG_PASSWORD because we broke the NT hash");
+	}
+
+	/* Unbreak the NT hash */
+	hash3.hash[0]--;
+
+	r.in.user_handle = &user_handle;
+	r.in.lm_present = 1;
+	r.in.old_lm_crypted = &hash1;
+	r.in.new_lm_crypted = &hash2;
+	r.in.nt_present = 1;
+	r.in.old_nt_crypted = &hash3;
+	r.in.new_nt_crypted = &hash4;
+	r.in.cross1_present = 1;
+	r.in.nt_cross = &hash5;
+	r.in.cross2_present = 1;
+	/* Break the LM cross */
+	hash6.hash[0]++;
+	r.in.lm_cross = &hash6;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser_r(b, tctx, &r),
+		"ChangePasswordUser failed");
+	torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+			__location__, __FUNCTION__,
+			oldpass, newpass, nt_errstr(r.out.result));
+	if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_WRONG_PASSWORD) &&
+	    !NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION))
+	{
+		torture_result(tctx, TORTURE_FAIL, "ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD or NT_STATUS_PASSWORD_RESTRICTION because we broke the LM cross-hash, got %s\n", nt_errstr(r.out.result));
+		ret = false;
+	}
+
+	/* Unbreak the LM cross */
+	hash6.hash[0]--;
+
+	r.in.user_handle = &user_handle;
+	r.in.lm_present = 1;
+	r.in.old_lm_crypted = &hash1;
+	r.in.new_lm_crypted = &hash2;
+	r.in.nt_present = 1;
+	r.in.old_nt_crypted = &hash3;
+	r.in.new_nt_crypted = &hash4;
+	r.in.cross1_present = 1;
+	/* Break the NT cross */
+	hash5.hash[0]++;
+	r.in.nt_cross = &hash5;
+	r.in.cross2_present = 1;
+	r.in.lm_cross = &hash6;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser_r(b, tctx, &r),
+		"ChangePasswordUser failed");
+	torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+			__location__, __FUNCTION__,
+			oldpass, newpass, nt_errstr(r.out.result));
+	if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_WRONG_PASSWORD) &&
+	    !NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION))
+	{
+		torture_result(tctx, TORTURE_FAIL, "ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD or NT_STATUS_PASSWORD_RESTRICTION because we broke the NT cross-hash, got %s\n", nt_errstr(r.out.result));
+		ret = false;
+	}
+
+	/* Unbreak the NT cross */
+	hash5.hash[0]--;
+
+
+	/* Reset the hashes to not broken values */
+	E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
+	E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
+	E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
+	E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
+	E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
+	E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
+
+	r.in.user_handle = &user_handle;
+	r.in.lm_present = 1;
+	r.in.old_lm_crypted = &hash1;
+	r.in.new_lm_crypted = &hash2;
+	r.in.nt_present = 1;
+	r.in.old_nt_crypted = &hash3;
+	r.in.new_nt_crypted = &hash4;
+	r.in.cross1_present = 1;
+	r.in.nt_cross = &hash5;
+	r.in.cross2_present = 0;
+	r.in.lm_cross = NULL;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser_r(b, tctx, &r),
+		"ChangePasswordUser failed");
+	torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+			__location__, __FUNCTION__,
+			oldpass, newpass, nt_errstr(r.out.result));
+	if (NT_STATUS_IS_OK(r.out.result)) {
+		changed = true;
+		*password = newpass;
+	} else if (!NT_STATUS_EQUAL(NT_STATUS_PASSWORD_RESTRICTION, r.out.result)) {
+		torture_result(tctx, TORTURE_FAIL, "ChangePasswordUser failed: expected NT_STATUS_OK, or at least NT_STATUS_PASSWORD_RESTRICTION, got %s\n", nt_errstr(r.out.result));
+		ret = false;
+	}
+
+	oldpass = newpass;
+	newpass = samr_rand_pass(tctx, policy_min_pw_len);
+
+	E_md4hash(oldpass, old_nt_hash);
+	E_md4hash(newpass, new_nt_hash);
+	E_deshash(oldpass, old_lm_hash);
+	E_deshash(newpass, new_lm_hash);
+
+
+	/* Reset the hashes to not broken values */
+	E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
+	E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
+	E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
+	E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
+	E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
+	E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
+
+	r.in.user_handle = &user_handle;
+	r.in.lm_present = 1;
+	r.in.old_lm_crypted = &hash1;
+	r.in.new_lm_crypted = &hash2;
+	r.in.nt_present = 1;
+	r.in.old_nt_crypted = &hash3;
+	r.in.new_nt_crypted = &hash4;
+	r.in.cross1_present = 0;
+	r.in.nt_cross = NULL;
+	r.in.cross2_present = 1;
+	r.in.lm_cross = &hash6;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser_r(b, tctx, &r),
+		"ChangePasswordUser failed");
+	torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+			__location__, __FUNCTION__,
+			oldpass, newpass, nt_errstr(r.out.result));
+	if (NT_STATUS_IS_OK(r.out.result)) {
+		changed = true;
+		*password = newpass;
+	} else if (!NT_STATUS_EQUAL(NT_STATUS_PASSWORD_RESTRICTION, r.out.result)) {
+		torture_result(tctx, TORTURE_FAIL, "ChangePasswordUser failed: expected NT_STATUS_OK, or at least NT_STATUS_PASSWORD_RESTRICTION, got %s\n", nt_errstr(r.out.result));
+		ret = false;
+	}
+
+	oldpass = newpass;
+	newpass = samr_rand_pass(tctx, policy_min_pw_len);
+
+	E_md4hash(oldpass, old_nt_hash);
+	E_md4hash(newpass, new_nt_hash);
+	E_deshash(oldpass, old_lm_hash);
+	E_deshash(newpass, new_lm_hash);
+
+
+	/* Reset the hashes to not broken values */
+	E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
+	E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
+	E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
+	E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
+	E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
+	E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
+
+	r.in.user_handle = &user_handle;
+	r.in.lm_present = 1;
+	r.in.old_lm_crypted = &hash1;
+	r.in.new_lm_crypted = &hash2;
+	r.in.nt_present = 1;
+	r.in.old_nt_crypted = &hash3;
+	r.in.new_nt_crypted = &hash4;
+	r.in.cross1_present = 1;
+	r.in.nt_cross = &hash5;
+	r.in.cross2_present = 1;
+	r.in.lm_cross = &hash6;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser_r(b, tctx, &r),
+		"ChangePasswordUser failed");
+	torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+			__location__, __FUNCTION__,
+			oldpass, newpass, nt_errstr(r.out.result));
+	if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION)) {
+		torture_comment(tctx, "ChangePasswordUser returned: %s perhaps min password age? (not fatal)\n", nt_errstr(r.out.result));
+	} else 	if (!NT_STATUS_IS_OK(r.out.result)) {
+		torture_result(tctx, TORTURE_FAIL, "ChangePasswordUser failed - %s\n", nt_errstr(r.out.result));
+		ret = false;
+	} else {
+		changed = true;
+		*password = newpass;
+	}
+
+	r.in.user_handle = &user_handle;
+	r.in.lm_present = 1;
+	r.in.old_lm_crypted = &hash1;
+	r.in.new_lm_crypted = &hash2;
+	r.in.nt_present = 1;
+	r.in.old_nt_crypted = &hash3;
+	r.in.new_nt_crypted = &hash4;
+	r.in.cross1_present = 1;
+	r.in.nt_cross = &hash5;
+	r.in.cross2_present = 1;
+	r.in.lm_cross = &hash6;
+
+	if (changed) {
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser_r(b, tctx, &r),
+			"ChangePasswordUser failed");
+		torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+				__location__, __FUNCTION__,
+				oldpass, newpass, nt_errstr(r.out.result));
+		if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION)) {
+			torture_comment(tctx, "ChangePasswordUser returned: %s perhaps min password age? (not fatal)\n", nt_errstr(r.out.result));
+		} else if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_WRONG_PASSWORD)) {
+			torture_result(tctx, TORTURE_FAIL, "ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD because we already changed the password, got %s\n", nt_errstr(r.out.result));
+			ret = false;
+		}
+	}
+
+
+	if (!test_samr_handle_Close(b, tctx, &user_handle)) {
+		ret = false;
+	}
+
+	return ret;
+}
+
+
+static bool test_OemChangePasswordUser2(struct dcerpc_pipe *p,
+					struct torture_context *tctx,
+					const char *acct_name,
+					struct policy_handle *handle, char **password)
+{
+	struct samr_OemChangePasswordUser2 r;
+	bool ret = true;
+	struct samr_Password lm_verifier;
+	struct samr_CryptPassword lm_pass;
+	struct lsa_AsciiString server, account, account_bad;
+	char *oldpass;
+	char *newpass;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	uint8_t old_lm_hash[16], new_lm_hash[16];
+	gnutls_cipher_hd_t cipher_hnd = NULL;
+	gnutls_datum_t session_key = {
+		.data = old_lm_hash,
+		.size = 16
+	};
+
+	struct samr_GetDomPwInfo dom_pw_info;
+	struct samr_PwInfo info;
+	int policy_min_pw_len = 0;
+
+	struct lsa_String domain_name;
+
+	domain_name.string = "";
+	dom_pw_info.in.domain_name = &domain_name;
+	dom_pw_info.out.info = &info;
+
+	torture_comment(tctx, "Testing OemChangePasswordUser2\n");
+
+	torture_assert(tctx, *password != NULL,
+				   "Failing OemChangePasswordUser2 as old password was NULL.  Previous test failed?");
+
+	oldpass = *password;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetDomPwInfo_r(b, tctx, &dom_pw_info),
+		"GetDomPwInfo failed");
+	if (NT_STATUS_IS_OK(dom_pw_info.out.result)) {
+		policy_min_pw_len = dom_pw_info.out.info->min_password_length;
+	}
+
+	newpass = samr_rand_pass(tctx, policy_min_pw_len);
+
+	server.string = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	account.string = acct_name;
+
+	E_deshash(oldpass, old_lm_hash);
+	E_deshash(newpass, new_lm_hash);
+
+	encode_pw_buffer(lm_pass.data, newpass, STR_ASCII);
+
+	gnutls_cipher_init(&cipher_hnd,
+			   GNUTLS_CIPHER_ARCFOUR_128,
+			   &session_key,
+			   NULL);
+	gnutls_cipher_encrypt(cipher_hnd, lm_pass.data, 516);
+	gnutls_cipher_deinit(cipher_hnd);
+	E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
+
+	r.in.server = &server;
+	r.in.account = &account;
+	r.in.password = &lm_pass;
+	r.in.hash = &lm_verifier;
+
+	/* Break the verification */
+	lm_verifier.hash[0]++;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_OemChangePasswordUser2_r(b, tctx, &r),
+		"OemChangePasswordUser2 failed");
+	torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+			__location__, __FUNCTION__,
+			oldpass, newpass, nt_errstr(r.out.result));
+
+	if (torture_setting_bool(tctx, "samba4", false)) {
+		torture_assert_ntstatus_equal(tctx,
+					      r.out.result,
+					      NT_STATUS_NOT_IMPLEMENTED,
+					      "Samba4 should refuse LM password change");
+		/*
+		 * No point continuing, once we have checked this is not
+		 * implemented
+		 */
+		return true;
+	}
+
+	if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION)
+	    && !NT_STATUS_EQUAL(r.out.result, NT_STATUS_WRONG_PASSWORD)) {
+		torture_result(tctx, TORTURE_FAIL, "OemChangePasswordUser2 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalid password verifier - %s\n",
+			nt_errstr(r.out.result));
+		ret = false;
+	}
+
+	encode_pw_buffer(lm_pass.data, newpass, STR_ASCII);
+	/* Break the old password */
+	old_lm_hash[0]++;
+	gnutls_cipher_init(&cipher_hnd,
+			   GNUTLS_CIPHER_ARCFOUR_128,
+			   &session_key,
+			   NULL);
+	gnutls_cipher_encrypt(cipher_hnd, lm_pass.data, 516);
+	gnutls_cipher_deinit(cipher_hnd);
+	/* unbreak it for the next operation */
+	old_lm_hash[0]--;
+	E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
+
+	r.in.server = &server;
+	r.in.account = &account;
+	r.in.password = &lm_pass;
+	r.in.hash = &lm_verifier;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_OemChangePasswordUser2_r(b, tctx, &r),
+		"OemChangePasswordUser2 failed");
+	torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+			__location__, __FUNCTION__,
+			oldpass, newpass, nt_errstr(r.out.result));
+
+	if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION)
+	    && !NT_STATUS_EQUAL(r.out.result, NT_STATUS_WRONG_PASSWORD)) {
+		torture_result(tctx, TORTURE_FAIL, "OemChangePasswordUser2 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalidly encrypted password - %s\n",
+			nt_errstr(r.out.result));
+		ret = false;
+	}
+
+	encode_pw_buffer(lm_pass.data, newpass, STR_ASCII);
+	gnutls_cipher_init(&cipher_hnd,
+			   GNUTLS_CIPHER_ARCFOUR_128,
+			   &session_key,
+			   NULL);
+	gnutls_cipher_encrypt(cipher_hnd, lm_pass.data, 516);
+	gnutls_cipher_deinit(cipher_hnd);
+
+	r.in.server = &server;
+	r.in.account = &account;
+	r.in.password = &lm_pass;
+	r.in.hash = NULL;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_OemChangePasswordUser2_r(b, tctx, &r),
+		"OemChangePasswordUser2 failed");
+	torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+			__location__, __FUNCTION__,
+			oldpass, newpass, nt_errstr(r.out.result));
+
+	if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION)
+	    && !NT_STATUS_EQUAL(r.out.result, NT_STATUS_INVALID_PARAMETER)) {
+		torture_result(tctx, TORTURE_FAIL, "OemChangePasswordUser2 failed, should have returned INVALID_PARAMETER (or at least 'PASSWORD_RESTRICTON') for no supplied validation hash - %s\n",
+			nt_errstr(r.out.result));
+		ret = false;
+	}
+
+	/* This shouldn't be a valid name */
+	account_bad.string = TEST_ACCOUNT_NAME "XX";
+	r.in.account = &account_bad;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_OemChangePasswordUser2_r(b, tctx, &r),
+		"OemChangePasswordUser2 failed");
+	torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+			__location__, __FUNCTION__,
+			oldpass, newpass, nt_errstr(r.out.result));
+
+	if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_INVALID_PARAMETER)) {
+		torture_result(tctx, TORTURE_FAIL, "OemChangePasswordUser2 failed, should have returned INVALID_PARAMETER for no supplied validation hash and invalid user - %s\n",
+			nt_errstr(r.out.result));
+		ret = false;
+	}
+
+	/* This shouldn't be a valid name */
+	account_bad.string = TEST_ACCOUNT_NAME "XX";
+	r.in.account = &account_bad;
+	r.in.password = &lm_pass;
+	r.in.hash = &lm_verifier;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_OemChangePasswordUser2_r(b, tctx, &r),
+		"OemChangePasswordUser2 failed");
+	torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+			__location__, __FUNCTION__,
+			oldpass, newpass, nt_errstr(r.out.result));
+
+	if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_WRONG_PASSWORD)) {
+		torture_result(tctx, TORTURE_FAIL, "OemChangePasswordUser2 failed, should have returned WRONG_PASSWORD for invalid user - %s\n",
+			nt_errstr(r.out.result));
+		ret = false;
+	}
+
+	/* This shouldn't be a valid name */
+	account_bad.string = TEST_ACCOUNT_NAME "XX";
+	r.in.account = &account_bad;
+	r.in.password = NULL;
+	r.in.hash = &lm_verifier;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_OemChangePasswordUser2_r(b, tctx, &r),
+		"OemChangePasswordUser2 failed");
+	torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+			__location__, __FUNCTION__,
+			oldpass, newpass, nt_errstr(r.out.result));
+
+	if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_INVALID_PARAMETER)) {
+		torture_result(tctx, TORTURE_FAIL, "OemChangePasswordUser2 failed, should have returned INVALID_PARAMETER for no supplied password and invalid user - %s\n",
+			nt_errstr(r.out.result));
+		ret = false;
+	}
+
+	E_deshash(oldpass, old_lm_hash);
+	E_deshash(newpass, new_lm_hash);
+
+	encode_pw_buffer(lm_pass.data, newpass, STR_ASCII);
+	gnutls_cipher_init(&cipher_hnd,
+			   GNUTLS_CIPHER_ARCFOUR_128,
+			   &session_key,
+			   NULL);
+	gnutls_cipher_encrypt(cipher_hnd, lm_pass.data, 516);
+	gnutls_cipher_deinit(cipher_hnd);
+	E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
+
+	r.in.server = &server;
+	r.in.account = &account;
+	r.in.password = &lm_pass;
+	r.in.hash = &lm_verifier;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_OemChangePasswordUser2_r(b, tctx, &r),
+		"OemChangePasswordUser2 failed");
+	torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+			__location__, __FUNCTION__,
+			oldpass, newpass, nt_errstr(r.out.result));
+
+	if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION)) {
+		torture_comment(tctx, "OemChangePasswordUser2 returned: %s perhaps min password age? (not fatal)\n", nt_errstr(r.out.result));
+	} else if (!NT_STATUS_IS_OK(r.out.result)) {
+		torture_result(tctx, TORTURE_FAIL, "OemChangePasswordUser2 failed - %s\n", nt_errstr(r.out.result));
+		ret = false;
+	} else {
+		*password = newpass;
+	}
+
+	return ret;
+}
+
+
+static bool test_ChangePasswordUser2(struct dcerpc_pipe *p, struct torture_context *tctx,
+				     const char *acct_name,
+				     char **password,
+				     char *newpass, bool allow_password_restriction)
+{
+	struct samr_ChangePasswordUser2 r;
+	bool ret = true;
+	struct lsa_String server, account;
+	struct samr_CryptPassword nt_pass, lm_pass;
+	struct samr_Password nt_verifier, lm_verifier;
+	char *oldpass;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	uint8_t old_nt_hash[16] = { 0 }, new_nt_hash[16];
+	uint8_t old_lm_hash[16], new_lm_hash[16];
+	DATA_BLOB old_nt_hash_blob
+		= data_blob_const(old_nt_hash, sizeof(old_nt_hash));
+	struct samr_GetDomPwInfo dom_pw_info;
+	struct samr_PwInfo info;
+
+	struct lsa_String domain_name;
+	NTSTATUS status;
+
+	gnutls_cipher_hd_t cipher_hnd = NULL;
+	gnutls_datum_t old_lm_key = {
+		.data = old_lm_hash,
+		.size = sizeof(old_lm_hash),
+	};
+
+	domain_name.string = "";
+	dom_pw_info.in.domain_name = &domain_name;
+	dom_pw_info.out.info = &info;
+
+	torture_comment(tctx, "Testing ChangePasswordUser2 on %s\n", acct_name);
+
+	torture_assert(tctx, *password != NULL,
+				   "Failing ChangePasswordUser2 as old password was NULL.  Previous test failed?");
+	oldpass = *password;
+
+	if (!newpass) {
+		int policy_min_pw_len = 0;
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetDomPwInfo_r(b, tctx, &dom_pw_info),
+			"GetDomPwInfo failed");
+		if (NT_STATUS_IS_OK(dom_pw_info.out.result)) {
+			policy_min_pw_len = dom_pw_info.out.info->min_password_length;
+		}
+
+		newpass = samr_rand_pass(tctx, policy_min_pw_len);
+	}
+
+	server.string = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	init_lsa_String(&account, acct_name);
+
+	E_md4hash(oldpass, old_nt_hash);
+	E_md4hash(newpass, new_nt_hash);
+
+	E_deshash(oldpass, old_lm_hash);
+	E_deshash(newpass, new_lm_hash);
+
+	encode_pw_buffer(lm_pass.data, newpass, STR_ASCII|STR_TERMINATE);
+
+	gnutls_cipher_init(&cipher_hnd,
+			   GNUTLS_CIPHER_ARCFOUR_128,
+			   &old_lm_key,
+			   NULL);
+	gnutls_cipher_encrypt(cipher_hnd,
+			      lm_pass.data,
+			      516);
+	gnutls_cipher_deinit(cipher_hnd);
+
+	E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
+
+	status = init_samr_CryptPassword(newpass,
+					 &old_nt_hash_blob,
+					 &nt_pass);
+	torture_assert_ntstatus_ok(tctx,
+				   status,
+				   "init_samr_CryptPassword failed");
+
+	E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
+
+	r.in.server = &server;
+	r.in.account = &account;
+	r.in.nt_password = &nt_pass;
+	r.in.nt_verifier = &nt_verifier;
+	r.in.lm_change = 1;
+	r.in.lm_password = &lm_pass;
+	r.in.lm_verifier = &lm_verifier;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser2_r(b, tctx, &r),
+		"ChangePasswordUser2 failed");
+	torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+			__location__, __FUNCTION__,
+			oldpass, newpass, nt_errstr(r.out.result));
+
+	if (allow_password_restriction && NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION)) {
+		torture_comment(tctx, "ChangePasswordUser2 returned: %s perhaps min password age? (not fatal)\n", nt_errstr(r.out.result));
+	} else if (!NT_STATUS_IS_OK(r.out.result)) {
+		torture_result(tctx, TORTURE_FAIL, "ChangePasswordUser2 failed - %s\n", nt_errstr(r.out.result));
+		ret = false;
+	} else {
+		*password = newpass;
+	}
+
+	return ret;
+}
+
+
+static bool test_ChangePasswordUser2_ntstatus(struct dcerpc_pipe *p, struct torture_context *tctx,
+					      const char *acct_name,
+					      const char *password, NTSTATUS status)
+{
+	struct samr_ChangePasswordUser2 r;
+	struct lsa_String server, account;
+	struct samr_CryptPassword nt_pass, lm_pass;
+	struct samr_Password nt_verifier, lm_verifier;
+	const char *oldpass;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	uint8_t old_nt_hash[16] = { 0 }, new_nt_hash[16];
+	uint8_t old_lm_hash[16], new_lm_hash[16];
+	DATA_BLOB old_nt_hash_blob
+		= data_blob_const(old_nt_hash, sizeof(old_nt_hash));
+	gnutls_cipher_hd_t cipher_hnd = NULL;
+	gnutls_datum_t old_lm_key = {
+		.data = old_lm_hash,
+		.size = sizeof(old_lm_hash),
+	};
+
+	struct samr_GetDomPwInfo dom_pw_info;
+	struct samr_PwInfo info;
+
+	struct lsa_String domain_name;
+	NTSTATUS crypt_status;
+
+	char *newpass;
+	int policy_min_pw_len = 0;
+
+	domain_name.string = "";
+	dom_pw_info.in.domain_name = &domain_name;
+	dom_pw_info.out.info = &info;
+
+	torture_comment(tctx, "Testing ChangePasswordUser2 on %s\n", acct_name);
+
+	oldpass = password;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetDomPwInfo_r(b, tctx, &dom_pw_info),
+				   "GetDomPwInfo failed");
+	if (NT_STATUS_IS_OK(dom_pw_info.out.result)) {
+		policy_min_pw_len = dom_pw_info.out.info->min_password_length;
+	}
+
+	newpass = samr_rand_pass(tctx, policy_min_pw_len);
+
+	server.string = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	init_lsa_String(&account, acct_name);
+
+	E_md4hash(oldpass, old_nt_hash);
+	E_md4hash(newpass, new_nt_hash);
+
+	E_deshash(oldpass, old_lm_hash);
+	E_deshash(newpass, new_lm_hash);
+
+	encode_pw_buffer(lm_pass.data, newpass, STR_ASCII|STR_TERMINATE);
+
+	gnutls_cipher_init(&cipher_hnd,
+			   GNUTLS_CIPHER_ARCFOUR_128,
+			   &old_lm_key,
+			   NULL);
+	gnutls_cipher_encrypt(cipher_hnd,
+			      lm_pass.data,
+			      516);
+	gnutls_cipher_deinit(cipher_hnd);
+
+	E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
+
+	crypt_status = init_samr_CryptPassword(newpass,
+					       &old_nt_hash_blob,
+					       &nt_pass);
+	torture_assert_ntstatus_ok(tctx,
+				   crypt_status,
+				   "init_samr_CryptPassword failed");
+
+	E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
+
+	r.in.server = &server;
+	r.in.account = &account;
+	r.in.nt_password = &nt_pass;
+	r.in.nt_verifier = &nt_verifier;
+	r.in.lm_change = 1;
+	r.in.lm_password = &lm_pass;
+	r.in.lm_verifier = &lm_verifier;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser2_r(b, tctx, &r),
+		"ChangePasswordUser2 failed");
+	torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+			__location__, __FUNCTION__,
+			oldpass, newpass, nt_errstr(r.out.result));
+
+	if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION)) {
+		torture_comment(tctx, "ChangePasswordUser2 returned: %s perhaps min password age? (not fatal)\n", nt_errstr(r.out.result));
+	} else {
+		torture_assert_ntstatus_equal(tctx, r.out.result, status, "ChangePasswordUser2 returned unexpected value");
+	}
+
+	return true;
+}
+
+
+bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tctx,
+			      const char *account_string,
+			      int policy_min_pw_len,
+			      char **password,
+			      const char *newpass,
+			      NTTIME last_password_change,
+			      bool handle_reject_reason)
+{
+	struct samr_ChangePasswordUser3 r;
+	bool ret = true;
+	struct lsa_String server, account, account_bad;
+	struct samr_CryptPassword nt_pass, lm_pass;
+	struct samr_Password nt_verifier, lm_verifier;
+	char *oldpass;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	uint8_t old_nt_hash[16] = { 0 }, new_nt_hash[16];
+	uint8_t old_lm_hash[16], new_lm_hash[16];
+	NTTIME t;
+	struct samr_DomInfo1 *dominfo = NULL;
+	struct userPwdChangeFailureInformation *reject = NULL;
+	DATA_BLOB old_nt_hash_blob = data_blob_const(old_nt_hash, 16);
+	NTSTATUS status;
+
+	torture_comment(tctx, "Testing ChangePasswordUser3\n");
+
+	if (newpass == NULL) {
+		do {
+			if (policy_min_pw_len == 0) {
+				newpass = samr_rand_pass(tctx, policy_min_pw_len);
+			} else {
+				newpass = samr_rand_pass_fixed_len(tctx, policy_min_pw_len);
+			}
+		} while (check_password_quality(newpass) == false);
+	} else {
+		torture_comment(tctx, "Using password '%s'\n", newpass);
+	}
+
+	torture_assert(tctx, *password != NULL,
+				   "Failing ChangePasswordUser3 as old password was NULL.  Previous test failed?");
+
+	oldpass = *password;
+	server.string = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	init_lsa_String(&account, account_string);
+
+	E_md4hash(oldpass, old_nt_hash);
+	E_md4hash(newpass, new_nt_hash);
+
+	E_deshash(oldpass, old_lm_hash);
+	E_deshash(newpass, new_lm_hash);
+
+	/*
+	 * The new plaintext password is encrypted using RC4 with the
+	 * old NT password hash (directly, with no confounder).  The
+	 * password is at the end of the random padded buffer,
+	 * offering a little protection.
+	 *
+	 * This is almost certainly wrong, it should be the old LM
+	 * hash, it was switched in an unrelated commit
+	 * 579c13da43d5b40ac6d6c1436399fbc1d8dfd054 in 2004.
+	 */
+	status = init_samr_CryptPassword(newpass,
+					 &old_nt_hash_blob,
+					 &lm_pass);
+	torture_assert_ntstatus_ok(tctx,
+				   status,
+				   "init_samr_CryptPassword");
+
+	/*
+	 * Now we prepare a DES cross-hash of the old LM and new NT
+	 * passwords to link the two buffers
+	 */
+	E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
+
+	/*
+	 * The new plaintext password is also encrypted using RC4 with
+	 * the old NT password hash (directly, with no confounder).
+	 * The password is at the end of the random padded buffer,
+	 * offering a little protection.
+	 */
+	status = init_samr_CryptPassword(newpass,
+					 &old_nt_hash_blob,
+					 &nt_pass);
+	torture_assert_ntstatus_ok(tctx,
+				   status,
+				   "init_samr_CryptPassword");
+
+	/*
+	 * Another DES based cross-hash
+	 */
+	E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
+
+	/* Break the verification */
+	nt_verifier.hash[0]++;
+
+	r.in.server = &server;
+	r.in.account = &account;
+	r.in.nt_password = &nt_pass;
+	r.in.nt_verifier = &nt_verifier;
+	r.in.lm_change = 1;
+	r.in.lm_password = &lm_pass;
+	r.in.lm_verifier = &lm_verifier;
+	r.in.password3 = NULL;
+	r.out.dominfo = &dominfo;
+	r.out.reject = &reject;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser3_r(b, tctx, &r),
+		"ChangePasswordUser3 failed");
+	torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+			__location__, __FUNCTION__,
+			oldpass, newpass, nt_errstr(r.out.result));
+	if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION) &&
+	    (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_WRONG_PASSWORD))) {
+		torture_result(tctx, TORTURE_FAIL, "ChangePasswordUser3 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalid password verifier - %s\n",
+			nt_errstr(r.out.result));
+		ret = false;
+	}
+
+	status = init_samr_CryptPassword(newpass,
+					 &old_nt_hash_blob,
+					 &lm_pass);
+	torture_assert_ntstatus_ok(tctx,
+				   status,
+				   "init_samr_CryptPassword");
+
+	E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
+
+	/* Break the NT Hash */
+	old_nt_hash[0]++;
+
+	status = init_samr_CryptPassword(newpass,
+					 &old_nt_hash_blob,
+					 &nt_pass);
+	torture_assert_ntstatus_ok(tctx,
+				   status,
+				   "init_samr_CryptPassword");
+
+	/* Unbreak it again */
+	old_nt_hash[0]--;
+
+	E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
+
+	r.in.server = &server;
+	r.in.account = &account;
+	r.in.nt_password = &nt_pass;
+	r.in.nt_verifier = &nt_verifier;
+	r.in.lm_change = 1;
+	r.in.lm_password = &lm_pass;
+	r.in.lm_verifier = &lm_verifier;
+	r.in.password3 = NULL;
+	r.out.dominfo = &dominfo;
+	r.out.reject = &reject;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser3_r(b, tctx, &r),
+		"ChangePasswordUser3 failed");
+	torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+			__location__, __FUNCTION__,
+			oldpass, newpass, nt_errstr(r.out.result));
+	if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION) &&
+	    (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_WRONG_PASSWORD))) {
+		torture_result(tctx, TORTURE_FAIL, "ChangePasswordUser3 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalidly encrypted password - %s\n",
+			nt_errstr(r.out.result));
+		ret = false;
+	}
+
+	/* This shouldn't be a valid name */
+	init_lsa_String(&account_bad, talloc_asprintf(tctx, "%sXX", account_string));
+
+	r.in.account = &account_bad;
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser3_r(b, tctx, &r),
+		"ChangePasswordUser3 failed");
+	torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+			__location__, __FUNCTION__,
+			oldpass, newpass, nt_errstr(r.out.result));
+	if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_WRONG_PASSWORD)) {
+		torture_result(tctx, TORTURE_FAIL, "ChangePasswordUser3 failed, should have returned WRONG_PASSWORD for invalid username - %s\n",
+			nt_errstr(r.out.result));
+		ret = false;
+	}
+
+	E_md4hash(oldpass, old_nt_hash);
+	E_md4hash(newpass, new_nt_hash);
+
+	E_deshash(oldpass, old_lm_hash);
+	E_deshash(newpass, new_lm_hash);
+
+	status = init_samr_CryptPassword(newpass,
+					 &old_nt_hash_blob,
+					 &lm_pass);
+	torture_assert_ntstatus_ok(tctx,
+				   status,
+				   "init_samr_CryptPassword");
+
+	E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
+
+	status = init_samr_CryptPassword(newpass,
+					 &old_nt_hash_blob,
+					 &nt_pass);
+	torture_assert_ntstatus_ok(tctx,
+				   status,
+				   "init_samr_CryptPassword");
+
+	E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
+
+	r.in.server = &server;
+	r.in.account = &account;
+	r.in.nt_password = &nt_pass;
+	r.in.nt_verifier = &nt_verifier;
+	r.in.lm_change = 1;
+	r.in.lm_password = &lm_pass;
+	r.in.lm_verifier = &lm_verifier;
+	r.in.password3 = NULL;
+	r.out.dominfo = &dominfo;
+	r.out.reject = &reject;
+
+	unix_to_nt_time(&t, time(NULL));
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser3_r(b, tctx, &r),
+		"ChangePasswordUser3 failed");
+	torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+			__location__, __FUNCTION__,
+			oldpass, newpass, nt_errstr(r.out.result));
+
+	torture_comment(tctx, "(%s): dominfo[%s], reject[%s], handle_reject_reason[%s], "
+			"last_password_change[%s], dominfo->min_password_age[%lld]\n",
+			__location__,
+			(dominfo == NULL)? "NULL" : "present",
+			reject ? "true" : "false",
+			handle_reject_reason ? "true" : "false",
+			null_nttime(last_password_change) ? "null" : "not null",
+			dominfo ? (long long)dominfo->min_password_age : (long long)0);
+
+	if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION)
+	    && dominfo
+	    && reject
+	    && handle_reject_reason
+	    && (!null_nttime(last_password_change) || !dominfo->min_password_age)) {
+		if (dominfo->password_properties & DOMAIN_REFUSE_PASSWORD_CHANGE ) {
+
+			if (reject && (reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR)) {
+				torture_result(tctx, TORTURE_FAIL, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
+					SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
+				return false;
+			}
+		}
+
+		/* We tested the order of precedence which is as follows:
+
+		* pwd min_age
+		* pwd length
+		* pwd complexity
+		* pwd history
+
+		Guenther */
+
+		if ((dominfo->min_password_age < 0) && !null_nttime(last_password_change) &&
+			   (last_password_change - dominfo->min_password_age > t)) {
+
+			if (reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR) {
+				torture_result(tctx, TORTURE_FAIL, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
+					SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
+				return false;
+			}
+
+		} else if ((dominfo->min_password_length > 0) &&
+			   (strlen(newpass) < dominfo->min_password_length)) {
+
+			if (reject->extendedFailureReason != SAM_PWD_CHANGE_PASSWORD_TOO_SHORT) {
+				torture_result(tctx, TORTURE_FAIL, "expected SAM_PWD_CHANGE_PASSWORD_TOO_SHORT (%d), got %d\n",
+					SAM_PWD_CHANGE_PASSWORD_TOO_SHORT, reject->extendedFailureReason);
+				return false;
+			}
+
+		} else if ((dominfo->password_history_length > 0) &&
+			    strequal(oldpass, newpass)) {
+
+			if (reject->extendedFailureReason != SAM_PWD_CHANGE_PWD_IN_HISTORY) {
+				torture_result(tctx, TORTURE_FAIL, "expected SAM_PWD_CHANGE_PWD_IN_HISTORY (%d), got %d\n",
+					SAM_PWD_CHANGE_PWD_IN_HISTORY, reject->extendedFailureReason);
+				return false;
+			}
+		} else if (dominfo->password_properties & DOMAIN_PASSWORD_COMPLEX) {
+
+			if (reject->extendedFailureReason != SAM_PWD_CHANGE_NOT_COMPLEX) {
+				torture_result(tctx, TORTURE_FAIL, "expected SAM_PWD_CHANGE_NOT_COMPLEX (%d), got %d\n",
+					SAM_PWD_CHANGE_NOT_COMPLEX, reject->extendedFailureReason);
+				return false;
+			}
+
+		}
+
+		if (reject->extendedFailureReason == SAM_PWD_CHANGE_PASSWORD_TOO_SHORT) {
+			/* retry with adjusted size */
+			return test_ChangePasswordUser3(p, tctx, account_string,
+							dominfo->min_password_length,
+							password, NULL, 0, false);
+
+		}
+
+	} else if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION)) {
+		if (reject && reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR) {
+			torture_result(tctx, TORTURE_FAIL, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
+			       SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
+			return false;
+		}
+		/* Perhaps the server has a 'min password age' set? */
+
+	} else {
+		torture_assert_ntstatus_ok(tctx, r.out.result, "ChangePasswordUser3");
+
+		*password = talloc_strdup(tctx, newpass);
+	}
+
+	return ret;
+}
+
+bool test_ChangePasswordUser4(struct dcerpc_pipe *p,
+			      struct torture_context *tctx,
+			      const char *account_string,
+			      int policy_min_pw_len,
+			      char **password,
+			      const char *newpassword)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct samr_ChangePasswordUser4 r;
+	const char *oldpassword = *password;
+	char *srv_str = NULL;
+	struct lsa_String server;
+	struct lsa_String account;
+	uint8_t old_nt_key_data[16] = {0};
+	gnutls_datum_t old_nt_key = {
+		.data = old_nt_key_data,
+		.size = sizeof(old_nt_key),
+	};
+	uint8_t cek_data[16] = {0};
+	DATA_BLOB cek = {
+		.data = cek_data,
+		.length = sizeof(cek_data),
+	};
+	uint8_t pw_data[514] = {0};
+	DATA_BLOB plaintext = {
+		.data = pw_data,
+		.length = sizeof(pw_data),
+	};
+	DATA_BLOB ciphertext = data_blob_null;
+	struct samr_EncryptedPasswordAES pwd_buf = {.cipher_len = 0};
+	DATA_BLOB iv = {
+		.data = pwd_buf.salt,
+		.length = sizeof(pwd_buf.salt),
+	};
+	gnutls_datum_t iv_datum = {
+		.data = iv.data,
+		.size = iv.length,
+	};
+	uint64_t pbkdf2_iterations = generate_random_u64_range(5000, 1000000);
+	NTSTATUS status;
+	bool ok;
+	int rc;
+
+	torture_comment(tctx, "Testing ChangePasswordUser4\n");
+
+	if (newpassword == NULL) {
+		do {
+			if (policy_min_pw_len == 0) {
+				newpassword =
+					samr_rand_pass(tctx, policy_min_pw_len);
+			} else {
+				newpassword = samr_rand_pass_fixed_len(
+					tctx,
+					policy_min_pw_len);
+			}
+		} while (check_password_quality(newpassword) == false);
+	} else {
+		torture_comment(tctx, "Using password '%s'\n", newpassword);
+	}
+
+	torture_assert_not_null(tctx,
+				*password,
+				"Failing ChangePasswordUser4 as old password "
+				"was NULL.  Previous test failed?");
+
+	srv_str = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	torture_assert_not_null(tctx, srv_str, "srvstr is NULL");
+	init_lsa_String(&server, srv_str);
+
+	init_lsa_String(&account, account_string);
+
+	E_md4hash(oldpassword, old_nt_key_data);
+
+	generate_nonce_buffer(iv.data, iv.length);
+
+	rc = gnutls_pbkdf2(GNUTLS_MAC_SHA512,
+			   &old_nt_key,
+			   &iv_datum,
+			   pbkdf2_iterations,
+			   cek.data,
+			   cek.length);
+	torture_assert_int_equal(tctx, rc, 0, "gnutls_pbkdf2 failed");
+
+	ok = encode_pwd_buffer514_from_str(pw_data, newpassword, STR_UNICODE);
+	torture_assert(tctx, ok, "encode_aes_pw_buffer failed");
+
+	status = samba_gnutls_aead_aes_256_cbc_hmac_sha512_encrypt(
+		tctx,
+		&plaintext,
+		&cek,
+		&samr_aes256_enc_key_salt,
+		&samr_aes256_mac_key_salt,
+		&iv,
+		&ciphertext,
+		pwd_buf.auth_data);
+	torture_assert_ntstatus_ok(
+		tctx,
+		status,
+		"samba_gnutls_aead_aes_256_cbc_hmac_sha512_encrypt failed");
+
+	pwd_buf.cipher_len = ciphertext.length;
+	pwd_buf.cipher = ciphertext.data;
+	pwd_buf.PBKDF2Iterations = pbkdf2_iterations;
+
+	r.in.server = &server;
+	r.in.account = &account;
+	r.in.password = &pwd_buf;
+
+	status = dcerpc_samr_ChangePasswordUser4_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "ChangePasswordUser4 failed");
+
+	*password = talloc_strdup(tctx, newpassword);
+	return true;
+}
+
+bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_context *tctx,
+				    const char *account_string,
+				    struct policy_handle *handle,
+				    char **password)
+{
+	NTSTATUS status;
+	struct samr_ChangePasswordUser3 r;
+	struct samr_SetUserInfo s;
+	union samr_UserInfo u;
+	DATA_BLOB session_key;
+
+	bool ret = true;
+	struct lsa_String server, account;
+	struct samr_CryptPassword nt_pass;
+	struct samr_Password nt_verifier;
+	DATA_BLOB new_random_pass;
+	char *newpass;
+	char *oldpass;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	uint8_t old_nt_hash[16] = { 0 }, new_nt_hash[16];
+	DATA_BLOB old_nt_hash_blob
+		= data_blob_const(old_nt_hash,
+				  sizeof(old_nt_hash));
+	NTTIME t;
+	struct samr_DomInfo1 *dominfo = NULL;
+	struct userPwdChangeFailureInformation *reject = NULL;
+	gnutls_cipher_hd_t cipher_hnd = NULL;
+	uint8_t _confounder[16] = {0};
+	DATA_BLOB confounder
+		= data_blob_const(_confounder,
+				  sizeof(_confounder));
+	DATA_BLOB pw_data;
+	gnutls_datum_t old_nt_key = {
+		.data = old_nt_hash,
+		.size = sizeof(old_nt_hash),
+	};
+
+	new_random_pass = samr_very_rand_pass(tctx, 128);
+
+	torture_assert(tctx, *password != NULL,
+				   "Failing ChangePasswordUser3 as old password was NULL.  Previous test failed?");
+
+	oldpass = *password;
+	server.string = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	init_lsa_String(&account, account_string);
+
+	s.in.user_handle = handle;
+	s.in.info = &u;
+	s.in.level = 25;
+
+	ZERO_STRUCT(u);
+
+	u.info25.info.fields_present = SAMR_FIELD_NT_PASSWORD_PRESENT;
+
+	set_pw_in_buffer(u.info25.password.data, &new_random_pass);
+
+	pw_data = data_blob_const(u.info25.password.data, 516);
+
+	status = dcerpc_fetch_session_key(p, &session_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u - no session key - %s\n",
+		       s.in.level, nt_errstr(status));
+		return false;
+	}
+
+	generate_random_buffer(_confounder,
+			       sizeof(_confounder));
+
+	samba_gnutls_arcfour_confounded_md5(&confounder,
+					    &session_key,
+					    &pw_data,
+					    SAMBA_GNUTLS_ENCRYPT);
+
+	memcpy(&u.info25.password.data[516], _confounder, sizeof(_confounder));
+
+	torture_comment(tctx, "Testing SetUserInfo level 25 (set password ex) with a password made up of only random bytes\n");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo_r(b, tctx, &s),
+		"SetUserInfo failed");
+	torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+			__location__, __FUNCTION__,
+			oldpass, "RANDOM", nt_errstr(s.out.result));
+	if (!NT_STATUS_IS_OK(s.out.result)) {
+		torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u failed - %s\n",
+		       s.in.level, nt_errstr(s.out.result));
+		ret = false;
+	}
+
+	torture_comment(tctx, "Testing ChangePasswordUser3 with a password made up of only random bytes\n");
+
+	mdfour(old_nt_hash, new_random_pass.data, new_random_pass.length);
+
+	new_random_pass = samr_very_rand_pass(tctx, 128);
+
+	mdfour(new_nt_hash, new_random_pass.data, new_random_pass.length);
+
+	set_pw_in_buffer(nt_pass.data, &new_random_pass);
+
+	gnutls_cipher_init(&cipher_hnd,
+			   GNUTLS_CIPHER_ARCFOUR_128,
+			   &old_nt_key,
+			   NULL);
+	gnutls_cipher_encrypt(cipher_hnd,
+			      nt_pass.data,
+			      516);
+	gnutls_cipher_deinit(cipher_hnd);
+
+	E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
+
+	r.in.server = &server;
+	r.in.account = &account;
+	r.in.nt_password = &nt_pass;
+	r.in.nt_verifier = &nt_verifier;
+	r.in.lm_change = 0;
+	r.in.lm_password = NULL;
+	r.in.lm_verifier = NULL;
+	r.in.password3 = NULL;
+	r.out.dominfo = &dominfo;
+	r.out.reject = &reject;
+
+	unix_to_nt_time(&t, time(NULL));
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser3_r(b, tctx, &r),
+		"ChangePasswordUser3 failed");
+	torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+			__location__, __FUNCTION__,
+			oldpass, "RANDOM", nt_errstr(r.out.result));
+
+	if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION)) {
+		if (reject && reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR) {
+			torture_result(tctx, TORTURE_FAIL, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
+			       SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
+			return false;
+		}
+		/* Perhaps the server has a 'min password age' set? */
+
+	} else if (!NT_STATUS_IS_OK(r.out.result)) {
+		torture_result(tctx, TORTURE_FAIL, "ChangePasswordUser3 failed - %s\n", nt_errstr(r.out.result));
+		ret = false;
+	}
+
+	newpass = samr_rand_pass(tctx, 128);
+
+	mdfour(old_nt_hash, new_random_pass.data, new_random_pass.length);
+
+	E_md4hash(newpass, new_nt_hash);
+
+	status = init_samr_CryptPassword(newpass,
+					 &old_nt_hash_blob,
+					 &nt_pass);
+	torture_assert_ntstatus_ok(tctx,
+				   status,
+				   "init_samr_CryptPassword failed");
+
+	E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
+
+	r.in.server = &server;
+	r.in.account = &account;
+	r.in.nt_password = &nt_pass;
+	r.in.nt_verifier = &nt_verifier;
+	r.in.lm_change = 0;
+	r.in.lm_password = NULL;
+	r.in.lm_verifier = NULL;
+	r.in.password3 = NULL;
+	r.out.dominfo = &dominfo;
+	r.out.reject = &reject;
+
+	unix_to_nt_time(&t, time(NULL));
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser3_r(b, tctx, &r),
+		"ChangePasswordUser3 failed");
+	torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+			__location__, __FUNCTION__,
+			oldpass, newpass, nt_errstr(r.out.result));
+
+	if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION)) {
+		if (reject && reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR) {
+			torture_result(tctx, TORTURE_FAIL, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
+			       SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
+			return false;
+		}
+		/* Perhaps the server has a 'min password age' set? */
+
+	} else {
+		torture_assert_ntstatus_ok(tctx, r.out.result, "ChangePasswordUser3 (on second random password)");
+		*password = talloc_strdup(tctx, newpass);
+	}
+
+	return ret;
+}
+
+
+static bool test_GetMembersInAlias(struct dcerpc_binding_handle *b,
+				   struct torture_context *tctx,
+				   struct policy_handle *alias_handle)
+{
+	struct samr_GetMembersInAlias r;
+	struct lsa_SidArray sids;
+
+	torture_comment(tctx, "Testing GetMembersInAlias\n");
+
+	r.in.alias_handle = alias_handle;
+	r.out.sids = &sids;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetMembersInAlias_r(b, tctx, &r),
+		"GetMembersInAlias failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "GetMembersInAlias failed");
+
+	return true;
+}
+
+static bool test_AddMemberToAlias(struct dcerpc_binding_handle *b,
+				  struct torture_context *tctx,
+				  struct policy_handle *alias_handle,
+				  const struct dom_sid *domain_sid)
+{
+	struct samr_AddAliasMember r;
+	struct samr_DeleteAliasMember d;
+	struct dom_sid *sid;
+
+	sid = dom_sid_add_rid(tctx, domain_sid, 512);
+
+	torture_comment(tctx, "Testing AddAliasMember\n");
+	r.in.alias_handle = alias_handle;
+	r.in.sid = sid;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_AddAliasMember_r(b, tctx, &r),
+		"AddAliasMember failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "AddAliasMember failed");
+
+	d.in.alias_handle = alias_handle;
+	d.in.sid = sid;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_DeleteAliasMember_r(b, tctx, &d),
+		"DeleteAliasMember failed");
+	torture_assert_ntstatus_ok(tctx, d.out.result, "DelAliasMember failed");
+
+	return true;
+}
+
+static bool test_AddMultipleMembersToAlias(struct dcerpc_binding_handle *b,
+					   struct torture_context *tctx,
+					   struct policy_handle *alias_handle)
+{
+	struct samr_AddMultipleMembersToAlias a;
+	struct samr_RemoveMultipleMembersFromAlias r;
+	struct lsa_SidArray sids;
+
+	torture_comment(tctx, "Testing AddMultipleMembersToAlias\n");
+	a.in.alias_handle = alias_handle;
+	a.in.sids = &sids;
+
+	sids.num_sids = 3;
+	sids.sids = talloc_array(tctx, struct lsa_SidPtr, 3);
+
+	sids.sids[0].sid = dom_sid_parse_talloc(tctx, "S-1-5-32-1-2-3-1");
+	sids.sids[1].sid = dom_sid_parse_talloc(tctx, "S-1-5-32-1-2-3-2");
+	sids.sids[2].sid = dom_sid_parse_talloc(tctx, "S-1-5-32-1-2-3-3");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_AddMultipleMembersToAlias_r(b, tctx, &a),
+		"AddMultipleMembersToAlias failed");
+	torture_assert_ntstatus_ok(tctx, a.out.result, "AddMultipleMembersToAlias");
+
+
+	torture_comment(tctx, "Testing RemoveMultipleMembersFromAlias\n");
+	r.in.alias_handle = alias_handle;
+	r.in.sids = &sids;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_RemoveMultipleMembersFromAlias_r(b, tctx, &r),
+		"RemoveMultipleMembersFromAlias failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "RemoveMultipleMembersFromAlias failed");
+
+	/* strange! removing twice doesn't give any error */
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_RemoveMultipleMembersFromAlias_r(b, tctx, &r),
+		"RemoveMultipleMembersFromAlias failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "RemoveMultipleMembersFromAlias failed");
+
+	/* but removing an alias that isn't there does */
+	sids.sids[2].sid = dom_sid_parse_talloc(tctx, "S-1-5-32-1-2-3-4");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_RemoveMultipleMembersFromAlias_r(b, tctx, &r),
+		"RemoveMultipleMembersFromAlias failed");
+	torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_OBJECT_NAME_NOT_FOUND, "RemoveMultipleMembersFromAlias");
+
+	return true;
+}
+
+static bool test_GetAliasMembership(struct dcerpc_binding_handle *b,
+				    struct torture_context *tctx,
+				    struct policy_handle *domain_handle)
+{
+	struct samr_GetAliasMembership r;
+	struct lsa_SidArray sids;
+	struct samr_Ids rids;
+
+	torture_comment(tctx, "Testing GetAliasMembership\n");
+
+	r.in.domain_handle	= domain_handle;
+	r.in.sids		= &sids;
+	r.out.rids		= &rids;
+
+	sids.num_sids = 0;
+	sids.sids = talloc_zero_array(tctx, struct lsa_SidPtr, sids.num_sids);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetAliasMembership_r(b, tctx, &r),
+		"GetAliasMembership failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+		"samr_GetAliasMembership failed");
+
+	torture_assert_int_equal(tctx, sids.num_sids, rids.count,
+		"protocol misbehaviour");
+
+	sids.num_sids = 1;
+	sids.sids = talloc_zero_array(tctx, struct lsa_SidPtr, sids.num_sids);
+	sids.sids[0].sid = dom_sid_parse_talloc(tctx, "S-1-5-32-1-2-3-1");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetAliasMembership_r(b, tctx, &r),
+		"samr_GetAliasMembership failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+		"samr_GetAliasMembership failed");
+
+#if 0
+	/* only true for w2k8 it seems
+	 * win7, xp, w2k3 will return a 0 length array pointer */
+
+	if (rids.ids && (rids.count == 0)) {
+		torture_fail(tctx, "samr_GetAliasMembership returned 0 count and a rids array");
+	}
+#endif
+	if (!rids.ids && rids.count) {
+		torture_fail(tctx, "samr_GetAliasMembership returned non-0 count but no rids");
+	}
+
+	return true;
+}
+
+static bool test_TestPrivateFunctionsUser(struct dcerpc_binding_handle *b,
+					  struct torture_context *tctx,
+					  struct policy_handle *user_handle)
+{
+    	struct samr_TestPrivateFunctionsUser r;
+
+	torture_comment(tctx, "Testing TestPrivateFunctionsUser\n");
+
+	r.in.user_handle = user_handle;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_TestPrivateFunctionsUser_r(b, tctx, &r),
+		"TestPrivateFunctionsUser failed");
+	torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_NOT_IMPLEMENTED, "TestPrivateFunctionsUser");
+
+	return true;
+}
+
+static bool test_QueryUserInfo_pwdlastset(struct dcerpc_binding_handle *b,
+					  struct torture_context *tctx,
+					  struct policy_handle *handle,
+					  bool use_info2,
+					  NTTIME *pwdlastset)
+{
+	NTSTATUS status;
+	uint16_t levels[] = { /* 3, */ 5, 21 };
+	int i;
+	/* NTTIME pwdlastset3 = 0; */
+	NTTIME pwdlastset5 = 0;
+	NTTIME pwdlastset21 = 0;
+
+	torture_comment(tctx, "Testing QueryUserInfo%s level 5 and 21 call ",
+			use_info2 ? "2":"");
+
+	for (i=0; i<ARRAY_SIZE(levels); i++) {
+
+		struct samr_QueryUserInfo r;
+		struct samr_QueryUserInfo2 r2;
+		union samr_UserInfo *info;
+
+		if (use_info2) {
+			r2.in.user_handle = handle;
+			r2.in.level = levels[i];
+			r2.out.info = &info;
+			torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryUserInfo2_r(b, tctx, &r2),
+				"QueryUserInfo2 failed");
+			status = r2.out.result;
+
+		} else {
+			r.in.user_handle = handle;
+			r.in.level = levels[i];
+			r.out.info = &info;
+			torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryUserInfo_r(b, tctx, &r),
+				"QueryUserInfo failed");
+			status = r.out.result;
+		}
+
+		if (!NT_STATUS_IS_OK(status) &&
+		    !NT_STATUS_EQUAL(status, NT_STATUS_INVALID_INFO_CLASS)) {
+			torture_result(tctx, TORTURE_FAIL, "QueryUserInfo%s level %u failed - %s\n",
+			       use_info2 ? "2":"", levels[i], nt_errstr(status));
+			return false;
+		}
+
+		switch (levels[i]) {
+		case 3:
+			/* pwdlastset3 = info->info3.last_password_change; */
+			break;
+		case 5:
+			pwdlastset5 = info->info5.last_password_change;
+			break;
+		case 21:
+			pwdlastset21 = info->info21.last_password_change;
+			break;
+		default:
+			return false;
+		}
+	}
+	/* torture_assert_int_equal(tctx, pwdlastset3, pwdlastset5,
+				    "pwdlastset mixup"); */
+	torture_assert_int_equal(tctx, pwdlastset5, pwdlastset21,
+				 "pwdlastset mixup");
+
+	*pwdlastset = pwdlastset21;
+
+	torture_comment(tctx, "(pwdlastset: %llu)\n",
+			(unsigned long long) *pwdlastset);
+
+	return true;
+}
+
+static bool test_SamLogon(struct torture_context *tctx,
+			  struct dcerpc_pipe *p,
+			  struct cli_credentials *machine_credentials,
+			  struct cli_credentials *test_credentials,
+			  NTSTATUS expected_result,
+			  bool interactive)
+{
+	NTSTATUS status;
+	struct netr_LogonSamLogonEx r;
+	union netr_LogonLevel logon;
+	union netr_Validation validation;
+	uint8_t authoritative;
+	struct netr_IdentityInfo identity;
+	struct netr_NetworkInfo ninfo;
+	struct netr_PasswordInfo pinfo;
+	DATA_BLOB names_blob, chal, lm_resp, nt_resp;
+	int flags = CLI_CRED_NTLM_AUTH;
+	uint32_t samlogon_flags = 0;
+	struct netlogon_creds_CredentialState *creds;
+	struct netr_Authenticator a;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	torture_assert(tctx, (creds = cli_credentials_get_netlogon_creds(machine_credentials)), "");
+
+	if (lpcfg_client_lanman_auth(tctx->lp_ctx)) {
+		flags |= CLI_CRED_LANMAN_AUTH;
+	}
+
+	if (lpcfg_client_ntlmv2_auth(tctx->lp_ctx)) {
+		flags |= CLI_CRED_NTLMv2_AUTH;
+	}
+
+	cli_credentials_get_ntlm_username_domain(test_credentials, tctx,
+						 &identity.account_name.string,
+						 &identity.domain_name.string);
+
+	identity.parameter_control =
+		MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT |
+		MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT;
+	identity.logon_id = 0;
+	identity.workstation.string = cli_credentials_get_workstation(test_credentials);
+
+	if (interactive) {
+		netlogon_creds_client_authenticator(creds, &a);
+
+		if (!E_deshash(cli_credentials_get_password(test_credentials), pinfo.lmpassword.hash)) {
+			ZERO_STRUCT(pinfo.lmpassword.hash);
+		}
+		E_md4hash(cli_credentials_get_password(test_credentials), pinfo.ntpassword.hash);
+
+		if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+			netlogon_creds_aes_encrypt(creds, pinfo.lmpassword.hash, 16);
+			netlogon_creds_aes_encrypt(creds, pinfo.ntpassword.hash, 16);
+		} else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
+			netlogon_creds_arcfour_crypt(creds, pinfo.lmpassword.hash, 16);
+			netlogon_creds_arcfour_crypt(creds, pinfo.ntpassword.hash, 16);
+		} else {
+			netlogon_creds_des_encrypt(creds, &pinfo.lmpassword);
+			netlogon_creds_des_encrypt(creds, &pinfo.ntpassword);
+		}
+
+		pinfo.identity_info = identity;
+		logon.password = &pinfo;
+
+		r.in.logon_level = NetlogonInteractiveInformation;
+	} else {
+		generate_random_buffer(ninfo.challenge,
+				       sizeof(ninfo.challenge));
+		chal = data_blob_const(ninfo.challenge,
+				       sizeof(ninfo.challenge));
+
+		names_blob = NTLMv2_generate_names_blob(tctx, cli_credentials_get_workstation(test_credentials),
+							cli_credentials_get_domain(test_credentials));
+
+		status = cli_credentials_get_ntlm_response(test_credentials, tctx,
+							   &flags,
+							   chal,
+							   NULL, /* server_timestamp */
+							   names_blob,
+							   &lm_resp, &nt_resp,
+							   NULL, NULL);
+		torture_assert_ntstatus_ok(tctx, status, "cli_credentials_get_ntlm_response failed");
+
+		ninfo.lm.data = lm_resp.data;
+		ninfo.lm.length = lm_resp.length;
+
+		ninfo.nt.data = nt_resp.data;
+		ninfo.nt.length = nt_resp.length;
+
+		ninfo.identity_info = identity;
+		logon.network = &ninfo;
+
+		r.in.logon_level = NetlogonNetworkInformation;
+	}
+
+	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.computer_name = cli_credentials_get_workstation(test_credentials);
+	r.in.logon = &logon;
+	r.in.flags = &samlogon_flags;
+	r.out.flags = &samlogon_flags;
+	r.out.validation = &validation;
+	r.out.authoritative = &authoritative;
+
+	torture_comment(tctx, "Testing LogonSamLogon with name %s\n", identity.account_name.string);
+
+	r.in.validation_level = 6;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogonEx_r(b, tctx, &r),
+		"netr_LogonSamLogonEx failed");
+	if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_INVALID_INFO_CLASS)) {
+		r.in.validation_level = 3;
+		torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogonEx_r(b, tctx, &r),
+			"netr_LogonSamLogonEx failed");
+	}
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		torture_assert_ntstatus_equal(tctx, r.out.result, expected_result, "LogonSamLogonEx failed");
+		return true;
+	} else {
+		torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogonEx failed");
+	}
+
+	return true;
+}
+
+static bool test_SamLogon_with_creds(struct torture_context *tctx,
+				     struct dcerpc_pipe *p,
+				     struct cli_credentials *machine_creds,
+				     const char *acct_name,
+				     const char *password,
+				     NTSTATUS expected_samlogon_result,
+				     bool interactive)
+{
+	bool ret = true;
+	struct cli_credentials *test_credentials;
+
+	test_credentials = cli_credentials_init(tctx);
+
+	cli_credentials_set_workstation(test_credentials,
+					cli_credentials_get_workstation(machine_creds), CRED_SPECIFIED);
+	cli_credentials_set_domain(test_credentials,
+				   cli_credentials_get_domain(machine_creds), CRED_SPECIFIED);
+	cli_credentials_set_username(test_credentials,
+				     acct_name, CRED_SPECIFIED);
+	cli_credentials_set_password(test_credentials,
+				     password, CRED_SPECIFIED);
+
+	torture_comment(tctx, "Testing samlogon (%s) as %s password: %s\n",
+		interactive ? "interactive" : "network", acct_name, password);
+
+	if (!test_SamLogon(tctx, p, machine_creds, test_credentials,
+			    expected_samlogon_result, interactive)) {
+		torture_result(tctx, TORTURE_FAIL, "new password did not work\n");
+		ret = false;
+	}
+
+	return ret;
+}
+
+static bool test_SetPassword_level(struct dcerpc_pipe *p,
+				   struct dcerpc_pipe *np,
+				   struct torture_context *tctx,
+				   struct policy_handle *handle,
+				   uint16_t level,
+				   uint32_t fields_present,
+				   uint8_t password_expired,
+				   bool *matched_expected_error,
+				   bool use_setinfo2,
+				   const char *acct_name,
+				   char **password,
+				   struct cli_credentials *machine_creds,
+				   bool use_queryinfo2,
+				   NTTIME *pwdlastset,
+				   NTSTATUS expected_samlogon_result)
+{
+	const char *fields = NULL;
+	bool ret = true;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	switch (level) {
+	case 21:
+	case 23:
+	case 25:
+	case 32:
+		fields = talloc_asprintf(tctx, "(fields_present: 0x%08x)",
+					 fields_present);
+		break;
+	default:
+		break;
+	}
+
+	torture_comment(tctx, "Testing SetUserInfo%s level %d call "
+		"(password_expired: %d) %s\n",
+		use_setinfo2 ? "2":"", level, password_expired,
+		fields ? fields : "");
+
+	if (!test_SetUserPass_level_ex(p, tctx, handle, level,
+				       fields_present,
+				       password,
+				       password_expired,
+				       use_setinfo2,
+				       matched_expected_error)) {
+		ret = false;
+	}
+
+	if (!test_QueryUserInfo_pwdlastset(b, tctx, handle,
+					   use_queryinfo2,
+					   pwdlastset)) {
+		ret = false;
+	}
+
+	if (*matched_expected_error == true) {
+		return ret;
+	}
+
+	if (!test_SamLogon_with_creds(tctx, np,
+				      machine_creds,
+				      acct_name,
+				      *password,
+				      expected_samlogon_result,
+				      false)) {
+		ret = false;
+	}
+
+	return ret;
+}
+
+static bool setup_schannel_netlogon_pipe(struct torture_context *tctx,
+					 struct cli_credentials *credentials,
+					 struct dcerpc_pipe **p)
+{
+	struct dcerpc_binding *b;
+	NTSTATUS status;
+
+	torture_assert_ntstatus_ok(tctx, torture_rpc_binding(tctx, &b),
+		"failed to get rpc binding");
+
+	/* We have to use schannel, otherwise the SamLogonEx fails
+	 * with INTERNAL_ERROR */
+
+	status = dcerpc_binding_set_flags(b,
+					  DCERPC_SCHANNEL |
+					  DCERPC_SIGN | DCERPC_SEAL |
+					  DCERPC_SCHANNEL_AUTO,
+					  DCERPC_AUTH_OPTIONS);
+	torture_assert_ntstatus_ok(tctx, status, "set flags");
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_pipe_connect_b(tctx, p, b, &ndr_table_netlogon,
+				      credentials, tctx->ev, tctx->lp_ctx),
+		"failed to bind to netlogon");
+
+	return true;
+}
+
+static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p,
+					struct torture_context *tctx,
+					uint32_t acct_flags,
+					const char *acct_name,
+					struct policy_handle *handle,
+					char **password,
+					struct cli_credentials *machine_credentials)
+{
+	int s = 0, q = 0, f = 0, l = 0, z = 0;
+	bool ret = true;
+	int delay = 50000;
+	bool set_levels[] = { false, true };
+	bool query_levels[] = { false, true };
+	uint32_t levels[] = { 18, 21, 26, 23, 24, 25, 31 }; /* Second half only used when TEST_ALL_LEVELS defined */
+	uint32_t nonzeros[] = { 1, 24 };
+	uint32_t fields_present[] = {
+		0,
+		SAMR_FIELD_EXPIRED_FLAG,
+		SAMR_FIELD_LAST_PWD_CHANGE,
+		SAMR_FIELD_EXPIRED_FLAG | SAMR_FIELD_LAST_PWD_CHANGE,
+		SAMR_FIELD_COMMENT,
+		SAMR_FIELD_NT_PASSWORD_PRESENT,
+		SAMR_FIELD_NT_PASSWORD_PRESENT | SAMR_FIELD_LAST_PWD_CHANGE,
+		SAMR_FIELD_NT_PASSWORD_PRESENT | SAMR_FIELD_LM_PASSWORD_PRESENT,
+		SAMR_FIELD_NT_PASSWORD_PRESENT | SAMR_FIELD_LM_PASSWORD_PRESENT | SAMR_FIELD_LAST_PWD_CHANGE,
+		SAMR_FIELD_NT_PASSWORD_PRESENT | SAMR_FIELD_EXPIRED_FLAG,
+		SAMR_FIELD_NT_PASSWORD_PRESENT | SAMR_FIELD_LM_PASSWORD_PRESENT | SAMR_FIELD_EXPIRED_FLAG,
+		SAMR_FIELD_NT_PASSWORD_PRESENT | SAMR_FIELD_LM_PASSWORD_PRESENT | SAMR_FIELD_LAST_PWD_CHANGE | SAMR_FIELD_EXPIRED_FLAG
+	};
+	struct dcerpc_pipe *np = NULL;
+
+	if (torture_setting_bool(tctx, "samba3", false) ||
+	    torture_setting_bool(tctx, "samba4", false)) {
+		delay = 999999;
+		torture_comment(tctx, "Samba3 has second granularity, setting delay to: %d\n",
+			delay);
+	}
+
+	torture_assert(tctx, setup_schannel_netlogon_pipe(tctx, machine_credentials, &np), "");
+
+	/* set to 1 to enable testing for all possible opcode
+	   (SetUserInfo, SetUserInfo2, QueryUserInfo, QueryUserInfo2)
+	   combinations */
+#if 0
+#define TEST_ALL_LEVELS 1
+#define TEST_SET_LEVELS 1
+#define TEST_QUERY_LEVELS 1
+#endif
+#ifdef TEST_ALL_LEVELS
+	for (l=0; l<ARRAY_SIZE(levels); l++) {
+#else
+	for (l=0; l<(ARRAY_SIZE(levels))/2; l++) {
+#endif
+	for (z=0; z<ARRAY_SIZE(nonzeros); z++) {
+	for (f=0; f<ARRAY_SIZE(fields_present); f++) {
+#ifdef TEST_SET_LEVELS
+	for (s=0; s<ARRAY_SIZE(set_levels); s++) {
+#endif
+#ifdef TEST_QUERY_LEVELS
+	for (q=0; q<ARRAY_SIZE(query_levels); q++) {
+#endif
+		NTTIME pwdlastset_old = 0;
+		NTTIME pwdlastset_new = 0;
+		bool matched_expected_error = false;
+		NTSTATUS expected_samlogon_result = NT_STATUS_ACCOUNT_DISABLED;
+
+		torture_comment(tctx, "------------------------------\n"
+				"Testing pwdLastSet attribute for flags: 0x%08x "
+				"(s: %d (l: %d), q: %d)\n",
+				acct_flags, s, levels[l], q);
+
+		switch (levels[l]) {
+		case 21:
+		case 23:
+		case 25:
+		case 32:
+			if (!((fields_present[f] & SAMR_FIELD_NT_PASSWORD_PRESENT) ||
+			      (fields_present[f] & SAMR_FIELD_LM_PASSWORD_PRESENT))) {
+				expected_samlogon_result = NT_STATUS_WRONG_PASSWORD;
+			}
+			break;
+		}
+
+
+		/* set #1 */
+
+		/* set a password and force password change (pwdlastset 0) by
+		 * setting the password expired flag to a non-0 value */
+
+		if (!test_SetPassword_level(p, np, tctx, handle,
+					    levels[l],
+					    fields_present[f],
+					    nonzeros[z],
+					    &matched_expected_error,
+					    set_levels[s],
+					    acct_name,
+					    password,
+					    machine_credentials,
+					    query_levels[q],
+					    &pwdlastset_new,
+					    expected_samlogon_result)) {
+			ret = false;
+		}
+
+		if (matched_expected_error == true) {
+			/* skipping on expected failure */
+			continue;
+		}
+
+		/* pwdlastset must be 0 afterwards, except for a level 21, 23 and 25
+		 * set without the SAMR_FIELD_EXPIRED_FLAG */
+
+		switch (levels[l]) {
+		case 21:
+		case 23:
+		case 25:
+		case 32:
+			if ((pwdlastset_new != 0) &&
+			    !(fields_present[f] & SAMR_FIELD_EXPIRED_FLAG)) {
+				torture_comment(tctx, "not considering a non-0 "
+					"pwdLastSet as a an error as the "
+					"SAMR_FIELD_EXPIRED_FLAG has not "
+					"been set\n");
+				break;
+			}
+			break;
+		default:
+			if (pwdlastset_new != 0) {
+				torture_result(tctx, TORTURE_FAIL, "pwdLastSet test failed: "
+					"expected pwdLastSet 0 but got %llu\n",
+					(unsigned long long) pwdlastset_old);
+				ret = false;
+			}
+			break;
+		}
+
+		switch (levels[l]) {
+		case 21:
+		case 23:
+		case 25:
+		case 32:
+			if (((fields_present[f] & SAMR_FIELD_NT_PASSWORD_PRESENT) ||
+			     (fields_present[f] & SAMR_FIELD_LM_PASSWORD_PRESENT)) &&
+			     (pwdlastset_old > 0) && (pwdlastset_new > 0) &&
+			     (pwdlastset_old >= pwdlastset_new)) {
+				torture_result(tctx, TORTURE_FAIL, "pwdlastset not increasing\n");
+				ret = false;
+			}
+			break;
+		}
+
+		pwdlastset_old = pwdlastset_new;
+
+		usleep(delay);
+
+		/* set #2 */
+
+		/* set a password, pwdlastset needs to get updated (increased
+		 * value), password_expired value used here is 0 */
+
+		if (!test_SetPassword_level(p, np, tctx, handle,
+					    levels[l],
+					    fields_present[f],
+					    0,
+					    &matched_expected_error,
+					    set_levels[s],
+					    acct_name,
+					    password,
+					    machine_credentials,
+					    query_levels[q],
+					    &pwdlastset_new,
+					    expected_samlogon_result)) {
+			ret = false;
+		}
+
+		/* when a password has been changed, pwdlastset must not be 0 afterwards
+		 * and must be larger then the old value */
+
+		switch (levels[l]) {
+		case 21:
+		case 23:
+		case 25:
+		case 32:
+			/* SAMR_FIELD_EXPIRED_FLAG has not been set and no
+			 * password has been changed, old and new pwdlastset
+			 * need to be the same value */
+
+			if (!(fields_present[f] & SAMR_FIELD_EXPIRED_FLAG) &&
+			    !((fields_present[f] & SAMR_FIELD_NT_PASSWORD_PRESENT) ||
+			      (fields_present[f] & SAMR_FIELD_LM_PASSWORD_PRESENT)))
+			{
+				torture_assert_int_equal(tctx, pwdlastset_old,
+					pwdlastset_new, "pwdlastset must be equal");
+				break;
+			}
+			break;
+		default:
+			if (pwdlastset_old >= pwdlastset_new) {
+				torture_result(tctx, TORTURE_FAIL, "pwdLastSet test failed: "
+					"expected last pwdlastset (%llu) < new pwdlastset (%llu)\n",
+					(unsigned long long) pwdlastset_old,
+					(unsigned long long) pwdlastset_new);
+				ret = false;
+			}
+			if (pwdlastset_new == 0) {
+				torture_result(tctx, TORTURE_FAIL, "pwdLastSet test failed: "
+					"expected non-0 pwdlastset, got: %llu\n",
+					(unsigned long long) pwdlastset_new);
+				ret = false;
+			}
+			break;
+		}
+
+		switch (levels[l]) {
+		case 21:
+		case 23:
+		case 25:
+		case 32:
+			if (((fields_present[f] & SAMR_FIELD_NT_PASSWORD_PRESENT) ||
+			     (fields_present[f] & SAMR_FIELD_LM_PASSWORD_PRESENT)) &&
+			     (pwdlastset_old > 0) && (pwdlastset_new > 0) &&
+			     (pwdlastset_old >= pwdlastset_new)) {
+				torture_result(tctx, TORTURE_FAIL, "pwdlastset not increasing\n");
+				ret = false;
+			}
+			break;
+		}
+
+		pwdlastset_old = pwdlastset_new;
+
+		usleep(delay);
+
+		/* set #2b */
+
+		/* set a password, pwdlastset needs to get updated (increased
+		 * value), password_expired value used here is 0 */
+
+		if (!test_SetPassword_level(p, np, tctx, handle,
+					    levels[l],
+					    fields_present[f],
+					    0,
+					    &matched_expected_error,
+					    set_levels[s],
+					    acct_name,
+					    password,
+					    machine_credentials,
+					    query_levels[q],
+					    &pwdlastset_new,
+					    expected_samlogon_result)) {
+			ret = false;
+		}
+
+		/* when a password has been changed, pwdlastset must not be 0 afterwards
+		 * and must be larger then the old value */
+
+		switch (levels[l]) {
+		case 21:
+		case 23:
+		case 25:
+		case 32:
+			/* SAMR_FIELD_EXPIRED_FLAG has not been set and no
+			 * password has been changed, old and new pwdlastset
+			 * need to be the same value */
+
+			if (!(fields_present[f] & SAMR_FIELD_EXPIRED_FLAG) &&
+			    !((fields_present[f] & SAMR_FIELD_NT_PASSWORD_PRESENT) ||
+			      (fields_present[f] & SAMR_FIELD_LM_PASSWORD_PRESENT)))
+			{
+				torture_assert_int_equal(tctx, pwdlastset_old,
+					pwdlastset_new, "pwdlastset must be equal");
+				break;
+			}
+			break;
+		default:
+			if (pwdlastset_old >= pwdlastset_new) {
+				torture_result(tctx, TORTURE_FAIL, "pwdLastSet test failed: "
+					"expected last pwdlastset (%llu) < new pwdlastset (%llu)\n",
+					(unsigned long long) pwdlastset_old,
+					(unsigned long long) pwdlastset_new);
+				ret = false;
+			}
+			if (pwdlastset_new == 0) {
+				torture_result(tctx, TORTURE_FAIL, "pwdLastSet test failed: "
+					"expected non-0 pwdlastset, got: %llu\n",
+					(unsigned long long) pwdlastset_new);
+				ret = false;
+			}
+			break;
+		}
+
+		switch (levels[l]) {
+		case 21:
+		case 23:
+		case 25:
+		case 32:
+			if (((fields_present[f] & SAMR_FIELD_NT_PASSWORD_PRESENT) ||
+			     (fields_present[f] & SAMR_FIELD_LM_PASSWORD_PRESENT)) &&
+			     (pwdlastset_old > 0) && (pwdlastset_new > 0) &&
+			     (pwdlastset_old >= pwdlastset_new)) {
+				torture_result(tctx, TORTURE_FAIL, "pwdlastset not increasing\n");
+				ret = false;
+			}
+			break;
+		}
+
+		pwdlastset_old = pwdlastset_new;
+
+		usleep(delay);
+
+		/* set #3 */
+
+		/* set a password and force password change (pwdlastset 0) by
+		 * setting the password expired flag to a non-0 value */
+
+		if (!test_SetPassword_level(p, np, tctx, handle,
+					    levels[l],
+					    fields_present[f],
+					    nonzeros[z],
+					    &matched_expected_error,
+					    set_levels[s],
+					    acct_name,
+					    password,
+					    machine_credentials,
+					    query_levels[q],
+					    &pwdlastset_new,
+					    expected_samlogon_result)) {
+			ret = false;
+		}
+
+		/* pwdlastset must be 0 afterwards, except for a level 21, 23 and 25
+		 * set without the SAMR_FIELD_EXPIRED_FLAG */
+
+		switch (levels[l]) {
+		case 21:
+		case 23:
+		case 25:
+		case 32:
+			if ((pwdlastset_new != 0) &&
+			    !(fields_present[f] & SAMR_FIELD_EXPIRED_FLAG)) {
+				torture_comment(tctx, "not considering a non-0 "
+					"pwdLastSet as a an error as the "
+					"SAMR_FIELD_EXPIRED_FLAG has not "
+					"been set\n");
+				break;
+			}
+
+			/* SAMR_FIELD_EXPIRED_FLAG has not been set and no
+			 * password has been changed, old and new pwdlastset
+			 * need to be the same value */
+
+			if (!(fields_present[f] & SAMR_FIELD_EXPIRED_FLAG) &&
+			    !((fields_present[f] & SAMR_FIELD_NT_PASSWORD_PRESENT) ||
+			      (fields_present[f] & SAMR_FIELD_LM_PASSWORD_PRESENT)))
+			{
+				torture_assert_int_equal(tctx, pwdlastset_old,
+					pwdlastset_new, "pwdlastset must be equal");
+				break;
+			}
+			break;
+		default:
+			if (pwdlastset_new != 0) {
+				torture_result(tctx, TORTURE_FAIL, "pwdLastSet test failed: "
+					"expected pwdLastSet 0, got %llu\n",
+					(unsigned long long) pwdlastset_old);
+				ret = false;
+			}
+			break;
+		}
+
+		switch (levels[l]) {
+		case 21:
+		case 23:
+		case 25:
+		case 32:
+			if (((fields_present[f] & SAMR_FIELD_NT_PASSWORD_PRESENT) ||
+			     (fields_present[f] & SAMR_FIELD_LM_PASSWORD_PRESENT)) &&
+			     (pwdlastset_old > 0) && (pwdlastset_new > 0) &&
+			     (pwdlastset_old >= pwdlastset_new)) {
+				torture_result(tctx, TORTURE_FAIL, "pwdlastset not increasing\n");
+				ret = false;
+			}
+			break;
+		}
+
+		/* if the level we are testing does not have a fields_present
+		 * field, skip all fields present tests by setting f to to
+		 * arraysize */
+		switch (levels[l]) {
+		case 18:
+		case 24:
+		case 26:
+		case 31:
+			f = ARRAY_SIZE(fields_present);
+			break;
+		}
+
+#ifdef TEST_QUERY_LEVELS
+	}
+#endif
+#ifdef TEST_SET_LEVELS
+	}
+#endif
+	} /* fields present */
+	} /* nonzeros */
+	} /* levels */
+
+#undef TEST_SET_LEVELS
+#undef TEST_QUERY_LEVELS
+
+	talloc_free(np);
+
+	return ret;
+}
+
+static bool test_QueryUserInfo_badpwdcount(struct dcerpc_binding_handle *b,
+					   struct torture_context *tctx,
+					   struct policy_handle *handle,
+					   uint32_t *badpwdcount)
+{
+	union samr_UserInfo *info;
+	struct samr_QueryUserInfo r;
+
+	r.in.user_handle = handle;
+	r.in.level = 3;
+	r.out.info = &info;
+
+	torture_comment(tctx, "Testing QueryUserInfo level %d", r.in.level);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryUserInfo_r(b, tctx, &r),
+		"failed to query userinfo");
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+		"failed to query userinfo");
+
+	*badpwdcount = info->info3.bad_password_count;
+
+	torture_comment(tctx, " (bad password count: %d)\n", *badpwdcount);
+
+	return true;
+}
+
+static bool test_SetUserInfo_acct_flags(struct dcerpc_binding_handle *b,
+					struct torture_context *tctx,
+					struct policy_handle *user_handle,
+					uint32_t acct_flags)
+{
+	struct samr_SetUserInfo r;
+	union samr_UserInfo user_info;
+
+	torture_comment(tctx, "Testing SetUserInfo level 16\n");
+
+	user_info.info16.acct_flags = acct_flags;
+
+	r.in.user_handle = user_handle;
+	r.in.level = 16;
+	r.in.info = &user_info;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo_r(b, tctx, &r),
+		"failed to set account flags");
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+		"failed to set account flags");
+
+	return true;
+}
+
+static bool test_reset_badpwdcount(struct dcerpc_pipe *p,
+				   struct torture_context *tctx,
+				   struct policy_handle *user_handle,
+				   uint32_t acct_flags,
+				   char **password)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	torture_assert(tctx, test_SetUserPass(p, tctx, user_handle, password),
+		"failed to set password");
+
+	torture_comment(tctx, "Testing SetUserInfo level 16 (enable account)\n");
+
+	torture_assert(tctx,
+		       test_SetUserInfo_acct_flags(b, tctx, user_handle,
+						   acct_flags & ~ACB_DISABLED),
+		       "failed to enable user");
+
+	torture_assert(tctx, test_SetUserPass(p, tctx, user_handle, password),
+		"failed to set password");
+
+	return true;
+}
+
+static bool test_SetDomainInfo(struct dcerpc_binding_handle *b,
+			       struct torture_context *tctx,
+			       struct policy_handle *domain_handle,
+			       enum samr_DomainInfoClass level,
+			       union samr_DomainInfo *info)
+{
+	struct samr_SetDomainInfo r;
+
+	r.in.domain_handle = domain_handle;
+	r.in.level = level;
+	r.in.info = info;
+
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_samr_SetDomainInfo_r(b, tctx, &r),
+				   "failed to set domain info");
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+				   "failed to set domain info");
+
+	return true;
+}
+
+static bool test_SetDomainInfo_ntstatus(struct dcerpc_binding_handle *b,
+					struct torture_context *tctx,
+					struct policy_handle *domain_handle,
+					enum samr_DomainInfoClass level,
+					union samr_DomainInfo *info,
+					NTSTATUS expected)
+{
+	struct samr_SetDomainInfo r;
+
+	r.in.domain_handle = domain_handle;
+	r.in.level = level;
+	r.in.info = info;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetDomainInfo_r(b, tctx, &r),
+		"SetDomainInfo failed");
+	torture_assert_ntstatus_equal(tctx, r.out.result, expected, "");
+
+	return true;
+}
+
+static bool test_QueryDomainInfo2_level(struct dcerpc_binding_handle *b,
+					struct torture_context *tctx,
+					struct policy_handle *domain_handle,
+					enum samr_DomainInfoClass level,
+					union samr_DomainInfo **q_info)
+{
+	struct samr_QueryDomainInfo2 r;
+
+	r.in.domain_handle = domain_handle;
+	r.in.level = level;
+	r.out.info = q_info;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryDomainInfo2_r(b, tctx, &r),
+		"failed to query domain info");
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+		"failed to query domain info");
+
+	return true;
+}
+
+static bool test_Password_badpwdcount(struct dcerpc_pipe *p,
+				      struct dcerpc_pipe *np,
+				      struct torture_context *tctx,
+				      uint32_t acct_flags,
+				      const char *acct_name,
+				      struct policy_handle *domain_handle,
+				      struct policy_handle *user_handle,
+				      char **password,
+				      struct cli_credentials *machine_credentials,
+				      const char *comment,
+				      bool disable,
+				      bool interactive,
+				      NTSTATUS expected_success_status,
+				      struct samr_DomInfo1 *info1,
+				      struct samr_DomInfo12 *info12)
+{
+	union samr_DomainInfo info;
+	char **passwords;
+	int i;
+	uint32_t badpwdcount, tmp;
+	uint32_t password_history_length = 12;
+	uint32_t lockout_threshold = 15;
+	uint32_t lockout_seconds = 5;
+	uint64_t delta_time_factor = 10 * 1000 * 1000;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (torture_setting_bool(tctx, "samba3", false)) {
+		lockout_seconds = 60;
+	}
+
+	torture_comment(tctx, "\nTesting bad pwd count with: %s\n", comment);
+
+	torture_assert(tctx, password_history_length < lockout_threshold,
+		"password history length needs to be smaller than account lockout threshold for this test");
+
+
+	/* set policies */
+
+	info.info1 = *info1;
+	info.info1.password_history_length = password_history_length;
+	info.info1.min_password_age = 0;
+
+	torture_assert(tctx,
+		       test_SetDomainInfo(b, tctx, domain_handle,
+					  DomainPasswordInformation, &info),
+		       "failed to set password history length and min passwd age");
+
+	info.info12 = *info12;
+	info.info12.lockout_threshold = lockout_threshold;
+
+	/* set lockout duration of 5 seconds */
+	info.info12.lockout_duration = ~(lockout_seconds * delta_time_factor);
+	info.info12.lockout_window = ~(lockout_seconds * delta_time_factor);
+
+	torture_assert(tctx,
+		       test_SetDomainInfo(b, tctx, domain_handle,
+					  DomainLockoutInformation, &info),
+		       "failed to set lockout threshold");
+
+	/* reset bad pwd count */
+
+	torture_assert(tctx,
+		test_reset_badpwdcount(p, tctx, user_handle, acct_flags, password), "");
+
+
+	/* enable or disable account */
+	if (disable) {
+		torture_assert(tctx,
+			       test_SetUserInfo_acct_flags(b, tctx, user_handle,
+						acct_flags | ACB_DISABLED),
+			       "failed to disable user");
+	} else {
+		torture_assert(tctx,
+			       test_SetUserInfo_acct_flags(b, tctx, user_handle,
+						acct_flags & ~ACB_DISABLED),
+			       "failed to enable user");
+	}
+
+
+	/* setup password history */
+
+	passwords = talloc_array(tctx, char *, password_history_length);
+
+	for (i=0; i < password_history_length; i++) {
+
+		torture_assert(tctx, test_SetUserPass(p, tctx, user_handle, password),
+			"failed to set password");
+		passwords[i] = talloc_strdup(tctx, *password);
+
+		if (!test_SamLogon_with_creds(tctx, np, machine_credentials,
+					      acct_name, passwords[i],
+					      expected_success_status, interactive)) {
+			torture_fail(tctx, "failed to auth with latest password");
+		}
+
+		torture_assert(tctx,
+			test_QueryUserInfo_badpwdcount(b, tctx, user_handle, &badpwdcount), "");
+
+		torture_assert_int_equal(tctx, badpwdcount, 0, "expected badpwdcount to be 0");
+	}
+
+
+	/* test with wrong password */
+
+	if (!test_SamLogon_with_creds(tctx, np, machine_credentials,
+				      acct_name, "random_crap",
+				      NT_STATUS_WRONG_PASSWORD, interactive)) {
+		torture_fail(tctx, "succeeded to authenticate with wrong password");
+	}
+
+	torture_assert(tctx,
+		test_QueryUserInfo_badpwdcount(b, tctx, user_handle, &badpwdcount), "");
+
+	torture_assert_int_equal(tctx, badpwdcount, 1, "expected badpwdcount to be 1");
+
+
+	/* test with latest good password */
+
+	if (!test_SamLogon_with_creds(tctx, np, machine_credentials, acct_name,
+				      passwords[password_history_length-1],
+				      expected_success_status, interactive)) {
+		torture_fail(tctx, "succeeded to authenticate with wrong password");
+	}
+
+	torture_assert(tctx,
+		test_QueryUserInfo_badpwdcount(b, tctx, user_handle, &badpwdcount), "");
+
+	if (disable) {
+		torture_assert_int_equal(tctx, badpwdcount, 1, "expected badpwdcount to be 1");
+	} else {
+		/* only enabled accounts get the bad pwd count reset upon
+		 * successful logon */
+		torture_assert_int_equal(tctx, badpwdcount, 0, "expected badpwdcount to be 0");
+	}
+
+	tmp = badpwdcount;
+
+
+	/* test password history */
+
+	for (i=0; i < password_history_length; i++) {
+
+		torture_comment(tctx, "Testing bad password count behavior with "
+				      "password #%d of #%d\n", i, password_history_length);
+
+		/* - network samlogon will succeed auth and not
+		 *   increase badpwdcount for 2 last entries
+		 * - interactive samlogon only for the last one */
+
+		if (i == password_history_length - 1 ||
+		    (i == password_history_length - 2 && !interactive)) {
+
+			if (!test_SamLogon_with_creds(tctx, np, machine_credentials,
+						      acct_name, passwords[i],
+						      expected_success_status, interactive)) {
+				torture_fail(tctx, talloc_asprintf(tctx, "did not successfully to obtain %s for %s login with old password (#%d of #%d in history)",
+								   nt_errstr(expected_success_status),
+								   interactive ? "interactive" : "network", i, password_history_length));
+			}
+
+			torture_assert(tctx,
+				test_QueryUserInfo_badpwdcount(b, tctx, user_handle, &badpwdcount), "");
+
+			if (disable) {
+				/* torture_comment(tctx, "expecting bad pwd count to *NOT INCREASE* for pwd history entry %d\n", i); */
+				torture_assert_int_equal(tctx, badpwdcount, tmp, "unexpected badpwdcount");
+			} else {
+				/* torture_comment(tctx, "expecting bad pwd count to be 0 for pwd history entry %d\n", i); */
+				torture_assert_int_equal(tctx, badpwdcount, 0, "expected badpwdcount to be 0");
+			}
+
+			tmp = badpwdcount;
+
+			continue;
+		}
+
+		if (!test_SamLogon_with_creds(tctx, np, machine_credentials,
+					      acct_name, passwords[i],
+					      NT_STATUS_WRONG_PASSWORD, interactive)) {
+			torture_fail(tctx, talloc_asprintf(tctx, "succeeded to authenticate with old password (#%d of #%d in history)", i, password_history_length));
+		}
+
+		torture_assert(tctx,
+			test_QueryUserInfo_badpwdcount(b, tctx, user_handle, &badpwdcount), "");
+
+		/* - network samlogon will fail auth but not increase
+		 *   badpwdcount for 3rd last entry
+		 * - interactive samlogon for 3rd and 2nd last entry */
+
+		if (i == password_history_length - 3 ||
+		    (i == password_history_length - 2 && interactive)) {
+			/* torture_comment(tctx, "expecting bad pwd count to *NOT INCREASE * by one for pwd history entry %d\n", i); */
+			torture_assert_int_equal(tctx, badpwdcount, tmp, "unexpected badpwdcount");
+		} else {
+			/* torture_comment(tctx, "expecting bad pwd count to increase by one for pwd history entry %d\n", i); */
+			torture_assert_int_equal(tctx, badpwdcount, tmp + 1, "unexpected badpwdcount");
+		}
+
+		tmp = badpwdcount;
+	}
+
+	return true;
+}
+
+static bool test_Password_badpwdcount_wrap(struct dcerpc_pipe *p,
+					   struct torture_context *tctx,
+					   uint32_t acct_flags,
+					   const char *acct_name,
+					   struct policy_handle *domain_handle,
+					   struct policy_handle *user_handle,
+					   char **password,
+					   struct cli_credentials *machine_credentials)
+{
+	union samr_DomainInfo *q_info, s_info;
+	struct samr_DomInfo1 info1, _info1;
+	struct samr_DomInfo12 info12, _info12;
+	bool ret = true;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct dcerpc_pipe *np;
+	int i;
+
+	struct {
+		const char *comment;
+		bool disabled;
+		bool interactive;
+		NTSTATUS expected_success_status;
+	} creds[] = {
+		{
+			.comment		= "network logon (disabled account)",
+			.disabled		= true,
+			.interactive		= false,
+			.expected_success_status= NT_STATUS_ACCOUNT_DISABLED
+		},
+		{
+			.comment		= "network logon (enabled account)",
+			.disabled		= false,
+			.interactive		= false,
+			.expected_success_status= NT_STATUS_OK
+		},
+		{
+			.comment		= "interactive logon (disabled account)",
+			.disabled		= true,
+			.interactive		= true,
+			.expected_success_status= NT_STATUS_ACCOUNT_DISABLED
+		},
+		{
+			.comment		= "interactive logon (enabled account)",
+			.disabled		= false,
+			.interactive		= true,
+			.expected_success_status= NT_STATUS_OK
+		},
+	};
+
+	torture_assert(tctx, setup_schannel_netlogon_pipe(tctx, machine_credentials, &np), "");
+
+	/* backup old policies */
+
+	torture_assert(tctx,
+		test_QueryDomainInfo2_level(b, tctx, domain_handle,
+					    DomainPasswordInformation, &q_info),
+		"failed to query domain info level 1");
+
+	info1 = q_info->info1;
+	_info1 = info1;
+
+	torture_assert(tctx,
+		test_QueryDomainInfo2_level(b, tctx, domain_handle,
+					    DomainLockoutInformation, &q_info),
+		"failed to query domain info level 12");
+
+	info12 = q_info->info12;
+	_info12 = info12;
+
+	/* run tests */
+
+	for (i=0; i < ARRAY_SIZE(creds); i++) {
+
+		/* skip trust tests for now */
+		if (acct_flags & ACB_WSTRUST ||
+		    acct_flags & ACB_SVRTRUST ||
+		    acct_flags & ACB_DOMTRUST) {
+			continue;
+		}
+
+		if (!test_Password_badpwdcount(p, np, tctx, acct_flags, acct_name,
+					       domain_handle, user_handle, password,
+					       machine_credentials,
+					       creds[i].comment,
+					       creds[i].disabled,
+					       creds[i].interactive,
+					       creds[i].expected_success_status,
+					       &_info1, &_info12)) {
+			torture_result(tctx, TORTURE_FAIL, "TEST #%d (%s) failed\n", i, creds[i].comment);
+			ret = false;
+		} else {
+			torture_comment(tctx, "TEST #%d (%s) succeeded\n", i, creds[i].comment);
+		}
+	}
+
+	/* restore policies */
+
+	s_info.info1 = info1;
+
+	torture_assert(tctx,
+		       test_SetDomainInfo(b, tctx, domain_handle,
+					  DomainPasswordInformation, &s_info),
+		       "failed to set password information");
+
+	s_info.info12 = info12;
+
+	torture_assert(tctx,
+		       test_SetDomainInfo(b, tctx, domain_handle,
+					  DomainLockoutInformation, &s_info),
+		       "failed to set lockout information");
+
+	return ret;
+}
+
+static bool test_QueryUserInfo_lockout(struct dcerpc_binding_handle *b,
+				       struct torture_context *tctx,
+				       struct policy_handle *domain_handle,
+				       const char *acct_name,
+				       uint16_t raw_bad_password_count,
+				       uint16_t effective_bad_password_count,
+				       uint32_t effective_acb_lockout)
+{
+	struct policy_handle user_handle;
+	union samr_UserInfo *i;
+	struct samr_QueryUserInfo r;
+
+	NTSTATUS status = test_OpenUser_byname(b, tctx, domain_handle, acct_name, &user_handle);
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+
+	r.in.user_handle = &user_handle;
+	r.in.level = 3;
+	r.out.info = &i;
+	torture_comment(tctx, "Testing QueryUserInfo level %d", r.in.level);
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryUserInfo_r(b, tctx, &r),
+		"failed to query userinfo");
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+		"failed to query userinfo");
+	torture_comment(tctx, "  (acct_flags: 0x%08x) (raw_bad_pwd_count: %u)\n",
+			i->info3.acct_flags, i->info3.bad_password_count);
+	torture_assert_int_equal(tctx, i->info3.bad_password_count,
+				 raw_bad_password_count,
+				 "raw badpwdcount");
+	torture_assert_int_equal(tctx, i->info3.acct_flags & ACB_AUTOLOCK,
+				 effective_acb_lockout,
+				 "effective acb_lockout");
+	TALLOC_FREE(i);
+
+	r.in.user_handle = &user_handle;
+	r.in.level = 5;
+	r.out.info = &i;
+	torture_comment(tctx, "Testing QueryUserInfo level %d", r.in.level);
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryUserInfo_r(b, tctx, &r),
+		"failed to query userinfo");
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+		"failed to query userinfo");
+	torture_comment(tctx, "  (acct_flags: 0x%08x) (effective_bad_pwd_count: %u)\n",
+			i->info5.acct_flags, i->info5.bad_password_count);
+	torture_assert_int_equal(tctx, i->info5.bad_password_count,
+				 effective_bad_password_count,
+				 "effective badpwdcount");
+	torture_assert_int_equal(tctx, i->info5.acct_flags & ACB_AUTOLOCK,
+				 effective_acb_lockout,
+				 "effective acb_lockout");
+	TALLOC_FREE(i);
+
+	r.in.user_handle = &user_handle;
+	r.in.level = 16;
+	r.out.info = &i;
+	torture_comment(tctx, "Testing QueryUserInfo level %d", r.in.level);
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryUserInfo_r(b, tctx, &r),
+		"failed to query userinfo");
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+		"failed to query userinfo");
+	torture_comment(tctx, "  (acct_flags: 0x%08x)\n",
+			i->info16.acct_flags);
+	torture_assert_int_equal(tctx, i->info16.acct_flags & ACB_AUTOLOCK,
+				 effective_acb_lockout,
+				 "effective acb_lockout");
+	TALLOC_FREE(i);
+
+	r.in.user_handle = &user_handle;
+	r.in.level = 21;
+	r.out.info = &i;
+	torture_comment(tctx, "Testing QueryUserInfo level %d", r.in.level);
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryUserInfo_r(b, tctx, &r),
+		"failed to query userinfo");
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+		"failed to query userinfo");
+	torture_comment(tctx, "  (acct_flags: 0x%08x) (effective_bad_pwd_count: %u)\n",
+			i->info21.acct_flags, i->info21.bad_password_count);
+	torture_assert_int_equal(tctx, i->info21.bad_password_count,
+				 effective_bad_password_count,
+				 "effective badpwdcount");
+	torture_assert_int_equal(tctx, i->info21.acct_flags & ACB_AUTOLOCK,
+				 effective_acb_lockout,
+				 "effective acb_lockout");
+	TALLOC_FREE(i);
+
+	if (!test_samr_handle_Close(b, tctx, &user_handle)) {
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_Password_lockout(struct dcerpc_pipe *p,
+				  struct dcerpc_pipe *np,
+				  struct torture_context *tctx,
+				  uint32_t acct_flags,
+				  const char *acct_name,
+				  struct policy_handle *domain_handle,
+				  struct policy_handle *user_handle,
+				  char **password,
+				  struct cli_credentials *machine_credentials,
+				  const char *comment,
+				  bool disable,
+				  bool interactive,
+				  uint32_t password_history_length,
+				  NTSTATUS expected_success_status,
+				  struct samr_DomInfo1 *info1,
+				  struct samr_DomInfo12 *info12)
+{
+	union samr_DomainInfo info;
+	uint64_t lockout_threshold = 1;
+	uint32_t lockout_seconds = 5;
+	uint64_t delta_time_factor = 10 * 1000 * 1000;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (torture_setting_bool(tctx, "samba3", false)) {
+		lockout_seconds = 60;
+	}
+
+	torture_comment(tctx, "\nTesting account lockout: %s\n", comment);
+
+	/* set policies */
+
+	info.info1 = *info1;
+
+	torture_comment(tctx, "setting password history length to %d.\n", password_history_length);
+	info.info1.password_history_length = password_history_length;
+
+	torture_comment(tctx, "setting min password again.\n");
+	info.info1.min_password_age = 0;
+
+	torture_assert(tctx,
+		       test_SetDomainInfo(b, tctx, domain_handle,
+					  DomainPasswordInformation, &info),
+		       "failed to set password history length");
+
+	info.info12 = *info12;
+	info.info12.lockout_threshold = lockout_threshold;
+
+	/* set lockout duration < lockout window: should fail */
+	info.info12.lockout_duration = ~(lockout_seconds * delta_time_factor);
+	info.info12.lockout_window = ~((lockout_seconds + 1) * delta_time_factor);
+
+	torture_assert(tctx,
+		test_SetDomainInfo_ntstatus(b, tctx, domain_handle,
+					    DomainLockoutInformation, &info,
+					    NT_STATUS_INVALID_PARAMETER),
+		"setting lockout duration < lockout window gave unexpected result");
+
+	info.info12.lockout_duration = 0;
+	info.info12.lockout_window = 0;
+
+	torture_assert(tctx,
+		       test_SetDomainInfo(b, tctx, domain_handle,
+					  DomainLockoutInformation, &info),
+		       "failed to set lockout window and duration to 0");
+
+
+	/* set lockout duration of 5 seconds */
+	info.info12.lockout_duration = ~(lockout_seconds * delta_time_factor);
+	info.info12.lockout_window = ~(lockout_seconds * delta_time_factor);
+
+	torture_assert(tctx,
+		       test_SetDomainInfo(b, tctx, domain_handle,
+					  DomainLockoutInformation, &info),
+		       "failed to set lockout window and duration to 5 seconds");
+
+	/* reset bad pwd count */
+
+	torture_assert(tctx,
+		test_reset_badpwdcount(p, tctx, user_handle, acct_flags, password), "");
+
+
+	/* enable or disable account */
+
+	if (disable) {
+		torture_assert(tctx,
+			       test_SetUserInfo_acct_flags(b, tctx, user_handle,
+						acct_flags | ACB_DISABLED),
+			       "failed to disable user");
+	} else {
+		torture_assert(tctx,
+			       test_SetUserInfo_acct_flags(b, tctx, user_handle,
+						acct_flags & ~ACB_DISABLED),
+			       "failed to enable user");
+	}
+
+
+	/* test logon with right password */
+
+	if (!test_SamLogon_with_creds(tctx, np, machine_credentials,
+				      acct_name, *password,
+				      expected_success_status, interactive)) {
+		torture_fail(tctx, "failed to auth with latest password");
+	}
+
+	torture_assert(tctx,
+		test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+			0, 0, 0),
+		"expected account to not be locked");
+
+	/* test with wrong password ==> lockout */
+
+	if (!test_SamLogon_with_creds(tctx, np, machine_credentials,
+				      acct_name, "random_crap",
+				      NT_STATUS_WRONG_PASSWORD, interactive)) {
+		torture_fail(tctx, "succeeded to authenticate with wrong password");
+	}
+
+	/*
+	 * curiously, windows does _not_ return fresh values of
+	 * effective bad_password_count and ACB_AUTOLOCK.
+	 */
+	torture_assert(tctx,
+		test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+			1, 1, ACB_AUTOLOCK),
+		"expected account to not be locked");
+
+	/* test with good password */
+
+	if (!test_SamLogon_with_creds(tctx, np, machine_credentials, acct_name,
+				     *password,
+				     NT_STATUS_ACCOUNT_LOCKED_OUT, interactive))
+	{
+		torture_fail(tctx, "authenticate did not return NT_STATUS_ACCOUNT_LOCKED_OUT");
+	}
+
+	/* bad pwd count should not get updated */
+	torture_assert(tctx,
+		test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+			1, 1, ACB_AUTOLOCK),
+		"expected account to be locked");
+
+	torture_assert(tctx,
+		       test_ChangePasswordUser2_ntstatus(p, tctx, acct_name, *password,
+							 NT_STATUS_ACCOUNT_LOCKED_OUT),
+		       "got wrong status from ChangePasswordUser2");
+
+	/* bad pwd count should not get updated */
+	torture_assert(tctx,
+		test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+			1, 1, ACB_AUTOLOCK),
+		"expected account to be locked");
+
+	torture_assert(tctx,
+		       test_ChangePasswordUser2_ntstatus(p, tctx, acct_name, "random_crap", NT_STATUS_ACCOUNT_LOCKED_OUT),
+		       "got wrong status from ChangePasswordUser2");
+
+	/* bad pwd count should not get updated */
+	torture_assert(tctx,
+		test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+			1, 1, ACB_AUTOLOCK),
+		"expected account to be locked");
+
+	/* with bad password */
+
+	if (!test_SamLogon_with_creds(tctx, np, machine_credentials,
+				      acct_name, "random_crap2",
+				      NT_STATUS_ACCOUNT_LOCKED_OUT, interactive))
+	{
+		torture_fail(tctx, "authenticate did not return NT_STATUS_ACCOUNT_LOCKED_OUT");
+	}
+
+	/* bad pwd count should not get updated */
+	torture_assert(tctx,
+		test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+			1, 1, ACB_AUTOLOCK),
+		"expected account to be locked");
+
+	/* let lockout duration expire ==> unlock */
+
+	torture_comment(tctx, "let lockout duration expire...\n");
+	sleep(lockout_seconds + 1);
+
+	torture_assert(tctx,
+		test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+			1, 0, 0),
+		"expected account to not be locked");
+
+	if (!test_SamLogon_with_creds(tctx, np, machine_credentials, acct_name,
+				     *password,
+				     expected_success_status, interactive))
+	{
+		torture_fail(tctx, "failed to authenticate after lockout expired");
+	}
+
+	if (NT_STATUS_IS_OK(expected_success_status)) {
+		torture_assert(tctx,
+			test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+				0, 0, 0),
+			"expected account to not be locked");
+	} else {
+		torture_assert(tctx,
+			test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+				1, 0, 0),
+			"expected account to not be locked");
+	}
+
+	torture_assert(tctx,
+		       test_ChangePasswordUser2_ntstatus(p, tctx, acct_name, "random_crap", NT_STATUS_WRONG_PASSWORD),
+		       "got wrong status from ChangePasswordUser2");
+
+	torture_assert(tctx,
+		test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+			1, 1, ACB_AUTOLOCK),
+		"expected account to be locked");
+
+	torture_assert(tctx,
+		       test_ChangePasswordUser2_ntstatus(p, tctx, acct_name, *password, NT_STATUS_ACCOUNT_LOCKED_OUT),
+		       "got wrong status from ChangePasswordUser2");
+
+	torture_assert(tctx,
+		test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+			1, 1, ACB_AUTOLOCK),
+		"expected account to be locked");
+
+	torture_assert(tctx,
+		       test_ChangePasswordUser2_ntstatus(p, tctx, acct_name, "random_crap", NT_STATUS_ACCOUNT_LOCKED_OUT),
+		       "got wrong status from ChangePasswordUser2");
+
+	torture_assert(tctx,
+		test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+			1, 1, ACB_AUTOLOCK),
+		"expected account to be locked");
+
+	/* let lockout duration expire ==> unlock */
+
+	torture_comment(tctx, "let lockout duration expire...\n");
+	sleep(lockout_seconds + 1);
+
+	torture_assert(tctx,
+		test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+			1, 0, 0),
+		"expected account to not be locked");
+
+	if (!test_SamLogon_with_creds(tctx, np, machine_credentials, acct_name,
+				     *password,
+				     expected_success_status, interactive))
+	{
+		torture_fail(tctx, "failed to authenticate after lockout expired");
+	}
+
+	if (NT_STATUS_IS_OK(expected_success_status)) {
+		torture_assert(tctx,
+			test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+				0, 0, 0),
+			"expected account to not be locked");
+	} else {
+		torture_assert(tctx,
+			test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+				1, 0, 0),
+			"expected account to not be locked");
+	}
+
+	/* Testing ChangePasswordUser behaviour with 3 attempts */
+	info.info12.lockout_threshold = 3;
+
+	torture_assert(tctx,
+		       test_SetDomainInfo(b, tctx, domain_handle,
+					  DomainLockoutInformation, &info),
+		       "failed to set lockout threshold to 3");
+
+	if (NT_STATUS_IS_OK(expected_success_status)) {
+		torture_assert(tctx,
+			test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+				0, 0, 0),
+			"expected account to not be locked");
+	} else {
+		torture_assert(tctx,
+			test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+				1, 0, 0),
+			"expected account to not be locked");
+	}
+
+	torture_assert(tctx,
+		       test_ChangePasswordUser2_ntstatus(p, tctx, acct_name, "random_crap", NT_STATUS_WRONG_PASSWORD),
+		       "got wrong status from ChangePasswordUser2");
+
+	/* bad pwd count will get updated */
+	torture_assert(tctx,
+		test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+			1, 1, 0),
+		"expected account to not be locked");
+
+	torture_assert(tctx,
+		       test_ChangePasswordUser2_ntstatus(p, tctx, acct_name, "random_crap", NT_STATUS_WRONG_PASSWORD),
+		       "got wrong status from ChangePasswordUser2");
+
+	/* bad pwd count will get updated */
+	torture_assert(tctx,
+		test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+			2, 2, 0),
+		"expected account to not be locked");
+
+	torture_assert(tctx,
+		       test_ChangePasswordUser2_ntstatus(p, tctx, acct_name, "random_crap", NT_STATUS_WRONG_PASSWORD),
+		       "got wrong status from ChangePasswordUser2");
+
+	/* bad pwd count should get updated */
+	torture_assert(tctx,
+		test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+			3, 3, ACB_AUTOLOCK),
+		"expected account to be locked");
+
+	torture_assert(tctx,
+		       test_ChangePasswordUser2_ntstatus(p, tctx, acct_name, *password, NT_STATUS_ACCOUNT_LOCKED_OUT),
+		       "got wrong status from ChangePasswordUser2");
+
+	/* bad pwd count should not get updated */
+	torture_assert(tctx,
+		test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+			3, 3, ACB_AUTOLOCK),
+		"expected account to be locked");
+
+	/* let lockout duration expire ==> unlock */
+
+	torture_comment(tctx, "let lockout duration expire...\n");
+	sleep(lockout_seconds + 1);
+
+	torture_assert(tctx,
+		test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+			3, 0, 0),
+		"expected account to not be locked");
+
+	torture_assert(tctx,
+		       test_ChangePasswordUser2(p, tctx, acct_name, password, NULL, false),
+		       "got wrong status from ChangePasswordUser2");
+
+	torture_assert(tctx,
+		test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+			3, 0, 0),
+		"expected account to not be locked");
+
+	/* Used to reset the badPwdCount for the other tests */
+	if (!test_SamLogon_with_creds(tctx, np, machine_credentials, acct_name,
+				      *password,
+				      expected_success_status, interactive))
+	{
+		torture_fail(tctx, "failed to authenticate after lockout expired");
+	}
+
+	if (NT_STATUS_IS_OK(expected_success_status)) {
+		torture_assert(tctx,
+			test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+				0, 0, 0),
+			"expected account to not be locked");
+	} else {
+		torture_assert(tctx,
+			test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+				3, 0, 0),
+			"expected account to not be locked");
+	}
+
+	return true;
+}
+
+static bool test_Password_lockout_wrap(struct dcerpc_pipe *p,
+				       struct torture_context *tctx,
+				       uint32_t acct_flags,
+				       const char *acct_name,
+				       struct policy_handle *domain_handle,
+				       struct policy_handle *user_handle,
+				       char **password,
+				       struct cli_credentials *machine_credentials)
+{
+	union samr_DomainInfo *q_info, s_info;
+	struct samr_DomInfo1 info1, _info1;
+	struct samr_DomInfo12 info12, _info12;
+	bool ret = true;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct dcerpc_pipe *np;
+	int i;
+
+	struct {
+		const char *comment;
+		bool disabled;
+		bool interactive;
+		uint32_t password_history_length;
+		NTSTATUS expected_success_status;
+	} creds[] = {
+		{
+			.comment		= "network logon (disabled account)",
+			.disabled		= true,
+			.interactive		= false,
+			.expected_success_status= NT_STATUS_ACCOUNT_DISABLED
+		},
+		{
+			.comment		= "network logon (enabled account)",
+			.disabled		= false,
+			.interactive		= false,
+			.expected_success_status= NT_STATUS_OK
+		},
+		{
+			.comment		= "network logon (enabled account, history len = 1)",
+			.disabled		= false,
+			.interactive		= false,
+			.expected_success_status= NT_STATUS_OK,
+			.password_history_length = 1
+		},
+		{
+			.comment		= "interactive logon (disabled account)",
+			.disabled		= true,
+			.interactive		= true,
+			.expected_success_status= NT_STATUS_ACCOUNT_DISABLED
+		},
+		{
+			.comment		= "interactive logon (enabled account)",
+			.disabled		= false,
+			.interactive		= true,
+			.expected_success_status= NT_STATUS_OK
+		},
+		{
+			.comment		= "interactive logon (enabled account, history len = 1)",
+			.disabled		= false,
+			.interactive		= true,
+			.expected_success_status= NT_STATUS_OK,
+			.password_history_length = 1
+		},
+	};
+
+	torture_assert(tctx, setup_schannel_netlogon_pipe(tctx, machine_credentials, &np), "");
+
+	/* backup old policies */
+
+	torture_assert(tctx,
+		test_QueryDomainInfo2_level(b, tctx, domain_handle,
+					    DomainPasswordInformation, &q_info),
+		"failed to query domain info level 1");
+
+	info1 = q_info->info1;
+	_info1 = info1;
+
+	torture_assert(tctx,
+		test_QueryDomainInfo2_level(b, tctx, domain_handle,
+					    DomainLockoutInformation, &q_info),
+		"failed to query domain info level 12");
+
+	info12 = q_info->info12;
+	_info12 = info12;
+
+	/* run tests */
+
+	for (i=0; i < ARRAY_SIZE(creds); i++) {
+		bool test_passed;
+		/* skip trust tests for now */
+		if (acct_flags & ACB_WSTRUST ||
+		    acct_flags & ACB_SVRTRUST ||
+		    acct_flags & ACB_DOMTRUST) {
+			continue;
+		}
+
+		test_passed = test_Password_lockout(p, np, tctx, acct_flags, acct_name,
+					     domain_handle, user_handle, password,
+					     machine_credentials,
+					     creds[i].comment,
+					     creds[i].disabled,
+					     creds[i].interactive,
+					     creds[i].password_history_length,
+					     creds[i].expected_success_status,
+					     &_info1, &_info12);
+		ret &= test_passed;
+		if (!test_passed) {
+			torture_result(tctx, TORTURE_FAIL, "TEST #%d (%s) failed\n", i, creds[i].comment);
+			break;
+		} else {
+			torture_comment(tctx, "TEST #%d (%s) succeeded\n", i, creds[i].comment);
+		}
+	}
+
+	/* restore policies */
+
+	s_info.info1 = info1;
+
+	torture_assert(tctx,
+		       test_SetDomainInfo(b, tctx, domain_handle,
+					  DomainPasswordInformation, &s_info),
+		       "failed to set password information");
+
+	s_info.info12 = info12;
+
+	torture_assert(tctx,
+		       test_SetDomainInfo(b, tctx, domain_handle,
+					  DomainLockoutInformation, &s_info),
+		       "failed to set lockout information");
+
+	return ret;
+}
+
+static bool test_DeleteUser_with_privs(struct dcerpc_pipe *p,
+				       struct dcerpc_pipe *lp,
+				       struct torture_context *tctx,
+				       struct policy_handle *domain_handle,
+				       struct policy_handle *lsa_handle,
+				       struct policy_handle *user_handle,
+				       const struct dom_sid *domain_sid,
+				       uint32_t rid,
+				       struct cli_credentials *machine_credentials)
+{
+	bool ret = true;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct dcerpc_binding_handle *lb = lp->binding_handle;
+
+	struct policy_handle lsa_acct_handle;
+	struct dom_sid *user_sid;
+
+	user_sid = dom_sid_add_rid(tctx, domain_sid, rid);
+
+	{
+		struct lsa_EnumAccountRights r;
+		struct lsa_RightSet rights;
+
+		torture_comment(tctx, "Testing LSA EnumAccountRights\n");
+
+		r.in.handle = lsa_handle;
+		r.in.sid = user_sid;
+		r.out.rights = &rights;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_EnumAccountRights_r(lb, tctx, &r),
+			"lsa_EnumAccountRights failed");
+		torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+			"Expected enum rights for account to fail");
+	}
+
+	{
+		struct lsa_RightSet rights;
+		struct lsa_StringLarge names[2];
+		struct lsa_AddAccountRights r;
+
+		torture_comment(tctx, "Testing LSA AddAccountRights\n");
+
+		init_lsa_StringLarge(&names[0], "SeMachineAccountPrivilege");
+		init_lsa_StringLarge(&names[1], NULL);
+
+		rights.count = 1;
+		rights.names = names;
+
+		r.in.handle = lsa_handle;
+		r.in.sid = user_sid;
+		r.in.rights = &rights;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_AddAccountRights_r(lb, tctx, &r),
+			"lsa_AddAccountRights failed");
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"Failed to add privileges");
+	}
+
+	{
+		struct lsa_RightSet rights;
+		struct lsa_StringLarge names[2];
+		struct lsa_AddAccountRights r;
+
+		torture_comment(tctx, "Testing LSA AddAccountRights 1\n");
+
+		init_lsa_StringLarge(&names[0], "SeInteractiveLogonRight");
+		init_lsa_StringLarge(&names[1], NULL);
+
+		rights.count = 1;
+		rights.names = names;
+
+		r.in.handle = lsa_handle;
+		r.in.sid = user_sid;
+		r.in.rights = &rights;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_AddAccountRights_r(lb, tctx, &r),
+			"lsa_AddAccountRights 1 failed");
+
+		if (torture_setting_bool(tctx, "nt4_dc", false)) {
+			/*
+			 * The NT4 DC doesn't implement Rights.
+			 */
+			torture_assert_ntstatus_equal(tctx, r.out.result,
+				NT_STATUS_NO_SUCH_PRIVILEGE,
+				"Add rights failed with incorrect error");
+		} else {
+			torture_assert_ntstatus_ok(tctx, r.out.result,
+				"Failed to add rights");
+
+		}
+	}
+
+
+	{
+		struct lsa_EnumAccounts r;
+		uint32_t resume_handle = 0;
+		struct lsa_SidArray lsa_sid_array;
+		int i;
+		bool found_sid = false;
+
+		torture_comment(tctx, "Testing LSA EnumAccounts\n");
+
+		r.in.handle = lsa_handle;
+		r.in.num_entries = 0x1000;
+		r.in.resume_handle = &resume_handle;
+		r.out.sids = &lsa_sid_array;
+		r.out.resume_handle = &resume_handle;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_EnumAccounts_r(lb, tctx, &r),
+			"lsa_EnumAccounts failed");
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"Failed to enum accounts");
+
+		for (i=0; i < lsa_sid_array.num_sids; i++) {
+			if (dom_sid_equal(user_sid, lsa_sid_array.sids[i].sid)) {
+				found_sid = true;
+			}
+		}
+
+		torture_assert(tctx, found_sid,
+			"failed to list privileged account");
+	}
+
+	{
+		struct lsa_EnumAccountRights r;
+		struct lsa_RightSet user_rights;
+		uint32_t expected_count = 2;
+
+		if (torture_setting_bool(tctx, "nt4_dc", false)) {
+			/*
+			 * NT4 DC doesn't store rights.
+			 */
+			expected_count = 1;
+		}
+
+		torture_comment(tctx, "Testing LSA EnumAccountRights\n");
+
+		r.in.handle = lsa_handle;
+		r.in.sid = user_sid;
+		r.out.rights = &user_rights;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_EnumAccountRights_r(lb, tctx, &r),
+			"lsa_EnumAccountRights failed");
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"Failed to enum rights for account");
+
+		if (user_rights.count < expected_count) {
+			torture_result(tctx, TORTURE_FAIL, "failed to find newly added rights");
+			return false;
+		}
+	}
+
+	{
+		struct lsa_OpenAccount r;
+
+		torture_comment(tctx, "Testing LSA OpenAccount\n");
+
+		r.in.handle = lsa_handle;
+		r.in.sid = user_sid;
+		r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+		r.out.acct_handle = &lsa_acct_handle;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_OpenAccount_r(lb, tctx, &r),
+			"lsa_OpenAccount failed");
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"Failed to open lsa account");
+	}
+
+	{
+		struct lsa_GetSystemAccessAccount r;
+		uint32_t access_mask;
+
+		torture_comment(tctx, "Testing LSA GetSystemAccessAccount\n");
+
+		r.in.handle = &lsa_acct_handle;
+		r.out.access_mask = &access_mask;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_GetSystemAccessAccount_r(lb, tctx, &r),
+			"lsa_GetSystemAccessAccount failed");
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"Failed to get lsa system access account");
+	}
+
+	{
+		struct lsa_Close r;
+
+		torture_comment(tctx, "Testing LSA Close\n");
+
+		r.in.handle = &lsa_acct_handle;
+		r.out.handle = &lsa_acct_handle;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_Close_r(lb, tctx, &r),
+			"lsa_Close failed");
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"Failed to close lsa");
+	}
+
+	{
+		struct samr_DeleteUser r;
+
+		torture_comment(tctx, "Testing SAMR DeleteUser\n");
+
+		r.in.user_handle = user_handle;
+		r.out.user_handle = user_handle;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_DeleteUser_r(b, tctx, &r),
+			"DeleteUser failed");
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"DeleteUser failed");
+	}
+
+	{
+		struct lsa_EnumAccounts r;
+		uint32_t resume_handle = 0;
+		struct lsa_SidArray lsa_sid_array;
+		int i;
+		bool found_sid = false;
+
+		torture_comment(tctx, "Testing LSA EnumAccounts\n");
+
+		r.in.handle = lsa_handle;
+		r.in.num_entries = 0x1000;
+		r.in.resume_handle = &resume_handle;
+		r.out.sids = &lsa_sid_array;
+		r.out.resume_handle = &resume_handle;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_EnumAccounts_r(lb, tctx, &r),
+			"lsa_EnumAccounts failed");
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"Failed to enum accounts");
+
+		for (i=0; i < lsa_sid_array.num_sids; i++) {
+			if (dom_sid_equal(user_sid, lsa_sid_array.sids[i].sid)) {
+				found_sid = true;
+			}
+		}
+
+		torture_assert(tctx, found_sid,
+			"failed to list privileged account");
+	}
+
+	{
+		struct lsa_EnumAccountRights r;
+		struct lsa_RightSet user_rights;
+
+		torture_comment(tctx, "Testing LSA EnumAccountRights\n");
+
+		r.in.handle = lsa_handle;
+		r.in.sid = user_sid;
+		r.out.rights = &user_rights;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_EnumAccountRights_r(lb, tctx, &r),
+			"lsa_EnumAccountRights failed");
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"Failed to enum rights for account");
+
+		if (user_rights.count < 1) {
+			torture_result(tctx, TORTURE_FAIL, "failed to find newly added rights");
+			return false;
+		}
+	}
+
+	{
+		struct lsa_OpenAccount r;
+
+		torture_comment(tctx, "Testing LSA OpenAccount\n");
+
+		r.in.handle = lsa_handle;
+		r.in.sid = user_sid;
+		r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+		r.out.acct_handle = &lsa_acct_handle;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_OpenAccount_r(lb, tctx, &r),
+			"lsa_OpenAccount failed");
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"Failed to open lsa account");
+	}
+
+	{
+		struct lsa_GetSystemAccessAccount r;
+		uint32_t access_mask;
+
+		torture_comment(tctx, "Testing LSA GetSystemAccessAccount\n");
+
+		r.in.handle = &lsa_acct_handle;
+		r.out.access_mask = &access_mask;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_GetSystemAccessAccount_r(lb, tctx, &r),
+			"lsa_GetSystemAccessAccount failed");
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"Failed to get lsa system access account");
+	}
+
+	{
+		struct lsa_DeleteObject r;
+
+		torture_comment(tctx, "Testing LSA DeleteObject\n");
+
+		r.in.handle = &lsa_acct_handle;
+		r.out.handle = &lsa_acct_handle;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_DeleteObject_r(lb, tctx, &r),
+			"lsa_DeleteObject failed");
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"Failed to delete object");
+	}
+
+	{
+		struct lsa_EnumAccounts r;
+		uint32_t resume_handle = 0;
+		struct lsa_SidArray lsa_sid_array;
+		int i;
+		bool found_sid = false;
+
+		torture_comment(tctx, "Testing LSA EnumAccounts\n");
+
+		r.in.handle = lsa_handle;
+		r.in.num_entries = 0x1000;
+		r.in.resume_handle = &resume_handle;
+		r.out.sids = &lsa_sid_array;
+		r.out.resume_handle = &resume_handle;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_EnumAccounts_r(lb, tctx, &r),
+			"lsa_EnumAccounts failed");
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"Failed to enum accounts");
+
+		for (i=0; i < lsa_sid_array.num_sids; i++) {
+			if (dom_sid_equal(user_sid, lsa_sid_array.sids[i].sid)) {
+				found_sid = true;
+			}
+		}
+
+		torture_assert(tctx, !found_sid,
+			"should not have listed privileged account");
+	}
+
+	{
+		struct lsa_EnumAccountRights r;
+		struct lsa_RightSet user_rights;
+
+		torture_comment(tctx, "Testing LSA EnumAccountRights\n");
+
+		r.in.handle = lsa_handle;
+		r.in.sid = user_sid;
+		r.out.rights = &user_rights;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_EnumAccountRights_r(lb, tctx, &r),
+			"lsa_EnumAccountRights failed");
+		torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+			"Failed to enum rights for account");
+	}
+
+	return ret;
+}
+
+static bool test_user_ops(struct dcerpc_pipe *p,
+			  struct torture_context *tctx,
+			  struct policy_handle *user_handle,
+			  struct policy_handle *domain_handle,
+			  const struct dom_sid *domain_sid,
+			  uint32_t base_acct_flags,
+			  const char *base_acct_name, enum torture_samr_choice which_ops,
+			  struct cli_credentials *machine_credentials)
+{
+	char *password = NULL;
+	struct samr_QueryUserInfo q;
+	union samr_UserInfo *info;
+	NTSTATUS status;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	bool ret = true;
+	int i;
+	uint32_t rid;
+	const uint32_t password_fields[] = {
+		SAMR_FIELD_NT_PASSWORD_PRESENT,
+		SAMR_FIELD_LM_PASSWORD_PRESENT,
+		SAMR_FIELD_NT_PASSWORD_PRESENT | SAMR_FIELD_LM_PASSWORD_PRESENT,
+		0
+	};
+
+	status = test_LookupName(b, tctx, domain_handle, base_acct_name, &rid);
+	if (!NT_STATUS_IS_OK(status)) {
+		ret = false;
+	}
+
+	switch (which_ops) {
+	case TORTURE_SAMR_USER_ATTRIBUTES:
+		if (!test_QuerySecurity(b, tctx, user_handle)) {
+			ret = false;
+		}
+
+		if (!test_QueryUserInfo(b, tctx, user_handle)) {
+			ret = false;
+		}
+
+		if (!test_QueryUserInfo2(b, tctx, user_handle)) {
+			ret = false;
+		}
+
+		if (!test_SetUserInfo(b, tctx, user_handle, base_acct_flags,
+				      base_acct_name)) {
+			ret = false;
+		}
+
+		if (!test_GetUserPwInfo(b, tctx, user_handle)) {
+			ret = false;
+		}
+
+		if (!test_TestPrivateFunctionsUser(b, tctx, user_handle)) {
+			ret = false;
+		}
+
+		if (!test_SetUserPass(p, tctx, user_handle, &password)) {
+			ret = false;
+		}
+		break;
+	case TORTURE_SAMR_PASSWORDS:
+		if (base_acct_flags & (ACB_WSTRUST|ACB_DOMTRUST|ACB_SVRTRUST)) {
+			char simple_pass[9];
+			char *v = generate_random_str(tctx, 1);
+
+			ZERO_STRUCT(simple_pass);
+			memset(simple_pass, *v, sizeof(simple_pass) - 1);
+
+			torture_comment(tctx, "Testing machine account password policy rules\n");
+
+			/* Workstation trust accounts don't seem to need to honour password quality policy */
+			if (!test_SetUserPassEx(p, tctx, user_handle, true, &password)) {
+				ret = false;
+			}
+
+			if (!test_ChangePasswordUser2(p, tctx, base_acct_name, &password, simple_pass, false)) {
+				ret = false;
+			}
+
+			/* reset again, to allow another 'user' password change */
+			if (!test_SetUserPassEx(p, tctx, user_handle, true, &password)) {
+				ret = false;
+			}
+
+			/* Try a 'short' password */
+			if (!test_ChangePasswordUser2(p, tctx, base_acct_name, &password, samr_rand_pass(tctx, 4), false)) {
+				ret = false;
+			}
+
+			/* Try a completely random password */
+			if (!test_ChangePasswordRandomBytes(p, tctx, base_acct_name, user_handle, &password)) {
+				ret = false;
+			}
+		}
+
+		for (i = 0; password_fields[i]; i++) {
+			if (!test_SetUserPass_23(p, tctx, user_handle, password_fields[i], &password)) {
+				ret = false;
+			}
+
+			/* check it was set right */
+			if (!test_ChangePasswordUser3(p, tctx, base_acct_name, 0, &password, NULL, 0, false)) {
+				ret = false;
+			}
+		}
+
+		for (i = 0; password_fields[i]; i++) {
+			if (!test_SetUserPass_25(p, tctx, user_handle, password_fields[i], &password)) {
+				ret = false;
+			}
+
+			/* check it was set right */
+			if (!test_ChangePasswordUser3(p, tctx, base_acct_name, 0, &password, NULL, 0, false)) {
+				ret = false;
+			}
+		}
+
+		if (!test_SetUserPass_31(p, tctx, user_handle, false, &password)) {
+			ret = false;
+		}
+
+		for (i = 0; password_fields[i]; i++) {
+			if (!test_SetUserPass_32(p, tctx, user_handle, password_fields[i], &password)) {
+				ret = false;
+			}
+
+			/* check it was set right */
+			if (!test_ChangePasswordUser3(p, tctx, base_acct_name, 0, &password, NULL, 0, false)) {
+				ret = false;
+			}
+		}
+
+		if (!test_ChangePassword(p, tctx, base_acct_name, domain_handle, &password)) {
+			ret = false;
+		}
+
+		if (!test_SetUserPassEx(p, tctx, user_handle, false, &password)) {
+			ret = false;
+		}
+
+		if (!test_ChangePassword(p, tctx, base_acct_name, domain_handle, &password)) {
+			ret = false;
+		}
+
+		if (!test_SetUserPass_18(p, tctx, user_handle, &password)) {
+			ret = false;
+		}
+
+		if (!test_ChangePasswordUser3(p, tctx, base_acct_name, 0, &password, NULL, 0, false)) {
+			ret = false;
+		}
+
+		for (i = 0; password_fields[i]; i++) {
+
+			if (password_fields[i] == SAMR_FIELD_LM_PASSWORD_PRESENT) {
+				/* we need to skip as that would break
+				 * the ChangePasswordUser3 verify */
+				continue;
+			}
+
+			if (!test_SetUserPass_21(p, tctx, user_handle, password_fields[i], &password)) {
+				ret = false;
+			}
+
+			/* check it was set right */
+			if (!test_ChangePasswordUser3(p, tctx, base_acct_name, 0, &password, NULL, 0, false)) {
+				ret = false;
+			}
+		}
+
+		q.in.user_handle = user_handle;
+		q.in.level = 5;
+		q.out.info = &info;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryUserInfo_r(b, tctx, &q),
+			"QueryUserInfo failed");
+		if (!NT_STATUS_IS_OK(q.out.result)) {
+			torture_result(tctx, TORTURE_FAIL, "QueryUserInfo level %u failed - %s\n",
+			       q.in.level, nt_errstr(q.out.result));
+			ret = false;
+		} else {
+			uint32_t expected_flags = (base_acct_flags | ACB_PWNOTREQ | ACB_DISABLED);
+			if ((info->info5.acct_flags) != expected_flags) {
+				/* FIXME: GD */
+				if (!torture_setting_bool(tctx, "samba3", false)) {
+					torture_result(tctx, TORTURE_FAIL, "QueryUserInfo level 5 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
+						      info->info5.acct_flags,
+						      expected_flags);
+					ret = false;
+				}
+			}
+			if (info->info5.rid != rid) {
+				torture_result(tctx, TORTURE_FAIL, "QueryUserInfo level 5 failed, it returned %u when we expected rid of %u\n",
+				       info->info5.rid, rid);
+
+			}
+		}
+
+		break;
+
+	case TORTURE_SAMR_PASSWORDS_PWDLASTSET:
+
+		/* test last password change timestamp behaviour */
+		torture_assert(tctx, test_SetPassword_pwdlastset(p, tctx, base_acct_flags,
+								 base_acct_name,
+								 user_handle, &password,
+								 machine_credentials),
+			       "pwdLastSet test failed\n");
+		break;
+
+	case TORTURE_SAMR_PASSWORDS_BADPWDCOUNT:
+
+		/* test bad pwd count change behaviour */
+		torture_assert(tctx, test_Password_badpwdcount_wrap(p, tctx, base_acct_flags,
+								    base_acct_name,
+								    domain_handle,
+								    user_handle, &password,
+								    machine_credentials),
+			       "badPwdCount test failed\n");
+		break;
+
+	case TORTURE_SAMR_PASSWORDS_LOCKOUT:
+
+		torture_assert(tctx, test_Password_lockout_wrap(p, tctx, base_acct_flags,
+								base_acct_name,
+								domain_handle,
+								user_handle, &password,
+								machine_credentials),
+			       "Lockout test failed");
+		break;
+
+
+	case TORTURE_SAMR_USER_PRIVILEGES: {
+
+		struct dcerpc_pipe *lp;
+		struct policy_handle *lsa_handle;
+		struct dcerpc_binding_handle *lb;
+
+		status = torture_rpc_connection(tctx, &lp, &ndr_table_lsarpc);
+		torture_assert_ntstatus_ok(tctx, status, "Failed to open LSA pipe");
+		lb = lp->binding_handle;
+
+		if (!test_lsa_OpenPolicy2(lb, tctx, &lsa_handle)) {
+			ret = false;
+		}
+
+		if (!test_DeleteUser_with_privs(p, lp, tctx,
+						domain_handle, lsa_handle, user_handle,
+						domain_sid, rid,
+						machine_credentials)) {
+			ret = false;
+		}
+
+		if (!test_lsa_Close(lb, tctx, lsa_handle)) {
+			ret = false;
+		}
+
+		if (!ret) {
+			torture_result(tctx, TORTURE_FAIL, "privileged user delete test failed\n");
+		}
+
+		break;
+	}
+	case TORTURE_SAMR_OTHER:
+	case TORTURE_SAMR_MANY_ACCOUNTS:
+	case TORTURE_SAMR_MANY_GROUPS:
+	case TORTURE_SAMR_MANY_ALIASES:
+		/* We just need the account to exist */
+		break;
+	}
+	return ret;
+}
+
+static bool test_alias_ops(struct dcerpc_binding_handle *b,
+			   struct torture_context *tctx,
+			   struct policy_handle *alias_handle,
+			   const struct dom_sid *domain_sid)
+{
+	bool ret = true;
+
+	if (!torture_setting_bool(tctx, "samba3", false)) {
+		if (!test_QuerySecurity(b, tctx, alias_handle)) {
+			ret = false;
+		}
+	}
+
+	if (!test_QueryAliasInfo(b, tctx, alias_handle)) {
+		ret = false;
+	}
+
+	if (!test_SetAliasInfo(b, tctx, alias_handle)) {
+		ret = false;
+	}
+
+	if (!test_AddMemberToAlias(b, tctx, alias_handle, domain_sid)) {
+		ret = false;
+	}
+
+	if (torture_setting_bool(tctx, "samba3", false) ||
+	    torture_setting_bool(tctx, "samba4", false)) {
+		torture_comment(tctx, "skipping MultipleMembers Alias tests against Samba\n");
+		return ret;
+	}
+
+	if (!test_AddMultipleMembersToAlias(b, tctx, alias_handle)) {
+		ret = false;
+	}
+
+	return ret;
+}
+
+
+static bool test_DeleteUser(struct dcerpc_binding_handle *b,
+			    struct torture_context *tctx,
+			    struct policy_handle *user_handle)
+{
+    	struct samr_DeleteUser d;
+	torture_comment(tctx, "Testing DeleteUser\n");
+
+	d.in.user_handle = user_handle;
+	d.out.user_handle = user_handle;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_DeleteUser_r(b, tctx, &d),
+		"DeleteUser failed");
+	torture_assert_ntstatus_ok(tctx, d.out.result, "DeleteUser");
+
+	return true;
+}
+
+bool test_DeleteUser_byname(struct dcerpc_binding_handle *b,
+			    struct torture_context *tctx,
+			    struct policy_handle *handle, const char *name)
+{
+	NTSTATUS status;
+	struct samr_DeleteUser d;
+	struct policy_handle user_handle;
+	uint32_t rid;
+
+	status = test_LookupName(b, tctx, handle, name, &rid);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto failed;
+	}
+
+	status = test_OpenUser_byname(b, tctx, handle, name, &user_handle);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto failed;
+	}
+
+	d.in.user_handle = &user_handle;
+	d.out.user_handle = &user_handle;
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_DeleteUser_r(b, tctx, &d),
+		"DeleteUser failed");
+	if (!NT_STATUS_IS_OK(d.out.result)) {
+		status = d.out.result;
+		goto failed;
+	}
+
+	return true;
+
+failed:
+	torture_result(tctx, TORTURE_FAIL, "DeleteUser_byname(%s) failed - %s\n", name, nt_errstr(status));
+	return false;
+}
+
+
+static bool test_DeleteGroup_byname(struct dcerpc_binding_handle *b,
+				    struct torture_context *tctx,
+				    struct policy_handle *handle, const char *name)
+{
+	NTSTATUS status;
+	struct samr_OpenGroup r;
+	struct samr_DeleteDomainGroup d;
+	struct policy_handle group_handle;
+	uint32_t rid;
+
+	status = test_LookupName(b, tctx, handle, name, &rid);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto failed;
+	}
+
+	r.in.domain_handle = handle;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.in.rid = rid;
+	r.out.group_handle = &group_handle;
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_OpenGroup_r(b, tctx, &r),
+		"OpenGroup failed");
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		status = r.out.result;
+		goto failed;
+	}
+
+	d.in.group_handle = &group_handle;
+	d.out.group_handle = &group_handle;
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_DeleteDomainGroup_r(b, tctx, &d),
+		"DeleteDomainGroup failed");
+	if (!NT_STATUS_IS_OK(d.out.result)) {
+		status = d.out.result;
+		goto failed;
+	}
+
+	return true;
+
+failed:
+	torture_result(tctx, TORTURE_FAIL, "DeleteGroup_byname(%s) failed - %s\n", name, nt_errstr(status));
+	return false;
+}
+
+
+static bool test_DeleteAlias_byname(struct dcerpc_binding_handle *b,
+				    struct torture_context *tctx,
+				    struct policy_handle *domain_handle,
+				    const char *name)
+{
+	NTSTATUS status;
+	struct samr_OpenAlias r;
+	struct samr_DeleteDomAlias d;
+	struct policy_handle alias_handle;
+	uint32_t rid;
+
+	torture_comment(tctx, "Testing DeleteAlias_byname\n");
+
+	status = test_LookupName(b, tctx, domain_handle, name, &rid);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto failed;
+	}
+
+	r.in.domain_handle = domain_handle;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.in.rid = rid;
+	r.out.alias_handle = &alias_handle;
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_OpenAlias_r(b, tctx, &r),
+		"OpenAlias failed");
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		status = r.out.result;
+		goto failed;
+	}
+
+	d.in.alias_handle = &alias_handle;
+	d.out.alias_handle = &alias_handle;
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_DeleteDomAlias_r(b, tctx, &d),
+		"DeleteDomAlias failed");
+	if (!NT_STATUS_IS_OK(d.out.result)) {
+		status = d.out.result;
+		goto failed;
+	}
+
+	return true;
+
+failed:
+	torture_result(tctx, TORTURE_FAIL, "DeleteAlias_byname(%s) failed - %s\n", name, nt_errstr(status));
+	return false;
+}
+
+static bool test_DeleteAlias(struct dcerpc_binding_handle *b,
+			     struct torture_context *tctx,
+			     struct policy_handle *alias_handle)
+{
+    	struct samr_DeleteDomAlias d;
+	bool ret = true;
+
+	torture_comment(tctx, "Testing DeleteAlias\n");
+
+	d.in.alias_handle = alias_handle;
+	d.out.alias_handle = alias_handle;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_DeleteDomAlias_r(b, tctx, &d),
+		"DeleteDomAlias failed");
+	if (!NT_STATUS_IS_OK(d.out.result)) {
+		torture_result(tctx, TORTURE_FAIL, "DeleteAlias failed - %s\n", nt_errstr(d.out.result));
+		ret = false;
+	}
+
+	return ret;
+}
+
+static bool test_CreateAlias(struct dcerpc_binding_handle *b,
+			     struct torture_context *tctx,
+			     struct policy_handle *domain_handle,
+			     const char *alias_name,
+			     struct policy_handle *alias_handle,
+			     const struct dom_sid *domain_sid,
+			     bool test_alias)
+{
+	struct samr_CreateDomAlias r;
+	struct lsa_String name;
+	uint32_t rid;
+	bool ret = true;
+
+	init_lsa_String(&name, alias_name);
+	r.in.domain_handle = domain_handle;
+	r.in.alias_name = &name;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.alias_handle = alias_handle;
+	r.out.rid = &rid;
+
+	torture_comment(tctx, "Testing CreateAlias (%s)\n", r.in.alias_name->string);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_CreateDomAlias_r(b, tctx, &r),
+		"CreateDomAlias failed");
+
+	if (dom_sid_equal(domain_sid, dom_sid_parse_talloc(tctx, SID_BUILTIN))) {
+		if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_ACCESS_DENIED)) {
+			torture_comment(tctx, "Server correctly refused create of '%s'\n", r.in.alias_name->string);
+			return true;
+		} else {
+			torture_result(tctx, TORTURE_FAIL, "Server should have refused create of '%s', got %s instead\n", r.in.alias_name->string,
+			       nt_errstr(r.out.result));
+			return false;
+		}
+	}
+
+	if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_ALIAS_EXISTS)) {
+		if (!test_DeleteAlias_byname(b, tctx, domain_handle, r.in.alias_name->string)) {
+			return false;
+		}
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_CreateDomAlias_r(b, tctx, &r),
+			"CreateDomAlias failed");
+	}
+
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		torture_result(tctx, TORTURE_FAIL, "CreateAlias failed - %s\n", nt_errstr(r.out.result));
+		return false;
+	}
+
+	if (!test_alias) {
+		return ret;
+	}
+
+	if (!test_alias_ops(b, tctx, alias_handle, domain_sid)) {
+		ret = false;
+	}
+
+	return ret;
+}
+
+static bool test_ChangePassword(struct dcerpc_pipe *p,
+				struct torture_context *tctx,
+				const char *acct_name,
+				struct policy_handle *domain_handle, char **password)
+{
+	bool ret = true;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (!*password) {
+		return false;
+	}
+
+	if (!test_ChangePasswordUser(b, tctx, acct_name, domain_handle, password)) {
+		ret = false;
+	}
+
+	if (!test_ChangePasswordUser2(p, tctx, acct_name, password, 0, true)) {
+		ret = false;
+	}
+
+	if (!test_OemChangePasswordUser2(p, tctx, acct_name, domain_handle, password)) {
+		ret = false;
+	}
+
+	/* test what happens when setting the old password again */
+	if (!test_ChangePasswordUser3(p, tctx, acct_name, 0, password, *password, 0, true)) {
+		ret = false;
+	}
+
+	{
+		char simple_pass[9];
+		char *v = generate_random_str(tctx, 1);
+
+		ZERO_STRUCT(simple_pass);
+		memset(simple_pass, *v, sizeof(simple_pass) - 1);
+
+		/* test what happens when picking a simple password */
+		if (!test_ChangePasswordUser3(p, tctx, acct_name, 0, password, simple_pass, 0, true)) {
+			ret = false;
+		}
+	}
+
+	/* set samr_SetDomainInfo level 1 with min_length 5 */
+	{
+		struct samr_QueryDomainInfo r;
+		union samr_DomainInfo *info = NULL;
+		struct samr_SetDomainInfo s;
+		uint16_t len_old, len;
+		uint32_t pwd_prop_old;
+		int64_t min_pwd_age_old;
+
+		len = 5;
+
+		r.in.domain_handle = domain_handle;
+		r.in.level = 1;
+		r.out.info = &info;
+
+		torture_comment(tctx, "Testing samr_QueryDomainInfo level 1\n");
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryDomainInfo_r(b, tctx, &r),
+			"QueryDomainInfo failed");
+		if (!NT_STATUS_IS_OK(r.out.result)) {
+			return false;
+		}
+
+		s.in.domain_handle = domain_handle;
+		s.in.level = 1;
+		s.in.info = info;
+
+		/* remember the old min length, so we can reset it */
+		len_old = s.in.info->info1.min_password_length;
+		s.in.info->info1.min_password_length = len;
+		pwd_prop_old = s.in.info->info1.password_properties;
+		/* turn off password complexity checks for this test */
+		s.in.info->info1.password_properties &= ~DOMAIN_PASSWORD_COMPLEX;
+
+		min_pwd_age_old = s.in.info->info1.min_password_age;
+		s.in.info->info1.min_password_age = 0;
+
+		torture_comment(tctx, "Testing samr_SetDomainInfo level 1\n");
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetDomainInfo_r(b, tctx, &s),
+			"SetDomainInfo failed");
+		if (!NT_STATUS_IS_OK(s.out.result)) {
+			return false;
+		}
+
+		torture_comment(tctx, "calling test_ChangePasswordUser3 with too short password\n");
+
+		if (!test_ChangePasswordUser3(p, tctx, acct_name, len - 1, password, NULL, 0, true)) {
+			ret = false;
+		}
+
+		s.in.info->info1.min_password_length = len_old;
+		s.in.info->info1.password_properties = pwd_prop_old;
+		s.in.info->info1.min_password_age = min_pwd_age_old;
+
+		torture_comment(tctx, "Testing samr_SetDomainInfo level 1\n");
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetDomainInfo_r(b, tctx, &s),
+			"SetDomainInfo failed");
+		if (!NT_STATUS_IS_OK(s.out.result)) {
+			return false;
+		}
+
+	}
+
+	{
+		struct samr_OpenUser r;
+		struct samr_QueryUserInfo q;
+		union samr_UserInfo *info;
+		struct samr_LookupNames n;
+		struct policy_handle user_handle;
+		struct samr_Ids rids, types;
+
+		n.in.domain_handle = domain_handle;
+		n.in.num_names = 1;
+		n.in.names = talloc_array(tctx, struct lsa_String, 1);
+		n.in.names[0].string = acct_name;
+		n.out.rids = &rids;
+		n.out.types = &types;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_LookupNames_r(b, tctx, &n),
+			"LookupNames failed");
+		if (!NT_STATUS_IS_OK(n.out.result)) {
+			torture_result(tctx, TORTURE_FAIL, "LookupNames failed - %s\n", nt_errstr(n.out.result));
+			return false;
+		}
+
+		r.in.domain_handle = domain_handle;
+		r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+		r.in.rid = n.out.rids->ids[0];
+		r.out.user_handle = &user_handle;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_OpenUser_r(b, tctx, &r),
+			"OpenUser failed");
+		if (!NT_STATUS_IS_OK(r.out.result)) {
+			torture_result(tctx, TORTURE_FAIL, "OpenUser(%u) failed - %s\n", n.out.rids->ids[0], nt_errstr(r.out.result));
+			return false;
+		}
+
+		q.in.user_handle = &user_handle;
+		q.in.level = 5;
+		q.out.info = &info;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryUserInfo_r(b, tctx, &q),
+			"QueryUserInfo failed");
+		if (!NT_STATUS_IS_OK(q.out.result)) {
+			torture_result(tctx, TORTURE_FAIL, "QueryUserInfo failed - %s\n", nt_errstr(q.out.result));
+			return false;
+		}
+
+		torture_comment(tctx, "calling test_ChangePasswordUser3 with too early password change\n");
+
+		if (!test_ChangePasswordUser3(p, tctx, acct_name, 0, password, NULL,
+					      info->info5.last_password_change, true)) {
+			ret = false;
+		}
+	}
+
+	/* we change passwords twice - this has the effect of verifying
+	   they were changed correctly for the final call */
+	if (!test_ChangePasswordUser3(p, tctx, acct_name, 0, password, NULL, 0, true)) {
+		ret = false;
+	}
+
+	if (!test_ChangePasswordUser3(p, tctx, acct_name, 0, password, NULL, 0, true)) {
+		ret = false;
+	}
+
+	if (!test_ChangePasswordUser4(p, tctx, acct_name, 0, password, NULL)) {
+		ret = false;
+	}
+
+	return ret;
+}
+
+static bool test_CreateUser(struct dcerpc_pipe *p, struct torture_context *tctx,
+			    struct policy_handle *domain_handle,
+			    const char *user_name,
+			    struct policy_handle *user_handle_out,
+			    struct dom_sid *domain_sid,
+			    enum torture_samr_choice which_ops,
+			    struct cli_credentials *machine_credentials,
+			    bool test_user)
+{
+
+	TALLOC_CTX *user_ctx;
+
+	struct samr_CreateUser r;
+	struct samr_QueryUserInfo q;
+	union samr_UserInfo *info;
+	struct samr_DeleteUser d;
+	uint32_t rid;
+
+	/* This call creates a 'normal' account - check that it really does */
+	const uint32_t acct_flags = ACB_NORMAL;
+	struct lsa_String name;
+	bool ret = true;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	struct policy_handle user_handle;
+	user_ctx = talloc_named(tctx, 0, "test_CreateUser2 per-user context");
+	init_lsa_String(&name, user_name);
+
+	r.in.domain_handle = domain_handle;
+	r.in.account_name = &name;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.user_handle = &user_handle;
+	r.out.rid = &rid;
+
+	torture_comment(tctx, "Testing CreateUser(%s)\n", r.in.account_name->string);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_CreateUser_r(b, user_ctx, &r),
+		"CreateUser failed");
+
+	if (dom_sid_equal(domain_sid, dom_sid_parse_talloc(tctx, SID_BUILTIN))) {
+		if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_ACCESS_DENIED) || NT_STATUS_EQUAL(r.out.result, NT_STATUS_INVALID_PARAMETER)) {
+			torture_comment(tctx, "Server correctly refused create of '%s'\n", r.in.account_name->string);
+			return true;
+		} else {
+			torture_result(tctx, TORTURE_FAIL, "Server should have refused create of '%s', got %s instead\n", r.in.account_name->string,
+			       nt_errstr(r.out.result));
+			return false;
+		}
+	}
+
+	if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_USER_EXISTS)) {
+		if (!test_DeleteUser_byname(b, tctx, domain_handle, r.in.account_name->string)) {
+			talloc_free(user_ctx);
+			return false;
+		}
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_CreateUser_r(b, user_ctx, &r),
+			"CreateUser failed");
+	}
+
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		talloc_free(user_ctx);
+		torture_result(tctx, TORTURE_FAIL, "CreateUser failed - %s\n", nt_errstr(r.out.result));
+		return false;
+	}
+
+	if (!test_user) {
+		if (user_handle_out) {
+			*user_handle_out = user_handle;
+		}
+		return ret;
+	}
+
+	{
+		q.in.user_handle = &user_handle;
+		q.in.level = 16;
+		q.out.info = &info;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryUserInfo_r(b, user_ctx, &q),
+			"QueryUserInfo failed");
+		if (!NT_STATUS_IS_OK(q.out.result)) {
+			torture_result(tctx, TORTURE_FAIL, "QueryUserInfo level %u failed - %s\n",
+			       q.in.level, nt_errstr(q.out.result));
+			ret = false;
+		} else {
+			if ((info->info16.acct_flags & acct_flags) != acct_flags) {
+				torture_result(tctx, TORTURE_FAIL, "QueryUserInfo level 16 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
+				       info->info16.acct_flags,
+				       acct_flags);
+				ret = false;
+			}
+		}
+
+		if (!test_user_ops(p, tctx, &user_handle, domain_handle,
+				   domain_sid, acct_flags, name.string, which_ops,
+				   machine_credentials)) {
+			ret = false;
+		}
+
+		if (user_handle_out) {
+			*user_handle_out = user_handle;
+		} else {
+			torture_comment(tctx, "Testing DeleteUser (createuser test)\n");
+
+			d.in.user_handle = &user_handle;
+			d.out.user_handle = &user_handle;
+
+			torture_assert_ntstatus_ok(tctx, dcerpc_samr_DeleteUser_r(b, user_ctx, &d),
+				"DeleteUser failed");
+			if (!NT_STATUS_IS_OK(d.out.result)) {
+				torture_result(tctx, TORTURE_FAIL, "DeleteUser failed - %s\n", nt_errstr(d.out.result));
+				ret = false;
+			}
+		}
+
+	}
+
+	talloc_free(user_ctx);
+
+	return ret;
+}
+
+
+static bool test_CreateUser2(struct dcerpc_pipe *p, struct torture_context *tctx,
+			     struct policy_handle *domain_handle,
+			     struct dom_sid *domain_sid,
+			     enum torture_samr_choice which_ops,
+			     struct cli_credentials *machine_credentials)
+{
+	struct samr_CreateUser2 r;
+	struct samr_QueryUserInfo q;
+	union samr_UserInfo *info;
+	struct samr_DeleteUser d;
+	struct policy_handle user_handle;
+	uint32_t rid;
+	struct lsa_String name;
+	bool ret = true;
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	struct {
+		uint32_t acct_flags;
+		const char *account_name;
+		NTSTATUS nt_status;
+	} account_types[] = {
+		{ ACB_NORMAL, TEST_ACCOUNT_NAME, NT_STATUS_OK },
+		{ ACB_NORMAL | ACB_DISABLED, TEST_ACCOUNT_NAME, NT_STATUS_INVALID_PARAMETER },
+		{ ACB_NORMAL | ACB_PWNOEXP, TEST_ACCOUNT_NAME, NT_STATUS_INVALID_PARAMETER },
+		{ ACB_WSTRUST, TEST_MACHINENAME, NT_STATUS_OK },
+		{ ACB_WSTRUST | ACB_DISABLED, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
+		{ ACB_WSTRUST | ACB_PWNOEXP, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
+		{ ACB_SVRTRUST, TEST_MACHINENAME, NT_STATUS_OK },
+		{ ACB_SVRTRUST | ACB_DISABLED, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
+		{ ACB_SVRTRUST | ACB_PWNOEXP, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
+		{ ACB_DOMTRUST, TEST_DOMAINNAME, NT_STATUS_ACCESS_DENIED },
+		{ ACB_DOMTRUST | ACB_DISABLED, TEST_DOMAINNAME, NT_STATUS_INVALID_PARAMETER },
+		{ ACB_DOMTRUST | ACB_PWNOEXP, TEST_DOMAINNAME, NT_STATUS_INVALID_PARAMETER },
+		{ 0, TEST_ACCOUNT_NAME, NT_STATUS_INVALID_PARAMETER },
+		{ ACB_DISABLED, TEST_ACCOUNT_NAME, NT_STATUS_INVALID_PARAMETER },
+		{ 0, NULL, NT_STATUS_INVALID_PARAMETER }
+	};
+
+	for (i = 0; account_types[i].account_name; i++) {
+		TALLOC_CTX *user_ctx;
+		uint32_t acct_flags = account_types[i].acct_flags;
+		uint32_t access_granted;
+		user_ctx = talloc_named(tctx, 0, "test_CreateUser2 per-user context");
+		init_lsa_String(&name, account_types[i].account_name);
+
+		r.in.domain_handle = domain_handle;
+		r.in.account_name = &name;
+		r.in.acct_flags = acct_flags;
+		r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+		r.out.user_handle = &user_handle;
+		r.out.access_granted = &access_granted;
+		r.out.rid = &rid;
+
+		torture_comment(tctx, "Testing CreateUser2(%s, 0x%x)\n", r.in.account_name->string, acct_flags);
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_CreateUser2_r(b, user_ctx, &r),
+			"CreateUser2 failed");
+
+		if (dom_sid_equal(domain_sid, dom_sid_parse_talloc(tctx, SID_BUILTIN))) {
+			if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_ACCESS_DENIED) || NT_STATUS_EQUAL(r.out.result, NT_STATUS_INVALID_PARAMETER)) {
+				torture_comment(tctx, "Server correctly refused create of '%s'\n", r.in.account_name->string);
+				continue;
+			} else {
+				torture_result(tctx, TORTURE_FAIL, "Server should have refused create of '%s', got %s instead\n", r.in.account_name->string,
+				       nt_errstr(r.out.result));
+				ret = false;
+				continue;
+			}
+		}
+
+		if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_USER_EXISTS)) {
+			if (!test_DeleteUser_byname(b, tctx, domain_handle, r.in.account_name->string)) {
+				talloc_free(user_ctx);
+				ret = false;
+				continue;
+			}
+			torture_assert_ntstatus_ok(tctx, dcerpc_samr_CreateUser2_r(b, user_ctx, &r),
+				"CreateUser2 failed");
+
+		}
+		if (!NT_STATUS_EQUAL(r.out.result, account_types[i].nt_status)) {
+			torture_result(tctx, TORTURE_FAIL, "CreateUser2 failed gave incorrect error return - %s (should be %s)\n",
+			       nt_errstr(r.out.result), nt_errstr(account_types[i].nt_status));
+			ret = false;
+		}
+
+		if (NT_STATUS_IS_OK(r.out.result)) {
+			q.in.user_handle = &user_handle;
+			q.in.level = 5;
+			q.out.info = &info;
+
+			torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryUserInfo_r(b, user_ctx, &q),
+				"QueryUserInfo failed");
+			if (!NT_STATUS_IS_OK(q.out.result)) {
+				torture_result(tctx, TORTURE_FAIL, "QueryUserInfo level %u failed - %s\n",
+				       q.in.level, nt_errstr(q.out.result));
+				ret = false;
+			} else {
+				uint32_t expected_flags = (acct_flags | ACB_PWNOTREQ | ACB_DISABLED);
+				if (acct_flags == ACB_NORMAL) {
+					expected_flags |= ACB_PW_EXPIRED;
+				}
+				if ((info->info5.acct_flags) != expected_flags) {
+					torture_result(tctx, TORTURE_FAIL, "QueryUserInfo level 5 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
+					       info->info5.acct_flags,
+					       expected_flags);
+					ret = false;
+				}
+				switch (acct_flags) {
+				case ACB_SVRTRUST:
+					if (info->info5.primary_gid != DOMAIN_RID_DCS) {
+						torture_result(tctx, TORTURE_FAIL, "QueryUserInfo level 5: DC should have had Primary Group %d, got %d\n",
+						       DOMAIN_RID_DCS, info->info5.primary_gid);
+						ret = false;
+					}
+					break;
+				case ACB_WSTRUST:
+					if (info->info5.primary_gid != DOMAIN_RID_DOMAIN_MEMBERS) {
+						torture_result(tctx, TORTURE_FAIL, "QueryUserInfo level 5: Domain Member should have had Primary Group %d, got %d\n",
+						       DOMAIN_RID_DOMAIN_MEMBERS, info->info5.primary_gid);
+						ret = false;
+					}
+					break;
+				case ACB_NORMAL:
+					if (info->info5.primary_gid != DOMAIN_RID_USERS) {
+						torture_result(tctx, TORTURE_FAIL, "QueryUserInfo level 5: Users should have had Primary Group %d, got %d\n",
+						       DOMAIN_RID_USERS, info->info5.primary_gid);
+						ret = false;
+					}
+					break;
+				}
+			}
+
+			if (!test_user_ops(p, tctx, &user_handle, domain_handle,
+					   domain_sid, acct_flags, name.string, which_ops,
+					   machine_credentials)) {
+				ret = false;
+			}
+
+			if (!ndr_policy_handle_empty(&user_handle)) {
+				torture_comment(tctx, "Testing DeleteUser (createuser2 test)\n");
+
+				d.in.user_handle = &user_handle;
+				d.out.user_handle = &user_handle;
+
+				torture_assert_ntstatus_ok(tctx, dcerpc_samr_DeleteUser_r(b, user_ctx, &d),
+					"DeleteUser failed");
+				if (!NT_STATUS_IS_OK(d.out.result)) {
+					torture_result(tctx, TORTURE_FAIL, "DeleteUser failed - %s\n", nt_errstr(d.out.result));
+					ret = false;
+				}
+			}
+		}
+		talloc_free(user_ctx);
+	}
+
+	return ret;
+}
+
+static bool test_QueryAliasInfo(struct dcerpc_binding_handle *b,
+				struct torture_context *tctx,
+				struct policy_handle *handle)
+{
+	struct samr_QueryAliasInfo r;
+	union samr_AliasInfo *info;
+	uint16_t levels[] = {1, 2, 3};
+	int i;
+	bool ret = true;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		torture_comment(tctx, "Testing QueryAliasInfo level %u\n", levels[i]);
+
+		r.in.alias_handle = handle;
+		r.in.level = levels[i];
+		r.out.info = &info;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryAliasInfo_r(b, tctx, &r),
+			"QueryAliasInfo failed");
+		if (!NT_STATUS_IS_OK(r.out.result)) {
+			torture_result(tctx, TORTURE_FAIL, "QueryAliasInfo level %u failed - %s\n",
+			       levels[i], nt_errstr(r.out.result));
+			ret = false;
+		}
+	}
+
+	return ret;
+}
+
+static bool test_QueryGroupInfo(struct dcerpc_binding_handle *b,
+				struct torture_context *tctx,
+				struct policy_handle *handle)
+{
+	struct samr_QueryGroupInfo r;
+	union samr_GroupInfo *info;
+	uint16_t levels[] = {1, 2, 3, 4, 5};
+	int i;
+	bool ret = true;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		torture_comment(tctx, "Testing QueryGroupInfo level %u\n", levels[i]);
+
+		r.in.group_handle = handle;
+		r.in.level = levels[i];
+		r.out.info = &info;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryGroupInfo_r(b, tctx, &r),
+			"QueryGroupInfo failed");
+		if (!NT_STATUS_IS_OK(r.out.result)) {
+			torture_result(tctx, TORTURE_FAIL, "QueryGroupInfo level %u failed - %s\n",
+			       levels[i], nt_errstr(r.out.result));
+			ret = false;
+		}
+	}
+
+	return ret;
+}
+
+static bool test_QueryGroupMember(struct dcerpc_binding_handle *b,
+				  struct torture_context *tctx,
+				  struct policy_handle *handle)
+{
+	struct samr_QueryGroupMember r;
+	struct samr_RidAttrArray *rids = NULL;
+	bool ret = true;
+
+	torture_comment(tctx, "Testing QueryGroupMember\n");
+
+	r.in.group_handle = handle;
+	r.out.rids = &rids;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryGroupMember_r(b, tctx, &r),
+		"QueryGroupMember failed");
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		torture_result(tctx, TORTURE_FAIL, "QueryGroupMember failed - %s\n", nt_errstr(r.out.result));
+		ret = false;
+	}
+
+	return ret;
+}
+
+
+static bool test_SetGroupInfo(struct dcerpc_binding_handle *b,
+			      struct torture_context *tctx,
+			      struct policy_handle *handle)
+{
+	struct samr_QueryGroupInfo r;
+	union samr_GroupInfo *info;
+	struct samr_SetGroupInfo s;
+	uint16_t levels[] = {1, 2, 3, 4};
+	uint16_t set_ok[] = {0, 1, 1, 1};
+	int i;
+	bool ret = true;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		torture_comment(tctx, "Testing QueryGroupInfo level %u\n", levels[i]);
+
+		r.in.group_handle = handle;
+		r.in.level = levels[i];
+		r.out.info = &info;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryGroupInfo_r(b, tctx, &r),
+			"QueryGroupInfo failed");
+		if (!NT_STATUS_IS_OK(r.out.result)) {
+			torture_result(tctx, TORTURE_FAIL, "QueryGroupInfo level %u failed - %s\n",
+			       levels[i], nt_errstr(r.out.result));
+			ret = false;
+		}
+
+		torture_comment(tctx, "Testing SetGroupInfo level %u\n", levels[i]);
+
+		s.in.group_handle = handle;
+		s.in.level = levels[i];
+		s.in.info = *r.out.info;
+
+#if 0
+		/* disabled this, as it changes the name only from the point of view of samr,
+		   but leaves the name from the point of view of w2k3 internals (and ldap). This means
+		   the name is still reserved, so creating the old name fails, but deleting by the old name
+		   also fails */
+		if (s.in.level == 2) {
+			init_lsa_String(&s.in.info->string, "NewName");
+		}
+#endif
+
+		if (s.in.level == 4) {
+			init_lsa_String(&s.in.info->description, "test description");
+		}
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetGroupInfo_r(b, tctx, &s),
+			"SetGroupInfo failed");
+		if (set_ok[i]) {
+			if (!NT_STATUS_IS_OK(s.out.result)) {
+				torture_result(tctx, TORTURE_FAIL, "SetGroupInfo level %u failed - %s\n",
+				       r.in.level, nt_errstr(s.out.result));
+				ret = false;
+				continue;
+			}
+		} else {
+			if (!NT_STATUS_EQUAL(NT_STATUS_INVALID_INFO_CLASS, s.out.result)) {
+				torture_result(tctx, TORTURE_FAIL, "SetGroupInfo level %u gave %s - should have been NT_STATUS_INVALID_INFO_CLASS\n",
+				       r.in.level, nt_errstr(s.out.result));
+				ret = false;
+				continue;
+			}
+		}
+	}
+
+	return ret;
+}
+
+static bool test_QueryUserInfo(struct dcerpc_binding_handle *b,
+			       struct torture_context *tctx,
+			       struct policy_handle *handle)
+{
+	struct samr_QueryUserInfo r;
+	union samr_UserInfo *info;
+	uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
+			   11, 12, 13, 14, 16, 17, 20, 21};
+	int i;
+	bool ret = true;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		torture_comment(tctx, "Testing QueryUserInfo level %u\n", levels[i]);
+
+		r.in.user_handle = handle;
+		r.in.level = levels[i];
+		r.out.info = &info;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryUserInfo_r(b, tctx, &r),
+			"QueryUserInfo failed");
+		if (!NT_STATUS_IS_OK(r.out.result)) {
+			torture_result(tctx, TORTURE_FAIL, "QueryUserInfo level %u failed - %s\n",
+			       levels[i], nt_errstr(r.out.result));
+			ret = false;
+		}
+	}
+
+	return ret;
+}
+
+static bool test_QueryUserInfo2(struct dcerpc_binding_handle *b,
+				struct torture_context *tctx,
+				struct policy_handle *handle)
+{
+	struct samr_QueryUserInfo2 r;
+	union samr_UserInfo *info;
+	uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
+			   11, 12, 13, 14, 16, 17, 20, 21};
+	int i;
+	bool ret = true;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		torture_comment(tctx, "Testing QueryUserInfo2 level %u\n", levels[i]);
+
+		r.in.user_handle = handle;
+		r.in.level = levels[i];
+		r.out.info = &info;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryUserInfo2_r(b, tctx, &r),
+			"QueryUserInfo2 failed");
+		if (!NT_STATUS_IS_OK(r.out.result)) {
+			torture_result(tctx, TORTURE_FAIL, "QueryUserInfo2 level %u failed - %s\n",
+			       levels[i], nt_errstr(r.out.result));
+			ret = false;
+		}
+	}
+
+	return ret;
+}
+
+static bool test_OpenUser(struct dcerpc_binding_handle *b,
+			  struct torture_context *tctx,
+			  struct policy_handle *handle, uint32_t rid)
+{
+	struct samr_OpenUser r;
+	struct policy_handle user_handle;
+	bool ret = true;
+
+	torture_comment(tctx, "Testing OpenUser(%u)\n", rid);
+
+	r.in.domain_handle = handle;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.in.rid = rid;
+	r.out.user_handle = &user_handle;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_OpenUser_r(b, tctx, &r),
+		"OpenUser failed");
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		torture_result(tctx, TORTURE_FAIL, "OpenUser(%u) failed - %s\n", rid, nt_errstr(r.out.result));
+		return false;
+	}
+
+	if (!test_QuerySecurity(b, tctx, &user_handle)) {
+		ret = false;
+	}
+
+	if (!test_QueryUserInfo(b, tctx, &user_handle)) {
+		ret = false;
+	}
+
+	if (!test_QueryUserInfo2(b, tctx, &user_handle)) {
+		ret = false;
+	}
+
+	if (!test_GetUserPwInfo(b, tctx, &user_handle)) {
+		ret = false;
+	}
+
+	if (!test_GetGroupsForUser(b, tctx, &user_handle)) {
+		ret = false;
+	}
+
+	if (!test_samr_handle_Close(b, tctx, &user_handle)) {
+		ret = false;
+	}
+
+	return ret;
+}
+
+static bool test_OpenGroup(struct dcerpc_binding_handle *b,
+			   struct torture_context *tctx,
+			   struct policy_handle *handle, uint32_t rid)
+{
+	struct samr_OpenGroup r;
+	struct policy_handle group_handle;
+	bool ret = true;
+
+	torture_comment(tctx, "Testing OpenGroup(%u)\n", rid);
+
+	r.in.domain_handle = handle;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.in.rid = rid;
+	r.out.group_handle = &group_handle;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_OpenGroup_r(b, tctx, &r),
+		"OpenGroup failed");
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		torture_result(tctx, TORTURE_FAIL, "OpenGroup(%u) failed - %s\n", rid, nt_errstr(r.out.result));
+		return false;
+	}
+
+	if (!torture_setting_bool(tctx, "samba3", false)) {
+		if (!test_QuerySecurity(b, tctx, &group_handle)) {
+			ret = false;
+		}
+	}
+
+	if (!test_QueryGroupInfo(b, tctx, &group_handle)) {
+		ret = false;
+	}
+
+	if (!test_QueryGroupMember(b, tctx, &group_handle)) {
+		ret = false;
+	}
+
+	if (!test_samr_handle_Close(b, tctx, &group_handle)) {
+		ret = false;
+	}
+
+	return ret;
+}
+
+static bool test_OpenAlias(struct dcerpc_binding_handle *b,
+			   struct torture_context *tctx,
+			   struct policy_handle *handle, uint32_t rid)
+{
+	struct samr_OpenAlias r;
+	struct policy_handle alias_handle;
+	bool ret = true;
+
+	torture_comment(tctx, "Testing OpenAlias(%u)\n", rid);
+
+	r.in.domain_handle = handle;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.in.rid = rid;
+	r.out.alias_handle = &alias_handle;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_OpenAlias_r(b, tctx, &r),
+		"OpenAlias failed");
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		torture_result(tctx, TORTURE_FAIL, "OpenAlias(%u) failed - %s\n", rid, nt_errstr(r.out.result));
+		return false;
+	}
+
+	if (!torture_setting_bool(tctx, "samba3", false)) {
+		if (!test_QuerySecurity(b, tctx, &alias_handle)) {
+			ret = false;
+		}
+	}
+
+	if (!test_QueryAliasInfo(b, tctx, &alias_handle)) {
+		ret = false;
+	}
+
+	if (!test_GetMembersInAlias(b, tctx, &alias_handle)) {
+		ret = false;
+	}
+
+	if (!test_samr_handle_Close(b, tctx, &alias_handle)) {
+		ret = false;
+	}
+
+	return ret;
+}
+
+static bool check_mask(struct dcerpc_binding_handle *b,
+		       struct torture_context *tctx,
+		       struct policy_handle *handle, uint32_t rid,
+		       uint32_t acct_flag_mask)
+{
+	struct samr_OpenUser r;
+	struct samr_QueryUserInfo q;
+	union samr_UserInfo *info;
+	struct policy_handle user_handle;
+	bool ret = true;
+
+	torture_comment(tctx, "Testing OpenUser(%u)\n", rid);
+
+	r.in.domain_handle = handle;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.in.rid = rid;
+	r.out.user_handle = &user_handle;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_OpenUser_r(b, tctx, &r),
+		"OpenUser failed");
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		torture_result(tctx, TORTURE_FAIL, "OpenUser(%u) failed - %s\n", rid, nt_errstr(r.out.result));
+		return false;
+	}
+
+	q.in.user_handle = &user_handle;
+	q.in.level = 16;
+	q.out.info = &info;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryUserInfo_r(b, tctx, &q),
+		"QueryUserInfo failed");
+	if (!NT_STATUS_IS_OK(q.out.result)) {
+		torture_result(tctx, TORTURE_FAIL, "QueryUserInfo level 16 failed - %s\n",
+		       nt_errstr(q.out.result));
+		ret = false;
+	} else {
+		if ((acct_flag_mask & info->info16.acct_flags) == 0) {
+			torture_result(tctx, TORTURE_FAIL, "Server failed to filter for 0x%x, allowed 0x%x (%d) on EnumDomainUsers\n",
+			       acct_flag_mask, info->info16.acct_flags, rid);
+			ret = false;
+		}
+	}
+
+	if (!test_samr_handle_Close(b, tctx, &user_handle)) {
+		ret = false;
+	}
+
+	return ret;
+}
+
+static bool test_EnumDomainUsers_all(struct dcerpc_binding_handle *b,
+				     struct torture_context *tctx,
+				     struct policy_handle *handle)
+{
+	struct samr_EnumDomainUsers r;
+	uint32_t mask, resume_handle=0;
+	int i, mask_idx;
+	bool ret = true;
+	struct samr_LookupNames n;
+	struct samr_LookupRids  lr ;
+	struct lsa_Strings names;
+	struct samr_Ids rids, types;
+	struct samr_SamArray *sam = NULL;
+	uint32_t num_entries = 0;
+
+	uint32_t masks[] = {ACB_NORMAL, ACB_DOMTRUST, ACB_WSTRUST,
+			    ACB_DISABLED, ACB_NORMAL | ACB_DISABLED,
+			    ACB_SVRTRUST | ACB_DOMTRUST | ACB_WSTRUST,
+			    ACB_PWNOEXP, 0};
+
+	torture_comment(tctx, "Testing EnumDomainUsers\n");
+
+	for (mask_idx=0;mask_idx<ARRAY_SIZE(masks);mask_idx++) {
+		r.in.domain_handle = handle;
+		r.in.resume_handle = &resume_handle;
+		r.in.acct_flags = mask = masks[mask_idx];
+		r.in.max_size = (uint32_t)-1;
+		r.out.resume_handle = &resume_handle;
+		r.out.num_entries = &num_entries;
+		r.out.sam = &sam;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_EnumDomainUsers_r(b, tctx, &r),
+			"EnumDomainUsers failed");
+		if (!NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES) &&
+		    !NT_STATUS_IS_OK(r.out.result)) {
+			torture_result(tctx, TORTURE_FAIL, "EnumDomainUsers failed - %s\n", nt_errstr(r.out.result));
+			return false;
+		}
+
+		torture_assert(tctx, sam, "EnumDomainUsers failed: r.out.sam unexpectedly NULL");
+
+		if (sam->count == 0) {
+			continue;
+		}
+
+		for (i=0;i<sam->count;i++) {
+			if (mask) {
+				if (!check_mask(b, tctx, handle, sam->entries[i].idx, mask)) {
+					ret = false;
+				}
+			} else if (!test_OpenUser(b, tctx, handle, sam->entries[i].idx)) {
+				ret = false;
+			}
+		}
+	}
+
+	torture_comment(tctx, "Testing LookupNames\n");
+	n.in.domain_handle = handle;
+	n.in.num_names = sam->count;
+	n.in.names = talloc_array(tctx, struct lsa_String, sam->count);
+	n.out.rids = &rids;
+	n.out.types = &types;
+	for (i=0;i<sam->count;i++) {
+		n.in.names[i].string = sam->entries[i].name.string;
+	}
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_LookupNames_r(b, tctx, &n),
+		"LookupNames failed");
+	if (!NT_STATUS_IS_OK(n.out.result)) {
+		torture_result(tctx, TORTURE_FAIL, "LookupNames failed - %s\n", nt_errstr(n.out.result));
+		ret = false;
+	}
+
+
+	torture_comment(tctx, "Testing LookupRids\n");
+	lr.in.domain_handle = handle;
+	lr.in.num_rids = sam->count;
+	lr.in.rids = talloc_array(tctx, uint32_t, sam->count);
+	lr.out.names = &names;
+	lr.out.types = &types;
+	for (i=0;i<sam->count;i++) {
+		lr.in.rids[i] = sam->entries[i].idx;
+	}
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_LookupRids_r(b, tctx, &lr),
+		"LookupRids failed");
+	torture_assert_ntstatus_ok(tctx, lr.out.result, "LookupRids");
+
+	return ret;
+}
+
+/*
+  try blasting the server with a bunch of sync requests
+*/
+static bool test_EnumDomainUsers_async(struct dcerpc_pipe *p, struct torture_context *tctx,
+				       struct policy_handle *handle)
+{
+	struct samr_EnumDomainUsers r;
+	uint32_t resume_handle=0;
+	int i;
+#define ASYNC_COUNT 100
+	struct tevent_req *req[ASYNC_COUNT];
+
+	if (!torture_setting_bool(tctx, "dangerous", false)) {
+		torture_skip(tctx, "samr async test disabled - enable dangerous tests to use\n");
+	}
+
+	torture_comment(tctx, "Testing EnumDomainUsers_async\n");
+
+	r.in.domain_handle = handle;
+	r.in.resume_handle = &resume_handle;
+	r.in.acct_flags = 0;
+	r.in.max_size = (uint32_t)-1;
+	r.out.resume_handle = &resume_handle;
+
+	for (i=0;i<ASYNC_COUNT;i++) {
+		req[i] = dcerpc_samr_EnumDomainUsers_r_send(tctx, tctx->ev, p->binding_handle, &r);
+	}
+
+	for (i=0;i<ASYNC_COUNT;i++) {
+		tevent_req_poll(req[i], tctx->ev);
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_EnumDomainUsers_r_recv(req[i], tctx),
+			talloc_asprintf(tctx, "EnumDomainUsers[%d] failed - %s\n",
+			       i, nt_errstr(r.out.result)));
+	}
+
+	torture_comment(tctx, "%d async requests OK\n", i);
+
+	return true;
+}
+
+static bool test_EnumDomainGroups_all(struct dcerpc_binding_handle *b,
+				      struct torture_context *tctx,
+				      struct policy_handle *handle)
+{
+	struct samr_EnumDomainGroups r;
+	uint32_t resume_handle=0;
+	struct samr_SamArray *sam = NULL;
+	uint32_t num_entries = 0;
+	int i;
+	bool ret = true;
+	bool universal_group_found = false;
+
+	torture_comment(tctx, "Testing EnumDomainGroups\n");
+
+	r.in.domain_handle = handle;
+	r.in.resume_handle = &resume_handle;
+	r.in.max_size = (uint32_t)-1;
+	r.out.resume_handle = &resume_handle;
+	r.out.num_entries = &num_entries;
+	r.out.sam = &sam;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_EnumDomainGroups_r(b, tctx, &r),
+		"EnumDomainGroups failed");
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		torture_result(tctx, TORTURE_FAIL, "EnumDomainGroups failed - %s\n", nt_errstr(r.out.result));
+		return false;
+	}
+
+	if (!sam) {
+		return false;
+	}
+
+	for (i=0;i<sam->count;i++) {
+		if (!test_OpenGroup(b, tctx, handle, sam->entries[i].idx)) {
+			ret = false;
+		}
+		if ((ret == true) && (strcasecmp(sam->entries[i].name.string,
+						 "Enterprise Admins") == 0)) {
+			universal_group_found = true;
+		}
+	}
+
+	/* when we are running this on s4 we should get back at least the
+	 * "Enterprise Admins" universal group. If we don't get a group entry
+	 * at all we probably are performing the test on the builtin domain.
+	 * So ignore this case. */
+	if (torture_setting_bool(tctx, "samba4", false)) {
+		if ((sam->count > 0) && (!universal_group_found)) {
+			ret = false;
+		}
+	}
+
+	return ret;
+}
+
+static bool test_EnumDomainAliases_all(struct dcerpc_binding_handle *b,
+				       struct torture_context *tctx,
+				       struct policy_handle *handle)
+{
+	struct samr_EnumDomainAliases r;
+	uint32_t resume_handle=0;
+	struct samr_SamArray *sam = NULL;
+	uint32_t num_entries = 0;
+	int i;
+	bool ret = true;
+
+	torture_comment(tctx, "Testing EnumDomainAliases\n");
+
+	r.in.domain_handle = handle;
+	r.in.resume_handle = &resume_handle;
+	r.in.max_size = (uint32_t)-1;
+	r.out.sam = &sam;
+	r.out.num_entries = &num_entries;
+	r.out.resume_handle = &resume_handle;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_EnumDomainAliases_r(b, tctx, &r),
+		"EnumDomainAliases failed");
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		torture_result(tctx, TORTURE_FAIL, "EnumDomainAliases failed - %s\n", nt_errstr(r.out.result));
+		return false;
+	}
+
+	if (!sam) {
+		return false;
+	}
+
+	for (i=0;i<sam->count;i++) {
+		if (!test_OpenAlias(b, tctx, handle, sam->entries[i].idx)) {
+			ret = false;
+		}
+	}
+
+	return ret;
+}
+
+static bool test_GetDisplayEnumerationIndex(struct dcerpc_binding_handle *b,
+					    struct torture_context *tctx,
+					    struct policy_handle *handle)
+{
+	struct samr_GetDisplayEnumerationIndex r;
+	bool ret = true;
+	uint16_t levels[] = {1, 2, 3, 4, 5};
+	uint16_t ok_lvl[] = {1, 1, 1, 0, 0};
+	struct lsa_String name;
+	uint32_t idx = 0;
+	int i;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		torture_comment(tctx, "Testing GetDisplayEnumerationIndex level %u\n", levels[i]);
+
+		init_lsa_String(&name, TEST_ACCOUNT_NAME);
+
+		r.in.domain_handle = handle;
+		r.in.level = levels[i];
+		r.in.name = &name;
+		r.out.idx = &idx;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetDisplayEnumerationIndex_r(b, tctx, &r),
+			"GetDisplayEnumerationIndex failed");
+
+		if (ok_lvl[i] &&
+		    !NT_STATUS_IS_OK(r.out.result) &&
+		    !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, r.out.result)) {
+			torture_result(tctx, TORTURE_FAIL, "GetDisplayEnumerationIndex level %u failed - %s\n",
+			       levels[i], nt_errstr(r.out.result));
+			ret = false;
+		}
+
+		init_lsa_String(&name, "zzzzzzzz");
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetDisplayEnumerationIndex_r(b, tctx, &r),
+			"GetDisplayEnumerationIndex failed");
+
+		if (ok_lvl[i] && !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, r.out.result)) {
+			torture_result(tctx, TORTURE_FAIL, "GetDisplayEnumerationIndex level %u failed - %s\n",
+			       levels[i], nt_errstr(r.out.result));
+			ret = false;
+		}
+	}
+
+	return ret;
+}
+
+static bool test_GetDisplayEnumerationIndex2(struct dcerpc_binding_handle *b,
+					     struct torture_context *tctx,
+					     struct policy_handle *handle)
+{
+	struct samr_GetDisplayEnumerationIndex2 r;
+	bool ret = true;
+	uint16_t levels[] = {1, 2, 3, 4, 5};
+	uint16_t ok_lvl[] = {1, 1, 1, 0, 0};
+	struct lsa_String name;
+	uint32_t idx = 0;
+	int i;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		torture_comment(tctx, "Testing GetDisplayEnumerationIndex2 level %u\n", levels[i]);
+
+		init_lsa_String(&name, TEST_ACCOUNT_NAME);
+
+		r.in.domain_handle = handle;
+		r.in.level = levels[i];
+		r.in.name = &name;
+		r.out.idx = &idx;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetDisplayEnumerationIndex2_r(b, tctx, &r),
+			"GetDisplayEnumerationIndex2 failed");
+		if (ok_lvl[i] &&
+		    !NT_STATUS_IS_OK(r.out.result) &&
+		    !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, r.out.result)) {
+			torture_result(tctx, TORTURE_FAIL, "GetDisplayEnumerationIndex2 level %u failed - %s\n",
+			       levels[i], nt_errstr(r.out.result));
+			ret = false;
+		}
+
+		init_lsa_String(&name, "zzzzzzzz");
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetDisplayEnumerationIndex2_r(b, tctx, &r),
+			"GetDisplayEnumerationIndex2 failed");
+		if (ok_lvl[i] && !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, r.out.result)) {
+			torture_result(tctx, TORTURE_FAIL, "GetDisplayEnumerationIndex2 level %u failed - %s\n",
+			       levels[i], nt_errstr(r.out.result));
+			ret = false;
+		}
+	}
+
+	return ret;
+}
+
+#define STRING_EQUAL_QUERY(s1, s2, user)					\
+	if (s1.string == NULL && s2.string != NULL && s2.string[0] == '\0') { \
+		/* odd, but valid */						\
+	} else if ((s1.string && !s2.string) || (s2.string && !s1.string) || strcmp(s1.string, s2.string)) { \
+			torture_result(tctx, TORTURE_FAIL, "%s mismatch for %s: %s != %s (%s)\n", \
+			       #s1, user.string,  s1.string, s2.string, __location__);   \
+			ret = false; \
+	}
+#define INT_EQUAL_QUERY(s1, s2, user)		\
+		if (s1 != s2) { \
+			torture_result(tctx, TORTURE_FAIL, "%s mismatch for %s: 0x%llx != 0x%llx (%s)\n", \
+			       #s1, user.string, (unsigned long long)s1, (unsigned long long)s2, __location__); \
+			ret = false; \
+		}
+
+static bool test_each_DisplayInfo_user(struct dcerpc_binding_handle *b,
+				       struct torture_context *tctx,
+				       struct samr_QueryDisplayInfo *querydisplayinfo,
+				       bool *seen_testuser)
+{
+	struct samr_OpenUser r;
+	struct samr_QueryUserInfo q;
+	union samr_UserInfo *info;
+	struct policy_handle user_handle;
+	int i, ret = true;
+	r.in.domain_handle = querydisplayinfo->in.domain_handle;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	for (i = 0; ; i++) {
+		switch (querydisplayinfo->in.level) {
+		case 1:
+			if (i >= querydisplayinfo->out.info->info1.count) {
+				return ret;
+			}
+			r.in.rid = querydisplayinfo->out.info->info1.entries[i].rid;
+			break;
+		case 2:
+			if (i >= querydisplayinfo->out.info->info2.count) {
+				return ret;
+			}
+			r.in.rid = querydisplayinfo->out.info->info2.entries[i].rid;
+			break;
+		case 3:
+			/* Groups */
+		case 4:
+		case 5:
+			/* Not interested in validating just the account name */
+			return true;
+		}
+
+		r.out.user_handle = &user_handle;
+
+		switch (querydisplayinfo->in.level) {
+		case 1:
+		case 2:
+			torture_assert_ntstatus_ok(tctx, dcerpc_samr_OpenUser_r(b, tctx, &r),
+				"OpenUser failed");
+			if (!NT_STATUS_IS_OK(r.out.result)) {
+				torture_result(tctx, TORTURE_FAIL, "OpenUser(%u) failed - %s\n", r.in.rid, nt_errstr(r.out.result));
+				return false;
+			}
+		}
+
+		q.in.user_handle = &user_handle;
+		q.in.level = 21;
+		q.out.info = &info;
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryUserInfo_r(b, tctx, &q),
+			"QueryUserInfo failed");
+		if (!NT_STATUS_IS_OK(r.out.result)) {
+			torture_result(tctx, TORTURE_FAIL, "QueryUserInfo(%u) failed - %s\n", r.in.rid, nt_errstr(r.out.result));
+			return false;
+		}
+
+		switch (querydisplayinfo->in.level) {
+		case 1:
+			if (seen_testuser && strcmp(info->info21.account_name.string, TEST_ACCOUNT_NAME) == 0) {
+				*seen_testuser = true;
+			}
+			STRING_EQUAL_QUERY(querydisplayinfo->out.info->info1.entries[i].full_name,
+					   info->info21.full_name, info->info21.account_name);
+			STRING_EQUAL_QUERY(querydisplayinfo->out.info->info1.entries[i].account_name,
+					   info->info21.account_name, info->info21.account_name);
+			STRING_EQUAL_QUERY(querydisplayinfo->out.info->info1.entries[i].description,
+					   info->info21.description, info->info21.account_name);
+			INT_EQUAL_QUERY(querydisplayinfo->out.info->info1.entries[i].rid,
+					info->info21.rid, info->info21.account_name);
+			INT_EQUAL_QUERY(querydisplayinfo->out.info->info1.entries[i].acct_flags,
+					info->info21.acct_flags, info->info21.account_name);
+
+			break;
+		case 2:
+			STRING_EQUAL_QUERY(querydisplayinfo->out.info->info2.entries[i].account_name,
+					   info->info21.account_name, info->info21.account_name);
+			STRING_EQUAL_QUERY(querydisplayinfo->out.info->info2.entries[i].description,
+					   info->info21.description, info->info21.account_name);
+			INT_EQUAL_QUERY(querydisplayinfo->out.info->info2.entries[i].rid,
+					info->info21.rid, info->info21.account_name);
+			INT_EQUAL_QUERY((querydisplayinfo->out.info->info2.entries[i].acct_flags & ~ACB_NORMAL),
+					info->info21.acct_flags, info->info21.account_name);
+
+			if (!(querydisplayinfo->out.info->info2.entries[i].acct_flags & ACB_NORMAL)) {
+				torture_result(tctx, TORTURE_FAIL, "Missing ACB_NORMAL in querydisplayinfo->out.info.info2.entries[i].acct_flags on %s\n",
+				       info->info21.account_name.string);
+			}
+
+			if (!(info->info21.acct_flags & (ACB_WSTRUST | ACB_SVRTRUST))) {
+				torture_result(tctx, TORTURE_FAIL, "Found non-trust account %s in trust account listing: 0x%x 0x%x\n",
+				       info->info21.account_name.string,
+				       querydisplayinfo->out.info->info2.entries[i].acct_flags,
+				       info->info21.acct_flags);
+				return false;
+			}
+
+			break;
+		}
+
+		if (!test_samr_handle_Close(b, tctx, &user_handle)) {
+			return false;
+		}
+	}
+	return ret;
+}
+
+static bool test_QueryDisplayInfo(struct dcerpc_binding_handle *b,
+				  struct torture_context *tctx,
+				  struct policy_handle *handle)
+{
+	struct samr_QueryDisplayInfo r;
+	struct samr_QueryDomainInfo dom_info;
+	union samr_DomainInfo *info = NULL;
+	bool ret = true;
+	uint16_t levels[] = {1, 2, 3, 4, 5};
+	int i;
+	bool seen_testuser = false;
+	uint32_t total_size;
+	uint32_t returned_size;
+	union samr_DispInfo disp_info;
+
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		torture_comment(tctx, "Testing QueryDisplayInfo level %u\n", levels[i]);
+
+		r.in.start_idx = 0;
+		r.out.result = STATUS_MORE_ENTRIES;
+		while (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES)) {
+			r.in.domain_handle = handle;
+			r.in.level = levels[i];
+			r.in.max_entries = 2;
+			r.in.buf_size = (uint32_t)-1;
+			r.out.total_size = &total_size;
+			r.out.returned_size = &returned_size;
+			r.out.info = &disp_info;
+
+			torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryDisplayInfo_r(b, tctx, &r),
+				"QueryDisplayInfo failed");
+			if (!NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES) && !NT_STATUS_IS_OK(r.out.result)) {
+				torture_result(tctx, TORTURE_FAIL, "QueryDisplayInfo level %u failed - %s\n",
+				       levels[i], nt_errstr(r.out.result));
+				ret = false;
+			}
+			switch (r.in.level) {
+			case 1:
+				if (!test_each_DisplayInfo_user(b, tctx, &r, &seen_testuser)) {
+					ret = false;
+				}
+				r.in.start_idx += r.out.info->info1.count;
+				break;
+			case 2:
+				if (!test_each_DisplayInfo_user(b, tctx, &r, NULL)) {
+					ret = false;
+				}
+				r.in.start_idx += r.out.info->info2.count;
+				break;
+			case 3:
+				r.in.start_idx += r.out.info->info3.count;
+				break;
+			case 4:
+				r.in.start_idx += r.out.info->info4.count;
+				break;
+			case 5:
+				r.in.start_idx += r.out.info->info5.count;
+				break;
+			}
+		}
+		dom_info.in.domain_handle = handle;
+		dom_info.in.level = 2;
+		dom_info.out.info = &info;
+
+		/* Check number of users returned is correct */
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryDomainInfo_r(b, tctx, &dom_info),
+			"QueryDomainInfo failed");
+		if (!NT_STATUS_IS_OK(dom_info.out.result)) {
+			torture_result(tctx, TORTURE_FAIL, "QueryDomainInfo level %u failed - %s\n",
+			       r.in.level, nt_errstr(dom_info.out.result));
+			ret = false;
+			break;
+		}
+		switch (r.in.level) {
+		case 1:
+		case 4:
+			if (info->general.num_users < r.in.start_idx) {
+				/* On AD deployments this numbers don't match
+				 * since QueryDisplayInfo returns universal and
+				 * global groups, QueryDomainInfo only global
+				 * ones. */
+				if (torture_setting_bool(tctx, "samba3", false)) {
+					torture_result(tctx, TORTURE_FAIL, "QueryDomainInfo indicates that QueryDisplayInfo returned more users (%d/%d) than the domain %s is said to contain!\n",
+					       r.in.start_idx, info->general.num_groups,
+					       info->general.domain_name.string);
+					ret = false;
+				}
+			}
+			if (!seen_testuser) {
+				struct policy_handle user_handle;
+				if (NT_STATUS_IS_OK(test_OpenUser_byname(b, tctx, handle, TEST_ACCOUNT_NAME, &user_handle))) {
+					torture_result(tctx, TORTURE_FAIL, "Didn't find test user " TEST_ACCOUNT_NAME " in enumeration of %s\n",
+					       info->general.domain_name.string);
+					ret = false;
+					test_samr_handle_Close(b, tctx, &user_handle);
+				}
+			}
+			break;
+		case 3:
+		case 5:
+			if (info->general.num_groups != r.in.start_idx) {
+				/* On AD deployments this numbers don't match
+				 * since QueryDisplayInfo returns universal and
+				 * global groups, QueryDomainInfo only global
+				 * ones. */
+				if (torture_setting_bool(tctx, "samba3", false)) {
+					torture_result(tctx, TORTURE_FAIL, "QueryDomainInfo indicates that QueryDisplayInfo didn't return all (%d/%d) the groups in %s\n",
+					       r.in.start_idx, info->general.num_groups,
+					       info->general.domain_name.string);
+					ret = false;
+				}
+			}
+
+			break;
+		}
+
+	}
+
+	return ret;
+}
+
+static bool test_QueryDisplayInfo2(struct dcerpc_binding_handle *b,
+				   struct torture_context *tctx,
+				   struct policy_handle *handle)
+{
+	struct samr_QueryDisplayInfo2 r;
+	bool ret = true;
+	uint16_t levels[] = {1, 2, 3, 4, 5};
+	int i;
+	uint32_t total_size;
+	uint32_t returned_size;
+	union samr_DispInfo info;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		torture_comment(tctx, "Testing QueryDisplayInfo2 level %u\n", levels[i]);
+
+		r.in.domain_handle = handle;
+		r.in.level = levels[i];
+		r.in.start_idx = 0;
+		r.in.max_entries = 1000;
+		r.in.buf_size = (uint32_t)-1;
+		r.out.total_size = &total_size;
+		r.out.returned_size = &returned_size;
+		r.out.info = &info;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryDisplayInfo2_r(b, tctx, &r),
+			"QueryDisplayInfo2 failed");
+		if (!NT_STATUS_IS_OK(r.out.result)) {
+			torture_result(tctx, TORTURE_FAIL, "QueryDisplayInfo2 level %u failed - %s\n",
+			       levels[i], nt_errstr(r.out.result));
+			ret = false;
+		}
+	}
+
+	return ret;
+}
+
+static bool test_QueryDisplayInfo3(struct dcerpc_binding_handle *b,
+				   struct torture_context *tctx,
+				   struct policy_handle *handle)
+{
+	struct samr_QueryDisplayInfo3 r;
+	bool ret = true;
+	uint16_t levels[] = {1, 2, 3, 4, 5};
+	int i;
+	uint32_t total_size;
+	uint32_t returned_size;
+	union samr_DispInfo info;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		torture_comment(tctx, "Testing QueryDisplayInfo3 level %u\n", levels[i]);
+
+		r.in.domain_handle = handle;
+		r.in.level = levels[i];
+		r.in.start_idx = 0;
+		r.in.max_entries = 1000;
+		r.in.buf_size = (uint32_t)-1;
+		r.out.total_size = &total_size;
+		r.out.returned_size = &returned_size;
+		r.out.info = &info;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryDisplayInfo3_r(b, tctx, &r),
+			"QueryDisplayInfo3 failed");
+		if (!NT_STATUS_IS_OK(r.out.result)) {
+			torture_result(tctx, TORTURE_FAIL, "QueryDisplayInfo3 level %u failed - %s\n",
+			       levels[i], nt_errstr(r.out.result));
+			ret = false;
+		}
+	}
+
+	return ret;
+}
+
+
+static bool test_QueryDisplayInfo_continue(struct dcerpc_binding_handle *b,
+					   struct torture_context *tctx,
+					   struct policy_handle *handle)
+{
+	struct samr_QueryDisplayInfo r;
+	bool ret = true;
+	uint32_t total_size;
+	uint32_t returned_size;
+	union samr_DispInfo info;
+
+	torture_comment(tctx, "Testing QueryDisplayInfo continuation\n");
+
+	r.in.domain_handle = handle;
+	r.in.level = 1;
+	r.in.start_idx = 0;
+	r.in.max_entries = 1;
+	r.in.buf_size = (uint32_t)-1;
+	r.out.total_size = &total_size;
+	r.out.returned_size = &returned_size;
+	r.out.info = &info;
+
+	do {
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryDisplayInfo_r(b, tctx, &r),
+			"QueryDisplayInfo failed");
+		if (NT_STATUS_IS_OK(r.out.result) && *r.out.returned_size != 0) {
+			if (r.out.info->info1.entries[0].idx != r.in.start_idx + 1) {
+				torture_result(tctx, TORTURE_FAIL, "expected idx %d but got %d\n",
+				       r.in.start_idx + 1,
+				       r.out.info->info1.entries[0].idx);
+				break;
+			}
+		}
+		if (!NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES) &&
+		    !NT_STATUS_IS_OK(r.out.result)) {
+			torture_result(tctx, TORTURE_FAIL, "QueryDisplayInfo level %u failed - %s\n",
+			       r.in.level, nt_errstr(r.out.result));
+			ret = false;
+			break;
+		}
+		r.in.start_idx++;
+	} while ((NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES) ||
+		  NT_STATUS_IS_OK(r.out.result)) &&
+		 *r.out.returned_size != 0);
+
+	return ret;
+}
+
+static bool test_QueryDomainInfo(struct dcerpc_pipe *p,
+				 struct torture_context *tctx,
+				 struct policy_handle *handle)
+{
+	struct samr_QueryDomainInfo r;
+	union samr_DomainInfo *info = NULL;
+	struct samr_SetDomainInfo s;
+	uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13};
+	uint16_t set_ok[] = {1, 0, 1, 1, 0, 1, 1, 0, 1,  0,  1,  0};
+	int i;
+	bool ret = true;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	const char *domain_comment = talloc_asprintf(tctx,
+				  "Tortured by Samba4 RPC-SAMR: %s",
+				  timestring(tctx, time(NULL)));
+
+	s.in.domain_handle = handle;
+	s.in.level = 4;
+	s.in.info = talloc(tctx, union samr_DomainInfo);
+
+	s.in.info->oem.oem_information.string = domain_comment;
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetDomainInfo_r(b, tctx, &s),
+		"SetDomainInfo failed");
+	if (!NT_STATUS_IS_OK(s.out.result)) {
+		torture_result(tctx, TORTURE_FAIL, "SetDomainInfo level %u (set comment) failed - %s\n",
+		       s.in.level, nt_errstr(s.out.result));
+		return false;
+	}
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		torture_comment(tctx, "Testing QueryDomainInfo level %u\n", levels[i]);
+
+		r.in.domain_handle = handle;
+		r.in.level = levels[i];
+		r.out.info = &info;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryDomainInfo_r(b, tctx, &r),
+			"QueryDomainInfo failed");
+		if (!NT_STATUS_IS_OK(r.out.result)) {
+			torture_result(tctx, TORTURE_FAIL, "QueryDomainInfo level %u failed - %s\n",
+			       r.in.level, nt_errstr(r.out.result));
+			ret = false;
+			continue;
+		}
+
+		switch (levels[i]) {
+		case 2:
+			if (strcmp(info->general.oem_information.string, domain_comment) != 0) {
+				torture_result(tctx, TORTURE_FAIL, "QueryDomainInfo level %u returned different oem_information (comment) (%s, expected %s)\n",
+				       levels[i], info->general.oem_information.string, domain_comment);
+				if (!torture_setting_bool(tctx, "samba3", false)) {
+					ret = false;
+				}
+			}
+			if (!info->general.primary.string) {
+				torture_result(tctx, TORTURE_FAIL, "QueryDomainInfo level %u returned no PDC name\n",
+				       levels[i]);
+				ret = false;
+			} else if (info->general.role == SAMR_ROLE_DOMAIN_PDC) {
+				if (dcerpc_server_name(p) && strcasecmp_m(dcerpc_server_name(p), info->general.primary.string) != 0) {
+					if (torture_setting_bool(tctx, "samba3", false)) {
+						torture_result(tctx, TORTURE_FAIL, "QueryDomainInfo level %u returned different PDC name (%s) compared to server name (%s), despite claiming to be the PDC\n",
+						       levels[i], info->general.primary.string, dcerpc_server_name(p));
+					}
+				}
+			}
+			break;
+		case 4:
+			if (strcmp(info->oem.oem_information.string, domain_comment) != 0) {
+				torture_result(tctx, TORTURE_FAIL, "QueryDomainInfo level %u returned different oem_information (comment) (%s, expected %s)\n",
+				       levels[i], info->oem.oem_information.string, domain_comment);
+				if (!torture_setting_bool(tctx, "samba3", false)) {
+					ret = false;
+				}
+			}
+			break;
+		case 6:
+			if (!info->info6.primary.string) {
+				torture_result(tctx, TORTURE_FAIL, "QueryDomainInfo level %u returned no PDC name\n",
+				       levels[i]);
+				ret = false;
+			}
+			break;
+		case 11:
+			if (strcmp(info->general2.general.oem_information.string, domain_comment) != 0) {
+				torture_result(tctx, TORTURE_FAIL, "QueryDomainInfo level %u returned different comment (%s, expected %s)\n",
+				       levels[i], info->general2.general.oem_information.string, domain_comment);
+				if (!torture_setting_bool(tctx, "samba3", false)) {
+					ret = false;
+				}
+			}
+			break;
+		}
+
+		torture_comment(tctx, "Testing SetDomainInfo level %u\n", levels[i]);
+
+		s.in.domain_handle = handle;
+		s.in.level = levels[i];
+		s.in.info = info;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetDomainInfo_r(b, tctx, &s),
+			"SetDomainInfo failed");
+		if (set_ok[i]) {
+			if (!NT_STATUS_IS_OK(s.out.result)) {
+				torture_result(tctx, TORTURE_FAIL, "SetDomainInfo level %u failed - %s\n",
+				       r.in.level, nt_errstr(s.out.result));
+				ret = false;
+				continue;
+			}
+		} else {
+			if (!NT_STATUS_EQUAL(NT_STATUS_INVALID_INFO_CLASS, s.out.result)) {
+				torture_result(tctx, TORTURE_FAIL, "SetDomainInfo level %u gave %s - should have been NT_STATUS_INVALID_INFO_CLASS\n",
+				       r.in.level, nt_errstr(s.out.result));
+				ret = false;
+				continue;
+			}
+		}
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryDomainInfo_r(b, tctx, &r),
+			"QueryDomainInfo failed");
+		if (!NT_STATUS_IS_OK(r.out.result)) {
+			torture_result(tctx, TORTURE_FAIL, "QueryDomainInfo level %u failed - %s\n",
+			       r.in.level, nt_errstr(r.out.result));
+			ret = false;
+			continue;
+		}
+	}
+
+	return ret;
+}
+
+
+static bool test_QueryDomainInfo2(struct dcerpc_binding_handle *b,
+				  struct torture_context *tctx,
+				  struct policy_handle *handle)
+{
+	struct samr_QueryDomainInfo2 r;
+	union samr_DomainInfo *info = NULL;
+	uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13};
+	int i;
+	bool ret = true;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		torture_comment(tctx, "Testing QueryDomainInfo2 level %u\n", levels[i]);
+
+		r.in.domain_handle = handle;
+		r.in.level = levels[i];
+		r.out.info = &info;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryDomainInfo2_r(b, tctx, &r),
+			"QueryDomainInfo2 failed");
+		if (!NT_STATUS_IS_OK(r.out.result)) {
+			torture_result(tctx, TORTURE_FAIL, "QueryDomainInfo2 level %u failed - %s\n",
+			       r.in.level, nt_errstr(r.out.result));
+			ret = false;
+			continue;
+		}
+	}
+
+	return ret;
+}
+
+/* Test whether querydispinfo level 5 and enumdomgroups return the same
+   set of group names. */
+static bool test_GroupList(struct dcerpc_binding_handle *b,
+			   struct torture_context *tctx,
+			   struct dom_sid *domain_sid,
+			   struct policy_handle *handle)
+{
+	struct samr_EnumDomainGroups q1;
+	struct samr_QueryDisplayInfo q2;
+	NTSTATUS status;
+	uint32_t resume_handle=0;
+	struct samr_SamArray *sam = NULL;
+	uint32_t num_entries = 0;
+	int i;
+	bool ret = true;
+	uint32_t total_size;
+	uint32_t returned_size;
+	union samr_DispInfo info;
+
+	size_t num_names = 0;
+	const char **names = NULL;
+
+	bool builtin_domain = dom_sid_compare(domain_sid,
+					      &global_sid_Builtin) == 0;
+
+	torture_comment(tctx, "Testing coherency of querydispinfo vs enumdomgroups\n");
+
+	q1.in.domain_handle = handle;
+	q1.in.resume_handle = &resume_handle;
+	q1.in.max_size = 5;
+	q1.out.resume_handle = &resume_handle;
+	q1.out.num_entries = &num_entries;
+	q1.out.sam = &sam;
+
+	status = STATUS_MORE_ENTRIES;
+	while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_EnumDomainGroups_r(b, tctx, &q1),
+			"EnumDomainGroups failed");
+		status = q1.out.result;
+
+		if (!NT_STATUS_IS_OK(status) &&
+		    !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
+			break;
+
+		for (i=0; i<*q1.out.num_entries; i++) {
+			add_string_to_array(tctx,
+					    sam->entries[i].name.string,
+					    &names, &num_names);
+		}
+	}
+
+	torture_assert_ntstatus_ok(tctx, status, "EnumDomainGroups");
+
+	torture_assert(tctx, sam, "EnumDomainGroups failed to return sam");
+
+	if (builtin_domain) {
+		torture_assert(tctx, num_names == 0,
+			       "EnumDomainGroups shouldn't return any group in the builtin domain!");
+	}
+
+	q2.in.domain_handle = handle;
+	q2.in.level = 5;
+	q2.in.start_idx = 0;
+	q2.in.max_entries = 5;
+	q2.in.buf_size = (uint32_t)-1;
+	q2.out.total_size = &total_size;
+	q2.out.returned_size = &returned_size;
+	q2.out.info = &info;
+
+	status = STATUS_MORE_ENTRIES;
+	while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryDisplayInfo_r(b, tctx, &q2),
+			"QueryDisplayInfo failed");
+		status = q2.out.result;
+		if (!NT_STATUS_IS_OK(status) &&
+		    !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
+			break;
+
+		for (i=0; i<q2.out.info->info5.count; i++) {
+			int j;
+			const char *name = q2.out.info->info5.entries[i].account_name.string;
+			bool found = false;
+			for (j=0; j<num_names; j++) {
+				if (names[j] == NULL)
+					continue;
+				if (strequal(names[j], name)) {
+					names[j] = NULL;
+					found = true;
+					break;
+				}
+			}
+
+			if ((!found) && (!builtin_domain)) {
+				torture_result(tctx, TORTURE_FAIL, "QueryDisplayInfo gave name [%s] that EnumDomainGroups did not\n",
+				       name);
+				ret = false;
+			}
+		}
+		q2.in.start_idx += q2.out.info->info5.count;
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_result(tctx, TORTURE_FAIL, "QueryDisplayInfo level 5 failed - %s\n",
+		       nt_errstr(status));
+		ret = false;
+	}
+
+	if (builtin_domain) {
+		torture_assert(tctx, q2.in.start_idx != 0,
+			       "QueryDisplayInfo should return all domain groups also on the builtin domain handle!");
+	}
+
+	for (i=0; i<num_names; i++) {
+		if (names[i] != NULL) {
+			torture_result(tctx, TORTURE_FAIL, "EnumDomainGroups gave name [%s] that QueryDisplayInfo did not\n",
+			       names[i]);
+			ret = false;
+		}
+	}
+
+	return ret;
+}
+
+static bool test_DeleteDomainGroup(struct dcerpc_binding_handle *b,
+				   struct torture_context *tctx,
+				   struct policy_handle *group_handle)
+{
+    	struct samr_DeleteDomainGroup d;
+
+	torture_comment(tctx, "Testing DeleteDomainGroup\n");
+
+	d.in.group_handle = group_handle;
+	d.out.group_handle = group_handle;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_DeleteDomainGroup_r(b, tctx, &d),
+		"DeleteDomainGroup failed");
+	torture_assert_ntstatus_ok(tctx, d.out.result, "DeleteDomainGroup");
+
+	return true;
+}
+
+static bool test_TestPrivateFunctionsDomain(struct dcerpc_binding_handle *b,
+					    struct torture_context *tctx,
+					    struct policy_handle *domain_handle)
+{
+    	struct samr_TestPrivateFunctionsDomain r;
+	bool ret = true;
+
+	torture_comment(tctx, "Testing TestPrivateFunctionsDomain\n");
+
+	r.in.domain_handle = domain_handle;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_TestPrivateFunctionsDomain_r(b, tctx, &r),
+		"TestPrivateFunctionsDomain failed");
+	torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_NOT_IMPLEMENTED, "TestPrivateFunctionsDomain");
+
+	return ret;
+}
+
+static bool test_RidToSid(struct dcerpc_binding_handle *b,
+			  struct torture_context *tctx,
+			  struct dom_sid *domain_sid,
+			  struct policy_handle *domain_handle)
+{
+    	struct samr_RidToSid r;
+	bool ret = true;
+	struct dom_sid *calc_sid, *out_sid;
+	int rids[] = { 0, 42, 512, 10200 };
+	int i;
+
+	for (i=0;i<ARRAY_SIZE(rids);i++) {
+		torture_comment(tctx, "Testing RidToSid\n");
+
+		calc_sid = dom_sid_dup(tctx, domain_sid);
+		r.in.domain_handle = domain_handle;
+		r.in.rid = rids[i];
+		r.out.sid = &out_sid;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_RidToSid_r(b, tctx, &r),
+			"RidToSid failed");
+		if (!NT_STATUS_IS_OK(r.out.result)) {
+			torture_result(tctx, TORTURE_FAIL, "RidToSid for %d failed - %s\n", rids[i], nt_errstr(r.out.result));
+			ret = false;
+		} else {
+			calc_sid = dom_sid_add_rid(calc_sid, calc_sid, rids[i]);
+
+			if (!dom_sid_equal(calc_sid, out_sid)) {
+				torture_result(tctx, TORTURE_FAIL, "RidToSid for %d failed - got %s, expected %s\n", rids[i],
+				       dom_sid_string(tctx, out_sid),
+				       dom_sid_string(tctx, calc_sid));
+				ret = false;
+			}
+		}
+	}
+
+	return ret;
+}
+
+static bool test_GetBootKeyInformation(struct dcerpc_binding_handle *b,
+				       struct torture_context *tctx,
+				       struct policy_handle *domain_handle)
+{
+	struct samr_GetBootKeyInformation r;
+	bool ret = true;
+	uint32_t unknown = 0;
+	NTSTATUS status;
+
+	torture_comment(tctx, "Testing GetBootKeyInformation\n");
+
+	r.in.domain_handle = domain_handle;
+	r.out.unknown = &unknown;
+
+	status = dcerpc_samr_GetBootKeyInformation_r(b, tctx, &r);
+	if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(r.out.result)) {
+		status = r.out.result;
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		/* w2k3 seems to fail this sometimes and pass it sometimes */
+		torture_comment(tctx, "GetBootKeyInformation (ignored) - %s\n", nt_errstr(status));
+	}
+
+	return ret;
+}
+
+static bool test_AddGroupMember(struct dcerpc_binding_handle *b,
+				struct torture_context *tctx,
+				struct policy_handle *domain_handle,
+				struct policy_handle *group_handle)
+{
+	NTSTATUS status;
+	struct samr_AddGroupMember r;
+	struct samr_DeleteGroupMember d;
+	struct samr_QueryGroupMember q;
+	struct samr_RidAttrArray *rids = NULL;
+	struct samr_SetMemberAttributesOfGroup s;
+	uint32_t rid;
+	bool found_member = false;
+	int i;
+
+	status = test_LookupName(b, tctx, domain_handle, TEST_ACCOUNT_NAME, &rid);
+	torture_assert_ntstatus_ok(tctx, status, "test_AddGroupMember looking up name " TEST_ACCOUNT_NAME);
+
+	r.in.group_handle = group_handle;
+	r.in.rid = rid;
+	r.in.flags = 0; /* ??? */
+
+	torture_comment(tctx, "Testing AddGroupMember, QueryGroupMember and DeleteGroupMember\n");
+
+	d.in.group_handle = group_handle;
+	d.in.rid = rid;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_DeleteGroupMember_r(b, tctx, &d),
+		"DeleteGroupMember failed");
+	torture_assert_ntstatus_equal(tctx, NT_STATUS_MEMBER_NOT_IN_GROUP, d.out.result, "DeleteGroupMember");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_AddGroupMember_r(b, tctx, &r),
+		"AddGroupMember failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "AddGroupMember");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_AddGroupMember_r(b, tctx, &r),
+		"AddGroupMember failed");
+	torture_assert_ntstatus_equal(tctx, NT_STATUS_MEMBER_IN_GROUP, r.out.result, "AddGroupMember");
+
+	if (torture_setting_bool(tctx, "samba4", false) ||
+	    torture_setting_bool(tctx, "samba3", false)) {
+		torture_comment(tctx, "skipping SetMemberAttributesOfGroup test against Samba\n");
+	} else {
+		/* this one is quite strange. I am using random inputs in the
+		   hope of triggering an error that might give us a clue */
+
+		s.in.group_handle = group_handle;
+		s.in.unknown1 = random();
+		s.in.unknown2 = random();
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetMemberAttributesOfGroup_r(b, tctx, &s),
+			"SetMemberAttributesOfGroup failed");
+		torture_assert_ntstatus_ok(tctx, s.out.result, "SetMemberAttributesOfGroup");
+	}
+
+	q.in.group_handle = group_handle;
+	q.out.rids = &rids;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryGroupMember_r(b, tctx, &q),
+		"QueryGroupMember failed");
+	torture_assert_ntstatus_ok(tctx, q.out.result, "QueryGroupMember");
+	torture_assert(tctx, rids, "QueryGroupMember did not fill in rids structure");
+
+	for (i=0; i < rids->count; i++) {
+		if (rids->rids[i] == rid) {
+			found_member = true;
+		}
+	}
+
+	torture_assert(tctx, found_member, "QueryGroupMember did not list newly added member");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_DeleteGroupMember_r(b, tctx, &d),
+		"DeleteGroupMember failed");
+	torture_assert_ntstatus_ok(tctx, d.out.result, "DeleteGroupMember");
+
+	rids = NULL;
+	found_member = false;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryGroupMember_r(b, tctx, &q),
+		"QueryGroupMember failed");
+	torture_assert_ntstatus_ok(tctx, q.out.result, "QueryGroupMember");
+	torture_assert(tctx, rids, "QueryGroupMember did not fill in rids structure");
+
+	for (i=0; i < rids->count; i++) {
+		if (rids->rids[i] == rid) {
+			found_member = true;
+		}
+	}
+
+	torture_assert(tctx, !found_member, "QueryGroupMember does still list removed member");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_AddGroupMember_r(b, tctx, &r),
+		"AddGroupMember failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "AddGroupMember");
+
+	return true;
+}
+
+
+static bool test_CreateDomainGroup(struct dcerpc_binding_handle *b,
+				   struct torture_context *tctx,
+				   struct policy_handle *domain_handle,
+				   const char *group_name,
+				   struct policy_handle *group_handle,
+				   struct dom_sid *domain_sid,
+				   bool test_group)
+{
+	struct samr_CreateDomainGroup r;
+	uint32_t rid;
+	struct lsa_String name;
+	bool ret = true;
+
+	init_lsa_String(&name, group_name);
+
+	r.in.domain_handle = domain_handle;
+	r.in.name = &name;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.group_handle = group_handle;
+	r.out.rid = &rid;
+
+	torture_comment(tctx, "Testing CreateDomainGroup(%s)\n", r.in.name->string);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_CreateDomainGroup_r(b, tctx, &r),
+		"CreateDomainGroup failed");
+
+	if (dom_sid_equal(domain_sid, dom_sid_parse_talloc(tctx, SID_BUILTIN))) {
+		if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_ACCESS_DENIED)) {
+			torture_comment(tctx, "Server correctly refused create of '%s'\n", r.in.name->string);
+			return true;
+		} else {
+			torture_result(tctx, TORTURE_FAIL, "Server should have refused create of '%s', got %s instead\n", r.in.name->string,
+			       nt_errstr(r.out.result));
+			return false;
+		}
+	}
+
+	if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_GROUP_EXISTS)) {
+		if (!test_DeleteGroup_byname(b, tctx, domain_handle, r.in.name->string)) {
+			torture_result(tctx, TORTURE_FAIL, "CreateDomainGroup failed: Could not delete domain group %s - %s\n", r.in.name->string,
+			       nt_errstr(r.out.result));
+			return false;
+		}
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_CreateDomainGroup_r(b, tctx, &r),
+			"CreateDomainGroup failed");
+	}
+	if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_USER_EXISTS)) {
+		if (!test_DeleteUser_byname(b, tctx, domain_handle, r.in.name->string)) {
+
+			torture_result(tctx, TORTURE_FAIL, "CreateDomainGroup failed: Could not delete user %s - %s\n", r.in.name->string,
+			       nt_errstr(r.out.result));
+			return false;
+		}
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_CreateDomainGroup_r(b, tctx, &r),
+			"CreateDomainGroup failed");
+	}
+	torture_assert_ntstatus_ok(tctx, r.out.result, "CreateDomainGroup");
+
+	if (!test_group) {
+		return ret;
+	}
+
+	if (!test_AddGroupMember(b, tctx, domain_handle, group_handle)) {
+		torture_result(tctx, TORTURE_FAIL, "CreateDomainGroup failed - %s\n", nt_errstr(r.out.result));
+		ret = false;
+	}
+
+	if (!test_SetGroupInfo(b, tctx, group_handle)) {
+		ret = false;
+	}
+
+	return ret;
+}
+
+
+/*
+  its not totally clear what this does. It seems to accept any sid you like.
+*/
+static bool test_RemoveMemberFromForeignDomain(struct dcerpc_binding_handle *b,
+					       struct torture_context *tctx,
+					       struct policy_handle *domain_handle)
+{
+	struct samr_RemoveMemberFromForeignDomain r;
+
+	r.in.domain_handle = domain_handle;
+	r.in.sid = dom_sid_parse_talloc(tctx, "S-1-5-32-12-34-56-78");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_RemoveMemberFromForeignDomain_r(b, tctx, &r),
+		"RemoveMemberFromForeignDomain failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "RemoveMemberFromForeignDomain");
+
+	return true;
+}
+
+static bool test_EnumDomainUsers(struct dcerpc_binding_handle *b,
+				 struct torture_context *tctx,
+				 struct policy_handle *domain_handle,
+				 uint32_t *total_num_entries_p)
+{
+	NTSTATUS status;
+	struct samr_EnumDomainUsers r;
+	uint32_t resume_handle = 0;
+	uint32_t num_entries = 0;
+	uint32_t total_num_entries = 0;
+	struct samr_SamArray *sam;
+
+	r.in.domain_handle = domain_handle;
+	r.in.acct_flags = 0;
+	r.in.max_size = (uint32_t)-1;
+	r.in.resume_handle = &resume_handle;
+
+	r.out.sam = &sam;
+	r.out.num_entries = &num_entries;
+	r.out.resume_handle = &resume_handle;
+
+	torture_comment(tctx, "Testing EnumDomainUsers\n");
+
+	do {
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_EnumDomainUsers_r(b, tctx, &r),
+			"EnumDomainUsers failed");
+		if (NT_STATUS_IS_ERR(r.out.result)) {
+			torture_assert_ntstatus_ok(tctx, r.out.result,
+				"failed to enumerate users");
+		}
+		status = r.out.result;
+
+		total_num_entries += num_entries;
+	} while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
+
+	if (total_num_entries_p) {
+		*total_num_entries_p = total_num_entries;
+	}
+
+	return true;
+}
+
+static bool test_EnumDomainGroups(struct dcerpc_binding_handle *b,
+				  struct torture_context *tctx,
+				  struct policy_handle *domain_handle,
+				  uint32_t *total_num_entries_p)
+{
+	NTSTATUS status;
+	struct samr_EnumDomainGroups r;
+	uint32_t resume_handle = 0;
+	uint32_t num_entries = 0;
+	uint32_t total_num_entries = 0;
+	struct samr_SamArray *sam;
+
+	r.in.domain_handle = domain_handle;
+	r.in.max_size = (uint32_t)-1;
+	r.in.resume_handle = &resume_handle;
+
+	r.out.sam = &sam;
+	r.out.num_entries = &num_entries;
+	r.out.resume_handle = &resume_handle;
+
+	torture_comment(tctx, "Testing EnumDomainGroups\n");
+
+	do {
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_EnumDomainGroups_r(b, tctx, &r),
+			"EnumDomainGroups failed");
+		if (NT_STATUS_IS_ERR(r.out.result)) {
+			torture_assert_ntstatus_ok(tctx, r.out.result,
+				"failed to enumerate groups");
+		}
+		status = r.out.result;
+
+		total_num_entries += num_entries;
+	} while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
+
+	if (total_num_entries_p) {
+		*total_num_entries_p = total_num_entries;
+	}
+
+	return true;
+}
+
+static bool test_EnumDomainAliases(struct dcerpc_binding_handle *b,
+				   struct torture_context *tctx,
+				   struct policy_handle *domain_handle,
+				   uint32_t *total_num_entries_p)
+{
+	NTSTATUS status;
+	struct samr_EnumDomainAliases r;
+	uint32_t resume_handle = 0;
+	uint32_t num_entries = 0;
+	uint32_t total_num_entries = 0;
+	struct samr_SamArray *sam;
+
+	r.in.domain_handle = domain_handle;
+	r.in.max_size = (uint32_t)-1;
+	r.in.resume_handle = &resume_handle;
+
+	r.out.sam = &sam;
+	r.out.num_entries = &num_entries;
+	r.out.resume_handle = &resume_handle;
+
+	torture_comment(tctx, "Testing EnumDomainAliases\n");
+
+	do {
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_EnumDomainAliases_r(b, tctx, &r),
+			"EnumDomainAliases failed");
+		if (NT_STATUS_IS_ERR(r.out.result)) {
+			torture_assert_ntstatus_ok(tctx, r.out.result,
+				"failed to enumerate aliases");
+		}
+		status = r.out.result;
+
+		total_num_entries += num_entries;
+	} while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
+
+	if (total_num_entries_p) {
+		*total_num_entries_p = total_num_entries;
+	}
+
+	return true;
+}
+
+static bool test_QueryDisplayInfo_level(struct dcerpc_binding_handle *b,
+					struct torture_context *tctx,
+					struct policy_handle *handle,
+					uint16_t level,
+					uint32_t *total_num_entries_p)
+{
+	NTSTATUS status;
+	struct samr_QueryDisplayInfo r;
+	uint32_t total_num_entries = 0;
+
+	r.in.domain_handle = handle;
+	r.in.level = level;
+	r.in.start_idx = 0;
+	r.in.max_entries = (uint32_t)-1;
+	r.in.buf_size = (uint32_t)-1;
+
+	torture_comment(tctx, "Testing QueryDisplayInfo\n");
+
+	do {
+		uint32_t total_size;
+		uint32_t returned_size;
+		union samr_DispInfo info;
+
+		r.out.total_size = &total_size;
+		r.out.returned_size = &returned_size;
+		r.out.info = &info;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryDisplayInfo_r(b, tctx, &r),
+			"failed to query displayinfo");
+		if (NT_STATUS_IS_ERR(r.out.result)) {
+			torture_assert_ntstatus_ok(tctx, r.out.result,
+				"failed to query displayinfo");
+		}
+		status = r.out.result;
+
+		if (*r.out.returned_size == 0) {
+			break;
+		}
+
+		switch (r.in.level) {
+		case 1:
+			total_num_entries += info.info1.count;
+			r.in.start_idx += info.info1.entries[info.info1.count - 1].idx + 1;
+			break;
+		case 2:
+			total_num_entries += info.info2.count;
+			r.in.start_idx += info.info2.entries[info.info2.count - 1].idx + 1;
+			break;
+		case 3:
+			total_num_entries += info.info3.count;
+			r.in.start_idx += info.info3.entries[info.info3.count - 1].idx + 1;
+			break;
+		case 4:
+			total_num_entries += info.info4.count;
+			r.in.start_idx += info.info4.entries[info.info4.count - 1].idx + 1;
+			break;
+		case 5:
+			total_num_entries += info.info5.count;
+			r.in.start_idx += info.info5.entries[info.info5.count - 1].idx + 1;
+			break;
+		default:
+			return false;
+		}
+
+	} while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
+
+	if (total_num_entries_p) {
+		*total_num_entries_p = total_num_entries;
+	}
+
+	return true;
+}
+
+static bool test_ManyObjects(struct dcerpc_pipe *p,
+			     struct torture_context *tctx,
+			     struct policy_handle *domain_handle,
+			     struct dom_sid *domain_sid,
+			     struct torture_samr_context *ctx)
+{
+	uint32_t num_total = ctx->num_objects_large_dc;
+	uint32_t num_enum = 0;
+	uint32_t num_disp = 0;
+	uint32_t num_created = 0;
+	uint32_t num_anounced = 0;
+	uint32_t i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	struct policy_handle *handles = talloc_zero_array(tctx, struct policy_handle, num_total);
+
+	/* query */
+
+	{
+		struct samr_QueryDomainInfo2 r;
+		union samr_DomainInfo *info;
+		r.in.domain_handle = domain_handle;
+		r.in.level = 2;
+		r.out.info = &info;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryDomainInfo2_r(b, tctx, &r),
+			"QueryDomainInfo2 failed");
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"failed to query domain info");
+
+		switch (ctx->choice) {
+		case TORTURE_SAMR_MANY_ACCOUNTS:
+			num_anounced = info->general.num_users;
+			break;
+		case TORTURE_SAMR_MANY_GROUPS:
+			num_anounced = info->general.num_groups;
+			break;
+		case TORTURE_SAMR_MANY_ALIASES:
+			num_anounced = info->general.num_aliases;
+			break;
+		default:
+			return false;
+		}
+	}
+
+	/* create */
+
+	for (i=0; i < num_total; i++) {
+
+		const char *name = NULL;
+
+		switch (ctx->choice) {
+		case TORTURE_SAMR_MANY_ACCOUNTS:
+			name = talloc_asprintf(tctx, "%s%04d", TEST_ACCOUNT_NAME, i);
+			torture_assert(tctx,
+				test_CreateUser(p, tctx, domain_handle, name, &handles[i], domain_sid, 0, NULL, false),
+				"failed to create user");
+			break;
+		case TORTURE_SAMR_MANY_GROUPS:
+			name = talloc_asprintf(tctx, "%s%04d", TEST_GROUPNAME, i);
+			torture_assert(tctx,
+				test_CreateDomainGroup(b, tctx, domain_handle, name, &handles[i], domain_sid, false),
+				"failed to create group");
+			break;
+		case TORTURE_SAMR_MANY_ALIASES:
+			name = talloc_asprintf(tctx, "%s%04d", TEST_ALIASNAME, i);
+			torture_assert(tctx,
+				test_CreateAlias(b, tctx, domain_handle, name, &handles[i], domain_sid, false),
+				"failed to create alias");
+			break;
+		default:
+			return false;
+		}
+		if (!ndr_policy_handle_empty(&handles[i])) {
+			num_created++;
+		}
+	}
+
+	/* enum */
+
+	switch (ctx->choice) {
+	case TORTURE_SAMR_MANY_ACCOUNTS:
+		torture_assert(tctx,
+			test_EnumDomainUsers(b, tctx, domain_handle, &num_enum),
+			"failed to enum users");
+		break;
+	case TORTURE_SAMR_MANY_GROUPS:
+		torture_assert(tctx,
+			test_EnumDomainGroups(b, tctx, domain_handle, &num_enum),
+			"failed to enum groups");
+		break;
+	case TORTURE_SAMR_MANY_ALIASES:
+		torture_assert(tctx,
+			test_EnumDomainAliases(b, tctx, domain_handle, &num_enum),
+			"failed to enum aliases");
+		break;
+	default:
+		return false;
+	}
+
+	/* dispinfo */
+
+	switch (ctx->choice) {
+	case TORTURE_SAMR_MANY_ACCOUNTS:
+		torture_assert(tctx,
+			test_QueryDisplayInfo_level(b, tctx, domain_handle, 1, &num_disp),
+			"failed to query display info");
+		break;
+	case TORTURE_SAMR_MANY_GROUPS:
+		torture_assert(tctx,
+			test_QueryDisplayInfo_level(b, tctx, domain_handle, 3, &num_disp),
+			"failed to query display info");
+		break;
+	case TORTURE_SAMR_MANY_ALIASES:
+		/* no aliases in dispinfo */
+		break;
+	default:
+		return false;
+	}
+
+	/* close or delete */
+
+	for (i=0; i < num_total; i++) {
+
+		if (ndr_policy_handle_empty(&handles[i])) {
+			continue;
+		}
+
+		if (torture_setting_bool(tctx, "samba3", false)) {
+			torture_assert(tctx,
+				test_samr_handle_Close(b, tctx, &handles[i]),
+				"failed to close handle");
+		} else {
+			switch (ctx->choice) {
+			case TORTURE_SAMR_MANY_ACCOUNTS:
+				torture_assert(tctx,
+					test_DeleteUser(b, tctx, &handles[i]),
+					"failed to delete user");
+				break;
+			case TORTURE_SAMR_MANY_GROUPS:
+				torture_assert(tctx,
+					test_DeleteDomainGroup(b, tctx, &handles[i]),
+					"failed to delete group");
+				break;
+			case TORTURE_SAMR_MANY_ALIASES:
+				torture_assert(tctx,
+					test_DeleteAlias(b, tctx, &handles[i]),
+					"failed to delete alias");
+				break;
+			default:
+				return false;
+			}
+		}
+	}
+
+	talloc_free(handles);
+
+	if (ctx->choice == TORTURE_SAMR_MANY_ACCOUNTS && num_enum != num_anounced + num_created) {
+		torture_comment(tctx,
+				"unexpected number of results (%u) returned in enum call, expected %u\n",
+				num_enum, num_anounced + num_created);
+
+		torture_comment(tctx,
+				"unexpected number of results (%u) returned in dispinfo, call, expected %u\n",
+				num_disp, num_anounced + num_created);
+	}
+
+	return true;
+}
+
+static bool test_Connect(struct dcerpc_binding_handle *b,
+			 struct torture_context *tctx,
+			 struct policy_handle *handle);
+
+static bool test_OpenDomain(struct dcerpc_pipe *p, struct torture_context *tctx,
+			    struct torture_samr_context *ctx, struct dom_sid *sid)
+{
+	struct samr_OpenDomain r;
+	struct policy_handle domain_handle;
+	struct policy_handle alias_handle;
+	struct policy_handle user_handle;
+	struct policy_handle group_handle;
+	bool ret = true;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	ZERO_STRUCT(alias_handle);
+	ZERO_STRUCT(user_handle);
+	ZERO_STRUCT(group_handle);
+	ZERO_STRUCT(domain_handle);
+
+	torture_comment(tctx, "Testing OpenDomain of %s\n", dom_sid_string(tctx, sid));
+
+	r.in.connect_handle = &ctx->handle;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.in.sid = sid;
+	r.out.domain_handle = &domain_handle;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_OpenDomain_r(b, tctx, &r),
+		"OpenDomain failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "OpenDomain failed");
+
+	/* run the domain tests with the main handle closed - this tests
+	   the servers reference counting */
+	torture_assert(tctx, test_samr_handle_Close(b, tctx, &ctx->handle), "Failed to close SAMR handle");
+
+	switch (ctx->choice) {
+	case TORTURE_SAMR_PASSWORDS:
+	case TORTURE_SAMR_USER_PRIVILEGES:
+		if (!torture_setting_bool(tctx, "samba3", false)) {
+			ret &= test_CreateUser2(p, tctx, &domain_handle, sid, ctx->choice, NULL);
+		}
+		ret &= test_CreateUser(p, tctx, &domain_handle, TEST_ACCOUNT_NAME, &user_handle, sid, ctx->choice, NULL, true);
+		if (!ret) {
+			torture_result(tctx, TORTURE_FAIL, "Testing PASSWORDS or PRIVILEGES on domain %s failed!\n", dom_sid_string(tctx, sid));
+		}
+		break;
+	case TORTURE_SAMR_USER_ATTRIBUTES:
+		if (!torture_setting_bool(tctx, "samba3", false)) {
+			ret &= test_CreateUser2(p, tctx, &domain_handle, sid, ctx->choice, NULL);
+		}
+		ret &= test_CreateUser(p, tctx, &domain_handle, TEST_ACCOUNT_NAME, &user_handle, sid, ctx->choice, NULL, true);
+		/* This test needs 'complex' users to validate */
+		ret &= test_QueryDisplayInfo(b, tctx, &domain_handle);
+		if (!ret) {
+			torture_result(tctx, TORTURE_FAIL, "Testing ATTRIBUTES on domain %s failed!\n", dom_sid_string(tctx, sid));
+		}
+		break;
+	case TORTURE_SAMR_PASSWORDS_PWDLASTSET:
+	case TORTURE_SAMR_PASSWORDS_BADPWDCOUNT:
+	case TORTURE_SAMR_PASSWORDS_LOCKOUT:
+		if (!torture_setting_bool(tctx, "samba3", false)) {
+			ret &= test_CreateUser2(p, tctx, &domain_handle, sid, ctx->choice, ctx->machine_credentials);
+		}
+		ret &= test_CreateUser(p, tctx, &domain_handle, TEST_ACCOUNT_NAME, &user_handle, sid, ctx->choice, ctx->machine_credentials, true);
+		if (!ret) {
+			torture_result(tctx, TORTURE_FAIL, "Testing PASSWORDS PWDLASTSET or BADPWDCOUNT on domain %s failed!\n", dom_sid_string(tctx, sid));
+		}
+		break;
+	case TORTURE_SAMR_MANY_ACCOUNTS:
+	case TORTURE_SAMR_MANY_GROUPS:
+	case TORTURE_SAMR_MANY_ALIASES:
+		ret &= test_ManyObjects(p, tctx, &domain_handle, sid, ctx);
+		if (!ret) {
+			torture_result(tctx, TORTURE_FAIL, "Testing MANY-{ACCOUNTS,GROUPS,ALIASES} on domain %s failed!\n", dom_sid_string(tctx, sid));
+		}
+		break;
+	case TORTURE_SAMR_OTHER:
+		ret &= test_CreateUser(p, tctx, &domain_handle, TEST_ACCOUNT_NAME, &user_handle, sid, ctx->choice, NULL, true);
+		if (!ret) {
+			torture_result(tctx, TORTURE_FAIL, "Failed to CreateUser in SAMR-OTHER on domain %s!\n", dom_sid_string(tctx, sid));
+		}
+		if (!torture_setting_bool(tctx, "samba3", false)) {
+			ret &= test_QuerySecurity(b, tctx, &domain_handle);
+		}
+		ret &= test_RemoveMemberFromForeignDomain(b, tctx, &domain_handle);
+		ret &= test_CreateAlias(b, tctx, &domain_handle, TEST_ALIASNAME, &alias_handle, sid, true);
+		ret &= test_CreateDomainGroup(b, tctx, &domain_handle, TEST_GROUPNAME, &group_handle, sid, true);
+		ret &= test_GetAliasMembership(b, tctx, &domain_handle);
+		ret &= test_QueryDomainInfo(p, tctx, &domain_handle);
+		ret &= test_QueryDomainInfo2(b, tctx, &domain_handle);
+		ret &= test_EnumDomainUsers_all(b, tctx, &domain_handle);
+		ret &= test_EnumDomainUsers_async(p, tctx, &domain_handle);
+		ret &= test_EnumDomainGroups_all(b, tctx, &domain_handle);
+		ret &= test_EnumDomainAliases_all(b, tctx, &domain_handle);
+		ret &= test_QueryDisplayInfo2(b, tctx, &domain_handle);
+		ret &= test_QueryDisplayInfo3(b, tctx, &domain_handle);
+		ret &= test_QueryDisplayInfo_continue(b, tctx, &domain_handle);
+
+		if (torture_setting_bool(tctx, "samba4", false)) {
+			torture_comment(tctx, "skipping GetDisplayEnumerationIndex test against Samba4\n");
+		} else {
+			ret &= test_GetDisplayEnumerationIndex(b, tctx, &domain_handle);
+			ret &= test_GetDisplayEnumerationIndex2(b, tctx, &domain_handle);
+		}
+		ret &= test_GroupList(b, tctx, sid, &domain_handle);
+		ret &= test_TestPrivateFunctionsDomain(b, tctx, &domain_handle);
+		ret &= test_RidToSid(b, tctx, sid, &domain_handle);
+		ret &= test_GetBootKeyInformation(b, tctx, &domain_handle);
+		if (!ret) {
+			torture_comment(tctx, "Testing SAMR-OTHER on domain %s failed!\n", dom_sid_string(tctx, sid));
+		}
+		break;
+	}
+
+	if (!ndr_policy_handle_empty(&user_handle) &&
+	    !test_DeleteUser(b, tctx, &user_handle)) {
+		ret = false;
+	}
+
+	if (!ndr_policy_handle_empty(&alias_handle) &&
+	    !test_DeleteAlias(b, tctx, &alias_handle)) {
+		ret = false;
+	}
+
+	if (!ndr_policy_handle_empty(&group_handle) &&
+	    !test_DeleteDomainGroup(b, tctx, &group_handle)) {
+		ret = false;
+	}
+
+	torture_assert(tctx, test_samr_handle_Close(b, tctx, &domain_handle), "Failed to close SAMR domain handle");
+
+	torture_assert(tctx, test_Connect(b, tctx, &ctx->handle), "Failed to re-connect SAMR handle");
+	/* reconnect the main handle */
+
+	if (!ret) {
+		torture_result(tctx, TORTURE_FAIL, "Testing domain %s failed!\n", dom_sid_string(tctx, sid));
+	}
+
+	return ret;
+}
+
+static bool test_LookupDomain(struct dcerpc_pipe *p, struct torture_context *tctx,
+			      struct torture_samr_context *ctx, const char *domain)
+{
+	struct samr_LookupDomain r;
+	struct dom_sid2 *sid = NULL;
+	struct lsa_String n1;
+	struct lsa_String n2;
+	bool ret = true;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	torture_comment(tctx, "Testing LookupDomain(%s)\n", domain);
+
+	/* check for correct error codes */
+	r.in.connect_handle = &ctx->handle;
+	r.in.domain_name = &n2;
+	r.out.sid = &sid;
+	n2.string = NULL;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_LookupDomain_r(b, tctx, &r),
+		"LookupDomain failed");
+	torture_assert_ntstatus_equal(tctx, NT_STATUS_INVALID_PARAMETER, r.out.result, "LookupDomain expected NT_STATUS_INVALID_PARAMETER");
+
+	init_lsa_String(&n2, "xxNODOMAINxx");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_LookupDomain_r(b, tctx, &r),
+		"LookupDomain failed");
+	torture_assert_ntstatus_equal(tctx, NT_STATUS_NO_SUCH_DOMAIN, r.out.result, "LookupDomain expected NT_STATUS_NO_SUCH_DOMAIN");
+
+	r.in.connect_handle = &ctx->handle;
+
+	init_lsa_String(&n1, domain);
+	r.in.domain_name = &n1;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_LookupDomain_r(b, tctx, &r),
+		"LookupDomain failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "LookupDomain");
+
+	if (!test_GetDomPwInfo(p, tctx, &n1)) {
+		ret = false;
+	}
+
+	if (!test_OpenDomain(p, tctx, ctx, *r.out.sid)) {
+		ret = false;
+	}
+
+	return ret;
+}
+
+
+static bool test_EnumDomains(struct dcerpc_pipe *p, struct torture_context *tctx,
+			     struct torture_samr_context *ctx)
+{
+	struct samr_EnumDomains r;
+	uint32_t resume_handle = 0;
+	uint32_t num_entries = 0;
+	struct samr_SamArray *sam = NULL;
+	int i;
+	bool ret = true;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.connect_handle = &ctx->handle;
+	r.in.resume_handle = &resume_handle;
+	r.in.buf_size = (uint32_t)-1;
+	r.out.resume_handle = &resume_handle;
+	r.out.num_entries = &num_entries;
+	r.out.sam = &sam;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_EnumDomains_r(b, tctx, &r),
+		"EnumDomains failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "EnumDomains failed");
+
+	if (!*r.out.sam) {
+		return false;
+	}
+
+	for (i=0;i<sam->count;i++) {
+		if (!test_LookupDomain(p, tctx, ctx,
+				       sam->entries[i].name.string)) {
+			ret = false;
+		}
+	}
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_EnumDomains_r(b, tctx, &r),
+		"EnumDomains failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "EnumDomains failed");
+
+	return ret;
+}
+
+
+static bool test_Connect(struct dcerpc_binding_handle *b,
+			 struct torture_context *tctx,
+			 struct policy_handle *handle)
+{
+	struct samr_Connect r;
+	struct samr_Connect2 r2;
+	struct samr_Connect3 r3;
+	struct samr_Connect4 r4;
+	struct samr_Connect5 r5;
+	union samr_ConnectInfo info;
+	struct policy_handle h;
+	uint32_t level_out = 0;
+	bool ret = true, got_handle = false;
+
+	torture_comment(tctx, "Testing samr_Connect\n");
+
+	r.in.system_name = NULL;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.connect_handle = &h;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_Connect_r(b, tctx, &r),
+		"Connect failed");
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		torture_comment(tctx, "Connect failed - %s\n", nt_errstr(r.out.result));
+		ret = false;
+	} else {
+		got_handle = true;
+		*handle = h;
+	}
+
+	torture_comment(tctx, "Testing samr_Connect2\n");
+
+	r2.in.system_name = NULL;
+	r2.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r2.out.connect_handle = &h;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_Connect2_r(b, tctx, &r2),
+		"Connect2 failed");
+	if (!NT_STATUS_IS_OK(r2.out.result)) {
+		torture_comment(tctx, "Connect2 failed - %s\n", nt_errstr(r2.out.result));
+		ret = false;
+	} else {
+		if (got_handle) {
+			test_samr_handle_Close(b, tctx, handle);
+		}
+		got_handle = true;
+		*handle = h;
+	}
+
+	torture_comment(tctx, "Testing samr_Connect3\n");
+
+	r3.in.system_name = NULL;
+	r3.in.unknown = 0;
+	r3.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r3.out.connect_handle = &h;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_Connect3_r(b, tctx, &r3),
+		"Connect3 failed");
+	if (!NT_STATUS_IS_OK(r3.out.result)) {
+		torture_result(tctx, TORTURE_FAIL, "Connect3 failed - %s\n", nt_errstr(r3.out.result));
+		ret = false;
+	} else {
+		if (got_handle) {
+			test_samr_handle_Close(b, tctx, handle);
+		}
+		got_handle = true;
+		*handle = h;
+	}
+
+	torture_comment(tctx, "Testing samr_Connect4\n");
+
+	r4.in.system_name = "";
+	r4.in.client_version = 0;
+	r4.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r4.out.connect_handle = &h;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_Connect4_r(b, tctx, &r4),
+		"Connect4 failed");
+	if (!NT_STATUS_IS_OK(r4.out.result)) {
+		torture_result(tctx, TORTURE_FAIL, "Connect4 failed - %s\n", nt_errstr(r4.out.result));
+		ret = false;
+	} else {
+		if (got_handle) {
+			test_samr_handle_Close(b, tctx, handle);
+		}
+		got_handle = true;
+		*handle = h;
+	}
+
+	torture_comment(tctx, "Testing samr_Connect5\n");
+
+	info.info1.client_version = 0;
+	info.info1.supported_features = 0;
+
+	r5.in.system_name = "";
+	r5.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r5.in.level_in = 1;
+	r5.out.level_out = &level_out;
+	r5.in.info_in = &info;
+	r5.out.info_out = &info;
+	r5.out.connect_handle = &h;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_Connect5_r(b, tctx, &r5),
+		"Connect5 failed");
+	if (!NT_STATUS_IS_OK(r5.out.result)) {
+		torture_result(tctx, TORTURE_FAIL, "Connect5 failed - %s\n", nt_errstr(r5.out.result));
+		ret = false;
+	} else {
+		if (got_handle) {
+			test_samr_handle_Close(b, tctx, handle);
+		}
+		got_handle = true;
+		*handle = h;
+	}
+
+	return ret;
+}
+
+
+static bool test_samr_ValidatePassword(struct torture_context *tctx,
+				       struct dcerpc_pipe *p)
+{
+	struct samr_ValidatePassword r;
+	union samr_ValidatePasswordReq req;
+	union samr_ValidatePasswordRep *repp = NULL;
+	NTSTATUS status;
+	const char *passwords[] = { "penguin", "p@ssw0rd", "p@ssw0rd123$", NULL };
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	torture_comment(tctx, "Testing samr_ValidatePassword\n");
+
+	if (p->conn->transport.transport != NCACN_IP_TCP) {
+		torture_comment(tctx, "samr_ValidatePassword only should succeed over NCACN_IP_TCP!\n");
+	}
+
+	ZERO_STRUCT(r);
+	r.in.level = NetValidatePasswordReset;
+	r.in.req = &req;
+	r.out.rep = &repp;
+
+	ZERO_STRUCT(req);
+	req.req3.account.string = "non-existent-account-aklsdji";
+
+	for (i=0; passwords[i]; i++) {
+		req.req3.password.string = passwords[i];
+
+		status = dcerpc_samr_ValidatePassword_r(b, tctx, &r);
+		if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) {
+			torture_skip(tctx, "ValidatePassword not supported by server\n");
+		}
+		torture_assert_ntstatus_ok(tctx, status,
+					   "samr_ValidatePassword failed");
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+					   "samr_ValidatePassword failed");
+		torture_comment(tctx, "Server %s password '%s' with code %i\n",
+				repp->ctr3.status==SAMR_VALIDATION_STATUS_SUCCESS?"allowed":"refused",
+				req.req3.password.string, repp->ctr3.status);
+	}
+
+	return true;
+}
+
+bool torture_rpc_samr(struct torture_context *torture)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p;
+	bool ret = true;
+	struct torture_samr_context *ctx;
+	struct dcerpc_binding_handle *b;
+
+	status = torture_rpc_connection(torture, &p, &ndr_table_samr);
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+	b = p->binding_handle;
+
+	ctx = talloc_zero(torture, struct torture_samr_context);
+
+	ctx->choice = TORTURE_SAMR_OTHER;
+
+	ret &= test_Connect(b, torture, &ctx->handle);
+
+	if (!torture_setting_bool(torture, "samba3", false)) {
+		ret &= test_QuerySecurity(b, torture, &ctx->handle);
+	}
+
+	ret &= test_EnumDomains(p, torture, ctx);
+
+	ret &= test_SetDsrmPassword(b, torture, &ctx->handle);
+
+	ret &= test_Shutdown(b, torture, &ctx->handle);
+
+	ret &= test_samr_handle_Close(b, torture, &ctx->handle);
+
+	return ret;
+}
+
+
+bool torture_rpc_samr_users(struct torture_context *torture)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p;
+	bool ret = true;
+	struct torture_samr_context *ctx;
+	struct dcerpc_binding_handle *b;
+
+	status = torture_rpc_connection(torture, &p, &ndr_table_samr);
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+	b = p->binding_handle;
+
+	ctx = talloc_zero(torture, struct torture_samr_context);
+
+	ctx->choice = TORTURE_SAMR_USER_ATTRIBUTES;
+
+	ret &= test_Connect(b, torture, &ctx->handle);
+
+	if (!torture_setting_bool(torture, "samba3", false)) {
+		ret &= test_QuerySecurity(b, torture, &ctx->handle);
+	}
+
+	ret &= test_EnumDomains(p, torture, ctx);
+
+	ret &= test_SetDsrmPassword(b, torture, &ctx->handle);
+
+	ret &= test_Shutdown(b, torture, &ctx->handle);
+
+	ret &= test_samr_handle_Close(b, torture, &ctx->handle);
+
+	return ret;
+}
+
+
+bool torture_rpc_samr_passwords(struct torture_context *torture)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p;
+	bool ret = true;
+	struct torture_samr_context *ctx;
+	struct dcerpc_binding_handle *b;
+
+	status = torture_rpc_connection(torture, &p, &ndr_table_samr);
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+	b = p->binding_handle;
+
+	ctx = talloc_zero(torture, struct torture_samr_context);
+
+	ctx->choice = TORTURE_SAMR_PASSWORDS;
+
+	ret &= test_Connect(b, torture, &ctx->handle);
+
+	ret &= test_EnumDomains(p, torture, ctx);
+
+	ret &= test_samr_handle_Close(b, torture, &ctx->handle);
+
+	return ret;
+}
+
+static bool torture_rpc_samr_pwdlastset(struct torture_context *torture,
+					struct dcerpc_pipe *p2,
+					struct cli_credentials *machine_credentials)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p;
+	bool ret = true;
+	struct torture_samr_context *ctx;
+	struct dcerpc_binding_handle *b;
+
+	status = torture_rpc_connection(torture, &p, &ndr_table_samr);
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+	b = p->binding_handle;
+
+	ctx = talloc_zero(torture, struct torture_samr_context);
+
+	ctx->choice = TORTURE_SAMR_PASSWORDS_PWDLASTSET;
+	ctx->machine_credentials = machine_credentials;
+
+	ret &= test_Connect(b, torture, &ctx->handle);
+
+	ret &= test_EnumDomains(p, torture, ctx);
+
+	ret &= test_samr_handle_Close(b, torture, &ctx->handle);
+
+	return ret;
+}
+
+struct torture_suite *torture_rpc_samr_passwords_pwdlastset(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "samr.passwords.pwdlastset");
+	struct torture_rpc_tcase *tcase;
+
+	tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, "samr",
+							  &ndr_table_samr,
+							  TEST_ACCOUNT_NAME_PWD);
+
+	torture_rpc_tcase_add_test_creds(tcase, "pwdLastSet",
+					 torture_rpc_samr_pwdlastset);
+
+	return suite;
+}
+
+static bool torture_rpc_samr_users_privileges_delete_user(struct torture_context *torture,
+							  struct dcerpc_pipe *p2,
+							  struct cli_credentials *machine_credentials)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p;
+	bool ret = true;
+	struct torture_samr_context *ctx;
+	struct dcerpc_binding_handle *b;
+
+	status = torture_rpc_connection(torture, &p, &ndr_table_samr);
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+	b = p->binding_handle;
+
+	ctx = talloc_zero(torture, struct torture_samr_context);
+
+	ctx->choice = TORTURE_SAMR_USER_PRIVILEGES;
+	ctx->machine_credentials = machine_credentials;
+
+	ret &= test_Connect(b, torture, &ctx->handle);
+
+	ret &= test_EnumDomains(p, torture, ctx);
+
+	ret &= test_samr_handle_Close(b, torture, &ctx->handle);
+
+	return ret;
+}
+
+struct torture_suite *torture_rpc_samr_user_privileges(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "samr.users.privileges");
+	struct torture_rpc_tcase *tcase;
+
+	tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, "samr",
+							  &ndr_table_samr,
+							  TEST_ACCOUNT_NAME_PWD);
+
+	torture_rpc_tcase_add_test_creds(tcase, "delete_privileged_user",
+					 torture_rpc_samr_users_privileges_delete_user);
+
+	return suite;
+}
+
+static bool torture_rpc_samr_many_accounts(struct torture_context *torture,
+					   struct dcerpc_pipe *p2,
+					   void *data)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p;
+	bool ret = true;
+	struct torture_samr_context *ctx =
+		talloc_get_type_abort(data, struct torture_samr_context);
+	struct dcerpc_binding_handle *b;
+
+	status = torture_rpc_connection(torture, &p, &ndr_table_samr);
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+	b = p->binding_handle;
+
+	ctx->choice = TORTURE_SAMR_MANY_ACCOUNTS;
+	ctx->num_objects_large_dc = torture_setting_int(torture, "large_dc",
+							ctx->num_objects_large_dc);
+
+	ret &= test_Connect(b, torture, &ctx->handle);
+
+	ret &= test_EnumDomains(p, torture, ctx);
+
+	ret &= test_samr_handle_Close(b, torture, &ctx->handle);
+
+	return ret;
+}
+
+static bool torture_rpc_samr_many_groups(struct torture_context *torture,
+					 struct dcerpc_pipe *p2,
+					 void *data)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p;
+	bool ret = true;
+	struct torture_samr_context *ctx =
+		talloc_get_type_abort(data, struct torture_samr_context);
+	struct dcerpc_binding_handle *b;
+
+	status = torture_rpc_connection(torture, &p, &ndr_table_samr);
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+	b = p->binding_handle;
+
+	ctx->choice = TORTURE_SAMR_MANY_GROUPS;
+	ctx->num_objects_large_dc = torture_setting_int(torture, "large_dc",
+							ctx->num_objects_large_dc);
+
+	ret &= test_Connect(b, torture, &ctx->handle);
+
+	ret &= test_EnumDomains(p, torture, ctx);
+
+	ret &= test_samr_handle_Close(b, torture, &ctx->handle);
+
+	return ret;
+}
+
+static bool torture_rpc_samr_many_aliases(struct torture_context *torture,
+					  struct dcerpc_pipe *p2,
+					  void *data)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p;
+	bool ret = true;
+	struct torture_samr_context *ctx =
+		talloc_get_type_abort(data, struct torture_samr_context);
+	struct dcerpc_binding_handle *b;
+
+	status = torture_rpc_connection(torture, &p, &ndr_table_samr);
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+	b = p->binding_handle;
+
+	ctx->choice = TORTURE_SAMR_MANY_ALIASES;
+	ctx->num_objects_large_dc = torture_setting_int(torture, "large_dc",
+							ctx->num_objects_large_dc);
+
+	ret &= test_Connect(b, torture, &ctx->handle);
+
+	ret &= test_EnumDomains(p, torture, ctx);
+
+	ret &= test_samr_handle_Close(b, torture, &ctx->handle);
+
+	return ret;
+}
+
+struct torture_suite *torture_rpc_samr_large_dc(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "samr.large-dc");
+	struct torture_rpc_tcase *tcase;
+	struct torture_samr_context *ctx;
+
+	tcase = torture_suite_add_rpc_iface_tcase(suite, "samr", &ndr_table_samr);
+
+	ctx = talloc_zero(suite, struct torture_samr_context);
+	ctx->num_objects_large_dc = 150;
+
+	torture_rpc_tcase_add_test_ex(tcase, "many_aliases",
+				      torture_rpc_samr_many_aliases, ctx);
+	torture_rpc_tcase_add_test_ex(tcase, "many_groups",
+				      torture_rpc_samr_many_groups, ctx);
+	torture_rpc_tcase_add_test_ex(tcase, "many_accounts",
+				      torture_rpc_samr_many_accounts, ctx);
+
+	return suite;
+}
+
+static bool torture_rpc_samr_badpwdcount(struct torture_context *torture,
+					 struct dcerpc_pipe *p2,
+					 struct cli_credentials *machine_credentials)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p;
+	bool ret = true;
+	struct torture_samr_context *ctx;
+	struct dcerpc_binding_handle *b;
+
+	status = torture_rpc_connection(torture, &p, &ndr_table_samr);
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+	b = p->binding_handle;
+
+	ctx = talloc_zero(torture, struct torture_samr_context);
+
+	ctx->choice = TORTURE_SAMR_PASSWORDS_BADPWDCOUNT;
+	ctx->machine_credentials = machine_credentials;
+
+	ret &= test_Connect(b, torture, &ctx->handle);
+
+	ret &= test_EnumDomains(p, torture, ctx);
+
+	ret &= test_samr_handle_Close(b, torture, &ctx->handle);
+
+	return ret;
+}
+
+struct torture_suite *torture_rpc_samr_passwords_badpwdcount(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "samr.passwords.badpwdcount");
+	struct torture_rpc_tcase *tcase;
+
+	tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, "samr",
+							  &ndr_table_samr,
+							  TEST_ACCOUNT_NAME_PWD);
+
+	torture_rpc_tcase_add_test_creds(tcase, "badPwdCount",
+					 torture_rpc_samr_badpwdcount);
+
+	return suite;
+}
+
+static bool torture_rpc_samr_lockout(struct torture_context *torture,
+				     struct dcerpc_pipe *p2,
+				     struct cli_credentials *machine_credentials)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p;
+	bool ret = true;
+	struct torture_samr_context *ctx;
+	struct dcerpc_binding_handle *b;
+
+	status = torture_rpc_connection(torture, &p, &ndr_table_samr);
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+	b = p->binding_handle;
+
+	ctx = talloc_zero(torture, struct torture_samr_context);
+
+	ctx->choice = TORTURE_SAMR_PASSWORDS_LOCKOUT;
+	ctx->machine_credentials = machine_credentials;
+
+	ret &= test_Connect(b, torture, &ctx->handle);
+
+	ret &= test_EnumDomains(p, torture, ctx);
+
+	ret &= test_samr_handle_Close(b, torture, &ctx->handle);
+
+	return ret;
+}
+
+struct torture_suite *torture_rpc_samr_passwords_lockout(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "samr.passwords.lockout");
+	struct torture_rpc_tcase *tcase;
+
+	tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, "samr",
+							  &ndr_table_samr,
+							  TEST_ACCOUNT_NAME_PWD);
+
+	torture_rpc_tcase_add_test_creds(tcase, "lockout",
+					 torture_rpc_samr_lockout);
+
+	return suite;
+}
+
+struct torture_suite *torture_rpc_samr_passwords_validate(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "samr.passwords.validate");
+	struct torture_rpc_tcase *tcase;
+
+	tcase = torture_suite_add_rpc_iface_tcase(suite, "samr",
+						  &ndr_table_samr);
+	torture_rpc_tcase_add_test(tcase, "validate",
+				   test_samr_ValidatePassword);
+
+	return suite;
+}
diff --git a/source4/torture/rpc/samr_accessmask.c b/source4/torture/rpc/samr_accessmask.c
new file mode 100644
index 0000000..1ed0d67
--- /dev/null
+++ b/source4/torture/rpc/samr_accessmask.c
@@ -0,0 +1,1197 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for accessmasks on the SAMR pipe
+
+   Copyright (C) Ronnie Sahlberg 2007
+   Copyright (C) Guenther Deschner 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_samr_c.h"
+#include "torture/rpc/torture_rpc.h"
+#include "param/param.h"
+#include "libcli/security/security.h"
+
+
+/* test user created to test the ACLs associated to SAMR objects */
+#define TEST_USER_NAME "samr_testuser"
+#define TEST_MACHINENAME "samrtestmach"
+
+static NTSTATUS torture_samr_Close(struct torture_context *tctx,
+				   struct dcerpc_binding_handle *b,
+				   struct policy_handle *h)
+{
+	NTSTATUS status;
+	struct samr_Close cl;
+
+	cl.in.handle  = h;
+	cl.out.handle = h;
+	status = dcerpc_samr_Close_r(b, tctx, &cl);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	return cl.out.result;
+}
+
+static NTSTATUS torture_samr_Connect5(struct torture_context *tctx,
+				      struct dcerpc_binding_handle *b,
+				      uint32_t mask, struct policy_handle *h)
+{
+	NTSTATUS status;
+	struct samr_Connect5 r5;
+	union samr_ConnectInfo info;
+	uint32_t level_out = 0;
+
+	info.info1.client_version = 0;
+	info.info1.supported_features = 0;
+	r5.in.system_name = "";
+	r5.in.level_in = 1;
+	r5.in.info_in = &info;
+	r5.out.info_out = &info;
+	r5.out.level_out = &level_out;
+	r5.out.connect_handle = h;
+	r5.in.access_mask = mask;
+
+	status = dcerpc_samr_Connect5_r(b, tctx, &r5);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	return r5.out.result;
+}
+
+/* check which bits in accessmask allows us to connect to the server */
+static bool test_samr_accessmask_Connect5(struct torture_context *tctx,
+					  struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct policy_handle h;
+	int i;
+	uint32_t mask;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	printf("Testing which bits in accessmask allows us to connect\n");
+	mask = 1;
+	for (i=0;i<33;i++) {
+		printf("Testing Connect5 with access mask 0x%08x", mask);
+		status = torture_samr_Connect5(tctx, b, mask, &h);
+		mask <<= 1;
+
+		switch (i) {
+		case 6:
+		case 7:
+		case 8:
+		case 9:
+		case 10:
+		case 11:
+		case 12:
+		case 13:
+		case 14:
+		case 15:
+		case 20:
+		case 21:
+		case 22:
+		case 23:
+		case 26:
+		case 27:
+			printf(" expecting to fail");
+			/* of only one of these bits are set we expect to
+			   fail by default
+			*/
+			if(!NT_STATUS_EQUAL(NT_STATUS_ACCESS_DENIED, status)) {
+				printf("Connect5 failed - %s\n", nt_errstr(status));
+				return false;
+			}
+			break;
+		default:
+			/* these bits set are expected to succeed by default */
+			if (!NT_STATUS_IS_OK(status)) {
+				printf("Connect5 failed - %s\n", nt_errstr(status));
+				return false;
+			}
+
+			status = torture_samr_Close(tctx, b, &h);
+			if (!NT_STATUS_IS_OK(status)) {
+				printf("Close failed - %s\n", nt_errstr(status));
+				return false;
+			}
+			break;
+		}
+		printf(" OK\n");
+	}
+
+	return true;
+}
+
+/* check which bits in accessmask allows us to EnumDomains()
+   by default we must specify at least one of :
+	SAMR/EnumDomains
+	Maximum
+	GenericAll
+	GenericRead
+   in the access mask to Connect5() in order to be allowed to perform
+   EnumDomains() on the policy handle returned from Connect5()
+*/
+static bool test_samr_accessmask_EnumDomains(struct torture_context *tctx,
+					     struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct samr_EnumDomains ed;
+	struct policy_handle ch;
+	int i;
+	uint32_t mask;
+	uint32_t resume_handle = 0;
+	struct samr_SamArray *sam = NULL;
+	uint32_t num_entries = 0;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	printf("Testing which bits in Connect5 accessmask allows us to EnumDomains\n");
+	mask = 1;
+	for (i=0;i<33;i++) {
+		printf("Testing Connect5/EnumDomains with access mask 0x%08x", mask);
+		status = torture_samr_Connect5(tctx, b, mask, &ch);
+		mask <<= 1;
+
+		switch (i) {
+		case 4:	 /* SAMR/EnumDomains */
+		case 25: /* Maximum */
+		case 28: /* GenericAll */
+		case 31: /* GenericRead */
+			/* these bits set are expected to succeed by default */
+			if (!NT_STATUS_IS_OK(status)) {
+				printf("Connect5 failed - %s\n", nt_errstr(status));
+				return false;
+			}
+
+			ed.in.connect_handle = &ch;
+			ed.in.resume_handle = &resume_handle;
+			ed.in.buf_size = (uint32_t)-1;
+			ed.out.resume_handle = &resume_handle;
+			ed.out.num_entries = &num_entries;
+			ed.out.sam = &sam;
+
+			torture_assert_ntstatus_ok(tctx, dcerpc_samr_EnumDomains_r(b, tctx, &ed),
+				"EnumDomains failed");
+			if (!NT_STATUS_IS_OK(ed.out.result)) {
+				printf("EnumDomains failed - %s\n", nt_errstr(ed.out.result));
+				return false;
+			}
+
+			status = torture_samr_Close(tctx, b, &ch);
+			if (!NT_STATUS_IS_OK(status)) {
+				printf("Close failed - %s\n", nt_errstr(status));
+				return false;
+			}
+			break;
+		default:
+			printf(" expecting to fail");
+
+			if (!NT_STATUS_IS_OK(status)) {
+				printf(" OK\n");
+				continue;
+			}
+
+			ed.in.connect_handle = &ch;
+			ed.in.resume_handle = &resume_handle;
+			ed.in.buf_size = (uint32_t)-1;
+			ed.out.resume_handle = &resume_handle;
+			ed.out.num_entries = &num_entries;
+			ed.out.sam = &sam;
+
+			torture_assert_ntstatus_ok(tctx, dcerpc_samr_EnumDomains_r(b, tctx, &ed),
+				"EnumDomains failed");
+			if(!NT_STATUS_EQUAL(NT_STATUS_ACCESS_DENIED, ed.out.result)) {
+				printf("EnumDomains failed - %s\n", nt_errstr(ed.out.result));
+				return false;
+			}
+
+			status = torture_samr_Close(tctx, b, &ch);
+			if (!NT_STATUS_IS_OK(status)) {
+				printf("Close failed - %s\n", nt_errstr(status));
+				return false;
+			}
+			break;
+		}
+		printf(" OK\n");
+	}
+
+	return true;
+}
+
+
+/*
+ * test how ACLs affect how/if a user can connect to the SAMR service
+ *
+ * samr_SetSecurity() returns SUCCESS when changing the ACL for
+ * a policy handle got from Connect5()   but the ACL is not changed on
+ * the server
+ */
+static bool test_samr_connect_user_acl(struct torture_context *tctx,
+				       struct dcerpc_binding_handle *b,
+				       struct cli_credentials *test_credentials,
+				       const struct dom_sid *test_sid)
+
+{
+	NTSTATUS status;
+	struct policy_handle ch;
+	struct policy_handle uch;
+	struct samr_QuerySecurity qs;
+	struct samr_SetSecurity ss;
+	struct security_ace ace = {};
+	struct security_descriptor *sd;
+	struct sec_desc_buf sdb, *sdbuf = NULL;
+	bool ret = true;
+	int sd_size;
+	struct dcerpc_pipe *test_p;
+	struct dcerpc_binding_handle *test_b;
+	const char *binding = torture_setting_string(tctx, "binding", NULL);
+
+	printf("Testing ACLs to allow/prevent users to connect to SAMR");
+
+	/* connect to SAMR */
+	status = torture_samr_Connect5(tctx, b, SEC_FLAG_MAXIMUM_ALLOWED, &ch);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("Connect5 failed - %s\n", nt_errstr(status));
+		return false;
+	}
+
+
+	/* get the current ACL for the SAMR policy handle */
+	qs.in.handle = &ch;
+	qs.in.sec_info = SECINFO_DACL;
+	qs.out.sdbuf = &sdbuf;
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_QuerySecurity_r(b, tctx, &qs),
+		"QuerySecurity failed");
+	if (!NT_STATUS_IS_OK(qs.out.result)) {
+		printf("QuerySecurity failed - %s\n", nt_errstr(qs.out.result));
+		ret = false;
+	}
+
+	/* how big is the security descriptor? */
+	sd_size = sdbuf->sd_size;
+
+
+	/* add an ACE to the security descriptor to deny the user the
+	 * 'connect to server' right
+	 */
+	sd = sdbuf->sd;
+	ace.type = SEC_ACE_TYPE_ACCESS_DENIED;
+	ace.flags = 0;
+	ace.access_mask = SAMR_ACCESS_CONNECT_TO_SERVER;
+	ace.trustee = *test_sid;
+	status = security_descriptor_dacl_add(sd, &ace);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("Failed to add ACE to security descriptor\n");
+		ret = false;
+	}
+	ss.in.handle = &ch;
+	ss.in.sec_info = SECINFO_DACL;
+	ss.in.sdbuf = &sdb;
+	sdb.sd = sd;
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetSecurity_r(b, tctx, &ss),
+		"SetSecurity failed");
+	if (!NT_STATUS_IS_OK(ss.out.result)) {
+		printf("SetSecurity failed - %s\n", nt_errstr(ss.out.result));
+		ret = false;
+	}
+
+
+	/* Try to connect as the test user */
+	status = dcerpc_pipe_connect(tctx,
+			     &test_p, binding, &ndr_table_samr,
+			     test_credentials, tctx->ev, tctx->lp_ctx);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("dcerpc_pipe_connect failed: %s\n", nt_errstr(status));
+		return false;
+	}
+	test_b = test_p->binding_handle;
+
+	/* connect to SAMR as the user */
+	status = torture_samr_Connect5(tctx, test_b, SEC_FLAG_MAXIMUM_ALLOWED, &uch);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("Connect5 failed - %s\n", nt_errstr(status));
+		return false;
+	}
+	/* disconnect the user */
+	talloc_free(test_p);
+
+
+	/* read the sequrity descriptor back. it should not have changed
+	 * even though samr_SetSecurity returned SUCCESS
+	 */
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_QuerySecurity_r(b, tctx, &qs),
+		"QuerySecurity failed");
+	if (!NT_STATUS_IS_OK(qs.out.result)) {
+		printf("QuerySecurity failed - %s\n", nt_errstr(qs.out.result));
+		ret = false;
+	}
+	if (sd_size != sdbuf->sd_size) {
+		printf("security descriptor changed\n");
+		ret = false;
+	}
+
+
+	status = torture_samr_Close(tctx, b, &ch);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("Close failed - %s\n", nt_errstr(status));
+		ret = false;
+	}
+
+	if (ret == true) {
+		printf(" OK\n");
+	}
+	return ret;
+}
+
+/*
+ * test if the ACLs are enforced for users.
+ * a normal testuser only gets the rights provided in the ACL for
+ * Everyone   which does not include the SAMR_ACCESS_SHUTDOWN_SERVER
+ * right.  If the ACLs are checked when a user connects
+ * a testuser that requests the accessmask with only this bit set
+ * the connect should fail.
+ */
+static bool test_samr_connect_user_acl_enforced(struct torture_context *tctx,
+						struct dcerpc_binding_handle *b,
+						struct cli_credentials *test_credentials,
+						const struct dom_sid *test_sid)
+
+{
+	NTSTATUS status;
+	struct policy_handle uch;
+	bool ret = true;
+	struct dcerpc_pipe *test_p;
+	struct dcerpc_binding_handle *test_b;
+	const char *binding = torture_setting_string(tctx, "binding", NULL);
+
+	printf("Testing if ACLs are enforced for non domain admin users when connecting to SAMR");
+
+
+	status = dcerpc_pipe_connect(tctx,
+			     &test_p, binding, &ndr_table_samr,
+			     test_credentials, tctx->ev, tctx->lp_ctx);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("dcerpc_pipe_connect failed: %s\n", nt_errstr(status));
+		return false;
+	}
+	test_b = test_p->binding_handle;
+
+	/* connect to SAMR as the user */
+	status = torture_samr_Connect5(tctx, test_b, SAMR_ACCESS_SHUTDOWN_SERVER, &uch);
+	if (NT_STATUS_IS_OK(status)) {
+		printf("Connect5 failed - %s\n", nt_errstr(status));
+		return false;
+	}
+	printf(" OK\n");
+
+	/* disconnect the user */
+	talloc_free(test_p);
+
+	return ret;
+}
+
+/* check which bits in accessmask allows us to LookupDomain()
+   by default we must specify at least one of :
+   in the access mask to Connect5() in order to be allowed to perform
+		case 5:  samr/opendomain
+		case 25: Maximum
+		case 28: GenericAll
+		case 29: GenericExecute
+   LookupDomain() on the policy handle returned from Connect5()
+*/
+static bool test_samr_accessmask_LookupDomain(struct torture_context *tctx,
+					      struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct samr_LookupDomain ld;
+	struct dom_sid2 *sid = NULL;
+	struct policy_handle ch;
+	struct lsa_String dn;
+	int i;
+	uint32_t mask;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	printf("Testing which bits in Connect5 accessmask allows us to LookupDomain\n");
+	mask = 1;
+	for (i=0;i<33;i++) {
+		printf("Testing Connect5/LookupDomain with access mask 0x%08x", mask);
+		status = torture_samr_Connect5(tctx, b, mask, &ch);
+		mask <<= 1;
+
+		switch (i) {
+		case 5:
+		case 25: /* Maximum */
+		case 28: /* GenericAll */
+		case 29: /* GenericExecute */
+			/* these bits set are expected to succeed by default */
+			if (!NT_STATUS_IS_OK(status)) {
+				printf("Connect5 failed - %s\n", nt_errstr(status));
+				return false;
+			}
+
+			ld.in.connect_handle = &ch;
+			ld.in.domain_name    = &dn;
+			ld.out.sid           = &sid;
+			dn.string            = lpcfg_workgroup(tctx->lp_ctx);
+
+			torture_assert_ntstatus_ok(tctx, dcerpc_samr_LookupDomain_r(b, tctx, &ld),
+				"LookupDomain failed");
+			if (!NT_STATUS_IS_OK(ld.out.result)) {
+				printf("LookupDomain failed - %s\n", nt_errstr(ld.out.result));
+				return false;
+			}
+
+			status = torture_samr_Close(tctx, b, &ch);
+			if (!NT_STATUS_IS_OK(status)) {
+				printf("Close failed - %s\n", nt_errstr(status));
+				return false;
+			}
+			break;
+		default:
+			printf(" expecting to fail");
+
+			if (!NT_STATUS_IS_OK(status)) {
+				printf(" OK\n");
+				continue;
+			}
+
+			ld.in.connect_handle = &ch;
+			ld.in.domain_name    = &dn;
+			ld.out.sid           = &sid;
+			dn.string            = lpcfg_workgroup(tctx->lp_ctx);
+
+			torture_assert_ntstatus_ok(tctx, dcerpc_samr_LookupDomain_r(b, tctx, &ld),
+				"LookupDomain failed");
+			if(!NT_STATUS_EQUAL(NT_STATUS_ACCESS_DENIED, ld.out.result)) {
+				printf("LookupDomain failed - %s\n", nt_errstr(ld.out.result));
+				return false;
+			}
+
+			status = torture_samr_Close(tctx, b, &ch);
+			if (!NT_STATUS_IS_OK(status)) {
+				printf("Close failed - %s\n", nt_errstr(status));
+				return false;
+			}
+			break;
+		}
+		printf(" OK\n");
+	}
+
+	return true;
+}
+
+/* check which bits in accessmask allows us to OpenDomain()
+   by default we must specify at least one of :
+	samr/opendomain
+	Maximum
+	GenericAll
+	GenericExecute
+   in the access mask to Connect5() in order to be allowed to perform
+   OpenDomain() on the policy handle returned from Connect5()
+*/
+static bool test_samr_accessmask_OpenDomain(struct torture_context *tctx,
+					    struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct samr_LookupDomain ld;
+	struct dom_sid2 *sid = NULL;
+	struct samr_OpenDomain od;
+	struct policy_handle ch;
+	struct policy_handle dh;
+	struct lsa_String dn;
+	int i;
+	uint32_t mask;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+
+	/* first we must grab the sid of the domain */
+	status = torture_samr_Connect5(tctx, b, SEC_FLAG_MAXIMUM_ALLOWED, &ch);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("Connect5 failed - %s\n", nt_errstr(status));
+		return false;
+	}
+
+	ld.in.connect_handle = &ch;
+	ld.in.domain_name    = &dn;
+	ld.out.sid           = &sid;
+	dn.string            = lpcfg_workgroup(tctx->lp_ctx);
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_LookupDomain_r(b, tctx, &ld),
+		"LookupDomain failed");
+	if (!NT_STATUS_IS_OK(ld.out.result)) {
+		printf("LookupDomain failed - %s\n", nt_errstr(ld.out.result));
+		return false;
+	}
+
+
+
+	printf("Testing which bits in Connect5 accessmask allows us to OpenDomain\n");
+	mask = 1;
+	for (i=0;i<33;i++) {
+		printf("Testing Connect5/OpenDomain with access mask 0x%08x", mask);
+		status = torture_samr_Connect5(tctx, b, mask, &ch);
+		mask <<= 1;
+
+		switch (i) {
+		case 5:
+		case 25: /* Maximum */
+		case 28: /* GenericAll */
+		case 29: /* GenericExecute */
+			/* these bits set are expected to succeed by default */
+			if (!NT_STATUS_IS_OK(status)) {
+				printf("Connect5 failed - %s\n", nt_errstr(status));
+				return false;
+			}
+
+			od.in.connect_handle = &ch;
+			od.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+			od.in.sid = sid;
+			od.out.domain_handle = &dh;
+
+			torture_assert_ntstatus_ok(tctx, dcerpc_samr_OpenDomain_r(b, tctx, &od),
+				"OpenDomain failed");
+			if (!NT_STATUS_IS_OK(od.out.result)) {
+				printf("OpenDomain failed - %s\n", nt_errstr(od.out.result));
+				return false;
+			}
+
+			status = torture_samr_Close(tctx, b, &dh);
+			if (!NT_STATUS_IS_OK(status)) {
+				printf("Close failed - %s\n", nt_errstr(status));
+				return false;
+			}
+
+			status = torture_samr_Close(tctx, b, &ch);
+			if (!NT_STATUS_IS_OK(status)) {
+				printf("Close failed - %s\n", nt_errstr(status));
+				return false;
+			}
+			break;
+		default:
+			printf(" expecting to fail");
+
+			if (!NT_STATUS_IS_OK(status)) {
+				printf(" OK\n");
+				continue;
+			}
+
+			status = torture_samr_Close(tctx, b, &ch);
+			if (!NT_STATUS_IS_OK(status)) {
+				printf("Close failed - %s\n", nt_errstr(status));
+				return false;
+			}
+			break;
+		}
+		printf(" OK\n");
+	}
+
+	return true;
+}
+
+static bool test_samr_connect(struct torture_context *tctx,
+			      struct dcerpc_pipe *p)
+{
+	void *testuser;
+	const char *testuser_passwd;
+	struct cli_credentials *test_credentials;
+	bool ret = true;
+	const struct dom_sid *test_sid;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (torture_setting_bool(tctx, "samba3", false)) {
+		torture_skip(tctx, "Skipping test against Samba 3");
+	}
+
+	/* create a test user */
+	testuser = torture_create_testuser(tctx, TEST_USER_NAME, lpcfg_workgroup(tctx->lp_ctx),
+					   ACB_NORMAL, &testuser_passwd);
+	if (!testuser) {
+		printf("Failed to create test user\n");
+		return false;
+	}
+	test_credentials = cli_credentials_init(tctx);
+	cli_credentials_set_workstation(test_credentials, "localhost", CRED_SPECIFIED);
+	cli_credentials_set_domain(test_credentials, lpcfg_workgroup(tctx->lp_ctx),
+				   CRED_SPECIFIED);
+	cli_credentials_set_username(test_credentials, TEST_USER_NAME, CRED_SPECIFIED);
+	cli_credentials_set_password(test_credentials, testuser_passwd, CRED_SPECIFIED);
+	test_sid = torture_join_user_sid(testuser);
+
+
+	/* test if ACLs can be changed for the policy handle
+	 * returned by Connect5
+	 */
+	if (!test_samr_connect_user_acl(tctx, b, test_credentials, test_sid)) {
+		ret = false;
+	}
+
+	/* test if the ACLs that are reported from the Connect5
+	 * policy handle is enforced.
+	 * i.e. an ordinary user only has the same rights as Everybody
+	 *   ReadControl
+	 *   Samr/OpenDomain
+	 *   Samr/EnumDomains
+	 *   Samr/ConnectToServer
+	 * is granted and should therefore not be able to connect when
+	 * requesting SAMR_ACCESS_SHUTDOWN_SERVER
+	 */
+	if (!test_samr_connect_user_acl_enforced(tctx, b, test_credentials, test_sid)) {
+		ret = false;
+	}
+
+	/* remove the test user */
+	torture_leave_domain(tctx, testuser);
+
+	return ret;
+}
+
+struct torture_suite *torture_rpc_samr_accessmask(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "samr.accessmask");
+	struct torture_rpc_tcase *tcase;
+
+	tcase = torture_suite_add_rpc_iface_tcase(suite, "samr",
+						  &ndr_table_samr);
+
+	torture_rpc_tcase_add_test(tcase, "connect", test_samr_connect);
+
+	/* test which bits in the accessmask to Connect5 will allow
+	 * us to call OpenDomain() */
+	torture_rpc_tcase_add_test(tcase, "OpenDomain",
+				   test_samr_accessmask_OpenDomain);
+
+	/* test which bits in the accessmask to Connect5 will allow
+	 * us to call LookupDomain() */
+	torture_rpc_tcase_add_test(tcase, "LookupDomain",
+				   test_samr_accessmask_LookupDomain);
+
+	/* test which bits in the accessmask to Connect5 will allow
+	 * us to call EnumDomains() */
+	torture_rpc_tcase_add_test(tcase, "EnumDomains",
+				   test_samr_accessmask_EnumDomains);
+
+	/* test which bits in the accessmask to Connect5
+	   will allow us to connect to the server */
+	torture_rpc_tcase_add_test(tcase, "Connect5",
+				   test_samr_accessmask_Connect5);
+
+	return suite;
+}
+
+static bool test_LookupRids(struct torture_context *tctx,
+			    struct dcerpc_binding_handle *b,
+			    struct policy_handle *domain_handle,
+			    uint32_t rid)
+{
+	struct samr_LookupRids r;
+	struct lsa_Strings names;
+	struct samr_Ids types;
+
+	torture_comment(tctx, "Testing LookupRids %d\n", rid);
+
+	r.in.domain_handle = domain_handle;
+	r.in.num_rids = 1;
+	r.in.rids = &rid;
+	r.out.names = &names;
+	r.out.types = &types;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_LookupRids_r(b, tctx, &r),
+		"failed to call samr_LookupRids");
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+		"failed to call samr_LookupRids");
+
+	return true;
+}
+
+
+static bool test_user(struct torture_context *tctx,
+		      struct dcerpc_binding_handle *b,
+		      struct policy_handle *domain_handle,
+		      uint32_t access_mask,
+		      struct samr_DispEntryGeneral *u)
+{
+	struct policy_handle user_handle;
+
+	torture_comment(tctx, "Testing user %s (%d)\n", u->account_name.string, u->rid);
+
+	torture_assert(tctx, test_LookupRids(tctx, b, domain_handle, u->rid),
+		"failed to call lookuprids");
+
+	{
+		struct samr_OpenUser r;
+
+		r.in.domain_handle = domain_handle;
+		r.in.access_mask = access_mask;
+		r.in.rid = u->rid;
+		r.out.user_handle = &user_handle;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_OpenUser_r(b, tctx, &r),
+			"failed to open user");
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"failed to open user");
+	}
+	{
+		struct samr_QueryUserInfo r;
+		union samr_UserInfo *info;
+		uint32_t levels[] = { 16, 21 };
+		int i;
+
+		r.in.user_handle = &user_handle;
+		r.out.info = &info;
+
+		for (i=0; i < ARRAY_SIZE(levels); i++) {
+
+			r.in.level = levels[i];
+
+			torture_comment(tctx, "Testing QueryUserInfo rid: %d level: %d\n",
+				u->rid, r.in.level);
+
+			torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryUserInfo_r(b, tctx, &r),
+				talloc_asprintf(tctx, "failed to query user info level %d", r.in.level));
+			torture_assert_ntstatus_ok(tctx, r.out.result,
+				talloc_asprintf(tctx, "failed to query user info level %d", r.in.level));
+		}
+	}
+	{
+		struct samr_GetGroupsForUser r;
+		struct samr_RidWithAttributeArray *rids;
+
+		r.in.user_handle = &user_handle;
+		r.out.rids = &rids;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetGroupsForUser_r(b, tctx, &r),
+			"failed to query groups for user");
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"failed to query groups for user");
+	}
+
+	torture_assert_ntstatus_ok(tctx,
+		torture_samr_Close(tctx, b, &user_handle),
+		"failed to close user handle");
+
+	return true;
+}
+
+static bool test_samr_group(struct torture_context *tctx,
+			    struct dcerpc_binding_handle *b,
+			    struct policy_handle *domain_handle,
+			    uint32_t access_mask,
+			    struct samr_SamEntry *g)
+{
+	struct policy_handle group_handle;
+
+	torture_comment(tctx, "Testing group %s (%d)\n", g->name.string, g->idx);
+
+	torture_assert(tctx, test_LookupRids(tctx, b, domain_handle, g->idx),
+		"failed to call lookuprids");
+	{
+		struct samr_OpenGroup r;
+
+		r.in.domain_handle = domain_handle;
+		r.in.access_mask = access_mask;
+		r.in.rid = g->idx;
+		r.out.group_handle = &group_handle;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_OpenGroup_r(b, tctx, &r),
+			"failed to open group");
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"failed to open group");
+	}
+	{
+		struct samr_QueryGroupMember r;
+		struct samr_RidAttrArray *rids;
+
+		r.in.group_handle = &group_handle;
+		r.out.rids = &rids;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryGroupMember_r(b, tctx, &r),
+			"failed to query group member");
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"failed to query group member");
+
+	}
+
+	torture_assert_ntstatus_ok(tctx,
+		torture_samr_Close(tctx, b, &group_handle),
+		"failed to close group handle");
+
+	return true;
+}
+
+static bool test_samr_alias(struct torture_context *tctx,
+			    struct dcerpc_binding_handle *b,
+			    struct policy_handle *domain_handle,
+			    struct samr_SamEntry *a)
+{
+	torture_comment(tctx, "Testing alias %s (%d)\n", a->name.string, a->idx);
+
+	torture_assert(tctx, test_LookupRids(tctx, b, domain_handle, a->idx),
+		"failed to call lookuprids");
+
+	{
+		struct samr_GetAliasMembership r;
+		struct lsa_SidArray sids;
+		struct samr_Ids rids;
+
+		ZERO_STRUCT(sids);
+
+		r.in.domain_handle = domain_handle;
+		r.in.sids = &sids;
+		r.out.rids = &rids;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetAliasMembership_r(b, tctx, &r),
+			"failed to get alias membership");
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"failed to get alias membership");
+	}
+
+
+	return true;
+}
+
+static bool test_samr_domain(struct torture_context *tctx,
+			     struct dcerpc_binding_handle *b,
+			     uint32_t access_mask,
+			     const char *domain_name,
+			     struct policy_handle *connect_handle,
+			     struct policy_handle *domain_handle_p)
+{
+	struct policy_handle domain_handle;
+	struct dom_sid *domain_sid;
+
+	if (!domain_name) {
+		struct samr_EnumDomains r;
+		uint32_t resume_handle;
+		struct samr_SamArray *sam;
+		uint32_t num_entries;
+		int i;
+
+		r.in.connect_handle = connect_handle;
+		r.in.buf_size = 0xffff;
+		r.in.resume_handle = &resume_handle;
+		r.out.sam = &sam;
+		r.out.num_entries = &num_entries;
+		r.out.resume_handle = &resume_handle;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_EnumDomains_r(b, tctx, &r),
+			"failed to enum domains");
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"failed to enum domains");
+
+		torture_assert_int_equal(tctx, num_entries, 2,
+			"unexpected number of domains");
+
+		torture_assert(tctx, sam,
+			"no domain pointer returned");
+
+		for (i=0; i < sam->count; i++) {
+			if (!strequal(sam->entries[i].name.string, "builtin")) {
+				domain_name = sam->entries[i].name.string;
+				break;
+			}
+		}
+
+		torture_assert(tctx, domain_name,
+			"no domain found other than builtin found");
+	}
+
+	{
+		struct samr_LookupDomain r;
+		struct dom_sid2 *sid;
+		struct lsa_String name;
+
+		name.string = talloc_strdup(tctx, domain_name);
+
+		r.in.connect_handle = connect_handle;
+		r.in.domain_name = &name;
+		r.out.sid = &sid;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_LookupDomain_r(b, tctx, &r),
+			"failed to lookup domain");
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"failed to lookup domain");
+
+		domain_sid = dom_sid_dup(tctx, sid);
+	}
+
+	{
+		struct samr_OpenDomain r;
+
+		r.in.connect_handle = connect_handle;
+		r.in.access_mask = access_mask;
+		r.in.sid = domain_sid;
+		r.out.domain_handle = &domain_handle;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_OpenDomain_r(b, tctx, &r),
+			"failed to open domain");
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"failed to open domain");
+
+	}
+
+	{
+		struct samr_QueryDomainInfo r;
+		union samr_DomainInfo *info;
+		uint32_t levels[] = { 1, 2, 8, 12 };
+		int i;
+
+		r.in.domain_handle = &domain_handle;
+		r.out.info = &info;
+
+		for (i=0; i < ARRAY_SIZE(levels); i++) {
+
+			r.in.level = levels[i];
+
+			torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryDomainInfo_r(b, tctx, &r),
+				talloc_asprintf(tctx, "failed to query domain info level %d", r.in.level));
+			torture_assert_ntstatus_ok(tctx, r.out.result,
+				talloc_asprintf(tctx, "failed to query domain info level %d", r.in.level));
+		}
+
+	}
+
+	*domain_handle_p = domain_handle;
+
+	return true;
+}
+
+static void get_query_dispinfo_params(int loop_count,
+				      uint32_t *max_entries,
+				      uint32_t *buf_size)
+{
+	switch(loop_count) {
+	case 0:
+		*max_entries = 512;
+		*buf_size = 16383;
+		break;
+	case 1:
+		*max_entries = 1024;
+		*buf_size = 32766;
+		break;
+	case 2:
+		*max_entries = 2048;
+		*buf_size = 65532;
+		break;
+	case 3:
+		*max_entries = 4096;
+		*buf_size = 131064;
+		break;
+	default:              /* loop_count >= 4 */
+		*max_entries = 4096;
+		*buf_size = 131071;
+		break;
+	}
+}
+
+
+static bool test_samr_users(struct torture_context *tctx,
+			    struct dcerpc_binding_handle *b,
+			    uint32_t access_mask,
+			    struct policy_handle *domain_handle)
+{
+	{
+		struct samr_QueryDisplayInfo r;
+		uint32_t total_size;
+		uint32_t returned_size;
+		union samr_DispInfo info;
+		int loop_count = 0;
+
+		r.in.domain_handle = domain_handle;
+		r.in.level = 1;
+		r.in.start_idx = 0;
+
+		r.out.total_size = &total_size;
+		r.out.returned_size = &returned_size;
+		r.out.info = &info;
+
+		do {
+			int i;
+
+			r.in.max_entries = 0xffff;
+			r.in.buf_size = 0xffff;
+
+			get_query_dispinfo_params(loop_count,
+						  &r.in.max_entries,
+						  &r.in.buf_size);
+
+			torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryDisplayInfo_r(b, tctx, &r),
+				"QueryDisplayInfo failed");
+			if (NT_STATUS_IS_ERR(r.out.result)) {
+				torture_assert_ntstatus_ok(tctx, r.out.result,
+					"failed to call QueryDisplayInfo");
+			}
+
+			for (i=0; i < info.info1.count; i++) {
+				torture_assert(tctx,
+					test_user(tctx, b, domain_handle, access_mask, &info.info1.entries[i]),
+						"failed to test user");
+			}
+			loop_count++;
+			r.in.start_idx += info.info1.count;
+
+		} while (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES));
+	}
+
+	return true;
+}
+
+static bool test_samr_groups(struct torture_context *tctx,
+			     struct dcerpc_binding_handle *b,
+			     uint32_t access_mask,
+			     struct policy_handle *domain_handle)
+{
+	{
+		struct samr_EnumDomainGroups r;
+		uint32_t resume_handle = 0;
+		struct samr_SamArray *sam;
+		uint32_t num_entries;
+
+		r.in.domain_handle = domain_handle;
+		r.in.resume_handle = &resume_handle;
+		r.in.max_size = 0xFFFF;
+
+		r.out.sam = &sam;
+		r.out.num_entries = &num_entries;
+		r.out.resume_handle = &resume_handle;
+
+		do {
+			int i;
+
+			torture_assert_ntstatus_ok(tctx, dcerpc_samr_EnumDomainGroups_r(b, tctx, &r),
+				"EnumDomainGroups failed");
+			if (NT_STATUS_IS_ERR(r.out.result)) {
+				torture_assert_ntstatus_ok(tctx, r.out.result,
+					"failed to call EnumDomainGroups");
+			}
+
+			for (i=0; i < num_entries; i++) {
+				torture_assert(tctx,
+					test_samr_group(tctx, b, domain_handle, access_mask, &sam->entries[i]),
+						"failed to test group");
+			}
+
+		} while (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES));
+	}
+
+	return true;
+}
+
+static bool test_samr_aliases(struct torture_context *tctx,
+			      struct dcerpc_binding_handle *b,
+			      uint32_t access_mask,
+			      struct policy_handle *domain_handle)
+{
+	{
+		struct samr_EnumDomainAliases r;
+		uint32_t resume_handle = 0;
+		struct samr_SamArray *sam;
+		uint32_t num_entries;
+
+		r.in.domain_handle = domain_handle;
+		r.in.resume_handle = &resume_handle;
+		r.in.max_size = 0xFFFF;
+
+		r.out.sam = &sam;
+		r.out.num_entries = &num_entries;
+		r.out.resume_handle = &resume_handle;
+
+		do {
+			int i;
+
+			torture_assert_ntstatus_ok(tctx, dcerpc_samr_EnumDomainAliases_r(b, tctx, &r),
+				"EnumDomainAliases failed");
+			if (NT_STATUS_IS_ERR(r.out.result)) {
+				torture_assert_ntstatus_ok(tctx, r.out.result,
+					"failed to call EnumDomainAliases");
+			}
+
+			for (i=0; i < num_entries; i++) {
+				torture_assert(tctx,
+					test_samr_alias(tctx, b, domain_handle, &sam->entries[i]),
+						"failed to test alias");
+			}
+
+		} while (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES));
+	}
+
+	return true;
+}
+
+static bool torture_rpc_samr_workstation_query(struct torture_context *tctx,
+					       struct dcerpc_pipe *p,
+					       struct cli_credentials *machine_credentials)
+{
+	struct policy_handle connect_handle;
+	struct policy_handle domain_handle;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	torture_assert_ntstatus_ok(tctx,
+		torture_samr_Connect5(tctx, b, SEC_FLAG_MAXIMUM_ALLOWED,
+				      &connect_handle),
+		"failed to connect to samr server");
+
+	torture_assert(tctx,
+		test_samr_domain(tctx, b, SEC_FLAG_MAXIMUM_ALLOWED,
+				 lpcfg_workgroup(tctx->lp_ctx),
+				 &connect_handle, &domain_handle),
+		"failed to test domain");
+
+	torture_assert(tctx,
+		test_samr_users(tctx, b, SEC_FLAG_MAXIMUM_ALLOWED,
+				&domain_handle),
+		"failed to test users");
+
+	torture_assert(tctx,
+		test_samr_groups(tctx, b, SEC_FLAG_MAXIMUM_ALLOWED,
+				 &domain_handle),
+		"failed to test groups");
+
+	torture_assert(tctx,
+		test_samr_aliases(tctx, b, SEC_FLAG_MAXIMUM_ALLOWED,
+				  &domain_handle),
+		"failed to test aliases");
+
+	torture_assert_ntstatus_ok(tctx,
+		torture_samr_Close(tctx, b, &domain_handle),
+		"failed to close domain handle");
+
+	torture_assert_ntstatus_ok(tctx,
+		torture_samr_Close(tctx, b, &connect_handle),
+		"failed to close connect handle");
+
+	return true;
+}
+
+/* The purpose of this test is to verify that an account authenticated as a
+ * domain member workstation can query a DC for various remote read calls all
+ * opening objects while requesting SEC_FLAG_MAXIMUM_ALLOWED access rights on
+ * the object open calls. This is the behavior of winbind (and most of samba's
+ * client code) - gd */
+
+struct torture_suite *torture_rpc_samr_workstation_auth(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "samr.machine.auth");
+	struct torture_rpc_tcase *tcase;
+
+	tcase = torture_suite_add_machine_workstation_rpc_iface_tcase(suite, "samr",
+								      &ndr_table_samr,
+								      TEST_MACHINENAME);
+
+	torture_rpc_tcase_add_test_creds(tcase, "workstation_query",
+					 torture_rpc_samr_workstation_query);
+
+	return suite;
+}
diff --git a/source4/torture/rpc/samr_handletype.c b/source4/torture/rpc/samr_handletype.c
new file mode 100644
index 0000000..ab5e7d0
--- /dev/null
+++ b/source4/torture/rpc/samr_handletype.c
@@ -0,0 +1,217 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   test suite for handle types on the SAMR pipe
+
+   Copyright (C) Samuel Cabrero <scabrero@samba.org> 2020
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_samr_c.h"
+#include "torture/rpc/torture_rpc.h"
+#include "param/param.h"
+#include "libcli/security/security.h"
+
+enum samr_handle {
+	SAMR_HANDLE_CONNECT,
+	SAMR_HANDLE_DOMAIN,
+	SAMR_HANDLE_USER,
+	SAMR_HANDLE_GROUP,
+	SAMR_HANDLE_ALIAS
+};
+
+static NTSTATUS torture_samr_Close(struct torture_context *tctx,
+				   struct dcerpc_binding_handle *b,
+				   struct policy_handle *h)
+{
+	NTSTATUS status;
+	struct samr_Close cl;
+
+	cl.in.handle  = h;
+	cl.out.handle = h;
+	status = dcerpc_samr_Close_r(b, tctx, &cl);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	return cl.out.result;
+}
+
+static NTSTATUS torture_samr_Connect5(struct torture_context *tctx,
+				      struct dcerpc_binding_handle *b,
+				      uint32_t mask, struct policy_handle *h)
+{
+	NTSTATUS status;
+	struct samr_Connect5 r5;
+	union samr_ConnectInfo info;
+	uint32_t level_out = 0;
+
+	info.info1.client_version = 0;
+	info.info1.supported_features = 0;
+	r5.in.system_name = "";
+	r5.in.level_in = 1;
+	r5.in.info_in = &info;
+	r5.out.info_out = &info;
+	r5.out.level_out = &level_out;
+	r5.out.connect_handle = h;
+	r5.in.access_mask = mask;
+
+	status = dcerpc_samr_Connect5_r(b, tctx, &r5);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	return r5.out.result;
+}
+
+static bool test_samr_handletype_OpenDomain(struct torture_context *tctx,
+					    struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct samr_LookupDomain ld;
+	struct dom_sid2 *sid = NULL;
+	struct samr_OpenDomain od;
+	struct samr_OpenUser ou;
+	struct samr_OpenGroup og;
+	struct policy_handle ch;
+	struct policy_handle bad;
+	struct policy_handle dh;
+	struct policy_handle oh;
+	struct lsa_String dn;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	/* first we must grab the sid of the domain */
+	status = torture_samr_Connect5(tctx, b, SEC_FLAG_MAXIMUM_ALLOWED, &ch);
+	torture_assert_ntstatus_ok(tctx, status, "Connect5 failed");
+
+	ld.in.connect_handle = &ch;
+	ld.in.domain_name    = &dn;
+	ld.out.sid           = &sid;
+	dn.string            = lpcfg_workgroup(tctx->lp_ctx);
+	status = dcerpc_samr_LookupDomain_r(b, tctx, &ld);
+	torture_assert_ntstatus_ok(tctx, status, "LookupDomain failed");
+	torture_assert_ntstatus_ok(tctx, ld.out.result, "LookupDomain failed");
+
+	status = torture_samr_Connect5(tctx, b, 1, &ch);
+	torture_assert_ntstatus_ok(tctx, status, "Connect5 failed");
+
+	od.in.connect_handle = &bad;
+	od.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	od.in.sid = sid;
+	od.out.domain_handle = &dh;
+
+	/* Open domain, wrong handle GUID */
+	bad = ch;
+	bad.uuid = GUID_random();
+
+	status = dcerpc_samr_OpenDomain_r(b, tctx, &od);
+	torture_assert_ntstatus_equal(tctx,
+				      status,
+				      NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
+				      "OpenDomain succeeded with random GUID");
+
+	/* Open domain, wrong handle type */
+	bad = ch;
+	bad.handle_type = SAMR_HANDLE_USER;
+
+	status = dcerpc_samr_OpenDomain_r(b, tctx, &od);
+	torture_assert_ntstatus_equal(tctx,
+				      status,
+				      NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
+				      "OpenDomain succeeded with wrong type");
+
+	/* Open domain */
+	bad = ch;
+
+	status = dcerpc_samr_OpenDomain_r(b, tctx, &od);
+	torture_assert_ntstatus_ok(tctx, status, "OpenDomain failed");
+	torture_assert_ntstatus_ok(tctx, od.out.result, "OpenDomain failed");
+
+	bad = dh;
+
+	/* Open user, wrong handle type */
+	ou.in.domain_handle = &bad;
+	ou.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	ou.in.rid = 501;
+	ou.out.user_handle = &oh;
+
+	bad.handle_type = SAMR_HANDLE_ALIAS;
+
+	status = dcerpc_samr_OpenUser_r(b, tctx, &ou);
+	torture_assert_ntstatus_equal(tctx,
+				      status,
+				      NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
+				      "OpenUser succeeded with wrong type");
+
+	/* Open user */
+	bad.handle_type = SAMR_HANDLE_DOMAIN;
+
+	status = dcerpc_samr_OpenUser_r(b, tctx, &ou);
+	torture_assert_ntstatus_ok(tctx, status, "OpenUser failed");
+	torture_assert_ntstatus_ok(tctx, ou.out.result, "OpenUser failed");
+
+	/* Close user */
+	status = torture_samr_Close(tctx, b, &oh);
+	torture_assert_ntstatus_ok(tctx, status, "Close failed");
+
+	bad = dh;
+
+	/* Open group, wrong type */
+	og.in.domain_handle = &bad;
+	og.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	og.in.rid = 513;
+	og.out.group_handle = &oh;
+
+	bad.handle_type = SAMR_HANDLE_GROUP;
+
+	status = dcerpc_samr_OpenGroup_r(b, tctx, &og);
+	torture_assert_ntstatus_equal(tctx,
+				      status,
+				      NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
+				      "OpenGroup succeeded with wrong type");
+
+	/* Open group */
+	bad.handle_type = SAMR_HANDLE_DOMAIN;
+
+	status = dcerpc_samr_OpenGroup_r(b, tctx, &og);
+	torture_assert_ntstatus_ok(tctx, status, "OpenGroup failed");
+	torture_assert_ntstatus_ok(tctx, ou.out.result, "OpenGroup failed");
+
+	/* Close group */
+	status = torture_samr_Close(tctx, b, &oh);
+	torture_assert_ntstatus_ok(tctx, status, "Close failed");
+
+	/* Close connect */
+	status = torture_samr_Close(tctx, b, &ch);
+	torture_assert_ntstatus_ok(tctx, status, "Close failed");
+
+	return true;
+}
+
+struct torture_suite *torture_rpc_samr_handletype(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = NULL;
+	struct torture_rpc_tcase *tcase = NULL;
+
+	suite = torture_suite_create(mem_ctx, "samr.handletype");
+	tcase = torture_suite_add_rpc_iface_tcase(suite, "samr",
+						  &ndr_table_samr);
+
+	torture_rpc_tcase_add_test(tcase, "OpenDomainHandleType",
+				   test_samr_handletype_OpenDomain);
+
+	return suite;
+}
diff --git a/source4/torture/rpc/samr_priv.c b/source4/torture/rpc/samr_priv.c
new file mode 100644
index 0000000..a5aa4b7
--- /dev/null
+++ b/source4/torture/rpc/samr_priv.c
@@ -0,0 +1,580 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * test suite for samr rpc operations
+ *
+ * Copyright (c) 2011      Andreas Schneider
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "param/param.h"
+#include "torture/torture.h"
+#include "librpc/gen_ndr/ndr_samr_c.h"
+#include "librpc/rpc/dcerpc_proto.h"
+#include "libcli/security/security.h"
+#include "torture/rpc/torture_rpc.h"
+
+#define TEST_ACCOUNT_NAME "guru"
+
+struct torture_user {
+	const char *username;
+	const char *password;
+	const char *domain;
+	uint32_t *builtin_memberships;
+	uint32_t num_builtin_memberships;
+	bool admin_rights;
+};
+
+struct torture_access_context {
+	struct dcerpc_pipe *pipe;
+	struct torture_user user;
+	struct test_join *join;
+};
+
+static void init_lsa_String(struct lsa_String *name, const char *s)
+{
+	name->string = s;
+}
+
+static bool test_samr_queryUserInfo(struct torture_context *tctx,
+				    struct dcerpc_binding_handle *b,
+				    struct policy_handle *user_handle)
+{
+	struct samr_QueryUserInfo r;
+	union samr_UserInfo *info;
+	NTSTATUS status;
+
+	r.in.level = UserGeneralInformation;
+	r.in.user_handle = user_handle;
+	r.out.info = &info;
+
+	status = dcerpc_samr_QueryUserInfo_r(b,
+					     tctx,
+					     &r);
+	torture_assert_ntstatus_ok(tctx, status, "queryUserInfo failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "queryUserInfo failed");
+
+	return true;
+}
+
+static bool test_LookupName(struct dcerpc_binding_handle *b,
+			    struct torture_context *tctx,
+			    struct policy_handle *domain_handle,
+			    const char *name,
+			    uint32_t *rid)
+{
+	NTSTATUS status;
+	struct samr_LookupNames n;
+	struct lsa_String sname[1];
+	struct samr_Ids rids, types;
+
+	init_lsa_String(&sname[0], name);
+
+	n.in.domain_handle = domain_handle;
+	n.in.num_names = 1;
+	n.in.names = sname;
+	n.out.rids = &rids;
+	n.out.types = &types;
+
+	status = dcerpc_samr_LookupNames_r(b, tctx, &n);
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+	if (!NT_STATUS_IS_OK(n.out.result)) {
+		return false;
+	}
+
+	*rid = n.out.rids->ids[0];
+	return true;
+}
+
+static bool test_samr_CreateUser(struct torture_context *tctx,
+			         struct dcerpc_binding_handle *b,
+			         struct policy_handle *domain_handle,
+			         const char *name,
+			         struct policy_handle *user_handle)
+{
+	struct lsa_String username;
+	struct samr_CreateUser r;
+	uint32_t rid = 0;
+	NTSTATUS status;
+
+	init_lsa_String(&username, name);
+
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.in.domain_handle = domain_handle;
+	r.in.account_name = &username;
+	r.out.user_handle = user_handle;
+	r.out.rid = &rid;
+
+	status = dcerpc_samr_CreateUser_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "CreateUser failed");
+
+	return NT_STATUS_IS_OK(r.out.result);
+}
+
+static bool test_samr_OpenUser(struct torture_context *tctx,
+			       struct dcerpc_binding_handle *b,
+			       struct policy_handle *domain_handle,
+			       const char *name,
+			       struct policy_handle *user_handle,
+			       bool expected)
+{
+	struct samr_OpenUser r;
+	uint32_t rid = 0;
+	NTSTATUS status;
+	bool ok;
+
+	ok = test_LookupName(b, tctx, domain_handle, name, &rid);
+	if (!ok && expected) {
+		torture_comment(tctx, " - lookup name for %s failed\n", name);
+		return true;
+	} else if (!ok) {
+		return false;
+	}
+
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.in.domain_handle = domain_handle;
+	r.in.rid = rid;
+	r.out.user_handle = user_handle;
+
+	status = dcerpc_samr_OpenUser_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "OpenUser failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "OpenUser failed");
+
+	return true;
+}
+
+static bool test_samr_openDomain(struct torture_context *tctx,
+				 struct dcerpc_binding_handle *b,
+				 struct policy_handle *connect_handle,
+				 const char *domain,
+				 struct policy_handle *domain_handle)
+{
+	struct samr_LookupDomain r;
+	struct samr_OpenDomain r2;
+	struct lsa_String n;
+	struct dom_sid *sid;
+	NTSTATUS status;
+
+	r.in.connect_handle = connect_handle;
+	init_lsa_String(&n, domain);
+	r.in.domain_name = &n;
+	r.out.sid = &sid;
+
+	status = dcerpc_samr_LookupDomain_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "LookupDomain failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "LookupDomain failed");
+
+	r2.in.connect_handle = connect_handle;
+	r2.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r2.in.sid = sid;
+	r2.out.domain_handle = domain_handle;
+
+	status = dcerpc_samr_OpenDomain_r(b, tctx, &r2);
+	torture_assert_ntstatus_ok(tctx, status, "OpenDomain failed");
+	torture_assert_ntstatus_ok(tctx, r2.out.result, "OpenDomain failed");
+
+	return true;
+}
+
+static bool test_samr_Connect(struct torture_context *tctx,
+			      struct dcerpc_binding_handle *b,
+			      struct policy_handle *connect_handle)
+{
+	struct samr_Connect r;
+	NTSTATUS status;
+
+	r.in.system_name = 0;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.connect_handle = connect_handle;
+
+	status = dcerpc_samr_Connect_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "SAMR connect failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "SAMR connect failed");
+
+	return true;
+}
+
+static bool test_samr_create_user(struct torture_context *tctx,
+				  struct torture_access_context *t,
+				  const char *name)
+{
+	struct dcerpc_binding_handle *b = t->pipe->binding_handle;
+	struct policy_handle connect_handle;
+	struct policy_handle domain_handle;
+	struct policy_handle user_handle;
+	bool ok = false;
+
+	torture_comment(tctx, "Connecting to SAMR\n");
+	ZERO_STRUCT(connect_handle);
+	ok = test_samr_Connect(tctx, b, &connect_handle);
+	torture_assert(tctx, ok, "Unable to connect to domain");
+
+	torture_comment(tctx, "Opening domain %s\n", t->user.domain);
+	ZERO_STRUCT(domain_handle);
+	ok = test_samr_openDomain(tctx,
+				  b,
+				  &connect_handle,
+				  t->user.domain,
+				  &domain_handle);
+	torture_assert(tctx, ok, "Unable to open to domain");
+
+	torture_comment(tctx, "Creating account %s\n", name);
+	ZERO_STRUCT(user_handle);
+	ok = test_samr_CreateUser(tctx,
+				  b,
+				  &domain_handle,
+				  name,
+				  &user_handle);
+
+	/* We don't check ok with torture macros here because the
+	 * caller might be looking for failure */
+	test_samr_handle_Close(b, tctx, &domain_handle);
+	test_samr_handle_Close(b, tctx, &connect_handle);
+
+	return ok;
+}
+
+static bool test_samr_userinfo_getinfo(struct torture_context *tctx,
+				       struct dcerpc_pipe *p,
+				       bool expected)
+{
+	const char *name;
+	struct dcerpc_pipe *p2 = NULL;
+	struct dcerpc_binding_handle *b;
+	struct policy_handle connect_handle;
+	struct policy_handle domain_handle;
+	struct policy_handle user_handle;
+	NTSTATUS status;
+	uint32_t i = 0;
+	bool ok;
+
+	status = torture_rpc_connection(tctx, &p2, &ndr_table_samr);
+	torture_assert_ntstatus_ok(tctx, status,
+			"Creating secondary connection failed");
+	b = p2->binding_handle;
+
+	torture_comment(tctx, " - 2nd connect\n");
+	/* connect */
+	ZERO_STRUCT(connect_handle);
+	ok = test_samr_Connect(tctx, b, &connect_handle);
+	torture_assert(tctx, ok, "Unable to connect to domain");
+
+	torture_comment(tctx, " - 2nd open domain\n");
+	/* open domain */
+	ZERO_STRUCT(domain_handle);
+	ok = test_samr_openDomain(tctx,
+				  b,
+				  &connect_handle,
+				  torture_setting_string(tctx, "workgroup",
+							 lpcfg_workgroup(tctx->lp_ctx)),
+				  &domain_handle);
+	torture_assert(tctx, ok, "Unable to open to domain");
+
+	/* create user */
+	name = talloc_asprintf(tctx,
+			       "%s%04d",
+			       TEST_ACCOUNT_NAME,
+			       i);
+
+	torture_comment(tctx, " - 2nd open user\n");
+	ZERO_STRUCT(user_handle);
+	ok = test_samr_OpenUser(tctx,
+				b,
+				&domain_handle,
+				name,
+				&user_handle,
+				expected);
+	torture_assert(tctx, ok, "Unable to open user");
+
+	if (!expected) {
+		torture_comment(tctx, " - 2nd query user\n");
+		ok = test_samr_queryUserInfo(tctx, b, &user_handle);
+		torture_assert(tctx, ok, "Unable to query user");
+
+		test_samr_handle_Close(b, tctx, &user_handle);
+	}
+
+	test_samr_handle_Close(b, tctx, &domain_handle);
+	test_samr_handle_Close(b, tctx, &connect_handle);
+
+	talloc_free(p2);
+
+	return true;
+}
+
+#define NUM_RUNS 20
+static bool torture_rpc_samr_caching(struct torture_context *tctx,
+				     struct dcerpc_pipe *p)
+{
+	struct test_join *join;
+	const char *password = NULL;
+	const char *name;
+	NTSTATUS status;
+	uint32_t i = 0;
+	bool ok;
+
+	torture_comment(tctx, ">>> Testing User Info Caching\n");
+
+	/* create user */
+	name = talloc_asprintf(tctx,
+			       "%s%04d",
+			       TEST_ACCOUNT_NAME,
+			       i);
+
+	torture_comment(tctx, "- Creating user %s\n", name);
+
+	join = torture_create_testuser(tctx,
+				       name,
+				       torture_setting_string(tctx, "workgroup",
+				                              lpcfg_workgroup(tctx->lp_ctx)),
+				       ACB_NORMAL,
+				       &password);
+	torture_assert(tctx, join, "failed to join domain");
+
+	torture_comment(tctx, "- Query user information\n");
+	for (i = 0; i < NUM_RUNS; i++) {
+		ok = test_samr_userinfo_getinfo(tctx, p, false);
+		torture_assert(tctx, ok, "test_samr_userinfo_getinfo failed");
+	}
+
+	torture_comment(tctx, "- Delete user\n");
+	status = torture_delete_testuser(tctx,
+					 join,
+					 name);
+	torture_assert_ntstatus_ok(tctx, status, "DeleteUser failed");
+
+	torture_comment(tctx, "- Try to query user information again (should fail)\n");
+	for (i = 0; i < NUM_RUNS; i++) {
+		ok = test_samr_userinfo_getinfo(tctx,
+						p,
+						true);
+		torture_assert(tctx, ok, "test_samr_userinfo_getinfo failed");
+	}
+
+	return true;
+}
+#undef NUM_RUNS
+
+static bool torture_rpc_samr_access_setup_membership(struct torture_context *tctx,
+						     struct dcerpc_pipe *p,
+						     uint32_t num_members,
+						     uint32_t *members,
+						     struct dom_sid *user_sid)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct policy_handle connect_handle, domain_handle;
+	int i;
+
+	torture_comment(tctx,
+		"Setting up BUILTIN membership for %s\n",
+		dom_sid_string(tctx, user_sid));
+
+	for (i=0; i < num_members; i++) {
+		torture_comment(tctx, "adding user to S-1-5-32-%d\n", members[i]);
+	}
+
+	/* connect */
+	{
+		struct samr_Connect2 r;
+		r.in.system_name = "";
+		r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+		ZERO_STRUCT(connect_handle);
+		r.out.connect_handle = &connect_handle;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_samr_Connect2_r(b, tctx, &r),
+			"samr_Connect2 failed");
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"samr_Connect2 failed");
+	}
+
+	/* open domain */
+	{
+		struct samr_OpenDomain r;
+		r.in.connect_handle = &connect_handle;
+		r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+		r.in.sid = dom_sid_parse_talloc(tctx, "S-1-5-32");
+		ZERO_STRUCT(domain_handle);
+		r.out.domain_handle = &domain_handle;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_samr_OpenDomain_r(b, tctx, &r),
+			"samr_OpenDomain failed");
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"samr_OpenDomain failed");
+	}
+
+	for (i = 0; i < num_members; i++) {
+
+		struct policy_handle alias_handle;
+
+		/* open alias */
+		{
+			struct samr_OpenAlias r;
+			r.in.domain_handle = &domain_handle;
+			r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+			r.in.rid = members[i];
+			ZERO_STRUCT(alias_handle);
+			r.out.alias_handle = &alias_handle;
+
+			torture_assert_ntstatus_ok(tctx,
+					dcerpc_samr_OpenAlias_r(b, tctx, &r),
+					"samr_OpenAlias failed");
+			torture_assert_ntstatus_ok(tctx, r.out.result,
+					"samr_OpenAlias failed");
+		}
+
+		/* add alias member */
+		{
+			struct samr_AddAliasMember r;
+			ZERO_STRUCT(alias_handle);
+			r.in.alias_handle = &alias_handle;
+			r.in.sid = user_sid;
+
+			torture_assert_ntstatus_ok(tctx,
+					dcerpc_samr_AddAliasMember_r(b, tctx, &r),
+					"samr_AddAliasMember failed");
+			torture_assert_ntstatus_ok(tctx, r.out.result,
+					"samr_AddAliasMember failed");
+		}
+
+		test_samr_handle_Close(b, tctx, &alias_handle);
+	}
+
+	test_samr_handle_Close(b, tctx, &domain_handle);
+	test_samr_handle_Close(b, tctx, &connect_handle);
+
+	return true;
+}
+
+static bool torture_rpc_samr_access_setup(struct torture_context *tctx,
+					  struct dcerpc_pipe *p,
+					  struct torture_access_context *t)
+{
+	const char *binding = torture_setting_string(tctx, "binding", NULL);
+	struct cli_credentials *test_credentials;
+	struct test_join *join;
+	struct dom_sid *test_sid;
+	struct dcerpc_pipe *samr_pipe;
+
+	t->user.domain = torture_setting_string(tctx, "workgroup",
+						lpcfg_workgroup(tctx->lp_ctx)),
+
+	join = torture_create_testuser(tctx,
+				       t->user.username,
+				       t->user.domain,
+				       ACB_NORMAL,
+				       &t->user.password);
+	torture_assert(tctx, join, "failed to join domain");
+	t->join = join;
+
+	test_credentials = cli_credentials_init(tctx);
+
+	cli_credentials_set_workstation(test_credentials,
+					"localhost",
+					CRED_SPECIFIED);
+	cli_credentials_set_domain(test_credentials,
+				   torture_setting_string(tctx, "workgroup",
+							  lpcfg_workgroup(tctx->lp_ctx)),
+				   CRED_SPECIFIED);
+	cli_credentials_set_username(test_credentials,
+				     t->user.username,
+				     CRED_SPECIFIED);
+	cli_credentials_set_password(test_credentials,
+				     t->user.password,
+				     CRED_SPECIFIED);
+	test_sid = discard_const_p(struct dom_sid,
+				   torture_join_user_sid(t->join));
+
+	if (t->user.num_builtin_memberships) {
+		torture_assert(tctx,
+			torture_rpc_samr_access_setup_membership(tctx,
+								 p,
+								 t->user.num_builtin_memberships,
+								 t->user.builtin_memberships,
+								 test_sid),
+			"failed to setup membership");
+	}
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_pipe_connect(tctx,
+				    &samr_pipe,
+				    binding,
+				    &ndr_table_samr,
+				    test_credentials,
+				    tctx->ev,
+				    tctx->lp_ctx),
+		"Error connecting to server");
+
+	t->pipe = samr_pipe;
+
+	return true;
+}
+
+static bool torture_rpc_samr_access(struct torture_context *tctx,
+				    struct dcerpc_pipe *p)
+{
+	struct torture_access_context *t;
+	const char *testuser;
+	bool ok;
+
+	torture_comment(tctx, "Testing non-privileged user access\n");
+
+	t = talloc_zero(tctx, struct torture_access_context);
+	torture_assert(tctx, t, "talloc failed");
+
+	t->user.username = talloc_asprintf(t, "%s%04d", TEST_ACCOUNT_NAME, 100);
+
+	torture_comment(tctx, "*** Setting up non-privleged user\n"
+			      "***\n");
+
+	ok = torture_rpc_samr_access_setup(tctx, p, t);
+	torture_assert(tctx, ok, "torture_rpc_samr_access_setup failed");
+
+	testuser = talloc_asprintf(t, "%s%04d", TEST_ACCOUNT_NAME, 200);
+
+	torture_comment(tctx, "*** Try to create user (%s) as non-privileged "
+			      "user - should fail\n"
+			      "***\n", testuser);
+
+	ok = test_samr_create_user(tctx, t, testuser);
+
+	torture_assert(tctx, ok == false, "*** Creating user was successful but it should fail");
+
+	return true;
+}
+
+struct torture_suite *torture_rpc_samr_priv(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite =
+		torture_suite_create(mem_ctx, "samr.priv");
+	struct torture_rpc_tcase *tcase;
+
+	tcase = torture_suite_add_rpc_iface_tcase(suite,
+						  "samr",
+						  &ndr_table_samr);
+
+	torture_rpc_tcase_add_test(tcase,
+				   "caching",
+				   torture_rpc_samr_caching);
+
+	torture_rpc_tcase_add_test(tcase,
+				   "access",
+				   torture_rpc_samr_access);
+
+	return suite;
+}
diff --git a/source4/torture/rpc/samsync.c b/source4/torture/rpc/samsync.c
new file mode 100644
index 0000000..a8541d3
--- /dev/null
+++ b/source4/torture/rpc/samsync.c
@@ -0,0 +1,1798 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   test suite for netlogon rpc operations
+
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003-2004
+   Copyright (C) Tim Potter      2003
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "../lib/util/dlinklist.h"
+#include "../lib/crypto/crypto.h"
+#include "system/time.h"
+#include "torture/rpc/torture_rpc.h"
+#include "auth/gensec/gensec.h"
+#include "libcli/auth/libcli_auth.h"
+#include "libcli/samsync/samsync.h"
+#include "libcli/security/security.h"
+#include "librpc/gen_ndr/ndr_netlogon.h"
+#include "librpc/gen_ndr/ndr_netlogon_c.h"
+#include "librpc/gen_ndr/ndr_lsa_c.h"
+#include "librpc/gen_ndr/ndr_samr_c.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "param/param.h"
+#include "lib/crypto/gnutls_helpers.h"
+
+#define TEST_MACHINE_NAME "samsynctest"
+#define TEST_WKSTA_MACHINE_NAME "samsynctest2"
+#define TEST_USER_NAME "samsynctestuser"
+
+/*
+  try a netlogon SamLogon
+*/
+static NTSTATUS test_SamLogon(struct torture_context *tctx,
+			      struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+			      struct netlogon_creds_CredentialState *creds,
+			      const char *domain, const char *account_name,
+			      const char *workstation,
+			      struct samr_Password *lm_hash,
+			      struct samr_Password *nt_hash,
+			      struct netr_SamInfo3 **info3)
+{
+	NTSTATUS status;
+	struct netr_LogonSamLogon r;
+	struct netr_Authenticator auth, auth2;
+	struct netr_NetworkInfo ninfo;
+	union netr_LogonLevel logon;
+	union netr_Validation validation;
+	uint8_t authoritative;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	int rc;
+
+	ninfo.identity_info.domain_name.string = domain;
+	ninfo.identity_info.parameter_control = 0;
+	ninfo.identity_info.logon_id = 0;
+	ninfo.identity_info.account_name.string = account_name;
+	ninfo.identity_info.workstation.string = workstation;
+	generate_random_buffer(ninfo.challenge,
+			       sizeof(ninfo.challenge));
+	if (nt_hash) {
+		ninfo.nt.length = 24;
+		ninfo.nt.data = talloc_array(mem_ctx, uint8_t, 24);
+		rc = SMBOWFencrypt(nt_hash->hash, ninfo.challenge,
+				   ninfo.nt.data);
+		if (rc != 0) {
+			return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
+		}
+	} else {
+		ninfo.nt.length = 0;
+		ninfo.nt.data = NULL;
+	}
+
+	if (lm_hash) {
+		ninfo.lm.length = 24;
+		ninfo.lm.data = talloc_array(mem_ctx, uint8_t, 24);
+		rc = SMBOWFencrypt(lm_hash->hash, ninfo.challenge,
+				   ninfo.lm.data);
+		if (rc != 0) {
+			return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
+		}
+	} else {
+		ninfo.lm.length = 0;
+		ninfo.lm.data = NULL;
+	}
+
+	logon.network = &ninfo;
+
+	r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.computer_name = workstation;
+	r.in.credential = &auth;
+	r.in.return_authenticator = &auth2;
+	r.in.logon_level = NetlogonNetworkInformation;
+	r.in.logon = &logon;
+	r.out.validation = &validation;
+	r.out.authoritative = &authoritative;
+
+	ZERO_STRUCT(auth2);
+	netlogon_creds_client_authenticator(creds, &auth);
+
+	r.in.validation_level = 3;
+
+	status = dcerpc_netr_LogonSamLogon_r(b, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
+		torture_comment(tctx, "Credential chaining failed\n");
+	}
+
+	if (info3) {
+		*info3 = validation.sam3;
+	}
+
+	return r.out.result;
+}
+
+struct samsync_state {
+/* we remember the sequence numbers so we can easily do a DatabaseDelta */
+	uint64_t seq_num[3];
+	const char *domain_name[2];
+	struct samsync_secret *secrets;
+	struct samsync_trusted_domain *trusted_domains;
+	struct netlogon_creds_CredentialState *creds;
+	struct netlogon_creds_CredentialState *creds_netlogon_wksta;
+	struct policy_handle *connect_handle;
+	struct policy_handle *domain_handle[2];
+	struct dom_sid *sid[2];
+	struct dcerpc_pipe *p;
+	struct dcerpc_binding_handle *b;
+	struct dcerpc_pipe *p_netlogon_wksta;
+	struct dcerpc_pipe *p_samr;
+	struct dcerpc_binding_handle *b_samr;
+	struct dcerpc_pipe *p_lsa;
+	struct dcerpc_binding_handle *b_lsa;
+	struct policy_handle *lsa_handle;
+};
+
+struct samsync_secret {
+	struct samsync_secret *prev, *next;
+	DATA_BLOB secret;
+	const char *name;
+	NTTIME mtime;
+};
+
+struct samsync_trusted_domain {
+	struct samsync_trusted_domain *prev, *next;
+        struct dom_sid *sid;
+	const char *name;
+};
+
+static struct policy_handle *samsync_open_domain(struct torture_context *tctx,
+						 TALLOC_CTX *mem_ctx,
+						 struct samsync_state *samsync_state,
+						 const char *domain,
+						 struct dom_sid **sid_p)
+{
+	struct lsa_String name;
+	struct samr_OpenDomain o;
+	struct samr_LookupDomain l;
+	struct dom_sid2 *sid = NULL;
+	struct policy_handle *domain_handle = talloc(mem_ctx, struct policy_handle);
+	NTSTATUS nt_status;
+
+	name.string = domain;
+	l.in.connect_handle = samsync_state->connect_handle;
+	l.in.domain_name = &name;
+	l.out.sid = &sid;
+
+	nt_status = dcerpc_samr_LookupDomain_r(samsync_state->b_samr, mem_ctx, &l);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		torture_comment(tctx, "LookupDomain failed - %s\n", nt_errstr(nt_status));
+		return NULL;
+	}
+	if (!NT_STATUS_IS_OK(l.out.result)) {
+		torture_comment(tctx, "LookupDomain failed - %s\n", nt_errstr(l.out.result));
+		return NULL;
+	}
+
+	o.in.connect_handle = samsync_state->connect_handle;
+	o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	o.in.sid = *l.out.sid;
+	o.out.domain_handle = domain_handle;
+
+	if (sid_p) {
+		*sid_p = *l.out.sid;
+	}
+
+	nt_status = dcerpc_samr_OpenDomain_r(samsync_state->b_samr, mem_ctx, &o);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		torture_comment(tctx, "OpenDomain failed - %s\n", nt_errstr(nt_status));
+		return NULL;
+	}
+	if (!NT_STATUS_IS_OK(o.out.result)) {
+		torture_comment(tctx, "OpenDomain failed - %s\n", nt_errstr(o.out.result));
+		return NULL;
+	}
+
+	return domain_handle;
+}
+
+static struct sec_desc_buf *samsync_query_samr_sec_desc(struct torture_context *tctx,
+							TALLOC_CTX *mem_ctx,
+							struct samsync_state *samsync_state,
+							struct policy_handle *handle)
+{
+	struct samr_QuerySecurity r;
+	struct sec_desc_buf *sdbuf = NULL;
+	NTSTATUS status;
+
+	r.in.handle = handle;
+	r.in.sec_info = 0x7;
+	r.out.sdbuf = &sdbuf;
+
+	status = dcerpc_samr_QuerySecurity_r(samsync_state->b_samr, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "SAMR QuerySecurity failed - %s\n", nt_errstr(status));
+		return NULL;
+	}
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		torture_comment(tctx, "SAMR QuerySecurity failed - %s\n", nt_errstr(r.out.result));
+		return NULL;
+	}
+
+	return sdbuf;
+}
+
+static struct sec_desc_buf *samsync_query_lsa_sec_desc(struct torture_context *tctx,
+						       TALLOC_CTX *mem_ctx,
+						       struct samsync_state *samsync_state,
+						       struct policy_handle *handle)
+{
+	struct lsa_QuerySecurity r;
+	struct sec_desc_buf *sdbuf = NULL;
+	NTSTATUS status;
+
+	r.in.handle = handle;
+	r.in.sec_info = 0x7;
+	r.out.sdbuf = &sdbuf;
+
+	status = dcerpc_lsa_QuerySecurity_r(samsync_state->b_lsa, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "LSA QuerySecurity failed - %s\n", nt_errstr(status));
+		return NULL;
+	}
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		torture_comment(tctx, "LSA QuerySecurity failed - %s\n", nt_errstr(r.out.result));
+		return NULL;
+	}
+
+	return sdbuf;
+}
+
+#define TEST_UINT64_EQUAL(i1, i2) do {\
+	if (i1 != i2) {\
+              torture_comment(tctx, "%s: uint64 mismatch: " #i1 ": 0x%016llx (%lld) != " #i2 ": 0x%016llx (%lld)\n", \
+		     __location__, \
+		     (long long)i1, (long long)i1, \
+		     (long long)i2, (long long)i2);\
+	      ret = false;\
+	} \
+} while (0)
+#define TEST_INT_EQUAL(i1, i2) do {\
+	if (i1 != i2) {\
+	      torture_comment(tctx, "%s: integer mismatch: " #i1 ": 0x%08x (%d) != " #i2 ": 0x%08x (%d)\n", \
+		     __location__, i1, i1, i2, i2);			\
+	      ret = false;\
+	} \
+} while (0)
+#define TEST_TIME_EQUAL(t1, t2) do {\
+	if (t1 != t2) {\
+	      torture_comment(tctx, "%s: NTTIME mismatch: " #t1 ":%s != " #t2 ": %s\n", \
+		     __location__, nt_time_string(mem_ctx, t1),  nt_time_string(mem_ctx, t2));\
+	      ret = false;\
+	} \
+} while (0)
+
+#define TEST_STRING_EQUAL(s1, s2) do {\
+	if (!((!s1.string || s1.string[0]=='\0') && (!s2.string || s2.string[0]=='\0')) \
+	    && strcmp_safe(s1.string, s2.string) != 0) {\
+	      torture_comment(tctx, "%s: string mismatch: " #s1 ":%s != " #s2 ": %s\n", \
+		     __location__, s1.string, s2.string);\
+	      ret = false;\
+	} \
+} while (0)
+
+#define TEST_BINARY_STRING_EQUAL(s1, s2) do {\
+	if (!((!s1.array || s1.array[0]=='\0') && (!s2.array || s2.array[0]=='\0')) \
+	    && memcmp(s1.array, s2.array, s1.length * 2) != 0) {\
+	      torture_comment(tctx, "%s: string mismatch: " #s1 ":%s != " #s2 ": %s\n", \
+		     __location__, (const char *)s1.array, (const char *)s2.array);\
+	      ret = false;\
+	} \
+} while (0)
+
+#define TEST_SID_EQUAL(s1, s2) do {\
+	if (!dom_sid_equal(s1, s2)) {\
+	      torture_comment(tctx, "%s: dom_sid mismatch: " #s1 ":%s != " #s2 ": %s\n", \
+		     __location__, dom_sid_string(mem_ctx, s1), dom_sid_string(mem_ctx, s2));\
+	      ret = false;\
+	} \
+} while (0)
+
+/* The ~SEC_DESC_SACL_PRESENT is because we don't, as administrator,
+ * get back the SACL part of the SD when we ask over SAMR */
+
+#define TEST_SEC_DESC_EQUAL(sd1, pipe, handle) do {\
+        struct sec_desc_buf *sdbuf = samsync_query_ ##pipe## _sec_desc(tctx, mem_ctx, samsync_state, \
+						            handle); \
+	if (!sdbuf || !sdbuf->sd) { \
+                torture_comment(tctx, "Could not obtain security descriptor to match " #sd1 "\n");\
+	        ret = false; \
+        } else {\
+		if (!security_descriptor_mask_equal(sd1.sd, sdbuf->sd, \
+ 			    ~SEC_DESC_SACL_PRESENT)) {\
+			torture_comment(tctx, "Security Descriptor Mismatch for %s:\n", #sd1);\
+			NDR_PRINT_DEBUG(security_descriptor, sd1.sd);\
+			NDR_PRINT_DEBUG(security_descriptor, sdbuf->sd);\
+			ret = false;\
+		}\
+	}\
+} while (0)
+
+static bool samsync_handle_domain(struct torture_context *tctx, TALLOC_CTX *mem_ctx, struct samsync_state *samsync_state,
+			   int database_id, struct netr_DELTA_ENUM *delta)
+{
+	struct netr_DELTA_DOMAIN *domain = delta->delta_union.domain;
+	struct dom_sid *dom_sid;
+	struct samr_QueryDomainInfo q[14]; /* q[0] will be unused simple for clarity */
+	union samr_DomainInfo *info[14];
+	uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13};
+	int i;
+	bool ret = true;
+
+	samsync_state->seq_num[database_id] =
+		domain->sequence_num;
+	switch (database_id) {
+	case SAM_DATABASE_DOMAIN:
+		break;
+	case SAM_DATABASE_BUILTIN:
+		if (strcasecmp_m("BUILTIN", domain->domain_name.string) != 0) {
+			torture_comment(tctx, "BUILTIN domain has different name: %s\n", domain->domain_name.string);
+		}
+		break;
+	case SAM_DATABASE_PRIVS:
+		torture_comment(tctx, "DOMAIN entry on privs DB!\n");
+		return false;
+		break;
+	}
+
+	if (!samsync_state->domain_name[database_id]) {
+		samsync_state->domain_name[database_id] =
+			talloc_strdup(samsync_state, domain->domain_name.string);
+	} else {
+		if (strcasecmp_m(samsync_state->domain_name[database_id], domain->domain_name.string) != 0) {
+			torture_comment(tctx, "Domain has name varies!: %s != %s\n", samsync_state->domain_name[database_id],
+			       domain->domain_name.string);
+			return false;
+		}
+	}
+
+	if (!samsync_state->domain_handle[database_id]) {
+		samsync_state->domain_handle[database_id] =
+			samsync_open_domain(tctx,
+					    samsync_state,
+					    samsync_state,
+					    samsync_state->domain_name[database_id],
+					    &dom_sid);
+	}
+	if (samsync_state->domain_handle[database_id]) {
+		samsync_state->sid[database_id] = dom_sid_dup(samsync_state, dom_sid);
+	}
+
+	torture_comment(tctx, "\tsequence_nums[%d/%s]=%llu\n",
+	       database_id, domain->domain_name.string,
+	       (long long)samsync_state->seq_num[database_id]);
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+
+		q[levels[i]].in.domain_handle = samsync_state->domain_handle[database_id];
+		q[levels[i]].in.level = levels[i];
+		q[levels[i]].out.info = &info[levels[i]];
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_samr_QueryDomainInfo_r(samsync_state->b_samr, mem_ctx, &q[levels[i]]),
+			talloc_asprintf(tctx, "QueryDomainInfo level %u failed", q[levels[i]].in.level));
+		torture_assert_ntstatus_ok(tctx, q[levels[i]].out.result,
+			talloc_asprintf(tctx, "QueryDomainInfo level %u failed", q[levels[i]].in.level));
+	}
+
+	TEST_STRING_EQUAL(info[5]->info5.domain_name, domain->domain_name);
+
+	TEST_STRING_EQUAL(info[2]->general.oem_information, domain->oem_information);
+	TEST_STRING_EQUAL(info[4]->oem.oem_information, domain->oem_information);
+	TEST_TIME_EQUAL(info[2]->general.force_logoff_time, domain->force_logoff_time);
+	TEST_TIME_EQUAL(info[3]->info3.force_logoff_time, domain->force_logoff_time);
+
+	TEST_TIME_EQUAL(info[1]->info1.min_password_length, domain->min_password_length);
+	TEST_TIME_EQUAL(info[1]->info1.password_history_length, domain->password_history_length);
+	TEST_TIME_EQUAL(info[1]->info1.max_password_age, domain->max_password_age);
+	TEST_TIME_EQUAL(info[1]->info1.min_password_age, domain->min_password_age);
+
+	TEST_UINT64_EQUAL(info[8]->info8.sequence_num,
+			domain->sequence_num);
+	TEST_TIME_EQUAL(info[8]->info8.domain_create_time,
+			domain->domain_create_time);
+	TEST_TIME_EQUAL(info[13]->info13.domain_create_time,
+			domain->domain_create_time);
+
+	TEST_SEC_DESC_EQUAL(domain->sdbuf, samr, samsync_state->domain_handle[database_id]);
+
+	return ret;
+}
+
+static bool samsync_handle_policy(struct torture_context *tctx,
+				  TALLOC_CTX *mem_ctx, struct samsync_state *samsync_state,
+			   int database_id, struct netr_DELTA_ENUM *delta)
+{
+	struct netr_DELTA_POLICY *policy = delta->delta_union.policy;
+
+	switch (database_id) {
+	case SAM_DATABASE_DOMAIN:
+	case SAM_DATABASE_BUILTIN:
+		break;
+	case SAM_DATABASE_PRIVS:
+		torture_comment(tctx, "DOMAIN entry on privs DB!\n");
+		return false;
+	}
+
+	samsync_state->seq_num[database_id] =
+		policy->sequence_num;
+
+	if (!samsync_state->domain_name[SAM_DATABASE_DOMAIN]) {
+		samsync_state->domain_name[SAM_DATABASE_DOMAIN] =
+			talloc_strdup(samsync_state, policy->primary_domain_name.string);
+	} else {
+		if (strcasecmp_m(samsync_state->domain_name[SAM_DATABASE_DOMAIN], policy->primary_domain_name.string) != 0) {
+			torture_comment(tctx, "PRIMARY domain has name varies between DOMAIN and POLICY!: %s != %s\n", samsync_state->domain_name[SAM_DATABASE_DOMAIN],
+			       policy->primary_domain_name.string);
+			return false;
+		}
+	}
+
+	if (!dom_sid_equal(samsync_state->sid[SAM_DATABASE_DOMAIN], policy->sid)) {
+		torture_comment(tctx, "Domain SID from POLICY (%s) does not match domain sid from SAMR (%s)\n",
+		       dom_sid_string(mem_ctx, policy->sid), dom_sid_string(mem_ctx, samsync_state->sid[SAM_DATABASE_DOMAIN]));
+		return false;
+	}
+
+	torture_comment(tctx, "\tsequence_nums[%d/PRIVS]=%llu\n",
+	       database_id,
+	       (long long)samsync_state->seq_num[database_id]);
+	return true;
+}
+
+static bool samsync_handle_user(struct torture_context *tctx, TALLOC_CTX *mem_ctx, struct samsync_state *samsync_state,
+				int database_id, struct netr_DELTA_ENUM *delta)
+{
+	uint32_t rid = delta->delta_id_union.rid;
+	struct netr_DELTA_USER *user = delta->delta_union.user;
+	struct netr_SamInfo3 *info3 = NULL;
+	struct samr_Password lm_hash;
+	struct samr_Password nt_hash;
+	struct samr_Password *lm_hash_p = NULL;
+	struct samr_Password *nt_hash_p = NULL;
+	const char *domain;
+	const char *username = user->account_name.string;
+	NTSTATUS nt_status;
+	bool ret = true;
+	struct samr_OpenUser r;
+	struct samr_QueryUserInfo q;
+	union samr_UserInfo *info;
+	struct policy_handle user_handle;
+	struct samr_GetGroupsForUser getgr;
+	struct samr_RidWithAttributeArray *rids;
+
+	switch (database_id) {
+	case SAM_DATABASE_DOMAIN:
+	case SAM_DATABASE_BUILTIN:
+		break;
+	case SAM_DATABASE_PRIVS:
+		torture_comment(tctx, "DOMAIN entry on privs DB!\n");
+		return false;
+	}
+
+	domain = samsync_state->domain_name[database_id];
+
+	if (domain == NULL ||
+	    samsync_state->domain_handle[database_id] == NULL) {
+		torture_comment(tctx, "SamSync needs domain information before the users\n");
+		return false;
+	}
+
+	r.in.domain_handle = samsync_state->domain_handle[database_id];
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.in.rid = rid;
+	r.out.user_handle = &user_handle;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_samr_OpenUser_r(samsync_state->b_samr, mem_ctx, &r),
+		talloc_asprintf(tctx, "OpenUser(%u) failed", rid));
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+		talloc_asprintf(tctx, "OpenUser(%u) failed", rid));
+
+	q.in.user_handle = &user_handle;
+	q.in.level = 21;
+	q.out.info = &info;
+
+	TEST_SEC_DESC_EQUAL(user->sdbuf, samr, &user_handle);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_samr_QueryUserInfo_r(samsync_state->b_samr, mem_ctx, &q),
+		talloc_asprintf(tctx, "OpenUserInfo level %u failed", q.in.level));
+	torture_assert_ntstatus_ok(tctx, q.out.result,
+		talloc_asprintf(tctx, "OpenUserInfo level %u failed", q.in.level));
+
+	getgr.in.user_handle = &user_handle;
+	getgr.out.rids = &rids;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_samr_GetGroupsForUser_r(samsync_state->b_samr, mem_ctx, &getgr),
+		"GetGroupsForUser failed");
+	torture_assert_ntstatus_ok(tctx, getgr.out.result,
+		"GetGroupsForUser failed");
+
+	if (!test_samr_handle_Close(samsync_state->b_samr, tctx, &user_handle)) {
+		torture_comment(tctx, "samr_handle_Close failed\n");
+		ret = false;
+	}
+	if (!ret) {
+		return false;
+	}
+
+	TEST_STRING_EQUAL(info->info21.account_name, user->account_name);
+	TEST_STRING_EQUAL(info->info21.full_name, user->full_name);
+	TEST_INT_EQUAL(info->info21.rid, user->rid);
+	TEST_INT_EQUAL(info->info21.primary_gid, user->primary_gid);
+	TEST_STRING_EQUAL(info->info21.home_directory, user->home_directory);
+	TEST_STRING_EQUAL(info->info21.home_drive, user->home_drive);
+	TEST_STRING_EQUAL(info->info21.logon_script, user->logon_script);
+	TEST_STRING_EQUAL(info->info21.description, user->description);
+	TEST_STRING_EQUAL(info->info21.workstations, user->workstations);
+
+	TEST_TIME_EQUAL(info->info21.last_logon, user->last_logon);
+	TEST_TIME_EQUAL(info->info21.last_logoff, user->last_logoff);
+
+
+	TEST_INT_EQUAL(info->info21.logon_hours.units_per_week,
+		       user->logon_hours.units_per_week);
+	if (ret) {
+		if (memcmp(info->info21.logon_hours.bits, user->logon_hours.bits,
+			   info->info21.logon_hours.units_per_week/8) != 0) {
+			torture_comment(tctx, "Logon hours mismatch\n");
+			ret = false;
+		}
+	}
+
+	TEST_INT_EQUAL(info->info21.bad_password_count,
+		       user->bad_password_count);
+	TEST_INT_EQUAL(info->info21.logon_count,
+		       user->logon_count);
+
+	TEST_TIME_EQUAL(info->info21.last_password_change,
+		       user->last_password_change);
+	TEST_TIME_EQUAL(info->info21.acct_expiry,
+		       user->acct_expiry);
+
+	TEST_INT_EQUAL((info->info21.acct_flags & ~ACB_PW_EXPIRED), user->acct_flags);
+	if (user->acct_flags & ACB_PWNOEXP) {
+		if (info->info21.acct_flags & ACB_PW_EXPIRED) {
+			torture_comment(tctx, "ACB flags mismatch: both expired and no expiry!\n");
+			ret = false;
+		}
+		if (info->info21.force_password_change != (NTTIME)0x7FFFFFFFFFFFFFFFULL) {
+			torture_comment(tctx, "ACB flags mismatch: no password expiry, but force password change 0x%016llx (%lld) != 0x%016llx (%lld)\n",
+			       (unsigned long long)info->info21.force_password_change,
+			       (unsigned long long)info->info21.force_password_change,
+			       (unsigned long long)0x7FFFFFFFFFFFFFFFULL, (unsigned long long)0x7FFFFFFFFFFFFFFFULL
+				);
+			ret = false;
+		}
+	}
+
+	TEST_INT_EQUAL(info->info21.nt_password_set, user->nt_password_present);
+	TEST_INT_EQUAL(info->info21.lm_password_set, user->lm_password_present);
+	TEST_INT_EQUAL(info->info21.password_expired, user->password_expired);
+
+	TEST_STRING_EQUAL(info->info21.comment, user->comment);
+	TEST_BINARY_STRING_EQUAL(info->info21.parameters, user->parameters);
+
+	TEST_INT_EQUAL(info->info21.country_code, user->country_code);
+	TEST_INT_EQUAL(info->info21.code_page, user->code_page);
+
+	TEST_STRING_EQUAL(info->info21.profile_path, user->profile_path);
+
+	if (user->lm_password_present) {
+		lm_hash_p = &lm_hash;
+	}
+	if (user->nt_password_present) {
+		nt_hash_p = &nt_hash;
+	}
+
+	if (user->user_private_info.SensitiveData) {
+		DATA_BLOB data;
+		struct netr_USER_KEYS keys;
+		enum ndr_err_code ndr_err;
+		data.data = user->user_private_info.SensitiveData;
+		data.length = user->user_private_info.DataLength;
+		ndr_err = ndr_pull_struct_blob(&data, mem_ctx, &keys, (ndr_pull_flags_fn_t)ndr_pull_netr_USER_KEYS);
+		if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			if (keys.keys.keys2.lmpassword.length == 16) {
+				lm_hash_p = &lm_hash;
+			}
+			if (keys.keys.keys2.ntpassword.length == 16) {
+				nt_hash_p = &nt_hash;
+			}
+		} else {
+			torture_comment(tctx, "Failed to parse Sensitive Data for %s:\n", username);
+#if 0
+			dump_data(0, data.data, data.length);
+#endif
+			return false;
+		}
+	}
+
+	if (nt_hash_p) {
+		DATA_BLOB nt_hash_blob = data_blob_const(nt_hash_p, 16);
+		DEBUG(100,("ACCOUNT [%s\\%-25s] NTHASH %s\n", samsync_state->domain_name[0], username, data_blob_hex_string_upper(mem_ctx, &nt_hash_blob)));
+	}
+	if (lm_hash_p) {
+		DATA_BLOB lm_hash_blob = data_blob_const(lm_hash_p, 16);
+		DEBUG(100,("ACCOUNT [%s\\%-25s] LMHASH %s\n", samsync_state->domain_name[0], username, data_blob_hex_string_upper(mem_ctx, &lm_hash_blob)));
+	}
+
+	nt_status = test_SamLogon(tctx,
+				  samsync_state->p_netlogon_wksta, mem_ctx, samsync_state->creds_netlogon_wksta,
+				  domain,
+				  username,
+				  TEST_WKSTA_MACHINE_NAME,
+				  lm_hash_p,
+				  nt_hash_p,
+				  &info3);
+
+	if (NT_STATUS_EQUAL(nt_status, NT_STATUS_ACCOUNT_DISABLED)) {
+		if (user->acct_flags & ACB_DISABLED) {
+			return true;
+		}
+	} else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT)) {
+		if (user->acct_flags & ACB_WSTRUST) {
+			return true;
+		}
+	} else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT)) {
+		if (user->acct_flags & ACB_SVRTRUST) {
+			return true;
+		}
+	} else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT)) {
+		if (user->acct_flags & ACB_DOMTRUST) {
+			return true;
+		}
+	} else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT)) {
+		if (user->acct_flags & ACB_DOMTRUST) {
+			return true;
+		}
+	} else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_ACCOUNT_LOCKED_OUT)) {
+		if (user->acct_flags & ACB_AUTOLOCK) {
+			return true;
+		}
+	} else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_PASSWORD_EXPIRED)) {
+		if (info->info21.acct_flags & ACB_PW_EXPIRED) {
+			return true;
+		}
+	} else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD)) {
+		if (!lm_hash_p && !nt_hash_p) {
+			return true;
+		}
+	} else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_PASSWORD_MUST_CHANGE)) {
+		/* We would need to know the server's current time to test this properly */
+		return true;
+	} else if (NT_STATUS_IS_OK(nt_status)) {
+		TEST_INT_EQUAL(user->rid, info3->base.rid);
+		TEST_INT_EQUAL(user->primary_gid, info3->base.primary_gid);
+		/* this is 0x0 from NT4 sp6 */
+		if (info3->base.acct_flags) {
+			TEST_INT_EQUAL(user->acct_flags, info3->base.acct_flags);
+		}
+		/* this is NULL from NT4 sp6 */
+		if (info3->base.account_name.string) {
+			TEST_STRING_EQUAL(user->account_name, info3->base.account_name);
+		}
+		/* this is NULL from Win2k3 */
+		if (info3->base.full_name.string) {
+			TEST_STRING_EQUAL(user->full_name, info3->base.full_name);
+		}
+		TEST_STRING_EQUAL(user->logon_script, info3->base.logon_script);
+		TEST_STRING_EQUAL(user->profile_path, info3->base.profile_path);
+		TEST_STRING_EQUAL(user->home_directory, info3->base.home_directory);
+		TEST_STRING_EQUAL(user->home_drive, info3->base.home_drive);
+		TEST_STRING_EQUAL(user->logon_script, info3->base.logon_script);
+
+
+		TEST_TIME_EQUAL(user->last_logon, info3->base.logon_time);
+		TEST_TIME_EQUAL(user->acct_expiry, info3->base.kickoff_time);
+		TEST_TIME_EQUAL(user->last_password_change, info3->base.last_password_change);
+		TEST_TIME_EQUAL(info->info21.force_password_change, info3->base.force_password_change);
+
+		/* Does the concept of a logoff time ever really
+		 * exist? (not in any sensible way, according to the
+		 * doco I read -- abartlet) */
+
+		/* This copes with the two different versions of 0 I see */
+		/* with NT4 sp6 we have the || case */
+		if (!((user->last_logoff == 0)
+		      || (info3->base.logoff_time == 0x7fffffffffffffffLL))) {
+			TEST_TIME_EQUAL(user->last_logoff, info3->base.logoff_time);
+		}
+
+		TEST_INT_EQUAL(rids->count, info3->base.groups.count);
+		if (rids->count == info3->base.groups.count) {
+			int i, j;
+			int count = rids->count;
+			bool *matched = talloc_zero_array(mem_ctx, bool, rids->count);
+
+			for (i = 0; i < count; i++) {
+				for (j = 0; j < count; j++) {
+					if ((rids->rids[i].rid ==
+					     info3->base.groups.rids[j].rid)
+					    && (rids->rids[i].attributes ==
+						info3->base.groups.rids[j].attributes)) {
+							matched[i] = true;
+						}
+				}
+			}
+
+			for (i = 0; i < rids->count; i++) {
+				if (matched[i] == false) {
+					ret = false;
+					torture_comment(tctx, "Could not find group RID %u found in getgroups in NETLOGON reply\n",
+					       rids->rids[i].rid);
+				}
+			}
+		}
+		return ret;
+	} else {
+		torture_comment(tctx, "Could not validate password for user %s\\%s: %s\n",
+		       domain, username, nt_errstr(nt_status));
+		return false;
+	}
+	return false;
+}
+
+static bool samsync_handle_alias(struct torture_context *tctx,
+				 TALLOC_CTX *mem_ctx, struct samsync_state *samsync_state,
+				 int database_id, struct netr_DELTA_ENUM *delta)
+{
+	uint32_t rid = delta->delta_id_union.rid;
+	struct netr_DELTA_ALIAS *alias = delta->delta_union.alias;
+	bool ret = true;
+
+	struct samr_OpenAlias r;
+	struct samr_QueryAliasInfo q;
+	union samr_AliasInfo *info;
+	struct policy_handle alias_handle;
+
+	switch (database_id) {
+	case SAM_DATABASE_DOMAIN:
+	case SAM_DATABASE_BUILTIN:
+		break;
+	case SAM_DATABASE_PRIVS:
+		torture_comment(tctx, "DOMAIN entry on privs DB!\n");
+		return false;
+	}
+
+	if (samsync_state->domain_name[database_id] == NULL ||
+	    samsync_state->domain_handle[database_id] == NULL) {
+		torture_comment(tctx, "SamSync needs domain information before the users\n");
+		return false;
+	}
+
+	r.in.domain_handle = samsync_state->domain_handle[database_id];
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.in.rid = rid;
+	r.out.alias_handle = &alias_handle;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_samr_OpenAlias_r(samsync_state->b_samr, mem_ctx, &r),
+		talloc_asprintf(tctx, "OpenUser(%u) failed", rid));
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+		talloc_asprintf(tctx, "OpenUser(%u) failed", rid));
+
+	q.in.alias_handle = &alias_handle;
+	q.in.level = 1;
+	q.out.info = &info;
+
+	TEST_SEC_DESC_EQUAL(alias->sdbuf, samr, &alias_handle);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_samr_QueryAliasInfo_r(samsync_state->b_samr, mem_ctx, &q),
+		"QueryAliasInfo failed");
+	if (!test_samr_handle_Close(samsync_state->b_samr, tctx, &alias_handle)) {
+		return false;
+	}
+
+	if (!NT_STATUS_IS_OK(q.out.result)) {
+		torture_comment(tctx, "QueryAliasInfo level %u failed - %s\n",
+		       q.in.level, nt_errstr(q.out.result));
+		return false;
+	}
+
+	TEST_STRING_EQUAL(info->all.name, alias->alias_name);
+	TEST_STRING_EQUAL(info->all.description, alias->description);
+	return ret;
+}
+
+static bool samsync_handle_group(struct torture_context *tctx,
+				 TALLOC_CTX *mem_ctx, struct samsync_state *samsync_state,
+				 int database_id, struct netr_DELTA_ENUM *delta)
+{
+	uint32_t rid = delta->delta_id_union.rid;
+	struct netr_DELTA_GROUP *group = delta->delta_union.group;
+	bool ret = true;
+
+	struct samr_OpenGroup r;
+	struct samr_QueryGroupInfo q;
+	union samr_GroupInfo *info;
+	struct policy_handle group_handle;
+
+	switch (database_id) {
+	case SAM_DATABASE_DOMAIN:
+	case SAM_DATABASE_BUILTIN:
+		break;
+	case SAM_DATABASE_PRIVS:
+		torture_comment(tctx, "DOMAIN entry on privs DB!\n");
+		return false;
+	}
+
+	if (samsync_state->domain_name[database_id] == NULL ||
+	    samsync_state->domain_handle[database_id] == NULL) {
+		torture_comment(tctx, "SamSync needs domain information before the users\n");
+		return false;
+	}
+
+	r.in.domain_handle = samsync_state->domain_handle[database_id];
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.in.rid = rid;
+	r.out.group_handle = &group_handle;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_samr_OpenGroup_r(samsync_state->b_samr, mem_ctx, &r),
+		talloc_asprintf(tctx, "OpenUser(%u) failed", rid));
+	torture_assert_ntstatus_ok(tctx, r.out.result,
+		talloc_asprintf(tctx, "OpenUser(%u) failed", rid));
+
+	q.in.group_handle = &group_handle;
+	q.in.level = 1;
+	q.out.info = &info;
+
+	TEST_SEC_DESC_EQUAL(group->sdbuf, samr, &group_handle);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_samr_QueryGroupInfo_r(samsync_state->b_samr, mem_ctx, &q),
+		"QueryGroupInfo failed");
+	if (!test_samr_handle_Close(samsync_state->b_samr, tctx, &group_handle)) {
+		return false;
+	}
+
+	if (!NT_STATUS_IS_OK(q.out.result)) {
+		torture_comment(tctx, "QueryGroupInfo level %u failed - %s\n",
+		       q.in.level, nt_errstr(q.out.result));
+		return false;
+	}
+
+	TEST_STRING_EQUAL(info->all.name, group->group_name);
+	TEST_INT_EQUAL(info->all.attributes, group->attributes);
+	TEST_STRING_EQUAL(info->all.description, group->description);
+	return ret;
+}
+
+static bool samsync_handle_secret(struct torture_context *tctx,
+				  TALLOC_CTX *mem_ctx, struct samsync_state *samsync_state,
+				  int database_id, struct netr_DELTA_ENUM *delta)
+{
+	struct netr_DELTA_SECRET *secret = delta->delta_union.secret;
+	const char *name = delta->delta_id_union.name;
+	struct samsync_secret *nsec = talloc(samsync_state, struct samsync_secret);
+	struct samsync_secret *old = talloc(mem_ctx, struct samsync_secret);
+	struct lsa_QuerySecret q;
+	struct lsa_OpenSecret o;
+	struct policy_handle sec_handle;
+	struct lsa_DATA_BUF_PTR bufp1;
+	struct lsa_DATA_BUF_PTR bufp2;
+	NTTIME nsec_mtime;
+	NTTIME old_mtime;
+	bool ret = true;
+	DATA_BLOB lsa_blob1, lsa_blob_out, session_key;
+	NTSTATUS status;
+
+	nsec->name = talloc_strdup(nsec, name);
+	nsec->secret = data_blob_talloc(nsec, secret->current_cipher.cipher_data, secret->current_cipher.maxlen);
+	nsec->mtime = secret->current_cipher_set_time;
+
+	DLIST_ADD(samsync_state->secrets, nsec);
+
+	old->name = talloc_strdup(old, name);
+	old->secret = data_blob_const(secret->old_cipher.cipher_data, secret->old_cipher.maxlen);
+	old->mtime = secret->old_cipher_set_time;
+
+	o.in.handle = samsync_state->lsa_handle;
+	o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	o.in.name.string = name;
+	o.out.sec_handle = &sec_handle;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_lsa_OpenSecret_r(samsync_state->b_lsa, mem_ctx, &o),
+		"OpenSecret failed");
+	torture_assert_ntstatus_ok(tctx, o.out.result,
+		"OpenSecret failed");
+
+/*
+  We would like to do this, but it is NOT_SUPPORTED on win2k3
+  TEST_SEC_DESC_EQUAL(secret->sdbuf, lsa, &sec_handle);
+*/
+	status = dcerpc_fetch_session_key(samsync_state->p_lsa, &session_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "dcerpc_fetch_session_key failed - %s\n", nt_errstr(status));
+		return false;
+	}
+
+
+	ZERO_STRUCT(nsec_mtime);
+	ZERO_STRUCT(old_mtime);
+
+	/* fetch the secret back again */
+	q.in.sec_handle = &sec_handle;
+	q.in.new_val = &bufp1;
+	q.in.new_mtime = &nsec_mtime;
+	q.in.old_val = &bufp2;
+	q.in.old_mtime = &old_mtime;
+
+	bufp1.buf = NULL;
+	bufp2.buf = NULL;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_lsa_QuerySecret_r(samsync_state->b_lsa, mem_ctx, &q),
+		"QuerySecret failed");
+	if (NT_STATUS_EQUAL(NT_STATUS_ACCESS_DENIED, q.out.result)) {
+		/* some things are just off limits */
+		return true;
+	} else if (!NT_STATUS_IS_OK(q.out.result)) {
+		torture_comment(tctx, "QuerySecret failed - %s\n", nt_errstr(q.out.result));
+		return false;
+	}
+
+	if (q.out.old_val->buf == NULL) {
+		/* probably just not available due to ACLs */
+	} else {
+		lsa_blob1.data = q.out.old_val->buf->data;
+		lsa_blob1.length = q.out.old_val->buf->length;
+
+		status = sess_decrypt_blob(mem_ctx, &lsa_blob1, &session_key, &lsa_blob_out);
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_comment(tctx, "Failed to decrypt secrets OLD blob: %s\n", nt_errstr(status));
+			return false;
+		}
+
+		if (!q.out.old_mtime) {
+			torture_comment(tctx, "OLD mtime not available on LSA for secret %s\n", old->name);
+			ret = false;
+		}
+		if (old->mtime != *q.out.old_mtime) {
+			torture_comment(tctx, "OLD mtime on secret %s does not match between SAMSYNC (%s) and LSA (%s)\n",
+			       old->name, nt_time_string(mem_ctx, old->mtime),
+			       nt_time_string(mem_ctx, *q.out.old_mtime));
+			ret = false;
+		}
+
+		if (old->secret.length != lsa_blob_out.length) {
+			torture_comment(tctx, "Returned secret %s doesn't match: %d != %d\n",
+			       old->name, (int)old->secret.length, (int)lsa_blob_out.length);
+			ret = false;
+		} else if (memcmp(lsa_blob_out.data,
+			   old->secret.data, old->secret.length) != 0) {
+			torture_comment(tctx, "Returned secret %s doesn't match: \n",
+			       old->name);
+			DEBUG(1, ("SamSync Secret:\n"));
+			dump_data(1, old->secret.data, old->secret.length);
+			DEBUG(1, ("LSA Secret:\n"));
+			dump_data(1, lsa_blob_out.data, lsa_blob_out.length);
+			ret = false;
+		}
+
+	}
+
+	if (q.out.new_val->buf == NULL) {
+		/* probably just not available due to ACLs */
+	} else {
+		lsa_blob1.data = q.out.new_val->buf->data;
+		lsa_blob1.length = q.out.new_val->buf->length;
+
+		status = sess_decrypt_blob(mem_ctx, &lsa_blob1, &session_key, &lsa_blob_out);
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_comment(tctx, "Failed to decrypt secrets OLD blob\n");
+			return false;
+		}
+
+		if (!q.out.new_mtime) {
+			torture_comment(tctx, "NEW mtime not available on LSA for secret %s\n", nsec->name);
+			ret = false;
+		}
+		if (nsec->mtime != *q.out.new_mtime) {
+			torture_comment(tctx, "NEW mtime on secret %s does not match between SAMSYNC (%s) and LSA (%s)\n",
+			       nsec->name, nt_time_string(mem_ctx, nsec->mtime),
+			       nt_time_string(mem_ctx, *q.out.new_mtime));
+			ret = false;
+		}
+
+		if (nsec->secret.length != lsa_blob_out.length) {
+			torture_comment(tctx, "Returned secret %s doesn't match: %d != %d\n",
+			       nsec->name, (int)nsec->secret.length, (int)lsa_blob_out.length);
+			ret = false;
+		} else if (memcmp(lsa_blob_out.data,
+			   nsec->secret.data, nsec->secret.length) != 0) {
+			torture_comment(tctx, "Returned secret %s doesn't match: \n",
+			       nsec->name);
+			DEBUG(1, ("SamSync Secret:\n"));
+			dump_data(1, nsec->secret.data, nsec->secret.length);
+			DEBUG(1, ("LSA Secret:\n"));
+			dump_data(1, lsa_blob_out.data, lsa_blob_out.length);
+			ret = false;
+		}
+	}
+
+	return ret;
+}
+
+static bool samsync_handle_trusted_domain(struct torture_context *tctx,
+					  TALLOC_CTX *mem_ctx, struct samsync_state *samsync_state,
+					  int database_id, struct netr_DELTA_ENUM *delta)
+{
+	bool ret = true;
+	struct netr_DELTA_TRUSTED_DOMAIN *trusted_domain = delta->delta_union.trusted_domain;
+	struct dom_sid *dom_sid = delta->delta_id_union.sid;
+
+	struct samsync_trusted_domain *ndom = talloc(samsync_state, struct samsync_trusted_domain);
+	struct lsa_OpenTrustedDomain t;
+	struct policy_handle trustdom_handle;
+	struct lsa_QueryTrustedDomainInfo q;
+	union lsa_TrustedDomainInfo *info[9];
+	union lsa_TrustedDomainInfo *_info = NULL;
+	int levels [] = {1, 3, 8};
+	int i;
+
+	ndom->name = talloc_strdup(ndom, trusted_domain->domain_name.string);
+	ndom->sid = dom_sid_dup(ndom, dom_sid);
+
+	t.in.handle = samsync_state->lsa_handle;
+	t.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	t.in.sid = dom_sid;
+	t.out.trustdom_handle = &trustdom_handle;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_lsa_OpenTrustedDomain_r(samsync_state->b_lsa, mem_ctx, &t),
+		"OpenTrustedDomain failed");
+	torture_assert_ntstatus_ok(tctx, t.out.result,
+		"OpenTrustedDomain failed");
+
+	for (i=0; i< ARRAY_SIZE(levels); i++) {
+		q.in.trustdom_handle = &trustdom_handle;
+		q.in.level = levels[i];
+		q.out.info = &_info;
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_lsa_QueryTrustedDomainInfo_r(samsync_state->b_lsa, mem_ctx, &q),
+			"QueryTrustedDomainInfo failed");
+		if (!NT_STATUS_IS_OK(q.out.result)) {
+			if (q.in.level == 8 && NT_STATUS_EQUAL(q.out.result, NT_STATUS_INVALID_PARAMETER)) {
+				info[levels[i]] = NULL;
+				continue;
+			}
+			torture_comment(tctx, "QueryInfoTrustedDomain level %d failed - %s\n",
+			       levels[i], nt_errstr(q.out.result));
+			return false;
+		}
+		info[levels[i]]  = _info;
+	}
+
+	if (info[8]) {
+		TEST_SID_EQUAL(info[8]->full_info.info_ex.sid, dom_sid);
+		TEST_STRING_EQUAL(info[8]->full_info.info_ex.netbios_name, trusted_domain->domain_name);
+	}
+	TEST_STRING_EQUAL(info[1]->name.netbios_name, trusted_domain->domain_name);
+	TEST_INT_EQUAL(info[3]->posix_offset.posix_offset, trusted_domain->posix_offset);
+/*
+  We would like to do this, but it is NOT_SUPPORTED on win2k3
+	TEST_SEC_DESC_EQUAL(trusted_domain->sdbuf, lsa, &trustdom_handle);
+*/
+	DLIST_ADD(samsync_state->trusted_domains, ndom);
+
+	return ret;
+}
+
+static bool samsync_handle_account(struct torture_context *tctx,
+				   TALLOC_CTX *mem_ctx, struct samsync_state *samsync_state,
+					  int database_id, struct netr_DELTA_ENUM *delta)
+{
+	bool ret = true;
+	struct netr_DELTA_ACCOUNT *account = delta->delta_union.account;
+	struct dom_sid *dom_sid = delta->delta_id_union.sid;
+
+	struct lsa_OpenAccount a;
+	struct policy_handle acct_handle;
+	struct lsa_EnumPrivsAccount e;
+	struct lsa_PrivilegeSet *privs = NULL;
+	struct lsa_LookupPrivName r;
+
+	int i, j;
+
+	bool *found_priv_in_lsa;
+
+	a.in.handle = samsync_state->lsa_handle;
+	a.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	a.in.sid = dom_sid;
+	a.out.acct_handle = &acct_handle;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_lsa_OpenAccount_r(samsync_state->b_lsa, mem_ctx, &a),
+		"OpenAccount failed");
+	torture_assert_ntstatus_ok(tctx, a.out.result,
+		"OpenAccount failed");
+
+	TEST_SEC_DESC_EQUAL(account->sdbuf, lsa, &acct_handle);
+
+	found_priv_in_lsa = talloc_zero_array(mem_ctx, bool, account->privilege_entries);
+
+	e.in.handle = &acct_handle;
+	e.out.privs = &privs;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_lsa_EnumPrivsAccount_r(samsync_state->b_lsa, mem_ctx, &e),
+		"EnumPrivsAccount failed");
+	torture_assert_ntstatus_ok(tctx, e.out.result,
+		"EnumPrivsAccount failed");
+
+	if ((account->privilege_entries && !privs)) {
+		torture_comment(tctx, "Account %s has privileges in SamSync, but not LSA\n",
+		       dom_sid_string(mem_ctx, dom_sid));
+		return false;
+	}
+
+	if (!account->privilege_entries && privs && privs->count) {
+		torture_comment(tctx, "Account %s has privileges in LSA, but not SamSync\n",
+		       dom_sid_string(mem_ctx, dom_sid));
+		return false;
+	}
+
+	TEST_INT_EQUAL(account->privilege_entries, privs->count);
+
+	for (i=0;i< privs->count; i++) {
+
+		struct lsa_StringLarge *name = NULL;
+
+		r.in.handle = samsync_state->lsa_handle;
+		r.in.luid = &privs->set[i].luid;
+		r.out.name = &name;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_lsa_LookupPrivName_r(samsync_state->b_lsa, mem_ctx, &r),
+			"\nLookupPrivName failed");
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"\nLookupPrivName failed");
+
+		if (!r.out.name) {
+			torture_comment(tctx, "\nLookupPrivName failed to return a name\n");
+			return false;
+		}
+		for (j=0;j<account->privilege_entries; j++) {
+			if (strcmp(name->string, account->privilege_name[j].string) == 0) {
+				found_priv_in_lsa[j] = true;
+				break;
+			}
+		}
+	}
+	for (j=0;j<account->privilege_entries; j++) {
+		if (!found_priv_in_lsa[j]) {
+			torture_comment(tctx, "Privilege %s on account %s not found in LSA\n", account->privilege_name[j].string,
+			       dom_sid_string(mem_ctx, dom_sid));
+			ret = false;
+		}
+	}
+	return ret;
+}
+
+/*
+  try a netlogon DatabaseSync
+*/
+static bool test_DatabaseSync(struct torture_context *tctx,
+							  struct samsync_state *samsync_state,
+							  TALLOC_CTX *mem_ctx)
+{
+	TALLOC_CTX *loop_ctx, *delta_ctx, *trustdom_ctx;
+	struct netr_DatabaseSync r;
+	const enum netr_SamDatabaseID database_ids[] = {SAM_DATABASE_DOMAIN, SAM_DATABASE_BUILTIN, SAM_DATABASE_PRIVS};
+	int i, d;
+	bool ret = true;
+	struct samsync_trusted_domain *t;
+	struct samsync_secret *s;
+	struct netr_Authenticator return_authenticator, credential;
+	struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
+
+	const char *domain, *username;
+
+	ZERO_STRUCT(return_authenticator);
+
+	r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(samsync_state->p));
+	r.in.computername = TEST_MACHINE_NAME;
+	r.in.preferredmaximumlength = (uint32_t)-1;
+	r.in.return_authenticator = &return_authenticator;
+	r.out.return_authenticator = &return_authenticator;
+	r.out.delta_enum_array = &delta_enum_array;
+
+	for (i=0;i<ARRAY_SIZE(database_ids);i++) {
+
+		uint32_t sync_context = 0;
+
+		r.in.database_id = database_ids[i];
+		r.in.sync_context = &sync_context;
+		r.out.sync_context = &sync_context;
+
+		torture_comment(tctx, "Testing DatabaseSync of id %d\n", r.in.database_id);
+
+		do {
+			loop_ctx = talloc_named(mem_ctx, 0, "DatabaseSync loop context");
+			netlogon_creds_client_authenticator(samsync_state->creds, &credential);
+
+			r.in.credential = &credential;
+
+			torture_assert_ntstatus_ok(tctx,
+				dcerpc_netr_DatabaseSync_r(samsync_state->b, loop_ctx, &r),
+				"DatabaseSync failed");
+			if (!NT_STATUS_IS_OK(r.out.result) &&
+			    !NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES)) {
+				torture_comment(tctx, "DatabaseSync - %s\n", nt_errstr(r.out.result));
+				ret = false;
+				break;
+			}
+
+			if (!netlogon_creds_client_check(samsync_state->creds, &r.out.return_authenticator->cred)) {
+				torture_comment(tctx, "Credential chaining failed\n");
+			}
+
+			r.in.sync_context = r.out.sync_context;
+
+			for (d=0; d < delta_enum_array->num_deltas; d++) {
+				delta_ctx = talloc_named(loop_ctx, 0, "DatabaseSync delta context");
+
+				if (!NT_STATUS_IS_OK(samsync_fix_delta(delta_ctx, samsync_state->creds,
+								       r.in.database_id,
+								       &delta_enum_array->delta_enum[d]))) {
+					torture_comment(tctx, "Failed to decrypt delta\n");
+					ret = false;
+				}
+
+				switch (delta_enum_array->delta_enum[d].delta_type) {
+				case NETR_DELTA_DOMAIN:
+					if (!samsync_handle_domain(tctx, delta_ctx, samsync_state,
+								   r.in.database_id, &delta_enum_array->delta_enum[d])) {
+						torture_comment(tctx, "Failed to handle DELTA_DOMAIN\n");
+						ret = false;
+					}
+					break;
+				case NETR_DELTA_GROUP:
+					if (!samsync_handle_group(tctx, delta_ctx, samsync_state,
+								  r.in.database_id, &delta_enum_array->delta_enum[d])) {
+						torture_comment(tctx, "Failed to handle DELTA_USER\n");
+						ret = false;
+					}
+					break;
+				case NETR_DELTA_USER:
+					if (!samsync_handle_user(tctx, delta_ctx, samsync_state,
+								 r.in.database_id, &delta_enum_array->delta_enum[d])) {
+						torture_comment(tctx, "Failed to handle DELTA_USER\n");
+						ret = false;
+					}
+					break;
+				case NETR_DELTA_ALIAS:
+					if (!samsync_handle_alias(tctx, delta_ctx, samsync_state,
+								  r.in.database_id, &delta_enum_array->delta_enum[d])) {
+						torture_comment(tctx, "Failed to handle DELTA_ALIAS\n");
+						ret = false;
+					}
+					break;
+				case NETR_DELTA_POLICY:
+					if (!samsync_handle_policy(tctx, delta_ctx, samsync_state,
+								   r.in.database_id, &delta_enum_array->delta_enum[d])) {
+						torture_comment(tctx, "Failed to handle DELTA_POLICY\n");
+						ret = false;
+					}
+					break;
+				case NETR_DELTA_TRUSTED_DOMAIN:
+					if (!samsync_handle_trusted_domain(tctx, delta_ctx, samsync_state,
+									   r.in.database_id, &delta_enum_array->delta_enum[d])) {
+						torture_comment(tctx, "Failed to handle DELTA_TRUSTED_DOMAIN\n");
+						ret = false;
+					}
+					break;
+				case NETR_DELTA_ACCOUNT:
+					if (!samsync_handle_account(tctx, delta_ctx, samsync_state,
+								    r.in.database_id, &delta_enum_array->delta_enum[d])) {
+						torture_comment(tctx, "Failed to handle DELTA_ACCOUNT\n");
+						ret = false;
+					}
+					break;
+				case NETR_DELTA_SECRET:
+					if (!samsync_handle_secret(tctx, delta_ctx, samsync_state,
+								   r.in.database_id, &delta_enum_array->delta_enum[d])) {
+						torture_comment(tctx, "Failed to handle DELTA_SECRET\n");
+						ret = false;
+					}
+					break;
+				case NETR_DELTA_GROUP_MEMBER:
+				case NETR_DELTA_ALIAS_MEMBER:
+					/* These are harder to cross-check, and we expect them */
+					break;
+				case NETR_DELTA_DELETE_GROUP:
+				case NETR_DELTA_RENAME_GROUP:
+				case NETR_DELTA_DELETE_USER:
+				case NETR_DELTA_RENAME_USER:
+				case NETR_DELTA_DELETE_ALIAS:
+				case NETR_DELTA_RENAME_ALIAS:
+				case NETR_DELTA_DELETE_TRUST:
+				case NETR_DELTA_DELETE_ACCOUNT:
+				case NETR_DELTA_DELETE_SECRET:
+				case NETR_DELTA_DELETE_GROUP2:
+				case NETR_DELTA_DELETE_USER2:
+				case NETR_DELTA_MODIFY_COUNT:
+				default:
+					torture_comment(tctx, "Uxpected delta type %d\n", delta_enum_array->delta_enum[d].delta_type);
+					ret = false;
+					break;
+				}
+				talloc_free(delta_ctx);
+			}
+			talloc_free(loop_ctx);
+		} while (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES));
+
+	}
+
+	domain = samsync_state->domain_name[SAM_DATABASE_DOMAIN];
+	if (!domain) {
+		torture_comment(tctx, "Never got a DOMAIN object in samsync!\n");
+		return false;
+	}
+
+	trustdom_ctx = talloc_named(mem_ctx, 0, "test_DatabaseSync Trusted domains context");
+
+	username = talloc_asprintf(trustdom_ctx, "%s$", domain);
+	for (t=samsync_state->trusted_domains; t; t=t->next) {
+		char *secret_name = talloc_asprintf(trustdom_ctx, "G$$%s", t->name);
+		for (s=samsync_state->secrets; s; s=s->next) {
+			if (strcasecmp_m(s->name, secret_name) == 0) {
+				NTSTATUS nt_status;
+				struct samr_Password nt_hash;
+				mdfour(nt_hash.hash, s->secret.data, s->secret.length);
+
+				torture_comment(tctx, "Checking password for %s\\%s\n", t->name, username);
+				nt_status = test_SamLogon(tctx,
+							  samsync_state->p_netlogon_wksta, trustdom_ctx, samsync_state->creds_netlogon_wksta,
+							  t->name,
+							  username,
+							  TEST_WKSTA_MACHINE_NAME,
+							  NULL,
+							  &nt_hash,
+							  NULL);
+				if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_LOGON_SERVERS)) {
+					torture_comment(tctx, "Verifiction of trust password to %s failed: %s (the trusted domain is not available)\n",
+					       t->name, nt_errstr(nt_status));
+
+					break;
+				}
+				if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT)) {
+					torture_comment(tctx, "Verifiction of trust password to %s: should have failed (nologon interdomain trust account), instead: %s\n",
+					       t->name, nt_errstr(nt_status));
+					ret = false;
+				}
+
+				/* break it */
+				nt_hash.hash[0]++;
+				nt_status = test_SamLogon(tctx,
+							  samsync_state->p_netlogon_wksta, trustdom_ctx, samsync_state->creds_netlogon_wksta,
+							  t->name,
+							  username,
+							  TEST_WKSTA_MACHINE_NAME,
+							  NULL,
+							  &nt_hash,
+							  NULL);
+
+				if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD)) {
+					torture_comment(tctx, "Verifiction of trust password to %s: should have failed (wrong password), instead: %s\n",
+					       t->name, nt_errstr(nt_status));
+					ret = false;
+				}
+
+				break;
+			}
+		}
+	}
+	talloc_free(trustdom_ctx);
+	return ret;
+}
+
+
+/*
+  try a netlogon DatabaseDeltas
+*/
+static bool test_DatabaseDeltas(struct torture_context *tctx,
+				struct samsync_state *samsync_state, TALLOC_CTX *mem_ctx)
+{
+	TALLOC_CTX *loop_ctx;
+	struct netr_DatabaseDeltas r;
+	struct netr_Authenticator credential;
+	struct netr_Authenticator return_authenticator;
+	struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
+	const uint32_t database_ids[] = {0, 1, 2};
+	int i;
+	bool ret = true;
+
+	ZERO_STRUCT(return_authenticator);
+
+	r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(samsync_state->p));
+	r.in.computername = TEST_MACHINE_NAME;
+	r.in.credential = &credential;
+	r.in.preferredmaximumlength = (uint32_t)-1;
+	r.in.return_authenticator = &return_authenticator;
+	r.out.return_authenticator = &return_authenticator;
+	r.out.delta_enum_array = &delta_enum_array;
+
+	for (i=0;i<ARRAY_SIZE(database_ids);i++) {
+
+		uint64_t seq_num = samsync_state->seq_num[i];
+
+		r.in.database_id = database_ids[i];
+		r.in.sequence_num = &seq_num;
+		r.out.sequence_num = &seq_num;
+
+		if (seq_num == 0) continue;
+
+		/* this shows that the bdc doesn't need to do a single call for
+		 * each seqnumber, and the pdc doesn't need to know about old values
+		 * -- metze
+		 */
+		seq_num -= 10;
+
+		torture_comment(tctx, "Testing DatabaseDeltas of id %d at %llu\n",
+		       r.in.database_id, (long long)seq_num);
+
+		do {
+			loop_ctx = talloc_named(mem_ctx, 0, "test_DatabaseDeltas loop context");
+			netlogon_creds_client_authenticator(samsync_state->creds, &credential);
+
+			torture_assert_ntstatus_ok(tctx,
+				dcerpc_netr_DatabaseDeltas_r(samsync_state->b, loop_ctx, &r),
+				"DatabaseDeltas failed");
+			if (!NT_STATUS_IS_OK(r.out.result) &&
+			    !NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES) &&
+			    !NT_STATUS_EQUAL(r.out.result, NT_STATUS_SYNCHRONIZATION_REQUIRED)) {
+				torture_comment(tctx, "DatabaseDeltas - %s\n", nt_errstr(r.out.result));
+				ret = false;
+			}
+
+			if (!netlogon_creds_client_check(samsync_state->creds, &return_authenticator.cred)) {
+				torture_comment(tctx, "Credential chaining failed\n");
+			}
+
+			seq_num++;
+			talloc_free(loop_ctx);
+		} while (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES));
+	}
+
+	return ret;
+}
+
+
+/*
+  try a netlogon DatabaseSync2
+*/
+static bool test_DatabaseSync2(struct torture_context *tctx,
+			       struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+			       struct netlogon_creds_CredentialState *creds)
+{
+	TALLOC_CTX *loop_ctx;
+	struct netr_DatabaseSync2 r;
+	const uint32_t database_ids[] = {0, 1, 2};
+	int i;
+	bool ret = true;
+	struct netr_Authenticator return_authenticator, credential;
+	struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	ZERO_STRUCT(return_authenticator);
+
+	r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.computername = TEST_MACHINE_NAME;
+	r.in.preferredmaximumlength = (uint32_t)-1;
+	r.in.return_authenticator = &return_authenticator;
+	r.out.return_authenticator = &return_authenticator;
+	r.out.delta_enum_array = &delta_enum_array;
+
+	for (i=0;i<ARRAY_SIZE(database_ids);i++) {
+
+		uint32_t sync_context = 0;
+
+		r.in.database_id = database_ids[i];
+		r.in.sync_context = &sync_context;
+		r.out.sync_context = &sync_context;
+		r.in.restart_state = 0;
+
+		torture_comment(tctx, "Testing DatabaseSync2 of id %d\n", r.in.database_id);
+
+		do {
+			loop_ctx = talloc_named(mem_ctx, 0, "test_DatabaseSync2 loop context");
+			netlogon_creds_client_authenticator(creds, &credential);
+
+			r.in.credential = &credential;
+
+			torture_assert_ntstatus_ok(tctx,
+				dcerpc_netr_DatabaseSync2_r(b, loop_ctx, &r),
+				"DatabaseSync2 failed");
+			if (!NT_STATUS_IS_OK(r.out.result) &&
+			    !NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES)) {
+				torture_comment(tctx, "DatabaseSync2 - %s\n", nt_errstr(r.out.result));
+				ret = false;
+			}
+
+			if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
+				torture_comment(tctx, "Credential chaining failed\n");
+			}
+
+			talloc_free(loop_ctx);
+		} while (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES));
+	}
+
+	return ret;
+}
+
+
+
+bool torture_rpc_samsync(struct torture_context *torture)
+{
+        NTSTATUS status;
+	TALLOC_CTX *mem_ctx;
+	bool ret = true;
+	struct test_join *join_ctx;
+	struct test_join *join_ctx2;
+	struct test_join *user_ctx;
+	const char *machine_password;
+	const char *wksta_machine_password;
+	struct dcerpc_binding *b;
+	struct dcerpc_binding *b_netlogon_wksta;
+	struct samr_Connect c;
+	struct samr_SetDomainInfo s;
+	struct policy_handle *domain_policy;
+
+	struct lsa_ObjectAttribute attr;
+	struct lsa_QosInfo qos;
+	struct lsa_OpenPolicy2 r;
+	struct cli_credentials *credentials;
+	struct cli_credentials *credentials_wksta;
+
+	struct samsync_state *samsync_state;
+
+	char *test_machine_account;
+
+	char *test_wksta_machine_account;
+
+	mem_ctx = talloc_init("torture_rpc_netlogon");
+
+	test_machine_account = talloc_asprintf(mem_ctx, "%s$", TEST_MACHINE_NAME);
+	join_ctx = torture_create_testuser(torture, test_machine_account,
+					   lpcfg_workgroup(torture->lp_ctx), ACB_SVRTRUST,
+					   &machine_password);
+	if (!join_ctx) {
+		talloc_free(mem_ctx);
+		torture_comment(torture, "Failed to join as BDC\n");
+		return false;
+	}
+
+	test_wksta_machine_account = talloc_asprintf(mem_ctx, "%s$", TEST_WKSTA_MACHINE_NAME);
+	join_ctx2 = torture_create_testuser(torture, test_wksta_machine_account, lpcfg_workgroup(torture->lp_ctx), ACB_WSTRUST, &wksta_machine_password);
+	if (!join_ctx2) {
+		talloc_free(mem_ctx);
+		torture_comment(torture, "Failed to join as member\n");
+		return false;
+	}
+
+	user_ctx = torture_create_testuser(torture, TEST_USER_NAME,
+					   lpcfg_workgroup(torture->lp_ctx),
+					   ACB_NORMAL, NULL);
+	if (!user_ctx) {
+		talloc_free(mem_ctx);
+		torture_comment(torture, "Failed to create test account\n");
+		return false;
+	}
+
+	samsync_state = talloc_zero(mem_ctx, struct samsync_state);
+
+	samsync_state->p_samr = torture_join_samr_pipe(join_ctx);
+	samsync_state->b_samr = samsync_state->p_samr->binding_handle;
+	samsync_state->connect_handle = talloc_zero(samsync_state, struct policy_handle);
+	samsync_state->lsa_handle = talloc_zero(samsync_state, struct policy_handle);
+	c.in.system_name = NULL;
+	c.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	c.out.connect_handle = samsync_state->connect_handle;
+
+	torture_assert_ntstatus_ok_goto(torture,
+		dcerpc_samr_Connect_r(samsync_state->b_samr, mem_ctx, &c),
+		ret, failed,
+		"samr_Connect failed");
+	torture_assert_ntstatus_ok_goto(torture, c.out.result,
+		ret, failed,
+		"samr_Connect failed");
+
+	domain_policy = samsync_open_domain(torture, mem_ctx, samsync_state, lpcfg_workgroup(torture->lp_ctx), NULL);
+	if (!domain_policy) {
+		torture_comment(torture, "samrsync_open_domain failed\n");
+		ret = false;
+		goto failed;
+	}
+
+	s.in.domain_handle = domain_policy;
+	s.in.level = 4;
+	s.in.info = talloc(mem_ctx, union samr_DomainInfo);
+
+	s.in.info->oem.oem_information.string
+		= talloc_asprintf(mem_ctx,
+				  "Tortured by Samba4: %s",
+				  timestring(mem_ctx, time(NULL)));
+	torture_assert_ntstatus_ok_goto(torture,
+		dcerpc_samr_SetDomainInfo_r(samsync_state->b_samr, mem_ctx, &s),
+		ret, failed,
+		"SetDomainInfo failed");
+
+	if (!test_samr_handle_Close(samsync_state->b_samr, torture, domain_policy)) {
+		ret = false;
+		goto failed;
+	}
+
+	torture_assert_ntstatus_ok_goto(torture, s.out.result,
+		ret, failed,
+		talloc_asprintf(torture, "SetDomainInfo level %u failed", s.in.level));
+
+	status = torture_rpc_connection(torture,
+					&samsync_state->p_lsa,
+					&ndr_table_lsarpc);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		ret = false;
+		goto failed;
+	}
+	samsync_state->b_lsa = samsync_state->p_lsa->binding_handle;
+
+	qos.len = 0;
+	qos.impersonation_level = 2;
+	qos.context_mode = 1;
+	qos.effective_only = 0;
+
+	attr.len = 0;
+	attr.root_dir = NULL;
+	attr.object_name = NULL;
+	attr.attributes = 0;
+	attr.sec_desc = NULL;
+	attr.sec_qos = &qos;
+
+	r.in.system_name = "\\";
+	r.in.attr = &attr;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.handle = samsync_state->lsa_handle;
+
+	torture_assert_ntstatus_ok_goto(torture,
+		dcerpc_lsa_OpenPolicy2_r(samsync_state->b_lsa, mem_ctx, &r),
+		ret, failed,
+		"OpenPolicy2 failed");
+	torture_assert_ntstatus_ok_goto(torture, r.out.result,
+		ret, failed,
+		"OpenPolicy2 failed");
+
+	status = torture_rpc_binding(torture, &b);
+	if (!NT_STATUS_IS_OK(status)) {
+		ret = false;
+		goto failed;
+	}
+
+	status = dcerpc_binding_set_flags(b,
+					  DCERPC_SCHANNEL | DCERPC_SIGN,
+					  DCERPC_AUTH_OPTIONS);
+	torture_assert_ntstatus_ok(torture, status, "set flags");
+
+	credentials = cli_credentials_init(mem_ctx);
+
+	cli_credentials_set_workstation(credentials, TEST_MACHINE_NAME, CRED_SPECIFIED);
+	cli_credentials_set_domain(credentials, lpcfg_workgroup(torture->lp_ctx), CRED_SPECIFIED);
+	cli_credentials_set_username(credentials, test_machine_account, CRED_SPECIFIED);
+	cli_credentials_set_password(credentials, machine_password, CRED_SPECIFIED);
+	cli_credentials_set_secure_channel_type(credentials,
+						SEC_CHAN_BDC);
+
+	status = dcerpc_pipe_connect_b(samsync_state,
+				       &samsync_state->p, b,
+					   &ndr_table_netlogon,
+				       credentials, torture->ev, torture->lp_ctx);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(torture, "Failed to connect to server as a BDC: %s\n", nt_errstr(status));
+		ret = false;
+		goto failed;
+	}
+	samsync_state->b = samsync_state->p->binding_handle;
+
+	samsync_state->creds = cli_credentials_get_netlogon_creds(credentials);
+	if (samsync_state->creds == NULL) {
+		ret = false;
+	}
+
+
+
+	status = torture_rpc_binding(torture, &b_netlogon_wksta);
+	if (!NT_STATUS_IS_OK(status)) {
+		ret = false;
+		goto failed;
+	}
+
+	status = dcerpc_binding_set_flags(b_netlogon_wksta,
+					  DCERPC_SCHANNEL | DCERPC_SIGN,
+					  DCERPC_AUTH_OPTIONS);
+	torture_assert_ntstatus_ok(torture, status, "set flags");
+
+	credentials_wksta = cli_credentials_init(mem_ctx);
+
+	cli_credentials_set_workstation(credentials_wksta, TEST_WKSTA_MACHINE_NAME, CRED_SPECIFIED);
+	cli_credentials_set_domain(credentials_wksta, lpcfg_workgroup(torture->lp_ctx), CRED_SPECIFIED);
+	cli_credentials_set_username(credentials_wksta, test_wksta_machine_account, CRED_SPECIFIED);
+	cli_credentials_set_password(credentials_wksta, wksta_machine_password, CRED_SPECIFIED);
+	cli_credentials_set_secure_channel_type(credentials_wksta,
+						SEC_CHAN_WKSTA);
+
+	status = dcerpc_pipe_connect_b(samsync_state,
+				       &samsync_state->p_netlogon_wksta,
+				       b_netlogon_wksta,
+					   &ndr_table_netlogon,
+				       credentials_wksta, torture->ev, torture->lp_ctx);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(torture, "Failed to connect to server as a Workstation: %s\n", nt_errstr(status));
+		ret = false;
+		goto failed;
+	}
+
+	samsync_state->creds_netlogon_wksta = cli_credentials_get_netlogon_creds(credentials_wksta);
+	if (samsync_state->creds_netlogon_wksta == NULL) {
+		torture_comment(torture, "Failed to obtail schanel creds!\n");
+		ret = false;
+	}
+
+	if (!test_DatabaseSync(torture, samsync_state, mem_ctx)) {
+		torture_comment(torture, "DatabaseSync failed\n");
+		ret = false;
+	}
+
+	if (!test_DatabaseDeltas(torture, samsync_state, mem_ctx)) {
+		torture_comment(torture, "DatabaseDeltas failed\n");
+		ret = false;
+	}
+
+	if (!test_DatabaseSync2(torture, samsync_state->p, mem_ctx, samsync_state->creds)) {
+		torture_comment(torture, "DatabaseSync2 failed\n");
+		ret = false;
+	}
+failed:
+
+	torture_leave_domain(torture, join_ctx);
+	torture_leave_domain(torture, join_ctx2);
+	torture_leave_domain(torture, user_ctx);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
diff --git a/source4/torture/rpc/scanner.c b/source4/torture/rpc/scanner.c
new file mode 100644
index 0000000..261c3b9
--- /dev/null
+++ b/source4/torture/rpc/scanner.c
@@ -0,0 +1,187 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   scanner for rpc calls
+
+   Copyright (C) Andrew Tridgell 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_mgmt_c.h"
+#include "librpc/ndr/ndr_table.h"
+#include "torture/rpc/torture_rpc.h"
+#include "param/param.h"
+
+/*
+  work out how many calls there are for an interface
+ */
+static bool test_num_calls(struct torture_context *tctx, 
+			   const struct ndr_interface_table *iface,
+			   TALLOC_CTX *mem_ctx,
+			   struct ndr_syntax_id *id)
+{
+	struct dcerpc_pipe *p;
+	NTSTATUS status;
+	unsigned int i;
+	DATA_BLOB stub_in, stub_out;
+	struct ndr_interface_table _tbl;
+	const struct ndr_interface_table *tbl;
+
+	/* FIXME: This should be fixed when torture_rpc_connection 
+	 * takes a ndr_syntax_id */
+	tbl = ndr_table_by_syntax(id);
+	if (tbl == NULL) {
+		_tbl = *iface;
+		_tbl.name = "__unknown__";
+		_tbl.syntax_id = *id;
+		_tbl.num_calls = UINT32_MAX;
+		tbl = &_tbl;
+	}
+
+	status = torture_rpc_connection(tctx, &p, tbl);
+	if (!NT_STATUS_IS_OK(status)) {
+		char *uuid_str = GUID_string(mem_ctx, &id->uuid);
+		printf("Failed to connect to '%s' on '%s' - %s\n", 
+		       uuid_str, iface->name, nt_errstr(status));
+		talloc_free(uuid_str);
+		return true;
+	}
+
+	/* make null calls */
+	stub_in = data_blob_talloc(mem_ctx, NULL, 1000);
+	memset(stub_in.data, 0xFF, stub_in.length);
+
+	for (i=0;i<200;i++) {
+		bool ok;
+		uint32_t out_flags = 0;
+
+		status = dcerpc_binding_handle_raw_call(p->binding_handle,
+							NULL, i,
+							0, /* in_flags */
+							stub_in.data,
+							stub_in.length,
+							mem_ctx,
+							&stub_out.data,
+							&stub_out.length,
+							&out_flags);
+		ok = dcerpc_binding_handle_is_connected(p->binding_handle);
+		if (!ok) {
+			printf("\tpipe disconnected at %u\n", i);
+			goto done;
+		}
+
+		if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) {
+			break;
+		}
+
+		if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+			printf("\taccess denied at %u\n", i);
+			goto done;
+		}
+
+		if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTOCOL_ERROR)) {
+			printf("\tprotocol error at %u\n", i);
+		}
+	}
+
+	printf("\t%d calls available\n", i);
+	if (tbl->num_calls == UINT32_MAX) {
+		printf("\tinterface not known in local IDL\n");
+	} else if (tbl->num_calls != i) {
+		printf("\tWARNING: local IDL defines %u calls\n",
+			(unsigned int)tbl->num_calls);
+	} else {
+		printf("\tOK: matches num_calls in local IDL\n");
+	}
+
+done:
+	talloc_free(p);
+	return true;
+}
+
+
+
+bool torture_rpc_scanner(struct torture_context *torture)
+{
+        NTSTATUS status;
+        struct dcerpc_pipe *p;
+	TALLOC_CTX *loop_ctx;
+	bool ret = true;
+	const struct ndr_interface_list *l;
+	struct dcerpc_binding *b;
+	enum dcerpc_transport_t transport;
+
+	status = torture_rpc_binding(torture, &b);
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+	transport = dcerpc_binding_get_transport(b);
+
+	for (l=ndr_table_list();l;l=l->next) {		
+		loop_ctx = talloc_named(torture, 0, "torture_rpc_scanner loop context");
+		/* some interfaces are not mappable */
+		if (l->table->num_calls == 0 ||
+		    strcmp(l->table->name, "mgmt") == 0) {
+			talloc_free(loop_ctx);
+			continue;
+		}
+
+		printf("\nTesting pipe '%s'\n", l->table->name);
+
+		if (transport == NCACN_IP_TCP) {
+			status = dcerpc_epm_map_binding(torture, b, l->table,
+							torture->ev,
+							torture->lp_ctx);
+			if (!NT_STATUS_IS_OK(status)) {
+				printf("Failed to map port for uuid %s\n", 
+					   GUID_string(loop_ctx, &l->table->syntax_id.uuid));
+				talloc_free(loop_ctx);
+				continue;
+			}
+		} else {
+			status = dcerpc_binding_set_string_option(b, "endpoint",
+								  l->table->name);
+			if (!NT_STATUS_IS_OK(status)) {
+				talloc_free(loop_ctx);
+				ret = false;
+				continue;
+			}
+			status = dcerpc_binding_set_abstract_syntax(b,
+							&l->table->syntax_id);
+			if (!NT_STATUS_IS_OK(status)) {
+				talloc_free(loop_ctx);
+				ret = false;
+				continue;
+			}
+		}
+
+		lpcfg_set_cmdline(torture->lp_ctx, "torture:binding", dcerpc_binding_string(torture, b));
+
+		status = torture_rpc_connection(torture, &p, &ndr_table_mgmt);
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(loop_ctx);
+			ret = false;
+			continue;
+		}
+	
+		if (!test_inq_if_ids(torture, p->binding_handle, torture, test_num_calls, l->table)) {
+			ret = false;
+		}
+	}
+
+	return ret;
+}
+
diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c
new file mode 100644
index 0000000..d6dca36
--- /dev/null
+++ b/source4/torture/rpc/schannel.c
@@ -0,0 +1,1338 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   test suite for schannel operations
+
+   Copyright (C) Andrew Tridgell 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_netlogon_c.h"
+#include "librpc/gen_ndr/ndr_lsa_c.h"
+#include "librpc/gen_ndr/ndr_samr_c.h"
+#include "auth/credentials/credentials.h"
+#include "auth/credentials/credentials_krb5.h"
+#include "torture/rpc/torture_rpc.h"
+#include "lib/cmdline/cmdline.h"
+#include "../libcli/auth/schannel.h"
+#include "libcli/auth/libcli_auth.h"
+#include "libcli/security/security.h"
+#include "system/filesys.h"
+#include "param/param.h"
+#include "librpc/rpc/dcerpc_proto.h"
+#include "libcli/composite/composite.h"
+#include "lib/events/events.h"
+
+#define TEST_MACHINE_NAME "schannel"
+
+/*
+  try a netlogon SamLogon
+*/
+bool test_netlogon_ex_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
+			  struct cli_credentials *credentials,
+			  struct netlogon_creds_CredentialState *creds)
+{
+	NTSTATUS status;
+	struct netr_LogonSamLogonEx r;
+	struct netr_NetworkInfo ninfo;
+	union netr_LogonLevel logon;
+	union netr_Validation validation;
+	uint8_t authoritative = 1;
+	uint32_t _flags = 0;
+	DATA_BLOB names_blob, chal, lm_resp, nt_resp;
+	int i;
+	int flags = CLI_CRED_NTLM_AUTH;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	struct netr_UserSessionKey key;
+	struct netr_LMSessionKey LMSessKey;
+	uint32_t validation_levels[] = { 2, 3 };
+	struct netr_SamBaseInfo *base = NULL;
+	const char *crypto_alg = "";
+	bool can_do_validation_6 = true;
+	enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
+
+	if (lpcfg_client_lanman_auth(tctx->lp_ctx)) {
+		flags |= CLI_CRED_LANMAN_AUTH;
+	}
+
+	if (lpcfg_client_ntlmv2_auth(tctx->lp_ctx)) {
+		flags |= CLI_CRED_NTLMv2_AUTH;
+	}
+
+	cli_credentials_get_ntlm_username_domain(samba_cmdline_get_creds(),
+				tctx,
+				&ninfo.identity_info.account_name.string,
+				&ninfo.identity_info.domain_name.string);
+
+	generate_random_buffer(ninfo.challenge,
+			       sizeof(ninfo.challenge));
+	chal = data_blob_const(ninfo.challenge,
+			       sizeof(ninfo.challenge));
+
+	names_blob = NTLMv2_generate_names_blob(tctx, cli_credentials_get_workstation(credentials),
+						cli_credentials_get_domain(credentials));
+
+	status = cli_credentials_get_ntlm_response(
+			samba_cmdline_get_creds(),
+			tctx,
+			&flags,
+			chal,
+			NULL, /* server_timestamp */
+			names_blob,
+			&lm_resp, &nt_resp,
+			NULL, NULL);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "cli_credentials_get_ntlm_response failed");
+
+	ninfo.lm.data = lm_resp.data;
+	ninfo.lm.length = lm_resp.length;
+
+	ninfo.nt.data = nt_resp.data;
+	ninfo.nt.length = nt_resp.length;
+
+	ninfo.identity_info.parameter_control = 0;
+	ninfo.identity_info.logon_id = 0;
+	ninfo.identity_info.workstation.string = cli_credentials_get_workstation(credentials);
+
+	logon.network = &ninfo;
+
+	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.computer_name = cli_credentials_get_workstation(credentials);
+	r.in.logon_level = NetlogonNetworkInformation;
+	r.in.logon= &logon;
+	r.in.flags = &_flags;
+	r.out.validation = &validation;
+	r.out.authoritative = &authoritative;
+	r.out.flags = &_flags;
+
+	/*
+	- retrieve level6
+	- save usrsession and lmsession key
+	- retrieve level 2
+	- calculate, compare
+	- retrieve level 3
+	- calculate, compare
+	*/
+
+	if (creds) {
+		if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+			crypto_alg = "AES";
+		} else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
+			crypto_alg = "ARCFOUR";
+		}
+	}
+
+	dcerpc_binding_handle_auth_info(b, NULL, &auth_level);
+	if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
+		r.in.validation_level = 6;
+
+		torture_comment(tctx,
+				"Testing LogonSamLogonEx with name %s using %s and validation_level: %d\n",
+				ninfo.identity_info.account_name.string, crypto_alg,
+				r.in.validation_level);
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_netr_LogonSamLogonEx_r(b, tctx, &r),
+			"LogonSamLogonEx failed");
+	} else {
+		torture_comment(tctx,
+				"Skip auth_level[%u] Testing LogonSamLogonEx with name %s using %s and validation_level: %d\n",
+				auth_level, ninfo.identity_info.account_name.string, crypto_alg,
+				r.in.validation_level);
+		r.out.result = NT_STATUS_INVALID_INFO_CLASS;
+	}
+
+	if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_INVALID_INFO_CLASS)) {
+		can_do_validation_6 = false;
+	} else {
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"LogonSamLogonEx failed");
+
+		key = r.out.validation->sam6->base.key;
+		LMSessKey = r.out.validation->sam6->base.LMSessKey;
+
+		DEBUG(1,("unencrypted session keys from validation_level 6:\n"));
+		dump_data(1, r.out.validation->sam6->base.key.key, 16);
+		dump_data(1, r.out.validation->sam6->base.LMSessKey.key, 8);
+	}
+
+	for (i=0; i < ARRAY_SIZE(validation_levels); i++) {
+
+		r.in.validation_level = validation_levels[i];
+
+		torture_comment(tctx,
+			"Testing LogonSamLogonEx with name %s using %s and validation_level: %d\n",
+			ninfo.identity_info.account_name.string, crypto_alg,
+			r.in.validation_level);
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_netr_LogonSamLogonEx_r(b, tctx, &r),
+			"LogonSamLogonEx failed");
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"LogonSamLogonEx failed");
+
+		if (creds == NULL) {
+			/* when this test is called without creds no point in
+			 * testing the session keys */
+			continue;
+		}
+
+		switch (validation_levels[i]) {
+		case 2:
+			base = &r.out.validation->sam2->base;
+			break;
+		case 3:
+			base = &r.out.validation->sam3->base;
+			break;
+		default:
+			break;
+		}
+
+		DEBUG(1,("encrypted keys validation_level %d:\n",
+			validation_levels[i]));
+		dump_data(1, base->key.key, 16);
+		dump_data(1, base->LMSessKey.key, 8);
+
+		if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+			netlogon_creds_aes_decrypt(creds, base->key.key, 16);
+			netlogon_creds_aes_decrypt(creds, base->LMSessKey.key, 8);
+		} else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
+			netlogon_creds_arcfour_crypt(creds, base->key.key, 16);
+			netlogon_creds_arcfour_crypt(creds, base->LMSessKey.key, 8);
+		}
+
+		DEBUG(1,("decrypted keys validation_level %d\n",
+			validation_levels[i]));
+
+		dump_data(1, base->key.key, 16);
+		dump_data(1, base->LMSessKey.key, 8);
+
+		if (!can_do_validation_6) {
+			/* we can't compare against unencrypted keys */
+			continue;
+		}
+
+		torture_assert_mem_equal(tctx,
+					 base->key.key,
+					 key.key,
+					 16,
+					 "unexpected user session key\n");
+		torture_assert_mem_equal(tctx,
+					 base->LMSessKey.key,
+					 LMSessKey.key,
+					 8,
+					 "unexpected LM session key\n");
+	}
+
+	return true;
+}
+
+static bool test_netlogon_ex_bug14932(struct dcerpc_pipe *p,
+				      struct torture_context *tctx,
+				      struct cli_credentials *credentials,
+				      struct netlogon_creds_CredentialState *creds)
+{
+	NTSTATUS status;
+	struct netr_LogonSamLogonEx r;
+	struct netr_NetworkInfo ninfo;
+	union netr_LogonLevel logon;
+	union netr_Validation validation;
+	uint8_t authoritative = 1;
+	uint32_t _flags = 0;
+	static const char *netapp_magic =
+		"\x01\x01\x00\x00\x00\x00\x00\x00"
+		"\x3f\x3f\x3f\x3f\x3f\x3f\x3f\x3f"
+		"\xb8\x82\x3a\xf1\xb3\xdd\x08\x15"
+		"\x00\x00\x00\x00\x11\xa2\x08\x81"
+		"\x50\x38\x22\x78\x2b\x94\x47\xfe"
+		"\x54\x94\x7b\xff\x17\x27\x5a\xb4"
+		"\xf4\x18\xba\xdc\x2c\x38\xfd\x5b"
+		"\xfb\x0e\xc1\x85\x1e\xcc\x92\xbb"
+		"\x9b\xb1\xc4\xd5\x53\x14\xff\x8c"
+		"\x76\x49\xf5\x45\x90\x19\xa2";
+	NTTIME timestamp = BVAL(netapp_magic, 8);
+	DATA_BLOB names_blob = data_blob_string_const(netapp_magic + 28);
+	DATA_BLOB chal, lm_resp, nt_resp;
+	int i;
+	int flags = CLI_CRED_NTLM_AUTH;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct netr_UserSessionKey key;
+	struct netr_LMSessionKey LMSessKey;
+	uint32_t validation_levels[] = { 2, 3 };
+	struct netr_SamBaseInfo *base = NULL;
+	const char *crypto_alg = "";
+	bool can_do_validation_6 = true;
+	enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
+
+	flags |= CLI_CRED_NTLMv2_AUTH;
+
+	cli_credentials_get_ntlm_username_domain(samba_cmdline_get_creds(),
+				tctx,
+				&ninfo.identity_info.account_name.string,
+				&ninfo.identity_info.domain_name.string);
+
+	generate_random_buffer(ninfo.challenge,
+			       sizeof(ninfo.challenge));
+
+	chal = data_blob_const(ninfo.challenge,
+			       sizeof(ninfo.challenge));
+
+	status = cli_credentials_get_ntlm_response(
+			samba_cmdline_get_creds(),
+			tctx,
+			&flags,
+			chal,
+			&timestamp,
+			names_blob,
+			&lm_resp, &nt_resp,
+			NULL, NULL);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "cli_credentials_get_ntlm_response failed");
+
+	ninfo.lm.data = lm_resp.data;
+	ninfo.lm.length = lm_resp.length;
+
+	ninfo.nt.data = nt_resp.data;
+	ninfo.nt.length = nt_resp.length;
+
+	ninfo.identity_info.parameter_control = 0;
+	ninfo.identity_info.logon_id = 0;
+	ninfo.identity_info.workstation.string = cli_credentials_get_workstation(credentials);
+
+	logon.network = &ninfo;
+
+	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.computer_name = cli_credentials_get_workstation(credentials);
+	r.in.logon_level = NetlogonNetworkInformation;
+	r.in.logon= &logon;
+	r.in.flags = &_flags;
+	r.out.validation = &validation;
+	r.out.authoritative = &authoritative;
+	r.out.flags = &_flags;
+
+	/*
+	- retrieve level6
+	- save usrsession and lmsession key
+	- retrieve level 2
+	- calculate, compare
+	- retrieve level 3
+	- calculate, compare
+	*/
+
+	if (creds != NULL) {
+		if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+			crypto_alg = "AES";
+		} else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
+			crypto_alg = "ARCFOUR";
+		}
+	}
+
+	dcerpc_binding_handle_auth_info(b, NULL, &auth_level);
+	if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
+		r.in.validation_level = 6;
+
+		torture_comment(tctx,
+				"Testing LogonSamLogonEx with name %s using %s and validation_level: %d\n",
+				ninfo.identity_info.account_name.string, crypto_alg,
+				r.in.validation_level);
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_netr_LogonSamLogonEx_r(b, tctx, &r),
+			"LogonSamLogonEx failed");
+	} else {
+		torture_comment(tctx,
+				"Skip auth_level[%u] Testing LogonSamLogonEx with name %s using %s and validation_level: %d\n",
+				auth_level, ninfo.identity_info.account_name.string, crypto_alg,
+				r.in.validation_level);
+		r.out.result = NT_STATUS_INVALID_INFO_CLASS;
+	}
+
+	if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_INVALID_INFO_CLASS)) {
+		can_do_validation_6 = false;
+	} else {
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"LogonSamLogonEx failed");
+
+		key = r.out.validation->sam6->base.key;
+		LMSessKey = r.out.validation->sam6->base.LMSessKey;
+
+		DEBUG(1,("unencrypted session keys from validation_level 6:\n"));
+		dump_data(1, r.out.validation->sam6->base.key.key, 16);
+		dump_data(1, r.out.validation->sam6->base.LMSessKey.key, 8);
+	}
+
+	for (i=0; i < ARRAY_SIZE(validation_levels); i++) {
+
+		r.in.validation_level = validation_levels[i];
+
+		torture_comment(tctx,
+			"Testing LogonSamLogonEx with name %s using %s and validation_level: %d\n",
+			ninfo.identity_info.account_name.string, crypto_alg,
+			r.in.validation_level);
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_netr_LogonSamLogonEx_r(b, tctx, &r),
+			"LogonSamLogonEx failed");
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"LogonSamLogonEx failed");
+
+		if (creds == NULL) {
+			/* when this test is called without creds no point in
+			 * testing the session keys */
+			continue;
+		}
+
+		switch (validation_levels[i]) {
+		case 2:
+			base = &r.out.validation->sam2->base;
+			break;
+		case 3:
+			base = &r.out.validation->sam3->base;
+			break;
+		default:
+			break;
+		}
+
+		DEBUG(1,("encrypted keys validation_level %d:\n",
+			validation_levels[i]));
+		dump_data(1, base->key.key, 16);
+		dump_data(1, base->LMSessKey.key, 8);
+
+		if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+			netlogon_creds_aes_decrypt(creds, base->key.key, 16);
+			netlogon_creds_aes_decrypt(creds, base->LMSessKey.key, 8);
+		} else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
+			netlogon_creds_arcfour_crypt(creds, base->key.key, 16);
+			netlogon_creds_arcfour_crypt(creds, base->LMSessKey.key, 8);
+		}
+
+		DEBUG(1,("decrypted keys validation_level %d\n",
+			validation_levels[i]));
+
+		dump_data(1, base->key.key, 16);
+		dump_data(1, base->LMSessKey.key, 8);
+
+		if (!can_do_validation_6) {
+			/* we can't compare against unencrypted keys */
+			continue;
+		}
+
+		torture_assert_mem_equal(tctx,
+					 base->key.key,
+					 key.key,
+					 16,
+					 "unexpected user session key\n");
+		torture_assert_mem_equal(tctx,
+					 base->LMSessKey.key,
+					 LMSessKey.key,
+					 8,
+					 "unexpected LM session key\n");
+	}
+
+	return true;
+}
+
+/*
+  do some samr ops using the schannel connection
+ */
+static bool test_samr_ops(struct torture_context *tctx,
+			  struct dcerpc_binding_handle *b)
+{
+	struct samr_GetDomPwInfo r;
+	struct samr_PwInfo info;
+	struct samr_Connect connect_r;
+	struct samr_OpenDomain opendom;
+	int i;
+	struct lsa_String name;
+	struct policy_handle handle;
+	struct policy_handle domain_handle;
+
+	name.string = lpcfg_workgroup(tctx->lp_ctx);
+	r.in.domain_name = &name;
+	r.out.info = &info;
+
+	connect_r.in.system_name = 0;
+	connect_r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	connect_r.out.connect_handle = &handle;
+
+	torture_comment(tctx, "Testing Connect and OpenDomain on BUILTIN\n");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_samr_Connect_r(b, tctx, &connect_r),
+		"Connect failed");
+	if (!NT_STATUS_IS_OK(connect_r.out.result)) {
+		if (NT_STATUS_EQUAL(connect_r.out.result, NT_STATUS_ACCESS_DENIED)) {
+			torture_comment(tctx, "Connect failed (expected, schannel mapped to anonymous): %s\n",
+			       nt_errstr(connect_r.out.result));
+		} else {
+			torture_comment(tctx, "Connect failed - %s\n", nt_errstr(connect_r.out.result));
+			return false;
+		}
+	} else {
+		opendom.in.connect_handle = &handle;
+		opendom.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+		opendom.in.sid = dom_sid_parse_talloc(tctx, "S-1-5-32");
+		opendom.out.domain_handle = &domain_handle;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_OpenDomain_r(b, tctx, &opendom),
+			"OpenDomain failed");
+		if (!NT_STATUS_IS_OK(opendom.out.result)) {
+			torture_comment(tctx, "OpenDomain failed - %s\n", nt_errstr(opendom.out.result));
+			return false;
+		}
+	}
+
+	torture_comment(tctx, "Testing GetDomPwInfo with name %s\n", r.in.domain_name->string);
+
+	/* do several ops to test credential chaining */
+	for (i=0;i<5;i++) {
+		torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetDomPwInfo_r(b, tctx, &r),
+			"GetDomPwInfo failed");
+		if (!NT_STATUS_IS_OK(r.out.result)) {
+			if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_ACCESS_DENIED)) {
+				torture_comment(tctx, "GetDomPwInfo op %d failed - %s\n", i, nt_errstr(r.out.result));
+				return false;
+			}
+		}
+	}
+
+	return true;
+}
+
+
+/*
+  do some lsa ops using the schannel connection
+ */
+static bool test_lsa_ops(struct torture_context *tctx, struct dcerpc_pipe *p)
+{
+	struct lsa_GetUserName r;
+	bool ret = true;
+	struct lsa_String *account_name_p = NULL;
+	struct lsa_String *authority_name_p = NULL;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	torture_comment(tctx, "\nTesting GetUserName\n");
+
+	r.in.system_name = "\\";
+	r.in.account_name = &account_name_p;
+	r.in.authority_name = &authority_name_p;
+	r.out.account_name = &account_name_p;
+
+	/* do several ops to test credential chaining and various operations */
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_GetUserName_r(b, tctx, &r),
+		"lsa_GetUserName failed");
+
+	authority_name_p = *r.out.authority_name;
+
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		torture_comment(tctx, "GetUserName failed - %s\n", nt_errstr(r.out.result));
+		return false;
+	} else {
+		if (!r.out.account_name) {
+			return false;
+		}
+
+		if (strcmp(account_name_p->string, "ANONYMOUS LOGON") != 0) {
+			torture_comment(tctx, "GetUserName returned wrong user: %s, expected %s\n",
+			       account_name_p->string, "ANONYMOUS LOGON");
+			/* FIXME: gd */
+			if (!torture_setting_bool(tctx, "samba3", false)) {
+				return false;
+			}
+		}
+		if (!authority_name_p || !authority_name_p->string) {
+			return false;
+		}
+
+		if (strcmp(authority_name_p->string, "NT AUTHORITY") != 0) {
+			torture_comment(tctx, "GetUserName returned wrong user: %s, expected %s\n",
+			       authority_name_p->string, "NT AUTHORITY");
+			/* FIXME: gd */
+			if (!torture_setting_bool(tctx, "samba3", false)) {
+				return false;
+			}
+		}
+	}
+
+	return ret;
+}
+
+
+/*
+  test a schannel connection with the given flags
+ */
+static bool test_schannel(struct torture_context *tctx,
+			  uint16_t acct_flags, uint32_t dcerpc_flags,
+			  int i)
+{
+	struct test_join *join_ctx;
+	NTSTATUS status;
+	const char *binding = torture_setting_string(tctx, "binding", NULL);
+	struct dcerpc_binding *b;
+	struct dcerpc_pipe *p = NULL;
+	struct dcerpc_pipe *p_netlogon = NULL;
+	struct dcerpc_pipe *p_netlogon2 = NULL;
+	struct dcerpc_pipe *p_netlogon3 = NULL;
+	struct dcerpc_pipe *p_samr2 = NULL;
+	struct dcerpc_pipe *p_lsa = NULL;
+	struct netlogon_creds_CredentialState *creds;
+	struct cli_credentials *credentials;
+	enum dcerpc_transport_t transport;
+
+	join_ctx = torture_join_domain(tctx,
+				       talloc_asprintf(tctx, "%s%d", TEST_MACHINE_NAME, i),
+				       acct_flags, &credentials);
+	torture_assert(tctx, join_ctx != NULL, "Failed to join domain");
+
+	status = dcerpc_parse_binding(tctx, binding, &b);
+	torture_assert_ntstatus_ok(tctx, status, "Bad binding string");
+
+	status = dcerpc_binding_set_flags(b, dcerpc_flags, DCERPC_AUTH_OPTIONS);
+	torture_assert_ntstatus_ok(tctx, status, "set flags");
+
+	status = dcerpc_pipe_connect_b(tctx, &p, b, &ndr_table_samr,
+				       credentials, tctx->ev, tctx->lp_ctx);
+	torture_assert_ntstatus_ok(tctx, status,
+		"Failed to connect to samr with schannel");
+
+	torture_assert(tctx, test_samr_ops(tctx, p->binding_handle),
+		       "Failed to process schannel secured SAMR ops");
+
+	/* Also test that when we connect to the netlogon pipe, that
+	 * the credentials we setup on the first pipe are valid for
+	 * the second */
+
+	/* Swap the binding details from SAMR to NETLOGON */
+	status = dcerpc_epm_map_binding(tctx, b, &ndr_table_netlogon, tctx->ev, tctx->lp_ctx);
+	torture_assert_ntstatus_ok(tctx, status, "epm map");
+
+	status = dcerpc_binding_set_flags(b, dcerpc_flags, DCERPC_AUTH_OPTIONS);
+	torture_assert_ntstatus_ok(tctx, status, "set flags");
+
+	status = dcerpc_secondary_auth_connection(p, b, &ndr_table_netlogon,
+						  credentials, tctx->lp_ctx,
+						  tctx, &p_netlogon);
+	torture_assert_ntstatus_ok(tctx, status, "Failed to create secondary connection");
+
+	creds = cli_credentials_get_netlogon_creds(credentials);
+	torture_assert(tctx, (creds != NULL), "schannel creds");
+
+	/* checks the capabilities */
+	torture_assert(tctx, test_netlogon_capabilities(p_netlogon, tctx, credentials, creds),
+		       "Failed to process schannel secured capability ops (on fresh connection)");
+
+	/* do a couple of logins */
+	torture_assert(tctx, test_netlogon_ops(p_netlogon, tctx, credentials, creds),
+		"Failed to process schannel secured NETLOGON ops");
+
+	torture_assert(tctx, test_netlogon_ex_ops(p_netlogon, tctx, credentials, creds),
+		"Failed to process schannel secured NETLOGON EX ops");
+
+	/* regression test for https://bugzilla.samba.org/show_bug.cgi?id=14932 */
+	torture_assert(tctx, test_netlogon_ex_bug14932(p_netlogon, tctx, credentials, creds),
+		       "Failed to process schannel secured NETLOGON EX for BUG 14932");
+
+	/* we *MUST* use ncacn_np for openpolicy etc. */
+	transport = dcerpc_binding_get_transport(b);
+	status = dcerpc_binding_set_transport(b, NCACN_NP);
+	torture_assert_ntstatus_ok(tctx, status, "set transport");
+
+	/* Swap the binding details from SAMR to LSARPC */
+	status = dcerpc_epm_map_binding(tctx, b, &ndr_table_lsarpc, tctx->ev, tctx->lp_ctx);
+	torture_assert_ntstatus_ok(tctx, status, "epm map");
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_pipe_connect_b(tctx, &p_lsa, b, &ndr_table_lsarpc,
+				      credentials, tctx->ev, tctx->lp_ctx),
+		"failed to connect lsarpc with schannel");
+
+	torture_assert(tctx, test_lsa_ops(tctx, p_lsa),
+		"Failed to process schannel secured LSA ops");
+
+	talloc_free(p_lsa);
+	p_lsa = NULL;
+
+	/* we *MUST* use ncacn_ip_tcp for lookupsids3/lookupnames4 */
+	status = dcerpc_binding_set_transport(b, NCACN_IP_TCP);
+	torture_assert_ntstatus_ok(tctx, status, "set transport");
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_epm_map_binding(tctx, b, &ndr_table_lsarpc, tctx->ev, tctx->lp_ctx),
+		"failed to call epm map");
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_pipe_connect_b(tctx, &p_lsa, b, &ndr_table_lsarpc,
+				      credentials, tctx->ev, tctx->lp_ctx),
+		"failed to connect lsarpc with schannel");
+
+	torture_assert(tctx,
+		test_many_LookupSids(p_lsa, tctx, NULL, LSA_LOOKUP_NAMES_ALL),
+		"LsaLookupSids3 failed!\n");
+
+	status = dcerpc_binding_set_transport(b, transport);
+	torture_assert_ntstatus_ok(tctx, status, "set transport");
+
+
+	/* Drop the socket, we want to start from scratch */
+	talloc_free(p);
+	p = NULL;
+
+	/* Now see what we are still allowed to do */
+
+	status = dcerpc_parse_binding(tctx, binding, &b);
+	torture_assert_ntstatus_ok(tctx, status, "Bad binding string");
+
+	status = dcerpc_binding_set_flags(b, dcerpc_flags, DCERPC_AUTH_OPTIONS);
+	torture_assert_ntstatus_ok(tctx, status, "set flags");
+
+	status = dcerpc_pipe_connect_b(tctx, &p_samr2, b, &ndr_table_samr,
+				       credentials, tctx->ev, tctx->lp_ctx);
+	torture_assert_ntstatus_ok(tctx, status,
+		"Failed to connect with schannel");
+
+	/* do a some SAMR operations.  We have *not* done a new serverauthenticate */
+	torture_assert (tctx, test_samr_ops(tctx, p_samr2->binding_handle),
+			"Failed to process schannel secured SAMR ops (on fresh connection)");
+
+	/* Swap the binding details from SAMR to NETLOGON */
+	status = dcerpc_epm_map_binding(tctx, b, &ndr_table_netlogon, tctx->ev, tctx->lp_ctx);
+	torture_assert_ntstatus_ok(tctx, status, "epm");
+
+	status = dcerpc_binding_set_flags(b, dcerpc_flags, DCERPC_AUTH_OPTIONS);
+	torture_assert_ntstatus_ok(tctx, status, "set flags");
+
+	status = dcerpc_secondary_auth_connection(p_samr2, b, &ndr_table_netlogon,
+						  credentials, tctx->lp_ctx,
+						  tctx, &p_netlogon2);
+	torture_assert_ntstatus_ok(tctx, status, "Failed to create secondary connection");
+
+	/* checks the capabilities */
+	torture_assert(tctx, test_netlogon_capabilities(p_netlogon2, tctx, credentials, creds),
+		       "Failed to process schannel secured capability ops (on fresh connection)");
+
+	/* Try the schannel-only SamLogonEx operation */
+	torture_assert(tctx, test_netlogon_ex_ops(p_netlogon2, tctx, credentials, creds),
+		       "Failed to process schannel secured NETLOGON EX ops (on fresh connection)");
+
+
+	/* And the more traditional style, proving that the
+	 * credentials chaining state is fully present */
+	torture_assert(tctx, test_netlogon_ops(p_netlogon2, tctx, credentials, creds),
+			     "Failed to process schannel secured NETLOGON ops (on fresh connection)");
+
+	/* Drop the socket, we want to start from scratch (again) */
+	talloc_free(p_samr2);
+
+	/* We don't want schannel for this test */
+	status = dcerpc_binding_set_flags(b, 0, DCERPC_AUTH_OPTIONS);
+	torture_assert_ntstatus_ok(tctx, status, "set flags");
+
+	status = dcerpc_pipe_connect_b(tctx, &p_netlogon3, b, &ndr_table_netlogon,
+				       credentials, tctx->ev, tctx->lp_ctx);
+	torture_assert_ntstatus_ok(tctx, status, "Failed to connect without schannel");
+
+	torture_assert(tctx, !test_netlogon_ex_ops(p_netlogon3, tctx, credentials, creds),
+			"Processed NOT schannel secured NETLOGON EX ops without SCHANNEL (unsafe)");
+
+	/* Required because the previous call will mark the current context as having failed */
+	tctx->last_result = TORTURE_OK;
+	tctx->last_reason = NULL;
+
+	torture_assert(tctx, test_netlogon_ops(p_netlogon3, tctx, credentials, creds),
+			"Failed to processed NOT schannel secured NETLOGON ops without new ServerAuth");
+
+	torture_leave_domain(tctx, join_ctx);
+	return true;
+}
+
+/*
+ * Purpose of this test is to demonstrate that a netlogon server carefully deals
+ * with anonymous attempts to set passwords, in particular when the server
+ * enforces the use of schannel. This test makes most sense to be run in an
+ * environment where the netlogon server enforces use of schannel.
+ */
+
+static bool test_schannel_anonymous_setPassword(struct torture_context *tctx,
+						uint32_t dcerpc_flags,
+						bool use2)
+{
+	NTSTATUS status, result;
+	const char *binding = torture_setting_string(tctx, "binding", NULL);
+	struct dcerpc_binding *b;
+	struct dcerpc_pipe *p = NULL;
+	struct cli_credentials *credentials;
+	bool ok = true;
+
+	credentials = cli_credentials_init(NULL);
+	torture_assert(tctx, credentials != NULL, "Bad credentials");
+	cli_credentials_set_anonymous(credentials);
+
+	status = dcerpc_parse_binding(tctx, binding, &b);
+	torture_assert_ntstatus_ok(tctx, status, "Bad binding string");
+
+	status = dcerpc_binding_set_flags(b, dcerpc_flags, DCERPC_AUTH_OPTIONS);
+	torture_assert_ntstatus_ok(tctx, status, "set flags");
+
+	status = dcerpc_pipe_connect_b(tctx,
+				       &p,
+				       b,
+				       &ndr_table_netlogon,
+				       credentials,
+				       tctx->ev,
+				       tctx->lp_ctx);
+	torture_assert_ntstatus_ok(tctx, status, "Failed to connect without schannel");
+
+	if (use2) {
+		struct netr_ServerPasswordSet2 r = {};
+		struct netr_Authenticator credential = {};
+		struct netr_Authenticator return_authenticator = {};
+		struct netr_CryptPassword new_password = {};
+
+		r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+		r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
+		r.in.secure_channel_type = 0;
+		r.in.computer_name = TEST_MACHINE_NAME;
+		r.in.credential = &credential;
+		r.in.new_password = &new_password;
+		r.out.return_authenticator = &return_authenticator;
+
+		status = dcerpc_netr_ServerPasswordSet2_r(p->binding_handle, tctx, &r);
+		result = r.out.result;
+	} else {
+		struct netr_ServerPasswordSet r = {};
+		struct netr_Authenticator credential = {};
+		struct netr_Authenticator return_authenticator = {};
+		struct samr_Password new_password = {};
+
+		r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+		r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
+		r.in.secure_channel_type = 0;
+		r.in.computer_name = TEST_MACHINE_NAME;
+		r.in.credential = &credential;
+		r.in.new_password = &new_password;
+		r.out.return_authenticator = &return_authenticator;
+
+		status = dcerpc_netr_ServerPasswordSet_r(p->binding_handle, tctx, &r);
+		result = r.out.result;
+	}
+
+	torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet failed");
+
+	if (NT_STATUS_IS_OK(result)) {
+		torture_fail(tctx, "unexpectedly received NT_STATUS_OK");
+	}
+
+	return ok;
+}
+
+
+/*
+  a schannel test suite
+ */
+bool torture_rpc_schannel(struct torture_context *torture)
+{
+	bool ret = true;
+	struct {
+		uint16_t acct_flags;
+		uint32_t dcerpc_flags;
+	} tests[] = {
+		{ ACB_WSTRUST,   DCERPC_SCHANNEL | DCERPC_SIGN | DCERPC_SCHANNEL_AUTO},
+		{ ACB_WSTRUST,   DCERPC_SCHANNEL | DCERPC_SEAL | DCERPC_SCHANNEL_AUTO},
+		{ ACB_WSTRUST,   DCERPC_SCHANNEL | DCERPC_SIGN | DCERPC_SCHANNEL_128},
+		{ ACB_WSTRUST,   DCERPC_SCHANNEL | DCERPC_SEAL | DCERPC_SCHANNEL_128 },
+		{ ACB_WSTRUST,   DCERPC_SCHANNEL | DCERPC_SIGN | DCERPC_SCHANNEL_AES},
+		{ ACB_WSTRUST,   DCERPC_SCHANNEL | DCERPC_SEAL | DCERPC_SCHANNEL_AES },
+		{ ACB_SVRTRUST,  DCERPC_SCHANNEL | DCERPC_SIGN | DCERPC_SCHANNEL_AUTO},
+		{ ACB_SVRTRUST,  DCERPC_SCHANNEL | DCERPC_SEAL | DCERPC_SCHANNEL_AUTO},
+		{ ACB_SVRTRUST,  DCERPC_SCHANNEL | DCERPC_SIGN | DCERPC_SCHANNEL_128 },
+		{ ACB_SVRTRUST,  DCERPC_SCHANNEL | DCERPC_SEAL | DCERPC_SCHANNEL_128 },
+		{ ACB_SVRTRUST,  DCERPC_SCHANNEL | DCERPC_SIGN | DCERPC_SCHANNEL_AES },
+		{ ACB_SVRTRUST,  DCERPC_SCHANNEL | DCERPC_SEAL | DCERPC_SCHANNEL_AES }
+	};
+	int i;
+
+	for (i=0;i<ARRAY_SIZE(tests);i++) {
+		torture_comment(torture, "Testing with acct_flags=0x%x dcerpc_flags=0x%x \n",
+		       tests[i].acct_flags, tests[i].dcerpc_flags);
+
+		if (!test_schannel(torture,
+				   tests[i].acct_flags, tests[i].dcerpc_flags,
+				   i)) {
+			torture_comment(torture, "Failed with acct_flags=0x%x dcerpc_flags=0x%x \n",
+			       tests[i].acct_flags, tests[i].dcerpc_flags);
+			ret = false;
+		}
+	}
+
+	return ret;
+}
+
+bool torture_rpc_schannel_anon_setpw(struct torture_context *torture)
+{
+	bool ret = true;
+	bool ok;
+	uint32_t dcerpc_flags = DCERPC_SCHANNEL | DCERPC_SIGN | DCERPC_SCHANNEL_AUTO;
+
+	ok = test_schannel_anonymous_setPassword(torture,
+						 dcerpc_flags,
+						 true);
+	if (!ok) {
+		torture_comment(torture,
+				"Failed with dcerpc_flags=0x%x\n",
+				dcerpc_flags);
+		ret = false;
+	}
+
+	ok = test_schannel_anonymous_setPassword(torture,
+						 dcerpc_flags,
+						 false);
+	if (!ok) {
+		torture_comment(torture,
+				"Failed with dcerpc_flags=0x%x\n",
+				dcerpc_flags);
+		ret = false;
+	}
+
+	return ret;
+}
+
+/*
+  test two schannel connections
+ */
+bool torture_rpc_schannel2(struct torture_context *torture)
+{
+	struct test_join *join_ctx;
+	NTSTATUS status;
+	const char *binding = torture_setting_string(torture, "binding", NULL);
+	struct dcerpc_binding *b;
+	struct dcerpc_pipe *p1 = NULL, *p2 = NULL;
+	struct cli_credentials *credentials1, *credentials2;
+	uint32_t dcerpc_flags = DCERPC_SCHANNEL | DCERPC_SCHANNEL_AUTO | DCERPC_SIGN;
+
+	join_ctx = torture_join_domain(torture, talloc_asprintf(torture, "%s2", TEST_MACHINE_NAME),
+				       ACB_WSTRUST, &credentials1);
+	torture_assert(torture, join_ctx != NULL,
+		       "Failed to join domain with acct_flags=ACB_WSTRUST");
+
+	credentials2 = cli_credentials_shallow_copy(torture, credentials1);
+	cli_credentials_set_netlogon_creds(credentials1, NULL);
+	cli_credentials_set_netlogon_creds(credentials2, NULL);
+
+	status = dcerpc_parse_binding(torture, binding, &b);
+	torture_assert_ntstatus_ok(torture, status, "Bad binding string");
+
+	status = dcerpc_binding_set_flags(b, dcerpc_flags, DCERPC_AUTH_OPTIONS);
+	torture_assert_ntstatus_ok(torture, status, "set flags");
+
+	torture_comment(torture, "Opening first connection\n");
+	status = dcerpc_pipe_connect_b(torture, &p1, b, &ndr_table_netlogon,
+				       credentials1, torture->ev, torture->lp_ctx);
+	torture_assert_ntstatus_ok(torture, status, "Failed to connect with schannel");
+
+	torture_comment(torture, "Opening second connection\n");
+	status = dcerpc_pipe_connect_b(torture, &p2, b, &ndr_table_netlogon,
+				       credentials2, torture->ev, torture->lp_ctx);
+	torture_assert_ntstatus_ok(torture, status, "Failed to connect with schannel");
+
+	cli_credentials_set_netlogon_creds(credentials1, NULL);
+	cli_credentials_set_netlogon_creds(credentials2, NULL);
+
+	torture_comment(torture, "Testing logon on pipe1\n");
+	if (!test_netlogon_ex_ops(p1, torture, credentials1, NULL))
+		return false;
+
+	torture_comment(torture, "Testing logon on pipe2\n");
+	if (!test_netlogon_ex_ops(p2, torture, credentials2, NULL))
+		return false;
+
+	torture_comment(torture, "Again on pipe1\n");
+	if (!test_netlogon_ex_ops(p1, torture, credentials1, NULL))
+		return false;
+
+	torture_comment(torture, "Again on pipe2\n");
+	if (!test_netlogon_ex_ops(p2, torture, credentials2, NULL))
+		return false;
+
+	torture_leave_domain(torture, join_ctx);
+	return true;
+}
+
+struct torture_schannel_bench;
+
+struct torture_schannel_bench_conn {
+	struct torture_schannel_bench *s;
+	int index;
+	struct cli_credentials *wks_creds;
+	struct dcerpc_pipe *pipe;
+	struct netr_LogonSamLogonEx r;
+	struct netr_NetworkInfo ninfo;
+	TALLOC_CTX *tmp;
+	uint64_t total;
+	uint32_t count;
+};
+
+struct torture_schannel_bench {
+	struct torture_context *tctx;
+	bool progress;
+	int timelimit;
+	int nprocs;
+	int nconns;
+	struct torture_schannel_bench_conn *conns;
+	struct test_join *join_ctx1;
+	struct cli_credentials *wks_creds1;
+	struct test_join *join_ctx2;
+	struct cli_credentials *wks_creds2;
+	struct cli_credentials *user1_creds;
+	struct cli_credentials *user2_creds;
+	struct dcerpc_binding *b;
+	NTSTATUS error;
+	uint64_t total;
+	uint32_t count;
+	bool stopped;
+};
+
+#if 0
+static void torture_schannel_bench_connected(struct composite_context *c)
+{
+	struct torture_schannel_bench_conn *conn =
+		(struct torture_schannel_bench_conn *)c->async.private_data;
+	struct torture_schannel_bench *s = talloc_get_type(conn->s,
+					   struct torture_schannel_bench);
+
+	s->error = dcerpc_pipe_connect_b_recv(c, s->conns, &conn->pipe);
+	torture_comment(s->tctx, "conn[%u]: %s\n", conn->index, nt_errstr(s->error));
+	if (NT_STATUS_IS_OK(s->error)) {
+		s->nconns++;
+	}
+}
+#endif
+
+static void torture_schannel_bench_recv(struct tevent_req *subreq);
+
+static bool torture_schannel_bench_start(struct torture_schannel_bench_conn *conn)
+{
+	struct torture_schannel_bench *s = conn->s;
+	NTSTATUS status;
+	DATA_BLOB names_blob, chal, lm_resp, nt_resp;
+	int flags = CLI_CRED_NTLM_AUTH;
+	struct tevent_req *subreq;
+	struct cli_credentials *user_creds;
+
+	if (conn->total % 2) {
+		user_creds = s->user1_creds;
+	} else {
+		user_creds = s->user2_creds;
+	}
+
+	if (lpcfg_client_lanman_auth(s->tctx->lp_ctx)) {
+		flags |= CLI_CRED_LANMAN_AUTH;
+	}
+
+	if (lpcfg_client_ntlmv2_auth(s->tctx->lp_ctx)) {
+		flags |= CLI_CRED_NTLMv2_AUTH;
+	}
+
+	talloc_free(conn->tmp);
+	conn->tmp = talloc_new(s);
+	ZERO_STRUCT(conn->ninfo);
+	ZERO_STRUCT(conn->r);
+
+	cli_credentials_get_ntlm_username_domain(user_creds, conn->tmp,
+						 &conn->ninfo.identity_info.account_name.string,
+						 &conn->ninfo.identity_info.domain_name.string);
+
+	generate_random_buffer(conn->ninfo.challenge,
+			       sizeof(conn->ninfo.challenge));
+	chal = data_blob_const(conn->ninfo.challenge,
+			       sizeof(conn->ninfo.challenge));
+
+	names_blob = NTLMv2_generate_names_blob(conn->tmp,
+						cli_credentials_get_workstation(conn->wks_creds),
+						cli_credentials_get_domain(conn->wks_creds));
+
+	status = cli_credentials_get_ntlm_response(user_creds, conn->tmp,
+						   &flags,
+						   chal,
+						   NULL, /* server_timestamp */
+						   names_blob,
+						   &lm_resp, &nt_resp,
+						   NULL, NULL);
+	torture_assert_ntstatus_ok(s->tctx, status,
+				   "cli_credentials_get_ntlm_response failed");
+
+	conn->ninfo.lm.data = lm_resp.data;
+	conn->ninfo.lm.length = lm_resp.length;
+
+	conn->ninfo.nt.data = nt_resp.data;
+	conn->ninfo.nt.length = nt_resp.length;
+
+	conn->ninfo.identity_info.parameter_control = 0;
+	conn->ninfo.identity_info.logon_id = 0;
+	conn->ninfo.identity_info.workstation.string = cli_credentials_get_workstation(conn->wks_creds);
+
+	conn->r.in.server_name = talloc_asprintf(conn->tmp, "\\\\%s", dcerpc_server_name(conn->pipe));
+	conn->r.in.computer_name = cli_credentials_get_workstation(conn->wks_creds);
+	conn->r.in.logon_level = NetlogonNetworkInformation;
+	conn->r.in.logon = talloc(conn->tmp, union netr_LogonLevel);
+	conn->r.in.logon->network = &conn->ninfo;
+	conn->r.in.flags = talloc(conn->tmp, uint32_t);
+	conn->r.in.validation_level = 2;
+	conn->r.out.validation = talloc(conn->tmp, union netr_Validation);
+	conn->r.out.authoritative = talloc(conn->tmp, uint8_t);
+	conn->r.out.flags = conn->r.in.flags;
+
+	subreq = dcerpc_netr_LogonSamLogonEx_r_send(s, s->tctx->ev,
+						    conn->pipe->binding_handle,
+						    &conn->r);
+	torture_assert(s->tctx, subreq, "Failed to setup LogonSamLogonEx request");
+
+	tevent_req_set_callback(subreq, torture_schannel_bench_recv, conn);
+
+	return true;
+}
+
+static void torture_schannel_bench_recv(struct tevent_req *subreq)
+{
+	bool ret;
+	struct torture_schannel_bench_conn *conn =
+		(struct torture_schannel_bench_conn *)tevent_req_callback_data_void(subreq);
+	struct torture_schannel_bench *s = talloc_get_type(conn->s,
+					   struct torture_schannel_bench);
+
+	s->error = dcerpc_netr_LogonSamLogonEx_r_recv(subreq, subreq);
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(s->error)) {
+		return;
+	}
+
+	conn->total++;
+	conn->count++;
+
+	if (s->stopped) {
+		return;
+	}
+
+	ret = torture_schannel_bench_start(conn);
+	if (!ret) {
+		s->error = NT_STATUS_INTERNAL_ERROR;
+	}
+}
+
+/*
+  test multiple schannel connection in parallel
+ */
+bool torture_rpc_schannel_bench1(struct torture_context *torture)
+{
+	bool ret = true;
+	NTSTATUS status;
+	const char *binding = torture_setting_string(torture, "binding", NULL);
+	struct torture_schannel_bench *s;
+	struct timeval start;
+	struct timeval end;
+	int i;
+	const char *tmp;
+
+	s = talloc_zero(torture, struct torture_schannel_bench);
+	s->tctx = torture;
+	s->progress = torture_setting_bool(torture, "progress", true);
+	s->timelimit = torture_setting_int(torture, "timelimit", 10);
+	s->nprocs = torture_setting_int(torture, "nprocs", 4);
+	s->conns = talloc_zero_array(s, struct torture_schannel_bench_conn, s->nprocs);
+
+	s->user1_creds = cli_credentials_shallow_copy(s,
+				samba_cmdline_get_creds());
+	tmp = torture_setting_string(s->tctx, "extra_user1", NULL);
+	if (tmp) {
+		cli_credentials_parse_string(s->user1_creds, tmp, CRED_SPECIFIED);
+	}
+	s->user2_creds = cli_credentials_shallow_copy(s,
+				samba_cmdline_get_creds());
+	tmp = torture_setting_string(s->tctx, "extra_user2", NULL);
+	if (tmp) {
+		cli_credentials_parse_string(s->user1_creds, tmp, CRED_SPECIFIED);
+	}
+
+	s->join_ctx1 = torture_join_domain(s->tctx, talloc_asprintf(s, "%sb", TEST_MACHINE_NAME),
+					   ACB_WSTRUST, &s->wks_creds1);
+	torture_assert(torture, s->join_ctx1 != NULL,
+		       "Failed to join domain with acct_flags=ACB_WSTRUST");
+	s->join_ctx2 = torture_join_domain(s->tctx, talloc_asprintf(s, "%sc", TEST_MACHINE_NAME),
+					   ACB_WSTRUST, &s->wks_creds2);
+	torture_assert(torture, s->join_ctx2 != NULL,
+		       "Failed to join domain with acct_flags=ACB_WSTRUST");
+
+	cli_credentials_set_kerberos_state(s->wks_creds1,
+					   CRED_USE_KERBEROS_DISABLED,
+					   CRED_SPECIFIED);
+	cli_credentials_set_kerberos_state(s->wks_creds2,
+					   CRED_USE_KERBEROS_DISABLED,
+					   CRED_SPECIFIED);
+
+	for (i=0; i < s->nprocs; i++) {
+		struct cli_credentials *wks = s->wks_creds1;
+
+		if ((i % 2) && (torture_setting_bool(torture, "multijoin", false))) {
+			wks = s->wks_creds2;
+		}
+
+		s->conns[i].s = s;
+		s->conns[i].index = i;
+		s->conns[i].wks_creds = cli_credentials_shallow_copy(s->conns, wks);
+		cli_credentials_set_netlogon_creds(s->conns[i].wks_creds, NULL);
+	}
+
+	status = dcerpc_parse_binding(s, binding, &s->b);
+	torture_assert_ntstatus_ok(torture, status, "Bad binding string");
+
+	status = dcerpc_binding_set_flags(s->b, DCERPC_SCHANNEL | DCERPC_SIGN,
+					  DCERPC_AUTH_OPTIONS);
+	torture_assert_ntstatus_ok(torture, status, "set flags");
+
+	torture_comment(torture, "Opening %d connections in parallel\n", s->nprocs);
+	for (i=0; i < s->nprocs; i++) {
+#if 1
+		s->error = dcerpc_pipe_connect_b(s->conns, &s->conns[i].pipe, s->b,
+						 &ndr_table_netlogon,
+						 s->conns[i].wks_creds,
+						 torture->ev, torture->lp_ctx);
+		torture_assert_ntstatus_ok(torture, s->error, "Failed to connect with schannel");
+#else
+		/*
+		 * This path doesn't work against windows,
+		 * because of windows drops the connections
+		 * which haven't reached a session setup yet
+		 *
+		 * The same as the reset on zero vc stuff.
+		 */
+		struct composite_context *c;
+		c = dcerpc_pipe_connect_b_send(s->conns, s->b,
+					       &ndr_table_netlogon,
+					       s->conns[i].wks_creds,
+					       torture->ev,
+					       torture->lp_ctx);
+		torture_assert(torture, c != NULL, "Failed to setup connect");
+		c->async.fn = torture_schannel_bench_connected;
+		c->async.private_data = &s->conns[i];
+	}
+
+	while (NT_STATUS_IS_OK(s->error) && s->nprocs != s->nconns) {
+		int ev_ret = tevent_loop_once(torture->ev);
+		torture_assert(torture, ev_ret == 0, "tevent_loop_once failed");
+#endif
+	}
+	torture_assert_ntstatus_ok(torture, s->error, "Failed establish a connect");
+
+	/*
+	 * Change the workstation password after establishing the netlogon
+	 * schannel connections to prove that existing connections are not
+	 * affected by a wks pwchange.
+	 */
+
+	{
+		struct netr_ServerPasswordSet pwset;
+		char *password = generate_random_password(s->join_ctx1, 8, 255);
+		struct netlogon_creds_CredentialState *creds_state;
+		struct dcerpc_pipe *net_pipe;
+		struct netr_Authenticator credential, return_authenticator;
+		struct samr_Password new_password;
+
+		status = dcerpc_pipe_connect_b(s, &net_pipe, s->b,
+					       &ndr_table_netlogon,
+					       s->wks_creds1,
+					       torture->ev, torture->lp_ctx);
+
+		torture_assert_ntstatus_ok(torture, status,
+					   "dcerpc_pipe_connect_b failed");
+
+		pwset.in.server_name = talloc_asprintf(
+			net_pipe, "\\\\%s", dcerpc_server_name(net_pipe));
+		pwset.in.computer_name =
+			cli_credentials_get_workstation(s->wks_creds1);
+		pwset.in.account_name = talloc_asprintf(
+			net_pipe, "%s$", pwset.in.computer_name);
+		pwset.in.secure_channel_type = SEC_CHAN_WKSTA;
+		pwset.in.credential = &credential;
+		pwset.in.new_password = &new_password;
+		pwset.out.return_authenticator = &return_authenticator;
+
+		E_md4hash(password, new_password.hash);
+
+		creds_state = cli_credentials_get_netlogon_creds(
+			s->wks_creds1);
+		netlogon_creds_des_encrypt(creds_state, &new_password);
+		netlogon_creds_client_authenticator(creds_state, &credential);
+
+		torture_assert_ntstatus_ok(torture, dcerpc_netr_ServerPasswordSet_r(net_pipe->binding_handle, torture, &pwset),
+			"ServerPasswordSet failed");
+		torture_assert_ntstatus_ok(torture, pwset.out.result,
+					   "ServerPasswordSet failed");
+
+		if (!netlogon_creds_client_check(creds_state,
+					&pwset.out.return_authenticator->cred)) {
+			torture_comment(torture, "Credential chaining failed\n");
+		}
+
+		cli_credentials_set_password(s->wks_creds1, password,
+					     CRED_SPECIFIED);
+
+		talloc_free(net_pipe);
+
+		/* Just as a test, connect with the new creds */
+
+		cli_credentials_set_netlogon_creds(s->wks_creds1, NULL);
+
+		status = dcerpc_pipe_connect_b(s, &net_pipe, s->b,
+					       &ndr_table_netlogon,
+					       s->wks_creds1,
+					       torture->ev, torture->lp_ctx);
+
+		torture_assert_ntstatus_ok(torture, status,
+					   "dcerpc_pipe_connect_b failed");
+
+		talloc_free(net_pipe);
+	}
+
+	torture_comment(torture, "Start looping LogonSamLogonEx on %d connections for %d secs\n",
+			s->nprocs, s->timelimit);
+	for (i=0; i < s->nprocs; i++) {
+		ret = torture_schannel_bench_start(&s->conns[i]);
+		torture_assert(torture, ret, "Failed to setup LogonSamLogonEx");
+	}
+
+	start = timeval_current();
+	end = timeval_add(&start, s->timelimit, 0);
+
+	while (NT_STATUS_IS_OK(s->error) && !timeval_expired(&end)) {
+		int ev_ret = tevent_loop_once(torture->ev);
+		torture_assert(torture, ev_ret == 0, "tevent_loop_once failed");
+	}
+	torture_assert_ntstatus_ok(torture, s->error, "Failed some request");
+	s->stopped = true;
+	talloc_free(s->conns);
+
+	for (i=0; i < s->nprocs; i++) {
+		s->total += s->conns[i].total;
+	}
+
+	torture_comment(torture,
+			"Total ops[%llu] (%u ops/s)\n",
+			(unsigned long long)s->total,
+			(unsigned)s->total/s->timelimit);
+
+	torture_leave_domain(torture, s->join_ctx1);
+	torture_leave_domain(torture, s->join_ctx2);
+	return true;
+}
diff --git a/source4/torture/rpc/session_key.c b/source4/torture/rpc/session_key.c
new file mode 100644
index 0000000..96f9965
--- /dev/null
+++ b/source4/torture/rpc/session_key.c
@@ -0,0 +1,250 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for lsa rpc operations
+
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_lsa_c.h"
+
+#include "libcli/auth/libcli_auth.h"
+#include "torture/rpc/torture_rpc.h"
+#include "lib/cmdline/cmdline.h"
+#include "param/param.h"
+
+static void init_lsa_String(struct lsa_String *name, const char *s)
+{
+	name->string = s;
+}
+
+static bool test_CreateSecret_basic(struct dcerpc_pipe *p,
+				    struct torture_context *tctx,
+				    struct policy_handle *handle,
+				    struct policy_handle *sec_handle)
+{
+	NTSTATUS status;
+	struct lsa_CreateSecret r;
+	struct lsa_SetSecret r3;
+	struct lsa_QuerySecret r4;
+	struct lsa_DATA_BUF buf1;
+	struct lsa_DATA_BUF_PTR bufp1;
+	DATA_BLOB enc_key;
+	DATA_BLOB session_key;
+	NTTIME old_mtime, new_mtime;
+	DATA_BLOB blob1;
+	const char *secret1 = "abcdef12345699qwerty";
+	char *secret2;
+	char *secname;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	secname = talloc_asprintf(tctx, "torturesecret-%08x", (unsigned int)random());
+
+	torture_comment(tctx, "Testing CreateSecret of %s\n", secname);
+
+	init_lsa_String(&r.in.name, secname);
+
+	r.in.handle = handle;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.sec_handle = sec_handle;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_CreateSecret_r(b, tctx, &r),
+		"CreateSecret failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "CreateSecret failed");
+
+	status = dcerpc_fetch_session_key(p, &session_key);
+	torture_assert_ntstatus_ok(tctx, status, "dcerpc_fetch_session_key failed");
+
+	enc_key = sess_encrypt_string(secret1, &session_key);
+
+	r3.in.sec_handle = sec_handle;
+	r3.in.new_val = &buf1;
+	r3.in.old_val = NULL;
+	r3.in.new_val->data = enc_key.data;
+	r3.in.new_val->length = enc_key.length;
+	r3.in.new_val->size = enc_key.length;
+
+	torture_comment(tctx, "Testing SetSecret\n");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_SetSecret_r(b, tctx, &r3),
+		"SetSecret failed");
+	torture_assert_ntstatus_ok(tctx, r3.out.result, "SetSecret failed");
+
+	r3.in.sec_handle = sec_handle;
+	r3.in.new_val = &buf1;
+	r3.in.old_val = NULL;
+	r3.in.new_val->data = enc_key.data;
+	r3.in.new_val->length = enc_key.length;
+	r3.in.new_val->size = enc_key.length;
+
+	/* break the encrypted data */
+	enc_key.data[0]++;
+
+	torture_comment(tctx, "Testing SetSecret with broken key\n");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_SetSecret_r(b, tctx, &r3),
+		"SetSecret failed");
+	torture_assert_ntstatus_equal(tctx, r3.out.result, NT_STATUS_UNKNOWN_REVISION,
+		"SetSecret should have failed UNKNOWN_REVISION");
+
+	data_blob_free(&enc_key);
+
+	ZERO_STRUCT(new_mtime);
+	ZERO_STRUCT(old_mtime);
+
+	/* fetch the secret back again */
+	r4.in.sec_handle = sec_handle;
+	r4.in.new_val = &bufp1;
+	r4.in.new_mtime = &new_mtime;
+	r4.in.old_val = NULL;
+	r4.in.old_mtime = NULL;
+
+	bufp1.buf = NULL;
+
+	torture_comment(tctx, "Testing QuerySecret\n");
+	torture_assert_ntstatus_ok(tctx, dcerpc_lsa_QuerySecret_r(b, tctx, &r4),
+		"QuerySecret failed");
+	torture_assert_ntstatus_ok(tctx, r4.out.result, "QuerySecret failed");
+	if (r4.out.new_val == NULL || r4.out.new_val->buf == NULL)
+		torture_fail(tctx, "No secret buffer returned");
+	blob1.data = r4.out.new_val->buf->data;
+	blob1.length = r4.out.new_val->buf->size;
+
+	secret2 = sess_decrypt_string(tctx, &blob1, &session_key);
+
+	torture_assert_str_equal(tctx, secret1, secret2, "Returned secret invalid");
+
+	return true;
+}
+
+struct secret_settings {
+	uint32_t bindoptions;
+	bool keyexchange;
+	bool ntlm2;
+	bool lm_key;
+};
+
+static bool test_secrets(struct torture_context *torture, const void *_data)
+{
+        struct dcerpc_pipe *p;
+	struct policy_handle *handle;
+	struct dcerpc_binding *binding;
+	const struct secret_settings *settings =
+		(const struct secret_settings *)_data;
+	NTSTATUS status;
+	struct dcerpc_binding_handle *b;
+	struct policy_handle sec_handle = {0};
+	bool ok;
+
+	lpcfg_set_cmdline(torture->lp_ctx, "ntlmssp client:keyexchange", settings->keyexchange?"True":"False");
+	lpcfg_set_cmdline(torture->lp_ctx, "ntlmssp_client:ntlm2", settings->ntlm2?"True":"False");
+	lpcfg_set_cmdline(torture->lp_ctx, "ntlmssp_client:lm_key", settings->lm_key?"True":"False");
+
+	torture_assert_ntstatus_ok(torture, torture_rpc_binding(torture, &binding),
+				   "Getting bindoptions");
+
+	status = dcerpc_binding_set_flags(binding, settings->bindoptions, 0);
+	torture_assert_ntstatus_ok(torture, status, "dcerpc_binding_set_flags");
+
+	status = dcerpc_pipe_connect_b(torture, &p, binding,
+				       &ndr_table_lsarpc,
+				       samba_cmdline_get_creds(),
+				       torture->ev,
+				       torture->lp_ctx);
+
+	torture_assert_ntstatus_ok(torture, status, "connect");
+	b = p->binding_handle;
+
+	if (!test_lsa_OpenPolicy2(b, torture, &handle)) {
+		talloc_free(p);
+		return false;
+	}
+
+	torture_assert(torture, handle, "OpenPolicy2 failed.  This test cannot run against this server");
+
+	ok = test_CreateSecret_basic(p, torture, handle, &sec_handle);
+
+	if (is_valid_policy_hnd(&sec_handle)) {
+		struct lsa_DeleteObject d;
+
+		d.in.handle = &sec_handle;
+		d.out.handle = &sec_handle;
+
+		status = dcerpc_lsa_DeleteObject_r(b, torture, &d);
+		if (!NT_STATUS_IS_OK(status) ||
+		    !NT_STATUS_IS_OK(d.out.result)) {
+			torture_warning(torture,
+					"Failed to delete secrets object");
+		}
+	}
+
+	talloc_free(p);
+	return ok;
+}
+
+static struct torture_tcase *add_test(struct torture_suite *suite, uint32_t bindoptions,
+				     bool keyexchange, bool ntlm2, bool lm_key)
+{
+	char *name = NULL;
+	struct secret_settings *settings;
+
+	settings = talloc_zero(suite, struct secret_settings);
+	settings->bindoptions = bindoptions;
+
+	if (bindoptions == DCERPC_PUSH_BIGENDIAN)
+		name = talloc_strdup(suite, "bigendian");
+	else if (bindoptions == DCERPC_SEAL)
+		name = talloc_strdup(suite, "seal");
+	else if (bindoptions == 0)
+		name = talloc_strdup(suite, "none");
+	else
+		name = talloc_strdup(suite, "unknown");
+
+	name = talloc_asprintf_append_buffer(name, " keyexchange:%s", keyexchange?"yes":"no");
+	settings->keyexchange = keyexchange;
+
+	name = talloc_asprintf_append_buffer(name, " ntlm2:%s", ntlm2?"yes":"no");
+	settings->ntlm2 = ntlm2;
+
+	name = talloc_asprintf_append_buffer(name, " lm_key:%s", lm_key?"yes":"no");
+	settings->lm_key = lm_key;
+
+	return torture_suite_add_simple_tcase_const(suite, name, test_secrets,
+			settings);
+}
+
+static const bool bool_vals[] = { true, false };
+
+/* TEST session key correctness by pushing and pulling secrets */
+struct torture_suite *torture_rpc_lsa_secrets(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "lsa.secrets");
+	int keyexchange, ntlm2, lm_key;
+
+	for (keyexchange = 0; keyexchange < ARRAY_SIZE(bool_vals); keyexchange++) {
+		for (ntlm2 = 0; ntlm2 < ARRAY_SIZE(bool_vals); ntlm2++) {
+			for (lm_key = 0; lm_key < ARRAY_SIZE(bool_vals); lm_key++) {
+				add_test(suite, DCERPC_PUSH_BIGENDIAN, bool_vals[keyexchange], bool_vals[ntlm2],
+					 bool_vals[lm_key]);
+				add_test(suite, DCERPC_SEAL, bool_vals[keyexchange], bool_vals[ntlm2], bool_vals[lm_key]);
+				add_test(suite, 0, bool_vals[keyexchange], bool_vals[ntlm2], bool_vals[lm_key]);
+			}
+		}
+	}
+
+	return suite;
+}
diff --git a/source4/torture/rpc/spoolss.c b/source4/torture/rpc/spoolss.c
new file mode 100644
index 0000000..05a0aef
--- /dev/null
+++ b/source4/torture/rpc/spoolss.c
@@ -0,0 +1,11705 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for spoolss rpc operations
+
+   Copyright (C) Tim Potter 2003
+   Copyright (C) Stefan Metzmacher 2005
+   Copyright (C) Jelmer Vernooij 2007
+   Copyright (C) Guenther Deschner 2009-2011,2013
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/torture.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "librpc/gen_ndr/ndr_spoolss.h"
+#include "librpc/gen_ndr/ndr_spoolss_c.h"
+#include "librpc/gen_ndr/ndr_winreg_c.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "libcli/security/security.h"
+#include "torture/rpc/torture_rpc.h"
+#include "param/param.h"
+#include "lib/registry/registry.h"
+#include "libcli/libcli.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/resolve/resolve.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "lib/cmdline/cmdline.h"
+#include "system/filesys.h"
+#include "torture/ndr/ndr.h"
+#include "torture/smb2/proto.h"
+
+#define TORTURE_WELLKNOWN_PRINTER	"torture_wkn_printer"
+#define TORTURE_PRINTER			"torture_printer"
+#define TORTURE_WELLKNOWN_PRINTER_EX	"torture_wkn_printer_ex"
+#define TORTURE_PRINTER_EX		"torture_printer_ex"
+#define TORTURE_DRIVER			"torture_driver"
+#define TORTURE_DRIVER_ADD		"torture_driver_add"
+#define TORTURE_DRIVER_EX		"torture_driver_ex"
+#define TORTURE_DRIVER_ADOBE		"torture_driver_adobe"
+#define TORTURE_DRIVER_EX_ADOBE		"torture_driver_ex_adobe"
+#define TORTURE_DRIVER_ADOBE_CUPSADDSMB	"torture_driver_adobe_cupsaddsmb"
+#define TORTURE_DRIVER_TIMESTAMPS	"torture_driver_timestamps"
+#define TORTURE_DRIVER_DELETER		"torture_driver_deleter"
+#define TORTURE_DRIVER_COPY_DIR		"torture_driver_copy_from_directory"
+#define TORTURE_DRIVER_DELETERIN	"torture_driver_deleterin"
+#define TORTURE_PRINTER_STATIC1		"print1"
+
+#define TOP_LEVEL_PRINT_KEY "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Print"
+#define TOP_LEVEL_PRINT_PRINTERS_KEY TOP_LEVEL_PRINT_KEY "\\Printers"
+#define TOP_LEVEL_CONTROL_KEY "SYSTEM\\CurrentControlSet\\Control\\Print"
+#define TOP_LEVEL_CONTROL_FORMS_KEY TOP_LEVEL_CONTROL_KEY "\\Forms"
+#define TOP_LEVEL_CONTROL_PRINTERS_KEY TOP_LEVEL_CONTROL_KEY "\\Printers"
+#define TOP_LEVEL_CONTROL_ENVIRONMENTS_KEY TOP_LEVEL_CONTROL_KEY "\\Environments"
+
+struct test_spoolss_context {
+	struct dcerpc_pipe *spoolss_pipe;
+
+	/* server environment */
+	const char *environment;
+
+	/* print server handle */
+	struct policy_handle server_handle;
+
+	/* for EnumPorts */
+	uint32_t port_count[3];
+	union spoolss_PortInfo *ports[3];
+
+	/* for EnumPrinterDrivers */
+	uint32_t driver_count[9];
+	union spoolss_DriverInfo *drivers[9];
+
+	/* for EnumMonitors */
+	uint32_t monitor_count[3];
+	union spoolss_MonitorInfo *monitors[3];
+
+	/* for EnumPrintProcessors */
+	uint32_t print_processor_count[2];
+	union spoolss_PrintProcessorInfo *print_processors[2];
+
+	/* for EnumPrinters */
+	uint32_t printer_count[6];
+	union spoolss_PrinterInfo *printers[6];
+};
+
+struct torture_driver_context {
+	struct {
+		const char *driver_directory;
+		const char *environment;
+	} local;
+	struct {
+		const char *driver_directory;
+		const char *driver_upload_directory;
+		const char *environment;
+	} remote;
+	struct spoolss_AddDriverInfo8 info8;
+	bool ex;
+};
+
+struct torture_printer_context {
+	struct dcerpc_pipe *spoolss_pipe;
+	struct spoolss_SetPrinterInfo2 info2;
+	struct torture_driver_context driver;
+	bool ex;
+	bool wellknown;
+	bool added_driver;
+	bool have_driver;
+	struct spoolss_DeviceMode *devmode;
+	struct policy_handle handle;
+};
+
+static bool upload_printer_driver(struct torture_context *tctx,
+				  const char *server_name,
+				  struct torture_driver_context *d);
+static bool remove_printer_driver(struct torture_context *tctx,
+				  const char *server_name,
+				  struct torture_driver_context *d);
+static bool fillup_printserver_info(struct torture_context *tctx,
+				    struct dcerpc_pipe *p,
+				    struct torture_driver_context *d);
+static bool test_AddPrinterDriver_args_level_3(struct torture_context *tctx,
+					       struct dcerpc_binding_handle *b,
+					       const char *server_name,
+					       struct spoolss_AddDriverInfo8 *r,
+					       uint32_t flags,
+					       bool ex,
+					       const char *remote_driver_dir);
+
+#define COMPARE_STRING(tctx, c,r,e) \
+	torture_assert_str_equal(tctx, c.e, r.e, "invalid value")
+
+/* not every compiler supports __typeof__() */
+#if (__GNUC__ >= 3)
+#define _CHECK_FIELD_SIZE(c,r,e,type) do {\
+	if (sizeof(__typeof__(c.e)) != sizeof(type)) { \
+		torture_fail(tctx, #c "." #e "field is not " #type "\n"); \
+	}\
+	if (sizeof(__typeof__(r.e)) != sizeof(type)) { \
+		torture_fail(tctx, #r "." #e "field is not " #type "\n"); \
+	}\
+} while(0)
+#else
+#define _CHECK_FIELD_SIZE(c,r,e,type) do {} while(0)
+#endif
+
+#define COMPARE_UINT32(tctx, c, r, e) do {\
+	_CHECK_FIELD_SIZE(c, r, e, uint32_t); \
+	torture_assert_int_equal(tctx, c.e, r.e, "invalid value"); \
+} while(0)
+
+#define COMPARE_UINT64(tctx, c, r, e) do {\
+	_CHECK_FIELD_SIZE(c, r, e, uint64_t); \
+	torture_assert_int_equal(tctx, c.e, r.e, "invalid value"); \
+} while(0)
+
+
+#define COMPARE_NTTIME(tctx, c, r, e) do {\
+	_CHECK_FIELD_SIZE(c, r, e, NTTIME); \
+	torture_assert_int_equal(tctx, c.e, r.e, "invalid value"); \
+} while(0)
+
+#define COMPARE_STRING_ARRAY(tctx, c,r,e) do {\
+	int __i; \
+	if (!c.e && !r.e) { \
+		break; \
+	} \
+	if (c.e && !r.e) { \
+		torture_fail(tctx, #r "." #e " field is NULL and " #c "." #e " is not\n"); \
+	} \
+	if (!c.e && r.e) { \
+		torture_fail(tctx, #c "." #e " field is NULL and " #r "." #e " is not\n"); \
+	} \
+	for (__i=0;c.e[__i] != NULL; __i++) { \
+		torture_assert_str_equal(tctx, c.e[__i], r.e[__i], "invalid value"); \
+	} \
+} while(0)
+
+#define CHECK_ALIGN(size, n) do {\
+	if (size % n) {\
+		torture_warning(tctx, "%d is *NOT* %d byte aligned, should be %d",\
+			size, n, size + n - (size % n));\
+	}\
+} while(0)
+
+#define DO_ROUND(size, n) (((size)+((n)-1)) & ~((n)-1))
+
+#define CHECK_NEEDED_SIZE_ENUM_LEVEL(fn, info, level, count, needed, align) do { \
+	if (torture_setting_bool(tctx, "spoolss_check_size", false)) {\
+	uint32_t size = ndr_size_##fn##_info(tctx, level, count, info);\
+	uint32_t round_size = DO_ROUND(size, align);\
+	if (round_size != needed) {\
+		torture_warning(tctx, __location__": "#fn" level %d (count: %d) got unexpected needed size: %d, we calculated: %d", level, count, needed, round_size);\
+		CHECK_ALIGN(size, align);\
+	}\
+	}\
+} while(0)
+
+#define CHECK_NEEDED_SIZE_ENUM(fn, info, count, needed, align) do { \
+	if (torture_setting_bool(tctx, "spoolss_check_size", false)) {\
+	uint32_t size = ndr_size_##fn##_info(tctx, count, info);\
+	uint32_t round_size = DO_ROUND(size, align);\
+	if (round_size != needed) {\
+		torture_warning(tctx, __location__": "#fn" (count: %d) got unexpected needed size: %d, we calculated: %d", count, needed, round_size);\
+		CHECK_ALIGN(size, align);\
+	}\
+	}\
+} while(0)
+
+#define CHECK_NEEDED_SIZE_LEVEL(fn, info, level, needed, align) do { \
+	if (torture_setting_bool(tctx, "spoolss_check_size", false)) {\
+	uint32_t size = ndr_size_##fn(info, level, 0);\
+	uint32_t round_size = DO_ROUND(size, align);\
+	if (round_size != needed) {\
+		torture_warning(tctx, __location__": "#fn" level %d got unexpected needed size: %d, we calculated: %d", level, needed, round_size);\
+		CHECK_ALIGN(size, align);\
+	}\
+	}\
+} while(0)
+
+static bool PrinterInfo_to_SetPrinterInfo(struct torture_context *tctx,
+					  const union spoolss_PrinterInfo *i,
+					  uint32_t level,
+					  union spoolss_SetPrinterInfo *s)
+{
+	switch (level) {
+	case 0:
+		s->info0			= talloc(tctx, struct spoolss_SetPrinterInfo0);
+		break;
+	case 2:
+		s->info2			= talloc(tctx, struct spoolss_SetPrinterInfo2);
+		s->info2->servername		= i->info2.servername;
+		s->info2->printername		= i->info2.printername;
+		s->info2->sharename		= i->info2.sharename;
+		s->info2->portname		= i->info2.portname;
+		s->info2->drivername		= i->info2.drivername;
+		s->info2->comment		= i->info2.comment;
+		s->info2->location		= i->info2.location;
+		s->info2->devmode_ptr		= 0;
+		s->info2->sepfile		= i->info2.sepfile;
+		s->info2->printprocessor	= i->info2.printprocessor;
+		s->info2->datatype		= i->info2.datatype;
+		s->info2->parameters		= i->info2.parameters;
+		s->info2->secdesc_ptr		= 0;
+		s->info2->attributes		= i->info2.attributes;
+		s->info2->priority		= i->info2.priority;
+		s->info2->defaultpriority	= i->info2.defaultpriority;
+		s->info2->starttime		= i->info2.starttime;
+		s->info2->untiltime		= i->info2.untiltime;
+		s->info2->status		= i->info2.status;
+		s->info2->cjobs			= i->info2.cjobs;
+		s->info2->averageppm		= i->info2.averageppm;
+		break;
+	case 3:
+	case 4:
+	case 5:
+	case 6:
+	case 7:
+	case 8:
+	case 9:
+	default:
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_OpenPrinter_server(struct torture_context *tctx,
+				    struct dcerpc_pipe *p,
+				    struct policy_handle *server_handle)
+{
+	NTSTATUS status;
+	struct spoolss_OpenPrinter op;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	op.in.printername	= talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	op.in.datatype		= NULL;
+	op.in.devmode_ctr.devmode= NULL;
+	op.in.access_mask	= SEC_FLAG_MAXIMUM_ALLOWED;
+	op.out.handle		= server_handle;
+
+	torture_comment(tctx, "Testing OpenPrinter(%s)\n", op.in.printername);
+
+	status = dcerpc_spoolss_OpenPrinter_r(b, tctx, &op);
+	torture_assert_ntstatus_ok(tctx, status, "dcerpc_spoolss_OpenPrinter failed");
+	torture_assert_werr_ok(tctx, op.out.result, "dcerpc_spoolss_OpenPrinter failed");
+
+	return true;
+}
+
+static bool test_EnumPorts(struct torture_context *tctx,
+			   void *private_data)
+{
+	struct test_spoolss_context *ctx =
+		talloc_get_type_abort(private_data, struct test_spoolss_context);
+	struct dcerpc_pipe *p = ctx->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	NTSTATUS status;
+	struct spoolss_EnumPorts r;
+	uint16_t levels[] = { 1, 2 };
+	int i, j;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		int level = levels[i];
+		DATA_BLOB blob;
+		uint32_t needed;
+		uint32_t count;
+		union spoolss_PortInfo *info;
+
+		r.in.servername = "";
+		r.in.level = level;
+		r.in.buffer = NULL;
+		r.in.offered = 0;
+		r.out.needed = &needed;
+		r.out.count = &count;
+		r.out.info = &info;
+
+		torture_comment(tctx, "Testing EnumPorts level %u\n", r.in.level);
+
+		status = dcerpc_spoolss_EnumPorts_r(b, ctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "dcerpc_spoolss_EnumPorts failed");
+		if (W_ERROR_IS_OK(r.out.result)) {
+			/* TODO: do some more checks here */
+			continue;
+		}
+		torture_assert_werr_equal(tctx, r.out.result, WERR_INSUFFICIENT_BUFFER,
+			"EnumPorts unexpected return code");
+
+		blob = data_blob_talloc_zero(ctx, needed);
+		r.in.buffer = &blob;
+		r.in.offered = needed;
+
+		status = dcerpc_spoolss_EnumPorts_r(b, ctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "dcerpc_spoolss_EnumPorts failed");
+
+		torture_assert_werr_ok(tctx, r.out.result, "EnumPorts failed");
+
+		torture_assert(tctx, info, "EnumPorts returned no info");
+
+		CHECK_NEEDED_SIZE_ENUM_LEVEL(spoolss_EnumPorts, info, r.in.level, count, needed, 4);
+
+		ctx->port_count[level]	= count;
+		ctx->ports[level]	= info;
+	}
+
+	for (i=1;i<ARRAY_SIZE(levels);i++) {
+		int level = levels[i];
+		int old_level = levels[i-1];
+		torture_assert_int_equal(tctx, ctx->port_count[level], ctx->port_count[old_level],
+			"EnumPorts invalid value");
+	}
+	/* if the array sizes are not the same we would maybe segfault in the following code */
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		int level = levels[i];
+		for (j=0;j<ctx->port_count[level];j++) {
+			union spoolss_PortInfo *cur = &ctx->ports[level][j];
+			union spoolss_PortInfo *ref = &ctx->ports[2][j];
+			switch (level) {
+			case 1:
+				COMPARE_STRING(tctx, cur->info1, ref->info2, port_name);
+				break;
+			case 2:
+				/* level 2 is our reference, and it makes no sense to compare it to itself */
+				break;
+			}
+		}
+	}
+
+	return true;
+}
+
+static bool test_GetPrintProcessorDirectory(struct torture_context *tctx,
+					    void *private_data)
+{
+	struct test_spoolss_context *ctx =
+		talloc_get_type_abort(private_data, struct test_spoolss_context);
+
+	NTSTATUS status;
+	struct dcerpc_pipe *p = ctx->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct spoolss_GetPrintProcessorDirectory r;
+	struct {
+		uint16_t level;
+		const char *server;
+	} levels[] = {{
+			.level	= 1,
+			.server	= NULL
+		},{
+			.level	= 1,
+			.server	= ""
+		},{
+			.level	= 78,
+			.server	= ""
+		},{
+			.level	= 1,
+			.server	= talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p))
+		},{
+			.level	= 1024,
+			.server	= talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p))
+		}
+	};
+	int i;
+	uint32_t needed;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		int level = levels[i].level;
+		DATA_BLOB blob;
+
+		r.in.server		= levels[i].server;
+		r.in.environment	= ctx->environment;
+		r.in.level		= level;
+		r.in.buffer		= NULL;
+		r.in.offered		= 0;
+		r.out.needed		= &needed;
+
+		torture_comment(tctx, "Testing GetPrintProcessorDirectory level %u\n", r.in.level);
+
+		status = dcerpc_spoolss_GetPrintProcessorDirectory_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status,
+			"dcerpc_spoolss_GetPrintProcessorDirectory failed");
+		torture_assert_werr_equal(tctx, r.out.result, WERR_INSUFFICIENT_BUFFER,
+			"GetPrintProcessorDirectory unexpected return code");
+
+		blob = data_blob_talloc_zero(tctx, needed);
+		r.in.buffer = &blob;
+		r.in.offered = needed;
+
+		status = dcerpc_spoolss_GetPrintProcessorDirectory_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "dcerpc_spoolss_GetPrintProcessorDirectory failed");
+
+		torture_assert_werr_ok(tctx, r.out.result, "GetPrintProcessorDirectory failed");
+
+		CHECK_NEEDED_SIZE_LEVEL(spoolss_PrintProcessorDirectoryInfo, r.out.info, r.in.level, needed, 2);
+	}
+
+	return true;
+}
+
+
+static bool test_GetPrinterDriverDirectory(struct torture_context *tctx,
+					   void *private_data)
+{
+	struct test_spoolss_context *ctx =
+		talloc_get_type_abort(private_data, struct test_spoolss_context);
+
+	NTSTATUS status;
+	struct dcerpc_pipe *p = ctx->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct spoolss_GetPrinterDriverDirectory r;
+	struct {
+		uint16_t level;
+		const char *server;
+	} levels[] = {{
+			.level	= 1,
+			.server	= NULL
+		},{
+			.level	= 1,
+			.server	= ""
+		},{
+			.level	= 78,
+			.server	= ""
+		},{
+			.level	= 1,
+			.server	= talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p))
+		},{
+			.level	= 1024,
+			.server	= talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p))
+		}
+	};
+	int i;
+	uint32_t needed;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		int level = levels[i].level;
+		DATA_BLOB blob;
+
+		r.in.server		= levels[i].server;
+		r.in.environment	= ctx->environment;
+		r.in.level		= level;
+		r.in.buffer		= NULL;
+		r.in.offered		= 0;
+		r.out.needed		= &needed;
+
+		torture_comment(tctx, "Testing GetPrinterDriverDirectory level %u\n", r.in.level);
+
+		status = dcerpc_spoolss_GetPrinterDriverDirectory_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status,
+			"dcerpc_spoolss_GetPrinterDriverDirectory failed");
+		torture_assert_werr_equal(tctx, r.out.result, WERR_INSUFFICIENT_BUFFER,
+			"GetPrinterDriverDirectory unexpected return code");
+
+		blob = data_blob_talloc_zero(tctx, needed);
+		r.in.buffer = &blob;
+		r.in.offered = needed;
+
+		status = dcerpc_spoolss_GetPrinterDriverDirectory_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "dcerpc_spoolss_GetPrinterDriverDirectory failed");
+
+		torture_assert_werr_ok(tctx, r.out.result, "GetPrinterDriverDirectory failed");
+
+		CHECK_NEEDED_SIZE_LEVEL(spoolss_DriverDirectoryInfo, r.out.info, r.in.level, needed, 2);
+	}
+
+	return true;
+}
+
+static bool test_EnumPrinterDrivers_buffers(struct torture_context *tctx,
+					    struct dcerpc_binding_handle *b,
+					    const char *server_name,
+					    const char *environment,
+					    uint32_t level,
+					    uint32_t offered,
+					    uint32_t *count_p,
+					    union spoolss_DriverInfo **info_p)
+{
+	struct spoolss_EnumPrinterDrivers r;
+	uint32_t needed;
+	uint32_t count;
+	union spoolss_DriverInfo *info;
+	DATA_BLOB buffer;
+
+	if (offered > 0) {
+		buffer = data_blob_talloc_zero(tctx, offered);
+	}
+
+	r.in.server		= server_name;
+	r.in.environment	= environment;
+	r.in.level		= level;
+	r.in.buffer		= offered ? &buffer : NULL;
+	r.in.offered		= offered;
+	r.out.needed		= &needed;
+	r.out.count		= &count;
+	r.out.info		= &info;
+
+	torture_comment(tctx, "Testing EnumPrinterDrivers(%s) level %u, offered: %u\n",
+		r.in.environment, r.in.level, r.in.offered);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_EnumPrinterDrivers_r(b, tctx, &r),
+		"EnumPrinterDrivers failed");
+	if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {
+		DATA_BLOB blob = data_blob_talloc_zero(tctx, needed);
+		r.in.buffer = &blob;
+		r.in.offered = needed;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_spoolss_EnumPrinterDrivers_r(b, tctx, &r),
+			"EnumPrinterDrivers failed");
+	}
+
+	torture_assert_werr_ok(tctx, r.out.result,
+		"EnumPrinterDrivers failed");
+
+	if (count_p) {
+		*count_p = count;
+	}
+	if (info_p) {
+		*info_p = info;
+	}
+
+	CHECK_NEEDED_SIZE_ENUM_LEVEL(spoolss_EnumPrinterDrivers, info, r.in.level, count, needed, 4);
+
+	return true;
+
+}
+
+
+static bool test_EnumPrinterDrivers_args(struct torture_context *tctx,
+					 struct dcerpc_binding_handle *b,
+					 const char *server_name,
+					 const char *environment,
+					 uint32_t level,
+					 uint32_t *count_p,
+					 union spoolss_DriverInfo **info_p)
+{
+	return test_EnumPrinterDrivers_buffers(tctx, b, server_name,
+					       environment, level, 0,
+					       count_p, info_p);
+}
+
+static bool test_EnumPrinterDrivers_findone(struct torture_context *tctx,
+					    struct dcerpc_binding_handle *b,
+					    const char *server_name,
+					    const char *environment,
+					    uint32_t level,
+					    const char *driver_name,
+					    union spoolss_DriverInfo *info_p)
+{
+	uint32_t count;
+	union spoolss_DriverInfo *info;
+	int i;
+	const char *environment_ret = NULL;
+
+	torture_assert(tctx,
+		test_EnumPrinterDrivers_args(tctx, b, server_name, environment, level, &count, &info),
+		"failed to enumerate printer drivers");
+
+	for (i=0; i < count; i++) {
+		const char *driver_name_ret = "";
+		switch (level) {
+		case 1:
+			driver_name_ret = info[i].info1.driver_name;
+			break;
+		case 2:
+			driver_name_ret = info[i].info2.driver_name;
+			environment_ret = info[i].info2.architecture;
+			break;
+		case 3:
+			driver_name_ret = info[i].info3.driver_name;
+			environment_ret = info[i].info3.architecture;
+			break;
+		case 4:
+			driver_name_ret = info[i].info4.driver_name;
+			environment_ret = info[i].info4.architecture;
+			break;
+		case 5:
+			driver_name_ret = info[i].info5.driver_name;
+			environment_ret = info[i].info5.architecture;
+			break;
+		case 6:
+			driver_name_ret = info[i].info6.driver_name;
+			environment_ret = info[i].info6.architecture;
+			break;
+		case 7:
+			driver_name_ret = info[i].info7.driver_name;
+			break;
+		case 8:
+			driver_name_ret = info[i].info8.driver_name;
+			environment_ret = info[i].info8.architecture;
+			break;
+		default:
+			break;
+		}
+		if (environment_ret) {
+			torture_assert_str_equal(tctx, environment, environment_ret, "architecture mismatch");
+		}
+		if (strequal(driver_name, driver_name_ret)) {
+			if (info_p) {
+				*info_p = info[i];
+			}
+			return true;
+		}
+	}
+
+	return false;
+}
+
+static bool test_EnumPrinterDrivers(struct torture_context *tctx,
+				    void *private_data)
+{
+	struct test_spoolss_context *ctx =
+		talloc_get_type_abort(private_data, struct test_spoolss_context);
+	struct dcerpc_pipe *p = ctx->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	uint16_t levels[] = { 1, 2, 3, 4, 5, 6, 8 };
+	uint16_t buffer_sizes[] = { 0, 1024, 6040, 0xffff };
+	int i, j, a;
+
+	/* FIXME: gd, come back and fix "" as server, and handle
+	 * priority of returned error codes in torture test and samba 3
+	 * server */
+	const char *server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	const char *environments[2];
+
+	environments[0] = SPOOLSS_ARCHITECTURE_ALL;
+	environments[1] = ctx->environment;
+
+	for (a=0;a<ARRAY_SIZE(environments);a++) {
+
+	for (i=0;i<ARRAY_SIZE(buffer_sizes);i++) {
+		torture_assert(tctx,
+			test_EnumPrinterDrivers_buffers(tctx, b, server_name,
+							environments[a], 3,
+							buffer_sizes[i],
+							NULL, NULL),
+			"failed to enumerate drivers");
+	}
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		int level = levels[i];
+		uint32_t count;
+		union spoolss_DriverInfo *info;
+
+		torture_assert(tctx,
+			test_EnumPrinterDrivers_args(tctx, b, server_name, environments[a], level, &count, &info),
+			"failed to enumerate drivers");
+
+		ctx->driver_count[level]	= count;
+		ctx->drivers[level]		= info;
+	}
+
+	for (i=1;i<ARRAY_SIZE(levels);i++) {
+		int level = levels[i];
+		int old_level = levels[i-1];
+
+		torture_assert_int_equal(tctx, ctx->driver_count[level], ctx->driver_count[old_level],
+			"EnumPrinterDrivers invalid value");
+	}
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		int level = levels[i];
+
+		for (j=0;j<ctx->driver_count[level - 1];j++) {
+			union spoolss_DriverInfo *cur = &ctx->drivers[level - 1][j];
+			union spoolss_DriverInfo *ref = &ctx->drivers[8][j];
+
+			switch (level) {
+			case 1:
+				COMPARE_STRING(tctx, cur->info1, ref->info8, driver_name);
+				break;
+			case 2:
+				COMPARE_UINT32(tctx, cur->info2, ref->info8, version);
+				COMPARE_STRING(tctx, cur->info2, ref->info8, driver_name);
+				COMPARE_STRING(tctx, cur->info2, ref->info8, architecture);
+				COMPARE_STRING(tctx, cur->info2, ref->info8, driver_path);
+				COMPARE_STRING(tctx, cur->info2, ref->info8, data_file);
+				COMPARE_STRING(tctx, cur->info2, ref->info8, config_file);
+				break;
+			case 3:
+				COMPARE_UINT32(tctx, cur->info3, ref->info8, version);
+				COMPARE_STRING(tctx, cur->info3, ref->info8, driver_name);
+				COMPARE_STRING(tctx, cur->info3, ref->info8, architecture);
+				COMPARE_STRING(tctx, cur->info3, ref->info8, driver_path);
+				COMPARE_STRING(tctx, cur->info3, ref->info8, data_file);
+				COMPARE_STRING(tctx, cur->info3, ref->info8, config_file);
+				COMPARE_STRING(tctx, cur->info3, ref->info8, help_file);
+				COMPARE_STRING_ARRAY(tctx, cur->info3, ref->info8, dependent_files);
+				COMPARE_STRING(tctx, cur->info3, ref->info8, monitor_name);
+				COMPARE_STRING(tctx, cur->info3, ref->info8, default_datatype);
+				break;
+			case 4:
+				COMPARE_UINT32(tctx, cur->info4, ref->info8, version);
+				COMPARE_STRING(tctx, cur->info4, ref->info8, driver_name);
+				COMPARE_STRING(tctx, cur->info4, ref->info8, architecture);
+				COMPARE_STRING(tctx, cur->info4, ref->info8, driver_path);
+				COMPARE_STRING(tctx, cur->info4, ref->info8, data_file);
+				COMPARE_STRING(tctx, cur->info4, ref->info8, config_file);
+				COMPARE_STRING(tctx, cur->info4, ref->info8, help_file);
+				COMPARE_STRING_ARRAY(tctx, cur->info4, ref->info8, dependent_files);
+				COMPARE_STRING(tctx, cur->info4, ref->info8, monitor_name);
+				COMPARE_STRING(tctx, cur->info4, ref->info8, default_datatype);
+				COMPARE_STRING_ARRAY(tctx, cur->info4, ref->info8, previous_names);
+				break;
+			case 5:
+				COMPARE_UINT32(tctx, cur->info5, ref->info8, version);
+				COMPARE_STRING(tctx, cur->info5, ref->info8, driver_name);
+				COMPARE_STRING(tctx, cur->info5, ref->info8, architecture);
+				COMPARE_STRING(tctx, cur->info5, ref->info8, driver_path);
+				COMPARE_STRING(tctx, cur->info5, ref->info8, data_file);
+				COMPARE_STRING(tctx, cur->info5, ref->info8, config_file);
+				/*COMPARE_UINT32(tctx, cur->info5, ref->info8, driver_attributes);*/
+				/*COMPARE_UINT32(tctx, cur->info5, ref->info8, config_version);*/
+				/*TODO: ! COMPARE_UINT32(tctx, cur->info5, ref->info8, driver_version); */
+				break;
+			case 6:
+				COMPARE_UINT32(tctx, cur->info6, ref->info8, version);
+				COMPARE_STRING(tctx, cur->info6, ref->info8, driver_name);
+				COMPARE_STRING(tctx, cur->info6, ref->info8, architecture);
+				COMPARE_STRING(tctx, cur->info6, ref->info8, driver_path);
+				COMPARE_STRING(tctx, cur->info6, ref->info8, data_file);
+				COMPARE_STRING(tctx, cur->info6, ref->info8, config_file);
+				COMPARE_STRING(tctx, cur->info6, ref->info8, help_file);
+				COMPARE_STRING_ARRAY(tctx, cur->info6, ref->info8, dependent_files);
+				COMPARE_STRING(tctx, cur->info6, ref->info8, monitor_name);
+				COMPARE_STRING(tctx, cur->info6, ref->info8, default_datatype);
+				COMPARE_STRING_ARRAY(tctx, cur->info6, ref->info8, previous_names);
+				COMPARE_NTTIME(tctx, cur->info6, ref->info8, driver_date);
+				COMPARE_UINT64(tctx, cur->info6, ref->info8, driver_version);
+				COMPARE_STRING(tctx, cur->info6, ref->info8, manufacturer_name);
+				COMPARE_STRING(tctx, cur->info6, ref->info8, manufacturer_url);
+				COMPARE_STRING(tctx, cur->info6, ref->info8, hardware_id);
+				COMPARE_STRING(tctx, cur->info6, ref->info8, provider);
+				break;
+			case 8:
+				/* level 8 is our reference, and it makes no sense to compare it to itself */
+				break;
+			}
+		}
+	}
+	}
+
+	return true;
+}
+
+static bool test_EnumMonitors(struct torture_context *tctx,
+			      void *private_data)
+{
+	struct test_spoolss_context *ctx =
+		talloc_get_type_abort(private_data, struct test_spoolss_context);
+	struct dcerpc_pipe *p = ctx->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	NTSTATUS status;
+	struct spoolss_EnumMonitors r;
+	uint16_t levels[] = { 1, 2 };
+	int i, j;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		int level = levels[i];
+		DATA_BLOB blob;
+		uint32_t needed;
+		uint32_t count;
+		union spoolss_MonitorInfo *info;
+
+		r.in.servername = "";
+		r.in.level = level;
+		r.in.buffer = NULL;
+		r.in.offered = 0;
+		r.out.needed = &needed;
+		r.out.count = &count;
+		r.out.info = &info;
+
+		torture_comment(tctx, "Testing EnumMonitors level %u\n", r.in.level);
+
+		status = dcerpc_spoolss_EnumMonitors_r(b, ctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "dcerpc_spoolss_EnumMonitors failed");
+		if (W_ERROR_IS_OK(r.out.result)) {
+			/* TODO: do some more checks here */
+			continue;
+		}
+		torture_assert_werr_equal(tctx, r.out.result, WERR_INSUFFICIENT_BUFFER,
+			"EnumMonitors failed");
+
+		blob = data_blob_talloc_zero(ctx, needed);
+		r.in.buffer = &blob;
+		r.in.offered = needed;
+
+		status = dcerpc_spoolss_EnumMonitors_r(b, ctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "dcerpc_spoolss_EnumMonitors failed");
+
+		torture_assert_werr_ok(tctx, r.out.result, "EnumMonitors failed");
+
+		CHECK_NEEDED_SIZE_ENUM_LEVEL(spoolss_EnumMonitors, info, r.in.level, count, needed, 4);
+
+		ctx->monitor_count[level]	= count;
+		ctx->monitors[level]		= info;
+	}
+
+	for (i=1;i<ARRAY_SIZE(levels);i++) {
+		int level = levels[i];
+		int old_level = levels[i-1];
+		torture_assert_int_equal(tctx, ctx->monitor_count[level], ctx->monitor_count[old_level],
+					 "EnumMonitors invalid value");
+	}
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		int level = levels[i];
+		for (j=0;j<ctx->monitor_count[level];j++) {
+			union spoolss_MonitorInfo *cur = &ctx->monitors[level][j];
+			union spoolss_MonitorInfo *ref = &ctx->monitors[2][j];
+			switch (level) {
+			case 1:
+				COMPARE_STRING(tctx, cur->info1, ref->info2, monitor_name);
+				break;
+			case 2:
+				torture_assert_str_equal(tctx, ref->info2.environment, ctx->environment, "invalid environment");
+				/* level 2 is our reference, and it makes no sense to compare it to itself */
+				break;
+			}
+		}
+	}
+
+	return true;
+}
+
+static bool test_EnumPrintProcessors_level(struct torture_context *tctx,
+					   struct dcerpc_binding_handle *b,
+					   const char *environment,
+					   uint32_t level,
+					   uint32_t *count_p,
+					   union spoolss_PrintProcessorInfo **info_p,
+					   WERROR expected_result)
+{
+	struct spoolss_EnumPrintProcessors r;
+	DATA_BLOB blob;
+	uint32_t needed;
+	uint32_t count;
+	union spoolss_PrintProcessorInfo *info;
+
+	r.in.servername = "";
+	r.in.environment = environment;
+	r.in.level = level;
+	r.in.buffer = NULL;
+	r.in.offered = 0;
+	r.out.needed = &needed;
+	r.out.count = &count;
+	r.out.info = &info;
+
+	torture_comment(tctx, "Testing EnumPrintProcessors(%s) level %u\n",
+		r.in.environment, r.in.level);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_EnumPrintProcessors_r(b, tctx, &r),
+		"EnumPrintProcessors failed");
+	if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {
+		blob = data_blob_talloc_zero(tctx, needed);
+		r.in.buffer = &blob;
+		r.in.offered = needed;
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_spoolss_EnumPrintProcessors_r(b, tctx, &r),
+			"EnumPrintProcessors failed");
+	}
+	torture_assert_werr_equal(tctx, r.out.result, expected_result,
+		"EnumPrintProcessors failed");
+
+	CHECK_NEEDED_SIZE_ENUM_LEVEL(spoolss_EnumPrintProcessors, info, level, count, needed, 4);
+
+	if (count_p) {
+		*count_p = count;
+	}
+	if (info_p) {
+		*info_p = info;
+	}
+
+	return true;
+}
+
+static bool test_EnumPrintProcessors(struct torture_context *tctx,
+				     void *private_data)
+{
+	struct test_spoolss_context *ctx =
+		talloc_get_type_abort(private_data, struct test_spoolss_context);
+
+	uint16_t levels[] = {0, 1, 2, 3, 32, 256 };
+	uint16_t     ok[] = {0, 1, 0, 0, 0, 0 };
+	int i;
+	struct dcerpc_pipe *p = ctx->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	torture_assert(tctx,
+		test_EnumPrintProcessors_level(tctx, b, "phantasy", 1, NULL, NULL, WERR_INVALID_ENVIRONMENT),
+		"test_EnumPrintProcessors_level failed");
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		union spoolss_PrintProcessorInfo *info;
+		uint32_t count;
+		WERROR expected_result = ok[i] ? WERR_OK : WERR_INVALID_LEVEL;
+
+		torture_assert(tctx,
+			test_EnumPrintProcessors_level(tctx, b, ctx->environment, levels[i], &count, &info, expected_result),
+			"test_EnumPrintProcessors_level failed");
+	}
+
+	return true;
+}
+
+static bool test_EnumPrintProcessorDataTypes_level(struct torture_context *tctx,
+						   struct dcerpc_binding_handle *b,
+						   const char *print_processor_name,
+						   uint32_t level,
+						   uint32_t *count_p,
+						   union spoolss_PrintProcDataTypesInfo **info_p,
+						   WERROR expected_result)
+{
+	struct spoolss_EnumPrintProcessorDataTypes r;
+	DATA_BLOB blob;
+	uint32_t needed;
+	uint32_t count;
+	union spoolss_PrintProcDataTypesInfo *info;
+
+	r.in.servername = "";
+	r.in.print_processor_name = print_processor_name;
+	r.in.level = level;
+	r.in.buffer = NULL;
+	r.in.offered = 0;
+	r.out.needed = &needed;
+	r.out.count = &count;
+	r.out.info = &info;
+
+	torture_comment(tctx, "Testing EnumPrintProcessorDataTypes(%s) level %u\n",
+		r.in.print_processor_name, r.in.level);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_EnumPrintProcessorDataTypes_r(b, tctx, &r),
+		"EnumPrintProcessorDataTypes failed");
+	if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {
+		blob = data_blob_talloc_zero(tctx, needed);
+		r.in.buffer = &blob;
+		r.in.offered = needed;
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_spoolss_EnumPrintProcessorDataTypes_r(b, tctx, &r),
+			"EnumPrintProcessorDataTypes failed");
+	}
+	torture_assert_werr_equal(tctx, r.out.result, expected_result,
+		"EnumPrintProcessorDataTypes failed");
+
+	CHECK_NEEDED_SIZE_ENUM_LEVEL(spoolss_EnumPrintProcessorDataTypes, info, level, count, needed, 4);
+
+	if (count_p) {
+		*count_p = count;
+	}
+	if (info_p) {
+		*info_p = info;
+	}
+
+	return true;
+}
+
+static bool test_EnumPrintProcessorDataTypes(struct torture_context *tctx,
+					     void *private_data)
+{
+	struct test_spoolss_context *ctx =
+		talloc_get_type_abort(private_data, struct test_spoolss_context);
+
+	uint16_t levels[] = {0, 1, 2, 3, 32, 256 };
+	uint16_t     ok[] = {0, 1, 0, 0, 0, 0 };
+	int i;
+	struct dcerpc_pipe *p = ctx->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	torture_assert(tctx,
+		test_EnumPrintProcessorDataTypes_level(tctx, b, NULL, 1, NULL, NULL, WERR_UNKNOWN_PRINTPROCESSOR),
+		"test_EnumPrintProcessorDataTypes_level failed");
+
+	torture_assert(tctx,
+		test_EnumPrintProcessorDataTypes_level(tctx, b, "nonexisting", 1, NULL, NULL, WERR_UNKNOWN_PRINTPROCESSOR),
+		"test_EnumPrintProcessorDataTypes_level failed");
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		int level = levels[i];
+		uint32_t count;
+		union spoolss_PrintProcDataTypesInfo *info;
+		WERROR expected_result = ok[i] ? WERR_OK : WERR_INVALID_LEVEL;
+
+		torture_assert(tctx,
+			test_EnumPrintProcessorDataTypes_level(tctx, b, "winprint", level, &count, &info, expected_result),
+			"test_EnumPrintProcessorDataTypes_level failed");
+	}
+
+	{
+		union spoolss_PrintProcessorInfo *info;
+		uint32_t count;
+
+		torture_assert(tctx,
+			test_EnumPrintProcessors_level(tctx, b, ctx->environment, 1, &count, &info, WERR_OK),
+			"test_EnumPrintProcessors_level failed");
+
+		for (i=0; i < count; i++) {
+			torture_assert(tctx,
+				test_EnumPrintProcessorDataTypes_level(tctx, b, info[i].info1.print_processor_name, 1, NULL, NULL, WERR_OK),
+				"test_EnumPrintProcessorDataTypes_level failed");
+		}
+	}
+
+
+	return true;
+}
+
+static bool test_EnumPrinters(struct torture_context *tctx,
+			      void *private_data)
+{
+	struct test_spoolss_context *ctx =
+		talloc_get_type_abort(private_data, struct test_spoolss_context);
+	struct dcerpc_pipe *p = ctx->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct spoolss_EnumPrinters r;
+	NTSTATUS status;
+	uint16_t levels[] = { 0, 1, 2, 4, 5 };
+	int i, j;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		int level = levels[i];
+		DATA_BLOB blob;
+		uint32_t needed;
+		uint32_t count;
+		union spoolss_PrinterInfo *info;
+
+		r.in.flags	= PRINTER_ENUM_LOCAL;
+		r.in.server	= "";
+		r.in.level	= level;
+		r.in.buffer	= NULL;
+		r.in.offered	= 0;
+		r.out.needed	= &needed;
+		r.out.count	= &count;
+		r.out.info	= &info;
+
+		torture_comment(tctx, "Testing EnumPrinters level %u\n", r.in.level);
+
+		status = dcerpc_spoolss_EnumPrinters_r(b, ctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "dcerpc_spoolss_EnumPrinters failed");
+		if (W_ERROR_IS_OK(r.out.result)) {
+			/* TODO: do some more checks here */
+			continue;
+		}
+		torture_assert_werr_equal(tctx, r.out.result, WERR_INSUFFICIENT_BUFFER,
+			"EnumPrinters unexpected return code");
+
+		blob = data_blob_talloc_zero(ctx, needed);
+		r.in.buffer = &blob;
+		r.in.offered = needed;
+
+		status = dcerpc_spoolss_EnumPrinters_r(b, ctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "dcerpc_spoolss_EnumPrinters failed");
+
+		torture_assert_werr_ok(tctx, r.out.result, "EnumPrinters failed");
+
+		CHECK_NEEDED_SIZE_ENUM_LEVEL(spoolss_EnumPrinters, info, r.in.level, count, needed, 4);
+
+		ctx->printer_count[level]	= count;
+		ctx->printers[level]		= info;
+	}
+
+	for (i=1;i<ARRAY_SIZE(levels);i++) {
+		int level = levels[i];
+		int old_level = levels[i-1];
+		torture_assert_int_equal(tctx, ctx->printer_count[level], ctx->printer_count[old_level],
+					 "EnumPrinters invalid value");
+	}
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		int level = levels[i];
+		for (j=0;j<ctx->printer_count[level];j++) {
+			union spoolss_PrinterInfo *cur = &ctx->printers[level][j];
+			union spoolss_PrinterInfo *ref = &ctx->printers[2][j];
+			switch (level) {
+			case 0:
+				COMPARE_STRING(tctx, cur->info0, ref->info2, printername);
+				COMPARE_STRING(tctx, cur->info0, ref->info2, servername);
+				COMPARE_UINT32(tctx, cur->info0, ref->info2, cjobs);
+				/*COMPARE_UINT32(tctx, cur->info0, ref->info2, total_jobs);
+				COMPARE_UINT32(tctx, cur->info0, ref->info2, total_bytes);
+				COMPARE_SPOOLSS_TIME(cur->info0, ref->info2, spoolss_Time time);
+				COMPARE_UINT32(tctx, cur->info0, ref->info2, global_counter);
+				COMPARE_UINT32(tctx, cur->info0, ref->info2, total_pages);
+				COMPARE_UINT32(tctx, cur->info0, ref->info2, version);
+				COMPARE_UINT32(tctx, cur->info0, ref->info2, unknown10);
+				COMPARE_UINT32(tctx, cur->info0, ref->info2, unknown11);
+				COMPARE_UINT32(tctx, cur->info0, ref->info2, unknown12);
+				COMPARE_UINT32(tctx, cur->info0, ref->info2, session_counter);
+				COMPARE_UINT32(tctx, cur->info0, ref->info2, unknown14);
+				COMPARE_UINT32(tctx, cur->info0, ref->info2, printer_errors);
+				COMPARE_UINT32(tctx, cur->info0, ref->info2, unknown16);
+				COMPARE_UINT32(tctx, cur->info0, ref->info2, unknown17);
+				COMPARE_UINT32(tctx, cur->info0, ref->info2, unknown18);
+				COMPARE_UINT32(tctx, cur->info0, ref->info2, unknown19);
+				COMPARE_UINT32(tctx, cur->info0, ref->info2, change_id);
+				COMPARE_UINT32(tctx, cur->info0, ref->info2, unknown21);*/
+				COMPARE_UINT32(tctx, cur->info0, ref->info2, status);
+				/*COMPARE_UINT32(tctx, cur->info0, ref->info2, unknown23);
+				COMPARE_UINT32(tctx, cur->info0, ref->info2, c_setprinter);
+				COMPARE_UINT16(cur->info0, ref->info2, unknown25);
+				COMPARE_UINT16(cur->info0, ref->info2, unknown26);
+				COMPARE_UINT32(tctx, cur->info0, ref->info2, unknown27);
+				COMPARE_UINT32(tctx, cur->info0, ref->info2, unknown28);
+				COMPARE_UINT32(tctx, cur->info0, ref->info2, unknown29);*/
+				break;
+			case 1:
+				/*COMPARE_UINT32(tctx, cur->info1, ref->info2, flags);*/
+				/*COMPARE_STRING(tctx, cur->info1, ref->info2, name);*/
+				/*COMPARE_STRING(tctx, cur->info1, ref->info2, description);*/
+				COMPARE_STRING(tctx, cur->info1, ref->info2, comment);
+				break;
+			case 2:
+				/* level 2 is our reference, and it makes no sense to compare it to itself */
+				break;
+			case 4:
+				COMPARE_STRING(tctx, cur->info4, ref->info2, printername);
+				COMPARE_STRING(tctx, cur->info4, ref->info2, servername);
+				COMPARE_UINT32(tctx, cur->info4, ref->info2, attributes);
+				break;
+			case 5:
+				COMPARE_STRING(tctx, cur->info5, ref->info2, printername);
+				COMPARE_STRING(tctx, cur->info5, ref->info2, portname);
+				COMPARE_UINT32(tctx, cur->info5, ref->info2, attributes);
+				/*COMPARE_UINT32(tctx, cur->info5, ref->info2, device_not_selected_timeout);
+				COMPARE_UINT32(tctx, cur->info5, ref->info2, transmission_retry_timeout);*/
+				break;
+			}
+		}
+	}
+
+	/* TODO:
+	 * 	- verify that the port of a printer was in the list returned by EnumPorts
+	 */
+
+	return true;
+}
+
+static bool test_GetPrinterDriver2(struct torture_context *tctx,
+				   struct dcerpc_binding_handle *b,
+				   struct policy_handle *handle,
+				   const char *driver_name,
+				   const char *environment);
+
+bool test_GetPrinter_level_exp(struct torture_context *tctx,
+			       struct dcerpc_binding_handle *b,
+			       struct policy_handle *handle,
+			       uint32_t level,
+			       WERROR expected_werror,
+			       union spoolss_PrinterInfo *info)
+{
+	struct spoolss_GetPrinter r;
+	uint32_t needed;
+
+	r.in.handle = handle;
+	r.in.level = level;
+	r.in.buffer = NULL;
+	r.in.offered = 0;
+	r.out.needed = &needed;
+
+	torture_comment(tctx, "Testing GetPrinter level %u\n", r.in.level);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_spoolss_GetPrinter_r(b, tctx, &r),
+		"GetPrinter failed");
+
+	if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {
+		DATA_BLOB blob = data_blob_talloc_zero(tctx, needed);
+		r.in.buffer = &blob;
+		r.in.offered = needed;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_spoolss_GetPrinter_r(b, tctx, &r),
+			"GetPrinter failed");
+	}
+
+	torture_assert_werr_equal(tctx,
+		r.out.result, expected_werror,
+		"GetPrinter failed");
+
+	CHECK_NEEDED_SIZE_LEVEL(spoolss_PrinterInfo, r.out.info, r.in.level, needed, 4);
+
+	if (info && r.out.info) {
+		*info = *r.out.info;
+	}
+
+	return true;
+}
+
+bool test_GetPrinter_level(struct torture_context *tctx,
+			   struct dcerpc_binding_handle *b,
+			   struct policy_handle *handle,
+			   uint32_t level,
+			   union spoolss_PrinterInfo *info)
+{
+	return test_GetPrinter_level_exp(tctx, b, handle, level, WERR_OK, info);
+}
+
+static bool test_GetPrinter(struct torture_context *tctx,
+			    struct dcerpc_binding_handle *b,
+			    struct policy_handle *handle,
+			    const char *environment)
+{
+	uint32_t levels[] = {0, 1, 2, 3, 4, 5, 6, 7, 8};
+	int i;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+
+		union spoolss_PrinterInfo info;
+
+		ZERO_STRUCT(info);
+
+		torture_assert(tctx, test_GetPrinter_level(tctx, b, handle, levels[i], &info),
+			"failed to call GetPrinter");
+
+		if ((levels[i] == 2) && info.info2.drivername && strlen(info.info2.drivername)) {
+			torture_assert(tctx,
+				test_GetPrinterDriver2(tctx, b, handle, info.info2.drivername, environment),
+				"failed to call test_GetPrinterDriver2");
+		}
+	}
+
+	return true;
+}
+
+static bool test_SetPrinter(struct torture_context *tctx,
+			    struct dcerpc_binding_handle *b,
+			    struct policy_handle *handle,
+			    struct spoolss_SetPrinterInfoCtr *info_ctr,
+			    struct spoolss_DevmodeContainer *devmode_ctr,
+			    struct sec_desc_buf *secdesc_ctr,
+			    enum spoolss_PrinterControl command)
+{
+	struct spoolss_SetPrinter r;
+
+	r.in.handle = handle;
+	r.in.info_ctr = info_ctr;
+	r.in.devmode_ctr = devmode_ctr;
+	r.in.secdesc_ctr = secdesc_ctr;
+	r.in.command = command;
+
+	torture_comment(tctx, "Testing SetPrinter level %d\n", r.in.info_ctr->level);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_spoolss_SetPrinter_r(b, tctx, &r),
+		"failed to call SetPrinter");
+	torture_assert(tctx, (W_ERROR_EQUAL(r.out.result, WERR_OK)
+			   || W_ERROR_EQUAL(r.out.result, WERR_IO_PENDING)),
+		       "SetPrinter failed");
+
+	return true;
+}
+
+static bool test_SetPrinter_errors(struct torture_context *tctx,
+				   struct dcerpc_binding_handle *b,
+				   struct policy_handle *handle)
+{
+	struct spoolss_SetPrinter r;
+	uint16_t levels[] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9};
+	int i;
+
+	struct spoolss_SetPrinterInfoCtr info_ctr;
+	struct spoolss_DevmodeContainer devmode_ctr;
+	struct sec_desc_buf secdesc_ctr;
+
+	info_ctr.level = 0;
+	info_ctr.info.info0 = NULL;
+
+	ZERO_STRUCT(devmode_ctr);
+	ZERO_STRUCT(secdesc_ctr);
+
+	r.in.handle = handle;
+	r.in.info_ctr = &info_ctr;
+	r.in.devmode_ctr = &devmode_ctr;
+	r.in.secdesc_ctr = &secdesc_ctr;
+	r.in.command = 0;
+
+	torture_comment(tctx, "Testing SetPrinter all zero\n");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_spoolss_SetPrinter_r(b, tctx, &r),
+		"failed to call SetPrinter");
+	torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_PARAMETER,
+		"failed to call SetPrinter");
+
+ again:
+	for (i=0; i < ARRAY_SIZE(levels); i++) {
+
+		struct spoolss_SetPrinterInfo0 info0;
+		struct spoolss_SetPrinterInfo1 info1;
+		struct spoolss_SetPrinterInfo2 info2;
+		struct spoolss_SetPrinterInfo3 info3;
+		struct spoolss_SetPrinterInfo4 info4;
+		struct spoolss_SetPrinterInfo5 info5;
+		struct spoolss_SetPrinterInfo6 info6;
+		struct spoolss_SetPrinterInfo7 info7;
+		struct spoolss_SetPrinterInfo8 info8;
+		struct spoolss_SetPrinterInfo9 info9;
+
+
+		info_ctr.level = levels[i];
+		switch (levels[i]) {
+		case 0:
+			ZERO_STRUCT(info0);
+			info_ctr.info.info0 = &info0;
+			break;
+		case 1:
+			ZERO_STRUCT(info1);
+			info_ctr.info.info1 = &info1;
+			break;
+		case 2:
+			ZERO_STRUCT(info2);
+			info_ctr.info.info2 = &info2;
+			break;
+		case 3:
+			ZERO_STRUCT(info3);
+			info_ctr.info.info3 = &info3;
+			break;
+		case 4:
+			ZERO_STRUCT(info4);
+			info_ctr.info.info4 = &info4;
+			break;
+		case 5:
+			ZERO_STRUCT(info5);
+			info_ctr.info.info5 = &info5;
+			break;
+		case 6:
+			ZERO_STRUCT(info6);
+			info_ctr.info.info6 = &info6;
+			break;
+		case 7:
+			ZERO_STRUCT(info7);
+			info_ctr.info.info7 = &info7;
+			break;
+		case 8:
+			ZERO_STRUCT(info8);
+			info_ctr.info.info8 = &info8;
+			break;
+		case 9:
+			ZERO_STRUCT(info9);
+			info_ctr.info.info9 = &info9;
+			break;
+		}
+
+		torture_comment(tctx, "Testing SetPrinter level %d, command %d\n",
+			info_ctr.level, r.in.command);
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_spoolss_SetPrinter_r(b, tctx, &r),
+			"failed to call SetPrinter");
+
+		switch (r.in.command) {
+		case SPOOLSS_PRINTER_CONTROL_UNPAUSE: /* 0 */
+			/* is ignored for all levels other then 0 */
+			if (info_ctr.level > 0) {
+				/* ignored then */
+				break;
+			}
+
+			FALL_THROUGH;
+		case SPOOLSS_PRINTER_CONTROL_PAUSE: /* 1 */
+		case SPOOLSS_PRINTER_CONTROL_RESUME: /* 2 */
+		case SPOOLSS_PRINTER_CONTROL_PURGE: /* 3 */
+			if (info_ctr.level > 0) {
+				/* is invalid for all levels other then 0 */
+				torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_PRINTER_COMMAND,
+					"unexpected error code returned");
+				continue;
+			} else {
+				torture_assert_werr_ok(tctx, r.out.result,
+					"failed to call SetPrinter with non 0 command");
+				continue;
+			}
+			break;
+
+		case SPOOLSS_PRINTER_CONTROL_SET_STATUS: /* 4 */
+			/* FIXME: gd needs further investigation */
+		default:
+			torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_PRINTER_COMMAND,
+				"unexpected error code returned");
+			continue;
+		}
+
+		switch (info_ctr.level) {
+		case 1:
+			torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_LEVEL,
+				"unexpected error code returned");
+			break;
+		case 2:
+			torture_assert_werr_equal(tctx, r.out.result, WERR_UNKNOWN_PRINTER_DRIVER,
+				"unexpected error code returned");
+			break;
+		case 3:
+		case 4:
+		case 5:
+		case 7:
+			torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_PARAMETER,
+				"unexpected error code returned");
+			break;
+		case 9:
+			torture_assert_werr_equal(tctx, r.out.result, WERR_NOT_SUPPORTED,
+				"unexpected error code returned");
+			break;
+		default:
+			torture_assert_werr_ok(tctx, r.out.result,
+				"failed to call SetPrinter");
+			break;
+		}
+	}
+
+	if (r.in.command < 5) {
+		r.in.command++;
+		goto again;
+	}
+
+	return true;
+}
+
+static void clear_info2(struct spoolss_SetPrinterInfoCtr *r)
+{
+	if ((r->level == 2) && (r->info.info2)) {
+		r->info.info2->secdesc_ptr = 0;
+		r->info.info2->devmode_ptr = 0;
+	}
+}
+
+static bool test_PrinterInfo(struct torture_context *tctx,
+			     struct dcerpc_binding_handle *b,
+			     struct policy_handle *handle)
+{
+	NTSTATUS status;
+	struct spoolss_SetPrinter s;
+	struct spoolss_GetPrinter q;
+	struct spoolss_GetPrinter q0;
+	struct spoolss_SetPrinterInfoCtr info_ctr;
+	union spoolss_PrinterInfo info;
+	struct spoolss_DevmodeContainer devmode_ctr;
+	struct sec_desc_buf secdesc_ctr;
+	uint32_t needed = 0;
+	DATA_BLOB blob = data_blob_null;
+	bool ret = true;
+	int i;
+
+	uint32_t status_list[] = {
+		/* these do not stick
+		PRINTER_STATUS_PAUSED,
+		PRINTER_STATUS_ERROR,
+		PRINTER_STATUS_PENDING_DELETION, */
+		PRINTER_STATUS_PAPER_JAM,
+		PRINTER_STATUS_PAPER_OUT,
+		PRINTER_STATUS_MANUAL_FEED,
+		PRINTER_STATUS_PAPER_PROBLEM,
+		PRINTER_STATUS_OFFLINE,
+		PRINTER_STATUS_IO_ACTIVE,
+		PRINTER_STATUS_BUSY,
+		PRINTER_STATUS_PRINTING,
+		PRINTER_STATUS_OUTPUT_BIN_FULL,
+		PRINTER_STATUS_NOT_AVAILABLE,
+		PRINTER_STATUS_WAITING,
+		PRINTER_STATUS_PROCESSING,
+		PRINTER_STATUS_INITIALIZING,
+		PRINTER_STATUS_WARMING_UP,
+		PRINTER_STATUS_TONER_LOW,
+		PRINTER_STATUS_NO_TONER,
+		PRINTER_STATUS_PAGE_PUNT,
+		PRINTER_STATUS_USER_INTERVENTION,
+		PRINTER_STATUS_OUT_OF_MEMORY,
+		PRINTER_STATUS_DOOR_OPEN,
+		PRINTER_STATUS_SERVER_UNKNOWN,
+		PRINTER_STATUS_POWER_SAVE,
+		/* these do not stick
+		0x02000000,
+		0x04000000,
+		0x08000000,
+		0x10000000,
+		0x20000000,
+		0x40000000,
+		0x80000000 */
+	};
+	uint32_t default_attribute = PRINTER_ATTRIBUTE_LOCAL;
+	uint32_t attribute_list[] = {
+		PRINTER_ATTRIBUTE_QUEUED,
+		/* fails with WERR_INVALID_DATATYPE:
+		PRINTER_ATTRIBUTE_DIRECT, */
+		/* does not stick
+		PRINTER_ATTRIBUTE_DEFAULT, */
+		PRINTER_ATTRIBUTE_SHARED,
+		/* does not stick
+		PRINTER_ATTRIBUTE_NETWORK, */
+		PRINTER_ATTRIBUTE_HIDDEN,
+		PRINTER_ATTRIBUTE_LOCAL,
+		PRINTER_ATTRIBUTE_ENABLE_DEVQ,
+		PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS,
+		PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST,
+		PRINTER_ATTRIBUTE_WORK_OFFLINE,
+		/* does not stick
+		PRINTER_ATTRIBUTE_ENABLE_BIDI, */
+		/* fails with WERR_INVALID_DATATYPE:
+		PRINTER_ATTRIBUTE_RAW_ONLY, */
+		/* these do not stick
+		PRINTER_ATTRIBUTE_PUBLISHED,
+		PRINTER_ATTRIBUTE_FAX,
+		PRINTER_ATTRIBUTE_TS,
+		0x00010000,
+		0x00020000,
+		0x00040000,
+		0x00080000,
+		0x00100000,
+		0x00200000,
+		0x00400000,
+		0x00800000,
+		0x01000000,
+		0x02000000,
+		0x04000000,
+		0x08000000,
+		0x10000000,
+		0x20000000,
+		0x40000000,
+		0x80000000 */
+	};
+
+	torture_skip(tctx, "Printer Info test is currently broken, skipping");
+
+
+	ZERO_STRUCT(devmode_ctr);
+	ZERO_STRUCT(secdesc_ctr);
+
+	s.in.handle = handle;
+	s.in.command = 0;
+	s.in.info_ctr = &info_ctr;
+	s.in.devmode_ctr = &devmode_ctr;
+	s.in.secdesc_ctr = &secdesc_ctr;
+
+	q.in.handle = handle;
+	q.out.info = &info;
+	q0 = q;
+
+#define TESTGETCALL(call, r, needed, blob) \
+		r.in.buffer = NULL; \
+		r.in.offered = 0;\
+		r.out.needed = &needed; \
+		status = dcerpc_spoolss_ ##call## _r(b, tctx, &r); \
+		if (!NT_STATUS_IS_OK(status)) { \
+			torture_comment(tctx, #call " level %u failed - %s (%s)\n", \
+			       r.in.level, nt_errstr(status), __location__); \
+			ret = false; \
+			break; \
+		}\
+		if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {\
+			blob = data_blob_talloc_zero(tctx, needed); \
+			r.in.buffer = &blob; \
+			r.in.offered = needed; \
+		}\
+		status = dcerpc_spoolss_ ##call## _r(b, tctx, &r); \
+		if (!NT_STATUS_IS_OK(status)) { \
+			torture_comment(tctx, #call " level %u failed - %s (%s)\n", \
+			       r.in.level, nt_errstr(status), __location__); \
+			ret = false; \
+			break; \
+		} \
+		if (!W_ERROR_IS_OK(r.out.result)) { \
+			torture_comment(tctx, #call " level %u failed - %s (%s)\n", \
+			       r.in.level, win_errstr(r.out.result), __location__); \
+			ret = false; \
+			break; \
+		}
+
+
+#define TESTSETCALL_EXP(call, r, err) \
+		clear_info2(&info_ctr);\
+		status = dcerpc_spoolss_ ##call## _r(b, tctx, &r); \
+		if (!NT_STATUS_IS_OK(status)) { \
+			torture_comment(tctx, #call " level %u failed - %s (%s)\n", \
+			       r.in.info_ctr->level, nt_errstr(status), __location__); \
+			ret = false; \
+			break; \
+		} \
+		if (!W_ERROR_IS_OK(err)) { \
+			if (!W_ERROR_EQUAL(err, r.out.result)) { \
+				torture_comment(tctx, #call " level %u failed - %s, expected %s (%s)\n", \
+				       r.in.info_ctr->level, win_errstr(r.out.result), win_errstr(err), __location__); \
+				ret = false; \
+			} \
+			break; \
+		} \
+		if (!W_ERROR_IS_OK(r.out.result)) { \
+			torture_comment(tctx, #call " level %u failed - %s (%s)\n", \
+			       r.in.info_ctr->level, win_errstr(r.out.result), __location__); \
+			ret = false; \
+			break; \
+		}
+
+#define TESTSETCALL(call, r) \
+	TESTSETCALL_EXP(call, r, WERR_OK)
+
+#define STRING_EQUAL(s1, s2, field) \
+		if ((s1 && !s2) || (s2 && !s1) || strcmp(s1, s2)) { \
+			torture_comment(tctx, "Failed to set %s to '%s' (%s)\n", \
+			       #field, s2, __location__); \
+			ret = false; \
+			break; \
+		}
+
+#define MEM_EQUAL(s1, s2, length, field) \
+		if ((s1 && !s2) || (s2 && !s1) || memcmp(s1, s2, length)) { \
+			torture_comment(tctx, "Failed to set %s to '%s' (%s)\n", \
+			       #field, (const char *)s2, __location__); \
+			ret = false; \
+			break; \
+		}
+
+#define INT_EQUAL(i1, i2, field) \
+		if (i1 != i2) { \
+			torture_comment(tctx, "Failed to set %s to 0x%llx - got 0x%llx (%s)\n", \
+			       #field, (unsigned long long)i2, (unsigned long long)i1, __location__); \
+			ret = false; \
+			break; \
+		}
+
+#define SD_EQUAL(sd1, sd2, field) \
+		if (!security_descriptor_equal(sd1, sd2)) { \
+			torture_comment(tctx, "Failed to set %s (%s)\n", \
+			       #field, __location__); \
+			ret = false; \
+			break; \
+		}
+
+#define TEST_PRINTERINFO_STRING_EXP_ERR(q, s, needed, blob, lvl1, field1, lvl2, field2, value, err) do { \
+		void *p; \
+		torture_comment(tctx, "field test %d/%s vs %d/%s\n", lvl1, #field1, lvl2, #field2); \
+		q.in.level = lvl1; \
+		TESTGETCALL(GetPrinter, q, needed, blob) \
+		info_ctr.level = lvl1; \
+		p = (void *)&q.out.info->info ## lvl1; \
+		info_ctr.info.info ## lvl1 = (struct spoolss_SetPrinterInfo ## lvl1 *)p; \
+		info_ctr.info.info ## lvl1->field1 = value;\
+		TESTSETCALL_EXP(SetPrinter, s, err) \
+		info_ctr.info.info ## lvl1->field1 = ""; \
+		TESTGETCALL(GetPrinter, q, needed, blob) \
+		info_ctr.info.info ## lvl1->field1 = value; \
+		STRING_EQUAL(info_ctr.info.info ## lvl1->field1, value, field1); \
+		q.in.level = lvl2; \
+		TESTGETCALL(GetPrinter, q, needed, blob) \
+		p = (void *)&q.out.info->info ## lvl2; \
+		info_ctr.info.info ## lvl2 = (struct spoolss_SetPrinterInfo ## lvl2 *)p; \
+		STRING_EQUAL(info_ctr.info.info ## lvl2->field2, value, field2); \
+	} while (0)
+
+#define TEST_PRINTERINFO_STRING(q, s, needed, blob, lvl1, field1, lvl2, field2, value) do { \
+	TEST_PRINTERINFO_STRING_EXP_ERR(q, s, needed, blob, lvl1, field1, lvl2, field2, value, WERR_OK); \
+	} while (0);
+
+#define TEST_PRINTERINFO_INT_EXP(q, s, needed, blob, lvl1, field1, lvl2, field2, value, exp_value) do { \
+		void *p; \
+		torture_comment(tctx, "field test %d/%s vs %d/%s\n", lvl1, #field1, lvl2, #field2); \
+		q.in.level = lvl1; \
+		TESTGETCALL(GetPrinter, q, needed, blob) \
+		info_ctr.level = lvl1; \
+		p = (void *)&q.out.info->info ## lvl1; \
+		info_ctr.info.info ## lvl1 = (struct spoolss_SetPrinterInfo ## lvl1 *)p; \
+		info_ctr.info.info ## lvl1->field1 = value; \
+		TESTSETCALL(SetPrinter, s) \
+		info_ctr.info.info ## lvl1->field1 = 0; \
+		TESTGETCALL(GetPrinter, q, needed, blob) \
+		p = (void *)&q.out.info->info ## lvl1; \
+		info_ctr.info.info ## lvl1 = (struct spoolss_SetPrinterInfo ## lvl1 *)p; \
+		INT_EQUAL(info_ctr.info.info ## lvl1->field1, exp_value, field1); \
+		q.in.level = lvl2; \
+		TESTGETCALL(GetPrinter, q, needed, blob) \
+		p = (void *)&q.out.info->info ## lvl2; \
+		info_ctr.info.info ## lvl2 = (struct spoolss_SetPrinterInfo ## lvl2 *)p; \
+		INT_EQUAL(info_ctr.info.info ## lvl2->field2, exp_value, field1); \
+	} while (0)
+
+#define TEST_PRINTERINFO_INT(q, s, needed, blob, lvl1, field1, lvl2, field2, value) do { \
+        TEST_PRINTERINFO_INT_EXP(q, s, needed, blob, lvl1, field1, lvl2, field2, value, value); \
+        } while (0)
+
+	q0.in.level = 0;
+	do { TESTGETCALL(GetPrinter, q0, needed, blob) } while (0);
+
+	TEST_PRINTERINFO_STRING(q, s, needed, blob, 2, comment,  1, comment, "xx2-1 comment");
+	TEST_PRINTERINFO_STRING(q, s, needed, blob, 2, comment,  2, comment, "xx2-2 comment");
+
+	/* level 0 printername does not stick */
+/*	TEST_PRINTERINFO_STRING(q, s, needed, blob, 2, printername,  0, printername, "xx2-0 printer"); */
+	TEST_PRINTERINFO_STRING(q, s, needed, blob, 2, printername,  1, name,	 "xx2-1 printer");
+	TEST_PRINTERINFO_STRING(q, s, needed, blob, 2, printername,  2, printername, "xx2-2 printer");
+	TEST_PRINTERINFO_STRING(q, s, needed, blob, 2, printername,  4, printername, "xx2-4 printer");
+	TEST_PRINTERINFO_STRING(q, s, needed, blob, 2, printername,  5, printername, "xx2-5 printer");
+/*	TEST_PRINTERINFO_STRING(q, s, needed, blob, 4, printername,  0, printername, "xx4-0 printer"); */
+	TEST_PRINTERINFO_STRING(q, s, needed, blob, 4, printername,  1, name,	 "xx4-1 printer");
+	TEST_PRINTERINFO_STRING(q, s, needed, blob, 4, printername,  2, printername, "xx4-2 printer");
+	TEST_PRINTERINFO_STRING(q, s, needed, blob, 4, printername,  4, printername, "xx4-4 printer");
+	TEST_PRINTERINFO_STRING(q, s, needed, blob, 4, printername,  5, printername, "xx4-5 printer");
+/*	TEST_PRINTERINFO_STRING(q, s, needed, blob, 5, printername,  0, printername, "xx5-0 printer"); */
+	TEST_PRINTERINFO_STRING(q, s, needed, blob, 5, printername,  1, name,	 "xx5-1 printer");
+	TEST_PRINTERINFO_STRING(q, s, needed, blob, 5, printername,  2, printername, "xx5-2 printer");
+	TEST_PRINTERINFO_STRING(q, s, needed, blob, 5, printername,  4, printername, "xx5-4 printer");
+	TEST_PRINTERINFO_STRING(q, s, needed, blob, 5, printername,  5, printername, "xx5-5 printer");
+
+	/* servername can be set but does not stick
+	TEST_PRINTERINFO_STRING(q, 2, servername,  0, servername, "xx2-0 servername");
+	TEST_PRINTERINFO_STRING(q, 2, servername,  2, servername, "xx2-2 servername");
+	TEST_PRINTERINFO_STRING(q, 2, servername,  4, servername, "xx2-4 servername");
+	*/
+
+	/* passing an invalid port will result in WERR_UNKNOWN_PORT */
+	TEST_PRINTERINFO_STRING_EXP_ERR(q, s, needed, blob, 2, portname,  2, portname, "xx2-2 portname", WERR_UNKNOWN_PORT);
+	TEST_PRINTERINFO_STRING_EXP_ERR(q, s, needed, blob, 2, portname,  5, portname, "xx2-5 portname", WERR_UNKNOWN_PORT);
+	TEST_PRINTERINFO_STRING_EXP_ERR(q, s, needed, blob, 5, portname,  2, portname, "xx5-2 portname", WERR_UNKNOWN_PORT);
+	TEST_PRINTERINFO_STRING_EXP_ERR(q, s, needed, blob, 5, portname,  5, portname, "xx5-5 portname", WERR_UNKNOWN_PORT);
+
+	TEST_PRINTERINFO_STRING(q, s, needed, blob, 2, sharename,	2, sharename,	"xx2-2 sharename");
+	/* passing an invalid driver will result in WERR_UNKNOWN_PRINTER_DRIVER */
+	TEST_PRINTERINFO_STRING_EXP_ERR(q, s, needed, blob, 2, drivername,	2, drivername,	"xx2-2 drivername", WERR_UNKNOWN_PRINTER_DRIVER);
+	TEST_PRINTERINFO_STRING(q, s, needed, blob, 2, location,	2, location,	"xx2-2 location");
+	/* passing an invalid sepfile will result in WERR_INVALID_SEPARATOR_FILE */
+	TEST_PRINTERINFO_STRING_EXP_ERR(q, s, needed, blob, 2, sepfile,	2, sepfile,	"xx2-2 sepfile", WERR_INVALID_SEPARATOR_FILE);
+	/* passing an invalid printprocessor will result in WERR_UNKNOWN_PRINTPROCESSOR */
+	TEST_PRINTERINFO_STRING_EXP_ERR(q, s, needed, blob, 2, printprocessor, 2, printprocessor, "xx2-2 printprocessor", WERR_UNKNOWN_PRINTPROCESSOR);
+	TEST_PRINTERINFO_STRING(q, s, needed, blob, 2, datatype,	2, datatype,	"xx2-2 datatype");
+	TEST_PRINTERINFO_STRING(q, s, needed, blob, 2, parameters,	2, parameters,	"xx2-2 parameters");
+
+	for (i=0; i < ARRAY_SIZE(attribute_list); i++) {
+/*		TEST_PRINTERINFO_INT_EXP(q, s, needed, blob, 2, attributes, 1, flags,
+			attribute_list[i],
+			(attribute_list[i] | default_attribute)
+			); */
+		TEST_PRINTERINFO_INT_EXP(q, s, needed, blob, 2, attributes, 2, attributes,
+			attribute_list[i],
+			(attribute_list[i] | default_attribute)
+			);
+		TEST_PRINTERINFO_INT_EXP(q, s, needed, blob, 2, attributes, 4, attributes,
+			attribute_list[i],
+			(attribute_list[i] | default_attribute)
+			);
+		TEST_PRINTERINFO_INT_EXP(q, s, needed, blob, 2, attributes, 5, attributes,
+			attribute_list[i],
+			(attribute_list[i] | default_attribute)
+			);
+/*		TEST_PRINTERINFO_INT_EXP(q, s, needed, blob, 4, attributes, 1, flags,
+			attribute_list[i],
+			(attribute_list[i] | default_attribute)
+			); */
+		TEST_PRINTERINFO_INT_EXP(q, s, needed, blob, 4, attributes, 2, attributes,
+			attribute_list[i],
+			(attribute_list[i] | default_attribute)
+			);
+		TEST_PRINTERINFO_INT_EXP(q, s, needed, blob, 4, attributes, 4, attributes,
+			attribute_list[i],
+			(attribute_list[i] | default_attribute)
+			);
+		TEST_PRINTERINFO_INT_EXP(q, s, needed, blob, 4, attributes, 5, attributes,
+			attribute_list[i],
+			(attribute_list[i] | default_attribute)
+			);
+/*		TEST_PRINTERINFO_INT_EXP(q, s, needed, blob, 5, attributes, 1, flags,
+			attribute_list[i],
+			(attribute_list[i] | default_attribute)
+			); */
+		TEST_PRINTERINFO_INT_EXP(q, s, needed, blob, 5, attributes, 2, attributes,
+			attribute_list[i],
+			(attribute_list[i] | default_attribute)
+			);
+		TEST_PRINTERINFO_INT_EXP(q, s, needed, blob, 5, attributes, 4, attributes,
+			attribute_list[i],
+			(attribute_list[i] | default_attribute)
+			);
+		TEST_PRINTERINFO_INT_EXP(q, s, needed, blob, 5, attributes, 5, attributes,
+			attribute_list[i],
+			(attribute_list[i] | default_attribute)
+			);
+	}
+
+	for (i=0; i < ARRAY_SIZE(status_list); i++) {
+		/* level 2 sets do not stick
+		TEST_PRINTERINFO_INT(q, s, needed, blob, 2, status,	0, status, status_list[i]);
+		TEST_PRINTERINFO_INT(q, s, needed, blob, 2, status,	2, status, status_list[i]);
+		TEST_PRINTERINFO_INT(q, s, needed, blob, 2, status,	6, status, status_list[i]); */
+		TEST_PRINTERINFO_INT(q, s, needed, blob, 6, status,	0, status, status_list[i]);
+		TEST_PRINTERINFO_INT(q, s, needed, blob, 6, status,	2, status, status_list[i]);
+		TEST_PRINTERINFO_INT(q, s, needed, blob, 6, status,	6, status, status_list[i]);
+	}
+
+	/* priorities need to be between 0 and 99
+	   passing an invalid priority will result in WERR_INVALID_PRIORITY */
+	TEST_PRINTERINFO_INT(q, s, needed, blob, 2, priority,	2, priority, 0);
+	TEST_PRINTERINFO_INT(q, s, needed, blob, 2, priority,	2, priority, 1);
+	TEST_PRINTERINFO_INT(q, s, needed, blob, 2, priority,	2, priority, 99);
+	/* TEST_PRINTERINFO_INT(q, s, needed, blob, 2, priority,	2, priority, 100); */
+	TEST_PRINTERINFO_INT(q, s, needed, blob, 2, defaultpriority,2, defaultpriority, 0);
+	TEST_PRINTERINFO_INT(q, s, needed, blob, 2, defaultpriority,2, defaultpriority, 1);
+	TEST_PRINTERINFO_INT(q, s, needed, blob, 2, defaultpriority,2, defaultpriority, 99);
+	/* TEST_PRINTERINFO_INT(q, s, needed, blob, 2, defaultpriority,2, defaultpriority, 100); */
+
+	TEST_PRINTERINFO_INT(q, s, needed, blob, 2, starttime,	2, starttime, __LINE__);
+	TEST_PRINTERINFO_INT(q, s, needed, blob, 2, untiltime,	2, untiltime, __LINE__);
+
+	/* does not stick
+	TEST_PRINTERINFO_INT(q, s, needed, blob, 2, cjobs,		2, cjobs, __LINE__);
+	TEST_PRINTERINFO_INT(q, s, needed, blob, 2, averageppm,	2, averageppm, __LINE__); */
+
+	/* does not stick
+	TEST_PRINTERINFO_INT(q, s, needed, blob, 5, device_not_selected_timeout, 5, device_not_selected_timeout, __LINE__);
+	TEST_PRINTERINFO_INT(q, s, needed, blob, 5, transmission_retry_timeout, 5, transmission_retry_timeout, __LINE__); */
+
+	/* FIXME: gd also test devmode and secdesc behavior */
+
+	{
+		/* verify composition of level 1 description field */
+		const char *description;
+		const char *tmp;
+
+		q0.in.level = 1;
+		do { TESTGETCALL(GetPrinter, q0, needed, blob) } while (0);
+
+		description = talloc_strdup(tctx, q0.out.info->info1.description);
+
+		q0.in.level = 2;
+		do { TESTGETCALL(GetPrinter, q0, needed, blob) } while (0);
+
+		tmp = talloc_asprintf(tctx, "%s,%s,%s",
+			q0.out.info->info2.printername,
+			q0.out.info->info2.drivername,
+			q0.out.info->info2.location);
+
+		do { STRING_EQUAL(description, tmp, "description")} while (0);
+	}
+
+	return ret;
+}
+
+static bool test_security_descriptor_equal(struct torture_context *tctx,
+					   const struct security_descriptor *sd1,
+					   const struct security_descriptor *sd2)
+{
+	if (sd1 == sd2) {
+		return true;
+	}
+
+	if (!sd1 || !sd2) {
+		torture_comment(tctx, "%s\n", __location__);
+		return false;
+	}
+
+	torture_assert_int_equal(tctx, sd1->revision, sd2->revision, "revision mismatch");
+	torture_assert_int_equal(tctx, sd1->type, sd2->type, "type mismatch");
+
+	torture_assert_sid_equal(tctx, sd1->owner_sid, sd2->owner_sid, "owner mismatch");
+	torture_assert_sid_equal(tctx, sd1->group_sid, sd2->group_sid, "group mismatch");
+
+	if (!security_acl_equal(sd1->sacl, sd2->sacl)) {
+		torture_comment(tctx, "%s: sacl mismatch\n", __location__);
+		NDR_PRINT_DEBUG(security_acl, sd1->sacl);
+		NDR_PRINT_DEBUG(security_acl, sd2->sacl);
+		return false;
+	}
+	if (!security_acl_equal(sd1->dacl, sd2->dacl)) {
+		torture_comment(tctx, "%s: dacl mismatch\n", __location__);
+		NDR_PRINT_DEBUG(security_acl, sd1->dacl);
+		NDR_PRINT_DEBUG(security_acl, sd2->dacl);
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_sd_set_level(struct torture_context *tctx,
+			      struct dcerpc_binding_handle *b,
+			      struct policy_handle *handle,
+			      uint32_t level,
+			      struct security_descriptor *sd)
+{
+	struct spoolss_SetPrinterInfoCtr info_ctr;
+	struct spoolss_DevmodeContainer devmode_ctr;
+	struct sec_desc_buf secdesc_ctr;
+	union spoolss_SetPrinterInfo sinfo;
+	union spoolss_PrinterInfo info;
+	struct spoolss_SetPrinterInfo3 info3;
+
+	ZERO_STRUCT(devmode_ctr);
+	ZERO_STRUCT(secdesc_ctr);
+
+	switch (level) {
+	case 2: {
+		torture_assert(tctx, test_GetPrinter_level(tctx, b, handle, 2, &info), "");
+		torture_assert(tctx, PrinterInfo_to_SetPrinterInfo(tctx, &info, 2, &sinfo), "");
+
+		info_ctr.level = 2;
+		info_ctr.info = sinfo;
+
+		break;
+	}
+	case 3: {
+
+		info3.sec_desc_ptr = 0;
+
+		info_ctr.level = 3;
+		info_ctr.info.info3 = &info3;
+
+		break;
+	}
+	default:
+		return false;
+	}
+
+	secdesc_ctr.sd = sd;
+
+	torture_assert(tctx,
+		test_SetPrinter(tctx, b, handle, &info_ctr, &devmode_ctr, &secdesc_ctr, 0), "");
+
+	return true;
+}
+
+static bool test_PrinterInfo_SDs(struct torture_context *tctx,
+				 struct dcerpc_binding_handle *b,
+				 struct policy_handle *handle)
+{
+	union spoolss_PrinterInfo info;
+	struct security_descriptor *sd1, *sd2;
+	int i;
+
+	/* just compare level 2 and level 3 */
+
+	torture_assert(tctx, test_GetPrinter_level(tctx, b, handle, 2, &info), "");
+
+	sd1 = info.info2.secdesc;
+
+	torture_assert(tctx, test_GetPrinter_level(tctx, b, handle, 3, &info), "");
+
+	sd2 = info.info3.secdesc;
+
+	torture_assert(tctx, test_security_descriptor_equal(tctx, sd1, sd2),
+		"SD level 2 != SD level 3");
+
+
+	/* query level 2, set level 2, query level 2 */
+
+	torture_assert(tctx, test_GetPrinter_level(tctx, b, handle, 2, &info), "");
+
+	sd1 = info.info2.secdesc;
+
+	torture_assert(tctx, test_sd_set_level(tctx, b, handle, 2, sd1), "");
+
+	torture_assert(tctx, test_GetPrinter_level(tctx, b, handle, 2, &info), "");
+
+	sd2 = info.info2.secdesc;
+	if (sd1->type & SEC_DESC_DACL_DEFAULTED) {
+		torture_comment(tctx, "removing SEC_DESC_DACL_DEFAULTED\n");
+		sd1->type &= ~SEC_DESC_DACL_DEFAULTED;
+	}
+
+	torture_assert(tctx, test_security_descriptor_equal(tctx, sd1, sd2),
+		"SD level 2 != SD level 2 after SD has been set via level 2");
+
+
+	/* query level 2, set level 3, query level 2 */
+
+	torture_assert(tctx, test_GetPrinter_level(tctx, b, handle, 2, &info), "");
+
+	sd1 = info.info2.secdesc;
+
+	torture_assert(tctx, test_sd_set_level(tctx, b, handle, 3, sd1), "");
+
+	torture_assert(tctx, test_GetPrinter_level(tctx, b, handle, 2, &info), "");
+
+	sd2 = info.info2.secdesc;
+
+	torture_assert(tctx, test_security_descriptor_equal(tctx, sd1, sd2),
+		"SD level 2 != SD level 2 after SD has been set via level 3");
+
+	/* set modified sd level 3, query level 2 */
+
+	for (i=0; i < 93; i++) {
+		struct security_ace a = {};
+		const char *sid_string = talloc_asprintf(tctx, "S-1-5-32-9999%i", i);
+		a.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
+		a.flags = 0;
+		a.size = 0; /* autogenerated */
+		a.access_mask = 0;
+		a.trustee = *dom_sid_parse_talloc(tctx, sid_string);
+		torture_assert_ntstatus_ok(tctx, security_descriptor_dacl_add(sd1, &a), "");
+	}
+
+	torture_assert(tctx, test_sd_set_level(tctx, b, handle, 3, sd1), "");
+
+	torture_assert(tctx, test_GetPrinter_level(tctx, b, handle, 2, &info), "");
+	sd2 = info.info2.secdesc;
+
+	if (sd1->type & SEC_DESC_DACL_DEFAULTED) {
+		torture_comment(tctx, "removing SEC_DESC_DACL_DEFAULTED\n");
+		sd1->type &= ~SEC_DESC_DACL_DEFAULTED;
+	}
+
+	torture_assert(tctx, test_security_descriptor_equal(tctx, sd1, sd2),
+		"modified SD level 2 != SD level 2 after SD has been set via level 3");
+
+
+	return true;
+}
+
+/*
+ * wrapper call that saves original sd, runs tests, and restores sd
+ */
+
+static bool test_PrinterInfo_SD(struct torture_context *tctx,
+				struct dcerpc_binding_handle *b,
+				struct policy_handle *handle)
+{
+	union spoolss_PrinterInfo info;
+	struct security_descriptor *sd;
+	bool ret = true;
+
+	torture_comment(tctx, "Testing Printer Security Descriptors\n");
+
+	/* save original sd */
+
+	torture_assert(tctx, test_GetPrinter_level(tctx, b, handle, 2, &info),
+		"failed to get initial security descriptor");
+
+	sd = security_descriptor_copy(tctx, info.info2.secdesc);
+
+	/* run tests */
+
+	ret = test_PrinterInfo_SDs(tctx, b, handle);
+
+	/* restore original sd */
+
+	torture_assert(tctx, test_sd_set_level(tctx, b, handle, 3, sd),
+		"failed to restore initial security descriptor");
+
+	torture_comment(tctx, "Printer Security Descriptors test %s\n\n",
+		ret ? "succeeded" : "failed");
+
+
+	return ret;
+}
+
+static bool test_devmode_set_level(struct torture_context *tctx,
+				   struct dcerpc_binding_handle *b,
+				   struct policy_handle *handle,
+				   uint32_t level,
+				   struct spoolss_DeviceMode *devmode)
+{
+	struct spoolss_SetPrinterInfo8 info8;
+	struct spoolss_SetPrinterInfoCtr info_ctr;
+	struct spoolss_DevmodeContainer devmode_ctr;
+	struct sec_desc_buf secdesc_ctr;
+	union spoolss_SetPrinterInfo sinfo;
+
+	ZERO_STRUCT(devmode_ctr);
+	ZERO_STRUCT(secdesc_ctr);
+
+	switch (level) {
+	case 2: {
+		union spoolss_PrinterInfo info;
+		torture_assert(tctx, test_GetPrinter_level(tctx, b, handle, 2, &info), "");
+		torture_assert(tctx, PrinterInfo_to_SetPrinterInfo(tctx, &info, 2, &sinfo), "");
+
+		info_ctr.level = 2;
+		info_ctr.info = sinfo;
+
+		break;
+	}
+	case 8: {
+		info8.devmode_ptr = 0;
+
+		info_ctr.level = 8;
+		info_ctr.info.info8 = &info8;
+
+		break;
+	}
+	default:
+		return false;
+	}
+
+	devmode_ctr.devmode = devmode;
+
+	torture_assert(tctx,
+		test_SetPrinter(tctx, b, handle, &info_ctr, &devmode_ctr, &secdesc_ctr, 0), "");
+
+	return true;
+}
+
+
+static bool test_devicemode_equal(struct torture_context *tctx,
+				  const struct spoolss_DeviceMode *d1,
+				  const struct spoolss_DeviceMode *d2)
+{
+	if (d1 == d2) {
+		return true;
+	}
+
+	if (!d1 || !d2) {
+		torture_comment(tctx, "%s\n", __location__);
+		return false;
+	}
+	torture_assert_str_equal(tctx, d1->devicename, d2->devicename, "devicename mismatch");
+	torture_assert_int_equal(tctx, d1->specversion, d2->specversion, "specversion mismatch");
+	torture_assert_int_equal(tctx, d1->driverversion, d2->driverversion, "driverversion mismatch");
+	torture_assert_int_equal(tctx, d1->size, d2->size, "size mismatch");
+	torture_assert_int_equal(tctx, d1->__driverextra_length, d2->__driverextra_length, "__driverextra_length mismatch");
+	torture_assert_int_equal(tctx, d1->fields, d2->fields, "fields mismatch");
+	torture_assert_int_equal(tctx, d1->orientation, d2->orientation, "orientation mismatch");
+	torture_assert_int_equal(tctx, d1->papersize, d2->papersize, "papersize mismatch");
+	torture_assert_int_equal(tctx, d1->paperlength, d2->paperlength, "paperlength mismatch");
+	torture_assert_int_equal(tctx, d1->paperwidth, d2->paperwidth, "paperwidth mismatch");
+	torture_assert_int_equal(tctx, d1->scale, d2->scale, "scale mismatch");
+	torture_assert_int_equal(tctx, d1->copies, d2->copies, "copies mismatch");
+	torture_assert_int_equal(tctx, d1->defaultsource, d2->defaultsource, "defaultsource mismatch");
+	torture_assert_int_equal(tctx, d1->printquality, d2->printquality, "printquality mismatch");
+	torture_assert_int_equal(tctx, d1->color, d2->color, "color mismatch");
+	torture_assert_int_equal(tctx, d1->duplex, d2->duplex, "duplex mismatch");
+	torture_assert_int_equal(tctx, d1->yresolution, d2->yresolution, "yresolution mismatch");
+	torture_assert_int_equal(tctx, d1->ttoption, d2->ttoption, "ttoption mismatch");
+	torture_assert_int_equal(tctx, d1->collate, d2->collate, "collate mismatch");
+	torture_assert_str_equal(tctx, d1->formname, d2->formname, "formname mismatch");
+	torture_assert_int_equal(tctx, d1->logpixels, d2->logpixels, "logpixels mismatch");
+	torture_assert_int_equal(tctx, d1->bitsperpel, d2->bitsperpel, "bitsperpel mismatch");
+	torture_assert_int_equal(tctx, d1->pelswidth, d2->pelswidth, "pelswidth mismatch");
+	torture_assert_int_equal(tctx, d1->pelsheight, d2->pelsheight, "pelsheight mismatch");
+	torture_assert_int_equal(tctx, d1->displayflags, d2->displayflags, "displayflags mismatch");
+	torture_assert_int_equal(tctx, d1->displayfrequency, d2->displayfrequency, "displayfrequency mismatch");
+	torture_assert_int_equal(tctx, d1->icmmethod, d2->icmmethod, "icmmethod mismatch");
+	torture_assert_int_equal(tctx, d1->icmintent, d2->icmintent, "icmintent mismatch");
+	torture_assert_int_equal(tctx, d1->mediatype, d2->mediatype, "mediatype mismatch");
+	torture_assert_int_equal(tctx, d1->dithertype, d2->dithertype, "dithertype mismatch");
+	torture_assert_int_equal(tctx, d1->reserved1, d2->reserved1, "reserved1 mismatch");
+	torture_assert_int_equal(tctx, d1->reserved2, d2->reserved2, "reserved2 mismatch");
+	torture_assert_int_equal(tctx, d1->panningwidth, d2->panningwidth, "panningwidth mismatch");
+	torture_assert_int_equal(tctx, d1->panningheight, d2->panningheight, "panningheight mismatch");
+	torture_assert_data_blob_equal(tctx, d1->driverextra_data, d2->driverextra_data, "driverextra_data mismatch");
+
+	return true;
+}
+
+static bool test_devicemode_full(struct torture_context *tctx,
+				 struct dcerpc_binding_handle *b,
+				 struct policy_handle *handle)
+{
+	struct spoolss_SetPrinter s;
+	struct spoolss_GetPrinter q;
+	struct spoolss_SetPrinterInfoCtr info_ctr;
+	struct spoolss_SetPrinterInfo8 info8;
+	union spoolss_PrinterInfo info;
+	struct spoolss_DevmodeContainer devmode_ctr;
+	struct sec_desc_buf secdesc_ctr;
+	uint32_t needed = 0;
+	DATA_BLOB blob = data_blob_null;
+	bool ret = true;
+	NTSTATUS status;
+
+#define TEST_DEVMODE_INT_EXP_RESULT(q, s, needed, blob, lvl1, field1, lvl2, field2, value, exp_value, expected_result) do { \
+		torture_comment(tctx, "field test %d/%s vs %d/%s\n", lvl1, #field1, lvl2, #field2); \
+		q.in.level = lvl1; \
+		TESTGETCALL(GetPrinter, q, needed, blob) \
+		info_ctr.level = lvl1; \
+		if (lvl1 == 2) {\
+			void *p = (void *)&q.out.info->info ## lvl1; \
+			info_ctr.info.info ## lvl1 = (struct spoolss_SetPrinterInfo ## lvl1 *)p; \
+		} else if (lvl1 == 8) {\
+			info_ctr.info.info ## lvl1 = &info8; \
+		}\
+		devmode_ctr.devmode = q.out.info->info ## lvl1.devmode; \
+		devmode_ctr.devmode->field1 = value; \
+		TESTSETCALL_EXP(SetPrinter, s, expected_result) \
+		if (W_ERROR_IS_OK(expected_result)) { \
+			TESTGETCALL(GetPrinter, q, needed, blob) \
+			INT_EQUAL(q.out.info->info ## lvl1.devmode->field1, exp_value, field1); \
+			q.in.level = lvl2; \
+			TESTGETCALL(GetPrinter, q, needed, blob) \
+			INT_EQUAL(q.out.info->info ## lvl2.devmode->field2, exp_value, field1); \
+		}\
+	} while (0)
+
+#define TEST_DEVMODE_INT_EXP(q, s, needed, blob, lvl1, field1, lvl2, field2, value, expected_result) do { \
+        TEST_DEVMODE_INT_EXP_RESULT(q, s, needed, blob, lvl1, field1, lvl2, field2, value, value, expected_result); \
+        } while (0)
+
+#define TEST_DEVMODE_INT(q, s, needed, blob, lvl1, field1, lvl2, field2, value) do { \
+        TEST_DEVMODE_INT_EXP_RESULT(q, s, needed, blob, lvl1, field1, lvl2, field2, value, value, WERR_OK); \
+        } while (0)
+
+	ZERO_STRUCT(devmode_ctr);
+	ZERO_STRUCT(secdesc_ctr);
+	ZERO_STRUCT(info8);
+
+	s.in.handle = handle;
+	s.in.command = 0;
+	s.in.info_ctr = &info_ctr;
+	s.in.devmode_ctr = &devmode_ctr;
+	s.in.secdesc_ctr = &secdesc_ctr;
+
+	q.in.handle = handle;
+	q.out.info = &info;
+
+#if 0
+	const char *devicename;/* [charset(UTF16)] */
+	enum spoolss_DeviceModeSpecVersion specversion;
+	uint16_t driverversion;
+	uint16_t __driverextra_length;/* [value(r->driverextra_data.length)] */
+	uint32_t fields;
+#endif
+	TEST_DEVMODE_INT_EXP(q, s, needed, blob, 8, size,		8, size, __LINE__, WERR_INVALID_PARAMETER);
+	TEST_DEVMODE_INT_EXP(q, s, needed, blob, 8, size,		8, size, 0, WERR_INVALID_PARAMETER);
+	TEST_DEVMODE_INT_EXP(q, s, needed, blob, 8, size,		8, size, 0xffff, WERR_INVALID_PARAMETER);
+	TEST_DEVMODE_INT_EXP(q, s, needed, blob, 8, size,		8, size, ndr_size_spoolss_DeviceMode(devmode_ctr.devmode, 0), (devmode_ctr.devmode->__driverextra_length > 0 ) ? WERR_INVALID_PARAMETER : WERR_OK);
+	TEST_DEVMODE_INT(q, s, needed, blob, 8, size,		8, size, ndr_size_spoolss_DeviceMode(devmode_ctr.devmode, 0) - devmode_ctr.devmode->__driverextra_length);
+
+	devmode_ctr.devmode->driverextra_data = data_blob_string_const("foobar");
+	torture_assert(tctx,
+		test_devmode_set_level(tctx, b, handle, 8, devmode_ctr.devmode),
+		"failed to set devmode");
+
+	TEST_DEVMODE_INT_EXP(q, s, needed, blob, 8, size,		8, size, ndr_size_spoolss_DeviceMode(devmode_ctr.devmode, 0), (devmode_ctr.devmode->__driverextra_length > 0 ) ? WERR_INVALID_PARAMETER : WERR_OK);
+	TEST_DEVMODE_INT(q, s, needed, blob, 8, size,		8, size, ndr_size_spoolss_DeviceMode(devmode_ctr.devmode, 0) - devmode_ctr.devmode->__driverextra_length);
+
+	TEST_DEVMODE_INT(q, s, needed, blob, 8, orientation,	8, orientation, __LINE__);
+	TEST_DEVMODE_INT(q, s, needed, blob, 8, papersize,		8, papersize, __LINE__);
+	TEST_DEVMODE_INT(q, s, needed, blob, 8, paperlength,	8, paperlength, __LINE__);
+	TEST_DEVMODE_INT(q, s, needed, blob, 8, paperwidth,		8, paperwidth, __LINE__);
+	TEST_DEVMODE_INT(q, s, needed, blob, 8, scale,		8, scale, __LINE__);
+	TEST_DEVMODE_INT(q, s, needed, blob, 8, copies,		8, copies, __LINE__);
+	TEST_DEVMODE_INT(q, s, needed, blob, 8, defaultsource,	8, defaultsource, __LINE__);
+	TEST_DEVMODE_INT(q, s, needed, blob, 8, printquality,	8, printquality, __LINE__);
+	TEST_DEVMODE_INT(q, s, needed, blob, 8, color,		8, color, __LINE__);
+	TEST_DEVMODE_INT(q, s, needed, blob, 8, duplex,		8, duplex, __LINE__);
+	TEST_DEVMODE_INT(q, s, needed, blob, 8, yresolution,	8, yresolution, __LINE__);
+	TEST_DEVMODE_INT(q, s, needed, blob, 8, ttoption,		8, ttoption, __LINE__);
+	TEST_DEVMODE_INT(q, s, needed, blob, 8, collate,		8, collate, __LINE__);
+#if 0
+	const char *formname;/* [charset(UTF16)] */
+#endif
+	TEST_DEVMODE_INT(q, s, needed, blob, 8, logpixels,		8, logpixels, __LINE__);
+	TEST_DEVMODE_INT(q, s, needed, blob, 8, bitsperpel,		8, bitsperpel, __LINE__);
+	TEST_DEVMODE_INT(q, s, needed, blob, 8, pelswidth,		8, pelswidth, __LINE__);
+	TEST_DEVMODE_INT(q, s, needed, blob, 8, pelsheight,		8, pelsheight, __LINE__);
+	TEST_DEVMODE_INT(q, s, needed, blob, 8, displayflags,	8, displayflags, __LINE__);
+	TEST_DEVMODE_INT(q, s, needed, blob, 8, displayfrequency,	8, displayfrequency, __LINE__);
+	TEST_DEVMODE_INT(q, s, needed, blob, 8, icmmethod,		8, icmmethod, __LINE__);
+	TEST_DEVMODE_INT(q, s, needed, blob, 8, icmintent,		8, icmintent, __LINE__);
+	TEST_DEVMODE_INT(q, s, needed, blob, 8, mediatype,		8, mediatype, __LINE__);
+	TEST_DEVMODE_INT(q, s, needed, blob, 8, dithertype,		8, dithertype, __LINE__);
+	TEST_DEVMODE_INT(q, s, needed, blob, 8, reserved1,		8, reserved1, __LINE__);
+	TEST_DEVMODE_INT(q, s, needed, blob, 8, reserved2,		8, reserved2, __LINE__);
+	TEST_DEVMODE_INT(q, s, needed, blob, 8, panningwidth,	8, panningwidth, __LINE__);
+	TEST_DEVMODE_INT(q, s, needed, blob, 8, panningheight,	8, panningheight, __LINE__);
+
+	return ret;
+}
+
+static bool call_OpenPrinterEx(struct torture_context *tctx,
+			       struct dcerpc_pipe *p,
+			       const char *name,
+			       struct spoolss_DeviceMode *devmode,
+			       struct policy_handle *handle);
+
+static bool test_PrinterInfo_DevModes(struct torture_context *tctx,
+				      struct dcerpc_pipe *p,
+				      struct policy_handle *handle,
+				      const char *name)
+{
+	union spoolss_PrinterInfo info;
+	struct spoolss_DeviceMode *devmode;
+	struct spoolss_DeviceMode *devmode2;
+	struct policy_handle handle_devmode;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	/* simply compare level8 and level2 devmode */
+
+	torture_assert(tctx, test_GetPrinter_level(tctx, b, handle, 8, &info), "");
+
+	devmode = info.info8.devmode;
+
+	if (devmode && devmode->size == 0) {
+		torture_fail(tctx,
+			"devmode of zero size!");
+	}
+
+	torture_assert(tctx, test_GetPrinter_level(tctx, b, handle, 2, &info), "");
+
+	devmode2 = info.info2.devmode;
+
+	if (devmode2 && devmode2->size == 0) {
+		torture_fail(tctx,
+			"devmode of zero size!");
+	}
+
+	torture_assert(tctx, test_devicemode_equal(tctx, devmode, devmode2),
+		"DM level 8 != DM level 2");
+
+
+	/* set devicemode level 8 and see if it persists */
+
+	devmode->copies = 93;
+	devmode->formname = talloc_strdup(tctx, "Legal");
+
+	torture_assert(tctx, test_devmode_set_level(tctx, b, handle, 8, devmode), "");
+
+	torture_assert(tctx, test_GetPrinter_level(tctx, b, handle, 8, &info), "");
+
+	devmode2 = info.info8.devmode;
+
+	torture_assert(tctx, test_devicemode_equal(tctx, devmode, devmode2),
+		"modified DM level 8 != DM level 8 after DM has been set via level 8");
+
+	torture_assert(tctx, test_GetPrinter_level(tctx, b, handle, 2, &info), "");
+
+	devmode2 = info.info2.devmode;
+
+	torture_assert(tctx, test_devicemode_equal(tctx, devmode, devmode2),
+		"modified DM level 8 != DM level 2");
+
+
+	/* set devicemode level 2 and see if it persists */
+
+	devmode->copies = 39;
+	devmode->formname = talloc_strdup(tctx, "Executive");
+
+	torture_assert(tctx, test_devmode_set_level(tctx, b, handle, 2, devmode), "");
+
+	torture_assert(tctx, test_GetPrinter_level(tctx, b, handle, 8, &info), "");
+
+	devmode2 = info.info8.devmode;
+
+	torture_assert(tctx, test_devicemode_equal(tctx, devmode, devmode2),
+		"modified DM level 8 != DM level 8 after DM has been set via level 2");
+
+	torture_assert(tctx, test_GetPrinter_level(tctx, b, handle, 2, &info), "");
+
+	devmode2 = info.info2.devmode;
+
+	torture_assert(tctx, test_devicemode_equal(tctx, devmode, devmode2),
+		"modified DM level 8 != DM level 2");
+
+
+	/* check every single bit in public part of devicemode */
+
+	torture_assert(tctx, test_devicemode_full(tctx, b, handle),
+		"failed to set every single devicemode component");
+
+
+	/* change formname upon open and see if it persists in getprinter calls */
+
+	devmode->formname = talloc_strdup(tctx, "A4");
+	devmode->copies = 42;
+
+	torture_assert(tctx, call_OpenPrinterEx(tctx, p, name, devmode, &handle_devmode),
+		"failed to open printer handle");
+
+	torture_assert(tctx, test_GetPrinter_level(tctx, b, &handle_devmode, 8, &info), "");
+
+	devmode2 = info.info8.devmode;
+
+	if (strequal(devmode->devicename, devmode2->devicename)) {
+		torture_warning(tctx, "devicenames are the same\n");
+	} else {
+		torture_comment(tctx, "devicename passed in for open: %s\n", devmode->devicename);
+		torture_comment(tctx, "devicename after level 8 get: %s\n", devmode2->devicename);
+	}
+
+	if (strequal(devmode->formname, devmode2->formname)) {
+		torture_warning(tctx, "formname are the same\n");
+	} else {
+		torture_comment(tctx, "formname passed in for open: %s\n", devmode->formname);
+		torture_comment(tctx, "formname after level 8 get: %s\n", devmode2->formname);
+	}
+
+	if (devmode->copies == devmode2->copies) {
+		torture_warning(tctx, "copies are the same\n");
+	} else {
+		torture_comment(tctx, "copies passed in for open: %d\n", devmode->copies);
+		torture_comment(tctx, "copies after level 8 get: %d\n", devmode2->copies);
+	}
+
+	torture_assert(tctx, test_GetPrinter_level(tctx, b, &handle_devmode, 2, &info), "");
+
+	devmode2 = info.info2.devmode;
+
+	if (strequal(devmode->devicename, devmode2->devicename)) {
+		torture_warning(tctx, "devicenames are the same\n");
+	} else {
+		torture_comment(tctx, "devicename passed in for open: %s\n", devmode->devicename);
+		torture_comment(tctx, "devicename after level 2 get: %s\n", devmode2->devicename);
+	}
+
+	if (strequal(devmode->formname, devmode2->formname)) {
+		torture_warning(tctx, "formname is the same\n");
+	} else {
+		torture_comment(tctx, "formname passed in for open: %s\n", devmode->formname);
+		torture_comment(tctx, "formname after level 2 get: %s\n", devmode2->formname);
+	}
+
+	if (devmode->copies == devmode2->copies) {
+		torture_warning(tctx, "copies are the same\n");
+	} else {
+		torture_comment(tctx, "copies passed in for open: %d\n", devmode->copies);
+		torture_comment(tctx, "copies after level 2 get: %d\n", devmode2->copies);
+	}
+
+	test_ClosePrinter(tctx, b, &handle_devmode);
+
+	return true;
+}
+
+/*
+ * wrapper call that saves original devmode, runs tests, and restores devmode
+ */
+
+static bool test_PrinterInfo_DevMode(struct torture_context *tctx,
+				     struct dcerpc_pipe *p,
+				     struct policy_handle *handle,
+				     const char *name,
+				     struct spoolss_DeviceMode *addprinter_devmode)
+{
+	union spoolss_PrinterInfo info;
+	struct spoolss_DeviceMode *devmode;
+	bool ret = true;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	torture_comment(tctx, "Testing Printer Devicemodes\n");
+
+	/* save original devmode */
+
+	torture_assert(tctx, test_GetPrinter_level(tctx, b, handle, 8, &info),
+		"failed to get initial global devicemode");
+
+	devmode = info.info8.devmode;
+
+	if (devmode && devmode->size == 0) {
+		torture_fail(tctx,
+			"devmode of zero size!");
+	}
+
+	if (addprinter_devmode) {
+		if (!test_devicemode_equal(tctx, devmode, addprinter_devmode)) {
+			torture_warning(tctx, "current global DM is != DM provided in addprinter");
+		}
+	}
+
+	/* run tests */
+
+	ret = test_PrinterInfo_DevModes(tctx, p, handle, name);
+
+	/* restore original devmode */
+
+	torture_assert(tctx, test_devmode_set_level(tctx, b, handle, 8, devmode),
+		"failed to restore initial global device mode");
+
+	torture_comment(tctx, "Printer Devicemodes test %s\n\n",
+		ret ? "succeeded" : "failed");
+
+
+	return ret;
+}
+
+bool test_ClosePrinter(struct torture_context *tctx,
+		       struct dcerpc_binding_handle *b,
+		       struct policy_handle *handle)
+{
+	NTSTATUS status;
+	struct spoolss_ClosePrinter r;
+
+	r.in.handle = handle;
+	r.out.handle = handle;
+
+	torture_comment(tctx, "Testing ClosePrinter\n");
+
+	status = dcerpc_spoolss_ClosePrinter_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "ClosePrinter failed");
+	torture_assert_werr_ok(tctx, r.out.result, "ClosePrinter failed");
+
+	return true;
+}
+
+static bool test_GetForm_args(struct torture_context *tctx,
+			      struct dcerpc_binding_handle *b,
+			      struct policy_handle *handle,
+			      const char *form_name,
+			      uint32_t level,
+			      union spoolss_FormInfo *info_p)
+{
+	NTSTATUS status;
+	struct spoolss_GetForm r;
+	uint32_t needed;
+
+	r.in.handle = handle;
+	r.in.form_name = form_name;
+	r.in.level = level;
+	r.in.buffer = NULL;
+	r.in.offered = 0;
+	r.out.needed = &needed;
+
+	torture_comment(tctx, "Testing GetForm(%s) level %d\n", form_name, r.in.level);
+
+	status = dcerpc_spoolss_GetForm_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "GetForm failed");
+
+	if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {
+		DATA_BLOB blob = data_blob_talloc_zero(tctx, needed);
+		r.in.buffer = &blob;
+		r.in.offered = needed;
+		status = dcerpc_spoolss_GetForm_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "GetForm failed");
+
+		torture_assert_werr_ok(tctx, r.out.result, "GetForm failed");
+
+		torture_assert(tctx, r.out.info, "No form info returned");
+	}
+
+	torture_assert_werr_ok(tctx, r.out.result, "GetForm failed");
+
+	CHECK_NEEDED_SIZE_LEVEL(spoolss_FormInfo, r.out.info, r.in.level, needed, 4);
+
+	if (info_p) {
+		*info_p = *r.out.info;
+	}
+
+	return true;
+}
+
+static bool test_GetForm(struct torture_context *tctx,
+			 struct dcerpc_binding_handle *b,
+			 struct policy_handle *handle,
+			 const char *form_name,
+			 uint32_t level)
+{
+	return test_GetForm_args(tctx, b, handle, form_name, level, NULL);
+}
+
+static bool test_EnumForms(struct torture_context *tctx,
+			   struct dcerpc_binding_handle *b,
+			   struct policy_handle *handle,
+			   bool print_server,
+			   uint32_t level,
+			   uint32_t *count_p,
+			   union spoolss_FormInfo **info_p)
+{
+	struct spoolss_EnumForms r;
+	uint32_t needed;
+	uint32_t count;
+	union spoolss_FormInfo *info;
+
+	r.in.handle = handle;
+	r.in.level = level;
+	r.in.buffer = NULL;
+	r.in.offered = 0;
+	r.out.needed = &needed;
+	r.out.count = &count;
+	r.out.info = &info;
+
+	torture_comment(tctx, "Testing EnumForms level %d\n", r.in.level);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_EnumForms_r(b, tctx, &r),
+		"EnumForms failed");
+
+	if ((r.in.level == 2) && (W_ERROR_EQUAL(r.out.result, WERR_INVALID_LEVEL))) {
+		torture_skip(tctx, "EnumForms level 2 not supported");
+	}
+
+	if (print_server && W_ERROR_EQUAL(r.out.result, WERR_INVALID_HANDLE)) {
+		torture_fail(tctx, "EnumForms on the PrintServer isn't supported by test server (NT4)");
+	}
+
+	if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {
+		DATA_BLOB blob = data_blob_talloc_zero(tctx, needed);
+		r.in.buffer = &blob;
+		r.in.offered = needed;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_spoolss_EnumForms_r(b, tctx, &r),
+			"EnumForms failed");
+
+		torture_assert(tctx, info, "No forms returned");
+	}
+
+	torture_assert_werr_ok(tctx, r.out.result, "EnumForms failed");
+
+	CHECK_NEEDED_SIZE_ENUM_LEVEL(spoolss_EnumForms, info, r.in.level, count, needed, 4);
+
+	if (info_p) {
+		*info_p = info;
+	}
+	if (count_p) {
+		*count_p = count;
+	}
+
+	return true;
+}
+
+static bool test_EnumForms_all(struct torture_context *tctx,
+			       struct dcerpc_binding_handle *b,
+			       struct policy_handle *handle,
+			       bool print_server)
+{
+	uint32_t levels[] = { 1, 2 };
+	int i, j;
+
+	for (i=0; i<ARRAY_SIZE(levels); i++) {
+
+		uint32_t count = 0;
+		union spoolss_FormInfo *info = NULL;
+
+		torture_assert(tctx,
+			test_EnumForms(tctx, b, handle, print_server, levels[i], &count, &info),
+			"failed to enum forms");
+
+		for (j = 0; j < count; j++) {
+			if (!print_server) {
+				torture_assert(tctx,
+					test_GetForm(tctx, b, handle, info[j].info1.form_name, levels[i]),
+					"failed to get form");
+			}
+		}
+	}
+
+	return true;
+}
+
+static bool test_EnumForms_find_one(struct torture_context *tctx,
+				    struct dcerpc_binding_handle *b,
+				    struct policy_handle *handle,
+				    bool print_server,
+				    const char *form_name)
+{
+	union spoolss_FormInfo *info = NULL;
+	uint32_t count = 0;
+	bool found = false;
+	int i;
+
+	torture_assert(tctx,
+		test_EnumForms(tctx, b, handle, print_server, 1, &count, &info),
+		"failed to enumerate forms");
+
+	for (i=0; i<count; i++) {
+		if (strequal(form_name, info[i].info1.form_name)) {
+			found = true;
+			break;
+		}
+	}
+
+	return found;
+}
+
+static bool test_DeleteForm(struct torture_context *tctx,
+			    struct dcerpc_binding_handle *b,
+			    struct policy_handle *handle,
+			    const char *form_name,
+			    WERROR expected_result)
+{
+	struct spoolss_DeleteForm r;
+
+	r.in.handle = handle;
+	r.in.form_name = form_name;
+
+	torture_comment(tctx, "Testing DeleteForm(%s)\n", form_name);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_DeleteForm_r(b, tctx, &r),
+		"DeleteForm failed");
+	torture_assert_werr_equal(tctx, r.out.result, expected_result,
+		"DeleteForm gave unexpected result");
+	if (W_ERROR_IS_OK(r.out.result)) {
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_spoolss_DeleteForm_r(b, tctx, &r),
+			"2nd DeleteForm failed");
+		torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_FORM_NAME,
+			"2nd DeleteForm failed");
+	}
+
+	return true;
+}
+
+static bool test_AddForm(struct torture_context *tctx,
+			 struct dcerpc_binding_handle *b,
+			 struct policy_handle *handle,
+			 uint32_t level,
+			 union spoolss_AddFormInfo *info,
+			 WERROR expected_result)
+{
+	struct spoolss_AddForm r;
+	struct spoolss_AddFormInfoCtr info_ctr;
+
+	info_ctr.level = level;
+	info_ctr.info = *info;
+
+	if (level != 1) {
+		torture_skip(tctx, "only level 1 supported");
+	}
+
+	r.in.handle	= handle;
+	r.in.info_ctr	= &info_ctr;
+
+	torture_comment(tctx, "Testing AddForm(%s) level %d, type %d\n",
+		r.in.info_ctr->info.info1->form_name, level,
+		r.in.info_ctr->info.info1->flags);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_spoolss_AddForm_r(b, tctx, &r),
+		"AddForm failed");
+	torture_assert_werr_equal(tctx, r.out.result, expected_result,
+		"AddForm gave unexpected result");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_spoolss_AddForm_r(b, tctx, &r),
+		"2nd AddForm failed");
+	if (W_ERROR_EQUAL(expected_result, WERR_INVALID_PARAMETER)) {
+		torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_PARAMETER,
+			"2nd AddForm gave unexpected result");
+	} else {
+		torture_assert_werr_equal(tctx, r.out.result, WERR_FILE_EXISTS,
+			"2nd AddForm gave unexpected result");
+	}
+
+	return true;
+}
+
+static bool test_SetForm(struct torture_context *tctx,
+			 struct dcerpc_binding_handle *b,
+			 struct policy_handle *handle,
+			 const char *form_name,
+			 uint32_t level,
+			 union spoolss_AddFormInfo *info)
+{
+	struct spoolss_SetForm r;
+	struct spoolss_AddFormInfoCtr info_ctr;
+
+	info_ctr.level	= level;
+	info_ctr.info	= *info;
+
+	r.in.handle	= handle;
+	r.in.form_name	= form_name;
+	r.in.info_ctr	= &info_ctr;
+
+	torture_comment(tctx, "Testing SetForm(%s) level %d\n",
+		form_name, level);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_spoolss_SetForm_r(b, tctx, &r),
+		"SetForm failed");
+
+	torture_assert_werr_ok(tctx, r.out.result,
+		"SetForm failed");
+
+	return true;
+}
+
+static bool test_GetForm_winreg(struct torture_context *tctx,
+			        struct dcerpc_binding_handle *b,
+				struct policy_handle *handle,
+				const char *key_name,
+				const char *form_name,
+				enum winreg_Type *w_type,
+				uint32_t *w_size,
+				uint32_t *w_length,
+				uint8_t **w_data);
+
+static bool test_Forms_args(struct torture_context *tctx,
+			    struct dcerpc_binding_handle *b,
+			    struct policy_handle *handle,
+			    bool print_server,
+			    const char *printer_name,
+			    struct dcerpc_binding_handle *winreg_handle,
+			    struct policy_handle *hive_handle,
+			    const char *form_name,
+			    struct spoolss_AddFormInfo1 *info1,
+			    WERROR expected_add_result,
+			    WERROR expected_delete_result)
+{
+	union spoolss_FormInfo info;
+	union spoolss_AddFormInfo add_info;
+
+	enum winreg_Type w_type;
+	uint32_t w_size;
+	uint32_t w_length;
+	uint8_t *w_data;
+
+	add_info.info1 = info1;
+
+	torture_assert(tctx,
+		test_AddForm(tctx, b, handle, 1, &add_info, expected_add_result),
+		"failed to add form");
+
+	if (winreg_handle && hive_handle && W_ERROR_IS_OK(expected_add_result)) {
+
+		struct spoolss_FormInfo1 i1;
+
+		torture_assert(tctx,
+			test_GetForm_winreg(tctx, winreg_handle, hive_handle, TOP_LEVEL_CONTROL_FORMS_KEY, form_name, &w_type, &w_size, &w_length, &w_data),
+			"failed to get form via winreg");
+
+		i1.size.width	= IVAL(w_data, 0);
+		i1.size.height	= IVAL(w_data, 4);
+		i1.area.left	= IVAL(w_data, 8);
+		i1.area.top	= IVAL(w_data, 12);
+		i1.area.right	= IVAL(w_data, 16);
+		i1.area.bottom	= IVAL(w_data, 20);
+		/* skip index here */
+		i1.flags	= IVAL(w_data, 28);
+
+		torture_assert_int_equal(tctx, w_type, REG_BINARY, "unexpected type");
+		torture_assert_int_equal(tctx, w_size, 0x20, "unexpected size");
+		torture_assert_int_equal(tctx, w_length, 0x20, "unexpected length");
+		torture_assert_int_equal(tctx, i1.size.width, add_info.info1->size.width, "width mismatch");
+		torture_assert_int_equal(tctx, i1.size.height, add_info.info1->size.height, "height mismatch");
+		torture_assert_int_equal(tctx, i1.area.left, add_info.info1->area.left, "left mismatch");
+		torture_assert_int_equal(tctx, i1.area.top, add_info.info1->area.top, "top mismatch");
+		torture_assert_int_equal(tctx, i1.area.right, add_info.info1->area.right, "right mismatch");
+		torture_assert_int_equal(tctx, i1.area.bottom, add_info.info1->area.bottom, "bottom mismatch");
+		torture_assert_int_equal(tctx, i1.flags, add_info.info1->flags, "flags mismatch");
+	}
+
+	if (!print_server && W_ERROR_IS_OK(expected_add_result)) {
+		torture_assert(tctx,
+			test_GetForm_args(tctx, b, handle, form_name, 1, &info),
+			"failed to get added form");
+
+		torture_assert_int_equal(tctx, info.info1.size.width, add_info.info1->size.width, "width mismatch");
+		torture_assert_int_equal(tctx, info.info1.size.height, add_info.info1->size.height, "height mismatch");
+		torture_assert_int_equal(tctx, info.info1.area.left, add_info.info1->area.left, "left mismatch");
+		torture_assert_int_equal(tctx, info.info1.area.top, add_info.info1->area.top, "top mismatch");
+		torture_assert_int_equal(tctx, info.info1.area.right, add_info.info1->area.right, "right mismatch");
+		torture_assert_int_equal(tctx, info.info1.area.bottom, add_info.info1->area.bottom, "bottom mismatch");
+		torture_assert_int_equal(tctx, info.info1.flags, add_info.info1->flags, "flags mismatch");
+
+		if (winreg_handle && hive_handle) {
+
+			struct spoolss_FormInfo1 i1;
+
+			i1.size.width	= IVAL(w_data, 0);
+			i1.size.height	= IVAL(w_data, 4);
+			i1.area.left	= IVAL(w_data, 8);
+			i1.area.top	= IVAL(w_data, 12);
+			i1.area.right	= IVAL(w_data, 16);
+			i1.area.bottom	= IVAL(w_data, 20);
+			/* skip index here */
+			i1.flags	= IVAL(w_data, 28);
+
+			torture_assert_int_equal(tctx, i1.size.width, info.info1.size.width, "width mismatch");
+			torture_assert_int_equal(tctx, i1.size.height, info.info1.size.height, "height mismatch");
+			torture_assert_int_equal(tctx, i1.area.left, info.info1.area.left, "left mismatch");
+			torture_assert_int_equal(tctx, i1.area.top, info.info1.area.top, "top mismatch");
+			torture_assert_int_equal(tctx, i1.area.right, info.info1.area.right, "right mismatch");
+			torture_assert_int_equal(tctx, i1.area.bottom, info.info1.area.bottom, "bottom mismatch");
+			torture_assert_int_equal(tctx, i1.flags, info.info1.flags, "flags mismatch");
+		}
+
+		add_info.info1->size.width = 1234;
+
+		torture_assert(tctx,
+			test_SetForm(tctx, b, handle, form_name, 1, &add_info),
+			"failed to set form");
+		torture_assert(tctx,
+			test_GetForm_args(tctx, b, handle, form_name, 1, &info),
+			"failed to get set form");
+
+		torture_assert_int_equal(tctx, info.info1.size.width, add_info.info1->size.width, "width mismatch");
+	}
+
+	if (!W_ERROR_EQUAL(expected_add_result, WERR_INVALID_PARAMETER)) {
+		torture_assert(tctx,
+			test_EnumForms_find_one(tctx, b, handle, print_server, form_name),
+			"Newly added form not found in enum call");
+	}
+
+	torture_assert(tctx,
+		test_DeleteForm(tctx, b, handle, form_name, expected_delete_result),
+		"failed to delete form");
+
+	return true;
+}
+
+static bool test_Forms(struct torture_context *tctx,
+		       struct dcerpc_binding_handle *b,
+		       struct policy_handle *handle,
+		       bool print_server,
+		       const char *printer_name,
+		       struct dcerpc_binding_handle *winreg_handle,
+		       struct policy_handle *hive_handle)
+{
+	const struct spoolss_FormSize size = {
+		.width	= 50,
+		.height	= 25
+	};
+	const struct spoolss_FormArea area = {
+		.left	= 5,
+		.top	= 10,
+		.right	= 45,
+		.bottom	= 15
+	};
+	int i;
+
+	struct {
+		struct spoolss_AddFormInfo1 info1;
+		WERROR expected_add_result;
+		WERROR expected_delete_result;
+	} forms[] = {
+		{
+			.info1 = {
+				.flags		= SPOOLSS_FORM_USER,
+				.form_name	= "testform_user",
+				.size		= size,
+				.area		= area,
+			},
+			.expected_add_result	= WERR_OK,
+			.expected_delete_result	= WERR_OK
+		},
+/*
+		weird, we can add a builtin form but we can never remove it
+		again - gd
+
+		{
+			.info1 = {
+				.flags		= SPOOLSS_FORM_BUILTIN,
+				.form_name	= "testform_builtin",
+				.size		= size,
+				.area		= area,
+			},
+			.expected_add_result	= WERR_OK,
+			.expected_delete_result	= WERR_INVALID_PARAMETER,
+		},
+*/
+		{
+			.info1 = {
+				.flags		= SPOOLSS_FORM_PRINTER,
+				.form_name	= "testform_printer",
+				.size		= size,
+				.area		= area,
+			},
+			.expected_add_result	= WERR_OK,
+			.expected_delete_result	= WERR_OK
+		},
+		{
+			.info1 = {
+				.flags		= SPOOLSS_FORM_USER,
+				.form_name	= "Letter",
+				.size		= size,
+				.area		= area,
+			},
+			.expected_add_result	= WERR_FILE_EXISTS,
+			.expected_delete_result	= WERR_INVALID_PARAMETER
+		},
+		{
+			.info1 = {
+				.flags		= SPOOLSS_FORM_BUILTIN,
+				.form_name	= "Letter",
+				.size		= size,
+				.area		= area,
+			},
+			.expected_add_result	= WERR_FILE_EXISTS,
+			.expected_delete_result	= WERR_INVALID_PARAMETER
+		},
+		{
+			.info1 = {
+				.flags		= SPOOLSS_FORM_PRINTER,
+				.form_name	= "Letter",
+				.size		= size,
+				.area		= area,
+			},
+			.expected_add_result	= WERR_FILE_EXISTS,
+			.expected_delete_result	= WERR_INVALID_PARAMETER
+		},
+		{
+			.info1 = {
+				.flags		= 12345,
+				.form_name	= "invalid_flags",
+				.size		= size,
+				.area		= area,
+			},
+			.expected_add_result	= WERR_INVALID_PARAMETER,
+			.expected_delete_result	= WERR_INVALID_FORM_NAME
+		}
+
+	};
+
+	for (i=0; i < ARRAY_SIZE(forms); i++) {
+		torture_assert(tctx,
+			test_Forms_args(tctx, b, handle, print_server, printer_name,
+					winreg_handle, hive_handle,
+					forms[i].info1.form_name,
+					&forms[i].info1,
+					forms[i].expected_add_result,
+					forms[i].expected_delete_result),
+			talloc_asprintf(tctx, "failed to test form '%s'", forms[i].info1.form_name));
+	}
+
+	return true;
+}
+
+static bool test_EnumPorts_old(struct torture_context *tctx,
+			       void *private_data)
+{
+	struct test_spoolss_context *ctx =
+		talloc_get_type_abort(private_data, struct test_spoolss_context);
+
+	NTSTATUS status;
+	struct spoolss_EnumPorts r;
+	uint32_t needed;
+	uint32_t count;
+	union spoolss_PortInfo *info;
+	struct dcerpc_pipe *p = ctx->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.servername = talloc_asprintf(tctx, "\\\\%s",
+					  dcerpc_server_name(p));
+	r.in.level = 2;
+	r.in.buffer = NULL;
+	r.in.offered = 0;
+	r.out.needed = &needed;
+	r.out.count = &count;
+	r.out.info = &info;
+
+	torture_comment(tctx, "Testing EnumPorts\n");
+
+	status = dcerpc_spoolss_EnumPorts_r(b, tctx, &r);
+
+	torture_assert_ntstatus_ok(tctx, status, "EnumPorts failed");
+
+	if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {
+		DATA_BLOB blob = data_blob_talloc_zero(tctx, needed);
+		r.in.buffer = &blob;
+		r.in.offered = needed;
+
+		status = dcerpc_spoolss_EnumPorts_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "EnumPorts failed");
+		torture_assert_werr_ok(tctx, r.out.result, "EnumPorts failed");
+
+		torture_assert(tctx, info, "No ports returned");
+	}
+
+	torture_assert_werr_ok(tctx, r.out.result, "EnumPorts failed");
+
+	CHECK_NEEDED_SIZE_ENUM_LEVEL(spoolss_EnumPorts, info, 2, count, needed, 4);
+
+	return true;
+}
+
+static bool test_AddPort(struct torture_context *tctx,
+			 void *private_data)
+{
+	struct test_spoolss_context *ctx =
+		talloc_get_type_abort(private_data, struct test_spoolss_context);
+
+	NTSTATUS status;
+	struct spoolss_AddPort r;
+	struct dcerpc_pipe *p = ctx->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.server_name = talloc_asprintf(tctx, "\\\\%s",
+					   dcerpc_server_name(p));
+	r.in.unknown = 0;
+	r.in.monitor_name = "foo";
+
+	torture_comment(tctx, "Testing AddPort\n");
+
+	status = dcerpc_spoolss_AddPort_r(b, tctx, &r);
+
+	torture_assert_ntstatus_ok(tctx, status, "AddPort failed");
+
+	/* win2k3 returns WERR_NOT_SUPPORTED */
+
+#if 0
+
+	if (!W_ERROR_IS_OK(r.out.result)) {
+		printf("AddPort failed - %s\n", win_errstr(r.out.result));
+		return false;
+	}
+
+#endif
+
+	return true;
+}
+
+static bool test_GetJob_args(struct torture_context *tctx,
+			     struct dcerpc_binding_handle *b,
+			     struct policy_handle *handle,
+			     uint32_t job_id,
+			     uint32_t level,
+			     union spoolss_JobInfo *info_p)
+{
+	NTSTATUS status;
+	struct spoolss_GetJob r;
+	union spoolss_JobInfo info;
+	uint32_t needed;
+
+	r.in.handle = handle;
+	r.in.job_id = job_id;
+	r.in.level = level;
+	r.in.buffer = NULL;
+	r.in.offered = 0;
+	r.out.needed = &needed;
+	r.out.info = &info;
+
+	torture_comment(tctx, "Testing GetJob(%d), level %d\n", job_id, r.in.level);
+
+	status = dcerpc_spoolss_GetJob_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "GetJob failed");
+	if (level == 0) {
+		torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_LEVEL, "Unexpected return code");
+	}
+
+	if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {
+		DATA_BLOB blob = data_blob_talloc_zero(tctx, needed);
+		r.in.buffer = &blob;
+		r.in.offered = needed;
+
+		status = dcerpc_spoolss_GetJob_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "GetJob failed");
+	}
+
+	torture_assert_werr_ok(tctx, r.out.result, "GetJob failed");
+	torture_assert(tctx, r.out.info, "No job info returned");
+
+	CHECK_NEEDED_SIZE_LEVEL(spoolss_JobInfo, r.out.info, r.in.level, needed, 4);
+
+	if (info_p) {
+		*info_p = *r.out.info;
+	}
+
+	return true;
+}
+
+#if 0
+static bool test_GetJob(struct torture_context *tctx,
+			struct dcerpc_binding_handle *b,
+			struct policy_handle *handle,
+			uint32_t job_id)
+{
+	uint32_t levels[] = {0, 1, 2 /* 3, 4 */};
+	uint32_t i;
+
+	for (i=0; i < ARRAY_SIZE(levels); i++) {
+		torture_assert(tctx,
+			test_GetJob_args(tctx, b, handle, job_id, levels[i], NULL),
+			"GetJob failed");
+	}
+
+	return true;
+}
+#endif
+
+static bool test_SetJob(struct torture_context *tctx,
+			struct dcerpc_binding_handle *b,
+			struct policy_handle *handle,
+			uint32_t job_id,
+			struct spoolss_JobInfoContainer *ctr,
+			enum spoolss_JobControl command)
+{
+	NTSTATUS status;
+	struct spoolss_SetJob r;
+
+	r.in.handle	= handle;
+	r.in.job_id	= job_id;
+	r.in.ctr	= ctr;
+	r.in.command	= command;
+
+	switch (command) {
+	case SPOOLSS_JOB_CONTROL_PAUSE:
+		torture_comment(tctx, "Testing SetJob(%d), SPOOLSS_JOB_CONTROL_PAUSE\n", job_id);
+		break;
+	case SPOOLSS_JOB_CONTROL_RESUME:
+		torture_comment(tctx, "Testing SetJob(%d), SPOOLSS_JOB_CONTROL_RESUME\n", job_id);
+		break;
+	case SPOOLSS_JOB_CONTROL_CANCEL:
+		torture_comment(tctx, "Testing SetJob(%d), SPOOLSS_JOB_CONTROL_CANCEL\n", job_id);
+		break;
+	case SPOOLSS_JOB_CONTROL_RESTART:
+		torture_comment(tctx, "Testing SetJob(%d), SPOOLSS_JOB_CONTROL_RESTART\n", job_id);
+		break;
+	case SPOOLSS_JOB_CONTROL_DELETE:
+		torture_comment(tctx, "Testing SetJob(%d), SPOOLSS_JOB_CONTROL_DELETE\n", job_id);
+		break;
+	case SPOOLSS_JOB_CONTROL_SEND_TO_PRINTER:
+		torture_comment(tctx, "Testing SetJob(%d), SPOOLSS_JOB_CONTROL_SEND_TO_PRINTER\n", job_id);
+		break;
+	case SPOOLSS_JOB_CONTROL_LAST_PAGE_EJECTED:
+		torture_comment(tctx, "Testing SetJob(%d), SPOOLSS_JOB_CONTROL_LAST_PAGE_EJECTED\n", job_id);
+		break;
+	case SPOOLSS_JOB_CONTROL_RETAIN:
+		torture_comment(tctx, "Testing SetJob(%d), SPOOLSS_JOB_CONTROL_RETAIN\n", job_id);
+		break;
+	case SPOOLSS_JOB_CONTROL_RELEASE:
+		torture_comment(tctx, "Testing SetJob(%d), SPOOLSS_JOB_CONTROL_RELEASE\n", job_id);
+		break;
+	default:
+		torture_comment(tctx, "Testing SetJob(%d)\n", job_id);
+		break;
+	}
+
+	status = dcerpc_spoolss_SetJob_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "SetJob failed");
+	torture_assert_werr_ok(tctx, r.out.result, "SetJob failed");
+
+	return true;
+}
+
+static bool test_AddJob(struct torture_context *tctx,
+			struct dcerpc_binding_handle *b,
+			struct policy_handle *handle)
+{
+	NTSTATUS status;
+	struct spoolss_AddJob r;
+	uint32_t needed;
+
+	r.in.level = 0;
+	r.in.handle = handle;
+	r.in.offered = 0;
+	r.out.needed = &needed;
+	r.in.buffer = r.out.buffer = NULL;
+
+	torture_comment(tctx, "Testing AddJob\n");
+
+	status = dcerpc_spoolss_AddJob_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "AddJob failed");
+	torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_LEVEL, "AddJob failed");
+
+	r.in.level = 1;
+
+	status = dcerpc_spoolss_AddJob_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "AddJob failed");
+	torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_PARAMETER, "AddJob failed");
+
+	return true;
+}
+
+
+static bool test_EnumJobs_args(struct torture_context *tctx,
+			       struct dcerpc_binding_handle *b,
+			       struct policy_handle *handle,
+			       uint32_t level,
+			       WERROR werr_expected,
+			       uint32_t *count_p,
+			       union spoolss_JobInfo **info_p)
+{
+	NTSTATUS status;
+	struct spoolss_EnumJobs r;
+	uint32_t needed;
+	uint32_t count;
+	union spoolss_JobInfo *info;
+
+	r.in.handle = handle;
+	r.in.firstjob = 0;
+	r.in.numjobs = 0xffffffff;
+	r.in.level = level;
+	r.in.buffer = NULL;
+	r.in.offered = 0;
+	r.out.needed = &needed;
+	r.out.count = &count;
+	r.out.info = &info;
+
+	torture_comment(tctx, "Testing EnumJobs level %d\n", level);
+
+	status = dcerpc_spoolss_EnumJobs_r(b, tctx, &r);
+
+	torture_assert_ntstatus_ok(tctx, status, "EnumJobs failed");
+
+	if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {
+		DATA_BLOB blob = data_blob_talloc_zero(tctx, needed);
+		r.in.buffer = &blob;
+		r.in.offered = needed;
+
+		status = dcerpc_spoolss_EnumJobs_r(b, tctx, &r);
+
+		torture_assert_ntstatus_ok(tctx, status, "EnumJobs failed");
+		torture_assert_werr_equal(tctx, r.out.result, werr_expected,
+					  "EnumJobs failed");
+		torture_assert(tctx, info, "No jobs returned");
+
+		CHECK_NEEDED_SIZE_ENUM_LEVEL(spoolss_EnumJobs, *r.out.info, r.in.level, count, needed, 4);
+
+	} else {
+		torture_assert_werr_equal(tctx, r.out.result, werr_expected,
+					  "EnumJobs failed");
+	}
+
+	if (count_p) {
+		*count_p = count;
+	}
+	if (info_p) {
+		*info_p = info;
+	}
+
+	return true;
+}
+
+static bool test_JobPropertiesEnum(struct torture_context *tctx,
+				   struct dcerpc_binding_handle *b,
+				   struct policy_handle *handle,
+				   uint32_t job_id)
+{
+	struct spoolss_EnumJobNamedProperties r;
+	uint32_t pcProperties = 0;
+	struct spoolss_PrintNamedProperty *ppProperties = NULL;
+
+	r.in.hPrinter = handle;
+	r.in.JobId = job_id;
+	r.out.pcProperties = &pcProperties;
+	r.out.ppProperties = &ppProperties;
+
+	torture_comment(tctx, "Testing EnumJobNamedProperties(%d)\n", job_id);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_EnumJobNamedProperties_r(b, tctx, &r),
+		"spoolss_EnumJobNamedProperties failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+		"spoolss_EnumJobNamedProperties failed");
+
+	return true;
+}
+
+static bool test_JobPropertySet(struct torture_context *tctx,
+				struct dcerpc_binding_handle *b,
+				struct policy_handle *handle,
+				uint32_t job_id,
+				struct spoolss_PrintNamedProperty *property)
+{
+	struct spoolss_SetJobNamedProperty r;
+
+	r.in.hPrinter = handle;
+	r.in.JobId = job_id;
+	r.in.pProperty = property;
+
+	torture_comment(tctx, "Testing SetJobNamedProperty(%d) %s - %d\n",
+		job_id, property->propertyName,
+		property->propertyValue.ePropertyType);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_SetJobNamedProperty_r(b, tctx, &r),
+		"spoolss_SetJobNamedProperty failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+		"spoolss_SetJobNamedProperty failed");
+
+	return true;
+}
+
+static bool test_JobPropertyGetValue(struct torture_context *tctx,
+				     struct dcerpc_binding_handle *b,
+				     struct policy_handle *handle,
+				     uint32_t job_id,
+				     const char *property_name,
+				     struct spoolss_PrintPropertyValue *value)
+{
+	struct spoolss_GetJobNamedPropertyValue r;
+
+	r.in.hPrinter = handle;
+	r.in.JobId = job_id;
+	r.in.pszName = property_name;
+	r.out.pValue = value;
+
+	torture_comment(tctx, "Testing GetJobNamedPropertyValue(%d) %s\n",
+		job_id, property_name);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_GetJobNamedPropertyValue_r(b, tctx, &r),
+		"spoolss_GetJobNamedPropertyValue failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+		"spoolss_GetJobNamedPropertyValue failed");
+
+	return true;
+}
+
+static bool test_JobPropertyDelete(struct torture_context *tctx,
+				   struct dcerpc_binding_handle *b,
+				   struct policy_handle *handle,
+				   uint32_t job_id,
+				   const char *property_name)
+{
+	struct spoolss_DeleteJobNamedProperty r;
+
+	r.in.hPrinter = handle;
+	r.in.JobId = job_id;
+	r.in.pszName = property_name;
+
+	torture_comment(tctx, "Testing DeleteJobNamedProperty(%d) %s\n",
+		job_id, property_name);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_DeleteJobNamedProperty_r(b, tctx, &r),
+		"spoolss_DeleteJobNamedProperty failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+		"spoolss_DeleteJobNamedProperty failed");
+
+	return true;
+}
+
+static bool test_DoPrintTest_add_one_job_common(struct torture_context *tctx,
+					 struct dcerpc_binding_handle *b,
+					 struct policy_handle *handle,
+					 const char *document_name,
+					 const char *datatype,
+					 uint32_t *job_id)
+{
+	NTSTATUS status;
+	struct spoolss_StartDocPrinter s;
+	struct spoolss_DocumentInfoCtr info_ctr;
+	struct spoolss_DocumentInfo1 info1;
+	struct spoolss_StartPagePrinter sp;
+	struct spoolss_WritePrinter w;
+	struct spoolss_EndPagePrinter ep;
+	struct spoolss_EndDocPrinter e;
+	int i;
+	uint32_t num_written;
+
+	torture_comment(tctx, "Testing StartDocPrinter\n");
+
+	s.in.handle		= handle;
+	s.in.info_ctr		= &info_ctr;
+	s.out.job_id		= job_id;
+
+	info1.document_name	= document_name;
+	info1.output_file	= NULL;
+	info1.datatype		= datatype;
+
+	info_ctr.level		= 1;
+	info_ctr.info.info1	= &info1;
+
+	status = dcerpc_spoolss_StartDocPrinter_r(b, tctx, &s);
+	torture_assert_ntstatus_ok(tctx, status, "dcerpc_spoolss_StartDocPrinter failed");
+	torture_assert_werr_ok(tctx, s.out.result, "StartDocPrinter failed");
+
+	for (i=1; i < 4; i++) {
+		union spoolss_JobInfo ginfo;
+		bool ok;
+
+		torture_comment(tctx, "Testing StartPagePrinter: Page[%d], JobId[%d]\n", i, *job_id);
+
+		sp.in.handle		= handle;
+
+		status = dcerpc_spoolss_StartPagePrinter_r(b, tctx, &sp);
+		torture_assert_ntstatus_ok(tctx, status,
+					   "dcerpc_spoolss_StartPagePrinter failed");
+		torture_assert_werr_ok(tctx, sp.out.result, "StartPagePrinter failed");
+
+		ok = test_GetJob_args(tctx, b, handle, *job_id, 1, &ginfo);
+		if (!ok) {
+			torture_comment(tctx, "test_GetJob failed for JobId[%d]\n", *job_id);
+		}
+
+		torture_comment(tctx, "Testing WritePrinter: Page[%d], JobId[%d]\n", i, *job_id);
+
+		w.in.handle		= handle;
+		w.in.data		= data_blob_string_const(talloc_asprintf(tctx,"TortureTestPage: %d\nData\n",i));
+		w.out.num_written	= &num_written;
+
+		status = dcerpc_spoolss_WritePrinter_r(b, tctx, &w);
+		torture_assert_ntstatus_ok(tctx, status, "dcerpc_spoolss_WritePrinter failed");
+		torture_assert_werr_ok(tctx, w.out.result, "WritePrinter failed");
+
+		torture_comment(tctx, "Testing EndPagePrinter: Page[%d], JobId[%d]\n", i, *job_id);
+
+		ep.in.handle		= handle;
+
+		status = dcerpc_spoolss_EndPagePrinter_r(b, tctx, &ep);
+		torture_assert_ntstatus_ok(tctx, status, "dcerpc_spoolss_EndPagePrinter failed");
+		torture_assert_werr_ok(tctx, ep.out.result, "EndPagePrinter failed");
+	}
+
+	torture_comment(tctx, "Testing EndDocPrinter: JobId[%d]\n", *job_id);
+
+	e.in.handle = handle;
+
+	status = dcerpc_spoolss_EndDocPrinter_r(b, tctx, &e);
+	torture_assert_ntstatus_ok(tctx, status, "dcerpc_spoolss_EndDocPrinter failed");
+	torture_assert_werr_ok(tctx, e.out.result, "EndDocPrinter failed");
+
+	return true;
+}
+
+static bool test_DoPrintTest_add_one_job(struct torture_context *tctx,
+					 struct dcerpc_binding_handle *b,
+					 struct policy_handle *handle,
+					 const char *document_name,
+					 uint32_t *job_id)
+{
+	test_DoPrintTest_add_one_job_common(tctx, b, handle, document_name, "RAW", job_id);
+
+	return true;
+}
+
+static bool test_DoPrintTest_add_one_job_v4(struct torture_context *tctx,
+					 struct dcerpc_binding_handle *b,
+					 struct policy_handle *handle,
+					 const char *document_name,
+					 uint32_t *job_id)
+{
+	test_DoPrintTest_add_one_job_common(tctx, b, handle, document_name, "XPS_PASS", job_id);
+
+	return true;
+}
+
+
+static bool test_DoPrintTest_check_jobs(struct torture_context *tctx,
+					struct dcerpc_binding_handle *b,
+					struct policy_handle *handle,
+					uint32_t num_jobs,
+					uint32_t *job_ids)
+{
+	uint32_t count;
+	union spoolss_JobInfo *info = NULL;
+	int i;
+
+	torture_assert(tctx,
+		test_AddJob(tctx, b, handle),
+		"AddJob failed");
+
+	torture_assert(tctx,
+		test_EnumJobs_args(tctx, b, handle, 1, WERR_OK, &count, &info),
+		"EnumJobs level 1 failed");
+
+	torture_assert_int_equal(tctx, count, num_jobs, "unexpected number of jobs in queue");
+
+	for (i=0; i < num_jobs; i++) {
+		union spoolss_JobInfo ginfo;
+		const char *document_name;
+		const char *new_document_name = "any_other_docname";
+		struct spoolss_JobInfoContainer ctr;
+		struct spoolss_SetJobInfo1 info1;
+
+		torture_assert_int_equal(tctx, info[i].info1.job_id, job_ids[i], "job id mismatch");
+
+		torture_assert(tctx,
+			test_GetJob_args(tctx, b, handle, info[i].info1.job_id, 1, &ginfo),
+			"failed to call test_GetJob");
+
+		torture_assert_int_equal(tctx, ginfo.info1.job_id, info[i].info1.job_id, "job id mismatch");
+
+		document_name = ginfo.info1.document_name;
+
+		info1.job_id		= ginfo.info1.job_id;
+		info1.printer_name	= ginfo.info1.printer_name;
+		info1.server_name	= ginfo.info1.server_name;
+		info1.user_name		= ginfo.info1.user_name;
+		info1.document_name	= new_document_name;
+		info1.data_type		= ginfo.info1.data_type;
+		info1.text_status	= ginfo.info1.text_status;
+		info1.status		= ginfo.info1.status;
+		info1.priority		= ginfo.info1.priority;
+		info1.position		= ginfo.info1.position;
+		info1.total_pages	= ginfo.info1.total_pages;
+		info1.pages_printed	= ginfo.info1.pages_printed;
+		info1.submitted		= ginfo.info1.submitted;
+
+		ctr.level = 1;
+		ctr.info.info1 = &info1;
+
+		torture_assert(tctx,
+			test_SetJob(tctx, b, handle, info[i].info1.job_id, &ctr, 0),
+			"failed to call test_SetJob level 1");
+
+		torture_assert(tctx,
+			test_GetJob_args(tctx, b, handle, info[i].info1.job_id, 1, &ginfo),
+			"failed to call test_GetJob");
+
+		if (strequal(ginfo.info1.document_name, document_name)) {
+			torture_warning(tctx,
+					"document_name did *NOT* change from '%s' to '%s'\n",
+					document_name, new_document_name);
+		}
+	}
+
+	for (i=0; i < num_jobs; i++) {
+		if (!test_SetJob(tctx, b, handle, info[i].info1.job_id, NULL, SPOOLSS_JOB_CONTROL_PAUSE)) {
+			torture_warning(tctx, "failed to pause printjob\n");
+		}
+		if (!test_SetJob(tctx, b, handle, info[i].info1.job_id, NULL, SPOOLSS_JOB_CONTROL_RESUME)) {
+			torture_warning(tctx, "failed to resume printjob\n");
+		}
+	}
+
+	return true;
+}
+
+static bool test_DoPrintTest(struct torture_context *tctx,
+			     struct dcerpc_binding_handle *b,
+			     struct policy_handle *handle)
+{
+	bool ret = true;
+	uint32_t num_jobs = 8;
+	uint32_t *job_ids;
+	int i;
+
+	torture_comment(tctx, "Testing real print operations\n");
+
+	job_ids = talloc_zero_array(tctx, uint32_t, num_jobs);
+
+	for (i=0; i < num_jobs; i++) {
+		ret &= test_DoPrintTest_add_one_job(tctx, b, handle, "TorturePrintJob", &job_ids[i]);
+	}
+
+	for (i=0; i < num_jobs; i++) {
+		ret &= test_SetJob(tctx, b, handle, job_ids[i], NULL, SPOOLSS_JOB_CONTROL_DELETE);
+	}
+
+	for (i=0; i < num_jobs; i++) {
+		ret &= test_DoPrintTest_add_one_job_v4(tctx, b, handle, "TorturePrintJob v4", &job_ids[i]);
+	}
+
+	for (i=0; i < num_jobs; i++) {
+		ret &= test_SetJob(tctx, b, handle, job_ids[i], NULL, SPOOLSS_JOB_CONTROL_DELETE);
+	}
+
+	if (ret == true) {
+		torture_comment(tctx, "real print operations test succeeded\n\n");
+	}
+
+	return ret;
+}
+
+static bool test_DoPrintTest_extended(struct torture_context *tctx,
+				      struct dcerpc_binding_handle *b,
+				      struct policy_handle *handle)
+{
+	bool ret = true;
+	uint32_t num_jobs = 8;
+	uint32_t *job_ids;
+	int i;
+	torture_comment(tctx, "Testing real print operations (extended)\n");
+
+	job_ids = talloc_zero_array(tctx, uint32_t, num_jobs);
+
+	for (i=0; i < num_jobs; i++) {
+		ret &= test_DoPrintTest_add_one_job(tctx, b, handle, "TorturePrintJob", &job_ids[i]);
+	}
+
+	ret &= test_DoPrintTest_check_jobs(tctx, b, handle, num_jobs, job_ids);
+
+	for (i=0; i < num_jobs; i++) {
+		ret &= test_SetJob(tctx, b, handle, job_ids[i], NULL, SPOOLSS_JOB_CONTROL_DELETE);
+	}
+
+	if (ret == true) {
+		torture_comment(tctx, "real print operations (extended) test succeeded\n\n");
+	}
+
+	return ret;
+}
+
+static bool test_JobPrintProperties_equal(struct torture_context *tctx,
+					  struct spoolss_PrintPropertyValue *got,
+					  struct spoolss_PrintNamedProperty *exp)
+{
+	torture_assert_int_equal(tctx,
+				 got->ePropertyType,
+				 exp->propertyValue.ePropertyType,
+				 "ePropertyType");
+
+	switch (exp->propertyValue.ePropertyType) {
+	case kRpcPropertyTypeString:
+		torture_assert_str_equal(tctx,
+					 got->value.propertyString,
+					 exp->propertyValue.value.propertyString,
+					 "propertyString");
+		break;
+	case kRpcPropertyTypeInt32:
+		torture_assert_int_equal(tctx,
+					 got->value.propertyInt32,
+					 exp->propertyValue.value.propertyInt32,
+					 "propertyInt32");
+		break;
+	case kRpcPropertyTypeInt64:
+		torture_assert_u64_equal(tctx,
+					 got->value.propertyInt64,
+					 exp->propertyValue.value.propertyInt64,
+					 "propertyInt64");
+		break;
+	case kRpcPropertyTypeByte:
+		torture_assert_int_equal(tctx,
+					 got->value.propertyByte,
+					 exp->propertyValue.value.propertyByte,
+					 "propertyByte");
+		break;
+	case kRpcPropertyTypeBuffer:
+		torture_assert_int_equal(tctx,
+					 got->value.propertyBlob.cbBuf,
+					 exp->propertyValue.value.propertyBlob.cbBuf,
+					 "propertyBlob.cbBuf");
+		torture_assert_mem_equal(tctx,
+					 got->value.propertyBlob.pBuf,
+					 exp->propertyValue.value.propertyBlob.pBuf,
+					 exp->propertyValue.value.propertyBlob.cbBuf,
+					 "propertyBlob.pBuf");
+
+		break;
+
+	}
+
+	return true;
+}
+
+static bool test_JobPrintProperties(struct torture_context *tctx,
+				    struct dcerpc_binding_handle *b,
+				    struct policy_handle *handle,
+				    uint32_t job_id)
+{
+	struct spoolss_PrintNamedProperty in;
+	struct spoolss_PrintPropertyValue out;
+	int i;
+	DATA_BLOB blob = data_blob_string_const("blob");
+	struct {
+		const char *property_name;
+		enum spoolss_EPrintPropertyType type;
+		union spoolss_PrintPropertyValueUnion value;
+		WERROR expected_result;
+	} tests[] = {
+		{
+			.property_name			= "torture_property_string",
+			.type				= kRpcPropertyTypeString,
+			.value.propertyString		= "torture_property_value_string",
+		},{
+			.property_name			= "torture_property_int32",
+			.type				= kRpcPropertyTypeInt32,
+			.value.propertyInt32		= 42,
+		},{
+			.property_name			= "torture_property_int64",
+			.type				= kRpcPropertyTypeInt64,
+			.value.propertyInt64		= 0xaffe,
+		},{
+			.property_name			= "torture_property_byte",
+			.type				= kRpcPropertyTypeByte,
+			.value.propertyByte		= 0xab,
+		},{
+			.property_name			= "torture_property_buffer",
+			.type				= kRpcPropertyTypeBuffer,
+			.value.propertyBlob.cbBuf	= blob.length,
+			.value.propertyBlob.pBuf	= blob.data,
+		}
+	};
+
+	torture_assert(tctx,
+		test_JobPropertiesEnum(tctx, b, handle, job_id),
+		"failed to enum properties");
+
+	for (i=0; i <ARRAY_SIZE(tests); i++) {
+
+		in.propertyName			= tests[i].property_name;
+		in.propertyValue.ePropertyType	= tests[i].type;
+		in.propertyValue.value		= tests[i].value;
+
+		torture_assert(tctx,
+			test_JobPropertySet(tctx, b, handle, job_id, &in),
+			"failed to set property");
+
+		torture_assert(tctx,
+			test_JobPropertyGetValue(tctx, b, handle, job_id, in.propertyName, &out),
+			"failed to get property");
+
+		torture_assert(tctx,
+			test_JobPrintProperties_equal(tctx, &out, &in),
+			"property unequal");
+
+		torture_assert(tctx,
+			test_JobPropertiesEnum(tctx, b, handle, job_id),
+			"failed to enum properties");
+
+		torture_assert(tctx,
+			test_JobPropertyDelete(tctx, b, handle, job_id, in.propertyName),
+			"failed to delete job property");
+	}
+
+	torture_assert(tctx,
+		test_JobPropertiesEnum(tctx, b, handle, job_id),
+		"failed to enum properties");
+
+	return true;
+}
+
+static bool test_DoPrintTest_properties(struct torture_context *tctx,
+					struct dcerpc_binding_handle *b,
+					struct policy_handle *handle)
+{
+	uint32_t num_jobs = 8;
+	uint32_t *job_ids;
+	int i;
+	torture_comment(tctx, "Testing real print operations (properties)\n");
+
+	job_ids = talloc_zero_array(tctx, uint32_t, num_jobs);
+
+	for (i=0; i < num_jobs; i++) {
+		torture_assert(tctx,
+			test_DoPrintTest_add_one_job(tctx, b, handle, "TorturePrintJob", &job_ids[i]),
+			"failed to create print job");
+	}
+
+	for (i=0; i < num_jobs; i++) {
+		torture_assert(tctx,
+			test_JobPrintProperties(tctx, b, handle, job_ids[i]),
+			"failed to test job properties");
+	}
+
+
+	for (i=0; i < num_jobs; i++) {
+		torture_assert(tctx,
+			test_SetJob(tctx, b, handle, job_ids[i], NULL, SPOOLSS_JOB_CONTROL_DELETE),
+			"failed to delete printjob");
+	}
+
+	torture_comment(tctx, "real print operations (properties) test succeeded\n\n");
+
+	return true;
+}
+
+static bool test_PausePrinter(struct torture_context *tctx,
+			      struct dcerpc_binding_handle *b,
+			      struct policy_handle *handle)
+{
+	NTSTATUS status;
+	struct spoolss_SetPrinter r;
+	struct spoolss_SetPrinterInfoCtr info_ctr;
+	struct spoolss_DevmodeContainer devmode_ctr;
+	struct sec_desc_buf secdesc_ctr;
+
+	info_ctr.level = 0;
+	info_ctr.info.info0 = NULL;
+
+	ZERO_STRUCT(devmode_ctr);
+	ZERO_STRUCT(secdesc_ctr);
+
+	r.in.handle		= handle;
+	r.in.info_ctr		= &info_ctr;
+	r.in.devmode_ctr	= &devmode_ctr;
+	r.in.secdesc_ctr	= &secdesc_ctr;
+	r.in.command		= SPOOLSS_PRINTER_CONTROL_PAUSE;
+
+	torture_comment(tctx, "Testing SetPrinter: SPOOLSS_PRINTER_CONTROL_PAUSE\n");
+
+	status = dcerpc_spoolss_SetPrinter_r(b, tctx, &r);
+
+	torture_assert_ntstatus_ok(tctx, status, "SetPrinter failed");
+
+	torture_assert_werr_ok(tctx, r.out.result, "SetPrinter failed");
+
+	return true;
+}
+
+static bool test_ResumePrinter(struct torture_context *tctx,
+			       struct dcerpc_binding_handle *b,
+			       struct policy_handle *handle)
+{
+	NTSTATUS status;
+	struct spoolss_SetPrinter r;
+	struct spoolss_SetPrinterInfoCtr info_ctr;
+	struct spoolss_DevmodeContainer devmode_ctr;
+	struct sec_desc_buf secdesc_ctr;
+
+	info_ctr.level = 0;
+	info_ctr.info.info0 = NULL;
+
+	ZERO_STRUCT(devmode_ctr);
+	ZERO_STRUCT(secdesc_ctr);
+
+	r.in.handle		= handle;
+	r.in.info_ctr		= &info_ctr;
+	r.in.devmode_ctr	= &devmode_ctr;
+	r.in.secdesc_ctr	= &secdesc_ctr;
+	r.in.command		= SPOOLSS_PRINTER_CONTROL_RESUME;
+
+	torture_comment(tctx, "Testing SetPrinter: SPOOLSS_PRINTER_CONTROL_RESUME\n");
+
+	status = dcerpc_spoolss_SetPrinter_r(b, tctx, &r);
+
+	torture_assert_ntstatus_ok(tctx, status, "SetPrinter failed");
+
+	torture_assert_werr_ok(tctx, r.out.result, "SetPrinter failed");
+
+	return true;
+}
+
+static bool test_printer_purge(struct torture_context *tctx,
+			       struct dcerpc_binding_handle *b,
+			       struct policy_handle *handle)
+{
+	NTSTATUS status;
+	struct spoolss_SetPrinter r;
+	struct spoolss_SetPrinterInfoCtr info_ctr;
+	struct spoolss_DevmodeContainer devmode_ctr;
+	struct sec_desc_buf secdesc_ctr;
+
+	info_ctr.level = 0;
+	info_ctr.info.info0 = NULL;
+
+	ZERO_STRUCT(devmode_ctr);
+	ZERO_STRUCT(secdesc_ctr);
+
+	r.in.handle		= handle;
+	r.in.info_ctr		= &info_ctr;
+	r.in.devmode_ctr	= &devmode_ctr;
+	r.in.secdesc_ctr	= &secdesc_ctr;
+	r.in.command		= SPOOLSS_PRINTER_CONTROL_PURGE;
+
+	torture_comment(tctx, "Testing SetPrinter: SPOOLSS_PRINTER_CONTROL_PURGE\n");
+
+	status = dcerpc_spoolss_SetPrinter_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "SetPrinter failed");
+	torture_assert_werr_ok(tctx, r.out.result, "SetPrinter failed");
+
+	return true;
+}
+
+static bool test_GetPrinterData_checktype(struct torture_context *tctx,
+					  struct dcerpc_binding_handle *b,
+					  struct policy_handle *handle,
+					  const char *value_name,
+					  enum winreg_Type *expected_type,
+					  enum winreg_Type *type_p,
+					  uint8_t **data_p,
+					  uint32_t *needed_p)
+{
+	NTSTATUS status;
+	struct spoolss_GetPrinterData r;
+	uint32_t needed;
+	enum winreg_Type type;
+	union spoolss_PrinterData data;
+
+	r.in.handle = handle;
+	r.in.value_name = value_name;
+	r.in.offered = 0;
+	r.out.needed = &needed;
+	r.out.type = &type;
+	r.out.data = talloc_zero_array(tctx, uint8_t, r.in.offered);
+
+	torture_comment(tctx, "Testing GetPrinterData(%s)\n", r.in.value_name);
+
+	status = dcerpc_spoolss_GetPrinterData_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "GetPrinterData failed");
+
+	if (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA)) {
+		if (expected_type) {
+			torture_assert_int_equal(tctx, type, *expected_type, "unexpected type");
+		}
+		r.in.offered = needed;
+		r.out.data = talloc_zero_array(tctx, uint8_t, r.in.offered);
+		status = dcerpc_spoolss_GetPrinterData_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "GetPrinterData failed");
+	}
+
+	torture_assert_werr_ok(tctx, r.out.result,
+		talloc_asprintf(tctx, "GetPrinterData(%s) failed", r.in.value_name));
+
+	CHECK_NEEDED_SIZE_LEVEL(spoolss_PrinterData, &data, type, needed, 1);
+
+	if (type_p) {
+		*type_p = type;
+	}
+
+	if (data_p) {
+		*data_p = r.out.data;
+	}
+
+	if (needed_p) {
+		*needed_p = needed;
+	}
+
+	return true;
+}
+
+static bool test_GetPrinterData(struct torture_context *tctx,
+				struct dcerpc_binding_handle *b,
+				struct policy_handle *handle,
+				const char *value_name,
+				enum winreg_Type *type_p,
+				uint8_t **data_p,
+				uint32_t *needed_p)
+{
+	return test_GetPrinterData_checktype(tctx, b, handle, value_name,
+					     NULL, type_p, data_p, needed_p);
+}
+
+static bool test_GetPrinterDataEx_checktype(struct torture_context *tctx,
+					    struct dcerpc_pipe *p,
+					    struct policy_handle *handle,
+					    const char *key_name,
+					    const char *value_name,
+					    enum winreg_Type *expected_type,
+					    enum winreg_Type *type_p,
+					    uint8_t **data_p,
+					    uint32_t *needed_p)
+{
+	NTSTATUS status;
+	struct spoolss_GetPrinterDataEx r;
+	enum winreg_Type type;
+	uint32_t needed;
+	union spoolss_PrinterData data;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.handle = handle;
+	r.in.key_name = key_name;
+	r.in.value_name = value_name;
+	r.in.offered = 0;
+	r.out.type = &type;
+	r.out.needed = &needed;
+	r.out.data = talloc_zero_array(tctx, uint8_t, r.in.offered);
+
+	torture_comment(tctx, "Testing GetPrinterDataEx(%s - %s)\n",
+		r.in.key_name, r.in.value_name);
+
+	status = dcerpc_spoolss_GetPrinterDataEx_r(b, tctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) {
+			torture_skip(tctx, "GetPrinterDataEx not supported by server\n");
+		}
+		torture_assert_ntstatus_ok(tctx, status, "GetPrinterDataEx failed");
+	}
+
+	if (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA)) {
+		if (expected_type) {
+			torture_assert_int_equal(tctx, type, *expected_type, "unexpected type");
+		}
+		r.in.offered = needed;
+		r.out.data = talloc_zero_array(tctx, uint8_t, r.in.offered);
+		status = dcerpc_spoolss_GetPrinterDataEx_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "GetPrinterDataEx failed");
+	}
+
+	torture_assert_werr_ok(tctx, r.out.result,
+		talloc_asprintf(tctx, "GetPrinterDataEx(%s - %s) failed", r.in.key_name, r.in.value_name));
+
+	CHECK_NEEDED_SIZE_LEVEL(spoolss_PrinterData, &data, type, needed, 1);
+
+	if (type_p) {
+		*type_p = type;
+	}
+
+	if (data_p) {
+		*data_p = r.out.data;
+	}
+
+	if (needed_p) {
+		*needed_p = needed;
+	}
+
+	return true;
+}
+
+static bool test_GetPrinterDataEx(struct torture_context *tctx,
+				  struct dcerpc_pipe *p,
+				  struct policy_handle *handle,
+				  const char *key_name,
+				  const char *value_name,
+				  enum winreg_Type *type_p,
+				  uint8_t **data_p,
+				  uint32_t *needed_p)
+{
+	return test_GetPrinterDataEx_checktype(tctx, p, handle, key_name, value_name,
+					       NULL, type_p, data_p, needed_p);
+}
+
+static bool test_get_environment(struct torture_context *tctx,
+				 struct dcerpc_binding_handle *b,
+				 struct policy_handle *handle,
+				 const char **architecture)
+{
+	DATA_BLOB blob;
+	enum winreg_Type type;
+	uint8_t *data;
+	uint32_t needed;
+
+	torture_assert(tctx,
+		test_GetPrinterData(tctx, b, handle, "Architecture", &type, &data, &needed),
+		"failed to get Architecture");
+
+	torture_assert_int_equal(tctx, type, REG_SZ, "unexpected type");
+
+	blob = data_blob_const(data, needed);
+	*architecture = reg_val_data_string(tctx, REG_SZ, blob);
+
+	return true;
+}
+
+static bool test_GetPrinterData_list(struct torture_context *tctx,
+				     void *private_data)
+{
+	struct test_spoolss_context *ctx =
+		talloc_get_type_abort(private_data, struct test_spoolss_context);
+	struct dcerpc_pipe *p = ctx->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	const char *list[] = {
+		"W3SvcInstalled",
+		"BeepEnabled",
+		"EventLog",
+		/* "NetPopup", not on w2k8 */
+		/* "NetPopupToComputer", not on w2k8 */
+		"MajorVersion",
+		"MinorVersion",
+		"DefaultSpoolDirectory",
+		"Architecture",
+		"DsPresent",
+		"OSVersion",
+		/* "OSVersionEx", not on s3 */
+		"DNSMachineName"
+	};
+	int i;
+
+	for (i=0; i < ARRAY_SIZE(list); i++) {
+		enum winreg_Type type = REG_NONE;
+		enum winreg_Type type_ex1 = REG_NONE;
+		enum winreg_Type type_ex2 = REG_NONE;
+		uint8_t *data;
+		uint8_t *data_ex1 = NULL;
+		uint8_t *data_ex2 = NULL;
+		uint32_t needed;
+		uint32_t needed_ex1 = 0;
+		uint32_t needed_ex2 = 0;
+
+		torture_assert(tctx, test_GetPrinterData(tctx, b, &ctx->server_handle, list[i], &type, &data, &needed),
+			talloc_asprintf(tctx, "GetPrinterData failed on %s\n", list[i]));
+		torture_assert(tctx, test_GetPrinterDataEx(tctx, p, &ctx->server_handle, "random_string", list[i], &type_ex1, &data_ex1, &needed_ex1),
+			talloc_asprintf(tctx, "GetPrinterDataEx failed on %s\n", list[i]));
+		torture_assert(tctx, test_GetPrinterDataEx(tctx, p, &ctx->server_handle, "", list[i], &type_ex2, &data_ex2, &needed_ex2),
+			talloc_asprintf(tctx, "GetPrinterDataEx failed on %s\n", list[i]));
+		torture_assert_int_equal(tctx, type, type_ex1, "type mismatch");
+		torture_assert_int_equal(tctx, type, type_ex2, "type mismatch");
+		torture_assert_int_equal(tctx, needed, needed_ex1, "needed mismatch");
+		torture_assert_int_equal(tctx, needed, needed_ex2, "needed mismatch");
+		torture_assert_mem_equal(tctx, data, data_ex1, needed, "data mismatch");
+		torture_assert_mem_equal(tctx, data, data_ex2, needed, "data mismatch");
+	}
+
+	return true;
+}
+
+static bool test_EnumPrinterData(struct torture_context *tctx,
+				 struct dcerpc_pipe *p,
+				 struct policy_handle *handle,
+				 uint32_t enum_index,
+				 uint32_t value_offered,
+				 uint32_t data_offered,
+				 enum winreg_Type *type_p,
+				 uint32_t *value_needed_p,
+				 uint32_t *data_needed_p,
+				 const char **value_name_p,
+				 uint8_t **data_p,
+				 WERROR *result_p)
+{
+	struct spoolss_EnumPrinterData r;
+	uint32_t data_needed;
+	uint32_t value_needed;
+	enum winreg_Type type;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.handle = handle;
+	r.in.enum_index = enum_index;
+	r.in.value_offered = value_offered;
+	r.in.data_offered = data_offered;
+	r.out.data_needed = &data_needed;
+	r.out.value_needed = &value_needed;
+	r.out.type = &type;
+	r.out.data = talloc_zero_array(tctx, uint8_t, r.in.data_offered);
+	r.out.value_name = talloc_zero_array(tctx, const char, r.in.value_offered);
+
+	torture_comment(tctx, "Testing EnumPrinterData(%d)\n", enum_index);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_EnumPrinterData_r(b, tctx, &r),
+		"EnumPrinterData failed");
+
+	if (type_p) {
+		*type_p = type;
+	}
+	if (value_needed_p) {
+		*value_needed_p = value_needed;
+	}
+	if (data_needed_p) {
+		*data_needed_p = data_needed;
+	}
+	if (value_name_p) {
+		*value_name_p = r.out.value_name;
+	}
+	if (data_p) {
+		*data_p = r.out.data;
+	}
+	if (result_p) {
+		*result_p = r.out.result;
+	}
+
+	return true;
+}
+
+
+static bool test_EnumPrinterData_all(struct torture_context *tctx,
+				     struct dcerpc_pipe *p,
+				     struct policy_handle *handle)
+{
+	uint32_t enum_index = 0;
+	enum winreg_Type type;
+	uint32_t value_needed;
+	uint32_t data_needed;
+	uint8_t *data;
+	const char *value_name;
+	WERROR result;
+
+	torture_comment(tctx, "Testing EnumPrinterData\n");
+
+	do {
+		torture_assert(tctx,
+			test_EnumPrinterData(tctx, p, handle, enum_index, 0, 0,
+					     &type, &value_needed, &data_needed,
+					     &value_name, &data, &result),
+			"EnumPrinterData failed");
+
+		if (W_ERROR_EQUAL(result, WERR_NO_MORE_ITEMS)) {
+			break;
+		}
+
+		torture_assert(tctx,
+			test_EnumPrinterData(tctx, p, handle, enum_index, value_needed, data_needed,
+					     &type, &value_needed, &data_needed,
+					     &value_name, &data, &result),
+			"EnumPrinterData failed");
+
+		if (W_ERROR_EQUAL(result, WERR_NO_MORE_ITEMS)) {
+			break;
+		}
+
+		enum_index++;
+
+	} while (W_ERROR_IS_OK(result));
+
+	torture_comment(tctx, "EnumPrinterData test succeeded\n");
+
+	return true;
+}
+
+static bool test_EnumPrinterDataEx(struct torture_context *tctx,
+				   struct dcerpc_binding_handle *b,
+				   struct policy_handle *handle,
+				   const char *key_name,
+				   uint32_t *count_p,
+				   struct spoolss_PrinterEnumValues **info_p)
+{
+	struct spoolss_EnumPrinterDataEx r;
+	struct spoolss_PrinterEnumValues *info;
+	uint32_t needed;
+	uint32_t count;
+
+	r.in.handle = handle;
+	r.in.key_name = key_name;
+	r.in.offered = 0;
+	r.out.needed = &needed;
+	r.out.count = &count;
+	r.out.info = &info;
+
+	torture_comment(tctx, "Testing EnumPrinterDataEx(%s)\n", key_name);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_spoolss_EnumPrinterDataEx_r(b, tctx, &r),
+		"EnumPrinterDataEx failed");
+	if (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA)) {
+		r.in.offered = needed;
+		torture_assert_ntstatus_ok(tctx, dcerpc_spoolss_EnumPrinterDataEx_r(b, tctx, &r),
+			"EnumPrinterDataEx failed");
+	}
+
+	torture_assert_werr_ok(tctx, r.out.result, "EnumPrinterDataEx failed");
+
+	CHECK_NEEDED_SIZE_ENUM(spoolss_EnumPrinterDataEx, info, count, needed, 1);
+
+	if (count_p) {
+		*count_p = count;
+	}
+	if (info_p) {
+		*info_p = info;
+	}
+
+	return true;
+}
+
+static bool test_SetPrinterData(struct torture_context *tctx,
+				struct dcerpc_binding_handle *b,
+				struct policy_handle *handle,
+				const char *value_name,
+				enum winreg_Type type,
+				uint8_t *data,
+				uint32_t offered);
+static bool test_DeletePrinterData(struct torture_context *tctx,
+				   struct dcerpc_binding_handle *b,
+				   struct policy_handle *handle,
+				   const char *value_name);
+
+static bool test_EnumPrinterData_consistency(struct torture_context *tctx,
+					     struct dcerpc_pipe *p,
+					     struct policy_handle *handle)
+{
+	uint32_t count;
+	struct spoolss_PrinterEnumValues *info;
+	int i;
+	uint32_t value_needed, data_needed;
+	uint32_t value_offered, data_offered;
+	WERROR result;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	enum winreg_Type type;
+	DATA_BLOB blob;
+
+	torture_comment(tctx, "Testing EnumPrinterData vs EnumPrinterDataEx consistency\n");
+
+	torture_assert(tctx, push_reg_sz(tctx, &blob, "torture_data1"), "");
+	type = REG_SZ;
+
+	torture_assert(tctx,
+		test_SetPrinterData(tctx, b, handle, "torture_value1", type, blob.data, blob.length),
+		"SetPrinterData failed");
+
+	blob = data_blob_string_const("torture_data2");
+
+	torture_assert(tctx,
+		test_SetPrinterData(tctx, b, handle, "torture_value2", REG_BINARY, blob.data, blob.length),
+		"SetPrinterData failed");
+
+	blob = data_blob_talloc(tctx, NULL, 4);
+	SIVAL(blob.data, 0, 0x11223344);
+
+	torture_assert(tctx,
+		test_SetPrinterData(tctx, b, handle, "torture_value3", type, blob.data, blob.length),
+		"SetPrinterData failed");
+
+	torture_assert(tctx,
+		test_EnumPrinterDataEx(tctx, b, handle, "PrinterDriverData", &count, &info),
+		"failed to call EnumPrinterDataEx");
+
+	/* get the max sizes for value and data */
+
+	torture_assert(tctx,
+		test_EnumPrinterData(tctx, p, handle, 0, 0, 0,
+				     NULL, &value_needed, &data_needed,
+				     NULL, NULL, &result),
+		"EnumPrinterData failed");
+	torture_assert_werr_ok(tctx, result, "unexpected result");
+
+	/* check if the reply from the EnumPrinterData really matches max values */
+
+	for (i=0; i < count; i++) {
+		if (info[i].value_name_len > value_needed) {
+			torture_fail(tctx,
+				talloc_asprintf(tctx,
+				"EnumPrinterDataEx gave a reply with value length %d which is larger then expected max value length %d from EnumPrinterData",
+				info[i].value_name_len, value_needed));
+		}
+		if (info[i].data_length > data_needed) {
+			torture_fail(tctx,
+				talloc_asprintf(tctx,
+				"EnumPrinterDataEx gave a reply with data length %d which is larger then expected max data length %d from EnumPrinterData",
+				info[i].data_length, data_needed));
+		}
+	}
+
+	/* assuming that both EnumPrinterData and EnumPrinterDataEx do either
+	 * sort or not sort the replies by value name, we should be able to do
+	 * the following entry comparison */
+
+	data_offered = data_needed;
+	value_offered = value_needed;
+
+	for (i=0; i < count; i++) {
+
+		const char *value_name;
+		uint8_t *data;
+
+		torture_assert(tctx,
+			test_EnumPrinterData(tctx, p, handle, i, value_offered, data_offered,
+					     &type, &value_needed, &data_needed,
+					     &value_name, &data, &result),
+			"EnumPrinterData failed");
+
+		if (i -1 == count) {
+			torture_assert_werr_equal(tctx, result, WERR_NO_MORE_ITEMS,
+				"unexpected result");
+			break;
+		} else {
+			torture_assert_werr_ok(tctx, result, "unexpected result");
+		}
+
+		torture_assert_int_equal(tctx, type, info[i].type, "type mismatch");
+		torture_assert_int_equal(tctx, value_needed, info[i].value_name_len, "value name length mismatch");
+		torture_assert_str_equal(tctx, value_name, info[i].value_name, "value name mismatch");
+		torture_assert_int_equal(tctx, data_needed, info[i].data_length, "data length mismatch");
+		torture_assert_mem_equal(tctx, data, info[i].data->data, info[i].data_length, "data mismatch");
+	}
+
+	torture_assert(tctx,
+		test_DeletePrinterData(tctx, b, handle, "torture_value1"),
+		"DeletePrinterData failed");
+	torture_assert(tctx,
+		test_DeletePrinterData(tctx, b, handle, "torture_value2"),
+		"DeletePrinterData failed");
+	torture_assert(tctx,
+		test_DeletePrinterData(tctx, b, handle, "torture_value3"),
+		"DeletePrinterData failed");
+
+	torture_comment(tctx, "EnumPrinterData vs EnumPrinterDataEx consistency test succeeded\n\n");
+
+	return true;
+}
+
+static bool test_DeletePrinterData(struct torture_context *tctx,
+				   struct dcerpc_binding_handle *b,
+				   struct policy_handle *handle,
+				   const char *value_name)
+{
+	NTSTATUS status;
+	struct spoolss_DeletePrinterData r;
+
+	r.in.handle = handle;
+	r.in.value_name = value_name;
+
+	torture_comment(tctx, "Testing DeletePrinterData(%s)\n",
+		r.in.value_name);
+
+	status = dcerpc_spoolss_DeletePrinterData_r(b, tctx, &r);
+
+	torture_assert_ntstatus_ok(tctx, status, "DeletePrinterData failed");
+	torture_assert_werr_ok(tctx, r.out.result, "DeletePrinterData failed");
+
+	return true;
+}
+
+static bool test_DeletePrinterDataEx(struct torture_context *tctx,
+				     struct dcerpc_binding_handle *b,
+				     struct policy_handle *handle,
+				     const char *key_name,
+				     const char *value_name)
+{
+	struct spoolss_DeletePrinterDataEx r;
+
+	r.in.handle = handle;
+	r.in.key_name = key_name;
+	r.in.value_name = value_name;
+
+	torture_comment(tctx, "Testing DeletePrinterDataEx(%s - %s)\n",
+		r.in.key_name, r.in.value_name);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_DeletePrinterDataEx_r(b, tctx, &r),
+		"DeletePrinterDataEx failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+		"DeletePrinterDataEx failed");
+
+	return true;
+}
+
+static bool test_DeletePrinterKey(struct torture_context *tctx,
+				  struct dcerpc_binding_handle *b,
+				  struct policy_handle *handle,
+				  const char *key_name)
+{
+	struct spoolss_DeletePrinterKey r;
+
+	r.in.handle = handle;
+	r.in.key_name = key_name;
+
+	torture_comment(tctx, "Testing DeletePrinterKey(%s)\n", r.in.key_name);
+
+	if (strequal(key_name, "") && !torture_setting_bool(tctx, "dangerous", false)) {
+		torture_skip(tctx, "not wiping out printer registry - enable dangerous tests to use\n");
+		return true;
+	}
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_DeletePrinterKey_r(b, tctx, &r),
+		"DeletePrinterKey failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+		"DeletePrinterKey failed");
+
+	return true;
+}
+
+static bool test_winreg_OpenHKLM(struct torture_context *tctx,
+				 struct dcerpc_binding_handle *b,
+				 struct policy_handle *handle)
+{
+	struct winreg_OpenHKLM r;
+
+	r.in.system_name = NULL;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.handle = handle;
+
+	torture_comment(tctx, "Testing winreg_OpenHKLM\n");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_winreg_OpenHKLM_r(b, tctx, &r), "OpenHKLM failed");
+	torture_assert_werr_ok(tctx, r.out.result, "OpenHKLM failed");
+
+	return true;
+}
+
+static void init_winreg_String(struct winreg_String *name, const char *s)
+{
+	name->name = s;
+	if (s) {
+		name->name_len = 2 * (strlen_m(s) + 1);
+		name->name_size = name->name_len;
+	} else {
+		name->name_len = 0;
+		name->name_size = 0;
+	}
+}
+
+static bool test_winreg_OpenKey_opts(struct torture_context *tctx,
+				     struct dcerpc_binding_handle *b,
+				     struct policy_handle *hive_handle,
+				     const char *keyname,
+				     uint32_t options,
+				     struct policy_handle *key_handle)
+{
+	struct winreg_OpenKey r;
+
+	r.in.parent_handle = hive_handle;
+	init_winreg_String(&r.in.keyname, keyname);
+	r.in.options = options;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.handle = key_handle;
+
+	torture_comment(tctx, "Testing winreg_OpenKey(%s)\n", keyname);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_winreg_OpenKey_r(b, tctx, &r), "OpenKey failed");
+	torture_assert_werr_ok(tctx, r.out.result, "OpenKey failed");
+
+	return true;
+}
+
+static bool test_winreg_OpenKey(struct torture_context *tctx,
+				struct dcerpc_binding_handle *b,
+				struct policy_handle *hive_handle,
+				const char *keyname,
+				struct policy_handle *key_handle)
+{
+	return test_winreg_OpenKey_opts(tctx, b, hive_handle, keyname,
+					REG_OPTION_NON_VOLATILE, key_handle);
+}
+
+static bool test_winreg_CloseKey(struct torture_context *tctx,
+				 struct dcerpc_binding_handle *b,
+				 struct policy_handle *handle)
+{
+	struct winreg_CloseKey r;
+
+	r.in.handle = handle;
+	r.out.handle = handle;
+
+	torture_comment(tctx, "Testing winreg_CloseKey\n");
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_winreg_CloseKey_r(b, tctx, &r), "CloseKey failed");
+	torture_assert_werr_ok(tctx, r.out.result, "CloseKey failed");
+
+	return true;
+}
+
+bool test_winreg_QueryValue(struct torture_context *tctx,
+			    struct dcerpc_binding_handle *b,
+			    struct policy_handle *handle,
+			    const char *value_name,
+			    enum winreg_Type *type_p,
+			    uint32_t *data_size_p,
+			    uint32_t *data_length_p,
+			    uint8_t **data_p)
+{
+	struct winreg_QueryValue r;
+	enum winreg_Type type = REG_NONE;
+	uint32_t data_size = 0;
+	uint32_t data_length = 0;
+	struct winreg_String valuename;
+	uint8_t *data = NULL;
+
+	init_winreg_String(&valuename, value_name);
+
+	data = talloc_zero_array(tctx, uint8_t, 0);
+
+	r.in.handle = handle;
+	r.in.value_name = &valuename;
+	r.in.type = &type;
+	r.in.data_size = &data_size;
+	r.in.data_length = &data_length;
+	r.in.data = data;
+	r.out.type = &type;
+	r.out.data = data;
+	r.out.data_size = &data_size;
+	r.out.data_length = &data_length;
+
+	torture_comment(tctx, "Testing winreg_QueryValue(%s)\n", value_name);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_winreg_QueryValue_r(b, tctx, &r), "QueryValue failed");
+	if (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA)) {
+		*r.in.data_size = *r.out.data_size;
+		data = talloc_zero_array(tctx, uint8_t, *r.in.data_size);
+		r.in.data = data;
+		r.out.data = data;
+		torture_assert_ntstatus_ok(tctx, dcerpc_winreg_QueryValue_r(b, tctx, &r), "QueryValue failed");
+	}
+	torture_assert_werr_ok(tctx, r.out.result, "QueryValue failed");
+
+	if (type_p) {
+		*type_p = *r.out.type;
+	}
+	if (data_size_p) {
+		*data_size_p = *r.out.data_size;
+	}
+	if (data_length_p) {
+		*data_length_p = *r.out.data_length;
+	}
+	if (data_p) {
+		*data_p = r.out.data;
+	}
+
+	return true;
+}
+
+static bool test_winreg_query_printerdata(struct torture_context *tctx,
+					  struct dcerpc_binding_handle *b,
+					  struct policy_handle *handle,
+					  const char *printer_name,
+					  const char *key_name,
+					  const char *value_name,
+					  enum winreg_Type *w_type,
+					  uint32_t *w_size,
+					  uint32_t *w_length,
+					  uint8_t **w_data)
+{
+	const char *printer_key;
+	struct policy_handle key_handle;
+
+	printer_key = talloc_asprintf(tctx, "%s\\%s\\%s",
+		TOP_LEVEL_PRINT_PRINTERS_KEY, printer_name, key_name);
+
+	torture_assert(tctx,
+		test_winreg_OpenKey(tctx, b, handle, printer_key, &key_handle), "");
+
+	torture_assert(tctx,
+		test_winreg_QueryValue(tctx, b, &key_handle, value_name, w_type, w_size, w_length, w_data), "");
+
+	torture_assert(tctx,
+		test_winreg_CloseKey(tctx, b, &key_handle), "");
+
+	return true;
+}
+
+static bool test_GetForm_winreg(struct torture_context *tctx,
+			        struct dcerpc_binding_handle *b,
+				struct policy_handle *handle,
+				const char *key_name,
+				const char *form_name,
+				enum winreg_Type *w_type,
+				uint32_t *w_size,
+				uint32_t *w_length,
+				uint8_t **w_data)
+{
+	struct policy_handle key_handle;
+
+	torture_assert(tctx,
+		test_winreg_OpenKey(tctx, b, handle, key_name, &key_handle), "");
+
+	torture_assert(tctx,
+		test_winreg_QueryValue(tctx, b, &key_handle, form_name, w_type, w_size, w_length, w_data), "");
+
+	torture_assert(tctx,
+		test_winreg_CloseKey(tctx, b, &key_handle), "");
+
+	return true;
+}
+
+static bool test_winreg_symbolic_link(struct torture_context *tctx,
+				      struct dcerpc_binding_handle *b,
+				      struct policy_handle *handle,
+				      const char *symlink_keyname,
+				      const char *symlink_destination)
+{
+	/* check if the first key is a symlink to the second key */
+
+	enum winreg_Type w_type;
+	uint32_t w_size;
+	uint32_t w_length;
+	uint8_t *w_data;
+	struct policy_handle key_handle;
+	DATA_BLOB blob;
+	const char *str;
+
+	if (torture_setting_bool(tctx, "samba3", false)) {
+		torture_skip(tctx, "skip winreg symlink test against samba");
+	}
+
+	torture_assert(tctx,
+		test_winreg_OpenKey_opts(tctx, b, handle, symlink_keyname, REG_OPTION_OPEN_LINK, &key_handle),
+			"failed to open key link");
+
+	torture_assert(tctx,
+		test_winreg_QueryValue(tctx, b, &key_handle,
+				       "SymbolicLinkValue",
+				       &w_type, &w_size, &w_length, &w_data),
+		"failed to query for 'SymbolicLinkValue' attribute");
+
+	torture_assert_int_equal(tctx, w_type, REG_LINK, "unexpected type");
+
+	blob = data_blob(w_data, w_size);
+	str = reg_val_data_string(tctx, REG_SZ, blob);
+
+	torture_assert_str_equal(tctx, str, symlink_destination, "unexpected symlink target string");
+
+	torture_assert(tctx,
+		test_winreg_CloseKey(tctx, b, &key_handle),
+		"failed to close key link");
+
+	return true;
+}
+
+static const char *strip_unc(const char *unc)
+{
+	char *name;
+
+	if (!unc) {
+		return NULL;
+	}
+
+	if (unc[0] == '\\' && unc[1] == '\\') {
+		unc +=2;
+	}
+
+	name = strchr(unc, '\\');
+	if (name) {
+		return name+1;
+	}
+
+	return unc;
+}
+
+static bool test_GetPrinterInfo_winreg(struct torture_context *tctx,
+				       struct dcerpc_binding_handle *b,
+				       struct policy_handle *handle,
+				       const char *printer_name,
+				       struct dcerpc_binding_handle *winreg_handle,
+				       struct policy_handle *hive_handle)
+{
+	union spoolss_PrinterInfo info;
+	const char *keys[] = {
+		TOP_LEVEL_CONTROL_PRINTERS_KEY,
+		TOP_LEVEL_PRINT_PRINTERS_KEY
+	};
+	int i;
+	const char *printername, *sharename;
+
+	torture_comment(tctx, "Testing Printer Info and winreg consistency\n");
+
+	torture_assert(tctx,
+		test_GetPrinter_level(tctx, b, handle, 2, &info),
+		"failed to get printer info level 2");
+
+	printername = strip_unc(info.info2.printername);
+	sharename = strip_unc(info.info2.sharename);
+
+#define test_sz(wname, iname) \
+do {\
+	DATA_BLOB blob;\
+	const char *str;\
+	enum winreg_Type w_type;\
+	uint32_t w_size;\
+	uint32_t w_length;\
+	uint8_t *w_data;\
+	torture_assert(tctx,\
+		test_winreg_QueryValue(tctx, winreg_handle, &key_handle, wname,\
+				       &w_type, &w_size, &w_length, &w_data),\
+		"failed to query winreg");\
+	torture_assert_int_equal(tctx, w_type, REG_SZ, "unexpected type");\
+	blob = data_blob(w_data, w_size);\
+	str = reg_val_data_string(tctx, REG_SZ, blob);\
+	if (w_size == 2 && iname == NULL) {\
+		/*torture_comment(tctx, "%s: \"\", %s: (null)\n", #wname, #iname);\ */\
+	} else {\
+		torture_assert_str_equal(tctx, str, iname,\
+			talloc_asprintf(tctx, "%s - %s mismatch", #wname, #iname));\
+	}\
+} while(0);
+
+#define test_dword(wname, iname) \
+do {\
+	uint32_t value;\
+	enum winreg_Type w_type;\
+	uint32_t w_size;\
+	uint32_t w_length;\
+	uint8_t *w_data;\
+	torture_assert(tctx,\
+		test_winreg_QueryValue(tctx, winreg_handle, &key_handle, wname,\
+				       &w_type, &w_size, &w_length, &w_data),\
+		"failed to query winreg");\
+	torture_assert_int_equal(tctx, w_type, REG_DWORD, "unexpected type");\
+	torture_assert_int_equal(tctx, w_size, 4, "unexpected size");\
+	torture_assert_int_equal(tctx, w_length, 4, "unexpected length");\
+	value = IVAL(w_data, 0);\
+	torture_assert_int_equal(tctx, value, iname,\
+		talloc_asprintf(tctx, "%s - %s mismatch", #wname, #iname));\
+} while(0);
+
+#define test_binary(wname, iname) \
+do {\
+	enum winreg_Type w_type;\
+	uint32_t w_size;\
+	uint32_t w_length;\
+	uint8_t *w_data;\
+	torture_assert(tctx,\
+		test_winreg_QueryValue(tctx, winreg_handle, &key_handle, wname,\
+				       &w_type, &w_size, &w_length, &w_data),\
+		"failed to query winreg");\
+	torture_assert_int_equal(tctx, w_type, REG_BINARY, "unexpected type");\
+	torture_assert_int_equal(tctx, w_size, iname.length, "unexpected length");\
+	torture_assert_mem_equal(tctx, w_data, iname.data, w_size, \
+		"binary unequal");\
+} while(0);
+
+
+#define test_dm(wname, iname) \
+do {\
+	DATA_BLOB blob;\
+	struct spoolss_DeviceMode dm;\
+	enum ndr_err_code ndr_err;\
+	enum winreg_Type w_type;\
+	uint32_t w_size;\
+	uint32_t w_length;\
+	uint8_t *w_data;\
+	torture_assert(tctx,\
+		test_winreg_QueryValue(tctx, winreg_handle, &key_handle, wname,\
+				       &w_type, &w_size, &w_length, &w_data),\
+		"failed to query winreg");\
+	torture_assert_int_equal(tctx, w_type, REG_BINARY, "unexpected type");\
+	blob = data_blob(w_data, w_size);\
+	ndr_err = ndr_pull_struct_blob(&blob, tctx, &dm,\
+		(ndr_pull_flags_fn_t)ndr_pull_spoolss_DeviceMode);\
+	torture_assert_ndr_success(tctx, ndr_err, "failed to unmarshall dm");\
+	torture_assert(tctx, test_devicemode_equal(tctx, &dm, iname),\
+		"dm unequal");\
+} while(0);
+
+#define test_sd(wname, iname) \
+do {\
+	DATA_BLOB blob;\
+	struct security_descriptor sd;\
+	enum ndr_err_code ndr_err;\
+	enum winreg_Type w_type;\
+	uint32_t w_size;\
+	uint32_t w_length;\
+	uint8_t *w_data;\
+	torture_assert(tctx,\
+		test_winreg_QueryValue(tctx, winreg_handle, &key_handle, wname,\
+				       &w_type, &w_size, &w_length, &w_data),\
+		"failed to query winreg");\
+	torture_assert_int_equal(tctx, w_type, REG_BINARY, "unexpected type");\
+	blob = data_blob(w_data, w_size);\
+	ndr_err = ndr_pull_struct_blob(&blob, tctx, &sd,\
+		(ndr_pull_flags_fn_t)ndr_pull_security_descriptor);\
+	torture_assert_ndr_success(tctx, ndr_err, "failed to unmarshall sd");\
+	torture_assert(tctx, test_security_descriptor_equal(tctx, &sd, iname),\
+		"sd unequal");\
+} while(0);
+
+#define test_multi_sz(wname, iname) \
+do {\
+	DATA_BLOB blob;\
+	const char **array;\
+	enum winreg_Type w_type;\
+	uint32_t w_size;\
+	uint32_t w_length;\
+	uint8_t *w_data;\
+	int i;\
+	torture_assert(tctx,\
+		test_winreg_QueryValue(tctx, winreg_handle, &key_handle, wname,\
+				       &w_type, &w_size, &w_length, &w_data),\
+		"failed to query winreg");\
+	torture_assert_int_equal(tctx, w_type, REG_MULTI_SZ, "unexpected type");\
+	blob = data_blob(w_data, w_size);\
+	torture_assert(tctx, \
+		pull_reg_multi_sz(tctx, &blob, &array),\
+		"failed to pull multi sz");\
+	for (i=0; array[i] != NULL; i++) {\
+		torture_assert_str_equal(tctx, array[i], iname[i],\
+			talloc_asprintf(tctx, "%s - %s mismatch", #wname, iname[i]));\
+	}\
+} while(0);
+
+	if (!test_winreg_symbolic_link(tctx, winreg_handle, hive_handle,
+				       TOP_LEVEL_CONTROL_PRINTERS_KEY,
+				       "\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Print\\Printers"))
+	{
+		torture_warning(tctx, "failed to check for winreg symlink");
+	}
+
+	for (i=0; i < ARRAY_SIZE(keys); i++) {
+
+		const char *printer_key;
+		struct policy_handle key_handle;
+
+		printer_key = talloc_asprintf(tctx, "%s\\%s",
+			keys[i], printer_name);
+
+		torture_assert(tctx,
+			test_winreg_OpenKey(tctx, winreg_handle, hive_handle, printer_key, &key_handle), "");
+
+		test_sz("Name", printername);
+		test_sz("Share Name", sharename);
+		test_sz("Port", info.info2.portname);
+		test_sz("Printer Driver", info.info2.drivername);
+		test_sz("Description", info.info2.comment);
+		test_sz("Location", info.info2.location);
+		test_sz("Separator File", info.info2.sepfile);
+		test_sz("Print Processor", info.info2.printprocessor);
+		test_sz("Datatype", info.info2.datatype);
+		test_sz("Parameters", info.info2.parameters);
+		/* winreg: 0, spoolss not */
+/*		test_dword("Attributes", info.info2.attributes); */
+		test_dword("Priority", info.info2.priority);
+		test_dword("Default Priority", info.info2.defaultpriority);
+		/* winreg: 60, spoolss: 0 */
+/*		test_dword("StartTime", info.info2.starttime); */
+/*		test_dword("UntilTime", info.info2.untiltime); */
+		/* winreg != spoolss */
+/*		test_dword("Status", info.info2.status); */
+		test_dm("Default DevMode", info.info2.devmode);
+		test_sd("Security", info.info2.secdesc);
+
+		torture_assert(tctx,
+			test_winreg_CloseKey(tctx, winreg_handle, &key_handle), "");
+	}
+
+#undef test_dm
+
+	torture_comment(tctx, "Printer Info and winreg consistency test succeeded\n\n");
+
+	return true;
+}
+
+static bool test_GetPrintserverInfo_winreg(struct torture_context *tctx,
+					   struct dcerpc_binding_handle *b,
+					   struct policy_handle *handle,
+					   struct dcerpc_binding_handle *winreg_handle,
+					   struct policy_handle *hive_handle)
+{
+	union spoolss_PrinterInfo info;
+	struct policy_handle key_handle;
+
+	torture_comment(tctx,
+		"Testing Printserver Info and winreg consistency\n");
+
+	torture_assert(tctx,
+		test_GetPrinter_level(tctx, b, handle, 3, &info),
+		"failed to get printer info level 2");
+
+	torture_assert(tctx,
+		test_winreg_OpenKey(tctx, winreg_handle, hive_handle,
+				    TOP_LEVEL_CONTROL_KEY, &key_handle), "");
+
+	test_sd("ServerSecurityDescriptor", info.info3.secdesc);
+
+	torture_assert(tctx,
+		test_winreg_CloseKey(tctx, winreg_handle, &key_handle), "");
+
+#undef test_sd
+
+	torture_comment(tctx,
+		"Printserver Info and winreg consistency test succeeded\n\n");
+
+	return true;
+}
+
+
+static bool test_PrintProcessors(struct torture_context *tctx,
+				 struct dcerpc_binding_handle *b,
+				 const char *environment,
+				 struct dcerpc_binding_handle *winreg_handle,
+				 struct policy_handle *hive_handle)
+{
+	union spoolss_PrintProcessorInfo *info;
+	uint32_t count;
+	int i;
+
+	torture_comment(tctx, "Testing Print Processor Info and winreg consistency\n");
+
+	torture_assert(tctx,
+		test_EnumPrintProcessors_level(tctx, b, environment, 1, &count, &info, WERR_OK),
+		"failed to enum print processors level 1");
+
+	for (i=0; i < count; i++) {
+
+		const char *processor_key;
+		struct policy_handle key_handle;
+
+		processor_key = talloc_asprintf(tctx, "%s\\%s\\Print Processors\\%s",
+						TOP_LEVEL_CONTROL_ENVIRONMENTS_KEY,
+						environment,
+						info[i].info1.print_processor_name);
+
+		torture_assert(tctx,
+			test_winreg_OpenKey(tctx, winreg_handle, hive_handle, processor_key, &key_handle), "");
+
+		/* nothing to check in there so far */
+
+		torture_assert(tctx,
+			test_winreg_CloseKey(tctx, winreg_handle, &key_handle), "");
+	}
+
+	torture_comment(tctx, "Print Processor Info and winreg consistency test succeeded\n\n");
+
+	return true;
+}
+
+static bool test_GetPrinterDriver2_level(struct torture_context *tctx,
+					 struct dcerpc_binding_handle *b,
+					 struct policy_handle *handle,
+					 const char *driver_name,
+					 const char *architecture,
+					 uint32_t level,
+					 uint32_t client_major_version,
+					 uint32_t client_minor_version,
+					 union spoolss_DriverInfo *info_p,
+					 WERROR *result);
+
+static const char *strip_path(const char *path)
+{
+	char *p;
+
+	if (path == NULL) {
+		return NULL;
+	}
+
+	p = strrchr(path, '\\');
+	if (p) {
+		return p+1;
+	}
+
+	return path;
+}
+
+static const char **strip_paths(const char **path_array)
+{
+	int i;
+
+	if (path_array == NULL) {
+		return NULL;
+	}
+
+	for (i=0; path_array[i] != NULL; i++) {
+		path_array[i] = strip_path(path_array[i]);
+	}
+
+	return path_array;
+}
+
+static const char *driver_winreg_date(TALLOC_CTX *mem_ctx, NTTIME nt)
+{
+	time_t t;
+	struct tm *tm;
+
+	if (nt == 0) {
+		return talloc_strdup(mem_ctx, "01/01/1601");
+	}
+
+	t = nt_time_to_unix(nt);
+	tm = localtime(&t);
+
+	return talloc_asprintf(mem_ctx, "%02d/%02d/%04d",
+		tm->tm_mon + 1, tm->tm_mday, tm->tm_year + 1900);
+}
+
+static const char *driver_winreg_version(TALLOC_CTX *mem_ctx, uint64_t v)
+{
+	return talloc_asprintf(mem_ctx, "%u.%u.%u.%u",
+		(unsigned)((v >> 48) & 0xFFFF),
+		(unsigned)((v >> 32) & 0xFFFF),
+		(unsigned)((v >> 16) & 0xFFFF),
+		(unsigned)(v & 0xFFFF));
+}
+
+static bool test_GetDriverInfo_winreg(struct torture_context *tctx,
+				      struct dcerpc_binding_handle *b,
+				      struct policy_handle *handle,
+				      const char *printer_name,
+				      const char *driver_name,
+				      const char *environment,
+				      enum spoolss_DriverOSVersion version,
+				      struct dcerpc_binding_handle *winreg_handle,
+				      struct policy_handle *hive_handle,
+				      const char *server_name_slash)
+{
+	WERROR result = WERR_OK;
+	union spoolss_DriverInfo info;
+	const char *driver_key;
+	struct policy_handle key_handle;
+
+	const char *driver_path;
+	const char *data_file;
+	const char *config_file;
+	const char *help_file;
+	const char **dependent_files;
+
+	const char *driver_date;
+	const char *inbox_driver_date;
+
+	const char *driver_version;
+	const char *inbox_driver_version;
+
+	ZERO_STRUCT(key_handle);
+
+	torture_comment(tctx, "Testing Driver Info and winreg consistency\n");
+
+	driver_key = talloc_asprintf(tctx, "%s\\%s\\Drivers\\Version-%d\\%s",
+				     TOP_LEVEL_CONTROL_ENVIRONMENTS_KEY,
+				     environment,
+				     version,
+				     driver_name);
+
+	torture_assert(tctx,
+		test_winreg_OpenKey(tctx, winreg_handle, hive_handle, driver_key, &key_handle),
+		"failed to open driver key");
+
+	if (torture_setting_bool(tctx, "samba3", false) ||
+	    torture_setting_bool(tctx, "w2k3", false)) {
+		goto try_level6;
+	}
+
+	if (handle) {
+		torture_assert(tctx,
+			test_GetPrinterDriver2_level(tctx, b, handle, driver_name, environment, 8, version, 0, &info, &result),
+			"failed to get driver info level 8");
+	} else {
+		torture_assert(tctx,
+			test_EnumPrinterDrivers_findone(tctx, b, server_name_slash, environment, 8, driver_name, &info),
+			"failed to get driver info level 8");
+	}
+
+	if (W_ERROR_EQUAL(result, WERR_INVALID_LEVEL)) {
+		goto try_level6;
+	}
+
+	driver_path	= strip_path(info.info8.driver_path);
+	data_file	= strip_path(info.info8.data_file);
+	config_file	= strip_path(info.info8.config_file);
+	help_file	= strip_path(info.info8.help_file);
+	dependent_files = strip_paths(info.info8.dependent_files);
+
+	driver_date		= driver_winreg_date(tctx, info.info8.driver_date);
+	inbox_driver_date	= driver_winreg_date(tctx, info.info8.min_inbox_driver_ver_date);
+
+	driver_version		= driver_winreg_version(tctx, info.info8.driver_version);
+	inbox_driver_version	= driver_winreg_version(tctx, info.info8.min_inbox_driver_ver_version);
+
+	test_sz("Configuration File",		config_file);
+	test_sz("Data File",			data_file);
+	test_sz("Datatype",			info.info8.default_datatype);
+	test_sz("Driver",			driver_path);
+	test_sz("DriverDate",			driver_date);
+	test_sz("DriverVersion",		driver_version);
+	test_sz("HardwareID",			info.info8.hardware_id);
+	test_sz("Help File",			help_file);
+	test_sz("InfPath",			info.info8.inf_path);
+	test_sz("Manufacturer",			info.info8.manufacturer_name);
+	test_sz("MinInboxDriverVerDate",	inbox_driver_date);
+	test_sz("MinInboxDriverVerVersion",	inbox_driver_version);
+	test_sz("Monitor",			info.info8.monitor_name);
+	test_sz("OEM URL",			info.info8.manufacturer_url);
+	test_sz("Print Processor",		info.info8.print_processor);
+	test_sz("Provider",			info.info8.provider);
+	test_sz("VendorSetup",			info.info8.vendor_setup);
+	test_multi_sz("ColorProfiles",		info.info8.color_profiles);
+	test_multi_sz("Dependent Files",	dependent_files);
+	test_multi_sz("CoreDependencies",	info.info8.core_driver_dependencies);
+	test_multi_sz("Previous Names",		info.info8.previous_names);
+/*	test_dword("Attributes",		?); */
+	test_dword("PrinterDriverAttributes",	info.info8.printer_driver_attributes);
+	test_dword("Version",			info.info8.version);
+/*	test_dword("TempDir",			?); */
+
+ try_level6:
+
+	if (handle) {
+		torture_assert(tctx,
+			test_GetPrinterDriver2_level(tctx, b, handle, driver_name, environment, 6, version, 0, &info, &result),
+			"failed to get driver info level 6");
+	} else {
+		torture_assert(tctx,
+			test_EnumPrinterDrivers_findone(tctx, b, server_name_slash, environment, 6, driver_name, &info),
+			"failed to get driver info level 6");
+	}
+
+	driver_path	= strip_path(info.info6.driver_path);
+	data_file	= strip_path(info.info6.data_file);
+	config_file	= strip_path(info.info6.config_file);
+	help_file	= strip_path(info.info6.help_file);
+	dependent_files = strip_paths(info.info6.dependent_files);
+
+	driver_date		= driver_winreg_date(tctx, info.info6.driver_date);
+
+	driver_version		= driver_winreg_version(tctx, info.info6.driver_version);
+
+	test_sz("Configuration File",		config_file);
+	test_sz("Data File",			data_file);
+	test_sz("Datatype",			info.info6.default_datatype);
+	test_sz("Driver",			driver_path);
+	if (torture_setting_bool(tctx, "w2k3", false)) {
+		DATA_BLOB blob = data_blob_talloc_zero(tctx, 8);
+		push_nttime(blob.data, 0, info.info6.driver_date);
+		test_binary("DriverDate",	blob);
+		SBVAL(blob.data, 0, info.info6.driver_version);
+		test_binary("DriverVersion",	blob);
+	} else {
+		test_sz("DriverDate",		driver_date);
+		test_sz("DriverVersion",	driver_version);
+	}
+	test_sz("HardwareID",			info.info6.hardware_id);
+	test_sz("Help File",			help_file);
+	test_sz("Manufacturer",			info.info6.manufacturer_name);
+	test_sz("Monitor",			info.info6.monitor_name);
+	test_sz("OEM URL",			info.info6.manufacturer_url);
+	test_sz("Provider",			info.info6.provider);
+	test_multi_sz("Dependent Files",	dependent_files);
+	test_multi_sz("Previous Names",		info.info6.previous_names);
+/*	test_dword("Attributes",		?); */
+	test_dword("Version",			info.info6.version);
+/*	test_dword("TempDir",			?); */
+
+	if (handle) {
+		torture_assert(tctx,
+			test_GetPrinterDriver2_level(tctx, b, handle, driver_name, environment, 3, version, 0, &info, &result),
+			"failed to get driver info level 3");
+	} else {
+		torture_assert(tctx,
+			test_EnumPrinterDrivers_findone(tctx, b, server_name_slash, environment, 3, driver_name, &info),
+			"failed to get driver info level 3");
+	}
+
+	driver_path	= strip_path(info.info3.driver_path);
+	data_file	= strip_path(info.info3.data_file);
+	config_file	= strip_path(info.info3.config_file);
+	help_file	= strip_path(info.info3.help_file);
+	dependent_files = strip_paths(info.info3.dependent_files);
+
+	test_sz("Configuration File",		config_file);
+	test_sz("Data File",			data_file);
+	test_sz("Datatype",			info.info3.default_datatype);
+	test_sz("Driver",			driver_path);
+	test_sz("Help File",			help_file);
+	test_sz("Monitor",			info.info3.monitor_name);
+	test_multi_sz("Dependent Files",	dependent_files);
+/*	test_dword("Attributes",		?); */
+	test_dword("Version",			info.info3.version);
+/*	test_dword("TempDir",			?); */
+
+
+	torture_assert(tctx,
+		test_winreg_CloseKey(tctx, winreg_handle, &key_handle), "");
+
+	torture_comment(tctx, "Driver Info and winreg consistency test succeeded\n\n");
+
+	return true;
+}
+
+#undef test_sz
+#undef test_dword
+
+static bool test_SetPrinterData(struct torture_context *tctx,
+				struct dcerpc_binding_handle *b,
+				struct policy_handle *handle,
+				const char *value_name,
+				enum winreg_Type type,
+				uint8_t *data,
+				uint32_t offered)
+{
+	struct spoolss_SetPrinterData r;
+
+	r.in.handle = handle;
+	r.in.value_name = value_name;
+	r.in.type = type;
+	r.in.data = data;
+	r.in.offered = offered;
+
+	torture_comment(tctx, "Testing SetPrinterData(%s)\n",
+		r.in.value_name);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_SetPrinterData_r(b, tctx, &r),
+		"SetPrinterData failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+		"SetPrinterData failed");
+
+	return true;
+}
+
+static bool test_SetPrinterData_matrix(struct torture_context *tctx,
+				       struct dcerpc_binding_handle *b,
+				       struct policy_handle *handle,
+				       const char *printer_name,
+				       struct dcerpc_binding_handle *winreg_handle,
+				       struct policy_handle *hive_handle)
+{
+	const char *values[] = {
+		"spootyfoot",
+		"spooty\\foot",
+#if 0
+	/* FIXME: not working with s3 atm. */
+		"spooty,foot",
+		"spooty,fo,ot",
+#endif
+		"spooty foot",
+#if 0
+	/* FIXME: not working with s3 atm. */
+		"spooty\\fo,ot",
+		"spooty,fo\\ot"
+#endif
+	};
+	int i;
+
+	for (i=0; i < ARRAY_SIZE(values); i++) {
+
+		enum winreg_Type type, expected_type = REG_SZ;
+		DATA_BLOB blob;
+		uint8_t *data;
+		uint32_t needed;
+
+		torture_assert(tctx, push_reg_sz(tctx, &blob, "dog"), "");
+		type = REG_SZ;
+
+		torture_assert(tctx,
+			test_SetPrinterData(tctx, b, handle, values[i], REG_SZ, blob.data, blob.length),
+			"SetPrinterData failed");
+
+		torture_assert(tctx,
+			test_GetPrinterData_checktype(tctx, b, handle, values[i], &expected_type, &type, &data, &needed),
+			"GetPrinterData failed");
+
+		torture_assert_int_equal(tctx, type, REG_SZ, "type mismatch");
+		torture_assert_int_equal(tctx, needed, blob.length, "size mismatch");
+		torture_assert_mem_equal(tctx, data, blob.data, blob.length, "buffer mismatch");
+
+		if (winreg_handle && hive_handle) {
+
+			enum winreg_Type w_type;
+			uint32_t w_size;
+			uint32_t w_length;
+			uint8_t *w_data;
+
+			torture_assert(tctx,
+				test_winreg_query_printerdata(tctx, winreg_handle, hive_handle,
+					printer_name, "PrinterDriverData", values[i],
+					&w_type, &w_size, &w_length, &w_data), "");
+
+			torture_assert_int_equal(tctx, w_type, REG_SZ, "winreg type mismatch");
+			torture_assert_int_equal(tctx, w_size, blob.length, "winreg size mismatch");
+			torture_assert_int_equal(tctx, w_length, blob.length, "winreg length mismatch");
+			torture_assert_mem_equal(tctx, w_data, blob.data, blob.length, "winreg buffer mismatch");
+		}
+
+		torture_assert(tctx,
+			test_DeletePrinterData(tctx, b, handle, values[i]),
+			"DeletePrinterData failed");
+	}
+
+	return true;
+}
+
+
+static bool test_EnumPrinterKey(struct torture_context *tctx,
+				struct dcerpc_binding_handle *b,
+				struct policy_handle *handle,
+				const char *key_name,
+				const char ***array);
+
+static bool test_SetPrinterDataEx(struct torture_context *tctx,
+				  struct dcerpc_binding_handle *b,
+				  struct policy_handle *handle,
+				  const char *key_name,
+				  const char *value_name,
+				  enum winreg_Type type,
+				  uint8_t *data,
+				  uint32_t offered)
+{
+	NTSTATUS status;
+	struct spoolss_SetPrinterDataEx r;
+
+	r.in.handle = handle;
+	r.in.key_name = key_name;
+	r.in.value_name = value_name;
+	r.in.type = type;
+	r.in.data = data;
+	r.in.offered = offered;
+
+	torture_comment(tctx, "Testing SetPrinterDataEx(%s - %s) type: %s, offered: 0x%08x\n",
+		r.in.key_name, r.in.value_name, str_regtype(r.in.type), r.in.offered);
+
+	status = dcerpc_spoolss_SetPrinterDataEx_r(b, tctx, &r);
+
+	torture_assert_ntstatus_ok(tctx, status, "SetPrinterDataEx failed");
+	torture_assert_werr_ok(tctx, r.out.result, "SetPrinterDataEx failed");
+
+	return true;
+}
+
+static bool test_SetPrinterDataEx_keys(struct torture_context *tctx,
+				       struct dcerpc_pipe *p,
+				       struct policy_handle *handle)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	const char *value_name = "dog";
+	const char *keys[] = {
+		"torturedataex",
+		"torture data ex",
+		"torturedataex_with_subkey\\subkey",
+		"torturedataex_with_subkey\\subkey:0",
+		"torturedataex_with_subkey\\subkey:1",
+		"torturedataex_with_subkey\\subkey\\subsubkey",
+		"torturedataex_with_subkey\\subkey\\subsubkey:0",
+		"torturedataex_with_subkey\\subkey\\subsubkey:1",
+		"torture,data",
+		"torture,data,ex",
+		"torture,data\\ex",
+		"torture\\data,ex",
+		"torture/data",
+		"torture/data ex",
+		"torture/data ex/sub",
+		"torture//data",
+		"torture//data ex",
+		"torture//data ex/sub",
+		"torture//data ex//sub",
+	};
+	int i;
+
+	for (i=0; i < ARRAY_SIZE(keys); i++) {
+
+		char *c;
+		const char *key;
+		enum winreg_Type type;
+		DATA_BLOB blob_in, blob_out;
+		const char **subkeys;
+		uint32_t ecount;
+		struct spoolss_PrinterEnumValues *einfo;
+		uint32_t needed;
+
+		blob_in = data_blob_talloc(tctx, NULL, 42);
+
+		generate_random_buffer(blob_in.data, blob_in.length);
+
+		torture_assert(tctx,
+			test_SetPrinterDataEx(tctx, b, handle, keys[i], value_name, REG_BINARY, blob_in.data, blob_in.length),
+			"failed to call SetPrinterDataEx");
+
+		torture_assert(tctx,
+			test_GetPrinterDataEx(tctx, p, handle, keys[i], value_name, &type, &blob_out.data, &needed),
+			"failed to call GetPrinterDataEx");
+
+		blob_out.length = needed;
+		torture_assert(tctx,
+			test_EnumPrinterDataEx(tctx, b, handle, keys[i], &ecount, &einfo),
+			"failed to call EnumPrinterDataEx");
+
+		torture_assert_int_equal(tctx, type, REG_BINARY, "type mismatch");
+		torture_assert_int_equal(tctx, blob_out.length, blob_in.length, "size mismatch");
+		torture_assert_mem_equal(tctx, blob_out.data, blob_in.data, blob_in.length, "buffer mismatch");
+
+		torture_assert_int_equal(tctx, ecount, 1, "unexpected enum count");
+		torture_assert_str_equal(tctx, einfo[0].value_name, value_name, "value_name mismatch");
+		torture_assert_int_equal(tctx, einfo[0].value_name_len, strlen_m_term(value_name)*2, "unexpected value_name_len");
+		torture_assert_int_equal(tctx, einfo[0].type, REG_BINARY, "type mismatch");
+		torture_assert_int_equal(tctx, einfo[0].data_length, blob_in.length, "size mismatch");
+		if (einfo[0].data_length > 0) {
+			torture_assert_mem_equal(tctx, einfo[0].data->data, blob_in.data, blob_in.length, "buffer mismatch");
+		}
+
+		key = talloc_strdup(tctx, keys[i]);
+
+		if (!test_DeletePrinterDataEx(tctx, b, handle, keys[i], value_name)) {
+			return false;
+		}
+
+		c = strchr(key, '\\');
+		if (c) {
+			int k;
+
+			/* we have subkeys */
+
+			*c = 0;
+
+			if (!test_EnumPrinterKey(tctx, b, handle, key, &subkeys)) {
+				return false;
+			}
+
+			for (k=0; subkeys && subkeys[k]; k++) {
+
+				const char *current_key = talloc_asprintf(tctx, "%s\\%s", key, subkeys[k]);
+
+				if (!test_DeletePrinterKey(tctx, b, handle, current_key)) {
+					return false;
+				}
+			}
+
+			if (!test_DeletePrinterKey(tctx, b, handle, key)) {
+				return false;
+			}
+
+		} else {
+			if (!test_DeletePrinterKey(tctx, b, handle, key)) {
+				return false;
+			}
+		}
+	}
+
+	return true;
+}
+
+static bool test_SetPrinterDataEx_values(struct torture_context *tctx,
+					 struct dcerpc_pipe *p,
+					 struct policy_handle *handle)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	const char *key = "torturedataex";
+	const char *values[] = {
+		"torture_value",
+		"torture value",
+		"torture,value",
+		"torture/value",
+		"torture\\value",
+		"torture\\\\value"
+	};
+	int i;
+
+	for (i=0; i < ARRAY_SIZE(values); i++) {
+
+		enum winreg_Type type = REG_NONE;
+		DATA_BLOB blob_in = data_blob_null;
+		DATA_BLOB blob_out = data_blob_null;
+		uint32_t ecount;
+		struct spoolss_PrinterEnumValues *einfo;
+		uint32_t needed = 0;
+
+		if (torture_setting_bool(tctx, "samba3", false)) {
+			char *q;
+			q = strrchr(values[i], ',');
+			if (q) {
+				torture_comment(tctx, "skipping valuename '%s' including ',' character against Samba3\n",
+						values[i]);
+				continue;
+			}
+		}
+
+		blob_in = data_blob_talloc(tctx, NULL, 42);
+
+		generate_random_buffer(blob_in.data, blob_in.length);
+
+		torture_assert(tctx,
+			test_SetPrinterDataEx(tctx, b, handle, key, values[i], REG_BINARY, blob_in.data, blob_in.length),
+			"failed to call SetPrinterDataEx");
+
+		torture_assert(tctx,
+			test_GetPrinterDataEx(tctx, p, handle, key, values[i], &type, &blob_out.data, &needed),
+			"failed to call GetPrinterDataEx");
+
+		blob_out.length = needed;
+		torture_assert(tctx,
+			test_EnumPrinterDataEx(tctx, b, handle, key, &ecount, &einfo),
+			"failed to call EnumPrinterDataEx");
+
+		torture_assert_int_equal(tctx, type, REG_BINARY, "type mismatch");
+		torture_assert_int_equal(tctx, blob_out.length, blob_in.length, "size mismatch");
+		torture_assert_mem_equal(tctx, blob_out.data, blob_in.data, blob_in.length, "buffer mismatch");
+
+		torture_assert_int_equal(tctx, ecount, 1, "unexpected enum count");
+		torture_assert_str_equal(tctx, einfo[0].value_name, values[i], "value_name mismatch");
+		torture_assert_int_equal(tctx, einfo[0].value_name_len, strlen_m_term(values[i])*2, "unexpected value_name_len");
+		torture_assert_int_equal(tctx, einfo[0].type, REG_BINARY, "type mismatch");
+		torture_assert_int_equal(tctx, einfo[0].data_length, blob_in.length, "size mismatch");
+		if (einfo[0].data_length > 0) {
+			torture_assert_mem_equal(tctx, einfo[0].data->data, blob_in.data, blob_in.length, "buffer mismatch");
+		}
+
+		torture_assert(tctx,
+			test_DeletePrinterDataEx(tctx, b, handle, key, values[i]),
+			"failed to call DeletePrinterDataEx");
+	}
+
+	return true;
+}
+
+
+static bool test_SetPrinterDataEx_matrix(struct torture_context *tctx,
+					 struct dcerpc_pipe *p,
+					 struct policy_handle *handle,
+					 const char *printername,
+					 struct dcerpc_binding_handle *winreg_handle,
+					 struct policy_handle *hive_handle)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	const char *value_name = "dog";
+	const char *key_name = "torturedataex";
+	enum winreg_Type types[] = {
+		REG_SZ,
+		REG_MULTI_SZ,
+		REG_DWORD,
+		REG_BINARY
+	};
+	const char *str = "abcdefghi";
+	size_t t, s;
+
+	for (t=0; t < ARRAY_SIZE(types); t++) {
+	for (s=0; s < strlen(str); s++) {
+
+		enum winreg_Type type;
+		const char *string = talloc_strndup(tctx, str, s);
+		const char *array[2];
+		DATA_BLOB blob = data_blob_string_const(string);
+		DATA_BLOB data;
+		uint8_t *data_out;
+		uint32_t needed, offered = 0;
+		uint32_t ecount;
+		struct spoolss_PrinterEnumValues *einfo;
+
+		array[0] = talloc_strdup(tctx, string);
+		array[1] = NULL;
+
+		if (types[t] == REG_DWORD) {
+			s = 0xffff;
+		}
+
+		switch (types[t]) {
+		case REG_BINARY:
+			data = blob;
+			offered = blob.length;
+			break;
+		case REG_DWORD:
+			data = data_blob_talloc(tctx, NULL, 4);
+			SIVAL(data.data, 0, 0x12345678);
+			offered = 4;
+			break;
+		case REG_SZ:
+			torture_assert(tctx, push_reg_sz(tctx, &data, string), "");
+			type = REG_SZ;
+			offered = data.length;
+			/*strlen_m_term(data.string)*2;*/
+			break;
+		case REG_MULTI_SZ:
+			torture_assert(tctx, push_reg_multi_sz(tctx, &data, array), "");
+			type = REG_MULTI_SZ;
+			offered = data.length;
+			break;
+		default:
+			torture_fail(tctx, talloc_asprintf(tctx, "type %d untested\n", types[t]));
+		}
+
+		torture_assert(tctx,
+			test_SetPrinterDataEx(tctx, b, handle, key_name, value_name, types[t], data.data, offered),
+			"failed to call SetPrinterDataEx");
+
+		torture_assert(tctx,
+			test_GetPrinterDataEx_checktype(tctx, p, handle, key_name, value_name, &types[t], &type, &data_out, &needed),
+			"failed to call GetPrinterDataEx");
+
+		torture_assert(tctx,
+			test_EnumPrinterDataEx(tctx, b, handle, key_name, &ecount, &einfo),
+			"failed to call EnumPrinterDataEx");
+
+		torture_assert_int_equal(tctx, types[t], type, "type mismatch");
+		torture_assert_int_equal(tctx, needed, offered, "size mismatch");
+		torture_assert_mem_equal(tctx, data_out, data.data, offered, "buffer mismatch");
+
+		torture_assert_int_equal(tctx, ecount, 1, "unexpected enum count");
+		torture_assert_str_equal(tctx, einfo[0].value_name, value_name, "value_name mismatch");
+		torture_assert_int_equal(tctx, einfo[0].value_name_len, strlen_m_term(value_name)*2, "unexpected value_name_len");
+		torture_assert_int_equal(tctx, einfo[0].type, types[t], "type mismatch");
+		torture_assert_int_equal(tctx, einfo[0].data_length, offered, "size mismatch");
+		if (einfo[0].data_length > 0) {
+			torture_assert_mem_equal(tctx, einfo[0].data->data, data.data, offered, "buffer mismatch");
+		}
+
+		if (winreg_handle && hive_handle) {
+			enum winreg_Type w_type;
+			uint32_t w_size;
+			uint32_t w_length;
+			uint8_t *w_data;
+
+			torture_assert(tctx,
+				test_winreg_query_printerdata(tctx, winreg_handle, hive_handle,
+					printername, key_name, value_name,
+					&w_type, &w_size, &w_length, &w_data), "");
+
+			torture_assert_int_equal(tctx, w_type, types[t], "winreg type mismatch");
+			torture_assert_int_equal(tctx, w_size, offered, "winreg size mismatch");
+			torture_assert_int_equal(tctx, w_length, offered, "winreg length mismatch");
+			torture_assert_mem_equal(tctx, w_data, data.data, offered, "winreg buffer mismatch");
+		}
+
+		torture_assert(tctx,
+			test_DeletePrinterDataEx(tctx, b, handle, key_name, value_name),
+			"failed to call DeletePrinterDataEx");
+	}
+	}
+
+	return true;
+}
+
+static bool test_PrinterData_winreg(struct torture_context *tctx,
+				    struct dcerpc_pipe *p,
+				    struct policy_handle *handle,
+				    const char *printer_name)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct dcerpc_pipe *p2;
+	bool ret = true;
+	struct policy_handle hive_handle;
+	struct dcerpc_binding_handle *b2;
+
+	torture_assert_ntstatus_ok(tctx,
+		torture_rpc_connection(tctx, &p2, &ndr_table_winreg),
+		"could not open winreg pipe");
+	b2 = p2->binding_handle;
+
+	torture_assert(tctx, test_winreg_OpenHKLM(tctx, b2, &hive_handle), "");
+
+	ret &= test_SetPrinterData_matrix(tctx, b, handle, printer_name, b2, &hive_handle);
+	ret &= test_SetPrinterDataEx_matrix(tctx, p, handle, printer_name, b2, &hive_handle);
+
+	test_winreg_CloseKey(tctx, b2, &hive_handle);
+
+	talloc_free(p2);
+
+	return ret;
+}
+
+static bool test_Forms_winreg(struct torture_context *tctx,
+			      struct dcerpc_binding_handle *b,
+			      struct policy_handle *handle,
+			      bool print_server,
+			      const char *printer_name)
+{
+	struct dcerpc_pipe *p2;
+	bool ret = true;
+	struct policy_handle hive_handle;
+	struct dcerpc_binding_handle *b2;
+
+	torture_assert_ntstatus_ok(tctx,
+		torture_rpc_connection(tctx, &p2, &ndr_table_winreg),
+		"could not open winreg pipe");
+	b2 = p2->binding_handle;
+
+	torture_assert(tctx, test_winreg_OpenHKLM(tctx, b2, &hive_handle), "");
+
+	ret = test_Forms(tctx, b, handle, print_server, printer_name, b2, &hive_handle);
+
+	test_winreg_CloseKey(tctx, b2, &hive_handle);
+
+	talloc_free(p2);
+
+	return ret;
+}
+
+static bool test_PrinterInfo_winreg(struct torture_context *tctx,
+				    struct dcerpc_pipe *p,
+				    struct policy_handle *handle,
+				    const char *printer_name)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct dcerpc_pipe *p2;
+	bool ret = true;
+	struct policy_handle hive_handle;
+	struct dcerpc_binding_handle *b2;
+
+	torture_assert_ntstatus_ok(tctx,
+		torture_rpc_connection(tctx, &p2, &ndr_table_winreg),
+		"could not open winreg pipe");
+	b2 = p2->binding_handle;
+
+	torture_assert(tctx, test_winreg_OpenHKLM(tctx, b2, &hive_handle), "");
+
+	ret = test_GetPrinterInfo_winreg(tctx, b, handle, printer_name, b2, &hive_handle);
+
+	test_winreg_CloseKey(tctx, b2, &hive_handle);
+
+	talloc_free(p2);
+
+	return ret;
+}
+
+static bool test_PrintserverInfo_winreg(struct torture_context *tctx,
+					struct dcerpc_pipe *p,
+					struct policy_handle *handle)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct dcerpc_pipe *p2;
+	bool ret = true;
+	struct policy_handle hive_handle;
+	struct dcerpc_binding_handle *b2;
+
+	torture_assert_ntstatus_ok(tctx,
+		torture_rpc_connection(tctx, &p2, &ndr_table_winreg),
+		"could not open winreg pipe");
+	b2 = p2->binding_handle;
+
+	torture_assert(tctx, test_winreg_OpenHKLM(tctx, b2, &hive_handle), "");
+
+	ret = test_GetPrintserverInfo_winreg(tctx, b, handle, b2, &hive_handle);
+
+	test_winreg_CloseKey(tctx, b2, &hive_handle);
+
+	talloc_free(p2);
+
+	return ret;
+}
+
+
+static bool test_DriverInfo_winreg(struct torture_context *tctx,
+				   struct dcerpc_pipe *p,
+				   struct policy_handle *handle,
+				   const char *printer_name,
+				   const char *driver_name,
+				   const char *environment,
+				   enum spoolss_DriverOSVersion version)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct dcerpc_pipe *p2;
+	bool ret = true;
+	struct policy_handle hive_handle;
+	struct dcerpc_binding_handle *b2;
+
+	torture_assert_ntstatus_ok(tctx,
+		torture_rpc_connection(tctx, &p2, &ndr_table_winreg),
+		"could not open winreg pipe");
+	b2 = p2->binding_handle;
+
+	torture_assert(tctx, test_winreg_OpenHKLM(tctx, b2, &hive_handle), "");
+
+	ret = test_GetDriverInfo_winreg(tctx, b, handle, printer_name, driver_name, environment, version, b2, &hive_handle, NULL);
+
+	test_winreg_CloseKey(tctx, b2, &hive_handle);
+
+	talloc_free(p2);
+
+	return ret;
+}
+
+static bool test_PrintProcessors_winreg(struct torture_context *tctx,
+					struct dcerpc_binding_handle *b,
+					const char *environment)
+{
+	struct dcerpc_pipe *p2;
+	bool ret = true;
+	struct policy_handle hive_handle;
+	struct dcerpc_binding_handle *b2;
+
+	torture_assert_ntstatus_ok(tctx,
+		torture_rpc_connection(tctx, &p2, &ndr_table_winreg),
+		"could not open winreg pipe");
+	b2 = p2->binding_handle;
+
+	torture_assert(tctx, test_winreg_OpenHKLM(tctx, b2, &hive_handle), "");
+
+	ret = test_PrintProcessors(tctx, b, environment, b2, &hive_handle);
+
+	test_winreg_CloseKey(tctx, b2, &hive_handle);
+
+	talloc_free(p2);
+
+	return ret;
+}
+
+static bool test_PrinterData_DsSpooler(struct torture_context *tctx,
+				       struct dcerpc_pipe *p,
+				       struct policy_handle *handle,
+				       const char *printer_name)
+{
+	struct spoolss_SetPrinterInfoCtr info_ctr;
+	struct spoolss_DevmodeContainer devmode_ctr;
+	struct sec_desc_buf secdesc_ctr;
+	union spoolss_SetPrinterInfo sinfo;
+	union spoolss_PrinterInfo info;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	const char *pname;
+
+	ZERO_STRUCT(info_ctr);
+	ZERO_STRUCT(devmode_ctr);
+	ZERO_STRUCT(secdesc_ctr);
+
+	torture_comment(tctx, "Testing DsSpooler <-> SetPrinter relations\n");
+
+	torture_assert(tctx,
+		test_GetPrinter_level(tctx, b, handle, 2, &info),
+		"failed to query Printer level 2");
+
+	torture_assert(tctx,
+		PrinterInfo_to_SetPrinterInfo(tctx, &info, 2, &sinfo),
+		"failed to convert");
+
+	info_ctr.level = 2;
+	info_ctr.info = sinfo;
+
+#define TEST_SZ(wname, iname) \
+do {\
+	enum winreg_Type type;\
+	uint8_t *data;\
+	uint32_t needed;\
+	DATA_BLOB blob;\
+	const char *str;\
+	torture_assert(tctx,\
+		test_GetPrinterDataEx(tctx, p, handle, "DsSpooler", wname, &type, &data, &needed),\
+		"failed to query");\
+	torture_assert_int_equal(tctx, type, REG_SZ, "unexpected type");\
+	blob = data_blob_const(data, needed);\
+	torture_assert(tctx,\
+		pull_reg_sz(tctx, &blob, &str),\
+		"failed to pull REG_SZ");\
+	torture_assert_str_equal(tctx, str, iname, "unexpected result");\
+} while(0);
+
+
+#define TEST_SET_SZ(wname, iname, val) \
+do {\
+	enum winreg_Type type;\
+	uint8_t *data;\
+	uint32_t needed;\
+	DATA_BLOB blob;\
+	const char *str;\
+	sinfo.info2->iname = val;\
+	torture_assert(tctx,\
+		test_SetPrinter(tctx, b, handle, &info_ctr, &devmode_ctr, &secdesc_ctr, 0),\
+		"failed to call SetPrinter");\
+	torture_assert(tctx,\
+		test_GetPrinterDataEx(tctx, p, handle, "DsSpooler", wname, &type, &data, &needed),\
+		"failed to query");\
+	torture_assert_int_equal(tctx, type, REG_SZ, "unexpected type");\
+	blob = data_blob_const(data, needed);\
+	torture_assert(tctx,\
+		pull_reg_sz(tctx, &blob, &str),\
+		"failed to pull REG_SZ");\
+	torture_assert_str_equal(tctx, str, val, "unexpected result");\
+} while(0);
+
+#define TEST_SET_DWORD(wname, iname, val) \
+do {\
+	enum winreg_Type type;\
+	uint8_t *data;\
+	uint32_t needed;\
+	uint32_t value;\
+	sinfo.info2->iname = val;\
+	torture_assert(tctx,\
+		test_SetPrinter(tctx, b, handle, &info_ctr, &devmode_ctr, &secdesc_ctr, 0),\
+		"failed to call SetPrinter");\
+	torture_assert(tctx,\
+		test_GetPrinterDataEx(tctx, p, handle, "DsSpooler", wname, &type, &data, &needed),\
+		"failed to query");\
+	torture_assert_int_equal(tctx, type, REG_DWORD, "unexpected type");\
+	torture_assert_int_equal(tctx, needed, 4, "unexpected length");\
+	value = IVAL(data, 0); \
+	torture_assert_int_equal(tctx, value, val, "unexpected result");\
+} while(0);
+
+	TEST_SET_SZ("description", comment, "newval");
+	TEST_SET_SZ("location", location, "newval");
+	TEST_SET_SZ("driverName", drivername, "newval");
+/*	TEST_SET_DWORD("priority", priority, 25); */
+
+	torture_assert(tctx,
+		test_GetPrinter_level(tctx, b, handle, 2, &info),
+		"failed to query Printer level 2");
+
+	TEST_SZ("description", info.info2.comment);
+	TEST_SZ("driverName", info.info2.drivername);
+	TEST_SZ("location", info.info2.location);
+
+	pname = strrchr(info.info2.printername, '\\');
+	if (pname == NULL) {
+		pname = info.info2.printername;
+	} else {
+		pname++;
+	}
+	TEST_SZ("printerName", pname);
+	/* TEST_SZ("printSeparatorFile", info.info2.sepfile); */
+	/* TEST_SZ("printShareName", info.info2.sharename); */
+
+	/* FIXME gd: complete the list */
+
+#undef TEST_SZ
+#undef TEST_SET_SZ
+#undef TEST_DWORD
+
+	torture_comment(tctx, "DsSpooler <-> SetPrinter relations test succeeded\n\n");
+
+	return true;
+}
+
+static bool test_print_processors_winreg(struct torture_context *tctx,
+					 void *private_data)
+{
+	struct test_spoolss_context *ctx =
+		talloc_get_type_abort(private_data, struct test_spoolss_context);
+	struct dcerpc_pipe *p = ctx->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	return test_PrintProcessors_winreg(tctx, b, ctx->environment);
+}
+
+static bool test_AddPrintProcessor(struct torture_context *tctx,
+				   struct dcerpc_binding_handle *b,
+				   const char *environment,
+				   const char *path_name,
+				   const char *print_processor_name,
+				   WERROR expected_error)
+{
+	struct spoolss_AddPrintProcessor r;
+
+	r.in.server = NULL;
+	r.in.architecture = environment;
+	r.in.path_name = path_name;
+	r.in.print_processor_name = print_processor_name;
+
+	torture_comment(tctx, "Testing AddPrintProcessor(%s)\n",
+		print_processor_name);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_AddPrintProcessor_r(b, tctx, &r),
+		"spoolss_AddPrintProcessor failed");
+	torture_assert_werr_equal(tctx, r.out.result, expected_error,
+		"spoolss_AddPrintProcessor failed");
+
+	return true;
+}
+
+static bool test_DeletePrintProcessor(struct torture_context *tctx,
+				      struct dcerpc_binding_handle *b,
+				      const char *environment,
+				      const char *print_processor_name,
+				      WERROR expected_error)
+{
+	struct spoolss_DeletePrintProcessor r;
+
+	r.in.server = NULL;
+	r.in.architecture = environment;
+	r.in.print_processor_name = print_processor_name;
+
+	torture_comment(tctx, "Testing DeletePrintProcessor(%s)\n",
+		print_processor_name);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_DeletePrintProcessor_r(b, tctx, &r),
+		"spoolss_DeletePrintProcessor failed");
+	torture_assert_werr_equal(tctx, r.out.result, expected_error,
+		"spoolss_DeletePrintProcessor failed");
+
+	return true;
+}
+
+static bool test_add_print_processor(struct torture_context *tctx,
+				     void *private_data)
+{
+	struct test_spoolss_context *ctx =
+		talloc_get_type_abort(private_data, struct test_spoolss_context);
+	struct dcerpc_pipe *p = ctx->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	int i;
+
+	struct {
+		const char *environment;
+		const char *path_name;
+		const char *print_processor_name;
+		WERROR expected_add_result;
+		WERROR expected_del_result;
+	} tests[] = {
+		{
+			.environment		= ctx->environment,
+			.path_name		= "",
+			.print_processor_name	= "winprint",
+			.expected_add_result	= WERR_PRINT_PROCESSOR_ALREADY_INSTALLED,
+			.expected_del_result	= WERR_CAN_NOT_COMPLETE
+		},{
+			.environment		= ctx->environment,
+			.path_name		= "",
+			.print_processor_name	= "unknown",
+			.expected_add_result	= WERR_MOD_NOT_FOUND,
+			.expected_del_result	= WERR_UNKNOWN_PRINTPROCESSOR
+		}
+	};
+
+	for (i=0; i < ARRAY_SIZE(tests); i++) {
+		torture_assert(tctx,
+			test_AddPrintProcessor(tctx, b,
+					       tests[i].environment,
+					       tests[i].path_name,
+					       tests[i].print_processor_name,
+					       tests[i].expected_add_result),
+			"add print processor failed");
+		torture_assert(tctx,
+			test_DeletePrintProcessor(tctx, b,
+						  tests[i].environment,
+						  tests[i].print_processor_name,
+						  tests[i].expected_del_result),
+			"delete print processor failed");
+	}
+
+	return true;
+}
+
+static bool test_AddPerMachineConnection(struct torture_context *tctx,
+					 struct dcerpc_binding_handle *b,
+					 const char *servername,
+					 const char *printername,
+					 const char *printserver,
+					 const char *provider,
+					 WERROR expected_error)
+{
+	struct spoolss_AddPerMachineConnection r;
+	const char *composed_printername = printername;
+
+	if (servername != NULL) {
+		composed_printername = talloc_asprintf(tctx, "%s\\%s",
+						servername,
+						printername);
+	}
+	r.in.server = servername;
+	r.in.printername = composed_printername;
+	r.in.printserver = printserver;
+	r.in.provider = provider;
+
+	torture_comment(tctx, "Testing AddPerMachineConnection(%s|%s|%s)\n",
+		printername, printserver, provider);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_AddPerMachineConnection_r(b, tctx, &r),
+		"spoolss_AddPerMachineConnection failed");
+	torture_assert_werr_equal(tctx, r.out.result, expected_error,
+		"spoolss_AddPerMachineConnection failed");
+
+	return true;
+}
+
+static bool test_DeletePerMachineConnection(struct torture_context *tctx,
+					    struct dcerpc_binding_handle *b,
+					    const char *servername,
+					    const char *printername,
+					    WERROR expected_error)
+{
+	struct spoolss_DeletePerMachineConnection r;
+	const char *composed_printername = printername;
+
+	if (servername != NULL) {
+		composed_printername = talloc_asprintf(tctx, "%s\\%s",
+						servername,
+						printername);
+	}
+
+	r.in.server = servername;
+	r.in.printername = composed_printername;
+
+	torture_comment(tctx, "Testing DeletePerMachineConnection(%s)\n",
+		printername);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_DeletePerMachineConnection_r(b, tctx, &r),
+		"spoolss_DeletePerMachineConnection failed");
+	torture_assert_werr_equal(tctx, r.out.result, expected_error,
+		"spoolss_DeletePerMachineConnection failed");
+
+	return true;
+}
+
+static bool test_EnumPerMachineConnections(struct torture_context *tctx,
+					   struct dcerpc_binding_handle *b,
+					   const char *servername)
+{
+	struct spoolss_EnumPerMachineConnections r;
+	DATA_BLOB blob = data_blob_null;
+	struct spoolss_PrinterInfo4 *info;
+	uint32_t needed;
+	uint32_t count;
+
+	r.in.server = servername;
+	r.in.buffer = &blob;
+	r.in.offered = 0;
+
+	r.out.info = &info;
+	r.out.needed = &needed;
+	r.out.count = &count;
+
+	torture_comment(tctx, "Testing EnumPerMachineConnections(%s)\n",
+		servername);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_EnumPerMachineConnections_r(b, tctx, &r),
+		"spoolss_EnumPerMachineConnections failed");
+	if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {
+		blob = data_blob_talloc_zero(tctx, needed);
+		r.in.buffer = &blob;
+		r.in.offered = needed;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_spoolss_EnumPerMachineConnections_r(b, tctx, &r),
+			"spoolss_EnumPerMachineConnections failed");
+	}
+	torture_assert_werr_ok(tctx, r.out.result,
+		"spoolss_EnumPerMachineConnections failed");
+
+	return true;
+}
+
+static bool test_addpermachineconnection(struct torture_context *tctx,
+					 void *private_data)
+{
+	struct test_spoolss_context *ctx =
+		talloc_get_type_abort(private_data, struct test_spoolss_context);
+	struct dcerpc_pipe *p = ctx->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	const char *server_name_slash = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	int i;
+
+	struct {
+		const char *servername;
+		const char *printername;
+		const char *printserver;
+		const char *provider;
+		WERROR expected_add_result;
+		WERROR expected_del_result;
+	} tests[] = {
+		{
+			.servername		= NULL,
+			.printername		= "foo",
+			.printserver		= "",
+			.provider		= "unknown",
+			.expected_add_result	= WERR_INVALID_PRINTER_NAME,
+			.expected_del_result	= WERR_INVALID_PRINTER_NAME
+		},{
+			.servername		= NULL,
+			.printername		= "Microsoft Print to PDF",
+			.printserver		= "samba.org",
+			.provider		= "unknown",
+			.expected_add_result	= WERR_INVALID_PRINTER_NAME,
+			.expected_del_result	= WERR_INVALID_PRINTER_NAME
+		},{
+			.servername		= NULL,
+			.printername		= "Microsoft Print to PDF",
+			.printserver		= "samba.org",
+			.provider		= "",
+			.expected_add_result	= WERR_INVALID_PRINTER_NAME,
+			.expected_del_result	= WERR_INVALID_PRINTER_NAME
+		},{
+			.servername		= server_name_slash,
+			.printername		= "foo",
+			.printserver		= "",
+			.provider		= "unknown",
+			.expected_add_result	= WERR_FILE_NOT_FOUND,
+			.expected_del_result	= WERR_INVALID_PRINTER_NAME
+		},{
+			.servername		= server_name_slash,
+			.printername		= "foo",
+			.printserver		= "",
+			.provider		= "",
+			.expected_add_result	= WERR_OK,
+			.expected_del_result	= WERR_OK
+		},{
+			.servername		= server_name_slash,
+			.printername		= "Microsoft Print to PDF",
+			.printserver		= "samba.org",
+			.provider		= "unknown",
+			.expected_add_result	= WERR_FILE_NOT_FOUND,
+			.expected_del_result	= WERR_INVALID_PRINTER_NAME
+		},{
+			.servername		= server_name_slash,
+			.printername		= "Microsoft Print to PDF",
+			.printserver		= "samba.org",
+			.provider		= "",
+			.expected_add_result	= WERR_OK,
+			.expected_del_result	= WERR_OK
+		}
+	};
+
+	for (i=0; i < ARRAY_SIZE(tests); i++) {
+		torture_assert(tctx,
+			test_AddPerMachineConnection(tctx, b,
+						     tests[i].servername,
+						     tests[i].printername,
+						     tests[i].printserver,
+						     tests[i].provider,
+						     tests[i].expected_add_result),
+			"add per machine connection failed");
+		torture_assert(tctx,
+			test_EnumPerMachineConnections(tctx, b,
+						       tests[i].servername),
+			"enum per machine connections failed");
+		torture_assert(tctx,
+			test_DeletePerMachineConnection(tctx, b,
+							tests[i].servername,
+							tests[i].printername,
+							tests[i].expected_del_result),
+			"delete per machine connection failed");
+		torture_assert(tctx,
+			test_EnumPerMachineConnections(tctx, b,
+						       tests[i].servername),
+			"enum per machine connections failed");
+	}
+
+	return true;
+}
+
+static bool test_GetChangeID_PrinterData(struct torture_context *tctx,
+					 struct dcerpc_binding_handle *b,
+					 struct policy_handle *handle,
+					 uint32_t *change_id)
+{
+	enum winreg_Type type;
+	uint8_t *data;
+	uint32_t needed;
+
+	torture_assert(tctx,
+		test_GetPrinterData(tctx, b, handle, "ChangeID", &type, &data, &needed),
+		"failed to call GetPrinterData");
+
+	torture_assert(tctx, type == REG_DWORD, "unexpected type");
+	torture_assert_int_equal(tctx, needed, 4, "unexpected size");
+
+	*change_id = IVAL(data, 0);
+
+	return true;
+}
+
+static bool test_GetChangeID_PrinterDataEx(struct torture_context *tctx,
+					   struct dcerpc_pipe *p,
+					   struct policy_handle *handle,
+					   uint32_t *change_id)
+{
+	enum winreg_Type type = REG_NONE;
+	uint8_t *data = NULL;
+	uint32_t needed = 0;
+
+	torture_assert(tctx,
+		test_GetPrinterDataEx(tctx, p, handle, "PrinterDriverData", "ChangeID", &type, &data, &needed),
+		"failed to call GetPrinterData");
+
+	torture_assert(tctx, type == REG_DWORD, "unexpected type");
+	torture_assert_int_equal(tctx, needed, 4, "unexpected size");
+
+	*change_id = IVAL(data, 0);
+
+	return true;
+}
+
+static bool test_GetChangeID_PrinterInfo(struct torture_context *tctx,
+					 struct dcerpc_binding_handle *b,
+					 struct policy_handle *handle,
+					 uint32_t *change_id)
+{
+	union spoolss_PrinterInfo info;
+
+	torture_assert(tctx, test_GetPrinter_level(tctx, b, handle, 0, &info),
+		"failed to query Printer level 0");
+
+	*change_id = info.info0.change_id;
+
+	return true;
+}
+
+static bool test_ChangeID(struct torture_context *tctx,
+			  struct dcerpc_pipe *p,
+			  struct policy_handle *handle)
+{
+	uint32_t change_id, change_id_ex, change_id_info;
+	uint32_t change_id2, change_id_ex2, change_id_info2;
+	union spoolss_PrinterInfo info;
+	const char *comment;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	torture_comment(tctx, "Testing ChangeID: id change test #1\n");
+
+	torture_assert(tctx, test_GetChangeID_PrinterData(tctx, b, handle, &change_id),
+		"failed to query for ChangeID");
+	torture_assert(tctx, test_GetChangeID_PrinterDataEx(tctx, p, handle, &change_id_ex),
+		"failed to query for ChangeID");
+	torture_assert(tctx, test_GetChangeID_PrinterInfo(tctx, b, handle, &change_id_info),
+		"failed to query for ChangeID");
+
+	torture_assert_int_equal(tctx, change_id, change_id_ex,
+		"change_ids should all be equal");
+	torture_assert_int_equal(tctx, change_id_ex, change_id_info,
+		"change_ids should all be equal");
+
+
+	torture_comment(tctx, "Testing ChangeID: id change test #2\n");
+
+	torture_assert(tctx, test_GetChangeID_PrinterData(tctx, b, handle, &change_id),
+		"failed to query for ChangeID");
+	torture_assert(tctx, test_GetPrinter_level(tctx, b, handle, 2, &info),
+		"failed to query Printer level 2");
+	torture_assert(tctx, test_GetChangeID_PrinterDataEx(tctx, p, handle, &change_id_ex),
+		"failed to query for ChangeID");
+	torture_assert(tctx, test_GetChangeID_PrinterInfo(tctx, b, handle, &change_id_info),
+		"failed to query for ChangeID");
+	torture_assert_int_equal(tctx, change_id, change_id_ex,
+		"change_id should not have changed");
+	torture_assert_int_equal(tctx, change_id_ex, change_id_info,
+		"change_id should not have changed");
+
+
+	torture_comment(tctx, "Testing ChangeID: id change test #3\n");
+
+	torture_assert(tctx, test_GetChangeID_PrinterData(tctx, b, handle, &change_id),
+		"failed to query for ChangeID");
+	torture_assert(tctx, test_GetChangeID_PrinterDataEx(tctx, p, handle, &change_id_ex),
+		"failed to query for ChangeID");
+	torture_assert(tctx, test_GetChangeID_PrinterInfo(tctx, b, handle, &change_id_info),
+		"failed to query for ChangeID");
+	torture_assert(tctx, test_GetPrinter_level(tctx, b, handle, 2, &info),
+		"failed to query Printer level 2");
+	comment = talloc_strdup(tctx, info.info2.comment);
+
+	{
+		struct spoolss_SetPrinterInfoCtr info_ctr;
+		struct spoolss_DevmodeContainer devmode_ctr;
+		struct sec_desc_buf secdesc_ctr;
+		union spoolss_SetPrinterInfo sinfo;
+
+		ZERO_STRUCT(info_ctr);
+		ZERO_STRUCT(devmode_ctr);
+		ZERO_STRUCT(secdesc_ctr);
+
+
+		torture_assert(tctx, PrinterInfo_to_SetPrinterInfo(tctx, &info, 2, &sinfo), "");
+		sinfo.info2->comment	= "torture_comment";
+
+		info_ctr.level = 2;
+		info_ctr.info = sinfo;
+
+		torture_assert(tctx, test_SetPrinter(tctx, b, handle, &info_ctr, &devmode_ctr, &secdesc_ctr, 0),
+			"failed to call SetPrinter");
+
+		sinfo.info2->comment	= comment;
+
+		torture_assert(tctx, test_SetPrinter(tctx, b, handle, &info_ctr, &devmode_ctr, &secdesc_ctr, 0),
+			"failed to call SetPrinter");
+
+	}
+
+	torture_assert(tctx, test_GetChangeID_PrinterData(tctx, b, handle, &change_id2),
+		"failed to query for ChangeID");
+	torture_assert(tctx, test_GetChangeID_PrinterDataEx(tctx, p, handle, &change_id_ex2),
+		"failed to query for ChangeID");
+	torture_assert(tctx, test_GetChangeID_PrinterInfo(tctx, b, handle, &change_id_info2),
+		"failed to query for ChangeID");
+
+	torture_assert_int_equal(tctx, change_id2, change_id_ex2,
+		"change_ids should all be equal");
+	torture_assert_int_equal(tctx, change_id_ex2, change_id_info2,
+		"change_ids should all be equal");
+
+	torture_assert(tctx, (change_id < change_id2),
+		talloc_asprintf(tctx, "change_id %d needs to be larger than change_id %d",
+		change_id2, change_id));
+	torture_assert(tctx, (change_id_ex < change_id_ex2),
+		talloc_asprintf(tctx, "change_id %d needs to be larger than change_id %d",
+		change_id_ex2, change_id_ex));
+	torture_assert(tctx, (change_id_info < change_id_info2),
+		talloc_asprintf(tctx, "change_id %d needs to be larger than change_id %d",
+		change_id_info2, change_id_info));
+
+	torture_comment(tctx, "ChangeID tests succeeded\n\n");
+
+	return true;
+}
+
+static bool test_SecondaryClosePrinter(struct torture_context *tctx,
+				       struct dcerpc_pipe *p,
+				       struct policy_handle *handle)
+{
+	NTSTATUS status;
+	struct cli_credentials *anon_creds;
+	const struct dcerpc_binding *binding2;
+	struct dcerpc_pipe *p2;
+	struct spoolss_ClosePrinter cp;
+
+	/* only makes sense on SMB */
+	if (p->conn->transport.transport != NCACN_NP) {
+		return true;
+	}
+
+	torture_comment(tctx, "Testing close on secondary pipe\n");
+
+	anon_creds = cli_credentials_init_anon(tctx);
+	torture_assert(tctx, anon_creds != NULL, "cli_credentials_init_anon failed");
+
+	binding2 = p->binding;
+	status = dcerpc_secondary_auth_connection(p, binding2, &ndr_table_spoolss,
+						  anon_creds, tctx->lp_ctx,
+						  tctx, &p2);
+	torture_assert_ntstatus_ok(tctx, status, "Failed to create secondary connection");
+
+	cp.in.handle = handle;
+	cp.out.handle = handle;
+
+	status = dcerpc_spoolss_ClosePrinter_r(p2->binding_handle, tctx, &cp);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
+			"ERROR: Allowed close on secondary connection");
+
+	talloc_free(p2);
+
+	return true;
+}
+
+static bool test_OpenPrinter_badname(struct torture_context *tctx,
+				     struct dcerpc_binding_handle *b, const char *name)
+{
+	NTSTATUS status;
+	struct spoolss_OpenPrinter op;
+	struct spoolss_OpenPrinterEx opEx;
+	struct policy_handle handle;
+	bool ret = true;
+
+	op.in.printername	= name;
+	op.in.datatype		= NULL;
+	op.in.devmode_ctr.devmode= NULL;
+	op.in.access_mask	= 0;
+	op.out.handle		= &handle;
+
+	torture_comment(tctx, "Testing OpenPrinter(%s) with bad name\n", op.in.printername);
+
+	status = dcerpc_spoolss_OpenPrinter_r(b, tctx, &op);
+	torture_assert_ntstatus_ok(tctx, status, "OpenPrinter failed");
+	torture_assert_werr_equal(tctx, op.out.result, WERR_INVALID_PRINTER_NAME,
+		"unexpected result");
+
+	if (W_ERROR_IS_OK(op.out.result)) {
+		ret &=test_ClosePrinter(tctx, b, &handle);
+	}
+
+	opEx.in.printername		= name;
+	opEx.in.datatype		= NULL;
+	opEx.in.devmode_ctr.devmode	= NULL;
+	opEx.in.access_mask		= 0;
+	opEx.in.userlevel_ctr.level		= 1;
+	opEx.in.userlevel_ctr.user_info.level1 = NULL;
+	opEx.out.handle			= &handle;
+
+	torture_comment(tctx, "Testing OpenPrinterEx(%s) with bad name\n", opEx.in.printername);
+
+	status = dcerpc_spoolss_OpenPrinterEx_r(b, tctx, &opEx);
+	torture_assert_ntstatus_ok(tctx, status, "OpenPrinterEx failed");
+	torture_assert_werr_equal(tctx, opEx.out.result, WERR_INVALID_PARAMETER,
+		"unexpected result");
+
+	if (W_ERROR_IS_OK(opEx.out.result)) {
+		ret &=test_ClosePrinter(tctx, b, &handle);
+	}
+
+	return ret;
+}
+
+static bool test_OpenPrinter_badname_list(struct torture_context *tctx,
+					  void *private_data)
+{
+	struct test_spoolss_context *ctx =
+		talloc_get_type_abort(private_data, struct test_spoolss_context);
+
+	const char *badnames[] = {
+		"__INVALID_PRINTER__",
+		"\\\\__INVALID_HOST__",
+		"",
+		"\\\\\\",
+		"\\\\\\__INVALID_PRINTER__"
+	};
+	const char *badname;
+	struct dcerpc_pipe *p = ctx->spoolss_pipe;
+	const char *server_name = dcerpc_server_name(p);
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	int i;
+
+	for (i=0; i < ARRAY_SIZE(badnames); i++) {
+		torture_assert(tctx,
+			test_OpenPrinter_badname(tctx, b, badnames[i]),
+			"");
+	}
+
+	badname = talloc_asprintf(tctx, "\\\\%s\\", server_name);
+	torture_assert(tctx,
+		test_OpenPrinter_badname(tctx, b, badname),
+		"");
+
+	badname = talloc_asprintf(tctx, "\\\\%s\\__INVALID_PRINTER__", server_name);
+	torture_assert(tctx,
+		test_OpenPrinter_badname(tctx, b, badname),
+		"");
+
+	return true;
+}
+
+static bool test_OpenPrinter(struct torture_context *tctx,
+			     struct dcerpc_pipe *p,
+			     const char *name,
+			     const char *environment,
+			     bool open_only)
+{
+	NTSTATUS status;
+	struct spoolss_OpenPrinter r;
+	struct policy_handle handle;
+	bool ret = true;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.printername	= name;
+	r.in.datatype		= NULL;
+	r.in.devmode_ctr.devmode= NULL;
+	r.in.access_mask	= SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.handle		= &handle;
+
+	torture_comment(tctx, "Testing OpenPrinter(%s)\n", r.in.printername);
+
+	status = dcerpc_spoolss_OpenPrinter_r(b, tctx, &r);
+
+	torture_assert_ntstatus_ok(tctx, status, "OpenPrinter failed");
+
+	torture_assert_werr_ok(tctx, r.out.result, "OpenPrinter failed");
+
+	if (open_only) {
+		goto close_printer;
+	}
+
+	if (!test_GetPrinter(tctx, b, &handle, environment)) {
+		ret = false;
+	}
+
+	if (!torture_setting_bool(tctx, "samba3", false)) {
+		if (!test_SecondaryClosePrinter(tctx, p, &handle)) {
+			ret = false;
+		}
+	}
+
+ close_printer:
+	if (!test_ClosePrinter(tctx, b, &handle)) {
+		ret = false;
+	}
+
+	return ret;
+}
+
+static bool test_OpenPrinterEx(struct torture_context *tctx,
+			       struct dcerpc_binding_handle *b,
+			       const char *printername,
+			       const char *datatype,
+			       struct spoolss_DeviceMode *devmode,
+			       uint32_t access_mask,
+			       struct spoolss_UserLevelCtr *userlevel_ctr,
+			       struct policy_handle *handle,
+			       WERROR expected_result)
+{
+	struct spoolss_OpenPrinterEx r;
+
+	r.in.printername	= printername;
+	r.in.datatype		= datatype;
+	r.in.devmode_ctr.devmode= devmode;
+	r.in.access_mask	= access_mask;
+	r.in.userlevel_ctr	= *userlevel_ctr;
+	r.out.handle		= handle;
+
+	torture_comment(tctx, "Testing OpenPrinterEx(%s)\n", r.in.printername);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_OpenPrinterEx_r(b, tctx, &r),
+		"OpenPrinterEx failed");
+
+	torture_assert_werr_equal(tctx, r.out.result, expected_result,
+		"OpenPrinterEx failed");
+
+	return true;
+}
+
+static bool call_OpenPrinterEx(struct torture_context *tctx,
+			       struct dcerpc_pipe *p,
+			       const char *name,
+			       struct spoolss_DeviceMode *devmode,
+			       struct policy_handle *handle)
+{
+	struct spoolss_UserLevelCtr userlevel_ctr;
+	struct spoolss_UserLevel1 userlevel1;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	userlevel1.size = 1234;
+	userlevel1.client = "hello";
+	userlevel1.user = "spottyfoot!";
+	userlevel1.build = 1;
+	userlevel1.major = 2;
+	userlevel1.minor = 3;
+	userlevel1.processor = 4;
+
+	userlevel_ctr.level = 1;
+	userlevel_ctr.user_info.level1 = &userlevel1;
+
+	return test_OpenPrinterEx(tctx, b, name, NULL, devmode,
+				  SEC_FLAG_MAXIMUM_ALLOWED,
+				  &userlevel_ctr,
+				  handle,
+				  WERR_OK);
+}
+
+static bool test_printer_rename(struct torture_context *tctx,
+				void *private_data)
+{
+	struct torture_printer_context *t =
+		(struct torture_printer_context *)talloc_get_type_abort(private_data, struct torture_printer_context);
+	struct dcerpc_pipe *p = t->spoolss_pipe;
+
+	bool ret = true;
+	union spoolss_PrinterInfo info;
+	union spoolss_SetPrinterInfo sinfo;
+	struct spoolss_SetPrinterInfoCtr info_ctr;
+	struct spoolss_DevmodeContainer devmode_ctr;
+	struct sec_desc_buf secdesc_ctr;
+	const char *printer_name;
+	const char *printer_name_orig;
+	const char *printer_name_new = "SAMBA smbtorture Test Printer (Copy 2)";
+	struct policy_handle new_handle;
+	const char *q;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	ZERO_STRUCT(devmode_ctr);
+	ZERO_STRUCT(secdesc_ctr);
+
+	torture_comment(tctx, "Testing Printer rename operations\n");
+
+	torture_assert(tctx,
+		test_GetPrinter_level(tctx, b, &t->handle, 2, &info),
+		"failed to call GetPrinter level 2");
+
+	printer_name_orig = talloc_strdup(tctx, info.info2.printername);
+
+	q = strrchr(info.info2.printername, '\\');
+	if (q) {
+		torture_warning(tctx,
+			"server returns printername %s incl. servername although we did not set servername", info.info2.printername);
+	}
+
+	torture_assert(tctx,
+		PrinterInfo_to_SetPrinterInfo(tctx, &info, 2, &sinfo), "");
+
+	sinfo.info2->printername = printer_name_new;
+
+	info_ctr.level = 2;
+	info_ctr.info = sinfo;
+
+	torture_assert(tctx,
+		test_SetPrinter(tctx, b, &t->handle, &info_ctr, &devmode_ctr, &secdesc_ctr, 0),
+		"failed to call SetPrinter level 2");
+
+	torture_assert(tctx,
+		test_GetPrinter_level(tctx, b, &t->handle, 2, &info),
+		"failed to call GetPrinter level 2");
+
+	printer_name = talloc_strdup(tctx, info.info2.printername);
+
+	q = strrchr(info.info2.printername, '\\');
+	if (q) {
+		torture_warning(tctx,
+			"server returns printername %s incl. servername although we did not set servername", info.info2.printername);
+		q++;
+		printer_name = q;
+	}
+
+	torture_assert_str_equal(tctx, printer_name, printer_name_new,
+		"new printer name was not set");
+
+	/* samba currently cannot fully rename printers */
+	if (!torture_setting_bool(tctx, "samba3", false)) {
+		torture_assert(tctx,
+			test_OpenPrinter_badname(tctx, b, printer_name_orig),
+			"still can open printer with oldname after rename");
+	} else {
+		torture_warning(tctx, "*not* checking for open with oldname after rename for samba3");
+	}
+
+	torture_assert(tctx,
+		call_OpenPrinterEx(tctx, p, printer_name_new, NULL, &new_handle),
+		"failed to open printer with new name");
+
+	torture_assert(tctx,
+		test_GetPrinter_level(tctx, b, &new_handle, 2, &info),
+		"failed to call GetPrinter level 2");
+
+	torture_assert_str_equal(tctx, info.info2.printername, printer_name_new,
+		"new printer name was not set");
+
+	torture_assert(tctx,
+		test_ClosePrinter(tctx, b, &new_handle),
+		"failed to close printer");
+
+	torture_comment(tctx, "Printer rename operations test succeeded\n\n");
+
+	return ret;
+}
+
+static bool test_openprinter(struct torture_context *tctx,
+			     struct dcerpc_binding_handle *b,
+			     const char *real_printername)
+{
+	struct spoolss_UserLevelCtr userlevel_ctr;
+	struct policy_handle handle;
+	struct spoolss_UserLevel1 userlevel1;
+	const char *printername = NULL;
+	int i;
+
+	struct {
+		const char *suffix;
+		WERROR expected_result;
+	} tests[] = {
+		{
+			.suffix			= "rubbish",
+			.expected_result	= WERR_INVALID_PRINTER_NAME
+		},{
+			.suffix			= ", LocalOnl",
+			.expected_result	= WERR_INVALID_PRINTER_NAME
+		},{
+			.suffix			= ", localOnly",
+			.expected_result	= WERR_INVALID_PRINTER_NAME
+		},{
+			.suffix			= ", localonl",
+			.expected_result	= WERR_INVALID_PRINTER_NAME
+		},{
+			.suffix			= ",LocalOnl",
+			.expected_result	= WERR_INVALID_PRINTER_NAME
+		},{
+			.suffix			= ",localOnl2",
+			.expected_result	= WERR_INVALID_PRINTER_NAME
+		},{
+			.suffix			= ", DrvConver2t",
+			.expected_result	= WERR_INVALID_PRINTER_NAME
+		},{
+			.suffix			= ", drvconvert",
+			.expected_result	= WERR_INVALID_PRINTER_NAME
+		},{
+			.suffix			= ",drvconvert",
+			.expected_result	= WERR_INVALID_PRINTER_NAME
+		},{
+			.suffix			= ", DrvConvert",
+			.expected_result	= WERR_OK
+		},{
+			.suffix			= " , DrvConvert",
+			.expected_result	= WERR_INVALID_PRINTER_NAME
+		},{
+			.suffix			= ",DrvConvert",
+			.expected_result	= WERR_OK
+		},{
+			.suffix			= ", DrvConvertsadfasdf",
+			.expected_result	= WERR_OK
+		},{
+			.suffix			= ",DrvConvertasdfasd",
+			.expected_result	= WERR_OK
+		},{
+			.suffix			= ", LocalOnly",
+			.expected_result	= WERR_OK
+		},{
+			.suffix			= " , LocalOnly",
+			.expected_result	= WERR_INVALID_PRINTER_NAME
+		},{
+			.suffix			= ",LocalOnly",
+			.expected_result	= WERR_OK
+		},{
+			.suffix			= ", LocalOnlysagi4gjfkd",
+			.expected_result	= WERR_OK
+		},{
+			.suffix			= ",LocalOnlysagi4gjfkd",
+			.expected_result	= WERR_OK
+		}
+	};
+
+	userlevel1.size = 1234;
+	userlevel1.client = "hello";
+	userlevel1.user = "spottyfoot!";
+	userlevel1.build = 1;
+	userlevel1.major = 2;
+	userlevel1.minor = 3;
+	userlevel1.processor = 4;
+
+	userlevel_ctr.level = 1;
+	userlevel_ctr.user_info.level1 = &userlevel1;
+
+	torture_comment(tctx, "Testing openprinterex printername pattern\n");
+
+	torture_assert(tctx,
+		test_OpenPrinterEx(tctx, b, real_printername, NULL, NULL, 0,
+				   &userlevel_ctr, &handle,
+				   WERR_OK),
+		"OpenPrinterEx failed");
+	test_ClosePrinter(tctx, b, &handle);
+
+	for (i=0; i < ARRAY_SIZE(tests); i++) {
+
+		printername = talloc_asprintf(tctx, "%s%s",
+					      real_printername,
+					      tests[i].suffix);
+
+		torture_assert(tctx,
+			test_OpenPrinterEx(tctx, b, printername, NULL, NULL, 0,
+					   &userlevel_ctr, &handle,
+					   tests[i].expected_result),
+			"OpenPrinterEx failed");
+		if (W_ERROR_IS_OK(tests[i].expected_result)) {
+			test_ClosePrinter(tctx, b, &handle);
+		}
+	}
+
+	return true;
+}
+
+
+static bool test_existing_printer_openprinterex(struct torture_context *tctx,
+						struct dcerpc_pipe *p,
+						const char *name,
+						const char *environment)
+{
+	struct policy_handle handle;
+	bool ret = true;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (!test_openprinter(tctx, b, name)) {
+		return false;
+	}
+
+	if (!call_OpenPrinterEx(tctx, p, name, NULL, &handle)) {
+		return false;
+	}
+
+	if (!test_PrinterInfo_SD(tctx, b, &handle)) {
+		ret = false;
+	}
+
+	if (!test_GetPrinter(tctx, b, &handle, environment)) {
+		ret = false;
+	}
+
+	if (!test_EnumForms_all(tctx, b, &handle, false)) {
+		ret = false;
+	}
+
+	if (!test_Forms(tctx, b, &handle, false, name, NULL, NULL)) {
+		ret = false;
+	}
+
+	if (!test_Forms_winreg(tctx, b, &handle, false, name)) {
+		ret = false;
+	}
+
+	if (!test_EnumPrinterData_all(tctx, p, &handle)) {
+		ret = false;
+	}
+
+	if (!test_EnumPrinterDataEx(tctx, b, &handle, "PrinterDriverData", NULL, NULL)) {
+		ret = false;
+	}
+
+	if (!test_EnumPrinterData_consistency(tctx, p, &handle)) {
+		ret = false;
+	}
+
+	if (!test_printer_all_keys(tctx, b, &handle)) {
+		ret = false;
+	}
+
+	if (!test_PausePrinter(tctx, b, &handle)) {
+		ret = false;
+	}
+
+	if (!test_DoPrintTest(tctx, b, &handle)) {
+		ret = false;
+	}
+
+	if (!test_ResumePrinter(tctx, b, &handle)) {
+		ret = false;
+	}
+
+	if (!test_SetPrinterData_matrix(tctx, b, &handle, name, NULL, NULL)) {
+		ret = false;
+	}
+
+	if (!test_SetPrinterDataEx_matrix(tctx, p, &handle, name, NULL, NULL)) {
+		ret = false;
+	}
+
+	if (!torture_setting_bool(tctx, "samba3", false)) {
+		if (!test_SecondaryClosePrinter(tctx, p, &handle)) {
+			ret = false;
+		}
+	}
+
+	if (!test_ClosePrinter(tctx, b, &handle)) {
+		ret = false;
+	}
+
+	return ret;
+}
+
+static bool test_EnumPrinters_old(struct torture_context *tctx,
+				  void *private_data)
+{
+	struct test_spoolss_context *ctx =
+		talloc_get_type_abort(private_data, struct test_spoolss_context);
+	struct spoolss_EnumPrinters r;
+	NTSTATUS status;
+	uint16_t levels[] = {1, 2, 4, 5};
+	int i;
+	bool ret = true;
+	struct dcerpc_pipe *p = ctx->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		union spoolss_PrinterInfo *info;
+		int j;
+		uint32_t needed;
+		uint32_t count;
+
+		r.in.flags	= PRINTER_ENUM_LOCAL;
+		r.in.server	= "";
+		r.in.level	= levels[i];
+		r.in.buffer	= NULL;
+		r.in.offered	= 0;
+		r.out.needed	= &needed;
+		r.out.count	= &count;
+		r.out.info	= &info;
+
+		torture_comment(tctx, "Testing EnumPrinters level %u\n", r.in.level);
+
+		status = dcerpc_spoolss_EnumPrinters_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "EnumPrinters failed");
+
+		if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {
+			DATA_BLOB blob = data_blob_talloc_zero(tctx, needed);
+			r.in.buffer = &blob;
+			r.in.offered = needed;
+			status = dcerpc_spoolss_EnumPrinters_r(b, tctx, &r);
+		}
+
+		torture_assert_ntstatus_ok(tctx, status, "EnumPrinters failed");
+
+		torture_assert_werr_ok(tctx, r.out.result, "EnumPrinters failed");
+
+		CHECK_NEEDED_SIZE_ENUM_LEVEL(spoolss_EnumPrinters, info, r.in.level, count, needed, 4);
+
+		if (!info) {
+			torture_comment(tctx, "No printers returned\n");
+			return true;
+		}
+
+		for (j=0;j<count;j++) {
+			if (r.in.level == 1) {
+				char *unc = talloc_strdup(tctx, info[j].info1.name);
+				char *slash, *name, *full_name;
+				name = unc;
+				if (unc[0] == '\\' && unc[1] == '\\') {
+					unc +=2;
+				}
+				slash = strchr(unc, '\\');
+				if (slash) {
+					slash++;
+					name = slash;
+				}
+				full_name = talloc_asprintf(tctx, "\\\\%s\\%s",
+							    dcerpc_server_name(p), name);
+				if (!test_OpenPrinter(tctx, p, name, ctx->environment, true)) {
+					ret = false;
+				}
+				if (!test_OpenPrinter(tctx, p, full_name, ctx->environment, true)) {
+					ret = false;
+				}
+				if (!test_OpenPrinter(tctx, p, name, ctx->environment, false)) {
+					ret = false;
+				}
+				if (!test_existing_printer_openprinterex(tctx, p, name, ctx->environment)) {
+					ret = false;
+				}
+			}
+		}
+	}
+
+	return ret;
+}
+
+static bool test_EnumPrinters_level(struct torture_context *tctx,
+				    struct dcerpc_binding_handle *b,
+				    uint32_t flags,
+				    const char *servername,
+				    uint32_t level,
+				    uint32_t *count_p,
+				    union spoolss_PrinterInfo **info_p)
+{
+	struct spoolss_EnumPrinters r;
+	union spoolss_PrinterInfo *info;
+	uint32_t needed;
+	uint32_t count;
+
+	r.in.flags	= flags;
+	r.in.server	= servername;
+	r.in.level	= level;
+	r.in.buffer	= NULL;
+	r.in.offered	= 0;
+	r.out.needed	= &needed;
+	r.out.count	= &count;
+	r.out.info	= &info;
+
+	torture_comment(tctx, "Testing EnumPrinters(%s) level %u\n",
+		r.in.server, r.in.level);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_EnumPrinters_r(b, tctx, &r),
+		"EnumPrinters failed");
+	if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {
+		DATA_BLOB blob = data_blob_talloc_zero(tctx, needed);
+		r.in.buffer = &blob;
+		r.in.offered = needed;
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_spoolss_EnumPrinters_r(b, tctx, &r),
+			"EnumPrinters failed");
+	}
+
+	torture_assert_werr_ok(tctx, r.out.result, "EnumPrinters failed");
+
+	CHECK_NEEDED_SIZE_ENUM_LEVEL(spoolss_EnumPrinters, info, r.in.level, count, needed, 4);
+
+	if (count_p) {
+		*count_p = count;
+	}
+	if (info_p) {
+		*info_p = info;
+	}
+
+	return true;
+}
+
+static const char *get_short_printername(struct torture_context *tctx,
+					 const char *name)
+{
+	const char *short_name;
+
+	if (name[0] == '\\' && name[1] == '\\') {
+		name += 2;
+		short_name = strchr(name, '\\');
+		if (short_name) {
+			return talloc_strdup(tctx, short_name+1);
+		}
+	}
+
+	return name;
+}
+
+static const char *get_full_printername(struct torture_context *tctx,
+					const char *name)
+{
+	const char *full_name = talloc_strdup(tctx, name);
+	char *p;
+
+	if (name && name[0] == '\\' && name[1] == '\\') {
+		name += 2;
+		p = strchr(name, '\\');
+		if (p) {
+			return full_name;
+		}
+	}
+
+	return NULL;
+}
+
+static bool test_OnePrinter_servername(struct torture_context *tctx,
+				       struct dcerpc_pipe *p,
+				       struct dcerpc_binding_handle *b,
+				       const char *servername,
+				       const char *printername)
+{
+	union spoolss_PrinterInfo info;
+	const char *short_name = get_short_printername(tctx, printername);
+	const char *full_name = get_full_printername(tctx, printername);
+
+	if (short_name) {
+		struct policy_handle handle;
+		torture_assert(tctx,
+			call_OpenPrinterEx(tctx, p, short_name, NULL, &handle),
+			"failed to open printer");
+
+		torture_assert(tctx,
+			test_GetPrinter_level(tctx, b, &handle, 2, &info),
+			"failed to get printer info");
+
+		torture_assert_casestr_equal(tctx, info.info2.servername, NULL,
+			"unexpected servername");
+		torture_assert_casestr_equal(tctx, info.info2.printername, short_name,
+			"unexpected printername");
+
+		if (info.info2.devmode) {
+			const char *expected_devicename;
+			expected_devicename = talloc_strndup(tctx, short_name, MIN(strlen(short_name), 31));
+			torture_assert_casestr_equal(tctx, info.info2.devmode->devicename, expected_devicename,
+				"unexpected devicemode devicename");
+		}
+
+		torture_assert(tctx,
+			test_ClosePrinter(tctx, b, &handle),
+			"failed to close printer");
+	}
+
+	if (full_name) {
+		struct policy_handle handle;
+
+		torture_assert(tctx,
+			call_OpenPrinterEx(tctx, p, full_name, NULL, &handle),
+			"failed to open printer");
+
+		torture_assert(tctx,
+			test_GetPrinter_level(tctx, b, &handle, 2, &info),
+			"failed to get printer info");
+
+		torture_assert_casestr_equal(tctx, info.info2.servername, servername,
+			"unexpected servername");
+		torture_assert_casestr_equal(tctx, info.info2.printername, full_name,
+			"unexpected printername");
+
+		if (info.info2.devmode) {
+			const char *expected_devicename;
+			expected_devicename = talloc_strndup(tctx, full_name, MIN(strlen(full_name), 31));
+			torture_assert_casestr_equal(tctx, info.info2.devmode->devicename, expected_devicename,
+				"unexpected devicemode devicename");
+		}
+
+		torture_assert(tctx,
+			test_ClosePrinter(tctx, b, &handle),
+			"failed to close printer");
+	}
+
+	return true;
+}
+
+static bool test_EnumPrinters_servername(struct torture_context *tctx,
+					 void *private_data)
+{
+	struct test_spoolss_context *ctx =
+		talloc_get_type_abort(private_data, struct test_spoolss_context);
+	int i;
+	struct dcerpc_pipe *p = ctx->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	uint32_t count;
+	union spoolss_PrinterInfo *info;
+	const char *servername;
+	uint32_t flags = PRINTER_ENUM_NAME|PRINTER_ENUM_LOCAL;
+
+	torture_comment(tctx, "Testing servername behaviour in EnumPrinters and GetPrinters\n");
+
+	servername = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+
+	torture_assert(tctx,
+		test_EnumPrinters_level(tctx, b, flags, servername, 2, &count, &info),
+		"failed to enumerate printers");
+
+	for (i=0; i < count; i++) {
+
+		torture_assert_casestr_equal(tctx, info[i].info2.servername, servername,
+			"unexpected servername");
+
+		torture_assert(tctx,
+			test_OnePrinter_servername(tctx, p, b, servername, info[i].info2.printername),
+			"failed to check printer");
+	}
+
+	servername = "";
+
+	torture_assert(tctx,
+		test_EnumPrinters_level(tctx, b, flags, servername, 2, &count, &info),
+		"failed to enumerate printers");
+
+	for (i=0; i < count; i++) {
+
+		torture_assert_casestr_equal(tctx, info[i].info2.servername, NULL,
+			"unexpected servername");
+
+		torture_assert(tctx,
+			test_OnePrinter_servername(tctx, p, b, servername, info[i].info2.printername),
+			"failed to check printer");
+	}
+
+
+	return true;
+}
+
+#if 0
+static bool test_GetPrinterDriver(struct torture_context *tctx,
+				  struct dcerpc_binding_handle *b,
+				  struct policy_handle *handle,
+				  const char *driver_name)
+{
+	struct spoolss_GetPrinterDriver r;
+	uint32_t needed;
+
+	r.in.handle = handle;
+	r.in.architecture = "W32X86";
+	r.in.level = 1;
+	r.in.buffer = NULL;
+	r.in.offered = 0;
+	r.out.needed = &needed;
+
+	torture_comment(tctx, "Testing GetPrinterDriver level %d\n", r.in.level);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_spoolss_GetPrinterDriver_r(b, tctx, &r),
+		"failed to call GetPrinterDriver");
+	if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {
+		DATA_BLOB blob = data_blob_talloc_zero(tctx, needed);
+		r.in.buffer = &blob;
+		r.in.offered = needed;
+		torture_assert_ntstatus_ok(tctx, dcerpc_spoolss_GetPrinterDriver_r(b, tctx, &r),
+			"failed to call GetPrinterDriver");
+	}
+
+	torture_assert_werr_ok(tctx, r.out.result,
+		"failed to call GetPrinterDriver");
+
+	CHECK_NEEDED_SIZE_LEVEL(spoolss_DriverInfo, r.out.info, r.in.level, needed, 4);
+
+	return true;
+}
+#endif
+
+static bool test_GetPrinterDriver2_level(struct torture_context *tctx,
+					 struct dcerpc_binding_handle *b,
+					 struct policy_handle *handle,
+					 const char *driver_name,
+					 const char *architecture,
+					 uint32_t level,
+					 uint32_t client_major_version,
+					 uint32_t client_minor_version,
+					 union spoolss_DriverInfo *info_p,
+					 WERROR *result_p)
+
+{
+	struct spoolss_GetPrinterDriver2 r;
+	uint32_t needed;
+	uint32_t server_major_version;
+	uint32_t server_minor_version;
+
+	r.in.handle = handle;
+	r.in.architecture = architecture;
+	r.in.client_major_version = client_major_version;
+	r.in.client_minor_version = client_minor_version;
+	r.in.buffer = NULL;
+	r.in.offered = 0;
+	r.in.level = level;
+	r.out.needed = &needed;
+	r.out.server_major_version = &server_major_version;
+	r.out.server_minor_version = &server_minor_version;
+
+	torture_comment(tctx, "Testing GetPrinterDriver2(%s) level %d\n",
+		driver_name, r.in.level);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_GetPrinterDriver2_r(b, tctx, &r),
+		"failed to call GetPrinterDriver2");
+	if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {
+		DATA_BLOB blob = data_blob_talloc_zero(tctx, needed);
+		r.in.buffer = &blob;
+		r.in.offered = needed;
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_spoolss_GetPrinterDriver2_r(b, tctx, &r),
+			"failed to call GetPrinterDriver2");
+	}
+
+	if (result_p) {
+		*result_p = r.out.result;
+	}
+
+	if (W_ERROR_EQUAL(r.out.result, WERR_INVALID_LEVEL)) {
+		switch (r.in.level) {
+		case 101:
+		case 8:
+			torture_comment(tctx,
+				"level %d not implemented, not considering as an error\n",
+				r.in.level);
+			return true;
+		default:
+			break;
+		}
+	}
+
+	torture_assert_werr_ok(tctx, r.out.result,
+		"failed to call GetPrinterDriver2");
+
+	CHECK_NEEDED_SIZE_LEVEL(spoolss_DriverInfo, r.out.info, r.in.level, needed, 4);
+
+	if (info_p) {
+		*info_p = *r.out.info;
+	}
+
+	return true;
+}
+
+static bool test_GetPrinterDriver2(struct torture_context *tctx,
+				   struct dcerpc_binding_handle *b,
+				   struct policy_handle *handle,
+				   const char *driver_name,
+				   const char *architecture)
+{
+	uint16_t levels[] = {1, 2, 3, 4, 5, 6, 8, 101 };
+	int i;
+
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+
+		torture_assert(tctx,
+			test_GetPrinterDriver2_level(tctx, b, handle, driver_name, architecture, levels[i], 3, 0, NULL, NULL),
+			"");
+	}
+
+	return true;
+}
+
+static bool test_EnumPrinterDrivers_old(struct torture_context *tctx,
+					void *private_data)
+{
+	struct test_spoolss_context *ctx =
+		talloc_get_type_abort(private_data, struct test_spoolss_context);
+	uint16_t levels[] = {1, 2, 3, 4, 5, 6};
+	int i;
+	struct dcerpc_pipe *p = ctx->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	const char *server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+
+		uint32_t count;
+		union spoolss_DriverInfo *info;
+
+		torture_assert(tctx,
+			test_EnumPrinterDrivers_args(tctx, b, server_name, ctx->environment, levels[i], &count, &info),
+			"failed to enumerate drivers");
+
+		if (!info) {
+			torture_comment(tctx, "No printer drivers returned\n");
+			break;
+		}
+	}
+
+	return true;
+}
+
+static bool test_DeletePrinter(struct torture_context *tctx,
+			       struct dcerpc_binding_handle *b,
+			       struct policy_handle *handle)
+{
+	struct spoolss_DeletePrinter r;
+
+	torture_comment(tctx, "Testing DeletePrinter\n");
+
+	r.in.handle = handle;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_spoolss_DeletePrinter_r(b, tctx, &r),
+		"failed to delete printer");
+	torture_assert_werr_ok(tctx, r.out.result,
+		"failed to delete printer");
+
+	return true;
+}
+
+static bool test_EnumPrinters_findname(struct torture_context *tctx,
+				       struct dcerpc_binding_handle *b,
+				       uint32_t flags,
+				       uint32_t level,
+				       const char *name,
+				       bool *found)
+{
+	struct spoolss_EnumPrinters e;
+	uint32_t count;
+	union spoolss_PrinterInfo *info;
+	uint32_t needed;
+	int i;
+
+	*found = false;
+
+	e.in.flags = flags;
+	e.in.server = NULL;
+	e.in.level = level;
+	e.in.buffer = NULL;
+	e.in.offered = 0;
+	e.out.count = &count;
+	e.out.info = &info;
+	e.out.needed = &needed;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_spoolss_EnumPrinters_r(b, tctx, &e),
+		"failed to enum printers");
+
+	if (W_ERROR_EQUAL(e.out.result, WERR_INSUFFICIENT_BUFFER)) {
+		DATA_BLOB blob = data_blob_talloc_zero(tctx, needed);
+		e.in.buffer = &blob;
+		e.in.offered = needed;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_spoolss_EnumPrinters_r(b, tctx, &e),
+			"failed to enum printers");
+	}
+
+	torture_assert_werr_ok(tctx, e.out.result,
+		"failed to enum printers");
+
+	for (i=0; i < count; i++) {
+
+		const char *current = NULL;
+		const char *q;
+
+		switch (level) {
+		case 1:
+			current = info[i].info1.name;
+			break;
+		}
+
+		if (strequal(current, name)) {
+			*found = true;
+			break;
+		}
+
+		q = strrchr(current, '\\');
+		if (q) {
+			if (!e.in.server) {
+				torture_warning(tctx,
+					"server returns printername %s incl. servername although we did not set servername", current);
+			}
+			q++;
+			if (strequal(q, name)) {
+				*found = true;
+				break;
+			}
+		}
+	}
+
+	return true;
+}
+
+static bool test_AddPrinter_wellknown(struct torture_context *tctx,
+				      struct dcerpc_pipe *p,
+				      const char *printername,
+				      bool ex)
+{
+	WERROR result;
+	struct spoolss_AddPrinter r;
+	struct spoolss_AddPrinterEx rex;
+	struct spoolss_SetPrinterInfoCtr info_ctr;
+	struct spoolss_SetPrinterInfo1 info1;
+	struct spoolss_DevmodeContainer devmode_ctr;
+	struct sec_desc_buf secdesc_ctr;
+	struct spoolss_UserLevelCtr userlevel_ctr;
+	struct policy_handle handle;
+	bool found = false;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	ZERO_STRUCT(devmode_ctr);
+	ZERO_STRUCT(secdesc_ctr);
+	ZERO_STRUCT(userlevel_ctr);
+	ZERO_STRUCT(info1);
+
+	torture_comment(tctx, "Testing AddPrinter%s(%s) level 1\n",
+			ex ? "Ex":"", printername);
+
+	/* try to add printer to wellknown printer list (level 1) */
+
+	userlevel_ctr.level = 1;
+
+	info_ctr.info.info1 = &info1;
+	info_ctr.level = 1;
+
+	rex.in.server = NULL;
+	rex.in.info_ctr = &info_ctr;
+	rex.in.devmode_ctr = &devmode_ctr;
+	rex.in.secdesc_ctr = &secdesc_ctr;
+	rex.in.userlevel_ctr = &userlevel_ctr;
+	rex.out.handle = &handle;
+
+	r.in.server = NULL;
+	r.in.info_ctr = &info_ctr;
+	r.in.devmode_ctr = &devmode_ctr;
+	r.in.secdesc_ctr = &secdesc_ctr;
+	r.out.handle = &handle;
+
+	torture_assert_ntstatus_ok(tctx, ex ? dcerpc_spoolss_AddPrinterEx_r(b, tctx, &rex) :
+					      dcerpc_spoolss_AddPrinter_r(b, tctx, &r),
+		"failed to add printer");
+	result = ex ? rex.out.result : r.out.result;
+	torture_assert_werr_equal(tctx, result, WERR_INVALID_PRINTER_NAME,
+		"unexpected result code");
+
+	info1.name = printername;
+	info1.flags = PRINTER_ATTRIBUTE_SHARED;
+
+	torture_assert_ntstatus_ok(tctx, ex ? dcerpc_spoolss_AddPrinterEx_r(b, tctx, &rex) :
+					      dcerpc_spoolss_AddPrinter_r(b, tctx, &r),
+		"failed to add printer");
+	result = ex ? rex.out.result : r.out.result;
+	torture_assert_werr_equal(tctx, result, WERR_PRINTER_ALREADY_EXISTS,
+		"unexpected result code");
+
+	/* bizarre protocol, WERR_PRINTER_ALREADY_EXISTS means success here,
+	   better do a real check to see the printer is really there */
+
+	torture_assert(tctx, test_EnumPrinters_findname(tctx, b,
+							PRINTER_ENUM_NETWORK, 1,
+							printername,
+							&found),
+			"failed to enum printers");
+
+	torture_assert(tctx, found, "failed to find newly added printer");
+
+	info1.flags = 0;
+
+	torture_assert_ntstatus_ok(tctx, ex ? dcerpc_spoolss_AddPrinterEx_r(b, tctx, &rex) :
+					      dcerpc_spoolss_AddPrinter_r(b, tctx, &r),
+		"failed to add printer");
+	result = ex ? rex.out.result : r.out.result;
+	torture_assert_werr_equal(tctx, result, WERR_PRINTER_ALREADY_EXISTS,
+		"unexpected result code");
+
+	/* bizarre protocol, WERR_PRINTER_ALREADY_EXISTS means success here,
+	   better do a real check to see the printer has really been removed
+	   from the well known printer list */
+
+	found = false;
+
+	torture_assert(tctx, test_EnumPrinters_findname(tctx, b,
+							PRINTER_ENUM_NETWORK, 1,
+							printername,
+							&found),
+			"failed to enum printers");
+#if 0
+	torture_assert(tctx, !found, "printer still in well known printer list");
+#endif
+	return true;
+}
+
+static bool test_AddPrinter_normal(struct torture_context *tctx,
+				   struct dcerpc_pipe *p,
+				   struct policy_handle *handle_p,
+				   const char *printername,
+				   const char *drivername,
+				   const char *portname,
+				   struct spoolss_DeviceMode *devmode,
+				   bool ex)
+{
+	WERROR result;
+	struct spoolss_AddPrinter r;
+	struct spoolss_AddPrinterEx rex;
+	struct spoolss_SetPrinterInfoCtr info_ctr;
+	struct spoolss_SetPrinterInfo2 info2;
+	struct spoolss_DevmodeContainer devmode_ctr;
+	struct sec_desc_buf secdesc_ctr;
+	struct spoolss_UserLevelCtr userlevel_ctr;
+	struct policy_handle handle;
+	bool found = false;
+	bool existing_printer_deleted = false;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	ZERO_STRUCT(devmode_ctr);
+	ZERO_STRUCT(secdesc_ctr);
+	ZERO_STRUCT(userlevel_ctr);
+
+	torture_comment(tctx, "Testing AddPrinter%s(%s) level 2\n",
+			ex ? "Ex":"", printername);
+
+	devmode_ctr.devmode = devmode;
+
+	userlevel_ctr.level = 1;
+
+	rex.in.server = NULL;
+	rex.in.info_ctr = &info_ctr;
+	rex.in.devmode_ctr = &devmode_ctr;
+	rex.in.secdesc_ctr = &secdesc_ctr;
+	rex.in.userlevel_ctr = &userlevel_ctr;
+	rex.out.handle = &handle;
+
+	r.in.server = NULL;
+	r.in.info_ctr = &info_ctr;
+	r.in.devmode_ctr = &devmode_ctr;
+	r.in.secdesc_ctr = &secdesc_ctr;
+	r.out.handle = &handle;
+
+ again:
+
+	/* try to add printer to printer list (level 2) */
+
+	ZERO_STRUCT(info2);
+
+	info_ctr.info.info2 = &info2;
+	info_ctr.level = 2;
+
+	torture_assert_ntstatus_ok(tctx, ex ? dcerpc_spoolss_AddPrinterEx_r(b, tctx, &rex) :
+					      dcerpc_spoolss_AddPrinter_r(b, tctx, &r),
+		"failed to add printer");
+	result = ex ? rex.out.result : r.out.result;
+	torture_assert_werr_equal(tctx, result, WERR_INVALID_PRINTER_NAME,
+		"unexpected result code");
+
+	info2.printername = printername;
+
+	torture_assert_ntstatus_ok(tctx, ex ? dcerpc_spoolss_AddPrinterEx_r(b, tctx, &rex) :
+					      dcerpc_spoolss_AddPrinter_r(b, tctx, &r),
+		"failed to add printer");
+	result = ex ? rex.out.result : r.out.result;
+
+	if (W_ERROR_EQUAL(result, WERR_PRINTER_ALREADY_EXISTS)) {
+		struct policy_handle printer_handle;
+
+		if (existing_printer_deleted) {
+			torture_fail(tctx, "already deleted printer still existing?");
+		}
+
+		torture_assert(tctx, call_OpenPrinterEx(tctx, p, printername, NULL, &printer_handle),
+			"failed to open printer handle");
+
+		torture_assert(tctx, test_DeletePrinter(tctx, b, &printer_handle),
+			"failed to delete printer");
+
+		torture_assert(tctx, test_ClosePrinter(tctx, b, &printer_handle),
+			"failed to close server handle");
+
+		existing_printer_deleted = true;
+
+		goto again;
+	}
+
+	torture_assert_werr_equal(tctx, result, WERR_UNKNOWN_PORT,
+		"unexpected result code");
+
+	info2.portname = portname;
+
+	torture_assert_ntstatus_ok(tctx, ex ? dcerpc_spoolss_AddPrinterEx_r(b, tctx, &rex) :
+					      dcerpc_spoolss_AddPrinter_r(b, tctx, &r),
+		"failed to add printer");
+	result = ex ? rex.out.result : r.out.result;
+	torture_assert_werr_equal(tctx, result, WERR_UNKNOWN_PRINTER_DRIVER,
+		"unexpected result code");
+
+	info2.drivername = drivername;
+
+	torture_assert_ntstatus_ok(tctx, ex ? dcerpc_spoolss_AddPrinterEx_r(b, tctx, &rex) :
+					      dcerpc_spoolss_AddPrinter_r(b, tctx, &r),
+		"failed to add printer");
+	result = ex ? rex.out.result : r.out.result;
+
+	/* w2k8r2 allows one to add printer w/o defining printprocessor */
+
+	if (!W_ERROR_IS_OK(result)) {
+		torture_assert_werr_equal(tctx, result, WERR_UNKNOWN_PRINTPROCESSOR,
+			"unexpected result code");
+
+		info2.printprocessor = "winprint";
+
+		torture_assert_ntstatus_ok(tctx, ex ? dcerpc_spoolss_AddPrinterEx_r(b, tctx, &rex) :
+						      dcerpc_spoolss_AddPrinter_r(b, tctx, &r),
+			"failed to add printer");
+		result = ex ? rex.out.result : r.out.result;
+		torture_assert_werr_ok(tctx, result,
+			"failed to add printer");
+	}
+
+	*handle_p = handle;
+
+	/* we are paranoid, really check if the printer is there now */
+
+	torture_assert(tctx, test_EnumPrinters_findname(tctx, b,
+							PRINTER_ENUM_LOCAL, 1,
+							printername,
+							&found),
+			"failed to enum printers");
+	torture_assert(tctx, found, "failed to find newly added printer");
+
+	torture_assert_ntstatus_ok(tctx, ex ? dcerpc_spoolss_AddPrinterEx_r(b, tctx, &rex) :
+					      dcerpc_spoolss_AddPrinter_r(b, tctx, &r),
+		"failed to add printer");
+	result = ex ? rex.out.result : r.out.result;
+	torture_assert_werr_equal(tctx, result, WERR_PRINTER_ALREADY_EXISTS,
+		"unexpected result code");
+
+	return true;
+}
+
+static bool test_printer_info(struct torture_context *tctx,
+			      void *private_data)
+{
+	struct torture_printer_context *t =
+		(struct torture_printer_context *)talloc_get_type_abort(private_data, struct torture_printer_context);
+	struct dcerpc_pipe *p = t->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	bool ret = true;
+
+	if (torture_setting_bool(tctx, "samba3", false)) {
+		torture_skip(tctx, "skipping printer info cross tests against samba 3");
+	}
+
+	if (!test_PrinterInfo(tctx, b, &t->handle)) {
+		ret = false;
+	}
+
+	if (!test_SetPrinter_errors(tctx, b, &t->handle)) {
+		ret = false;
+	}
+
+	return ret;
+}
+
+static bool test_EnumPrinterKey(struct torture_context *tctx,
+				struct dcerpc_binding_handle *b,
+				struct policy_handle *handle,
+				const char *key_name,
+				const char ***array)
+{
+	struct spoolss_EnumPrinterKey r;
+	uint32_t needed = 0;
+	union spoolss_KeyNames key_buffer;
+	int32_t offered[] = { 0, 1, 2, 3, 4, 5, -1, -2, -3, -4, -5, 256, 512, 1024, 2048 };
+	uint32_t _ndr_size;
+	int i;
+
+	r.in.handle = handle;
+	r.in.key_name = key_name;
+	r.out.key_buffer = &key_buffer;
+	r.out.needed = &needed;
+	r.out._ndr_size = &_ndr_size;
+
+	for (i=0; i < ARRAY_SIZE(offered); i++) {
+
+		if (offered[i] < 0 && needed) {
+			if (needed <= 4) {
+				continue;
+			}
+			r.in.offered = needed + offered[i];
+		} else {
+			r.in.offered = offered[i];
+		}
+
+		ZERO_STRUCT(key_buffer);
+
+		torture_comment(tctx, "Testing EnumPrinterKey(%s) with %d offered\n", r.in.key_name, r.in.offered);
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_spoolss_EnumPrinterKey_r(b, tctx, &r),
+			"failed to call EnumPrinterKey");
+		if (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA)) {
+
+			torture_assert(tctx, (_ndr_size == r.in.offered/2),
+				talloc_asprintf(tctx, "EnumPrinterKey size mismatch, _ndr_size %d (expected %d)",
+					_ndr_size, r.in.offered/2));
+
+			r.in.offered = needed;
+			torture_assert_ntstatus_ok(tctx, dcerpc_spoolss_EnumPrinterKey_r(b, tctx, &r),
+				"failed to call EnumPrinterKey");
+		}
+
+		if (offered[i] > 0) {
+			torture_assert_werr_ok(tctx, r.out.result,
+				"failed to call EnumPrinterKey");
+		}
+
+		torture_assert(tctx, (_ndr_size == r.in.offered/2),
+			talloc_asprintf(tctx, "EnumPrinterKey size mismatch, _ndr_size %d (expected %d)",
+				_ndr_size, r.in.offered/2));
+
+		torture_assert(tctx, (*r.out.needed <= r.in.offered),
+			talloc_asprintf(tctx, "EnumPrinterKey size mismatch: needed %d is not <= offered %d", *r.out.needed, r.in.offered));
+
+		torture_assert(tctx, (*r.out.needed <= _ndr_size * 2),
+			talloc_asprintf(tctx, "EnumPrinterKey size mismatch: needed %d is not <= _ndr_size %d * 2", *r.out.needed, _ndr_size));
+
+		if (key_buffer.string_array) {
+			uint32_t calc_needed = 0;
+			int s;
+			for (s=0; key_buffer.string_array[s]; s++) {
+				calc_needed += strlen_m_term(key_buffer.string_array[s])*2;
+			}
+			if (!key_buffer.string_array[0]) {
+				calc_needed += 2;
+			}
+			calc_needed += 2;
+
+			torture_assert_int_equal(tctx, *r.out.needed, calc_needed,
+				"EnumPrinterKey unexpected size");
+		}
+	}
+
+	if (array) {
+		*array = key_buffer.string_array;
+	}
+
+	return true;
+}
+
+bool test_printer_all_keys(struct torture_context *tctx,
+			   struct dcerpc_binding_handle *b,
+			   struct policy_handle *handle)
+{
+	const char **key_array = NULL;
+	int i;
+
+	torture_comment(tctx, "Testing Printer Keys\n");
+
+	torture_assert(tctx, test_EnumPrinterKey(tctx, b, handle, "", &key_array),
+		"failed to call test_EnumPrinterKey");
+
+	for (i=0; key_array && key_array[i]; i++) {
+		torture_assert(tctx, test_EnumPrinterKey(tctx, b, handle, key_array[i], NULL),
+			"failed to call test_EnumPrinterKey");
+	}
+	for (i=0; key_array && key_array[i]; i++) {
+		torture_assert(tctx, test_EnumPrinterDataEx(tctx, b, handle, key_array[i], NULL, NULL),
+			"failed to call test_EnumPrinterDataEx");
+	}
+
+	torture_comment(tctx, "Printer Keys test succeeded\n\n");
+
+	return true;
+}
+
+static bool test_openprinter_wrap(struct torture_context *tctx,
+				  void *private_data)
+{
+	struct torture_printer_context *t =
+		(struct torture_printer_context *)talloc_get_type_abort(private_data, struct torture_printer_context);
+	struct dcerpc_pipe *p = t->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	const char *printername = t->info2.printername;
+
+	return test_openprinter(tctx, b, printername);
+}
+
+static bool test_csetprinter(struct torture_context *tctx,
+			     void *private_data)
+{
+	struct torture_printer_context *t =
+		(struct torture_printer_context *)talloc_get_type_abort(private_data, struct torture_printer_context);
+	struct dcerpc_pipe *p = t->spoolss_pipe;
+
+	const char *printername = talloc_asprintf(tctx, "%s2", t->info2.printername);
+	const char *drivername = t->added_driver ? t->driver.info8.driver_name : t->info2.drivername;
+	const char *portname = t->info2.portname;
+
+	union spoolss_PrinterInfo info;
+	struct policy_handle new_handle, new_handle2;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	torture_comment(tctx, "Testing c_setprinter\n");
+
+	torture_assert(tctx,
+		test_GetPrinter_level(tctx, b, &t->handle, 0, &info),
+		"failed to get level 0 printer info");
+	torture_comment(tctx, "csetprinter on initial printer handle: %d\n",
+		info.info0.c_setprinter);
+
+	/* check if c_setprinter on 1st handle increases after a printer has
+	 * been added */
+
+	torture_assert(tctx,
+		test_AddPrinter_normal(tctx, p, &new_handle, printername, drivername, portname, NULL, false),
+		"failed to add new printer");
+	torture_assert(tctx,
+		test_GetPrinter_level(tctx, b, &t->handle, 0, &info),
+		"failed to get level 0 printer info");
+	torture_comment(tctx, "csetprinter on initial printer handle (after add): %d\n",
+		info.info0.c_setprinter);
+
+	/* check if c_setprinter on new handle increases after a printer has
+	 * been added */
+
+	torture_assert(tctx,
+		test_GetPrinter_level(tctx, b, &new_handle, 0, &info),
+		"failed to get level 0 printer info");
+	torture_comment(tctx, "csetprinter on created handle: %d\n",
+		info.info0.c_setprinter);
+
+	/* open the new printer and check if c_setprinter increases */
+
+	torture_assert(tctx,
+		call_OpenPrinterEx(tctx, p, printername, NULL, &new_handle2),
+		"failed to open created printer");
+	torture_assert(tctx,
+		test_GetPrinter_level(tctx, b, &new_handle2, 0, &info),
+		"failed to get level 0 printer info");
+	torture_comment(tctx, "csetprinter on new handle (after openprinter): %d\n",
+		info.info0.c_setprinter);
+
+	/* cleanup */
+
+	torture_assert(tctx,
+		test_ClosePrinter(tctx, b, &new_handle2),
+		"failed to close printer");
+	torture_assert(tctx,
+		test_DeletePrinter(tctx, b, &new_handle),
+		"failed to delete new printer");
+
+	return true;
+}
+
+static bool compose_local_driver_directory(struct torture_context *tctx,
+					   const char *environment,
+					   const char *local_dir,
+					   const char **path)
+{
+	char *p;
+
+	p = strrchr(local_dir, '/');
+	if (!p) {
+		return NULL;
+	}
+	p++;
+
+	if (strequal(environment, SPOOLSS_ARCHITECTURE_x64)) {
+		if (!strequal(p, "x64")) {
+			*path = talloc_asprintf(tctx, "%s/x64", local_dir);
+		}
+	} else if (strequal(environment, SPOOLSS_ARCHITECTURE_NT_X86)) {
+		if (!strequal(p, "i386")) {
+			*path = talloc_asprintf(tctx, "%s/i386", local_dir);
+		}
+	} else {
+		torture_assert(tctx, "unknown environment: '%s'\n", environment);
+	}
+
+	return true;
+}
+
+#if 0
+static struct spoolss_DeviceMode *torture_devicemode(TALLOC_CTX *mem_ctx,
+						     const char *devicename)
+{
+	struct spoolss_DeviceMode *r;
+
+	r = talloc_zero(mem_ctx, struct spoolss_DeviceMode);
+	if (r == NULL) {
+		return NULL;
+	}
+
+	r->devicename		= talloc_strdup(r, devicename);
+	r->specversion		= DMSPEC_NT4_AND_ABOVE;
+	r->driverversion	= 0x0600;
+	r->size			= 0x00dc;
+	r->__driverextra_length = 0;
+	r->fields		= DEVMODE_FORMNAME |
+				  DEVMODE_TTOPTION |
+				  DEVMODE_PRINTQUALITY |
+				  DEVMODE_DEFAULTSOURCE |
+				  DEVMODE_COPIES |
+				  DEVMODE_SCALE |
+				  DEVMODE_PAPERSIZE |
+				  DEVMODE_ORIENTATION;
+	r->orientation		= DMORIENT_PORTRAIT;
+	r->papersize		= DMPAPER_LETTER;
+	r->paperlength		= 0;
+	r->paperwidth		= 0;
+	r->scale		= 100;
+	r->copies		= 55;
+	r->defaultsource	= DMBIN_FORMSOURCE;
+	r->printquality		= DMRES_HIGH;
+	r->color		= DMRES_MONOCHROME;
+	r->duplex		= DMDUP_SIMPLEX;
+	r->yresolution		= 0;
+	r->ttoption		= DMTT_SUBDEV;
+	r->collate		= DMCOLLATE_FALSE;
+	r->formname		= talloc_strdup(r, "Letter");
+
+	return r;
+}
+#endif
+
+static bool test_architecture_buffer(struct torture_context *tctx,
+				     void *private_data)
+{
+	struct test_spoolss_context *ctx =
+		talloc_get_type_abort(private_data, struct test_spoolss_context);
+
+	struct spoolss_OpenPrinterEx r;
+	struct spoolss_UserLevel1 u1;
+	struct policy_handle handle;
+	uint32_t architectures[] = {
+		PROCESSOR_ARCHITECTURE_INTEL,
+		PROCESSOR_ARCHITECTURE_IA64,
+		PROCESSOR_ARCHITECTURE_AMD64
+	};
+	uint32_t needed[3];
+	int i;
+	struct dcerpc_pipe *p = ctx->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	for (i=0; i < ARRAY_SIZE(architectures); i++) {
+
+		torture_comment(tctx, "Testing OpenPrinterEx with architecture %d\n", architectures[i]);
+
+		u1.size = 0;
+		u1.client = NULL;
+		u1.user = NULL;
+		u1.build = 0;
+		u1.major = 3;
+		u1.minor = 0;
+		u1.processor = architectures[i];
+
+		r.in.printername	= talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+		r.in.datatype		= NULL;
+		r.in.devmode_ctr.devmode= NULL;
+		r.in.access_mask	= SEC_FLAG_MAXIMUM_ALLOWED;
+		r.in.userlevel_ctr.level = 1;
+		r.in.userlevel_ctr.user_info.level1 = &u1;
+		r.out.handle		= &handle;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_spoolss_OpenPrinterEx_r(b, tctx, &r), "");
+		torture_assert_werr_ok(tctx, r.out.result, "");
+
+		{
+			struct spoolss_EnumPrinters e;
+			uint32_t count;
+			union spoolss_PrinterInfo *info;
+
+			e.in.flags = PRINTER_ENUM_LOCAL;
+			e.in.server = NULL;
+			e.in.level = 2;
+			e.in.buffer = NULL;
+			e.in.offered = 0;
+			e.out.count = &count;
+			e.out.info = &info;
+			e.out.needed = &needed[i];
+
+			torture_assert_ntstatus_ok(tctx, dcerpc_spoolss_EnumPrinters_r(b, tctx, &e), "");
+#if 0
+			torture_comment(tctx, "needed was %d\n", needed[i]);
+#endif
+		}
+
+		torture_assert(tctx, test_ClosePrinter(tctx, b, &handle), "");
+	}
+
+	for (i=1; i < ARRAY_SIZE(architectures); i++) {
+		if (needed[i-1] != needed[i]) {
+			torture_fail(tctx,
+				talloc_asprintf(tctx, "needed size %d for architecture %d != needed size %d for architecture %d\n",
+						needed[i-1], architectures[i-1], needed[i], architectures[i]));
+		}
+	}
+
+	return true;
+}
+
+static bool test_get_core_printer_drivers_arch_guid(struct torture_context *tctx,
+						    struct dcerpc_pipe *p,
+						    const char *architecture,
+						    const char *guid_str,
+						    const char **package_id)
+{
+	struct spoolss_GetCorePrinterDrivers r;
+	struct spoolss_CorePrinterDriver core_printer_drivers;
+	DATA_BLOB blob = data_blob_talloc_zero(tctx, 2);
+	const char **s;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct GUID guid;
+
+	s = talloc_zero_array(tctx, const char *, 2);
+
+	r.in.servername	= talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.architecture = "foobar";
+	r.in.core_driver_size = 0;
+	r.in.core_driver_dependencies = (uint16_t *)blob.data;
+	r.in.core_printer_driver_count = 0;
+	r.out.core_printer_drivers = &core_printer_drivers;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_GetCorePrinterDrivers_r(b, tctx, &r),
+		"spoolss_GetCorePrinterDrivers failed");
+	torture_assert_hresult_equal(tctx, r.out.result, HRES_E_INVALIDARG,
+		"spoolss_GetCorePrinterDrivers failed");
+
+	guid = GUID_random();
+	s[0] = GUID_string2(tctx, &guid);
+
+	torture_assert(tctx,
+		push_reg_multi_sz(tctx, &blob, s),
+		"push_reg_multi_sz failed");
+
+	r.in.core_driver_size = blob.length/2;
+	r.in.core_driver_dependencies = (uint16_t *)blob.data;
+	r.in.core_printer_driver_count = 1;
+	r.out.core_printer_drivers = talloc_zero_array(tctx, struct spoolss_CorePrinterDriver, r.in.core_printer_driver_count);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_GetCorePrinterDrivers_r(b, tctx, &r),
+		"spoolss_GetCorePrinterDrivers failed");
+	torture_assert_werr_equal(tctx,
+		W_ERROR(WIN32_FROM_HRESULT(r.out.result)), WERR_INVALID_ENVIRONMENT,
+		"spoolss_GetCorePrinterDrivers failed");
+
+	r.in.architecture = architecture;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_GetCorePrinterDrivers_r(b, tctx, &r),
+		"spoolss_GetCorePrinterDrivers failed");
+	torture_assert_werr_equal(tctx,
+		W_ERROR(WIN32_FROM_HRESULT(r.out.result)), WERR_NOT_FOUND,
+		"spoolss_GetCorePrinterDrivers failed");
+
+	s[0] = talloc_strdup(s, guid_str);
+
+	torture_assert(tctx,
+		push_reg_multi_sz(tctx, &blob, s),
+		"push_reg_multi_sz failed");
+
+	r.in.core_driver_size = blob.length/2;
+	r.in.core_driver_dependencies = (uint16_t *)blob.data;
+	r.in.core_printer_driver_count = 1;
+	r.out.core_printer_drivers = talloc_zero_array(tctx, struct spoolss_CorePrinterDriver, r.in.core_printer_driver_count);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_GetCorePrinterDrivers_r(b, tctx, &r),
+		"spoolss_GetCorePrinterDrivers failed");
+	torture_assert_hresult_ok(tctx, r.out.result,
+		"spoolss_GetCorePrinterDrivers failed");
+
+	if (package_id) {
+		*package_id = r.out.core_printer_drivers[0].szPackageID;
+	}
+
+	return true;
+}
+
+static bool test_get_core_printer_drivers(struct torture_context *tctx,
+					  void *private_data)
+{
+	struct test_spoolss_context *ctx =
+		talloc_get_type_abort(private_data, struct test_spoolss_context);
+
+	const char *architectures[] = {
+		SPOOLSS_ARCHITECTURE_NT_X86,
+		SPOOLSS_ARCHITECTURE_x64
+	};
+	int i;
+	struct dcerpc_pipe *p = ctx->spoolss_pipe;
+
+	for (i=0; i < ARRAY_SIZE(architectures); i++) {
+
+		torture_comment(tctx, "Testing GetCorePrinterDrivers(\"%s\",\"%s\")\n",
+			architectures[i],
+			SPOOLSS_CORE_PRINT_PACKAGE_FILES_XPSDRV);
+
+		torture_assert(tctx,
+			test_get_core_printer_drivers_arch_guid(tctx, p,
+				architectures[i],
+				SPOOLSS_CORE_PRINT_PACKAGE_FILES_XPSDRV,
+				NULL),
+			"");
+	}
+
+	return true;
+}
+
+static bool test_get_printer_driver_package_path(struct torture_context *tctx,
+						 void *private_data)
+{
+	struct test_spoolss_context *ctx =
+		talloc_get_type_abort(private_data, struct test_spoolss_context);
+
+	const char *architectures[] = {
+		SPOOLSS_ARCHITECTURE_NT_X86,
+		SPOOLSS_ARCHITECTURE_x64
+	};
+	int i;
+	struct dcerpc_pipe *p = ctx->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	for (i=0; i < ARRAY_SIZE(architectures); i++) {
+		struct spoolss_GetPrinterDriverPackagePath r;
+		uint32_t required = 0;
+		const char *package_id = NULL;
+
+		test_get_core_printer_drivers_arch_guid(tctx, p,
+			architectures[i],
+			SPOOLSS_CORE_PRINT_PACKAGE_FILES_XPSDRV,
+			&package_id),
+
+		torture_comment(tctx, "Testing GetPrinterDriverPackagePath(\"%s\",\"%s\")\n",
+			architectures[i], package_id);
+
+		r.in.servername	= talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+		r.in.architecture = "foobar";
+		r.in.language = NULL;
+		r.in.package_id = "";
+		r.in.driver_package_cab_size = 0;
+		r.in.driver_package_cab = NULL;
+
+		r.out.required = &required;
+		r.out.driver_package_cab = NULL;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_spoolss_GetPrinterDriverPackagePath_r(b, tctx, &r),
+			"spoolss_GetPrinterDriverPackagePath failed");
+		torture_assert_werr_equal(tctx,
+			W_ERROR(WIN32_FROM_HRESULT(r.out.result)), WERR_INVALID_ENVIRONMENT,
+			"spoolss_GetPrinterDriverPackagePath failed");
+
+		r.in.architecture = architectures[i];
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_spoolss_GetPrinterDriverPackagePath_r(b, tctx, &r),
+			"spoolss_GetPrinterDriverPackagePath failed");
+		torture_assert_werr_equal(tctx,
+			W_ERROR(WIN32_FROM_HRESULT(r.out.result)), WERR_FILE_NOT_FOUND,
+			"spoolss_GetPrinterDriverPackagePath failed");
+
+		r.in.package_id = package_id;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_spoolss_GetPrinterDriverPackagePath_r(b, tctx, &r),
+			"spoolss_GetPrinterDriverPackagePath failed");
+		torture_assert_hresult_ok(tctx, r.out.result,
+			"spoolss_GetPrinterDriverPackagePath failed");
+
+		r.in.driver_package_cab_size = required;
+		r.in.driver_package_cab = talloc_zero_array(tctx, char, required);
+		r.out.driver_package_cab = talloc_zero_array(tctx, char, required);
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_spoolss_GetPrinterDriverPackagePath_r(b, tctx, &r),
+			"spoolss_GetPrinterDriverPackagePath failed");
+		torture_assert_hresult_ok(tctx, r.out.result,
+			"spoolss_GetPrinterDriverPackagePath failed");
+
+		r.in.servername = NULL;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_spoolss_GetPrinterDriverPackagePath_r(b, tctx, &r),
+			"spoolss_GetPrinterDriverPackagePath failed");
+		torture_assert_werr_equal(tctx,
+			W_ERROR(WIN32_FROM_HRESULT(r.out.result)), WERR_INSUFFICIENT_BUFFER,
+			"spoolss_GetPrinterDriverPackagePath failed");
+
+		r.in.driver_package_cab_size = required;
+		r.in.driver_package_cab = talloc_zero_array(tctx, char, required);
+		r.out.driver_package_cab = talloc_zero_array(tctx, char, required);
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_spoolss_GetPrinterDriverPackagePath_r(b, tctx, &r),
+			"spoolss_GetPrinterDriverPackagePath failed");
+		torture_assert_hresult_ok(tctx, r.out.result,
+			"spoolss_GetPrinterDriverPackagePath failed");
+
+	}
+
+	return true;
+}
+
+static bool test_get_printer_printserverhandle(struct torture_context *tctx,
+					       void *private_data)
+{
+	struct test_spoolss_context *ctx =
+		talloc_get_type_abort(private_data, struct test_spoolss_context);
+
+	struct dcerpc_pipe *p = ctx->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	uint32_t levels[] = {0, 1, 2, /* 3,*/ 4, 5, 6, 7, 8};
+	int i;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+
+		torture_assert(tctx,
+			test_GetPrinter_level_exp(tctx, b, &ctx->server_handle,
+						  levels[i], WERR_INVALID_LEVEL,
+						  NULL),
+			"failed to call GetPrinter");
+	}
+
+	torture_assert(tctx,
+		test_GetPrinter_level(tctx, b, &ctx->server_handle, 3, NULL),
+		"failed to call GetPrinter");
+
+	return true;
+}
+
+#define TEST_SID "S-1-5-21-1234567890-1234567890-1234567890-500"
+
+static bool test_set_printer_printserverhandle(struct torture_context *tctx,
+					       void *private_data)
+{
+	struct test_spoolss_context *ctx =
+		talloc_get_type_abort(private_data, struct test_spoolss_context);
+
+	struct dcerpc_pipe *p = ctx->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	union spoolss_PrinterInfo info;
+	struct spoolss_SetPrinterInfoCtr info_ctr;
+	struct spoolss_SetPrinterInfo3 info3;
+	struct spoolss_DevmodeContainer devmode_ctr;
+	struct sec_desc_buf secdesc_ctr;
+	struct security_descriptor *sd;
+	struct security_ace *ace;
+	struct dom_sid sid;
+	int i;
+
+	torture_assert(tctx,
+		test_GetPrinter_level(tctx, b, &ctx->server_handle, 3, &info),
+		"failed to call GetPrinter");
+
+	secdesc_ctr.sd = info.info3.secdesc;
+	secdesc_ctr.sd->owner_sid = NULL;
+	secdesc_ctr.sd->group_sid = NULL;
+
+	sd = security_descriptor_copy(tctx, secdesc_ctr.sd);
+	if (sd == NULL) {
+		return false;
+	}
+
+	ace = security_ace_create(tctx,
+				  TEST_SID,
+				  SEC_ACE_TYPE_ACCESS_ALLOWED,
+				  SEC_STD_REQUIRED,
+				  SEC_ACE_FLAG_CONTAINER_INHERIT);
+	torture_assert(tctx, ace, "failed to create ace");
+
+	torture_assert_ntstatus_ok(tctx,
+		security_descriptor_dacl_add(sd, ace),
+		"failed to add ace");
+
+	secdesc_ctr.sd = sd;
+
+	info3.sec_desc_ptr = 0;
+
+	info_ctr.level = 3;
+	info_ctr.info.info3 = &info3;
+
+	ZERO_STRUCT(devmode_ctr);
+
+	torture_assert(tctx,
+		test_SetPrinter(tctx, b, &ctx->server_handle, &info_ctr,
+				&devmode_ctr, &secdesc_ctr, 0),
+		"failed to call SetPrinter");
+
+	torture_assert(tctx,
+		test_GetPrinter_level(tctx, b, &ctx->server_handle, 3, &info),
+		"failed to call GetPrinter");
+
+	for (i = 0; i < info.info3.secdesc->dacl->num_aces; i++) {
+		if (security_ace_equal(&info.info3.secdesc->dacl->aces[i], ace)) {
+			break;
+		}
+	}
+
+	if (i == info.info3.secdesc->dacl->num_aces) {
+		torture_fail(tctx, "ace not present");
+	}
+
+	torture_assert(tctx,
+		dom_sid_parse(TEST_SID, &sid),
+		"failed to parse sid");
+
+	torture_assert_ntstatus_ok(tctx,
+		security_descriptor_dacl_del(info.info3.secdesc, &sid),
+		"failed to remove ace from sd");
+
+	secdesc_ctr.sd = info.info3.secdesc;
+
+	torture_assert(tctx,
+		test_SetPrinter(tctx, b, &ctx->server_handle, &info_ctr,
+				&devmode_ctr, &secdesc_ctr, 0),
+		"failed to call SetPrinter");
+
+	torture_assert(tctx,
+		test_GetPrinter_level(tctx, b, &ctx->server_handle, 3, &info),
+		"failed to call GetPrinter");
+
+	for (i = 0; i < info.info3.secdesc->dacl->num_aces; i++) {
+		if (security_ace_equal(&info.info3.secdesc->dacl->aces[i], ace)) {
+			torture_fail(tctx, "ace still present");
+		}
+	}
+
+	return true;
+}
+
+
+static bool test_PrintServer_Forms_Winreg(struct torture_context *tctx,
+					  void *private_data)
+{
+	struct test_spoolss_context *ctx =
+		talloc_get_type_abort(private_data, struct test_spoolss_context);
+	struct dcerpc_pipe *p = ctx->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	return test_Forms_winreg(tctx, b, &ctx->server_handle, true, NULL);
+}
+
+static bool test_PrintServer_Forms(struct torture_context *tctx,
+				   void *private_data)
+{
+	struct test_spoolss_context *ctx =
+		talloc_get_type_abort(private_data, struct test_spoolss_context);
+	struct dcerpc_pipe *p = ctx->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	return test_Forms(tctx, b, &ctx->server_handle, true, NULL, NULL, NULL);
+}
+
+static bool test_PrintServer_EnumForms(struct torture_context *tctx,
+				       void *private_data)
+{
+	struct test_spoolss_context *ctx =
+		talloc_get_type_abort(private_data, struct test_spoolss_context);
+	struct dcerpc_pipe *p = ctx->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	return test_EnumForms_all(tctx, b, &ctx->server_handle, true);
+}
+
+static bool torture_rpc_spoolss_setup_common(struct torture_context *tctx, struct test_spoolss_context *t)
+{
+	NTSTATUS status;
+
+	status = torture_rpc_connection(tctx, &t->spoolss_pipe, &ndr_table_spoolss);
+
+	torture_assert_ntstatus_ok(tctx, status, "Error connecting to server");
+
+	torture_assert(tctx,
+		test_OpenPrinter_server(tctx, t->spoolss_pipe, &t->server_handle),
+		"failed to open printserver");
+	torture_assert(tctx,
+		test_get_environment(tctx, t->spoolss_pipe->binding_handle, &t->server_handle, &t->environment),
+		"failed to get environment");
+
+	return true;
+}
+
+static bool torture_rpc_spoolss_setup(struct torture_context *tctx, void **data)
+{
+	struct test_spoolss_context *t;
+
+	*data = t = talloc_zero(tctx, struct test_spoolss_context);
+
+	return torture_rpc_spoolss_setup_common(tctx, t);
+}
+
+static bool torture_rpc_spoolss_teardown_common(struct torture_context *tctx, struct test_spoolss_context *t)
+{
+	test_ClosePrinter(tctx, t->spoolss_pipe->binding_handle, &t->server_handle);
+
+	return true;
+}
+
+static bool torture_rpc_spoolss_teardown(struct torture_context *tctx, void *data)
+{
+	struct test_spoolss_context *t = talloc_get_type(data, struct test_spoolss_context);
+	bool ret;
+
+	ret = torture_rpc_spoolss_teardown_common(tctx, t);
+	talloc_free(t);
+
+	return ret;
+}
+
+static bool torture_rpc_spoolss_printer_setup_common(struct torture_context *tctx, struct torture_printer_context *t)
+{
+	struct dcerpc_pipe *p;
+	struct dcerpc_binding_handle *b;
+	const char *server_name_slash;
+	const char *driver_name;
+	const char *printer_name;
+	const char *port_name;
+
+	torture_assert_ntstatus_ok(tctx,
+		torture_rpc_connection(tctx, &t->spoolss_pipe, &ndr_table_spoolss),
+		"Error connecting to server");
+
+	p = t->spoolss_pipe;
+	b = p->binding_handle;
+	server_name_slash = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+
+	t->driver.info8.version			= SPOOLSS_DRIVER_VERSION_200X;
+	t->driver.info8.driver_name		= TORTURE_DRIVER;
+	t->driver.info8.driver_path		= "pscript5.dll";
+	t->driver.info8.data_file		= "cups6.ppd";
+	t->driver.info8.config_file		= "ps5ui.dll";
+	t->driver.info8.help_file		= "pscript.hlp";
+	t->driver.info8.default_datatype	= "RAW";
+	t->driver.info8.dependent_files		= talloc_zero(t, struct spoolss_StringArray);
+	t->driver.info8.dependent_files->string = talloc_zero_array(t, const char *, 8 + 1);
+	t->driver.info8.dependent_files->string[0] = "pscript5.dll";
+	t->driver.info8.dependent_files->string[1] = "cups6.ppd";
+	t->driver.info8.dependent_files->string[2] = "ps5ui.dll";
+	t->driver.info8.dependent_files->string[3] = "pscript.hlp";
+	t->driver.info8.dependent_files->string[4] = "pscript.ntf";
+	t->driver.info8.dependent_files->string[5] = "cups6.ini";
+	t->driver.info8.dependent_files->string[6] = "cupsps6.dll";
+	t->driver.info8.dependent_files->string[7] = "cupsui6.dll";
+
+	t->driver.local.driver_directory= "/usr/share/cups/drivers";
+
+	t->info2.portname		= "LPT1:";
+
+	printer_name = t->info2.printername;
+	port_name = t->info2.portname;
+
+	torture_assert(tctx,
+		fillup_printserver_info(tctx, p, &t->driver),
+		"failed to fillup printserver info");
+
+	t->driver.info8.architecture = talloc_strdup(t, t->driver.remote.environment);
+
+	torture_assert(tctx,
+		compose_local_driver_directory(tctx, t->driver.remote.environment,
+					       t->driver.local.driver_directory,
+					       &t->driver.local.driver_directory),
+		"failed to compose local driver directory");
+
+	t->info2.drivername		= "Microsoft XPS Document Writer";
+
+	if (test_EnumPrinterDrivers_findone(tctx, b, server_name_slash, t->driver.remote.environment, 3, t->info2.drivername, NULL)) {
+		torture_comment(tctx, "driver '%s' (architecture: %s, version: 3) is present on server\n",
+			t->info2.drivername, t->driver.remote.environment);
+		t->have_driver = true;
+		goto try_add;
+	}
+
+	torture_comment(tctx, "driver '%s' (architecture: %s, version: 3) does not exist on the server\n",
+		t->info2.drivername, t->driver.remote.environment);
+
+	t->info2.drivername		= "Microsoft XPS Document Writer v4";
+
+	if (test_EnumPrinterDrivers_findone(tctx, b, server_name_slash, t->driver.remote.environment, 3, t->info2.drivername, NULL)) {
+		torture_comment(tctx, "driver '%s' (architecture: %s, version: 4) is present on server\n",
+			t->info2.drivername, t->driver.remote.environment);
+		t->have_driver = true;
+		goto try_add;
+	}
+
+	torture_comment(tctx, "trying to upload own driver\n");
+
+	if (!directory_exist(t->driver.local.driver_directory)) {
+		torture_warning(tctx, "no local driver is available!");
+		t->have_driver = false;
+		goto try_add;
+	}
+
+	torture_assert(tctx,
+		upload_printer_driver(tctx, dcerpc_server_name(p), &t->driver),
+		"failed to upload printer driver");
+
+	torture_assert(tctx,
+		test_AddPrinterDriver_args_level_3(tctx, b, server_name_slash, &t->driver.info8, 0, false, NULL),
+		"failed to add driver");
+
+	t->added_driver = true;
+	t->have_driver = true;
+
+ try_add:
+	driver_name = t->added_driver ? t->driver.info8.driver_name : t->info2.drivername;
+
+	if (t->wellknown) {
+		torture_assert(tctx,
+			test_AddPrinter_wellknown(tctx, p, printer_name, t->ex),
+			"failed to add wellknown printer");
+	} else {
+		torture_assert(tctx,
+			test_AddPrinter_normal(tctx, p, &t->handle, printer_name, driver_name, port_name, t->devmode, t->ex),
+			"failed to add printer");
+	}
+
+	return true;
+}
+
+static bool torture_rpc_spoolss_printer_setup(struct torture_context *tctx, void **data)
+{
+	struct torture_printer_context *t;
+
+	*data = t = talloc_zero(tctx, struct torture_printer_context);
+
+	t->ex			= false;
+	t->wellknown		= false;
+	t->info2.printername	= TORTURE_PRINTER;
+	t->devmode		= NULL;
+
+	return torture_rpc_spoolss_printer_setup_common(tctx, t);
+}
+
+static bool torture_rpc_spoolss_printerex_setup(struct torture_context *tctx, void **data)
+{
+	struct torture_printer_context *t;
+
+	*data = t = talloc_zero(tctx, struct torture_printer_context);
+
+	t->ex			= true;
+	t->wellknown		= false;
+	t->info2.printername	= TORTURE_PRINTER_EX;
+	t->devmode		= NULL;
+
+	return torture_rpc_spoolss_printer_setup_common(tctx, t);
+}
+
+static bool torture_rpc_spoolss_printerwkn_setup(struct torture_context *tctx, void **data)
+{
+	struct torture_printer_context *t;
+
+	*data = t = talloc_zero(tctx, struct torture_printer_context);
+
+	t->ex			= false;
+	t->wellknown		= true;
+	t->info2.printername	= TORTURE_WELLKNOWN_PRINTER;
+	t->devmode		= NULL;
+
+	/* FIXME */
+	if (t->wellknown) {
+		torture_skip(tctx, "skipping AddPrinter level 1");
+	}
+
+	return torture_rpc_spoolss_printer_setup_common(tctx, t);
+}
+
+static bool torture_rpc_spoolss_printerexwkn_setup(struct torture_context *tctx, void **data)
+{
+	struct torture_printer_context *t;
+
+	*data = t = talloc_zero(tctx, struct torture_printer_context);
+
+	t->ex			= true;
+	t->wellknown		= true;
+	t->info2.printername	= TORTURE_WELLKNOWN_PRINTER_EX;
+	t->devmode		= NULL;
+
+	/* FIXME */
+	if (t->wellknown) {
+		torture_skip(tctx, "skipping AddPrinterEx level 1");
+	}
+
+	return torture_rpc_spoolss_printer_setup_common(tctx, t);
+}
+
+#if 0
+static bool torture_rpc_spoolss_printerdm_setup(struct torture_context *tctx, void **data)
+{
+	struct torture_printer_context *t;
+
+	*data = t = talloc_zero(tctx, struct torture_printer_context);
+
+	t->ex			= true;
+	t->wellknown		= false;
+	t->info2.printername	= TORTURE_PRINTER_EX;
+	t->devmode		= torture_devicemode(t, TORTURE_PRINTER_EX);
+
+	return torture_rpc_spoolss_printer_setup_common(tctx, t);
+}
+#endif
+
+static bool test_DeletePrinterDriverEx_exp(struct torture_context *tctx,
+					   struct dcerpc_binding_handle *b,
+					   const char *server,
+					   const char *driver,
+					   const char *environment,
+					   uint32_t delete_flags,
+					   uint32_t version,
+					   WERROR expected_result);
+
+static bool torture_rpc_spoolss_printer_teardown_common(struct torture_context *tctx, struct torture_printer_context *t)
+{
+	bool found = false;
+	struct dcerpc_pipe *p = t->spoolss_pipe;
+	struct dcerpc_binding_handle *b = NULL;
+	const char *server_name_slash;
+	bool ok = true;
+
+	if (p == NULL) {
+		return true;
+	}
+	b = p->binding_handle;
+
+	server_name_slash = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+
+	if (!t->wellknown) {
+		const char *printer_name = t->info2.printername;
+
+		torture_assert_goto(tctx,
+			test_DeletePrinter(tctx, b, &t->handle),
+			ok,
+			remove_driver,
+			"failed to delete printer");
+
+		torture_assert_goto(tctx,
+			test_EnumPrinters_findname(tctx, b, PRINTER_ENUM_LOCAL, 1,
+						   printer_name, &found),
+			ok,
+			remove_driver,
+			"failed to enumerate printers");
+
+		torture_assert_goto(tctx,
+			!found,
+			ok,
+			remove_driver,
+			"deleted printer still there");
+	}
+
+
+remove_driver:
+	if (t->added_driver) {
+		ok = remove_printer_driver(tctx,
+					   dcerpc_server_name(p),
+					   &t->driver);
+		if (!ok) {
+			torture_warning(tctx,
+					"failed to remove printer driver\n");
+		}
+
+		ok = test_DeletePrinterDriverEx_exp(tctx, b,
+						    server_name_slash,
+						    t->driver.info8.driver_name,
+						    t->driver.info8.architecture,
+						    DPD_DELETE_ALL_FILES,
+						    t->driver.info8.version,
+						    WERR_OK);
+		if (!ok) {
+			torture_warning(tctx,
+					"failed to delete printer driver via "
+					"spoolss\n");
+		}
+	}
+
+	return ok;
+}
+
+static bool torture_rpc_spoolss_printer_teardown(struct torture_context *tctx, void *data)
+{
+	struct torture_printer_context *t = talloc_get_type(data, struct torture_printer_context);
+	bool ret;
+
+	ret = torture_rpc_spoolss_printer_teardown_common(tctx, t);
+	talloc_free(t);
+
+	return ret;
+}
+
+static bool test_print_test(struct torture_context *tctx,
+			    void *private_data)
+{
+	struct torture_printer_context *t =
+		(struct torture_printer_context *)talloc_get_type_abort(private_data, struct torture_printer_context);
+	struct dcerpc_pipe *p = t->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	torture_assert(tctx,
+		test_PausePrinter(tctx, b, &t->handle),
+		"failed to pause printer");
+
+	torture_assert(tctx,
+		test_DoPrintTest(tctx, b, &t->handle),
+		"failed to do print test");
+
+	torture_assert(tctx,
+		test_ResumePrinter(tctx, b, &t->handle),
+		"failed to resume printer");
+
+	return true;
+}
+
+static bool test_print_test_extended(struct torture_context *tctx,
+				     void *private_data)
+{
+	struct torture_printer_context *t =
+		(struct torture_printer_context *)talloc_get_type_abort(private_data, struct torture_printer_context);
+	struct dcerpc_pipe *p = t->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	bool ret = true;
+
+	torture_assert(tctx,
+		test_PausePrinter(tctx, b, &t->handle),
+		"failed to pause printer");
+
+	ret = test_DoPrintTest_extended(tctx, b, &t->handle);
+	if (ret == false) {
+		torture_comment(tctx, "WARNING! failed to do extended print test\n");
+		if (torture_setting_bool(tctx, "samba3", false)) {
+			torture_comment(tctx, "non-critical for samba3\n");
+			ret = true;
+			tctx->last_result = TORTURE_SKIP;
+		}
+	}
+
+	torture_assert(tctx,
+		test_ResumePrinter(tctx, b, &t->handle),
+		"failed to resume printer");
+
+	return ret;
+}
+
+static bool test_print_test_properties(struct torture_context *tctx,
+				       void *private_data)
+{
+	struct torture_printer_context *t =
+		(struct torture_printer_context *)talloc_get_type_abort(private_data, struct torture_printer_context);
+	struct dcerpc_pipe *p = t->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (torture_setting_bool(tctx, "samba3", false)) {
+		torture_skip(tctx, "skip printer job property tests against samba");
+	}
+
+	torture_assert(tctx,
+		test_PausePrinter(tctx, b, &t->handle),
+		"failed to pause printer");
+
+	torture_assert(tctx,
+		test_DoPrintTest_properties(tctx, b, &t->handle),
+		"failed to test print job properties");
+
+	torture_assert(tctx,
+		test_ResumePrinter(tctx, b, &t->handle),
+		"failed to resume printer");
+
+	return true;
+}
+
+/* use smbd file IO to spool a print job */
+static bool test_print_test_smbd(struct torture_context *tctx,
+				 void *private_data)
+{
+	struct torture_printer_context *t =
+		(struct torture_printer_context *)talloc_get_type_abort(private_data, struct torture_printer_context);
+	struct dcerpc_pipe *p = t->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	NTSTATUS status;
+	uint32_t count;
+	union spoolss_JobInfo *info = NULL;
+	int i;
+
+	struct smb2_tree *tree;
+	struct smb2_handle job_h;
+	struct smbcli_options options;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	/*
+	 * Do not test against the dynamically added printers, printing via
+	 * smbd means that a different spoolss process may handle the
+	 * OpenPrinter request to the one that handled the AddPrinter request.
+	 * This currently leads to an ugly race condition where one process
+	 * sees the new printer and one doesn't.
+	 */
+	const char *share = TORTURE_PRINTER_STATIC1;
+
+	torture_comment(tctx, "Testing smbd job spooling\n");
+	lpcfg_smbcli_options(tctx->lp_ctx, &options);
+
+	status = smb2_connect(mem_ctx,
+			      torture_setting_string(tctx, "host", NULL),
+			      lpcfg_smb_ports(tctx->lp_ctx),
+			      share,
+			      lpcfg_resolve_context(tctx->lp_ctx),
+			      samba_cmdline_get_creds(),
+			      &tree,
+			      tctx->ev,
+			      &options,
+			      lpcfg_socket_options(tctx->lp_ctx),
+			      lpcfg_gensec_settings(tctx, tctx->lp_ctx));
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("Failed to connect to SMB2 printer %s - %s\n",
+		       share, nt_errstr(status));
+		return false;
+	}
+
+	status = torture_smb2_testfile(tree, "smbd_spooler_job", &job_h);
+	torture_assert_ntstatus_ok(tctx, status, "smbd spool job create");
+
+	status = smb2_util_write(tree, job_h, "exciting print job data", 0,
+				 sizeof("exciting print job data"));
+	torture_assert_ntstatus_ok(tctx, status, "smbd spool job write");
+
+	/* check back end spoolss job was created */
+	torture_assert(tctx,
+		test_EnumJobs_args(tctx, b, &t->handle, 1, WERR_OK,
+				   &count, &info),
+		"EnumJobs level 1 failed");
+
+	for (i = 0; i < count; i++) {
+		if (!strcmp(info[i].info1.document_name, "smbd_spooler_job")) {
+			break;
+		}
+	}
+	torture_assert(tctx, (i != count), "smbd_spooler_job not found");
+
+	status = smb2_util_close(tree, job_h);
+	torture_assert_ntstatus_ok(tctx, status, "smbd spool job close");
+
+	/* disconnect from printer share */
+	talloc_free(mem_ctx);
+
+	return true;
+}
+
+static bool test_print_test_purge(struct torture_context *tctx,
+				  void *private_data)
+{
+	struct torture_printer_context *t =
+	   (struct torture_printer_context *)talloc_get_type_abort(private_data,
+						struct torture_printer_context);
+	struct dcerpc_pipe *p = t->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	uint32_t num_jobs = 8;
+	uint32_t *job_ids;
+	int i;
+	bool ret = true;
+	uint32_t count;
+	union spoolss_JobInfo *info;
+
+	torture_assert(tctx,
+		test_PausePrinter(tctx, b, &t->handle),
+		"failed to pause printer");
+
+	job_ids = talloc_zero_array(tctx, uint32_t, num_jobs);
+	for (i=0; i < num_jobs; i++) {
+		ret = test_DoPrintTest_add_one_job(tctx, b, &t->handle,
+						   "TorturePrintJob",
+						   &job_ids[i]);
+		torture_assert(tctx, ret, "failed to add print job");
+	}
+
+	torture_assert(tctx,
+		test_EnumJobs_args(tctx, b, &t->handle, 1, WERR_OK,
+				   &count, &info),
+		"EnumJobs level 1 failed");
+
+	torture_assert_int_equal(tctx, count, num_jobs,
+				 "unexpected number of jobs in queue");
+
+	torture_assert(tctx,
+		test_printer_purge(tctx, b, &t->handle),
+		"failed to purge printer");
+
+	torture_assert(tctx,
+		test_EnumJobs_args(tctx, b, &t->handle, 1, WERR_OK,
+				   &count, &info),
+		"EnumJobs level 1 failed");
+
+	torture_assert_int_equal(tctx, count, 0,
+				 "unexpected number of jobs in queue");
+
+	torture_assert(tctx,
+		test_ResumePrinter(tctx, b, &t->handle),
+		"failed to resume printer");
+
+	return true;
+}
+
+static bool test_printer_sd(struct torture_context *tctx,
+			    void *private_data)
+{
+	struct torture_printer_context *t =
+		(struct torture_printer_context *)talloc_get_type_abort(private_data, struct torture_printer_context);
+	struct dcerpc_pipe *p = t->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	torture_assert(tctx,
+		test_PrinterInfo_SD(tctx, b, &t->handle),
+		"failed to test security descriptors");
+
+	return true;
+}
+
+static bool test_printer_dm(struct torture_context *tctx,
+			    void *private_data)
+{
+	struct torture_printer_context *t =
+		(struct torture_printer_context *)talloc_get_type_abort(private_data, struct torture_printer_context);
+	struct dcerpc_pipe *p = t->spoolss_pipe;
+
+	torture_assert(tctx,
+		test_PrinterInfo_DevMode(tctx, p, &t->handle, t->info2.printername, t->devmode),
+		"failed to test devicemodes");
+
+	return true;
+}
+
+static bool test_printer_info_winreg(struct torture_context *tctx,
+				     void *private_data)
+{
+	struct torture_printer_context *t =
+		(struct torture_printer_context *)talloc_get_type_abort(private_data, struct torture_printer_context);
+	struct dcerpc_pipe *p = t->spoolss_pipe;
+
+	torture_assert(tctx,
+		test_PrinterInfo_winreg(tctx, p, &t->handle, t->info2.printername),
+		"failed to test printer info winreg");
+
+	return true;
+}
+
+static bool test_printserver_info_winreg(struct torture_context *tctx,
+					 void *private_data)
+{
+	struct test_spoolss_context *t =
+		(struct test_spoolss_context *)talloc_get_type_abort(private_data, struct test_spoolss_context);
+	struct dcerpc_pipe *p = t->spoolss_pipe;
+
+	torture_assert(tctx,
+		test_PrintserverInfo_winreg(tctx, p, &t->server_handle),
+		"failed to test printserver info winreg");
+
+	return true;
+}
+
+
+static bool test_printer_change_id(struct torture_context *tctx,
+				   void *private_data)
+{
+	struct torture_printer_context *t =
+		(struct torture_printer_context *)talloc_get_type_abort(private_data, struct torture_printer_context);
+	struct dcerpc_pipe *p = t->spoolss_pipe;
+
+	torture_assert(tctx,
+		test_ChangeID(tctx, p, &t->handle),
+		"failed to test change id");
+
+	return true;
+}
+
+static bool test_printer_keys(struct torture_context *tctx,
+			      void *private_data)
+{
+	struct torture_printer_context *t =
+		(struct torture_printer_context *)talloc_get_type_abort(private_data, struct torture_printer_context);
+	struct dcerpc_pipe *p = t->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	torture_assert(tctx,
+		test_printer_all_keys(tctx, b, &t->handle),
+		"failed to test printer keys");
+
+	return true;
+}
+
+static bool test_printer_data_consistency(struct torture_context *tctx,
+					  void *private_data)
+{
+	struct torture_printer_context *t =
+		(struct torture_printer_context *)talloc_get_type_abort(private_data, struct torture_printer_context);
+	struct dcerpc_pipe *p = t->spoolss_pipe;
+
+	torture_assert(tctx,
+		test_EnumPrinterData_consistency(tctx, p, &t->handle),
+		"failed to test printer data consistency");
+
+	return true;
+}
+
+static bool test_printer_data_keys(struct torture_context *tctx,
+				   void *private_data)
+{
+	struct torture_printer_context *t =
+		(struct torture_printer_context *)talloc_get_type_abort(private_data, struct torture_printer_context);
+	struct dcerpc_pipe *p = t->spoolss_pipe;
+
+	torture_assert(tctx,
+		test_SetPrinterDataEx_keys(tctx, p, &t->handle),
+		"failed to test printer data keys");
+
+	return true;
+}
+
+static bool test_printer_data_values(struct torture_context *tctx,
+				     void *private_data)
+{
+	struct torture_printer_context *t =
+		(struct torture_printer_context *)talloc_get_type_abort(private_data, struct torture_printer_context);
+	struct dcerpc_pipe *p = t->spoolss_pipe;
+
+	torture_assert(tctx,
+		test_SetPrinterDataEx_values(tctx, p, &t->handle),
+		"failed to test printer data values");
+
+	return true;
+}
+
+static bool test_printer_data_set(struct torture_context *tctx,
+				  void *private_data)
+{
+	struct torture_printer_context *t =
+		(struct torture_printer_context *)talloc_get_type_abort(private_data, struct torture_printer_context);
+	struct dcerpc_pipe *p = t->spoolss_pipe;
+
+	torture_assert(tctx,
+		test_SetPrinterDataEx_matrix(tctx, p, &t->handle, t->info2.printername, NULL, NULL),
+		"failed to test printer data set");
+
+	return true;
+}
+
+static bool test_printer_data_winreg(struct torture_context *tctx,
+				     void *private_data)
+{
+	struct torture_printer_context *t =
+		(struct torture_printer_context *)talloc_get_type_abort(private_data, struct torture_printer_context);
+	struct dcerpc_pipe *p = t->spoolss_pipe;
+
+	torture_assert(tctx,
+		test_PrinterData_winreg(tctx, p, &t->handle, t->info2.printername),
+		"failed to test printer data winreg");
+
+	return true;
+}
+
+static bool test_printer_data_dsspooler(struct torture_context *tctx,
+					void *private_data)
+{
+	struct torture_printer_context *t =
+		(struct torture_printer_context *)talloc_get_type_abort(private_data, struct torture_printer_context);
+	struct dcerpc_pipe *p = t->spoolss_pipe;
+
+	torture_assert(tctx,
+		test_PrinterData_DsSpooler(tctx, p, &t->handle, t->info2.printername),
+		"failed to test printer data winreg dsspooler");
+
+	return true;
+}
+
+static bool test_printer_ic(struct torture_context *tctx,
+			    void *private_data)
+{
+	struct torture_printer_context *t =
+		talloc_get_type_abort(private_data,
+				      struct torture_printer_context);
+	struct dcerpc_pipe *p = t->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct policy_handle gdi_handle;
+
+	if (torture_setting_bool(tctx, "samba3", false)) {
+		torture_skip(tctx, "skip printer information context tests against samba");
+	}
+
+	{
+		struct spoolss_CreatePrinterIC r;
+		struct spoolss_DevmodeContainer devmode_ctr;
+
+		ZERO_STRUCT(devmode_ctr);
+
+		r.in.handle = &t->handle;
+		r.in.devmode_ctr = &devmode_ctr;
+		r.out.gdi_handle = &gdi_handle;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_spoolss_CreatePrinterIC_r(b, tctx, &r),
+			"CreatePrinterIC failed");
+		torture_assert_werr_ok(tctx, r.out.result,
+			"CreatePrinterIC failed");
+	}
+
+	{
+		struct spoolss_PlayGDIScriptOnPrinterIC r;
+		DATA_BLOB in,out;
+		int i;
+		uint32_t num_fonts = 0;
+
+		in = data_blob_string_const("");
+
+		r.in.gdi_handle = &gdi_handle;
+		r.in.pIn = in.data;
+		r.in.cIn = in.length;
+		r.in.ul = 0;
+
+		for (i = 0; i < 4; i++) {
+
+			out = data_blob_talloc_zero(tctx, i);
+
+			r.in.cOut = out.length;
+			r.out.pOut = out.data;
+
+			torture_assert_ntstatus_ok(tctx,
+				dcerpc_spoolss_PlayGDIScriptOnPrinterIC_r(b, tctx, &r),
+				"PlayGDIScriptOnPrinterIC failed");
+			torture_assert_werr_equal(tctx, r.out.result, WERR_NOT_ENOUGH_MEMORY,
+				"PlayGDIScriptOnPrinterIC failed");
+		}
+
+		out = data_blob_talloc_zero(tctx, 4);
+
+		r.in.cOut = out.length;
+		r.out.pOut = out.data;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_spoolss_PlayGDIScriptOnPrinterIC_r(b, tctx, &r),
+			"PlayGDIScriptOnPrinterIC failed");
+		torture_assert_werr_equal(tctx, r.out.result, WERR_OK,
+			"PlayGDIScriptOnPrinterIC failed");
+
+		/* now we should have the required length, so retry with a
+		 * buffer which is large enough to carry all font ids */
+
+		num_fonts = IVAL(r.out.pOut, 0);
+
+		torture_comment(tctx, "PlayGDIScriptOnPrinterIC gave font count of %d\n", num_fonts);
+
+		out = data_blob_talloc_zero(tctx,
+			num_fonts * sizeof(struct UNIVERSAL_FONT_ID) + 4);
+
+		r.in.cOut = out.length;
+		r.out.pOut = out.data;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_spoolss_PlayGDIScriptOnPrinterIC_r(b, tctx, &r),
+			"PlayGDIScriptOnPrinterIC failed");
+		torture_assert_werr_equal(tctx, r.out.result, WERR_OK,
+			"PlayGDIScriptOnPrinterIC failed");
+
+	}
+
+	{
+		struct spoolss_DeletePrinterIC r;
+
+		r.in.gdi_handle = &gdi_handle;
+		r.out.gdi_handle = &gdi_handle;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_spoolss_DeletePrinterIC_r(b, tctx, &r),
+			"DeletePrinterIC failed");
+		torture_assert_werr_ok(tctx, r.out.result,
+			"DeletePrinterIC failed");
+
+	}
+
+	return true;
+}
+
+static bool test_printer_bidi(struct torture_context *tctx,
+			      void *private_data)
+{
+	struct torture_printer_context *t =
+		talloc_get_type_abort(private_data,
+				      struct torture_printer_context);
+	struct dcerpc_pipe *p = t->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct spoolss_SendRecvBidiData r;
+	struct RPC_BIDI_REQUEST_CONTAINER bidi_req;
+	struct RPC_BIDI_RESPONSE_CONTAINER *bidi_rep = NULL;
+
+	if (torture_setting_bool(tctx, "samba3", false)) {
+		torture_skip(tctx, "skip printer bidirectional tests against samba");
+	}
+
+	ZERO_STRUCT(bidi_req);
+
+	r.in.hPrinter = t->handle;
+	r.in.pAction = "foobar";
+	r.in.pReqData = &bidi_req;
+	r.out.ppRespData = &bidi_rep;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_SendRecvBidiData_r(b, tctx, &r),
+		"SendRecvBidiData failed");
+	torture_assert_werr_equal(tctx, r.out.result, WERR_NOT_SUPPORTED,
+		"SendRecvBidiData failed");
+
+	if (!(t->info2.attributes & PRINTER_ATTRIBUTE_ENABLE_BIDI)) {
+		torture_skip(tctx, "skipping further tests as printer is not BIDI enabled");
+	}
+
+	r.in.pAction = BIDI_ACTION_ENUM_SCHEMA;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_SendRecvBidiData_r(b, tctx, &r),
+		"SendRecvBidiData failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+		"SendRecvBidiData failed");
+
+	return true;
+}
+
+static bool test_printer_set_publish(struct torture_context *tctx,
+				       struct dcerpc_binding_handle *b,
+				       struct policy_handle *handle)
+{
+	union spoolss_PrinterInfo info;
+	struct spoolss_SetPrinterInfo7 info7;
+	struct spoolss_SetPrinterInfoCtr info_ctr;
+	struct spoolss_DevmodeContainer devmode_ctr;
+	struct sec_desc_buf secdesc_ctr;
+
+	info7.guid = "";
+	info7.action = DSPRINT_PUBLISH;
+
+	ZERO_STRUCT(info_ctr);
+	ZERO_STRUCT(devmode_ctr);
+	ZERO_STRUCT(secdesc_ctr);
+	info_ctr.level = 7;
+	info_ctr.info.info7 = &info7;
+
+	torture_assert(tctx,
+		       test_SetPrinter(tctx, b, handle, &info_ctr,
+				       &devmode_ctr, &secdesc_ctr, 0), "");
+
+	torture_assert(tctx,
+		       test_GetPrinter_level(tctx, b, handle, 2, &info),
+		       "");
+	torture_assert(tctx,
+		       (info.info2.attributes & PRINTER_ATTRIBUTE_PUBLISHED),
+		       "info2 publish flag not set");
+	torture_assert(tctx,
+		       test_GetPrinter_level(tctx, b, handle, 7, &info),
+		       "");
+	if (info.info7.action & DSPRINT_PENDING) {
+		torture_comment(tctx, "publish is pending\n");
+		torture_assert_int_equal(tctx,
+					 info.info7.action,
+					 (DSPRINT_PENDING | DSPRINT_PUBLISH),
+					 "info7 publish flag not set");
+	} else {
+		struct GUID guid;
+		char *ref_guid;
+		torture_assert_int_equal(tctx,
+					 info.info7.action,
+					 DSPRINT_PUBLISH,
+					 "info7 publish flag not set");
+
+		/* GUID_from_string is able to parse both plain and
+		 * curly-braced guids */
+		torture_assert_ntstatus_ok(tctx,
+					   GUID_from_string(info.info7.guid,
+					   &guid),
+					   "invalid published printer GUID");
+
+		/* Build reference GUID string */
+		ref_guid = GUID_string2(tctx, &guid);
+		torture_assert_not_null(tctx, ref_guid, "ENOMEM");
+		ref_guid = talloc_strdup_upper(tctx, ref_guid);
+		torture_assert_not_null(tctx, ref_guid, "ENOMEM");
+		torture_assert_str_equal(tctx, info.info7.guid, ref_guid,
+			"invalid GUID format");
+	}
+
+	return true;
+}
+
+static bool test_printer_set_unpublish(struct torture_context *tctx,
+				       struct dcerpc_binding_handle *b,
+				       struct policy_handle *handle)
+{
+	union spoolss_PrinterInfo info;
+	struct spoolss_SetPrinterInfo7 info7;
+	struct spoolss_SetPrinterInfoCtr info_ctr;
+	struct spoolss_DevmodeContainer devmode_ctr;
+	struct sec_desc_buf secdesc_ctr;
+
+	info7.action = DSPRINT_UNPUBLISH;
+	info7.guid = "";
+
+	ZERO_STRUCT(info_ctr);
+	ZERO_STRUCT(devmode_ctr);
+	ZERO_STRUCT(secdesc_ctr);
+	info_ctr.level = 7;
+	info_ctr.info.info7 = &info7;
+
+	torture_assert(tctx,
+		       test_SetPrinter(tctx, b, handle, &info_ctr,
+				       &devmode_ctr, &secdesc_ctr, 0), "");
+
+	torture_assert(tctx,
+		       test_GetPrinter_level(tctx, b, handle, 2, &info),
+		       "");
+	torture_assert(tctx,
+		       !(info.info2.attributes & PRINTER_ATTRIBUTE_PUBLISHED),
+		       "info2 publish flag still set");
+	torture_assert(tctx,
+		       test_GetPrinter_level(tctx, b, handle, 7, &info),
+		       "");
+
+	if (info.info7.action & DSPRINT_PENDING) {
+		struct GUID guid;
+		torture_comment(tctx, "unpublish is pending\n");
+		torture_assert_int_equal(tctx,
+					 info.info7.action,
+					 (DSPRINT_PENDING | DSPRINT_UNPUBLISH),
+					 "info7 unpublish flag not set");
+		torture_assert_ntstatus_ok(tctx,
+					   GUID_from_string(info.info7.guid,
+					   &guid),
+					   "invalid printer GUID");
+	} else {
+		torture_assert_int_equal(tctx,
+					 info.info7.action, DSPRINT_UNPUBLISH,
+					 "info7 unpublish flag not set");
+	}
+
+	return true;
+}
+
+static bool test_printer_publish_toggle(struct torture_context *tctx,
+					   void *private_data)
+{
+	struct torture_printer_context *t =
+		talloc_get_type_abort(private_data,
+				      struct torture_printer_context);
+	struct dcerpc_pipe *p = t->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct policy_handle *handle = &t->handle;
+	union spoolss_PrinterInfo info7;
+	union spoolss_PrinterInfo info2;
+
+	/* check publish status via level 7 and level 2 */
+	torture_assert(tctx, test_GetPrinter_level(tctx, b, handle, 7, &info7),
+		       "");
+	torture_assert(tctx, test_GetPrinter_level(tctx, b, handle, 2, &info2),
+		       "");
+
+	if (info2.info2.attributes & PRINTER_ATTRIBUTE_PUBLISHED) {
+		torture_assert_int_equal(tctx,
+					 info7.info7.action, DSPRINT_PUBLISH,
+					 "info7 publish flag not set");
+		torture_assert(tctx, test_printer_set_unpublish(tctx, b, handle), "");
+		torture_assert(tctx, test_printer_set_publish(tctx, b, handle), "");
+	} else {
+		torture_assert_int_equal(tctx,
+					 info7.info7.action, DSPRINT_UNPUBLISH,
+					 "info7 unpublish flag not set");
+		torture_assert(tctx, test_printer_set_publish(tctx, b, handle), "");
+		torture_assert(tctx, test_printer_set_unpublish(tctx, b, handle), "");
+	}
+
+	return true;
+}
+
+static bool test_driver_info_winreg(struct torture_context *tctx,
+				    void *private_data)
+{
+	struct torture_printer_context *t =
+		(struct torture_printer_context *)talloc_get_type_abort(private_data, struct torture_printer_context);
+	struct dcerpc_pipe *p = t->spoolss_pipe;
+	const char *driver_name = t->added_driver ? t->driver.info8.driver_name : t->info2.drivername;
+
+	if (!t->have_driver) {
+		torture_skip(tctx, "skipping driver info winreg test as we don't have a driver");
+	}
+
+	torture_assert(tctx,
+		test_DriverInfo_winreg(tctx, p, &t->handle, t->info2.printername, driver_name, t->driver.remote.environment, 3),
+		"failed to test driver info winreg");
+
+	return true;
+}
+
+static bool test_print_job_enum(struct torture_context *tctx,
+				void *private_data)
+{
+	struct torture_printer_context *t =
+		(struct torture_printer_context *)talloc_get_type_abort(private_data, struct torture_printer_context);
+	struct dcerpc_pipe *p = t->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	bool ret = true;
+	uint32_t num_jobs = 8;
+	uint32_t *job_ids;
+	int i;
+	union spoolss_JobInfo *info = NULL;
+	uint32_t count;
+
+	torture_assert(tctx,
+		test_PausePrinter(tctx, b, &t->handle),
+		"failed to pause printer");
+
+	/* purge in case of any jobs from previous tests */
+	torture_assert(tctx,
+		test_printer_purge(tctx, b, &t->handle),
+		"failed to purge printer");
+
+	/* enum before jobs, valid level */
+	torture_assert(tctx,
+		       test_EnumJobs_args(tctx, b, &t->handle, 1, WERR_OK,
+					  &count, &info),
+		       "EnumJobs with valid level");
+	torture_assert_int_equal(tctx, count, 0, "EnumJobs count");
+	torture_assert(tctx,
+		       test_EnumJobs_args(tctx, b, &t->handle, 2, WERR_OK,
+					  &count, &info),
+		       "EnumJobs with valid level");
+	torture_assert_int_equal(tctx, count, 0, "EnumJobs count");
+	/* enum before jobs, invalid level - expect failure */
+	torture_assert(tctx,
+		       test_EnumJobs_args(tctx, b, &t->handle, 100,
+					  WERR_INVALID_LEVEL,
+					  &count, &info),
+		       "EnumJobs with invalid level");
+
+	job_ids = talloc_zero_array(tctx, uint32_t, num_jobs);
+
+	for (i = 0; i < num_jobs; i++) {
+		ret = test_DoPrintTest_add_one_job(tctx, b, &t->handle,
+						    "TorturePrintJob",
+						    &job_ids[i]);
+		torture_assert(tctx, ret, "failed to add print job");
+	}
+
+	/* enum after jobs, valid level */
+	torture_assert(tctx,
+		       test_EnumJobs_args(tctx, b, &t->handle, 1, WERR_OK,
+					  &count, &info),
+		       "EnumJobs with valid level");
+	torture_assert_int_equal(tctx, count, num_jobs, "EnumJobs count");
+	torture_assert(tctx,
+		       test_EnumJobs_args(tctx, b, &t->handle, 2, WERR_OK,
+					  &count, &info),
+		       "EnumJobs with valid level");
+	torture_assert_int_equal(tctx, count, num_jobs, "EnumJobs count");
+	/* enum after jobs, invalid level - expect failure */
+	torture_assert(tctx,
+		       test_EnumJobs_args(tctx, b, &t->handle, 100,
+					  WERR_INVALID_LEVEL,
+					  &count, &info),
+		       "EnumJobs with invalid level");
+
+	for (i = 0; i < num_jobs; i++) {
+		test_SetJob(tctx, b, &t->handle, job_ids[i], NULL,
+			    SPOOLSS_JOB_CONTROL_DELETE);
+	}
+
+	torture_assert(tctx,
+		test_ResumePrinter(tctx, b, &t->handle),
+		"failed to resume printer");
+
+	return true;
+}
+
+static bool test_printer_log_jobinfo(struct torture_context *tctx,
+				     void *private_data)
+{
+	struct torture_printer_context *t =
+		(struct torture_printer_context *)talloc_get_type_abort(private_data, struct torture_printer_context);
+	struct dcerpc_pipe *p = t->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct spoolss_BranchOfficeJobDataContainer info;
+	int i;
+
+	struct spoolss_LogJobInfoForBranchOffice r;
+
+	torture_comment(tctx, "Testing LogJobInfoForBranchOffice\n");
+
+	info.cJobDataEntries = 0;
+	info.JobData = NULL;
+
+	r.in.hPrinter = &t->handle;
+	r.in.pBranchOfficeJobDataContainer = &info;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_LogJobInfoForBranchOffice_r(b, tctx, &r),
+		"LogJobInfoForBranchOffice failed");
+	torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_PARAMETER,
+		"LogJobInfoForBranchOffice failed");
+
+	info.cJobDataEntries = 1;
+	info.JobData = talloc_zero_array(tctx, struct spoolss_BranchOfficeJobData, info.cJobDataEntries);
+
+	info.JobData[0].eEventType = kLogOfflineFileFull;
+	info.JobData[0].JobId = 42;
+	info.JobData[0].JobInfo.LogOfflineFileFull.pMachineName = talloc_strdup(tctx, "mthelena");
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_LogJobInfoForBranchOffice_r(b, tctx, &r),
+		"LogJobInfoForBranchOffice failed");
+	torture_assert_werr_equal(tctx, r.out.result, WERR_OK,
+		"LogJobInfoForBranchOffice failed");
+
+	info.cJobDataEntries = 42;
+	info.JobData = talloc_zero_array(tctx, struct spoolss_BranchOfficeJobData, info.cJobDataEntries);
+
+	for (i=0; i < info.cJobDataEntries; i++) {
+		info.JobData[i].eEventType = kLogOfflineFileFull;
+		info.JobData[i].JobId = i;
+		info.JobData[i].JobInfo.LogOfflineFileFull.pMachineName = talloc_asprintf(tctx, "torture_%d", i);
+	}
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_LogJobInfoForBranchOffice_r(b, tctx, &r),
+		"LogJobInfoForBranchOffice failed");
+	torture_assert_werr_equal(tctx, r.out.result, WERR_OK,
+		"LogJobInfoForBranchOffice failed");
+
+	return true;
+}
+
+static bool test_printer_os_versions(struct torture_context *tctx,
+				     void *private_data)
+{
+	struct torture_printer_context *t =
+		(struct torture_printer_context *)talloc_get_type_abort(private_data, struct torture_printer_context);
+	struct dcerpc_pipe *p = t->spoolss_pipe;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	union spoolss_PrinterInfo info;
+	DATA_BLOB blob;
+	uint8_t *data;
+	uint32_t length;
+	struct spoolss_OSVersion osversion;
+	uint8_t os_major, os_minor;
+	uint16_t os_build;
+	struct policy_handle server_handle;
+
+	torture_comment(tctx, "Testing OSVersion vs. PRINTER_INFO_STRESS\n");
+
+	torture_assert(tctx,
+		test_GetPrinter_level(tctx, b, &t->handle, 0, &info),
+		"failed to get level 0 printer info");
+
+	torture_assert(tctx,
+		test_OpenPrinter_server(tctx, p, &server_handle),
+		"failed to open printserver");
+
+	torture_assert(tctx,
+		test_GetPrinterData_checktype(tctx, b, &server_handle, "OSVersion",
+					      NULL, NULL, &data, &length),
+		"failed to fetch OSVersion printer data");
+
+	test_ClosePrinter(tctx, b, &server_handle);
+
+	blob = data_blob_const(data, length);
+
+	torture_assert_ndr_success(tctx,
+		ndr_pull_struct_blob(&blob, tctx, &osversion,
+			(ndr_pull_flags_fn_t)ndr_pull_spoolss_OSVersion),
+		"failed to pull OSVersion");
+
+	os_major = CVAL(&info.info0.version, 0);
+	os_minor = CVAL(&info.info0.version, 1);
+	os_build = SVAL(&info.info0.version, 2);
+
+	torture_assert_int_equal(tctx, os_major, osversion.major, "major");
+	torture_assert_int_equal(tctx, os_minor, osversion.minor, "minor");
+	torture_assert_int_equal(tctx, os_build, osversion.build, "build");
+
+	return true;
+}
+
+
+void torture_tcase_printer(struct torture_tcase *tcase)
+{
+	torture_tcase_add_simple_test(tcase, "openprinter", test_openprinter_wrap);
+	torture_tcase_add_simple_test(tcase, "csetprinter", test_csetprinter);
+	torture_tcase_add_simple_test(tcase, "print_test", test_print_test);
+	torture_tcase_add_simple_test(tcase, "print_test_extended", test_print_test_extended);
+	torture_tcase_add_simple_test(tcase, "print_test_smbd", test_print_test_smbd);
+	torture_tcase_add_simple_test(tcase, "print_test_properties", test_print_test_properties);
+	torture_tcase_add_simple_test(tcase, "print_test_purge", test_print_test_purge);
+	torture_tcase_add_simple_test(tcase, "printer_info", test_printer_info);
+	torture_tcase_add_simple_test(tcase, "sd", test_printer_sd);
+	torture_tcase_add_simple_test(tcase, "dm", test_printer_dm);
+	torture_tcase_add_simple_test(tcase, "printer_info_winreg", test_printer_info_winreg);
+	torture_tcase_add_simple_test(tcase, "change_id", test_printer_change_id);
+	torture_tcase_add_simple_test(tcase, "keys", test_printer_keys);
+	torture_tcase_add_simple_test(tcase, "printerdata_consistency", test_printer_data_consistency);
+	torture_tcase_add_simple_test(tcase, "printerdata_keys", test_printer_data_keys);
+	torture_tcase_add_simple_test(tcase, "printerdata_values", test_printer_data_values);
+	torture_tcase_add_simple_test(tcase, "printerdata_set", test_printer_data_set);
+	torture_tcase_add_simple_test(tcase, "printerdata_winreg", test_printer_data_winreg);
+	torture_tcase_add_simple_test(tcase, "printerdata_dsspooler", test_printer_data_dsspooler);
+	torture_tcase_add_simple_test(tcase, "driver_info_winreg", test_driver_info_winreg);
+	torture_tcase_add_simple_test(tcase, "printer_rename", test_printer_rename);
+	torture_tcase_add_simple_test(tcase, "printer_ic", test_printer_ic);
+	torture_tcase_add_simple_test(tcase, "bidi", test_printer_bidi);
+	torture_tcase_add_simple_test(tcase, "publish_toggle",
+				      test_printer_publish_toggle);
+	torture_tcase_add_simple_test(tcase, "print_job_enum", test_print_job_enum);
+	torture_tcase_add_simple_test(tcase, "log_jobinfo", test_printer_log_jobinfo);
+	torture_tcase_add_simple_test(tcase, "os_versions", test_printer_os_versions);
+}
+
+struct torture_suite *torture_rpc_spoolss_printer(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "printer");
+	struct torture_tcase *tcase;
+
+	tcase = torture_suite_add_tcase(suite, "addprinter");
+
+	torture_tcase_set_fixture(tcase,
+				  torture_rpc_spoolss_printer_setup,
+				  torture_rpc_spoolss_printer_teardown);
+
+	torture_tcase_printer(tcase);
+
+	tcase = torture_suite_add_tcase(suite, "addprinterex");
+
+	torture_tcase_set_fixture(tcase,
+				  torture_rpc_spoolss_printerex_setup,
+				  torture_rpc_spoolss_printer_teardown);
+
+	torture_tcase_printer(tcase);
+
+	tcase = torture_suite_add_tcase(suite, "addprinterwkn");
+
+	torture_tcase_set_fixture(tcase,
+				  torture_rpc_spoolss_printerwkn_setup,
+				  torture_rpc_spoolss_printer_teardown);
+
+	tcase = torture_suite_add_tcase(suite, "addprinterexwkn");
+
+	torture_tcase_set_fixture(tcase,
+				  torture_rpc_spoolss_printerexwkn_setup,
+				  torture_rpc_spoolss_printer_teardown);
+
+#if 0
+	/* test is not correct */
+	tcase = torture_suite_add_tcase(suite, "addprinterdm");
+
+	torture_tcase_set_fixture(tcase,
+				  torture_rpc_spoolss_printerdm_setup,
+				  torture_rpc_spoolss_printer_teardown);
+
+	torture_tcase_printer(tcase);
+#endif
+	return suite;
+}
+
+struct torture_suite *torture_rpc_spoolss(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "spoolss");
+	struct torture_tcase *tcase = torture_suite_add_tcase(suite, "printserver");
+
+	torture_tcase_set_fixture(tcase,
+				  torture_rpc_spoolss_setup,
+				  torture_rpc_spoolss_teardown);
+
+	torture_tcase_add_simple_test(tcase, "openprinter_badnamelist", test_OpenPrinter_badname_list);
+	torture_tcase_add_simple_test(tcase, "printer_data_list", test_GetPrinterData_list);
+	torture_tcase_add_simple_test(tcase, "enum_forms", test_PrintServer_EnumForms);
+	torture_tcase_add_simple_test(tcase, "forms", test_PrintServer_Forms);
+	torture_tcase_add_simple_test(tcase, "forms_winreg", test_PrintServer_Forms_Winreg);
+	torture_tcase_add_simple_test(tcase, "enum_ports", test_EnumPorts);
+	torture_tcase_add_simple_test(tcase, "add_port", test_AddPort);
+	torture_tcase_add_simple_test(tcase, "get_printer_driver_directory", test_GetPrinterDriverDirectory);
+	torture_tcase_add_simple_test(tcase, "get_print_processor_directory", test_GetPrintProcessorDirectory);
+	torture_tcase_add_simple_test(tcase, "enum_printer_drivers", test_EnumPrinterDrivers);
+	torture_tcase_add_simple_test(tcase, "enum_monitors", test_EnumMonitors);
+	torture_tcase_add_simple_test(tcase, "enum_print_processors", test_EnumPrintProcessors);
+	torture_tcase_add_simple_test(tcase, "print_processors_winreg", test_print_processors_winreg);
+	torture_tcase_add_simple_test(tcase, "add_processor", test_add_print_processor);
+	torture_tcase_add_simple_test(tcase, "enum_printprocdata", test_EnumPrintProcessorDataTypes);
+	torture_tcase_add_simple_test(tcase, "enum_printers", test_EnumPrinters);
+	torture_tcase_add_simple_test(tcase, "enum_ports_old", test_EnumPorts_old);
+	torture_tcase_add_simple_test(tcase, "enum_printers_old", test_EnumPrinters_old);
+	torture_tcase_add_simple_test(tcase, "enum_printers_servername", test_EnumPrinters_servername);
+	torture_tcase_add_simple_test(tcase, "enum_printer_drivers_old", test_EnumPrinterDrivers_old);
+	torture_tcase_add_simple_test(tcase, "architecture_buffer", test_architecture_buffer);
+	torture_tcase_add_simple_test(tcase, "get_core_printer_drivers", test_get_core_printer_drivers);
+	torture_tcase_add_simple_test(tcase, "get_printer_driver_package_path", test_get_printer_driver_package_path);
+	torture_tcase_add_simple_test(tcase, "get_printer", test_get_printer_printserverhandle);
+	torture_tcase_add_simple_test(tcase, "set_printer", test_set_printer_printserverhandle);
+	torture_tcase_add_simple_test(tcase, "printserver_info_winreg", test_printserver_info_winreg);
+	torture_tcase_add_simple_test(tcase, "addpermachineconnection", test_addpermachineconnection);
+
+	torture_suite_add_suite(suite, torture_rpc_spoolss_printer(suite));
+
+	return suite;
+}
+
+static bool test_GetPrinterDriverDirectory_getdir(struct torture_context *tctx,
+						  struct dcerpc_binding_handle *b,
+						  const char *server,
+						  const char *environment,
+						  const char **dir_p)
+{
+	struct spoolss_GetPrinterDriverDirectory r;
+	uint32_t needed;
+
+	r.in.server		= server;
+	r.in.environment	= environment;
+	r.in.level		= 1;
+	r.in.buffer		= NULL;
+	r.in.offered		= 0;
+	r.out.needed		= &needed;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_GetPrinterDriverDirectory_r(b, tctx, &r),
+		"failed to query driver directory");
+
+	if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {
+		DATA_BLOB blob = data_blob_talloc_zero(tctx, needed);
+		r.in.buffer = &blob;
+		r.in.offered = needed;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_spoolss_GetPrinterDriverDirectory_r(b, tctx, &r),
+			"failed to query driver directory");
+	}
+
+	torture_assert_werr_ok(tctx, r.out.result,
+		"failed to query driver directory");
+
+	if (dir_p) {
+		*dir_p = r.out.info->info1.directory_name;
+	}
+
+	return true;
+}
+
+static const char *get_driver_from_info(struct spoolss_AddDriverInfoCtr *info_ctr)
+{
+	if (info_ctr == NULL) {
+		return NULL;
+	}
+
+	switch (info_ctr->level) {
+	case 1:
+		return info_ctr->info.info1->driver_name;
+	case 2:
+		return info_ctr->info.info2->driver_name;
+	case 3:
+		return info_ctr->info.info3->driver_name;
+	case 4:
+		return info_ctr->info.info4->driver_name;
+	case 6:
+		return info_ctr->info.info6->driver_name;
+	case 8:
+		return info_ctr->info.info8->driver_name;
+	default:
+		return NULL;
+	}
+}
+
+static const char *get_environment_from_info(struct spoolss_AddDriverInfoCtr *info_ctr)
+{
+	if (info_ctr == NULL) {
+		return NULL;
+	}
+
+	switch (info_ctr->level) {
+	case 2:
+		return info_ctr->info.info2->architecture;
+	case 3:
+		return info_ctr->info.info3->architecture;
+	case 4:
+		return info_ctr->info.info4->architecture;
+	case 6:
+		return info_ctr->info.info6->architecture;
+	case 8:
+		return info_ctr->info.info8->architecture;
+	default:
+		return NULL;
+	}
+}
+
+
+static bool test_AddPrinterDriver_exp(struct torture_context *tctx,
+				      struct dcerpc_binding_handle *b,
+				      const char *servername,
+				      struct spoolss_AddDriverInfoCtr *info_ctr,
+				      WERROR expected_result)
+{
+	struct spoolss_AddPrinterDriver r;
+	const char *drivername = get_driver_from_info(info_ctr);
+	const char *environment = get_environment_from_info(info_ctr);
+
+	r.in.servername = servername;
+	r.in.info_ctr = info_ctr;
+
+	torture_comment(tctx, "Testing AddPrinterDriver(%s) level: %d, environment: '%s'\n",
+		drivername, info_ctr->level, environment);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_AddPrinterDriver_r(b, tctx, &r),
+		"spoolss_AddPrinterDriver failed");
+	torture_assert_werr_equal(tctx, r.out.result, expected_result,
+		"spoolss_AddPrinterDriver failed with unexpected result");
+
+	return true;
+
+}
+
+static bool test_AddPrinterDriverEx_exp(struct torture_context *tctx,
+				        struct dcerpc_binding_handle *b,
+					const char *servername,
+				        struct spoolss_AddDriverInfoCtr *info_ctr,
+				        uint32_t flags,
+					WERROR expected_result)
+{
+	struct spoolss_AddPrinterDriverEx r;
+	const char *drivername = get_driver_from_info(info_ctr);
+	const char *environment = get_environment_from_info(info_ctr);
+
+	r.in.servername = servername;
+	r.in.info_ctr = info_ctr;
+	r.in.flags = flags;
+
+	torture_comment(tctx, "Testing AddPrinterDriverEx(%s) level: %d, environment: '%s'\n",
+		drivername, info_ctr->level, environment);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_AddPrinterDriverEx_r(b, tctx, &r),
+		"AddPrinterDriverEx failed");
+	torture_assert_werr_equal(tctx, r.out.result, expected_result,
+		"AddPrinterDriverEx failed with unexpected result");
+
+	return true;
+}
+
+#define ASSERT_DRIVER_PATH(tctx, path, driver_dir, cmt) \
+	if (path && strlen(path)) {\
+		torture_assert_strn_equal(tctx, path, driver_dir, strlen(driver_dir), cmt); \
+	}
+
+static bool test_AddPrinterDriver_args_level_1(struct torture_context *tctx,
+					       struct dcerpc_binding_handle *b,
+					       const char *server_name,
+					       struct spoolss_AddDriverInfo8 *r,
+					       uint32_t flags,
+					       bool ex,
+					       const char *remote_driver_dir)
+{
+	struct spoolss_AddDriverInfoCtr info_ctr;
+	struct spoolss_AddDriverInfo1 info1;
+
+	ZERO_STRUCT(info1);
+
+	info_ctr.level = 1;
+	info_ctr.info.info1 = &info1;
+
+	if (ex) {
+		torture_assert(tctx,
+			test_AddPrinterDriverEx_exp(tctx, b, server_name, &info_ctr, flags, WERR_INVALID_LEVEL),
+			"failed to test AddPrinterDriverEx level 1");
+	} else {
+		torture_assert(tctx,
+			test_AddPrinterDriver_exp(tctx, b, server_name, &info_ctr, WERR_INVALID_LEVEL),
+			"failed to test AddPrinterDriver level 1");
+	}
+
+	info1.driver_name = r->driver_name;
+
+	if (ex) {
+		torture_assert(tctx,
+			test_AddPrinterDriverEx_exp(tctx, b, server_name, &info_ctr, flags, WERR_INVALID_LEVEL),
+			"failed to test AddPrinterDriverEx level 1");
+	} else {
+		torture_assert(tctx,
+			test_AddPrinterDriver_exp(tctx, b, server_name, &info_ctr, WERR_INVALID_LEVEL),
+			"failed to test AddPrinterDriver level 1");
+	}
+
+	return true;
+}
+
+static bool test_AddPrinterDriver_args_level_2(struct torture_context *tctx,
+					       struct dcerpc_binding_handle *b,
+					       const char *server_name,
+					       struct spoolss_AddDriverInfo8 *r,
+					       uint32_t flags,
+					       bool ex,
+					       const char *remote_driver_dir)
+{
+	struct spoolss_AddDriverInfoCtr info_ctr;
+	struct spoolss_AddDriverInfo2 info2;
+	union spoolss_DriverInfo info;
+
+	ZERO_STRUCT(info2);
+
+	info_ctr.level = 2;
+	info_ctr.info.info2 = &info2;
+
+	if (ex) {
+		torture_assert(tctx,
+			test_AddPrinterDriverEx_exp(tctx, b, server_name, &info_ctr, flags, WERR_INVALID_PARAMETER),
+			"failed to test AddPrinterDriverEx level 2");
+	} else {
+		torture_assert(tctx,
+			test_AddPrinterDriver_exp(tctx, b, server_name, &info_ctr, WERR_INVALID_PARAMETER),
+			"failed to test AddPrinterDriver level 2");
+	}
+
+	info2.driver_name = r->driver_name;
+
+	if (ex) {
+		torture_assert(tctx,
+			test_AddPrinterDriverEx_exp(tctx, b, server_name, &info_ctr, flags, WERR_INVALID_PARAMETER),
+			"failed to test AddPrinterDriverEx level 2");
+	} else {
+		torture_assert(tctx,
+			test_AddPrinterDriver_exp(tctx, b, server_name, &info_ctr, WERR_INVALID_PARAMETER),
+			"failed to test AddPrinterDriver level 2");
+	}
+
+	info2.version = r->version;
+
+	if (ex) {
+		torture_assert(tctx,
+			test_AddPrinterDriverEx_exp(tctx, b, server_name, &info_ctr, flags, WERR_INVALID_PARAMETER),
+			"failed to test AddPrinterDriverEx level 2");
+	} else {
+		torture_assert(tctx,
+			test_AddPrinterDriver_exp(tctx, b, server_name, &info_ctr, WERR_INVALID_PARAMETER),
+			"failed to test AddPrinterDriver level 2");
+	}
+
+	info2.architecture = r->architecture;
+
+	if (ex) {
+		torture_assert(tctx,
+			test_AddPrinterDriverEx_exp(tctx, b, server_name, &info_ctr, flags, WERR_INVALID_PARAMETER),
+			"failed to test AddPrinterDriverEx level 2");
+	} else {
+		torture_assert(tctx,
+			test_AddPrinterDriver_exp(tctx, b, server_name, &info_ctr, WERR_INVALID_PARAMETER),
+			"failed to test AddPrinterDriver level 2");
+	}
+
+	info2.driver_path = r->driver_path;
+
+	if (ex) {
+		torture_assert(tctx,
+			test_AddPrinterDriverEx_exp(tctx, b, server_name, &info_ctr, flags, WERR_INVALID_PARAMETER),
+			"failed to test AddPrinterDriverEx level 2");
+	} else {
+		torture_assert(tctx,
+			test_AddPrinterDriver_exp(tctx, b, server_name, &info_ctr, WERR_INVALID_PARAMETER),
+			"failed to test AddPrinterDriver level 2");
+	}
+
+	info2.data_file = r->data_file;
+
+	if (ex) {
+		torture_assert(tctx,
+			test_AddPrinterDriverEx_exp(tctx, b, server_name, &info_ctr, flags, WERR_INVALID_PARAMETER),
+			"failed to test AddPrinterDriverEx level 2");
+	} else {
+		torture_assert(tctx,
+			test_AddPrinterDriver_exp(tctx, b, server_name, &info_ctr, WERR_INVALID_PARAMETER),
+			"failed to test AddPrinterDriver level 2");
+	}
+
+	info2.config_file = r->config_file;
+
+	if (ex) {
+		torture_assert(tctx,
+			test_AddPrinterDriverEx_exp(tctx, b, server_name, &info_ctr, 0, WERR_INVALID_PARAMETER),
+			"failed to test AddPrinterDriverEx");
+	}
+
+	if (ex) {
+		torture_assert(tctx,
+			test_AddPrinterDriverEx_exp(tctx, b, server_name, &info_ctr, flags, WERR_OK),
+			"failed to test AddPrinterDriverEx level 2");
+	} else {
+		torture_assert(tctx,
+			test_AddPrinterDriver_exp(tctx, b, server_name, &info_ctr, WERR_OK),
+			"failed to test AddPrinterDriver level 2");
+	}
+
+	torture_assert(tctx,
+		test_EnumPrinterDrivers_findone(tctx, b, server_name, r->architecture, 2, r->driver_name, &info),
+		"failed to find added printer driver");
+
+	if (remote_driver_dir) {
+		ASSERT_DRIVER_PATH(tctx, info.info2.driver_path, remote_driver_dir, "unexpected path");
+		ASSERT_DRIVER_PATH(tctx, info.info2.data_file, remote_driver_dir, "unexpected path");
+		ASSERT_DRIVER_PATH(tctx, info.info2.config_file, remote_driver_dir, "unexpected path");
+	}
+
+	return true;
+}
+
+static bool test_AddPrinterDriver_args_level_3(struct torture_context *tctx,
+					       struct dcerpc_binding_handle *b,
+					       const char *server_name,
+					       struct spoolss_AddDriverInfo8 *r,
+					       uint32_t flags,
+					       bool ex,
+					       const char *remote_driver_dir)
+{
+	struct spoolss_AddDriverInfoCtr info_ctr;
+	struct spoolss_AddDriverInfo3 info3;
+	union spoolss_DriverInfo info;
+
+	info3.driver_name	= r->driver_name;
+	info3.version		= r->version;
+	info3.architecture	= r->architecture;
+	info3.driver_path	= r->driver_path;
+	info3.data_file		= r->data_file;
+	info3.config_file	= r->config_file;
+	info3.help_file		= r->help_file;
+	info3.monitor_name	= r->monitor_name;
+	info3.default_datatype	= r->default_datatype;
+	info3._ndr_size_dependent_files = r->_ndr_size_dependent_files;
+	info3.dependent_files	= r->dependent_files;
+
+	info_ctr.level = 3;
+	info_ctr.info.info3 = &info3;
+
+	if (ex) {
+		torture_assert(tctx,
+			test_AddPrinterDriverEx_exp(tctx, b, server_name, &info_ctr, flags, WERR_OK),
+			"failed to test AddPrinterDriverEx level 3");
+	} else {
+		torture_assert(tctx,
+			test_AddPrinterDriver_exp(tctx, b, server_name, &info_ctr, WERR_OK),
+			"failed to test AddPrinterDriver level 3");
+	}
+
+	torture_assert(tctx,
+		test_EnumPrinterDrivers_findone(tctx, b, server_name, r->architecture, 3, r->driver_name, &info),
+		"failed to find added printer driver");
+
+	if (remote_driver_dir) {
+		int i;
+		ASSERT_DRIVER_PATH(tctx, info.info3.driver_path, remote_driver_dir, "unexpected path");
+		ASSERT_DRIVER_PATH(tctx, info.info3.data_file, remote_driver_dir, "unexpected path");
+		ASSERT_DRIVER_PATH(tctx, info.info3.config_file, remote_driver_dir, "unexpected path");
+		ASSERT_DRIVER_PATH(tctx, info.info3.help_file, remote_driver_dir, "unexpected path");
+		for (i=0; info.info3.dependent_files && info.info3.dependent_files[i] != NULL; i++) {
+			ASSERT_DRIVER_PATH(tctx, info.info3.dependent_files[i], remote_driver_dir, "unexpected path");
+		}
+	}
+
+	return true;
+}
+
+static bool test_AddPrinterDriver_args_level_4(struct torture_context *tctx,
+					       struct dcerpc_binding_handle *b,
+					       const char *server_name,
+					       struct spoolss_AddDriverInfo8 *r,
+					       uint32_t flags,
+					       bool ex,
+					       const char *remote_driver_dir)
+{
+	struct spoolss_AddDriverInfoCtr info_ctr;
+	struct spoolss_AddDriverInfo4 info4;
+	union spoolss_DriverInfo info;
+
+	info4.version		= r->version;
+	info4.driver_name	= r->driver_name;
+	info4.architecture	= r->architecture;
+	info4.driver_path	= r->driver_path;
+	info4.data_file		= r->data_file;
+	info4.config_file	= r->config_file;
+	info4.help_file		= r->help_file;
+	info4.monitor_name	= r->monitor_name;
+	info4.default_datatype	= r->default_datatype;
+	info4._ndr_size_dependent_files = r->_ndr_size_dependent_files;
+	info4.dependent_files	= r->dependent_files;
+	info4._ndr_size_previous_names = r->_ndr_size_previous_names;
+	info4.previous_names = r->previous_names;
+
+	info_ctr.level = 4;
+	info_ctr.info.info4 = &info4;
+
+	if (ex) {
+		torture_assert(tctx,
+			test_AddPrinterDriverEx_exp(tctx, b, server_name, &info_ctr, flags, WERR_OK),
+			"failed to test AddPrinterDriverEx level 4");
+	} else {
+		torture_assert(tctx,
+			test_AddPrinterDriver_exp(tctx, b, server_name, &info_ctr, WERR_OK),
+			"failed to test AddPrinterDriver level 4");
+	}
+
+	torture_assert(tctx,
+		test_EnumPrinterDrivers_findone(tctx, b, server_name, r->architecture, 4, r->driver_name, &info),
+		"failed to find added printer driver");
+
+	if (remote_driver_dir) {
+		int i;
+		ASSERT_DRIVER_PATH(tctx, info.info4.driver_path, remote_driver_dir, "unexpected path");
+		ASSERT_DRIVER_PATH(tctx, info.info4.data_file, remote_driver_dir, "unexpected path");
+		ASSERT_DRIVER_PATH(tctx, info.info4.config_file, remote_driver_dir, "unexpected path");
+		ASSERT_DRIVER_PATH(tctx, info.info4.help_file, remote_driver_dir, "unexpected path");
+		for (i=0; info.info4.dependent_files && info.info4.dependent_files[i] != NULL; i++) {
+			ASSERT_DRIVER_PATH(tctx, info.info4.dependent_files[i], remote_driver_dir, "unexpected path");
+		}
+	}
+
+	return true;
+}
+
+static bool test_AddPrinterDriver_args_level_6(struct torture_context *tctx,
+					       struct dcerpc_binding_handle *b,
+					       const char *server_name,
+					       struct spoolss_AddDriverInfo8 *r,
+					       uint32_t flags,
+					       bool ex,
+					       const char *remote_driver_dir)
+{
+	struct spoolss_AddDriverInfoCtr info_ctr;
+	struct spoolss_AddDriverInfo6 info6;
+	union spoolss_DriverInfo info;
+
+	info6.version		= r->version;
+	info6.driver_name	= r->driver_name;
+	info6.architecture	= r->architecture;
+	info6.driver_path	= r->driver_path;
+	info6.data_file		= r->data_file;
+	info6.config_file	= r->config_file;
+	info6.help_file		= r->help_file;
+	info6.monitor_name	= r->monitor_name;
+	info6.default_datatype	= r->default_datatype;
+	info6._ndr_size_dependent_files = r->_ndr_size_dependent_files;
+	info6.dependent_files	= r->dependent_files;
+	info6._ndr_size_previous_names = r->_ndr_size_previous_names;
+	info6.previous_names	= r->previous_names;
+	info6.driver_date	= r->driver_date;
+	info6.driver_version	= r->driver_version;
+	info6.manufacturer_name	= r->manufacturer_name;
+	info6.manufacturer_url	= r->manufacturer_url;
+	info6.hardware_id	= r->hardware_id;
+	info6.provider		= r->provider;
+
+	info_ctr.level = 6;
+	info_ctr.info.info6 = &info6;
+
+	if (ex) {
+		torture_assert(tctx,
+			test_AddPrinterDriverEx_exp(tctx, b, server_name, &info_ctr, flags, WERR_OK),
+			"failed to test AddPrinterDriverEx level 6");
+	} else {
+		torture_assert(tctx,
+			test_AddPrinterDriver_exp(tctx, b, server_name, &info_ctr, WERR_INVALID_LEVEL),
+			"failed to test AddPrinterDriver level 6");
+	}
+
+	/* spoolss_AddPrinterDriver does not deal with level 6 or 8 - gd */
+
+	if (!ex) {
+		return true;
+	}
+
+	torture_assert(tctx,
+		test_EnumPrinterDrivers_findone(tctx, b, server_name, r->architecture, 6, r->driver_name, &info),
+		"failed to find added printer driver");
+
+	if (remote_driver_dir) {
+		int i;
+		ASSERT_DRIVER_PATH(tctx, info.info6.driver_path, remote_driver_dir, "unexpected path");
+		ASSERT_DRIVER_PATH(tctx, info.info6.data_file, remote_driver_dir, "unexpected path");
+		ASSERT_DRIVER_PATH(tctx, info.info6.config_file, remote_driver_dir, "unexpected path");
+		ASSERT_DRIVER_PATH(tctx, info.info6.help_file, remote_driver_dir, "unexpected path");
+		for (i=0; info.info6.dependent_files && info.info6.dependent_files[i] != NULL; i++) {
+			ASSERT_DRIVER_PATH(tctx, info.info6.dependent_files[i], remote_driver_dir, "unexpected path");
+		}
+	}
+
+	torture_assert_nttime_equal(tctx, info.info6.driver_date, info6.driver_date, "driverdate mismatch");
+	torture_assert_u64_equal(tctx, info.info6.driver_version, info6.driver_version, "driverversion mismatch");
+
+	return true;
+}
+
+static bool test_AddPrinterDriver_args_level_8(struct torture_context *tctx,
+					       struct dcerpc_binding_handle *b,
+					       const char *server_name,
+					       struct spoolss_AddDriverInfo8 *r,
+					       uint32_t flags,
+					       bool ex,
+					       const char *remote_driver_dir)
+{
+	struct spoolss_AddDriverInfoCtr info_ctr;
+	union spoolss_DriverInfo info;
+
+	info_ctr.level = 8;
+	info_ctr.info.info8 = r;
+
+	if (ex) {
+		torture_assert(tctx,
+			test_AddPrinterDriverEx_exp(tctx, b, server_name, &info_ctr, flags, WERR_OK),
+			"failed to test AddPrinterDriverEx level 8");
+	} else {
+		torture_assert(tctx,
+			test_AddPrinterDriver_exp(tctx, b, server_name, &info_ctr, WERR_INVALID_LEVEL),
+			"failed to test AddPrinterDriver level 8");
+	}
+
+	/* spoolss_AddPrinterDriver does not deal with level 6 or 8 - gd */
+
+	if (!ex) {
+		return true;
+	}
+
+	torture_assert(tctx,
+		test_EnumPrinterDrivers_findone(tctx, b, server_name, r->architecture, 8, r->driver_name, &info),
+		"failed to find added printer driver");
+
+	if (remote_driver_dir) {
+		int i;
+		ASSERT_DRIVER_PATH(tctx, info.info8.driver_path, remote_driver_dir, "unexpected path");
+		ASSERT_DRIVER_PATH(tctx, info.info8.data_file, remote_driver_dir, "unexpected path");
+		ASSERT_DRIVER_PATH(tctx, info.info8.config_file, remote_driver_dir, "unexpected path");
+		ASSERT_DRIVER_PATH(tctx, info.info8.help_file, remote_driver_dir, "unexpected path");
+		for (i=0; info.info8.dependent_files && info.info8.dependent_files[i] != NULL; i++) {
+			ASSERT_DRIVER_PATH(tctx, info.info8.dependent_files[i], remote_driver_dir, "unexpected path");
+		}
+	}
+
+	torture_assert_nttime_equal(tctx, info.info8.driver_date, r->driver_date, "driverdate mismatch");
+	torture_assert_u64_equal(tctx, info.info8.driver_version, r->driver_version, "driverversion mismatch");
+
+	return true;
+}
+
+#undef ASSERT_DRIVER_PATH
+
+static bool test_DeletePrinterDriver_exp(struct torture_context *tctx,
+					 struct dcerpc_binding_handle *b,
+					 const char *server,
+					 const char *driver,
+					 const char *environment,
+					 WERROR expected_result)
+{
+	struct spoolss_DeletePrinterDriver r;
+
+	r.in.server = server;
+	r.in.architecture = environment;
+	r.in.driver = driver;
+
+	torture_comment(tctx, "Testing DeletePrinterDriver(%s)\n", driver);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_DeletePrinterDriver_r(b, tctx, &r),
+		"DeletePrinterDriver failed");
+	torture_assert_werr_equal(tctx, r.out.result, expected_result,
+		"DeletePrinterDriver failed with unexpected result");
+
+	return true;
+}
+
+static bool test_DeletePrinterDriverEx_exp(struct torture_context *tctx,
+					   struct dcerpc_binding_handle *b,
+					   const char *server,
+					   const char *driver,
+					   const char *environment,
+					   uint32_t delete_flags,
+					   uint32_t version,
+					   WERROR expected_result)
+{
+	struct spoolss_DeletePrinterDriverEx r;
+
+	r.in.server = server;
+	r.in.architecture = environment;
+	r.in.driver = driver;
+	r.in.delete_flags = delete_flags;
+	r.in.version = version;
+
+	torture_comment(tctx, "Testing DeletePrinterDriverEx(%s)\n", driver);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_DeletePrinterDriverEx_r(b, tctx, &r),
+		"DeletePrinterDriverEx failed");
+	torture_assert_werr_equal(tctx, r.out.result, expected_result,
+		"DeletePrinterDriverEx failed with unexpected result");
+
+	return true;
+}
+
+static bool test_DeletePrinterDriver(struct torture_context *tctx,
+				     struct dcerpc_binding_handle *b,
+				     const char *server_name,
+				     const char *driver,
+				     const char *environment)
+{
+	torture_assert(tctx,
+		test_DeletePrinterDriver_exp(tctx, b, server_name, driver, "FOOBAR", WERR_INVALID_ENVIRONMENT),
+		"failed to delete driver");
+
+	torture_assert(tctx,
+		test_DeletePrinterDriver_exp(tctx, b, server_name, driver, environment, WERR_OK),
+		"failed to delete driver");
+
+	if (test_EnumPrinterDrivers_findone(tctx, b, server_name, environment, 1, driver, NULL)) {
+		torture_fail(tctx, "deleted driver still enumerated");
+	}
+
+	torture_assert(tctx,
+		test_DeletePrinterDriver_exp(tctx, b, server_name, driver, environment, WERR_UNKNOWN_PRINTER_DRIVER),
+		"2nd delete failed");
+
+	return true;
+}
+
+static bool test_DeletePrinterDriverEx(struct torture_context *tctx,
+				       struct dcerpc_binding_handle *b,
+				       const char *server_name,
+				       const char *driver,
+				       const char *environment,
+				       uint32_t delete_flags,
+				       uint32_t version)
+{
+	torture_assert(tctx,
+		test_DeletePrinterDriverEx_exp(tctx, b, server_name, driver, "FOOBAR", delete_flags, version, WERR_INVALID_ENVIRONMENT),
+		"failed to delete driver");
+
+	torture_assert(tctx,
+		test_DeletePrinterDriverEx_exp(tctx, b, server_name, driver, environment, delete_flags, version, WERR_OK),
+		"failed to delete driver");
+
+	if (test_EnumPrinterDrivers_findone(tctx, b, server_name, environment, 1, driver, NULL)) {
+		torture_fail(tctx, "deleted driver still enumerated");
+	}
+
+	torture_assert(tctx,
+		test_DeletePrinterDriverEx_exp(tctx, b, server_name, driver, environment, delete_flags, version, WERR_UNKNOWN_PRINTER_DRIVER),
+		"2nd delete failed");
+
+	return true;
+}
+
+static bool test_PrinterDriver_args(struct torture_context *tctx,
+				    struct dcerpc_binding_handle *b,
+				    const char *server_name,
+				    uint32_t level,
+				    struct spoolss_AddDriverInfo8 *r,
+				    uint32_t add_flags,
+				    uint32_t delete_flags,
+				    uint32_t delete_version,
+				    bool ex,
+				    const char *remote_driver_dir)
+{
+	bool ret = true;
+
+	switch (level) {
+	case 1:
+		ret = test_AddPrinterDriver_args_level_1(tctx, b, server_name, r, add_flags, ex, remote_driver_dir);
+		break;
+	case 2:
+		ret = test_AddPrinterDriver_args_level_2(tctx, b, server_name, r, add_flags, ex, remote_driver_dir);
+		break;
+	case 3:
+		ret = test_AddPrinterDriver_args_level_3(tctx, b, server_name, r, add_flags, ex, remote_driver_dir);
+		break;
+	case 4:
+		ret = test_AddPrinterDriver_args_level_4(tctx, b, server_name, r, add_flags, ex, remote_driver_dir);
+		break;
+	case 6:
+		ret = test_AddPrinterDriver_args_level_6(tctx, b, server_name, r, add_flags, ex, remote_driver_dir);
+		break;
+	case 8:
+		ret = test_AddPrinterDriver_args_level_8(tctx, b, server_name, r, add_flags, ex, remote_driver_dir);
+		break;
+	default:
+		return false;
+	}
+
+	if (ret == false) {
+		return ret;
+	}
+
+	if (level == 1) {
+		return ret;
+	}
+
+	/* spoolss_AddPrinterDriver does not deal with level 6 or 8 - gd */
+
+	if (!ex && (level == 6 || level == 8)) {
+		return ret;
+	}
+
+	{
+		struct dcerpc_pipe *p2;
+		struct policy_handle hive_handle;
+		struct dcerpc_binding_handle *b2;
+
+		torture_assert_ntstatus_ok(tctx,
+			torture_rpc_connection(tctx, &p2, &ndr_table_winreg),
+			"could not open winreg pipe");
+		b2 = p2->binding_handle;
+
+		torture_assert(tctx, test_winreg_OpenHKLM(tctx, b2, &hive_handle), "");
+
+		ret = test_GetDriverInfo_winreg(tctx, b, NULL, NULL, r->driver_name, r->architecture, r->version, b2, &hive_handle, server_name);
+
+		test_winreg_CloseKey(tctx, b2, &hive_handle);
+
+		talloc_free(p2);
+	}
+
+	if (ex) {
+		return test_DeletePrinterDriverEx(tctx, b, server_name, r->driver_name, r->architecture, delete_flags, r->version);
+	} else {
+		return test_DeletePrinterDriver(tctx, b, server_name, r->driver_name, r->architecture);
+	}
+}
+
+static bool fillup_printserver_info(struct torture_context *tctx,
+				    struct dcerpc_pipe *p,
+				    struct torture_driver_context *d)
+{
+	struct policy_handle server_handle;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	const char *server_name_slash = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+
+	torture_assert(tctx,
+		test_OpenPrinter_server(tctx, p, &server_handle),
+		"failed to open printserver");
+	torture_assert(tctx,
+		test_get_environment(tctx, b, &server_handle, &d->remote.environment),
+		"failed to get environment");
+	torture_assert(tctx,
+		test_ClosePrinter(tctx, b, &server_handle),
+		"failed to close printserver");
+
+	torture_assert(tctx,
+		test_GetPrinterDriverDirectory_getdir(tctx, b, server_name_slash,
+			d->local.environment ? d->local.environment : d->remote.environment,
+			&d->remote.driver_directory),
+		"failed to get driver directory");
+
+	return true;
+}
+
+static const char *driver_directory_dir(const char *driver_directory)
+{
+	char *p;
+
+	p = strrchr(driver_directory, '\\');
+	if (p) {
+		return p+1;
+	}
+
+	return NULL;
+}
+
+static const char *driver_directory_share(struct torture_context *tctx,
+					  const char *driver_directory)
+{
+	const char *p;
+	char *tok;
+
+	if (driver_directory[0] == '\\' && driver_directory[1] == '\\') {
+		driver_directory += 2;
+	}
+
+	p = talloc_strdup(tctx, driver_directory);
+
+	torture_assert(tctx,
+		next_token_talloc(tctx, &p, &tok, "\\"),
+		"cannot explode uri");
+	torture_assert(tctx,
+		next_token_talloc(tctx, &p, &tok, "\\"),
+		"cannot explode uri");
+
+	return tok;
+}
+
+#define CREATE_PRINTER_DRIVER_PATH(_d, _file) \
+	talloc_asprintf((_d), "%s\\%s\\%s", (_d)->remote.driver_directory, (_d)->remote.driver_upload_directory, (_file))
+
+
+static bool create_printer_driver_directory(struct torture_context *tctx,
+					    struct smbcli_state *cli,
+					    struct torture_driver_context *d)
+{
+	char *driver_dir;
+
+	if (d->remote.driver_upload_directory == NULL) {
+		return true;
+	}
+
+	driver_dir = talloc_asprintf(tctx,
+				     "%s\\%s",
+				     driver_directory_dir(d->remote.driver_directory),
+				     d->remote.driver_upload_directory);
+	torture_assert_not_null(tctx, driver_dir, "ENOMEM");
+
+	torture_comment(tctx,
+			"Create remote driver directory: %s\n",
+			driver_dir);
+
+	torture_assert_ntstatus_ok(tctx,
+				   smbcli_mkdir(cli->tree,
+				                driver_dir),
+				   "Failed to create driver directory");
+
+	return true;
+}
+
+static bool upload_printer_driver_file(struct torture_context *tctx,
+				       struct smbcli_state *cli,
+				       struct torture_driver_context *d,
+				       const char *file_name)
+{
+	FILE *f;
+	int fnum;
+	uint8_t *buf;
+	int maxwrite = 64512;
+	off_t nread = 0;
+	size_t start = 0;
+	const char *remote_dir = driver_directory_dir(d->remote.driver_directory);
+	const char *remote_name;
+	const char *local_name;
+	const char *p;
+
+	if (!file_name || strlen(file_name) == 0) {
+		return true;
+	}
+
+	p = strrchr(file_name, '\\');
+	if (p == NULL) {
+		p = file_name;
+	} else {
+		p++;
+	}
+
+	local_name = talloc_asprintf(tctx, "%s/%s", d->local.driver_directory, p);
+	torture_assert_not_null(tctx, local_name, "ENOMEM");
+	if (d->remote.driver_upload_directory != NULL) {
+		remote_name = talloc_asprintf(tctx,
+					      "%s\\%s\\%s",
+					      remote_dir,
+					      d->remote.driver_upload_directory,
+					      p);
+	} else {
+		remote_name = talloc_asprintf(tctx, "%s\\%s", remote_dir, p);
+	}
+	torture_assert_not_null(tctx, remote_name, "ENOMEM");
+
+	torture_comment(tctx, "Uploading %s to %s\n", local_name, remote_name);
+
+	fnum = smbcli_open(cli->tree, remote_name, O_RDWR|O_CREAT|O_TRUNC, DENY_NONE);
+	if (fnum == -1) {
+		torture_fail(tctx, talloc_asprintf(tctx, "failed to open remote file: %s\n", remote_name));
+	}
+
+	f = fopen(local_name, "r");
+	if (f == NULL) {
+		torture_fail(tctx, talloc_asprintf(tctx, "failed to open local file: %s\n", local_name));
+	}
+
+	buf = talloc_array(tctx, uint8_t, maxwrite);
+	if (!buf) {
+		fclose(f);
+		return false;
+	}
+
+	while (!feof(f)) {
+		int n = maxwrite;
+		int ret;
+
+		if ((n = fread(buf, 1, n, f)) < 1) {
+			if((n == 0) && feof(f))
+				break; /* Empty local file. */
+
+			torture_warning(tctx,
+				"failed to read file: %s\n", strerror(errno));
+			break;
+		}
+
+		ret = smbcli_write(cli->tree, fnum, 0, buf, nread + start, n);
+
+		if (n != ret) {
+			torture_warning(tctx,
+				"failed to write file: %s\n", smbcli_errstr(cli->tree));
+			break;
+		}
+
+		nread += n;
+	}
+
+	fclose(f);
+
+	torture_assert_ntstatus_ok(tctx,
+		smbcli_close(cli->tree, fnum),
+		"failed to close file");
+
+	return true;
+}
+
+static bool connect_printer_driver_share(struct torture_context *tctx,
+					 const char *server_name,
+					 const char *share_name,
+					 struct smbcli_state **cli)
+{
+	struct smbcli_options smb_options;
+	struct smbcli_session_options smb_session_options;
+
+	torture_comment(tctx, "Connecting printer driver share '%s' on '%s'\n",
+		share_name, server_name);
+
+	lpcfg_smbcli_options(tctx->lp_ctx, &smb_options);
+	lpcfg_smbcli_session_options(tctx->lp_ctx, &smb_session_options);
+
+	torture_assert_ntstatus_ok(tctx,
+		smbcli_full_connection(tctx, cli, server_name,
+					lpcfg_smb_ports(tctx->lp_ctx),
+					share_name, NULL,
+					lpcfg_socket_options(tctx->lp_ctx),
+					samba_cmdline_get_creds(),
+					lpcfg_resolve_context(tctx->lp_ctx),
+					tctx->ev,
+					&smb_options,
+					&smb_session_options,
+					lpcfg_gensec_settings(tctx, tctx->lp_ctx)),
+		"failed to open driver share");
+
+	return true;
+}
+
+static bool upload_printer_driver(struct torture_context *tctx,
+				  const char *server_name,
+				  struct torture_driver_context *d)
+{
+	struct smbcli_state *cli;
+	const char *share_name = driver_directory_share(tctx, d->remote.driver_directory);
+	int i;
+
+	torture_assert(tctx,
+		connect_printer_driver_share(tctx, server_name, share_name, &cli),
+		"failed to connect to driver share");
+
+	torture_comment(tctx, "Uploading printer driver files to \\\\%s\\%s\n",
+		server_name, share_name);
+
+	torture_assert(tctx,
+		       create_printer_driver_directory(tctx, cli, d),
+		       "failed to create driver directory");
+
+	torture_assert(tctx,
+		upload_printer_driver_file(tctx, cli, d, d->info8.driver_path),
+		"failed to upload driver_path");
+	torture_assert(tctx,
+		upload_printer_driver_file(tctx, cli, d, d->info8.data_file),
+		"failed to upload data_file");
+	torture_assert(tctx,
+		upload_printer_driver_file(tctx, cli, d, d->info8.config_file),
+		"failed to upload config_file");
+	torture_assert(tctx,
+		upload_printer_driver_file(tctx, cli, d, d->info8.help_file),
+		"failed to upload help_file");
+	if (d->info8.dependent_files) {
+		for (i=0; d->info8.dependent_files->string && d->info8.dependent_files->string[i] != NULL; i++) {
+			torture_assert(tctx,
+				upload_printer_driver_file(tctx, cli, d, d->info8.dependent_files->string[i]),
+				"failed to upload dependent_files");
+		}
+	}
+
+	talloc_free(cli);
+
+	return true;
+}
+
+static bool check_printer_driver_file(struct torture_context *tctx,
+				      struct smbcli_state *cli,
+				      struct torture_driver_context *d,
+				      const char *file_name)
+{
+	const char *remote_arch_dir = driver_directory_dir(d->remote.driver_directory);
+	const char *remote_name = talloc_asprintf(tctx, "%s\\%d\\%s",
+						  remote_arch_dir,
+						  d->info8.version,
+						  file_name);
+	int fnum;
+
+	torture_assert(tctx, (file_name && strlen(file_name) != 0), "invalid filename");
+
+	torture_comment(tctx, "checking for driver file at %s\n", remote_name);
+
+	fnum = smbcli_open(cli->tree, remote_name, O_RDONLY, DENY_NONE);
+	if (fnum == -1) {
+		return false;
+	}
+
+	torture_assert_ntstatus_ok(tctx,
+		smbcli_close(cli->tree, fnum),
+		"failed to close driver file");
+
+	return true;
+}
+
+static bool check_printer_driver_files(struct torture_context *tctx,
+				       const char *server_name,
+				       struct torture_driver_context *d,
+				       bool expect_exist)
+{
+	struct smbcli_state *cli;
+	const char *share_name = driver_directory_share(tctx, d->remote.driver_directory);
+	int i;
+
+	torture_assert(tctx,
+		connect_printer_driver_share(tctx, server_name, share_name, &cli),
+		"failed to connect to driver share");
+
+	torture_comment(tctx, "checking %sexistent driver files at \\\\%s\\%s\n",
+			(expect_exist ? "": "non-"),
+			server_name, share_name);
+
+	if (d->info8.driver_path && d->info8.driver_path[0]) {
+		torture_assert(tctx,
+			check_printer_driver_file(tctx, cli, d, d->info8.driver_path) == expect_exist,
+			"failed driver_path check");
+	}
+	if (d->info8.data_file && d->info8.data_file[0]) {
+		torture_assert(tctx,
+			check_printer_driver_file(tctx, cli, d, d->info8.data_file) == expect_exist,
+			"failed data_file check");
+	}
+	if (d->info8.config_file && d->info8.config_file[0]) {
+		torture_assert(tctx,
+			check_printer_driver_file(tctx, cli, d, d->info8.config_file) == expect_exist,
+			"failed config_file check");
+	}
+	if (d->info8.help_file && d->info8.help_file[0]) {
+		torture_assert(tctx,
+			check_printer_driver_file(tctx, cli, d, d->info8.help_file) == expect_exist,
+			"failed help_file check");
+	}
+	if (d->info8.dependent_files) {
+		for (i=0; d->info8.dependent_files->string && d->info8.dependent_files->string[i] != NULL; i++) {
+			torture_assert(tctx,
+				check_printer_driver_file(tctx, cli, d, d->info8.dependent_files->string[i]) == expect_exist,
+				"failed dependent_files check");
+		}
+	}
+
+	talloc_free(cli);
+
+	return true;
+}
+
+static bool remove_printer_driver_file(struct torture_context *tctx,
+				       struct smbcli_state *cli,
+				       struct torture_driver_context *d,
+				       const char *file_name)
+{
+	const char *remote_name;
+	const char *remote_dir =  driver_directory_dir(d->remote.driver_directory);
+
+	if (!file_name || strlen(file_name) == 0) {
+		return true;
+	}
+
+	remote_name = talloc_asprintf(tctx, "%s\\%s", remote_dir, file_name);
+
+	torture_comment(tctx, "Removing %s\n", remote_name);
+
+	torture_assert_ntstatus_ok(tctx,
+		smbcli_unlink(cli->tree, remote_name),
+		"failed to unlink");
+
+	return true;
+}
+
+static bool remove_printer_driver(struct torture_context *tctx,
+				  const char *server_name,
+				  struct torture_driver_context *d)
+{
+	struct smbcli_state *cli;
+	const char *share_name = driver_directory_share(tctx, d->remote.driver_directory);
+	int i;
+
+	torture_assert(tctx,
+		connect_printer_driver_share(tctx, server_name, share_name, &cli),
+		"failed to connect to driver share");
+
+	torture_comment(tctx, "Removing printer driver files from \\\\%s\\%s\n",
+		server_name, share_name);
+
+	torture_assert(tctx,
+		remove_printer_driver_file(tctx, cli, d, d->info8.driver_path),
+		"failed to remove driver_path");
+	torture_assert(tctx,
+		remove_printer_driver_file(tctx, cli, d, d->info8.data_file),
+		"failed to remove data_file");
+	if (!strequal(d->info8.config_file, d->info8.driver_path)) {
+		torture_assert(tctx,
+			remove_printer_driver_file(tctx, cli, d, d->info8.config_file),
+			"failed to remove config_file");
+	}
+	torture_assert(tctx,
+		remove_printer_driver_file(tctx, cli, d, d->info8.help_file),
+		"failed to remove help_file");
+	if (d->info8.dependent_files) {
+		for (i=0; d->info8.dependent_files->string && d->info8.dependent_files->string[i] != NULL; i++) {
+			if (strequal(d->info8.dependent_files->string[i], d->info8.driver_path) ||
+			    strequal(d->info8.dependent_files->string[i], d->info8.data_file) ||
+			    strequal(d->info8.dependent_files->string[i], d->info8.config_file) ||
+			    strequal(d->info8.dependent_files->string[i], d->info8.help_file)) {
+				continue;
+			}
+			torture_assert(tctx,
+				remove_printer_driver_file(tctx, cli, d, d->info8.dependent_files->string[i]),
+				"failed to remove dependent_files");
+		}
+	}
+
+	talloc_free(cli);
+
+	return true;
+
+}
+
+static bool test_add_driver_arg(struct torture_context *tctx,
+				struct dcerpc_pipe *p,
+				struct torture_driver_context *d)
+{
+	bool ret = true;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	const char *server_name_slash = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	uint32_t levels[] = { 1, 2, 3, 4, 6, 8 };
+	int i;
+	struct spoolss_AddDriverInfo8 info8;
+	uint32_t add_flags = APD_COPY_NEW_FILES;
+	uint32_t delete_flags = 0;
+
+	ZERO_STRUCT(info8);
+
+	torture_comment(tctx, "Testing PrinterDriver%s '%s' for environment '%s'\n",
+		d->ex ? "Ex" : "", d->info8.driver_name, d->local.environment);
+
+	torture_assert(tctx,
+		fillup_printserver_info(tctx, p, d),
+		"failed to fillup printserver info");
+
+	if (!directory_exist(d->local.driver_directory)) {
+		torture_skip(tctx, "Skipping Printer Driver test as no local driver is available");
+	}
+
+	torture_assert(tctx,
+		upload_printer_driver(tctx, dcerpc_server_name(p), d),
+		"failed to upload printer driver");
+
+	info8 = d->info8;
+	if (d->info8.dependent_files) {
+		info8.dependent_files = talloc_zero(tctx, struct spoolss_StringArray);
+		if (d->info8.dependent_files->string) {
+			for (i=0; d->info8.dependent_files->string[i] != NULL; i++) {
+			}
+			info8.dependent_files->string = talloc_zero_array(info8.dependent_files, const char *, i+1);
+			for (i=0; d->info8.dependent_files->string[i] != NULL; i++) {
+				info8.dependent_files->string[i] = talloc_strdup(info8.dependent_files->string, d->info8.dependent_files->string[i]);
+			}
+		}
+	}
+
+	for (i=0; i < ARRAY_SIZE(levels); i++) {
+
+		if (torture_setting_bool(tctx, "samba3", false)) {
+			switch (levels[i]) {
+			case 2:
+			case 4:
+				torture_comment(tctx, "skipping level %d against samba\n", levels[i]);
+				continue;
+			default:
+				break;
+			}
+		}
+		if (torture_setting_bool(tctx, "w2k3", false)) {
+			switch (levels[i]) {
+			case 8:
+				torture_comment(tctx, "skipping level %d against w2k3\n", levels[i]);
+				continue;
+			default:
+				break;
+			}
+		}
+
+		torture_comment(tctx,
+			"Testing PrinterDriver%s '%s' add & delete level %d\n",
+				d->ex ? "Ex" : "", info8.driver_name, levels[i]);
+
+		ret &= test_PrinterDriver_args(tctx, b, server_name_slash, levels[i], &info8, add_flags, delete_flags, d->info8.version, d->ex, d->remote.driver_directory);
+	}
+
+	info8.driver_path	= talloc_asprintf(tctx, "%s\\%s", d->remote.driver_directory, d->info8.driver_path);
+	info8.data_file		= talloc_asprintf(tctx, "%s\\%s", d->remote.driver_directory, d->info8.data_file);
+	if (d->info8.config_file) {
+		info8.config_file	= talloc_asprintf(tctx, "%s\\%s", d->remote.driver_directory, d->info8.config_file);
+	}
+	if (d->info8.help_file) {
+		info8.help_file	= talloc_asprintf(tctx, "%s\\%s", d->remote.driver_directory, d->info8.help_file);
+	}
+	if (d->info8.dependent_files && d->info8.dependent_files->string) {
+		for (i=0; d->info8.dependent_files->string[i] != NULL; i++) {
+			info8.dependent_files->string[i] = talloc_asprintf(tctx, "%s\\%s", d->remote.driver_directory, d->info8.dependent_files->string[i]);
+		}
+	}
+
+	for (i=0; i < ARRAY_SIZE(levels); i++) {
+
+		if (torture_setting_bool(tctx, "samba3", false)) {
+			switch (levels[i]) {
+			case 2:
+			case 4:
+				continue;
+			default:
+				break;
+			}
+		}
+		if (torture_setting_bool(tctx, "w2k3", false)) {
+			switch (levels[i]) {
+			case 8:
+				torture_comment(tctx, "skipping level %d against w2k3\n", levels[i]);
+				continue;
+			default:
+				break;
+			}
+		}
+
+		torture_comment(tctx,
+			"Testing PrinterDriver%s '%s' add & delete level %d (full unc paths)\n",
+				d->ex ? "Ex" : "", info8.driver_name, levels[i]);
+
+		ret &= test_PrinterDriver_args(tctx, b, server_name_slash, levels[i], &info8, add_flags, delete_flags, d->info8.version, d->ex, d->remote.driver_directory);
+	}
+
+	torture_assert(tctx,
+		remove_printer_driver(tctx, dcerpc_server_name(p), d),
+		"failed to remove printer driver");
+
+	torture_comment(tctx, "\n");
+
+	return ret;
+}
+
+static bool test_add_driver_ex_64(struct torture_context *tctx,
+				  struct dcerpc_pipe *p)
+{
+	struct torture_driver_context *d;
+
+	d = talloc_zero(tctx, struct torture_driver_context);
+
+	d->local.environment		= talloc_strdup(d, SPOOLSS_ARCHITECTURE_x64);
+	d->local.driver_directory	= talloc_strdup(d, "/usr/share/cups/drivers/x64");
+
+	d->info8.version		= SPOOLSS_DRIVER_VERSION_200X;
+	d->info8.driver_name		= TORTURE_DRIVER_EX;
+	d->info8.architecture		= d->local.environment;
+	d->info8.driver_path		= talloc_strdup(d, "pscript5.dll");
+	d->info8.data_file		= talloc_strdup(d, "cups6.ppd");
+	d->info8.config_file		= talloc_strdup(d, "cupsui6.dll");
+	d->ex				= true;
+
+	return test_add_driver_arg(tctx, p, d);
+}
+
+static bool test_add_driver_ex_32(struct torture_context *tctx,
+				  struct dcerpc_pipe *p)
+{
+	struct torture_driver_context *d;
+
+	d = talloc_zero(tctx, struct torture_driver_context);
+
+	d->local.environment		= talloc_strdup(d, SPOOLSS_ARCHITECTURE_NT_X86);
+	d->local.driver_directory	= talloc_strdup(d, "/usr/share/cups/drivers/i386");
+
+	d->info8.version		= SPOOLSS_DRIVER_VERSION_200X;
+	d->info8.driver_name		= TORTURE_DRIVER_EX;
+	d->info8.architecture		= d->local.environment;
+	d->info8.driver_path		= talloc_strdup(d, "pscript5.dll");
+	d->info8.data_file		= talloc_strdup(d, "cups6.ppd");
+	d->info8.config_file		= talloc_strdup(d, "cupsui6.dll");
+	d->ex				= true;
+
+	return test_add_driver_arg(tctx, p, d);
+}
+
+static bool test_add_driver_64(struct torture_context *tctx,
+			       struct dcerpc_pipe *p)
+{
+	struct torture_driver_context *d;
+
+	d = talloc_zero(tctx, struct torture_driver_context);
+
+	d->local.environment		= talloc_strdup(d, SPOOLSS_ARCHITECTURE_x64);
+	d->local.driver_directory	= talloc_strdup(d, "/usr/share/cups/drivers/x64");
+
+	d->info8.version		= SPOOLSS_DRIVER_VERSION_200X;
+	d->info8.driver_name		= TORTURE_DRIVER_ADD;
+	d->info8.architecture		= d->local.environment;
+	d->info8.driver_path		= talloc_strdup(d, "pscript5.dll");
+	d->info8.data_file		= talloc_strdup(d, "cups6.ppd");
+	d->info8.config_file		= talloc_strdup(d, "cupsui6.dll");
+	d->ex				= false;
+
+	return test_add_driver_arg(tctx, p, d);
+}
+
+static bool test_add_driver_32(struct torture_context *tctx,
+			       struct dcerpc_pipe *p)
+{
+	struct torture_driver_context *d;
+
+	d = talloc_zero(tctx, struct torture_driver_context);
+
+	d->local.environment		= talloc_strdup(d, SPOOLSS_ARCHITECTURE_NT_X86);
+	d->local.driver_directory	= talloc_strdup(d, "/usr/share/cups/drivers/i386");
+
+	d->info8.version		= SPOOLSS_DRIVER_VERSION_200X;
+	d->info8.driver_name		= TORTURE_DRIVER_ADD;
+	d->info8.architecture		= d->local.environment;
+	d->info8.driver_path		= talloc_strdup(d, "pscript5.dll");
+	d->info8.data_file		= talloc_strdup(d, "cups6.ppd");
+	d->info8.config_file		= talloc_strdup(d, "cupsui6.dll");
+	d->ex				= false;
+
+	return test_add_driver_arg(tctx, p, d);
+}
+
+static bool test_add_driver_adobe(struct torture_context *tctx,
+				  struct dcerpc_pipe *p)
+{
+	struct torture_driver_context *d;
+
+	if (!torture_setting_bool(tctx, "samba3", false)) {
+		torture_skip(tctx, "skipping adobe test which only works against samba3");
+	}
+
+	d = talloc_zero(tctx, struct torture_driver_context);
+
+	d->local.environment		= talloc_strdup(d, "Windows 4.0");
+	d->local.driver_directory	= talloc_strdup(d, "/usr/share/cups/drivers/adobe/");
+
+	d->info8.version		= SPOOLSS_DRIVER_VERSION_9X;
+	d->info8.driver_name		= TORTURE_DRIVER_ADOBE;
+	d->info8.architecture		= d->local.environment;
+	d->info8.driver_path		= talloc_strdup(d, "ADOBEPS4.DRV");
+	d->info8.data_file		= talloc_strdup(d, "DEFPRTR2.PPD");
+	d->info8.config_file		= talloc_strdup(d, "ADOBEPS4.DRV");
+#if 0
+	d->info8.help_file		= talloc_strdup(d, "ADOBEPS4.HLP");
+	d->info8.monitor_name		= talloc_strdup(d, "PSMON.DLL");
+#endif
+	d->ex				= false;
+
+	return test_add_driver_arg(tctx, p, d);
+}
+
+static bool test_add_driver_adobe_cupsaddsmb(struct torture_context *tctx,
+					     struct dcerpc_pipe *p)
+{
+	struct torture_driver_context *d;
+	struct spoolss_StringArray *a;
+
+	if (!torture_setting_bool(tctx, "samba3", false)) {
+		torture_skip(tctx, "skipping cupsaddsmb test which only works against samba3");
+	}
+
+	d = talloc_zero(tctx, struct torture_driver_context);
+
+	d->local.environment		= talloc_strdup(d, "Windows 4.0");
+	d->local.driver_directory	= talloc_strdup(d, "/usr/share/cups/drivers/adobe/");
+
+	d->info8.version		= SPOOLSS_DRIVER_VERSION_9X;
+	d->info8.driver_name		= TORTURE_DRIVER_ADOBE_CUPSADDSMB;
+	d->info8.architecture		= d->local.environment;
+	d->info8.driver_path		= talloc_strdup(d, "ADOBEPS4.DRV");
+	d->info8.data_file		= talloc_strdup(d, "DEFPRTR2.PPD");
+	d->info8.config_file		= NULL;
+	d->info8.help_file		= talloc_strdup(d, "ADOBEPS4.HLP");
+	d->info8.monitor_name		= talloc_strdup(d, "PSMON.DLL");
+	d->info8.default_datatype	= talloc_strdup(d, "RAW");
+
+	a				= talloc_zero(d, struct spoolss_StringArray);
+	a->string			= talloc_zero_array(a, const char *, 7);
+	a->string[0]			= talloc_strdup(a->string, "ADOBEPS4.DRV");
+	a->string[1]			= talloc_strdup(a->string, "DEFPRTR2.PPD");
+	a->string[2]			= talloc_strdup(a->string, "ADOBEPS4.HLP");
+	a->string[3]			= talloc_strdup(a->string, "PSMON.DLL");
+	a->string[4]			= talloc_strdup(a->string, "ADFONTS.MFM");
+	a->string[5]			= talloc_strdup(a->string, "ICONLIB.DLL");
+
+	d->info8.dependent_files	= a;
+	d->ex				= false;
+
+	return test_add_driver_arg(tctx, p, d);
+}
+
+static bool test_add_driver_timestamps(struct torture_context *tctx,
+				       struct dcerpc_pipe *p)
+{
+	struct torture_driver_context *d;
+	struct timeval t = timeval_current();
+
+	d = talloc_zero(tctx, struct torture_driver_context);
+
+	d->local.environment		= talloc_strdup(d, SPOOLSS_ARCHITECTURE_NT_X86);
+	d->local.driver_directory	= talloc_strdup(d, "/usr/share/cups/drivers/i386");
+
+	d->info8.version		= SPOOLSS_DRIVER_VERSION_200X;
+	d->info8.driver_name		= TORTURE_DRIVER_TIMESTAMPS;
+	d->info8.architecture		= d->local.environment;
+	d->info8.driver_path		= talloc_strdup(d, "pscript5.dll");
+	d->info8.data_file		= talloc_strdup(d, "cups6.ppd");
+	d->info8.config_file		= talloc_strdup(d, "cupsui6.dll");
+	d->info8.driver_date		= timeval_to_nttime(&t);
+	d->ex				= true;
+
+	torture_assert(tctx,
+		test_add_driver_arg(tctx, p, d),
+		"");
+
+	unix_to_nt_time(&d->info8.driver_date, 1);
+
+	torture_assert(tctx,
+		test_add_driver_arg(tctx, p, d),
+		"");
+
+	return true;
+}
+
+static bool test_multiple_drivers(struct torture_context *tctx,
+				  struct dcerpc_pipe *p)
+{
+	struct torture_driver_context *d;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	const char *server_name_slash = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	int i;
+	struct spoolss_AddDriverInfo8 info8;
+	uint32_t add_flags = APD_COPY_NEW_FILES;
+	uint32_t delete_flags = 0;
+
+	d = talloc_zero(tctx, struct torture_driver_context);
+
+	d->local.environment		= talloc_strdup(d, SPOOLSS_ARCHITECTURE_NT_X86);
+	d->local.driver_directory	= talloc_strdup(d, "/usr/share/cups/drivers/i386");
+
+	d->info8.version		= SPOOLSS_DRIVER_VERSION_200X;
+	d->info8.driver_path		= talloc_strdup(d, "pscript5.dll");
+	d->info8.data_file		= talloc_strdup(d, "cups6.ppd");
+	d->info8.config_file		= talloc_strdup(d, "cupsui6.dll");
+	d->info8.architecture           = d->local.environment;
+	d->ex				= true;
+
+	torture_assert(tctx,
+		fillup_printserver_info(tctx, p, d),
+		"failed to fillup printserver info");
+
+	if (!directory_exist(d->local.driver_directory)) {
+		torture_skip(tctx, "Skipping Printer Driver test as no local driver is available");
+	}
+
+	torture_assert(tctx,
+		upload_printer_driver(tctx, dcerpc_server_name(p), d),
+		"failed to upload printer driver");
+
+	info8 = d->info8;
+
+	for (i=0; i < 3; i++) {
+		info8.driver_name		= talloc_asprintf(d, "torture_test_driver_%d", i);
+
+		torture_assert(tctx,
+			test_AddPrinterDriver_args_level_3(tctx, b, server_name_slash, &info8, add_flags, true, NULL),
+			"failed to add driver");
+	}
+
+	torture_assert(tctx,
+		test_DeletePrinterDriverEx(tctx, b, server_name_slash, "torture_test_driver_0", info8.architecture, delete_flags, info8.version),
+		"failed to delete driver");
+
+	torture_assert(tctx,
+		test_EnumPrinterDrivers_findone(tctx, b, server_name_slash, info8.architecture, 3, "torture_test_driver_1", NULL),
+		"torture_test_driver_1 no longer on the server");
+
+	torture_assert(tctx,
+		test_EnumPrinterDrivers_findone(tctx, b, server_name_slash, info8.architecture, 3, "torture_test_driver_2", NULL),
+		"torture_test_driver_2 no longer on the server");
+
+	torture_assert(tctx,
+		test_DeletePrinterDriverEx(tctx, b, server_name_slash, "torture_test_driver_1", info8.architecture, delete_flags, info8.version),
+		"failed to delete driver");
+
+	torture_assert(tctx,
+		test_EnumPrinterDrivers_findone(tctx, b, server_name_slash, info8.architecture, 3, "torture_test_driver_2", NULL),
+		"torture_test_driver_2 no longer on the server");
+
+	torture_assert(tctx,
+		test_DeletePrinterDriverEx(tctx, b, server_name_slash, "torture_test_driver_2", info8.architecture, delete_flags, info8.version),
+		"failed to delete driver");
+
+	torture_assert(tctx,
+		remove_printer_driver(tctx, dcerpc_server_name(p), d),
+		"failed to remove printer driver");
+
+	return true;
+}
+
+static bool test_driver_copy_from_directory(struct torture_context *tctx,
+					    struct dcerpc_pipe *p,
+					    const char *architecture)
+{
+	struct torture_driver_context *d;
+	struct spoolss_StringArray *a;
+	uint32_t add_flags = APD_COPY_NEW_FILES|APD_COPY_FROM_DIRECTORY|APD_RETURN_BLOCKING_STATUS_CODE;
+	uint32_t delete_flags = DPD_DELETE_ALL_FILES;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	const char *server_name_slash = talloc_asprintf(tctx,
+							"\\\\%s",
+							dcerpc_server_name(p));
+	struct GUID guid = GUID_random();
+	bool ok = false;
+
+	d = talloc_zero(tctx, struct torture_driver_context);
+	torture_assert_not_null(tctx, d, "ENOMEM");
+
+	d->local.environment		= talloc_strdup(d, architecture);
+	torture_assert_not_null_goto(tctx, d->local.environment, ok, done, "ENOMEM");
+
+	if (strequal(architecture, SPOOLSS_ARCHITECTURE_x64)) {
+		d->local.driver_directory =
+			talloc_strdup(d, "/usr/share/cups/drivers/x64");
+	} else {
+		d->local.driver_directory =
+			talloc_strdup(d, "/usr/share/cups/drivers/i386");
+	}
+	torture_assert_not_null_goto(tctx, d->local.driver_directory, ok, done, "ENOMEM");
+
+	d->remote.driver_upload_directory = GUID_string2(d, &guid);
+	torture_assert_not_null_goto(tctx, d->remote.driver_upload_directory, ok, done, "ENOMEM");
+
+	torture_assert(tctx,
+		       fillup_printserver_info(tctx, p, d),
+		       "failed to fillup printserver info");
+
+	d->ex				= true;
+	d->info8.version		= SPOOLSS_DRIVER_VERSION_200X;
+	d->info8.driver_name		= TORTURE_DRIVER_COPY_DIR;
+	d->info8.architecture		= d->local.environment;
+
+	d->info8.driver_path		= CREATE_PRINTER_DRIVER_PATH(d, "pscript5.dll");
+	torture_assert_not_null_goto(tctx, d->info8.driver_path, ok, done, "ENOMEM");
+	d->info8.data_file		= CREATE_PRINTER_DRIVER_PATH(d, "cups6.ppd");
+	torture_assert_not_null_goto(tctx, d->info8.data_file, ok, done, "ENOMEM");
+	d->info8.config_file		= CREATE_PRINTER_DRIVER_PATH(d, "cupsui6.dll");
+	torture_assert_not_null_goto(tctx, d->info8.config_file, ok, done, "ENOMEM");
+	d->info8.help_file		= CREATE_PRINTER_DRIVER_PATH(d, "pscript.hlp");
+	torture_assert_not_null_goto(tctx, d->info8.help_file, ok, done, "ENOMEM");
+
+	a				= talloc_zero(d, struct spoolss_StringArray);
+	torture_assert_not_null_goto(tctx, a, ok, done, "ENOMEM");
+	a->string			= talloc_zero_array(a, const char *, 3);
+	torture_assert_not_null_goto(tctx, a->string, ok, done, "ENOMEM");
+	a->string[0]			= CREATE_PRINTER_DRIVER_PATH(d, "cups6.inf");
+	torture_assert_not_null_goto(tctx, a->string[0], ok, done, "ENOMEM");
+	a->string[1]			= CREATE_PRINTER_DRIVER_PATH(d, "cups6.ini");
+	torture_assert_not_null_goto(tctx, a->string[1], ok, done, "ENOMEM");
+
+	d->info8.dependent_files	= a;
+
+	if (!directory_exist(d->local.driver_directory)) {
+		torture_skip(tctx,
+			     "Skipping Printer Driver test as no local drivers "
+			     "are available");
+	}
+
+	torture_assert(tctx,
+		       upload_printer_driver(tctx, dcerpc_server_name(p), d),
+		       "failed to upload printer driver");
+
+	torture_assert(tctx,
+		       test_AddPrinterDriver_args_level_3(tctx,
+							  b,
+							  server_name_slash,
+							  &d->info8,
+							  add_flags,
+							  true,
+							  NULL),
+		       "failed to add driver");
+
+	torture_assert(tctx,
+		       test_DeletePrinterDriverEx(tctx,
+			                          b,
+						  server_name_slash,
+						  d->info8.driver_name,
+						  d->local.environment,
+						  delete_flags,
+						  d->info8.version),
+		       "failed to delete driver");
+
+	torture_assert(tctx,
+		       check_printer_driver_files(tctx,
+						  dcerpc_server_name(p),
+						  d,
+						  false),
+		       "printer driver file check failed");
+
+	ok = true;
+done:
+	talloc_free(d);
+	return ok;
+}
+
+static bool test_driver_copy_from_directory_64(struct torture_context *tctx,
+					       struct dcerpc_pipe *p)
+{
+	return test_driver_copy_from_directory(tctx, p, SPOOLSS_ARCHITECTURE_x64);
+}
+
+static bool test_driver_copy_from_directory_32(struct torture_context *tctx,
+					       struct dcerpc_pipe *p)
+{
+	return test_driver_copy_from_directory(tctx, p, SPOOLSS_ARCHITECTURE_NT_X86);
+}
+
+static bool test_del_driver_all_files(struct torture_context *tctx,
+				      struct dcerpc_pipe *p)
+{
+	struct torture_driver_context *d;
+	struct spoolss_StringArray *a;
+	uint32_t add_flags = APD_COPY_NEW_FILES;
+	uint32_t delete_flags = DPD_DELETE_ALL_FILES;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	const char *server_name_slash = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+
+	d = talloc_zero(tctx, struct torture_driver_context);
+
+	d->local.environment		= talloc_strdup(d, SPOOLSS_ARCHITECTURE_x64);
+	d->local.driver_directory	= talloc_strdup(d, "/usr/share/cups/drivers/x64");
+
+	d->ex				= true;
+	d->info8.version		= SPOOLSS_DRIVER_VERSION_200X;
+	d->info8.driver_name		= TORTURE_DRIVER_DELETER;
+	d->info8.architecture		= d->local.environment;
+	d->info8.driver_path		= talloc_strdup(d, "pscript5.dll");
+	d->info8.data_file		= talloc_strdup(d, "cups6.ppd");
+	d->info8.config_file		= talloc_strdup(d, "cupsui6.dll");
+	d->info8.help_file		= talloc_strdup(d, "pscript.hlp");
+
+	a				= talloc_zero(d, struct spoolss_StringArray);
+	a->string			= talloc_zero_array(a, const char *, 3);
+	a->string[0]			= talloc_strdup(a->string, "cups6.inf");
+	a->string[1]			= talloc_strdup(a->string, "cups6.ini");
+
+	d->info8.dependent_files	= a;
+
+	torture_assert(tctx,
+		fillup_printserver_info(tctx, p, d),
+		"failed to fillup printserver info");
+
+	if (!directory_exist(d->local.driver_directory)) {
+		torture_skip(tctx, "Skipping Printer Driver test as no local driver is available");
+	}
+
+	torture_assert(tctx,
+		upload_printer_driver(tctx, dcerpc_server_name(p), d),
+		"failed to upload printer driver");
+
+	torture_assert(tctx,
+		test_AddPrinterDriver_args_level_3(tctx, b, server_name_slash, &d->info8, add_flags, true, NULL),
+		"failed to add driver");
+
+	torture_assert(tctx,
+		test_DeletePrinterDriverEx(tctx, b, server_name_slash,
+					   d->info8.driver_name,
+					   d->info8.architecture,
+					   delete_flags,
+					   d->info8.version),
+		"failed to delete driver");
+
+	torture_assert(tctx,
+		check_printer_driver_files(tctx, dcerpc_server_name(p), d, false),
+		"printer driver file check failed");
+
+	talloc_free(d);
+	return true;
+}
+
+static bool test_del_driver_unused_files(struct torture_context *tctx,
+					 struct dcerpc_pipe *p)
+{
+	struct torture_driver_context *d1;
+	struct torture_driver_context *d2;
+	uint32_t add_flags = APD_COPY_NEW_FILES;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	const char *server_name_slash = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+
+	d1 = talloc_zero(tctx, struct torture_driver_context);
+	d1->ex				= true;
+
+	d1->local.environment		= talloc_strdup(d1, SPOOLSS_ARCHITECTURE_x64);
+	d1->local.driver_directory	= talloc_strdup(d1, "/usr/share/cups/drivers/x64");
+
+	d1->info8.version		= SPOOLSS_DRIVER_VERSION_200X;
+	d1->info8.driver_name		= TORTURE_DRIVER_DELETER;
+	d1->info8.architecture		= NULL;
+	d1->info8.driver_path		= talloc_strdup(d1, "pscript5.dll");
+	d1->info8.data_file		= talloc_strdup(d1, "cups6.ppd");
+	d1->info8.config_file		= talloc_strdup(d1, "cupsui6.dll");
+	d1->info8.help_file		= talloc_strdup(d1, "pscript.hlp");
+	d1->info8.architecture		= d1->local.environment;
+
+	d2 = talloc_zero(tctx, struct torture_driver_context);
+	d2->ex				= true;
+
+	d2->local.environment		= talloc_strdup(d2, SPOOLSS_ARCHITECTURE_x64);
+	d2->local.driver_directory	= talloc_strdup(d2, "/usr/share/cups/drivers/x64");
+
+	d2->info8.version		= SPOOLSS_DRIVER_VERSION_200X;
+	d2->info8.driver_name		= TORTURE_DRIVER_DELETERIN;
+	d2->info8.architecture		= NULL;
+	d2->info8.driver_path		= talloc_strdup(d2, "pscript5.dll");	/* overlapping */
+	d2->info8.data_file		= talloc_strdup(d2, "cupsps6.dll");
+	d2->info8.config_file		= talloc_strdup(d2, "cups6.ini");
+	d2->info8.help_file		= talloc_strdup(d2, "pscript.hlp");	/* overlapping */
+	d2->info8.architecture		= d2->local.environment;
+
+	torture_assert(tctx,
+		fillup_printserver_info(tctx, p, d1),
+		"failed to fillup printserver info");
+	torture_assert(tctx,
+		fillup_printserver_info(tctx, p, d2),
+		"failed to fillup printserver info");
+
+	if (!directory_exist(d1->local.driver_directory)) {
+		torture_skip(tctx, "Skipping Printer Driver test as no local driver is available");
+	}
+
+	torture_assert(tctx,
+		upload_printer_driver(tctx, dcerpc_server_name(p), d1),
+		"failed to upload printer driver");
+	torture_assert(tctx,
+		test_AddPrinterDriver_args_level_3(tctx, b, server_name_slash, &d1->info8, add_flags, true, NULL),
+		"failed to add driver");
+
+	torture_assert(tctx,
+		upload_printer_driver(tctx, dcerpc_server_name(p), d2),
+		"failed to upload printer driver");
+	torture_assert(tctx,
+		test_AddPrinterDriver_args_level_3(tctx, b, server_name_slash, &d2->info8, add_flags, true, NULL),
+		"failed to add driver");
+
+	/* some files are in use by a separate driver, should fail */
+	torture_assert(tctx,
+		test_DeletePrinterDriverEx_exp(tctx, b, server_name_slash,
+					       d1->info8.driver_name,
+					       d1->info8.architecture,
+					       DPD_DELETE_ALL_FILES,
+					       d1->info8.version,
+					       WERR_PRINTER_DRIVER_IN_USE),
+		"invalid delete driver response");
+
+	/* should only delete files not in use by other driver */
+	torture_assert(tctx,
+		test_DeletePrinterDriverEx_exp(tctx, b, server_name_slash,
+					       d1->info8.driver_name,
+					       d1->info8.architecture,
+					       DPD_DELETE_UNUSED_FILES,
+					       d1->info8.version,
+					       WERR_OK),
+		"failed to delete driver (unused files)");
+
+	/* check non-overlapping were deleted */
+	d1->info8.driver_path = NULL;
+	d1->info8.help_file = NULL;
+	torture_assert(tctx,
+		check_printer_driver_files(tctx, dcerpc_server_name(p), d1, false),
+		"printer driver file check failed");
+	/* d2 files should be uneffected */
+	torture_assert(tctx,
+		check_printer_driver_files(tctx, dcerpc_server_name(p), d2, true),
+		"printer driver file check failed");
+
+	torture_assert(tctx,
+		test_DeletePrinterDriverEx_exp(tctx, b, server_name_slash,
+					       d2->info8.driver_name,
+					       d2->info8.architecture,
+					       DPD_DELETE_ALL_FILES,
+					       d2->info8.version,
+					       WERR_OK),
+		"failed to delete driver");
+
+	torture_assert(tctx,
+		check_printer_driver_files(tctx, dcerpc_server_name(p), d2, false),
+		"printer driver file check failed");
+
+	talloc_free(d1);
+	talloc_free(d2);
+	return true;
+}
+
+struct torture_suite *torture_rpc_spoolss_driver(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "spoolss.driver");
+
+	struct torture_rpc_tcase *tcase = torture_suite_add_rpc_iface_tcase(suite,
+							"driver", &ndr_table_spoolss);
+	torture_rpc_tcase_add_test(tcase, "add_driver_64", test_add_driver_64);
+	torture_rpc_tcase_add_test(tcase, "add_driver_ex_64", test_add_driver_ex_64);
+
+	torture_rpc_tcase_add_test(tcase, "add_driver_32", test_add_driver_32);
+	torture_rpc_tcase_add_test(tcase, "add_driver_ex_32", test_add_driver_ex_32);
+
+	torture_rpc_tcase_add_test(tcase, "add_driver_adobe", test_add_driver_adobe);
+
+	torture_rpc_tcase_add_test(tcase, "add_driver_adobe_cupsaddsmb", test_add_driver_adobe_cupsaddsmb);
+
+	torture_rpc_tcase_add_test(tcase, "add_driver_timestamps", test_add_driver_timestamps);
+
+	torture_rpc_tcase_add_test(tcase, "multiple_drivers", test_multiple_drivers);
+
+	torture_rpc_tcase_add_test(tcase,
+				   "test_driver_copy_from_directory_64",
+				   test_driver_copy_from_directory_64);
+
+	torture_rpc_tcase_add_test(tcase,
+				   "test_driver_copy_from_directory_32",
+				   test_driver_copy_from_directory_32);
+
+	torture_rpc_tcase_add_test(tcase, "del_driver_all_files", test_del_driver_all_files);
+
+	torture_rpc_tcase_add_test(tcase, "del_driver_unused_files", test_del_driver_unused_files);
+
+	return suite;
+}
diff --git a/source4/torture/rpc/spoolss_access.c b/source4/torture/rpc/spoolss_access.c
new file mode 100644
index 0000000..b0d5265
--- /dev/null
+++ b/source4/torture/rpc/spoolss_access.c
@@ -0,0 +1,905 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for spoolss rpc operations
+
+   Copyright (C) Guenther Deschner 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/torture.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "librpc/gen_ndr/ndr_spoolss.h"
+#include "librpc/gen_ndr/ndr_spoolss_c.h"
+#include "librpc/gen_ndr/ndr_samr_c.h"
+#include "librpc/gen_ndr/ndr_lsa_c.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "libcli/security/security.h"
+#include "torture/rpc/torture_rpc.h"
+#include "param/param.h"
+#include "lib/cmdline/cmdline.h"
+
+#define TORTURE_USER			"torture_user"
+#define TORTURE_USER_ADMINGROUP		"torture_user_544"
+#define TORTURE_USER_PRINTOPGROUP	"torture_user_550"
+#define TORTURE_USER_PRINTOPPRIV	"torture_user_priv"
+#define TORTURE_USER_SD			"torture_user_sd"
+#define TORTURE_WORKSTATION		"torture_workstation"
+
+struct torture_user {
+	const char *username;
+	void *testuser;
+	uint32_t *builtin_memberships;
+	uint32_t num_builtin_memberships;
+	const char **privs;
+	uint32_t num_privs;
+	bool privs_present;
+	bool sd;
+	bool admin_rights;
+	bool system_security;
+};
+
+struct torture_access_context {
+	struct dcerpc_pipe *spoolss_pipe;
+	const char *printername;
+	struct security_descriptor *sd_orig;
+	struct torture_user user;
+};
+
+static bool test_openprinter_handle(struct torture_context *tctx,
+				    struct dcerpc_pipe *p,
+				    const char *name,
+				    const char *printername,
+				    const char *username,
+				    uint32_t access_mask,
+				    WERROR expected_result,
+				    struct policy_handle *handle)
+{
+	struct spoolss_OpenPrinterEx r;
+	struct spoolss_UserLevel1 level1;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	level1.size	= 28;
+	level1.client	= talloc_asprintf(tctx, "\\\\%s", "smbtorture");
+	level1.user	= username;
+	/* Windows 7 and Windows Server 2008 R2 */
+	level1.build	= 7007;
+	level1.major	= 6;
+	level1.minor	= 1;
+	level1.processor= 0;
+
+	r.in.printername	= printername;
+	r.in.datatype		= NULL;
+	r.in.devmode_ctr.devmode= NULL;
+	r.in.access_mask	= access_mask;
+	r.in.userlevel_ctr.level = 1;
+	r.in.userlevel_ctr.user_info.level1 = &level1;
+	r.out.handle		= handle;
+
+	torture_comment(tctx, "Testing OpenPrinterEx(%s) with access_mask 0x%08x (%s)\n",
+		r.in.printername, r.in.access_mask, name);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_OpenPrinterEx_r(b, tctx, &r),
+		"OpenPrinterEx failed");
+	torture_assert_werr_equal(tctx, r.out.result, expected_result,
+		talloc_asprintf(tctx, "OpenPrinterEx(%s) as '%s' with access_mask: 0x%08x (%s) failed",
+			r.in.printername, username, r.in.access_mask, name));
+
+	return true;
+}
+
+static bool test_openprinter_access(struct torture_context *tctx,
+				    struct dcerpc_pipe *p,
+				    const char *name,
+				    const char *printername,
+				    const char *username,
+				    uint32_t access_mask,
+				    WERROR expected_result)
+{
+	struct policy_handle handle;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	bool ret = true;
+
+	ZERO_STRUCT(handle);
+
+	if (printername == NULL) {
+		torture_comment(tctx, "skipping test %s as there is no printer\n", name);
+		return true;
+	}
+
+	ret = test_openprinter_handle(tctx, p, name, printername, username, access_mask, expected_result, &handle);
+	if (is_valid_policy_hnd(&handle)) {
+		test_ClosePrinter(tctx, b, &handle);
+	}
+
+	return ret;
+}
+
+static bool spoolss_access_setup_membership(struct torture_context *tctx,
+					    struct dcerpc_pipe *p,
+					    uint32_t num_members,
+					    uint32_t *members,
+					    struct dom_sid *user_sid)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct policy_handle connect_handle, domain_handle;
+	int i;
+
+	torture_comment(tctx,
+		"Setting up BUILTIN membership for %s\n",
+		dom_sid_string(tctx, user_sid));
+	for (i=0; i < num_members; i++) {
+		torture_comment(tctx, "adding user to S-1-5-32-%d\n", members[i]);
+	}
+
+	{
+		struct samr_Connect2 r;
+		r.in.system_name = "";
+		r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+		r.out.connect_handle = &connect_handle;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_samr_Connect2_r(b, tctx, &r),
+			"samr_Connect2 failed");
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"samr_Connect2 failed");
+	}
+
+	{
+		struct samr_OpenDomain r;
+		r.in.connect_handle = &connect_handle;
+		r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+		r.in.sid = dom_sid_parse_talloc(tctx, "S-1-5-32");
+		r.out.domain_handle = &domain_handle;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_samr_OpenDomain_r(b, tctx, &r),
+			"samr_OpenDomain failed");
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"samr_OpenDomain failed");
+	}
+
+	for (i=0; i < num_members; i++) {
+
+		struct policy_handle alias_handle;
+
+		{
+		struct samr_OpenAlias r;
+		r.in.domain_handle = &domain_handle;
+		r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+		r.in.rid = members[i];
+		r.out.alias_handle = &alias_handle;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_samr_OpenAlias_r(b, tctx, &r),
+			"samr_OpenAlias failed");
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"samr_OpenAlias failed");
+		}
+
+		{
+		struct samr_AddAliasMember r;
+		r.in.alias_handle = &alias_handle;
+		r.in.sid = user_sid;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_samr_AddAliasMember_r(b, tctx, &r),
+			"samr_AddAliasMember failed");
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"samr_AddAliasMember failed");
+		}
+
+		test_samr_handle_Close(b, tctx, &alias_handle);
+	}
+
+	test_samr_handle_Close(b, tctx, &domain_handle);
+	test_samr_handle_Close(b, tctx, &connect_handle);
+
+	return true;
+}
+
+static void init_lsa_StringLarge(struct lsa_StringLarge *name, const char *s)
+{
+	name->string = s;
+}
+static void init_lsa_String(struct lsa_String *name, const char *s)
+{
+	name->string = s;
+}
+
+static bool spoolss_access_setup_privs(struct torture_context *tctx,
+				       struct dcerpc_pipe *p,
+				       uint32_t num_privs,
+				       const char **privs,
+				       struct dom_sid *user_sid,
+				       bool *privs_present)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct policy_handle *handle;
+	int i;
+
+	torture_assert(tctx,
+		test_lsa_OpenPolicy2(b, tctx, &handle),
+		"failed to open policy");
+
+	for (i=0; i < num_privs; i++) {
+		struct lsa_LookupPrivValue r;
+		struct lsa_LUID luid;
+		struct lsa_String name;
+
+		init_lsa_String(&name, privs[i]);
+
+		r.in.handle = handle;
+		r.in.name = &name;
+		r.out.luid = &luid;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_lsa_LookupPrivValue_r(b, tctx, &r),
+			"lsa_LookupPrivValue failed");
+		if (!NT_STATUS_IS_OK(r.out.result)) {
+			torture_comment(tctx, "lsa_LookupPrivValue failed for '%s' with %s\n",
+					privs[i], nt_errstr(r.out.result));
+			*privs_present = false;
+			return true;
+		}
+	}
+
+	*privs_present = true;
+
+	{
+		struct lsa_AddAccountRights r;
+		struct lsa_RightSet rights;
+
+		rights.count = num_privs;
+		rights.names = talloc_zero_array(tctx, struct lsa_StringLarge, rights.count);
+
+		for (i=0; i < rights.count; i++) {
+			init_lsa_StringLarge(&rights.names[i], privs[i]);
+		}
+
+		r.in.handle = handle;
+		r.in.sid = user_sid;
+		r.in.rights = &rights;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_lsa_AddAccountRights_r(b, tctx, &r),
+			"lsa_AddAccountRights failed");
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"lsa_AddAccountRights failed");
+	}
+
+	test_lsa_Close(b, tctx, handle);
+
+	return true;
+}
+
+static bool test_SetPrinter(struct torture_context *tctx,
+			    struct dcerpc_binding_handle *b,
+			    struct policy_handle *handle,
+			    struct spoolss_SetPrinterInfoCtr *info_ctr,
+			    struct spoolss_DevmodeContainer *devmode_ctr,
+			    struct sec_desc_buf *secdesc_ctr,
+			    enum spoolss_PrinterControl command)
+{
+	struct spoolss_SetPrinter r;
+
+	r.in.handle = handle;
+	r.in.info_ctr = info_ctr;
+	r.in.devmode_ctr = devmode_ctr;
+	r.in.secdesc_ctr = secdesc_ctr;
+	r.in.command = command;
+
+	torture_comment(tctx, "Testing SetPrinter level %d\n", r.in.info_ctr->level);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_spoolss_SetPrinter_r(b, tctx, &r),
+		"failed to call SetPrinter");
+	torture_assert_werr_ok(tctx, r.out.result,
+		"failed to call SetPrinter");
+
+	return true;
+}
+
+static bool spoolss_access_setup_sd(struct torture_context *tctx,
+				    struct dcerpc_pipe *p,
+				    const char *printername,
+				    const struct dom_sid *user_sid,
+				    struct security_descriptor **sd_orig)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct policy_handle handle;
+	union spoolss_PrinterInfo info;
+	struct spoolss_SetPrinterInfoCtr info_ctr;
+	struct spoolss_SetPrinterInfo3 info3;
+	struct spoolss_DevmodeContainer devmode_ctr;
+	struct sec_desc_buf secdesc_ctr;
+	struct security_ace *ace;
+	struct security_descriptor *sd;
+
+	torture_assert(tctx,
+		test_openprinter_handle(tctx, p, "", printername, "", SEC_FLAG_MAXIMUM_ALLOWED, WERR_OK, &handle),
+		"failed to open printer");
+
+	torture_assert(tctx,
+		test_GetPrinter_level(tctx, b, &handle, 3, &info),
+		"failed to get sd");
+
+	sd = security_descriptor_copy(tctx, info.info3.secdesc);
+	*sd_orig = security_descriptor_copy(tctx, info.info3.secdesc);
+
+	ace = talloc_zero(tctx, struct security_ace);
+
+	ace->type		= SEC_ACE_TYPE_ACCESS_ALLOWED;
+	ace->flags		= 0;
+	ace->access_mask	= PRINTER_ALL_ACCESS;
+	ace->trustee		= *user_sid;
+
+	torture_assert_ntstatus_ok(tctx,
+		security_descriptor_dacl_add(sd, ace),
+		"failed to add new ace");
+
+	ace = talloc_zero(tctx, struct security_ace);
+
+	ace->type		= SEC_ACE_TYPE_ACCESS_ALLOWED;
+	ace->flags		= SEC_ACE_FLAG_OBJECT_INHERIT |
+				  SEC_ACE_FLAG_CONTAINER_INHERIT |
+				  SEC_ACE_FLAG_INHERIT_ONLY;
+	ace->access_mask	= SEC_GENERIC_ALL;
+	ace->trustee		= *user_sid;
+
+	torture_assert_ntstatus_ok(tctx,
+		security_descriptor_dacl_add(sd, ace),
+		"failed to add new ace");
+
+	ZERO_STRUCT(info3);
+	ZERO_STRUCT(info_ctr);
+	ZERO_STRUCT(devmode_ctr);
+	ZERO_STRUCT(secdesc_ctr);
+
+	info_ctr.level = 3;
+	info_ctr.info.info3 = &info3;
+	secdesc_ctr.sd = sd;
+
+	torture_assert(tctx,
+		test_SetPrinter(tctx, b, &handle, &info_ctr, &devmode_ctr, &secdesc_ctr, 0),
+		"failed to set sd");
+
+	return true;
+}
+
+static bool test_EnumPrinters_findone(struct torture_context *tctx,
+				      struct dcerpc_pipe *p,
+				      const char **printername)
+{
+	struct spoolss_EnumPrinters r;
+	uint32_t count;
+	union spoolss_PrinterInfo *info;
+	uint32_t needed;
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	*printername = NULL;
+
+	r.in.flags = PRINTER_ENUM_LOCAL;
+	r.in.server = NULL;
+	r.in.level = 1;
+	r.in.buffer = NULL;
+	r.in.offered = 0;
+	r.out.count = &count;
+	r.out.info = &info;
+	r.out.needed = &needed;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_spoolss_EnumPrinters_r(b, tctx, &r),
+		"failed to enum printers");
+
+	if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {
+		DATA_BLOB blob = data_blob_talloc_zero(tctx, needed);
+		r.in.buffer = &blob;
+		r.in.offered = needed;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_spoolss_EnumPrinters_r(b, tctx, &r),
+			"failed to enum printers");
+	}
+
+	torture_assert_werr_ok(tctx, r.out.result,
+		"failed to enum printers");
+
+	for (i=0; i < count; i++) {
+
+		if (count > 1 && strequal(info[i].info1.name, "Microsoft XPS Document Writer")) {
+			continue;
+		}
+
+		torture_comment(tctx, "testing printer: %s\n",
+			info[i].info1.name);
+
+		*printername = talloc_strdup(tctx, info[i].info1.name);
+
+		break;
+	}
+
+	return true;
+}
+
+static bool torture_rpc_spoolss_access_setup_common(struct torture_context *tctx, struct torture_access_context *t)
+{
+	void *testuser;
+	const char *testuser_passwd;
+	struct cli_credentials *test_credentials;
+	struct dom_sid *test_sid;
+	struct dcerpc_pipe *p;
+	const char *printername;
+	const char *binding = torture_setting_string(tctx, "binding", NULL);
+	struct dcerpc_pipe *spoolss_pipe;
+
+	testuser = torture_create_testuser_max_pwlen(tctx, t->user.username,
+						     torture_setting_string(tctx, "workgroup", NULL),
+						     ACB_NORMAL,
+						     &testuser_passwd,
+						     32);
+	if (!testuser) {
+		torture_fail(tctx, "Failed to create test user");
+	}
+
+	test_credentials = cli_credentials_init(tctx);
+	cli_credentials_set_workstation(test_credentials, "localhost", CRED_SPECIFIED);
+	cli_credentials_set_domain(test_credentials, lpcfg_workgroup(tctx->lp_ctx),
+				   CRED_SPECIFIED);
+	cli_credentials_set_username(test_credentials, t->user.username, CRED_SPECIFIED);
+	cli_credentials_set_password(test_credentials, testuser_passwd, CRED_SPECIFIED);
+	test_sid = discard_const_p(struct dom_sid,
+				   torture_join_user_sid(testuser));
+
+	if (t->user.num_builtin_memberships) {
+		struct dcerpc_pipe *samr_pipe = torture_join_samr_pipe(testuser);
+
+		torture_assert(tctx,
+			spoolss_access_setup_membership(tctx, samr_pipe,
+							t->user.num_builtin_memberships,
+							t->user.builtin_memberships,
+							test_sid),
+			"failed to setup membership");
+	}
+
+	if (t->user.num_privs) {
+		struct dcerpc_pipe *lsa_pipe;
+
+		torture_assert_ntstatus_ok(tctx,
+			torture_rpc_connection(tctx, &lsa_pipe, &ndr_table_lsarpc),
+			"Error connecting to server");
+
+		torture_assert(tctx,
+			spoolss_access_setup_privs(tctx, lsa_pipe,
+						   t->user.num_privs,
+						   t->user.privs,
+						   test_sid,
+						   &t->user.privs_present),
+			"failed to setup privs");
+		talloc_free(lsa_pipe);
+	}
+
+	torture_assert_ntstatus_ok(tctx,
+		torture_rpc_connection(tctx, &spoolss_pipe, &ndr_table_spoolss),
+		"Error connecting to server");
+
+	torture_assert(tctx,
+		test_EnumPrinters_findone(tctx, spoolss_pipe, &printername),
+		"failed to enumerate printers");
+
+	if (t->user.sd && printername) {
+		torture_assert(tctx,
+			spoolss_access_setup_sd(tctx, spoolss_pipe,
+						printername,
+						test_sid,
+						&t->sd_orig),
+			"failed to setup sd");
+	}
+
+	talloc_free(spoolss_pipe);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_pipe_connect(tctx, &p, binding, &ndr_table_spoolss,
+				    test_credentials, tctx->ev, tctx->lp_ctx),
+		"Error connecting to server");
+
+	t->spoolss_pipe = p;
+	t->printername = printername;
+	t->user.testuser = testuser;
+
+	return true;
+}
+
+static bool torture_rpc_spoolss_access_setup(struct torture_context *tctx, void **data)
+{
+	struct torture_access_context *t;
+
+	*data = t = talloc_zero(tctx, struct torture_access_context);
+
+	t->user.username = talloc_strdup(t, TORTURE_USER);
+
+	return torture_rpc_spoolss_access_setup_common(tctx, t);
+}
+
+static bool torture_rpc_spoolss_access_admin_setup(struct torture_context *tctx, void **data)
+{
+	struct torture_access_context *t;
+
+	*data = t = talloc_zero(tctx, struct torture_access_context);
+
+	t->user.num_builtin_memberships = 1;
+	t->user.builtin_memberships = talloc_zero_array(t, uint32_t, t->user.num_builtin_memberships);
+	t->user.builtin_memberships[0] = BUILTIN_RID_ADMINISTRATORS;
+	t->user.username = talloc_strdup(t, TORTURE_USER_ADMINGROUP);
+	t->user.admin_rights = true;
+	t->user.system_security = true;
+
+	return torture_rpc_spoolss_access_setup_common(tctx, t);
+}
+
+static bool torture_rpc_spoolss_access_printop_setup(struct torture_context *tctx, void **data)
+{
+	struct torture_access_context *t;
+
+	*data = t = talloc_zero(tctx, struct torture_access_context);
+
+	t->user.num_builtin_memberships = 1;
+	t->user.builtin_memberships = talloc_zero_array(t, uint32_t, t->user.num_builtin_memberships);
+	t->user.builtin_memberships[0] = BUILTIN_RID_PRINT_OPERATORS;
+	t->user.username = talloc_strdup(t, TORTURE_USER_PRINTOPGROUP);
+	t->user.admin_rights = true;
+
+	return torture_rpc_spoolss_access_setup_common(tctx, t);
+}
+
+static bool torture_rpc_spoolss_access_priv_setup(struct torture_context *tctx, void **data)
+{
+	struct torture_access_context *t;
+
+	*data = t = talloc_zero(tctx, struct torture_access_context);
+
+	t->user.username = talloc_strdup(t, TORTURE_USER_PRINTOPPRIV);
+	t->user.num_privs = 1;
+	t->user.privs = talloc_zero_array(t, const char *, t->user.num_privs);
+	t->user.privs[0] = talloc_strdup(t, "SePrintOperatorPrivilege");
+	t->user.admin_rights = true;
+
+	return torture_rpc_spoolss_access_setup_common(tctx, t);
+}
+
+static bool torture_rpc_spoolss_access_sd_setup(struct torture_context *tctx, void **data)
+{
+	struct torture_access_context *t;
+
+	*data = t = talloc_zero(tctx, struct torture_access_context);
+
+	t->user.username = talloc_strdup(t, TORTURE_USER_SD);
+	t->user.sd = true;
+	t->user.admin_rights = true;
+
+	return torture_rpc_spoolss_access_setup_common(tctx, t);
+}
+
+static bool torture_rpc_spoolss_access_teardown_common(struct torture_context *tctx, struct torture_access_context *t)
+{
+	if (t->user.testuser) {
+		torture_leave_domain(tctx, t->user.testuser);
+	}
+
+	/* remove membership ? */
+	if (t->user.num_builtin_memberships) {
+	}
+
+	/* remove privs ? */
+	if (t->user.num_privs) {
+	}
+
+	/* restore sd */
+	if (t->user.sd && t->printername) {
+		struct policy_handle handle;
+		struct spoolss_SetPrinterInfoCtr info_ctr;
+		struct spoolss_SetPrinterInfo3 info3;
+		struct spoolss_DevmodeContainer devmode_ctr;
+		struct sec_desc_buf secdesc_ctr;
+		struct dcerpc_pipe *spoolss_pipe;
+		struct dcerpc_binding_handle *b;
+
+		torture_assert_ntstatus_ok(tctx,
+			torture_rpc_connection(tctx, &spoolss_pipe, &ndr_table_spoolss),
+			"Error connecting to server");
+
+		b = spoolss_pipe->binding_handle;
+
+		ZERO_STRUCT(info_ctr);
+		ZERO_STRUCT(info3);
+		ZERO_STRUCT(devmode_ctr);
+		ZERO_STRUCT(secdesc_ctr);
+
+		info_ctr.level = 3;
+		info_ctr.info.info3 = &info3;
+		secdesc_ctr.sd = t->sd_orig;
+
+		torture_assert(tctx,
+			test_openprinter_handle(tctx, spoolss_pipe, "", t->printername, "", SEC_FLAG_MAXIMUM_ALLOWED, WERR_OK, &handle),
+			"failed to open printer");
+
+		torture_assert(tctx,
+			test_SetPrinter(tctx, b, &handle, &info_ctr, &devmode_ctr, &secdesc_ctr, 0),
+			"failed to set sd");
+
+		talloc_free(spoolss_pipe);
+	}
+
+	return true;
+}
+
+static bool torture_rpc_spoolss_access_teardown(struct torture_context *tctx, void *data)
+{
+	struct torture_access_context *t = talloc_get_type(data, struct torture_access_context);
+	bool ret;
+
+	ret = torture_rpc_spoolss_access_teardown_common(tctx, t);
+	talloc_free(t);
+
+	return ret;
+}
+
+static bool test_openprinter(struct torture_context *tctx,
+			     void *private_data)
+{
+	struct torture_access_context *t =
+		(struct torture_access_context *)talloc_get_type_abort(private_data, struct torture_access_context);
+	struct dcerpc_pipe *p = t->spoolss_pipe;
+	bool ret = true;
+	const char *username = t->user.username;
+	const char *servername_slash = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	int i;
+
+	struct {
+		const char *name;
+		uint32_t access_mask;
+		const char *printername;
+		WERROR expected_result;
+	} checks[] = {
+
+		/* printserver handle tests */
+
+		{
+			.name			= "0",
+			.access_mask		= 0,
+			.printername		= servername_slash,
+			.expected_result	= WERR_OK
+		},
+		{
+			.name			= "SEC_FLAG_MAXIMUM_ALLOWED",
+			.access_mask		= SEC_FLAG_MAXIMUM_ALLOWED,
+			.printername		= servername_slash,
+			.expected_result	= WERR_OK
+		},
+		{
+			.name			= "SERVER_ACCESS_ENUMERATE",
+			.access_mask		= SERVER_ACCESS_ENUMERATE,
+			.printername		= servername_slash,
+			.expected_result	= WERR_OK
+		},
+		{
+			.name			= "SERVER_ACCESS_ADMINISTER",
+			.access_mask		= SERVER_ACCESS_ADMINISTER,
+			.printername		= servername_slash,
+			.expected_result	= t->user.admin_rights ? WERR_OK : WERR_ACCESS_DENIED
+		},
+		{
+			.name			= "SERVER_READ",
+			.access_mask		= SERVER_READ,
+			.printername		= servername_slash,
+			.expected_result	= WERR_OK
+		},
+		{
+			.name			= "SERVER_WRITE",
+			.access_mask		= SERVER_WRITE,
+			.printername		= servername_slash,
+			.expected_result	= t->user.admin_rights ? WERR_OK : WERR_ACCESS_DENIED
+		},
+		{
+			.name			= "SERVER_EXECUTE",
+			.access_mask		= SERVER_EXECUTE,
+			.printername		= servername_slash,
+			.expected_result	= WERR_OK
+		},
+		{
+			.name			= "SERVER_ALL_ACCESS",
+			.access_mask		= SERVER_ALL_ACCESS,
+			.printername		= servername_slash,
+			.expected_result	= t->user.admin_rights ? WERR_OK : WERR_ACCESS_DENIED
+		},
+
+		/* printer handle tests */
+
+		{
+			.name			= "0",
+			.access_mask		= 0,
+			.printername		= t->printername,
+			.expected_result	= WERR_OK
+		},
+		{
+			.name			= "SEC_FLAG_MAXIMUM_ALLOWED",
+			.access_mask		= SEC_FLAG_MAXIMUM_ALLOWED,
+			.printername		= t->printername,
+			.expected_result	= WERR_OK
+		},
+		{
+			.name			= "SEC_FLAG_SYSTEM_SECURITY",
+			.access_mask		= SEC_FLAG_SYSTEM_SECURITY,
+			.printername		= t->printername,
+			.expected_result	= t->user.system_security ? WERR_OK : WERR_ACCESS_DENIED
+		},
+		{
+			.name			= "0x010e0000",
+			.access_mask		= 0x010e0000,
+			.printername		= t->printername,
+			.expected_result	= t->user.system_security ? WERR_OK : WERR_ACCESS_DENIED
+		},
+		{
+			.name			= "PRINTER_ACCESS_USE",
+			.access_mask		= PRINTER_ACCESS_USE,
+			.printername		= t->printername,
+			.expected_result	= WERR_OK
+		},
+		{
+			.name			= "SEC_STD_READ_CONTROL",
+			.access_mask		= SEC_STD_READ_CONTROL,
+			.printername		= t->printername,
+			.expected_result	= WERR_OK
+		},
+		{
+			.name			= "PRINTER_ACCESS_ADMINISTER",
+			.access_mask		= PRINTER_ACCESS_ADMINISTER,
+			.printername		= t->printername,
+			.expected_result	= t->user.admin_rights ? WERR_OK : WERR_ACCESS_DENIED
+		},
+		{
+			.name			= "SEC_STD_WRITE_DAC",
+			.access_mask		= SEC_STD_WRITE_DAC,
+			.printername		= t->printername,
+			.expected_result	= t->user.admin_rights ? WERR_OK : WERR_ACCESS_DENIED
+		},
+		{
+			.name			= "SEC_STD_WRITE_OWNER",
+			.access_mask		= SEC_STD_WRITE_OWNER,
+			.printername		= t->printername,
+			.expected_result	= t->user.admin_rights ? WERR_OK : WERR_ACCESS_DENIED
+		},
+		{
+			.name			= "PRINTER_READ",
+			.access_mask		= PRINTER_READ,
+			.printername		= t->printername,
+			.expected_result	= WERR_OK
+		},
+		{
+			.name			= "PRINTER_WRITE",
+			.access_mask		= PRINTER_WRITE,
+			.printername		= t->printername,
+			.expected_result	= t->user.admin_rights ? WERR_OK : WERR_ACCESS_DENIED
+		},
+		{
+			.name			= "PRINTER_EXECUTE",
+			.access_mask		= PRINTER_EXECUTE,
+			.printername		= t->printername,
+			.expected_result	= WERR_OK
+		},
+		{
+			.name			= "PRINTER_ALL_ACCESS",
+			.access_mask		= PRINTER_ALL_ACCESS,
+			.printername		= t->printername,
+			.expected_result	= t->user.admin_rights ? WERR_OK : WERR_ACCESS_DENIED
+		}
+	};
+
+	if (t->user.num_privs && !t->user.privs_present) {
+		torture_skip(tctx, "skipping test as not all required privileges are present on the server\n");
+	}
+
+	for (i=0; i < ARRAY_SIZE(checks); i++) {
+		ret &= test_openprinter_access(tctx, p,
+					       checks[i].name,
+					       checks[i].printername,
+					       username,
+					       checks[i].access_mask,
+					       checks[i].expected_result);
+	}
+
+	return ret;
+}
+
+static bool test_openprinter_wrap(struct torture_context *tctx,
+				  struct dcerpc_pipe *p)
+{
+	struct torture_access_context *t;
+	const char *printername;
+	bool ret = true;
+
+	t = talloc_zero(tctx, struct torture_access_context);
+
+	t->user.username = talloc_strdup(tctx, "dummy");
+	t->spoolss_pipe = p;
+
+	torture_assert(tctx,
+		test_EnumPrinters_findone(tctx, p, &printername),
+		"failed to enumerate printers");
+
+	t->printername = printername;
+
+	ret = test_openprinter(tctx, (void *)t);
+
+	talloc_free(t);
+
+	return ret;
+}
+
+struct torture_suite *torture_rpc_spoolss_access(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "spoolss.access");
+	struct torture_tcase *tcase;
+	struct torture_rpc_tcase *rpc_tcase;
+
+	tcase = torture_suite_add_tcase(suite, "normaluser");
+
+	torture_tcase_set_fixture(tcase,
+				  torture_rpc_spoolss_access_setup,
+				  torture_rpc_spoolss_access_teardown);
+
+	torture_tcase_add_simple_test(tcase, "openprinter", test_openprinter);
+
+	tcase = torture_suite_add_tcase(suite, "adminuser");
+
+	torture_tcase_set_fixture(tcase,
+				  torture_rpc_spoolss_access_admin_setup,
+				  torture_rpc_spoolss_access_teardown);
+
+	torture_tcase_add_simple_test(tcase, "openprinter", test_openprinter);
+
+	tcase = torture_suite_add_tcase(suite, "printopuser");
+
+	torture_tcase_set_fixture(tcase,
+				  torture_rpc_spoolss_access_printop_setup,
+				  torture_rpc_spoolss_access_teardown);
+
+	torture_tcase_add_simple_test(tcase, "openprinter", test_openprinter);
+
+	tcase = torture_suite_add_tcase(suite, "printopuserpriv");
+
+	torture_tcase_set_fixture(tcase,
+				  torture_rpc_spoolss_access_priv_setup,
+				  torture_rpc_spoolss_access_teardown);
+
+	torture_tcase_add_simple_test(tcase, "openprinter", test_openprinter);
+
+	tcase = torture_suite_add_tcase(suite, "normaluser_sd");
+
+	torture_tcase_set_fixture(tcase,
+				  torture_rpc_spoolss_access_sd_setup,
+				  torture_rpc_spoolss_access_teardown);
+
+	torture_tcase_add_simple_test(tcase, "openprinter", test_openprinter);
+
+	rpc_tcase = torture_suite_add_machine_workstation_rpc_iface_tcase(suite, "workstation",
+									  &ndr_table_spoolss,
+									  TORTURE_WORKSTATION);
+
+	torture_rpc_tcase_add_test(rpc_tcase, "openprinter", test_openprinter_wrap);
+
+	return suite;
+}
diff --git a/source4/torture/rpc/spoolss_notify.c b/source4/torture/rpc/spoolss_notify.c
new file mode 100644
index 0000000..bd9dac4
--- /dev/null
+++ b/source4/torture/rpc/spoolss_notify.c
@@ -0,0 +1,636 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for spoolss rpc notify operations
+
+   Copyright (C) Jelmer Vernooij 2007
+   Copyright (C) Guenther Deschner 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "librpc/gen_ndr/ndr_spoolss_c.h"
+#include "librpc/gen_ndr/ndr_spoolss.h"
+#include "torture/rpc/torture_rpc.h"
+#include "rpc_server/dcerpc_server.h"
+#include "rpc_server/dcerpc_server_proto.h"
+#include "rpc_server/service_rpc.h"
+#include "samba/process_model.h"
+#include "smb_server/smb_server.h"
+#include "lib/socket/netif.h"
+#include "ntvfs/ntvfs.h"
+#include "param/param.h"
+
+static struct dcesrv_context_callbacks srv_cb = {
+	.log.successful_authz = log_successful_dcesrv_authz_event,
+	.auth.gensec_prepare = dcesrv_gensec_prepare,
+	.assoc_group.find = dcesrv_assoc_group_find_s4,
+};
+
+static NTSTATUS spoolss__op_bind(struct dcesrv_connection_context *context,
+				 const struct dcesrv_interface *iface)
+{
+	return NT_STATUS_OK;
+}
+
+static void spoolss__op_unbind(struct dcesrv_connection_context *context, const struct dcesrv_interface *iface)
+{
+}
+
+static NTSTATUS spoolss__op_ndr_pull(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct ndr_pull *pull, void **r)
+{
+	enum ndr_err_code ndr_err;
+	uint16_t opnum = dce_call->pkt.u.request.opnum;
+
+	dce_call->fault_code = 0;
+
+	if (opnum >= ndr_table_spoolss.num_calls) {
+		dce_call->fault_code = DCERPC_FAULT_OP_RNG_ERROR;
+		return NT_STATUS_NET_WRITE_FAULT;
+	}
+
+	*r = talloc_size(mem_ctx, ndr_table_spoolss.calls[opnum].struct_size);
+	NT_STATUS_HAVE_NO_MEMORY(*r);
+
+        /* unravel the NDR for the packet */
+	ndr_err = ndr_table_spoolss.calls[opnum].ndr_pull(pull, NDR_IN, *r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		dce_call->fault_code = DCERPC_FAULT_NDR;
+		return NT_STATUS_NET_WRITE_FAULT;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/* Note that received_packets are allocated on the NULL context
+ * because no other context appears to stay around long enough. */
+static struct received_packet {
+	uint16_t opnum;
+	void *r;
+	struct received_packet *prev, *next;
+} *received_packets = NULL;
+
+static void free_received_packets(void)
+{
+	struct received_packet *rp;
+	struct received_packet *rp_next;
+
+	for (rp = received_packets; rp; rp = rp_next) {
+		rp_next = rp->next;
+		DLIST_REMOVE(received_packets, rp);
+		talloc_unlink(rp, rp->r);
+		talloc_free(rp);
+	}
+	received_packets = NULL;
+}
+
+static WERROR _spoolss_ReplyOpenPrinter(struct dcesrv_call_state *dce_call,
+					TALLOC_CTX *mem_ctx,
+					struct spoolss_ReplyOpenPrinter *r)
+{
+	DEBUG(1,("_spoolss_ReplyOpenPrinter\n"));
+
+	NDR_PRINT_IN_DEBUG(spoolss_ReplyOpenPrinter, r);
+
+	r->out.handle = talloc(r, struct policy_handle);
+	r->out.handle->handle_type = 42;
+	r->out.handle->uuid = GUID_random();
+	r->out.result = WERR_OK;
+
+	NDR_PRINT_OUT_DEBUG(spoolss_ReplyOpenPrinter, r);
+
+	return WERR_OK;
+}
+
+static WERROR _spoolss_ReplyClosePrinter(struct dcesrv_call_state *dce_call,
+					 TALLOC_CTX *mem_ctx,
+					 struct spoolss_ReplyClosePrinter *r)
+{
+	DEBUG(1,("_spoolss_ReplyClosePrinter\n"));
+
+	NDR_PRINT_IN_DEBUG(spoolss_ReplyClosePrinter, r);
+
+	ZERO_STRUCTP(r->out.handle);
+	r->out.result = WERR_OK;
+
+	NDR_PRINT_OUT_DEBUG(spoolss_ReplyClosePrinter, r);
+
+	return WERR_OK;
+}
+
+static WERROR _spoolss_RouterReplyPrinterEx(struct dcesrv_call_state *dce_call,
+					    TALLOC_CTX *mem_ctx,
+					    struct spoolss_RouterReplyPrinterEx *r)
+{
+	DEBUG(1,("_spoolss_RouterReplyPrinterEx\n"));
+
+	NDR_PRINT_IN_DEBUG(spoolss_RouterReplyPrinterEx, r);
+
+	r->out.reply_result = talloc(r, uint32_t);
+	*r->out.reply_result = 0;
+	r->out.result = WERR_OK;
+
+	NDR_PRINT_OUT_DEBUG(spoolss_RouterReplyPrinterEx, r);
+
+	return WERR_OK;
+}
+
+static NTSTATUS spoolss__op_dispatch(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, void *r)
+{
+	uint16_t opnum = dce_call->pkt.u.request.opnum;
+	struct received_packet *rp;
+
+	rp = talloc_zero(NULL, struct received_packet);
+	rp->opnum = opnum;
+	rp->r = talloc_reference(rp, r);
+
+	DLIST_ADD_END(received_packets, rp);
+
+	switch (opnum) {
+	case 58: {
+		struct spoolss_ReplyOpenPrinter *r2 = (struct spoolss_ReplyOpenPrinter *)r;
+		r2->out.result = _spoolss_ReplyOpenPrinter(dce_call, mem_ctx, r2);
+		break;
+	}
+	case 60: {
+		struct spoolss_ReplyClosePrinter *r2 = (struct spoolss_ReplyClosePrinter *)r;
+		r2->out.result = _spoolss_ReplyClosePrinter(dce_call, mem_ctx, r2);
+		break;
+	}
+	case 66: {
+		struct spoolss_RouterReplyPrinterEx *r2 = (struct spoolss_RouterReplyPrinterEx *)r;
+		r2->out.result = _spoolss_RouterReplyPrinterEx(dce_call, mem_ctx, r2);
+		break;
+	}
+
+	default:
+		dce_call->fault_code = DCERPC_FAULT_OP_RNG_ERROR;
+		break;
+	}
+
+	if (dce_call->fault_code != 0) {
+		return NT_STATUS_NET_WRITE_FAULT;
+	}
+	return NT_STATUS_OK;
+}
+
+
+static NTSTATUS spoolss__op_reply(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, void *r)
+{
+	return NT_STATUS_OK;
+}
+
+
+static NTSTATUS spoolss__op_ndr_push(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct ndr_push *push, const void *r)
+{
+	enum ndr_err_code ndr_err;
+	uint16_t opnum = dce_call->pkt.u.request.opnum;
+
+	ndr_err = ndr_table_spoolss.calls[opnum].ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		dce_call->fault_code = DCERPC_FAULT_NDR;
+		return NT_STATUS_NET_WRITE_FAULT;
+	}
+
+	return NT_STATUS_OK;
+}
+
+static const struct dcesrv_interface notify_test_spoolss_interface = {
+	.name		= "spoolss",
+	.syntax_id  = {{0x12345678,0x1234,0xabcd,{0xef,0x00},{0x01,0x23,0x45,0x67,0x89,0xab}},1.0},
+	.bind		= spoolss__op_bind,
+	.unbind		= spoolss__op_unbind,
+	.ndr_pull	= spoolss__op_ndr_pull,
+	.dispatch	= spoolss__op_dispatch,
+	.reply		= spoolss__op_reply,
+	.ndr_push	= spoolss__op_ndr_push
+};
+
+static bool spoolss__op_interface_by_uuid(struct dcesrv_interface *iface, const struct GUID *uuid, uint32_t if_version)
+{
+	if (notify_test_spoolss_interface.syntax_id.if_version == if_version &&
+		GUID_equal(&notify_test_spoolss_interface.syntax_id.uuid, uuid)) {
+		memcpy(iface,&notify_test_spoolss_interface, sizeof(*iface));
+		return true;
+	}
+
+	return false;
+}
+
+static bool spoolss__op_interface_by_name(struct dcesrv_interface *iface, const char *name)
+{
+	if (strcmp(notify_test_spoolss_interface.name, name)==0) {
+		memcpy(iface, &notify_test_spoolss_interface, sizeof(*iface));
+		return true;
+	}
+
+	return false;
+}
+
+static NTSTATUS spoolss__op_init_server(struct dcesrv_context *dce_ctx, const struct dcesrv_endpoint_server *ep_server)
+{
+	uint32_t i;
+
+	for (i=0;i<ndr_table_spoolss.endpoints->count;i++) {
+		NTSTATUS ret;
+		const char *name = ndr_table_spoolss.endpoints->names[i];
+
+		ret = dcesrv_interface_register(dce_ctx,
+						name,
+						NULL,
+						&notify_test_spoolss_interface,
+						NULL);
+		if (!NT_STATUS_IS_OK(ret)) {
+			DEBUG(1,("spoolss_op_init_server: failed to register endpoint '%s'\n",name));
+			return ret;
+		}
+	}
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS spoolss__op_shutdown_server(struct dcesrv_context *dce_ctx,
+				const struct dcesrv_endpoint_server *ep_server)
+{
+	return NT_STATUS_OK;
+}
+
+static bool test_OpenPrinter(struct torture_context *tctx,
+			     struct dcerpc_pipe *p,
+			     struct policy_handle *handle,
+			     const char *printername)
+{
+	struct spoolss_OpenPrinter r;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	ZERO_STRUCT(r);
+
+	r.in.printername	= printername;
+	r.in.datatype		= NULL;
+	r.in.devmode_ctr.devmode= NULL;
+	r.in.access_mask	= SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.handle		= handle;
+
+	torture_comment(tctx, "Testing OpenPrinter(%s)\n", r.in.printername);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_spoolss_OpenPrinter_r(b, tctx, &r),
+		"OpenPrinter failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+		"OpenPrinter failed");
+
+	return true;
+}
+
+static struct spoolss_NotifyOption *setup_printserver_NotifyOption(struct torture_context *tctx)
+{
+	struct spoolss_NotifyOption *o;
+
+	o = talloc_zero(tctx, struct spoolss_NotifyOption);
+
+	o->version = 2;
+	o->flags = PRINTER_NOTIFY_OPTIONS_REFRESH;
+
+	o->count = 2;
+	o->types = talloc_zero_array(o, struct spoolss_NotifyOptionType, o->count);
+
+	o->types[0].type = PRINTER_NOTIFY_TYPE;
+	o->types[0].count = 1;
+	o->types[0].fields = talloc_array(o->types, union spoolss_Field, o->types[0].count);
+	o->types[0].fields[0].field = PRINTER_NOTIFY_FIELD_SERVER_NAME;
+
+	o->types[1].type = JOB_NOTIFY_TYPE;
+	o->types[1].count = 1;
+	o->types[1].fields = talloc_array(o->types, union spoolss_Field, o->types[1].count);
+	o->types[1].fields[0].field = JOB_NOTIFY_FIELD_MACHINE_NAME;
+
+	return o;
+}
+
+#if 0
+static struct spoolss_NotifyOption *setup_printer_NotifyOption(struct torture_context *tctx)
+{
+	struct spoolss_NotifyOption *o;
+
+	o = talloc_zero(tctx, struct spoolss_NotifyOption);
+
+	o->version = 2;
+	o->flags = PRINTER_NOTIFY_OPTIONS_REFRESH;
+
+	o->count = 1;
+	o->types = talloc_zero_array(o, struct spoolss_NotifyOptionType, o->count);
+
+	o->types[0].type = PRINTER_NOTIFY_TYPE;
+	o->types[0].count = 1;
+	o->types[0].fields = talloc_array(o->types, union spoolss_Field, o->types[0].count);
+	o->types[0].fields[0].field = PRINTER_NOTIFY_FIELD_COMMENT;
+
+	return o;
+}
+#endif
+
+static bool test_RemoteFindFirstPrinterChangeNotifyEx(struct torture_context *tctx,
+						      struct dcerpc_binding_handle *b,
+						      struct policy_handle *handle,
+						      const char *address,
+						      struct spoolss_NotifyOption *option)
+{
+	struct spoolss_RemoteFindFirstPrinterChangeNotifyEx r;
+	const char *local_machine = talloc_asprintf(tctx, "\\\\%s", address);
+
+	torture_comment(tctx, "Testing RemoteFindFirstPrinterChangeNotifyEx(%s)\n", local_machine);
+
+	r.in.flags = 0;
+	r.in.local_machine = local_machine;
+	r.in.options = 0;
+	r.in.printer_local = 0;
+	r.in.notify_options = option;
+	r.in.handle = handle;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_spoolss_RemoteFindFirstPrinterChangeNotifyEx_r(b, tctx, &r),
+		"RemoteFindFirstPrinterChangeNotifyEx failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+		"error return code for RemoteFindFirstPrinterChangeNotifyEx");
+
+	return true;
+}
+
+static bool test_RouterRefreshPrinterChangeNotify(struct torture_context *tctx,
+						  struct dcerpc_binding_handle *b,
+						  struct policy_handle *handle,
+						  struct spoolss_NotifyOption *options,
+						  struct spoolss_NotifyInfo **info)
+{
+	struct spoolss_RouterRefreshPrinterChangeNotify r;
+
+	torture_comment(tctx, "Testing RouterRefreshPrinterChangeNotify\n");
+
+	r.in.handle = handle;
+	r.in.change_low = 0;
+	r.in.options = options;
+	r.out.info = info;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_spoolss_RouterRefreshPrinterChangeNotify_r(b, tctx, &r),
+		"RouterRefreshPrinterChangeNotify failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+		"error return code for RouterRefreshPrinterChangeNotify");
+
+	return true;
+}
+
+#if 0
+static bool test_SetPrinter(struct torture_context *tctx,
+			    struct dcerpc_pipe *p,
+			    struct policy_handle *handle)
+{
+	union spoolss_PrinterInfo info;
+	struct spoolss_SetPrinter r;
+	struct spoolss_SetPrinterInfo2 info2;
+	struct spoolss_SetPrinterInfoCtr info_ctr;
+	struct spoolss_DevmodeContainer devmode_ctr;
+	struct sec_desc_buf secdesc_ctr;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	torture_assert(tctx, test_GetPrinter_level(tctx, b, handle, 2, &info), "");
+
+	ZERO_STRUCT(devmode_ctr);
+	ZERO_STRUCT(secdesc_ctr);
+
+	info2.servername	= info.info2.servername;
+	info2.printername	= info.info2.printername;
+	info2.sharename		= info.info2.sharename;
+	info2.portname		= info.info2.portname;
+	info2.drivername	= info.info2.drivername;
+	info2.comment		= talloc_asprintf(tctx, "torture_comment %d\n", (int)time(NULL));
+	info2.location		= info.info2.location;
+	info2.devmode_ptr	= 0;
+	info2.sepfile		= info.info2.sepfile;
+	info2.printprocessor	= info.info2.printprocessor;
+	info2.datatype		= info.info2.datatype;
+	info2.parameters	= info.info2.parameters;
+	info2.secdesc_ptr	= 0;
+	info2.attributes	= info.info2.attributes;
+	info2.priority		= info.info2.priority;
+	info2.defaultpriority	= info.info2.defaultpriority;
+	info2.starttime		= info.info2.starttime;
+	info2.untiltime		= info.info2.untiltime;
+	info2.status		= info.info2.status;
+	info2.cjobs		= info.info2.cjobs;
+	info2.averageppm	= info.info2.averageppm;
+
+	info_ctr.level = 2;
+	info_ctr.info.info2 = &info2;
+
+	r.in.handle = handle;
+	r.in.info_ctr = &info_ctr;
+	r.in.devmode_ctr = &devmode_ctr;
+	r.in.secdesc_ctr = &secdesc_ctr;
+	r.in.command = 0;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_spoolss_SetPrinter_r(b, tctx, &r), "SetPrinter failed");
+	torture_assert_werr_ok(tctx, r.out.result, "SetPrinter failed");
+
+	return true;
+}
+#endif
+
+static bool test_start_dcerpc_server(struct torture_context *tctx,
+				     struct tevent_context *event_ctx,
+				     struct dcesrv_context **dce_ctx_p,
+				     const char **address_p)
+{
+	struct dcesrv_endpoint_server ep_server;
+	NTSTATUS status;
+	struct dcesrv_context *dce_ctx;
+	const char *endpoints[] = { "spoolss", NULL };
+	struct dcesrv_endpoint *e;
+	const char *address;
+	struct interface *ifaces;
+
+	ntvfs_init(tctx->lp_ctx);
+
+	/* fill in our name */
+	ep_server.name = "spoolss";
+
+	ep_server.initialized = false;
+
+	/* fill in all the operations */
+	ep_server.init_server = spoolss__op_init_server;
+	ep_server.shutdown_server = spoolss__op_shutdown_server;
+
+	ep_server.interface_by_uuid = spoolss__op_interface_by_uuid;
+	ep_server.interface_by_name = spoolss__op_interface_by_name;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_register_ep_server(&ep_server),
+				  "unable to register spoolss server");
+
+	lpcfg_set_cmdline(tctx->lp_ctx, "dcerpc endpoint servers", "spoolss");
+
+	load_interface_list(tctx, tctx->lp_ctx, &ifaces);
+	address = iface_list_first_v4(ifaces);
+
+	torture_comment(tctx, "Listening for callbacks on %s\n", address);
+
+	status = process_model_init(tctx->lp_ctx);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "unable to initialize process models");
+
+	status = smbsrv_add_socket(tctx, event_ctx, tctx->lp_ctx,
+				   process_model_startup("single"),
+				   address, NULL);
+	torture_assert_ntstatus_ok(tctx, status, "starting smb server");
+
+	status = dcesrv_init_context(tctx, tctx->lp_ctx, &srv_cb, &dce_ctx);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "unable to initialize DCE/RPC server");
+
+	status = dcesrv_init_ep_servers(dce_ctx, endpoints);
+	torture_assert_ntstatus_ok(tctx,
+				   status,
+				   "unable to initialize DCE/RPC ep servers");
+
+	for (e=dce_ctx->endpoint_list;e;e=e->next) {
+		status = dcesrv_add_ep(dce_ctx, tctx->lp_ctx,
+				       e, tctx->ev,
+				       process_model_startup("single"), NULL);
+		torture_assert_ntstatus_ok(tctx, status,
+				"unable listen on dcerpc endpoint server");
+	}
+
+	*dce_ctx_p = dce_ctx;
+	*address_p = address;
+
+	return true;
+}
+
+static struct received_packet *last_packet(struct received_packet *p)
+{
+	struct received_packet *tmp;
+	for (tmp = p; tmp->next; tmp = tmp->next) {
+	}
+	return tmp;
+}
+
+static bool test_RFFPCNEx(struct torture_context *tctx,
+			  struct dcerpc_pipe *p)
+{
+	struct dcesrv_context *dce_ctx;
+	struct policy_handle handle;
+	const char *address;
+	struct received_packet *tmp;
+	struct spoolss_NotifyOption *server_option = setup_printserver_NotifyOption(tctx);
+#if 0
+	struct spoolss_NotifyOption *printer_option = setup_printer_NotifyOption(tctx);
+#endif
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	const char *printername = NULL;
+	struct spoolss_NotifyInfo *info = NULL;
+
+	free_received_packets();
+
+	/* Start DCE/RPC server */
+	torture_assert(tctx, test_start_dcerpc_server(tctx, tctx->ev, &dce_ctx, &address), "");
+
+	printername	= talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+
+	torture_assert(tctx, test_OpenPrinter(tctx, p, &handle, printername), "");
+	torture_assert(tctx, test_RemoteFindFirstPrinterChangeNotifyEx(tctx, b, &handle, address, server_option), "");
+	torture_assert(tctx, received_packets, "no packets received");
+	torture_assert_int_equal(tctx, received_packets->opnum, NDR_SPOOLSS_REPLYOPENPRINTER,
+		"no ReplyOpenPrinter packet after RemoteFindFirstPrinterChangeNotifyEx");
+	torture_assert(tctx, test_RouterRefreshPrinterChangeNotify(tctx, b, &handle, NULL, &info), "");
+	torture_assert(tctx, test_RouterRefreshPrinterChangeNotify(tctx, b, &handle, server_option, &info), "");
+	torture_assert(tctx, test_ClosePrinter(tctx, b, &handle), "");
+	tmp = last_packet(received_packets);
+	torture_assert_int_equal(tctx, tmp->opnum, NDR_SPOOLSS_REPLYCLOSEPRINTER,
+		"no ReplyClosePrinter packet after ClosePrinter");
+#if 0
+	printername	= talloc_asprintf(tctx, "\\\\%s\\%s", dcerpc_server_name(p), name);
+
+	torture_assert(tctx, test_OpenPrinter(tctx, p, &handle, "Epson AL-2600"), "");
+	torture_assert(tctx, test_RemoteFindFirstPrinterChangeNotifyEx(tctx, p, &handle, address, printer_option), "");
+	tmp = last_packet(received_packets);
+	torture_assert_int_equal(tctx, tmp->opnum, NDR_SPOOLSS_REPLYOPENPRINTER,
+		"no ReplyOpenPrinter packet after RemoteFindFirstPrinterChangeNotifyEx");
+	torture_assert(tctx, test_RouterRefreshPrinterChangeNotify(tctx, p, &handle, NULL, &info), "");
+	torture_assert(tctx, test_RouterRefreshPrinterChangeNotify(tctx, p, &handle, printer_option, &info), "");
+	torture_assert(tctx, test_SetPrinter(tctx, p, &handle), "");
+	tmp = last_packet(received_packets);
+	torture_assert_int_equal(tctx, tmp->opnum, NDR_SPOOLSS_ROUTERREPLYPRINTEREX,
+		"no RouterReplyPrinterEx packet after ClosePrinter");
+	torture_assert(tctx, test_ClosePrinter(tctx, p, &handle), "");
+	tmp = last_packet(received_packets);
+	torture_assert_int_equal(tctx, tmp->opnum, NDR_SPOOLSS_REPLYCLOSEPRINTER,
+		"no ReplyClosePrinter packet after ClosePrinter");
+#endif
+	/* Shut down DCE/RPC server */
+	talloc_free(dce_ctx);
+	free_received_packets();
+
+	return true;
+}
+
+/** Test that makes sure that calling ReplyOpenPrinter()
+ * on Samba 4 will cause an irpc broadcast call.
+ */
+static bool test_ReplyOpenPrinter(struct torture_context *tctx,
+				  struct dcerpc_pipe *p)
+{
+	struct spoolss_ReplyOpenPrinter r;
+	struct spoolss_ReplyClosePrinter s;
+	struct policy_handle h;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (torture_setting_bool(tctx, "samba3", false)) {
+		torture_skip(tctx, "skipping ReplyOpenPrinter server implementation test against s3\n");
+	}
+
+	r.in.server_name = "earth";
+	r.in.printer_local = 2;
+	r.in.type = REG_DWORD;
+	r.in.bufsize = 0;
+	r.in.buffer = NULL;
+	r.out.handle = &h;
+
+	torture_assert_ntstatus_ok(tctx,
+			dcerpc_spoolss_ReplyOpenPrinter_r(b, tctx, &r),
+			"spoolss_ReplyOpenPrinter call failed");
+
+	torture_assert_werr_ok(tctx, r.out.result, "error return code");
+
+	s.in.handle = &h;
+	s.out.handle = &h;
+
+	torture_assert_ntstatus_ok(tctx,
+			dcerpc_spoolss_ReplyClosePrinter_r(b, tctx, &s),
+			"spoolss_ReplyClosePrinter call failed");
+
+	torture_assert_werr_ok(tctx, r.out.result, "error return code");
+
+	return true;
+}
+
+struct torture_suite *torture_rpc_spoolss_notify(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "spoolss.notify");
+
+	struct torture_rpc_tcase *tcase = torture_suite_add_rpc_iface_tcase(suite,
+							"notify", &ndr_table_spoolss);
+
+	torture_rpc_tcase_add_test(tcase, "testRFFPCNEx", test_RFFPCNEx);
+	torture_rpc_tcase_add_test(tcase, "testReplyOpenPrinter", test_ReplyOpenPrinter);
+
+	return suite;
+}
diff --git a/source4/torture/rpc/spoolss_win.c b/source4/torture/rpc/spoolss_win.c
new file mode 100644
index 0000000..9162acd
--- /dev/null
+++ b/source4/torture/rpc/spoolss_win.c
@@ -0,0 +1,612 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for spoolss rpc operations as performed by various win versions
+
+   Copyright (C) Kai Blin 2007
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/rpc/torture_rpc.h"
+#include "librpc/gen_ndr/ndr_spoolss_c.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "param/param.h"
+
+struct test_spoolss_win_context {
+	/* EnumPrinters */
+	uint32_t printer_count;
+	union spoolss_PrinterInfo *printer_info;
+	union spoolss_PrinterInfo *current_info;
+
+	/* EnumPrinterKeys */
+	const char **printer_keys;
+
+	bool printer_has_driver;
+};
+
+/* This is a convenience function for all OpenPrinterEx calls */
+static bool test_OpenPrinterEx(struct torture_context *tctx,
+				struct dcerpc_binding_handle *b,
+				struct policy_handle *handle,
+				const char *printer_name,
+				uint32_t access_mask)
+{
+	NTSTATUS status;
+	struct spoolss_OpenPrinterEx op;
+	struct spoolss_UserLevel1 ul_1;
+
+	torture_comment(tctx, "Opening printer '%s'\n", printer_name);
+
+	op.in.printername		= talloc_strdup(tctx, printer_name);
+	op.in.datatype			= NULL;
+	op.in.devmode_ctr.devmode	= NULL;
+	op.in.access_mask		= access_mask;
+	op.in.userlevel_ctr.level	= 1;
+	op.in.userlevel_ctr.user_info.level1 = &ul_1;
+	op.out.handle			= handle;
+
+	ul_1.size 			= 1234;
+	ul_1.client			= "\\clientname";
+	ul_1.user			= "username";
+	ul_1.build			= 1;
+	ul_1.major			= 2;
+	ul_1.minor			= 3;
+	ul_1.processor			= 4567;
+
+	status = dcerpc_spoolss_OpenPrinterEx_r(b, tctx, &op);
+	torture_assert_ntstatus_ok(tctx, status, "OpenPrinterEx failed");
+	torture_assert_werr_ok(tctx, op.out.result, "OpenPrinterEx failed");
+
+	return true;
+}
+
+static bool test_OpenPrinterAsAdmin(struct torture_context *tctx,
+					struct dcerpc_binding_handle *b,
+					const char *printername)
+{
+	NTSTATUS status;
+	struct spoolss_OpenPrinterEx op;
+	struct spoolss_ClosePrinter cp;
+	struct spoolss_UserLevel1 ul_1;
+	struct policy_handle handle;
+
+	ul_1.size 			= 1234;
+	ul_1.client			= "\\clientname";
+	ul_1.user			= "username";
+	ul_1.build			= 1;
+	ul_1.major			= 2;
+	ul_1.minor			= 3;
+	ul_1.processor			= 4567;
+
+	op.in.printername		= talloc_strdup(tctx, printername);
+	op.in.datatype			= NULL;
+	op.in.devmode_ctr.devmode	= NULL;
+	op.in.access_mask		= SERVER_ALL_ACCESS;
+	op.in.userlevel_ctr.level	= 1;
+	op.in.userlevel_ctr.user_info.level1 = &ul_1;
+	op.out.handle			= &handle;
+
+	cp.in.handle			= &handle;
+	cp.out.handle			= &handle;
+
+	torture_comment(tctx, "Testing OpenPrinterEx(%s) with admin rights\n",
+			op.in.printername);
+
+	status = dcerpc_spoolss_OpenPrinterEx_r(b, tctx, &op);
+
+	if (NT_STATUS_IS_OK(status) && W_ERROR_IS_OK(op.out.result)) {
+		status = dcerpc_spoolss_ClosePrinter_r(b, tctx, &cp);
+		torture_assert_ntstatus_ok(tctx, status, "ClosePrinter failed");
+	}
+
+	return true;
+}
+
+
+
+/* This replicates the opening sequence of OpenPrinterEx calls XP does */
+static bool test_OpenPrinterSequence(struct torture_context *tctx,
+					struct dcerpc_pipe *p,
+					struct policy_handle *handle)
+{
+	bool ret;
+	char *printername = talloc_asprintf(tctx, "\\\\%s",
+			dcerpc_server_name(p));
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	/* First, see if we can open the printer read_only */
+	ret = test_OpenPrinterEx(tctx, b, handle, printername, 0);
+	torture_assert(tctx, ret == true, "OpenPrinterEx failed.");
+
+	ret = test_ClosePrinter(tctx, b, handle);
+	torture_assert(tctx, ret, "ClosePrinter failed");
+
+	/* Now let's see if we have admin rights to it. */
+	ret = test_OpenPrinterAsAdmin(tctx, b, printername);
+	torture_assert(tctx, ret == true,
+			"OpenPrinterEx as admin failed unexpectedly.");
+
+	ret = test_OpenPrinterEx(tctx, b, handle, printername, SERVER_EXECUTE);
+	torture_assert(tctx, ret == true, "OpenPrinterEx failed.");
+
+	return true;
+}
+
+static bool test_GetPrinterData(struct torture_context *tctx,
+				struct dcerpc_binding_handle *b,
+				struct policy_handle *handle,
+				const char *value_name,
+				WERROR expected_werr,
+				uint32_t expected_value)
+{
+	NTSTATUS status;
+	struct spoolss_GetPrinterData gpd;
+	uint32_t needed;
+	enum winreg_Type type;
+	uint8_t *data = talloc_zero_array(tctx, uint8_t, 4);
+
+	torture_comment(tctx, "Testing GetPrinterData(%s).\n", value_name);
+	gpd.in.handle = handle;
+	gpd.in.value_name = value_name;
+	gpd.in.offered = 4;
+	gpd.out.needed = &needed;
+	gpd.out.type = &type;
+	gpd.out.data = data;
+
+	status = dcerpc_spoolss_GetPrinterData_r(b, tctx, &gpd);
+	torture_assert_ntstatus_ok(tctx, status, "GetPrinterData failed.");
+	torture_assert_werr_equal(tctx, gpd.out.result, expected_werr,
+			"GetPrinterData did not return expected error value.");
+
+	if (W_ERROR_IS_OK(expected_werr)) {
+		uint32_t value = IVAL(data, 0);
+		torture_assert_int_equal(tctx, value,
+			expected_value,
+			talloc_asprintf(tctx, "GetPrinterData for %s did not return expected value.", value_name));
+	}
+	return true;
+}
+
+static bool test_EnumPrinters(struct torture_context *tctx,
+				struct dcerpc_pipe *p,
+				struct test_spoolss_win_context *ctx,
+				uint32_t initial_blob_size)
+{
+	NTSTATUS status;
+	struct spoolss_EnumPrinters ep;
+	DATA_BLOB blob = data_blob_talloc_zero(ctx, initial_blob_size);
+	uint32_t needed;
+	uint32_t count;
+	union spoolss_PrinterInfo *info;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	ep.in.flags = PRINTER_ENUM_NAME;
+	ep.in.server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	ep.in.level = 2;
+	ep.in.buffer = &blob;
+	ep.in.offered = initial_blob_size;
+	ep.out.needed = &needed;
+	ep.out.count = &count;
+	ep.out.info = &info;
+
+	status = dcerpc_spoolss_EnumPrinters_r(b, ctx, &ep);
+	torture_assert_ntstatus_ok(tctx, status, "EnumPrinters failed.");
+
+	if (W_ERROR_EQUAL(ep.out.result, WERR_INSUFFICIENT_BUFFER)) {
+		blob = data_blob_talloc_zero(ctx, needed);
+		ep.in.buffer = &blob;
+		ep.in.offered = needed;
+		status = dcerpc_spoolss_EnumPrinters_r(b, ctx, &ep);
+		torture_assert_ntstatus_ok(tctx, status,"EnumPrinters failed.");
+	}
+
+	torture_assert_werr_ok(tctx, ep.out.result, "EnumPrinters failed.");
+
+	ctx->printer_count = count;
+	ctx->printer_info = info;
+
+	torture_comment(tctx, "Found %d printer(s).\n", ctx->printer_count);
+
+	return true;
+}
+
+static bool test_GetPrinter(struct torture_context *tctx,
+				struct dcerpc_binding_handle *b,
+				struct policy_handle *handle,
+				struct test_spoolss_win_context *ctx,
+				uint32_t level,
+				uint32_t initial_blob_size)
+{
+	NTSTATUS status;
+	struct spoolss_GetPrinter gp;
+	DATA_BLOB blob = data_blob_talloc_zero(ctx, initial_blob_size);
+	uint32_t needed;
+
+	torture_comment(tctx, "Test GetPrinter level %d\n", level);
+
+	gp.in.handle = handle;
+	gp.in.level = level;
+	gp.in.buffer = (initial_blob_size == 0)?NULL:&blob;
+	gp.in.offered = initial_blob_size;
+	gp.out.needed = &needed;
+
+	status = dcerpc_spoolss_GetPrinter_r(b, tctx, &gp);
+	torture_assert_ntstatus_ok(tctx, status, "GetPrinter failed");
+
+	if (W_ERROR_EQUAL(gp.out.result, WERR_INSUFFICIENT_BUFFER)) {
+		blob = data_blob_talloc_zero(ctx, needed);
+		gp.in.buffer = &blob;
+		gp.in.offered = needed;
+		status = dcerpc_spoolss_GetPrinter_r(b, tctx, &gp);
+		torture_assert_ntstatus_ok(tctx, status, "GetPrinter failed");
+	}
+
+	torture_assert_werr_ok(tctx, gp.out.result, "GetPrinter failed");
+
+	ctx->current_info = gp.out.info;
+
+	if (level == 2 && gp.out.info) {
+		ctx->printer_has_driver = gp.out.info->info2.drivername &&
+					  strlen(gp.out.info->info2.drivername);
+	}
+
+	return true;
+}
+
+static bool test_EnumJobs(struct torture_context *tctx,
+				struct dcerpc_binding_handle *b,
+				struct policy_handle *handle)
+{
+	NTSTATUS status;
+	struct spoolss_EnumJobs ej;
+	DATA_BLOB blob = data_blob_talloc_zero(tctx, 1024);
+	uint32_t needed;
+	uint32_t count;
+	union spoolss_JobInfo *info;
+
+	torture_comment(tctx, "Test EnumJobs\n");
+
+	ZERO_STRUCT(ej);
+	ej.in.handle = handle;
+	ej.in.firstjob = 0;
+	ej.in.numjobs = 0;
+	ej.in.level = 2;
+	ej.in.buffer = &blob;
+	ej.in.offered = 1024;
+	ej.out.needed = &needed;
+	ej.out.count = &count;
+	ej.out.info = &info;
+
+	status = dcerpc_spoolss_EnumJobs_r(b, tctx, &ej);
+	torture_assert_ntstatus_ok(tctx, status, "EnumJobs failed");
+	if (W_ERROR_EQUAL(ej.out.result, WERR_INSUFFICIENT_BUFFER)) {
+		blob = data_blob_talloc_zero(tctx, needed);
+		ej.in.offered = needed;
+		ej.in.buffer = &blob;
+		status = dcerpc_spoolss_EnumJobs_r(b, tctx, &ej);
+		torture_assert_ntstatus_ok(tctx, status, "EnumJobs failed");
+	}
+	torture_assert_werr_ok(tctx, ej.out.result, "EnumJobs failed");
+
+	return true;
+}
+
+static bool test_GetPrinterDriver2(struct torture_context *tctx,
+					struct dcerpc_binding_handle *b,
+					struct test_spoolss_win_context *ctx,
+					struct policy_handle *handle)
+{
+	NTSTATUS status;
+	struct spoolss_GetPrinterDriver2 gpd2;
+	DATA_BLOB blob = data_blob_talloc_zero(tctx, 87424);
+	uint32_t needed;
+	uint32_t server_major_version;
+	uint32_t server_minor_version;
+
+	torture_comment(tctx, "Testing GetPrinterDriver2\n");
+
+	gpd2.in.handle = handle;
+	gpd2.in.architecture = "Windows NT x86";
+	gpd2.in.level = 101;
+	gpd2.in.buffer = &blob;
+	gpd2.in.offered = 87424;
+	gpd2.in.client_major_version = 3;
+	gpd2.in.client_minor_version = 0;
+	gpd2.out.needed = &needed;
+	gpd2.out.server_major_version = &server_major_version;
+	gpd2.out.server_minor_version = &server_minor_version;
+
+	status = dcerpc_spoolss_GetPrinterDriver2_r(b, tctx, &gpd2);
+	torture_assert_ntstatus_ok(tctx, status, "GetPrinterDriver2 failed");
+
+	if (ctx->printer_has_driver) {
+		torture_assert_werr_ok(tctx, gpd2.out.result,
+				"GetPrinterDriver2 failed.");
+	}
+
+	return true;
+}
+
+static bool test_EnumForms(struct torture_context *tctx,
+				struct dcerpc_binding_handle *b,
+				struct policy_handle *handle,
+				uint32_t initial_blob_size)
+{
+	NTSTATUS status;
+	struct spoolss_EnumForms ef;
+	DATA_BLOB blob = data_blob_talloc_zero(tctx, initial_blob_size);
+	uint32_t needed;
+	uint32_t count;
+	union spoolss_FormInfo *info;
+
+	torture_comment(tctx, "Testing EnumForms\n");
+
+	ef.in.handle = handle;
+	ef.in.level = 1;
+	ef.in.buffer = (initial_blob_size == 0)?NULL:&blob;
+	ef.in.offered = initial_blob_size;
+	ef.out.needed = &needed;
+	ef.out.count = &count;
+	ef.out.info = &info;
+
+	status = dcerpc_spoolss_EnumForms_r(b, tctx, &ef);
+	torture_assert_ntstatus_ok(tctx, status, "EnumForms failed");
+
+	if (W_ERROR_EQUAL(ef.out.result, WERR_INSUFFICIENT_BUFFER)) {
+		blob = data_blob_talloc_zero(tctx, needed);
+		ef.in.buffer = &blob;
+		ef.in.offered = needed;
+		status = dcerpc_spoolss_EnumForms_r(b, tctx, &ef);
+		torture_assert_ntstatus_ok(tctx, status, "EnumForms failed");
+	}
+
+	torture_assert_werr_ok(tctx, ef.out.result, "EnumForms failed");
+
+	return true;
+}
+
+static bool test_EnumPrinterKey(struct torture_context *tctx,
+				struct dcerpc_binding_handle *b,
+				struct policy_handle *handle,
+				const char* key,
+				struct test_spoolss_win_context *ctx)
+{
+	NTSTATUS status;
+	struct spoolss_EnumPrinterKey epk;
+	uint32_t needed = 0;
+	union spoolss_KeyNames key_buffer;
+	uint32_t _ndr_size;
+
+	torture_comment(tctx, "Testing EnumPrinterKey(%s)\n", key);
+
+	epk.in.handle = handle;
+	epk.in.key_name = talloc_strdup(tctx, key);
+	epk.in.offered = 0;
+	epk.out.needed = &needed;
+	epk.out.key_buffer = &key_buffer;
+	epk.out._ndr_size = &_ndr_size;
+
+	status = dcerpc_spoolss_EnumPrinterKey_r(b, tctx, &epk);
+	torture_assert_ntstatus_ok(tctx, status, "EnumPrinterKey failed");
+
+	if (W_ERROR_EQUAL(epk.out.result, WERR_MORE_DATA)) {
+		epk.in.offered = needed;
+		status = dcerpc_spoolss_EnumPrinterKey_r(b, tctx, &epk);
+		torture_assert_ntstatus_ok(tctx, status,
+				"EnumPrinterKey failed");
+	}
+
+	torture_assert_werr_ok(tctx, epk.out.result, "EnumPrinterKey failed");
+
+	ctx->printer_keys = key_buffer.string_array;
+
+	return true;
+}
+
+static bool test_EnumPrinterDataEx(struct torture_context *tctx,
+					struct dcerpc_binding_handle *b,
+					struct policy_handle *handle,
+					const char *key,
+					uint32_t initial_blob_size,
+					WERROR expected_error)
+{
+	NTSTATUS status;
+	struct spoolss_EnumPrinterDataEx epde;
+	struct spoolss_PrinterEnumValues *info;
+	uint32_t needed;
+	uint32_t count;
+
+	torture_comment(tctx, "Testing EnumPrinterDataEx(%s)\n", key);
+
+	epde.in.handle = handle;
+	epde.in.key_name = talloc_strdup(tctx, key);
+	epde.in.offered = 0;
+	epde.out.needed = &needed;
+	epde.out.count = &count;
+	epde.out.info = &info;
+
+	status = dcerpc_spoolss_EnumPrinterDataEx_r(b, tctx, &epde);
+	torture_assert_ntstatus_ok(tctx, status, "EnumPrinterDataEx failed.");
+	if (W_ERROR_EQUAL(epde.out.result, WERR_MORE_DATA)) {
+		epde.in.offered = needed;
+		status = dcerpc_spoolss_EnumPrinterDataEx_r(b, tctx, &epde);
+		torture_assert_ntstatus_ok(tctx, status,
+				"EnumPrinterDataEx failed.");
+	}
+
+	torture_assert_werr_equal(tctx, epde.out.result, expected_error,
+			"EnumPrinterDataEx failed.");
+
+	return true;
+}
+
+static bool test_WinXP(struct torture_context *tctx, struct dcerpc_pipe *p)
+{
+	bool ret = true;
+	struct test_spoolss_win_context *ctx, *tmp_ctx;
+	struct policy_handle handle01, handle02, handle03, handle04;
+	/* Sometimes a handle stays unused. In order to make this clear in the
+	 * code, the unused_handle structures are used for that. */
+	struct policy_handle unused_handle1, unused_handle2;
+	char *server_name;
+	uint32_t i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	ctx = talloc_zero(tctx, struct test_spoolss_win_context);
+	tmp_ctx = talloc_zero(tctx, struct test_spoolss_win_context);
+
+	ret &= test_OpenPrinterSequence(tctx, p, &handle01);
+	ret &= test_GetPrinterData(tctx, b, &handle01,"UISingleJobStatusString",
+			WERR_INVALID_PARAMETER, 0);
+	torture_comment(tctx, "Skip RemoteFindNextPrinterChangeNotifyEx test\n");
+
+	server_name = talloc_asprintf(ctx, "\\\\%s", dcerpc_server_name(p));
+	ret &= test_OpenPrinterEx(tctx, b, &unused_handle1, server_name, 0);
+
+	ret &= test_EnumPrinters(tctx, p, ctx, 1024);
+
+	ret &= test_OpenPrinterEx(tctx, b, &handle02, server_name, 0);
+	ret &= test_GetPrinterData(tctx, b, &handle02, "MajorVersion", WERR_OK,
+			3);
+	ret &= test_ClosePrinter(tctx, b, &handle02);
+
+	/* If no printers were found, skip all tests that need a printer */
+	if (ctx->printer_count == 0) {
+		goto end_testWinXP;
+	}
+
+	ret &= test_OpenPrinterEx(tctx, b, &handle02,
+			ctx->printer_info[0].info2.printername,
+			PRINTER_ACCESS_USE);
+	ret &= test_GetPrinter(tctx, b, &handle02, ctx, 2, 0);
+
+	torture_assert_str_equal(tctx, ctx->current_info->info2.printername,
+			ctx->printer_info[0].info2.printername,
+			"GetPrinter returned unexpected printername");
+	/*FIXME: Test more components of the PrinterInfo2 struct */
+
+	ret &= test_OpenPrinterEx(tctx, b, &handle03,
+			ctx->printer_info[0].info2.printername, 0);
+	ret &= test_GetPrinter(tctx, b, &handle03, ctx, 0, 1164);
+	ret &= test_GetPrinter(tctx, b, &handle03, ctx, 2, 0);
+
+	ret &= test_OpenPrinterEx(tctx, b, &handle04,
+			ctx->printer_info[0].info2.printername, 0);
+	ret &= test_GetPrinter(tctx, b, &handle04, ctx, 2, 0);
+	ret &= test_ClosePrinter(tctx, b, &handle04);
+
+	ret &= test_OpenPrinterEx(tctx, b, &handle04,
+			ctx->printer_info[0].info2.printername, 0);
+	ret &= test_GetPrinter(tctx, b, &handle04, ctx, 2, 4096);
+	ret &= test_ClosePrinter(tctx, b, &handle04);
+
+	ret &= test_OpenPrinterAsAdmin(tctx, b,
+			ctx->printer_info[0].info2.printername);
+
+	ret &= test_OpenPrinterEx(tctx, b, &handle04,
+			ctx->printer_info[0].info2.printername, PRINTER_READ);
+	ret &= test_GetPrinterData(tctx, b, &handle04,"UISingleJobStatusString",
+			WERR_FILE_NOT_FOUND, 0);
+	torture_comment(tctx, "Skip RemoteFindNextPrinterChangeNotifyEx test\n");
+
+	ret &= test_OpenPrinterEx(tctx, b, &unused_handle2,
+			ctx->printer_info[0].info2.printername, 0);
+
+	ret &= test_EnumJobs(tctx, b, &handle04);
+	ret &= test_GetPrinter(tctx, b, &handle04, ctx, 2, 4096);
+
+	ret &= test_ClosePrinter(tctx, b, &unused_handle2);
+	ret &= test_ClosePrinter(tctx, b, &handle04);
+
+	ret &= test_EnumPrinters(tctx, p, ctx, 1556);
+	ret &= test_GetPrinterDriver2(tctx, b, ctx, &handle03);
+	ret &= test_EnumForms(tctx, b, &handle03, 0);
+
+	ret &= test_EnumPrinterKey(tctx, b, &handle03, "", ctx);
+
+	for (i=0; ctx->printer_keys && ctx->printer_keys[i] != NULL; i++) {
+
+		ret &= test_EnumPrinterKey(tctx, b, &handle03,
+					   ctx->printer_keys[i],
+					   tmp_ctx);
+		ret &= test_EnumPrinterDataEx(tctx, b, &handle03,
+					      ctx->printer_keys[i], 0,
+					      WERR_OK);
+	}
+
+	ret &= test_EnumPrinterDataEx(tctx, b, &handle03, "", 0,
+			WERR_INVALID_PARAMETER);
+
+	ret &= test_GetPrinter(tctx, b, &handle03, tmp_ctx, 2, 0);
+
+	ret &= test_OpenPrinterEx(tctx, b, &unused_handle2,
+			ctx->printer_info[0].info2.printername, 0);
+	ret &= test_ClosePrinter(tctx, b, &unused_handle2);
+
+	ret &= test_GetPrinter(tctx, b, &handle03, tmp_ctx, 2, 2556);
+
+	ret &= test_OpenPrinterEx(tctx, b, &unused_handle2,
+			ctx->printer_info[0].info2.printername, 0);
+	ret &= test_ClosePrinter(tctx, b, &unused_handle2);
+
+	ret &= test_OpenPrinterEx(tctx, b, &unused_handle2,
+			ctx->printer_info[0].info2.printername, 0);
+	ret &= test_ClosePrinter(tctx, b, &unused_handle2);
+
+	ret &= test_GetPrinter(tctx, b, &handle03, tmp_ctx, 7, 0);
+
+	ret &= test_OpenPrinterEx(tctx, b, &unused_handle2,
+			ctx->printer_info[0].info2.printername, 0);
+	ret &= test_ClosePrinter(tctx, b, &unused_handle2);
+
+	ret &= test_ClosePrinter(tctx, b, &handle03);
+
+	ret &= test_OpenPrinterEx(tctx, b, &unused_handle2,
+			ctx->printer_info[0].info2.printername, 0);
+	ret &= test_ClosePrinter(tctx, b, &unused_handle2);
+
+	ret &= test_OpenPrinterEx(tctx, b, &handle03, server_name, 0);
+	ret &= test_GetPrinterData(tctx, b, &handle03, "W3SvcInstalled",
+			WERR_OK, 0);
+	ret &= test_ClosePrinter(tctx, b, &handle03);
+
+	ret &= test_ClosePrinter(tctx, b, &unused_handle1);
+	ret &= test_ClosePrinter(tctx, b, &handle02);
+
+	ret &= test_OpenPrinterEx(tctx, b, &handle02,
+			ctx->printer_info[0].info2.sharename, 0);
+	ret &= test_GetPrinter(tctx, b, &handle02, tmp_ctx, 2, 0);
+	ret &= test_ClosePrinter(tctx, b, &handle02);
+
+end_testWinXP:
+	ret &= test_ClosePrinter(tctx, b, &handle01);
+
+	talloc_free(tmp_ctx);
+	talloc_free(ctx);
+	return ret;
+}
+
+struct torture_suite *torture_rpc_spoolss_win(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "spoolss.win");
+
+	struct torture_rpc_tcase *tcase = torture_suite_add_rpc_iface_tcase(suite, 
+							"win", &ndr_table_spoolss);
+
+	torture_rpc_tcase_add_test(tcase, "testWinXP", test_WinXP);
+
+	return suite;
+}
+
diff --git a/source4/torture/rpc/srvsvc.c b/source4/torture/rpc/srvsvc.c
new file mode 100644
index 0000000..c777f36
--- /dev/null
+++ b/source4/torture/rpc/srvsvc.c
@@ -0,0 +1,1206 @@
+/* 
+   Unix SMB/CIFS implementation.
+   test suite for srvsvc rpc operations
+
+   Copyright (C) Stefan (metze) Metzmacher 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_srvsvc_c.h"
+#include "torture/rpc/torture_rpc.h"
+
+/**************************/
+/* srvsvc_NetCharDev      */
+/**************************/
+static bool test_NetCharDevGetInfo(struct dcerpc_pipe *p, struct torture_context *tctx,
+				const char *devname)
+{
+	NTSTATUS status;
+	struct srvsvc_NetCharDevGetInfo r;
+	union srvsvc_NetCharDevInfo info;
+	uint32_t levels[] = {0, 1};
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.server_unc = talloc_asprintf(tctx,"\\\\%s",dcerpc_server_name(p));
+	r.in.device_name = devname;
+	r.out.info = &info;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		r.in.level = levels[i];
+		torture_comment(tctx, "Testing NetCharDevGetInfo level %u on device '%s'\n",
+			r.in.level, r.in.device_name);
+		status = dcerpc_srvsvc_NetCharDevGetInfo_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "NetCharDevGetInfo failed");
+		torture_assert_werr_ok(tctx, r.out.result, "NetCharDevGetInfo failed");
+	}
+
+	return true;
+}
+
+static bool test_NetCharDevControl(struct dcerpc_pipe *p, struct torture_context *tctx,
+				const char *devname)
+{
+	NTSTATUS status;
+	struct srvsvc_NetCharDevControl r;
+	uint32_t opcodes[] = {0, 1};
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.server_unc = talloc_asprintf(tctx,"\\\\%s",dcerpc_server_name(p));
+	r.in.device_name = devname;
+
+	for (i=0;i<ARRAY_SIZE(opcodes);i++) {
+		ZERO_STRUCT(r.out);
+		r.in.opcode = opcodes[i];
+		torture_comment(tctx, "Testing NetCharDevControl opcode %u on device '%s'\n", 
+			r.in.opcode, r.in.device_name);
+		status = dcerpc_srvsvc_NetCharDevControl_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "NetCharDevControl failed");
+		torture_assert_werr_ok(tctx, r.out.result, "NetCharDevControl failed");
+	}
+
+	return true;
+}
+
+static bool test_NetCharDevEnum(struct torture_context *tctx, 
+								struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct srvsvc_NetCharDevEnum r;
+	struct srvsvc_NetCharDevInfoCtr info_ctr;
+	struct srvsvc_NetCharDevCtr0 c0;
+	struct srvsvc_NetCharDevCtr0 c1;
+	uint32_t totalentries = 0;
+	uint32_t levels[] = {0, 1};
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	ZERO_STRUCT(info_ctr);
+
+	r.in.server_unc = talloc_asprintf(tctx,"\\\\%s",dcerpc_server_name(p));
+	r.in.info_ctr = &info_ctr;
+	r.in.max_buffer = (uint32_t)-1;
+	r.in.resume_handle = NULL;
+	r.out.info_ctr = &info_ctr;
+	r.out.totalentries = &totalentries;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		int j;
+
+		info_ctr.level = levels[i];
+
+		switch(info_ctr.level) {
+		case 0:
+			ZERO_STRUCT(c0);
+			info_ctr.ctr.ctr0 = &c0;
+			break;
+		case 1:
+			ZERO_STRUCT(c1);
+			info_ctr.ctr.ctr0 = &c1;
+			break;
+		}
+
+		torture_comment(tctx, "Testing NetCharDevEnum level %u\n", info_ctr.level);
+		status = dcerpc_srvsvc_NetCharDevEnum_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "NetCharDevEnum failed");
+		if (!W_ERROR_IS_OK(r.out.result)) {
+			torture_comment(tctx, "NetCharDevEnum failed: %s\n", win_errstr(r.out.result));
+			continue;
+		}
+
+		/* call test_NetCharDevGetInfo and test_NetCharDevControl for each returned share */
+		if (info_ctr.level == 1) {
+			for (j=0;j<r.out.info_ctr->ctr.ctr1->count;j++) {
+				const char *device;
+				device = r.out.info_ctr->ctr.ctr1->array[j].device;
+				if (!test_NetCharDevGetInfo(p, tctx, device)) {
+					return false;
+				}
+				if (!test_NetCharDevControl(p, tctx, device)) {
+					return false;
+				}
+			}
+		}
+	}
+
+	return true;
+}
+
+/**************************/
+/* srvsvc_NetCharDevQ     */
+/**************************/
+static bool test_NetCharDevQGetInfo(struct dcerpc_pipe *p, struct torture_context *tctx,
+				const char *devicequeue)
+{
+	NTSTATUS status;
+	struct srvsvc_NetCharDevQGetInfo r;
+	union srvsvc_NetCharDevQInfo info;
+	uint32_t levels[] = {0, 1};
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.server_unc = talloc_asprintf(tctx,"\\\\%s",dcerpc_server_name(p));
+	r.in.queue_name = devicequeue;
+	r.in.user = talloc_asprintf(tctx,"Administrator");
+	r.out.info = &info;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		r.in.level = levels[i];
+		torture_comment(tctx, "Testing NetCharDevQGetInfo level %u on devicequeue '%s'\n",
+			r.in.level, r.in.queue_name);
+		status = dcerpc_srvsvc_NetCharDevQGetInfo_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "NetCharDevQGetInfo failed");
+		torture_assert_werr_ok(tctx, r.out.result, "NetCharDevQGetInfo failed");
+	}
+
+	return true;
+}
+
+#if 0
+static bool test_NetCharDevQSetInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+				const char *devicequeue)
+{
+	NTSTATUS status;
+	struct srvsvc_NetCharDevQSetInfo r;
+	uint32_t parm_error;
+	uint32_t levels[] = {0, 1};
+	int i;
+	bool ret = true;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.server_unc = talloc_asprintf(mem_ctx,"\\\\%s",dcerpc_server_name(p));
+	r.in.queue_name = devicequeue;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		ZERO_STRUCT(r.out);
+		parm_error = 0;
+		r.in.level = levels[i];
+		d_printf("testing NetCharDevQSetInfo level %u on devicequeue '%s'\n", 
+			r.in.level, devicequeue);
+		switch (r.in.level) {
+		case 0:
+			r.in.info.info0 = talloc(mem_ctx, struct srvsvc_NetCharDevQInfo0);
+			r.in.info.info0->device = r.in.queue_name;
+			break;
+		case 1:
+			r.in.info.info1 = talloc(mem_ctx, struct srvsvc_NetCharDevQInfo1);
+			r.in.info.info1->device = r.in.queue_name;
+			r.in.info.info1->priority = 0x000;
+			r.in.info.info1->devices = r.in.queue_name;
+			r.in.info.info1->users = 0x000;
+			r.in.info.info1->num_ahead = 0x000;
+			break;
+		default:
+			break;
+		}
+		r.in.parm_error = &parm_error;
+		status = dcerpc_srvsvc_NetCharDevQSetInfo_r(b, mem_ctx, &r);
+		if (!NT_STATUS_IS_OK(status)) {
+			d_printf("NetCharDevQSetInfo level %u on devicequeue '%s' failed - %s\n",
+				r.in.level, r.in.queue_name, nt_errstr(status));
+			ret = false;
+			continue;
+		}
+		if (!W_ERROR_IS_OK(r.out.result)) {
+			d_printf("NetCharDevQSetInfo level %u on devicequeue '%s' failed - %s\n",
+				r.in.level, r.in.queue_name, win_errstr(r.out.result));
+			continue;
+		}
+	}
+
+	return ret;
+}
+#endif
+
+static bool test_NetCharDevQEnum(struct torture_context *tctx, 
+				 struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct srvsvc_NetCharDevQEnum r;
+	struct srvsvc_NetCharDevQInfoCtr info_ctr;
+	struct srvsvc_NetCharDevQCtr0 c0;
+	struct srvsvc_NetCharDevQCtr1 c1;
+	uint32_t totalentries = 0;
+	uint32_t levels[] = {0, 1};
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	ZERO_STRUCT(info_ctr);
+
+	r.in.server_unc = talloc_asprintf(tctx,"\\\\%s",dcerpc_server_name(p));
+	r.in.user = talloc_asprintf(tctx,"%s","Administrator");
+	r.in.info_ctr = &info_ctr;
+	r.in.max_buffer = (uint32_t)-1;
+	r.in.resume_handle = NULL;
+	r.out.totalentries = &totalentries;
+	r.out.info_ctr = &info_ctr;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		int j;
+
+		info_ctr.level = levels[i];
+
+		switch (info_ctr.level) {
+		case 0:
+			ZERO_STRUCT(c0);
+			info_ctr.ctr.ctr0 = &c0;
+			break;
+		case 1:
+			ZERO_STRUCT(c1);
+			info_ctr.ctr.ctr1 = &c1;
+			break;
+		}
+		torture_comment(tctx, "Testing NetCharDevQEnum level %u\n", info_ctr.level);
+		status = dcerpc_srvsvc_NetCharDevQEnum_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "NetCharDevQEnum failed");
+		if (!W_ERROR_IS_OK(r.out.result)) {
+			torture_comment(tctx, "NetCharDevQEnum failed: %s\n", win_errstr(r.out.result));
+			continue;
+		}
+
+		/* call test_NetCharDevGetInfo and test_NetCharDevControl for each returned share */
+		if (info_ctr.level == 1) {
+			for (j=0;j<r.out.info_ctr->ctr.ctr1->count;j++) {
+				const char *device;
+				device = r.out.info_ctr->ctr.ctr1->array[j].device;
+				if (!test_NetCharDevQGetInfo(p, tctx, device)) {
+					return false;
+				}
+			}
+		}
+	}
+
+	return true;
+}
+
+/**************************/
+/* srvsvc_NetConn         */
+/**************************/
+static bool test_NetConnEnum(struct torture_context *tctx,
+			     struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct srvsvc_NetConnEnum r;
+	struct srvsvc_NetConnInfoCtr info_ctr;
+	struct srvsvc_NetConnCtr0 c0;
+	struct srvsvc_NetConnCtr1 c1;
+	uint32_t totalentries = 0;
+	uint32_t levels[] = {0, 1};
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	ZERO_STRUCT(info_ctr);
+
+	r.in.server_unc = talloc_asprintf(tctx,"\\\\%s",dcerpc_server_name(p));
+	r.in.path = talloc_asprintf(tctx,"%s","IPC$");
+	r.in.info_ctr = &info_ctr;
+	r.in.max_buffer = (uint32_t)-1;
+	r.in.resume_handle = NULL;
+	r.out.totalentries = &totalentries;
+	r.out.info_ctr = &info_ctr;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		info_ctr.level = levels[i];
+
+		switch (info_ctr.level) {
+		case 0:
+			ZERO_STRUCT(c0);
+			info_ctr.ctr.ctr0 = &c0;
+			break;
+		case 1:
+			ZERO_STRUCT(c1);
+			info_ctr.ctr.ctr1 = &c1;
+			break;
+		}
+
+		torture_comment(tctx, "Testing NetConnEnum level %u\n", info_ctr.level);
+		status = dcerpc_srvsvc_NetConnEnum_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "NetConnEnum failed");
+		if (!W_ERROR_IS_OK(r.out.result)) {
+			torture_comment(tctx, "NetConnEnum failed: %s\n", win_errstr(r.out.result));
+		}
+	}
+
+	return true;
+}
+
+/**************************/
+/* srvsvc_NetFile         */
+/**************************/
+static bool test_NetFileEnum(struct torture_context *tctx,
+			     struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct srvsvc_NetFileEnum r;
+	struct srvsvc_NetFileInfoCtr info_ctr;
+	struct srvsvc_NetFileCtr2 c2;
+	struct srvsvc_NetFileCtr3 c3;
+	uint32_t totalentries = 0;
+	uint32_t levels[] = {2, 3};
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	ZERO_STRUCT(info_ctr);
+
+	r.in.server_unc = talloc_asprintf(tctx,"\\\\%s",dcerpc_server_name(p));
+	r.in.path = NULL;
+	r.in.user = NULL;
+	r.in.info_ctr = &info_ctr;
+	r.in.max_buffer = (uint32_t)4096;
+	r.in.resume_handle = NULL;
+	r.out.totalentries = &totalentries;
+	r.out.info_ctr = &info_ctr;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		info_ctr.level = levels[i];
+
+		switch (info_ctr.level) {
+		case 2:
+			ZERO_STRUCT(c2);
+			info_ctr.ctr.ctr2 = &c2;
+			break;
+		case 3:
+			ZERO_STRUCT(c3);
+			info_ctr.ctr.ctr3 = &c3;
+			break;
+		}
+		torture_comment(tctx, "Testing NetFileEnum level %u\n", info_ctr.level);
+		status = dcerpc_srvsvc_NetFileEnum_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "NetFileEnum failed");
+		if (!W_ERROR_IS_OK(r.out.result)) {
+			torture_comment(tctx, "NetFileEnum failed: %s\n", win_errstr(r.out.result));
+		}
+	}
+
+	return true;
+}
+
+/**************************/
+/* srvsvc_NetSess         */
+/**************************/
+static bool test_NetSessEnum(struct torture_context *tctx,
+			     struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct srvsvc_NetSessEnum r;
+	struct srvsvc_NetSessInfoCtr info_ctr;
+	struct srvsvc_NetSessCtr0 c0;
+	struct srvsvc_NetSessCtr1 c1;
+	struct srvsvc_NetSessCtr2 c2;
+	struct srvsvc_NetSessCtr10 c10;
+	struct srvsvc_NetSessCtr502 c502;
+	uint32_t totalentries = 0;
+	uint32_t levels[] = {0, 1, 2, 10, 502};
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	ZERO_STRUCT(info_ctr);
+
+	r.in.server_unc = talloc_asprintf(tctx,"\\\\%s",dcerpc_server_name(p));
+	r.in.client = NULL;
+	r.in.user = NULL;
+	r.in.info_ctr = &info_ctr;
+	r.in.max_buffer = (uint32_t)-1;
+	r.in.resume_handle = NULL;
+	r.out.totalentries = &totalentries;
+	r.out.info_ctr = &info_ctr;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		info_ctr.level = levels[i];
+
+		switch (info_ctr.level) {
+		case 0:
+			ZERO_STRUCT(c0);
+			info_ctr.ctr.ctr0 = &c0;
+			break;
+		case 1:
+			ZERO_STRUCT(c1);
+			info_ctr.ctr.ctr1 = &c1;
+			break;
+		case 2:
+			ZERO_STRUCT(c2);
+			info_ctr.ctr.ctr2 = &c2;
+			break;
+		case 10:
+			ZERO_STRUCT(c10);
+			info_ctr.ctr.ctr10 = &c10;
+			break;
+		case 502:
+			ZERO_STRUCT(c502);
+			info_ctr.ctr.ctr502 = &c502;
+			break;
+		}
+
+		torture_comment(tctx, "Testing NetSessEnum level %u\n", info_ctr.level);
+		status = dcerpc_srvsvc_NetSessEnum_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "NetSessEnum failed");
+		if (!W_ERROR_IS_OK(r.out.result)) {
+			torture_comment(tctx, "NetSessEnum failed: %s\n", win_errstr(r.out.result));
+		}
+	}
+
+	return true;
+}
+
+/**************************/
+/* srvsvc_NetShare        */
+/**************************/
+static bool test_NetShareCheck(struct dcerpc_pipe *p, struct torture_context *tctx,
+			       const char *device_name)
+{
+	NTSTATUS status;
+	struct srvsvc_NetShareCheck r;
+	enum srvsvc_ShareType type;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.device_name = device_name;
+	r.out.type = &type;
+
+	torture_comment(tctx, 
+			"Testing NetShareCheck on device '%s'\n", r.in.device_name);
+
+	status = dcerpc_srvsvc_NetShareCheck_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "dcerpc_srvsvc_NetShareCheck failed");
+	torture_assert_werr_ok(tctx, r.out.result, "NetShareCheck failed");
+
+	return true;
+}
+
+static bool test_NetShareGetInfo(struct torture_context *tctx, 
+				 struct dcerpc_pipe *p,
+				 const char *sharename, bool admin)
+{
+	NTSTATUS status;
+	struct srvsvc_NetShareGetInfo r;
+	union srvsvc_NetShareInfo info;
+	struct {
+		uint32_t level;
+		WERROR anon_status;
+		WERROR admin_status;
+	} levels[] = {
+		 { 0,		WERR_OK,		WERR_OK },
+		 { 1,		WERR_OK,		WERR_OK },
+		 { 2,		WERR_ACCESS_DENIED,	WERR_OK },
+		 { 501,		WERR_OK,		WERR_OK },
+		 { 502,		WERR_ACCESS_DENIED,	WERR_OK },
+		 { 1005,	WERR_OK,		WERR_OK },
+	};
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.share_name = sharename;
+	r.out.info = &info;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		WERROR expected;
+
+		r.in.level = levels[i].level;
+		expected = levels[i].anon_status;
+		if (admin) expected = levels[i].admin_status;
+
+		torture_comment(tctx, "Testing NetShareGetInfo level %u on share '%s'\n", 
+		       r.in.level, r.in.share_name);
+
+		status = dcerpc_srvsvc_NetShareGetInfo_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "NetShareGetInfo failed");
+		torture_assert_werr_equal(tctx, r.out.result, expected, "NetShareGetInfo failed");
+
+		if (r.in.level != 2) continue;
+		if (!r.out.info->info2 || !r.out.info->info2->path) continue;
+		if (!test_NetShareCheck(p, tctx, r.out.info->info2->path)) {
+			return false;
+		}
+	}
+
+	return true;
+}
+
+static bool test_NetShareGetInfoAdminFull(struct torture_context *tctx, 
+					  struct dcerpc_pipe *p)
+{
+	return test_NetShareGetInfo(tctx, p, "IPC$", true);
+}
+
+static bool test_NetShareGetInfoAdminAnon(struct torture_context *tctx, 
+					  struct dcerpc_pipe *p)
+{
+	return test_NetShareGetInfo(tctx, p, "IPC$", false);
+}
+
+static bool test_NetShareAddSetDel(struct torture_context *tctx, 
+				   struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct srvsvc_NetShareAdd a;
+	struct srvsvc_NetShareSetInfo r;
+	struct srvsvc_NetShareGetInfo q;
+	struct srvsvc_NetShareDel d;
+	struct sec_desc_buf sd_buf;
+	union srvsvc_NetShareInfo info;
+	struct {
+		uint32_t level;
+		WERROR expected;
+	} levels[] = {
+		 { 0,		WERR_INVALID_LEVEL },
+		 { 1,		WERR_OK },
+		 { 2,		WERR_OK },
+		 { 501,		WERR_INVALID_LEVEL },
+		 { 502,		WERR_OK },
+		 { 1004,	WERR_OK },
+		 { 1005,	WERR_OK },
+		 { 1006,	WERR_OK },
+/*		 { 1007,	WERR_OK }, */
+		 { 1501,	WERR_OK },
+	};
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	a.in.server_unc = r.in.server_unc = q.in.server_unc = d.in.server_unc =
+		talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.share_name = talloc_strdup(tctx, "testshare");
+
+	info.info2 = talloc(tctx, struct srvsvc_NetShareInfo2);
+	info.info2->name = r.in.share_name;
+	info.info2->type = STYPE_DISKTREE;
+	info.info2->comment = talloc_strdup(tctx, "test comment");
+	info.info2->permissions = 123434566;
+	info.info2->max_users = -1;
+	info.info2->current_users = 0;
+	info.info2->path = talloc_strdup(tctx, "C:\\");
+	info.info2->password = NULL;
+
+	a.in.info = &info;
+	a.in.level = 2;
+	a.in.parm_error = NULL;
+
+	status = dcerpc_srvsvc_NetShareAdd_r(b, tctx, &a);
+	torture_assert_ntstatus_ok(tctx, status, "NetShareAdd level 2 on share 'testshare' failed");
+	torture_assert_werr_ok(tctx, a.out.result, "NetShareAdd level 2 on share 'testshare' failed");
+
+	r.in.parm_error = NULL;
+
+	q.in.level = 502;
+
+	for (i = 0; i < ARRAY_SIZE(levels); i++) {
+
+		r.in.level = levels[i].level;
+		ZERO_STRUCT(r.out);
+
+		torture_comment(tctx, "Testing NetShareSetInfo level %u on share '%s'\n", 
+		       r.in.level, r.in.share_name);
+
+		switch (levels[i].level) {
+		case 0:
+			info.info0 = talloc(tctx, struct srvsvc_NetShareInfo0);
+			info.info0->name = r.in.share_name;
+			break;
+		case 1:
+			info.info1 = talloc(tctx, struct srvsvc_NetShareInfo1);
+			info.info1->name = r.in.share_name;
+			info.info1->type = STYPE_DISKTREE;
+			info.info1->comment = talloc_strdup(tctx, "test comment 1");
+			break;
+		case 2:	
+			info.info2 = talloc(tctx, struct srvsvc_NetShareInfo2);
+			info.info2->name = r.in.share_name;
+			info.info2->type = STYPE_DISKTREE;
+			info.info2->comment = talloc_strdup(tctx, "test comment 2");
+			info.info2->permissions = 0;
+			info.info2->max_users = 2;
+			info.info2->current_users = 1;
+			info.info2->path = talloc_strdup(tctx, "::BLaH::"); /* "C:\\"); */
+			info.info2->password = NULL;
+			break;
+		case 501:
+			info.info501 = talloc(tctx, struct srvsvc_NetShareInfo501);
+			info.info501->name = r.in.share_name;
+			info.info501->type = STYPE_DISKTREE;
+			info.info501->comment = talloc_strdup(tctx, "test comment 501");
+			info.info501->csc_policy = 0;
+			break;
+		case 502:
+			ZERO_STRUCT(sd_buf);
+			info.info502 = talloc(tctx, struct srvsvc_NetShareInfo502);
+			info.info502->name = r.in.share_name;
+			info.info502->type = STYPE_DISKTREE;
+			info.info502->comment = talloc_strdup(tctx, "test comment 502");
+			info.info502->permissions = 0;
+			info.info502->max_users = 502;
+			info.info502->current_users = 1;
+			info.info502->path = talloc_strdup(tctx, "C:\\");
+			info.info502->password = NULL;
+			info.info502->sd_buf = sd_buf;
+			break;
+		case 1004:
+			info.info1004 = talloc(tctx, struct srvsvc_NetShareInfo1004);
+			info.info1004->comment = talloc_strdup(tctx, "test comment 1004");
+			break;
+		case 1005:
+			info.info1005 = talloc(tctx, struct srvsvc_NetShareInfo1005);
+			info.info1005->dfs_flags = 0;
+			break;
+		case 1006:
+			info.info1006 = talloc(tctx, struct srvsvc_NetShareInfo1006);
+			info.info1006->max_users = 1006;
+			break;
+/*		case 1007:
+			info.info1007 = talloc(tctx, struct srvsvc_NetShareInfo1007);
+			info.info1007->flags = 0;
+			info.info1007->alternate_directory_name = talloc_strdup(tctx, "test");
+			break;
+*/
+		case 1501:
+			info.info1501 = talloc_zero(tctx, struct sec_desc_buf);
+			break;
+		}
+
+		r.in.info = &info;
+
+		status = dcerpc_srvsvc_NetShareSetInfo_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "NetShareGetInfo failed");
+		torture_assert_werr_equal(tctx, r.out.result, levels[i].expected, "NetShareSetInfo failed");
+		
+		q.in.share_name = r.in.share_name;
+		q.out.info = &info;
+
+		status = dcerpc_srvsvc_NetShareGetInfo_r(b, tctx, &q);
+		torture_assert_ntstatus_ok(tctx, status, "NetShareGetInfo failed");
+		torture_assert_werr_ok(tctx, q.out.result, "NetShareGetInfo failed");
+
+		torture_assert_str_equal(tctx, q.out.info->info502->name, r.in.share_name,
+					 "share name invalid");
+
+		switch (levels[i].level) {
+		case 0:
+			break;
+		case 1:
+			torture_assert_str_equal(tctx, q.out.info->info502->comment, "test comment 1", "comment");
+			break;
+		case 2:
+			torture_assert_str_equal(tctx, q.out.info->info2->comment, "test comment 2", "comment");
+			torture_assert_int_equal(tctx, q.out.info->info2->max_users, 2, "max users");
+			torture_assert_str_equal(tctx, q.out.info->info2->path, "C:\\", "path");
+			break;
+		case 501:
+			torture_assert_str_equal(tctx, q.out.info->info501->comment, "test comment 501", "comment");
+			break;
+		case 502:
+			torture_assert_str_equal(tctx, q.out.info->info502->comment, "test comment 502", "comment");
+			torture_assert_int_equal(tctx, q.out.info->info502->max_users, 502, "max users");
+			torture_assert_str_equal(tctx, q.out.info->info502->path, "C:\\", "path");
+			break;
+		case 1004:
+			torture_assert_str_equal(tctx, q.out.info->info1004->comment, "test comment 1004",
+						 "comment");
+			break;
+		case 1005:
+			break;
+		case 1006:
+			torture_assert_int_equal(tctx, q.out.info->info1006->max_users, 1006, "Max users");
+			break;
+/*		case 1007:
+			break;
+*/
+		case 1501:
+			break;
+		}
+	}
+
+	d.in.share_name = r.in.share_name;
+	d.in.reserved = 0;
+
+	status = dcerpc_srvsvc_NetShareDel_r(b, tctx, &d);
+	torture_assert_ntstatus_ok(tctx, status, "NetShareDel on share 'testshare502' failed");
+	torture_assert_werr_ok(tctx, a.out.result, "NetShareDel on share 'testshare502' failed");
+
+	return true;
+}
+
+/**************************/
+/* srvsvc_NetShare        */
+/**************************/
+static bool test_NetShareEnumAll(struct torture_context *tctx, 
+				 struct dcerpc_pipe *p, 
+				 bool admin)
+{
+	NTSTATUS status;
+	struct srvsvc_NetShareEnumAll r;
+	struct srvsvc_NetShareInfoCtr info_ctr;
+	struct srvsvc_NetShareCtr0 c0;
+	struct srvsvc_NetShareCtr1 c1;
+	struct srvsvc_NetShareCtr2 c2;
+	struct srvsvc_NetShareCtr501 c501;
+	struct srvsvc_NetShareCtr502 c502;
+	uint32_t totalentries = 0;
+	struct {
+		uint32_t level;
+		WERROR anon_status;
+		WERROR admin_status;
+	} levels[] = {
+		 { 0,	WERR_OK,		WERR_OK },
+		 { 1,	WERR_OK,		WERR_OK },
+		 { 2,	WERR_ACCESS_DENIED,	WERR_OK },
+		 { 501,	WERR_ACCESS_DENIED,	WERR_OK },
+		 { 502,	WERR_ACCESS_DENIED,	WERR_OK },
+	};
+	int i;
+	uint32_t resume_handle;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	ZERO_STRUCT(info_ctr);
+
+	r.in.server_unc = talloc_asprintf(tctx,"\\\\%s",dcerpc_server_name(p));
+	r.in.info_ctr = &info_ctr;
+	r.in.max_buffer = (uint32_t)-1;
+	r.in.resume_handle = &resume_handle;
+	r.out.resume_handle = &resume_handle;
+	r.out.totalentries = &totalentries;
+	r.out.info_ctr = &info_ctr;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+
+		int j;
+		WERROR expected;
+
+		info_ctr.level = levels[i].level;
+
+		switch (info_ctr.level) {
+		case 0:
+			ZERO_STRUCT(c0);
+			info_ctr.ctr.ctr0 = &c0;
+			break;
+		case 1:
+			ZERO_STRUCT(c1);
+			info_ctr.ctr.ctr1 = &c1;
+			break;
+		case 2:
+			ZERO_STRUCT(c2);
+			info_ctr.ctr.ctr2 = &c2;
+			break;
+		case 501:
+			ZERO_STRUCT(c501);
+			info_ctr.ctr.ctr501 = &c501;
+			break;
+		case 502:
+			ZERO_STRUCT(c502);
+			info_ctr.ctr.ctr502 = &c502;
+			break;
+		}
+
+		expected = levels[i].anon_status;
+		if (admin) expected = levels[i].admin_status;
+
+		resume_handle = 0;
+
+		torture_comment(tctx, "Testing NetShareEnumAll level %u\n", info_ctr.level);
+		status = dcerpc_srvsvc_NetShareEnumAll_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "NetShareEnumAll failed");
+		torture_assert_werr_equal(tctx, r.out.result, expected, "NetShareEnumAll failed");
+
+		/* call srvsvc_NetShareGetInfo for each returned share */
+		if (info_ctr.level == 2 && r.out.info_ctr->ctr.ctr2) {
+			for (j=0;j<r.out.info_ctr->ctr.ctr2->count;j++) {
+				const char *name;
+				name = r.out.info_ctr->ctr.ctr2->array[j].name;
+				if (!test_NetShareGetInfo(tctx, p, name, admin)) {
+					return false;
+				}
+			}
+		}
+	}
+
+	return true;
+}
+
+static bool test_NetShareEnumAllFull(struct torture_context *tctx,
+			      struct dcerpc_pipe *p)
+{
+	return test_NetShareEnumAll(tctx, p, true);
+}
+
+static bool test_NetShareEnumAllAnon(struct torture_context *tctx,
+			      struct dcerpc_pipe *p)
+{
+	return test_NetShareEnumAll(tctx, p, false);
+}
+
+static bool test_NetShareEnum(struct torture_context *tctx,
+			      struct dcerpc_pipe *p, bool admin)
+{
+	NTSTATUS status;
+	struct srvsvc_NetShareEnum r;
+	struct srvsvc_NetShareInfoCtr info_ctr;
+	struct srvsvc_NetShareCtr0 c0;
+	struct srvsvc_NetShareCtr1 c1;
+	struct srvsvc_NetShareCtr2 c2;
+	struct srvsvc_NetShareCtr501 c501;
+	struct srvsvc_NetShareCtr502 c502;
+	uint32_t totalentries = 0;
+	struct {
+		uint32_t level;
+		WERROR anon_status;
+		WERROR admin_status;
+	} levels[] = {
+		 { 0,	WERR_OK,		WERR_OK },
+		 { 1,	WERR_OK,		WERR_OK },
+		 { 2,	WERR_ACCESS_DENIED,	WERR_OK },
+		 { 501,	WERR_INVALID_LEVEL,	WERR_INVALID_LEVEL },
+		 { 502,	WERR_ACCESS_DENIED,	WERR_OK },
+	};
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.server_unc = talloc_asprintf(tctx,"\\\\%s",dcerpc_server_name(p));
+	r.in.info_ctr = &info_ctr;
+	r.in.max_buffer = (uint32_t)-1;
+	r.in.resume_handle = NULL;
+	r.out.totalentries = &totalentries;
+	r.out.info_ctr = &info_ctr;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		WERROR expected;
+
+		info_ctr.level = levels[i].level;
+
+		switch (info_ctr.level) {
+		case 0:
+			ZERO_STRUCT(c0);
+			info_ctr.ctr.ctr0 = &c0;
+			break;
+		case 1:
+			ZERO_STRUCT(c1);
+			info_ctr.ctr.ctr1 = &c1;
+			break;
+		case 2:
+			ZERO_STRUCT(c2);
+			info_ctr.ctr.ctr2 = &c2;
+			break;
+		case 501:
+			ZERO_STRUCT(c501);
+			info_ctr.ctr.ctr501 = &c501;
+			break;
+		case 502:
+			ZERO_STRUCT(c502);
+			info_ctr.ctr.ctr502 = &c502;
+			break;
+		}
+
+		expected = levels[i].anon_status;
+		if (admin) expected = levels[i].admin_status;
+
+		torture_comment(tctx, "Testing NetShareEnum level %u\n", info_ctr.level);
+		status = dcerpc_srvsvc_NetShareEnum_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "NetShareEnum failed");
+		torture_assert_werr_equal(tctx, r.out.result, expected, "NetShareEnum failed");
+	}
+
+	return true;
+}
+
+static bool test_NetShareEnumFull(struct torture_context *tctx,
+				  struct dcerpc_pipe *p)
+{
+	return test_NetShareEnum(tctx, p, true);
+}
+
+static bool test_NetShareEnumAnon(struct torture_context *tctx,
+				  struct dcerpc_pipe *p)
+{
+	return test_NetShareEnum(tctx, p, false);
+}
+
+/**************************/
+/* srvsvc_NetSrv          */
+/**************************/
+static bool test_NetSrvGetInfo(struct torture_context *tctx, 
+			       struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct srvsvc_NetSrvGetInfo r;
+	union srvsvc_NetSrvInfo info;
+	uint32_t levels[] = {100, 101, 102, 502, 503};
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.server_unc = talloc_asprintf(tctx,"\\\\%s",dcerpc_server_name(p));
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		r.in.level = levels[i];
+		r.out.info = &info;
+		torture_comment(tctx, "Testing NetSrvGetInfo level %u\n", r.in.level);
+		status = dcerpc_srvsvc_NetSrvGetInfo_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "NetSrvGetInfo failed");
+		if (!W_ERROR_IS_OK(r.out.result)) {
+			torture_comment(tctx, "NetSrvGetInfo failed: %s\n", win_errstr(r.out.result));
+		}
+	}
+
+	return true;
+}
+
+/**************************/
+/* srvsvc_NetDisk         */
+/**************************/
+static bool test_NetDiskEnum(struct torture_context *tctx, 
+			     struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct srvsvc_NetDiskEnum r;
+	struct srvsvc_NetDiskInfo info;
+	uint32_t totalentries = 0;
+	uint32_t levels[] = {0};
+	int i;
+	uint32_t resume_handle=0;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	ZERO_STRUCT(info);
+	ZERO_STRUCT(r);
+
+	r.in.server_unc = NULL;
+	r.in.resume_handle = &resume_handle;
+	r.in.info = &info;
+	r.out.info = &info;
+	r.out.totalentries = &totalentries;
+	r.out.resume_handle = &resume_handle;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		ZERO_STRUCTP(r.out.info);
+		r.in.level = levels[i];
+		torture_comment(tctx, "Testing NetDiskEnum level %u\n", r.in.level);
+		status = dcerpc_srvsvc_NetDiskEnum_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "NetDiskEnum failed");
+		torture_assert_werr_ok(tctx, r.out.result, "NetDiskEnum failed");
+	}
+
+	return true;
+}
+
+/**************************/
+/* srvsvc_NetTransport    */
+/**************************/
+static bool test_NetTransportEnum(struct torture_context *tctx, 
+				  struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct srvsvc_NetTransportEnum r;
+	struct srvsvc_NetTransportInfoCtr transports;
+	struct srvsvc_NetTransportCtr0 ctr0;
+	struct srvsvc_NetTransportCtr1 ctr1;
+
+	uint32_t totalentries = 0;
+	uint32_t levels[] = {0, 1};
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	ZERO_STRUCT(transports);
+
+	r.in.server_unc = talloc_asprintf(tctx,"\\\\%s", dcerpc_server_name(p));
+	r.in.transports = &transports;
+	r.in.max_buffer = (uint32_t)-1;
+	r.in.resume_handle = NULL;
+	r.out.totalentries = &totalentries;
+	r.out.transports = &transports;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		transports.level = levels[i];
+		switch (transports.level) {
+		case 0:
+			ZERO_STRUCT(ctr0);
+			transports.ctr.ctr0 = &ctr0;
+			break;
+		case 1:
+			ZERO_STRUCT(ctr1);
+			transports.ctr.ctr1 = &ctr1;
+			break;
+		}
+		torture_comment(tctx, "Testing NetTransportEnum level %u\n", transports.level);
+		status = dcerpc_srvsvc_NetTransportEnum_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "NetTransportEnum failed");
+		if (!W_ERROR_IS_OK(r.out.result)) {
+			torture_comment(tctx, "unexpected result: %s\n", win_errstr(r.out.result));
+		}
+	}
+
+	return true;
+}
+
+/**************************/
+/* srvsvc_NetRemoteTOD    */
+/**************************/
+static bool test_NetRemoteTOD(struct torture_context *tctx, 
+			      struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct srvsvc_NetRemoteTOD r;
+	struct srvsvc_NetRemoteTODInfo *info = NULL;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.server_unc = talloc_asprintf(tctx,"\\\\%s",dcerpc_server_name(p));
+	r.out.info = &info;
+
+	torture_comment(tctx, "Testing NetRemoteTOD\n");
+	status = dcerpc_srvsvc_NetRemoteTOD_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "NetRemoteTOD failed");
+	torture_assert_werr_ok(tctx, r.out.result, "NetRemoteTOD failed");
+
+	return true;
+}
+
+/**************************/
+/* srvsvc_NetName         */
+/**************************/
+
+static bool test_NetNameValidate(struct torture_context *tctx, 
+								 struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct srvsvc_NetNameValidate r;
+	char *invalidc;
+	char *name;
+	int i, n, min, max;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.flags = 0x0;
+
+	d_printf("Testing NetNameValidate\n");
+
+	/* valid path types only between 1 and 13 */
+	for (i = 1; i < 14; i++) {
+
+again:
+		/* let's limit ourselves to a maximum of 4096 bytes */
+		r.in.name = name = talloc_array(tctx, char, 4097);
+		max = 4096;
+		min = 0;
+		n = max;
+
+		while (1) {
+
+			/* Find maximum length accepted by this type */
+			ZERO_STRUCT(r.out);
+			r.in.name_type = i;
+			memset(name, 'A', n);
+			name[n] = '\0';
+
+			status = dcerpc_srvsvc_NetNameValidate_r(b, tctx, &r);
+			if (!NT_STATUS_IS_OK(status)) {
+				d_printf("NetNameValidate failed while checking maximum size (%s)\n",
+						nt_errstr(status));
+				break;
+			}
+
+			if (W_ERROR_IS_OK(r.out.result)) {
+				min = n;
+				n += (max - min + 1)/2;
+				if (n == min) {
+					/*
+					 * We did not move, so
+					 * do not loop forever
+					 */
+					break;
+				}
+				continue;
+				
+			} else {
+				if ((min + 1) >= max) break; /* found it */
+				
+				max = n;
+				n -= (max - min)/2;
+				continue;
+			}
+		}
+
+		talloc_free(name);
+
+		d_printf("Maximum length for type %2d, flags %08x: %d\n", i, r.in.flags, max);
+
+		/* find invalid chars for this type check only ASCII between 0x20 and 0x7e */
+
+		invalidc = talloc_strdup(tctx, "");
+
+		for (n = 0x20; n < 0x7e; n++) {
+			r.in.name = name = talloc_asprintf(tctx, "%c", (char)n);
+
+			status = dcerpc_srvsvc_NetNameValidate_r(b, tctx, &r);
+			if (!NT_STATUS_IS_OK(status)) {
+				d_printf("NetNameValidate failed while checking valid chars (%s)\n",
+						nt_errstr(status));
+				break;
+			}
+
+			if (!W_ERROR_IS_OK(r.out.result)) {
+				invalidc = talloc_asprintf_append_buffer(invalidc, "%c", (char)n);
+			}
+
+			talloc_free(name);
+		}
+
+		d_printf(" Invalid chars for type %2d, flags %08x: \"%s\"\n", i, r.in.flags, invalidc);
+
+		/* only two values are accepted for flags: 0x0 and 0x80000000 */
+		if (r.in.flags == 0x0) {
+			r.in.flags = 0x80000000;
+			goto again;
+		}
+
+		r.in.flags = 0x0;
+	}
+
+	return true;
+}
+
+struct torture_suite *torture_rpc_srvsvc(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "srvsvc");
+	struct torture_rpc_tcase *tcase;
+	struct torture_test *test;
+
+	tcase = torture_suite_add_rpc_iface_tcase(suite, "srvsvc (admin access)", &ndr_table_srvsvc);
+
+	torture_rpc_tcase_add_test(tcase, "NetCharDevEnum", test_NetCharDevEnum);
+	torture_rpc_tcase_add_test(tcase, "NetCharDevQEnum", test_NetCharDevQEnum);
+	torture_rpc_tcase_add_test(tcase, "NetConnEnum", test_NetConnEnum);
+	torture_rpc_tcase_add_test(tcase, "NetFileEnum", test_NetFileEnum);
+	torture_rpc_tcase_add_test(tcase, "NetSessEnum", test_NetSessEnum);
+	torture_rpc_tcase_add_test(tcase, "NetShareEnumAll", test_NetShareEnumAllFull);
+	torture_rpc_tcase_add_test(tcase, "NetSrvGetInfo", test_NetSrvGetInfo);
+	torture_rpc_tcase_add_test(tcase, "NetDiskEnum", test_NetDiskEnum);
+	torture_rpc_tcase_add_test(tcase, "NetTransportEnum", test_NetTransportEnum);
+	torture_rpc_tcase_add_test(tcase, "NetRemoteTOD", test_NetRemoteTOD);
+	torture_rpc_tcase_add_test(tcase, "NetShareEnum", test_NetShareEnumFull);
+	torture_rpc_tcase_add_test(tcase, "NetShareGetInfo", test_NetShareGetInfoAdminFull);
+	test = torture_rpc_tcase_add_test(tcase, "NetShareAddSetDel", 
+					   test_NetShareAddSetDel);
+	test->dangerous = true;
+	torture_rpc_tcase_add_test(tcase, "NetNameValidate", test_NetNameValidate);
+	
+	tcase = torture_suite_add_anon_rpc_iface_tcase(suite, 
+						    "srvsvc anonymous access", 
+						    &ndr_table_srvsvc);
+
+	torture_rpc_tcase_add_test(tcase, "NetShareEnumAll", 
+				   test_NetShareEnumAllAnon);
+	torture_rpc_tcase_add_test(tcase, "NetShareEnum", 
+				   test_NetShareEnumAnon);
+	torture_rpc_tcase_add_test(tcase, "NetShareGetInfo", 
+				   test_NetShareGetInfoAdminAnon);
+
+	return suite;
+}
diff --git a/source4/torture/rpc/svcctl.c b/source4/torture/rpc/svcctl.c
new file mode 100644
index 0000000..2962f15
--- /dev/null
+++ b/source4/torture/rpc/svcctl.c
@@ -0,0 +1,828 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for svcctl rpc operations
+
+   Copyright (C) Jelmer Vernooij 2004
+   Copyright (C) Guenther Deschner 2008,2009,2020
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_svcctl_c.h"
+#include "librpc/gen_ndr/ndr_svcctl.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "torture/rpc/torture_rpc.h"
+#include "param/param.h"
+
+#define TORTURE_DEFAULT_SERVICE "Spooler"
+
+static bool test_OpenSCManager(struct dcerpc_binding_handle *b,
+			       struct torture_context *tctx,
+			       struct policy_handle *h)
+{
+	struct svcctl_OpenSCManagerW r;
+
+	r.in.MachineName = NULL;
+	r.in.DatabaseName = NULL;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.handle = h;
+
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_svcctl_OpenSCManagerW_r(b, tctx, &r),
+				   "OpenSCManager failed!");
+
+	return true;
+}
+
+static bool test_CloseServiceHandle(struct dcerpc_binding_handle *b,
+				    struct torture_context *tctx,
+				    struct policy_handle *h)
+{
+	struct svcctl_CloseServiceHandle r;
+
+	r.in.handle = h;
+	r.out.handle = h;
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_svcctl_CloseServiceHandle_r(b, tctx, &r),
+				   "CloseServiceHandle failed");
+
+	return true;
+}
+
+static bool test_OpenService(struct dcerpc_binding_handle *b,
+			     struct torture_context *tctx,
+			     struct policy_handle *h,
+			     const char *name,
+			     struct policy_handle *s)
+{
+	struct svcctl_OpenServiceW r;
+
+	r.in.scmanager_handle = h;
+	r.in.ServiceName = name;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.handle = s;
+
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_svcctl_OpenServiceW_r(b, tctx, &r),
+				   "OpenServiceW failed!");
+	torture_assert_werr_ok(tctx, r.out.result, "OpenServiceW failed!");
+
+	return true;
+
+}
+
+static bool test_QueryServiceStatus(struct torture_context *tctx,
+				    struct dcerpc_pipe *p)
+{
+	struct svcctl_QueryServiceStatus r;
+	struct policy_handle h, s;
+	struct SERVICE_STATUS service_status;
+	NTSTATUS status;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (!test_OpenSCManager(b, tctx, &h))
+		return false;
+
+	if (!test_OpenService(b, tctx, &h, TORTURE_DEFAULT_SERVICE, &s))
+		return false;
+
+	r.in.handle = &s;
+	r.out.service_status = &service_status;
+
+	status = dcerpc_svcctl_QueryServiceStatus_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "QueryServiceStatus failed!");
+	torture_assert_werr_ok(tctx, r.out.result, "QueryServiceStatus failed!");
+
+	if (!test_CloseServiceHandle(b, tctx, &s))
+		return false;
+
+	if (!test_CloseServiceHandle(b, tctx, &h))
+		return false;
+
+	return true;
+}
+
+static bool test_QueryServiceStatusEx(struct torture_context *tctx, struct dcerpc_pipe *p)
+{
+	struct svcctl_QueryServiceStatusEx r;
+	struct policy_handle h, s;
+	NTSTATUS status;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	uint32_t info_level = SVC_STATUS_PROCESS_INFO;
+	uint8_t *buffer;
+	uint32_t offered = 0;
+	uint32_t needed = 0;
+
+	if (!test_OpenSCManager(b, tctx, &h))
+		return false;
+
+	if (!test_OpenService(b, tctx, &h, TORTURE_DEFAULT_SERVICE, &s))
+		return false;
+
+	buffer = talloc(tctx, uint8_t);
+
+	r.in.handle = &s;
+	r.in.info_level = info_level;
+	r.in.offered = offered;
+	r.out.buffer = buffer;
+	r.out.needed = &needed;
+
+	status = dcerpc_svcctl_QueryServiceStatusEx_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "QueryServiceStatusEx failed!");
+
+	if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {
+		r.in.offered = needed;
+		buffer = talloc_array(tctx, uint8_t, needed);
+		r.out.buffer = buffer;
+
+		status = dcerpc_svcctl_QueryServiceStatusEx_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "QueryServiceStatusEx failed!");
+		torture_assert_werr_ok(tctx, r.out.result, "QueryServiceStatusEx failed!");
+	}
+
+	if (!test_CloseServiceHandle(b, tctx, &s))
+		return false;
+
+	if (!test_CloseServiceHandle(b, tctx, &h))
+		return false;
+
+	return true;
+}
+
+static bool test_QueryServiceConfigW(struct torture_context *tctx,
+				     struct dcerpc_pipe *p)
+{
+	struct svcctl_QueryServiceConfigW r;
+	struct QUERY_SERVICE_CONFIG query;
+	struct policy_handle h, s;
+	NTSTATUS status;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	uint32_t offered = 0;
+	uint32_t needed = 0;
+
+	if (!test_OpenSCManager(b, tctx, &h))
+		return false;
+
+	if (!test_OpenService(b, tctx, &h, TORTURE_DEFAULT_SERVICE, &s))
+		return false;
+
+	r.in.handle = &s;
+	r.in.offered = offered;
+	r.out.query = &query;
+	r.out.needed = &needed;
+
+	status = dcerpc_svcctl_QueryServiceConfigW_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "QueryServiceConfigW failed!");
+
+	if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {
+		r.in.offered = needed;
+		status = dcerpc_svcctl_QueryServiceConfigW_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "QueryServiceConfigW failed!");
+	}
+
+	torture_assert_werr_ok(tctx, r.out.result, "QueryServiceConfigW failed!");
+
+	if (!test_CloseServiceHandle(b, tctx, &s))
+		return false;
+
+	if (!test_CloseServiceHandle(b, tctx, &h))
+		return false;
+
+	return true;
+}
+
+static bool test_QueryServiceConfig2W(struct torture_context *tctx, struct dcerpc_pipe *p)
+{
+	struct svcctl_QueryServiceConfig2W r;
+	struct policy_handle h, s;
+	NTSTATUS status;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	uint32_t info_level = SERVICE_CONFIG_DESCRIPTION;
+	uint8_t *buffer;
+	uint32_t offered = 0;
+	uint32_t needed = 0;
+
+	if (!test_OpenSCManager(b, tctx, &h))
+		return false;
+
+	if (!test_OpenService(b, tctx, &h, TORTURE_DEFAULT_SERVICE, &s))
+		return false;
+
+	buffer = talloc(tctx, uint8_t);
+
+	r.in.handle = &s;
+	r.in.info_level = info_level;
+	r.in.offered = offered;
+	r.out.buffer = buffer;
+	r.out.needed = &needed;
+
+	status = dcerpc_svcctl_QueryServiceConfig2W_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "QueryServiceConfig2W failed!");
+
+	if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {
+		r.in.offered = needed;
+		buffer = talloc_array(tctx, uint8_t, needed);
+		r.out.buffer = buffer;
+
+		status = dcerpc_svcctl_QueryServiceConfig2W_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "QueryServiceConfig2W failed!");
+		torture_assert_werr_ok(tctx, r.out.result, "QueryServiceConfig2W failed!");
+	}
+
+	r.in.info_level = SERVICE_CONFIG_FAILURE_ACTIONS;
+	r.in.offered = offered;
+	r.out.buffer = buffer;
+	r.out.needed = &needed;
+
+	status = dcerpc_svcctl_QueryServiceConfig2W_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "QueryServiceConfig2W failed!");
+
+	if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {
+		r.in.offered = needed;
+		buffer = talloc_array(tctx, uint8_t, needed);
+		r.out.buffer = buffer;
+
+		status = dcerpc_svcctl_QueryServiceConfig2W_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status, "QueryServiceConfig2W failed!");
+		torture_assert_werr_ok(tctx, r.out.result, "QueryServiceConfig2W failed!");
+	}
+
+	if (!test_CloseServiceHandle(b, tctx, &s))
+		return false;
+
+	if (!test_CloseServiceHandle(b, tctx, &h))
+		return false;
+
+	return true;
+}
+
+static bool test_QueryServiceConfigEx(struct torture_context *tctx, struct dcerpc_pipe *p)
+{
+	struct svcctl_QueryServiceConfigEx r;
+	struct policy_handle h, s;
+	NTSTATUS status;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct SC_RPC_CONFIG_INFOW info;
+	int i;
+
+	if (!test_OpenSCManager(b, tctx, &h))
+		return false;
+
+	if (!test_OpenService(b, tctx, &h, TORTURE_DEFAULT_SERVICE, &s))
+		return false;
+
+	for (i=0; i < 16; i++) {
+
+		r.in.hService = s;
+		r.in.dwInfoLevel = i;
+		r.out.pInfo = &info;
+
+		status = dcerpc_svcctl_QueryServiceConfigEx_r(b, tctx, &r);
+		if (i == 8) {
+			torture_assert_ntstatus_ok(tctx, status, "QueryServiceConfigEx failed!");
+			torture_assert_werr_ok(tctx, r.out.result, "QueryServiceConfigEx failed!");
+		} else {
+			torture_assert_ntstatus_equal(tctx, status, NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE, "QueryServiceConfigEx failed!");
+		}
+	}
+
+	if (!test_CloseServiceHandle(b, tctx, &s))
+		return false;
+
+	if (!test_CloseServiceHandle(b, tctx, &h))
+		return false;
+
+	return true;
+}
+
+static bool test_QueryServiceObjectSecurity(struct torture_context *tctx,
+					    struct dcerpc_pipe *p)
+{
+	struct svcctl_QueryServiceObjectSecurity r;
+	struct policy_handle h, s;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	uint8_t *buffer = NULL;
+	uint32_t needed;
+
+	enum ndr_err_code ndr_err;
+	struct security_descriptor sd;
+	DATA_BLOB blob;
+
+	if (!test_OpenSCManager(b, tctx, &h))
+		return false;
+
+	if (!test_OpenService(b, tctx, &h, TORTURE_DEFAULT_SERVICE, &s))
+		return false;
+
+	r.in.handle = &s;
+	r.in.security_flags = 0;
+	r.in.offered = 0;
+	r.out.buffer = NULL;
+	r.out.needed = &needed;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_svcctl_QueryServiceObjectSecurity_r(b, tctx, &r),
+		"QueryServiceObjectSecurity failed!");
+	torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_PARAMETER,
+		"QueryServiceObjectSecurity failed!");
+
+	r.in.security_flags = SECINFO_DACL;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_svcctl_QueryServiceObjectSecurity_r(b, tctx, &r),
+		"QueryServiceObjectSecurity failed!");
+
+	if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {
+		r.in.offered = needed;
+		buffer = talloc_array(tctx, uint8_t, needed);
+		r.out.buffer = buffer;
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_svcctl_QueryServiceObjectSecurity_r(b, tctx, &r),
+			"QueryServiceObjectSecurity failed!");
+	}
+
+	torture_assert_werr_ok(tctx, r.out.result, "QueryServiceObjectSecurity failed!");
+
+	blob = data_blob_const(buffer, needed);
+
+	ndr_err = ndr_pull_struct_blob(&blob, tctx, &sd,
+		(ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 1) {
+		NDR_PRINT_DEBUG(security_descriptor, &sd);
+	}
+
+	if (!test_CloseServiceHandle(b, tctx, &s))
+		return false;
+
+	if (!test_CloseServiceHandle(b, tctx, &h))
+		return false;
+
+	return true;
+}
+
+static bool test_SetServiceObjectSecurity(struct torture_context *tctx,
+					  struct dcerpc_pipe *p)
+{
+	struct svcctl_QueryServiceObjectSecurity q;
+	struct svcctl_SetServiceObjectSecurity r;
+	struct policy_handle h, s;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	uint8_t *buffer;
+	uint32_t needed;
+
+	if (!test_OpenSCManager(b, tctx, &h))
+		return false;
+
+	if (!test_OpenService(b, tctx, &h, TORTURE_DEFAULT_SERVICE, &s))
+		return false;
+
+	q.in.handle = &s;
+	q.in.security_flags = SECINFO_DACL;
+	q.in.offered = 0;
+	q.out.buffer = NULL;
+	q.out.needed = &needed;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_svcctl_QueryServiceObjectSecurity_r(b, tctx, &q),
+		"QueryServiceObjectSecurity failed!");
+
+	if (W_ERROR_EQUAL(q.out.result, WERR_INSUFFICIENT_BUFFER)) {
+		q.in.offered = needed;
+		buffer = talloc_array(tctx, uint8_t, needed);
+		q.out.buffer = buffer;
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_svcctl_QueryServiceObjectSecurity_r(b, tctx, &q),
+			"QueryServiceObjectSecurity failed!");
+	}
+
+	torture_assert_werr_ok(tctx, q.out.result,
+		"QueryServiceObjectSecurity failed!");
+
+	r.in.handle = &s;
+	r.in.security_flags = SECINFO_DACL;
+	r.in.buffer = q.out.buffer;
+	r.in.offered = *q.out.needed;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_svcctl_SetServiceObjectSecurity_r(b, tctx, &r),
+		"SetServiceObjectSecurity failed!");
+	torture_assert_werr_ok(tctx, r.out.result,
+		"SetServiceObjectSecurity failed!");
+
+	if (!test_CloseServiceHandle(b, tctx, &s))
+		return false;
+
+	if (!test_CloseServiceHandle(b, tctx, &h))
+		return false;
+
+	return true;
+}
+
+static bool test_StartServiceW(struct torture_context *tctx,
+			       struct dcerpc_pipe *p)
+{
+	struct svcctl_StartServiceW r;
+	struct policy_handle h, s;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (!test_OpenSCManager(b, tctx, &h))
+		return false;
+
+	if (!test_OpenService(b, tctx, &h, TORTURE_DEFAULT_SERVICE, &s))
+		return false;
+
+	r.in.handle = &s;
+	r.in.NumArgs = 0;
+	r.in.Arguments = NULL;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_svcctl_StartServiceW_r(b, tctx, &r),
+		"StartServiceW failed!");
+	torture_assert_werr_equal(tctx, r.out.result,
+		WERR_SERVICE_ALREADY_RUNNING,
+		"StartServiceW failed!");
+
+	if (!test_CloseServiceHandle(b, tctx, &s))
+		return false;
+
+	if (!test_CloseServiceHandle(b, tctx, &h))
+		return false;
+
+	return true;
+}
+
+static bool test_ControlService(struct torture_context *tctx,
+				struct dcerpc_pipe *p)
+{
+	struct svcctl_ControlService r;
+	struct policy_handle h, s;
+	struct SERVICE_STATUS service_status;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (!test_OpenSCManager(b, tctx, &h))
+		return false;
+
+	if (!test_OpenService(b, tctx, &h, TORTURE_DEFAULT_SERVICE, &s))
+		return false;
+
+	r.in.handle = &s;
+	r.in.control = 0;
+	r.out.service_status = &service_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_svcctl_ControlService_r(b, tctx, &r),
+		"ControlService failed!");
+	torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_PARAMETER,
+		"ControlService failed!");
+
+	if (!test_CloseServiceHandle(b, tctx, &s))
+		return false;
+
+	if (!test_CloseServiceHandle(b, tctx, &h))
+		return false;
+
+	return true;
+}
+
+static bool test_ControlServiceExW(struct torture_context *tctx,
+				   struct dcerpc_pipe *p)
+{
+	struct svcctl_ControlServiceExW r;
+	struct policy_handle h, s;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	union SC_RPC_SERVICE_CONTROL_IN_PARAMSW ControlInParams;
+	union SC_RPC_SERVICE_CONTROL_OUT_PARAMSW ControlOutParams;
+	struct SERVICE_CONTROL_STATUS_REASON_OUT_PARAMS psrOutParams;
+	struct SERVICE_CONTROL_STATUS_REASON_IN_PARAMSW psrInParams;
+
+	if (!test_OpenSCManager(b, tctx, &h))
+		return false;
+
+	if (!test_OpenService(b, tctx, &h, TORTURE_DEFAULT_SERVICE, &s))
+		return false;
+
+	ZERO_STRUCT(psrInParams);
+	ZERO_STRUCT(psrOutParams);
+
+	psrInParams.dwReason =	SERVICE_STOP_CUSTOM |
+				SERVICE_STOP_REASON_MAJOR_APPLICATION |
+				SERVICE_STOP_REASON_MINOR_ENVIRONMENT;
+	psrInParams.pszComment = "wurst";
+
+	ControlInParams.psrInParams = &psrInParams;
+	ControlOutParams.psrOutParams = &psrOutParams;
+
+	r.in.hService = s;
+	r.in.dwControl = SVCCTL_CONTROL_STOP;
+	r.in.dwInfoLevel = 1;
+	r.in.pControlInParams = &ControlInParams;
+	r.out.pControlOutParams = &ControlOutParams;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_svcctl_ControlServiceExW_r(b, tctx, &r),
+		"ControlServiceExW failed!");
+	torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_PARAMETER,
+		"ControlServiceExW failed!");
+
+	if (!test_CloseServiceHandle(b, tctx, &s))
+		return false;
+
+	if (!test_CloseServiceHandle(b, tctx, &h))
+		return false;
+
+	return true;
+}
+
+static bool test_EnumServicesStatus(struct torture_context *tctx, struct dcerpc_pipe *p)
+{
+	struct svcctl_EnumServicesStatusW r;
+	struct policy_handle h;
+	int i;
+	NTSTATUS status;
+	uint32_t resume_handle = 0;
+	struct ENUM_SERVICE_STATUSW *service = NULL;
+	uint32_t needed = 0;
+	uint32_t services_returned = 0;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (!test_OpenSCManager(b, tctx, &h))
+		return false;
+
+	r.in.handle = &h;
+	r.in.type = SERVICE_TYPE_WIN32;
+	r.in.state = SERVICE_STATE_ALL;
+	r.in.offered = 0;
+	r.in.resume_handle = &resume_handle;
+	r.out.service = NULL;
+	r.out.resume_handle = &resume_handle;
+	r.out.services_returned = &services_returned;
+	r.out.needed = &needed;
+
+	status = dcerpc_svcctl_EnumServicesStatusW_r(b, tctx, &r);
+
+	torture_assert_ntstatus_ok(tctx, status, "EnumServicesStatus failed!");
+
+	if (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA)) {
+		r.in.offered = needed;
+		r.out.service = talloc_array(tctx, uint8_t, needed);
+
+		status = dcerpc_svcctl_EnumServicesStatusW_r(b, tctx, &r);
+
+		torture_assert_ntstatus_ok(tctx, status, "EnumServicesStatus failed!");
+		torture_assert_werr_ok(tctx, r.out.result, "EnumServicesStatus failed");
+	}
+
+	if (services_returned > 0) {
+
+		enum ndr_err_code ndr_err;
+		DATA_BLOB blob;
+		struct ndr_pull *ndr;
+
+		blob.length = r.in.offered;
+		blob.data = talloc_steal(tctx, r.out.service);
+
+		ndr = ndr_pull_init_blob(&blob, tctx);
+
+		service = talloc_array(tctx, struct ENUM_SERVICE_STATUSW, services_returned);
+		if (!service) {
+			return false;
+		}
+
+		ndr_err = ndr_pull_ENUM_SERVICE_STATUSW_array(
+				ndr, services_returned, service);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			return false;
+		}
+	}
+
+	for(i = 0; i < services_returned; i++) {
+
+		torture_assert(tctx, service[i].service_name,
+			"Service without name returned!");
+
+		printf("%-20s   \"%s\", Type: %d, State: %d\n",
+			service[i].service_name, service[i].display_name,
+			service[i].status.type, service[i].status.state);
+	}
+
+	if (!test_CloseServiceHandle(b, tctx, &h))
+		return false;
+
+	return true;
+}
+
+static bool test_EnumDependentServicesW(struct torture_context *tctx,
+					struct dcerpc_pipe *p)
+{
+	struct svcctl_EnumDependentServicesW r;
+	struct policy_handle h, s;
+	uint32_t needed;
+	uint32_t services_returned;
+	uint32_t i;
+	uint32_t states[] = { SERVICE_STATE_ACTIVE,
+			      SERVICE_STATE_INACTIVE,
+			      SERVICE_STATE_ALL };
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (!test_OpenSCManager(b, tctx, &h))
+		return false;
+
+	if (!test_OpenService(b, tctx, &h, TORTURE_DEFAULT_SERVICE, &s))
+		return false;
+
+	r.in.service = &s;
+	r.in.offered = 0;
+	r.in.state = 0;
+	r.out.service_status = NULL;
+	r.out.services_returned = &services_returned;
+	r.out.needed = &needed;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_svcctl_EnumDependentServicesW_r(b, tctx, &r),
+		"EnumDependentServicesW failed!");
+
+	torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_PARAMETER,
+		"EnumDependentServicesW failed!");
+
+	for (i=0; i<ARRAY_SIZE(states); i++) {
+
+		r.in.state = states[i];
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_svcctl_EnumDependentServicesW_r(b, tctx, &r),
+			"EnumDependentServicesW failed!");
+
+		if (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA)) {
+			r.in.offered = needed;
+			r.out.service_status = talloc_array(tctx, uint8_t, needed);
+
+			torture_assert_ntstatus_ok(tctx,
+				dcerpc_svcctl_EnumDependentServicesW_r(b, tctx, &r),
+				"EnumDependentServicesW failed!");
+
+		}
+
+		torture_assert_werr_ok(tctx, r.out.result,
+			"EnumDependentServicesW failed");
+	}
+
+	if (!test_CloseServiceHandle(b, tctx, &s))
+		return false;
+
+	if (!test_CloseServiceHandle(b, tctx, &h))
+		return false;
+
+	return true;
+}
+
+static bool test_SCManager(struct torture_context *tctx,
+			   struct dcerpc_pipe *p)
+{
+	struct policy_handle h;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (!test_OpenSCManager(b, tctx, &h))
+		return false;
+
+	if (!test_CloseServiceHandle(b, tctx, &h))
+		return false;
+
+	return true;
+}
+
+static bool test_ChangeServiceConfigW(struct torture_context *tctx,
+				      struct dcerpc_pipe *p)
+{
+	struct svcctl_ChangeServiceConfigW r;
+	struct svcctl_QueryServiceConfigW q;
+	struct policy_handle h, s;
+	NTSTATUS status;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct QUERY_SERVICE_CONFIG query;
+	bool ok;
+
+	uint32_t offered = 0;
+	uint32_t needed = 0;
+
+	ok = test_OpenSCManager(b, tctx, &h);
+	if (!ok) {
+		return false;
+	}
+
+	ok = test_OpenService(b, tctx, &h, TORTURE_DEFAULT_SERVICE, &s);
+	if (!ok) {
+		return false;
+	}
+
+	q.in.handle = &s;
+	q.in.offered = offered;
+	q.out.query = &query;
+	q.out.needed = &needed;
+
+	status = dcerpc_svcctl_QueryServiceConfigW_r(b, tctx, &q);
+	torture_assert_ntstatus_ok(tctx, status, "QueryServiceConfigW failed!");
+
+	if (W_ERROR_EQUAL(q.out.result, WERR_INSUFFICIENT_BUFFER)) {
+		q.in.offered = needed;
+		status = dcerpc_svcctl_QueryServiceConfigW_r(b, tctx, &q);
+		torture_assert_ntstatus_ok(tctx, status, "QueryServiceConfigW failed!");
+	}
+	torture_assert_werr_ok(tctx, q.out.result, "QueryServiceConfigW failed!");
+
+	r.in.handle = &s;
+	r.in.type		= query.service_type;
+	r.in.start_type		= query.start_type;
+	r.in.error_control	= query.error_control;
+
+	/*
+	 * according to MS-SCMR 3.1.4.11 NULL params are supposed to leave the
+	 * existing values intact.
+	 */
+
+	r.in.binary_path	= NULL;
+	r.in.load_order_group	= NULL;
+	r.in.dependencies	= NULL;
+	r.in.dwDependSize	= 0;
+	r.in.service_start_name	= NULL;
+	r.in.password		= NULL;
+	r.in.dwPwSize		= 0;
+	r.in.display_name	= NULL;
+	r.in.tag_id		= NULL;
+	r.out.tag_id		= NULL;
+
+	status = dcerpc_svcctl_ChangeServiceConfigW_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "ChangeServiceConfigW failed!");
+	torture_assert_werr_ok(tctx, r.out.result, "ChangeServiceConfigW failed!");
+
+	ok = test_CloseServiceHandle(b, tctx, &s);
+	if (!ok) {
+		return false;
+	}
+
+	ok = test_CloseServiceHandle(b, tctx, &h);
+	if (!ok) {
+		return false;
+	}
+
+	return true;
+}
+
+struct torture_suite *torture_rpc_svcctl(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "svcctl");
+	struct torture_rpc_tcase *tcase;
+
+	tcase = torture_suite_add_rpc_iface_tcase(suite, "svcctl", &ndr_table_svcctl);
+
+	torture_rpc_tcase_add_test(tcase, "SCManager",
+				   test_SCManager);
+	torture_rpc_tcase_add_test(tcase, "EnumServicesStatus",
+				   test_EnumServicesStatus);
+	torture_rpc_tcase_add_test(tcase, "EnumDependentServicesW",
+				   test_EnumDependentServicesW);
+	torture_rpc_tcase_add_test(tcase, "QueryServiceStatus",
+				   test_QueryServiceStatus);
+	torture_rpc_tcase_add_test(tcase, "QueryServiceStatusEx",
+				   test_QueryServiceStatusEx);
+	torture_rpc_tcase_add_test(tcase, "QueryServiceConfigW",
+				   test_QueryServiceConfigW);
+	torture_rpc_tcase_add_test(tcase, "QueryServiceConfig2W",
+				   test_QueryServiceConfig2W);
+	torture_rpc_tcase_add_test(tcase, "QueryServiceConfigEx",
+				   test_QueryServiceConfigEx);
+	torture_rpc_tcase_add_test(tcase, "QueryServiceObjectSecurity",
+				   test_QueryServiceObjectSecurity);
+	torture_rpc_tcase_add_test(tcase, "SetServiceObjectSecurity",
+				   test_SetServiceObjectSecurity);
+	torture_rpc_tcase_add_test(tcase, "StartServiceW",
+				   test_StartServiceW);
+	torture_rpc_tcase_add_test(tcase, "ControlService",
+				   test_ControlService);
+	torture_rpc_tcase_add_test(tcase, "ControlServiceExW",
+				   test_ControlServiceExW);
+	torture_rpc_tcase_add_test(tcase, "ChangeServiceConfigW",
+				   test_ChangeServiceConfigW);
+
+	return suite;
+}
diff --git a/source4/torture/rpc/testjoin.c b/source4/torture/rpc/testjoin.c
new file mode 100644
index 0000000..6fb5f86
--- /dev/null
+++ b/source4/torture/rpc/testjoin.c
@@ -0,0 +1,915 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   utility code to join/leave a domain
+
+   Copyright (C) Andrew Tridgell 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+  this code is used by other torture modules to join/leave a domain
+  as either a member, bdc or thru a trust relationship
+*/
+
+#include "includes.h"
+#include "system/time.h"
+#include "libnet/libnet.h"
+#include "lib/cmdline/cmdline.h"
+#include "librpc/gen_ndr/ndr_lsa_c.h"
+#include "librpc/gen_ndr/ndr_samr_c.h"
+
+#include "libcli/auth/libcli_auth.h"
+#include "torture/rpc/torture_rpc.h"
+#include "libcli/security/security.h"
+#include "param/param.h"
+#include "source3/rpc_client/init_samr.h"
+
+struct test_join {
+	struct dcerpc_pipe *p;
+	struct policy_handle user_handle;
+	struct policy_handle domain_handle;
+	struct libnet_JoinDomain *libnet_r;
+	struct dom_sid *dom_sid;
+	const char *dom_netbios_name;
+	const char *dom_dns_name;
+	struct dom_sid *user_sid;
+	struct GUID user_guid;
+	const char *netbios_name;
+};
+
+
+static NTSTATUS DeleteUser_byname(struct torture_context *tctx,
+				  struct dcerpc_binding_handle *b,
+				  TALLOC_CTX *mem_ctx,
+				  struct policy_handle *handle, const char *name)
+{
+	NTSTATUS status;
+	struct samr_DeleteUser d;
+	struct policy_handle user_handle;
+	uint32_t rid;
+	struct samr_LookupNames n;
+	struct samr_Ids rids, types;
+	struct lsa_String sname;
+	struct samr_OpenUser r;
+
+	sname.string = name;
+
+	n.in.domain_handle = handle;
+	n.in.num_names = 1;
+	n.in.names = &sname;
+	n.out.rids = &rids;
+	n.out.types = &types;
+
+	status = dcerpc_samr_LookupNames_r(b, mem_ctx, &n);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+	if (NT_STATUS_IS_OK(n.out.result)) {
+		rid = n.out.rids->ids[0];
+	} else {
+		return n.out.result;
+	}
+
+	r.in.domain_handle = handle;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.in.rid = rid;
+	r.out.user_handle = &user_handle;
+
+	status = dcerpc_samr_OpenUser_r(b, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "OpenUser(%s) failed - %s\n", name, nt_errstr(status));
+		return status;
+	}
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		torture_comment(tctx, "OpenUser(%s) failed - %s\n", name, nt_errstr(r.out.result));
+		return r.out.result;
+	}
+
+	d.in.user_handle = &user_handle;
+	d.out.user_handle = &user_handle;
+	status = dcerpc_samr_DeleteUser_r(b, mem_ctx, &d);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+	if (!NT_STATUS_IS_OK(d.out.result)) {
+		return d.out.result;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  create a test user in the domain
+  an opaque pointer is returned. Pass it to torture_leave_domain() 
+  when finished
+*/
+
+struct test_join *torture_create_testuser_max_pwlen(struct torture_context *tctx,
+						    const char *username,
+						    const char *domain,
+						    uint16_t acct_type,
+						    const char **random_password,
+						    int max_pw_len)
+{
+	NTSTATUS status;
+	struct samr_Connect c;
+	struct samr_CreateUser2 r;
+	struct samr_OpenDomain o;
+	struct samr_LookupDomain l;
+	struct dom_sid2 *sid = NULL;
+	struct samr_GetUserPwInfo pwp;
+	struct samr_PwInfo info;
+	struct samr_SetUserInfo s;
+	union samr_UserInfo u;
+	struct policy_handle handle;
+	uint32_t access_granted;
+	uint32_t rid;
+	DATA_BLOB session_key;
+	struct lsa_String name;
+	
+	int policy_min_pw_len = 0;
+	struct test_join *join;
+	char *random_pw;
+	const char *dc_binding = torture_setting_string(tctx, "dc_binding", NULL);
+	struct dcerpc_binding_handle *b = NULL;
+	join = talloc(NULL, struct test_join);
+	if (join == NULL) {
+		return NULL;
+	}
+
+	ZERO_STRUCTP(join);
+
+	torture_comment(tctx, "Connecting to SAMR\n");
+	
+	if (dc_binding) {
+		status = dcerpc_pipe_connect(join,
+					     &join->p,
+					     dc_binding,
+					     &ndr_table_samr,
+					     samba_cmdline_get_creds(),
+					NULL, tctx->lp_ctx);
+					     
+	} else {
+		status = torture_rpc_connection(tctx,
+						&join->p, 
+						&ndr_table_samr);
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		return NULL;
+	}
+	b = join->p->binding_handle;
+
+	c.in.system_name = NULL;
+	c.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	c.out.connect_handle = &handle;
+
+	status = dcerpc_samr_Connect_r(b, join, &c);
+	if (!NT_STATUS_IS_OK(status)) {
+		const char *errstr = nt_errstr(status);
+		torture_comment(tctx, "samr_Connect failed - %s\n", errstr);
+		return NULL;
+	}
+	if (!NT_STATUS_IS_OK(c.out.result)) {
+		const char *errstr = nt_errstr(c.out.result);
+		torture_comment(tctx, "samr_Connect failed - %s\n", errstr);
+		return NULL;
+	}
+
+	if (domain) {
+		torture_comment(tctx, "Opening domain %s\n", domain);
+
+		name.string = domain;
+		l.in.connect_handle = &handle;
+		l.in.domain_name = &name;
+		l.out.sid = &sid;
+
+		status = dcerpc_samr_LookupDomain_r(b, join, &l);
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_comment(tctx, "LookupDomain failed - %s\n", nt_errstr(status));
+			goto failed;
+		}
+		if (!NT_STATUS_IS_OK(l.out.result)) {
+			torture_comment(tctx, "LookupDomain failed - %s\n", nt_errstr(l.out.result));
+			goto failed;
+		}
+	} else {
+		struct samr_EnumDomains e;
+		uint32_t resume_handle = 0, num_entries;
+		struct samr_SamArray *sam;
+		int i;
+
+		e.in.connect_handle = &handle;
+		e.in.buf_size = (uint32_t)-1;
+		e.in.resume_handle = &resume_handle;
+		e.out.sam = &sam;
+		e.out.num_entries = &num_entries;
+		e.out.resume_handle = &resume_handle;
+
+		status = dcerpc_samr_EnumDomains_r(b, join, &e);
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_comment(tctx, "EnumDomains failed - %s\n", nt_errstr(status));
+			goto failed;
+		}
+		if (!NT_STATUS_IS_OK(e.out.result)) {
+			torture_comment(tctx, "EnumDomains failed - %s\n", nt_errstr(e.out.result));
+			goto failed;
+		}
+		if ((num_entries != 2) || (sam && sam->count != 2)) {
+			torture_comment(tctx, "unexpected number of domains\n");
+			goto failed;
+		}
+		for (i=0; i < 2; i++) {
+			if (!strequal(sam->entries[i].name.string, "builtin")) {
+				domain = sam->entries[i].name.string;
+				break;
+			}
+		}
+		if (domain) {
+			torture_comment(tctx, "Opening domain %s\n", domain);
+
+			name.string = domain;
+			l.in.connect_handle = &handle;
+			l.in.domain_name = &name;
+			l.out.sid = &sid;
+
+			status = dcerpc_samr_LookupDomain_r(b, join, &l);
+			if (!NT_STATUS_IS_OK(status)) {
+				torture_comment(tctx, "LookupDomain failed - %s\n", nt_errstr(status));
+				goto failed;
+			}
+			if (!NT_STATUS_IS_OK(l.out.result)) {
+				torture_comment(tctx, "LookupDomain failed - %s\n", nt_errstr(l.out.result));
+				goto failed;
+			}
+		} else {
+			torture_comment(tctx, "cannot proceed without domain name\n");
+			goto failed;
+		}
+	}
+
+	talloc_steal(join, *l.out.sid);
+	join->dom_sid = *l.out.sid;
+	join->dom_netbios_name = talloc_strdup(join, domain);
+	if (!join->dom_netbios_name) goto failed;
+
+	o.in.connect_handle = &handle;
+	o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	o.in.sid = *l.out.sid;
+	o.out.domain_handle = &join->domain_handle;
+
+	status = dcerpc_samr_OpenDomain_r(b, join, &o);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "OpenDomain failed - %s\n", nt_errstr(status));
+		goto failed;
+	}
+	if (!NT_STATUS_IS_OK(o.out.result)) {
+		torture_comment(tctx, "OpenDomain failed - %s\n", nt_errstr(o.out.result));
+		goto failed;
+	}
+
+	torture_comment(tctx, "Creating account %s\n", username);
+
+again:
+	name.string = username;
+	r.in.domain_handle = &join->domain_handle;
+	r.in.account_name = &name;
+	r.in.acct_flags = acct_type;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.user_handle = &join->user_handle;
+	r.out.access_granted = &access_granted;
+	r.out.rid = &rid;
+
+	status = dcerpc_samr_CreateUser2_r(b, join, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "CreateUser2 failed - %s\n", nt_errstr(status));
+		goto failed;
+	}
+
+	if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_USER_EXISTS)) {
+		status = DeleteUser_byname(tctx, b, join, &join->domain_handle, name.string);
+		if (NT_STATUS_IS_OK(status)) {
+			goto again;
+		}
+	}
+
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		torture_comment(tctx, "CreateUser2 failed - %s\n", nt_errstr(r.out.result));
+		goto failed;
+	}
+
+	join->user_sid = dom_sid_add_rid(join, join->dom_sid, rid);
+
+	pwp.in.user_handle = &join->user_handle;
+	pwp.out.info = &info;
+
+	status = dcerpc_samr_GetUserPwInfo_r(b, join, &pwp);
+	if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(pwp.out.result)) {
+		policy_min_pw_len = pwp.out.info->min_password_length;
+	}
+
+	random_pw = generate_random_password(join, MAX(8, policy_min_pw_len), max_pw_len);
+
+	torture_comment(tctx, "Setting account password '%s'\n", random_pw);
+
+	ZERO_STRUCT(u);
+	s.in.user_handle = &join->user_handle;
+	s.in.info = &u;
+	s.in.level = 24;
+
+	u.info24.password_expired = 0;
+
+	status = dcerpc_fetch_session_key(join->p, &session_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "SetUserInfo level %u - no session key - %s\n",
+		       s.in.level, nt_errstr(status));
+		torture_leave_domain(tctx, join);
+		goto failed;
+	}
+
+	status = init_samr_CryptPassword(random_pw,
+					 &session_key,
+					 &u.info24.password);
+	torture_assert_ntstatus_ok(tctx,
+				   status,
+				   "init_samr_CryptPassword failed");
+
+	status = dcerpc_samr_SetUserInfo_r(b, join, &s);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "SetUserInfo failed - %s\n", nt_errstr(status));
+		goto failed;
+	}
+	if (!NT_STATUS_IS_OK(s.out.result)) {
+		torture_comment(tctx, "SetUserInfo failed - %s\n", nt_errstr(s.out.result));
+		goto failed;
+	}
+
+	ZERO_STRUCT(u);
+	s.in.user_handle = &join->user_handle;
+	s.in.info = &u;
+	s.in.level = 21;
+
+	u.info21.acct_flags = acct_type | ACB_PWNOEXP;
+	u.info21.fields_present = SAMR_FIELD_ACCT_FLAGS | SAMR_FIELD_DESCRIPTION | SAMR_FIELD_COMMENT | SAMR_FIELD_FULL_NAME;
+
+	u.info21.comment.string = talloc_asprintf(join, 
+						  "Tortured by Samba4: %s", 
+						  timestring(join, time(NULL)));
+	
+	u.info21.full_name.string = talloc_asprintf(join, 
+						    "Torture account for Samba4: %s", 
+						    timestring(join, time(NULL)));
+	
+	u.info21.description.string = talloc_asprintf(join, 
+					 "Samba4 torture account created by host %s: %s", 
+					 lpcfg_netbios_name(tctx->lp_ctx),
+					 timestring(join, time(NULL)));
+
+	torture_comment(tctx, "Resetting ACB flags, force pw change time\n");
+
+	status = dcerpc_samr_SetUserInfo_r(b, join, &s);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "SetUserInfo failed - %s\n", nt_errstr(status));
+		goto failed;
+	}
+	if (!NT_STATUS_IS_OK(s.out.result)) {
+		torture_comment(tctx, "SetUserInfo failed - %s\n", nt_errstr(s.out.result));
+		goto failed;
+	}
+
+	if (random_password) {
+		*random_password = random_pw;
+	}
+
+	return join;
+
+failed:
+	torture_leave_domain(tctx, join);
+	return NULL;
+}
+
+/*
+ * Set privileges on an account.
+ */
+
+static void init_lsa_StringLarge(struct lsa_StringLarge *name, const char *s)
+{
+	name->string = s;
+}
+static void init_lsa_String(struct lsa_String *name, const char *s)
+{
+	name->string = s;
+}
+
+bool torture_setup_privs(struct torture_context *tctx,
+			struct dcerpc_pipe *p,
+			uint32_t num_privs,
+			const char **privs,
+			const struct dom_sid *user_sid)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct policy_handle *handle;
+	int i;
+
+	torture_assert(tctx,
+		test_lsa_OpenPolicy2(b, tctx, &handle),
+		"failed to open policy");
+
+	for (i=0; i < num_privs; i++) {
+		struct lsa_LookupPrivValue r;
+		struct lsa_LUID luid;
+		struct lsa_String name;
+
+		init_lsa_String(&name, privs[i]);
+
+		r.in.handle = handle;
+		r.in.name = &name;
+		r.out.luid = &luid;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_lsa_LookupPrivValue_r(b, tctx, &r),
+			"lsa_LookupPrivValue failed");
+		if (!NT_STATUS_IS_OK(r.out.result)) {
+			torture_comment(tctx, "lsa_LookupPrivValue failed for '%s' with %s\n",
+				privs[i], nt_errstr(r.out.result));
+			return false;
+		}
+	}
+
+	{
+		struct lsa_AddAccountRights r;
+		struct lsa_RightSet rights;
+
+		rights.count = num_privs;
+		rights.names = talloc_zero_array(tctx, struct lsa_StringLarge, rights.count);
+		for (i=0; i < rights.count; i++) {
+			init_lsa_StringLarge(&rights.names[i], privs[i]);
+		}
+
+		r.in.handle = handle;
+		r.in.sid = discard_const_p(struct dom_sid, user_sid);
+		r.in.rights = &rights;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_lsa_AddAccountRights_r(b, tctx, &r),
+			"lsa_AddAccountRights failed");
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"lsa_AddAccountRights failed");
+	}
+
+	test_lsa_Close(b, tctx, handle);
+
+	return true;
+}
+
+struct test_join *torture_create_testuser(struct torture_context *torture,
+					  const char *username,
+					  const char *domain,
+					  uint16_t acct_type,
+					  const char **random_password)
+{
+	return torture_create_testuser_max_pwlen(torture, username, domain, acct_type, random_password, 255);
+}
+
+NTSTATUS torture_delete_testuser(struct torture_context *torture,
+				 struct test_join *join,
+				 const char *username)
+{
+	NTSTATUS status;
+
+	status = DeleteUser_byname(torture,
+				   join->p->binding_handle,
+				   torture,
+				   &join->domain_handle,
+				   username);
+
+	return status;
+}
+
+_PUBLIC_ struct test_join *torture_join_domain(struct torture_context *tctx,
+					       const char *machine_name, 
+				      uint32_t acct_flags,
+				      struct cli_credentials **machine_credentials)
+{
+	NTSTATUS status;
+	struct libnet_context *libnet_ctx;
+	struct libnet_JoinDomain *libnet_r;
+	struct test_join *tj;
+	struct samr_SetUserInfo s;
+	union samr_UserInfo u;
+	const char *binding_str = NULL;
+	struct dcerpc_binding *binding = NULL;
+	enum dcerpc_transport_t transport;
+
+	tj = talloc_zero(tctx, struct test_join);
+	if (!tj) return NULL;
+
+	binding_str = torture_setting_string(tctx, "binding", NULL);
+	if (binding_str == NULL) {
+		const char *host = torture_setting_string(tctx, "host", NULL);
+		binding_str = talloc_asprintf(tj, "ncacn_np:%s", host);
+	}
+	status = dcerpc_parse_binding(tj, binding_str, &binding);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("dcerpc_parse_binding(%s) failed - %s\n",
+			  binding_str, nt_errstr(status)));
+		talloc_free(tj);
+		return NULL;
+	}
+	transport = dcerpc_binding_get_transport(binding);
+	switch (transport) {
+	case NCALRPC:
+	case NCACN_UNIX_STREAM:
+		break;
+	default:
+		dcerpc_binding_set_transport(binding, NCACN_NP);
+		dcerpc_binding_set_flags(binding, 0, DCERPC_AUTH_OPTIONS);
+		break;
+	}
+
+	libnet_r = talloc_zero(tj, struct libnet_JoinDomain);
+	if (!libnet_r) {
+		talloc_free(tj);
+		return NULL;
+	}
+	
+	libnet_ctx = libnet_context_init(tctx->ev, tctx->lp_ctx);
+	if (!libnet_ctx) {
+		talloc_free(tj);
+		return NULL;
+	}
+	
+	tj->libnet_r = libnet_r;
+		
+	libnet_ctx->cred = samba_cmdline_get_creds();
+	libnet_r->in.binding = dcerpc_binding_string(libnet_r, binding);
+	if (libnet_r->in.binding == NULL) {
+		talloc_free(tj);
+		return NULL;
+	}
+	libnet_r->in.level = LIBNET_JOINDOMAIN_SPECIFIED;
+	libnet_r->in.netbios_name = machine_name;
+	libnet_r->in.account_name = talloc_asprintf(libnet_r, "%s$", machine_name);
+	if (!libnet_r->in.account_name) {
+		talloc_free(tj);
+		return NULL;
+	}
+	
+	libnet_r->in.acct_type = acct_flags;
+	libnet_r->in.recreate_account = true;
+
+	status = libnet_JoinDomain(libnet_ctx, libnet_r, libnet_r);
+	if (!NT_STATUS_IS_OK(status)) {
+		if (libnet_r->out.error_string) {
+			DEBUG(0, ("Domain join failed - %s\n", libnet_r->out.error_string));
+		} else {
+			DEBUG(0, ("Domain join failed - %s\n", nt_errstr(status)));
+		}
+		talloc_free(tj);
+                return NULL;
+	}
+	tj->p = libnet_r->out.samr_pipe;
+	tj->user_handle = *libnet_r->out.user_handle;
+	tj->dom_sid = libnet_r->out.domain_sid;
+	talloc_steal(tj, libnet_r->out.domain_sid);
+	tj->dom_netbios_name	= libnet_r->out.domain_name;
+	talloc_steal(tj, libnet_r->out.domain_name);
+	tj->dom_dns_name	= libnet_r->out.realm;
+	talloc_steal(tj, libnet_r->out.realm);
+	tj->user_guid = libnet_r->out.account_guid;
+	tj->netbios_name = talloc_strdup(tj, machine_name);
+	if (!tj->netbios_name) {
+		talloc_free(tj);
+		return NULL;
+	}
+
+	ZERO_STRUCT(u);
+	s.in.user_handle = &tj->user_handle;
+	s.in.info = &u;
+	s.in.level = 21;
+
+	u.info21.fields_present = SAMR_FIELD_DESCRIPTION | SAMR_FIELD_COMMENT | SAMR_FIELD_FULL_NAME;
+	u.info21.comment.string = talloc_asprintf(tj, 
+						  "Tortured by Samba4: %s", 
+						  timestring(tj, time(NULL)));
+	u.info21.full_name.string = talloc_asprintf(tj, 
+						    "Torture account for Samba4: %s", 
+						    timestring(tj, time(NULL)));
+	
+	u.info21.description.string = talloc_asprintf(tj, 
+						      "Samba4 torture account created by host %s: %s", 
+						      lpcfg_netbios_name(tctx->lp_ctx), timestring(tj, time(NULL)));
+
+	status = dcerpc_samr_SetUserInfo_r(tj->p->binding_handle, tj, &s);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "SetUserInfo (non-critical) failed - %s\n", nt_errstr(status));
+	}
+	if (!NT_STATUS_IS_OK(s.out.result)) {
+		torture_comment(tctx, "SetUserInfo (non-critical) failed - %s\n", nt_errstr(s.out.result));
+	}
+
+	*machine_credentials = cli_credentials_init(tj);
+	cli_credentials_set_conf(*machine_credentials, tctx->lp_ctx);
+	cli_credentials_set_workstation(*machine_credentials, machine_name, CRED_SPECIFIED);
+	cli_credentials_set_domain(*machine_credentials, libnet_r->out.domain_name, CRED_SPECIFIED);
+	if (libnet_r->out.realm) {
+		cli_credentials_set_realm(*machine_credentials, libnet_r->out.realm, CRED_SPECIFIED);
+	}
+	cli_credentials_set_username(*machine_credentials, libnet_r->in.account_name, CRED_SPECIFIED);
+	cli_credentials_set_password(*machine_credentials, libnet_r->out.join_password, CRED_SPECIFIED);
+	cli_credentials_set_kvno(*machine_credentials, libnet_r->out.kvno);
+	if (acct_flags & ACB_SVRTRUST) {
+		cli_credentials_set_secure_channel_type(*machine_credentials,
+							SEC_CHAN_BDC);
+	} else if (acct_flags & ACB_WSTRUST) {
+		cli_credentials_set_secure_channel_type(*machine_credentials,
+							SEC_CHAN_WKSTA);
+	} else {
+		DEBUG(0, ("Invalid account type specified to torture_join_domain\n"));
+		talloc_free(*machine_credentials);
+		return NULL;
+	}
+
+	return tj;
+}
+
+struct dcerpc_pipe *torture_join_samr_pipe(struct test_join *join) 
+{
+	return join->p;
+}
+
+struct policy_handle *torture_join_samr_user_policy(struct test_join *join) 
+{
+	return &join->user_handle;
+}
+
+static NTSTATUS torture_leave_ads_domain(struct torture_context *torture,
+					 TALLOC_CTX *mem_ctx,
+					 struct libnet_JoinDomain *libnet_r)
+{
+	int rtn;
+	TALLOC_CTX *tmp_ctx;
+
+	struct ldb_dn *server_dn;
+	struct ldb_context *ldb_ctx;
+
+	char *remote_ldb_url; 
+	 
+	/* Check if we are a domain controller. If not, exit. */
+	if (!libnet_r->out.server_dn_str) {
+		return NT_STATUS_OK;
+	}
+
+	tmp_ctx = talloc_named(mem_ctx, 0, "torture_leave temporary context");
+	if (!tmp_ctx) {
+		libnet_r->out.error_string = NULL;
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ldb_ctx = ldb_init(tmp_ctx, torture->ev);
+	if (!ldb_ctx) {
+		libnet_r->out.error_string = NULL;
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* Remove CN=Servers,... entry from the AD. */ 
+	server_dn = ldb_dn_new(tmp_ctx, ldb_ctx, libnet_r->out.server_dn_str);
+	if (! ldb_dn_validate(server_dn)) {
+		libnet_r->out.error_string = NULL;
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	remote_ldb_url = talloc_asprintf(tmp_ctx, "ldap://%s",
+		dcerpc_binding_get_string_option(libnet_r->out.samr_binding, "host"));
+	if (!remote_ldb_url) {
+		libnet_r->out.error_string = NULL;
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ldb_set_opaque(ldb_ctx, "credentials", samba_cmdline_get_creds());
+	ldb_set_opaque(ldb_ctx, "loadparm", samba_cmdline_get_lp_ctx());
+
+	rtn = ldb_connect(ldb_ctx, remote_ldb_url, 0, NULL);
+	if (rtn != LDB_SUCCESS) {
+		libnet_r->out.error_string = NULL;
+		talloc_free(tmp_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	rtn = ldb_delete(ldb_ctx, server_dn);
+	if (rtn != LDB_SUCCESS) {
+		libnet_r->out.error_string = NULL;
+		talloc_free(tmp_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	DEBUG(0, ("%s removed successfully.\n", libnet_r->out.server_dn_str));
+
+	talloc_free(tmp_ctx); 
+	return NT_STATUS_OK;
+}
+
+/*
+  leave the domain, deleting the machine acct
+*/
+
+_PUBLIC_ void torture_leave_domain(struct torture_context *tctx, struct test_join *join)
+{
+	struct samr_DeleteUser d;
+	NTSTATUS status;
+
+	if (!join) {
+		return;
+	}
+	d.in.user_handle = &join->user_handle;
+	d.out.user_handle = &join->user_handle;
+
+	/* Delete machine account */
+	status = dcerpc_samr_DeleteUser_r(join->p->binding_handle, join, &d);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "DeleteUser failed\n");
+	} else if (!NT_STATUS_IS_OK(d.out.result)) {
+		torture_comment(tctx, "Delete of machine account %s failed\n",
+		       join->netbios_name);
+	} else {
+		torture_comment(tctx, "Delete of machine account %s was successful.\n",
+		       join->netbios_name);
+	}
+
+	if (join->libnet_r) {
+		status = torture_leave_ads_domain(tctx, join, join->libnet_r);
+	}
+	
+	talloc_free(join);
+}
+
+/*
+  return the dom sid for a test join
+*/
+_PUBLIC_ const struct dom_sid *torture_join_sid(struct test_join *join)
+{
+	return join->dom_sid;
+}
+
+const struct dom_sid *torture_join_user_sid(struct test_join *join)
+{
+	return join->user_sid;
+}
+
+const char *torture_join_netbios_name(struct test_join *join)
+{
+	return join->netbios_name;
+}
+
+const struct GUID *torture_join_user_guid(struct test_join *join)
+{
+	return &join->user_guid;
+}
+
+const char *torture_join_dom_netbios_name(struct test_join *join)
+{
+	return join->dom_netbios_name;
+}
+
+const char *torture_join_dom_dns_name(struct test_join *join)
+{
+	return join->dom_dns_name;
+}
+
+#if 0 /* Left as the documentation of the join process, but see new implementation in libnet_become_dc.c */
+struct test_join_ads_dc {
+	struct test_join *join;
+};
+
+struct test_join_ads_dc *torture_join_domain_ads_dc(const char *machine_name, 
+						    const char *domain,
+						    struct cli_credentials **machine_credentials)
+{
+	struct test_join_ads_dc *join;
+
+	join = talloc(NULL, struct test_join_ads_dc);
+	if (join == NULL) {
+		return NULL;
+	}
+
+	join->join = torture_join_domain(machine_name, 
+					ACB_SVRTRUST,
+					machine_credentials);
+
+	if (!join->join) {
+		return NULL;
+	}
+
+/* W2K: */
+	/* W2K: modify userAccountControl from 4096 to 532480 */
+	
+	/* W2K: modify RDN to OU=Domain Controllers and skip the $ from server name */
+
+	/* ask objectVersion of Schema Partition */
+
+	/* ask rIDManagerReferenz of the Domain Partition */
+
+	/* ask fsMORoleOwner of the RID-Manager$ object
+	 * returns CN=NTDS Settings,CN=<DC>,CN=Servers,CN=Default-First-Site-Name, ...
+	 */
+
+	/* ask for dnsHostName of CN=<DC>,CN=Servers,CN=Default-First-Site-Name, ... */
+
+	/* ask for objectGUID of CN=NTDS Settings,CN=<DC>,CN=Servers,CN=Default-First-Site-Name, ... */
+
+	/* ask for * of CN=Default-First-Site-Name, ... */
+
+	/* search (&(|(objectClass=user)(objectClass=computer))(sAMAccountName=<machine_name>$)) in Domain Partition 
+	 * attributes : distinguishedName, userAccountControl
+	 */
+
+	/* ask * for CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name,... 
+	 * should fail with noSuchObject
+	 */
+
+	/* add CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name,... 
+	 *
+	 * objectClass = server
+	 * systemFlags = 50000000
+	 * serverReferenz = CN=<machine_name>,OU=Domain Controllers,...
+	 */
+
+	/* ask for * of CN=NTDS Settings,CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name, ...
+	 * should fail with noSuchObject
+	 */
+
+	/* search for (ncname=<domain_nc>) in CN=Partitions,CN=Configuration,... 
+	 * attributes: ncName, dnsRoot
+	 */
+
+	/* modify add CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name,...
+	 * serverReferenz = CN=<machine_name>,OU=Domain Controllers,...
+	 * should fail with attributeOrValueExists
+	 */
+
+	/* modify replace CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name,...
+	 * serverReferenz = CN=<machine_name>,OU=Domain Controllers,...
+	 */
+
+	/* DsAddEntry to create the CN=NTDS Settings,CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name, ...
+	 *
+	 */
+
+	/* replicate CN=Schema,CN=Configuration,...
+	 * using DRSUAPI_DS_BIND_GUID_W2K ("6abec3d1-3054-41c8-a362-5a0c5b7d5d71")
+	 *
+	 */
+
+	/* replicate CN=Configuration,...
+	 * using DRSUAPI_DS_BIND_GUID_W2K ("6abec3d1-3054-41c8-a362-5a0c5b7d5d71")
+	 *
+	 */
+
+	/* replicate Domain Partition
+	 * using DRSUAPI_DS_BIND_GUID_W2K ("6abec3d1-3054-41c8-a362-5a0c5b7d5d71")
+	 *
+	 */
+
+	/* call DsReplicaUpdateRefs() for all partitions like this:
+	 *     req1: struct drsuapi_DsReplicaUpdateRefsRequest1
+	 *           naming_context           : *
+	 *                 naming_context: struct drsuapi_DsReplicaObjectIdentifier
+	 *                     __ndr_size               : 0x000000ae (174)
+	 *                     __ndr_size_sid           : 0x00000000 (0)
+	 *                     guid                     : 00000000-0000-0000-0000-000000000000
+	 *                     sid                      : S-0-0
+	 *                     dn                       : 'CN=Schema,CN=Configuration,DC=w2k3,DC=vmnet1,DC=vm,DC=base'
+	 *           dest_dsa_dns_name        : *
+	 *                 dest_dsa_dns_name        : '4a0df188-a0b8-47ea-bbe5-e614723f16dd._msdcs.w2k3.vmnet1.vm.base'
+	 *           dest_dsa_guid            : 4a0df188-a0b8-47ea-bbe5-e614723f16dd
+	 *           options                  : 0x0000001c (28)
+	 *                 0: DRSUAPI_DS_REPLICA_UPDATE_ASYNCHRONOUS_OPERATION
+	 *                 0: DRSUAPI_DS_REPLICA_UPDATE_WRITEABLE
+	 *                 1: DRSUAPI_DS_REPLICA_UPDATE_ADD_REFERENCE
+	 *                 1: DRSUAPI_DS_REPLICA_UPDATE_DELETE_REFERENCE
+	 *                 1: DRSUAPI_DS_REPLICA_UPDATE_0x00000010      
+	 *
+	 * 4a0df188-a0b8-47ea-bbe5-e614723f16dd is the objectGUID the DsAddEntry() returned for the
+	 * CN=NTDS Settings,CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name, ...
+	 */
+
+/* W2K3: see libnet/libnet_become_dc.c */
+	return join;
+}
+
+#endif
diff --git a/source4/torture/rpc/torture_rpc.h b/source4/torture/rpc/torture_rpc.h
new file mode 100644
index 0000000..9217461
--- /dev/null
+++ b/source4/torture/rpc/torture_rpc.h
@@ -0,0 +1,126 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB torture tester
+   Copyright (C) Andrew Tridgell 1997-2003
+   Copyright (C) Jelmer Vernooij 2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __TORTURE_RPC_H__
+#define __TORTURE_RPC_H__
+
+#include "lib/torture/torture.h"
+#include "auth/credentials/credentials.h"
+#include "torture/rpc/drsuapi.h"
+#include "libnet/libnet_join.h"
+#include "librpc/rpc/dcerpc.h"
+#include "libcli/raw/libcliraw.h"
+#include "librpc/gen_ndr/ndr_spoolss.h"
+#include "torture/rpc/proto.h"
+
+struct torture_rpc_tcase {
+	struct torture_tcase tcase;
+	const struct ndr_interface_table *table;
+	const char *machine_name;
+	bool (*setup_fn)(struct torture_context *,
+			 struct dcerpc_pipe *,
+			 void *);
+	bool (*teardown_fn)(struct torture_context *,
+			    struct dcerpc_pipe *,
+			    void *);
+};
+
+struct torture_rpc_tcase_data {
+	struct test_join *join_ctx;
+	struct dcerpc_pipe *pipe;
+	struct cli_credentials *credentials;
+};
+
+NTSTATUS torture_rpc_connection(struct torture_context *tctx,
+				struct dcerpc_pipe **p, 
+				const struct ndr_interface_table *table);
+NTSTATUS torture_rpc_connection_with_binding(struct torture_context *tctx,
+					     struct dcerpc_binding *binding,
+					     struct dcerpc_pipe **p,
+					     const struct ndr_interface_table *table);
+
+struct test_join *torture_join_domain(struct torture_context *tctx,
+					       const char *machine_name, 
+				      uint32_t acct_flags,
+				      struct cli_credentials **machine_credentials);
+const struct dom_sid *torture_join_sid(struct test_join *join);
+void torture_leave_domain(struct torture_context *tctx, struct test_join *join);
+struct torture_rpc_tcase *torture_suite_add_rpc_iface_tcase(struct torture_suite *suite, 
+								const char *name,
+								const struct ndr_interface_table *table);
+struct torture_rpc_tcase *torture_suite_add_rpc_setup_tcase(
+				struct torture_suite *suite,
+				const char *name,
+				const struct ndr_interface_table *table,
+				bool (*setup_fn)(struct torture_context *,
+						 struct dcerpc_pipe *,
+						 void *),
+				bool (*teardown_fn)(struct torture_context *,
+						    struct dcerpc_pipe *,
+						    void *));
+
+struct torture_test *torture_rpc_tcase_add_test(
+					struct torture_rpc_tcase *tcase, 
+					const char *name, 
+					bool (*fn) (struct torture_context *, struct dcerpc_pipe *));
+struct torture_rpc_tcase *torture_suite_add_anon_rpc_iface_tcase(struct torture_suite *suite, 
+								const char *name,
+								const struct ndr_interface_table *table);
+
+struct torture_test *torture_rpc_tcase_add_test_join(
+	struct torture_rpc_tcase *tcase,
+	const char *name,
+	bool (*fn) (struct torture_context *, struct dcerpc_pipe *,
+		    struct cli_credentials *, struct test_join *));
+_PUBLIC_ struct torture_test *torture_rpc_tcase_add_test_setup(
+	struct torture_rpc_tcase *tcase,
+	const char *name,
+	bool (*fn)(struct torture_context *,
+		   struct dcerpc_pipe *,
+		   void *),
+	void *userdata);
+struct torture_test *torture_rpc_tcase_add_test_ex(
+					struct torture_rpc_tcase *tcase, 
+					const char *name, 
+					bool (*fn) (struct torture_context *, struct dcerpc_pipe *,
+								void *),
+					void *userdata);
+struct torture_rpc_tcase *torture_suite_add_machine_bdc_rpc_iface_tcase(
+				struct torture_suite *suite,
+				const char *name,
+				const struct ndr_interface_table *table,
+				const char *machine_name);
+struct torture_rpc_tcase *torture_suite_add_machine_workstation_rpc_iface_tcase(
+				struct torture_suite *suite, 
+				const char *name,
+				const struct ndr_interface_table *table,
+				const char *machine_name);
+struct torture_test *torture_rpc_tcase_add_test_creds(
+					struct torture_rpc_tcase *tcase, 
+					const char *name, 
+					bool (*fn) (struct torture_context *, struct dcerpc_pipe *, struct cli_credentials *));
+bool torture_suite_init_rpc_tcase(struct torture_suite *suite, 
+					   struct torture_rpc_tcase *tcase, 
+					   const char *name,
+					   const struct ndr_interface_table *table);
+
+
+
+#endif /* __TORTURE_RPC_H__ */
diff --git a/source4/torture/rpc/unixinfo.c b/source4/torture/rpc/unixinfo.c
new file mode 100644
index 0000000..227b002
--- /dev/null
+++ b/source4/torture/rpc/unixinfo.c
@@ -0,0 +1,149 @@
+/* 
+   Unix SMB/CIFS implementation.
+   test suite for unixinfo rpc operations
+
+   Copyright (C) Volker Lendecke 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/rpc/torture_rpc.h"
+#include "librpc/gen_ndr/ndr_unixinfo_c.h"
+#include "libcli/security/security.h"
+
+/**
+  test the SidToUid interface
+*/
+static bool test_sidtouid(struct torture_context *tctx, struct dcerpc_pipe *p)
+{
+	struct unixinfo_SidToUid r;
+	struct dom_sid *sid;
+	uint64_t uid;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	
+	sid = dom_sid_parse_talloc(tctx, "S-1-5-32-1234-5432");
+	r.in.sid = *sid;
+	r.out.uid = &uid;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_unixinfo_SidToUid_r(b, tctx, &r),
+		"SidToUid failed");
+	if (NT_STATUS_EQUAL(NT_STATUS_NONE_MAPPED, r.out.result)) {
+	} else torture_assert_ntstatus_ok(tctx, r.out.result, "SidToUid failed");
+
+	return true;
+}
+
+/*
+  test the UidToSid interface
+*/
+static bool test_uidtosid(struct torture_context *tctx, struct dcerpc_pipe *p)
+{
+	struct unixinfo_UidToSid r;
+	struct dom_sid sid;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.uid = 1000;
+	r.out.sid = &sid;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_unixinfo_UidToSid_r(b, tctx, &r),
+				   "UidToSid failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "UidToSid failed");
+	return true;
+}
+
+static bool test_getpwuid(struct torture_context *tctx, 
+			  struct dcerpc_pipe *p)
+{
+	uint64_t uids[512];
+	uint32_t num_uids = ARRAY_SIZE(uids);
+	uint32_t i;
+	struct unixinfo_GetPWUid r;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	for (i=0; i<num_uids; i++) {
+		uids[i] = i;
+	}
+	
+	r.in.count = &num_uids;
+	r.in.uids = uids;
+	r.out.count = &num_uids;
+	r.out.infos = talloc_array(tctx, struct unixinfo_GetPWUidInfo, num_uids);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_unixinfo_GetPWUid_r(b, tctx, &r),
+		"GetPWUid failed");
+
+	torture_assert_ntstatus_ok(tctx, r.out.result, "GetPWUid failed");
+	
+	return true;
+}
+
+/*
+  test the SidToGid interface
+*/
+static bool test_sidtogid(struct torture_context *tctx, struct dcerpc_pipe *p)
+{
+	struct unixinfo_SidToGid r;
+	struct dom_sid *sid;
+	uint64_t gid;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	sid = dom_sid_parse_talloc(tctx, "S-1-5-32-1234-5432");
+	r.in.sid = *sid;
+	r.out.gid = &gid;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_unixinfo_SidToGid_r(b, tctx, &r),
+		"SidToGid failed");
+	if (NT_STATUS_EQUAL(NT_STATUS_NONE_MAPPED, r.out.result)) {
+	} else torture_assert_ntstatus_ok(tctx, r.out.result, "SidToGid failed");
+
+	return true;
+}
+
+/*
+  test the GidToSid interface
+*/
+static bool test_gidtosid(struct torture_context *tctx, struct dcerpc_pipe *p)
+{
+	struct unixinfo_GidToSid r;
+	struct dom_sid sid;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.gid = 1000;
+	r.out.sid = &sid;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_unixinfo_GidToSid_r(b, tctx, &r),
+				   "GidToSid failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "GidToSid failed");
+
+	return true;
+}
+
+struct torture_suite *torture_rpc_unixinfo(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite;
+	struct torture_rpc_tcase *tcase;
+
+	suite = torture_suite_create(mem_ctx, "unixinfo");
+	tcase = torture_suite_add_rpc_iface_tcase(suite, "unixinfo", 
+						  &ndr_table_unixinfo);
+
+	torture_rpc_tcase_add_test(tcase, "sidtouid", test_sidtouid);
+	torture_rpc_tcase_add_test(tcase, "uidtosid", test_uidtosid);
+	torture_rpc_tcase_add_test(tcase, "getpwuid", test_getpwuid);
+	torture_rpc_tcase_add_test(tcase, "sidtogid", test_sidtogid);
+	torture_rpc_tcase_add_test(tcase, "gidtosid", test_gidtosid);
+
+	return suite;
+}
diff --git a/source4/torture/rpc/winreg.c b/source4/torture/rpc/winreg.c
new file mode 100644
index 0000000..b0e153f
--- /dev/null
+++ b/source4/torture/rpc/winreg.c
@@ -0,0 +1,3335 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for winreg rpc operations
+
+   Copyright (C) Tim Potter 2003
+   Copyright (C) Jelmer Vernooij 2004-2007
+   Copyright (C) Günther Deschner 2007,2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_winreg_c.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "libcli/security/security.h"
+#include "torture/rpc/torture_rpc.h"
+#include "param/param.h"
+#include "lib/registry/registry.h"
+
+#define TEST_KEY_BASE "winreg_torture_test"
+#define TEST_KEY1 "spottyfoot"
+#define TEST_KEY2 "with a SD (#1)"
+#define TEST_KEY3 "with a subkey"
+#define TEST_KEY4 "sd_tests"
+#define TEST_SUBKEY "subkey"
+#define TEST_SUBKEY_SD  "subkey_sd"
+#define TEST_SUBSUBKEY_SD "subkey_sd\\subsubkey_sd"
+#define TEST_VALUE "torture_value_name"
+#define TEST_KEY_VOLATILE "torture_volatile_key"
+#define TEST_SUBKEY_VOLATILE "torture_volatile_subkey"
+#define TEST_KEY_SYMLINK "torture_symlink_key"
+#define TEST_KEY_SYMLINK_DEST "torture_symlink_dest"
+
+#define TEST_SID "S-1-5-21-1234567890-1234567890-1234567890-500"
+
+static void init_lsa_StringLarge(struct lsa_StringLarge *name, const char *s)
+{
+	name->string = s;
+}
+
+static void init_winreg_String(struct winreg_String *name, const char *s)
+{
+	name->name = s;
+	if (s) {
+		name->name_len = 2 * (strlen_m(s) + 1);
+		name->name_size = name->name_len;
+	} else {
+		name->name_len = 0;
+		name->name_size = 0;
+	}
+}
+
+static bool test_GetVersion(struct dcerpc_binding_handle *b,
+			    struct torture_context *tctx,
+			    struct policy_handle *handle)
+{
+	struct winreg_GetVersion r;
+	uint32_t v;
+
+	torture_comment(tctx, "Testing GetVersion\n");
+
+	ZERO_STRUCT(r);
+	r.in.handle = handle;
+	r.out.version = &v;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_winreg_GetVersion_r(b, tctx, &r),
+				   "GetVersion failed");
+
+	torture_assert_werr_ok(tctx, r.out.result, "GetVersion failed");
+
+	return true;
+}
+
+static bool test_NotifyChangeKeyValue(struct dcerpc_binding_handle *b,
+				      struct torture_context *tctx,
+				      struct policy_handle *handle)
+{
+	struct winreg_NotifyChangeKeyValue r;
+
+	ZERO_STRUCT(r);
+	r.in.handle = handle;
+	r.in.watch_subtree = true;
+	r.in.notify_filter = 0;
+	r.in.unknown = r.in.unknown2 = 0;
+	init_winreg_String(&r.in.string1, NULL);
+	init_winreg_String(&r.in.string2, NULL);
+
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_winreg_NotifyChangeKeyValue_r(b, tctx, &r),
+				   "NotifyChangeKeyValue failed");
+
+	if (!W_ERROR_IS_OK(r.out.result)) {
+		torture_comment(tctx,
+				"NotifyChangeKeyValue failed - %s - not considering\n",
+				win_errstr(r.out.result));
+		return true;
+	}
+
+	return true;
+}
+
+static bool test_CreateKey_opts(struct torture_context *tctx,
+				struct dcerpc_binding_handle *b,
+				struct policy_handle *handle,
+				const char *name,
+				const char *kclass,
+				uint32_t options,
+				uint32_t access_mask,
+				struct winreg_SecBuf *secdesc,
+				WERROR expected_result,
+				enum winreg_CreateAction *action_taken_p,
+				struct policy_handle *new_handle_p)
+{
+	struct winreg_CreateKey r;
+	struct policy_handle newhandle;
+	enum winreg_CreateAction action_taken = 0;
+
+	torture_comment(tctx, "Testing CreateKey(%s)\n", name);
+
+	ZERO_STRUCT(r);
+	r.in.handle = handle;
+	init_winreg_String(&r.in.name, name);
+	init_winreg_String(&r.in.keyclass, kclass);
+	r.in.options = options;
+	r.in.access_mask = access_mask;
+	r.in.action_taken = &action_taken;
+	r.in.secdesc = secdesc;
+	r.out.new_handle = &newhandle;
+	r.out.action_taken = &action_taken;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_winreg_CreateKey_r(b, tctx, &r),
+				   "CreateKey failed");
+
+	torture_assert_werr_equal(tctx, r.out.result, expected_result, "CreateKey failed");
+
+	if (new_handle_p) {
+		*new_handle_p = newhandle;
+	}
+	if (action_taken_p) {
+		*action_taken_p = *r.out.action_taken;
+	}
+
+	return true;
+}
+
+static bool test_CreateKey(struct dcerpc_binding_handle *b,
+			   struct torture_context *tctx,
+			   struct policy_handle *handle, const char *name,
+			   const char *kclass)
+{
+	return test_CreateKey_opts(tctx, b, handle, name, kclass,
+				   REG_OPTION_NON_VOLATILE,
+				   SEC_FLAG_MAXIMUM_ALLOWED,
+				   NULL, /* secdesc */
+				   WERR_OK,
+				   NULL, /* action_taken */
+				   NULL /* new_handle */);
+}
+
+/*
+  createkey testing with a SD
+*/
+static bool test_CreateKey_sd(struct dcerpc_binding_handle *b,
+			      struct torture_context *tctx,
+			      struct policy_handle *handle, const char *name,
+			      const char *kclass,
+			      struct policy_handle *newhandle)
+{
+	struct winreg_CreateKey r;
+	enum winreg_CreateAction action_taken = 0;
+	struct security_descriptor *sd;
+	DATA_BLOB sdblob;
+	struct winreg_SecBuf secbuf;
+
+	sd = security_descriptor_dacl_create(tctx,
+					0,
+					NULL, NULL,
+					SID_NT_AUTHENTICATED_USERS,
+					SEC_ACE_TYPE_ACCESS_ALLOWED,
+					SEC_GENERIC_ALL,
+					SEC_ACE_FLAG_OBJECT_INHERIT |
+					SEC_ACE_FLAG_CONTAINER_INHERIT,
+					NULL);
+
+	torture_assert_ndr_success(tctx,
+		ndr_push_struct_blob(&sdblob, tctx, sd,
+				     (ndr_push_flags_fn_t)ndr_push_security_descriptor),
+				     "Failed to push security_descriptor ?!\n");
+
+	secbuf.sd.data = sdblob.data;
+	secbuf.sd.len = sdblob.length;
+	secbuf.sd.size = sdblob.length;
+	secbuf.length = sdblob.length-10;
+	secbuf.inherit = 0;
+
+	ZERO_STRUCT(r);
+	r.in.handle = handle;
+	r.out.new_handle = newhandle;
+	init_winreg_String(&r.in.name, name);
+	init_winreg_String(&r.in.keyclass, kclass);
+	r.in.options = 0x0;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.in.action_taken = r.out.action_taken = &action_taken;
+	r.in.secdesc = &secbuf;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_winreg_CreateKey_r(b, tctx, &r),
+				   "CreateKey with sd failed");
+
+	torture_assert_werr_ok(tctx, r.out.result, "CreateKey with sd failed");
+
+	return true;
+}
+
+static bool _test_GetKeySecurity(struct dcerpc_pipe *p,
+				 struct torture_context *tctx,
+				 struct policy_handle *handle,
+				 uint32_t *sec_info_ptr,
+				 WERROR get_werr,
+				 struct security_descriptor **sd_out)
+{
+	struct winreg_GetKeySecurity r;
+	struct security_descriptor *sd = NULL;
+	uint32_t sec_info;
+	DATA_BLOB sdblob;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (sec_info_ptr) {
+		sec_info = *sec_info_ptr;
+	} else {
+		sec_info = SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL;
+	}
+
+	ZERO_STRUCT(r);
+
+	r.in.handle = handle;
+	r.in.sec_info = sec_info;
+	r.in.sd = r.out.sd = talloc_zero(tctx, struct KeySecurityData);
+	r.in.sd->size = 0x1000;
+
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_winreg_GetKeySecurity_r(b, tctx, &r),
+				   "GetKeySecurity failed");
+
+	torture_assert_werr_equal(tctx, r.out.result, get_werr,
+				  "GetKeySecurity failed");
+
+	sdblob.data = r.out.sd->data;
+	sdblob.length = r.out.sd->len;
+
+	sd = talloc_zero(tctx, struct security_descriptor);
+
+	torture_assert_ndr_success(tctx,
+		ndr_pull_struct_blob(&sdblob, tctx, sd,
+				     (ndr_pull_flags_fn_t)ndr_pull_security_descriptor),
+				     "pull_security_descriptor failed");
+
+	if (p->conn->flags & DCERPC_DEBUG_PRINT_OUT) {
+		NDR_PRINT_DEBUG(security_descriptor, sd);
+	}
+
+	if (sd_out) {
+		*sd_out = sd;
+	} else {
+		talloc_free(sd);
+	}
+
+	return true;
+}
+
+static bool test_GetKeySecurity(struct dcerpc_pipe *p,
+				struct torture_context *tctx,
+				struct policy_handle *handle,
+				struct security_descriptor **sd_out)
+{
+	return _test_GetKeySecurity(p, tctx, handle, NULL, WERR_OK, sd_out);
+}
+
+static bool _test_SetKeySecurity(struct dcerpc_pipe *p,
+				 struct torture_context *tctx,
+				 struct policy_handle *handle,
+				 uint32_t *sec_info_ptr,
+				 struct security_descriptor *sd,
+				 WERROR werr)
+{
+	struct winreg_SetKeySecurity r;
+	struct KeySecurityData *sdata = NULL;
+	DATA_BLOB sdblob;
+	uint32_t sec_info;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	ZERO_STRUCT(r);
+
+	if (sd && (p->conn->flags & DCERPC_DEBUG_PRINT_OUT)) {
+		NDR_PRINT_DEBUG(security_descriptor, sd);
+	}
+
+	torture_assert_ndr_success(tctx,
+		ndr_push_struct_blob(&sdblob, tctx, sd,
+				     (ndr_push_flags_fn_t)ndr_push_security_descriptor),
+				     "push_security_descriptor failed");
+
+	sdata = talloc_zero(tctx, struct KeySecurityData);
+	sdata->data = sdblob.data;
+	sdata->size = sdblob.length;
+	sdata->len = sdblob.length;
+
+	if (sec_info_ptr) {
+		sec_info = *sec_info_ptr;
+	} else {
+		sec_info = SECINFO_UNPROTECTED_SACL |
+			   SECINFO_UNPROTECTED_DACL;
+		if (sd->owner_sid) {
+			sec_info |= SECINFO_OWNER;
+		}
+		if (sd->group_sid) {
+			sec_info |= SECINFO_GROUP;
+		}
+		if (sd->sacl) {
+			sec_info |= SECINFO_SACL;
+		}
+		if (sd->dacl) {
+			sec_info |= SECINFO_DACL;
+		}
+	}
+
+	r.in.handle = handle;
+	r.in.sec_info = sec_info;
+	r.in.sd = sdata;
+
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_winreg_SetKeySecurity_r(b, tctx, &r),
+				   "SetKeySecurity failed");
+
+	torture_assert_werr_equal(tctx, r.out.result, werr,
+				  "SetKeySecurity failed");
+
+	return true;
+}
+
+static bool test_SetKeySecurity(struct dcerpc_pipe *p,
+				struct torture_context *tctx,
+				struct policy_handle *handle,
+				struct security_descriptor *sd)
+{
+	return _test_SetKeySecurity(p, tctx, handle, NULL, sd, WERR_OK);
+}
+
+static bool test_CloseKey(struct dcerpc_binding_handle *b,
+			  struct torture_context *tctx,
+			  struct policy_handle *handle)
+{
+	struct winreg_CloseKey r;
+
+	ZERO_STRUCT(r);
+	r.in.handle = r.out.handle = handle;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_winreg_CloseKey_r(b, tctx, &r),
+				   "CloseKey failed");
+
+	torture_assert_werr_ok(tctx, r.out.result, "CloseKey failed");
+
+	return true;
+}
+
+static bool test_FlushKey(struct dcerpc_binding_handle *b,
+			  struct torture_context *tctx,
+			  struct policy_handle *handle)
+{
+	struct winreg_FlushKey r;
+
+	ZERO_STRUCT(r);
+	r.in.handle = handle;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_winreg_FlushKey_r(b, tctx, &r),
+				   "FlushKey failed");
+
+	torture_assert_werr_ok(tctx, r.out.result, "FlushKey failed");
+
+	return true;
+}
+
+static bool test_OpenKey_opts(struct torture_context *tctx,
+			      struct dcerpc_binding_handle *b,
+			      struct policy_handle *hive_handle,
+			      const char *keyname,
+			      uint32_t options,
+			      uint32_t access_mask,
+			      struct policy_handle *key_handle,
+			      WERROR expected_result)
+{
+	struct winreg_OpenKey r;
+
+	ZERO_STRUCT(r);
+	r.in.parent_handle = hive_handle;
+	init_winreg_String(&r.in.keyname, keyname);
+	r.in.options = options;
+	r.in.access_mask = access_mask;
+	r.out.handle = key_handle;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_winreg_OpenKey_r(b, tctx, &r),
+				   "OpenKey failed");
+
+	torture_assert_werr_equal(tctx, r.out.result, expected_result,
+				  "OpenKey failed");
+
+	return true;
+}
+
+static bool test_OpenKey(struct dcerpc_binding_handle *b,
+			 struct torture_context *tctx,
+			 struct policy_handle *hive_handle,
+			 const char *keyname, struct policy_handle *key_handle)
+{
+	return test_OpenKey_opts(tctx, b, hive_handle, keyname,
+				 REG_OPTION_NON_VOLATILE,
+				 SEC_FLAG_MAXIMUM_ALLOWED,
+				 key_handle,
+				 WERR_OK);
+}
+
+static bool test_Cleanup(struct dcerpc_binding_handle *b,
+			 struct torture_context *tctx,
+			 struct policy_handle *handle, const char *key)
+{
+	struct winreg_DeleteKey r;
+
+	ZERO_STRUCT(r);
+	r.in.handle = handle;
+
+	init_winreg_String(&r.in.key, key);
+	dcerpc_winreg_DeleteKey_r(b, tctx, &r);
+
+	return true;
+}
+
+static bool _test_GetSetSecurityDescriptor(struct dcerpc_pipe *p,
+					   struct torture_context *tctx,
+					   struct policy_handle *handle,
+					   WERROR get_werr,
+					   WERROR set_werr)
+{
+	struct security_descriptor *sd = NULL;
+
+	if (!_test_GetKeySecurity(p, tctx, handle, NULL, get_werr, &sd)) {
+		return false;
+	}
+
+	if (!_test_SetKeySecurity(p, tctx, handle, NULL, sd, set_werr)) {
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_SecurityDescriptor(struct dcerpc_pipe *p,
+				    struct torture_context *tctx,
+				    struct policy_handle *handle,
+				    const char *key)
+{
+	struct policy_handle new_handle;
+	bool ret = true;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	torture_comment(tctx, "SecurityDescriptor get & set\n");
+
+	if (!test_OpenKey(b, tctx, handle, key, &new_handle)) {
+		return false;
+	}
+
+	if (!_test_GetSetSecurityDescriptor(p, tctx, &new_handle,
+					    WERR_OK, WERR_OK)) {
+		ret = false;
+	}
+
+	if (!test_CloseKey(b, tctx, &new_handle)) {
+		return false;
+	}
+
+	return ret;
+}
+
+static bool _test_SecurityDescriptor(struct dcerpc_pipe *p,
+				     struct torture_context *tctx,
+				     struct policy_handle *handle,
+				     uint32_t access_mask,
+				     const char *key,
+				     WERROR open_werr,
+				     WERROR get_werr,
+				     WERROR set_werr)
+{
+	struct policy_handle new_handle;
+	bool ret = true;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	torture_assert(tctx,
+		test_OpenKey_opts(tctx, b, handle, key,
+				  REG_OPTION_NON_VOLATILE,
+				  access_mask,
+				  &new_handle,
+				  open_werr),
+		"failed to open key");
+
+	if (!W_ERROR_IS_OK(open_werr)) {
+		return true;
+	}
+
+	if (!_test_GetSetSecurityDescriptor(p, tctx, &new_handle,
+					    get_werr, set_werr)) {
+		ret = false;
+	}
+
+	if (!test_CloseKey(b, tctx, &new_handle)) {
+		return false;
+	}
+
+	return ret;
+}
+
+static bool test_dacl_trustee_present(struct dcerpc_pipe *p,
+				      struct torture_context *tctx,
+				      struct policy_handle *handle,
+				      const struct dom_sid *sid)
+{
+	struct security_descriptor *sd = NULL;
+	int i;
+
+	if (!test_GetKeySecurity(p, tctx, handle, &sd)) {
+		return false;
+	}
+
+	if (!sd || !sd->dacl) {
+		return false;
+	}
+
+	for (i = 0; i < sd->dacl->num_aces; i++) {
+		if (dom_sid_equal(&sd->dacl->aces[i].trustee, sid)) {
+			return true;
+		}
+	}
+
+	return false;
+}
+
+static bool _test_dacl_trustee_present(struct dcerpc_pipe *p,
+				       struct torture_context *tctx,
+				       struct policy_handle *handle,
+				       const char *key,
+				       const struct dom_sid *sid)
+{
+	struct policy_handle new_handle;
+	bool ret = true;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (!test_OpenKey(b, tctx, handle, key, &new_handle)) {
+		return false;
+	}
+
+	ret = test_dacl_trustee_present(p, tctx, &new_handle, sid);
+
+	test_CloseKey(b, tctx, &new_handle);
+
+	return ret;
+}
+
+static bool test_sacl_trustee_present(struct dcerpc_pipe *p,
+				      struct torture_context *tctx,
+				      struct policy_handle *handle,
+				      const struct dom_sid *sid)
+{
+	struct security_descriptor *sd = NULL;
+	int i;
+	uint32_t sec_info = SECINFO_SACL;
+
+	if (!_test_GetKeySecurity(p, tctx, handle, &sec_info, WERR_OK, &sd)) {
+		return false;
+	}
+
+	if (!sd || !sd->sacl) {
+		return false;
+	}
+
+	for (i = 0; i < sd->sacl->num_aces; i++) {
+		if (dom_sid_equal(&sd->sacl->aces[i].trustee, sid)) {
+			return true;
+		}
+	}
+
+	return false;
+}
+
+static bool _test_sacl_trustee_present(struct dcerpc_pipe *p,
+				       struct torture_context *tctx,
+				       struct policy_handle *handle,
+				       const char *key,
+				       const struct dom_sid *sid)
+{
+	struct policy_handle new_handle;
+	bool ret = true;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	torture_assert(tctx,
+		test_OpenKey_opts(tctx, b, handle, key,
+				  REG_OPTION_NON_VOLATILE,
+				  SEC_FLAG_SYSTEM_SECURITY,
+				  &new_handle,
+				  WERR_OK),
+		"failed to open key");
+
+	ret = test_sacl_trustee_present(p, tctx, &new_handle, sid);
+
+	test_CloseKey(b, tctx, &new_handle);
+
+	return ret;
+}
+
+static bool test_owner_present(struct dcerpc_pipe *p,
+			       struct torture_context *tctx,
+			       struct policy_handle *handle,
+			       const struct dom_sid *sid)
+{
+	struct security_descriptor *sd = NULL;
+	uint32_t sec_info = SECINFO_OWNER;
+
+	if (!_test_GetKeySecurity(p, tctx, handle, &sec_info, WERR_OK, &sd)) {
+		return false;
+	}
+
+	if (!sd || !sd->owner_sid) {
+		return false;
+	}
+
+	return dom_sid_equal(sd->owner_sid, sid);
+}
+
+static bool _test_owner_present(struct dcerpc_pipe *p,
+				struct torture_context *tctx,
+				struct policy_handle *handle,
+				const char *key,
+				const struct dom_sid *sid)
+{
+	struct policy_handle new_handle;
+	bool ret = true;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (!test_OpenKey(b, tctx, handle, key, &new_handle)) {
+		return false;
+	}
+
+	ret = test_owner_present(p, tctx, &new_handle, sid);
+
+	test_CloseKey(b, tctx, &new_handle);
+
+	return ret;
+}
+
+static bool test_group_present(struct dcerpc_pipe *p,
+			       struct torture_context *tctx,
+			       struct policy_handle *handle,
+			       const struct dom_sid *sid)
+{
+	struct security_descriptor *sd = NULL;
+	uint32_t sec_info = SECINFO_GROUP;
+
+	if (!_test_GetKeySecurity(p, tctx, handle, &sec_info, WERR_OK, &sd)) {
+		return false;
+	}
+
+	if (!sd || !sd->group_sid) {
+		return false;
+	}
+
+	return dom_sid_equal(sd->group_sid, sid);
+}
+
+static bool _test_group_present(struct dcerpc_pipe *p,
+				struct torture_context *tctx,
+				struct policy_handle *handle,
+				const char *key,
+				const struct dom_sid *sid)
+{
+	struct policy_handle new_handle;
+	bool ret = true;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (!test_OpenKey(b, tctx, handle, key, &new_handle)) {
+		return false;
+	}
+
+	ret = test_group_present(p, tctx, &new_handle, sid);
+
+	test_CloseKey(b, tctx, &new_handle);
+
+	return ret;
+}
+
+static bool test_dacl_trustee_flags_present(struct dcerpc_pipe *p,
+					    struct torture_context *tctx,
+					    struct policy_handle *handle,
+					    const struct dom_sid *sid,
+					    uint8_t flags)
+{
+	struct security_descriptor *sd = NULL;
+	int i;
+
+	if (!test_GetKeySecurity(p, tctx, handle, &sd)) {
+		return false;
+	}
+
+	if (!sd || !sd->dacl) {
+		return false;
+	}
+
+	for (i = 0; i < sd->dacl->num_aces; i++) {
+		if ((dom_sid_equal(&sd->dacl->aces[i].trustee, sid)) &&
+		    (sd->dacl->aces[i].flags == flags)) {
+			return true;
+		}
+	}
+
+	return false;
+}
+
+static bool test_dacl_ace_present(struct dcerpc_pipe *p,
+				  struct torture_context *tctx,
+				  struct policy_handle *handle,
+				  const struct security_ace *ace)
+{
+	struct security_descriptor *sd = NULL;
+	int i;
+
+	if (!test_GetKeySecurity(p, tctx, handle, &sd)) {
+		return false;
+	}
+
+	if (!sd || !sd->dacl) {
+		return false;
+	}
+
+	for (i = 0; i < sd->dacl->num_aces; i++) {
+		if (security_ace_equal(&sd->dacl->aces[i], ace)) {
+			return true;
+		}
+	}
+
+	return false;
+}
+
+static bool test_RestoreSecurity(struct dcerpc_pipe *p,
+				 struct torture_context *tctx,
+				 struct policy_handle *handle,
+				 const char *key,
+				 struct security_descriptor *sd)
+{
+	struct policy_handle new_handle;
+	bool ret = true;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (!test_OpenKey(b, tctx, handle, key, &new_handle)) {
+		return false;
+	}
+
+	if (!test_SetKeySecurity(p, tctx, &new_handle, sd)) {
+		ret = false;
+	}
+
+	if (!test_CloseKey(b, tctx, &new_handle)) {
+		ret = false;
+	}
+
+	return ret;
+}
+
+static bool test_BackupSecurity(struct dcerpc_pipe *p,
+				struct torture_context *tctx,
+				struct policy_handle *handle,
+				const char *key,
+				struct security_descriptor **sd)
+{
+	struct policy_handle new_handle;
+	bool ret = true;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (!test_OpenKey(b, tctx, handle, key, &new_handle)) {
+		return false;
+	}
+
+	if (!test_GetKeySecurity(p, tctx, &new_handle, sd)) {
+		ret = false;
+	}
+
+	if (!test_CloseKey(b, tctx, &new_handle)) {
+		ret = false;
+	}
+
+	return ret;
+}
+
+static bool test_SecurityDescriptorInheritance(struct dcerpc_pipe *p,
+					       struct torture_context *tctx,
+					       struct policy_handle *handle,
+					       const char *key)
+{
+	/* get sd
+	   add ace SEC_ACE_FLAG_CONTAINER_INHERIT
+	   set sd
+	   get sd
+	   check ace
+	   add subkey
+	   get sd
+	   check ace
+	   add subsubkey
+	   get sd
+	   check ace
+	   del subsubkey
+	   del subkey
+	   reset sd
+	*/
+
+	struct security_descriptor *sd = NULL;
+	struct security_descriptor *sd_orig = NULL;
+	struct security_ace *ace = NULL;
+	struct policy_handle new_handle;
+	bool ret = true;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	const char *test_subkey_sd;
+	const char *test_subsubkey_sd;
+
+	torture_comment(tctx, "SecurityDescriptor inheritance\n");
+
+	if (!test_OpenKey(b, tctx, handle, key, &new_handle)) {
+		return false;
+	}
+
+	if (!_test_GetKeySecurity(p, tctx, &new_handle, NULL, WERR_OK, &sd)) {
+		return false;
+	}
+
+	sd_orig = security_descriptor_copy(tctx, sd);
+	if (sd_orig == NULL) {
+		return false;
+	}
+
+	ace = security_ace_create(tctx,
+				  TEST_SID,
+				  SEC_ACE_TYPE_ACCESS_ALLOWED,
+				  SEC_STD_REQUIRED,
+				  SEC_ACE_FLAG_CONTAINER_INHERIT);
+
+	torture_assert_ntstatus_ok(tctx,
+		security_descriptor_dacl_add(sd, ace),
+		"failed to add ace");
+
+	/* FIXME: add further tests for these flags */
+	sd->type |= SEC_DESC_DACL_AUTO_INHERIT_REQ |
+		    SEC_DESC_SACL_AUTO_INHERITED;
+
+	if (!test_SetKeySecurity(p, tctx, &new_handle, sd)) {
+		return false;
+	}
+
+	torture_assert(tctx,
+		test_dacl_ace_present(p, tctx, &new_handle, ace),
+		"new ACE not present!");
+
+	if (!test_CloseKey(b, tctx, &new_handle)) {
+		return false;
+	}
+
+	test_subkey_sd = talloc_asprintf(tctx, "%s\\%s", key, TEST_SUBKEY_SD);
+
+	if (!test_CreateKey(b, tctx, handle, test_subkey_sd, NULL)) {
+		ret = false;
+		goto out;
+	}
+
+	if (!test_OpenKey(b, tctx, handle, test_subkey_sd, &new_handle)) {
+		ret = false;
+		goto out;
+	}
+
+	if (!test_dacl_ace_present(p, tctx, &new_handle, ace)) {
+		torture_comment(tctx, "inherited ACE not present!\n");
+		ret = false;
+		goto out;
+	}
+
+	test_subsubkey_sd = talloc_asprintf(tctx, "%s\\%s", key, TEST_SUBSUBKEY_SD);
+
+	test_CloseKey(b, tctx, &new_handle);
+	if (!test_CreateKey(b, tctx, handle, test_subsubkey_sd, NULL)) {
+		ret = false;
+		goto out;
+	}
+
+	if (!test_OpenKey(b, tctx, handle, test_subsubkey_sd, &new_handle)) {
+		ret = false;
+		goto out;
+	}
+
+	if (!test_dacl_ace_present(p, tctx, &new_handle, ace)) {
+		torture_comment(tctx, "inherited ACE not present!\n");
+		ret = false;
+		goto out;
+	}
+
+ out:
+	test_CloseKey(b, tctx, &new_handle);
+	test_Cleanup(b, tctx, handle, test_subkey_sd);
+	test_RestoreSecurity(p, tctx, handle, key, sd_orig);
+
+	return ret;
+}
+
+static bool test_SecurityDescriptorBlockInheritance(struct dcerpc_pipe *p,
+						    struct torture_context *tctx,
+						    struct policy_handle *handle,
+						    const char *key)
+{
+	/* get sd
+	   add ace SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
+	   set sd
+	   add subkey/subkey
+	   get sd
+	   check ace
+	   get sd from subkey
+	   check ace
+	   del subkey/subkey
+	   del subkey
+	   reset sd
+	*/
+
+	struct security_descriptor *sd = NULL;
+	struct security_descriptor *sd_orig = NULL;
+	struct security_ace *ace = NULL;
+	struct policy_handle new_handle;
+	struct dom_sid *sid = NULL;
+	bool ret = true;
+	uint8_t ace_flags = 0x0;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	const char *test_subkey_sd;
+	const char *test_subsubkey_sd;
+
+	torture_comment(tctx, "SecurityDescriptor inheritance block\n");
+
+	if (!test_OpenKey(b, tctx, handle, key, &new_handle)) {
+		return false;
+	}
+
+	if (!_test_GetKeySecurity(p, tctx, &new_handle, NULL, WERR_OK, &sd)) {
+		return false;
+	}
+
+	sd_orig = security_descriptor_copy(tctx, sd);
+	if (sd_orig == NULL) {
+		return false;
+	}
+
+	ace = security_ace_create(tctx,
+				  TEST_SID,
+				  SEC_ACE_TYPE_ACCESS_ALLOWED,
+				  SEC_STD_REQUIRED,
+				  SEC_ACE_FLAG_CONTAINER_INHERIT |
+				  SEC_ACE_FLAG_NO_PROPAGATE_INHERIT);
+
+	torture_assert_ntstatus_ok(tctx,
+		security_descriptor_dacl_add(sd, ace),
+		"failed to add ace");
+
+	if (!_test_SetKeySecurity(p, tctx, &new_handle, NULL, sd, WERR_OK)) {
+		return false;
+	}
+
+	torture_assert(tctx,
+		test_dacl_ace_present(p, tctx, &new_handle, ace),
+		"new ACE not present!");
+
+	if (!test_CloseKey(b, tctx, &new_handle)) {
+		return false;
+	}
+
+	test_subkey_sd = talloc_asprintf(tctx, "%s\\%s", key, TEST_SUBKEY_SD);
+	test_subsubkey_sd = talloc_asprintf(tctx, "%s\\%s", key, TEST_SUBSUBKEY_SD);
+
+	if (!test_CreateKey(b, tctx, handle, test_subsubkey_sd, NULL)) {
+		return false;
+	}
+
+	if (!test_OpenKey(b, tctx, handle, test_subsubkey_sd, &new_handle)) {
+		ret = false;
+		goto out;
+	}
+
+	if (test_dacl_ace_present(p, tctx, &new_handle, ace)) {
+		torture_comment(tctx, "inherited ACE present but should not!\n");
+		ret = false;
+		goto out;
+	}
+
+	sid = dom_sid_parse_talloc(tctx, TEST_SID);
+	if (sid == NULL) {
+		return false;
+	}
+
+	if (test_dacl_trustee_present(p, tctx, &new_handle, sid)) {
+		torture_comment(tctx, "inherited trustee SID present but should not!\n");
+		ret = false;
+		goto out;
+	}
+
+	test_CloseKey(b, tctx, &new_handle);
+
+	if (!test_OpenKey(b, tctx, handle, test_subkey_sd, &new_handle)) {
+		ret = false;
+		goto out;
+	}
+
+	if (test_dacl_ace_present(p, tctx, &new_handle, ace)) {
+		torture_comment(tctx, "inherited ACE present but should not!\n");
+		ret = false;
+		goto out;
+	}
+
+	if (!test_dacl_trustee_flags_present(p, tctx, &new_handle, sid, ace_flags)) {
+		torture_comment(tctx, "inherited trustee SID with flags 0x%02x not present!\n",
+			ace_flags);
+		ret = false;
+		goto out;
+	}
+
+ out:
+	test_CloseKey(b, tctx, &new_handle);
+	test_Cleanup(b, tctx, handle, test_subkey_sd);
+	test_RestoreSecurity(p, tctx, handle, key, sd_orig);
+
+	return ret;
+}
+
+static bool test_SecurityDescriptorsMasks(struct dcerpc_pipe *p,
+					  struct torture_context *tctx,
+					  struct policy_handle *handle,
+					  const char *key)
+{
+	bool ret = true;
+	int i;
+
+	struct winreg_mask_result_table {
+		uint32_t access_mask;
+		WERROR open_werr;
+		WERROR get_werr;
+		WERROR set_werr;
+	} sd_mask_tests[] = {
+		{ 0,
+			WERR_ACCESS_DENIED, WERR_FILE_NOT_FOUND, WERR_FOOBAR },
+		{ SEC_FLAG_MAXIMUM_ALLOWED,
+			WERR_OK, WERR_OK, WERR_OK },
+		{ SEC_STD_WRITE_DAC,
+			WERR_OK, WERR_ACCESS_DENIED, WERR_FOOBAR },
+		{ SEC_FLAG_SYSTEM_SECURITY,
+			WERR_OK, WERR_ACCESS_DENIED, WERR_FOOBAR }
+	};
+
+	/* FIXME: before this test can ever run successfully we need a way to
+	 * correctly read a NULL security_descritpor in ndr, get the required
+	 * length, requery, etc.
+	 */
+
+	return true;
+
+	for (i=0; i < ARRAY_SIZE(sd_mask_tests); i++) {
+
+		torture_comment(tctx,
+				"SecurityDescriptor get & set with access_mask: 0x%08x\n",
+				sd_mask_tests[i].access_mask);
+		torture_comment(tctx,
+				"expecting: open %s, get: %s, set: %s\n",
+				win_errstr(sd_mask_tests[i].open_werr),
+				win_errstr(sd_mask_tests[i].get_werr),
+				win_errstr(sd_mask_tests[i].set_werr));
+
+		if (_test_SecurityDescriptor(p, tctx, handle,
+					     sd_mask_tests[i].access_mask, key,
+					     sd_mask_tests[i].open_werr,
+					     sd_mask_tests[i].get_werr,
+					     sd_mask_tests[i].set_werr)) {
+			ret = false;
+		}
+	}
+
+	return ret;
+}
+
+typedef bool (*secinfo_verify_fn)(struct dcerpc_pipe *,
+				  struct torture_context *,
+				  struct policy_handle *,
+				  const char *,
+				  const struct dom_sid *);
+
+static bool test_SetSecurityDescriptor_SecInfo(struct dcerpc_pipe *p,
+					       struct torture_context *tctx,
+					       struct policy_handle *handle,
+					       const char *key,
+					       const char *test,
+					       uint32_t access_mask,
+					       uint32_t sec_info,
+					       struct security_descriptor *sd,
+					       WERROR set_werr,
+					       bool expect_present,
+					       bool (*fn) (struct dcerpc_pipe *,
+							   struct torture_context *,
+							   struct policy_handle *,
+							   const char *,
+							   const struct dom_sid *),
+					       const struct dom_sid *sid)
+{
+	struct policy_handle new_handle;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	torture_comment(tctx, "SecurityDescriptor (%s) sets for secinfo: "
+			"0x%08x, access_mask: 0x%08x\n",
+			test, sec_info, access_mask);
+
+	torture_assert(tctx,
+		test_OpenKey_opts(tctx, b, handle, key,
+				  REG_OPTION_NON_VOLATILE,
+				  access_mask,
+				  &new_handle,
+				  WERR_OK),
+		"failed to open key");
+
+	if (!_test_SetKeySecurity(p, tctx, &new_handle, &sec_info,
+				  sd,
+				  set_werr)) {
+		torture_warning(tctx,
+				"SetKeySecurity with secinfo: 0x%08x has failed\n",
+				sec_info);
+		smb_panic("");
+		test_CloseKey(b, tctx, &new_handle);
+		return false;
+	}
+
+	test_CloseKey(b, tctx, &new_handle);
+
+	if (W_ERROR_IS_OK(set_werr)) {
+		bool present;
+		present = fn(p, tctx, handle, key, sid);
+		if ((expect_present) && (!present)) {
+			torture_warning(tctx,
+					"%s sid is not present!\n",
+					test);
+			return false;
+		}
+		if ((!expect_present) && (present)) {
+			torture_warning(tctx,
+					"%s sid is present but not expected!\n",
+					test);
+			return false;
+		}
+	}
+
+	return true;
+}
+
+static bool test_SecurityDescriptorsSecInfo(struct dcerpc_pipe *p,
+					    struct torture_context *tctx,
+					    struct policy_handle *handle,
+					    const char *key)
+{
+	struct security_descriptor *sd_orig = NULL;
+	struct dom_sid *sid = NULL;
+	bool ret = true;
+	int i, a;
+
+	struct security_descriptor *sd_owner =
+		security_descriptor_dacl_create(tctx,
+						0,
+						TEST_SID, NULL, NULL);
+
+	struct security_descriptor *sd_group =
+		security_descriptor_dacl_create(tctx,
+						0,
+						NULL, TEST_SID, NULL);
+
+	struct security_descriptor *sd_dacl =
+		security_descriptor_dacl_create(tctx,
+						0,
+						NULL, NULL,
+						TEST_SID,
+						SEC_ACE_TYPE_ACCESS_ALLOWED,
+						SEC_GENERIC_ALL,
+						0,
+						SID_NT_AUTHENTICATED_USERS,
+						SEC_ACE_TYPE_ACCESS_ALLOWED,
+						SEC_GENERIC_ALL,
+						0,
+						NULL);
+
+	struct security_descriptor *sd_sacl =
+		security_descriptor_sacl_create(tctx,
+						0,
+						NULL, NULL,
+						TEST_SID,
+						SEC_ACE_TYPE_SYSTEM_AUDIT,
+						SEC_GENERIC_ALL,
+						SEC_ACE_FLAG_SUCCESSFUL_ACCESS,
+						NULL);
+
+	struct winreg_secinfo_table {
+		struct security_descriptor *sd;
+		uint32_t sec_info;
+		WERROR set_werr;
+		bool sid_present;
+		secinfo_verify_fn fn;
+	};
+
+	struct winreg_secinfo_table sec_info_owner_tests[] = {
+		{
+			.sd          = sd_owner,
+			.sec_info    = 0,
+			.set_werr    = WERR_OK,
+			.sid_present = false,
+			.fn          = (secinfo_verify_fn)_test_owner_present,
+		},
+		{
+			.sd          = sd_owner,
+			.sec_info    = SECINFO_OWNER,
+			.set_werr    = WERR_OK,
+			.sid_present = true,
+			.fn          = (secinfo_verify_fn)_test_owner_present,
+		},
+		{
+			.sd          = sd_owner,
+			.sec_info    = SECINFO_GROUP,
+			.set_werr    = WERR_INVALID_PARAMETER,
+			.sid_present  = false,
+		},
+		{
+			.sd          = sd_owner,
+			.sec_info    = SECINFO_DACL,
+			.set_werr    = WERR_OK,
+			.sid_present = true,
+			.fn          = (secinfo_verify_fn)_test_owner_present,
+		},
+		{
+			.sd          = sd_owner,
+			.sec_info    = SECINFO_SACL,
+			.set_werr    = WERR_ACCESS_DENIED,
+			.sid_present  = false,
+		},
+	};
+
+	uint32_t sd_owner_good_access_masks[] = {
+		SEC_FLAG_MAXIMUM_ALLOWED,
+		/* SEC_STD_WRITE_OWNER, */
+	};
+
+	struct winreg_secinfo_table sec_info_group_tests[] = {
+		{
+			.sd          = sd_group,
+			.sec_info    = 0,
+			.set_werr    = WERR_OK,
+			.sid_present = false,
+			.fn          = (secinfo_verify_fn)_test_group_present,
+		},
+		{
+			.sd          = sd_group,
+			.sec_info    = SECINFO_OWNER,
+			.set_werr    = WERR_INVALID_PARAMETER,
+			.sid_present = false,
+		},
+		{
+			.sd          = sd_group,
+			.sec_info    = SECINFO_GROUP,
+			.set_werr    = WERR_OK,
+			.sid_present = true,
+			.fn          = (secinfo_verify_fn)_test_group_present,
+		},
+		{
+			.sd          = sd_group,
+			.sec_info    = SECINFO_DACL,
+			.set_werr    = WERR_OK,
+			.sid_present = true,
+			.fn          = (secinfo_verify_fn)_test_group_present,
+		},
+		{
+			.sd          = sd_group,
+			.sec_info    = SECINFO_SACL,
+			.set_werr    = WERR_ACCESS_DENIED,
+			.sid_present = false,
+		},
+	};
+
+	uint32_t sd_group_good_access_masks[] = {
+		SEC_FLAG_MAXIMUM_ALLOWED,
+	};
+
+	struct winreg_secinfo_table sec_info_dacl_tests[] = {
+		{
+			.sd          = sd_dacl,
+			.sec_info    = 0,
+			.set_werr    = WERR_OK,
+			.sid_present = false,
+			.fn          = (secinfo_verify_fn)_test_dacl_trustee_present,
+		},
+		{
+			.sd          = sd_dacl,
+			.sec_info    = SECINFO_OWNER,
+			.set_werr    = WERR_INVALID_PARAMETER,
+			.sid_present = false,
+		},
+		{
+			.sd          = sd_dacl,
+			.sec_info    = SECINFO_GROUP,
+			.set_werr    = WERR_INVALID_PARAMETER,
+			.sid_present = false,
+		},
+		{
+			.sd          = sd_dacl,
+			.sec_info    = SECINFO_DACL,
+			.set_werr    = WERR_OK,
+			.sid_present = true,
+			.fn          = (secinfo_verify_fn)_test_dacl_trustee_present
+		},
+		{
+			.sd          = sd_dacl,
+			.sec_info    = SECINFO_SACL,
+			.set_werr    = WERR_ACCESS_DENIED,
+			.sid_present = false,
+		},
+	};
+
+	uint32_t sd_dacl_good_access_masks[] = {
+		SEC_FLAG_MAXIMUM_ALLOWED,
+		SEC_STD_WRITE_DAC,
+	};
+
+	struct winreg_secinfo_table sec_info_sacl_tests[] = {
+		{
+			.sd          = sd_sacl,
+			.sec_info    = 0,
+			.set_werr    = WERR_OK,
+			.sid_present = false,
+			.fn          = (secinfo_verify_fn)_test_sacl_trustee_present,
+		},
+		{
+			.sd          = sd_sacl,
+			.sec_info    = SECINFO_OWNER,
+			.set_werr    = WERR_INVALID_PARAMETER,
+			.sid_present = false,
+		},
+		{
+			.sd          = sd_sacl,
+			.sec_info    = SECINFO_GROUP,
+			.set_werr    = WERR_INVALID_PARAMETER,
+			.sid_present = false,
+		},
+		{
+			.sd          = sd_sacl,
+			.sec_info    = SECINFO_DACL,
+			.set_werr    = WERR_OK,
+			.sid_present = false,
+			.fn          = (secinfo_verify_fn)_test_sacl_trustee_present,
+		},
+		{
+			.sd          = sd_sacl,
+			.sec_info    = SECINFO_SACL,
+			.set_werr    = WERR_OK,
+			.sid_present = true,
+			.fn          = (secinfo_verify_fn)_test_sacl_trustee_present,
+		},
+	};
+
+	uint32_t sd_sacl_good_access_masks[] = {
+		SEC_FLAG_MAXIMUM_ALLOWED | SEC_FLAG_SYSTEM_SECURITY,
+		/* SEC_FLAG_SYSTEM_SECURITY, */
+	};
+
+	sid = dom_sid_parse_talloc(tctx, TEST_SID);
+	if (sid == NULL) {
+		return false;
+	}
+
+	if (!test_BackupSecurity(p, tctx, handle, key, &sd_orig)) {
+		return false;
+	}
+
+	/* OWNER */
+
+	for (i=0; i < ARRAY_SIZE(sec_info_owner_tests); i++) {
+
+		for (a=0; a < ARRAY_SIZE(sd_owner_good_access_masks); a++) {
+
+			if (!test_SetSecurityDescriptor_SecInfo(p, tctx, handle,
+					key,
+					"OWNER",
+					sd_owner_good_access_masks[a],
+					sec_info_owner_tests[i].sec_info,
+					sec_info_owner_tests[i].sd,
+					sec_info_owner_tests[i].set_werr,
+					sec_info_owner_tests[i].sid_present,
+					sec_info_owner_tests[i].fn,
+					sid))
+			{
+				torture_comment(tctx, "test_SetSecurityDescriptor_SecInfo failed for OWNER\n");
+				ret = false;
+				goto out;
+			}
+		}
+	}
+
+	/* GROUP */
+
+	for (i=0; i < ARRAY_SIZE(sec_info_group_tests); i++) {
+
+		for (a=0; a < ARRAY_SIZE(sd_group_good_access_masks); a++) {
+
+			if (!test_SetSecurityDescriptor_SecInfo(p, tctx, handle,
+					key,
+					"GROUP",
+					sd_group_good_access_masks[a],
+					sec_info_group_tests[i].sec_info,
+					sec_info_group_tests[i].sd,
+					sec_info_group_tests[i].set_werr,
+					sec_info_group_tests[i].sid_present,
+					sec_info_group_tests[i].fn,
+					sid))
+			{
+				torture_comment(tctx, "test_SetSecurityDescriptor_SecInfo failed for GROUP\n");
+				ret = false;
+				goto out;
+			}
+		}
+	}
+
+	/* DACL */
+
+	for (i=0; i < ARRAY_SIZE(sec_info_dacl_tests); i++) {
+
+		for (a=0; a < ARRAY_SIZE(sd_dacl_good_access_masks); a++) {
+
+			if (!test_SetSecurityDescriptor_SecInfo(p, tctx, handle,
+					key,
+					"DACL",
+					sd_dacl_good_access_masks[a],
+					sec_info_dacl_tests[i].sec_info,
+					sec_info_dacl_tests[i].sd,
+					sec_info_dacl_tests[i].set_werr,
+					sec_info_dacl_tests[i].sid_present,
+					sec_info_dacl_tests[i].fn,
+					sid))
+			{
+				torture_comment(tctx, "test_SetSecurityDescriptor_SecInfo failed for DACL\n");
+				ret = false;
+				goto out;
+			}
+		}
+	}
+
+	/* SACL */
+
+	for (i=0; i < ARRAY_SIZE(sec_info_sacl_tests); i++) {
+
+		for (a=0; a < ARRAY_SIZE(sd_sacl_good_access_masks); a++) {
+
+			if (!test_SetSecurityDescriptor_SecInfo(p, tctx, handle,
+					key,
+					"SACL",
+					sd_sacl_good_access_masks[a],
+					sec_info_sacl_tests[i].sec_info,
+					sec_info_sacl_tests[i].sd,
+					sec_info_sacl_tests[i].set_werr,
+					sec_info_sacl_tests[i].sid_present,
+					sec_info_sacl_tests[i].fn,
+					sid))
+			{
+				torture_comment(tctx, "test_SetSecurityDescriptor_SecInfo failed for SACL\n");
+				ret = false;
+				goto out;
+			}
+		}
+	}
+
+ out:
+	test_RestoreSecurity(p, tctx, handle, key, sd_orig);
+
+	return ret;
+}
+
+static bool test_SecurityDescriptors(struct dcerpc_pipe *p,
+				     struct torture_context *tctx,
+				     struct policy_handle *handle,
+				     const char *key)
+{
+	bool ret = true;
+
+	if (!test_SecurityDescriptor(p, tctx, handle, key)) {
+		torture_comment(tctx, "test_SecurityDescriptor failed\n");
+		ret = false;
+	}
+
+	if (!test_SecurityDescriptorInheritance(p, tctx, handle, key)) {
+		torture_comment(tctx, "test_SecurityDescriptorInheritance failed\n");
+		ret = false;
+	}
+
+	if (!test_SecurityDescriptorBlockInheritance(p, tctx, handle, key)) {
+		torture_comment(tctx, "test_SecurityDescriptorBlockInheritance failed\n");
+		ret = false;
+	}
+
+	if (!test_SecurityDescriptorsSecInfo(p, tctx, handle, key)) {
+		torture_comment(tctx, "test_SecurityDescriptorsSecInfo failed\n");
+		ret = false;
+	}
+
+	if (!test_SecurityDescriptorsMasks(p, tctx, handle, key)) {
+		torture_comment(tctx, "test_SecurityDescriptorsMasks failed\n");
+		ret = false;
+	}
+
+	return ret;
+}
+
+static bool test_DeleteKey_opts(struct dcerpc_binding_handle *b,
+				struct torture_context *tctx,
+				struct policy_handle *handle,
+				const char *key,
+				WERROR expected_result)
+{
+	struct winreg_DeleteKey r;
+
+	torture_comment(tctx, "Testing DeleteKey(%s)\n", key);
+
+	r.in.handle = handle;
+	init_winreg_String(&r.in.key, key);
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_winreg_DeleteKey_r(b, tctx, &r),
+		"Delete Key failed");
+	torture_assert_werr_equal(tctx, r.out.result, expected_result,
+		"DeleteKey failed");
+
+	return true;
+}
+
+static bool test_DeleteKey(struct dcerpc_binding_handle *b,
+			   struct torture_context *tctx,
+			   struct policy_handle *handle, const char *key)
+{
+	return test_DeleteKey_opts(b, tctx, handle, key, WERR_OK);
+}
+
+static bool test_QueryInfoKey(struct dcerpc_binding_handle *b,
+			      struct torture_context *tctx,
+			      struct policy_handle *handle,
+			      char *kclass,
+			      uint32_t *pmax_valnamelen,
+			      uint32_t *pmax_valbufsize)
+{
+	struct winreg_QueryInfoKey r;
+	uint32_t num_subkeys, max_subkeylen, max_classlen,
+		num_values, max_valnamelen, max_valbufsize,
+		secdescsize;
+	NTTIME last_changed_time;
+
+	ZERO_STRUCT(r);
+	r.in.handle = handle;
+	r.out.num_subkeys = &num_subkeys;
+	r.out.max_subkeylen = &max_subkeylen;
+	r.out.max_classlen = &max_classlen;
+	r.out.num_values = &num_values;
+	r.out.max_valnamelen = &max_valnamelen;
+	r.out.max_valbufsize = &max_valbufsize;
+	r.out.secdescsize = &secdescsize;
+	r.out.last_changed_time = &last_changed_time;
+
+	r.out.classname = talloc(tctx, struct winreg_String);
+
+	r.in.classname = talloc(tctx, struct winreg_String);
+	init_winreg_String(r.in.classname, kclass);
+
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_winreg_QueryInfoKey_r(b, tctx, &r),
+				   "QueryInfoKey failed");
+
+	torture_assert_werr_ok(tctx, r.out.result, "QueryInfoKey failed");
+
+	if (pmax_valnamelen) {
+		*pmax_valnamelen = max_valnamelen;
+	}
+
+	if (pmax_valbufsize) {
+		*pmax_valbufsize = max_valbufsize;
+	}
+
+	return true;
+}
+
+static bool test_SetValue(struct dcerpc_binding_handle *b,
+			  struct torture_context *tctx,
+			  struct policy_handle *handle,
+			  const char *value_name,
+			  enum winreg_Type type,
+			  uint8_t *data,
+			  uint32_t size)
+{
+	struct winreg_SetValue r;
+	struct winreg_String name;
+
+	torture_comment(tctx, "Testing SetValue(%s), type: %s, offered: 0x%08x)\n",
+		value_name, str_regtype(type), size);
+
+	init_winreg_String(&name, value_name);
+
+	r.in.handle = handle;
+	r.in.name = name;
+	r.in.type = type;
+	r.in.data = data;
+	r.in.size = size;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_winreg_SetValue_r(b, tctx, &r),
+		"winreg_SetValue failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+		"winreg_SetValue failed");
+
+	return true;
+}
+
+static bool test_DeleteValue(struct dcerpc_binding_handle *b,
+			     struct torture_context *tctx,
+			     struct policy_handle *handle,
+			     const char *value_name)
+{
+	struct winreg_DeleteValue r;
+	struct winreg_String value;
+
+	torture_comment(tctx, "Testing DeleteValue(%s)\n", value_name);
+
+	init_winreg_String(&value, value_name);
+
+	r.in.handle = handle;
+	r.in.value = value;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_winreg_DeleteValue_r(b, tctx, &r),
+		"winreg_DeleteValue failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+		"winreg_DeleteValue failed");
+
+	return true;
+}
+
+static bool test_key(struct dcerpc_pipe *p, struct torture_context *tctx,
+		     struct policy_handle *handle, int depth,
+		     bool test_security);
+
+static bool test_EnumKey(struct dcerpc_pipe *p, struct torture_context *tctx,
+			 struct policy_handle *handle, int depth,
+			 bool test_security)
+{
+	struct winreg_EnumKey r;
+	struct winreg_StringBuf kclass, name;
+	NTSTATUS status;
+	NTTIME t = 0;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	kclass.name   = "";
+	kclass.size   = 1024;
+
+	ZERO_STRUCT(r);
+	r.in.handle = handle;
+	r.in.enum_index = 0;
+	r.in.name = &name;
+	r.in.keyclass = &kclass;
+	r.out.name = &name;
+	r.in.last_changed_time = &t;
+
+	do {
+		name.name   = NULL;
+		name.size   = 1024;
+
+		status = dcerpc_winreg_EnumKey_r(b, tctx, &r);
+
+		if (NT_STATUS_IS_OK(status) && W_ERROR_IS_OK(r.out.result)) {
+			struct policy_handle key_handle;
+
+			torture_comment(tctx, "EnumKey: %d: %s\n",
+					r.in.enum_index,
+					r.out.name->name);
+
+			if (!test_OpenKey(b, tctx, handle, r.out.name->name,
+					  &key_handle)) {
+			} else {
+				test_key(p, tctx, &key_handle,
+					 depth + 1, test_security);
+			}
+		}
+
+		r.in.enum_index++;
+
+	} while (NT_STATUS_IS_OK(status) && W_ERROR_IS_OK(r.out.result));
+
+	torture_assert_ntstatus_ok(tctx, status, "EnumKey failed");
+
+	if (!W_ERROR_IS_OK(r.out.result) &&
+		!W_ERROR_EQUAL(r.out.result, WERR_NO_MORE_ITEMS)) {
+		torture_fail(tctx, "EnumKey failed");
+	}
+
+	return true;
+}
+
+static bool test_QueryMultipleValues(struct dcerpc_binding_handle *b,
+				     struct torture_context *tctx,
+				     struct policy_handle *handle,
+				     const char *valuename)
+{
+	struct winreg_QueryMultipleValues r;
+	uint32_t bufsize=0;
+
+	ZERO_STRUCT(r);
+
+	r.in.key_handle = handle;
+	r.in.values_in = r.out.values_out = talloc_zero_array(tctx, struct QueryMultipleValue, 1);
+	r.in.values_in[0].ve_valuename = talloc(tctx, struct winreg_ValNameBuf);
+	r.in.values_in[0].ve_valuename->name = valuename;
+	/* size needs to be set manually for winreg_ValNameBuf */
+	r.in.values_in[0].ve_valuename->size = strlen_m_term(valuename)*2;
+
+	r.in.num_values = 1;
+	r.in.buffer_size = r.out.buffer_size = talloc(tctx, uint32_t);
+	*r.in.buffer_size = bufsize;
+	do {
+		*r.in.buffer_size = bufsize;
+		r.in.buffer = r.out.buffer = talloc_zero_array(tctx, uint8_t,
+							       *r.in.buffer_size);
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_winreg_QueryMultipleValues_r(b, tctx, &r),
+			"QueryMultipleValues failed");
+
+		talloc_free(r.in.buffer);
+		bufsize += 0x20;
+	} while (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA));
+
+	torture_assert_werr_ok(tctx, r.out.result, "QueryMultipleValues failed");
+
+	return true;
+}
+
+static bool test_QueryMultipleValues_full(struct dcerpc_binding_handle *b,
+					  struct torture_context *tctx,
+					  struct policy_handle *handle,
+					  uint32_t num_values,
+					  const char * const *valuenames,
+					  bool existing_value)
+{
+	struct winreg_QueryMultipleValues r;
+	uint32_t bufsize = 0;
+	int i;
+
+	torture_comment(tctx, "Testing QueryMultipleValues\n");
+
+	ZERO_STRUCT(r);
+
+	r.in.key_handle = handle;
+	r.in.values_in = r.out.values_out = talloc_zero_array(tctx, struct QueryMultipleValue, 0);
+	r.in.buffer_size = r.out.buffer_size = &bufsize;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_winreg_QueryMultipleValues_r(b, tctx, &r),
+		"QueryMultipleValues failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+		"QueryMultipleValues failed");
+
+	/* this test crashes w2k8 remote registry */
+#if 0
+	r.in.num_values = num_values;
+	r.in.values_in = r.out.values_out = talloc_zero_array(tctx, struct QueryMultipleValue, num_values);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_winreg_QueryMultipleValues_r(b, tctx, &r),
+		"QueryMultipleValues failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+		"QueryMultipleValues failed");
+#endif
+	r.in.num_values = num_values;
+	r.in.values_in = r.out.values_out = talloc_zero_array(tctx, struct QueryMultipleValue, num_values);
+	for (i=0; i < r.in.num_values; i++) {
+		r.in.values_in[i].ve_valuename = talloc_zero(tctx, struct winreg_ValNameBuf);
+		r.in.values_in[i].ve_valuename->name = talloc_strdup(tctx, valuenames[i]);
+		r.in.values_in[i].ve_valuename->size = strlen_m_term(r.in.values_in[i].ve_valuename->name)*2;
+	}
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_winreg_QueryMultipleValues_r(b, tctx, &r),
+		"QueryMultipleValues failed");
+	torture_assert_werr_equal(tctx, r.out.result, existing_value ? WERR_MORE_DATA : WERR_FILE_NOT_FOUND,
+		"QueryMultipleValues failed");
+
+	if (W_ERROR_EQUAL(r.out.result, WERR_FILE_NOT_FOUND)) {
+		return true;
+	}
+
+	if (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA)) {
+		*r.in.buffer_size = 0xff;
+		r.in.buffer = r.out.buffer = talloc_zero_array(tctx, uint8_t, *r.in.buffer_size);
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_winreg_QueryMultipleValues_r(b, tctx, &r),
+			"QueryMultipleValues failed");
+	}
+
+	torture_assert_werr_ok(tctx, r.out.result,
+		"QueryMultipleValues failed");
+
+	return true;
+}
+
+
+static bool test_QueryMultipleValues2_full(struct dcerpc_binding_handle *b,
+					   struct torture_context *tctx,
+					   struct policy_handle *handle,
+					   uint32_t num_values,
+					   const char * const *valuenames,
+					   bool existing_value)
+{
+	struct winreg_QueryMultipleValues2 r;
+	uint32_t offered = 0, needed;
+	int i;
+
+	torture_comment(tctx, "Testing QueryMultipleValues2\n");
+
+	ZERO_STRUCT(r);
+
+	r.in.key_handle = handle;
+	r.in.offered = &offered;
+	r.in.values_in = r.out.values_out = talloc_zero_array(tctx, struct QueryMultipleValue, 0);
+	r.out.needed = &needed;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_winreg_QueryMultipleValues2_r(b, tctx, &r),
+		"QueryMultipleValues2 failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+		"QueryMultipleValues2 failed");
+
+	/* this test crashes w2k8 remote registry */
+#if 0
+	r.in.num_values = num_values;
+	r.in.values_in = r.out.values_out = talloc_zero_array(tctx, struct QueryMultipleValue, num_values);
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_winreg_QueryMultipleValues2_r(b, tctx, &r),
+		"QueryMultipleValues2 failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+		"QueryMultipleValues2 failed");
+#endif
+	r.in.num_values = num_values;
+	r.in.values_in = r.out.values_out = talloc_zero_array(tctx, struct QueryMultipleValue, num_values);
+	for (i=0; i < r.in.num_values; i++) {
+		r.in.values_in[i].ve_valuename = talloc_zero(tctx, struct winreg_ValNameBuf);
+		r.in.values_in[i].ve_valuename->name = talloc_strdup(tctx, valuenames[i]);
+		r.in.values_in[i].ve_valuename->size = strlen_m_term(r.in.values_in[i].ve_valuename->name)*2;
+	}
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_winreg_QueryMultipleValues2_r(b, tctx, &r),
+		"QueryMultipleValues2 failed");
+	torture_assert_werr_equal(tctx, r.out.result, existing_value ? WERR_MORE_DATA : WERR_FILE_NOT_FOUND,
+		"QueryMultipleValues2 failed");
+
+	if (W_ERROR_EQUAL(r.out.result, WERR_FILE_NOT_FOUND)) {
+		return true;
+	}
+
+	if (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA)) {
+		*r.in.offered = *r.out.needed;
+		r.in.buffer = r.out.buffer = talloc_zero_array(tctx, uint8_t, *r.in.offered);
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_winreg_QueryMultipleValues2_r(b, tctx, &r),
+			"QueryMultipleValues2 failed");
+	}
+
+	torture_assert_werr_ok(tctx, r.out.result,
+		"QueryMultipleValues2 failed");
+
+	return true;
+}
+
+static bool test_QueryMultipleValues2(struct dcerpc_binding_handle *b,
+				      struct torture_context *tctx,
+				      struct policy_handle *handle,
+				      const char *valuename)
+{
+	struct winreg_QueryMultipleValues2 r;
+	uint32_t offered = 0, needed;
+
+	ZERO_STRUCT(r);
+
+	r.in.key_handle = handle;
+	r.in.values_in = r.out.values_out = talloc_zero_array(tctx, struct QueryMultipleValue, 1);
+	r.in.values_in[0].ve_valuename = talloc(tctx, struct winreg_ValNameBuf);
+	r.in.values_in[0].ve_valuename->name = valuename;
+	/* size needs to be set manually for winreg_ValNameBuf */
+	r.in.values_in[0].ve_valuename->size = strlen_m_term(valuename)*2;
+
+	r.in.num_values = 1;
+	r.in.offered = &offered;
+	r.out.needed = &needed;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_winreg_QueryMultipleValues2_r(b, tctx, &r),
+		"QueryMultipleValues2 failed");
+	if (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA)) {
+		*r.in.offered = *r.out.needed;
+		r.in.buffer = r.out.buffer = talloc_zero_array(tctx, uint8_t, *r.in.offered);
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_winreg_QueryMultipleValues2_r(b, tctx, &r),
+			"QueryMultipleValues2 failed");
+	}
+
+	torture_assert_werr_ok(tctx, r.out.result,
+		"QueryMultipleValues2 failed");
+
+	return true;
+}
+
+static bool test_QueryValue(struct dcerpc_binding_handle *b,
+			    struct torture_context *tctx,
+			    struct policy_handle *handle,
+			    const char *valuename)
+{
+	struct winreg_QueryValue r;
+	NTSTATUS status;
+	enum winreg_Type zero_type = 0;
+	uint32_t offered = 0xfff;
+	uint32_t zero = 0;
+
+	ZERO_STRUCT(r);
+	r.in.handle = handle;
+	r.in.data = NULL;
+	r.in.value_name = talloc_zero(tctx, struct winreg_String);
+	r.in.value_name->name = valuename;
+	r.in.type = &zero_type;
+	r.in.data_size = &offered;
+	r.in.data_length = &zero;
+
+	status = dcerpc_winreg_QueryValue_r(b, tctx, &r);
+	if (NT_STATUS_IS_ERR(status)) {
+		torture_fail(tctx, "QueryValue failed");
+	}
+
+	torture_assert_werr_ok(tctx, r.out.result, "QueryValue failed");
+
+	return true;
+}
+
+static bool test_QueryValue_full(struct dcerpc_binding_handle *b,
+				 struct torture_context *tctx,
+				 struct policy_handle *handle,
+				 const char *valuename,
+				 bool existing_value)
+{
+	struct winreg_QueryValue r;
+	struct winreg_String value_name;
+	enum winreg_Type type = REG_NONE;
+	uint32_t data_size = 0;
+	uint32_t real_data_size = 0;
+	uint32_t data_length = 0;
+	uint8_t *data = NULL;
+	WERROR expected_error = WERR_FILE_NOT_FOUND;
+	const char *errmsg_nonexisting = "expected WERR_FILE_NOT_FOUND for nonexisting value";
+
+	if (valuename == NULL) {
+		expected_error = WERR_INVALID_PARAMETER;
+		errmsg_nonexisting = "expected WERR_INVALID_PARAMETER for NULL valuename";
+	}
+
+	ZERO_STRUCT(r);
+
+	init_winreg_String(&value_name, NULL);
+
+	torture_comment(tctx, "Testing QueryValue(%s)\n", valuename);
+
+	r.in.handle = handle;
+	r.in.value_name = &value_name;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_winreg_QueryValue_r(b, tctx, &r), "QueryValue failed");
+	torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_PARAMETER,
+		"expected WERR_INVALID_PARAMETER for NULL winreg_String.name");
+
+	init_winreg_String(&value_name, valuename);
+	r.in.value_name = &value_name;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_winreg_QueryValue_r(b, tctx, &r),
+		"QueryValue failed");
+	torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_PARAMETER,
+		"expected WERR_INVALID_PARAMETER for missing type length and size");
+
+	r.in.type = &type;
+	r.out.type = &type;
+	torture_assert_ntstatus_ok(tctx, dcerpc_winreg_QueryValue_r(b, tctx, &r),
+		"QueryValue failed");
+	torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_PARAMETER,
+		"expected WERR_INVALID_PARAMETER for missing length and size");
+
+	r.in.data_length = &data_length;
+	r.out.data_length = &data_length;
+	torture_assert_ntstatus_ok(tctx, dcerpc_winreg_QueryValue_r(b, tctx, &r),
+		"QueryValue failed");
+	torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_PARAMETER,
+		"expected WERR_INVALID_PARAMETER for missing size");
+
+	r.in.data_size = &data_size;
+	r.out.data_size = &data_size;
+	torture_assert_ntstatus_ok(tctx, dcerpc_winreg_QueryValue_r(b, tctx, &r),
+		"QueryValue failed");
+	if (existing_value) {
+		torture_assert_werr_ok(tctx, r.out.result,
+			"QueryValue failed");
+	} else {
+		torture_assert_werr_equal(tctx, r.out.result, expected_error,
+			errmsg_nonexisting);
+	}
+
+	real_data_size = *r.out.data_size;
+
+	data = talloc_zero_array(tctx, uint8_t, 0);
+	r.in.data = data;
+	r.out.data = data;
+	*r.in.data_size = 0;
+	*r.out.data_size = 0;
+	torture_assert_ntstatus_ok(tctx, dcerpc_winreg_QueryValue_r(b, tctx, &r),
+		"QueryValue failed");
+	if (existing_value) {
+		torture_assert_werr_equal(tctx, r.out.result, WERR_MORE_DATA,
+			"expected WERR_MORE_DATA for query with too small buffer");
+	} else {
+		torture_assert_werr_equal(tctx, r.out.result, expected_error,
+			errmsg_nonexisting);
+	}
+
+	data = talloc_zero_array(tctx, uint8_t, real_data_size);
+	r.in.data = data;
+	r.out.data = data;
+	r.in.data_size = &real_data_size;
+	r.out.data_size = &real_data_size;
+	torture_assert_ntstatus_ok(tctx, dcerpc_winreg_QueryValue_r(b, tctx, &r),
+		"QueryValue failed");
+	if (existing_value) {
+		torture_assert_werr_ok(tctx, r.out.result,
+			"QueryValue failed");
+	} else {
+		torture_assert_werr_equal(tctx, r.out.result, expected_error,
+			errmsg_nonexisting);
+	}
+
+	return true;
+}
+
+static bool test_EnumValue_one(struct dcerpc_binding_handle *b,
+			       struct torture_context *tctx,
+			       struct policy_handle *handle,
+			       int max_valnamelen)
+{
+	struct winreg_EnumValue r;
+	bool ret = true;
+	DATA_BLOB blob;
+
+	blob = data_blob_string_const("data_1");
+	torture_assert_goto(tctx,
+		test_SetValue(b, tctx, handle, "v1", REG_BINARY, blob.data, blob.length),
+		ret, done,
+		"test_SetValue failed");
+
+	blob = data_blob_string_const("data_2");
+	torture_assert_goto(tctx,
+		test_SetValue(b, tctx, handle, "v2", REG_BINARY, blob.data, blob.length),
+		ret, done,
+		"test_SetValue failed");
+
+	ZERO_STRUCT(r);
+
+	r.in.handle = handle;
+	r.in.enum_index = 0;
+
+	do {
+		enum winreg_Type type = REG_NONE;
+		uint32_t size = 0, zero = 0;
+		struct winreg_ValNameBuf name;
+		char n = '\0';
+
+		r.in.name = &name;
+		r.in.type = &type;
+		r.in.length = &zero;
+		r.in.size = &size;
+		r.out.name = &name;
+		r.out.size = &size;
+
+		name.name = &n;
+		name.size = max_valnamelen + 2;
+		name.length = 0;
+
+		r.in.value = talloc_array(tctx, uint8_t, 0);
+		torture_assert(tctx, r.in.value, "nomem");
+
+		torture_assert_ntstatus_ok_goto(tctx,
+			dcerpc_winreg_EnumValue_r(b, tctx, &r),
+			ret, done,
+			"EnumValue failed");
+		if (W_ERROR_EQUAL(r.out.result, WERR_NO_MORE_ITEMS)) {
+			break;
+		}
+		torture_assert_werr_equal_goto(tctx,
+			r.out.result, WERR_MORE_DATA,
+			ret, done,
+			"unexpected return code");
+
+		*r.in.size = *r.out.size;
+		r.in.value = talloc_zero_array(tctx, uint8_t, *r.in.size);
+		torture_assert(tctx, r.in.value, "nomem");
+
+		torture_assert_ntstatus_ok_goto(tctx,
+			dcerpc_winreg_EnumValue_r(b, tctx, &r),
+			ret, done,
+			"EnumValue failed");
+		torture_assert_werr_ok_goto(tctx, r.out.result,
+			ret, done,
+			"unexpected return code");
+
+		r.in.enum_index++;
+
+	} while (W_ERROR_IS_OK(r.out.result));
+
+	torture_assert_werr_equal_goto(tctx, r.out.result, WERR_NO_MORE_ITEMS,
+		ret, done,
+		"EnumValue failed");
+ done:
+	test_DeleteValue(b, tctx, handle, "v1");
+	test_DeleteValue(b, tctx, handle, "v2");
+
+	return ret;
+}
+
+static bool test_EnumValue(struct dcerpc_binding_handle *b,
+			   struct torture_context *tctx,
+			   struct policy_handle *handle, int max_valnamelen,
+			   int max_valbufsize)
+{
+	struct winreg_EnumValue r;
+	enum winreg_Type type = 0;
+	uint32_t size = max_valbufsize, zero = 0;
+	bool ret = true;
+	uint8_t *data = NULL;
+	struct winreg_ValNameBuf name;
+	char n = '\0';
+
+	ZERO_STRUCT(r);
+	r.in.handle = handle;
+	r.in.enum_index = 0;
+	r.in.name = &name;
+	r.out.name = &name;
+	r.in.type = &type;
+	r.in.length = &zero;
+	r.in.size = &size;
+
+	do {
+		name.name = &n;
+		name.size = max_valnamelen + 2;
+		name.length = 0;
+
+		data = NULL;
+		if (size) {
+			data = talloc_array(tctx, uint8_t, size);
+		}
+		r.in.value = data;
+
+		torture_assert_ntstatus_ok(tctx,
+					   dcerpc_winreg_EnumValue_r(b, tctx, &r),
+					   "EnumValue failed");
+
+		if (W_ERROR_IS_OK(r.out.result)) {
+			ret &= test_QueryValue(b, tctx, handle,
+					       r.out.name->name);
+			ret &= test_QueryMultipleValues(b, tctx, handle,
+							r.out.name->name);
+			ret &= test_QueryMultipleValues2(b, tctx, handle,
+							 r.out.name->name);
+		}
+
+		talloc_free(data);
+
+		r.in.enum_index++;
+	} while (W_ERROR_IS_OK(r.out.result));
+
+	torture_assert_werr_equal(tctx, r.out.result, WERR_NO_MORE_ITEMS,
+				  "EnumValue failed");
+
+	return ret;
+}
+
+static bool test_AbortSystemShutdown(struct dcerpc_binding_handle *b,
+				     struct torture_context *tctx)
+{
+	struct winreg_AbortSystemShutdown r;
+	uint16_t server = 0x0;
+
+	ZERO_STRUCT(r);
+	r.in.server = &server;
+
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_winreg_AbortSystemShutdown_r(b, tctx, &r),
+				   "AbortSystemShutdown failed");
+
+	torture_assert_werr_ok(tctx, r.out.result,
+			       "AbortSystemShutdown failed");
+
+	return true;
+}
+
+static bool test_InitiateSystemShutdown(struct torture_context *tctx,
+					struct dcerpc_pipe *p)
+{
+	struct winreg_InitiateSystemShutdown r;
+	uint16_t hostname = 0x0;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	ZERO_STRUCT(r);
+	r.in.hostname = &hostname;
+	r.in.message = talloc(tctx, struct lsa_StringLarge);
+	init_lsa_StringLarge(r.in.message, "spottyfood");
+	r.in.force_apps = 1;
+	r.in.timeout = 30;
+	r.in.do_reboot = 1;
+
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_winreg_InitiateSystemShutdown_r(b, tctx, &r),
+				   "InitiateSystemShutdown failed");
+
+	torture_assert_werr_ok(tctx, r.out.result,
+			       "InitiateSystemShutdown failed");
+
+	return test_AbortSystemShutdown(b, tctx);
+}
+
+
+static bool test_InitiateSystemShutdownEx(struct torture_context *tctx,
+					  struct dcerpc_pipe *p)
+{
+	struct winreg_InitiateSystemShutdownEx r;
+	uint16_t hostname = 0x0;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	ZERO_STRUCT(r);
+	r.in.hostname = &hostname;
+	r.in.message = talloc(tctx, struct lsa_StringLarge);
+	init_lsa_StringLarge(r.in.message, "spottyfood");
+	r.in.force_apps = 1;
+	r.in.timeout = 30;
+	r.in.do_reboot = 1;
+	r.in.reason = 0;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_winreg_InitiateSystemShutdownEx_r(b, tctx, &r),
+		"InitiateSystemShutdownEx failed");
+
+	torture_assert_werr_ok(tctx, r.out.result,
+			       "InitiateSystemShutdownEx failed");
+
+	return test_AbortSystemShutdown(b, tctx);
+}
+#define MAX_DEPTH 2		/* Only go this far down the tree */
+
+static bool test_key(struct dcerpc_pipe *p, struct torture_context *tctx,
+		     struct policy_handle *handle, int depth,
+		     bool test_security)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	uint32_t max_valnamelen = 0;
+	uint32_t max_valbufsize = 0;
+
+	if (depth == MAX_DEPTH)
+		return true;
+
+	if (!test_QueryInfoKey(b, tctx, handle, NULL,
+			       &max_valnamelen, &max_valbufsize)) {
+	}
+
+	if (!test_NotifyChangeKeyValue(b, tctx, handle)) {
+	}
+
+	if (test_security && !test_GetKeySecurity(p, tctx, handle, NULL)) {
+	}
+
+	if (!test_EnumKey(p, tctx, handle, depth, test_security)) {
+	}
+
+	if (!test_EnumValue(b, tctx, handle, max_valnamelen, max_valbufsize)) {
+	}
+
+	if (!test_EnumValue(b, tctx, handle, max_valnamelen, 0xFFFF)) {
+	}
+
+	if (!test_EnumValue_one(b, tctx, handle, 0xff)) {
+		return false;
+	}
+
+	test_CloseKey(b, tctx, handle);
+
+	return true;
+}
+
+static bool test_SetValue_simple(struct dcerpc_binding_handle *b,
+				 struct torture_context *tctx,
+				 struct policy_handle *handle)
+{
+	const char *value_name = TEST_VALUE;
+	uint32_t value = 0x12345678;
+	uint64_t value2 = 0x12345678;
+	const char *string = "torture";
+	const char *array[2];
+	DATA_BLOB blob;
+	enum winreg_Type types[] = {
+		REG_DWORD,
+		REG_DWORD_BIG_ENDIAN,
+		REG_QWORD,
+		REG_BINARY,
+		REG_SZ,
+		REG_MULTI_SZ
+	};
+	int t;
+
+	array[0] = "array0";
+	array[1] = NULL;
+
+	torture_comment(tctx, "Testing SetValue (standard formats)\n");
+
+	for (t=0; t < ARRAY_SIZE(types); t++) {
+
+		enum winreg_Type w_type;
+		uint32_t w_size, w_length;
+		uint8_t *w_data;
+
+		switch (types[t]) {
+		case REG_DWORD:
+		case REG_DWORD_BIG_ENDIAN:
+			blob = data_blob_talloc_zero(tctx, 4);
+			SIVAL(blob.data, 0, value);
+			break;
+		case REG_QWORD:
+			blob = data_blob_talloc_zero(tctx, 8);
+			SBVAL(blob.data, 0, value2);
+			break;
+		case REG_BINARY:
+			blob = data_blob_string_const("binary_blob");
+			break;
+		case REG_SZ:
+			torture_assert(tctx, push_reg_sz(tctx, &blob, string), "failed to push REG_SZ");
+			break;
+		case REG_MULTI_SZ:
+			torture_assert(tctx, push_reg_multi_sz(tctx, &blob, array), "failed to push REG_MULTI_SZ");
+			break;
+		default:
+			break;
+		}
+
+		torture_assert(tctx,
+			test_SetValue(b, tctx, handle, value_name, types[t], blob.data, blob.length),
+			"test_SetValue failed");
+		torture_assert(tctx,
+			test_QueryValue_full(b, tctx, handle, value_name, true),
+			talloc_asprintf(tctx, "test_QueryValue_full for %s value failed", value_name));
+		torture_assert(tctx,
+			test_winreg_QueryValue(tctx, b, handle, value_name, &w_type, &w_size, &w_length, &w_data),
+			"test_winreg_QueryValue failed");
+		torture_assert(tctx,
+			test_DeleteValue(b, tctx, handle, value_name),
+			"test_DeleteValue failed");
+
+		torture_assert_int_equal(tctx, w_type, types[t], "winreg type mismatch");
+		torture_assert_int_equal(tctx, w_size, blob.length, "winreg size mismatch");
+		torture_assert_int_equal(tctx, w_length, blob.length, "winreg length mismatch");
+		torture_assert_mem_equal(tctx, w_data, blob.data, blob.length, "winreg buffer mismatch");
+	}
+
+	torture_comment(tctx, "Testing SetValue (standard formats) succeeded\n");
+
+	return true;
+}
+
+static bool test_SetValue_values(struct dcerpc_binding_handle *b,
+				 struct torture_context *tctx,
+				 struct policy_handle *handle)
+{
+	DATA_BLOB blob;
+	const char *values[] = {
+		"torture_value",
+		"torture value",
+		"torture,value",
+		"torture;value",
+		"torture/value",
+		"torture\\value",
+		"torture_value_name",
+		"torture value name",
+		"torture,value,name",
+		"torture;value;name",
+		"torture/value/name",
+		"torture\\value\\name",
+	};
+	int i;
+
+	torture_comment(tctx, "Testing SetValue (values)\n");
+
+	for (i=0; i < ARRAY_SIZE(values); i++) {
+
+		enum winreg_Type w_type;
+		uint32_t w_size, w_length;
+		uint8_t *w_data;
+
+		blob = data_blob_talloc(tctx, NULL, 32);
+
+		generate_random_buffer(blob.data, 32);
+
+		torture_assert(tctx,
+			test_SetValue(b, tctx, handle, values[i], REG_BINARY, blob.data, blob.length),
+			"test_SetValue failed");
+		torture_assert(tctx,
+			test_QueryValue_full(b, tctx, handle, values[i], true),
+			talloc_asprintf(tctx, "test_QueryValue_full for %s value failed", values[i]));
+		torture_assert(tctx,
+			test_winreg_QueryValue(tctx, b, handle, values[i], &w_type, &w_size, &w_length, &w_data),
+			"test_winreg_QueryValue failed");
+		torture_assert(tctx,
+			test_DeleteValue(b, tctx, handle, values[i]),
+			"test_DeleteValue failed");
+
+		torture_assert_int_equal(tctx, w_type, REG_BINARY, "winreg type mismatch");
+		torture_assert_int_equal(tctx, w_size, blob.length, "winreg size mismatch");
+		torture_assert_int_equal(tctx, w_length, blob.length, "winreg length mismatch");
+		torture_assert_mem_equal(tctx, w_data, blob.data, blob.length, "winreg buffer mismatch");
+	}
+
+	torture_comment(tctx, "Testing SetValue (values) succeeded\n");
+
+	return true;
+}
+
+typedef NTSTATUS (*winreg_open_fn)(struct dcerpc_binding_handle *, TALLOC_CTX *, void *);
+
+static bool test_SetValue_extended(struct dcerpc_binding_handle *b,
+				   struct torture_context *tctx,
+				   struct policy_handle *handle)
+{
+	const char *value_name = TEST_VALUE;
+	enum winreg_Type types[] = {
+		REG_NONE,
+		REG_SZ,
+		REG_EXPAND_SZ,
+		REG_BINARY,
+		REG_DWORD,
+		REG_DWORD_BIG_ENDIAN,
+		REG_LINK,
+		REG_MULTI_SZ,
+		REG_RESOURCE_LIST,
+		REG_FULL_RESOURCE_DESCRIPTOR,
+		REG_RESOURCE_REQUIREMENTS_LIST,
+		REG_QWORD,
+		12,
+		13,
+		14,
+		55,
+		123456,
+		653210,
+		__LINE__
+	};
+	int t, l;
+
+	if (torture_setting_bool(tctx, "samba4", false)) {
+		torture_skip(tctx, "skipping extended SetValue test against Samba4");
+	}
+
+	torture_comment(tctx, "Testing SetValue (extended formats)\n");
+
+	for (t=0; t < ARRAY_SIZE(types); t++) {
+	for (l=0; l < 16; l++) {
+
+		enum winreg_Type w_type;
+		uint32_t w_size, w_length;
+		uint8_t *w_data;
+
+		uint32_t size;
+		uint8_t *data;
+
+		size = l;
+		data = talloc_array(tctx, uint8_t, size);
+
+		generate_random_buffer(data, size);
+
+		torture_assert(tctx,
+			test_SetValue(b, tctx, handle, value_name, types[t], data, size),
+			"test_SetValue failed");
+
+		torture_assert(tctx,
+			test_winreg_QueryValue(tctx, b, handle, value_name, &w_type, &w_size, &w_length, &w_data),
+			"test_winreg_QueryValue failed");
+
+		torture_assert(tctx,
+			test_DeleteValue(b, tctx, handle, value_name),
+			"test_DeleteValue failed");
+
+		torture_assert_int_equal(tctx, w_type, types[t], "winreg type mismatch");
+		torture_assert_int_equal(tctx, w_size, size, "winreg size mismatch");
+		torture_assert_int_equal(tctx, w_length, size, "winreg length mismatch");
+		torture_assert_mem_equal(tctx, w_data, data, size, "winreg buffer mismatch");
+	}
+	}
+
+	torture_comment(tctx, "Testing SetValue (extended formats) succeeded\n");
+
+	return true;
+}
+
+static bool test_create_keynames(struct dcerpc_binding_handle *b,
+				 struct torture_context *tctx,
+				 struct policy_handle *handle)
+{
+	const char *keys[] = {
+		"torture_key",
+		"torture key",
+		"torture,key",
+		"torture/key",
+		"torture\\key",
+	};
+	int i;
+
+	for (i=0; i < ARRAY_SIZE(keys); i++) {
+
+		enum winreg_CreateAction action_taken;
+		struct policy_handle new_handle;
+		char *q, *tmp;
+
+		torture_assert(tctx,
+			test_CreateKey_opts(tctx, b, handle, keys[i], NULL,
+					    REG_OPTION_NON_VOLATILE,
+					    SEC_FLAG_MAXIMUM_ALLOWED,
+					    NULL,
+					    WERR_OK,
+					    &action_taken,
+					    &new_handle),
+			talloc_asprintf(tctx, "failed to create '%s' key", keys[i]));
+
+		torture_assert_int_equal(tctx, action_taken, REG_CREATED_NEW_KEY, "unexpected action");
+
+		torture_assert(tctx,
+			test_DeleteKey_opts(b, tctx, handle, keys[i], WERR_OK),
+			"failed to delete key");
+
+		torture_assert(tctx,
+			test_DeleteKey_opts(b, tctx, handle, keys[i], WERR_FILE_NOT_FOUND),
+			"failed 2nd delete key");
+
+		tmp = talloc_strdup(tctx, keys[i]);
+
+		q = strchr(tmp, '\\');
+		if (q != NULL) {
+			*q = '\0';
+			q++;
+
+			torture_assert(tctx,
+				test_DeleteKey_opts(b, tctx, handle, tmp, WERR_OK),
+				"failed to delete key");
+
+			torture_assert(tctx,
+				test_DeleteKey_opts(b, tctx, handle, tmp, WERR_FILE_NOT_FOUND),
+				"failed 2nd delete key");
+		}
+	}
+
+	return true;
+}
+
+#define KEY_CURRENT_VERSION "SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION"
+#define VALUE_CURRENT_VERSION "CurrentVersion"
+#define VALUE_SYSTEM_ROOT "SystemRoot"
+
+static const struct {
+	const char *values[3];
+	uint32_t num_values;
+	bool existing_value;
+	const char *error_message;
+} multiple_values_tests[] = {
+	{
+		.values = { VALUE_CURRENT_VERSION, NULL, NULL },
+		.num_values = 1,
+		.existing_value = true,
+		.error_message = NULL
+	},{
+		.values = { VALUE_SYSTEM_ROOT, NULL, NULL },
+		.num_values = 1,
+		.existing_value = true,
+		.error_message = NULL
+	},{
+		.values = { VALUE_CURRENT_VERSION, VALUE_SYSTEM_ROOT, NULL },
+		.num_values = 2,
+		.existing_value = true,
+		.error_message = NULL
+	},{
+		.values = { VALUE_CURRENT_VERSION, VALUE_SYSTEM_ROOT,
+			    VALUE_CURRENT_VERSION },
+		.num_values = 3,
+		.existing_value = true,
+		.error_message = NULL
+	},{
+		.values = { VALUE_CURRENT_VERSION, NULL, VALUE_SYSTEM_ROOT },
+		.num_values = 3,
+		.existing_value = false,
+		.error_message = NULL
+	},{
+		.values = { VALUE_CURRENT_VERSION, "", VALUE_SYSTEM_ROOT },
+		.num_values = 3,
+		.existing_value = false,
+		.error_message = NULL
+	},{
+		.values = { "IDoNotExist", NULL, NULL },
+		.num_values = 1,
+		.existing_value = false,
+		.error_message = NULL
+	},{
+		.values = { "IDoNotExist", VALUE_CURRENT_VERSION, NULL },
+		.num_values = 2,
+		.existing_value = false,
+		.error_message = NULL
+	},{
+		.values = { VALUE_CURRENT_VERSION, "IDoNotExist", NULL },
+		.num_values = 2,
+		.existing_value = false,
+		.error_message = NULL
+	}
+};
+
+static bool test_HKLM_wellknown(struct torture_context *tctx,
+				struct dcerpc_binding_handle *b,
+				struct policy_handle *handle)
+{
+	struct policy_handle newhandle;
+	int i;
+
+	/* FIXME: s3 does not support SEC_FLAG_MAXIMUM_ALLOWED yet */
+	if (torture_setting_bool(tctx, "samba3", false)) {
+		torture_assert(tctx, test_OpenKey_opts(tctx, b, handle,
+			       KEY_CURRENT_VERSION,
+			       REG_OPTION_NON_VOLATILE,
+			       KEY_QUERY_VALUE,
+			       &newhandle,
+			       WERR_OK),
+			"failed to open current version key");
+	} else {
+		torture_assert(tctx, test_OpenKey(b, tctx, handle, KEY_CURRENT_VERSION, &newhandle),
+			"failed to open current version key");
+	}
+
+	torture_assert(tctx, test_QueryValue_full(b, tctx, &newhandle, VALUE_CURRENT_VERSION, true),
+		"failed to query current version");
+	torture_assert(tctx, test_QueryValue_full(b, tctx, &newhandle, "IDoNotExist", false),
+		"succeeded to query nonexistent value");
+	torture_assert(tctx, test_QueryValue_full(b, tctx, &newhandle, NULL, false),
+		"succeeded to query value with NULL name");
+	torture_assert(tctx, test_QueryValue_full(b, tctx, &newhandle, "", false),
+		"succeeded to query nonexistent default value (\"\")");
+
+	if (torture_setting_bool(tctx, "samba4", false)) {
+		torture_comment(tctx, "skipping QueryMultipleValues{2} tests against Samba4\n");
+		goto close_key;
+	}
+
+	for (i=0; i < ARRAY_SIZE(multiple_values_tests); i++) {
+		const char *msg;
+		msg = talloc_asprintf(tctx,
+				"failed to query %d %sexisting values\n",
+					multiple_values_tests[i].num_values,
+					multiple_values_tests[i].existing_value ? "":"non");
+
+		torture_assert(tctx,
+			test_QueryMultipleValues_full(b, tctx, &newhandle,
+						      multiple_values_tests[i].num_values,
+						      multiple_values_tests[i].values,
+						      multiple_values_tests[i].existing_value),
+			msg);
+		torture_assert(tctx,
+			test_QueryMultipleValues2_full(b, tctx, &newhandle,
+						       multiple_values_tests[i].num_values,
+						       multiple_values_tests[i].values,
+						       multiple_values_tests[i].existing_value),
+			msg);
+	}
+
+ close_key:
+	torture_assert(tctx, test_CloseKey(b, tctx, &newhandle),
+		"failed to close current version key");
+
+	return true;
+}
+
+static bool test_OpenHive(struct torture_context *tctx,
+			  struct dcerpc_binding_handle *b,
+			  struct policy_handle *handle,
+			  int hkey)
+{
+	struct winreg_OpenHKLM r;
+
+	r.in.system_name = 0;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.handle = handle;
+
+	switch (hkey) {
+	case HKEY_LOCAL_MACHINE:
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_winreg_OpenHKLM_r(b, tctx, &r),
+			"failed to open HKLM");
+		torture_assert_werr_ok(tctx, r.out.result,
+			"failed to open HKLM");
+		break;
+	case HKEY_CURRENT_USER:
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_winreg_OpenHKCU_r(b, tctx, (struct winreg_OpenHKCU *)(void *)&r),
+			"failed to open HKCU");
+		torture_assert_werr_ok(tctx, r.out.result,
+			"failed to open HKCU");
+		break;
+	case HKEY_USERS:
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_winreg_OpenHKU_r(b, tctx, (struct winreg_OpenHKU *)(void *)&r),
+			"failed to open HKU");
+		torture_assert_werr_ok(tctx, r.out.result,
+			"failed to open HKU");
+		break;
+	case HKEY_CLASSES_ROOT:
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_winreg_OpenHKCR_r(b, tctx, (struct winreg_OpenHKCR *)(void *)&r),
+			"failed to open HKCR");
+		torture_assert_werr_ok(tctx, r.out.result,
+			"failed to open HKCR");
+		break;
+	default:
+		torture_warning(tctx, "unsupported hkey: 0x%08x\n", hkey);
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_volatile_keys(struct torture_context *tctx,
+			       struct dcerpc_binding_handle *b,
+			       struct policy_handle *handle,
+			       int hkey)
+{
+	struct policy_handle new_handle, hive_handle;
+	enum winreg_CreateAction action_taken = REG_ACTION_NONE;
+
+	ZERO_STRUCT(new_handle);
+	ZERO_STRUCT(hive_handle);
+
+	torture_comment(tctx, "Testing VOLATILE key\n");
+
+	test_DeleteKey(b, tctx, handle, TEST_KEY_VOLATILE);
+
+	torture_assert(tctx,
+		test_CreateKey_opts(tctx, b, handle, TEST_KEY_VOLATILE, NULL,
+				    REG_OPTION_VOLATILE,
+				    SEC_FLAG_MAXIMUM_ALLOWED,
+				    NULL,
+				    WERR_OK,
+				    &action_taken,
+				    &new_handle),
+		"failed to create REG_OPTION_VOLATILE type key");
+
+	torture_assert_int_equal(tctx, action_taken, REG_CREATED_NEW_KEY, "unexpected action");
+
+	torture_assert(tctx,
+		test_CreateKey_opts(tctx, b, &new_handle, TEST_SUBKEY_VOLATILE, NULL,
+				    REG_OPTION_NON_VOLATILE,
+				    SEC_FLAG_MAXIMUM_ALLOWED,
+				    NULL,
+				    WERR_CHILD_MUST_BE_VOLATILE,
+				    NULL,
+				    NULL),
+		"failed to fail create REG_OPTION_VOLATILE type key");
+
+	torture_assert(tctx,
+		test_CloseKey(b, tctx, &new_handle),
+		"failed to close");
+
+	torture_assert(tctx,
+		test_OpenKey_opts(tctx, b, handle, TEST_KEY_VOLATILE,
+				  REG_OPTION_NON_VOLATILE,
+				  SEC_FLAG_MAXIMUM_ALLOWED,
+				  &new_handle,
+				  WERR_OK),
+		"failed to open volatile key");
+
+	torture_assert(tctx,
+		test_DeleteKey(b, tctx, handle, TEST_KEY_VOLATILE),
+		"failed to delete key");
+
+	torture_assert(tctx,
+		test_CreateKey_opts(tctx, b, handle, TEST_KEY_VOLATILE, NULL,
+				    REG_OPTION_VOLATILE,
+				    SEC_FLAG_MAXIMUM_ALLOWED,
+				    NULL,
+				    WERR_OK,
+				    &action_taken,
+				    &new_handle),
+		"failed to create REG_OPTION_VOLATILE type key");
+
+	torture_assert_int_equal(tctx, action_taken, REG_CREATED_NEW_KEY, "unexpected action");
+
+	torture_assert(tctx,
+		test_CloseKey(b, tctx, &new_handle),
+		"failed to close");
+
+	torture_assert(tctx,
+		test_OpenKey_opts(tctx, b, handle, TEST_KEY_VOLATILE,
+				  REG_OPTION_VOLATILE,
+				  SEC_FLAG_MAXIMUM_ALLOWED,
+				  &new_handle,
+				  WERR_OK),
+		"failed to open volatile key");
+
+	torture_assert(tctx,
+		test_CloseKey(b, tctx, &new_handle),
+		"failed to close");
+
+	torture_assert(tctx,
+		test_OpenHive(tctx, b, &hive_handle, hkey),
+		"failed top open hive");
+
+	torture_assert(tctx,
+		test_OpenKey_opts(tctx, b, &hive_handle, TEST_KEY_VOLATILE,
+				  REG_OPTION_VOLATILE,
+				  SEC_FLAG_MAXIMUM_ALLOWED,
+				  &new_handle,
+				  WERR_FILE_NOT_FOUND),
+		"failed to open volatile key");
+
+	torture_assert(tctx,
+		test_OpenKey_opts(tctx, b, &hive_handle, TEST_KEY_VOLATILE,
+				  REG_OPTION_NON_VOLATILE,
+				  SEC_FLAG_MAXIMUM_ALLOWED,
+				  &new_handle,
+				  WERR_FILE_NOT_FOUND),
+		"failed to open volatile key");
+
+	torture_assert(tctx,
+		test_CloseKey(b, tctx, &hive_handle),
+		"failed to close");
+
+	torture_assert(tctx,
+		test_DeleteKey(b, tctx, handle, TEST_KEY_VOLATILE),
+		"failed to delete key");
+
+
+	torture_comment(tctx, "Testing VOLATILE key succeeded\n");
+
+	return true;
+}
+
+static const char *kernel_mode_registry_path(struct torture_context *tctx,
+					     int hkey,
+					     const char *sid_string,
+					     const char *path)
+{
+	switch (hkey) {
+	case HKEY_LOCAL_MACHINE:
+		return talloc_asprintf(tctx, "\\Registry\\MACHINE\\%s", path);
+	case HKEY_CURRENT_USER:
+		return talloc_asprintf(tctx, "\\Registry\\USER\\%s\\%s", sid_string, path);
+	case HKEY_USERS:
+		return talloc_asprintf(tctx, "\\Registry\\USER\\%s", path);
+	case HKEY_CLASSES_ROOT:
+		return talloc_asprintf(tctx, "\\Registry\\MACHINE\\Software\\Classes\\%s", path);
+	default:
+		torture_warning(tctx, "unsupported hkey: 0x%08x\n", hkey);
+		return NULL;
+	}
+}
+
+static bool test_symlink_keys(struct torture_context *tctx,
+			      struct dcerpc_binding_handle *b,
+			      struct policy_handle *handle,
+			      const char *key,
+			      int hkey)
+{
+	struct policy_handle new_handle;
+	enum winreg_CreateAction action_taken;
+	DATA_BLOB blob;
+	uint32_t value = 42;
+	const char *test_key_symlink_dest;
+	const char *test_key_symlink;
+	const char *kernel_mode_path;
+
+	/* disable until we know how to delete a symbolic link */
+	torture_skip(tctx, "symlink test disabled");
+
+	torture_comment(tctx, "Testing REG_OPTION_CREATE_LINK key\n");
+
+	/* create destination key with testvalue */
+	test_key_symlink = talloc_asprintf(tctx, "%s\\%s",
+			key, TEST_KEY_SYMLINK);
+	test_key_symlink_dest = talloc_asprintf(tctx, "%s\\%s",
+			key, TEST_KEY_SYMLINK_DEST);
+
+	test_DeleteKey(b, tctx, handle, test_key_symlink);
+
+	torture_assert(tctx,
+		test_CreateKey_opts(tctx, b, handle, test_key_symlink_dest, NULL,
+				    0,
+				    SEC_FLAG_MAXIMUM_ALLOWED,
+				    NULL,
+				    WERR_OK,
+				    &action_taken,
+				    &new_handle),
+		"failed to create symlink destination");
+
+	blob = data_blob_talloc_zero(tctx, 4);
+	SIVAL(blob.data, 0, value);
+
+	torture_assert(tctx,
+		test_SetValue(b, tctx, &new_handle, "TestValue", REG_DWORD, blob.data, blob.length),
+		"failed to create TestValue");
+
+	torture_assert(tctx,
+		test_CloseKey(b, tctx, &new_handle),
+		"failed to close");
+
+	/* create symlink */
+
+	torture_assert(tctx,
+		test_CreateKey_opts(tctx, b, handle, test_key_symlink, NULL,
+				    REG_OPTION_CREATE_LINK | REG_OPTION_VOLATILE,
+				    SEC_FLAG_MAXIMUM_ALLOWED,
+				    NULL,
+				    WERR_OK,
+				    &action_taken,
+				    &new_handle),
+		"failed to create REG_OPTION_CREATE_LINK type key");
+
+	torture_assert_int_equal(tctx, action_taken, REG_CREATED_NEW_KEY, "unexpected action");
+
+	kernel_mode_path = kernel_mode_registry_path(tctx, hkey, NULL, test_key_symlink_dest);
+
+	torture_assert(tctx,
+		convert_string_talloc(tctx, CH_UNIX, CH_UTF16,
+				      kernel_mode_path,
+				      strlen(kernel_mode_path), /* not NULL terminated */
+				      &blob.data, &blob.length),
+		"failed to convert");
+
+	torture_assert(tctx,
+		test_SetValue(b, tctx, &new_handle, "SymbolicLinkValue", REG_LINK, blob.data, blob.length),
+		"failed to create SymbolicLinkValue value");
+
+	torture_assert(tctx,
+		test_CloseKey(b, tctx, &new_handle),
+		"failed to close");
+
+	/* test follow symlink */
+
+	torture_assert(tctx,
+		test_OpenKey_opts(tctx, b, handle, test_key_symlink,
+				  0,
+				  SEC_FLAG_MAXIMUM_ALLOWED,
+				  &new_handle,
+				  WERR_OK),
+		"failed to follow symlink key");
+
+	torture_assert(tctx,
+		test_QueryValue(b, tctx, &new_handle, "TestValue"),
+		"failed to query value");
+
+	torture_assert(tctx,
+		test_CloseKey(b, tctx, &new_handle),
+		"failed to close");
+
+	/* delete link */
+
+	torture_assert(tctx,
+		test_OpenKey_opts(tctx, b, handle, test_key_symlink,
+				  REG_OPTION_OPEN_LINK | REG_OPTION_VOLATILE,
+				  SEC_FLAG_MAXIMUM_ALLOWED,
+				  &new_handle,
+				  WERR_OK),
+		"failed to open symlink key");
+
+	torture_assert(tctx,
+		test_DeleteValue(b, tctx, &new_handle, "SymbolicLinkValue"),
+		"failed to delete value SymbolicLinkValue");
+
+	torture_assert(tctx,
+		test_CloseKey(b, tctx, &new_handle),
+		"failed to close");
+
+	torture_assert(tctx,
+		test_DeleteKey(b, tctx, handle, test_key_symlink),
+		"failed to delete key");
+
+	/* delete destination */
+
+	torture_assert(tctx,
+		test_DeleteKey(b, tctx, handle, test_key_symlink_dest),
+		"failed to delete key");
+
+	return true;
+}
+
+static bool test_CreateKey_keytypes(struct torture_context *tctx,
+				    struct dcerpc_binding_handle *b,
+				    struct policy_handle *handle,
+				    const char *key,
+				    int hkey)
+{
+
+	if (torture_setting_bool(tctx, "samba3", false) ||
+	    torture_setting_bool(tctx, "samba4", false)) {
+		torture_skip(tctx, "skipping CreateKey keytypes test against Samba");
+	}
+
+	torture_assert(tctx,
+		test_volatile_keys(tctx, b, handle, hkey),
+		"failed to test volatile keys");
+
+	torture_assert(tctx,
+		test_symlink_keys(tctx, b, handle, key, hkey),
+		"failed to test symlink keys");
+
+	return true;
+}
+
+static bool test_key_base(struct torture_context *tctx,
+			  struct dcerpc_binding_handle *b,
+			  struct policy_handle *handle,
+			  const char *base_key,
+			  int hkey)
+{
+	struct policy_handle newhandle;
+	bool ret = true, created = false, deleted = false;
+	bool created3 = false;
+	const char *test_key1;
+	const char *test_key3;
+	const char *test_subkey;
+
+	test_Cleanup(b, tctx, handle, base_key);
+
+	if (!test_CreateKey(b, tctx, handle, base_key, NULL)) {
+		torture_comment(tctx,
+				"CreateKey(%s) failed\n", base_key);
+	}
+
+	test_key1 = talloc_asprintf(tctx, "%s\\%s", base_key, TEST_KEY1);
+
+	if (!test_CreateKey(b, tctx, handle, test_key1, NULL)) {
+		torture_comment(tctx,
+				"CreateKey failed - not considering a failure\n");
+	} else {
+		created = true;
+	}
+
+	if (created) {
+		if (!test_FlushKey(b, tctx, handle)) {
+			torture_comment(tctx, "FlushKey failed\n");
+			ret = false;
+		}
+
+		if (!test_OpenKey(b, tctx, handle, test_key1, &newhandle)) {
+			torture_fail(tctx,
+				     "CreateKey failed (OpenKey after Create didn't work)\n");
+		}
+
+		if (hkey == HKEY_CURRENT_USER) {
+			torture_assert(tctx, test_SetValue_simple(b, tctx, &newhandle),
+				"simple SetValue test failed");
+			torture_assert(tctx, test_SetValue_values(b, tctx, &newhandle),
+				"values SetValue test failed");
+			torture_assert(tctx, test_SetValue_extended(b, tctx, &newhandle),
+				"extended SetValue test failed");
+			torture_assert(tctx, test_create_keynames(b, tctx, &newhandle),
+				"keyname CreateKey test failed");
+		} else {
+			torture_assert(tctx, test_CreateKey_keytypes(tctx, b, &newhandle, test_key1, hkey),
+				"keytype test failed");
+			torture_assert(tctx, test_EnumValue_one(b, tctx, &newhandle, 0xff),
+				"simple EnumValue test failed");
+		}
+
+		if (!test_CloseKey(b, tctx, &newhandle)) {
+			torture_fail(tctx,
+				     "CreateKey failed (CloseKey after Open didn't work)\n");
+		}
+
+		if (!test_DeleteKey(b, tctx, handle, test_key1)) {
+			torture_comment(tctx, "DeleteKey(%s) failed\n",
+					      test_key1);
+			ret = false;
+		} else {
+			deleted = true;
+		}
+
+		if (!test_FlushKey(b, tctx, handle)) {
+			torture_comment(tctx, "FlushKey failed\n");
+			ret = false;
+		}
+
+		if (deleted) {
+			if (!test_OpenKey_opts(tctx, b, handle, test_key1,
+					       REG_OPTION_NON_VOLATILE,
+					       SEC_FLAG_MAXIMUM_ALLOWED,
+					       &newhandle,
+					       WERR_FILE_NOT_FOUND)) {
+				torture_comment(tctx,
+						"DeleteKey failed (OpenKey after Delete "
+						"did not return WERR_FILE_NOT_FOUND)\n");
+				ret = false;
+			}
+		}
+
+		test_key3 = talloc_asprintf(tctx, "%s\\%s", base_key, TEST_KEY3);
+
+		if (test_CreateKey(b, tctx, handle, test_key3, NULL)) {
+			created3 = true;
+		}
+
+		test_subkey = talloc_asprintf(tctx, "%s\\%s", test_key3, TEST_SUBKEY);
+
+		if (created3) {
+			if (test_CreateKey(b, tctx, handle, test_subkey, NULL)) {
+				if (!test_DeleteKey(b, tctx, handle, test_subkey)) {
+					torture_comment(tctx, "DeleteKey(%s) failed\n", test_subkey);
+					ret = false;
+				}
+			}
+
+			if (!test_DeleteKey(b, tctx, handle, test_key3)) {
+				torture_comment(tctx, "DeleteKey(%s) failed\n", test_key3);
+				ret = false;
+			}
+		}
+	}
+
+	test_Cleanup(b, tctx, handle, base_key);
+
+	return ret;
+}
+
+static bool test_key_base_sd(struct torture_context *tctx,
+			     struct dcerpc_pipe *p,
+			     struct policy_handle *handle,
+			     const char *base_key)
+{
+	struct policy_handle newhandle;
+	bool ret = true, created2 = false, created4 = false;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	const char *test_key2;
+	const char *test_key4;
+
+	torture_skip(tctx, "security descriptor test disabled\n");
+
+	if (torture_setting_bool(tctx, "samba3", false) ||
+	    torture_setting_bool(tctx, "samba4", false)) {
+		torture_skip(tctx, "skipping security descriptor tests against Samba");
+	}
+
+	test_Cleanup(b, tctx, handle, base_key);
+
+	if (!test_CreateKey(b, tctx, handle, base_key, NULL)) {
+		torture_comment(tctx,
+				"CreateKey(%s) failed\n", base_key);
+	}
+
+	test_key2 = talloc_asprintf(tctx, "%s\\%s", base_key, TEST_KEY2);
+
+	if (test_CreateKey_sd(b, tctx, handle, test_key2,
+			      NULL, &newhandle)) {
+		created2 = true;
+	}
+
+	if (created2 && !test_CloseKey(b, tctx, &newhandle)) {
+		torture_comment(tctx, "CloseKey failed\n");
+		ret = false;
+	}
+
+	test_key4 = talloc_asprintf(tctx, "%s\\%s", base_key, TEST_KEY4);
+
+	if (test_CreateKey_sd(b, tctx, handle, test_key4, NULL, &newhandle)) {
+		created4 = true;
+	}
+
+	if (created4 && !test_CloseKey(b, tctx, &newhandle)) {
+		torture_comment(tctx, "CloseKey failed\n");
+		ret = false;
+	}
+
+	if (created4 && !test_SecurityDescriptors(p, tctx, handle, test_key4)) {
+		ret = false;
+	}
+
+	if (created4 && !test_DeleteKey(b, tctx, handle, test_key4)) {
+		torture_comment(tctx, "DeleteKey(%s) failed\n", test_key4);
+		ret = false;
+	}
+
+	if (created2 && !test_DeleteKey(b, tctx, handle, test_key4)) {
+		torture_comment(tctx, "DeleteKey(%s) failed\n", test_key4);
+		ret = false;
+	}
+
+	test_Cleanup(b, tctx, handle, base_key);
+
+	return ret;
+}
+
+static bool test_Open(struct torture_context *tctx, struct dcerpc_pipe *p,
+		      void *userdata)
+{
+	struct policy_handle handle;
+	bool ret = true;
+	struct winreg_OpenHKLM r;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	const char *torture_base_key;
+	int hkey = 0;
+
+	winreg_open_fn open_fn = (winreg_open_fn)userdata;
+
+	r.in.system_name = 0;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.handle = &handle;
+
+	torture_assert_ntstatus_ok(tctx, open_fn(b, tctx, &r),
+				   "open");
+
+	if (!test_GetVersion(b, tctx, &handle)) {
+		torture_comment(tctx, "GetVersion failed\n");
+		ret = false;
+	}
+
+	if (open_fn == (winreg_open_fn)dcerpc_winreg_OpenHKLM_r) {
+		hkey = HKEY_LOCAL_MACHINE;
+		torture_base_key = "SOFTWARE\\Samba\\" TEST_KEY_BASE;
+	} else if (open_fn == (winreg_open_fn)dcerpc_winreg_OpenHKU_r) {
+		hkey = HKEY_USERS;
+		torture_base_key = TEST_KEY_BASE;
+	} else if (open_fn == (winreg_open_fn)dcerpc_winreg_OpenHKCR_r) {
+		hkey = HKEY_CLASSES_ROOT;
+		torture_base_key = TEST_KEY_BASE;
+	} else if (open_fn == (winreg_open_fn)dcerpc_winreg_OpenHKCU_r) {
+		hkey = HKEY_CURRENT_USER;
+		torture_base_key = TEST_KEY_BASE;
+	} else {
+		torture_fail(tctx, "unsupported hkey");
+	}
+
+	if (hkey == HKEY_LOCAL_MACHINE) {
+		torture_assert(tctx,
+			test_HKLM_wellknown(tctx, b, &handle),
+			"failed to test HKLM wellknown keys");
+	}
+
+	if (!test_key_base(tctx, b, &handle, torture_base_key, hkey)) {
+		torture_warning(tctx, "failed to test TEST_KEY_BASE(%s)",
+				torture_base_key);
+		ret = false;
+	}
+
+	if (!test_key_base_sd(tctx, p, &handle, torture_base_key)) {
+		torture_warning(tctx, "failed to test TEST_KEY_BASE(%s) sd",
+				torture_base_key);
+		ret = false;
+	}
+
+	/* The HKCR hive has a very large fanout */
+	if (hkey == HKEY_CLASSES_ROOT) {
+		if(!test_key(p, tctx, &handle, MAX_DEPTH - 1, false)) {
+			ret = false;
+		}
+	} else if (hkey == HKEY_LOCAL_MACHINE) {
+		/* FIXME we are not allowed to enum values in the HKLM root */
+	} else {
+		if (!test_key(p, tctx, &handle, 0, false)) {
+			ret = false;
+		}
+	}
+
+	return ret;
+}
+
+struct torture_suite *torture_rpc_winreg(TALLOC_CTX *mem_ctx)
+{
+	struct torture_rpc_tcase *tcase;
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "winreg");
+	struct torture_test *test;
+
+	tcase = torture_suite_add_rpc_iface_tcase(suite, "winreg",
+						  &ndr_table_winreg);
+
+	test = torture_rpc_tcase_add_test(tcase, "InitiateSystemShutdown",
+					  test_InitiateSystemShutdown);
+	test->dangerous = true;
+
+	test = torture_rpc_tcase_add_test(tcase, "InitiateSystemShutdownEx",
+					  test_InitiateSystemShutdownEx);
+	test->dangerous = true;
+
+	torture_rpc_tcase_add_test_ex(tcase, "HKLM",
+				      test_Open,
+				      (void *)dcerpc_winreg_OpenHKLM_r);
+	torture_rpc_tcase_add_test_ex(tcase, "HKU",
+				      test_Open,
+				      (void *)dcerpc_winreg_OpenHKU_r);
+	torture_rpc_tcase_add_test_ex(tcase, "HKCR",
+				      test_Open,
+				      (void *)dcerpc_winreg_OpenHKCR_r);
+	torture_rpc_tcase_add_test_ex(tcase, "HKCU",
+				      test_Open,
+				      (void *)dcerpc_winreg_OpenHKCU_r);
+
+	return suite;
+}
diff --git a/source4/torture/rpc/witness.c b/source4/torture/rpc/witness.c
new file mode 100644
index 0000000..602e8ca
--- /dev/null
+++ b/source4/torture/rpc/witness.c
@@ -0,0 +1,911 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for rpc witness operations
+
+   Copyright (C) Guenther Deschner 2015
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "torture/rpc/torture_rpc.h"
+#include "librpc/gen_ndr/ndr_witness_c.h"
+#include "librpc/gen_ndr/ndr_srvsvc_c.h"
+#include "librpc/gen_ndr/ndr_clusapi_c.h"
+#include "param/param.h"
+#include <tevent.h>
+#include "lib/cmdline/cmdline.h"
+
+struct torture_test_clusapi_state {
+	struct dcerpc_pipe *p;
+};
+
+struct torture_test_witness_state {
+	const char *net_name;
+	const char *share_name;
+	struct witness_interfaceList *list;
+	struct policy_handle context_handle;
+	struct torture_test_clusapi_state clusapi;
+};
+
+static bool test_witness_GetInterfaceList(struct torture_context *tctx,
+					  struct dcerpc_pipe *p,
+					  void *data)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct witness_GetInterfaceList r;
+	struct witness_interfaceList *l;
+	struct torture_test_witness_state *state =
+		(struct torture_test_witness_state *)data;
+
+	r.out.interface_list = &l;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_witness_GetInterfaceList_r(b, tctx, &r),
+		"GetInterfaceList failed");
+
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"GetInterfaceList failed");
+
+	state->list = l;
+
+	return true;
+}
+
+static bool find_sofs_share(struct torture_context *tctx,
+			    const char **sofs_sharename)
+{
+	struct dcerpc_pipe *p;
+	struct dcerpc_binding_handle *b;
+	struct srvsvc_NetShareEnumAll r;
+	struct srvsvc_NetShareInfoCtr info_ctr;
+	struct srvsvc_NetShareCtr1 ctr1;
+	uint32_t resume_handle = 0;
+	uint32_t totalentries = 0;
+	int i;
+
+	torture_assert_ntstatus_ok(tctx,
+		torture_rpc_connection_transport(tctx, &p, &ndr_table_srvsvc,
+						 NCACN_NP, 0, 0),
+		"failed to setup srvsvc connection");
+
+	b = p->binding_handle;
+
+	ZERO_STRUCT(ctr1);
+
+	info_ctr.level = 1;
+	info_ctr.ctr.ctr1 = &ctr1;
+
+	r.in.server_unc = dcerpc_server_name(p);
+	r.in.max_buffer = -1;
+	r.in.info_ctr = &info_ctr;
+	r.in.resume_handle = &resume_handle;
+	r.out.totalentries = &totalentries;
+	r.out.info_ctr = &info_ctr;
+	r.out.resume_handle = &resume_handle;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_srvsvc_NetShareEnumAll_r(b, tctx, &r),
+		"failed to call srvsvc_NetShareEnumAll");
+
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"failed to call srvsvc_NetShareEnumAll");
+
+	for (i=0; i < r.out.info_ctr->ctr.ctr1->count; i++) {
+
+		if (r.out.info_ctr->ctr.ctr1->array[i].type == STYPE_CLUSTER_SOFS) {
+			*sofs_sharename = talloc_strdup(tctx, r.out.info_ctr->ctr.ctr1->array[i].name);
+			if (*sofs_sharename == NULL) {
+				return false;
+			}
+			torture_comment(tctx, "using SOFS share: %s\n", *sofs_sharename);
+			return true;
+		}
+		if (r.out.info_ctr->ctr.ctr1->array[i].type == STYPE_DISKTREE) {
+			*sofs_sharename = talloc_strdup(tctx, r.out.info_ctr->ctr.ctr1->array[i].name);
+			if (*sofs_sharename == NULL) {
+				return false;
+			}
+			torture_comment(tctx, "assuming SOFS share: %s\n", *sofs_sharename);
+			return true;
+		}
+	}
+
+	return false;
+}
+
+static bool init_witness_test_state(struct torture_context *tctx,
+				    struct dcerpc_pipe *p,
+				    struct torture_test_witness_state *state)
+{
+	if (state->net_name == NULL) {
+		state->net_name = lpcfg_parm_string(tctx->lp_ctx, NULL, "torture", "net_name");
+	}
+
+	if (state->list == NULL) {
+		torture_assert(tctx,
+			test_witness_GetInterfaceList(tctx, p, state),
+			"failed to retrieve GetInterfaceList");
+	}
+
+	if (state->share_name == NULL) {
+		find_sofs_share(tctx, &state->share_name);
+	}
+
+	return true;
+}
+
+static bool test_witness_UnRegister_with_handle(struct torture_context *tctx,
+						struct dcerpc_pipe *p,
+						struct policy_handle *context_handle)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct witness_UnRegister r;
+
+	r.in.context_handle = *context_handle;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_witness_UnRegister_r(b, tctx, &r),
+		"UnRegister failed");
+
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"UnRegister failed");
+
+	/* make sure we are not able/allowed to reuse context handles after they
+	 * have been unregistered */
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_witness_UnRegister_r(b, tctx, &r),
+		"UnRegister failed");
+
+	torture_assert_werr_equal(tctx,
+		r.out.result,
+		WERR_INVALID_PARAMETER,
+		"UnRegister failed");
+
+	return true;
+}
+
+static bool test_witness_UnRegister(struct torture_context *tctx,
+				    struct dcerpc_pipe *p,
+				    void *data)
+{
+	/* acquire handle and free afterwards */
+	return true;
+}
+
+static bool get_ip_address_from_interface(struct torture_context *tctx,
+					  struct witness_interfaceInfo *i,
+					  const char **ip_address)
+{
+	if (i->flags & WITNESS_INFO_IPv4_VALID) {
+		*ip_address = talloc_strdup(tctx, i->ipv4);
+		torture_assert(tctx, *ip_address, "talloc_strdup failed");
+		return true;
+	}
+
+	if (i->flags & WITNESS_INFO_IPv6_VALID) {
+		*ip_address = talloc_strdup(tctx, i->ipv6);
+		torture_assert(tctx, *ip_address, "talloc_strdup failed");
+		return true;
+	}
+
+	return false;
+}
+
+static bool check_valid_interface(struct torture_context *tctx,
+				  struct witness_interfaceInfo *i)
+{
+	/* continue looking for an interface that allows witness
+	 * registration */
+	if (!(i->flags & WITNESS_INFO_WITNESS_IF)) {
+		return false;
+	}
+
+	/* witness should be available of course */
+	if (i->state != WITNESS_STATE_AVAILABLE) {
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_witness_Register(struct torture_context *tctx,
+				  struct dcerpc_pipe *p,
+				  void *data)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct witness_Register r;
+	struct policy_handle context_handle;
+	struct torture_test_witness_state *state =
+		(struct torture_test_witness_state *)data;
+	int i;
+
+	struct {
+		enum witness_version version;
+		const char *net_name;
+		const char *ip_address;
+		const char *client_computer_name;
+		NTSTATUS expected_status;
+		WERROR expected_result;
+	} tests[] = {
+		{
+			.version		= 0,
+			.expected_status	= NT_STATUS_OK,
+			.expected_result	= WERR_REVISION_MISMATCH
+		},{
+			.version		= 1,
+			.expected_status	= NT_STATUS_OK,
+			.expected_result	= WERR_REVISION_MISMATCH
+		},{
+			.version		= 123456,
+			.expected_status	= NT_STATUS_OK,
+			.expected_result	= WERR_REVISION_MISMATCH
+		},{
+			.version		= -1,
+			.expected_status	= NT_STATUS_OK,
+			.expected_result	= WERR_REVISION_MISMATCH
+		},{
+			.version		= WITNESS_V2,
+			.expected_status	= NT_STATUS_OK,
+			.expected_result	= WERR_REVISION_MISMATCH
+		},{
+			.version		= WITNESS_V1,
+			.net_name		= "",
+			.ip_address		= "",
+			.client_computer_name	= "",
+			.expected_status	= NT_STATUS_OK,
+			.expected_result	= WERR_INVALID_PARAMETER
+		},{
+			.version		= WITNESS_V1,
+			.net_name		= NULL,
+			.ip_address		= NULL,
+			.client_computer_name	= lpcfg_netbios_name(tctx->lp_ctx),
+			.expected_status	= NT_STATUS_OK,
+			.expected_result	= WERR_INVALID_PARAMETER
+		},{
+			.version		= WITNESS_V2,
+			.net_name		= NULL,
+			.ip_address		= NULL,
+			.client_computer_name	= lpcfg_netbios_name(tctx->lp_ctx),
+			.expected_status	= NT_STATUS_OK,
+			.expected_result	= WERR_REVISION_MISMATCH
+		},{
+			.version		= WITNESS_V1,
+			.net_name		= dcerpc_server_name(p),
+			.ip_address		= NULL,
+			.client_computer_name	= lpcfg_netbios_name(tctx->lp_ctx),
+			.expected_status	= NT_STATUS_OK,
+			.expected_result	= WERR_INVALID_PARAMETER
+		}
+
+	};
+
+	for (i=0; i < ARRAY_SIZE(tests); i++) {
+
+		ZERO_STRUCT(r);
+
+		r.out.context_handle = &context_handle;
+
+		r.in.version = tests[i].version;
+		r.in.net_name = tests[i].net_name;
+		r.in.ip_address = tests[i].ip_address;
+		r.in.client_computer_name = tests[i].client_computer_name;
+
+		torture_assert_ntstatus_equal(tctx,
+			dcerpc_witness_Register_r(b, tctx, &r),
+			tests[i].expected_status,
+			"Register failed");
+
+		torture_assert_werr_equal(tctx,
+			r.out.result,
+			tests[i].expected_result,
+			"Register failed");
+
+		if (W_ERROR_IS_OK(r.out.result)) {
+
+			/* we have a handle, make sure to unregister it */
+			torture_assert(tctx,
+				test_witness_UnRegister_with_handle(tctx, p, r.out.context_handle),
+				"Failed to unregister");
+		}
+	}
+
+	init_witness_test_state(tctx, p, state);
+
+	for (i=0; state->list && i < state->list->num_interfaces; i++) {
+
+		const char *ip_address;
+		struct witness_interfaceInfo interface = state->list->interfaces[i];
+
+		if (!check_valid_interface(tctx, &interface)) {
+			continue;
+		}
+
+		torture_assert(tctx,
+			get_ip_address_from_interface(tctx, &interface, &ip_address),
+			"failed to get ip_address from interface");
+
+		r.in.version = WITNESS_V1;
+		r.in.net_name = state->net_name;
+		r.in.ip_address = ip_address;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_witness_Register_r(b, tctx, &r),
+			"Register failed");
+
+		torture_assert_werr_ok(tctx,
+			r.out.result,
+			"Register failed");
+
+		torture_assert(tctx,
+			test_witness_UnRegister_with_handle(tctx, p, r.out.context_handle),
+			"Failed to unregister");
+	}
+
+	return true;
+}
+
+static bool test_witness_RegisterEx(struct torture_context *tctx,
+				    struct dcerpc_pipe *p,
+				    void *data)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct witness_RegisterEx r;
+	struct policy_handle context_handle;
+	struct torture_test_witness_state *state =
+		(struct torture_test_witness_state *)data;
+	int i;
+
+	struct {
+		enum witness_version version;
+		const char *net_name;
+		const char *ip_address;
+		const char *client_computer_name;
+		NTSTATUS expected_status;
+		WERROR expected_result;
+	} tests[] = {
+		{
+			.version		= 0,
+			.expected_status	= NT_STATUS_OK,
+			.expected_result	= WERR_REVISION_MISMATCH
+		},{
+			.version		= 1,
+			.expected_status	= NT_STATUS_OK,
+			.expected_result	= WERR_REVISION_MISMATCH
+		},{
+			.version		= 123456,
+			.expected_status	= NT_STATUS_OK,
+			.expected_result	= WERR_REVISION_MISMATCH
+		},{
+			.version		= -1,
+			.expected_status	= NT_STATUS_OK,
+			.expected_result	= WERR_REVISION_MISMATCH
+		},{
+			.version		= WITNESS_V1,
+			.expected_status	= NT_STATUS_OK,
+			.expected_result	= WERR_REVISION_MISMATCH
+		},{
+			.version		= WITNESS_V2,
+			.net_name		= "",
+			.ip_address		= "",
+			.client_computer_name	= "",
+			.expected_status	= NT_STATUS_OK,
+			.expected_result	= WERR_INVALID_PARAMETER
+		},{
+			.version		= WITNESS_V2,
+			.net_name		= NULL,
+			.ip_address		= NULL,
+			.client_computer_name	= lpcfg_netbios_name(tctx->lp_ctx),
+			.expected_status	= NT_STATUS_OK,
+			.expected_result	= WERR_INVALID_PARAMETER
+		},{
+			.version		= WITNESS_V1,
+			.net_name		= NULL,
+			.ip_address		= NULL,
+			.client_computer_name	= lpcfg_netbios_name(tctx->lp_ctx),
+			.expected_status	= NT_STATUS_OK,
+			.expected_result	= WERR_REVISION_MISMATCH
+		},{
+			.version		= WITNESS_V2,
+			.net_name		= dcerpc_server_name(p),
+			.ip_address		= NULL,
+			.client_computer_name	= lpcfg_netbios_name(tctx->lp_ctx),
+			.expected_status	= NT_STATUS_OK,
+			.expected_result	= WERR_INVALID_PARAMETER
+		}
+
+	};
+
+	for (i=0; i < ARRAY_SIZE(tests); i++) {
+
+		ZERO_STRUCT(r);
+
+		r.out.context_handle = &context_handle;
+
+		r.in.version = tests[i].version;
+		r.in.net_name = tests[i].net_name;
+		r.in.ip_address = tests[i].ip_address;
+		r.in.client_computer_name = tests[i].client_computer_name;
+
+		torture_assert_ntstatus_equal(tctx,
+			dcerpc_witness_RegisterEx_r(b, tctx, &r),
+			tests[i].expected_status,
+			"RegisterEx failed");
+
+		torture_assert_werr_equal(tctx,
+			r.out.result,
+			tests[i].expected_result,
+			"RegisterEx failed");
+
+		if (W_ERROR_IS_OK(r.out.result)) {
+
+			/* we have a handle, make sure to unregister it */
+			torture_assert(tctx,
+				test_witness_UnRegister_with_handle(tctx, p, r.out.context_handle),
+				"Failed to unregister");
+		}
+	}
+
+	init_witness_test_state(tctx, p, state);
+
+	for (i=0; state->list && i < state->list->num_interfaces; i++) {
+
+		const char *ip_address;
+		struct witness_interfaceInfo interface = state->list->interfaces[i];
+
+		if (!check_valid_interface(tctx, &interface)) {
+			continue;
+		}
+
+		torture_assert(tctx,
+			get_ip_address_from_interface(tctx, &interface, &ip_address),
+			"failed to get ip_address from interface");
+
+		r.in.version = WITNESS_V2;
+		r.in.net_name = state->net_name;
+		r.in.ip_address = ip_address;
+
+		/*
+		 * a valid request with an invalid sharename fails with
+		 * WERR_INVALID_STATE
+		 */
+		r.in.share_name = "any_invalid_share_name";
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_witness_RegisterEx_r(b, tctx, &r),
+			"RegisterEx failed");
+
+		torture_assert_werr_equal(tctx,
+			r.out.result,
+			WERR_INVALID_STATE,
+			"RegisterEx failed");
+
+		r.in.share_name = NULL;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_witness_RegisterEx_r(b, tctx, &r),
+			"RegisterEx failed");
+
+		torture_assert_werr_ok(tctx,
+			r.out.result,
+			"RegisterEx failed");
+
+		torture_assert(tctx,
+			test_witness_UnRegister_with_handle(tctx, p, r.out.context_handle),
+			"Failed to unregister");
+	}
+
+	return true;
+}
+
+static bool setup_clusapi_connection(struct torture_context *tctx,
+				     struct torture_test_witness_state *s)
+{
+	struct dcerpc_binding *binding;
+
+	if (s->clusapi.p) {
+		return true;
+	}
+
+	torture_assert_ntstatus_ok(tctx,
+		torture_rpc_binding(tctx, &binding),
+		"failed to retrieve torture binding");
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_binding_set_transport(binding, NCACN_IP_TCP),
+		"failed to set transport");
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_binding_set_flags(binding, DCERPC_SEAL, 0),
+		"failed to set dcerpc flags");
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_pipe_connect_b(tctx, &s->clusapi.p, binding,
+				      &ndr_table_clusapi,
+				      samba_cmdline_get_creds(),
+				      tctx->ev, tctx->lp_ctx),
+		"failed to connect dcerpc pipe");
+
+	return true;
+}
+
+#if 0
+static bool cluster_get_nodes(struct torture_context *tctx,
+			      struct torture_test_witness_state *s)
+{
+	struct clusapi_CreateEnum r;
+	struct ENUM_LIST *ReturnEnum;
+	WERROR rpc_status;
+	struct dcerpc_binding_handle *b;
+
+	torture_assert(tctx,
+		setup_clusapi_connection(tctx, s),
+		"failed to setup clusapi connection");
+
+	b = s->clusapi.p->binding_handle;
+
+	r.in.dwType = CLUSTER_ENUM_NODE;
+	r.out.ReturnEnum = &ReturnEnum;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_CreateEnum_r(b, tctx, &r),
+		"failed to enumerate nodes");
+
+	return true;
+}
+#endif
+
+static bool test_GetResourceState_int(struct torture_context *tctx,
+				      struct dcerpc_pipe *p,
+				      struct policy_handle *hResource,
+				      enum clusapi_ClusterResourceState *State)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct clusapi_GetResourceState r;
+	const char *NodeName;
+	const char *GroupName;
+	WERROR rpc_status;
+
+	r.in.hResource = *hResource;
+	r.out.State = State;
+	r.out.NodeName = &NodeName;
+	r.out.GroupName = &GroupName;
+	r.out.rpc_status = &rpc_status;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_clusapi_GetResourceState_r(b, tctx, &r),
+		"GetResourceState failed");
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"GetResourceState failed");
+
+	return true;
+}
+
+static bool toggle_cluster_resource_state(struct torture_context *tctx,
+					  struct dcerpc_pipe *p,
+					  const char *resource_name,
+					  enum clusapi_ClusterResourceState *old_state,
+					  enum clusapi_ClusterResourceState *new_state)
+{
+	struct policy_handle hResource;
+	enum clusapi_ClusterResourceState State;
+
+	torture_assert(tctx,
+		test_OpenResource_int(tctx, p, resource_name, &hResource),
+		"failed to open resource");
+	torture_assert(tctx,
+		test_GetResourceState_int(tctx, p, &hResource, &State),
+		"failed to query resource state");
+
+	if (old_state) {
+		*old_state = State;
+	}
+
+	switch (State) {
+	case ClusterResourceOffline:
+		if (!test_OnlineResource_int(tctx, p, &hResource)) {
+			test_CloseResource_int(tctx, p, &hResource);
+			torture_warning(tctx, "failed to set resource online");
+			return false;
+		}
+		break;
+	case ClusterResourceOnline:
+		if (!test_OfflineResource_int(tctx, p, &hResource)) {
+			test_CloseResource_int(tctx, p, &hResource);
+			torture_warning(tctx, "failed to set resource offline");
+			return false;
+		}
+		break;
+
+	default:
+		break;
+	}
+
+	torture_assert(tctx,
+		test_GetResourceState_int(tctx, p, &hResource, &State),
+		"failed to query resource state");
+
+	if (new_state) {
+		*new_state = State;
+	}
+
+	test_CloseResource_int(tctx, p, &hResource);
+
+	return true;
+}
+
+static bool test_witness_AsyncNotify(struct torture_context *tctx,
+				     struct dcerpc_pipe *p,
+				     void *data)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct witness_AsyncNotify r;
+	struct witness_notifyResponse *response;
+	struct torture_test_witness_state *state =
+		(struct torture_test_witness_state *)data;
+	int i;
+
+	init_witness_test_state(tctx, p, state);
+
+	setup_clusapi_connection(tctx, state);
+
+	for (i=0; state->list && i < state->list->num_interfaces; i++) {
+
+		const char *ip_address;
+		struct witness_interfaceInfo interface = state->list->interfaces[i];
+		struct witness_Register reg;
+		struct tevent_req *req;
+		enum clusapi_ClusterResourceState old_state, new_state;
+
+		if (!check_valid_interface(tctx, &interface)) {
+			continue;
+		}
+
+		torture_assert(tctx,
+			get_ip_address_from_interface(tctx, &interface, &ip_address),
+			"failed to get ip_address from interface");
+
+		reg.in.version = WITNESS_V1;
+		reg.in.net_name = state->net_name;
+		reg.in.ip_address = ip_address;
+		reg.in.client_computer_name = lpcfg_netbios_name(tctx->lp_ctx);
+		reg.out.context_handle = &state->context_handle;
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_witness_Register_r(b, tctx, &reg),
+			"Register failed");
+
+		torture_assert_werr_ok(tctx,
+			reg.out.result,
+			"Register failed");
+
+		r.in.context_handle = state->context_handle;
+		r.out.response = &response;
+
+		req = dcerpc_witness_AsyncNotify_r_send(tctx, tctx->ev, b, &r);
+		torture_assert(tctx, req, "failed to create request");
+
+		torture_assert(tctx,
+			toggle_cluster_resource_state(tctx, state->clusapi.p, state->net_name, &old_state, &new_state),
+			"failed to toggle cluster resource state");
+		torture_assert(tctx, old_state != new_state, "failed to change cluster resource state");
+
+		torture_assert(tctx,
+			tevent_req_poll(req, tctx->ev),
+			"failed to call event loop");
+
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_witness_AsyncNotify_r_recv(req, tctx),
+			"failed to receive reply");
+
+		torture_assert_int_equal(tctx, response->num, 1, "num");
+		torture_assert_int_equal(tctx, response->type, WITNESS_NOTIFY_RESOURCE_CHANGE, "type");
+
+		/*
+		 * TODO: find out how ClusterResourceOfflinePending and
+		 * ClusterResourceOnlinePending are represented as witness
+		 * types.
+		 */
+
+		if (new_state == ClusterResourceOffline) {
+			torture_assert_int_equal(tctx, response->messages[0].resource_change.type, WITNESS_RESOURCE_STATE_UNAVAILABLE, "resource_change.type");
+		}
+		if (new_state == ClusterResourceOnline) {
+			torture_assert_int_equal(tctx, response->messages[0].resource_change.type, WITNESS_RESOURCE_STATE_AVAILABLE, "resource_change.type");
+		}
+		torture_assert(tctx,
+			test_witness_UnRegister_with_handle(tctx, p, &state->context_handle),
+			"Failed to unregister");
+
+		ZERO_STRUCT(state->context_handle);
+
+		torture_assert(tctx,
+			toggle_cluster_resource_state(tctx, state->clusapi.p, state->net_name, &old_state, &new_state),
+			"failed to toggle cluster resource state");
+		torture_assert(tctx, old_state != new_state, "failed to change cluster resource state");
+	}
+
+	return true;
+}
+
+static bool test_do_witness_RegisterEx(struct torture_context *tctx,
+				       struct dcerpc_binding_handle *b,
+				       uint32_t version,
+				       const char *net_name,
+				       const char *share_name,
+				       const char *ip_address,
+				       const char *client_computer_name,
+				       uint32_t flags,
+				       uint32_t timeout,
+				       struct policy_handle *context_handle)
+{
+	struct witness_RegisterEx r;
+
+	r.in.version = version;
+	r.in.net_name = net_name;
+	r.in.share_name = NULL;
+	r.in.ip_address = ip_address;
+	r.in.client_computer_name = client_computer_name;
+	r.in.flags = flags;
+	r.in.timeout = timeout;
+	r.out.context_handle = context_handle;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_witness_RegisterEx_r(b, tctx, &r),
+		"RegisterEx failed");
+
+	torture_assert_werr_ok(tctx,
+		r.out.result,
+		"RegisterEx failed");
+
+	return true;
+}
+
+static void torture_subunit_report_time(struct torture_context *tctx)
+{
+	struct timespec tp;
+	struct tm *tmp;
+	char timestr[200];
+
+	if (clock_gettime(CLOCK_REALTIME, &tp) != 0) {
+		torture_comment(tctx, "failed to call clock_gettime");
+		return;
+	}
+
+	tmp = gmtime(&tp.tv_sec);
+	if (!tmp) {
+		torture_comment(tctx, "failed to call gmtime");
+		return;
+	}
+
+	if (strftime(timestr, sizeof(timestr), "%Y-%m-%d %H:%M:%S", tmp) <= 0) {
+		torture_comment(tctx, "failed to call strftime");
+		return;
+	}
+
+	torture_comment(tctx, "time: %s.%06ld\n", timestr, tp.tv_nsec / 1000);
+}
+
+static bool test_witness_AsyncNotify_timeouts(struct torture_context *tctx,
+					      struct dcerpc_pipe *p,
+					      void *data)
+{
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct witness_AsyncNotify r;
+	struct witness_notifyResponse *response;
+	struct torture_test_witness_state *state =
+		(struct torture_test_witness_state *)data;
+	int i;
+
+	init_witness_test_state(tctx, p, state);
+
+	setup_clusapi_connection(tctx, state);
+
+	for (i=0; state->list && i < state->list->num_interfaces; i++) {
+
+		const char *ip_address;
+		struct witness_interfaceInfo interface = state->list->interfaces[i];
+		uint32_t timeouts[] = {
+			0, 1, 10, 100, 120
+		};
+		int t;
+		uint32_t old_timeout;
+
+		if (!check_valid_interface(tctx, &interface)) {
+			continue;
+		}
+
+		torture_assert(tctx,
+			get_ip_address_from_interface(tctx, &interface, &ip_address),
+			"failed to get ip_address from interface");
+
+		for (t=0; t < ARRAY_SIZE(timeouts); t++) {
+
+			torture_comment(tctx, "Testing Async Notify with timeout of %d milliseconds", timeouts[t]);
+
+			torture_assert(tctx,
+				test_do_witness_RegisterEx(tctx, b,
+							   WITNESS_V2,
+							   state->net_name,
+							   NULL,
+							   ip_address,
+							   lpcfg_netbios_name(tctx->lp_ctx),
+							   0,
+							   timeouts[t],
+							   &state->context_handle),
+				"failed to RegisterEx");
+
+			r.in.context_handle = state->context_handle;
+			r.out.response = &response;
+
+			old_timeout = dcerpc_binding_handle_set_timeout(b, UINT_MAX);
+
+			torture_subunit_report_time(tctx);
+
+			torture_assert_ntstatus_ok(tctx,
+				dcerpc_witness_AsyncNotify_r(b, tctx, &r),
+				"AsyncNotify failed");
+			torture_assert_werr_equal(tctx,
+				r.out.result,
+				WERR_TIMEOUT,
+				"AsyncNotify failed");
+
+			torture_subunit_report_time(tctx);
+
+			dcerpc_binding_handle_set_timeout(b, old_timeout);
+
+			torture_assert(tctx,
+				test_witness_UnRegister_with_handle(tctx, p, &state->context_handle),
+				"Failed to unregister");
+
+			ZERO_STRUCT(state->context_handle);
+		}
+	}
+
+	return true;
+}
+
+struct torture_suite *torture_rpc_witness(TALLOC_CTX *mem_ctx)
+{
+	struct torture_rpc_tcase *tcase;
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "witness");
+	struct torture_test_witness_state *state;
+
+	tcase = torture_suite_add_rpc_iface_tcase(suite, "witness",
+						  &ndr_table_witness);
+
+	state = talloc_zero(tcase, struct torture_test_witness_state);
+
+	torture_rpc_tcase_add_test_ex(tcase, "GetInterfaceList",
+				      test_witness_GetInterfaceList, state);
+	torture_rpc_tcase_add_test_ex(tcase, "Register",
+				      test_witness_Register, state);
+	torture_rpc_tcase_add_test_ex(tcase, "UnRegister",
+				      test_witness_UnRegister, state);
+	torture_rpc_tcase_add_test_ex(tcase, "RegisterEx",
+				      test_witness_RegisterEx, state);
+	torture_rpc_tcase_add_test_ex(tcase, "AsyncNotify",
+				      test_witness_AsyncNotify, state);
+	torture_rpc_tcase_add_test_ex(tcase, "AsyncNotify_timeouts",
+				      test_witness_AsyncNotify_timeouts, state);
+
+	return suite;
+}
diff --git a/source4/torture/rpc/wkssvc.c b/source4/torture/rpc/wkssvc.c
new file mode 100644
index 0000000..c43e16f
--- /dev/null
+++ b/source4/torture/rpc/wkssvc.c
@@ -0,0 +1,1458 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for wkssvc rpc operations
+
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) Günther Deschner 2007
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/torture.h"
+#include "librpc/gen_ndr/ndr_wkssvc_c.h"
+#include "torture/rpc/torture_rpc.h"
+#include "lib/cmdline/cmdline.h"
+#include "param/param.h"
+#include "libcli/auth/libcli_auth.h"
+
+#define SMBTORTURE_MACHINE_NAME "smbtrt_name"
+#define SMBTORTURE_ALTERNATE_NAME "smbtrt_altname"
+#define SMBTORTURE_TRANSPORT_NAME "\\Device\\smbtrt_transport_name"
+#define SMBTORTURE_USE_NAME "S:"
+#define SMBTORTURE_MESSAGE "You are currently tortured by Samba"
+
+static bool test_NetWkstaGetInfo(struct torture_context *tctx,
+				 struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct wkssvc_NetWkstaGetInfo r;
+	union wkssvc_NetWkstaInfo info;
+	uint16_t levels[] = {100, 101, 102, 502};
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.server_name = dcerpc_server_name(p);
+	r.out.info = &info;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		r.in.level = levels[i];
+		torture_comment(tctx, "Testing NetWkstaGetInfo level %u\n",
+				r.in.level);
+		status = dcerpc_wkssvc_NetWkstaGetInfo_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status,
+			talloc_asprintf(tctx, "NetWkstaGetInfo level %u failed",
+					r.in.level));
+		torture_assert_werr_ok(tctx, r.out.result,
+			talloc_asprintf(tctx, "NetWkstaGetInfo level %u failed",
+					r.in.level));
+	}
+
+	return true;
+}
+
+static bool test_NetWkstaTransportEnum(struct torture_context *tctx,
+				       struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct wkssvc_NetWkstaTransportEnum r;
+	uint32_t resume_handle = 0;
+	struct wkssvc_NetWkstaTransportInfo info;
+	union wkssvc_NetWkstaTransportCtr ctr;
+	struct wkssvc_NetWkstaTransportCtr0 ctr0;
+	uint32_t total_entries = 0;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	ZERO_STRUCT(ctr0);
+	ctr.ctr0 = &ctr0;
+
+	info.level = 0;
+	info.ctr = ctr;
+
+	r.in.server_name = dcerpc_server_name(p);
+	r.in.info = &info;
+	r.in.max_buffer = (uint32_t)-1;
+	r.in.resume_handle = &resume_handle;
+	r.out.total_entries = &total_entries;
+	r.out.info = &info;
+	r.out.resume_handle = &resume_handle;
+
+	torture_comment(tctx, "Testing NetWkstaTransportEnum level 0\n");
+
+	status = dcerpc_wkssvc_NetWkstaTransportEnum_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "NetWkstaTransportEnum failed");
+	torture_assert_werr_ok(tctx, r.out.result, talloc_asprintf(tctx,
+			       "NetWkstaTransportEnum level %u failed",
+			       info.level));
+
+	return true;
+}
+
+static bool test_NetrWkstaTransportAdd(struct torture_context *tctx,
+				       struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct wkssvc_NetrWkstaTransportAdd r;
+	struct wkssvc_NetWkstaTransportInfo0 info0;
+	uint32_t parm_err = 0;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	ZERO_STRUCT(info0);
+
+	info0.quality_of_service = 0xffff;
+	info0.vc_count = 0;
+	info0.name = SMBTORTURE_TRANSPORT_NAME;
+	info0.address = "000000000000";
+	info0.wan_link = 0x400;
+
+	r.in.server_name = dcerpc_server_name(p);
+	r.in.level = 0;
+	r.in.info0 = &info0;
+	r.in.parm_err = r.out.parm_err = &parm_err;
+
+	torture_comment(tctx, "Testing NetrWkstaTransportAdd level 0\n");
+
+	status = dcerpc_wkssvc_NetrWkstaTransportAdd_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "NetrWkstaTransportAdd failed");
+	torture_assert_werr_equal(tctx, r.out.result,
+				  WERR_INVALID_PARAMETER,
+				  "NetrWkstaTransportAdd level 0 failed");
+
+	return true;
+}
+
+static bool test_NetrWkstaTransportDel(struct torture_context *tctx,
+				       struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct wkssvc_NetrWkstaTransportDel r;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.server_name = dcerpc_server_name(p);
+	r.in.transport_name = SMBTORTURE_TRANSPORT_NAME;
+	r.in.unknown3 = 0;
+
+	torture_comment(tctx, "Testing NetrWkstaTransportDel\n");
+
+	status = dcerpc_wkssvc_NetrWkstaTransportDel_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "NetrWkstaTransportDel failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+			       "NetrWkstaTransportDel");
+
+	return true;
+}
+
+static bool test_NetWkstaEnumUsers(struct torture_context *tctx,
+				   struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct wkssvc_NetWkstaEnumUsers r;
+	uint32_t handle = 0;
+	uint32_t entries_read = 0;
+	struct wkssvc_NetWkstaEnumUsersInfo info;
+	struct wkssvc_NetWkstaEnumUsersCtr0 *user0;
+	struct wkssvc_NetWkstaEnumUsersCtr1 *user1;
+	uint32_t levels[] = { 0, 1 };
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	for (i=0; i<ARRAY_SIZE(levels); i++) {
+
+		ZERO_STRUCT(info);
+
+		info.level = levels[i];
+		switch (info.level) {
+		case 0:
+			user0 = talloc_zero(tctx,
+					    struct wkssvc_NetWkstaEnumUsersCtr0);
+			info.ctr.user0 = user0;
+			break;
+		case 1:
+			user1 = talloc_zero(tctx,
+					    struct wkssvc_NetWkstaEnumUsersCtr1);
+			info.ctr.user1 = user1;
+			break;
+		default:
+			break;
+		}
+
+		r.in.server_name = dcerpc_server_name(p);
+		r.in.prefmaxlen = (uint32_t)-1;
+		r.in.info = r.out.info = &info;
+		r.in.resume_handle = r.out.resume_handle = &handle;
+
+		r.out.entries_read = &entries_read;
+
+		torture_comment(tctx, "Testing NetWkstaEnumUsers level %u\n",
+				levels[i]);
+
+		status = dcerpc_wkssvc_NetWkstaEnumUsers_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status,
+					   "NetWkstaEnumUsers failed");
+		torture_assert_werr_ok(tctx, r.out.result,
+				       "NetWkstaEnumUsers failed");
+	}
+
+	return true;
+}
+
+static bool test_NetrWkstaUserGetInfo(struct torture_context *tctx,
+				      struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct wkssvc_NetrWkstaUserGetInfo r;
+	union wkssvc_NetrWkstaUserInfo info;
+	const char *dom = lpcfg_workgroup(tctx->lp_ctx);
+	struct cli_credentials *creds = samba_cmdline_get_creds();
+	const char *user = cli_credentials_get_username(creds);
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	const struct {
+		const char *unknown;
+		uint32_t level;
+		WERROR result;
+	} tests[] = {
+		{ NULL, 0, WERR_NO_SUCH_LOGON_SESSION },
+		{ NULL, 1, WERR_NO_SUCH_LOGON_SESSION },
+		{ NULL, 1101, WERR_OK },
+		{ dom, 0, WERR_INVALID_PARAMETER },
+		{ dom, 1, WERR_INVALID_PARAMETER },
+		{ dom, 1101, WERR_INVALID_PARAMETER },
+		{ user, 0, WERR_INVALID_PARAMETER },
+		{ user, 1, WERR_INVALID_PARAMETER },
+		{ user, 1101, WERR_INVALID_PARAMETER },
+	};
+
+	for (i=0; i<ARRAY_SIZE(tests); i++) {
+		r.in.unknown = tests[i].unknown;
+		r.in.level = tests[i].level;
+		r.out.info = &info;
+
+		torture_comment(tctx, "Testing NetrWkstaUserGetInfo level %u\n",
+				r.in.level);
+
+		status = dcerpc_wkssvc_NetrWkstaUserGetInfo_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status,
+					   "NetrWkstaUserGetInfo failed");
+		torture_assert_werr_equal(tctx, r.out.result,
+					  tests[i].result,
+					  "NetrWkstaUserGetInfo failed");
+	}
+
+	return true;
+}
+
+static bool test_NetrUseEnum(struct torture_context *tctx,
+			     struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct wkssvc_NetrUseEnum r;
+	uint32_t handle = 0;
+	uint32_t entries_read = 0;
+	struct wkssvc_NetrUseEnumInfo info;
+	struct wkssvc_NetrUseEnumCtr0 *use0;
+	struct wkssvc_NetrUseEnumCtr1 *use1;
+	struct wkssvc_NetrUseEnumCtr2 *use2;
+	uint32_t levels[] = { 0, 1, 2 };
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	for (i=0; i<ARRAY_SIZE(levels); i++) {
+
+		ZERO_STRUCT(info);
+
+		info.level = levels[i];
+		switch (info.level) {
+		case 0:
+			use0 = talloc_zero(tctx, struct wkssvc_NetrUseEnumCtr0);
+			info.ctr.ctr0 = use0;
+			break;
+		case 1:
+			use1 = talloc_zero(tctx, struct wkssvc_NetrUseEnumCtr1);
+			info.ctr.ctr1 = use1;
+			break;
+		case 2:
+			use2 = talloc_zero(tctx, struct wkssvc_NetrUseEnumCtr2);
+			info.ctr.ctr2 = use2;
+			break;
+		default:
+			break;
+		}
+
+		r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+		r.in.prefmaxlen = (uint32_t)-1;
+		r.in.info = r.out.info = &info;
+		r.in.resume_handle = r.out.resume_handle = &handle;
+
+		r.out.entries_read = &entries_read;
+
+		torture_comment(tctx, "Testing NetrUseEnum level %u\n",
+				levels[i]);
+
+		status = dcerpc_wkssvc_NetrUseEnum_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status,
+					   "NetrUseEnum failed");
+		torture_assert_werr_ok(tctx, r.out.result,
+				       "NetrUseEnum failed");
+	}
+
+	return true;
+}
+
+static bool test_NetrUseAdd(struct torture_context *tctx,
+			    struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct wkssvc_NetrUseAdd r;
+	struct wkssvc_NetrUseInfo0 info0;
+	struct wkssvc_NetrUseInfo1 info1;
+	union wkssvc_NetrUseGetInfoCtr *ctr;
+	uint32_t parm_err = 0;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	ctr = talloc(tctx, union wkssvc_NetrUseGetInfoCtr);
+
+	ZERO_STRUCT(info0);
+
+	info0.local = SMBTORTURE_USE_NAME;
+	info0.remote = "\\\\localhost\\c$";
+
+	ctr->info0 = &info0;
+
+	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.level = 0;
+	r.in.ctr = ctr;
+	r.in.parm_err = r.out.parm_err = &parm_err;
+
+	torture_comment(tctx, "Testing NetrUseAdd level %u\n",
+			r.in.level);
+
+	status = dcerpc_wkssvc_NetrUseAdd_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "NetrUseAdd failed");
+	torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_LEVEL,
+			       "NetrUseAdd failed");
+
+	ZERO_STRUCT(r);
+	ZERO_STRUCT(info1);
+
+	info1.local = SMBTORTURE_USE_NAME;
+	info1.remote = "\\\\localhost\\sysvol";
+	info1.password = NULL;
+
+	ctr->info1 = &info1;
+
+	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.level = 1;
+	r.in.ctr = ctr;
+	r.in.parm_err = r.out.parm_err = &parm_err;
+
+	torture_comment(tctx, "Testing NetrUseAdd level %u\n",
+			r.in.level);
+
+	status = dcerpc_wkssvc_NetrUseAdd_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "NetrUseAdd failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+			       "NetrUseAdd failed");
+
+	return true;
+}
+
+static bool test_NetrUseDel(struct torture_context *tctx,
+			    struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct wkssvc_NetrUseDel r;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.use_name = SMBTORTURE_USE_NAME;
+	r.in.force_cond = 0;
+
+	torture_comment(tctx, "Testing NetrUseDel\n");
+
+	status = dcerpc_wkssvc_NetrUseDel_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "NetrUseDel failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+			       "NetrUseDel failed");
+	return true;
+}
+
+static bool test_NetrUseGetInfo_level(struct torture_context *tctx,
+				      struct dcerpc_pipe *p,
+				      const char *use_name,
+				      uint32_t level,
+				      WERROR werr)
+{
+	NTSTATUS status;
+	struct wkssvc_NetrUseGetInfo r;
+	union wkssvc_NetrUseGetInfoCtr ctr;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	ZERO_STRUCT(ctr);
+
+	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.use_name = use_name;
+	r.in.level = level;
+	r.out.ctr = &ctr;
+	status = dcerpc_wkssvc_NetrUseGetInfo_r(b, tctx, &r);
+
+	torture_assert_ntstatus_ok(tctx, status,
+				   "NetrUseGetInfo failed");
+	torture_assert_werr_equal(tctx, r.out.result, werr,
+				  "NetrUseGetInfo failed");
+	return true;
+}
+
+static bool test_NetrUseGetInfo(struct torture_context *tctx,
+				struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct wkssvc_NetrUseEnum r;
+	uint32_t handle = 0;
+	uint32_t entries_read = 0;
+	struct wkssvc_NetrUseEnumInfo info;
+	struct wkssvc_NetrUseEnumCtr0 *use0;
+	uint32_t levels[] = { 0, 1, 2 };
+	const char *use_name = NULL;
+	int i, k;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	ZERO_STRUCT(info);
+
+	info.level = 0;
+	use0 = talloc_zero(tctx, struct wkssvc_NetrUseEnumCtr0);
+	info.ctr.ctr0 = use0;
+
+	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.prefmaxlen = (uint32_t)-1;
+	r.in.info = r.out.info = &info;
+	r.in.resume_handle = r.out.resume_handle = &handle;
+	r.out.entries_read = &entries_read;
+
+	status = dcerpc_wkssvc_NetrUseEnum_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "NetrUseEnum failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+			       "NetrUseEnum failed");
+
+	for (k=0; k < r.out.info->ctr.ctr0->count; k++) {
+
+		use_name = r.out.info->ctr.ctr0->array[k].local;
+
+		for (i=0; i<ARRAY_SIZE(levels); i++) {
+
+			if (!test_NetrUseGetInfo_level(tctx, p, use_name,
+						       levels[i],
+						       WERR_OK))
+			{
+				if (levels[i] != 0) {
+					return false;
+				}
+			}
+		}
+
+		use_name = r.out.info->ctr.ctr0->array[k].remote;
+
+		for (i=0; i<ARRAY_SIZE(levels); i++) {
+
+			if (!test_NetrUseGetInfo_level(tctx, p, use_name,
+						       levels[i],
+						       WERR_NERR_USENOTFOUND))
+			{
+				if (levels[i] != 0) {
+					return false;
+				}
+			}
+		}
+	}
+
+	return true;
+}
+
+static bool test_NetrLogonDomainNameAdd(struct torture_context *tctx,
+					struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct wkssvc_NetrLogonDomainNameAdd r;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.domain_name = lpcfg_workgroup(tctx->lp_ctx);
+
+	torture_comment(tctx, "Testing NetrLogonDomainNameAdd\n");
+
+	status = dcerpc_wkssvc_NetrLogonDomainNameAdd_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "NetrLogonDomainNameAdd failed");
+	torture_assert_werr_equal(tctx, r.out.result, WERR_NOT_SUPPORTED,
+				  "NetrLogonDomainNameAdd failed");
+	return true;
+}
+
+static bool test_NetrLogonDomainNameDel(struct torture_context *tctx,
+					struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct wkssvc_NetrLogonDomainNameDel r;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.domain_name = lpcfg_workgroup(tctx->lp_ctx);
+
+	torture_comment(tctx, "Testing NetrLogonDomainNameDel\n");
+
+	status = dcerpc_wkssvc_NetrLogonDomainNameDel_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "NetrLogonDomainNameDel failed");
+	torture_assert_werr_equal(tctx, r.out.result, WERR_NOT_SUPPORTED,
+				  "NetrLogonDomainNameDel failed");
+	return true;
+}
+
+static bool test_NetrEnumerateComputerNames_level(struct torture_context *tctx,
+						  struct dcerpc_pipe *p,
+						  uint16_t level,
+						  const char ***names,
+						  size_t *num_names)
+{
+	NTSTATUS status;
+	struct wkssvc_NetrEnumerateComputerNames r;
+	struct wkssvc_ComputerNamesCtr *ctr;
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	ctr = talloc_zero(tctx, struct wkssvc_ComputerNamesCtr);
+
+	r.in.server_name = dcerpc_server_name(p);
+	r.in.name_type = level;
+	r.in.Reserved = 0;
+	r.out.ctr = &ctr;
+
+	torture_comment(tctx, "Testing NetrEnumerateComputerNames level %u\n",
+			r.in.name_type);
+
+	status = dcerpc_wkssvc_NetrEnumerateComputerNames_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "NetrEnumerateComputerNames failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+			       "NetrEnumerateComputerNames failed");
+
+	if ((level == NetPrimaryComputerName) && ctr->count != 1) {
+		torture_comment(tctx,
+				"NetrEnumerateComputerNames did not return one "
+				"name but %u\n", ctr->count);
+		return false;
+	}
+
+	if (names && num_names) {
+		*num_names = 0;
+		*names = NULL;
+		for (i=0; i<ctr->count; i++) {
+			if (!add_string_to_array(tctx,
+						 ctr->computer_name[i].string,
+						 names,
+						 num_names))
+			{
+				return false;
+			}
+		}
+	}
+
+	return true;
+}
+
+static bool test_NetrEnumerateComputerNames(struct torture_context *tctx,
+					    struct dcerpc_pipe *p)
+{
+	uint16_t levels[] = {0,1,2};
+	int i;
+
+	for (i=0; i<ARRAY_SIZE(levels); i++) {
+
+		if (!test_NetrEnumerateComputerNames_level(tctx,
+							   p,
+							   levels[i],
+							   NULL, NULL))
+		{
+			return false;
+		}
+	}
+
+	return true;
+}
+
+static bool test_NetrValidateName(struct torture_context *tctx,
+				  struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct wkssvc_NetrValidateName r;
+	uint16_t levels[] = {0,1,2,3,4,5};
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	for (i=0; i<ARRAY_SIZE(levels); i++) {
+
+		r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+		r.in.name = lpcfg_workgroup(tctx->lp_ctx);
+		r.in.Account = NULL;
+		r.in.Password = NULL;
+		r.in.name_type = levels[i];
+
+		torture_comment(tctx, "Testing NetrValidateName level %u\n",
+				r.in.name_type);
+
+		status = dcerpc_wkssvc_NetrValidateName_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status,
+					   "NetrValidateName failed");
+		torture_assert_werr_equal(tctx, r.out.result,
+					  WERR_NOT_SUPPORTED,
+					  "NetrValidateName failed");
+	}
+
+	return true;
+}
+
+static bool test_NetrValidateName2(struct torture_context *tctx,
+				   struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct wkssvc_NetrValidateName2 r;
+	uint16_t levels[] = {0,1,2,3,4,5};
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	for (i=0; i<ARRAY_SIZE(levels); i++) {
+
+		r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+		r.in.name = lpcfg_workgroup(tctx->lp_ctx);
+		r.in.Account = NULL;
+		r.in.EncryptedPassword = NULL;
+		r.in.name_type = levels[i];
+
+		torture_comment(tctx, "Testing NetrValidateName2 level %u\n",
+				r.in.name_type);
+
+		status = dcerpc_wkssvc_NetrValidateName2_r(b, tctx, &r);
+		torture_assert_ntstatus_ok(tctx, status,
+					   "NetrValidateName2 failed");
+		torture_assert_werr_equal(tctx, r.out.result,
+					  W_ERROR(HRES_ERROR_V(HRES_RPC_E_REMOTE_DISABLED)),
+					  "NetrValidateName2 failed");
+	}
+
+	return true;
+}
+
+static bool test_NetrAddAlternateComputerName(struct torture_context *tctx,
+					      struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct wkssvc_NetrAddAlternateComputerName r;
+	const char **names = NULL;
+	size_t num_names = 0;
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.server_name = dcerpc_server_name(p);
+	r.in.NewAlternateMachineName = SMBTORTURE_ALTERNATE_NAME;
+	r.in.Account = NULL;
+	r.in.EncryptedPassword = NULL;
+	r.in.Reserved = 0;
+
+	torture_comment(tctx, "Testing NetrAddAlternateComputerName\n");
+
+	status = dcerpc_wkssvc_NetrAddAlternateComputerName_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "NetrAddAlternateComputerName failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+			       "NetrAddAlternateComputerName failed");
+
+	if (!test_NetrEnumerateComputerNames_level(tctx, p,
+						   NetAlternateComputerNames,
+						   &names, &num_names))
+	{
+		return false;
+	}
+
+	for (i=0; i<num_names; i++) {
+		if (strequal(names[i], SMBTORTURE_ALTERNATE_NAME)) {
+			return true;
+		}
+	}
+
+	torture_comment(tctx, "new alternate name not set\n");
+
+	return false;
+}
+
+static bool test_NetrRemoveAlternateComputerName(struct torture_context *tctx,
+						 struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct wkssvc_NetrRemoveAlternateComputerName r;
+	const char **names = NULL;
+	size_t num_names = 0;
+	int i;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.server_name = dcerpc_server_name(p);
+	r.in.AlternateMachineNameToRemove = SMBTORTURE_ALTERNATE_NAME;
+	r.in.Account = NULL;
+	r.in.EncryptedPassword = NULL;
+	r.in.Reserved = 0;
+
+	torture_comment(tctx, "Testing NetrRemoveAlternateComputerName\n");
+
+	status = dcerpc_wkssvc_NetrRemoveAlternateComputerName_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "NetrRemoveAlternateComputerName failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+			       "NetrRemoveAlternateComputerName failed");
+
+	if (!test_NetrEnumerateComputerNames_level(tctx, p,
+						   NetAlternateComputerNames,
+						   &names, &num_names))
+	{
+		return false;
+	}
+
+	for (i=0; i<num_names; i++) {
+		if (strequal(names[i], SMBTORTURE_ALTERNATE_NAME)) {
+			return false;
+		}
+	}
+
+	return true;
+}
+
+static bool test_NetrSetPrimaryComputername_name(struct torture_context *tctx,
+						 struct dcerpc_pipe *p,
+						 const char *name)
+{
+	NTSTATUS status;
+	struct wkssvc_NetrSetPrimaryComputername r;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.server_name = dcerpc_server_name(p);
+	r.in.primary_name = name;
+	r.in.Account = NULL;
+	r.in.EncryptedPassword = NULL;
+	r.in.Reserved = 0;
+
+	status = dcerpc_wkssvc_NetrSetPrimaryComputername_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "NetrSetPrimaryComputername failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+			       "NetrSetPrimaryComputername failed");
+	return true;
+}
+
+
+static bool test_NetrSetPrimaryComputername(struct torture_context *tctx,
+					    struct dcerpc_pipe *p)
+{
+	/*
+	  add alternate,
+	  check if there
+	  store old primary
+	  set new primary (alternate)
+	  check if there
+	  later: check if del is possible
+	  set primary back to origin
+	  check if there
+	  del alternate
+	*/
+
+	const char **names_o = NULL, **names = NULL;
+	size_t num_names_o = 0, num_names = 0;
+
+	torture_comment(tctx, "Testing NetrSetPrimaryComputername\n");
+
+	if (!test_NetrAddAlternateComputerName(tctx, p)) {
+		return false;
+	}
+
+	if (!test_NetrEnumerateComputerNames_level(tctx, p,
+						   NetPrimaryComputerName,
+						   &names_o, &num_names_o))
+	{
+		return false;
+	}
+
+	if (num_names_o != 1) {
+		return false;
+	}
+
+	if (!test_NetrSetPrimaryComputername_name(tctx, p,
+						  SMBTORTURE_ALTERNATE_NAME))
+	{
+		return false;
+	}
+
+	if (!test_NetrEnumerateComputerNames_level(tctx, p,
+						   NetPrimaryComputerName,
+						   &names, &num_names))
+	{
+		return false;
+	}
+
+	if (num_names != 1) {
+		return false;
+	}
+
+	if (!strequal(names[0], SMBTORTURE_ALTERNATE_NAME)) {
+		torture_comment(tctx,
+				"name mismatch (%s != %s) after NetrSetPrimaryComputername!\n",
+				names[0], SMBTORTURE_ALTERNATE_NAME);
+		/*return false */;
+	}
+
+	if (!test_NetrSetPrimaryComputername_name(tctx, p,
+						  names_o[0]))
+	{
+		return false;
+	}
+
+	if (!test_NetrRemoveAlternateComputerName(tctx, p)) {
+		return false;
+	}
+
+
+	return true;
+}
+
+static bool test_NetrRenameMachineInDomain(struct torture_context *tctx,
+					   struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct wkssvc_NetrRenameMachineInDomain r;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.server_name = dcerpc_server_name(p);
+	r.in.NewMachineName = SMBTORTURE_MACHINE_NAME;
+	r.in.Account = NULL;
+	r.in.password = NULL;
+	r.in.RenameOptions = 0;
+
+	torture_comment(tctx, "Testing NetrRenameMachineInDomain\n");
+
+	status = dcerpc_wkssvc_NetrRenameMachineInDomain_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "NetrRenameMachineInDomain failed");
+	torture_assert_werr_equal(tctx, r.out.result, WERR_NOT_SUPPORTED,
+				  "NetrRenameMachineInDomain failed");
+	return true;
+}
+
+static bool test_NetrRenameMachineInDomain2_name(struct torture_context *tctx,
+						 struct dcerpc_pipe *p,
+						 const char *new_name)
+{
+	NTSTATUS status;
+	struct wkssvc_NetrRenameMachineInDomain2 r;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.server_name = dcerpc_server_name(p);
+	r.in.NewMachineName = new_name;
+	r.in.Account = NULL;
+	r.in.EncryptedPassword = NULL;
+	r.in.RenameOptions = 0;
+
+	status = dcerpc_wkssvc_NetrRenameMachineInDomain2_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "NetrRenameMachineInDomain2 failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+			       "NetrRenameMachineInDomain2 failed");
+	return true;
+}
+
+static bool test_NetrRenameMachineInDomain2(struct torture_context *tctx,
+					    struct dcerpc_pipe *p)
+{
+	const char **names_o = NULL, **names = NULL;
+	size_t num_names_o = 0, num_names = 0;
+
+	torture_comment(tctx, "Testing NetrRenameMachineInDomain2\n");
+
+	if (!test_NetrEnumerateComputerNames_level(tctx, p,
+						   NetPrimaryComputerName,
+						   &names_o, &num_names_o))
+	{
+		return false;
+	}
+
+	if (num_names_o != 1) {
+		return false;
+	}
+
+	if (!test_NetrRenameMachineInDomain2_name(tctx, p,
+						  SMBTORTURE_MACHINE_NAME))
+	{
+		return false;
+	}
+
+	if (!test_NetrEnumerateComputerNames_level(tctx, p,
+						   NetPrimaryComputerName,
+						   &names, &num_names))
+	{
+		return false;
+	}
+
+	if (num_names != 1) {
+		return false;
+	}
+
+	if (strequal(names[0], names_o[0])) {
+		test_NetrRenameMachineInDomain2_name(tctx, p, names_o[0]);
+		return false;
+	}
+
+	if (!strequal(names[0], SMBTORTURE_MACHINE_NAME)) {
+		test_NetrRenameMachineInDomain2_name(tctx, p, names_o[0]);
+		return false;
+	}
+
+	if (!test_NetrRenameMachineInDomain2_name(tctx, p, names_o[0]))
+	{
+		return false;
+	}
+
+	if (!test_NetrEnumerateComputerNames_level(tctx, p,
+						   NetPrimaryComputerName,
+						   &names, &num_names))
+	{
+		return false;
+	}
+
+	if (num_names != 1) {
+		return false;
+	}
+
+	if (!strequal(names[0], names_o[0])) {
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_NetrWorkstationStatisticsGet(struct torture_context *tctx,
+					      struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct wkssvc_NetrWorkstationStatisticsGet r;
+	struct wkssvc_NetrWorkstationStatistics *info;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	ZERO_STRUCT(r);
+
+	info = talloc_zero(tctx, struct wkssvc_NetrWorkstationStatistics);
+
+	r.in.server_name = dcerpc_server_name(p);
+	r.out.info = &info;
+
+	torture_comment(tctx, "Testing NetrWorkstationStatisticsGet\n");
+
+	status = dcerpc_wkssvc_NetrWorkstationStatisticsGet_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "NetrWorkstationStatisticsGet failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+			       "NetrWorkstationStatisticsGet failed");
+	return true;
+}
+
+/* only succeeds as long as the local messenger service is running - Guenther */
+
+static bool test_NetrMessageBufferSend(struct torture_context *tctx,
+				       struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct wkssvc_NetrMessageBufferSend r;
+	const char *message = SMBTORTURE_MESSAGE;
+	size_t size;
+	uint16_t *msg;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	if (!push_ucs2_talloc(tctx, &msg, message, &size)) {
+		return false;
+	}
+
+	r.in.server_name = dcerpc_server_name(p);
+	r.in.message_name = dcerpc_server_name(p);
+	r.in.message_sender_name = dcerpc_server_name(p);
+	r.in.message_buffer = (uint8_t *)msg;
+	r.in.message_size = size;
+
+	torture_comment(tctx, "Testing NetrMessageBufferSend\n");
+
+	status = dcerpc_wkssvc_NetrMessageBufferSend_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "NetrMessageBufferSend failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+			       "NetrMessageBufferSend failed");
+	return true;
+}
+
+static bool test_NetrGetJoinInformation(struct torture_context *tctx,
+					struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct wkssvc_NetrGetJoinInformation r;
+	enum wkssvc_NetJoinStatus join_status;
+	const char *name_buffer = "";
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.server_name = dcerpc_server_name(p);
+	r.in.name_buffer = r.out.name_buffer = &name_buffer;
+	r.out.name_type = &join_status;
+
+	torture_comment(tctx, "Testing NetrGetJoinInformation\n");
+
+	status = dcerpc_wkssvc_NetrGetJoinInformation_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "NetrGetJoinInformation failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+			       "NetrGetJoinInformation failed");
+	return true;
+}
+
+static bool test_GetJoinInformation(struct torture_context *tctx,
+				    struct dcerpc_pipe *p,
+				    enum wkssvc_NetJoinStatus *join_status_p,
+				    const char **name)
+{
+	NTSTATUS status;
+	struct wkssvc_NetrGetJoinInformation r;
+	enum wkssvc_NetJoinStatus join_status;
+	const char *name_buffer = "";
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.server_name = dcerpc_server_name(p);
+	r.in.name_buffer = r.out.name_buffer = &name_buffer;
+	r.out.name_type = &join_status;
+
+	status = dcerpc_wkssvc_NetrGetJoinInformation_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "NetrGetJoinInformation failed");
+	torture_assert_werr_ok(tctx, r.out.result,
+			       "NetrGetJoinInformation failed");
+
+	if (join_status_p) {
+		*join_status_p = join_status;
+	}
+
+	if (*name) {
+		*name = talloc_strdup(tctx, name_buffer);
+	}
+
+	return true;
+
+}
+
+static bool test_NetrGetJoinableOus(struct torture_context *tctx,
+				    struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct wkssvc_NetrGetJoinableOus r;
+	uint32_t num_ous = 0;
+	const char **ous = NULL;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.server_name = dcerpc_server_name(p);
+	r.in.domain_name = lpcfg_workgroup(tctx->lp_ctx);
+	r.in.Account = NULL;
+	r.in.unknown = NULL;
+	r.in.num_ous = r.out.num_ous = &num_ous;
+	r.out.ous = &ous;
+
+	torture_comment(tctx, "Testing NetrGetJoinableOus\n");
+
+	status = dcerpc_wkssvc_NetrGetJoinableOus_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "NetrGetJoinableOus failed");
+	torture_assert_werr_equal(tctx, r.out.result,
+				  WERR_NOT_SUPPORTED,
+				  "NetrGetJoinableOus failed");
+
+	return true;
+}
+
+static bool test_NetrGetJoinableOus2(struct torture_context *tctx,
+				     struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct wkssvc_NetrGetJoinableOus2 r;
+	uint32_t num_ous = 0;
+	const char **ous = NULL;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.server_name = dcerpc_server_name(p);
+	r.in.domain_name = lpcfg_workgroup(tctx->lp_ctx);
+	r.in.Account = NULL;
+	r.in.EncryptedPassword = NULL;
+	r.in.num_ous = r.out.num_ous = &num_ous;
+	r.out.ous = &ous;
+
+	torture_comment(tctx, "Testing NetrGetJoinableOus2\n");
+
+	status = dcerpc_wkssvc_NetrGetJoinableOus2_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "NetrGetJoinableOus2 failed");
+	torture_assert_werr_equal(tctx, r.out.result,
+				  W_ERROR(HRES_ERROR_V(HRES_RPC_E_REMOTE_DISABLED)),
+				  "NetrGetJoinableOus2 failed");
+
+	return true;
+}
+
+static bool test_NetrUnjoinDomain(struct torture_context *tctx,
+				  struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct wkssvc_NetrUnjoinDomain r;
+	struct cli_credentials *creds = samba_cmdline_get_creds();
+	const char *user = cli_credentials_get_username(creds);
+	const char *admin_account = NULL;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	admin_account = talloc_asprintf(tctx, "%s\\%s",
+					lpcfg_workgroup(tctx->lp_ctx),
+					user);
+
+	r.in.server_name = dcerpc_server_name(p);
+	r.in.Account = admin_account;
+	r.in.password = NULL;
+	r.in.unjoin_flags = 0;
+
+	torture_comment(tctx, "Testing NetrUnjoinDomain\n");
+
+	status = dcerpc_wkssvc_NetrUnjoinDomain_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "NetrUnjoinDomain failed");
+	torture_assert_werr_equal(tctx, r.out.result, WERR_NOT_SUPPORTED,
+				  "NetrUnjoinDomain failed");
+	return true;
+}
+
+static bool test_NetrJoinDomain(struct torture_context *tctx,
+				struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct wkssvc_NetrJoinDomain r;
+	struct cli_credentials *creds = samba_cmdline_get_creds();
+	const char *user = cli_credentials_get_username(creds);
+	const char *admin_account = NULL;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	admin_account = talloc_asprintf(tctx, "%s\\%s",
+					lpcfg_workgroup(tctx->lp_ctx),
+					user);
+
+	r.in.server_name = dcerpc_server_name(p);
+	r.in.domain_name = lpcfg_dnsdomain(tctx->lp_ctx);
+	r.in.account_ou = NULL;
+	r.in.Account = admin_account;
+	r.in.password = NULL;
+	r.in.join_flags = 0;
+
+	torture_comment(tctx, "Testing NetrJoinDomain\n");
+
+	status = dcerpc_wkssvc_NetrJoinDomain_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "NetrJoinDomain failed");
+	torture_assert_werr_equal(tctx, r.out.result, WERR_NOT_SUPPORTED,
+				  "NetrJoinDomain failed");
+	return true;
+}
+
+/*
+ * prerequisites for remotely joining an unjoined XP SP2 workstation:
+ * - firewall needs to be disabled (or open for ncacn_np access)
+ * - HKLM\System\CurrentControlSet\Control\Lsa\forceguest needs to 0
+ * see also:
+ * http://support.microsoft.com/kb/294355/EN-US/ and
+ * http://support.microsoft.com/kb/290403/EN-US/
+ */
+
+static bool test_NetrJoinDomain2(struct torture_context *tctx,
+				 struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct wkssvc_NetrJoinDomain2 r;
+	const char *domain_admin_account = NULL;
+	const char *domain_admin_password = NULL;
+	const char *domain_name = NULL;
+	struct wkssvc_PasswordBuffer *pwd_buf;
+	enum wkssvc_NetJoinStatus join_status;
+	const char *join_name = NULL;
+	WERROR expected_err;
+	WERROR werr;
+	DATA_BLOB session_key;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	/* FIXME: this test assumes to join workstations / servers and does not
+	 * handle DCs (WERR_NERR_SETUPDOMAINCONTROLLER) */
+
+	if (!test_GetJoinInformation(tctx, p, &join_status, &join_name))
+	{
+		return false;
+	}
+
+	switch (join_status) {
+		case NET_SETUP_DOMAIN_NAME:
+			expected_err = WERR_NERR_SETUPALREADYJOINED;
+			break;
+		case NET_SETUP_UNKNOWN_STATUS:
+		case NET_SETUP_UNJOINED:
+		case NET_SETUP_WORKGROUP_NAME:
+		default:
+			expected_err = WERR_OK;
+			break;
+	}
+
+	domain_admin_account = torture_setting_string(tctx, "domain_admin_account", NULL);
+
+	domain_admin_password = torture_setting_string(tctx, "domain_admin_password", NULL);
+
+	domain_name = torture_setting_string(tctx, "domain_name", NULL);
+
+	if ((domain_admin_account == NULL) ||
+	    (domain_admin_password == NULL) ||
+	    (domain_name == NULL)) {
+		torture_comment(tctx, "not enough input parameter\n");
+	    	return false;
+	}
+
+	status = dcerpc_fetch_session_key(p, &session_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+
+	werr = encode_wkssvc_join_password_buffer(tctx,
+						  domain_admin_password,
+						  &session_key,
+						  &pwd_buf);
+	if (!W_ERROR_IS_OK(werr)) {
+		return false;
+	}
+
+	r.in.server_name = dcerpc_server_name(p);
+	r.in.domain_name = domain_name;
+	r.in.account_ou = NULL;
+	r.in.admin_account = domain_admin_account;
+	r.in.encrypted_password = pwd_buf;
+	r.in.join_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE |
+			  WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE;
+
+	torture_comment(tctx, "Testing NetrJoinDomain2 (assuming non-DC)\n");
+
+	status = dcerpc_wkssvc_NetrJoinDomain2_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "NetrJoinDomain2 failed");
+	torture_assert_werr_equal(tctx, r.out.result, expected_err,
+				  "NetrJoinDomain2 failed");
+
+	if (!test_GetJoinInformation(tctx, p, &join_status, &join_name))
+	{
+		return false;
+	}
+
+	if (join_status != NET_SETUP_DOMAIN_NAME) {
+		torture_comment(tctx,
+				"Join verify failed: got %d\n", join_status);
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_NetrUnjoinDomain2(struct torture_context *tctx,
+				   struct dcerpc_pipe *p)
+{
+	NTSTATUS status;
+	struct wkssvc_NetrUnjoinDomain2 r;
+	const char *domain_admin_account = NULL;
+	const char *domain_admin_password = NULL;
+	struct wkssvc_PasswordBuffer *pwd_buf;
+	enum wkssvc_NetJoinStatus join_status;
+	const char *join_name = NULL;
+	WERROR expected_err;
+	WERROR werr;
+	DATA_BLOB session_key;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	/* FIXME: this test assumes to join workstations / servers and does not
+	 * handle DCs (WERR_NERR_SETUPDOMAINCONTROLLER) */
+
+	if (!test_GetJoinInformation(tctx, p, &join_status, &join_name))
+	{
+		return false;
+	}
+
+	switch (join_status) {
+		case NET_SETUP_UNJOINED:
+			expected_err = WERR_NERR_SETUPNOTJOINED;
+			break;
+		case NET_SETUP_DOMAIN_NAME:
+		case NET_SETUP_UNKNOWN_STATUS:
+		case NET_SETUP_WORKGROUP_NAME:
+		default:
+			expected_err = WERR_OK;
+			break;
+	}
+
+	domain_admin_account = torture_setting_string(tctx, "domain_admin_account", NULL);
+
+	domain_admin_password = torture_setting_string(tctx, "domain_admin_password", NULL);
+
+	if ((domain_admin_account == NULL) ||
+	    (domain_admin_password == NULL)) {
+		torture_comment(tctx, "not enough input parameter\n");
+	    	return false;
+	}
+
+	status = dcerpc_fetch_session_key(p, &session_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+
+	werr = encode_wkssvc_join_password_buffer(tctx,
+						  domain_admin_password,
+						  &session_key,
+						  &pwd_buf);
+	if (!W_ERROR_IS_OK(werr)) {
+		return false;
+	}
+
+	r.in.server_name = dcerpc_server_name(p);
+	r.in.account = domain_admin_account;
+	r.in.encrypted_password = pwd_buf;
+	r.in.unjoin_flags = 0;
+
+	torture_comment(tctx, "Testing NetrUnjoinDomain2 (assuming non-DC)\n");
+
+	status = dcerpc_wkssvc_NetrUnjoinDomain2_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "NetrUnjoinDomain2 failed");
+	torture_assert_werr_equal(tctx, r.out.result, expected_err,
+				  "NetrUnjoinDomain2 failed");
+
+	if (!test_GetJoinInformation(tctx, p, &join_status, &join_name))
+	{
+		return false;
+	}
+
+	switch (join_status) {
+		case NET_SETUP_UNJOINED:
+		case NET_SETUP_WORKGROUP_NAME:
+			break;
+		case NET_SETUP_UNKNOWN_STATUS:
+		case NET_SETUP_DOMAIN_NAME:
+		default:
+			torture_comment(tctx,
+				"Unjoin verify failed: got %d\n", join_status);
+			return false;
+	}
+
+	return true;
+}
+
+
+struct torture_suite *torture_rpc_wkssvc(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite;
+	struct torture_rpc_tcase *tcase;
+	struct torture_test *test;
+
+	suite = torture_suite_create(mem_ctx, "wkssvc");
+	tcase = torture_suite_add_rpc_iface_tcase(suite, "wkssvc",
+						  &ndr_table_wkssvc);
+
+	torture_rpc_tcase_add_test(tcase, "NetWkstaGetInfo",
+				   test_NetWkstaGetInfo);
+
+	torture_rpc_tcase_add_test(tcase, "NetWkstaTransportEnum",
+				   test_NetWkstaTransportEnum);
+	torture_rpc_tcase_add_test(tcase, "NetrWkstaTransportDel",
+				   test_NetrWkstaTransportDel);
+	torture_rpc_tcase_add_test(tcase, "NetrWkstaTransportAdd",
+				   test_NetrWkstaTransportAdd);
+
+	torture_rpc_tcase_add_test(tcase, "NetWkstaEnumUsers",
+				   test_NetWkstaEnumUsers);
+	torture_rpc_tcase_add_test(tcase, "NetrWkstaUserGetInfo",
+				   test_NetrWkstaUserGetInfo);
+
+	torture_rpc_tcase_add_test(tcase, "NetrUseDel",
+				   test_NetrUseDel);
+	torture_rpc_tcase_add_test(tcase, "NetrUseGetInfo",
+				   test_NetrUseGetInfo);
+	torture_rpc_tcase_add_test(tcase, "NetrUseEnum",
+				   test_NetrUseEnum);
+	torture_rpc_tcase_add_test(tcase, "NetrUseAdd",
+				   test_NetrUseAdd);
+
+	torture_rpc_tcase_add_test(tcase, "NetrValidateName",
+				   test_NetrValidateName);
+	torture_rpc_tcase_add_test(tcase, "NetrValidateName2",
+				   test_NetrValidateName2);
+	torture_rpc_tcase_add_test(tcase, "NetrLogonDomainNameDel",
+				   test_NetrLogonDomainNameDel);
+	torture_rpc_tcase_add_test(tcase, "NetrLogonDomainNameAdd",
+				   test_NetrLogonDomainNameAdd);
+	torture_rpc_tcase_add_test(tcase, "NetrRemoveAlternateComputerName",
+				   test_NetrRemoveAlternateComputerName);
+	torture_rpc_tcase_add_test(tcase, "NetrAddAlternateComputerName",
+				   test_NetrAddAlternateComputerName);
+	test = torture_rpc_tcase_add_test(tcase, "NetrSetPrimaryComputername",
+					  test_NetrSetPrimaryComputername);
+	test->dangerous = true;
+	test = torture_rpc_tcase_add_test(tcase, "NetrRenameMachineInDomain",
+					  test_NetrRenameMachineInDomain);
+	test->dangerous = true;
+	test = torture_rpc_tcase_add_test(tcase, "NetrRenameMachineInDomain2",
+					  test_NetrRenameMachineInDomain2);
+	test->dangerous = true;
+	torture_rpc_tcase_add_test(tcase, "NetrEnumerateComputerNames",
+				   test_NetrEnumerateComputerNames);
+
+	test = torture_rpc_tcase_add_test(tcase, "NetrJoinDomain2",
+					  test_NetrJoinDomain2);
+	test->dangerous = true;
+	test = torture_rpc_tcase_add_test(tcase, "NetrUnjoinDomain2",
+					  test_NetrUnjoinDomain2);
+	test->dangerous = true;
+
+	torture_rpc_tcase_add_test(tcase, "NetrJoinDomain",
+				   test_NetrJoinDomain);
+	test->dangerous = true;
+	torture_rpc_tcase_add_test(tcase, "NetrUnjoinDomain",
+				   test_NetrUnjoinDomain);
+	test->dangerous = true;
+	torture_rpc_tcase_add_test(tcase, "NetrGetJoinInformation",
+				   test_NetrGetJoinInformation);
+	torture_rpc_tcase_add_test(tcase, "NetrGetJoinableOus",
+				   test_NetrGetJoinableOus);
+	torture_rpc_tcase_add_test(tcase, "NetrGetJoinableOus2",
+				   test_NetrGetJoinableOus2);
+
+	torture_rpc_tcase_add_test(tcase, "NetrWorkstationStatisticsGet",
+				   test_NetrWorkstationStatisticsGet);
+	torture_rpc_tcase_add_test(tcase, "NetrMessageBufferSend",
+				   test_NetrMessageBufferSend);
+
+	return suite;
+}
diff --git a/source4/torture/shell.c b/source4/torture/shell.c
new file mode 100644
index 0000000..d34267d
--- /dev/null
+++ b/source4/torture/shell.c
@@ -0,0 +1,326 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB torture tester
+   Copyright (C) Andrew Tridgell 1997-2003
+   Copyright (C) Jelmer Vernooij 2006-2008
+   Copyright (C) James Peach 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/readline.h"
+#include "../libcli/smbreadline/smbreadline.h"
+#include "lib/cmdline/cmdline.h"
+#include "auth/credentials/credentials.h"
+#include "torture/smbtorture.h"
+#include "param/param.h"
+
+struct shell_command;
+
+typedef void (*shell_function)(const struct shell_command *,
+	struct torture_context *, int, const char **);
+
+static void shell_quit(const struct shell_command *,
+	struct torture_context *, int, const char **);
+static void shell_help(const struct shell_command *,
+	struct torture_context *, int, const char **);
+static void shell_set(const struct shell_command *,
+	struct torture_context *, int, const char **);
+static void shell_run(const struct shell_command *,
+	struct torture_context *, int, const char **);
+static void shell_list(const struct shell_command *,
+	struct torture_context *, int, const char **);
+static void shell_auth(const struct shell_command *,
+	struct torture_context *, int, const char **);
+static void shell_target(const struct shell_command *,
+	struct torture_context *, int, const char **);
+
+static void shell_usage(const struct shell_command *);
+static bool match_command(const char *, const struct shell_command *);
+
+struct shell_command
+{
+    shell_function  handler;
+    const char *    name;
+    const char *    usage;
+    const char *    help;
+} shell_command;
+
+static const struct shell_command commands[] =
+{
+    {
+	shell_auth, "auth",
+	"[[username | principal | domain | realm | password] STRING]",
+	"set authentication parameters"
+    },
+
+    {
+	shell_help, "help", NULL,
+	"print this help message"
+    },
+
+    {
+	shell_list, "list", NULL,
+	"list the available tests"
+    },
+
+    {
+	shell_quit, "quit", NULL,
+	"exit smbtorture"
+    },
+
+    {
+	shell_run, "run", "[TESTNAME]",
+	"run the specified test"
+    },
+
+    {
+	shell_set, "set", "[NAME VALUE]",
+	"print or set test configuration parameters"
+    },
+
+    {
+	shell_target, "target", "[TARGET]",
+	"print or set the test target"
+    }
+
+};
+
+void torture_shell(struct torture_context *tctx)
+{
+	char *cline;
+	int argc;
+	const char **argv;
+	int ret;
+	int i;
+
+	/* If we don't have a specified password, specify it as empty. This
+	 * stops the credentials system prompting when we use the "auth"
+	 * command to display the current auth parameters.
+	 */
+	cli_credentials_set_password(samba_cmdline_get_creds(),
+			"", CRED_GUESS_ENV);
+
+	while (1) {
+		cline = smb_readline("torture> ", NULL, NULL);
+
+		if (cline == NULL)
+			return;
+
+#ifdef HAVE_ADD_HISTORY
+		add_history(cline);
+#endif
+
+		ret = poptParseArgvString(cline, &argc, &argv);
+		if (ret != 0) {
+			fprintf(stderr, "Error parsing line\n");
+			continue;
+		}
+
+		for (i = 0; i < ARRAY_SIZE(commands); i++) {
+			if (match_command(argv[0], &commands[i])) {
+				argc--;
+				argv++;
+				commands[i].handler(&commands[i],
+					tctx, argc, argv);
+				break;
+			}
+		}
+
+		free(cline);
+	}
+}
+
+static void shell_quit(const struct shell_command * command,
+	struct torture_context *tctx, int argc, const char **argv)
+{
+    exit(0);
+}
+
+static void shell_help(const struct shell_command * command,
+	struct torture_context *tctx, int argc, const char **argv)
+{
+    int i;
+
+    if (argc == 1) {
+	    for (i = 0; i < ARRAY_SIZE(commands); i++) {
+		    if (match_command(argv[0], &commands[i])) {
+			    shell_usage(&commands[i]);
+			    return;
+		    }
+	    }
+    } else {
+	    fprintf(stdout, "Available commands:\n");
+	    for (i = 0; i < ARRAY_SIZE(commands); i++) {
+		    fprintf(stdout, "\t%s - %s\n",
+			    commands[i].name, commands[i].help);
+	    }
+    }
+}
+
+static void shell_set(const struct shell_command *command,
+	struct torture_context *tctx, int argc, const char **argv)
+{
+	switch (argc) {
+	case 0:
+	    lpcfg_dump(tctx->lp_ctx, stdout,
+		    false /* show_defaults */,
+		    0 /* skip services */);
+	    break;
+
+	case 2:
+	    /* We want to allow users to set any config option. Top level
+	     * options will get checked against their static definition, but
+	     * parametric options can't be checked and will just get stashed
+	     * as they are provided.
+	     */
+	    lpcfg_set_cmdline(tctx->lp_ctx, argv[0], argv[1]);
+	    break;
+
+	default:
+	    shell_usage(command);
+	}
+}
+
+static void shell_run(const struct shell_command * command,
+	struct torture_context *tctx, int argc, const char **argv)
+{
+    if (argc != 1) {
+	shell_usage(command);
+	return;
+    }
+
+    torture_run_named_tests(tctx, argv[0], NULL /* restricted */);
+}
+
+static void shell_list(const struct shell_command * command,
+	struct torture_context *tctx, int argc, const char **argv)
+{
+    if (argc != 0) {
+	shell_usage(command);
+	return;
+    }
+
+    torture_print_testsuites(true);
+}
+
+static void shell_auth(const struct shell_command * command,
+	struct torture_context *tctx, int argc, const char **argv)
+{
+
+    if (argc == 0) {
+	    const char * username;
+	    const char * domain;
+	    const char * realm;
+	    const char * password;
+	    const char * principal;
+
+	    username = cli_credentials_get_username(
+			samba_cmdline_get_creds());
+	    principal = cli_credentials_get_principal(
+				samba_cmdline_get_creds(), tctx);
+	    domain = cli_credentials_get_domain(samba_cmdline_get_creds());
+	    realm = cli_credentials_get_realm(samba_cmdline_get_creds());
+	    password = cli_credentials_get_password(
+				samba_cmdline_get_creds());
+
+	    printf("Username: %s\n", username ? username : "");
+	    printf("User Principal: %s\n", principal ? principal : "");
+	    printf("Domain: %s\n", domain ? domain : "");
+	    printf("Realm: %s\n", realm ? realm : "");
+	    printf("Password: %s\n", password ? password : "");
+    } else if (argc == 2) {
+	    bool result;
+
+	    if (!strcmp(argv[0], "username")) {
+		    result = cli_credentials_set_username(
+			samba_cmdline_get_creds(),
+			argv[1], CRED_SPECIFIED);
+	    } else if (!strcmp(argv[0], "principal")) {
+		    result = cli_credentials_set_principal(
+			samba_cmdline_get_creds(),
+			argv[1], CRED_SPECIFIED);
+	    } else if (!strcmp(argv[0], "domain")) {
+		    result = cli_credentials_set_domain(
+			samba_cmdline_get_creds(),
+			argv[1], CRED_SPECIFIED);
+	    } else if (!strcmp(argv[0], "realm")) {
+		    result = cli_credentials_set_realm(
+			samba_cmdline_get_creds(),
+			argv[1], CRED_SPECIFIED);
+	    } else if (!strcmp(argv[0], "password")) {
+		    result = cli_credentials_set_password(
+			samba_cmdline_get_creds(),
+			argv[1], CRED_SPECIFIED);
+	    } else {
+		    shell_usage(command);
+		    return;
+	    }
+
+	    if (!result) {
+		    printf("failed to set %s\n", argv[0]);
+	    }
+    } else {
+	    shell_usage(command);
+    }
+
+}
+
+static void shell_target(const struct shell_command *command,
+	struct torture_context *tctx, int argc, const char **argv)
+{
+	if (argc == 0) {
+		const char * host;
+		const char * share;
+		const char * binding;
+
+		host = torture_setting_string(tctx, "host", NULL);
+		share = torture_setting_string(tctx, "share", NULL);
+		binding = torture_setting_string(tctx, "binding", NULL);
+
+		printf("Target host: %s\n", host ? host : "");
+		printf("Target share: %s\n", share ? share : "");
+		printf("Target binding: %s\n", binding ? binding : "");
+	} else if (argc == 1) {
+		torture_parse_target(tctx, tctx->lp_ctx, argv[0]);
+	} else {
+		shell_usage(command);
+	}
+}
+
+static void shell_usage(const struct shell_command * command)
+{
+    if (command->usage) {
+	    fprintf(stderr, "Usage: %s %s\n",
+		    command->name, command->usage);
+    } else {
+	    fprintf(stderr, "Usage: %s\n",
+		    command->name);
+    }
+}
+
+static bool match_command(const char * name,
+	const struct shell_command * command)
+{
+	if (!strcmp(name, command->name)) {
+		return true;
+	}
+
+	if (name[0] == command->name[0] && name[1] == '\0') {
+	    return true;
+	}
+
+	return false;
+}
diff --git a/source4/torture/smb2/acls.c b/source4/torture/smb2/acls.c
new file mode 100644
index 0000000..019886e
--- /dev/null
+++ b/source4/torture/smb2/acls.c
@@ -0,0 +1,3340 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   test security descriptor operations for SMB2
+
+   Copyright (C) Zack Kirsch 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/cmdline/cmdline.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "libcli/smb/smbXcli_base.h"
+#include "torture/torture.h"
+#include "libcli/resolve/resolve.h"
+#include "torture/util.h"
+#include "torture/smb2/proto.h"
+#include "libcli/security/security.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "lib/param/param.h"
+
+#define CHECK_STATUS(status, correct) do { \
+	if (!NT_STATUS_EQUAL(status, correct)) { \
+		torture_result(tctx, TORTURE_FAIL, "(%s) Incorrect status %s - should be %s\n", \
+		       __location__, nt_errstr(status), nt_errstr(correct)); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+#define BASEDIR "smb2-testsd"
+
+#define CHECK_ACCESS_IGNORE SEC_STD_SYNCHRONIZE
+
+#define CHECK_ACCESS_FLAGS(_fh, flags) do { \
+	union smb_fileinfo _q; \
+	_q.access_information.level = RAW_FILEINFO_ACCESS_INFORMATION; \
+	_q.access_information.in.file.handle = (_fh); \
+	status = smb2_getinfo_file(tree, tctx, &_q); \
+	CHECK_STATUS(status, NT_STATUS_OK); \
+	/* Handle a Vista bug where SEC_STD_SYNCHRONIZE doesn't come back. */ \
+	if ((((flags) & CHECK_ACCESS_IGNORE) == CHECK_ACCESS_IGNORE) && \
+	    ((_q.access_information.out.access_flags & CHECK_ACCESS_IGNORE) != CHECK_ACCESS_IGNORE)) { \
+		torture_comment(tctx, "SKIPPING (Vista bug): (%s) Incorrect access_flags 0x%08x - should be 0x%08x\n", \
+		       __location__, _q.access_information.out.access_flags, (flags)); \
+	} \
+	if ((_q.access_information.out.access_flags & ~CHECK_ACCESS_IGNORE) != \
+	    (((flags) & ~CHECK_ACCESS_IGNORE))) { \
+		torture_result(tctx, TORTURE_FAIL, "(%s) Incorrect access_flags 0x%08x - should be 0x%08x\n", \
+		       __location__, _q.access_information.out.access_flags, (flags)); \
+		ret = false; \
+		goto done; \
+	} \
+} while (0)
+
+#define FAIL_UNLESS(__cond)					\
+	do {							\
+		if (__cond) {} else {				\
+			torture_result(tctx, TORTURE_FAIL, "%s) condition violated: %s\n",	\
+			       __location__, #__cond);		\
+			ret = false; goto done;			\
+		}						\
+	} while(0)
+
+#define CHECK_SECURITY_DESCRIPTOR(_sd1, _sd2) do { \
+	if (!security_descriptor_equal(_sd1, _sd2)) { \
+		torture_warning(tctx, "security descriptors don't match!\n"); \
+		torture_warning(tctx, "got:\n"); \
+		NDR_PRINT_DEBUG(security_descriptor, _sd1); \
+		torture_warning(tctx, "expected:\n"); \
+		NDR_PRINT_DEBUG(security_descriptor, _sd2); \
+		torture_result(tctx, TORTURE_FAIL, \
+			       "%s: security descriptors don't match!\n", \
+			       __location__); \
+		ret = false; \
+	} \
+} while (0)
+
+/*
+  test the behaviour of the well known SID_CREATOR_OWNER sid, and some generic
+  mapping bits
+  Note: This test was copied from raw/acls.c.
+*/
+static bool test_creator_sid(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	struct smb2_create io;
+	const char *fname = BASEDIR "\\creator.txt";
+	bool ret = true;
+	struct smb2_handle handle = {{0}};
+	union smb_fileinfo q;
+	union smb_setfileinfo set;
+	struct security_descriptor *sd, *sd_orig, *sd2;
+	const char *owner_sid;
+
+	if (!smb2_util_setup_dir(tctx, tree, BASEDIR))
+		return false;
+
+	torture_comment(tctx, "TESTING SID_CREATOR_OWNER\n");
+
+	ZERO_STRUCT(io);
+	io.level = RAW_OPEN_SMB2;
+	io.in.create_flags = 0;
+	io.in.desired_access = SEC_STD_READ_CONTROL | SEC_STD_WRITE_DAC | SEC_STD_WRITE_OWNER;
+	io.in.create_options = 0;
+	io.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.in.share_access = NTCREATEX_SHARE_ACCESS_DELETE |
+		NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.in.alloc_size = 0;
+	io.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.in.security_flags = 0;
+	io.in.fname = fname;
+
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	handle = io.out.file.handle;
+
+	torture_comment(tctx, "get the original sd\n");
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.handle = handle;
+	q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+	status = smb2_getinfo_file(tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	sd_orig = q.query_secdesc.out.sd;
+
+	owner_sid = dom_sid_string(tctx, sd_orig->owner_sid);
+
+	torture_comment(tctx, "set a sec desc allowing no write by CREATOR_OWNER\n");
+	sd = security_descriptor_dacl_create(tctx,
+					0, NULL, NULL,
+					SID_CREATOR_OWNER,
+					SEC_ACE_TYPE_ACCESS_ALLOWED,
+					SEC_RIGHTS_FILE_READ | SEC_STD_ALL,
+					0,
+					NULL);
+
+	set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+	set.set_secdesc.in.file.handle = handle;
+	set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+	set.set_secdesc.in.sd = sd;
+
+	status = smb2_setinfo_file(tree, &set);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "try open for write\n");
+	io.in.desired_access = SEC_FILE_WRITE_DATA;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	torture_comment(tctx, "try open for read\n");
+	io.in.desired_access = SEC_FILE_READ_DATA;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	torture_comment(tctx, "try open for generic write\n");
+	io.in.desired_access = SEC_GENERIC_WRITE;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	torture_comment(tctx, "try open for generic read\n");
+	io.in.desired_access = SEC_GENERIC_READ;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	torture_comment(tctx, "set a sec desc allowing no write by owner\n");
+	sd = security_descriptor_dacl_create(tctx,
+					0, owner_sid, NULL,
+					owner_sid,
+					SEC_ACE_TYPE_ACCESS_ALLOWED,
+					SEC_RIGHTS_FILE_READ | SEC_STD_ALL,
+					0,
+					NULL);
+
+	set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+	set.set_secdesc.in.file.handle = handle;
+	set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+	set.set_secdesc.in.sd = sd;
+	status = smb2_setinfo_file(tree, &set);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "check that sd has been mapped correctly\n");
+	status = smb2_getinfo_file(tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_SECURITY_DESCRIPTOR(q.query_secdesc.out.sd, sd);
+
+	torture_comment(tctx, "try open for write\n");
+	io.in.desired_access = SEC_FILE_WRITE_DATA;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	torture_comment(tctx, "try open for read\n");
+	io.in.desired_access = SEC_FILE_READ_DATA;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_ACCESS_FLAGS(io.out.file.handle,
+			   SEC_FILE_READ_DATA);
+	smb2_util_close(tree, io.out.file.handle);
+
+	torture_comment(tctx, "try open for generic write\n");
+	io.in.desired_access = SEC_GENERIC_WRITE;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	torture_comment(tctx, "try open for generic read\n");
+	io.in.desired_access = SEC_GENERIC_READ;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_ACCESS_FLAGS(io.out.file.handle,
+			   SEC_RIGHTS_FILE_READ);
+	smb2_util_close(tree, io.out.file.handle);
+
+	torture_comment(tctx, "set a sec desc allowing generic read by owner\n");
+	sd = security_descriptor_dacl_create(tctx,
+					0, NULL, NULL,
+					owner_sid,
+					SEC_ACE_TYPE_ACCESS_ALLOWED,
+					SEC_GENERIC_READ | SEC_STD_ALL,
+					0,
+					NULL);
+
+	set.set_secdesc.in.sd = sd;
+	status = smb2_setinfo_file(tree, &set);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "check that generic read has been mapped correctly\n");
+	sd2 = security_descriptor_dacl_create(tctx,
+					 0, owner_sid, NULL,
+					 owner_sid,
+					 SEC_ACE_TYPE_ACCESS_ALLOWED,
+					 SEC_RIGHTS_FILE_READ | SEC_STD_ALL,
+					 0,
+					 NULL);
+
+	status = smb2_getinfo_file(tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_SECURITY_DESCRIPTOR(q.query_secdesc.out.sd, sd2);
+
+	torture_comment(tctx, "try open for write\n");
+	io.in.desired_access = SEC_FILE_WRITE_DATA;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	torture_comment(tctx, "try open for read\n");
+	io.in.desired_access = SEC_FILE_READ_DATA;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_ACCESS_FLAGS(io.out.file.handle,
+			   SEC_FILE_READ_DATA);
+	smb2_util_close(tree, io.out.file.handle);
+
+	torture_comment(tctx, "try open for generic write\n");
+	io.in.desired_access = SEC_GENERIC_WRITE;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	torture_comment(tctx, "try open for generic read\n");
+	io.in.desired_access = SEC_GENERIC_READ;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_ACCESS_FLAGS(io.out.file.handle, SEC_RIGHTS_FILE_READ);
+	smb2_util_close(tree, io.out.file.handle);
+
+
+	torture_comment(tctx, "put back original sd\n");
+	set.set_secdesc.in.sd = sd_orig;
+	status = smb2_setinfo_file(tree, &set);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+
+done:
+	smb2_util_close(tree, handle);
+	smb2_deltree(tree, BASEDIR);
+	smb2_tdis(tree);
+	smb2_logoff(tree->session);
+	return ret;
+}
+
+
+/*
+  test the mapping of the SEC_GENERIC_xx bits to SEC_STD_xx and
+  SEC_FILE_xx bits
+  Note: This test was copied from raw/acls.c.
+*/
+static bool test_generic_bits(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	struct smb2_create io;
+	const char *fname = BASEDIR "\\generic.txt";
+	bool ret = true;
+	struct smb2_handle handle = {{0}};
+	int i;
+	union smb_fileinfo q;
+	union smb_setfileinfo set;
+	struct security_descriptor *sd, *sd_orig, *sd2;
+	const char *owner_sid;
+	const struct {
+		uint32_t gen_bits;
+		uint32_t specific_bits;
+	} file_mappings[] = {
+		{ 0,                       0 },
+		{ SEC_GENERIC_READ,        SEC_RIGHTS_FILE_READ },
+		{ SEC_GENERIC_WRITE,       SEC_RIGHTS_FILE_WRITE },
+		{ SEC_GENERIC_EXECUTE,     SEC_RIGHTS_FILE_EXECUTE },
+		{ SEC_GENERIC_ALL,         SEC_RIGHTS_FILE_ALL },
+		{ SEC_FILE_READ_DATA,      SEC_FILE_READ_DATA },
+		{ SEC_FILE_READ_ATTRIBUTE, SEC_FILE_READ_ATTRIBUTE }
+	};
+	const struct {
+		uint32_t gen_bits;
+		uint32_t specific_bits;
+	} dir_mappings[] = {
+		{ 0,                   0 },
+		{ SEC_GENERIC_READ,    SEC_RIGHTS_DIR_READ },
+		{ SEC_GENERIC_WRITE,   SEC_RIGHTS_DIR_WRITE },
+		{ SEC_GENERIC_EXECUTE, SEC_RIGHTS_DIR_EXECUTE },
+		{ SEC_GENERIC_ALL,     SEC_RIGHTS_DIR_ALL }
+	};
+	bool has_restore_privilege = false;
+	bool has_take_ownership_privilege = false;
+
+	if (!smb2_util_setup_dir(tctx, tree, BASEDIR))
+		return false;
+
+	torture_comment(tctx, "TESTING FILE GENERIC BITS\n");
+
+	ZERO_STRUCT(io);
+	io.level = RAW_OPEN_SMB2;
+	io.in.create_flags = 0;
+	io.in.desired_access =
+		SEC_STD_READ_CONTROL |
+		SEC_STD_WRITE_DAC |
+		SEC_STD_WRITE_OWNER;
+	io.in.create_options = 0;
+	io.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.in.share_access =
+		NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.in.alloc_size = 0;
+	io.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.in.security_flags = 0;
+	io.in.fname = fname;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	handle = io.out.file.handle;
+
+	torture_comment(tctx, "get the original sd\n");
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.handle = handle;
+	q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+	status = smb2_getinfo_file(tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	sd_orig = q.query_secdesc.out.sd;
+
+	owner_sid = dom_sid_string(tctx, sd_orig->owner_sid);
+
+/*
+ * XXX: The smblsa calls use SMB as their transport - need to get rid of
+ * dependency.
+ */
+/*
+	status = smblsa_sid_check_privilege(cli,
+					    owner_sid,
+					    sec_privilege_name(SEC_PRIV_RESTORE));
+	has_restore_privilege = NT_STATUS_IS_OK(status);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_warning(tctx, "smblsa_sid_check_privilege - %s\n", nt_errstr(status));
+	}
+	torture_comment(tctx, "SEC_PRIV_RESTORE - %s\n", has_restore_privilege?"Yes":"No");
+
+	status = smblsa_sid_check_privilege(cli,
+					    owner_sid,
+					    sec_privilege_name(SEC_PRIV_TAKE_OWNERSHIP));
+	has_take_ownership_privilege = NT_STATUS_IS_OK(status);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_warning(tctx, "smblsa_sid_check_privilege - %s\n", nt_errstr(status));
+	}
+	torture_comment(tctx, "SEC_PRIV_TAKE_OWNERSHIP - %s\n", has_take_ownership_privilege?"Yes":"No");
+*/
+
+	for (i=0;i<ARRAY_SIZE(file_mappings);i++) {
+		uint32_t expected_mask =
+			SEC_STD_WRITE_DAC |
+			SEC_STD_READ_CONTROL |
+			SEC_FILE_READ_ATTRIBUTE |
+			SEC_STD_DELETE;
+		uint32_t expected_mask_anon = SEC_FILE_READ_ATTRIBUTE;
+
+		if (has_restore_privilege) {
+			expected_mask_anon |= SEC_STD_DELETE;
+		}
+
+		torture_comment(tctx, "Testing generic bits 0x%08x\n",
+		       file_mappings[i].gen_bits);
+		sd = security_descriptor_dacl_create(tctx,
+						0, owner_sid, NULL,
+						owner_sid,
+						SEC_ACE_TYPE_ACCESS_ALLOWED,
+						file_mappings[i].gen_bits,
+						0,
+						NULL);
+
+		set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+		set.set_secdesc.in.file.handle = handle;
+		set.set_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+		set.set_secdesc.in.sd = sd;
+
+		status = smb2_setinfo_file(tree, &set);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		sd2 = security_descriptor_dacl_create(tctx,
+						 0, owner_sid, NULL,
+						 owner_sid,
+						 SEC_ACE_TYPE_ACCESS_ALLOWED,
+						 file_mappings[i].specific_bits,
+						 0,
+						 NULL);
+
+		status = smb2_getinfo_file(tree, tctx, &q);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		CHECK_SECURITY_DESCRIPTOR(q.query_secdesc.out.sd, sd2);
+
+		io.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED;
+		status = smb2_create(tree, tctx, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		CHECK_ACCESS_FLAGS(io.out.file.handle,
+				   expected_mask | file_mappings[i].specific_bits);
+		smb2_util_close(tree, io.out.file.handle);
+
+		if (!has_take_ownership_privilege) {
+			continue;
+		}
+
+		torture_comment(tctx, "Testing generic bits 0x%08x (anonymous)\n",
+		       file_mappings[i].gen_bits);
+		sd = security_descriptor_dacl_create(tctx,
+						0, SID_NT_ANONYMOUS, NULL,
+						owner_sid,
+						SEC_ACE_TYPE_ACCESS_ALLOWED,
+						file_mappings[i].gen_bits,
+						0,
+						NULL);
+
+		set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+		set.set_secdesc.in.file.handle = handle;
+		set.set_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+		set.set_secdesc.in.sd = sd;
+
+		status = smb2_setinfo_file(tree, &set);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		sd2 = security_descriptor_dacl_create(tctx,
+						 0, SID_NT_ANONYMOUS, NULL,
+						 owner_sid,
+						 SEC_ACE_TYPE_ACCESS_ALLOWED,
+						 file_mappings[i].specific_bits,
+						 0,
+						 NULL);
+
+		status = smb2_getinfo_file(tree, tctx, &q);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		CHECK_SECURITY_DESCRIPTOR(q.query_secdesc.out.sd, sd2);
+
+		io.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED;
+		status = smb2_create(tree, tctx, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		CHECK_ACCESS_FLAGS(io.out.file.handle,
+				   expected_mask_anon | file_mappings[i].specific_bits);
+		smb2_util_close(tree, io.out.file.handle);
+	}
+
+	torture_comment(tctx, "put back original sd\n");
+	set.set_secdesc.in.sd = sd_orig;
+	status = smb2_setinfo_file(tree, &set);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	smb2_util_close(tree, handle);
+	smb2_util_unlink(tree, fname);
+
+
+	torture_comment(tctx, "TESTING DIR GENERIC BITS\n");
+
+	ZERO_STRUCT(io);
+	io.level = RAW_OPEN_SMB2;
+	io.in.create_flags = 0;
+	io.in.desired_access =
+		SEC_STD_READ_CONTROL |
+		SEC_STD_WRITE_DAC |
+		SEC_STD_WRITE_OWNER;
+	io.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
+	io.in.share_access =
+		NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.in.alloc_size = 0;
+	io.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.in.security_flags = 0;
+	io.in.fname = fname;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	handle = io.out.file.handle;
+
+	torture_comment(tctx, "get the original sd\n");
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.handle = handle;
+	q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+	status = smb2_getinfo_file(tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	sd_orig = q.query_secdesc.out.sd;
+
+	owner_sid = dom_sid_string(tctx, sd_orig->owner_sid);
+
+/*
+ * XXX: The smblsa calls use SMB as their transport - need to get rid of
+ * dependency.
+ */
+/*
+	status = smblsa_sid_check_privilege(cli,
+					    owner_sid,
+					    sec_privilege_name(SEC_PRIV_RESTORE));
+	has_restore_privilege = NT_STATUS_IS_OK(status);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_warning(tctx, "smblsa_sid_check_privilege - %s\n", nt_errstr(status));
+	}
+	torture_comment(tctx, "SEC_PRIV_RESTORE - %s\n", has_restore_privilege?"Yes":"No");
+
+	status = smblsa_sid_check_privilege(cli,
+					    owner_sid,
+					    sec_privilege_name(SEC_PRIV_TAKE_OWNERSHIP));
+	has_take_ownership_privilege = NT_STATUS_IS_OK(status);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_warning(tctx, "smblsa_sid_check_privilege - %s\n", nt_errstr(status));
+	}
+	torture_comment(tctx, "SEC_PRIV_TAKE_OWNERSHIP - %s\n", has_take_ownership_privilege?"Yes":"No");
+
+*/
+	for (i=0;i<ARRAY_SIZE(dir_mappings);i++) {
+		uint32_t expected_mask =
+			SEC_STD_WRITE_DAC |
+			SEC_STD_READ_CONTROL |
+			SEC_FILE_READ_ATTRIBUTE |
+			SEC_STD_DELETE;
+		uint32_t expected_mask_anon = SEC_FILE_READ_ATTRIBUTE;
+
+		if (has_restore_privilege) {
+			expected_mask_anon |= SEC_STD_DELETE;
+		}
+
+		torture_comment(tctx, "Testing generic bits 0x%08x\n",
+		       file_mappings[i].gen_bits);
+		sd = security_descriptor_dacl_create(tctx,
+						0, owner_sid, NULL,
+						owner_sid,
+						SEC_ACE_TYPE_ACCESS_ALLOWED,
+						dir_mappings[i].gen_bits,
+						0,
+						NULL);
+
+		set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+		set.set_secdesc.in.file.handle = handle;
+		set.set_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+		set.set_secdesc.in.sd = sd;
+
+		status = smb2_setinfo_file(tree, &set);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		sd2 = security_descriptor_dacl_create(tctx,
+						 0, owner_sid, NULL,
+						 owner_sid,
+						 SEC_ACE_TYPE_ACCESS_ALLOWED,
+						 dir_mappings[i].specific_bits,
+						 0,
+						 NULL);
+
+		status = smb2_getinfo_file(tree, tctx, &q);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		CHECK_SECURITY_DESCRIPTOR(q.query_secdesc.out.sd, sd2);
+
+		io.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED;
+		status = smb2_create(tree, tctx, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		CHECK_ACCESS_FLAGS(io.out.file.handle,
+				   expected_mask | dir_mappings[i].specific_bits);
+		smb2_util_close(tree, io.out.file.handle);
+
+		if (!has_take_ownership_privilege) {
+			continue;
+		}
+
+		torture_comment(tctx, "Testing generic bits 0x%08x (anonymous)\n",
+		       file_mappings[i].gen_bits);
+		sd = security_descriptor_dacl_create(tctx,
+						0, SID_NT_ANONYMOUS, NULL,
+						owner_sid,
+						SEC_ACE_TYPE_ACCESS_ALLOWED,
+						file_mappings[i].gen_bits,
+						0,
+						NULL);
+
+		set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+		set.set_secdesc.in.file.handle = handle;
+		set.set_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+		set.set_secdesc.in.sd = sd;
+
+		status = smb2_setinfo_file(tree, &set);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		sd2 = security_descriptor_dacl_create(tctx,
+						 0, SID_NT_ANONYMOUS, NULL,
+						 owner_sid,
+						 SEC_ACE_TYPE_ACCESS_ALLOWED,
+						 file_mappings[i].specific_bits,
+						 0,
+						 NULL);
+
+		status = smb2_getinfo_file(tree, tctx, &q);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		CHECK_SECURITY_DESCRIPTOR(q.query_secdesc.out.sd, sd2);
+
+		io.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED;
+		status = smb2_create(tree, tctx, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		CHECK_ACCESS_FLAGS(io.out.file.handle,
+				   expected_mask_anon | dir_mappings[i].specific_bits);
+		smb2_util_close(tree, io.out.file.handle);
+	}
+
+	torture_comment(tctx, "put back original sd\n");
+	set.set_secdesc.in.sd = sd_orig;
+	status = smb2_setinfo_file(tree, &set);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	smb2_util_close(tree, handle);
+	smb2_util_unlink(tree, fname);
+
+done:
+	smb2_util_close(tree, handle);
+	smb2_deltree(tree, BASEDIR);
+	smb2_tdis(tree);
+	smb2_logoff(tree->session);
+	return ret;
+}
+
+
+/*
+  see what access bits the owner of a file always gets
+  Note: This test was copied from raw/acls.c.
+*/
+static bool test_owner_bits(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	struct smb2_create io;
+	const char *fname = BASEDIR "\\test_owner_bits.txt";
+	bool ret = true;
+	struct smb2_handle handle = {{0}};
+	int i;
+	union smb_fileinfo q;
+	union smb_setfileinfo set;
+	struct security_descriptor *sd, *sd_orig;
+	const char *owner_sid;
+	uint32_t expected_bits;
+
+	if (!smb2_util_setup_dir(tctx, tree, BASEDIR))
+		return false;
+
+	torture_comment(tctx, "TESTING FILE OWNER BITS\n");
+
+	ZERO_STRUCT(io);
+	io.level = RAW_OPEN_SMB2;
+	io.in.create_flags = 0;
+	io.in.desired_access =
+		SEC_STD_READ_CONTROL |
+		SEC_STD_WRITE_DAC |
+		SEC_STD_WRITE_OWNER;
+	io.in.create_options = 0;
+	io.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.in.share_access =
+		NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.in.alloc_size = 0;
+	io.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.in.security_flags = 0;
+	io.in.fname = fname;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	handle = io.out.file.handle;
+
+	torture_comment(tctx, "get the original sd\n");
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.handle = handle;
+	q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+	status = smb2_getinfo_file(tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	sd_orig = q.query_secdesc.out.sd;
+
+	owner_sid = dom_sid_string(tctx, sd_orig->owner_sid);
+
+/*
+ * XXX: The smblsa calls use SMB as their transport - need to get rid of
+ * dependency.
+ */
+/*
+	status = smblsa_sid_check_privilege(cli,
+					    owner_sid,
+					    sec_privilege_name(SEC_PRIV_RESTORE));
+	has_restore_privilege = NT_STATUS_IS_OK(status);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_warning(tctx, "smblsa_sid_check_privilege - %s\n", nt_errstr(status));
+	}
+	torture_comment(tctx, "SEC_PRIV_RESTORE - %s\n", has_restore_privilege?"Yes":"No");
+
+	status = smblsa_sid_check_privilege(cli,
+					    owner_sid,
+					    sec_privilege_name(SEC_PRIV_TAKE_OWNERSHIP));
+	has_take_ownership_privilege = NT_STATUS_IS_OK(status);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_warning(tctx, "smblsa_sid_check_privilege - %s\n", nt_errstr(status));
+	}
+	torture_comment(tctx, "SEC_PRIV_TAKE_OWNERSHIP - %s\n", has_take_ownership_privilege?"Yes":"No");
+*/
+
+	sd = security_descriptor_dacl_create(tctx,
+					0, NULL, NULL,
+					owner_sid,
+					SEC_ACE_TYPE_ACCESS_ALLOWED,
+					SEC_FILE_WRITE_DATA,
+					0,
+					NULL);
+
+	set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+	set.set_secdesc.in.file.handle = handle;
+	set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+	set.set_secdesc.in.sd = sd;
+
+	status = smb2_setinfo_file(tree, &set);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	expected_bits = SEC_FILE_WRITE_DATA | SEC_FILE_READ_ATTRIBUTE;
+
+	for (i=0;i<16;i++) {
+		uint32_t bit = (1<<i);
+		io.in.desired_access = bit;
+		status = smb2_create(tree, tctx, &io);
+		if (expected_bits & bit) {
+			if (!NT_STATUS_IS_OK(status)) {
+				torture_warning(tctx, "failed with access mask 0x%08x of expected 0x%08x\n",
+				       bit, expected_bits);
+			}
+			CHECK_STATUS(status, NT_STATUS_OK);
+			CHECK_ACCESS_FLAGS(io.out.file.handle, bit);
+			smb2_util_close(tree, io.out.file.handle);
+		} else {
+			if (NT_STATUS_IS_OK(status)) {
+				torture_warning(tctx, "open succeeded with access mask 0x%08x of "
+					"expected 0x%08x - should fail\n",
+				       bit, expected_bits);
+			}
+			CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+		}
+	}
+
+	torture_comment(tctx, "put back original sd\n");
+	set.set_secdesc.in.sd = sd_orig;
+	status = smb2_setinfo_file(tree, &set);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+done:
+	smb2_util_close(tree, handle);
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, BASEDIR);
+	smb2_tdis(tree);
+	smb2_logoff(tree->session);
+	return ret;
+}
+
+
+
+/*
+  test the inheritance of ACL flags onto new files and directories
+  Note: This test was copied from raw/acls.c.
+*/
+static bool test_inheritance(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	struct smb2_create io;
+	const char *dname = BASEDIR "\\inheritance";
+	const char *fname1 = BASEDIR "\\inheritance\\testfile";
+	const char *fname2 = BASEDIR "\\inheritance\\testdir";
+	bool ret = true;
+	struct smb2_handle handle = {{0}};
+	struct smb2_handle handle2 = {{0}};
+	int i;
+	union smb_fileinfo q;
+	union smb_setfileinfo set;
+	struct security_descriptor *sd, *sd2, *sd_orig=NULL, *sd_def1, *sd_def2;
+	const char *owner_sid;
+	const struct dom_sid *creator_owner;
+	const struct {
+		uint32_t parent_flags;
+		uint32_t file_flags;
+		uint32_t dir_flags;
+	} test_flags[] = {
+		{
+			0,
+			0,
+			0
+		},
+		{
+			SEC_ACE_FLAG_OBJECT_INHERIT,
+			0,
+			SEC_ACE_FLAG_OBJECT_INHERIT |
+			SEC_ACE_FLAG_INHERIT_ONLY,
+		},
+		{
+			SEC_ACE_FLAG_CONTAINER_INHERIT,
+			0,
+			SEC_ACE_FLAG_CONTAINER_INHERIT,
+		},
+		{
+			SEC_ACE_FLAG_OBJECT_INHERIT |
+			SEC_ACE_FLAG_CONTAINER_INHERIT,
+			0,
+			SEC_ACE_FLAG_OBJECT_INHERIT |
+			SEC_ACE_FLAG_CONTAINER_INHERIT,
+		},
+		{
+			SEC_ACE_FLAG_NO_PROPAGATE_INHERIT,
+			0,
+			0,
+		},
+		{
+			SEC_ACE_FLAG_NO_PROPAGATE_INHERIT |
+			SEC_ACE_FLAG_OBJECT_INHERIT,
+			0,
+			0,
+		},
+		{
+			SEC_ACE_FLAG_NO_PROPAGATE_INHERIT |
+			SEC_ACE_FLAG_CONTAINER_INHERIT,
+			0,
+			0,
+		},
+		{
+			SEC_ACE_FLAG_NO_PROPAGATE_INHERIT |
+			SEC_ACE_FLAG_CONTAINER_INHERIT |
+			SEC_ACE_FLAG_OBJECT_INHERIT,
+			0,
+			0,
+		},
+		{
+			SEC_ACE_FLAG_INHERIT_ONLY,
+			0,
+			0,
+		},
+		{
+			SEC_ACE_FLAG_INHERIT_ONLY |
+			SEC_ACE_FLAG_OBJECT_INHERIT,
+			0,
+			SEC_ACE_FLAG_OBJECT_INHERIT |
+			SEC_ACE_FLAG_INHERIT_ONLY,
+		},
+		{
+			SEC_ACE_FLAG_INHERIT_ONLY |
+			SEC_ACE_FLAG_CONTAINER_INHERIT,
+			0,
+			SEC_ACE_FLAG_CONTAINER_INHERIT,
+		},
+		{
+			SEC_ACE_FLAG_INHERIT_ONLY |
+			SEC_ACE_FLAG_CONTAINER_INHERIT |
+			SEC_ACE_FLAG_OBJECT_INHERIT,
+			0,
+			SEC_ACE_FLAG_CONTAINER_INHERIT |
+			SEC_ACE_FLAG_OBJECT_INHERIT,
+		},
+		{
+			SEC_ACE_FLAG_INHERIT_ONLY |
+			SEC_ACE_FLAG_NO_PROPAGATE_INHERIT,
+			0,
+			0,
+		},
+		{
+			SEC_ACE_FLAG_INHERIT_ONLY |
+			SEC_ACE_FLAG_NO_PROPAGATE_INHERIT |
+			SEC_ACE_FLAG_OBJECT_INHERIT,
+			0,
+			0,
+		},
+		{
+			SEC_ACE_FLAG_INHERIT_ONLY |
+			SEC_ACE_FLAG_NO_PROPAGATE_INHERIT |
+			SEC_ACE_FLAG_CONTAINER_INHERIT,
+			0,
+			0,
+		},
+		{
+			SEC_ACE_FLAG_INHERIT_ONLY |
+			SEC_ACE_FLAG_NO_PROPAGATE_INHERIT |
+			SEC_ACE_FLAG_CONTAINER_INHERIT |
+			SEC_ACE_FLAG_OBJECT_INHERIT,
+			0,
+			0,
+		}
+	};
+
+	if (!smb2_util_setup_dir(tctx, tree, BASEDIR))
+		return false;
+
+	torture_comment(tctx, "TESTING ACL INHERITANCE\n");
+
+	ZERO_STRUCT(io);
+	io.level = RAW_OPEN_SMB2;
+	io.in.create_flags = 0;
+	io.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
+	io.in.share_access = 0;
+	io.in.alloc_size = 0;
+	io.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.in.security_flags = 0;
+	io.in.fname = dname;
+
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	handle = io.out.file.handle;
+
+	torture_comment(tctx, "get the original sd\n");
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.handle = handle;
+	q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+	status = smb2_getinfo_file(tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	sd_orig = q.query_secdesc.out.sd;
+
+	owner_sid = dom_sid_string(tctx, sd_orig->owner_sid);
+
+	torture_comment(tctx, "owner_sid is %s\n", owner_sid);
+
+	/*
+	 * The Windows Default ACL for a new file, when there is no ACL to be
+	 * inherited: FullControl for the owner and SYSTEM.
+	 */
+	sd_def1 = security_descriptor_dacl_create(tctx,
+					    0, owner_sid, NULL,
+					    owner_sid,
+					    SEC_ACE_TYPE_ACCESS_ALLOWED,
+					    SEC_RIGHTS_FILE_ALL,
+					    0,
+					    SID_NT_SYSTEM,
+					    SEC_ACE_TYPE_ACCESS_ALLOWED,
+					    SEC_RIGHTS_FILE_ALL,
+					    0,
+					    NULL);
+
+	/*
+	 * Use this in the case the system being tested does not add an ACE for
+	 * the SYSTEM SID.
+	 */
+	sd_def2 = security_descriptor_dacl_create(tctx,
+					    0, owner_sid, NULL,
+					    owner_sid,
+					    SEC_ACE_TYPE_ACCESS_ALLOWED,
+					    SEC_RIGHTS_FILE_ALL,
+					    0,
+					    NULL);
+
+	creator_owner = dom_sid_parse_talloc(tctx, SID_CREATOR_OWNER);
+
+	for (i=0;i<ARRAY_SIZE(test_flags);i++) {
+		sd = security_descriptor_dacl_create(tctx,
+						0, NULL, NULL,
+						SID_CREATOR_OWNER,
+						SEC_ACE_TYPE_ACCESS_ALLOWED,
+						SEC_FILE_WRITE_DATA,
+						test_flags[i].parent_flags,
+						SID_WORLD,
+						SEC_ACE_TYPE_ACCESS_ALLOWED,
+						SEC_FILE_ALL | SEC_STD_ALL,
+						0,
+						NULL);
+		set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+		set.set_secdesc.in.file.handle = handle;
+		set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+		set.set_secdesc.in.sd = sd;
+		status = smb2_setinfo_file(tree, &set);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		io.in.fname = fname1;
+		io.in.create_options = 0;
+		status = smb2_create(tree, tctx, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		handle2 = io.out.file.handle;
+
+		q.query_secdesc.in.file.handle = handle2;
+		status = smb2_getinfo_file(tree, tctx, &q);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		smb2_util_close(tree, handle2);
+		smb2_util_unlink(tree, fname1);
+
+		if (!(test_flags[i].parent_flags & SEC_ACE_FLAG_OBJECT_INHERIT)) {
+			if (!security_descriptor_equal(q.query_secdesc.out.sd, sd_def1) &&
+			    !security_descriptor_equal(q.query_secdesc.out.sd, sd_def2)) {
+				torture_warning(tctx, "Expected default sd:\n");
+				NDR_PRINT_DEBUG(security_descriptor, sd_def1);
+				torture_warning(tctx, "at %d - got:\n", i);
+				NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd);
+			}
+			goto check_dir;
+		}
+
+		if (q.query_secdesc.out.sd->dacl == NULL ||
+		    q.query_secdesc.out.sd->dacl->num_aces != 1 ||
+		    q.query_secdesc.out.sd->dacl->aces[0].access_mask != SEC_FILE_WRITE_DATA ||
+		    !dom_sid_equal(&q.query_secdesc.out.sd->dacl->aces[0].trustee,
+				   sd_orig->owner_sid)) {
+			torture_warning(tctx, "Bad sd in child file at %d\n", i);
+			NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd);
+			ret = false;
+			goto check_dir;
+		}
+
+		if (q.query_secdesc.out.sd->dacl->aces[0].flags !=
+		    test_flags[i].file_flags) {
+			torture_warning(tctx, "incorrect file_flags 0x%x - expected 0x%x for parent 0x%x with (i=%d)\n",
+			       q.query_secdesc.out.sd->dacl->aces[0].flags,
+			       test_flags[i].file_flags,
+			       test_flags[i].parent_flags,
+			       i);
+			ret = false;
+		}
+
+	check_dir:
+		io.in.fname = fname2;
+		io.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+		status = smb2_create(tree, tctx, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		handle2 = io.out.file.handle;
+
+		q.query_secdesc.in.file.handle = handle2;
+		status = smb2_getinfo_file(tree, tctx, &q);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		smb2_util_close(tree, handle2);
+		smb2_util_rmdir(tree, fname2);
+
+		if (!(test_flags[i].parent_flags & SEC_ACE_FLAG_CONTAINER_INHERIT) &&
+		    (!(test_flags[i].parent_flags & SEC_ACE_FLAG_OBJECT_INHERIT) ||
+		     (test_flags[i].parent_flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT))) {
+			if (!security_descriptor_equal(q.query_secdesc.out.sd, sd_def1) &&
+			    !security_descriptor_equal(q.query_secdesc.out.sd, sd_def2)) {
+				torture_warning(tctx, "Expected default sd for dir at %d:\n", i);
+				NDR_PRINT_DEBUG(security_descriptor, sd_def1);
+				torture_warning(tctx, "got:\n");
+				NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd);
+			}
+			continue;
+		}
+
+		if ((test_flags[i].parent_flags & SEC_ACE_FLAG_CONTAINER_INHERIT) &&
+		    (test_flags[i].parent_flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT)) {
+			if (q.query_secdesc.out.sd->dacl == NULL ||
+			    q.query_secdesc.out.sd->dacl->num_aces != 1 ||
+			    q.query_secdesc.out.sd->dacl->aces[0].access_mask != SEC_FILE_WRITE_DATA ||
+			    !dom_sid_equal(&q.query_secdesc.out.sd->dacl->aces[0].trustee,
+					   sd_orig->owner_sid) ||
+			    q.query_secdesc.out.sd->dacl->aces[0].flags != test_flags[i].dir_flags) {
+				torture_warning(tctx, "(CI & NP) Bad sd in child dir - expected 0x%x for parent 0x%x (i=%d)\n",
+				       test_flags[i].dir_flags,
+				       test_flags[i].parent_flags, i);
+				NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd);
+				torture_warning(tctx, "FYI, here is the parent sd:\n");
+				NDR_PRINT_DEBUG(security_descriptor, sd);
+				ret = false;
+				continue;
+			}
+		} else if (test_flags[i].parent_flags & SEC_ACE_FLAG_CONTAINER_INHERIT) {
+			if (q.query_secdesc.out.sd->dacl == NULL ||
+			    q.query_secdesc.out.sd->dacl->num_aces != 2 ||
+			    q.query_secdesc.out.sd->dacl->aces[0].access_mask != SEC_FILE_WRITE_DATA ||
+			    !dom_sid_equal(&q.query_secdesc.out.sd->dacl->aces[0].trustee,
+					   sd_orig->owner_sid) ||
+			    q.query_secdesc.out.sd->dacl->aces[1].access_mask != SEC_FILE_WRITE_DATA ||
+			    !dom_sid_equal(&q.query_secdesc.out.sd->dacl->aces[1].trustee,
+					   creator_owner) ||
+			    q.query_secdesc.out.sd->dacl->aces[0].flags != 0 ||
+			    q.query_secdesc.out.sd->dacl->aces[1].flags !=
+			    (test_flags[i].dir_flags | SEC_ACE_FLAG_INHERIT_ONLY)) {
+				torture_warning(tctx, "(CI) Bad sd in child dir - expected 0x%x for parent 0x%x (i=%d)\n",
+				       test_flags[i].dir_flags,
+				       test_flags[i].parent_flags, i);
+				NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd);
+				torture_warning(tctx, "FYI, here is the parent sd:\n");
+				NDR_PRINT_DEBUG(security_descriptor, sd);
+				ret = false;
+				continue;
+			}
+		} else {
+			if (q.query_secdesc.out.sd->dacl == NULL ||
+			    q.query_secdesc.out.sd->dacl->num_aces != 1 ||
+			    q.query_secdesc.out.sd->dacl->aces[0].access_mask != SEC_FILE_WRITE_DATA ||
+			    !dom_sid_equal(&q.query_secdesc.out.sd->dacl->aces[0].trustee,
+					   creator_owner) ||
+			    q.query_secdesc.out.sd->dacl->aces[0].flags != test_flags[i].dir_flags) {
+				torture_warning(tctx, "(0) Bad sd in child dir - expected 0x%x for parent 0x%x (i=%d)\n",
+				       test_flags[i].dir_flags,
+				       test_flags[i].parent_flags, i);
+				NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd);
+				torture_warning(tctx, "FYI, here is the parent sd:\n");
+				NDR_PRINT_DEBUG(security_descriptor, sd);
+				ret = false;
+				continue;
+			}
+		}
+	}
+
+	torture_comment(tctx, "Testing access checks on inherited create with %s\n", fname1);
+	sd = security_descriptor_dacl_create(tctx,
+					0, NULL, NULL,
+					owner_sid,
+					SEC_ACE_TYPE_ACCESS_ALLOWED,
+					SEC_FILE_WRITE_DATA | SEC_STD_WRITE_DAC,
+					SEC_ACE_FLAG_OBJECT_INHERIT,
+					SID_WORLD,
+					SEC_ACE_TYPE_ACCESS_ALLOWED,
+					SEC_FILE_ALL | SEC_STD_ALL,
+					0,
+					NULL);
+	set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+	set.set_secdesc.in.file.handle = handle;
+	set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+	set.set_secdesc.in.sd = sd;
+	status = smb2_setinfo_file(tree, &set);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Check DACL we just set. */
+	torture_comment(tctx, "checking new sd\n");
+	q.query_secdesc.in.file.handle = handle;
+	q.query_secdesc.in.secinfo_flags = SECINFO_DACL;
+	status = smb2_getinfo_file(tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_SECURITY_DESCRIPTOR(q.query_secdesc.out.sd, sd);
+
+	io.in.fname = fname1;
+	io.in.create_options = 0;
+	io.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.in.create_disposition = NTCREATEX_DISP_CREATE;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	handle2 = io.out.file.handle;
+	CHECK_ACCESS_FLAGS(handle2, SEC_RIGHTS_FILE_ALL);
+
+	q.query_secdesc.in.file.handle = handle2;
+	q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+	status = smb2_getinfo_file(tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, handle2);
+
+	sd2 = security_descriptor_dacl_create(tctx,
+					 0, owner_sid, NULL,
+					 owner_sid,
+					 SEC_ACE_TYPE_ACCESS_ALLOWED,
+					 SEC_FILE_WRITE_DATA | SEC_STD_WRITE_DAC,
+					 0,
+					 NULL);
+	CHECK_SECURITY_DESCRIPTOR(q.query_secdesc.out.sd, sd2);
+
+	io.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	status = smb2_create(tree, tctx, &io);
+	if (NT_STATUS_IS_OK(status)) {
+		torture_warning(tctx, "failed: w2k3 ACL bug (allowed open when ACL should deny)\n");
+		ret = false;
+		handle2 = io.out.file.handle;
+		CHECK_ACCESS_FLAGS(handle2, SEC_RIGHTS_FILE_ALL);
+		smb2_util_close(tree, handle2);
+	} else {
+		if (torture_setting_bool(tctx, "hide_on_access_denied",
+					 false)) {
+			CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+		} else {
+			CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+		}
+	}
+
+	torture_comment(tctx, "trying without execute\n");
+	io.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.in.desired_access = SEC_RIGHTS_FILE_ALL & ~SEC_FILE_EXECUTE;
+	status = smb2_create(tree, tctx, &io);
+	if (torture_setting_bool(tctx, "hide_on_access_denied", false)) {
+		CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+	} else {
+		CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+	}
+
+	torture_comment(tctx, "and with full permissions again\n");
+	io.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	status = smb2_create(tree, tctx, &io);
+	if (torture_setting_bool(tctx, "hide_on_access_denied", false)) {
+		CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+	} else {
+		CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+	}
+
+	io.in.desired_access = SEC_FILE_WRITE_DATA;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	handle2 = io.out.file.handle;
+	CHECK_ACCESS_FLAGS(handle2, SEC_FILE_WRITE_DATA);
+	smb2_util_close(tree, handle2);
+
+	torture_comment(tctx, "put back original sd\n");
+	set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+	set.set_secdesc.in.file.handle = handle;
+	set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+	set.set_secdesc.in.sd = sd_orig;
+	status = smb2_setinfo_file(tree, &set);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	smb2_util_close(tree, handle);
+
+	io.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	status = smb2_create(tree, tctx, &io);
+	if (torture_setting_bool(tctx, "hide_on_access_denied", false)) {
+		CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+	} else {
+		CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+	}
+
+	io.in.desired_access = SEC_FILE_WRITE_DATA;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	handle2 = io.out.file.handle;
+	CHECK_ACCESS_FLAGS(handle2, SEC_FILE_WRITE_DATA);
+	smb2_util_close(tree, handle2);
+
+	smb2_util_unlink(tree, fname1);
+	smb2_util_rmdir(tree, dname);
+
+done:
+	if (sd_orig != NULL) {
+		set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+		set.set_secdesc.in.file.handle = handle;
+		set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+		set.set_secdesc.in.sd = sd_orig;
+		status = smb2_setinfo_file(tree, &set);
+	}
+
+	smb2_util_close(tree, handle);
+	smb2_deltree(tree, BASEDIR);
+	smb2_tdis(tree);
+	smb2_logoff(tree->session);
+	return ret;
+}
+
+static bool test_inheritance_flags(struct torture_context *tctx,
+    struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	struct smb2_create io;
+	const char *dname = BASEDIR "\\inheritance";
+	const char *fname1 = BASEDIR "\\inheritance\\testfile";
+	bool ret = true;
+	struct smb2_handle handle = {{0}};
+	struct smb2_handle handle2 = {{0}};
+	int i, j;
+	union smb_fileinfo q;
+	union smb_setfileinfo set;
+	struct security_descriptor *sd, *sd2, *sd_orig=NULL;
+	const char *owner_sid;
+	struct {
+		uint32_t parent_set_sd_type; /* 3 options */
+		uint32_t parent_set_ace_inherit; /* 1 option */
+		uint32_t parent_get_sd_type;
+		uint32_t parent_get_ace_inherit;
+		uint32_t child_get_sd_type;
+		uint32_t child_get_ace_inherit;
+	} tflags[16] = {{0}}; /* 2^4 */
+
+	for (i = 0; i < 15; i++) {
+		torture_comment(tctx, "i=%d:", i);
+
+		if (i & 1) {
+			tflags[i].parent_set_sd_type |=
+			    SEC_DESC_DACL_AUTO_INHERITED;
+			torture_comment(tctx, "AUTO_INHERITED, ");
+		}
+		if (i & 2) {
+			tflags[i].parent_set_sd_type |=
+			    SEC_DESC_DACL_AUTO_INHERIT_REQ;
+			torture_comment(tctx, "AUTO_INHERIT_REQ, ");
+		}
+		if (i & 4) {
+			tflags[i].parent_set_sd_type |=
+			    SEC_DESC_DACL_PROTECTED;
+			torture_comment(tctx, "PROTECTED, ");
+			tflags[i].parent_get_sd_type |=
+			    SEC_DESC_DACL_PROTECTED;
+		}
+		if (i & 8) {
+			tflags[i].parent_set_ace_inherit |=
+			    SEC_ACE_FLAG_INHERITED_ACE;
+			torture_comment(tctx, "INHERITED, ");
+			tflags[i].parent_get_ace_inherit |=
+			    SEC_ACE_FLAG_INHERITED_ACE;
+		}
+
+		if ((tflags[i].parent_set_sd_type &
+		    (SEC_DESC_DACL_AUTO_INHERITED | SEC_DESC_DACL_AUTO_INHERIT_REQ)) ==
+		    (SEC_DESC_DACL_AUTO_INHERITED | SEC_DESC_DACL_AUTO_INHERIT_REQ)) {
+			tflags[i].parent_get_sd_type |=
+			    SEC_DESC_DACL_AUTO_INHERITED;
+			tflags[i].child_get_sd_type |=
+			    SEC_DESC_DACL_AUTO_INHERITED;
+			tflags[i].child_get_ace_inherit |=
+			    SEC_ACE_FLAG_INHERITED_ACE;
+			torture_comment(tctx, "  ... parent is AUTO INHERITED");
+		}
+
+		if (tflags[i].parent_set_ace_inherit &
+		    SEC_ACE_FLAG_INHERITED_ACE) {
+			tflags[i].parent_get_ace_inherit =
+			    SEC_ACE_FLAG_INHERITED_ACE;
+			torture_comment(tctx, "  ... parent ACE is INHERITED");
+		}
+
+		torture_comment(tctx, "\n");
+	}
+
+	if (!smb2_util_setup_dir(tctx, tree, BASEDIR))
+		return false;
+
+	torture_comment(tctx, "TESTING ACL INHERITANCE FLAGS\n");
+
+	ZERO_STRUCT(io);
+	io.level = RAW_OPEN_SMB2;
+	io.in.create_flags = 0;
+	io.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
+	io.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+	io.in.alloc_size = 0;
+	io.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.in.security_flags = 0;
+	io.in.fname = dname;
+
+	torture_comment(tctx, "creating initial directory %s\n", dname);
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	handle = io.out.file.handle;
+
+	torture_comment(tctx, "getting original sd\n");
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.handle = handle;
+	q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+	status = smb2_getinfo_file(tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	sd_orig = q.query_secdesc.out.sd;
+
+	owner_sid = dom_sid_string(tctx, sd_orig->owner_sid);
+	torture_comment(tctx, "owner_sid is %s\n", owner_sid);
+
+	for (i=0; i < ARRAY_SIZE(tflags); i++) {
+		torture_comment(tctx, "setting a new sd on directory, pass #%d\n", i);
+
+		sd = security_descriptor_dacl_create(tctx,
+						tflags[i].parent_set_sd_type,
+						NULL, NULL,
+						owner_sid,
+						SEC_ACE_TYPE_ACCESS_ALLOWED,
+						SEC_FILE_WRITE_DATA | SEC_STD_WRITE_DAC,
+						SEC_ACE_FLAG_OBJECT_INHERIT |
+						SEC_ACE_FLAG_CONTAINER_INHERIT |
+						tflags[i].parent_set_ace_inherit,
+						SID_WORLD,
+						SEC_ACE_TYPE_ACCESS_ALLOWED,
+						SEC_FILE_ALL | SEC_STD_ALL,
+						0,
+						NULL);
+		set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+		set.set_secdesc.in.file.handle = handle;
+		set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+		set.set_secdesc.in.sd = sd;
+		status = smb2_setinfo_file(tree, &set);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		/*
+		 * Check DACL we just set, except change the bits to what they
+		 * should be.
+		 */
+		torture_comment(tctx, "  checking new sd\n");
+
+		/* REQ bit should always be false. */
+		sd->type &= ~SEC_DESC_DACL_AUTO_INHERIT_REQ;
+
+		if ((tflags[i].parent_get_sd_type & SEC_DESC_DACL_AUTO_INHERITED) == 0)
+			sd->type &= ~SEC_DESC_DACL_AUTO_INHERITED;
+
+		q.query_secdesc.in.file.handle = handle;
+		q.query_secdesc.in.secinfo_flags = SECINFO_DACL;
+		status = smb2_getinfo_file(tree, tctx, &q);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		CHECK_SECURITY_DESCRIPTOR(q.query_secdesc.out.sd, sd);
+
+		/* Create file. */
+		torture_comment(tctx, "  creating file %s\n", fname1);
+		io.in.fname = fname1;
+		io.in.create_options = 0;
+		io.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+		io.in.desired_access = SEC_RIGHTS_FILE_ALL;
+		io.in.create_disposition = NTCREATEX_DISP_CREATE;
+		status = smb2_create(tree, tctx, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		handle2 = io.out.file.handle;
+		CHECK_ACCESS_FLAGS(handle2, SEC_RIGHTS_FILE_ALL);
+
+		q.query_secdesc.in.file.handle = handle2;
+		q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+		status = smb2_getinfo_file(tree, tctx, &q);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		torture_comment(tctx, "  checking sd on file %s\n", fname1);
+		sd2 = security_descriptor_dacl_create(tctx,
+						 tflags[i].child_get_sd_type,
+						 owner_sid, NULL,
+						 owner_sid,
+						 SEC_ACE_TYPE_ACCESS_ALLOWED,
+						 SEC_FILE_WRITE_DATA | SEC_STD_WRITE_DAC,
+						 tflags[i].child_get_ace_inherit,
+						 NULL);
+		CHECK_SECURITY_DESCRIPTOR(q.query_secdesc.out.sd, sd2);
+
+		/*
+		 * Set new sd on file ... prove that the bits have nothing to
+		 * do with the parents bits when manually setting an ACL. The
+		 * _AUTO_INHERITED bit comes directly from the ACL set.
+		 */
+		for (j = 0; j < ARRAY_SIZE(tflags); j++) {
+			torture_comment(tctx, "  setting new file sd, pass #%d\n", j);
+
+			/* Change sd type. */
+			sd2->type &= ~(SEC_DESC_DACL_AUTO_INHERITED |
+			    SEC_DESC_DACL_AUTO_INHERIT_REQ |
+			    SEC_DESC_DACL_PROTECTED);
+			sd2->type |= tflags[j].parent_set_sd_type;
+
+			sd2->dacl->aces[0].flags &=
+			    ~SEC_ACE_FLAG_INHERITED_ACE;
+			sd2->dacl->aces[0].flags |=
+			    tflags[j].parent_set_ace_inherit;
+
+			set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+			set.set_secdesc.in.file.handle = handle2;
+			set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+			set.set_secdesc.in.sd = sd2;
+			status = smb2_setinfo_file(tree, &set);
+			CHECK_STATUS(status, NT_STATUS_OK);
+
+			/* Check DACL we just set. */
+			sd2->type &= ~SEC_DESC_DACL_AUTO_INHERIT_REQ;
+			if ((tflags[j].parent_get_sd_type & SEC_DESC_DACL_AUTO_INHERITED) == 0)
+				sd2->type &= ~SEC_DESC_DACL_AUTO_INHERITED;
+
+			q.query_secdesc.in.file.handle = handle2;
+			q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+			status = smb2_getinfo_file(tree, tctx, &q);
+			CHECK_STATUS(status, NT_STATUS_OK);
+
+			CHECK_SECURITY_DESCRIPTOR(q.query_secdesc.out.sd, sd2);
+		}
+
+		smb2_util_close(tree, handle2);
+		smb2_util_unlink(tree, fname1);
+	}
+
+done:
+	smb2_util_close(tree, handle);
+	smb2_deltree(tree, BASEDIR);
+	smb2_tdis(tree);
+	smb2_logoff(tree->session);
+	return ret;
+}
+
+/*
+ * This is basically a copy of test_inheritance_flags() with an additional twist
+ * to change the owner of the testfile, verifying that the security descriptor
+ * flags are not altered.
+ */
+static bool test_sd_flags_vs_chown(struct torture_context *tctx,
+				   struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	struct smb2_create io;
+	const char *dname = BASEDIR "\\inheritance";
+	const char *fname1 = BASEDIR "\\inheritance\\testfile";
+	bool ret = true;
+	struct smb2_handle handle = {{0}};
+	struct smb2_handle handle2 = {{0}};
+	int i, j;
+	union smb_fileinfo q;
+	union smb_setfileinfo set;
+	struct security_descriptor *sd, *sd2, *sd_orig=NULL;
+	struct security_descriptor *owner_sd = NULL;
+	const char *owner_sid_string = NULL;
+	struct dom_sid *owner_sid = NULL;
+	struct dom_sid world_sid = global_sid_World;
+	struct {
+		uint32_t parent_set_sd_type; /* 3 options */
+		uint32_t parent_set_ace_inherit; /* 1 option */
+		uint32_t parent_get_sd_type;
+		uint32_t parent_get_ace_inherit;
+		uint32_t child_get_sd_type;
+		uint32_t child_get_ace_inherit;
+	} tflags[16] = {{0}}; /* 2^4 */
+
+	owner_sd = security_descriptor_dacl_create(tctx,
+						   0,
+						   SID_WORLD,
+						   NULL,
+						   NULL);
+	torture_assert_not_null_goto(tctx, owner_sd, ret, done,
+				     "security_descriptor_dacl_create failed\n");
+
+	for (i = 0; i < 15; i++) {
+		torture_comment(tctx, "i=%d:", i);
+
+		if (i & 1) {
+			tflags[i].parent_set_sd_type |=
+			    SEC_DESC_DACL_AUTO_INHERITED;
+			torture_comment(tctx, "AUTO_INHERITED, ");
+		}
+		if (i & 2) {
+			tflags[i].parent_set_sd_type |=
+			    SEC_DESC_DACL_AUTO_INHERIT_REQ;
+			torture_comment(tctx, "AUTO_INHERIT_REQ, ");
+		}
+		if (i & 4) {
+			tflags[i].parent_set_sd_type |=
+			    SEC_DESC_DACL_PROTECTED;
+			torture_comment(tctx, "PROTECTED, ");
+			tflags[i].parent_get_sd_type |=
+			    SEC_DESC_DACL_PROTECTED;
+		}
+		if (i & 8) {
+			tflags[i].parent_set_ace_inherit |=
+			    SEC_ACE_FLAG_INHERITED_ACE;
+			torture_comment(tctx, "INHERITED, ");
+			tflags[i].parent_get_ace_inherit |=
+			    SEC_ACE_FLAG_INHERITED_ACE;
+		}
+
+		if ((tflags[i].parent_set_sd_type &
+		    (SEC_DESC_DACL_AUTO_INHERITED | SEC_DESC_DACL_AUTO_INHERIT_REQ)) ==
+		    (SEC_DESC_DACL_AUTO_INHERITED | SEC_DESC_DACL_AUTO_INHERIT_REQ)) {
+			tflags[i].parent_get_sd_type |=
+			    SEC_DESC_DACL_AUTO_INHERITED;
+			tflags[i].child_get_sd_type |=
+			    SEC_DESC_DACL_AUTO_INHERITED;
+			tflags[i].child_get_ace_inherit |=
+			    SEC_ACE_FLAG_INHERITED_ACE;
+			torture_comment(tctx, "  ... parent is AUTO INHERITED");
+		}
+
+		if (tflags[i].parent_set_ace_inherit &
+		    SEC_ACE_FLAG_INHERITED_ACE) {
+			tflags[i].parent_get_ace_inherit =
+			    SEC_ACE_FLAG_INHERITED_ACE;
+			torture_comment(tctx, "  ... parent ACE is INHERITED");
+		}
+
+		torture_comment(tctx, "\n");
+	}
+
+	if (!smb2_util_setup_dir(tctx, tree, BASEDIR))
+		return false;
+
+	torture_comment(tctx, "TESTING ACL INHERITANCE FLAGS\n");
+
+	ZERO_STRUCT(io);
+	io.level = RAW_OPEN_SMB2;
+	io.in.create_flags = 0;
+	io.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
+	io.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+	io.in.alloc_size = 0;
+	io.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.in.security_flags = 0;
+	io.in.fname = dname;
+
+	torture_comment(tctx, "creating initial directory %s\n", dname);
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	handle = io.out.file.handle;
+
+	torture_comment(tctx, "getting original sd\n");
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.handle = handle;
+	q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+	status = smb2_getinfo_file(tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	sd_orig = q.query_secdesc.out.sd;
+
+	owner_sid = sd_orig->owner_sid;
+	owner_sid_string = dom_sid_string(tctx, sd_orig->owner_sid);
+	torture_comment(tctx, "owner_sid is %s\n", owner_sid_string);
+
+	for (i=0; i < ARRAY_SIZE(tflags); i++) {
+		torture_comment(tctx, "setting a new sd on directory, pass #%d\n", i);
+
+		sd = security_descriptor_dacl_create(tctx,
+						tflags[i].parent_set_sd_type,
+						NULL, NULL,
+						owner_sid_string,
+						SEC_ACE_TYPE_ACCESS_ALLOWED,
+						SEC_FILE_WRITE_DATA | SEC_STD_WRITE_DAC,
+						SEC_ACE_FLAG_OBJECT_INHERIT |
+						SEC_ACE_FLAG_CONTAINER_INHERIT |
+						tflags[i].parent_set_ace_inherit,
+						SID_WORLD,
+						SEC_ACE_TYPE_ACCESS_ALLOWED,
+						SEC_FILE_ALL | SEC_STD_ALL,
+						0,
+						NULL);
+		set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+		set.set_secdesc.in.file.handle = handle;
+		set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+		set.set_secdesc.in.sd = sd;
+		status = smb2_setinfo_file(tree, &set);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		/*
+		 * Check DACL we just set, except change the bits to what they
+		 * should be.
+		 */
+		torture_comment(tctx, "  checking new sd\n");
+
+		/* REQ bit should always be false. */
+		sd->type &= ~SEC_DESC_DACL_AUTO_INHERIT_REQ;
+
+		if ((tflags[i].parent_get_sd_type & SEC_DESC_DACL_AUTO_INHERITED) == 0)
+			sd->type &= ~SEC_DESC_DACL_AUTO_INHERITED;
+
+		q.query_secdesc.in.file.handle = handle;
+		q.query_secdesc.in.secinfo_flags = SECINFO_DACL;
+		status = smb2_getinfo_file(tree, tctx, &q);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		CHECK_SECURITY_DESCRIPTOR(q.query_secdesc.out.sd, sd);
+
+		/* Create file. */
+		torture_comment(tctx, "  creating file %s\n", fname1);
+		io.in.fname = fname1;
+		io.in.create_options = 0;
+		io.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+		io.in.desired_access = SEC_RIGHTS_FILE_ALL;
+		io.in.create_disposition = NTCREATEX_DISP_CREATE;
+		status = smb2_create(tree, tctx, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		handle2 = io.out.file.handle;
+		CHECK_ACCESS_FLAGS(handle2, SEC_RIGHTS_FILE_ALL);
+
+		q.query_secdesc.in.file.handle = handle2;
+		q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+		status = smb2_getinfo_file(tree, tctx, &q);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		torture_comment(tctx, "  checking sd on file %s\n", fname1);
+		sd2 = security_descriptor_dacl_create(tctx,
+						 tflags[i].child_get_sd_type,
+						 owner_sid_string, NULL,
+						 owner_sid_string,
+						 SEC_ACE_TYPE_ACCESS_ALLOWED,
+						 SEC_FILE_WRITE_DATA | SEC_STD_WRITE_DAC,
+						 tflags[i].child_get_ace_inherit,
+						 NULL);
+		CHECK_SECURITY_DESCRIPTOR(q.query_secdesc.out.sd, sd2);
+
+		/*
+		 * Set new sd on file ... prove that the bits have nothing to
+		 * do with the parents bits when manually setting an ACL. The
+		 * _AUTO_INHERITED bit comes directly from the ACL set.
+		 */
+		for (j = 0; j < ARRAY_SIZE(tflags); j++) {
+			torture_comment(tctx, "  setting new file sd, pass #%d\n", j);
+
+			/* Change sd type. */
+			sd2->type &= ~(SEC_DESC_DACL_AUTO_INHERITED |
+			    SEC_DESC_DACL_AUTO_INHERIT_REQ |
+			    SEC_DESC_DACL_PROTECTED);
+			sd2->type |= tflags[j].parent_set_sd_type;
+
+			sd2->dacl->aces[0].flags &=
+			    ~SEC_ACE_FLAG_INHERITED_ACE;
+			sd2->dacl->aces[0].flags |=
+			    tflags[j].parent_set_ace_inherit;
+
+			set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+			set.set_secdesc.in.file.handle = handle2;
+			set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+			set.set_secdesc.in.sd = sd2;
+			status = smb2_setinfo_file(tree, &set);
+			CHECK_STATUS(status, NT_STATUS_OK);
+
+			/* Check DACL we just set. */
+			sd2->type &= ~SEC_DESC_DACL_AUTO_INHERIT_REQ;
+			if ((tflags[j].parent_get_sd_type & SEC_DESC_DACL_AUTO_INHERITED) == 0)
+				sd2->type &= ~SEC_DESC_DACL_AUTO_INHERITED;
+
+			q.query_secdesc.in.file.handle = handle2;
+			q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+			status = smb2_getinfo_file(tree, tctx, &q);
+			CHECK_STATUS(status, NT_STATUS_OK);
+
+			CHECK_SECURITY_DESCRIPTOR(q.query_secdesc.out.sd, sd2);
+
+			/*
+			 * Check that changing owner doesn't affect SD flags.
+			 *
+			 * Do this by first changing owner to world and then
+			 * back to the original owner. Afterwards compare SD,
+			 * should be the same.
+			 */
+			owner_sd->owner_sid = &world_sid;
+			set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+			set.set_secdesc.in.file.handle = handle2;
+			set.set_secdesc.in.secinfo_flags = SECINFO_OWNER;
+			set.set_secdesc.in.sd = owner_sd;
+			status = smb2_setinfo_file(tree, &set);
+			CHECK_STATUS(status, NT_STATUS_OK);
+
+			owner_sd->owner_sid = owner_sid;
+			set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+			set.set_secdesc.in.file.handle = handle2;
+			set.set_secdesc.in.secinfo_flags = SECINFO_OWNER;
+			set.set_secdesc.in.sd = owner_sd;
+			status = smb2_setinfo_file(tree, &set);
+			CHECK_STATUS(status, NT_STATUS_OK);
+
+			q.query_secdesc.in.file.handle = handle2;
+			q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+			status = smb2_getinfo_file(tree, tctx, &q);
+			CHECK_STATUS(status, NT_STATUS_OK);
+
+			CHECK_SECURITY_DESCRIPTOR(q.query_secdesc.out.sd, sd2);
+			torture_assert_goto(tctx, ret, ret, done, "CHECK_SECURITY_DESCRIPTOR failed\n");
+		}
+
+		smb2_util_close(tree, handle2);
+		smb2_util_unlink(tree, fname1);
+	}
+
+done:
+	smb2_util_close(tree, handle);
+	smb2_deltree(tree, BASEDIR);
+	smb2_tdis(tree);
+	smb2_logoff(tree->session);
+	return ret;
+}
+
+/*
+  test dynamic acl inheritance
+  Note: This test was copied from raw/acls.c.
+*/
+static bool test_inheritance_dynamic(struct torture_context *tctx,
+    struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	struct smb2_create io;
+	const char *dname = BASEDIR "\\inheritance";
+	const char *fname1 = BASEDIR "\\inheritance\\testfile";
+	bool ret = true;
+	struct smb2_handle handle = {{0}};
+	struct smb2_handle handle2 = {{0}};
+	union smb_fileinfo q;
+	union smb_setfileinfo set;
+	struct security_descriptor *sd, *sd_orig=NULL;
+	const char *owner_sid;
+
+	torture_comment(tctx, "TESTING DYNAMIC ACL INHERITANCE\n");
+
+	if (!smb2_util_setup_dir(tctx, tree, BASEDIR))
+		return false;
+
+	ZERO_STRUCT(io);
+	io.level = RAW_OPEN_SMB2;
+	io.in.create_flags = 0;
+	io.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
+	io.in.share_access = 0;
+	io.in.alloc_size = 0;
+	io.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.in.security_flags = 0;
+	io.in.fname = dname;
+
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	handle = io.out.file.handle;
+
+	torture_comment(tctx, "get the original sd\n");
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.handle = handle;
+	q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+	status = smb2_getinfo_file(tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	sd_orig = q.query_secdesc.out.sd;
+
+	owner_sid = dom_sid_string(tctx, sd_orig->owner_sid);
+
+	torture_comment(tctx, "owner_sid is %s\n", owner_sid);
+
+	sd = security_descriptor_dacl_create(tctx,
+					0, NULL, NULL,
+					owner_sid,
+					SEC_ACE_TYPE_ACCESS_ALLOWED,
+					SEC_FILE_WRITE_DATA | SEC_STD_DELETE | SEC_FILE_READ_ATTRIBUTE,
+					SEC_ACE_FLAG_OBJECT_INHERIT,
+					NULL);
+	sd->type |= SEC_DESC_DACL_AUTO_INHERITED | SEC_DESC_DACL_AUTO_INHERIT_REQ;
+
+	set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+	set.set_secdesc.in.file.handle = handle;
+	set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+	set.set_secdesc.in.sd = sd;
+	status = smb2_setinfo_file(tree, &set);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "create a file with an inherited acl\n");
+	io.in.fname = fname1;
+	io.in.create_options = 0;
+	io.in.desired_access = SEC_FILE_READ_ATTRIBUTE;
+	io.in.create_disposition = NTCREATEX_DISP_CREATE;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	handle2 = io.out.file.handle;
+	smb2_util_close(tree, handle2);
+
+	torture_comment(tctx, "try and access file with base rights - should be OK\n");
+	io.in.desired_access = SEC_FILE_WRITE_DATA;
+	io.in.create_disposition = NTCREATEX_DISP_OPEN;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	handle2 = io.out.file.handle;
+	smb2_util_close(tree, handle2);
+
+	torture_comment(tctx, "try and access file with extra rights - should be denied\n");
+	io.in.desired_access = SEC_FILE_WRITE_DATA | SEC_FILE_EXECUTE;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	torture_comment(tctx, "update parent sd\n");
+	sd = security_descriptor_dacl_create(tctx,
+					0, NULL, NULL,
+					owner_sid,
+					SEC_ACE_TYPE_ACCESS_ALLOWED,
+					SEC_FILE_WRITE_DATA | SEC_STD_DELETE | SEC_FILE_READ_ATTRIBUTE | SEC_FILE_EXECUTE,
+					SEC_ACE_FLAG_OBJECT_INHERIT,
+					NULL);
+	sd->type |= SEC_DESC_DACL_AUTO_INHERITED | SEC_DESC_DACL_AUTO_INHERIT_REQ;
+
+	set.set_secdesc.in.sd = sd;
+	status = smb2_setinfo_file(tree, &set);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "try and access file with base rights - should be OK\n");
+	io.in.desired_access = SEC_FILE_WRITE_DATA;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	handle2 = io.out.file.handle;
+	smb2_util_close(tree, handle2);
+
+
+	torture_comment(tctx, "try and access now - should be OK if dynamic inheritance works\n");
+	io.in.desired_access = SEC_FILE_WRITE_DATA | SEC_FILE_EXECUTE;
+	status = smb2_create(tree, tctx, &io);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+		torture_comment(tctx, "Server does not have dynamic inheritance\n");
+	}
+	if (NT_STATUS_EQUAL(status, NT_STATUS_OK)) {
+		torture_comment(tctx, "Server does have dynamic inheritance\n");
+	}
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	smb2_util_unlink(tree, fname1);
+
+done:
+	torture_comment(tctx, "put back original sd\n");
+	set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+	set.set_secdesc.in.file.handle = handle;
+	set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+	set.set_secdesc.in.sd = sd_orig;
+	status = smb2_setinfo_file(tree, &set);
+
+	smb2_util_close(tree, handle);
+	smb2_util_rmdir(tree, dname);
+	smb2_deltree(tree, BASEDIR);
+	smb2_tdis(tree);
+	smb2_logoff(tree->session);
+
+	return ret;
+}
+
+#define CHECK_STATUS_FOR_BIT_ACTION(status, bits, action) do { \
+	if (!(bits & desired_64)) {\
+		CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); \
+		action; \
+	} else { \
+		CHECK_STATUS(status, NT_STATUS_OK); \
+	} \
+} while (0)
+
+#define CHECK_STATUS_FOR_BIT(status, bits, access) do { \
+	if (NT_STATUS_IS_OK(status)) { \
+		if (!(granted & access)) {\
+			ret = false; \
+			torture_result(tctx, TORTURE_FAIL, "(%s) %s but flags 0x%08X are not granted! granted[0x%08X] desired[0x%08X]\n", \
+			       __location__, nt_errstr(status), access, granted, desired); \
+			goto done; \
+		} \
+	} else { \
+		if (granted & access) {\
+			ret = false; \
+			torture_result(tctx, TORTURE_FAIL, "(%s) %s but flags 0x%08X are granted! granted[0x%08X] desired[0x%08X]\n", \
+			       __location__, nt_errstr(status), access, granted, desired); \
+			goto done; \
+		} \
+	} \
+	CHECK_STATUS_FOR_BIT_ACTION(status, bits, do {} while (0)); \
+} while (0)
+
+#if 0
+/* test what access mask is needed for getting and setting security_descriptors */
+/* Note: This test was copied from raw/acls.c. */
+static bool test_sd_get_set(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	bool ret = true;
+	struct smb2_create io;
+	union smb_fileinfo fi;
+	union smb_setfileinfo si;
+	struct security_descriptor *sd;
+	struct security_descriptor *sd_owner = NULL;
+	struct security_descriptor *sd_group = NULL;
+	struct security_descriptor *sd_dacl = NULL;
+	struct security_descriptor *sd_sacl = NULL;
+	struct smb2_handle handle;
+	const char *fname = BASEDIR "\\sd_get_set.txt";
+	uint64_t desired_64;
+	uint32_t desired = 0, granted;
+	int i = 0;
+#define NO_BITS_HACK (((uint64_t)1)<<32)
+	uint64_t open_bits =
+		SEC_MASK_GENERIC |
+		SEC_FLAG_SYSTEM_SECURITY |
+		SEC_FLAG_MAXIMUM_ALLOWED |
+		SEC_STD_ALL |
+		SEC_FILE_ALL |
+		NO_BITS_HACK;
+	uint64_t get_owner_bits = SEC_MASK_GENERIC | SEC_FLAG_MAXIMUM_ALLOWED | SEC_STD_READ_CONTROL;
+	uint64_t set_owner_bits = SEC_GENERIC_ALL  | SEC_FLAG_MAXIMUM_ALLOWED | SEC_STD_WRITE_OWNER;
+	uint64_t get_group_bits = SEC_MASK_GENERIC | SEC_FLAG_MAXIMUM_ALLOWED | SEC_STD_READ_CONTROL;
+	uint64_t set_group_bits = SEC_GENERIC_ALL  | SEC_FLAG_MAXIMUM_ALLOWED | SEC_STD_WRITE_OWNER;
+	uint64_t get_dacl_bits  = SEC_MASK_GENERIC | SEC_FLAG_MAXIMUM_ALLOWED | SEC_STD_READ_CONTROL;
+	uint64_t set_dacl_bits  = SEC_GENERIC_ALL  | SEC_FLAG_MAXIMUM_ALLOWED | SEC_STD_WRITE_DAC;
+	uint64_t get_sacl_bits  = SEC_FLAG_SYSTEM_SECURITY;
+	uint64_t set_sacl_bits  = SEC_FLAG_SYSTEM_SECURITY;
+
+	if (!smb2_util_setup_dir(tctx, tree, BASEDIR))
+		return false;
+
+	torture_comment(tctx, "TESTING ACCESS MASKS FOR SD GET/SET\n");
+
+	/* first create a file with full access for everyone */
+	sd = security_descriptor_dacl_create(tctx,
+					0, SID_NT_ANONYMOUS, SID_BUILTIN_USERS,
+					SID_WORLD,
+					SEC_ACE_TYPE_ACCESS_ALLOWED,
+					SEC_GENERIC_ALL,
+					0,
+					NULL);
+	sd->type |= SEC_DESC_SACL_PRESENT;
+	sd->sacl = NULL;
+	ZERO_STRUCT(io);
+	io.level = RAW_OPEN_SMB2;
+	io.in.create_flags = 0;
+	io.in.desired_access = SEC_GENERIC_ALL;
+	io.in.create_options = 0;
+	io.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	io.in.alloc_size = 0;
+	io.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+	io.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.in.security_flags = 0;
+	io.in.fname = fname;
+	io.in.sec_desc = sd;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	handle = io.out.file.handle;
+
+	status = smb2_util_close(tree, handle);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * now try each access_mask bit and no bit at all in a loop
+	 * and see what's allowed
+	 * NOTE: if i == 32 it means access_mask = 0 (see NO_BITS_HACK above)
+	 */
+	for (i=0; i <= 32; i++) {
+		desired_64 = ((uint64_t)1) << i;
+		desired = (uint32_t)desired_64;
+
+		/* first open the file with the desired access */
+		io.level = RAW_OPEN_SMB2;
+		io.in.desired_access = desired;
+		io.in.create_disposition = NTCREATEX_DISP_OPEN;
+		status = smb2_create(tree, tctx, &io);
+		CHECK_STATUS_FOR_BIT_ACTION(status, open_bits, goto next);
+		handle = io.out.file.handle;
+
+		/* then check what access was granted */
+		fi.access_information.level		= RAW_FILEINFO_ACCESS_INFORMATION;
+		fi.access_information.in.file.handle	= handle;
+		status = smb2_getinfo_file(tree, tctx, &fi);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		granted = fi.access_information.out.access_flags;
+
+		/* test the owner */
+		ZERO_STRUCT(fi);
+		fi.query_secdesc.level			= RAW_FILEINFO_SEC_DESC;
+		fi.query_secdesc.in.file.handle		= handle;
+		fi.query_secdesc.in.secinfo_flags	= SECINFO_OWNER;
+		status = smb2_getinfo_file(tree, tctx, &fi);
+		CHECK_STATUS_FOR_BIT(status, get_owner_bits, SEC_STD_READ_CONTROL);
+		if (fi.query_secdesc.out.sd) {
+			sd_owner = fi.query_secdesc.out.sd;
+		} else if (!sd_owner) {
+			sd_owner = sd;
+		}
+		si.set_secdesc.level			= RAW_SFILEINFO_SEC_DESC;
+		si.set_secdesc.in.file.handle		= handle;
+		si.set_secdesc.in.secinfo_flags		= SECINFO_OWNER;
+		si.set_secdesc.in.sd			= sd_owner;
+		status = smb2_setinfo_file(tree, &si);
+		CHECK_STATUS_FOR_BIT(status, set_owner_bits, SEC_STD_WRITE_OWNER);
+
+		/* test the group */
+		ZERO_STRUCT(fi);
+		fi.query_secdesc.level			= RAW_FILEINFO_SEC_DESC;
+		fi.query_secdesc.in.file.handle		= handle;
+		fi.query_secdesc.in.secinfo_flags	= SECINFO_GROUP;
+		status = smb2_getinfo_file(tree, tctx, &fi);
+		CHECK_STATUS_FOR_BIT(status, get_group_bits, SEC_STD_READ_CONTROL);
+		if (fi.query_secdesc.out.sd) {
+			sd_group = fi.query_secdesc.out.sd;
+		} else if (!sd_group) {
+			sd_group = sd;
+		}
+		si.set_secdesc.level			= RAW_SFILEINFO_SEC_DESC;
+		si.set_secdesc.in.file.handle		= handle;
+		si.set_secdesc.in.secinfo_flags		= SECINFO_GROUP;
+		si.set_secdesc.in.sd			= sd_group;
+		status = smb2_setinfo_file(tree, &si);
+		CHECK_STATUS_FOR_BIT(status, set_group_bits, SEC_STD_WRITE_OWNER);
+
+		/* test the DACL */
+		ZERO_STRUCT(fi);
+		fi.query_secdesc.level			= RAW_FILEINFO_SEC_DESC;
+		fi.query_secdesc.in.file.handle		= handle;
+		fi.query_secdesc.in.secinfo_flags	= SECINFO_DACL;
+		status = smb2_getinfo_file(tree, tctx, &fi);
+		CHECK_STATUS_FOR_BIT(status, get_dacl_bits, SEC_STD_READ_CONTROL);
+		if (fi.query_secdesc.out.sd) {
+			sd_dacl = fi.query_secdesc.out.sd;
+		} else if (!sd_dacl) {
+			sd_dacl = sd;
+		}
+		si.set_secdesc.level			= RAW_SFILEINFO_SEC_DESC;
+		si.set_secdesc.in.file.handle		= handle;
+		si.set_secdesc.in.secinfo_flags		= SECINFO_DACL;
+		si.set_secdesc.in.sd			= sd_dacl;
+		status = smb2_setinfo_file(tree, &si);
+		CHECK_STATUS_FOR_BIT(status, set_dacl_bits, SEC_STD_WRITE_DAC);
+
+		/* test the SACL */
+		ZERO_STRUCT(fi);
+		fi.query_secdesc.level			= RAW_FILEINFO_SEC_DESC;
+		fi.query_secdesc.in.file.handle		= handle;
+		fi.query_secdesc.in.secinfo_flags	= SECINFO_SACL;
+		status = smb2_getinfo_file(tree, tctx, &fi);
+		CHECK_STATUS_FOR_BIT(status, get_sacl_bits, SEC_FLAG_SYSTEM_SECURITY);
+		if (fi.query_secdesc.out.sd) {
+			sd_sacl = fi.query_secdesc.out.sd;
+		} else if (!sd_sacl) {
+			sd_sacl = sd;
+		}
+		si.set_secdesc.level			= RAW_SFILEINFO_SEC_DESC;
+		si.set_secdesc.in.file.handle		= handle;
+		si.set_secdesc.in.secinfo_flags		= SECINFO_SACL;
+		si.set_secdesc.in.sd			= sd_sacl;
+		status = smb2_setinfo_file(tree, &si);
+		CHECK_STATUS_FOR_BIT(status, set_sacl_bits, SEC_FLAG_SYSTEM_SECURITY);
+
+		/* close the handle */
+		status = smb2_util_close(tree, handle);
+		CHECK_STATUS(status, NT_STATUS_OK);
+next:
+		continue;
+	}
+
+done:
+	smb2_util_close(tree, handle);
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, BASEDIR);
+	smb2_tdis(tree);
+	smb2_logoff(tree->session);
+
+	return ret;
+}
+#endif
+
+static bool test_access_based(struct torture_context *tctx,
+				struct smb2_tree *tree)
+{
+	struct smb2_tree *tree1 = NULL;
+	NTSTATUS status;
+	struct smb2_create io;
+	const char *fname = BASEDIR "\\testfile";
+	bool ret = true;
+	struct smb2_handle fhandle, dhandle;
+	union smb_fileinfo q;
+	union smb_setfileinfo set;
+	struct security_descriptor *sd, *sd_orig=NULL;
+	const char *owner_sid;
+	uint32_t flags = 0;
+	/*
+	 * Can't test without SEC_STD_READ_CONTROL as we
+	 * own the file and implicitly have SEC_STD_READ_CONTROL.
+	*/
+	uint32_t access_masks[] = {
+		/* Full READ access. */
+		SEC_STD_READ_CONTROL|FILE_READ_DATA|
+		FILE_READ_ATTRIBUTES|FILE_READ_EA,
+
+		/* Missing FILE_READ_EA. */
+		SEC_STD_READ_CONTROL|FILE_READ_DATA|
+		FILE_READ_ATTRIBUTES,
+
+		/* Missing FILE_READ_ATTRIBUTES. */
+		SEC_STD_READ_CONTROL|FILE_READ_DATA|
+		FILE_READ_EA,
+
+		/* Missing FILE_READ_DATA. */
+		SEC_STD_READ_CONTROL|
+		FILE_READ_ATTRIBUTES|FILE_READ_EA,
+	};
+	unsigned int i;
+	unsigned int count;
+	struct smb2_find f;
+	union smb_search_data *d;
+
+	ZERO_STRUCT(fhandle);
+	ZERO_STRUCT(dhandle);
+
+	if (!torture_smb2_con_share(tctx, "hideunread", &tree1)) {
+		torture_result(tctx, TORTURE_FAIL, "(%s) Unable to connect "
+			"to share 'hideunread'\n",
+                       __location__);
+		ret = false;
+		goto done;
+	}
+
+	flags = smb2cli_tcon_flags(tree1->smbXcli);
+
+	smb2_util_unlink(tree1, fname);
+	smb2_deltree(tree1, BASEDIR);
+
+	torture_comment(tctx, "TESTING ACCESS BASED ENUMERATION\n");
+
+	if ((flags & SMB2_SHAREFLAG_ACCESS_BASED_DIRECTORY_ENUM)==0) {
+		torture_result(tctx, TORTURE_FAIL, "(%s) No access enumeration "
+			"on share 'hideunread'\n",
+                       __location__);
+		ret = false;
+		goto done;
+	}
+
+	if (!smb2_util_setup_dir(tctx, tree1, BASEDIR)) {
+		torture_result(tctx, TORTURE_FAIL, "(%s) Unable to setup %s\n",
+                       __location__, BASEDIR);
+		ret = false;
+		goto done;
+	}
+
+	/* Get a handle to the BASEDIR directory. */
+	status = torture_smb2_testdir(tree1, BASEDIR, &dhandle);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree1, dhandle);
+	ZERO_STRUCT(dhandle);
+
+	ZERO_STRUCT(io);
+	io.level = RAW_OPEN_SMB2;
+	io.in.create_flags = 0;
+	io.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.in.create_options = 0;
+	io.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.in.share_access = 0;
+	io.in.alloc_size = 0;
+	io.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.in.security_flags = 0;
+	io.in.fname = fname;
+
+	status = smb2_create(tree1, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fhandle = io.out.file.handle;
+
+	torture_comment(tctx, "get the original sd\n");
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.handle = fhandle;
+	q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+	status = smb2_getinfo_file(tree1, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	sd_orig = q.query_secdesc.out.sd;
+
+	owner_sid = dom_sid_string(tctx, sd_orig->owner_sid);
+
+	torture_comment(tctx, "owner_sid is %s\n", owner_sid);
+
+	/* Setup for the search. */
+	ZERO_STRUCT(f);
+	f.in.pattern            = "*";
+	f.in.continue_flags     = SMB2_CONTINUE_FLAG_REOPEN;
+	f.in.max_response_size  = 0x1000;
+	f.in.level              = SMB2_FIND_DIRECTORY_INFO;
+
+	for (i = 0; i < ARRAY_SIZE(access_masks); i++) {
+
+		sd = security_descriptor_dacl_create(tctx,
+					0, NULL, NULL,
+					owner_sid,
+					SEC_ACE_TYPE_ACCESS_ALLOWED,
+					access_masks[i]|SEC_STD_SYNCHRONIZE,
+					0,
+					NULL);
+
+		set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+		set.set_secdesc.in.file.handle = fhandle;
+		set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+		set.set_secdesc.in.sd = sd;
+		status = smb2_setinfo_file(tree1, &set);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		/* Now see if we can see the file in a directory listing. */
+
+		/* Re-open dhandle. */
+		status = torture_smb2_testdir(tree1, BASEDIR, &dhandle);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		f.in.file.handle = dhandle;
+
+		count = 0;
+		d = NULL;
+		status = smb2_find_level(tree1, tree1, &f, &count, &d);
+		TALLOC_FREE(d);
+
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		smb2_util_close(tree1, dhandle);
+		ZERO_STRUCT(dhandle);
+
+		if (i == 0) {
+			/* We should see the first sd. */
+			if (count != 3) {
+				torture_result(tctx, TORTURE_FAIL,
+					"(%s) Normal SD - Unable "
+					"to see file %s\n",
+					__location__,
+					BASEDIR);
+				ret = false;
+				goto done;
+			}
+		} else {
+			/* But no others. */
+			if (count != 2) {
+				torture_result(tctx, TORTURE_FAIL,
+					"(%s) SD 0x%x - can "
+					"see file %s\n",
+					__location__,
+					access_masks[i],
+					BASEDIR);
+				ret = false;
+				goto done;
+			}
+		}
+	}
+
+done:
+
+	if (tree1) {
+		smb2_util_close(tree1, fhandle);
+		smb2_util_close(tree1, dhandle);
+		smb2_util_unlink(tree1, fname);
+		smb2_deltree(tree1, BASEDIR);
+		smb2_tdis(tree1);
+		smb2_logoff(tree1->session);
+	}
+	smb2_tdis(tree);
+	smb2_logoff(tree->session);
+	return ret;
+}
+
+/*
+ * test Owner Rights, S-1-3-4
+ */
+static bool test_owner_rights(struct torture_context *tctx,
+			      struct smb2_tree *tree)
+{
+	const char *fname = BASEDIR "\\owner_right.txt";
+	struct smb2_create cr;
+	struct smb2_handle handle = {{0}};
+	union smb_fileinfo gi;
+	union smb_setfileinfo si;
+	struct security_descriptor *sd_orig = NULL;
+	struct security_descriptor *sd = NULL;
+	const char *owner_sid = NULL;
+	NTSTATUS mxac_status;
+	NTSTATUS status;
+	bool ret = true;
+
+	smb2_deltree(tree, BASEDIR);
+
+	ret = smb2_util_setup_dir(tctx, tree, BASEDIR);
+	torture_assert_goto(tctx, ret, ret, done,
+			    "smb2_util_setup_dir failed\n");
+
+	torture_comment(tctx, "TESTING OWNER RIGHTS\n");
+
+	cr = (struct smb2_create) {
+		.in.desired_access = SEC_STD_READ_CONTROL |
+			SEC_STD_WRITE_DAC |SEC_STD_WRITE_OWNER,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.create_disposition = NTCREATEX_DISP_OPEN_IF,
+		.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS,
+		.in.fname = fname,
+	};
+
+	status = smb2_create(tree, tctx, &cr);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	handle = cr.out.file.handle;
+
+	torture_comment(tctx, "get the original sd\n");
+
+	gi = (union smb_fileinfo) {
+		.query_secdesc.level = RAW_FILEINFO_SEC_DESC,
+		.query_secdesc.in.file.handle = handle,
+		.query_secdesc.in.secinfo_flags = SECINFO_DACL|SECINFO_OWNER,
+	};
+
+	status = smb2_getinfo_file(tree, tctx, &gi);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed\n");
+
+	sd_orig = gi.query_secdesc.out.sd;
+	owner_sid = dom_sid_string(tctx, sd_orig->owner_sid);
+
+	/*
+	 * Add a 2 element ACL
+	 * SEC_RIGHTS_FILE_READ for the owner,
+	 * SEC_FILE_WRITE_DATA for SID_OWNER_RIGHTS.
+	 *
+	 * Proves that the owner and SID_OWNER_RIGHTS
+	 * ACE entries are additive.
+	 */
+	sd = security_descriptor_dacl_create(tctx, 0, NULL, NULL,
+					     owner_sid,
+					     SEC_ACE_TYPE_ACCESS_ALLOWED,
+					     SEC_RIGHTS_FILE_READ,
+					     0,
+					     SID_OWNER_RIGHTS,
+					     SEC_ACE_TYPE_ACCESS_ALLOWED,
+					     SEC_FILE_WRITE_DATA,
+					     0,
+					     NULL);
+	torture_assert_not_null_goto(tctx, sd, ret, done,
+				     "SD create failed\n");
+
+	si = (union smb_setfileinfo) {
+		.set_secdesc.level = RAW_SFILEINFO_SEC_DESC,
+		.set_secdesc.in.file.handle = handle,
+		.set_secdesc.in.secinfo_flags = SECINFO_DACL,
+		.set_secdesc.in.sd = sd,
+	};
+
+	status = smb2_setinfo_file(tree, &si);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_setinfo_file failed\n");
+
+	status = smb2_util_close(tree, handle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_close failed\n");
+	ZERO_STRUCT(handle);
+
+	cr = (struct smb2_create) {
+		.in.desired_access = SEC_STD_READ_CONTROL,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.create_disposition = NTCREATEX_DISP_OPEN_IF,
+		.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS,
+		.in.query_maximal_access = true,
+		.in.fname = fname,
+	};
+
+	status = smb2_create(tree, tctx, &cr);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_setinfo_file failed\n");
+	handle = cr.out.file.handle;
+
+	mxac_status = NT_STATUS(cr.out.maximal_access_status);
+	torture_assert_ntstatus_ok_goto(tctx, mxac_status, ret, done,
+					"smb2_setinfo_file failed\n");
+
+	/*
+	 * For some reasons Windows 2016 doesn't set SEC_STD_DELETE but we
+	 * do. Mask it out so the test passes against Samba and Windows.
+	 */
+	torture_assert_int_equal_goto(tctx,
+				      cr.out.maximal_access & ~SEC_STD_DELETE,
+				      SEC_RIGHTS_FILE_READ |
+				      SEC_FILE_WRITE_DATA,
+				      ret, done,
+				      "Wrong maximum access\n");
+
+	status = smb2_util_close(tree, handle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_close failed\n");
+	ZERO_STRUCT(handle);
+
+done:
+	if (!smb2_util_handle_empty(handle)) {
+		smb2_util_close(tree, handle);
+	}
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+/*
+ * test Owner Rights with a leading DENY ACE, S-1-3-4
+ */
+static bool test_owner_rights_deny(struct torture_context *tctx,
+				struct smb2_tree *tree)
+{
+	const char *fname = BASEDIR "\\owner_right_deny.txt";
+	struct smb2_create cr;
+	struct smb2_handle handle = {{0}};
+	union smb_fileinfo gi;
+	union smb_setfileinfo si;
+	struct security_descriptor *sd_orig = NULL;
+	struct security_descriptor *sd = NULL;
+	const char *owner_sid = NULL;
+	NTSTATUS mxac_status;
+	NTSTATUS status;
+	bool ret = true;
+
+	smb2_deltree(tree, BASEDIR);
+
+	ret = smb2_util_setup_dir(tctx, tree, BASEDIR);
+	torture_assert_goto(tctx, ret, ret, done,
+			"smb2_util_setup_dir failed\n");
+
+	torture_comment(tctx, "TESTING OWNER RIGHTS DENY\n");
+
+	cr = (struct smb2_create) {
+		.in.desired_access = SEC_STD_READ_CONTROL |
+			SEC_STD_WRITE_DAC |SEC_STD_WRITE_OWNER,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.create_disposition = NTCREATEX_DISP_OPEN_IF,
+		.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS,
+		.in.fname = fname,
+	};
+
+	status = smb2_create(tree, tctx, &cr);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	handle = cr.out.file.handle;
+
+	torture_comment(tctx, "get the original sd\n");
+
+	gi = (union smb_fileinfo) {
+		.query_secdesc.level = RAW_FILEINFO_SEC_DESC,
+		.query_secdesc.in.file.handle = handle,
+		.query_secdesc.in.secinfo_flags = SECINFO_DACL|SECINFO_OWNER,
+	};
+
+	status = smb2_getinfo_file(tree, tctx, &gi);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+				"smb2_getinfo_file failed\n");
+
+	sd_orig = gi.query_secdesc.out.sd;
+	owner_sid = dom_sid_string(tctx, sd_orig->owner_sid);
+
+	/*
+	 * Add a 2 element ACL
+	 * DENY SEC_FILE_DATA_READ for SID_OWNER_RIGHTS
+	 * SEC_FILE_READ_DATA for the owner.
+	 *
+	 * Proves that the owner and SID_OWNER_RIGHTS
+	 * ACE entries are additive.
+	 */
+	sd = security_descriptor_dacl_create(tctx, 0, NULL, NULL,
+					SID_OWNER_RIGHTS,
+					SEC_ACE_TYPE_ACCESS_DENIED,
+					SEC_FILE_READ_DATA,
+					0,
+					owner_sid,
+					SEC_ACE_TYPE_ACCESS_ALLOWED,
+					SEC_RIGHTS_FILE_READ,
+					0,
+					NULL);
+	torture_assert_not_null_goto(tctx, sd, ret, done,
+					"SD create failed\n");
+
+	si = (union smb_setfileinfo) {
+		.set_secdesc.level = RAW_SFILEINFO_SEC_DESC,
+		.set_secdesc.in.file.handle = handle,
+		.set_secdesc.in.secinfo_flags = SECINFO_DACL,
+		.set_secdesc.in.sd = sd,
+	};
+
+	status = smb2_setinfo_file(tree, &si);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_setinfo_file failed\n");
+
+	status = smb2_util_close(tree, handle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_close failed\n");
+	ZERO_STRUCT(handle);
+
+	cr = (struct smb2_create) {
+		.in.desired_access = SEC_STD_READ_CONTROL,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.create_disposition = NTCREATEX_DISP_OPEN_IF,
+		.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS,
+		.in.query_maximal_access = true,
+		.in.fname = fname,
+	};
+
+	status = smb2_create(tree, tctx, &cr);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_setinfo_file failed\n");
+	handle = cr.out.file.handle;
+
+	mxac_status = NT_STATUS(cr.out.maximal_access_status);
+	torture_assert_ntstatus_ok_goto(tctx, mxac_status, ret, done,
+					"smb2_setinfo_file failed\n");
+
+	/*
+	 * For some reasons Windows 2016 doesn't set SEC_STD_DELETE but we
+	 * do. Mask it out so the test passes against Samba and Windows.
+	 */
+	torture_assert_int_equal_goto(tctx,
+				      cr.out.maximal_access & ~SEC_STD_DELETE,
+				      SEC_RIGHTS_FILE_READ & ~SEC_FILE_READ_DATA,
+				      ret, done,
+				      "Wrong maximum access\n");
+
+	status = smb2_util_close(tree, handle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_close failed\n");
+	ZERO_STRUCT(handle);
+
+done:
+	if (!smb2_util_handle_empty(handle)) {
+		smb2_util_close(tree, handle);
+	}
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+/*
+ * test Owner Rights with a trailing DENY ACE, S-1-3-4
+ */
+static bool test_owner_rights_deny1(struct torture_context *tctx,
+				struct smb2_tree *tree)
+{
+	const char *fname = BASEDIR "\\owner_right_deny1.txt";
+	struct smb2_create cr;
+	struct smb2_handle handle = {{0}};
+	union smb_fileinfo gi;
+	union smb_setfileinfo si;
+	struct security_descriptor *sd_orig = NULL;
+	struct security_descriptor *sd = NULL;
+	const char *owner_sid = NULL;
+	NTSTATUS mxac_status;
+	NTSTATUS status;
+	bool ret = true;
+
+	smb2_deltree(tree, BASEDIR);
+
+	ret = smb2_util_setup_dir(tctx, tree, BASEDIR);
+	torture_assert_goto(tctx, ret, ret, done,
+			"smb2_util_setup_dir failed\n");
+
+	torture_comment(tctx, "TESTING OWNER RIGHTS DENY1\n");
+
+	cr = (struct smb2_create) {
+		.in.desired_access = SEC_STD_READ_CONTROL |
+			SEC_STD_WRITE_DAC |SEC_STD_WRITE_OWNER,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.create_disposition = NTCREATEX_DISP_OPEN_IF,
+		.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS,
+		.in.fname = fname,
+	};
+
+	status = smb2_create(tree, tctx, &cr);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	handle = cr.out.file.handle;
+
+	torture_comment(tctx, "get the original sd\n");
+
+	gi = (union smb_fileinfo) {
+		.query_secdesc.level = RAW_FILEINFO_SEC_DESC,
+		.query_secdesc.in.file.handle = handle,
+		.query_secdesc.in.secinfo_flags = SECINFO_DACL|SECINFO_OWNER,
+	};
+
+	status = smb2_getinfo_file(tree, tctx, &gi);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+				"smb2_getinfo_file failed\n");
+
+	sd_orig = gi.query_secdesc.out.sd;
+	owner_sid = dom_sid_string(tctx, sd_orig->owner_sid);
+
+	/*
+	 * Add a 3 element ACL
+	 *
+	 * SEC_RIGHTS_FILE_READ allow for owner.
+	 * SEC_FILE_WRITE_DATA allow for SID-OWNER-RIGHTS.
+	 * SEC_FILE_WRITE_DATA|SEC_FILE_READ_DATA) deny for SID-OWNER-RIGHTS.
+	 *
+	 * Shows on Windows that trailing DENY entries don't
+	 * override granted permissions in max access calculations.
+	 */
+	sd = security_descriptor_dacl_create(tctx, 0, NULL, NULL,
+					owner_sid,
+					SEC_ACE_TYPE_ACCESS_ALLOWED,
+					SEC_RIGHTS_FILE_READ,
+					0,
+					SID_OWNER_RIGHTS,
+					SEC_ACE_TYPE_ACCESS_ALLOWED,
+					SEC_FILE_WRITE_DATA,
+					0,
+					SID_OWNER_RIGHTS,
+					SEC_ACE_TYPE_ACCESS_DENIED,
+					(SEC_FILE_WRITE_DATA|
+						SEC_FILE_READ_DATA),
+					0,
+					NULL);
+	torture_assert_not_null_goto(tctx, sd, ret, done,
+					"SD create failed\n");
+
+	si = (union smb_setfileinfo) {
+		.set_secdesc.level = RAW_SFILEINFO_SEC_DESC,
+		.set_secdesc.in.file.handle = handle,
+		.set_secdesc.in.secinfo_flags = SECINFO_DACL,
+		.set_secdesc.in.sd = sd,
+	};
+
+	status = smb2_setinfo_file(tree, &si);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_setinfo_file failed\n");
+
+	status = smb2_util_close(tree, handle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_close failed\n");
+	ZERO_STRUCT(handle);
+
+	cr = (struct smb2_create) {
+		.in.desired_access = SEC_STD_READ_CONTROL,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.create_disposition = NTCREATEX_DISP_OPEN_IF,
+		.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS,
+		.in.query_maximal_access = true,
+		.in.fname = fname,
+	};
+
+	status = smb2_create(tree, tctx, &cr);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_setinfo_file failed\n");
+	handle = cr.out.file.handle;
+
+	mxac_status = NT_STATUS(cr.out.maximal_access_status);
+	torture_assert_ntstatus_ok_goto(tctx, mxac_status, ret, done,
+					"smb2_setinfo_file failed\n");
+
+	/*
+	 * For some reasons Windows 2016 doesn't set SEC_STD_DELETE but we
+	 * do. Mask it out so the test passes against Samba and Windows.
+	 */
+	torture_assert_int_equal_goto(tctx,
+				cr.out.maximal_access & ~SEC_STD_DELETE,
+				SEC_RIGHTS_FILE_READ | SEC_FILE_WRITE_DATA,
+				ret, done,
+				"Wrong maximum access\n");
+
+	status = smb2_util_close(tree, handle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_close failed\n");
+	ZERO_STRUCT(handle);
+
+done:
+	if (!smb2_util_handle_empty(handle)) {
+		smb2_util_close(tree, handle);
+	}
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+/*
+ * test that shows that a DENY ACE doesn't remove rights granted
+ * by a previous ALLOW ACE.
+ */
+static bool test_deny1(struct torture_context *tctx,
+		       struct smb2_tree *tree)
+{
+	const char *fname = BASEDIR "\\test_deny1.txt";
+	struct smb2_create cr;
+	struct smb2_handle handle = {{0}};
+	union smb_fileinfo gi;
+	union smb_setfileinfo si;
+	struct security_descriptor *sd_orig = NULL;
+	struct security_descriptor *sd = NULL;
+	const char *owner_sid = NULL;
+	NTSTATUS mxac_status;
+	NTSTATUS status;
+	bool ret = true;
+
+	smb2_deltree(tree, BASEDIR);
+
+	ret = smb2_util_setup_dir(tctx, tree, BASEDIR);
+	torture_assert_goto(tctx, ret, ret, done,
+			"smb2_util_setup_dir failed\n");
+
+	cr = (struct smb2_create) {
+		.in.desired_access = SEC_STD_READ_CONTROL |
+			SEC_STD_WRITE_DAC |SEC_STD_WRITE_OWNER,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.create_disposition = NTCREATEX_DISP_OPEN_IF,
+		.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS,
+		.in.fname = fname,
+	};
+
+	status = smb2_create(tree, tctx, &cr);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	handle = cr.out.file.handle;
+
+	torture_comment(tctx, "get the original sd\n");
+
+	gi = (union smb_fileinfo) {
+		.query_secdesc.level = RAW_FILEINFO_SEC_DESC,
+		.query_secdesc.in.file.handle = handle,
+		.query_secdesc.in.secinfo_flags = SECINFO_DACL|SECINFO_OWNER,
+	};
+
+	status = smb2_getinfo_file(tree, tctx, &gi);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+				"smb2_getinfo_file failed\n");
+
+	sd_orig = gi.query_secdesc.out.sd;
+	owner_sid = dom_sid_string(tctx, sd_orig->owner_sid);
+
+	/*
+	 * Add a 2 element ACL
+	 *
+	 * SEC_RIGHTS_FILE_READ|SEC_FILE_WRITE_DATA allow for owner.
+	 * SEC_FILE_WRITE_DATA deny for owner
+	 *
+	 * Shows on Windows that trailing DENY entries don't
+	 * override granted permissions.
+	 */
+	sd = security_descriptor_dacl_create(tctx, 0, NULL, NULL,
+					owner_sid,
+					SEC_ACE_TYPE_ACCESS_ALLOWED,
+					SEC_RIGHTS_FILE_READ|SEC_FILE_WRITE_DATA,
+					0,
+					owner_sid,
+					SEC_ACE_TYPE_ACCESS_DENIED,
+					SEC_FILE_WRITE_DATA,
+					0,
+					NULL);
+	torture_assert_not_null_goto(tctx, sd, ret, done,
+					"SD create failed\n");
+
+	si = (union smb_setfileinfo) {
+		.set_secdesc.level = RAW_SFILEINFO_SEC_DESC,
+		.set_secdesc.in.file.handle = handle,
+		.set_secdesc.in.secinfo_flags = SECINFO_DACL,
+		.set_secdesc.in.sd = sd,
+	};
+
+	status = smb2_setinfo_file(tree, &si);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_setinfo_file failed\n");
+
+	status = smb2_util_close(tree, handle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_close failed\n");
+	ZERO_STRUCT(handle);
+
+	cr = (struct smb2_create) {
+		.in.desired_access = SEC_STD_READ_CONTROL | SEC_FILE_WRITE_DATA,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.create_disposition = NTCREATEX_DISP_OPEN_IF,
+		.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS,
+		.in.query_maximal_access = true,
+		.in.fname = fname,
+	};
+
+	status = smb2_create(tree, tctx, &cr);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	handle = cr.out.file.handle;
+
+	mxac_status = NT_STATUS(cr.out.maximal_access_status);
+	torture_assert_ntstatus_ok_goto(tctx, mxac_status, ret, done,
+					"Wrong maximum access status\n");
+
+	/*
+	 * For some reasons Windows 2016 doesn't set SEC_STD_DELETE but we
+	 * do. Mask it out so the test passes against Samba and Windows.
+	 * SEC_STD_WRITE_DAC comes from being the owner.
+	 */
+	torture_assert_int_equal_goto(tctx,
+				      cr.out.maximal_access & ~SEC_STD_DELETE,
+				      SEC_RIGHTS_FILE_READ |
+				      SEC_FILE_WRITE_DATA |
+				      SEC_STD_WRITE_DAC,
+				      ret, done,
+				      "Wrong maximum access\n");
+
+	status = smb2_util_close(tree, handle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_close failed\n");
+	ZERO_STRUCT(handle);
+
+done:
+	if (!smb2_util_handle_empty(handle)) {
+		smb2_util_close(tree, handle);
+	}
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+/*
+ * test SEC_FLAG_MAXIMUM_ALLOWED with not-granted access
+ *
+ * When access_mask contains SEC_FLAG_MAXIMUM_ALLOWED, the server must still
+ * process other bits from access_mask. Eg if access_mask contains a right that
+ * the requester doesn't have, the function must validate that against the
+ * effective permissions.
+ */
+static bool test_mxac_not_granted(struct torture_context *tctx,
+				  struct smb2_tree *tree)
+{
+	const char *fname = BASEDIR "\\test_mxac_not_granted.txt";
+	struct smb2_create cr;
+	struct smb2_handle handle = {{0}};
+	union smb_fileinfo gi;
+	union smb_setfileinfo si;
+	struct security_descriptor *sd_orig = NULL;
+	struct security_descriptor *sd = NULL;
+	const char *owner_sid = NULL;
+	NTSTATUS status;
+	bool ret = true;
+
+	smb2_deltree(tree, BASEDIR);
+
+	ret = smb2_util_setup_dir(tctx, tree, BASEDIR);
+	torture_assert_goto(tctx, ret, ret, done,
+			"smb2_util_setup_dir failed\n");
+
+	torture_comment(tctx, "TESTING OWNER RIGHTS DENY\n");
+
+	cr = (struct smb2_create) {
+		.in.desired_access = SEC_STD_READ_CONTROL |
+			SEC_STD_WRITE_DAC |SEC_STD_WRITE_OWNER,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.create_disposition = NTCREATEX_DISP_OPEN_IF,
+		.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS,
+		.in.fname = fname,
+	};
+
+	status = smb2_create(tree, tctx, &cr);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	handle = cr.out.file.handle;
+
+	torture_comment(tctx, "get the original sd\n");
+
+	gi = (union smb_fileinfo) {
+		.query_secdesc.level = RAW_FILEINFO_SEC_DESC,
+		.query_secdesc.in.file.handle = handle,
+		.query_secdesc.in.secinfo_flags = SECINFO_DACL|SECINFO_OWNER,
+	};
+
+	status = smb2_getinfo_file(tree, tctx, &gi);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+				"smb2_getinfo_file failed\n");
+
+	sd_orig = gi.query_secdesc.out.sd;
+	owner_sid = dom_sid_string(tctx, sd_orig->owner_sid);
+
+	sd = security_descriptor_dacl_create(tctx, 0, NULL, NULL,
+					owner_sid,
+					SEC_ACE_TYPE_ACCESS_ALLOWED,
+					SEC_FILE_READ_DATA,
+					0,
+					NULL);
+	torture_assert_not_null_goto(tctx, sd, ret, done,
+					"SD create failed\n");
+
+	si = (union smb_setfileinfo) {
+		.set_secdesc.level = RAW_SFILEINFO_SEC_DESC,
+		.set_secdesc.in.file.handle = handle,
+		.set_secdesc.in.secinfo_flags = SECINFO_DACL,
+		.set_secdesc.in.sd = sd,
+	};
+
+	status = smb2_setinfo_file(tree, &si);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_setinfo_file failed\n");
+
+	status = smb2_util_close(tree, handle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_close failed\n");
+	ZERO_STRUCT(handle);
+
+	cr = (struct smb2_create) {
+		.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED |
+				     SEC_FILE_WRITE_DATA,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.create_disposition = NTCREATEX_DISP_OPEN_IF,
+		.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS,
+		.in.fname = fname,
+	};
+
+	status = smb2_create(tree, tctx, &cr);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+					   NT_STATUS_ACCESS_DENIED,
+					   ret, done,
+					   "Wrong smb2_create result\n");
+
+done:
+	if (!smb2_util_handle_empty(handle)) {
+		smb2_util_close(tree, handle);
+	}
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+static bool test_overwrite_read_only_file(struct torture_context *tctx,
+					  struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	struct smb2_create c;
+	const char *fname = BASEDIR "\\test_overwrite_read_only_file.txt";
+	struct smb2_handle handle = {{0}};
+	union smb_fileinfo q;
+	union smb_setfileinfo set;
+	struct security_descriptor *sd = NULL, *sd_orig = NULL;
+	const char *owner_sid = NULL;
+	int i;
+	bool ret = true;
+
+	struct tcase {
+		int disposition;
+		const char *disposition_string;
+		NTSTATUS expected_status;
+	} tcases[] = {
+#define TCASE(d, s) {				\
+		.disposition = d,		\
+		.disposition_string = #d,	\
+		.expected_status = s,		\
+	}
+		TCASE(NTCREATEX_DISP_OPEN, NT_STATUS_OK),
+		TCASE(NTCREATEX_DISP_SUPERSEDE, NT_STATUS_ACCESS_DENIED),
+		TCASE(NTCREATEX_DISP_OVERWRITE, NT_STATUS_ACCESS_DENIED),
+		TCASE(NTCREATEX_DISP_OVERWRITE_IF, NT_STATUS_ACCESS_DENIED),
+	};
+#undef TCASE
+
+	ret = smb2_util_setup_dir(tctx, tree, BASEDIR);
+	torture_assert_goto(tctx, ret, ret, done, "smb2_util_setup_dir not ok");
+
+	c = (struct smb2_create) {
+		.in.desired_access = SEC_STD_READ_CONTROL |
+			SEC_STD_WRITE_DAC |
+			SEC_STD_WRITE_OWNER,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+			NTCREATEX_SHARE_ACCESS_WRITE,
+		.in.create_disposition = NTCREATEX_DISP_OPEN_IF,
+		.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS,
+		.in.fname = fname,
+	};
+
+	status = smb2_create(tree, tctx, &c);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	handle = c.out.file.handle;
+
+	torture_comment(tctx, "get the original sd\n");
+
+	ZERO_STRUCT(q);
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.handle = handle;
+	q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+
+	status = smb2_getinfo_file(tree, tctx, &q);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed\n");
+	sd_orig = q.query_secdesc.out.sd;
+
+	owner_sid = dom_sid_string(tctx, sd_orig->owner_sid);
+
+	sd = security_descriptor_dacl_create(tctx,
+					0, NULL, NULL,
+					owner_sid,
+					SEC_ACE_TYPE_ACCESS_ALLOWED,
+					SEC_FILE_READ_DATA,
+					0,
+					NULL);
+
+	ZERO_STRUCT(set);
+	set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+	set.set_secdesc.in.file.handle = handle;
+	set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+	set.set_secdesc.in.sd = sd;
+
+	status = smb2_setinfo_file(tree, &set);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_setinfo_file failed\n");
+
+	smb2_util_close(tree, handle);
+	ZERO_STRUCT(handle);
+
+	for (i = 0; i < ARRAY_SIZE(tcases); i++) {
+		torture_comment(tctx, "Verify open with %s disposition\n",
+				tcases[i].disposition_string);
+
+		c = (struct smb2_create) {
+			.in.create_disposition = tcases[i].disposition,
+			.in.desired_access = SEC_FILE_READ_DATA,
+			.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+			.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+			.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS,
+			.in.fname = fname,
+		};
+
+		status = smb2_create(tree, tctx, &c);
+		smb2_util_close(tree, c.out.file.handle);
+		torture_assert_ntstatus_equal_goto(
+			tctx, status, tcases[i].expected_status, ret, done,
+			"smb2_create failed\n");
+	};
+
+	torture_comment(tctx, "put back original sd\n");
+
+	c = (struct smb2_create) {
+		.in.desired_access = SEC_STD_WRITE_DAC,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.create_disposition = NTCREATEX_DISP_OPEN_IF,
+		.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS,
+		.in.fname = fname,
+	};
+
+	status = smb2_create(tree, tctx, &c);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	handle = c.out.file.handle;
+
+	ZERO_STRUCT(set);
+	set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+	set.set_secdesc.in.file.handle = handle;
+	set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+	set.set_secdesc.in.sd = sd_orig;
+
+	status = smb2_setinfo_file(tree, &set);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_setinfo_file failed\n");
+
+	smb2_util_close(tree, handle);
+	ZERO_STRUCT(handle);
+
+done:
+	smb2_util_close(tree, handle);
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+/*
+   basic testing of SMB2 ACLs
+*/
+struct torture_suite *torture_smb2_acls_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "acls");
+
+	torture_suite_add_1smb2_test(suite, "CREATOR", test_creator_sid);
+	torture_suite_add_1smb2_test(suite, "GENERIC", test_generic_bits);
+	torture_suite_add_1smb2_test(suite, "OWNER", test_owner_bits);
+	torture_suite_add_1smb2_test(suite, "INHERITANCE", test_inheritance);
+	torture_suite_add_1smb2_test(suite, "INHERITFLAGS", test_inheritance_flags);
+	torture_suite_add_1smb2_test(suite, "SDFLAGSVSCHOWN", test_sd_flags_vs_chown);
+	torture_suite_add_1smb2_test(suite, "DYNAMIC", test_inheritance_dynamic);
+#if 0
+	/* XXX This test does not work against XP or Vista. */
+	torture_suite_add_1smb2_test(suite, "GETSET", test_sd_get_set);
+#endif
+	torture_suite_add_1smb2_test(suite, "ACCESSBASED", test_access_based);
+	torture_suite_add_1smb2_test(suite, "OWNER-RIGHTS", test_owner_rights);
+	torture_suite_add_1smb2_test(suite, "OWNER-RIGHTS-DENY",
+			test_owner_rights_deny);
+	torture_suite_add_1smb2_test(suite, "OWNER-RIGHTS-DENY1",
+			test_owner_rights_deny1);
+	torture_suite_add_1smb2_test(suite, "DENY1",
+			test_deny1);
+	torture_suite_add_1smb2_test(suite, "MXAC-NOT-GRANTED",
+			test_mxac_not_granted);
+	torture_suite_add_1smb2_test(suite, "OVERWRITE_READ_ONLY_FILE", test_overwrite_read_only_file);
+
+	suite->description = talloc_strdup(suite, "SMB2-ACLS tests");
+
+	return suite;
+}
+
+static bool test_acls_non_canonical_flags(struct torture_context *tctx,
+					  struct smb2_tree *tree)
+{
+	const char *fname = BASEDIR "\\test_acls_non_canonical_flags.txt";
+	struct smb2_create cr;
+	struct smb2_handle testdirh = {{0}};
+	struct smb2_handle handle = {{0}};
+	union smb_fileinfo gi;
+	union smb_setfileinfo si;
+	struct security_descriptor *sd_orig = NULL;
+	struct security_descriptor *sd = NULL;
+	NTSTATUS status;
+	bool ret = true;
+
+	smb2_deltree(tree, BASEDIR);
+
+	status = torture_smb2_testdir(tree, BASEDIR, &testdirh);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testdir failed\n");
+
+	sd = security_descriptor_dacl_create(tctx,
+					     SEC_DESC_DACL_AUTO_INHERITED
+					     | SEC_DESC_DACL_AUTO_INHERIT_REQ,
+					     NULL,
+					     NULL,
+					     SID_WORLD,
+					     SEC_ACE_TYPE_ACCESS_ALLOWED,
+					     SEC_RIGHTS_DIR_ALL,
+					     SEC_ACE_FLAG_OBJECT_INHERIT
+					     | SEC_ACE_FLAG_CONTAINER_INHERIT,
+					     NULL);
+	torture_assert_not_null_goto(tctx, sd, ret, done,
+					"SD create failed\n");
+
+	si = (union smb_setfileinfo) {
+		.set_secdesc.level = RAW_SFILEINFO_SEC_DESC,
+		.set_secdesc.in.file.handle = testdirh,
+		.set_secdesc.in.secinfo_flags = SECINFO_DACL,
+		.set_secdesc.in.sd = sd,
+	};
+
+	status = smb2_setinfo_file(tree, &si);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_setinfo_file failed\n");
+
+	gi = (union smb_fileinfo) {
+		.query_secdesc.level = RAW_FILEINFO_SEC_DESC,
+		.query_secdesc.in.file.handle = testdirh,
+		.query_secdesc.in.secinfo_flags = SECINFO_DACL,
+	};
+
+	status = smb2_getinfo_file(tree, tctx, &gi);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+				"smb2_getinfo_file failed\n");
+
+	cr = (struct smb2_create) {
+		.in.desired_access = SEC_STD_READ_CONTROL |
+			SEC_STD_WRITE_DAC,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.create_disposition = NTCREATEX_DISP_OPEN_IF,
+		.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS,
+		.in.fname = fname,
+	};
+
+	status = smb2_create(tree, tctx, &cr);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	handle = cr.out.file.handle;
+
+	torture_comment(tctx, "get the original sd\n");
+
+	gi = (union smb_fileinfo) {
+		.query_secdesc.level = RAW_FILEINFO_SEC_DESC,
+		.query_secdesc.in.file.handle = handle,
+		.query_secdesc.in.secinfo_flags = SECINFO_DACL,
+	};
+
+	status = smb2_getinfo_file(tree, tctx, &gi);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+				"smb2_getinfo_file failed\n");
+
+	sd_orig = gi.query_secdesc.out.sd;
+
+	torture_assert_goto(tctx, sd_orig->type & SEC_DESC_DACL_AUTO_INHERITED,
+			    ret, done, "Missing SEC_DESC_DACL_AUTO_INHERITED\n");
+
+	/*
+	 * SD with SEC_DESC_DACL_AUTO_INHERITED but without
+	 * SEC_DESC_DACL_AUTO_INHERITED_REQ, so the resulting SD should not have
+	 * SEC_DESC_DACL_AUTO_INHERITED on a Windows box.
+	 *
+	 * But as we're testing against a share with
+	 *
+	 *    "acl flag inherited canonicalization = no"
+	 *
+	 * the resulting SD should have acl flag inherited canonicalization set.
+	 */
+	sd = security_descriptor_dacl_create(tctx,
+					     SEC_DESC_DACL_AUTO_INHERITED,
+					     NULL,
+					     NULL,
+					     SID_WORLD,
+					     SEC_ACE_TYPE_ACCESS_ALLOWED,
+					     SEC_FILE_ALL,
+					     0,
+					     NULL);
+	torture_assert_not_null_goto(tctx, sd, ret, done,
+					"SD create failed\n");
+
+	si = (union smb_setfileinfo) {
+		.set_secdesc.level = RAW_SFILEINFO_SEC_DESC,
+		.set_secdesc.in.file.handle = handle,
+		.set_secdesc.in.secinfo_flags = SECINFO_DACL,
+		.set_secdesc.in.sd = sd,
+	};
+
+	status = smb2_setinfo_file(tree, &si);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_setinfo_file failed\n");
+
+	status = smb2_util_close(tree, handle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_close failed\n");
+	ZERO_STRUCT(handle);
+
+	cr = (struct smb2_create) {
+		.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED ,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS,
+		.in.fname = fname,
+	};
+
+	status = smb2_create(tree, tctx, &cr);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	handle = cr.out.file.handle;
+
+	gi = (union smb_fileinfo) {
+		.query_secdesc.level = RAW_FILEINFO_SEC_DESC,
+		.query_secdesc.in.file.handle = handle,
+		.query_secdesc.in.secinfo_flags = SECINFO_DACL,
+	};
+
+	status = smb2_getinfo_file(tree, tctx, &gi);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+				"smb2_getinfo_file failed\n");
+
+	sd_orig = gi.query_secdesc.out.sd;
+	torture_assert_goto(tctx, sd_orig->type & SEC_DESC_DACL_AUTO_INHERITED,
+			    ret, done, "Missing SEC_DESC_DACL_AUTO_INHERITED\n");
+
+done:
+	if (!smb2_util_handle_empty(handle)) {
+		smb2_util_close(tree, testdirh);
+	}
+	if (!smb2_util_handle_empty(handle)) {
+		smb2_util_close(tree, handle);
+	}
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+struct torture_suite *torture_smb2_acls_non_canonical_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "acls_non_canonical");
+
+	torture_suite_add_1smb2_test(suite, "flags", test_acls_non_canonical_flags);
+	return suite;
+}
diff --git a/source4/torture/smb2/attr.c b/source4/torture/smb2/attr.c
new file mode 100644
index 0000000..bc474d2
--- /dev/null
+++ b/source4/torture/smb2/attr.c
@@ -0,0 +1,710 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   openattr tester
+
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) David Mulder 2019
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "torture/torture.h"
+#include "libcli/security/security_descriptor.h"
+#include "torture/smb2/proto.h"
+
+static const uint32_t open_attrs_table[] = {
+		FILE_ATTRIBUTE_NORMAL,
+		FILE_ATTRIBUTE_ARCHIVE,
+		FILE_ATTRIBUTE_READONLY,
+		FILE_ATTRIBUTE_HIDDEN,
+		FILE_ATTRIBUTE_SYSTEM,
+
+		FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY,
+		FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN,
+		FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM,
+		FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN,
+		FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM,
+		FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM,
+
+		FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN,
+		FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM,
+		FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM,
+		FILE_ATTRIBUTE_HIDDEN,FILE_ATTRIBUTE_SYSTEM,
+};
+
+struct trunc_open_results {
+	unsigned int num;
+	uint32_t init_attr;
+	uint32_t trunc_attr;
+	uint32_t result_attr;
+};
+
+static const struct trunc_open_results attr_results[] = {
+	{ 0, FILE_ATTRIBUTE_NORMAL, FILE_ATTRIBUTE_NORMAL, FILE_ATTRIBUTE_ARCHIVE },
+	{ 1, FILE_ATTRIBUTE_NORMAL, FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_ARCHIVE },
+	{ 2, FILE_ATTRIBUTE_NORMAL, FILE_ATTRIBUTE_READONLY, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY },
+	{ 16, FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NORMAL, FILE_ATTRIBUTE_ARCHIVE },
+	{ 17, FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_ARCHIVE },
+	{ 18, FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_READONLY, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY },
+	{ 51, FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN },
+	{ 54, FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN },
+	{ 56, FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN },
+	{ 68, FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM },
+	{ 71, FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM },
+	{ 73, FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM },
+	{ 99, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_HIDDEN,FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN },
+	{ 102, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN },
+	{ 104, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN },
+	{ 116, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM },
+	{ 119,  FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM,  FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM },
+	{ 121, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM },
+	{ 170, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM|FILE_ATTRIBUTE_HIDDEN },
+	{ 173, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM },
+	{ 227, FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN },
+	{ 230, FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN },
+	{ 232, FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN },
+	{ 244, FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM },
+	{ 247, FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM },
+	{ 249, FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM }
+};
+
+static NTSTATUS smb2_setatr(struct smb2_tree *tree, const char *name,
+			    uint32_t attrib)
+{
+	NTSTATUS status;
+	struct smb2_create create_io = {0};
+	union smb_setfileinfo io;
+
+	create_io.in.desired_access = SEC_FILE_READ_DATA |
+				      SEC_FILE_WRITE_ATTRIBUTE;
+	create_io.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create_io.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	create_io.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create_io.in.fname = name;
+	status = smb2_create(tree, tree, &create_io);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	ZERO_STRUCT(io);
+	io.basic_info.level = RAW_SFILEINFO_BASIC_INFORMATION;
+	io.basic_info.in.file.handle = create_io.out.file.handle;
+	io.basic_info.in.attrib = attrib;
+	status = smb2_setinfo_file(tree, &io);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	status = smb2_util_close(tree, create_io.out.file.handle);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	return status;
+}
+
+bool torture_smb2_openattrtest(struct torture_context *tctx,
+			       struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	const char *fname = "openattr.file";
+	uint16_t attr;
+	unsigned int i, j, k, l;
+	int ret = true;
+
+	for (k = 0, i = 0; i < sizeof(open_attrs_table)/sizeof(uint32_t); i++) {
+		struct smb2_create create_io = {0};
+		smb2_setatr(tree, fname, FILE_ATTRIBUTE_NORMAL);
+		smb2_util_unlink(tree, fname);
+		create_io.in.create_flags = 0;
+		create_io.in.desired_access = SEC_FILE_WRITE_DATA;
+		create_io.in.file_attributes = open_attrs_table[i];
+		create_io.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+		create_io.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+		create_io.in.create_options = 0;
+		create_io.in.security_flags = 0;
+		create_io.in.fname = fname;
+		status = smb2_create(tree, tctx, &create_io);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, error_exit,
+			talloc_asprintf(tctx, "open %d (1) of %s failed (%s)",
+			i, fname, nt_errstr(status)));
+
+		status = smb2_util_close(tree, create_io.out.file.handle);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, error_exit,
+			talloc_asprintf(tctx, "close %d (1) of %s failed (%s)",
+			i, fname, nt_errstr(status)));
+
+		for (j = 0; j < ARRAY_SIZE(open_attrs_table); j++) {
+			create_io = (struct smb2_create){0};
+			create_io.in.create_flags = 0;
+			create_io.in.desired_access = SEC_FILE_READ_DATA|
+						      SEC_FILE_WRITE_DATA;
+			create_io.in.file_attributes = open_attrs_table[j];
+			create_io.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+			create_io.in.create_disposition = NTCREATEX_DISP_OVERWRITE;
+			create_io.in.create_options = 0;
+			create_io.in.security_flags = 0;
+			create_io.in.fname = fname;
+			status = smb2_create(tree, tctx, &create_io);
+
+			if (!NT_STATUS_IS_OK(status)) {
+				for (l = 0; l < ARRAY_SIZE(attr_results); l++) {
+					torture_assert_goto(tctx,
+						attr_results[l].num != k,
+						ret, error_exit,
+						talloc_asprintf(tctx,
+							"[%d] trunc open 0x%x "
+							"-> 0x%x of %s failed "
+							"- should have "
+							"succeeded !(%s)",
+							k, open_attrs_table[i],
+							open_attrs_table[j],
+							fname,
+							nt_errstr(status)));
+				}
+				torture_assert_ntstatus_equal_goto(tctx,
+					status, NT_STATUS_ACCESS_DENIED,
+					ret, error_exit,
+					talloc_asprintf(tctx,
+							"[%d] trunc open 0x%x "
+							"-> 0x%x failed with "
+							"wrong error code %s",
+							k, open_attrs_table[i],
+							open_attrs_table[j],
+							nt_errstr(status)));
+				k++;
+				continue;
+			}
+
+			status = smb2_util_close(tree, create_io.out.file.handle);
+			torture_assert_ntstatus_ok_goto(tctx, status, ret,
+				error_exit, talloc_asprintf(tctx,
+					"close %d (2) of %s failed (%s)", j,
+					fname, nt_errstr(status)));
+
+			status = smb2_util_getatr(tree, fname, &attr, NULL, NULL);
+			torture_assert_ntstatus_ok_goto(tctx, status, ret,
+				error_exit, talloc_asprintf(tctx,
+					"getatr(2) failed (%s)",
+					nt_errstr(status)));
+
+			for (l = 0; l < ARRAY_SIZE(attr_results); l++) {
+				if (attr_results[l].num == k) {
+					if (attr != attr_results[l].result_attr ||
+					    open_attrs_table[i] != attr_results[l].init_attr ||
+					    open_attrs_table[j] != attr_results[l].trunc_attr) {
+						ret = false;
+						torture_fail_goto(tctx, error_exit,
+							talloc_asprintf(tctx,
+							"[%d] getatr check "
+							"failed. [0x%x] trunc "
+							"[0x%x] got attr 0x%x,"
+							" should be 0x%x",
+							k, open_attrs_table[i],
+							open_attrs_table[j],
+							(unsigned int)attr,
+							attr_results[l].result_attr));
+					}
+					break;
+				}
+			}
+			k++;
+		}
+	}
+error_exit:
+	smb2_setatr(tree, fname, FILE_ATTRIBUTE_NORMAL);
+	smb2_util_unlink(tree, fname);
+
+
+	return ret;
+}
+
+bool torture_smb2_winattrtest(struct torture_context *tctx,
+			      struct smb2_tree *tree)
+{
+	const char *fname = "winattr1.file";
+	const char *dname = "winattr1.dir";
+	uint16_t attr;
+	uint16_t j;
+	uint32_t aceno;
+	bool ret = true;
+	union smb_fileinfo query, query_org;
+	NTSTATUS status;
+	struct security_descriptor *sd1 = NULL, *sd2 = NULL;
+	struct smb2_create create_io = {0};
+	ZERO_STRUCT(query);
+	ZERO_STRUCT(query_org);
+
+	/* Test winattrs for file */
+	smb2_util_unlink(tree, fname);
+
+	/* Open a file*/
+	create_io.in.create_flags = 0;
+	create_io.in.desired_access = SEC_FILE_READ_DATA | SEC_FILE_WRITE_DATA |
+				SEC_STD_READ_CONTROL;
+	create_io.in.file_attributes = 0;
+	create_io.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	create_io.in.create_disposition = FILE_SUPERSEDE;
+	create_io.in.create_options = 0;
+	create_io.in.security_flags = 0;
+	create_io.in.fname = fname;
+	status = smb2_create(tree, tctx, &create_io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, error_exit,
+		talloc_asprintf(tctx, "open(1) of %s failed (%s)\n",
+		fname, nt_errstr(status)));
+
+	/* Get security descriptor and store it*/
+	query_org.generic.level = RAW_FILEINFO_SEC_DESC;
+	query_org.generic.in.file.handle = create_io.out.file.handle;
+	query_org.query_secdesc.in.secinfo_flags = SECINFO_OWNER|
+						SECINFO_GROUP|
+						SECINFO_DACL;
+	status = smb2_getinfo_file(tree, tctx, &query_org);
+	if(!NT_STATUS_IS_OK(status)){
+		NTSTATUS s = smb2_util_close(tree, create_io.out.file.handle);
+		torture_assert_ntstatus_ok_goto(tctx, s, ret, error_exit,
+				talloc_asprintf(tctx,
+					"close(1) of %s failed (%s)\n",
+					fname, nt_errstr(s)));
+		ret = false;
+		torture_fail_goto(tctx, error_exit, talloc_asprintf(tctx,
+			"smb2_getinfo_file(1) of %s failed (%s)\n",
+			fname, nt_errstr(status)));
+	}
+	sd1 = query_org.query_secdesc.out.sd;
+
+	status = smb2_util_close(tree, create_io.out.file.handle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, error_exit,
+		       talloc_asprintf(tctx, "close(1) of %s failed (%s)\n",
+				       fname, nt_errstr(status)));
+
+	/*Set and get attributes*/
+	for (j = 0; j < ARRAY_SIZE(open_attrs_table); j++) {
+		status = smb2_setatr(tree, fname, open_attrs_table[j]);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret,
+			error_exit,
+			talloc_asprintf(tctx, "setatr(2) failed (%s)",
+				nt_errstr(status)));
+
+		status = smb2_util_getatr(tree, fname, &attr, NULL, NULL);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret,
+			error_exit,
+			talloc_asprintf(tctx, "getatr(2) failed (%s)",
+			nt_errstr(status)));
+
+		/* Check the result */
+		torture_assert_goto(tctx, attr == open_attrs_table[j], ret,
+			error_exit, talloc_asprintf(tctx,
+				"getatr check failed. \
+				Attr applied [0x%x],got attr 0x%x, \
+				should be 0x%x ", open_attrs_table[j],
+				(uint16_t)attr, open_attrs_table[j]));
+
+		create_io = (struct smb2_create){0};
+		create_io.in.create_flags = 0;
+		create_io.in.desired_access = SEC_FILE_READ_ATTRIBUTE|
+						SEC_STD_READ_CONTROL;
+		create_io.in.file_attributes = 0;
+		create_io.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+		create_io.in.create_disposition = FILE_OPEN_IF;
+		create_io.in.create_options = 0;
+		create_io.in.security_flags = 0;
+		create_io.in.fname = fname;
+		status = smb2_create(tree, tctx, &create_io);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret,
+			error_exit,
+			talloc_asprintf(tctx, "open(2) of %s failed (%s)\n",
+			fname, nt_errstr(status)));
+		/*Get security descriptor */
+		query.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+		query.query_secdesc.in.file.handle = create_io.out.file.handle;
+		query.query_secdesc.in.secinfo_flags = SECINFO_OWNER|
+						SECINFO_GROUP|
+						SECINFO_DACL;
+		status = smb2_getinfo_file(tree, tctx, &query);
+		if(!NT_STATUS_IS_OK(status)){
+			NTSTATUS s = smb2_util_close(tree, create_io.out.file.handle);
+			torture_assert_ntstatus_ok_goto(tctx, s, ret,
+				error_exit,
+				talloc_asprintf(tctx,
+					"close(2) of %s failed (%s)\n",
+					fname, nt_errstr(s)));
+			ret = false;
+			torture_fail_goto(tctx, error_exit,
+				talloc_asprintf(tctx,
+				"smb2_getinfo_file(2) of %s failed (%s)\n",
+				fname, nt_errstr(status)));
+		}
+		sd2 = query.query_secdesc.out.sd;
+
+		status = smb2_util_close(tree, create_io.out.file.handle);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, error_exit,
+		       talloc_asprintf(tctx, "close(2) of %s failed (%s)\n",
+				       fname, nt_errstr(status)));
+
+		/*Compare security descriptors -- Must be same*/
+		for (aceno=0;(sd1->dacl&&aceno < sd1->dacl->num_aces);aceno++){
+			struct security_ace *ace1 = &sd1->dacl->aces[aceno];
+			struct security_ace *ace2 = &sd2->dacl->aces[aceno];
+
+			torture_assert_goto(tctx, security_ace_equal(ace1, ace2),
+				ret, error_exit,
+				"ACLs changed! Not expected!\n");
+		}
+
+		torture_comment(tctx, "[%d] setattr = [0x%x] got attr 0x%x\n",
+			j,  open_attrs_table[j], attr );
+
+	}
+
+
+/* Check for Directory. */
+
+	smb2_deltree(tree, dname);
+	smb2_util_rmdir(tree, dname);
+
+	/* Open a directory */
+	create_io = (struct smb2_create){0};
+	create_io.in.create_flags = 0;
+	create_io.in.desired_access = SEC_RIGHTS_DIR_ALL;
+	create_io.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
+	create_io.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	create_io.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	create_io.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	create_io.in.security_flags = 0;
+	create_io.in.fname = dname;
+	status = smb2_create(tree, tctx, &create_io);
+
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, error_exit,
+			talloc_asprintf(tctx,
+			"open (1) of %s failed (%s)",
+			dname, nt_errstr(status)));
+
+
+	/* Get Security Descriptor */
+	query_org.generic.level = RAW_FILEINFO_SEC_DESC;
+	query_org.generic.in.file.handle = create_io.out.file.handle;
+	status = smb2_getinfo_file(tree, tctx, &query_org);
+	if(!NT_STATUS_IS_OK(status)){
+		NTSTATUS s = smb2_util_close(tree, create_io.out.file.handle);
+		torture_assert_ntstatus_ok_goto(tctx, s, ret, error_exit,
+				talloc_asprintf(tctx,
+					"close(1) of %s failed (%s)\n",
+					dname, nt_errstr(s)));
+		ret = false;
+		torture_fail_goto(tctx, error_exit, talloc_asprintf(tctx,
+			"smb2_getinfo_file(1) of %s failed (%s)\n", dname,
+			nt_errstr(status)));
+	}
+	sd1 = query_org.query_secdesc.out.sd;
+
+	status = smb2_util_close(tree, create_io.out.file.handle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, error_exit,
+				talloc_asprintf(tctx,
+				"close (1) of %s failed (%s)", dname,
+				nt_errstr(status)));
+
+	/* Set and get win attributes*/
+	for (j = 1; j < ARRAY_SIZE(open_attrs_table); j++) {
+
+		status = smb2_setatr(tree, dname, open_attrs_table[j]);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, error_exit,
+			talloc_asprintf(tctx, "setatr(2) failed (%s)",
+				nt_errstr(status)));
+
+		status = smb2_util_getatr(tree, dname, &attr, NULL, NULL);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, error_exit,
+			talloc_asprintf(tctx, "getatr(2) failed (%s)",
+				nt_errstr(status)));
+
+		torture_comment(tctx, "[%d] setatt = [0x%x] got attr 0x%x\n",
+			j,  open_attrs_table[j], attr );
+
+		/* Check the result */
+		torture_assert_goto(tctx,
+			attr == (open_attrs_table[j]|FILE_ATTRIBUTE_DIRECTORY),
+			ret, error_exit, talloc_asprintf(tctx,
+			"getatr check failed. set attr "
+			"[0x%x], got attr 0x%x, should be 0x%x\n",
+			open_attrs_table[j], (uint16_t)attr,
+			(unsigned int)(open_attrs_table[j]|FILE_ATTRIBUTE_DIRECTORY)));
+
+		create_io = (struct smb2_create){0};
+		create_io.in.create_flags = 0;
+		create_io.in.desired_access = SEC_RIGHTS_DIR_READ;
+		create_io.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
+		create_io.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+		create_io.in.create_disposition = NTCREATEX_DISP_OPEN;
+		create_io.in.create_options = 0;
+		create_io.in.security_flags = 0;
+		create_io.in.fname = dname;
+		status = smb2_create(tree, tctx, &create_io);
+
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, error_exit,
+			talloc_asprintf(tctx,
+			"open (2) of %s failed (%s)",
+			dname, nt_errstr(status)));
+		/* Get security descriptor */
+		query.generic.level = RAW_FILEINFO_SEC_DESC;
+		query.generic.in.file.handle = create_io.out.file.handle;
+		status = smb2_getinfo_file(tree, tctx, &query);
+		if(!NT_STATUS_IS_OK(status)){
+			NTSTATUS s = smb2_util_close(tree, create_io.out.file.handle);
+			torture_assert_ntstatus_ok_goto(tctx, s, ret, error_exit,
+					talloc_asprintf(tctx,
+					"close (2) of %s failed (%s)", dname,
+					nt_errstr(s)));
+			ret = false;
+			torture_fail_goto(tctx, error_exit,
+				talloc_asprintf(tctx,
+				"smb2_getinfo_file(2) of %s failed(%s)\n",
+				dname, nt_errstr(status)));
+		}
+		sd2 = query.query_secdesc.out.sd;
+		status = smb2_util_close(tree, create_io.out.file.handle);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, error_exit,
+				talloc_asprintf(tctx,
+				"close (2) of %s failed (%s)", dname,
+				nt_errstr(status)));
+
+		/* Security descriptor must be same*/
+		for (aceno=0;(sd1->dacl&&aceno < sd1->dacl->num_aces);aceno++){
+			struct security_ace *ace1 = &sd1->dacl->aces[aceno];
+			struct security_ace *ace2 = &sd2->dacl->aces[aceno];
+
+			torture_assert_goto(tctx, security_ace_equal(ace1, ace2),
+				ret, error_exit,
+				"ACLs changed! Not expected!\n");
+		}
+
+	}
+
+error_exit:
+	smb2_setatr(tree, fname, FILE_ATTRIBUTE_NORMAL);
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, dname);
+	smb2_util_rmdir(tree, dname);
+
+	return ret;
+}
+
+bool torture_smb2_winattr2(struct torture_context *tctx,
+			   struct smb2_tree *tree)
+{
+	const char *fname = "winattr2.file";
+	struct smb2_create c = {0};
+	NTSTATUS status;
+	bool ret = true;
+
+	smb2_util_unlink(tree, fname);
+
+	/* Create a file with FILE_ATTRIBUTE_ARCHIVE */
+	c = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_READ_DATA,
+		.in.file_attributes = FILE_ATTRIBUTE_ARCHIVE,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_NONE,
+		.in.create_disposition = NTCREATEX_DISP_OPEN_IF,
+		.in.fname = fname,
+	};
+
+	status = smb2_create(tree, tctx, &c);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+
+	status = smb2_util_close(tree, c.out.file.handle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_close failed\n");
+
+	/* Reopen file with different attributes */
+	c = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_READ_DATA,
+		.in.file_attributes = FILE_ATTRIBUTE_ARCHIVE |
+			FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN |
+			FILE_ATTRIBUTE_READONLY,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_NONE,
+		.in.create_disposition = NTCREATEX_DISP_OPEN_IF,
+		.in.fname = fname,
+	};
+
+	status = smb2_create(tree, tctx, &c);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+
+	status = smb2_util_close(tree, c.out.file.handle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_close failed\n");
+
+	torture_assert_int_equal_goto(tctx,
+				      c.out.file_attr,
+				      FILE_ATTRIBUTE_ARCHIVE,
+				      ret, done,
+				      "Wrong attributes\n");
+
+done:
+	smb2_util_unlink(tree, fname);
+	return ret;
+}
+
+bool torture_smb2_sdreadtest(struct torture_context *tctx,
+			      struct smb2_tree *tree)
+{
+	const char *fname = "sdread.file";
+	bool ret = true;
+	union smb_fileinfo query;
+	NTSTATUS status;
+	struct security_descriptor *sd = NULL;
+	struct smb2_create create_io = {0};
+	uint32_t sd_bits[] = { SECINFO_OWNER,
+				SECINFO_GROUP,
+				SECINFO_DACL };
+	size_t i;
+
+	ZERO_STRUCT(query);
+
+	smb2_util_unlink(tree, fname);
+
+	/* Create then close a file*/
+	create_io.in.create_flags = 0;
+	create_io.in.desired_access = SEC_FILE_READ_DATA | SEC_FILE_WRITE_DATA;
+	create_io.in.file_attributes = 0;
+	create_io.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	create_io.in.create_disposition = FILE_SUPERSEDE;
+	create_io.in.create_options = 0;
+	create_io.in.security_flags = 0;
+	create_io.in.fname = fname;
+	status = smb2_create(tree, tctx, &create_io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, error_exit,
+		talloc_asprintf(tctx, "open(1) of %s failed (%s)\n",
+		fname, nt_errstr(status)));
+	status = smb2_util_close(tree, create_io.out.file.handle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, error_exit,
+		       talloc_asprintf(tctx, "close(1) of %s failed (%s)\n",
+				       fname, nt_errstr(status)));
+
+	/*
+	 * Open the file with READ_ATTRIBUTES *only*,
+	 * no READ_CONTROL.
+	 *
+	 * This should deny access for any attempt to
+	 * get a security descriptor if we ask for
+	 * any of OWNER|GROUP|DACL, but if
+	 * we ask for *NO* info but still ask for
+	 * the security descriptor, then Windows
+	 * returns an ACL but with zero entries
+	 * for OWNER|GROUP|DACL.
+	 */
+
+	create_io = (struct smb2_create){0};
+	create_io.in.create_flags = 0;
+	create_io.in.desired_access = SEC_FILE_READ_ATTRIBUTE;
+	create_io.in.file_attributes = 0;
+	create_io.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	create_io.in.create_disposition = FILE_OPEN;
+	create_io.in.create_options = 0;
+	create_io.in.security_flags = 0;
+	create_io.in.fname = fname;
+	status = smb2_create(tree, tctx, &create_io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret,
+			error_exit,
+			talloc_asprintf(tctx, "open(2) of %s failed (%s)\n",
+			fname, nt_errstr(status)));
+
+	/* Check asking for SD fails ACCESS_DENIED with actual bits set. */
+	for (i = 0; i < ARRAY_SIZE(sd_bits); i++) {
+		query.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+		query.query_secdesc.in.file.handle = create_io.out.file.handle;
+		query.query_secdesc.in.secinfo_flags = sd_bits[i];
+
+		status = smb2_getinfo_file(tree, tctx, &query);
+
+		/* Must return ACESS_DENIED. */
+		if(!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)){
+			NTSTATUS s = smb2_util_close(tree,
+					create_io.out.file.handle);
+			torture_assert_ntstatus_ok_goto(tctx, s, ret,
+				error_exit,
+				talloc_asprintf(tctx,
+					"close(2) of %s failed (%s)\n",
+					fname, nt_errstr(s)));
+			ret = false;
+			torture_fail_goto(tctx, error_exit,
+				talloc_asprintf(tctx,
+				"smb2_getinfo_file(2) of %s failed (%s)\n",
+				fname, nt_errstr(status)));
+		}
+	}
+
+	/*
+	 * Get security descriptor whilst asking for *NO* bits.
+	 * This succeeds even though we don't have READ_CONTROL
+	 * access but returns an SD with zero data.
+	 */
+	query.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	query.query_secdesc.in.file.handle = create_io.out.file.handle;
+	query.query_secdesc.in.secinfo_flags = 0;
+
+	status = smb2_getinfo_file(tree, tctx, &query);
+	if(!NT_STATUS_IS_OK(status)){
+		NTSTATUS s = smb2_util_close(tree, create_io.out.file.handle);
+		torture_assert_ntstatus_ok_goto(tctx, s, ret, error_exit,
+				talloc_asprintf(tctx,
+					"close(3) of %s failed (%s)\n",
+					fname, nt_errstr(s)));
+		ret = false;
+		torture_fail_goto(tctx, error_exit, talloc_asprintf(tctx,
+			"smb2_getinfo_file(3) of %s failed (%s)\n",
+			fname, nt_errstr(status)));
+	}
+
+	sd = query.query_secdesc.out.sd;
+
+	/* Check it's empty. */
+	torture_assert_goto(tctx,
+			(sd->owner_sid == NULL),
+			ret,
+			error_exit,
+			"sd->owner_sid != NULL\n");
+
+	torture_assert_goto(tctx,
+			(sd->group_sid == NULL),
+			ret,
+			error_exit,
+			"sd->group_sid != NULL\n");
+
+	torture_assert_goto(tctx,
+			(sd->dacl == NULL),
+			ret,
+			error_exit,
+			"sd->dacl != NULL\n");
+
+	status = smb2_util_close(tree, create_io.out.file.handle);
+	torture_assert_ntstatus_ok_goto(tctx,
+			status,
+			ret,
+			error_exit,
+			talloc_asprintf(tctx, "close(4) of %s failed (%s)\n",
+				fname,
+			nt_errstr(status)));
+
+error_exit:
+
+	smb2_setatr(tree, fname, FILE_ATTRIBUTE_NORMAL);
+	smb2_util_unlink(tree, fname);
+
+	return ret;
+}
diff --git a/source4/torture/smb2/bench.c b/source4/torture/smb2/bench.c
new file mode 100644
index 0000000..a91ca6c
--- /dev/null
+++ b/source4/torture/smb2/bench.c
@@ -0,0 +1,1376 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   SMB2 bench test suite
+
+   Copyright (C) Stefan Metzmacher 2022
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "libcli/smb/smbXcli_base.h"
+#include "torture/torture.h"
+#include "torture/util.h"
+#include "torture/smb2/proto.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "libcli/security/security.h"
+
+#include "system/filesys.h"
+#include "auth/credentials/credentials.h"
+#include "lib/cmdline/cmdline.h"
+#include "librpc/gen_ndr/security.h"
+#include "lib/events/events.h"
+
+#define FNAME "test_create.dat"
+#define DNAME "smb2_open"
+
+#define CHECK_STATUS(status, correct) do { \
+	if (!NT_STATUS_EQUAL(status, correct)) { \
+		torture_result(tctx, TORTURE_FAIL, \
+			"(%s) Incorrect status %s - should be %s\n", \
+			 __location__, nt_errstr(status), nt_errstr(correct)); \
+		return false; \
+	}} while (0)
+
+#define CHECK_EQUAL(v, correct) do { \
+	if (v != correct) { \
+		torture_result(tctx, TORTURE_FAIL, \
+			"(%s) Incorrect value for %s 0x%08llx - " \
+		        "should be 0x%08llx\n", \
+			 __location__, #v, \
+		        (unsigned long long)v, \
+		        (unsigned long long)correct); \
+		return false;					\
+	}} while (0)
+
+#define CHECK_TIME(t, field) do { \
+	time_t t1, t2; \
+	finfo.all_info.level = RAW_FILEINFO_ALL_INFORMATION; \
+	finfo.all_info.in.file.handle = h1; \
+	status = smb2_getinfo_file(tree, tctx, &finfo); \
+	CHECK_STATUS(status, NT_STATUS_OK); \
+	t1 = t & ~1; \
+	t2 = nt_time_to_unix(finfo.all_info.out.field) & ~1; \
+	if (abs(t1-t2) > 2) { \
+		torture_result(tctx, TORTURE_FAIL, \
+			"(%s) wrong time for field %s  %s - %s\n", \
+			__location__, #field, \
+			timestring(tctx, t1), \
+			timestring(tctx, t2)); \
+		dump_all_info(tctx, &finfo); \
+		ret = false; \
+	}} while (0)
+
+#define CHECK_NTTIME(t, field) do { \
+	NTTIME t2; \
+	finfo.all_info.level = RAW_FILEINFO_ALL_INFORMATION; \
+	finfo.all_info.in.file.handle = h1; \
+	status = smb2_getinfo_file(tree, tctx, &finfo); \
+	CHECK_STATUS(status, NT_STATUS_OK); \
+	t2 = finfo.all_info.out.field; \
+	if (llabs((int64_t)(t-t2)) > 20000) { \
+		torture_result(tctx, TORTURE_FAIL, \
+			"(%s) wrong time for field %s  %s - %s\n", \
+		       __location__, #field, \
+		       nt_time_string(tctx, t), \
+		       nt_time_string(tctx, t2)); \
+		dump_all_info(tctx, &finfo); \
+		ret = false; \
+	}} while (0)
+
+#define CHECK_ALL_INFO(v, field) do { \
+	finfo.all_info.level = RAW_FILEINFO_ALL_INFORMATION; \
+	finfo.all_info.in.file.handle = h1; \
+	status = smb2_getinfo_file(tree, tctx, &finfo); \
+	CHECK_STATUS(status, NT_STATUS_OK); \
+	if ((v) != (finfo.all_info.out.field)) { \
+	       torture_result(tctx, TORTURE_FAIL, \
+			"(%s) wrong value for field %s  0x%x - 0x%x\n", \
+			__location__, #field, (int)v,\
+			(int)(finfo.all_info.out.field)); \
+		dump_all_info(tctx, &finfo); \
+		ret = false; \
+	}} while (0)
+
+#define CHECK_VAL(v, correct) do { \
+	if ((v) != (correct)) { \
+		torture_result(tctx, TORTURE_FAIL, \
+			"(%s) wrong value for %s  0x%x - should be 0x%x\n", \
+		       __location__, #v, (int)(v), (int)correct); \
+		ret = false; \
+	}} while (0)
+
+#define SET_ATTRIB(sattrib) do { \
+	union smb_setfileinfo sfinfo; \
+	ZERO_STRUCT(sfinfo.basic_info.in); \
+	sfinfo.basic_info.level = RAW_SFILEINFO_BASIC_INFORMATION; \
+	sfinfo.basic_info.in.file.handle = h1; \
+	sfinfo.basic_info.in.attrib = sattrib; \
+	status = smb2_setinfo_file(tree, &sfinfo); \
+	if (!NT_STATUS_IS_OK(status)) { \
+		torture_comment(tctx, \
+		    "(%s) Failed to set attrib 0x%x on %s\n", \
+		       __location__, (unsigned int)(sattrib), fname); \
+	}} while (0)
+
+/*
+   stress testing keepalive iops
+ */
+
+struct test_smb2_bench_echo_conn;
+struct test_smb2_bench_echo_loop;
+
+struct test_smb2_bench_echo_state {
+	struct torture_context *tctx;
+	size_t num_conns;
+	struct test_smb2_bench_echo_conn *conns;
+	size_t num_loops;
+	struct test_smb2_bench_echo_loop *loops;
+	size_t pending_loops;
+	struct timeval starttime;
+	int timecount;
+	int timelimit;
+	uint64_t num_finished;
+	double total_latency;
+	double min_latency;
+	double max_latency;
+	bool ok;
+	bool stop;
+};
+
+struct test_smb2_bench_echo_conn {
+	struct test_smb2_bench_echo_state *state;
+	int idx;
+	struct smb2_tree *tree;
+};
+
+struct test_smb2_bench_echo_loop {
+	struct test_smb2_bench_echo_state *state;
+	struct test_smb2_bench_echo_conn *conn;
+	int idx;
+	struct tevent_immediate *im;
+	struct tevent_req *req;
+	struct timeval starttime;
+	uint64_t num_started;
+	uint64_t num_finished;
+	uint64_t total_finished;
+	uint64_t max_finished;
+	double total_latency;
+	double min_latency;
+	double max_latency;
+	NTSTATUS error;
+};
+
+static void test_smb2_bench_echo_loop_do(
+	struct test_smb2_bench_echo_loop *loop);
+
+static void test_smb2_bench_echo_loop_start(struct tevent_context *ctx,
+						       struct tevent_immediate *im,
+						       void *private_data)
+{
+	struct test_smb2_bench_echo_loop *loop =
+		(struct test_smb2_bench_echo_loop *)
+		private_data;
+
+	test_smb2_bench_echo_loop_do(loop);
+}
+
+static void test_smb2_bench_echo_loop_done(struct tevent_req *req);
+
+static void test_smb2_bench_echo_loop_do(
+	struct test_smb2_bench_echo_loop *loop)
+{
+	struct test_smb2_bench_echo_state *state = loop->state;
+
+	loop->num_started += 1;
+	loop->starttime = timeval_current();
+	loop->req = smb2cli_echo_send(state->loops,
+				      state->tctx->ev,
+				      loop->conn->tree->session->transport->conn,
+				      1000);
+	torture_assert_goto(state->tctx, loop->req != NULL,
+			    state->ok, asserted, "smb2cli_echo_send");
+
+	tevent_req_set_callback(loop->req,
+				test_smb2_bench_echo_loop_done,
+				loop);
+	return;
+asserted:
+	state->stop = true;
+}
+
+static void test_smb2_bench_echo_loop_done(struct tevent_req *req)
+{
+	struct test_smb2_bench_echo_loop *loop =
+		(struct test_smb2_bench_echo_loop *)
+		_tevent_req_callback_data(req);
+	struct test_smb2_bench_echo_state *state = loop->state;
+	double latency = timeval_elapsed(&loop->starttime);
+	TALLOC_CTX *frame = talloc_stackframe();
+
+	torture_assert_goto(state->tctx, loop->req == req,
+			    state->ok, asserted, __location__);
+	loop->error = smb2cli_echo_recv(req);
+	torture_assert_ntstatus_ok_goto(state->tctx, loop->error,
+					state->ok, asserted, __location__);
+	SMB_ASSERT(latency >= 0.000001);
+
+	if (loop->num_finished == 0) {
+		/* first round */
+		loop->min_latency = latency;
+		loop->max_latency = latency;
+	}
+
+	loop->num_finished += 1;
+	loop->total_finished += 1;
+	loop->total_latency += latency;
+
+	if (latency < loop->min_latency) {
+		loop->min_latency = latency;
+	}
+
+	if (latency > loop->max_latency) {
+		loop->max_latency = latency;
+	}
+
+	if (loop->total_finished >= loop->max_finished) {
+		if (state->pending_loops > 0) {
+			state->pending_loops -= 1;
+		}
+		if (state->pending_loops == 0) {
+			goto asserted;
+		}
+	}
+
+	TALLOC_FREE(frame);
+	test_smb2_bench_echo_loop_do(loop);
+	return;
+asserted:
+	state->stop = true;
+	TALLOC_FREE(frame);
+}
+
+static void test_smb2_bench_echo_progress(struct tevent_context *ev,
+					  struct tevent_timer *te,
+					  struct timeval current_time,
+					  void *private_data)
+{
+	struct test_smb2_bench_echo_state *state =
+		(struct test_smb2_bench_echo_state *)private_data;
+	uint64_t num_echos = 0;
+	double total_echo_latency = 0;
+	double min_echo_latency = 0;
+	double max_echo_latency = 0;
+	double avs_echo_latency = 0;
+	size_t i;
+
+	state->timecount += 1;
+
+	for (i=0;i<state->num_loops;i++) {
+		struct test_smb2_bench_echo_loop *loop =
+			&state->loops[i];
+
+		num_echos += loop->num_finished;
+		total_echo_latency += loop->total_latency;
+		if (min_echo_latency == 0.0 && loop->min_latency != 0.0) {
+			min_echo_latency = loop->min_latency;
+		}
+		if (loop->min_latency < min_echo_latency) {
+			min_echo_latency = loop->min_latency;
+		}
+		if (max_echo_latency == 0.0) {
+			max_echo_latency = loop->max_latency;
+		}
+		if (loop->max_latency > max_echo_latency) {
+			max_echo_latency = loop->max_latency;
+		}
+		loop->num_finished = 0;
+		loop->total_latency = 0.0;
+	}
+
+	state->num_finished += num_echos;
+	state->total_latency += total_echo_latency;
+	if (state->min_latency == 0.0 && min_echo_latency != 0.0) {
+		state->min_latency = min_echo_latency;
+	}
+	if (min_echo_latency < state->min_latency) {
+		state->min_latency = min_echo_latency;
+	}
+	if (state->max_latency == 0.0) {
+		state->max_latency = max_echo_latency;
+	}
+	if (max_echo_latency > state->max_latency) {
+		state->max_latency = max_echo_latency;
+	}
+
+	if (state->timecount < state->timelimit) {
+		te = tevent_add_timer(state->tctx->ev,
+				      state,
+				      timeval_current_ofs(1, 0),
+				      test_smb2_bench_echo_progress,
+				      state);
+		torture_assert_goto(state->tctx, te != NULL,
+				    state->ok, asserted, "tevent_add_timer");
+
+		if (!torture_setting_bool(state->tctx, "progress", true)) {
+			return;
+		}
+
+		avs_echo_latency = total_echo_latency / num_echos;
+
+		torture_comment(state->tctx,
+				"%.2f second: "
+				"echo[num/s=%llu,avslat=%.6f,minlat=%.6f,maxlat=%.6f]      \r",
+				timeval_elapsed(&state->starttime),
+				(unsigned long long)num_echos,
+				avs_echo_latency,
+				min_echo_latency,
+				max_echo_latency);
+		return;
+	}
+
+	avs_echo_latency = state->total_latency / state->num_finished;
+	num_echos = state->num_finished / state->timelimit;
+
+	torture_comment(state->tctx,
+			"%.2f second: "
+			"echo[num/s=%llu,avslat=%.6f,minlat=%.6f,maxlat=%.6f]\n",
+			timeval_elapsed(&state->starttime),
+			(unsigned long long)num_echos,
+			avs_echo_latency,
+			state->min_latency,
+			state->max_latency);
+
+asserted:
+	state->stop = true;
+}
+
+static bool test_smb2_bench_echo(struct torture_context *tctx,
+			         struct smb2_tree *tree)
+{
+	struct test_smb2_bench_echo_state *state = NULL;
+	bool ret = true;
+	int torture_nprocs = torture_setting_int(tctx, "nprocs", 4);
+	int torture_qdepth = torture_setting_int(tctx, "qdepth", 1);
+	size_t i;
+	size_t li = 0;
+	int looplimit = torture_setting_int(tctx, "looplimit", -1);
+	int timelimit = torture_setting_int(tctx, "timelimit", 10);
+	struct tevent_timer *te = NULL;
+	uint32_t timeout_msec;
+
+	state = talloc_zero(tctx, struct test_smb2_bench_echo_state);
+	torture_assert(tctx, state != NULL, __location__);
+	state->tctx = tctx;
+	state->num_conns = torture_nprocs;
+	state->conns = talloc_zero_array(state,
+			struct test_smb2_bench_echo_conn,
+			state->num_conns);
+	torture_assert(tctx, state->conns != NULL, __location__);
+	state->num_loops = torture_nprocs * torture_qdepth;
+	state->loops = talloc_zero_array(state,
+			struct test_smb2_bench_echo_loop,
+			state->num_loops);
+	torture_assert(tctx, state->loops != NULL, __location__);
+	state->ok = true;
+	state->timelimit = MAX(timelimit, 1);
+
+	timeout_msec = tree->session->transport->options.request_timeout * 1000;
+
+	torture_comment(tctx, "Opening %zu connections\n", state->num_conns);
+
+	for (i=0;i<state->num_conns;i++) {
+		struct smb2_tree *ct = NULL;
+		DATA_BLOB out_input_buffer = data_blob_null;
+		DATA_BLOB out_output_buffer = data_blob_null;
+		size_t pcli;
+
+		state->conns[i].state = state;
+		state->conns[i].idx = i;
+
+		if (!torture_smb2_connection(tctx, &ct)) {
+			torture_comment(tctx, "Failed opening %zu/%zu connections\n", i, state->num_conns);
+			return false;
+		}
+		state->conns[i].tree = talloc_steal(state->conns, ct);
+
+		smb2cli_conn_set_max_credits(ct->session->transport->conn, 8192);
+		smb2cli_ioctl(ct->session->transport->conn,
+			      timeout_msec,
+			      ct->session->smbXcli,
+			      ct->smbXcli,
+			      UINT64_MAX, /* in_fid_persistent */
+			      UINT64_MAX, /* in_fid_volatile */
+			      UINT32_MAX,
+			      0, /* in_max_input_length */
+			      NULL, /* in_input_buffer */
+			      1, /* in_max_output_length */
+			      NULL, /* in_output_buffer */
+			      SMB2_IOCTL_FLAG_IS_FSCTL,
+			      ct,
+			      &out_input_buffer,
+			      &out_output_buffer);
+		torture_assert(tctx,
+		       smbXcli_conn_is_connected(ct->session->transport->conn),
+		       "smbXcli_conn_is_connected");
+
+		for (pcli = 0; pcli < torture_qdepth; pcli++) {
+			struct test_smb2_bench_echo_loop *loop = &state->loops[li];
+
+			loop->idx = li++;
+			if (looplimit != -1) {
+				loop->max_finished = looplimit;
+			} else {
+				loop->max_finished = UINT64_MAX;
+			}
+			loop->state = state;
+			loop->conn = &state->conns[i];
+			loop->im = tevent_create_immediate(state->loops);
+			torture_assert(tctx, loop->im != NULL, __location__);
+
+			tevent_schedule_immediate(loop->im,
+						  tctx->ev,
+						  test_smb2_bench_echo_loop_start,
+						  loop);
+		}
+	}
+
+	torture_comment(tctx, "Opened %zu connections with qdepth=%d => %zu loops\n",
+			state->num_conns, torture_qdepth, state->num_loops);
+
+	torture_comment(tctx, "Running for %d seconds\n", state->timelimit);
+
+	state->starttime = timeval_current();
+	state->pending_loops = state->num_loops;
+
+	te = tevent_add_timer(tctx->ev,
+			      state,
+			      timeval_current_ofs(1, 0),
+			      test_smb2_bench_echo_progress,
+			      state);
+	torture_assert(tctx, te != NULL, __location__);
+
+	while (!state->stop) {
+		int rc = tevent_loop_once(tctx->ev);
+		torture_assert_int_equal(tctx, rc, 0, "tevent_loop_once");
+	}
+
+	torture_comment(tctx, "%.2f seconds\n", timeval_elapsed(&state->starttime));
+	TALLOC_FREE(state);
+	return ret;
+}
+
+/*
+   stress testing path base operations
+   e.g. contention on lockting.tdb records
+ */
+
+struct test_smb2_bench_path_contention_shared_conn;
+struct test_smb2_bench_path_contention_shared_loop;
+
+struct test_smb2_bench_path_contention_shared_state {
+	struct torture_context *tctx;
+	size_t num_conns;
+	struct test_smb2_bench_path_contention_shared_conn *conns;
+	size_t num_loops;
+	struct test_smb2_bench_path_contention_shared_loop *loops;
+	struct timeval starttime;
+	int timecount;
+	int timelimit;
+	struct {
+		uint64_t num_finished;
+		double total_latency;
+		double min_latency;
+		double max_latency;
+	} opens;
+	struct {
+		uint64_t num_finished;
+		double total_latency;
+		double min_latency;
+		double max_latency;
+	} closes;
+	bool ok;
+	bool stop;
+};
+
+struct test_smb2_bench_path_contention_shared_conn {
+	struct test_smb2_bench_path_contention_shared_state *state;
+	int idx;
+	struct smb2_tree *tree;
+};
+
+struct test_smb2_bench_path_contention_shared_loop {
+	struct test_smb2_bench_path_contention_shared_state *state;
+	struct test_smb2_bench_path_contention_shared_conn *conn;
+	int idx;
+	struct tevent_immediate *im;
+	struct {
+		struct smb2_create io;
+		struct smb2_request *req;
+		struct timeval starttime;
+		uint64_t num_started;
+		uint64_t num_finished;
+		double total_latency;
+		double min_latency;
+		double max_latency;
+	} opens;
+	struct {
+		struct smb2_close io;
+		struct smb2_request *req;
+		struct timeval starttime;
+		uint64_t num_started;
+		uint64_t num_finished;
+		double total_latency;
+		double min_latency;
+		double max_latency;
+	} closes;
+	NTSTATUS error;
+};
+
+static void test_smb2_bench_path_contention_loop_open(
+	struct test_smb2_bench_path_contention_shared_loop *loop);
+
+static void test_smb2_bench_path_contention_loop_start(struct tevent_context *ctx,
+						       struct tevent_immediate *im,
+						       void *private_data)
+{
+	struct test_smb2_bench_path_contention_shared_loop *loop =
+		(struct test_smb2_bench_path_contention_shared_loop *)
+		private_data;
+
+	test_smb2_bench_path_contention_loop_open(loop);
+}
+
+static void test_smb2_bench_path_contention_loop_opened(struct smb2_request *req);
+
+static void test_smb2_bench_path_contention_loop_open(
+	struct test_smb2_bench_path_contention_shared_loop *loop)
+{
+	struct test_smb2_bench_path_contention_shared_state *state = loop->state;
+
+	loop->opens.num_started += 1;
+	loop->opens.starttime = timeval_current();
+	loop->opens.req = smb2_create_send(loop->conn->tree, &loop->opens.io);
+	torture_assert_goto(state->tctx, loop->opens.req != NULL,
+			    state->ok, asserted, "smb2_create_send");
+
+	loop->opens.req->async.fn = test_smb2_bench_path_contention_loop_opened;
+	loop->opens.req->async.private_data = loop;
+	return;
+asserted:
+	state->stop = true;
+}
+
+static void test_smb2_bench_path_contention_loop_close(
+	struct test_smb2_bench_path_contention_shared_loop *loop);
+
+static void test_smb2_bench_path_contention_loop_opened(struct smb2_request *req)
+{
+	struct test_smb2_bench_path_contention_shared_loop *loop =
+		(struct test_smb2_bench_path_contention_shared_loop *)
+		req->async.private_data;
+	struct test_smb2_bench_path_contention_shared_state *state = loop->state;
+	double latency = timeval_elapsed(&loop->opens.starttime);
+	TALLOC_CTX *frame = talloc_stackframe();
+
+	torture_assert_goto(state->tctx, loop->opens.req == req,
+			    state->ok, asserted, __location__);
+	loop->error = smb2_create_recv(req, frame, &loop->opens.io);
+	torture_assert_ntstatus_ok_goto(state->tctx, loop->error,
+					state->ok, asserted, __location__);
+	ZERO_STRUCT(loop->opens.io.out.blobs);
+	SMB_ASSERT(latency >= 0.000001);
+
+	if (loop->opens.num_finished == 0) {
+		/* first round */
+		loop->opens.min_latency = latency;
+		loop->opens.max_latency = latency;
+	}
+
+	loop->opens.num_finished += 1;
+	loop->opens.total_latency += latency;
+
+	if (latency < loop->opens.min_latency) {
+		loop->opens.min_latency = latency;
+	}
+
+	if (latency > loop->opens.max_latency) {
+		loop->opens.max_latency = latency;
+	}
+
+	TALLOC_FREE(frame);
+	test_smb2_bench_path_contention_loop_close(loop);
+	return;
+asserted:
+	state->stop = true;
+	TALLOC_FREE(frame);
+}
+
+static void test_smb2_bench_path_contention_loop_closed(struct smb2_request *req);
+
+static void test_smb2_bench_path_contention_loop_close(
+	struct test_smb2_bench_path_contention_shared_loop *loop)
+{
+	struct test_smb2_bench_path_contention_shared_state *state = loop->state;
+
+	loop->closes.num_started += 1;
+	loop->closes.starttime = timeval_current();
+	loop->closes.io.in.file = loop->opens.io.out.file;
+	loop->closes.req = smb2_close_send(loop->conn->tree, &loop->closes.io);
+	torture_assert_goto(state->tctx, loop->closes.req != NULL,
+			    state->ok, asserted, "smb2_close_send");
+
+	loop->closes.req->async.fn = test_smb2_bench_path_contention_loop_closed;
+	loop->closes.req->async.private_data = loop;
+	return;
+asserted:
+	state->stop = true;
+}
+
+static void test_smb2_bench_path_contention_loop_closed(struct smb2_request *req)
+{
+	struct test_smb2_bench_path_contention_shared_loop *loop =
+		(struct test_smb2_bench_path_contention_shared_loop *)
+		req->async.private_data;
+	struct test_smb2_bench_path_contention_shared_state *state = loop->state;
+	double latency = timeval_elapsed(&loop->closes.starttime);
+
+	torture_assert_goto(state->tctx, loop->closes.req == req,
+			    state->ok, asserted, __location__);
+	loop->error = smb2_close_recv(req, &loop->closes.io);
+	torture_assert_ntstatus_ok_goto(state->tctx, loop->error,
+					state->ok, asserted, __location__);
+	SMB_ASSERT(latency >= 0.000001);
+	if (loop->closes.num_finished == 0) {
+		/* first round */
+		loop->closes.min_latency = latency;
+		loop->closes.max_latency = latency;
+	}
+	loop->closes.num_finished += 1;
+
+	loop->closes.total_latency += latency;
+
+	if (latency < loop->closes.min_latency) {
+		loop->closes.min_latency = latency;
+	}
+
+	if (latency > loop->closes.max_latency) {
+		loop->closes.max_latency = latency;
+	}
+
+	test_smb2_bench_path_contention_loop_open(loop);
+	return;
+asserted:
+	state->stop = true;
+}
+
+static void test_smb2_bench_path_contention_progress(struct tevent_context *ev,
+						     struct tevent_timer *te,
+						     struct timeval current_time,
+						     void *private_data)
+{
+	struct test_smb2_bench_path_contention_shared_state *state =
+		(struct test_smb2_bench_path_contention_shared_state *)private_data;
+	uint64_t num_opens = 0;
+	double total_open_latency = 0;
+	double min_open_latency = 0;
+	double max_open_latency = 0;
+	double avs_open_latency = 0;
+	uint64_t num_closes = 0;
+	double total_close_latency = 0;
+	double min_close_latency = 0;
+	double max_close_latency = 0;
+	double avs_close_latency = 0;
+	size_t i;
+
+	state->timecount += 1;
+
+	for (i=0;i<state->num_loops;i++) {
+		struct test_smb2_bench_path_contention_shared_loop *loop =
+			&state->loops[i];
+
+		num_opens += loop->opens.num_finished;
+		total_open_latency += loop->opens.total_latency;
+		if (min_open_latency == 0.0 && loop->opens.min_latency != 0.0) {
+			min_open_latency = loop->opens.min_latency;
+		}
+		if (loop->opens.min_latency < min_open_latency) {
+			min_open_latency = loop->opens.min_latency;
+		}
+		if (max_open_latency == 0.0) {
+			max_open_latency = loop->opens.max_latency;
+		}
+		if (loop->opens.max_latency > max_open_latency) {
+			max_open_latency = loop->opens.max_latency;
+		}
+		loop->opens.num_finished = 0;
+		loop->opens.total_latency = 0.0;
+
+		num_closes += loop->closes.num_finished;
+		total_close_latency += loop->closes.total_latency;
+		if (min_close_latency == 0.0 && loop->closes.min_latency != 0.0) {
+			min_close_latency = loop->closes.min_latency;
+		}
+		if (loop->closes.min_latency < min_close_latency) {
+			min_close_latency = loop->closes.min_latency;
+		}
+		if (max_close_latency == 0.0) {
+			max_close_latency = loop->closes.max_latency;
+		}
+		if (loop->closes.max_latency > max_close_latency) {
+			max_close_latency = loop->closes.max_latency;
+		}
+		loop->closes.num_finished = 0;
+		loop->closes.total_latency = 0.0;
+	}
+
+	state->opens.num_finished += num_opens;
+	state->opens.total_latency += total_open_latency;
+	if (state->opens.min_latency == 0.0 && min_open_latency != 0.0) {
+		state->opens.min_latency = min_open_latency;
+	}
+	if (min_open_latency < state->opens.min_latency) {
+		state->opens.min_latency = min_open_latency;
+	}
+	if (state->opens.max_latency == 0.0) {
+		state->opens.max_latency = max_open_latency;
+	}
+	if (max_open_latency > state->opens.max_latency) {
+		state->opens.max_latency = max_open_latency;
+	}
+
+	state->closes.num_finished += num_closes;
+	state->closes.total_latency += total_close_latency;
+	if (state->closes.min_latency == 0.0 && min_close_latency != 0.0) {
+		state->closes.min_latency = min_close_latency;
+	}
+	if (min_close_latency < state->closes.min_latency) {
+		state->closes.min_latency = min_close_latency;
+	}
+	if (state->closes.max_latency == 0.0) {
+		state->closes.max_latency = max_close_latency;
+	}
+	if (max_close_latency > state->closes.max_latency) {
+		state->closes.max_latency = max_close_latency;
+	}
+
+	if (state->timecount < state->timelimit) {
+		te = tevent_add_timer(state->tctx->ev,
+				      state,
+				      timeval_current_ofs(1, 0),
+				      test_smb2_bench_path_contention_progress,
+				      state);
+		torture_assert_goto(state->tctx, te != NULL,
+				    state->ok, asserted, "tevent_add_timer");
+
+		if (!torture_setting_bool(state->tctx, "progress", true)) {
+			return;
+		}
+
+		avs_open_latency = total_open_latency / num_opens;
+		avs_close_latency = total_close_latency / num_closes;
+
+		torture_comment(state->tctx,
+				"%.2f second: "
+				"open[num/s=%llu,avslat=%.6f,minlat=%.6f,maxlat=%.6f] "
+				"close[num/s=%llu,avslat=%.6f,minlat=%.6f,maxlat=%.6f]     \r",
+				timeval_elapsed(&state->starttime),
+				(unsigned long long)num_opens,
+				avs_open_latency,
+				min_open_latency,
+				max_open_latency,
+				(unsigned long long)num_closes,
+				avs_close_latency,
+				min_close_latency,
+				max_close_latency);
+		return;
+	}
+
+	avs_open_latency = state->opens.total_latency / state->opens.num_finished;
+	avs_close_latency = state->closes.total_latency / state->closes.num_finished;
+	num_opens = state->opens.num_finished / state->timelimit;
+	num_closes = state->closes.num_finished / state->timelimit;
+
+	torture_comment(state->tctx,
+			"%.2f second: "
+			"open[num/s=%llu,avslat=%.6f,minlat=%.6f,maxlat=%.6f] "
+			"close[num/s=%llu,avslat=%.6f,minlat=%.6f,maxlat=%.6f]\n",
+			timeval_elapsed(&state->starttime),
+			(unsigned long long)num_opens,
+			avs_open_latency,
+			state->opens.min_latency,
+			state->opens.max_latency,
+			(unsigned long long)num_closes,
+			avs_close_latency,
+			state->closes.min_latency,
+			state->closes.max_latency);
+
+asserted:
+	state->stop = true;
+}
+
+bool test_smb2_bench_path_contention_shared(struct torture_context *tctx,
+					    struct smb2_tree *tree)
+{
+	struct test_smb2_bench_path_contention_shared_state *state = NULL;
+	bool ret = true;
+	int torture_nprocs = torture_setting_int(tctx, "nprocs", 4);
+	int torture_qdepth = torture_setting_int(tctx, "qdepth", 1);
+	size_t i;
+	size_t li = 0;
+	int timelimit = torture_setting_int(tctx, "timelimit", 10);
+	const char *path = torture_setting_string(tctx, "bench_path", "");
+	struct smb2_create open_io = { .level = RAW_OPEN_SMB2, };
+	struct smb2_close close_io = { .level = RAW_CLOSE_SMB2, };
+	struct tevent_timer *te = NULL;
+	uint32_t timeout_msec;
+
+	state = talloc_zero(tctx, struct test_smb2_bench_path_contention_shared_state);
+	torture_assert(tctx, state != NULL, __location__);
+	state->tctx = tctx;
+	state->num_conns = torture_nprocs;
+	state->conns = talloc_zero_array(state,
+			struct test_smb2_bench_path_contention_shared_conn,
+			state->num_conns);
+	torture_assert(tctx, state->conns != NULL, __location__);
+	state->num_loops = torture_nprocs * torture_qdepth;
+	state->loops = talloc_zero_array(state,
+			struct test_smb2_bench_path_contention_shared_loop,
+			state->num_loops);
+	torture_assert(tctx, state->loops != NULL, __location__);
+	state->ok = true;
+	state->timelimit = MAX(timelimit, 1);
+
+	open_io.in.desired_access = SEC_DIR_READ_ATTRIBUTE;
+	open_io.in.alloc_size = 0;
+	open_io.in.file_attributes = 0;
+	open_io.in.share_access = FILE_SHARE_DELETE | FILE_SHARE_READ | FILE_SHARE_WRITE;
+	open_io.in.create_disposition = FILE_OPEN;
+	open_io.in.create_options = FILE_OPEN_REPARSE_POINT;
+	open_io.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	open_io.in.security_flags = 0;
+	open_io.in.fname = path;
+	open_io.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	open_io.in.oplock_level = SMB2_OPLOCK_LEVEL_NONE;
+
+	timeout_msec = tree->session->transport->options.request_timeout * 1000;
+
+	torture_comment(tctx, "Opening %zd connections\n", state->num_conns);
+
+	for (i=0;i<state->num_conns;i++) {
+		struct smb2_tree *ct = NULL;
+		DATA_BLOB out_input_buffer = data_blob_null;
+		DATA_BLOB out_output_buffer = data_blob_null;
+		size_t pcli;
+
+		state->conns[i].state = state;
+		state->conns[i].idx = i;
+
+		if (!torture_smb2_connection(tctx, &ct)) {
+			torture_comment(tctx, "Failed opening %zd/%zd connections\n", i, state->num_conns);
+			return false;
+		}
+		state->conns[i].tree = talloc_steal(state->conns, ct);
+
+		smb2cli_conn_set_max_credits(ct->session->transport->conn, 8192);
+		smb2cli_ioctl(ct->session->transport->conn,
+			      timeout_msec,
+			      ct->session->smbXcli,
+			      ct->smbXcli,
+			      UINT64_MAX, /* in_fid_persistent */
+			      UINT64_MAX, /* in_fid_volatile */
+			      UINT32_MAX,
+			      0, /* in_max_input_length */
+			      NULL, /* in_input_buffer */
+			      1, /* in_max_output_length */
+			      NULL, /* in_output_buffer */
+			      SMB2_IOCTL_FLAG_IS_FSCTL,
+			      ct,
+			      &out_input_buffer,
+			      &out_output_buffer);
+		torture_assert(tctx,
+		       smbXcli_conn_is_connected(ct->session->transport->conn),
+		       "smbXcli_conn_is_connected");
+		for (pcli = 0; pcli < torture_qdepth; pcli++) {
+			struct test_smb2_bench_path_contention_shared_loop *loop = &state->loops[li];
+
+			loop->idx = li++;
+			loop->state = state;
+			loop->conn = &state->conns[i];
+			loop->im = tevent_create_immediate(state->loops);
+			torture_assert(tctx, loop->im != NULL, __location__);
+			loop->opens.io = open_io;
+			loop->closes.io = close_io;
+
+			tevent_schedule_immediate(loop->im,
+						  tctx->ev,
+						  test_smb2_bench_path_contention_loop_start,
+						  loop);
+		}
+	}
+
+	torture_comment(tctx, "Opened %zu connections with qdepth=%d => %zu loops\n",
+			state->num_conns, torture_qdepth, state->num_loops);
+
+	torture_comment(tctx, "Running for %d seconds\n", state->timelimit);
+
+	state->starttime = timeval_current();
+
+	te = tevent_add_timer(tctx->ev,
+			      state,
+			      timeval_current_ofs(1, 0),
+			      test_smb2_bench_path_contention_progress,
+			      state);
+	torture_assert(tctx, te != NULL, __location__);
+
+	while (!state->stop) {
+		int rc = tevent_loop_once(tctx->ev);
+		torture_assert_int_equal(tctx, rc, 0, "tevent_loop_once");
+	}
+
+	torture_comment(tctx, "%.2f seconds\n", timeval_elapsed(&state->starttime));
+	TALLOC_FREE(state);
+	return ret;
+}
+
+/*
+   stress testing read iops
+ */
+
+struct test_smb2_bench_read_conn;
+struct test_smb2_bench_read_loop;
+
+struct test_smb2_bench_read_state {
+	struct torture_context *tctx;
+	size_t num_conns;
+	struct test_smb2_bench_read_conn *conns;
+	size_t num_loops;
+	struct test_smb2_bench_read_loop *loops;
+	size_t pending_loops;
+	uint32_t io_size;
+	struct timeval starttime;
+	int timecount;
+	int timelimit;
+	uint64_t num_finished;
+	double total_latency;
+	double min_latency;
+	double max_latency;
+	bool ok;
+	bool stop;
+};
+
+struct test_smb2_bench_read_conn {
+	struct test_smb2_bench_read_state *state;
+	int idx;
+	struct smb2_tree *tree;
+};
+
+struct test_smb2_bench_read_loop {
+	struct test_smb2_bench_read_state *state;
+	struct test_smb2_bench_read_conn *conn;
+	int idx;
+	struct tevent_immediate *im;
+	char *fname;
+	struct smb2_handle handle;
+	struct tevent_req *req;
+	struct timeval starttime;
+	uint64_t num_started;
+	uint64_t num_finished;
+	uint64_t total_finished;
+	uint64_t max_finished;
+	double total_latency;
+	double min_latency;
+	double max_latency;
+	NTSTATUS error;
+};
+
+static void test_smb2_bench_read_loop_do(
+	struct test_smb2_bench_read_loop *loop);
+
+static void test_smb2_bench_read_loop_start(struct tevent_context *ctx,
+						       struct tevent_immediate *im,
+						       void *private_data)
+{
+	struct test_smb2_bench_read_loop *loop =
+		(struct test_smb2_bench_read_loop *)
+		private_data;
+
+	test_smb2_bench_read_loop_do(loop);
+}
+
+static void test_smb2_bench_read_loop_done(struct tevent_req *req);
+
+static void test_smb2_bench_read_loop_do(
+	struct test_smb2_bench_read_loop *loop)
+{
+	struct test_smb2_bench_read_state *state = loop->state;
+	uint32_t timeout_msec;
+
+	timeout_msec = loop->conn->tree->session->transport->options.request_timeout * 1000;
+
+	loop->num_started += 1;
+	loop->starttime = timeval_current();
+	loop->req = smb2cli_read_send(state->loops,
+				      state->tctx->ev,
+				      loop->conn->tree->session->transport->conn,
+				      timeout_msec,
+				      loop->conn->tree->session->smbXcli,
+				      loop->conn->tree->smbXcli,
+				      state->io_size, /* length */
+				      0,              /* offset */
+				      loop->handle.data[0],/* fid_persistent */
+				      loop->handle.data[1],/* fid_volatile */
+				      state->io_size, /* minimum_count */
+				      0);              /* remaining_bytes */
+	torture_assert_goto(state->tctx, loop->req != NULL,
+			    state->ok, asserted, "smb2cli_read_send");
+
+	tevent_req_set_callback(loop->req,
+				test_smb2_bench_read_loop_done,
+				loop);
+	return;
+asserted:
+	state->stop = true;
+}
+
+static void test_smb2_bench_read_loop_done(struct tevent_req *req)
+{
+	struct test_smb2_bench_read_loop *loop =
+		(struct test_smb2_bench_read_loop *)
+		_tevent_req_callback_data(req);
+	struct test_smb2_bench_read_state *state = loop->state;
+	double latency = timeval_elapsed(&loop->starttime);
+	TALLOC_CTX *frame = talloc_stackframe();
+	uint8_t *data = NULL;
+	uint32_t data_length = 0;
+
+	torture_assert_goto(state->tctx, loop->req == req,
+			    state->ok, asserted, __location__);
+	loop->error = smb2cli_read_recv(req, frame, &data, &data_length);
+	torture_assert_ntstatus_ok_goto(state->tctx, loop->error,
+					state->ok, asserted, __location__);
+	torture_assert_u32_equal_goto(state->tctx, data_length, state->io_size,
+					state->ok, asserted, __location__);
+	SMB_ASSERT(latency >= 0.000001);
+
+	if (loop->num_finished == 0) {
+		/* first round */
+		loop->min_latency = latency;
+		loop->max_latency = latency;
+	}
+
+	loop->num_finished += 1;
+	loop->total_finished += 1;
+	loop->total_latency += latency;
+
+	if (latency < loop->min_latency) {
+		loop->min_latency = latency;
+	}
+
+	if (latency > loop->max_latency) {
+		loop->max_latency = latency;
+	}
+
+	if (loop->total_finished >= loop->max_finished) {
+		if (state->pending_loops > 0) {
+			state->pending_loops -= 1;
+		}
+		if (state->pending_loops == 0) {
+			goto asserted;
+		}
+	}
+
+	TALLOC_FREE(frame);
+	test_smb2_bench_read_loop_do(loop);
+	return;
+asserted:
+	state->stop = true;
+	TALLOC_FREE(frame);
+}
+
+static void test_smb2_bench_read_progress(struct tevent_context *ev,
+					  struct tevent_timer *te,
+					  struct timeval current_time,
+					  void *private_data)
+{
+	struct test_smb2_bench_read_state *state =
+		(struct test_smb2_bench_read_state *)private_data;
+	uint64_t num_reads = 0;
+	double total_read_latency = 0;
+	double min_read_latency = 0;
+	double max_read_latency = 0;
+	double avs_read_latency = 0;
+	size_t i;
+
+	state->timecount += 1;
+
+	for (i=0;i<state->num_loops;i++) {
+		struct test_smb2_bench_read_loop *loop =
+			&state->loops[i];
+
+		num_reads += loop->num_finished;
+		total_read_latency += loop->total_latency;
+		if (min_read_latency == 0.0 && loop->min_latency != 0.0) {
+			min_read_latency = loop->min_latency;
+		}
+		if (loop->min_latency < min_read_latency) {
+			min_read_latency = loop->min_latency;
+		}
+		if (max_read_latency == 0.0) {
+			max_read_latency = loop->max_latency;
+		}
+		if (loop->max_latency > max_read_latency) {
+			max_read_latency = loop->max_latency;
+		}
+		loop->num_finished = 0;
+		loop->total_latency = 0.0;
+	}
+
+	state->num_finished += num_reads;
+	state->total_latency += total_read_latency;
+	if (state->min_latency == 0.0 && min_read_latency != 0.0) {
+		state->min_latency = min_read_latency;
+	}
+	if (min_read_latency < state->min_latency) {
+		state->min_latency = min_read_latency;
+	}
+	if (state->max_latency == 0.0) {
+		state->max_latency = max_read_latency;
+	}
+	if (max_read_latency > state->max_latency) {
+		state->max_latency = max_read_latency;
+	}
+
+	if (state->timecount < state->timelimit) {
+		te = tevent_add_timer(state->tctx->ev,
+				      state,
+				      timeval_current_ofs(1, 0),
+				      test_smb2_bench_read_progress,
+				      state);
+		torture_assert_goto(state->tctx, te != NULL,
+				    state->ok, asserted, "tevent_add_timer");
+
+		if (!torture_setting_bool(state->tctx, "progress", true)) {
+			return;
+		}
+
+		avs_read_latency = total_read_latency / num_reads;
+
+		torture_comment(state->tctx,
+				"%.2f second: "
+				"read[num/s=%llu,bytes/s=%llu,avslat=%.6f,minlat=%.6f,maxlat=%.6f]      \r",
+				timeval_elapsed(&state->starttime),
+				(unsigned long long)num_reads,
+				(unsigned long long)num_reads*state->io_size,
+				avs_read_latency,
+				min_read_latency,
+				max_read_latency);
+		return;
+	}
+
+	avs_read_latency = state->total_latency / state->num_finished;
+	num_reads = state->num_finished / state->timelimit;
+
+	torture_comment(state->tctx,
+			"%.2f second: "
+			"read[num/s=%llu,bytes/s=%llu,avslat=%.6f,minlat=%.6f,maxlat=%.6f]\n",
+			timeval_elapsed(&state->starttime),
+			(unsigned long long)num_reads,
+			(unsigned long long)num_reads*state->io_size,
+			avs_read_latency,
+			state->min_latency,
+			state->max_latency);
+
+asserted:
+	state->stop = true;
+}
+
+static bool test_smb2_bench_read(struct torture_context *tctx,
+			         struct smb2_tree *tree)
+{
+	struct test_smb2_bench_read_state *state = NULL;
+	bool ret = true;
+	int torture_nprocs = torture_setting_int(tctx, "nprocs", 4);
+	int torture_qdepth = torture_setting_int(tctx, "qdepth", 1);
+	int torture_io_size = torture_setting_int(tctx, "io_size", 4096);
+	size_t i;
+	size_t li = 0;
+	int looplimit = torture_setting_int(tctx, "looplimit", -1);
+	int timelimit = torture_setting_int(tctx, "timelimit", 10);
+	struct tevent_timer *te = NULL;
+	uint32_t timeout_msec;
+	const char *dname = "bench_read_dir";
+	const char *unique = generate_random_str(tctx, 8);
+	struct smb2_handle dh;
+	NTSTATUS status;
+
+	smb2_deltree(tree, dname);
+
+	status = torture_smb2_testdir(tree, dname, &dh);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_util_close(tree, dh);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	state = talloc_zero(tctx, struct test_smb2_bench_read_state);
+	torture_assert(tctx, state != NULL, __location__);
+	state->tctx = tctx;
+	state->num_conns = torture_nprocs;
+	state->conns = talloc_zero_array(state,
+			struct test_smb2_bench_read_conn,
+			state->num_conns);
+	torture_assert(tctx, state->conns != NULL, __location__);
+	state->num_loops = torture_nprocs * torture_qdepth;
+	state->loops = talloc_zero_array(state,
+			struct test_smb2_bench_read_loop,
+			state->num_loops);
+	torture_assert(tctx, state->loops != NULL, __location__);
+	state->ok = true;
+	state->timelimit = MAX(timelimit, 1);
+	state->io_size = MAX(torture_io_size, 1);
+	state->io_size = MIN(state->io_size, 16*1024*1024);
+
+	timeout_msec = tree->session->transport->options.request_timeout * 1000;
+
+	torture_comment(tctx, "Opening %zu connections\n", state->num_conns);
+
+	for (i=0;i<state->num_conns;i++) {
+		struct smb2_tree *ct = NULL;
+		DATA_BLOB out_input_buffer = data_blob_null;
+		DATA_BLOB out_output_buffer = data_blob_null;
+		size_t pcli;
+
+		state->conns[i].state = state;
+		state->conns[i].idx = i;
+
+		if (!torture_smb2_connection(tctx, &ct)) {
+			torture_comment(tctx, "Failed opening %zu/%zu connections\n", i, state->num_conns);
+			return false;
+		}
+		state->conns[i].tree = talloc_steal(state->conns, ct);
+
+		smb2cli_conn_set_max_credits(ct->session->transport->conn, 8192);
+		smb2cli_ioctl(ct->session->transport->conn,
+			      timeout_msec,
+			      ct->session->smbXcli,
+			      ct->smbXcli,
+			      UINT64_MAX, /* in_fid_persistent */
+			      UINT64_MAX, /* in_fid_volatile */
+			      UINT32_MAX,
+			      0, /* in_max_input_length */
+			      NULL, /* in_input_buffer */
+			      1, /* in_max_output_length */
+			      NULL, /* in_output_buffer */
+			      SMB2_IOCTL_FLAG_IS_FSCTL,
+			      ct,
+			      &out_input_buffer,
+			      &out_output_buffer);
+		torture_assert(tctx,
+		       smbXcli_conn_is_connected(ct->session->transport->conn),
+		       "smbXcli_conn_is_connected");
+
+		for (pcli = 0; pcli < torture_qdepth; pcli++) {
+			struct test_smb2_bench_read_loop *loop = &state->loops[li];
+			struct smb2_create cr;
+			union smb_setfileinfo sfinfo;
+
+			loop->idx = li++;
+			if (looplimit != -1) {
+				loop->max_finished = looplimit;
+			} else {
+				loop->max_finished = UINT64_MAX;
+			}
+			loop->state = state;
+			loop->conn = &state->conns[i];
+			loop->im = tevent_create_immediate(state->loops);
+			torture_assert(tctx, loop->im != NULL, __location__);
+
+			loop->fname = talloc_asprintf(state->loops,
+						"%s\\%s_loop_%zu_conn_%zu_loop_%zu.dat",
+						dname, unique, li, i, pcli);
+			torture_assert(tctx, loop->fname != NULL, __location__);
+
+			/* reasonable default parameters */
+			ZERO_STRUCT(cr);
+			cr.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+			cr.in.alloc_size = state->io_size;
+			cr.in.desired_access = SEC_RIGHTS_FILE_ALL;
+			cr.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+			cr.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+			cr.in.create_disposition = NTCREATEX_DISP_CREATE;
+			cr.in.create_options =
+				NTCREATEX_OPTIONS_DELETE_ON_CLOSE |
+				NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+			cr.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+			cr.in.security_flags = 0;
+			cr.in.fname = loop->fname;
+			status = smb2_create(state->conns[i].tree, tctx, &cr);
+			CHECK_STATUS(status, NT_STATUS_OK);
+			loop->handle = cr.out.file.handle;
+
+			ZERO_STRUCT(sfinfo);
+			sfinfo.end_of_file_info.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
+			sfinfo.end_of_file_info.in.file.handle = loop->handle;
+			sfinfo.end_of_file_info.in.size = state->io_size;
+			status = smb2_setinfo_file(state->conns[i].tree, &sfinfo);
+			CHECK_STATUS(status, NT_STATUS_OK);
+
+			tevent_schedule_immediate(loop->im,
+						  tctx->ev,
+						  test_smb2_bench_read_loop_start,
+						  loop);
+		}
+	}
+
+	torture_comment(tctx, "Opened %zu connections with qdepth=%d => %zu loops\n",
+			state->num_conns, torture_qdepth, state->num_loops);
+
+	torture_comment(tctx, "Running for %d seconds\n", state->timelimit);
+
+	state->starttime = timeval_current();
+	state->pending_loops = state->num_loops;
+
+	te = tevent_add_timer(tctx->ev,
+			      state,
+			      timeval_current_ofs(1, 0),
+			      test_smb2_bench_read_progress,
+			      state);
+	torture_assert(tctx, te != NULL, __location__);
+
+	while (!state->stop) {
+		int rc = tevent_loop_once(tctx->ev);
+		torture_assert_int_equal(tctx, rc, 0, "tevent_loop_once");
+	}
+
+	torture_comment(tctx, "%.2f seconds\n", timeval_elapsed(&state->starttime));
+	TALLOC_FREE(state);
+	smb2_deltree(tree, dname);
+	return ret;
+}
+
+struct torture_suite *torture_smb2_bench_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "bench");
+
+	torture_suite_add_1smb2_test(suite, "oplock1", test_smb2_bench_oplock);
+	torture_suite_add_1smb2_test(suite, "echo", test_smb2_bench_echo);
+	torture_suite_add_1smb2_test(suite, "path-contention-shared", test_smb2_bench_path_contention_shared);
+	torture_suite_add_1smb2_test(suite, "read", test_smb2_bench_read);
+
+	suite->description = talloc_strdup(suite, "SMB2-BENCH tests");
+
+	return suite;
+}
diff --git a/source4/torture/smb2/block.c b/source4/torture/smb2/block.c
new file mode 100644
index 0000000..b9982b0
--- /dev/null
+++ b/source4/torture/smb2/block.c
@@ -0,0 +1,446 @@
+/*
+ * Unix SMB/CIFS implementation.
+ *
+ * block SMB2 transports using iptables
+ *
+ * Copyright (C) Guenther Deschner, 2017
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "torture/torture.h"
+#include "torture/smb2/proto.h"
+#include "system/network.h"
+#include "lib/util/util_net.h"
+#include "torture/smb2/block.h"
+#include "libcli/smb/smbXcli_base.h"
+#include "lib/util/tevent_ntstatus.h"
+#include "oplock_break_handler.h"
+#include "lease_break_handler.h"
+
+/*
+ * OUTPUT
+ *  |
+ *  -----> SMBTORTURE_OUTPUT
+ *             |
+ *             -----> SMBTORTURE_transportname1
+ *             -----> SMBTORTURE_transportname2
+ */
+
+
+static bool run_cmd(const char *cmd)
+{
+	int ret;
+
+	DEBUG(10, ("%s will call '%s'\n", __location__, cmd));
+
+	ret = system(cmd);
+	if (ret) {
+		DEBUG(1, ("%s failed to execute system call: %s: %d\n",
+			__location__, cmd, ret));
+		return false;
+	}
+
+	return true;
+}
+
+static const char *iptables_command(struct torture_context *tctx)
+{
+	return torture_setting_string(tctx, "iptables_command",
+				      "/usr/sbin/iptables");
+}
+
+char *escape_shell_string(const char *src);
+
+/*
+ * iptables v1.6.1: chain name `SMBTORTURE_INPUT_tree1->session->transport'
+ * too long (must be under 29 chars)
+ *
+ * maybe truncate chainname ?
+ */
+static const char *samba_chain_name(struct torture_context *tctx,
+				    const char *name,
+				    const char *prefix)
+{
+	const char *s;
+	char *sm;
+
+	s = talloc_asprintf(tctx, "%s_%s", prefix, name);
+	if (s == NULL) {
+		return NULL;
+	}
+
+	sm = escape_shell_string(s);
+	if (sm == NULL) {
+		return NULL;
+	}
+
+	s = talloc_strdup(tctx, sm);
+	free(sm);
+
+	return s;
+}
+
+static bool iptables_setup_chain(struct torture_context *tctx,
+				 const char *parent_chain,
+				 const char *chain,
+				 bool unblock)
+{
+	const char *ipt = iptables_command(tctx);
+	const char *cmd;
+
+	if (unblock) {
+		cmd = talloc_asprintf(tctx,
+				"%s -L %s > /dev/null 2>&1 && "
+				"("
+				"%s -F %s;"
+				"%s -D %s -j %s > /dev/null 2>&1 || true;"
+				"%s -X %s;"
+				");"
+				"%s -L %s > /dev/null 2>&1 || true;",
+				ipt, chain,
+				ipt, chain,
+				ipt, parent_chain, chain,
+				ipt, chain,
+				ipt, chain);
+	} else {
+		cmd = talloc_asprintf(tctx,
+				"%s -L %s > /dev/null 2>&1 || "
+				"("
+				"%s -N %s && "
+				"%s -I %s -j %s;"
+				");"
+				"%s -F %s;",
+				ipt, chain,
+				ipt, chain,
+				ipt, parent_chain, chain,
+				ipt, chain);
+	}
+
+	if (cmd == NULL) {
+		return false;
+	}
+
+	if (!run_cmd(cmd)) {
+		return false;
+	}
+
+	return true;
+}
+
+uint16_t torture_get_local_port_from_transport(struct smb2_transport *t)
+{
+	const struct sockaddr_storage *local_ss;
+
+	local_ss = smbXcli_conn_local_sockaddr(t->conn);
+
+	return get_sockaddr_port(local_ss);
+}
+
+static bool torture_block_tcp_output_port_internal(
+						struct torture_context *tctx,
+						const char *name,
+						uint16_t port,
+						bool unblock)
+{
+	const char *ipt = iptables_command(tctx);
+	const char *chain_out = NULL;
+	char *cmd_out = NULL;
+
+	chain_out = samba_chain_name(tctx, name, "SMBTORTURE");
+	if (chain_out == NULL) {
+		return false;
+	}
+
+	torture_comment(tctx, "%sblocking %s dport %d\n",
+			unblock ? "un" : "", name, port);
+
+	if (!unblock) {
+		bool ok;
+
+		iptables_setup_chain(tctx,
+				     "SMBTORTURE_OUTPUT",
+				     chain_out,
+				     true);
+		ok = iptables_setup_chain(tctx,
+					  "SMBTORTURE_OUTPUT",
+					  chain_out,
+					  false);
+		if (!ok) {
+			return false;
+		}
+	}
+
+	cmd_out = talloc_asprintf(tctx,
+				  "%s %s %s -p tcp --sport %d -j DROP",
+				  ipt, unblock ? "-D" : "-I", chain_out, port);
+	if (cmd_out == NULL) {
+		return false;
+	}
+
+	if (!run_cmd(cmd_out)) {
+		return false;
+	}
+
+	if (unblock) {
+		bool ok;
+
+		ok = iptables_setup_chain(tctx,
+					  "SMBTORTURE_OUTPUT",
+					  chain_out,
+					  true);
+		if (!ok) {
+			return false;
+		}
+	}
+
+	return true;
+}
+
+bool torture_block_tcp_output_port(struct torture_context *tctx,
+				   const char *name,
+				   uint16_t port)
+{
+	return torture_block_tcp_output_port_internal(tctx, name, port, false);
+}
+
+bool torture_unblock_tcp_output_port(struct torture_context *tctx,
+				     const char *name,
+				     uint16_t port)
+{
+	return torture_block_tcp_output_port_internal(tctx, name, port, true);
+}
+
+bool torture_block_tcp_output_setup(struct torture_context *tctx)
+{
+	return iptables_setup_chain(tctx, "OUTPUT", "SMBTORTURE_OUTPUT", false);
+}
+
+bool torture_unblock_tcp_output_cleanup(struct torture_context *tctx)
+{
+	return iptables_setup_chain(tctx, "OUTPUT", "SMBTORTURE_OUTPUT", true);
+}
+
+/*
+ * Use iptables to block channels
+ */
+static bool test_block_smb2_transport_iptables(struct torture_context *tctx,
+					       struct smb2_transport *transport,
+					       const char *name)
+{
+	uint16_t local_port;
+	bool ret;
+
+	local_port = torture_get_local_port_from_transport(transport);
+	torture_comment(tctx, "transport[%s] uses tcp port: %d\n", name, local_port);
+	ret = torture_block_tcp_output_port(tctx, name, local_port);
+	torture_assert(tctx, ret, "we could not block tcp transport");
+
+	return ret;
+}
+
+static bool test_unblock_smb2_transport_iptables(struct torture_context *tctx,
+						 struct smb2_transport *transport,
+						 const char *name)
+{
+	uint16_t local_port;
+	bool ret;
+
+	local_port = torture_get_local_port_from_transport(transport);
+	torture_comment(tctx, "transport[%s] uses tcp port: %d\n", name, local_port);
+	ret = torture_unblock_tcp_output_port(tctx, name, local_port);
+	torture_assert(tctx, ret, "we could not block tcp transport");
+
+	return ret;
+}
+
+static bool torture_blocked_lease_handler(struct smb2_transport *transport,
+					  const struct smb2_lease_break *lb,
+					  void *private_data)
+{
+	struct smb2_transport *transport_copy =
+		talloc_get_type_abort(private_data,
+		struct smb2_transport);
+	bool lease_skip_ack = lease_break_info.lease_skip_ack;
+	bool ok;
+
+	lease_break_info.lease_skip_ack = true;
+	ok = transport_copy->lease.handler(transport,
+					   lb,
+					   transport_copy->lease.private_data);
+	lease_break_info.lease_skip_ack = lease_skip_ack;
+
+	if (!ok) {
+		return false;
+	}
+
+	if (lease_break_info.lease_skip_ack) {
+		return true;
+	}
+
+	if (lb->break_flags & SMB2_NOTIFY_BREAK_LEASE_FLAG_ACK_REQUIRED) {
+		lease_break_info.failures++;
+	}
+
+	return true;
+}
+
+static bool torture_blocked_oplock_handler(struct smb2_transport *transport,
+					   const struct smb2_handle *handle,
+					   uint8_t level,
+					   void *private_data)
+{
+	struct smb2_transport *transport_copy =
+		talloc_get_type_abort(private_data,
+		struct smb2_transport);
+	bool oplock_skip_ack = break_info.oplock_skip_ack;
+	bool ok;
+
+	break_info.oplock_skip_ack = true;
+	ok = transport_copy->oplock.handler(transport,
+					    handle,
+					    level,
+					    transport_copy->oplock.private_data);
+	break_info.oplock_skip_ack = oplock_skip_ack;
+
+	if (!ok) {
+		return false;
+	}
+
+	if (break_info.oplock_skip_ack) {
+		return true;
+	}
+
+	break_info.failures++;
+	break_info.failure_status = NT_STATUS_CONNECTION_DISCONNECTED;
+
+	return true;
+}
+
+static bool test_block_smb2_transport_fsctl_smbtorture(struct torture_context *tctx,
+						       struct smb2_transport *transport,
+						       const char *name)
+{
+	struct smb2_transport *transport_copy = NULL;
+	DATA_BLOB in_input_buffer = data_blob_null;
+	DATA_BLOB in_output_buffer = data_blob_null;
+	DATA_BLOB out_input_buffer = data_blob_null;
+	DATA_BLOB out_output_buffer = data_blob_null;
+	struct tevent_req *req = NULL;
+	uint16_t local_port;
+	NTSTATUS status;
+	bool ok;
+
+	transport_copy = talloc_zero(transport, struct smb2_transport);
+	torture_assert(tctx, transport_copy, "talloc transport_copy");
+	transport_copy->lease = transport->lease;
+	transport_copy->oplock = transport->oplock;
+
+	local_port = torture_get_local_port_from_transport(transport);
+	torture_comment(tctx, "transport[%s] uses tcp port: %d\n", name, local_port);
+	req = smb2cli_ioctl_send(tctx,
+				 tctx->ev,
+				 transport->conn,
+				 1000, /* timeout_msec */
+				 NULL, /* session */
+				 NULL, /* tcon */
+				 UINT64_MAX, /* in_fid_persistent */
+				 UINT64_MAX, /* in_fid_volatile */
+				 FSCTL_SMBTORTURE_FORCE_UNACKED_TIMEOUT,
+				 0, /* in_max_input_length */
+				 &in_input_buffer,
+				 0, /* in_max_output_length */
+				 &in_output_buffer,
+				 SMB2_IOCTL_FLAG_IS_FSCTL);
+	torture_assert(tctx, req != NULL, "smb2cli_ioctl_send() failed");
+	ok = tevent_req_poll_ntstatus(req, tctx->ev, &status);
+	if (ok) {
+		status = NT_STATUS_OK;
+	}
+	torture_assert_ntstatus_ok(tctx, status, "tevent_req_poll_ntstatus() failed");
+	status = smb2cli_ioctl_recv(req, tctx,
+				    &out_input_buffer,
+				    &out_output_buffer);
+	torture_assert_ntstatus_ok(tctx, status,
+		"FSCTL_SMBTORTURE_FORCE_UNACKED_TIMEOUT failed\n\n"
+		"On a Samba server 'smbd:FSCTL_SMBTORTURE = yes' is needed!\n\n"
+		"Otherwise you may need to use iptables like this:\n"
+		"--option='torture:use_iptables=yes'\n"
+		"And maybe something like this in addition:\n"
+		"--option='torture:iptables_command=sudo /sbin/iptables'\n\n");
+	TALLOC_FREE(req);
+
+	if (transport->lease.handler != NULL) {
+		transport->lease.handler = torture_blocked_lease_handler;
+		transport->lease.private_data = transport_copy;
+	}
+	if (transport->oplock.handler != NULL) {
+		transport->oplock.handler = torture_blocked_oplock_handler;
+		transport->oplock.private_data = transport_copy;
+	}
+
+	return true;
+}
+
+bool _test_block_smb2_transport(struct torture_context *tctx,
+				struct smb2_transport *transport,
+				const char *name)
+{
+	bool use_iptables = torture_setting_bool(tctx,
+					"use_iptables", false);
+
+	if (use_iptables) {
+		return test_block_smb2_transport_iptables(tctx, transport, name);
+	} else {
+		return test_block_smb2_transport_fsctl_smbtorture(tctx, transport, name);
+	}
+}
+
+bool _test_unblock_smb2_transport(struct torture_context *tctx,
+				  struct smb2_transport *transport,
+				  const char *name)
+{
+	bool use_iptables = torture_setting_bool(tctx,
+					"use_iptables", false);
+
+	if (use_iptables) {
+		return test_unblock_smb2_transport_iptables(tctx, transport, name);
+	} else {
+		return true;
+	}
+}
+
+bool test_setup_blocked_transports(struct torture_context *tctx)
+{
+	bool use_iptables = torture_setting_bool(tctx,
+					"use_iptables", false);
+
+	if (use_iptables) {
+		return torture_block_tcp_output_setup(tctx);
+	}
+
+	return true;
+}
+
+void test_cleanup_blocked_transports(struct torture_context *tctx)
+{
+	bool use_iptables = torture_setting_bool(tctx,
+					"use_iptables", false);
+
+	if (use_iptables) {
+		torture_unblock_tcp_output_cleanup(tctx);
+	}
+}
diff --git a/source4/torture/smb2/block.h b/source4/torture/smb2/block.h
new file mode 100644
index 0000000..6a6370a
--- /dev/null
+++ b/source4/torture/smb2/block.h
@@ -0,0 +1,43 @@
+/*
+ * Unix SMB/CIFS implementation.
+ *
+ * block SMB2 transports using iptables
+ *
+ * Copyright (C) Guenther Deschner, 2017
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+uint16_t torture_get_local_port_from_transport(struct smb2_transport *t);
+
+bool torture_block_tcp_output_port(struct torture_context *tctx,
+				   const char *name,
+				   uint16_t port);
+bool torture_unblock_tcp_output_port(struct torture_context *tctx,
+				     const char *name,
+				     uint16_t port);
+bool torture_block_tcp_output_setup(struct torture_context *tctx);
+bool torture_unblock_tcp_output_cleanup(struct torture_context *tctx);
+
+bool test_setup_blocked_transports(struct torture_context *tctx);
+void test_cleanup_blocked_transports(struct torture_context *tctx);
+
+#define test_block_smb2_transport(_tctx, _t) _test_block_smb2_transport(_tctx, _t, #_t)
+bool _test_block_smb2_transport(struct torture_context *tctx,
+				struct smb2_transport *transport,
+				const char *name);
+#define test_unblock_smb2_transport(_tctx, _t) _test_unblock_smb2_transport(_tctx, _t, #_t)
+bool _test_unblock_smb2_transport(struct torture_context *tctx,
+				  struct smb2_transport *transport,
+				  const char *name);
diff --git a/source4/torture/smb2/charset.c b/source4/torture/smb2/charset.c
new file mode 100644
index 0000000..a385266
--- /dev/null
+++ b/source4/torture/smb2/charset.c
@@ -0,0 +1,235 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   SMB torture tester - charset test routines
+
+   Copyright (C) Andrew Tridgell 2001
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "torture/torture.h"
+#include "torture/smb2/proto.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "param/param.h"
+
+#define BASEDIR "chartest"
+
+/*
+   open a file using a set of unicode code points for the name
+
+   the prefix BASEDIR is added before the name
+*/
+static NTSTATUS unicode_open(struct torture_context *tctx,
+			     struct smb2_tree *tree,
+			     TALLOC_CTX *mem_ctx,
+			     uint32_t create_disposition,
+			     const uint32_t *u_name,
+			     size_t u_name_len)
+{
+	struct smb2_create io = {0};
+	char *fname = NULL;
+	char *fname2 = NULL;
+	char *ucs_name = NULL;
+	size_t i;
+	NTSTATUS status;
+
+	ucs_name = talloc_size(mem_ctx, (1+u_name_len)*2);
+	if (!ucs_name) {
+		torture_comment(tctx, "Failed to create UCS2 Name - talloc() failure\n");
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i=0;i<u_name_len;i++) {
+		SSVAL(ucs_name, i*2, u_name[i]);
+	}
+	SSVAL(ucs_name, i*2, 0);
+
+	if (!convert_string_talloc_handle(ucs_name, lpcfg_iconv_handle(tctx->lp_ctx), CH_UTF16, CH_UNIX, ucs_name, (1+u_name_len)*2, (void **)&fname, &i)) {
+		torture_comment(tctx, "Failed to convert UCS2 Name into unix - convert_string_talloc() failure\n");
+		talloc_free(ucs_name);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	fname2 = talloc_asprintf(ucs_name, "%s\\%s", BASEDIR, fname);
+	if (!fname2) {
+		talloc_free(ucs_name);
+		torture_comment(tctx, "Failed to create fname - talloc() failure\n");
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	io.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.in.create_options = 0;
+	io.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.in.security_flags = 0;
+	io.in.fname = fname2;
+	io.in.create_disposition = create_disposition;
+
+	status = smb2_create(tree, tctx, &io);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(ucs_name);
+		return status;
+	}
+
+	smb2_util_close(tree, io.out.file.handle);
+	talloc_free(ucs_name);
+	return NT_STATUS_OK;
+}
+
+
+/*
+  see if the server recognises composed characters
+*/
+static bool test_composed(struct torture_context *tctx,
+			  struct smb2_tree *tree)
+{
+	const uint32_t name1[] = {0x61, 0x308};
+	const uint32_t name2[] = {0xe4};
+	NTSTATUS status;
+	bool ret = true;
+
+	ret = smb2_util_setup_dir(tctx, tree, BASEDIR);
+	torture_assert_goto(tctx, ret, ret, done, "setting up basedir");
+
+	status = unicode_open(tctx, tree, tctx,
+			      NTCREATEX_DISP_CREATE, name1, 2);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"Failed to create composed name");
+
+	status = unicode_open(tctx, tree, tctx,
+			      NTCREATEX_DISP_CREATE, name2, 1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"Failed to create accented character");
+
+done:
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+/*
+  see if the server recognises a naked diacritical
+*/
+static bool test_diacritical(struct torture_context *tctx,
+			     struct smb2_tree *tree)
+{
+	const uint32_t name1[] = {0x308};
+	const uint32_t name2[] = {0x308, 0x308};
+	NTSTATUS status;
+	bool ret = true;
+
+	ret = smb2_util_setup_dir(tctx, tree, BASEDIR);
+	torture_assert_goto(tctx, ret, ret, done, "setting up basedir");
+
+	status = unicode_open(tctx, tree, tctx,
+			      NTCREATEX_DISP_CREATE, name1, 1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"Failed to create naked diacritical");
+
+	/* try a double diacritical */
+	status = unicode_open(tctx, tree, tctx,
+			      NTCREATEX_DISP_CREATE, name2, 2);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"Failed to create double "
+					"naked diacritical");
+
+done:
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+/*
+  see if the server recognises a partial surrogate pair
+*/
+static bool test_surrogate(struct torture_context *tctx,
+			   struct smb2_tree *tree)
+{
+	const uint32_t name1[] = {0xd800};
+	const uint32_t name2[] = {0xdc00};
+	const uint32_t name3[] = {0xd800, 0xdc00};
+	NTSTATUS status;
+	bool ret = true;
+
+	ret = smb2_util_setup_dir(tctx, tree, BASEDIR);
+	torture_assert_goto(tctx, ret, ret, done, "setting up basedir");
+
+	status = unicode_open(tctx, tree, tctx, NTCREATEX_DISP_CREATE, name1, 1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"Failed to create partial surrogate 1");
+
+	status = unicode_open(tctx, tree, tctx, NTCREATEX_DISP_CREATE, name2, 1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"Failed to create partial surrogate 2");
+
+	status = unicode_open(tctx, tree, tctx, NTCREATEX_DISP_CREATE, name3, 2);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"Failed to create full surrogate");
+
+done:
+	smb2_deltree(tree, BASEDIR);
+	return true;
+}
+
+/*
+  see if the server recognises wide-a characters
+*/
+static bool test_widea(struct torture_context *tctx,
+		       struct smb2_tree *tree)
+{
+	const uint32_t name1[] = {'a'};
+	const uint32_t name2[] = {0xff41};
+	const uint32_t name3[] = {0xff21};
+	NTSTATUS status;
+	bool ret = true;
+
+	ret = smb2_util_setup_dir(tctx, tree, BASEDIR);
+	torture_assert_goto(tctx, ret, ret, done, "setting up basedir");
+
+	status = unicode_open(tctx, tree, tctx, NTCREATEX_DISP_CREATE, name1, 1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"Failed to create 'a'");
+
+	status = unicode_open(tctx, tree, tctx, NTCREATEX_DISP_CREATE, name2, 1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"Failed to create wide-a");
+
+	status = unicode_open(tctx, tree, tctx, NTCREATEX_DISP_CREATE, name3, 1);
+	torture_assert_ntstatus_equal_goto(tctx,
+					   status,
+					   NT_STATUS_OBJECT_NAME_COLLISION,
+					   ret, done,
+					   "Failed to create wide-A");
+
+done:
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+struct torture_suite *torture_smb2_charset(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "charset");
+
+	torture_suite_add_1smb2_test(suite, "Testing composite character (a umlaut)", test_composed);
+	torture_suite_add_1smb2_test(suite, "Testing naked diacritical (umlaut)", test_diacritical);
+	torture_suite_add_1smb2_test(suite, "Testing partial surrogate", test_surrogate);
+	torture_suite_add_1smb2_test(suite, "Testing wide-a", test_widea);
+
+	return suite;
+}
diff --git a/source4/torture/smb2/compound.c b/source4/torture/smb2/compound.c
new file mode 100644
index 0000000..175069d
--- /dev/null
+++ b/source4/torture/smb2/compound.c
@@ -0,0 +1,2595 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   test suite for SMB2 compounded requests
+
+   Copyright (C) Stefan Metzmacher 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "tevent.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "torture/torture.h"
+#include "torture/smb2/proto.h"
+#include "libcli/security/security.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "../libcli/smb/smbXcli_base.h"
+
+#define CHECK_STATUS(status, correct) do { \
+	if (!NT_STATUS_EQUAL(status, correct)) { \
+		torture_result(tctx, TORTURE_FAIL, __location__": Incorrect status %s - should be %s", \
+		       nt_errstr(status), nt_errstr(correct)); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+#define CHECK_VALUE(v, correct) do { \
+	if ((v) != (correct)) { \
+		torture_result(tctx, TORTURE_FAIL, \
+		    "(%s) Incorrect value %s=%d - should be %d\n", \
+		    __location__, #v, (int)v, (int)correct); \
+		ret = false; \
+	}} while (0)
+
+#define WAIT_FOR_ASYNC_RESPONSE(req) \
+	while (!req->cancel.can_cancel && req->state <= SMB2_REQUEST_RECV) { \
+		if (tevent_loop_once(tctx->ev) != 0) { \
+			break; \
+		} \
+	}
+
+static struct {
+	struct smb2_handle handle;
+	uint8_t level;
+	struct smb2_break br;
+	int count;
+	int failures;
+	NTSTATUS failure_status;
+} break_info;
+
+static void torture_oplock_break_callback(struct smb2_request *req)
+{
+	NTSTATUS status;
+	struct smb2_break br;
+
+	ZERO_STRUCT(br);
+	status = smb2_break_recv(req, &break_info.br);
+	if (!NT_STATUS_IS_OK(status)) {
+		break_info.failures++;
+		break_info.failure_status = status;
+	}
+
+	return;
+}
+
+/* A general oplock break notification handler.  This should be used when a
+ * test expects to break from batch or exclusive to a lower level. */
+static bool torture_oplock_handler(struct smb2_transport *transport,
+				   const struct smb2_handle *handle,
+				   uint8_t level,
+				   void *private_data)
+{
+	struct smb2_tree *tree = private_data;
+	const char *name;
+	struct smb2_request *req;
+	ZERO_STRUCT(break_info.br);
+
+	break_info.handle	= *handle;
+	break_info.level	= level;
+	break_info.count++;
+
+	switch (level) {
+	case SMB2_OPLOCK_LEVEL_II:
+		name = "level II";
+		break;
+	case SMB2_OPLOCK_LEVEL_NONE:
+		name = "none";
+		break;
+	default:
+		name = "unknown";
+		break_info.failures++;
+	}
+	printf("Acking to %s [0x%02X] in oplock handler\n", name, level);
+
+	break_info.br.in.file.handle	= *handle;
+	break_info.br.in.oplock_level	= level;
+	break_info.br.in.reserved	= 0;
+	break_info.br.in.reserved2	= 0;
+
+	req = smb2_break_send(tree, &break_info.br);
+	req->async.fn = torture_oplock_break_callback;
+	req->async.private_data = NULL;
+	return true;
+}
+
+static bool test_compound_break(struct torture_context *tctx,
+			         struct smb2_tree *tree)
+{
+	const char *fname1 = "some-file.pptx";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io1;
+	struct smb2_create io2;
+	struct smb2_getinfo gf;
+	struct smb2_request *req[2];
+	struct smb2_handle h1;
+	struct smb2_handle h;
+
+	tree->session->transport->oplock.handler = torture_oplock_handler;
+	tree->session->transport->oplock.private_data = tree;
+
+	ZERO_STRUCT(break_info);
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io1.smb2);
+	io1.generic.level = RAW_OPEN_SMB2;
+	io1.smb2.in.desired_access = (SEC_STD_SYNCHRONIZE|
+					SEC_STD_READ_CONTROL|
+					SEC_FILE_READ_ATTRIBUTE|
+					SEC_FILE_READ_EA|
+					SEC_FILE_READ_DATA);
+	io1.smb2.in.alloc_size = 0;
+	io1.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io1.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+			NTCREATEX_SHARE_ACCESS_WRITE|
+			NTCREATEX_SHARE_ACCESS_DELETE;
+	io1.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io1.smb2.in.create_options = 0;
+	io1.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io1.smb2.in.security_flags = 0;
+	io1.smb2.in.fname = fname1;
+
+	torture_comment(tctx, "TEST2: open a file with an batch "
+			"oplock (share mode: all)\n");
+	io1.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+
+	status = smb2_create(tree, tctx, &(io1.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+
+	h1 = io1.smb2.out.file.handle;
+
+	torture_comment(tctx, "TEST2: Opening second time with compound\n");
+
+	ZERO_STRUCT(io2);
+
+	io2.in.desired_access = (SEC_STD_SYNCHRONIZE|
+				SEC_FILE_READ_ATTRIBUTE|
+				SEC_FILE_READ_EA);
+	io2.in.alloc_size = 0;
+	io2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io2.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+			NTCREATEX_SHARE_ACCESS_WRITE|
+			NTCREATEX_SHARE_ACCESS_DELETE;
+	io2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io2.in.create_options = 0;
+	io2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io2.in.security_flags = 0;
+	io2.in.fname = fname1;
+	io2.in.oplock_level = 0;
+
+	smb2_transport_compound_start(tree->session->transport, 2);
+
+	req[0] = smb2_create_send(tree, &io2);
+
+	smb2_transport_compound_set_related(tree->session->transport, true);
+
+	h.data[0] = UINT64_MAX;
+	h.data[1] = UINT64_MAX;
+
+	ZERO_STRUCT(gf);
+	gf.in.file.handle = h;
+	gf.in.info_type = SMB2_0_INFO_FILE;
+	gf.in.info_class = 0x16;
+	gf.in.output_buffer_length = 0x1000;
+	gf.in.input_buffer = data_blob_null;
+
+	req[1] = smb2_getinfo_send(tree, &gf);
+
+	status = smb2_create_recv(req[0], tree, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_getinfo_recv(req[1], tree, &gf);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+done:
+
+	smb2_util_close(tree, h1);
+	smb2_util_unlink(tree, fname1);
+	return ret;
+}
+
+static bool test_compound_related1(struct torture_context *tctx,
+				   struct smb2_tree *tree)
+{
+	struct smb2_handle hd;
+	struct smb2_create cr;
+	NTSTATUS status;
+	const char *fname = "compound_related1.dat";
+	struct smb2_close cl;
+	bool ret = true;
+	struct smb2_request *req[2];
+	struct smbXcli_tcon *saved_tcon = tree->smbXcli;
+	struct smbXcli_session *saved_session = tree->session->smbXcli;
+
+	smb2_transport_credits_ask_num(tree->session->transport, 2);
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_transport_credits_ask_num(tree->session->transport, 1);
+
+	ZERO_STRUCT(cr);
+	cr.in.security_flags		= 0x00;
+	cr.in.oplock_level		= 0;
+	cr.in.impersonation_level	= NTCREATEX_IMPERSONATION_IMPERSONATION;
+	cr.in.create_flags		= 0x00000000;
+	cr.in.reserved			= 0x00000000;
+	cr.in.desired_access		= SEC_RIGHTS_FILE_ALL;
+	cr.in.file_attributes		= FILE_ATTRIBUTE_NORMAL;
+	cr.in.share_access		= NTCREATEX_SHARE_ACCESS_READ |
+					  NTCREATEX_SHARE_ACCESS_WRITE |
+					  NTCREATEX_SHARE_ACCESS_DELETE;
+	cr.in.create_disposition	= NTCREATEX_DISP_OPEN_IF;
+	cr.in.create_options		= NTCREATEX_OPTIONS_SEQUENTIAL_ONLY |
+					  NTCREATEX_OPTIONS_ASYNC_ALERT	|
+					  NTCREATEX_OPTIONS_NON_DIRECTORY_FILE |
+					  0x00200000;
+	cr.in.fname			= fname;
+
+	smb2_transport_compound_start(tree->session->transport, 2);
+
+	req[0] = smb2_create_send(tree, &cr);
+
+	smb2_transport_compound_set_related(tree->session->transport, true);
+
+	hd.data[0] = UINT64_MAX;
+	hd.data[1] = UINT64_MAX;
+
+	ZERO_STRUCT(cl);
+	cl.in.file.handle = hd;
+
+	tree->smbXcli = smbXcli_tcon_create(tree);
+	smb2cli_tcon_set_values(tree->smbXcli,
+				NULL, /* session */
+				0xFFFFFFFF, /* tcon_id */
+				0, /* type */
+				0, /* flags */
+				0, /* capabilities */
+				0 /* maximal_access */);
+
+	tree->session->smbXcli = smbXcli_session_shallow_copy(tree->session,
+							tree->session->smbXcli);
+	smb2cli_session_set_id_and_flags(tree->session->smbXcli, UINT64_MAX, 0);
+
+	req[1] = smb2_close_send(tree, &cl);
+
+	status = smb2_create_recv(req[0], tree, &cr);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_close_recv(req[1], &cl);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	TALLOC_FREE(tree->smbXcli);
+	tree->smbXcli = saved_tcon;
+	TALLOC_FREE(tree->session->smbXcli);
+	tree->session->smbXcli = saved_session;
+
+	smb2_util_unlink(tree, fname);
+done:
+	return ret;
+}
+
+static bool test_compound_related2(struct torture_context *tctx,
+				   struct smb2_tree *tree)
+{
+	struct smb2_handle hd;
+	struct smb2_create cr;
+	NTSTATUS status;
+	const char *fname = "compound_related2.dat";
+	struct smb2_close cl;
+	bool ret = true;
+	struct smb2_request *req[5];
+	struct smbXcli_tcon *saved_tcon = tree->smbXcli;
+	struct smbXcli_session *saved_session = tree->session->smbXcli;
+
+	smb2_transport_credits_ask_num(tree->session->transport, 5);
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_transport_credits_ask_num(tree->session->transport, 1);
+
+	ZERO_STRUCT(cr);
+	cr.in.security_flags		= 0x00;
+	cr.in.oplock_level		= 0;
+	cr.in.impersonation_level	= NTCREATEX_IMPERSONATION_IMPERSONATION;
+	cr.in.create_flags		= 0x00000000;
+	cr.in.reserved			= 0x00000000;
+	cr.in.desired_access		= SEC_RIGHTS_FILE_ALL;
+	cr.in.file_attributes		= FILE_ATTRIBUTE_NORMAL;
+	cr.in.share_access		= NTCREATEX_SHARE_ACCESS_READ |
+					  NTCREATEX_SHARE_ACCESS_WRITE |
+					  NTCREATEX_SHARE_ACCESS_DELETE;
+	cr.in.create_disposition	= NTCREATEX_DISP_OPEN_IF;
+	cr.in.create_options		= NTCREATEX_OPTIONS_SEQUENTIAL_ONLY |
+					  NTCREATEX_OPTIONS_ASYNC_ALERT	|
+					  NTCREATEX_OPTIONS_NON_DIRECTORY_FILE |
+					  0x00200000;
+	cr.in.fname			= fname;
+
+	smb2_transport_compound_start(tree->session->transport, 5);
+
+	req[0] = smb2_create_send(tree, &cr);
+
+	hd.data[0] = UINT64_MAX;
+	hd.data[1] = UINT64_MAX;
+
+	smb2_transport_compound_set_related(tree->session->transport, true);
+
+	ZERO_STRUCT(cl);
+	cl.in.file.handle = hd;
+
+	tree->smbXcli = smbXcli_tcon_create(tree);
+	smb2cli_tcon_set_values(tree->smbXcli,
+				NULL, /* session */
+				0xFFFFFFFF, /* tcon_id */
+				0, /* type */
+				0, /* flags */
+				0, /* capabilities */
+				0 /* maximal_access */);
+
+	tree->session->smbXcli = smbXcli_session_shallow_copy(tree->session,
+							tree->session->smbXcli);
+	smb2cli_session_set_id_and_flags(tree->session->smbXcli, UINT64_MAX, 0);
+
+	req[1] = smb2_close_send(tree, &cl);
+	req[2] = smb2_close_send(tree, &cl);
+	req[3] = smb2_close_send(tree, &cl);
+	req[4] = smb2_close_send(tree, &cl);
+
+	status = smb2_create_recv(req[0], tree, &cr);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_close_recv(req[1], &cl);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_close_recv(req[2], &cl);
+	CHECK_STATUS(status, NT_STATUS_FILE_CLOSED);
+	status = smb2_close_recv(req[3], &cl);
+	CHECK_STATUS(status, NT_STATUS_FILE_CLOSED);
+	status = smb2_close_recv(req[4], &cl);
+	CHECK_STATUS(status, NT_STATUS_FILE_CLOSED);
+
+	TALLOC_FREE(tree->smbXcli);
+	tree->smbXcli = saved_tcon;
+	TALLOC_FREE(tree->session->smbXcli);
+	tree->session->smbXcli = saved_session;
+
+	smb2_util_unlink(tree, fname);
+done:
+	return ret;
+}
+
+static bool test_compound_related3(struct torture_context *tctx,
+				   struct smb2_tree *tree)
+{
+	struct smb2_handle hd;
+	struct smb2_ioctl io;
+	struct smb2_create cr;
+	struct smb2_close cl;
+	const char *fname = "compound_related3.dat";
+	struct smb2_request *req[3];
+	NTSTATUS status;
+	bool ret = false;
+
+	smb2_util_unlink(tree, fname);
+
+	ZERO_STRUCT(cr);
+	cr.in.security_flags	= 0x00;
+	cr.in.oplock_level	= 0;
+	cr.in.impersonation_level = NTCREATEX_IMPERSONATION_IMPERSONATION;
+	cr.in.create_flags	= 0x00000000;
+	cr.in.reserved		= 0x00000000;
+	cr.in.desired_access	= SEC_RIGHTS_FILE_ALL;
+	cr.in.file_attributes	= FILE_ATTRIBUTE_NORMAL;
+	cr.in.share_access	= NTCREATEX_SHARE_ACCESS_READ |
+				  NTCREATEX_SHARE_ACCESS_WRITE |
+				  NTCREATEX_SHARE_ACCESS_DELETE;
+	cr.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	cr.in.create_options	= NTCREATEX_OPTIONS_SEQUENTIAL_ONLY |
+				  NTCREATEX_OPTIONS_ASYNC_ALERT	|
+				  NTCREATEX_OPTIONS_NON_DIRECTORY_FILE |
+				  0x00200000;
+	cr.in.fname		= fname;
+
+	smb2_transport_compound_start(tree->session->transport, 3);
+
+	req[0] = smb2_create_send(tree, &cr);
+
+	hd.data[0] = UINT64_MAX;
+	hd.data[1] = UINT64_MAX;
+
+	smb2_transport_compound_set_related(tree->session->transport, true);
+
+	ZERO_STRUCT(io);
+	io.in.function = FSCTL_CREATE_OR_GET_OBJECT_ID;
+	io.in.file.handle = hd;
+	io.in.reserved2 = 0;
+	io.in.max_output_response = 64;
+	io.in.flags = 1;
+
+	req[1] = smb2_ioctl_send(tree, &io);
+
+	ZERO_STRUCT(cl);
+	cl.in.file.handle = hd;
+
+	req[2] = smb2_close_send(tree, &cl);
+
+	status = smb2_create_recv(req[0], tree, &cr);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_ioctl_recv(req[1], tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_close_recv(req[2], &cl);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_util_unlink(tree, fname);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ret = true;
+done:
+	return ret;
+}
+
+static bool test_compound_related4(struct torture_context *tctx,
+			struct smb2_tree *tree)
+{
+	const char *fname = "compound_related4.dat";
+	struct security_descriptor *sd = NULL;
+	struct smb2_handle hd;
+	struct smb2_create cr;
+	union smb_setfileinfo set;
+	struct smb2_ioctl io;
+	struct smb2_close cl;
+	struct smb2_request *req[4];
+	NTSTATUS status;
+	bool ret = true;
+
+	smb2_util_unlink(tree, fname);
+
+	ZERO_STRUCT(cr);
+	cr.level = RAW_OPEN_SMB2;
+	cr.in.create_flags = 0;
+	cr.in.desired_access = SEC_STD_READ_CONTROL |
+				SEC_STD_WRITE_DAC |
+				SEC_STD_WRITE_OWNER;
+	cr.in.create_options = 0;
+	cr.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	cr.in.share_access = NTCREATEX_SHARE_ACCESS_DELETE |
+				NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE;
+	cr.in.alloc_size = 0;
+	cr.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	cr.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	cr.in.security_flags = 0;
+	cr.in.fname = fname;
+
+	status = smb2_create(tree, tctx, &cr);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_create failed\n");
+
+	hd = cr.out.file.handle;
+	torture_comment(tctx, "set a sec desc allowing no write by CREATOR_OWNER\n");
+
+	sd = security_descriptor_dacl_create(tctx,
+			0, NULL, NULL,
+			SID_CREATOR_OWNER,
+			SEC_ACE_TYPE_ACCESS_ALLOWED,
+			SEC_RIGHTS_FILE_READ | SEC_STD_ALL,
+			0,
+			NULL);
+	torture_assert_not_null_goto(tctx, sd, ret, done,
+				     "security_descriptor_dacl_create failed\n");
+
+	set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+	set.set_secdesc.in.file.handle = hd;
+	set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+	set.set_secdesc.in.sd = sd;
+
+	status = smb2_setinfo_file(tree, &set);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_setinfo_file failed\n");
+
+	torture_comment(tctx, "try open for write\n");
+	cr.in.desired_access = SEC_FILE_WRITE_DATA;
+	smb2_transport_compound_start(tree->session->transport, 4);
+
+	req[0] = smb2_create_send(tree, &cr);
+	torture_assert_not_null_goto(tctx, req[0], ret, done,
+				     "smb2_create_send failed\n");
+
+	hd.data[0] = UINT64_MAX;
+	hd.data[1] = UINT64_MAX;
+
+	smb2_transport_compound_set_related(tree->session->transport, true);
+	ZERO_STRUCT(io);
+	io.in.function = FSCTL_CREATE_OR_GET_OBJECT_ID;
+	io.in.file.handle = hd;
+	io.in.flags = 1;
+
+	req[1] = smb2_ioctl_send(tree, &io);
+	torture_assert_not_null_goto(tctx, req[1], ret, done,
+				     "smb2_ioctl_send failed\n");
+
+	ZERO_STRUCT(cl);
+	cl.in.file.handle = hd;
+
+	req[2] = smb2_close_send(tree, &cl);
+	torture_assert_not_null_goto(tctx, req[2], ret, done,
+				     "smb2_create_send failed\n");
+
+	set.set_secdesc.in.file.handle = hd;
+
+	req[3] = smb2_setinfo_file_send(tree, &set);
+	torture_assert_not_null_goto(tctx, req[3], ret, done,
+				     "smb2_create_send failed\n");
+
+	status = smb2_create_recv(req[0], tree, &cr);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_ACCESS_DENIED,
+					   ret, done,
+					   "smb2_create_recv failed\n");
+
+	status = smb2_ioctl_recv(req[1], tree, &io);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_ACCESS_DENIED,
+					   ret, done,
+					   "smb2_ioctl_recv failed\n");
+
+	status = smb2_close_recv(req[2], &cl);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_ACCESS_DENIED,
+					   ret, done,
+					   "smb2_close_recv failed\n");
+
+	status = smb2_setinfo_recv(req[3]);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_ACCESS_DENIED,
+					   ret, done,
+					   "smb2_setinfo_recv failed\n");
+
+done:
+	smb2_util_unlink(tree, fname);
+	smb2_tdis(tree);
+	smb2_logoff(tree->session);
+	return ret;
+}
+
+static bool test_compound_related5(struct torture_context *tctx,
+				   struct smb2_tree *tree)
+{
+	struct smb2_handle hd;
+	struct smb2_ioctl io;
+	struct smb2_close cl;
+	struct smb2_request *req[2];
+	NTSTATUS status;
+	bool ret = false;
+
+	smb2_transport_compound_start(tree->session->transport, 2);
+
+	hd.data[0] = UINT64_MAX;
+	hd.data[1] = UINT64_MAX;
+
+	ZERO_STRUCT(io);
+	io.in.function = FSCTL_CREATE_OR_GET_OBJECT_ID;
+	io.in.file.handle = hd;
+	io.in.flags = 1;
+
+	req[0] = smb2_ioctl_send(tree, &io);
+	torture_assert_not_null_goto(tctx, req[0], ret, done,
+				     "smb2_ioctl_send failed\n");
+
+	smb2_transport_compound_set_related(tree->session->transport, true);
+
+	ZERO_STRUCT(cl);
+	cl.in.file.handle = hd;
+
+	req[1] = smb2_close_send(tree, &cl);
+	torture_assert_not_null_goto(tctx, req[1], ret, done,
+				     "smb2_create_send failed\n");
+
+	status = smb2_ioctl_recv(req[0], tree, &io);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_FILE_CLOSED,
+					   ret, done,
+					   "smb2_ioctl_recv failed\n");
+
+	status = smb2_close_recv(req[1], &cl);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_FILE_CLOSED,
+					   ret, done,
+					   "smb2_close_recv failed\n");
+
+	ret = true;
+
+done:
+	smb2_tdis(tree);
+	smb2_logoff(tree->session);
+	return ret;
+}
+
+static bool test_compound_related6(struct torture_context *tctx,
+				struct smb2_tree *tree)
+{
+	struct smb2_handle hd;
+	struct smb2_create cr;
+	struct smb2_read rd;
+	struct smb2_write wr;
+	struct smb2_close cl;
+	NTSTATUS status;
+	const char *fname = "compound_related6.dat";
+	struct smb2_request *req[5];
+	uint8_t buf[64];
+	bool ret = true;
+
+	smb2_util_unlink(tree, fname);
+
+	ZERO_STRUCT(cr);
+	cr.level = RAW_OPEN_SMB2;
+	cr.in.create_flags = 0;
+	cr.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	cr.in.create_options = 0;
+	cr.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	cr.in.share_access = NTCREATEX_SHARE_ACCESS_DELETE |
+				NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE;
+	cr.in.alloc_size = 0;
+	cr.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	cr.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	cr.in.security_flags = 0;
+	cr.in.fname = fname;
+
+	status = smb2_create(tree, tctx, &cr);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+
+	hd = cr.out.file.handle;
+
+	ZERO_STRUCT(buf);
+	status = smb2_util_write(tree, hd, buf, 0, ARRAY_SIZE(buf));
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_write failed\n");
+
+	torture_comment(tctx, "try open for read\n");
+	cr.in.desired_access = SEC_FILE_READ_DATA;
+	smb2_transport_compound_start(tree->session->transport, 5);
+
+	req[0] = smb2_create_send(tree, &cr);
+	torture_assert_not_null_goto(tctx, req[0], ret, done,
+				     "smb2_create_send failed\n");
+
+	hd.data[0] = UINT64_MAX;
+	hd.data[1] = UINT64_MAX;
+
+	smb2_transport_compound_set_related(tree->session->transport, true);
+
+	ZERO_STRUCT(rd);
+	rd.in.file.handle = hd;
+	rd.in.length      = 1;
+	rd.in.offset      = 0;
+
+	req[1] = smb2_read_send(tree, &rd);
+	torture_assert_not_null_goto(tctx, req[1], ret, done,
+				     "smb2_read_send failed\n");
+
+	ZERO_STRUCT(wr);
+	wr.in.file.handle = hd;
+	wr.in.offset = 0;
+	wr.in.data = data_blob_talloc(tctx, NULL, 64);
+
+	req[2] = smb2_write_send(tree, &wr);
+	torture_assert_not_null_goto(tctx, req[2], ret, done,
+				     "smb2_write_send failed\n");
+
+	ZERO_STRUCT(rd);
+	rd.in.file.handle = hd;
+	rd.in.length      = 1;
+	rd.in.offset      = 0;
+
+	req[3] = smb2_read_send(tree, &rd);
+	torture_assert_not_null_goto(tctx, req[3], ret, done,
+				     "smb2_read_send failed\n");
+
+	ZERO_STRUCT(cl);
+	cl.in.file.handle = hd;
+
+	req[4] = smb2_close_send(tree, &cl);
+	torture_assert_not_null_goto(tctx, req[4], ret, done,
+				     "smb2_close_send failed\n");
+
+	status = smb2_create_recv(req[0], tree, &cr);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create_recv failed\n");
+
+	status = smb2_read_recv(req[1], tree, &rd);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_read_recv failed\n");
+
+	status = smb2_write_recv(req[2], &wr);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_ACCESS_DENIED,
+					   ret, done,
+					   "smb2_write_recv failed\n");
+
+	status = smb2_read_recv(req[3], tree, &rd);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_read_recv failed\n");
+
+	status = smb2_close_recv(req[4], &cl);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_close_recv failed\n");
+
+  done:
+	smb2_util_unlink(tree, fname);
+	smb2_tdis(tree);
+	smb2_logoff(tree->session);
+	return ret;
+}
+
+static bool test_compound_related7(struct torture_context *tctx,
+			struct smb2_tree *tree)
+{
+	const char *fname = "compound_related4.dat";
+	struct security_descriptor *sd = NULL;
+	struct smb2_handle hd;
+	struct smb2_create cr;
+	union smb_setfileinfo set;
+	struct smb2_notify nt;
+	struct smb2_close cl;
+	NTSTATUS status;
+	struct smb2_request *req[4];
+	bool ret = true;
+
+	smb2_util_unlink(tree, fname);
+
+	ZERO_STRUCT(cr);
+	cr.level = RAW_OPEN_SMB2;
+	cr.in.create_flags = 0;
+	cr.in.desired_access = SEC_STD_READ_CONTROL |
+				SEC_STD_WRITE_DAC |
+				SEC_STD_WRITE_OWNER;
+	cr.in.create_options = 0;
+	cr.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	cr.in.share_access = NTCREATEX_SHARE_ACCESS_DELETE |
+				NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE;
+	cr.in.alloc_size = 0;
+	cr.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	cr.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	cr.in.security_flags = 0;
+	cr.in.fname = fname;
+
+	status = smb2_create(tree, tctx, &cr);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+
+	hd = cr.out.file.handle;
+	torture_comment(tctx, "set a sec desc allowing no write by CREATOR_OWNER\n");
+	sd = security_descriptor_dacl_create(tctx,
+			0, NULL, NULL,
+			SID_CREATOR_OWNER,
+			SEC_ACE_TYPE_ACCESS_ALLOWED,
+			SEC_RIGHTS_FILE_READ | SEC_STD_ALL,
+			0,
+			NULL);
+	torture_assert_not_null_goto(tctx, sd, ret, done,
+				     "security_descriptor_dacl_create failed\n");
+
+	set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+	set.set_secdesc.in.file.handle = hd;
+	set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+	set.set_secdesc.in.sd = sd;
+
+	status = smb2_setinfo_file(tree, &set);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_setinfo_file failed\n");
+
+	torture_comment(tctx, "try open for write\n");
+	cr.in.desired_access = SEC_FILE_WRITE_DATA;
+	smb2_transport_compound_start(tree->session->transport, 4);
+
+	req[0] = smb2_create_send(tree, &cr);
+	torture_assert_not_null_goto(tctx, req[0], ret, done,
+				     "smb2_create_send failed\n");
+
+	hd.data[0] = UINT64_MAX;
+	hd.data[1] = UINT64_MAX;
+
+	smb2_transport_compound_set_related(tree->session->transport, true);
+
+	ZERO_STRUCT(nt);
+	nt.in.recursive          = true;
+	nt.in.buffer_size        = 0x1000;
+	nt.in.file.handle        = hd;
+	nt.in.completion_filter  = FILE_NOTIFY_CHANGE_NAME;
+	nt.in.unknown            = 0x00000000;
+
+	req[1] = smb2_notify_send(tree, &nt);
+	torture_assert_not_null_goto(tctx, req[1], ret, done,
+				     "smb2_notify_send failed\n");
+
+	ZERO_STRUCT(cl);
+	cl.in.file.handle = hd;
+
+	req[2] = smb2_close_send(tree, &cl);
+	torture_assert_not_null_goto(tctx, req[2], ret, done,
+				     "smb2_close_send failed\n");
+
+	set.set_secdesc.in.file.handle = hd;
+
+	req[3] = smb2_setinfo_file_send(tree, &set);
+	torture_assert_not_null_goto(tctx, req[3], ret, done,
+				     "smb2_setinfo_file_send failed\n");
+
+	status = smb2_create_recv(req[0], tree, &cr);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_ACCESS_DENIED,
+					   ret, done,
+					   "smb2_create_recv failed\n");
+
+	status = smb2_notify_recv(req[1], tree, &nt);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_ACCESS_DENIED,
+					   ret, done,
+					   "smb2_notify_recv failed\n");
+
+	status = smb2_close_recv(req[2], &cl);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_ACCESS_DENIED,
+					   ret, done,
+					   "smb2_close_recv failed\n");
+
+	status = smb2_setinfo_recv(req[3]);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_ACCESS_DENIED,
+					   ret, done,
+					   "smb2_setinfo_recv failed\n");
+
+done:
+	smb2_util_unlink(tree, fname);
+	smb2_tdis(tree);
+	smb2_logoff(tree->session);
+	return ret;
+}
+
+static bool test_compound_related8(struct torture_context *tctx,
+				   struct smb2_tree *tree)
+{
+	const char *fname = "compound_related8.dat";
+	const char *fname_nonexisting = "compound_related8.dat.void";
+	struct security_descriptor *sd = NULL;
+	struct smb2_handle hd;
+	struct smb2_create cr;
+	union smb_setfileinfo set;
+	struct smb2_notify nt;
+	struct smb2_close cl;
+	NTSTATUS status;
+	struct smb2_request *req[4];
+	bool ret = true;
+
+	smb2_util_unlink(tree, fname);
+
+	ZERO_STRUCT(cr);
+	cr.level = RAW_OPEN_SMB2;
+	cr.in.create_flags = 0;
+	cr.in.desired_access = SEC_STD_READ_CONTROL |
+				SEC_STD_WRITE_DAC |
+				SEC_STD_WRITE_OWNER;
+	cr.in.create_options = 0;
+	cr.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	cr.in.share_access = NTCREATEX_SHARE_ACCESS_DELETE |
+				NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE;
+	cr.in.alloc_size = 0;
+	cr.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	cr.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	cr.in.security_flags = 0;
+	cr.in.fname = fname;
+
+	status = smb2_create(tree, tctx, &cr);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+
+	hd = cr.out.file.handle;
+
+	smb2_transport_compound_start(tree->session->transport, 4);
+
+	torture_comment(tctx, "try open for write\n");
+	cr.in.fname = fname_nonexisting;
+	cr.in.create_disposition = NTCREATEX_DISP_OPEN;
+
+	req[0] = smb2_create_send(tree, &cr);
+	torture_assert_not_null_goto(tctx, req[0], ret, done,
+				     "smb2_create_send failed\n");
+
+	hd.data[0] = UINT64_MAX;
+	hd.data[1] = UINT64_MAX;
+
+	smb2_transport_compound_set_related(tree->session->transport, true);
+
+	ZERO_STRUCT(nt);
+	nt.in.recursive          = true;
+	nt.in.buffer_size        = 0x1000;
+	nt.in.file.handle        = hd;
+	nt.in.completion_filter  = FILE_NOTIFY_CHANGE_NAME;
+	nt.in.unknown            = 0x00000000;
+
+	req[1] = smb2_notify_send(tree, &nt);
+	torture_assert_not_null_goto(tctx, req[1], ret, done,
+				     "smb2_notify_send failed\n");
+
+	ZERO_STRUCT(cl);
+	cl.in.file.handle = hd;
+
+	req[2] = smb2_close_send(tree, &cl);
+	torture_assert_not_null_goto(tctx, req[2], ret, done,
+				     "smb2_close_send failed\n");
+
+	sd = security_descriptor_dacl_create(tctx,
+			0, NULL, NULL,
+			SID_CREATOR_OWNER,
+			SEC_ACE_TYPE_ACCESS_ALLOWED,
+			SEC_RIGHTS_FILE_READ | SEC_STD_ALL,
+			0,
+			NULL);
+	torture_assert_not_null_goto(tctx, sd, ret, done,
+				     "security_descriptor_dacl_create failed\n");
+
+	set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+	set.set_secdesc.in.file.handle = hd;
+	set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+	set.set_secdesc.in.sd = sd;
+
+	req[3] = smb2_setinfo_file_send(tree, &set);
+	torture_assert_not_null_goto(tctx, req[3], ret, done,
+				     "smb2_setinfo_file_send failed\n");
+
+	status = smb2_create_recv(req[0], tree, &cr);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+					   ret, done,
+					   "smb2_create_recv failed\n");
+
+	status = smb2_notify_recv(req[1], tree, &nt);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+					   ret, done,
+					   "smb2_notify_recv failed\n");
+
+	status = smb2_close_recv(req[2], &cl);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+					   ret, done,
+					   "smb2_close_recv failed\n");
+
+	status = smb2_setinfo_recv(req[3]);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+					   ret, done,
+					   "smb2_setinfo_recv failed\n");
+
+done:
+	smb2_util_unlink(tree, fname);
+	smb2_tdis(tree);
+	smb2_logoff(tree->session);
+	return ret;
+}
+
+static bool test_compound_related9(struct torture_context *tctx,
+				   struct smb2_tree *tree)
+{
+	const char *fname = "compound_related9.dat";
+	struct security_descriptor *sd = NULL;
+	struct smb2_handle hd;
+	struct smb2_create cr;
+	union smb_setfileinfo set;
+	struct smb2_notify nt;
+	struct smb2_close cl;
+	NTSTATUS status;
+	struct smb2_request *req[3];
+	bool ret = true;
+
+	smb2_util_unlink(tree, fname);
+
+	ZERO_STRUCT(cr);
+	cr.level = RAW_OPEN_SMB2;
+	cr.in.create_flags = 0;
+	cr.in.desired_access = SEC_STD_READ_CONTROL |
+				SEC_STD_WRITE_DAC |
+				SEC_STD_WRITE_OWNER;
+	cr.in.create_options = 0;
+	cr.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	cr.in.share_access = NTCREATEX_SHARE_ACCESS_DELETE |
+				NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE;
+	cr.in.alloc_size = 0;
+	cr.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	cr.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	cr.in.security_flags = 0;
+	cr.in.fname = fname;
+
+	status = smb2_create(tree, tctx, &cr);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+
+	hd = cr.out.file.handle;
+
+	smb2_transport_compound_start(tree->session->transport, 3);
+	smb2_transport_compound_set_related(tree->session->transport, true);
+
+	ZERO_STRUCT(nt);
+	nt.in.recursive          = true;
+	nt.in.buffer_size        = 0x1000;
+	nt.in.completion_filter  = FILE_NOTIFY_CHANGE_NAME;
+
+	req[0] = smb2_notify_send(tree, &nt);
+	torture_assert_not_null_goto(tctx, req[0], ret, done,
+				     "smb2_notify_send failed\n");
+
+	ZERO_STRUCT(cl);
+	cl.in.file.handle = hd;
+
+	req[1] = smb2_close_send(tree, &cl);
+	torture_assert_not_null_goto(tctx, req[1], ret, done,
+				     "smb2_close_send failed\n");
+
+	sd = security_descriptor_dacl_create(tctx,
+			0, NULL, NULL,
+			SID_CREATOR_OWNER,
+			SEC_ACE_TYPE_ACCESS_ALLOWED,
+			SEC_RIGHTS_FILE_READ | SEC_STD_ALL,
+			0,
+			NULL);
+	torture_assert_not_null_goto(tctx, sd, ret, done,
+				     "security_descriptor_dacl_create failed\n");
+
+	set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+	set.set_secdesc.in.file.handle = hd;
+	set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+	set.set_secdesc.in.sd = sd;
+
+	req[2] = smb2_setinfo_file_send(tree, &set);
+	torture_assert_not_null_goto(tctx, req[2], ret, done,
+				     "smb2_setinfo_file_send failed\n");
+
+	status = smb2_notify_recv(req[0], tree, &nt);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_INVALID_PARAMETER,
+					   ret, done,
+					   "smb2_notify_recv failed\n");
+
+	status = smb2_close_recv(req[1], &cl);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_INVALID_PARAMETER,
+					   ret, done,
+					   "smb2_close_recv failed\n");
+
+	status = smb2_setinfo_recv(req[2]);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_INVALID_PARAMETER,
+					   ret, done,
+					   "smb2_setinfo_recv failed\n");
+
+done:
+	smb2_util_unlink(tree, fname);
+	smb2_tdis(tree);
+	smb2_logoff(tree->session);
+	return ret;
+}
+
+static bool test_compound_padding(struct torture_context *tctx,
+				  struct smb2_tree *tree)
+{
+	struct smb2_handle h;
+	struct smb2_create cr;
+	struct smb2_read r;
+	struct smb2_read r2;
+	const char *fname = "compound_read.dat";
+	const char *sname = "compound_read.dat:foo";
+	struct smb2_request *req[3];
+	NTSTATUS status;
+	bool ret = false;
+
+	smb2_util_unlink(tree, fname);
+
+	/* Write file */
+	ZERO_STRUCT(cr);
+	cr.in.desired_access = SEC_FILE_WRITE_DATA;
+	cr.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	cr.in.create_disposition = NTCREATEX_DISP_CREATE;
+	cr.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	cr.in.fname = fname;
+	cr.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE|
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	status = smb2_create(tree, tctx, &cr);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h = cr.out.file.handle;
+
+	status = smb2_util_write(tree, h, "123", 0, 3);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	smb2_util_close(tree, h);
+
+	/* Write stream */
+	ZERO_STRUCT(cr);
+	cr.in.desired_access = SEC_FILE_WRITE_DATA;
+	cr.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	cr.in.create_disposition = NTCREATEX_DISP_CREATE;
+	cr.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	cr.in.fname = sname;
+	cr.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE|
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	status = smb2_create(tree, tctx, &cr);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h = cr.out.file.handle;
+
+	status = smb2_util_write(tree, h, "456", 0, 3);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	smb2_util_close(tree, h);
+
+	/* Check compound read from basefile */
+	smb2_transport_compound_start(tree->session->transport, 3);
+
+	ZERO_STRUCT(cr);
+	cr.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	cr.in.desired_access	= SEC_FILE_READ_DATA;
+	cr.in.file_attributes	= FILE_ATTRIBUTE_NORMAL;
+	cr.in.create_disposition = NTCREATEX_DISP_OPEN;
+	cr.in.fname		= fname;
+	cr.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE|
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	req[0] = smb2_create_send(tree, &cr);
+
+	smb2_transport_compound_set_related(tree->session->transport, true);
+
+	/*
+	 * We send 2 reads in the compound here as the protocol
+	 * allows the last read to be split off and possibly
+	 * go async. Check the padding on the first read returned,
+	 * not the second as the second may not be part of the
+	 * returned compound.
+	*/
+
+	ZERO_STRUCT(r);
+	h.data[0] = UINT64_MAX;
+	h.data[1] = UINT64_MAX;
+	r.in.file.handle = h;
+	r.in.length      = 3;
+	r.in.offset      = 0;
+	r.in.min_count      = 1;
+	req[1] = smb2_read_send(tree, &r);
+
+	ZERO_STRUCT(r2);
+	h.data[0] = UINT64_MAX;
+	h.data[1] = UINT64_MAX;
+	r2.in.file.handle = h;
+	r2.in.length      = 3;
+	r2.in.offset      = 0;
+	r2.in.min_count      = 1;
+	req[2] = smb2_read_send(tree, &r2);
+
+	status = smb2_create_recv(req[0], tree, &cr);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * We must do a manual smb2_request_receive() in order to be
+	 * able to check the transport layer info, as smb2_read_recv()
+	 * will destroy the req. smb2_read_recv() will call
+	 * smb2_request_receive() again, but that's ok.
+	 */
+	if (!smb2_request_receive(req[1]) ||
+	    !smb2_request_is_ok(req[1])) {
+		torture_fail(tctx, "failed to receive read request");
+	}
+
+	/*
+	 * size must be 24: 16 byte read response header plus 3
+	 * requested bytes padded to an 8 byte boundary.
+	 */
+	CHECK_VALUE(req[1]->in.body_size, 24);
+
+	status = smb2_read_recv(req[1], tree, &r);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Pick up the second, possibly async, read. */
+	status = smb2_read_recv(req[2], tree, &r2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	smb2_util_close(tree, cr.out.file.handle);
+
+	/* Check compound read from stream */
+	smb2_transport_compound_start(tree->session->transport, 3);
+
+	ZERO_STRUCT(cr);
+	cr.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	cr.in.desired_access	= SEC_FILE_READ_DATA;
+	cr.in.file_attributes	= FILE_ATTRIBUTE_NORMAL;
+	cr.in.create_disposition = NTCREATEX_DISP_OPEN;
+	cr.in.fname		= sname;
+	cr.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE|
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	req[0] = smb2_create_send(tree, &cr);
+
+	smb2_transport_compound_set_related(tree->session->transport, true);
+
+	/*
+	 * We send 2 reads in the compound here as the protocol
+	 * allows the last read to be split off and possibly
+	 * go async. Check the padding on the first read returned,
+	 * not the second as the second may not be part of the
+	 * returned compound.
+	 */
+
+	ZERO_STRUCT(r);
+	h.data[0] = UINT64_MAX;
+	h.data[1] = UINT64_MAX;
+	r.in.file.handle = h;
+	r.in.length      = 3;
+	r.in.offset      = 0;
+	r.in.min_count   = 1;
+	req[1] = smb2_read_send(tree, &r);
+
+	ZERO_STRUCT(r2);
+	h.data[0] = UINT64_MAX;
+	h.data[1] = UINT64_MAX;
+	r2.in.file.handle = h;
+	r2.in.length      = 3;
+	r2.in.offset      = 0;
+	r2.in.min_count   = 1;
+	req[2] = smb2_read_send(tree, &r2);
+
+	status = smb2_create_recv(req[0], tree, &cr);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * We must do a manual smb2_request_receive() in order to be
+	 * able to check the transport layer info, as smb2_read_recv()
+	 * will destroy the req. smb2_read_recv() will call
+	 * smb2_request_receive() again, but that's ok.
+	 */
+	if (!smb2_request_receive(req[1]) ||
+	    !smb2_request_is_ok(req[1])) {
+		torture_fail(tctx, "failed to receive read request");
+	}
+
+	/*
+	 * size must be 24: 16 byte read response header plus 3
+	 * requested bytes padded to an 8 byte boundary.
+	 */
+	CHECK_VALUE(req[1]->in.body_size, 24);
+
+	status = smb2_read_recv(req[1], tree, &r);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Pick up the second, possibly async, read. */
+	status = smb2_read_recv(req[2], tree, &r2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	h = cr.out.file.handle;
+
+	/* Check 2 compound (unrelateated) reads from existing stream handle */
+	smb2_transport_compound_start(tree->session->transport, 2);
+
+	ZERO_STRUCT(r);
+	r.in.file.handle = h;
+	r.in.length      = 3;
+	r.in.offset      = 0;
+	r.in.min_count   = 1;
+	req[0] = smb2_read_send(tree, &r);
+	req[1] = smb2_read_send(tree, &r);
+
+	/*
+	 * We must do a manual smb2_request_receive() in order to be
+	 * able to check the transport layer info, as smb2_read_recv()
+	 * will destroy the req. smb2_read_recv() will call
+	 * smb2_request_receive() again, but that's ok.
+	 */
+	if (!smb2_request_receive(req[0]) ||
+	    !smb2_request_is_ok(req[0])) {
+		torture_fail(tctx, "failed to receive read request");
+	}
+	if (!smb2_request_receive(req[1]) ||
+	    !smb2_request_is_ok(req[1])) {
+		torture_fail(tctx, "failed to receive read request");
+	}
+
+	/*
+	 * size must be 24: 16 byte read response header plus 3
+	 * requested bytes padded to an 8 byte boundary.
+	 */
+	CHECK_VALUE(req[0]->in.body_size, 24);
+	CHECK_VALUE(req[1]->in.body_size, 24);
+
+	status = smb2_read_recv(req[0], tree, &r);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_read_recv(req[1], tree, &r);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * now try a single read from the stream and verify there's no padding
+	 */
+	ZERO_STRUCT(r);
+	r.in.file.handle = h;
+	r.in.length      = 3;
+	r.in.offset      = 0;
+	r.in.min_count   = 1;
+	req[0] = smb2_read_send(tree, &r);
+
+	/*
+	 * We must do a manual smb2_request_receive() in order to be
+	 * able to check the transport layer info, as smb2_read_recv()
+	 * will destroy the req. smb2_read_recv() will call
+	 * smb2_request_receive() again, but that's ok.
+	 */
+	if (!smb2_request_receive(req[0]) ||
+	    !smb2_request_is_ok(req[0])) {
+		torture_fail(tctx, "failed to receive read request");
+	}
+
+	/*
+	 * size must be 19: 16 byte read response header plus 3
+	 * requested bytes without padding.
+	 */
+	CHECK_VALUE(req[0]->in.body_size, 19);
+
+	status = smb2_read_recv(req[0], tree, &r);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	smb2_util_close(tree, h);
+
+	status = smb2_util_unlink(tree, fname);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ret = true;
+done:
+	return ret;
+}
+
+static bool test_compound_create_write_close(struct torture_context *tctx,
+					     struct smb2_tree *tree)
+{
+	struct smb2_handle handle = { .data = { UINT64_MAX, UINT64_MAX } };
+	struct smb2_create create;
+	struct smb2_write write;
+	struct smb2_close close;
+	const char *fname = "compound_create_write_close.dat";
+	struct smb2_request *req[3];
+	NTSTATUS status;
+	bool ret = false;
+
+	smb2_util_unlink(tree, fname);
+
+	ZERO_STRUCT(create);
+	create.in.security_flags = 0x00;
+	create.in.oplock_level = 0;
+	create.in.impersonation_level = NTCREATEX_IMPERSONATION_IMPERSONATION;
+	create.in.create_flags = 0x00000000;
+	create.in.reserved = 0x00000000;
+	create.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE |
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	create.in.create_options = NTCREATEX_OPTIONS_SEQUENTIAL_ONLY |
+		NTCREATEX_OPTIONS_ASYNC_ALERT |
+		NTCREATEX_OPTIONS_NON_DIRECTORY_FILE |
+		0x00200000;
+	create.in.fname = fname;
+
+	smb2_transport_compound_start(tree->session->transport, 3);
+
+	req[0] = smb2_create_send(tree, &create);
+
+	smb2_transport_compound_set_related(tree->session->transport, true);
+
+	ZERO_STRUCT(write);
+	write.in.file.handle = handle;
+	write.in.offset = 0;
+	write.in.data = data_blob_talloc(tctx, NULL, 1024);
+
+	req[1] = smb2_write_send(tree, &write);
+
+	ZERO_STRUCT(close);
+	close.in.file.handle = handle;
+
+	req[2] = smb2_close_send(tree, &close);
+
+	status = smb2_create_recv(req[0], tree, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"CREATE failed.");
+
+	status = smb2_write_recv(req[1], &write);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"WRITE failed.");
+
+	status = smb2_close_recv(req[2], &close);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"CLOSE failed.");
+
+	status = smb2_util_unlink(tree, fname);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"File deletion failed.");
+
+	ret = true;
+done:
+	return ret;
+}
+
+static bool test_compound_unrelated1(struct torture_context *tctx,
+				     struct smb2_tree *tree)
+{
+	struct smb2_handle hd;
+	struct smb2_create cr;
+	NTSTATUS status;
+	const char *fname = "compound_unrelated1.dat";
+	struct smb2_close cl;
+	bool ret = true;
+	struct smb2_request *req[5];
+
+	smb2_transport_credits_ask_num(tree->session->transport, 5);
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_transport_credits_ask_num(tree->session->transport, 1);
+
+	ZERO_STRUCT(cr);
+	cr.in.security_flags		= 0x00;
+	cr.in.oplock_level		= 0;
+	cr.in.impersonation_level	= NTCREATEX_IMPERSONATION_IMPERSONATION;
+	cr.in.create_flags		= 0x00000000;
+	cr.in.reserved			= 0x00000000;
+	cr.in.desired_access		= SEC_RIGHTS_FILE_ALL;
+	cr.in.file_attributes		= FILE_ATTRIBUTE_NORMAL;
+	cr.in.share_access		= NTCREATEX_SHARE_ACCESS_READ |
+					  NTCREATEX_SHARE_ACCESS_WRITE |
+					  NTCREATEX_SHARE_ACCESS_DELETE;
+	cr.in.create_disposition	= NTCREATEX_DISP_OPEN_IF;
+	cr.in.create_options		= NTCREATEX_OPTIONS_SEQUENTIAL_ONLY |
+					  NTCREATEX_OPTIONS_ASYNC_ALERT	|
+					  NTCREATEX_OPTIONS_NON_DIRECTORY_FILE |
+					  0x00200000;
+	cr.in.fname			= fname;
+
+	smb2_transport_compound_start(tree->session->transport, 5);
+
+	req[0] = smb2_create_send(tree, &cr);
+
+	hd.data[0] = UINT64_MAX;
+	hd.data[1] = UINT64_MAX;
+
+	ZERO_STRUCT(cl);
+	cl.in.file.handle = hd;
+	req[1] = smb2_close_send(tree, &cl);
+	req[2] = smb2_close_send(tree, &cl);
+	req[3] = smb2_close_send(tree, &cl);
+	req[4] = smb2_close_send(tree, &cl);
+
+	status = smb2_create_recv(req[0], tree, &cr);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_close_recv(req[1], &cl);
+	CHECK_STATUS(status, NT_STATUS_FILE_CLOSED);
+	status = smb2_close_recv(req[2], &cl);
+	CHECK_STATUS(status, NT_STATUS_FILE_CLOSED);
+	status = smb2_close_recv(req[3], &cl);
+	CHECK_STATUS(status, NT_STATUS_FILE_CLOSED);
+	status = smb2_close_recv(req[4], &cl);
+	CHECK_STATUS(status, NT_STATUS_FILE_CLOSED);
+
+	smb2_util_unlink(tree, fname);
+done:
+	return ret;
+}
+
+static bool test_compound_invalid1(struct torture_context *tctx,
+				   struct smb2_tree *tree)
+{
+	struct smb2_handle hd;
+	struct smb2_create cr;
+	NTSTATUS status;
+	const char *fname = "compound_invalid1.dat";
+	struct smb2_close cl;
+	bool ret = true;
+	struct smb2_request *req[3];
+
+	smb2_transport_credits_ask_num(tree->session->transport, 3);
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_transport_credits_ask_num(tree->session->transport, 1);
+
+	ZERO_STRUCT(cr);
+	cr.in.security_flags		= 0x00;
+	cr.in.oplock_level		= 0;
+	cr.in.impersonation_level	= NTCREATEX_IMPERSONATION_IMPERSONATION;
+	cr.in.create_flags		= 0x00000000;
+	cr.in.reserved			= 0x00000000;
+	cr.in.desired_access		= SEC_RIGHTS_FILE_ALL;
+	cr.in.file_attributes		= FILE_ATTRIBUTE_NORMAL;
+	cr.in.share_access		= NTCREATEX_SHARE_ACCESS_READ |
+					  NTCREATEX_SHARE_ACCESS_WRITE |
+					  NTCREATEX_SHARE_ACCESS_DELETE;
+	cr.in.create_disposition	= NTCREATEX_DISP_OPEN_IF;
+	cr.in.create_options		= NTCREATEX_OPTIONS_SEQUENTIAL_ONLY |
+					  NTCREATEX_OPTIONS_ASYNC_ALERT	|
+					  NTCREATEX_OPTIONS_NON_DIRECTORY_FILE |
+					  0x00200000;
+	cr.in.fname			= fname;
+
+	smb2_transport_compound_start(tree->session->transport, 3);
+
+	/* passing the first request with the related flag is invalid */
+	smb2_transport_compound_set_related(tree->session->transport, true);
+
+	req[0] = smb2_create_send(tree, &cr);
+
+	hd.data[0] = UINT64_MAX;
+	hd.data[1] = UINT64_MAX;
+
+	ZERO_STRUCT(cl);
+	cl.in.file.handle = hd;
+	req[1] = smb2_close_send(tree, &cl);
+
+	smb2_transport_compound_set_related(tree->session->transport, false);
+	req[2] = smb2_close_send(tree, &cl);
+
+	status = smb2_create_recv(req[0], tree, &cr);
+	/* TODO: check why this fails with --signing=required */
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+	status = smb2_close_recv(req[1], &cl);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+	status = smb2_close_recv(req[2], &cl);
+	CHECK_STATUS(status, NT_STATUS_FILE_CLOSED);
+
+	smb2_util_unlink(tree, fname);
+done:
+	return ret;
+}
+
+static bool test_compound_invalid2(struct torture_context *tctx,
+				   struct smb2_tree *tree)
+{
+	struct smb2_handle hd;
+	struct smb2_create cr;
+	NTSTATUS status;
+	const char *fname = "compound_invalid2.dat";
+	struct smb2_close cl;
+	bool ret = true;
+	struct smb2_request *req[5];
+	struct smbXcli_tcon *saved_tcon = tree->smbXcli;
+	struct smbXcli_session *saved_session = tree->session->smbXcli;
+
+	smb2_transport_credits_ask_num(tree->session->transport, 5);
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_transport_credits_ask_num(tree->session->transport, 1);
+
+	ZERO_STRUCT(cr);
+	cr.in.security_flags		= 0x00;
+	cr.in.oplock_level		= 0;
+	cr.in.impersonation_level	= NTCREATEX_IMPERSONATION_IMPERSONATION;
+	cr.in.create_flags		= 0x00000000;
+	cr.in.reserved			= 0x00000000;
+	cr.in.desired_access		= SEC_RIGHTS_FILE_ALL;
+	cr.in.file_attributes		= FILE_ATTRIBUTE_NORMAL;
+	cr.in.share_access		= NTCREATEX_SHARE_ACCESS_READ |
+					  NTCREATEX_SHARE_ACCESS_WRITE |
+					  NTCREATEX_SHARE_ACCESS_DELETE;
+	cr.in.create_disposition	= NTCREATEX_DISP_OPEN_IF;
+	cr.in.create_options		= NTCREATEX_OPTIONS_SEQUENTIAL_ONLY |
+					  NTCREATEX_OPTIONS_ASYNC_ALERT	|
+					  NTCREATEX_OPTIONS_NON_DIRECTORY_FILE |
+					  0x00200000;
+	cr.in.fname			= fname;
+
+	smb2_transport_compound_start(tree->session->transport, 5);
+
+	req[0] = smb2_create_send(tree, &cr);
+
+	hd.data[0] = UINT64_MAX;
+	hd.data[1] = UINT64_MAX;
+
+	smb2_transport_compound_set_related(tree->session->transport, true);
+
+	ZERO_STRUCT(cl);
+	cl.in.file.handle = hd;
+
+	tree->smbXcli = smbXcli_tcon_create(tree);
+	smb2cli_tcon_set_values(tree->smbXcli,
+				NULL, /* session */
+				0xFFFFFFFF, /* tcon_id */
+				0, /* type */
+				0, /* flags */
+				0, /* capabilities */
+				0 /* maximal_access */);
+
+	tree->session->smbXcli = smbXcli_session_shallow_copy(tree->session,
+							tree->session->smbXcli);
+	smb2cli_session_set_id_and_flags(tree->session->smbXcli, UINT64_MAX, 0);
+
+	req[1] = smb2_close_send(tree, &cl);
+	/* strange that this is not generating invalid parameter */
+	smb2_transport_compound_set_related(tree->session->transport, false);
+	req[2] = smb2_close_send(tree, &cl);
+	req[3] = smb2_close_send(tree, &cl);
+	smb2_transport_compound_set_related(tree->session->transport, true);
+	req[4] = smb2_close_send(tree, &cl);
+
+	status = smb2_create_recv(req[0], tree, &cr);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_close_recv(req[1], &cl);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_close_recv(req[2], &cl);
+	CHECK_STATUS(status, NT_STATUS_USER_SESSION_DELETED);
+	status = smb2_close_recv(req[3], &cl);
+	CHECK_STATUS(status, NT_STATUS_USER_SESSION_DELETED);
+	status = smb2_close_recv(req[4], &cl);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	TALLOC_FREE(tree->smbXcli);
+	tree->smbXcli = saved_tcon;
+	TALLOC_FREE(tree->session->smbXcli);
+	tree->session->smbXcli = saved_session;
+
+	smb2_util_unlink(tree, fname);
+done:
+	return ret;
+}
+
+static bool test_compound_invalid3(struct torture_context *tctx,
+				   struct smb2_tree *tree)
+{
+	struct smb2_handle hd;
+	struct smb2_create cr;
+	NTSTATUS status;
+	const char *fname = "compound_invalid3.dat";
+	struct smb2_close cl;
+	bool ret = true;
+	struct smb2_request *req[5];
+
+	smb2_transport_credits_ask_num(tree->session->transport, 5);
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_transport_credits_ask_num(tree->session->transport, 1);
+
+	ZERO_STRUCT(cr);
+	cr.in.security_flags		= 0x00;
+	cr.in.oplock_level		= 0;
+	cr.in.impersonation_level	= NTCREATEX_IMPERSONATION_IMPERSONATION;
+	cr.in.create_flags		= 0x00000000;
+	cr.in.reserved			= 0x00000000;
+	cr.in.desired_access		= SEC_RIGHTS_FILE_ALL;
+	cr.in.file_attributes		= FILE_ATTRIBUTE_NORMAL;
+	cr.in.share_access		= NTCREATEX_SHARE_ACCESS_READ |
+					  NTCREATEX_SHARE_ACCESS_WRITE |
+					  NTCREATEX_SHARE_ACCESS_DELETE;
+	cr.in.create_disposition	= NTCREATEX_DISP_OPEN_IF;
+	cr.in.create_options		= NTCREATEX_OPTIONS_SEQUENTIAL_ONLY |
+					  NTCREATEX_OPTIONS_ASYNC_ALERT	|
+					  NTCREATEX_OPTIONS_NON_DIRECTORY_FILE |
+					  0x00200000;
+	cr.in.fname			= fname;
+
+	smb2_transport_compound_start(tree->session->transport, 5);
+
+	req[0] = smb2_create_send(tree, &cr);
+
+	hd.data[0] = UINT64_MAX;
+	hd.data[1] = UINT64_MAX;
+
+	ZERO_STRUCT(cl);
+	cl.in.file.handle = hd;
+	req[1] = smb2_close_send(tree, &cl);
+	req[2] = smb2_close_send(tree, &cl);
+	/* flipping the related flag is invalid */
+	smb2_transport_compound_set_related(tree->session->transport, true);
+	req[3] = smb2_close_send(tree, &cl);
+	req[4] = smb2_close_send(tree, &cl);
+
+	status = smb2_create_recv(req[0], tree, &cr);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_close_recv(req[1], &cl);
+	CHECK_STATUS(status, NT_STATUS_FILE_CLOSED);
+	status = smb2_close_recv(req[2], &cl);
+	CHECK_STATUS(status, NT_STATUS_FILE_CLOSED);
+	status = smb2_close_recv(req[3], &cl);
+	CHECK_STATUS(status, NT_STATUS_FILE_CLOSED);
+	status = smb2_close_recv(req[4], &cl);
+	CHECK_STATUS(status, NT_STATUS_FILE_CLOSED);
+
+	smb2_util_unlink(tree, fname);
+done:
+	return ret;
+}
+
+static bool test_compound_invalid4(struct torture_context *tctx,
+				   struct smb2_tree *tree)
+{
+	struct smb2_create cr;
+	struct smb2_read rd;
+	NTSTATUS status;
+	const char *fname = "compound_invalid4.dat";
+	struct smb2_close cl;
+	bool ret = true;
+	bool ok;
+	struct smb2_request *req[2];
+
+	smb2_transport_credits_ask_num(tree->session->transport, 2);
+
+	smb2_util_unlink(tree, fname);
+
+	ZERO_STRUCT(cr);
+	cr.in.security_flags	  = 0x00;
+	cr.in.oplock_level	  = 0;
+	cr.in.impersonation_level = NTCREATEX_IMPERSONATION_IMPERSONATION;
+	cr.in.create_flags	  = 0x00000000;
+	cr.in.reserved		  = 0x00000000;
+	cr.in.desired_access	  = SEC_RIGHTS_FILE_ALL;
+	cr.in.file_attributes	  = FILE_ATTRIBUTE_NORMAL;
+	cr.in.share_access	  = NTCREATEX_SHARE_ACCESS_READ |
+				    NTCREATEX_SHARE_ACCESS_WRITE |
+				    NTCREATEX_SHARE_ACCESS_DELETE;
+	cr.in.create_disposition  = NTCREATEX_DISP_OPEN_IF;
+	cr.in.create_options	  = NTCREATEX_OPTIONS_SEQUENTIAL_ONLY |
+				    NTCREATEX_OPTIONS_ASYNC_ALERT	|
+				    NTCREATEX_OPTIONS_NON_DIRECTORY_FILE |
+				    0x00200000;
+	cr.in.fname		  = fname;
+
+	status = smb2_create(tree, tctx, &cr);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	smb2_transport_compound_start(tree->session->transport, 2);
+
+	ZERO_STRUCT(rd);
+	rd.in.file.handle = cr.out.file.handle;
+	rd.in.length      = 1;
+	rd.in.offset      = 0;
+	req[0] = smb2_read_send(tree, &rd);
+
+	smb2_transport_compound_set_related(tree->session->transport, true);
+
+	/*
+	 * Send a completely bogus request as second compound
+	 * element. This triggers smbd_smb2_request_error() in in
+	 * smbd_smb2_request_dispatch() before calling
+	 * smbd_smb2_request_dispatch_update_counts().
+	 */
+
+	req[1] = smb2_request_init_tree(tree, 0xff, 0x04, false, 0);
+	smb2_transport_send(req[1]);
+
+	status = smb2_read_recv(req[0], tctx, &rd);
+	CHECK_STATUS(status, NT_STATUS_END_OF_FILE);
+
+	ok = smb2_request_receive(req[1]);
+	torture_assert(tctx, ok, "Invalid request failed\n");
+	CHECK_STATUS(req[1]->status, NT_STATUS_INVALID_PARAMETER);
+
+	ZERO_STRUCT(cl);
+	cl.in.file.handle = cr.out.file.handle;
+
+	status = smb2_close(tree, &cl);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	smb2_util_unlink(tree, fname);
+done:
+	return ret;
+}
+
+/* Send a compound request where we expect the last request (Create, Notify)
+ * to go asynchronous. This works against a Win7 server and the reply is
+ * sent in two different packets. */
+static bool test_compound_interim1(struct torture_context *tctx,
+				   struct smb2_tree *tree)
+{
+    struct smb2_handle hd;
+    struct smb2_create cr;
+    NTSTATUS status = NT_STATUS_OK;
+    const char *dname = "compound_interim_dir";
+    struct smb2_notify nt;
+    bool ret = true;
+    struct smb2_request *req[2];
+
+    /* Win7 compound request implementation deviates substantially from the
+     * SMB2 spec as noted in MS-SMB2 <159>, <162>.  This, test currently
+     * verifies the Windows behavior, not the general spec behavior. */
+
+    smb2_transport_credits_ask_num(tree->session->transport, 5);
+
+    smb2_deltree(tree, dname);
+
+    smb2_transport_credits_ask_num(tree->session->transport, 1);
+
+    ZERO_STRUCT(cr);
+    cr.in.desired_access	= SEC_RIGHTS_FILE_ALL;
+    cr.in.create_options	= NTCREATEX_OPTIONS_DIRECTORY;
+    cr.in.file_attributes	= FILE_ATTRIBUTE_DIRECTORY;
+    cr.in.share_access		= NTCREATEX_SHARE_ACCESS_READ |
+				  NTCREATEX_SHARE_ACCESS_WRITE |
+				  NTCREATEX_SHARE_ACCESS_DELETE;
+    cr.in.create_disposition	= NTCREATEX_DISP_CREATE;
+    cr.in.fname			= dname;
+
+    smb2_transport_compound_start(tree->session->transport, 2);
+
+    req[0] = smb2_create_send(tree, &cr);
+
+    smb2_transport_compound_set_related(tree->session->transport, true);
+
+    hd.data[0] = UINT64_MAX;
+    hd.data[1] = UINT64_MAX;
+
+    ZERO_STRUCT(nt);
+    nt.in.recursive          = true;
+    nt.in.buffer_size        = 0x1000;
+    nt.in.file.handle        = hd;
+    nt.in.completion_filter  = FILE_NOTIFY_CHANGE_NAME;
+    nt.in.unknown            = 0x00000000;
+
+    req[1] = smb2_notify_send(tree, &nt);
+
+    status = smb2_create_recv(req[0], tree, &cr);
+    CHECK_STATUS(status, NT_STATUS_OK);
+
+    smb2_cancel(req[1]);
+    status = smb2_notify_recv(req[1], tree, &nt);
+    CHECK_STATUS(status, NT_STATUS_CANCELLED);
+
+    smb2_util_close(tree, cr.out.file.handle);
+
+    smb2_deltree(tree, dname);
+done:
+    return ret;
+}
+
+/* Send a compound request where we expect the middle request (Create, Notify,
+ * GetInfo) to go asynchronous. Against Win7 the sync request succeed while
+ * the async fails. All are returned in the same compound response. */
+static bool test_compound_interim2(struct torture_context *tctx,
+				   struct smb2_tree *tree)
+{
+    struct smb2_handle hd;
+    struct smb2_create cr;
+    NTSTATUS status = NT_STATUS_OK;
+    const char *dname = "compound_interim_dir";
+    struct smb2_getinfo gf;
+    struct smb2_notify  nt;
+    bool ret = true;
+    struct smb2_request *req[3];
+
+    /* Win7 compound request implementation deviates substantially from the
+     * SMB2 spec as noted in MS-SMB2 <159>, <162>.  This, test currently
+     * verifies the Windows behavior, not the general spec behavior. */
+
+    smb2_transport_credits_ask_num(tree->session->transport, 5);
+
+    smb2_deltree(tree, dname);
+
+    smb2_transport_credits_ask_num(tree->session->transport, 1);
+
+    ZERO_STRUCT(cr);
+    cr.in.desired_access        = SEC_RIGHTS_FILE_ALL;
+    cr.in.create_options        = NTCREATEX_OPTIONS_DIRECTORY;
+    cr.in.file_attributes       = FILE_ATTRIBUTE_DIRECTORY;
+    cr.in.share_access      = NTCREATEX_SHARE_ACCESS_READ |
+                      NTCREATEX_SHARE_ACCESS_WRITE |
+                      NTCREATEX_SHARE_ACCESS_DELETE;
+    cr.in.create_disposition    = NTCREATEX_DISP_CREATE;
+    cr.in.fname         = dname;
+
+    smb2_transport_compound_start(tree->session->transport, 3);
+
+    req[0] = smb2_create_send(tree, &cr);
+
+    smb2_transport_compound_set_related(tree->session->transport, true);
+
+    hd.data[0] = UINT64_MAX;
+    hd.data[1] = UINT64_MAX;
+
+    ZERO_STRUCT(nt);
+    nt.in.recursive          = true;
+    nt.in.buffer_size        = 0x1000;
+    nt.in.file.handle        = hd;
+    nt.in.completion_filter  = FILE_NOTIFY_CHANGE_NAME;
+    nt.in.unknown            = 0x00000000;
+
+    req[1] = smb2_notify_send(tree, &nt);
+
+    ZERO_STRUCT(gf);
+    gf.in.file.handle = hd;
+    gf.in.info_type   = SMB2_0_INFO_FILE;
+    gf.in.info_class  = 0x04; /* FILE_BASIC_INFORMATION */
+    gf.in.output_buffer_length = 0x1000;
+    gf.in.input_buffer = data_blob_null;
+
+    req[2] = smb2_getinfo_send(tree, &gf);
+
+    status = smb2_create_recv(req[0], tree, &cr);
+    CHECK_STATUS(status, NT_STATUS_OK);
+
+    status = smb2_notify_recv(req[1], tree, &nt);
+    CHECK_STATUS(status, NT_STATUS_INTERNAL_ERROR);
+
+    status = smb2_getinfo_recv(req[2], tree, &gf);
+    CHECK_STATUS(status, NT_STATUS_OK);
+
+    smb2_util_close(tree, cr.out.file.handle);
+
+    smb2_deltree(tree, dname);
+done:
+    return ret;
+}
+
+/* Test compound related finds */
+static bool test_compound_find_related(struct torture_context *tctx,
+				       struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	const char *dname = "compound_find_dir";
+	struct smb2_create create;
+	struct smb2_find f;
+	struct smb2_handle h;
+	struct smb2_request *req[2];
+	NTSTATUS status;
+	bool ret = true;
+
+	smb2_deltree(tree, dname);
+
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_RIGHTS_DIR_ALL;
+	create.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	create.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				 NTCREATEX_SHARE_ACCESS_WRITE |
+				 NTCREATEX_SHARE_ACCESS_DELETE;
+	create.in.create_disposition = NTCREATEX_DISP_CREATE;
+	create.in.fname = dname;
+
+	status = smb2_create(tree, mem_ctx, &create);
+	h = create.out.file.handle;
+
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_create failed\n");
+
+	smb2_transport_compound_start(tree->session->transport, 2);
+
+	ZERO_STRUCT(f);
+	f.in.file.handle	= h;
+	f.in.pattern		= "*";
+	f.in.max_response_size	= 0x100;
+	f.in.level              = SMB2_FIND_BOTH_DIRECTORY_INFO;
+
+	req[0] = smb2_find_send(tree, &f);
+
+	smb2_transport_compound_set_related(tree->session->transport, true);
+
+	req[1] = smb2_find_send(tree, &f);
+
+	status = smb2_find_recv(req[0], mem_ctx, &f);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_find_recv failed\n");
+
+	status = smb2_find_recv(req[1], mem_ctx, &f);
+	torture_assert_ntstatus_equal_goto(tctx, status, STATUS_NO_MORE_FILES, ret, done, "smb2_find_recv failed\n");
+
+done:
+	smb2_util_close(tree, h);
+	smb2_deltree(tree, dname);
+	TALLOC_FREE(mem_ctx);
+	return ret;
+}
+
+/* Test compound related finds */
+static bool test_compound_find_close(struct torture_context *tctx,
+				     struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	const char *dname = "compound_find_dir";
+	struct smb2_create create;
+	struct smb2_find f;
+	struct smb2_handle h;
+	struct smb2_request *req = NULL;
+	const int num_files = 5000;
+	int i;
+	NTSTATUS status;
+	bool ret = true;
+
+	smb2_deltree(tree, dname);
+
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_RIGHTS_DIR_ALL;
+	create.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	create.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				 NTCREATEX_SHARE_ACCESS_WRITE |
+				 NTCREATEX_SHARE_ACCESS_DELETE;
+	create.in.create_disposition = NTCREATEX_DISP_CREATE;
+	create.in.fname = dname;
+
+	smb2cli_conn_set_max_credits(tree->session->transport->conn, 256);
+
+	status = smb2_create(tree, mem_ctx, &create);
+	h = create.out.file.handle;
+
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.create_disposition = NTCREATEX_DISP_CREATE;
+
+	for (i = 0; i < num_files; i++) {
+		create.in.fname = talloc_asprintf(mem_ctx, "%s\\file%d",
+						  dname, i);
+		status = smb2_create(tree, mem_ctx, &create);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "");
+		smb2_util_close(tree, create.out.file.handle);
+	}
+
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_create failed\n");
+
+	ZERO_STRUCT(f);
+	f.in.file.handle	= h;
+	f.in.pattern		= "*";
+	f.in.max_response_size	= 8*1024*1024;
+	f.in.level              = SMB2_FIND_BOTH_DIRECTORY_INFO;
+
+	req = smb2_find_send(tree, &f);
+
+	status = smb2_util_close(tree, h);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_util_close failed\n");
+
+	status = smb2_find_recv(req, mem_ctx, &f);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_find_recv failed\n");
+
+done:
+	smb2_util_close(tree, h);
+	smb2_deltree(tree, dname);
+	TALLOC_FREE(mem_ctx);
+	return ret;
+}
+
+/* Test compound unrelated finds */
+static bool test_compound_find_unrelated(struct torture_context *tctx,
+					 struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	const char *dname = "compound_find_dir";
+	struct smb2_create create;
+	struct smb2_find f;
+	struct smb2_handle h;
+	struct smb2_request *req[2];
+	NTSTATUS status;
+	bool ret = true;
+
+	smb2_deltree(tree, dname);
+
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_RIGHTS_DIR_ALL;
+	create.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	create.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				 NTCREATEX_SHARE_ACCESS_WRITE |
+				 NTCREATEX_SHARE_ACCESS_DELETE;
+	create.in.create_disposition = NTCREATEX_DISP_CREATE;
+	create.in.fname = dname;
+
+	status = smb2_create(tree, mem_ctx, &create);
+	h = create.out.file.handle;
+
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_create failed\n");
+
+	smb2_transport_compound_start(tree->session->transport, 2);
+
+	ZERO_STRUCT(f);
+	f.in.file.handle	= h;
+	f.in.pattern		= "*";
+	f.in.max_response_size	= 0x100;
+	f.in.level              = SMB2_FIND_BOTH_DIRECTORY_INFO;
+
+	req[0] = smb2_find_send(tree, &f);
+	req[1] = smb2_find_send(tree, &f);
+
+	status = smb2_find_recv(req[0], mem_ctx, &f);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_find_recv failed\n");
+
+	status = smb2_find_recv(req[1], mem_ctx, &f);
+	torture_assert_ntstatus_equal_goto(tctx, status, STATUS_NO_MORE_FILES, ret, done, "smb2_find_recv failed\n");
+
+done:
+	smb2_util_close(tree, h);
+	smb2_deltree(tree, dname);
+	TALLOC_FREE(mem_ctx);
+	return ret;
+}
+
+static bool test_compound_async_flush_close(struct torture_context *tctx,
+					    struct smb2_tree *tree)
+{
+	struct smb2_handle fhandle = { .data = { 0, 0 } };
+	struct smb2_handle relhandle = { .data = { UINT64_MAX, UINT64_MAX } };
+	struct smb2_close cl;
+	struct smb2_flush fl;
+	const char *fname = "compound_async_flush_close";
+	struct smb2_request *req[2];
+	NTSTATUS status;
+	bool ret = false;
+
+	/* Start clean. */
+	smb2_util_unlink(tree, fname);
+
+	/* Create a file. */
+	status = torture_smb2_testfile_access(tree,
+					      fname,
+					      &fhandle,
+					      SEC_RIGHTS_FILE_ALL);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Now do a compound flush + close handle. */
+	smb2_transport_compound_start(tree->session->transport, 2);
+
+	ZERO_STRUCT(fl);
+	fl.in.file.handle = fhandle;
+
+	req[0] = smb2_flush_send(tree, &fl);
+	torture_assert_not_null_goto(tctx, req[0], ret, done,
+		"smb2_flush_send failed\n");
+
+	smb2_transport_compound_set_related(tree->session->transport, true);
+
+	ZERO_STRUCT(cl);
+	cl.in.file.handle = relhandle;
+	req[1] = smb2_close_send(tree, &cl);
+	torture_assert_not_null_goto(tctx, req[1], ret, done,
+		"smb2_close_send failed\n");
+
+	status = smb2_flush_recv(req[0], &fl);
+	/*
+	 * On Windows, this flush will usually
+	 * succeed as we have nothing to flush,
+	 * so allow NT_STATUS_OK. Once bug #15172
+	 * is fixed Samba will do the flush synchronously
+	 * so allow NT_STATUS_OK.
+	 */
+	if (!NT_STATUS_IS_OK(status)) {
+		/*
+		 * If we didn't get NT_STATUS_OK, we *must*
+		 * get NT_STATUS_INTERNAL_ERROR if the flush
+		 * goes async.
+		 *
+		 * For pre-bugfix #15172 Samba, the flush goes async and
+		 * we should get NT_STATUS_INTERNAL_ERROR.
+		 */
+		torture_assert_ntstatus_equal_goto(tctx,
+			status,
+			NT_STATUS_INTERNAL_ERROR,
+			ret,
+			done,
+			"smb2_flush_recv didn't return "
+			"NT_STATUS_INTERNAL_ERROR.\n");
+	}
+	status = smb2_close_recv(req[1], &cl);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+			"smb2_close_recv failed.");
+
+	ZERO_STRUCT(fhandle);
+
+	/*
+	 * Do several more operations on the tree, spaced
+	 * out by 1 sec sleeps to make sure the server didn't
+	 * crash on the close. The sleeps are required to
+	 * make test test for a crash reliable, as we ensure
+	 * the pthread fsync internally finishes and accesses
+	 * freed memory. Without them the test occasionally
+	 * passes as we disconnect before the pthread fsync
+	 * finishes.
+	 */
+	status = smb2_util_unlink(tree, fname);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	sleep(1);
+	status = smb2_util_unlink(tree, fname);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	sleep(1);
+	status = smb2_util_unlink(tree, fname);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	ret = true;
+
+  done:
+
+	if (fhandle.data[0] != 0) {
+		smb2_util_close(tree, fhandle);
+	}
+
+	smb2_util_unlink(tree, fname);
+	return ret;
+}
+
+static bool test_compound_async_flush_flush(struct torture_context *tctx,
+					    struct smb2_tree *tree)
+{
+	struct smb2_handle fhandle = { .data = { 0, 0 } };
+	struct smb2_handle relhandle = { .data = { UINT64_MAX, UINT64_MAX } };
+	struct smb2_flush fl1;
+	struct smb2_flush fl2;
+	const char *fname = "compound_async_flush_flush";
+	struct smb2_request *req[2];
+	NTSTATUS status;
+	bool ret = false;
+
+	/* Start clean. */
+	smb2_util_unlink(tree, fname);
+
+	/* Create a file. */
+	status = torture_smb2_testfile_access(tree,
+					      fname,
+					      &fhandle,
+					      SEC_RIGHTS_FILE_ALL);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Now do a compound flush + flush handle. */
+	smb2_transport_compound_start(tree->session->transport, 2);
+
+	ZERO_STRUCT(fl1);
+	fl1.in.file.handle = fhandle;
+
+	req[0] = smb2_flush_send(tree, &fl1);
+	torture_assert_not_null_goto(tctx, req[0], ret, done,
+		"smb2_flush_send (1) failed\n");
+
+	smb2_transport_compound_set_related(tree->session->transport, true);
+
+	ZERO_STRUCT(fl2);
+	fl2.in.file.handle = relhandle;
+
+	req[1] = smb2_flush_send(tree, &fl2);
+	torture_assert_not_null_goto(tctx, req[1], ret, done,
+		"smb2_flush_send (2) failed\n");
+
+	status = smb2_flush_recv(req[0], &fl1);
+	/*
+	 * On Windows, this flush will usually
+	 * succeed as we have nothing to flush,
+	 * so allow NT_STATUS_OK. Once bug #15172
+	 * is fixed Samba will do the flush synchronously
+	 * so allow NT_STATUS_OK.
+	 */
+	if (!NT_STATUS_IS_OK(status)) {
+		/*
+		 * If we didn't get NT_STATUS_OK, we *must*
+		 * get NT_STATUS_INTERNAL_ERROR if the flush
+		 * goes async.
+		 *
+		 * For pre-bugfix #15172 Samba, the flush goes async and
+		 * we should get NT_STATUS_INTERNAL_ERROR.
+		 */
+		torture_assert_ntstatus_equal_goto(tctx,
+			status,
+			NT_STATUS_INTERNAL_ERROR,
+			ret,
+			done,
+			"smb2_flush_recv (1) didn't return "
+			"NT_STATUS_INTERNAL_ERROR.\n");
+	}
+
+	/*
+	 * If the flush is the last entry in a compound,
+	 * it should always succeed even if it goes async.
+	 */
+	status = smb2_flush_recv(req[1], &fl2);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+		"smb2_flush_recv (2) failed.");
+
+	status = smb2_util_close(tree, fhandle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+		"smb2_util_close failed.");
+	ZERO_STRUCT(fhandle);
+
+	/*
+	 * Do several more operations on the tree, spaced
+	 * out by 1 sec sleeps to make sure the server didn't
+	 * crash on the close. The sleeps are required to
+	 * make test test for a crash reliable, as we ensure
+	 * the pthread fsync internally finishes and accesses
+	 * freed memory. Without them the test occasionally
+	 * passes as we disconnect before the pthread fsync
+	 * finishes.
+	 */
+	status = smb2_util_unlink(tree, fname);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	sleep(1);
+	status = smb2_util_unlink(tree, fname);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	sleep(1);
+	status = smb2_util_unlink(tree, fname);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	ret = true;
+
+  done:
+
+	if (fhandle.data[0] != 0) {
+		smb2_util_close(tree, fhandle);
+	}
+
+	smb2_util_unlink(tree, fname);
+	return ret;
+}
+
+/*
+ * For Samba/smbd this test must be run against the aio_delay_inject share
+ * as we need to ensure the last write in the compound takes longer than
+ * 500 us, which is the threshold for going async in smbd SMB2 writes.
+ */
+
+static bool test_compound_async_write_write(struct torture_context *tctx,
+					    struct smb2_tree *tree)
+{
+	struct smb2_handle fhandle = { .data = { 0, 0 } };
+	struct smb2_handle relhandle = { .data = { UINT64_MAX, UINT64_MAX } };
+	struct smb2_write w1;
+	struct smb2_write w2;
+	const char *fname = "compound_async_write_write";
+	struct smb2_request *req[2];
+	NTSTATUS status;
+	bool is_smbd = torture_setting_bool(tctx, "smbd", true);
+	bool ret = false;
+
+	/* Start clean. */
+	smb2_util_unlink(tree, fname);
+
+	/* Create a file. */
+	status = torture_smb2_testfile_access(tree,
+					      fname,
+					      &fhandle,
+					      SEC_RIGHTS_FILE_ALL);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Now do a compound write + write handle. */
+	smb2_transport_compound_start(tree->session->transport, 2);
+
+	ZERO_STRUCT(w1);
+	w1.in.file.handle = fhandle;
+	w1.in.offset = 0;
+	w1.in.data = data_blob_talloc_zero(tctx, 64);
+	req[0] = smb2_write_send(tree, &w1);
+
+	torture_assert_not_null_goto(tctx, req[0], ret, done,
+		"smb2_write_send (1) failed\n");
+
+	smb2_transport_compound_set_related(tree->session->transport, true);
+
+	ZERO_STRUCT(w2);
+	w2.in.file.handle = relhandle;
+	w2.in.offset = 64;
+	w2.in.data = data_blob_talloc_zero(tctx, 64);
+	req[1] = smb2_write_send(tree, &w2);
+
+	torture_assert_not_null_goto(tctx, req[0], ret, done,
+		"smb2_write_send (2) failed\n");
+
+	status = smb2_write_recv(req[0], &w1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+		"smb2_write_recv (1) failed.");
+
+	if (!is_smbd) {
+		/*
+		 * Windows and other servers don't go async.
+		 */
+		status = smb2_write_recv(req[1], &w2);
+	} else {
+		/*
+		 * For smbd, the second write should go async
+		 * as it's the last element of a compound.
+		 */
+		WAIT_FOR_ASYNC_RESPONSE(req[1]);
+		CHECK_VALUE(req[1]->cancel.can_cancel, true);
+		/*
+		 * Now pick up the real return.
+		 */
+		status = smb2_write_recv(req[1], &w2);
+	}
+
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+		"smb2_write_recv (2) failed.");
+
+	status = smb2_util_close(tree, fhandle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+		"smb2_util_close failed.");
+	ZERO_STRUCT(fhandle);
+
+	ret = true;
+
+  done:
+
+	if (fhandle.data[0] != 0) {
+		smb2_util_close(tree, fhandle);
+	}
+
+	smb2_util_unlink(tree, fname);
+	return ret;
+}
+
+/*
+ * For Samba/smbd this test must be run against the aio_delay_inject share
+ * as we need to ensure the last read in the compound takes longer than
+ * 500 us, which is the threshold for going async in smbd SMB2 reads.
+ */
+
+static bool test_compound_async_read_read(struct torture_context *tctx,
+					    struct smb2_tree *tree)
+{
+	struct smb2_handle fhandle = { .data = { 0, 0 } };
+	struct smb2_handle relhandle = { .data = { UINT64_MAX, UINT64_MAX } };
+	struct smb2_write w;
+	struct smb2_read r1;
+	struct smb2_read r2;
+	const char *fname = "compound_async_read_read";
+	struct smb2_request *req[2];
+	NTSTATUS status;
+	bool is_smbd = torture_setting_bool(tctx, "smbd", true);
+	bool ret = false;
+
+	/* Start clean. */
+	smb2_util_unlink(tree, fname);
+
+	/* Create a file. */
+	status = torture_smb2_testfile_access(tree,
+					      fname,
+					      &fhandle,
+					      SEC_RIGHTS_FILE_ALL);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Write 128 bytes. */
+	ZERO_STRUCT(w);
+	w.in.file.handle = fhandle;
+	w.in.offset = 0;
+	w.in.data = data_blob_talloc_zero(tctx, 128);
+	status = smb2_write(tree, &w);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+		"smb2_write_recv (1) failed.");
+
+	/* Now do a compound read + read handle. */
+	smb2_transport_compound_start(tree->session->transport, 2);
+
+	ZERO_STRUCT(r1);
+	r1.in.file.handle = fhandle;
+	r1.in.length      = 64;
+	r1.in.offset      = 0;
+	req[0] = smb2_read_send(tree, &r1);
+
+	torture_assert_not_null_goto(tctx, req[0], ret, done,
+		"smb2_read_send (1) failed\n");
+
+	smb2_transport_compound_set_related(tree->session->transport, true);
+
+	ZERO_STRUCT(r2);
+	r2.in.file.handle = relhandle;
+	r2.in.length      = 64;
+	r2.in.offset      = 64;
+	req[1] = smb2_read_send(tree, &r2);
+
+	torture_assert_not_null_goto(tctx, req[0], ret, done,
+		"smb2_read_send (2) failed\n");
+
+	status = smb2_read_recv(req[0], tree, &r1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+		"smb2_read_recv (1) failed.");
+
+	if (!is_smbd) {
+		/*
+		 * Windows and other servers don't go async.
+		 */
+		status = smb2_read_recv(req[1], tree, &r2);
+	} else {
+		/*
+		 * For smbd, the second write should go async
+		 * as it's the last element of a compound.
+		 */
+		WAIT_FOR_ASYNC_RESPONSE(req[1]);
+		CHECK_VALUE(req[1]->cancel.can_cancel, true);
+		/*
+		 * Now pick up the real return.
+		 */
+		status = smb2_read_recv(req[1], tree, &r2);
+	}
+
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+		"smb2_read_recv (2) failed.");
+
+	status = smb2_util_close(tree, fhandle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+		"smb2_util_close failed.");
+	ZERO_STRUCT(fhandle);
+
+	ret = true;
+
+  done:
+
+	if (fhandle.data[0] != 0) {
+		smb2_util_close(tree, fhandle);
+	}
+
+	smb2_util_unlink(tree, fname);
+	return ret;
+}
+
+
+struct torture_suite *torture_smb2_compound_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "compound");
+
+	torture_suite_add_1smb2_test(suite, "related1", test_compound_related1);
+	torture_suite_add_1smb2_test(suite, "related2", test_compound_related2);
+	torture_suite_add_1smb2_test(suite, "related3",
+				     test_compound_related3);
+	torture_suite_add_1smb2_test(suite, "related4",
+				     test_compound_related4);
+	torture_suite_add_1smb2_test(suite, "related5",
+				     test_compound_related5);
+	torture_suite_add_1smb2_test(suite, "related6",
+				     test_compound_related6);
+	torture_suite_add_1smb2_test(suite, "related7",
+				     test_compound_related7);
+	torture_suite_add_1smb2_test(suite, "related8",
+				     test_compound_related8);
+	torture_suite_add_1smb2_test(suite, "related9",
+				     test_compound_related9);
+	torture_suite_add_1smb2_test(suite, "unrelated1", test_compound_unrelated1);
+	torture_suite_add_1smb2_test(suite, "invalid1", test_compound_invalid1);
+	torture_suite_add_1smb2_test(suite, "invalid2", test_compound_invalid2);
+	torture_suite_add_1smb2_test(suite, "invalid3", test_compound_invalid3);
+	torture_suite_add_1smb2_test(
+		suite, "invalid4", test_compound_invalid4);
+	torture_suite_add_1smb2_test(suite, "interim1",  test_compound_interim1);
+	torture_suite_add_1smb2_test(suite, "interim2",  test_compound_interim2);
+	torture_suite_add_1smb2_test(suite, "compound-break", test_compound_break);
+	torture_suite_add_1smb2_test(suite, "compound-padding", test_compound_padding);
+	torture_suite_add_1smb2_test(suite, "create-write-close",
+				     test_compound_create_write_close);
+
+	suite->description = talloc_strdup(suite, "SMB2-COMPOUND tests");
+
+	return suite;
+}
+
+struct torture_suite *torture_smb2_compound_find_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "compound_find");
+
+	torture_suite_add_1smb2_test(suite, "compound_find_related", test_compound_find_related);
+	torture_suite_add_1smb2_test(suite, "compound_find_unrelated", test_compound_find_unrelated);
+	torture_suite_add_1smb2_test(suite, "compound_find_close", test_compound_find_close);
+
+	suite->description = talloc_strdup(suite, "SMB2-COMPOUND-FIND tests");
+
+	return suite;
+}
+
+struct torture_suite *torture_smb2_compound_async_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx,
+					"compound_async");
+
+	torture_suite_add_1smb2_test(suite, "flush_close",
+		test_compound_async_flush_close);
+	torture_suite_add_1smb2_test(suite, "flush_flush",
+		test_compound_async_flush_flush);
+	torture_suite_add_1smb2_test(suite, "write_write",
+		test_compound_async_write_write);
+	torture_suite_add_1smb2_test(suite, "read_read",
+		test_compound_async_read_read);
+
+	suite->description = talloc_strdup(suite, "SMB2-COMPOUND-ASYNC tests");
+
+	return suite;
+}
diff --git a/source4/torture/smb2/connect.c b/source4/torture/smb2/connect.c
new file mode 100644
index 0000000..5a2b48b
--- /dev/null
+++ b/source4/torture/smb2/connect.c
@@ -0,0 +1,257 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   test suite for SMB2 connection operations
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "torture/torture.h"
+#include "torture/smb2/proto.h"
+
+/*
+  send a close
+*/
+static NTSTATUS torture_smb2_close(struct torture_context *tctx,
+				   struct smb2_tree *tree,
+				   struct smb2_handle handle)
+{
+	struct smb2_close io;
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+
+	ZERO_STRUCT(io);
+	io.in.file.handle	= handle;
+	io.in.flags		= SMB2_CLOSE_FLAGS_FULL_INFORMATION;
+	status = smb2_close(tree, &io);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "close failed - %s\n", nt_errstr(status));
+		return status;
+	}
+
+	if (DEBUGLVL(1)) {
+		torture_comment(tctx, "Close gave:\n");
+		torture_comment(tctx, "create_time     = %s\n", nt_time_string(tmp_ctx, io.out.create_time));
+		torture_comment(tctx, "access_time     = %s\n", nt_time_string(tmp_ctx, io.out.access_time));
+		torture_comment(tctx, "write_time      = %s\n", nt_time_string(tmp_ctx, io.out.write_time));
+		torture_comment(tctx, "change_time     = %s\n", nt_time_string(tmp_ctx, io.out.change_time));
+		torture_comment(tctx, "alloc_size      = %lld\n", (long long)io.out.alloc_size);
+		torture_comment(tctx, "size            = %lld\n", (long long)io.out.size);
+		torture_comment(tctx, "file_attr       = 0x%x\n", io.out.file_attr);
+	}
+
+	talloc_free(tmp_ctx);
+	
+	return status;
+}
+
+
+/*
+  test writing
+*/
+static NTSTATUS torture_smb2_write(struct torture_context *tctx, struct smb2_tree *tree, struct smb2_handle handle)
+{
+	struct smb2_write w;
+	struct smb2_read r;
+	struct smb2_flush f;
+	NTSTATUS status;
+	DATA_BLOB data;
+	int i;
+	uint32_t size = torture_setting_int(tctx, "smb2maxwrite", 64*1024);
+	
+	data = data_blob_talloc(tree, NULL, size);
+	if (size != data.length) {
+		torture_comment(tctx, "data_blob_talloc(%u) failed\n", (unsigned int)size);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i=0;i<data.length;i++) {
+		data.data[i] = i;
+	}
+
+	ZERO_STRUCT(w);
+	w.in.file.handle = handle;
+	w.in.offset      = 0;
+	w.in.data        = data;
+
+	status = smb2_write(tree, &w);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "write 1 failed - %s\n", nt_errstr(status));
+		return status;
+	}
+
+	torture_smb2_all_info(tctx, tree, handle);
+
+	status = smb2_write(tree, &w);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "write 2 failed - %s\n", nt_errstr(status));
+		return status;
+	}
+
+	torture_smb2_all_info(tctx, tree, handle);
+
+	ZERO_STRUCT(f);
+	f.in.file.handle = handle;
+
+	status = smb2_flush(tree, &f);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "flush failed - %s\n", nt_errstr(status));
+		return status;
+	}
+
+	ZERO_STRUCT(r);
+	r.in.file.handle = handle;
+	r.in.length      = data.length;
+	r.in.offset      = 0;
+
+	status = smb2_read(tree, tree, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "read failed - %s\n", nt_errstr(status));
+		return status;
+	}
+
+	if (data.length != r.out.data.length ||
+	    memcmp(data.data, r.out.data.data, data.length) != 0) {
+		torture_comment(tctx, "read data mismatch\n");
+		return NT_STATUS_NET_WRITE_FAULT;
+	}
+
+	return status;
+}
+
+
+/*
+  send a create
+*/
+NTSTATUS torture_smb2_createfile(struct torture_context *tctx,
+				 struct smb2_tree *tree,
+				 const char *fname,
+				 struct smb2_handle *handle)
+{
+	struct smb2_create io;
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+
+	ZERO_STRUCT(io);
+	io.in.oplock_level = 0;
+	io.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.in.file_attributes   = FILE_ATTRIBUTE_NORMAL;
+	io.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.in.share_access = 
+		NTCREATEX_SHARE_ACCESS_DELETE|
+		NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.in.create_options = NTCREATEX_OPTIONS_WRITE_THROUGH;
+	io.in.fname = fname;
+
+	status = smb2_create(tree, tmp_ctx, &io);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(tmp_ctx);
+		torture_comment(tctx, "create1 failed - %s\n", nt_errstr(status));
+		return status;
+	}
+
+	if (DEBUGLVL(1)) {
+		torture_comment(tctx, "Open gave:\n");
+		torture_comment(tctx, "oplock_flags    = 0x%x\n", io.out.oplock_level);
+		torture_comment(tctx, "create_action   = 0x%x\n", io.out.create_action);
+		torture_comment(tctx, "create_time     = %s\n", nt_time_string(tmp_ctx, io.out.create_time));
+		torture_comment(tctx, "access_time     = %s\n", nt_time_string(tmp_ctx, io.out.access_time));
+		torture_comment(tctx, "write_time      = %s\n", nt_time_string(tmp_ctx, io.out.write_time));
+		torture_comment(tctx, "change_time     = %s\n", nt_time_string(tmp_ctx, io.out.change_time));
+		torture_comment(tctx, "alloc_size      = %lld\n", (long long)io.out.alloc_size);
+		torture_comment(tctx, "size            = %lld\n", (long long)io.out.size);
+		torture_comment(tctx, "file_attr       = 0x%x\n", io.out.file_attr);
+		torture_comment(tctx, "handle          = %016llx%016llx\n",
+		       (long long)io.out.file.handle.data[0], 
+		       (long long)io.out.file.handle.data[1]);
+	}
+
+	talloc_free(tmp_ctx);
+
+	*handle = io.out.file.handle;
+
+	return NT_STATUS_OK;
+}
+
+
+/* 
+   basic testing of SMB2 connection calls
+*/
+bool torture_smb2_connect(struct torture_context *tctx)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_tree *tree;
+	struct smb2_request *req;
+	struct smb2_handle h1, h2;
+	NTSTATUS status;
+	bool ok;
+
+	ok = torture_smb2_connection(tctx, &tree);
+	torture_assert(tctx, ok, "torture_smb2_connection failed");
+
+	smb2_util_unlink(tree, "test9.dat");
+
+	status = torture_smb2_createfile(tctx, tree, "test9.dat", &h1);
+	torture_assert_ntstatus_ok(tctx, status, "create failed");
+
+	status = torture_smb2_createfile(tctx, tree, "test9.dat", &h2);
+	torture_assert_ntstatus_ok(tctx, status, "create failed");
+
+	status = torture_smb2_write(tctx, tree, h1);
+	torture_assert_ntstatus_ok(tctx, status, "write failed");
+
+	status = torture_smb2_close(tctx, tree, h1);
+	torture_assert_ntstatus_ok(tctx, status, "close failed");
+
+	status = torture_smb2_close(tctx, tree, h2);
+	torture_assert_ntstatus_ok(tctx, status, "close failed");
+
+	status = smb2_util_close(tree, h1);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_FILE_CLOSED,
+				      "close should have closed the handle");
+
+	status = smb2_tdis(tree);
+	torture_assert_ntstatus_ok(tctx, status, "tdis failed");
+
+	status = smb2_tdis(tree);
+	torture_assert_ntstatus_equal(tctx, status,
+				      NT_STATUS_NETWORK_NAME_DELETED,
+				      "tdis should have closed the tcon");
+
+ 	status = smb2_logoff(tree->session);
+	torture_assert_ntstatus_ok(tctx, status, "logoff failed");
+
+	req = smb2_logoff_send(tree->session);
+	torture_assert_not_null(tctx, req, "smb2_logoff_send failed");
+
+	req->session = NULL;
+
+	status = smb2_logoff_recv(req);
+
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_USER_SESSION_DELETED,
+				      "logoff should have disabled session");
+
+	status = smb2_keepalive(tree->session->transport);
+	torture_assert_ntstatus_ok(tctx, status, "keepalive failed");
+
+	talloc_free(mem_ctx);
+
+	return true;
+}
diff --git a/source4/torture/smb2/create.c b/source4/torture/smb2/create.c
new file mode 100644
index 0000000..c1d132d
--- /dev/null
+++ b/source4/torture/smb2/create.c
@@ -0,0 +1,3629 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   SMB2 create test suite
+
+   Copyright (C) Andrew Tridgell 2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "libcli/smb/smbXcli_base.h"
+#include "torture/torture.h"
+#include "torture/util.h"
+#include "torture/smb2/proto.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "libcli/security/security.h"
+
+#include "system/filesys.h"
+#include "auth/credentials/credentials.h"
+#include "lib/cmdline/cmdline.h"
+#include "librpc/gen_ndr/security.h"
+#include "lib/events/events.h"
+
+#define FNAME "test_create.dat"
+#define DNAME "smb2_open"
+
+#define CHECK_STATUS(status, correct) do { \
+	if (!NT_STATUS_EQUAL(status, correct)) { \
+		torture_result(tctx, TORTURE_FAIL, \
+			"(%s) Incorrect status %s - should be %s\n", \
+			 __location__, nt_errstr(status), nt_errstr(correct)); \
+		return false; \
+	}} while (0)
+
+#define CHECK_EQUAL(v, correct) do { \
+	if (v != correct) { \
+		torture_result(tctx, TORTURE_FAIL, \
+			"(%s) Incorrect value for %s 0x%08llx - " \
+		        "should be 0x%08llx\n", \
+			 __location__, #v, \
+		        (unsigned long long)v, \
+		        (unsigned long long)correct); \
+		return false;					\
+	}} while (0)
+
+#define CHECK_TIME(t, field) do { \
+	time_t t1, t2; \
+	finfo.all_info.level = RAW_FILEINFO_ALL_INFORMATION; \
+	finfo.all_info.in.file.handle = h1; \
+	status = smb2_getinfo_file(tree, tctx, &finfo); \
+	CHECK_STATUS(status, NT_STATUS_OK); \
+	t1 = t & ~1; \
+	t2 = nt_time_to_unix(finfo.all_info.out.field) & ~1; \
+	if (abs(t1-t2) > 2) { \
+		torture_result(tctx, TORTURE_FAIL, \
+			"(%s) wrong time for field %s  %s - %s\n", \
+			__location__, #field, \
+			timestring(tctx, t1), \
+			timestring(tctx, t2)); \
+		dump_all_info(tctx, &finfo); \
+		ret = false; \
+	}} while (0)
+
+#define CHECK_NTTIME(t, field) do { \
+	NTTIME t2; \
+	finfo.all_info.level = RAW_FILEINFO_ALL_INFORMATION; \
+	finfo.all_info.in.file.handle = h1; \
+	status = smb2_getinfo_file(tree, tctx, &finfo); \
+	CHECK_STATUS(status, NT_STATUS_OK); \
+	t2 = finfo.all_info.out.field; \
+	if (llabs((int64_t)(t-t2)) > 20000) { \
+		torture_result(tctx, TORTURE_FAIL, \
+			"(%s) wrong time for field %s  %s - %s\n", \
+		       __location__, #field, \
+		       nt_time_string(tctx, t), \
+		       nt_time_string(tctx, t2)); \
+		dump_all_info(tctx, &finfo); \
+		ret = false; \
+	}} while (0)
+
+#define CHECK_ALL_INFO(v, field) do { \
+	finfo.all_info.level = RAW_FILEINFO_ALL_INFORMATION; \
+	finfo.all_info.in.file.handle = h1; \
+	status = smb2_getinfo_file(tree, tctx, &finfo); \
+	CHECK_STATUS(status, NT_STATUS_OK); \
+	if ((v) != (finfo.all_info.out.field)) { \
+	       torture_result(tctx, TORTURE_FAIL, \
+			"(%s) wrong value for field %s  0x%x - 0x%x\n", \
+			__location__, #field, (int)v,\
+			(int)(finfo.all_info.out.field)); \
+		dump_all_info(tctx, &finfo); \
+		ret = false; \
+	}} while (0)
+
+#define CHECK_VAL(v, correct) do { \
+	if ((v) != (correct)) { \
+		torture_result(tctx, TORTURE_FAIL, \
+			"(%s) wrong value for %s  0x%x - should be 0x%x\n", \
+		       __location__, #v, (int)(v), (int)correct); \
+		ret = false; \
+	}} while (0)
+
+#define SET_ATTRIB(sattrib) do { \
+	union smb_setfileinfo sfinfo; \
+	ZERO_STRUCT(sfinfo.basic_info.in); \
+	sfinfo.basic_info.level = RAW_SFILEINFO_BASIC_INFORMATION; \
+	sfinfo.basic_info.in.file.handle = h1; \
+	sfinfo.basic_info.in.attrib = sattrib; \
+	status = smb2_setinfo_file(tree, &sfinfo); \
+	if (!NT_STATUS_IS_OK(status)) { \
+		torture_comment(tctx, \
+		    "(%s) Failed to set attrib 0x%x on %s\n", \
+		       __location__, (unsigned int)(sattrib), fname); \
+	}} while (0)
+
+/*
+  test some interesting combinations found by gentest
+ */
+static bool test_create_gentest(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	struct smb2_create io;
+	NTSTATUS status;
+	uint32_t access_mask, file_attributes_set;
+	uint32_t ok_mask, not_supported_mask, invalid_parameter_mask;
+	uint32_t not_a_directory_mask, unexpected_mask;
+	union smb_fileinfo q;
+
+	ZERO_STRUCT(io);
+	io.in.desired_access     = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.in.file_attributes    = FILE_ATTRIBUTE_NORMAL;
+	io.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+	io.in.share_access =
+		NTCREATEX_SHARE_ACCESS_DELETE|
+		NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.in.create_options = 0;
+	io.in.fname = FNAME;
+
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_util_close(tree, io.out.file.handle);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	io.in.create_options = 0xF0000000;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	io.in.create_options = 0;
+
+	io.in.file_attributes = FILE_ATTRIBUTE_DEVICE;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	io.in.file_attributes = FILE_ATTRIBUTE_VOLUME;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	io.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.in.file_attributes = FILE_ATTRIBUTE_VOLUME;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	io.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.in.desired_access = 0x08000000;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	io.in.desired_access = 0x04000000;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	io.in.file_attributes = 0;
+	io.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.in.desired_access     = SEC_FLAG_MAXIMUM_ALLOWED;
+	ok_mask = 0;
+	not_supported_mask = 0;
+	invalid_parameter_mask = 0;
+	not_a_directory_mask = 0;
+	unexpected_mask = 0;
+	{
+		int i;
+		for (i=0;i<32;i++) {
+			io.in.create_options = (uint32_t)1<<i;
+			if (io.in.create_options & NTCREATEX_OPTIONS_DELETE_ON_CLOSE) {
+				continue;
+			}
+			status = smb2_create(tree, tctx, &io);
+			if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
+				not_supported_mask |= 1<<i;
+			} else if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
+				invalid_parameter_mask |= 1<<i;
+			} else if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_A_DIRECTORY)) {
+				not_a_directory_mask |= 1<<i;
+			} else if (NT_STATUS_EQUAL(status, NT_STATUS_OK)) {
+				ok_mask |= 1<<i;
+				status = smb2_util_close(tree, io.out.file.handle);
+				CHECK_STATUS(status, NT_STATUS_OK);
+			} else {
+				unexpected_mask |= 1<<i;
+				torture_comment(tctx,
+				    "create option 0x%08x returned %s\n",
+				    1<<i, nt_errstr(status));
+			}
+		}
+	}
+	io.in.create_options = 0;
+
+	CHECK_EQUAL(ok_mask,                0x00efcf7e);
+	CHECK_EQUAL(not_a_directory_mask,   0x00000001);
+	CHECK_EQUAL(not_supported_mask,     0x00102080);
+	CHECK_EQUAL(invalid_parameter_mask, 0xff000000);
+	CHECK_EQUAL(unexpected_mask,        0x00000000);
+
+	io.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.in.file_attributes = 0;
+	access_mask = 0;
+	{
+		int i;
+		for (i=0;i<32;i++) {
+			io.in.desired_access = (uint32_t)1<<i;
+			status = smb2_create(tree, tctx, &io);
+			if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) ||
+			    NT_STATUS_EQUAL(status, NT_STATUS_PRIVILEGE_NOT_HELD)) {
+				access_mask |= io.in.desired_access;
+			} else {
+				CHECK_STATUS(status, NT_STATUS_OK);
+				status = smb2_util_close(tree, io.out.file.handle);
+				CHECK_STATUS(status, NT_STATUS_OK);
+			}
+		}
+	}
+
+	if (TARGET_IS_WIN7(tctx)) {
+		CHECK_EQUAL(access_mask, 0x0de0fe00);
+	} else if (torture_setting_bool(tctx, "samba4", false)) {
+		CHECK_EQUAL(access_mask, 0x0cf0fe00);
+	} else {
+		CHECK_EQUAL(access_mask, 0x0df0fe00);
+	}
+
+	io.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.in.file_attributes = 0;
+	ok_mask = 0;
+	invalid_parameter_mask = 0;
+	unexpected_mask = 0;
+	file_attributes_set = 0;
+	{
+		int i;
+		for (i=0;i<32;i++) {
+			io.in.file_attributes = (uint32_t)1<<i;
+			if (io.in.file_attributes & FILE_ATTRIBUTE_ENCRYPTED) {
+				continue;
+			}
+			smb2_deltree(tree, FNAME);
+			status = smb2_create(tree, tctx, &io);
+			if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
+				invalid_parameter_mask |= 1<<i;
+			} else if (NT_STATUS_IS_OK(status)) {
+				uint32_t expected;
+				ok_mask |= 1<<i;
+
+				expected = (io.in.file_attributes | FILE_ATTRIBUTE_ARCHIVE) & 0x00005127;
+				io.out.file_attr &= ~FILE_ATTRIBUTE_NONINDEXED;
+				CHECK_EQUAL(io.out.file_attr, expected);
+				file_attributes_set |= io.out.file_attr;
+
+				status = smb2_util_close(tree, io.out.file.handle);
+				CHECK_STATUS(status, NT_STATUS_OK);
+			} else {
+				unexpected_mask |= 1<<i;
+				torture_comment(tctx,
+				    "file attribute 0x%08x returned %s\n",
+				    1<<i, nt_errstr(status));
+			}
+		}
+	}
+
+	CHECK_EQUAL(ok_mask,                0x00003fb7);
+	CHECK_EQUAL(invalid_parameter_mask, 0xffff8048);
+	CHECK_EQUAL(unexpected_mask,        0x00000000);
+	CHECK_EQUAL(file_attributes_set,    0x00001127);
+
+	smb2_deltree(tree, FNAME);
+
+	/*
+	 * Standalone servers doesn't support encryption
+	 */
+	io.in.file_attributes = FILE_ATTRIBUTE_ENCRYPTED;
+	status = smb2_create(tree, tctx, &io);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+		torture_comment(tctx,
+		    "FILE_ATTRIBUTE_ENCRYPTED returned %s\n",
+		    nt_errstr(status));
+	} else {
+		CHECK_STATUS(status, NT_STATUS_OK);
+		CHECK_EQUAL(io.out.file_attr, (FILE_ATTRIBUTE_ENCRYPTED | FILE_ATTRIBUTE_ARCHIVE));
+		status = smb2_util_close(tree, io.out.file.handle);
+		CHECK_STATUS(status, NT_STATUS_OK);
+	}
+
+	smb2_deltree(tree, FNAME);
+
+	ZERO_STRUCT(io);
+	io.in.desired_access     = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.in.file_attributes    = 0;
+	io.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+	io.in.share_access =
+		NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.in.create_options = 0;
+	io.in.fname = FNAME ":stream1";
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_util_close(tree, io.out.file.handle);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	io.in.fname = FNAME;
+	io.in.file_attributes = 0x8040;
+	io.in.share_access =
+		NTCREATEX_SHARE_ACCESS_READ;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	io.in.fname = FNAME;
+	io.in.file_attributes = 0;
+	io.in.desired_access  = SEC_FILE_READ_DATA | SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA;
+	io.in.query_maximal_access = true;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_EQUAL(io.out.maximal_access, 0x001f01ff);
+
+	q.access_information.level = RAW_FILEINFO_ACCESS_INFORMATION;
+	q.access_information.in.file.handle = io.out.file.handle;
+	status = smb2_getinfo_file(tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_EQUAL(q.access_information.out.access_flags, io.in.desired_access);
+
+	io.in.file_attributes = 0;
+	io.in.desired_access  = 0;
+	io.in.query_maximal_access = false;
+	io.in.share_access = 0;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	smb2_deltree(tree, FNAME);
+
+	return true;
+}
+
+
+/*
+  try the various request blobs
+ */
+static bool test_create_blob(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	struct smb2_create io;
+	NTSTATUS status;
+
+	smb2_deltree(tree, FNAME);
+
+	ZERO_STRUCT(io);
+	io.in.desired_access     = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.in.file_attributes    = FILE_ATTRIBUTE_NORMAL;
+	io.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+	io.in.share_access =
+		NTCREATEX_SHARE_ACCESS_DELETE|
+		NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.in.create_options		= NTCREATEX_OPTIONS_SEQUENTIAL_ONLY |
+					  NTCREATEX_OPTIONS_ASYNC_ALERT	|
+					  NTCREATEX_OPTIONS_NON_DIRECTORY_FILE |
+					  0x00200000;
+	io.in.fname = FNAME;
+
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_util_close(tree, io.out.file.handle);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "Testing alloc size\n");
+	/* FIXME We use 1M cause that's the rounded size of Samba.
+	 * We should ask the server for the cluster size and calculate it
+	 * correctly. */
+	io.in.alloc_size = 0x00100000;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_EQUAL(io.out.alloc_size, io.in.alloc_size);
+
+	status = smb2_util_close(tree, io.out.file.handle);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "Testing durable open\n");
+	io.in.durable_open = true;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_util_close(tree, io.out.file.handle);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "Testing query maximal access\n");
+	io.in.query_maximal_access = true;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_EQUAL(io.out.maximal_access, 0x001f01ff);
+
+	status = smb2_util_close(tree, io.out.file.handle);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "Testing timewarp\n");
+	io.in.timewarp = 10000;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+	io.in.timewarp = 0;
+
+	torture_comment(tctx, "Testing query_on_disk\n");
+	io.in.query_on_disk_id = true;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_util_close(tree, io.out.file.handle);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "Testing unknown tag\n");
+	status = smb2_create_blob_add(tctx, &io.in.blobs,
+				      "FooO", data_blob(NULL, 0));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_util_close(tree, io.out.file.handle);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "Testing bad tag length 0\n");
+	ZERO_STRUCT(io.in.blobs);
+	status = smb2_create_blob_add(tctx, &io.in.blobs,
+				      "x", data_blob(NULL, 0));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	torture_comment(tctx, "Testing bad tag length 1\n");
+	ZERO_STRUCT(io.in.blobs);
+	status = smb2_create_blob_add(tctx, &io.in.blobs,
+				      "x", data_blob(NULL, 0));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	torture_comment(tctx, "Testing bad tag length 2\n");
+	ZERO_STRUCT(io.in.blobs);
+	status = smb2_create_blob_add(tctx, &io.in.blobs,
+				      "xx", data_blob(NULL, 0));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	torture_comment(tctx, "Testing bad tag length 3\n");
+	ZERO_STRUCT(io.in.blobs);
+	status = smb2_create_blob_add(tctx, &io.in.blobs,
+				      "xxx", data_blob(NULL, 0));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	torture_comment(tctx, "Testing tag length 4\n");
+	ZERO_STRUCT(io.in.blobs);
+	status = smb2_create_blob_add(tctx, &io.in.blobs,
+				      "xxxx", data_blob(NULL, 0));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "Testing tag length 5\n");
+	ZERO_STRUCT(io.in.blobs);
+	status = smb2_create_blob_add(tctx, &io.in.blobs,
+				      "xxxxx", data_blob(NULL, 0));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "Testing tag length 6\n");
+	ZERO_STRUCT(io.in.blobs);
+	status = smb2_create_blob_add(tctx, &io.in.blobs,
+				      "xxxxxx", data_blob(NULL, 0));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "Testing tag length 7\n");
+	ZERO_STRUCT(io.in.blobs);
+	status = smb2_create_blob_add(tctx, &io.in.blobs,
+				      "xxxxxxx", data_blob(NULL, 0));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "Testing tag length 8\n");
+	ZERO_STRUCT(io.in.blobs);
+	status = smb2_create_blob_add(tctx, &io.in.blobs,
+				      "xxxxxxxx", data_blob(NULL, 0));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "Testing tag length 16\n");
+	ZERO_STRUCT(io.in.blobs);
+	status = smb2_create_blob_add(tctx, &io.in.blobs,
+				      "xxxxxxxxxxxxxxxx", data_blob(NULL, 0));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "Testing tag length 17\n");
+	ZERO_STRUCT(io.in.blobs);
+	status = smb2_create_blob_add(tctx, &io.in.blobs,
+				      "xxxxxxxxxxxxxxxxx", data_blob(NULL, 0));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "Testing tag length 34\n");
+	ZERO_STRUCT(io.in.blobs);
+	status = smb2_create_blob_add(tctx, &io.in.blobs,
+				      "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
+				      data_blob(NULL, 0));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	smb2_deltree(tree, FNAME);
+
+	return true;
+}
+
+#define FAIL_UNLESS(__cond)					\
+	do {							\
+		if (__cond) {} else {				\
+			torture_result(tctx, TORTURE_FAIL, "%s) condition violated: %s\n",	\
+			       __location__, #__cond);		\
+			ret = false; goto done;                 \
+		}						\
+	} while(0)
+
+/*
+  try creating with acls
+ */
+static bool test_create_acl_ext(struct torture_context *tctx, struct smb2_tree *tree, bool test_dir)
+{
+	bool ret = true;
+	struct smb2_create io;
+	NTSTATUS status;
+	struct security_ace ace;
+	struct security_descriptor *sd;
+	struct dom_sid *test_sid;
+	union smb_fileinfo q = {};
+	uint32_t attrib =
+	    FILE_ATTRIBUTE_HIDDEN |
+	    FILE_ATTRIBUTE_SYSTEM |
+	    (test_dir ? FILE_ATTRIBUTE_DIRECTORY : 0);
+	NTSTATUS (*delete_func)(struct smb2_tree *, const char *) =
+	    test_dir ? smb2_util_rmdir : smb2_util_unlink;
+
+	ZERO_STRUCT(ace);
+
+	smb2_deltree(tree, FNAME);
+
+	ZERO_STRUCT(io);
+	io.in.desired_access     = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.in.file_attributes    = FILE_ATTRIBUTE_NORMAL;
+	io.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.in.share_access =
+		NTCREATEX_SHARE_ACCESS_DELETE |
+		NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.in.create_options = NTCREATEX_OPTIONS_ASYNC_ALERT | 0x00200000 |
+	    (test_dir ?  NTCREATEX_OPTIONS_DIRECTORY :
+		(NTCREATEX_OPTIONS_NON_DIRECTORY_FILE));
+
+	io.in.fname = FNAME;
+
+	torture_comment(tctx, "basic create\n");
+
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.handle = io.out.file.handle;
+	q.query_secdesc.in.secinfo_flags =
+		SECINFO_OWNER |
+		SECINFO_GROUP |
+		SECINFO_DACL;
+	status = smb2_getinfo_file(tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	sd = q.query_secdesc.out.sd;
+
+	status = smb2_util_close(tree, io.out.file.handle);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = delete_func(tree, FNAME);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "adding a new ACE\n");
+	test_sid = dom_sid_parse_talloc(tctx, SID_NT_AUTHENTICATED_USERS);
+
+	ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
+	ace.flags = 0;
+	ace.access_mask = SEC_STD_ALL;
+	ace.trustee = *test_sid;
+
+	status = security_descriptor_dacl_add(sd, &ace);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "creating a file with an initial ACL\n");
+
+	io.in.sec_desc = sd;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	FAIL_UNLESS(smb2_util_verify_sd(tctx, tree, io.out.file.handle, sd));
+
+	status = smb2_util_close(tree, io.out.file.handle);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = delete_func(tree, FNAME);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "creating with attributes\n");
+
+	io.in.sec_desc = NULL;
+	io.in.file_attributes = attrib;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	FAIL_UNLESS(smb2_util_verify_attrib(tctx, tree, io.out.file.handle, attrib));
+
+	status = smb2_util_close(tree, io.out.file.handle);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = delete_func(tree, FNAME);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "creating with attributes and ACL\n");
+
+	io.in.sec_desc = sd;
+	io.in.file_attributes = attrib;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	FAIL_UNLESS(smb2_util_verify_sd(tctx, tree, io.out.file.handle, sd));
+	FAIL_UNLESS(smb2_util_verify_attrib(tctx, tree, io.out.file.handle, attrib));
+
+	status = smb2_util_close(tree, io.out.file.handle);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = delete_func(tree, FNAME);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "creating with attributes, ACL and owner\n");
+	sd = security_descriptor_dacl_create(tctx,
+					0, SID_WORLD, SID_BUILTIN_USERS,
+					SID_WORLD,
+					SEC_ACE_TYPE_ACCESS_ALLOWED,
+					SEC_RIGHTS_FILE_READ | SEC_STD_ALL,
+					0,
+					NULL);
+
+	io.in.sec_desc = sd;
+	io.in.file_attributes = attrib;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	FAIL_UNLESS(smb2_util_verify_sd(tctx, tree, io.out.file.handle, sd));
+	FAIL_UNLESS(smb2_util_verify_attrib(tctx, tree, io.out.file.handle, attrib));
+
+ done:
+	status = smb2_util_close(tree, io.out.file.handle);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = delete_func(tree, FNAME);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	return ret;
+}
+
+/*
+  test SMB2 open
+*/
+static bool test_smb2_open(struct torture_context *tctx,
+			   struct smb2_tree *tree)
+{
+	union smb_open io;
+	union smb_fileinfo finfo;
+	const char *fname = DNAME "\\torture_ntcreatex.txt";
+	const char *dname = DNAME "\\torture_ntcreatex.dir";
+	NTSTATUS status;
+	struct smb2_handle h = {{0}};
+	struct smb2_handle h1 = {{0}};
+	bool ret = true;
+	size_t i;
+	struct {
+		uint32_t create_disp;
+		bool with_file;
+		NTSTATUS correct_status;
+	} open_funcs[] = {
+		{ NTCREATEX_DISP_SUPERSEDE,     true,  NT_STATUS_OK },
+		{ NTCREATEX_DISP_SUPERSEDE,     false, NT_STATUS_OK },
+		{ NTCREATEX_DISP_OPEN,          true,  NT_STATUS_OK },
+		{ NTCREATEX_DISP_OPEN,          false, NT_STATUS_OBJECT_NAME_NOT_FOUND },
+		{ NTCREATEX_DISP_CREATE,        true,  NT_STATUS_OBJECT_NAME_COLLISION },
+		{ NTCREATEX_DISP_CREATE,        false, NT_STATUS_OK },
+		{ NTCREATEX_DISP_OPEN_IF,       true,  NT_STATUS_OK },
+		{ NTCREATEX_DISP_OPEN_IF,       false, NT_STATUS_OK },
+		{ NTCREATEX_DISP_OVERWRITE,     true,  NT_STATUS_OK },
+		{ NTCREATEX_DISP_OVERWRITE,     false, NT_STATUS_OBJECT_NAME_NOT_FOUND },
+		{ NTCREATEX_DISP_OVERWRITE_IF,  true,  NT_STATUS_OK },
+		{ NTCREATEX_DISP_OVERWRITE_IF,  false, NT_STATUS_OK },
+		{ 6,                            true,  NT_STATUS_INVALID_PARAMETER },
+		{ 6,                            false, NT_STATUS_INVALID_PARAMETER },
+	};
+
+	torture_comment(tctx, "Checking SMB2 Open\n");
+
+	smb2_util_unlink(tree, fname);
+	smb2_util_rmdir(tree, dname);
+
+	status = torture_smb2_testdir(tree, DNAME, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(io.smb2);
+	/* reasonable default parameters */
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 1024*1024;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	/* test the create disposition */
+	for (i=0; i<ARRAY_SIZE(open_funcs); i++) {
+		if (open_funcs[i].with_file) {
+			io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+			status= smb2_create(tree, tctx, &(io.smb2));
+			if (!NT_STATUS_IS_OK(status)) {
+				torture_comment(tctx,
+				    "Failed to create file %s status %s %zu\n",
+				    fname, nt_errstr(status), i);
+
+				ret = false;
+				goto done;
+			}
+			smb2_util_close(tree, io.smb2.out.file.handle);
+		}
+		io.smb2.in.create_disposition = open_funcs[i].create_disp;
+		status = smb2_create(tree, tctx, &(io.smb2));
+		if (!NT_STATUS_EQUAL(status, open_funcs[i].correct_status)) {
+			torture_comment(tctx,
+			    "(%s) incorrect status %s should be %s (i=%zu "
+			    "with_file=%d open_disp=%d)\n",
+			 __location__, nt_errstr(status),
+			nt_errstr(open_funcs[i].correct_status),
+			i, (int)open_funcs[i].with_file,
+			(int)open_funcs[i].create_disp);
+
+			ret = false;
+			goto done;
+		}
+		if (NT_STATUS_IS_OK(status) || open_funcs[i].with_file) {
+			smb2_util_close(tree, io.smb2.out.file.handle);
+			smb2_util_unlink(tree, fname);
+		}
+	}
+
+	/* basic field testing */
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+
+	status = smb2_create(tree, tctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+
+	CHECK_VAL(io.smb2.out.oplock_level, 0);
+	CHECK_VAL(io.smb2.out.create_action, NTCREATEX_ACTION_CREATED);
+	CHECK_NTTIME(io.smb2.out.create_time, create_time);
+	CHECK_NTTIME(io.smb2.out.access_time, access_time);
+	CHECK_NTTIME(io.smb2.out.write_time, write_time);
+	CHECK_NTTIME(io.smb2.out.change_time, change_time);
+	CHECK_ALL_INFO(io.smb2.out.file_attr, attrib);
+	CHECK_ALL_INFO(io.smb2.out.alloc_size, alloc_size);
+	CHECK_ALL_INFO(io.smb2.out.size, size);
+
+	/* check fields when the file already existed */
+	smb2_util_close(tree, h1);
+	smb2_util_unlink(tree, fname);
+
+	status = smb2_create_complex_file(tctx, tree, fname, &h1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	smb2_util_close(tree, h1);
+
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	status = smb2_create(tree, tctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+
+	CHECK_VAL(io.smb2.out.oplock_level, 0);
+	CHECK_VAL(io.smb2.out.create_action, NTCREATEX_ACTION_EXISTED);
+	CHECK_NTTIME(io.smb2.out.create_time, create_time);
+	CHECK_NTTIME(io.smb2.out.access_time, access_time);
+	CHECK_NTTIME(io.smb2.out.write_time, write_time);
+	CHECK_NTTIME(io.smb2.out.change_time, change_time);
+	CHECK_ALL_INFO(io.smb2.out.file_attr, attrib);
+	CHECK_ALL_INFO(io.smb2.out.alloc_size, alloc_size);
+	CHECK_ALL_INFO(io.smb2.out.size, size);
+	smb2_util_close(tree, h1);
+	smb2_util_unlink(tree, fname);
+
+	/* create a directory */
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.fname = dname;
+	fname = dname;
+
+	smb2_util_rmdir(tree, fname);
+	smb2_util_unlink(tree, fname);
+
+	io.smb2.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE;
+	status = smb2_create(tree, tctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+
+	CHECK_VAL(io.smb2.out.oplock_level, 0);
+	CHECK_VAL(io.smb2.out.create_action, NTCREATEX_ACTION_CREATED);
+	CHECK_NTTIME(io.smb2.out.create_time, create_time);
+	CHECK_NTTIME(io.smb2.out.access_time, access_time);
+	CHECK_NTTIME(io.smb2.out.write_time, write_time);
+	CHECK_NTTIME(io.smb2.out.change_time, change_time);
+	CHECK_ALL_INFO(io.smb2.out.file_attr, attrib);
+	CHECK_VAL(io.smb2.out.file_attr & ~FILE_ATTRIBUTE_NONINDEXED,
+		  FILE_ATTRIBUTE_DIRECTORY);
+	CHECK_ALL_INFO(io.smb2.out.alloc_size, alloc_size);
+	CHECK_ALL_INFO(io.smb2.out.size, size);
+	CHECK_VAL(io.smb2.out.size, 0);
+	smb2_util_unlink(tree, fname);
+
+done:
+	smb2_util_close(tree, h1);
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, DNAME);
+	return ret;
+}
+
+/*
+  test with an already opened and byte range locked file
+*/
+
+static bool test_smb2_open_brlocked(struct torture_context *tctx,
+				    struct smb2_tree *tree)
+{
+	union smb_open io, io1;
+	union smb_lock io2;
+	struct smb2_lock_element lock[1];
+	const char *fname = DNAME "\\torture_ntcreatex.txt";
+	NTSTATUS status;
+	bool ret = true;
+	struct smb2_handle h;
+	char b = 42;
+
+	torture_comment(tctx,
+		"Testing SMB2 open with a byte range locked file\n");
+
+	smb2_util_unlink(tree, fname);
+
+	status = torture_smb2_testdir(tree, DNAME, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.desired_access = 0x2019f;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION;
+	io.smb2.in.security_flags = SMB2_SECURITY_DYNAMIC_TRACKING;
+	io.smb2.in.fname = fname;
+
+	status = smb2_create(tree, tctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_util_write(tree, io.smb2.out.file.handle, &b, 0, 1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(io2.smb2);
+	io2.smb2.level = RAW_LOCK_SMB2;
+	io2.smb2.in.file.handle = io.smb2.out.file.handle;
+	io2.smb2.in.lock_count = 1;
+
+	ZERO_STRUCT(lock);
+	lock[0].offset = 0;
+	lock[0].length = 1;
+	lock[0].flags = SMB2_LOCK_FLAG_EXCLUSIVE |
+			SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	io2.smb2.in.locks = &lock[0];
+	status = smb2_lock(tree, &(io2.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(io1.smb2);
+	io1.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io1.smb2.in.desired_access = 0x20196;
+	io1.smb2.in.alloc_size = 0;
+	io1.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io1.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io1.smb2.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+	io1.smb2.in.create_options = 0;
+	io1.smb2.in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION;
+	io1.smb2.in.security_flags = SMB2_SECURITY_DYNAMIC_TRACKING;
+	io1.smb2.in.fname = fname;
+
+	status = smb2_create(tree, tctx, &(io1.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	smb2_util_close(tree, io.smb2.out.file.handle);
+	smb2_util_close(tree, io1.smb2.out.file.handle);
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, DNAME);
+
+	return ret;
+}
+
+/* A little torture test to expose a race condition in Samba 3.0.20 ... :-) */
+
+static bool test_smb2_open_multi(struct torture_context *tctx,
+				struct smb2_tree *tree)
+{
+	const char *fname = "test_oplock.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	struct smb2_tree **trees;
+	struct smb2_request **requests;
+	union smb_open *ios;
+	int i, num_files = 3;
+	int num_ok = 0;
+	int num_collision = 0;
+
+	torture_comment(tctx,
+		"Testing SMB2 Open with multiple connections\n");
+	trees = talloc_array(tctx, struct smb2_tree *, num_files);
+	requests = talloc_array(tctx, struct smb2_request *, num_files);
+	ios = talloc_array(tctx, union smb_open, num_files);
+	if ((tctx->ev == NULL) || (trees == NULL) || (requests == NULL) ||
+	    (ios == NULL)) {
+		torture_comment(tctx, ("talloc failed\n"));
+		ret = false;
+		goto done;
+	}
+
+	tree->session->transport->options.request_timeout = 60;
+
+	for (i=0; i<num_files; i++) {
+		if (!torture_smb2_connection(tctx, &(trees[i]))) {
+			torture_comment(tctx,
+				"Could not open %d'th connection\n", i);
+			ret = false;
+			goto done;
+		}
+		trees[i]->session->transport->options.request_timeout = 60;
+	}
+
+	/* cleanup */
+	smb2_util_unlink(tree, fname);
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE|
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+	io.smb2.in.create_flags = 0;
+
+	for (i=0; i<num_files; i++) {
+		ios[i] = io;
+		requests[i] = smb2_create_send(trees[i], &(ios[i].smb2));
+		if (requests[i] == NULL) {
+			torture_comment(tctx,
+				"could not send %d'th request\n", i);
+			ret = false;
+			goto done;
+		}
+	}
+
+	torture_comment(tctx, "waiting for replies\n");
+	while (1) {
+		bool unreplied = false;
+		for (i=0; i<num_files; i++) {
+			if (requests[i] == NULL) {
+				continue;
+			}
+			if (requests[i]->state < SMB2_REQUEST_DONE) {
+				unreplied = true;
+				break;
+			}
+			status = smb2_create_recv(requests[i], tctx,
+						  &(ios[i].smb2));
+
+			torture_comment(tctx,
+				"File %d returned status %s\n", i,
+				nt_errstr(status));
+
+			if (NT_STATUS_IS_OK(status)) {
+				num_ok += 1;
+			}
+
+			if (NT_STATUS_EQUAL(status,
+					    NT_STATUS_OBJECT_NAME_COLLISION)) {
+				num_collision += 1;
+			}
+
+			requests[i] = NULL;
+		}
+		if (!unreplied) {
+			break;
+		}
+
+		if (tevent_loop_once(tctx->ev) != 0) {
+			torture_comment(tctx, "tevent_loop_once failed\n");
+			ret = false;
+			goto done;
+		}
+	}
+
+	if ((num_ok != 1) || (num_ok + num_collision != num_files)) {
+		ret = false;
+	}
+done:
+	smb2_deltree(tree, fname);
+
+	return ret;
+}
+
+/*
+  test opening for delete on a read-only attribute file.
+*/
+
+static bool test_smb2_open_for_delete(struct torture_context *tctx,
+				      struct smb2_tree *tree)
+{
+	union smb_open io;
+	union smb_fileinfo finfo;
+	const char *fname = DNAME "\\torture_open_for_delete.txt";
+	NTSTATUS status;
+	struct smb2_handle h, h1;
+	bool ret = true;
+
+	torture_comment(tctx,
+		"Checking SMB2_OPEN for delete on a readonly file.\n");
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, fname);
+
+	status = torture_smb2_testdir(tree, DNAME, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* reasonable default parameters */
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_READONLY;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	/* Create the readonly file. */
+
+	status = smb2_create(tree, tctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+
+	CHECK_VAL(io.smb2.out.oplock_level, 0);
+	io.smb2.in.create_options = 0;
+	CHECK_VAL(io.smb2.out.create_action, NTCREATEX_ACTION_CREATED);
+	CHECK_ALL_INFO(io.smb2.out.file_attr, attrib);
+	smb2_util_close(tree, h1);
+
+	/* Now try and open for delete only - should succeed. */
+	io.smb2.in.desired_access = SEC_STD_DELETE;
+	io.smb2.in.file_attributes = 0;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE |
+				NTCREATEX_SHARE_ACCESS_DELETE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	status = smb2_create(tree, tctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, io.smb2.out.file.handle);
+
+	/* Clear readonly flag to allow file deletion */
+	io.smb2.in.desired_access = SEC_FILE_READ_ATTRIBUTE |
+				SEC_FILE_WRITE_ATTRIBUTE;
+	status = smb2_create(tree, tctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+	SET_ATTRIB(FILE_ATTRIBUTE_ARCHIVE);
+	smb2_util_close(tree, h1);
+
+	smb2_util_close(tree, h);
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, DNAME);
+
+	return ret;
+}
+
+/*
+  test SMB2 open with a leading slash on the path.
+  Trying to create a directory with a leading slash
+  should give NT_STATUS_INVALID_PARAMETER error
+*/
+static bool test_smb2_leading_slash(struct torture_context *tctx,
+				    struct smb2_tree *tree)
+{
+	union smb_open io;
+	const char *dnameslash = "\\"DNAME;
+	NTSTATUS status;
+	bool ret = true;
+
+	torture_comment(tctx,
+		"Trying to create a directory with leading slash on path\n");
+	smb2_deltree(tree, dnameslash);
+
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.oplock_level = 0;
+	io.smb2.in.desired_access = SEC_RIGHTS_DIR_ALL;
+	io.smb2.in.file_attributes   = FILE_ATTRIBUTE_DIRECTORY;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE |
+				NTCREATEX_SHARE_ACCESS_DELETE;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.smb2.in.fname = dnameslash;
+
+	status = smb2_create(tree, tree, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	smb2_deltree(tree, dnameslash);
+	return ret;
+}
+
+/*
+  test SMB2 open with an invalid impersonation level.
+  Should give NT_STATUS_BAD_IMPERSONATION_LEVEL error
+*/
+static bool test_smb2_impersonation_level(struct torture_context *tctx,
+				    struct smb2_tree *tree)
+{
+	union smb_open io;
+	const char *fname = DNAME "\\torture_invalid_impersonation_level.txt";
+	NTSTATUS status;
+	struct smb2_handle h;
+	bool ret = true;
+
+	torture_comment(tctx,
+		"Testing SMB2 open with an invalid impersonation level.\n");
+
+	smb2_util_unlink(tree, fname);
+	smb2_util_rmdir(tree, DNAME);
+
+	status = torture_smb2_testdir(tree, DNAME, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE|
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = 0x12345678;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+	io.smb2.in.create_flags = 0;
+
+	status = smb2_create(tree, tree, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_BAD_IMPERSONATION_LEVEL);
+
+	smb2_util_close(tree, h);
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, DNAME);
+	return ret;
+}
+
+static bool test_create_acl_file(struct torture_context *tctx,
+    struct smb2_tree *tree)
+{
+	torture_comment(tctx, "Testing nttrans create with sec_desc on files\n");
+
+	return test_create_acl_ext(tctx, tree, false);
+}
+
+static bool test_create_acl_dir(struct torture_context *tctx,
+    struct smb2_tree *tree)
+{
+	torture_comment(tctx, "Testing nttrans create with sec_desc on directories\n");
+
+	return test_create_acl_ext(tctx, tree, true);
+}
+
+#define CHECK_ACCESS_FLAGS(_fh, flags) do { \
+	union smb_fileinfo _q; \
+	_q.access_information.level = RAW_FILEINFO_ACCESS_INFORMATION; \
+	_q.access_information.in.file.handle = (_fh); \
+	status = smb2_getinfo_file(tree, tctx, &_q); \
+	CHECK_STATUS(status, NT_STATUS_OK); \
+	if (_q.access_information.out.access_flags != (flags)) { \
+		torture_result(tctx, TORTURE_FAIL, "(%s) Incorrect access_flags 0x%08x - should be 0x%08x\n", \
+		       __location__, _q.access_information.out.access_flags, (flags)); \
+		ret = false; \
+		goto done; \
+	} \
+} while (0)
+
+/*
+ * Test creating a file with a NULL DACL.
+ */
+static bool test_create_null_dacl(struct torture_context *tctx,
+    struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	struct smb2_create io;
+	const char *fname = "nulldacl.txt";
+	bool ret = true;
+	struct smb2_handle handle;
+	union smb_fileinfo q;
+	union smb_setfileinfo s;
+	struct security_descriptor *sd = security_descriptor_initialise(tctx);
+	struct security_acl dacl;
+
+	torture_comment(tctx, "TESTING SEC_DESC WITH A NULL DACL\n");
+
+	smb2_util_unlink(tree, fname);
+
+	ZERO_STRUCT(io);
+	io.level = RAW_OPEN_SMB2;
+	io.in.create_flags = 0;
+	io.in.desired_access = SEC_STD_READ_CONTROL | SEC_STD_WRITE_DAC
+		| SEC_STD_WRITE_OWNER;
+	io.in.create_options = 0;
+	io.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.in.share_access =
+		NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	io.in.alloc_size = 0;
+	io.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.in.security_flags = 0;
+	io.in.fname = fname;
+	io.in.sec_desc = sd;
+	/* XXX create_options ? */
+	io.in.create_options		= NTCREATEX_OPTIONS_SEQUENTIAL_ONLY |
+					  NTCREATEX_OPTIONS_ASYNC_ALERT	|
+					  NTCREATEX_OPTIONS_NON_DIRECTORY_FILE |
+					  0x00200000;
+
+	torture_comment(tctx, "creating a file with a empty sd\n");
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	handle = io.out.file.handle;
+
+	torture_comment(tctx, "get the original sd\n");
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.handle = handle;
+	q.query_secdesc.in.secinfo_flags =
+		SECINFO_OWNER |
+		SECINFO_GROUP |
+		SECINFO_DACL;
+	status = smb2_getinfo_file(tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * Testing the created DACL,
+	 * the server should add the inherited DACL
+	 * when SEC_DESC_DACL_PRESENT isn't specified
+	 */
+	if (!(q.query_secdesc.out.sd->type & SEC_DESC_DACL_PRESENT)) {
+		ret = false;
+		torture_fail_goto(tctx, done, "DACL_PRESENT flag not set by the server!\n");
+	}
+	if (q.query_secdesc.out.sd->dacl == NULL) {
+		ret = false;
+		torture_fail_goto(tctx, done, "no DACL has been created on the server!\n");
+	}
+
+	torture_comment(tctx, "set NULL DACL\n");
+	sd->type |= SEC_DESC_DACL_PRESENT;
+
+	s.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+	s.set_secdesc.in.file.handle = handle;
+	s.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+	s.set_secdesc.in.sd = sd;
+	status = smb2_setinfo_file(tree, &s);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "get the sd\n");
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.handle = handle;
+	q.query_secdesc.in.secinfo_flags =
+		SECINFO_OWNER |
+		SECINFO_GROUP |
+		SECINFO_DACL;
+	status = smb2_getinfo_file(tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Testing the modified DACL */
+	if (!(q.query_secdesc.out.sd->type & SEC_DESC_DACL_PRESENT)) {
+		ret = false;
+		torture_fail_goto(tctx, done, "DACL_PRESENT flag not set by the server!\n");
+	}
+	if (q.query_secdesc.out.sd->dacl != NULL) {
+		ret = false;
+		torture_fail_goto(tctx, done, "DACL has been created on the server!\n");
+	}
+
+	io.in.create_disposition = NTCREATEX_DISP_OPEN;
+
+	torture_comment(tctx, "try open for read control\n");
+	io.in.desired_access = SEC_STD_READ_CONTROL;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_ACCESS_FLAGS(io.out.file.handle,
+		SEC_STD_READ_CONTROL);
+	smb2_util_close(tree, io.out.file.handle);
+
+	torture_comment(tctx, "try open for write\n");
+	io.in.desired_access = SEC_FILE_WRITE_DATA;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_ACCESS_FLAGS(io.out.file.handle,
+		SEC_FILE_WRITE_DATA);
+	smb2_util_close(tree, io.out.file.handle);
+
+	torture_comment(tctx, "try open for read\n");
+	io.in.desired_access = SEC_FILE_READ_DATA;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_ACCESS_FLAGS(io.out.file.handle,
+		SEC_FILE_READ_DATA);
+	smb2_util_close(tree, io.out.file.handle);
+
+	torture_comment(tctx, "try open for generic write\n");
+	io.in.desired_access = SEC_GENERIC_WRITE;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_ACCESS_FLAGS(io.out.file.handle,
+		SEC_RIGHTS_FILE_WRITE);
+	smb2_util_close(tree, io.out.file.handle);
+
+	torture_comment(tctx, "try open for generic read\n");
+	io.in.desired_access = SEC_GENERIC_READ;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_ACCESS_FLAGS(io.out.file.handle,
+		SEC_RIGHTS_FILE_READ);
+	smb2_util_close(tree, io.out.file.handle);
+
+	torture_comment(tctx, "set DACL with 0 aces\n");
+	ZERO_STRUCT(dacl);
+	dacl.revision = SECURITY_ACL_REVISION_NT4;
+	dacl.num_aces = 0;
+	sd->dacl = &dacl;
+
+	s.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+	s.set_secdesc.in.file.handle = handle;
+	s.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+	s.set_secdesc.in.sd = sd;
+	status = smb2_setinfo_file(tree, &s);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "get the sd\n");
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.handle = handle;
+	q.query_secdesc.in.secinfo_flags =
+		SECINFO_OWNER |
+		SECINFO_GROUP |
+		SECINFO_DACL;
+	status = smb2_getinfo_file(tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Testing the modified DACL */
+	if (!(q.query_secdesc.out.sd->type & SEC_DESC_DACL_PRESENT)) {
+		ret = false;
+		torture_fail_goto(tctx, done, "DACL_PRESENT flag not set by the server!\n");
+	}
+	if (q.query_secdesc.out.sd->dacl == NULL) {
+		ret = false;
+		torture_fail_goto(tctx, done, "no DACL has been created on the server!\n");
+	}
+	if (q.query_secdesc.out.sd->dacl->num_aces != 0) {
+		torture_result(tctx, TORTURE_FAIL, "DACL has %u aces!\n",
+		       q.query_secdesc.out.sd->dacl->num_aces);
+		ret = false;
+		goto done;
+	}
+
+	torture_comment(tctx, "try open for read control\n");
+	io.in.desired_access = SEC_STD_READ_CONTROL;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_ACCESS_FLAGS(io.out.file.handle,
+		SEC_STD_READ_CONTROL);
+	smb2_util_close(tree, io.out.file.handle);
+
+	torture_comment(tctx, "try open for write => access_denied\n");
+	io.in.desired_access = SEC_FILE_WRITE_DATA;
+	status = smb2_create(tree, tctx, &io);
+	if (torture_setting_bool(tctx, "hide_on_access_denied", false)) {
+		CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+	} else {
+		CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+	}
+
+	torture_comment(tctx, "try open for read => access_denied\n");
+	io.in.desired_access = SEC_FILE_READ_DATA;
+	status = smb2_create(tree, tctx, &io);
+	if (torture_setting_bool(tctx, "hide_on_access_denied", false)) {
+		CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+	} else {
+		CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+	}
+
+	torture_comment(tctx, "try open for generic write => access_denied\n");
+	io.in.desired_access = SEC_GENERIC_WRITE;
+	status = smb2_create(tree, tctx, &io);
+	if (torture_setting_bool(tctx, "hide_on_access_denied", false)) {
+		CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+	} else {
+		CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+	}
+
+	torture_comment(tctx, "try open for generic read => access_denied\n");
+	io.in.desired_access = SEC_GENERIC_READ;
+	status = smb2_create(tree, tctx, &io);
+	if (torture_setting_bool(tctx, "hide_on_access_denied", false)) {
+		CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+	} else {
+		CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+	}
+
+	torture_comment(tctx, "set empty sd\n");
+	sd->type &= ~SEC_DESC_DACL_PRESENT;
+	sd->dacl = NULL;
+
+	s.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+	s.set_secdesc.in.file.handle = handle;
+	s.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+	s.set_secdesc.in.sd = sd;
+	status = smb2_setinfo_file(tree, &s);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "get the sd\n");
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.handle = handle;
+	q.query_secdesc.in.secinfo_flags =
+		SECINFO_OWNER |
+		SECINFO_GROUP |
+		SECINFO_DACL;
+	status = smb2_getinfo_file(tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Testing the modified DACL */
+	if (!(q.query_secdesc.out.sd->type & SEC_DESC_DACL_PRESENT)) {
+		ret = false;
+		torture_fail_goto(tctx, done, "DACL_PRESENT flag not set by the server!\n");
+	}
+	if (q.query_secdesc.out.sd->dacl != NULL) {
+		ret = false;
+		torture_fail_goto(tctx, done, "DACL has been created on the server!\n");
+	}
+done:
+	smb2_util_close(tree, handle);
+	smb2_util_unlink(tree, fname);
+	smb2_tdis(tree);
+	smb2_logoff(tree->session);
+	return ret;
+}
+
+/*
+  test SMB2 mkdir with OPEN_IF on the same name twice.
+  Must use 2 connections to hit the race.
+*/
+
+static bool test_mkdir_dup(struct torture_context *tctx,
+				struct smb2_tree *tree)
+{
+	const char *fname = "mkdir_dup";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	struct smb2_tree **trees;
+	struct smb2_request **requests;
+	union smb_open *ios;
+	int i, num_files = 2;
+	int num_ok = 0;
+	int num_created = 0;
+	int num_existed = 0;
+
+	torture_comment(tctx,
+		"Testing SMB2 Create Directory with multiple connections\n");
+	trees = talloc_array(tctx, struct smb2_tree *, num_files);
+	requests = talloc_array(tctx, struct smb2_request *, num_files);
+	ios = talloc_array(tctx, union smb_open, num_files);
+	if ((tctx->ev == NULL) || (trees == NULL) || (requests == NULL) ||
+	    (ios == NULL)) {
+		torture_fail(tctx, ("talloc failed\n"));
+		ret = false;
+		goto done;
+	}
+
+	tree->session->transport->options.request_timeout = 60;
+
+	for (i=0; i<num_files; i++) {
+		if (!torture_smb2_connection(tctx, &(trees[i]))) {
+			torture_fail(tctx,
+				talloc_asprintf(tctx,
+					"Could not open %d'th connection\n", i));
+			ret = false;
+			goto done;
+		}
+		trees[i]->session->transport->options.request_timeout = 60;
+	}
+
+	/* cleanup */
+	smb2_util_unlink(tree, fname);
+	smb2_util_rmdir(tree, fname);
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE|
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+	io.smb2.in.create_flags = 0;
+
+	for (i=0; i<num_files; i++) {
+		ios[i] = io;
+		requests[i] = smb2_create_send(trees[i], &(ios[i].smb2));
+		if (requests[i] == NULL) {
+			torture_fail(tctx,
+				talloc_asprintf(tctx,
+				"could not send %d'th request\n", i));
+			ret = false;
+			goto done;
+		}
+	}
+
+	torture_comment(tctx, "waiting for replies\n");
+	while (1) {
+		bool unreplied = false;
+		for (i=0; i<num_files; i++) {
+			if (requests[i] == NULL) {
+				continue;
+			}
+			if (requests[i]->state < SMB2_REQUEST_DONE) {
+				unreplied = true;
+				break;
+			}
+			status = smb2_create_recv(requests[i], tctx,
+						  &(ios[i].smb2));
+
+			if (NT_STATUS_IS_OK(status)) {
+				num_ok += 1;
+
+				if (ios[i].smb2.out.create_action ==
+						NTCREATEX_ACTION_CREATED) {
+					num_created++;
+				}
+				if (ios[i].smb2.out.create_action ==
+						NTCREATEX_ACTION_EXISTED) {
+					num_existed++;
+				}
+			} else {
+				torture_fail(tctx,
+					talloc_asprintf(tctx,
+					"File %d returned status %s\n", i,
+					nt_errstr(status)));
+			}
+
+
+			requests[i] = NULL;
+		}
+		if (!unreplied) {
+			break;
+		}
+
+		if (tevent_loop_once(tctx->ev) != 0) {
+			torture_fail(tctx, "tevent_loop_once failed\n");
+			ret = false;
+			goto done;
+		}
+	}
+
+	if (num_ok != 2) {
+		torture_fail(tctx,
+			talloc_asprintf(tctx,
+			"num_ok == %d\n", num_ok));
+		ret = false;
+	}
+	if (num_created != 1) {
+		torture_fail(tctx,
+			talloc_asprintf(tctx,
+			"num_created == %d\n", num_created));
+		ret = false;
+	}
+	if (num_existed != 1) {
+		torture_fail(tctx,
+			talloc_asprintf(tctx,
+			"num_existed == %d\n", num_existed));
+		ret = false;
+	}
+done:
+	smb2_deltree(tree, fname);
+
+	return ret;
+}
+
+/*
+  test directory creation with an initial allocation size > 0
+*/
+static bool test_dir_alloc_size(struct torture_context *tctx,
+				struct smb2_tree *tree)
+{
+	bool ret = true;
+	const char *dname = DNAME "\\torture_alloc_size.dir";
+	NTSTATUS status;
+	struct smb2_create c;
+	struct smb2_handle h1 = {{0}}, h2;
+
+	torture_comment(tctx, "Checking initial allocation size on directories\n");
+
+	smb2_deltree(tree, dname);
+
+	status = torture_smb2_testdir(tree, DNAME, &h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "torture_smb2_testdir failed");
+
+	ZERO_STRUCT(c);
+	c.in.create_disposition = NTCREATEX_DISP_CREATE;
+	c.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED;
+	c.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
+	c.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	c.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	c.in.fname = dname;
+	/*
+	 * An insanely large value so we can check the value is
+	 * ignored: Samba either returns 0 (current behaviour), or,
+	 * once vfswrap_get_alloc_size() is fixed to allow retrieving
+	 * the allocated size for directories, returns
+	 * smb_roundup(..., stat.st_size) which would be 1 MB by
+	 * default.
+	 *
+	 * Windows returns 0 for empty directories, once directories
+	 * have a few entries it starts replying with values > 0.
+	 */
+	c.in.alloc_size = 1024*1024*1024;
+
+	status = smb2_create(tree, tctx, &c);
+	h2 = c.out.file.handle;
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"dir create with initial alloc size failed");
+
+	smb2_util_close(tree, h2);
+
+	torture_comment(tctx, "Got directory alloc size: %ju\n", (uintmax_t)c.out.alloc_size);
+
+	/*
+	 * See above for the rational for this test
+	 */
+	if (c.out.alloc_size > 1024*1024) {
+		torture_fail_goto(tctx, done, talloc_asprintf(tctx, "bad alloc size: %ju",
+							      (uintmax_t)c.out.alloc_size));
+	}
+
+done:
+	if (!smb2_util_handle_empty(h1)) {
+		smb2_util_close(tree, h1);
+	}
+	smb2_deltree(tree, DNAME);
+	return ret;
+}
+
+static bool test_twrp_write(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	struct smb2_create io;
+	struct smb2_handle h1 = {{0}};
+	NTSTATUS status;
+	bool ret = true;
+	char *p = NULL;
+	struct tm tm;
+	time_t t;
+	uint64_t nttime;
+	const char *file = NULL;
+	const char *snapshot = NULL;
+	uint32_t expected_access;
+	union smb_fileinfo getinfo;
+	union smb_setfileinfo setinfo;
+	struct security_descriptor *sd = NULL, *sd_orig = NULL;
+	const char *owner_sid = NULL;
+	struct create_disps_tests {
+		const char *file;
+		uint32_t create_disposition;
+		uint32_t create_options;
+		NTSTATUS expected_status;
+	};
+	struct create_disps_tests *cd_test = NULL;
+
+	file = torture_setting_string(tctx, "twrp_file", NULL);
+	if (file == NULL) {
+		torture_skip(tctx, "missing 'twrp_file' option\n");
+	}
+
+	snapshot = torture_setting_string(tctx, "twrp_snapshot", NULL);
+	if (snapshot == NULL) {
+		torture_skip(tctx, "missing 'twrp_snapshot' option\n");
+	}
+
+	torture_comment(tctx, "Testing timewarp (%s) (%s)\n", file, snapshot);
+
+	setenv("TZ", "GMT", 1);
+
+	/* strptime does not set tm.tm_isdst but mktime assumes DST is in
+	 * effect if it is greater than 1. */
+	ZERO_STRUCT(tm);
+
+	p = strptime(snapshot, "@GMT-%Y.%m.%d-%H.%M.%S", &tm);
+	torture_assert_goto(tctx, p != NULL, ret, done, "strptime\n");
+	torture_assert_goto(tctx, *p == '\0', ret, done, "strptime\n");
+
+	t = mktime(&tm);
+	unix_to_nt_time(&nttime, t);
+
+	io = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_READ_DATA,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.fname = file,
+		.in.query_maximal_access = true,
+		.in.timewarp = nttime,
+	};
+
+	status = smb2_create(tree, tctx, &io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create\n");
+	smb2_util_close(tree, io.out.file.handle);
+
+	expected_access = SEC_RIGHTS_FILE_ALL &
+				~(SEC_FILE_EXECUTE | SEC_DIR_DELETE_CHILD);
+
+	torture_assert_int_equal_goto(tctx,
+				      io.out.maximal_access & expected_access,
+				      expected_access,
+				      ret, done, "Bad access\n");
+
+	{
+		/*
+		 * Test create dispositions
+		 */
+		struct create_disps_tests cd_tests[] = {
+			{
+				.file = file,
+				.create_disposition = NTCREATEX_DISP_OPEN,
+				.expected_status = NT_STATUS_OK,
+			},
+			{
+				.file = file,
+				.create_disposition = NTCREATEX_DISP_OPEN_IF,
+				.expected_status = NT_STATUS_OK,
+			},
+			{
+				.file = file,
+				.create_disposition = NTCREATEX_DISP_OVERWRITE,
+				.expected_status = NT_STATUS_MEDIA_WRITE_PROTECTED,
+			},
+			{
+				.file = file,
+				.create_disposition = NTCREATEX_DISP_OVERWRITE_IF,
+				.expected_status = NT_STATUS_MEDIA_WRITE_PROTECTED,
+			},
+			{
+				.file = file,
+				.create_disposition = NTCREATEX_DISP_SUPERSEDE,
+				.expected_status = NT_STATUS_MEDIA_WRITE_PROTECTED,
+			},
+			{
+				.file = "newfile",
+				.create_disposition = NTCREATEX_DISP_OPEN_IF,
+				.expected_status = NT_STATUS_MEDIA_WRITE_PROTECTED,
+			},
+			{
+				.file = "newfile",
+				.create_disposition = NTCREATEX_DISP_OVERWRITE_IF,
+				.expected_status = NT_STATUS_MEDIA_WRITE_PROTECTED,
+			},
+			{
+				.file = "newfile",
+				.create_disposition = NTCREATEX_DISP_CREATE,
+				.expected_status = NT_STATUS_MEDIA_WRITE_PROTECTED,
+			},
+			{
+				.file = "newfile",
+				.create_disposition = NTCREATEX_DISP_SUPERSEDE,
+				.expected_status = NT_STATUS_MEDIA_WRITE_PROTECTED,
+			},
+			{
+				.file = "newdir",
+				.create_disposition = NTCREATEX_DISP_OPEN_IF,
+				.create_options = NTCREATEX_OPTIONS_DIRECTORY,
+				.expected_status = NT_STATUS_MEDIA_WRITE_PROTECTED,
+			},
+			{
+				.file = "newdir",
+				.create_disposition = NTCREATEX_DISP_CREATE,
+				.create_options = NTCREATEX_OPTIONS_DIRECTORY,
+				.expected_status = NT_STATUS_MEDIA_WRITE_PROTECTED,
+			},
+			{
+				.file = NULL,
+			},
+		};
+
+		for (cd_test = &cd_tests[0]; cd_test->file != NULL; cd_test++) {
+			io = (struct smb2_create) {
+				.in.fname = cd_test->file,
+				.in.create_disposition = cd_test->create_disposition,
+				.in.create_options = cd_test->create_options,
+
+				.in.desired_access = SEC_FILE_READ_DATA,
+				.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+				.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+				.in.timewarp = nttime,
+			};
+
+			status = smb2_create(tree, tctx, &io);
+			torture_assert_ntstatus_equal_goto(
+				tctx, status, cd_test->expected_status, ret, done,
+				"Bad status\n");
+		}
+	}
+
+	io = (struct smb2_create) {
+		.in.desired_access = expected_access,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.fname = file,
+		.in.timewarp = nttime,
+	};
+
+	status = smb2_create(tree, tctx, &io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create\n");
+	h1 = io.out.file.handle;
+
+	status = smb2_util_write(tree, h1, "123", 0, 3);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+					   NT_STATUS_MEDIA_WRITE_PROTECTED,
+					   ret, done, "smb2_create\n");
+
+	/*
+	 * Verify access mask
+	 */
+
+	ZERO_STRUCT(getinfo);
+	getinfo.generic.level = RAW_FILEINFO_ACCESS_INFORMATION;
+	getinfo.generic.in.file.handle = h1;
+
+	status = smb2_getinfo_file(tree, tree, &getinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file\n");
+
+	torture_assert_int_equal_goto(
+		tctx,
+		getinfo.access_information.out.access_flags,
+		expected_access,
+		ret, done,
+		"Bad access mask\n");
+
+	/*
+	 * Check we can't set various things
+	 */
+
+	ZERO_STRUCT(getinfo);
+	getinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	getinfo.query_secdesc.in.file.handle = h1;
+	getinfo.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+
+	status = smb2_getinfo_file(tree, tctx, &getinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file\n");
+
+	sd_orig = getinfo.query_secdesc.out.sd;
+	owner_sid = dom_sid_string(tctx, sd_orig->owner_sid);
+
+	sd = security_descriptor_dacl_create(tctx,
+					     0, NULL, NULL,
+					     owner_sid,
+					     SEC_ACE_TYPE_ACCESS_ALLOWED,
+					     SEC_FILE_WRITE_DATA,
+					     0,
+					     NULL);
+
+	/* Try to set ACL */
+
+	ZERO_STRUCT(setinfo);
+	setinfo.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+	setinfo.set_secdesc.in.file.handle = h1;
+	setinfo.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+	setinfo.set_secdesc.in.sd = sd;
+
+	status = smb2_setinfo_file(tree, &setinfo);
+	torture_assert_ntstatus_equal_goto(
+		tctx,
+		status,
+		NT_STATUS_MEDIA_WRITE_PROTECTED,
+		ret, done,
+		"smb2_setinfo_file\n");
+
+	/* Try to delete */
+
+	ZERO_STRUCT(setinfo);
+	setinfo.generic.level = RAW_SFILEINFO_DISPOSITION_INFORMATION;
+	setinfo.disposition_info.in.delete_on_close = 1;
+	setinfo.generic.in.file.handle = h1;
+
+	status = smb2_setinfo_file(tree, &setinfo);
+	torture_assert_ntstatus_equal_goto(
+		tctx,
+		status,
+		NT_STATUS_MEDIA_WRITE_PROTECTED,
+		ret, done,
+		"smb2_setinfo_file\n");
+
+	ZERO_STRUCT(setinfo);
+	setinfo.basic_info.in.attrib = FILE_ATTRIBUTE_HIDDEN;
+	setinfo.generic.level = RAW_SFILEINFO_BASIC_INFORMATION;
+	setinfo.generic.in.file.handle = h1;
+
+	status = smb2_setinfo_file(tree, &setinfo);
+	torture_assert_ntstatus_equal_goto(
+		tctx,
+		status,
+		NT_STATUS_MEDIA_WRITE_PROTECTED,
+		ret, done,
+		"smb2_setinfo_file\n");
+
+	/* Try to truncate */
+
+	ZERO_STRUCT(setinfo);
+	setinfo.generic.level = SMB_SFILEINFO_END_OF_FILE_INFORMATION;
+	setinfo.generic.in.file.handle = h1;
+	setinfo.end_of_file_info.in.size = 0x100000;
+
+	status = smb2_setinfo_file(tree, &setinfo);
+	torture_assert_ntstatus_equal_goto(
+		tctx,
+		status,
+		NT_STATUS_MEDIA_WRITE_PROTECTED,
+		ret, done,
+		"smb2_setinfo_file\n");
+
+	/* Try to set a hardlink */
+
+	ZERO_STRUCT(setinfo);
+	setinfo.generic.level = RAW_SFILEINFO_LINK_INFORMATION;
+	setinfo.generic.in.file.handle = h1;
+	setinfo.link_information.in.new_name = "hardlink";
+
+	status = smb2_setinfo_file(tree, &setinfo);
+	torture_assert_ntstatus_equal_goto(
+		tctx,
+		status,
+		NT_STATUS_NOT_SAME_DEVICE,
+		ret, done,
+		"smb2_setinfo_file\n");
+
+	/* Try to rename */
+
+	ZERO_STRUCT(setinfo);
+	setinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	setinfo.rename_information.in.file.handle = h1;
+	setinfo.rename_information.in.new_name = "renamed";
+
+	status = smb2_setinfo_file(tree, &setinfo);
+	torture_assert_ntstatus_equal_goto(
+		tctx,
+		status,
+		NT_STATUS_NOT_SAME_DEVICE,
+		ret, done,
+		"smb2_setinfo_file\n");
+
+	smb2_util_close(tree, h1);
+	ZERO_STRUCT(h1);
+
+done:
+	if (!smb2_util_handle_empty(h1)) {
+		smb2_util_close(tree, h1);
+	}
+	return ret;
+}
+
+static bool test_twrp_stream(struct torture_context *tctx,
+			     struct smb2_tree *tree)
+{
+	struct smb2_create io;
+	NTSTATUS status;
+	bool ret = true;
+	char *p = NULL;
+	struct tm tm;
+	time_t t;
+	uint64_t nttime;
+	const char *file = NULL;
+	const char *stream = NULL;
+	const char *snapshot = NULL;
+	int stream_size;
+	char *path = NULL;
+	uint8_t *buf = NULL;
+	struct smb2_handle h1 = {{0}};
+	struct smb2_read r;
+
+	file = torture_setting_string(tctx, "twrp_file", NULL);
+	if (file == NULL) {
+		torture_skip(tctx, "missing 'twrp_file' option\n");
+	}
+
+	stream = torture_setting_string(tctx, "twrp_stream", NULL);
+	if (stream == NULL) {
+		torture_skip(tctx, "missing 'twrp_stream' option\n");
+	}
+
+	snapshot = torture_setting_string(tctx, "twrp_snapshot", NULL);
+	if (snapshot == NULL) {
+		torture_skip(tctx, "missing 'twrp_snapshot' option\n");
+	}
+
+	stream_size = torture_setting_int(tctx, "twrp_stream_size", 0);
+	if (stream_size == 0) {
+		torture_skip(tctx, "missing 'twrp_stream_size' option\n");
+	}
+
+	torture_comment(tctx, "Testing timewarp on stream (%s) (%s)\n",
+			file, snapshot);
+
+	path = talloc_asprintf(tree, "%s:%s", file, stream);
+	torture_assert_not_null_goto(tctx, path, ret, done, "path\n");
+
+	buf = talloc_zero_array(tree, uint8_t, stream_size);
+	torture_assert_not_null_goto(tctx, buf, ret, done, "buf\n");
+
+	setenv("TZ", "GMT", 1);
+
+	/* strptime does not set tm.tm_isdst but mktime assumes DST is in
+	 * effect if it is greater than 1. */
+	ZERO_STRUCT(tm);
+
+	p = strptime(snapshot, "@GMT-%Y.%m.%d-%H.%M.%S", &tm);
+	torture_assert_goto(tctx, p != NULL, ret, done, "strptime\n");
+	torture_assert_goto(tctx, *p == '\0', ret, done, "strptime\n");
+
+	t = mktime(&tm);
+	unix_to_nt_time(&nttime, t);
+
+	io = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_READ_DATA,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.fname = path,
+		.in.timewarp = nttime,
+	};
+
+	status = smb2_create(tree, tctx, &io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create\n");
+	h1 = io.out.file.handle;
+
+	r = (struct smb2_read) {
+		.in.file.handle = h1,
+		.in.length = stream_size,
+		.in.offset = 0,
+	};
+
+	status = smb2_read(tree, tree, &r);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create\n");
+
+	smb2_util_close(tree, h1);
+
+done:
+	return ret;
+}
+
+static bool test_twrp_openroot(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	struct smb2_create io;
+	NTSTATUS status;
+	bool ret = true;
+	char *p = NULL;
+	struct tm tm;
+	time_t t;
+	uint64_t nttime;
+	const char *snapshot = NULL;
+
+	snapshot = torture_setting_string(tctx, "twrp_snapshot", NULL);
+	if (snapshot == NULL) {
+		torture_skip(tctx, "missing 'twrp_snapshot' option\n");
+	}
+
+	torture_comment(tctx, "Testing open of root of "
+		"share with timewarp (%s)\n",
+		snapshot);
+
+	setenv("TZ", "GMT", 1);
+
+	/* strptime does not set tm.tm_isdst but mktime assumes DST is in
+	 * effect if it is greater than 1. */
+	ZERO_STRUCT(tm);
+
+	p = strptime(snapshot, "@GMT-%Y.%m.%d-%H.%M.%S", &tm);
+	torture_assert_goto(tctx, p != NULL, ret, done, "strptime\n");
+	torture_assert_goto(tctx, *p == '\0', ret, done, "strptime\n");
+
+	t = mktime(&tm);
+	unix_to_nt_time(&nttime, t);
+
+	io = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_READ_DATA,
+		.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.fname = "",
+		.in.create_options = NTCREATEX_OPTIONS_DIRECTORY,
+		.in.timewarp = nttime,
+	};
+
+	status = smb2_create(tree, tctx, &io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create\n");
+	smb2_util_close(tree, io.out.file.handle);
+
+done:
+	return ret;
+}
+
+static bool test_twrp_listdir(struct torture_context *tctx,
+			      struct smb2_tree *tree)
+{
+	struct smb2_create create;
+	struct smb2_handle h = {{0}};
+	struct smb2_find find;
+	unsigned int count;
+	union smb_search_data *d;
+	char *p = NULL;
+	struct tm tm;
+	time_t t;
+	uint64_t nttime;
+	const char *snapshot = NULL;
+	uint64_t normal_fileid;
+	uint64_t snapshot_fileid;
+	NTSTATUS status;
+	bool ret = true;
+
+	snapshot = torture_setting_string(tctx, "twrp_snapshot", NULL);
+	if (snapshot == NULL) {
+		torture_fail(tctx, "missing 'twrp_snapshot' option\n");
+	}
+
+	torture_comment(tctx, "Testing File-Ids of directory listing "
+			"with timewarp (%s)\n",
+			snapshot);
+
+	setenv("TZ", "GMT", 1);
+
+	/* strptime does not set tm.tm_isdst but mktime assumes DST is in
+	 * effect if it is greater than 1. */
+	ZERO_STRUCT(tm);
+
+	p = strptime(snapshot, "@GMT-%Y.%m.%d-%H.%M.%S", &tm);
+	torture_assert_goto(tctx, p != NULL, ret, done, "strptime\n");
+	torture_assert_goto(tctx, *p == '\0', ret, done, "strptime\n");
+
+	t = mktime(&tm);
+	unix_to_nt_time(&nttime, t);
+
+	/*
+	 * 1: Query the file's File-Id
+	 */
+	create = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_READ_DATA,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.fname = "subdir/hardlink",
+		.in.query_on_disk_id = true,
+	};
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"test file could not be created\n");
+	smb2_util_close(tree, create.out.file.handle);
+	normal_fileid = BVAL(&create.out.on_disk_id, 0);
+
+	/*
+	 * 2: check directory listing of the file returns same File-Id
+	 */
+
+	create = (struct smb2_create) {
+		.in.desired_access = SEC_DIR_LIST,
+		.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.fname = "subdir",
+		.in.create_options = NTCREATEX_OPTIONS_DIRECTORY,
+	};
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create\n");
+	h = create.out.file.handle;
+
+	find = (struct smb2_find) {
+		.in.file.handle = h,
+		.in.pattern = "*",
+		.in.max_response_size = 0x1000,
+		.in.level = SMB2_FIND_ID_BOTH_DIRECTORY_INFO,
+	};
+
+	status = smb2_find_level(tree, tree, &find, &count, &d);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_find_level failed\n");
+
+	smb2_util_close(tree, h);
+
+	torture_assert_int_equal_goto(tctx, count, 3, ret, done, "Bad count\n");
+	torture_assert_str_equal_goto(tctx,
+				      d[2].id_both_directory_info.name.s,
+				      "hardlink",
+				      ret, done, "bad name");
+	torture_assert_u64_equal_goto(tctx,
+				      d[2].id_both_directory_info.file_id,
+				      normal_fileid,
+				      ret, done, "bad fileid\n");
+
+	/*
+	 * 3: Query File-Id of snapshot of the file and check the File-Id is
+	 * different compared to the basefile
+	 */
+
+	create = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_READ_DATA,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.fname = "subdir/hardlink",
+		.in.query_on_disk_id = true,
+		.in.timewarp = nttime,
+	};
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"test file could not be created\n");
+	smb2_util_close(tree, create.out.file.handle);
+
+	snapshot_fileid = BVAL(&create.out.on_disk_id, 0);
+
+	/*
+	 * 4: List directory of the snapshot and check the File-Id returned here
+	 * is the same as in 3.
+	 */
+
+	create = (struct smb2_create) {
+		.in.desired_access = SEC_DIR_LIST,
+		.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.fname = "subdir",
+		.in.create_options = NTCREATEX_OPTIONS_DIRECTORY,
+		.in.timewarp = nttime,
+	};
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create\n");
+	h = create.out.file.handle;
+
+	find = (struct smb2_find) {
+		.in.file.handle = h,
+		.in.pattern = "*",
+		.in.max_response_size = 0x1000,
+		.in.level = SMB2_FIND_ID_BOTH_DIRECTORY_INFO,
+	};
+
+	status = smb2_find_level(tree, tree, &find, &count, &d);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_find_level failed\n");
+	smb2_util_close(tree, h);
+
+	torture_assert_int_equal_goto(tctx, count, 3, ret, done, "Bad count\n");
+	torture_assert_str_equal_goto(tctx,
+				      d[2].id_both_directory_info.name.s,
+				      "hardlink",
+				      ret, done, "bad name");
+	torture_assert_u64_equal_goto(tctx,
+				      snapshot_fileid,
+				      d[2].id_both_directory_info.file_id,
+				      ret, done, "bad fileid\n");
+
+done:
+	return ret;
+}
+
+static bool test_fileid(struct torture_context *tctx,
+			struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	const char *fname = DNAME "\\foo";
+	const char *sname = DNAME "\\foo:bar";
+	struct smb2_handle testdirh;
+	struct smb2_handle h1;
+	struct smb2_create create;
+	union smb_fileinfo finfo;
+	union smb_setfileinfo sinfo;
+	struct smb2_find f;
+	unsigned int count;
+	union smb_search_data *d;
+	uint64_t expected_fileid;
+	uint64_t returned_fileid;
+	NTSTATUS status;
+	bool ret = true;
+
+	smb2_deltree(tree, DNAME);
+
+	status = torture_smb2_testdir(tree, DNAME, &testdirh);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testdir failed\n");
+
+	/*
+	 * Initial create with QFID
+	 */
+	create = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_ALL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.create_disposition = NTCREATEX_DISP_OPEN_IF,
+		.in.fname = fname,
+		.in.query_on_disk_id = true,
+	};
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"test file could not be created\n");
+	h1 = create.out.file.handle;
+	expected_fileid = BVAL(&create.out.on_disk_id, 0);
+
+	/*
+	 * Getinfo the File-ID on the just opened handle
+	 */
+	finfo = (union smb_fileinfo) {
+		.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION,
+		.generic.in.file.handle = h1,
+	};
+
+	status = smb2_getinfo_file(tree, tctx, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testdir\n");
+	smb2_util_close(tree, h1);
+	torture_assert_u64_equal_goto(tctx, finfo.all_info2.out.file_id,
+				      expected_fileid,
+				      ret, done, "bad fileid\n");
+
+	/*
+	 * Open existing with QFID
+	 */
+	create = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_ALL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.fname = fname,
+		.in.query_on_disk_id = true,
+	};
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"test file could not be created\n");
+	h1 = create.out.file.handle;
+	returned_fileid = BVAL(&create.out.on_disk_id, 0);
+	torture_assert_u64_equal_goto(tctx, returned_fileid, expected_fileid,
+				      ret, done, "bad fileid\n");
+
+	/*
+	 * Getinfo the File-ID on the just opened handle
+	 */
+	finfo = (union smb_fileinfo) {
+		.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION,
+		.generic.in.file.handle = h1,
+	};
+
+	status = smb2_getinfo_file(tree, tctx, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testdir\n");
+	smb2_util_close(tree, h1);
+	torture_assert_u64_equal_goto(tctx, finfo.all_info2.out.file_id,
+				      expected_fileid,
+				      ret, done, "bad fileid\n");
+
+	/*
+	 * Overwrite with QFID
+	 */
+	create = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_ALL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.create_disposition = NTCREATEX_DISP_OVERWRITE,
+		.in.fname = fname,
+		.in.query_on_disk_id = true,
+	};
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"test file could not be created\n");
+	h1 = create.out.file.handle;
+	returned_fileid = BVAL(&create.out.on_disk_id, 0);
+	torture_assert_u64_equal_goto(tctx, returned_fileid, expected_fileid,
+				      ret, done, "bad fileid\n");
+
+	/*
+	 * Getinfo the File-ID on the open with overwrite handle
+	 */
+	finfo = (union smb_fileinfo) {
+		.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION,
+		.generic.in.file.handle = h1,
+	};
+
+	status = smb2_getinfo_file(tree, tctx, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testdir\n");
+	smb2_util_close(tree, h1);
+	torture_assert_u64_equal_goto(tctx, finfo.all_info2.out.file_id,
+				      expected_fileid,
+				      ret, done, "bad fileid\n");
+
+	/*
+	 * Do some modifications on the basefile (IO, setinfo), verifying
+	 * File-ID after each step.
+	 */
+	create = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_ALL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.fname = fname,
+		.in.query_on_disk_id = true,
+	};
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"test file could not be created\n");
+	h1 = create.out.file.handle;
+
+	status = smb2_util_write(tree, h1, "foo", 0, strlen("foo"));
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_write failed\n");
+
+	finfo = (union smb_fileinfo) {
+		.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION,
+		.generic.in.file.handle = h1,
+	};
+	status = smb2_getinfo_file(tree, tctx, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed\n");
+	torture_assert_u64_equal_goto(tctx, finfo.all_info2.out.file_id,
+				      expected_fileid,
+				      ret, done, "bad fileid\n");
+
+	sinfo = (union smb_setfileinfo) {
+		.basic_info.level = RAW_SFILEINFO_BASIC_INFORMATION,
+		.basic_info.in.file.handle = h1,
+	};
+	unix_to_nt_time(&sinfo.basic_info.in.write_time, time(NULL));
+
+	status = smb2_setinfo_file(tree, &sinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_setinfo_file failed\n");
+
+	finfo = (union smb_fileinfo) {
+		.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION,
+		.generic.in.file.handle = h1,
+	};
+	status = smb2_getinfo_file(tree, tctx, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed\n");
+	smb2_util_close(tree, h1);
+	torture_assert_u64_equal_goto(tctx, finfo.all_info2.out.file_id,
+				      expected_fileid,
+				      ret, done, "bad fileid\n");
+
+	/*
+	 * Create stream, check the stream's File-ID, should be the same as the
+	 * base file (sic!, tested against Windows).
+	 */
+	create = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_ALL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.create_disposition = NTCREATEX_DISP_CREATE,
+		.in.fname = sname,
+		.in.query_on_disk_id = true,
+	};
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"test file could not be created\n");
+	h1 = create.out.file.handle;
+	returned_fileid = BVAL(&create.out.on_disk_id, 0);
+	torture_assert_u64_equal_goto(tctx, returned_fileid, expected_fileid,
+				      ret, done, "bad fileid\n");
+
+	/*
+	 * Getinfo the File-ID on the created stream
+	 */
+	finfo = (union smb_fileinfo) {
+		.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION,
+		.generic.in.file.handle = h1,
+	};
+
+	status = smb2_getinfo_file(tree, tctx, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed\n");
+	smb2_util_close(tree, h1);
+	torture_assert_u64_equal_goto(tctx, finfo.all_info2.out.file_id,
+				      expected_fileid,
+				      ret, done, "bad fileid\n");
+
+	/*
+	 * Open stream, check the stream's File-ID, should be the same as the
+	 * base file (sic!, tested against Windows).
+	 */
+	create = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_ALL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.fname = sname,
+		.in.query_on_disk_id = true,
+	};
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"test file could not be created\n");
+	h1 = create.out.file.handle;
+	returned_fileid = BVAL(&create.out.on_disk_id, 0);
+	torture_assert_u64_equal_goto(tctx, returned_fileid, expected_fileid,
+				      ret, done, "bad fileid\n");
+
+	/*
+	 * Getinfo the File-ID on the opened stream
+	 */
+	finfo = (union smb_fileinfo) {
+		.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION,
+		.generic.in.file.handle = h1,
+	};
+
+	status = smb2_getinfo_file(tree, tctx, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed\n");
+	smb2_util_close(tree, h1);
+	torture_assert_u64_equal_goto(tctx, finfo.all_info2.out.file_id,
+				      expected_fileid,
+				      ret, done, "bad fileid\n");
+
+	/*
+	 * Overwrite stream, check the stream's File-ID, should be the same as
+	 * the base file (sic!, tested against Windows).
+	 */
+	create = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_ALL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.create_disposition = NTCREATEX_DISP_OVERWRITE,
+		.in.fname = sname,
+		.in.query_on_disk_id = true,
+	};
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"test file could not be created\n");
+	h1 = create.out.file.handle;
+	returned_fileid = BVAL(&create.out.on_disk_id, 0);
+	torture_assert_u64_equal_goto(tctx, returned_fileid, expected_fileid,
+				      ret, done, "bad fileid\n");
+
+	/*
+	 * Getinfo the File-ID on the overwritten stream
+	 */
+	finfo = (union smb_fileinfo) {
+		.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION,
+		.generic.in.file.handle = h1,
+	};
+
+	status = smb2_getinfo_file(tree, tctx, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed\n");
+	smb2_util_close(tree, h1);
+	torture_assert_u64_equal_goto(tctx, finfo.all_info2.out.file_id,
+				      expected_fileid,
+				      ret, done, "bad fileid\n");
+
+	/*
+	 * Do some modifications on the stream (IO, setinfo), verifying File-ID
+	 * after each step.
+	 */
+	create = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_ALL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.fname = sname,
+		.in.query_on_disk_id = true,
+	};
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"test file could not be created\n");
+	h1 = create.out.file.handle;
+
+	status = smb2_util_write(tree, h1, "foo", 0, strlen("foo"));
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_write failed\n");
+
+	finfo = (union smb_fileinfo) {
+		.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION,
+		.generic.in.file.handle = h1,
+	};
+	status = smb2_getinfo_file(tree, tctx, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed\n");
+	torture_assert_u64_equal_goto(tctx, finfo.all_info2.out.file_id,
+				      expected_fileid,
+				      ret, done, "bad fileid\n");
+
+	sinfo = (union smb_setfileinfo) {
+		.basic_info.level = RAW_SFILEINFO_BASIC_INFORMATION,
+		.basic_info.in.file.handle = h1,
+	};
+	unix_to_nt_time(&sinfo.basic_info.in.write_time, time(NULL));
+
+	status = smb2_setinfo_file(tree, &sinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_setinfo_file failed\n");
+
+	finfo = (union smb_fileinfo) {
+		.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION,
+		.generic.in.file.handle = h1,
+	};
+	status = smb2_getinfo_file(tree, tctx, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed\n");
+	smb2_util_close(tree, h1);
+	torture_assert_u64_equal_goto(tctx, finfo.all_info2.out.file_id,
+				      expected_fileid,
+				      ret, done, "bad fileid\n");
+
+	/*
+	 * Final open of the basefile with QFID
+	 */
+	create = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_ALL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.fname = fname,
+		.in.query_on_disk_id = true,
+	};
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"test file could not be created\n");
+	h1 = create.out.file.handle;
+	returned_fileid = BVAL(&create.out.on_disk_id, 0);
+	torture_assert_u64_equal_goto(tctx, returned_fileid, expected_fileid,
+				      ret, done, "bad fileid\n");
+
+	/*
+	 * Final Getinfo checking File-ID
+	 */
+	finfo = (union smb_fileinfo) {
+		.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION,
+		.generic.in.file.handle = h1,
+	};
+
+	status = smb2_getinfo_file(tree, tctx, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testdir\n");
+	smb2_util_close(tree, h1);
+	torture_assert_u64_equal_goto(tctx, finfo.all_info2.out.file_id,
+				      expected_fileid,
+				      ret, done, "bad fileid\n");
+
+	/*
+	 * Final list directory, verifying the operations on basefile and stream
+	 * didn't modify the base file metadata.
+	 */
+	f = (struct smb2_find) {
+		.in.file.handle = testdirh,
+		.in.pattern = "foo",
+		.in.max_response_size = 0x1000,
+		.in.level = SMB2_FIND_ID_BOTH_DIRECTORY_INFO,
+		.in.continue_flags = SMB2_CONTINUE_FLAG_RESTART,
+	};
+
+	status = smb2_find_level(tree, tree, &f, &count, &d);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_find_level failed\n");
+	torture_assert_u64_equal_goto(tctx,
+				      d->id_both_directory_info.file_id,
+				      expected_fileid,
+				      ret, done, "bad fileid\n");
+
+done:
+	smb2_util_close(tree, testdirh);
+	smb2_deltree(tree, DNAME);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool test_fileid_dir(struct torture_context *tctx,
+			    struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	const char *dname = DNAME "\\foo";
+	const char *sname = DNAME "\\foo:bar";
+	struct smb2_handle testdirh;
+	struct smb2_handle h1;
+	struct smb2_create create;
+	union smb_fileinfo finfo;
+	union smb_setfileinfo sinfo;
+	struct smb2_find f;
+	unsigned int count;
+	union smb_search_data *d;
+	uint64_t expected_fileid;
+	uint64_t returned_fileid;
+	NTSTATUS status;
+	bool ret = true;
+
+	smb2_deltree(tree, DNAME);
+
+	status = torture_smb2_testdir(tree, DNAME, &testdirh);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testdir failed\n");
+
+	/*
+	 * Initial directory create with QFID
+	 */
+	create = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_ALL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.create_disposition = NTCREATEX_DISP_OPEN_IF,
+		.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY,
+		.in.create_options = NTCREATEX_OPTIONS_DIRECTORY,
+		.in.fname = dname,
+		.in.query_on_disk_id = true,
+	};
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"test file could not be created\n");
+	h1 = create.out.file.handle;
+	expected_fileid = BVAL(&create.out.on_disk_id, 0);
+
+	/*
+	 * Getinfo the File-ID on the just opened handle
+	 */
+	finfo = (union smb_fileinfo) {
+		.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION,
+		.generic.in.file.handle = h1,
+	};
+
+	status = smb2_getinfo_file(tree, tctx, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testdir\n");
+	smb2_util_close(tree, h1);
+	torture_assert_u64_equal_goto(tctx, finfo.all_info2.out.file_id,
+				      expected_fileid,
+				      ret, done, "bad fileid\n");
+
+	/*
+	 * Open existing directory with QFID
+	 */
+	create = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_ALL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY,
+		.in.create_options = NTCREATEX_OPTIONS_DIRECTORY,
+		.in.fname = dname,
+		.in.query_on_disk_id = true,
+	};
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"test file could not be created\n");
+	h1 = create.out.file.handle;
+	returned_fileid = BVAL(&create.out.on_disk_id, 0);
+	torture_assert_u64_equal_goto(tctx, returned_fileid, expected_fileid,
+				      ret, done, "bad fileid\n");
+
+	/*
+	 * Getinfo the File-ID on the just opened handle
+	 */
+	finfo = (union smb_fileinfo) {
+		.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION,
+		.generic.in.file.handle = h1,
+	};
+
+	status = smb2_getinfo_file(tree, tctx, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testdir\n");
+	smb2_util_close(tree, h1);
+	torture_assert_u64_equal_goto(tctx, finfo.all_info2.out.file_id,
+				      expected_fileid,
+				      ret, done, "bad fileid\n");
+
+	/*
+	 * Create stream, check the stream's File-ID, should be the same as the
+	 * base file (sic!, tested against Windows).
+	 */
+	create = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_ALL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.create_disposition = NTCREATEX_DISP_CREATE,
+		.in.fname = sname,
+		.in.query_on_disk_id = true,
+	};
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"test file could not be created\n");
+	h1 = create.out.file.handle;
+	returned_fileid = BVAL(&create.out.on_disk_id, 0);
+	torture_assert_u64_equal_goto(tctx, returned_fileid, expected_fileid,
+				      ret, done, "bad fileid\n");
+
+	/*
+	 * Getinfo the File-ID on the created stream
+	 */
+	finfo = (union smb_fileinfo) {
+		.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION,
+		.generic.in.file.handle = h1,
+	};
+
+	status = smb2_getinfo_file(tree, tctx, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed\n");
+	smb2_util_close(tree, h1);
+	torture_assert_u64_equal_goto(tctx, finfo.all_info2.out.file_id,
+				      expected_fileid,
+				      ret, done, "bad fileid\n");
+
+	/*
+	 * Open stream, check the stream's File-ID, should be the same as the
+	 * base file (sic!, tested against Windows).
+	 */
+	create = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_ALL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.fname = sname,
+		.in.query_on_disk_id = true,
+	};
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"test file could not be created\n");
+	h1 = create.out.file.handle;
+	returned_fileid = BVAL(&create.out.on_disk_id, 0);
+	torture_assert_u64_equal_goto(tctx, returned_fileid, expected_fileid,
+				      ret, done, "bad fileid\n");
+
+	/*
+	 * Getinfo the File-ID on the opened stream
+	 */
+	finfo = (union smb_fileinfo) {
+		.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION,
+		.generic.in.file.handle = h1,
+	};
+
+	status = smb2_getinfo_file(tree, tctx, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed\n");
+	smb2_util_close(tree, h1);
+	torture_assert_u64_equal_goto(tctx, finfo.all_info2.out.file_id,
+				      expected_fileid,
+				      ret, done, "bad fileid\n");
+
+	/*
+	 * Overwrite stream, check the stream's File-ID, should be the same as
+	 * the base file (sic!, tested against Windows).
+	 */
+	create = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_ALL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.create_disposition = NTCREATEX_DISP_OVERWRITE,
+		.in.fname = sname,
+		.in.query_on_disk_id = true,
+	};
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"test file could not be created\n");
+	h1 = create.out.file.handle;
+	returned_fileid = BVAL(&create.out.on_disk_id, 0);
+	torture_assert_u64_equal_goto(tctx, returned_fileid, expected_fileid,
+				      ret, done, "bad fileid\n");
+
+	/*
+	 * Getinfo the File-ID on the overwritten stream
+	 */
+	finfo = (union smb_fileinfo) {
+		.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION,
+		.generic.in.file.handle = h1,
+	};
+
+	status = smb2_getinfo_file(tree, tctx, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed\n");
+	smb2_util_close(tree, h1);
+	torture_assert_u64_equal_goto(tctx, finfo.all_info2.out.file_id,
+				      expected_fileid,
+				      ret, done, "bad fileid\n");
+
+	/*
+	 * Do some modifications on the stream (IO, setinfo), verifying File-ID
+	 * after each step.
+	 */
+	create = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_ALL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.fname = sname,
+		.in.query_on_disk_id = true,
+	};
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"test file could not be created\n");
+	h1 = create.out.file.handle;
+
+	status = smb2_util_write(tree, h1, "foo", 0, strlen("foo"));
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_write failed\n");
+
+	finfo = (union smb_fileinfo) {
+		.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION,
+		.generic.in.file.handle = h1,
+	};
+	status = smb2_getinfo_file(tree, tctx, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed\n");
+	torture_assert_u64_equal_goto(tctx, finfo.all_info2.out.file_id,
+				      expected_fileid,
+				      ret, done, "bad fileid\n");
+
+	sinfo = (union smb_setfileinfo) {
+		.basic_info.level = RAW_SFILEINFO_BASIC_INFORMATION,
+		.basic_info.in.file.handle = h1,
+	};
+	unix_to_nt_time(&sinfo.basic_info.in.write_time, time(NULL));
+
+	status = smb2_setinfo_file(tree, &sinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_setinfo_file failed\n");
+
+	finfo = (union smb_fileinfo) {
+		.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION,
+		.generic.in.file.handle = h1,
+	};
+	status = smb2_getinfo_file(tree, tctx, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed\n");
+	smb2_util_close(tree, h1);
+	torture_assert_u64_equal_goto(tctx, finfo.all_info2.out.file_id,
+				      expected_fileid,
+				      ret, done, "bad fileid\n");
+
+	/*
+	 * Final open of the directory with QFID
+	 */
+	create = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_ALL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY,
+		.in.create_options = NTCREATEX_OPTIONS_DIRECTORY,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.fname = dname,
+		.in.query_on_disk_id = true,
+	};
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"test file could not be created\n");
+	h1 = create.out.file.handle;
+	returned_fileid = BVAL(&create.out.on_disk_id, 0);
+	torture_assert_u64_equal_goto(tctx, returned_fileid, expected_fileid,
+				      ret, done, "bad fileid\n");
+
+	/*
+	 * Final Getinfo checking File-ID
+	 */
+	finfo = (union smb_fileinfo) {
+		.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION,
+		.generic.in.file.handle = h1,
+	};
+
+	status = smb2_getinfo_file(tree, tctx, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testdir\n");
+	smb2_util_close(tree, h1);
+	torture_assert_u64_equal_goto(tctx, finfo.all_info2.out.file_id,
+				      expected_fileid,
+				      ret, done, "bad fileid\n");
+
+	/*
+	 * Final list directory, verifying the operations on basefile and stream
+	 * didn't modify the base file metadata.
+	 */
+	f = (struct smb2_find) {
+		.in.file.handle = testdirh,
+		.in.pattern = "foo",
+		.in.max_response_size = 0x1000,
+		.in.level = SMB2_FIND_ID_BOTH_DIRECTORY_INFO,
+		.in.continue_flags = SMB2_CONTINUE_FLAG_RESTART,
+	};
+
+	status = smb2_find_level(tree, tree, &f, &count, &d);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_find_level failed\n");
+	torture_assert_u64_equal_goto(tctx,
+				      d->id_both_directory_info.file_id,
+				      expected_fileid,
+				      ret, done, "bad fileid\n");
+
+done:
+	smb2_util_close(tree, testdirh);
+	smb2_deltree(tree, DNAME);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool test_fileid_unique_object(
+			struct torture_context *tctx,
+			struct smb2_tree *tree,
+			unsigned int num_objs,
+			bool create_dirs)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char *fname = NULL;
+	struct smb2_handle testdirh;
+	struct smb2_handle h1;
+	struct smb2_create create;
+	unsigned int i;
+	uint64_t fileid_array[num_objs];
+	NTSTATUS status;
+	bool ret = true;
+
+	smb2_deltree(tree, DNAME);
+
+	status = torture_smb2_testdir(tree, DNAME, &testdirh);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"test_fileid_unique failed\n");
+	smb2_util_close(tree, testdirh);
+
+	/* Create num_obj files as rapidly as we can. */
+	for (i = 0; i < num_objs; i++) {
+		fname = talloc_asprintf(mem_ctx,
+					"%s\\testfile.%u",
+					DNAME,
+					i);
+		torture_assert_goto(tctx,
+				fname != NULL,
+				ret,
+				done,
+				"talloc failed\n");
+
+		create = (struct smb2_create) {
+			.in.desired_access = SEC_FILE_READ_ATTRIBUTE,
+			.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+			.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+			.in.create_disposition = NTCREATEX_DISP_CREATE,
+			.in.fname = fname,
+		};
+
+		if (create_dirs) {
+			create.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
+			create.in.create_options = FILE_DIRECTORY_FILE;
+		}
+
+		status = smb2_create(tree, tctx, &create);
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_fail(tctx,
+				talloc_asprintf(tctx,
+					"test file %s could not be created\n",
+					fname));
+			TALLOC_FREE(fname);
+			ret = false;
+			goto done;
+		}
+
+		h1 = create.out.file.handle;
+		smb2_util_close(tree, h1);
+		TALLOC_FREE(fname);
+	}
+
+	/*
+	 * Get the file ids.
+	 */
+	for (i = 0; i < num_objs; i++) {
+		union smb_fileinfo finfo;
+
+		fname = talloc_asprintf(mem_ctx,
+					"%s\\testfile.%u",
+					DNAME,
+					i);
+		torture_assert_goto(tctx,
+				fname != NULL,
+				ret,
+				done,
+				"talloc failed\n");
+
+		create = (struct smb2_create) {
+			.in.desired_access = SEC_FILE_READ_ATTRIBUTE,
+			.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+			.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+			.in.create_disposition = NTCREATEX_DISP_OPEN,
+			.in.fname = fname,
+		};
+
+		if (create_dirs) {
+			create.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
+			create.in.create_options = FILE_DIRECTORY_FILE;
+		}
+
+		status = smb2_create(tree, tctx, &create);
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_fail(tctx,
+				talloc_asprintf(tctx,
+					"test file %s could not "
+					"be opened: %s\n",
+					fname,
+					nt_errstr(status)));
+			TALLOC_FREE(fname);
+			ret = false;
+			goto done;
+		}
+
+		h1 = create.out.file.handle;
+
+		finfo = (union smb_fileinfo) {
+			.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION,
+			.generic.in.file.handle = h1,
+		};
+
+		status = smb2_getinfo_file(tree, tctx, &finfo);
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_fail(tctx,
+				talloc_asprintf(tctx,
+					"failed to get fileid for "
+					"test file %s: %s\n",
+					fname,
+					nt_errstr(status)));
+			TALLOC_FREE(fname);
+			ret = false;
+			goto done;
+		}
+		smb2_util_close(tree, h1);
+
+		fileid_array[i] = finfo.all_info2.out.file_id;
+		TALLOC_FREE(fname);
+	}
+
+	/* All returned fileids must be unique. 100 is small so brute force. */
+	for (i = 0; i < num_objs - 1; i++) {
+		unsigned int j;
+		for (j = i + 1; j < num_objs; j++) {
+			if (fileid_array[i] == fileid_array[j]) {
+				torture_fail(tctx,
+					talloc_asprintf(tctx,
+						"fileid %u == fileid %u (0x%"PRIu64")\n",
+						i,
+						j,
+						fileid_array[i]));
+				ret = false;
+				goto done;
+			}
+		}
+	}
+
+done:
+
+	smb2_util_close(tree, testdirh);
+	smb2_deltree(tree, DNAME);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool test_fileid_unique(
+			struct torture_context *tctx,
+			struct smb2_tree *tree)
+{
+	return test_fileid_unique_object(tctx, tree, 100, false);
+}
+
+static bool test_fileid_unique_dir(
+			struct torture_context *tctx,
+			struct smb2_tree *tree)
+{
+	return test_fileid_unique_object(tctx, tree, 100, true);
+}
+
+static bool test_dosattr_tmp_dir(struct torture_context *tctx,
+				 struct smb2_tree *tree)
+{
+	bool ret = true;
+	NTSTATUS status;
+	struct smb2_create c;
+	struct smb2_handle h1 = {{0}};
+	const char *fname = DNAME;
+
+	smb2_deltree(tree, fname);
+	smb2_util_rmdir(tree, fname);
+
+	c = (struct smb2_create) {
+		.in.desired_access = SEC_RIGHTS_DIR_ALL,
+		.in.file_attributes  = FILE_ATTRIBUTE_DIRECTORY,
+		.in.create_disposition = NTCREATEX_DISP_OPEN_IF,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+			NTCREATEX_SHARE_ACCESS_WRITE |
+			NTCREATEX_SHARE_ACCESS_DELETE,
+		.in.create_options = NTCREATEX_OPTIONS_DIRECTORY,
+		.in.fname = DNAME,
+	};
+
+	status = smb2_create(tree, tctx, &c);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create\n");
+	h1 = c.out.file.handle;
+
+	/* Try to set temporary attribute on directory */
+	SET_ATTRIB(FILE_ATTRIBUTE_TEMPORARY);
+
+	torture_assert_ntstatus_equal_goto(tctx, status,
+					   NT_STATUS_INVALID_PARAMETER,
+					   ret, done,
+					   "Unexpected setinfo result\n");
+
+done:
+	if (!smb2_util_handle_empty(h1)) {
+		smb2_util_close(tree, h1);
+	}
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, fname);
+
+	return ret;
+}
+
+/*
+  test opening quota fakefile handle and returned attributes
+*/
+static bool test_smb2_open_quota_fake_file(struct torture_context *tctx,
+					   struct smb2_tree *tree)
+{
+	const char *fname = "$Extend\\$Quota:$Q:$INDEX_ALLOCATION";
+	struct smb2_create create;
+	struct smb2_handle h = {{0}};
+	NTSTATUS status;
+	bool ret = true;
+
+	create = (struct smb2_create) {
+		.in.desired_access = SEC_RIGHTS_FILE_READ,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS,
+		.in.fname = fname,
+	};
+
+	status = smb2_create(tree, tree, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	h = create.out.file.handle;
+
+	torture_assert_u64_equal_goto(tctx,
+				      create.out.file_attr,
+				      FILE_ATTRIBUTE_HIDDEN
+				      | FILE_ATTRIBUTE_SYSTEM
+				      | FILE_ATTRIBUTE_DIRECTORY
+				      | FILE_ATTRIBUTE_ARCHIVE,
+				      ret,
+				      done,
+				      "Wrong attributes\n");
+
+	torture_assert_u64_equal_goto(tctx,
+				      create.out.create_time, 0,
+				      ret,
+				      done,
+				      "create_time is not 0\n");
+	torture_assert_u64_equal_goto(tctx,
+				      create.out.access_time, 0,
+				      ret,
+				      done,
+				      "access_time is not 0\n");
+	torture_assert_u64_equal_goto(tctx,
+				      create.out.write_time, 0,
+				      ret,
+				      done,
+				      "write_time is not 0\n");
+	torture_assert_u64_equal_goto(tctx,
+				      create.out.change_time, 0,
+				      ret,
+				      done,
+				      "change_time is not 0\n");
+
+done:
+	smb2_util_close(tree, h);
+	return ret;
+}
+
+/**
+  Find Maximum Path Length
+ */
+static bool generate_path(const size_t len,
+			  char *buffer,
+			  const size_t buf_len)
+{
+	size_t i;
+
+	if (len >= buf_len) {
+		return false;
+	}
+
+	for (i = 0; i < len ; i++) {
+		buffer[i] = (char)(i % 10) + 48;
+	}
+	buffer[i] = '\0';
+	return true;
+}
+
+static bool test_path_length_test(struct torture_context *tctx,
+				  struct smb2_tree *tree)
+{
+	const size_t max_name = 2048;
+	char *name = talloc_array(tctx, char, max_name);
+	struct smb2_handle fh = {{0}};
+	size_t length = 128;
+	size_t max_file_name = 0;
+	size_t max_path_length = 0;
+	char *path_ok = NULL;
+	char *path_next = NULL;
+	char *topdir = NULL;
+	bool is_interactive = torture_setting_bool(tctx, "interactive", false);
+	NTSTATUS status;
+	bool ret = true;
+
+	if (!is_interactive) {
+		torture_result(tctx, TORTURE_SKIP,
+			       "Interactive Test: Skipping... "
+			       "(enable with --interactive)\n");
+		return ret;
+	}
+
+	torture_comment(tctx, "Testing filename and path lengths\n");
+
+	/* Find Longest File Name */
+	for (length = 128; length < max_name; length++) {
+		if (!generate_path(length, name, max_name))  {
+			torture_result(tctx, TORTURE_FAIL,
+				       "Failed to generate path.");
+			return false;
+		}
+
+		status = torture_smb2_testfile(tree, name, &fh);
+		if (!NT_STATUS_IS_OK(status)) {
+			break;
+		}
+
+		smb2_util_close(tree, fh);
+		smb2_util_unlink(tree, name);
+
+		max_file_name = length;
+	}
+
+	torture_assert_int_not_equal_goto(tctx, length, max_name, ret, done,
+					  "Name too big\n");
+
+	torture_comment(tctx, "Max file name length: %zu\n", max_file_name);
+
+	/* Remove one char that caused the failure above */
+	name[max_file_name] = '\0';
+
+	path_ok = talloc_strdup(tree, name);
+	torture_assert_not_null_goto(tctx, path_ok, ret, done,
+				     "talloc_strdup failed\n");
+
+	topdir = talloc_strdup(tree, name);
+	torture_assert_not_null_goto(tctx, topdir, ret, done,
+				     "talloc_strdup failed\n");
+
+	status = smb2_util_mkdir(tree, path_ok);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "mkdir [%s] failed: %s\n",
+				path_ok, nt_errstr(status));
+		torture_result(tctx, TORTURE_FAIL, "Initial mkdir failed");
+		return false;
+	}
+
+	while (true) {
+		path_next = talloc_asprintf(tctx, "%s\\%s", path_ok, name);
+		torture_assert_not_null_goto(tctx, path_next, ret, done,
+					     "talloc_asprintf failed\n");
+
+		status = smb2_util_mkdir(tree, path_next);
+		if (!NT_STATUS_IS_OK(status)) {
+			break;
+		}
+
+		path_ok = path_next;
+	}
+
+	for (length = 1; length < max_name; length++) {
+		if (!generate_path(length, name, max_name))  {
+			torture_result(tctx, TORTURE_FAIL,
+				       "Failed to generate path.");
+			return false;
+		}
+
+		path_next = talloc_asprintf(tctx, "%s\\%s", path_ok, name);
+		torture_assert_not_null_goto(tctx, path_next, ret, done,
+					     "talloc_asprintf failed\n");
+
+		status = torture_smb2_testfile(tree, path_next, &fh);
+		if (!NT_STATUS_IS_OK(status)) {
+			break;
+		}
+		smb2_util_close(tree, fh);
+		path_ok = path_next;
+	}
+
+	max_path_length = talloc_array_length(path_ok);
+
+	torture_comment(tctx, "Max path name length: %zu\n", max_path_length);
+
+done:
+	return ret;
+}
+
+/*
+   basic testing of SMB2 read
+*/
+struct torture_suite *torture_smb2_create_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "create");
+
+	torture_suite_add_1smb2_test(suite, "gentest", test_create_gentest);
+	torture_suite_add_1smb2_test(suite, "blob", test_create_blob);
+	torture_suite_add_1smb2_test(suite, "open", test_smb2_open);
+	torture_suite_add_1smb2_test(suite, "brlocked", test_smb2_open_brlocked);
+	torture_suite_add_1smb2_test(suite, "multi", test_smb2_open_multi);
+	torture_suite_add_1smb2_test(suite, "delete", test_smb2_open_for_delete);
+	torture_suite_add_1smb2_test(suite, "leading-slash", test_smb2_leading_slash);
+	torture_suite_add_1smb2_test(suite, "impersonation", test_smb2_impersonation_level);
+	torture_suite_add_1smb2_test(suite, "aclfile", test_create_acl_file);
+	torture_suite_add_1smb2_test(suite, "acldir", test_create_acl_dir);
+	torture_suite_add_1smb2_test(suite, "nulldacl", test_create_null_dacl);
+	torture_suite_add_1smb2_test(suite, "mkdir-dup", test_mkdir_dup);
+	torture_suite_add_1smb2_test(suite, "dir-alloc-size", test_dir_alloc_size);
+	torture_suite_add_1smb2_test(suite, "dosattr_tmp_dir", test_dosattr_tmp_dir);
+	torture_suite_add_1smb2_test(suite, "quota-fake-file", test_smb2_open_quota_fake_file);
+	torture_suite_add_1smb2_test(suite, "path-length", test_path_length_test);
+	torture_suite_add_1smb2_test(suite, "bench-path-contention-shared", test_smb2_bench_path_contention_shared);
+
+	suite->description = talloc_strdup(suite, "SMB2-CREATE tests");
+
+	return suite;
+}
+
+struct torture_suite *torture_smb2_twrp_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "twrp");
+
+	torture_suite_add_1smb2_test(suite, "write", test_twrp_write);
+	torture_suite_add_1smb2_test(suite, "stream", test_twrp_stream);
+	torture_suite_add_1smb2_test(suite, "openroot", test_twrp_openroot);
+	torture_suite_add_1smb2_test(suite, "listdir", test_twrp_listdir);
+
+	suite->description = talloc_strdup(suite, "SMB2-TWRP tests");
+
+	return suite;
+}
+
+/*
+   basic testing of SMB2 File-IDs
+*/
+struct torture_suite *torture_smb2_fileid_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "fileid");
+
+	torture_suite_add_1smb2_test(suite, "fileid", test_fileid);
+	torture_suite_add_1smb2_test(suite, "fileid-dir", test_fileid_dir);
+	torture_suite_add_1smb2_test(suite, "unique", test_fileid_unique);
+	torture_suite_add_1smb2_test(suite, "unique-dir", test_fileid_unique_dir);
+
+	suite->description = talloc_strdup(suite, "SMB2-FILEID tests");
+
+	return suite;
+}
+
+static bool test_no_stream(struct torture_context *tctx,
+			   struct smb2_tree *tree)
+{
+	struct smb2_create c;
+	NTSTATUS status;
+	bool ret = true;
+	const char *names[] = {
+		"test_no_stream::$DATA",
+		"test_no_stream::foooooooooooo",
+		"test_no_stream:stream",
+		"test_no_stream:stream:$DATA",
+		NULL
+	};
+	int i;
+
+	for (i = 0; names[i] != NULL; i++) {
+		c = (struct smb2_create) {
+			.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED,
+			.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+			.in.create_disposition = NTCREATEX_DISP_OPEN,
+			.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+			.in.fname = names[i],
+		};
+
+		status = smb2_create(tree, tctx, &c);
+		if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_INVALID)) {
+			torture_comment(
+				tctx, "Expected NT_STATUS_OBJECT_NAME_INVALID, "
+				"got %s, name: '%s'\n",
+				nt_errstr(status), names[i]);
+			torture_fail_goto(tctx, done, "Bad create result\n");
+		}
+	}
+done:
+	return ret;
+}
+
+struct torture_suite *torture_smb2_create_no_streams_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "create_no_streams");
+
+	torture_suite_add_1smb2_test(suite, "no_stream", test_no_stream);
+
+	suite->description = talloc_strdup(suite, "SMB2-CREATE stream test on share without streams support");
+
+	return suite;
+}
diff --git a/source4/torture/smb2/credits.c b/source4/torture/smb2/credits.c
new file mode 100644
index 0000000..b06bae7
--- /dev/null
+++ b/source4/torture/smb2/credits.c
@@ -0,0 +1,268 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   test suite for SMB2 credits
+
+   Copyright (C) Ralph Boehme 2017
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "torture/torture.h"
+#include "torture/smb2/proto.h"
+#include "../libcli/smb/smbXcli_base.h"
+#include "lib/param/param.h"
+
+/**
+ * Request 64k credits in negprot/sessionsetup and require at least 8k
+ *
+ * This passes against Windows 2016
+ **/
+static bool test_session_setup_credits_granted(struct torture_context *tctx,
+					       struct smb2_tree *_tree)
+{
+	struct smbcli_options options;
+	struct smb2_transport *transport = NULL;
+	struct smb2_tree *tree = NULL;
+	uint16_t cur_credits;
+	NTSTATUS status;
+	bool ret = true;
+
+	transport = _tree->session->transport;
+	options = transport->options;
+
+	status = smb2_logoff(_tree->session);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_logoff failed\n");
+	TALLOC_FREE(_tree);
+
+	options.max_credits = 65535;
+
+	ret = torture_smb2_connection_ext(tctx, 0, &options, &tree);
+	torture_assert_goto(tctx, ret == true, ret, done,
+			    "torture_smb2_connection_ext failed\n");
+
+	transport = tree->session->transport;
+
+	cur_credits = smb2cli_conn_get_cur_credits(transport->conn);
+	if (cur_credits < 8192) {
+		torture_result(tctx, TORTURE_FAIL,
+			       "Server only granted %" PRIu16" credits\n",
+			       cur_credits);
+		ret = false;
+		goto done;
+	}
+
+done:
+	TALLOC_FREE(tree);
+	return ret;
+}
+
+/**
+ * Request 64K credits in a single SMB2 request and requite at least 8192
+ *
+ * This passes against Windows 2016
+ **/
+static bool test_single_req_credits_granted(struct torture_context *tctx,
+					    struct smb2_tree *_tree)
+{
+	struct smbcli_options options;
+	struct smb2_transport *transport = NULL;
+	struct smb2_tree *tree = NULL;
+	struct smb2_handle h = {{0}};
+	struct smb2_create create;
+	const char *fname = "single_req_credits_granted.dat";
+	uint16_t cur_credits;
+	NTSTATUS status;
+	bool ret = true;
+
+	smb2_util_unlink(_tree, fname);
+
+	transport = _tree->session->transport;
+	options = transport->options;
+
+	status = smb2_logoff(_tree->session);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_logoff failed\n");
+	TALLOC_FREE(_tree);
+
+	options.max_credits = 1;
+
+	ret = torture_smb2_connection_ext(tctx, 0, &options, &tree);
+	torture_assert_goto(tctx, ret == true, ret, done,
+			    "torture_smb2_connection_ext failed\n");
+
+	transport = tree->session->transport;
+
+	cur_credits = smb2cli_conn_get_cur_credits(transport->conn);
+	if (cur_credits != 1) {
+		torture_result(tctx, TORTURE_FAIL,
+			       "Only wanted 1 credit but server granted %" PRIu16"\n",
+			       cur_credits);
+		ret = false;
+		goto done;
+	}
+
+	smb2cli_conn_set_max_credits(transport->conn, 65535);
+
+	ZERO_STRUCT(create);
+	create.in.impersonation_level	= NTCREATEX_IMPERSONATION_IMPERSONATION;
+	create.in.desired_access	= SEC_RIGHTS_FILE_ALL;
+	create.in.file_attributes	= FILE_ATTRIBUTE_NORMAL;
+	create.in.create_disposition	= NTCREATEX_DISP_OPEN_IF;
+	create.in.fname			= fname;
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	h = create.out.file.handle;
+
+	cur_credits = smb2cli_conn_get_cur_credits(transport->conn);
+	if (cur_credits < 8192) {
+		torture_result(tctx, TORTURE_FAIL,
+			       "Server only granted %" PRIu16" credits\n",
+			       cur_credits);
+		ret = false;
+		goto done;
+	}
+
+done:
+	if (!smb2_util_handle_empty(h)) {
+		smb2_util_close(tree, h);
+	}
+	smb2_util_unlink(tree, fname);
+	TALLOC_FREE(tree);
+	return ret;
+}
+
+static bool test_crediting_skipped_mid(struct torture_context *tctx,
+				       struct smb2_tree *_tree)
+{
+	struct smbcli_options options;
+	struct smb2_transport *transport = NULL;
+	struct smb2_tree *tree = NULL;
+	struct smb2_handle h = {{0}};
+	struct smb2_create create;
+	const char *fname = "skipped_mid.dat";
+	uint64_t mid;
+	uint16_t cur_credits;
+	NTSTATUS status;
+	bool ret = true;
+	int i;
+
+	smb2_util_unlink(_tree, fname);
+
+	transport = _tree->session->transport;
+	options = transport->options;
+
+	status = smb2_logoff(_tree->session);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_logoff failed\n");
+	TALLOC_FREE(_tree);
+
+	options.max_credits = 8192;
+
+	ret = torture_smb2_connection_ext(tctx, 0, &options, &tree);
+	torture_assert_goto(tctx, ret == true, ret, done, "torture_smb2_connection_ext failed\n");
+
+	transport = tree->session->transport;
+
+	cur_credits = smb2cli_conn_get_cur_credits(transport->conn);
+	if (cur_credits != 8192) {
+		torture_result(tctx, TORTURE_FAIL, "Server only granted %" PRIu16" credits\n", cur_credits);
+		ret = false;
+		goto done;
+	}
+
+	ZERO_STRUCT(create);
+	create.in.impersonation_level	= NTCREATEX_IMPERSONATION_IMPERSONATION;
+	create.in.desired_access	= SEC_RIGHTS_FILE_ALL;
+	create.in.file_attributes	= FILE_ATTRIBUTE_NORMAL;
+	create.in.create_disposition	= NTCREATEX_DISP_OPEN_IF;
+	create.in.fname			= fname;
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_create failed\n");
+	h = create.out.file.handle;
+
+	/*
+	 * See what happens if we skip a mid. As we want to avoid triggering our
+	 * client side mid window check we keep conn->smb2.cur_credits
+	 * unchanged so the server keeps granting credits until it's max mid
+	 * windows size is reached at which point it will disconnect us:
+	 *
+	 * o Windows 2016 currently has a maximum mid window size of 8192 by
+	 *   default
+	 *
+	 * o Samba's limit is 512
+	 *
+	 * o Windows 2008r2 uses some special algorithm (MS-SMB2 3.3.1.1
+	 *   footnote <167>) that kicks in once a mid is skipped, resulting in a
+	 *   maximum window size of 100-300 depending on the number of granted
+	 *   credits at the moment of skipping a mid.
+	 */
+
+	mid = smb2cli_conn_get_mid(tree->session->transport->conn);
+	smb2cli_conn_set_mid(tree->session->transport->conn, mid + 1);
+
+	for (i = 0; i < 8191; i++) {
+		status = smb2_util_write(tree, h, "\0", 0, 1);
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_result(tctx, TORTURE_FAIL, "Server only allowed %d writes\n", i);
+			ret = false;
+			goto done;
+		}
+	}
+
+	/*
+	 * Now use the skipped mid (the smb2_util_close...), we should
+	 * immediately get a full mid window of size 8192.
+	 */
+	smb2cli_conn_set_mid(tree->session->transport->conn, mid);
+	status = smb2_util_close(tree, h);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_close failed\n");
+	ZERO_STRUCT(h);
+
+	cur_credits = smb2cli_conn_get_cur_credits(transport->conn);
+	if (cur_credits != 8192) {
+		torture_result(tctx, TORTURE_FAIL, "Server only granted %" PRIu16" credits\n", cur_credits);
+		ret = false;
+		goto done;
+	}
+
+	smb2cli_conn_set_mid(tree->session->transport->conn, mid + 8192);
+
+done:
+	if (!smb2_util_handle_empty(h)) {
+		smb2_util_close(tree, h);
+	}
+	smb2_util_unlink(tree, fname);
+	TALLOC_FREE(tree);
+	return ret;
+}
+
+struct torture_suite *torture_smb2_crediting_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "credits");
+
+	torture_suite_add_1smb2_test(suite, "session_setup_credits_granted", test_session_setup_credits_granted);
+	torture_suite_add_1smb2_test(suite, "single_req_credits_granted", test_single_req_credits_granted);
+	torture_suite_add_1smb2_test(suite, "skipped_mid", test_crediting_skipped_mid);
+
+	suite->description = talloc_strdup(suite, "SMB2-CREDITS tests");
+
+	return suite;
+}
diff --git a/source4/torture/smb2/delete-on-close.c b/source4/torture/smb2/delete-on-close.c
new file mode 100644
index 0000000..0524287
--- /dev/null
+++ b/source4/torture/smb2/delete-on-close.c
@@ -0,0 +1,762 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   test delete-on-close in more detail
+
+   Copyright (C) Richard Sharpe, 2013
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "torture/torture.h"
+#include "torture/util.h"
+#include "torture/smb2/proto.h"
+#include "libcli/security/security.h"
+#include "librpc/gen_ndr/ndr_security.h"
+
+#define DNAME "test_dir"
+#define FNAME DNAME "\\test_create.dat"
+
+#define CHECK_STATUS(status, correct) do { \
+	if (!NT_STATUS_EQUAL(status, correct)) { \
+		torture_result(tctx, TORTURE_FAIL, \
+			"(%s) Incorrect status %s - should be %s\n", \
+			 __location__, nt_errstr(status), nt_errstr(correct)); \
+		return false; \
+	}} while (0)
+
+static bool create_dir(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	struct smb2_create io;
+	struct smb2_handle handle;
+	union smb_fileinfo q;
+	union smb_setfileinfo set;
+	struct security_descriptor *sd, *sd_orig;
+	const char *owner_sid;
+	uint32_t perms = 0;
+
+	torture_comment(tctx, "Creating Directory for testing: %s\n", DNAME);
+
+	ZERO_STRUCT(io);
+	io.level = RAW_OPEN_SMB2;
+	io.in.create_flags = 0;
+	io.in.desired_access =
+		SEC_STD_READ_CONTROL |
+		SEC_STD_WRITE_DAC |
+		SEC_STD_WRITE_OWNER;
+	io.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
+	io.in.share_access =
+		NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.in.alloc_size = 0;
+	io.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.in.security_flags = 0;
+	io.in.fname = DNAME;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	handle = io.out.file.handle;
+
+	torture_comment(tctx, "get the original sd\n");
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.handle = handle;
+	q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+	status = smb2_getinfo_file(tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	sd_orig = q.query_secdesc.out.sd;
+
+	owner_sid = dom_sid_string(tctx, sd_orig->owner_sid);
+
+	/*
+	 * We create an SD that allows us to do most things but we do not
+	 * get DELETE and DELETE CHILD access!
+	 */
+
+	perms = SEC_STD_SYNCHRONIZE | SEC_STD_WRITE_OWNER |
+		SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL | 
+		SEC_DIR_WRITE_ATTRIBUTE | SEC_DIR_READ_ATTRIBUTE | 
+		SEC_DIR_TRAVERSE | SEC_DIR_WRITE_EA | 
+		SEC_FILE_READ_EA | SEC_FILE_APPEND_DATA |
+		SEC_FILE_WRITE_DATA | SEC_FILE_READ_DATA;
+
+	torture_comment(tctx, "Setting permissions on dir to 0x1e01bf\n");
+	sd = security_descriptor_dacl_create(tctx,
+					0, owner_sid, NULL,
+					owner_sid,
+					SEC_ACE_TYPE_ACCESS_ALLOWED,
+					perms,
+					SEC_ACE_FLAG_OBJECT_INHERIT,
+					NULL);
+
+	set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+	set.set_secdesc.in.file.handle = handle;
+	set.set_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+	set.set_secdesc.in.sd = sd;
+
+	status = smb2_setinfo_file(tree, &set);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_util_close(tree, handle);
+
+	return true;
+}
+
+static bool set_dir_delete_perms(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	struct smb2_create io;
+	struct smb2_handle handle;
+	union smb_fileinfo q;
+	union smb_setfileinfo set;
+	struct security_descriptor *sd, *sd_orig;
+	const char *owner_sid;
+	uint32_t perms = 0;
+
+	torture_comment(tctx, "Opening Directory for setting new SD: %s\n", DNAME);
+
+	ZERO_STRUCT(io);
+	io.level = RAW_OPEN_SMB2;
+	io.in.create_flags = 0;
+	io.in.desired_access =
+		SEC_STD_READ_CONTROL |
+		SEC_STD_WRITE_DAC |
+		SEC_STD_WRITE_OWNER;
+	io.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
+	io.in.share_access =
+		NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.in.alloc_size = 0;
+	io.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.in.security_flags = 0;
+	io.in.fname = DNAME;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	handle = io.out.file.handle;
+
+	torture_comment(tctx, "get the original sd\n");
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.handle = handle;
+	q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+	status = smb2_getinfo_file(tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	sd_orig = q.query_secdesc.out.sd;
+
+	owner_sid = dom_sid_string(tctx, sd_orig->owner_sid);
+
+	/*
+	 * We create an SD that allows us to do most things including
+	 * get DELETE and DELETE CHILD access!
+	 */
+
+	perms = SEC_STD_SYNCHRONIZE | SEC_STD_WRITE_OWNER |
+		SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL | 
+		SEC_DIR_WRITE_ATTRIBUTE | SEC_DIR_READ_ATTRIBUTE | 
+		SEC_DIR_TRAVERSE | SEC_DIR_WRITE_EA | 
+		SEC_FILE_READ_EA | SEC_FILE_APPEND_DATA |
+		SEC_DIR_DELETE_CHILD | SEC_STD_DELETE |
+		SEC_FILE_WRITE_DATA | SEC_FILE_READ_DATA;
+
+	torture_comment(tctx, "Setting permissions on dir to 0x%0x\n", perms);
+	sd = security_descriptor_dacl_create(tctx,
+					0, owner_sid, NULL,
+					owner_sid,
+					SEC_ACE_TYPE_ACCESS_ALLOWED,
+					perms,
+					0,
+					NULL);
+
+	set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+	set.set_secdesc.in.file.handle = handle;
+	set.set_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+	set.set_secdesc.in.sd = sd;
+
+	status = smb2_setinfo_file(tree, &set);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_util_close(tree, handle);
+
+	return true;
+}
+
+static bool test_doc_overwrite_if(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	struct smb2_create io;
+	NTSTATUS status;
+	uint32_t perms = 0;
+
+	/* File should not exist for this first test, so make sure */
+	set_dir_delete_perms(tctx, tree);
+
+	smb2_deltree(tree, DNAME);
+
+	create_dir(tctx, tree);
+
+	torture_comment(tctx, "Create file with DeleteOnClose on non-existent file (OVERWRITE_IF)\n");
+	torture_comment(tctx, "We expect NT_STATUS_OK\n");
+
+	perms = SEC_STD_SYNCHRONIZE | SEC_STD_READ_CONTROL | SEC_STD_DELETE | 
+		SEC_DIR_WRITE_ATTRIBUTE | SEC_DIR_READ_ATTRIBUTE | 
+		SEC_DIR_WRITE_EA | SEC_FILE_APPEND_DATA |
+		SEC_FILE_WRITE_DATA;
+
+	ZERO_STRUCT(io);
+	io.in.desired_access	 = perms;
+	io.in.file_attributes	 = 0;
+	io.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+	io.in.share_access	 = NTCREATEX_SHARE_ACCESS_DELETE;
+	io.in.create_options     = NTCREATEX_OPTIONS_DELETE_ON_CLOSE | 
+				   NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+	io.in.fname              = FNAME;
+
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_util_close(tree, io.out.file.handle);
+
+	/* Check it was deleted */
+	ZERO_STRUCT(io);
+	io.in.desired_access	 = perms;
+	io.in.file_attributes	 = 0;
+	io.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.in.share_access	 = NTCREATEX_SHARE_ACCESS_DELETE;
+	io.in.create_options     = 0;
+	io.in.fname              = FNAME;
+
+	torture_comment(tctx, "Testing if the file was deleted when closed\n");
+	torture_comment(tctx, "We expect NT_STATUS_OBJECT_NAME_NOT_FOUND\n");
+
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	return true;
+}
+
+static bool test_doc_overwrite_if_exist(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	struct smb2_create io;
+	NTSTATUS status;
+	uint32_t perms = 0;
+
+	/* File should not exist for this first test, so make sure */
+	/* And set the SEC Descriptor appropriately */
+	set_dir_delete_perms(tctx, tree);
+
+	smb2_deltree(tree, DNAME);
+
+	create_dir(tctx, tree);
+
+	torture_comment(tctx, "Create file with DeleteOnClose on existing file (OVERWRITE_IF)\n");
+	torture_comment(tctx, "We expect NT_STATUS_ACCESS_DENIED\n");
+
+	perms = SEC_STD_SYNCHRONIZE | SEC_STD_READ_CONTROL | SEC_STD_DELETE | 
+		SEC_DIR_WRITE_ATTRIBUTE | SEC_DIR_READ_ATTRIBUTE | 
+		SEC_DIR_WRITE_EA | SEC_FILE_APPEND_DATA |
+		SEC_FILE_WRITE_DATA;
+
+	/* First, create this file ... */
+	ZERO_STRUCT(io);
+	io.in.desired_access	 = perms;
+	io.in.file_attributes	 = 0;
+	io.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+	io.in.share_access	 = NTCREATEX_SHARE_ACCESS_DELETE;
+	io.in.create_options     = 0x0;
+	io.in.fname              = FNAME;
+
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_util_close(tree, io.out.file.handle);
+
+	/* Next, try to open it for Delete On Close */
+	ZERO_STRUCT(io);
+	io.in.desired_access	 = perms;
+	io.in.file_attributes	 = 0;
+	io.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+	io.in.share_access	 = NTCREATEX_SHARE_ACCESS_DELETE;
+	io.in.create_options     = NTCREATEX_OPTIONS_DELETE_ON_CLOSE | 
+				   NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+	io.in.fname              = FNAME;
+
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	status = smb2_util_close(tree, io.out.file.handle);
+
+	return true;
+}
+
+static bool test_doc_create(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	struct smb2_create io;
+	NTSTATUS status;
+	uint32_t perms = 0;
+
+	/* File should not exist for this first test, so make sure */
+	set_dir_delete_perms(tctx, tree);
+
+	smb2_deltree(tree, DNAME);
+
+	create_dir(tctx, tree);
+
+	torture_comment(tctx, "Create file with DeleteOnClose on non-existent file (CREATE) \n");
+	torture_comment(tctx, "We expect NT_STATUS_OK\n");
+
+	perms = SEC_STD_SYNCHRONIZE | SEC_STD_READ_CONTROL | SEC_STD_DELETE | 
+		SEC_DIR_WRITE_ATTRIBUTE | SEC_DIR_READ_ATTRIBUTE | 
+		SEC_DIR_WRITE_EA | SEC_FILE_APPEND_DATA |
+		SEC_FILE_WRITE_DATA;
+
+	ZERO_STRUCT(io);
+	io.in.desired_access	 = perms;
+	io.in.file_attributes	 = 0;
+	io.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.in.share_access	 = NTCREATEX_SHARE_ACCESS_DELETE;
+	io.in.create_options     = NTCREATEX_OPTIONS_DELETE_ON_CLOSE | 
+				   NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+	io.in.fname              = FNAME;
+
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_util_close(tree, io.out.file.handle);
+
+	/* Check it was deleted */
+	ZERO_STRUCT(io);
+	io.in.desired_access	 = perms;
+	io.in.file_attributes	 = 0;
+	io.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.in.share_access	 = NTCREATEX_SHARE_ACCESS_DELETE;
+	io.in.create_options     = 0;
+	io.in.fname              = FNAME;
+
+	torture_comment(tctx, "Testing if the file was deleted when closed\n");
+	torture_comment(tctx, "We expect NT_STATUS_OBJECT_NAME_NOT_FOUND\n");
+
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	return true;
+}
+
+static bool test_doc_create_exist(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	struct smb2_create io;
+	NTSTATUS status;
+	uint32_t perms = 0;
+
+	/* File should not exist for this first test, so make sure */
+	set_dir_delete_perms(tctx, tree);
+
+	smb2_deltree(tree, DNAME);
+
+	create_dir(tctx, tree);
+
+	torture_comment(tctx, "Create file with DeleteOnClose on non-existent file (CREATE) \n");
+	torture_comment(tctx, "We expect NT_STATUS_OBJECT_NAME_COLLISION\n");
+
+	perms = SEC_STD_SYNCHRONIZE | SEC_STD_READ_CONTROL | SEC_STD_DELETE | 
+		SEC_DIR_WRITE_ATTRIBUTE | SEC_DIR_READ_ATTRIBUTE | 
+		SEC_DIR_WRITE_EA | SEC_FILE_APPEND_DATA |
+		SEC_FILE_WRITE_DATA;
+
+	/* First, create the file */
+	ZERO_STRUCT(io);
+	io.in.desired_access	 = perms;
+	io.in.file_attributes	 = 0;
+	io.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.in.share_access	 = NTCREATEX_SHARE_ACCESS_DELETE;
+	io.in.create_options     = 0x0;
+	io.in.fname              = FNAME;
+
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_util_close(tree, io.out.file.handle);
+
+	/* Next, try to open it for Delete on Close */
+	status = smb2_util_close(tree, io.out.file.handle);
+	ZERO_STRUCT(io);
+	io.in.desired_access	 = perms;
+	io.in.file_attributes	 = 0;
+	io.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.in.share_access	 = NTCREATEX_SHARE_ACCESS_DELETE;
+	io.in.create_options     = NTCREATEX_OPTIONS_DELETE_ON_CLOSE | 
+				   NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+	io.in.fname              = FNAME;
+
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_COLLISION);
+
+	status = smb2_util_close(tree, io.out.file.handle);
+
+	return true;
+}
+
+static bool test_doc_create_if(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	struct smb2_create io;
+	NTSTATUS status;
+	uint32_t perms = 0;
+
+	/* File should not exist for this first test, so make sure */
+	set_dir_delete_perms(tctx, tree);
+
+	smb2_deltree(tree, DNAME);
+
+	create_dir(tctx, tree);
+
+	torture_comment(tctx, "Create file with DeleteOnClose on non-existent file (OPEN_IF)\n");
+	torture_comment(tctx, "We expect NT_STATUS_OK\n");
+
+	perms = SEC_STD_SYNCHRONIZE | SEC_STD_READ_CONTROL | SEC_STD_DELETE | 
+		SEC_DIR_WRITE_ATTRIBUTE | SEC_DIR_READ_ATTRIBUTE | 
+		SEC_DIR_WRITE_EA | SEC_FILE_APPEND_DATA |
+		SEC_FILE_WRITE_DATA;
+
+	ZERO_STRUCT(io);
+	io.in.desired_access	 = perms;
+	io.in.file_attributes	 = 0;
+	io.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.in.share_access	 = NTCREATEX_SHARE_ACCESS_DELETE;
+	io.in.create_options     = NTCREATEX_OPTIONS_DELETE_ON_CLOSE | 
+				   NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+	io.in.fname              = FNAME;
+
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_util_close(tree, io.out.file.handle);
+
+	/* Check it was deleted */
+	ZERO_STRUCT(io);
+	io.in.desired_access	 = perms;
+	io.in.file_attributes	 = 0;
+	io.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.in.share_access	 = NTCREATEX_SHARE_ACCESS_DELETE;
+	io.in.create_options     = 0;
+	io.in.fname              = FNAME;
+
+	torture_comment(tctx, "Testing if the file was deleted when closed\n");
+	torture_comment(tctx, "We expect NT_STATUS_OBJECT_NAME_NOT_FOUND\n");
+
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	return true;
+}
+
+static bool test_doc_create_if_exist(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	struct smb2_create io;
+	NTSTATUS status;
+	uint32_t perms = 0;
+
+	/* File should not exist for this first test, so make sure */
+	set_dir_delete_perms(tctx, tree);
+
+	smb2_deltree(tree, DNAME);
+
+	create_dir(tctx, tree);
+
+	torture_comment(tctx, "Create file with DeleteOnClose on existing file (OPEN_IF)\n");
+	torture_comment(tctx, "We expect NT_STATUS_ACCESS_DENIED\n");
+
+	perms = SEC_STD_SYNCHRONIZE | SEC_STD_READ_CONTROL | SEC_STD_DELETE | 
+		SEC_DIR_WRITE_ATTRIBUTE | SEC_DIR_READ_ATTRIBUTE | 
+		SEC_DIR_WRITE_EA | SEC_FILE_APPEND_DATA |
+		SEC_FILE_WRITE_DATA;
+
+	/* Create the file first */
+	ZERO_STRUCT(io);
+	io.in.desired_access	 = perms;
+	io.in.file_attributes	 = 0;
+	io.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.in.share_access	 = NTCREATEX_SHARE_ACCESS_DELETE;
+	io.in.create_options     = 0x0;
+	io.in.fname              = FNAME;
+
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_util_close(tree, io.out.file.handle);
+
+	/* Now try to create it for delete on close */
+	ZERO_STRUCT(io);
+	io.in.desired_access	 = 0x130196;
+	io.in.file_attributes	 = 0;
+	io.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.in.share_access	 = NTCREATEX_SHARE_ACCESS_DELETE;
+	io.in.create_options     = NTCREATEX_OPTIONS_DELETE_ON_CLOSE | 
+				   NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+	io.in.fname              = FNAME;
+
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	status = smb2_util_close(tree, io.out.file.handle);
+
+	return true;
+}
+
+static bool test_doc_find_and_set_doc(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	struct smb2_create io;
+	struct smb2_find find;
+	NTSTATUS status;
+	union smb_search_data *d;
+	union smb_setfileinfo sfinfo;
+	unsigned int count;
+	uint32_t perms = 0;
+
+	perms = SEC_STD_SYNCHRONIZE | SEC_STD_READ_CONTROL | SEC_STD_DELETE |
+		SEC_DIR_WRITE_ATTRIBUTE | SEC_DIR_READ_ATTRIBUTE |
+		SEC_DIR_WRITE_EA | SEC_FILE_APPEND_DATA |
+		SEC_FILE_WRITE_DATA | SEC_DIR_LIST;
+
+	/* File should not exist for this first test, so make sure */
+	set_dir_delete_perms(tctx, tree);
+
+	smb2_deltree(tree, DNAME);
+
+	create_dir(tctx, tree);
+
+	torture_comment(tctx, "FIND and delete directory\n");
+	torture_comment(tctx, "We expect NT_STATUS_OK\n");
+
+	/* open the directory first */
+	ZERO_STRUCT(io);
+	io.in.desired_access	 = perms;
+	io.in.file_attributes	 = FILE_ATTRIBUTE_DIRECTORY;
+	io.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.in.share_access	 = NTCREATEX_SHARE_ACCESS_READ |
+				   NTCREATEX_SHARE_ACCESS_DELETE;
+	io.in.create_options     = NTCREATEX_OPTIONS_DIRECTORY;
+	io.in.fname              = DNAME;
+
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* list directory */
+	ZERO_STRUCT(find);
+	find.in.file.handle        = io.out.file.handle;
+	find.in.pattern            = "*";
+	find.in.continue_flags     = SMB2_CONTINUE_FLAG_SINGLE;
+	find.in.max_response_size  = 0x100;
+	find.in.level              = SMB2_FIND_BOTH_DIRECTORY_INFO;
+
+	/* start enumeration on directory */
+	status = smb2_find_level(tree, tree, &find, &count, &d);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* set delete-on-close */
+	ZERO_STRUCT(sfinfo);
+	sfinfo.generic.level = RAW_SFILEINFO_DISPOSITION_INFORMATION;
+	sfinfo.disposition_info.in.delete_on_close = 1;
+	sfinfo.generic.in.file.handle = io.out.file.handle;
+	status = smb2_setinfo_file(tree, &sfinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* close directory */
+	status = smb2_util_close(tree, io.out.file.handle);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	return true;
+}
+
+static bool test_doc_read_only(struct torture_context *tctx,
+			       struct smb2_tree *tree)
+{
+	struct smb2_handle dir_handle;
+	union smb_setfileinfo sfinfo = {{0}};
+	struct smb2_create create = {0};
+	struct smb2_close close = {0};
+	NTSTATUS status, expected_status;
+	bool ret = true, delete_readonly;
+
+	/*
+	 * Allow testing of the Samba 'delete readonly' option.
+	 */
+	delete_readonly = torture_setting_bool(tctx, "delete_readonly", false);
+	expected_status = delete_readonly ?
+		NT_STATUS_OK : NT_STATUS_CANNOT_DELETE;
+
+	smb2_deltree(tree, DNAME);
+
+	status = torture_smb2_testdir(tree, DNAME, &dir_handle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"CREATE directory failed\n");
+
+	create = (struct smb2_create) {0};
+	create.in.desired_access = SEC_RIGHTS_DIR_ALL;
+	create.in.create_options = NTCREATEX_OPTIONS_NON_DIRECTORY_FILE |
+		NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
+	create.in.file_attributes = FILE_ATTRIBUTE_READONLY;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE |
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	create.in.create_disposition = NTCREATEX_DISP_CREATE;
+	create.in.fname = FNAME;
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_equal_goto(tctx, status, expected_status, ret,
+					   done, "Unexpected status for CREATE "
+					   "of new file.\n");
+
+	if (delete_readonly) {
+		close.in.file.handle = create.out.file.handle;
+		status = smb2_close(tree, &close);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"CLOSE of READONLY file "
+						"failed.\n");
+	}
+
+	torture_comment(tctx, "Creating file with READ_ONLY attribute.\n");
+
+	create = (struct smb2_create) {0};
+	create.in.desired_access = SEC_RIGHTS_DIR_ALL;
+	create.in.create_options = NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+	create.in.file_attributes = FILE_ATTRIBUTE_READONLY;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE |
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	create.in.create_disposition = NTCREATEX_DISP_CREATE;
+	create.in.fname = FNAME;
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"CREATE of READONLY file failed.\n");
+
+	close.in.file.handle = create.out.file.handle;
+	status = smb2_close(tree, &close);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"CLOSE of READONLY file failed.\n");
+
+	torture_comment(tctx, "Testing CREATE with DELETE_ON_CLOSE on "
+			"READ_ONLY attribute file.\n");
+
+	create = (struct smb2_create) {0};
+	create.in.desired_access = SEC_RIGHTS_FILE_READ | SEC_STD_DELETE;
+	create.in.create_options = NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
+	create.in.file_attributes = 0;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE |
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.fname = FNAME;
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+					   expected_status, ret, done,
+					   "CREATE returned unexpected "
+					   "status.\n");
+
+	torture_comment(tctx, "Testing setting DELETE_ON_CLOSE disposition on "
+			" file with READONLY attribute.\n");
+
+	create = (struct smb2_create) {0};
+	create.in.desired_access = SEC_RIGHTS_FILE_READ | SEC_STD_DELETE;;
+	create.in.create_options = 0;
+	create.in.file_attributes = 0;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE |
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.fname = FNAME;
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"Opening file failed.\n");
+
+	sfinfo.disposition_info.in.delete_on_close = 1;
+	sfinfo.generic.level = RAW_SFILEINFO_DISPOSITION_INFORMATION;
+	sfinfo.generic.in.file.handle = create.out.file.handle;
+
+	status = smb2_setinfo_file(tree, &sfinfo);
+	torture_assert_ntstatus_equal(tctx, status, expected_status,
+				      "Set DELETE_ON_CLOSE disposition "
+				      "returned un expected status.\n");
+
+	status = smb2_util_close(tree, create.out.file.handle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"CLOSE failed\n");
+
+done:
+	smb2_deltree(tree, DNAME);
+	return ret;
+}
+
+/*
+ * This is a regression test for
+ * https://bugzilla.samba.org/show_bug.cgi?id=14427
+ *
+ * It's not really a delete-on-close specific test.
+ */
+static bool test_doc_bug14427(struct torture_context *tctx, struct smb2_tree *tree1)
+{
+	struct smb2_tree *tree2 = NULL;
+	NTSTATUS status;
+	char fname[256];
+	bool ret = false;
+	bool ok;
+
+	/* Add some random component to the file name. */
+	snprintf(fname, sizeof(fname), "doc_bug14427_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	ok = torture_smb2_tree_connect(tctx, tree1->session, tctx, &tree2);
+	torture_assert_goto(tctx, ok, ret, done,
+		"torture_smb2_tree_connect() failed.\n");
+
+	status = torture_setup_simple_file(tctx, tree1, fname);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+		"torture_setup_simple_file() failed on tree1.\n");
+
+	status = smb2_util_unlink(tree2, fname);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+		"smb2_util_unlink() failed on tree2.\n");
+	TALLOC_FREE(tree2);
+	ret = true;
+done:
+	if (tree2 != NULL) {
+		TALLOC_FREE(tree2);
+		smb2_util_unlink(tree1, fname);
+	}
+
+	TALLOC_FREE(tree1);
+	return ret;
+}
+
+/*
+ *  Extreme testing of Delete On Close and permissions
+ */
+struct torture_suite *torture_smb2_doc_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "delete-on-close-perms");
+
+	torture_suite_add_1smb2_test(suite, "OVERWRITE_IF", test_doc_overwrite_if);
+	torture_suite_add_1smb2_test(suite, "OVERWRITE_IF Existing", test_doc_overwrite_if_exist);
+	torture_suite_add_1smb2_test(suite, "CREATE", test_doc_create);
+	torture_suite_add_1smb2_test(suite, "CREATE Existing", test_doc_create_exist);
+	torture_suite_add_1smb2_test(suite, "CREATE_IF", test_doc_create_if);
+	torture_suite_add_1smb2_test(suite, "CREATE_IF Existing", test_doc_create_if_exist);
+	torture_suite_add_1smb2_test(suite, "FIND_and_set_DOC", test_doc_find_and_set_doc);
+	torture_suite_add_1smb2_test(suite, "READONLY", test_doc_read_only);
+	torture_suite_add_1smb2_test(suite, "BUG14427", test_doc_bug14427);
+
+	suite->description = talloc_strdup(suite, "SMB2-Delete-on-Close-Perms tests");
+
+	return suite;
+}
diff --git a/source4/torture/smb2/deny.c b/source4/torture/smb2/deny.c
new file mode 100644
index 0000000..e42fd56
--- /dev/null
+++ b/source4/torture/smb2/deny.c
@@ -0,0 +1,526 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB2 torture tester - deny mode scanning functions
+   Copyright (C) Andrew Tridgell 2001
+   Copyright (C) David Mulder 2019
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "torture/util.h"
+#include "torture/smb2/proto.h"
+
+enum deny_result {A_0=0, A_X=1, A_R=2, A_W=3, A_RW=5};
+
+static const char *denystr(int denymode)
+{
+	const struct {
+		int v;
+		const char *name;
+	} deny_modes[] = {
+		{NTCREATEX_SHARE_ACCESS_NONE, "NTCREATEX_SHARE_ACCESS_NONE"},
+		{NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, "NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE"},
+		{NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, "NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE"},
+		{NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, "NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE"},
+		{-1, NULL}};
+	int i;
+	for (i=0;deny_modes[i].name;i++) {
+		if (deny_modes[i].v == denymode) return deny_modes[i].name;
+	}
+	return "DENY_XXX";
+}
+
+static const char *openstr(int mode)
+{
+	const struct {
+		int v;
+		const char *name;
+	} open_modes[] = {
+		{SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, "SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA"},
+		{SEC_FILE_READ_DATA, "SEC_FILE_READ_DATA"},
+		{SEC_FILE_WRITE_DATA, "SEC_FILE_WRITE_DATA"},
+		{-1, NULL}};
+	int i;
+	for (i=0;open_modes[i].name;i++) {
+		if (open_modes[i].v == mode) return open_modes[i].name;
+	}
+	return "O_XXX";
+}
+
+static const char *resultstr(enum deny_result res)
+{
+	const struct {
+		enum deny_result res;
+		const char *name;
+	} results[] = {
+		{A_X, "X"},
+		{A_0, "-"},
+		{A_R, "R"},
+		{A_W, "W"},
+		{A_RW,"RW"}};
+	int i;
+	for (i=0;i<ARRAY_SIZE(results);i++) {
+		if (results[i].res == res) return results[i].name;
+	}
+	return "*";
+}
+
+static const struct {
+	int isexe;
+	int mode1, deny1;
+	int mode2, deny2;
+	enum deny_result result;
+} denytable[] = {
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_R},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_R},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_R},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_R},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_R},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_W},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_W},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_W},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_W},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_W},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_RW},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_R},
+{1, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_W},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_RW},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_R},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_W},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_RW},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_R},
+{1, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_W},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_RW},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_R},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_W},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_RW},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_R},
+{1, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_W},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_R},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_R},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_R},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_R},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_R},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_W},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_W},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_W},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_W},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_W},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_RW},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_R},
+{0, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_W},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_RW},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_R},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_W},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_RW},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_R},
+{0, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_W},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_NONE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE, A_0},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_RW},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_R},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_W},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_RW},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_R},
+{0, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, SEC_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE, A_W},
+};
+
+
+static void progress_bar(struct torture_context *tctx, unsigned int i, unsigned int total)
+{
+	if (torture_setting_bool(tctx, "progress", true)) {
+		torture_comment(tctx, "%5d/%5d\r", i, total);
+		fflush(stdout);
+	}
+}
+
+
+/*
+  this produces a matrix of deny mode behaviour with 2 connections
+ */
+static bool torture_smb2_denytest2(struct torture_context *tctx,
+		       struct smb2_tree *tree1,
+		       struct smb2_tree *tree2)
+{
+	NTSTATUS status;
+	struct smb2_handle fnum1 = {{0}}, fnum2 = {{0}};
+	int i;
+	bool correct = true;
+	const char *fnames[2] = {"denytest2.dat", "denytest2.exe"};
+	struct timespec tv, tv_start;
+
+	for (i=0;i<2;i++) {
+		struct smb2_create io = {0};
+		smb2_util_unlink(tree1, fnames[i]);
+		io.in.fname = fnames[i];
+		io.in.desired_access = SEC_FILE_READ_DATA | SEC_FILE_WRITE_DATA;
+		io.in.create_disposition = NTCREATEX_DISP_CREATE;
+		io.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				     NTCREATEX_SHARE_ACCESS_WRITE |
+				     NTCREATEX_SHARE_ACCESS_DELETE;
+		status = smb2_create(tree1, tree1, &io);
+		torture_assert_ntstatus_ok_goto(tctx, status, correct, failed,
+		talloc_asprintf(tctx, "Open of %s failed (%s)",
+			fnames[i], nt_errstr(status)));
+				fnum1 = io.out.file.handle;
+		smb2_util_write(tree1, fnum1, fnames[i], 0, strlen(fnames[i]));
+		smb2_util_close(tree1, fnum1);
+	}
+
+	clock_gettime_mono(&tv_start);
+
+	for (i=0; i<ARRAY_SIZE(denytable); i++) {
+		NTSTATUS s1, s2;
+		struct smb2_create io1 = {0}, io2 = {0};
+		enum deny_result res;
+		const char *fname = fnames[denytable[i].isexe];
+
+		progress_bar(tctx, i, ARRAY_SIZE(denytable));
+
+		io1.in.fname = fname;
+		io1.in.desired_access = denytable[i].mode1;
+		io1.in.create_disposition = NTCREATEX_DISP_OPEN;
+		io1.in.share_access = denytable[i].deny1;
+		s1 = smb2_create(tree1, tree1, &io1);
+		fnum1 = io1.out.file.handle;
+
+		io2.in.fname = fname;
+		io2.in.desired_access = denytable[i].mode2;
+		io2.in.create_disposition = NTCREATEX_DISP_OPEN;
+		io2.in.share_access = denytable[i].deny2;
+		s2 = smb2_create(tree2, tree2, &io2);
+		fnum2 = io2.out.file.handle;
+
+		if (!NT_STATUS_IS_OK(s1)) {
+			res = A_X;
+		} else if (!NT_STATUS_IS_OK(s2)) {
+			res = A_0;
+		} else {
+			struct smb2_read io = {0};
+			struct smb2_write wio = {0};
+			uint8_t x = 1;
+			res = A_0;
+
+			io.in.file.handle = fnum2;
+			io.in.length = 1;
+			status = smb2_read(tree2, tree2, &io);
+			if (NT_STATUS_IS_OK(status) && io.out.data.length == 1) {
+				res += A_R;
+			}
+
+			wio.in.file.handle = fnum2;
+			wio.in.data = data_blob_const(&x, 1);
+			status = smb2_write(tree2, &wio);
+			if (NT_STATUS_IS_OK(status) && wio.out.nwritten == 1) {
+				res += A_W;
+			}
+		}
+
+		if (torture_setting_bool(tctx, "showall", false) ||
+			res != denytable[i].result) {
+			int64_t tdif;
+			clock_gettime_mono(&tv);
+			tdif = nsec_time_diff(&tv, &tv_start);
+			tdif /= 1000000;
+			torture_comment(tctx, "%lld: %s %8s %10s    %8s %10s    %s (correct=%s)\n",
+			       (long long)tdif,
+			       fname,
+			       denystr(denytable[i].deny1),
+			       openstr(denytable[i].mode1),
+			       denystr(denytable[i].deny2),
+			       openstr(denytable[i].mode2),
+			       resultstr(res),
+			       resultstr(denytable[i].result));
+		}
+
+		torture_assert_goto(tctx, res == denytable[i].result,
+				    correct, failed,
+				    talloc_asprintf(tctx,
+				    "Result %s did not match deny table %s\n",
+				    resultstr(res),
+				    resultstr(denytable[i].result)));
+
+		smb2_util_close(tree1, fnum1);
+		smb2_util_close(tree2, fnum2);
+	}
+
+failed:
+	for (i=0;i<2;i++) {
+		smb2_util_unlink(tree1, fnames[i]);
+	}
+
+	return correct;
+}
+
+
+/*
+  this produces a matrix of deny mode behaviour for 1 connection
+ */
+static bool torture_smb2_denytest1(struct torture_context *tctx,
+		       struct smb2_tree *tree)
+{
+	return torture_smb2_denytest2(tctx, tree, tree);
+}
+
+
+struct torture_suite *torture_smb2_deny_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "deny");
+
+	torture_suite_add_1smb2_test(suite, "deny1",  torture_smb2_denytest1);
+	torture_suite_add_2smb2_test(suite, "deny2",  torture_smb2_denytest2);
+
+	suite->description = talloc_strdup(suite, "SMB2 deny tests");
+
+	return suite;
+}
diff --git a/source4/torture/smb2/dir.c b/source4/torture/smb2/dir.c
new file mode 100644
index 0000000..4020e6b
--- /dev/null
+++ b/source4/torture/smb2/dir.c
@@ -0,0 +1,1606 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   SMB2 dir list test suite
+
+   Copyright (C) Andrew Tridgell 2005
+   Copyright (C) Zachary Loafman 2009
+   Copyright (C) Aravind Srinivasan 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "libcli/smb_composite/smb_composite.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/libcli.h"
+
+#include "torture/torture.h"
+#include "torture/smb2/proto.h"
+#include "torture/util.h"
+
+#include "system/filesys.h"
+#include "lib/util/tsort.h"
+
+#define DNAME	"smb2_dir"
+#define NFILES	100
+
+struct file_elem {
+	char *name;
+	NTTIME create_time;
+	bool found;
+};
+
+static NTSTATUS populate_tree(struct torture_context *tctx,
+			      TALLOC_CTX *mem_ctx,
+			      struct smb2_tree *tree,
+			      struct file_elem *files,
+			      int nfiles,
+			      struct smb2_handle *h_out)
+{
+	struct smb2_create create;
+	char **strs = NULL;
+	NTSTATUS status;
+	bool ret = true;
+	int i;
+
+	smb2_deltree(tree, DNAME);
+
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_RIGHTS_DIR_ALL;
+	create.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	create.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				 NTCREATEX_SHARE_ACCESS_WRITE |
+				 NTCREATEX_SHARE_ACCESS_DELETE;
+	create.in.create_disposition = NTCREATEX_DISP_CREATE;
+	create.in.fname = DNAME;
+
+	status = smb2_create(tree, mem_ctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "");
+	*h_out = create.out.file.handle;
+
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.create_disposition = NTCREATEX_DISP_CREATE;
+
+	strs = generate_unique_strs(mem_ctx, 8, nfiles);
+	if (strs == NULL) {
+		status = NT_STATUS_OBJECT_NAME_COLLISION;
+		goto done;
+	}
+	for (i = 0; i < nfiles; i++) {
+		files[i].name = strs[i];
+		create.in.fname = talloc_asprintf(mem_ctx, "%s\\%s",
+		    DNAME, files[i].name);
+		status = smb2_create(tree, mem_ctx, &create);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "");
+		files[i].create_time = create.out.create_time;
+		smb2_util_close(tree, create.out.file.handle);
+	}
+ done:
+	if (!ret) {
+		return status;
+	}
+
+	return status;
+}
+
+/*
+  test find continue
+*/
+
+static bool test_find(struct torture_context *tctx,
+		      struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_handle h;
+	struct smb2_find f;
+	union smb_search_data *d;
+	struct file_elem files[NFILES] = {};
+	NTSTATUS status;
+	bool ret = true;
+	unsigned int count;
+	int i, j = 0, file_count = 0;
+
+	status = populate_tree(tctx, mem_ctx, tree, files, NFILES, &h);
+
+	ZERO_STRUCT(f);
+	f.in.file.handle	= h;
+	f.in.pattern		= "*";
+	f.in.continue_flags	= SMB2_CONTINUE_FLAG_SINGLE;
+	f.in.max_response_size	= 0x100;
+	f.in.level              = SMB2_FIND_BOTH_DIRECTORY_INFO;
+
+	do {
+		status = smb2_find_level(tree, tree, &f, &count, &d);
+		if (NT_STATUS_EQUAL(status, STATUS_NO_MORE_FILES))
+			break;
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "");
+
+		for (i = 0; i < count; i++) {
+			bool expected;
+			const char *found = d[i].both_directory_info.name.s;
+			NTTIME ct = d[i].both_directory_info.create_time;
+
+			if (!strcmp(found, ".") || !strcmp(found, ".."))
+				continue;
+
+			expected = false;
+			for (j = 0; j < NFILES; j++) {
+				if (strcmp(files[j].name, found) != 0) {
+					continue;
+				}
+
+				torture_assert_u64_equal_goto(tctx,
+							files[j].create_time,
+							ct, ret, done,
+							talloc_asprintf(tctx,
+							"file[%d]\n", j));
+
+				files[j].found = true;
+				expected = true;
+				break;
+			}
+
+			if (expected)
+				continue;
+
+			torture_result(tctx, TORTURE_FAIL,
+			    "(%s): didn't expect %s\n",
+			    __location__, found);
+			ret = false;
+			goto done;
+		}
+
+		file_count = file_count + i;
+		f.in.continue_flags = 0;
+		f.in.max_response_size	= 4096;
+	} while (count != 0);
+
+	torture_assert_int_equal_goto(tctx, file_count, NFILES + 2, ret, done,
+				      "");
+
+	for (i = 0; i < NFILES; i++) {
+		if (files[j].found)
+			continue;
+
+		torture_result(tctx, TORTURE_FAIL,
+		    "(%s): expected to find %s, but didn't\n",
+		    __location__, files[j].name);
+		ret = false;
+		goto done;
+	}
+
+ done:
+	smb2_deltree(tree, DNAME);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/*
+  test fixed enumeration
+*/
+
+static bool test_fixed(struct torture_context *tctx,
+		       struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create create;
+	struct smb2_handle h = {{0}};
+	struct smb2_handle h2 = {{0}};
+	struct smb2_find f;
+	union smb_search_data *d;
+	struct file_elem files[NFILES] = {};
+	NTSTATUS status;
+	bool ret = true;
+	unsigned int count;
+	int i;
+
+	status = populate_tree(tctx, mem_ctx, tree, files, NFILES, &h);
+
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_RIGHTS_DIR_ALL;
+	create.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	create.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				 NTCREATEX_SHARE_ACCESS_WRITE |
+				 NTCREATEX_SHARE_ACCESS_DELETE;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.fname = DNAME;
+
+	status = smb2_create(tree, mem_ctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "");
+	h2 = create.out.file.handle;
+
+	ZERO_STRUCT(f);
+	f.in.file.handle	= h;
+	f.in.pattern		= "*";
+	f.in.continue_flags	= SMB2_CONTINUE_FLAG_SINGLE;
+	f.in.max_response_size	= 0x100;
+	f.in.level              = SMB2_FIND_BOTH_DIRECTORY_INFO;
+
+	/* Start enumeration on h, then delete all from h2 */
+	status = smb2_find_level(tree, tree, &f, &count, &d);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "");
+
+	f.in.file.handle	= h2;
+
+	do {
+		status = smb2_find_level(tree, tree, &f, &count, &d);
+		if (NT_STATUS_EQUAL(status, STATUS_NO_MORE_FILES))
+			break;
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "");
+
+		for (i = 0; i < count; i++) {
+			const char *found = d[i].both_directory_info.name.s;
+			char *path = talloc_asprintf(mem_ctx, "%s\\%s",
+			    DNAME, found);
+
+			if (!strcmp(found, ".") || !strcmp(found, ".."))
+				continue;
+
+			status = smb2_util_unlink(tree, path);
+			torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+							"");
+
+			talloc_free(path);
+		}
+
+		f.in.continue_flags = 0;
+		f.in.max_response_size	= 4096;
+	} while (count != 0);
+
+	/* Now finish h enumeration. */
+	f.in.file.handle = h;
+
+	do {
+		status = smb2_find_level(tree, tree, &f, &count, &d);
+		if (NT_STATUS_EQUAL(status, STATUS_NO_MORE_FILES))
+			break;
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "");
+
+		for (i = 0; i < count; i++) {
+			const char *found = d[i].both_directory_info.name.s;
+
+			if (!strcmp(found, ".") || !strcmp(found, ".."))
+				continue;
+
+			torture_result(tctx, TORTURE_FAIL,
+				       "(%s): didn't expect %s (count=%u)\n",
+				       __location__, found, count);
+			ret = false;
+			goto done;
+		}
+
+		f.in.continue_flags = 0;
+		f.in.max_response_size	= 4096;
+	} while (count != 0);
+
+ done:
+	smb2_util_close(tree, h);
+	smb2_util_close(tree, h2);
+	smb2_deltree(tree, DNAME);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+static struct {
+	const char *name;
+	uint8_t level;
+	enum smb_search_data_level data_level;
+	int name_offset;
+	int resume_key_offset;
+	uint32_t capability_mask;
+	NTSTATUS status;
+	union smb_search_data data;
+} levels[] = {
+	{
+		.name              = "SMB2_FIND_DIRECTORY_INFO",
+		.level             = SMB2_FIND_DIRECTORY_INFO,
+		.data_level        = RAW_SEARCH_DATA_DIRECTORY_INFO,
+		.name_offset       = offsetof(union smb_search_data,
+					      directory_info.name.s),
+		.resume_key_offset = offsetof(union smb_search_data,
+					      directory_info.file_index),
+	},
+	{
+		.name              = "SMB2_FIND_FULL_DIRECTORY_INFO",
+		.level             = SMB2_FIND_FULL_DIRECTORY_INFO,
+		.data_level        = RAW_SEARCH_DATA_FULL_DIRECTORY_INFO,
+		.name_offset       = offsetof(union smb_search_data,
+					      full_directory_info.name.s),
+		.resume_key_offset = offsetof(union smb_search_data,
+					      full_directory_info.file_index),
+	},
+	{
+		.name              = "SMB2_FIND_NAME_INFO",
+		.level             = SMB2_FIND_NAME_INFO,
+		.data_level        = RAW_SEARCH_DATA_NAME_INFO,
+		.name_offset       = offsetof(union smb_search_data,
+					      name_info.name.s),
+		.resume_key_offset = offsetof(union smb_search_data,
+					      name_info.file_index),
+	},
+	{
+		.name              = "SMB2_FIND_BOTH_DIRECTORY_INFO",
+		.level             = SMB2_FIND_BOTH_DIRECTORY_INFO,
+		.data_level        = RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO,
+		.name_offset       = offsetof(union smb_search_data,
+					      both_directory_info.name.s),
+		.resume_key_offset = offsetof(union smb_search_data,
+					      both_directory_info.file_index),
+	},
+	{
+		.name              = "SMB2_FIND_ID_FULL_DIRECTORY_INFO",
+		.level             = SMB2_FIND_ID_FULL_DIRECTORY_INFO,
+		.data_level        = RAW_SEARCH_DATA_ID_FULL_DIRECTORY_INFO,
+		.name_offset       = offsetof(union smb_search_data,
+					      id_full_directory_info.name.s),
+		.resume_key_offset = offsetof(union smb_search_data,
+				              id_full_directory_info.file_index),
+	},
+	{
+		.name              = "SMB2_FIND_ID_BOTH_DIRECTORY_INFO",
+		.level             = SMB2_FIND_ID_BOTH_DIRECTORY_INFO,
+		.data_level        = RAW_SEARCH_DATA_ID_BOTH_DIRECTORY_INFO,
+		.name_offset       = offsetof(union smb_search_data,
+					      id_both_directory_info.name.s),
+		.resume_key_offset = offsetof(union smb_search_data,
+					      id_both_directory_info.file_index),
+	}
+};
+
+/*
+  extract the name from a smb_data structure and level
+*/
+static const char *extract_name(union smb_search_data *data,
+				uint8_t level,
+				enum smb_search_data_level data_level)
+{
+	int i;
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		if (level == levels[i].level &&
+		    data_level == levels[i].data_level) {
+			return *(const char **)(levels[i].name_offset + (char *)data);
+		}
+	}
+	return NULL;
+}
+
+/* find a level in the table by name */
+static union smb_search_data *find(const char *name)
+{
+	int i;
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		if (NT_STATUS_IS_OK(levels[i].status) &&
+		    strcmp(levels[i].name, name) == 0) {
+			return &levels[i].data;
+		}
+	}
+	return NULL;
+}
+
+static bool fill_level_data(TALLOC_CTX *mem_ctx,
+			    union smb_search_data *data,
+			    union smb_search_data *d,
+			    unsigned int count,
+			    uint8_t level,
+			    enum smb_search_data_level data_level)
+{
+	int i;
+	const char *sname = NULL;
+	for (i=0; i < count ; i++) {
+		sname = extract_name(&d[i], level, data_level);
+		if (sname == NULL)
+			return false;
+		if (!strcmp(sname, ".") || !strcmp(sname, ".."))
+			continue;
+		*data = d[i];
+	}
+	return true;
+}
+
+
+NTSTATUS torture_single_file_search(struct smb2_tree *tree,
+				    TALLOC_CTX *mem_ctx,
+				    const char *pattern,
+				    uint8_t level,
+				    enum smb_search_data_level data_level,
+				    int idx,
+				    union smb_search_data *d,
+				    unsigned int *count,
+				    struct smb2_handle *h)
+{
+	struct smb2_find f;
+	NTSTATUS status;
+
+	ZERO_STRUCT(f);
+	f.in.file.handle        = *h;
+	f.in.pattern            = pattern;
+	f.in.continue_flags     = SMB2_CONTINUE_FLAG_RESTART;
+	f.in.max_response_size  = 0x100;
+	f.in.level              = level;
+
+	status = smb2_find_level(tree, tree, &f, count, &d);
+	if (NT_STATUS_IS_OK(status))
+		fill_level_data(mem_ctx, &levels[idx].data, d, *count, level,
+				data_level);
+	return status;
+}
+
+/*
+   basic testing of all File Information Classes using a single file
+*/
+static bool test_one_file(struct torture_context *tctx,
+			  struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	bool ret = true;
+	const char *fname =  "torture_search.txt";
+	NTSTATUS status;
+	int i;
+	unsigned int count;
+	union smb_fileinfo all_info2, alt_info, internal_info;
+	union smb_search_data *s;
+	union smb_search_data d;
+	struct smb2_handle h, h2;
+
+	status = torture_smb2_testdir(tree, DNAME, &h);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "");
+
+	status = smb2_create_complex_file(tctx, tree, DNAME "\\torture_search.txt",
+					  &h2);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "");
+
+	/* call all the File Information Classes */
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		torture_comment(tctx, "Testing %s %d\n", levels[i].name,
+				levels[i].level);
+
+		levels[i].status = torture_single_file_search(tree, mem_ctx,
+				   fname, levels[i].level, levels[i].data_level,
+				   i, &d, &count, &h);
+		torture_assert_ntstatus_ok_goto(tctx, levels[i].status, ret,
+						done, "");
+	}
+
+	/* get the all_info file into to check against */
+	all_info2.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+	all_info2.generic.in.file.handle = h2;
+	status = smb2_getinfo_file(tree, tctx, &all_info2);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"RAW_FILEINFO_ALL_INFO failed");
+
+	alt_info.generic.level = RAW_FILEINFO_ALT_NAME_INFORMATION;
+	alt_info.generic.in.file.handle = h2;
+	status = smb2_getinfo_file(tree, tctx, &alt_info);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"RAW_FILEINFO_ALT_NAME_INFO failed");
+
+	internal_info.generic.level = RAW_FILEINFO_INTERNAL_INFORMATION;
+	internal_info.generic.in.file.handle = h2;
+	status = smb2_getinfo_file(tree, tctx, &internal_info);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"RAW_FILEINFO_INTERNAL_INFORMATION "
+				        "failed");
+
+#define CHECK_VAL(name, sname1, field1, v, sname2, field2) do { \
+	s = find(name); \
+	if (s) { \
+		if ((s->sname1.field1) != (v.sname2.out.field2)) { \
+			torture_result(tctx, TORTURE_FAIL, \
+			    "(%s) %s/%s [0x%x] != %s/%s [0x%x]\n", \
+			    __location__, \
+			    #sname1, #field1, (int)s->sname1.field1, \
+			    #sname2, #field2, (int)v.sname2.out.field2); \
+			ret = false; \
+		} \
+	}} while (0)
+
+#define CHECK_TIME(name, sname1, field1, v, sname2, field2) do { \
+	s = find(name); \
+	if (s) { \
+		if (s->sname1.field1 != \
+		    (~1 & nt_time_to_unix(v.sname2.out.field2))) { \
+			torture_result(tctx, TORTURE_FAIL, \
+			    "(%s) %s/%s [%s] != %s/%s [%s]\n", \
+			    __location__, \
+			    #sname1, #field1, \
+			    timestring(tctx, s->sname1.field1), \
+			    #sname2, #field2, \
+			    nt_time_string(tctx, v.sname2.out.field2)); \
+			ret = false; \
+		} \
+	}} while (0)
+
+#define CHECK_NTTIME(name, sname1, field1, v, sname2, field2) do { \
+	s = find(name); \
+	if (s) { \
+		if (s->sname1.field1 != v.sname2.out.field2) { \
+			torture_result(tctx, TORTURE_FAIL, \
+			    "(%s) %s/%s [%s] != %s/%s [%s]\n", \
+			    __location__, \
+			    #sname1, #field1, \
+			    nt_time_string(tctx, s->sname1.field1), \
+			    #sname2, #field2, \
+			    nt_time_string(tctx, v.sname2.out.field2)); \
+			ret = false; \
+		} \
+	}} while (0)
+
+#define CHECK_STR(name, sname1, field1, v, sname2, field2) do { \
+	s = find(name); \
+	if (s) { \
+		if (!s->sname1.field1 || \
+		    strcmp(s->sname1.field1, v.sname2.out.field2.s)) { \
+			torture_result(tctx, TORTURE_FAIL, \
+			    "(%s) %s/%s [%s] != %s/%s [%s]\n", \
+			    __location__, \
+			    #sname1, #field1, s->sname1.field1, \
+			    #sname2, #field2, v.sname2.out.field2.s); \
+			ret = false; \
+		} \
+	}} while (0)
+
+#define CHECK_WSTR(name, sname1, field1, v, sname2, field2, flags) do { \
+	s = find(name); \
+	if (s) { \
+		if (!s->sname1.field1.s || \
+		    strcmp(s->sname1.field1.s, v.sname2.out.field2.s)) { \
+			torture_result(tctx, TORTURE_FAIL, \
+			    "(%s) %s/%s [%s] != %s/%s [%s]\n", \
+			    __location__, \
+			    #sname1, #field1, s->sname1.field1.s, \
+			    #sname2, #field2, v.sname2.out.field2.s); \
+			ret = false; \
+		} \
+	}} while (0)
+
+#define CHECK_NAME(name, sname1, field1, fname, flags) do { \
+	s = find(name); \
+	if (s) { \
+		if (!s->sname1.field1.s || \
+		    strcmp(s->sname1.field1.s, fname)) { \
+			torture_result(tctx, TORTURE_FAIL, \
+			    "(%s) %s/%s [%s] != %s\n", \
+			    __location__, \
+			    #sname1, #field1, s->sname1.field1.s, fname); \
+			ret = false; \
+		} \
+	}} while (0)
+
+#define CHECK_UNIX_NAME(name, sname1, field1, fname, flags) do { \
+	s = find(name); \
+	if (s) { \
+		if (!s->sname1.field1 || \
+		    strcmp(s->sname1.field1, fname)) { \
+			torture_result(tctx, TORTURE_FAIL, \
+			   "(%s) %s/%s [%s] != %s\n", \
+			    __location__, \
+			    #sname1, #field1, s->sname1.field1, fname); \
+			ret = false; \
+		} \
+	}} while (0)
+
+	/* check that all the results are as expected */
+	CHECK_VAL("SMB2_FIND_DIRECTORY_INFO",            directory_info,         attrib, all_info2, all_info2, attrib);
+	CHECK_VAL("SMB2_FIND_FULL_DIRECTORY_INFO",       full_directory_info,    attrib, all_info2, all_info2, attrib);
+	CHECK_VAL("SMB2_FIND_BOTH_DIRECTORY_INFO",       both_directory_info,    attrib, all_info2, all_info2, attrib);
+	CHECK_VAL("SMB2_FIND_ID_FULL_DIRECTORY_INFO",    id_full_directory_info, attrib, all_info2, all_info2, attrib);
+	CHECK_VAL("SMB2_FIND_ID_BOTH_DIRECTORY_INFO",    id_both_directory_info, attrib, all_info2, all_info2, attrib);
+
+	CHECK_NTTIME("SMB2_FIND_DIRECTORY_INFO",         directory_info,         write_time, all_info2, all_info2, write_time);
+	CHECK_NTTIME("SMB2_FIND_FULL_DIRECTORY_INFO",    full_directory_info,    write_time, all_info2, all_info2, write_time);
+	CHECK_NTTIME("SMB2_FIND_BOTH_DIRECTORY_INFO",    both_directory_info,    write_time, all_info2, all_info2, write_time);
+	CHECK_NTTIME("SMB2_FIND_ID_FULL_DIRECTORY_INFO", id_full_directory_info, write_time, all_info2, all_info2, write_time);
+	CHECK_NTTIME("SMB2_FIND_ID_BOTH_DIRECTORY_INFO", id_both_directory_info, write_time, all_info2, all_info2, write_time);
+
+	CHECK_NTTIME("SMB2_FIND_DIRECTORY_INFO",         directory_info,         create_time, all_info2, all_info2, create_time);
+	CHECK_NTTIME("SMB2_FIND_FULL_DIRECTORY_INFO",    full_directory_info,    create_time, all_info2, all_info2, create_time);
+	CHECK_NTTIME("SMB2_FIND_BOTH_DIRECTORY_INFO",    both_directory_info,    create_time, all_info2, all_info2, create_time);
+	CHECK_NTTIME("SMB2_FIND_ID_FULL_DIRECTORY_INFO", id_full_directory_info, create_time, all_info2, all_info2, create_time);
+	CHECK_NTTIME("SMB2_FIND_ID_BOTH_DIRECTORY_INFO", id_both_directory_info, create_time, all_info2, all_info2, create_time);
+
+	CHECK_NTTIME("SMB2_FIND_DIRECTORY_INFO",         directory_info,         access_time, all_info2, all_info2, access_time);
+	CHECK_NTTIME("SMB2_FIND_FULL_DIRECTORY_INFO",    full_directory_info,    access_time, all_info2, all_info2, access_time);
+	CHECK_NTTIME("SMB2_FIND_BOTH_DIRECTORY_INFO",    both_directory_info,    access_time, all_info2, all_info2, access_time);
+	CHECK_NTTIME("SMB2_FIND_ID_FULL_DIRECTORY_INFO", id_full_directory_info, access_time, all_info2, all_info2, access_time);
+	CHECK_NTTIME("SMB2_FIND_ID_BOTH_DIRECTORY_INFO", id_both_directory_info, access_time, all_info2, all_info2, access_time);
+
+	CHECK_NTTIME("SMB2_FIND_DIRECTORY_INFO",         directory_info,         change_time, all_info2, all_info2, change_time);
+	CHECK_NTTIME("SMB2_FIND_FULL_DIRECTORY_INFO",    full_directory_info,    change_time, all_info2, all_info2, change_time);
+	CHECK_NTTIME("SMB2_FIND_BOTH_DIRECTORY_INFO",    both_directory_info,    change_time, all_info2, all_info2, change_time);
+	CHECK_NTTIME("SMB2_FIND_ID_FULL_DIRECTORY_INFO", id_full_directory_info, change_time, all_info2, all_info2, change_time);
+	CHECK_NTTIME("SMB2_FIND_ID_BOTH_DIRECTORY_INFO", id_both_directory_info, change_time, all_info2, all_info2, change_time);
+
+	CHECK_VAL("SMB2_FIND_DIRECTORY_INFO",            directory_info,         size, all_info2, all_info2, size);
+	CHECK_VAL("SMB2_FIND_FULL_DIRECTORY_INFO",       full_directory_info,    size, all_info2, all_info2, size);
+	CHECK_VAL("SMB2_FIND_BOTH_DIRECTORY_INFO",       both_directory_info,    size, all_info2, all_info2, size);
+	CHECK_VAL("SMB2_FIND_ID_FULL_DIRECTORY_INFO",    id_full_directory_info, size, all_info2, all_info2, size);
+	CHECK_VAL("SMB2_FIND_ID_BOTH_DIRECTORY_INFO",    id_both_directory_info, size, all_info2, all_info2, size);
+
+	CHECK_VAL("SMB2_FIND_DIRECTORY_INFO",            directory_info,         alloc_size, all_info2, all_info2, alloc_size);
+	CHECK_VAL("SMB2_FIND_FULL_DIRECTORY_INFO",       full_directory_info,    alloc_size, all_info2, all_info2, alloc_size);
+	CHECK_VAL("SMB2_FIND_BOTH_DIRECTORY_INFO",       both_directory_info,    alloc_size, all_info2, all_info2, alloc_size);
+	CHECK_VAL("SMB2_FIND_ID_FULL_DIRECTORY_INFO",    id_full_directory_info, alloc_size, all_info2, all_info2, alloc_size);
+	CHECK_VAL("SMB2_FIND_ID_BOTH_DIRECTORY_INFO",    id_both_directory_info, alloc_size, all_info2, all_info2, alloc_size);
+
+	CHECK_VAL("SMB2_FIND_FULL_DIRECTORY_INFO",       full_directory_info,    ea_size, all_info2, all_info2, ea_size);
+	CHECK_VAL("SMB2_FIND_BOTH_DIRECTORY_INFO",       both_directory_info,    ea_size, all_info2, all_info2, ea_size);
+	CHECK_VAL("SMB2_FIND_ID_FULL_DIRECTORY_INFO",    id_full_directory_info, ea_size, all_info2, all_info2, ea_size);
+	CHECK_VAL("SMB2_FIND_ID_BOTH_DIRECTORY_INFO",    id_both_directory_info, ea_size, all_info2, all_info2, ea_size);
+
+	CHECK_NAME("SMB2_FIND_DIRECTORY_INFO",           directory_info,         name, fname, STR_TERMINATE_ASCII);
+	CHECK_NAME("SMB2_FIND_FULL_DIRECTORY_INFO",      full_directory_info,    name, fname, STR_TERMINATE_ASCII);
+	CHECK_NAME("SMB2_FIND_NAME_INFO",                name_info,              name, fname, STR_TERMINATE_ASCII);
+	CHECK_NAME("SMB2_FIND_BOTH_DIRECTORY_INFO",      both_directory_info,    name, fname, STR_TERMINATE_ASCII);
+	CHECK_NAME("SMB2_FIND_ID_FULL_DIRECTORY_INFO",   id_full_directory_info, name, fname, STR_TERMINATE_ASCII);
+	CHECK_NAME("SMB2_FIND_ID_BOTH_DIRECTORY_INFO",   id_both_directory_info, name, fname, STR_TERMINATE_ASCII);
+
+	CHECK_WSTR("SMB2_FIND_BOTH_DIRECTORY_INFO",      both_directory_info,    short_name, alt_info, alt_name_info, fname, STR_UNICODE);
+
+	CHECK_VAL("SMB2_FIND_ID_FULL_DIRECTORY_INFO",    id_full_directory_info, file_id, internal_info, internal_information, file_id);
+	CHECK_VAL("SMB2_FIND_ID_BOTH_DIRECTORY_INFO",    id_both_directory_info, file_id, internal_info, internal_information, file_id);
+
+done:
+	smb2_util_close(tree, h);
+	smb2_util_unlink(tree, fname);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+
+struct multiple_result {
+	TALLOC_CTX *tctx;
+	int count;
+	union smb_search_data *list;
+};
+
+bool fill_result(void *private_data,
+		 union smb_search_data *file,
+		 int count,
+		 uint8_t level,
+		 enum smb_search_data_level data_level)
+{
+	int i;
+	const char *sname;
+	struct multiple_result *data = (struct multiple_result *)private_data;
+
+	for (i=0; i<count; i++) {
+		sname = extract_name(&file[i], level, data_level);
+		if (!strcmp(sname, ".") || !(strcmp(sname, "..")))
+			continue;
+		data->count++;
+		data->list = talloc_realloc(data->tctx,
+					    data->list,
+					    union smb_search_data,
+					    data->count);
+		data->list[data->count-1] = file[i];
+	}
+	return true;
+}
+
+enum continue_type {CONT_SINGLE, CONT_INDEX, CONT_RESTART, CONT_REOPEN};
+
+static NTSTATUS multiple_smb2_search(struct smb2_tree *tree,
+				     TALLOC_CTX *tctx,
+				     const char *pattern,
+				     uint8_t level,
+				     enum smb_search_data_level data_level,
+				     enum continue_type cont_type,
+				     void *data,
+				     struct smb2_handle *h)
+{
+	struct smb2_find f;
+	bool ret = true;
+	unsigned int count = 0;
+	union smb_search_data *d;
+	NTSTATUS status;
+	struct multiple_result *result = (struct multiple_result *)data;
+
+	ZERO_STRUCT(f);
+	f.in.file.handle        = *h;
+	f.in.pattern            = pattern;
+	f.in.max_response_size  = 1024*1024;
+	f.in.level              = level;
+
+	/* The search should start from the beginning every time */
+	f.in.continue_flags = SMB2_CONTINUE_FLAG_RESTART;
+	if (cont_type == CONT_REOPEN) {
+		f.in.continue_flags = SMB2_CONTINUE_FLAG_REOPEN;
+	}
+
+	do {
+		status = smb2_find_level(tree, tree, &f, &count, &d);
+		if (NT_STATUS_EQUAL(status, STATUS_NO_MORE_FILES))
+			break;
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "");
+		if (!fill_result(result, d, count, level, data_level)) {
+			return NT_STATUS_UNSUCCESSFUL;
+		}
+
+		if (count == 0 || result == NULL || result->count == 0) {
+			return NT_STATUS_UNSUCCESSFUL;
+		}
+
+		/*
+		 * After the first iteration is complete set the CONTINUE
+		 * FLAGS appropriately
+		 */
+		switch (cont_type) {
+			case CONT_INDEX:
+				f.in.continue_flags = SMB2_CONTINUE_FLAG_INDEX;
+				switch (data_level) {
+					case RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO:
+						f.in.file_index =
+							result->list[result->count-1].both_directory_info.file_index;
+						break;
+					case RAW_SEARCH_DATA_DIRECTORY_INFO:
+						f.in.file_index =
+							result->list[result->count-1].directory_info.file_index;
+						break;
+					case RAW_SEARCH_DATA_FULL_DIRECTORY_INFO:
+						f.in.file_index =
+							result->list[result->count-1].full_directory_info.file_index;
+						break;
+					case RAW_SEARCH_DATA_ID_FULL_DIRECTORY_INFO:
+						f.in.file_index =
+							result->list[result->count-1].id_full_directory_info.file_index;
+						break;
+					case RAW_SEARCH_DATA_ID_BOTH_DIRECTORY_INFO:
+						f.in.file_index =
+							result->list[result->count-1].id_both_directory_info.file_index;
+						break;
+					default:
+						return NT_STATUS_INVALID_PARAMETER;
+				}
+				break;
+			case CONT_SINGLE:
+				f.in.continue_flags = SMB2_CONTINUE_FLAG_SINGLE;
+				break;
+			case CONT_RESTART:
+			default:
+				/* we should prevent staying in the loop
+				 * forever */
+				f.in.continue_flags = 0;
+				break;
+		}
+	} while (count != 0);
+done:
+	if (!ret) {
+		return status;
+	}
+	return status;
+}
+
+
+static enum smb_search_data_level compare_data_level;
+uint8_t level_sort;
+
+static int search_compare(union smb_search_data *d1,
+			  union smb_search_data *d2)
+{
+	const char *s1, *s2;
+
+	s1 = extract_name(d1, level_sort, compare_data_level);
+	s2 = extract_name(d2, level_sort, compare_data_level);
+	return strcmp_safe(s1, s2);
+}
+
+/*
+   basic testing of search calls using many files
+*/
+static bool test_many_files(struct torture_context *tctx,
+			    struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	const int num_files = 700;
+	int i, t;
+	char *fname;
+	bool ret = true;
+	NTSTATUS status;
+	struct multiple_result result;
+	struct smb2_create create;
+	struct smb2_handle h;
+	struct {
+		const char *name;
+		const char *cont_name;
+		uint8_t level;
+		enum smb_search_data_level data_level;
+		enum continue_type cont_type;
+	} search_types[] = {
+		{"SMB2_FIND_BOTH_DIRECTORY_INFO",    "SINGLE",  SMB2_FIND_BOTH_DIRECTORY_INFO,    RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO,    CONT_SINGLE},
+		{"SMB2_FIND_BOTH_DIRECTORY_INFO",    "INDEX",   SMB2_FIND_BOTH_DIRECTORY_INFO,    RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO,    CONT_INDEX},
+		{"SMB2_FIND_BOTH_DIRECTORY_INFO",    "RESTART", SMB2_FIND_BOTH_DIRECTORY_INFO,    RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO,    CONT_RESTART},
+		{"SMB2_FIND_BOTH_DIRECTORY_INFO",    "REOPEN",  SMB2_FIND_BOTH_DIRECTORY_INFO,    RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO,    CONT_REOPEN},
+		{"SMB2_FIND_DIRECTORY_INFO",         "SINGLE",  SMB2_FIND_DIRECTORY_INFO,         RAW_SEARCH_DATA_DIRECTORY_INFO,         CONT_SINGLE},
+		{"SMB2_FIND_DIRECTORY_INFO",         "INDEX",   SMB2_FIND_DIRECTORY_INFO,         RAW_SEARCH_DATA_DIRECTORY_INFO,         CONT_INDEX},
+		{"SMB2_FIND_DIRECTORY_INFO",         "RESTART", SMB2_FIND_DIRECTORY_INFO,         RAW_SEARCH_DATA_DIRECTORY_INFO,         CONT_RESTART},
+		{"SMB2_FIND_DIRECTORY_INFO",         "REOPEN",  SMB2_FIND_DIRECTORY_INFO,         RAW_SEARCH_DATA_DIRECTORY_INFO,         CONT_REOPEN},
+		{"SMB2_FIND_FULL_DIRECTORY_INFO",    "SINGLE",  SMB2_FIND_FULL_DIRECTORY_INFO,    RAW_SEARCH_DATA_FULL_DIRECTORY_INFO,    CONT_SINGLE},
+		{"SMB2_FIND_FULL_DIRECTORY_INFO",    "INDEX",   SMB2_FIND_FULL_DIRECTORY_INFO,    RAW_SEARCH_DATA_FULL_DIRECTORY_INFO,    CONT_INDEX},
+		{"SMB2_FIND_FULL_DIRECTORY_INFO",    "RESTART", SMB2_FIND_FULL_DIRECTORY_INFO,    RAW_SEARCH_DATA_FULL_DIRECTORY_INFO,    CONT_RESTART},
+		{"SMB2_FIND_FULL_DIRECTORY_INFO",    "REOPEN",  SMB2_FIND_FULL_DIRECTORY_INFO,    RAW_SEARCH_DATA_FULL_DIRECTORY_INFO,    CONT_REOPEN},
+		{"SMB2_FIND_ID_FULL_DIRECTORY_INFO", "SINGLE",  SMB2_FIND_ID_FULL_DIRECTORY_INFO, RAW_SEARCH_DATA_ID_FULL_DIRECTORY_INFO, CONT_SINGLE},
+		{"SMB2_FIND_ID_FULL_DIRECTORY_INFO", "INDEX",   SMB2_FIND_ID_FULL_DIRECTORY_INFO, RAW_SEARCH_DATA_ID_FULL_DIRECTORY_INFO, CONT_INDEX},
+		{"SMB2_FIND_ID_FULL_DIRECTORY_INFO", "RESTART", SMB2_FIND_ID_FULL_DIRECTORY_INFO, RAW_SEARCH_DATA_ID_FULL_DIRECTORY_INFO, CONT_RESTART},
+		{"SMB2_FIND_ID_FULL_DIRECTORY_INFO", "REOPEN",  SMB2_FIND_ID_FULL_DIRECTORY_INFO, RAW_SEARCH_DATA_ID_FULL_DIRECTORY_INFO, CONT_REOPEN},
+		{"SMB2_FIND_ID_BOTH_DIRECTORY_INFO", "SINGLE",  SMB2_FIND_ID_BOTH_DIRECTORY_INFO, RAW_SEARCH_DATA_ID_BOTH_DIRECTORY_INFO, CONT_SINGLE},
+		{"SMB2_FIND_ID_BOTH_DIRECTORY_INFO", "INDEX",   SMB2_FIND_ID_BOTH_DIRECTORY_INFO, RAW_SEARCH_DATA_ID_BOTH_DIRECTORY_INFO, CONT_INDEX},
+		{"SMB2_FIND_ID_BOTH_DIRECTORY_INFO", "RESTART", SMB2_FIND_ID_BOTH_DIRECTORY_INFO, RAW_SEARCH_DATA_ID_BOTH_DIRECTORY_INFO, CONT_RESTART},
+		{"SMB2_FIND_ID_BOTH_DIRECTORY_INFO", "REOPEN",  SMB2_FIND_ID_BOTH_DIRECTORY_INFO, RAW_SEARCH_DATA_ID_BOTH_DIRECTORY_INFO, CONT_REOPEN},
+	};
+
+	smb2_deltree(tree, DNAME);
+	status = torture_smb2_testdir(tree, DNAME, &h);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "");
+
+	torture_comment(tctx, "Testing with %d files\n", num_files);
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.create_disposition = NTCREATEX_DISP_CREATE;
+
+	for (i=num_files-1;i>=0;i--) {
+		fname = talloc_asprintf(mem_ctx, DNAME "\\t%03d-%d.txt", i, i);
+		create.in.fname = talloc_asprintf(mem_ctx, "%s", fname);
+		status = smb2_create(tree, mem_ctx, &create);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "");
+		smb2_util_close(tree, create.out.file.handle);
+		talloc_free(fname);
+	}
+
+	for (t=0;t<ARRAY_SIZE(search_types);t++) {
+		ZERO_STRUCT(result);
+		result.tctx = talloc_new(tctx);
+
+		torture_comment(tctx,
+				"Continue %s via %s\n", search_types[t].name,
+				search_types[t].cont_name);
+		status = multiple_smb2_search(tree, tctx, "*",
+					      search_types[t].level,
+					      search_types[t].data_level,
+					      search_types[t].cont_type,
+					      &result, &h);
+
+		torture_assert_int_equal_goto(tctx, result.count, num_files,
+					      ret, done, "");
+
+		compare_data_level = search_types[t].data_level;
+		level_sort = search_types[t].level;
+
+		TYPESAFE_QSORT(result.list, result.count, search_compare);
+
+		for (i=0;i<result.count;i++) {
+			const char *s;
+			s = extract_name(&result.list[i],
+					 search_types[t].level,
+					 compare_data_level);
+			fname = talloc_asprintf(mem_ctx, "t%03d-%d.txt", i, i);
+			torture_assert_str_equal_goto(tctx, s, fname, ret,
+						      done, "Incorrect name");
+			talloc_free(fname);
+		}
+		talloc_free(result.tctx);
+	}
+
+done:
+	smb2_util_close(tree, h);
+	smb2_deltree(tree, DNAME);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/*
+  check an individual file result
+*/
+static bool check_result(struct torture_context *tctx,
+			 struct multiple_result *result,
+			 const char *name,
+			 bool exist,
+			 uint32_t attrib)
+{
+	int i;
+	for (i=0;i<result->count;i++) {
+		if (strcmp(name,
+			   result->list[i].both_directory_info.name.s) == 0) {
+			break;
+		}
+	}
+	if (i == result->count) {
+		if (exist) {
+			torture_result(tctx, TORTURE_FAIL,
+			    "failed: '%s' should exist with attribute %s\n",
+			    name, attrib_string(result->list, attrib));
+			return false;
+		}
+		return true;
+	}
+
+	if (!exist) {
+		torture_result(tctx, TORTURE_FAIL,
+		    "failed: '%s' should NOT exist (has attribute %s)\n",
+		    name, attrib_string(result->list,
+		    result->list[i].both_directory_info.attrib));
+		return false;
+	}
+
+	if ((result->list[i].both_directory_info.attrib&0xFFF) != attrib) {
+		torture_result(tctx, TORTURE_FAIL,
+		    "failed: '%s' should have attribute 0x%x (has 0x%x)\n",
+		    name, attrib, result->list[i].both_directory_info.attrib);
+		return false;
+	}
+	return true;
+}
+
+/*
+   test what happens when the directory is modified during a search
+*/
+static bool test_modify_search(struct torture_context *tctx,
+			       struct smb2_tree *tree)
+{
+	struct multiple_result result;
+	union smb_setfileinfo sfinfo;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create create;
+	struct smb2_handle h;
+	struct smb2_find f;
+	union smb_search_data *d;
+	struct file_elem files[703] = {};
+	int num_files = ARRAY_SIZE(files)-3;
+	NTSTATUS status;
+	bool ret = true;
+	int i;
+	unsigned int count;
+
+	smb2_deltree(tree, DNAME);
+
+	status = torture_smb2_testdir(tree, DNAME, &h);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "");
+
+	torture_comment(tctx, "Creating %d files\n", num_files);
+
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.create_disposition = NTCREATEX_DISP_CREATE;
+
+	for (i = num_files-1; i >= 0; i--) {
+		files[i].name = talloc_asprintf(mem_ctx, "t%03d-%d.txt", i, i);
+		create.in.fname = talloc_asprintf(mem_ctx, "%s\\%s",
+						  DNAME, files[i].name);
+		status = smb2_create(tree, mem_ctx, &create);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "");
+		smb2_util_close(tree, create.out.file.handle);
+	}
+
+	torture_comment(tctx, "pulling the first two files\n");
+	ZERO_STRUCT(result);
+	result.tctx = talloc_new(tctx);
+
+	ZERO_STRUCT(f);
+	f.in.file.handle        = h;
+	f.in.pattern            = "*";
+	f.in.continue_flags     = SMB2_CONTINUE_FLAG_SINGLE;
+	f.in.max_response_size  = 0x100;
+	f.in.level              = SMB2_FIND_BOTH_DIRECTORY_INFO;
+
+	do {
+		status = smb2_find_level(tree, tree, &f, &count, &d);
+		if (NT_STATUS_EQUAL(status, STATUS_NO_MORE_FILES))
+			break;
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "");
+		if (!fill_result(&result, d, count, f.in.level,
+				 RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO)) {
+			ret = false;
+			goto done;
+		}
+	} while (result.count < 2);
+
+	torture_comment(tctx, "Changing attributes and deleting\n");
+
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.create_disposition = NTCREATEX_DISP_CREATE;
+
+	files[num_files].name = talloc_asprintf(mem_ctx, "T003-03.txt.2");
+	create.in.fname = talloc_asprintf(mem_ctx, "%s\\%s", DNAME,
+					  files[num_files].name);
+	status = smb2_create(tree, mem_ctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "");
+	smb2_util_close(tree, create.out.file.handle);
+
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.create_disposition = NTCREATEX_DISP_CREATE;
+
+	files[num_files + 1].name = talloc_asprintf(mem_ctx, "T013-13.txt.2");
+	create.in.fname = talloc_asprintf(mem_ctx, "%s\\%s", DNAME,
+					  files[num_files + 1].name);
+	status = smb2_create(tree, mem_ctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "");
+	smb2_util_close(tree, create.out.file.handle);
+
+	files[num_files + 2].name = talloc_asprintf(mem_ctx, "T013-13.txt.3");
+	status = smb2_create_complex_file(tctx, tree, DNAME "\\T013-13.txt.3", &h);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "");
+
+	smb2_util_unlink(tree, DNAME "\\T014-14.txt");
+	smb2_util_setatr(tree, DNAME "\\T015-15.txt", FILE_ATTRIBUTE_HIDDEN);
+	smb2_util_setatr(tree, DNAME "\\T016-16.txt", FILE_ATTRIBUTE_NORMAL);
+	smb2_util_setatr(tree, DNAME "\\T017-17.txt", FILE_ATTRIBUTE_SYSTEM);
+	smb2_util_setatr(tree, DNAME "\\T018-18.txt", 0);
+	smb2_util_setatr(tree, DNAME "\\T039-39.txt", FILE_ATTRIBUTE_HIDDEN);
+	smb2_util_setatr(tree, DNAME "\\T000-0.txt", FILE_ATTRIBUTE_HIDDEN);
+	sfinfo.generic.level = RAW_SFILEINFO_DISPOSITION_INFORMATION;
+	sfinfo.generic.in.file.path = DNAME "\\T013-13.txt.3";
+	sfinfo.disposition_info.in.delete_on_close = 1;
+	status = smb2_composite_setpathinfo(tree, &sfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "");
+
+	/* Reset the numfiles to include the new files and start the
+	 * search from the beginning */
+	num_files = num_files + 2;
+	f.in.pattern = "*";
+	f.in.continue_flags = SMB2_CONTINUE_FLAG_RESTART;
+	result.count = 0;
+
+	do {
+		status = smb2_find_level(tree, tree, &f, &count, &d);
+		if (NT_STATUS_EQUAL(status, STATUS_NO_MORE_FILES))
+			break;
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "");
+		if (!fill_result(&result, d, count, f.in.level,
+				 RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO)) {
+			ret = false;
+			goto done;
+		}
+		f.in.continue_flags = 0;
+		f.in.max_response_size  = 4096;
+	} while (count != 0);
+
+
+	ret &= check_result(tctx, &result, "t039-39.txt", true, FILE_ATTRIBUTE_HIDDEN);
+	ret &= check_result(tctx, &result, "t000-0.txt", true, FILE_ATTRIBUTE_HIDDEN);
+	ret &= check_result(tctx, &result, "t014-14.txt", false, 0);
+	ret &= check_result(tctx, &result, "t015-15.txt", true, FILE_ATTRIBUTE_HIDDEN);
+	ret &= check_result(tctx, &result, "t016-16.txt", true, FILE_ATTRIBUTE_NORMAL);
+	ret &= check_result(tctx, &result, "t017-17.txt", true, FILE_ATTRIBUTE_SYSTEM);
+	ret &= check_result(tctx, &result, "t018-18.txt", true, FILE_ATTRIBUTE_ARCHIVE);
+	ret &= check_result(tctx, &result, "t019-19.txt", true, FILE_ATTRIBUTE_ARCHIVE);
+	ret &= check_result(tctx, &result, "T013-13.txt.2", true, FILE_ATTRIBUTE_ARCHIVE);
+	ret &= check_result(tctx, &result, "T003-3.txt.2", false, 0);
+	ret &= check_result(tctx, &result, "T013-13.txt.3", true, FILE_ATTRIBUTE_NORMAL);
+
+	if (!ret) {
+		for (i=0;i<result.count;i++) {
+			torture_warning(tctx, "%s %s (0x%x)\n",
+			       result.list[i].both_directory_info.name.s,
+			       attrib_string(tctx,
+			       result.list[i].both_directory_info.attrib),
+			       result.list[i].both_directory_info.attrib);
+		}
+	}
+ done:
+	smb2_util_close(tree, h);
+	smb2_deltree(tree, DNAME);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/*
+   testing if directories always come back sorted
+*/
+static bool test_sorted(struct torture_context *tctx,
+			struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	const int num_files = 700;
+	int i;
+	struct file_elem files[700] = {};
+	bool ret = true;
+	NTSTATUS status;
+	struct multiple_result result;
+	struct smb2_handle h;
+
+	torture_comment(tctx, "Testing if directories always come back "
+	   "sorted\n");
+	status = populate_tree(tctx, mem_ctx, tree, files, num_files, &h);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "");
+
+	ZERO_STRUCT(result);
+	result.tctx = tctx;
+
+	status = multiple_smb2_search(tree, tctx, "*",
+				      SMB2_FIND_BOTH_DIRECTORY_INFO,
+				      RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO,
+				      SMB2_CONTINUE_FLAG_SINGLE,
+				      &result, &h);
+
+	torture_assert_int_equal_goto(tctx, result.count, num_files, ret, done,
+				      "");
+
+	for (i=0;i<num_files-1;i++) {
+		const char *name1, *name2;
+		name1 = result.list[i].both_directory_info.name.s;
+		name2 = result.list[i+1].both_directory_info.name.s;
+		if (strcasecmp_m(name1, name2) > 0) {
+			torture_comment(tctx, "non-alphabetical order at entry "
+			    "%d '%s' '%s'\n", i, name1, name2);
+			torture_comment(tctx,
+			    "Server does not produce sorted directory listings"
+			    "(not an error)\n");
+			goto done;
+		}
+	}
+	talloc_free(result.list);
+done:
+	smb2_util_close(tree, h);
+	smb2_deltree(tree, DNAME);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/* test the behavior of file_index field in the SMB2_FIND struct */
+static bool test_file_index(struct torture_context *tctx,
+			    struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	const int num_files = 100;
+	int resume_index = 4;
+	int i;
+	char *fname;
+	bool ret = true;
+	NTSTATUS status;
+	struct multiple_result result;
+	struct smb2_create create;
+	struct smb2_find f;
+	struct smb2_handle h;
+	union smb_search_data *d;
+	unsigned count;
+
+	smb2_deltree(tree, DNAME);
+
+	status = torture_smb2_testdir(tree, DNAME, &h);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "");
+
+	torture_comment(tctx, "Testing the behavior of file_index flag\n");
+
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.create_disposition = NTCREATEX_DISP_CREATE;
+	for (i = num_files-1; i >= 0; i--) {
+		fname = talloc_asprintf(mem_ctx, DNAME "\\file%u.txt", i);
+		create.in.fname = fname;
+		status = smb2_create(tree, mem_ctx, &create);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "");
+		talloc_free(fname);
+		smb2_util_close(tree, create.out.file.handle);
+	}
+
+	ZERO_STRUCT(result);
+	result.tctx = tctx;
+
+	ZERO_STRUCT(f);
+	f.in.file.handle        = h;
+	f.in.pattern            = "*";
+	f.in.continue_flags     = SMB2_CONTINUE_FLAG_SINGLE;
+	f.in.max_response_size  = 0x1000;
+	f.in.level              = SMB2_FIND_FULL_DIRECTORY_INFO;
+
+	do {
+		status = smb2_find_level(tree, tree, &f, &count, &d);
+		if (NT_STATUS_EQUAL(status, STATUS_NO_MORE_FILES))
+			break;
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "");
+		if (!fill_result(&result, d, count, f.in.level,
+				 RAW_SEARCH_DATA_FULL_DIRECTORY_INFO)) {
+			ret = false;
+			goto done;
+		}
+	} while(result.count < 10);
+
+	if (result.list[0].full_directory_info.file_index == 0) {
+		torture_skip_goto(tctx, done,
+				"Talking to a server that doesn't provide a "
+				"file index.\nWindows servers using NTFS do "
+				"not provide a file_index. Skipping test\n");
+	} else {
+		/* We are not talking to a Windows based server.  Windows
+		 * servers using NTFS do not provide a file_index.  Windows
+		 * servers using FAT do provide a file index, however in both
+		 * cases they do not honor a file index on a resume request.
+		 * See MS-FSCC <62> and MS-SMB2 <54> for more information. */
+
+		/* Set the file_index flag to point to the fifth file from the
+		 * previous enumeration and try to start the subsequent
+		 * searches from that point */
+		f.in.file_index =
+		    result.list[resume_index].full_directory_info.file_index;
+		f.in.continue_flags = SMB2_CONTINUE_FLAG_INDEX;
+
+		/* get the name of the next expected file */
+		fname = talloc_asprintf(mem_ctx, DNAME "\\%s",
+			result.list[resume_index].full_directory_info.name.s);
+
+		ZERO_STRUCT(result);
+		result.tctx = tctx;
+		status = smb2_find_level(tree, tree, &f, &count, &d);
+		if (NT_STATUS_EQUAL(status, STATUS_NO_MORE_FILES))
+			goto done;
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "");
+		if (!fill_result(&result, d, count, f.in.level,
+				 RAW_SEARCH_DATA_FULL_DIRECTORY_INFO)) {
+			ret = false;
+			goto done;
+		}
+		if (strcmp(fname,
+			result.list[0].full_directory_info.name.s)) {
+			torture_comment(tctx, "Next expected file: %s but the "
+			    "server returned %s\n", fname,
+			    result.list[0].full_directory_info.name.s);
+			torture_comment(tctx,
+					"Not an error. Resuming using a file "
+					"index is an optional feature of the "
+					"protocol.\n");
+			goto done;
+		}
+	}
+done:
+	smb2_util_close(tree, h);
+	smb2_deltree(tree, DNAME);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/*
+ * Tests directory enumeration in a directory containing >1000 files with
+ * names of varying lengths.
+ */
+static bool test_large_files(struct torture_context *tctx,
+			     struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	const int num_files = 2000;
+	int max_len = 200;
+	/* These should be evenly divisible */
+	int num_at_len = num_files / max_len;
+	struct file_elem files[2000] = {};
+	size_t len = 1;
+	bool ret = true;
+	NTSTATUS status;
+	struct smb2_create create;
+	struct smb2_find f;
+	struct smb2_handle h = {{0}};
+	union smb_search_data *d;
+	int i, j = 0, file_count = 0;
+	char **strs = NULL;
+	unsigned count;
+	struct timespec ts1, ts2;
+
+	torture_comment(tctx,
+	    "Testing directory enumeration in a directory with >1000 files\n");
+
+	smb2_deltree(tree, DNAME);
+
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_RIGHTS_DIR_ALL;
+	create.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	create.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				 NTCREATEX_SHARE_ACCESS_WRITE |
+				 NTCREATEX_SHARE_ACCESS_DELETE;
+	create.in.create_disposition = NTCREATEX_DISP_CREATE;
+	create.in.fname = DNAME;
+
+	status = smb2_create(tree, mem_ctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "");
+	h = create.out.file.handle;
+
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.create_disposition = NTCREATEX_DISP_CREATE;
+
+	for (i = 0; i < num_files; i++) {
+		if (i % num_at_len == 0) {
+		    strs = generate_unique_strs(mem_ctx, len, num_at_len);
+		    len++;
+		}
+		files[i].name = strs[i % num_at_len];
+		create.in.fname = talloc_asprintf(mem_ctx, "%s\\%s",
+		    DNAME, files[i].name);
+		status = smb2_create(tree, mem_ctx, &create);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "");
+		smb2_util_close(tree, create.out.file.handle);
+	}
+
+	ZERO_STRUCT(f);
+	f.in.file.handle        = h;
+	f.in.pattern            = "*";
+	f.in.max_response_size  = 0x100;
+	f.in.level              = SMB2_FIND_BOTH_DIRECTORY_INFO;
+
+	clock_gettime_mono(&ts1);
+
+	do {
+		status = smb2_find_level(tree, tree, &f, &count, &d);
+		if (NT_STATUS_EQUAL(status, STATUS_NO_MORE_FILES))
+			break;
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "");
+
+		for (i = 0; i < count; i++) {
+			bool expected;
+			const char *found = d[i].both_directory_info.name.s;
+
+			if (!strcmp(found, ".") || !strcmp(found, ".."))
+				continue;
+
+			expected = false;
+			for (j = 0; j < 2000; j++) {
+				if (!strcmp(files[j].name, found)) {
+					files[j].found = true;
+					expected = true;
+					break;
+				}
+			}
+
+			if (expected)
+				continue;
+
+			torture_result(tctx, TORTURE_FAIL,
+			    "(%s): didn't expect %s\n",
+			    __location__, found);
+			ret = false;
+			goto done;
+		}
+		file_count = file_count + i;
+		f.in.continue_flags = 0;
+		f.in.max_response_size  = 4096;
+	} while (count != 0);
+
+	torture_assert_int_equal_goto(tctx, file_count, num_files + 2, ret,
+				      done, "");
+
+	clock_gettime_mono(&ts2);
+
+	for (i = 0; i < num_files; i++) {
+		if (files[j].found)
+			continue;
+
+		torture_result(tctx, TORTURE_FAIL,
+		    "(%s): expected to find %s, but didn't\n",
+		    __location__, files[j].name);
+		ret = false;
+		goto done;
+	}
+
+	torture_comment(tctx, "Directory enumeration completed in %.3f s.\n",
+			timespec_elapsed2(&ts1, &ts2));
+
+done:
+	smb2_util_close(tree, h);
+	smb2_deltree(tree, DNAME);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/*
+ * basic testing of search calls using many files,
+ * including renaming files
+ */
+#define NUM_FILES 1000
+static bool test_1k_files_rename(struct torture_context *tctx,
+                            struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	const int num_files = NUM_FILES;
+	int rename_index = 0;
+	int i, j;
+	char *fname_list[NUM_FILES] = {0};
+	bool ret = true;
+	NTSTATUS status;
+	struct multiple_result result;
+	struct smb2_create create;
+	struct smb2_create dir;
+	struct smb2_handle dir_handle;
+	struct smb2_create open;
+	union smb_setfileinfo sinfo;
+	struct timespec ts1, ts2;
+	bool reopen;
+
+	reopen = torture_setting_bool(tctx, "1k_files_rename_reopendir", false);
+
+	torture_comment(tctx, "Testing with %d files\n", num_files);
+
+	smb2_deltree(tree, DNAME);
+
+	dir = (struct smb2_create) {
+		.in.desired_access = SEC_DIR_LIST,
+		.in.file_attributes   = FILE_ATTRIBUTE_DIRECTORY,
+		.in.create_disposition = NTCREATEX_DISP_OPEN_IF,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.create_options = NTCREATEX_OPTIONS_DIRECTORY,
+		.in.fname = DNAME,
+	};
+
+	status = smb2_create(tree, tree, &dir);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "Could not create test directory");
+
+	dir_handle = dir.out.file.handle;
+
+	/* Create 1k files, store in array for later rename */
+
+	torture_comment(tctx, "Create files.\n");
+	create = (struct smb2_create) {
+		.in.desired_access = SEC_RIGHTS_FILE_ALL,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.create_disposition = NTCREATEX_DISP_CREATE,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+	};
+
+	for (i = num_files - 1; i >= 0; i--) {
+		fname_list[i] = talloc_asprintf(mem_ctx, DNAME "\\t%03d.txt", i);
+		torture_assert_not_null_goto(tctx, fname_list[i], ret, done,
+					     "talloc_asprintf failed");
+
+		create.in.fname = fname_list[i];
+
+		status = smb2_create(tree, mem_ctx, &create);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"smb2_create failed\n");
+
+		status = smb2_util_close(tree, create.out.file.handle);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"smb2_util_close failed\n");
+	}
+
+	open = (struct smb2_create) {
+		.in.desired_access = SEC_RIGHTS_FILE_ALL | SEC_STD_DELETE,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+	};
+
+	clock_gettime_mono(&ts1);
+
+	for (j = 0; j < 100; j++) {
+		ZERO_STRUCT(result);
+		result.tctx = talloc_new(tctx);
+
+		torture_comment(tctx, "Iteration: %02d of 100.\n", j);
+
+		if (reopen) {
+			torture_comment(
+				tctx, "Close and reopen test directory \n");
+			smb2_util_close(tree, dir_handle);
+
+			status = smb2_create(tree, tree, &dir);
+			torture_assert_ntstatus_ok_goto(
+				tctx, status, ret, done,
+				"Could not reopen test directory");
+
+			dir_handle = dir.out.file.handle;
+		}
+
+		status = multiple_smb2_search(tree, tctx, "*",
+				SMB2_FIND_FULL_DIRECTORY_INFO,
+				RAW_SEARCH_DATA_FULL_DIRECTORY_INFO,
+				100,
+				&result, &dir_handle);
+		torture_assert_int_equal_goto(tctx, result.count, num_files,
+				ret, done, "Wrong number of files");
+
+		/* Check name validity of all files*/
+		compare_data_level = RAW_SEARCH_DATA_FULL_DIRECTORY_INFO;
+		level_sort = SMB2_FIND_FULL_DIRECTORY_INFO;
+
+		TYPESAFE_QSORT(result.list, result.count, search_compare);
+
+		for (i = 0; i < result.count; i++) {
+			const char *s = NULL;
+			char *dname_s = NULL;
+
+			s = extract_name(&result.list[i],
+					SMB2_FIND_FULL_DIRECTORY_INFO,
+					RAW_SEARCH_DATA_FULL_DIRECTORY_INFO);
+			dname_s = talloc_asprintf(mem_ctx, DNAME "\\%s", s);
+			torture_assert_not_null_goto(tctx, dname_s, ret, done,
+						     "talloc_asprintf failed");
+
+			torture_assert_str_equal_goto(tctx, dname_s, fname_list[i], ret,
+					done, "Incorrect name\n");
+			TALLOC_FREE(dname_s);
+		}
+
+		TALLOC_FREE(result.tctx);
+
+		/* Rename one file */
+		open.in.fname = fname_list[rename_index];
+
+		status = smb2_create(tree, tctx, &open);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"Failed open\n");
+
+		sinfo = (union smb_setfileinfo) {
+			.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION,
+			.rename_information.in.file.handle = open.out.file.handle,
+		};
+
+		TALLOC_FREE(fname_list[rename_index]);
+		fname_list[rename_index] = talloc_asprintf(
+			mem_ctx, DNAME "\\t%03d-rename.txt", rename_index);
+		sinfo.rename_information.in.new_name = fname_list[rename_index];
+
+		torture_comment(tctx, "Renaming test file to: %s\n",
+				sinfo.rename_information.in.new_name);
+
+		status = smb2_setinfo_file(tree, &sinfo);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"Failed setinfo/rename\n");
+
+		rename_index++;
+		smb2_util_close(tree, open.out.file.handle);
+	}
+
+	clock_gettime_mono(&ts2);
+
+	torture_comment(tctx, "\nDirectory enumeration completed in %.3f s.\n",
+	                timespec_elapsed2(&ts1, &ts2));
+
+done:
+	TALLOC_FREE(mem_ctx);
+	smb2_util_close(tree, dir_handle);
+	smb2_deltree(tree, DNAME);
+	return ret;
+}
+#undef NUM_FILES
+
+struct torture_suite *torture_smb2_dir_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite =
+	    torture_suite_create(ctx, "dir");
+
+	torture_suite_add_1smb2_test(suite, "find", test_find);
+	torture_suite_add_1smb2_test(suite, "fixed", test_fixed);
+	torture_suite_add_1smb2_test(suite, "one", test_one_file);
+	torture_suite_add_1smb2_test(suite, "many", test_many_files);
+	torture_suite_add_1smb2_test(suite, "modify", test_modify_search);
+	torture_suite_add_1smb2_test(suite, "sorted", test_sorted);
+	torture_suite_add_1smb2_test(suite, "file-index", test_file_index);
+	torture_suite_add_1smb2_test(suite, "large-files", test_large_files);
+	torture_suite_add_1smb2_test(suite, "1kfiles_rename", test_1k_files_rename);
+
+	suite->description = talloc_strdup(suite, "SMB2-DIR tests");
+
+	return suite;
+}
diff --git a/source4/torture/smb2/dosmode.c b/source4/torture/smb2/dosmode.c
new file mode 100644
index 0000000..7610a20
--- /dev/null
+++ b/source4/torture/smb2/dosmode.c
@@ -0,0 +1,254 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   SMB2 setinfo individual test suite
+
+   Copyright (C) Ralph Boehme 2016
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/time.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+
+#include "torture/torture.h"
+#include "torture/smb2/proto.h"
+
+/*
+  test dosmode and hidden files
+*/
+bool torture_smb2_dosmode(struct torture_context *tctx)
+{
+	bool ret = true;
+	NTSTATUS status;
+	struct smb2_tree *tree = NULL;
+	const char *dname = "torture_dosmode";
+	const char *fname = "torture_dosmode\\file";
+	const char *hidefile = "torture_dosmode\\hidefile";
+	const char *dotfile = "torture_dosmode\\.dotfile";
+	struct smb2_handle h1 = {{0}};
+	struct smb2_create io;
+	union smb_setfileinfo sfinfo;
+	union smb_fileinfo finfo2;
+
+	torture_comment(tctx, "Checking dosmode with \"hide files\" "
+			"and \"hide dot files\"\n");
+
+	if (!torture_smb2_connection(tctx, &tree)) {
+		return false;
+	}
+
+	smb2_deltree(tree, dname);
+
+	status = torture_smb2_testdir(tree, dname, &h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testdir failed");
+
+	ZERO_STRUCT(io);
+	io.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.in.file_attributes   = FILE_ATTRIBUTE_NORMAL;
+	io.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.in.create_options = 0;
+	io.in.fname = fname;
+
+	status = smb2_create(tree, tctx, &io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed");
+
+	ZERO_STRUCT(sfinfo);
+	sfinfo.basic_info.in.attrib = FILE_ATTRIBUTE_HIDDEN;
+	sfinfo.generic.level = RAW_SFILEINFO_BASIC_INFORMATION;
+	sfinfo.generic.in.file.handle = io.out.file.handle;
+	status = smb2_setinfo_file(tree, &sfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_setinfo_filefailed");
+
+	ZERO_STRUCT(finfo2);
+	finfo2.generic.level = RAW_FILEINFO_BASIC_INFORMATION;
+	finfo2.generic.in.file.handle = io.out.file.handle;
+	status = smb2_getinfo_file(tree, tctx, &finfo2);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed");
+	torture_assert_int_equal_goto(tctx, finfo2.all_info2.out.attrib & FILE_ATTRIBUTE_HIDDEN,
+				      FILE_ATTRIBUTE_HIDDEN, ret, done,
+				      "FILE_ATTRIBUTE_HIDDEN is not set");
+
+	smb2_util_close(tree, io.out.file.handle);
+
+	/* This must fail with attribute mismatch */
+	ZERO_STRUCT(io);
+	io.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.in.file_attributes   = FILE_ATTRIBUTE_NORMAL;
+	io.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+	io.in.create_options = 0;
+	io.in.fname = fname;
+
+	status = smb2_create(tree, tctx, &io);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_ACCESS_DENIED,
+					   ret, done,"smb2_create failed");
+
+	/* Create a file in "hide files" */
+	ZERO_STRUCT(io);
+	io.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.in.file_attributes   = FILE_ATTRIBUTE_NORMAL;
+	io.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.in.create_options = 0;
+	io.in.fname = hidefile;
+
+	status = smb2_create(tree, tctx, &io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed");
+
+	ZERO_STRUCT(finfo2);
+	finfo2.generic.level = RAW_FILEINFO_BASIC_INFORMATION;
+	finfo2.generic.in.file.handle = io.out.file.handle;
+	status = smb2_getinfo_file(tree, tctx, &finfo2);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed");
+	torture_assert_int_equal_goto(tctx, finfo2.all_info2.out.attrib & FILE_ATTRIBUTE_HIDDEN,
+				      FILE_ATTRIBUTE_HIDDEN, ret, done,
+				      "FILE_ATTRIBUTE_HIDDEN is not set");
+
+	smb2_util_close(tree, io.out.file.handle);
+
+	/* Overwrite a file in "hide files", should pass */
+	ZERO_STRUCT(io);
+	io.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.in.file_attributes   = FILE_ATTRIBUTE_NORMAL;
+	io.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+	io.in.create_options = 0;
+	io.in.fname = hidefile;
+
+	status = smb2_create(tree, tctx, &io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed");
+	smb2_util_close(tree, io.out.file.handle);
+
+	/* Create a "hide dot files" */
+	ZERO_STRUCT(io);
+	io.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.in.file_attributes   = FILE_ATTRIBUTE_NORMAL;
+	io.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.in.create_options = 0;
+	io.in.fname = dotfile;
+
+	status = smb2_create(tree, tctx, &io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed");
+
+	ZERO_STRUCT(finfo2);
+	finfo2.generic.level = RAW_FILEINFO_BASIC_INFORMATION;
+	finfo2.generic.in.file.handle = io.out.file.handle;
+	status = smb2_getinfo_file(tree, tctx, &finfo2);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed");
+	torture_assert_int_equal_goto(tctx, finfo2.all_info2.out.attrib & FILE_ATTRIBUTE_HIDDEN,
+				      FILE_ATTRIBUTE_HIDDEN, ret, done,
+				      "FILE_ATTRIBUTE_HIDDEN is not set");
+
+	smb2_util_close(tree, io.out.file.handle);
+
+	/* Overwrite a "hide dot files", should pass */
+	ZERO_STRUCT(io);
+	io.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.in.file_attributes   = FILE_ATTRIBUTE_NORMAL;
+	io.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+	io.in.create_options = 0;
+	io.in.fname = dotfile;
+
+	status = smb2_create(tree, tctx, &io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed");
+	smb2_util_close(tree, io.out.file.handle);
+
+done:
+	if (!smb2_util_handle_empty(h1)) {
+		smb2_util_close(tree, h1);
+	}
+	smb2_deltree(tree, dname);
+	return ret;
+}
+
+bool torture_smb2_async_dosmode(struct torture_context *tctx)
+{
+	bool ret = true;
+	NTSTATUS status;
+	struct smb2_tree *tree = NULL;
+	const char *dname = "torture_dosmode";
+	const char *fname = "torture_dosmode\\file";
+	struct smb2_handle h = {{0}};
+	struct smb2_create io;
+	union smb_setfileinfo sfinfo;
+	struct smb2_find f;
+	union smb_search_data *d;
+	unsigned int count;
+
+	if (!torture_smb2_connection(tctx, &tree)) {
+		return false;
+	}
+
+	smb2_deltree(tree, dname);
+
+	status = torture_smb2_testdir(tree, dname, &h);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testdir failed");
+
+	ZERO_STRUCT(io);
+	io.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.in.file_attributes   = FILE_ATTRIBUTE_NORMAL;
+	io.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.in.create_options = 0;
+	io.in.fname = fname;
+
+	status = smb2_create(tree, tctx, &io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed");
+
+	ZERO_STRUCT(sfinfo);
+	sfinfo.basic_info.in.attrib = FILE_ATTRIBUTE_HIDDEN;
+	sfinfo.generic.level = RAW_SFILEINFO_BASIC_INFORMATION;
+	sfinfo.generic.in.file.handle = io.out.file.handle;
+	status = smb2_setinfo_file(tree, &sfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_setinfo_filefailed");
+
+	smb2_util_close(tree, io.out.file.handle);
+
+	ZERO_STRUCT(f);
+	f.in.file.handle	= h;
+	f.in.pattern		= "file";
+	f.in.continue_flags	= SMB2_CONTINUE_FLAG_RESTART;
+	f.in.max_response_size	= 0x1000;
+	f.in.level              = SMB2_FIND_BOTH_DIRECTORY_INFO;
+
+	status = smb2_find_level(tree, tree, &f, &count, &d);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "");
+
+	smb2_util_close(tree, h);
+	ZERO_STRUCT(h);
+
+	torture_assert_goto(tctx,
+			    d->both_directory_info.attrib & FILE_ATTRIBUTE_HIDDEN,
+			    ret, done,
+			    "FILE_ATTRIBUTE_HIDDEN is not set\n");
+
+done:
+	if (!smb2_util_handle_empty(h)) {
+		smb2_util_close(tree, h);
+	}
+	smb2_deltree(tree, dname);
+	return ret;
+}
diff --git a/source4/torture/smb2/durable_open.c b/source4/torture/smb2/durable_open.c
new file mode 100644
index 0000000..f56c558
--- /dev/null
+++ b/source4/torture/smb2/durable_open.c
@@ -0,0 +1,2872 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   test suite for SMB2 durable opens
+
+   Copyright (C) Stefan Metzmacher 2008
+   Copyright (C) Michael Adam 2011-2012
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "../libcli/smb/smbXcli_base.h"
+#include "torture/torture.h"
+#include "torture/smb2/proto.h"
+#include "../libcli/smb/smbXcli_base.h"
+
+#define CHECK_VAL(v, correct) do { \
+	if ((v) != (correct)) { \
+		torture_result(tctx, TORTURE_FAIL, "(%s): wrong value for %s got 0x%llx - should be 0x%llx\n", \
+				__location__, #v, (unsigned long long)v, (unsigned long long)correct); \
+		ret = false; \
+	}} while (0)
+
+#define CHECK_NOT_VAL(v, incorrect) do { \
+	if ((v) == (incorrect)) { \
+		torture_result(tctx, TORTURE_FAIL, "(%s): wrong value for %s got 0x%llx - should not be 0x%llx\n", \
+				__location__, #v, (unsigned long long)v, (unsigned long long)incorrect); \
+		ret = false; \
+	}} while (0)
+
+#define CHECK_NOT_NULL(p) do { \
+	if ((p) == NULL) { \
+		torture_result(tctx, TORTURE_FAIL, "(%s): %s is NULL but it should not be.\n", \
+				__location__, #p); \
+		ret = false; \
+	}} while (0)
+
+#define CHECK_STATUS(status, correct) do { \
+	if (!NT_STATUS_EQUAL(status, correct)) { \
+		torture_result(tctx, TORTURE_FAIL, __location__": Incorrect status %s - should be %s", \
+		       nt_errstr(status), nt_errstr(correct)); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+#define CHECK_CREATED(__io, __created, __attribute)			\
+	do {								\
+		CHECK_VAL((__io)->out.create_action, NTCREATEX_ACTION_ ## __created); \
+		CHECK_VAL((__io)->out.size, 0);				\
+		CHECK_VAL((__io)->out.file_attr, (__attribute));	\
+		CHECK_VAL((__io)->out.reserved2, 0);			\
+	} while(0)
+
+#define CHECK_CREATED_SIZE(__io, __created, __attribute, __alloc_size, __size)	\
+	do {									\
+		CHECK_VAL((__io)->out.create_action, NTCREATEX_ACTION_ ## __created); \
+		if (__alloc_size != 0) {					\
+			CHECK_VAL((__io)->out.alloc_size, (__alloc_size));	\
+		}								\
+		CHECK_VAL((__io)->out.size, (__size));				\
+		CHECK_VAL((__io)->out.file_attr, (__attribute));		\
+		CHECK_VAL((__io)->out.reserved2, 0);				\
+	} while(0)
+
+
+
+/**
+ * basic durable_open test.
+ * durable state should only be granted when requested
+ * along with a batch oplock or a handle lease.
+ *
+ * This test tests durable open with all possible oplock types.
+ */
+
+struct durable_open_vs_oplock {
+	const char *level;
+	const char *share_mode;
+	bool expected;
+};
+
+#define NUM_OPLOCK_TYPES 4
+#define NUM_SHARE_MODES 8
+#define NUM_OPLOCK_OPEN_TESTS ( NUM_OPLOCK_TYPES * NUM_SHARE_MODES )
+static struct durable_open_vs_oplock durable_open_vs_oplock_table[NUM_OPLOCK_OPEN_TESTS] =
+{
+	{ "", "", false },
+	{ "", "R", false },
+	{ "", "W", false },
+	{ "", "D", false },
+	{ "", "RD", false },
+	{ "", "RW", false },
+	{ "", "WD", false },
+	{ "", "RWD", false },
+
+	{ "s", "", false },
+	{ "s", "R", false },
+	{ "s", "W", false },
+	{ "s", "D", false },
+	{ "s", "RD", false },
+	{ "s", "RW", false },
+	{ "s", "WD", false },
+	{ "s", "RWD", false },
+
+	{ "x", "", false },
+	{ "x", "R", false },
+	{ "x", "W", false },
+	{ "x", "D", false },
+	{ "x", "RD", false },
+	{ "x", "RW", false },
+	{ "x", "WD", false },
+	{ "x", "RWD", false },
+
+	{ "b", "", true },
+	{ "b", "R", true },
+	{ "b", "W", true },
+	{ "b", "D", true },
+	{ "b", "RD", true },
+	{ "b", "RW", true },
+	{ "b", "WD", true },
+	{ "b", "RWD", true },
+};
+
+static bool test_one_durable_open_open_oplock(struct torture_context *tctx,
+					      struct smb2_tree *tree,
+					      const char *fname,
+					      struct durable_open_vs_oplock test)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	bool ret = true;
+	struct smb2_create io;
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_oplock_create_share(&io, fname,
+				 smb2_util_share_access(test.share_mode),
+				 smb2_util_oplock_level(test.level));
+	io.in.durable_open = true;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h = io.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.durable_open, test.expected);
+	CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level(test.level));
+
+done:
+	if (h != NULL) {
+		smb2_util_close(tree, *h);
+	}
+	smb2_util_unlink(tree, fname);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+static bool test_durable_open_open_oplock(struct torture_context *tctx,
+					  struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	bool ret = true;
+	int i;
+
+	/* Choose a random name in case the state is left a little funky. */
+	snprintf(fname, 256, "durable_open_open_oplock_%s.dat", generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	/* test various oplock levels with durable open */
+
+	for (i = 0; i < NUM_OPLOCK_OPEN_TESTS; i++) {
+		ret = test_one_durable_open_open_oplock(tctx,
+							tree,
+							fname,
+							durable_open_vs_oplock_table[i]);
+		if (ret == false) {
+			goto done;
+		}
+	}
+
+done:
+	smb2_util_unlink(tree, fname);
+	talloc_free(tree);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * basic durable_open test.
+ * durable state should only be granted when requested
+ * along with a batch oplock or a handle lease.
+ *
+ * This test tests durable open with all valid lease types.
+ */
+
+struct durable_open_vs_lease {
+	const char *type;
+	const char *share_mode;
+	bool expected;
+};
+
+#define NUM_LEASE_TYPES 5
+#define NUM_LEASE_OPEN_TESTS ( NUM_LEASE_TYPES * NUM_SHARE_MODES )
+static struct durable_open_vs_lease durable_open_vs_lease_table[NUM_LEASE_OPEN_TESTS] =
+{
+	{ "", "", false },
+	{ "", "R", false },
+	{ "", "W", false },
+	{ "", "D", false },
+	{ "", "RW", false },
+	{ "", "RD", false },
+	{ "", "WD", false },
+	{ "", "RWD", false },
+
+	{ "R", "", false },
+	{ "R", "R", false },
+	{ "R", "W", false },
+	{ "R", "D", false },
+	{ "R", "RW", false },
+	{ "R", "RD", false },
+	{ "R", "DW", false },
+	{ "R", "RWD", false },
+
+	{ "RW", "", false },
+	{ "RW", "R", false },
+	{ "RW", "W", false },
+	{ "RW", "D", false },
+	{ "RW", "RW", false },
+	{ "RW", "RD", false },
+	{ "RW", "WD", false },
+	{ "RW", "RWD", false },
+
+	{ "RH", "", true },
+	{ "RH", "R", true },
+	{ "RH", "W", true },
+	{ "RH", "D", true },
+	{ "RH", "RW", true },
+	{ "RH", "RD", true },
+	{ "RH", "WD", true },
+	{ "RH", "RWD", true },
+
+	{ "RHW", "", true },
+	{ "RHW", "R", true },
+	{ "RHW", "W", true },
+	{ "RHW", "D", true },
+	{ "RHW", "RW", true },
+	{ "RHW", "RD", true },
+	{ "RHW", "WD", true },
+	{ "RHW", "RWD", true },
+};
+
+static bool test_one_durable_open_open_lease(struct torture_context *tctx,
+					     struct smb2_tree *tree,
+					     const char *fname,
+					     struct durable_open_vs_lease test)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	bool ret = true;
+	struct smb2_create io;
+	struct smb2_lease ls;
+	uint64_t lease;
+	uint32_t caps;
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	smb2_util_unlink(tree, fname);
+
+	lease = random();
+
+	smb2_lease_create_share(&io, &ls, false /* dir */, fname,
+				smb2_util_share_access(test.share_mode),
+				lease,
+				smb2_util_lease_state(test.type));
+	io.in.durable_open = true;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h = io.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.durable_open, test.expected);
+	CHECK_VAL(io.out.oplock_level, SMB2_OPLOCK_LEVEL_LEASE);
+	CHECK_VAL(io.out.lease_response.lease_key.data[0], lease);
+	CHECK_VAL(io.out.lease_response.lease_key.data[1], ~lease);
+	CHECK_VAL(io.out.lease_response.lease_state,
+		  smb2_util_lease_state(test.type));
+done:
+	if (h != NULL) {
+		smb2_util_close(tree, *h);
+	}
+	smb2_util_unlink(tree, fname);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+static bool test_durable_open_open_lease(struct torture_context *tctx,
+					 struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	bool ret = true;
+	int i;
+	uint32_t caps;
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	/* Choose a random name in case the state is left a little funky. */
+	snprintf(fname, 256, "durable_open_open_lease_%s.dat", generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+
+	/* test various oplock levels with durable open */
+
+	for (i = 0; i < NUM_LEASE_OPEN_TESTS; i++) {
+		ret = test_one_durable_open_open_lease(tctx,
+						       tree,
+						       fname,
+						       durable_open_vs_lease_table[i]);
+		if (ret == false) {
+			goto done;
+		}
+	}
+
+done:
+	smb2_util_unlink(tree, fname);
+	talloc_free(tree);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * basic test for doing a durable open
+ * and do a durable reopen on the same connection
+ * while the first open is still active (fails)
+ */
+static bool test_durable_open_reopen1(struct torture_context *tctx,
+				      struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_create io1, io2;
+	bool ret = true;
+
+	/* Choose a random name in case the state is left a little funky. */
+	snprintf(fname, 256, "durable_open_reopen1_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_oplock_create_share(&io1, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+	io1.in.durable_open = true;
+
+	status = smb2_create(tree, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h = io1.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io1.out.durable_open, true);
+	CHECK_VAL(io1.out.oplock_level, smb2_util_oplock_level("b"));
+
+	/* try a durable reconnect while the file is still open */
+	ZERO_STRUCT(io2);
+	io2.in.fname = fname;
+	io2.in.durable_handle = h;
+
+	status = smb2_create(tree, mem_ctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+done:
+	if (h != NULL) {
+		smb2_util_close(tree, *h);
+	}
+
+	smb2_util_unlink(tree, fname);
+
+	talloc_free(tree);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * Basic test for doing a durable open
+ * and do a session reconnect while the first
+ * session is still active and the handle is
+ * still open in the client.
+ * This closes the original session and  a
+ * durable reconnect on the new session succeeds.
+ */
+static bool test_durable_open_reopen1a(struct torture_context *tctx,
+				       struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_create io;
+	bool ret = true;
+	struct smb2_tree *tree2 = NULL;
+	struct smb2_tree *tree3 = NULL;
+	uint64_t previous_session_id;
+	struct smbcli_options options;
+	struct GUID orig_client_guid;
+
+	options = tree->session->transport->options;
+	orig_client_guid = options.client_guid;
+
+	/* Choose a random name in case the state is left a little funky. */
+	snprintf(fname, 256, "durable_open_reopen1a_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_oplock_create_share(&io, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+	io.in.durable_open = true;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h = io.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.durable_open, true);
+	CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+
+	/*
+	 * a session reconnect on a second tcp connection
+	 */
+
+	previous_session_id = smb2cli_session_current_id(tree->session->smbXcli);
+
+	/* for oplocks, the client guid can be different: */
+	options.client_guid = GUID_random();
+
+	ret = torture_smb2_connection_ext(tctx, previous_session_id,
+					  &options, &tree2);
+	torture_assert_goto(tctx, ret, ret, done, "could not reconnect");
+
+	/*
+	 * check that this has deleted the old session
+	 */
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_handle = h;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_USER_SESSION_DELETED);
+
+	TALLOC_FREE(tree);
+
+	/*
+	 * but a durable reconnect on the new session succeeds:
+	 */
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_handle = h;
+
+	status = smb2_create(tree2, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+	_h = io.out.file.handle;
+	h = &_h;
+
+	/*
+	 * a session reconnect on a second tcp connection
+	 */
+
+	previous_session_id = smb2cli_session_current_id(tree2->session->smbXcli);
+
+	/* the original client_guid works just the same */
+	options.client_guid = orig_client_guid;
+
+	ret = torture_smb2_connection_ext(tctx, previous_session_id,
+					  &options, &tree3);
+	torture_assert_goto(tctx, ret, ret, done, "could not reconnect");
+
+	/*
+	 * check that this has deleted the old session
+	 */
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_handle = h;
+
+	status = smb2_create(tree2, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_USER_SESSION_DELETED);
+
+	TALLOC_FREE(tree2);
+
+	/*
+	 * but a durable reconnect on the new session succeeds:
+	 */
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_handle = h;
+
+	status = smb2_create(tree3, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+	_h = io.out.file.handle;
+	h = &_h;
+
+done:
+	if (tree == NULL) {
+		tree = tree2;
+	}
+
+	if (tree == NULL) {
+		tree = tree3;
+	}
+
+	if (tree != NULL) {
+		if (h != NULL) {
+			smb2_util_close(tree, *h);
+			h = NULL;
+		}
+		smb2_util_unlink(tree, fname);
+
+		talloc_free(tree);
+	}
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * lease variant of reopen1a
+ *
+ * Basic test for doing a durable open and doing a session
+ * reconnect while the first session is still active and the
+ * handle is still open in the client.
+ * This closes the original session and  a durable reconnect on
+ * the new session succeeds depending on the client guid:
+ *
+ * Durable reconnect on a session with a different client guid fails.
+ * Durable reconnect on a session with the original client guid succeeds.
+ */
+bool test_durable_open_reopen1a_lease(struct torture_context *tctx,
+				      struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_create io;
+	struct smb2_lease ls;
+	uint64_t lease_key;
+	bool ret = true;
+	struct smb2_tree *tree2 = NULL;
+	struct smb2_tree *tree3 = NULL;
+	uint64_t previous_session_id;
+	struct smbcli_options options;
+	struct GUID orig_client_guid;
+
+	options = tree->session->transport->options;
+	orig_client_guid = options.client_guid;
+
+	/* Choose a random name in case the state is left a little funky. */
+	snprintf(fname, 256, "durable_v2_open_reopen1a_lease_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	lease_key = random();
+	smb2_lease_create(&io, &ls, false /* dir */, fname,
+			  lease_key, smb2_util_lease_state("RWH"));
+	io.in.durable_open = true;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h = io.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.durable_open, true);
+	CHECK_VAL(io.out.oplock_level, SMB2_OPLOCK_LEVEL_LEASE);
+	CHECK_VAL(io.out.lease_response.lease_key.data[0], lease_key);
+	CHECK_VAL(io.out.lease_response.lease_key.data[1], ~lease_key);
+	CHECK_VAL(io.out.lease_response.lease_state,
+		  smb2_util_lease_state("RWH"));
+	CHECK_VAL(io.out.lease_response.lease_flags, 0);
+	CHECK_VAL(io.out.lease_response.lease_duration, 0);
+
+	previous_session_id = smb2cli_session_current_id(tree->session->smbXcli);
+
+	/*
+	 * a session reconnect on a second tcp connection
+	 * with a different client_guid does not allow
+	 * the durable reconnect.
+	 */
+
+	options.client_guid = GUID_random();
+
+	ret = torture_smb2_connection_ext(tctx, previous_session_id,
+					  &options, &tree2);
+	torture_assert_goto(tctx, ret, ret, done, "couldn't reconnect");
+
+	/*
+	 * check that this has deleted the old session
+	 */
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_handle = h;
+	io.in.lease_request = &ls;
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_USER_SESSION_DELETED);
+	TALLOC_FREE(tree);
+
+
+	/*
+	 * but a durable reconnect on the new session with the wrong
+	 * client guid fails
+	 */
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_handle = h;
+	io.in.lease_request = &ls;
+	status = smb2_create(tree2, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	/*
+	 * now a session reconnect on a second tcp connection
+	 * with original client_guid allows the durable reconnect.
+	 */
+
+	options.client_guid = orig_client_guid;
+
+	ret = torture_smb2_connection_ext(tctx, previous_session_id,
+					  &options, &tree3);
+	torture_assert_goto(tctx, ret, ret, done, "couldn't reconnect");
+
+	/*
+	 * check that this has deleted the old session
+	 * In this case, a durable reconnect attempt with the
+	 * correct client_guid yields a different error code.
+	 */
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_handle = h;
+	io.in.lease_request = &ls;
+	status = smb2_create(tree2, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+	TALLOC_FREE(tree2);
+
+	/*
+	 * but a durable reconnect on the new session succeeds:
+	 */
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_handle = h;
+	io.in.lease_request = &ls;
+	status = smb2_create(tree3, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.durable_open, false); /* no dh response context... */
+	CHECK_VAL(io.out.oplock_level, SMB2_OPLOCK_LEVEL_LEASE);
+	CHECK_VAL(io.out.lease_response.lease_key.data[0], lease_key);
+	CHECK_VAL(io.out.lease_response.lease_key.data[1], ~lease_key);
+	CHECK_VAL(io.out.lease_response.lease_state,
+		  smb2_util_lease_state("RWH"));
+	CHECK_VAL(io.out.lease_response.lease_flags, 0);
+	CHECK_VAL(io.out.lease_response.lease_duration, 0);
+	_h = io.out.file.handle;
+	h = &_h;
+
+done:
+	if (tree == NULL) {
+		tree = tree2;
+	}
+
+	if (tree == NULL) {
+		tree = tree3;
+	}
+
+	if (tree != NULL) {
+		if (h != NULL) {
+			smb2_util_close(tree, *h);
+		}
+
+		smb2_util_unlink(tree, fname);
+
+		talloc_free(tree);
+	}
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+
+/**
+ * basic test for doing a durable open
+ * tcp disconnect, reconnect, do a durable reopen (succeeds)
+ */
+static bool test_durable_open_reopen2(struct torture_context *tctx,
+				      struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_create io;
+	bool ret = true;
+
+	/* Choose a random name in case the state is left a little funky. */
+	snprintf(fname, 256, "durable_open_reopen2_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_oplock_create_share(&io, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+	io.in.durable_open = true;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h = io.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.durable_open, true);
+	CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+
+	/* disconnect, leaving the durable in place */
+	TALLOC_FREE(tree);
+
+	if (!torture_smb2_connection(tctx, &tree)) {
+		torture_warning(tctx, "couldn't reconnect, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	ZERO_STRUCT(io);
+	/* the path name is ignored by the server */
+	io.in.fname = fname;
+	io.in.durable_handle = h; /* durable v1 reconnect request */
+	h = NULL;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+	_h = io.out.file.handle;
+	h = &_h;
+
+	/* disconnect again, leaving the durable in place */
+	TALLOC_FREE(tree);
+
+	if (!torture_smb2_connection(tctx, &tree)) {
+		torture_warning(tctx, "couldn't reconnect, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	/*
+	 * show that the filename and many other fields
+	 * are ignored. only the reconnect request blob
+	 * is important.
+	 */
+	ZERO_STRUCT(io);
+	/* the path name is ignored by the server */
+	io.in.security_flags = 0x78;
+	io.in.oplock_level = 0x78;
+	io.in.impersonation_level = 0x12345678;
+	io.in.create_flags = 0x12345678;
+	io.in.reserved = 0x12345678;
+	io.in.desired_access = 0x12345678;
+	io.in.file_attributes = 0x12345678;
+	io.in.share_access = 0x12345678;
+	io.in.create_disposition = 0x12345678;
+	io.in.create_options = 0x12345678;
+	io.in.fname = "__non_existing_fname__";
+	io.in.durable_handle = h; /* durable v1 reconnect request */
+	h = NULL;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+	_h = io.out.file.handle;
+	h = &_h;
+
+	/* disconnect, leaving the durable in place */
+	TALLOC_FREE(tree);
+
+	if (!torture_smb2_connection(tctx, &tree)) {
+		torture_warning(tctx, "couldn't reconnect, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	/*
+	 * show that an additionally specified durable v1 request
+	 * is ignored by the server.
+	 * See MS-SMB2, 3.3.5.9.7
+	 * Handling the SMB2_CREATE_DURABLE_HANDLE_RECONNECT Create Context
+	 */
+	ZERO_STRUCT(io);
+	/* the path name is ignored by the server */
+	io.in.fname = fname;
+	io.in.durable_handle = h;  /* durable v1 reconnect request */
+	io.in.durable_open = true; /* durable v1 handle request */
+	h = NULL;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+	_h = io.out.file.handle;
+	h = &_h;
+
+done:
+	if (tree != NULL) {
+		if (h != NULL) {
+			smb2_util_close(tree, *h);
+		}
+
+		smb2_util_unlink(tree, fname);
+
+		talloc_free(tree);
+	}
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * lease variant of reopen2
+ * basic test for doing a durable open
+ * tcp disconnect, reconnect, do a durable reopen (succeeds)
+ */
+static bool test_durable_open_reopen2_lease(struct torture_context *tctx,
+					    struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_create io;
+	struct smb2_lease ls;
+	uint64_t lease_key;
+	bool ret = true;
+	struct smbcli_options options;
+	uint32_t caps;
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	options = tree->session->transport->options;
+
+	/* Choose a random name in case the state is left a little funky. */
+	snprintf(fname, 256, "durable_open_reopen2_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	lease_key = random();
+	smb2_lease_create(&io, &ls, false /* dir */, fname, lease_key,
+			  smb2_util_lease_state("RWH"));
+	io.in.durable_open = true;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h = io.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+
+	CHECK_VAL(io.out.durable_open, true);
+	CHECK_VAL(io.out.oplock_level, SMB2_OPLOCK_LEVEL_LEASE);
+	CHECK_VAL(io.out.lease_response.lease_key.data[0], lease_key);
+	CHECK_VAL(io.out.lease_response.lease_key.data[1], ~lease_key);
+	CHECK_VAL(io.out.lease_response.lease_state,
+		  smb2_util_lease_state("RWH"));
+	CHECK_VAL(io.out.lease_response.lease_flags, 0);
+	CHECK_VAL(io.out.lease_response.lease_duration, 0);
+
+	/* disconnect, reconnect and then do durable reopen */
+	TALLOC_FREE(tree);
+
+	if (!torture_smb2_connection_ext(tctx, 0, &options, &tree)) {
+		torture_warning(tctx, "couldn't reconnect, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+
+	/* a few failure tests: */
+
+	/*
+	 * several attempts without lease attached:
+	 * all fail with NT_STATUS_OBJECT_NAME_NOT_FOUND
+	 * irrespective of file name provided
+	 */
+
+	ZERO_STRUCT(io);
+	io.in.fname = "";
+	io.in.durable_handle = h;
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	ZERO_STRUCT(io);
+	io.in.fname = "__non_existing_fname__";
+	io.in.durable_handle = h;
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_handle = h;
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	/*
+	 * attempt with lease provided, but
+	 * with a changed lease key. => fails
+	 */
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_open = false;
+	io.in.durable_handle = h;
+	io.in.lease_request = &ls;
+	io.in.oplock_level = SMB2_OPLOCK_LEVEL_LEASE;
+	/* a wrong lease key lets the request fail */
+	ls.lease_key.data[0]++;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	/* restore the correct lease key */
+	ls.lease_key.data[0]--;
+
+	/*
+	 * this last failing attempt is almost correct:
+	 * only problem is: we use the wrong filename...
+	 * Note that this gives INVALID_PARAMETER.
+	 * This is different from oplocks!
+	 */
+	ZERO_STRUCT(io);
+	io.in.fname = "__non_existing_fname__";
+	io.in.durable_open = false;
+	io.in.durable_handle = h;
+	io.in.lease_request = &ls;
+	io.in.oplock_level = SMB2_OPLOCK_LEVEL_LEASE;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	/*
+	 * Now for a succeeding reconnect:
+	 */
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_open = false;
+	io.in.durable_handle = h;
+	io.in.lease_request = &ls;
+	io.in.oplock_level = SMB2_OPLOCK_LEVEL_LEASE;
+
+	/* the requested lease state is irrelevant */
+	ls.lease_state = smb2_util_lease_state("");
+
+	h = NULL;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.durable_open, false);
+	CHECK_VAL(io.out.durable_open_v2, false); /* no dh2q response blob */
+	CHECK_VAL(io.out.persistent_open, false);
+	CHECK_VAL(io.out.oplock_level, SMB2_OPLOCK_LEVEL_LEASE);
+	CHECK_VAL(io.out.lease_response.lease_key.data[0], lease_key);
+	CHECK_VAL(io.out.lease_response.lease_key.data[1], ~lease_key);
+	CHECK_VAL(io.out.lease_response.lease_state,
+		  smb2_util_lease_state("RWH"));
+	CHECK_VAL(io.out.lease_response.lease_flags, 0);
+	CHECK_VAL(io.out.lease_response.lease_duration, 0);
+	_h = io.out.file.handle;
+	h = &_h;
+
+	/* disconnect one more time */
+	TALLOC_FREE(tree);
+
+	if (!torture_smb2_connection_ext(tctx, 0, &options, &tree)) {
+		torture_warning(tctx, "couldn't reconnect, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	/*
+	 * demonstrate that various parameters are ignored
+	 * in the reconnect
+	 */
+
+	ZERO_STRUCT(io);
+	/*
+	 * These are completely ignored by the server
+	 */
+	io.in.security_flags = 0x78;
+	io.in.oplock_level = 0x78;
+	io.in.impersonation_level = 0x12345678;
+	io.in.create_flags = 0x12345678;
+	io.in.reserved = 0x12345678;
+	io.in.desired_access = 0x12345678;
+	io.in.file_attributes = 0x12345678;
+	io.in.share_access = 0x12345678;
+	io.in.create_disposition = 0x12345678;
+	io.in.create_options = 0x12345678;
+
+	/*
+	 * only these are checked:
+	 * - io.in.fname
+	 * - io.in.durable_handle,
+	 * - io.in.lease_request->lease_key
+	 */
+
+	io.in.fname = fname;
+	io.in.durable_open_v2 = false;
+	io.in.durable_handle_v2 = h;
+	io.in.lease_request = &ls;
+
+	/* the requested lease state is irrelevant */
+	ls.lease_state = smb2_util_lease_state("");
+
+	h = NULL;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.durable_open, false);
+	CHECK_VAL(io.out.durable_open_v2, false); /* no dh2q response blob */
+	CHECK_VAL(io.out.persistent_open, false);
+	CHECK_VAL(io.out.oplock_level, SMB2_OPLOCK_LEVEL_LEASE);
+	CHECK_VAL(io.out.lease_response.lease_key.data[0], lease_key);
+	CHECK_VAL(io.out.lease_response.lease_key.data[1], ~lease_key);
+	CHECK_VAL(io.out.lease_response.lease_state,
+		  smb2_util_lease_state("RWH"));
+	CHECK_VAL(io.out.lease_response.lease_flags, 0);
+	CHECK_VAL(io.out.lease_response.lease_duration, 0);
+
+	_h = io.out.file.handle;
+	h = &_h;
+
+done:
+	if (tree != NULL) {
+		if (h != NULL) {
+			smb2_util_close(tree, *h);
+		}
+
+		smb2_util_unlink(tree, fname);
+
+		talloc_free(tree);
+	}
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * lease v2 variant of reopen2
+ * basic test for doing a durable open
+ * tcp disconnect, reconnect, do a durable reopen (succeeds)
+ */
+static bool test_durable_open_reopen2_lease_v2(struct torture_context *tctx,
+					       struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_create io;
+	struct smb2_lease ls;
+	uint64_t lease_key;
+	bool ret = true;
+	struct smbcli_options options;
+	uint32_t caps;
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	options = tree->session->transport->options;
+
+	/* Choose a random name in case the state is left a little funky. */
+	snprintf(fname, 256, "durable_open_reopen2_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	lease_key = random();
+	smb2_lease_v2_create(&io, &ls, false /* dir */, fname,
+			     lease_key, 0, /* parent lease key */
+			     smb2_util_lease_state("RWH"), 0 /* lease epoch */);
+	io.in.durable_open = true;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h = io.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+
+	CHECK_VAL(io.out.durable_open, true);
+	CHECK_VAL(io.out.oplock_level, SMB2_OPLOCK_LEVEL_LEASE);
+	CHECK_VAL(io.out.lease_response_v2.lease_key.data[0], lease_key);
+	CHECK_VAL(io.out.lease_response_v2.lease_key.data[1], ~lease_key);
+	CHECK_VAL(io.out.lease_response_v2.lease_state,
+		  smb2_util_lease_state("RWH"));
+	CHECK_VAL(io.out.lease_response_v2.lease_flags, 0);
+	CHECK_VAL(io.out.lease_response_v2.lease_duration, 0);
+
+	/* disconnect, reconnect and then do durable reopen */
+	TALLOC_FREE(tree);
+
+	if (!torture_smb2_connection_ext(tctx, 0, &options, &tree)) {
+		torture_warning(tctx, "couldn't reconnect, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	/* a few failure tests: */
+
+	/*
+	 * several attempts without lease attached:
+	 * all fail with NT_STATUS_OBJECT_NAME_NOT_FOUND
+	 * irrespective of file name provided
+	 */
+
+	ZERO_STRUCT(io);
+	io.in.fname = "";
+	io.in.durable_handle = h;
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	ZERO_STRUCT(io);
+	io.in.fname = "__non_existing_fname__";
+	io.in.durable_handle = h;
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_handle = h;
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	/*
+	 * attempt with lease provided, but
+	 * with a changed lease key. => fails
+	 */
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_open = false;
+	io.in.durable_handle = h;
+	io.in.lease_request_v2 = &ls;
+	io.in.oplock_level = SMB2_OPLOCK_LEVEL_LEASE;
+	/* a wrong lease key lets the request fail */
+	ls.lease_key.data[0]++;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	/* restore the correct lease key */
+	ls.lease_key.data[0]--;
+
+	/*
+	 * this last failing attempt is almost correct:
+	 * only problem is: we use the wrong filename...
+	 * Note that this gives INVALID_PARAMETER.
+	 * This is different from oplocks!
+	 */
+	ZERO_STRUCT(io);
+	io.in.fname = "__non_existing_fname__";
+	io.in.durable_open = false;
+	io.in.durable_handle = h;
+	io.in.lease_request_v2 = &ls;
+	io.in.oplock_level = SMB2_OPLOCK_LEVEL_LEASE;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	/*
+	 * Now for a succeeding reconnect:
+	 */
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_open = false;
+	io.in.durable_handle = h;
+	io.in.lease_request_v2 = &ls;
+	io.in.oplock_level = SMB2_OPLOCK_LEVEL_LEASE;
+
+	/* the requested lease state is irrelevant */
+	ls.lease_state = smb2_util_lease_state("");
+
+	h = NULL;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.durable_open, false);
+	CHECK_VAL(io.out.durable_open_v2, false); /* no dh2q response blob */
+	CHECK_VAL(io.out.persistent_open, false);
+	CHECK_VAL(io.out.oplock_level, SMB2_OPLOCK_LEVEL_LEASE);
+	CHECK_VAL(io.out.lease_response_v2.lease_key.data[0], lease_key);
+	CHECK_VAL(io.out.lease_response_v2.lease_key.data[1], ~lease_key);
+	CHECK_VAL(io.out.lease_response_v2.lease_state,
+		  smb2_util_lease_state("RWH"));
+	CHECK_VAL(io.out.lease_response_v2.lease_flags, 0);
+	CHECK_VAL(io.out.lease_response_v2.lease_duration, 0);
+	_h = io.out.file.handle;
+	h = &_h;
+
+	/* disconnect one more time */
+	TALLOC_FREE(tree);
+
+	if (!torture_smb2_connection_ext(tctx, 0, &options, &tree)) {
+		torture_warning(tctx, "couldn't reconnect, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	/*
+	 * demonstrate that various parameters are ignored
+	 * in the reconnect
+	 */
+
+	ZERO_STRUCT(io);
+	/*
+	 * These are completely ignored by the server
+	 */
+	io.in.security_flags = 0x78;
+	io.in.oplock_level = 0x78;
+	io.in.impersonation_level = 0x12345678;
+	io.in.create_flags = 0x12345678;
+	io.in.reserved = 0x12345678;
+	io.in.desired_access = 0x12345678;
+	io.in.file_attributes = 0x12345678;
+	io.in.share_access = 0x12345678;
+	io.in.create_disposition = 0x12345678;
+	io.in.create_options = 0x12345678;
+
+	/*
+	 * only these are checked:
+	 * - io.in.fname
+	 * - io.in.durable_handle,
+	 * - io.in.lease_request->lease_key
+	 */
+
+	io.in.fname = fname;
+	io.in.durable_open_v2 = false;
+	io.in.durable_handle_v2 = h;
+	io.in.lease_request_v2 = &ls;
+
+	/* the requested lease state is irrelevant */
+	ls.lease_state = smb2_util_lease_state("");
+
+	h = NULL;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.durable_open, false);
+	CHECK_VAL(io.out.durable_open_v2, false); /* no dh2q response blob */
+	CHECK_VAL(io.out.persistent_open, false);
+	CHECK_VAL(io.out.oplock_level, SMB2_OPLOCK_LEVEL_LEASE);
+	CHECK_VAL(io.out.lease_response_v2.lease_key.data[0], lease_key);
+	CHECK_VAL(io.out.lease_response_v2.lease_key.data[1], ~lease_key);
+	CHECK_VAL(io.out.lease_response_v2.lease_state,
+		  smb2_util_lease_state("RWH"));
+	CHECK_VAL(io.out.lease_response_v2.lease_flags, 0);
+	CHECK_VAL(io.out.lease_response_v2.lease_duration, 0);
+
+	_h = io.out.file.handle;
+	h = &_h;
+
+done:
+	if (tree != NULL) {
+		if (h != NULL) {
+			smb2_util_close(tree, *h);
+		}
+
+		smb2_util_unlink(tree, fname);
+
+		talloc_free(tree);
+	}
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * basic test for doing a durable open
+ * tcp disconnect, reconnect with a session reconnect and
+ * do a durable reopen (succeeds)
+ */
+static bool test_durable_open_reopen2a(struct torture_context *tctx,
+				       struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_create io1, io2;
+	uint64_t previous_session_id;
+	bool ret = true;
+	struct smbcli_options options;
+
+	options = tree->session->transport->options;
+
+	/* Choose a random name in case the state is left a little funky. */
+	snprintf(fname, 256, "durable_open_reopen2_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_oplock_create_share(&io1, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+	io1.in.durable_open = true;
+
+	status = smb2_create(tree, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h = io1.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io1.out.durable_open, true);
+	CHECK_VAL(io1.out.oplock_level, smb2_util_oplock_level("b"));
+
+	/* disconnect, reconnect and then do durable reopen */
+	previous_session_id = smb2cli_session_current_id(tree->session->smbXcli);
+	talloc_free(tree);
+	tree = NULL;
+
+	if (!torture_smb2_connection_ext(tctx, previous_session_id,
+					 &options, &tree))
+	{
+		torture_warning(tctx, "couldn't reconnect, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	ZERO_STRUCT(io2);
+	io2.in.fname = fname;
+	io2.in.durable_handle = h;
+	h = NULL;
+
+	status = smb2_create(tree, mem_ctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATED(&io2, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io2.out.oplock_level, smb2_util_oplock_level("b"));
+	_h = io2.out.file.handle;
+	h = &_h;
+
+done:
+	if (tree != NULL) {
+		if (h != NULL) {
+			smb2_util_close(tree, *h);
+		}
+
+		smb2_util_unlink(tree, fname);
+
+		talloc_free(tree);
+	}
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+
+/**
+ * basic test for doing a durable open:
+ * tdis, new tcon, try durable reopen (fails)
+ */
+static bool test_durable_open_reopen3(struct torture_context *tctx,
+				      struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_create io1, io2;
+	bool ret = true;
+	struct smb2_tree *tree2;
+
+	/* Choose a random name in case the state is left a little funky. */
+	snprintf(fname, 256, "durable_open_reopen3_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_oplock_create_share(&io1, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+	io1.in.durable_open = true;
+
+	status = smb2_create(tree, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h = io1.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io1.out.durable_open, true);
+	CHECK_VAL(io1.out.oplock_level, smb2_util_oplock_level("b"));
+
+	/* disconnect, reconnect and then do durable reopen */
+	status = smb2_tdis(tree);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	if (!torture_smb2_tree_connect(tctx, tree->session, mem_ctx, &tree2)) {
+		torture_warning(tctx, "couldn't reconnect to share, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+
+	ZERO_STRUCT(io2);
+	io2.in.fname = fname;
+	io2.in.durable_handle = h;
+
+	status = smb2_create(tree2, mem_ctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+done:
+	if (tree != NULL) {
+		if (h != NULL) {
+			smb2_util_close(tree, *h);
+		}
+
+		smb2_util_unlink(tree2, fname);
+
+		talloc_free(tree);
+	}
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * basic test for doing a durable open:
+ * logoff, create a new session, do a durable reopen (succeeds)
+ */
+static bool test_durable_open_reopen4(struct torture_context *tctx,
+				      struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_create io1, io2;
+	bool ret = true;
+	struct smb2_transport *transport;
+	struct smb2_session *session2;
+	struct smb2_tree *tree2;
+
+	/* Choose a random name in case the state is left a little funky. */
+	snprintf(fname, 256, "durable_open_reopen4_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_oplock_create_share(&io1, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+	io1.in.durable_open = true;
+
+	status = smb2_create(tree, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h = io1.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io1.out.durable_open, true);
+	CHECK_VAL(io1.out.oplock_level, smb2_util_oplock_level("b"));
+
+	/*
+	 * do a session logoff, establish a new session and tree
+	 * connect on the same transport, and try a durable reopen
+	 */
+	transport = tree->session->transport;
+	status = smb2_logoff(tree->session);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	if (!torture_smb2_session_setup(tctx, transport,
+					0, /* previous_session_id */
+					mem_ctx, &session2))
+	{
+		torture_warning(tctx, "session setup failed.\n");
+		ret = false;
+		goto done;
+	}
+
+	/*
+	 * the session setup has talloc-stolen the transport,
+	 * so we can safely free the old tree+session for clarity
+	 */
+	TALLOC_FREE(tree);
+
+	if (!torture_smb2_tree_connect(tctx, session2, mem_ctx, &tree2)) {
+		torture_warning(tctx, "tree connect failed.\n");
+		ret = false;
+		goto done;
+	}
+
+	ZERO_STRUCT(io2);
+	io2.in.fname = fname;
+	io2.in.durable_handle = h;
+	h = NULL;
+
+	status = smb2_create(tree2, mem_ctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	_h = io2.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io2, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io2.out.oplock_level, smb2_util_oplock_level("b"));
+
+done:
+	if (tree != NULL) {
+		if (h != NULL) {
+			smb2_util_close(tree2, *h);
+		}
+
+		smb2_util_unlink(tree2, fname);
+
+		talloc_free(tree);
+	}
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+static bool test_durable_open_delete_on_close1(struct torture_context *tctx,
+					       struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_create io1, io2;
+	bool ret = true;
+	uint8_t b = 0;
+
+	/* Choose a random name in case the state is left a little funky. */
+	snprintf(fname, 256, "durable_open_delete_on_close1_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_oplock_create_share(&io1, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+	io1.in.durable_open = true;
+	io1.in.create_options |= NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
+
+	status = smb2_create(tree, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h = io1.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io1.out.durable_open, true);
+	CHECK_VAL(io1.out.oplock_level, smb2_util_oplock_level("b"));
+
+	status = smb2_util_write(tree, *h, &b, 0, 1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* disconnect, leaving the durable handle in place */
+	TALLOC_FREE(tree);
+
+	if (!torture_smb2_connection(tctx, &tree)) {
+		torture_warning(tctx, "could not reconnect, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	/*
+	 * Open the file on the new connection again
+	 * and check that it has been newly created,
+	 * i.e. delete on close was effective on the disconnected handle.
+	 * Also check that the file is really empty,
+	 * the previously written byte gone.
+	 */
+	smb2_oplock_create_share(&io2, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+	io2.in.create_options |= NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
+
+	status = smb2_create(tree, mem_ctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h = io2.out.file.handle;
+	h = &_h;
+	CHECK_CREATED_SIZE(&io2, CREATED, FILE_ATTRIBUTE_ARCHIVE, 0, 0);
+	CHECK_VAL(io2.out.durable_open, false);
+	CHECK_VAL(io2.out.oplock_level, smb2_util_oplock_level("b"));
+
+done:
+	if (tree != NULL) {
+		if (h != NULL) {
+			smb2_util_close(tree, *h);
+		}
+
+		smb2_util_unlink(tree, fname);
+
+		talloc_free(tree);
+	}
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+
+static bool test_durable_open_delete_on_close2(struct torture_context *tctx,
+					       struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_create io;
+	bool ret = true;
+	uint8_t b = 0;
+	uint64_t previous_session_id;
+	uint64_t alloc_size_step;
+	struct smbcli_options options;
+
+	options = tree->session->transport->options;
+
+	/* Choose a random name in case the state is left a little funky. */
+	snprintf(fname, 256, "durable_open_delete_on_close2_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_oplock_create_share(&io, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+	io.in.durable_open = true;
+	io.in.create_options |= NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h = io.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.durable_open, true);
+	CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+
+	status = smb2_util_write(tree, *h, &b, 0, 1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	previous_session_id = smb2cli_session_current_id(tree->session->smbXcli);
+
+	/* disconnect, leaving the durable handle in place */
+	TALLOC_FREE(tree);
+
+	if (!torture_smb2_connection_ext(tctx, previous_session_id,
+					 &options, &tree))
+	{
+		torture_warning(tctx, "could not reconnect, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_handle = h;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h = io.out.file.handle;
+	h = &_h;
+	alloc_size_step = io.out.alloc_size;
+	CHECK_CREATED_SIZE(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE, alloc_size_step, 1);
+	CHECK_VAL(io.out.durable_open, false);
+	CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+
+	/* close the file, thereby deleting it */
+	smb2_util_close(tree, *h);
+	status = smb2_logoff(tree->session);
+	TALLOC_FREE(tree);
+
+	if (!torture_smb2_connection(tctx, &tree)) {
+		torture_warning(tctx, "could not reconnect, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	/*
+	 * Open the file on the new connection again
+	 * and check that it has been newly created,
+	 * i.e. delete on close was effective on the reconnected handle.
+	 * Also check that the file is really empty,
+	 * the previously written byte gone.
+	 */
+	smb2_oplock_create_share(&io, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+	io.in.durable_open = true;
+	io.in.create_options |= NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h = io.out.file.handle;
+	h = &_h;
+	CHECK_CREATED_SIZE(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE, 0, 0);
+	CHECK_VAL(io.out.durable_open, true);
+	CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+
+done:
+	if (tree != NULL) {
+		if (h != NULL) {
+			smb2_util_close(tree, *h);
+		}
+
+		smb2_util_unlink(tree, fname);
+
+		talloc_free(tree);
+	}
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/*
+   basic testing of SMB2 durable opens
+   regarding the position information on the handle
+*/
+static bool test_durable_open_file_position(struct torture_context *tctx,
+					    struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_handle h;
+	struct smb2_create io;
+	NTSTATUS status;
+	const char *fname = "durable_open_position.dat";
+	union smb_fileinfo qfinfo;
+	union smb_setfileinfo sfinfo;
+	bool ret = true;
+	uint64_t pos;
+	uint64_t previous_session_id;
+	struct smbcli_options options;
+
+	options = tree->session->transport->options;
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_oplock_create(&io, fname, SMB2_OPLOCK_LEVEL_BATCH);
+	io.in.durable_open = true;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h = io.out.file.handle;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.durable_open, true);
+	CHECK_VAL(io.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+	/* TODO: check extra blob content */
+
+	ZERO_STRUCT(qfinfo);
+	qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
+	qfinfo.generic.in.file.handle = h;
+	status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(qfinfo.position_information.out.position, 0);
+	pos = qfinfo.position_information.out.position;
+	torture_comment(tctx, "position: %llu\n",
+			(unsigned long long)pos);
+
+	ZERO_STRUCT(sfinfo);
+	sfinfo.generic.level = RAW_SFILEINFO_POSITION_INFORMATION;
+	sfinfo.generic.in.file.handle = h;
+	sfinfo.position_information.in.position = 0x1000;
+	status = smb2_setinfo_file(tree, &sfinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(qfinfo);
+	qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
+	qfinfo.generic.in.file.handle = h;
+	status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(qfinfo.position_information.out.position, 0x1000);
+	pos = qfinfo.position_information.out.position;
+	torture_comment(tctx, "position: %llu\n",
+			(unsigned long long)pos);
+
+	previous_session_id = smb2cli_session_current_id(tree->session->smbXcli);
+
+	/* tcp disconnect */
+	talloc_free(tree);
+	tree = NULL;
+
+	/* do a session reconnect */
+	if (!torture_smb2_connection_ext(tctx, previous_session_id,
+					 &options, &tree))
+	{
+		torture_warning(tctx, "couldn't reconnect, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	ZERO_STRUCT(qfinfo);
+	qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
+	qfinfo.generic.in.file.handle = h;
+	status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
+	CHECK_STATUS(status, NT_STATUS_FILE_CLOSED);
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_handle = &h;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(io.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+	CHECK_VAL(io.out.reserved, 0x00);
+	CHECK_VAL(io.out.create_action, NTCREATEX_ACTION_EXISTED);
+	CHECK_VAL(io.out.size, 0);
+	CHECK_VAL(io.out.file_attr, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.reserved2, 0);
+
+	h = io.out.file.handle;
+
+	ZERO_STRUCT(qfinfo);
+	qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
+	qfinfo.generic.in.file.handle = h;
+	status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(qfinfo.position_information.out.position, 0x1000);
+	pos = qfinfo.position_information.out.position;
+	torture_comment(tctx, "position: %llu\n",
+			(unsigned long long)pos);
+
+	smb2_util_close(tree, h);
+
+	talloc_free(mem_ctx);
+
+	smb2_util_unlink(tree, fname);
+
+done:
+	talloc_free(tree);
+
+	return ret;
+}
+
+/*
+  Open, disconnect, oplock break, reconnect.
+*/
+static bool test_durable_open_oplock(struct torture_context *tctx,
+				     struct smb2_tree *tree1,
+				     struct smb2_tree *tree2)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io1, io2;
+	struct smb2_handle h1 = {{0}};
+	struct smb2_handle h2 = {{0}};
+	NTSTATUS status;
+	char fname[256];
+	bool ret = true;
+
+	/* Choose a random name in case the state is left a little funky. */
+	snprintf(fname, 256, "durable_open_oplock_%s.dat", generate_random_str(tctx, 8));
+
+	/* Clean slate */
+	smb2_util_unlink(tree1, fname);
+
+	/* Create with batch oplock */
+	smb2_oplock_create(&io1, fname, SMB2_OPLOCK_LEVEL_BATCH);
+	io1.in.durable_open = true;
+
+	io2 = io1;
+	io2.in.create_disposition = NTCREATEX_DISP_OPEN;
+
+	status = smb2_create(tree1, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io1.out.file.handle;
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io1.out.durable_open, true);
+	CHECK_VAL(io1.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+	/* Disconnect after getting the batch */
+	talloc_free(tree1);
+	tree1 = NULL;
+
+	/*
+	 * Windows7 (build 7000) will break a batch oplock immediately if the
+	 * original client is gone. (ZML: This seems like a bug. It should give
+	 * some time for the client to reconnect!)
+	 */
+	status = smb2_create(tree2, mem_ctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io2.out.file.handle;
+	CHECK_CREATED(&io2, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io2.out.durable_open, true);
+	CHECK_VAL(io2.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+	/* What if tree1 tries to come back and reclaim? */
+	if (!torture_smb2_connection(tctx, &tree1)) {
+		torture_warning(tctx, "couldn't reconnect, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	ZERO_STRUCT(io1);
+	io1.in.fname = fname;
+	io1.in.durable_handle = &h1;
+
+	status = smb2_create(tree1, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+ done:
+	smb2_util_close(tree2, h2);
+	smb2_util_unlink(tree2, fname);
+
+	talloc_free(tree1);
+	talloc_free(tree2);
+
+	return ret;
+}
+
+/*
+  Open, disconnect, lease break, reconnect.
+*/
+static bool test_durable_open_lease(struct torture_context *tctx,
+				    struct smb2_tree *tree1,
+				    struct smb2_tree *tree2)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io1, io2;
+	struct smb2_lease ls1, ls2;
+	struct smb2_handle h1 = {{0}};
+	struct smb2_handle h2 = {{0}};
+	NTSTATUS status;
+	char fname[256];
+	bool ret = true;
+	uint64_t lease1, lease2;
+	uint32_t caps;
+
+	caps = smb2cli_conn_server_capabilities(tree1->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	/*
+	 * Choose a random name and random lease in case the state is left a
+	 * little funky.
+	 */
+	lease1 = random();
+	lease2 = random();
+	snprintf(fname, 256, "durable_open_lease_%s.dat", generate_random_str(tctx, 8));
+
+	/* Clean slate */
+	smb2_util_unlink(tree1, fname);
+
+	/* Create with lease */
+	smb2_lease_create(&io1, &ls1, false /* dir */, fname,
+			  lease1, smb2_util_lease_state("RHW"));
+	io1.in.durable_open = true;
+
+	smb2_lease_create(&io2, &ls2, false /* dir */, fname,
+			  lease2, smb2_util_lease_state("RHW"));
+	io2.in.durable_open = true;
+	io2.in.create_disposition = NTCREATEX_DISP_OPEN;
+
+	status = smb2_create(tree1, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io1.out.file.handle;
+	CHECK_VAL(io1.out.durable_open, true);
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+
+	CHECK_VAL(io1.out.oplock_level, SMB2_OPLOCK_LEVEL_LEASE);
+	CHECK_VAL(io1.out.lease_response.lease_key.data[0], lease1);
+	CHECK_VAL(io1.out.lease_response.lease_key.data[1], ~lease1);
+	CHECK_VAL(io1.out.lease_response.lease_state,
+	    SMB2_LEASE_READ|SMB2_LEASE_HANDLE|SMB2_LEASE_WRITE);
+
+	/* Disconnect after getting the lease */
+	talloc_free(tree1);
+	tree1 = NULL;
+
+	/*
+	 * Windows7 (build 7000) will grant an RH lease immediate (not an RHW?)
+	 * even if the original client is gone. (ZML: This seems like a bug. It
+	 * should give some time for the client to reconnect! And why RH?)
+	 * 
+	 * obnox: Current windows 7 and w2k8r2 grant RHW instead of RH.
+	 * Test is adapted accordingly.
+	 */
+	status = smb2_create(tree2, mem_ctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io2.out.file.handle;
+	CHECK_VAL(io2.out.durable_open, true);
+	CHECK_CREATED(&io2, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+
+	CHECK_VAL(io2.out.oplock_level, SMB2_OPLOCK_LEVEL_LEASE);
+	CHECK_VAL(io2.out.lease_response.lease_key.data[0], lease2);
+	CHECK_VAL(io2.out.lease_response.lease_key.data[1], ~lease2);
+	CHECK_VAL(io2.out.lease_response.lease_state,
+	    SMB2_LEASE_READ|SMB2_LEASE_HANDLE|SMB2_LEASE_WRITE);
+
+	/* What if tree1 tries to come back and reclaim? */
+	if (!torture_smb2_connection(tctx, &tree1)) {
+		torture_warning(tctx, "couldn't reconnect, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	ZERO_STRUCT(io1);
+	io1.in.fname = fname;
+	io1.in.durable_handle = &h1;
+	io1.in.lease_request = &ls1;
+
+	status = smb2_create(tree1, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+ done:
+	smb2_util_close(tree2, h2);
+	smb2_util_unlink(tree2, fname);
+
+	talloc_free(tree1);
+	talloc_free(tree2);
+
+	return ret;
+}
+
+static bool test_durable_open_lock_oplock(struct torture_context *tctx,
+					  struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io;
+	struct smb2_handle h = {{0}};
+	struct smb2_lock lck;
+	struct smb2_lock_element el[2];
+	NTSTATUS status;
+	char fname[256];
+	bool ret = true;
+
+	/*
+	 */
+	snprintf(fname, 256, "durable_open_oplock_lock_%s.dat", generate_random_str(tctx, 8));
+
+	/* Clean slate */
+	smb2_util_unlink(tree, fname);
+
+	/* Create with oplock */
+
+	smb2_oplock_create_share(&io, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+	io.in.durable_open = true;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h = io.out.file.handle;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+
+	CHECK_VAL(io.out.durable_open, true);
+	CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+
+	ZERO_STRUCT(lck);
+	ZERO_STRUCT(el);
+	lck.in.locks		= el;
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x00000000;
+	lck.in.file.handle	= h;
+	el[0].offset		= 0;
+	el[0].length		= 1;
+	el[0].reserved		= 0x00000000;
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Disconnect/Reconnect. */
+	talloc_free(tree);
+	tree = NULL;
+
+	if (!torture_smb2_connection(tctx, &tree)) {
+		torture_warning(tctx, "couldn't reconnect, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_handle = &h;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h = io.out.file.handle;
+
+	lck.in.file.handle	= h;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+ done:
+	smb2_util_close(tree, h);
+	smb2_util_unlink(tree, fname);
+	talloc_free(tree);
+
+	return ret;
+}
+
+/*
+  Open, take BRL, disconnect, reconnect.
+*/
+static bool test_durable_open_lock_lease(struct torture_context *tctx,
+					 struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io;
+	struct smb2_lease ls;
+	struct smb2_handle h = {{0}};
+	struct smb2_lock lck;
+	struct smb2_lock_element el[2];
+	NTSTATUS status;
+	char fname[256];
+	bool ret = true;
+	uint64_t lease;
+	uint32_t caps;
+	struct smbcli_options options;
+
+	options = tree->session->transport->options;
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	/*
+	 * Choose a random name and random lease in case the state is left a
+	 * little funky.
+	 */
+	lease = random();
+	snprintf(fname, 256, "durable_open_lease_lock_%s.dat", generate_random_str(tctx, 8));
+
+	/* Clean slate */
+	smb2_util_unlink(tree, fname);
+
+	/* Create with lease */
+
+	smb2_lease_create(&io, &ls, false /* dir */, fname, lease,
+			  smb2_util_lease_state("RWH"));
+	io.in.durable_open 		= true;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h = io.out.file.handle;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+
+	CHECK_VAL(io.out.durable_open, true);
+	CHECK_VAL(io.out.oplock_level, SMB2_OPLOCK_LEVEL_LEASE);
+	CHECK_VAL(io.out.lease_response.lease_key.data[0], lease);
+	CHECK_VAL(io.out.lease_response.lease_key.data[1], ~lease);
+	CHECK_VAL(io.out.lease_response.lease_state,
+	    SMB2_LEASE_READ|SMB2_LEASE_HANDLE|SMB2_LEASE_WRITE);
+
+	ZERO_STRUCT(lck);
+	ZERO_STRUCT(el);
+	lck.in.locks		= el;
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x00000000;
+	lck.in.file.handle	= h;
+	el[0].offset		= 0;
+	el[0].length		= 1;
+	el[0].reserved		= 0x00000000;
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Disconnect/Reconnect. */
+	talloc_free(tree);
+	tree = NULL;
+
+	if (!torture_smb2_connection_ext(tctx, 0, &options, &tree)) {
+		torture_warning(tctx, "couldn't reconnect, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_handle = &h;
+	io.in.lease_request = &ls;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h = io.out.file.handle;
+
+	lck.in.file.handle	= h;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+ done:
+	smb2_util_close(tree, h);
+	smb2_util_unlink(tree, fname);
+	talloc_free(tree);
+
+	return ret;
+}
+
+/**
+ * Open with a RH lease, disconnect, open in another tree, reconnect.
+ *
+ * This test actually demonstrates a minimum level of respect for the durable
+ * open in the face of another open. As long as this test shows an inability to
+ * reconnect after an open, the oplock/lease tests above will certainly
+ * demonstrate an error on reconnect.
+ */
+static bool test_durable_open_open2_lease(struct torture_context *tctx,
+					  struct smb2_tree *tree1,
+					  struct smb2_tree *tree2)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io1, io2;
+	struct smb2_lease ls;
+	struct smb2_handle h1 = {{0}};
+	struct smb2_handle h2 = {{0}};
+	NTSTATUS status;
+	char fname[256];
+	bool ret = true;
+	uint64_t lease;
+	uint32_t caps;
+	struct smbcli_options options;
+
+	options = tree1->session->transport->options;
+
+	caps = smb2cli_conn_server_capabilities(tree1->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	/*
+	 * Choose a random name and random lease in case the state is left a
+	 * little funky.
+	 */
+	lease = random();
+	snprintf(fname, 256, "durable_open_open2_lease_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	/* Clean slate */
+	smb2_util_unlink(tree1, fname);
+
+	/* Create with lease */
+	smb2_lease_create_share(&io1, &ls, false /* dir */, fname,
+				smb2_util_share_access(""),
+				lease,
+				smb2_util_lease_state("RH"));
+	io1.in.durable_open = true;
+
+	status = smb2_create(tree1, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io1.out.file.handle;
+	CHECK_VAL(io1.out.durable_open, true);
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+
+	CHECK_VAL(io1.out.oplock_level, SMB2_OPLOCK_LEVEL_LEASE);
+	CHECK_VAL(io1.out.lease_response.lease_key.data[0], lease);
+	CHECK_VAL(io1.out.lease_response.lease_key.data[1], ~lease);
+	CHECK_VAL(io1.out.lease_response.lease_state,
+		  smb2_util_lease_state("RH"));
+
+	/* Disconnect */
+	talloc_free(tree1);
+	tree1 = NULL;
+
+	/* Open the file in tree2 */
+	smb2_oplock_create(&io2, fname, SMB2_OPLOCK_LEVEL_NONE);
+
+	status = smb2_create(tree2, mem_ctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io2.out.file.handle;
+	CHECK_CREATED(&io2, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+
+	/* Reconnect */
+	if (!torture_smb2_connection_ext(tctx, 0, &options, &tree1)) {
+		torture_warning(tctx, "couldn't reconnect, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	ZERO_STRUCT(io1);
+	io1.in.fname = fname;
+	io1.in.durable_handle = &h1;
+	io1.in.lease_request = &ls;
+
+	/*
+	 * Windows7 (build 7000) will give away an open immediately if the
+	 * original client is gone. (ZML: This seems like a bug. It should give
+	 * some time for the client to reconnect!)
+	 */
+	status = smb2_create(tree1, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+	h1 = io1.out.file.handle;
+
+ done:
+	if (tree1 != NULL){
+		smb2_util_close(tree1, h1);
+		smb2_util_unlink(tree1, fname);
+		talloc_free(tree1);
+	}
+
+	smb2_util_close(tree2, h2);
+	smb2_util_unlink(tree2, fname);
+	talloc_free(tree2);
+
+	return ret;
+}
+
+/**
+ * Open with a batch oplock, disconnect, open in another tree, reconnect.
+ *
+ * This test actually demonstrates a minimum level of respect for the durable
+ * open in the face of another open. As long as this test shows an inability to
+ * reconnect after an open, the oplock/lease tests above will certainly
+ * demonstrate an error on reconnect.
+ */
+static bool test_durable_open_open2_oplock(struct torture_context *tctx,
+					   struct smb2_tree *tree1,
+					   struct smb2_tree *tree2)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io1, io2;
+	struct smb2_handle h1 = {{0}};
+	struct smb2_handle h2 = {{0}};
+	NTSTATUS status;
+	char fname[256];
+	bool ret = true;
+
+	/*
+	 * Choose a random name and random lease in case the state is left a
+	 * little funky.
+	 */
+	snprintf(fname, 256, "durable_open_open2_oplock_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	/* Clean slate */
+	smb2_util_unlink(tree1, fname);
+
+	/* Create with batch oplock */
+	smb2_oplock_create(&io1, fname, SMB2_OPLOCK_LEVEL_BATCH);
+	io1.in.durable_open = true;
+
+	status = smb2_create(tree1, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io1.out.file.handle;
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io1.out.durable_open, true);
+	CHECK_VAL(io1.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+	/* Disconnect */
+	talloc_free(tree1);
+	tree1 = NULL;
+
+	/* Open the file in tree2 */
+	smb2_oplock_create(&io2, fname, SMB2_OPLOCK_LEVEL_NONE);
+
+	status = smb2_create(tree2, mem_ctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io2.out.file.handle;
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+
+	/* Reconnect */
+	if (!torture_smb2_connection(tctx, &tree1)) {
+		torture_warning(tctx, "couldn't reconnect, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	ZERO_STRUCT(io1);
+	io1.in.fname = fname;
+	io1.in.durable_handle = &h1;
+
+	status = smb2_create(tree1, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+	h1 = io1.out.file.handle;
+
+ done:
+	smb2_util_close(tree2, h2);
+	smb2_util_unlink(tree2, fname);
+	if (tree1 != NULL) {
+		smb2_util_close(tree1, h1);
+		smb2_util_unlink(tree1, fname);
+	}
+
+	talloc_free(tree1);
+	talloc_free(tree2);
+
+	return ret;
+}
+
+/**
+ * test behaviour with initial allocation size
+ */
+static bool test_durable_open_alloc_size(struct torture_context *tctx,
+					 struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_create io;
+	bool ret = true;
+	uint64_t previous_session_id;
+	uint64_t alloc_size_step;
+	uint64_t initial_alloc_size = 0x1000;
+	const uint8_t *b = NULL;
+	struct smbcli_options options;
+
+	options = tree->session->transport->options;
+
+	/* Choose a random name in case the state is left a little funky. */
+	snprintf(fname, 256, "durable_open_alloc_size_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_oplock_create_share(&io, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+	io.in.durable_open = true;
+	io.in.alloc_size = initial_alloc_size;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h = io.out.file.handle;
+	h = &_h;
+	CHECK_NOT_VAL(io.out.alloc_size, 0);
+	alloc_size_step = io.out.alloc_size;
+	CHECK_CREATED_SIZE(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE,
+			   alloc_size_step, 0);
+	CHECK_VAL(io.out.durable_open, true);
+	CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+
+	/* prepare buffer */
+	b = talloc_zero_size(mem_ctx, alloc_size_step);
+	CHECK_NOT_NULL(b);
+
+	previous_session_id = smb2cli_session_current_id(tree->session->smbXcli);
+
+	/* disconnect, reconnect and then do durable reopen */
+	talloc_free(tree);
+	tree = NULL;
+
+	if (!torture_smb2_connection_ext(tctx, previous_session_id,
+					 &options, &tree))
+	{
+		torture_warning(tctx, "couldn't reconnect, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_handle = h;
+	h = NULL;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATED_SIZE(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE,
+			   alloc_size_step, 0);
+	CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+	_h = io.out.file.handle;
+	h = &_h;
+
+	previous_session_id = smb2cli_session_current_id(tree->session->smbXcli);
+
+	/* write one byte */
+	status = smb2_util_write(tree, *h, b, 0, 1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* disconnect, reconnect and then do durable reopen */
+	talloc_free(tree);
+	tree = NULL;
+
+	if (!torture_smb2_connection_ext(tctx, previous_session_id,
+					 &options, &tree))
+	{
+		torture_warning(tctx, "couldn't reconnect, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_handle = h;
+	h = NULL;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATED_SIZE(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE,
+			   alloc_size_step, 1);
+	CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+	_h = io.out.file.handle;
+	h = &_h;
+
+	previous_session_id = smb2cli_session_current_id(tree->session->smbXcli);
+
+	/* write more byte than initial allocation size */
+	status = smb2_util_write(tree, *h, b, 1, alloc_size_step);
+
+	/* disconnect, reconnect and then do durable reopen */
+	talloc_free(tree);
+	tree = NULL;
+
+	if (!torture_smb2_connection_ext(tctx, previous_session_id,
+					 &options, &tree))
+	{
+		torture_warning(tctx, "couldn't reconnect, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_handle = h;
+	h = NULL;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATED_SIZE(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE,
+			   alloc_size_step * 2, alloc_size_step + 1);
+	CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+	_h = io.out.file.handle;
+	h = &_h;
+
+done:
+	if (h != NULL) {
+		smb2_util_close(tree, *h);
+	}
+
+	smb2_util_unlink(tree, fname);
+
+	talloc_free(tree);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * test behaviour when a disconnect happens while creating a read-only file
+ */
+static bool test_durable_open_read_only(struct torture_context *tctx,
+					struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_create io;
+	bool ret = true;
+	uint64_t previous_session_id;
+	const uint8_t b = 0;
+	uint64_t alloc_size = 0;
+	struct smbcli_options options;
+
+	options = tree->session->transport->options;
+
+	/* Choose a random name in case the state is left a little funky. */
+	snprintf(fname, 256, "durable_open_initial_alloc_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_oplock_create_share(&io, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+	io.in.durable_open = true;
+	io.in.file_attributes = FILE_ATTRIBUTE_READONLY;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h = io.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.durable_open, true);
+	CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+
+	previous_session_id = smb2cli_session_current_id(tree->session->smbXcli);
+
+	/* write one byte */
+	status = smb2_util_write(tree, *h, &b, 0, 1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* disconnect, reconnect and then do durable reopen */
+	talloc_free(tree);
+	tree = NULL;
+
+	if (!torture_smb2_connection_ext(tctx, previous_session_id,
+					 &options, &tree))
+	{
+		torture_warning(tctx, "couldn't reconnect, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_handle = h;
+	h = NULL;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	alloc_size = io.out.alloc_size;
+	CHECK_CREATED_SIZE(&io, EXISTED,
+			   FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_ARCHIVE,
+			   alloc_size, 1);
+	CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+	_h = io.out.file.handle;
+	h = &_h;
+
+	/* write one byte */
+	status = smb2_util_write(tree, *h, &b, 1, 1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+done:
+	if (h != NULL) {
+		union smb_setfileinfo sfinfo;
+
+		ZERO_STRUCT(sfinfo);
+		sfinfo.basic_info.level = RAW_SFILEINFO_BASIC_INFORMATION;
+		sfinfo.basic_info.in.file.handle = *h;
+		sfinfo.basic_info.in.attrib = FILE_ATTRIBUTE_NORMAL;
+		smb2_setinfo_file(tree, &sfinfo);
+
+		smb2_util_close(tree, *h);
+	}
+
+	smb2_util_unlink(tree, fname);
+
+	talloc_free(tree);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * durable open with oplock, disconnect, exit
+ */
+static bool test_durable_open_oplock_disconnect(struct torture_context *tctx,
+						struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io;
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	NTSTATUS status;
+	char fname[256];
+	bool ret = true;
+
+	snprintf(fname, 256, "durable_open_oplock_disconnect_%s.dat",
+		 generate_random_str(mem_ctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_oplock_create(&io, fname, SMB2_OPLOCK_LEVEL_BATCH);
+	io.in.durable_open = true;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	_h = io.out.file.handle;
+	h = &_h;
+
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.durable_open, true);
+	CHECK_VAL(io.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+	/* disconnect */
+	talloc_free(tree);
+	tree = NULL;
+
+done:
+	if (tree != NULL) {
+		if (h != NULL) {
+			smb2_util_close(tree, *h);
+		}
+		smb2_util_unlink(tree, fname);
+	}
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+/**
+ * durable stat open with lease.
+ */
+static bool test_durable_open_stat_open(struct torture_context *tctx,
+					struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io;
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_lease ls;
+	NTSTATUS status;
+	char fname[256];
+	bool ret = true;
+	uint64_t lease;
+
+	snprintf(fname, 256, "durable_open_stat_open_%s.dat",
+		 generate_random_str(mem_ctx, 8));
+
+	/* Ensure file doesn't exist. */
+	smb2_util_unlink(tree, fname);
+
+	/* Create a normal file. */
+	smb2_oplock_create(&io, fname, SMB2_OPLOCK_LEVEL_NONE);
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h = io.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	/* Close. */
+	smb2_util_close(tree, *h);
+	h = NULL;
+
+	/* Now try a leased, durable handle stat open. */
+	lease = random();
+	/* Create with lease */
+	smb2_lease_create(&io,
+			  &ls,
+			  false /* dir */,
+			  fname,
+			  lease,
+			  smb2_util_lease_state("RH"));
+	io.in.durable_open = true;
+	io.in.desired_access = SEC_FILE_READ_ATTRIBUTE;
+	io.in.create_disposition = NTCREATEX_DISP_OPEN;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.durable_open, true);
+	_h = io.out.file.handle;
+	h = &_h;
+
+done:
+	if (h != NULL) {
+		smb2_util_close(tree, *h);
+	}
+	smb2_util_unlink(tree, fname);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+struct torture_suite *torture_smb2_durable_open_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite =
+	    torture_suite_create(ctx, "durable-open");
+
+	torture_suite_add_1smb2_test(suite, "open-oplock", test_durable_open_open_oplock);
+	torture_suite_add_1smb2_test(suite, "open-lease", test_durable_open_open_lease);
+	torture_suite_add_1smb2_test(suite, "reopen1", test_durable_open_reopen1);
+	torture_suite_add_1smb2_test(suite, "reopen1a", test_durable_open_reopen1a);
+	torture_suite_add_1smb2_test(suite, "reopen1a-lease", test_durable_open_reopen1a_lease);
+	torture_suite_add_1smb2_test(suite, "reopen2", test_durable_open_reopen2);
+	torture_suite_add_1smb2_test(suite, "reopen2-lease", test_durable_open_reopen2_lease);
+	torture_suite_add_1smb2_test(suite, "reopen2-lease-v2", test_durable_open_reopen2_lease_v2);
+	torture_suite_add_1smb2_test(suite, "reopen2a", test_durable_open_reopen2a);
+	torture_suite_add_1smb2_test(suite, "reopen3", test_durable_open_reopen3);
+	torture_suite_add_1smb2_test(suite, "reopen4", test_durable_open_reopen4);
+	torture_suite_add_1smb2_test(suite, "delete_on_close1",
+				     test_durable_open_delete_on_close1);
+	torture_suite_add_1smb2_test(suite, "delete_on_close2",
+				     test_durable_open_delete_on_close2);
+	torture_suite_add_1smb2_test(suite, "file-position",
+	    test_durable_open_file_position);
+	torture_suite_add_2smb2_test(suite, "oplock", test_durable_open_oplock);
+	torture_suite_add_2smb2_test(suite, "lease", test_durable_open_lease);
+	torture_suite_add_1smb2_test(suite, "lock-oplock", test_durable_open_lock_oplock);
+	torture_suite_add_1smb2_test(suite, "lock-lease", test_durable_open_lock_lease);
+	torture_suite_add_2smb2_test(suite, "open2-lease",
+				     test_durable_open_open2_lease);
+	torture_suite_add_2smb2_test(suite, "open2-oplock",
+				     test_durable_open_open2_oplock);
+	torture_suite_add_1smb2_test(suite, "alloc-size",
+				     test_durable_open_alloc_size);
+	torture_suite_add_1smb2_test(suite, "read-only",
+				     test_durable_open_read_only);
+	torture_suite_add_1smb2_test(suite, "stat-open",
+				     test_durable_open_stat_open);
+
+	suite->description = talloc_strdup(suite, "SMB2-DURABLE-OPEN tests");
+
+	return suite;
+}
+
+struct torture_suite *torture_smb2_durable_open_disconnect_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite =
+	    torture_suite_create(ctx,
+				 "durable-open-disconnect");
+
+	torture_suite_add_1smb2_test(suite, "open-oplock-disconnect",
+				     test_durable_open_oplock_disconnect);
+
+	suite->description = talloc_strdup(suite,
+					"SMB2-DURABLE-OPEN-DISCONNECT tests");
+
+	return suite;
+}
diff --git a/source4/torture/smb2/durable_v2_open.c b/source4/torture/smb2/durable_v2_open.c
new file mode 100644
index 0000000..9b9af11
--- /dev/null
+++ b/source4/torture/smb2/durable_v2_open.c
@@ -0,0 +1,2371 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   test suite for SMB2 version two of durable opens
+
+   Copyright (C) Michael Adam 2012
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "../libcli/smb/smbXcli_base.h"
+#include "torture/torture.h"
+#include "torture/smb2/proto.h"
+#include "librpc/ndr/libndr.h"
+
+#define CHECK_VAL(v, correct) do { \
+	if ((v) != (correct)) { \
+		torture_result(tctx, TORTURE_FAIL, "(%s): wrong value for %s got 0x%x - should be 0x%x\n", \
+				__location__, #v, (int)v, (int)correct); \
+		ret = false; \
+	}} while (0)
+
+#define CHECK_STATUS(status, correct) do { \
+	if (!NT_STATUS_EQUAL(status, correct)) { \
+		torture_result(tctx, TORTURE_FAIL, __location__": Incorrect status %s - should be %s", \
+		       nt_errstr(status), nt_errstr(correct)); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+#define CHECK_CREATED(__io, __created, __attribute)			\
+	do {								\
+		CHECK_VAL((__io)->out.create_action, NTCREATEX_ACTION_ ## __created); \
+		CHECK_VAL((__io)->out.size, 0);				\
+		CHECK_VAL((__io)->out.file_attr, (__attribute));	\
+		CHECK_VAL((__io)->out.reserved2, 0);			\
+	} while(0)
+
+static struct {
+	int count;
+	struct smb2_close cl;
+} break_info;
+
+static void torture_oplock_close_callback(struct smb2_request *req)
+{
+	smb2_close_recv(req, &break_info.cl);
+}
+
+/* A general oplock break notification handler.  This should be used when a
+ * test expects to break from batch or exclusive to a lower level. */
+static bool torture_oplock_handler(struct smb2_transport *transport,
+				   const struct smb2_handle *handle,
+				   uint8_t level,
+				   void *private_data)
+{
+	struct smb2_tree *tree = private_data;
+	struct smb2_request *req;
+
+	break_info.count++;
+
+	ZERO_STRUCT(break_info.cl);
+	break_info.cl.in.file.handle = *handle;
+
+	req = smb2_close_send(tree, &break_info.cl);
+	req->async.fn = torture_oplock_close_callback;
+	req->async.private_data = NULL;
+	return true;
+}
+
+/**
+ * testing various create blob combinations.
+ */
+bool test_durable_v2_open_create_blob(struct torture_context *tctx,
+				      struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_create io;
+	struct GUID create_guid = GUID_random();
+	bool ret = true;
+	struct smbcli_options options;
+
+	options = tree->session->transport->options;
+
+	/* Choose a random name in case the state is left a little funky. */
+	snprintf(fname, 256, "durable_v2_open_create_blob_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_oplock_create_share(&io, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+	io.in.durable_open = false;
+	io.in.durable_open_v2 = true;
+	io.in.persistent_open = false;
+	io.in.create_guid = create_guid;
+	io.in.timeout = UINT32_MAX;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h = io.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+	CHECK_VAL(io.out.durable_open, false);
+	CHECK_VAL(io.out.durable_open_v2, true);
+	CHECK_VAL(io.out.persistent_open, false);
+	CHECK_VAL(io.out.timeout, 300*1000);
+
+	/* disconnect */
+	TALLOC_FREE(tree);
+
+	/* create a new session (same client_guid) */
+	if (!torture_smb2_connection_ext(tctx, 0, &options, &tree)) {
+		torture_warning(tctx, "couldn't reconnect, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	/*
+	 * check invalid combinations of durable handle
+	 * request and reconnect blobs
+	 * See MS-SMB2: 3.3.5.9.12
+	 * Handling the SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2 Create Context
+	 */
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_handle_v2 = h; /* durable v2 reconnect request */
+	io.in.durable_open = true;   /* durable v1 handle request */
+	io.in.create_guid = create_guid;
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_handle = h;     /* durable v1 reconnect request */
+	io.in.durable_open_v2 = true; /* durable v2 handle request */
+	io.in.create_guid = create_guid;
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_handle = h;    /* durable v1 reconnect request */
+	io.in.durable_handle_v2 = h; /* durable v2 reconnect request */
+	io.in.create_guid = create_guid;
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_handle_v2 = h;  /* durable v2 reconnect request */
+	io.in.durable_open_v2 = true; /* durable v2 handle request */
+	io.in.create_guid = create_guid;
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+done:
+	if (h != NULL) {
+		smb2_util_close(tree, *h);
+	}
+
+	smb2_util_unlink(tree, fname);
+
+	talloc_free(tree);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+
+/**
+ * basic durable_open test.
+ * durable state should only be granted when requested
+ * along with a batch oplock or a handle lease.
+ *
+ * This test tests durable open with all possible oplock types.
+ */
+
+struct durable_open_vs_oplock {
+	const char *level;
+	const char *share_mode;
+	bool durable;
+	bool persistent;
+};
+
+#define NUM_OPLOCK_TYPES 4
+#define NUM_SHARE_MODES 8
+#define NUM_OPLOCK_OPEN_TESTS ( NUM_OPLOCK_TYPES * NUM_SHARE_MODES )
+static struct durable_open_vs_oplock durable_open_vs_oplock_table[NUM_OPLOCK_OPEN_TESTS] =
+{
+	{ "", "", false, false },
+	{ "", "R", false, false },
+	{ "", "W", false, false },
+	{ "", "D", false, false },
+	{ "", "RD", false, false },
+	{ "", "RW", false, false },
+	{ "", "WD", false, false },
+	{ "", "RWD", false, false },
+
+	{ "s", "", false, false },
+	{ "s", "R", false, false },
+	{ "s", "W", false, false },
+	{ "s", "D", false, false },
+	{ "s", "RD", false, false },
+	{ "s", "RW", false, false },
+	{ "s", "WD", false, false },
+	{ "s", "RWD", false, false },
+
+	{ "x", "", false, false },
+	{ "x", "R", false, false },
+	{ "x", "W", false, false },
+	{ "x", "D", false, false },
+	{ "x", "RD", false, false },
+	{ "x", "RW", false, false },
+	{ "x", "WD", false, false },
+	{ "x", "RWD", false, false },
+
+	{ "b", "", true, false },
+	{ "b", "R", true, false },
+	{ "b", "W", true, false },
+	{ "b", "D", true, false },
+	{ "b", "RD", true, false },
+	{ "b", "RW", true, false },
+	{ "b", "WD", true, false },
+	{ "b", "RWD", true, false },
+};
+
+static bool test_one_durable_v2_open_oplock(struct torture_context *tctx,
+					    struct smb2_tree *tree,
+					    const char *fname,
+					    bool request_persistent,
+					    struct durable_open_vs_oplock test)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	bool ret = true;
+	struct smb2_create io;
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_oplock_create_share(&io, fname,
+				 smb2_util_share_access(test.share_mode),
+				 smb2_util_oplock_level(test.level));
+	io.in.durable_open = false;
+	io.in.durable_open_v2 = true;
+	io.in.persistent_open = request_persistent;
+	io.in.create_guid = GUID_random();
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h = io.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.durable_open, false);
+	CHECK_VAL(io.out.durable_open_v2, test.durable);
+	CHECK_VAL(io.out.persistent_open, test.persistent);
+	CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level(test.level));
+
+done:
+	if (h != NULL) {
+		smb2_util_close(tree, *h);
+	}
+	smb2_util_unlink(tree, fname);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+static bool test_durable_v2_open_oplock_table(struct torture_context *tctx,
+					      struct smb2_tree *tree,
+					      const char *fname,
+					      bool request_persistent,
+					      struct durable_open_vs_oplock *table,
+					      uint8_t num_tests)
+{
+	bool ret = true;
+	uint8_t i;
+
+	smb2_util_unlink(tree, fname);
+
+	for (i = 0; i < num_tests; i++) {
+		ret = test_one_durable_v2_open_oplock(tctx,
+						      tree,
+						      fname,
+						      request_persistent,
+						      table[i]);
+		if (ret == false) {
+			goto done;
+		}
+	}
+
+done:
+	smb2_util_unlink(tree, fname);
+
+	return ret;
+}
+
+bool test_durable_v2_open_oplock(struct torture_context *tctx,
+				 struct smb2_tree *tree)
+{
+	bool ret;
+	char fname[256];
+
+	/* Choose a random name in case the state is left a little funky. */
+	snprintf(fname, 256, "durable_open_oplock_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	ret = test_durable_v2_open_oplock_table(tctx, tree, fname,
+						false, /* request_persistent */
+						durable_open_vs_oplock_table,
+						NUM_OPLOCK_OPEN_TESTS);
+
+	talloc_free(tree);
+
+	return ret;
+}
+
+/**
+ * basic durable handle open test.
+ * persistent state should only be granted when requested
+ * along with a batch oplock or a handle lease.
+ *
+ * This test tests persistent open with all valid lease types.
+ */
+
+struct durable_open_vs_lease {
+	const char *type;
+	const char *share_mode;
+	bool durable;
+	bool persistent;
+};
+
+#define NUM_LEASE_TYPES 5
+#define NUM_LEASE_OPEN_TESTS ( NUM_LEASE_TYPES * NUM_SHARE_MODES )
+static struct durable_open_vs_lease durable_open_vs_lease_table[NUM_LEASE_OPEN_TESTS] =
+{
+	{ "", "", false, false },
+	{ "", "R", false, false },
+	{ "", "W", false, false },
+	{ "", "D", false, false },
+	{ "", "RW", false, false },
+	{ "", "RD", false, false },
+	{ "", "WD", false, false },
+	{ "", "RWD", false, false },
+
+	{ "R", "", false, false },
+	{ "R", "R", false, false },
+	{ "R", "W", false, false },
+	{ "R", "D", false, false },
+	{ "R", "RW", false, false },
+	{ "R", "RD", false, false },
+	{ "R", "DW", false, false },
+	{ "R", "RWD", false, false },
+
+	{ "RW", "", false, false },
+	{ "RW", "R", false, false },
+	{ "RW", "W", false, false },
+	{ "RW", "D", false, false },
+	{ "RW", "RW", false, false },
+	{ "RW", "RD", false, false },
+	{ "RW", "WD", false, false },
+	{ "RW", "RWD", false, false },
+
+	{ "RH", "", true, false },
+	{ "RH", "R", true, false },
+	{ "RH", "W", true, false },
+	{ "RH", "D", true, false },
+	{ "RH", "RW", true, false },
+	{ "RH", "RD", true, false },
+	{ "RH", "WD", true, false },
+	{ "RH", "RWD", true, false },
+
+	{ "RHW", "", true, false },
+	{ "RHW", "R", true, false },
+	{ "RHW", "W", true, false },
+	{ "RHW", "D", true, false },
+	{ "RHW", "RW", true, false },
+	{ "RHW", "RD", true, false },
+	{ "RHW", "WD", true, false },
+	{ "RHW", "RWD", true, false },
+};
+
+static bool test_one_durable_v2_open_lease(struct torture_context *tctx,
+					   struct smb2_tree *tree,
+					   const char *fname,
+					   bool request_persistent,
+					   struct durable_open_vs_lease test)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	bool ret = true;
+	struct smb2_create io;
+	struct smb2_lease ls;
+	uint64_t lease;
+
+	smb2_util_unlink(tree, fname);
+
+	lease = random();
+
+	smb2_lease_create_share(&io, &ls, false /* dir */, fname,
+				smb2_util_share_access(test.share_mode),
+				lease,
+				smb2_util_lease_state(test.type));
+	io.in.durable_open = false;
+	io.in.durable_open_v2 = true;
+	io.in.persistent_open = request_persistent;
+	io.in.create_guid = GUID_random();
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h = io.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.durable_open, false);
+	CHECK_VAL(io.out.durable_open_v2, test.durable);
+	CHECK_VAL(io.out.persistent_open, test.persistent);
+	CHECK_VAL(io.out.oplock_level, SMB2_OPLOCK_LEVEL_LEASE);
+	CHECK_VAL(io.out.lease_response.lease_key.data[0], lease);
+	CHECK_VAL(io.out.lease_response.lease_key.data[1], ~lease);
+	CHECK_VAL(io.out.lease_response.lease_state,
+		  smb2_util_lease_state(test.type));
+done:
+	if (h != NULL) {
+		smb2_util_close(tree, *h);
+	}
+	smb2_util_unlink(tree, fname);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+static bool test_durable_v2_open_lease_table(struct torture_context *tctx,
+					     struct smb2_tree *tree,
+					     const char *fname,
+					     bool request_persistent,
+					     struct durable_open_vs_lease *table,
+					     uint8_t num_tests)
+{
+	bool ret = true;
+	uint8_t i;
+
+	smb2_util_unlink(tree, fname);
+
+	for (i = 0; i < num_tests; i++) {
+		ret = test_one_durable_v2_open_lease(tctx,
+						     tree,
+						     fname,
+						     request_persistent,
+						     table[i]);
+		if (ret == false) {
+			goto done;
+		}
+	}
+
+done:
+	smb2_util_unlink(tree, fname);
+
+	return ret;
+}
+
+bool test_durable_v2_open_lease(struct torture_context *tctx,
+				struct smb2_tree *tree)
+{
+	char fname[256];
+	bool ret = true;
+	uint32_t caps;
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	/* Choose a random name in case the state is left a little funky. */
+	snprintf(fname, 256, "durable_open_lease_%s.dat", generate_random_str(tctx, 8));
+
+	ret = test_durable_v2_open_lease_table(tctx, tree, fname,
+					       false, /* request_persistent */
+					       durable_open_vs_lease_table,
+					       NUM_LEASE_OPEN_TESTS);
+
+	talloc_free(tree);
+	return ret;
+}
+
+/**
+ * basic test for doing a durable open
+ * and do a durable reopen on the same connection
+ * while the first open is still active (fails)
+ */
+bool test_durable_v2_open_reopen1(struct torture_context *tctx,
+				  struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_create io;
+	struct GUID create_guid = GUID_random();
+	bool ret = true;
+
+	/* Choose a random name in case the state is left a little funky. */
+	snprintf(fname, 256, "durable_v2_open_reopen1_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_oplock_create_share(&io, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+	io.in.durable_open = false;
+	io.in.durable_open_v2 = true;
+	io.in.persistent_open = false;
+	io.in.create_guid = create_guid;
+	io.in.timeout = UINT32_MAX;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h = io.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+	CHECK_VAL(io.out.durable_open, false);
+	CHECK_VAL(io.out.durable_open_v2, true);
+	CHECK_VAL(io.out.persistent_open, false);
+	CHECK_VAL(io.out.timeout, 300*1000);
+
+	/* try a durable reconnect while the file is still open */
+	ZERO_STRUCT(io);
+	io.in.fname = "";
+	io.in.durable_handle_v2 = h;
+	io.in.create_guid = create_guid;
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+done:
+	if (h != NULL) {
+		smb2_util_close(tree, *h);
+	}
+
+	smb2_util_unlink(tree, fname);
+
+	talloc_free(tree);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * Basic test for doing a durable open
+ * and do a session reconnect while the first
+ * session is still active and the handle is
+ * still open in the client.
+ * This closes the original session and  a
+ * durable reconnect on the new session succeeds.
+ */
+bool test_durable_v2_open_reopen1a(struct torture_context *tctx,
+				   struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_create io;
+	struct GUID create_guid = GUID_random();
+	bool ret = true;
+	struct smb2_tree *tree2 = NULL;
+	struct smb2_tree *tree3 = NULL;
+	uint64_t previous_session_id;
+	struct smbcli_options options;
+	struct GUID orig_client_guid;
+
+	options = tree->session->transport->options;
+	orig_client_guid = options.client_guid;
+
+	/* Choose a random name in case the state is left a little funky. */
+	snprintf(fname, 256, "durable_v2_open_reopen1a_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_oplock_create_share(&io, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+	io.in.durable_open = false;
+	io.in.durable_open_v2 = true;
+	io.in.persistent_open = false;
+	io.in.create_guid = create_guid;
+	io.in.timeout = UINT32_MAX;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h = io.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+	CHECK_VAL(io.out.durable_open, false);
+	CHECK_VAL(io.out.durable_open_v2, true);
+	CHECK_VAL(io.out.persistent_open, false);
+	CHECK_VAL(io.out.timeout, 300*1000);
+
+	/*
+	 * a session reconnect on a second tcp connection
+	 */
+
+	previous_session_id = smb2cli_session_current_id(tree->session->smbXcli);
+
+	/* for oplocks, the client guid can be different: */
+	options.client_guid = GUID_random();
+
+	ret = torture_smb2_connection_ext(tctx, previous_session_id,
+					  &options, &tree2);
+	torture_assert_goto(tctx, ret, ret, done, "couldn't reconnect");
+
+	/*
+	 * check that this has deleted the old session
+	 */
+
+	ZERO_STRUCT(io);
+	io.in.fname = "";
+	io.in.durable_handle_v2 = h;
+	io.in.create_guid = create_guid;
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_USER_SESSION_DELETED);
+
+	TALLOC_FREE(tree);
+
+	/*
+	 * but a durable reconnect on the new session succeeds:
+	 */
+
+	ZERO_STRUCT(io);
+	io.in.fname = "";
+	io.in.durable_handle_v2 = h;
+	io.in.create_guid = create_guid;
+	status = smb2_create(tree2, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+	CHECK_VAL(io.out.durable_open, false);
+	CHECK_VAL(io.out.durable_open_v2, false); /* no dh2q response blob */
+	CHECK_VAL(io.out.persistent_open, false);
+	CHECK_VAL(io.out.timeout, 0);
+	_h = io.out.file.handle;
+	h = &_h;
+
+	/*
+	 * a session reconnect on a second tcp connection
+	 */
+
+	previous_session_id = smb2cli_session_current_id(tree2->session->smbXcli);
+
+	/* it works the same with the original guid */
+	options.client_guid = orig_client_guid;
+
+	ret = torture_smb2_connection_ext(tctx, previous_session_id,
+					  &options, &tree3);
+	torture_assert_goto(tctx, ret, ret, done, "couldn't reconnect");
+
+	/*
+	 * check that this has deleted the old session
+	 */
+
+	ZERO_STRUCT(io);
+	io.in.fname = "";
+	io.in.durable_handle_v2 = h;
+	io.in.create_guid = create_guid;
+	status = smb2_create(tree2, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_USER_SESSION_DELETED);
+	TALLOC_FREE(tree2);
+
+	/*
+	 * but a durable reconnect on the new session succeeds:
+	 */
+
+	ZERO_STRUCT(io);
+	io.in.fname = "";
+	io.in.durable_handle_v2 = h;
+	io.in.create_guid = create_guid;
+	status = smb2_create(tree3, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+	CHECK_VAL(io.out.durable_open, false);
+	CHECK_VAL(io.out.durable_open_v2, false); /* no dh2q response blob */
+	CHECK_VAL(io.out.persistent_open, false);
+	CHECK_VAL(io.out.timeout, 0);
+	_h = io.out.file.handle;
+	h = &_h;
+
+done:
+	if (tree == NULL) {
+		tree = tree2;
+	}
+
+	if (tree == NULL) {
+		tree = tree3;
+	}
+
+	if (tree != NULL) {
+		if (h != NULL) {
+			smb2_util_close(tree, *h);
+		}
+
+		smb2_util_unlink(tree, fname);
+
+		talloc_free(tree);
+	}
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * lease variant of reopen1a
+ *
+ * Basic test for doing a durable open and doing a session
+ * reconnect while the first session is still active and the
+ * handle is still open in the client.
+ * This closes the original session and  a durable reconnect on
+ * the new session succeeds depending on the client guid:
+ *
+ * Durable reconnect on a session with a different client guid fails.
+ * Durable reconnect on a session with the original client guid succeeds.
+ */
+bool test_durable_v2_open_reopen1a_lease(struct torture_context *tctx,
+					 struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_create io;
+	struct GUID create_guid = GUID_random();
+	struct smb2_lease ls;
+	uint64_t lease_key;
+	bool ret = true;
+	struct smb2_tree *tree2 = NULL;
+	struct smb2_tree *tree3 = NULL;
+	uint64_t previous_session_id;
+	struct smbcli_options options;
+	struct GUID orig_client_guid;
+
+	options = tree->session->transport->options;
+	orig_client_guid = options.client_guid;
+
+	/* Choose a random name in case the state is left a little funky. */
+	snprintf(fname, 256, "durable_v2_open_reopen1a_lease_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	lease_key = random();
+	smb2_lease_create(&io, &ls, false /* dir */, fname,
+			  lease_key, smb2_util_lease_state("RWH"));
+	io.in.durable_open = false;
+	io.in.durable_open_v2 = true;
+	io.in.persistent_open = false;
+	io.in.create_guid = create_guid;
+	io.in.timeout = UINT32_MAX;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h = io.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.durable_open, false);
+	CHECK_VAL(io.out.durable_open_v2, true);
+	CHECK_VAL(io.out.persistent_open, false);
+	CHECK_VAL(io.out.timeout, 300*1000);
+	CHECK_VAL(io.out.oplock_level, SMB2_OPLOCK_LEVEL_LEASE);
+	CHECK_VAL(io.out.lease_response.lease_key.data[0], lease_key);
+	CHECK_VAL(io.out.lease_response.lease_key.data[1], ~lease_key);
+	CHECK_VAL(io.out.lease_response.lease_state,
+		  smb2_util_lease_state("RWH"));
+	CHECK_VAL(io.out.lease_response.lease_flags, 0);
+	CHECK_VAL(io.out.lease_response.lease_duration, 0);
+
+	previous_session_id = smb2cli_session_current_id(tree->session->smbXcli);
+
+	/*
+	 * a session reconnect on a second tcp connection
+	 * with a different client_guid does not allow
+	 * the durable reconnect.
+	 */
+
+	options.client_guid = GUID_random();
+
+	ret = torture_smb2_connection_ext(tctx, previous_session_id,
+					  &options, &tree2);
+	torture_assert_goto(tctx, ret, ret, done, "couldn't reconnect");
+
+	/*
+	 * check that this has deleted the old session
+	 */
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_handle_v2 = h;
+	io.in.create_guid = create_guid;
+	io.in.lease_request = &ls;
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_USER_SESSION_DELETED);
+	TALLOC_FREE(tree);
+
+	/*
+	 * but a durable reconnect on the new session with the wrong
+	 * client guid fails
+	 */
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_handle_v2 = h;
+	io.in.create_guid = create_guid;
+	io.in.lease_request = &ls;
+	status = smb2_create(tree2, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+
+	/*
+	 * now a session reconnect on a second tcp connection
+	 * with original client_guid allows the durable reconnect.
+	 */
+
+	options.client_guid = orig_client_guid;
+	//options.client_guid = GUID_random();
+
+	ret = torture_smb2_connection_ext(tctx, previous_session_id,
+					  &options, &tree3);
+	torture_assert_goto(tctx, ret, ret, done, "couldn't reconnect");
+
+	/*
+	 * check that this has deleted the old session
+	 */
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_handle_v2 = h;
+	io.in.create_guid = create_guid;
+	io.in.lease_request = &ls;
+	status = smb2_create(tree2, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+	TALLOC_FREE(tree2);
+
+	/*
+	 * but a durable reconnect on the new session succeeds:
+	 */
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_handle_v2 = h;
+	io.in.create_guid = create_guid;
+	io.in.lease_request = &ls;
+	status = smb2_create(tree3, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.durable_open, false);
+	CHECK_VAL(io.out.durable_open_v2, false); /* no dh2q response blob */
+	CHECK_VAL(io.out.persistent_open, false);
+	CHECK_VAL(io.out.timeout, 0);
+	CHECK_VAL(io.out.oplock_level, SMB2_OPLOCK_LEVEL_LEASE);
+	CHECK_VAL(io.out.lease_response.lease_key.data[0], lease_key);
+	CHECK_VAL(io.out.lease_response.lease_key.data[1], ~lease_key);
+	CHECK_VAL(io.out.lease_response.lease_state,
+		  smb2_util_lease_state("RWH"));
+	CHECK_VAL(io.out.lease_response.lease_flags, 0);
+	CHECK_VAL(io.out.lease_response.lease_duration, 0);
+	_h = io.out.file.handle;
+	h = &_h;
+
+done:
+	if (tree == NULL) {
+		tree = tree2;
+	}
+
+	if (tree == NULL) {
+		tree = tree3;
+	}
+
+	if (tree != NULL) {
+		if (h != NULL) {
+			smb2_util_close(tree, *h);
+		}
+
+		smb2_util_unlink(tree, fname);
+
+		talloc_free(tree);
+	}
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * basic test for doing a durable open
+ * tcp disconnect, reconnect, do a durable reopen (succeeds)
+ */
+bool test_durable_v2_open_reopen2(struct torture_context *tctx,
+				  struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_create io;
+	struct GUID create_guid = GUID_random();
+	struct GUID create_guid_invalid = GUID_random();
+	bool ret = true;
+
+	/* Choose a random name in case the state is left a little funky. */
+	snprintf(fname, 256, "durable_v2_open_reopen2_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_oplock_create_share(&io, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+	io.in.durable_open = false;
+	io.in.durable_open_v2 = true;
+	io.in.persistent_open = false;
+	io.in.create_guid = create_guid;
+	io.in.timeout = UINT32_MAX;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h = io.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+	CHECK_VAL(io.out.durable_open, false);
+	CHECK_VAL(io.out.durable_open_v2, true);
+	CHECK_VAL(io.out.persistent_open, false);
+	CHECK_VAL(io.out.timeout, 300*1000);
+
+	/* disconnect, leaving the durable open */
+	TALLOC_FREE(tree);
+
+	if (!torture_smb2_connection(tctx, &tree)) {
+		torture_warning(tctx, "couldn't reconnect, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	/*
+	 * first a few failure cases
+	 */
+
+	ZERO_STRUCT(io);
+	io.in.fname = "";
+	io.in.durable_handle_v2 = h;
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	ZERO_STRUCT(io);
+	io.in.fname = "__non_existing_fname__";
+	io.in.durable_handle_v2 = h;
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_handle_v2 = h;
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	/* a non-zero but non-matching create_guid does not change it: */
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_handle_v2 = h;
+	io.in.create_guid = create_guid_invalid;
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	/*
+	 * now success:
+	 * The important difference is that the create_guid is provided.
+	 */
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_open_v2 = false;
+	io.in.durable_handle_v2 = h;
+	io.in.create_guid = create_guid;
+	h = NULL;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.durable_open, false);
+	CHECK_VAL(io.out.durable_open_v2, false); /* no dh2q response blob */
+	CHECK_VAL(io.out.persistent_open, false);
+	CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+	_h = io.out.file.handle;
+	h = &_h;
+
+	/* disconnect one more time */
+	TALLOC_FREE(tree);
+
+	if (!torture_smb2_connection(tctx, &tree)) {
+		torture_warning(tctx, "couldn't reconnect, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	ZERO_STRUCT(io);
+	/* These are completely ignored by the server */
+	io.in.security_flags = 0x78;
+	io.in.oplock_level = 0x78;
+	io.in.impersonation_level = 0x12345678;
+	io.in.create_flags = 0x12345678;
+	io.in.reserved = 0x12345678;
+	io.in.desired_access = 0x12345678;
+	io.in.file_attributes = 0x12345678;
+	io.in.share_access = 0x12345678;
+	io.in.create_disposition = 0x12345678;
+	io.in.create_options = 0x12345678;
+	io.in.fname = "__non_existing_fname__";
+
+	/*
+	 * only io.in.durable_handle_v2 and
+	 * io.in.create_guid are checked
+	 */
+	io.in.durable_open_v2 = false;
+	io.in.durable_handle_v2 = h;
+	io.in.create_guid = create_guid;
+	h = NULL;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.durable_open, false);
+	CHECK_VAL(io.out.durable_open_v2, false); /* no dh2q response blob */
+	CHECK_VAL(io.out.persistent_open, false);
+	CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+	_h = io.out.file.handle;
+	h = &_h;
+
+done:
+	if (h != NULL) {
+		smb2_util_close(tree, *h);
+	}
+
+	smb2_util_unlink(tree, fname);
+
+	talloc_free(tree);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * durable reconnect test:
+ * connect with v2, reconnect with v1
+ */
+bool test_durable_v2_open_reopen2b(struct torture_context *tctx,
+				   struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_create io;
+	struct GUID create_guid = GUID_random();
+	bool ret = true;
+	struct smbcli_options options;
+
+	options = tree->session->transport->options;
+
+	/* Choose a random name in case the state is left a little funky. */
+	snprintf(fname, 256, "durable_v2_open_reopen2b_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_oplock_create_share(&io, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+	io.in.durable_open = false;
+	io.in.durable_open_v2 = true;
+	io.in.persistent_open = false;
+	io.in.create_guid = create_guid;
+	io.in.timeout = UINT32_MAX;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h = io.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+	CHECK_VAL(io.out.durable_open, false);
+	CHECK_VAL(io.out.durable_open_v2, true);
+	CHECK_VAL(io.out.persistent_open, false);
+	CHECK_VAL(io.out.timeout, 300*1000);
+
+	/* disconnect, leaving the durable open */
+	TALLOC_FREE(tree);
+
+	if (!torture_smb2_connection_ext(tctx, 0, &options, &tree)) {
+		torture_warning(tctx, "couldn't reconnect, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_handle_v2 = h;     /* durable v2 reconnect */
+	io.in.create_guid = GUID_zero(); /* but zero create GUID */
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_handle = h; /* durable v1 (!) reconnect */
+	h = NULL;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.durable_open, false);
+	CHECK_VAL(io.out.durable_open_v2, false); /* no dh2q response blob */
+	CHECK_VAL(io.out.persistent_open, false);
+	CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+	_h = io.out.file.handle;
+	h = &_h;
+
+done:
+	if (h != NULL) {
+		smb2_util_close(tree, *h);
+	}
+
+	smb2_util_unlink(tree, fname);
+
+	talloc_free(tree);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+/**
+ * durable reconnect test:
+ * connect with v1, reconnect with v2 : fails (no create_guid...)
+ */
+bool test_durable_v2_open_reopen2c(struct torture_context *tctx,
+				   struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_create io;
+	struct GUID create_guid = GUID_random();
+	bool ret = true;
+	struct smbcli_options options;
+
+	options = tree->session->transport->options;
+
+	/* Choose a random name in case the state is left a little funky. */
+	snprintf(fname, 256, "durable_v2_open_reopen2c_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_oplock_create_share(&io, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+	io.in.durable_open = true;
+	io.in.durable_open_v2 = false;
+	io.in.persistent_open = false;
+	io.in.create_guid = create_guid;
+	io.in.timeout = UINT32_MAX;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h = io.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+	CHECK_VAL(io.out.durable_open, true);
+	CHECK_VAL(io.out.durable_open_v2, false);
+	CHECK_VAL(io.out.persistent_open, false);
+	CHECK_VAL(io.out.timeout, 0);
+
+	/* disconnect, leaving the durable open */
+	TALLOC_FREE(tree);
+
+	if (!torture_smb2_connection_ext(tctx, 0, &options, &tree)) {
+		torture_warning(tctx, "couldn't reconnect, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_handle_v2 = h;     /* durable v2 reconnect */
+	io.in.create_guid = create_guid;
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+done:
+	if (h != NULL) {
+		smb2_util_close(tree, *h);
+	}
+
+	smb2_util_unlink(tree, fname);
+
+	talloc_free(tree);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * lease variant of reopen2
+ * basic test for doing a durable open
+ * tcp disconnect, reconnect, do a durable reopen (succeeds)
+ */
+bool test_durable_v2_open_reopen2_lease(struct torture_context *tctx,
+					struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_create io;
+	struct GUID create_guid = GUID_random();
+	struct smb2_lease ls;
+	uint64_t lease_key;
+	bool ret = true;
+	struct smbcli_options options;
+	uint32_t caps;
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	options = tree->session->transport->options;
+
+	/* Choose a random name in case the state is left a little funky. */
+	snprintf(fname, 256, "durable_v2_open_reopen2_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	lease_key = generate_random_u64();
+	smb2_lease_create(&io, &ls, false /* dir */, fname,
+			  lease_key, smb2_util_lease_state("RWH"));
+	io.in.durable_open = false;
+	io.in.durable_open_v2 = true;
+	io.in.persistent_open = false;
+	io.in.create_guid = create_guid;
+	io.in.timeout = UINT32_MAX;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h = io.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.durable_open, false);
+	CHECK_VAL(io.out.durable_open_v2, true);
+	CHECK_VAL(io.out.persistent_open, false);
+	CHECK_VAL(io.out.timeout, 300*1000);
+	CHECK_VAL(io.out.oplock_level, SMB2_OPLOCK_LEVEL_LEASE);
+	CHECK_VAL(io.out.lease_response.lease_key.data[0], lease_key);
+	CHECK_VAL(io.out.lease_response.lease_key.data[1], ~lease_key);
+	CHECK_VAL(io.out.lease_response.lease_state,
+		  smb2_util_lease_state("RWH"));
+	CHECK_VAL(io.out.lease_response.lease_flags, 0);
+	CHECK_VAL(io.out.lease_response.lease_duration, 0);
+
+	/* disconnect, reconnect and then do durable reopen */
+	TALLOC_FREE(tree);
+
+	if (!torture_smb2_connection_ext(tctx, 0, &options, &tree)) {
+		torture_warning(tctx, "couldn't reconnect, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	/* a few failure tests: */
+
+	/*
+	 * several attempts without lease attached:
+	 * all fail with NT_STATUS_OBJECT_NAME_NOT_FOUND
+	 * irrespective of file name provided
+	 */
+
+	ZERO_STRUCT(io);
+	io.in.fname = "";
+	io.in.durable_handle_v2 = h;
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	ZERO_STRUCT(io);
+	io.in.fname = "__non_existing_fname__";
+	io.in.durable_handle_v2 = h;
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_handle_v2 = h;
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	/*
+	 * attempt with lease provided, but
+	 * with a changed lease key. => fails
+	 */
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_open_v2 = false;
+	io.in.durable_handle_v2 = h;
+	io.in.create_guid = create_guid;
+	io.in.lease_request = &ls;
+	io.in.oplock_level = SMB2_OPLOCK_LEVEL_LEASE;
+	/* a wrong lease key lets the request fail */
+	ls.lease_key.data[0]++;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	/* restore the correct lease key */
+	ls.lease_key.data[0]--;
+
+	/*
+	 * this last failing attempt is almost correct:
+	 * only problem is: we use the wrong filename...
+	 * Note that this gives INVALID_PARAMETER.
+	 * This is different from oplocks!
+	 */
+	ZERO_STRUCT(io);
+	io.in.fname = "__non_existing_fname__";
+	io.in.durable_open_v2 = false;
+	io.in.durable_handle_v2 = h;
+	io.in.create_guid = create_guid;
+	io.in.lease_request = &ls;
+	io.in.oplock_level = SMB2_OPLOCK_LEVEL_LEASE;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	/*
+	 * Now for a succeeding reconnect:
+	 */
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_open_v2 = false;
+	io.in.durable_handle_v2 = h;
+	io.in.create_guid = create_guid;
+	io.in.lease_request = &ls;
+	io.in.oplock_level = SMB2_OPLOCK_LEVEL_LEASE;
+
+	/* the requested lease state is irrelevant */
+	ls.lease_state = smb2_util_lease_state("");
+
+	h = NULL;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.durable_open, false);
+	CHECK_VAL(io.out.durable_open_v2, false); /* no dh2q response blob */
+	CHECK_VAL(io.out.persistent_open, false);
+	CHECK_VAL(io.out.oplock_level, SMB2_OPLOCK_LEVEL_LEASE);
+	CHECK_VAL(io.out.lease_response.lease_key.data[0], lease_key);
+	CHECK_VAL(io.out.lease_response.lease_key.data[1], ~lease_key);
+	CHECK_VAL(io.out.lease_response.lease_state,
+		  smb2_util_lease_state("RWH"));
+	CHECK_VAL(io.out.lease_response.lease_flags, 0);
+	CHECK_VAL(io.out.lease_response.lease_duration, 0);
+	_h = io.out.file.handle;
+	h = &_h;
+
+	/* disconnect one more time */
+	TALLOC_FREE(tree);
+
+	if (!torture_smb2_connection_ext(tctx, 0, &options, &tree)) {
+		torture_warning(tctx, "couldn't reconnect, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	/*
+	 * demonstrate that various parameters are ignored
+	 * in the reconnect
+	 */
+
+	ZERO_STRUCT(io);
+	/*
+	 * These are completely ignored by the server
+	 */
+	io.in.security_flags = 0x78;
+	io.in.oplock_level = 0x78;
+	io.in.impersonation_level = 0x12345678;
+	io.in.create_flags = 0x12345678;
+	io.in.reserved = 0x12345678;
+	io.in.desired_access = 0x12345678;
+	io.in.file_attributes = 0x12345678;
+	io.in.share_access = 0x12345678;
+	io.in.create_disposition = 0x12345678;
+	io.in.create_options = 0x12345678;
+
+	/*
+	 * only these are checked:
+	 * - io.in.fname
+	 * - io.in.durable_handle_v2,
+	 * - io.in.create_guid
+	 * - io.in.lease_request->lease_key
+	 */
+
+	io.in.fname = fname;
+	io.in.durable_open_v2 = false;
+	io.in.durable_handle_v2 = h;
+	io.in.create_guid = create_guid;
+	io.in.lease_request = &ls;
+
+	/* the requested lease state is irrelevant */
+	ls.lease_state = smb2_util_lease_state("");
+
+	h = NULL;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.durable_open, false);
+	CHECK_VAL(io.out.durable_open_v2, false); /* no dh2q response blob */
+	CHECK_VAL(io.out.persistent_open, false);
+	CHECK_VAL(io.out.oplock_level, SMB2_OPLOCK_LEVEL_LEASE);
+	CHECK_VAL(io.out.lease_response.lease_key.data[0], lease_key);
+	CHECK_VAL(io.out.lease_response.lease_key.data[1], ~lease_key);
+	CHECK_VAL(io.out.lease_response.lease_state,
+		  smb2_util_lease_state("RWH"));
+	CHECK_VAL(io.out.lease_response.lease_flags, 0);
+	CHECK_VAL(io.out.lease_response.lease_duration, 0);
+
+	_h = io.out.file.handle;
+	h = &_h;
+
+done:
+	if (h != NULL) {
+		smb2_util_close(tree, *h);
+	}
+
+	smb2_util_unlink(tree, fname);
+
+	talloc_free(tree);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * lease_v2 variant of reopen2
+ * basic test for doing a durable open
+ * tcp disconnect, reconnect, do a durable reopen (succeeds)
+ */
+bool test_durable_v2_open_reopen2_lease_v2(struct torture_context *tctx,
+					   struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_create io;
+	struct GUID create_guid = GUID_random();
+	struct smb2_lease ls;
+	uint64_t lease_key;
+	bool ret = true;
+	struct smbcli_options options;
+	uint32_t caps;
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	options = tree->session->transport->options;
+
+	smb2_deltree(tree, __func__);
+	status = torture_smb2_testdir(tree, __func__, &_h);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testdir failed\n");
+	smb2_util_close(tree, _h);
+
+	/* Choose a random name in case the state is left a little funky. */
+	snprintf(fname, 256, "%s\\durable_v2_open_reopen2_%s.dat",
+		 __func__, generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	lease_key = random();
+	smb2_lease_v2_create(&io, &ls, false /* dir */, fname,
+			     lease_key, 0, /* parent lease key */
+			     smb2_util_lease_state("RWH"), 0 /* lease epoch */);
+	io.in.durable_open = false;
+	io.in.durable_open_v2 = true;
+	io.in.persistent_open = false;
+	io.in.create_guid = create_guid;
+	io.in.timeout = UINT32_MAX;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h = io.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.durable_open, false);
+	CHECK_VAL(io.out.durable_open_v2, true);
+	CHECK_VAL(io.out.persistent_open, false);
+	CHECK_VAL(io.out.timeout, 300*1000);
+	CHECK_VAL(io.out.oplock_level, SMB2_OPLOCK_LEVEL_LEASE);
+	CHECK_VAL(io.out.lease_response_v2.lease_key.data[0], lease_key);
+	CHECK_VAL(io.out.lease_response_v2.lease_key.data[1], ~lease_key);
+
+	/* disconnect, reconnect and then do durable reopen */
+	TALLOC_FREE(tree);
+
+	if (!torture_smb2_connection_ext(tctx, 0, &options, &tree)) {
+		torture_warning(tctx, "couldn't reconnect, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	/* a few failure tests: */
+
+	/*
+	 * several attempts without lease attached:
+	 * all fail with NT_STATUS_OBJECT_NAME_NOT_FOUND
+	 * irrespective of file name provided
+	 */
+
+	ZERO_STRUCT(io);
+	io.in.fname = "";
+	io.in.durable_handle_v2 = h;
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	ZERO_STRUCT(io);
+	io.in.fname = "__non_existing_fname__";
+	io.in.durable_handle_v2 = h;
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_handle_v2 = h;
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	/*
+	 * attempt with lease provided, but
+	 * with a changed lease key. => fails
+	 */
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_open_v2 = false;
+	io.in.durable_handle_v2 = h;
+	io.in.create_guid = create_guid;
+	io.in.lease_request_v2 = &ls;
+	io.in.oplock_level = SMB2_OPLOCK_LEVEL_LEASE;
+	/* a wrong lease key lets the request fail */
+	ls.lease_key.data[0]++;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	/* restore the correct lease key */
+	ls.lease_key.data[0]--;
+
+
+	/*
+	 * this last failing attempt is almost correct:
+	 * only problem is: we use the wrong filename...
+	 * Note that this gives INVALID_PARAMETER.
+	 * This is different from oplocks!
+	 */
+	ZERO_STRUCT(io);
+	io.in.fname = "__non_existing_fname__";
+	io.in.durable_open_v2 = false;
+	io.in.durable_handle_v2 = h;
+	io.in.create_guid = create_guid;
+	io.in.lease_request_v2 = &ls;
+	io.in.oplock_level = SMB2_OPLOCK_LEVEL_LEASE;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	/*
+	 * Now for a succeeding reconnect:
+	 */
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_open_v2 = false;
+	io.in.durable_handle_v2 = h;
+	io.in.create_guid = create_guid;
+	io.in.lease_request_v2 = &ls;
+	io.in.oplock_level = SMB2_OPLOCK_LEVEL_LEASE;
+
+	/* the requested lease state is irrelevant */
+	ls.lease_state = smb2_util_lease_state("");
+
+	h = NULL;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.durable_open, false);
+	CHECK_VAL(io.out.durable_open_v2, false); /* no dh2q response blob */
+	CHECK_VAL(io.out.persistent_open, false);
+	CHECK_VAL(io.out.oplock_level, SMB2_OPLOCK_LEVEL_LEASE);
+	CHECK_VAL(io.out.lease_response_v2.lease_key.data[0], lease_key);
+	CHECK_VAL(io.out.lease_response_v2.lease_key.data[1], ~lease_key);
+	CHECK_VAL(io.out.lease_response_v2.lease_state,
+		  smb2_util_lease_state("RWH"));
+	CHECK_VAL(io.out.lease_response_v2.lease_flags, 0);
+	CHECK_VAL(io.out.lease_response_v2.lease_duration, 0);
+	_h = io.out.file.handle;
+	h = &_h;
+
+	/* disconnect one more time */
+	TALLOC_FREE(tree);
+
+	if (!torture_smb2_connection_ext(tctx, 0, &options, &tree)) {
+		torture_warning(tctx, "couldn't reconnect, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	/*
+	 * demonstrate that various parameters are ignored
+	 * in the reconnect
+	 */
+
+	ZERO_STRUCT(io);
+	/*
+	 * These are completely ignored by the server
+	 */
+	io.in.security_flags = 0x78;
+	io.in.oplock_level = 0x78;
+	io.in.impersonation_level = 0x12345678;
+	io.in.create_flags = 0x12345678;
+	io.in.reserved = 0x12345678;
+	io.in.desired_access = 0x12345678;
+	io.in.file_attributes = 0x12345678;
+	io.in.share_access = 0x12345678;
+	io.in.create_disposition = 0x12345678;
+	io.in.create_options = 0x12345678;
+	io.in.fname = "__non_existing_fname__";
+
+	/*
+	 * only these are checked:
+	 * - io.in.fname
+	 * - io.in.durable_handle_v2,
+	 * - io.in.create_guid
+	 * - io.in.lease_request_v2->lease_key
+	 */
+
+	io.in.fname = fname;
+	io.in.durable_open_v2 = false;
+	io.in.durable_handle_v2 = h;
+	io.in.create_guid = create_guid;
+	io.in.lease_request_v2 = &ls;
+
+	/* the requested lease state is irrelevant */
+	ls.lease_state = smb2_util_lease_state("");
+
+	h = NULL;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.durable_open, false);
+	CHECK_VAL(io.out.durable_open_v2, false); /* no dh2q response blob */
+	CHECK_VAL(io.out.persistent_open, false);
+	CHECK_VAL(io.out.oplock_level, SMB2_OPLOCK_LEVEL_LEASE);
+	CHECK_VAL(io.out.lease_response_v2.lease_key.data[0], lease_key);
+	CHECK_VAL(io.out.lease_response_v2.lease_key.data[1], ~lease_key);
+	CHECK_VAL(io.out.lease_response_v2.lease_state,
+		  smb2_util_lease_state("RWH"));
+	CHECK_VAL(io.out.lease_response_v2.lease_flags, 0);
+	CHECK_VAL(io.out.lease_response_v2.lease_duration, 0);
+
+	_h = io.out.file.handle;
+	h = &_h;
+
+done:
+	if (h != NULL) {
+		smb2_util_close(tree, *h);
+	}
+
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, __func__);
+
+	talloc_free(tree);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * Test durable request / reconnect with AppInstanceId
+ */
+bool test_durable_v2_open_app_instance(struct torture_context *tctx,
+				       struct smb2_tree *tree1,
+				       struct smb2_tree *tree2)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	struct smb2_handle _h1, _h2;
+	struct smb2_handle *h1 = NULL, *h2 = NULL;
+	struct smb2_create io1, io2;
+	bool ret = true;
+	struct GUID create_guid_1 = GUID_random();
+	struct GUID create_guid_2 = GUID_random();
+	struct GUID app_instance_id = GUID_random();
+
+	/* Choose a random name in case the state is left a little funky. */
+	snprintf(fname, 256, "durable_v2_open_app_instance_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree1, fname);
+
+	ZERO_STRUCT(break_info);
+	tree1->session->transport->oplock.handler = torture_oplock_handler;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	smb2_oplock_create_share(&io1, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+	io1.in.durable_open = false;
+	io1.in.durable_open_v2 = true;
+	io1.in.persistent_open = false;
+	io1.in.create_guid = create_guid_1;
+	io1.in.app_instance_id = &app_instance_id;
+	io1.in.timeout = UINT32_MAX;
+
+	status = smb2_create(tree1, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h1 = io1.out.file.handle;
+	h1 = &_h1;
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io1.out.oplock_level, smb2_util_oplock_level("b"));
+	CHECK_VAL(io1.out.durable_open, false);
+	CHECK_VAL(io1.out.durable_open_v2, true);
+	CHECK_VAL(io1.out.persistent_open, false);
+	CHECK_VAL(io1.out.timeout, 300*1000);
+
+	/*
+	 * try to open the file as durable from a second tree with
+	 * a different create guid but the same app_instance_id
+	 * while the first handle is still open.
+	 */
+
+	smb2_oplock_create_share(&io2, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+	io2.in.durable_open = false;
+	io2.in.durable_open_v2 = true;
+	io2.in.persistent_open = false;
+	io2.in.create_guid = create_guid_2;
+	io2.in.app_instance_id = &app_instance_id;
+	io2.in.timeout = UINT32_MAX;
+
+	status = smb2_create(tree2, mem_ctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h2 = io2.out.file.handle;
+	h2 = &_h2;
+	CHECK_CREATED(&io2, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io2.out.oplock_level, smb2_util_oplock_level("b"));
+	CHECK_VAL(io2.out.durable_open, false);
+	CHECK_VAL(io2.out.durable_open_v2, true);
+	CHECK_VAL(io2.out.persistent_open, false);
+	CHECK_VAL(io2.out.timeout, 300*1000);
+
+	CHECK_VAL(break_info.count, 0);
+
+	status = smb2_util_close(tree1, *h1);
+	CHECK_STATUS(status, NT_STATUS_FILE_CLOSED);
+	h1 = NULL;
+
+done:
+	if (h1 != NULL) {
+		smb2_util_close(tree1, *h1);
+	}
+	if (h2 != NULL) {
+		smb2_util_close(tree2, *h2);
+	}
+
+	smb2_util_unlink(tree2, fname);
+
+	talloc_free(tree1);
+	talloc_free(tree2);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+
+/**
+ * basic persistent open test.
+ *
+ * This test tests durable open with all possible oplock types.
+ */
+
+struct durable_open_vs_oplock persistent_open_oplock_ca_table[NUM_OPLOCK_OPEN_TESTS] =
+{
+	{ "", "", true, true },
+	{ "", "R", true, true },
+	{ "", "W", true, true },
+	{ "", "D", true, true },
+	{ "", "RD", true, true },
+	{ "", "RW", true, true },
+	{ "", "WD", true, true },
+	{ "", "RWD", true, true },
+
+	{ "s", "", true, true },
+	{ "s", "R", true, true },
+	{ "s", "W", true, true },
+	{ "s", "D", true, true },
+	{ "s", "RD", true, true },
+	{ "s", "RW", true, true },
+	{ "s", "WD", true, true },
+	{ "s", "RWD", true, true },
+
+	{ "x", "", true, true },
+	{ "x", "R", true, true },
+	{ "x", "W", true, true },
+	{ "x", "D", true, true },
+	{ "x", "RD", true, true },
+	{ "x", "RW", true, true },
+	{ "x", "WD", true, true },
+	{ "x", "RWD", true, true },
+
+	{ "b", "", true, true },
+	{ "b", "R", true, true },
+	{ "b", "W", true, true },
+	{ "b", "D", true, true },
+	{ "b", "RD", true, true },
+	{ "b", "RW", true, true },
+	{ "b", "WD", true, true },
+	{ "b", "RWD", true, true },
+};
+
+bool test_persistent_open_oplock(struct torture_context *tctx,
+				 struct smb2_tree *tree)
+{
+	char fname[256];
+	bool ret = true;
+	uint32_t share_capabilities;
+	bool share_is_ca = false;
+	struct durable_open_vs_oplock *table;
+
+	/* Choose a random name in case the state is left a little funky. */
+	snprintf(fname, 256, "persistent_open_oplock_%s.dat", generate_random_str(tctx, 8));
+
+	share_capabilities = smb2cli_tcon_capabilities(tree->smbXcli);
+	share_is_ca = share_capabilities & SMB2_SHARE_CAP_CONTINUOUS_AVAILABILITY;
+
+	if (share_is_ca) {
+		table = persistent_open_oplock_ca_table;
+	} else {
+		table = durable_open_vs_oplock_table;
+	}
+
+	ret = test_durable_v2_open_oplock_table(tctx, tree, fname,
+						true, /* request_persistent */
+						table,
+						NUM_OPLOCK_OPEN_TESTS);
+
+	talloc_free(tree);
+
+	return ret;
+}
+
+/**
+ * basic persistent handle open test.
+ * persistent state should only be granted when requested
+ * along with a batch oplock or a handle lease.
+ *
+ * This test tests persistent open with all valid lease types.
+ */
+
+struct durable_open_vs_lease persistent_open_lease_ca_table[NUM_LEASE_OPEN_TESTS] =
+{
+	{ "", "", true, true },
+	{ "", "R", true, true },
+	{ "", "W", true, true },
+	{ "", "D", true, true },
+	{ "", "RW", true, true },
+	{ "", "RD", true, true },
+	{ "", "WD", true, true },
+	{ "", "RWD", true, true },
+
+	{ "R", "", true, true },
+	{ "R", "R", true, true },
+	{ "R", "W", true, true },
+	{ "R", "D", true, true },
+	{ "R", "RW", true, true },
+	{ "R", "RD", true, true },
+	{ "R", "DW", true, true },
+	{ "R", "RWD", true, true },
+
+	{ "RW", "", true, true },
+	{ "RW", "R", true, true },
+	{ "RW", "W", true, true },
+	{ "RW", "D", true, true },
+	{ "RW", "RW", true, true },
+	{ "RW", "RD", true, true },
+	{ "RW", "WD", true, true },
+	{ "RW", "RWD", true, true },
+
+	{ "RH", "", true, true },
+	{ "RH", "R", true, true },
+	{ "RH", "W", true, true },
+	{ "RH", "D", true, true },
+	{ "RH", "RW", true, true },
+	{ "RH", "RD", true, true },
+	{ "RH", "WD", true, true },
+	{ "RH", "RWD", true, true },
+
+	{ "RHW", "", true, true },
+	{ "RHW", "R", true, true },
+	{ "RHW", "W", true, true },
+	{ "RHW", "D", true, true },
+	{ "RHW", "RW", true, true },
+	{ "RHW", "RD", true, true },
+	{ "RHW", "WD", true, true },
+	{ "RHW", "RWD", true, true },
+};
+
+bool test_persistent_open_lease(struct torture_context *tctx,
+				struct smb2_tree *tree)
+{
+	char fname[256];
+	bool ret = true;
+	uint32_t caps;
+	uint32_t share_capabilities;
+	bool share_is_ca;
+	struct durable_open_vs_lease *table;
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	/* Choose a random name in case the state is left a little funky. */
+	snprintf(fname, 256, "persistent_open_lease_%s.dat", generate_random_str(tctx, 8));
+
+	share_capabilities = smb2cli_tcon_capabilities(tree->smbXcli);
+	share_is_ca = share_capabilities & SMB2_SHARE_CAP_CONTINUOUS_AVAILABILITY;
+
+	if (share_is_ca) {
+		table = persistent_open_lease_ca_table;
+	} else {
+		table = durable_open_vs_lease_table;
+	}
+
+	ret = test_durable_v2_open_lease_table(tctx, tree, fname,
+					       true, /* request_persistent */
+					       table,
+					       NUM_LEASE_OPEN_TESTS);
+
+	talloc_free(tree);
+
+	return ret;
+}
+
+/**
+ * setfileinfo test for doing a durable open
+ * create the file with lease and durable handle,
+ * write to it (via set end-of-file), tcp disconnect,
+ * reconnect, do a durable reopen - should succeed.
+ *
+ * BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
+ */
+bool test_durable_v2_setinfo(struct torture_context *tctx,
+					   struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_create io;
+	union smb_setfileinfo si;
+	struct GUID create_guid = GUID_random();
+	struct smb2_lease ls;
+	uint64_t lease_key;
+	bool ret = true;
+	struct smbcli_options options;
+	uint32_t caps;
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	options = tree->session->transport->options;
+
+	smb2_deltree(tree, __func__);
+	status = torture_smb2_testdir(tree, __func__, &_h);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testdir failed\n");
+	smb2_util_close(tree, _h);
+
+	/* Choose a random name in case the state is left a little funky. */
+	snprintf(fname, 256, "%s\\durable_v2_setinfo%s.dat",
+		 __func__, generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	lease_key = random();
+	smb2_lease_v2_create(&io, &ls, false /* dir */, fname,
+			     lease_key, 0, /* parent lease key */
+			     smb2_util_lease_state("RWH"), 0 /* lease epoch */);
+	io.in.durable_open = false;
+	io.in.durable_open_v2 = true;
+	io.in.persistent_open = false;
+	io.in.create_guid = create_guid;
+	io.in.timeout = UINT32_MAX;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h = io.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.durable_open, false);
+	CHECK_VAL(io.out.durable_open_v2, true);
+	CHECK_VAL(io.out.persistent_open, false);
+	CHECK_VAL(io.out.timeout, 300*1000);
+	CHECK_VAL(io.out.oplock_level, SMB2_OPLOCK_LEVEL_LEASE);
+	CHECK_VAL(io.out.lease_response_v2.lease_key.data[0], lease_key);
+	CHECK_VAL(io.out.lease_response_v2.lease_key.data[1], ~lease_key);
+
+	/*
+	 * Set EOF to 0x100000.
+	 * Mimics an Apple client test, but most importantly
+	 * causes the mtime timestamp on disk to be updated.
+	 */
+	ZERO_STRUCT(si);
+	si.generic.level = SMB_SFILEINFO_END_OF_FILE_INFORMATION;
+	si.generic.in.file.handle = io.out.file.handle;
+	si.end_of_file_info.in.size = 0x100000;
+	status = smb2_setinfo_file(tree, &si);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* disconnect, reconnect and then do durable reopen */
+	TALLOC_FREE(tree);
+
+	if (!torture_smb2_connection_ext(tctx, 0, &options, &tree)) {
+		torture_warning(tctx, "couldn't reconnect, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	/*
+	 * Now for a succeeding reconnect:
+	 */
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_open_v2 = false;
+	io.in.durable_handle_v2 = h;
+	io.in.create_guid = create_guid;
+	io.in.lease_request_v2 = &ls;
+	io.in.oplock_level = SMB2_OPLOCK_LEVEL_LEASE;
+
+	/* the requested lease state is irrelevant */
+	ls.lease_state = smb2_util_lease_state("");
+
+	h = NULL;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	CHECK_VAL(io.out.create_action, NTCREATEX_ACTION_EXISTED);
+	CHECK_VAL(io.out.size, 0x100000);				\
+	CHECK_VAL(io.out.durable_open, false);
+	CHECK_VAL(io.out.durable_open_v2, false); /* no dh2q response blob */
+	CHECK_VAL(io.out.persistent_open, false);
+	CHECK_VAL(io.out.oplock_level, SMB2_OPLOCK_LEVEL_LEASE);
+	CHECK_VAL(io.out.lease_response_v2.lease_key.data[0], lease_key);
+	CHECK_VAL(io.out.lease_response_v2.lease_key.data[1], ~lease_key);
+	CHECK_VAL(io.out.lease_response_v2.lease_state,
+		  smb2_util_lease_state("RWH"));
+	CHECK_VAL(io.out.lease_response_v2.lease_flags, 0);
+	CHECK_VAL(io.out.lease_response_v2.lease_duration, 0);
+	_h = io.out.file.handle;
+	h = &_h;
+
+done:
+
+	if (h != NULL) {
+		smb2_util_close(tree, *h);
+	}
+
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, __func__);
+
+	talloc_free(tree);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+struct torture_suite *torture_smb2_durable_v2_open_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite =
+	    torture_suite_create(ctx, "durable-v2-open");
+
+	torture_suite_add_1smb2_test(suite, "create-blob", test_durable_v2_open_create_blob);
+	torture_suite_add_1smb2_test(suite, "open-oplock", test_durable_v2_open_oplock);
+	torture_suite_add_1smb2_test(suite, "open-lease", test_durable_v2_open_lease);
+	torture_suite_add_1smb2_test(suite, "reopen1", test_durable_v2_open_reopen1);
+	torture_suite_add_1smb2_test(suite, "reopen1a", test_durable_v2_open_reopen1a);
+	torture_suite_add_1smb2_test(suite, "reopen1a-lease", test_durable_v2_open_reopen1a_lease);
+	torture_suite_add_1smb2_test(suite, "reopen2", test_durable_v2_open_reopen2);
+	torture_suite_add_1smb2_test(suite, "reopen2b", test_durable_v2_open_reopen2b);
+	torture_suite_add_1smb2_test(suite, "reopen2c", test_durable_v2_open_reopen2c);
+	torture_suite_add_1smb2_test(suite, "reopen2-lease", test_durable_v2_open_reopen2_lease);
+	torture_suite_add_1smb2_test(suite, "reopen2-lease-v2", test_durable_v2_open_reopen2_lease_v2);
+	torture_suite_add_1smb2_test(suite, "durable-v2-setinfo", test_durable_v2_setinfo);
+	torture_suite_add_2smb2_test(suite, "app-instance", test_durable_v2_open_app_instance);
+	torture_suite_add_1smb2_test(suite, "persistent-open-oplock", test_persistent_open_oplock);
+	torture_suite_add_1smb2_test(suite, "persistent-open-lease", test_persistent_open_lease);
+
+	suite->description = talloc_strdup(suite, "SMB2-DURABLE-V2-OPEN tests");
+
+	return suite;
+}
+
+/**
+ * basic test for doing a durable open
+ * tcp disconnect, reconnect, do a durable reopen (succeeds)
+ */
+static bool test_durable_v2_reconnect_delay(struct torture_context *tctx,
+					    struct smb2_tree *tree,
+					    struct smb2_tree *tree2)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_create io;
+	struct GUID create_guid = GUID_random();
+	struct smbcli_options options;
+	uint64_t previous_session_id;
+	uint8_t b = 0;
+	bool ret = true;
+	bool ok;
+
+	options = tree->session->transport->options;
+	previous_session_id = smb2cli_session_current_id(tree->session->smbXcli);
+
+	/* Choose a random name in case the state is left a little funky. */
+	snprintf(fname,
+		 sizeof(fname),
+		 "durable_v2_reconnect_delay_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_oplock_create_share(&io, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+	io.in.durable_open = false;
+	io.in.durable_open_v2 = true;
+	io.in.persistent_open = false;
+	io.in.create_guid = create_guid;
+	io.in.timeout = 0;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	_h = io.out.file.handle;
+	h = &_h;
+	CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+	CHECK_VAL(io.out.durable_open_v2, true);
+
+	status = smb2_util_write(tree, *h, &b, 0, 1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* disconnect, leaving the durable open */
+	TALLOC_FREE(tree);
+	h = NULL;
+
+	ok = torture_smb2_connection_ext(tctx, previous_session_id,
+					 &options, &tree);
+	torture_assert_goto(tctx, ok, ret, done, "couldn't reconnect, bailing\n");
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_open_v2 = false;
+	io.in.durable_handle_v2 = &_h;
+	io.in.create_guid = create_guid;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+	_h = io.out.file.handle;
+	h = &_h;
+
+done:
+	if (h != NULL) {
+		smb2_util_close(tree, *h);
+	}
+	TALLOC_FREE(tree);
+
+	smb2_util_unlink(tree2, fname);
+
+	TALLOC_FREE(tree2);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * basic test for doing a durable open with 1msec cleanup time
+ * tcp disconnect, wait a bit, reconnect, do a durable reopen (fails)
+ */
+static bool test_durable_v2_reconnect_delay_msec(struct torture_context *tctx,
+						 struct smb2_tree *tree,
+						 struct smb2_tree *tree2)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_create io;
+	struct smb2_lease ls;
+	struct GUID create_guid = GUID_random();
+	struct smbcli_options options;
+	uint64_t previous_session_id;
+	uint8_t b = 0;
+	bool ret = true;
+	bool ok;
+
+	options = tree->session->transport->options;
+	previous_session_id = smb2cli_session_current_id(tree->session->smbXcli);
+
+	/* Choose a random name in case the state is left a little funky. */
+	snprintf(fname,
+		 sizeof(fname),
+		 "durable_v2_reconnect_delay_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_lease_create(
+		&io,
+		&ls,
+		false /* dir */,
+		fname,
+		generate_random_u64(),
+		smb2_util_lease_state("RWH"));
+	io.in.durable_open = false;
+	io.in.durable_open_v2 = true;
+	io.in.persistent_open = false;
+	io.in.create_guid = create_guid;
+	io.in.timeout = 1;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	_h = io.out.file.handle;
+	h = &_h;
+	CHECK_VAL(io.out.oplock_level, SMB2_OPLOCK_LEVEL_LEASE);
+	CHECK_VAL(io.out.durable_open_v2, true);
+
+	status = smb2_util_write(tree, *h, &b, 0, 1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* disconnect, leaving the durable open */
+	TALLOC_FREE(tree);
+	h = NULL;
+
+	ok = torture_smb2_connection_ext(tctx, previous_session_id,
+					 &options, &tree);
+	torture_assert_goto(tctx, ok, ret, done, "couldn't reconnect, bailing\n");
+
+	sleep(10);
+
+	ZERO_STRUCT(io);
+	io.in.fname = fname;
+	io.in.durable_open_v2 = false;
+	io.in.durable_handle_v2 = &_h;
+	io.in.create_guid = create_guid;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+	_h = io.out.file.handle;
+	h = &_h;
+
+done:
+	if (h != NULL) {
+		smb2_util_close(tree, *h);
+	}
+	TALLOC_FREE(tree);
+
+	smb2_util_unlink(tree2, fname);
+
+	TALLOC_FREE(tree2);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+struct torture_suite *torture_smb2_durable_v2_delay_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite =
+	    torture_suite_create(ctx, "durable-v2-delay");
+
+	torture_suite_add_2smb2_test(suite,
+				     "durable_v2_reconnect_delay",
+				     test_durable_v2_reconnect_delay);
+	torture_suite_add_2smb2_test(suite,
+				     "durable_v2_reconnect_delay_msec",
+				     test_durable_v2_reconnect_delay_msec);
+
+	return suite;
+}
diff --git a/source4/torture/smb2/ea.c b/source4/torture/smb2/ea.c
new file mode 100644
index 0000000..987d90d
--- /dev/null
+++ b/source4/torture/smb2/ea.c
@@ -0,0 +1,152 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB2 EA tests
+
+   Copyright (C) Ralph Boehme 2022
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "ntstatus_gen.h"
+#include "system/time.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "torture/torture.h"
+#include "torture/smb2/proto.h"
+
+#define BASEDIR "test_ea"
+
+static bool find_returned_ea(union smb_fileinfo *finfo2,
+			     const char *eaname)
+{
+	unsigned int i;
+	unsigned int num_eas = finfo2->all_eas.out.num_eas;
+	struct ea_struct *eas = finfo2->all_eas.out.eas;
+
+	for (i = 0; i < num_eas; i++) {
+		if (eas[i].name.s == NULL) {
+			continue;
+		}
+		/* Windows capitalizes returned EA names. */
+		if (strequal(eas[i].name.s, eaname)) {
+			return true;
+		}
+	}
+	return false;
+}
+
+static bool torture_smb2_acl_xattr(struct torture_context *tctx,
+				   struct smb2_tree *tree)
+{
+	const char *fname = BASEDIR "\\test_acl_xattr";
+	const char *xattr_name = NULL;
+	struct smb2_handle h1;
+	struct ea_struct ea;
+	union smb_fileinfo finfo;
+	union smb_setfileinfo sfinfo;
+	NTSTATUS status;
+	bool ret = true;
+
+	torture_comment(tctx, "Verify NTACL xattr can't be accessed\n");
+
+	xattr_name = torture_setting_string(tctx, "acl_xattr_name", NULL);
+	torture_assert_not_null(tctx, xattr_name, "Missing acl_xattr_name option\n");
+
+	smb2_deltree(tree, BASEDIR);
+
+	status = torture_smb2_testdir(tree, BASEDIR, &h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testdir\n");
+	smb2_util_close(tree, h1);
+
+	status = torture_smb2_testfile(tree, fname, &h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testfile failed\n");
+
+	/*
+	 * 1. Set an EA, so we have something to list
+	 */
+	ZERO_STRUCT(ea);
+	ea.name.s = "void";
+	ea.name.private_length = strlen("void") + 1;
+	ea.value = data_blob_string_const("testme");
+
+	ZERO_STRUCT(sfinfo);
+	sfinfo.generic.level = RAW_SFILEINFO_FULL_EA_INFORMATION;
+	sfinfo.generic.in.file.handle = h1;
+	sfinfo.full_ea_information.in.eas.num_eas = 1;
+	sfinfo.full_ea_information.in.eas.eas = &ea;
+
+	status = smb2_setinfo_file(tree, &sfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"Setting EA should fail\n");
+
+	/*
+	 * 2. Verify NT ACL EA is not listed
+	 */
+	ZERO_STRUCT(finfo);
+	finfo.generic.level = RAW_FILEINFO_SMB2_ALL_EAS;
+	finfo.generic.in.file.handle = h1;
+
+	status = smb2_getinfo_file(tree, tctx, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testdir\n");
+
+	if (find_returned_ea(&finfo, xattr_name)) {
+		torture_result(tctx, TORTURE_FAIL,
+			       "%s: NTACL EA leaked\n",
+			       __location__);
+		ret = false;
+		goto done;
+	}
+
+	/*
+	 * 3. Try to set EA, should fail
+	 */
+	ZERO_STRUCT(ea);
+	ea.name.s = xattr_name;
+	ea.name.private_length = strlen(xattr_name) + 1;
+	ea.value = data_blob_string_const("testme");
+
+	ZERO_STRUCT(sfinfo);
+	sfinfo.generic.level = RAW_SFILEINFO_FULL_EA_INFORMATION;
+	sfinfo.generic.in.file.handle = h1;
+	sfinfo.full_ea_information.in.eas.num_eas = 1;
+	sfinfo.full_ea_information.in.eas.eas = &ea;
+
+	status = smb2_setinfo_file(tree, &sfinfo);
+	torture_assert_ntstatus_equal_goto(
+		tctx, status, NT_STATUS_ACCESS_DENIED,
+		ret, done, "Setting EA should fail\n");
+
+done:
+	if (!smb2_util_handle_empty(h1)) {
+		smb2_util_close(tree, h1);
+	}
+
+	smb2_deltree(tree, BASEDIR);
+
+	return ret;
+}
+
+struct torture_suite *torture_smb2_ea(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "ea");
+	suite->description = talloc_strdup(suite, "SMB2-EA tests");
+
+	torture_suite_add_1smb2_test(suite, "acl_xattr", torture_smb2_acl_xattr);
+
+	return suite;
+}
diff --git a/source4/torture/smb2/getinfo.c b/source4/torture/smb2/getinfo.c
new file mode 100644
index 0000000..539090a
--- /dev/null
+++ b/source4/torture/smb2/getinfo.c
@@ -0,0 +1,951 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   SMB2 getinfo test suite
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "libcli/smb/smbXcli_base.h"
+
+#include "torture/torture.h"
+#include "torture/smb2/proto.h"
+#include "torture/util.h"
+
+static struct {
+	const char *name;
+	uint16_t level;
+	NTSTATUS fstatus;
+	NTSTATUS dstatus;
+	union smb_fileinfo finfo;
+	union smb_fileinfo dinfo;
+} file_levels[] = {
+#define LEVEL(x) .name = #x, .level = x
+ { LEVEL(RAW_FILEINFO_BASIC_INFORMATION) },
+ { LEVEL(RAW_FILEINFO_STANDARD_INFORMATION) },
+ { LEVEL(RAW_FILEINFO_INTERNAL_INFORMATION) },
+ { LEVEL(RAW_FILEINFO_EA_INFORMATION) },
+ { LEVEL(RAW_FILEINFO_ACCESS_INFORMATION) },
+ { LEVEL(RAW_FILEINFO_POSITION_INFORMATION) },
+ { LEVEL(RAW_FILEINFO_MODE_INFORMATION) },
+ { LEVEL(RAW_FILEINFO_ALIGNMENT_INFORMATION) },
+ { LEVEL(RAW_FILEINFO_ALL_INFORMATION) },
+ { LEVEL(RAW_FILEINFO_ALT_NAME_INFORMATION) },
+ { LEVEL(RAW_FILEINFO_STREAM_INFORMATION) },
+ { LEVEL(RAW_FILEINFO_COMPRESSION_INFORMATION) },
+ { LEVEL(RAW_FILEINFO_NETWORK_OPEN_INFORMATION) },
+ { LEVEL(RAW_FILEINFO_ATTRIBUTE_TAG_INFORMATION) },
+
+ { LEVEL(RAW_FILEINFO_SMB2_ALL_EAS) },
+
+ { LEVEL(RAW_FILEINFO_SMB2_ALL_INFORMATION) },
+ { LEVEL(RAW_FILEINFO_SEC_DESC) }
+};
+
+static struct {
+	const char *name;
+	uint16_t level;
+	NTSTATUS status;
+	union smb_fsinfo info;
+} fs_levels[] = {
+ { LEVEL(RAW_QFS_VOLUME_INFORMATION) },
+ { LEVEL(RAW_QFS_SIZE_INFORMATION) },
+ { LEVEL(RAW_QFS_DEVICE_INFORMATION) },
+ { LEVEL(RAW_QFS_ATTRIBUTE_INFORMATION) },
+ { LEVEL(RAW_QFS_QUOTA_INFORMATION) },
+ { LEVEL(RAW_QFS_FULL_SIZE_INFORMATION) },
+ { LEVEL(RAW_QFS_OBJECTID_INFORMATION) },
+ { LEVEL(RAW_QFS_SECTOR_SIZE_INFORMATION) },
+};
+
+#define FNAME "testsmb2_file.dat"
+#define DNAME "testsmb2_dir"
+
+/*
+  test fileinfo levels
+*/
+static bool torture_smb2_fileinfo(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	struct smb2_handle hfile, hdir;
+	NTSTATUS status;
+	int i;
+
+	status = torture_smb2_testfile(tree, FNAME, &hfile);
+	torture_assert_ntstatus_ok(tctx, status, "Unable to create test file "
+				   FNAME "\n");
+
+	status = torture_smb2_testdir(tree, DNAME, &hdir);
+	torture_assert_ntstatus_ok(tctx, status, "Unable to create test dir "
+				   DNAME "\n");
+
+	torture_comment(tctx, "Testing file info levels\n");
+	torture_smb2_all_info(tctx, tree, hfile);
+	torture_smb2_all_info(tctx, tree, hdir);
+
+	for (i=0;i<ARRAY_SIZE(file_levels);i++) {
+		if (file_levels[i].level == RAW_FILEINFO_SEC_DESC) {
+			file_levels[i].finfo.query_secdesc.in.secinfo_flags = 0x7;
+			file_levels[i].dinfo.query_secdesc.in.secinfo_flags = 0x7;
+		}
+		if (file_levels[i].level == RAW_FILEINFO_SMB2_ALL_EAS) {
+			file_levels[i].finfo.all_eas.in.continue_flags =
+				SMB2_CONTINUE_FLAG_RESTART;
+			file_levels[i].dinfo.all_eas.in.continue_flags =
+				SMB2_CONTINUE_FLAG_RESTART;
+		}
+		file_levels[i].finfo.generic.level = file_levels[i].level;
+		file_levels[i].finfo.generic.in.file.handle = hfile;
+		file_levels[i].fstatus = smb2_getinfo_file(tree, tree, &file_levels[i].finfo);
+		torture_assert_ntstatus_ok(tctx, file_levels[i].fstatus,
+					   talloc_asprintf(tctx, "%s on file",
+							   file_levels[i].name));
+		file_levels[i].dinfo.generic.level = file_levels[i].level;
+		file_levels[i].dinfo.generic.in.file.handle = hdir;
+		file_levels[i].dstatus = smb2_getinfo_file(tree, tree, &file_levels[i].dinfo);
+		torture_assert_ntstatus_ok(tctx, file_levels[i].dstatus,
+					   talloc_asprintf(tctx, "%s on dir",
+							   file_levels[i].name));
+	}
+
+	return true;
+}
+
+/*
+  test granted access when desired access includes
+  FILE_EXECUTE and does not include FILE_READ_DATA
+*/
+static bool torture_smb2_fileinfo_grant_read(struct torture_context *tctx)
+{
+	struct smb2_tree *tree;
+	bool ret;
+	struct smb2_handle hfile, hdir;
+	NTSTATUS status;
+	uint32_t file_granted_access, dir_granted_access;
+
+	ret = torture_smb2_connection(tctx, &tree);
+	torture_assert(tctx, ret, "connection failed");
+
+	status = torture_smb2_testfile_access(
+	    tree, FNAME, &hfile, SEC_FILE_EXECUTE | SEC_FILE_READ_ATTRIBUTE);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "Unable to create test file " FNAME "\n");
+	status =
+	    torture_smb2_get_allinfo_access(tree, hfile, &file_granted_access);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "Unable to query test file access ");
+	torture_assert_int_equal(tctx, file_granted_access,
+				 SEC_FILE_EXECUTE | SEC_FILE_READ_ATTRIBUTE,
+				 "granted file access ");
+	smb2_util_close(tree, hfile);
+
+	status = torture_smb2_testdir_access(
+	    tree, DNAME, &hdir, SEC_FILE_EXECUTE | SEC_FILE_READ_ATTRIBUTE);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "Unable to create test dir " DNAME "\n");
+	status =
+	    torture_smb2_get_allinfo_access(tree, hdir, &dir_granted_access);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "Unable to query test dir access ");
+	torture_assert_int_equal(tctx, dir_granted_access,
+				 SEC_FILE_EXECUTE | SEC_FILE_READ_ATTRIBUTE,
+				 "granted dir access ");
+	smb2_util_close(tree, hdir);
+
+	return true;
+}
+
+static bool torture_smb2_fileinfo_normalized(struct torture_context *tctx)
+{
+	struct smb2_tree *tree = NULL;
+	bool ret;
+	struct smb2_handle hroot;
+	const char *d1 = NULL, *d1l = NULL, *d1u = NULL;
+	struct smb2_handle hd1, hd1l, hd1u;
+	const char *d2 = NULL, *d2l = NULL, *d2u = NULL;
+	struct smb2_handle hd2, hd2l, hd2u;
+	const char *d3 = NULL, *d3l = NULL, *d3u = NULL;
+	struct smb2_handle hd3, hd3l, hd3u;
+	const char *d3s = NULL, *d3sl = NULL, *d3su = NULL, *d3sd = NULL;
+	struct smb2_handle hd3s, hd3sl, hd3su, hd3sd;
+	const char *f4 = NULL, *f4l = NULL, *f4u = NULL, *f4d = NULL;
+	struct smb2_handle hf4, hf4l, hf4u, hf4d;
+	const char *f4s = NULL, *f4sl = NULL, *f4su = NULL, *f4sd = NULL;
+	struct smb2_handle hf4s, hf4sl, hf4su, hf4sd;
+	union smb_fileinfo info = {
+		.normalized_name_info = {
+			.level = RAW_FILEINFO_NORMALIZED_NAME_INFORMATION,
+		},
+	};
+	NTSTATUS status;
+	enum protocol_types protocol;
+	struct smb2_tree *tree_3_0 = NULL;
+	struct smbcli_options options3_0;
+	struct smb2_handle hroot_3_0;
+
+	ret = torture_smb2_connection(tctx, &tree);
+	torture_assert(tctx, ret, "connection failed");
+
+	protocol = smbXcli_conn_protocol(tree->session->transport->conn);
+
+	d1 = talloc_asprintf(tctx, "torture_dIr1N");
+	torture_assert_not_null(tctx, d1, "d1");
+	d1l = strlower_talloc(tctx, d1);
+	torture_assert_not_null(tctx, d1l, "d1l");
+	d1u = strupper_talloc(tctx, d1);
+	torture_assert_not_null(tctx, d1u, "d1u");
+
+	d2 = talloc_asprintf(tctx, "%s\\dIr2Na", d1);
+	torture_assert_not_null(tctx, d2, "d2");
+	d2l = strlower_talloc(tctx, d2);
+	torture_assert_not_null(tctx, d2l, "d2l");
+	d2u = strupper_talloc(tctx, d2);
+	torture_assert_not_null(tctx, d2u, "d2u");
+
+	d3 = talloc_asprintf(tctx, "%s\\dIr3NaM", d2);
+	torture_assert_not_null(tctx, d3, "d3");
+	d3l = strlower_talloc(tctx, d3);
+	torture_assert_not_null(tctx, d3l, "d3l");
+	d3u = strupper_talloc(tctx, d3);
+	torture_assert_not_null(tctx, d3u, "d3u");
+
+	d3s = talloc_asprintf(tctx, "%s:sTrEaM3", d3);
+	torture_assert_not_null(tctx, d3s, "d3s");
+	d3sl = strlower_talloc(tctx, d3s);
+	torture_assert_not_null(tctx, d3sl, "d3sl");
+	d3su = strupper_talloc(tctx, d3s);
+	torture_assert_not_null(tctx, d3su, "d3su");
+	d3sd = talloc_asprintf(tctx, "%s:$DaTa", d3s);
+	torture_assert_not_null(tctx, d3sd, "d3sd");
+
+	f4 = talloc_asprintf(tctx, "%s\\fIlE4NaMe", d3);
+	torture_assert_not_null(tctx, f4, "f4");
+	f4l = strlower_talloc(tctx, f4);
+	torture_assert_not_null(tctx, f4l, "f4l");
+	f4u = strupper_talloc(tctx, f4);
+	torture_assert_not_null(tctx, f4u, "f4u");
+	f4d = talloc_asprintf(tctx, "%s::$dAtA", f4);
+	torture_assert_not_null(tctx, f4d, "f4d");
+
+	f4s = talloc_asprintf(tctx, "%s:StReAm4", f4);
+	torture_assert_not_null(tctx, f4s, "f4s");
+	f4sl = strlower_talloc(tctx, f4s);
+	torture_assert_not_null(tctx, f4sl, "f4sl");
+	f4su = strupper_talloc(tctx, f4s);
+	torture_assert_not_null(tctx, f4su, "f4su");
+	f4sd = talloc_asprintf(tctx, "%s:$dAtA", f4s);
+	torture_assert_not_null(tctx, f4sd, "f4sd");
+
+	status = smb2_util_roothandle(tree, &hroot);
+	torture_assert_ntstatus_ok(tctx, status, "Unable to create root handle");
+
+	info.normalized_name_info.in.file.handle = hroot;
+	ZERO_STRUCT(info.normalized_name_info.out);
+	status = smb2_getinfo_file(tree, tree, &info);
+	if (protocol < PROTOCOL_SMB3_11) {
+		/*
+		 * Only SMB 3.1.1 and above should offer this.
+		 */
+		torture_assert_ntstatus_equal(tctx, status,
+					      NT_STATUS_NOT_SUPPORTED,
+					      "getinfo hroot");
+		torture_skip(tctx, "SMB 3.1.1 not supported");
+	}
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
+		/*
+		 * Not all servers support this.
+		 * (only Windows 10 1803 and higher)
+		 */
+		torture_skip(tctx, "NORMALIZED_NAME_INFORMATION not supported");
+	}
+	torture_assert_ntstatus_ok(tctx, status, "getinfo hroot");
+	torture_assert(tctx, info.normalized_name_info.out.fname.s == NULL,
+		       "getinfo hroot should be empty");
+
+	smb2_deltree(tree, d1);
+
+	status = torture_smb2_testdir(tree, d1, &hd1);
+	torture_assert_ntstatus_ok(tctx, status, "Unable to create hd1");
+	status = torture_smb2_open(tree, d1l, SEC_RIGHTS_FILE_ALL, &hd1l);
+	torture_assert_ntstatus_ok(tctx, status, "Unable to open hd1l");
+	status = torture_smb2_open(tree, d1u, SEC_RIGHTS_FILE_ALL, &hd1u);
+	torture_assert_ntstatus_ok(tctx, status, "Unable to open hd1u");
+
+	status = torture_smb2_testdir(tree, d2, &hd2);
+	torture_assert_ntstatus_ok(tctx, status, "Unable to create hd2");
+	status = torture_smb2_open(tree, d2l, SEC_RIGHTS_FILE_ALL, &hd2l);
+	torture_assert_ntstatus_ok(tctx, status, "Unable to open hd2l");
+	status = torture_smb2_open(tree, d2u, SEC_RIGHTS_FILE_ALL, &hd2u);
+	torture_assert_ntstatus_ok(tctx, status, "Unable to open hd2u");
+
+	status = torture_smb2_testdir(tree, d3, &hd3);
+	torture_assert_ntstatus_ok(tctx, status, "Unable to create hd3");
+	status = torture_smb2_open(tree, d3l, SEC_RIGHTS_FILE_ALL, &hd3l);
+	torture_assert_ntstatus_ok(tctx, status, "Unable to open hd3l");
+	status = torture_smb2_open(tree, d3u, SEC_RIGHTS_FILE_ALL, &hd3u);
+	torture_assert_ntstatus_ok(tctx, status, "Unable to open hd3u");
+
+	status = torture_smb2_testfile(tree, d3s, &hd3s);
+	torture_assert_ntstatus_ok(tctx, status, "Unable to create hd3s");
+	status = torture_smb2_open(tree, d3sl, SEC_RIGHTS_FILE_ALL, &hd3sl);
+	torture_assert_ntstatus_ok(tctx, status, "Unable to open hd3sl");
+	status = torture_smb2_open(tree, d3su, SEC_RIGHTS_FILE_ALL, &hd3su);
+	torture_assert_ntstatus_ok(tctx, status, "Unable to open hd3su");
+	status = torture_smb2_open(tree, d3sd, SEC_RIGHTS_FILE_ALL, &hd3sd);
+	torture_assert_ntstatus_ok(tctx, status, "Unable to open hd3sd");
+
+	status = torture_smb2_testfile(tree, f4, &hf4);
+	torture_assert_ntstatus_ok(tctx, status, "Unable to create hf4");
+	status = torture_smb2_open(tree, f4l, SEC_RIGHTS_FILE_ALL, &hf4l);
+	torture_assert_ntstatus_ok(tctx, status, "Unable to open hf4l");
+	status = torture_smb2_open(tree, f4u, SEC_RIGHTS_FILE_ALL, &hf4u);
+	torture_assert_ntstatus_ok(tctx, status, "Unable to open hf4u");
+	status = torture_smb2_open(tree, f4d, SEC_RIGHTS_FILE_ALL, &hf4d);
+	torture_assert_ntstatus_ok(tctx, status, "Unable to open hf4d");
+
+	status = torture_smb2_testfile(tree, f4s, &hf4s);
+	torture_assert_ntstatus_ok(tctx, status, "Unable to create hf4s");
+	status = torture_smb2_open(tree, f4sl, SEC_RIGHTS_FILE_ALL, &hf4sl);
+	torture_assert_ntstatus_ok(tctx, status, "Unable to open hf4sl");
+	status = torture_smb2_open(tree, f4su, SEC_RIGHTS_FILE_ALL, &hf4su);
+	torture_assert_ntstatus_ok(tctx, status, "Unable to open hf4su");
+	status = torture_smb2_open(tree, f4sd, SEC_RIGHTS_FILE_ALL, &hf4sd);
+	torture_assert_ntstatus_ok(tctx, status, "Unable to open hf4sd");
+
+	info.normalized_name_info.in.file.handle = hd1;
+	ZERO_STRUCT(info.normalized_name_info.out);
+	status = smb2_getinfo_file(tree, tree, &info);
+	torture_assert_ntstatus_ok(tctx, status, "getinfo hd1");
+	torture_assert_str_equal(tctx, info.normalized_name_info.out.fname.s,
+				 d1, "getinfo hd1");
+	info.normalized_name_info.in.file.handle = hd1l;
+	ZERO_STRUCT(info.normalized_name_info.out);
+	status = smb2_getinfo_file(tree, tree, &info);
+	torture_assert_ntstatus_ok(tctx, status, "getinfo hd1l");
+	torture_assert_str_equal(tctx, info.normalized_name_info.out.fname.s,
+				 d1, "getinfo hd1l");
+	info.normalized_name_info.in.file.handle = hd1u;
+	ZERO_STRUCT(info.normalized_name_info.out);
+	status = smb2_getinfo_file(tree, tree, &info);
+	torture_assert_ntstatus_ok(tctx, status, "getinfo hd1u");
+	torture_assert_str_equal(tctx, info.normalized_name_info.out.fname.s,
+				 d1, "getinfo hd1u");
+
+	info.normalized_name_info.in.file.handle = hd2;
+	ZERO_STRUCT(info.normalized_name_info.out);
+	status = smb2_getinfo_file(tree, tree, &info);
+	torture_assert_ntstatus_ok(tctx, status, "getinfo hd2");
+	torture_assert_str_equal(tctx, info.normalized_name_info.out.fname.s,
+				 d2, "getinfo hd2");
+	info.normalized_name_info.in.file.handle = hd2l;
+	ZERO_STRUCT(info.normalized_name_info.out);
+	status = smb2_getinfo_file(tree, tree, &info);
+	torture_assert_ntstatus_ok(tctx, status, "getinfo hd2l");
+	torture_assert_str_equal(tctx, info.normalized_name_info.out.fname.s,
+				 d2, "getinfo hd2l");
+	info.normalized_name_info.in.file.handle = hd2u;
+	ZERO_STRUCT(info.normalized_name_info.out);
+	status = smb2_getinfo_file(tree, tree, &info);
+	torture_assert_ntstatus_ok(tctx, status, "getinfo hd2u");
+	torture_assert_str_equal(tctx, info.normalized_name_info.out.fname.s,
+				 d2, "getinfo hd2u");
+
+	info.normalized_name_info.in.file.handle = hd3;
+	ZERO_STRUCT(info.normalized_name_info.out);
+	status = smb2_getinfo_file(tree, tree, &info);
+	torture_assert_ntstatus_ok(tctx, status, "getinfo hd3");
+	torture_assert_str_equal(tctx, info.normalized_name_info.out.fname.s,
+				 d3, "getinfo hd3");
+	info.normalized_name_info.in.file.handle = hd3l;
+	ZERO_STRUCT(info.normalized_name_info.out);
+	status = smb2_getinfo_file(tree, tree, &info);
+	torture_assert_ntstatus_ok(tctx, status, "getinfo hd3l");
+	torture_assert_str_equal(tctx, info.normalized_name_info.out.fname.s,
+				 d3, "getinfo hd3l");
+	info.normalized_name_info.in.file.handle = hd3u;
+	ZERO_STRUCT(info.normalized_name_info.out);
+	status = smb2_getinfo_file(tree, tree, &info);
+	torture_assert_ntstatus_ok(tctx, status, "getinfo hd3u");
+	torture_assert_str_equal(tctx, info.normalized_name_info.out.fname.s,
+				 d3, "getinfo hd3u");
+
+	info.normalized_name_info.in.file.handle = hd3s;
+	ZERO_STRUCT(info.normalized_name_info.out);
+	status = smb2_getinfo_file(tree, tree, &info);
+	torture_assert_ntstatus_ok(tctx, status, "getinfo hd3s");
+	torture_assert_str_equal(tctx, info.normalized_name_info.out.fname.s,
+				 d3s, "getinfo hd3s");
+	info.normalized_name_info.in.file.handle = hd3sl;
+	ZERO_STRUCT(info.normalized_name_info.out);
+	status = smb2_getinfo_file(tree, tree, &info);
+	torture_assert_ntstatus_ok(tctx, status, "getinfo hd3sl");
+	torture_assert_str_equal(tctx, info.normalized_name_info.out.fname.s,
+				 d3s, "getinfo hd3sl");
+	info.normalized_name_info.in.file.handle = hd3su;
+	ZERO_STRUCT(info.normalized_name_info.out);
+	status = smb2_getinfo_file(tree, tree, &info);
+	torture_assert_ntstatus_ok(tctx, status, "getinfo hd3su");
+	torture_assert_str_equal(tctx, info.normalized_name_info.out.fname.s,
+				 d3s, "getinfo hd3su");
+	info.normalized_name_info.in.file.handle = hd3sd;
+	ZERO_STRUCT(info.normalized_name_info.out);
+	status = smb2_getinfo_file(tree, tree, &info);
+	torture_assert_ntstatus_ok(tctx, status, "getinfo hd3sd");
+	torture_assert_str_equal(tctx, info.normalized_name_info.out.fname.s,
+				 d3s, "getinfo hd3sd");
+
+	info.normalized_name_info.in.file.handle = hf4;
+	ZERO_STRUCT(info.normalized_name_info.out);
+	status = smb2_getinfo_file(tree, tree, &info);
+	torture_assert_ntstatus_ok(tctx, status, "getinfo hf4");
+	torture_assert_str_equal(tctx, info.normalized_name_info.out.fname.s,
+				 f4, "getinfo hf4");
+	info.normalized_name_info.in.file.handle = hf4l;
+	ZERO_STRUCT(info.normalized_name_info.out);
+	status = smb2_getinfo_file(tree, tree, &info);
+	torture_assert_ntstatus_ok(tctx, status, "getinfo hf4l");
+	torture_assert_str_equal(tctx, info.normalized_name_info.out.fname.s,
+				 f4, "getinfo hf4l");
+	info.normalized_name_info.in.file.handle = hf4u;
+	ZERO_STRUCT(info.normalized_name_info.out);
+	status = smb2_getinfo_file(tree, tree, &info);
+	torture_assert_ntstatus_ok(tctx, status, "getinfo hf4u");
+	torture_assert_str_equal(tctx, info.normalized_name_info.out.fname.s,
+				 f4, "getinfo hf4u");
+	info.normalized_name_info.in.file.handle = hf4d;
+	ZERO_STRUCT(info.normalized_name_info.out);
+	status = smb2_getinfo_file(tree, tree, &info);
+	torture_assert_ntstatus_ok(tctx, status, "getinfo hf4d");
+	torture_assert_str_equal(tctx, info.normalized_name_info.out.fname.s,
+				 f4, "getinfo hf4d");
+
+	info.normalized_name_info.in.file.handle = hf4s;
+	ZERO_STRUCT(info.normalized_name_info.out);
+	status = smb2_getinfo_file(tree, tree, &info);
+	torture_assert_ntstatus_ok(tctx, status, "getinfo hf4s");
+	torture_assert_str_equal(tctx, info.normalized_name_info.out.fname.s,
+				 f4s, "getinfo hf4s");
+	info.normalized_name_info.in.file.handle = hf4sl;
+	ZERO_STRUCT(info.normalized_name_info.out);
+	status = smb2_getinfo_file(tree, tree, &info);
+	torture_assert_ntstatus_ok(tctx, status, "getinfo hf4sl");
+	torture_assert_str_equal(tctx, info.normalized_name_info.out.fname.s,
+				 f4s, "getinfo hf4sl");
+	info.normalized_name_info.in.file.handle = hf4su;
+	ZERO_STRUCT(info.normalized_name_info.out);
+	status = smb2_getinfo_file(tree, tree, &info);
+	torture_assert_ntstatus_ok(tctx, status, "getinfo hf4su");
+	torture_assert_str_equal(tctx, info.normalized_name_info.out.fname.s,
+				 f4s, "getinfo hf4su");
+	info.normalized_name_info.in.file.handle = hf4sd;
+	ZERO_STRUCT(info.normalized_name_info.out);
+	status = smb2_getinfo_file(tree, tree, &info);
+	torture_assert_ntstatus_ok(tctx, status, "getinfo hf4sd");
+	torture_assert_str_equal(tctx, info.normalized_name_info.out.fname.s,
+				 f4s, "getinfo hf4sd");
+
+	/* Set max protocol to SMB 3.0.2 */
+	options3_0 = tree->session->transport->options;
+	options3_0.max_protocol = PROTOCOL_SMB3_02;
+	options3_0.client_guid = GUID_zero();
+	ret = torture_smb2_connection_ext(tctx, 0, &options3_0, &tree_3_0);
+	torture_assert(tctx, ret, "connection with SMB < 3.1.1 failed");
+
+	status = smb2_util_roothandle(tree_3_0, &hroot_3_0);
+	torture_assert_ntstatus_ok(tctx, status, "Unable to create root handle 3_0");
+
+	info.normalized_name_info.in.file.handle = hroot_3_0;
+	ZERO_STRUCT(info.normalized_name_info.out);
+	status = smb2_getinfo_file(tree_3_0, tree_3_0, &info);
+	torture_assert_ntstatus_equal(tctx, status,
+				      NT_STATUS_NOT_SUPPORTED,
+				      "getinfo hroot");
+
+	return true;
+}
+
+/*
+  test fsinfo levels
+*/
+static bool torture_smb2_fsinfo(struct torture_context *tctx)
+{
+	bool ret;
+	struct smb2_tree *tree;
+	int i;
+	NTSTATUS status;
+	struct smb2_handle handle;
+
+	torture_comment(tctx, "Testing fsinfo levels\n");
+
+	ret = torture_smb2_connection(tctx, &tree);
+	torture_assert(tctx, ret, "connection failed");
+
+	status = smb2_util_roothandle(tree, &handle);
+	torture_assert_ntstatus_ok(tctx, status, "Unable to create root handle");
+
+	for (i=0;i<ARRAY_SIZE(fs_levels);i++) {
+		fs_levels[i].info.generic.level = fs_levels[i].level;
+		fs_levels[i].info.generic.handle = handle;
+		fs_levels[i].status = smb2_getinfo_fs(tree, tree, &fs_levels[i].info);
+		torture_assert_ntstatus_ok(tctx, fs_levels[i].status,
+					   fs_levels[i].name);
+	}
+
+	return true;
+}
+
+static bool torture_smb2_buffercheck_err(struct torture_context *tctx,
+					 struct smb2_tree *tree,
+					 struct smb2_getinfo *b,
+					 size_t fixed,
+					 DATA_BLOB full)
+{
+	size_t i;
+
+	for (i=0; i<=full.length; i++) {
+		NTSTATUS status;
+
+		b->in.output_buffer_length = i;
+
+		status = smb2_getinfo(tree, tree, b);
+
+		if (i < fixed) {
+			torture_assert_ntstatus_equal(
+				tctx, status, NT_STATUS_INFO_LENGTH_MISMATCH,
+				"Wrong error code small buffer");
+			continue;
+		}
+
+		if (i<full.length) {
+			torture_assert_ntstatus_equal(
+				tctx, status, STATUS_BUFFER_OVERFLOW,
+				"Wrong error code for large buffer");
+			/*
+			 * TODO: compare the output buffer. That seems a bit
+			 * difficult, because for level 5 for example the
+			 * label length is adjusted to what is there. And some
+			 * reserved fields seem to be not initialized to 0.
+			 */
+			TALLOC_FREE(b->out.blob.data);
+			continue;
+		}
+
+		torture_assert_ntstatus_equal(
+			tctx, status, NT_STATUS_OK,
+			"Wrong error code for right sized buffer");
+	}
+
+	return true;
+}
+
+struct level_buffersize {
+	int level;
+	size_t fixed;
+};
+
+static bool torture_smb2_qfs_buffercheck(struct torture_context *tctx)
+{
+	bool ret;
+	struct smb2_tree *tree;
+	NTSTATUS status;
+	struct smb2_handle handle;
+	int i;
+
+	struct level_buffersize levels[] = {
+		{ 1, 24 },	/* We don't have proper defines here */
+		{ 3, 24 },
+		{ 4, 8 },
+		{ 5, 16 },
+		{ 6, 48 },
+		{ 7, 32 },
+		{ 11, 28 },
+	};
+
+	torture_comment(tctx, "Testing SMB2_GETINFO_FS buffer sizes\n");
+
+	ret = torture_smb2_connection(tctx, &tree);
+	torture_assert(tctx, ret, "connection failed");
+
+	status = smb2_util_roothandle(tree, &handle);
+	torture_assert_ntstatus_ok(
+		tctx, status, "Unable to create root handle");
+
+	for (i=0; i<ARRAY_SIZE(levels); i++) {
+		struct smb2_getinfo b;
+
+		if (TARGET_IS_SAMBA3(tctx) &&
+		    ((levels[i].level == 6) || (levels[i].level == 11))) {
+			continue;
+		}
+
+		ZERO_STRUCT(b);
+		b.in.info_type			= SMB2_0_INFO_FILESYSTEM;
+		b.in.info_class			= levels[i].level;
+		b.in.file.handle		= handle;
+		b.in.output_buffer_length	= 65535;
+
+		status = smb2_getinfo(tree, tree, &b);
+
+		torture_assert_ntstatus_equal(
+			tctx, status, NT_STATUS_OK,
+			"Wrong error code for large buffer");
+
+		ret = torture_smb2_buffercheck_err(
+			tctx, tree, &b, levels[i].fixed, b.out.blob);
+		if (!ret) {
+			return ret;
+		}
+	}
+
+	return true;
+}
+
+static bool torture_smb2_qfile_buffercheck(struct torture_context *tctx)
+{
+	bool ret;
+	struct smb2_tree *tree;
+	struct smb2_create c;
+	NTSTATUS status;
+	struct smb2_handle handle;
+	int i;
+
+	struct level_buffersize levels[] = {
+		{ 4, 40 },
+		{ 5, 24 },
+		{ 6, 8 },
+		{ 7, 4 },
+		{ 8, 4 },
+		{ 16, 4 },
+		{ 17, 4 },
+		{ 18, 104 },
+		{ 21, 8 },
+		{ 22, 32 },
+		{ 28, 16 },
+		{ 34, 56 },
+		{ 35, 8 },
+	};
+
+	torture_comment(tctx, "Testing SMB2_GETINFO_FILE buffer sizes\n");
+
+	ret = torture_smb2_connection(tctx, &tree);
+	torture_assert(tctx, ret, "connection failed");
+
+	ZERO_STRUCT(c);
+	c.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED;
+	c.in.file_attributes   = FILE_ATTRIBUTE_NORMAL;
+	c.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+	c.in.share_access =
+		NTCREATEX_SHARE_ACCESS_DELETE|
+		NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	c.in.create_options = 0;
+	c.in.fname = "bufsize.txt";
+
+	c.in.eas.num_eas = 2;
+	c.in.eas.eas = talloc_array(tree, struct ea_struct, 2);
+	c.in.eas.eas[0].flags = 0;
+	c.in.eas.eas[0].name.s = "EAONE";
+	c.in.eas.eas[0].value = data_blob_talloc(c.in.eas.eas, "VALUE1", 6);
+	c.in.eas.eas[1].flags = 0;
+	c.in.eas.eas[1].name.s = "SECONDEA";
+	c.in.eas.eas[1].value = data_blob_talloc(c.in.eas.eas, "ValueTwo", 8);
+
+	status = smb2_create(tree, tree, &c);
+	torture_assert_ntstatus_ok(
+		tctx, status, "Unable to create test file");
+
+	handle = c.out.file.handle;
+
+	for (i=0; i<ARRAY_SIZE(levels); i++) {
+		struct smb2_getinfo b;
+
+		ZERO_STRUCT(b);
+		b.in.info_type			= SMB2_0_INFO_FILE;
+		b.in.info_class			= levels[i].level;
+		b.in.file.handle		= handle;
+		b.in.output_buffer_length	= 65535;
+
+		status = smb2_getinfo(tree, tree, &b);
+		if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) {
+			continue;
+		}
+		torture_assert_ntstatus_equal(
+			tctx, status, NT_STATUS_OK,
+			"Wrong error code for large buffer");
+
+		ret = torture_smb2_buffercheck_err(
+			tctx, tree, &b, levels[i].fixed, b.out.blob);
+		if (!ret) {
+			return ret;
+		}
+	}
+	return true;
+}
+
+static bool torture_smb2_qsec_buffercheck(struct torture_context *tctx)
+{
+	struct smb2_getinfo b;
+	bool ret;
+	struct smb2_tree *tree;
+	struct smb2_create c;
+	NTSTATUS status;
+	struct smb2_handle handle;
+
+	torture_comment(tctx, "Testing SMB2_GETINFO_SECURITY buffer sizes\n");
+
+	ret = torture_smb2_connection(tctx, &tree);
+	torture_assert(tctx, ret, "connection failed");
+
+	ZERO_STRUCT(c);
+	c.in.oplock_level = 0;
+	c.in.desired_access = SEC_STD_SYNCHRONIZE | SEC_DIR_READ_ATTRIBUTE |
+		SEC_DIR_LIST | SEC_STD_READ_CONTROL;
+	c.in.file_attributes   = 0;
+	c.in.create_disposition = NTCREATEX_DISP_OPEN;
+	c.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	c.in.create_options = NTCREATEX_OPTIONS_ASYNC_ALERT;
+	c.in.fname = "";
+
+	status = smb2_create(tree, tree, &c);
+	torture_assert_ntstatus_ok(
+		tctx, status, "Unable to create root handle");
+
+	handle = c.out.file.handle;
+
+	ZERO_STRUCT(b);
+	b.in.info_type			= SMB2_0_INFO_SECURITY;
+	b.in.info_class			= 0;
+	b.in.file.handle		= handle;
+	b.in.output_buffer_length	= 0;
+
+	status = smb2_getinfo(tree, tree, &b);
+	torture_assert_ntstatus_equal(
+		tctx, status, NT_STATUS_BUFFER_TOO_SMALL,
+		"Wrong error code for large buffer");
+
+	b.in.output_buffer_length	= 1;
+	status = smb2_getinfo(tree, tree, &b);
+	torture_assert_ntstatus_equal(
+		tctx, status, NT_STATUS_BUFFER_TOO_SMALL,
+		"Wrong error code for large buffer");
+
+	return true;
+}
+
+/* basic testing of all SMB2 getinfo levels
+*/
+static bool torture_smb2_getinfo(struct torture_context *tctx)
+{
+	struct smb2_tree *tree;
+	bool ret = true;
+	NTSTATUS status;
+
+	ret = torture_smb2_connection(tctx, &tree);
+	torture_assert(tctx, ret, "connection failed");
+
+	smb2_deltree(tree, FNAME);
+	smb2_deltree(tree, DNAME);
+
+	status = torture_setup_complex_file(tctx, tree, FNAME);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "setup complex file " FNAME);
+
+	status = torture_setup_complex_file(tctx, tree, FNAME ":streamtwo");
+	torture_assert_ntstatus_ok(tctx, status,
+				   "setup complex file " FNAME ":streamtwo");
+
+	status = torture_setup_complex_dir(tctx, tree, DNAME);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "setup complex dir " DNAME);
+
+	status = torture_setup_complex_file(tctx, tree, DNAME ":streamtwo");
+	torture_assert_ntstatus_ok(tctx, status,
+				   "setup complex dir " DNAME ":streamtwo");
+
+	ret &= torture_smb2_fileinfo(tctx, tree);
+
+	return ret;
+}
+
+#undef LEVEL
+#define LEVEL(l, u, ua, ra) \
+	.name = #l, \
+	.level = l, \
+	.unrestricted = u, \
+	.unrestricted_access = ua, \
+	.required_access = ra
+
+static struct {
+	const char *name;
+	uint16_t level;
+	bool unrestricted;
+	uint32_t unrestricted_access;
+	uint32_t required_access;
+} file_levels_access[] = {
+	/*
+	 * The following info levels are not checked:
+	 * - FileFullEaInformation and FileIdInformation:
+	 *   not implemented by the s4/libcli/raw
+	 * - all pipe infolevels: that should be tested elsewhere by RPC tests
+	 */
+
+	/*
+	 * The following allow unrestricted access, so requesting
+	 * SEC_FILE_READ_ATTRIBUTE works, SEC_FILE_READ_ATTRIBUTE or
+	 * SEC_FILE_READ_EA as well of course.
+	 */
+	{ LEVEL(RAW_FILEINFO_STANDARD_INFORMATION, true, SEC_STD_SYNCHRONIZE, SEC_FILE_READ_ATTRIBUTE) },
+	{ LEVEL(RAW_FILEINFO_INTERNAL_INFORMATION, true, SEC_STD_SYNCHRONIZE, SEC_FILE_READ_ATTRIBUTE) },
+	{ LEVEL(RAW_FILEINFO_ACCESS_INFORMATION, true, SEC_STD_SYNCHRONIZE, SEC_FILE_READ_ATTRIBUTE) },
+	{ LEVEL(RAW_FILEINFO_POSITION_INFORMATION, true, SEC_STD_SYNCHRONIZE, SEC_FILE_READ_ATTRIBUTE) },
+	{ LEVEL(RAW_FILEINFO_MODE_INFORMATION, true, SEC_STD_SYNCHRONIZE, SEC_FILE_READ_ATTRIBUTE) },
+	{ LEVEL(RAW_FILEINFO_ALIGNMENT_INFORMATION, true, SEC_STD_SYNCHRONIZE, SEC_FILE_READ_ATTRIBUTE) },
+	{ LEVEL(RAW_FILEINFO_ALT_NAME_INFORMATION, true, SEC_STD_SYNCHRONIZE, SEC_FILE_READ_ATTRIBUTE) },
+	{ LEVEL(RAW_FILEINFO_STREAM_INFORMATION, true, SEC_STD_SYNCHRONIZE, SEC_FILE_READ_ATTRIBUTE) },
+	{ LEVEL(RAW_FILEINFO_COMPRESSION_INFORMATION, true, SEC_STD_SYNCHRONIZE, SEC_FILE_READ_ATTRIBUTE) },
+	{ LEVEL(RAW_FILEINFO_NORMALIZED_NAME_INFORMATION, true, SEC_STD_SYNCHRONIZE, SEC_FILE_READ_ATTRIBUTE) },
+	{ LEVEL(RAW_FILEINFO_EA_INFORMATION, true, SEC_STD_SYNCHRONIZE, SEC_FILE_READ_EA) },
+
+	/*
+	 * The following require either SEC_FILE_READ_ATTRIBUTE or
+	 * SEC_FILE_READ_EA.
+	 */
+	{ LEVEL(RAW_FILEINFO_BASIC_INFORMATION, false, SEC_STD_SYNCHRONIZE, SEC_FILE_READ_ATTRIBUTE) },
+	{ LEVEL(RAW_FILEINFO_ALL_INFORMATION, false, SEC_STD_SYNCHRONIZE, SEC_FILE_READ_ATTRIBUTE) },
+	{ LEVEL(RAW_FILEINFO_NETWORK_OPEN_INFORMATION, false, SEC_STD_SYNCHRONIZE, SEC_FILE_READ_ATTRIBUTE) },
+	{ LEVEL(RAW_FILEINFO_ATTRIBUTE_TAG_INFORMATION, false, SEC_STD_SYNCHRONIZE, SEC_FILE_READ_ATTRIBUTE) },
+	{ LEVEL(RAW_FILEINFO_SMB2_ALL_INFORMATION, false, SEC_STD_SYNCHRONIZE, SEC_FILE_READ_ATTRIBUTE) },
+	{ LEVEL(RAW_FILEINFO_SMB2_ALL_EAS, false, SEC_STD_SYNCHRONIZE, SEC_FILE_READ_EA) },
+	/* Also try SEC_FILE_READ_ATTRIBUTE to show that it is the wrong one */
+	{ LEVEL(RAW_FILEINFO_SMB2_ALL_EAS, false, SEC_FILE_READ_ATTRIBUTE, SEC_FILE_READ_EA) },
+	{ LEVEL(RAW_FILEINFO_SEC_DESC, false, SEC_STD_SYNCHRONIZE, SEC_STD_READ_CONTROL) },
+	/* Also try SEC_FILE_READ_ATTRIBUTE to show that it is the wrong one */
+	{ LEVEL(RAW_FILEINFO_SEC_DESC, false, SEC_FILE_READ_ATTRIBUTE, SEC_STD_READ_CONTROL) }
+};
+
+
+/*
+  test fileinfo levels
+*/
+static bool torture_smb2_getfinfo_access(struct torture_context *tctx,
+					 struct smb2_tree *tree)
+{
+	const char *fname = "torture_smb2_getfinfo_access";
+	struct smb2_handle hfile;
+	NTSTATUS status;
+	bool ret = true;
+	int i;
+
+	smb2_deltree(tree, fname);
+
+	torture_setup_complex_file(tctx, tree, fname);
+
+	for (i = 0; i < ARRAY_SIZE(file_levels_access); i++) {
+		union smb_fileinfo finfo;
+		NTSTATUS expected_status;
+
+		/*
+		 * First open with unrestricted_access, SEC_STD_SYNCHRONIZE for
+		 * most tests, info levels with unrestricted=true should allow
+		 * this.
+		 */
+		status = torture_smb2_testfile_access(
+			tree, fname, &hfile, file_levels_access[i].unrestricted_access);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					   "Unable to open test file\n");
+
+		if (file_levels_access[i].level == RAW_FILEINFO_SEC_DESC) {
+			finfo.query_secdesc.in.secinfo_flags = 0x7;
+		}
+		if (file_levels_access[i].level == RAW_FILEINFO_SMB2_ALL_EAS) {
+			finfo.all_eas.in.continue_flags =
+				SMB2_CONTINUE_FLAG_RESTART;
+		}
+
+		finfo.generic.level = file_levels_access[i].level;
+		finfo.generic.in.file.handle = hfile;
+
+		if (file_levels_access[i].unrestricted) {
+			expected_status = NT_STATUS_OK;
+		} else {
+			expected_status = NT_STATUS_ACCESS_DENIED;
+		}
+
+		status = smb2_getinfo_file(tree, tree, &finfo);
+		torture_assert_ntstatus_equal_goto(
+			tctx, status, expected_status, ret, done,
+			talloc_asprintf(tctx, "Level %s failed\n",
+					file_levels_access[i].name));
+
+		smb2_util_close(tree, hfile);
+
+		/*
+		 * Now open with expected access, getinfo should work.
+		 */
+		status = torture_smb2_testfile_access(
+			tree, fname, &hfile, file_levels_access[i].required_access);
+		torture_assert_ntstatus_ok_goto(
+			tctx, status, ret, done,
+			"Unable to open test file\n");
+
+		if (file_levels_access[i].level == RAW_FILEINFO_SEC_DESC) {
+			finfo.query_secdesc.in.secinfo_flags = 0x7;
+		}
+		if (file_levels_access[i].level == RAW_FILEINFO_SMB2_ALL_EAS) {
+			finfo.all_eas.in.continue_flags =
+				SMB2_CONTINUE_FLAG_RESTART;
+		}
+		finfo.generic.level = file_levels_access[i].level;
+		finfo.generic.in.file.handle = hfile;
+
+		status = smb2_getinfo_file(tree, tree, &finfo);
+		torture_assert_ntstatus_ok_goto(
+			tctx, status, ret, done,
+			talloc_asprintf(tctx, "%s on file",
+					file_levels_access[i].name));
+
+		smb2_util_close(tree, hfile);
+	}
+
+done:
+	smb2_deltree(tree, fname);
+	return ret;
+}
+
+struct torture_suite *torture_smb2_getinfo_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(
+		ctx, "getinfo");
+
+	torture_suite_add_simple_test(suite, "complex", torture_smb2_getinfo);
+	torture_suite_add_simple_test(suite, "fsinfo",  torture_smb2_fsinfo);
+	torture_suite_add_simple_test(suite, "qfs_buffercheck",
+				      torture_smb2_qfs_buffercheck);
+	torture_suite_add_simple_test(suite, "qfile_buffercheck",
+				      torture_smb2_qfile_buffercheck);
+	torture_suite_add_simple_test(suite, "qsec_buffercheck",
+				      torture_smb2_qsec_buffercheck);
+	torture_suite_add_simple_test(suite, "granted",
+				      torture_smb2_fileinfo_grant_read);
+	torture_suite_add_simple_test(suite, "normalized",
+				      torture_smb2_fileinfo_normalized);
+	torture_suite_add_1smb2_test(suite, "getinfo_access",
+				     torture_smb2_getfinfo_access);
+	return suite;
+}
diff --git a/source4/torture/smb2/ioctl.c b/source4/torture/smb2/ioctl.c
new file mode 100644
index 0000000..3765dc0
--- /dev/null
+++ b/source4/torture/smb2/ioctl.c
@@ -0,0 +1,7552 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   test suite for SMB2 ioctl operations
+
+   Copyright (C) David Disseldorp 2011-2016
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/security.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "torture/torture.h"
+#include "torture/smb2/proto.h"
+#include "../libcli/smb/smbXcli_base.h"
+#include "librpc/gen_ndr/ndr_ioctl.h"
+#include "lib/cmdline/cmdline.h"
+#include "libcli/resolve/resolve.h"
+#include "lib/param/param.h"
+#include "lib/util/tevent_ntstatus.h"
+
+#define FNAME	"testfsctl.dat"
+#define FNAME2	"testfsctl2.dat"
+#define DNAME	"testfsctl_dir"
+
+/*
+   basic testing of SMB2 shadow copy calls
+*/
+static bool test_ioctl_get_shadow_copy(struct torture_context *torture,
+				       struct smb2_tree *tree)
+{
+	struct smb2_handle h;
+	uint8_t buf[100];
+	NTSTATUS status;
+	union smb_ioctl ioctl;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+
+	smb2_util_unlink(tree, FNAME);
+
+	status = torture_smb2_testfile(tree, FNAME, &h);
+	torture_assert_ntstatus_ok(torture, status, "create write");
+
+	ZERO_ARRAY(buf);
+	status = smb2_util_write(tree, h, buf, 0, ARRAY_SIZE(buf));
+	torture_assert_ntstatus_ok(torture, status, "write");
+
+	ZERO_STRUCT(ioctl);
+	ioctl.smb2.level = RAW_IOCTL_SMB2;
+	ioctl.smb2.in.file.handle = h;
+	ioctl.smb2.in.function = FSCTL_SRV_ENUM_SNAPS;
+	ioctl.smb2.in.max_output_response = 16;
+	ioctl.smb2.in.flags = SMB2_IOCTL_FLAG_IS_FSCTL;
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)
+	 || NT_STATUS_EQUAL(status, NT_STATUS_INVALID_DEVICE_REQUEST)) {
+		torture_skip(torture, "FSCTL_SRV_ENUM_SNAPS not supported\n");
+	}
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SRV_ENUM_SNAPS");
+
+	return true;
+}
+
+/*
+   basic testing of the SMB2 server side copy ioctls
+*/
+static bool test_ioctl_req_resume_key(struct torture_context *torture,
+				      struct smb2_tree *tree)
+{
+	struct smb2_handle h;
+	uint8_t buf[100];
+	NTSTATUS status;
+	union smb_ioctl ioctl;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct req_resume_key_rsp res_key;
+	enum ndr_err_code ndr_ret;
+
+	smb2_util_unlink(tree, FNAME);
+
+	status = torture_smb2_testfile(tree, FNAME, &h);
+	torture_assert_ntstatus_ok(torture, status, "create write");
+
+	ZERO_ARRAY(buf);
+	status = smb2_util_write(tree, h, buf, 0, ARRAY_SIZE(buf));
+	torture_assert_ntstatus_ok(torture, status, "write");
+
+	ZERO_STRUCT(ioctl);
+	ioctl.smb2.level = RAW_IOCTL_SMB2;
+	ioctl.smb2.in.file.handle = h;
+	ioctl.smb2.in.function = FSCTL_SRV_REQUEST_RESUME_KEY;
+	ioctl.smb2.in.max_output_response = 32;
+	ioctl.smb2.in.flags = SMB2_IOCTL_FLAG_IS_FSCTL;
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SRV_REQUEST_RESUME_KEY");
+
+	ndr_ret = ndr_pull_struct_blob(&ioctl.smb2.out.out, tmp_ctx, &res_key,
+			(ndr_pull_flags_fn_t)ndr_pull_req_resume_key_rsp);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_pull_req_resume_key_rsp");
+
+	NDR_PRINT_DEBUG(req_resume_key_rsp, &res_key);
+
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+/*
+   testing fetching a resume key twice for one file handle
+*/
+static bool test_ioctl_req_two_resume_keys(struct torture_context *torture,
+					   struct smb2_tree *tree)
+{
+	struct smb2_handle h;
+	uint8_t buf[100];
+	NTSTATUS status;
+	union smb_ioctl ioctl;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct req_resume_key_rsp res_key;
+	enum ndr_err_code ndr_ret;
+
+	smb2_util_unlink(tree, FNAME);
+
+	status = torture_smb2_testfile(tree, FNAME, &h);
+	torture_assert_ntstatus_ok(torture, status, "create write");
+
+	ZERO_ARRAY(buf);
+	status = smb2_util_write(tree, h, buf, 0, ARRAY_SIZE(buf));
+	torture_assert_ntstatus_ok(torture, status, "write");
+
+	ZERO_STRUCT(ioctl);
+	ioctl.smb2.level = RAW_IOCTL_SMB2;
+	ioctl.smb2.in.file.handle = h;
+	ioctl.smb2.in.function = FSCTL_SRV_REQUEST_RESUME_KEY;
+	ioctl.smb2.in.max_output_response = 32;
+	ioctl.smb2.in.flags = SMB2_IOCTL_FLAG_IS_FSCTL;
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SRV_REQUEST_RESUME_KEY");
+
+	ndr_ret = ndr_pull_struct_blob(&ioctl.smb2.out.out, tmp_ctx, &res_key,
+			(ndr_pull_flags_fn_t)ndr_pull_req_resume_key_rsp);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_pull_req_resume_key_rsp");
+
+	NDR_PRINT_DEBUG(req_resume_key_rsp, &res_key);
+
+	ZERO_STRUCT(ioctl);
+	ioctl.smb2.level = RAW_IOCTL_SMB2;
+	ioctl.smb2.in.file.handle = h;
+	ioctl.smb2.in.function = FSCTL_SRV_REQUEST_RESUME_KEY;
+	ioctl.smb2.in.max_output_response = 32;
+	ioctl.smb2.in.flags = SMB2_IOCTL_FLAG_IS_FSCTL;
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SRV_REQUEST_RESUME_KEY");
+
+	ndr_ret = ndr_pull_struct_blob(&ioctl.smb2.out.out, tmp_ctx, &res_key,
+			(ndr_pull_flags_fn_t)ndr_pull_req_resume_key_rsp);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_pull_req_resume_key_rsp");
+
+	NDR_PRINT_DEBUG(req_resume_key_rsp, &res_key);
+
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static uint64_t patt_hash(uint64_t off)
+{
+	return off;
+}
+
+static bool write_pattern(struct torture_context *torture,
+			  struct smb2_tree *tree, TALLOC_CTX *mem_ctx,
+			  struct smb2_handle h, uint64_t off, uint64_t len,
+			  uint64_t patt_off)
+{
+	NTSTATUS status;
+	uint64_t i;
+	uint8_t *buf;
+	uint64_t io_sz = MIN(1024 * 64, len);
+
+	if (len == 0) {
+		return true;
+	}
+
+	torture_assert(torture, (len % 8) == 0, "invalid write len");
+
+	buf = talloc_zero_size(mem_ctx, io_sz);
+	torture_assert(torture, (buf != NULL), "no memory for file data buf");
+
+	while (len > 0) {
+		for (i = 0; i <= io_sz - 8; i += 8) {
+			SBVAL(buf, i, patt_hash(patt_off));
+			patt_off += 8;
+		}
+
+		status = smb2_util_write(tree, h,
+					 buf, off, io_sz);
+		torture_assert_ntstatus_ok(torture, status, "file write");
+
+		len -= io_sz;
+		off += io_sz;
+	}
+
+	talloc_free(buf);
+
+	return true;
+}
+
+static bool check_pattern(struct torture_context *torture,
+			  struct smb2_tree *tree, TALLOC_CTX *mem_ctx,
+			  struct smb2_handle h, uint64_t off, uint64_t len,
+			  uint64_t patt_off)
+{
+	if (len == 0) {
+		return true;
+	}
+
+	torture_assert(torture, (len % 8) == 0, "invalid read len");
+
+	while (len > 0) {
+		uint64_t i;
+		struct smb2_read r;
+		NTSTATUS status;
+		uint64_t io_sz = MIN(1024 * 64, len);
+
+		ZERO_STRUCT(r);
+		r.in.file.handle = h;
+		r.in.length      = io_sz;
+		r.in.offset      = off;
+		status = smb2_read(tree, mem_ctx, &r);
+		torture_assert_ntstatus_ok(torture, status, "read");
+
+		torture_assert_u64_equal(torture, r.out.data.length, io_sz,
+					 "read data len mismatch");
+
+		for (i = 0; i <= io_sz - 8; i += 8, patt_off += 8) {
+			uint64_t data = BVAL(r.out.data.data, i);
+			torture_assert_u64_equal(torture, data, patt_hash(patt_off),
+						 talloc_asprintf(torture, "read data "
+								 "pattern bad at %llu\n",
+								 (unsigned long long)off + i));
+		}
+		talloc_free(r.out.data.data);
+		len -= io_sz;
+		off += io_sz;
+	}
+
+	return true;
+}
+
+static bool check_zero(struct torture_context *torture,
+		       struct smb2_tree *tree, TALLOC_CTX *mem_ctx,
+		       struct smb2_handle h, uint64_t off, uint64_t len)
+{
+	uint64_t i;
+	struct smb2_read r;
+	NTSTATUS status;
+
+	if (len == 0) {
+		return true;
+	}
+
+	ZERO_STRUCT(r);
+	r.in.file.handle = h;
+	r.in.length      = len;
+	r.in.offset      = off;
+	status = smb2_read(tree, mem_ctx, &r);
+	torture_assert_ntstatus_ok(torture, status, "read");
+
+	torture_assert_u64_equal(torture, r.out.data.length, len,
+				 "read data len mismatch");
+
+	for (i = 0; i <= len - 8; i += 8) {
+		uint64_t data = BVAL(r.out.data.data, i);
+		torture_assert_u64_equal(torture, data, 0,
+					 talloc_asprintf(mem_ctx, "read zero "
+							 "bad at %llu\n",
+							 (unsigned long long)i));
+	}
+
+	talloc_free(r.out.data.data);
+	return true;
+}
+
+static bool test_setup_open(struct torture_context *torture,
+			    struct smb2_tree *tree, TALLOC_CTX *mem_ctx,
+			    const char *fname,
+			    struct smb2_handle *fh,
+			    uint32_t desired_access,
+			    uint32_t file_attributes)
+{
+	struct smb2_create io;
+	NTSTATUS status;
+
+	ZERO_STRUCT(io);
+	io.in.desired_access = desired_access;
+	io.in.file_attributes = file_attributes;
+	io.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.in.share_access =
+		NTCREATEX_SHARE_ACCESS_DELETE|
+		NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	if (file_attributes & FILE_ATTRIBUTE_DIRECTORY) {
+		io.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	}
+	io.in.fname = fname;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	torture_assert_ntstatus_ok(torture, status, "file create");
+
+	*fh = io.out.file.handle;
+
+	return true;
+}
+
+static bool test_setup_create_fill(struct torture_context *torture,
+				   struct smb2_tree *tree, TALLOC_CTX *mem_ctx,
+				   const char *fname,
+				   struct smb2_handle *fh,
+				   uint64_t size,
+				   uint32_t desired_access,
+				   uint32_t file_attributes)
+{
+	bool ok;
+	uint32_t initial_access = desired_access;
+
+	if (size > 0) {
+		initial_access |= SEC_FILE_APPEND_DATA;
+	}
+
+	smb2_util_unlink(tree, fname);
+
+	ok = test_setup_open(torture, tree, mem_ctx,
+			     fname,
+			     fh,
+			     initial_access,
+			     file_attributes);
+	torture_assert(torture, ok, "file create");
+
+	if (size > 0) {
+		ok = write_pattern(torture, tree, mem_ctx, *fh, 0, size, 0);
+		torture_assert(torture, ok, "write pattern");
+	}
+
+	if (initial_access != desired_access) {
+		smb2_util_close(tree, *fh);
+		ok = test_setup_open(torture, tree, mem_ctx,
+				     fname,
+				     fh,
+				     desired_access,
+				     file_attributes);
+		torture_assert(torture, ok, "file open");
+	}
+
+	return true;
+}
+
+static bool test_setup_copy_chunk(struct torture_context *torture,
+				  struct smb2_tree *src_tree,
+				  struct smb2_tree *dst_tree,
+				  TALLOC_CTX *mem_ctx,
+				  uint32_t nchunks,
+				  const char *src_name,
+				  struct smb2_handle *src_h,
+				  uint64_t src_size,
+				  uint32_t src_desired_access,
+				  const char *dst_name,
+				  struct smb2_handle *dest_h,
+				  uint64_t dest_size,
+				  uint32_t dest_desired_access,
+				  struct srv_copychunk_copy *cc_copy,
+				  union smb_ioctl *ioctl)
+{
+	struct req_resume_key_rsp res_key;
+	bool ok;
+	NTSTATUS status;
+	enum ndr_err_code ndr_ret;
+
+	ok = test_setup_create_fill(torture, src_tree, mem_ctx, src_name,
+				    src_h, src_size, src_desired_access,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "src file create fill");
+
+	ok = test_setup_create_fill(torture, dst_tree, mem_ctx, dst_name,
+				    dest_h, dest_size, dest_desired_access,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "dest file create fill");
+
+	ZERO_STRUCTPN(ioctl);
+	ioctl->smb2.level = RAW_IOCTL_SMB2;
+	ioctl->smb2.in.file.handle = *src_h;
+	ioctl->smb2.in.function = FSCTL_SRV_REQUEST_RESUME_KEY;
+	/* Allow for Key + ContextLength + Context */
+	ioctl->smb2.in.max_output_response = 32;
+	ioctl->smb2.in.flags = SMB2_IOCTL_FLAG_IS_FSCTL;
+
+	status = smb2_ioctl(src_tree, mem_ctx, &ioctl->smb2);
+	torture_assert_ntstatus_ok(torture, status,
+				   "FSCTL_SRV_REQUEST_RESUME_KEY");
+
+	ndr_ret = ndr_pull_struct_blob(&ioctl->smb2.out.out, mem_ctx, &res_key,
+			(ndr_pull_flags_fn_t)ndr_pull_req_resume_key_rsp);
+
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_pull_req_resume_key_rsp");
+
+	ZERO_STRUCTPN(ioctl);
+	ioctl->smb2.level = RAW_IOCTL_SMB2;
+	ioctl->smb2.in.file.handle = *dest_h;
+	ioctl->smb2.in.function = FSCTL_SRV_COPYCHUNK;
+	ioctl->smb2.in.max_output_response = sizeof(struct srv_copychunk_rsp);
+	ioctl->smb2.in.flags = SMB2_IOCTL_FLAG_IS_FSCTL;
+
+	ZERO_STRUCTPN(cc_copy);
+	memcpy(cc_copy->source_key, res_key.resume_key, ARRAY_SIZE(cc_copy->source_key));
+	cc_copy->chunk_count = nchunks;
+	cc_copy->chunks = talloc_zero_array(mem_ctx, struct srv_copychunk, nchunks);
+	torture_assert(torture, (cc_copy->chunks != NULL), "no memory for chunks");
+
+	return true;
+}
+
+
+static bool check_copy_chunk_rsp(struct torture_context *torture,
+				 struct srv_copychunk_rsp *cc_rsp,
+				 uint32_t ex_chunks_written,
+				 uint32_t ex_chunk_bytes_written,
+				 uint32_t ex_total_bytes_written)
+{
+	torture_assert_int_equal(torture, cc_rsp->chunks_written,
+				 ex_chunks_written, "num chunks");
+	torture_assert_int_equal(torture, cc_rsp->chunk_bytes_written,
+				 ex_chunk_bytes_written, "chunk bytes written");
+	torture_assert_int_equal(torture, cc_rsp->total_bytes_written,
+				 ex_total_bytes_written, "chunk total bytes");
+	return true;
+}
+
+static bool test_ioctl_copy_chunk_simple(struct torture_context *torture,
+					 struct smb2_tree *tree)
+{
+	struct smb2_handle src_h;
+	struct smb2_handle dest_h;
+	NTSTATUS status;
+	union smb_ioctl ioctl;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct srv_copychunk_copy cc_copy;
+	struct srv_copychunk_rsp cc_rsp;
+	enum ndr_err_code ndr_ret;
+	bool ok;
+
+	ok = test_setup_copy_chunk(torture, tree, tree, tmp_ctx,
+				   1, /* 1 chunk */
+				   FNAME,
+				   &src_h, 4096, /* fill 4096 byte src file */
+				   SEC_RIGHTS_FILE_ALL,
+				   FNAME2,
+				   &dest_h, 0,	/* 0 byte dest file */
+				   SEC_RIGHTS_FILE_ALL,
+				   &cc_copy,
+				   &ioctl);
+	if (!ok) {
+		torture_fail(torture, "setup copy chunk error");
+	}
+
+	/* copy all src file data (via a single chunk desc) */
+	cc_copy.chunks[0].source_off = 0;
+	cc_copy.chunks[0].target_off = 0;
+	cc_copy.chunks[0].length = 4096;
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &cc_copy,
+			(ndr_push_flags_fn_t)ndr_push_srv_copychunk_copy);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_push_srv_copychunk_copy");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SRV_COPYCHUNK");
+
+	ndr_ret = ndr_pull_struct_blob(&ioctl.smb2.out.out, tmp_ctx,
+				       &cc_rsp,
+			(ndr_pull_flags_fn_t)ndr_pull_srv_copychunk_rsp);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_pull_srv_copychunk_rsp");
+
+	ok = check_copy_chunk_rsp(torture, &cc_rsp,
+				  1,	/* chunks written */
+				  0,	/* chunk bytes unsuccessfully written */
+				  4096); /* total bytes written */
+	if (!ok) {
+		torture_fail(torture, "bad copy chunk response data");
+	}
+
+	ok = check_pattern(torture, tree, tmp_ctx, dest_h, 0, 4096, 0);
+	if (!ok) {
+		torture_fail(torture, "inconsistent file data");
+	}
+
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_copy_chunk_multi(struct torture_context *torture,
+					struct smb2_tree *tree)
+{
+	struct smb2_handle src_h;
+	struct smb2_handle dest_h;
+	NTSTATUS status;
+	union smb_ioctl ioctl;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct srv_copychunk_copy cc_copy;
+	struct srv_copychunk_rsp cc_rsp;
+	enum ndr_err_code ndr_ret;
+	bool ok;
+
+	ok = test_setup_copy_chunk(torture, tree, tree, tmp_ctx,
+				   2, /* chunks */
+				   FNAME,
+				   &src_h, 8192, /* src file */
+				   SEC_RIGHTS_FILE_ALL,
+				   FNAME2,
+				   &dest_h, 0,	/* dest file */
+				   SEC_RIGHTS_FILE_ALL,
+				   &cc_copy,
+				   &ioctl);
+	if (!ok) {
+		torture_fail(torture, "setup copy chunk error");
+	}
+
+	/* copy all src file data via two chunks */
+	cc_copy.chunks[0].source_off = 0;
+	cc_copy.chunks[0].target_off = 0;
+	cc_copy.chunks[0].length = 4096;
+
+	cc_copy.chunks[1].source_off = 4096;
+	cc_copy.chunks[1].target_off = 4096;
+	cc_copy.chunks[1].length = 4096;
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &cc_copy,
+			(ndr_push_flags_fn_t)ndr_push_srv_copychunk_copy);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_push_srv_copychunk_copy");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SRV_COPYCHUNK");
+
+	ndr_ret = ndr_pull_struct_blob(&ioctl.smb2.out.out, tmp_ctx,
+				       &cc_rsp,
+			(ndr_pull_flags_fn_t)ndr_pull_srv_copychunk_rsp);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_pull_srv_copychunk_rsp");
+
+	ok = check_copy_chunk_rsp(torture, &cc_rsp,
+				  2,	/* chunks written */
+				  0,	/* chunk bytes unsuccessfully written */
+				  8192);	/* total bytes written */
+	if (!ok) {
+		torture_fail(torture, "bad copy chunk response data");
+	}
+
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_copy_chunk_tiny(struct torture_context *torture,
+				       struct smb2_tree *tree)
+{
+	struct smb2_handle src_h;
+	struct smb2_handle dest_h;
+	NTSTATUS status;
+	union smb_ioctl ioctl;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct srv_copychunk_copy cc_copy;
+	struct srv_copychunk_rsp cc_rsp;
+	enum ndr_err_code ndr_ret;
+	bool ok;
+
+	ok = test_setup_copy_chunk(torture, tree, tree, tmp_ctx,
+				   2, /* chunks */
+				   FNAME,
+				   &src_h, 96, /* src file */
+				   SEC_RIGHTS_FILE_ALL,
+				   FNAME2,
+				   &dest_h, 0,	/* dest file */
+				   SEC_RIGHTS_FILE_ALL,
+				   &cc_copy,
+				   &ioctl);
+	if (!ok) {
+		torture_fail(torture, "setup copy chunk error");
+	}
+
+	/* copy all src file data via two chunks, sub block size chunks */
+	cc_copy.chunks[0].source_off = 0;
+	cc_copy.chunks[0].target_off = 0;
+	cc_copy.chunks[0].length = 48;
+
+	cc_copy.chunks[1].source_off = 48;
+	cc_copy.chunks[1].target_off = 48;
+	cc_copy.chunks[1].length = 48;
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &cc_copy,
+			(ndr_push_flags_fn_t)ndr_push_srv_copychunk_copy);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_push_srv_copychunk_copy");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SRV_COPYCHUNK");
+
+	ndr_ret = ndr_pull_struct_blob(&ioctl.smb2.out.out, tmp_ctx,
+				       &cc_rsp,
+			(ndr_pull_flags_fn_t)ndr_pull_srv_copychunk_rsp);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_pull_srv_copychunk_rsp");
+
+	ok = check_copy_chunk_rsp(torture, &cc_rsp,
+				  2,	/* chunks written */
+				  0,	/* chunk bytes unsuccessfully written */
+				  96);	/* total bytes written */
+	if (!ok) {
+		torture_fail(torture, "bad copy chunk response data");
+	}
+
+	ok = check_pattern(torture, tree, tmp_ctx, dest_h, 0, 96, 0);
+	if (!ok) {
+		torture_fail(torture, "inconsistent file data");
+	}
+
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_copy_chunk_over(struct torture_context *torture,
+				       struct smb2_tree *tree)
+{
+	struct smb2_handle src_h;
+	struct smb2_handle dest_h;
+	NTSTATUS status;
+	union smb_ioctl ioctl;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct srv_copychunk_copy cc_copy;
+	struct srv_copychunk_rsp cc_rsp;
+	enum ndr_err_code ndr_ret;
+	bool ok;
+
+	ok = test_setup_copy_chunk(torture, tree, tree, tmp_ctx,
+				   2, /* chunks */
+				   FNAME,
+				   &src_h, 8192, /* src file */
+				   SEC_RIGHTS_FILE_ALL,
+				   FNAME2,
+				   &dest_h, 4096, /* dest file */
+				   SEC_RIGHTS_FILE_ALL,
+				   &cc_copy,
+				   &ioctl);
+	if (!ok) {
+		torture_fail(torture, "setup copy chunk error");
+	}
+
+	/* first chunk overwrites existing dest data */
+	cc_copy.chunks[0].source_off = 0;
+	cc_copy.chunks[0].target_off = 0;
+	cc_copy.chunks[0].length = 4096;
+
+	/* second chunk overwrites the first */
+	cc_copy.chunks[1].source_off = 4096;
+	cc_copy.chunks[1].target_off = 0;
+	cc_copy.chunks[1].length = 4096;
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &cc_copy,
+			(ndr_push_flags_fn_t)ndr_push_srv_copychunk_copy);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_push_srv_copychunk_copy");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SRV_COPYCHUNK");
+
+	ndr_ret = ndr_pull_struct_blob(&ioctl.smb2.out.out, tmp_ctx,
+				       &cc_rsp,
+			(ndr_pull_flags_fn_t)ndr_pull_srv_copychunk_rsp);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_pull_srv_copychunk_rsp");
+
+	ok = check_copy_chunk_rsp(torture, &cc_rsp,
+				  2,	/* chunks written */
+				  0,	/* chunk bytes unsuccessfully written */
+				  8192); /* total bytes written */
+	if (!ok) {
+		torture_fail(torture, "bad copy chunk response data");
+	}
+
+	ok = check_pattern(torture, tree, tmp_ctx, dest_h, 0, 4096, 4096);
+	if (!ok) {
+		torture_fail(torture, "inconsistent file data");
+	}
+
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_copy_chunk_append(struct torture_context *torture,
+				       struct smb2_tree *tree)
+{
+	struct smb2_handle src_h;
+	struct smb2_handle dest_h;
+	NTSTATUS status;
+	union smb_ioctl ioctl;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct srv_copychunk_copy cc_copy;
+	struct srv_copychunk_rsp cc_rsp;
+	enum ndr_err_code ndr_ret;
+	bool ok;
+
+	ok = test_setup_copy_chunk(torture, tree, tree, tmp_ctx,
+				   2, /* chunks */
+				   FNAME,
+				   &src_h, 4096, /* src file */
+				   SEC_RIGHTS_FILE_ALL,
+				   FNAME2,
+				   &dest_h, 0,	/* dest file */
+				   SEC_RIGHTS_FILE_ALL,
+				   &cc_copy,
+				   &ioctl);
+	if (!ok) {
+		torture_fail(torture, "setup copy chunk error");
+	}
+
+	cc_copy.chunks[0].source_off = 0;
+	cc_copy.chunks[0].target_off = 0;
+	cc_copy.chunks[0].length = 4096;
+
+	/* second chunk appends the same data to the first */
+	cc_copy.chunks[1].source_off = 0;
+	cc_copy.chunks[1].target_off = 4096;
+	cc_copy.chunks[1].length = 4096;
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &cc_copy,
+			(ndr_push_flags_fn_t)ndr_push_srv_copychunk_copy);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_push_srv_copychunk_copy");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SRV_COPYCHUNK");
+
+	ndr_ret = ndr_pull_struct_blob(&ioctl.smb2.out.out, tmp_ctx,
+				       &cc_rsp,
+			(ndr_pull_flags_fn_t)ndr_pull_srv_copychunk_rsp);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_pull_srv_copychunk_rsp");
+
+	ok = check_copy_chunk_rsp(torture, &cc_rsp,
+				  2,	/* chunks written */
+				  0,	/* chunk bytes unsuccessfully written */
+				  8192); /* total bytes written */
+	if (!ok) {
+		torture_fail(torture, "bad copy chunk response data");
+	}
+
+	ok = check_pattern(torture, tree, tmp_ctx, dest_h, 0, 4096, 0);
+	if (!ok) {
+		torture_fail(torture, "inconsistent file data");
+	}
+
+	ok = check_pattern(torture, tree, tmp_ctx, dest_h, 4096, 4096, 0);
+	if (!ok) {
+		torture_fail(torture, "inconsistent file data");
+	}
+
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_copy_chunk_limits(struct torture_context *torture,
+					 struct smb2_tree *tree)
+{
+	struct smb2_handle src_h;
+	struct smb2_handle dest_h;
+	NTSTATUS status;
+	union smb_ioctl ioctl;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct srv_copychunk_copy cc_copy;
+	struct srv_copychunk_rsp cc_rsp;
+	enum ndr_err_code ndr_ret;
+	bool ok;
+
+	ok = test_setup_copy_chunk(torture, tree, tree, tmp_ctx,
+				   1, /* chunks */
+				   FNAME,
+				   &src_h, 4096, /* src file */
+				   SEC_RIGHTS_FILE_ALL,
+				   FNAME2,
+				   &dest_h, 0,	/* dest file */
+				   SEC_RIGHTS_FILE_ALL,
+				   &cc_copy,
+				   &ioctl);
+	if (!ok) {
+		torture_fail(torture, "setup copy chunk error");
+	}
+
+	/* send huge chunk length request */
+	cc_copy.chunks[0].source_off = 0;
+	cc_copy.chunks[0].target_off = 0;
+	cc_copy.chunks[0].length = UINT_MAX;
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &cc_copy,
+			(ndr_push_flags_fn_t)ndr_push_srv_copychunk_copy);
+	torture_assert_ndr_success(torture, ndr_ret, "marshalling request");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_equal(torture, status,
+				      NT_STATUS_INVALID_PARAMETER,
+				      "bad oversize chunk response");
+
+	ndr_ret = ndr_pull_struct_blob(&ioctl.smb2.out.out, tmp_ctx,
+				       &cc_rsp,
+			(ndr_pull_flags_fn_t)ndr_pull_srv_copychunk_rsp);
+	torture_assert_ndr_success(torture, ndr_ret, "unmarshalling response");
+
+	torture_comment(torture, "limit max chunks, got %u\n",
+			cc_rsp.chunks_written);
+	torture_comment(torture, "limit max chunk len, got %u\n",
+			cc_rsp.chunk_bytes_written);
+	torture_comment(torture, "limit max total bytes, got %u\n",
+			cc_rsp.total_bytes_written);
+
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_copy_chunk_src_lck(struct torture_context *torture,
+					  struct smb2_tree *tree)
+{
+	struct smb2_handle src_h;
+	struct smb2_handle src_h2;
+	struct smb2_handle dest_h;
+	NTSTATUS status;
+	union smb_ioctl ioctl;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct srv_copychunk_copy cc_copy;
+	struct srv_copychunk_rsp cc_rsp;
+	enum ndr_err_code ndr_ret;
+	bool ok;
+	struct smb2_lock lck;
+	struct smb2_lock_element el[1];
+
+	ok = test_setup_copy_chunk(torture, tree, tree, tmp_ctx,
+				   1, /* chunks */
+				   FNAME,
+				   &src_h, 4096, /* src file */
+				   SEC_RIGHTS_FILE_ALL,
+				   FNAME2,
+				   &dest_h, 0,	/* dest file */
+				   SEC_RIGHTS_FILE_ALL,
+				   &cc_copy,
+				   &ioctl);
+	if (!ok) {
+		torture_fail(torture, "setup copy chunk error");
+	}
+
+	cc_copy.chunks[0].source_off = 0;
+	cc_copy.chunks[0].target_off = 0;
+	cc_copy.chunks[0].length = 4096;
+
+	/* open and lock the copychunk src file */
+	status = torture_smb2_testfile(tree, FNAME, &src_h2);
+	torture_assert_ntstatus_ok(torture, status, "2nd src open");
+
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x00000000;
+	lck.in.file.handle	= src_h2;
+	lck.in.locks		= el;
+	el[0].offset		= cc_copy.chunks[0].source_off;
+	el[0].length		= cc_copy.chunks[0].length;
+	el[0].reserved		= 0;
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE;
+
+	status = smb2_lock(tree, &lck);
+	torture_assert_ntstatus_ok(torture, status, "lock");
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &cc_copy,
+			(ndr_push_flags_fn_t)ndr_push_srv_copychunk_copy);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_push_srv_copychunk_copy");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	/*
+	 * 2k12 & Samba return lock_conflict, Windows 7 & 2k8 return success...
+	 *
+	 * Edgar Olougouna @ MS wrote:
+	 * Regarding the FSCTL_SRV_COPYCHUNK and STATUS_FILE_LOCK_CONFLICT
+	 * discrepancy observed between Windows versions, we confirm that the
+	 * behavior change is expected.
+	 *
+	 * CopyChunk in Windows Server 2012 use regular Readfile/Writefile APIs
+	 * to move the chunks from the source to the destination.
+	 * These ReadFile/WriteFile APIs go through the byte-range lock checks,
+	 * and this explains the observed STATUS_FILE_LOCK_CONFLICT error.
+	 *
+	 * Prior to Windows Server 2012, CopyChunk used mapped sections to move
+	 * the data. And byte range locks are not enforced on mapped I/O, and
+	 * this explains the STATUS_SUCCESS observed on Windows Server 2008 R2.
+	 */
+	torture_assert_ntstatus_equal(torture, status,
+				      NT_STATUS_FILE_LOCK_CONFLICT,
+				      "FSCTL_SRV_COPYCHUNK locked");
+
+	/* should get cc response data with the lock conflict status */
+	ndr_ret = ndr_pull_struct_blob(&ioctl.smb2.out.out, tmp_ctx,
+				       &cc_rsp,
+			(ndr_pull_flags_fn_t)ndr_pull_srv_copychunk_rsp);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_pull_srv_copychunk_rsp");
+	ok = check_copy_chunk_rsp(torture, &cc_rsp,
+				  0,	/* chunks written */
+				  0,	/* chunk bytes unsuccessfully written */
+				  0);	/* total bytes written */
+
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x00000001;
+	lck.in.file.handle	= src_h2;
+	lck.in.locks		= el;
+	el[0].offset		= cc_copy.chunks[0].source_off;
+	el[0].length		= cc_copy.chunks[0].length;
+	el[0].reserved		= 0;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	torture_assert_ntstatus_ok(torture, status, "unlock");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok(torture, status,
+				   "FSCTL_SRV_COPYCHUNK unlocked");
+
+	ndr_ret = ndr_pull_struct_blob(&ioctl.smb2.out.out, tmp_ctx,
+				       &cc_rsp,
+			(ndr_pull_flags_fn_t)ndr_pull_srv_copychunk_rsp);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_pull_srv_copychunk_rsp");
+
+	ok = check_copy_chunk_rsp(torture, &cc_rsp,
+				  1,	/* chunks written */
+				  0,	/* chunk bytes unsuccessfully written */
+				  4096); /* total bytes written */
+	if (!ok) {
+		torture_fail(torture, "bad copy chunk response data");
+	}
+
+	ok = check_pattern(torture, tree, tmp_ctx, dest_h, 0, 4096, 0);
+	if (!ok) {
+		torture_fail(torture, "inconsistent file data");
+	}
+
+	smb2_util_close(tree, src_h2);
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_copy_chunk_dest_lck(struct torture_context *torture,
+					   struct smb2_tree *tree)
+{
+	struct smb2_handle src_h;
+	struct smb2_handle dest_h;
+	struct smb2_handle dest_h2;
+	NTSTATUS status;
+	union smb_ioctl ioctl;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct srv_copychunk_copy cc_copy;
+	struct srv_copychunk_rsp cc_rsp;
+	enum ndr_err_code ndr_ret;
+	bool ok;
+	struct smb2_lock lck;
+	struct smb2_lock_element el[1];
+
+	ok = test_setup_copy_chunk(torture, tree, tree, tmp_ctx,
+				   1, /* chunks */
+				   FNAME,
+				   &src_h, 4096, /* src file */
+				   SEC_RIGHTS_FILE_ALL,
+				   FNAME2,
+				   &dest_h, 4096,	/* dest file */
+				   SEC_RIGHTS_FILE_ALL,
+				   &cc_copy,
+				   &ioctl);
+	if (!ok) {
+		torture_fail(torture, "setup copy chunk error");
+	}
+
+	cc_copy.chunks[0].source_off = 0;
+	cc_copy.chunks[0].target_off = 0;
+	cc_copy.chunks[0].length = 4096;
+
+	/* open and lock the copychunk dest file */
+	status = torture_smb2_testfile(tree, FNAME2, &dest_h2);
+	torture_assert_ntstatus_ok(torture, status, "2nd src open");
+
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x00000000;
+	lck.in.file.handle	= dest_h2;
+	lck.in.locks		= el;
+	el[0].offset		= cc_copy.chunks[0].target_off;
+	el[0].length		= cc_copy.chunks[0].length;
+	el[0].reserved		= 0;
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE;
+
+	status = smb2_lock(tree, &lck);
+	torture_assert_ntstatus_ok(torture, status, "lock");
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &cc_copy,
+			(ndr_push_flags_fn_t)ndr_push_srv_copychunk_copy);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_push_srv_copychunk_copy");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_equal(torture, status,
+				      NT_STATUS_FILE_LOCK_CONFLICT,
+				      "FSCTL_SRV_COPYCHUNK locked");
+
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x00000001;
+	lck.in.file.handle	= dest_h2;
+	lck.in.locks		= el;
+	el[0].offset		= cc_copy.chunks[0].target_off;
+	el[0].length		= cc_copy.chunks[0].length;
+	el[0].reserved		= 0;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	torture_assert_ntstatus_ok(torture, status, "unlock");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok(torture, status,
+				   "FSCTL_SRV_COPYCHUNK unlocked");
+
+	ndr_ret = ndr_pull_struct_blob(&ioctl.smb2.out.out, tmp_ctx,
+				       &cc_rsp,
+			(ndr_pull_flags_fn_t)ndr_pull_srv_copychunk_rsp);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_pull_srv_copychunk_rsp");
+
+	ok = check_copy_chunk_rsp(torture, &cc_rsp,
+				  1,	/* chunks written */
+				  0,	/* chunk bytes unsuccessfully written */
+				  4096); /* total bytes written */
+	if (!ok) {
+		torture_fail(torture, "bad copy chunk response data");
+	}
+
+	ok = check_pattern(torture, tree, tmp_ctx, dest_h, 0, 4096, 0);
+	if (!ok) {
+		torture_fail(torture, "inconsistent file data");
+	}
+
+	smb2_util_close(tree, dest_h2);
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_copy_chunk_bad_key(struct torture_context *torture,
+					  struct smb2_tree *tree)
+{
+	struct smb2_handle src_h;
+	struct smb2_handle dest_h;
+	NTSTATUS status;
+	union smb_ioctl ioctl;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct srv_copychunk_copy cc_copy;
+	enum ndr_err_code ndr_ret;
+	bool ok;
+
+	ok = test_setup_copy_chunk(torture, tree, tree, tmp_ctx,
+				   1,
+				   FNAME,
+				   &src_h, 4096,
+				   SEC_RIGHTS_FILE_ALL,
+				   FNAME2,
+				   &dest_h, 0,
+				   SEC_RIGHTS_FILE_ALL,
+				   &cc_copy,
+				   &ioctl);
+	if (!ok) {
+		torture_fail(torture, "setup copy chunk error");
+	}
+
+	/* overwrite the resume key with a bogus value */
+	memcpy(cc_copy.source_key, "deadbeefdeadbeefdeadbeef", 24);
+
+	cc_copy.chunks[0].source_off = 0;
+	cc_copy.chunks[0].target_off = 0;
+	cc_copy.chunks[0].length = 4096;
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &cc_copy,
+			(ndr_push_flags_fn_t)ndr_push_srv_copychunk_copy);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_push_srv_copychunk_copy");
+
+	/* Server 2k12 returns NT_STATUS_OBJECT_NAME_NOT_FOUND */
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_equal(torture, status,
+				      NT_STATUS_OBJECT_NAME_NOT_FOUND,
+				      "FSCTL_SRV_COPYCHUNK");
+
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_copy_chunk_src_is_dest(struct torture_context *torture,
+					      struct smb2_tree *tree)
+{
+	struct smb2_handle src_h;
+	struct smb2_handle dest_h;
+	NTSTATUS status;
+	union smb_ioctl ioctl;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct srv_copychunk_copy cc_copy;
+	struct srv_copychunk_rsp cc_rsp;
+	enum ndr_err_code ndr_ret;
+	bool ok;
+
+	ok = test_setup_copy_chunk(torture, tree, tree, tmp_ctx,
+				   1,
+				   FNAME,
+				   &src_h, 8192,
+				   SEC_RIGHTS_FILE_ALL,
+				   FNAME2,
+				   &dest_h, 0,
+				   SEC_RIGHTS_FILE_ALL,
+				   &cc_copy,
+				   &ioctl);
+	if (!ok) {
+		torture_fail(torture, "setup copy chunk error");
+	}
+
+	/* the source is also the destination */
+	ioctl.smb2.in.file.handle = src_h;
+
+	/* non-overlapping */
+	cc_copy.chunks[0].source_off = 0;
+	cc_copy.chunks[0].target_off = 4096;
+	cc_copy.chunks[0].length = 4096;
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &cc_copy,
+			(ndr_push_flags_fn_t)ndr_push_srv_copychunk_copy);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_push_srv_copychunk_copy");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok(torture, status,
+				   "FSCTL_SRV_COPYCHUNK");
+
+	ndr_ret = ndr_pull_struct_blob(&ioctl.smb2.out.out, tmp_ctx,
+				       &cc_rsp,
+			(ndr_pull_flags_fn_t)ndr_pull_srv_copychunk_rsp);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_pull_srv_copychunk_rsp");
+
+	ok = check_copy_chunk_rsp(torture, &cc_rsp,
+				  1,	/* chunks written */
+				  0,	/* chunk bytes unsuccessfully written */
+				  4096); /* total bytes written */
+	if (!ok) {
+		torture_fail(torture, "bad copy chunk response data");
+	}
+
+	ok = check_pattern(torture, tree, tmp_ctx, src_h, 0, 4096, 0);
+	if (!ok) {
+		torture_fail(torture, "inconsistent file data");
+	}
+	ok = check_pattern(torture, tree, tmp_ctx, src_h, 4096, 4096, 0);
+	if (!ok) {
+		torture_fail(torture, "inconsistent file data");
+	}
+
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+/*
+ * Test a single-chunk copychunk request, where the source and target ranges
+ * overlap, and the SourceKey refers to the same target file. E.g:
+ *
+ * Initial State
+ * -------------
+ * 	File:		src_and_dest
+ * 	Offset:		0123456789
+ * 	Data:		abcdefghij
+ *
+ * Request
+ * -------
+ * 	FSCTL_SRV_COPYCHUNK(src_and_dest)
+ * 	SourceKey = SRV_REQUEST_RESUME_KEY(src_and_dest)
+ * 	ChunkCount = 1
+ * 	Chunks[0].SourceOffset = 0
+ * 	Chunks[0].TargetOffset = 4
+ * 	Chunks[0].Length = 6
+ *
+ * Resultant State
+ * ---------------
+ * 	File:		src_and_dest
+ * 	Offset:		0123456789
+ * 	Data:		abcdabcdef
+ *
+ * The resultant contents of src_and_dest is dependent on the server's
+ * copy algorithm. In the above example, the server uses an IO buffer
+ * large enough to hold the entire six-byte source data before writing
+ * to TargetOffset. If the server were to use a four-byte IO buffer and
+ * started reads/writes from the lowest offset, then the two overlapping
+ * bytes in the above example would be overwritten before being read. The
+ * resultant file contents would be abcdabcdab.
+ *
+ * Windows 2008r2 appears to use a 2048 byte copy buffer, overlapping bytes
+ * after this offset are written before being read. Windows 2012 on the
+ * other hand appears to use a buffer large enough to hold its maximum
+ * supported chunk size (1M). Samba currently uses a 64k copy buffer by
+ * default (vfs_cc_state.buf).
+ *
+ * This test uses an 8-byte overlap at 2040-2048, so that it passes against
+ * Windows 2008r2, 2012 and Samba servers. Note, 2008GM fails, as it appears
+ * to use a different copy algorithm to 2008r2.
+ */
+static bool
+test_ioctl_copy_chunk_src_is_dest_overlap(struct torture_context *torture,
+					  struct smb2_tree *tree)
+{
+	struct smb2_handle src_h;
+	struct smb2_handle dest_h;
+	NTSTATUS status;
+	union smb_ioctl ioctl;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct srv_copychunk_copy cc_copy;
+	struct srv_copychunk_rsp cc_rsp;
+	enum ndr_err_code ndr_ret;
+	bool ok;
+
+	/* exceed the vfs_default copy buffer */
+	ok = test_setup_copy_chunk(torture, tree, tree, tmp_ctx,
+				   1,
+				   FNAME,
+				   &src_h, 2048 * 2,
+				   SEC_RIGHTS_FILE_ALL,
+				   FNAME2,
+				   &dest_h, 0,
+				   SEC_RIGHTS_FILE_ALL,
+				   &cc_copy,
+				   &ioctl);
+	if (!ok) {
+		torture_fail(torture, "setup copy chunk error");
+	}
+
+	/* the source is also the destination */
+	ioctl.smb2.in.file.handle = src_h;
+
+	/* 8 bytes overlap between source and target ranges */
+	cc_copy.chunks[0].source_off = 0;
+	cc_copy.chunks[0].target_off = 2048 - 8;
+	cc_copy.chunks[0].length = 2048;
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &cc_copy,
+			(ndr_push_flags_fn_t)ndr_push_srv_copychunk_copy);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_push_srv_copychunk_copy");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok(torture, status,
+				   "FSCTL_SRV_COPYCHUNK");
+
+	ndr_ret = ndr_pull_struct_blob(&ioctl.smb2.out.out, tmp_ctx,
+				       &cc_rsp,
+			(ndr_pull_flags_fn_t)ndr_pull_srv_copychunk_rsp);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_pull_srv_copychunk_rsp");
+
+	ok = check_copy_chunk_rsp(torture, &cc_rsp,
+				  1,	/* chunks written */
+				  0,	/* chunk bytes unsuccessfully written */
+				  2048); /* total bytes written */
+	if (!ok) {
+		torture_fail(torture, "bad copy chunk response data");
+	}
+
+	ok = check_pattern(torture, tree, tmp_ctx, src_h, 0, 2048 - 8, 0);
+	if (!ok) {
+		torture_fail(torture, "inconsistent file data");
+	}
+	ok = check_pattern(torture, tree, tmp_ctx, src_h, 2048 - 8, 2048, 0);
+	if (!ok) {
+		torture_fail(torture, "inconsistent file data");
+	}
+
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_copy_chunk_bad_access(struct torture_context *torture,
+					     struct smb2_tree *tree)
+{
+	struct smb2_handle src_h;
+	struct smb2_handle dest_h;
+	NTSTATUS status;
+	union smb_ioctl ioctl;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct srv_copychunk_copy cc_copy;
+	enum ndr_err_code ndr_ret;
+	bool ok;
+	/* read permission on src */
+	ok = test_setup_copy_chunk(torture, tree, tree, tmp_ctx, 1, /* 1 chunk */
+				   FNAME, &src_h, 4096, /* fill 4096 byte src file */
+				   SEC_FILE_READ_DATA | SEC_FILE_READ_ATTRIBUTE,
+				   FNAME2, &dest_h, 0, /* 0 byte dest file */
+				   SEC_RIGHTS_FILE_ALL, &cc_copy, &ioctl);
+	if (!ok) {
+		torture_fail(torture, "setup copy chunk error");
+	}
+
+	cc_copy.chunks[0].source_off = 0;
+	cc_copy.chunks[0].target_off = 0;
+	cc_copy.chunks[0].length = 4096;
+
+	ndr_ret = ndr_push_struct_blob(
+	    &ioctl.smb2.in.out, tmp_ctx, &cc_copy,
+	    (ndr_push_flags_fn_t)ndr_push_srv_copychunk_copy);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_push_srv_copychunk_copy");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,
+				      "FSCTL_SRV_COPYCHUNK");
+
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+
+	/* execute permission on src */
+	ok = test_setup_copy_chunk(torture, tree, tree, tmp_ctx, 1, /* 1 chunk */
+				   FNAME, &src_h, 4096, /* fill 4096 byte src file */
+				   SEC_FILE_EXECUTE | SEC_FILE_READ_ATTRIBUTE,
+				   FNAME2, &dest_h, 0, /* 0 byte dest file */
+				   SEC_RIGHTS_FILE_ALL, &cc_copy, &ioctl);
+	if (!ok) {
+		torture_fail(torture, "setup copy chunk error");
+	}
+
+	cc_copy.chunks[0].source_off = 0;
+	cc_copy.chunks[0].target_off = 0;
+	cc_copy.chunks[0].length = 4096;
+
+	ndr_ret = ndr_push_struct_blob(
+	    &ioctl.smb2.in.out, tmp_ctx, &cc_copy,
+	    (ndr_push_flags_fn_t)ndr_push_srv_copychunk_copy);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_push_srv_copychunk_copy");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,
+				      "FSCTL_SRV_COPYCHUNK");
+
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+
+	/* neither read nor execute permission on src */
+	ok = test_setup_copy_chunk(torture, tree, tree, tmp_ctx, 1, /* 1 chunk */
+				   FNAME, &src_h, 4096, /* fill 4096 byte src file */
+				   SEC_FILE_READ_ATTRIBUTE, FNAME2, &dest_h,
+				   0, /* 0 byte dest file */
+				   SEC_RIGHTS_FILE_ALL, &cc_copy, &ioctl);
+	if (!ok) {
+		torture_fail(torture, "setup copy chunk error");
+	}
+
+	cc_copy.chunks[0].source_off = 0;
+	cc_copy.chunks[0].target_off = 0;
+	cc_copy.chunks[0].length = 4096;
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &cc_copy,
+			(ndr_push_flags_fn_t)ndr_push_srv_copychunk_copy);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_push_srv_copychunk_copy");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_equal(torture, status,
+				      NT_STATUS_ACCESS_DENIED,
+				      "FSCTL_SRV_COPYCHUNK");
+
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+
+	/* no write permission on dest */
+	ok = test_setup_copy_chunk(
+	    torture, tree, tree, tmp_ctx, 1, /* 1 chunk */
+	    FNAME, &src_h, 4096, /* fill 4096 byte src file */
+	    SEC_FILE_READ_DATA | SEC_FILE_READ_ATTRIBUTE, FNAME2, &dest_h,
+	    0, /* 0 byte dest file */
+	    (SEC_RIGHTS_FILE_ALL &
+	     ~(SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA)),
+	    &cc_copy, &ioctl);
+	if (!ok) {
+		torture_fail(torture, "setup copy chunk error");
+	}
+
+	cc_copy.chunks[0].source_off = 0;
+	cc_copy.chunks[0].target_off = 0;
+	cc_copy.chunks[0].length = 4096;
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &cc_copy,
+			(ndr_push_flags_fn_t)ndr_push_srv_copychunk_copy);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_push_srv_copychunk_copy");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_equal(torture, status,
+				      NT_STATUS_ACCESS_DENIED,
+				      "FSCTL_SRV_COPYCHUNK");
+
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+
+	/* no read permission on dest */
+	ok = test_setup_copy_chunk(torture, tree, tree, tmp_ctx, 1, /* 1 chunk */
+				   FNAME, &src_h, 4096, /* fill 4096 byte src file */
+				   SEC_FILE_READ_DATA | SEC_FILE_READ_ATTRIBUTE,
+				   FNAME2, &dest_h, 0, /* 0 byte dest file */
+				   (SEC_RIGHTS_FILE_ALL & ~SEC_FILE_READ_DATA),
+				   &cc_copy, &ioctl);
+	if (!ok) {
+		torture_fail(torture, "setup copy chunk error");
+	}
+
+	cc_copy.chunks[0].source_off = 0;
+	cc_copy.chunks[0].target_off = 0;
+	cc_copy.chunks[0].length = 4096;
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &cc_copy,
+			(ndr_push_flags_fn_t)ndr_push_srv_copychunk_copy);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_push_srv_copychunk_copy");
+
+	/*
+	 * FSCTL_SRV_COPYCHUNK requires read permission on dest,
+	 * FSCTL_SRV_COPYCHUNK_WRITE on the other hand does not.
+	 */
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_equal(torture, status,
+				      NT_STATUS_ACCESS_DENIED,
+				      "FSCTL_SRV_COPYCHUNK");
+
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+	talloc_free(tmp_ctx);
+
+	return true;
+}
+
+static bool test_ioctl_copy_chunk_write_access(struct torture_context *torture,
+					       struct smb2_tree *tree)
+{
+	struct smb2_handle src_h;
+	struct smb2_handle dest_h;
+	NTSTATUS status;
+	union smb_ioctl ioctl;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct srv_copychunk_copy cc_copy;
+	enum ndr_err_code ndr_ret;
+	bool ok;
+
+	/* no read permission on dest with FSCTL_SRV_COPYCHUNK_WRITE */
+	ok = test_setup_copy_chunk(torture, tree, tree, tmp_ctx,
+				   1, /* 1 chunk */
+				   FNAME,
+				   &src_h, 4096, /* fill 4096 byte src file */
+				   SEC_RIGHTS_FILE_ALL,
+				   FNAME2,
+				   &dest_h, 0,	/* 0 byte dest file */
+				   (SEC_RIGHTS_FILE_WRITE
+				    | SEC_RIGHTS_FILE_EXECUTE),
+				   &cc_copy,
+				   &ioctl);
+	if (!ok) {
+		torture_fail(torture, "setup copy chunk error");
+	}
+
+	ioctl.smb2.in.function = FSCTL_SRV_COPYCHUNK_WRITE;
+	cc_copy.chunks[0].source_off = 0;
+	cc_copy.chunks[0].target_off = 0;
+	cc_copy.chunks[0].length = 4096;
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &cc_copy,
+			(ndr_push_flags_fn_t)ndr_push_srv_copychunk_copy);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_push_srv_copychunk_copy");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok(torture, status,
+				   "FSCTL_SRV_COPYCHUNK_WRITE");
+
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+	talloc_free(tmp_ctx);
+
+	return true;
+}
+
+static bool test_ioctl_copy_chunk_src_exceed(struct torture_context *torture,
+					     struct smb2_tree *tree)
+{
+	struct smb2_handle src_h;
+	struct smb2_handle dest_h;
+	NTSTATUS status;
+	union smb_ioctl ioctl;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct srv_copychunk_copy cc_copy;
+	struct srv_copychunk_rsp cc_rsp;
+	enum ndr_err_code ndr_ret;
+	bool ok;
+
+	ok = test_setup_copy_chunk(torture, tree, tree, tmp_ctx,
+				   1, /* 1 chunk */
+				   FNAME,
+				   &src_h, 4096, /* fill 4096 byte src file */
+				   SEC_RIGHTS_FILE_ALL,
+				   FNAME2,
+				   &dest_h, 0,	/* 0 byte dest file */
+				   SEC_RIGHTS_FILE_ALL,
+				   &cc_copy,
+				   &ioctl);
+	if (!ok) {
+		torture_fail(torture, "setup copy chunk error");
+	}
+
+	/* Request copy where off + length exceeds size of src */
+	cc_copy.chunks[0].source_off = 1024;
+	cc_copy.chunks[0].target_off = 0;
+	cc_copy.chunks[0].length = 4096;
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &cc_copy,
+			(ndr_push_flags_fn_t)ndr_push_srv_copychunk_copy);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_push_srv_copychunk_copy");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_equal(torture, status,
+				      NT_STATUS_INVALID_VIEW_SIZE,
+				      "FSCTL_SRV_COPYCHUNK oversize");
+
+	/* Request copy where length exceeds size of src */
+	cc_copy.chunks[0].source_off = 1024;
+	cc_copy.chunks[0].target_off = 0;
+	cc_copy.chunks[0].length = 3072;
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &cc_copy,
+			(ndr_push_flags_fn_t)ndr_push_srv_copychunk_copy);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_push_srv_copychunk_copy");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok(torture, status,
+				   "FSCTL_SRV_COPYCHUNK just right");
+
+	ndr_ret = ndr_pull_struct_blob(&ioctl.smb2.out.out, tmp_ctx,
+				       &cc_rsp,
+			(ndr_pull_flags_fn_t)ndr_pull_srv_copychunk_rsp);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_pull_srv_copychunk_rsp");
+
+	ok = check_copy_chunk_rsp(torture, &cc_rsp,
+				  1,	/* chunks written */
+				  0,	/* chunk bytes unsuccessfully written */
+				  3072); /* total bytes written */
+	if (!ok) {
+		torture_fail(torture, "bad copy chunk response data");
+	}
+
+	ok = check_pattern(torture, tree, tmp_ctx, dest_h, 0, 3072, 1024);
+	if (!ok) {
+		torture_fail(torture, "inconsistent file data");
+	}
+
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool
+test_ioctl_copy_chunk_src_exceed_multi(struct torture_context *torture,
+				       struct smb2_tree *tree)
+{
+	struct smb2_handle src_h;
+	struct smb2_handle dest_h;
+	NTSTATUS status;
+	union smb_ioctl ioctl;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct srv_copychunk_copy cc_copy;
+	struct srv_copychunk_rsp cc_rsp;
+	enum ndr_err_code ndr_ret;
+	bool ok;
+
+	ok = test_setup_copy_chunk(torture, tree, tree, tmp_ctx,
+				   2, /* 2 chunks */
+				   FNAME,
+				   &src_h, 8192, /* fill 8192 byte src file */
+				   SEC_RIGHTS_FILE_ALL,
+				   FNAME2,
+				   &dest_h, 0,	/* 0 byte dest file */
+				   SEC_RIGHTS_FILE_ALL,
+				   &cc_copy,
+				   &ioctl);
+	if (!ok) {
+		torture_fail(torture, "setup copy chunk error");
+	}
+
+	/* Request copy where off + length exceeds size of src */
+	cc_copy.chunks[0].source_off = 0;
+	cc_copy.chunks[0].target_off = 0;
+	cc_copy.chunks[0].length = 4096;
+
+	cc_copy.chunks[1].source_off = 4096;
+	cc_copy.chunks[1].target_off = 4096;
+	cc_copy.chunks[1].length = 8192;
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &cc_copy,
+			(ndr_push_flags_fn_t)ndr_push_srv_copychunk_copy);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_push_srv_copychunk_copy");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_equal(torture, status,
+				      NT_STATUS_INVALID_VIEW_SIZE,
+				      "FSCTL_SRV_COPYCHUNK oversize");
+	ndr_ret = ndr_pull_struct_blob(&ioctl.smb2.out.out, tmp_ctx,
+				       &cc_rsp,
+			(ndr_pull_flags_fn_t)ndr_pull_srv_copychunk_rsp);
+	torture_assert_ndr_success(torture, ndr_ret, "unmarshalling response");
+
+	/* first chunk should still be written */
+	ok = check_copy_chunk_rsp(torture, &cc_rsp,
+				  1,	/* chunks written */
+				  0,	/* chunk bytes unsuccessfully written */
+				  4096); /* total bytes written */
+	if (!ok) {
+		torture_fail(torture, "bad copy chunk response data");
+	}
+	ok = check_pattern(torture, tree, tmp_ctx, dest_h, 0, 4096, 0);
+	if (!ok) {
+		torture_fail(torture, "inconsistent file data");
+	}
+
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_copy_chunk_sparse_dest(struct torture_context *torture,
+					      struct smb2_tree *tree)
+{
+	struct smb2_handle src_h;
+	struct smb2_handle dest_h;
+	NTSTATUS status;
+	union smb_ioctl ioctl;
+	struct smb2_read r;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct srv_copychunk_copy cc_copy;
+	struct srv_copychunk_rsp cc_rsp;
+	enum ndr_err_code ndr_ret;
+	bool ok;
+	int i;
+
+	ok = test_setup_copy_chunk(torture, tree, tree, tmp_ctx,
+				   1, /* 1 chunk */
+				   FNAME,
+				   &src_h, 4096, /* fill 4096 byte src file */
+				   SEC_RIGHTS_FILE_ALL,
+				   FNAME2,
+				   &dest_h, 0,	/* 0 byte dest file */
+				   SEC_RIGHTS_FILE_ALL,
+				   &cc_copy,
+				   &ioctl);
+	if (!ok) {
+		torture_fail(torture, "setup copy chunk error");
+	}
+
+	/* copy all src file data (via a single chunk desc) */
+	cc_copy.chunks[0].source_off = 0;
+	cc_copy.chunks[0].target_off = 4096;
+	cc_copy.chunks[0].length = 4096;
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &cc_copy,
+			(ndr_push_flags_fn_t)ndr_push_srv_copychunk_copy);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_push_srv_copychunk_copy");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SRV_COPYCHUNK");
+
+	ndr_ret = ndr_pull_struct_blob(&ioctl.smb2.out.out, tmp_ctx,
+				       &cc_rsp,
+			(ndr_pull_flags_fn_t)ndr_pull_srv_copychunk_rsp);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_pull_srv_copychunk_rsp");
+
+	ok = check_copy_chunk_rsp(torture, &cc_rsp,
+				  1,	/* chunks written */
+				  0,	/* chunk bytes unsuccessfully written */
+				  4096); /* total bytes written */
+	if (!ok) {
+		torture_fail(torture, "bad copy chunk response data");
+	}
+
+	/* check for zeros in first 4k */
+	ZERO_STRUCT(r);
+	r.in.file.handle = dest_h;
+	r.in.length      = 4096;
+	r.in.offset      = 0;
+	status = smb2_read(tree, tmp_ctx, &r);
+	torture_assert_ntstatus_ok(torture, status, "read");
+
+	torture_assert_u64_equal(torture, r.out.data.length, 4096,
+				 "read data len mismatch");
+
+	for (i = 0; i < 4096; i++) {
+		torture_assert(torture, (r.out.data.data[i] == 0),
+			       "sparse did not pass class");
+	}
+
+	ok = check_pattern(torture, tree, tmp_ctx, dest_h, 4096, 4096, 0);
+	if (!ok) {
+		torture_fail(torture, "inconsistent file data");
+	}
+
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+/*
+ * set the ioctl MaxOutputResponse size to less than
+ * sizeof(struct srv_copychunk_rsp)
+ */
+static bool test_ioctl_copy_chunk_max_output_sz(struct torture_context *torture,
+						struct smb2_tree *tree)
+{
+	struct smb2_handle src_h;
+	struct smb2_handle dest_h;
+	NTSTATUS status;
+	union smb_ioctl ioctl;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct srv_copychunk_copy cc_copy;
+	enum ndr_err_code ndr_ret;
+	bool ok;
+
+	ok = test_setup_copy_chunk(torture, tree, tree, tmp_ctx,
+				   1, /* 1 chunk */
+				   FNAME,
+				   &src_h, 4096, /* fill 4096 byte src file */
+				   SEC_RIGHTS_FILE_ALL,
+				   FNAME2,
+				   &dest_h, 0,	/* 0 byte dest file */
+				   SEC_RIGHTS_FILE_ALL,
+				   &cc_copy,
+				   &ioctl);
+	if (!ok) {
+		torture_fail(torture, "setup copy chunk error");
+	}
+
+	cc_copy.chunks[0].source_off = 0;
+	cc_copy.chunks[0].target_off = 0;
+	cc_copy.chunks[0].length = 4096;
+	/* req is valid, but use undersize max_output_response */
+	ioctl.smb2.in.max_output_response = sizeof(struct srv_copychunk_rsp) - 1;
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &cc_copy,
+			(ndr_push_flags_fn_t)ndr_push_srv_copychunk_copy);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_push_srv_copychunk_copy");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_equal(torture, status,
+				      NT_STATUS_INVALID_PARAMETER,
+				      "FSCTL_SRV_COPYCHUNK");
+
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_copy_chunk_zero_length(struct torture_context *torture,
+					      struct smb2_tree *tree)
+{
+	struct smb2_handle src_h;
+	struct smb2_handle dest_h;
+	NTSTATUS status;
+	union smb_ioctl ioctl;
+	union smb_fileinfo q;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct srv_copychunk_copy cc_copy;
+	struct srv_copychunk_rsp cc_rsp;
+	enum ndr_err_code ndr_ret;
+	bool ok;
+
+	ok = test_setup_copy_chunk(torture, tree, tree, tmp_ctx,
+				   1, /* 1 chunk */
+				   FNAME,
+				   &src_h, 4096, /* fill 4096 byte src file */
+				   SEC_RIGHTS_FILE_ALL,
+				   FNAME2,
+				   &dest_h, 0,	/* 0 byte dest file */
+				   SEC_RIGHTS_FILE_ALL,
+				   &cc_copy,
+				   &ioctl);
+	if (!ok) {
+		torture_fail(torture, "setup copy chunk error");
+	}
+
+	/* zero length server-side copy (via a single chunk desc) */
+	cc_copy.chunks[0].source_off = 0;
+	cc_copy.chunks[0].target_off = 0;
+	cc_copy.chunks[0].length = 0;
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &cc_copy,
+			(ndr_push_flags_fn_t)ndr_push_srv_copychunk_copy);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_push_srv_copychunk_copy");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_equal(torture, status,
+				      NT_STATUS_INVALID_PARAMETER,
+				      "bad zero-length chunk response");
+
+	ndr_ret = ndr_pull_struct_blob(&ioctl.smb2.out.out, tmp_ctx,
+				       &cc_rsp,
+			(ndr_pull_flags_fn_t)ndr_pull_srv_copychunk_rsp);
+	torture_assert_ndr_success(torture, ndr_ret, "unmarshalling response");
+
+	ZERO_STRUCT(q);
+	q.all_info2.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+	q.all_info2.in.file.handle = dest_h;
+	status = smb2_getinfo_file(tree, torture, &q);
+	torture_assert_ntstatus_ok(torture, status, "getinfo");
+
+	torture_assert_int_equal(torture, q.all_info2.out.size, 0,
+				 "size after zero len clone");
+
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool copy_one_stream(struct torture_context *torture,
+			    struct smb2_tree *tree,
+			    TALLOC_CTX *tmp_ctx,
+			    const char *src_sname,
+			    const char *dst_sname)
+{
+	struct smb2_handle src_h = {{0}};
+	struct smb2_handle dest_h = {{0}};
+	NTSTATUS status;
+	union smb_ioctl io;
+	struct srv_copychunk_copy cc_copy;
+	struct srv_copychunk_rsp cc_rsp;
+	enum ndr_err_code ndr_ret;
+	bool ok = false;
+
+	ok = test_setup_copy_chunk(torture, tree, tree, tmp_ctx,
+				   1, /* 1 chunk */
+				   src_sname,
+				   &src_h, 256, /* fill 256 byte src file */
+				   SEC_FILE_READ_DATA | SEC_FILE_WRITE_DATA,
+				   dst_sname,
+				   &dest_h, 0,	/* 0 byte dest file */
+				   SEC_FILE_READ_DATA | SEC_FILE_WRITE_DATA,
+				   &cc_copy,
+				   &io);
+	torture_assert_goto(torture, ok == true, ok, done,
+			    "setup copy chunk error\n");
+
+	/* copy all src file data (via a single chunk desc) */
+	cc_copy.chunks[0].source_off = 0;
+	cc_copy.chunks[0].target_off = 0;
+	cc_copy.chunks[0].length = 256;
+
+	ndr_ret = ndr_push_struct_blob(
+		&io.smb2.in.out, tmp_ctx, &cc_copy,
+		(ndr_push_flags_fn_t)ndr_push_srv_copychunk_copy);
+
+	torture_assert_ndr_success_goto(torture, ndr_ret, ok, done,
+				   "ndr_push_srv_copychunk_copy\n");
+
+	status = smb2_ioctl(tree, tmp_ctx, &io.smb2);
+	torture_assert_ntstatus_ok_goto(torture, status, ok, done,
+					"FSCTL_SRV_COPYCHUNK\n");
+
+	ndr_ret = ndr_pull_struct_blob(
+		&io.smb2.out.out, tmp_ctx, &cc_rsp,
+		(ndr_pull_flags_fn_t)ndr_pull_srv_copychunk_rsp);
+
+	torture_assert_ndr_success_goto(torture, ndr_ret, ok, done,
+				   "ndr_pull_srv_copychunk_rsp\n");
+
+	ok = check_copy_chunk_rsp(torture, &cc_rsp,
+				  1,	/* chunks written */
+				  0,	/* chunk bytes unsuccessfully written */
+				  256); /* total bytes written */
+	torture_assert_goto(torture, ok == true, ok, done,
+			    "bad copy chunk response data\n");
+
+	ok = check_pattern(torture, tree, tmp_ctx, dest_h, 0, 256, 0);
+	if (!ok) {
+		torture_fail(torture, "inconsistent file data\n");
+	}
+
+done:
+	if (!smb2_util_handle_empty(src_h)) {
+		smb2_util_close(tree, src_h);
+	}
+	if (!smb2_util_handle_empty(dest_h)) {
+		smb2_util_close(tree, dest_h);
+	}
+
+	return ok;
+}
+
+/**
+ * Create a file
+ **/
+static bool torture_setup_file(TALLOC_CTX *mem_ctx,
+			       struct smb2_tree *tree,
+			       const char *name)
+{
+	struct smb2_create io;
+	NTSTATUS status;
+
+	smb2_util_unlink(tree, name);
+	ZERO_STRUCT(io);
+	io.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.in.file_attributes   = FILE_ATTRIBUTE_NORMAL;
+	io.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+	io.in.share_access =
+		NTCREATEX_SHARE_ACCESS_DELETE|
+		NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.in.create_options = 0;
+	io.in.fname = name;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+
+	status = smb2_util_close(tree, io.out.file.handle);
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_copy_chunk_streams(struct torture_context *torture,
+				    struct smb2_tree *tree)
+{
+	const char *src_name = "src";
+	const char *dst_name = "dst";
+	struct names {
+		const char *src_sname;
+		const char *dst_sname;
+	} names[] = {
+		{ "src:foo", "dst:foo" }
+	};
+	int i;
+	TALLOC_CTX *tmp_ctx = NULL;
+	bool ok = false;
+
+	tmp_ctx = talloc_new(tree);
+	torture_assert_not_null_goto(torture, tmp_ctx, ok, done,
+				     "torture_setup_file\n");
+
+	ok = torture_setup_file(torture, tree, src_name);
+	torture_assert_goto(torture, ok == true, ok, done, "torture_setup_file\n");
+	ok = torture_setup_file(torture, tree, dst_name);
+	torture_assert_goto(torture, ok == true, ok, done, "torture_setup_file\n");
+
+	for (i = 0; i < ARRAY_SIZE(names); i++) {
+		ok = copy_one_stream(torture, tree, tmp_ctx,
+				     names[i].src_sname,
+				     names[i].dst_sname);
+		torture_assert_goto(torture, ok == true, ok, done,
+				    "copy_one_stream failed\n");
+	}
+
+done:
+	smb2_util_unlink(tree, src_name);
+	smb2_util_unlink(tree, dst_name);
+	talloc_free(tmp_ctx);
+	return ok;
+}
+
+static bool test_copy_chunk_across_shares(struct torture_context *tctx,
+					  struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = NULL;
+	struct smb2_tree *tree2 = NULL;
+	struct smb2_handle src_h = {{0}};
+	struct smb2_handle dest_h = {{0}};
+	union smb_ioctl ioctl;
+	struct srv_copychunk_copy cc_copy;
+	struct srv_copychunk_rsp cc_rsp;
+	enum ndr_err_code ndr_ret;
+	NTSTATUS status;
+	bool ok = false;
+
+	mem_ctx = talloc_new(tctx);
+	torture_assert_not_null_goto(tctx, mem_ctx, ok, done,
+				     "talloc_new\n");
+
+	ok = torture_smb2_tree_connect(tctx, tree->session, tctx, &tree2);
+	torture_assert_goto(tctx, ok == true, ok, done,
+			    "torture_smb2_tree_connect failed\n");
+
+	ok = test_setup_copy_chunk(tctx, tree, tree2, mem_ctx,
+				   1, /* 1 chunk */
+				   FNAME,
+				   &src_h, 4096, /* fill 4096 byte src file */
+				   SEC_RIGHTS_FILE_ALL,
+				   FNAME2,
+				   &dest_h, 0,	/* 0 byte dest file */
+				   SEC_RIGHTS_FILE_ALL,
+				   &cc_copy,
+				   &ioctl);
+	torture_assert_goto(tctx, ok == true, ok, done,
+			    "test_setup_copy_chunk failed\n");
+
+	cc_copy.chunks[0].source_off = 0;
+	cc_copy.chunks[0].target_off = 0;
+	cc_copy.chunks[0].length = 4096;
+
+	ndr_ret = ndr_push_struct_blob(
+		&ioctl.smb2.in.out, mem_ctx, &cc_copy,
+		(ndr_push_flags_fn_t)ndr_push_srv_copychunk_copy);
+	torture_assert_ndr_success_goto(tctx, ndr_ret, ok, done,
+					"ndr_push_srv_copychunk_copy\n");
+
+	status = smb2_ioctl(tree2, mem_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok_goto(tctx, status, ok, done,
+					"FSCTL_SRV_COPYCHUNK\n");
+
+	ndr_ret = ndr_pull_struct_blob(
+		&ioctl.smb2.out.out, mem_ctx, &cc_rsp,
+		(ndr_pull_flags_fn_t)ndr_pull_srv_copychunk_rsp);
+
+	torture_assert_ndr_success_goto(tctx, ndr_ret, ok, done,
+				   "ndr_pull_srv_copychunk_rsp\n");
+
+	ok = check_copy_chunk_rsp(tctx, &cc_rsp,
+				  1,	/* chunks written */
+				  0,	/* chunk bytes unsuccessfully written */
+				  4096); /* total bytes written */
+	torture_assert_goto(tctx, ok == true, ok, done,
+			    "bad copy chunk response data\n");
+
+	ok = check_pattern(tctx, tree2, mem_ctx, dest_h, 0, 4096, 0);
+	torture_assert_goto(tctx, ok == true, ok, done,
+			    "inconsistent file data\n");
+
+done:
+	TALLOC_FREE(mem_ctx);
+	if (!smb2_util_handle_empty(src_h)) {
+		smb2_util_close(tree, src_h);
+	}
+	if (!smb2_util_handle_empty(dest_h)) {
+		smb2_util_close(tree2, dest_h);
+	}
+	smb2_util_unlink(tree, FNAME);
+	smb2_util_unlink(tree2, FNAME2);
+	if (tree2 != NULL) {
+		smb2_tdis(tree2);
+	}
+	return ok;
+}
+
+/* Test closing the src handle */
+static bool test_copy_chunk_across_shares2(struct torture_context *tctx,
+					   struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = NULL;
+	struct smb2_tree *tree2 = NULL;
+	struct smb2_handle src_h = {{0}};
+	struct smb2_handle dest_h = {{0}};
+	union smb_ioctl ioctl;
+	struct srv_copychunk_copy cc_copy;
+	enum ndr_err_code ndr_ret;
+	NTSTATUS status;
+	bool ok = false;
+
+	mem_ctx = talloc_new(tctx);
+	torture_assert_not_null_goto(tctx, mem_ctx, ok, done,
+				     "talloc_new\n");
+
+	ok = torture_smb2_tree_connect(tctx, tree->session, tctx, &tree2);
+	torture_assert_goto(tctx, ok == true, ok, done,
+			    "torture_smb2_tree_connect failed\n");
+
+	ok = test_setup_copy_chunk(tctx, tree, tree2, mem_ctx,
+				   1, /* 1 chunk */
+				   FNAME,
+				   &src_h, 4096, /* fill 4096 byte src file */
+				   SEC_RIGHTS_FILE_ALL,
+				   FNAME2,
+				   &dest_h, 0,	/* 0 byte dest file */
+				   SEC_RIGHTS_FILE_ALL,
+				   &cc_copy,
+				   &ioctl);
+	torture_assert_goto(tctx, ok == true, ok, done,
+			    "test_setup_copy_chunk failed\n");
+
+	status = smb2_util_close(tree, src_h);
+	torture_assert_ntstatus_ok_goto(tctx, status, ok, done,
+			    "smb2_util_close failed\n");
+	ZERO_STRUCT(src_h);
+
+	cc_copy.chunks[0].source_off = 0;
+	cc_copy.chunks[0].target_off = 0;
+	cc_copy.chunks[0].length = 4096;
+
+	ndr_ret = ndr_push_struct_blob(
+		&ioctl.smb2.in.out, mem_ctx, &cc_copy,
+		(ndr_push_flags_fn_t)ndr_push_srv_copychunk_copy);
+	torture_assert_ndr_success_goto(tctx, ndr_ret, ok, done,
+					"ndr_push_srv_copychunk_copy\n");
+
+	status = smb2_ioctl(tree2, mem_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+					   ok, done, "smb2_ioctl failed\n");
+
+done:
+	TALLOC_FREE(mem_ctx);
+	if (!smb2_util_handle_empty(src_h)) {
+		smb2_util_close(tree, src_h);
+	}
+	if (!smb2_util_handle_empty(dest_h)) {
+		smb2_util_close(tree2, dest_h);
+	}
+	smb2_util_unlink(tree, FNAME);
+	smb2_util_unlink(tree2, FNAME2);
+	if (tree2 != NULL) {
+		smb2_tdis(tree2);
+	}
+	return ok;
+}
+
+/* Test offset works */
+static bool test_copy_chunk_across_shares3(struct torture_context *tctx,
+					   struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = NULL;
+	struct smb2_tree *tree2 = NULL;
+	struct smb2_handle src_h = {{0}};
+	struct smb2_handle dest_h = {{0}};
+	union smb_ioctl ioctl;
+	struct srv_copychunk_copy cc_copy;
+	struct srv_copychunk_rsp cc_rsp;
+	enum ndr_err_code ndr_ret;
+	NTSTATUS status;
+	bool ok = false;
+
+	mem_ctx = talloc_new(tctx);
+	torture_assert_not_null_goto(tctx, mem_ctx, ok, done,
+				     "talloc_new\n");
+
+	ok = torture_smb2_tree_connect(tctx, tree->session, tctx, &tree2);
+	torture_assert_goto(tctx, ok == true, ok, done,
+			    "torture_smb2_tree_connect failed\n");
+
+	ok = test_setup_copy_chunk(tctx, tree, tree2, mem_ctx,
+				   2, /* 2 chunks */
+				   FNAME,
+				   &src_h, 4096, /* fill 4096 byte src file */
+				   SEC_RIGHTS_FILE_ALL,
+				   FNAME2,
+				   &dest_h, 0,	/* 0 byte dest file */
+				   SEC_RIGHTS_FILE_ALL,
+				   &cc_copy,
+				   &ioctl);
+	torture_assert_goto(tctx, ok == true, ok, done,
+			    "test_setup_copy_chunk failed\n");
+
+	cc_copy.chunks[0].source_off = 0;
+	cc_copy.chunks[0].target_off = 0;
+	cc_copy.chunks[0].length = 4096;
+
+	/* second chunk appends the same data to the first */
+	cc_copy.chunks[1].source_off = 0;
+	cc_copy.chunks[1].target_off = 4096;
+	cc_copy.chunks[1].length = 4096;
+
+	ndr_ret = ndr_push_struct_blob(
+		&ioctl.smb2.in.out, mem_ctx, &cc_copy,
+		(ndr_push_flags_fn_t)ndr_push_srv_copychunk_copy);
+	torture_assert_ndr_success_goto(tctx, ndr_ret, ok, done,
+					"ndr_push_srv_copychunk_copy\n");
+
+	status = smb2_ioctl(tree2, mem_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok_goto(tctx, status, ok, done, "smb2_ioctl failed\n");
+
+	ndr_ret = ndr_pull_struct_blob(
+		&ioctl.smb2.out.out, mem_ctx, &cc_rsp,
+		(ndr_pull_flags_fn_t)ndr_pull_srv_copychunk_rsp);
+
+	torture_assert_ndr_success_goto(tctx, ndr_ret, ok, done,
+				   "ndr_pull_srv_copychunk_rsp\n");
+
+	ok = check_copy_chunk_rsp(tctx, &cc_rsp,
+				  2,	/* chunks written */
+				  0,	/* chunk bytes unsuccessfully written */
+				  8192); /* total bytes written */
+	torture_assert_goto(tctx, ok == true, ok, done,
+			    "check_copy_chunk_rsp failed\n");
+
+	ok = check_pattern(tctx, tree2, mem_ctx, dest_h, 0, 4096, 0);
+	torture_assert_goto(tctx, ok == true, ok, done,
+			    "check_pattern failed\n");
+
+	ok = check_pattern(tctx, tree2, mem_ctx, dest_h, 4096, 4096, 0);
+	torture_assert_goto(tctx, ok == true, ok, done,
+			    "check_pattern failed\n");
+
+done:
+	TALLOC_FREE(mem_ctx);
+	if (!smb2_util_handle_empty(src_h)) {
+		smb2_util_close(tree, src_h);
+	}
+	if (!smb2_util_handle_empty(dest_h)) {
+		smb2_util_close(tree2, dest_h);
+	}
+	smb2_util_unlink(tree, FNAME);
+	smb2_util_unlink(tree2, FNAME2);
+	if (tree2 != NULL) {
+		smb2_tdis(tree2);
+	}
+	return ok;
+}
+
+static NTSTATUS test_ioctl_compress_fs_supported(struct torture_context *torture,
+						 struct smb2_tree *tree,
+						 TALLOC_CTX *mem_ctx,
+						 struct smb2_handle *fh,
+						 bool *compress_support)
+{
+	NTSTATUS status;
+	union smb_fsinfo info;
+
+	ZERO_STRUCT(info);
+	info.generic.level = RAW_QFS_ATTRIBUTE_INFORMATION;
+	info.generic.handle = *fh;
+	status = smb2_getinfo_fs(tree, tree, &info);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (info.attribute_info.out.fs_attr & FILE_FILE_COMPRESSION) {
+		*compress_support = true;
+	} else {
+		*compress_support = false;
+	}
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS test_ioctl_compress_get(struct torture_context *torture,
+					TALLOC_CTX *mem_ctx,
+					struct smb2_tree *tree,
+					struct smb2_handle fh,
+					uint16_t *_compression_fmt)
+{
+	union smb_ioctl ioctl;
+	struct compression_state cmpr_state;
+	enum ndr_err_code ndr_ret;
+	NTSTATUS status;
+
+	ZERO_STRUCT(ioctl);
+	ioctl.smb2.level = RAW_IOCTL_SMB2;
+	ioctl.smb2.in.file.handle = fh;
+	ioctl.smb2.in.function = FSCTL_GET_COMPRESSION;
+	ioctl.smb2.in.max_output_response = sizeof(struct compression_state);
+	ioctl.smb2.in.flags = SMB2_IOCTL_FLAG_IS_FSCTL;
+
+	status = smb2_ioctl(tree, mem_ctx, &ioctl.smb2);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	ndr_ret = ndr_pull_struct_blob(&ioctl.smb2.out.out, mem_ctx,
+				       &cmpr_state,
+			(ndr_pull_flags_fn_t)ndr_pull_compression_state);
+
+	if (ndr_ret != NDR_ERR_SUCCESS) {
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	*_compression_fmt = cmpr_state.format;
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS test_ioctl_compress_set(struct torture_context *torture,
+					TALLOC_CTX *mem_ctx,
+					struct smb2_tree *tree,
+					struct smb2_handle fh,
+					uint16_t compression_fmt)
+{
+	union smb_ioctl ioctl;
+	struct compression_state cmpr_state;
+	enum ndr_err_code ndr_ret;
+	NTSTATUS status;
+
+	ZERO_STRUCT(ioctl);
+	ioctl.smb2.level = RAW_IOCTL_SMB2;
+	ioctl.smb2.in.file.handle = fh;
+	ioctl.smb2.in.function = FSCTL_SET_COMPRESSION;
+	ioctl.smb2.in.max_output_response = 0;
+	ioctl.smb2.in.flags = SMB2_IOCTL_FLAG_IS_FSCTL;
+
+	cmpr_state.format = compression_fmt;
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, mem_ctx,
+				       &cmpr_state,
+			(ndr_push_flags_fn_t)ndr_push_compression_state);
+	if (ndr_ret != NDR_ERR_SUCCESS) {
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	status = smb2_ioctl(tree, mem_ctx, &ioctl.smb2);
+	return status;
+}
+
+static bool test_ioctl_compress_file_flag(struct torture_context *torture,
+					    struct smb2_tree *tree)
+{
+	struct smb2_handle fh;
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	bool ok;
+	uint16_t compression_fmt;
+
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME, &fh, 0, SEC_RIGHTS_FILE_ALL,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup compression file");
+
+	status = test_ioctl_compress_fs_supported(torture, tree, tmp_ctx, &fh,
+						  &ok);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		smb2_util_close(tree, fh);
+		torture_skip(torture, "FS compression not supported\n");
+	}
+
+	status = test_ioctl_compress_get(torture, tmp_ctx, tree, fh,
+					 &compression_fmt);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_GET_COMPRESSION");
+
+	torture_assert(torture, (compression_fmt == COMPRESSION_FORMAT_NONE),
+		       "initial compression state not NONE");
+
+	status = test_ioctl_compress_set(torture, tmp_ctx, tree, fh,
+					 COMPRESSION_FORMAT_DEFAULT);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SET_COMPRESSION");
+
+	status = test_ioctl_compress_get(torture, tmp_ctx, tree, fh,
+					 &compression_fmt);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_GET_COMPRESSION");
+
+	torture_assert(torture, (compression_fmt == COMPRESSION_FORMAT_LZNT1),
+		       "invalid compression state after set");
+
+	smb2_util_close(tree, fh);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_compress_dir_inherit(struct torture_context *torture,
+					    struct smb2_tree *tree)
+{
+	struct smb2_handle dirh;
+	struct smb2_handle fh;
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	uint16_t compression_fmt;
+	bool ok;
+	char path_buf[PATH_MAX];
+
+	smb2_deltree(tree, DNAME);
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    DNAME, &dirh, 0, SEC_RIGHTS_FILE_ALL,
+				    FILE_ATTRIBUTE_DIRECTORY);
+	torture_assert(torture, ok, "setup compression directory");
+
+	status = test_ioctl_compress_fs_supported(torture, tree, tmp_ctx, &dirh,
+						  &ok);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		smb2_util_close(tree, dirh);
+		smb2_deltree(tree, DNAME);
+		torture_skip(torture, "FS compression not supported\n");
+	}
+
+	/* set compression on parent dir, then check for inheritance */
+	status = test_ioctl_compress_set(torture, tmp_ctx, tree, dirh,
+					 COMPRESSION_FORMAT_LZNT1);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SET_COMPRESSION");
+
+	status = test_ioctl_compress_get(torture, tmp_ctx, tree, dirh,
+					 &compression_fmt);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_GET_COMPRESSION");
+
+	torture_assert(torture, (compression_fmt == COMPRESSION_FORMAT_LZNT1),
+		       "invalid compression state after set");
+
+	snprintf(path_buf, PATH_MAX, "%s\\%s", DNAME, FNAME);
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    path_buf, &fh, 4096, SEC_RIGHTS_FILE_ALL,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup compression file");
+
+	status = test_ioctl_compress_get(torture, tmp_ctx, tree, fh,
+					 &compression_fmt);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_GET_COMPRESSION");
+
+	torture_assert(torture, (compression_fmt == COMPRESSION_FORMAT_LZNT1),
+		       "compression attr not inherited by new file");
+
+	/* check compressed data is consistent */
+	ok = check_pattern(torture, tree, tmp_ctx, fh, 0, 4096, 0);
+
+	/* disable dir compression attr, file should remain compressed */
+	status = test_ioctl_compress_set(torture, tmp_ctx, tree, dirh,
+					 COMPRESSION_FORMAT_NONE);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SET_COMPRESSION");
+
+	status = test_ioctl_compress_get(torture, tmp_ctx, tree, fh,
+					 &compression_fmt);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_GET_COMPRESSION");
+
+	torture_assert(torture, (compression_fmt == COMPRESSION_FORMAT_LZNT1),
+		       "file compression attr removed after dir change");
+	smb2_util_close(tree, fh);
+
+	/* new files should no longer inherit compression attr */
+	snprintf(path_buf, PATH_MAX, "%s\\%s", DNAME, FNAME2);
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    path_buf, &fh, 0, SEC_RIGHTS_FILE_ALL,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup file");
+
+	status = test_ioctl_compress_get(torture, tmp_ctx, tree, fh,
+					 &compression_fmt);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_GET_COMPRESSION");
+
+	torture_assert(torture, (compression_fmt == COMPRESSION_FORMAT_NONE),
+		       "compression attr present on new file");
+
+	smb2_util_close(tree, fh);
+	smb2_util_close(tree, dirh);
+	smb2_deltree(tree, DNAME);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_compress_invalid_format(struct torture_context *torture,
+					       struct smb2_tree *tree)
+{
+	struct smb2_handle fh;
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	bool ok;
+	uint16_t compression_fmt;
+
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME, &fh, 0, SEC_RIGHTS_FILE_ALL,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup compression file");
+
+	status = test_ioctl_compress_fs_supported(torture, tree, tmp_ctx, &fh,
+						  &ok);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		smb2_util_close(tree, fh);
+		torture_skip(torture, "FS compression not supported\n");
+	}
+
+	status = test_ioctl_compress_set(torture, tmp_ctx, tree, fh,
+					 0x0042); /* bogus */
+	torture_assert_ntstatus_equal(torture, status,
+				      NT_STATUS_INVALID_PARAMETER,
+				      "invalid FSCTL_SET_COMPRESSION");
+
+	status = test_ioctl_compress_get(torture, tmp_ctx, tree, fh,
+					 &compression_fmt);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_GET_COMPRESSION");
+
+	torture_assert(torture, (compression_fmt == COMPRESSION_FORMAT_NONE),
+		       "initial compression state not NONE");
+
+	smb2_util_close(tree, fh);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_compress_invalid_buf(struct torture_context *torture,
+					    struct smb2_tree *tree)
+{
+	struct smb2_handle fh;
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	bool ok;
+	union smb_ioctl ioctl;
+
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME, &fh, 0, SEC_RIGHTS_FILE_ALL,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup compression file");
+
+	status = test_ioctl_compress_fs_supported(torture, tree, tmp_ctx, &fh,
+						  &ok);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		smb2_util_close(tree, fh);
+		torture_skip(torture, "FS compression not supported\n");
+	}
+
+	ZERO_STRUCT(ioctl);
+	ioctl.smb2.level = RAW_IOCTL_SMB2;
+	ioctl.smb2.in.file.handle = fh;
+	ioctl.smb2.in.function = FSCTL_GET_COMPRESSION;
+	ioctl.smb2.in.max_output_response = 0;	/* no room for rsp data */
+	ioctl.smb2.in.flags = SMB2_IOCTL_FLAG_IS_FSCTL;
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_USER_BUFFER)
+	 && !NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
+		/* neither Server 2k12 nor 2k8r2 response status */
+		torture_assert(torture, true,
+			       "invalid FSCTL_SET_COMPRESSION");
+	}
+
+	smb2_util_close(tree, fh);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_compress_query_file_attr(struct torture_context *torture,
+						struct smb2_tree *tree)
+{
+	struct smb2_handle fh;
+	union smb_fileinfo io;
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	bool ok;
+
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME, &fh, 0, SEC_RIGHTS_FILE_ALL,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup compression file");
+
+	status = test_ioctl_compress_fs_supported(torture, tree, tmp_ctx, &fh,
+						  &ok);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		smb2_util_close(tree, fh);
+		torture_skip(torture, "FS compression not supported\n");
+	}
+
+	ZERO_STRUCT(io);
+	io.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+	io.generic.in.file.handle = fh;
+	status = smb2_getinfo_file(tree, tmp_ctx, &io);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FILE");
+
+	torture_assert(torture,
+		((io.all_info2.out.attrib & FILE_ATTRIBUTE_COMPRESSED) == 0),
+		       "compression attr before set");
+
+	status = test_ioctl_compress_set(torture, tmp_ctx, tree, fh,
+					 COMPRESSION_FORMAT_DEFAULT);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SET_COMPRESSION");
+
+	ZERO_STRUCT(io);
+	io.generic.level = RAW_FILEINFO_BASIC_INFORMATION;
+	io.generic.in.file.handle = fh;
+	status = smb2_getinfo_file(tree, tmp_ctx, &io);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FILE");
+
+	torture_assert(torture,
+		       (io.basic_info.out.attrib & FILE_ATTRIBUTE_COMPRESSED),
+		       "no compression attr after set");
+
+	smb2_util_close(tree, fh);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+/*
+ * Specify FILE_ATTRIBUTE_COMPRESSED on creation, Windows does not retain this
+ * attribute.
+ */
+static bool test_ioctl_compress_create_with_attr(struct torture_context *torture,
+						 struct smb2_tree *tree)
+{
+	struct smb2_handle fh2;
+	union smb_fileinfo io;
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	uint16_t compression_fmt;
+	bool ok;
+
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME2, &fh2, 0, SEC_RIGHTS_FILE_ALL,
+			(FILE_ATTRIBUTE_NORMAL | FILE_ATTRIBUTE_COMPRESSED));
+	torture_assert(torture, ok, "setup compression file");
+
+	status = test_ioctl_compress_fs_supported(torture, tree, tmp_ctx, &fh2,
+						  &ok);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		smb2_util_close(tree, fh2);
+		torture_skip(torture, "FS compression not supported\n");
+	}
+
+	status = test_ioctl_compress_get(torture, tmp_ctx, tree, fh2,
+					 &compression_fmt);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_GET_COMPRESSION");
+
+	torture_assert(torture, (compression_fmt == COMPRESSION_FORMAT_NONE),
+		       "initial compression state not NONE");
+
+	ZERO_STRUCT(io);
+	io.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+	io.generic.in.file.handle = fh2;
+	status = smb2_getinfo_file(tree, tmp_ctx, &io);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FILE");
+
+	torture_assert(torture,
+		((io.all_info2.out.attrib & FILE_ATTRIBUTE_COMPRESSED) == 0),
+		       "incorrect compression attr");
+
+	smb2_util_close(tree, fh2);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_compress_inherit_disable(struct torture_context *torture,
+						struct smb2_tree *tree)
+{
+	struct smb2_handle fh;
+	struct smb2_handle dirh;
+	char path_buf[PATH_MAX];
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	bool ok;
+	uint16_t compression_fmt;
+
+	struct smb2_create io;
+
+	smb2_deltree(tree, DNAME);
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    DNAME, &dirh, 0, SEC_RIGHTS_FILE_ALL,
+				    FILE_ATTRIBUTE_DIRECTORY);
+	torture_assert(torture, ok, "setup compression directory");
+
+	status = test_ioctl_compress_fs_supported(torture, tree, tmp_ctx, &dirh,
+						  &ok);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		smb2_util_close(tree, dirh);
+		smb2_deltree(tree, DNAME);
+		torture_skip(torture, "FS compression not supported\n");
+	}
+
+	/* set compression on parent dir, then check for inheritance */
+	status = test_ioctl_compress_set(torture, tmp_ctx, tree, dirh,
+					 COMPRESSION_FORMAT_LZNT1);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SET_COMPRESSION");
+
+	status = test_ioctl_compress_get(torture, tmp_ctx, tree, dirh,
+					 &compression_fmt);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_GET_COMPRESSION");
+
+	torture_assert(torture, (compression_fmt == COMPRESSION_FORMAT_LZNT1),
+		       "invalid compression state after set");
+	smb2_util_close(tree, dirh);
+
+	snprintf(path_buf, PATH_MAX, "%s\\%s", DNAME, FNAME);
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    path_buf, &fh, 0, SEC_RIGHTS_FILE_ALL,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup compression file");
+
+	status = test_ioctl_compress_get(torture, tmp_ctx, tree, fh,
+					 &compression_fmt);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_GET_COMPRESSION");
+
+	torture_assert(torture, (compression_fmt == COMPRESSION_FORMAT_LZNT1),
+		       "compression attr not inherited by new file");
+	smb2_util_close(tree, fh);
+
+	snprintf(path_buf, PATH_MAX, "%s\\%s", DNAME, FNAME2);
+
+	/* NO_COMPRESSION option should block inheritance */
+	ZERO_STRUCT(io);
+	io.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.in.create_options = NTCREATEX_OPTIONS_NO_COMPRESSION;
+	io.in.share_access =
+		NTCREATEX_SHARE_ACCESS_DELETE|
+		NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.in.fname = path_buf;
+
+	status = smb2_create(tree, tmp_ctx, &io);
+	torture_assert_ntstatus_ok(torture, status, "file create");
+
+	fh = io.out.file.handle;
+
+	status = test_ioctl_compress_get(torture, tmp_ctx, tree, fh,
+					 &compression_fmt);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_GET_COMPRESSION");
+
+	torture_assert(torture, (compression_fmt == COMPRESSION_FORMAT_NONE),
+		       "compression attr inherited by NO_COMPRESSION file");
+	smb2_util_close(tree, fh);
+
+
+	snprintf(path_buf, PATH_MAX, "%s\\%s", DNAME, DNAME);
+	ZERO_STRUCT(io);
+	io.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
+	io.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.in.create_options = (NTCREATEX_OPTIONS_NO_COMPRESSION
+				| NTCREATEX_OPTIONS_DIRECTORY);
+	io.in.share_access =
+		NTCREATEX_SHARE_ACCESS_DELETE|
+		NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.in.fname = path_buf;
+
+	status = smb2_create(tree, tmp_ctx, &io);
+	torture_assert_ntstatus_ok(torture, status, "dir create");
+
+	dirh = io.out.file.handle;
+
+	status = test_ioctl_compress_get(torture, tmp_ctx, tree, dirh,
+					 &compression_fmt);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_GET_COMPRESSION");
+
+	torture_assert(torture, (compression_fmt == COMPRESSION_FORMAT_NONE),
+		       "compression attr inherited by NO_COMPRESSION dir");
+	smb2_util_close(tree, dirh);
+	smb2_deltree(tree, DNAME);
+
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+/* attempting to set compression via SetInfo should not stick */
+static bool test_ioctl_compress_set_file_attr(struct torture_context *torture,
+					      struct smb2_tree *tree)
+{
+	struct smb2_handle fh;
+	struct smb2_handle dirh;
+	union smb_fileinfo io;
+	union smb_setfileinfo set_io;
+	uint16_t compression_fmt;
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	bool ok;
+
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME, &fh, 0, SEC_RIGHTS_FILE_ALL,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup compression file");
+
+	status = test_ioctl_compress_fs_supported(torture, tree, tmp_ctx, &fh,
+						  &ok);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		smb2_util_close(tree, fh);
+		torture_skip(torture, "FS compression not supported\n");
+	}
+
+	ZERO_STRUCT(io);
+	io.generic.level = RAW_FILEINFO_BASIC_INFORMATION;
+	io.generic.in.file.handle = fh;
+	status = smb2_getinfo_file(tree, tmp_ctx, &io);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FILE");
+
+	torture_assert(torture,
+		((io.basic_info.out.attrib & FILE_ATTRIBUTE_COMPRESSED) == 0),
+		       "compression attr before set");
+
+	ZERO_STRUCT(set_io);
+	set_io.generic.level = RAW_SFILEINFO_BASIC_INFORMATION;
+	set_io.basic_info.in.file.handle = fh;
+	set_io.basic_info.in.create_time = io.basic_info.out.create_time;
+	set_io.basic_info.in.access_time = io.basic_info.out.access_time;
+	set_io.basic_info.in.write_time = io.basic_info.out.write_time;
+	set_io.basic_info.in.change_time = io.basic_info.out.change_time;
+	set_io.basic_info.in.attrib = (io.basic_info.out.attrib
+						| FILE_ATTRIBUTE_COMPRESSED);
+	status = smb2_setinfo_file(tree, &set_io);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_SETINFO_FILE");
+
+	ZERO_STRUCT(io);
+	io.generic.level = RAW_FILEINFO_BASIC_INFORMATION;
+	io.generic.in.file.handle = fh;
+	status = smb2_getinfo_file(tree, tmp_ctx, &io);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FILE");
+
+	torture_assert(torture,
+		((io.basic_info.out.attrib & FILE_ATTRIBUTE_COMPRESSED) == 0),
+		"compression attr after set");
+
+	smb2_util_close(tree, fh);
+	smb2_deltree(tree, DNAME);
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    DNAME, &dirh, 0, SEC_RIGHTS_FILE_ALL,
+				    FILE_ATTRIBUTE_DIRECTORY);
+	torture_assert(torture, ok, "setup compression directory");
+
+	ZERO_STRUCT(io);
+	io.generic.level = RAW_FILEINFO_BASIC_INFORMATION;
+	io.generic.in.file.handle = dirh;
+	status = smb2_getinfo_file(tree, tmp_ctx, &io);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FILE");
+
+	torture_assert(torture,
+		((io.basic_info.out.attrib & FILE_ATTRIBUTE_COMPRESSED) == 0),
+		       "compression attr before set");
+
+	ZERO_STRUCT(set_io);
+	set_io.generic.level = RAW_SFILEINFO_BASIC_INFORMATION;
+	set_io.basic_info.in.file.handle = dirh;
+	set_io.basic_info.in.create_time = io.basic_info.out.create_time;
+	set_io.basic_info.in.access_time = io.basic_info.out.access_time;
+	set_io.basic_info.in.write_time = io.basic_info.out.write_time;
+	set_io.basic_info.in.change_time = io.basic_info.out.change_time;
+	set_io.basic_info.in.attrib = (io.basic_info.out.attrib
+						| FILE_ATTRIBUTE_COMPRESSED);
+	status = smb2_setinfo_file(tree, &set_io);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_SETINFO_FILE");
+
+	status = test_ioctl_compress_get(torture, tmp_ctx, tree, dirh,
+					 &compression_fmt);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_GET_COMPRESSION");
+
+	torture_assert(torture, (compression_fmt == COMPRESSION_FORMAT_NONE),
+		       "dir compression set after SetInfo");
+
+	smb2_util_close(tree, dirh);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_compress_perms(struct torture_context *torture,
+				      struct smb2_tree *tree)
+{
+	struct smb2_handle fh;
+	uint16_t compression_fmt;
+	union smb_fileinfo io;
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	bool ok;
+
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME, &fh, 0, SEC_RIGHTS_FILE_ALL,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup compression file");
+
+	status = test_ioctl_compress_fs_supported(torture, tree, tmp_ctx, &fh,
+						  &ok);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FS");
+	smb2_util_close(tree, fh);
+	if (!ok) {
+		torture_skip(torture, "FS compression not supported\n");
+	}
+
+	/* attempt get compression without READ_ATTR permission */
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME, &fh, 0,
+			(SEC_RIGHTS_FILE_READ & ~(SEC_FILE_READ_ATTRIBUTE
+							| SEC_STD_READ_CONTROL
+							| SEC_FILE_READ_EA)),
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup compression file");
+
+	status = test_ioctl_compress_get(torture, tmp_ctx, tree, fh,
+					 &compression_fmt);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_GET_COMPRESSION");
+	torture_assert(torture, (compression_fmt == COMPRESSION_FORMAT_NONE),
+		       "compression set after create");
+	smb2_util_close(tree, fh);
+
+	/* set compression without WRITE_ATTR permission should succeed */
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME, &fh, 0,
+			(SEC_RIGHTS_FILE_WRITE & ~(SEC_FILE_WRITE_ATTRIBUTE
+							| SEC_STD_WRITE_DAC
+							| SEC_FILE_WRITE_EA)),
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup compression file");
+
+	status = test_ioctl_compress_set(torture, tmp_ctx, tree, fh,
+					 COMPRESSION_FORMAT_DEFAULT);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SET_COMPRESSION");
+	smb2_util_close(tree, fh);
+
+	ok = test_setup_open(torture, tree, tmp_ctx,
+				    FNAME, &fh, SEC_RIGHTS_FILE_ALL,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup compression file");
+	ZERO_STRUCT(io);
+	io.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+	io.generic.in.file.handle = fh;
+	status = smb2_getinfo_file(tree, tmp_ctx, &io);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FILE");
+
+	torture_assert(torture,
+		       (io.all_info2.out.attrib & FILE_ATTRIBUTE_COMPRESSED),
+		       "incorrect compression attr");
+	smb2_util_close(tree, fh);
+
+	/* attempt get compression without READ_DATA permission */
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME, &fh, 0,
+			(SEC_RIGHTS_FILE_READ & ~SEC_FILE_READ_DATA),
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup compression file");
+
+	status = test_ioctl_compress_get(torture, tmp_ctx, tree, fh,
+					 &compression_fmt);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_GET_COMPRESSION");
+	torture_assert(torture, (compression_fmt == COMPRESSION_FORMAT_NONE),
+		       "compression enabled after set");
+	smb2_util_close(tree, fh);
+
+	/* attempt get compression with only SYNCHRONIZE permission */
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME, &fh, 0,
+				    SEC_STD_SYNCHRONIZE,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup compression file");
+
+	status = test_ioctl_compress_get(torture, tmp_ctx, tree, fh,
+					 &compression_fmt);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_GET_COMPRESSION");
+	torture_assert(torture, (compression_fmt == COMPRESSION_FORMAT_NONE),
+		       "compression not enabled after set");
+	smb2_util_close(tree, fh);
+
+	/* attempt to set compression without WRITE_DATA permission */
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME, &fh, 0,
+			(SEC_RIGHTS_FILE_WRITE & (~SEC_FILE_WRITE_DATA)),
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup compression file");
+
+	status = test_ioctl_compress_set(torture, tmp_ctx, tree, fh,
+					 COMPRESSION_FORMAT_DEFAULT);
+	torture_assert_ntstatus_equal(torture, status,
+				      NT_STATUS_ACCESS_DENIED,
+				      "FSCTL_SET_COMPRESSION permission");
+	smb2_util_close(tree, fh);
+
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME, &fh, 0,
+			(SEC_RIGHTS_FILE_WRITE & (~SEC_FILE_WRITE_DATA)),
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup compression file");
+
+	status = test_ioctl_compress_set(torture, tmp_ctx, tree, fh,
+					 COMPRESSION_FORMAT_NONE);
+	torture_assert_ntstatus_equal(torture, status,
+				      NT_STATUS_ACCESS_DENIED,
+				      "FSCTL_SET_COMPRESSION permission");
+	smb2_util_close(tree, fh);
+
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_compress_notsup_get(struct torture_context *torture,
+					   struct smb2_tree *tree)
+{
+	struct smb2_handle fh;
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	bool ok;
+	uint16_t compression_fmt;
+
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME, &fh, 0, SEC_RIGHTS_FILE_ALL,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup compression file");
+
+	/* skip if the server DOES support compression */
+	status = test_ioctl_compress_fs_supported(torture, tree, tmp_ctx, &fh,
+						  &ok);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FS");
+	if (ok) {
+		smb2_util_close(tree, fh);
+		torture_skip(torture, "FS compression supported\n");
+	}
+
+	/*
+	 * Despite not supporting compression, we should get a successful
+	 * response indicating that the file is uncompressed - like WS2016.
+	 */
+	status = test_ioctl_compress_get(torture, tmp_ctx, tree, fh,
+					 &compression_fmt);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_GET_COMPRESSION");
+
+	torture_assert(torture, (compression_fmt == COMPRESSION_FORMAT_NONE),
+		       "initial compression state not NONE");
+
+	smb2_util_close(tree, fh);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_compress_notsup_set(struct torture_context *torture,
+					   struct smb2_tree *tree)
+{
+	struct smb2_handle fh;
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	bool ok;
+
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME, &fh, 0, SEC_RIGHTS_FILE_ALL,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup compression file");
+
+	/* skip if the server DOES support compression */
+	status = test_ioctl_compress_fs_supported(torture, tree, tmp_ctx, &fh,
+						  &ok);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FS");
+	if (ok) {
+		smb2_util_close(tree, fh);
+		torture_skip(torture, "FS compression supported\n");
+	}
+
+	status = test_ioctl_compress_set(torture, tmp_ctx, tree, fh,
+					 COMPRESSION_FORMAT_DEFAULT);
+	torture_assert_ntstatus_equal(torture, status,
+				      NT_STATUS_NOT_SUPPORTED,
+				      "FSCTL_SET_COMPRESSION default");
+
+	/*
+	 * Despite not supporting compression, we should get a successful
+	 * response for set(COMPRESSION_FORMAT_NONE) - like WS2016 ReFS.
+	 */
+	status = test_ioctl_compress_set(torture, tmp_ctx, tree, fh,
+					 COMPRESSION_FORMAT_NONE);
+	torture_assert_ntstatus_ok(torture, status,
+				   "FSCTL_SET_COMPRESSION none");
+
+	smb2_util_close(tree, fh);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+/*
+   basic testing of the SMB2 FSCTL_QUERY_NETWORK_INTERFACE_INFO ioctl
+*/
+static bool test_ioctl_network_interface_info(struct torture_context *torture,
+				      struct smb2_tree *tree)
+{
+	union smb_ioctl ioctl;
+	struct smb2_handle fh;
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct fsctl_net_iface_info net_iface;
+	enum ndr_err_code ndr_ret;
+	uint32_t caps;
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_MULTI_CHANNEL)) {
+		torture_skip(torture, "server doesn't support SMB2_CAP_MULTI_CHANNEL\n");
+	}
+
+	ZERO_STRUCT(ioctl);
+	ioctl.smb2.level = RAW_IOCTL_SMB2;
+	fh.data[0] = UINT64_MAX;
+	fh.data[1] = UINT64_MAX;
+	ioctl.smb2.in.file.handle = fh;
+	ioctl.smb2.in.function = FSCTL_QUERY_NETWORK_INTERFACE_INFO;
+	ioctl.smb2.in.max_output_response = 0x10000; /* Windows client sets this to 64KiB */
+	ioctl.smb2.in.flags = SMB2_IOCTL_FLAG_IS_FSCTL;
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_QUERY_NETWORK_INTERFACE_INFO");
+
+	ndr_ret = ndr_pull_struct_blob(&ioctl.smb2.out.out, tmp_ctx, &net_iface,
+			(ndr_pull_flags_fn_t)ndr_pull_fsctl_net_iface_info);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_pull_fsctl_net_iface_info");
+
+	NDR_PRINT_DEBUG(fsctl_net_iface_info, &net_iface);
+
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+/*
+ * Check whether all @fs_support_flags are set in the server's
+ * RAW_QFS_ATTRIBUTE_INFORMATION FileSystemAttributes response.
+ */
+static NTSTATUS test_ioctl_fs_supported(struct torture_context *torture,
+					struct smb2_tree *tree,
+					TALLOC_CTX *mem_ctx,
+					struct smb2_handle *fh,
+					uint64_t fs_support_flags,
+					bool *supported)
+{
+	NTSTATUS status;
+	union smb_fsinfo info;
+
+	ZERO_STRUCT(info);
+	info.generic.level = RAW_QFS_ATTRIBUTE_INFORMATION;
+	info.generic.handle = *fh;
+	status = smb2_getinfo_fs(tree, tree, &info);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if ((info.attribute_info.out.fs_attr & fs_support_flags)
+							== fs_support_flags) {
+		*supported = true;
+	} else {
+		*supported = false;
+	}
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS test_ioctl_sparse_req(struct torture_context *torture,
+				      TALLOC_CTX *mem_ctx,
+				      struct smb2_tree *tree,
+				      struct smb2_handle fh,
+				      bool set)
+{
+	union smb_ioctl ioctl;
+	NTSTATUS status;
+	uint8_t set_sparse;
+
+	ZERO_STRUCT(ioctl);
+	ioctl.smb2.level = RAW_IOCTL_SMB2;
+	ioctl.smb2.in.file.handle = fh;
+	ioctl.smb2.in.function = FSCTL_SET_SPARSE;
+	ioctl.smb2.in.max_output_response = 0;
+	ioctl.smb2.in.flags = SMB2_IOCTL_FLAG_IS_FSCTL;
+	set_sparse = (set ? 0xFF : 0x0);
+	ioctl.smb2.in.out.data = &set_sparse;
+	ioctl.smb2.in.out.length = sizeof(set_sparse);
+
+	status = smb2_ioctl(tree, mem_ctx, &ioctl.smb2);
+	return status;
+}
+
+static NTSTATUS test_sparse_get(struct torture_context *torture,
+				TALLOC_CTX *mem_ctx,
+				struct smb2_tree *tree,
+				struct smb2_handle fh,
+				bool *_is_sparse)
+{
+	union smb_fileinfo io;
+	NTSTATUS status;
+
+	ZERO_STRUCT(io);
+	io.generic.level = RAW_FILEINFO_BASIC_INFORMATION;
+	io.generic.in.file.handle = fh;
+	status = smb2_getinfo_file(tree, mem_ctx, &io);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+	*_is_sparse = !!(io.basic_info.out.attrib & FILE_ATTRIBUTE_SPARSE);
+
+	return status;
+}
+
+/*
+ * Manually test setting and clearing sparse flag. Intended for file system
+ * specific tests to toggle the flag through SMB and check the status in the
+ * file system.
+ */
+bool test_ioctl_set_sparse(struct torture_context *tctx)
+{
+	bool set, ret = true;
+	const char *filename = NULL;
+	struct smb2_create create = { };
+	struct smb2_tree *tree = NULL;
+	NTSTATUS status;
+
+	set = torture_setting_bool(tctx, "set_sparse", true);
+	filename = torture_setting_string(tctx, "filename", NULL);
+
+	if (filename == NULL) {
+		torture_fail(tctx, "Need to provide filename through "
+			     "--option=torture:filename=testfile\n");
+		return false;
+	}
+
+	if (!torture_smb2_connection(tctx, &tree)) {
+		torture_comment(tctx, "Initializing smb2 connection failed.\n");
+		return false;
+	}
+
+	create.in.desired_access = SEC_RIGHTS_DIR_ALL;
+	create.in.create_options = 0;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE |
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	create.in.fname = filename;
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"CREATE failed.\n");
+
+	status = test_ioctl_sparse_req(tctx, tctx, tree,
+				       create.out.file.handle, set);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"FSCTL_SET_SPARSE failed.\n");
+done:
+
+	return ret;
+}
+
+static bool test_ioctl_sparse_file_flag(struct torture_context *torture,
+					struct smb2_tree *tree)
+{
+	struct smb2_handle fh;
+	union smb_fileinfo io;
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	bool ok;
+	bool is_sparse;
+
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME, &fh, 0, SEC_RIGHTS_FILE_ALL,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup file");
+
+	status = test_ioctl_fs_supported(torture, tree, tmp_ctx, &fh,
+					 FILE_SUPPORTS_SPARSE_FILES, &ok);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		smb2_util_close(tree, fh);
+		torture_skip(torture, "Sparse files not supported\n");
+	}
+
+	ZERO_STRUCT(io);
+	io.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+	io.generic.in.file.handle = fh;
+	status = smb2_getinfo_file(tree, tmp_ctx, &io);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FILE");
+
+	torture_assert(torture,
+		((io.all_info2.out.attrib & FILE_ATTRIBUTE_SPARSE) == 0),
+		       "sparse attr before set");
+
+	status = test_ioctl_sparse_req(torture, tmp_ctx, tree, fh, true);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SET_SPARSE");
+
+	status = test_sparse_get(torture, tmp_ctx, tree, fh, &is_sparse);
+	torture_assert_ntstatus_ok(torture, status, "test_sparse_get");
+	torture_assert(torture, is_sparse, "no sparse attr after set");
+
+	status = test_ioctl_sparse_req(torture, tmp_ctx, tree, fh, false);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SET_SPARSE");
+
+	status = test_sparse_get(torture, tmp_ctx, tree, fh, &is_sparse);
+	torture_assert_ntstatus_ok(torture, status, "test_sparse_get");
+	torture_assert(torture, !is_sparse, "sparse attr after unset");
+
+	smb2_util_close(tree, fh);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_sparse_file_attr(struct torture_context *torture,
+					struct smb2_tree *tree)
+{
+	struct smb2_handle fh;
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	bool ok;
+	bool is_sparse;
+
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME, &fh, 0, SEC_RIGHTS_FILE_ALL,
+			(FILE_ATTRIBUTE_NORMAL | FILE_ATTRIBUTE_SPARSE));
+	torture_assert(torture, ok, "setup file");
+
+	status = test_ioctl_fs_supported(torture, tree, tmp_ctx, &fh,
+					 FILE_SUPPORTS_SPARSE_FILES, &ok);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		smb2_util_close(tree, fh);
+		torture_skip(torture, "Sparse files not supported\n");
+	}
+
+	status = test_sparse_get(torture, tmp_ctx, tree, fh, &is_sparse);
+	torture_assert_ntstatus_ok(torture, status, "test_sparse_get");
+	torture_assert(torture, !is_sparse, "sparse attr on open");
+
+	smb2_util_close(tree, fh);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_sparse_dir_flag(struct torture_context *torture,
+					struct smb2_tree *tree)
+{
+	struct smb2_handle dirh;
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	bool ok;
+
+	smb2_deltree(tree, DNAME);
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    DNAME, &dirh, 0, SEC_RIGHTS_FILE_ALL,
+				    FILE_ATTRIBUTE_DIRECTORY);
+	torture_assert(torture, ok, "setup sparse directory");
+
+	status = test_ioctl_fs_supported(torture, tree, tmp_ctx, &dirh,
+					 FILE_SUPPORTS_SPARSE_FILES, &ok);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		smb2_util_close(tree, dirh);
+		smb2_deltree(tree, DNAME);
+		torture_skip(torture, "Sparse files not supported\n");
+	}
+
+	/* set sparse dir should fail, check for 2k12 & 2k8 response */
+	status = test_ioctl_sparse_req(torture, tmp_ctx, tree, dirh, true);
+	torture_assert_ntstatus_equal(torture, status,
+				      NT_STATUS_INVALID_PARAMETER,
+				      "dir FSCTL_SET_SPARSE status");
+
+	smb2_util_close(tree, dirh);
+	smb2_deltree(tree, DNAME);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+/*
+ * FSCTL_SET_SPARSE can be sent with (already tested) or without a SetSparse
+ * buffer to indicate whether the flag should be set or cleared. When sent
+ * without a buffer, it must be handled as if SetSparse=TRUE.
+ */
+static bool test_ioctl_sparse_set_nobuf(struct torture_context *torture,
+					struct smb2_tree *tree)
+{
+	struct smb2_handle fh;
+	union smb_ioctl ioctl;
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	bool ok;
+	bool is_sparse;
+
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME, &fh, 0, SEC_RIGHTS_FILE_ALL,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup file");
+
+	status = test_ioctl_fs_supported(torture, tree, tmp_ctx, &fh,
+					 FILE_SUPPORTS_SPARSE_FILES, &ok);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		smb2_util_close(tree, fh);
+		torture_skip(torture, "Sparse files not supported\n");
+	}
+
+	status = test_sparse_get(torture, tmp_ctx, tree, fh, &is_sparse);
+	torture_assert_ntstatus_ok(torture, status, "test_sparse_get");
+	torture_assert(torture, !is_sparse, "sparse attr before set");
+
+	ZERO_STRUCT(ioctl);
+	ioctl.smb2.level = RAW_IOCTL_SMB2;
+	ioctl.smb2.in.file.handle = fh;
+	ioctl.smb2.in.function = FSCTL_SET_SPARSE;
+	ioctl.smb2.in.max_output_response = 0;
+	ioctl.smb2.in.flags = SMB2_IOCTL_FLAG_IS_FSCTL;
+	/* ioctl.smb2.in.out is zeroed, no SetSparse buffer */
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SET_SPARSE");
+
+	status = test_sparse_get(torture, tmp_ctx, tree, fh, &is_sparse);
+	torture_assert_ntstatus_ok(torture, status, "test_sparse_get");
+	torture_assert(torture, is_sparse, "no sparse attr after set");
+
+	/* second non-SetSparse request shouldn't toggle sparse */
+	ZERO_STRUCT(ioctl);
+	ioctl.smb2.level = RAW_IOCTL_SMB2;
+	ioctl.smb2.in.file.handle = fh;
+	ioctl.smb2.in.function = FSCTL_SET_SPARSE;
+	ioctl.smb2.in.max_output_response = 0;
+	ioctl.smb2.in.flags = SMB2_IOCTL_FLAG_IS_FSCTL;
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SET_SPARSE");
+
+	status = test_sparse_get(torture, tmp_ctx, tree, fh, &is_sparse);
+	torture_assert_ntstatus_ok(torture, status, "test_sparse_get");
+	torture_assert(torture, is_sparse, "no sparse attr after 2nd set");
+
+	status = test_ioctl_sparse_req(torture, tmp_ctx, tree, fh, false);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SET_SPARSE");
+
+	status = test_sparse_get(torture, tmp_ctx, tree, fh, &is_sparse);
+	torture_assert_ntstatus_ok(torture, status, "test_sparse_get");
+	torture_assert(torture, !is_sparse, "sparse attr after unset");
+
+	smb2_util_close(tree, fh);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_sparse_set_oversize(struct torture_context *torture,
+					   struct smb2_tree *tree)
+{
+	struct smb2_handle fh;
+	union smb_ioctl ioctl;
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	bool ok;
+	bool is_sparse;
+	uint8_t buf[100];
+
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME, &fh, 0, SEC_RIGHTS_FILE_ALL,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup file");
+
+	status = test_ioctl_fs_supported(torture, tree, tmp_ctx, &fh,
+					 FILE_SUPPORTS_SPARSE_FILES, &ok);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		smb2_util_close(tree, fh);
+		torture_skip(torture, "Sparse files not supported\n");
+	}
+
+	status = test_sparse_get(torture, tmp_ctx, tree, fh, &is_sparse);
+	torture_assert_ntstatus_ok(torture, status, "test_sparse_get");
+	torture_assert(torture, !is_sparse, "sparse attr before set");
+
+	ZERO_STRUCT(ioctl);
+	ioctl.smb2.level = RAW_IOCTL_SMB2;
+	ioctl.smb2.in.file.handle = fh;
+	ioctl.smb2.in.function = FSCTL_SET_SPARSE;
+	ioctl.smb2.in.max_output_response = 0;
+	ioctl.smb2.in.flags = SMB2_IOCTL_FLAG_IS_FSCTL;
+
+	/*
+	 * Attach a request buffer larger than FILE_SET_SPARSE_BUFFER
+	 * Windows still successfully processes the request.
+	 */
+	ZERO_ARRAY(buf);
+	buf[0] = 0xFF; /* attempt to set sparse */
+	ioctl.smb2.in.out.data = buf;
+	ioctl.smb2.in.out.length = ARRAY_SIZE(buf);
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SET_SPARSE");
+
+	status = test_sparse_get(torture, tmp_ctx, tree, fh, &is_sparse);
+	torture_assert_ntstatus_ok(torture, status, "test_sparse_get");
+	torture_assert(torture, is_sparse, "no sparse attr after set");
+
+	ZERO_STRUCT(ioctl);
+	ioctl.smb2.level = RAW_IOCTL_SMB2;
+	ioctl.smb2.in.file.handle = fh;
+	ioctl.smb2.in.function = FSCTL_SET_SPARSE;
+	ioctl.smb2.in.max_output_response = 0;
+	ioctl.smb2.in.flags = SMB2_IOCTL_FLAG_IS_FSCTL;
+
+	ZERO_ARRAY(buf); /* clear sparse */
+	ioctl.smb2.in.out.data = buf;
+	ioctl.smb2.in.out.length = ARRAY_SIZE(buf);
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SET_SPARSE");
+
+	status = test_sparse_get(torture, tmp_ctx, tree, fh, &is_sparse);
+	torture_assert_ntstatus_ok(torture, status, "test_sparse_get");
+	torture_assert(torture, !is_sparse, "sparse attr after clear");
+
+	smb2_util_close(tree, fh);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static NTSTATUS test_ioctl_qar_req(struct torture_context *torture,
+				   TALLOC_CTX *mem_ctx,
+				   struct smb2_tree *tree,
+				   struct smb2_handle fh,
+				   int64_t req_off,
+				   int64_t req_len,
+				   struct file_alloced_range_buf **_rsp,
+				   uint64_t *_rsp_count)
+{
+	union smb_ioctl ioctl;
+	NTSTATUS status;
+	enum ndr_err_code ndr_ret;
+	struct file_alloced_range_buf far_buf;
+	struct file_alloced_range_buf *far_rsp = NULL;
+	uint64_t far_count = 0;
+	int i;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ZERO_STRUCT(ioctl);
+	ioctl.smb2.level = RAW_IOCTL_SMB2;
+	ioctl.smb2.in.file.handle = fh;
+	ioctl.smb2.in.function = FSCTL_QUERY_ALLOCATED_RANGES;
+	ioctl.smb2.in.max_output_response = 1024;
+	ioctl.smb2.in.flags = SMB2_IOCTL_FLAG_IS_FSCTL;
+
+	far_buf.file_off = req_off;
+	far_buf.len = req_len;
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &far_buf,
+			(ndr_push_flags_fn_t)ndr_push_file_alloced_range_buf);
+	if (ndr_ret != NDR_ERR_SUCCESS) {
+		status = NT_STATUS_UNSUCCESSFUL;
+		goto err_out;
+	}
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto err_out;
+	}
+
+	if (ioctl.smb2.out.out.length == 0) {
+		goto done;
+	}
+
+	if ((ioctl.smb2.out.out.length % sizeof(far_buf)) != 0) {
+		torture_comment(torture, "invalid qry_alloced rsp len: %zd:",
+				ioctl.smb2.out.out.length);
+		status = NT_STATUS_INVALID_VIEW_SIZE;
+		goto err_out;
+	}
+
+	far_count = (ioctl.smb2.out.out.length / sizeof(far_buf));
+	far_rsp = talloc_array(mem_ctx, struct file_alloced_range_buf,
+			       far_count);
+	if (far_rsp == NULL) {
+		status = NT_STATUS_NO_MEMORY;
+		goto err_out;
+	}
+
+	for (i = 0; i < far_count; i++) {
+		ndr_ret = ndr_pull_struct_blob(&ioctl.smb2.out.out, tmp_ctx,
+					       &far_rsp[i],
+			(ndr_pull_flags_fn_t)ndr_pull_file_alloced_range_buf);
+		if (ndr_ret != NDR_ERR_SUCCESS) {
+			status = NT_STATUS_UNSUCCESSFUL;
+			goto err_out;
+		}
+		/* move to next buffer */
+		ioctl.smb2.out.out.data += sizeof(far_buf);
+		ioctl.smb2.out.out.length -= sizeof(far_buf);
+	}
+
+done:
+	*_rsp = far_rsp;
+	*_rsp_count = far_count;
+	status = NT_STATUS_OK;
+err_out:
+	talloc_free(tmp_ctx);
+	return status;
+}
+
+static bool test_ioctl_sparse_qar(struct torture_context *torture,
+				  struct smb2_tree *tree)
+{
+	struct smb2_handle fh;
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	bool ok;
+	bool is_sparse;
+	struct file_alloced_range_buf *far_rsp = NULL;
+	uint64_t far_count = 0;
+
+	/* zero length file, shouldn't have any ranges */
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME, &fh, 0, SEC_RIGHTS_FILE_ALL,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup file");
+
+	status = test_ioctl_fs_supported(torture, tree, tmp_ctx, &fh,
+					 FILE_SUPPORTS_SPARSE_FILES, &ok);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		smb2_util_close(tree, fh);
+		torture_skip(torture, "Sparse files not supported\n");
+	}
+
+	status = test_sparse_get(torture, tmp_ctx, tree, fh, &is_sparse);
+	torture_assert_ntstatus_ok(torture, status, "test_sparse_get");
+	torture_assert(torture, !is_sparse, "sparse attr before set");
+
+	status = test_ioctl_qar_req(torture, tmp_ctx, tree, fh,
+				    0,	/* off */
+				    0,	/* len */
+				    &far_rsp,
+				    &far_count);
+	torture_assert_ntstatus_ok(torture, status,
+				   "FSCTL_QUERY_ALLOCATED_RANGES req failed");
+	torture_assert_u64_equal(torture, far_count, 0,
+				 "unexpected response len");
+
+	status = test_ioctl_qar_req(torture, tmp_ctx, tree, fh,
+				    0,	/* off */
+				    1024,	/* len */
+				    &far_rsp,
+				    &far_count);
+	torture_assert_ntstatus_ok(torture, status,
+				   "FSCTL_QUERY_ALLOCATED_RANGES req failed");
+	torture_assert_u64_equal(torture, far_count, 0,
+				 "unexpected response len");
+
+	status = test_ioctl_sparse_req(torture, tmp_ctx, tree, fh, true);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SET_SPARSE");
+
+	status = test_sparse_get(torture, tmp_ctx, tree, fh, &is_sparse);
+	torture_assert_ntstatus_ok(torture, status, "test_sparse_get");
+	torture_assert(torture, is_sparse, "no sparse attr after set");
+
+	status = test_ioctl_qar_req(torture, tmp_ctx, tree, fh,
+				    0,	/* off */
+				    1024,	/* len */
+				    &far_rsp,
+				    &far_count);
+	torture_assert_ntstatus_ok(torture, status,
+				   "FSCTL_QUERY_ALLOCATED_RANGES req failed");
+	torture_assert_u64_equal(torture, far_count, 0,
+				 "unexpected response len");
+
+	/* write into the (now) sparse file at 4k offset */
+	ok = write_pattern(torture, tree, tmp_ctx, fh,
+			   4096,	/* off */
+			   1024,	/* len */
+			   4096);	/* pattern offset */
+	torture_assert(torture, ok, "write pattern");
+
+	/*
+	 * Query range before write off. Whether it's allocated or not is FS
+	 * dependent. NTFS deallocates chunks in 64K increments, but others
+	 * (e.g. XFS, Btrfs, etc.) may deallocate 4K chunks.
+	 */
+	status = test_ioctl_qar_req(torture, tmp_ctx, tree, fh,
+				    0,	/* off */
+				    4096,	/* len */
+				    &far_rsp,
+				    &far_count);
+	torture_assert_ntstatus_ok(torture, status,
+				   "FSCTL_QUERY_ALLOCATED_RANGES req failed");
+	if (far_count == 0) {
+		torture_comment(torture, "FS deallocated 4K chunk\n");
+	} else {
+		/* expect fully allocated */
+		torture_assert_u64_equal(torture, far_count, 1,
+					 "unexpected response len");
+		torture_assert_u64_equal(torture, far_rsp[0].file_off, 0, "far offset");
+		torture_assert_u64_equal(torture, far_rsp[0].len, 4096, "far len");
+	}
+
+	/*
+	 * Query range before and past write, it should be allocated up to the
+	 * end of the write.
+	 */
+	status = test_ioctl_qar_req(torture, tmp_ctx, tree, fh,
+				    0,	/* off */
+				    8192,	/* len */
+				    &far_rsp,
+				    &far_count);
+	torture_assert_ntstatus_ok(torture, status,
+				   "FSCTL_QUERY_ALLOCATED_RANGES req failed");
+	torture_assert_u64_equal(torture, far_count, 1,
+				 "unexpected response len");
+	/* FS dependent */
+	if (far_rsp[0].file_off == 4096) {
+		/* 4K chunk unallocated */
+		torture_assert_u64_equal(torture, far_rsp[0].file_off, 4096, "far offset");
+		torture_assert_u64_equal(torture, far_rsp[0].len, 1024, "far len");
+	} else {
+		/* expect fully allocated */
+		torture_assert_u64_equal(torture, far_rsp[0].file_off, 0, "far offset");
+		torture_assert_u64_equal(torture, far_rsp[0].len, 5120, "far len");
+	}
+
+	smb2_util_close(tree, fh);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_sparse_qar_malformed(struct torture_context *torture,
+					    struct smb2_tree *tree)
+{
+	struct smb2_handle fh;
+	union smb_ioctl ioctl;
+	struct file_alloced_range_buf far_buf;
+	NTSTATUS status;
+	enum ndr_err_code ndr_ret;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	bool ok;
+	size_t old_len;
+
+	/* zero length file, shouldn't have any ranges */
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME, &fh, 0, SEC_RIGHTS_FILE_ALL,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup file");
+
+	status = test_ioctl_fs_supported(torture, tree, tmp_ctx, &fh,
+					 FILE_SUPPORTS_SPARSE_FILES, &ok);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		smb2_util_close(tree, fh);
+		torture_skip(torture, "Sparse files not supported\n");
+	}
+
+	/* no allocated ranges, no space for range response, should pass */
+	ZERO_STRUCT(ioctl);
+	ioctl.smb2.level = RAW_IOCTL_SMB2;
+	ioctl.smb2.in.file.handle = fh;
+	ioctl.smb2.in.function = FSCTL_QUERY_ALLOCATED_RANGES;
+	ioctl.smb2.in.max_output_response = 0;
+	ioctl.smb2.in.flags = SMB2_IOCTL_FLAG_IS_FSCTL;
+
+	far_buf.file_off = 0;
+	far_buf.len = 1024;
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &far_buf,
+			(ndr_push_flags_fn_t)ndr_push_file_alloced_range_buf);
+	torture_assert_ndr_success(torture, ndr_ret, "push far ndr buf");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_QUERY_ALLOCATED_RANGES");
+
+	/* write into the file at 4k offset */
+	ok = write_pattern(torture, tree, tmp_ctx, fh,
+			   0,		/* off */
+			   1024,	/* len */
+			   0);		/* pattern offset */
+	torture_assert(torture, ok, "write pattern");
+
+	/* allocated range, no space for range response, should fail */
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_equal(torture, status,
+				      NT_STATUS_BUFFER_TOO_SMALL, "qar no space");
+
+	/* oversize (2x) file_alloced_range_buf in request, should pass */
+	ioctl.smb2.in.max_output_response = 1024;
+	old_len = ioctl.smb2.in.out.length;
+	ok = data_blob_realloc(tmp_ctx, &ioctl.smb2.in.out,
+			       (ioctl.smb2.in.out.length * 2));
+	torture_assert(torture, ok, "2x data buffer");
+	memcpy(ioctl.smb2.in.out.data + old_len, ioctl.smb2.in.out.data,
+	       old_len);
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok(torture, status, "qar too big");
+
+	/* no file_alloced_range_buf in request, should fail */
+	data_blob_free(&ioctl.smb2.in.out);
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_equal(torture, status,
+				      NT_STATUS_INVALID_PARAMETER, "qar empty");
+
+	return true;
+}
+
+bool test_ioctl_alternate_data_stream(struct torture_context *tctx)
+{
+	bool ret = false;
+	const char *fname = DNAME "\\test_stream_ioctl_dir";
+	const char *sname = DNAME "\\test_stream_ioctl_dir:stream";
+	NTSTATUS status;
+	struct smb2_create create = {};
+	struct smb2_tree *tree = NULL;
+	struct smb2_handle h1 = {{0}};
+	union smb_ioctl ioctl;
+
+	if (!torture_smb2_connection(tctx, &tree)) {
+		torture_comment(tctx, "Initializing smb2 connection failed.\n");
+		return false;
+	}
+
+	smb2_deltree(tree, DNAME);
+
+	status = torture_smb2_testdir(tree, DNAME, &h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testdir failed\n");
+
+	status = smb2_util_close(tree, h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_close failed\n");
+	create = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_ALL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.file_attributes = FILE_ATTRIBUTE_HIDDEN,
+		.in.create_disposition = NTCREATEX_DISP_CREATE,
+		.in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION,
+		.in.fname = fname,
+	};
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+
+	h1 = create.out.file.handle;
+	status = smb2_util_close(tree, h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_close failed\n");
+
+	create = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_ALL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.create_disposition = NTCREATEX_DISP_CREATE,
+		.in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION,
+		.in.fname = sname,
+	};
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	h1 = create.out.file.handle;
+
+	ZERO_STRUCT(ioctl);
+	ioctl.smb2.level = RAW_IOCTL_SMB2;
+	ioctl.smb2.in.file.handle = h1;
+	ioctl.smb2.in.function = FSCTL_CREATE_OR_GET_OBJECT_ID,
+	ioctl.smb2.in.max_output_response = 64;
+	ioctl.smb2.in.flags = SMB2_IOCTL_FLAG_IS_FSCTL;
+	status = smb2_ioctl(tree, tctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_ioctl failed\n");
+	ret = true;
+
+done:
+
+	smb2_util_close(tree, h1);
+	smb2_deltree(tree, DNAME);
+	return ret;
+}
+
+/*
+ * 2.3.57 FSCTL_SET_ZERO_DATA Request
+ *
+ * How an implementation zeros data within a file is implementation-dependent.
+ * A file system MAY choose to deallocate regions of disk space that have been
+ * zeroed.<50>
+ * <50>
+ * ... NTFS might deallocate disk space in the file if the file is stored on an
+ * NTFS volume, and the file is sparse or compressed. It will free any allocated
+ * space in chunks of 64 kilobytes that begin at an offset that is a multiple of
+ * 64 kilobytes. Other bytes in the file (prior to the first freed 64-kilobyte
+ * chunk and after the last freed 64-kilobyte chunk) will be zeroed but not
+ * deallocated.
+ */
+static NTSTATUS test_ioctl_zdata_req(struct torture_context *torture,
+				     TALLOC_CTX *mem_ctx,
+				     struct smb2_tree *tree,
+				     struct smb2_handle fh,
+				     int64_t off,
+				     int64_t beyond_final_zero)
+{
+	union smb_ioctl ioctl;
+	NTSTATUS status;
+	enum ndr_err_code ndr_ret;
+	struct file_zero_data_info zdata_info;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ZERO_STRUCT(ioctl);
+	ioctl.smb2.level = RAW_IOCTL_SMB2;
+	ioctl.smb2.in.file.handle = fh;
+	ioctl.smb2.in.function = FSCTL_SET_ZERO_DATA;
+	ioctl.smb2.in.max_output_response = 0;
+	ioctl.smb2.in.flags = SMB2_IOCTL_FLAG_IS_FSCTL;
+
+	zdata_info.file_off = off;
+	zdata_info.beyond_final_zero = beyond_final_zero;
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &zdata_info,
+			(ndr_push_flags_fn_t)ndr_push_file_zero_data_info);
+	if (ndr_ret != NDR_ERR_SUCCESS) {
+		status = NT_STATUS_UNSUCCESSFUL;
+		goto err_out;
+	}
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto err_out;
+	}
+
+	status = NT_STATUS_OK;
+err_out:
+	talloc_free(tmp_ctx);
+	return status;
+}
+
+bool test_ioctl_zero_data(struct torture_context *tctx)
+{
+	bool ret = true;
+	int offset, beyond_final_zero;
+	const char *filename;
+	NTSTATUS status;
+	struct smb2_create create = { };
+	struct smb2_tree *tree = NULL;
+
+	offset = torture_setting_int(tctx, "offset", -1);
+
+	if (offset < 0) {
+		torture_fail(tctx, "Need to provide non-negative offset "
+			     "through --option=torture:offset=NNN\n");
+		return false;
+	}
+
+	beyond_final_zero = torture_setting_int(tctx, "beyond_final_zero",
+						-1);
+	if (beyond_final_zero < 0) {
+		torture_fail(tctx, "Need to provide non-negative "
+			     "'beyond final zero' through "
+			     "--option=torture:beyond_final_zero=NNN\n");
+		return false;
+	}
+	filename = torture_setting_string(tctx, "filename", NULL);
+	if (filename == NULL) {
+		torture_fail(tctx, "Need to provide filename through "
+			     "--option=torture:filename=testfile\n");
+		return false;
+	}
+
+	if (!torture_smb2_connection(tctx, &tree)) {
+		torture_comment(tctx, "Initializing smb2 connection failed.\n");
+		return false;
+	}
+
+	create.in.desired_access = SEC_RIGHTS_DIR_ALL;
+	create.in.create_options = 0;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE |
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.fname = filename;
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"CREATE failed.\n");
+
+	status = test_ioctl_zdata_req(tctx, tctx, tree,
+				      create.out.file.handle,
+				      offset,
+				      beyond_final_zero);
+	torture_assert_ntstatus_ok_goto(tctx,
+					status,
+					ret,
+					done,
+					"FSCTL_SET_ZERO_DATA failed.\n");
+
+done:
+	return ret;
+}
+
+static bool test_ioctl_sparse_punch(struct torture_context *torture,
+				    struct smb2_tree *tree)
+{
+	struct smb2_handle fh;
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	bool ok;
+	bool is_sparse;
+	struct file_alloced_range_buf *far_rsp = NULL;
+	uint64_t far_count = 0;
+
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME, &fh, 4096, SEC_RIGHTS_FILE_ALL,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup file");
+
+	status = test_ioctl_fs_supported(torture, tree, tmp_ctx, &fh,
+					 FILE_SUPPORTS_SPARSE_FILES, &ok);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		smb2_util_close(tree, fh);
+		torture_skip(torture, "Sparse files not supported\n");
+	}
+
+	status = test_sparse_get(torture, tmp_ctx, tree, fh, &is_sparse);
+	torture_assert_ntstatus_ok(torture, status, "test_sparse_get");
+	torture_assert(torture, !is_sparse, "sparse attr before set");
+
+	/* zero (hole-punch) the data, without sparse flag */
+	status = test_ioctl_zdata_req(torture, tmp_ctx, tree, fh,
+				      0,	/* off */
+				      4096);	/* beyond_final_zero */
+	torture_assert_ntstatus_ok(torture, status, "zero_data");
+
+	status = test_ioctl_qar_req(torture, tmp_ctx, tree, fh,
+				    0,		/* off */
+				    4096,	/* len */
+				    &far_rsp,
+				    &far_count);
+	torture_assert_ntstatus_ok(torture, status,
+				   "FSCTL_QUERY_ALLOCATED_RANGES req failed");
+	torture_assert_u64_equal(torture, far_count, 1,
+				 "unexpected response len");
+
+	/* expect fully allocated */
+	torture_assert_u64_equal(torture, far_rsp[0].file_off, 0,
+				 "unexpected far off");
+	torture_assert_u64_equal(torture, far_rsp[0].len, 4096,
+				 "unexpected far len");
+	/* check that the data is now zeroed */
+	ok = check_zero(torture, tree, tmp_ctx, fh, 0, 4096);
+	torture_assert(torture, ok, "non-sparse zeroed range");
+
+	/* set sparse */
+	status = test_ioctl_sparse_req(torture, tmp_ctx, tree, fh, true);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SET_SPARSE");
+
+	/* still fully allocated on NTFS, see note below for Samba */
+	status = test_ioctl_qar_req(torture, tmp_ctx, tree, fh,
+				    0,		/* off */
+				    4096,	/* len */
+				    &far_rsp,
+				    &far_count);
+	torture_assert_ntstatus_ok(torture, status,
+				   "FSCTL_QUERY_ALLOCATED_RANGES req failed");
+	/*
+	 * FS specific: Samba uses PUNCH_HOLE to zero the range, and
+	 * subsequently uses fallocate() to allocate the punched range if the
+	 * file is marked non-sparse and "strict allocate" is enabled. In both
+	 * cases, the zeroed range will not be detected by SEEK_DATA, so the
+	 * range won't be present in QAR responses until the file is marked
+	 * non-sparse again.
+	 */
+	if (far_count == 0) {
+		torture_comment(torture, "non-sparse zeroed range disappeared "
+				"after marking sparse\n");
+	} else {
+		/* NTFS: range remains fully allocated */
+		torture_assert_u64_equal(torture, far_count, 1,
+					 "unexpected response len");
+		torture_assert_u64_equal(torture, far_rsp[0].file_off, 0,
+					 "unexpected far off");
+		torture_assert_u64_equal(torture, far_rsp[0].len, 4096,
+					 "unexpected far len");
+	}
+
+	/* zero (hole-punch) the data, _with_ sparse flag */
+	status = test_ioctl_zdata_req(torture, tmp_ctx, tree, fh,
+				      0,	/* off */
+				      4096);	/* beyond_final_zero */
+	torture_assert_ntstatus_ok(torture, status, "zero_data");
+
+	/* the range should no longer be alloced */
+	status = test_ioctl_qar_req(torture, tmp_ctx, tree, fh,
+				    0,		/* off */
+				    4096,	/* len */
+				    &far_rsp,
+				    &far_count);
+	torture_assert_ntstatus_ok(torture, status,
+				   "FSCTL_QUERY_ALLOCATED_RANGES req failed");
+	torture_assert_u64_equal(torture, far_count, 0,
+				 "unexpected response len");
+
+	ok = check_zero(torture, tree, tmp_ctx, fh, 0, 4096);
+	torture_assert(torture, ok, "sparse zeroed range");
+
+	/* remove sparse flag, this should "unsparse" the zeroed range */
+	status = test_ioctl_sparse_req(torture, tmp_ctx, tree, fh, false);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SET_SPARSE");
+
+	status = test_ioctl_qar_req(torture, tmp_ctx, tree, fh,
+				    0,		/* off */
+				    4096,	/* len */
+				    &far_rsp,
+				    &far_count);
+	torture_assert_ntstatus_ok(torture, status,
+				   "FSCTL_QUERY_ALLOCATED_RANGES req failed");
+	torture_assert_u64_equal(torture, far_count, 1,
+				 "unexpected response len");
+	/* expect fully allocated */
+	torture_assert_u64_equal(torture, far_rsp[0].file_off, 0,
+				 "unexpected far off");
+	torture_assert_u64_equal(torture, far_rsp[0].len, 4096,
+				 "unexpected far len");
+
+	ok = check_zero(torture, tree, tmp_ctx, fh, 0, 4096);
+	torture_assert(torture, ok, "sparse zeroed range");
+
+	smb2_util_close(tree, fh);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+/*
+ * Find the point at which a zeroed range in a sparse file is deallocated by the
+ * underlying filesystem. NTFS on Windows Server 2012 deallocates chunks in 64k
+ * increments. Also check whether zeroed neighbours are merged for deallocation.
+ */
+static bool test_ioctl_sparse_hole_dealloc(struct torture_context *torture,
+					   struct smb2_tree *tree)
+{
+	struct smb2_handle fh;
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	bool ok;
+	uint64_t file_size;
+	uint64_t hlen;
+	uint64_t dealloc_chunk_len = 0;
+	struct file_alloced_range_buf *far_rsp = NULL;
+	uint64_t far_count = 0;
+
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME, &fh, 0, SEC_RIGHTS_FILE_ALL,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup file 1");
+
+	/* check for FS sparse file */
+	status = test_ioctl_fs_supported(torture, tree, tmp_ctx, &fh,
+					 FILE_SUPPORTS_SPARSE_FILES, &ok);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		smb2_util_close(tree, fh);
+		torture_skip(torture, "Sparse files not supported\n");
+	}
+
+	/* set sparse */
+	status = test_ioctl_sparse_req(torture, tmp_ctx, tree, fh, true);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SET_SPARSE");
+
+	file_size = 1024 * 1024;
+
+	ok = write_pattern(torture, tree, tmp_ctx, fh,
+			   0,		/* off */
+			   file_size,	/* len */
+			   0);	/* pattern offset */
+	torture_assert(torture, ok, "write pattern");
+
+	 /* check allocated ranges, should be fully allocated */
+	status = test_ioctl_qar_req(torture, tmp_ctx, tree, fh,
+				    0,			/* off */
+				    file_size,		/* len */
+				    &far_rsp,
+				    &far_count);
+	torture_assert_ntstatus_ok(torture, status,
+			"FSCTL_QUERY_ALLOCATED_RANGES req failed");
+	torture_assert_u64_equal(torture, far_count, 1,
+				 "unexpected response len");
+	torture_assert_u64_equal(torture, far_rsp[0].file_off, 0,
+				 "unexpected far off");
+	torture_assert_u64_equal(torture, far_rsp[0].len, file_size,
+				 "unexpected far len");
+
+	/* punch holes in sizes of 1k increments */
+	for (hlen = 0; hlen <= file_size; hlen += 4096) {
+
+		/* punch a hole from zero to the current increment */
+		status = test_ioctl_zdata_req(torture, tmp_ctx, tree, fh,
+					      0,	/* off */
+					      hlen);	/* beyond_final_zero */
+		torture_assert_ntstatus_ok(torture, status, "zero_data");
+
+		/* ensure hole is zeroed, and pattern is consistent */
+		ok = check_zero(torture, tree, tmp_ctx, fh, 0, hlen);
+		torture_assert(torture, ok, "sparse zeroed range");
+
+		ok = check_pattern(torture, tree, tmp_ctx, fh, hlen,
+				   file_size - hlen, hlen);
+		torture_assert(torture, ok, "allocated pattern range");
+
+		 /* Check allocated ranges, hole might have been deallocated */
+		status = test_ioctl_qar_req(torture, tmp_ctx, tree, fh,
+					    0,		/* off */
+					    file_size,	/* len */
+					    &far_rsp,
+					    &far_count);
+		torture_assert_ntstatus_ok(torture, status,
+					   "FSCTL_QUERY_ALLOCATED_RANGES");
+		if ((hlen == file_size) && (far_count == 0)) {
+			/* hole covered entire file, deallocation occurred */
+			dealloc_chunk_len = file_size;
+			break;
+		}
+
+		torture_assert_u64_equal(torture, far_count, 1,
+					 "unexpected response len");
+		if (far_rsp[0].file_off != 0) {
+			/*
+			 * We now know the hole punch length needed to trigger a
+			 * deallocation on this FS...
+			 */
+			dealloc_chunk_len = hlen;
+			torture_comment(torture, "hole punch %ju@0 resulted in "
+					"deallocation of %ju@0\n",
+					(uintmax_t)hlen,
+					(uintmax_t)far_rsp[0].file_off);
+			torture_assert_u64_equal(torture,
+						 file_size - far_rsp[0].len,
+						 far_rsp[0].file_off,
+						 "invalid alloced range");
+			break;
+		}
+	}
+
+	if (dealloc_chunk_len == 0) {
+		torture_comment(torture, "strange, this FS never deallocates"
+				"zeroed ranges in sparse files\n");
+		return true;	/* FS specific, not a failure */
+	}
+
+	/*
+	 * Check whether deallocation occurs when the (now known)
+	 * deallocation chunk size is punched via two ZERO_DATA requests.
+	 * I.e. Does the FS merge the two ranges and deallocate the chunk?
+	 * NTFS on Windows Server 2012 does not.
+	 */
+	ok = write_pattern(torture, tree, tmp_ctx, fh,
+			   0,		/* off */
+			   file_size,	/* len */
+			   0);	/* pattern offset */
+	torture_assert(torture, ok, "write pattern");
+
+	/* divide dealloc chunk size by two, to use as punch length */
+	hlen = dealloc_chunk_len >> 1;
+
+	/*
+	 *                     /half of dealloc chunk size           1M\
+	 *                     |                                       |
+	 * /offset 0           |                   /dealloc chunk size |
+	 * |------------------ |-------------------|-------------------|
+	 * | zeroed, 1st punch | zeroed, 2nd punch | existing pattern  |
+	 */
+	status = test_ioctl_zdata_req(torture, tmp_ctx, tree, fh,
+				      0,	/* off */
+				      hlen);	/* beyond final zero */
+	torture_assert_ntstatus_ok(torture, status, "zero_data");
+
+	status = test_ioctl_zdata_req(torture, tmp_ctx, tree, fh,
+				      hlen,	/* off */
+				      dealloc_chunk_len); /* beyond final */
+	torture_assert_ntstatus_ok(torture, status, "zero_data");
+
+	/* ensure holes are zeroed, and pattern is consistent */
+	ok = check_zero(torture, tree, tmp_ctx, fh, 0, dealloc_chunk_len);
+	torture_assert(torture, ok, "sparse zeroed range");
+
+	ok = check_pattern(torture, tree, tmp_ctx, fh, dealloc_chunk_len,
+			   file_size - dealloc_chunk_len, dealloc_chunk_len);
+	torture_assert(torture, ok, "allocated pattern range");
+
+	status = test_ioctl_qar_req(torture, tmp_ctx, tree, fh,
+				    0,			/* off */
+				    file_size,		/* len */
+				    &far_rsp,
+				    &far_count);
+	torture_assert_ntstatus_ok(torture, status,
+			"FSCTL_QUERY_ALLOCATED_RANGES req failed");
+
+	if ((far_count == 0) && (dealloc_chunk_len == file_size)) {
+		torture_comment(torture, "holes merged for deallocation of "
+				"full file\n");
+		return true;
+	}
+	torture_assert_u64_equal(torture, far_count, 1,
+				 "unexpected response len");
+	if (far_rsp[0].file_off == dealloc_chunk_len) {
+		torture_comment(torture, "holes merged for deallocation of "
+				"%ju chunk\n", (uintmax_t)dealloc_chunk_len);
+		torture_assert_u64_equal(torture,
+					 file_size - far_rsp[0].len,
+					 far_rsp[0].file_off,
+					 "invalid alloced range");
+	} else {
+		torture_assert_u64_equal(torture, far_rsp[0].file_off, 0,
+					 "unexpected deallocation");
+		torture_comment(torture, "holes not merged for deallocation\n");
+	}
+
+	smb2_util_close(tree, fh);
+
+	/*
+	 * Check whether an unwritten range is allocated when a sparse file is
+	 * written to at an offset past the dealloc chunk size:
+	 *
+	 *                     /dealloc chunk size
+	 * /offset 0           |
+	 * |------------------ |-------------------|
+	 * |     unwritten     |      pattern      |
+	 */
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME, &fh, 0, SEC_RIGHTS_FILE_ALL,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup file 1");
+
+	/* set sparse */
+	status = test_ioctl_sparse_req(torture, tmp_ctx, tree, fh, true);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SET_SPARSE");
+
+	ok = write_pattern(torture, tree, tmp_ctx, fh,
+			   dealloc_chunk_len,	/* off */
+			   1024,		/* len */
+			   dealloc_chunk_len);	/* pattern offset */
+	torture_assert(torture, ok, "write pattern");
+
+	status = test_ioctl_qar_req(torture, tmp_ctx, tree, fh,
+				    0,				/* off */
+				    dealloc_chunk_len + 1024,	/* len */
+				    &far_rsp,
+				    &far_count);
+	torture_assert_ntstatus_ok(torture, status,
+			"FSCTL_QUERY_ALLOCATED_RANGES req failed");
+	torture_assert_u64_equal(torture, far_count, 1,
+				 "unexpected response len");
+	if (far_rsp[0].file_off == 0) {
+		torture_assert_u64_equal(torture, far_rsp[0].len,
+					 dealloc_chunk_len + 1024,
+					 "unexpected far len");
+		torture_comment(torture, "unwritten range fully allocated\n");
+	} else {
+		torture_assert_u64_equal(torture, far_rsp[0].file_off, dealloc_chunk_len,
+					 "unexpected deallocation");
+		torture_assert_u64_equal(torture, far_rsp[0].len, 1024,
+					 "unexpected far len");
+		torture_comment(torture, "unwritten range not allocated\n");
+	}
+
+	ok = check_zero(torture, tree, tmp_ctx, fh, 0, dealloc_chunk_len);
+	torture_assert(torture, ok, "sparse zeroed range");
+
+	ok = check_pattern(torture, tree, tmp_ctx, fh, dealloc_chunk_len,
+			   1024, dealloc_chunk_len);
+	torture_assert(torture, ok, "allocated pattern range");
+
+	/* unsparse, should now be fully allocated */
+	status = test_ioctl_sparse_req(torture, tmp_ctx, tree, fh, false);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SET_SPARSE");
+
+	status = test_ioctl_qar_req(torture, tmp_ctx, tree, fh,
+				    0,				/* off */
+				    dealloc_chunk_len + 1024,	/* len */
+				    &far_rsp,
+				    &far_count);
+	torture_assert_ntstatus_ok(torture, status,
+			"FSCTL_QUERY_ALLOCATED_RANGES req failed");
+	torture_assert_u64_equal(torture, far_count, 1,
+				 "unexpected response len");
+	torture_assert_u64_equal(torture, far_rsp[0].file_off, 0,
+				 "unexpected deallocation");
+	torture_assert_u64_equal(torture, far_rsp[0].len,
+				 dealloc_chunk_len + 1024,
+				 "unexpected far len");
+
+	smb2_util_close(tree, fh);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+/* check whether a file with compression and sparse attrs can be deallocated */
+static bool test_ioctl_sparse_compressed(struct torture_context *torture,
+					 struct smb2_tree *tree)
+{
+	struct smb2_handle fh;
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	bool ok;
+	uint64_t file_size = 1024 * 1024;
+	struct file_alloced_range_buf *far_rsp = NULL;
+	uint64_t far_count = 0;
+
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME, &fh, 0, SEC_RIGHTS_FILE_ALL,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup file 1");
+
+	/* check for FS sparse file and compression support */
+	status = test_ioctl_fs_supported(torture, tree, tmp_ctx, &fh,
+					 FILE_SUPPORTS_SPARSE_FILES, &ok);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		smb2_util_close(tree, fh);
+		torture_skip(torture, "Sparse files not supported\n");
+	}
+
+	status = test_ioctl_compress_fs_supported(torture, tree, tmp_ctx, &fh,
+						  &ok);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		smb2_util_close(tree, fh);
+		torture_skip(torture, "FS compression not supported\n");
+	}
+
+	/* set compression and write some data */
+	status = test_ioctl_compress_set(torture, tmp_ctx, tree, fh,
+					 COMPRESSION_FORMAT_DEFAULT);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SET_COMPRESSION");
+
+	ok = write_pattern(torture, tree, tmp_ctx, fh,
+			   0,		/* off */
+			   file_size,	/* len */
+			   0);		/* pattern offset */
+	torture_assert(torture, ok, "write pattern");
+
+	/* set sparse - now sparse and compressed */
+	status = test_ioctl_sparse_req(torture, tmp_ctx, tree, fh, true);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SET_SPARSE");
+
+	 /* check allocated ranges, should be fully alloced */
+	status = test_ioctl_qar_req(torture, tmp_ctx, tree, fh,
+				    0,		/* off */
+				    file_size,	/* len */
+				    &far_rsp,
+				    &far_count);
+	torture_assert_ntstatus_ok(torture, status,
+				   "FSCTL_QUERY_ALLOCATED_RANGES req failed");
+	torture_assert_u64_equal(torture, far_count, 1,
+				 "unexpected response len");
+	torture_assert_u64_equal(torture, far_rsp[0].file_off, 0,
+				 "unexpected far off");
+	torture_assert_u64_equal(torture, far_rsp[0].len, file_size,
+				 "unexpected far len");
+
+	/* zero (hole-punch) all data, with sparse and compressed attrs */
+	status = test_ioctl_zdata_req(torture, tmp_ctx, tree, fh,
+				      0,		/* off */
+				      file_size);	/* beyond_final_zero */
+	torture_assert_ntstatus_ok(torture, status, "zero_data");
+
+	 /*
+	  * Windows Server 2012 still deallocates a zeroed range when a sparse
+	  * file carries the compression attribute.
+	  */
+	status = test_ioctl_qar_req(torture, tmp_ctx, tree, fh,
+				    0,		/* off */
+				    file_size,	/* len */
+				    &far_rsp,
+				    &far_count);
+	torture_assert_ntstatus_ok(torture, status,
+				   "FSCTL_QUERY_ALLOCATED_RANGES req failed");
+	if (far_count == 0) {
+		torture_comment(torture, "sparse & compressed file "
+				"deallocated after hole-punch\n");
+	} else {
+		torture_assert_u64_equal(torture, far_count, 1,
+					 "unexpected response len");
+		torture_assert_u64_equal(torture, far_rsp[0].file_off, 0,
+					 "unexpected far off");
+		torture_assert_u64_equal(torture, far_rsp[0].len, file_size,
+					 "unexpected far len");
+		torture_comment(torture, "sparse & compressed file fully "
+				"allocated after hole-punch\n");
+	}
+
+	smb2_util_close(tree, fh);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+/*
+ * Create a sparse file, then attempt to copy unallocated and allocated ranges
+ * into a target file using FSCTL_SRV_COPYCHUNK.
+ */
+static bool test_ioctl_sparse_copy_chunk(struct torture_context *torture,
+					 struct smb2_tree *tree)
+{
+	struct smb2_handle src_h;
+	struct smb2_handle dest_h;
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	bool ok;
+	uint64_t dealloc_chunk_len = 64 * 1024;	/* Windows 2012 */
+	struct file_alloced_range_buf *far_rsp = NULL;
+	uint64_t far_count = 0;
+	union smb_ioctl ioctl;
+	struct srv_copychunk_copy cc_copy;
+	struct srv_copychunk_rsp cc_rsp;
+	enum ndr_err_code ndr_ret;
+
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME, &src_h, 0, SEC_RIGHTS_FILE_ALL,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup file");
+
+	/* check for FS sparse file support */
+	status = test_ioctl_fs_supported(torture, tree, tmp_ctx, &src_h,
+					 FILE_SUPPORTS_SPARSE_FILES, &ok);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FS");
+	smb2_util_close(tree, src_h);
+	if (!ok) {
+		torture_skip(torture, "Sparse files not supported\n");
+	}
+
+	ok = test_setup_copy_chunk(torture, tree, tree, tmp_ctx,
+				   1, /* chunks */
+				   FNAME,
+				   &src_h, 0, /* src file */
+				   SEC_RIGHTS_FILE_ALL,
+				   FNAME2,
+				   &dest_h, 0,	/* dest file */
+				   SEC_RIGHTS_FILE_ALL,
+				   &cc_copy,
+				   &ioctl);
+	torture_assert(torture, ok, "setup copy chunk error");
+
+	/* set sparse */
+	status = test_ioctl_sparse_req(torture, tmp_ctx, tree, src_h, true);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SET_SPARSE");
+
+	/* start after dealloc_chunk_len, to create an unwritten sparse range */
+	ok = write_pattern(torture, tree, tmp_ctx, src_h,
+			   dealloc_chunk_len,	/* off */
+			   1024,	/* len */
+			   dealloc_chunk_len);	/* pattern offset */
+	torture_assert(torture, ok, "write pattern");
+
+	 /* Skip test if 64k chunk is allocated - FS specific */
+	status = test_ioctl_qar_req(torture, tmp_ctx, tree, src_h,
+				    0,				/* off */
+				    dealloc_chunk_len + 1024,	/* len */
+				    &far_rsp,
+				    &far_count);
+	torture_assert_ntstatus_ok(torture, status,
+			"FSCTL_QUERY_ALLOCATED_RANGES req failed");
+	torture_assert_u64_equal(torture, far_count, 1,
+				 "unexpected response len");
+	if (far_rsp[0].file_off == 0) {
+		torture_skip(torture, "unwritten range fully allocated\n");
+	}
+
+	torture_assert_u64_equal(torture, far_rsp[0].file_off, dealloc_chunk_len,
+				 "unexpected allocation");
+	torture_assert_u64_equal(torture, far_rsp[0].len, 1024,
+				 "unexpected far len");
+
+	/* copy-chunk unallocated + written ranges into non-sparse dest */
+
+	cc_copy.chunks[0].source_off = 0;
+	cc_copy.chunks[0].target_off = 0;
+	cc_copy.chunks[0].length = dealloc_chunk_len + 1024;
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &cc_copy,
+			(ndr_push_flags_fn_t)ndr_push_srv_copychunk_copy);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_push_srv_copychunk_copy");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SRV_COPYCHUNK");
+
+	ndr_ret = ndr_pull_struct_blob(&ioctl.smb2.out.out, tmp_ctx,
+				       &cc_rsp,
+			(ndr_pull_flags_fn_t)ndr_pull_srv_copychunk_rsp);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_pull_srv_copychunk_rsp");
+
+	ok = check_copy_chunk_rsp(torture, &cc_rsp,
+				  1,	/* chunks written */
+				  0,	/* chunk bytes unsuccessfully written */
+				  dealloc_chunk_len + 1024); /* bytes written */
+	torture_assert(torture, ok, "bad copy chunk response data");
+
+	ok = check_zero(torture, tree, tmp_ctx, dest_h, 0, dealloc_chunk_len);
+	torture_assert(torture, ok, "sparse zeroed range");
+
+	ok = check_pattern(torture, tree, tmp_ctx, dest_h, dealloc_chunk_len,
+			   1024, dealloc_chunk_len);
+	torture_assert(torture, ok, "copychunked range");
+
+	/* copied range should be allocated in non-sparse dest */
+	status = test_ioctl_qar_req(torture, tmp_ctx, tree, dest_h,
+				    0,				/* off */
+				    dealloc_chunk_len + 1024,	/* len */
+				    &far_rsp,
+				    &far_count);
+	torture_assert_ntstatus_ok(torture, status,
+			"FSCTL_QUERY_ALLOCATED_RANGES req failed");
+	torture_assert_u64_equal(torture, far_count, 1,
+				 "unexpected response len");
+	torture_assert_u64_equal(torture, far_rsp[0].file_off, 0,
+				 "unexpected allocation");
+	torture_assert_u64_equal(torture, far_rsp[0].len,
+				 dealloc_chunk_len + 1024,
+				 "unexpected far len");
+
+	/* set dest as sparse */
+	status = test_ioctl_sparse_req(torture, tmp_ctx, tree, dest_h, true);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SET_SPARSE");
+
+	/* zero (hole-punch) all data */
+	status = test_ioctl_zdata_req(torture, tmp_ctx, tree, dest_h,
+				      0,		/* off */
+				      dealloc_chunk_len + 1024);
+	torture_assert_ntstatus_ok(torture, status, "zero_data");
+
+	/* zeroed range might be deallocated */
+	status = test_ioctl_qar_req(torture, tmp_ctx, tree, dest_h,
+				    0,				/* off */
+				    dealloc_chunk_len + 1024,	/* len */
+				    &far_rsp,
+				    &far_count);
+	torture_assert_ntstatus_ok(torture, status,
+			"FSCTL_QUERY_ALLOCATED_RANGES req failed");
+	if (far_count == 0) {
+		/* FS specific (e.g. NTFS) */
+		torture_comment(torture, "FS deallocates file on full-range "
+				"punch\n");
+	} else {
+		/* FS specific (e.g. EXT4) */
+		torture_comment(torture, "FS doesn't deallocate file on "
+				"full-range punch\n");
+	}
+	ok = check_zero(torture, tree, tmp_ctx, dest_h, 0,
+			dealloc_chunk_len + 1024);
+	torture_assert(torture, ok, "punched zeroed range");
+
+	/* copy-chunk again, this time with sparse dest */
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SRV_COPYCHUNK");
+
+	ndr_ret = ndr_pull_struct_blob(&ioctl.smb2.out.out, tmp_ctx,
+				       &cc_rsp,
+			(ndr_pull_flags_fn_t)ndr_pull_srv_copychunk_rsp);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_pull_srv_copychunk_rsp");
+
+	ok = check_copy_chunk_rsp(torture, &cc_rsp,
+				  1,	/* chunks written */
+				  0,	/* chunk bytes unsuccessfully written */
+				  dealloc_chunk_len + 1024); /* bytes written */
+	torture_assert(torture, ok, "bad copy chunk response data");
+
+	ok = check_zero(torture, tree, tmp_ctx, dest_h, 0, dealloc_chunk_len);
+	torture_assert(torture, ok, "sparse zeroed range");
+
+	ok = check_pattern(torture, tree, tmp_ctx, dest_h, dealloc_chunk_len,
+			   1024, dealloc_chunk_len);
+	torture_assert(torture, ok, "copychunked range");
+
+	/* copied range may be allocated in sparse dest */
+	status = test_ioctl_qar_req(torture, tmp_ctx, tree, dest_h,
+				    0,				/* off */
+				    dealloc_chunk_len + 1024,	/* len */
+				    &far_rsp,
+				    &far_count);
+	torture_assert_ntstatus_ok(torture, status,
+			"FSCTL_QUERY_ALLOCATED_RANGES req failed");
+	torture_assert_u64_equal(torture, far_count, 1,
+				 "unexpected response len");
+	/*
+	 * FS specific: sparse region may be unallocated in dest if copy-chunk
+	 *		is handled in a sparse preserving way - E.g. vfs_btrfs
+	 *		with BTRFS_IOC_CLONE_RANGE.
+	 */
+	if (far_rsp[0].file_off == dealloc_chunk_len) {
+		torture_comment(torture, "copy-chunk sparse range preserved\n");
+		torture_assert_u64_equal(torture, far_rsp[0].len, 1024,
+					 "unexpected far len");
+	} else {
+		torture_assert_u64_equal(torture, far_rsp[0].file_off, 0,
+					 "unexpected allocation");
+		torture_assert_u64_equal(torture, far_rsp[0].len,
+					 dealloc_chunk_len + 1024,
+					 "unexpected far len");
+	}
+
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_sparse_punch_invalid(struct torture_context *torture,
+					    struct smb2_tree *tree)
+{
+	struct smb2_handle fh;
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	bool ok;
+	bool is_sparse;
+	int i;
+
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME, &fh, 4096, SEC_RIGHTS_FILE_ALL,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup file");
+
+	status = test_ioctl_fs_supported(torture, tree, tmp_ctx, &fh,
+					 FILE_SUPPORTS_SPARSE_FILES, &ok);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		smb2_util_close(tree, fh);
+		torture_skip(torture, "Sparse files not supported\n");
+	}
+
+	status = test_sparse_get(torture, tmp_ctx, tree, fh, &is_sparse);
+	torture_assert_ntstatus_ok(torture, status, "test_sparse_get");
+	torture_assert(torture, !is_sparse, "sparse attr before set");
+
+	/* loop twice, without and with sparse attrib */
+	for (i = 0; i <= 1;  i++) {
+		union smb_fileinfo io;
+		struct file_alloced_range_buf *far_rsp = NULL;
+		uint64_t far_count = 0;
+
+		/* get size before & after. zero data should never change it */
+		ZERO_STRUCT(io);
+		io.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+		io.generic.in.file.handle = fh;
+		status = smb2_getinfo_file(tree, tmp_ctx, &io);
+		torture_assert_ntstatus_ok(torture, status, "getinfo");
+		torture_assert_int_equal(torture, (int)io.all_info2.out.size,
+					 4096, "size after IO");
+
+		/* valid 8 byte zero data, but after EOF */
+		status = test_ioctl_zdata_req(torture, tmp_ctx, tree, fh,
+					      4096,	/* off */
+					      4104);	/* beyond_final_zero */
+		torture_assert_ntstatus_ok(torture, status, "zero_data");
+
+		/* valid 8 byte zero data, but after EOF */
+		status = test_ioctl_zdata_req(torture, tmp_ctx, tree, fh,
+					      8192,	/* off */
+					      8200);	/* beyond_final_zero */
+		torture_assert_ntstatus_ok(torture, status, "zero_data");
+
+		ZERO_STRUCT(io);
+		io.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+		io.generic.in.file.handle = fh;
+		status = smb2_getinfo_file(tree, tmp_ctx, &io);
+		torture_assert_ntstatus_ok(torture, status, "getinfo");
+		torture_assert_int_equal(torture, (int)io.all_info2.out.size,
+					 4096, "size after IO");
+
+		/* valid 0 byte zero data, without sparse flag */
+		status = test_ioctl_zdata_req(torture, tmp_ctx, tree, fh,
+					      4095,	/* off */
+					      4095);	/* beyond_final_zero */
+		torture_assert_ntstatus_ok(torture, status, "zero_data");
+
+		/* INVALID off is past beyond_final_zero */
+		status = test_ioctl_zdata_req(torture, tmp_ctx, tree, fh,
+					      4096,	/* off */
+					      4095);	/* beyond_final_zero */
+		torture_assert_ntstatus_equal(torture, status,
+					      NT_STATUS_INVALID_PARAMETER,
+					      "invalid zero_data");
+
+		/* zero length QAR - valid */
+		status = test_ioctl_qar_req(torture, tmp_ctx, tree, fh,
+					    0,			/* off */
+					    0,			/* len */
+					    &far_rsp, &far_count);
+		torture_assert_ntstatus_ok(torture, status,
+				"FSCTL_QUERY_ALLOCATED_RANGES req failed");
+		torture_assert_u64_equal(torture, far_count, 0,
+					 "unexpected response len");
+
+		/* QAR after EOF - valid */
+		status = test_ioctl_qar_req(torture, tmp_ctx, tree, fh,
+					    4096,		/* off */
+					    1024,		/* len */
+					    &far_rsp, &far_count);
+		torture_assert_ntstatus_ok(torture, status,
+				"FSCTL_QUERY_ALLOCATED_RANGES req failed");
+		torture_assert_u64_equal(torture, far_count, 0,
+					 "unexpected response len");
+
+		/* set sparse */
+		status = test_ioctl_sparse_req(torture, tmp_ctx, tree, fh,
+					       true);
+		torture_assert_ntstatus_ok(torture, status, "FSCTL_SET_SPARSE");
+	}
+
+	smb2_util_close(tree, fh);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_sparse_perms(struct torture_context *torture,
+				    struct smb2_tree *tree)
+{
+	struct smb2_handle fh;
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	bool ok;
+	bool is_sparse;
+	struct file_alloced_range_buf *far_rsp = NULL;
+	uint64_t far_count = 0;
+
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME, &fh, 0, SEC_RIGHTS_FILE_ALL,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup file");
+
+	status = test_ioctl_fs_supported(torture, tree, tmp_ctx, &fh,
+					 FILE_SUPPORTS_SPARSE_FILES, &ok);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FS");
+	smb2_util_close(tree, fh);
+	if (!ok) {
+		torture_skip(torture, "Sparse files not supported\n");
+	}
+
+	/* set sparse without WRITE_ATTR permission should succeed */
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME, &fh, 0,
+			(SEC_RIGHTS_FILE_WRITE & ~(SEC_FILE_WRITE_ATTRIBUTE
+							| SEC_STD_WRITE_DAC
+							| SEC_FILE_WRITE_EA)),
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup file");
+
+	status = test_ioctl_sparse_req(torture, tmp_ctx, tree, fh, true);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SET_SPARSE");
+	smb2_util_close(tree, fh);
+
+	ok = test_setup_open(torture, tree, tmp_ctx,
+			     FNAME, &fh, SEC_RIGHTS_FILE_ALL,
+			     FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup file");
+	status = test_sparse_get(torture, tmp_ctx, tree, fh, &is_sparse);
+	torture_assert_ntstatus_ok(torture, status, "test_sparse_get");
+	torture_assert(torture, is_sparse, "sparse after set");
+	smb2_util_close(tree, fh);
+
+	/* attempt get sparse without READ_DATA permission */
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME, &fh, 0,
+			(SEC_RIGHTS_FILE_READ & ~SEC_FILE_READ_DATA),
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup file");
+
+	status = test_sparse_get(torture, tmp_ctx, tree, fh, &is_sparse);
+	torture_assert_ntstatus_ok(torture, status, "test_sparse_get");
+	torture_assert(torture, !is_sparse, "sparse set");
+	smb2_util_close(tree, fh);
+
+	/* attempt to set sparse with only WRITE_ATTR permission */
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME, &fh, 0,
+				    SEC_FILE_WRITE_ATTRIBUTE,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup file");
+
+	status = test_ioctl_sparse_req(torture, tmp_ctx, tree, fh, true);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SET_SPARSE");
+	smb2_util_close(tree, fh);
+
+	/* attempt to set sparse with only WRITE_DATA permission */
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME, &fh, 0,
+				    SEC_FILE_WRITE_DATA,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup file");
+
+	status = test_ioctl_sparse_req(torture, tmp_ctx, tree, fh, true);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SET_SPARSE");
+	smb2_util_close(tree, fh);
+
+	ok = test_setup_open(torture, tree, tmp_ctx,
+			     FNAME, &fh, SEC_RIGHTS_FILE_ALL,
+			     FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup file");
+	status = test_sparse_get(torture, tmp_ctx, tree, fh, &is_sparse);
+	torture_assert_ntstatus_ok(torture, status, "test_sparse_get");
+	torture_assert(torture, is_sparse, "sparse after set");
+	smb2_util_close(tree, fh);
+
+	/* attempt to set sparse with only APPEND_DATA permission */
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME, &fh, 0,
+				    SEC_FILE_APPEND_DATA,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup file");
+
+	status = test_ioctl_sparse_req(torture, tmp_ctx, tree, fh, true);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SET_SPARSE");
+	smb2_util_close(tree, fh);
+
+	ok = test_setup_open(torture, tree, tmp_ctx,
+			     FNAME, &fh, SEC_RIGHTS_FILE_ALL,
+			     FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup file");
+	status = test_sparse_get(torture, tmp_ctx, tree, fh, &is_sparse);
+	torture_assert_ntstatus_ok(torture, status, "test_sparse_get");
+	torture_assert(torture, is_sparse, "sparse after set");
+	smb2_util_close(tree, fh);
+
+	/* attempt to set sparse with only WRITE_EA permission - should fail */
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME, &fh, 0,
+				    SEC_FILE_WRITE_EA,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup file");
+
+	status = test_ioctl_sparse_req(torture, tmp_ctx, tree, fh, true);
+	torture_assert_ntstatus_equal(torture, status,
+				      NT_STATUS_ACCESS_DENIED,
+				      "FSCTL_SET_SPARSE permission");
+	smb2_util_close(tree, fh);
+
+	ok = test_setup_open(torture, tree, tmp_ctx,
+			     FNAME, &fh, SEC_RIGHTS_FILE_ALL,
+			     FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup file");
+	status = test_sparse_get(torture, tmp_ctx, tree, fh, &is_sparse);
+	torture_assert_ntstatus_ok(torture, status, "test_sparse_get");
+	torture_assert(torture, !is_sparse, "sparse after set");
+	smb2_util_close(tree, fh);
+
+	/* attempt QAR with only READ_ATTR permission - should fail */
+	ok = test_setup_open(torture, tree, tmp_ctx,
+			     FNAME, &fh, SEC_FILE_READ_ATTRIBUTE,
+			     FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup file");
+	status = test_ioctl_qar_req(torture, tmp_ctx, tree, fh,
+				    4096,		/* off */
+				    1024,		/* len */
+				    &far_rsp, &far_count);
+	torture_assert_ntstatus_equal(torture, status,
+				      NT_STATUS_ACCESS_DENIED,
+			"FSCTL_QUERY_ALLOCATED_RANGES req passed");
+	smb2_util_close(tree, fh);
+
+	/* attempt QAR with only READ_DATA permission */
+	ok = test_setup_open(torture, tree, tmp_ctx,
+			     FNAME, &fh, SEC_FILE_READ_DATA,
+			     FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup file");
+	status = test_ioctl_qar_req(torture, tmp_ctx, tree, fh,
+				    0,		/* off */
+				    1024,		/* len */
+				    &far_rsp, &far_count);
+	torture_assert_ntstatus_ok(torture, status,
+			"FSCTL_QUERY_ALLOCATED_RANGES req failed");
+	torture_assert_u64_equal(torture, far_count, 0,
+				 "unexpected response len");
+	smb2_util_close(tree, fh);
+
+	/* attempt QAR with only READ_EA permission - should fail */
+	ok = test_setup_open(torture, tree, tmp_ctx,
+			     FNAME, &fh, SEC_FILE_READ_EA,
+			     FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup file");
+	status = test_ioctl_qar_req(torture, tmp_ctx, tree, fh,
+				    4096,		/* off */
+				    1024,		/* len */
+				    &far_rsp, &far_count);
+	torture_assert_ntstatus_equal(torture, status,
+				      NT_STATUS_ACCESS_DENIED,
+			"FSCTL_QUERY_ALLOCATED_RANGES req passed");
+	smb2_util_close(tree, fh);
+
+	/* setup file for ZERO_DATA permissions tests */
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME, &fh, 8192,
+				    SEC_RIGHTS_FILE_ALL,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup file");
+
+	status = test_ioctl_sparse_req(torture, tmp_ctx, tree, fh, true);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SET_SPARSE");
+	smb2_util_close(tree, fh);
+
+	/* attempt ZERO_DATA with only WRITE_ATTR permission - should fail */
+	ok = test_setup_open(torture, tree, tmp_ctx,
+			     FNAME, &fh, SEC_FILE_WRITE_ATTRIBUTE,
+			     FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup file");
+	status = test_ioctl_zdata_req(torture, tmp_ctx, tree, fh,
+				      0,	/* off */
+				      4096);	/* beyond_final_zero */
+	torture_assert_ntstatus_equal(torture, status,
+				      NT_STATUS_ACCESS_DENIED,
+				      "zero_data permission");
+	smb2_util_close(tree, fh);
+
+	/* attempt ZERO_DATA with only WRITE_DATA permission */
+	ok = test_setup_open(torture, tree, tmp_ctx,
+			     FNAME, &fh, SEC_FILE_WRITE_DATA,
+			     FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup file");
+	status = test_ioctl_zdata_req(torture, tmp_ctx, tree, fh,
+				      0,	/* off */
+				      4096);	/* beyond_final_zero */
+	torture_assert_ntstatus_ok(torture, status, "zero_data");
+	smb2_util_close(tree, fh);
+
+	/* attempt ZERO_DATA with only APPEND_DATA permission - should fail */
+	ok = test_setup_open(torture, tree, tmp_ctx,
+			     FNAME, &fh, SEC_FILE_APPEND_DATA,
+			     FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup file");
+	status = test_ioctl_zdata_req(torture, tmp_ctx, tree, fh,
+				      0,	/* off */
+				      4096);	/* beyond_final_zero */
+	torture_assert_ntstatus_equal(torture, status,
+				      NT_STATUS_ACCESS_DENIED,
+				      "zero_data permission");
+	smb2_util_close(tree, fh);
+
+	/* attempt ZERO_DATA with only WRITE_EA permission - should fail */
+	ok = test_setup_open(torture, tree, tmp_ctx,
+			     FNAME, &fh, SEC_FILE_WRITE_EA,
+			     FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup file");
+	status = test_ioctl_zdata_req(torture, tmp_ctx, tree, fh,
+				      0,	/* off */
+				      4096);	/* beyond_final_zero */
+	torture_assert_ntstatus_equal(torture, status,
+				      NT_STATUS_ACCESS_DENIED,
+				      "zero_data permission");
+	smb2_util_close(tree, fh);
+
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_sparse_lck(struct torture_context *torture,
+				  struct smb2_tree *tree)
+{
+	struct smb2_handle fh;
+	struct smb2_handle fh2;
+	NTSTATUS status;
+	uint64_t dealloc_chunk_len = 64 * 1024;	/* Windows 2012 */
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	bool ok;
+	bool is_sparse;
+	struct smb2_lock lck;
+	struct smb2_lock_element el[1];
+	struct file_alloced_range_buf *far_rsp = NULL;
+	uint64_t far_count = 0;
+
+	ok = test_setup_create_fill(torture, tree, tmp_ctx, FNAME, &fh,
+				    dealloc_chunk_len, SEC_RIGHTS_FILE_ALL,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup file");
+
+	status = test_ioctl_fs_supported(torture, tree, tmp_ctx, &fh,
+					 FILE_SUPPORTS_SPARSE_FILES, &ok);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		torture_skip(torture, "Sparse files not supported\n");
+		smb2_util_close(tree, fh);
+	}
+
+	/* open and lock via separate fh2 */
+	status = torture_smb2_testfile(tree, FNAME, &fh2);
+	torture_assert_ntstatus_ok(torture, status, "2nd src open");
+
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x00000000;
+	lck.in.file.handle	= fh2;
+	lck.in.locks		= el;
+	el[0].offset		= 0;
+	el[0].length		= dealloc_chunk_len;
+	el[0].reserved		= 0;
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE;
+
+	status = smb2_lock(tree, &lck);
+	torture_assert_ntstatus_ok(torture, status, "lock");
+
+	/* set sparse while locked */
+	status = test_ioctl_sparse_req(torture, tmp_ctx, tree, fh, true);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SET_SPARSE");
+
+	status = test_sparse_get(torture, tmp_ctx, tree, fh, &is_sparse);
+	torture_assert_ntstatus_ok(torture, status, "test_sparse_get");
+	torture_assert(torture, is_sparse, "sparse attr after set");
+
+	/* zero data over locked range should fail */
+	status = test_ioctl_zdata_req(torture, tmp_ctx, tree, fh,
+				      0,	/* off */
+				      4096);	/* beyond_final_zero */
+	torture_assert_ntstatus_equal(torture, status,
+				      NT_STATUS_FILE_LOCK_CONFLICT,
+				      "zero_data locked");
+
+	/* QAR over locked range should pass */
+	status = test_ioctl_qar_req(torture, tmp_ctx, tree, fh,
+				    0,		/* off */
+				    4096,	/* len */
+				    &far_rsp, &far_count);
+	torture_assert_ntstatus_ok(torture, status,
+			"FSCTL_QUERY_ALLOCATED_RANGES locked");
+	torture_assert_u64_equal(torture, far_count, 1,
+				 "unexpected response len");
+	torture_assert_u64_equal(torture, far_rsp[0].file_off, 0,
+				 "unexpected allocation");
+	torture_assert_u64_equal(torture, far_rsp[0].len,
+				 4096,
+				 "unexpected far len");
+
+	/* zero data over range past EOF should pass */
+	status = test_ioctl_zdata_req(torture, tmp_ctx, tree, fh,
+				      dealloc_chunk_len,	/* off */
+				      dealloc_chunk_len + 4096);
+	torture_assert_ntstatus_ok(torture, status,
+				   "zero_data past EOF locked");
+
+	/* QAR over range past EOF should pass */
+	status = test_ioctl_qar_req(torture, tmp_ctx, tree, fh,
+				    dealloc_chunk_len,		/* off */
+				    4096,			/* len */
+				    &far_rsp, &far_count);
+	torture_assert_ntstatus_ok(torture, status,
+			"FSCTL_QUERY_ALLOCATED_RANGES past EOF locked");
+	torture_assert_u64_equal(torture, far_count, 0,
+				 "unexpected response len");
+
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x00000001;
+	lck.in.file.handle	= fh2;
+	lck.in.locks		= el;
+	el[0].offset		= 0;
+	el[0].length		= dealloc_chunk_len;
+	el[0].reserved		= 0;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	torture_assert_ntstatus_ok(torture, status, "unlock");
+
+	smb2_util_close(tree, fh2);
+	smb2_util_close(tree, fh);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+/* alleviate QAR off-by-one bug paranoia - help me ob1 */
+static bool test_ioctl_sparse_qar_ob1(struct torture_context *torture,
+				      struct smb2_tree *tree)
+{
+	struct smb2_handle fh;
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	bool ok;
+	uint64_t dealloc_chunk_len = 64 * 1024;	/* Windows 2012 */
+	struct file_alloced_range_buf *far_rsp = NULL;
+	uint64_t far_count = 0;
+
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME, &fh, dealloc_chunk_len * 2,
+				    SEC_RIGHTS_FILE_ALL,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup file");
+
+	status = test_ioctl_fs_supported(torture, tree, tmp_ctx, &fh,
+					 FILE_SUPPORTS_SPARSE_FILES, &ok);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		torture_skip(torture, "Sparse files not supported\n");
+		smb2_util_close(tree, fh);
+	}
+
+	/* non-sparse QAR with range one before EOF */
+	status = test_ioctl_qar_req(torture, tmp_ctx, tree, fh,
+				    0,				/* off */
+				    dealloc_chunk_len * 2 - 1,	/* len */
+				    &far_rsp, &far_count);
+	torture_assert_ntstatus_ok(torture, status,
+			"FSCTL_QUERY_ALLOCATED_RANGES req failed");
+	torture_assert_u64_equal(torture, far_count, 1,
+				 "unexpected response len");
+	torture_assert_u64_equal(torture, far_rsp[0].file_off, 0,
+				 "unexpected allocation");
+	torture_assert_u64_equal(torture, far_rsp[0].len,
+				 dealloc_chunk_len * 2 - 1,
+				 "unexpected far len");
+
+	/* non-sparse QAR with range one after EOF */
+	status = test_ioctl_qar_req(torture, tmp_ctx, tree, fh,
+				    0,				/* off */
+				    dealloc_chunk_len * 2 + 1,	/* len */
+				    &far_rsp, &far_count);
+	torture_assert_ntstatus_ok(torture, status,
+			"FSCTL_QUERY_ALLOCATED_RANGES req failed");
+	torture_assert_u64_equal(torture, far_count, 1,
+				 "unexpected response len");
+	torture_assert_u64_equal(torture, far_rsp[0].file_off, 0,
+				 "unexpected allocation");
+	torture_assert_u64_equal(torture, far_rsp[0].len,
+				 dealloc_chunk_len * 2,
+				 "unexpected far len");
+
+	/* non-sparse QAR with range one after EOF from off=1 */
+	status = test_ioctl_qar_req(torture, tmp_ctx, tree, fh,
+				    1,				/* off */
+				    dealloc_chunk_len * 2,	/* len */
+				    &far_rsp, &far_count);
+	torture_assert_ntstatus_ok(torture, status,
+			"FSCTL_QUERY_ALLOCATED_RANGES req failed");
+	torture_assert_u64_equal(torture, far_count, 1,
+				 "unexpected response len");
+	torture_assert_u64_equal(torture, far_rsp[0].file_off, 1,
+				 "unexpected allocation");
+	torture_assert_u64_equal(torture, far_rsp[0].len,
+				 dealloc_chunk_len * 2 - 1,
+				 "unexpected far len");
+
+	status = test_ioctl_sparse_req(torture, tmp_ctx, tree, fh, true);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SET_SPARSE");
+
+	/* punch out second chunk */
+	status = test_ioctl_zdata_req(torture, tmp_ctx, tree, fh,
+				      dealloc_chunk_len,	/* off */
+				      dealloc_chunk_len * 2);
+	torture_assert_ntstatus_ok(torture, status, "zero_data");
+
+	/* sparse QAR with range one before hole */
+	status = test_ioctl_qar_req(torture, tmp_ctx, tree, fh,
+				    0,				/* off */
+				    dealloc_chunk_len - 1,	/* len */
+				    &far_rsp, &far_count);
+	torture_assert_ntstatus_ok(torture, status,
+			"FSCTL_QUERY_ALLOCATED_RANGES req failed");
+	torture_assert_u64_equal(torture, far_count, 1,
+				 "unexpected response len");
+	torture_assert_u64_equal(torture, far_rsp[0].file_off, 0,
+				 "unexpected allocation");
+	torture_assert_u64_equal(torture, far_rsp[0].len,
+				 dealloc_chunk_len - 1,
+				 "unexpected far len");
+
+	/* sparse QAR with range one after hole */
+	status = test_ioctl_qar_req(torture, tmp_ctx, tree, fh,
+				    0,				/* off */
+				    dealloc_chunk_len + 1,	/* len */
+				    &far_rsp, &far_count);
+	torture_assert_ntstatus_ok(torture, status,
+			"FSCTL_QUERY_ALLOCATED_RANGES req failed");
+	torture_assert_u64_equal(torture, far_count, 1,
+				 "unexpected response len");
+	torture_assert_u64_equal(torture, far_rsp[0].file_off, 0,
+				 "unexpected allocation");
+	torture_assert_u64_equal(torture, far_rsp[0].len,
+				 dealloc_chunk_len,
+				 "unexpected far len");
+
+	/* sparse QAR with range one after hole from off=1 */
+	status = test_ioctl_qar_req(torture, tmp_ctx, tree, fh,
+				    1,				/* off */
+				    dealloc_chunk_len,		/* len */
+				    &far_rsp, &far_count);
+	torture_assert_ntstatus_ok(torture, status,
+			"FSCTL_QUERY_ALLOCATED_RANGES req failed");
+	torture_assert_u64_equal(torture, far_count, 1,
+				 "unexpected response len");
+	torture_assert_u64_equal(torture, far_rsp[0].file_off, 1,
+				 "unexpected allocation");
+	torture_assert_u64_equal(torture, far_rsp[0].len,
+				 dealloc_chunk_len - 1,
+				 "unexpected far len");
+
+	/* sparse QAR with range one before EOF from off=chunk_len-1 */
+	status = test_ioctl_qar_req(torture, tmp_ctx, tree, fh,
+				    dealloc_chunk_len - 1,	/* off */
+				    dealloc_chunk_len,		/* len */
+				    &far_rsp, &far_count);
+	torture_assert_ntstatus_ok(torture, status,
+			"FSCTL_QUERY_ALLOCATED_RANGES req failed");
+	torture_assert_u64_equal(torture, far_count, 1,
+				 "unexpected response len");
+	torture_assert_u64_equal(torture, far_rsp[0].file_off,
+				 dealloc_chunk_len - 1,
+				 "unexpected allocation");
+	torture_assert_u64_equal(torture, far_rsp[0].len,
+				 1, "unexpected far len");
+
+	/* sparse QAR with range one after EOF from off=chunk_len+1 */
+	status = test_ioctl_qar_req(torture, tmp_ctx, tree, fh,
+				    dealloc_chunk_len + 1,	/* off */
+				    dealloc_chunk_len,		/* len */
+				    &far_rsp, &far_count);
+	torture_assert_ntstatus_ok(torture, status,
+			"FSCTL_QUERY_ALLOCATED_RANGES req failed");
+	torture_assert_u64_equal(torture, far_count, 0,
+				 "unexpected response len");
+	smb2_util_close(tree, fh);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+/* test QAR with multi-range responses */
+static bool test_ioctl_sparse_qar_multi(struct torture_context *torture,
+					struct smb2_tree *tree)
+{
+	struct smb2_handle fh;
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	bool ok;
+	uint64_t dealloc_chunk_len = 64 * 1024;	/* Windows 2012 */
+	uint64_t this_off;
+	int i;
+	struct file_alloced_range_buf *far_rsp = NULL;
+	uint64_t far_count = 0;
+
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME, &fh, dealloc_chunk_len * 2,
+				    SEC_RIGHTS_FILE_ALL,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup file");
+
+	status = test_ioctl_fs_supported(torture, tree, tmp_ctx, &fh,
+					 FILE_SUPPORTS_SPARSE_FILES, &ok);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		torture_skip(torture, "Sparse files not supported\n");
+		smb2_util_close(tree, fh);
+	}
+
+	status = test_ioctl_sparse_req(torture, tmp_ctx, tree, fh, true);
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SET_SPARSE");
+
+	/* each loop, write out two chunks and punch the first out */
+	for (i = 0; i < 10; i++) {
+		this_off = i * dealloc_chunk_len * 2;
+
+		ok = write_pattern(torture, tree, tmp_ctx, fh,
+				   this_off,			/* off */
+				   dealloc_chunk_len * 2,	/* len */
+				   this_off);		/* pattern offset */
+		torture_assert(torture, ok, "write pattern");
+
+		status = test_ioctl_zdata_req(torture, tmp_ctx, tree, fh,
+					      this_off,	/* off */
+					      this_off + dealloc_chunk_len);
+		torture_assert_ntstatus_ok(torture, status, "zero_data");
+	}
+
+	/* should now have one separate region for each iteration */
+	status = test_ioctl_qar_req(torture, tmp_ctx, tree, fh,
+				    0,
+				    10 * dealloc_chunk_len * 2,
+				    &far_rsp, &far_count);
+	torture_assert_ntstatus_ok(torture, status,
+			"FSCTL_QUERY_ALLOCATED_RANGES req failed");
+	if (far_count == 1) {
+		torture_comment(torture, "this FS doesn't deallocate 64K"
+				"zeroed ranges in sparse files\n");
+		return true;	/* FS specific, not a failure */
+	}
+	torture_assert_u64_equal(torture, far_count, 10,
+				 "unexpected response len");
+	for (i = 0; i < 10; i++) {
+		this_off = i * dealloc_chunk_len * 2;
+
+		torture_assert_u64_equal(torture, far_rsp[i].file_off,
+					 this_off + dealloc_chunk_len,
+					 "unexpected allocation");
+		torture_assert_u64_equal(torture, far_rsp[i].len,
+					 dealloc_chunk_len,
+					 "unexpected far len");
+	}
+
+	smb2_util_close(tree, fh);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_sparse_qar_overflow(struct torture_context *torture,
+					   struct smb2_tree *tree)
+{
+	struct smb2_handle fh;
+	union smb_ioctl ioctl;
+	struct file_alloced_range_buf far_buf;
+	NTSTATUS status;
+	enum ndr_err_code ndr_ret;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	bool ok;
+
+	ok = test_setup_create_fill(torture, tree, tmp_ctx,
+				    FNAME, &fh, 1024, SEC_RIGHTS_FILE_ALL,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "setup file");
+
+	status = test_ioctl_fs_supported(torture, tree, tmp_ctx, &fh,
+					 FILE_SUPPORTS_SPARSE_FILES, &ok);
+	torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		smb2_util_close(tree, fh);
+		torture_skip(torture, "Sparse files not supported\n");
+	}
+
+	/* no allocated ranges, no space for range response, should pass */
+	ZERO_STRUCT(ioctl);
+	ioctl.smb2.level = RAW_IOCTL_SMB2;
+	ioctl.smb2.in.file.handle = fh;
+	ioctl.smb2.in.function = FSCTL_QUERY_ALLOCATED_RANGES;
+	ioctl.smb2.in.max_output_response = 1024;
+	ioctl.smb2.in.flags = SMB2_IOCTL_FLAG_IS_FSCTL;
+
+	/* off + length wraps around to 511 */
+	far_buf.file_off = 512;
+	far_buf.len = 0xffffffffffffffffLL;
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &far_buf,
+			(ndr_push_flags_fn_t)ndr_push_file_alloced_range_buf);
+	torture_assert_ndr_success(torture, ndr_ret, "push far ndr buf");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_equal(torture, status,
+				      NT_STATUS_INVALID_PARAMETER,
+				      "FSCTL_QUERY_ALLOCATED_RANGES overflow");
+
+	return true;
+}
+
+static NTSTATUS test_ioctl_trim_supported(struct torture_context *torture,
+					  struct smb2_tree *tree,
+					  TALLOC_CTX *mem_ctx,
+					  struct smb2_handle *fh,
+					  bool *trim_support)
+{
+	NTSTATUS status;
+	union smb_fsinfo info;
+
+	ZERO_STRUCT(info);
+	info.generic.level = RAW_QFS_SECTOR_SIZE_INFORMATION;
+	info.generic.handle = *fh;
+	status = smb2_getinfo_fs(tree, tree, &info);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_INFO_CLASS)) {
+		/*
+		 * Windows < Server 2012, 8 etc. don't support this info level
+		 * or the trim ioctl. Ignore the error and let the caller skip.
+		 */
+		*trim_support = false;
+		return NT_STATUS_OK;
+	} else if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	torture_comment(torture, "sector size info: lb/s=%u, pb/sA=%u, "
+			"pb/sP=%u, fse/sA=%u, flags=0x%x, bosa=%u, bopa=%u\n",
+	    (unsigned)info.sector_size_info.out.logical_bytes_per_sector,
+	    (unsigned)info.sector_size_info.out.phys_bytes_per_sector_atomic,
+	    (unsigned)info.sector_size_info.out.phys_bytes_per_sector_perf,
+  (unsigned)info.sector_size_info.out.fs_effective_phys_bytes_per_sector_atomic,
+	    (unsigned)info.sector_size_info.out.flags,
+	    (unsigned)info.sector_size_info.out.byte_off_sector_align,
+	    (unsigned)info.sector_size_info.out.byte_off_partition_align);
+
+	if (info.sector_size_info.out.flags & QFS_SSINFO_FLAGS_TRIM_ENABLED) {
+		*trim_support = true;
+	} else {
+		*trim_support = false;
+	}
+	return NT_STATUS_OK;
+}
+
+static bool test_setup_trim(struct torture_context *torture,
+			    struct smb2_tree *tree,
+			    TALLOC_CTX *mem_ctx,
+			    uint32_t num_ranges,
+			    struct smb2_handle *fh,
+			    uint64_t file_size,
+			    uint32_t desired_access,
+			    struct fsctl_file_level_trim_req *trim_req,
+			    union smb_ioctl *ioctl)
+{
+	bool ok;
+
+	ok = test_setup_create_fill(torture, tree, mem_ctx, FNAME,
+				    fh, file_size, desired_access,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "src file create fill");
+
+	ZERO_STRUCTPN(ioctl);
+	ioctl->smb2.level = RAW_IOCTL_SMB2;
+	ioctl->smb2.in.file.handle = *fh;
+	ioctl->smb2.in.function = FSCTL_FILE_LEVEL_TRIM;
+	ioctl->smb2.in.max_output_response
+				= sizeof(struct fsctl_file_level_trim_rsp);
+	ioctl->smb2.in.flags = SMB2_IOCTL_FLAG_IS_FSCTL;
+
+	ZERO_STRUCTPN(trim_req);
+	/* leave key as zero for now. TODO test locking with differing keys */
+	trim_req->num_ranges = num_ranges;
+	trim_req->ranges = talloc_zero_array(mem_ctx,
+					     struct file_level_trim_range,
+					     num_ranges);
+	torture_assert(torture, (trim_req->ranges != NULL), "no memory for ranges");
+
+	return true;
+}
+
+static bool test_ioctl_trim_simple(struct torture_context *torture,
+				   struct smb2_tree *tree)
+{
+	struct smb2_handle fh;
+	NTSTATUS status;
+	union smb_ioctl ioctl;
+	bool trim_supported;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct fsctl_file_level_trim_req trim_req;
+	struct fsctl_file_level_trim_rsp trim_rsp;
+	uint64_t trim_chunk_len = 64 * 1024;	/* trim 64K chunks */
+	enum ndr_err_code ndr_ret;
+	bool ok;
+
+	ok = test_setup_trim(torture, tree, tmp_ctx,
+			     1, /* 1 range */
+			     &fh, 2 * trim_chunk_len, /* fill 128K file */
+			     SEC_RIGHTS_FILE_ALL,
+			     &trim_req,
+			     &ioctl);
+	if (!ok) {
+		torture_fail(torture, "setup trim error");
+	}
+
+	status = test_ioctl_trim_supported(torture, tree, tmp_ctx, &fh,
+					   &trim_supported);
+	torture_assert_ntstatus_ok(torture, status, "fsinfo");
+	if (!trim_supported) {
+		smb2_util_close(tree, fh);
+		talloc_free(tmp_ctx);
+		torture_skip(torture, "trim not supported\n");
+	}
+
+	/* trim first chunk, leave second */
+	trim_req.ranges[0].off = 0;
+	trim_req.ranges[0].len = trim_chunk_len;
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx, &trim_req,
+		       (ndr_push_flags_fn_t)ndr_push_fsctl_file_level_trim_req);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_push_fsctl_file_level_trim_req");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok(torture, status, "FILE_LEVEL_TRIM_RANGE");
+
+	ndr_ret = ndr_pull_struct_blob(&ioctl.smb2.out.out, tmp_ctx,
+				       &trim_rsp,
+		       (ndr_pull_flags_fn_t)ndr_pull_fsctl_file_level_trim_rsp);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_pull_fsctl_file_level_trim_rsp");
+
+	torture_assert_int_equal(torture, trim_rsp.num_ranges_processed, 1, "");
+
+	/* second half of the file should remain consistent */
+	ok = check_pattern(torture, tree, tmp_ctx, fh, trim_chunk_len,
+			   trim_chunk_len, trim_chunk_len);
+	torture_assert(torture, ok, "non-trimmed range inconsistent");
+
+	return true;
+}
+
+static bool test_setup_dup_extents(struct torture_context *tctx,
+				   struct smb2_tree *tree,
+				   TALLOC_CTX *mem_ctx,
+				   struct smb2_handle *src_h,
+				   uint64_t src_size,
+				   uint32_t src_desired_access,
+				   struct smb2_handle *dest_h,
+				   uint64_t dest_size,
+				   uint32_t dest_desired_access,
+				   struct fsctl_dup_extents_to_file *dup_ext_buf,
+				   union smb_ioctl *ioctl)
+{
+	bool ok;
+
+	ok = test_setup_create_fill(tctx, tree, mem_ctx, FNAME,
+				    src_h, src_size, src_desired_access,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(tctx, ok, "src file create fill");
+
+	ok = test_setup_create_fill(tctx, tree, mem_ctx, FNAME2,
+				    dest_h, dest_size, dest_desired_access,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(tctx, ok, "dest file create fill");
+
+	ZERO_STRUCTPN(ioctl);
+	ioctl->smb2.level = RAW_IOCTL_SMB2;
+	ioctl->smb2.in.file.handle = *dest_h;
+	ioctl->smb2.in.function = FSCTL_DUP_EXTENTS_TO_FILE;
+	ioctl->smb2.in.max_output_response = 0;
+	ioctl->smb2.in.flags = SMB2_IOCTL_FLAG_IS_FSCTL;
+
+	ZERO_STRUCTPN(dup_ext_buf);
+	smb2_push_handle(dup_ext_buf->source_fid, src_h);
+
+	return true;
+}
+
+static bool test_ioctl_dup_extents_simple(struct torture_context *tctx,
+					  struct smb2_tree *tree)
+{
+	struct smb2_handle src_h;
+	struct smb2_handle dest_h;
+	NTSTATUS status;
+	union smb_ioctl ioctl;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct fsctl_dup_extents_to_file dup_ext_buf;
+	enum ndr_err_code ndr_ret;
+	union smb_fileinfo io;
+	union smb_setfileinfo sinfo;
+	bool ok;
+
+	ok = test_setup_dup_extents(tctx, tree, tmp_ctx,
+				    &src_h, 4096, /* fill 4096 byte src file */
+				    SEC_RIGHTS_FILE_ALL,
+				    &dest_h, 0,	/* 0 byte dest file */
+				    SEC_RIGHTS_FILE_ALL,
+				    &dup_ext_buf,
+				    &ioctl);
+	if (!ok) {
+		torture_fail(tctx, "setup dup extents error");
+	}
+
+	status = test_ioctl_fs_supported(tctx, tree, tmp_ctx, &src_h,
+					 FILE_SUPPORTS_BLOCK_REFCOUNTING, &ok);
+	torture_assert_ntstatus_ok(tctx, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		smb2_util_close(tree, src_h);
+		smb2_util_close(tree, dest_h);
+		talloc_free(tmp_ctx);
+		torture_skip(tctx, "block refcounting not supported\n");
+	}
+
+	/* extend dest to match src len */
+	ZERO_STRUCT(sinfo);
+	sinfo.end_of_file_info.level =
+		RAW_SFILEINFO_END_OF_FILE_INFORMATION;
+	sinfo.end_of_file_info.in.file.handle = dest_h;
+	sinfo.end_of_file_info.in.size = 4096;
+	status = smb2_setinfo_file(tree, &sinfo);
+	torture_assert_ntstatus_ok(tctx, status, "smb2_setinfo_file");
+
+	/* copy all src file data */
+	dup_ext_buf.source_off = 0;
+	dup_ext_buf.target_off = 0;
+	dup_ext_buf.byte_count = 4096;
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &dup_ext_buf,
+		       (ndr_push_flags_fn_t)ndr_push_fsctl_dup_extents_to_file);
+	torture_assert_ndr_success(tctx, ndr_ret,
+				   "ndr_push_fsctl_dup_extents_to_file");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "FSCTL_DUP_EXTENTS_TO_FILE");
+
+	/* the file size shouldn't have been changed by this operation! */
+	ZERO_STRUCT(io);
+	io.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+	io.generic.in.file.handle = dest_h;
+	status = smb2_getinfo_file(tree, tmp_ctx, &io);
+	torture_assert_ntstatus_ok(tctx, status, "getinfo");
+	torture_assert_int_equal(tctx, (int)io.all_info2.out.size,
+				 4096, "size after IO");
+
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+
+	/* reopen for pattern check */
+	ok = test_setup_open(tctx, tree, tmp_ctx, FNAME, &src_h,
+			     SEC_RIGHTS_FILE_ALL, FILE_ATTRIBUTE_NORMAL);
+	torture_assert_ntstatus_ok(tctx, status, "src open after dup");
+	ok = test_setup_open(tctx, tree, tmp_ctx, FNAME2, &dest_h,
+			     SEC_RIGHTS_FILE_ALL, FILE_ATTRIBUTE_NORMAL);
+	torture_assert_ntstatus_ok(tctx, status, "dest open after dup");
+
+	ok = check_pattern(tctx, tree, tmp_ctx, src_h, 0, 4096, 0);
+	if (!ok) {
+		torture_fail(tctx, "inconsistent src file data");
+	}
+
+	ok = check_pattern(tctx, tree, tmp_ctx, dest_h, 0, 4096, 0);
+	if (!ok) {
+		torture_fail(tctx, "inconsistent dest file data");
+	}
+
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_dup_extents_len_beyond_dest(struct torture_context *tctx,
+						   struct smb2_tree *tree)
+{
+	struct smb2_handle src_h;
+	struct smb2_handle dest_h;
+	NTSTATUS status;
+	union smb_ioctl ioctl;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct fsctl_dup_extents_to_file dup_ext_buf;
+	enum ndr_err_code ndr_ret;
+	union smb_fileinfo io;
+	union smb_setfileinfo sinfo;
+	bool ok;
+
+	ok = test_setup_dup_extents(tctx, tree, tmp_ctx,
+				    &src_h, 32768, /* fill 32768 byte src file */
+				    SEC_RIGHTS_FILE_ALL,
+				    &dest_h, 0,	/* 0 byte dest file */
+				    SEC_RIGHTS_FILE_ALL,
+				    &dup_ext_buf,
+				    &ioctl);
+	if (!ok) {
+		torture_fail(tctx, "setup dup extents error");
+	}
+
+	status = test_ioctl_fs_supported(tctx, tree, tmp_ctx, &src_h,
+					 FILE_SUPPORTS_BLOCK_REFCOUNTING, &ok);
+	torture_assert_ntstatus_ok(tctx, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		smb2_util_close(tree, src_h);
+		smb2_util_close(tree, dest_h);
+		talloc_free(tmp_ctx);
+		torture_skip(tctx, "block refcounting not supported\n");
+	}
+
+	ZERO_STRUCT(io);
+	io.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+	io.generic.in.file.handle = dest_h;
+	status = smb2_getinfo_file(tree, tmp_ctx, &io);
+	torture_assert_ntstatus_ok(tctx, status, "getinfo");
+	torture_assert_int_equal(tctx, (int)io.all_info2.out.size,
+				 0, "size after IO");
+
+	/* copy all src file data */
+	dup_ext_buf.source_off = 0;
+	dup_ext_buf.target_off = 0;
+	dup_ext_buf.byte_count = 32768;
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &dup_ext_buf,
+		       (ndr_push_flags_fn_t)ndr_push_fsctl_dup_extents_to_file);
+	torture_assert_ndr_success(tctx, ndr_ret,
+				   "ndr_push_fsctl_dup_extents_to_file");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+#if 0
+	/*
+	 * 2.3.8 FSCTL_DUPLICATE_EXTENTS_TO_FILE Reply - this should fail, but
+	 * passes against WS2016 RTM!
+	 */
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_NOT_SUPPORTED,
+				   "FSCTL_DUP_EXTENTS_TO_FILE");
+#endif
+
+	/* the file sizes shouldn't have been changed */
+	ZERO_STRUCT(io);
+	io.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+	io.generic.in.file.handle = src_h;
+	status = smb2_getinfo_file(tree, tmp_ctx, &io);
+	torture_assert_ntstatus_ok(tctx, status, "getinfo");
+	torture_assert_int_equal(tctx, (int)io.all_info2.out.size,
+				 32768, "size after IO");
+
+	ZERO_STRUCT(io);
+	io.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+	io.generic.in.file.handle = dest_h;
+	status = smb2_getinfo_file(tree, tmp_ctx, &io);
+	torture_assert_ntstatus_ok(tctx, status, "getinfo");
+	torture_assert_int_equal(tctx, (int)io.all_info2.out.size,
+				 0, "size after IO");
+
+	/* extend dest */
+	ZERO_STRUCT(sinfo);
+	sinfo.end_of_file_info.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
+	sinfo.end_of_file_info.in.file.handle = dest_h;
+	sinfo.end_of_file_info.in.size = 32768;
+	status = smb2_setinfo_file(tree, &sinfo);
+	torture_assert_ntstatus_ok(tctx, status, "smb2_setinfo_file");
+
+	ok = check_zero(tctx, tree, tmp_ctx, dest_h, 0, 32768);
+	if (!ok) {
+		torture_fail(tctx, "inconsistent file data");
+	}
+
+	/* reissue ioctl, now with enough space */
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "FSCTL_DUP_EXTENTS_TO_FILE");
+
+	ok = check_pattern(tctx, tree, tmp_ctx, dest_h, 0, 32768, 0);
+	if (!ok) {
+		torture_fail(tctx, "inconsistent file data");
+	}
+
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_dup_extents_len_beyond_src(struct torture_context *tctx,
+						  struct smb2_tree *tree)
+{
+	struct smb2_handle src_h;
+	struct smb2_handle dest_h;
+	NTSTATUS status;
+	union smb_ioctl ioctl;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct fsctl_dup_extents_to_file dup_ext_buf;
+	enum ndr_err_code ndr_ret;
+	union smb_fileinfo io;
+	bool ok;
+
+	ok = test_setup_dup_extents(tctx, tree, tmp_ctx,
+				    &src_h, 32768, /* fill 32768 byte src file */
+				    SEC_RIGHTS_FILE_ALL,
+				    &dest_h, 0,	/* 0 byte dest file */
+				    SEC_RIGHTS_FILE_ALL,
+				    &dup_ext_buf,
+				    &ioctl);
+	if (!ok) {
+		torture_fail(tctx, "setup dup extents error");
+	}
+
+	status = test_ioctl_fs_supported(tctx, tree, tmp_ctx, &src_h,
+					 FILE_SUPPORTS_BLOCK_REFCOUNTING, &ok);
+	torture_assert_ntstatus_ok(tctx, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		smb2_util_close(tree, src_h);
+		smb2_util_close(tree, dest_h);
+		talloc_free(tmp_ctx);
+		torture_skip(tctx, "block refcounting not supported\n");
+	}
+
+	ZERO_STRUCT(io);
+	io.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+	io.generic.in.file.handle = dest_h;
+	status = smb2_getinfo_file(tree, tmp_ctx, &io);
+	torture_assert_ntstatus_ok(tctx, status, "getinfo");
+	torture_assert_int_equal(tctx, (int)io.all_info2.out.size,
+				 0, "size after IO");
+
+	/* exceed src file len */
+	dup_ext_buf.source_off = 0;
+	dup_ext_buf.target_off = 0;
+	dup_ext_buf.byte_count = 32768 * 2;
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &dup_ext_buf,
+		       (ndr_push_flags_fn_t)ndr_push_fsctl_dup_extents_to_file);
+	torture_assert_ndr_success(tctx, ndr_ret,
+				   "ndr_push_fsctl_dup_extents_to_file");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_NOT_SUPPORTED,
+				   "FSCTL_DUP_EXTENTS_TO_FILE");
+
+	/* the file sizes shouldn't have been changed */
+	ZERO_STRUCT(io);
+	io.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+	io.generic.in.file.handle = src_h;
+	status = smb2_getinfo_file(tree, tmp_ctx, &io);
+	torture_assert_ntstatus_ok(tctx, status, "getinfo");
+	torture_assert_int_equal(tctx, (int)io.all_info2.out.size,
+				 32768, "size after IO");
+
+	ZERO_STRUCT(io);
+	io.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+	io.generic.in.file.handle = dest_h;
+	status = smb2_getinfo_file(tree, tmp_ctx, &io);
+	torture_assert_ntstatus_ok(tctx, status, "getinfo");
+	torture_assert_int_equal(tctx, (int)io.all_info2.out.size,
+				 0, "size after IO");
+
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_dup_extents_len_zero(struct torture_context *tctx,
+					    struct smb2_tree *tree)
+{
+	struct smb2_handle src_h;
+	struct smb2_handle dest_h;
+	NTSTATUS status;
+	union smb_ioctl ioctl;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct fsctl_dup_extents_to_file dup_ext_buf;
+	enum ndr_err_code ndr_ret;
+	union smb_fileinfo io;
+	bool ok;
+
+	ok = test_setup_dup_extents(tctx, tree, tmp_ctx,
+				    &src_h, 32768, /* fill 32768 byte src file */
+				    SEC_RIGHTS_FILE_ALL,
+				    &dest_h, 0,	/* 0 byte dest file */
+				    SEC_RIGHTS_FILE_ALL,
+				    &dup_ext_buf,
+				    &ioctl);
+	if (!ok) {
+		torture_fail(tctx, "setup dup extents error");
+	}
+
+	status = test_ioctl_fs_supported(tctx, tree, tmp_ctx, &src_h,
+					 FILE_SUPPORTS_BLOCK_REFCOUNTING, &ok);
+	torture_assert_ntstatus_ok(tctx, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		smb2_util_close(tree, src_h);
+		smb2_util_close(tree, dest_h);
+		talloc_free(tmp_ctx);
+		torture_skip(tctx, "block refcounting not supported\n");
+	}
+
+	ZERO_STRUCT(io);
+	io.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+	io.generic.in.file.handle = dest_h;
+	status = smb2_getinfo_file(tree, tmp_ctx, &io);
+	torture_assert_ntstatus_ok(tctx, status, "getinfo");
+	torture_assert_int_equal(tctx, (int)io.all_info2.out.size,
+				 0, "size after IO");
+
+	dup_ext_buf.source_off = 0;
+	dup_ext_buf.target_off = 0;
+	dup_ext_buf.byte_count = 0;
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &dup_ext_buf,
+		       (ndr_push_flags_fn_t)ndr_push_fsctl_dup_extents_to_file);
+	torture_assert_ndr_success(tctx, ndr_ret,
+				   "ndr_push_fsctl_dup_extents_to_file");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok(tctx, status, "FSCTL_DUP_EXTENTS_TO_FILE");
+
+	/* the file sizes shouldn't have been changed */
+	ZERO_STRUCT(io);
+	io.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+	io.generic.in.file.handle = src_h;
+	status = smb2_getinfo_file(tree, tmp_ctx, &io);
+	torture_assert_ntstatus_ok(tctx, status, "getinfo");
+	torture_assert_int_equal(tctx, (int)io.all_info2.out.size,
+				 32768, "size after IO");
+
+	ZERO_STRUCT(io);
+	io.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+	io.generic.in.file.handle = dest_h;
+	status = smb2_getinfo_file(tree, tmp_ctx, &io);
+	torture_assert_ntstatus_ok(tctx, status, "getinfo");
+	torture_assert_int_equal(tctx, (int)io.all_info2.out.size,
+				 0, "size after IO");
+
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_dup_extents_sparse_src(struct torture_context *tctx,
+					      struct smb2_tree *tree)
+{
+	struct smb2_handle src_h;
+	struct smb2_handle dest_h;
+	NTSTATUS status;
+	union smb_ioctl ioctl;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct fsctl_dup_extents_to_file dup_ext_buf;
+	enum ndr_err_code ndr_ret;
+	union smb_setfileinfo sinfo;
+	bool ok;
+
+	ok = test_setup_dup_extents(tctx, tree, tmp_ctx,
+				    &src_h, 0, /* filled after sparse flag */
+				    SEC_RIGHTS_FILE_ALL,
+				    &dest_h, 0,	/* 0 byte dest file */
+				    SEC_RIGHTS_FILE_ALL,
+				    &dup_ext_buf,
+				    &ioctl);
+	if (!ok) {
+		torture_fail(tctx, "setup dup extents error");
+	}
+
+	status = test_ioctl_fs_supported(tctx, tree, tmp_ctx, &src_h,
+					 FILE_SUPPORTS_BLOCK_REFCOUNTING
+					 | FILE_SUPPORTS_SPARSE_FILES, &ok);
+	torture_assert_ntstatus_ok(tctx, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		smb2_util_close(tree, src_h);
+		smb2_util_close(tree, dest_h);
+		talloc_free(tmp_ctx);
+		torture_skip(tctx,
+			"block refcounting and sparse files not supported\n");
+	}
+
+	/* set sparse flag on src */
+	status = test_ioctl_sparse_req(tctx, tmp_ctx, tree, src_h, true);
+	torture_assert_ntstatus_ok(tctx, status, "FSCTL_SET_SPARSE");
+
+	ok = write_pattern(tctx, tree, tmp_ctx, src_h, 0, 4096, 0);
+	torture_assert(tctx, ok, "write pattern");
+
+	/* extend dest */
+	ZERO_STRUCT(sinfo);
+	sinfo.end_of_file_info.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
+	sinfo.end_of_file_info.in.file.handle = dest_h;
+	sinfo.end_of_file_info.in.size = 4096;
+	status = smb2_setinfo_file(tree, &sinfo);
+	torture_assert_ntstatus_ok(tctx, status, "smb2_setinfo_file");
+
+	/* copy all src file data */
+	dup_ext_buf.source_off = 0;
+	dup_ext_buf.target_off = 0;
+	dup_ext_buf.byte_count = 4096;
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &dup_ext_buf,
+		       (ndr_push_flags_fn_t)ndr_push_fsctl_dup_extents_to_file);
+	torture_assert_ndr_success(tctx, ndr_ret,
+				   "ndr_push_fsctl_dup_extents_to_file");
+
+	/*
+	 * src is sparse, but spec says: 2.3.8 FSCTL_DUPLICATE_EXTENTS_TO_FILE
+	 * Reply...  STATUS_NOT_SUPPORTED: Target file is sparse, while source
+	 *				   is a non-sparse file.
+	 */
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_NOT_SUPPORTED,
+				      "FSCTL_DUP_EXTENTS_TO_FILE");
+
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_dup_extents_sparse_dest(struct torture_context *tctx,
+					       struct smb2_tree *tree)
+{
+	struct smb2_handle src_h;
+	struct smb2_handle dest_h;
+	NTSTATUS status;
+	union smb_ioctl ioctl;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct fsctl_dup_extents_to_file dup_ext_buf;
+	enum ndr_err_code ndr_ret;
+	union smb_setfileinfo sinfo;
+	bool ok;
+
+	ok = test_setup_dup_extents(tctx, tree, tmp_ctx,
+				    &src_h, 4096, /* fill 4096 byte src file */
+				    SEC_RIGHTS_FILE_ALL,
+				    &dest_h, 0,	/* 0 byte dest file */
+				    SEC_RIGHTS_FILE_ALL,
+				    &dup_ext_buf,
+				    &ioctl);
+	if (!ok) {
+		torture_fail(tctx, "setup dup extents error");
+	}
+
+	status = test_ioctl_fs_supported(tctx, tree, tmp_ctx, &src_h,
+					 FILE_SUPPORTS_BLOCK_REFCOUNTING
+					 | FILE_SUPPORTS_SPARSE_FILES, &ok);
+	torture_assert_ntstatus_ok(tctx, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		smb2_util_close(tree, src_h);
+		smb2_util_close(tree, dest_h);
+		talloc_free(tmp_ctx);
+		torture_skip(tctx,
+			"block refcounting and sparse files not supported\n");
+	}
+
+	/* set sparse flag on dest */
+	status = test_ioctl_sparse_req(tctx, tmp_ctx, tree, dest_h, true);
+	torture_assert_ntstatus_ok(tctx, status, "FSCTL_SET_SPARSE");
+
+	/* extend dest */
+	ZERO_STRUCT(sinfo);
+	sinfo.end_of_file_info.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
+	sinfo.end_of_file_info.in.file.handle = dest_h;
+	sinfo.end_of_file_info.in.size = dup_ext_buf.byte_count;
+	status = smb2_setinfo_file(tree, &sinfo);
+	torture_assert_ntstatus_ok(tctx, status, "smb2_setinfo_file");
+
+	/* copy all src file data */
+	dup_ext_buf.source_off = 0;
+	dup_ext_buf.target_off = 0;
+	dup_ext_buf.byte_count = 4096;
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &dup_ext_buf,
+		       (ndr_push_flags_fn_t)ndr_push_fsctl_dup_extents_to_file);
+	torture_assert_ndr_success(tctx, ndr_ret,
+				   "ndr_push_fsctl_dup_extents_to_file");
+
+	/*
+	 * dest is sparse, but spec says: 2.3.8 FSCTL_DUPLICATE_EXTENTS_TO_FILE
+	 * Reply...  STATUS_NOT_SUPPORTED: Target file is sparse, while source
+	 *				   is a non-sparse file.
+	 */
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok(tctx, status, "FSCTL_DUP_EXTENTS_TO_FILE");
+
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_dup_extents_sparse_both(struct torture_context *tctx,
+					       struct smb2_tree *tree)
+{
+	struct smb2_handle src_h;
+	struct smb2_handle dest_h;
+	NTSTATUS status;
+	union smb_ioctl ioctl;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct fsctl_dup_extents_to_file dup_ext_buf;
+	enum ndr_err_code ndr_ret;
+	union smb_setfileinfo sinfo;
+	bool ok;
+
+	ok = test_setup_dup_extents(tctx, tree, tmp_ctx,
+				    &src_h, 0, /* fill 4096 byte src file */
+				    SEC_RIGHTS_FILE_ALL,
+				    &dest_h, 0,	/* 0 byte dest file */
+				    SEC_RIGHTS_FILE_ALL,
+				    &dup_ext_buf,
+				    &ioctl);
+	if (!ok) {
+		torture_fail(tctx, "setup dup extents error");
+	}
+
+	status = test_ioctl_fs_supported(tctx, tree, tmp_ctx, &src_h,
+					 FILE_SUPPORTS_BLOCK_REFCOUNTING
+					 | FILE_SUPPORTS_SPARSE_FILES, &ok);
+	torture_assert_ntstatus_ok(tctx, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		smb2_util_close(tree, src_h);
+		smb2_util_close(tree, dest_h);
+		talloc_free(tmp_ctx);
+		torture_skip(tctx,
+			"block refcounting and sparse files not supported\n");
+	}
+
+	/* set sparse flag on src and dest */
+	status = test_ioctl_sparse_req(tctx, tmp_ctx, tree, src_h, true);
+	torture_assert_ntstatus_ok(tctx, status, "FSCTL_SET_SPARSE");
+	status = test_ioctl_sparse_req(tctx, tmp_ctx, tree, dest_h, true);
+	torture_assert_ntstatus_ok(tctx, status, "FSCTL_SET_SPARSE");
+
+	ok = write_pattern(tctx, tree, tmp_ctx, src_h, 0, 4096, 0);
+	torture_assert(tctx, ok, "write pattern");
+
+	/* extend dest */
+	ZERO_STRUCT(sinfo);
+	sinfo.end_of_file_info.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
+	sinfo.end_of_file_info.in.file.handle = dest_h;
+	sinfo.end_of_file_info.in.size = 4096;
+	status = smb2_setinfo_file(tree, &sinfo);
+	torture_assert_ntstatus_ok(tctx, status, "smb2_setinfo_file");
+
+	/* copy all src file data */
+	dup_ext_buf.source_off = 0;
+	dup_ext_buf.target_off = 0;
+	dup_ext_buf.byte_count = 4096;
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &dup_ext_buf,
+		       (ndr_push_flags_fn_t)ndr_push_fsctl_dup_extents_to_file);
+	torture_assert_ndr_success(tctx, ndr_ret,
+				   "ndr_push_fsctl_dup_extents_to_file");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok(tctx, status, "FSCTL_DUP_EXTENTS_TO_FILE");
+
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+
+	/* reopen for pattern check */
+	ok = test_setup_open(tctx, tree, tmp_ctx, FNAME2, &dest_h,
+			     SEC_RIGHTS_FILE_ALL, FILE_ATTRIBUTE_NORMAL);
+	torture_assert_ntstatus_ok(tctx, status, "dest open ater dup");
+
+	ok = check_pattern(tctx, tree, tmp_ctx, dest_h, 0, 4096, 0);
+	if (!ok) {
+		torture_fail(tctx, "inconsistent file data");
+	}
+
+	smb2_util_close(tree, dest_h);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_dup_extents_src_is_dest(struct torture_context *tctx,
+					   struct smb2_tree *tree)
+{
+	struct smb2_handle src_h;
+	struct smb2_handle dest_h;
+	NTSTATUS status;
+	union smb_ioctl ioctl;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct fsctl_dup_extents_to_file dup_ext_buf;
+	enum ndr_err_code ndr_ret;
+	union smb_fileinfo io;
+	bool ok;
+
+	ok = test_setup_dup_extents(tctx, tree, tmp_ctx,
+				    &src_h, 32768, /* fill 32768 byte src file */
+				    SEC_RIGHTS_FILE_ALL,
+				    &dest_h, 0,
+				    SEC_RIGHTS_FILE_ALL,
+				    &dup_ext_buf,
+				    &ioctl);
+	if (!ok) {
+		torture_fail(tctx, "setup dup extents error");
+	}
+	/* dest_h not needed for this test */
+	smb2_util_close(tree, dest_h);
+
+	status = test_ioctl_fs_supported(tctx, tree, tmp_ctx, &src_h,
+					 FILE_SUPPORTS_BLOCK_REFCOUNTING, &ok);
+	torture_assert_ntstatus_ok(tctx, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		smb2_util_close(tree, src_h);
+		talloc_free(tmp_ctx);
+		torture_skip(tctx, "block refcounting not supported\n");
+	}
+
+	/* src and dest are the same file handle */
+	ioctl.smb2.in.file.handle = src_h;
+
+	/* no overlap between src and tgt */
+	dup_ext_buf.source_off = 0;
+	dup_ext_buf.target_off = 16384;
+	dup_ext_buf.byte_count = 16384;
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &dup_ext_buf,
+		       (ndr_push_flags_fn_t)ndr_push_fsctl_dup_extents_to_file);
+	torture_assert_ndr_success(tctx, ndr_ret,
+				   "ndr_push_fsctl_dup_extents_to_file");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok(tctx, status, "FSCTL_DUP_EXTENTS_TO_FILE");
+
+	/* the file size shouldn't have been changed */
+	ZERO_STRUCT(io);
+	io.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+	io.generic.in.file.handle = src_h;
+	status = smb2_getinfo_file(tree, tmp_ctx, &io);
+	torture_assert_ntstatus_ok(tctx, status, "getinfo");
+	torture_assert_int_equal(tctx, (int)io.all_info2.out.size,
+				 32768, "size after IO");
+
+	ok = check_pattern(tctx, tree, tmp_ctx, src_h, 0, 16384, 0);
+	if (!ok) {
+		torture_fail(tctx, "inconsistent file data");
+	}
+	ok = check_pattern(tctx, tree, tmp_ctx, src_h, 16384, 16384, 0);
+	if (!ok) {
+		torture_fail(tctx, "inconsistent file data");
+	}
+
+	smb2_util_close(tree, src_h);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+/*
+ * unlike copy-chunk, dup extents doesn't support overlapping ranges between
+ * source and target. This makes it a *lot* cleaner to implement on the server.
+ */
+static bool
+test_ioctl_dup_extents_src_is_dest_overlap(struct torture_context *tctx,
+					   struct smb2_tree *tree)
+{
+	struct smb2_handle src_h;
+	struct smb2_handle dest_h;
+	NTSTATUS status;
+	union smb_ioctl ioctl;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct fsctl_dup_extents_to_file dup_ext_buf;
+	enum ndr_err_code ndr_ret;
+	union smb_fileinfo io;
+	bool ok;
+
+	ok = test_setup_dup_extents(tctx, tree, tmp_ctx,
+				    &src_h, 32768, /* fill 32768 byte src file */
+				    SEC_RIGHTS_FILE_ALL,
+				    &dest_h, 0,
+				    SEC_RIGHTS_FILE_ALL,
+				    &dup_ext_buf,
+				    &ioctl);
+	if (!ok) {
+		torture_fail(tctx, "setup dup extents error");
+	}
+	/* dest_h not needed for this test */
+	smb2_util_close(tree, dest_h);
+
+	status = test_ioctl_fs_supported(tctx, tree, tmp_ctx, &src_h,
+					 FILE_SUPPORTS_BLOCK_REFCOUNTING, &ok);
+	torture_assert_ntstatus_ok(tctx, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		smb2_util_close(tree, src_h);
+		talloc_free(tmp_ctx);
+		torture_skip(tctx, "block refcounting not supported\n");
+	}
+
+	/* src and dest are the same file handle */
+	ioctl.smb2.in.file.handle = src_h;
+
+	/* 8K overlap between src and tgt */
+	dup_ext_buf.source_off = 0;
+	dup_ext_buf.target_off = 8192;
+	dup_ext_buf.byte_count = 16384;
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &dup_ext_buf,
+		       (ndr_push_flags_fn_t)ndr_push_fsctl_dup_extents_to_file);
+	torture_assert_ndr_success(tctx, ndr_ret,
+				   "ndr_push_fsctl_dup_extents_to_file");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_NOT_SUPPORTED,
+				      "FSCTL_DUP_EXTENTS_TO_FILE");
+
+	/* the file size and data should match beforehand */
+	ZERO_STRUCT(io);
+	io.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+	io.generic.in.file.handle = src_h;
+	status = smb2_getinfo_file(tree, tmp_ctx, &io);
+	torture_assert_ntstatus_ok(tctx, status, "getinfo");
+	torture_assert_int_equal(tctx, (int)io.all_info2.out.size,
+				 32768, "size after IO");
+
+	ok = check_pattern(tctx, tree, tmp_ctx, src_h, 0, 32768, 0);
+	if (!ok) {
+		torture_fail(tctx, "inconsistent file data");
+	}
+
+	smb2_util_close(tree, src_h);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+/*
+ * The compression tests won't run against Windows servers yet - ReFS doesn't
+ * (yet) offer support for compression.
+ */
+static bool test_ioctl_dup_extents_compressed_src(struct torture_context *tctx,
+						  struct smb2_tree *tree)
+{
+	struct smb2_handle src_h;
+	struct smb2_handle dest_h;
+	NTSTATUS status;
+	union smb_ioctl ioctl;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct fsctl_dup_extents_to_file dup_ext_buf;
+	enum ndr_err_code ndr_ret;
+	union smb_setfileinfo sinfo;
+	bool ok;
+
+	ok = test_setup_dup_extents(tctx, tree, tmp_ctx,
+				    &src_h, 0, /* filled after compressed flag */
+				    SEC_RIGHTS_FILE_ALL,
+				    &dest_h, 0,
+				    SEC_RIGHTS_FILE_ALL,
+				    &dup_ext_buf,
+				    &ioctl);
+	if (!ok) {
+		torture_fail(tctx, "setup dup extents error");
+	}
+
+	status = test_ioctl_fs_supported(tctx, tree, tmp_ctx, &src_h,
+					 FILE_SUPPORTS_BLOCK_REFCOUNTING
+					 | FILE_FILE_COMPRESSION, &ok);
+	torture_assert_ntstatus_ok(tctx, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		smb2_util_close(tree, src_h);
+		smb2_util_close(tree, dest_h);
+		talloc_free(tmp_ctx);
+		torture_skip(tctx,
+			"block refcounting and compressed files not supported\n");
+	}
+
+	/* set compressed flag on src */
+	status = test_ioctl_compress_set(tctx, tmp_ctx, tree, src_h,
+					 COMPRESSION_FORMAT_DEFAULT);
+	torture_assert_ntstatus_ok(tctx, status, "FSCTL_SET_COMPRESSION");
+
+	ok = write_pattern(tctx, tree, tmp_ctx, src_h, 0, 4096, 0);
+	torture_assert(tctx, ok, "write pattern");
+
+	/* extend dest */
+	ZERO_STRUCT(sinfo);
+	sinfo.end_of_file_info.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
+	sinfo.end_of_file_info.in.file.handle = dest_h;
+	sinfo.end_of_file_info.in.size = 4096;
+	status = smb2_setinfo_file(tree, &sinfo);
+	torture_assert_ntstatus_ok(tctx, status, "smb2_setinfo_file");
+
+	/* copy all src file data */
+	dup_ext_buf.source_off = 0;
+	dup_ext_buf.target_off = 0;
+	dup_ext_buf.byte_count = 4096;
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &dup_ext_buf,
+		       (ndr_push_flags_fn_t)ndr_push_fsctl_dup_extents_to_file);
+	torture_assert_ndr_success(tctx, ndr_ret,
+				   "ndr_push_fsctl_dup_extents_to_file");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "FSCTL_DUP_EXTENTS_TO_FILE");
+
+	ok = check_pattern(tctx, tree, tmp_ctx, dest_h, 0, 4096, 0);
+	if (!ok) {
+		torture_fail(tctx, "inconsistent file data");
+	}
+
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_dup_extents_compressed_dest(struct torture_context *tctx,
+						   struct smb2_tree *tree)
+{
+	struct smb2_handle src_h;
+	struct smb2_handle dest_h;
+	NTSTATUS status;
+	union smb_ioctl ioctl;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct fsctl_dup_extents_to_file dup_ext_buf;
+	enum ndr_err_code ndr_ret;
+	union smb_setfileinfo sinfo;
+	bool ok;
+
+	ok = test_setup_dup_extents(tctx, tree, tmp_ctx,
+				    &src_h, 4096,
+				    SEC_RIGHTS_FILE_ALL,
+				    &dest_h, 0,
+				    SEC_RIGHTS_FILE_ALL,
+				    &dup_ext_buf,
+				    &ioctl);
+	if (!ok) {
+		torture_fail(tctx, "setup dup extents error");
+	}
+
+	status = test_ioctl_fs_supported(tctx, tree, tmp_ctx, &src_h,
+					 FILE_SUPPORTS_BLOCK_REFCOUNTING
+					 | FILE_FILE_COMPRESSION, &ok);
+	torture_assert_ntstatus_ok(tctx, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		smb2_util_close(tree, src_h);
+		smb2_util_close(tree, dest_h);
+		talloc_free(tmp_ctx);
+		torture_skip(tctx,
+			"block refcounting and compressed files not supported\n");
+	}
+
+	/* set compressed flag on dest */
+	status = test_ioctl_compress_set(tctx, tmp_ctx, tree, dest_h,
+					 COMPRESSION_FORMAT_DEFAULT);
+	torture_assert_ntstatus_ok(tctx, status, "FSCTL_SET_COMPRESSION");
+
+	/* extend dest */
+	ZERO_STRUCT(sinfo);
+	sinfo.end_of_file_info.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
+	sinfo.end_of_file_info.in.file.handle = dest_h;
+	sinfo.end_of_file_info.in.size = 4096;
+	status = smb2_setinfo_file(tree, &sinfo);
+	torture_assert_ntstatus_ok(tctx, status, "smb2_setinfo_file");
+
+	/* copy all src file data */
+	dup_ext_buf.source_off = 0;
+	dup_ext_buf.target_off = 0;
+	dup_ext_buf.byte_count = 4096;
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &dup_ext_buf,
+		       (ndr_push_flags_fn_t)ndr_push_fsctl_dup_extents_to_file);
+	torture_assert_ndr_success(tctx, ndr_ret,
+				   "ndr_push_fsctl_dup_extents_to_file");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "FSCTL_DUP_EXTENTS_TO_FILE");
+
+	ok = check_pattern(tctx, tree, tmp_ctx, dest_h, 0, 4096, 0);
+	if (!ok) {
+		torture_fail(tctx, "inconsistent file data");
+	}
+
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_dup_extents_bad_handle(struct torture_context *tctx,
+					      struct smb2_tree *tree)
+{
+	struct smb2_handle src_h;
+	struct smb2_handle dest_h;
+	struct smb2_handle bogus_h;
+	NTSTATUS status;
+	union smb_ioctl ioctl;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct fsctl_dup_extents_to_file dup_ext_buf;
+	enum ndr_err_code ndr_ret;
+	bool ok;
+
+	ok = test_setup_dup_extents(tctx, tree, tmp_ctx,
+				    &src_h, 32768, /* fill 32768 byte src file */
+				    SEC_RIGHTS_FILE_ALL,
+				    &dest_h, 32768,
+				    SEC_RIGHTS_FILE_ALL,
+				    &dup_ext_buf,
+				    &ioctl);
+	if (!ok) {
+		torture_fail(tctx, "setup dup extents error");
+	}
+
+	status = test_ioctl_fs_supported(tctx, tree, tmp_ctx, &src_h,
+					 FILE_SUPPORTS_BLOCK_REFCOUNTING, &ok);
+	torture_assert_ntstatus_ok(tctx, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		smb2_util_close(tree, src_h);
+		smb2_util_close(tree, dest_h);
+		talloc_free(tmp_ctx);
+		torture_skip(tctx, "block refcounting not supported\n");
+	}
+
+	/* open and close a file, keeping the handle as now a "bogus" handle */
+	ok = test_setup_create_fill(tctx, tree, tmp_ctx, "bogus_file",
+				    &bogus_h, 0, SEC_RIGHTS_FILE_ALL,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(tctx, ok, "bogus file create fill");
+	smb2_util_close(tree, bogus_h);
+
+	/* bogus dest file handle */
+	ioctl.smb2.in.file.handle = bogus_h;
+
+	dup_ext_buf.source_off = 0;
+	dup_ext_buf.target_off = 0;
+	dup_ext_buf.byte_count = 32768;
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &dup_ext_buf,
+		       (ndr_push_flags_fn_t)ndr_push_fsctl_dup_extents_to_file);
+	torture_assert_ndr_success(tctx, ndr_ret,
+				   "ndr_push_fsctl_dup_extents_to_file");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_FILE_CLOSED,
+				      "FSCTL_DUP_EXTENTS_TO_FILE");
+
+	ok = check_pattern(tctx, tree, tmp_ctx, src_h, 0, 32768, 0);
+	if (!ok) {
+		torture_fail(tctx, "inconsistent file data");
+	}
+	ok = check_pattern(tctx, tree, tmp_ctx, dest_h, 0, 32768, 0);
+	if (!ok) {
+		torture_fail(tctx, "inconsistent file data");
+	}
+
+	/* reinstate dest, add bogus src file handle */
+	ioctl.smb2.in.file.handle = dest_h;
+	smb2_push_handle(dup_ext_buf.source_fid, &bogus_h);
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &dup_ext_buf,
+		       (ndr_push_flags_fn_t)ndr_push_fsctl_dup_extents_to_file);
+	torture_assert_ndr_success(tctx, ndr_ret,
+				   "ndr_push_fsctl_dup_extents_to_file");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_INVALID_HANDLE,
+				      "FSCTL_DUP_EXTENTS_TO_FILE");
+
+	ok = check_pattern(tctx, tree, tmp_ctx, src_h, 0, 32768, 0);
+	if (!ok) {
+		torture_fail(tctx, "inconsistent file data");
+	}
+	ok = check_pattern(tctx, tree, tmp_ctx, dest_h, 0, 32768, 0);
+	if (!ok) {
+		torture_fail(tctx, "inconsistent file data");
+	}
+
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_dup_extents_src_lck(struct torture_context *tctx,
+					   struct smb2_tree *tree)
+{
+	struct smb2_handle src_h;
+	struct smb2_handle src_h2;
+	struct smb2_handle dest_h;
+	NTSTATUS status;
+	union smb_ioctl ioctl;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct fsctl_dup_extents_to_file dup_ext_buf;
+	enum ndr_err_code ndr_ret;
+	bool ok;
+	struct smb2_lock lck;
+	struct smb2_lock_element el[1];
+
+	ok = test_setup_dup_extents(tctx, tree, tmp_ctx,
+				    &src_h, 32768, /* fill 32768 byte src file */
+				    SEC_RIGHTS_FILE_ALL,
+				    &dest_h, 0,
+				    SEC_RIGHTS_FILE_ALL,
+				    &dup_ext_buf,
+				    &ioctl);
+	if (!ok) {
+		torture_fail(tctx, "setup dup extents error");
+	}
+
+	status = test_ioctl_fs_supported(tctx, tree, tmp_ctx, &src_h,
+					 FILE_SUPPORTS_BLOCK_REFCOUNTING, &ok);
+	torture_assert_ntstatus_ok(tctx, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		smb2_util_close(tree, src_h);
+		smb2_util_close(tree, dest_h);
+		talloc_free(tmp_ctx);
+		torture_skip(tctx, "block refcounting not supported\n");
+	}
+
+	/* dest pattern is different to src */
+	ok = write_pattern(tctx, tree, tmp_ctx, dest_h, 0, 32768, 32768);
+	torture_assert(tctx, ok, "write pattern");
+
+	/* setup dup ext req, values used for locking */
+	dup_ext_buf.source_off = 0;
+	dup_ext_buf.target_off = 0;
+	dup_ext_buf.byte_count = 32768;
+
+	/* open and lock the dup extents src file */
+	status = torture_smb2_testfile(tree, FNAME, &src_h2);
+	torture_assert_ntstatus_ok(tctx, status, "2nd src open");
+
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x00000000;
+	lck.in.file.handle	= src_h2;
+	lck.in.locks		= el;
+	el[0].offset		= dup_ext_buf.source_off;
+	el[0].length		= dup_ext_buf.byte_count;
+	el[0].reserved		= 0;
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE;
+
+	status = smb2_lock(tree, &lck);
+	torture_assert_ntstatus_ok(tctx, status, "lock");
+
+	status = smb2_util_write(tree, src_h,
+				 "conflicted", 0, sizeof("conflicted"));
+	torture_assert_ntstatus_equal(tctx, status,
+				NT_STATUS_FILE_LOCK_CONFLICT, "file write");
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &dup_ext_buf,
+		       (ndr_push_flags_fn_t)ndr_push_fsctl_dup_extents_to_file);
+	torture_assert_ndr_success(tctx, ndr_ret,
+				   "ndr_push_fsctl_dup_extents_to_file");
+
+	/*
+	 * In contrast to copy-chunk, dup extents doesn't cause a lock conflict
+	 * here.
+	 */
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok(tctx, status, "FSCTL_DUP_EXTENTS_TO_FILE");
+
+	ok = check_pattern(tctx, tree, tmp_ctx, dest_h, 0, 32768, 0);
+	if (!ok) {
+		torture_fail(tctx, "inconsistent file data");
+	}
+
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x00000001;
+	lck.in.file.handle	= src_h2;
+	lck.in.locks		= el;
+	el[0].offset		= dup_ext_buf.source_off;
+	el[0].length		= dup_ext_buf.byte_count;
+	el[0].reserved		= 0;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	torture_assert_ntstatus_ok(tctx, status, "unlock");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "FSCTL_DUP_EXTENTS_TO_FILE unlocked");
+
+	ok = check_pattern(tctx, tree, tmp_ctx, dest_h, 0, 32768, 0);
+	if (!ok) {
+		torture_fail(tctx, "inconsistent file data");
+	}
+
+	smb2_util_close(tree, src_h2);
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool test_ioctl_dup_extents_dest_lck(struct torture_context *tctx,
+					    struct smb2_tree *tree)
+{
+	struct smb2_handle src_h;
+	struct smb2_handle dest_h;
+	struct smb2_handle dest_h2;
+	NTSTATUS status;
+	union smb_ioctl ioctl;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct fsctl_dup_extents_to_file dup_ext_buf;
+	enum ndr_err_code ndr_ret;
+	bool ok;
+	struct smb2_lock lck;
+	struct smb2_lock_element el[1];
+
+	ok = test_setup_dup_extents(tctx, tree, tmp_ctx,
+				    &src_h, 32768, /* fill 32768 byte src file */
+				    SEC_RIGHTS_FILE_ALL,
+				    &dest_h, 0,
+				    SEC_RIGHTS_FILE_ALL,
+				    &dup_ext_buf,
+				    &ioctl);
+	if (!ok) {
+		torture_fail(tctx, "setup dup extents error");
+	}
+
+	status = test_ioctl_fs_supported(tctx, tree, tmp_ctx, &src_h,
+					 FILE_SUPPORTS_BLOCK_REFCOUNTING, &ok);
+	torture_assert_ntstatus_ok(tctx, status, "SMB2_GETINFO_FS");
+	if (!ok) {
+		smb2_util_close(tree, src_h);
+		smb2_util_close(tree, dest_h);
+		talloc_free(tmp_ctx);
+		torture_skip(tctx, "block refcounting not supported\n");
+	}
+
+	/* dest pattern is different to src */
+	ok = write_pattern(tctx, tree, tmp_ctx, dest_h, 0, 32768, 32768);
+	torture_assert(tctx, ok, "write pattern");
+
+	/* setup dup ext req, values used for locking */
+	dup_ext_buf.source_off = 0;
+	dup_ext_buf.target_off = 0;
+	dup_ext_buf.byte_count = 32768;
+
+	/* open and lock the dup extents dest file */
+	status = torture_smb2_testfile(tree, FNAME2, &dest_h2);
+	torture_assert_ntstatus_ok(tctx, status, "2nd src open");
+
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x00000000;
+	lck.in.file.handle	= dest_h2;
+	lck.in.locks		= el;
+	el[0].offset		= dup_ext_buf.source_off;
+	el[0].length		= dup_ext_buf.byte_count;
+	el[0].reserved		= 0;
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE;
+
+	status = smb2_lock(tree, &lck);
+	torture_assert_ntstatus_ok(tctx, status, "lock");
+
+	status = smb2_util_write(tree, dest_h,
+				 "conflicted", 0, sizeof("conflicted"));
+	torture_assert_ntstatus_equal(tctx, status,
+				NT_STATUS_FILE_LOCK_CONFLICT, "file write");
+
+	ndr_ret = ndr_push_struct_blob(&ioctl.smb2.in.out, tmp_ctx,
+				       &dup_ext_buf,
+		       (ndr_push_flags_fn_t)ndr_push_fsctl_dup_extents_to_file);
+	torture_assert_ndr_success(tctx, ndr_ret,
+				   "ndr_push_fsctl_dup_extents_to_file");
+
+	/*
+	 * In contrast to copy-chunk, dup extents doesn't cause a lock conflict
+	 * here.
+	 */
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok(tctx, status, "FSCTL_DUP_EXTENTS_TO_FILE");
+
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x00000001;
+	lck.in.file.handle	= dest_h2;
+	lck.in.locks		= el;
+	el[0].offset		= dup_ext_buf.source_off;
+	el[0].length		= dup_ext_buf.byte_count;
+	el[0].reserved		= 0;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	torture_assert_ntstatus_ok(tctx, status, "unlock");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "FSCTL_DUP_EXTENTS_TO_FILE unlocked");
+
+	ok = check_pattern(tctx, tree, tmp_ctx, dest_h, 0, 32768, 0);
+	if (!ok) {
+		torture_fail(tctx, "inconsistent file data");
+	}
+
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+	smb2_util_close(tree, dest_h2);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+/*
+   basic regression test for BUG 14607
+   https://bugzilla.samba.org/show_bug.cgi?id=14607
+*/
+static bool test_ioctl_bug14607(struct torture_context *torture,
+				struct smb2_tree *tree)
+{
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	uint32_t timeout_msec;
+	NTSTATUS status;
+	DATA_BLOB out_input_buffer = data_blob_null;
+	DATA_BLOB out_output_buffer = data_blob_null;
+
+	timeout_msec = tree->session->transport->options.request_timeout * 1000;
+
+	status = smb2cli_ioctl(tree->session->transport->conn,
+			       timeout_msec,
+			       tree->session->smbXcli,
+			       tree->smbXcli,
+			       UINT64_MAX, /* in_fid_persistent */
+			       UINT64_MAX, /* in_fid_volatile */
+			       FSCTL_SMBTORTURE_IOCTL_RESPONSE_BODY_PADDING8,
+			       0, /* in_max_input_length */
+			       NULL, /* in_input_buffer */
+			       1, /* in_max_output_length */
+			       NULL, /* in_output_buffer */
+			       SMB2_IOCTL_FLAG_IS_FSCTL,
+			       tmp_ctx,
+			       &out_input_buffer,
+			       &out_output_buffer);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED) ||
+	    NT_STATUS_EQUAL(status, NT_STATUS_FILE_CLOSED) ||
+	    NT_STATUS_EQUAL(status, NT_STATUS_FS_DRIVER_REQUIRED) ||
+	    NT_STATUS_EQUAL(status, NT_STATUS_INVALID_DEVICE_REQUEST))
+	{
+		torture_comment(torture,
+				"FSCTL_SMBTORTURE_IOCTL_RESPONSE_BODY_PADDING8: %s\n",
+				nt_errstr(status));
+		torture_skip(torture, "server doesn't support FSCTL_SMBTORTURE_IOCTL_RESPONSE_BODY_PADDING8\n");
+	}
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SMBTORTURE_IOCTL_RESPONSE_BODY_PADDING8");
+
+	torture_assert_int_equal(torture, out_output_buffer.length, 1,
+				 "output length");
+	torture_assert_int_equal(torture, out_output_buffer.data[0], 8,
+				 "output buffer byte should be 8");
+
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+/*
+   basic regression test for BUG 14769
+   https://bugzilla.samba.org/show_bug.cgi?id=14769
+*/
+static bool test_ioctl_bug14769(struct torture_context *torture,
+				struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	const char *fname = "bug14769";
+	bool ret = false;
+	struct smb2_handle h;
+	struct smb2_ioctl ioctl;
+	struct smb2_close cl;
+	struct smb2_request *smb2arr[2] = { 0 };
+	uint8_t tosend_msec = 200;
+	DATA_BLOB send_buf = { &tosend_msec, 1 };
+
+	/* Create a test file. */
+	smb2_util_unlink(tree, fname);
+	status = torture_smb2_testfile(tree, fname, &h);
+	torture_assert_ntstatus_ok(torture, status, "create bug14769");
+
+	/*
+	 * Send (not receive) the FSCTL.
+	 * This should go async with a wait time of 200 msec.
+	 */
+	ZERO_STRUCT(ioctl);
+	ioctl.in.file.handle = h;
+	ioctl.in.function = FSCTL_SMBTORTURE_FSP_ASYNC_SLEEP;
+	ioctl.in.flags = SMB2_IOCTL_FLAG_IS_FSCTL;
+	ioctl.in.out = send_buf;
+
+	smb2arr[0] = smb2_ioctl_send(tree, &ioctl);
+	torture_assert_goto(torture,
+			    smb2arr[0] != NULL,
+			    ret,
+			    done,
+			    "smb2_ioctl_send failed\n");
+	/* Immediately send the close. */
+	ZERO_STRUCT(cl);
+	cl.in.file.handle = h;
+	cl.in.flags = 0;
+	smb2arr[1] = smb2_close_send(tree, &cl);
+	torture_assert_goto(torture,
+			    smb2arr[1] != NULL,
+			    ret,
+			    done,
+			    "smb2_close_send failed\n");
+
+	/* Now get the FSCTL reply. */
+	/*
+	 * If we suffer from bug #14769 this will fail as
+	 * the ioctl will return with NT_STATUS_FILE_CLOSED,
+	 * as the close will have closed the handle without
+	 * waiting for the ioctl to complete. The server shouldn't
+	 * complete the close until the ioctl finishes.
+	 */
+	status = smb2_ioctl_recv(smb2arr[0], tree, &ioctl);
+	torture_assert_ntstatus_ok_goto(torture,
+					status,
+					ret,
+					done,
+					"smb2_ioctl_recv failed\n");
+
+	/* Followed by the close reply. */
+	status = smb2_close_recv(smb2arr[1], &cl);
+	torture_assert_ntstatus_ok_goto(torture,
+					status,
+					ret,
+					done,
+					"smb2_ioctl_close failed\n");
+	ret = true;
+
+  done:
+	smb2_util_unlink(tree, fname);
+	return ret;
+}
+
+/*
+   basic regression test for BUG 14788,
+   with FSCTL_VALIDATE_NEGOTIATE_INFO
+   https://bugzilla.samba.org/show_bug.cgi?id=14788
+*/
+static bool test_ioctl_bug14788_VALIDATE_NEGOTIATE(struct torture_context *torture,
+				struct smb2_tree *tree0)
+{
+	const char *host = torture_setting_string(torture, "host", NULL);
+	const char *share = torture_setting_string(torture, "share", NULL);
+	const char *noperm_share = torture_setting_string(torture, "noperm_share", "noperm");
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options;
+	struct smb2_transport *transport = NULL;
+	struct smb2_tree *tree = NULL;
+	struct smb2_session *session = NULL;
+	uint16_t noperm_flags = 0;
+	const char *noperm_unc = NULL;
+	struct smb2_tree *noperm_tree = NULL;
+	uint32_t timeout_msec;
+	struct tevent_req *subreq = NULL;
+	struct cli_credentials *credentials = samba_cmdline_get_creds();
+	NTSTATUS status;
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_00) {
+		torture_skip(torture, "Can't test without SMB 3 support");
+	}
+
+	options = transport0->options;
+	options.client_guid = GUID_random();
+	options.min_protocol = PROTOCOL_SMB3_00;
+	options.max_protocol = PROTOCOL_SMB3_02;
+
+	status = smb2_connect(torture,
+			      host,
+			      lpcfg_smb_ports(torture->lp_ctx),
+			      share,
+			      lpcfg_resolve_context(torture->lp_ctx),
+			      credentials,
+			      &tree,
+			      torture->ev,
+			      &options,
+			      lpcfg_socket_options(torture->lp_ctx),
+			      lpcfg_gensec_settings(torture, torture->lp_ctx)
+			      );
+	torture_assert_ntstatus_ok(torture, status, "smb2_connect options failed");
+	session = tree->session;
+	transport = session->transport;
+
+	timeout_msec = tree->session->transport->options.request_timeout * 1000;
+
+	subreq = smb2cli_validate_negotiate_info_send(torture,
+						      torture->ev,
+						      transport->conn,
+						      timeout_msec,
+						      session->smbXcli,
+						      tree->smbXcli);
+	torture_assert(torture,
+		       tevent_req_poll_ntstatus(subreq, torture->ev, &status),
+		       "tevent_req_poll_ntstatus");
+	status = smb2cli_validate_negotiate_info_recv(subreq);
+	torture_assert_ntstatus_ok(torture, status, "smb2cli_validate_negotiate_info");
+
+	noperm_unc = talloc_asprintf(torture, "\\\\%s\\%s", host, noperm_share);
+	torture_assert(torture, noperm_unc != NULL, "talloc_asprintf");
+
+	noperm_tree = smb2_tree_init(session, torture, false);
+	torture_assert(torture, noperm_tree != NULL, "smb2_tree_init");
+
+	status = smb2cli_raw_tcon(transport->conn,
+				  SMB2_HDR_FLAG_SIGNED,
+				  0, /* clear_flags */
+				  timeout_msec,
+				  session->smbXcli,
+				  noperm_tree->smbXcli,
+				  noperm_flags,
+				  noperm_unc);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_BAD_NETWORK_NAME)) {
+		torture_skip(torture, talloc_asprintf(torture,
+			     "noperm_unc[%s] %s",
+			     noperm_unc, nt_errstr(status)));
+	}
+	torture_assert_ntstatus_ok(torture, status,
+				   talloc_asprintf(torture,
+				   "smb2cli_tcon(%s)",
+				   noperm_unc));
+
+	subreq = smb2cli_validate_negotiate_info_send(torture,
+						      torture->ev,
+						      transport->conn,
+						      timeout_msec,
+						      session->smbXcli,
+						      noperm_tree->smbXcli);
+	torture_assert(torture,
+		       tevent_req_poll_ntstatus(subreq, torture->ev, &status),
+		       "tevent_req_poll_ntstatus");
+	status = smb2cli_validate_negotiate_info_recv(subreq);
+	torture_assert_ntstatus_ok(torture, status, "smb2cli_validate_negotiate_info noperm");
+
+	return true;
+}
+
+/*
+   basic regression test for BUG 14788,
+   with FSCTL_QUERY_NETWORK_INTERFACE_INFO
+   https://bugzilla.samba.org/show_bug.cgi?id=14788
+*/
+static bool test_ioctl_bug14788_NETWORK_INTERFACE(struct torture_context *torture,
+				struct smb2_tree *tree0)
+{
+	const char *host = torture_setting_string(torture, "host", NULL);
+	const char *share = torture_setting_string(torture, "share", NULL);
+	const char *noperm_share = torture_setting_string(torture, "noperm_share", "noperm");
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options;
+	struct smb2_transport *transport = NULL;
+	struct smb2_tree *tree = NULL;
+	struct smb2_session *session = NULL;
+	uint16_t noperm_flags = 0;
+	const char *noperm_unc = NULL;
+	struct smb2_tree *noperm_tree = NULL;
+	uint32_t timeout_msec;
+	DATA_BLOB out_input_buffer = data_blob_null;
+	DATA_BLOB out_output_buffer = data_blob_null;
+	struct cli_credentials *credentials = samba_cmdline_get_creds();
+	NTSTATUS status;
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_00) {
+		torture_skip(torture, "Can't test without SMB 3 support");
+	}
+
+	options = transport0->options;
+	options.client_guid = GUID_random();
+	options.min_protocol = PROTOCOL_SMB3_00;
+	options.max_protocol = PROTOCOL_SMB3_02;
+
+	status = smb2_connect(torture,
+			      host,
+			      lpcfg_smb_ports(torture->lp_ctx),
+			      share,
+			      lpcfg_resolve_context(torture->lp_ctx),
+			      credentials,
+			      &tree,
+			      torture->ev,
+			      &options,
+			      lpcfg_socket_options(torture->lp_ctx),
+			      lpcfg_gensec_settings(torture, torture->lp_ctx)
+			      );
+	torture_assert_ntstatus_ok(torture, status, "smb2_connect options failed");
+	session = tree->session;
+	transport = session->transport;
+
+	timeout_msec = tree->session->transport->options.request_timeout * 1000;
+
+	/*
+	 * A valid FSCTL_QUERY_NETWORK_INTERFACE_INFO
+	 */
+	status = smb2cli_ioctl(transport->conn,
+			       timeout_msec,
+			       session->smbXcli,
+			       tree->smbXcli,
+			       UINT64_MAX, /* in_fid_persistent */
+			       UINT64_MAX, /* in_fid_volatile */
+			       FSCTL_QUERY_NETWORK_INTERFACE_INFO,
+			       0, /* in_max_input_length */
+			       NULL, /* in_input_buffer */
+			       UINT16_MAX, /* in_max_output_length */
+			       NULL, /* in_output_buffer */
+			       SMB2_IOCTL_FLAG_IS_FSCTL,
+			       torture,
+			       &out_input_buffer,
+			       &out_output_buffer);
+	torture_assert_ntstatus_ok(torture, status,
+				   "FSCTL_QUERY_NETWORK_INTERFACE_INFO");
+
+	/*
+	 * An invalid FSCTL_QUERY_NETWORK_INTERFACE_INFO,
+	 * with file_id_* is being UINT64_MAX and
+	 * in_max_output_length = 1.
+	 *
+	 * This demonstrates NT_STATUS_BUFFER_TOO_SMALL
+	 * if the server is not able to return the
+	 * whole response buffer to the client.
+	 */
+	status = smb2cli_ioctl(transport->conn,
+			       timeout_msec,
+			       session->smbXcli,
+			       tree->smbXcli,
+			       UINT64_MAX, /* in_fid_persistent */
+			       UINT64_MAX, /* in_fid_volatile */
+			       FSCTL_QUERY_NETWORK_INTERFACE_INFO,
+			       0, /* in_max_input_length */
+			       NULL, /* in_input_buffer */
+			       1, /* in_max_output_length */
+			       NULL, /* in_output_buffer */
+			       SMB2_IOCTL_FLAG_IS_FSCTL,
+			       torture,
+			       &out_input_buffer,
+			       &out_output_buffer);
+	torture_assert_ntstatus_equal(torture, status,
+				      NT_STATUS_BUFFER_TOO_SMALL,
+				      "FSCTL_QUERY_NETWORK_INTERFACE_INFO");
+
+	/*
+	 * An invalid FSCTL_QUERY_NETWORK_INTERFACE_INFO,
+	 * with file_id_* not being UINT64_MAX.
+	 *
+	 * This gives INVALID_PARAMETER instead
+	 * of FILE_CLOSED.
+	 */
+	status = smb2cli_ioctl(transport->conn,
+			       timeout_msec,
+			       session->smbXcli,
+			       tree->smbXcli,
+			       INT64_MAX, /* in_fid_persistent */
+			       INT64_MAX, /* in_fid_volatile */
+			       FSCTL_QUERY_NETWORK_INTERFACE_INFO,
+			       0, /* in_max_input_length */
+			       NULL, /* in_input_buffer */
+			       UINT16_MAX, /* in_max_output_length */
+			       NULL, /* in_output_buffer */
+			       SMB2_IOCTL_FLAG_IS_FSCTL,
+			       torture,
+			       &out_input_buffer,
+			       &out_output_buffer);
+	torture_assert_ntstatus_equal(torture, status,
+				      NT_STATUS_INVALID_PARAMETER,
+				      "FSCTL_QUERY_NETWORK_INTERFACE_INFO");
+
+	/*
+	 * An invalid FSCTL_QUERY_NETWORK_INTERFACE_INFO,
+	 * with file_id_* not being UINT64_MAX and
+	 * in_max_output_length = 1.
+	 *
+	 * This proves INVALID_PARAMETER instead
+	 * of BUFFER_TOO_SMALL.
+	 */
+	status = smb2cli_ioctl(transport->conn,
+			       timeout_msec,
+			       session->smbXcli,
+			       tree->smbXcli,
+			       INT64_MAX, /* in_fid_persistent */
+			       INT64_MAX, /* in_fid_volatile */
+			       FSCTL_QUERY_NETWORK_INTERFACE_INFO,
+			       0, /* in_max_input_length */
+			       NULL, /* in_input_buffer */
+			       1, /* in_max_output_length */
+			       NULL, /* in_output_buffer */
+			       SMB2_IOCTL_FLAG_IS_FSCTL,
+			       torture,
+			       &out_input_buffer,
+			       &out_output_buffer);
+	torture_assert_ntstatus_equal(torture, status,
+				      NT_STATUS_INVALID_PARAMETER,
+				      "FSCTL_QUERY_NETWORK_INTERFACE_INFO");
+
+	noperm_unc = talloc_asprintf(torture, "\\\\%s\\%s", host, noperm_share);
+	torture_assert(torture, noperm_unc != NULL, "talloc_asprintf");
+
+	noperm_tree = smb2_tree_init(session, torture, false);
+	torture_assert(torture, noperm_tree != NULL, "smb2_tree_init");
+
+	status = smb2cli_raw_tcon(transport->conn,
+				  SMB2_HDR_FLAG_SIGNED,
+				  0, /* clear_flags */
+				  timeout_msec,
+				  session->smbXcli,
+				  noperm_tree->smbXcli,
+				  noperm_flags,
+				  noperm_unc);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_BAD_NETWORK_NAME)) {
+		torture_skip(torture, talloc_asprintf(torture,
+			     "noperm_unc[%s] %s",
+			     noperm_unc, nt_errstr(status)));
+	}
+	torture_assert_ntstatus_ok(torture, status,
+				   talloc_asprintf(torture,
+				   "smb2cli_tcon(%s)",
+				   noperm_unc));
+
+	/*
+	 * A valid FSCTL_QUERY_NETWORK_INTERFACE_INFO
+	 */
+	status = smb2cli_ioctl(transport->conn,
+			       timeout_msec,
+			       session->smbXcli,
+			       noperm_tree->smbXcli,
+			       UINT64_MAX, /* in_fid_persistent */
+			       UINT64_MAX, /* in_fid_volatile */
+			       FSCTL_QUERY_NETWORK_INTERFACE_INFO,
+			       0, /* in_max_input_length */
+			       NULL, /* in_input_buffer */
+			       UINT16_MAX, /* in_max_output_length */
+			       NULL, /* in_output_buffer */
+			       SMB2_IOCTL_FLAG_IS_FSCTL,
+			       torture,
+			       &out_input_buffer,
+			       &out_output_buffer);
+	torture_assert_ntstatus_ok(torture, status,
+				   "FSCTL_QUERY_NETWORK_INTERFACE_INFO");
+
+	/*
+	 * An invalid FSCTL_QUERY_NETWORK_INTERFACE_INFO,
+	 * with file_id_* is being UINT64_MAX and
+	 * in_max_output_length = 1.
+	 *
+	 * This demonstrates NT_STATUS_BUFFER_TOO_SMALL
+	 * if the server is not able to return the
+	 * whole response buffer to the client.
+	 */
+	status = smb2cli_ioctl(transport->conn,
+			       timeout_msec,
+			       session->smbXcli,
+			       noperm_tree->smbXcli,
+			       UINT64_MAX, /* in_fid_persistent */
+			       UINT64_MAX, /* in_fid_volatile */
+			       FSCTL_QUERY_NETWORK_INTERFACE_INFO,
+			       0, /* in_max_input_length */
+			       NULL, /* in_input_buffer */
+			       1, /* in_max_output_length */
+			       NULL, /* in_output_buffer */
+			       SMB2_IOCTL_FLAG_IS_FSCTL,
+			       torture,
+			       &out_input_buffer,
+			       &out_output_buffer);
+	torture_assert_ntstatus_equal(torture, status,
+				      NT_STATUS_BUFFER_TOO_SMALL,
+				      "FSCTL_QUERY_NETWORK_INTERFACE_INFO");
+
+	/*
+	 * An invalid FSCTL_QUERY_NETWORK_INTERFACE_INFO,
+	 * with file_id_* not being UINT64_MAX.
+	 *
+	 * This gives INVALID_PARAMETER instead
+	 * of FILE_CLOSED.
+	 */
+	status = smb2cli_ioctl(transport->conn,
+			       timeout_msec,
+			       session->smbXcli,
+			       noperm_tree->smbXcli,
+			       INT64_MAX, /* in_fid_persistent */
+			       INT64_MAX, /* in_fid_volatile */
+			       FSCTL_QUERY_NETWORK_INTERFACE_INFO,
+			       0, /* in_max_input_length */
+			       NULL, /* in_input_buffer */
+			       UINT16_MAX, /* in_max_output_length */
+			       NULL, /* in_output_buffer */
+			       SMB2_IOCTL_FLAG_IS_FSCTL,
+			       torture,
+			       &out_input_buffer,
+			       &out_output_buffer);
+	torture_assert_ntstatus_equal(torture, status,
+				      NT_STATUS_INVALID_PARAMETER,
+				      "FSCTL_QUERY_NETWORK_INTERFACE_INFO");
+
+	/*
+	 * An invalid FSCTL_QUERY_NETWORK_INTERFACE_INFO,
+	 * with file_id_* not being UINT64_MAX and
+	 * in_max_output_length = 1.
+	 *
+	 * This proves INVALID_PARAMETER instead
+	 * of BUFFER_TOO_SMALL.
+	 */
+	status = smb2cli_ioctl(transport->conn,
+			       timeout_msec,
+			       session->smbXcli,
+			       noperm_tree->smbXcli,
+			       INT64_MAX, /* in_fid_persistent */
+			       INT64_MAX, /* in_fid_volatile */
+			       FSCTL_QUERY_NETWORK_INTERFACE_INFO,
+			       0, /* in_max_input_length */
+			       NULL, /* in_input_buffer */
+			       1, /* in_max_output_length */
+			       NULL, /* in_output_buffer */
+			       SMB2_IOCTL_FLAG_IS_FSCTL,
+			       torture,
+			       &out_input_buffer,
+			       &out_output_buffer);
+	torture_assert_ntstatus_equal(torture, status,
+				      NT_STATUS_INVALID_PARAMETER,
+				      "FSCTL_QUERY_NETWORK_INTERFACE_INFO");
+
+	return true;
+}
+
+/*
+ * testing of SMB2 ioctls
+ */
+struct torture_suite *torture_smb2_ioctl_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "ioctl");
+	struct torture_suite *bug14788 = torture_suite_create(ctx, "bug14788");
+
+	torture_suite_add_1smb2_test(suite, "shadow_copy",
+				     test_ioctl_get_shadow_copy);
+	torture_suite_add_1smb2_test(suite, "req_resume_key",
+				     test_ioctl_req_resume_key);
+	torture_suite_add_1smb2_test(suite, "req_two_resume_keys",
+				     test_ioctl_req_two_resume_keys);
+	torture_suite_add_1smb2_test(suite, "copy_chunk_simple",
+				     test_ioctl_copy_chunk_simple);
+	torture_suite_add_1smb2_test(suite, "copy_chunk_multi",
+				     test_ioctl_copy_chunk_multi);
+	torture_suite_add_1smb2_test(suite, "copy_chunk_tiny",
+				     test_ioctl_copy_chunk_tiny);
+	torture_suite_add_1smb2_test(suite, "copy_chunk_overwrite",
+				     test_ioctl_copy_chunk_over);
+	torture_suite_add_1smb2_test(suite, "copy_chunk_append",
+				     test_ioctl_copy_chunk_append);
+	torture_suite_add_1smb2_test(suite, "copy_chunk_limits",
+				     test_ioctl_copy_chunk_limits);
+	torture_suite_add_1smb2_test(suite, "copy_chunk_src_lock",
+				     test_ioctl_copy_chunk_src_lck);
+	torture_suite_add_1smb2_test(suite, "copy_chunk_dest_lock",
+				     test_ioctl_copy_chunk_dest_lck);
+	torture_suite_add_1smb2_test(suite, "copy_chunk_bad_key",
+				     test_ioctl_copy_chunk_bad_key);
+	torture_suite_add_1smb2_test(suite, "copy_chunk_src_is_dest",
+				     test_ioctl_copy_chunk_src_is_dest);
+	torture_suite_add_1smb2_test(suite, "copy_chunk_src_is_dest_overlap",
+				     test_ioctl_copy_chunk_src_is_dest_overlap);
+	torture_suite_add_1smb2_test(suite, "copy_chunk_bad_access",
+				     test_ioctl_copy_chunk_bad_access);
+	torture_suite_add_1smb2_test(suite, "copy_chunk_write_access",
+				     test_ioctl_copy_chunk_write_access);
+	torture_suite_add_1smb2_test(suite, "copy_chunk_src_exceed",
+				     test_ioctl_copy_chunk_src_exceed);
+	torture_suite_add_1smb2_test(suite, "copy_chunk_src_exceed_multi",
+				     test_ioctl_copy_chunk_src_exceed_multi);
+	torture_suite_add_1smb2_test(suite, "copy_chunk_sparse_dest",
+				     test_ioctl_copy_chunk_sparse_dest);
+	torture_suite_add_1smb2_test(suite, "copy_chunk_max_output_sz",
+				     test_ioctl_copy_chunk_max_output_sz);
+	torture_suite_add_1smb2_test(suite, "copy_chunk_zero_length",
+				     test_ioctl_copy_chunk_zero_length);
+	torture_suite_add_1smb2_test(suite, "copy-chunk streams",
+				     test_copy_chunk_streams);
+	torture_suite_add_1smb2_test(suite, "copy_chunk_across_shares",
+				     test_copy_chunk_across_shares);
+	torture_suite_add_1smb2_test(suite, "copy_chunk_across_shares2",
+				     test_copy_chunk_across_shares2);
+	torture_suite_add_1smb2_test(suite, "copy_chunk_across_shares3",
+				     test_copy_chunk_across_shares3);
+	torture_suite_add_1smb2_test(suite, "compress_file_flag",
+				     test_ioctl_compress_file_flag);
+	torture_suite_add_1smb2_test(suite, "compress_dir_inherit",
+				     test_ioctl_compress_dir_inherit);
+	torture_suite_add_1smb2_test(suite, "compress_invalid_format",
+				     test_ioctl_compress_invalid_format);
+	torture_suite_add_1smb2_test(suite, "compress_invalid_buf",
+				     test_ioctl_compress_invalid_buf);
+	torture_suite_add_1smb2_test(suite, "compress_query_file_attr",
+				     test_ioctl_compress_query_file_attr);
+	torture_suite_add_1smb2_test(suite, "compress_create_with_attr",
+				     test_ioctl_compress_create_with_attr);
+	torture_suite_add_1smb2_test(suite, "compress_inherit_disable",
+				     test_ioctl_compress_inherit_disable);
+	torture_suite_add_1smb2_test(suite, "compress_set_file_attr",
+				     test_ioctl_compress_set_file_attr);
+	torture_suite_add_1smb2_test(suite, "compress_perms",
+				     test_ioctl_compress_perms);
+	torture_suite_add_1smb2_test(suite, "compress_notsup_get",
+				     test_ioctl_compress_notsup_get);
+	torture_suite_add_1smb2_test(suite, "compress_notsup_set",
+				     test_ioctl_compress_notsup_set);
+	torture_suite_add_1smb2_test(suite, "network_interface_info",
+				     test_ioctl_network_interface_info);
+	torture_suite_add_1smb2_test(suite, "sparse_file_flag",
+				     test_ioctl_sparse_file_flag);
+	torture_suite_add_1smb2_test(suite, "sparse_file_attr",
+				     test_ioctl_sparse_file_attr);
+	torture_suite_add_1smb2_test(suite, "sparse_dir_flag",
+				     test_ioctl_sparse_dir_flag);
+	torture_suite_add_1smb2_test(suite, "sparse_set_nobuf",
+				     test_ioctl_sparse_set_nobuf);
+	torture_suite_add_1smb2_test(suite, "sparse_set_oversize",
+				     test_ioctl_sparse_set_oversize);
+	torture_suite_add_1smb2_test(suite, "sparse_qar",
+				     test_ioctl_sparse_qar);
+	torture_suite_add_1smb2_test(suite, "sparse_qar_malformed",
+				     test_ioctl_sparse_qar_malformed);
+	torture_suite_add_1smb2_test(suite, "sparse_punch",
+				     test_ioctl_sparse_punch);
+	torture_suite_add_1smb2_test(suite, "sparse_hole_dealloc",
+				     test_ioctl_sparse_hole_dealloc);
+	torture_suite_add_1smb2_test(suite, "sparse_compressed",
+				     test_ioctl_sparse_compressed);
+	torture_suite_add_1smb2_test(suite, "sparse_copy_chunk",
+				     test_ioctl_sparse_copy_chunk);
+	torture_suite_add_1smb2_test(suite, "sparse_punch_invalid",
+				     test_ioctl_sparse_punch_invalid);
+	torture_suite_add_1smb2_test(suite, "sparse_perms",
+				     test_ioctl_sparse_perms);
+	torture_suite_add_1smb2_test(suite, "sparse_lock",
+				     test_ioctl_sparse_lck);
+	torture_suite_add_1smb2_test(suite, "sparse_qar_ob1",
+				     test_ioctl_sparse_qar_ob1);
+	torture_suite_add_1smb2_test(suite, "sparse_qar_multi",
+				     test_ioctl_sparse_qar_multi);
+	torture_suite_add_1smb2_test(suite, "sparse_qar_overflow",
+				     test_ioctl_sparse_qar_overflow);
+	torture_suite_add_1smb2_test(suite, "trim_simple",
+				     test_ioctl_trim_simple);
+	torture_suite_add_1smb2_test(suite, "dup_extents_simple",
+				     test_ioctl_dup_extents_simple);
+	torture_suite_add_1smb2_test(suite, "dup_extents_len_beyond_dest",
+				     test_ioctl_dup_extents_len_beyond_dest);
+	torture_suite_add_1smb2_test(suite, "dup_extents_len_beyond_src",
+				     test_ioctl_dup_extents_len_beyond_src);
+	torture_suite_add_1smb2_test(suite, "dup_extents_len_zero",
+				     test_ioctl_dup_extents_len_zero);
+	torture_suite_add_1smb2_test(suite, "dup_extents_sparse_src",
+				     test_ioctl_dup_extents_sparse_src);
+	torture_suite_add_1smb2_test(suite, "dup_extents_sparse_dest",
+				     test_ioctl_dup_extents_sparse_dest);
+	torture_suite_add_1smb2_test(suite, "dup_extents_sparse_both",
+				     test_ioctl_dup_extents_sparse_both);
+	torture_suite_add_1smb2_test(suite, "dup_extents_src_is_dest",
+				     test_ioctl_dup_extents_src_is_dest);
+	torture_suite_add_1smb2_test(suite, "dup_extents_src_is_dest_overlap",
+				     test_ioctl_dup_extents_src_is_dest_overlap);
+	torture_suite_add_1smb2_test(suite, "dup_extents_compressed_src",
+				     test_ioctl_dup_extents_compressed_src);
+	torture_suite_add_1smb2_test(suite, "dup_extents_compressed_dest",
+				     test_ioctl_dup_extents_compressed_dest);
+	torture_suite_add_1smb2_test(suite, "dup_extents_bad_handle",
+				     test_ioctl_dup_extents_bad_handle);
+	torture_suite_add_1smb2_test(suite, "dup_extents_src_lock",
+				     test_ioctl_dup_extents_src_lck);
+	torture_suite_add_1smb2_test(suite, "dup_extents_dest_lock",
+				     test_ioctl_dup_extents_dest_lck);
+	torture_suite_add_1smb2_test(suite, "bug14607",
+				     test_ioctl_bug14607);
+	torture_suite_add_1smb2_test(suite, "bug14769",
+				     test_ioctl_bug14769);
+
+	torture_suite_add_1smb2_test(bug14788, "VALIDATE_NEGOTIATE",
+				     test_ioctl_bug14788_VALIDATE_NEGOTIATE);
+	torture_suite_add_1smb2_test(bug14788, "NETWORK_INTERFACE",
+				     test_ioctl_bug14788_NETWORK_INTERFACE);
+	torture_suite_add_suite(suite, bug14788);
+
+	suite->description = talloc_strdup(suite, "SMB2-IOCTL tests");
+
+	return suite;
+}
+
diff --git a/source4/torture/smb2/lease.c b/source4/torture/smb2/lease.c
new file mode 100644
index 0000000..30bbefd
--- /dev/null
+++ b/source4/torture/smb2/lease.c
@@ -0,0 +1,4819 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   test suite for SMB2 leases
+
+   Copyright (C) Zachary Loafman 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <tevent.h>
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "torture/torture.h"
+#include "torture/smb2/proto.h"
+#include "torture/util.h"
+#include "libcli/smb/smbXcli_base.h"
+#include "libcli/security/security.h"
+#include "lib/param/param.h"
+#include "lease_break_handler.h"
+
+#define CHECK_VAL(v, correct) do { \
+	if ((v) != (correct)) { \
+		torture_result(tctx, TORTURE_FAIL, "(%s): wrong value for %s got 0x%x - should be 0x%x\n", \
+				__location__, #v, (int)(v), (int)(correct)); \
+		ret = false; \
+	}} while (0)
+
+#define CHECK_STATUS(status, correct) do { \
+	if (!NT_STATUS_EQUAL(status, correct)) { \
+		torture_result(tctx, TORTURE_FAIL, __location__": Incorrect status %s - should be %s", \
+		       nt_errstr(status), nt_errstr(correct)); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+#define CHECK_CREATED(__io, __created, __attribute)			\
+	do {								\
+		CHECK_VAL((__io)->out.create_action, NTCREATEX_ACTION_ ## __created); \
+		CHECK_VAL((__io)->out.size, 0);				\
+		CHECK_VAL((__io)->out.file_attr, (__attribute));	\
+		CHECK_VAL((__io)->out.reserved2, 0);			\
+	} while(0)
+
+#define CHECK_LEASE(__io, __state, __oplevel, __key, __flags)		\
+	do {								\
+		CHECK_VAL((__io)->out.lease_response.lease_version, 1); \
+		if (__oplevel) {					\
+			CHECK_VAL((__io)->out.oplock_level, SMB2_OPLOCK_LEVEL_LEASE); \
+			CHECK_VAL((__io)->out.lease_response.lease_key.data[0], (__key)); \
+			CHECK_VAL((__io)->out.lease_response.lease_key.data[1], ~(__key)); \
+			CHECK_VAL((__io)->out.lease_response.lease_state, smb2_util_lease_state(__state)); \
+		} else {						\
+			CHECK_VAL((__io)->out.oplock_level, SMB2_OPLOCK_LEVEL_NONE); \
+			CHECK_VAL((__io)->out.lease_response.lease_key.data[0], 0); \
+			CHECK_VAL((__io)->out.lease_response.lease_key.data[1], 0); \
+			CHECK_VAL((__io)->out.lease_response.lease_state, 0); \
+		}							\
+									\
+		CHECK_VAL((__io)->out.lease_response.lease_flags, (__flags));	\
+		CHECK_VAL((__io)->out.lease_response.lease_duration, 0); \
+		CHECK_VAL((__io)->out.lease_response.lease_epoch, 0); \
+	} while(0)
+
+#define CHECK_LEASE_V2(__io, __state, __oplevel, __key, __flags, __parent, __epoch) \
+	do {								\
+		CHECK_VAL((__io)->out.lease_response_v2.lease_version, 2); \
+		if (__oplevel) {					\
+			CHECK_VAL((__io)->out.oplock_level, SMB2_OPLOCK_LEVEL_LEASE); \
+			CHECK_VAL((__io)->out.lease_response_v2.lease_key.data[0], (__key)); \
+			CHECK_VAL((__io)->out.lease_response_v2.lease_key.data[1], ~(__key)); \
+			CHECK_VAL((__io)->out.lease_response_v2.lease_state, smb2_util_lease_state(__state)); \
+		} else {						\
+			CHECK_VAL((__io)->out.oplock_level, SMB2_OPLOCK_LEVEL_NONE); \
+			CHECK_VAL((__io)->out.lease_response_v2.lease_key.data[0], 0); \
+			CHECK_VAL((__io)->out.lease_response_v2.lease_key.data[1], 0); \
+			CHECK_VAL((__io)->out.lease_response_v2.lease_state, 0); \
+		}							\
+									\
+		CHECK_VAL((__io)->out.lease_response_v2.lease_flags, __flags); \
+		if (__flags & SMB2_LEASE_FLAG_PARENT_LEASE_KEY_SET) { \
+			CHECK_VAL((__io)->out.lease_response_v2.parent_lease_key.data[0], (__parent)); \
+			CHECK_VAL((__io)->out.lease_response_v2.parent_lease_key.data[1], ~(__parent)); \
+		} \
+		CHECK_VAL((__io)->out.lease_response_v2.lease_duration, 0); \
+		CHECK_VAL((__io)->out.lease_response_v2.lease_epoch, (__epoch)); \
+	} while(0)
+
+static const uint64_t LEASE1 = 0xBADC0FFEE0DDF00Dull;
+static const uint64_t LEASE2 = 0xDEADBEEFFEEDBEADull;
+static const uint64_t LEASE3 = 0xDAD0FFEDD00DF00Dull;
+static const uint64_t LEASE4 = 0xBAD0FFEDD00DF00Dull;
+
+#define NREQUEST_RESULTS 8
+static const char *request_results[NREQUEST_RESULTS][2] = {
+	{ "", "" },
+	{ "R", "R" },
+	{ "H", "" },
+	{ "W", "" },
+	{ "RH", "RH" },
+	{ "RW", "RW" },
+	{ "HW", "" },
+	{ "RHW", "RHW" },
+};
+
+static bool test_lease_request(struct torture_context *tctx,
+	                       struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io;
+	struct smb2_lease ls;
+	struct smb2_handle h1 = {{0}};
+	struct smb2_handle h2 = {{0}};
+	NTSTATUS status;
+	const char *fname = "lease_request.dat";
+	const char *fname2 = "lease_request.2.dat";
+	const char *sname = "lease_request.dat:stream";
+	const char *dname = "lease_request.dir";
+	bool ret = true;
+	int i;
+	uint32_t caps;
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	smb2_util_unlink(tree, fname);
+	smb2_util_unlink(tree, fname2);
+	smb2_util_rmdir(tree, dname);
+
+	/* Win7 is happy to grant RHW leases on files. */
+	smb2_lease_create(&io, &ls, false, fname, LEASE1, smb2_util_lease_state("RHW"));
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.out.file.handle;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io, "RHW", true, LEASE1, 0);
+
+	/* But will reject leases on directories. */
+	if (!(caps & SMB2_CAP_DIRECTORY_LEASING)) {
+		smb2_lease_create(&io, &ls, true, dname, LEASE2, smb2_util_lease_state("RHW"));
+		status = smb2_create(tree, mem_ctx, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_DIRECTORY);
+		CHECK_VAL(io.out.oplock_level, SMB2_OPLOCK_LEVEL_NONE);
+		smb2_util_close(tree, io.out.file.handle);
+	}
+
+	/* Also rejects multiple files leased under the same key. */
+	smb2_lease_create(&io, &ls, true, fname2, LEASE1, smb2_util_lease_state("RHW"));
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	/* And grants leases on streams (with separate leasekey). */
+	smb2_lease_create(&io, &ls, false, sname, LEASE2, smb2_util_lease_state("RHW"));
+	status = smb2_create(tree, mem_ctx, &io);
+	h2 = io.out.file.handle;
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io, "RHW", true, LEASE2, 0);
+	smb2_util_close(tree, h2);
+
+	smb2_util_close(tree, h1);
+
+	/* Now see what combos are actually granted. */
+	for (i = 0; i < NREQUEST_RESULTS; i++) {
+		torture_comment(tctx, "Requesting lease type %s(%x),"
+		    " expecting %s(%x)\n",
+		    request_results[i][0], smb2_util_lease_state(request_results[i][0]),
+		    request_results[i][1], smb2_util_lease_state(request_results[i][1]));
+		smb2_lease_create(&io, &ls, false, fname, LEASE1,
+		    smb2_util_lease_state(request_results[i][0]));
+		status = smb2_create(tree, mem_ctx, &io);
+		h2 = io.out.file.handle;
+		CHECK_STATUS(status, NT_STATUS_OK);
+		CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+		CHECK_LEASE(&io, request_results[i][1], true, LEASE1, 0);
+		smb2_util_close(tree, io.out.file.handle);
+	}
+
+ done:
+	smb2_util_close(tree, h1);
+	smb2_util_close(tree, h2);
+
+	smb2_util_unlink(tree, fname);
+	smb2_util_unlink(tree, fname2);
+	smb2_util_rmdir(tree, dname);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+static bool test_lease_upgrade(struct torture_context *tctx,
+                               struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io;
+	struct smb2_lease ls;
+	struct smb2_handle h = {{0}};
+	struct smb2_handle hnew = {{0}};
+	NTSTATUS status;
+	const char *fname = "lease_upgrade.dat";
+	bool ret = true;
+	uint32_t caps;
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	smb2_util_unlink(tree, fname);
+
+	/* Grab a RH lease. */
+	smb2_lease_create(&io, &ls, false, fname, LEASE1, smb2_util_lease_state("RH"));
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io, "RH", true, LEASE1, 0);
+	h = io.out.file.handle;
+
+	/* Upgrades (sidegrades?) to RW leave us with an RH. */
+	smb2_lease_create(&io, &ls, false, fname, LEASE1, smb2_util_lease_state("RW"));
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io, "RH", true, LEASE1, 0);
+	hnew = io.out.file.handle;
+
+	smb2_util_close(tree, hnew);
+
+	/* Upgrade to RHW lease. */
+	smb2_lease_create(&io, &ls, false, fname, LEASE1, smb2_util_lease_state("RHW"));
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io, "RHW", true, LEASE1, 0);
+	hnew = io.out.file.handle;
+
+	smb2_util_close(tree, h);
+	h = hnew;
+
+	/* Attempt to downgrade - original lease state is maintained. */
+	smb2_lease_create(&io, &ls, false, fname, LEASE1, smb2_util_lease_state("RH"));
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io, "RHW", true, LEASE1, 0);
+	hnew = io.out.file.handle;
+
+	smb2_util_close(tree, hnew);
+
+ done:
+	smb2_util_close(tree, h);
+	smb2_util_close(tree, hnew);
+
+	smb2_util_unlink(tree, fname);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * upgrade2 test.
+ * full matrix of lease upgrade combinations
+ * (non-contended case)
+ *
+ * The summary of the behaviour is this:
+ * -------------------------------------
+ * An uncontended lease upgrade results in a change
+ * if and only if the requested lease state is
+ * - valid, and
+ * - strictly a superset of the lease state already held.
+ *
+ * In that case the resulting lease state is the one
+ * requested in the upgrade.
+ */
+struct lease_upgrade2_test {
+	const char *initial;
+	const char *upgrade_to;
+	const char *expected;
+};
+
+#define NUM_LEASE_TYPES 5
+#define NUM_UPGRADE_TESTS ( NUM_LEASE_TYPES * NUM_LEASE_TYPES )
+struct lease_upgrade2_test lease_upgrade2_tests[NUM_UPGRADE_TESTS] = {
+	{ "", "", "" },
+	{ "", "R", "R" },
+	{ "", "RH", "RH" },
+	{ "", "RW", "RW" },
+	{ "", "RWH", "RWH" },
+
+	{ "R", "", "R" },
+	{ "R", "R", "R" },
+	{ "R", "RH", "RH" },
+	{ "R", "RW", "RW" },
+	{ "R", "RWH", "RWH" },
+
+	{ "RH", "", "RH" },
+	{ "RH", "R", "RH" },
+	{ "RH", "RH", "RH" },
+	{ "RH", "RW", "RH" },
+	{ "RH", "RWH", "RWH" },
+
+	{ "RW", "", "RW" },
+	{ "RW", "R", "RW" },
+	{ "RW", "RH", "RW" },
+	{ "RW", "RW", "RW" },
+	{ "RW", "RWH", "RWH" },
+
+	{ "RWH", "", "RWH" },
+	{ "RWH", "R", "RWH" },
+	{ "RWH", "RH", "RWH" },
+	{ "RWH", "RW", "RWH" },
+	{ "RWH", "RWH", "RWH" },
+};
+
+static bool test_lease_upgrade2(struct torture_context *tctx,
+                                struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_handle h, hnew;
+	NTSTATUS status;
+	struct smb2_create io;
+	struct smb2_lease ls;
+	const char *fname = "lease_upgrade2.dat";
+	bool ret = true;
+	int i;
+	uint32_t caps;
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	for (i = 0; i < NUM_UPGRADE_TESTS; i++) {
+		struct lease_upgrade2_test t = lease_upgrade2_tests[i];
+
+		smb2_util_unlink(tree, fname);
+
+		/* Grab a lease. */
+		smb2_lease_create(&io, &ls, false, fname, LEASE1, smb2_util_lease_state(t.initial));
+		status = smb2_create(tree, mem_ctx, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+		CHECK_LEASE(&io, t.initial, true, LEASE1, 0);
+		h = io.out.file.handle;
+
+		/* Upgrade. */
+		smb2_lease_create(&io, &ls, false, fname, LEASE1, smb2_util_lease_state(t.upgrade_to));
+		status = smb2_create(tree, mem_ctx, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+		CHECK_LEASE(&io, t.expected, true, LEASE1, 0);
+		hnew = io.out.file.handle;
+
+		smb2_util_close(tree, hnew);
+		smb2_util_close(tree, h);
+	}
+
+ done:
+	smb2_util_close(tree, h);
+	smb2_util_close(tree, hnew);
+
+	smb2_util_unlink(tree, fname);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+
+/**
+ * upgrade3:
+ * full matrix of lease upgrade combinations
+ * (contended case)
+ *
+ * We start with 2 leases, and check how one can
+ * be upgraded
+ *
+ * The summary of the behaviour is this:
+ * -------------------------------------
+ *
+ * If we have two leases (lease1 and lease2) on the same file,
+ * then attempt to upgrade lease1 results in a change if and only
+ * if the requested lease state:
+ * - is valid,
+ * - is strictly a superset of lease1, and
+ * - can held together with lease2.
+ *
+ * In that case, the resulting lease state of the upgraded lease1
+ * is the state requested in the upgrade. lease2 is not broken
+ * and remains unchanged.
+ *
+ * Note that this contrasts the case of directly opening with
+ * an initial requested lease state, in which case you get that
+ * portion of the requested state that can be shared with the
+ * already existing leases (or the states that they get broken to).
+ */
+struct lease_upgrade3_test {
+	const char *held1;
+	const char *held2;
+	const char *upgrade_to;
+	const char *upgraded_to;
+};
+
+#define NUM_UPGRADE3_TESTS ( 20 )
+struct lease_upgrade3_test lease_upgrade3_tests[NUM_UPGRADE3_TESTS] = {
+	{"R", "R", "", "R" },
+	{"R", "R", "R", "R" },
+	{"R", "R", "RW", "R" },
+	{"R", "R", "RH", "RH" },
+	{"R", "R", "RHW", "R" },
+
+	{"R", "RH", "", "R" },
+	{"R", "RH", "R", "R" },
+	{"R", "RH", "RW", "R" },
+	{"R", "RH", "RH", "RH" },
+	{"R", "RH", "RHW", "R" },
+
+	{"RH", "R", "", "RH" },
+	{"RH", "R", "R", "RH" },
+	{"RH", "R", "RW", "RH" },
+	{"RH", "R", "RH", "RH" },
+	{"RH", "R", "RHW", "RH" },
+
+	{"RH", "RH", "", "RH" },
+	{"RH", "RH", "R", "RH" },
+	{"RH", "RH", "RW", "RH" },
+	{"RH", "RH", "RH", "RH" },
+	{"RH", "RH", "RHW", "RH" },
+};
+
+static bool test_lease_upgrade3(struct torture_context *tctx,
+                                struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_handle h, h2, hnew;
+	NTSTATUS status;
+	struct smb2_create io;
+	struct smb2_lease ls;
+	const char *fname = "lease_upgrade3.dat";
+	bool ret = true;
+	int i;
+	uint32_t caps;
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	tree->session->transport->lease.handler	= torture_lease_handler;
+	tree->session->transport->lease.private_data = tree;
+
+	smb2_util_unlink(tree, fname);
+
+	for (i = 0; i < NUM_UPGRADE3_TESTS; i++) {
+		struct lease_upgrade3_test t = lease_upgrade3_tests[i];
+
+		smb2_util_unlink(tree, fname);
+
+		torture_reset_lease_break_info(tctx, &lease_break_info);
+
+		/* grab first lease */
+		smb2_lease_create(&io, &ls, false, fname, LEASE1, smb2_util_lease_state(t.held1));
+		status = smb2_create(tree, mem_ctx, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+		CHECK_LEASE(&io, t.held1, true, LEASE1, 0);
+		h = io.out.file.handle;
+
+		/* grab second lease */
+		smb2_lease_create(&io, &ls, false, fname, LEASE2, smb2_util_lease_state(t.held2));
+		status = smb2_create(tree, mem_ctx, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+		CHECK_LEASE(&io, t.held2, true, LEASE2, 0);
+		h2 = io.out.file.handle;
+
+		/* no break has happened */
+		CHECK_VAL(lease_break_info.count, 0);
+		CHECK_VAL(lease_break_info.failures, 0);
+
+		/* try to upgrade lease1 */
+		smb2_lease_create(&io, &ls, false, fname, LEASE1, smb2_util_lease_state(t.upgrade_to));
+		status = smb2_create(tree, mem_ctx, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+		CHECK_LEASE(&io, t.upgraded_to, true, LEASE1, 0);
+		hnew = io.out.file.handle;
+
+		/* no break has happened */
+		CHECK_VAL(lease_break_info.count, 0);
+		CHECK_VAL(lease_break_info.failures, 0);
+
+		smb2_util_close(tree, hnew);
+		smb2_util_close(tree, h);
+		smb2_util_close(tree, h2);
+	}
+
+ done:
+	smb2_util_close(tree, h);
+	smb2_util_close(tree, hnew);
+	smb2_util_close(tree, h2);
+
+	smb2_util_unlink(tree, fname);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+
+
+/*
+  break_results should be read as "held lease, new lease, hold broken to, new
+  grant", i.e. { "RH", "RW", "RH", "R" } means that if key1 holds RH and key2
+  tries for RW, key1 will be broken to RH (in this case, not broken at all)
+  and key2 will be granted R.
+
+  Note: break_results only includes things that Win7 will actually grant (see
+  request_results above).
+ */
+#define NBREAK_RESULTS 16
+static const char *break_results[NBREAK_RESULTS][4] = {
+	{"R",	"R",	"R",	"R"},
+	{"R",	"RH",	"R",	"RH"},
+	{"R",	"RW",	"R",	"R"},
+	{"R",	"RHW",	"R",	"RH"},
+
+	{"RH",	"R",	"RH",	"R"},
+	{"RH",	"RH",	"RH",	"RH"},
+	{"RH",	"RW",	"RH",	"R"},
+	{"RH",	"RHW",	"RH",	"RH"},
+
+	{"RW",	"R",	"R",	"R"},
+	{"RW",	"RH",	"R",	"RH"},
+	{"RW",	"RW",	"R",	"R"},
+	{"RW",	"RHW",	"R",	"RH"},
+
+	{"RHW",	"R",	"RH",	"R"},
+	{"RHW",	"RH",	"RH",	"RH"},
+	{"RHW",	"RW",	"RH",	"R"},
+	{"RHW", "RHW",	"RH",	"RH"},
+};
+
+static bool test_lease_break(struct torture_context *tctx,
+                               struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io;
+	struct smb2_lease ls;
+	struct smb2_handle h, h2, h3;
+	NTSTATUS status;
+	const char *fname = "lease_break.dat";
+	bool ret = true;
+	int i;
+	uint32_t caps;
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	tree->session->transport->lease.handler	= torture_lease_handler;
+	tree->session->transport->lease.private_data = tree;
+
+	smb2_util_unlink(tree, fname);
+
+	for (i = 0; i < NBREAK_RESULTS; i++) {
+		const char *held = break_results[i][0];
+		const char *contend = break_results[i][1];
+		const char *brokento = break_results[i][2];
+		const char *granted = break_results[i][3];
+		torture_comment(tctx, "Hold %s(%x), requesting %s(%x), "
+		    "expecting break to %s(%x) and grant of %s(%x)\n",
+		    held, smb2_util_lease_state(held), contend, smb2_util_lease_state(contend),
+		    brokento, smb2_util_lease_state(brokento), granted, smb2_util_lease_state(granted));
+
+		torture_reset_lease_break_info(tctx, &lease_break_info);
+
+		/* Grab lease. */
+		smb2_lease_create(&io, &ls, false, fname, LEASE1, smb2_util_lease_state(held));
+		status = smb2_create(tree, mem_ctx, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		h = io.out.file.handle;
+		CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+		CHECK_LEASE(&io, held, true, LEASE1, 0);
+
+		/* Possibly contend lease. */
+		smb2_lease_create(&io, &ls, false, fname, LEASE2, smb2_util_lease_state(contend));
+		status = smb2_create(tree, mem_ctx, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		h2 = io.out.file.handle;
+		CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+		CHECK_LEASE(&io, granted, true, LEASE2, 0);
+
+		if (smb2_util_lease_state(held) != smb2_util_lease_state(brokento)) {
+			CHECK_BREAK_INFO(held, brokento, LEASE1);
+		} else {
+			CHECK_NO_BREAK(tctx);
+		}
+
+		torture_reset_lease_break_info(tctx, &lease_break_info);
+
+		/*
+		  Now verify that an attempt to upgrade LEASE1 results in no
+		  break and no change in LEASE1.
+		 */
+		smb2_lease_create(&io, &ls, false, fname, LEASE1, smb2_util_lease_state("RHW"));
+		status = smb2_create(tree, mem_ctx, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		h3 = io.out.file.handle;
+		CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+		CHECK_LEASE(&io, brokento, true, LEASE1, 0);
+		CHECK_VAL(lease_break_info.count, 0);
+		CHECK_VAL(lease_break_info.failures, 0);
+
+		smb2_util_close(tree, h);
+		smb2_util_close(tree, h2);
+		smb2_util_close(tree, h3);
+
+		status = smb2_util_unlink(tree, fname);
+		CHECK_STATUS(status, NT_STATUS_OK);
+	}
+
+ done:
+	smb2_util_close(tree, h);
+	smb2_util_close(tree, h2);
+
+	smb2_util_unlink(tree, fname);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+static bool test_lease_nobreakself(struct torture_context *tctx,
+				   struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io;
+	struct smb2_lease ls;
+	struct smb2_handle h1 = {{0}};
+	struct smb2_handle h2 = {{0}};
+	NTSTATUS status;
+	const char *fname = "lease_nobreakself.dat";
+	bool ret = true;
+	uint32_t caps;
+	char c = 0;
+
+	caps = smb2cli_conn_server_capabilities(
+		tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	smb2_util_unlink(tree, fname);
+
+	/* Win7 is happy to grant RHW leases on files. */
+	smb2_lease_create(&io, &ls, false, fname, LEASE1,
+			  smb2_util_lease_state("R"));
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.out.file.handle;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io, "R", true, LEASE1, 0);
+
+	smb2_lease_create(&io, &ls, false, fname, LEASE2,
+			  smb2_util_lease_state("R"));
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io.out.file.handle;
+	CHECK_LEASE(&io, "R", true, LEASE2, 0);
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	tree->session->transport->lease.handler	= torture_lease_handler;
+	tree->session->transport->lease.private_data = tree;
+
+	/* Make sure we don't break ourselves on write */
+
+	status = smb2_util_write(tree, h1, &c, 0, 1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_BREAK_INFO("R", "", LEASE2);
+
+	/* Try the other way round. First, upgrade LEASE2 to R again */
+
+	smb2_lease_create(&io, &ls, false, fname, LEASE2,
+			  smb2_util_lease_state("R"));
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_LEASE(&io, "R", true, LEASE2, 0);
+	smb2_util_close(tree, io.out.file.handle);
+
+	/* Now break LEASE1 via h2 */
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	status = smb2_util_write(tree, h2, &c, 0, 1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_BREAK_INFO("R", "", LEASE1);
+
+	/* .. and break LEASE2 via h1 */
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	status = smb2_util_write(tree, h1, &c, 0, 1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_BREAK_INFO("R", "", LEASE2);
+
+done:
+	smb2_util_close(tree, h2);
+	smb2_util_close(tree, h1);
+	smb2_util_unlink(tree, fname);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool test_lease_statopen(struct torture_context *tctx,
+				   struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io;
+	struct smb2_lease ls;
+	struct smb2_handle h1 = {{0}};
+	struct smb2_handle h2 = {{0}};
+	NTSTATUS status;
+	const char *fname = "lease_statopen.dat";
+	bool ret = true;
+	uint32_t caps;
+
+	caps = smb2cli_conn_server_capabilities(
+		tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	smb2_util_unlink(tree, fname);
+
+	/* Create file. */
+	smb2_lease_create(&io, &ls, false, fname, LEASE1,
+			  smb2_util_lease_state("RWH"));
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.out.file.handle;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io, "RWH", true, LEASE1, 0);
+	smb2_util_close(tree, h1);
+
+	/* Stat open file with RWH lease. */
+	smb2_lease_create_share(&io, &ls, false, fname, 0, LEASE1,
+			  smb2_util_lease_state("RWH"));
+	io.in.desired_access = FILE_READ_ATTRIBUTES;
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io.out.file.handle;
+	CHECK_LEASE(&io, "RWH", true, LEASE1, 0);
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	tree->session->transport->lease.handler	= torture_lease_handler;
+	tree->session->transport->lease.private_data = tree;
+
+	/* Ensure non-stat open doesn't break and gets same lease
+	   state as existing stat open. */
+	smb2_lease_create(&io, &ls, false, fname, LEASE1,
+			  smb2_util_lease_state(""));
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.out.file.handle;
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io, "RWH", true, LEASE1, 0);
+
+	CHECK_NO_BREAK(tctx);
+	smb2_util_close(tree, h1);
+
+	/* Open with conflicting lease. stat open should break down to RH */
+	smb2_lease_create(&io, &ls, false, fname, LEASE2,
+			  smb2_util_lease_state("RWH"));
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.out.file.handle;
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io, "RH", true, LEASE2, 0);
+
+	CHECK_BREAK_INFO("RWH", "RH", LEASE1);
+
+done:
+	smb2_util_close(tree, h2);
+	smb2_util_close(tree, h1);
+	smb2_util_unlink(tree, fname);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool test_lease_statopen2(struct torture_context *tctx,
+				 struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io;
+	struct smb2_lease ls;
+	struct smb2_handle h1 = {{0}};
+	struct smb2_handle h2 = {{0}};
+	struct smb2_handle h3 = {{0}};
+	NTSTATUS status;
+	const char *fname = "lease_statopen2.dat";
+	bool ret = true;
+	uint32_t caps;
+
+	caps = smb2cli_conn_server_capabilities(
+		tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	smb2_util_unlink(tree, fname);
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	tree->session->transport->lease.handler	= torture_lease_handler;
+	tree->session->transport->lease.private_data = tree;
+
+	status = torture_smb2_testfile(tree, fname, &h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	smb2_util_close(tree, h1);
+	ZERO_STRUCT(h1);
+
+	/* Open file with RWH lease. */
+	smb2_lease_create_share(&io, &ls, false, fname,
+				smb2_util_share_access("RWD"),
+				LEASE1,
+				smb2_util_lease_state("RWH"));
+	io.in.desired_access = SEC_FILE_WRITE_DATA;
+	status = smb2_create(tree, mem_ctx, &io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	h1 = io.out.file.handle;
+	CHECK_LEASE(&io, "RWH", true, LEASE1, 0);
+
+	/* Stat open */
+	ZERO_STRUCT(io);
+	io.in.desired_access = FILE_READ_ATTRIBUTES;
+	io.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+	io.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.in.fname = fname;
+	status = smb2_create(tree, mem_ctx, &io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	h2 = io.out.file.handle;
+
+	/* Open file with RWH lease. */
+	smb2_lease_create_share(&io, &ls, false, fname,
+				smb2_util_share_access("RWD"),
+				LEASE1,
+				smb2_util_lease_state("RWH"));
+	io.in.desired_access = SEC_FILE_WRITE_DATA;
+	status = smb2_create(tree, mem_ctx, &io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	h3 = io.out.file.handle;
+	CHECK_LEASE(&io, "RWH", true, LEASE1, 0);
+
+done:
+	if (!smb2_util_handle_empty(h3)) {
+		smb2_util_close(tree, h3);
+	}
+	if (!smb2_util_handle_empty(h2)) {
+		smb2_util_close(tree, h2);
+	}
+	if (!smb2_util_handle_empty(h1)) {
+		smb2_util_close(tree, h1);
+	}
+	smb2_util_unlink(tree, fname);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool test_lease_statopen3(struct torture_context *tctx,
+				 struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io;
+	struct smb2_lease ls;
+	struct smb2_handle h1 = {{0}};
+	struct smb2_handle h2 = {{0}};
+	NTSTATUS status;
+	const char *fname = "lease_statopen3.dat";
+	bool ret = true;
+	uint32_t caps;
+
+	caps = smb2cli_conn_server_capabilities(
+		tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	smb2_util_unlink(tree, fname);
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	tree->session->transport->lease.handler	= torture_lease_handler;
+	tree->session->transport->lease.private_data = tree;
+
+	status = torture_smb2_testfile(tree, fname, &h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	smb2_util_close(tree, h1);
+	ZERO_STRUCT(h1);
+
+	/* Stat open */
+	ZERO_STRUCT(io);
+	io.in.desired_access = FILE_READ_ATTRIBUTES;
+	io.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+	io.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.in.fname = fname;
+	status = smb2_create(tree, mem_ctx, &io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	h1 = io.out.file.handle;
+
+	/* Open file with RWH lease. */
+	smb2_lease_create_share(&io, &ls, false, fname,
+				smb2_util_share_access("RWD"),
+				LEASE1,
+				smb2_util_lease_state("RWH"));
+	io.in.desired_access = SEC_FILE_WRITE_DATA;
+	status = smb2_create(tree, mem_ctx, &io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	h2 = io.out.file.handle;
+	CHECK_LEASE(&io, "RWH", true, LEASE1, 0);
+
+done:
+	if (!smb2_util_handle_empty(h1)) {
+		smb2_util_close(tree, h1);
+	}
+	if (!smb2_util_handle_empty(h2)) {
+		smb2_util_close(tree, h2);
+	}
+	smb2_util_unlink(tree, fname);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool test_lease_statopen4_do(struct torture_context *tctx,
+				    struct smb2_tree *tree,
+				    uint32_t access_mask,
+				    bool expect_stat_open)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io;
+	struct smb2_lease ls;
+	struct smb2_handle h1 = {{0}};
+	struct smb2_handle h2 = {{0}};
+	struct smb2_handle h3 = {{0}};
+	NTSTATUS status;
+	const char *fname = "lease_statopen2.dat";
+	bool ret = true;
+
+	/* Open file with RWH lease. */
+	smb2_lease_create_share(&io, &ls, false, fname,
+				smb2_util_share_access("RWD"),
+				LEASE1,
+				smb2_util_lease_state("RWH"));
+	io.in.desired_access = SEC_FILE_ALL;
+	status = smb2_create(tree, mem_ctx, &io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	h1 = io.out.file.handle;
+	CHECK_LEASE(&io, "RWH", true, LEASE1, 0);
+
+	/* Stat open */
+	ZERO_STRUCT(io);
+	io.in.desired_access = access_mask;
+	io.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+	io.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.in.fname = fname;
+	status = smb2_create(tree, mem_ctx, &io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	h2 = io.out.file.handle;
+
+	if (expect_stat_open) {
+		CHECK_NO_BREAK(tctx);
+		if (!ret) {
+			goto done;
+		}
+	} else {
+		CHECK_VAL(lease_break_info.count, 1);
+		if (!ret) {
+			goto done;
+		}
+		/*
+		 * Don't bother checking the lease state of an additional open
+		 * below...
+		 */
+		goto done;
+	}
+
+	/* Open file with RWH lease. */
+	smb2_lease_create_share(&io, &ls, false, fname,
+				smb2_util_share_access("RWD"),
+				LEASE1,
+				smb2_util_lease_state("RWH"));
+	io.in.desired_access = SEC_FILE_WRITE_DATA;
+	status = smb2_create(tree, mem_ctx, &io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	h3 = io.out.file.handle;
+	CHECK_LEASE(&io, "RWH", true, LEASE1, 0);
+
+done:
+	if (!smb2_util_handle_empty(h3)) {
+		smb2_util_close(tree, h3);
+	}
+	if (!smb2_util_handle_empty(h2)) {
+		smb2_util_close(tree, h2);
+	}
+	if (!smb2_util_handle_empty(h1)) {
+		smb2_util_close(tree, h1);
+	}
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool test_lease_statopen4(struct torture_context *tctx,
+				 struct smb2_tree *tree)
+{
+	const char *fname = "lease_statopen4.dat";
+	struct smb2_handle h1 = {{0}};
+	uint32_t caps;
+	size_t i;
+	NTSTATUS status;
+	bool ret = true;
+	struct {
+		uint32_t access_mask;
+		bool expect_stat_open;
+	} tests[] = {
+		{
+			.access_mask = FILE_READ_DATA,
+			.expect_stat_open = false,
+		},
+		{
+			.access_mask = FILE_WRITE_DATA,
+			.expect_stat_open = false,
+		},
+		{
+			.access_mask = FILE_READ_EA,
+			.expect_stat_open = false,
+		},
+		{
+			.access_mask = FILE_WRITE_EA,
+			.expect_stat_open = false,
+		},
+		{
+			.access_mask = FILE_EXECUTE,
+			.expect_stat_open = false,
+		},
+		{
+			.access_mask = FILE_READ_ATTRIBUTES,
+			.expect_stat_open = true,
+		},
+		{
+			.access_mask = FILE_WRITE_ATTRIBUTES,
+			.expect_stat_open = true,
+		},
+		{
+			.access_mask = DELETE_ACCESS,
+			.expect_stat_open = false,
+		},
+		{
+			.access_mask = READ_CONTROL_ACCESS,
+			.expect_stat_open = true,
+		},
+		{
+			.access_mask = WRITE_DAC_ACCESS,
+			.expect_stat_open = false,
+		},
+		{
+			.access_mask = WRITE_OWNER_ACCESS,
+			.expect_stat_open = false,
+		},
+		{
+			.access_mask = SYNCHRONIZE_ACCESS,
+			.expect_stat_open = true,
+		},
+	};
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	smb2_util_unlink(tree, fname);
+	tree->session->transport->lease.handler	= torture_lease_handler;
+	tree->session->transport->lease.private_data = tree;
+
+	status = torture_smb2_testfile(tree, fname, &h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	smb2_util_close(tree, h1);
+	ZERO_STRUCT(h1);
+
+	for (i = 0; i < ARRAY_SIZE(tests); i++) {
+		torture_reset_lease_break_info(tctx, &lease_break_info);
+
+		ret = test_lease_statopen4_do(tctx,
+					      tree,
+					      tests[i].access_mask,
+					      tests[i].expect_stat_open);
+		if (ret == true) {
+			continue;
+		}
+		torture_result(tctx, TORTURE_FAIL,
+			       "test %zu: access_mask: %s, "
+			       "expect_stat_open: %s\n",
+			       i,
+			       get_sec_mask_str(tree, tests[i].access_mask),
+			       tests[i].expect_stat_open ? "yes" : "no");
+		goto done;
+	}
+
+done:
+	smb2_util_unlink(tree, fname);
+	return ret;
+}
+
+static void torture_oplock_break_callback(struct smb2_request *req)
+{
+	NTSTATUS status;
+	struct smb2_break br;
+
+	ZERO_STRUCT(br);
+	status = smb2_break_recv(req, &br);
+	if (!NT_STATUS_IS_OK(status))
+		lease_break_info.oplock_failures++;
+
+	return;
+}
+
+/* a oplock break request handler */
+static bool torture_oplock_handler(struct smb2_transport *transport,
+				   const struct smb2_handle *handle,
+				   uint8_t level, void *private_data)
+{
+	struct smb2_tree *tree = private_data;
+	struct smb2_request *req;
+	struct smb2_break br;
+
+	lease_break_info.oplock_handle = *handle;
+	lease_break_info.oplock_level	= level;
+	lease_break_info.oplock_count++;
+
+	ZERO_STRUCT(br);
+	br.in.file.handle = *handle;
+	br.in.oplock_level = level;
+
+	if (lease_break_info.held_oplock_level > SMB2_OPLOCK_LEVEL_II) {
+		req = smb2_break_send(tree, &br);
+		req->async.fn = torture_oplock_break_callback;
+		req->async.private_data = NULL;
+	}
+	lease_break_info.held_oplock_level = level;
+
+	return true;
+}
+
+#define NOPLOCK_RESULTS 12
+static const char *oplock_results[NOPLOCK_RESULTS][4] = {
+	{"R",	"s",	"R",	"s"},
+	{"R",	"x",	"R",	"s"},
+	{"R",	"b",	"R",	"s"},
+
+	{"RH",	"s",	"RH",	""},
+	{"RH",	"x",	"RH",	""},
+	{"RH",	"b",	"RH",	""},
+
+	{"RW",	"s",	"R",	"s"},
+	{"RW",	"x",	"R",	"s"},
+	{"RW",	"b",	"R",	"s"},
+
+	{"RHW",	"s",	"RH",	""},
+	{"RHW",	"x",	"RH",	""},
+	{"RHW",	"b",	"RH",	""},
+};
+
+static const char *oplock_results_2[NOPLOCK_RESULTS][4] = {
+	{"s",	"R",	"s",	"R"},
+	{"s",	"RH",	"s",	"R"},
+	{"s",	"RW",	"s",	"R"},
+	{"s",	"RHW",	"s",	"R"},
+
+	{"x",	"R",	"s",	"R"},
+	{"x",	"RH",	"s",	"R"},
+	{"x",	"RW",	"s",	"R"},
+	{"x",	"RHW",	"s",	"R"},
+
+	{"b",	"R",	"s",	"R"},
+	{"b",	"RH",	"s",	"R"},
+	{"b",	"RW",	"s",	"R"},
+	{"b",	"RHW",	"s",	"R"},
+};
+
+static bool test_lease_oplock(struct torture_context *tctx,
+                              struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io;
+	struct smb2_lease ls;
+	struct smb2_handle h, h2;
+	NTSTATUS status;
+	const char *fname = "lease_oplock.dat";
+	bool ret = true;
+	int i;
+	uint32_t caps;
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	tree->session->transport->lease.handler	= torture_lease_handler;
+	tree->session->transport->lease.private_data = tree;
+	tree->session->transport->oplock.handler = torture_oplock_handler;
+	tree->session->transport->oplock.private_data = tree;
+
+	smb2_util_unlink(tree, fname);
+
+	for (i = 0; i < NOPLOCK_RESULTS; i++) {
+		const char *held = oplock_results[i][0];
+		const char *contend = oplock_results[i][1];
+		const char *brokento = oplock_results[i][2];
+		const char *granted = oplock_results[i][3];
+		torture_comment(tctx, "Hold %s(%x), requesting %s(%x), "
+		    "expecting break to %s(%x) and grant of %s(%x)\n",
+		    held, smb2_util_lease_state(held), contend, smb2_util_oplock_level(contend),
+		    brokento, smb2_util_lease_state(brokento), granted, smb2_util_oplock_level(granted));
+
+		torture_reset_lease_break_info(tctx, &lease_break_info);
+
+		/* Grab lease. */
+		smb2_lease_create(&io, &ls, false, fname, LEASE1, smb2_util_lease_state(held));
+		status = smb2_create(tree, mem_ctx, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		h = io.out.file.handle;
+		CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+		CHECK_LEASE(&io, held, true, LEASE1, 0);
+
+		/* Does an oplock contend the lease? */
+		smb2_oplock_create(&io, fname, smb2_util_oplock_level(contend));
+		status = smb2_create(tree, mem_ctx, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		h2 = io.out.file.handle;
+		CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+		CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level(granted));
+		lease_break_info.held_oplock_level = io.out.oplock_level;
+
+		if (smb2_util_lease_state(held) != smb2_util_lease_state(brokento)) {
+			CHECK_BREAK_INFO(held, brokento, LEASE1);
+		} else {
+			CHECK_NO_BREAK(tctx);
+		}
+
+		smb2_util_close(tree, h);
+		smb2_util_close(tree, h2);
+
+		status = smb2_util_unlink(tree, fname);
+		CHECK_STATUS(status, NT_STATUS_OK);
+	}
+
+	for (i = 0; i < NOPLOCK_RESULTS; i++) {
+		const char *held = oplock_results_2[i][0];
+		const char *contend = oplock_results_2[i][1];
+		const char *brokento = oplock_results_2[i][2];
+		const char *granted = oplock_results_2[i][3];
+		torture_comment(tctx, "Hold %s(%x), requesting %s(%x), "
+		    "expecting break to %s(%x) and grant of %s(%x)\n",
+		    held, smb2_util_oplock_level(held), contend, smb2_util_lease_state(contend),
+		    brokento, smb2_util_oplock_level(brokento), granted, smb2_util_lease_state(granted));
+
+		torture_reset_lease_break_info(tctx, &lease_break_info);
+
+		/* Grab an oplock. */
+		smb2_oplock_create(&io, fname, smb2_util_oplock_level(held));
+		status = smb2_create(tree, mem_ctx, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		h = io.out.file.handle;
+		CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+		CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level(held));
+		lease_break_info.held_oplock_level = io.out.oplock_level;
+
+		/* Grab lease. */
+		smb2_lease_create(&io, &ls, false, fname, LEASE1, smb2_util_lease_state(contend));
+		status = smb2_create(tree, mem_ctx, &io);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		h2 = io.out.file.handle;
+		CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+		CHECK_LEASE(&io, granted, true, LEASE1, 0);
+
+		if (smb2_util_oplock_level(held) != smb2_util_oplock_level(brokento)) {
+			CHECK_OPLOCK_BREAK(brokento);
+		} else {
+			CHECK_NO_BREAK(tctx);
+		}
+
+		smb2_util_close(tree, h);
+		smb2_util_close(tree, h2);
+
+		status = smb2_util_unlink(tree, fname);
+		CHECK_STATUS(status, NT_STATUS_OK);
+	}
+
+ done:
+	smb2_util_close(tree, h);
+	smb2_util_close(tree, h2);
+
+	smb2_util_unlink(tree, fname);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+static bool test_lease_multibreak(struct torture_context *tctx,
+                                  struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io;
+	struct smb2_lease ls;
+	struct smb2_handle h = {{0}};
+	struct smb2_handle h2 = {{0}};
+	struct smb2_handle h3 = {{0}};
+	struct smb2_write w;
+	NTSTATUS status;
+	const char *fname = "lease_multibreak.dat";
+	bool ret = true;
+	uint32_t caps;
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	tree->session->transport->lease.handler	= torture_lease_handler;
+	tree->session->transport->lease.private_data = tree;
+	tree->session->transport->oplock.handler = torture_oplock_handler;
+	tree->session->transport->oplock.private_data = tree;
+
+	smb2_util_unlink(tree, fname);
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	/* Grab lease, upgrade to RHW .. */
+	smb2_lease_create(&io, &ls, false, fname, LEASE1, smb2_util_lease_state("RH"));
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h = io.out.file.handle;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io, "RH", true, LEASE1, 0);
+
+	smb2_lease_create(&io, &ls, false, fname, LEASE1, smb2_util_lease_state("RHW"));
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io.out.file.handle;
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io, "RHW", true, LEASE1, 0);
+
+	/* Contend with LEASE2. */
+	smb2_lease_create(&io, &ls, false, fname, LEASE2, smb2_util_lease_state("RHW"));
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h3 = io.out.file.handle;
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io, "RH", true, LEASE2, 0);
+
+	/* Verify that we were only sent one break. */
+	CHECK_BREAK_INFO("RHW", "RH", LEASE1);
+
+	/* Drop LEASE1 / LEASE2 */
+	status = smb2_util_close(tree, h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_util_close(tree, h2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_util_close(tree, h3);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	/* Grab an R lease. */
+	smb2_lease_create(&io, &ls, false, fname, LEASE1, smb2_util_lease_state("R"));
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h = io.out.file.handle;
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io, "R", true, LEASE1, 0);
+
+	/* Grab a level-II oplock. */
+	smb2_oplock_create(&io, fname, smb2_util_oplock_level("s"));
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io.out.file.handle;
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("s"));
+	lease_break_info.held_oplock_level = io.out.oplock_level;
+
+	/* Verify no breaks. */
+	CHECK_NO_BREAK(tctx);
+
+	/* Open for truncate, force a break. */
+	smb2_generic_create(&io, NULL, false, fname,
+	    NTCREATEX_DISP_OVERWRITE_IF, smb2_util_oplock_level(""), 0, 0);
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h3 = io.out.file.handle;
+	CHECK_CREATED(&io, TRUNCATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level(""));
+	lease_break_info.held_oplock_level = io.out.oplock_level;
+
+	/* Sleep, use a write to clear the recv queue. */
+	smb_msleep(250);
+	ZERO_STRUCT(w);
+	w.in.file.handle = h3;
+	w.in.offset      = 0;
+	w.in.data        = data_blob_talloc(mem_ctx, NULL, 4096);
+	memset(w.in.data.data, 'o', w.in.data.length);
+	status = smb2_write(tree, &w);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Verify one oplock break, one lease break. */
+	CHECK_OPLOCK_BREAK("");
+	CHECK_BREAK_INFO("R", "", LEASE1);
+
+ done:
+	smb2_util_close(tree, h);
+	smb2_util_close(tree, h2);
+	smb2_util_close(tree, h3);
+
+	smb2_util_unlink(tree, fname);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+static bool test_lease_v2_request_parent(struct torture_context *tctx,
+					 struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io;
+	struct smb2_lease ls;
+	struct smb2_handle h1 = {{0}};
+	uint64_t parent = LEASE2;
+	NTSTATUS status;
+	const char *fname = "lease_v2_request_parent.dat";
+	bool ret = true;
+	uint32_t caps;
+	enum protocol_types protocol;
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+	if (!(caps & SMB2_CAP_DIRECTORY_LEASING)) {
+		torture_skip(tctx, "directory leases are not supported");
+	}
+
+	protocol = smbXcli_conn_protocol(tree->session->transport->conn);
+	if (protocol < PROTOCOL_SMB3_00) {
+		torture_skip(tctx, "v2 leases are not supported");
+	}
+
+	smb2_util_unlink(tree, fname);
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	ZERO_STRUCT(io);
+	smb2_lease_v2_create_share(&io, &ls, false, fname,
+				   smb2_util_share_access("RWD"),
+				   LEASE1, &parent,
+				   smb2_util_lease_state("RHW"),
+				   0x11);
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.out.file.handle;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE_V2(&io, "RHW", true, LEASE1,
+		       SMB2_LEASE_FLAG_PARENT_LEASE_KEY_SET, LEASE2,
+		       ls.lease_epoch + 1);
+
+ done:
+	smb2_util_close(tree, h1);
+	smb2_util_unlink(tree, fname);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+static bool test_lease_break_twice(struct torture_context *tctx,
+				   struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io;
+	struct smb2_lease ls1;
+	struct smb2_lease ls2;
+	struct smb2_handle h1 = {{0}};
+	NTSTATUS status;
+	const char *fname = "lease_break_twice.dat";
+	bool ret = true;
+	uint32_t caps;
+	enum protocol_types protocol;
+
+	caps = smb2cli_conn_server_capabilities(
+		tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	protocol = smbXcli_conn_protocol(tree->session->transport->conn);
+	if (protocol < PROTOCOL_SMB3_00) {
+		torture_skip(tctx, "v2 leases are not supported");
+	}
+
+	smb2_util_unlink(tree, fname);
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	ZERO_STRUCT(io);
+
+	smb2_lease_v2_create_share(
+		&io, &ls1, false, fname, smb2_util_share_access("RWD"),
+		LEASE1, NULL, smb2_util_lease_state("RWH"), 0x11);
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.out.file.handle;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE_V2(&io, "RHW", true, LEASE1, 0, 0, ls1.lease_epoch + 1);
+
+	tree->session->transport->lease.handler = torture_lease_handler;
+	tree->session->transport->lease.private_data = tree;
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	smb2_lease_v2_create_share(
+		&io, &ls2, false, fname, smb2_util_share_access("R"),
+		LEASE2, NULL, smb2_util_lease_state("RWH"), 0x22);
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_SHARING_VIOLATION);
+	CHECK_BREAK_INFO_V2(tree->session->transport,
+			    "RWH", "RW", LEASE1, ls1.lease_epoch + 2);
+
+	smb2_lease_v2_create_share(
+		&io, &ls2, false, fname, smb2_util_share_access("RWD"),
+		LEASE2, NULL, smb2_util_lease_state("RWH"), 0x22);
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_LEASE_V2(&io, "RH", true, LEASE2, 0, 0, ls2.lease_epoch + 1);
+	CHECK_BREAK_INFO_V2(tree->session->transport,
+			    "RW", "R", LEASE1, ls1.lease_epoch + 3);
+
+done:
+	smb2_util_close(tree, h1);
+	smb2_util_unlink(tree, fname);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool test_lease_v2_request(struct torture_context *tctx,
+				  struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io;
+	struct smb2_lease ls1, ls2, ls2t, ls3, ls4;
+	struct smb2_handle h1 = {{0}};
+	struct smb2_handle h2 = {{0}};
+	struct smb2_handle h3 = {{0}};
+	struct smb2_handle h4 = {{0}};
+	struct smb2_handle h5 = {{0}};
+	struct smb2_write w;
+	NTSTATUS status;
+	const char *fname = "lease_v2_request.dat";
+	const char *dname = "lease_v2_request.dir";
+	const char *dnamefname = "lease_v2_request.dir\\lease.dat";
+	const char *dnamefname2 = "lease_v2_request.dir\\lease2.dat";
+	bool ret = true;
+	uint32_t caps;
+	enum protocol_types protocol;
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+	if (!(caps & SMB2_CAP_DIRECTORY_LEASING)) {
+		torture_skip(tctx, "directory leases are not supported");
+	}
+
+	protocol = smbXcli_conn_protocol(tree->session->transport->conn);
+	if (protocol < PROTOCOL_SMB3_00) {
+		torture_skip(tctx, "v2 leases are not supported");
+	}
+
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, dname);
+
+	tree->session->transport->lease.handler	= torture_lease_handler;
+	tree->session->transport->lease.private_data = tree;
+	tree->session->transport->oplock.handler = torture_oplock_handler;
+	tree->session->transport->oplock.private_data = tree;
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	ZERO_STRUCT(io);
+	smb2_lease_v2_create_share(&io, &ls1, false, fname,
+				   smb2_util_share_access("RWD"),
+				   LEASE1, NULL,
+				   smb2_util_lease_state("RHW"),
+				   0x11);
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.out.file.handle;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE_V2(&io, "RHW", true, LEASE1, 0, 0, ls1.lease_epoch + 1);
+
+	ZERO_STRUCT(io);
+	smb2_lease_v2_create_share(&io, &ls2, true, dname,
+				   smb2_util_share_access("RWD"),
+				   LEASE2, NULL,
+				   smb2_util_lease_state("RHW"),
+				   0x22);
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io.out.file.handle;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_DIRECTORY);
+	CHECK_LEASE_V2(&io, "RH", true, LEASE2, 0, 0, ls2.lease_epoch + 1);
+
+	ZERO_STRUCT(io);
+	smb2_lease_v2_create_share(&io, &ls3, false, dnamefname,
+				   smb2_util_share_access("RWD"),
+				   LEASE3, &LEASE2,
+				   smb2_util_lease_state("RHW"),
+				   0x33);
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h3 = io.out.file.handle;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE_V2(&io, "RHW", true, LEASE3,
+		       SMB2_LEASE_FLAG_PARENT_LEASE_KEY_SET, LEASE2,
+		       ls3.lease_epoch + 1);
+
+	CHECK_NO_BREAK(tctx);
+
+	ZERO_STRUCT(io);
+	smb2_lease_v2_create_share(&io, &ls4, false, dnamefname2,
+				   smb2_util_share_access("RWD"),
+				   LEASE4, NULL,
+				   smb2_util_lease_state("RHW"),
+				   0x44);
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h4 = io.out.file.handle;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE_V2(&io, "RHW", true, LEASE4, 0, 0, ls4.lease_epoch + 1);
+
+	CHECK_BREAK_INFO_V2(tree->session->transport,
+			    "RH", "", LEASE2, ls2.lease_epoch + 2);
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	ZERO_STRUCT(io);
+	smb2_lease_v2_create_share(&io, &ls2t, true, dname,
+				   smb2_util_share_access("RWD"),
+				   LEASE2, NULL,
+				   smb2_util_lease_state("RHW"),
+				   0x222);
+	io.in.create_disposition = NTCREATEX_DISP_OPEN;
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h5 = io.out.file.handle;
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_DIRECTORY);
+	CHECK_LEASE_V2(&io, "RH", true, LEASE2, 0, 0, ls2.lease_epoch+3);
+	smb2_util_close(tree, h5);
+
+	ZERO_STRUCT(w);
+	w.in.file.handle = h4;
+	w.in.offset      = 0;
+	w.in.data        = data_blob_talloc(mem_ctx, NULL, 4096);
+	memset(w.in.data.data, 'o', w.in.data.length);
+	status = smb2_write(tree, &w);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * Wait 4 seconds in order to check if the write time
+	 * was updated (after 2 seconds).
+	 */
+	smb_msleep(4000);
+	CHECK_NO_BREAK(tctx);
+
+	/*
+	 * only the close on the modified file break the
+	 * directory lease.
+	 */
+	smb2_util_close(tree, h4);
+
+	CHECK_BREAK_INFO_V2(tree->session->transport,
+			    "RH", "", LEASE2, ls2.lease_epoch+4);
+
+ done:
+	smb2_util_close(tree, h1);
+	smb2_util_close(tree, h2);
+	smb2_util_close(tree, h3);
+	smb2_util_close(tree, h4);
+	smb2_util_close(tree, h5);
+
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, dname);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+static bool test_lease_v2_epoch1(struct torture_context *tctx,
+				 struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io;
+	struct smb2_lease ls;
+	struct smb2_handle h;
+	const char *fname = "lease_v2_epoch1.dat";
+	bool ret = true;
+	NTSTATUS status;
+	uint32_t caps;
+	enum protocol_types protocol;
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	protocol = smbXcli_conn_protocol(tree->session->transport->conn);
+	if (protocol < PROTOCOL_SMB3_00) {
+		torture_skip(tctx, "v2 leases are not supported");
+	}
+
+	smb2_util_unlink(tree, fname);
+
+	tree->session->transport->lease.handler	= torture_lease_handler;
+	tree->session->transport->lease.private_data = tree;
+	tree->session->transport->oplock.handler = torture_oplock_handler;
+	tree->session->transport->oplock.private_data = tree;
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	ZERO_STRUCT(io);
+	smb2_lease_v2_create_share(&io, &ls, false, fname,
+				   smb2_util_share_access("RWD"),
+				   LEASE1, NULL,
+				   smb2_util_lease_state("RHW"),
+				   0x4711);
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h = io.out.file.handle;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE_V2(&io, "RHW", true, LEASE1, 0, 0, ls.lease_epoch + 1);
+	smb2_util_close(tree, h);
+	smb2_util_unlink(tree, fname);
+
+	smb2_lease_v2_create_share(&io, &ls, false, fname,
+				   smb2_util_share_access("RWD"),
+				   LEASE1, NULL,
+				   smb2_util_lease_state("RHW"),
+				   0x11);
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h = io.out.file.handle;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE_V2(&io, "RWH", true, LEASE1, 0, 0, ls.lease_epoch + 1);
+	smb2_util_close(tree, h);
+
+done:
+	smb2_util_unlink(tree, fname);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool test_lease_v2_epoch2(struct torture_context *tctx,
+				 struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io;
+	struct smb2_lease ls1v2, ls1v2t, ls1v1;
+	struct smb2_handle hv2 = {}, hv1 = {};
+	const char *fname = "lease_v2_epoch2.dat";
+	bool ret = true;
+	NTSTATUS status;
+	uint32_t caps;
+	enum protocol_types protocol;
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	protocol = smbXcli_conn_protocol(tree->session->transport->conn);
+	if (protocol < PROTOCOL_SMB3_00) {
+		torture_skip(tctx, "v2 leases are not supported");
+	}
+
+	smb2_util_unlink(tree, fname);
+
+	tree->session->transport->lease.handler	= torture_lease_handler;
+	tree->session->transport->lease.private_data = tree;
+	tree->session->transport->oplock.handler = torture_oplock_handler;
+	tree->session->transport->oplock.private_data = tree;
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	ZERO_STRUCT(io);
+	smb2_lease_v2_create_share(&io, &ls1v2, false, fname,
+				   smb2_util_share_access("RWD"),
+				   LEASE1, NULL,
+				   smb2_util_lease_state("R"),
+				   0x4711);
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	hv2 = io.out.file.handle;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE_V2(&io, "R", true, LEASE1, 0, 0, ls1v2.lease_epoch + 1);
+
+	ZERO_STRUCT(io);
+	smb2_lease_create_share(&io, &ls1v1, false, fname,
+				smb2_util_share_access("RWD"),
+				LEASE1,
+				smb2_util_lease_state("RH"));
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	hv1 = io.out.file.handle;
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE_V2(&io, "RH", true, LEASE1, 0, 0, ls1v2.lease_epoch + 2);
+
+	smb2_util_close(tree, hv2);
+
+	ZERO_STRUCT(io);
+	smb2_lease_v2_create_share(&io, &ls1v2t, false, fname,
+				   smb2_util_share_access("RWD"),
+				   LEASE1, NULL,
+				   smb2_util_lease_state("RHW"),
+				   0x11);
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	hv2 = io.out.file.handle;
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE_V2(&io, "RHW", true, LEASE1, 0, 0, ls1v2.lease_epoch + 3);
+
+	smb2_util_close(tree, hv2);
+
+	smb2_oplock_create(&io, fname, SMB2_OPLOCK_LEVEL_NONE);
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	hv2 = io.out.file.handle;
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.oplock_level, SMB2_OPLOCK_LEVEL_NONE);
+
+	CHECK_BREAK_INFO_V2(tree->session->transport,
+			    "RWH", "RH", LEASE1, ls1v2.lease_epoch + 4);
+
+	smb2_util_close(tree, hv2);
+	smb2_util_close(tree, hv1);
+
+	ZERO_STRUCT(io);
+	smb2_lease_create_share(&io, &ls1v1, false, fname,
+				smb2_util_share_access("RWD"),
+				LEASE1,
+				smb2_util_lease_state("RHW"));
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	hv1 = io.out.file.handle;
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io, "RHW", true, LEASE1, 0);
+
+	smb2_util_close(tree, hv1);
+
+done:
+	smb2_util_close(tree, hv2);
+	smb2_util_close(tree, hv1);
+	smb2_util_unlink(tree, fname);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool test_lease_v2_epoch3(struct torture_context *tctx,
+				 struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io;
+	struct smb2_lease ls1v1 = {}, ls1v1t = {},ls1v2 = {};
+	struct smb2_handle hv1 = {}, hv2 = {};
+	const char *fname = "lease_v2_epoch3.dat";
+	bool ret = true;
+	NTSTATUS status;
+	uint32_t caps;
+	enum protocol_types protocol;
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	protocol = smbXcli_conn_protocol(tree->session->transport->conn);
+	if (protocol < PROTOCOL_SMB3_00) {
+		torture_skip(tctx, "v2 leases are not supported");
+	}
+
+	smb2_util_unlink(tree, fname);
+
+	tree->session->transport->lease.handler	= torture_lease_handler;
+	tree->session->transport->lease.private_data = tree;
+	tree->session->transport->oplock.handler = torture_oplock_handler;
+	tree->session->transport->oplock.private_data = tree;
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	ZERO_STRUCT(io);
+	smb2_lease_create_share(&io, &ls1v1, false, fname,
+				smb2_util_share_access("RWD"),
+				LEASE1,
+				smb2_util_lease_state("R"));
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	hv1 = io.out.file.handle;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io, "R", true, LEASE1, 0);
+
+	ZERO_STRUCT(io);
+	smb2_lease_v2_create_share(&io, &ls1v2, false, fname,
+				   smb2_util_share_access("RWD"),
+				   LEASE1, NULL,
+				   smb2_util_lease_state("RW"),
+				   0x4711);
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	hv2 = io.out.file.handle;
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io, "RW", true, LEASE1, 0);
+
+	smb2_util_close(tree, hv1);
+
+	ZERO_STRUCT(io);
+	smb2_lease_create_share(&io, &ls1v1t, false, fname,
+				smb2_util_share_access("RWD"),
+				LEASE1,
+				smb2_util_lease_state("RWH"));
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	hv1 = io.out.file.handle;
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io, "RWH", true, LEASE1, 0);
+
+	smb2_util_close(tree, hv1);
+
+	smb2_oplock_create(&io, fname, SMB2_OPLOCK_LEVEL_NONE);
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	hv1 = io.out.file.handle;
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.oplock_level, SMB2_OPLOCK_LEVEL_NONE);
+
+	CHECK_BREAK_INFO("RWH", "RH", LEASE1);
+
+	smb2_util_close(tree, hv1);
+	smb2_util_close(tree, hv2);
+
+	ZERO_STRUCT(io);
+	smb2_lease_v2_create_share(&io, &ls1v2, false, fname,
+				   smb2_util_share_access("RWD"),
+				   LEASE1, NULL,
+				   smb2_util_lease_state("RWH"),
+				   0x4711);
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	hv2 = io.out.file.handle;
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE_V2(&io, "RHW", true, LEASE1, 0, 0, ls1v2.lease_epoch + 1);
+	smb2_util_close(tree, hv2);
+
+done:
+	smb2_util_close(tree, hv2);
+	smb2_util_close(tree, hv1);
+	smb2_util_unlink(tree, fname);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool test_lease_breaking1(struct torture_context *tctx,
+				 struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io1 = {};
+	struct smb2_create io2 = {};
+	struct smb2_lease ls1 = {};
+	struct smb2_handle h1a = {};
+	struct smb2_handle h1b = {};
+	struct smb2_handle h2 = {};
+	struct smb2_request *req2 = NULL;
+	struct smb2_lease_break_ack ack = {};
+	const char *fname = "lease_breaking1.dat";
+	bool ret = true;
+	NTSTATUS status;
+	uint32_t caps;
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	smb2_util_unlink(tree, fname);
+
+	tree->session->transport->lease.handler	= torture_lease_handler;
+	tree->session->transport->lease.private_data = tree;
+	tree->session->transport->oplock.handler = torture_oplock_handler;
+	tree->session->transport->oplock.private_data = tree;
+
+	/*
+	 * we defer acking the lease break.
+	 */
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	lease_break_info.lease_skip_ack = true;
+
+	smb2_lease_create_share(&io1, &ls1, false, fname,
+				smb2_util_share_access("RWD"),
+				LEASE1,
+				smb2_util_lease_state("RWH"));
+	status = smb2_create(tree, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1a = io1.out.file.handle;
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io1, "RWH", true, LEASE1, 0);
+
+	/*
+	 * a conflicting open is blocked until we ack the
+	 * lease break
+	 */
+	smb2_oplock_create(&io2, fname, SMB2_OPLOCK_LEVEL_NONE);
+	req2 = smb2_create_send(tree, &io2);
+	torture_assert(tctx, req2 != NULL, "smb2_create_send");
+
+	/*
+	 * we got the lease break, but defer the ack.
+	 */
+	CHECK_BREAK_INFO("RWH", "RH", LEASE1);
+
+	torture_assert(tctx, req2->state == SMB2_REQUEST_RECV, "req2 pending");
+
+	ack.in.lease.lease_key =
+		lease_break_info.lease_break.current_lease.lease_key;
+	ack.in.lease.lease_state =
+		lease_break_info.lease_break.new_lease_state;
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	/*
+	 * a open using the same lease key is still works,
+	 * but reports SMB2_LEASE_FLAG_BREAK_IN_PROGRESS
+	 */
+	status = smb2_create(tree, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1b = io1.out.file.handle;
+	CHECK_CREATED(&io1, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io1, "RWH", true, LEASE1, SMB2_LEASE_FLAG_BREAK_IN_PROGRESS);
+	smb2_util_close(tree, h1b);
+
+	CHECK_NO_BREAK(tctx);
+
+	torture_assert(tctx, req2->state == SMB2_REQUEST_RECV, "req2 pending");
+
+	/*
+	 * We ack the lease break.
+	 */
+	status = smb2_lease_break_ack(tree, &ack);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_LEASE_BREAK_ACK(&ack, "RH", LEASE1);
+
+	torture_assert(tctx, req2->cancel.can_cancel,
+		       "req2 can_cancel");
+
+	status = smb2_create_recv(req2, tctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io2.out.file.handle;
+	CHECK_CREATED(&io2, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io2.out.oplock_level, SMB2_OPLOCK_LEVEL_NONE);
+
+	CHECK_NO_BREAK(tctx);
+done:
+	smb2_util_close(tree, h1a);
+	smb2_util_close(tree, h1b);
+	smb2_util_close(tree, h2);
+	smb2_util_unlink(tree, fname);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool test_lease_breaking2(struct torture_context *tctx,
+				 struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io1 = {};
+	struct smb2_create io2 = {};
+	struct smb2_lease ls1 = {};
+	struct smb2_handle h1a = {};
+	struct smb2_handle h1b = {};
+	struct smb2_handle h2 = {};
+	struct smb2_request *req2 = NULL;
+	struct smb2_lease_break_ack ack = {};
+	const char *fname = "lease_breaking2.dat";
+	bool ret = true;
+	NTSTATUS status;
+	uint32_t caps;
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	smb2_util_unlink(tree, fname);
+
+	tree->session->transport->lease.handler	= torture_lease_handler;
+	tree->session->transport->lease.private_data = tree;
+	tree->session->transport->oplock.handler = torture_oplock_handler;
+	tree->session->transport->oplock.private_data = tree;
+
+	/*
+	 * we defer acking the lease break.
+	 */
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	lease_break_info.lease_skip_ack = true;
+
+	smb2_lease_create_share(&io1, &ls1, false, fname,
+				smb2_util_share_access("RWD"),
+				LEASE1,
+				smb2_util_lease_state("RWH"));
+	status = smb2_create(tree, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1a = io1.out.file.handle;
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io1, "RWH", true, LEASE1, 0);
+
+	/*
+	 * a conflicting open is blocked until we ack the
+	 * lease break
+	 */
+	smb2_oplock_create(&io2, fname, SMB2_OPLOCK_LEVEL_NONE);
+	io2.in.create_disposition = NTCREATEX_DISP_OVERWRITE;
+	req2 = smb2_create_send(tree, &io2);
+	torture_assert(tctx, req2 != NULL, "smb2_create_send");
+
+	/*
+	 * we got the lease break, but defer the ack.
+	 */
+	CHECK_BREAK_INFO("RWH", "", LEASE1);
+
+	torture_assert(tctx, req2->state == SMB2_REQUEST_RECV, "req2 pending");
+
+	ack.in.lease.lease_key =
+		lease_break_info.lease_break.current_lease.lease_key;
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	/*
+	 * a open using the same lease key is still works,
+	 * but reports SMB2_LEASE_FLAG_BREAK_IN_PROGRESS
+	 */
+	status = smb2_create(tree, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1b = io1.out.file.handle;
+	CHECK_CREATED(&io1, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io1, "RWH", true, LEASE1, SMB2_LEASE_FLAG_BREAK_IN_PROGRESS);
+	smb2_util_close(tree, h1b);
+
+	CHECK_NO_BREAK(tctx);
+
+	torture_assert(tctx, req2->state == SMB2_REQUEST_RECV, "req2 pending");
+
+	/*
+	 * We ack the lease break.
+	 */
+	ack.in.lease.lease_state =
+		SMB2_LEASE_READ | SMB2_LEASE_WRITE | SMB2_LEASE_HANDLE;
+	status = smb2_lease_break_ack(tree, &ack);
+	CHECK_STATUS(status, NT_STATUS_REQUEST_NOT_ACCEPTED);
+
+	ack.in.lease.lease_state =
+		SMB2_LEASE_READ | SMB2_LEASE_WRITE;
+	status = smb2_lease_break_ack(tree, &ack);
+	CHECK_STATUS(status, NT_STATUS_REQUEST_NOT_ACCEPTED);
+
+	ack.in.lease.lease_state =
+		SMB2_LEASE_WRITE | SMB2_LEASE_HANDLE;
+	status = smb2_lease_break_ack(tree, &ack);
+	CHECK_STATUS(status, NT_STATUS_REQUEST_NOT_ACCEPTED);
+
+	ack.in.lease.lease_state =
+		SMB2_LEASE_READ | SMB2_LEASE_HANDLE;
+	status = smb2_lease_break_ack(tree, &ack);
+	CHECK_STATUS(status, NT_STATUS_REQUEST_NOT_ACCEPTED);
+
+	ack.in.lease.lease_state = SMB2_LEASE_WRITE;
+	status = smb2_lease_break_ack(tree, &ack);
+	CHECK_STATUS(status, NT_STATUS_REQUEST_NOT_ACCEPTED);
+
+	ack.in.lease.lease_state = SMB2_LEASE_HANDLE;
+	status = smb2_lease_break_ack(tree, &ack);
+	CHECK_STATUS(status, NT_STATUS_REQUEST_NOT_ACCEPTED);
+
+	ack.in.lease.lease_state = SMB2_LEASE_READ;
+	status = smb2_lease_break_ack(tree, &ack);
+	CHECK_STATUS(status, NT_STATUS_REQUEST_NOT_ACCEPTED);
+
+	/* Try again with the correct state this time. */
+	ack.in.lease.lease_state = SMB2_LEASE_NONE;;
+	status = smb2_lease_break_ack(tree, &ack);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_LEASE_BREAK_ACK(&ack, "", LEASE1);
+
+	status = smb2_lease_break_ack(tree, &ack);
+	CHECK_STATUS(status, NT_STATUS_UNSUCCESSFUL);
+
+	torture_assert(tctx, req2->cancel.can_cancel,
+		       "req2 can_cancel");
+
+	status = smb2_create_recv(req2, tctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io2.out.file.handle;
+	CHECK_CREATED(&io2, TRUNCATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io2.out.oplock_level, SMB2_OPLOCK_LEVEL_NONE);
+
+	CHECK_NO_BREAK(tctx);
+
+	/* Get state of the original handle. */
+	smb2_lease_create(&io1, &ls1, false, fname, LEASE1, smb2_util_lease_state(""));
+	status = smb2_create(tree, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_LEASE(&io1, "", true, LEASE1, 0);
+	smb2_util_close(tree, io1.out.file.handle);
+
+done:
+	smb2_util_close(tree, h1a);
+	smb2_util_close(tree, h1b);
+	smb2_util_close(tree, h2);
+	smb2_util_unlink(tree, fname);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool test_lease_breaking3(struct torture_context *tctx,
+				 struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io1 = {};
+	struct smb2_create io2 = {};
+	struct smb2_create io3 = {};
+	struct smb2_lease ls1 = {};
+	struct smb2_handle h1a = {};
+	struct smb2_handle h1b = {};
+	struct smb2_handle h2 = {};
+	struct smb2_handle h3 = {};
+	struct smb2_request *req2 = NULL;
+	struct smb2_request *req3 = NULL;
+	struct lease_break_info lease_break_info_tmp = {};
+	struct smb2_lease_break_ack ack = {};
+	const char *fname = "lease_breaking3.dat";
+	bool ret = true;
+	NTSTATUS status;
+	uint32_t caps;
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	smb2_util_unlink(tree, fname);
+
+	tree->session->transport->lease.handler	= torture_lease_handler;
+	tree->session->transport->lease.private_data = tree;
+	tree->session->transport->oplock.handler = torture_oplock_handler;
+	tree->session->transport->oplock.private_data = tree;
+
+	/*
+	 * we defer acking the lease break.
+	 */
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	lease_break_info.lease_skip_ack = true;
+
+	smb2_lease_create_share(&io1, &ls1, false, fname,
+				smb2_util_share_access("RWD"),
+				LEASE1,
+				smb2_util_lease_state("RWH"));
+	status = smb2_create(tree, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1a = io1.out.file.handle;
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io1, "RWH", true, LEASE1, 0);
+
+	/*
+	 * a conflicting open is blocked until we ack the
+	 * lease break
+	 */
+	smb2_oplock_create(&io2, fname, SMB2_OPLOCK_LEVEL_NONE);
+	req2 = smb2_create_send(tree, &io2);
+	torture_assert(tctx, req2 != NULL, "smb2_create_send");
+
+	/*
+	 * we got the lease break, but defer the ack.
+	 */
+	CHECK_BREAK_INFO("RWH", "RH", LEASE1);
+
+	torture_assert(tctx, req2->state == SMB2_REQUEST_RECV, "req2 pending");
+
+	/*
+	 * a open using the same lease key is still works,
+	 * but reports SMB2_LEASE_FLAG_BREAK_IN_PROGRESS
+	 */
+	status = smb2_create(tree, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1b = io1.out.file.handle;
+	CHECK_CREATED(&io1, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io1, "RWH", true, LEASE1, SMB2_LEASE_FLAG_BREAK_IN_PROGRESS);
+	smb2_util_close(tree, h1b);
+
+	/*
+	 * a conflicting open with NTCREATEX_DISP_OVERWRITE
+	 * doesn't trigger an immediate lease break to none.
+	 */
+	lease_break_info_tmp = lease_break_info;
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	smb2_oplock_create(&io3, fname, SMB2_OPLOCK_LEVEL_NONE);
+	io3.in.create_disposition = NTCREATEX_DISP_OVERWRITE;
+	req3 = smb2_create_send(tree, &io3);
+	torture_assert(tctx, req3 != NULL, "smb2_create_send");
+	CHECK_NO_BREAK(tctx);
+	lease_break_info = lease_break_info_tmp;
+
+	torture_assert(tctx, req3->state == SMB2_REQUEST_RECV, "req3 pending");
+
+	ack.in.lease.lease_key =
+		lease_break_info.lease_break.current_lease.lease_key;
+	ack.in.lease.lease_state =
+		lease_break_info.lease_break.new_lease_state;
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	/*
+	 * a open using the same lease key is still works,
+	 * but reports SMB2_LEASE_FLAG_BREAK_IN_PROGRESS
+	 */
+	status = smb2_create(tree, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1b = io1.out.file.handle;
+	CHECK_CREATED(&io1, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io1, "RWH", true, LEASE1, SMB2_LEASE_FLAG_BREAK_IN_PROGRESS);
+	smb2_util_close(tree, h1b);
+
+	CHECK_NO_BREAK(tctx);
+
+	/*
+	 * We ack the lease break, but defer acking the next break (to "R")
+	 */
+	lease_break_info.lease_skip_ack = true;
+	status = smb2_lease_break_ack(tree, &ack);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_LEASE_BREAK_ACK(&ack, "RH", LEASE1);
+
+	/*
+	 * We got an additional break downgrading to just "R"
+	 * while we defer the ack.
+	 */
+	CHECK_BREAK_INFO("RH", "R", LEASE1);
+
+	ack.in.lease.lease_key =
+		lease_break_info.lease_break.current_lease.lease_key;
+	ack.in.lease.lease_state =
+		lease_break_info.lease_break.new_lease_state;
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	/*
+	 * a open using the same lease key is still works,
+	 * but reports SMB2_LEASE_FLAG_BREAK_IN_PROGRESS
+	 */
+	status = smb2_create(tree, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1b = io1.out.file.handle;
+	CHECK_CREATED(&io1, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io1, "RH", true, LEASE1, SMB2_LEASE_FLAG_BREAK_IN_PROGRESS);
+	smb2_util_close(tree, h1b);
+
+	CHECK_NO_BREAK(tctx);
+
+	torture_assert(tctx, req2->state == SMB2_REQUEST_RECV, "req2 pending");
+	torture_assert(tctx, req3->state == SMB2_REQUEST_RECV, "req3 pending");
+
+	/*
+	 * We ack the downgrade to "R" and get an immediate break to none
+	 */
+	status = smb2_lease_break_ack(tree, &ack);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_LEASE_BREAK_ACK(&ack, "R", LEASE1);
+
+	/*
+	 * We get the downgrade to none.
+	 */
+	CHECK_BREAK_INFO("R", "", LEASE1);
+
+	torture_assert(tctx, req2->cancel.can_cancel,
+		       "req2 can_cancel");
+	torture_assert(tctx, req3->cancel.can_cancel,
+		       "req3 can_cancel");
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	status = smb2_create_recv(req2, tctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io2.out.file.handle;
+	CHECK_CREATED(&io2, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io2.out.oplock_level, SMB2_OPLOCK_LEVEL_NONE);
+
+	status = smb2_create_recv(req3, tctx, &io3);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h3 = io3.out.file.handle;
+	CHECK_CREATED(&io3, TRUNCATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io3.out.oplock_level, SMB2_OPLOCK_LEVEL_NONE);
+
+	CHECK_NO_BREAK(tctx);
+done:
+	smb2_util_close(tree, h1a);
+	smb2_util_close(tree, h1b);
+	smb2_util_close(tree, h2);
+	smb2_util_close(tree, h3);
+
+	smb2_util_unlink(tree, fname);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool test_lease_v2_breaking3(struct torture_context *tctx,
+				 struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io1 = {};
+	struct smb2_create io2 = {};
+	struct smb2_create io3 = {};
+	struct smb2_lease ls1 = {};
+	struct smb2_handle h1a = {};
+	struct smb2_handle h1b = {};
+	struct smb2_handle h2 = {};
+	struct smb2_handle h3 = {};
+	struct smb2_request *req2 = NULL;
+	struct smb2_request *req3 = NULL;
+	struct lease_break_info lease_break_info_tmp = {};
+	struct smb2_lease_break_ack ack = {};
+	const char *fname = "v2_lease_breaking3.dat";
+	bool ret = true;
+	NTSTATUS status;
+	uint32_t caps;
+	enum protocol_types protocol;
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	protocol = smbXcli_conn_protocol(tree->session->transport->conn);
+	if (protocol < PROTOCOL_SMB3_00) {
+		torture_skip(tctx, "v2 leases are not supported");
+	}
+
+	smb2_util_unlink(tree, fname);
+
+	tree->session->transport->lease.handler	= torture_lease_handler;
+	tree->session->transport->lease.private_data = tree;
+	tree->session->transport->oplock.handler = torture_oplock_handler;
+	tree->session->transport->oplock.private_data = tree;
+
+	/*
+	 * we defer acking the lease break.
+	 */
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	lease_break_info.lease_skip_ack = true;
+
+	smb2_lease_v2_create_share(&io1, &ls1, false, fname,
+				   smb2_util_share_access("RWD"),
+				   LEASE1, NULL,
+				   smb2_util_lease_state("RHW"),
+				   0x11);
+	status = smb2_create(tree, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1a = io1.out.file.handle;
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	/* Epoch increases on open. */
+	ls1.lease_epoch += 1;
+	CHECK_LEASE_V2(&io1, "RHW", true, LEASE1, 0, 0, ls1.lease_epoch);
+
+	/*
+	 * a conflicting open is blocked until we ack the
+	 * lease break
+	 */
+	smb2_oplock_create(&io2, fname, SMB2_OPLOCK_LEVEL_NONE);
+	req2 = smb2_create_send(tree, &io2);
+	torture_assert(tctx, req2 != NULL, "smb2_create_send");
+
+	/*
+	 * we got the lease break, but defer the ack.
+	 */
+	CHECK_BREAK_INFO_V2(tree->session->transport,
+			    "RWH", "RH", LEASE1, ls1.lease_epoch + 1);
+
+	torture_assert(tctx, req2->state == SMB2_REQUEST_RECV, "req2 pending");
+
+	/* On receiving a lease break, we must sync the new epoch. */
+	ls1.lease_epoch = lease_break_info.lease_break.new_epoch;
+
+	/*
+	 * a open using the same lease key is still works,
+	 * but reports SMB2_LEASE_FLAG_BREAK_IN_PROGRESS
+	 */
+	status = smb2_create(tree, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1b = io1.out.file.handle;
+	CHECK_CREATED(&io1, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE_V2(&io1, "RHW", true, LEASE1, SMB2_LEASE_FLAG_BREAK_IN_PROGRESS, 0, ls1.lease_epoch);
+	smb2_util_close(tree, h1b);
+
+	/*
+	 * a conflicting open with NTCREATEX_DISP_OVERWRITE
+	 * doesn't trigger an immediate lease break to none.
+	 */
+	lease_break_info_tmp = lease_break_info;
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	smb2_oplock_create(&io3, fname, SMB2_OPLOCK_LEVEL_NONE);
+	io3.in.create_disposition = NTCREATEX_DISP_OVERWRITE;
+	req3 = smb2_create_send(tree, &io3);
+	torture_assert(tctx, req3 != NULL, "smb2_create_send");
+	CHECK_NO_BREAK(tctx);
+	lease_break_info = lease_break_info_tmp;
+
+	torture_assert(tctx, req3->state == SMB2_REQUEST_RECV, "req3 pending");
+
+	ack.in.lease.lease_key =
+		lease_break_info.lease_break.current_lease.lease_key;
+	ack.in.lease.lease_state =
+		lease_break_info.lease_break.new_lease_state;
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	/*
+	 * a open using the same lease key is still works,
+	 * but reports SMB2_LEASE_FLAG_BREAK_IN_PROGRESS
+	 */
+	status = smb2_create(tree, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1b = io1.out.file.handle;
+	CHECK_CREATED(&io1, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE_V2(&io1, "RHW", true, LEASE1, SMB2_LEASE_FLAG_BREAK_IN_PROGRESS, 0, ls1.lease_epoch);
+	smb2_util_close(tree, h1b);
+
+	CHECK_NO_BREAK(tctx);
+
+	/*
+	 * We ack the lease break, but defer acking the next break (to "R")
+	 */
+	lease_break_info.lease_skip_ack = true;
+	status = smb2_lease_break_ack(tree, &ack);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_LEASE_BREAK_ACK(&ack, "RH", LEASE1);
+
+	/*
+	 * We got an additional break downgrading to just "R"
+	 * while we defer the ack.
+	 */
+	CHECK_BREAK_INFO_V2(tree->session->transport,
+			    "RH", "R", LEASE1, ls1.lease_epoch);
+	/* On receiving a lease break, we must sync the new epoch. */
+	ls1.lease_epoch = lease_break_info.lease_break.new_epoch;
+
+	ack.in.lease.lease_key =
+		lease_break_info.lease_break.current_lease.lease_key;
+	ack.in.lease.lease_state =
+		lease_break_info.lease_break.new_lease_state;
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	/*
+	 * a open using the same lease key is still works,
+	 * but reports SMB2_LEASE_FLAG_BREAK_IN_PROGRESS
+	 */
+	status = smb2_create(tree, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1b = io1.out.file.handle;
+	CHECK_CREATED(&io1, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE_V2(&io1, "RH", true, LEASE1, SMB2_LEASE_FLAG_BREAK_IN_PROGRESS, 0, ls1.lease_epoch);
+	smb2_util_close(tree, h1b);
+
+	CHECK_NO_BREAK(tctx);
+
+	torture_assert(tctx, req2->state == SMB2_REQUEST_RECV, "req2 pending");
+	torture_assert(tctx, req3->state == SMB2_REQUEST_RECV, "req3 pending");
+
+	/*
+	 * We ack the downgrade to "R" and get an immediate break to none
+	 */
+	status = smb2_lease_break_ack(tree, &ack);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_LEASE_BREAK_ACK(&ack, "R", LEASE1);
+
+	/*
+	 * We get the downgrade to none.
+	 */
+	CHECK_BREAK_INFO_V2(tree->session->transport,
+			    "R", "", LEASE1, ls1.lease_epoch);
+
+	torture_assert(tctx, req2->cancel.can_cancel,
+		       "req2 can_cancel");
+	torture_assert(tctx, req3->cancel.can_cancel,
+		       "req3 can_cancel");
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	status = smb2_create_recv(req2, tctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io2.out.file.handle;
+	CHECK_CREATED(&io2, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io2.out.oplock_level, SMB2_OPLOCK_LEVEL_NONE);
+
+	status = smb2_create_recv(req3, tctx, &io3);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h3 = io3.out.file.handle;
+	CHECK_CREATED(&io3, TRUNCATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io3.out.oplock_level, SMB2_OPLOCK_LEVEL_NONE);
+
+	CHECK_NO_BREAK(tctx);
+done:
+	smb2_util_close(tree, h1a);
+	smb2_util_close(tree, h1b);
+	smb2_util_close(tree, h2);
+	smb2_util_close(tree, h3);
+
+	smb2_util_unlink(tree, fname);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+
+static bool test_lease_breaking4(struct torture_context *tctx,
+				 struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io1 = {};
+	struct smb2_create io2 = {};
+	struct smb2_create io3 = {};
+	struct smb2_lease ls1 = {};
+	struct smb2_lease ls1t = {};
+	struct smb2_handle h1 = {};
+	struct smb2_handle h2 = {};
+	struct smb2_handle h3 = {};
+	struct smb2_request *req2 = NULL;
+	struct lease_break_info lease_break_info_tmp = {};
+	struct smb2_lease_break_ack ack = {};
+	const char *fname = "lease_breaking4.dat";
+	bool ret = true;
+	NTSTATUS status;
+	uint32_t caps;
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	smb2_util_unlink(tree, fname);
+
+	tree->session->transport->lease.handler	= torture_lease_handler;
+	tree->session->transport->lease.private_data = tree;
+	tree->session->transport->oplock.handler = torture_oplock_handler;
+	tree->session->transport->oplock.private_data = tree;
+
+	/*
+	 * we defer acking the lease break.
+	 */
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	lease_break_info.lease_skip_ack = true;
+
+	smb2_lease_create_share(&io1, &ls1, false, fname,
+				smb2_util_share_access("RWD"),
+				LEASE1,
+				smb2_util_lease_state("RH"));
+	status = smb2_create(tree, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io1.out.file.handle;
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io1, "RH", true, LEASE1, 0);
+
+	CHECK_NO_BREAK(tctx);
+
+	/*
+	 * a conflicting open is *not* blocked until we ack the
+	 * lease break
+	 */
+	smb2_oplock_create(&io2, fname, SMB2_OPLOCK_LEVEL_NONE);
+	io2.in.create_disposition = NTCREATEX_DISP_OVERWRITE;
+	req2 = smb2_create_send(tree, &io2);
+	torture_assert(tctx, req2 != NULL, "smb2_create_send");
+
+	/*
+	 * We got a break from RH to NONE, we're supported to ack
+	 * this downgrade
+	 */
+	CHECK_BREAK_INFO("RH", "", LEASE1);
+
+	lease_break_info_tmp = lease_break_info;
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	CHECK_NO_BREAK(tctx);
+
+	torture_assert(tctx, req2->state == SMB2_REQUEST_DONE, "req2 done");
+
+	status = smb2_create_recv(req2, tctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io2.out.file.handle;
+	CHECK_CREATED(&io2, TRUNCATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io2.out.oplock_level, SMB2_OPLOCK_LEVEL_NONE);
+	smb2_util_close(tree, h2);
+
+	CHECK_NO_BREAK(tctx);
+
+	/*
+	 * a conflicting open is *not* blocked until we ack the
+	 * lease break, even if the lease is in breaking state.
+	 */
+	smb2_oplock_create(&io2, fname, SMB2_OPLOCK_LEVEL_NONE);
+	io2.in.create_disposition = NTCREATEX_DISP_OVERWRITE;
+	req2 = smb2_create_send(tree, &io2);
+	torture_assert(tctx, req2 != NULL, "smb2_create_send");
+
+	CHECK_NO_BREAK(tctx);
+
+	torture_assert(tctx, req2->state == SMB2_REQUEST_DONE, "req2 done");
+
+	status = smb2_create_recv(req2, tctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io2.out.file.handle;
+	CHECK_CREATED(&io2, TRUNCATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io2.out.oplock_level, SMB2_OPLOCK_LEVEL_NONE);
+	smb2_util_close(tree, h2);
+
+	CHECK_NO_BREAK(tctx);
+
+	/*
+	 * We now ask the server about the current lease state
+	 * which should still be "RH", but with
+	 * SMB2_LEASE_FLAG_BREAK_IN_PROGRESS.
+	 */
+	smb2_lease_create_share(&io3, &ls1t, false, fname,
+				smb2_util_share_access("RWD"),
+				LEASE1,
+				smb2_util_lease_state(""));
+	status = smb2_create(tree, mem_ctx, &io3);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h3 = io3.out.file.handle;
+	CHECK_CREATED(&io3, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io3, "RH", true, LEASE1, SMB2_LEASE_FLAG_BREAK_IN_PROGRESS);
+
+	/*
+	 * We finally ack the lease break...
+	 */
+	CHECK_NO_BREAK(tctx);
+	lease_break_info = lease_break_info_tmp;
+	ack.in.lease.lease_key =
+		lease_break_info.lease_break.current_lease.lease_key;
+	ack.in.lease.lease_state =
+		lease_break_info.lease_break.new_lease_state;
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	lease_break_info.lease_skip_ack = true;
+
+	status = smb2_lease_break_ack(tree, &ack);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_LEASE_BREAK_ACK(&ack, "", LEASE1);
+
+	CHECK_NO_BREAK(tctx);
+
+done:
+	smb2_util_close(tree, h1);
+	smb2_util_close(tree, h2);
+	smb2_util_close(tree, h3);
+
+	smb2_util_unlink(tree, fname);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool test_lease_breaking5(struct torture_context *tctx,
+				 struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io1 = {};
+	struct smb2_create io2 = {};
+	struct smb2_create io3 = {};
+	struct smb2_lease ls1 = {};
+	struct smb2_lease ls1t = {};
+	struct smb2_handle h1 = {};
+	struct smb2_handle h2 = {};
+	struct smb2_handle h3 = {};
+	struct smb2_request *req2 = NULL;
+	struct lease_break_info lease_break_info_tmp = {};
+	struct smb2_lease_break_ack ack = {};
+	const char *fname = "lease_breaking5.dat";
+	bool ret = true;
+	NTSTATUS status;
+	uint32_t caps;
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	smb2_util_unlink(tree, fname);
+
+	tree->session->transport->lease.handler	= torture_lease_handler;
+	tree->session->transport->lease.private_data = tree;
+	tree->session->transport->oplock.handler = torture_oplock_handler;
+	tree->session->transport->oplock.private_data = tree;
+
+	/*
+	 * we defer acking the lease break.
+	 */
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	lease_break_info.lease_skip_ack = true;
+
+	smb2_lease_create_share(&io1, &ls1, false, fname,
+				smb2_util_share_access("RWD"),
+				LEASE1,
+				smb2_util_lease_state("R"));
+	status = smb2_create(tree, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io1.out.file.handle;
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io1, "R", true, LEASE1, 0);
+
+	CHECK_NO_BREAK(tctx);
+
+	/*
+	 * a conflicting open is *not* blocked until we ack the
+	 * lease break
+	 */
+	smb2_oplock_create(&io2, fname, SMB2_OPLOCK_LEVEL_NONE);
+	io2.in.create_disposition = NTCREATEX_DISP_OVERWRITE;
+	req2 = smb2_create_send(tree, &io2);
+	torture_assert(tctx, req2 != NULL, "smb2_create_send");
+
+	/*
+	 * We got a break from RH to NONE, we're supported to ack
+	 * this downgrade
+	 */
+	CHECK_BREAK_INFO("R", "", LEASE1);
+
+	lease_break_info_tmp = lease_break_info;
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	CHECK_NO_BREAK(tctx);
+
+	torture_assert(tctx, req2->state == SMB2_REQUEST_DONE, "req2 done");
+
+	status = smb2_create_recv(req2, tctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io2.out.file.handle;
+	CHECK_CREATED(&io2, TRUNCATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io2.out.oplock_level, SMB2_OPLOCK_LEVEL_NONE);
+
+	CHECK_NO_BREAK(tctx);
+
+	/*
+	 * We now ask the server about the current lease state
+	 * which should still be "RH", but with
+	 * SMB2_LEASE_FLAG_BREAK_IN_PROGRESS.
+	 */
+	smb2_lease_create_share(&io3, &ls1t, false, fname,
+				smb2_util_share_access("RWD"),
+				LEASE1,
+				smb2_util_lease_state(""));
+	status = smb2_create(tree, mem_ctx, &io3);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h3 = io3.out.file.handle;
+	CHECK_CREATED(&io3, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io3, "", true, LEASE1, 0);
+
+	/*
+	 * We send an ack without without being asked.
+	 */
+	CHECK_NO_BREAK(tctx);
+	lease_break_info = lease_break_info_tmp;
+	ack.in.lease.lease_key =
+		lease_break_info.lease_break.current_lease.lease_key;
+	ack.in.lease.lease_state =
+		lease_break_info.lease_break.new_lease_state;
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	status = smb2_lease_break_ack(tree, &ack);
+	CHECK_STATUS(status, NT_STATUS_UNSUCCESSFUL);
+
+	CHECK_NO_BREAK(tctx);
+
+done:
+	smb2_util_close(tree, h1);
+	smb2_util_close(tree, h2);
+	smb2_util_close(tree, h3);
+
+	smb2_util_unlink(tree, fname);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool test_lease_breaking6(struct torture_context *tctx,
+				 struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io1 = {};
+	struct smb2_create io2 = {};
+	struct smb2_lease ls1 = {};
+	struct smb2_handle h1a = {};
+	struct smb2_handle h1b = {};
+	struct smb2_handle h2 = {};
+	struct smb2_request *req2 = NULL;
+	struct smb2_lease_break_ack ack = {};
+	const char *fname = "lease_breaking6.dat";
+	bool ret = true;
+	NTSTATUS status;
+	uint32_t caps;
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	smb2_util_unlink(tree, fname);
+
+	tree->session->transport->lease.handler	= torture_lease_handler;
+	tree->session->transport->lease.private_data = tree;
+	tree->session->transport->oplock.handler = torture_oplock_handler;
+	tree->session->transport->oplock.private_data = tree;
+
+	/*
+	 * we defer acking the lease break.
+	 */
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	lease_break_info.lease_skip_ack = true;
+
+	smb2_lease_create_share(&io1, &ls1, false, fname,
+				smb2_util_share_access("RWD"),
+				LEASE1,
+				smb2_util_lease_state("RWH"));
+	status = smb2_create(tree, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1a = io1.out.file.handle;
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io1, "RWH", true, LEASE1, 0);
+
+	/*
+	 * a conflicting open is blocked until we ack the
+	 * lease break
+	 */
+	smb2_oplock_create(&io2, fname, SMB2_OPLOCK_LEVEL_NONE);
+	req2 = smb2_create_send(tree, &io2);
+	torture_assert(tctx, req2 != NULL, "smb2_create_send");
+
+	/*
+	 * we got the lease break, but defer the ack.
+	 */
+	CHECK_BREAK_INFO("RWH", "RH", LEASE1);
+
+	torture_assert(tctx, req2->state == SMB2_REQUEST_RECV, "req2 pending");
+
+	ack.in.lease.lease_key =
+		lease_break_info.lease_break.current_lease.lease_key;
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	/*
+	 * a open using the same lease key is still works,
+	 * but reports SMB2_LEASE_FLAG_BREAK_IN_PROGRESS
+	 */
+	status = smb2_create(tree, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1b = io1.out.file.handle;
+	CHECK_CREATED(&io1, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io1, "RWH", true, LEASE1, SMB2_LEASE_FLAG_BREAK_IN_PROGRESS);
+	smb2_util_close(tree, h1b);
+
+	CHECK_NO_BREAK(tctx);
+
+	torture_assert(tctx, req2->state == SMB2_REQUEST_RECV, "req2 pending");
+
+	/*
+	 * We are asked to break to "RH", but we are allowed to
+	 * break to any of "RH", "R" or NONE.
+	 */
+	ack.in.lease.lease_state = SMB2_LEASE_NONE;
+	status = smb2_lease_break_ack(tree, &ack);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_LEASE_BREAK_ACK(&ack, "", LEASE1);
+
+	torture_assert(tctx, req2->cancel.can_cancel,
+		       "req2 can_cancel");
+
+	status = smb2_create_recv(req2, tctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io2.out.file.handle;
+	CHECK_CREATED(&io2, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io2.out.oplock_level, SMB2_OPLOCK_LEVEL_NONE);
+
+	CHECK_NO_BREAK(tctx);
+done:
+	smb2_util_close(tree, h1a);
+	smb2_util_close(tree, h1b);
+	smb2_util_close(tree, h2);
+	smb2_util_unlink(tree, fname);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool test_lease_lock1(struct torture_context *tctx,
+			     struct smb2_tree *tree1a,
+			     struct smb2_tree *tree2)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io1 = {};
+	struct smb2_create io2 = {};
+	struct smb2_create io3 = {};
+	struct smb2_lease ls1 = {};
+	struct smb2_lease ls2 = {};
+	struct smb2_lease ls3 = {};
+	struct smb2_handle h1 = {};
+	struct smb2_handle h2 = {};
+	struct smb2_handle h3 = {};
+	struct smb2_lock lck;
+	struct smb2_lock_element el[1];
+	const char *fname = "locktest.dat";
+	bool ret = true;
+	NTSTATUS status;
+	uint32_t caps;
+	struct smbcli_options options1;
+	struct smb2_tree *tree1b = NULL;
+
+	options1 = tree1a->session->transport->options;
+
+	caps = smb2cli_conn_server_capabilities(tree1a->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	/* Set up handlers. */
+	tree2->session->transport->lease.handler = torture_lease_handler;
+	tree2->session->transport->lease.private_data = tree2;
+	tree2->session->transport->oplock.handler = torture_oplock_handler;
+	tree2->session->transport->oplock.private_data = tree2;
+
+	tree1a->session->transport->lease.handler = torture_lease_handler;
+	tree1a->session->transport->lease.private_data = tree1a;
+	tree1a->session->transport->oplock.handler = torture_oplock_handler;
+	tree1a->session->transport->oplock.private_data = tree1a;
+
+	/* create a new connection (same client_guid) */
+	if (!torture_smb2_connection_ext(tctx, 0, &options1, &tree1b)) {
+		torture_warning(tctx, "couldn't reconnect, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	tree1b->session->transport->lease.handler = torture_lease_handler;
+	tree1b->session->transport->lease.private_data = tree1b;
+	tree1b->session->transport->oplock.handler = torture_oplock_handler;
+	tree1b->session->transport->oplock.private_data = tree1b;
+
+	smb2_util_unlink(tree1a, fname);
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	ZERO_STRUCT(lck);
+
+	/* Open a handle on tree1a. */
+	smb2_lease_create_share(&io1, &ls1, false, fname,
+				smb2_util_share_access("RWD"),
+				LEASE1,
+				smb2_util_lease_state("RWH"));
+	status = smb2_create(tree1a, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io1.out.file.handle;
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io1, "RWH", true, LEASE1, 0);
+
+	/* Open a second handle on tree1b. */
+	smb2_lease_create_share(&io2, &ls2, false, fname,
+				smb2_util_share_access("RWD"),
+				LEASE2,
+				smb2_util_lease_state("RWH"));
+	status = smb2_create(tree1b, mem_ctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io2.out.file.handle;
+	CHECK_CREATED(&io2, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io2, "RH", true, LEASE2, 0);
+	/* And LEASE1 got broken to RH. */
+	CHECK_BREAK_INFO("RWH", "RH", LEASE1);
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	/* Now open a lease on a different client guid. */
+	smb2_lease_create_share(&io3, &ls3, false, fname,
+				smb2_util_share_access("RWD"),
+				LEASE3,
+				smb2_util_lease_state("RWH"));
+	status = smb2_create(tree2, mem_ctx, &io3);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h3 = io3.out.file.handle;
+	CHECK_CREATED(&io3, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io3, "RH", true, LEASE3, 0);
+	/* Doesn't break. */
+	CHECK_NO_BREAK(tctx);
+
+	lck.in.locks		= el;
+	/*
+	 * Try and get get an exclusive byte
+	 * range lock on H1 (LEASE1).
+	 */
+
+	lck.in.lock_count	= 1;
+	lck.in.lock_sequence	= 1;
+	lck.in.file.handle	= h1;
+	el[0].offset		= 0;
+	el[0].length		= 1;
+	el[0].reserved		= 0;
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE;
+	status = smb2_lock(tree1a, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* LEASE2 and LEASE3 should get broken to NONE. */
+	torture_wait_for_lease_break(tctx);
+	torture_wait_for_lease_break(tctx);
+	torture_wait_for_lease_break(tctx);
+	torture_wait_for_lease_break(tctx);
+
+	CHECK_VAL(lease_break_info.failures, 0);                      \
+	CHECK_VAL(lease_break_info.count, 2);                         \
+
+	/* Get state of the H1 (LEASE1) */
+	smb2_lease_create(&io1, &ls1, false, fname, LEASE1, smb2_util_lease_state(""));
+	status = smb2_create(tree1a, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	/* Should still be RH. */
+	CHECK_LEASE(&io1, "RH", true, LEASE1, 0);
+	smb2_util_close(tree1a, io1.out.file.handle);
+
+	/* Get state of the H2 (LEASE2) */
+	smb2_lease_create(&io2, &ls2, false, fname, LEASE2, smb2_util_lease_state(""));
+	status = smb2_create(tree1b, mem_ctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_LEASE(&io2, "", true, LEASE2, 0);
+	smb2_util_close(tree1b, io2.out.file.handle);
+
+	/* Get state of the H3 (LEASE3) */
+	smb2_lease_create(&io3, &ls3, false, fname, LEASE3, smb2_util_lease_state(""));
+	status = smb2_create(tree2, mem_ctx, &io3);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_LEASE(&io3, "", true, LEASE3, 0);
+	smb2_util_close(tree2, io3.out.file.handle);
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	/*
+	 * Try and get get an exclusive byte
+	 * range lock on H3 (LEASE3).
+	 */
+	lck.in.lock_count	= 1;
+	lck.in.lock_sequence	= 2;
+	lck.in.file.handle	= h3;
+	el[0].offset		= 100;
+	el[0].length		= 1;
+	el[0].reserved		= 0;
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE;
+	status = smb2_lock(tree2, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	/* LEASE1 got broken to NONE. */
+	CHECK_BREAK_INFO("RH", "", LEASE1);
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+done:
+	smb2_util_close(tree1a, h1);
+	smb2_util_close(tree1b, h2);
+	smb2_util_close(tree2, h3);
+
+	smb2_util_unlink(tree1a, fname);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool test_lease_complex1(struct torture_context *tctx,
+				struct smb2_tree *tree1a)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io1;
+	struct smb2_create io2;
+	struct smb2_lease ls1;
+	struct smb2_lease ls2;
+	struct smb2_handle h = {{0}};
+	struct smb2_handle h2 = {{0}};
+	struct smb2_handle h3 = {{0}};
+	struct smb2_write w;
+	NTSTATUS status;
+	const char *fname = "lease_complex1.dat";
+	bool ret = true;
+	uint32_t caps;
+	struct smb2_tree *tree1b = NULL;
+	struct smbcli_options options1;
+
+	options1 = tree1a->session->transport->options;
+
+	caps = smb2cli_conn_server_capabilities(tree1a->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	tree1a->session->transport->lease.handler = torture_lease_handler;
+	tree1a->session->transport->lease.private_data = tree1a;
+	tree1a->session->transport->oplock.handler = torture_oplock_handler;
+	tree1a->session->transport->oplock.private_data = tree1a;
+
+	/* create a new connection (same client_guid) */
+	if (!torture_smb2_connection_ext(tctx, 0, &options1, &tree1b)) {
+		torture_warning(tctx, "couldn't reconnect, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	tree1b->session->transport->lease.handler = torture_lease_handler;
+	tree1b->session->transport->lease.private_data = tree1b;
+	tree1b->session->transport->oplock.handler = torture_oplock_handler;
+	tree1b->session->transport->oplock.private_data = tree1b;
+
+	smb2_util_unlink(tree1a, fname);
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	/* Grab R lease over connection 1a */
+	smb2_lease_create(&io1, &ls1, false, fname, LEASE1, smb2_util_lease_state("R"));
+	status = smb2_create(tree1a, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h = io1.out.file.handle;
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io1, "R", true, LEASE1, 0);
+
+	/* Upgrade to RWH over connection 1b */
+	ls1.lease_state = smb2_util_lease_state("RWH");
+	status = smb2_create(tree1b, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io1.out.file.handle;
+	CHECK_CREATED(&io1, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io1, "RHW", true, LEASE1, 0);
+
+	/* close over connection 1b */
+	status = smb2_util_close(tree1b, h2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Contend with LEASE2. */
+	smb2_lease_create(&io2, &ls2, false, fname, LEASE2, smb2_util_lease_state("R"));
+	status = smb2_create(tree1b, mem_ctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h3 = io2.out.file.handle;
+	CHECK_CREATED(&io2, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io2, "R", true, LEASE2, 0);
+
+	/* Verify that we were only sent one break. */
+	CHECK_BREAK_INFO("RHW", "RH", LEASE1);
+
+	/* again RH over connection 1b doesn't change the epoch */
+	ls1.lease_state = smb2_util_lease_state("RH");
+	status = smb2_create(tree1b, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io1.out.file.handle;
+	CHECK_CREATED(&io1, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io1, "RH", true, LEASE1, 0);
+
+	/* close over connection 1b */
+	status = smb2_util_close(tree1b, h2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	ZERO_STRUCT(w);
+	w.in.file.handle = h;
+	w.in.offset      = 0;
+	w.in.data        = data_blob_talloc(mem_ctx, NULL, 4096);
+	memset(w.in.data.data, 'o', w.in.data.length);
+	status = smb2_write(tree1a, &w);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ls2.lease_epoch += 1;
+	CHECK_BREAK_INFO("R", "", LEASE2);
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	ZERO_STRUCT(w);
+	w.in.file.handle = h3;
+	w.in.offset      = 0;
+	w.in.data        = data_blob_talloc(mem_ctx, NULL, 4096);
+	memset(w.in.data.data, 'o', w.in.data.length);
+	status = smb2_write(tree1b, &w);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ls1.lease_epoch += 1;
+	CHECK_BREAK_INFO("RH", "", LEASE1);
+
+ done:
+	smb2_util_close(tree1a, h);
+	smb2_util_close(tree1b, h2);
+	smb2_util_close(tree1b, h3);
+
+	smb2_util_unlink(tree1a, fname);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+static bool test_lease_v2_complex1(struct torture_context *tctx,
+				   struct smb2_tree *tree1a)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io1;
+	struct smb2_create io2;
+	struct smb2_lease ls1;
+	struct smb2_lease ls2;
+	struct smb2_handle h = {{0}};
+	struct smb2_handle h2 = {{0}};
+	struct smb2_handle h3 = {{0}};
+	struct smb2_write w;
+	NTSTATUS status;
+	const char *fname = "lease_v2_complex1.dat";
+	bool ret = true;
+	uint32_t caps;
+	enum protocol_types protocol;
+	struct smb2_tree *tree1b = NULL;
+	struct smbcli_options options1;
+
+	options1 = tree1a->session->transport->options;
+
+	caps = smb2cli_conn_server_capabilities(tree1a->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	protocol = smbXcli_conn_protocol(tree1a->session->transport->conn);
+	if (protocol < PROTOCOL_SMB3_00) {
+		torture_skip(tctx, "v2 leases are not supported");
+	}
+
+	tree1a->session->transport->lease.handler = torture_lease_handler;
+	tree1a->session->transport->lease.private_data = tree1a;
+	tree1a->session->transport->oplock.handler = torture_oplock_handler;
+	tree1a->session->transport->oplock.private_data = tree1a;
+
+	/* create a new connection (same client_guid) */
+	if (!torture_smb2_connection_ext(tctx, 0, &options1, &tree1b)) {
+		torture_warning(tctx, "couldn't reconnect, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	tree1b->session->transport->lease.handler = torture_lease_handler;
+	tree1b->session->transport->lease.private_data = tree1b;
+	tree1b->session->transport->oplock.handler = torture_oplock_handler;
+	tree1b->session->transport->oplock.private_data = tree1b;
+
+	smb2_util_unlink(tree1a, fname);
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	/* Grab R lease over connection 1a */
+	smb2_lease_v2_create(&io1, &ls1, false, fname, LEASE1, NULL,
+			     smb2_util_lease_state("R"), 0x4711);
+	status = smb2_create(tree1a, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h = io1.out.file.handle;
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	ls1.lease_epoch += 1;
+	CHECK_LEASE_V2(&io1, "R", true, LEASE1,
+		       0, 0, ls1.lease_epoch);
+
+	/* Upgrade to RWH over connection 1b */
+	ls1.lease_state = smb2_util_lease_state("RWH");
+	status = smb2_create(tree1b, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io1.out.file.handle;
+	CHECK_CREATED(&io1, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	ls1.lease_epoch += 1;
+	CHECK_LEASE_V2(&io1, "RHW", true, LEASE1,
+		       0, 0, ls1.lease_epoch);
+
+	/* close over connection 1b */
+	status = smb2_util_close(tree1b, h2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Contend with LEASE2. */
+	smb2_lease_v2_create(&io2, &ls2, false, fname, LEASE2, NULL,
+			     smb2_util_lease_state("R"), 0x11);
+	status = smb2_create(tree1b, mem_ctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h3 = io2.out.file.handle;
+	CHECK_CREATED(&io2, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	ls2.lease_epoch += 1;
+	CHECK_LEASE_V2(&io2, "R", true, LEASE2,
+		       0, 0, ls2.lease_epoch);
+
+	/* Verify that we were only sent one break. */
+	ls1.lease_epoch += 1;
+	CHECK_BREAK_INFO_V2(tree1a->session->transport,
+			    "RHW", "RH", LEASE1, ls1.lease_epoch);
+
+	/* again RH over connection 1b doesn't change the epoch */
+	ls1.lease_state = smb2_util_lease_state("RH");
+	status = smb2_create(tree1b, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io1.out.file.handle;
+	CHECK_CREATED(&io1, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE_V2(&io1, "RH", true, LEASE1,
+		       0, 0, ls1.lease_epoch);
+
+	/* close over connection 1b */
+	status = smb2_util_close(tree1b, h2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	ZERO_STRUCT(w);
+	w.in.file.handle = h;
+	w.in.offset      = 0;
+	w.in.data        = data_blob_talloc(mem_ctx, NULL, 4096);
+	memset(w.in.data.data, 'o', w.in.data.length);
+	status = smb2_write(tree1a, &w);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ls2.lease_epoch += 1;
+	CHECK_BREAK_INFO_V2(tree1a->session->transport,
+			    "R", "", LEASE2, ls2.lease_epoch);
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	ZERO_STRUCT(w);
+	w.in.file.handle = h3;
+	w.in.offset      = 0;
+	w.in.data        = data_blob_talloc(mem_ctx, NULL, 4096);
+	memset(w.in.data.data, 'o', w.in.data.length);
+	status = smb2_write(tree1b, &w);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ls1.lease_epoch += 1;
+	CHECK_BREAK_INFO_V2(tree1a->session->transport,
+			    "RH", "", LEASE1, ls1.lease_epoch);
+
+ done:
+	smb2_util_close(tree1a, h);
+	smb2_util_close(tree1b, h2);
+	smb2_util_close(tree1b, h3);
+
+	smb2_util_unlink(tree1a, fname);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+static bool test_lease_v2_complex2(struct torture_context *tctx,
+				   struct smb2_tree *tree1a)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io1;
+	struct smb2_create io2;
+	struct smb2_lease ls1;
+	struct smb2_lease ls2;
+	struct smb2_handle h = {{0}};
+	struct smb2_handle h2 = {{0}};
+	struct smb2_request *req2 = NULL;
+	struct smb2_lease_break_ack ack = {};
+	NTSTATUS status;
+	const char *fname = "lease_v2_complex2.dat";
+	bool ret = true;
+	uint32_t caps;
+	enum protocol_types protocol;
+	struct smb2_tree *tree1b = NULL;
+	struct smbcli_options options1;
+
+	options1 = tree1a->session->transport->options;
+
+	caps = smb2cli_conn_server_capabilities(tree1a->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	protocol = smbXcli_conn_protocol(tree1a->session->transport->conn);
+	if (protocol < PROTOCOL_SMB3_00) {
+		torture_skip(tctx, "v2 leases are not supported");
+	}
+
+	tree1a->session->transport->lease.handler = torture_lease_handler;
+	tree1a->session->transport->lease.private_data = tree1a;
+	tree1a->session->transport->oplock.handler = torture_oplock_handler;
+	tree1a->session->transport->oplock.private_data = tree1a;
+
+	/* create a new connection (same client_guid) */
+	if (!torture_smb2_connection_ext(tctx, 0, &options1, &tree1b)) {
+		torture_warning(tctx, "couldn't reconnect, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	tree1b->session->transport->lease.handler = torture_lease_handler;
+	tree1b->session->transport->lease.private_data = tree1b;
+	tree1b->session->transport->oplock.handler = torture_oplock_handler;
+	tree1b->session->transport->oplock.private_data = tree1b;
+
+	smb2_util_unlink(tree1a, fname);
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	/* Grab RWH lease over connection 1a */
+	smb2_lease_v2_create(&io1, &ls1, false, fname, LEASE1, NULL,
+			     smb2_util_lease_state("RWH"), 0x4711);
+	status = smb2_create(tree1a, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h = io1.out.file.handle;
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	ls1.lease_epoch += 1;
+	CHECK_LEASE_V2(&io1, "RWH", true, LEASE1,
+		       0, 0, ls1.lease_epoch);
+
+	/*
+	 * we defer acking the lease break.
+	 */
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	lease_break_info.lease_skip_ack = true;
+
+	/* Ask for RWH on connection 1b, different lease. */
+	smb2_lease_v2_create(&io2, &ls2, false, fname, LEASE2, NULL,
+			     smb2_util_lease_state("RWH"), 0x11);
+	req2 = smb2_create_send(tree1b, &io2);
+	torture_assert(tctx, req2 != NULL, "smb2_create_send");
+
+	ls1.lease_epoch += 1;
+
+	CHECK_BREAK_INFO_V2(tree1a->session->transport,
+			    "RWH", "RH", LEASE1, ls1.lease_epoch);
+
+	/* Send the break ACK on tree1b. */
+	ack.in.lease.lease_key =
+		lease_break_info.lease_break.current_lease.lease_key;
+	ack.in.lease.lease_state = SMB2_LEASE_HANDLE|SMB2_LEASE_READ;
+
+	status = smb2_lease_break_ack(tree1b, &ack);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_LEASE_BREAK_ACK(&ack, "RH", LEASE1);
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	status = smb2_create_recv(req2, tctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATED(&io2, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE_V2(&io2, "RH", true, LEASE2,
+		       0, 0, ls2.lease_epoch+1);
+	h2 = io2.out.file.handle;
+
+ done:
+	smb2_util_close(tree1a, h);
+	smb2_util_close(tree1b, h2);
+
+	smb2_util_unlink(tree1a, fname);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+
+static bool test_lease_timeout(struct torture_context *tctx,
+                               struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io;
+	struct smb2_lease ls1;
+	struct smb2_lease ls2;
+	struct smb2_handle h = {{0}};
+	struct smb2_handle hnew = {{0}};
+	struct smb2_handle h1b = {{0}};
+	NTSTATUS status;
+	const char *fname = "lease_timeout.dat";
+	bool ret = true;
+	struct smb2_lease_break_ack ack = {};
+	struct smb2_request *req2 = NULL;
+	struct smb2_write w;
+	uint32_t caps;
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	smb2_util_unlink(tree, fname);
+
+	/* Grab a RWH lease. */
+	smb2_lease_create(&io, &ls1, false, fname, LEASE1, smb2_util_lease_state("RWH"));
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io, "RWH", true, LEASE1, 0);
+	h = io.out.file.handle;
+
+	tree->session->transport->lease.handler	= torture_lease_handler;
+	tree->session->transport->lease.private_data = tree;
+	tree->session->transport->oplock.handler = torture_oplock_handler;
+	tree->session->transport->oplock.private_data = tree;
+
+	/*
+	 * Just don't ack the lease break.
+	 */
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	lease_break_info.lease_skip_ack = true;
+
+	/* Break with a RWH request. */
+	smb2_lease_create(&io, &ls2, false, fname, LEASE2, smb2_util_lease_state("RWH"));
+	req2 = smb2_create_send(tree, &io);
+	torture_assert(tctx, req2 != NULL, "smb2_create_send");
+	torture_assert(tctx, req2->state == SMB2_REQUEST_RECV, "req2 pending");
+
+	CHECK_BREAK_INFO("RWH", "RH", LEASE1);
+
+	/* Copy the break request. */
+	ack.in.lease.lease_key =
+		lease_break_info.lease_break.current_lease.lease_key;
+	ack.in.lease.lease_state =
+		lease_break_info.lease_break.new_lease_state;
+
+	/* Now wait for the timeout and get the reply. */
+	status = smb2_create_recv(req2, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io, "RH", true, LEASE2, 0);
+	hnew = io.out.file.handle;
+
+	/* Ack the break after the timeout... */
+	status = smb2_lease_break_ack(tree, &ack);
+	CHECK_STATUS(status, NT_STATUS_UNSUCCESSFUL);
+
+	/* Get state of the original handle. */
+	smb2_lease_create(&io, &ls1, false, fname, LEASE1, smb2_util_lease_state(""));
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_LEASE(&io, "", true, LEASE1, 0);
+	smb2_util_close(tree, io.out.file.handle);
+
+	/* Write on the original handle and make sure it's still valid. */
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	ZERO_STRUCT(w);
+	w.in.file.handle = h;
+	w.in.offset      = 0;
+	w.in.data        = data_blob_talloc(mem_ctx, NULL, 4096);
+	memset(w.in.data.data, '1', w.in.data.length);
+	status = smb2_write(tree, &w);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Causes new handle to break to NONE. */
+	CHECK_BREAK_INFO("RH", "", LEASE2);
+
+	/* Write on the new handle. */
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	ZERO_STRUCT(w);
+	w.in.file.handle = hnew;
+	w.in.offset      = 0;
+	w.in.data        = data_blob_talloc(mem_ctx, NULL, 1024);
+	memset(w.in.data.data, '2', w.in.data.length);
+	status = smb2_write(tree, &w);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	/* No break - original handle was already NONE. */
+	CHECK_NO_BREAK(tctx);
+	smb2_util_close(tree, hnew);
+
+	/* Upgrade to R on LEASE1. */
+	smb2_lease_create(&io, &ls1, false, fname, LEASE1, smb2_util_lease_state("R"));
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_LEASE(&io, "R", true, LEASE1, 0);
+	h1b = io.out.file.handle;
+	smb2_util_close(tree, h1b);
+
+	/* Upgrade to RWH on LEASE1. */
+	smb2_lease_create(&io, &ls1, false, fname, LEASE1, smb2_util_lease_state("RWH"));
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_LEASE(&io, "RWH", true, LEASE1, 0);
+	h1b = io.out.file.handle;
+	smb2_util_close(tree, h1b);
+
+ done:
+	smb2_util_close(tree, h);
+	smb2_util_close(tree, hnew);
+	smb2_util_close(tree, h1b);
+
+	smb2_util_unlink(tree, fname);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+static bool test_lease_rename_wait(struct torture_context *tctx,
+                               struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io;
+	struct smb2_lease ls1;
+	struct smb2_lease ls2;
+	struct smb2_lease ls3;
+	struct smb2_handle h1 = {{0}};
+	struct smb2_handle h2 = {{0}};
+	struct smb2_handle h3 = {{0}};
+	union smb_setfileinfo sinfo;
+	NTSTATUS status;
+	const char *fname_src = "lease_rename_src.dat";
+	const char *fname_dst = "lease_rename_dst.dat";
+	bool ret = true;
+	struct smb2_lease_break_ack ack = {};
+	struct smb2_request *rename_req = NULL;
+	uint32_t caps;
+	unsigned int i;
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	smb2_util_unlink(tree, fname_src);
+	smb2_util_unlink(tree, fname_dst);
+
+	/* Short timeout for fails. */
+	tree->session->transport->options.request_timeout = 15;
+
+	/* Grab a RH lease. */
+	smb2_lease_create(&io,
+			&ls1,
+			false,
+			fname_src,
+			LEASE1,
+			smb2_util_lease_state("RH"));
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io, "RH", true, LEASE1, 0);
+	h1 = io.out.file.handle;
+
+	/* Second open with a RH lease. */
+	smb2_lease_create(&io,
+			&ls2,
+			false,
+			fname_src,
+			LEASE2,
+			smb2_util_lease_state("RH"));
+	io.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.in.desired_access = GENERIC_READ_ACCESS;
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io, "RH", true, LEASE2, 0);
+	h2 = io.out.file.handle;
+
+	/*
+	 * Don't ack a lease break.
+	 */
+	tree->session->transport->lease.handler	= torture_lease_handler;
+	tree->session->transport->lease.private_data = tree;
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	lease_break_info.lease_skip_ack = true;
+
+	/* Break with a rename. */
+	ZERO_STRUCT(sinfo);
+	sinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sinfo.rename_information.in.file.handle = h1;
+	sinfo.rename_information.in.overwrite = true;
+	sinfo.rename_information.in.new_name = fname_dst;
+	rename_req = smb2_setinfo_file_send(tree, &sinfo);
+
+	torture_assert(tctx,
+			rename_req != NULL,
+			"smb2_setinfo_file_send");
+	torture_assert(tctx,
+			rename_req->state == SMB2_REQUEST_RECV,
+			"rename pending");
+
+	/* Try and open the destination with a RH lease. */
+	smb2_lease_create(&io,
+			&ls3,
+			false,
+			fname_dst,
+			LEASE3,
+			smb2_util_lease_state("RH"));
+	/* We want to open, not create. */
+	io.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.in.desired_access = GENERIC_READ_ACCESS;
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	/*
+	 * The smb2_create() I/O should have picked up the break request
+	 * caused by the pending rename.
+	 */
+
+	/* Copy the break request. */
+	ack.in.lease.lease_key =
+		lease_break_info.lease_break.current_lease.lease_key;
+	ack.in.lease.lease_state =
+		lease_break_info.lease_break.new_lease_state;
+
+	/*
+	 * Give the server 3 more chances to have renamed
+	 * the file. Better than doing a sleep.
+	 */
+	for (i = 0; i < 3; i++) {
+		status = smb2_create(tree, mem_ctx, &io);
+		CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+	}
+
+	/* Ack the break. The server is now free to rename. */
+	status = smb2_lease_break_ack(tree, &ack);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Get the rename reply. */
+	status = smb2_setinfo_recv(rename_req);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* The target should now exist. */
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h3 = io.out.file.handle;
+
+ done:
+	smb2_util_close(tree, h1);
+	smb2_util_close(tree, h2);
+	smb2_util_close(tree, h3);
+
+	smb2_util_unlink(tree, fname_src);
+	smb2_util_unlink(tree, fname_dst);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+static bool test_lease_v2_rename(struct torture_context *tctx,
+				 struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io;
+	struct smb2_lease ls1;
+	struct smb2_lease ls2;
+	struct smb2_handle h = {{0}};
+	struct smb2_handle h1 = {{0}};
+	struct smb2_handle h2 = {{0}};
+	union smb_setfileinfo sinfo;
+	const char *fname = "lease_v2_rename_src.dat";
+	const char *fname_dst = "lease_v2_rename_dst.dat";
+	bool ret = true;
+	NTSTATUS status;
+	uint32_t caps;
+	enum protocol_types protocol;
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	protocol = smbXcli_conn_protocol(tree->session->transport->conn);
+	if (protocol < PROTOCOL_SMB3_00) {
+		torture_skip(tctx, "v2 leases are not supported");
+	}
+
+	smb2_util_unlink(tree, fname);
+	smb2_util_unlink(tree, fname_dst);
+
+	tree->session->transport->lease.handler	= torture_lease_handler;
+	tree->session->transport->lease.private_data = tree;
+	tree->session->transport->oplock.handler = torture_oplock_handler;
+	tree->session->transport->oplock.private_data = tree;
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	ZERO_STRUCT(io);
+	smb2_lease_v2_create_share(&io, &ls1, false, fname,
+				   smb2_util_share_access("RWD"),
+				   LEASE1, NULL,
+				   smb2_util_lease_state("RHW"),
+				   0x4711);
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h = io.out.file.handle;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	ls1.lease_epoch += 1;
+	CHECK_LEASE_V2(&io, "RHW", true, LEASE1, 0, 0, ls1.lease_epoch);
+
+	/* Now rename - what happens ? */
+        ZERO_STRUCT(sinfo);
+	sinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sinfo.rename_information.in.file.handle = h;
+	sinfo.rename_information.in.overwrite = true;
+	sinfo.rename_information.in.new_name = fname_dst;
+	status = smb2_setinfo_file(tree, &sinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* No lease break. */
+	CHECK_NO_BREAK(tctx);
+
+	/* Check we can open another handle on the new name. */
+	smb2_lease_v2_create_share(&io, &ls1, false, fname_dst,
+				   smb2_util_share_access("RWD"),
+				   LEASE1, NULL,
+				   smb2_util_lease_state(""),
+				   ls1.lease_epoch);
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.out.file.handle;
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE_V2(&io, "RHW", true, LEASE1, 0, 0, ls1.lease_epoch);
+	smb2_util_close(tree, h1);
+
+	/* Try another lease key. */
+	smb2_lease_v2_create_share(&io, &ls2, false, fname_dst,
+				   smb2_util_share_access("RWD"),
+				   LEASE2, NULL,
+				   smb2_util_lease_state("RWH"),
+				   0x44);
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io.out.file.handle;
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	ls2.lease_epoch += 1;
+	CHECK_LEASE_V2(&io, "RH", true, LEASE2, 0, 0, ls2.lease_epoch );
+	CHECK_BREAK_INFO_V2(tree->session->transport,
+			    "RWH", "RH", LEASE1, ls1.lease_epoch + 1);
+	ls1.lease_epoch += 1;
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	/* Now rename back. */
+	ZERO_STRUCT(sinfo);
+	sinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sinfo.rename_information.in.file.handle = h;
+	sinfo.rename_information.in.overwrite = true;
+	sinfo.rename_information.in.new_name = fname;
+	status = smb2_setinfo_file(tree, &sinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Breaks to R on LEASE2. */
+	CHECK_BREAK_INFO_V2(tree->session->transport,
+			    "RH", "R", LEASE2, ls2.lease_epoch + 1);
+	ls2.lease_epoch += 1;
+
+	/* Check we can open another handle on the current name. */
+	smb2_lease_v2_create_share(&io, &ls1, false, fname,
+				   smb2_util_share_access("RWD"),
+				   LEASE1, NULL,
+				   smb2_util_lease_state(""),
+				   ls1.lease_epoch);
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.out.file.handle;
+	CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE_V2(&io, "RH", true, LEASE1, 0, 0, ls1.lease_epoch);
+	smb2_util_close(tree, h1);
+
+done:
+
+	smb2_util_close(tree, h);
+	smb2_util_close(tree, h1);
+	smb2_util_close(tree, h2);
+
+	smb2_util_unlink(tree, fname);
+	smb2_util_unlink(tree, fname_dst);
+
+	smb2_util_unlink(tree, fname);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+
+static bool test_lease_dynamic_share(struct torture_context *tctx,
+				   struct smb2_tree *tree1a)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io;
+	struct smb2_lease ls1;
+	struct smb2_handle h, h1, h2;
+	struct smb2_write w;
+	NTSTATUS status;
+	const char *fname = "dynamic_path.dat";
+	bool ret = true;
+	uint32_t caps;
+	struct smb2_tree *tree_2 = NULL;
+	struct smb2_tree *tree_3 = NULL;
+	struct smbcli_options options;
+	const char *orig_share = NULL;
+
+	if (!TARGET_IS_SAMBA3(tctx)) {
+		torture_skip(tctx, "dynamic shares are not supported");
+		return true;
+	}
+
+	options = tree1a->session->transport->options;
+	options.client_guid = GUID_random();
+
+	caps = smb2cli_conn_server_capabilities(tree1a->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	/*
+	 * Save off original share name and change it to dynamic_share.
+	 * This must have been pre-created with a dynamic path containing
+	 * %t. It means we'll sleep between the connects in order to
+	 * get a different timestamp for the share path.
+	 */
+
+	orig_share = lpcfg_parm_string(tctx->lp_ctx, NULL, "torture", "share");
+	orig_share = talloc_strdup(tctx->lp_ctx, orig_share);
+	if (orig_share == NULL) {
+		torture_result(tctx, TORTURE_FAIL, __location__ "no memory\n");
+                ret = false;
+                goto done;
+	}
+	lpcfg_set_cmdline(tctx->lp_ctx, "torture:share", "dynamic_share");
+
+	/* create a new connection (same client_guid) */
+	sleep(2);
+	if (!torture_smb2_connection_ext(tctx, 0, &options, &tree_2)) {
+		torture_result(tctx,  TORTURE_FAIL,
+			__location__ "couldn't reconnect "
+			"max protocol 2.1, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	tree_2->session->transport->lease.handler = torture_lease_handler;
+	tree_2->session->transport->lease.private_data = tree_2;
+	tree_2->session->transport->oplock.handler = torture_oplock_handler;
+	tree_2->session->transport->oplock.private_data = tree_2;
+
+	smb2_util_unlink(tree_2, fname);
+
+	/* create a new connection (same client_guid) */
+	sleep(2);
+	if (!torture_smb2_connection_ext(tctx, 0, &options, &tree_3)) {
+		torture_result(tctx,  TORTURE_FAIL,
+			__location__ "couldn't reconnect "
+			"max protocol 3.0, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	tree_3->session->transport->lease.handler = torture_lease_handler;
+	tree_3->session->transport->lease.private_data = tree_3;
+	tree_3->session->transport->oplock.handler = torture_oplock_handler;
+	tree_3->session->transport->oplock.private_data = tree_3;
+
+	smb2_util_unlink(tree_3, fname);
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	/* Get RWH lease over connection 2 */
+	smb2_lease_create(&io, &ls1, false, fname, LEASE1, smb2_util_lease_state("RWH"));
+	status = smb2_create(tree_2, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io, "RWH", true, LEASE1, 0);
+	h = io.out.file.handle;
+
+	/* Write some data into it. */
+	w.in.file.handle = h;
+	w.in.offset      = 0;
+	w.in.data        = data_blob_talloc(mem_ctx, NULL, 4096);
+	memset(w.in.data.data, '1', w.in.data.length);
+	status = smb2_write(tree_2, &w);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Open the same name over connection 3. */
+	smb2_lease_create(&io, &ls1, false, fname, LEASE1, smb2_util_lease_state("RWH"));
+	status = smb2_create(tree_3, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.out.file.handle;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+
+	/* h1 should have replied with NONE. */
+	CHECK_LEASE(&io, "", true, LEASE1, 0);
+
+	/* We should have broken h to NONE. */
+	CHECK_BREAK_INFO("RWH", "", LEASE1);
+
+	/* Try to upgrade to RWH over connection 2 */
+	smb2_lease_create(&io, &ls1, false, fname, LEASE1, smb2_util_lease_state("RWH"));
+	status = smb2_create(tree_2, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io.out.file.handle;
+	CHECK_VAL(io.out.create_action, NTCREATEX_ACTION_EXISTED);
+	CHECK_VAL(io.out.size, 4096);
+	CHECK_VAL(io.out.file_attr, FILE_ATTRIBUTE_ARCHIVE);
+	/* Should have been denied. */
+	CHECK_LEASE(&io, "", true, LEASE1, 0);
+	smb2_util_close(tree_2, h2);
+
+	/* Try to upgrade to RWH over connection 3 */
+	smb2_lease_create(&io, &ls1, false, fname, LEASE1, smb2_util_lease_state("RWH"));
+	status = smb2_create(tree_3, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io.out.file.handle;
+	CHECK_VAL(io.out.create_action, NTCREATEX_ACTION_EXISTED);
+	CHECK_VAL(io.out.size, 0);
+	CHECK_VAL(io.out.file_attr, FILE_ATTRIBUTE_ARCHIVE);
+	/* Should have been denied. */
+	CHECK_LEASE(&io, "", true, LEASE1, 0);
+	smb2_util_close(tree_3, h2);
+
+	/* Write some data into it. */
+	w.in.file.handle = h1;
+	w.in.offset      = 0;
+	w.in.data        = data_blob_talloc(mem_ctx, NULL, 1024);
+	memset(w.in.data.data, '2', w.in.data.length);
+	status = smb2_write(tree_3, &w);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Close everything.. */
+	smb2_util_close(tree_2, h);
+	smb2_util_close(tree_3, h1);
+
+	/* And ensure we can get a lease ! */
+	smb2_lease_create(&io, &ls1, false, fname, LEASE1, smb2_util_lease_state("RWH"));
+	status = smb2_create(tree_2, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(io.out.create_action, NTCREATEX_ACTION_EXISTED);
+	CHECK_VAL(io.out.file_attr, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io, "RWH", true, LEASE1, 0);
+	h = io.out.file.handle;
+	/* And the file is the right size. */
+	CHECK_VAL(io.out.size, 4096);				\
+	/* Close it. */
+	smb2_util_close(tree_2, h);
+
+	/* And ensure we can get a lease ! */
+	smb2_lease_create(&io, &ls1, false, fname, LEASE1, smb2_util_lease_state("RWH"));
+	status = smb2_create(tree_3, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(io.out.create_action, NTCREATEX_ACTION_EXISTED);
+	CHECK_VAL(io.out.file_attr, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io, "RWH", true, LEASE1, 0);
+	h = io.out.file.handle;
+	/* And the file is the right size. */
+	CHECK_VAL(io.out.size, 1024);				\
+	/* Close it. */
+	smb2_util_close(tree_3, h);
+
+ done:
+
+	if (tree_2 != NULL) {
+		smb2_util_close(tree_2, h);
+		smb2_util_unlink(tree_2, fname);
+	}
+	if (tree_3 != NULL) {
+		smb2_util_close(tree_3, h1);
+		smb2_util_close(tree_3, h2);
+
+		smb2_util_unlink(tree_3, fname);
+	}
+
+	/* Set sharename back. */
+	lpcfg_set_cmdline(tctx->lp_ctx, "torture:share", orig_share);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/*
+ * Test identifies a bug where the Samba server will not trigger a lease break
+ * for a handle caching lease held by a client when the underlying file is
+ * deleted.
+ * Test:
+ * 	Connect session2.
+ * 	open file in session1
+ * 		session1 should have RWH lease.
+ * 	open file in session2
+ * 		lease break sent to session1 to downgrade lease to RH
+ * 	close file in session 2
+ * 	unlink file in session 2
+ * 		lease break sent to session1 to downgrade lease to R
+ * 	Cleanup
+ */
+static bool test_lease_unlink(struct torture_context *tctx,
+			      struct smb2_tree *tree1)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	NTSTATUS status;
+	bool ret = true;
+	struct smbcli_options transport2_options;
+	struct smb2_tree *tree2 = NULL;
+	struct smb2_transport *transport1 = tree1->session->transport;
+	struct smb2_transport *transport2;
+	struct smb2_handle h1 = {{ 0 }};
+	struct smb2_handle h2 = {{ 0 }};
+	const char *fname = "lease_unlink.dat";
+	uint32_t caps;
+	struct smb2_create io1;
+	struct smb2_create io2;
+	struct smb2_lease ls1;
+	struct smb2_lease ls2;
+
+	caps = smb2cli_conn_server_capabilities(
+			tree1->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	/* Connect 2nd connection */
+	transport2_options = transport1->options;
+	transport2_options.client_guid = GUID_random();
+	if (!torture_smb2_connection_ext(tctx, 0, &transport2_options, &tree2)) {
+		torture_warning(tctx, "couldn't reconnect, bailing\n");
+		return false;
+	}
+	transport2 = tree2->session->transport;
+
+	/* Set lease handlers */
+	transport1->lease.handler = torture_lease_handler;
+	transport1->lease.private_data = tree1;
+	transport2->lease.handler = torture_lease_handler;
+	transport2->lease.private_data = tree2;
+
+
+	smb2_lease_create(&io1, &ls1, false, fname, LEASE1,
+				smb2_util_lease_state("RHW"));
+	smb2_lease_create(&io2, &ls2, false, fname, LEASE2,
+				smb2_util_lease_state("RHW"));
+
+	smb2_util_unlink(tree1, fname);
+
+	torture_comment(tctx, "Client opens fname with session 1\n");
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	status = smb2_create(tree1, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io1.out.file.handle;
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io1, "RHW", true, LEASE1, 0);
+	CHECK_VAL(lease_break_info.count, 0);
+
+	torture_comment(tctx, "Client opens fname with session 2\n");
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	status = smb2_create(tree2, mem_ctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io2.out.file.handle;
+	CHECK_CREATED(&io2, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io2, "RH", true, LEASE2, 0);
+	CHECK_VAL(lease_break_info.count, 1);
+	CHECK_BREAK_INFO("RHW", "RH", LEASE1);
+
+	torture_comment(tctx,
+		"Client closes and then unlinks fname with session 2\n");
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	smb2_util_close(tree2, h2);
+	smb2_util_unlink(tree2, fname);
+	CHECK_VAL(lease_break_info.count, 1);
+	CHECK_BREAK_INFO("RH", "R", LEASE1);
+
+done:
+	smb2_util_close(tree1, h1);
+	smb2_util_close(tree2, h2);
+	smb2_util_unlink(tree1, fname);
+
+	return ret;
+}
+
+static bool test_lease_timeout_disconnect(struct torture_context *tctx,
+					  struct smb2_tree *tree1)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	NTSTATUS status;
+	bool ret = true;
+	struct smbcli_options transport2_options;
+	struct smbcli_options transport3_options;
+	struct smb2_tree *tree2 = NULL;
+	struct smb2_tree *tree3 = NULL;
+	struct smb2_transport *transport1 = tree1->session->transport;
+	struct smb2_transport *transport2;
+	struct smb2_transport *transport3;
+	const char *fname = "lease_timeout_logoff.dat" ;
+	uint32_t caps;
+	struct smb2_create io1;
+	struct smb2_create io2;
+	struct smb2_request *req2 = NULL;
+	struct smb2_lease ls1;
+
+	caps = smb2cli_conn_server_capabilities(
+			tree1->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	smb2_util_unlink(tree1, fname);
+
+	/* Connect 2nd connection */
+	torture_comment(tctx, "connect tree2 with the same client_guid\n");
+	transport2_options = transport1->options;
+	if (!torture_smb2_connection_ext(tctx, 0, &transport2_options, &tree2)) {
+		torture_warning(tctx, "couldn't reconnect, bailing\n");
+		return false;
+	}
+	transport2 = tree2->session->transport;
+
+	/* Connect 3rd connection */
+	torture_comment(tctx, "connect tree3 with the same client_guid\n");
+	transport3_options = transport1->options;
+	if (!torture_smb2_connection_ext(tctx, 0, &transport3_options, &tree3)) {
+		torture_warning(tctx, "couldn't reconnect, bailing\n");
+		return false;
+	}
+	transport3 = tree3->session->transport;
+
+	/* Set lease handlers */
+	transport1->lease.handler = torture_lease_handler;
+	transport1->lease.private_data = tree1;
+	transport2->lease.handler = torture_lease_handler;
+	transport2->lease.private_data = tree2;
+	transport3->lease.handler = torture_lease_handler;
+	transport3->lease.private_data = tree3;
+
+	smb2_lease_create_share(&io1, &ls1, false, fname,
+				smb2_util_share_access(""),
+				LEASE1,
+				smb2_util_lease_state("RH"));
+	io1.in.durable_open = true;
+	smb2_generic_create(&io2, NULL, false, fname,
+			    NTCREATEX_DISP_OPEN_IF,
+			    SMB2_OPLOCK_LEVEL_NONE, 0, 0);
+
+	torture_comment(tctx, "tree1: create file[%s] with durable RH lease (SHARE NONE)\n", fname);
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	lease_break_info.lease_skip_ack = true;
+	status = smb2_create(tree1, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io1, "RH", true, LEASE1, 0);
+	CHECK_VAL(lease_break_info.count, 0);
+
+	torture_comment(tctx, "tree1: skip lease acks\n");
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	lease_break_info.lease_skip_ack = true;
+	torture_comment(tctx, "tree2: open file[%s] without lease (SHARE RWD)\n", fname);
+	req2 = smb2_create_send(tree2, &io2);
+	torture_assert(tctx, req2 != NULL, "req2 started");
+
+	torture_comment(tctx, "tree1: wait for lease break\n");
+	torture_wait_for_lease_break(tctx);
+	CHECK_VAL(lease_break_info.count, 1);
+	CHECK_BREAK_INFO("RH", "R", LEASE1);
+
+	torture_comment(tctx, "tree1: reset lease handler\n");
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	lease_break_info.lease_skip_ack = true;
+	CHECK_VAL(lease_break_info.count, 0);
+
+	torture_comment(tctx, "tree2: check for SMB2_REQUEST_RECV\n");
+	torture_assert_int_equal(tctx, req2->state,
+				 SMB2_REQUEST_RECV,
+				 "SMB2_REQUEST_RECV");
+
+	torture_comment(tctx, "sleep 1\n");
+	smb_msleep(1000);
+
+	torture_comment(tctx, "transport1: keepalive\n");
+	status = smb2_keepalive(transport1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "transport2: keepalive\n");
+	status = smb2_keepalive(transport2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "transport3: keepalive\n");
+	status = smb2_keepalive(transport3);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "tree2: check for SMB2_REQUEST_RECV\n");
+	torture_assert_int_equal(tctx, req2->state,
+				 SMB2_REQUEST_RECV,
+				 "SMB2_REQUEST_RECV");
+	torture_comment(tctx, "tree2: check for STATUS_PENDING\n");
+	torture_assert(tctx, req2->cancel.can_cancel, "STATUS_PENDING");
+
+	torture_comment(tctx, "sleep 1\n");
+	smb_msleep(1000);
+	torture_comment(tctx, "transport1: keepalive\n");
+	status = smb2_keepalive(transport1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	torture_comment(tctx, "transport2: disconnect\n");
+	TALLOC_FREE(tree2);
+
+	torture_comment(tctx, "sleep 1\n");
+	smb_msleep(1000);
+	torture_comment(tctx, "transport1: keepalive\n");
+	status = smb2_keepalive(transport1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	torture_comment(tctx, "transport1: disconnect\n");
+	TALLOC_FREE(tree1);
+
+	torture_comment(tctx, "sleep 1\n");
+	smb_msleep(1000);
+	torture_comment(tctx, "transport3: keepalive\n");
+	status = smb2_keepalive(transport3);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	torture_comment(tctx, "transport3: disconnect\n");
+	TALLOC_FREE(tree3);
+
+done:
+
+	return ret;
+}
+
+static bool test_lease_duplicate_create(struct torture_context *tctx,
+				   struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io;
+	struct smb2_lease ls;
+	struct smb2_handle h1 = {{0}};
+	struct smb2_handle h2 = {{0}};
+	NTSTATUS status;
+	const char *fname1 = "duplicate_create1.dat";
+	const char *fname2 = "duplicate_create2.dat";
+	bool ret = true;
+	uint32_t caps;
+
+	caps = smb2cli_conn_server_capabilities(
+		tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	/* Ensure files don't exist. */
+	smb2_util_unlink(tree, fname1);
+	smb2_util_unlink(tree, fname2);
+
+	/* Create file1 - LEASE1 key. */
+	smb2_lease_create(&io, &ls, false, fname1, LEASE1,
+			  smb2_util_lease_state("RWH"));
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.out.file.handle;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io, "RWH", true, LEASE1, 0);
+
+	/*
+	 * Create file2 with the same LEASE1 key - this should fail with.
+	 * INVALID_PARAMETER.
+	 */
+	smb2_lease_create(&io, &ls, false, fname2, LEASE1,
+			  smb2_util_lease_state("RWH"));
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+	smb2_util_close(tree, h1);
+
+done:
+	smb2_util_close(tree, h2);
+	smb2_util_close(tree, h1);
+	smb2_util_unlink(tree, fname1);
+	smb2_util_unlink(tree, fname2);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool test_lease_duplicate_open(struct torture_context *tctx,
+				   struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io;
+	struct smb2_lease ls;
+	struct smb2_handle h1 = {{0}};
+	struct smb2_handle h2 = {{0}};
+	NTSTATUS status;
+	const char *fname1 = "duplicate_open1.dat";
+	const char *fname2 = "duplicate_open2.dat";
+	bool ret = true;
+	uint32_t caps;
+
+	caps = smb2cli_conn_server_capabilities(
+		tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	/* Ensure files don't exist. */
+	smb2_util_unlink(tree, fname1);
+	smb2_util_unlink(tree, fname2);
+
+	/* Create file1 - LEASE1 key. */
+	smb2_lease_create(&io, &ls, false, fname1, LEASE1,
+			  smb2_util_lease_state("RWH"));
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.out.file.handle;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io, "RWH", true, LEASE1, 0);
+
+	/* Leave file1 open and leased. */
+
+	/* Create file2 - no lease. */
+	smb2_lease_create(&io, NULL, false, fname2, 0,
+			  smb2_util_lease_state("RWH"));
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io.out.file.handle;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	/* Close it. */
+	smb2_util_close(tree, h2);
+
+	/*
+	 * Try and open file2 with the same LEASE1 key - this should fail with.
+	 * INVALID_PARAMETER.
+	 */
+	smb2_lease_create(&io, &ls, false, fname2, LEASE1,
+			  smb2_util_lease_state("RWH"));
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+	/*
+	 * If we did open this is an error, but save off
+	 * the handle so we close below.
+	 */
+	h2 = io.out.file.handle;
+
+done:
+	smb2_util_close(tree, h2);
+	smb2_util_close(tree, h1);
+	smb2_util_unlink(tree, fname1);
+	smb2_util_unlink(tree, fname2);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool test_lease_v1_bug_15148(struct torture_context *tctx,
+				    struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io1;
+	struct smb2_create io2;
+	struct smb2_lease ls1;
+	struct smb2_lease ls2;
+	struct smb2_handle h1 = {{0}};
+	struct smb2_handle h2 = {{0}};
+	struct smb2_write w;
+	NTSTATUS status;
+	const char *fname = "lease_v1_bug_15148.dat";
+	bool ret = true;
+	uint32_t caps;
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	tree->session->transport->lease.handler = torture_lease_handler;
+	tree->session->transport->lease.private_data = tree;
+	tree->session->transport->oplock.handler = torture_oplock_handler;
+	tree->session->transport->oplock.private_data = tree;
+
+	smb2_util_unlink(tree, fname);
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	/* Grab R lease over connection 1a */
+	smb2_lease_create(&io1, &ls1, false, fname, LEASE1, smb2_util_lease_state("R"));
+	status = smb2_create(tree, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io1.out.file.handle;
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io1, "R", true, LEASE1, 0);
+
+	CHECK_NO_BREAK(tctx);
+
+	/* Contend with LEASE2. */
+	smb2_lease_create(&io2, &ls2, false, fname, LEASE2, smb2_util_lease_state("R"));
+	status = smb2_create(tree, mem_ctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io2.out.file.handle;
+	CHECK_CREATED(&io2, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io2, "R", true, LEASE2, 0);
+
+	CHECK_NO_BREAK(tctx);
+
+	ZERO_STRUCT(w);
+	w.in.file.handle = h1;
+	w.in.offset      = 0;
+	w.in.data        = data_blob_talloc(mem_ctx, NULL, 4096);
+	memset(w.in.data.data, 'o', w.in.data.length);
+	status = smb2_write(tree, &w);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ls2.lease_epoch += 1;
+	CHECK_BREAK_INFO("R", "", LEASE2);
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	ZERO_STRUCT(w);
+	w.in.file.handle = h1;
+	w.in.offset      = 0;
+	w.in.data        = data_blob_talloc(mem_ctx, NULL, 4096);
+	memset(w.in.data.data, 'O', w.in.data.length);
+	status = smb2_write(tree, &w);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	CHECK_NO_BREAK(tctx);
+
+	ZERO_STRUCT(w);
+	w.in.file.handle = h2;
+	w.in.offset      = 0;
+	w.in.data        = data_blob_talloc(mem_ctx, NULL, 4096);
+	memset(w.in.data.data, 'o', w.in.data.length);
+	status = smb2_write(tree, &w);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ls1.lease_epoch += 1;
+	CHECK_BREAK_INFO("R", "", LEASE1);
+
+ done:
+	smb2_util_close(tree, h1);
+	smb2_util_close(tree, h2);
+
+	smb2_util_unlink(tree, fname);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+static bool test_lease_v2_bug_15148(struct torture_context *tctx,
+				    struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io1;
+	struct smb2_create io2;
+	struct smb2_lease ls1;
+	struct smb2_lease ls2;
+	struct smb2_handle h1 = {{0}};
+	struct smb2_handle h2 = {{0}};
+	struct smb2_write w;
+	NTSTATUS status;
+	const char *fname = "lease_v2_bug_15148.dat";
+	bool ret = true;
+	uint32_t caps;
+	enum protocol_types protocol;
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	protocol = smbXcli_conn_protocol(tree->session->transport->conn);
+	if (protocol < PROTOCOL_SMB3_00) {
+		torture_skip(tctx, "v2 leases are not supported");
+	}
+
+	tree->session->transport->lease.handler = torture_lease_handler;
+	tree->session->transport->lease.private_data = tree;
+	tree->session->transport->oplock.handler = torture_oplock_handler;
+	tree->session->transport->oplock.private_data = tree;
+
+	smb2_util_unlink(tree, fname);
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	/* Grab R lease over connection 1a */
+	smb2_lease_v2_create(&io1, &ls1, false, fname, LEASE1, NULL,
+			     smb2_util_lease_state("R"), 0x4711);
+	status = smb2_create(tree, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io1.out.file.handle;
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	ls1.lease_epoch += 1;
+	CHECK_LEASE_V2(&io1, "R", true, LEASE1,
+		       0, 0, ls1.lease_epoch);
+
+	CHECK_NO_BREAK(tctx);
+
+	/* Contend with LEASE2. */
+	smb2_lease_v2_create(&io2, &ls2, false, fname, LEASE2, NULL,
+			     smb2_util_lease_state("R"), 0x11);
+	status = smb2_create(tree, mem_ctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io2.out.file.handle;
+	CHECK_CREATED(&io2, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	ls2.lease_epoch += 1;
+	CHECK_LEASE_V2(&io2, "R", true, LEASE2,
+		       0, 0, ls2.lease_epoch);
+
+	CHECK_NO_BREAK(tctx);
+
+	ZERO_STRUCT(w);
+	w.in.file.handle = h1;
+	w.in.offset      = 0;
+	w.in.data        = data_blob_talloc(mem_ctx, NULL, 4096);
+	memset(w.in.data.data, 'o', w.in.data.length);
+	status = smb2_write(tree, &w);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ls2.lease_epoch += 1;
+	CHECK_BREAK_INFO_V2(tree->session->transport,
+			    "R", "", LEASE2, ls2.lease_epoch);
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	ZERO_STRUCT(w);
+	w.in.file.handle = h1;
+	w.in.offset      = 0;
+	w.in.data        = data_blob_talloc(mem_ctx, NULL, 4096);
+	memset(w.in.data.data, 'O', w.in.data.length);
+	status = smb2_write(tree, &w);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	CHECK_NO_BREAK(tctx);
+
+	ZERO_STRUCT(w);
+	w.in.file.handle = h2;
+	w.in.offset      = 0;
+	w.in.data        = data_blob_talloc(mem_ctx, NULL, 4096);
+	memset(w.in.data.data, 'o', w.in.data.length);
+	status = smb2_write(tree, &w);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ls1.lease_epoch += 1;
+	CHECK_BREAK_INFO_V2(tree->session->transport,
+			    "R", "", LEASE1, ls1.lease_epoch);
+
+ done:
+	smb2_util_close(tree, h1);
+	smb2_util_close(tree, h2);
+
+	smb2_util_unlink(tree, fname);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+struct torture_suite *torture_smb2_lease_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite =
+	    torture_suite_create(ctx, "lease");
+
+	torture_suite_add_1smb2_test(suite, "request", test_lease_request);
+	torture_suite_add_1smb2_test(suite, "break_twice",
+				     test_lease_break_twice);
+	torture_suite_add_1smb2_test(suite, "nobreakself",
+				     test_lease_nobreakself);
+	torture_suite_add_1smb2_test(suite, "statopen", test_lease_statopen);
+	torture_suite_add_1smb2_test(suite, "statopen2", test_lease_statopen2);
+	torture_suite_add_1smb2_test(suite, "statopen3", test_lease_statopen3);
+	torture_suite_add_1smb2_test(suite, "statopen4", test_lease_statopen4);
+	torture_suite_add_1smb2_test(suite, "upgrade", test_lease_upgrade);
+	torture_suite_add_1smb2_test(suite, "upgrade2", test_lease_upgrade2);
+	torture_suite_add_1smb2_test(suite, "upgrade3", test_lease_upgrade3);
+	torture_suite_add_1smb2_test(suite, "break", test_lease_break);
+	torture_suite_add_1smb2_test(suite, "oplock", test_lease_oplock);
+	torture_suite_add_1smb2_test(suite, "multibreak", test_lease_multibreak);
+	torture_suite_add_1smb2_test(suite, "breaking1", test_lease_breaking1);
+	torture_suite_add_1smb2_test(suite, "breaking2", test_lease_breaking2);
+	torture_suite_add_1smb2_test(suite, "breaking3", test_lease_breaking3);
+	torture_suite_add_1smb2_test(suite, "v2_breaking3", test_lease_v2_breaking3);
+	torture_suite_add_1smb2_test(suite, "breaking4", test_lease_breaking4);
+	torture_suite_add_1smb2_test(suite, "breaking5", test_lease_breaking5);
+	torture_suite_add_1smb2_test(suite, "breaking6", test_lease_breaking6);
+	torture_suite_add_2smb2_test(suite, "lock1", test_lease_lock1);
+	torture_suite_add_1smb2_test(suite, "complex1", test_lease_complex1);
+	torture_suite_add_1smb2_test(suite, "v2_request_parent",
+				     test_lease_v2_request_parent);
+	torture_suite_add_1smb2_test(suite, "v2_request", test_lease_v2_request);
+	torture_suite_add_1smb2_test(suite, "v2_epoch1", test_lease_v2_epoch1);
+	torture_suite_add_1smb2_test(suite, "v2_epoch2", test_lease_v2_epoch2);
+	torture_suite_add_1smb2_test(suite, "v2_epoch3", test_lease_v2_epoch3);
+	torture_suite_add_1smb2_test(suite, "v2_complex1", test_lease_v2_complex1);
+	torture_suite_add_1smb2_test(suite, "v2_complex2", test_lease_v2_complex2);
+	torture_suite_add_1smb2_test(suite, "v2_rename", test_lease_v2_rename);
+	torture_suite_add_1smb2_test(suite, "dynamic_share", test_lease_dynamic_share);
+	torture_suite_add_1smb2_test(suite, "timeout", test_lease_timeout);
+	torture_suite_add_1smb2_test(suite, "unlink", test_lease_unlink);
+	torture_suite_add_1smb2_test(suite, "timeout-disconnect", test_lease_timeout_disconnect);
+	torture_suite_add_1smb2_test(suite, "rename_wait",
+				test_lease_rename_wait);
+	torture_suite_add_1smb2_test(suite, "duplicate_create",
+				test_lease_duplicate_create);
+	torture_suite_add_1smb2_test(suite, "duplicate_open",
+				test_lease_duplicate_open);
+	torture_suite_add_1smb2_test(suite, "v1_bug15148",
+				test_lease_v1_bug_15148);
+	torture_suite_add_1smb2_test(suite, "v2_bug15148",
+				test_lease_v2_bug_15148);
+
+	suite->description = talloc_strdup(suite, "SMB2-LEASE tests");
+
+	return suite;
+}
diff --git a/source4/torture/smb2/lease_break_handler.c b/source4/torture/smb2/lease_break_handler.c
new file mode 100644
index 0000000..6c865dc
--- /dev/null
+++ b/source4/torture/smb2/lease_break_handler.c
@@ -0,0 +1,161 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   test suite for SMB2 leases
+
+   Copyright (C) Zachary Loafman 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <tevent.h>
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "torture/torture.h"
+#include "torture/smb2/proto.h"
+#include "torture/util.h"
+#include "libcli/smb/smbXcli_base.h"
+#include "lease_break_handler.h"
+
+struct lease_break_info lease_break_info;
+
+void torture_lease_break_callback(struct smb2_request *req)
+{
+	NTSTATUS status;
+
+	status = smb2_lease_break_ack_recv(req, &lease_break_info.lease_break_ack);
+	if (!NT_STATUS_IS_OK(status))
+		lease_break_info.failures++;
+
+	return;
+}
+
+/* a lease break request handler */
+bool torture_lease_handler(struct smb2_transport *transport,
+			   const struct smb2_lease_break *lb,
+			   void *private_data)
+{
+	struct smb2_tree *tree = private_data;
+	struct smb2_lease_break_ack io;
+	struct smb2_request *req;
+	const char *action = NULL;
+	char *ls = smb2_util_lease_state_string(lease_break_info.tctx,
+						lb->new_lease_state);
+
+	if (lb->break_flags & SMB2_NOTIFY_BREAK_LEASE_FLAG_ACK_REQUIRED) {
+		action = "acking";
+	} else {
+		action = "received";
+	}
+
+	lease_break_info.lease_transport = transport;
+	lease_break_info.lease_break = *lb;
+	lease_break_info.count++;
+
+	if (lease_break_info.lease_skip_ack) {
+		torture_comment(lease_break_info.tctx,
+			"transport[%p] Skip %s to %s in lease handler\n",
+			transport, action, ls);
+		return true;
+	}
+
+	torture_comment(lease_break_info.tctx,
+		"transport[%p] %s to %s in lease handler\n",
+		transport, action, ls);
+
+	if (lb->break_flags & SMB2_NOTIFY_BREAK_LEASE_FLAG_ACK_REQUIRED) {
+		ZERO_STRUCT(io);
+		io.in.lease.lease_key = lb->current_lease.lease_key;
+		io.in.lease.lease_state = lb->new_lease_state;
+
+		req = smb2_lease_break_ack_send(tree, &io);
+		req->async.fn = torture_lease_break_callback;
+		req->async.private_data = NULL;
+	}
+
+	return true;
+}
+
+/*
+ * A lease break handler which ignores incoming lease break requests
+ * To be used in cases where the client is expected to ignore incoming
+ * lease break requests
+ */
+bool torture_lease_ignore_handler(struct smb2_transport *transport,
+			   const struct smb2_lease_break *lb,
+			   void *private_data)
+{
+	return true;
+}
+
+/*
+   Timer handler function notifies the registering function that time is up
+*/
+static void timeout_cb(struct tevent_context *ev,
+		       struct tevent_timer *te,
+		       struct timeval current_time,
+		       void *private_data)
+{
+	bool *timesup = (bool *)private_data;
+	*timesup = true;
+	return;
+}
+
+/*
+   Wait a short period of time to receive a single oplock break request
+*/
+void torture_wait_for_lease_break(struct torture_context *tctx)
+{
+	TALLOC_CTX *tmp_ctx = talloc_new(NULL);
+	struct tevent_timer *te = NULL;
+	struct timeval ne;
+	bool timesup = false;
+	int old_count = lease_break_info.count;
+
+	/* Wait 1 second for an lease break */
+	ne = tevent_timeval_current_ofs(0, 1000000);
+
+	te = tevent_add_timer(tctx->ev, tmp_ctx, ne, timeout_cb, &timesup);
+	if (te == NULL) {
+		torture_comment(tctx, "Failed to wait for an lease break. "
+				      "test results may not be accurate.\n");
+		goto done;
+	}
+
+	torture_comment(tctx, "Waiting for a potential lease break...\n");
+	while (!timesup && lease_break_info.count < old_count + 1) {
+		if (tevent_loop_once(tctx->ev) != 0) {
+			torture_comment(tctx, "Failed to wait for a lease "
+					      "break. test results may not be "
+					      "accurate.\n");
+			goto done;
+		}
+	}
+	if (timesup) {
+		torture_comment(tctx, "... waiting for a lease break timed out\n");
+	} else {
+		torture_comment(tctx, "Got %u lease breaks\n",
+				lease_break_info.count - old_count);
+	}
+
+done:
+	/* We don't know if the timed event fired and was freed, we received
+	 * our oplock break, or some other event triggered the loop.  Thus,
+	 * we create a tmp_ctx to be able to safely free/remove the timed
+	 * event in all 3 cases. */
+	talloc_free(tmp_ctx);
+
+	return;
+}
diff --git a/source4/torture/smb2/lease_break_handler.h b/source4/torture/smb2/lease_break_handler.h
new file mode 100644
index 0000000..90fde1a
--- /dev/null
+++ b/source4/torture/smb2/lease_break_handler.h
@@ -0,0 +1,134 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   test suite for SMB2 leases
+
+   Copyright (C) Zachary Loafman 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "torture/util.h"
+
+struct lease_break_info {
+	struct torture_context *tctx;
+
+	struct smb2_lease_break lease_break;
+	struct smb2_transport *lease_transport;
+	bool lease_skip_ack;
+	struct smb2_lease_break_ack lease_break_ack;
+	int count;
+	int failures;
+
+	struct smb2_handle oplock_handle;
+	uint8_t held_oplock_level;
+	uint8_t oplock_level;
+	int oplock_count;
+	int oplock_failures;
+};
+
+#define CHECK_LEASE_BREAK(__lb, __oldstate, __state, __key)		\
+	do {								\
+		uint16_t __new = smb2_util_lease_state(__state); \
+		uint16_t __old = smb2_util_lease_state(__oldstate); \
+		CHECK_VAL((__lb)->new_lease_state, __new);	\
+		CHECK_VAL((__lb)->current_lease.lease_state, __old); \
+		CHECK_VAL((__lb)->current_lease.lease_key.data[0], (__key)); \
+		CHECK_VAL((__lb)->current_lease.lease_key.data[1], ~(__key)); \
+		if (__old & (SMB2_LEASE_WRITE | SMB2_LEASE_HANDLE)) { \
+			CHECK_VAL((__lb)->break_flags, \
+				  SMB2_NOTIFY_BREAK_LEASE_FLAG_ACK_REQUIRED);	\
+		} else { \
+			CHECK_VAL((__lb)->break_flags, 0); \
+		} \
+	} while(0)
+
+#define CHECK_LEASE_BREAK_ACK(__lba, __state, __key)			\
+	do {								\
+		CHECK_VAL((__lba)->out.reserved, 0);			\
+		CHECK_VAL((__lba)->out.lease.lease_key.data[0], (__key)); \
+		CHECK_VAL((__lba)->out.lease.lease_key.data[1], ~(__key)); \
+		CHECK_VAL((__lba)->out.lease.lease_state, smb2_util_lease_state(__state)); \
+		CHECK_VAL((__lba)->out.lease.lease_flags, 0);		\
+		CHECK_VAL((__lba)->out.lease.lease_duration, 0);	\
+	} while(0)
+
+#define CHECK_NO_BREAK(tctx)	\
+	do {								\
+		torture_wait_for_lease_break(tctx);			\
+		CHECK_VAL(lease_break_info.failures, 0);			\
+		CHECK_VAL(lease_break_info.count, 0);				\
+		CHECK_VAL(lease_break_info.oplock_failures, 0);		\
+		CHECK_VAL(lease_break_info.oplock_count, 0);			\
+	} while(0)
+
+#define CHECK_OPLOCK_BREAK(__brokento)	\
+	do {								\
+		torture_wait_for_lease_break(tctx);			\
+		CHECK_VAL(lease_break_info.oplock_count, 1);			\
+		CHECK_VAL(lease_break_info.oplock_failures, 0);		\
+		CHECK_VAL(lease_break_info.oplock_level,			\
+			  smb2_util_oplock_level(__brokento)); \
+		lease_break_info.held_oplock_level = lease_break_info.oplock_level; \
+	} while(0)
+
+#define _CHECK_BREAK_INFO(__oldstate, __state, __key)			\
+	do {								\
+		torture_wait_for_lease_break(tctx);			\
+		CHECK_VAL(lease_break_info.failures, 0);			\
+		CHECK_VAL(lease_break_info.count, 1);				\
+		CHECK_LEASE_BREAK(&lease_break_info.lease_break, (__oldstate), \
+		    (__state), (__key));				\
+		if (!lease_break_info.lease_skip_ack && \
+		    (lease_break_info.lease_break.break_flags &		\
+		     SMB2_NOTIFY_BREAK_LEASE_FLAG_ACK_REQUIRED))	\
+		{	\
+			torture_wait_for_lease_break(tctx);		\
+			CHECK_LEASE_BREAK_ACK(&lease_break_info.lease_break_ack, \
+				              (__state), (__key));	\
+		}							\
+	} while(0)
+
+#define CHECK_BREAK_INFO(__oldstate, __state, __key)			\
+	do {								\
+		_CHECK_BREAK_INFO(__oldstate, __state, __key);		\
+		CHECK_VAL(lease_break_info.lease_break.new_epoch, 0);		\
+	} while(0)
+
+#define CHECK_BREAK_INFO_V2(__transport, __oldstate, __state, __key, __epoch) \
+	do {								\
+		_CHECK_BREAK_INFO(__oldstate, __state, __key);		\
+		CHECK_VAL(lease_break_info.lease_break.new_epoch, __epoch);	\
+		if (!TARGET_IS_SAMBA3(tctx)) {				\
+			CHECK_VAL((uintptr_t)lease_break_info.lease_transport, \
+				  (uintptr_t)__transport);		\
+		} \
+	} while(0)
+
+extern struct lease_break_info lease_break_info;
+
+bool torture_lease_handler(struct smb2_transport *transport,
+			   const struct smb2_lease_break *lb,
+			   void *private_data);
+bool torture_lease_ignore_handler(struct smb2_transport *transport,
+				  const struct smb2_lease_break *lb,
+				  void *private_data);
+void torture_wait_for_lease_break(struct torture_context *tctx);
+
+static inline void torture_reset_lease_break_info(struct torture_context *tctx,
+						  struct lease_break_info *r)
+{
+	ZERO_STRUCTP(r);
+	r->tctx = tctx;
+}
diff --git a/source4/torture/smb2/lock.c b/source4/torture/smb2/lock.c
new file mode 100644
index 0000000..eac0d55
--- /dev/null
+++ b/source4/torture/smb2/lock.c
@@ -0,0 +1,3513 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   SMB2 lock test suite
+
+   Copyright (C) Stefan Metzmacher 2006
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "../libcli/smb/smbXcli_base.h"
+
+#include "torture/torture.h"
+#include "torture/smb2/proto.h"
+#include "torture/util.h"
+
+#include "lib/events/events.h"
+#include "param/param.h"
+
+#define CHECK_STATUS(status, correct) do { \
+	const char *_cmt = "(" __location__ ")"; \
+	torture_assert_ntstatus_equal_goto(torture,status,correct, \
+					   ret,done,_cmt); \
+	} while (0)
+
+#define CHECK_STATUS_CMT(status, correct, cmt) do { \
+	torture_assert_ntstatus_equal_goto(torture,status,correct, \
+					   ret,done,cmt); \
+	} while (0)
+
+#define CHECK_STATUS_CONT(status, correct) do { \
+	if (!NT_STATUS_EQUAL(status, correct)) { \
+		torture_result(torture, TORTURE_FAIL, \
+			"(%s) Incorrect status %s - should be %s\n", \
+			__location__, nt_errstr(status), nt_errstr(correct)); \
+		ret = false; \
+	}} while (0)
+
+#define CHECK_VALUE(v, correct) do { \
+	const char *_cmt = "(" __location__ ")"; \
+	torture_assert_int_equal_goto(torture,v,correct,ret,done,_cmt); \
+	} while (0)
+
+#define BASEDIR "testlock"
+
+#define TARGET_SUPPORTS_INVALID_LOCK_RANGE(_tctx) \
+    (torture_setting_bool(_tctx, "invalid_lock_range_support", true))
+#define TARGET_IS_W2K8(_tctx) (torture_setting_bool(_tctx, "w2k8", false))
+
+#define WAIT_FOR_ASYNC_RESPONSE(req) \
+	while (!req->cancel.can_cancel && req->state <= SMB2_REQUEST_RECV) { \
+		if (tevent_loop_once(torture->ev) != 0) { \
+			break; \
+		} \
+	}
+
+static bool test_valid_request(struct torture_context *torture,
+			       struct smb2_tree *tree)
+{
+	bool ret = true;
+	NTSTATUS status;
+	struct smb2_handle h;
+	uint8_t buf[200];
+	struct smb2_lock lck;
+	struct smb2_lock_element el[2];
+
+	ZERO_STRUCT(buf);
+
+	status = torture_smb2_testfile(tree, "lock1.txt", &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_util_write(tree, h, buf, 0, ARRAY_SIZE(buf));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	lck.in.locks		= el;
+
+	torture_comment(torture, "Test request with 0 locks.\n");
+
+	lck.in.lock_count	= 0x0000;
+	lck.in.lock_sequence	= 0x00000000;
+	lck.in.file.handle	= h;
+	el[0].offset		= 0x0000000000000000;
+	el[0].length		= 0x0000000000000000;
+	el[0].reserved		= 0x0000000000000000;
+	el[0].flags		= 0x00000000;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	lck.in.lock_count	= 0x0000;
+	lck.in.lock_sequence	= 0x00000000;
+	lck.in.file.handle	= h;
+	el[0].offset		= 0;
+	el[0].length		= 0;
+	el[0].reserved		= 0x00000000;
+	el[0].flags		= SMB2_LOCK_FLAG_SHARED;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x00000000;
+	lck.in.file.handle	= h;
+	el[0].offset		= 0;
+	el[0].length		= 0;
+	el[0].reserved		= 0x00000000;
+	el[0].flags		= SMB2_LOCK_FLAG_NONE;
+	status = smb2_lock(tree, &lck);
+	if (TARGET_IS_W2K8(torture)) {
+		CHECK_STATUS(status, NT_STATUS_OK);
+		torture_warning(torture, "Target has bug validating lock flags "
+					 "parameter.\n");
+	} else {
+		CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+	}
+
+	torture_comment(torture, "Test >63-bit lock requests.\n");
+
+	lck.in.file.handle.data[0] +=1;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_FILE_CLOSED);
+	lck.in.file.handle.data[0] -=1;
+
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x123ab1;
+	lck.in.file.handle	= h;
+	el[0].offset		= UINT64_MAX;
+	el[0].length		= UINT64_MAX;
+	el[0].reserved		= 0x00000000;
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	if (TARGET_SUPPORTS_INVALID_LOCK_RANGE(torture)) {
+		CHECK_STATUS(status, NT_STATUS_INVALID_LOCK_RANGE);
+	} else {
+		CHECK_STATUS(status, NT_STATUS_OK);
+		CHECK_VALUE(lck.out.reserved, 0);
+	}
+
+	lck.in.lock_sequence	= 0x123ab2;
+	status = smb2_lock(tree, &lck);
+	if (TARGET_SUPPORTS_INVALID_LOCK_RANGE(torture)) {
+		CHECK_STATUS(status, NT_STATUS_INVALID_LOCK_RANGE);
+	} else {
+		CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+	}
+
+	torture_comment(torture, "Test basic lock stacking.\n");
+
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x12345678;
+	lck.in.file.handle	= h;
+	el[0].offset		= UINT32_MAX;
+	el[0].length		= UINT32_MAX;
+	el[0].reserved		= 0x87654321;
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(lck.out.reserved, 0);
+
+	el[0].flags		= SMB2_LOCK_FLAG_SHARED;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(lck.out.reserved, 0);
+
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(lck.out.reserved, 0);
+
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x87654321;
+	lck.in.file.handle	= h;
+	el[0].offset		= 0x00000000FFFFFFFF;
+	el[0].length		= 0x00000000FFFFFFFF;
+	el[0].reserved		= 0x1234567;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x1234567;
+	lck.in.file.handle	= h;
+	el[0].offset		= 0x00000000FFFFFFFF;
+	el[0].length		= 0x00000000FFFFFFFF;
+	el[0].reserved		= 0x00000000;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+	torture_comment(torture, "Test flags field permutations.\n");
+
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0;
+	lck.in.file.handle	= h;
+	el[0].offset		= 1;
+	el[0].length		= 1;
+	el[0].reserved		= 0x00000000;
+	el[0].flags		= ~SMB2_LOCK_FLAG_ALL_MASK;
+
+	status = smb2_lock(tree, &lck);
+	if (TARGET_IS_W2K8(torture)) {
+		CHECK_STATUS(status, NT_STATUS_OK);
+		torture_warning(torture, "Target has bug validating lock flags "
+					 "parameter.\n");
+	} else {
+		CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+	}
+
+	if (TARGET_IS_W2K8(torture)) {
+		el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+		status = smb2_lock(tree, &lck);
+		CHECK_STATUS(status, NT_STATUS_OK);
+	}
+
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK |
+				  SMB2_LOCK_FLAG_EXCLUSIVE;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK |
+				  SMB2_LOCK_FLAG_SHARED;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	if (TARGET_IS_W2K8(torture)) {
+		CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+		torture_warning(torture, "Target has bug validating lock flags "
+					 "parameter.\n");
+	} else {
+		CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+	}
+
+	torture_comment(torture, "Test return error when 2 locks are "
+				 "requested\n");
+
+	lck.in.lock_count	= 2;
+	lck.in.lock_sequence	= 0;
+	lck.in.file.handle	= h;
+	el[0].offset		= 9999;
+	el[0].length		= 1;
+	el[0].reserved		= 0x00000000;
+	el[1].offset		= 9999;
+	el[1].length		= 1;
+	el[1].reserved		= 0x00000000;
+
+	lck.in.lock_count	= 2;
+	el[0].flags		= 0;
+	el[1].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	lck.in.lock_count	= 2;
+	el[0].flags = SMB2_LOCK_FLAG_SHARED|SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	el[1].flags = SMB2_LOCK_FLAG_SHARED;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	lck.in.lock_count	= 2;
+	el[0].flags		= 0;
+	el[1].flags		= 0;
+	status = smb2_lock(tree, &lck);
+	if (TARGET_IS_W2K8(torture)) {
+		CHECK_STATUS(status, NT_STATUS_OK);
+		torture_warning(torture, "Target has bug validating lock flags "
+					 "parameter.\n");
+	} else {
+		CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+	}
+
+	lck.in.lock_count	= 2;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	el[1].flags		= 0;
+	status = smb2_lock(tree, &lck);
+	if (TARGET_IS_W2K8(torture)) {
+		CHECK_STATUS(status, NT_STATUS_OK);
+		torture_warning(torture, "Target has bug validating lock flags "
+					 "parameter.\n");
+	} else {
+		CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+	}
+
+	lck.in.lock_count	= 1;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+	lck.in.lock_count	= 1;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+	lck.in.lock_count	= 1;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+	lck.in.lock_count	= 1;
+	el[0].flags		= SMB2_LOCK_FLAG_SHARED;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	lck.in.lock_count	= 2;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	el[1].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	lck.in.lock_count	= 1;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+done:
+	return ret;
+}
+
+struct test_lock_read_write_state {
+	const char *fname;
+	uint32_t lock_flags;
+	NTSTATUS write_h1_status;
+	NTSTATUS read_h1_status;
+	NTSTATUS write_h2_status;
+	NTSTATUS read_h2_status;
+};
+
+static bool test_lock_read_write(struct torture_context *torture,
+				 struct smb2_tree *tree,
+				 struct test_lock_read_write_state *s)
+{
+	bool ret = true;
+	NTSTATUS status;
+	struct smb2_handle h1, h2;
+	uint8_t buf[200];
+	struct smb2_lock lck;
+	struct smb2_create cr;
+	struct smb2_write wr;
+	struct smb2_read rd;
+	struct smb2_lock_element el[1];
+
+	lck.in.locks		= el;
+
+	ZERO_STRUCT(buf);
+
+	status = torture_smb2_testfile(tree, s->fname, &h1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_util_write(tree, h1, buf, 0, ARRAY_SIZE(buf));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x00000000;
+	lck.in.file.handle	= h1;
+	el[0].offset		= 0;
+	el[0].length		= ARRAY_SIZE(buf)/2;
+	el[0].reserved		= 0x00000000;
+	el[0].flags		= s->lock_flags;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(lck.out.reserved, 0);
+
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x00000000;
+	lck.in.file.handle	= h1;
+	el[0].offset		= ARRAY_SIZE(buf)/2;
+	el[0].length		= ARRAY_SIZE(buf)/2;
+	el[0].reserved		= 0x00000000;
+	el[0].flags		= s->lock_flags;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(lck.out.reserved, 0);
+
+	ZERO_STRUCT(cr);
+	cr.in.oplock_level = 0;
+	cr.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	cr.in.file_attributes   = FILE_ATTRIBUTE_NORMAL;
+	cr.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	cr.in.share_access =
+		NTCREATEX_SHARE_ACCESS_DELETE|
+		NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	cr.in.create_options = 0;
+	cr.in.fname = s->fname;
+
+	status = smb2_create(tree, tree, &cr);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	h2 = cr.out.file.handle;
+
+	ZERO_STRUCT(wr);
+	wr.in.file.handle = h1;
+	wr.in.offset      = ARRAY_SIZE(buf)/2;
+	wr.in.data        = data_blob_const(buf, ARRAY_SIZE(buf)/2);
+
+	status = smb2_write(tree, &wr);
+	CHECK_STATUS(status, s->write_h1_status);
+
+	ZERO_STRUCT(rd);
+	rd.in.file.handle = h1;
+	rd.in.offset      = ARRAY_SIZE(buf)/2;
+	rd.in.length      = ARRAY_SIZE(buf)/2;
+
+	status = smb2_read(tree, tree, &rd);
+	CHECK_STATUS(status, s->read_h1_status);
+
+	ZERO_STRUCT(wr);
+	wr.in.file.handle = h2;
+	wr.in.offset      = ARRAY_SIZE(buf)/2;
+	wr.in.data        = data_blob_const(buf, ARRAY_SIZE(buf)/2);
+
+	status = smb2_write(tree, &wr);
+	CHECK_STATUS(status, s->write_h2_status);
+
+	ZERO_STRUCT(rd);
+	rd.in.file.handle = h2;
+	rd.in.offset      = ARRAY_SIZE(buf)/2;
+	rd.in.length      = ARRAY_SIZE(buf)/2;
+
+	status = smb2_read(tree, tree, &rd);
+	CHECK_STATUS(status, s->read_h2_status);
+
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x00000000;
+	lck.in.file.handle	= h1;
+	el[0].offset		= ARRAY_SIZE(buf)/2;
+	el[0].length		= ARRAY_SIZE(buf)/2;
+	el[0].reserved		= 0x00000000;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(lck.out.reserved, 0);
+
+	ZERO_STRUCT(wr);
+	wr.in.file.handle = h2;
+	wr.in.offset      = ARRAY_SIZE(buf)/2;
+	wr.in.data        = data_blob_const(buf, ARRAY_SIZE(buf)/2);
+
+	status = smb2_write(tree, &wr);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(rd);
+	rd.in.file.handle = h2;
+	rd.in.offset      = ARRAY_SIZE(buf)/2;
+	rd.in.length      = ARRAY_SIZE(buf)/2;
+
+	status = smb2_read(tree, tree, &rd);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+done:
+	return ret;
+}
+
+static bool test_lock_rw_none(struct torture_context *torture,
+			      struct smb2_tree *tree)
+{
+	struct test_lock_read_write_state s = {
+		.fname			= "lock_rw_none.dat",
+		.lock_flags		= SMB2_LOCK_FLAG_NONE,
+		.write_h1_status	= NT_STATUS_FILE_LOCK_CONFLICT,
+		.read_h1_status		= NT_STATUS_OK,
+		.write_h2_status	= NT_STATUS_FILE_LOCK_CONFLICT,
+		.read_h2_status		= NT_STATUS_OK,
+	};
+
+	if (!TARGET_IS_W2K8(torture)) {
+		torture_skip(torture, "RW-NONE tests the behavior of a "
+			     "NONE-type lock, which is the same as a SHARED "
+			     "lock but is granted due to a bug in W2K8.  If "
+			     "target is not W2K8 we skip this test.\n");
+	}
+
+	return test_lock_read_write(torture, tree, &s);
+}
+
+static bool test_lock_rw_shared(struct torture_context *torture,
+				struct smb2_tree *tree)
+{
+	struct test_lock_read_write_state s = {
+		.fname			= "lock_rw_shared.dat",
+		.lock_flags		= SMB2_LOCK_FLAG_SHARED,
+		.write_h1_status	= NT_STATUS_FILE_LOCK_CONFLICT,
+		.read_h1_status		= NT_STATUS_OK,
+		.write_h2_status	= NT_STATUS_FILE_LOCK_CONFLICT,
+		.read_h2_status		= NT_STATUS_OK,
+	};
+
+	return test_lock_read_write(torture, tree, &s);
+}
+
+static bool test_lock_rw_exclusive(struct torture_context *torture,
+				   struct smb2_tree *tree)
+{
+	struct test_lock_read_write_state s = {
+		.fname			= "lock_rw_exclusive.dat",
+		.lock_flags		= SMB2_LOCK_FLAG_EXCLUSIVE,
+		.write_h1_status	= NT_STATUS_OK,
+		.read_h1_status		= NT_STATUS_OK,
+		.write_h2_status	= NT_STATUS_FILE_LOCK_CONFLICT,
+		.read_h2_status		= NT_STATUS_FILE_LOCK_CONFLICT,
+	};
+
+	return test_lock_read_write(torture, tree, &s);
+}
+
+static bool test_lock_auto_unlock(struct torture_context *torture,
+				  struct smb2_tree *tree)
+{
+	bool ret = true;
+	NTSTATUS status;
+	struct smb2_handle h;
+	uint8_t buf[200];
+	struct smb2_lock lck;
+	struct smb2_lock_element el[1];
+
+	ZERO_STRUCT(buf);
+
+	status = torture_smb2_testfile(tree, "autounlock.txt", &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_util_write(tree, h, buf, 0, ARRAY_SIZE(buf));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(lck);
+	ZERO_STRUCT(el[0]);
+	lck.in.locks		= el;
+	lck.in.lock_count	= 0x0001;
+	lck.in.file.handle	= h;
+	el[0].offset		= 0;
+	el[0].length		= 1;
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	status = smb2_lock(tree, &lck);
+	if (TARGET_IS_W2K8(torture)) {
+		CHECK_STATUS(status, NT_STATUS_OK);
+		torture_warning(torture, "Target has \"pretty please\" bug. "
+				"A contending lock request on the same handle "
+				"unlocks the lock.\n");
+	} else {
+		CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+	}
+
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+done:
+	return ret;
+}
+
+/*
+  test different lock ranges and see if different handles conflict
+*/
+static bool test_lock(struct torture_context *torture,
+		      struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	bool ret = true;
+	struct smb2_handle h = {{0}};
+	struct smb2_handle h2 = {{0}};
+	uint8_t buf[200];
+	struct smb2_lock lck;
+	struct smb2_lock_element el[2];
+
+	const char *fname = BASEDIR "\\async.txt";
+
+	status = torture_smb2_testdir(tree, BASEDIR, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, h);
+
+	status = torture_smb2_testfile(tree, fname, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(buf);
+	status = smb2_util_write(tree, h, buf, 0, ARRAY_SIZE(buf));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = torture_smb2_testfile(tree, fname, &h2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	lck.in.locks		= el;
+
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x00000000;
+	lck.in.file.handle	= h;
+	el[0].reserved		= 0x00000000;
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+
+	torture_comment(torture, "Trying 0/0 lock\n");
+	el[0].offset		= 0x0000000000000000;
+	el[0].length		= 0x0000000000000000;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	lck.in.file.handle	= h2;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	lck.in.file.handle	= h;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(torture, "Trying 0/1 lock\n");
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	el[0].offset		= 0x0000000000000000;
+	el[0].length		= 0x0000000000000001;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	lck.in.file.handle      = h2;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+	lck.in.file.handle      = h;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+	torture_comment(torture, "Trying 0xEEFFFFF lock\n");
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	el[0].offset		= 0xEEFFFFFF;
+	el[0].length		= 4000;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	lck.in.file.handle      = h2;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+	lck.in.file.handle      = h;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+	torture_comment(torture, "Trying 0xEF00000 lock\n");
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	el[0].offset		= 0xEF000000;
+	el[0].length		= 4000;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	lck.in.file.handle      = h2;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+	lck.in.file.handle      = h;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+	torture_comment(torture, "Trying (2^63 - 1)/1\n");
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	el[0].offset		= 1;
+	el[0].offset	      <<= 63;
+	el[0].offset--;
+	el[0].length		= 1;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	lck.in.file.handle      = h2;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+	lck.in.file.handle      = h;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+	torture_comment(torture, "Trying 2^63/1\n");
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	el[0].offset		= 1;
+	el[0].offset	      <<= 63;
+	el[0].length		= 1;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	lck.in.file.handle      = h2;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+	lck.in.file.handle      = h;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+	torture_comment(torture, "Trying max/0 lock\n");
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	el[0].offset		= ~0;
+	el[0].length		= 0;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	lck.in.file.handle      = h2;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	lck.in.file.handle      = h;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+	torture_comment(torture, "Trying max/1 lock\n");
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	el[0].offset		= ~0;
+	el[0].length		= 1;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	lck.in.file.handle      = h2;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+	lck.in.file.handle      = h;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+	torture_comment(torture, "Trying max/2 lock\n");
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	el[0].offset		= ~0;
+	el[0].length		= 2;
+	status = smb2_lock(tree, &lck);
+	if (TARGET_SUPPORTS_INVALID_LOCK_RANGE(torture)) {
+		CHECK_STATUS(status, NT_STATUS_INVALID_LOCK_RANGE);
+	} else {
+		CHECK_STATUS(status, NT_STATUS_OK);
+		el[0].flags	= SMB2_LOCK_FLAG_UNLOCK;
+		status = smb2_lock(tree, &lck);
+		CHECK_STATUS(status, NT_STATUS_OK);
+	}
+
+	torture_comment(torture, "Trying wrong handle unlock\n");
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	el[0].offset		= 10001;
+	el[0].length		= 40002;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	lck.in.file.handle	= h2;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+	lck.in.file.handle	= h;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+done:
+	smb2_util_close(tree, h2);
+	smb2_util_close(tree, h);
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+/*
+  test SMB2 LOCK async operation
+*/
+static bool test_async(struct torture_context *torture,
+		       struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	bool ret = true;
+	struct smb2_handle h = {{0}};
+	struct smb2_handle h2 = {{0}};
+	uint8_t buf[200];
+	struct smb2_lock lck;
+	struct smb2_lock_element el[2];
+	struct smb2_request *req = NULL;
+
+	const char *fname = BASEDIR "\\async.txt";
+
+	status = torture_smb2_testdir(tree, BASEDIR, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, h);
+
+	status = torture_smb2_testfile(tree, fname, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(buf);
+	status = smb2_util_write(tree, h, buf, 0, ARRAY_SIZE(buf));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = torture_smb2_testfile(tree, fname, &h2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	lck.in.locks		= el;
+
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x00000000;
+	lck.in.file.handle	= h;
+	el[0].offset		= 100;
+	el[0].length		= 50;
+	el[0].reserved		= 0x00000000;
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE;
+
+	torture_comment(torture, "  Acquire first lock\n");
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(torture, "  Second lock should pend on first\n");
+	lck.in.file.handle	= h2;
+	req = smb2_lock_send(tree, &lck);
+	WAIT_FOR_ASYNC_RESPONSE(req);
+
+	torture_comment(torture, "  Unlock first lock\n");
+	lck.in.file.handle	= h;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(torture, "  Second lock should now succeed\n");
+	lck.in.file.handle	= h2;
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE;
+	status = smb2_lock_recv(req, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+done:
+	smb2_util_close(tree, h2);
+	smb2_util_close(tree, h);
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+/*
+  test SMB2 LOCK Cancel operation
+*/
+static bool test_cancel(struct torture_context *torture,
+			struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	bool ret = true;
+	struct smb2_handle h = {{0}};
+	struct smb2_handle h2 = {{0}};
+	uint8_t buf[200];
+	struct smb2_lock lck;
+	struct smb2_lock_element el[2];
+	struct smb2_request *req = NULL;
+
+	const char *fname = BASEDIR "\\cancel.txt";
+
+	status = torture_smb2_testdir(tree, BASEDIR, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, h);
+
+	status = torture_smb2_testfile(tree, fname, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(buf);
+	status = smb2_util_write(tree, h, buf, 0, ARRAY_SIZE(buf));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = torture_smb2_testfile(tree, fname, &h2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	lck.in.locks		= el;
+
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x00000000;
+	lck.in.file.handle	= h;
+	el[0].offset		= 100;
+	el[0].length		= 10;
+	el[0].reserved		= 0x00000000;
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE;
+
+	torture_comment(torture, "Testing basic cancel\n");
+
+	torture_comment(torture, "  Acquire first lock\n");
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(torture, "  Second lock should pend on first\n");
+	lck.in.file.handle	= h2;
+	req = smb2_lock_send(tree, &lck);
+	WAIT_FOR_ASYNC_RESPONSE(req);
+
+	torture_comment(torture, "  Cancel the second lock\n");
+	smb2_cancel(req);
+	lck.in.file.handle	= h2;
+	status = smb2_lock_recv(req, &lck);
+	CHECK_STATUS(status, NT_STATUS_CANCELLED);
+
+	torture_comment(torture, "  Unlock first lock\n");
+	lck.in.file.handle	= h;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+
+	torture_comment(torture, "Testing cancel by unlock\n");
+
+	torture_comment(torture, "  Acquire first lock\n");
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(torture, "  Second lock should pend on first\n");
+	lck.in.file.handle	= h2;
+	req = smb2_lock_send(tree, &lck);
+	WAIT_FOR_ASYNC_RESPONSE(req);
+
+	torture_comment(torture, "  Attempt to unlock pending second lock\n");
+	lck.in.file.handle	= h2;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+	torture_comment(torture, "  Now cancel the second lock\n");
+	smb2_cancel(req);
+	lck.in.file.handle	= h2;
+	status = smb2_lock_recv(req, &lck);
+	CHECK_STATUS(status, NT_STATUS_CANCELLED);
+
+	torture_comment(torture, "  Unlock first lock\n");
+	lck.in.file.handle	= h;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+
+	torture_comment(torture, "Testing cancel by close\n");
+
+	torture_comment(torture, "  Acquire first lock\n");
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(torture, "  Second lock should pend on first\n");
+	lck.in.file.handle	= h2;
+	req = smb2_lock_send(tree, &lck);
+	WAIT_FOR_ASYNC_RESPONSE(req);
+
+	torture_comment(torture, "  Close the second lock handle\n");
+	smb2_util_close(tree, h2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(torture, "  Check pending lock reply\n");
+	status = smb2_lock_recv(req, &lck);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+	torture_comment(torture, "  Unlock first lock\n");
+	lck.in.file.handle	= h;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+done:
+	smb2_util_close(tree, h2);
+	smb2_util_close(tree, h);
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+/*
+  test SMB2 LOCK Cancel by tree disconnect
+*/
+static bool test_cancel_tdis(struct torture_context *torture,
+			     struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	bool ret = true;
+	struct smb2_handle h = {{0}};
+	struct smb2_handle h2 = {{0}};
+	uint8_t buf[200];
+	struct smb2_lock lck;
+	struct smb2_lock_element el[2];
+	struct smb2_request *req = NULL;
+
+	const char *fname = BASEDIR "\\cancel_tdis.txt";
+
+	status = torture_smb2_testdir(tree, BASEDIR, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, h);
+
+	status = torture_smb2_testfile(tree, fname, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(buf);
+	status = smb2_util_write(tree, h, buf, 0, ARRAY_SIZE(buf));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = torture_smb2_testfile(tree, fname, &h2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	lck.in.locks		= el;
+
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x00000000;
+	lck.in.file.handle	= h;
+	el[0].offset		= 100;
+	el[0].length		= 10;
+	el[0].reserved		= 0x00000000;
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE;
+
+	torture_comment(torture, "Testing cancel by tree disconnect\n");
+
+	status = torture_smb2_testfile(tree, fname, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = torture_smb2_testfile(tree, fname, &h2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(torture, "  Acquire first lock\n");
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(torture, "  Second lock should pend on first\n");
+	lck.in.file.handle	= h2;
+	req = smb2_lock_send(tree, &lck);
+	WAIT_FOR_ASYNC_RESPONSE(req);
+
+	torture_comment(torture, "  Disconnect the tree\n");
+	smb2_tdis(tree);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(torture, "  Check pending lock reply\n");
+	status = smb2_lock_recv(req, &lck);
+	if (!NT_STATUS_EQUAL(status, NT_STATUS_RANGE_NOT_LOCKED)) {
+		/*
+		 * The status depends on the server internals
+		 * the order in which the files are closed
+		 * by smb2_tdis().
+		 */
+		CHECK_STATUS(status, NT_STATUS_OK);
+	}
+
+	torture_comment(torture, "  Attempt to unlock first lock\n");
+	lck.in.file.handle	= h;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	/*
+	 * Most Windows versions have a strange order to
+	 * verify the session id, tree id and file id.
+	 * (They should be checked in that order, but windows
+	 *  seems to check the file id before the others).
+	 */
+	if (!NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_NAME_DELETED)) {
+		CHECK_STATUS(status, NT_STATUS_FILE_CLOSED);
+	}
+
+done:
+	smb2_util_close(tree, h2);
+	smb2_util_close(tree, h);
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+/*
+  test SMB2 LOCK Cancel by user logoff
+*/
+static bool test_cancel_logoff(struct torture_context *torture,
+			       struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	bool ret = true;
+	struct smb2_handle h = {{0}};
+	struct smb2_handle h2 = {{0}};
+	uint8_t buf[200];
+	struct smb2_lock lck;
+	struct smb2_lock_element el[2];
+	struct smb2_request *req = NULL;
+
+	const char *fname = BASEDIR "\\cancel_logoff.txt";
+
+	status = torture_smb2_testdir(tree, BASEDIR, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, h);
+
+	status = torture_smb2_testfile(tree, fname, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(buf);
+	status = smb2_util_write(tree, h, buf, 0, ARRAY_SIZE(buf));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = torture_smb2_testfile(tree, fname, &h2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	lck.in.locks		= el;
+
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x00000000;
+	lck.in.file.handle	= h;
+	el[0].offset		= 100;
+	el[0].length		= 10;
+	el[0].reserved		= 0x00000000;
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE;
+
+	torture_comment(torture, "Testing cancel by ulogoff\n");
+
+	torture_comment(torture, "  Acquire first lock\n");
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(torture, "  Second lock should pend on first\n");
+	lck.in.file.handle	= h2;
+	req = smb2_lock_send(tree, &lck);
+	WAIT_FOR_ASYNC_RESPONSE(req);
+
+	torture_comment(torture, "  Logoff user\n");
+	smb2_logoff(tree->session);
+
+	torture_comment(torture, "  Check pending lock reply\n");
+	status = smb2_lock_recv(req, &lck);
+	if (!NT_STATUS_EQUAL(status, NT_STATUS_RANGE_NOT_LOCKED)) {
+		/*
+		 * The status depends on the server internals
+		 * the order in which the files are closed
+		 * by smb2_logoff().
+		 */
+		CHECK_STATUS(status, NT_STATUS_OK);
+	}
+
+	torture_comment(torture, "  Attempt to unlock first lock\n");
+	lck.in.file.handle	= h;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	/*
+	 * Most Windows versions have a strange order to
+	 * verify the session id, tree id and file id.
+	 * (They should be checked in that order, but windows
+	 *  seems to check the file id before the others).
+	 */
+	if (!NT_STATUS_EQUAL(status, NT_STATUS_USER_SESSION_DELETED)) {
+		CHECK_STATUS(status, NT_STATUS_FILE_CLOSED);
+	}
+
+done:
+	smb2_util_close(tree, h2);
+	smb2_util_close(tree, h);
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+/*
+ * Test NT_STATUS_LOCK_NOT_GRANTED vs. NT_STATUS_FILE_LOCK_CONFLICT
+ *
+ * The SMBv1 protocol returns a different error code on lock acquisition
+ * failure depending on a number of parameters, including what error code
+ * was returned to the previous failure.
+ *
+ * SMBv2 has cleaned up these semantics and should always return
+ * NT_STATUS_LOCK_NOT_GRANTED to failed lock requests, and
+ * NT_STATUS_FILE_LOCK_CONFLICT to failed read/write requests due to a lock
+ * being held on that range.
+*/
+static bool test_errorcode(struct torture_context *torture,
+			   struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	bool ret = true;
+	struct smb2_handle h = {{0}};
+	struct smb2_handle h2 = {{0}};
+	uint8_t buf[200];
+	struct smb2_lock lck;
+	struct smb2_lock_element el[2];
+
+	const char *fname = BASEDIR "\\errorcode.txt";
+
+	status = torture_smb2_testdir(tree, BASEDIR, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, h);
+
+	status = torture_smb2_testfile(tree, fname, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(buf);
+	status = smb2_util_write(tree, h, buf, 0, ARRAY_SIZE(buf));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = torture_smb2_testfile(tree, fname, &h2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	lck.in.locks		= el;
+
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x00000000;
+	lck.in.file.handle	= h;
+	el[0].offset		= 100;
+	el[0].length		= 10;
+	el[0].reserved		= 0x00000000;
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+
+	torture_comment(torture, "Testing LOCK_NOT_GRANTED vs. "
+				 "FILE_LOCK_CONFLICT\n");
+
+	if (TARGET_IS_W2K8(torture)) {
+		torture_result(torture, TORTURE_SKIP,
+		    "Target has \"pretty please\" bug. A contending lock "
+		    "request on the same handle unlocks the lock.");
+		goto done;
+	}
+
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Demonstrate that the first conflicting lock on each handle gives
+	 * LOCK_NOT_GRANTED. */
+	lck.in.file.handle	= h;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	lck.in.file.handle	= h2;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	/* Demonstrate that each following conflict also gives
+	 * LOCK_NOT_GRANTED */
+	lck.in.file.handle	= h;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	lck.in.file.handle	= h2;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	lck.in.file.handle	= h;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	lck.in.file.handle	= h2;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	/* Demonstrate that the smbpid doesn't matter */
+	lck.in.file.handle	= h;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	lck.in.file.handle	= h2;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	/* Demonstrate that a 0-byte lock inside the locked range still
+	 * gives the same error. */
+
+	el[0].offset		= 102;
+	el[0].length		= 0;
+	lck.in.file.handle	= h;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	lck.in.file.handle	= h2;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	/* Demonstrate that a lock inside the locked range still gives the
+	 * same error. */
+
+	el[0].offset		= 102;
+	el[0].length		= 5;
+	lck.in.file.handle	= h;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	lck.in.file.handle	= h2;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+done:
+	smb2_util_close(tree, h2);
+	smb2_util_close(tree, h);
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+/**
+ * Tests zero byte locks.
+ */
+
+struct double_lock_test {
+	struct smb2_lock_element lock1;
+	struct smb2_lock_element lock2;
+	NTSTATUS status;
+};
+
+static struct double_lock_test zero_byte_tests[] = {
+	/* {offset, count, reserved, flags},
+	 * {offset, count, reserved, flags},
+	 * status */
+
+	/** First, takes a zero byte lock at offset 10. Then:
+	*   - Taking 0 byte lock at 10 should succeed.
+	*   - Taking 1 byte locks at 9,10,11 should succeed.
+	*   - Taking 2 byte lock at 9 should fail.
+	*   - Taking 2 byte lock at 10 should succeed.
+	*   - Taking 3 byte lock at 9 should fail.
+	*/
+	{{10, 0, 0, 0}, {10, 0, 0, 0}, NT_STATUS_OK},
+	{{10, 0, 0, 0}, {9, 1, 0, 0},  NT_STATUS_OK},
+	{{10, 0, 0, 0}, {10, 1, 0, 0}, NT_STATUS_OK},
+	{{10, 0, 0, 0}, {11, 1, 0, 0}, NT_STATUS_OK},
+	{{10, 0, 0, 0}, {9, 2, 0, 0},  NT_STATUS_LOCK_NOT_GRANTED},
+	{{10, 0, 0, 0}, {10, 2, 0, 0}, NT_STATUS_OK},
+	{{10, 0, 0, 0}, {9, 3, 0, 0},  NT_STATUS_LOCK_NOT_GRANTED},
+
+	/** Same, but opposite order. */
+	{{10, 0, 0, 0}, {10, 0, 0, 0}, NT_STATUS_OK},
+	{{9, 1, 0, 0},  {10, 0, 0, 0}, NT_STATUS_OK},
+	{{10, 1, 0, 0}, {10, 0, 0, 0}, NT_STATUS_OK},
+	{{11, 1, 0, 0}, {10, 0, 0, 0}, NT_STATUS_OK},
+	{{9, 2, 0, 0},  {10, 0, 0, 0}, NT_STATUS_LOCK_NOT_GRANTED},
+	{{10, 2, 0, 0}, {10, 0, 0, 0}, NT_STATUS_OK},
+	{{9, 3, 0, 0},  {10, 0, 0, 0}, NT_STATUS_LOCK_NOT_GRANTED},
+
+	/** Zero zero case. */
+	{{0, 0, 0, 0},  {0, 0, 0, 0},  NT_STATUS_OK},
+};
+
+static bool test_zerobytelength(struct torture_context *torture,
+			        struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	bool ret = true;
+	struct smb2_handle h = {{0}};
+	struct smb2_handle h2 = {{0}};
+	uint8_t buf[200];
+	struct smb2_lock lck;
+	int i;
+
+	const char *fname = BASEDIR "\\zero.txt";
+
+	torture_comment(torture, "Testing zero length byte range locks:\n");
+
+	status = torture_smb2_testdir(tree, BASEDIR, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, h);
+
+	status = torture_smb2_testfile(tree, fname, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(buf);
+	status = smb2_util_write(tree, h, buf, 0, ARRAY_SIZE(buf));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = torture_smb2_testfile(tree, fname, &h2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Setup initial parameters */
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x00000000;
+	lck.in.file.handle	= h;
+
+	/* Try every combination of locks in zero_byte_tests, using the same
+	 * handle for both locks. The first lock is assumed to succeed. The
+	 * second lock may contend, depending on the expected status. */
+	for (i = 0; i < ARRAY_SIZE(zero_byte_tests); i++) {
+		torture_comment(torture,
+		    "  ... {%llu, %llu} + {%llu, %llu} = %s\n",
+		    (unsigned long long) zero_byte_tests[i].lock1.offset,
+		    (unsigned long long) zero_byte_tests[i].lock1.length,
+		    (unsigned long long) zero_byte_tests[i].lock2.offset,
+		    (unsigned long long) zero_byte_tests[i].lock2.length,
+		    nt_errstr(zero_byte_tests[i].status));
+
+		/* Lock both locks. */
+		lck.in.locks		= &zero_byte_tests[i].lock1;
+		lck.in.locks[0].flags	= SMB2_LOCK_FLAG_EXCLUSIVE |
+					  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+		status = smb2_lock(tree, &lck);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		lck.in.locks		= &zero_byte_tests[i].lock2;
+		lck.in.locks[0].flags	= SMB2_LOCK_FLAG_EXCLUSIVE |
+					  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+		status = smb2_lock(tree, &lck);
+		CHECK_STATUS_CONT(status, zero_byte_tests[i].status);
+
+		/* Unlock both locks in reverse order. */
+		lck.in.locks[0].flags	= SMB2_LOCK_FLAG_UNLOCK;
+		if (NT_STATUS_EQUAL(status, NT_STATUS_OK)) {
+			status = smb2_lock(tree, &lck);
+			CHECK_STATUS(status, NT_STATUS_OK);
+		}
+
+		lck.in.locks		= &zero_byte_tests[i].lock1;
+		lck.in.locks[0].flags	= SMB2_LOCK_FLAG_UNLOCK;
+		status = smb2_lock(tree, &lck);
+		CHECK_STATUS(status, NT_STATUS_OK);
+	}
+
+	/* Try every combination of locks in zero_byte_tests, using two
+	 * different handles. */
+	for (i = 0; i < ARRAY_SIZE(zero_byte_tests); i++) {
+		torture_comment(torture,
+		    "  ... {%llu, %llu} + {%llu, %llu} = %s\n",
+		    (unsigned long long) zero_byte_tests[i].lock1.offset,
+		    (unsigned long long) zero_byte_tests[i].lock1.length,
+		    (unsigned long long) zero_byte_tests[i].lock2.offset,
+		    (unsigned long long) zero_byte_tests[i].lock2.length,
+		    nt_errstr(zero_byte_tests[i].status));
+
+		/* Lock both locks. */
+		lck.in.file.handle	= h;
+		lck.in.locks		= &zero_byte_tests[i].lock1;
+		lck.in.locks[0].flags	= SMB2_LOCK_FLAG_EXCLUSIVE |
+					  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+		status = smb2_lock(tree, &lck);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		lck.in.file.handle	= h2;
+		lck.in.locks		= &zero_byte_tests[i].lock2;
+		lck.in.locks[0].flags	= SMB2_LOCK_FLAG_EXCLUSIVE |
+					  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+		status = smb2_lock(tree, &lck);
+		CHECK_STATUS_CONT(status, zero_byte_tests[i].status);
+
+		/* Unlock both locks in reverse order. */
+		lck.in.file.handle	= h2;
+		lck.in.locks[0].flags	= SMB2_LOCK_FLAG_UNLOCK;
+		if (NT_STATUS_EQUAL(status, NT_STATUS_OK)) {
+			status = smb2_lock(tree, &lck);
+			CHECK_STATUS(status, NT_STATUS_OK);
+		}
+
+		lck.in.file.handle	= h;
+		lck.in.locks		= &zero_byte_tests[i].lock1;
+		lck.in.locks[0].flags	= SMB2_LOCK_FLAG_UNLOCK;
+		status = smb2_lock(tree, &lck);
+		CHECK_STATUS(status, NT_STATUS_OK);
+	}
+
+done:
+	smb2_util_close(tree, h2);
+	smb2_util_close(tree, h);
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+static bool test_zerobyteread(struct torture_context *torture,
+			      struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	bool ret = true;
+	struct smb2_handle h = {{0}};
+	struct smb2_handle h2 = {{0}};
+	uint8_t buf[200];
+	struct smb2_lock lck;
+	struct smb2_lock_element el[1];
+	struct smb2_read rd;
+
+	const char *fname = BASEDIR "\\zerobyteread.txt";
+
+	status = torture_smb2_testdir(tree, BASEDIR, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, h);
+
+	status = torture_smb2_testfile(tree, fname, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(buf);
+	status = smb2_util_write(tree, h, buf, 0, ARRAY_SIZE(buf));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = torture_smb2_testfile(tree, fname, &h2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Setup initial parameters */
+	lck.in.locks		= el;
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x00000000;
+	lck.in.file.handle	= h;
+
+	ZERO_STRUCT(rd);
+	rd.in.file.handle = h2;
+
+	torture_comment(torture, "Testing zero byte read on lock range:\n");
+
+	/* Take an exclusive lock */
+	torture_comment(torture, "  taking exclusive lock.\n");
+	el[0].offset		= 0;
+	el[0].length		= 10;
+	el[0].reserved		= 0x00000000;
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(lck.out.reserved, 0);
+
+	/* Try a zero byte read */
+	torture_comment(torture, "  reading 0 bytes.\n");
+	rd.in.offset      = 5;
+	rd.in.length      = 0;
+	status = smb2_read(tree, tree, &rd);
+	torture_assert_int_equal_goto(torture, rd.out.data.length, 0, ret, done,
+				      "zero byte read did not return 0 bytes");
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Unlock lock */
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(lck.out.reserved, 0);
+
+	torture_comment(torture, "Testing zero byte read on zero byte lock "
+				 "range:\n");
+
+	/* Take an exclusive lock */
+	torture_comment(torture, "  taking exclusive 0-byte lock.\n");
+	el[0].offset		= 5;
+	el[0].length		= 0;
+	el[0].reserved		= 0x00000000;
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(lck.out.reserved, 0);
+
+	/* Try a zero byte read before the lock */
+	torture_comment(torture, "  reading 0 bytes before the lock.\n");
+	rd.in.offset      = 4;
+	rd.in.length      = 0;
+	status = smb2_read(tree, tree, &rd);
+	torture_assert_int_equal_goto(torture, rd.out.data.length, 0, ret, done,
+				      "zero byte read did not return 0 bytes");
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Try a zero byte read on the lock */
+	torture_comment(torture, "  reading 0 bytes on the lock.\n");
+	rd.in.offset      = 5;
+	rd.in.length      = 0;
+	status = smb2_read(tree, tree, &rd);
+	torture_assert_int_equal_goto(torture, rd.out.data.length, 0, ret, done,
+				      "zero byte read did not return 0 bytes");
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Try a zero byte read after the lock */
+	torture_comment(torture, "  reading 0 bytes after the lock.\n");
+	rd.in.offset      = 6;
+	rd.in.length      = 0;
+	status = smb2_read(tree, tree, &rd);
+	torture_assert_int_equal_goto(torture, rd.out.data.length, 0, ret, done,
+				      "zero byte read did not return 0 bytes");
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Unlock lock */
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(lck.out.reserved, 0);
+
+done:
+	smb2_util_close(tree, h2);
+	smb2_util_close(tree, h);
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+static bool test_unlock(struct torture_context *torture,
+		        struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	bool ret = true;
+	struct smb2_handle h = {{0}};
+	struct smb2_handle h2 = {{0}};
+	uint8_t buf[200];
+	struct smb2_lock lck;
+	struct smb2_lock_element el1[1];
+	struct smb2_lock_element el2[1];
+
+	const char *fname = BASEDIR "\\unlock.txt";
+
+	status = torture_smb2_testdir(tree, BASEDIR, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, h);
+
+	status = torture_smb2_testfile(tree, fname, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(buf);
+	status = smb2_util_write(tree, h, buf, 0, ARRAY_SIZE(buf));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = torture_smb2_testfile(tree, fname, &h2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Setup initial parameters */
+	lck.in.locks		= el1;
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x00000000;
+	el1[0].offset		= 0;
+	el1[0].length		= 10;
+	el1[0].reserved		= 0x00000000;
+
+	/* Take exclusive lock, then unlock it with a shared-unlock call. */
+
+	torture_comment(torture, "Testing unlock exclusive with shared\n");
+
+	torture_comment(torture, "  taking exclusive lock.\n");
+	lck.in.file.handle	= h;
+	el1[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(torture, "  try to unlock the exclusive with a shared "
+				 "unlock call.\n");
+	el1[0].flags		= SMB2_LOCK_FLAG_SHARED |
+				  SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	torture_comment(torture, "  try shared lock on h2, to test the "
+				 "unlock.\n");
+	lck.in.file.handle	= h2;
+	el1[0].flags		= SMB2_LOCK_FLAG_SHARED |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	torture_comment(torture, "  unlock the exclusive lock\n");
+	lck.in.file.handle	= h;
+	el1[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Unlock a shared lock with an exclusive-unlock call. */
+
+	torture_comment(torture, "Testing unlock shared with exclusive\n");
+
+	torture_comment(torture, "  taking shared lock.\n");
+	lck.in.file.handle	= h;
+	el1[0].flags		= SMB2_LOCK_FLAG_SHARED;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(torture, "  try to unlock the shared with an exclusive "
+				 "unlock call.\n");
+	el1[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	torture_comment(torture, "  try exclusive lock on h2, to test the "
+				 "unlock.\n");
+	lck.in.file.handle	= h2;
+	el1[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	torture_comment(torture, "  unlock the exclusive lock\n");
+	lck.in.file.handle	= h;
+	el1[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Test unlocking of stacked 0-byte locks. SMB2 0-byte lock behavior
+	 * should be the same as >0-byte behavior.  Exclusive locks should be
+	 * unlocked before shared. */
+
+	torture_comment(torture, "Test unlocking stacked 0-byte locks\n");
+
+	lck.in.locks		= el1;
+	lck.in.file.handle	= h;
+	el1[0].offset		= 10;
+	el1[0].length		= 0;
+	el1[0].reserved		= 0x00000000;
+	el2[0].offset		= 5;
+	el2[0].length		= 10;
+	el2[0].reserved		= 0x00000000;
+
+	/* lock 0-byte exclusive */
+	el1[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* lock 0-byte shared */
+	el1[0].flags		= SMB2_LOCK_FLAG_SHARED |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* test contention */
+	lck.in.locks		= el2;
+	lck.in.file.handle	= h2;
+	el2[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	lck.in.locks		= el2;
+	lck.in.file.handle	= h2;
+	el2[0].flags		= SMB2_LOCK_FLAG_SHARED |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	/* unlock */
+	lck.in.locks		= el1;
+	lck.in.file.handle	= h;
+	el1[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* test - can we take a shared lock? */
+	lck.in.locks		= el2;
+	lck.in.file.handle	= h2;
+	el2[0].flags		= SMB2_LOCK_FLAG_SHARED |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	el2[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* cleanup */
+	lck.in.locks		= el1;
+	lck.in.file.handle	= h;
+	el1[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Test unlocking of stacked exclusive, shared locks. Exclusive
+	 * should be unlocked before any shared. */
+
+	torture_comment(torture, "Test unlocking stacked exclusive/shared "
+				 "locks\n");
+
+	lck.in.locks		= el1;
+	lck.in.file.handle	= h;
+	el1[0].offset		= 10;
+	el1[0].length		= 10;
+	el1[0].reserved		= 0x00000000;
+	el2[0].offset		= 5;
+	el2[0].length		= 10;
+	el2[0].reserved		= 0x00000000;
+
+	/* lock exclusive */
+	el1[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* lock shared */
+	el1[0].flags		= SMB2_LOCK_FLAG_SHARED |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* test contention */
+	lck.in.locks		= el2;
+	lck.in.file.handle	= h2;
+	el2[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	lck.in.locks		= el2;
+	lck.in.file.handle	= h2;
+	el2[0].flags		= SMB2_LOCK_FLAG_SHARED |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	/* unlock */
+	lck.in.locks		= el1;
+	lck.in.file.handle	= h;
+	el1[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* test - can we take a shared lock? */
+	lck.in.locks		= el2;
+	lck.in.file.handle	= h2;
+	el2[0].flags		= SMB2_LOCK_FLAG_SHARED |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	el2[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* cleanup */
+	lck.in.locks		= el1;
+	lck.in.file.handle	= h;
+	el1[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+done:
+	smb2_util_close(tree, h2);
+	smb2_util_close(tree, h);
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+static bool test_multiple_unlock(struct torture_context *torture,
+				 struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	bool ret = true;
+	struct smb2_handle h;
+	uint8_t buf[200];
+	struct smb2_lock lck;
+	struct smb2_lock_element el[2];
+
+	const char *fname = BASEDIR "\\unlock_multiple.txt";
+
+	status = torture_smb2_testdir(tree, BASEDIR, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, h);
+
+	status = torture_smb2_testfile(tree, fname, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(buf);
+	status = smb2_util_write(tree, h, buf, 0, ARRAY_SIZE(buf));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(torture, "Testing multiple unlocks:\n");
+
+	/* Setup initial parameters */
+	lck.in.lock_count	= 0x0002;
+	lck.in.lock_sequence	= 0x00000000;
+	lck.in.file.handle	= h;
+	el[0].offset		= 0;
+	el[0].length		= 10;
+	el[0].reserved		= 0x00000000;
+	el[1].offset		= 10;
+	el[1].length		= 10;
+	el[1].reserved		= 0x00000000;
+
+	/* Test1: Acquire second lock, but not first. */
+	torture_comment(torture, "  unlock 2 locks, first one not locked. "
+				 "Expect no locks unlocked. \n");
+
+	lck.in.lock_count	= 0x0001;
+	el[1].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	lck.in.locks		= &el[1];
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Try to unlock both locks */
+	lck.in.lock_count	= 0x0002;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	el[1].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	lck.in.locks		= el;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+	/* Second lock should not be unlocked. */
+	lck.in.lock_count	= 0x0001;
+	el[1].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	lck.in.locks		= &el[1];
+	status = smb2_lock(tree, &lck);
+	if (TARGET_IS_W2K8(torture)) {
+		CHECK_STATUS(status, NT_STATUS_OK);
+		torture_warning(torture, "Target has \"pretty please\" bug. "
+				"A contending lock request on the same handle "
+				"unlocks the lock.\n");
+	} else {
+		CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+	}
+
+	/* cleanup */
+	lck.in.lock_count	= 0x0001;
+	el[1].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	lck.in.locks		= &el[1];
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Test2: Acquire first lock, but not second. */
+	torture_comment(torture, "  unlock 2 locks, second one not locked. "
+				 "Expect first lock unlocked.\n");
+
+	lck.in.lock_count	= 0x0001;
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	lck.in.locks		= &el[0];
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Try to unlock both locks */
+	lck.in.lock_count	= 0x0002;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	el[1].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	lck.in.locks		= el;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+	/* First lock should be unlocked. */
+	lck.in.lock_count	= 0x0001;
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	lck.in.locks		= &el[0];
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* cleanup */
+	lck.in.lock_count	= 0x0001;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	lck.in.locks		= &el[0];
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Test3: Request 2 locks, second will contend.  What happens to the
+	 * first? */
+	torture_comment(torture, "  request 2 locks, second one will contend. "
+				 "Expect both to fail.\n");
+
+	/* Lock the second range */
+	lck.in.lock_count	= 0x0001;
+	el[1].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	lck.in.locks		= &el[1];
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Request both locks */
+	lck.in.lock_count	= 0x0002;
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	lck.in.locks		= el;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	/* First lock should be unlocked. */
+	lck.in.lock_count	= 0x0001;
+	lck.in.locks		= &el[0];
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* cleanup */
+	if (TARGET_IS_W2K8(torture)) {
+		lck.in.lock_count	= 0x0001;
+		el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+		lck.in.locks		= &el[0];
+		status = smb2_lock(tree, &lck);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		torture_warning(torture, "Target has \"pretty please\" bug. "
+				"A contending lock request on the same handle "
+				"unlocks the lock.\n");
+	} else {
+		lck.in.lock_count	= 0x0002;
+		el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+		el[1].flags		= SMB2_LOCK_FLAG_UNLOCK;
+		lck.in.locks		= el;
+		status = smb2_lock(tree, &lck);
+		CHECK_STATUS(status, NT_STATUS_OK);
+	}
+
+	/* Test4: Request unlock and lock.  The lock contends, is the unlock
+	 * then relocked?  SMB2 doesn't like the lock and unlock requests in the
+	 * same packet. The unlock will succeed, but the lock will return
+	 * INVALID_PARAMETER.  This behavior is described in MS-SMB2
+	 * 3.3.5.14.1 */
+	torture_comment(torture, "  request unlock and lock, second one will "
+				 "error. Expect the unlock to succeed.\n");
+
+	/* Lock both ranges */
+	lck.in.lock_count	= 0x0002;
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	el[1].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	lck.in.locks		= el;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Attempt to unlock the first range and lock the second. The lock
+	 * request will error. */
+	lck.in.lock_count	= 0x0002;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	el[1].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	lck.in.locks		= el;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	/* The first lock should've been unlocked */
+	lck.in.lock_count	= 0x0001;
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	lck.in.locks		= &el[0];
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* cleanup */
+	lck.in.lock_count	= 0x0002;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	el[1].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	lck.in.locks		= el;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Test10: SMB2 only test. Request unlock and lock in same packet.
+	 * Neither contend. SMB2 doesn't like lock and unlock requests in the
+	 * same packet.  The unlock will succeed, but the lock will return
+	 * INVALID_PARAMETER. */
+	torture_comment(torture, "  request unlock and lock.  Unlock will "
+				 "succeed, but lock will fail.\n");
+
+	/* Lock first range */
+	lck.in.lock_count	= 0x0001;
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	lck.in.locks		= &el[0];
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Attempt to unlock the first range and lock the second */
+	lck.in.lock_count	= 0x0002;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	el[1].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	lck.in.locks		= el;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	/* Neither lock should still be locked */
+	lck.in.lock_count	= 0x0002;
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	el[1].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	lck.in.locks		= el;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* cleanup */
+	lck.in.lock_count	= 0x0002;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	el[1].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	lck.in.locks		= el;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Test11: SMB2 only test. Request lock and unlock in same packet.
+	 * Neither contend. SMB2 doesn't like lock and unlock requests in the
+	 * same packet.  The lock will succeed, the unlock will fail with
+	 * INVALID_PARAMETER, and the lock will be unlocked before return. */
+	torture_comment(torture, "  request lock and unlock.  Both will "
+				 "fail.\n");
+
+	/* Lock second range */
+	lck.in.lock_count	= 0x0001;
+	el[1].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	lck.in.locks		= &el[1];
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Attempt to lock the first range and unlock the second */
+	lck.in.lock_count	= 0x0002;
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	el[1].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	lck.in.locks		= el;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	/* First range should be unlocked, second locked. */
+	lck.in.lock_count	= 0x0001;
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	lck.in.locks		= &el[0];
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	lck.in.lock_count	= 0x0001;
+	el[1].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	lck.in.locks		= &el[1];
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	/* cleanup */
+	if (TARGET_IS_W2K8(torture)) {
+		lck.in.lock_count	= 0x0001;
+		el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+		lck.in.locks		= &el[0];
+		status = smb2_lock(tree, &lck);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		torture_warning(torture, "Target has \"pretty please\" bug. "
+				"A contending lock request on the same handle "
+				"unlocks the lock.\n");
+	} else {
+		lck.in.lock_count	= 0x0002;
+		el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+		el[1].flags		= SMB2_LOCK_FLAG_UNLOCK;
+		lck.in.locks		= el;
+		status = smb2_lock(tree, &lck);
+		CHECK_STATUS(status, NT_STATUS_OK);
+	}
+
+done:
+	smb2_util_close(tree, h);
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+/**
+ * Test lock stacking
+ *  - some tests ported from BASE-LOCK-LOCK5
+ */
+static bool test_stacking(struct torture_context *torture,
+			  struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	bool ret = true;
+	struct smb2_handle h = {{0}};
+	struct smb2_handle h2 = {{0}};
+	uint8_t buf[200];
+	struct smb2_lock lck;
+	struct smb2_lock_element el[1];
+
+	const char *fname = BASEDIR "\\stacking.txt";
+
+	status = torture_smb2_testdir(tree, BASEDIR, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, h);
+
+	status = torture_smb2_testfile(tree, fname, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(buf);
+	status = smb2_util_write(tree, h, buf, 0, ARRAY_SIZE(buf));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = torture_smb2_testfile(tree, fname, &h2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(torture, "Testing lock stacking:\n");
+
+	/* Setup initial parameters */
+	lck.in.locks		= el;
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x00000000;
+	lck.in.file.handle	= h;
+	el[0].offset		= 0;
+	el[0].length		= 10;
+	el[0].reserved		= 0x00000000;
+
+	/* Try to take a shared lock, then a shared lock on same handle */
+	torture_comment(torture, "  stacking a shared on top of a shared"
+				 "lock succeeds.\n");
+
+	el[0].flags		= SMB2_LOCK_FLAG_SHARED |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	el[0].flags		= SMB2_LOCK_FLAG_SHARED |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* cleanup */
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+
+	/* Try to take an exclusive lock, then a shared lock on same handle */
+	torture_comment(torture, "  stacking a shared on top of an exclusive "
+				 "lock succeeds.\n");
+
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	el[0].flags		= SMB2_LOCK_FLAG_SHARED |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	el[0].flags		= SMB2_LOCK_FLAG_SHARED |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* stacking a shared from a different handle should fail */
+	lck.in.file.handle	= h2;
+	el[0].flags		= SMB2_LOCK_FLAG_SHARED |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	/* cleanup */
+	lck.in.file.handle	= h;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* ensure the 4th unlock fails */
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+	/* ensure a second handle can now take an exclusive lock */
+	lck.in.file.handle	= h2;
+	el[0].flags		= SMB2_LOCK_FLAG_SHARED |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Try to take an exclusive lock, then a shared lock on a
+	 * different handle */
+	torture_comment(torture, "  stacking a shared on top of an exclusive "
+				 "lock with different handles fails.\n");
+
+	lck.in.file.handle	= h;
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	lck.in.file.handle	= h2;
+	el[0].flags		= SMB2_LOCK_FLAG_SHARED |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	/* cleanup */
+	lck.in.file.handle	= h;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Try to take a shared lock, then stack an exclusive with same
+	 * handle.  */
+	torture_comment(torture, "  stacking an exclusive on top of a shared "
+				 "lock fails.\n");
+
+	el[0].flags		= SMB2_LOCK_FLAG_SHARED |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	/* cleanup */
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	if (TARGET_IS_W2K8(torture)) {
+		CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+		torture_warning(torture, "Target has \"pretty please\" bug. "
+				"A contending lock request on the same handle "
+				"unlocks the lock.\n");
+	} else {
+		CHECK_STATUS(status, NT_STATUS_OK);
+	}
+
+	/* Prove that two exclusive locks do not stack on the same handle. */
+	torture_comment(torture, "  two exclusive locks do not stack.\n");
+
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	/* cleanup */
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	if (TARGET_IS_W2K8(torture)) {
+		CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+		torture_warning(torture, "Target has \"pretty please\" bug. "
+				"A contending lock request on the same handle "
+				"unlocks the lock.\n");
+	} else {
+		CHECK_STATUS(status, NT_STATUS_OK);
+	}
+
+done:
+	smb2_util_close(tree, h2);
+	smb2_util_close(tree, h);
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+/**
+ * Test lock contention
+ * - shared lock should contend with exclusive lock on different handle
+ */
+static bool test_contend(struct torture_context *torture,
+			 struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	bool ret = true;
+	struct smb2_handle h = {{0}};
+	struct smb2_handle h2 = {{0}};
+	uint8_t buf[200];
+	struct smb2_lock lck;
+	struct smb2_lock_element el[1];
+
+	const char *fname = BASEDIR "\\contend.txt";
+
+	status = torture_smb2_testdir(tree, BASEDIR, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, h);
+
+	status = torture_smb2_testfile(tree, fname, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(buf);
+	status = smb2_util_write(tree, h, buf, 0, ARRAY_SIZE(buf));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = torture_smb2_testfile(tree, fname, &h2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(torture, "Testing lock contention:\n");
+
+	/* Setup initial parameters */
+	lck.in.locks		= el;
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x00000000;
+	lck.in.file.handle	= h;
+	el[0].offset		= 0;
+	el[0].length		= 10;
+	el[0].reserved		= 0x00000000;
+
+	/* Take an exclusive lock, then a shared lock on different handle */
+	torture_comment(torture, "  shared should contend on exclusive on "
+				 "different handle.\n");
+
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	lck.in.file.handle	= h2;
+	el[0].flags		= SMB2_LOCK_FLAG_SHARED |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	/* cleanup */
+	lck.in.file.handle	= h;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+done:
+	smb2_util_close(tree, h2);
+	smb2_util_close(tree, h);
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+/**
+ * Test locker context
+ * - test that pid does not affect the locker context
+ */
+static bool test_context(struct torture_context *torture,
+			 struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	bool ret = true;
+	struct smb2_handle h = {{0}};
+	struct smb2_handle h2 = {{0}};
+	uint8_t buf[200];
+	struct smb2_lock lck;
+	struct smb2_lock_element el[1];
+
+	const char *fname = BASEDIR "\\context.txt";
+
+	status = torture_smb2_testdir(tree, BASEDIR, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, h);
+
+	status = torture_smb2_testfile(tree, fname, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(buf);
+	status = smb2_util_write(tree, h, buf, 0, ARRAY_SIZE(buf));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = torture_smb2_testfile(tree, fname, &h2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(torture, "Testing locker context:\n");
+
+	/* Setup initial parameters */
+	lck.in.locks		= el;
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x00000000;
+	lck.in.file.handle	= h;
+	el[0].offset		= 0;
+	el[0].length		= 10;
+	el[0].reserved		= 0x00000000;
+
+	/* Take an exclusive lock, then try to unlock with a different pid,
+	 * same handle.  This shows that the pid doesn't affect the locker
+	 * context in SMB2. */
+	torture_comment(torture, "  pid shouldn't affect locker context\n");
+
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+done:
+	smb2_util_close(tree, h2);
+	smb2_util_close(tree, h);
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+/**
+ * Test as much of the potential lock range as possible
+ *  - test ported from BASE-LOCK-LOCK3
+ */
+static bool test_range(struct torture_context *torture,
+		       struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	bool ret = true;
+	struct smb2_handle h = {{0}};
+	struct smb2_handle h2 = {{0}};
+	uint8_t buf[200];
+	struct smb2_lock lck;
+	struct smb2_lock_element el[1];
+	uint64_t offset, i;
+	extern int torture_numops;
+
+	const char *fname = BASEDIR "\\range.txt";
+
+#define NEXT_OFFSET offset += (~(uint64_t)0) / torture_numops
+
+	status = torture_smb2_testdir(tree, BASEDIR, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, h);
+
+	status = torture_smb2_testfile(tree, fname, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(buf);
+	status = smb2_util_write(tree, h, buf, 0, ARRAY_SIZE(buf));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = torture_smb2_testfile(tree, fname, &h2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(torture, "Testing locks spread across the 64-bit "
+				 "offset range\n");
+
+	if (TARGET_IS_W2K8(torture)) {
+		torture_result(torture, TORTURE_SKIP,
+		    "Target has \"pretty please\" bug. A contending lock "
+		    "request on the same handle unlocks the lock.");
+		goto done;
+	}
+
+	/* Setup initial parameters */
+	lck.in.locks		= el;
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x00000000;
+	lck.in.file.handle	= h;
+	el[0].offset		= 0;
+	el[0].length		= 1;
+	el[0].reserved		= 0x00000000;
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+
+	torture_comment(torture, "  establishing %d locks\n", torture_numops);
+
+	for (offset=i=0; i<torture_numops; i++) {
+		NEXT_OFFSET;
+
+		lck.in.file.handle	= h;
+		el[0].offset		= offset - 1;
+		status = smb2_lock(tree, &lck);
+		CHECK_STATUS_CMT(status, NT_STATUS_OK,
+				 talloc_asprintf(torture,
+				     "lock h failed at offset %#llx ",
+				     (unsigned long long) el[0].offset));
+
+		lck.in.file.handle	= h2;
+		el[0].offset		= offset - 2;
+		status = smb2_lock(tree, &lck);
+		CHECK_STATUS_CMT(status, NT_STATUS_OK,
+				 talloc_asprintf(torture,
+				     "lock h2 failed at offset %#llx ",
+				     (unsigned long long) el[0].offset));
+	}
+
+	torture_comment(torture, "  testing %d locks\n", torture_numops);
+
+	for (offset=i=0; i<torture_numops; i++) {
+		NEXT_OFFSET;
+
+		lck.in.file.handle	= h;
+		el[0].offset		= offset - 1;
+		status = smb2_lock(tree, &lck);
+		CHECK_STATUS_CMT(status, NT_STATUS_LOCK_NOT_GRANTED,
+				 talloc_asprintf(torture,
+				     "lock h at offset %#llx should not have "
+				     "succeeded ",
+				     (unsigned long long) el[0].offset));
+
+		lck.in.file.handle	= h;
+		el[0].offset		= offset - 2;
+		status = smb2_lock(tree, &lck);
+		CHECK_STATUS_CMT(status, NT_STATUS_LOCK_NOT_GRANTED,
+				 talloc_asprintf(torture,
+				     "lock h2 at offset %#llx should not have "
+				     "succeeded ",
+				     (unsigned long long) el[0].offset));
+
+		lck.in.file.handle	= h2;
+		el[0].offset		= offset - 1;
+		status = smb2_lock(tree, &lck);
+		CHECK_STATUS_CMT(status, NT_STATUS_LOCK_NOT_GRANTED,
+				 talloc_asprintf(torture,
+				     "lock h at offset %#llx should not have "
+				     "succeeded ",
+				     (unsigned long long) el[0].offset));
+
+		lck.in.file.handle	= h2;
+		el[0].offset		= offset - 2;
+		status = smb2_lock(tree, &lck);
+		CHECK_STATUS_CMT(status, NT_STATUS_LOCK_NOT_GRANTED,
+				 talloc_asprintf(torture,
+				     "lock h2 at offset %#llx should not have "
+				     "succeeded ",
+				     (unsigned long long) el[0].offset));
+	}
+
+	torture_comment(torture, "  removing %d locks\n", torture_numops);
+
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+
+	for (offset=i=0; i<torture_numops; i++) {
+		NEXT_OFFSET;
+
+		lck.in.file.handle	= h;
+		el[0].offset		= offset - 1;
+		status = smb2_lock(tree, &lck);
+		CHECK_STATUS_CMT(status, NT_STATUS_OK,
+				 talloc_asprintf(torture,
+				     "unlock from h failed at offset %#llx ",
+				     (unsigned long long) el[0].offset));
+
+		lck.in.file.handle	= h2;
+		el[0].offset		= offset - 2;
+		status = smb2_lock(tree, &lck);
+		CHECK_STATUS_CMT(status, NT_STATUS_OK,
+				 talloc_asprintf(torture,
+				     "unlock from h2 failed at offset %#llx ",
+				     (unsigned long long) el[0].offset));
+	}
+
+done:
+	smb2_util_close(tree, h2);
+	smb2_util_close(tree, h);
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+static NTSTATUS test_smb2_lock(struct smb2_tree *tree, struct smb2_handle h,
+			       uint64_t offset, uint64_t length, bool exclusive)
+{
+	struct smb2_lock lck;
+	struct smb2_lock_element el[1];
+	NTSTATUS status;
+
+	lck.in.locks		= el;
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x00000000;
+	lck.in.file.handle	= h;
+	el[0].offset		= offset;
+	el[0].length		= length;
+	el[0].reserved		= 0x00000000;
+	el[0].flags		= (exclusive ?
+				  SMB2_LOCK_FLAG_EXCLUSIVE :
+				  SMB2_LOCK_FLAG_SHARED) |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+
+	status = smb2_lock(tree, &lck);
+
+	return status;
+}
+
+static NTSTATUS test_smb2_unlock(struct smb2_tree *tree, struct smb2_handle h,
+				 uint64_t offset, uint64_t length)
+{
+	struct smb2_lock lck;
+	struct smb2_lock_element el[1];
+	NTSTATUS status;
+
+	lck.in.locks		= el;
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x00000000;
+	lck.in.file.handle	= h;
+	el[0].offset		= offset;
+	el[0].length		= length;
+	el[0].reserved		= 0x00000000;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+
+	status = smb2_lock(tree, &lck);
+
+	return status;
+}
+
+#define EXPECTED(ret, v) if ((ret) != (v)) { \
+	torture_result(torture, TORTURE_FAIL, __location__": subtest failed");\
+        torture_comment(torture, "** "); correct = false; \
+        }
+
+/**
+ * Test overlapping lock ranges from various lockers
+ *  - some tests ported from BASE-LOCK-LOCK4
+ */
+static bool test_overlap(struct torture_context *torture,
+			 struct smb2_tree *tree,
+			 struct smb2_tree *tree2)
+{
+	NTSTATUS status;
+	bool ret = true;
+	struct smb2_handle h = {{0}};
+	struct smb2_handle h2 = {{0}};
+	struct smb2_handle h3 = {{0}};
+	uint8_t buf[200];
+	bool correct = true;
+
+	const char *fname = BASEDIR "\\overlap.txt";
+
+	status = torture_smb2_testdir(tree, BASEDIR, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, h);
+
+	status = torture_smb2_testfile(tree, fname, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(buf);
+	status = smb2_util_write(tree, h, buf, 0, ARRAY_SIZE(buf));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = torture_smb2_testfile(tree, fname, &h2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = torture_smb2_testfile(tree2, fname, &h3);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(torture, "Testing overlapping locks:\n");
+
+	ret = NT_STATUS_IS_OK(test_smb2_lock(tree, h, 0, 4, true)) &&
+	      NT_STATUS_IS_OK(test_smb2_lock(tree, h, 2, 4, true));
+	EXPECTED(ret, false);
+	torture_comment(torture, "the same session/handle %s set overlapping "
+				 "exclusive locks\n", ret?"can":"cannot");
+
+	ret = NT_STATUS_IS_OK(test_smb2_lock(tree, h, 10, 4, false)) &&
+	      NT_STATUS_IS_OK(test_smb2_lock(tree, h, 12, 4, false));
+	EXPECTED(ret, true);
+	torture_comment(torture, "the same session/handle %s set overlapping "
+				 "shared locks\n", ret?"can":"cannot");
+
+	ret = NT_STATUS_IS_OK(test_smb2_lock(tree, h, 20, 4, true)) &&
+	      NT_STATUS_IS_OK(test_smb2_lock(tree2, h3, 22, 4, true));
+	EXPECTED(ret, false);
+	torture_comment(torture, "a different session %s set overlapping "
+				 "exclusive locks\n", ret?"can":"cannot");
+
+	ret = NT_STATUS_IS_OK(test_smb2_lock(tree, h, 30, 4, false)) &&
+	      NT_STATUS_IS_OK(test_smb2_lock(tree2, h3, 32, 4, false));
+	EXPECTED(ret, true);
+	torture_comment(torture, "a different session %s set overlapping "
+				 "shared locks\n", ret?"can":"cannot");
+
+	ret = NT_STATUS_IS_OK(test_smb2_lock(tree, h, 40, 4, true)) &&
+	      NT_STATUS_IS_OK(test_smb2_lock(tree, h2, 42, 4, true));
+	EXPECTED(ret, false);
+	torture_comment(torture, "a different handle %s set overlapping "
+				 "exclusive locks\n", ret?"can":"cannot");
+
+	ret = NT_STATUS_IS_OK(test_smb2_lock(tree, h, 50, 4, false)) &&
+	      NT_STATUS_IS_OK(test_smb2_lock(tree, h2, 52, 4, false));
+	EXPECTED(ret, true);
+	torture_comment(torture, "a different handle %s set overlapping "
+				 "shared locks\n", ret?"can":"cannot");
+
+	ret = NT_STATUS_IS_OK(test_smb2_lock(tree, h, 110, 4, false)) &&
+	      NT_STATUS_IS_OK(test_smb2_lock(tree, h, 112, 4, false)) &&
+	      NT_STATUS_IS_OK(test_smb2_unlock(tree, h, 110, 6));
+	EXPECTED(ret, false);
+	torture_comment(torture, "the same handle %s coalesce read locks\n",
+				 ret?"can":"cannot");
+
+	smb2_util_close(tree, h2);
+	smb2_util_close(tree, h);
+	status = torture_smb2_testfile(tree, fname, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = torture_smb2_testfile(tree, fname, &h2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	ret = NT_STATUS_IS_OK(test_smb2_lock(tree, h, 0, 8, false)) &&
+	      NT_STATUS_IS_OK(test_smb2_lock(tree, h2, 0, 1, false)) &&
+	      NT_STATUS_IS_OK(smb2_util_close(tree, h)) &&
+	      NT_STATUS_IS_OK(torture_smb2_testfile(tree, fname, &h)) &&
+	      NT_STATUS_IS_OK(test_smb2_lock(tree, h, 7, 1, true));
+	EXPECTED(ret, true);
+	torture_comment(torture, "the server %s have the NT byte range lock "
+				 "bug\n", !ret?"does":"doesn't");
+
+done:
+	smb2_util_close(tree2, h3);
+	smb2_util_close(tree, h2);
+	smb2_util_close(tree, h);
+	smb2_deltree(tree, BASEDIR);
+	return correct;
+}
+
+/**
+ * Test truncation of locked file
+ *  - some tests ported from BASE-LOCK-LOCK7
+ */
+static bool test_truncate(struct torture_context *torture,
+			  struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	bool ret = true;
+	struct smb2_handle h = {{0}};
+	struct smb2_handle h2 = {{0}};
+	uint8_t buf[200];
+	struct smb2_lock lck;
+	struct smb2_lock_element el[1];
+	struct smb2_create io;
+
+	const char *fname = BASEDIR "\\truncate.txt";
+
+	status = torture_smb2_testdir(tree, BASEDIR, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, h);
+
+	status = torture_smb2_testfile(tree, fname, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(buf);
+	status = smb2_util_write(tree, h, buf, 0, ARRAY_SIZE(buf));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(torture, "Testing truncation of locked file:\n");
+
+	/* Setup initial parameters */
+	lck.in.locks		= el;
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x00000000;
+	lck.in.file.handle	= h;
+	el[0].offset		= 0;
+	el[0].length		= 10;
+	el[0].reserved		= 0x00000000;
+
+	ZERO_STRUCT(io);
+	io.in.oplock_level = 0;
+	io.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.in.file_attributes   = FILE_ATTRIBUTE_NORMAL;
+	io.in.create_disposition = NTCREATEX_DISP_OVERWRITE;
+	io.in.share_access = NTCREATEX_SHARE_ACCESS_DELETE |
+			     NTCREATEX_SHARE_ACCESS_READ |
+			     NTCREATEX_SHARE_ACCESS_WRITE;
+	io.in.create_options = 0;
+	io.in.fname = fname;
+
+	/* Take an exclusive lock */
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* On second handle open the file with OVERWRITE disposition */
+	torture_comment(torture, "  overwrite disposition is allowed on a "
+				 "locked file.\n");
+
+	io.in.create_disposition = NTCREATEX_DISP_OVERWRITE;
+	status = smb2_create(tree, tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io.out.file.handle;
+	smb2_util_close(tree, h2);
+
+	/* On second handle open the file with SUPERSEDE disposition */
+	torture_comment(torture, "  supersede disposition is allowed on a "
+				 "locked file.\n");
+
+	io.in.create_disposition = NTCREATEX_DISP_SUPERSEDE;
+	status = smb2_create(tree, tree, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io.out.file.handle;
+	smb2_util_close(tree, h2);
+
+	/* cleanup */
+	lck.in.file.handle	= h;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+done:
+	smb2_util_close(tree, h2);
+	smb2_util_close(tree, h);
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+/**
+ * Test lock replay detection
+ *
+ * This test checks the SMB 2.1.0 behaviour of lock sequence checking,
+ * which is only turned on for resilient handles.
+ *
+ * Make it clear that this test is supposed to pass against the legacy
+ * Windows servers which violate the specification:
+ *
+ *   [MS-SMB2] 3.3.5.14 Receiving an SMB2 LOCK Request
+ *
+ *   ...
+ *
+ *   ... if Open.IsResilient or Open.IsDurable or Open.IsPersistent is
+ *   TRUE or if Connection.Dialect belongs to the SMB 3.x dialect family
+ *   and Connection.ServerCapabilities includes
+ *   SMB2_GLOBAL_CAP_MULTI_CHANNEL bit, the server SHOULD<314>
+ *   perform lock sequence verification ...
+ *
+ *   ...
+ *
+ *   <314> Section 3.3.5.14: Windows 7 and Windows Server 2008 R2 perform
+ *   lock sequence verification only when Open.IsResilient is TRUE.
+ *   Windows 8 through Windows 10 v1909 and Windows Server 2012 through
+ *   Windows Server v1909 perform lock sequence verification only when
+ *   Open.IsResilient or Open.IsPersistent is TRUE.
+ *
+ * Note <314> also applies to all versions (at least) up to Windows Server v2004.
+ *
+ * Hopefully this will be fixed in future Windows versions and they
+ * will avoid Note <314>.
+ */
+static bool test_replay_broken_windows(struct torture_context *torture,
+				       struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	bool ret = true;
+	struct smb2_handle h;
+	struct smb2_ioctl ioctl;
+	struct smb2_lock lck;
+	struct smb2_lock_element el;
+	uint8_t res_req[8];
+	const char *fname = BASEDIR "\\replay_broken_windows.txt";
+	struct smb2_transport *transport = tree->session->transport;
+
+	if (smbXcli_conn_protocol(transport->conn) < PROTOCOL_SMB2_10) {
+		torture_skip(torture, "SMB 2.1.0 Dialect family or above \
+				required for Lock Replay tests\n");
+	}
+
+	status = torture_smb2_testdir(tree, BASEDIR, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, h);
+
+	torture_comment(torture, "Testing Open File:\n");
+	status = torture_smb2_testfile(tree, fname, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * Setup initial parameters
+	 */
+	el = (struct smb2_lock_element) {
+		.length = 100,
+		.offset = 100,
+	};
+	lck = (struct smb2_lock) {
+		.in.locks = &el,
+		.in.lock_count	= 0x0001,
+		.in.file.handle	= h
+	};
+
+	torture_comment(torture, "Testing Lock Replay detection [ignored]:\n");
+	lck.in.lock_sequence = 0x010 + 0x1;
+	el.flags = SMB2_LOCK_FLAG_EXCLUSIVE | SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_lock(tree, &lck);
+	if (NT_STATUS_IS_OK(status)) {
+		lck.in.lock_sequence = 0x020 + 0x2;
+		status = smb2_lock(tree, &lck);
+		CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+		lck.in.lock_sequence = 0x010 + 0x1;
+		status = smb2_lock(tree, &lck);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		if (smbXcli_conn_protocol(transport->conn) > PROTOCOL_SMB2_10) {
+			torture_skip_goto(torture, done,
+					  "SMB3 Server implements LockSequence "
+					  "for all handles\n");
+		}
+	}
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+	if (smbXcli_conn_protocol(transport->conn) > PROTOCOL_SMB2_10) {
+		torture_comment(torture,
+				"\nSMB3 Server implements LockSequence as SMB 2.1.0"
+				" LEGACY BROKEN Windows!!!\n\n");
+	}
+	torture_comment(torture,
+			"Testing SMB 2.1.0 LockSequence for ResilientHandles\n");
+
+	el.flags = SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+	torture_comment(torture, "Testing Set Resiliency:\n");
+	SIVAL(res_req, 0, 1000); /* timeout */
+	SIVAL(res_req, 4, 0);    /* reserved */
+	ioctl = (struct smb2_ioctl) {
+		.level = RAW_IOCTL_SMB2,
+		.in.file.handle = h,
+		.in.function = FSCTL_LMR_REQ_RESILIENCY,
+		.in.max_output_response = 0,
+		.in.flags = SMB2_IOCTL_FLAG_IS_FSCTL,
+		.in.out.data = res_req,
+		.in.out.length = sizeof(res_req)
+	};
+	status = smb2_ioctl(tree, torture, &ioctl);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * Test with an invalid bucket number (only 1..64 are valid).
+	 * With an invalid number, lock replay detection is not performed.
+	 */
+	torture_comment(torture, "Testing Lock (ignored) Replay detection "
+				 "(Bucket No: 0 (invalid)) [ignored]:\n");
+	lck.in.lock_sequence = 0x000 + 0x1;
+	el.flags = SMB2_LOCK_FLAG_EXCLUSIVE | SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	el.flags = SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+	torture_comment(torture, "Testing Lock Replay detection "
+				 "(Bucket No: 1):\n");
+
+	/*
+	 * Obtain Exclusive Lock of length 100 bytes using Bucket Num 1
+	 * and Bucket Seq 1.
+	 */
+	lck.in.lock_sequence = 0x010 + 0x1;
+	el.flags = SMB2_LOCK_FLAG_EXCLUSIVE | SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * Server detects Replay of Byte Range locks using the Lock Sequence
+	 * Numbers. And ignores the requests completely.
+	 */
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	el.flags = SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	el.flags = SMB2_LOCK_FLAG_EXCLUSIVE | SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	el.flags = SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* status: still locked */
+
+	/*
+	 * Server will not grant same Byte Range using a different Bucket Seq
+	 */
+	lck.in.lock_sequence = 0x010 + 0x2;
+	el.flags = SMB2_LOCK_FLAG_EXCLUSIVE | SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	torture_comment(torture, "Testing Lock Replay detection "
+				 "(Bucket No: 2):\n");
+
+	/*
+	 * Server will not grant same Byte Range using a different Bucket Num
+	 */
+	lck.in.lock_sequence = 0x020 + 0x1;
+	el.flags = SMB2_LOCK_FLAG_EXCLUSIVE | SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	/* status: still locked */
+
+	/* test with invalid bucket when file is locked */
+
+	torture_comment(torture, "Testing Lock Replay detection "
+				 "(Bucket No: 65 (invalid)) [ignored]:\n");
+
+	lck.in.lock_sequence = 0x410 + 0x1;
+	el.flags = SMB2_LOCK_FLAG_EXCLUSIVE | SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	el.flags = SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+	/* status: unlocked */
+
+	/*
+	 * Lock again for the unlock replay test
+	 */
+	el.flags = SMB2_LOCK_FLAG_EXCLUSIVE | SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(torture, "Testing Lock Replay detection "
+				 "(Bucket No: 64):\n");
+
+	/*
+	 * Server will not grant same Byte Range using a different Bucket Num
+	 */
+	lck.in.lock_sequence = 0x400 + 0x1;
+	el.flags = SMB2_LOCK_FLAG_EXCLUSIVE | SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	/*
+	 * Test Unlock replay detection
+	 */
+	lck.in.lock_sequence = 0x400 + 0x2;
+	el.flags = SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK); /* new seq num ==> unlocked */
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK); /* replay detected ==> ignored */
+
+	el.flags = SMB2_LOCK_FLAG_EXCLUSIVE | SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);     /* same seq num ==> ignored */
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* verify it's unlocked: */
+	lck.in.lock_sequence = 0x400 + 0x3;
+	el.flags = SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+	/* status: not locked */
+
+done:
+	smb2_util_close(tree, h);
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+/**
+ * Test lock replay detection
+ *
+ * This test check the SMB 3 behaviour of lock sequence checking,
+ * which should be implemented for all handles.
+ *
+ * Make it clear that this test is supposed to pass a
+ * server implementing the specification:
+ *
+ *   [MS-SMB2] 3.3.5.14 Receiving an SMB2 LOCK Request
+ *
+ *   ...
+ *
+ *   ... if Open.IsResilient or Open.IsDurable or Open.IsPersistent is
+ *   TRUE or if Connection.Dialect belongs to the SMB 3.x dialect family
+ *   and Connection.ServerCapabilities includes
+ *   SMB2_GLOBAL_CAP_MULTI_CHANNEL bit, the server SHOULD<314>
+ *   perform lock sequence verification ...
+ *
+ *   ...
+ *
+ *   <314> Section 3.3.5.14: Windows 7 and Windows Server 2008 R2 perform
+ *   lock sequence verification only when Open.IsResilient is TRUE.
+ *   Windows 8 through Windows 10 v1909 and Windows Server 2012 through
+ *   Windows Server v1909 perform lock sequence verification only when
+ *   Open.IsResilient or Open.IsPersistent is TRUE.
+ *
+ * Note <314> also applies to all versions (at least) up to Windows Server v2004.
+ *
+ * Hopefully this will be fixed in future Windows versions and they
+ * will avoid Note <314>.
+ */
+static bool _test_replay_smb3_specification(struct torture_context *torture,
+					    struct smb2_tree *tree,
+					    const char *testname,
+					    bool use_durable)
+{
+	NTSTATUS status;
+	bool ret = true;
+	struct smb2_create io;
+	struct smb2_handle h;
+	struct smb2_lock lck;
+	struct smb2_lock_element el;
+	char fname[256];
+	struct smb2_transport *transport = tree->session->transport;
+
+	if (smbXcli_conn_protocol(transport->conn) < PROTOCOL_SMB3_00) {
+		torture_skip(torture, "SMB 3.0.0 Dialect family or above \
+				required for Lock Replay tests\n");
+	}
+
+	snprintf(fname, sizeof(fname), "%s\\%s.dat", BASEDIR, testname);
+
+	status = torture_smb2_testdir(tree, BASEDIR, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, h);
+
+	torture_comment(torture, "%s: Testing Open File:\n", testname);
+
+	smb2_oplock_create_share(&io, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+	io.in.durable_open = use_durable;
+
+	status = smb2_create(tree, torture, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h = io.out.file.handle;
+	CHECK_VALUE(io.out.oplock_level, smb2_util_oplock_level("b"));
+	CHECK_VALUE(io.out.durable_open, use_durable);
+	CHECK_VALUE(io.out.durable_open_v2, false);
+	CHECK_VALUE(io.out.persistent_open, false);
+
+	/*
+	 * Setup initial parameters
+	 */
+	el = (struct smb2_lock_element) {
+		.length = 100,
+		.offset = 100,
+	};
+	lck = (struct smb2_lock) {
+		.in.locks = &el,
+		.in.lock_count	= 0x0001,
+		.in.file.handle	= h
+	};
+
+	torture_comment(torture,
+			"Testing SMB 3 LockSequence for all Handles\n");
+
+	/*
+	 * Test with an invalid bucket number (only 1..64 are valid).
+	 * With an invalid number, lock replay detection is not performed.
+	 */
+	torture_comment(torture, "Testing Lock (ignored) Replay detection "
+				 "(Bucket No: 0 (invalid)) [ignored]:\n");
+	lck.in.lock_sequence = 0x000 + 0x1;
+	el.flags = SMB2_LOCK_FLAG_EXCLUSIVE | SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	el.flags = SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+	torture_comment(torture, "Testing Lock Replay detection "
+				 "(Bucket No: 1):\n");
+
+	/*
+	 * Obtain Exclusive Lock of length 100 bytes using Bucket Num 1
+	 * and Bucket Seq 1.
+	 */
+	lck.in.lock_sequence = 0x010 + 0x1;
+	el.flags = SMB2_LOCK_FLAG_EXCLUSIVE | SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * Server detects Replay of Byte Range locks using the Lock Sequence
+	 * Numbers. And ignores the requests completely.
+	 */
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	el.flags = SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	el.flags = SMB2_LOCK_FLAG_EXCLUSIVE | SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	el.flags = SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* status: still locked */
+
+	/*
+	 * Server will not grant same Byte Range using a different Bucket Seq
+	 */
+	lck.in.lock_sequence = 0x010 + 0x2;
+	el.flags = SMB2_LOCK_FLAG_EXCLUSIVE | SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	torture_comment(torture, "Testing Lock Replay detection "
+				 "(Bucket No: 2):\n");
+
+	/*
+	 * Server will not grant same Byte Range using a different Bucket Num
+	 */
+	lck.in.lock_sequence = 0x020 + 0x1;
+	el.flags = SMB2_LOCK_FLAG_EXCLUSIVE | SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	/* status: still locked */
+
+	/* test with invalid bucket when file is locked */
+
+	torture_comment(torture, "Testing Lock Replay detection "
+				 "(Bucket No: 65 (invalid)) [ignored]:\n");
+
+	lck.in.lock_sequence = 0x410 + 0x1;
+	el.flags = SMB2_LOCK_FLAG_EXCLUSIVE | SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	el.flags = SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+	/* status: unlocked */
+
+	/*
+	 * Lock again for the unlock replay test
+	 */
+	el.flags = SMB2_LOCK_FLAG_EXCLUSIVE | SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(torture, "Testing Lock Replay detection "
+				 "(Bucket No: 64):\n");
+
+	/*
+	 * Server will not grant same Byte Range using a different Bucket Num
+	 */
+	lck.in.lock_sequence = 0x400 + 0x1;
+	el.flags = SMB2_LOCK_FLAG_EXCLUSIVE | SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	/*
+	 * Test Unlock replay detection
+	 */
+	lck.in.lock_sequence = 0x400 + 0x2;
+	el.flags = SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK); /* new seq num ==> unlocked */
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK); /* replay detected ==> ignored */
+
+	el.flags = SMB2_LOCK_FLAG_EXCLUSIVE | SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);     /* same seq num ==> ignored */
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* verify it's unlocked: */
+	lck.in.lock_sequence = 0x400 + 0x3;
+	el.flags = SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+
+	/* status: not locked */
+
+done:
+	smb2_util_close(tree, h);
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+static bool test_replay_smb3_specification_durable(struct torture_context *torture,
+						   struct smb2_tree *tree)
+{
+	const char *testname = "replay_smb3_specification_durable";
+	struct smb2_transport *transport = tree->session->transport;
+
+	if (smbXcli_conn_protocol(transport->conn) < PROTOCOL_SMB2_10) {
+		torture_skip(torture, "SMB 2.1.0 Dialect family or above \
+				required for Lock Replay tests on durable handles\n");
+	}
+
+	return _test_replay_smb3_specification(torture, tree, testname, true);
+}
+
+static bool test_replay_smb3_specification_multi(struct torture_context *torture,
+						 struct smb2_tree *tree)
+{
+	const char *testname = "replay_smb3_specification_multi";
+	struct smb2_transport *transport = tree->session->transport;
+	uint32_t server_capabilities;
+
+	if (smbXcli_conn_protocol(transport->conn) < PROTOCOL_SMB3_00) {
+		torture_skip(torture, "SMB 3.0.0 Dialect family or above \
+			required for Lock Replay tests on without durable handles\n");
+	}
+
+	server_capabilities = smb2cli_conn_server_capabilities(transport->conn);
+	if (!(server_capabilities & SMB2_CAP_MULTI_CHANNEL)) {
+		torture_skip(torture, "MULTI_CHANNEL is \
+			required for Lock Replay tests on without durable handles\n");
+	}
+
+	return _test_replay_smb3_specification(torture, tree, testname, false);
+}
+
+/**
+ * Test lock interaction between smbd and ctdb with tombstone records.
+ *
+ * Re-locking an unlocked record could lead to a deadlock between
+ * smbd and ctdb. Make sure we don't regress.
+ *
+ * https://bugzilla.samba.org/show_bug.cgi?id=12005
+ * https://bugzilla.samba.org/show_bug.cgi?id=10008
+ */
+static bool test_deadlock(struct torture_context *torture,
+			  struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	bool ret = true;
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	uint8_t buf[200];
+	const char *fname = BASEDIR "\\deadlock.txt";
+
+	if (!lpcfg_clustering(torture->lp_ctx)) {
+		torture_skip(torture, "Test must be run on a ctdb cluster\n");
+		return true;
+	}
+
+	status = torture_smb2_testdir(tree, BASEDIR, &_h);
+	torture_assert_ntstatus_ok(torture, status,
+				   "torture_smb2_testdir failed");
+	smb2_util_close(tree, _h);
+
+	status = torture_smb2_testfile(tree, fname, &_h);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"torture_smb2_testfile failed");
+	h = &_h;
+
+	ZERO_STRUCT(buf);
+	status = smb2_util_write(tree, *h, buf, 0, ARRAY_SIZE(buf));
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb2_util_write failed");
+
+	status = test_smb2_lock(tree, *h, 0, 1, true);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"test_smb2_lock failed");
+
+	status = test_smb2_unlock(tree, *h, 0, 1);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"test_smb2_unlock failed");
+
+	status = test_smb2_lock(tree, *h, 0, 1, true);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"test_smb2_lock failed");
+
+	status = test_smb2_unlock(tree, *h, 0, 1);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"test_smb2_unlock failed");
+
+done:
+	if (h != NULL) {
+		smb2_util_close(tree, *h);
+	}
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+/* basic testing of SMB2 locking
+*/
+struct torture_suite *torture_smb2_lock_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite =
+	    torture_suite_create(ctx, "lock");
+	torture_suite_add_1smb2_test(suite, "valid-request",
+	    test_valid_request);
+	torture_suite_add_1smb2_test(suite, "rw-none", test_lock_rw_none);
+	torture_suite_add_1smb2_test(suite, "rw-shared", test_lock_rw_shared);
+	torture_suite_add_1smb2_test(suite, "rw-exclusive",
+	    test_lock_rw_exclusive);
+	torture_suite_add_1smb2_test(suite, "auto-unlock",
+	    test_lock_auto_unlock);
+	torture_suite_add_1smb2_test(suite, "lock", test_lock);
+	torture_suite_add_1smb2_test(suite, "async", test_async);
+	torture_suite_add_1smb2_test(suite, "cancel", test_cancel);
+	torture_suite_add_1smb2_test(suite, "cancel-tdis", test_cancel_tdis);
+	torture_suite_add_1smb2_test(suite, "cancel-logoff",
+	    test_cancel_logoff);
+	torture_suite_add_1smb2_test(suite, "errorcode", test_errorcode);
+	torture_suite_add_1smb2_test(suite, "zerobytelength",
+	    test_zerobytelength);
+	torture_suite_add_1smb2_test(suite, "zerobyteread",
+	    test_zerobyteread);
+	torture_suite_add_1smb2_test(suite, "unlock", test_unlock);
+	torture_suite_add_1smb2_test(suite, "multiple-unlock",
+	    test_multiple_unlock);
+	torture_suite_add_1smb2_test(suite, "stacking", test_stacking);
+	torture_suite_add_1smb2_test(suite, "contend", test_contend);
+	torture_suite_add_1smb2_test(suite, "context", test_context);
+	torture_suite_add_1smb2_test(suite, "range", test_range);
+	torture_suite_add_2smb2_test(suite, "overlap", test_overlap);
+	torture_suite_add_1smb2_test(suite, "truncate", test_truncate);
+	torture_suite_add_1smb2_test(suite, "replay_broken_windows",
+				     test_replay_broken_windows);
+	torture_suite_add_1smb2_test(suite, "replay_smb3_specification_durable",
+				     test_replay_smb3_specification_durable);
+	torture_suite_add_1smb2_test(suite, "replay_smb3_specification_multi",
+				     test_replay_smb3_specification_multi);
+	torture_suite_add_1smb2_test(suite, "ctdb-delrec-deadlock", test_deadlock);
+
+	suite->description = talloc_strdup(suite, "SMB2-LOCK tests");
+
+	return suite;
+}
diff --git a/source4/torture/smb2/mangle.c b/source4/torture/smb2/mangle.c
new file mode 100644
index 0000000..09097ee
--- /dev/null
+++ b/source4/torture/smb2/mangle.c
@@ -0,0 +1,341 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB torture tester - mangling test
+   Copyright (C) Andrew Tridgell 2002
+   Copyright (C) David Mulder 2019
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "system/dir.h"
+#include <tdb.h>
+#include "../lib/util/util_tdb.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "torture/util.h"
+#include "torture/smb2/proto.h"
+
+#undef strcasecmp
+
+static TDB_CONTEXT *tdb;
+
+#define NAME_LENGTH 20
+
+static unsigned int total, collisions, failures;
+
+static bool test_one(struct torture_context *tctx, struct smb2_tree *tree,
+		     const char *name)
+{
+	struct smb2_handle fnum;
+	const char *shortname;
+	const char *name2;
+	NTSTATUS status;
+	TDB_DATA data;
+	struct smb2_create io = {0};
+
+	total++;
+
+	io.in.fname = name;
+	io.in.desired_access = SEC_FILE_READ_DATA | SEC_FILE_WRITE_DATA |
+			       SEC_FILE_EXECUTE;
+	io.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+			     NTCREATEX_SHARE_ACCESS_WRITE |
+			     NTCREATEX_SHARE_ACCESS_DELETE;
+	io.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	status = smb2_create(tree, tree, &io);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "open of %s failed (%s)\n", name,
+				nt_errstr(status));
+		return false;
+	}
+	fnum = io.out.file.handle;
+
+	status = smb2_util_close(tree, fnum);
+	if (NT_STATUS_IS_ERR(status)) {
+		torture_comment(tctx, "close of %s failed (%s)\n", name,
+				nt_errstr(status));
+		return false;
+	}
+
+	/* get the short name */
+	status = smb2_qpathinfo_alt_name(tctx, tree, name, &shortname);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "query altname of %s failed (%s)\n",
+				name, nt_errstr(status));
+		return false;
+	}
+
+	name2 = talloc_asprintf(tctx, "mangle_test\\%s", shortname);
+	status = smb2_util_unlink(tree, name2);
+	if (NT_STATUS_IS_ERR(status)) {
+		torture_comment(tctx, "unlink of %s  (%s) failed (%s)\n",
+		       name2, name, nt_errstr(status));
+		return false;
+	}
+
+	/* recreate by short name */
+	io = (struct smb2_create){0};
+	io.in.fname = name2;
+	io.in.desired_access = SEC_FILE_READ_DATA | SEC_FILE_WRITE_DATA |
+			       SEC_FILE_EXECUTE;
+	io.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+			     NTCREATEX_SHARE_ACCESS_WRITE |
+			     NTCREATEX_SHARE_ACCESS_DELETE;
+	io.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	status = smb2_create(tree, tree, &io);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "open2 of %s failed (%s)\n", name2,
+				nt_errstr(status));
+		return false;
+	}
+	fnum = io.out.file.handle;
+
+	status = smb2_util_close(tree, fnum);
+	if (NT_STATUS_IS_ERR(status)) {
+		torture_comment(tctx, "close of %s failed (%s)\n", name,
+				nt_errstr(status));
+		return false;
+	}
+
+	/* and unlink by long name */
+	status = smb2_util_unlink(tree, name);
+	if (NT_STATUS_IS_ERR(status)) {
+		torture_comment(tctx, "unlink2 of %s  (%s) failed (%s)\n",
+				name, name2, nt_errstr(status));
+		failures++;
+		smb2_util_unlink(tree, name2);
+		return true;
+	}
+
+	/* see if the short name is already in the tdb */
+	data = tdb_fetch_bystring(tdb, shortname);
+	if (data.dptr) {
+		/* maybe its a duplicate long name? */
+		if (strcasecmp(name, (const char *)data.dptr) != 0) {
+			/* we have a collision */
+			collisions++;
+			torture_comment(tctx, "Collision between %s and %s"
+					"   ->  %s  (coll/tot: %u/%u)\n",
+					name, data.dptr, shortname, collisions,
+					total);
+		}
+		free(data.dptr);
+	} else {
+		TDB_DATA namedata;
+		/* store it for later */
+		namedata.dptr = discard_const_p(uint8_t, name);
+		namedata.dsize = strlen(name)+1;
+		tdb_store_bystring(tdb, shortname, namedata, TDB_REPLACE);
+	}
+
+	return true;
+}
+
+
+static char *gen_name(struct torture_context *tctx)
+{
+	const char *chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz._-$~...";
+	unsigned int max_idx = strlen(chars);
+	unsigned int len;
+	int i;
+	char *p = NULL;
+	char *name = NULL;
+
+	name = talloc_strdup(tctx, "mangle_test\\");
+	if (!name) {
+		return NULL;
+	}
+
+	len = 1 + random() % NAME_LENGTH;
+
+	name = talloc_realloc(tctx, name, char, strlen(name) + len + 6);
+	if (!name) {
+		return NULL;
+	}
+	p = name + strlen(name);
+
+	for (i=0;i<len;i++) {
+		p[i] = chars[random() % max_idx];
+	}
+
+	p[i] = 0;
+
+	if (ISDOT(p) || ISDOTDOT(p)) {
+		p[0] = '_';
+	}
+
+	/* have a high probability of a common lead char */
+	if (random() % 2 == 0) {
+		p[0] = 'A';
+	}
+
+	/* and a medium probability of a common lead string */
+	if ((len > 5) && (random() % 10 == 0)) {
+		strlcpy(p, "ABCDE", 6);
+	}
+
+	/* and a high probability of a good extension length */
+	if (random() % 2 == 0) {
+		char *s = strrchr(p, '.');
+		if (s) {
+			s[4] = 0;
+		}
+	}
+
+	return name;
+}
+
+
+static bool torture_smb2_mangle(struct torture_context *torture,
+				struct smb2_tree *tree)
+{
+	extern int torture_numops;
+	int i;
+	bool ok;
+	NTSTATUS status;
+
+	/* we will use an internal tdb to store the names we have used */
+	tdb = tdb_open(NULL, 100000, TDB_INTERNAL, 0, 0);
+	torture_assert(torture, tdb, "ERROR: Failed to open tdb\n");
+
+	ok = smb2_util_setup_dir(torture, tree, "mangle_test");
+	torture_assert(torture, ok, "smb2_util_setup_dir failed\n");
+
+	for (i=0;i<torture_numops;i++) {
+		char *name;
+
+		name = gen_name(torture);
+		torture_assert(torture, name, "Name allocation failed\n");
+
+		ok = test_one(torture, tree, name);
+		torture_assert(torture, ok, talloc_asprintf(torture,
+			       "Mangle names failed with %s", name));
+		if (total && total % 100 == 0) {
+			if (torture_setting_bool(torture, "progress", true)) {
+				torture_comment(torture,
+				       "collisions %u/%u  - %.2f%%   (%u failures)\r",
+				       collisions, total, (100.0*collisions) / total, failures);
+			}
+		}
+	}
+
+	smb2_util_unlink(tree, "mangle_test\\*");
+	status = smb2_util_rmdir(tree, "mangle_test");
+	torture_assert_ntstatus_ok(torture, status,
+				   "ERROR: Failed to remove directory\n");
+
+	torture_comment(torture,
+			"\nTotal collisions %u/%u  - %.2f%%   (%u failures)\n",
+			collisions, total, (100.0*collisions) / total, failures);
+
+	return (failures == 0);
+}
+
+static bool test_mangled_mask(struct torture_context *tctx,
+			      struct smb2_tree *tree)
+{
+	bool ret = true;
+	const char *dname = "single_find_with_mangled_name";
+	const char *fname = "single_find_with_mangled_name\\verylongfilename";
+	const char *shortname = NULL;
+	NTSTATUS status;
+	struct smb2_handle dh = {{0}};
+	struct smb2_handle fh = {{0}};
+	struct smb2_find f;
+	union smb_search_data *d;
+	unsigned count, i;
+
+	torture_comment(tctx, "Checking find with mangled search mask\n");
+
+	smb2_deltree(tree, dname);
+
+	status = torture_smb2_testdir(tree, dname, &dh);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testdir failed");
+
+	status = torture_smb2_testfile(tree, fname, &fh);
+	smb2_util_close(tree, fh);
+
+	ZERO_STRUCT(f);
+	f.in.file.handle	= dh;
+	f.in.pattern		= "*";
+	f.in.max_response_size	= 0x1000;
+	f.in.level              = SMB2_FIND_BOTH_DIRECTORY_INFO;
+
+	status = smb2_find_level(tree, tree, &f, &count, &d);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_find_level failed\n");
+	smb2_util_close(tree, dh);
+	ZERO_STRUCT(dh);
+
+	for (i = 0; i < count; i++) {
+		const char *found = d[i].both_directory_info.name.s;
+
+		if (!strcmp(found, ".") || !strcmp(found, "..")) {
+			continue;
+		}
+
+		torture_assert_str_equal_goto(tctx, found, "verylongfilename", ret, done,
+					      "Bad filename\n");
+		shortname = d[i].both_directory_info.short_name.s;
+		break;
+	}
+
+	torture_assert_not_null_goto(tctx, shortname, ret, done,
+				     "shortname is NULL\n");
+
+	torture_comment(tctx, "Got shortname: %s\n", shortname);
+
+	status = torture_smb2_testdir(tree, dname, &dh);
+
+	ZERO_STRUCT(f);
+	f.in.file.handle	= dh;
+	f.in.continue_flags	= SMB2_CONTINUE_FLAG_SINGLE;
+	f.in.pattern		= shortname;
+	f.in.max_response_size	= 0x1000;
+	f.in.level              = SMB2_FIND_BOTH_DIRECTORY_INFO;
+
+	status = smb2_find_level(tree, tree, &f, &count, &d);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_find_level failed\n");
+	smb2_util_close(tree, dh);
+	ZERO_STRUCT(dh);
+
+done:
+	if (!smb2_util_handle_empty(fh)) {
+		smb2_util_close(tree, fh);
+	}
+	if (!smb2_util_handle_empty(dh)) {
+		smb2_util_close(tree, dh);
+	}
+	smb2_deltree(tree, dname);
+	return ret;
+
+}
+
+struct torture_suite *torture_smb2_name_mangling_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = NULL;
+
+	suite = torture_suite_create(ctx, "name-mangling");
+	suite->description = talloc_strdup(suite, "SMB2 name mangling tests");
+
+	torture_suite_add_1smb2_test(suite, "mangle", torture_smb2_mangle);
+	torture_suite_add_1smb2_test(suite, "mangled-mask", test_mangled_mask);
+	return suite;
+}
diff --git a/source4/torture/smb2/max_allowed.c b/source4/torture/smb2/max_allowed.c
new file mode 100644
index 0000000..af8b08a
--- /dev/null
+++ b/source4/torture/smb2/max_allowed.c
@@ -0,0 +1,248 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB torture tester - deny mode scanning functions
+   Copyright (C) Andrew Tridgell 2001
+   Copyright (C) David Mulder 2019
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "libcli/security/security.h"
+#include "torture/util.h"
+#include "torture/smb2/proto.h"
+
+#define MAXIMUM_ALLOWED_FILE    "torture_maximum_allowed"
+static bool torture_smb2_maximum_allowed(struct torture_context *tctx,
+					 struct smb2_tree *tree)
+{
+	struct security_descriptor *sd = NULL, *sd_orig = NULL;
+	struct smb2_create io = {0};
+	TALLOC_CTX *mem_ctx = NULL;
+	struct smb2_handle fnum = {{0}};
+	int i;
+	bool ret = true;
+	NTSTATUS status;
+	union smb_fileinfo q;
+	const char *owner_sid = NULL;
+	bool has_restore_privilege, has_backup_privilege, has_system_security_privilege;
+
+	mem_ctx = talloc_init("torture_maximum_allowed");
+	torture_assert_goto(tctx, mem_ctx != NULL, ret, done,
+			    "talloc allocation failed\n");
+
+	if (!torture_setting_bool(tctx, "sacl_support", true))
+		torture_warning(tctx, "Skipping SACL related tests!\n");
+
+	sd = security_descriptor_dacl_create(mem_ctx,
+	    0, NULL, NULL,
+	    SID_NT_AUTHENTICATED_USERS,
+	    SEC_ACE_TYPE_ACCESS_ALLOWED,
+	    SEC_RIGHTS_FILE_READ,
+	    0, NULL);
+	torture_assert_goto(tctx, sd != NULL, ret, done,
+			    "security descriptor creation failed\n");
+
+	/* Blank slate */
+	smb2_util_unlink(tree, MAXIMUM_ALLOWED_FILE);
+
+	/* create initial file with restrictive SD */
+	io.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.in.fname = MAXIMUM_ALLOWED_FILE;
+	io.in.sec_desc = sd;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+		talloc_asprintf(tctx, "Incorrect status %s - should be %s\n",
+				nt_errstr(status), nt_errstr(NT_STATUS_OK)));
+	fnum = io.out.file.handle;
+
+	/* the correct answers for this test depends on whether the
+	   user has restore privileges. To find that out we first need
+	   to know our SID - get it from the owner_sid of the file we
+	   just created */
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.handle = fnum;
+	q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+	status = smb2_getinfo_file(tree, tctx, &q);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+		talloc_asprintf(tctx, "Incorrect status %s - should be %s\n",
+				nt_errstr(status), nt_errstr(NT_STATUS_OK)));
+	sd_orig = q.query_secdesc.out.sd;
+
+	owner_sid = dom_sid_string(tctx, sd_orig->owner_sid);
+
+	status = torture_smb2_check_privilege(tree,
+					 owner_sid,
+					 sec_privilege_name(SEC_PRIV_RESTORE));
+	has_restore_privilege = NT_STATUS_IS_OK(status);
+	torture_comment(tctx, "Checked SEC_PRIV_RESTORE for %s - %s\n",
+			owner_sid,
+			has_restore_privilege?"Yes":"No");
+
+	status = torture_smb2_check_privilege(tree,
+					 owner_sid,
+					 sec_privilege_name(SEC_PRIV_BACKUP));
+	has_backup_privilege = NT_STATUS_IS_OK(status);
+	torture_comment(tctx, "Checked SEC_PRIV_BACKUP for %s - %s\n",
+			owner_sid,
+			has_backup_privilege?"Yes":"No");
+
+	status = torture_smb2_check_privilege(tree,
+					 owner_sid,
+					 sec_privilege_name(SEC_PRIV_SECURITY));
+	has_system_security_privilege = NT_STATUS_IS_OK(status);
+	torture_comment(tctx, "Checked SEC_PRIV_SECURITY for %s - %s\n",
+			owner_sid,
+			has_system_security_privilege?"Yes":"No");
+
+	smb2_util_close(tree, fnum);
+
+	for (i = 0; i < 32; i++) {
+		uint32_t mask = SEC_FLAG_MAXIMUM_ALLOWED | (1u << i);
+		/*
+		 * SEC_GENERIC_EXECUTE is a complete subset of
+		 * SEC_GENERIC_READ when mapped to specific bits,
+		 * so we need to include it in the basic OK mask.
+		 */
+		uint32_t ok_mask = SEC_RIGHTS_FILE_READ | SEC_GENERIC_READ | SEC_GENERIC_EXECUTE |
+			SEC_STD_DELETE | SEC_STD_WRITE_DAC;
+
+		/*
+		 * Now SEC_RIGHTS_PRIV_RESTORE and SEC_RIGHTS_PRIV_BACKUP
+		 * don't include any generic bits (they're used directly
+		 * in the fileserver where the generic bits have already
+		 * been mapped into file specific bits) we need to add the
+		 * generic bits to the ok_mask when we have these privileges.
+		 */
+		if (has_restore_privilege) {
+			ok_mask |= SEC_RIGHTS_PRIV_RESTORE|SEC_GENERIC_WRITE;
+		}
+		if (has_backup_privilege) {
+			ok_mask |= SEC_RIGHTS_PRIV_BACKUP|SEC_GENERIC_READ;
+		}
+		if (has_system_security_privilege) {
+			ok_mask |= SEC_FLAG_SYSTEM_SECURITY;
+		}
+
+		/* Skip all SACL related tests. */
+		if ((!torture_setting_bool(tctx, "sacl_support", true)) &&
+		    (mask & SEC_FLAG_SYSTEM_SECURITY))
+			continue;
+
+		io = (struct smb2_create){0};
+		io.in.desired_access = mask;
+		io.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+		io.in.create_disposition = NTCREATEX_DISP_OPEN;
+		io.in.impersonation_level =
+		    NTCREATEX_IMPERSONATION_ANONYMOUS;
+		io.in.fname = MAXIMUM_ALLOWED_FILE;
+
+		status = smb2_create(tree, mem_ctx, &io);
+		if (mask & ok_mask ||
+		    mask == SEC_FLAG_MAXIMUM_ALLOWED) {
+			torture_assert_ntstatus_ok_goto(tctx, status, ret,
+				done, talloc_asprintf(tctx,
+				"Incorrect status %s - should be %s\n",
+				nt_errstr(status), nt_errstr(NT_STATUS_OK)));
+		} else {
+			if (mask & SEC_FLAG_SYSTEM_SECURITY) {
+				torture_assert_ntstatus_equal_goto(tctx,
+					status, NT_STATUS_PRIVILEGE_NOT_HELD,
+					ret, done, talloc_asprintf(tctx,
+					"Incorrect status %s - should be %s\n",
+					nt_errstr(status),
+					nt_errstr(NT_STATUS_PRIVILEGE_NOT_HELD)));
+			} else {
+				torture_assert_ntstatus_equal_goto(tctx,
+					status, NT_STATUS_ACCESS_DENIED,
+					ret, done, talloc_asprintf(tctx,
+					"Incorrect status %s - should be %s\n",
+					nt_errstr(status),
+					nt_errstr(NT_STATUS_ACCESS_DENIED)));
+			}
+		}
+
+		fnum = io.out.file.handle;
+
+		smb2_util_close(tree, fnum);
+	}
+
+ done:
+	smb2_util_unlink(tree, MAXIMUM_ALLOWED_FILE);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool torture_smb2_read_only_file(struct torture_context *tctx,
+					struct smb2_tree *tree)
+{
+	struct smb2_create c;
+	struct smb2_handle h = {{0}};
+	bool ret = true;
+	NTSTATUS status;
+
+	smb2_deltree(tree, MAXIMUM_ALLOWED_FILE);
+
+	c = (struct smb2_create) {
+		.in.desired_access = SEC_RIGHTS_FILE_ALL,
+		.in.file_attributes = FILE_ATTRIBUTE_READONLY,
+		.in.create_disposition = NTCREATEX_DISP_CREATE,
+		.in.fname = MAXIMUM_ALLOWED_FILE,
+	};
+
+	status = smb2_create(tree, tctx, &c);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	h = c.out.file.handle;
+	smb2_util_close(tree, h);
+	ZERO_STRUCT(h);
+
+	c = (struct smb2_create) {
+		.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED,
+		.in.file_attributes = FILE_ATTRIBUTE_READONLY,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.fname = MAXIMUM_ALLOWED_FILE,
+	};
+
+	status = smb2_create(tree, tctx, &c);
+	torture_assert_ntstatus_ok_goto(
+		tctx, status, ret, done,
+		"Failed to open READ-ONLY file with SEC_FLAG_MAXIMUM_ALLOWED\n");
+	h = c.out.file.handle;
+	smb2_util_close(tree, h);
+	ZERO_STRUCT(h);
+
+done:
+	if (!smb2_util_handle_empty(h)) {
+		smb2_util_close(tree, h);
+	}
+	smb2_deltree(tree, MAXIMUM_ALLOWED_FILE);
+	return ret;
+}
+
+struct torture_suite *torture_smb2_max_allowed(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "maximum_allowed");
+
+	torture_suite_add_1smb2_test(suite, "maximum_allowed", torture_smb2_maximum_allowed);
+	torture_suite_add_1smb2_test(suite, "read_only", torture_smb2_read_only_file);
+	return suite;
+}
diff --git a/source4/torture/smb2/maxfid.c b/source4/torture/smb2/maxfid.c
new file mode 100644
index 0000000..5f0b9fe
--- /dev/null
+++ b/source4/torture/smb2/maxfid.c
@@ -0,0 +1,149 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   SMB2 maxfid test
+
+   Copyright (C) Christof Schmitt 2016
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+
+#include "torture/torture.h"
+#include "torture/smb2/proto.h"
+
+bool torture_smb2_maxfid(struct torture_context *tctx)
+{
+	bool ret = true;
+	NTSTATUS status;
+	struct smb2_tree *tree = NULL;
+	const char *dname = "smb2_maxfid";
+	size_t i, maxfid;
+	struct smb2_handle *handles,  dir_handle = { };
+	size_t max_handles;
+
+	/*
+	 * We limited this to 65520 as socket_wrapper has a limit of
+	 * 65535 (0xfff0) open sockets.
+	 *
+	 * It could be increased by setting the following env variable:
+	 *
+	 * SOCKET_WRAPPER_MAX_SOCKETS=100000
+	 */
+	max_handles = torture_setting_int(tctx, "maxopenfiles", 65520);
+
+	if (!torture_smb2_connection(tctx, &tree)) {
+		return false;
+	}
+
+	handles = talloc_array(tctx, struct smb2_handle, max_handles);
+	if (handles == 0) {
+		torture_fail(tctx, "Could not allocate handles array.\n");
+		return false;
+	}
+
+	smb2_deltree(tree, dname);
+
+	status = torture_smb2_testdir(tree, dname, &dir_handle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testdir failed");
+	smb2_util_close(tree, dir_handle);
+
+	torture_comment(tctx, "Creating subdirectories\n");
+
+	for (i = 0; i < max_handles; i += 1000) {
+		char *name;
+		struct smb2_create create = { };
+		struct smb2_close close = { };
+
+		name = talloc_asprintf(tctx, "%s\\%zu", dname, i / 1000);
+		torture_assert_goto(tctx, (name != NULL), ret, done,
+				    "no memory for directory name\n");
+
+		create.in.desired_access = SEC_RIGHTS_DIR_ALL;
+		create.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+		create.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
+		create.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+			NTCREATEX_SHARE_ACCESS_WRITE |
+			NTCREATEX_SHARE_ACCESS_DELETE;
+		create.in.create_disposition = NTCREATEX_DISP_CREATE;
+		create.in.fname = name;
+
+		status = smb2_create(tree, tctx, &create);
+		talloc_free(name);
+
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"CREATE directory failed\n");
+
+		close.in.file.handle = create.out.file.handle;
+		status = smb2_close(tree, &close);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"CLOSE directory failed\n");
+	}
+
+	torture_comment(tctx, "Testing maximum number of open files\n");
+
+	for (i = 0; i < max_handles; i++) {
+		char *name;
+		struct smb2_create create = { };
+
+		name = talloc_asprintf(tctx, "%s\\%zu\\%zu", dname, i / 1000, i);
+		torture_assert_goto(tctx, (name != NULL), ret, done,
+				    "no memory for file name\n");
+
+		create.in.desired_access = SEC_RIGHTS_DIR_ALL;
+		create.in.create_options = 0;
+		create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+		create.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+			NTCREATEX_SHARE_ACCESS_WRITE |
+			NTCREATEX_SHARE_ACCESS_DELETE;
+		create.in.create_disposition = NTCREATEX_DISP_CREATE;
+		create.in.fname = name;
+
+		status = smb2_create(tree, tctx, &create);
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_comment(tctx, "create of %s failed: %s\n",
+					name, nt_errstr(status));
+			talloc_free(name);
+			break;
+		}
+		talloc_free(name);
+
+		handles[i] = create.out.file.handle;
+	}
+
+	maxfid = i;
+	if (maxfid == max_handles) {
+		torture_comment(tctx, "Reached test limit of %zu open files. "
+				"Adjust to higher test with "
+				"--option=torture:maxopenfiles=NNN\n", maxfid);
+	}
+
+	torture_comment(tctx, "Cleanup open files\n");
+
+	for (i = 0; i < maxfid; i++) {
+		status = smb2_util_close(tree, handles[i]);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"CLOSE failed\n");
+	}
+
+done:
+	smb2_deltree(tree, dname);
+	talloc_free(handles);
+
+	return ret;
+}
diff --git a/source4/torture/smb2/maxwrite.c b/source4/torture/smb2/maxwrite.c
new file mode 100644
index 0000000..bc52ebc
--- /dev/null
+++ b/source4/torture/smb2/maxwrite.c
@@ -0,0 +1,137 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   test suite for SMB2 write operations
+
+   Copyright (C) Andrew Tridgell 2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/security.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "torture/torture.h"
+#include "torture/smb2/proto.h"
+
+#define FNAME "testmaxwrite.dat"
+
+/*
+  test writing
+*/
+static NTSTATUS torture_smb2_write(struct torture_context *tctx,
+				   struct smb2_tree *tree, 
+				   struct smb2_handle handle)
+{
+	struct smb2_write w;
+	struct smb2_read r;
+	NTSTATUS status;
+	int i, len;
+	int max = 80000000;
+	int min = 1;
+
+	while (max > min) {
+		TALLOC_CTX *tmp_ctx = talloc_new(tctx);
+
+
+		len = 1+(min+max)/2;
+
+		ZERO_STRUCT(w);
+		w.in.file.handle = handle;
+		w.in.offset      = 0;
+		w.in.data        = data_blob_talloc(tmp_ctx, NULL, len);
+
+		for (i=0;i<len;i++) {
+			w.in.data.data[i] = i % 256;
+		}
+
+		torture_comment(tctx, "trying to write %d bytes (min=%d max=%d)\n",
+		       len, min, max);
+
+		status = smb2_write(tree, &w);
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_comment(tctx, "write failed - %s\n", nt_errstr(status));
+			max = len-1;
+			status = smb2_util_close(tree, handle);
+			if (!NT_STATUS_IS_OK(status)) {
+				/* vista bug */
+				torture_comment(tctx, "coping with server disconnect\n");
+				talloc_free(tree);
+				if (!torture_smb2_connection(tctx, &tree)) {
+					torture_comment(tctx, "failed to reconnect\n");
+					return NT_STATUS_NET_WRITE_FAULT;
+				}
+			}
+			status = torture_smb2_createfile(tctx, tree, FNAME, &handle);
+			if (!NT_STATUS_IS_OK(status)) {
+				torture_comment(tctx, "failed to create file handle\n");
+				talloc_free(tmp_ctx);
+				return status;
+			}
+			continue;
+		} else {
+			min = len;
+		}
+
+		
+		ZERO_STRUCT(r);
+		r.in.file.handle = handle;
+		r.in.length      = len;
+		r.in.offset      = 0;
+		
+		torture_comment(tctx, "reading %d bytes\n", len);
+
+		status = smb2_read(tree, tmp_ctx, &r);
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_comment(tctx, "read failed - %s\n", nt_errstr(status));
+		} else if (w.in.data.length != r.out.data.length ||
+		    memcmp(w.in.data.data, r.out.data.data, len) != 0) {
+			torture_comment(tctx, "read data mismatch\n");
+		}
+
+		talloc_free(tmp_ctx);
+	}
+
+	torture_comment(tctx, "converged: len=%d\n", max);
+	smb2_util_close(tree, handle);
+	smb2_util_unlink(tree, FNAME);
+
+	return NT_STATUS_OK;
+}
+
+
+
+/* 
+   basic testing of SMB2 connection calls
+*/
+bool torture_smb2_maxwrite(struct torture_context *tctx)
+{
+	struct smb2_tree *tree;
+	struct smb2_handle h1;
+
+	if (!torture_smb2_connection(tctx, &tree)) {
+		return false;
+	}
+
+	torture_assert_ntstatus_ok(tctx,
+		torture_smb2_createfile(tctx, tree, FNAME, &h1),
+		"failed to create file handle");
+
+	torture_assert_ntstatus_ok(tctx,
+		torture_smb2_write(tctx, tree, h1),
+		"Write failed");
+
+	return true;
+}
diff --git a/source4/torture/smb2/mkdir.c b/source4/torture/smb2/mkdir.c
new file mode 100644
index 0000000..f797b5c
--- /dev/null
+++ b/source4/torture/smb2/mkdir.c
@@ -0,0 +1,105 @@
+/*
+   Unix SMB/CIFS implementation.
+   RAW_MKDIR_* and RAW_RMDIR_* individual test suite
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) David Mulder 2020
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "torture/util.h"
+#include "torture/smb2/proto.h"
+#include "libcli/smb_composite/smb_composite.h"
+
+#define BASEDIR "mkdirtest"
+
+/*
+  test mkdir ops
+*/
+bool torture_smb2_mkdir(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	struct smb2_handle h = {{0}};
+	const char *path = BASEDIR "\\mkdir.dir";
+	NTSTATUS status;
+	bool ret = true;
+
+	ret = smb2_util_setup_dir(tctx, tree, BASEDIR);
+	torture_assert(tctx, ret, "Failed to setup up test directory: " BASEDIR);
+
+	/*
+	   basic mkdir
+	*/
+	status = smb2_util_mkdir(tree, path);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"Incorrect status");
+
+	torture_comment(tctx, "Testing mkdir collision\n");
+
+	/* 2nd create */
+	status = smb2_util_mkdir(tree, path);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+					   NT_STATUS_OBJECT_NAME_COLLISION,
+					   ret, done, "Incorrect status");
+
+	/* basic rmdir */
+	status = smb2_util_rmdir(tree, path);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"Incorrect status");
+
+	status = smb2_util_rmdir(tree, path);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+					   NT_STATUS_OBJECT_NAME_NOT_FOUND,
+					   ret, done, "Incorrect status");
+
+	torture_comment(tctx, "Testing mkdir collision with file\n");
+
+	/* name collision with a file */
+	smb2_create_complex_file(tctx, tree, path, &h);
+	smb2_util_close(tree, h);
+	status = smb2_util_mkdir(tree, path);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+					   NT_STATUS_OBJECT_NAME_COLLISION,
+					   ret, done, "Incorrect status");
+
+	torture_comment(tctx, "Testing rmdir with file\n");
+
+	/* delete a file with rmdir */
+	status = smb2_util_rmdir(tree, path);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+					   NT_STATUS_NOT_A_DIRECTORY,
+					   ret, done, "Incorrect status");
+
+	smb2_util_unlink(tree, path);
+
+	torture_comment(tctx, "Testing invalid dir\n");
+
+	/* create an invalid dir */
+	status = smb2_util_mkdir(tree, "..\\..\\..");
+	torture_assert_ntstatus_equal_goto(tctx, status,
+					   NT_STATUS_OBJECT_PATH_SYNTAX_BAD,
+					   ret, done, "Incorrect status");
+
+	torture_comment(tctx, "Testing t2mkdir bad path\n");
+	status = smb2_util_mkdir(tree, BASEDIR "\\bad_path\\bad_path");
+	torture_assert_ntstatus_equal_goto(tctx, status,
+					   NT_STATUS_OBJECT_PATH_NOT_FOUND,
+					   ret, done, "Incorrect status");
+
+done:
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
diff --git a/source4/torture/smb2/multichannel.c b/source4/torture/smb2/multichannel.c
new file mode 100644
index 0000000..6b6e00e
--- /dev/null
+++ b/source4/torture/smb2/multichannel.c
@@ -0,0 +1,2743 @@
+/*
+ * Unix SMB/CIFS implementation.
+ *
+ * test SMB2 multichannel operations
+ *
+ * Copyright (C) Guenther Deschner, 2016
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "torture/torture.h"
+#include "torture/smb2/proto.h"
+#include "libcli/security/security.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "librpc/gen_ndr/ndr_ioctl.h"
+#include "../libcli/smb/smbXcli_base.h"
+#include "lib/cmdline/cmdline.h"
+#include "libcli/security/security.h"
+#include "libcli/resolve/resolve.h"
+#include "lib/socket/socket.h"
+#include "lib/param/param.h"
+#include "lib/events/events.h"
+#include "oplock_break_handler.h"
+#include "lease_break_handler.h"
+#include "torture/smb2/block.h"
+
+#define BASEDIR "multichanneltestdir"
+
+#define CHECK_STATUS(status, correct) \
+	torture_assert_ntstatus_equal_goto(tctx, status, correct,\
+					   ret, done, "")
+
+#define CHECK_VAL(v, correct) do { \
+	if ((v) != (correct)) { \
+		torture_result(tctx, TORTURE_FAIL, "(%s): wrong value for %s" \
+				" got 0x%x - should be 0x%x\n", \
+				__location__, #v, (int)v, (int)correct); \
+		ret = false; \
+		goto done; \
+	} } while (0)
+
+#define CHECK_VAL_GREATER_THAN(v, gt_val) do { \
+	if ((v) <= (gt_val)) { \
+		torture_result(tctx, TORTURE_FAIL, \
+				"(%s): wrong value for %s got 0x%x - " \
+				"should be greater than 0x%x\n", \
+				__location__, #v, (int)v, (int)gt_val); \
+		ret = false; \
+		goto done; \
+	} } while (0)
+
+#define CHECK_CREATED(__io, __created, __attribute)			\
+	do {								\
+		CHECK_VAL((__io)->out.create_action,			\
+				NTCREATEX_ACTION_ ## __created);	\
+		CHECK_VAL((__io)->out.size, 0);				\
+		CHECK_VAL((__io)->out.file_attr, (__attribute));	\
+		CHECK_VAL((__io)->out.reserved2, 0);			\
+	} while (0)
+
+#define CHECK_PTR(ptr, correct) do { \
+	if ((ptr) != (correct)) { \
+		torture_result(tctx, TORTURE_FAIL, "(%s): wrong value for %s " \
+				"got 0x%p - should be 0x%p\n", \
+				__location__, #ptr, ptr, correct); \
+		ret = false; \
+		goto done; \
+	} } while (0)
+
+#define CHECK_LEASE(__io, __state, __oplevel, __key, __flags)		\
+	do {								\
+		CHECK_VAL((__io)->out.lease_response.lease_version, 1); \
+		if (__oplevel) {					\
+			CHECK_VAL((__io)->out.oplock_level, \
+					SMB2_OPLOCK_LEVEL_LEASE); \
+			CHECK_VAL((__io)->out.lease_response.lease_key.data[0],\
+				  (__key)); \
+			CHECK_VAL((__io)->out.lease_response.lease_key.data[1],\
+				  ~(__key)); \
+			CHECK_VAL((__io)->out.lease_response.lease_state,\
+				  smb2_util_lease_state(__state)); \
+		} else {						\
+			CHECK_VAL((__io)->out.oplock_level,\
+				  SMB2_OPLOCK_LEVEL_NONE); \
+			CHECK_VAL((__io)->out.lease_response.lease_key.data[0],\
+				  0); \
+			CHECK_VAL((__io)->out.lease_response.lease_key.data[1],\
+				  0); \
+			CHECK_VAL((__io)->out.lease_response.lease_state, 0); \
+		}							\
+									\
+		CHECK_VAL((__io)->out.lease_response.lease_flags, (__flags)); \
+		CHECK_VAL((__io)->out.lease_response.lease_duration, 0); \
+		CHECK_VAL((__io)->out.lease_response.lease_epoch, 0); \
+	} while (0)
+
+#define CHECK_LEASE_V2(__io, __state, __oplevel, __key, __flags, __parent, __epoch) \
+	do {								\
+		CHECK_VAL((__io)->out.lease_response_v2.lease_version, 2); \
+		if (__oplevel) {					\
+			CHECK_VAL((__io)->out.oplock_level, SMB2_OPLOCK_LEVEL_LEASE); \
+			CHECK_VAL((__io)->out.lease_response_v2.lease_key.data[0], (__key)); \
+			CHECK_VAL((__io)->out.lease_response_v2.lease_key.data[1], ~(__key)); \
+			CHECK_VAL((__io)->out.lease_response_v2.lease_state, smb2_util_lease_state(__state)); \
+		} else {						\
+			CHECK_VAL((__io)->out.oplock_level, SMB2_OPLOCK_LEVEL_NONE); \
+			CHECK_VAL((__io)->out.lease_response_v2.lease_key.data[0], 0); \
+			CHECK_VAL((__io)->out.lease_response_v2.lease_key.data[1], 0); \
+			CHECK_VAL((__io)->out.lease_response_v2.lease_state, 0); \
+		}							\
+									\
+		CHECK_VAL((__io)->out.lease_response_v2.lease_flags, __flags); \
+		if (__flags & SMB2_LEASE_FLAG_PARENT_LEASE_KEY_SET) { \
+			CHECK_VAL((__io)->out.lease_response_v2.parent_lease_key.data[0], (__parent)); \
+			CHECK_VAL((__io)->out.lease_response_v2.parent_lease_key.data[1], ~(__parent)); \
+		} \
+		CHECK_VAL((__io)->out.lease_response_v2.lease_duration, 0); \
+		CHECK_VAL((__io)->out.lease_response_v2.lease_epoch, (__epoch)); \
+	} while(0)
+
+#define CHECK_LEASE_BREAK_V2(__lb, __key, __from, __to, __break_flags, __new_epoch) \
+	do {								\
+		CHECK_VAL((__lb).current_lease.lease_key.data[0], (__key)); \
+		CHECK_VAL((__lb).current_lease.lease_key.data[1], ~(__key)); \
+		CHECK_VAL((__lb).current_lease.lease_state, smb2_util_lease_state(__from)); \
+		CHECK_VAL((__lb).new_epoch, (__new_epoch)); \
+		CHECK_VAL((__lb).break_flags, (__break_flags)); \
+		CHECK_VAL((__lb).new_lease_state, smb2_util_lease_state(__to)); \
+	} while(0)
+
+static bool test_ioctl_network_interface_info(struct torture_context *tctx,
+					      struct smb2_tree *tree,
+					      struct fsctl_net_iface_info *info)
+{
+	union smb_ioctl ioctl;
+	struct smb2_handle fh;
+	uint32_t caps;
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_MULTI_CHANNEL)) {
+		torture_skip(tctx,
+			    "server doesn't support SMB2_CAP_MULTI_CHANNEL\n");
+	}
+
+	ZERO_STRUCT(ioctl);
+
+	ioctl.smb2.level = RAW_IOCTL_SMB2;
+
+	fh.data[0] = UINT64_MAX;
+	fh.data[1] = UINT64_MAX;
+
+	ioctl.smb2.in.file.handle = fh;
+	ioctl.smb2.in.function = FSCTL_QUERY_NETWORK_INTERFACE_INFO;
+	/* Windows client sets this to 64KiB */
+	ioctl.smb2.in.max_output_response = 0x10000;
+	ioctl.smb2.in.flags = SMB2_IOCTL_FLAG_IS_FSCTL;
+
+	torture_assert_ntstatus_ok(tctx,
+		smb2_ioctl(tree, tctx, &ioctl.smb2),
+		"FSCTL_QUERY_NETWORK_INTERFACE_INFO failed");
+
+	torture_assert(tctx,
+		(ioctl.smb2.out.out.length != 0),
+		"no interface info returned???");
+
+	torture_assert_ndr_success(tctx,
+		ndr_pull_struct_blob(&ioctl.smb2.out.out, tctx, info,
+			(ndr_pull_flags_fn_t)ndr_pull_fsctl_net_iface_info),
+		"failed to ndr pull");
+
+	if (DEBUGLVL(1)) {
+		NDR_PRINT_DEBUG(fsctl_net_iface_info, info);
+	}
+
+	return true;
+}
+
+static bool test_multichannel_interface_info(struct torture_context *tctx,
+					     struct smb2_tree *tree)
+{
+	struct fsctl_net_iface_info info;
+
+	return test_ioctl_network_interface_info(tctx, tree, &info);
+}
+
+static struct smb2_tree *test_multichannel_create_channel(
+				struct torture_context *tctx,
+				const char *host,
+				const char *share,
+				struct cli_credentials *credentials,
+				const struct smbcli_options *_transport_options,
+				struct smb2_tree *parent_tree
+				)
+{
+	struct smbcli_options transport_options = *_transport_options;
+	NTSTATUS status;
+	struct smb2_transport *transport;
+	struct smb2_session *session;
+	bool ret = true;
+	struct smb2_tree *tree;
+
+	if (parent_tree) {
+		transport_options.only_negprot = true;
+	}
+
+	status = smb2_connect(tctx,
+			host,
+			lpcfg_smb_ports(tctx->lp_ctx),
+			share,
+			lpcfg_resolve_context(tctx->lp_ctx),
+			credentials,
+			&tree,
+			tctx->ev,
+			&transport_options,
+			lpcfg_socket_options(tctx->lp_ctx),
+			lpcfg_gensec_settings(tctx, tctx->lp_ctx)
+			);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+			"smb2_connect failed");
+	transport = tree->session->transport;
+	transport->oplock.handler = torture_oplock_ack_handler;
+	transport->oplock.private_data = tree;
+	transport->lease.handler = torture_lease_handler;
+	transport->lease.private_data = tree;
+	torture_comment(tctx, "established transport [%p]\n", transport);
+
+	/*
+	 * If parent tree is set, bind the session to the parent transport
+	 */
+	if (parent_tree) {
+		session = smb2_session_channel(transport,
+				lpcfg_gensec_settings(tctx, tctx->lp_ctx),
+				parent_tree, parent_tree->session);
+		torture_assert_goto(tctx, session != NULL, ret, done,
+				"smb2_session_channel failed");
+
+		tree->smbXcli = parent_tree->smbXcli;
+		tree->session = session;
+		status = smb2_session_setup_spnego(session,
+						credentials,
+						0 /* previous_session_id */);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		torture_comment(tctx, "bound new session to parent\n");
+	}
+	/*
+	 * We absolutely need to make sure to send something over this
+	 * connection to register the oplock break handler with the smb client
+	 * connection. If we do not send something (at least a keepalive), we
+	 * will *NEVER* receive anything over this transport.
+	 */
+	smb2_keepalive(transport);
+
+done:
+	if (ret) {
+		return tree;
+	} else {
+		return NULL;
+	}
+}
+
+bool test_multichannel_create_channel_array(
+				struct torture_context *tctx,
+				const char *host,
+				const char *share,
+				struct cli_credentials *credentials,
+				struct smbcli_options *transport_options,
+				uint8_t num_trees,
+				struct smb2_tree **trees)
+{
+	uint8_t i;
+
+	transport_options->client_guid = GUID_random();
+
+	for (i = 0; i < num_trees; i++) {
+		struct smb2_tree *parent_tree = NULL;
+		struct smb2_tree *tree = NULL;
+		struct smb2_transport *transport = NULL;
+		uint16_t local_port = 0;
+
+		if (i > 0) {
+			parent_tree = trees[0];
+		}
+
+		torture_comment(tctx, "Setting up connection %d\n", i);
+		tree = test_multichannel_create_channel(tctx, host, share,
+					credentials, transport_options,
+					parent_tree);
+		torture_assert(tctx, tree, "failed to created new channel");
+
+		trees[i] = tree;
+		transport = tree->session->transport;
+		local_port = torture_get_local_port_from_transport(transport);
+		torture_comment(tctx, "transport[%d] uses tcp port: %d\n",
+				i, local_port);
+	}
+
+	return true;
+}
+
+bool test_multichannel_create_channels(
+				struct torture_context *tctx,
+				const char *host,
+				const char *share,
+				struct cli_credentials *credentials,
+				struct smbcli_options *transport_options,
+				struct smb2_tree **tree2A,
+				struct smb2_tree **tree2B,
+				struct smb2_tree **tree2C
+				)
+{
+	struct smb2_tree **trees = NULL;
+	size_t num_trees = 0;
+	bool ret;
+
+	torture_assert(tctx, tree2A, "tree2A required!");
+	num_trees += 1;
+	torture_assert(tctx, tree2B, "tree2B required!");
+	num_trees += 1;
+	if (tree2C != NULL) {
+		num_trees += 1;
+	}
+	trees = talloc_zero_array(tctx, struct smb2_tree *, num_trees);
+	torture_assert(tctx, trees, "out of memory");
+
+	ret = test_multichannel_create_channel_array(tctx, host, share, credentials,
+						     transport_options,
+						     num_trees, trees);
+	if (!ret) {
+		return false;
+	}
+
+	*tree2A = trees[0];
+	*tree2B = trees[1];
+	if (tree2C != NULL) {
+		*tree2C = trees[2];
+	}
+
+	return true;
+}
+
+static void test_multichannel_free_channels(struct smb2_tree *tree2A,
+					     struct smb2_tree *tree2B,
+					     struct smb2_tree *tree2C)
+{
+	TALLOC_FREE(tree2A);
+	TALLOC_FREE(tree2B);
+	TALLOC_FREE(tree2C);
+}
+
+static bool test_multichannel_initial_checks(struct torture_context *tctx,
+					     struct smb2_tree *tree1)
+{
+	struct smb2_transport *transport1 = tree1->session->transport;
+	uint32_t server_capabilities;
+	struct fsctl_net_iface_info info;
+
+	if (smbXcli_conn_protocol(transport1->conn) < PROTOCOL_SMB3_00) {
+		torture_skip_goto(tctx, fail,
+				  "SMB 3.X Dialect family required for "
+				  "Multichannel tests\n");
+	}
+
+	server_capabilities = smb2cli_conn_server_capabilities(
+					tree1->session->transport->conn);
+	if (!(server_capabilities & SMB2_CAP_MULTI_CHANNEL)) {
+		torture_skip_goto(tctx, fail,
+			     "Server does not support multichannel.");
+	}
+
+	torture_assert(tctx,
+		test_ioctl_network_interface_info(tctx, tree1, &info),
+		"failed to retrieve network interface info");
+
+	return true;
+fail:
+	return false;
+}
+
+static void test_multichannel_init_smb_create(struct smb2_create *io)
+{
+	io->in.durable_open = false;
+	io->in.durable_open_v2 = true;
+	io->in.persistent_open = false;
+	io->in.create_guid = GUID_random();
+	io->in.timeout = 0x493E0; /* 300000 */
+	/* windows 2016 returns 300000 0x493E0 */
+}
+
+/* Timer handler function notifies the registering function that time is up */
+static void timeout_cb(struct tevent_context *ev,
+		       struct tevent_timer *te,
+		       struct timeval current_time,
+		       void *private_data)
+{
+	bool *timesup = (bool *)private_data;
+	*timesup = true;
+}
+
+/*
+ * Oplock break - Test 1
+ * Test to confirm that server sends oplock breaks as expected.
+ * open file1 in session 2A
+ * open file2 in session 2B
+ * open file1 in session 1
+ *      oplock break received
+ * open file1 in session 1
+ *      oplock break received
+ * Cleanup
+ */
+static bool test_multichannel_oplock_break_test1(struct torture_context *tctx,
+					   struct smb2_tree *tree1)
+{
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *share = torture_setting_string(tctx, "share", NULL);
+	struct cli_credentials *credentials = samba_cmdline_get_creds();
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_handle _h;
+	struct smb2_handle h_client1_file1 = {{0}};
+	struct smb2_handle h_client1_file2 = {{0}};
+	struct smb2_handle h_client1_file3 = {{0}};
+	struct smb2_handle h_client2_file1 = {{0}};
+	struct smb2_handle h_client2_file2 = {{0}};
+	struct smb2_handle h_client2_file3 = {{0}};
+	struct smb2_create io1, io2, io3;
+	bool ret = true;
+	const char *fname1 = BASEDIR "\\oplock_break_test1.dat";
+	const char *fname2 = BASEDIR "\\oplock_break_test2.dat";
+	const char *fname3 = BASEDIR "\\oplock_break_test3.dat";
+	struct smb2_tree *tree2A = NULL;
+	struct smb2_tree *tree2B = NULL;
+	struct smb2_tree *tree2C = NULL;
+	struct smb2_transport *transport1 = tree1->session->transport;
+	struct smbcli_options transport2_options;
+	struct smb2_session *session1 = tree1->session;
+	uint16_t local_port = 0;
+
+	if (!test_multichannel_initial_checks(tctx, tree1)) {
+		return true;
+	}
+
+	torture_comment(tctx, "Oplock break retry: Test1\n");
+
+	torture_reset_break_info(tctx, &break_info);
+
+	transport1->oplock.handler = torture_oplock_ack_handler;
+	transport1->oplock.private_data = tree1;
+	torture_comment(tctx, "transport1  [%p]\n", transport1);
+	local_port = torture_get_local_port_from_transport(transport1);
+	torture_comment(tctx, "transport1 uses tcp port: %d\n", local_port);
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &_h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree1, _h);
+	smb2_util_unlink(tree1, fname1);
+	smb2_util_unlink(tree1, fname2);
+	smb2_util_unlink(tree1, fname3);
+	CHECK_VAL(break_info.count, 0);
+
+	smb2_oplock_create_share(&io1, fname1,
+			smb2_util_share_access("RWD"),
+			smb2_util_oplock_level("b"));
+	test_multichannel_init_smb_create(&io1);
+
+	smb2_oplock_create_share(&io2, fname2,
+			smb2_util_share_access("RWD"),
+			smb2_util_oplock_level("b"));
+	test_multichannel_init_smb_create(&io2);
+
+	smb2_oplock_create_share(&io3, fname3,
+			smb2_util_share_access("RWD"),
+			smb2_util_oplock_level("b"));
+	test_multichannel_init_smb_create(&io3);
+
+	transport2_options = transport1->options;
+
+	ret = test_multichannel_create_channels(tctx, host, share,
+						  credentials,
+						  &transport2_options,
+						  &tree2A, &tree2B, NULL);
+	torture_assert(tctx, ret, "Could not create channels.\n");
+
+	/* 2a opens file1 */
+	torture_comment(tctx, "client2 opens fname1 via session 2A\n");
+	status = smb2_create(tree2A, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h_client2_file1 = io1.out.file.handle;
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io1.out.oplock_level, smb2_util_oplock_level("b"));
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+
+	/* 2b opens file2 */
+	torture_comment(tctx, "client2 opens fname2 via session 2B\n");
+	status = smb2_create(tree2B, mem_ctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h_client2_file2 = io2.out.file.handle;
+	CHECK_CREATED(&io2, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io2.out.oplock_level, smb2_util_oplock_level("b"));
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+
+
+	/* 1 opens file1 - batchoplock break? */
+	torture_comment(tctx, "client1 opens fname1 via session 1\n");
+	io1.in.oplock_level = smb2_util_oplock_level("b");
+	status = smb2_create(tree1, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h_client1_file1 = io1.out.file.handle;
+	CHECK_CREATED(&io1, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io1.out.oplock_level, smb2_util_oplock_level("s"));
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+
+	torture_reset_break_info(tctx, &break_info);
+
+	/* 1 opens file2 - batchoplock break? */
+	torture_comment(tctx, "client1 opens fname2 via session 1\n");
+	io2.in.oplock_level = smb2_util_oplock_level("b");
+	status = smb2_create(tree1, mem_ctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h_client1_file2 = io2.out.file.handle;
+	CHECK_CREATED(&io2, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io2.out.oplock_level, smb2_util_oplock_level("s"));
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+
+	/* cleanup everything */
+	torture_reset_break_info(tctx, &break_info);
+
+	smb2_util_close(tree1, h_client1_file1);
+	smb2_util_close(tree1, h_client1_file2);
+	smb2_util_close(tree1, h_client1_file3);
+	smb2_util_close(tree2A, h_client2_file1);
+	smb2_util_close(tree2A, h_client2_file2);
+	smb2_util_close(tree2A, h_client2_file3);
+
+	smb2_util_unlink(tree1, fname1);
+	smb2_util_unlink(tree1, fname2);
+	smb2_util_unlink(tree1, fname3);
+	CHECK_VAL(break_info.count, 0);
+	test_multichannel_free_channels(tree2A, tree2B, tree2C);
+	tree2A = tree2B = tree2C = NULL;
+done:
+	tree1->session = session1;
+
+	smb2_util_close(tree1, h_client1_file1);
+	smb2_util_close(tree1, h_client1_file2);
+	smb2_util_close(tree1, h_client1_file3);
+	if (tree2A != NULL) {
+		smb2_util_close(tree2A, h_client2_file1);
+		smb2_util_close(tree2A, h_client2_file2);
+		smb2_util_close(tree2A, h_client2_file3);
+	}
+
+	smb2_util_unlink(tree1, fname1);
+	smb2_util_unlink(tree1, fname2);
+	smb2_util_unlink(tree1, fname3);
+	smb2_deltree(tree1, BASEDIR);
+
+	test_multichannel_free_channels(tree2A, tree2B, tree2C);
+	talloc_free(tree1);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/*
+ * Oplock Break Test 2
+ * Test to see if oplock break retries are sent by the server.
+ * Also checks to see if new channels can be created and used
+ * after an oplock break retry.
+ * open file1 in 2A
+ * open file2 in 2B
+ * open file1 in session 1
+ *      oplock break received
+ * block channel on which oplock break received
+ * open file2 in session 1
+ *      oplock break not received. Retry received.
+ *      file opened
+ * write to file2 on 2B
+ *      Break sent to session 1(which has file2 open)
+ *      Break sent to session 2A(which has read oplock)
+ * close file1 in session 1
+ * open file1 with session 1
+ * unblock blocked channel
+ * disconnect blocked channel
+ * connect channel 2D
+ * open file3 in 2D
+ * open file3 in session 1
+ *      receive break
+ */
+static bool test_multichannel_oplock_break_test2(struct torture_context *tctx,
+					   struct smb2_tree *tree1)
+{
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *share = torture_setting_string(tctx, "share", NULL);
+	struct cli_credentials *credentials = samba_cmdline_get_creds();
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_handle _h;
+	struct smb2_handle h_client1_file1 = {{0}};
+	struct smb2_handle h_client1_file2 = {{0}};
+	struct smb2_handle h_client1_file3 = {{0}};
+	struct smb2_handle h_client2_file1 = {{0}};
+	struct smb2_handle h_client2_file2 = {{0}};
+	struct smb2_handle h_client2_file3 = {{0}};
+	struct smb2_create io1, io2, io3;
+	bool ret = true;
+	const char *fname1 = BASEDIR "\\oplock_break_test1.dat";
+	const char *fname2 = BASEDIR "\\oplock_break_test2.dat";
+	const char *fname3 = BASEDIR "\\oplock_break_test3.dat";
+	struct smb2_tree *tree2A = NULL;
+	struct smb2_tree *tree2B = NULL;
+	struct smb2_tree *tree2C = NULL;
+	struct smb2_tree *tree2D = NULL;
+	struct smb2_transport *transport1 = tree1->session->transport;
+	struct smb2_transport *transport2 = NULL;
+	struct smbcli_options transport2_options;
+	struct smb2_session *session1 = tree1->session;
+	uint16_t local_port = 0;
+	DATA_BLOB blob;
+	bool block_setup = false;
+	bool block_ok = false;
+	bool unblock_ok = false;
+
+	if (!test_multichannel_initial_checks(tctx, tree1)) {
+		return true;
+	}
+
+	torture_comment(tctx, "Oplock break retry: Test2\n");
+
+	torture_reset_break_info(tctx, &break_info);
+
+	transport1->oplock.handler = torture_oplock_ack_handler;
+	transport1->oplock.private_data = tree1;
+	torture_comment(tctx, "transport1  [%p]\n", transport1);
+	local_port = torture_get_local_port_from_transport(transport1);
+	torture_comment(tctx, "transport1 uses tcp port: %d\n", local_port);
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &_h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree1, _h);
+	smb2_util_unlink(tree1, fname1);
+	smb2_util_unlink(tree1, fname2);
+	smb2_util_unlink(tree1, fname3);
+	CHECK_VAL(break_info.count, 0);
+
+	smb2_oplock_create_share(&io1, fname1,
+			smb2_util_share_access("RWD"),
+			smb2_util_oplock_level("b"));
+	test_multichannel_init_smb_create(&io1);
+
+	smb2_oplock_create_share(&io2, fname2,
+			smb2_util_share_access("RWD"),
+			smb2_util_oplock_level("b"));
+	test_multichannel_init_smb_create(&io2);
+
+	smb2_oplock_create_share(&io3, fname3,
+			smb2_util_share_access("RWD"),
+			smb2_util_oplock_level("b"));
+	test_multichannel_init_smb_create(&io3);
+
+	transport2_options = transport1->options;
+
+	ret = test_multichannel_create_channels(tctx, host, share,
+						  credentials,
+						  &transport2_options,
+						  &tree2A, &tree2B, &tree2C);
+	torture_assert(tctx, ret, "Could not create channels.\n");
+
+	torture_comment(tctx, "client2 opens fname1 via session 2A\n");
+	io1.in.oplock_level = smb2_util_oplock_level("b");
+	status = smb2_create(tree2A, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h_client2_file1 = io1.out.file.handle;
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io1.out.oplock_level, smb2_util_oplock_level("b"));
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+
+
+	torture_comment(tctx, "client2 opens fname2 via session 2B\n");
+	io2.in.oplock_level = smb2_util_oplock_level("b");
+	status = smb2_create(tree2B, mem_ctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h_client2_file2 = io2.out.file.handle;
+	CHECK_CREATED(&io2, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io2.out.oplock_level, smb2_util_oplock_level("b"));
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+
+
+	torture_comment(tctx, "client1 opens fname1 via session 1\n");
+	io1.in.oplock_level = smb2_util_oplock_level("b");
+	status = smb2_create(tree1, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h_client1_file1 = io1.out.file.handle;
+	CHECK_CREATED(&io1, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io1.out.oplock_level, smb2_util_oplock_level("s"));
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+
+	/* We use the transport over which this oplock break was received */
+	transport2 = break_info.received_transport;
+	torture_reset_break_info(tctx, &break_info);
+
+	block_setup = test_setup_blocked_transports(tctx);
+	torture_assert(tctx, block_setup, "test_setup_blocked_transports");
+
+	/* block channel */
+	block_ok = test_block_smb2_transport(tctx, transport2);
+
+	torture_comment(tctx, "client1 opens fname2 via session 1\n");
+	io2.in.oplock_level = smb2_util_oplock_level("b");
+	status = smb2_create(tree1, mem_ctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h_client1_file2 = io2.out.file.handle;
+	CHECK_CREATED(&io2, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io2.out.oplock_level, smb2_util_oplock_level("s"));
+
+	/*
+	 * Samba downgrades oplock to a level 2 oplock.
+	 * Windows 2016 revokes oplock
+	 */
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	torture_reset_break_info(tctx, &break_info);
+
+	torture_comment(tctx, "Trying write to file2 on tree2B\n");
+
+	blob = data_blob_string_const("Here I am");
+	status = smb2_util_write(tree2B,
+				 h_client2_file2,
+				 blob.data,
+				 0,
+				 blob.length);
+	torture_assert_ntstatus_ok(tctx, status,
+		"failed to write file2 via channel 2B");
+
+	/*
+	 * Samba: Write triggers 2 oplock breaks
+	 *  for session 1 which has file2 open
+	 *  for session 2 which has type 2 oplock
+	 * Windows 2016: Only one oplock break for session 1
+	 */
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL_GREATER_THAN(break_info.count, 0);
+	torture_reset_break_info(tctx, &break_info);
+
+	torture_comment(tctx, "client1 closes fname2 via session 1\n");
+	smb2_util_close(tree1, h_client1_file2);
+
+	torture_comment(tctx, "client1 opens fname2 via session 1 again\n");
+	io2.in.oplock_level = smb2_util_oplock_level("b");
+	status = smb2_create(tree1, mem_ctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h_client1_file2 = io2.out.file.handle;
+	io2.out.alloc_size = 0;
+	io2.out.size = 0;
+	CHECK_CREATED(&io2, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io2.out.oplock_level, smb2_util_oplock_level("s"));
+
+	/*
+	 * now add a fourth channel and repeat the test, we need to reestablish
+	 * transport2 because the remote end has invalidated our connection
+	 */
+	torture_comment(tctx, "Connecting session 2D\n");
+	tree2D = test_multichannel_create_channel(tctx, host, share,
+				     credentials, &transport2_options, tree2B);
+	if (!tree2D) {
+		goto done;
+	}
+
+	torture_reset_break_info(tctx, &break_info);
+	torture_comment(tctx, "client 2 opening fname3 over transport2D\n");
+	status = smb2_create(tree2D, mem_ctx, &io3);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h_client2_file3 = io3.out.file.handle;
+	CHECK_CREATED(&io3, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io3.out.oplock_level, smb2_util_oplock_level("b"));
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+
+	torture_comment(tctx, "client1 opens fname3 via session 1\n");
+	status = smb2_create(tree1, mem_ctx, &io3);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h_client1_file3 = io3.out.file.handle;
+	CHECK_CREATED(&io3, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io3.out.oplock_level, smb2_util_oplock_level("s"));
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+
+done:
+	if (block_ok && !unblock_ok) {
+		test_unblock_smb2_transport(tctx, transport2);
+	}
+	test_cleanup_blocked_transports(tctx);
+
+	tree1->session = session1;
+
+	smb2_util_close(tree1, h_client1_file1);
+	smb2_util_close(tree1, h_client1_file2);
+	smb2_util_close(tree1, h_client1_file3);
+	if (tree2B != NULL) {
+		smb2_util_close(tree2B, h_client2_file1);
+		smb2_util_close(tree2B, h_client2_file2);
+		smb2_util_close(tree2B, h_client2_file3);
+	}
+
+	smb2_util_unlink(tree1, fname1);
+	smb2_util_unlink(tree1, fname2);
+	smb2_util_unlink(tree1, fname3);
+	smb2_deltree(tree1, BASEDIR);
+
+	test_multichannel_free_channels(tree2A, tree2B, tree2C);
+	if (tree2D != NULL) {
+		TALLOC_FREE(tree2D);
+	}
+	talloc_free(tree1);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+struct test_multichannel_oplock_break_state;
+
+struct test_multichannel_oplock_break_channel {
+	struct test_multichannel_oplock_break_state *state;
+	size_t idx;
+	char name[64];
+	struct smb2_tree *tree;
+	bool blocked;
+	struct timeval break_time;
+	double full_duration;
+	double relative_duration;
+	uint8_t level;
+	size_t break_num;
+};
+
+struct test_multichannel_oplock_break_state {
+	struct torture_context *tctx;
+	struct timeval open_req_time;
+	struct timeval open_rep_time;
+	size_t num_breaks;
+	struct timeval last_break_time;
+	struct test_multichannel_oplock_break_channel channels[32];
+};
+
+static bool test_multichannel_oplock_break_handler(struct smb2_transport *transport,
+						   const struct smb2_handle *handle,
+						   uint8_t level,
+						   void *private_data)
+{
+	struct test_multichannel_oplock_break_channel *c =
+		(struct test_multichannel_oplock_break_channel *)private_data;
+	struct test_multichannel_oplock_break_state *state = c->state;
+
+	c->break_time = timeval_current();
+	c->full_duration = timeval_elapsed2(&state->open_req_time,
+					    &c->break_time);
+	c->relative_duration = timeval_elapsed2(&state->last_break_time,
+						&c->break_time);
+	state->last_break_time = c->break_time;
+	c->level = level;
+	c->break_num = ++state->num_breaks;
+
+	torture_comment(state->tctx, "Got OPLOCK break %zu on %s after %f ( %f)\n",
+			c->break_num, c->name,
+			c->relative_duration,
+			c->full_duration);
+
+	return torture_oplock_ack_handler(transport, handle, level, c->tree);
+}
+
+static bool test_multichannel_oplock_break_test3_windows(struct torture_context *tctx,
+							 struct smb2_tree *tree1)
+{
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *share = torture_setting_string(tctx, "share", NULL);
+	struct cli_credentials *credentials = samba_cmdline_get_creds();
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct test_multichannel_oplock_break_state state = {
+		.tctx = tctx,
+	};
+	struct test_multichannel_oplock_break_channel *open2_channel = NULL;
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_handle h_client1_file1 = {{0}};
+	struct smb2_handle h_client2_file1 = {{0}};
+	struct smb2_create io1;
+	struct smb2_create io2;
+	bool ret = true;
+	const char *fname1 = BASEDIR "\\oplock_break_test3w.dat";
+	struct smb2_tree *trees2[32] = { NULL, };
+	size_t i;
+	struct smb2_transport *transport1 = tree1->session->transport;
+	struct smbcli_options transport2_options;
+	struct smb2_session *session1 = tree1->session;
+	uint16_t local_port = 0;
+	bool block_setup = false;
+	bool block_ok = false;
+	double open_duration;
+
+	if (!test_multichannel_initial_checks(tctx, tree1)) {
+		return true;
+	}
+
+	torture_comment(tctx, "Oplock break retry: Test3 (Windows behavior)\n");
+
+	torture_reset_break_info(tctx, &break_info);
+	break_info.oplock_skip_ack = true;
+
+	transport1->oplock.handler = torture_oplock_ack_handler;
+	transport1->oplock.private_data = tree1;
+	torture_comment(tctx, "transport1  [%p]\n", transport1);
+	local_port = torture_get_local_port_from_transport(transport1);
+	torture_comment(tctx, "transport1 uses tcp port: %d\n", local_port);
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &_h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree1, _h);
+	smb2_util_unlink(tree1, fname1);
+	CHECK_VAL(break_info.count, 0);
+
+	smb2_oplock_create_share(&io2, fname1,
+			smb2_util_share_access("RWD"),
+			smb2_util_oplock_level("b"));
+
+	transport2_options = transport1->options;
+
+	ret = test_multichannel_create_channel_array(tctx, host, share, credentials,
+						     &transport2_options,
+						     ARRAY_SIZE(trees2), trees2);
+	torture_assert(tctx, ret, "Could not create channels.\n");
+
+	for (i = 0; i < ARRAY_SIZE(trees2); i++) {
+		struct test_multichannel_oplock_break_channel *c = &state.channels[i];
+		struct smb2_transport *t = trees2[i]->session->transport;
+
+		c->state = &state;
+		c->idx = i+1;
+		c->tree = trees2[i];
+		snprintf(c->name, sizeof(c->name), "trees2_%zu", c->idx);
+
+		t->oplock.handler = test_multichannel_oplock_break_handler;
+		t->oplock.private_data = c;
+	}
+
+	open2_channel = &state.channels[0];
+
+	/* 2a opens file1 */
+	torture_comment(tctx, "client2 opens fname1 via %s\n",
+			open2_channel->name);
+	status = smb2_create(open2_channel->tree, mem_ctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h_client2_file1 = io2.out.file.handle;
+	CHECK_CREATED(&io2, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io2.out.oplock_level, smb2_util_oplock_level("b"));
+	CHECK_VAL(io2.out.durable_open_v2, false);
+	CHECK_VAL(io2.out.timeout, io2.in.timeout);
+	CHECK_VAL(io2.out.durable_open, false);
+	CHECK_VAL(break_info.count, 0);
+
+	block_setup = test_setup_blocked_transports(tctx);
+	torture_assert(tctx, block_setup, "test_setup_blocked_transports");
+
+	for (i = 0; i < ARRAY_SIZE(state.channels); i++) {
+		struct test_multichannel_oplock_break_channel *c = &state.channels[i];
+		struct smb2_transport *t = c->tree->session->transport;
+
+		torture_comment(tctx, "Blocking %s\n", c->name);
+		block_ok = _test_block_smb2_transport(tctx, t, c->name);
+		torture_assert_goto(tctx, block_ok, ret, done, "we could not block tcp transport");
+		c->blocked = true;
+	}
+
+	/* 1 opens file2 */
+	torture_comment(tctx,
+			"Client opens fname1 with session 1 with all %zu blocked\n",
+			ARRAY_SIZE(trees2));
+	smb2_oplock_create_share(&io1, fname1,
+			smb2_util_share_access("RWD"),
+			smb2_util_oplock_level("b"));
+	CHECK_VAL(lease_break_info.count, 0);
+	state.open_req_time = timeval_current();
+	state.last_break_time = state.open_req_time;
+	status = smb2_create(tree1, mem_ctx, &io1);
+	state.open_rep_time = timeval_current();
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h_client1_file1 = io1.out.file.handle;
+	CHECK_VAL(io1.out.oplock_level, smb2_util_oplock_level("s"));
+
+	CHECK_VAL(break_info.count, 1);
+
+	open_duration = timeval_elapsed2(&state.open_req_time,
+					 &state.open_rep_time);
+	torture_comment(tctx, "open_duration: %f\n", open_duration);
+	CHECK_VAL_GREATER_THAN(open_duration, 35);
+
+	if (break_info.count == 0) {
+		torture_comment(tctx,
+				"Did not receive expected oplock break!!\n");
+	} else {
+		torture_comment(tctx, "Received %d oplock break(s)!!\n",
+				break_info.count);
+	}
+
+	for (i = 0; i < ARRAY_SIZE(state.channels); i++) {
+		struct test_multichannel_oplock_break_channel *c = &state.channels[i];
+		size_t expected_break_num = 0;
+
+		/*
+		 * Only the latest channel gets a break notification
+		 */
+		if (i == (ARRAY_SIZE(state.channels) - 1)) {
+			expected_break_num = 1;
+		}
+
+		torture_comment(tctx, "Verify %s\n", c->name);
+		torture_assert_int_equal(tctx, c->break_num, expected_break_num,
+					 "Got oplock break on wrong channel");
+		if (expected_break_num != 0) {
+			CHECK_VAL(c->level, smb2_util_oplock_level("s"));
+		}
+	}
+
+done:
+	for (i = 0; i < ARRAY_SIZE(state.channels); i++) {
+		struct test_multichannel_oplock_break_channel *c = &state.channels[i];
+		struct smb2_transport *t = NULL;
+
+		if (!c->blocked) {
+			continue;
+		}
+
+		t = c->tree->session->transport;
+
+		torture_comment(tctx, "Unblocking %s\n", c->name);
+		_test_unblock_smb2_transport(tctx, t, c->name);
+		c->blocked = false;
+	}
+	if (block_setup) {
+		test_cleanup_blocked_transports(tctx);
+	}
+
+	tree1->session = session1;
+
+	smb2_util_close(tree1, h_client1_file1);
+	if (trees2[0] != NULL) {
+		smb2_util_close(trees2[0], h_client2_file1);
+	}
+
+	if (h != NULL) {
+		smb2_util_close(tree1, *h);
+	}
+
+	smb2_util_unlink(tree1, fname1);
+	smb2_deltree(tree1, BASEDIR);
+
+	for (i = 0; i < ARRAY_SIZE(trees2); i++) {
+		if (trees2[i] == NULL) {
+			continue;
+		}
+		TALLOC_FREE(trees2[i]);
+	}
+	talloc_free(tree1);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+static bool test_multichannel_oplock_break_test3_specification(struct torture_context *tctx,
+							       struct smb2_tree *tree1)
+{
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *share = torture_setting_string(tctx, "share", NULL);
+	struct cli_credentials *credentials = samba_cmdline_get_creds();
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct test_multichannel_oplock_break_state state = {
+		.tctx = tctx,
+	};
+	struct test_multichannel_oplock_break_channel *open2_channel = NULL;
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_handle h_client1_file1 = {{0}};
+	struct smb2_handle h_client2_file1 = {{0}};
+	struct smb2_create io1;
+	struct smb2_create io2;
+	bool ret = true;
+	const char *fname1 = BASEDIR "\\oplock_break_test3s.dat";
+	struct smb2_tree *trees2[32] = { NULL, };
+	size_t i;
+	struct smb2_transport *transport1 = tree1->session->transport;
+	struct smbcli_options transport2_options;
+	struct smb2_session *session1 = tree1->session;
+	uint16_t local_port = 0;
+	bool block_setup = false;
+	bool block_ok = false;
+	double open_duration;
+
+	if (!test_multichannel_initial_checks(tctx, tree1)) {
+		return true;
+	}
+
+	torture_comment(tctx, "Oplock break retry: Test3 (Specification behavior)\n");
+
+	torture_reset_break_info(tctx, &break_info);
+	break_info.oplock_skip_ack = true;
+
+	transport1->oplock.handler = torture_oplock_ack_handler;
+	transport1->oplock.private_data = tree1;
+	torture_comment(tctx, "transport1  [%p]\n", transport1);
+	local_port = torture_get_local_port_from_transport(transport1);
+	torture_comment(tctx, "transport1 uses tcp port: %d\n", local_port);
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &_h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree1, _h);
+	smb2_util_unlink(tree1, fname1);
+	CHECK_VAL(break_info.count, 0);
+
+	smb2_oplock_create_share(&io2, fname1,
+			smb2_util_share_access("RWD"),
+			smb2_util_oplock_level("b"));
+
+	transport2_options = transport1->options;
+
+	ret = test_multichannel_create_channel_array(tctx, host, share, credentials,
+						     &transport2_options,
+						     ARRAY_SIZE(trees2), trees2);
+	torture_assert(tctx, ret, "Could not create channels.\n");
+
+	for (i = 0; i < ARRAY_SIZE(trees2); i++) {
+		struct test_multichannel_oplock_break_channel *c = &state.channels[i];
+		struct smb2_transport *t = trees2[i]->session->transport;
+
+		c->state = &state;
+		c->idx = i+1;
+		c->tree = trees2[i];
+		snprintf(c->name, sizeof(c->name), "trees2_%zu", c->idx);
+
+		t->oplock.handler = test_multichannel_oplock_break_handler;
+		t->oplock.private_data = c;
+	}
+
+	open2_channel = &state.channels[0];
+
+	/* 2a opens file1 */
+	torture_comment(tctx, "client2 opens fname1 via %s\n",
+			open2_channel->name);
+	status = smb2_create(open2_channel->tree, mem_ctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h_client2_file1 = io2.out.file.handle;
+	CHECK_CREATED(&io2, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io2.out.oplock_level, smb2_util_oplock_level("b"));
+	CHECK_VAL(io2.out.durable_open_v2, false);
+	CHECK_VAL(io2.out.timeout, io2.in.timeout);
+	CHECK_VAL(io2.out.durable_open, false);
+	CHECK_VAL(break_info.count, 0);
+
+	block_setup = test_setup_blocked_transports(tctx);
+	torture_assert(tctx, block_setup, "test_setup_blocked_transports");
+
+	for (i = 0; i < ARRAY_SIZE(state.channels); i++) {
+		struct test_multichannel_oplock_break_channel *c = &state.channels[i];
+		struct smb2_transport *t = c->tree->session->transport;
+
+		torture_comment(tctx, "Blocking %s\n", c->name);
+		block_ok = _test_block_smb2_transport(tctx, t, c->name);
+		torture_assert_goto(tctx, block_ok, ret, done, "we could not block tcp transport");
+		c->blocked = true;
+	}
+
+	/* 1 opens file2 */
+	torture_comment(tctx,
+			"Client opens fname1 with session 1 with all %zu blocked\n",
+			ARRAY_SIZE(trees2));
+	smb2_oplock_create_share(&io1, fname1,
+			smb2_util_share_access("RWD"),
+			smb2_util_oplock_level("b"));
+	CHECK_VAL(lease_break_info.count, 0);
+	state.open_req_time = timeval_current();
+	state.last_break_time = state.open_req_time;
+	status = smb2_create(tree1, mem_ctx, &io1);
+	state.open_rep_time = timeval_current();
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h_client1_file1 = io1.out.file.handle;
+
+	CHECK_VAL_GREATER_THAN(break_info.count, 1);
+
+	open_duration = timeval_elapsed2(&state.open_req_time,
+					 &state.open_rep_time);
+	torture_comment(tctx, "open_duration: %f\n", open_duration);
+	if (break_info.count < ARRAY_SIZE(state.channels)) {
+		CHECK_VAL_GREATER_THAN(open_duration, 35);
+		CHECK_VAL(io1.out.oplock_level, smb2_util_oplock_level("s"));
+	} else {
+		CHECK_VAL(io1.out.oplock_level, smb2_util_oplock_level("b"));
+	}
+
+	for (i = 0; i < ARRAY_SIZE(state.channels); i++) {
+		if (break_info.count >= ARRAY_SIZE(state.channels)) {
+			break;
+		}
+		torture_comment(tctx, "Received %d oplock break(s) wait for more!!\n",
+				break_info.count);
+		torture_wait_for_oplock_break(tctx);
+	}
+
+	if (break_info.count == 0) {
+		torture_comment(tctx,
+				"Did not receive expected oplock break!!\n");
+	} else {
+		torture_comment(tctx, "Received %d oplock break(s)!!\n",
+				break_info.count);
+	}
+
+	if (break_info.count < ARRAY_SIZE(state.channels)) {
+		CHECK_VAL_GREATER_THAN(break_info.count, 3);
+	} else {
+		CHECK_VAL(break_info.count, ARRAY_SIZE(state.channels));
+	}
+
+	for (i = 0; i < break_info.count; i++) {
+		struct test_multichannel_oplock_break_channel *c = &state.channels[i];
+
+		torture_comment(tctx, "Verify %s\n", c->name);
+		torture_assert_int_equal(tctx, c->break_num, c->idx,
+					 "Got oplock break on wrong channel");
+		CHECK_VAL(c->level, smb2_util_oplock_level("s"));
+	}
+
+done:
+	for (i = 0; i < ARRAY_SIZE(state.channels); i++) {
+		struct test_multichannel_oplock_break_channel *c = &state.channels[i];
+		struct smb2_transport *t = NULL;
+
+		if (!c->blocked) {
+			continue;
+		}
+
+		t = c->tree->session->transport;
+
+		torture_comment(tctx, "Unblocking %s\n", c->name);
+		_test_unblock_smb2_transport(tctx, t, c->name);
+		c->blocked = false;
+	}
+	if (block_setup) {
+		test_cleanup_blocked_transports(tctx);
+	}
+
+	tree1->session = session1;
+
+	smb2_util_close(tree1, h_client1_file1);
+	if (trees2[0] != NULL) {
+		smb2_util_close(trees2[0], h_client2_file1);
+	}
+
+	if (h != NULL) {
+		smb2_util_close(tree1, *h);
+	}
+
+	smb2_util_unlink(tree1, fname1);
+	smb2_deltree(tree1, BASEDIR);
+
+	for (i = 0; i < ARRAY_SIZE(trees2); i++) {
+		if (trees2[i] == NULL) {
+			continue;
+		}
+		TALLOC_FREE(trees2[i]);
+	}
+	talloc_free(tree1);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+static const uint64_t LEASE1F1 = 0xBADC0FFEE0DDF00Dull;
+static const uint64_t LEASE1F2 = 0xBADC0FFEE0DDD00Dull;
+static const uint64_t LEASE1F3 = 0xDADC0FFEE0DDD00Dull;
+static const uint64_t LEASE2F1 = 0xDEADBEEFFEEDBEADull;
+static const uint64_t LEASE2F2 = 0xDAD0FFEDD00DF00Dull;
+static const uint64_t LEASE2F3 = 0xBAD0FFEDD00DF00Dull;
+
+/*
+ * Lease Break Test 1:
+ * Test to check if lease breaks are sent by the server as expected.
+ *      open file1 in session 2A
+ *      open file2 in session 2B
+ *      open file3 in session 2C
+ *      open file1 in session 1
+ *           lease break sent
+ *      open file2 in session 1
+ *           lease break sent
+ *      open file3 in session 1
+ *           lease break sent
+ */
+static bool test_multichannel_lease_break_test1(struct torture_context *tctx,
+						struct smb2_tree *tree1)
+{
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *share = torture_setting_string(tctx, "share", NULL);
+	struct cli_credentials *credentials = samba_cmdline_get_creds();
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_handle h_client1_file1 = {{0}};
+	struct smb2_handle h_client1_file2 = {{0}};
+	struct smb2_handle h_client1_file3 = {{0}};
+	struct smb2_handle h_client2_file1 = {{0}};
+	struct smb2_handle h_client2_file2 = {{0}};
+	struct smb2_handle h_client2_file3 = {{0}};
+	struct smb2_create io1, io2, io3;
+	bool ret = true;
+	const char *fname1 = BASEDIR "\\lease_break_test1.dat";
+	const char *fname2 = BASEDIR "\\lease_break_test2.dat";
+	const char *fname3 = BASEDIR "\\lease_break_test3.dat";
+	struct smb2_tree *tree2A = NULL;
+	struct smb2_tree *tree2B = NULL;
+	struct smb2_tree *tree2C = NULL;
+	struct smb2_transport *transport1 = tree1->session->transport;
+	struct smbcli_options transport2_options;
+	struct smb2_session *session1 = tree1->session;
+	uint16_t local_port = 0;
+	struct smb2_lease ls1;
+	struct smb2_lease ls2;
+	struct smb2_lease ls3;
+
+	if (!test_multichannel_initial_checks(tctx, tree1)) {
+		return true;
+	}
+
+	torture_comment(tctx, "Lease break retry: Test1\n");
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	transport1->lease.handler = torture_lease_handler;
+	transport1->lease.private_data = tree1;
+	torture_comment(tctx, "transport1  [%p]\n", transport1);
+	local_port = torture_get_local_port_from_transport(transport1);
+	torture_comment(tctx, "transport1 uses tcp port: %d\n", local_port);
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &_h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree1, _h);
+	smb2_util_unlink(tree1, fname1);
+	smb2_util_unlink(tree1, fname2);
+	smb2_util_unlink(tree1, fname3);
+	CHECK_VAL(lease_break_info.count, 0);
+
+	smb2_lease_create(&io1, &ls1, false, fname1, LEASE2F1,
+			  smb2_util_lease_state("RHW"));
+	test_multichannel_init_smb_create(&io1);
+
+	smb2_lease_create(&io2, &ls2, false, fname2, LEASE2F2,
+			  smb2_util_lease_state("RHW"));
+	test_multichannel_init_smb_create(&io2);
+
+	smb2_lease_create(&io3, &ls3, false, fname3, LEASE2F3,
+			  smb2_util_lease_state("RHW"));
+	test_multichannel_init_smb_create(&io3);
+
+	transport2_options = transport1->options;
+
+	ret = test_multichannel_create_channels(tctx, host, share,
+						  credentials,
+						  &transport2_options,
+						  &tree2A, &tree2B, &tree2C);
+	torture_assert(tctx, ret, "Could not create channels.\n");
+
+	/* 2a opens file1 */
+	torture_comment(tctx, "client2 opens fname1 via session 2A\n");
+	status = smb2_create(tree2A, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h_client2_file1 = io1.out.file.handle;
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io1, "RHW", true, LEASE2F1, 0);
+	CHECK_VAL(lease_break_info.count, 0);
+
+	/* 2b opens file2 */
+	torture_comment(tctx, "client2 opens fname2 via session 2B\n");
+	status = smb2_create(tree2B, mem_ctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h_client2_file2 = io2.out.file.handle;
+	CHECK_CREATED(&io2, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io2, "RHW", true, LEASE2F2, 0);
+	CHECK_VAL(lease_break_info.count, 0);
+
+	/* 2c opens file3 */
+	torture_comment(tctx, "client2 opens fname3 via session 2C\n");
+	smb2_lease_create(&io3, &ls3, false, fname3, LEASE2F3,
+			  smb2_util_lease_state("RHW"));
+	status = smb2_create(tree2C, mem_ctx, &io3);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h_client2_file3 = io3.out.file.handle;
+	CHECK_CREATED(&io3, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io3, "RHW", true, LEASE2F3, 0);
+	CHECK_VAL(lease_break_info.count, 0);
+
+	/* 1 opens file1 - lease break? */
+	torture_comment(tctx, "client1 opens fname1 via session 1\n");
+	smb2_lease_create(&io1, &ls1, false, fname1, LEASE1F1,
+			  smb2_util_lease_state("RHW"));
+	status = smb2_create(tree1, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h_client1_file1 = io1.out.file.handle;
+	CHECK_CREATED(&io1, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io1, "RH", true, LEASE1F1, 0);
+	CHECK_BREAK_INFO("RHW", "RH", LEASE2F1);
+	CHECK_VAL(lease_break_info.count, 1);
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	/* 1 opens file2 - lease break? */
+	torture_comment(tctx, "client1 opens fname2 via session 1\n");
+	smb2_lease_create(&io2, &ls2, false, fname2, LEASE1F2,
+			  smb2_util_lease_state("RHW"));
+	status = smb2_create(tree1, mem_ctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h_client1_file2 = io2.out.file.handle;
+	CHECK_CREATED(&io2, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io2, "RH", true, LEASE1F2, 0);
+	CHECK_BREAK_INFO("RHW", "RH", LEASE2F2);
+	CHECK_VAL(lease_break_info.count, 1);
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	/* 1 opens file3 - lease break? */
+	torture_comment(tctx, "client1 opens fname3 via session 1\n");
+	smb2_lease_create(&io3, &ls3, false, fname3, LEASE1F3,
+			  smb2_util_lease_state("RHW"));
+	status = smb2_create(tree1, mem_ctx, &io3);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h_client1_file3 = io3.out.file.handle;
+	CHECK_CREATED(&io3, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io3, "RH", true, LEASE1F3, 0);
+	CHECK_BREAK_INFO("RHW", "RH", LEASE2F3);
+	CHECK_VAL(lease_break_info.count, 1);
+
+	/* cleanup everything */
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	smb2_util_close(tree1, h_client1_file1);
+	smb2_util_close(tree1, h_client1_file2);
+	smb2_util_close(tree1, h_client1_file3);
+	smb2_util_close(tree2A, h_client2_file1);
+	smb2_util_close(tree2A, h_client2_file2);
+	smb2_util_close(tree2A, h_client2_file3);
+
+	smb2_util_unlink(tree1, fname1);
+	smb2_util_unlink(tree1, fname2);
+	smb2_util_unlink(tree1, fname3);
+	CHECK_VAL(lease_break_info.count, 0);
+	test_multichannel_free_channels(tree2A, tree2B, tree2C);
+	tree2A = tree2B = tree2C = NULL;
+done:
+	tree1->session = session1;
+
+	smb2_util_close(tree1, h_client1_file1);
+	smb2_util_close(tree1, h_client1_file2);
+	smb2_util_close(tree1, h_client1_file3);
+	if (tree2A != NULL) {
+		smb2_util_close(tree2A, h_client2_file1);
+		smb2_util_close(tree2A, h_client2_file2);
+		smb2_util_close(tree2A, h_client2_file3);
+	}
+
+	if (h != NULL) {
+		smb2_util_close(tree1, *h);
+	}
+
+	smb2_util_unlink(tree1, fname1);
+	smb2_util_unlink(tree1, fname2);
+	smb2_util_unlink(tree1, fname3);
+	smb2_deltree(tree1, BASEDIR);
+
+	test_multichannel_free_channels(tree2A, tree2B, tree2C);
+	talloc_free(tree1);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/*
+ * Lease Break Test 2:
+ * Test for lease break retries being sent by the server.
+ *      Connect 2A, 2B
+ *      open file1 in session 2A
+ *      open file2 in session 2B
+ *      block 2A
+ *      open file2 in session 1
+ *           lease break retry reaches the client?
+ *      Connect 2C
+ *      open file3 in session 2C
+ *      unblock 2A
+ *      open file1 in session 1
+ *           lease break reaches the client?
+ *      open file3 in session 1
+ *           lease break reached the client?
+ *      Cleanup
+ *           On deletion by 1, lease breaks sent for file1, file2 and file3
+ *           on 2B
+ *           This changes RH lease to R for Session 2.
+ *           (This has been disabled while we add support for sending lease
+ *            break for handle leases.)
+ */
+static bool test_multichannel_lease_break_test2(struct torture_context *tctx,
+						struct smb2_tree *tree1)
+{
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *share = torture_setting_string(tctx, "share", NULL);
+	struct cli_credentials *credentials = samba_cmdline_get_creds();
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_handle h_client1_file1 = {{0}};
+	struct smb2_handle h_client1_file2 = {{0}};
+	struct smb2_handle h_client1_file3 = {{0}};
+	struct smb2_handle h_client2_file1 = {{0}};
+	struct smb2_handle h_client2_file2 = {{0}};
+	struct smb2_handle h_client2_file3 = {{0}};
+	struct smb2_create io1, io2, io3;
+	bool ret = true;
+	const char *fname1 = BASEDIR "\\lease_break_test1.dat";
+	const char *fname2 = BASEDIR "\\lease_break_test2.dat";
+	const char *fname3 = BASEDIR "\\lease_break_test3.dat";
+	struct smb2_tree *tree2A = NULL;
+	struct smb2_tree *tree2B = NULL;
+	struct smb2_tree *tree2C = NULL;
+	struct smb2_transport *transport1 = tree1->session->transport;
+	struct smb2_transport *transport2A = NULL;
+	struct smbcli_options transport2_options;
+	struct smb2_session *session1 = tree1->session;
+	uint16_t local_port = 0;
+	struct smb2_lease ls1;
+	struct smb2_lease ls2;
+	struct smb2_lease ls3;
+	bool block_setup = false;
+	bool block_ok = false;
+	bool unblock_ok = false;
+
+
+	if (!test_multichannel_initial_checks(tctx, tree1)) {
+		return true;
+	}
+
+	torture_comment(tctx, "Lease break retry: Test2\n");
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	transport1->lease.handler = torture_lease_handler;
+	transport1->lease.private_data = tree1;
+	torture_comment(tctx, "transport1  [%p]\n", transport1);
+	local_port = torture_get_local_port_from_transport(transport1);
+	torture_comment(tctx, "transport1 uses tcp port: %d\n", local_port);
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &_h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree1, _h);
+	smb2_util_unlink(tree1, fname1);
+	smb2_util_unlink(tree1, fname2);
+	smb2_util_unlink(tree1, fname3);
+	CHECK_VAL(lease_break_info.count, 0);
+
+	smb2_lease_create(&io1, &ls1, false, fname1, LEASE2F1,
+			  smb2_util_lease_state("RHW"));
+	test_multichannel_init_smb_create(&io1);
+
+	smb2_lease_create(&io2, &ls2, false, fname2, LEASE2F2,
+			  smb2_util_lease_state("RHW"));
+	test_multichannel_init_smb_create(&io2);
+
+	smb2_lease_create(&io3, &ls3, false, fname3, LEASE2F3,
+			  smb2_util_lease_state("RHW"));
+	test_multichannel_init_smb_create(&io3);
+
+	transport2_options = transport1->options;
+
+	ret = test_multichannel_create_channels(tctx, host, share,
+						  credentials,
+						  &transport2_options,
+						  &tree2A, &tree2B, NULL);
+	torture_assert(tctx, ret, "Could not create channels.\n");
+	transport2A = tree2A->session->transport;
+
+	/* 2a opens file1 */
+	torture_comment(tctx, "client2 opens fname1 via session 2A\n");
+	smb2_lease_create(&io1, &ls1, false, fname1, LEASE2F1,
+			  smb2_util_lease_state("RHW"));
+	status = smb2_create(tree2A, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h_client2_file1 = io1.out.file.handle;
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io1, "RHW", true, LEASE2F1, 0);
+	CHECK_VAL(io1.out.durable_open_v2, false); //true);
+	CHECK_VAL(io1.out.timeout, io1.in.timeout);
+	CHECK_VAL(io1.out.durable_open, false);
+	CHECK_VAL(lease_break_info.count, 0);
+
+	/* 2b opens file2 */
+	torture_comment(tctx, "client2 opens fname2 via session 2B\n");
+	smb2_lease_create(&io2, &ls2, false, fname2, LEASE2F2,
+			  smb2_util_lease_state("RHW"));
+	status = smb2_create(tree2B, mem_ctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h_client2_file2 = io2.out.file.handle;
+	CHECK_CREATED(&io2, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io2, "RHW", true, LEASE2F2, 0);
+	CHECK_VAL(io2.out.durable_open_v2, false); //true);
+	CHECK_VAL(io2.out.timeout, io2.in.timeout);
+	CHECK_VAL(io2.out.durable_open, false);
+	CHECK_VAL(lease_break_info.count, 0);
+
+	block_setup = test_setup_blocked_transports(tctx);
+	torture_assert(tctx, block_setup, "test_setup_blocked_transports");
+
+	torture_comment(tctx, "Blocking 2A\n");
+	/* Block 2A */
+	block_ok = test_block_smb2_transport(tctx, transport2A);
+	torture_assert(tctx, block_ok, "we could not block tcp transport");
+
+	torture_wait_for_lease_break(tctx);
+	CHECK_VAL(lease_break_info.count, 0);
+
+	/* 1 opens file2 */
+	torture_comment(tctx,
+			"Client opens fname2 with session1 with 2A blocked\n");
+	smb2_lease_create(&io2, &ls2, false, fname2, LEASE1F2,
+			  smb2_util_lease_state("RHW"));
+	status = smb2_create(tree1, mem_ctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h_client1_file2 = io2.out.file.handle;
+	CHECK_CREATED(&io2, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io2, "RH", true, LEASE1F2, 0);
+	CHECK_VAL(io2.out.durable_open_v2, false);
+	CHECK_VAL(io2.out.timeout, 0);
+	CHECK_VAL(io2.out.durable_open, false);
+
+	if (lease_break_info.count == 0) {
+		torture_comment(tctx,
+				"Did not receive expected lease break!!\n");
+	} else {
+		torture_comment(tctx, "Received %d lease break(s)!!\n",
+				lease_break_info.count);
+	}
+
+	/*
+	 * We got breaks on both channels
+	 * (one failed on the blocked connection)
+	 */
+	CHECK_VAL(lease_break_info.count, 2);
+	lease_break_info.count -= 1;
+	CHECK_VAL(lease_break_info.failures, 1);
+	lease_break_info.failures -= 1;
+	CHECK_BREAK_INFO("RHW", "RH", LEASE2F2);
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	/* Connect 2C */
+	torture_comment(tctx, "Connecting session 2C\n");
+	talloc_free(tree2C);
+	tree2C = test_multichannel_create_channel(tctx, host, share,
+				credentials, &transport2_options, tree2A);
+	if (!tree2C) {
+		goto done;
+	}
+
+	/* 2c opens file3 */
+	torture_comment(tctx, "client2 opens fname3 via session 2C\n");
+	smb2_lease_create(&io3, &ls3, false, fname3, LEASE2F3,
+			  smb2_util_lease_state("RHW"));
+	status = smb2_create(tree2C, mem_ctx, &io3);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h_client2_file3 = io3.out.file.handle;
+	CHECK_CREATED(&io3, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io3, "RHW", true, LEASE2F3, 0);
+	CHECK_VAL(io3.out.durable_open_v2, false);
+	CHECK_VAL(io3.out.timeout, io2.in.timeout);
+	CHECK_VAL(io3.out.durable_open, false);
+	CHECK_VAL(lease_break_info.count, 0);
+
+	/* Unblock 2A */
+	torture_comment(tctx, "Unblocking 2A\n");
+	unblock_ok = test_unblock_smb2_transport(tctx, transport2A);
+	torture_assert(tctx, unblock_ok, "we could not unblock tcp transport");
+
+	/* 1 opens file1 */
+	torture_comment(tctx, "Client opens fname1 with session 1\n");
+	smb2_lease_create(&io1, &ls1, false, fname1, LEASE1F1,
+			  smb2_util_lease_state("RHW"));
+	status = smb2_create(tree1, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h_client1_file1 = io1.out.file.handle;
+	CHECK_CREATED(&io1, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io1, "RH", true, LEASE1F1, 0);
+
+	if (lease_break_info.count == 0) {
+		torture_comment(tctx,
+				"Did not receive expected lease break!!\n");
+	} else {
+		torture_comment(tctx,
+				"Received %d lease break(s)!!\n",
+				lease_break_info.count);
+	}
+	CHECK_VAL(lease_break_info.count, 1);
+	CHECK_BREAK_INFO("RHW", "RH", LEASE2F1);
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	/*1 opens file3 */
+	torture_comment(tctx, "client opens fname3 via session 1\n");
+
+	smb2_lease_create(&io3, &ls3, false, fname3, LEASE1F3,
+			  smb2_util_lease_state("RHW"));
+	status = smb2_create(tree1, mem_ctx, &io3);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h_client1_file3 = io3.out.file.handle;
+	CHECK_CREATED(&io3, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io3, "RH", true, LEASE1F3, 0);
+
+	if (lease_break_info.count == 0) {
+		torture_comment(tctx,
+				"Did not receive expected lease break!!\n");
+	} else {
+		torture_comment(tctx,
+				"Received %d lease break(s)!!\n",
+				lease_break_info.count);
+	}
+	CHECK_VAL(lease_break_info.count, 1);
+	CHECK_BREAK_INFO("RHW", "RH", LEASE2F3);
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	smb2_util_close(tree1, h_client1_file1);
+	smb2_util_close(tree1, h_client1_file2);
+	smb2_util_close(tree1, h_client1_file3);
+
+	/*
+	 * Session 2 still has RW lease on file 1. Deletion of this file by 1
+	 *  leads to a lease break call to session 2 file1
+	 */
+	smb2_util_unlink(tree1, fname1);
+	/*
+	 * Bug - Samba does not revoke Handle lease on unlink
+	 * CHECK_BREAK_INFO("RH", "R", LEASE2F1);
+	 */
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	/*
+	 * Session 2 still has RW lease on file 2. Deletion of this file by 1
+	 *  leads to a lease break call to session 2 file2
+	 */
+	smb2_util_unlink(tree1, fname2);
+	/*
+	 * Bug - Samba does not revoke Handle lease on unlink
+	 * CHECK_BREAK_INFO("RH", "R", LEASE2F2);
+	 */
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	/*
+	 * Session 2 still has RW lease on file 3. Deletion of this file by 1
+	 *  leads to a lease break call to session 2 file3
+	 */
+	smb2_util_unlink(tree1, fname3);
+	/*
+	 * Bug - Samba does not revoke Handle lease on unlink
+	 * CHECK_BREAK_INFO("RH", "R", LEASE2F3);
+	 */
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	smb2_util_close(tree2C, h_client2_file1);
+	smb2_util_close(tree2C, h_client2_file2);
+	smb2_util_close(tree2C, h_client2_file3);
+
+	test_multichannel_free_channels(tree2A, tree2B, tree2C);
+	tree2A = tree2B = tree2C = NULL;
+
+done:
+	if (block_ok && !unblock_ok) {
+		test_unblock_smb2_transport(tctx, transport2A);
+	}
+	if (block_setup) {
+		test_cleanup_blocked_transports(tctx);
+	}
+
+	tree1->session = session1;
+
+	smb2_util_close(tree1, h_client1_file1);
+	smb2_util_close(tree1, h_client1_file2);
+	smb2_util_close(tree1, h_client1_file3);
+	if (tree2A != NULL) {
+		smb2_util_close(tree2A, h_client2_file1);
+		smb2_util_close(tree2A, h_client2_file2);
+		smb2_util_close(tree2A, h_client2_file3);
+	}
+
+	if (h != NULL) {
+		smb2_util_close(tree1, *h);
+	}
+
+	smb2_util_unlink(tree1, fname1);
+	smb2_util_unlink(tree1, fname2);
+	smb2_util_unlink(tree1, fname3);
+	smb2_deltree(tree1, BASEDIR);
+
+	test_multichannel_free_channels(tree2A, tree2B, tree2C);
+	talloc_free(tree1);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/*
+ * Test 3: Check to see how the server behaves if lease break
+ *      response is sent over a different channel to one over which
+ *      the break is received.
+ *      Connect 2A, 2B
+ *      open file1 in session 2A
+ *      open file1 in session 1
+ *           Lease break sent to 2A
+ *           2B sends back lease break reply.
+ *      session 1 allowed to open file
+ */
+static bool test_multichannel_lease_break_test3(struct torture_context *tctx,
+						struct smb2_tree *tree1)
+{
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *share = torture_setting_string(tctx, "share", NULL);
+	struct cli_credentials *credentials = samba_cmdline_get_creds();
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_handle h_client1_file1 = {{0}};
+	struct smb2_handle h_client2_file1 = {{0}};
+	struct smb2_create io1;
+	bool ret = true;
+	const char *fname1 = BASEDIR "\\lease_break_test1.dat";
+	struct smb2_tree *tree2A = NULL;
+	struct smb2_tree *tree2B = NULL;
+	struct smb2_transport *transport1 = tree1->session->transport;
+	struct smb2_transport *transport2A = NULL;
+	struct smbcli_options transport2_options;
+	uint16_t local_port = 0;
+	struct smb2_lease ls1;
+	struct tevent_timer *te = NULL;
+	struct timeval ne;
+	bool timesup = false;
+
+	if (!test_multichannel_initial_checks(tctx, tree1)) {
+		return true;
+	}
+
+	torture_comment(tctx, "Lease break retry: Test3\n");
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+
+	transport1->lease.handler = torture_lease_handler;
+	transport1->lease.private_data = tree1;
+	torture_comment(tctx, "transport1  [%p]\n", transport1);
+	local_port = torture_get_local_port_from_transport(transport1);
+	torture_comment(tctx, "transport1 uses tcp port: %d\n", local_port);
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &_h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree1, _h);
+	smb2_util_unlink(tree1, fname1);
+	CHECK_VAL(lease_break_info.count, 0);
+
+	smb2_lease_create(&io1, &ls1, false, fname1, LEASE2F1,
+			  smb2_util_lease_state("RHW"));
+	test_multichannel_init_smb_create(&io1);
+
+	transport2_options = transport1->options;
+
+	ret = test_multichannel_create_channels(tctx, host, share,
+						credentials,
+						&transport2_options,
+						&tree2A, &tree2B, NULL);
+	torture_assert(tctx, ret, "Could not create channels.\n");
+	transport2A = tree2A->session->transport;
+	transport2A->lease.private_data = tree2B;
+
+	/* 2a opens file1 */
+	torture_comment(tctx, "client2 opens fname1 via session 2A\n");
+	smb2_lease_create(&io1, &ls1, false, fname1, LEASE2F1,
+			  smb2_util_lease_state("RHW"));
+	status = smb2_create(tree2A, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h_client2_file1 = io1.out.file.handle;
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io1, "RHW", true, LEASE2F1, 0);
+	CHECK_VAL(io1.out.durable_open_v2, false); //true);
+	CHECK_VAL(io1.out.timeout, io1.in.timeout);
+	CHECK_VAL(io1.out.durable_open, false);
+	CHECK_VAL(lease_break_info.count, 0);
+
+	/* Set a timeout for 5 seconds for session 1 to open file1 */
+	ne = tevent_timeval_current_ofs(0, 5000000);
+	te = tevent_add_timer(tctx->ev, mem_ctx, ne, timeout_cb, &timesup);
+	if (te == NULL) {
+		torture_comment(tctx, "Failed to add timer.");
+		goto done;
+	}
+
+	/* 1 opens file2 */
+	torture_comment(tctx, "Client opens fname1 with session 1\n");
+	smb2_lease_create(&io1, &ls1, false, fname1, LEASE1F1,
+			  smb2_util_lease_state("RHW"));
+	status = smb2_create(tree1, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h_client1_file1 = io1.out.file.handle;
+	CHECK_CREATED(&io1, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io1, "RH", true, LEASE1F1, 0);
+	CHECK_VAL(io1.out.durable_open_v2, false);
+	CHECK_VAL(io1.out.timeout, 0);
+	CHECK_VAL(io1.out.durable_open, false);
+
+	CHECK_VAL(lease_break_info.count, 1);
+	CHECK_BREAK_INFO("RHW", "RH", LEASE2F1);
+
+	/*
+	 * Check if timeout handler was fired. This would indicate
+	 * that the server didn't receive a reply for the oplock break
+	 * from the client and the server let session 1 open the file
+	 * only after the oplock break timeout.
+	 */
+	CHECK_VAL(timesup, false);
+
+done:
+	smb2_util_close(tree1, h_client1_file1);
+	if (tree2A != NULL) {
+		smb2_util_close(tree2A, h_client2_file1);
+	}
+
+	if (h != NULL) {
+		smb2_util_close(tree1, *h);
+	}
+
+	smb2_util_unlink(tree1, fname1);
+	smb2_deltree(tree1, BASEDIR);
+
+	test_multichannel_free_channels(tree2A, tree2B, NULL);
+	talloc_free(tree1);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/*
+ * Test limits of channels
+ */
+static bool test_multichannel_num_channels(struct torture_context *tctx,
+					   struct smb2_tree *tree1)
+{
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *share = torture_setting_string(tctx, "share", NULL);
+	struct cli_credentials *credentials = samba_cmdline_get_creds();
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	bool ret = true;
+	struct smb2_tree **tree2 = NULL;
+	struct smb2_transport *transport1 = tree1->session->transport;
+	struct smb2_transport **transport2 = NULL;
+	struct smbcli_options transport2_options;
+	struct smb2_session **session2 = NULL;
+	uint32_t server_capabilities;
+	int i;
+	int max_channels = 33; /* 32 is the W2K12R2 and W2K16 limit */
+
+	if (smbXcli_conn_protocol(transport1->conn) < PROTOCOL_SMB3_00) {
+		torture_fail(tctx,
+			     "SMB 3.X Dialect family required for Multichannel"
+			     " tests\n");
+	}
+
+	server_capabilities = smb2cli_conn_server_capabilities(
+					tree1->session->transport->conn);
+	if (!(server_capabilities & SMB2_CAP_MULTI_CHANNEL)) {
+		torture_fail(tctx,
+			     "Server does not support multichannel.");
+	}
+
+	torture_comment(tctx, "Testing max. number of channels\n");
+
+	transport2_options = transport1->options;
+	transport2_options.client_guid = GUID_random();
+
+	tree2		= talloc_zero_array(mem_ctx, struct smb2_tree *,
+					    max_channels);
+	transport2	= talloc_zero_array(mem_ctx, struct smb2_transport *,
+					    max_channels);
+	session2	= talloc_zero_array(mem_ctx, struct smb2_session *,
+					    max_channels);
+	if (tree2 == NULL || transport2 == NULL || session2 == NULL) {
+		torture_fail(tctx, "out of memory");
+	}
+
+	for (i = 0; i < max_channels; i++) {
+
+		NTSTATUS expected_status;
+
+		torture_assert_ntstatus_ok_goto(tctx,
+			smb2_connect(tctx,
+				host,
+				lpcfg_smb_ports(tctx->lp_ctx),
+				share,
+				lpcfg_resolve_context(tctx->lp_ctx),
+				credentials,
+				&tree2[i],
+				tctx->ev,
+				&transport2_options,
+				lpcfg_socket_options(tctx->lp_ctx),
+				lpcfg_gensec_settings(tctx, tctx->lp_ctx)
+				),
+			ret, done, "smb2_connect failed");
+
+		transport2[i] = tree2[i]->session->transport;
+
+		if (i == 0) {
+			/*
+			 * done for the 1st channel
+			 *
+			 * For all remaining channels we do the
+			 * session setup on our own.
+			 */
+			transport2_options.only_negprot = true;
+			continue;
+		}
+
+		/*
+		 * Now bind the session2[i] to the transport2
+		 */
+		session2[i] = smb2_session_channel(transport2[i],
+						   lpcfg_gensec_settings(tctx,
+								 tctx->lp_ctx),
+						   tree2[0],
+						   tree2[0]->session);
+
+		torture_assert(tctx, session2[i] != NULL,
+			       "smb2_session_channel failed");
+
+		torture_comment(tctx, "established transport2 [#%d]\n", i);
+
+		if (i >= 32) {
+			expected_status = NT_STATUS_INSUFFICIENT_RESOURCES;
+		} else {
+			expected_status = NT_STATUS_OK;
+		}
+
+		torture_assert_ntstatus_equal_goto(tctx,
+			smb2_session_setup_spnego(session2[i],
+				samba_cmdline_get_creds(),
+				0 /* previous_session_id */),
+			expected_status,
+			ret, done,
+			talloc_asprintf(tctx, "failed to establish session "
+					      "setup for channel #%d", i));
+
+		torture_comment(tctx, "bound session2 [#%d] to session2 [0]\n",
+				i);
+	}
+
+ done:
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+struct test_multichannel_lease_break_state;
+
+struct test_multichannel_lease_break_channel {
+	struct test_multichannel_lease_break_state *state;
+	size_t idx;
+	char name[64];
+	struct smb2_tree *tree;
+	bool blocked;
+	struct timeval break_time;
+	double full_duration;
+	double relative_duration;
+	struct smb2_lease_break lb;
+	size_t break_num;
+};
+
+struct test_multichannel_lease_break_state {
+	struct torture_context *tctx;
+	struct timeval open_req_time;
+	struct timeval open_rep_time;
+	size_t num_breaks;
+	struct timeval last_break_time;
+	struct test_multichannel_lease_break_channel channels[32];
+};
+
+static bool test_multichannel_lease_break_handler(struct smb2_transport *transport,
+						  const struct smb2_lease_break *lb,
+						  void *private_data)
+{
+	struct test_multichannel_lease_break_channel *c =
+		(struct test_multichannel_lease_break_channel *)private_data;
+	struct test_multichannel_lease_break_state *state = c->state;
+
+	c->break_time = timeval_current();
+	c->full_duration = timeval_elapsed2(&state->open_req_time,
+					    &c->break_time);
+	c->relative_duration = timeval_elapsed2(&state->last_break_time,
+						&c->break_time);
+	state->last_break_time = c->break_time;
+	c->lb = *lb;
+	c->break_num = ++state->num_breaks;
+
+	torture_comment(state->tctx, "Got LEASE break epoch[0x%x] %zu on %s after %f ( %f)\n",
+			c->lb.new_epoch, c->break_num, c->name,
+			c->relative_duration,
+			c->full_duration);
+
+	return torture_lease_handler(transport, lb, c->tree);
+}
+
+static bool test_multichannel_lease_break_test4(struct torture_context *tctx,
+						struct smb2_tree *tree1)
+{
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *share = torture_setting_string(tctx, "share", NULL);
+	struct cli_credentials *credentials = samba_cmdline_get_creds();
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct test_multichannel_lease_break_state state = {
+		.tctx = tctx,
+	};
+	struct test_multichannel_lease_break_channel *open2_channel = NULL;
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_handle h_client1_file1 = {{0}};
+	struct smb2_handle h_client2_file1 = {{0}};
+	struct smb2_create io1;
+	struct smb2_create io2;
+	bool ret = true;
+	const char *fname1 = BASEDIR "\\lease_break_test4.dat";
+	struct smb2_tree *trees2[32] = { NULL, };
+	size_t i;
+	struct smb2_transport *transport1 = tree1->session->transport;
+	struct smbcli_options transport2_options;
+	struct smb2_session *session1 = tree1->session;
+	uint16_t local_port = 0;
+	struct smb2_lease ls1;
+	struct smb2_lease ls2;
+	bool block_setup = false;
+	bool block_ok = false;
+	double open_duration;
+
+	if (!test_multichannel_initial_checks(tctx, tree1)) {
+		return true;
+	}
+
+	torture_comment(tctx, "Lease break retry: Test4\n");
+
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	lease_break_info.lease_skip_ack = true;
+
+	transport1->lease.handler = torture_lease_handler;
+	transport1->lease.private_data = tree1;
+	torture_comment(tctx, "transport1  [%p]\n", transport1);
+	local_port = torture_get_local_port_from_transport(transport1);
+	torture_comment(tctx, "transport1 uses tcp port: %d\n", local_port);
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &_h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree1, _h);
+	smb2_util_unlink(tree1, fname1);
+	CHECK_VAL(lease_break_info.count, 0);
+
+	smb2_lease_v2_create(&io2, &ls2, false, fname1,
+			     LEASE2F1, NULL,
+			     smb2_util_lease_state("RHW"),
+			     0x20);
+
+	transport2_options = transport1->options;
+
+	ret = test_multichannel_create_channel_array(tctx, host, share, credentials,
+						     &transport2_options,
+						     ARRAY_SIZE(trees2), trees2);
+	torture_assert(tctx, ret, "Could not create channels.\n");
+
+	for (i = 0; i < ARRAY_SIZE(trees2); i++) {
+		struct test_multichannel_lease_break_channel *c = &state.channels[i];
+		struct smb2_transport *t = trees2[i]->session->transport;
+
+		c->state = &state;
+		c->idx = i+1;
+		c->tree = trees2[i];
+		snprintf(c->name, sizeof(c->name), "trees2_%zu", c->idx);
+
+		t->lease.handler = test_multichannel_lease_break_handler;
+		t->lease.private_data = c;
+	}
+
+	open2_channel = &state.channels[0];
+
+	/* 2a opens file1 */
+	torture_comment(tctx, "client2 opens fname1 via %s\n",
+			open2_channel->name);
+	status = smb2_create(open2_channel->tree, mem_ctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h_client2_file1 = io2.out.file.handle;
+	CHECK_CREATED(&io2, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE_V2(&io2, "RHW", true, LEASE2F1, 0, 0, 0x21);
+	CHECK_VAL(io2.out.durable_open_v2, false);
+	CHECK_VAL(io2.out.timeout, io2.in.timeout);
+	CHECK_VAL(io2.out.durable_open, false);
+	CHECK_VAL(lease_break_info.count, 0);
+
+	block_setup = test_setup_blocked_transports(tctx);
+	torture_assert(tctx, block_setup, "test_setup_blocked_transports");
+
+	for (i = 0; i < ARRAY_SIZE(state.channels); i++) {
+		struct test_multichannel_lease_break_channel *c = &state.channels[i];
+		struct smb2_transport *t = c->tree->session->transport;
+
+		torture_comment(tctx, "Blocking %s\n", c->name);
+		block_ok = _test_block_smb2_transport(tctx, t, c->name);
+		torture_assert_goto(tctx, block_ok, ret, done, "we could not block tcp transport");
+		c->blocked = true;
+	}
+
+	/* 1 opens file2 */
+	torture_comment(tctx,
+			"Client opens fname1 with session 1 with all %zu blocked\n",
+			ARRAY_SIZE(trees2));
+	smb2_lease_v2_create(&io1, &ls1, false, fname1,
+			     LEASE1F1, NULL,
+			     smb2_util_lease_state("RHW"),
+			     0x10);
+	CHECK_VAL(lease_break_info.count, 0);
+	state.open_req_time = timeval_current();
+	state.last_break_time = state.open_req_time;
+	status = smb2_create(tree1, mem_ctx, &io1);
+	state.open_rep_time = timeval_current();
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h_client1_file1 = io1.out.file.handle;
+
+	CHECK_VAL_GREATER_THAN(lease_break_info.count, 1);
+
+	open_duration = timeval_elapsed2(&state.open_req_time,
+					 &state.open_rep_time);
+	torture_comment(tctx, "open_duration: %f\n", open_duration);
+	if (lease_break_info.count < ARRAY_SIZE(state.channels)) {
+		CHECK_VAL_GREATER_THAN(open_duration, 35);
+		CHECK_LEASE_V2(&io1, "RH", true, LEASE1F1, 0, 0, 0x11);
+	} else {
+		CHECK_LEASE_V2(&io1, "RWH", true, LEASE1F1, 0, 0, 0x11);
+	}
+
+	for (i = 0; i < ARRAY_SIZE(state.channels); i++) {
+		if (lease_break_info.count >= ARRAY_SIZE(state.channels)) {
+			break;
+		}
+		torture_comment(tctx, "Received %d lease break(s) wait for more!!\n",
+				lease_break_info.count);
+		torture_wait_for_lease_break(tctx);
+	}
+
+	if (lease_break_info.count == 0) {
+		torture_comment(tctx,
+				"Did not receive expected lease break!!\n");
+	} else {
+		torture_comment(tctx, "Received %d lease break(s)!!\n",
+				lease_break_info.count);
+	}
+
+	if (lease_break_info.count < ARRAY_SIZE(state.channels)) {
+		CHECK_VAL_GREATER_THAN(lease_break_info.count, 3);
+	} else {
+		CHECK_VAL(lease_break_info.count, ARRAY_SIZE(state.channels));
+	}
+
+	for (i = 0; i < lease_break_info.count; i++) {
+		struct test_multichannel_lease_break_channel *c = &state.channels[i];
+
+		torture_comment(tctx, "Verify %s\n", c->name);
+		torture_assert_int_equal(tctx, c->break_num, c->idx,
+					 "Got lease break in wrong order");
+		CHECK_LEASE_BREAK_V2(c->lb, LEASE2F1, "RWH", "RH",
+				     SMB2_NOTIFY_BREAK_LEASE_FLAG_ACK_REQUIRED,
+				     0x22);
+	}
+
+done:
+	for (i = 0; i < ARRAY_SIZE(state.channels); i++) {
+		struct test_multichannel_lease_break_channel *c = &state.channels[i];
+		struct smb2_transport *t = NULL;
+
+		if (!c->blocked) {
+			continue;
+		}
+
+		t = c->tree->session->transport;
+
+		torture_comment(tctx, "Unblocking %s\n", c->name);
+		_test_unblock_smb2_transport(tctx, t, c->name);
+		c->blocked = false;
+	}
+	if (block_setup) {
+		test_cleanup_blocked_transports(tctx);
+	}
+
+	tree1->session = session1;
+
+	smb2_util_close(tree1, h_client1_file1);
+	if (trees2[0] != NULL) {
+		smb2_util_close(trees2[0], h_client2_file1);
+	}
+
+	if (h != NULL) {
+		smb2_util_close(tree1, *h);
+	}
+
+	smb2_util_unlink(tree1, fname1);
+	smb2_deltree(tree1, BASEDIR);
+
+	for (i = 0; i < ARRAY_SIZE(trees2); i++) {
+		if (trees2[i] == NULL) {
+			continue;
+		}
+		TALLOC_FREE(trees2[i]);
+	}
+	talloc_free(tree1);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/*
+ * Test channel merging race
+ * This is a regression test for
+ * https://bugzilla.samba.org/show_bug.cgi?id=15346
+ */
+struct test_multichannel_bug_15346_conn;
+
+struct test_multichannel_bug_15346_state {
+	struct torture_context *tctx;
+	struct test_multichannel_bug_15346_conn *conns;
+	size_t num_conns;
+	size_t num_ready;
+	bool asserted;
+	bool looping;
+};
+
+struct test_multichannel_bug_15346_conn {
+	struct test_multichannel_bug_15346_state *state;
+	size_t idx;
+	struct smbXcli_conn *smbXcli;
+	struct tevent_req *nreq;
+	struct tevent_req *ereq;
+};
+
+static void test_multichannel_bug_15346_ndone(struct tevent_req *subreq);
+static void test_multichannel_bug_15346_edone(struct tevent_req *subreq);
+
+static void test_multichannel_bug_15346_ndone(struct tevent_req *subreq)
+{
+	struct test_multichannel_bug_15346_conn *conn =
+		(struct test_multichannel_bug_15346_conn *)
+		tevent_req_callback_data_void(subreq);
+	struct test_multichannel_bug_15346_state *state = conn->state;
+	struct torture_context *tctx = state->tctx;
+	struct timeval current_time;
+	struct tm tm_buf;
+	struct tm *current_tm = NULL;
+	char time_str[sizeof "10000-01-01T00:00:00"];
+	size_t time_str_len;
+	NTSTATUS status;
+	bool ok = false;
+
+	SMB_ASSERT(conn->nreq == subreq);
+	conn->nreq = NULL;
+
+	status = smbXcli_negprot_recv(subreq, NULL, NULL);
+	TALLOC_FREE(subreq);
+	torture_assert_ntstatus_ok_goto(tctx, status, ok, asserted,
+					"smbXcli_negprot_recv failed");
+
+	current_time = tevent_timeval_current();
+	current_tm = gmtime_r(&current_time.tv_sec, &tm_buf);
+	torture_assert_not_null_goto(tctx, current_tm, ok, asserted,
+				     "gmtime_r failed");
+
+	time_str_len = strftime(time_str, sizeof time_str, "%FT%T", current_tm);
+	torture_assert_size_not_equal_goto(tctx, time_str_len, 0, ok, asserted,
+					   "strftime failed");
+
+	torture_comment(tctx,
+			"%s.%ldZ: conn[%zu]: negprot done\n",
+			time_str,
+			(long)current_time.tv_usec,
+			conn->idx);
+
+	conn->ereq = smb2cli_echo_send(conn->smbXcli,
+				       tctx->ev,
+				       conn->smbXcli,
+				       state->num_conns * 2 * 1000);
+	torture_assert_goto(tctx, conn->ereq != NULL, ok, asserted,
+			    "smb2cli_echo_send");
+	tevent_req_set_callback(conn->ereq,
+				test_multichannel_bug_15346_edone,
+				conn);
+
+	return;
+
+asserted:
+	SMB_ASSERT(!ok);
+	state->asserted = true;
+	state->looping = false;
+	return;
+}
+
+static void test_multichannel_bug_15346_edone(struct tevent_req *subreq)
+{
+	struct test_multichannel_bug_15346_conn *conn =
+		(struct test_multichannel_bug_15346_conn *)
+		tevent_req_callback_data_void(subreq);
+	struct test_multichannel_bug_15346_state *state = conn->state;
+	struct torture_context *tctx = state->tctx;
+	struct timeval current_time;
+	struct tm tm_buf;
+	struct tm *current_tm = NULL;
+	char time_str[sizeof "10000-01-01T00:00:00"];
+	size_t time_str_len;
+	const char *outcome = NULL;
+	NTSTATUS status;
+	bool ok = false;
+
+	SMB_ASSERT(conn->ereq == subreq);
+	conn->ereq = NULL;
+
+	current_time = tevent_timeval_current();
+	current_tm = gmtime_r(&current_time.tv_sec, &tm_buf);
+	torture_assert_not_null_goto(tctx, current_tm, ok, asserted,
+				     "gmtime_r failed");
+
+	time_str_len = strftime(time_str, sizeof time_str, "%FT%T", current_tm);
+	torture_assert_size_not_equal_goto(tctx, time_str_len, 0, ok, asserted,
+					   "strftime failed");
+
+	status = smb2cli_echo_recv(subreq);
+	TALLOC_FREE(subreq);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
+		outcome = "timed out";
+	} else if (!NT_STATUS_IS_OK(status)) {
+		outcome = "failed";
+	} else {
+		outcome = "done";
+	}
+	torture_comment(tctx,
+			"%s.%ldZ: conn[%zu]: echo %s\n",
+			time_str,
+			(long)current_time.tv_usec,
+			conn->idx,
+			outcome);
+	torture_assert_ntstatus_ok_goto(tctx, status, ok, asserted,
+					"smb2cli_echo_recv failed");
+
+	state->num_ready += 1;
+	if (state->num_ready < state->num_conns) {
+		return;
+	}
+
+	state->looping = false;
+	return;
+
+asserted:
+	SMB_ASSERT(!ok);
+	state->asserted = true;
+	state->looping = false;
+	return;
+}
+
+static bool test_multichannel_bug_15346(struct torture_context *tctx,
+					struct smb2_tree *tree1)
+{
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *share = torture_setting_string(tctx, "share", NULL);
+	struct resolve_context *resolve_ctx = lpcfg_resolve_context(tctx->lp_ctx);
+	const char *socket_options = lpcfg_socket_options(tctx->lp_ctx);
+	struct gensec_settings *gsettings = NULL;
+	bool ret = true;
+	NTSTATUS status;
+	struct smb2_transport *transport1 = tree1->session->transport;
+	struct test_multichannel_bug_15346_state *state = NULL;
+	uint32_t server_capabilities;
+	struct smb2_handle root_handle = {{0}};
+	size_t i;
+
+	if (smbXcli_conn_protocol(transport1->conn) < PROTOCOL_SMB3_00) {
+		torture_fail(tctx,
+			     "SMB 3.X Dialect family required for Multichannel"
+			     " tests\n");
+	}
+
+	server_capabilities = smb2cli_conn_server_capabilities(
+					tree1->session->transport->conn);
+	if (!(server_capabilities & SMB2_CAP_MULTI_CHANNEL)) {
+		torture_fail(tctx,
+			     "Server does not support multichannel.");
+	}
+
+	torture_comment(tctx, "Testing for BUG 15346\n");
+
+	state = talloc_zero(tctx, struct test_multichannel_bug_15346_state);
+	torture_assert_goto(tctx, state != NULL, ret, done,
+			    "talloc_zero");
+	state->tctx = tctx;
+
+	gsettings = lpcfg_gensec_settings(state, tctx->lp_ctx);
+	torture_assert_goto(tctx, gsettings != NULL, ret, done,
+			    "lpcfg_gensec_settings");
+
+	/*
+	 * 32 is the W2K12R2 and W2K16 limit
+	 * add 31 additional connections
+	 */
+	state->num_conns = 31;
+	state->conns = talloc_zero_array(state,
+				  struct test_multichannel_bug_15346_conn,
+				  state->num_conns);
+	torture_assert_goto(tctx, state->conns != NULL, ret, done,
+			    "talloc_zero_array");
+
+	/*
+	 * First we open the additional tcp connections
+	 */
+
+	for (i = 0; i < state->num_conns; i++) {
+		struct test_multichannel_bug_15346_conn *conn = &state->conns[i];
+		struct socket_context *sock = NULL;
+		uint16_t port = 445;
+		struct smbcli_options options = transport1->options;
+
+		conn->state = state;
+		conn->idx = i;
+
+		status = socket_connect_multi(state->conns,
+					      host,
+					      1, &port,
+					      resolve_ctx,
+					      tctx->ev,
+					      &sock,
+					      &port);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"socket_connect_multi failed");
+
+		conn->smbXcli = smbXcli_conn_create(state->conns,
+					sock->fd,
+					host,
+					SMB_SIGNING_OFF,
+					0,
+					&options.client_guid,
+					options.smb2_capabilities,
+					&options.smb3_capabilities);
+		torture_assert_goto(tctx, conn->smbXcli != NULL, ret, done,
+				    "smbXcli_conn_create failed");
+		sock->fd = -1;
+		TALLOC_FREE(sock);
+	}
+
+	/*
+	 * Now prepare the async SMB2 Negotiate requests
+	 */
+	for (i = 0; i < state->num_conns; i++) {
+		struct test_multichannel_bug_15346_conn *conn = &state->conns[i];
+
+		conn->nreq = smbXcli_negprot_send(conn->smbXcli,
+						  tctx->ev,
+						  conn->smbXcli,
+						  state->num_conns * 2 * 1000,
+						  smbXcli_conn_protocol(transport1->conn),
+						  smbXcli_conn_protocol(transport1->conn),
+						  33, /* max_credits */
+						  NULL);
+		torture_assert_goto(tctx, conn->nreq != NULL, ret, done, "smbXcli_negprot_send");
+		tevent_req_set_callback(conn->nreq,
+					test_multichannel_bug_15346_ndone,
+					conn);
+	}
+
+	/*
+	 * now we loop until all negprot and the first round
+	 * of echos are done.
+	 */
+	state->looping = true;
+	while (state->looping) {
+		torture_assert_goto(tctx, tevent_loop_once(tctx->ev) == 0,
+				    ret, done, "tevent_loop_once");
+	}
+
+	if (state->asserted) {
+		ret = false;
+		goto done;
+	}
+
+	/*
+	 * Now we check that the connections are still usable
+	 */
+	for (i = 0; i < state->num_conns; i++) {
+		struct test_multichannel_bug_15346_conn *conn = &state->conns[i];
+
+		torture_comment(tctx, "conn[%zu]: checking echo again1\n", conn->idx);
+
+		status = smb2cli_echo(conn->smbXcli, 1000);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"smb2cli_echo failed");
+	}
+
+	status = smb2_util_roothandle(tree1, &root_handle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_roothandle failed");
+
+	/*
+	 * Now we check that the connections are still usable
+	 */
+	for (i = 0; i < state->num_conns; i++) {
+		struct test_multichannel_bug_15346_conn *conn = &state->conns[i];
+		struct smbcli_options options = transport1->options;
+		struct smb2_session *session = NULL;
+		struct smb2_tree *tree = NULL;
+		union smb_fileinfo io;
+
+		torture_comment(tctx, "conn[%zu]: checking session bind\n", conn->idx);
+
+		/*
+		 * Prepare smb2_{tree,session,transport} structures
+		 * for the existing connection.
+		 */
+		options.only_negprot = true;
+		status = smb2_connect_ext(state->conns,
+					  host,
+					  NULL, /* ports */
+					  share,
+					  resolve_ctx,
+					  samba_cmdline_get_creds(),
+					  &conn->smbXcli,
+					  0, /* previous_session_id */
+					  &tree,
+					  tctx->ev,
+					  &options,
+					  socket_options,
+					  gsettings);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"smb2_connect_ext failed");
+		conn->smbXcli = tree->session->transport->conn;
+
+		session = smb2_session_channel(tree->session->transport,
+					       lpcfg_gensec_settings(tree, tctx->lp_ctx),
+					       tree,
+					       tree1->session);
+		torture_assert_goto(tctx, session != NULL, ret, done,
+				    "smb2_session_channel failed");
+
+		status = smb2_session_setup_spnego(session,
+						   samba_cmdline_get_creds(),
+						   0 /* previous_session_id */);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"smb2_session_setup_spnego failed");
+
+		/*
+		 * Fix up the bound smb2_tree
+		 */
+		tree->session = session;
+		tree->smbXcli = tree1->smbXcli;
+
+		ZERO_STRUCT(io);
+		io.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+		io.generic.in.file.handle = root_handle;
+
+		status = smb2_getinfo_file(tree, tree, &io);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"smb2_getinfo_file failed");
+	}
+
+ done:
+	talloc_free(state);
+
+	return ret;
+}
+
+struct torture_suite *torture_smb2_multichannel_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "multichannel");
+	struct torture_suite *suite_generic = torture_suite_create(ctx,
+								   "generic");
+	struct torture_suite *suite_oplocks = torture_suite_create(ctx,
+								   "oplocks");
+	struct torture_suite *suite_leases = torture_suite_create(ctx,
+								  "leases");
+	struct torture_suite *suite_bugs = torture_suite_create(ctx,
+								"bugs");
+
+	torture_suite_add_suite(suite, suite_generic);
+	torture_suite_add_suite(suite, suite_oplocks);
+	torture_suite_add_suite(suite, suite_leases);
+	torture_suite_add_suite(suite, suite_bugs);
+
+	torture_suite_add_1smb2_test(suite_generic, "interface_info",
+				     test_multichannel_interface_info);
+	torture_suite_add_1smb2_test(suite_generic, "num_channels",
+				     test_multichannel_num_channels);
+	torture_suite_add_1smb2_test(suite_oplocks, "test1",
+				     test_multichannel_oplock_break_test1);
+	torture_suite_add_1smb2_test(suite_oplocks, "test2",
+				     test_multichannel_oplock_break_test2);
+	torture_suite_add_1smb2_test(suite_oplocks, "test3_windows",
+				     test_multichannel_oplock_break_test3_windows);
+	torture_suite_add_1smb2_test(suite_oplocks, "test3_specification",
+				     test_multichannel_oplock_break_test3_specification);
+	torture_suite_add_1smb2_test(suite_leases, "test1",
+				     test_multichannel_lease_break_test1);
+	torture_suite_add_1smb2_test(suite_leases, "test2",
+				     test_multichannel_lease_break_test2);
+	torture_suite_add_1smb2_test(suite_leases, "test3",
+				     test_multichannel_lease_break_test3);
+	torture_suite_add_1smb2_test(suite_leases, "test4",
+				     test_multichannel_lease_break_test4);
+	torture_suite_add_1smb2_test(suite_bugs, "bug_15346",
+				     test_multichannel_bug_15346);
+
+	suite->description = talloc_strdup(suite, "SMB2 Multichannel tests");
+
+	return suite;
+}
diff --git a/source4/torture/smb2/notify.c b/source4/torture/smb2/notify.c
new file mode 100644
index 0000000..0aadc50
--- /dev/null
+++ b/source4/torture/smb2/notify.c
@@ -0,0 +1,2786 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   SMB2 notify test suite
+
+   Copyright (C) Stefan Metzmacher 2006
+   Copyright (C) Andrew Tridgell 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "../libcli/smb/smbXcli_base.h"
+
+#include "torture/torture.h"
+#include "torture/smb2/proto.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "libcli/security/security.h"
+#include "torture/util.h"
+
+#include "system/filesys.h"
+#include "auth/credentials/credentials.h"
+#include "lib/cmdline/cmdline.h"
+#include "librpc/gen_ndr/security.h"
+
+#include "lib/events/events.h"
+
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/libcli.h"
+
+#define CHECK_STATUS(status, correct) do { \
+	if (!NT_STATUS_EQUAL(status, correct)) { \
+		torture_result(torture, TORTURE_FAIL, \
+		       "(%s) Incorrect status %s - should be %s\n", \
+		       __location__, nt_errstr(status), nt_errstr(correct)); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+#define CHECK_VAL(v, correct) do { \
+	if ((v) != (correct)) { \
+		torture_result(torture, TORTURE_FAIL, \
+		       "(%s) wrong value for %s  0x%x should be 0x%x\n", \
+		       __location__, #v, (int)v, (int)correct); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+#define CHECK_WIRE_STR(field, value) do { \
+	if (!field.s || strcmp(field.s, value)) { \
+		torture_result(torture, TORTURE_FAIL, \
+			"(%s) %s [%s] != %s\n",  __location__, #field, \
+			field.s, value); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+#define WAIT_FOR_ASYNC_RESPONSE(req) \
+	while (!req->cancel.can_cancel && req->state <= SMB2_REQUEST_RECV) { \
+		if (tevent_loop_once(torture->ev) != 0) { \
+			break; \
+		} \
+	}
+
+#define BASEDIR "test_notify"
+#define FNAME "smb2-notify01.dat"
+
+static bool test_valid_request(struct torture_context *torture,
+			       struct smb2_tree *tree)
+{
+	bool ret = true;
+	NTSTATUS status;
+	struct smb2_handle dh;
+	struct smb2_notify n;
+	struct smb2_request *req;
+	uint32_t max_buffer_size;
+
+	torture_comment(torture, "TESTING VALIDITY OF CHANGE NOTIFY REQUEST\n");
+
+	smb2_transport_credits_ask_num(tree->session->transport, 256);
+
+	smb2_util_unlink(tree, FNAME);
+
+	status = smb2_util_roothandle(tree, &dh);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	max_buffer_size =
+		smb2cli_conn_max_trans_size(tree->session->transport->conn);
+
+	n.in.recursive		= 0x0000;
+	n.in.buffer_size	= max_buffer_size;
+	n.in.file.handle	= dh;
+	n.in.completion_filter	= FILE_NOTIFY_CHANGE_ALL;
+	n.in.unknown		= 0x00000000;
+	req = smb2_notify_send(tree, &n);
+
+	while (!req->cancel.can_cancel && req->state <= SMB2_REQUEST_RECV) {
+		if (tevent_loop_once(torture->ev) != 0) {
+			break;
+		}
+	}
+
+	status = torture_setup_simple_file(torture, tree, FNAME);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_notify_recv(req, torture, &n);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(n.out.num_changes, 1);
+	CHECK_VAL(n.out.changes[0].action, NOTIFY_ACTION_ADDED);
+	CHECK_WIRE_STR(n.out.changes[0].name, FNAME);
+
+	/*
+	 * if the change response doesn't fit in the buffer
+	 * NOTIFY_ENUM_DIR is returned.
+	 */
+	n.in.buffer_size	= 0x00000000;
+	req = smb2_notify_send(tree, &n);
+
+	while (!req->cancel.can_cancel && req->state <= SMB2_REQUEST_RECV) {
+		if (tevent_loop_once(torture->ev) != 0) {
+			break;
+		}
+	}
+
+	status = torture_setup_simple_file(torture, tree, FNAME);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_notify_recv(req, torture, &n);
+	CHECK_STATUS(status, NT_STATUS_NOTIFY_ENUM_DIR);
+
+	/*
+	 * if the change response fits in the buffer we get
+	 * NT_STATUS_OK again
+	 */
+	n.in.buffer_size	= max_buffer_size;
+	req = smb2_notify_send(tree, &n);
+
+	while (!req->cancel.can_cancel && req->state <= SMB2_REQUEST_RECV) {
+		if (tevent_loop_once(torture->ev) != 0) {
+			break;
+		}
+	}
+
+	status = torture_setup_simple_file(torture, tree, FNAME);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_notify_recv(req, torture, &n);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(n.out.num_changes, 3);
+	CHECK_VAL(n.out.changes[0].action, NOTIFY_ACTION_REMOVED);
+	CHECK_WIRE_STR(n.out.changes[0].name, FNAME);
+	CHECK_VAL(n.out.changes[1].action, NOTIFY_ACTION_ADDED);
+	CHECK_WIRE_STR(n.out.changes[1].name, FNAME);
+	CHECK_VAL(n.out.changes[2].action, NOTIFY_ACTION_MODIFIED);
+	CHECK_WIRE_STR(n.out.changes[2].name, FNAME);
+
+	/* if the first notify returns NOTIFY_ENUM_DIR, all do */
+	status = smb2_util_close(tree, dh);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_util_roothandle(tree, &dh);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	n.in.recursive		= 0x0000;
+	n.in.buffer_size	= 0x00000001;
+	n.in.file.handle	= dh;
+	n.in.completion_filter	= FILE_NOTIFY_CHANGE_ALL;
+	n.in.unknown		= 0x00000000;
+	req = smb2_notify_send(tree, &n);
+
+	while (!req->cancel.can_cancel && req->state <= SMB2_REQUEST_RECV) {
+		if (tevent_loop_once(torture->ev) != 0) {
+			break;
+		}
+	}
+
+	status = torture_setup_simple_file(torture, tree, FNAME);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_notify_recv(req, torture, &n);
+	CHECK_STATUS(status, NT_STATUS_NOTIFY_ENUM_DIR);
+
+	n.in.buffer_size        = max_buffer_size;
+	req = smb2_notify_send(tree, &n);
+	while (!req->cancel.can_cancel && req->state <= SMB2_REQUEST_RECV) {
+		if (tevent_loop_once(torture->ev) != 0) {
+			break;
+		}
+	}
+
+	status = torture_setup_simple_file(torture, tree, FNAME);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_notify_recv(req, torture, &n);
+	CHECK_STATUS(status, NT_STATUS_NOTIFY_ENUM_DIR);
+
+	/* if the buffer size is too large, we get invalid parameter */
+	n.in.recursive		= 0x0000;
+	n.in.buffer_size	= max_buffer_size + 1;
+	n.in.file.handle	= dh;
+	n.in.completion_filter	= FILE_NOTIFY_CHANGE_ALL;
+	n.in.unknown		= 0x00000000;
+	req = smb2_notify_send(tree, &n);
+	status = smb2_notify_recv(req, torture, &n);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+done:
+	return ret;
+}
+
+/*
+   basic testing of change notify on directories
+*/
+
+#define BASEDIR_DIR BASEDIR "_DIR"
+
+static bool torture_smb2_notify_dir(struct torture_context *torture,
+			      struct smb2_tree *tree1,
+			      struct smb2_tree *tree2)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_notify notify;
+	union smb_open io;
+	union smb_close cl;
+	int i, count;
+	struct smb2_handle h1 = {{0}};
+	struct smb2_handle h2 = {{0}};
+	struct smb2_request *req, *req2;
+	const char *fname = BASEDIR_DIR "\\subdir-name";
+	extern int torture_numops;
+
+	torture_comment(torture, "TESTING CHANGE NOTIFY ON DIRECTORIES\n");
+
+	smb2_deltree(tree1, BASEDIR_DIR);
+	smb2_util_rmdir(tree1, BASEDIR_DIR);
+	/*
+	  get a handle on the directory
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_FILE_ALL;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR_DIR;
+
+	status = smb2_create(tree1, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_READ;
+	status = smb2_create(tree1, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io.smb2.out.file.handle;
+
+	/* ask for a change notify,
+	   on file or directory name changes */
+	ZERO_STRUCT(notify.smb2);
+	notify.smb2.level = RAW_NOTIFY_SMB2;
+	notify.smb2.in.buffer_size = 1000;
+	notify.smb2.in.completion_filter = FILE_NOTIFY_CHANGE_NAME;
+	notify.smb2.in.file.handle = h1;
+	notify.smb2.in.recursive = true;
+
+	torture_comment(torture, "Testing notify cancel\n");
+
+	req = smb2_notify_send(tree1, &(notify.smb2));
+	smb2_cancel(req);
+	status = smb2_notify_recv(req, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_CANCELLED);
+
+	torture_comment(torture, "Testing notify mkdir\n");
+
+	req = smb2_notify_send(tree1, &(notify.smb2));
+	smb2_util_mkdir(tree2, fname);
+
+	status = smb2_notify_recv(req, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	CHECK_VAL(notify.smb2.out.num_changes, 1);
+	CHECK_VAL(notify.smb2.out.changes[0].action, NOTIFY_ACTION_ADDED);
+	CHECK_WIRE_STR(notify.smb2.out.changes[0].name, "subdir-name");
+
+	torture_comment(torture, "Testing notify rmdir\n");
+
+	req = smb2_notify_send(tree1, &(notify.smb2));
+	smb2_util_rmdir(tree2, fname);
+
+	status = smb2_notify_recv(req, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(notify.smb2.out.num_changes, 1);
+	CHECK_VAL(notify.smb2.out.changes[0].action, NOTIFY_ACTION_REMOVED);
+	CHECK_WIRE_STR(notify.smb2.out.changes[0].name, "subdir-name");
+
+	torture_comment(torture,
+		"Testing notify mkdir - rmdir - mkdir - rmdir\n");
+
+	smb2_util_mkdir(tree2, fname);
+	smb2_util_rmdir(tree2, fname);
+	smb2_util_mkdir(tree2, fname);
+	smb2_util_rmdir(tree2, fname);
+	smb_msleep(200);
+	req = smb2_notify_send(tree1, &(notify.smb2));
+	status = smb2_notify_recv(req, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(notify.smb2.out.num_changes, 4);
+	CHECK_VAL(notify.smb2.out.changes[0].action, NOTIFY_ACTION_ADDED);
+	CHECK_WIRE_STR(notify.smb2.out.changes[0].name, "subdir-name");
+	CHECK_VAL(notify.smb2.out.changes[1].action, NOTIFY_ACTION_REMOVED);
+	CHECK_WIRE_STR(notify.smb2.out.changes[1].name, "subdir-name");
+	CHECK_VAL(notify.smb2.out.changes[2].action, NOTIFY_ACTION_ADDED);
+	CHECK_WIRE_STR(notify.smb2.out.changes[2].name, "subdir-name");
+	CHECK_VAL(notify.smb2.out.changes[3].action, NOTIFY_ACTION_REMOVED);
+	CHECK_WIRE_STR(notify.smb2.out.changes[3].name, "subdir-name");
+
+	count = torture_numops;
+	torture_comment(torture,
+		"Testing buffered notify on create of %d files\n", count);
+	for (i=0;i<count;i++) {
+		struct smb2_handle h12;
+		char *fname2 = talloc_asprintf(torture,
+						BASEDIR_DIR "\\test%d.txt",
+						i);
+
+		ZERO_STRUCT(io.smb2);
+		io.generic.level = RAW_OPEN_SMB2;
+	        io.smb2.in.create_flags = 0;
+		io.smb2.in.desired_access = SEC_FILE_ALL;
+	        io.smb2.in.create_options =
+		    NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+		io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	        io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+					NTCREATEX_SHARE_ACCESS_WRITE;
+		io.smb2.in.alloc_size = 0;
+	        io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+		io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	        io.smb2.in.security_flags = 0;
+		io.smb2.in.fname = fname2;
+
+		status = smb2_create(tree1, torture, &(io.smb2));
+		if (!NT_STATUS_EQUAL(status, NT_STATUS_OK)) {
+			torture_comment(torture, "Failed to create %s \n",
+			       fname);
+			ret = false;
+			goto done;
+		}
+		h12 = io.smb2.out.file.handle;
+		talloc_free(fname2);
+		smb2_util_close(tree1, h12);
+	}
+
+	/* (1st notify) setup a new notify on a different directory handle.
+	   This new notify won't see the events above. */
+	notify.smb2.in.file.handle = h2;
+	req2 = smb2_notify_send(tree1, &(notify.smb2));
+
+	/* (2nd notify) whereas this notify will see the above buffered events,
+	   and it directly returns the buffered events */
+	notify.smb2.in.file.handle = h1;
+	req = smb2_notify_send(tree1, &(notify.smb2));
+
+	status = smb2_util_unlink(tree1, BASEDIR_DIR "\\nonexistent.txt");
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	/* (1st unlink) as the 2nd notify directly returns,
+	   this unlink is only seen by the 1st notify and
+	   the 3rd notify (later) */
+	torture_comment(torture,
+		"Testing notify on unlink for the first file\n");
+	status = smb2_util_unlink(tree2, BASEDIR_DIR "\\test0.txt");
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* receive the reply from the 2nd notify */
+	status = smb2_notify_recv(req, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	CHECK_VAL(notify.smb2.out.num_changes, count);
+	for (i=1;i<count;i++) {
+		CHECK_VAL(notify.smb2.out.changes[i].action,
+			  NOTIFY_ACTION_ADDED);
+	}
+	CHECK_WIRE_STR(notify.smb2.out.changes[0].name, "test0.txt");
+
+	torture_comment(torture, "and now from the 1st notify\n");
+	status = smb2_notify_recv(req2, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(notify.smb2.out.num_changes, 1);
+	CHECK_VAL(notify.smb2.out.changes[0].action, NOTIFY_ACTION_REMOVED);
+	CHECK_WIRE_STR(notify.smb2.out.changes[0].name, "test0.txt");
+
+	torture_comment(torture,
+		"(3rd notify) this notify will only see the 1st unlink\n");
+	req = smb2_notify_send(tree1, &(notify.smb2));
+
+	status = smb2_util_unlink(tree1, BASEDIR_DIR "\\nonexistent.txt");
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	for (i=1;i<count;i++) {
+		char *fname2 = talloc_asprintf(torture,
+			      BASEDIR_DIR "\\test%d.txt", i);
+		status = smb2_util_unlink(tree2, fname2);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		talloc_free(fname2);
+	}
+
+	/* receive the 3rd notify */
+	status = smb2_notify_recv(req, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(notify.smb2.out.num_changes, 1);
+	CHECK_VAL(notify.smb2.out.changes[0].action, NOTIFY_ACTION_REMOVED);
+	CHECK_WIRE_STR(notify.smb2.out.changes[0].name, "test0.txt");
+
+	/* and we now see the rest of the unlink calls on both
+	 * directory handles */
+	notify.smb2.in.file.handle = h1;
+	sleep(3);
+	req = smb2_notify_send(tree1, &(notify.smb2));
+	status = smb2_notify_recv(req, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(notify.smb2.out.num_changes, count-1);
+	for (i=0;i<notify.smb2.out.num_changes;i++) {
+		CHECK_VAL(notify.smb2.out.changes[i].action,
+			  NOTIFY_ACTION_REMOVED);
+	}
+	notify.smb2.in.file.handle = h2;
+	req = smb2_notify_send(tree1, &(notify.smb2));
+	status = smb2_notify_recv(req, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(notify.smb2.out.num_changes, count-1);
+	for (i=0;i<notify.smb2.out.num_changes;i++) {
+		CHECK_VAL(notify.smb2.out.changes[i].action,
+			  NOTIFY_ACTION_REMOVED);
+	}
+
+	torture_comment(torture,
+	"Testing if a close() on the dir handle triggers the notify reply\n");
+
+	notify.smb2.in.file.handle = h1;
+	req = smb2_notify_send(tree1, &(notify.smb2));
+
+	ZERO_STRUCT(cl.smb2);
+	cl.smb2.level = RAW_CLOSE_SMB2;
+	cl.smb2.in.file.handle = h1;
+	status = smb2_close(tree1, &(cl.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_notify_recv(req, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_NOTIFY_CLEANUP);
+	CHECK_VAL(notify.smb2.out.num_changes, 9);
+
+done:
+	smb2_util_close(tree1, h1);
+	smb2_util_close(tree1, h2);
+	smb2_deltree(tree1, BASEDIR_DIR);
+	return ret;
+}
+
+static struct smb2_handle custom_smb2_create(struct smb2_tree *tree,
+						struct torture_context *torture,
+						struct smb2_create *smb2)
+{
+	struct smb2_handle h1;
+	bool ret = true;
+	NTSTATUS status;
+	smb2_deltree(tree, smb2->in.fname);
+	status = smb2_create(tree, torture, smb2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = smb2->out.file.handle;
+done:
+	if (!ret) {
+		h1 = (struct smb2_handle) {
+			.data = { 0 , 0},
+		};
+	}
+	return h1;
+}
+
+/*
+   testing of recursive change notify
+*/
+
+#define BASEDIR_REC BASEDIR "_REC"
+
+static bool torture_smb2_notify_recursive(struct torture_context *torture,
+				struct smb2_tree *tree1,
+				struct smb2_tree *tree2)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_notify notify;
+	union smb_open io, io1;
+	union smb_setfileinfo sinfo;
+	struct smb2_handle h1;
+	struct smb2_request *req1, *req2;
+
+	smb2_deltree(tree1, BASEDIR_REC);
+	smb2_util_rmdir(tree1, BASEDIR_REC);
+
+	torture_comment(torture, "TESTING CHANGE NOTIFY WITH RECURSION\n");
+
+	/*
+	  get a handle on the directory
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_FILE_ALL;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR_REC;
+
+	status = smb2_create(tree1, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+
+	/* ask for a change notify, on file or directory name
+	   changes. Setup both with and without recursion */
+	ZERO_STRUCT(notify.smb2);
+	notify.smb2.level = RAW_NOTIFY_SMB2;
+	notify.smb2.in.buffer_size = 1000;
+	notify.smb2.in.completion_filter = FILE_NOTIFY_CHANGE_NAME |
+				FILE_NOTIFY_CHANGE_ATTRIBUTES |
+				FILE_NOTIFY_CHANGE_CREATION;
+	notify.smb2.in.file.handle = h1;
+
+	notify.smb2.in.recursive = true;
+	req1 = smb2_notify_send(tree1, &(notify.smb2));
+	smb2_cancel(req1);
+	status = smb2_notify_recv(req1, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_CANCELLED);
+
+	notify.smb2.in.recursive = false;
+	req2 = smb2_notify_send(tree1, &(notify.smb2));
+	smb2_cancel(req2);
+	status = smb2_notify_recv(req2, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_CANCELLED);
+
+	ZERO_STRUCT(io1.smb2);
+	io1.generic.level = RAW_OPEN_SMB2;
+	io1.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io1.smb2.in.desired_access = SEC_RIGHTS_FILE_READ |
+				SEC_RIGHTS_FILE_WRITE|
+				SEC_RIGHTS_FILE_ALL;
+	io1.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io1.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io1.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE |
+				NTCREATEX_SHARE_ACCESS_DELETE;
+	io1.smb2.in.alloc_size = 0;
+	io1.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io1.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io1.smb2.in.security_flags = 0;
+	io1.smb2.in.fname = BASEDIR_REC "\\subdir-name";
+	status = smb2_create(tree2, torture, &(io1.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree2, io1.smb2.out.file.handle);
+
+	io1.smb2.in.fname = BASEDIR_REC "\\subdir-name\\subname1";
+	status = smb2_create(tree2, torture, &(io1.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	ZERO_STRUCT(sinfo);
+	sinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sinfo.rename_information.in.file.handle = io1.smb2.out.file.handle;
+	sinfo.rename_information.in.overwrite = 0;
+	sinfo.rename_information.in.root_fid = 0;
+	sinfo.rename_information.in.new_name =
+				BASEDIR_REC "\\subdir-name\\subname1-r";
+	status = smb2_setinfo_file(tree2, &sinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	io1.smb2.in.create_options = NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+	io1.smb2.in.fname = BASEDIR_REC "\\subdir-name\\subname2";
+	status = smb2_create(tree2, torture, &(io1.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	ZERO_STRUCT(sinfo);
+	sinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sinfo.rename_information.in.file.handle = io1.smb2.out.file.handle;
+	sinfo.rename_information.in.overwrite = true;
+	sinfo.rename_information.in.root_fid = 0;
+	sinfo.rename_information.in.new_name = BASEDIR_REC "\\subname2-r";
+	status = smb2_setinfo_file(tree2, &sinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	io1.smb2.in.fname = BASEDIR_REC "\\subname2-r";
+	io1.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	status = smb2_create(tree2, torture, &(io1.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	ZERO_STRUCT(sinfo);
+	sinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sinfo.rename_information.in.file.handle = io1.smb2.out.file.handle;
+	sinfo.rename_information.in.overwrite = true;
+	sinfo.rename_information.in.root_fid = 0;
+	sinfo.rename_information.in.new_name = BASEDIR_REC "\\subname3-r";
+	status = smb2_setinfo_file(tree2, &sinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	notify.smb2.in.completion_filter = 0;
+	notify.smb2.in.recursive = true;
+	smb_msleep(200);
+	req1 = smb2_notify_send(tree1, &(notify.smb2));
+
+	status = smb2_util_rmdir(tree2,
+		BASEDIR_REC "\\subdir-name\\subname1-r");
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_util_rmdir(tree2,
+		BASEDIR_REC "\\subdir-name");
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_util_unlink(tree2, BASEDIR_REC "\\subname3-r");
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	notify.smb2.in.recursive = false;
+	req2 = smb2_notify_send(tree1, &(notify.smb2));
+
+	status = smb2_notify_recv(req1, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	CHECK_VAL(notify.smb2.out.num_changes, 9);
+	CHECK_VAL(notify.smb2.out.changes[0].action, NOTIFY_ACTION_ADDED);
+	CHECK_WIRE_STR(notify.smb2.out.changes[0].name, "subdir-name");
+	CHECK_VAL(notify.smb2.out.changes[1].action, NOTIFY_ACTION_ADDED);
+	CHECK_WIRE_STR(notify.smb2.out.changes[1].name, "subdir-name\\subname1");
+	CHECK_VAL(notify.smb2.out.changes[2].action, NOTIFY_ACTION_OLD_NAME);
+	CHECK_WIRE_STR(notify.smb2.out.changes[2].name, "subdir-name\\subname1");
+	CHECK_VAL(notify.smb2.out.changes[3].action, NOTIFY_ACTION_NEW_NAME);
+	CHECK_WIRE_STR(notify.smb2.out.changes[3].name, "subdir-name\\subname1-r");
+	CHECK_VAL(notify.smb2.out.changes[4].action, NOTIFY_ACTION_ADDED);
+	CHECK_WIRE_STR(notify.smb2.out.changes[4].name, "subdir-name\\subname2");
+	CHECK_VAL(notify.smb2.out.changes[5].action, NOTIFY_ACTION_REMOVED);
+	CHECK_WIRE_STR(notify.smb2.out.changes[5].name, "subdir-name\\subname2");
+	CHECK_VAL(notify.smb2.out.changes[6].action, NOTIFY_ACTION_ADDED);
+	CHECK_WIRE_STR(notify.smb2.out.changes[6].name, "subname2-r");
+	CHECK_VAL(notify.smb2.out.changes[7].action, NOTIFY_ACTION_OLD_NAME);
+	CHECK_WIRE_STR(notify.smb2.out.changes[7].name, "subname2-r");
+	CHECK_VAL(notify.smb2.out.changes[8].action, NOTIFY_ACTION_NEW_NAME);
+	CHECK_WIRE_STR(notify.smb2.out.changes[8].name, "subname3-r");
+
+done:
+	smb2_deltree(tree1, BASEDIR_REC);
+	return ret;
+}
+
+/*
+   testing of change notify mask change
+*/
+
+#define BASEDIR_MC BASEDIR "_MC"
+
+static bool torture_smb2_notify_mask_change(struct torture_context *torture,
+					    struct smb2_tree *tree1,
+					    struct smb2_tree *tree2)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_notify notify;
+	union smb_open io, io1;
+	struct smb2_handle h1;
+	struct smb2_request *req1, *req2;
+	union smb_setfileinfo sinfo;
+
+	smb2_deltree(tree1, BASEDIR_MC);
+	smb2_util_rmdir(tree1, BASEDIR_MC);
+
+	torture_comment(torture, "TESTING CHANGE NOTIFY WITH MASK CHANGE\n");
+
+	/*
+	  get a handle on the directory
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_FILE_ALL;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR_MC;
+
+	status = smb2_create(tree1, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+
+	/* ask for a change notify, on file or directory name
+	   changes. Setup both with and without recursion */
+	ZERO_STRUCT(notify.smb2);
+	notify.smb2.level = RAW_NOTIFY_SMB2;
+	notify.smb2.in.buffer_size = 1000;
+	notify.smb2.in.completion_filter = FILE_NOTIFY_CHANGE_ATTRIBUTES;
+	notify.smb2.in.file.handle = h1;
+
+	notify.smb2.in.recursive = true;
+	req1 = smb2_notify_send(tree1, &(notify.smb2));
+
+	smb2_cancel(req1);
+	status = smb2_notify_recv(req1, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_CANCELLED);
+
+
+	notify.smb2.in.recursive = false;
+	req2 = smb2_notify_send(tree1, &(notify.smb2));
+
+	smb2_cancel(req2);
+	status = smb2_notify_recv(req2, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_CANCELLED);
+
+	notify.smb2.in.recursive = true;
+	req1 = smb2_notify_send(tree1, &(notify.smb2));
+
+	/* Set to hidden then back again. */
+	ZERO_STRUCT(io1.smb2);
+	io1.generic.level = RAW_OPEN_SMB2;
+	io1.smb2.in.create_flags = 0;
+	io1.smb2.in.desired_access = SEC_RIGHTS_FILE_READ |
+				SEC_RIGHTS_FILE_WRITE|
+				SEC_RIGHTS_FILE_ALL;
+	io1.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io1.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE |
+				NTCREATEX_SHARE_ACCESS_DELETE;
+	io1.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io1.smb2.in.security_flags = 0;
+	io1.smb2.in.create_options = NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+	io1.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io1.smb2.in.fname = BASEDIR_MC "\\tname1";
+
+	smb2_util_close(tree1,
+		custom_smb2_create(tree1, torture, &(io1.smb2)));
+	status = smb2_util_setatr(tree1, BASEDIR_MC "\\tname1",
+				FILE_ATTRIBUTE_HIDDEN);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_unlink(tree1, BASEDIR_MC "\\tname1");
+
+	status = smb2_notify_recv(req1, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	CHECK_VAL(notify.smb2.out.num_changes, 1);
+	CHECK_VAL(notify.smb2.out.changes[0].action, NOTIFY_ACTION_MODIFIED);
+	CHECK_WIRE_STR(notify.smb2.out.changes[0].name, "tname1");
+
+	/* Now try and change the mask to include other events.
+	 * This should not work - once the mask is set on a directory
+	 * h1 it seems to be fixed until the fnum is closed. */
+
+	notify.smb2.in.completion_filter = FILE_NOTIFY_CHANGE_NAME |
+					FILE_NOTIFY_CHANGE_ATTRIBUTES |
+					FILE_NOTIFY_CHANGE_CREATION;
+	notify.smb2.in.recursive = true;
+	req1 = smb2_notify_send(tree1, &(notify.smb2));
+
+	notify.smb2.in.recursive = false;
+	req2 = smb2_notify_send(tree1, &(notify.smb2));
+
+	io1.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io1.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io1.smb2.in.fname = BASEDIR_MC "\\subdir-name";
+	status = smb2_create(tree2, torture, &(io1.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree2, io1.smb2.out.file.handle);
+
+	ZERO_STRUCT(sinfo);
+	io1.smb2.in.fname = BASEDIR_MC "\\subdir-name\\subname1";
+	io1.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io1.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	status = smb2_create(tree2, torture, &(io1.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	sinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sinfo.rename_information.in.file.handle = io1.smb2.out.file.handle;
+	sinfo.rename_information.in.overwrite = true;
+	sinfo.rename_information.in.root_fid = 0;
+	sinfo.rename_information.in.new_name =
+				BASEDIR_MC "\\subdir-name\\subname1-r";
+	status = smb2_setinfo_file(tree2, &sinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	io1.smb2.in.fname = BASEDIR_MC "\\subdir-name\\subname2";
+	io1.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io1.smb2.in.create_options = NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+	status = smb2_create(tree2, torture, &(io1.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	sinfo.rename_information.in.file.handle = io1.smb2.out.file.handle;
+	sinfo.rename_information.in.new_name = BASEDIR_MC "\\subname2-r";
+	status = smb2_setinfo_file(tree2, &sinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree2, io1.smb2.out.file.handle);
+
+	io1.smb2.in.fname = BASEDIR_MC "\\subname2-r";
+	io1.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	status = smb2_create(tree2, torture, &(io1.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	sinfo.rename_information.in.file.handle = io1.smb2.out.file.handle;
+	sinfo.rename_information.in.new_name = BASEDIR_MC "\\subname3-r";
+	status = smb2_setinfo_file(tree2, &sinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree2, io1.smb2.out.file.handle);
+
+	status = smb2_util_rmdir(tree2, BASEDIR_MC "\\subdir-name\\subname1-r");
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_util_rmdir(tree2, BASEDIR_MC "\\subdir-name");
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_util_unlink(tree2, BASEDIR_MC "\\subname3-r");
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_notify_recv(req1, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	CHECK_VAL(notify.smb2.out.num_changes, 1);
+	CHECK_VAL(notify.smb2.out.changes[0].action, NOTIFY_ACTION_MODIFIED);
+	CHECK_WIRE_STR(notify.smb2.out.changes[0].name, "subname2-r");
+
+	status = smb2_notify_recv(req2, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	CHECK_VAL(notify.smb2.out.num_changes, 1);
+	CHECK_VAL(notify.smb2.out.changes[0].action, NOTIFY_ACTION_MODIFIED);
+	CHECK_WIRE_STR(notify.smb2.out.changes[0].name, "subname3-r");
+
+	if (!ret) {
+		goto done;
+	}
+
+done:
+	smb2_deltree(tree1, BASEDIR_MC);
+	return ret;
+}
+
+/*
+   testing of mask bits for change notify
+*/
+
+#define BASEDIR_MSK BASEDIR "_MSK"
+
+static bool torture_smb2_notify_mask(struct torture_context *torture,
+				     struct smb2_tree *tree1,
+				     struct smb2_tree *tree2)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_notify notify;
+	union smb_open io, io1;
+	struct smb2_handle h1, h2;
+	int i;
+	char c = 1;
+	union smb_setfileinfo sinfo;
+
+	smb2_deltree(tree1, BASEDIR_MSK);
+	smb2_util_rmdir(tree1, BASEDIR_MSK);
+
+	torture_comment(torture, "TESTING CHANGE NOTIFY COMPLETION FILTERS\n");
+
+
+	ZERO_STRUCT(h1);
+	ZERO_STRUCT(h2);
+	/*
+	  get a handle on the directory
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_FILE_ALL;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR_MSK;
+
+	ZERO_STRUCT(notify.smb2);
+	notify.smb2.level = RAW_NOTIFY_SMB2;
+	notify.smb2.in.buffer_size = 1000;
+	notify.smb2.in.recursive = true;
+
+#define NOTIFY_MASK_TEST(test_name, setup, op, cleanup, Action, \
+			 expected, nchanges) \
+	do { \
+	do { for (i=0;i<32;i++) { \
+		struct smb2_request *req; \
+		status = smb2_create(tree1, torture, &(io.smb2)); \
+		CHECK_STATUS(status, NT_STATUS_OK); \
+		h1 = io.smb2.out.file.handle; \
+		setup \
+		notify.smb2.in.file.handle = h1;	\
+		notify.smb2.in.completion_filter = ((uint32_t)1<<i); \
+		/* cancel initial requests so the buffer is setup */	\
+		req = smb2_notify_send(tree1, &(notify.smb2)); \
+		smb2_cancel(req); \
+		status = smb2_notify_recv(req, torture, &(notify.smb2)); \
+		CHECK_STATUS(status, NT_STATUS_CANCELLED); \
+		/* send the change notify request */ \
+		req = smb2_notify_send(tree1, &(notify.smb2)); \
+		op \
+		smb_msleep(200); smb2_cancel(req); \
+		status = smb2_notify_recv(req, torture, &(notify.smb2)); \
+		cleanup \
+		smb2_util_close(tree1, h1); \
+		if (NT_STATUS_EQUAL(status, NT_STATUS_CANCELLED)) continue; \
+		CHECK_STATUS(status, NT_STATUS_OK); \
+		/* special case to cope with file rename behaviour */ \
+		if (nchanges == 2 && notify.smb2.out.num_changes == 1 && \
+		    notify.smb2.out.changes[0].action == \
+			NOTIFY_ACTION_MODIFIED && \
+		    ((expected) & FILE_NOTIFY_CHANGE_ATTRIBUTES) && \
+		    Action == NOTIFY_ACTION_OLD_NAME) { \
+			torture_comment(torture, \
+				"(rename file special handling OK)\n"); \
+		} else if (nchanges != notify.smb2.out.num_changes) { \
+			torture_result(torture, TORTURE_FAIL, \
+			       "ERROR: nchanges=%d expected=%d "\
+			       "action=%d filter=0x%08x\n", \
+			       notify.smb2.out.num_changes, \
+			       nchanges, \
+			       notify.smb2.out.changes[0].action, \
+			       notify.smb2.in.completion_filter); \
+			ret = false; \
+		} else if (notify.smb2.out.changes[0].action != Action) { \
+			torture_result(torture, TORTURE_FAIL, \
+			       "ERROR: nchanges=%d action=%d " \
+			       "expectedAction=%d filter=0x%08x\n", \
+			       notify.smb2.out.num_changes, \
+			       notify.smb2.out.changes[0].action, \
+			       Action, \
+			       notify.smb2.in.completion_filter); \
+			ret = false; \
+		} else if (strcmp(notify.smb2.out.changes[0].name.s, \
+			   "tname1") != 0) { \
+			torture_result(torture, TORTURE_FAIL, \
+			       "ERROR: nchanges=%d action=%d " \
+			       "filter=0x%08x name=%s\n", \
+			       notify.smb2.out.num_changes, \
+			       notify.smb2.out.changes[0].action, \
+			       notify.smb2.in.completion_filter, \
+			       notify.smb2.out.changes[0].name.s);	\
+			ret = false; \
+		} \
+	} \
+	} while (0); \
+	} while (0);
+
+	torture_comment(torture, "Testing mkdir\n");
+	NOTIFY_MASK_TEST("Testing mkdir",;,
+			 smb2_util_mkdir(tree2, BASEDIR_MSK "\\tname1");,
+			 smb2_util_rmdir(tree2, BASEDIR_MSK "\\tname1");,
+			 NOTIFY_ACTION_ADDED,
+			 FILE_NOTIFY_CHANGE_DIR_NAME, 1);
+
+	torture_comment(torture, "Testing create file\n");
+	ZERO_STRUCT(io1.smb2);
+	io1.generic.level = RAW_OPEN_SMB2;
+	io1.smb2.in.create_flags = 0;
+	io1.smb2.in.desired_access = SEC_FILE_ALL;
+	io1.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io1.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE;
+	io1.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io1.smb2.in.security_flags = 0;
+	io1.smb2.in.create_options = NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+	io1.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io1.smb2.in.fname = BASEDIR_MSK "\\tname1";
+
+	NOTIFY_MASK_TEST("Testing create file",;,
+			 smb2_util_close(tree2, custom_smb2_create(tree2,
+						torture, &(io1.smb2)));,
+			 smb2_util_unlink(tree2, BASEDIR_MSK "\\tname1");,
+			 NOTIFY_ACTION_ADDED,
+			 FILE_NOTIFY_CHANGE_FILE_NAME, 1);
+
+	torture_comment(torture, "Testing unlink\n");
+	NOTIFY_MASK_TEST("Testing unlink",
+			 smb2_util_close(tree2, custom_smb2_create(tree2,
+						torture, &(io1.smb2)));,
+			 smb2_util_unlink(tree2, BASEDIR_MSK "\\tname1");,
+			 ;,
+			 NOTIFY_ACTION_REMOVED,
+			 FILE_NOTIFY_CHANGE_FILE_NAME, 1);
+
+	torture_comment(torture, "Testing rmdir\n");
+	NOTIFY_MASK_TEST("Testing rmdir",
+			 smb2_util_mkdir(tree2, BASEDIR_MSK "\\tname1");,
+			 smb2_util_rmdir(tree2, BASEDIR_MSK "\\tname1");,
+			 ;,
+			 NOTIFY_ACTION_REMOVED,
+			 FILE_NOTIFY_CHANGE_DIR_NAME, 1);
+
+	torture_comment(torture, "Testing rename file\n");
+	ZERO_STRUCT(sinfo);
+	sinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sinfo.rename_information.in.file.handle = h1;
+	sinfo.rename_information.in.overwrite = true;
+	sinfo.rename_information.in.root_fid = 0;
+	sinfo.rename_information.in.new_name = BASEDIR_MSK "\\tname2";
+	NOTIFY_MASK_TEST("Testing rename file",
+			 smb2_util_close(tree2, custom_smb2_create(tree2,
+						torture, &(io1.smb2)));,
+			 smb2_setinfo_file(tree2, &sinfo);,
+			 smb2_util_unlink(tree2, BASEDIR_MSK "\\tname2");,
+			 NOTIFY_ACTION_OLD_NAME,
+			 FILE_NOTIFY_CHANGE_FILE_NAME, 2);
+
+	torture_comment(torture, "Testing rename dir\n");
+	ZERO_STRUCT(sinfo);
+	sinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sinfo.rename_information.in.file.handle = h1;
+	sinfo.rename_information.in.overwrite = true;
+	sinfo.rename_information.in.root_fid = 0;
+	sinfo.rename_information.in.new_name = BASEDIR_MSK "\\tname2";
+	NOTIFY_MASK_TEST("Testing rename dir",
+		smb2_util_mkdir(tree2, BASEDIR_MSK "\\tname1");,
+		smb2_setinfo_file(tree2, &sinfo);,
+		smb2_util_rmdir(tree2, BASEDIR_MSK "\\tname2");,
+		NOTIFY_ACTION_OLD_NAME,
+		FILE_NOTIFY_CHANGE_DIR_NAME, 2);
+
+	torture_comment(torture, "Testing set path attribute\n");
+	NOTIFY_MASK_TEST("Testing set path attribute",
+		smb2_util_close(tree2, custom_smb2_create(tree2,
+				       torture, &(io.smb2)));,
+		smb2_util_setatr(tree2, BASEDIR_MSK "\\tname1",
+				 FILE_ATTRIBUTE_HIDDEN);,
+		smb2_util_unlink(tree2, BASEDIR_MSK "\\tname1");,
+		NOTIFY_ACTION_MODIFIED,
+		FILE_NOTIFY_CHANGE_ATTRIBUTES, 1);
+
+	torture_comment(torture, "Testing set path write time\n");
+	ZERO_STRUCT(sinfo);
+	sinfo.generic.level = RAW_SFILEINFO_BASIC_INFORMATION;
+	sinfo.generic.in.file.handle = h1;
+	sinfo.basic_info.in.write_time = 1000;
+	NOTIFY_MASK_TEST("Testing set path write time",
+		smb2_util_close(tree2, custom_smb2_create(tree2,
+				       torture, &(io1.smb2)));,
+		smb2_setinfo_file(tree2, &sinfo);,
+		smb2_util_unlink(tree2, BASEDIR_MSK "\\tname1");,
+		NOTIFY_ACTION_MODIFIED,
+		FILE_NOTIFY_CHANGE_LAST_WRITE, 1);
+
+	if (torture_setting_bool(torture, "samba3", false)) {
+		torture_comment(torture,
+		       "Samba3 does not yet support create times "
+		       "everywhere\n");
+	}
+	else {
+		ZERO_STRUCT(sinfo);
+	        sinfo.generic.level = RAW_SFILEINFO_BASIC_INFORMATION;
+		sinfo.generic.in.file.handle = h1;
+	        sinfo.basic_info.in.create_time = 0;
+		torture_comment(torture, "Testing set file create time\n");
+		NOTIFY_MASK_TEST("Testing set file create time",
+			smb2_create_complex_file(torture, tree2,
+			BASEDIR_MSK "\\tname1", &h2);,
+			smb2_setinfo_file(tree2, &sinfo);,
+			(smb2_util_close(tree2, h2),
+			 smb2_util_unlink(tree2, BASEDIR_MSK "\\tname1"));,
+			NOTIFY_ACTION_MODIFIED,
+			FILE_NOTIFY_CHANGE_CREATION, 1);
+	}
+
+	ZERO_STRUCT(sinfo);
+	sinfo.generic.level = RAW_SFILEINFO_BASIC_INFORMATION;
+	sinfo.generic.in.file.handle = h1;
+	sinfo.basic_info.in.access_time = 0;
+	torture_comment(torture, "Testing set file access time\n");
+	NOTIFY_MASK_TEST("Testing set file access time",
+		smb2_create_complex_file(torture,
+			tree2,
+			BASEDIR_MSK "\\tname1",
+			&h2);,
+		smb2_setinfo_file(tree2, &sinfo);,
+		(smb2_util_close(tree2, h2),
+		smb2_util_unlink(tree2, BASEDIR_MSK "\\tname1"));,
+		NOTIFY_ACTION_MODIFIED,
+		FILE_NOTIFY_CHANGE_LAST_ACCESS, 1);
+
+	ZERO_STRUCT(sinfo);
+	sinfo.generic.level = RAW_SFILEINFO_BASIC_INFORMATION;
+	sinfo.generic.in.file.handle = h1;
+	sinfo.basic_info.in.change_time = 0;
+	torture_comment(torture, "Testing set file change time\n");
+	NOTIFY_MASK_TEST("Testing set file change time",
+		smb2_create_complex_file(torture,
+			tree2,
+			BASEDIR_MSK "\\tname1",
+			&h2);,
+		smb2_setinfo_file(tree2, &sinfo);,
+		(smb2_util_close(tree2, h2),
+		smb2_util_unlink(tree2, BASEDIR_MSK "\\tname1"));,
+		NOTIFY_ACTION_MODIFIED,
+		0, 1);
+
+
+	torture_comment(torture, "Testing write\n");
+	NOTIFY_MASK_TEST("Testing write",
+		smb2_create_complex_file(torture,
+			tree2,
+			BASEDIR_MSK "\\tname1",
+			&h2);,
+		smb2_util_write(tree2, h2, &c, 10000, 1);,
+		(smb2_util_close(tree2, h2),
+		smb2_util_unlink(tree2, BASEDIR_MSK "\\tname1"));,
+		NOTIFY_ACTION_MODIFIED,
+		0, 1);
+
+done:
+	smb2_deltree(tree1, BASEDIR_MSK);
+	return ret;
+}
+
+#define BASEDIR_FL BASEDIR "_FL"
+/*
+  basic testing of change notify on files
+*/
+static bool torture_smb2_notify_file(struct torture_context *torture,
+				struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	union smb_close cl;
+	union smb_notify notify;
+	struct smb2_request *req;
+	struct smb2_handle h1;
+	const char *fname = BASEDIR_FL "\\file.txt";
+
+	smb2_deltree(tree, BASEDIR_FL);
+	smb2_util_rmdir(tree, BASEDIR_FL);
+
+	torture_comment(torture, "TESTING CHANGE NOTIFY ON FILES\n");
+	status = torture_smb2_testdir(tree, BASEDIR_FL, &h1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+	status = smb2_create(tree, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+
+	/* ask for a change notify,
+	   on file or directory name changes */
+	ZERO_STRUCT(notify.smb2);
+	notify.smb2.level = RAW_NOTIFY_SMB2;
+	notify.smb2.in.file.handle = h1;
+	notify.smb2.in.buffer_size = 1000;
+	notify.smb2.in.completion_filter = FILE_NOTIFY_CHANGE_STREAM_NAME;
+	notify.smb2.in.recursive = false;
+
+	torture_comment(torture,
+	"Testing if notifies on file handles are invalid (should be)\n");
+
+	req = smb2_notify_send(tree, &(notify.smb2));
+	status = smb2_notify_recv(req, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	ZERO_STRUCT(cl.smb2);
+	cl.close.level = RAW_CLOSE_SMB2;
+	cl.close.in.file.handle = h1;
+	status = smb2_close(tree, &(cl.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_util_unlink(tree, fname);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+done:
+	smb2_deltree(tree, BASEDIR_FL);
+	return ret;
+}
+/*
+  basic testing of change notifies followed by a tdis
+*/
+
+#define BASEDIR_TD BASEDIR "_TD"
+
+static bool torture_smb2_notify_tree_disconnect(
+		struct torture_context *torture,
+		struct smb2_tree *tree)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_notify notify;
+	union smb_open io;
+	struct smb2_handle h1;
+	struct smb2_request *req;
+
+	smb2_deltree(tree, BASEDIR_TD);
+	smb2_util_rmdir(tree, BASEDIR_TD);
+
+	torture_comment(torture, "TESTING CHANGE NOTIFY+CANCEL FOLLOWED BY "
+			"TREE-DISCONNECT\n");
+
+	/*
+	  get a handle on the directory
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_FILE_ALL;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR_TD;
+
+	status = smb2_create(tree, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+
+	/* ask for a change notify,
+	   on file or directory name changes */
+	ZERO_STRUCT(notify.smb2);
+	notify.smb2.level = RAW_NOTIFY_SMB2;
+	notify.smb2.in.buffer_size = 1000;
+	notify.smb2.in.completion_filter = FILE_NOTIFY_CHANGE_NAME;
+	notify.smb2.in.file.handle = h1;
+	notify.smb2.in.recursive = true;
+
+	req = smb2_notify_send(tree, &(notify.smb2));
+	smb2_cancel(req);
+	status = smb2_notify_recv(req, torture, &(notify.smb2));
+
+	status = smb2_tdis(tree);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	req = smb2_notify_send(tree, &(notify.smb2));
+
+	smb2_notify_recv(req, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(notify.smb2.out.num_changes, 0);
+
+done:
+	smb2_deltree(tree, BASEDIR_TD);
+	return ret;
+}
+
+/*
+  testing of change notifies followed by a tdis - no cancel
+*/
+
+#define BASEDIR_NTDIS BASEDIR "_NTDIS"
+
+static bool torture_smb2_notify_tree_disconnect_1(
+		struct torture_context *torture,
+		struct smb2_tree *tree)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_notify notify;
+	union smb_open io;
+	struct smb2_handle h1;
+	struct smb2_request *req;
+
+	smb2_deltree(tree, BASEDIR_NTDIS);
+	smb2_util_rmdir(tree, BASEDIR_NTDIS);
+
+	torture_comment(torture, "TESTING CHANGE NOTIFY ASYNC FOLLOWED BY "
+			"TREE-DISCONNECT\n");
+
+	/*
+	  get a handle on the directory
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_FILE_ALL;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR_NTDIS;
+
+	status = smb2_create(tree, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+
+	/* ask for a change notify,
+	   on file or directory name changes */
+	ZERO_STRUCT(notify.smb2);
+	notify.smb2.level = RAW_NOTIFY_SMB2;
+	notify.smb2.in.buffer_size = 1000;
+	notify.smb2.in.completion_filter = FILE_NOTIFY_CHANGE_NAME;
+	notify.smb2.in.file.handle = h1;
+	notify.smb2.in.recursive = true;
+
+	req = smb2_notify_send(tree, &(notify.smb2));
+	WAIT_FOR_ASYNC_RESPONSE(req);
+
+	status = smb2_tdis(tree);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_notify_recv(req, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_NOTIFY_CLEANUP);
+	CHECK_VAL(notify.smb2.out.num_changes, 0);
+
+done:
+	smb2_deltree(tree, BASEDIR_NTDIS);
+	return ret;
+}
+
+/*
+  basic testing of change notifies followed by a close
+*/
+
+#define BASEDIR_CNC BASEDIR "_CNC"
+
+static bool torture_smb2_notify_close(struct torture_context *torture,
+				struct smb2_tree *tree1)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_notify notify;
+	union smb_open io;
+	struct smb2_handle h1;
+	struct smb2_request *req;
+
+	smb2_deltree(tree1, BASEDIR_CNC);
+	smb2_util_rmdir(tree1, BASEDIR_CNC);
+
+	torture_comment(torture, "TESTING CHANGE NOTIFY FOLLOWED BY ULOGOFF\n");
+
+	/*
+	  get a handle on the directory
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_FILE_ALL;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR_CNC;
+
+	status = smb2_create(tree1, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	status = smb2_create(tree1, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+
+	/* ask for a change notify,
+	   on file or directory name changes */
+	ZERO_STRUCT(notify.smb2);
+	notify.smb2.level = RAW_NOTIFY_SMB2;
+	notify.smb2.in.buffer_size = 1000;
+	notify.smb2.in.completion_filter = FILE_NOTIFY_CHANGE_NAME;
+	notify.smb2.in.file.handle = h1;
+	notify.smb2.in.recursive = true;
+
+	req = smb2_notify_send(tree1, &(notify.smb2));
+
+	WAIT_FOR_ASYNC_RESPONSE(req);
+
+	status = smb2_util_close(tree1, h1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_notify_recv(req, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_NOTIFY_CLEANUP);
+	CHECK_VAL(notify.smb2.out.num_changes, 0);
+
+done:
+	smb2_deltree(tree1, BASEDIR_CNC);
+	return ret;
+}
+
+/*
+  basic testing of change notifies followed by a ulogoff
+*/
+
+#define BASEDIR_NUL BASEDIR "_NUL"
+static bool torture_smb2_notify_ulogoff(struct torture_context *torture,
+				struct smb2_tree *tree1)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_notify notify;
+	union smb_open io;
+	struct smb2_handle h1;
+	struct smb2_request *req;
+
+	smb2_deltree(tree1, BASEDIR_NUL);
+	smb2_util_rmdir(tree1, BASEDIR_NUL);
+
+	torture_comment(torture, "TESTING CHANGE NOTIFY FOLLOWED BY ULOGOFF\n");
+
+	/*
+	  get a handle on the directory
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_FILE_ALL;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR_NUL;
+
+	status = smb2_create(tree1, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	status = smb2_create(tree1, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+
+	/* ask for a change notify,
+	   on file or directory name changes */
+	ZERO_STRUCT(notify.smb2);
+	notify.smb2.level = RAW_NOTIFY_SMB2;
+	notify.smb2.in.buffer_size = 1000;
+	notify.smb2.in.completion_filter = FILE_NOTIFY_CHANGE_NAME;
+	notify.smb2.in.file.handle = h1;
+	notify.smb2.in.recursive = true;
+
+	req = smb2_notify_send(tree1, &(notify.smb2));
+
+	WAIT_FOR_ASYNC_RESPONSE(req);
+
+	status = smb2_logoff(tree1->session);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_notify_recv(req, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_NOTIFY_CLEANUP);
+	CHECK_VAL(notify.smb2.out.num_changes, 0);
+
+done:
+	smb2_deltree(tree1, BASEDIR_NUL);
+	return ret;
+}
+
+/*
+  basic testing of change notifies followed by a session reconnect
+*/
+
+#define BASEDIR_NSR BASEDIR "_NSR"
+
+static bool torture_smb2_notify_session_reconnect(struct torture_context *torture,
+				struct smb2_tree *tree1)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_notify notify;
+	union smb_open io;
+	struct smb2_handle h1;
+	struct smb2_request *req;
+	uint64_t previous_session_id = 0;
+	struct smb2_session *session2 = NULL;
+
+	smb2_deltree(tree1, BASEDIR_NSR);
+	smb2_util_rmdir(tree1, BASEDIR_NSR);
+
+	torture_comment(torture, "TESTING CHANGE NOTIFY FOLLOWED BY SESSION RECONNECT\n");
+
+	/*
+	  get a handle on the directory
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_FILE_ALL;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR_NSR;
+
+	status = smb2_create(tree1, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	status = smb2_create(tree1, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+
+	/* ask for a change notify,
+	   on file or directory name changes */
+	ZERO_STRUCT(notify.smb2);
+	notify.smb2.level = RAW_NOTIFY_SMB2;
+	notify.smb2.in.buffer_size = 1000;
+	notify.smb2.in.completion_filter = FILE_NOTIFY_CHANGE_NAME;
+	notify.smb2.in.file.handle = h1;
+	notify.smb2.in.recursive = true;
+
+	req = smb2_notify_send(tree1, &(notify.smb2));
+
+	WAIT_FOR_ASYNC_RESPONSE(req);
+
+	previous_session_id = smb2cli_session_current_id(tree1->session->smbXcli);
+	torture_assert(torture, torture_smb2_session_setup(torture,
+		       tree1->session->transport,
+		       previous_session_id,
+		       torture, &session2),
+		       "session setup with previous_session_id failed");
+
+	status = smb2_notify_recv(req, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_NOTIFY_CLEANUP);
+	CHECK_VAL(notify.smb2.out.num_changes, 0);
+
+	status = smb2_logoff(tree1->session);
+	CHECK_STATUS(status, NT_STATUS_USER_SESSION_DELETED);
+
+	status = smb2_logoff(session2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+done:
+	smb2_deltree(tree1, BASEDIR_NSR);
+	return ret;
+}
+
+/*
+  basic testing of change notifies followed by an invalid reauth
+*/
+
+#define BASEDIR_IR BASEDIR "_IR"
+
+static bool torture_smb2_notify_invalid_reauth(struct torture_context *torture,
+					       struct smb2_tree *tree1,
+					       struct smb2_tree *tree2)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_notify notify;
+	union smb_open io;
+	struct smb2_handle h1;
+	struct smb2_request *req;
+	struct cli_credentials *invalid_creds;
+
+	smb2_deltree(tree2, BASEDIR_IR);
+	smb2_util_rmdir(tree2, BASEDIR_IR);
+
+	torture_comment(torture, "TESTING CHANGE NOTIFY FOLLOWED BY invalid REAUTH\n");
+
+	/*
+	  get a handle on the directory
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_FILE_ALL;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR_IR;
+
+	status = smb2_create(tree1, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	status = smb2_create(tree1, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+
+	/* ask for a change notify,
+	   on file or directory name changes */
+	ZERO_STRUCT(notify.smb2);
+	notify.smb2.level = RAW_NOTIFY_SMB2;
+	notify.smb2.in.buffer_size = 1000;
+	notify.smb2.in.completion_filter = FILE_NOTIFY_CHANGE_NAME;
+	notify.smb2.in.file.handle = h1;
+	notify.smb2.in.recursive = true;
+
+	req = smb2_notify_send(tree1, &(notify.smb2));
+
+	WAIT_FOR_ASYNC_RESPONSE(req);
+
+	invalid_creds = cli_credentials_init(torture);
+	torture_assert(torture, (invalid_creds != NULL), "talloc error");
+	cli_credentials_set_username(invalid_creds, "__none__invalid__none__", CRED_SPECIFIED);
+	cli_credentials_set_domain(invalid_creds, "__none__invalid__none__", CRED_SPECIFIED);
+	cli_credentials_set_password(invalid_creds, "__none__invalid__none__", CRED_SPECIFIED);
+	cli_credentials_set_realm(invalid_creds, NULL, CRED_SPECIFIED);
+	cli_credentials_set_workstation(invalid_creds, "", CRED_UNINITIALISED);
+
+	status = smb2_session_setup_spnego(tree1->session,
+					   invalid_creds,
+					   0 /* previous_session_id */);
+	CHECK_STATUS(status, NT_STATUS_LOGON_FAILURE);
+
+	status = smb2_notify_recv(req, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_NOTIFY_CLEANUP);
+	CHECK_VAL(notify.smb2.out.num_changes, 0);
+
+	/*
+	 * Demonstrate that the session is no longer valid.
+	 */
+	status = smb2_create(tree1, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_USER_SESSION_DELETED);
+done:
+	smb2_deltree(tree2, BASEDIR_IR);
+	return ret;
+}
+
+static void tcp_dis_handler(struct smb2_transport *t, void *p)
+{
+	struct smb2_tree *tree = (struct smb2_tree *)p;
+	smb2_transport_dead(tree->session->transport,
+			NT_STATUS_LOCAL_DISCONNECT);
+	t = NULL;
+	tree = NULL;
+}
+
+/*
+  basic testing of change notifies followed by tcp disconnect
+*/
+
+#define BASEDIR_NTCPD BASEDIR "_NTCPD"
+
+static bool torture_smb2_notify_tcp_disconnect(
+		struct torture_context *torture,
+		struct smb2_tree *tree)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_notify notify;
+	union smb_open io;
+	struct smb2_handle h1;
+	struct smb2_request *req;
+
+	smb2_deltree(tree, BASEDIR_NTCPD);
+	smb2_util_rmdir(tree, BASEDIR_NTCPD);
+
+	torture_comment(torture,
+		"TESTING CHANGE NOTIFY FOLLOWED BY TCP DISCONNECT\n");
+
+	/*
+	  get a handle on the directory
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_FILE_ALL;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR_NTCPD;
+
+	status = smb2_create(tree, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+
+	/* ask for a change notify,
+	   on file or directory name changes */
+	ZERO_STRUCT(notify.smb2);
+	notify.smb2.level = RAW_NOTIFY_SMB2;
+	notify.smb2.in.buffer_size = 1000;
+	notify.smb2.in.completion_filter = FILE_NOTIFY_CHANGE_NAME;
+	notify.smb2.in.file.handle = h1;
+	notify.smb2.in.recursive = true;
+
+	req = smb2_notify_send(tree, &(notify.smb2));
+	smb2_cancel(req);
+	status = smb2_notify_recv(req, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_CANCELLED);
+
+	notify.smb2.in.recursive = true;
+	req = smb2_notify_send(tree, &(notify.smb2));
+	smb2_transport_idle_handler(tree->session->transport,
+				tcp_dis_handler, 250000, tree);
+	tree = NULL;
+	status = smb2_notify_recv(req, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_LOCAL_DISCONNECT);
+
+done:
+	return ret;
+}
+
+/*
+   test setting up two change notify requests on one handle
+*/
+
+#define BASEDIR_NDOH BASEDIR "_NDOH"
+
+static bool torture_smb2_notify_double(struct torture_context *torture,
+			struct smb2_tree *tree1,
+			struct smb2_tree *tree2)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_notify notify;
+	union smb_open io;
+	struct smb2_handle h1;
+	struct smb2_request *req1, *req2;
+
+	smb2_deltree(tree1, BASEDIR_NDOH);
+	smb2_util_rmdir(tree1, BASEDIR_NDOH);
+
+	torture_comment(torture,
+		"TESTING CHANGE NOTIFY TWICE ON ONE DIRECTORY\n");
+
+	/*
+	  get a handle on the directory
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_READ|
+				SEC_RIGHTS_FILE_WRITE|
+				SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR_NDOH;
+
+	status = smb2_create(tree1, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+
+	/* ask for a change notify,
+	   on file or directory name changes */
+	ZERO_STRUCT(notify.smb2);
+	notify.smb2.level = RAW_NOTIFY_SMB2;
+	notify.smb2.in.buffer_size = 1000;
+	notify.smb2.in.completion_filter = FILE_NOTIFY_CHANGE_NAME;
+	notify.smb2.in.file.handle = h1;
+	notify.smb2.in.recursive = true;
+
+	req1 = smb2_notify_send(tree1, &(notify.smb2));
+	smb2_cancel(req1);
+	status = smb2_notify_recv(req1, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_CANCELLED);
+
+	req2 = smb2_notify_send(tree1, &(notify.smb2));
+	smb2_cancel(req2);
+	status = smb2_notify_recv(req2, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_CANCELLED);
+
+	smb2_util_mkdir(tree2, BASEDIR_NDOH "\\subdir-name");
+	req1 = smb2_notify_send(tree1, &(notify.smb2));
+	req2 = smb2_notify_send(tree1, &(notify.smb2));
+
+	status = smb2_notify_recv(req1, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(notify.smb2.out.num_changes, 1);
+	CHECK_WIRE_STR(notify.smb2.out.changes[0].name, "subdir-name");
+
+	smb2_util_mkdir(tree2, BASEDIR_NDOH "\\subdir-name2");
+
+	status = smb2_notify_recv(req2, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(notify.smb2.out.num_changes, 1);
+	CHECK_WIRE_STR(notify.smb2.out.changes[0].name, "subdir-name2");
+
+done:
+	smb2_deltree(tree1, BASEDIR_NDOH);
+	return ret;
+}
+
+
+/*
+   test multiple change notifies at different depths and with/without recursion
+*/
+
+#define BASEDIR_TREE BASEDIR "_TREE"
+
+static bool torture_smb2_notify_tree(struct torture_context *torture,
+			     struct smb2_tree *tree)
+{
+	bool ret = true;
+	union smb_notify notify;
+	union smb_open io;
+	struct smb2_request *req;
+	struct timeval tv;
+	struct {
+		const char *path;
+		bool recursive;
+		uint32_t filter;
+		int expected;
+		struct smb2_handle h1;
+		int counted;
+	} dirs[] = {
+		{
+			.path      = BASEDIR_TREE "\\abc",
+			.recursive = true,
+			.filter    = FILE_NOTIFY_CHANGE_NAME,
+			.expected  = 30,
+		},
+		{
+			.path      = BASEDIR_TREE "\\zqy",
+			.recursive = true,
+			.filter    = FILE_NOTIFY_CHANGE_NAME,
+			.expected  = 8,
+		},
+		{
+			.path      = BASEDIR_TREE "\\atsy",
+			.recursive = true,
+			.filter    = FILE_NOTIFY_CHANGE_NAME,
+			.expected  = 4,
+		},
+		{
+			.path      = BASEDIR_TREE "\\abc\\foo",
+			.recursive = true,
+			.filter    = FILE_NOTIFY_CHANGE_NAME,
+			.expected  = 2,
+		},
+		{
+			.path      = BASEDIR_TREE "\\abc\\blah",
+			.recursive = true,
+			.filter    =  FILE_NOTIFY_CHANGE_NAME,
+			.expected  = 13,
+		},
+		{
+			.path      = BASEDIR_TREE "\\abc\\blah",
+			.recursive = false,
+			.filter    = FILE_NOTIFY_CHANGE_NAME,
+			.expected  = 7,
+		},
+		{
+			.path      = BASEDIR_TREE "\\abc\\blah\\a",
+			.recursive = true,
+			.filter    = FILE_NOTIFY_CHANGE_NAME,
+			.expected  = 2,
+		},
+		{
+			.path      = BASEDIR_TREE "\\abc\\blah\\b",
+			.recursive = true,
+			.filter    = FILE_NOTIFY_CHANGE_NAME,
+			.expected  = 2,
+		},
+		{
+			.path      = BASEDIR_TREE "\\abc\\blah\\c",
+			.recursive = true,
+			.filter    = FILE_NOTIFY_CHANGE_NAME,
+			.expected  = 2,
+		},
+		{
+			.path      = BASEDIR_TREE "\\abc\\fooblah",
+			.recursive = true,
+			.filter    = FILE_NOTIFY_CHANGE_NAME,
+			.expected  = 2,
+		},
+		{
+			.path      = BASEDIR_TREE "\\zqy\\xx",
+			.recursive = true,
+			.filter    = FILE_NOTIFY_CHANGE_NAME,
+			.expected  = 2,
+		},
+		{
+			.path      = BASEDIR_TREE "\\zqy\\yyy",
+			.recursive = true,
+			.filter    = FILE_NOTIFY_CHANGE_NAME,
+			.expected  = 2,
+		},
+		{
+			.path      = BASEDIR_TREE "\\zqy\\..",
+			.recursive = true,
+			.filter    = FILE_NOTIFY_CHANGE_NAME,
+			.expected  = 40,
+		},
+		{
+			.path      = BASEDIR_TREE,
+			.recursive = true,
+			.filter    = FILE_NOTIFY_CHANGE_NAME,
+			.expected  = 40,
+		},
+		{
+			.path      = BASEDIR_TREE,
+			.recursive = false,
+			.filter    = FILE_NOTIFY_CHANGE_NAME,
+			.expected  = 6,
+		},
+		{
+			.path      = BASEDIR_TREE "\\atsy",
+			.recursive = false,
+			.filter    = FILE_NOTIFY_CHANGE_NAME,
+			.expected  = 4,
+		},
+		{
+			.path      = BASEDIR_TREE "\\abc",
+			.recursive = true,
+			.filter    = FILE_NOTIFY_CHANGE_NAME,
+			.expected  = 24,
+		},
+		{
+			.path      = BASEDIR_TREE "\\abc",
+			.recursive = false,
+			.filter    = FILE_NOTIFY_CHANGE_FILE_NAME,
+			.expected  = 0,
+		},
+		{
+			.path      = BASEDIR_TREE "\\abc",
+			.recursive = true,
+			.filter    = FILE_NOTIFY_CHANGE_FILE_NAME,
+			.expected  = 0,
+		},
+		{
+			.path      = BASEDIR_TREE "\\abc",
+			.recursive = true,
+			.filter    = FILE_NOTIFY_CHANGE_NAME,
+			.expected  = 24,
+		},
+	};
+	int i;
+	NTSTATUS status;
+	bool all_done = false;
+
+	smb2_deltree(tree, BASEDIR_TREE);
+	smb2_util_rmdir(tree, BASEDIR_TREE);
+
+	torture_comment(torture, "TESTING NOTIFY FOR DIFFERENT DEPTHS\n");
+
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_FILE_ALL;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR_TREE;
+	status = smb2_create(tree, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(notify.smb2);
+	notify.smb2.level = RAW_NOTIFY_SMB2;
+	notify.smb2.in.buffer_size = 20000;
+
+	/*
+	  setup the directory tree, and the notify buffer on each directory
+	*/
+	for (i=0;i<ARRAY_SIZE(dirs);i++) {
+		io.smb2.in.fname = dirs[i].path;
+		status = smb2_create(tree, torture, &(io.smb2));
+		CHECK_STATUS(status, NT_STATUS_OK);
+		dirs[i].h1 = io.smb2.out.file.handle;
+
+		notify.smb2.in.completion_filter = dirs[i].filter;
+		notify.smb2.in.file.handle = dirs[i].h1;
+		notify.smb2.in.recursive = dirs[i].recursive;
+		req = smb2_notify_send(tree, &(notify.smb2));
+		smb2_cancel(req);
+		status = smb2_notify_recv(req, torture, &(notify.smb2));
+		CHECK_STATUS(status, NT_STATUS_CANCELLED);
+	}
+
+	/* trigger 2 events in each dir */
+	for (i=0;i<ARRAY_SIZE(dirs);i++) {
+		char *path = talloc_asprintf(torture, "%s\\test.dir",
+					     dirs[i].path);
+		smb2_util_mkdir(tree, path);
+		smb2_util_rmdir(tree, path);
+		talloc_free(path);
+	}
+
+	/* give a bit of time for the events to propagate */
+	tv = timeval_current();
+
+	do {
+		/* count events that have happened in each dir */
+		for (i=0;i<ARRAY_SIZE(dirs);i++) {
+			notify.smb2.in.completion_filter = dirs[i].filter;
+			notify.smb2.in.file.handle = dirs[i].h1;
+			notify.smb2.in.recursive = dirs[i].recursive;
+			req = smb2_notify_send(tree, &(notify.smb2));
+			smb2_cancel(req);
+			notify.smb2.out.num_changes = 0;
+			status = smb2_notify_recv(req, torture,
+				 &(notify.smb2));
+			dirs[i].counted += notify.smb2.out.num_changes;
+		}
+
+		all_done = true;
+
+		for (i=0;i<ARRAY_SIZE(dirs);i++) {
+			if (dirs[i].counted != dirs[i].expected) {
+				all_done = false;
+			}
+		}
+	} while (!all_done && timeval_elapsed(&tv) < 20);
+
+	torture_comment(torture, "took %.4f seconds to propagate all events\n",
+			timeval_elapsed(&tv));
+
+	for (i=0;i<ARRAY_SIZE(dirs);i++) {
+		if (dirs[i].counted != dirs[i].expected) {
+			torture_comment(torture,
+				"ERROR: i=%d expected %d got %d for '%s'\n",
+				i, dirs[i].expected, dirs[i].counted,
+				dirs[i].path);
+			ret = false;
+		}
+	}
+
+	/*
+	  run from the back, closing and deleting
+	*/
+	for (i=ARRAY_SIZE(dirs)-1;i>=0;i--) {
+		smb2_util_close(tree, dirs[i].h1);
+		smb2_util_rmdir(tree, dirs[i].path);
+	}
+
+done:
+	smb2_deltree(tree, BASEDIR_TREE);
+	smb2_util_rmdir(tree, BASEDIR_TREE);
+	return ret;
+}
+
+/*
+   Test response when cached server events exceed single NT NOTFIY response
+   packet size.
+*/
+
+#define BASEDIR_OVF BASEDIR "_OVF"
+
+static bool torture_smb2_notify_overflow(struct torture_context *torture,
+				struct smb2_tree *tree)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_notify notify;
+	union smb_open io;
+	struct smb2_handle h1, h2;
+	int count = 100;
+	struct smb2_request *req1;
+	int i;
+
+	smb2_deltree(tree, BASEDIR_OVF);
+	smb2_util_rmdir(tree, BASEDIR_OVF);
+
+	torture_comment(torture, "TESTING CHANGE NOTIFY EVENT OVERFLOW\n");
+
+	/* get a handle on the directory */
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_FILE_ALL;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+			    NTCREATEX_SHARE_ACCESS_WRITE;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR_OVF;
+
+	status = smb2_create(tree, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+
+	/* ask for a change notify, on name changes. */
+	ZERO_STRUCT(notify.smb2);
+	notify.smb2.level = RAW_NOTIFY_NTTRANS;
+	notify.smb2.in.buffer_size = 1000;
+	notify.smb2.in.completion_filter = FILE_NOTIFY_CHANGE_NAME;
+	notify.smb2.in.file.handle = h1;
+
+	notify.smb2.in.recursive = true;
+	req1 = smb2_notify_send(tree, &(notify.smb2));
+
+	/* cancel initial requests so the buffer is setup */
+	smb2_cancel(req1);
+	status = smb2_notify_recv(req1, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_CANCELLED);
+
+	/* open a lot of files, filling up the server side notify buffer */
+	torture_comment(torture,
+		"Testing overflowed buffer notify on create of %d files\n",
+		count);
+
+	for (i=0;i<count;i++) {
+		char *fname = talloc_asprintf(torture,
+			      BASEDIR_OVF "\\test%d.txt", i);
+		union smb_open io1;
+		ZERO_STRUCT(io1.smb2);
+	        io1.generic.level = RAW_OPEN_SMB2;
+		io1.smb2.in.create_flags = 0;
+	        io1.smb2.in.desired_access = SEC_FILE_ALL;
+		io1.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+		io1.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	        io1.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				    NTCREATEX_SHARE_ACCESS_WRITE;
+	        io1.smb2.in.alloc_size = 0;
+	        io1.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	        io1.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	        io1.smb2.in.security_flags = 0;
+		io1.smb2.in.fname = fname;
+
+		h2 = custom_smb2_create(tree, torture, &(io1.smb2));
+		talloc_free(fname);
+		smb2_util_close(tree, h2);
+	}
+
+	req1 = smb2_notify_send(tree, &(notify.smb2));
+	status = smb2_notify_recv(req1, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_NOTIFY_ENUM_DIR);
+	CHECK_VAL(notify.smb2.out.num_changes, 0);
+
+done:
+	smb2_deltree(tree, BASEDIR_OVF);
+	return ret;
+}
+
+/*
+   Test if notifications are returned for changes to the base directory.
+   They shouldn't be.
+*/
+
+#define BASEDIR_BAS BASEDIR "_BAS"
+
+static bool torture_smb2_notify_basedir(struct torture_context *torture,
+				struct smb2_tree *tree1,
+				struct smb2_tree *tree2)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_notify notify;
+	union smb_open io;
+	struct smb2_handle h1;
+	struct smb2_request *req1;
+
+	smb2_deltree(tree1, BASEDIR_BAS);
+	smb2_util_rmdir(tree1, BASEDIR_BAS);
+
+	torture_comment(torture, "TESTING CHANGE NOTIFY BASEDIR EVENTS\n");
+
+	/* get a handle on the directory */
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_FILE_ALL;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+	    NTCREATEX_SHARE_ACCESS_WRITE;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR_BAS;
+
+	status = smb2_create(tree1, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+
+	/* create a test file that will also be modified */
+	io.smb2.in.fname = BASEDIR_BAS "\\tname1";
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+	status =  smb2_create(tree2, torture, &(io.smb2));
+	CHECK_STATUS(status,NT_STATUS_OK);
+	smb2_util_close(tree2, io.smb2.out.file.handle);
+
+	/* ask for a change notify, on attribute changes. */
+	ZERO_STRUCT(notify.smb2);
+	notify.smb2.level = RAW_NOTIFY_SMB2;
+	notify.smb2.in.buffer_size = 1000;
+	notify.smb2.in.completion_filter = FILE_NOTIFY_CHANGE_ATTRIBUTES;
+	notify.smb2.in.file.handle = h1;
+	notify.smb2.in.recursive = true;
+
+	req1 = smb2_notify_send(tree1, &(notify.smb2));
+
+	/* set attribute on the base dir */
+	smb2_util_setatr(tree2, BASEDIR_BAS, FILE_ATTRIBUTE_HIDDEN);
+
+	/* set attribute on a file to assure we receive a notification */
+	smb2_util_setatr(tree2, BASEDIR_BAS "\\tname1", FILE_ATTRIBUTE_HIDDEN);
+	smb_msleep(200);
+
+	/* check how many responses were given, expect only 1 for the file */
+	status = smb2_notify_recv(req1, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(notify.smb2.out.num_changes, 1);
+	CHECK_VAL(notify.smb2.out.changes[0].action, NOTIFY_ACTION_MODIFIED);
+	CHECK_WIRE_STR(notify.smb2.out.changes[0].name, "tname1");
+
+done:
+	smb2_deltree(tree1, BASEDIR_BAS);
+	return ret;
+}
+
+/*
+   very simple change notify test
+*/
+
+#define BASEDIR_TCON BASEDIR "_TCON"
+
+static bool torture_smb2_notify_tcon(struct torture_context *torture,
+				  struct smb2_tree *tree)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_notify notify;
+	union smb_open io;
+	struct smb2_handle h1 = {{0}};
+	struct smb2_request *req = NULL;
+	struct smb2_tree *tree1 = NULL;
+	const char *fname = BASEDIR_TCON "\\subdir-name";
+
+	smb2_deltree(tree, BASEDIR_TCON);
+	smb2_util_rmdir(tree, BASEDIR_TCON);
+
+	torture_comment(torture, "TESTING SIMPLE CHANGE NOTIFY\n");
+
+	/*
+	  get a handle on the directory
+	*/
+
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL |
+				FILE_ATTRIBUTE_DIRECTORY;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR_TCON;
+
+	status = smb2_create(tree, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+
+	/* ask for a change notify,
+	   on file or directory name changes */
+	ZERO_STRUCT(notify.smb2);
+	notify.smb2.level = RAW_NOTIFY_SMB2;
+	notify.smb2.in.buffer_size = 1000;
+	notify.smb2.in.completion_filter = FILE_NOTIFY_CHANGE_NAME;
+	notify.smb2.in.file.handle = h1;
+	notify.smb2.in.recursive = true;
+
+	torture_comment(torture, "Testing notify mkdir\n");
+	req = smb2_notify_send(tree, &(notify.smb2));
+	smb2_cancel(req);
+	status = smb2_notify_recv(req, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_CANCELLED);
+
+	notify.smb2.in.recursive = true;
+	req = smb2_notify_send(tree, &(notify.smb2));
+	status = smb2_util_mkdir(tree, fname);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_notify_recv(req, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	CHECK_VAL(notify.smb2.out.num_changes, 1);
+	CHECK_VAL(notify.smb2.out.changes[0].action, NOTIFY_ACTION_ADDED);
+	CHECK_WIRE_STR(notify.smb2.out.changes[0].name, "subdir-name");
+
+	torture_comment(torture, "Testing notify rmdir\n");
+	req = smb2_notify_send(tree, &(notify.smb2));
+	status = smb2_util_rmdir(tree, fname);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_notify_recv(req, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(notify.smb2.out.num_changes, 1);
+	CHECK_VAL(notify.smb2.out.changes[0].action, NOTIFY_ACTION_REMOVED);
+	CHECK_WIRE_STR(notify.smb2.out.changes[0].name, "subdir-name");
+
+	torture_comment(torture, "SIMPLE CHANGE NOTIFY OK\n");
+
+	torture_comment(torture, "TESTING WITH SECONDARY TCON\n");
+	if (!torture_smb2_tree_connect(torture, tree->session, tree, &tree1)) {
+		torture_warning(torture, "couldn't reconnect to share, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	torture_comment(torture, "tid1=%d tid2=%d\n",
+			smb2cli_tcon_current_id(tree->smbXcli),
+			smb2cli_tcon_current_id(tree1->smbXcli));
+
+	torture_comment(torture, "Testing notify mkdir\n");
+	req = smb2_notify_send(tree, &(notify.smb2));
+	smb2_util_mkdir(tree1, fname);
+
+	status = smb2_notify_recv(req, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	CHECK_VAL(notify.smb2.out.num_changes, 1);
+	CHECK_VAL(notify.smb2.out.changes[0].action, NOTIFY_ACTION_ADDED);
+	CHECK_WIRE_STR(notify.smb2.out.changes[0].name, "subdir-name");
+
+	torture_comment(torture, "Testing notify rmdir\n");
+	req = smb2_notify_send(tree, &(notify.smb2));
+	smb2_util_rmdir(tree, fname);
+
+	status = smb2_notify_recv(req, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(notify.smb2.out.num_changes, 1);
+	CHECK_VAL(notify.smb2.out.changes[0].action, NOTIFY_ACTION_REMOVED);
+	CHECK_WIRE_STR(notify.smb2.out.changes[0].name, "subdir-name");
+
+	torture_comment(torture, "CHANGE NOTIFY WITH TCON OK\n");
+
+	torture_comment(torture, "Disconnecting secondary tree\n");
+	status = smb2_tdis(tree1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	talloc_free(tree1);
+
+	torture_comment(torture, "Testing notify mkdir\n");
+	req = smb2_notify_send(tree, &(notify.smb2));
+	smb2_util_mkdir(tree, fname);
+
+	status = smb2_notify_recv(req, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	CHECK_VAL(notify.smb2.out.num_changes, 1);
+	CHECK_VAL(notify.smb2.out.changes[0].action, NOTIFY_ACTION_ADDED);
+	CHECK_WIRE_STR(notify.smb2.out.changes[0].name, "subdir-name");
+
+	torture_comment(torture, "Testing notify rmdir\n");
+	req = smb2_notify_send(tree, &(notify.smb2));
+	smb2_util_rmdir(tree, fname);
+
+	status = smb2_notify_recv(req, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(notify.smb2.out.num_changes, 1);
+	CHECK_VAL(notify.smb2.out.changes[0].action, NOTIFY_ACTION_REMOVED);
+	CHECK_WIRE_STR(notify.smb2.out.changes[0].name, "subdir-name");
+
+	torture_comment(torture, "CHANGE NOTIFY WITH TDIS OK\n");
+done:
+	smb2_util_close(tree, h1);
+	smb2_deltree(tree, BASEDIR_TCON);
+
+	return ret;
+}
+
+#define BASEDIR_RMD BASEDIR "_RMD"
+
+static bool torture_smb2_notify_rmdir(struct torture_context *torture,
+				      struct smb2_tree *tree1,
+				      struct smb2_tree *tree2,
+				      bool initial_delete_on_close)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_notify notify = {};
+	union smb_setfileinfo sfinfo = {};
+	union smb_open io = {};
+	struct smb2_handle h = {};
+	struct smb2_request *req;
+
+	torture_comment(torture, "TESTING NOTIFY CANCEL FOR DELETED DIR\n");
+
+	smb2_deltree(tree1, BASEDIR_RMD);
+	smb2_util_rmdir(tree1, BASEDIR_RMD);
+
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_FILE_ALL;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access =
+		NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE |
+		NTCREATEX_SHARE_ACCESS_DELETE ;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR_RMD;
+
+	status = smb2_create(tree1, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h = io.smb2.out.file.handle;
+
+	ZERO_STRUCT(notify.smb2);
+	notify.smb2.level = RAW_NOTIFY_SMB2;
+	notify.smb2.in.buffer_size = 1000;
+	notify.smb2.in.completion_filter = FILE_NOTIFY_CHANGE_NAME;
+	notify.smb2.in.file.handle = h;
+	notify.smb2.in.recursive = false;
+
+	io.smb2.in.desired_access |= SEC_STD_DELETE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	req = smb2_notify_send(tree1, &(notify.smb2));
+
+	if (initial_delete_on_close) {
+		status = smb2_util_rmdir(tree2, BASEDIR_RMD);
+		CHECK_STATUS(status, NT_STATUS_OK);
+	} else {
+		status = smb2_create(tree2, torture, &(io.smb2));
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		sfinfo.generic.level = RAW_SFILEINFO_DISPOSITION_INFORMATION;
+		sfinfo.generic.in.file.handle = io.smb2.out.file.handle;
+		sfinfo.disposition_info.in.delete_on_close = 1;
+		status = smb2_setinfo_file(tree2, &sfinfo);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		smb2_util_close(tree2, io.smb2.out.file.handle);
+	}
+
+	status = smb2_notify_recv(req, torture, &(notify.smb2));
+	CHECK_STATUS(status, NT_STATUS_DELETE_PENDING);
+
+done:
+
+	smb2_util_close(tree1, h);
+	smb2_deltree(tree1, BASEDIR_RMD);
+
+	return ret;
+}
+
+static bool torture_smb2_notify_rmdir1(struct torture_context *torture,
+				       struct smb2_tree *tree)
+{
+	return torture_smb2_notify_rmdir(torture, tree, tree, false);
+}
+
+static bool torture_smb2_notify_rmdir2(struct torture_context *torture,
+				       struct smb2_tree *tree)
+{
+	return torture_smb2_notify_rmdir(torture, tree, tree, true);
+}
+
+static bool torture_smb2_notify_rmdir3(struct torture_context *torture,
+				       struct smb2_tree *tree1,
+				       struct smb2_tree *tree2)
+{
+	return torture_smb2_notify_rmdir(torture, tree1, tree2, false);
+}
+
+static bool torture_smb2_notify_rmdir4(struct torture_context *torture,
+				       struct smb2_tree *tree1,
+				       struct smb2_tree *tree2)
+{
+	return torture_smb2_notify_rmdir(torture, tree1, tree2, true);
+}
+
+static void notify_timeout(struct tevent_context *ev,
+			   struct tevent_timer *te,
+			   struct timeval current_time,
+			   void *private_data)
+{
+	struct smb2_request *req = talloc_get_type_abort(
+		private_data, struct smb2_request);
+
+	smb2_cancel(req);
+}
+
+#define BASEDIR_INR BASEDIR "_INR"
+
+static bool torture_smb2_inotify_rename(struct torture_context *torture,
+					struct smb2_tree *tree1,
+					struct smb2_tree *tree2)
+{
+	NTSTATUS status;
+	struct smb2_notify notify;
+	struct notify_changes change1 = {0};
+	struct notify_changes change2 = {0};
+	struct smb2_create create;
+	union smb_setfileinfo sinfo;
+	struct smb2_handle h1 = {{0}};
+	struct smb2_handle h2 = {{0}};
+	struct smb2_request *req;
+	struct tevent_timer *te = NULL;
+	bool ok = false;
+
+	smb2_deltree(tree1, BASEDIR_INR);
+
+	torture_comment(torture, "Testing change notify of a rename with inotify\n");
+
+	status = torture_smb2_testdir(tree1, BASEDIR_INR, &h1);
+	torture_assert_ntstatus_ok_goto(torture, status, ok, done, "torture_smb2_testdir failed");
+
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_RIGHTS_FILE_READ |
+		SEC_RIGHTS_FILE_WRITE|
+		SEC_RIGHTS_FILE_ALL;
+	create.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE |
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	create.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	create.in.fname = BASEDIR_INR "\\subdir-name";
+
+	status = smb2_create(tree2, torture, &create);
+	torture_assert_ntstatus_ok_goto(torture, status, ok, done, "smb2_create failed\n");
+	h2 = create.out.file.handle;
+
+	ZERO_STRUCT(notify);
+	notify.level = RAW_NOTIFY_SMB2;
+	notify.in.buffer_size = 4096;
+	notify.in.completion_filter = FILE_NOTIFY_CHANGE_NAME;
+	notify.in.file.handle = h1;
+	notify.in.recursive = true;
+	req = smb2_notify_send(tree1, &notify);
+	torture_assert_not_null_goto(torture, req, ok, done, "smb2_notify_send failed\n");
+
+	while (!NT_STATUS_EQUAL(req->status, NT_STATUS_PENDING)) {
+		if (tevent_loop_once(torture->ev) != 0) {
+			goto done;
+		}
+	}
+
+	ZERO_STRUCT(sinfo);
+	sinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sinfo.rename_information.in.file.handle = h2;
+	sinfo.rename_information.in.new_name = BASEDIR_INR "\\subdir-name-r";
+
+	status = smb2_setinfo_file(tree2, &sinfo);
+	torture_assert_ntstatus_ok_goto(torture, status, ok, done, "smb2_setinfo_file failed\n");
+
+	smb2_util_close(tree2, h2);
+
+	te = tevent_add_timer(torture->ev,
+			      tree1,
+			      tevent_timeval_current_ofs(1, 0),
+			      notify_timeout,
+			      req);
+	torture_assert_not_null_goto(torture, te, ok, done, "tevent_add_timer failed\n");
+
+	status = smb2_notify_recv(req, torture, &notify);
+	torture_assert_ntstatus_ok_goto(torture, status, ok, done, "smb2_notify_recv failed\n");
+
+	torture_assert_goto(torture, notify.out.num_changes == 1 || notify.out.num_changes == 2,
+			    ok, done, "bad notify\n");
+
+	change1 = notify.out.changes[0];
+	if (notify.out.num_changes == 2) {
+		change2 = notify.out.changes[1];
+	} else {
+		/*
+		 * We may only get one event at a time, so check for the
+		 * matching second event for the oldname/newname or
+		 * removed/added pair.
+		 */
+		ZERO_STRUCT(notify);
+		notify.level = RAW_NOTIFY_SMB2;
+		notify.in.buffer_size = 4096;
+		notify.in.completion_filter = FILE_NOTIFY_CHANGE_NAME;
+		notify.in.file.handle = h1;
+		notify.in.recursive = true;
+		req = smb2_notify_send(tree1, &notify);
+		torture_assert_not_null_goto(torture, req, ok, done, "smb2_notify_send failed\n");
+
+		status = smb2_notify_recv(req, torture, &notify);
+		torture_assert_ntstatus_ok_goto(torture, status, ok, done, "smb2_notify_recv failed\n");
+
+		torture_assert_goto(torture, notify.out.num_changes == 1, ok, done,
+				    "bad notify\n");
+
+		change2 = notify.out.changes[0];
+	}
+
+	if ((change1.action != NOTIFY_ACTION_OLD_NAME) &&
+	    (change1.action != NOTIFY_ACTION_REMOVED))
+	{
+		torture_fail_goto(torture, done, "bad change notification\n");
+	}
+	torture_assert_str_equal_goto(torture, change1.name.s, "subdir-name",
+			    ok, done, "bad change notification\n");
+
+	if ((change2.action != NOTIFY_ACTION_NEW_NAME) &&
+	    (change2.action != NOTIFY_ACTION_ADDED))
+	{
+		torture_fail_goto(torture, done, "bad change notification\n");
+	}
+	torture_assert_str_equal_goto(torture, change2.name.s, "subdir-name-r",
+			    ok, done, "bad change notification\n");
+
+	ok = true;
+done:
+	if (!smb2_util_handle_empty(h1)) {
+		smb2_util_close(tree1, h1);
+	}
+	if (!smb2_util_handle_empty(h2)) {
+		smb2_util_close(tree2, h2);
+	}
+
+	smb2_deltree(tree1, BASEDIR_INR);
+	return ok;
+}
+
+/*
+  Test asking for a change notify on a handle without permissions.
+*/
+
+#define BASEDIR_HPERM BASEDIR "_HPERM"
+
+static bool torture_smb2_notify_handle_permissions(
+		struct torture_context *torture,
+		struct smb2_tree *tree)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_notify notify;
+	union smb_open io;
+	struct smb2_handle h1 = {{0}};
+	struct smb2_request *req;
+
+	smb2_deltree(tree, BASEDIR_HPERM);
+	smb2_util_rmdir(tree, BASEDIR_HPERM);
+
+	torture_comment(torture,
+		"TESTING CHANGE NOTIFY "
+		"ON A HANDLE WITHOUT PERMISSIONS\n");
+
+	/*
+	  get a handle on the directory
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_FILE_READ_ATTRIBUTE;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR_HPERM;
+
+	status = smb2_create(tree, torture, &io.smb2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+
+	/* ask for a change notify,
+	   on file or directory name changes */
+	ZERO_STRUCT(notify.smb2);
+	notify.smb2.level = RAW_NOTIFY_SMB2;
+	notify.smb2.in.buffer_size = 1000;
+	notify.smb2.in.completion_filter = FILE_NOTIFY_CHANGE_NAME;
+	notify.smb2.in.file.handle = h1;
+	notify.smb2.in.recursive = true;
+
+	req = smb2_notify_send(tree, &notify.smb2);
+	torture_assert_goto(torture,
+			req != NULL,
+			ret,
+			done,
+			"smb2_notify_send failed\n");
+
+	/*
+	 * Cancel it, we don't really want to wait.
+	 */
+	smb2_cancel(req);
+	status = smb2_notify_recv(req, torture, &notify.smb2);
+	/* Handle h1 doesn't have permissions for ChangeNotify. */
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+done:
+	if (!smb2_util_handle_empty(h1)) {
+		smb2_util_close(tree, h1);
+	}
+	smb2_deltree(tree, BASEDIR_HPERM);
+	return ret;
+}
+
+/*
+   basic testing of SMB2 change notify
+*/
+struct torture_suite *torture_smb2_notify_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "notify");
+
+	torture_suite_add_1smb2_test(suite, "valid-req", test_valid_request);
+	torture_suite_add_1smb2_test(suite, "tcon", torture_smb2_notify_tcon);
+	torture_suite_add_2smb2_test(suite, "dir", torture_smb2_notify_dir);
+	torture_suite_add_2smb2_test(suite, "mask", torture_smb2_notify_mask);
+	torture_suite_add_1smb2_test(suite, "tdis", torture_smb2_notify_tree_disconnect);
+	torture_suite_add_1smb2_test(suite, "tdis1", torture_smb2_notify_tree_disconnect_1);
+	torture_suite_add_2smb2_test(suite, "mask-change", torture_smb2_notify_mask_change);
+	torture_suite_add_1smb2_test(suite, "close", torture_smb2_notify_close);
+	torture_suite_add_1smb2_test(suite, "logoff", torture_smb2_notify_ulogoff);
+	torture_suite_add_1smb2_test(suite, "session-reconnect", torture_smb2_notify_session_reconnect);
+	torture_suite_add_2smb2_test(suite, "invalid-reauth", torture_smb2_notify_invalid_reauth);
+	torture_suite_add_1smb2_test(suite, "tree", torture_smb2_notify_tree);
+	torture_suite_add_2smb2_test(suite, "basedir", torture_smb2_notify_basedir);
+	torture_suite_add_2smb2_test(suite, "double", torture_smb2_notify_double);
+	torture_suite_add_1smb2_test(suite, "file", torture_smb2_notify_file);
+	torture_suite_add_1smb2_test(suite, "tcp", torture_smb2_notify_tcp_disconnect);
+	torture_suite_add_2smb2_test(suite, "rec", torture_smb2_notify_recursive);
+	torture_suite_add_1smb2_test(suite, "overflow", torture_smb2_notify_overflow);
+	torture_suite_add_1smb2_test(suite, "rmdir1",
+				     torture_smb2_notify_rmdir1);
+	torture_suite_add_1smb2_test(suite, "rmdir2",
+				     torture_smb2_notify_rmdir2);
+	torture_suite_add_2smb2_test(suite, "rmdir3",
+				     torture_smb2_notify_rmdir3);
+	torture_suite_add_2smb2_test(suite, "rmdir4",
+				     torture_smb2_notify_rmdir4);
+	torture_suite_add_1smb2_test(suite,
+				    "handle-permissions",
+				    torture_smb2_notify_handle_permissions);
+
+	suite->description = talloc_strdup(suite, "SMB2-NOTIFY tests");
+
+	return suite;
+}
+
+/*
+   basic testing of SMB2 change notify
+*/
+struct torture_suite *torture_smb2_notify_inotify_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "notify-inotify");
+
+	suite->description = talloc_strdup(suite, "SMB2-NOTIFY tests that use inotify");
+
+	torture_suite_add_2smb2_test(suite, "inotify-rename", torture_smb2_inotify_rename);
+
+	return suite;
+}
diff --git a/source4/torture/smb2/notify_disabled.c b/source4/torture/smb2/notify_disabled.c
new file mode 100644
index 0000000..f38941c
--- /dev/null
+++ b/source4/torture/smb2/notify_disabled.c
@@ -0,0 +1,120 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   SMB2 notify test suite
+
+   Copyright (C) Stefan Metzmacher 2006
+   Copyright (C) Andrew Tridgell 2009
+   Copyright (C) Ralph Boehme 2015
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "../libcli/smb/smbXcli_base.h"
+
+#include "torture/torture.h"
+#include "torture/smb2/proto.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "libcli/security/security.h"
+#include "torture/util.h"
+
+#include "system/filesys.h"
+#include "auth/credentials/credentials.h"
+#include "lib/cmdline/cmdline.h"
+#include "librpc/gen_ndr/security.h"
+
+#include "lib/events/events.h"
+
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/libcli.h"
+
+#define BASEDIR "test_notify_disabled"
+
+/*
+   basic testing of change notify on directories
+*/
+static bool torture_smb2_notify_disabled(struct torture_context *torture,
+					 struct smb2_tree *tree1)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_notify notify;
+	union smb_open io;
+	struct smb2_handle h1;
+	struct smb2_request *req;
+
+	torture_comment(torture, "TESTING CHANGE NOTIFY DISABLED\n");
+
+	smb2_deltree(tree1, BASEDIR);
+	smb2_util_rmdir(tree1, BASEDIR);
+	/*
+	  get a handle on the directory
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_FILE_ALL;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR;
+
+	status = smb2_create(tree1, torture, &(io.smb2));
+	torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OK,
+					   ret, done, "smb2_create");
+	h1 = io.smb2.out.file.handle;
+
+	ZERO_STRUCT(notify.smb2);
+	notify.smb2.level = RAW_NOTIFY_SMB2;
+	notify.smb2.in.buffer_size = 1000;
+	notify.smb2.in.completion_filter = FILE_NOTIFY_CHANGE_NAME;
+	notify.smb2.in.file.handle = h1;
+	notify.smb2.in.recursive = true;
+
+	req = smb2_notify_send(tree1, &(notify.smb2));
+	status = smb2_notify_recv(req, torture, &(notify.smb2));
+	torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_NOT_IMPLEMENTED,
+					   ret, done, "smb2_notify_recv");
+
+	status = smb2_util_close(tree1, h1);
+	torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OK,
+					   ret, done, "smb2_create");
+
+done:
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+/*
+   basic testing of SMB2 change notify
+*/
+struct torture_suite *torture_smb2_notify_disabled_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx,
+		"change_notify_disabled");
+
+	torture_suite_add_1smb2_test(suite, "notfiy_disabled", torture_smb2_notify_disabled);
+	suite->description = talloc_strdup(suite, "SMB2-CHANGE-NOTIFY-DISABLED tests");
+
+	return suite;
+}
diff --git a/source4/torture/smb2/oplock.c b/source4/torture/smb2/oplock.c
new file mode 100644
index 0000000..90bf4d2
--- /dev/null
+++ b/source4/torture/smb2/oplock.c
@@ -0,0 +1,5405 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   test suite for SMB2 oplocks
+
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) Stefan Metzmacher 2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "libcli/smb_composite/smb_composite.h"
+#include "libcli/resolve/resolve.h"
+#include "libcli/smb/smbXcli_base.h"
+
+#include "lib/cmdline/cmdline.h"
+#include "lib/events/events.h"
+
+#include "param/param.h"
+#include "system/filesys.h"
+
+#include "torture/torture.h"
+#include "torture/smb2/proto.h"
+#include "torture/smb2/block.h"
+
+#include "lib/util/sys_rw.h"
+#include "libcli/security/security.h"
+
+#define CHECK_RANGE(v, min, max) do { \
+	if ((v) < (min) || (v) > (max)) { \
+		torture_result(tctx, TORTURE_FAIL, "(%s): wrong value for %s " \
+			       "got %d - should be between %d and %d\n", \
+				__location__, #v, (int)v, (int)min, (int)max); \
+		ret = false; \
+	}} while (0)
+
+#define CHECK_STRMATCH(v, correct) do { \
+	if (!v || strstr((v),(correct)) == NULL) { \
+		torture_result(tctx, TORTURE_FAIL,  "(%s): wrong value for %s "\
+			       "got '%s' - should be '%s'\n", \
+				__location__, #v, v?v:"NULL", correct); \
+		ret = false; \
+	}} while (0)
+
+#define CHECK_VAL(v, correct) do { \
+	if ((v) != (correct)) { \
+		torture_result(tctx, TORTURE_FAIL, "(%s): wrong value for %s " \
+			       "got 0x%x - should be 0x%x\n", \
+				__location__, #v, (int)v, (int)correct); \
+		ret = false; \
+	}} while (0)
+
+#define BASEDIR "oplock_test"
+
+static struct {
+	struct smb2_handle handle;
+	uint8_t level;
+	struct smb2_break br;
+	int count;
+	int failures;
+	NTSTATUS failure_status;
+} break_info;
+
+static void torture_oplock_break_callback(struct smb2_request *req)
+{
+	NTSTATUS status;
+	struct smb2_break br;
+
+	ZERO_STRUCT(br);
+	status = smb2_break_recv(req, &break_info.br);
+	if (!NT_STATUS_IS_OK(status)) {
+		break_info.failures++;
+		break_info.failure_status = status;
+	}
+
+	return;
+}
+
+/* A general oplock break notification handler.  This should be used when a
+ * test expects to break from batch or exclusive to a lower level. */
+static bool torture_oplock_handler(struct smb2_transport *transport,
+				   const struct smb2_handle *handle,
+				   uint8_t level,
+				   void *private_data)
+{
+	struct smb2_tree *tree = private_data;
+	const char *name;
+	struct smb2_request *req;
+	ZERO_STRUCT(break_info.br);
+
+	break_info.handle	= *handle;
+	break_info.level	= level;
+	break_info.count++;
+
+	switch (level) {
+	case SMB2_OPLOCK_LEVEL_II:
+		name = "level II";
+		break;
+	case SMB2_OPLOCK_LEVEL_NONE:
+		name = "none";
+		break;
+	default:
+		name = "unknown";
+		break_info.failures++;
+	}
+	printf("Acking to %s [0x%02X] in oplock handler\n", name, level);
+
+	break_info.br.in.file.handle	= *handle;
+	break_info.br.in.oplock_level	= level;
+	break_info.br.in.reserved	= 0;
+	break_info.br.in.reserved2	= 0;
+
+	req = smb2_break_send(tree, &break_info.br);
+	req->async.fn = torture_oplock_break_callback;
+	req->async.private_data = NULL;
+	return true;
+}
+
+/*
+  A handler function for oplock break notifications. Send a break to none
+  request.
+*/
+static bool torture_oplock_handler_ack_to_none(struct smb2_transport *transport,
+					       const struct smb2_handle *handle,
+					       uint8_t level,
+					       void *private_data)
+{
+	struct smb2_tree *tree = private_data;
+	struct smb2_request *req;
+
+	break_info.handle = *handle;
+	break_info.level = level;
+	break_info.count++;
+
+	printf("Acking to none in oplock handler\n");
+
+	ZERO_STRUCT(break_info.br);
+	break_info.br.in.file.handle    = *handle;
+	break_info.br.in.oplock_level   = SMB2_OPLOCK_LEVEL_NONE;
+	break_info.br.in.reserved       = 0;
+	break_info.br.in.reserved2      = 0;
+
+	req = smb2_break_send(tree, &break_info.br);
+	req->async.fn = torture_oplock_break_callback;
+	req->async.private_data = NULL;
+
+	return true;
+}
+
+/*
+  A handler function for oplock break notifications. Break from level II to
+  none.  SMB2 requires that the client does not send an oplock break request to
+  the server in this case.
+*/
+static bool torture_oplock_handler_level2_to_none(
+					       struct smb2_transport *transport,
+					       const struct smb2_handle *handle,
+					       uint8_t level,
+					       void *private_data)
+{
+	break_info.handle = *handle;
+	break_info.level = level;
+	break_info.count++;
+
+	printf("Break from level II to none in oplock handler\n");
+
+	return true;
+}
+
+/* A handler function for oplock break notifications.  This should be used when
+ * test expects two break notifications, first to level II, then to none. */
+static bool torture_oplock_handler_two_notifications(
+					struct smb2_transport *transport,
+					const struct smb2_handle *handle,
+					uint8_t level,
+					void *private_data)
+{
+	struct smb2_tree *tree = private_data;
+	const char *name;
+	struct smb2_request *req;
+	ZERO_STRUCT(break_info.br);
+
+	break_info.handle	= *handle;
+	break_info.level	= level;
+	break_info.count++;
+
+	switch (level) {
+	case SMB2_OPLOCK_LEVEL_II:
+		name = "level II";
+		break;
+	case SMB2_OPLOCK_LEVEL_NONE:
+		name = "none";
+		break;
+	default:
+		name = "unknown";
+		break_info.failures++;
+	}
+	printf("Breaking to %s [0x%02X] in oplock handler\n", name, level);
+
+	if (level == SMB2_OPLOCK_LEVEL_NONE)
+		return true;
+
+	break_info.br.in.file.handle	= *handle;
+	break_info.br.in.oplock_level	= level;
+	break_info.br.in.reserved	= 0;
+	break_info.br.in.reserved2	= 0;
+
+	req = smb2_break_send(tree, &break_info.br);
+	req->async.fn = torture_oplock_break_callback;
+	req->async.private_data = NULL;
+	return true;
+}
+static void torture_oplock_handler_close_recv(struct smb2_request *req)
+{
+	if (!smb2_request_receive(req)) {
+		printf("close failed in oplock_handler_close\n");
+		break_info.failures++;
+	}
+}
+
+/*
+  a handler function for oplock break requests - close the file
+*/
+static bool torture_oplock_handler_close(struct smb2_transport *transport,
+					 const struct smb2_handle *handle,
+					 uint8_t level,
+					 void *private_data)
+{
+	struct smb2_close io;
+	struct smb2_tree *tree = private_data;
+	struct smb2_request *req;
+
+	break_info.handle = *handle;
+	break_info.level = level;
+	break_info.count++;
+
+	ZERO_STRUCT(io);
+	io.in.file.handle       = *handle;
+	io.in.flags	     = RAW_CLOSE_SMB2;
+	req = smb2_close_send(tree, &io);
+	if (req == NULL) {
+		printf("failed to send close in oplock_handler_close\n");
+		return false;
+	}
+
+	req->async.fn = torture_oplock_handler_close_recv;
+	req->async.private_data = NULL;
+
+	return true;
+}
+
+/*
+  a handler function for oplock break requests. Let it timeout
+*/
+static bool torture_oplock_handler_timeout(struct smb2_transport *transport,
+					   const struct smb2_handle *handle,
+					   uint8_t level,
+					   void *private_data)
+{
+	break_info.handle = *handle;
+	break_info.level = level;
+	break_info.count++;
+
+	printf("Let oplock break timeout\n");
+	return true;
+}
+
+static bool open_smb2_connection_no_level2_oplocks(struct torture_context *tctx,
+						   struct smb2_tree **tree)
+{
+	NTSTATUS status;
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *share = torture_setting_string(tctx, "share", NULL);
+	struct smbcli_options options;
+
+	lpcfg_smbcli_options(tctx->lp_ctx, &options);
+	options.use_level2_oplocks = false;
+
+	status = smb2_connect(tctx, host,
+			      lpcfg_smb_ports(tctx->lp_ctx), share,
+			      lpcfg_resolve_context(tctx->lp_ctx),
+			      samba_cmdline_get_creds(),
+			      tree, tctx->ev, &options,
+			      lpcfg_socket_options(tctx->lp_ctx),
+			      lpcfg_gensec_settings(tctx, tctx->lp_ctx));
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "Failed to connect to SMB2 share "
+				"\\\\%s\\%s - %s\n", host, share,
+				nt_errstr(status));
+		return false;
+	}
+	return true;
+}
+
+static bool test_smb2_oplock_exclusive1(struct torture_context *tctx,
+					struct smb2_tree *tree1,
+					struct smb2_tree *tree2)
+{
+	const char *fname = BASEDIR "\\test_exclusive1.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	struct smb2_handle h1;
+	struct smb2_handle h;
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname);
+
+	tree1->session->transport->oplock.handler = torture_oplock_handler;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	torture_comment(tctx, "EXCLUSIVE1: open a file with an exclusive "
+			"oplock (share mode: none)\n");
+	ZERO_STRUCT(break_info);
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_EXCLUSIVE;
+
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+	h1 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_EXCLUSIVE);
+
+	torture_comment(tctx, "a 2nd open should not cause a break\n");
+	status = smb2_create(tree2, tctx, &(io.smb2));
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_SHARING_VIOLATION,
+				      "Incorrect status");
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.failures, 0);
+
+	torture_comment(tctx, "unlink it - should also be no break\n");
+	status = smb2_util_unlink(tree2, fname);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_SHARING_VIOLATION,
+				      "Incorrect status");
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.failures, 0);
+
+	smb2_util_close(tree1, h1);
+	smb2_util_close(tree1, h);
+
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+static bool test_smb2_oplock_exclusive2(struct torture_context *tctx,
+					struct smb2_tree *tree1,
+					struct smb2_tree *tree2)
+{
+	const char *fname = BASEDIR "\\test_exclusive2.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	struct smb2_handle h, h1, h2;
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname);
+
+	tree1->session->transport->oplock.handler = torture_oplock_handler;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	torture_comment(tctx, "EXCLUSIVE2: open a file with an exclusive "
+			"oplock (share mode: all)\n");
+	ZERO_STRUCT(break_info);
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE|
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_EXCLUSIVE;
+
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+	h1 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_EXCLUSIVE);
+
+	torture_comment(tctx, "a 2nd open should cause a break to level 2\n");
+	status = smb2_create(tree2, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+	h2 = io.smb2.out.file.handle;
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_II);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.handle.data[0], h1.data[0]);
+	CHECK_VAL(break_info.level, SMB2_OPLOCK_LEVEL_II);
+	CHECK_VAL(break_info.failures, 0);
+	ZERO_STRUCT(break_info);
+
+	/* now we have 2 level II oplocks... */
+	torture_comment(tctx, "try to unlink it - should cause a break\n");
+	status = smb2_util_unlink(tree2, fname);
+	torture_assert_ntstatus_ok(tctx, status, "Error unlinking the file");
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.failures, 0);
+
+	torture_comment(tctx, "close both handles\n");
+	smb2_util_close(tree1, h1);
+	smb2_util_close(tree1, h2);
+	smb2_util_close(tree1, h);
+
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+static bool test_smb2_oplock_exclusive3(struct torture_context *tctx,
+					struct smb2_tree *tree1,
+					struct smb2_tree *tree2)
+{
+	const char *fname = BASEDIR "\\test_exclusive3.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	union smb_setfileinfo sfi;
+	struct smb2_handle h, h1;
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname);
+
+	tree1->session->transport->oplock.handler = torture_oplock_handler;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	torture_comment(tctx, "EXCLUSIVE3: open a file with an exclusive "
+			"oplock (share mode: none)\n");
+
+	ZERO_STRUCT(break_info);
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_EXCLUSIVE;
+
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+	h1 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_EXCLUSIVE);
+
+	torture_comment(tctx, "setpathinfo EOF should trigger a break to "
+			"none\n");
+	ZERO_STRUCT(sfi);
+	sfi.generic.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
+	sfi.generic.in.file.path = fname;
+	sfi.end_of_file_info.in.size = 100;
+
+	status = smb2_composite_setpathinfo(tree2, &sfi);
+
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_SHARING_VIOLATION,
+				      "Incorrect status");
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.failures, 0);
+	CHECK_VAL(break_info.level, OPLOCK_BREAK_TO_NONE);
+
+	smb2_util_close(tree1, h1);
+	smb2_util_close(tree1, h);
+
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+static bool test_smb2_oplock_exclusive4(struct torture_context *tctx,
+					struct smb2_tree *tree1,
+					struct smb2_tree *tree2)
+{
+	const char *fname = BASEDIR "\\test_exclusive4.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	struct smb2_handle h, h1, h2;
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname);
+
+	tree1->session->transport->oplock.handler = torture_oplock_handler;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	torture_comment(tctx, "EXCLUSIVE4: open with exclusive oplock\n");
+	ZERO_STRUCT(break_info);
+
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_EXCLUSIVE;
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+	h1 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_EXCLUSIVE);
+
+	ZERO_STRUCT(break_info);
+	torture_comment(tctx, "second open with attributes only shouldn't "
+			"cause oplock break\n");
+
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.desired_access = SEC_FILE_READ_ATTRIBUTE |
+				SEC_FILE_WRITE_ATTRIBUTE |
+				SEC_STD_SYNCHRONIZE;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_EXCLUSIVE;
+	status = smb2_create(tree2, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+	h2 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, NO_OPLOCK_RETURN);
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.failures, 0);
+
+	smb2_util_close(tree1, h1);
+	smb2_util_close(tree2, h2);
+	smb2_util_close(tree1, h);
+
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+static bool test_smb2_oplock_exclusive5(struct torture_context *tctx,
+					struct smb2_tree *tree1,
+					struct smb2_tree *tree2)
+{
+	const char *fname = BASEDIR "\\test_exclusive5.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	struct smb2_handle h, h1, h2;
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname);
+
+	tree1->session->transport->oplock.handler = torture_oplock_handler;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	tree2->session->transport->oplock.handler = torture_oplock_handler;
+	tree2->session->transport->oplock.private_data = tree2;
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	torture_comment(tctx, "EXCLUSIVE5: open with exclusive oplock\n");
+	ZERO_STRUCT(break_info);
+
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE|
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_EXCLUSIVE;
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+	h1 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_EXCLUSIVE);
+
+	ZERO_STRUCT(break_info);
+
+	torture_comment(tctx, "second open with attributes only and "
+			"NTCREATEX_DISP_OVERWRITE_IF disposition causes "
+			"oplock break\n");
+
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.desired_access = SEC_FILE_READ_ATTRIBUTE |
+				SEC_FILE_WRITE_ATTRIBUTE |
+				SEC_STD_SYNCHRONIZE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_II;
+	status = smb2_create(tree2, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+	h2 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_II);
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.failures, 0);
+
+	smb2_util_close(tree1, h1);
+	smb2_util_close(tree2, h2);
+	smb2_util_close(tree1, h);
+
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+static bool test_smb2_oplock_exclusive6(struct torture_context *tctx,
+					struct smb2_tree *tree1,
+					struct smb2_tree *tree2)
+{
+	const char *fname1 = BASEDIR "\\test_exclusive6_1.dat";
+	const char *fname2 = BASEDIR "\\test_exclusive6_2.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	union smb_setfileinfo sinfo;
+	struct smb2_close closeio;
+	struct smb2_handle h, h1;
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname1);
+	smb2_util_unlink(tree2, fname2);
+
+	tree1->session->transport->oplock.handler = torture_oplock_handler;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname1;
+
+	torture_comment(tctx, "EXCLUSIVE6: open a file with an exclusive "
+			"oplock (share mode: none)\n");
+	ZERO_STRUCT(break_info);
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_EXCLUSIVE;
+
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+	h1 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_EXCLUSIVE);
+
+	torture_comment(tctx, "rename with the parent directory handle open "
+			"for DELETE should not generate a break but get "
+			"a sharing violation\n");
+	ZERO_STRUCT(sinfo);
+	sinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sinfo.rename_information.in.file.handle = h1;
+	sinfo.rename_information.in.overwrite = true;
+	sinfo.rename_information.in.new_name = fname2;
+	status = smb2_setinfo_file(tree1, &sinfo);
+
+	torture_comment(tctx, "trying rename while parent handle open for delete.\n");
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_SHARING_VIOLATION,
+				      "Incorrect status");
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.failures, 0);
+
+	/* Close the parent directory handle. */
+	ZERO_STRUCT(closeio);
+	closeio.in.file.handle = h;
+	status = smb2_close(tree1, &closeio);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OK,
+				      "Incorrect status");
+
+	/* Re-open without DELETE access. */
+	ZERO_STRUCT(io);
+	io.smb2.in.oplock_level = 0;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL & (~SEC_STD_DELETE);
+	io.smb2.in.file_attributes   = FILE_ATTRIBUTE_DIRECTORY;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.smb2.in.fname = BASEDIR;
+
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening the base directory");
+
+	torture_comment(tctx, "rename with the parent directory handle open "
+			"without DELETE should succeed without a break\n");
+	ZERO_STRUCT(sinfo);
+	sinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sinfo.rename_information.in.file.handle = h1;
+	sinfo.rename_information.in.overwrite = true;
+	sinfo.rename_information.in.new_name = fname2;
+	status = smb2_setinfo_file(tree1, &sinfo);
+
+	torture_comment(tctx, "trying rename while parent handle open without delete\n");
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OK,
+				      "Incorrect status");
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.failures, 0);
+
+	smb2_util_close(tree1, h1);
+	smb2_util_close(tree1, h);
+
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+static bool test_smb2_oplock_exclusive9(struct torture_context *tctx,
+					struct smb2_tree *tree1,
+					struct smb2_tree *tree2)
+{
+	const char *fname = BASEDIR "\\test_exclusive9.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	struct smb2_handle h1, h2;
+	int i;
+
+	struct {
+		uint32_t create_disposition;
+		uint32_t break_level;
+	} levels[] = {
+		{ NTCREATEX_DISP_SUPERSEDE, SMB2_OPLOCK_LEVEL_NONE },
+		{ NTCREATEX_DISP_OPEN, SMB2_OPLOCK_LEVEL_II },
+		{ NTCREATEX_DISP_OVERWRITE_IF, SMB2_OPLOCK_LEVEL_NONE },
+		{ NTCREATEX_DISP_OPEN_IF, SMB2_OPLOCK_LEVEL_II },
+	};
+
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h1);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+	smb2_util_close(tree1, h1);
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname);
+
+	tree1->session->transport->oplock.handler = torture_oplock_handler;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE | NTCREATEX_SHARE_ACCESS_DELETE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	for (i=0; i<ARRAY_SIZE(levels); i++) {
+
+		io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+		io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_EXCLUSIVE;
+
+		status = smb2_create(tree1, tctx, &(io.smb2));
+		torture_assert_ntstatus_ok(tctx, status,
+					   "Error opening the file");
+		h1 = io.smb2.out.file.handle;
+		CHECK_VAL(io.smb2.out.oplock_level,
+			  SMB2_OPLOCK_LEVEL_EXCLUSIVE);
+
+		ZERO_STRUCT(break_info);
+
+		io.smb2.in.create_disposition = levels[i].create_disposition;
+		status = smb2_create(tree2, tctx, &(io.smb2));
+		torture_assert_ntstatus_ok(tctx, status,
+					   "Error opening the file");
+		h2 = io.smb2.out.file.handle;
+		CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_II);
+
+		CHECK_VAL(break_info.count, 1);
+		CHECK_VAL(break_info.level, levels[i].break_level);
+		CHECK_VAL(break_info.failures, 0);
+
+		smb2_util_close(tree2, h2);
+		smb2_util_close(tree1, h1);
+	}
+
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+static bool test_smb2_oplock_batch1(struct torture_context *tctx,
+				    struct smb2_tree *tree1,
+				    struct smb2_tree *tree2)
+{
+	const char *fname = BASEDIR "\\test_batch1.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	struct smb2_handle h, h1;
+	char c = 0;
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname);
+
+	tree1->session->transport->oplock.handler = torture_oplock_handler;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	/*
+	  with a batch oplock we get a break
+	*/
+	torture_comment(tctx, "BATCH1: open with batch oplock\n");
+	ZERO_STRUCT(break_info);
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+	h1 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+	torture_comment(tctx, "unlink should generate a break\n");
+	status = smb2_util_unlink(tree2, fname);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_SHARING_VIOLATION,
+				      "Incorrect status");
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.handle.data[0], h1.data[0]);
+	CHECK_VAL(break_info.level, SMB2_OPLOCK_LEVEL_II);
+	CHECK_VAL(break_info.failures, 0);
+
+	torture_comment(tctx, "2nd unlink should not generate a break\n");
+	ZERO_STRUCT(break_info);
+	status = smb2_util_unlink(tree2, fname);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_SHARING_VIOLATION,
+				      "Incorrect status");
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+
+	torture_comment(tctx, "writing should generate a self break to none\n");
+	tree1->session->transport->oplock.handler =
+	    torture_oplock_handler_level2_to_none;
+	smb2_util_write(tree1, h1, &c, 0, 1);
+
+	torture_wait_for_oplock_break(tctx);
+
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.handle.data[0], h1.data[0]);
+	CHECK_VAL(break_info.level, SMB2_OPLOCK_LEVEL_NONE);
+	CHECK_VAL(break_info.failures, 0);
+
+	smb2_util_close(tree1, h1);
+	smb2_util_close(tree1, h);
+
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+static bool test_smb2_oplock_batch2(struct torture_context *tctx,
+				    struct smb2_tree *tree1,
+				    struct smb2_tree *tree2)
+{
+	const char *fname = BASEDIR "\\test_batch2.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	char c = 0;
+	struct smb2_handle h, h1;
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname);
+
+	tree1->session->transport->oplock.handler = torture_oplock_handler;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	torture_comment(tctx, "BATCH2: open with batch oplock\n");
+	ZERO_STRUCT(break_info);
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+	h1 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+	torture_comment(tctx, "unlink should generate a break, which we ack "
+			"as break to none\n");
+	tree1->session->transport->oplock.handler =
+				torture_oplock_handler_ack_to_none;
+	tree1->session->transport->oplock.private_data = tree1;
+	status = smb2_util_unlink(tree2, fname);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_SHARING_VIOLATION,
+				     "Incorrect status");
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.handle.data[0], h1.data[0]);
+	CHECK_VAL(break_info.level, SMB2_OPLOCK_LEVEL_II);
+	CHECK_VAL(break_info.failures, 0);
+
+	torture_comment(tctx, "2nd unlink should not generate a break\n");
+	ZERO_STRUCT(break_info);
+	status = smb2_util_unlink(tree2, fname);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_SHARING_VIOLATION,
+				      "Incorrect status");
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+
+	torture_comment(tctx, "writing should not generate a break\n");
+	smb2_util_write(tree1, h1, &c, 0, 1);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+
+	smb2_util_close(tree1, h1);
+	smb2_util_close(tree1, h);
+
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+static bool test_smb2_oplock_batch3(struct torture_context *tctx,
+				    struct smb2_tree *tree1,
+				    struct smb2_tree *tree2)
+{
+	const char *fname = BASEDIR "\\test_batch3.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	struct smb2_handle h, h1;
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname);
+	tree1->session->transport->oplock.handler = torture_oplock_handler;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	torture_comment(tctx, "BATCH3: if we close on break then the unlink "
+			"can succeed\n");
+	ZERO_STRUCT(break_info);
+	tree1->session->transport->oplock.handler =
+					torture_oplock_handler_close;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+	h1 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+	ZERO_STRUCT(break_info);
+	status = smb2_util_unlink(tree2, fname);
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.handle.data[0], h1.data[0]);
+	CHECK_VAL(break_info.level, 1);
+	CHECK_VAL(break_info.failures, 0);
+
+	smb2_util_close(tree1, h1);
+	smb2_util_close(tree1, h);
+
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+static bool test_smb2_oplock_batch4(struct torture_context *tctx,
+				    struct smb2_tree *tree1,
+				    struct smb2_tree *tree2)
+{
+	const char *fname = BASEDIR "\\test_batch4.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	struct smb2_read r;
+	struct smb2_handle h, h1;
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname);
+
+	tree1->session->transport->oplock.handler = torture_oplock_handler;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	torture_comment(tctx, "BATCH4: a self read should not cause a break\n");
+	ZERO_STRUCT(break_info);
+
+	tree1->session->transport->oplock.handler = torture_oplock_handler;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+	h1 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+	ZERO_STRUCT(r);
+	r.in.file.handle = h1;
+	r.in.offset      = 0;
+
+	status = smb2_read(tree1, tree1, &r);
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.failures, 0);
+
+	smb2_util_close(tree1, h1);
+	smb2_util_close(tree1, h);
+
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+static bool test_smb2_oplock_batch5(struct torture_context *tctx,
+				    struct smb2_tree *tree1,
+				    struct smb2_tree *tree2)
+{
+	const char *fname = BASEDIR "\\test_batch5.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	struct smb2_handle h, h1;
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname);
+
+	tree1->session->transport->oplock.handler = torture_oplock_handler;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	torture_comment(tctx, "BATCH5: a 2nd open should give a break\n");
+	ZERO_STRUCT(break_info);
+
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+	h1 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+	ZERO_STRUCT(break_info);
+
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	status = smb2_create(tree2, tctx, &(io.smb2));
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_SHARING_VIOLATION,
+				      "Incorrect status");
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.handle.data[0], h1.data[0]);
+	CHECK_VAL(break_info.level, 1);
+	CHECK_VAL(break_info.failures, 0);
+
+	smb2_util_close(tree1, h1);
+	smb2_util_close(tree1, h);
+
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+static bool test_smb2_oplock_batch6(struct torture_context *tctx,
+				    struct smb2_tree *tree1,
+				    struct smb2_tree *tree2)
+{
+	const char *fname = BASEDIR "\\test_batch6.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	struct smb2_handle h, h1, h2;
+	char c = 0;
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname);
+
+	tree1->session->transport->oplock.handler = torture_oplock_handler;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	torture_comment(tctx, "BATCH6: a 2nd open should give a break to "
+			"level II if the first open allowed shared read\n");
+	ZERO_STRUCT(break_info);
+	tree2->session->transport->oplock.handler = torture_oplock_handler;
+	tree2->session->transport->oplock.private_data = tree2;
+
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_READ |
+				SEC_RIGHTS_FILE_WRITE;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE;
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+	h1 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+	ZERO_STRUCT(break_info);
+
+	status = smb2_create(tree2, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+	h2 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_II);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.handle.data[0], h1.data[0]);
+	CHECK_VAL(break_info.level, 1);
+	CHECK_VAL(break_info.failures, 0);
+	ZERO_STRUCT(break_info);
+
+	torture_comment(tctx, "write should trigger a break to none on both\n");
+	tree1->session->transport->oplock.handler =
+	    torture_oplock_handler_level2_to_none;
+	tree2->session->transport->oplock.handler =
+	    torture_oplock_handler_level2_to_none;
+	smb2_util_write(tree1, h1, &c, 0, 1);
+
+	/* We expect two breaks */
+	torture_wait_for_oplock_break(tctx);
+	torture_wait_for_oplock_break(tctx);
+
+	CHECK_VAL(break_info.count, 2);
+	CHECK_VAL(break_info.level, 0);
+	CHECK_VAL(break_info.failures, 0);
+
+	smb2_util_close(tree1, h1);
+	smb2_util_close(tree2, h2);
+	smb2_util_close(tree1, h);
+
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+static bool test_smb2_oplock_batch7(struct torture_context *tctx,
+				    struct smb2_tree *tree1,
+				    struct smb2_tree *tree2)
+{
+	const char *fname = BASEDIR "\\test_batch7.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	struct smb2_handle h, h1, h2;
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname);
+
+	tree1->session->transport->oplock.handler = torture_oplock_handler;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	torture_comment(tctx, "BATCH7: a 2nd open should get an oplock when "
+			"we close instead of ack\n");
+	ZERO_STRUCT(break_info);
+	tree1->session->transport->oplock.handler =
+			torture_oplock_handler_close;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+	h2 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+	ZERO_STRUCT(break_info);
+
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+	status = smb2_create(tree2, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+	h1 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.handle.data[0], h2.data[0]);
+	CHECK_VAL(break_info.level, 1);
+	CHECK_VAL(break_info.failures, 0);
+
+	smb2_util_close(tree2, h1);
+	smb2_util_close(tree2, h);
+
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+static bool test_smb2_oplock_batch8(struct torture_context *tctx,
+				    struct smb2_tree *tree1,
+				    struct smb2_tree *tree2)
+{
+	const char *fname = BASEDIR "\\test_batch8.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	struct smb2_handle h, h1, h2;
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname);
+
+	tree1->session->transport->oplock.handler = torture_oplock_handler;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	torture_comment(tctx, "BATCH8: open with batch oplock\n");
+	ZERO_STRUCT(break_info);
+
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+	h1 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+	ZERO_STRUCT(break_info);
+	torture_comment(tctx, "second open with attributes only shouldn't "
+			"cause oplock break\n");
+
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.desired_access = SEC_FILE_READ_ATTRIBUTE |
+				SEC_FILE_WRITE_ATTRIBUTE |
+				SEC_STD_SYNCHRONIZE;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+	status = smb2_create(tree2, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+	h2 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_NONE);
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.failures, 0);
+
+	smb2_util_close(tree1, h1);
+	smb2_util_close(tree2, h2);
+	smb2_util_close(tree1, h);
+
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+static bool test_smb2_oplock_batch9(struct torture_context *tctx,
+				     struct smb2_tree *tree1,
+				     struct smb2_tree *tree2)
+{
+	const char *fname = BASEDIR "\\test_batch9.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	struct smb2_handle h, h1, h2;
+	char c = 0;
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname);
+
+	tree1->session->transport->oplock.handler = torture_oplock_handler;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	torture_comment(tctx, "BATCH9: open with attributes only can create "
+			"file\n");
+
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+	io.smb2.in.desired_access = SEC_FILE_READ_ATTRIBUTE |
+				SEC_FILE_WRITE_ATTRIBUTE |
+				SEC_STD_SYNCHRONIZE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+	h1 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+	torture_comment(tctx, "Subsequent normal open should break oplock on "
+			"attribute only open to level II\n");
+
+	ZERO_STRUCT(break_info);
+
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	status = smb2_create(tree2, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+	h2 = io.smb2.out.file.handle;
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.handle.data[0], h1.data[0]);
+	CHECK_VAL(break_info.failures, 0);
+	CHECK_VAL(break_info.level, SMB2_OPLOCK_LEVEL_II);
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_II);
+	smb2_util_close(tree2, h2);
+
+	torture_comment(tctx, "third oplocked open should grant level2 without "
+			"break\n");
+	ZERO_STRUCT(break_info);
+
+	tree2->session->transport->oplock.handler = torture_oplock_handler;
+	tree2->session->transport->oplock.private_data = tree2;
+
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	status = smb2_create(tree2, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+	h2 = io.smb2.out.file.handle;
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.failures, 0);
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_II);
+
+	ZERO_STRUCT(break_info);
+
+	torture_comment(tctx, "write should trigger a break to none on both\n");
+	tree1->session->transport->oplock.handler =
+	    torture_oplock_handler_level2_to_none;
+	tree2->session->transport->oplock.handler =
+	    torture_oplock_handler_level2_to_none;
+	smb2_util_write(tree2, h2, &c, 0, 1);
+
+	/* We expect two breaks */
+	torture_wait_for_oplock_break(tctx);
+	torture_wait_for_oplock_break(tctx);
+
+	CHECK_VAL(break_info.count, 2);
+	CHECK_VAL(break_info.level, 0);
+	CHECK_VAL(break_info.failures, 0);
+
+	smb2_util_close(tree1, h1);
+	smb2_util_close(tree2, h2);
+	smb2_util_close(tree1, h);
+
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+static bool test_smb2_oplock_batch9a(struct torture_context *tctx,
+				     struct smb2_tree *tree1,
+				     struct smb2_tree *tree2)
+{
+	const char *fname = BASEDIR "\\test_batch9a.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	struct smb2_handle h, h1, h2, h3;
+	char c = 0;
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname);
+
+	tree1->session->transport->oplock.handler = torture_oplock_handler;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	torture_comment(tctx, "BATCH9: open with attributes only can create "
+			"file\n");
+
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+	io.smb2.in.desired_access = SEC_FILE_READ_ATTRIBUTE |
+				SEC_FILE_WRITE_ATTRIBUTE |
+				SEC_STD_SYNCHRONIZE;
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error creating the file");
+	h1 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.create_action, FILE_WAS_CREATED);
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+	torture_comment(tctx, "Subsequent attributes open should not break\n");
+
+	ZERO_STRUCT(break_info);
+
+	status = smb2_create(tree2, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+	h3 = io.smb2.out.file.handle;
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(io.smb2.out.create_action, FILE_WAS_OPENED);
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_NONE);
+	smb2_util_close(tree2, h3);
+
+	torture_comment(tctx, "Subsequent normal open should break oplock on "
+			"attribute only open to level II\n");
+
+	ZERO_STRUCT(break_info);
+
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	status = smb2_create(tree2, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+	h2 = io.smb2.out.file.handle;
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.handle.data[0], h1.data[0]);
+	CHECK_VAL(break_info.failures, 0);
+	CHECK_VAL(break_info.level, SMB2_OPLOCK_LEVEL_II);
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_II);
+	smb2_util_close(tree2, h2);
+
+	torture_comment(tctx, "third oplocked open should grant level2 without "
+			"break\n");
+	ZERO_STRUCT(break_info);
+
+	tree2->session->transport->oplock.handler = torture_oplock_handler;
+	tree2->session->transport->oplock.private_data = tree2;
+
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	status = smb2_create(tree2, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+	h2 = io.smb2.out.file.handle;
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.failures, 0);
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_II);
+
+	ZERO_STRUCT(break_info);
+
+	torture_comment(tctx, "write should trigger a break to none on both\n");
+	tree1->session->transport->oplock.handler =
+	    torture_oplock_handler_level2_to_none;
+	tree2->session->transport->oplock.handler =
+	    torture_oplock_handler_level2_to_none;
+	smb2_util_write(tree2, h2, &c, 0, 1);
+
+	/* We expect two breaks */
+	torture_wait_for_oplock_break(tctx);
+	torture_wait_for_oplock_break(tctx);
+
+	CHECK_VAL(break_info.count, 2);
+	CHECK_VAL(break_info.level, 0);
+	CHECK_VAL(break_info.failures, 0);
+
+	smb2_util_close(tree1, h1);
+	smb2_util_close(tree2, h2);
+	smb2_util_close(tree1, h);
+
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+
+static bool test_smb2_oplock_batch10(struct torture_context *tctx,
+				     struct smb2_tree *tree1,
+				     struct smb2_tree *tree2)
+{
+	const char *fname = BASEDIR "\\test_batch10.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	struct smb2_handle h, h1, h2;
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname);
+
+	tree1->session->transport->oplock.handler = torture_oplock_handler;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	torture_comment(tctx, "BATCH10: Open with oplock after a non-oplock "
+			"open should grant level2\n");
+	ZERO_STRUCT(break_info);
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE|
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+	h1 = io.smb2.out.file.handle;
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.failures, 0);
+	CHECK_VAL(io.smb2.out.oplock_level, 0);
+
+	tree2->session->transport->oplock.handler =
+	    torture_oplock_handler_level2_to_none;
+	tree2->session->transport->oplock.private_data = tree2;
+
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE|
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	status = smb2_create(tree2, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+	h2 = io.smb2.out.file.handle;
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.failures, 0);
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_II);
+
+	torture_comment(tctx, "write should trigger a break to none\n");
+	{
+		struct smb2_write wr;
+		DATA_BLOB data;
+		data = data_blob_talloc_zero(tree1, UINT16_MAX);
+		data.data[0] = (const uint8_t)'x';
+		ZERO_STRUCT(wr);
+		wr.in.file.handle = h1;
+		wr.in.offset      = 0;
+		wr.in.data        = data;
+		status = smb2_write(tree1, &wr);
+		torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+	}
+
+	torture_wait_for_oplock_break(tctx);
+
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.handle.data[0], h2.data[0]);
+	CHECK_VAL(break_info.level, 0);
+	CHECK_VAL(break_info.failures, 0);
+
+	smb2_util_close(tree1, h1);
+	smb2_util_close(tree2, h2);
+	smb2_util_close(tree1, h);
+
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+static bool test_smb2_oplock_batch11(struct torture_context *tctx,
+				     struct smb2_tree *tree1,
+				     struct smb2_tree *tree2)
+{
+	const char *fname = BASEDIR "\\test_batch11.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	union smb_setfileinfo sfi;
+	struct smb2_handle h, h1;
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname);
+
+	tree1->session->transport->oplock.handler =
+	    torture_oplock_handler_two_notifications;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	/* Test if a set-eof on pathname breaks an exclusive oplock. */
+	torture_comment(tctx, "BATCH11: Test if setpathinfo set EOF breaks "
+			"oplocks.\n");
+
+	ZERO_STRUCT(break_info);
+
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+				NTCREATEX_SHARE_ACCESS_WRITE|
+				NTCREATEX_SHARE_ACCESS_DELETE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+	h1 = io.smb2.out.file.handle;
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.failures, 0);
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+	ZERO_STRUCT(sfi);
+	sfi.generic.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
+	sfi.generic.in.file.path = fname;
+	sfi.end_of_file_info.in.size = 100;
+
+	status = smb2_composite_setpathinfo(tree2, &sfi);
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+
+	/* We expect two breaks */
+	torture_wait_for_oplock_break(tctx);
+	torture_wait_for_oplock_break(tctx);
+
+	CHECK_VAL(break_info.count, 2);
+	CHECK_VAL(break_info.failures, 0);
+	CHECK_VAL(break_info.level, 0);
+
+	smb2_util_close(tree1, h1);
+	smb2_util_close(tree1, h);
+
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+static bool test_smb2_oplock_batch12(struct torture_context *tctx,
+				     struct smb2_tree *tree1,
+				     struct smb2_tree *tree2)
+{
+	const char *fname = BASEDIR "\\test_batch12.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	union smb_setfileinfo sfi;
+	struct smb2_handle h, h1;
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname);
+
+	tree1->session->transport->oplock.handler =
+	    torture_oplock_handler_two_notifications;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	/* Test if a set-allocation size on pathname breaks an exclusive
+	 * oplock. */
+	torture_comment(tctx, "BATCH12: Test if setpathinfo allocation size "
+			"breaks oplocks.\n");
+
+	ZERO_STRUCT(break_info);
+
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+				NTCREATEX_SHARE_ACCESS_WRITE|
+				NTCREATEX_SHARE_ACCESS_DELETE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+	h1 = io.smb2.out.file.handle;
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.failures, 0);
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+	ZERO_STRUCT(sfi);
+	sfi.generic.level = RAW_SFILEINFO_ALLOCATION_INFORMATION;
+	sfi.generic.in.file.path = fname;
+	sfi.allocation_info.in.alloc_size = 65536 * 8;
+
+	status = smb2_composite_setpathinfo(tree2, &sfi);
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+
+	/* We expect two breaks */
+	torture_wait_for_oplock_break(tctx);
+	torture_wait_for_oplock_break(tctx);
+
+	CHECK_VAL(break_info.count, 2);
+	CHECK_VAL(break_info.failures, 0);
+	CHECK_VAL(break_info.level, 0);
+
+	smb2_util_close(tree1, h1);
+	smb2_util_close(tree1, h);
+
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+static bool test_smb2_oplock_batch13(struct torture_context *tctx,
+				     struct smb2_tree *tree1,
+				     struct smb2_tree *tree2)
+{
+	const char *fname = BASEDIR "\\test_batch13.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	struct smb2_handle h, h1, h2;
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname);
+
+	tree1->session->transport->oplock.handler = torture_oplock_handler;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	tree2->session->transport->oplock.handler = torture_oplock_handler;
+	tree2->session->transport->oplock.private_data = tree2;
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	torture_comment(tctx, "BATCH13: open with batch oplock\n");
+	ZERO_STRUCT(break_info);
+
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE|
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+	h1 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+	ZERO_STRUCT(break_info);
+
+	torture_comment(tctx, "second open with attributes only and "
+			"NTCREATEX_DISP_OVERWRITE disposition causes "
+			"oplock break\n");
+
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+	io.smb2.in.desired_access = SEC_FILE_READ_ATTRIBUTE |
+				SEC_FILE_WRITE_ATTRIBUTE |
+				SEC_STD_SYNCHRONIZE;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+				NTCREATEX_SHARE_ACCESS_WRITE|
+				NTCREATEX_SHARE_ACCESS_DELETE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OVERWRITE;
+	status = smb2_create(tree2, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+	h2 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_II);
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.failures, 0);
+
+	smb2_util_close(tree1, h1);
+	smb2_util_close(tree2, h2);
+	smb2_util_close(tree1, h);
+
+	smb2_deltree(tree1, BASEDIR);
+
+	return ret;
+}
+
+static bool test_smb2_oplock_batch14(struct torture_context *tctx,
+				     struct smb2_tree *tree1,
+				     struct smb2_tree *tree2)
+{
+	const char *fname = BASEDIR "\\test_batch14.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	struct smb2_handle h, h1, h2;
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname);
+
+	tree1->session->transport->oplock.handler = torture_oplock_handler;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	torture_comment(tctx, "BATCH14: open with batch oplock\n");
+	ZERO_STRUCT(break_info);
+
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE|
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+	h1 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+	ZERO_STRUCT(break_info);
+
+	torture_comment(tctx, "second open with attributes only and "
+			"NTCREATEX_DISP_SUPERSEDE disposition causes "
+			"oplock break\n");
+
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+	io.smb2.in.desired_access = SEC_FILE_READ_ATTRIBUTE |
+				SEC_FILE_WRITE_ATTRIBUTE |
+				SEC_STD_SYNCHRONIZE;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+				NTCREATEX_SHARE_ACCESS_WRITE|
+				NTCREATEX_SHARE_ACCESS_DELETE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OVERWRITE;
+	status = smb2_create(tree2, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+	h2 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_II);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.failures, 0);
+
+	smb2_util_close(tree1, h1);
+	smb2_util_close(tree2, h2);
+	smb2_util_close(tree1, h);
+
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+static bool test_smb2_oplock_batch15(struct torture_context *tctx,
+				     struct smb2_tree *tree1,
+				     struct smb2_tree *tree2)
+{
+	const char *fname = BASEDIR "\\test_batch15.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	union smb_fileinfo qfi;
+	struct smb2_handle h, h1;
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname);
+
+	tree1->session->transport->oplock.handler = torture_oplock_handler;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	/* Test if a qpathinfo all info on pathname breaks a batch oplock. */
+	torture_comment(tctx, "BATCH15: Test if qpathinfo all info breaks "
+			"a batch oplock (should not).\n");
+
+	ZERO_STRUCT(break_info);
+
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+				NTCREATEX_SHARE_ACCESS_WRITE|
+				NTCREATEX_SHARE_ACCESS_DELETE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+	h1 = io.smb2.out.file.handle;
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.failures, 0);
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+	ZERO_STRUCT(qfi);
+	qfi.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+	qfi.generic.in.file.handle = h1;
+	status = smb2_getinfo_file(tree2, tctx, &qfi);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+
+	smb2_util_close(tree1, h1);
+	smb2_util_close(tree1, h);
+
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+static bool test_smb2_oplock_batch16(struct torture_context *tctx,
+				     struct smb2_tree *tree1,
+				     struct smb2_tree *tree2)
+{
+	const char *fname = BASEDIR "\\test_batch16.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	struct smb2_handle h, h1, h2;
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname);
+
+	tree1->session->transport->oplock.handler = torture_oplock_handler;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	tree2->session->transport->oplock.handler = torture_oplock_handler;
+	tree2->session->transport->oplock.private_data = tree2;
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	torture_comment(tctx, "BATCH16: open with batch oplock\n");
+	ZERO_STRUCT(break_info);
+
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE|
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+	h1 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+	ZERO_STRUCT(break_info);
+
+	torture_comment(tctx, "second open with attributes only and "
+			"NTCREATEX_DISP_OVERWRITE_IF disposition causes "
+			"oplock break\n");
+
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+	io.smb2.in.desired_access = SEC_FILE_READ_ATTRIBUTE |
+				SEC_FILE_WRITE_ATTRIBUTE |
+				SEC_STD_SYNCHRONIZE;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+				NTCREATEX_SHARE_ACCESS_WRITE|
+				NTCREATEX_SHARE_ACCESS_DELETE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+	status = smb2_create(tree2, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+	h2 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_II);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.failures, 0);
+
+	smb2_util_close(tree1, h1);
+	smb2_util_close(tree2, h2);
+	smb2_util_close(tree1, h);
+
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+/* This function is a placeholder for the SMB1 RAW-OPLOCK-BATCH17 test.  Since
+ * SMB2 doesn't have a RENAME command this test isn't applicable.  However,
+ * it's much less confusing, when comparing test, to keep the SMB1 and SMB2
+ * test numbers in sync. */
+#if 0
+static bool test_raw_oplock_batch17(struct torture_context *tctx,
+				    struct smb2_tree *tree1,
+				    struct smb2_tree *tree2)
+{
+	return true;
+}
+#endif
+
+/* This function is a placeholder for the SMB1 RAW-OPLOCK-BATCH18 test.  Since
+ * SMB2 doesn't have an NTRENAME command this test isn't applicable.  However,
+ * it's much less confusing, when comparing tests, to keep the SMB1 and SMB2
+ * test numbers in sync. */
+#if 0
+static bool test_raw_oplock_batch18(struct torture_context *tctx,
+				    struct smb2_tree *tree1,
+				    struct smb2_tree *tree2)
+{
+	return true;
+}
+#endif
+
+static bool test_smb2_oplock_batch19(struct torture_context *tctx,
+				     struct smb2_tree *tree1)
+{
+	const char *fname1 = BASEDIR "\\test_batch19_1.dat";
+	const char *fname2 = BASEDIR "\\test_batch19_2.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	union smb_fileinfo qfi;
+	union smb_setfileinfo sfi;
+	struct smb2_handle h, h1;
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname1);
+	smb2_util_unlink(tree1, fname2);
+
+	tree1->session->transport->oplock.handler = torture_oplock_handler;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname1;
+
+	torture_comment(tctx, "BATCH19: open a file with an batch oplock "
+			"(share mode: none)\n");
+	ZERO_STRUCT(break_info);
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+	h1 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+	torture_comment(tctx, "setfileinfo rename info should not trigger "
+			"a break but should cause a sharing violation\n");
+	ZERO_STRUCT(sfi);
+	sfi.generic.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sfi.generic.in.file.path = fname1;
+	sfi.rename_information.in.file.handle   = h1;
+	sfi.rename_information.in.overwrite     = 0;
+	sfi.rename_information.in.root_fid      = 0;
+	sfi.rename_information.in.new_name      = fname2;
+
+	status = smb2_setinfo_file(tree1, &sfi);
+
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_SHARING_VIOLATION,
+				      "Incorrect status");
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+
+	ZERO_STRUCT(qfi);
+	qfi.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+	qfi.generic.in.file.handle = h1;
+
+	status = smb2_getinfo_file(tree1, tctx, &qfi);
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+	CHECK_STRMATCH(qfi.all_info2.out.fname.s, fname1);
+
+	smb2_util_close(tree1, h1);
+	smb2_util_close(tree1, h);
+
+	smb2_deltree(tree1, fname1);
+	smb2_deltree(tree1, fname2);
+	return ret;
+}
+
+static bool test_smb2_oplock_batch20(struct torture_context *tctx,
+				     struct smb2_tree *tree1,
+				     struct smb2_tree *tree2)
+{
+	const char *fname1 = BASEDIR "\\test_batch20_1.dat";
+	const char *fname2 = BASEDIR "\\test_batch20_2.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	union smb_fileinfo qfi;
+	union smb_setfileinfo sfi;
+	struct smb2_handle h, h1, h2;
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname1);
+	smb2_util_unlink(tree1, fname2);
+
+	tree1->session->transport->oplock.handler = torture_oplock_handler;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname1;
+
+	torture_comment(tctx, "BATCH20: open a file with an batch oplock "
+			"(share mode: all)\n");
+	ZERO_STRUCT(break_info);
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+				NTCREATEX_SHARE_ACCESS_WRITE|
+				NTCREATEX_SHARE_ACCESS_DELETE;
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+	h1 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+	torture_comment(tctx, "setfileinfo rename info should not trigger "
+			"a break but should cause a sharing violation\n");
+	ZERO_STRUCT(sfi);
+	sfi.generic.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sfi.rename_information.in.file.handle	= h1;
+	sfi.rename_information.in.overwrite     = 0;
+	sfi.rename_information.in.new_name      = fname2;
+
+	status = smb2_setinfo_file(tree1, &sfi);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_SHARING_VIOLATION,
+				      "Incorrect status");
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+
+	ZERO_STRUCT(qfi);
+	qfi.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+	qfi.generic.in.file.handle = h1;
+
+	status = smb2_getinfo_file(tree1, tctx, &qfi);
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+	CHECK_STRMATCH(qfi.all_info2.out.fname.s, fname1);
+
+	torture_comment(tctx, "open the file a second time requesting batch "
+			"(share mode: all)\n");
+	ZERO_STRUCT(break_info);
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+				NTCREATEX_SHARE_ACCESS_WRITE|
+				NTCREATEX_SHARE_ACCESS_DELETE;
+	io.smb2.in.fname = fname1;
+	status = smb2_create(tree2, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+	h2 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_II);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.failures, 0);
+	CHECK_VAL(break_info.level, SMB2_OPLOCK_LEVEL_II);
+
+	torture_comment(tctx, "setfileinfo rename info should not trigger "
+			"a break but should cause a sharing violation\n");
+	ZERO_STRUCT(break_info);
+	ZERO_STRUCT(sfi);
+	sfi.generic.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sfi.rename_information.in.file.handle	= h2;
+	sfi.rename_information.in.overwrite     = 0;
+	sfi.rename_information.in.new_name      = fname2;
+
+	status = smb2_setinfo_file(tree2, &sfi);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_SHARING_VIOLATION,
+				      "Incorrect status");
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+
+	ZERO_STRUCT(qfi);
+	qfi.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+	qfi.generic.in.file.handle = h1;
+
+	status = smb2_getinfo_file(tree1, tctx, &qfi);
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+	CHECK_STRMATCH(qfi.all_info2.out.fname.s, fname1);
+
+	ZERO_STRUCT(qfi);
+	qfi.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+	qfi.generic.in.file.handle = h2;
+
+	status = smb2_getinfo_file(tree2, tctx, &qfi);
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+	CHECK_STRMATCH(qfi.all_info2.out.fname.s, fname1);
+
+	smb2_util_close(tree1, h1);
+	smb2_util_close(tree2, h2);
+	smb2_util_close(tree1, h);
+
+	smb2_deltree(tree1, fname1);
+	return ret;
+}
+
+static bool test_smb2_oplock_batch21(struct torture_context *tctx,
+				     struct smb2_tree *tree1)
+{
+	const char *fname = BASEDIR "\\test_batch21.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	struct smb2_handle h, h1;
+	char c = 0;
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname);
+
+	tree1->session->transport->oplock.handler = torture_oplock_handler;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	/*
+	  with a batch oplock we get a break
+	*/
+	torture_comment(tctx, "BATCH21: open with batch oplock\n");
+	ZERO_STRUCT(break_info);
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+	h1 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+	torture_comment(tctx, "writing should not generate a break\n");
+	status = smb2_util_write(tree1, h1, &c, 0, 1);
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+
+	smb2_util_close(tree1, h1);
+	smb2_util_close(tree1, h);
+
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+static bool test_smb2_oplock_batch22a(struct torture_context *tctx,
+				      struct smb2_tree *tree1)
+{
+	const char *fname = BASEDIR "\\test_batch22a.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	struct smb2_handle h, h1, h2;
+	struct timeval tv;
+	int timeout = torture_setting_int(tctx, "oplocktimeout", 35);
+	int te;
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname);
+
+	tree1->session->transport->oplock.handler = torture_oplock_handler;
+	tree1->session->transport->oplock.private_data = tree1;
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	/*
+	  with a batch oplock we get a break
+	*/
+	torture_comment(tctx, "BATCH22: open with batch oplock\n");
+	ZERO_STRUCT(break_info);
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE|
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+	h1 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+	torture_comment(tctx, "a 2nd open should succeed after the oplock "
+			"break timeout\n");
+	tv = timeval_current();
+	tree1->session->transport->oplock.handler =
+				torture_oplock_handler_timeout;
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+	h2 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_II);
+
+	torture_wait_for_oplock_break(tctx);
+	te = (int)timeval_elapsed(&tv);
+	CHECK_RANGE(te, timeout - 1, timeout + 15);
+	torture_comment(tctx, "waited %d seconds for oplock timeout\n", te);
+
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.handle.data[0], h1.data[0]);
+	CHECK_VAL(break_info.level, SMB2_OPLOCK_LEVEL_II);
+	CHECK_VAL(break_info.failures, 0);
+
+	smb2_util_close(tree1, h1);
+	smb2_util_close(tree1, h2);
+	smb2_util_close(tree1, h);
+
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+static bool test_smb2_oplock_batch22b(struct torture_context *tctx,
+				      struct smb2_tree *tree1,
+				      struct smb2_tree *tree2)
+{
+	const char *fname = BASEDIR "\\test_batch22b.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	struct smb2_handle h, h1, h2 = {{0}};
+	struct timeval tv;
+	int timeout = torture_setting_int(tctx, "oplocktimeout", 35);
+	struct smb2_transport *transport1 = tree1->session->transport;
+	bool block_setup = false;
+	bool block_ok = false;
+	int te;
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname);
+
+	tree1->session->transport->oplock.handler = torture_oplock_handler;
+	tree1->session->transport->oplock.private_data = tree1;
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	/*
+	  with a batch oplock we get a break
+	*/
+	torture_comment(tctx, "BATCH22: open with batch oplock\n");
+	ZERO_STRUCT(break_info);
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE|
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+	h1 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+	torture_comment(tctx, "a 2nd open should succeed after the oplock "
+			"break timeout\n");
+	tv = timeval_current();
+	tree1->session->transport->oplock.handler =
+				torture_oplock_handler_timeout;
+	block_setup = test_setup_blocked_transports(tctx);
+	torture_assert(tctx, block_setup, "test_setup_blocked_transports");
+	block_ok = test_block_smb2_transport(tctx, transport1);
+	torture_assert(tctx, block_ok, "test_block_smb2_transport");
+
+	status = smb2_create(tree2, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "Incorrect status");
+	h2 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+	torture_wait_for_oplock_break(tctx);
+	te = (int)timeval_elapsed(&tv);
+	CHECK_RANGE(te, 0, timeout);
+	torture_comment(tctx, "waited %d seconds for oplock timeout\n", te);
+
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.handle.data[0], h1.data[0]);
+	CHECK_VAL(break_info.level, SMB2_OPLOCK_LEVEL_II);
+	CHECK_VAL(break_info.failures, 0);
+
+done:
+	if (block_ok) {
+		test_unblock_smb2_transport(tctx, transport1);
+	}
+	test_cleanup_blocked_transports(tctx);
+
+	smb2_util_close(tree1, h1);
+	if (!smb2_util_handle_empty(h2)) {
+		smb2_util_close(tree1, h2);
+	}
+	smb2_util_close(tree1, h);
+
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+static bool test_smb2_oplock_batch23(struct torture_context *tctx,
+				     struct smb2_tree *tree1,
+				     struct smb2_tree *tree2)
+{
+	const char *fname = BASEDIR "\\test_batch23.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	struct smb2_handle h, h1, h2, h3;
+	struct smb2_tree *tree3 = NULL;
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname);
+
+	ret = open_smb2_connection_no_level2_oplocks(tctx, &tree3);
+	CHECK_VAL(ret, true);
+
+	tree1->session->transport->oplock.handler = torture_oplock_handler;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	tree2->session->transport->oplock.handler = torture_oplock_handler;
+	tree2->session->transport->oplock.private_data = tree2;
+
+	tree3->session->transport->oplock.handler = torture_oplock_handler;
+	tree3->session->transport->oplock.private_data = tree3;
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	torture_comment(tctx, "BATCH23: an open and ask for a batch oplock\n");
+	ZERO_STRUCT(break_info);
+
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_READ |
+				SEC_RIGHTS_FILE_WRITE;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE;
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+	h1 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+	ZERO_STRUCT(break_info);
+
+	torture_comment(tctx, "a 2nd open without level2 oplock support "
+			"should generate a break to level2\n");
+	status = smb2_create(tree3, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+	h3 = io.smb2.out.file.handle;
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.handle.data[0], h1.data[0]);
+	CHECK_VAL(break_info.level, SMB2_OPLOCK_LEVEL_II);
+	CHECK_VAL(break_info.failures, 0);
+
+	ZERO_STRUCT(break_info);
+
+	torture_comment(tctx, "a 3rd open with level2 oplock support should "
+			"not generate a break\n");
+	status = smb2_create(tree2, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+	h2 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_II);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+
+	smb2_util_close(tree1, h1);
+	smb2_util_close(tree2, h2);
+	smb2_util_close(tree3, h3);
+	smb2_util_close(tree1, h);
+
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+static bool test_smb2_oplock_batch24(struct torture_context *tctx,
+				     struct smb2_tree *tree1,
+				     struct smb2_tree *tree2)
+{
+	const char *fname = BASEDIR "\\test_batch24.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	struct smb2_handle h, h1, h2;
+	struct smb2_tree *tree3 = NULL;
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname);
+
+	ret = open_smb2_connection_no_level2_oplocks(tctx, &tree3);
+	CHECK_VAL(ret, true);
+
+	tree1->session->transport->oplock.handler = torture_oplock_handler;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	tree2->session->transport->oplock.handler = torture_oplock_handler;
+	tree2->session->transport->oplock.private_data = tree2;
+
+	tree3->session->transport->oplock.handler = torture_oplock_handler;
+	tree3->session->transport->oplock.private_data = tree3;
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	torture_comment(tctx, "BATCH24: a open without level support and "
+			"ask for a batch oplock\n");
+	ZERO_STRUCT(break_info);
+
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_READ |
+				SEC_RIGHTS_FILE_WRITE;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE;
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+
+	status = smb2_create(tree3, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+	h2 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+	ZERO_STRUCT(break_info);
+
+	torture_comment(tctx, "a 2nd open with level2 oplock support should "
+			"generate a break\n");
+	status = smb2_create(tree2, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+	h1 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_II);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.handle.data[0], h2.data[0]);
+	CHECK_VAL(break_info.level, SMB2_OPLOCK_LEVEL_II);
+	CHECK_VAL(break_info.failures, 0);
+
+	smb2_util_close(tree3, h2);
+	smb2_util_close(tree2, h1);
+	smb2_util_close(tree1, h);
+
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+static bool test_smb2_oplock_batch25(struct torture_context *tctx,
+			             struct smb2_tree *tree1)
+{
+	const char *fname = BASEDIR "\\test_batch25.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	struct smb2_handle h, h1;
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname);
+
+	tree1->session->transport->oplock.handler = torture_oplock_handler;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	torture_comment(tctx, "BATCH25: open a file with an batch oplock "
+			"(share mode: none)\n");
+
+	ZERO_STRUCT(break_info);
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+	h1 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+	status = smb2_util_setatr(tree1, fname, FILE_ATTRIBUTE_HIDDEN);
+	torture_assert_ntstatus_ok(tctx, status, "Setting attributes "
+				   "shouldn't trigger an oplock break");
+
+	smb2_util_close(tree1, h1);
+	smb2_util_close(tree1, h);
+
+	smb2_deltree(tree1, fname);
+	return ret;
+}
+
+static bool test_smb2_oplock_batch26(struct torture_context *tctx,
+                                        struct smb2_tree *tree1)
+{
+
+        NTSTATUS status;
+        bool ret = true;
+        union smb_open io;
+        struct smb2_handle h, h1, h2, h3;
+        const char *fname_base = BASEDIR "\\test_oplock.txt";
+        const char *stream = "Stream One:$DATA";
+        const char *fname_stream;
+
+        status = torture_smb2_testdir(tree1, BASEDIR, &h);
+        torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+        tree1->session->transport->oplock.handler = torture_oplock_handler;
+        tree1->session->transport->oplock.private_data = tree1;
+
+        fname_stream = talloc_asprintf(tctx, "%s:%s", fname_base, stream);
+
+        /*
+          base ntcreatex parms
+        */
+        ZERO_STRUCT(io.smb2);
+        io.generic.level = RAW_OPEN_SMB2;
+        io.smb2.in.desired_access = 0x120089;
+        io.smb2.in.alloc_size = 0;
+        io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+        io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_DELETE |
+                                  NTCREATEX_SHARE_ACCESS_WRITE;
+        io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+        io.smb2.in.create_options = 0;
+        io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+        io.smb2.in.security_flags = 0;
+        io.smb2.in.fname = fname_base;
+
+        /*
+          Open base file with a batch oplock.
+        */
+        torture_comment(tctx, "Open the base file with batch oplock\n");
+        io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+        io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+
+        status = smb2_create(tree1, tctx, &(io.smb2));
+        torture_assert_ntstatus_ok(tctx, status, "Error opening base file");
+        h1 = io.smb2.out.file.handle;
+        CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+        torture_comment(tctx, "Got batch oplock on base file\n");
+
+        torture_comment(tctx, "Opening stream file with batch oplock..\n");
+
+        io.smb2.in.fname = fname_stream;
+
+        status = smb2_create(tree1, tctx, &(io.smb2));
+        torture_assert_ntstatus_ok(tctx, status, "Error opening stream file");
+        h2 = io.smb2.out.file.handle;
+        CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+        torture_comment(tctx, "Got batch oplock on stream file\n");
+
+        torture_comment(tctx, "Open base file again with batch oplock\n");
+
+        io.smb2.in.fname = fname_base;
+
+        status = smb2_create(tree1, tctx, &(io.smb2));
+        torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+        h3 = io.smb2.out.file.handle;
+        CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_II);
+
+        smb2_util_close(tree1, h1);
+        smb2_util_close(tree1, h2);
+        smb2_util_close(tree1, h3);
+        smb2_util_close(tree1, h);
+        smb2_deltree(tree1, BASEDIR);
+        return ret;
+
+}
+
+/* Test how oplocks work on streams. */
+static bool test_raw_oplock_stream1(struct torture_context *tctx,
+				    struct smb2_tree *tree1,
+				    struct smb2_tree *tree2)
+{
+	NTSTATUS status;
+	union smb_open io;
+	const char *fname_base = BASEDIR "\\test_stream1.txt";
+	const char *fname_stream, *fname_default_stream;
+	const char *default_stream = "::$DATA";
+	const char *stream = "Stream One:$DATA";
+	bool ret = true;
+	struct smb2_handle h, h_base, h_stream;
+	int i;
+
+#define NSTREAM_OPLOCK_RESULTS 8
+	struct {
+		const char **fname;
+		bool open_base_file;
+		uint32_t oplock_req;
+		uint32_t oplock_granted;
+	} stream_oplock_results[NSTREAM_OPLOCK_RESULTS] = {
+		/* Request oplock on stream without the base file open. */
+		{&fname_stream, false, SMB2_OPLOCK_LEVEL_BATCH, SMB2_OPLOCK_LEVEL_BATCH},
+		{&fname_default_stream, false, SMB2_OPLOCK_LEVEL_BATCH, SMB2_OPLOCK_LEVEL_BATCH},
+		{&fname_stream, false, SMB2_OPLOCK_LEVEL_EXCLUSIVE, SMB2_OPLOCK_LEVEL_EXCLUSIVE},
+		{&fname_default_stream, false,  SMB2_OPLOCK_LEVEL_EXCLUSIVE, SMB2_OPLOCK_LEVEL_EXCLUSIVE},
+
+		/* Request oplock on stream with the base file open. */
+		{&fname_stream, true, SMB2_OPLOCK_LEVEL_BATCH, SMB2_OPLOCK_LEVEL_BATCH},
+		{&fname_default_stream, true, SMB2_OPLOCK_LEVEL_BATCH, SMB2_OPLOCK_LEVEL_II},
+		{&fname_stream, true, SMB2_OPLOCK_LEVEL_EXCLUSIVE, SMB2_OPLOCK_LEVEL_EXCLUSIVE},
+		{&fname_default_stream, true,  SMB2_OPLOCK_LEVEL_EXCLUSIVE, SMB2_OPLOCK_LEVEL_II},
+	};
+
+	fname_stream = talloc_asprintf(tctx, "%s:%s", fname_base, stream);
+	fname_default_stream = talloc_asprintf(tctx, "%s%s", fname_base,
+					       default_stream);
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* Initialize handles to "closed".  Using -1 in the first 64-bytes
+	 * as the sentry for this */
+	h_stream.data[0] = -1;
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname_base);
+
+	tree1->session->transport->oplock.handler = torture_oplock_handler;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	tree2->session->transport->oplock.handler = torture_oplock_handler;
+	tree2->session->transport->oplock.private_data = tree2;
+
+	/* Setup generic open parameters. */
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = (SEC_FILE_READ_DATA |
+				     SEC_FILE_WRITE_DATA |
+				     SEC_FILE_APPEND_DATA |
+				     SEC_STD_READ_CONTROL);
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				  NTCREATEX_SHARE_ACCESS_WRITE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+
+	/* Create the file with a stream */
+	io.smb2.in.fname = fname_stream;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error creating file");
+	smb2_util_close(tree1, io.smb2.out.file.handle);
+
+	/* Change the disposition to open now that the file has been created. */
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+
+	/* Try some permutations of taking oplocks on streams. */
+	for (i = 0; i < NSTREAM_OPLOCK_RESULTS; i++) {
+		const char *fname = *stream_oplock_results[i].fname;
+		bool open_base_file = stream_oplock_results[i].open_base_file;
+		uint32_t oplock_req = stream_oplock_results[i].oplock_req;
+		uint32_t oplock_granted =
+		    stream_oplock_results[i].oplock_granted;
+
+		if (open_base_file) {
+			torture_comment(tctx, "Opening base file: %s with "
+			    "%d\n", fname_base, SMB2_OPLOCK_LEVEL_BATCH);
+			io.smb2.in.fname = fname_base;
+			io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+			io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+			status = smb2_create(tree2, tctx, &(io.smb2));
+			torture_assert_ntstatus_ok(tctx, status,
+			    "Error opening file");
+			CHECK_VAL(io.smb2.out.oplock_level,
+			    SMB2_OPLOCK_LEVEL_BATCH);
+			h_base = io.smb2.out.file.handle;
+		}
+
+		torture_comment(tctx, "%d: Opening stream: %s with %d\n", i,
+		    fname, oplock_req);
+		io.smb2.in.fname = fname;
+		io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+		io.smb2.in.oplock_level = oplock_req;
+
+		/* Do the open with the desired oplock on the stream. */
+		status = smb2_create(tree1, tctx, &(io.smb2));
+		torture_assert_ntstatus_ok(tctx, status, "Error opening file");
+		CHECK_VAL(io.smb2.out.oplock_level, oplock_granted);
+		smb2_util_close(tree1, io.smb2.out.file.handle);
+
+		/* Cleanup the base file if it was opened. */
+		if (open_base_file)
+			smb2_util_close(tree2, h_base);
+	}
+
+	/* Open the stream with an exclusive oplock. */
+	torture_comment(tctx, "Opening stream: %s with %d\n",
+	    fname_stream, SMB2_OPLOCK_LEVEL_EXCLUSIVE);
+	io.smb2.in.fname = fname_stream;
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_EXCLUSIVE;
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening file");
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_EXCLUSIVE);
+	h_stream = io.smb2.out.file.handle;
+
+	/* Open the base file and see if it contends. */
+	ZERO_STRUCT(break_info);
+	torture_comment(tctx, "Opening base file: %s with %d\n",
+	    fname_base, SMB2_OPLOCK_LEVEL_BATCH);
+	io.smb2.in.fname = fname_base;
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+	status = smb2_create(tree2, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening file");
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+	smb2_util_close(tree2, io.smb2.out.file.handle);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.failures, 0);
+
+	/* Open the stream again to see if it contends. */
+	ZERO_STRUCT(break_info);
+	torture_comment(tctx, "Opening stream again: %s with "
+	    "%d\n", fname_base, SMB2_OPLOCK_LEVEL_BATCH);
+	io.smb2.in.fname = fname_stream;
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_EXCLUSIVE;
+	status = smb2_create(tree2, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening file");
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_II);
+	smb2_util_close(tree2, io.smb2.out.file.handle);
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.level, OPLOCK_BREAK_TO_LEVEL_II);
+	CHECK_VAL(break_info.failures, 0);
+
+	/* Close the stream. */
+	if (h_stream.data[0] != -1) {
+		smb2_util_close(tree1, h_stream);
+	}
+
+	smb2_util_close(tree1, h);
+
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+static bool test_smb2_oplock_doc(struct torture_context *tctx, struct smb2_tree *tree,
+				 struct smb2_tree *tree2)
+{
+	const char *fname = BASEDIR "\\test_oplock_doc.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	struct smb2_handle h, h1;
+	union smb_setfileinfo sfinfo;
+
+	status = torture_smb2_testdir(tree, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+	smb2_util_close(tree, h);
+
+	/* cleanup */
+	smb2_util_unlink(tree, fname);
+	tree->session->transport->oplock.handler = torture_oplock_handler;
+	tree->session->transport->oplock.private_data = tree;
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	torture_comment(tctx, "open a file with a batch oplock\n");
+	ZERO_STRUCT(break_info);
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+
+	status = smb2_create(tree, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+	h1 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+	torture_comment(tctx, "Set delete on close\n");
+	ZERO_STRUCT(sfinfo);
+	sfinfo.generic.level = RAW_SFILEINFO_DISPOSITION_INFORMATION;
+	sfinfo.generic.in.file.handle = h1;
+	sfinfo.disposition_info.in.delete_on_close = 1;
+	status = smb2_setinfo_file(tree, &sfinfo);
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+
+	torture_comment(tctx, "2nd open should not break and get "
+			"DELETE_PENDING\n");
+	ZERO_STRUCT(break_info);
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.desired_access = SEC_FILE_READ_DATA;
+	status = smb2_create(tree2, tctx, &io.smb2);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_DELETE_PENDING,
+				      "Incorrect status");
+	CHECK_VAL(break_info.count, 0);
+
+	smb2_util_close(tree, h1);
+
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+/* Open a file with a batch oplock, then open it again from a second client
+ * requesting no oplock. Having two open file handles should break our own
+ * oplock during BRL acquisition.
+ */
+static bool test_smb2_oplock_brl1(struct torture_context *tctx,
+				struct smb2_tree *tree1,
+				struct smb2_tree *tree2)
+{
+	const char *fname = BASEDIR "\\test_batch_brl.dat";
+	/*int fname, f;*/
+	bool ret = true;
+	uint8_t buf[1000];
+	union smb_open io;
+	NTSTATUS status;
+	struct smb2_lock lck;
+	struct smb2_lock_element lock[1];
+	struct smb2_handle h, h1, h2;
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname);
+
+	tree1->session->transport->oplock.handler =
+	    torture_oplock_handler_two_notifications;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_READ |
+				    SEC_RIGHTS_FILE_WRITE;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				  NTCREATEX_SHARE_ACCESS_WRITE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	/*
+	  with a batch oplock we get a break
+	*/
+	torture_comment(tctx, "open with batch oplock\n");
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+	h1 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+	/* create a file with bogus data */
+	memset(buf, 0, sizeof(buf));
+
+	status = smb2_util_write(tree1, h1,buf, 0, sizeof(buf));
+	if (!NT_STATUS_EQUAL(status, NT_STATUS_OK)) {
+		torture_comment(tctx, "Failed to create file\n");
+		ret = false;
+		goto done;
+	}
+
+	torture_comment(tctx, "a 2nd open should give a break\n");
+	ZERO_STRUCT(break_info);
+
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = 0;
+	status = smb2_create(tree2, tctx, &(io.smb2));
+	h2 = io.smb2.out.file.handle;
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.level, SMB2_OPLOCK_LEVEL_II);
+	CHECK_VAL(break_info.failures, 0);
+	CHECK_VAL(break_info.handle.data[0], h1.data[0]);
+
+	ZERO_STRUCT(break_info);
+
+	torture_comment(tctx, "a self BRL acquisition should break to none\n");
+
+	ZERO_STRUCT(lock);
+
+	lock[0].offset = 0;
+	lock[0].length = 4;
+	lock[0].flags = SMB2_LOCK_FLAG_EXCLUSIVE |
+			SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+
+	ZERO_STRUCT(lck);
+	lck.in.file.handle = h1;
+	lck.in.locks = &lock[0];
+	lck.in.lock_count = 1;
+	status = smb2_lock(tree1, &lck);
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.level, SMB2_OPLOCK_LEVEL_NONE);
+	CHECK_VAL(break_info.handle.data[0], h1.data[0]);
+	CHECK_VAL(break_info.failures, 0);
+
+	/* expect no oplock break */
+	ZERO_STRUCT(break_info);
+	lock[0].offset = 2;
+	status = smb2_lock(tree1, &lck);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_LOCK_NOT_GRANTED,
+				      "Incorrect status");
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.level, 0);
+	CHECK_VAL(break_info.failures, 0);
+
+	smb2_util_close(tree1, h1);
+	smb2_util_close(tree2, h2);
+	smb2_util_close(tree1, h);
+
+done:
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+
+}
+
+/* Open a file with a batch oplock on one tree and then acquire a brl.
+ * We should not contend our own oplock.
+ */
+static bool test_smb2_oplock_brl2(struct torture_context *tctx, struct smb2_tree *tree1)
+{
+	const char *fname = BASEDIR "\\test_batch_brl.dat";
+	/*int fname, f;*/
+	bool ret = true;
+	uint8_t buf[1000];
+	union smb_open io;
+	NTSTATUS status;
+	struct smb2_handle h, h1;
+	struct smb2_lock lck;
+	struct smb2_lock_element lock[1];
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname);
+
+	tree1->session->transport->oplock.handler = torture_oplock_handler;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_READ |
+				    SEC_RIGHTS_FILE_WRITE;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				  NTCREATEX_SHARE_ACCESS_WRITE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	/*
+	  with a batch oplock we get a break
+	*/
+	torture_comment(tctx, "open with batch oplock\n");
+	ZERO_STRUCT(break_info);
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+	h1 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+	/* create a file with bogus data */
+	memset(buf, 0, sizeof(buf));
+
+	status = smb2_util_write(tree1, h1, buf, 0, sizeof(buf));
+	if (!NT_STATUS_EQUAL(status, NT_STATUS_OK)) {
+		torture_comment(tctx, "Failed to create file\n");
+		ret = false;
+		goto done;
+	}
+
+	ZERO_STRUCT(break_info);
+
+	torture_comment(tctx, "a self BRL acquisition should not break to "
+			"none\n");
+
+	ZERO_STRUCT(lock);
+
+	lock[0].offset = 0;
+	lock[0].length = 4;
+	lock[0].flags = SMB2_LOCK_FLAG_EXCLUSIVE |
+			SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+
+	ZERO_STRUCT(lck);
+	lck.in.file.handle = h1;
+	lck.in.locks = &lock[0];
+	lck.in.lock_count = 1;
+	status = smb2_lock(tree1, &lck);
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+
+	lock[0].offset = 2;
+	status = smb2_lock(tree1, &lck);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_LOCK_NOT_GRANTED,
+				      "Incorrect status");
+
+	/* With one file handle open a BRL should not contend our oplock.
+	 * Thus, no oplock break will be received and the entire break_info
+	 * struct will be 0 */
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.level, 0);
+	CHECK_VAL(break_info.failures, 0);
+
+	smb2_util_close(tree1, h1);
+	smb2_util_close(tree1, h);
+
+done:
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+/* Open a file with a batch oplock twice from one tree and then acquire a
+ * brl. BRL acquisition should break our own oplock.
+ */
+static bool test_smb2_oplock_brl3(struct torture_context *tctx, struct smb2_tree *tree1)
+{
+	const char *fname = BASEDIR "\\test_batch_brl.dat";
+	bool ret = true;
+	uint8_t buf[1000];
+	union smb_open io;
+	NTSTATUS status;
+	struct smb2_handle h, h1, h2;
+	struct smb2_lock lck;
+	struct smb2_lock_element lock[1];
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname);
+	tree1->session->transport->oplock.handler =
+	    torture_oplock_handler_two_notifications;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_READ |
+				    SEC_RIGHTS_FILE_WRITE;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				  NTCREATEX_SHARE_ACCESS_WRITE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	/*
+	  with a batch oplock we get a break
+	*/
+	torture_comment(tctx, "open with batch oplock\n");
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+	h1 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+	/* create a file with bogus data */
+	memset(buf, 0, sizeof(buf));
+	status = smb2_util_write(tree1, h1, buf, 0, sizeof(buf));
+
+	if (!NT_STATUS_EQUAL(status, NT_STATUS_OK)) {
+		torture_comment(tctx, "Failed to create file\n");
+		ret = false;
+		goto done;
+	}
+
+	torture_comment(tctx, "a 2nd open should give a break\n");
+	ZERO_STRUCT(break_info);
+
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = 0;
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	h2 = io.smb2.out.file.handle;
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.level, SMB2_OPLOCK_LEVEL_II);
+	CHECK_VAL(break_info.failures, 0);
+	CHECK_VAL(break_info.handle.data[0], h1.data[0]);
+
+	ZERO_STRUCT(break_info);
+
+	torture_comment(tctx, "a self BRL acquisition should break to none\n");
+
+	ZERO_STRUCT(lock);
+
+	lock[0].offset = 0;
+	lock[0].length = 4;
+	lock[0].flags = SMB2_LOCK_FLAG_EXCLUSIVE |
+			SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+
+	ZERO_STRUCT(lck);
+	lck.in.file.handle = h1;
+	lck.in.locks = &lock[0];
+	lck.in.lock_count = 1;
+	status = smb2_lock(tree1, &lck);
+	torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.level, SMB2_OPLOCK_LEVEL_NONE);
+	CHECK_VAL(break_info.handle.data[0], h1.data[0]);
+	CHECK_VAL(break_info.failures, 0);
+
+	/* expect no oplock break */
+	ZERO_STRUCT(break_info);
+	lock[0].offset = 2;
+	status = smb2_lock(tree1, &lck);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_LOCK_NOT_GRANTED,
+				      "Incorrect status");
+
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.level, 0);
+	CHECK_VAL(break_info.failures, 0);
+
+	smb2_util_close(tree1, h1);
+	smb2_util_close(tree1, h2);
+	smb2_util_close(tree1, h);
+
+done:
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+
+}
+
+/* Starting the SMB2 specific oplock tests at 500 so we can keep the SMB1
+ * tests in sync with an identically numbered SMB2 test */
+
+/* Test whether the server correctly returns an error when we send
+ * a response to a levelII to none oplock notification. */
+static bool test_smb2_oplock_levelII500(struct torture_context *tctx,
+				      struct smb2_tree *tree1)
+{
+	const char *fname = BASEDIR "\\test_levelII500.dat";
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+	struct smb2_handle h, h1;
+	char c = 0;
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname);
+
+	tree1->session->transport->oplock.handler = torture_oplock_handler;
+	tree1->session->transport->oplock.private_data = tree1;
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	torture_comment(tctx, "LEVELII500: acknowledging a break from II to "
+			"none should return an error\n");
+	ZERO_STRUCT(break_info);
+
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_READ |
+				SEC_RIGHTS_FILE_WRITE;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE;
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_II;
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+	h1 = io.smb2.out.file.handle;
+	CHECK_VAL(io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_II);
+
+	ZERO_STRUCT(break_info);
+
+	torture_comment(tctx, "write should trigger a break to none and when "
+			"we reply, an oplock break failure\n");
+	smb2_util_write(tree1, h1, &c, 0, 1);
+
+	/* Wait several times to receive both the break notification, and the
+	 * NT_STATUS_INVALID_OPLOCK_PROTOCOL error in the break response */
+	torture_wait_for_oplock_break(tctx);
+	torture_wait_for_oplock_break(tctx);
+	torture_wait_for_oplock_break(tctx);
+	torture_wait_for_oplock_break(tctx);
+
+	/* There appears to be a race condition in W2K8 and W2K8R2 where
+	 * sometimes the server will happily reply to our break response with
+	 * NT_STATUS_OK, and sometimes it will return the OPLOCK_PROTOCOL
+	 * error.  As the MS-SMB2 doc states that a client should not reply to
+	 * a level2 to none break notification, I'm leaving the protocol error
+	 * as the expected behavior. */
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.level, 0);
+	CHECK_VAL(break_info.failures, 1);
+	torture_assert_ntstatus_equal(tctx, break_info.failure_status,
+				      NT_STATUS_INVALID_OPLOCK_PROTOCOL,
+				      "Incorrect status");
+
+	smb2_util_close(tree1, h1);
+	smb2_util_close(tree1, h);
+
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+/*
+ * Test a double-break. Open a file with exclusive. Send off a second open
+ * request with OPEN_IF, triggering a break to level2. This should respond
+ * with level2. Before replying to the break to level2, fire off a third open
+ * with OVERWRITE_IF. The expected sequence would be that the 3rd opener gets
+ * a level2 immediately triggered by a break to none, but that seems not the
+ * case. Still investigating what the right behaviour should be.
+ */
+
+struct levelII501_state {
+	struct torture_context *tctx;
+	struct smb2_tree *tree1;
+	struct smb2_tree *tree2;
+	struct smb2_tree *tree3;
+	struct smb2_handle h;
+	struct smb2_handle h1;
+	union smb_open io;
+
+	struct smb2_handle break_handle;
+	uint8_t break_to;
+	struct smb2_break br;
+
+	bool done;
+};
+
+static bool torture_oplock_break_delay(struct smb2_transport *transport,
+				       const struct smb2_handle *handle,
+				       uint8_t level, void *private_data);
+static void levelII501_break_done(struct smb2_request *req);
+static void levelII501_open1_done(struct smb2_request *req);
+static void levelII501_open2_done(struct smb2_request *req);
+static void levelII501_2ndopen_cb(struct tevent_context *ev,
+				  struct tevent_timer *te,
+				  struct timeval current_time,
+				  void *private_data);
+static void levelII501_break_timeout_cb(struct tevent_context *ev,
+					struct tevent_timer *te,
+					struct timeval current_time,
+					void *private_data);
+static void levelII501_timeout_cb(struct tevent_context *ev,
+				  struct tevent_timer *te,
+				  struct timeval current_time,
+				  void *private_data);
+
+static bool test_smb2_oplock_levelII501(struct torture_context *tctx,
+					struct smb2_tree *tree1,
+					struct smb2_tree *tree2)
+{
+	const char *fname = BASEDIR "\\test_levelII501.dat";
+	NTSTATUS status;
+	bool ret = true;
+	struct levelII501_state *state;
+	struct smb2_request *req;
+	struct tevent_timer *te;
+
+	state = talloc(tctx, struct levelII501_state);
+	state->tctx = tctx;
+	state->done = false;
+	state->tree1 = tree1;
+	state->tree2 = tree2;
+
+	if (!torture_smb2_connection(tctx, &state->tree3)) {
+		torture_fail(tctx, "Establishing SMB2 connection failed\n");
+		return false;
+	}
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &state->h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname);
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(state->io.smb2);
+	state->io.generic.level = RAW_OPEN_SMB2;
+	state->io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	state->io.smb2.in.alloc_size = 0;
+	state->io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	state->io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	state->io.smb2.in.create_options = 0;
+	state->io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	state->io.smb2.in.security_flags = 0;
+	state->io.smb2.in.fname = fname;
+
+	torture_comment(tctx, "LEVELII501: Test double break sequence\n");
+	ZERO_STRUCT(break_info);
+
+	state->io.smb2.in.desired_access = SEC_RIGHTS_FILE_READ |
+				SEC_RIGHTS_FILE_WRITE;
+	state->io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE;
+	state->io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	state->io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_EXCLUSIVE;
+
+	tree1->session->transport->oplock.handler = torture_oplock_break_delay;
+	tree1->session->transport->oplock.private_data = state;
+
+	status = smb2_create(tree1, tctx, &(state->io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+	state->h1 = state->io.smb2.out.file.handle;
+	CHECK_VAL(state->io.smb2.out.oplock_level, SMB2_OPLOCK_LEVEL_EXCLUSIVE);
+
+	/*
+	 * Trigger a break to level2
+	 */
+
+	req = smb2_create_send(tree2, &state->io.smb2);
+	req->async.fn = levelII501_open1_done;
+	req->async.private_data = state;
+
+	te = tevent_add_timer(
+		tctx->ev, tctx, tevent_timeval_current_ofs(0, 200000),
+		levelII501_2ndopen_cb, state);
+	torture_assert(tctx, te != NULL, "tevent_add_timer failed\n");
+
+	te = tevent_add_timer(
+		tctx->ev, tctx, tevent_timeval_current_ofs(2, 0),
+		levelII501_timeout_cb, state);
+	torture_assert(tctx, te != NULL, "tevent_add_timer failed\n");
+
+	while (!state->done) {
+		if (tevent_loop_once(tctx->ev) != 0) {
+			torture_comment(tctx, "tevent_loop_once failed\n");
+		}
+	}
+
+	return ret;
+}
+
+/*
+ * Fire off a second open after a little timeout
+ */
+
+static void levelII501_2ndopen_cb(struct tevent_context *ev,
+				  struct tevent_timer *te,
+				  struct timeval current_time,
+				  void *private_data)
+{
+	struct levelII501_state *state = talloc_get_type_abort(
+		private_data, struct levelII501_state);
+	struct smb2_request *req;
+
+	state->io.smb2.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+	req = smb2_create_send(state->tree3, &state->io.smb2);
+	req->async.fn = levelII501_open2_done;
+	req->async.private_data = state;
+}
+
+/*
+ * Postpone the break response by 500 msec
+ */
+static bool torture_oplock_break_delay(struct smb2_transport *transport,
+				       const struct smb2_handle *handle,
+				       uint8_t level, void *private_data)
+{
+	struct levelII501_state *state = talloc_get_type_abort(
+		private_data, struct levelII501_state);
+	const char *name;
+	struct tevent_timer *te;
+
+	break_info.handle	= *handle;
+	break_info.level	= level;
+	break_info.count++;
+
+	state->break_handle = *handle;
+	state->break_to = level;
+
+	switch(level) {
+	case SMB2_OPLOCK_LEVEL_II:
+		name = "level II";
+		break;
+	case SMB2_OPLOCK_LEVEL_NONE:
+		name = "none";
+		break;
+	default:
+		name = "unknown";
+		break;
+	}
+	printf("Got break to %s [0x%02X] in oplock handler, postponing "
+	       "break response for 500msec\n", name, level);
+
+	te = tevent_add_timer(
+		state->tctx->ev, state->tctx,
+		tevent_timeval_current_ofs(0, 500000),
+		levelII501_break_timeout_cb, state);
+	torture_assert(state->tctx, te != NULL, "tevent_add_timer failed\n");
+
+	return true;
+}
+
+static void levelII501_break_timeout_cb(struct tevent_context *ev,
+					struct tevent_timer *te,
+					struct timeval current_time,
+					void *private_data)
+{
+	struct levelII501_state *state = talloc_get_type_abort(
+		private_data, struct levelII501_state);
+	struct smb2_request *req;
+
+	talloc_free(te);
+
+	ZERO_STRUCT(state->br);
+	state->br.in.file.handle = state->break_handle;
+	state->br.in.oplock_level = state->break_to;
+
+	req = smb2_break_send(state->tree1, &state->br);
+	req->async.fn = levelII501_break_done;
+	req->async.private_data = state;
+}
+
+static void levelII501_break_done(struct smb2_request *req)
+{
+	struct smb2_break io;
+	NTSTATUS status;
+
+	status = smb2_break_recv(req, &io);
+	printf("break done: %s\n", nt_errstr(status));
+}
+
+static void levelII501_open1_done(struct smb2_request *req)
+{
+	struct levelII501_state *state = talloc_get_type_abort(
+		req->async.private_data, struct levelII501_state);
+	struct smb2_create io;
+	NTSTATUS status;
+
+	status = smb2_create_recv(req, state, &io);
+	printf("open1 done: %s\n", nt_errstr(status));
+}
+
+static void levelII501_open2_done(struct smb2_request *req)
+{
+	struct levelII501_state *state = talloc_get_type_abort(
+		req->async.private_data, struct levelII501_state);
+	struct smb2_create io;
+	NTSTATUS status;
+
+	status = smb2_create_recv(req, state, &io);
+	printf("open2 done: %s\n", nt_errstr(status));
+}
+
+static void levelII501_timeout_cb(struct tevent_context *ev,
+				  struct tevent_timer *te,
+				  struct timeval current_time,
+				  void *private_data)
+{
+	struct levelII501_state *state = talloc_get_type_abort(
+		private_data, struct levelII501_state);
+	talloc_free(te);
+	state->done = true;
+}
+
+static bool test_smb2_oplock_levelII502(struct torture_context *tctx,
+					struct smb2_tree *tree1,
+					struct smb2_tree *tree2)
+
+{
+	const char *fname = BASEDIR "\\test_levelII502.dat";
+	NTSTATUS status;
+	union smb_open io;
+	struct smb2_close closeio;
+	struct smb2_handle h;
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	/* cleanup */
+	smb2_util_unlink(tree1, fname);
+
+	/*
+	  base ntcreatex parms
+	*/
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	torture_comment(
+		tctx,
+		"LEVELII502: Open a stale LEVEL2 oplock with OVERWRITE");
+
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_READ |
+				SEC_RIGHTS_FILE_WRITE;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE;
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_II;
+	status = smb2_create(tree1, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+	torture_assert(tctx,
+		       io.smb2.out.oplock_level==SMB2_OPLOCK_LEVEL_II,
+		       "Did not get LEVEL_II oplock\n");
+
+	status = smbXcli_conn_samba_suicide(
+		tree1->session->transport->conn, 93);
+	torture_assert_ntstatus_ok(tctx, status, "suicide failed");
+
+	sleep(1);
+
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OVERWRITE;
+
+	status = smb2_create(tree2, tctx, &(io.smb2));
+	torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+	torture_assert(tctx,
+		       io.smb2.out.oplock_level==SMB2_OPLOCK_LEVEL_BATCH,
+		       "Did not get BATCH oplock\n");
+
+	closeio = (struct smb2_close) {
+		.in.file.handle = io.smb2.out.file.handle,
+	};
+	status = smb2_close(tree2, &closeio);
+	torture_assert_ntstatus_equal(
+		tctx, status, NT_STATUS_OK, "close failed");
+
+	return true;
+}
+
+static bool test_oplock_statopen1_do(struct torture_context *tctx,
+				     struct smb2_tree *tree,
+				     uint32_t access_mask,
+				     bool expect_stat_open)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create cr;
+	struct smb2_handle h1 = {{0}};
+	struct smb2_handle h2 = {{0}};
+	NTSTATUS status;
+	const char *fname = "oplock_statopen1.dat";
+	bool ret = true;
+
+	/* Open file with exclusive oplock. */
+	cr = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_ALL,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.create_disposition = NTCREATEX_DISP_OPEN_IF,
+		.in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION,
+		.in.fname = fname,
+		.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH,
+	};
+	status = smb2_create(tree, mem_ctx, &cr);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	h1 = cr.out.file.handle;
+	CHECK_VAL(cr.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+
+	/* Stat open */
+	cr = (struct smb2_create) {
+		.in.desired_access = access_mask,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION,
+		.in.fname = fname,
+	};
+	status = smb2_create(tree, mem_ctx, &cr);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	h2 = cr.out.file.handle;
+
+	if (expect_stat_open) {
+		torture_wait_for_oplock_break(tctx);
+		CHECK_VAL(break_info.count, 0);
+		CHECK_VAL(break_info.level, 0);
+		CHECK_VAL(break_info.failures, 0);
+		if (!ret) {
+			goto done;
+		}
+	} else {
+		CHECK_VAL(break_info.count, 1);
+	}
+
+done:
+	if (!smb2_util_handle_empty(h2)) {
+		smb2_util_close(tree, h2);
+	}
+	if (!smb2_util_handle_empty(h1)) {
+		smb2_util_close(tree, h1);
+	}
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool test_smb2_oplock_statopen1(struct torture_context *tctx,
+				       struct smb2_tree *tree)
+{
+	const char *fname = "oplock_statopen1.dat";
+	size_t i;
+	bool ret = true;
+	struct {
+		uint32_t access_mask;
+		bool expect_stat_open;
+	} tests[] = {
+		{
+			.access_mask = FILE_READ_DATA,
+			.expect_stat_open = false,
+		},
+		{
+			.access_mask = FILE_WRITE_DATA,
+			.expect_stat_open = false,
+		},
+		{
+			.access_mask = FILE_READ_EA,
+			.expect_stat_open = false,
+		},
+		{
+			.access_mask = FILE_WRITE_EA,
+			.expect_stat_open = false,
+		},
+		{
+			.access_mask = FILE_EXECUTE,
+			.expect_stat_open = false,
+		},
+		{
+			.access_mask = FILE_READ_ATTRIBUTES,
+			.expect_stat_open = true,
+		},
+		{
+			.access_mask = FILE_WRITE_ATTRIBUTES,
+			.expect_stat_open = true,
+		},
+		{
+			.access_mask = DELETE_ACCESS,
+			.expect_stat_open = false,
+		},
+		{
+			.access_mask = READ_CONTROL_ACCESS,
+			.expect_stat_open = false,
+		},
+		{
+			.access_mask = WRITE_DAC_ACCESS,
+			.expect_stat_open = false,
+		},
+		{
+			.access_mask = WRITE_OWNER_ACCESS,
+			.expect_stat_open = false,
+		},
+		{
+			.access_mask = SYNCHRONIZE_ACCESS,
+			.expect_stat_open = true,
+		},
+	};
+
+	tree->session->transport->oplock.handler = torture_oplock_handler;
+	tree->session->transport->oplock.private_data = tree;
+
+	for (i = 0; i < ARRAY_SIZE(tests); i++) {
+		ZERO_STRUCT(break_info);
+
+		ret = test_oplock_statopen1_do(tctx,
+					       tree,
+					       tests[i].access_mask,
+					       tests[i].expect_stat_open);
+		if (ret == true) {
+			continue;
+		}
+		torture_result(tctx, TORTURE_FAIL,
+			       "test %zu: access_mask: %s, "
+			       "expect_stat_open: %s\n",
+			       i,
+			       get_sec_mask_str(tree, tests[i].access_mask),
+			       tests[i].expect_stat_open ? "yes" : "no");
+		goto done;
+	}
+
+done:
+	smb2_util_unlink(tree, fname);
+	return ret;
+}
+
+struct torture_suite *torture_smb2_oplocks_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite =
+	    torture_suite_create(ctx, "oplock");
+
+	torture_suite_add_2smb2_test(suite, "exclusive1", test_smb2_oplock_exclusive1);
+	torture_suite_add_2smb2_test(suite, "exclusive2", test_smb2_oplock_exclusive2);
+	torture_suite_add_2smb2_test(suite, "exclusive3", test_smb2_oplock_exclusive3);
+	torture_suite_add_2smb2_test(suite, "exclusive4", test_smb2_oplock_exclusive4);
+	torture_suite_add_2smb2_test(suite, "exclusive5", test_smb2_oplock_exclusive5);
+	torture_suite_add_2smb2_test(suite, "exclusive6", test_smb2_oplock_exclusive6);
+	torture_suite_add_2smb2_test(suite, "exclusive9",
+				     test_smb2_oplock_exclusive9);
+	torture_suite_add_2smb2_test(suite, "batch1", test_smb2_oplock_batch1);
+	torture_suite_add_2smb2_test(suite, "batch2", test_smb2_oplock_batch2);
+	torture_suite_add_2smb2_test(suite, "batch3", test_smb2_oplock_batch3);
+	torture_suite_add_2smb2_test(suite, "batch4", test_smb2_oplock_batch4);
+	torture_suite_add_2smb2_test(suite, "batch5", test_smb2_oplock_batch5);
+	torture_suite_add_2smb2_test(suite, "batch6", test_smb2_oplock_batch6);
+	torture_suite_add_2smb2_test(suite, "batch7", test_smb2_oplock_batch7);
+	torture_suite_add_2smb2_test(suite, "batch8", test_smb2_oplock_batch8);
+	torture_suite_add_2smb2_test(suite, "batch9", test_smb2_oplock_batch9);
+	torture_suite_add_2smb2_test(suite, "batch9a", test_smb2_oplock_batch9a);
+	torture_suite_add_2smb2_test(suite, "batch10", test_smb2_oplock_batch10);
+	torture_suite_add_2smb2_test(suite, "batch11", test_smb2_oplock_batch11);
+	torture_suite_add_2smb2_test(suite, "batch12", test_smb2_oplock_batch12);
+	torture_suite_add_2smb2_test(suite, "batch13", test_smb2_oplock_batch13);
+	torture_suite_add_2smb2_test(suite, "batch14", test_smb2_oplock_batch14);
+	torture_suite_add_2smb2_test(suite, "batch15", test_smb2_oplock_batch15);
+	torture_suite_add_2smb2_test(suite, "batch16", test_smb2_oplock_batch16);
+	torture_suite_add_1smb2_test(suite, "batch19", test_smb2_oplock_batch19);
+	torture_suite_add_2smb2_test(suite, "batch20", test_smb2_oplock_batch20);
+	torture_suite_add_1smb2_test(suite, "batch21", test_smb2_oplock_batch21);
+	torture_suite_add_1smb2_test(suite, "batch22a", test_smb2_oplock_batch22a);
+	torture_suite_add_2smb2_test(suite, "batch22b", test_smb2_oplock_batch22b);
+	torture_suite_add_2smb2_test(suite, "batch23", test_smb2_oplock_batch23);
+	torture_suite_add_2smb2_test(suite, "batch24", test_smb2_oplock_batch24);
+	torture_suite_add_1smb2_test(suite, "batch25", test_smb2_oplock_batch25);
+	torture_suite_add_1smb2_test(suite, "batch26", test_smb2_oplock_batch26);
+	torture_suite_add_2smb2_test(suite, "stream1", test_raw_oplock_stream1);
+	torture_suite_add_2smb2_test(suite, "doc", test_smb2_oplock_doc);
+	torture_suite_add_2smb2_test(suite, "brl1", test_smb2_oplock_brl1);
+	torture_suite_add_1smb2_test(suite, "brl2", test_smb2_oplock_brl2);
+	torture_suite_add_1smb2_test(suite, "brl3", test_smb2_oplock_brl3);
+	torture_suite_add_1smb2_test(suite, "levelii500", test_smb2_oplock_levelII500);
+	torture_suite_add_2smb2_test(suite, "levelii501",
+				     test_smb2_oplock_levelII501);
+	torture_suite_add_2smb2_test(suite, "levelii502",
+				     test_smb2_oplock_levelII502);
+	torture_suite_add_1smb2_test(suite, "statopen1", test_smb2_oplock_statopen1);
+	suite->description = talloc_strdup(suite, "SMB2-OPLOCK tests");
+
+	return suite;
+}
+
+/*
+   stress testing of oplocks
+*/
+bool test_smb2_bench_oplock(struct torture_context *tctx,
+				   struct smb2_tree *tree)
+{
+	struct smb2_tree **trees;
+	bool ret = true;
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	int torture_nprocs = torture_setting_int(tctx, "nprocs", 4);
+	int i, count=0;
+	int timelimit = torture_setting_int(tctx, "timelimit", 10);
+	union smb_open io;
+	struct timeval tv;
+	struct smb2_handle h;
+
+	trees = talloc_array(mem_ctx, struct smb2_tree *, torture_nprocs);
+
+	torture_comment(tctx, "Opening %d connections\n", torture_nprocs);
+	for (i=0;i<torture_nprocs;i++) {
+		if (!torture_smb2_connection(tctx, &trees[i])) {
+			return false;
+		}
+		talloc_steal(mem_ctx, trees[i]);
+		trees[i]->session->transport->oplock.handler =
+					torture_oplock_handler_close;
+		trees[i]->session->transport->oplock.private_data = trees[i];
+	}
+
+	status = torture_smb2_testdir(trees[0], BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	ZERO_STRUCT(io.smb2);
+	io.smb2.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR "\\test.dat";
+	io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+
+	tv = timeval_current();
+
+	/*
+	  we open the same file with SHARE_ACCESS_NONE from all the
+	  connections in a round robin fashion. Each open causes an
+	  oplock break on the previous connection, which is answered
+	  by the oplock_handler_close() to close the file.
+
+	  This measures how fast we can pass on oplocks, and stresses
+	  the oplock handling code
+	*/
+	torture_comment(tctx, "Running for %d seconds\n", timelimit);
+	while (timeval_elapsed(&tv) < timelimit) {
+		for (i=0;i<torture_nprocs;i++) {
+			status = smb2_create(trees[i], mem_ctx, &(io.smb2));
+			torture_assert_ntstatus_ok(tctx, status, "Incorrect status");
+			count++;
+		}
+
+		if (torture_setting_bool(tctx, "progress", true)) {
+			torture_comment(tctx, "%.2f ops/second\r",
+					count/timeval_elapsed(&tv));
+		}
+	}
+
+	torture_comment(tctx, "%.2f ops/second\n", count/timeval_elapsed(&tv));
+	smb2_util_close(trees[0], io.smb2.out.file.handle);
+	smb2_util_unlink(trees[0], BASEDIR "\\test.dat");
+	smb2_deltree(trees[0], BASEDIR);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static struct hold_oplock_info {
+	const char *fname;
+	bool close_on_break;
+	uint32_t share_access;
+	struct smb2_handle handle;
+} hold_info[] = {
+	{
+		.fname          = BASEDIR "\\notshared_close",
+		.close_on_break = true,
+		.share_access   = NTCREATEX_SHARE_ACCESS_NONE,
+	},
+	{
+		.fname          = BASEDIR "\\notshared_noclose",
+		.close_on_break = false,
+		.share_access   = NTCREATEX_SHARE_ACCESS_NONE,
+	},
+	{
+		.fname          = BASEDIR "\\shared_close",
+		.close_on_break = true,
+		.share_access   = NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE,
+	},
+	{
+		.fname          = BASEDIR "\\shared_noclose",
+		.close_on_break = false,
+		.share_access   = NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE,
+	},
+};
+
+static bool torture_oplock_handler_hold(struct smb2_transport *transport,
+					const struct smb2_handle *handle,
+					uint8_t level, void *private_data)
+{
+	struct hold_oplock_info *info;
+	int i;
+
+	for (i=0;i<ARRAY_SIZE(hold_info);i++) {
+		if (smb2_util_handle_equal(hold_info[i].handle, *handle))
+			break;
+	}
+
+	if (i == ARRAY_SIZE(hold_info)) {
+		printf("oplock break for unknown handle 0x%llx%llx\n",
+		       (unsigned long long) handle->data[0],
+		       (unsigned long long) handle->data[1]);
+		return false;
+	}
+
+	info = &hold_info[i];
+
+	if (info->close_on_break) {
+		printf("oplock break on %s - closing\n", info->fname);
+		torture_oplock_handler_close(transport, handle,
+					     level, private_data);
+		return true;
+	}
+
+	printf("oplock break on %s - acking break\n", info->fname);
+	printf("Acking to none in oplock handler\n");
+
+	torture_oplock_handler_ack_to_none(transport, handle,
+					   level, private_data);
+	return true;
+}
+
+/*
+   used for manual testing of oplocks - especially interaction with
+   other filesystems (such as NFS and local access)
+*/
+bool test_smb2_hold_oplock(struct torture_context *tctx,
+			   struct smb2_tree *tree)
+{
+	struct torture_context *mem_ctx = talloc_new(tctx);
+	struct tevent_context *ev = tctx->ev;
+	int i;
+	struct smb2_handle h;
+	NTSTATUS status;
+
+	torture_comment(tctx, "Setting up open files with oplocks in %s\n",
+			BASEDIR);
+
+	status = torture_smb2_testdir(tree, BASEDIR, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+	tree->session->transport->oplock.handler = torture_oplock_handler_hold;
+	tree->session->transport->oplock.private_data = tree;
+
+	/* setup the files */
+	for (i=0;i<ARRAY_SIZE(hold_info);i++) {
+		union smb_open io;
+		char c = 1;
+
+		ZERO_STRUCT(io.smb2);
+		io.generic.level = RAW_OPEN_SMB2;
+		io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+		io.smb2.in.alloc_size = 0;
+		io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+		io.smb2.in.share_access = hold_info[i].share_access;
+		io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+		io.smb2.in.create_options = 0;
+		io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+		io.smb2.in.security_flags = 0;
+		io.smb2.in.fname = hold_info[i].fname;
+		io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+		io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+
+		torture_comment(tctx, "opening %s\n", hold_info[i].fname);
+
+		status = smb2_create(tree, mem_ctx, &(io.smb2));
+		if (!NT_STATUS_IS_OK(status)) {
+			torture_comment(tctx, "Failed to open %s - %s\n",
+			       hold_info[i].fname, nt_errstr(status));
+			return false;
+		}
+
+		if (io.smb2.out.oplock_level != SMB2_OPLOCK_LEVEL_BATCH) {
+			torture_comment(tctx, "Oplock not granted for %s - "
+					"expected %d but got %d\n",
+					hold_info[i].fname,
+					SMB2_OPLOCK_LEVEL_BATCH,
+					io.smb2.out.oplock_level);
+			return false;
+		}
+		hold_info[i].handle = io.smb2.out.file.handle;
+
+		/* make the file non-zero size */
+		status = smb2_util_write(tree, hold_info[i].handle, &c, 0, 1);
+		if (!NT_STATUS_EQUAL(status, NT_STATUS_OK)) {
+			torture_comment(tctx, "Failed to write to file\n");
+			return false;
+		}
+	}
+
+	torture_comment(tctx, "Waiting for oplock events\n");
+	tevent_loop_wait(ev);
+	smb2_deltree(tree, BASEDIR);
+	talloc_free(mem_ctx);
+	return true;
+}
+
+
+static bool test_smb2_kernel_oplocks1(struct torture_context *tctx,
+				      struct smb2_tree *tree)
+{
+	const char *fname = "test_kernel_oplock1.dat";
+	NTSTATUS status;
+	bool ret = true;
+	struct smb2_create create;
+	struct smb2_handle h1 = {{0}}, h2 = {{0}};
+
+	smb2_util_unlink(tree, fname);
+
+	tree->session->transport->oplock.handler = torture_oplock_handler;
+	tree->session->transport->oplock.private_data = tree;
+	ZERO_STRUCT(break_info);
+
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	create.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	create.in.fname = fname;
+	create.in.oplock_level = SMB2_OPLOCK_LEVEL_EXCLUSIVE;
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "Error opening the file\n");
+	h1 = create.out.file.handle;
+
+	torture_assert_goto(tctx, create.out.oplock_level == SMB2_OPLOCK_LEVEL_EXCLUSIVE, ret, done,
+			    "Oplock level is not SMB2_OPLOCK_LEVEL_EXCLUSIVE\n");
+
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	create.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	create.in.fname = fname;
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_SHARING_VIOLATION, ret, done,
+					   "Open didn't return NT_STATUS_SHARING_VIOLATION\n");
+	h2 = create.out.file.handle;
+
+	torture_wait_for_oplock_break(tctx);
+	if (break_info.count != 0) {
+		torture_warning(tctx, "Open caused oplock break\n");
+	}
+
+	smb2_util_close(tree, h1);
+	smb2_util_close(tree, h2);
+
+done:
+	if (!smb2_util_handle_empty(h1)) {
+		smb2_util_close(tree, h1);
+	}
+	if (!smb2_util_handle_empty(h2)) {
+		smb2_util_close(tree, h2);
+	}
+	smb2_util_unlink(tree, fname);
+	return ret;
+}
+
+static bool test_smb2_kernel_oplocks2(struct torture_context *tctx,
+				      struct smb2_tree *tree)
+{
+	const char *fname = "test_kernel_oplock2.dat";
+	const char *sname = "test_kernel_oplock2.dat:foo";
+	NTSTATUS status;
+	bool ret = true;
+	struct smb2_create create;
+	struct smb2_handle h1 = {{0}}, h2 = {{0}};
+
+	smb2_util_unlink(tree, fname);
+
+	tree->session->transport->oplock.handler = torture_oplock_handler;
+	tree->session->transport->oplock.private_data = tree;
+	ZERO_STRUCT(break_info);
+
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	create.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	create.in.fname = fname;
+	create.in.oplock_level = SMB2_OPLOCK_LEVEL_EXCLUSIVE;
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "Error opening the file\n");
+	h1 = create.out.file.handle;
+
+	torture_assert_goto(tctx, create.out.oplock_level == SMB2_OPLOCK_LEVEL_EXCLUSIVE, ret, done,
+			    "Oplock level is not SMB2_OPLOCK_LEVEL_EXCLUSIVE\n");
+
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	create.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	create.in.fname = sname;
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "Error opening the file\n");
+	h2 = create.out.file.handle;
+
+	torture_wait_for_oplock_break(tctx);
+	if (break_info.count != 0) {
+		torture_warning(tctx, "Stream open caused oplock break\n");
+	}
+
+	smb2_util_close(tree, h1);
+	smb2_util_close(tree, h2);
+
+done:
+	if (!smb2_util_handle_empty(h1)) {
+		smb2_util_close(tree, h1);
+	}
+	if (!smb2_util_handle_empty(h2)) {
+		smb2_util_close(tree, h2);
+	}
+	smb2_util_unlink(tree, fname);
+	return ret;
+}
+
+/**
+ * 1. 1st client opens file with oplock
+ * 2. 2nd client opens file
+ *
+ * Verify 2 triggers an oplock break
+ **/
+static bool test_smb2_kernel_oplocks3(struct torture_context *tctx,
+				      struct smb2_tree *tree,
+				      struct smb2_tree *tree2)
+{
+	const char *fname = "test_kernel_oplock3.dat";
+	NTSTATUS status;
+	bool ret = true;
+	struct smb2_create create;
+	struct smb2_handle h1 = {{0}}, h2 = {{0}};
+
+	smb2_util_unlink(tree, fname);
+	status = torture_smb2_testfile(tree, fname, &h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"Error creating testfile\n");
+	smb2_util_close(tree, h1);
+	ZERO_STRUCT(h1);
+
+	tree->session->transport->oplock.handler = torture_oplock_handler;
+	tree->session->transport->oplock.private_data = tree;
+	ZERO_STRUCT(break_info);
+
+	/* 1 */
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	create.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	create.in.fname = fname;
+	create.in.oplock_level = SMB2_OPLOCK_LEVEL_EXCLUSIVE;
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "Error opening the file\n");
+	h1 = create.out.file.handle;
+
+	torture_assert_goto(tctx, create.out.oplock_level == SMB2_OPLOCK_LEVEL_EXCLUSIVE, ret, done,
+			    "Oplock level is not SMB2_OPLOCK_LEVEL_EXCLUSIVE\n");
+
+	/* 2 */
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_RIGHTS_FILE_READ;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	create.in.fname = fname;
+
+	status = smb2_create(tree2, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "Error opening the file\n");
+	h2 = create.out.file.handle;
+
+	torture_wait_for_oplock_break(tctx);
+	torture_assert_goto(tctx, break_info.count == 1, ret, done, "Expected 1 oplock break\n");
+
+done:
+	if (!smb2_util_handle_empty(h1)) {
+		smb2_util_close(tree, h1);
+	}
+	if (!smb2_util_handle_empty(h2)) {
+		smb2_util_close(tree, h2);
+	}
+	smb2_util_unlink(tree, fname);
+	return ret;
+}
+
+/**
+ * 1) create testfile with stream
+ * 2) open file r/w with batch oplock, sharing read/delete
+ * 3) open stream on file for reading
+ *
+ * Verify 3) doesn't trigger an oplock break
+ **/
+static bool test_smb2_kernel_oplocks4(struct torture_context *tctx,
+				      struct smb2_tree *tree)
+{
+	const char *fname = "test_kernel_oplock4.dat";
+	const char *sname = "test_kernel_oplock4.dat:foo";
+	NTSTATUS status;
+	bool ret = true;
+	struct smb2_create create;
+	struct smb2_handle h1 = {{0}}, h2 = {{0}};
+
+	tree->session->transport->oplock.handler = torture_oplock_handler;
+	tree->session->transport->oplock.private_data = tree;
+	ZERO_STRUCT(break_info);
+	smb2_util_unlink(tree, fname);
+
+	/* 1 */
+	status = torture_smb2_testfile(tree, fname, &h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"Error creating testfile\n");
+	smb2_util_close(tree, h1);
+	ZERO_STRUCT(h1);
+
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_RIGHTS_FILE_READ;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	create.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	create.in.fname = sname;
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "Error opening the file\n");
+	h1 = create.out.file.handle;
+	smb2_util_close(tree, h1);
+	ZERO_STRUCT(h1);
+
+	/* 2 */
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	create.in.fname = fname;
+	create.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "Error opening the file\n");
+	h1 = create.out.file.handle;
+
+	torture_assert_goto(tctx, create.out.oplock_level == SMB2_OPLOCK_LEVEL_BATCH, ret, done,
+			    "Oplock level is not SMB2_OPLOCK_LEVEL_BATCH\n");
+
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_RIGHTS_FILE_READ;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	create.in.fname = sname;
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "Error opening the file\n");
+	h2 = create.out.file.handle;
+
+	torture_wait_for_oplock_break(tctx);
+	if (break_info.count != 0) {
+		torture_warning(tctx, "Stream open caused oplock break\n");
+	}
+
+done:
+	if (!smb2_util_handle_empty(h1)) {
+		smb2_util_close(tree, h1);
+	}
+	if (!smb2_util_handle_empty(h2)) {
+		smb2_util_close(tree, h2);
+	}
+	smb2_util_unlink(tree, fname);
+	return ret;
+}
+
+/**
+ * 1) create testfile with stream
+ * 2) open stream r/w with batch oplock -> batch oplock granted
+ * 3) open stream r/o with batch oplock
+ *
+ * Verify 3) does trigger an oplock break
+ **/
+static bool test_smb2_kernel_oplocks5(struct torture_context *tctx,
+				      struct smb2_tree *tree)
+{
+	const char *fname = "test_kernel_oplock4.dat";
+	const char *sname = "test_kernel_oplock4.dat:foo";
+	NTSTATUS status;
+	bool ret = true;
+	struct smb2_create create;
+	struct smb2_handle h1 = {{0}}, h2 = {{0}};
+
+	tree->session->transport->oplock.handler = torture_oplock_handler;
+	tree->session->transport->oplock.private_data = tree;
+	ZERO_STRUCT(break_info);
+	smb2_util_unlink(tree, fname);
+
+	/* 1 */
+	status = torture_smb2_testfile(tree, fname, &h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"Error creating testfile\n");
+	smb2_util_close(tree, h1);
+	ZERO_STRUCT(h1);
+
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_RIGHTS_FILE_READ;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	create.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	create.in.fname = sname;
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "Error opening the file\n");
+	h1 = create.out.file.handle;
+	smb2_util_close(tree, h1);
+	ZERO_STRUCT(h1);
+
+	/* 2 */
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	create.in.fname = sname;
+	create.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "Error opening the file\n");
+	h1 = create.out.file.handle;
+
+	torture_assert_goto(tctx, create.out.oplock_level == SMB2_OPLOCK_LEVEL_BATCH, ret, done,
+			    "Oplock level is not SMB2_OPLOCK_LEVEL_BATCH\n");
+
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_RIGHTS_FILE_READ;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	create.in.fname = sname;
+	create.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "Error opening the file\n");
+	h2 = create.out.file.handle;
+
+	torture_assert_goto(tctx, create.out.oplock_level == SMB2_OPLOCK_LEVEL_NONE, ret, done,
+			    "Oplock level is not SMB2_OPLOCK_LEVEL_NONE\n");
+
+	torture_wait_for_oplock_break(tctx);
+	if (break_info.count != 1) {
+		torture_warning(tctx, "Stream open didn't cause oplock break\n");
+	}
+
+done:
+	if (!smb2_util_handle_empty(h1)) {
+		smb2_util_close(tree, h1);
+	}
+	if (!smb2_util_handle_empty(h2)) {
+		smb2_util_close(tree, h2);
+	}
+	smb2_util_unlink(tree, fname);
+	return ret;
+}
+
+/**
+ * 1) create testfile with stream
+ * 2) 1st client opens stream r/w with batch oplock -> batch oplock granted
+ * 3) 2nd client opens stream r/o with batch oplock
+ *
+ * Verify 3) does trigger an oplock break
+ **/
+static bool test_smb2_kernel_oplocks6(struct torture_context *tctx,
+				      struct smb2_tree *tree,
+				      struct smb2_tree *tree2)
+{
+	const char *fname = "test_kernel_oplock6.dat";
+	const char *sname = "test_kernel_oplock6.dat:foo";
+	NTSTATUS status;
+	bool ret = true;
+	struct smb2_create create;
+	struct smb2_handle h1 = {{0}}, h2 = {{0}};
+
+	smb2_util_unlink(tree, fname);
+	status = torture_smb2_testfile(tree, fname, &h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"Error creating testfile\n");
+	smb2_util_close(tree, h1);
+	ZERO_STRUCT(h1);
+
+	tree->session->transport->oplock.handler = torture_oplock_handler;
+	tree->session->transport->oplock.private_data = tree;
+	ZERO_STRUCT(break_info);
+
+	/* 1 */
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_RIGHTS_FILE_READ;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	create.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	create.in.fname = sname;
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "Error opening the file\n");
+	h1 = create.out.file.handle;
+	smb2_util_close(tree, h1);
+	ZERO_STRUCT(h1);
+
+	/* 2 */
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	create.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	create.in.fname = fname;
+	create.in.oplock_level = SMB2_OPLOCK_LEVEL_EXCLUSIVE;
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "Error opening the file\n");
+	h1 = create.out.file.handle;
+
+	torture_assert_goto(tctx, create.out.oplock_level == SMB2_OPLOCK_LEVEL_EXCLUSIVE, ret, done,
+			    "Oplock level is not SMB2_OPLOCK_LEVEL_EXCLUSIVE\n");
+
+	/* 3 */
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_RIGHTS_FILE_READ;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	create.in.fname = fname;
+
+	status = smb2_create(tree2, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "Error opening the file\n");
+	h2 = create.out.file.handle;
+
+	torture_assert_goto(tctx, create.out.oplock_level == SMB2_OPLOCK_LEVEL_NONE, ret, done,
+			    "Oplock level is not SMB2_OPLOCK_LEVEL_NONE\n");
+
+	torture_wait_for_oplock_break(tctx);
+	torture_assert_goto(tctx, break_info.count == 1, ret, done, "Expected 1 oplock break\n");
+
+done:
+	if (!smb2_util_handle_empty(h1)) {
+		smb2_util_close(tree, h1);
+	}
+	if (!smb2_util_handle_empty(h2)) {
+		smb2_util_close(tree, h2);
+	}
+	smb2_util_unlink(tree, fname);
+	return ret;
+}
+
+/**
+ * Recreate regression test from bug:
+ *
+ * https://bugzilla.samba.org/show_bug.cgi?id=13058
+ *
+ * 1. smbd-1 opens the file and sets the oplock
+ * 2. smbd-2 tries to open the file. open() fails(EAGAIN) and open is deferred.
+ * 3. smbd-1 sends oplock break request to the client.
+ * 4. smbd-1 closes the file.
+ * 5. smbd-1 opens the file and sets the oplock.
+ * 6. smbd-2 calls defer_open_done(), and should re-break the oplock.
+ **/
+
+static bool test_smb2_kernel_oplocks7(struct torture_context *tctx,
+				      struct smb2_tree *tree,
+				      struct smb2_tree *tree2)
+{
+	const char *fname = "test_kernel_oplock7.dat";
+	NTSTATUS status;
+	bool ret = true;
+	struct smb2_create create;
+	struct smb2_handle h1 = {{0}}, h2 = {{0}};
+	struct smb2_create create_2;
+        struct smb2_create io;
+	struct smb2_request *req;
+
+	smb2_util_unlink(tree, fname);
+	status = torture_smb2_testfile(tree, fname, &h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"Error creating testfile\n");
+	smb2_util_close(tree, h1);
+	ZERO_STRUCT(h1);
+
+	/* Close the open file on break. */
+	tree->session->transport->oplock.handler = torture_oplock_handler_close;
+	tree->session->transport->oplock.private_data = tree;
+	ZERO_STRUCT(break_info);
+
+	/* 1 - open file with oplock */
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	create.in.fname = fname;
+	create.in.oplock_level = SMB2_OPLOCK_LEVEL_EXCLUSIVE;
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+			"Error opening the file\n");
+	CHECK_VAL(create.out.oplock_level, SMB2_OPLOCK_LEVEL_EXCLUSIVE);
+
+	/* 2 - open file to break oplock */
+	ZERO_STRUCT(create_2);
+	create_2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	create_2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create_2.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+	create_2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create_2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	create_2.in.fname = fname;
+	create_2.in.oplock_level = SMB2_OPLOCK_LEVEL_NONE;
+
+	/* Open on tree2 - should cause a break on tree */
+	req = smb2_create_send(tree2, &create_2);
+	torture_assert(tctx, req != NULL, "smb2_create_send");
+
+	/* The oplock break handler should close the file. */
+	/* Steps 3 & 4. */
+	torture_wait_for_oplock_break(tctx);
+
+	tree->session->transport->oplock.handler = torture_oplock_handler;
+
+	/*
+	 * 5 - re-open on tree. NB. There is a race here
+	 * depending on which smbd goes first. We either get
+	 * an oplock level of SMB2_OPLOCK_LEVEL_EXCLUSIVE if
+	 * the close and re-open on tree is processed first, or
+	 * SMB2_OPLOCK_LEVEL_NONE if the pending create on
+	 * tree2 is processed first.
+	 */
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+			"Error opening the file\n");
+
+	h1 = create.out.file.handle;
+	if (create.out.oplock_level != SMB2_OPLOCK_LEVEL_EXCLUSIVE &&
+	    create.out.oplock_level != SMB2_OPLOCK_LEVEL_NONE) {
+		torture_result(tctx,
+			TORTURE_FAIL,
+			"(%s): wrong value for oplock got 0x%x\n",
+			__location__,
+			(unsigned int)create.out.oplock_level);
+                ret = false;
+		goto done;
+
+	}
+
+	/* 6 - retrieve the second open. */
+	status = smb2_create_recv(req, tctx, &io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+			"Error opening the file\n");
+	h2 = io.out.file.handle;
+	CHECK_VAL(io.out.oplock_level, SMB2_OPLOCK_LEVEL_NONE);
+
+done:
+	if (!smb2_util_handle_empty(h1)) {
+		smb2_util_close(tree, h1);
+	}
+	if (!smb2_util_handle_empty(h2)) {
+		smb2_util_close(tree2, h2);
+	}
+	smb2_util_unlink(tree, fname);
+	return ret;
+}
+
+#ifdef HAVE_KERNEL_OPLOCKS_LINUX
+
+#ifndef RT_SIGNAL_LEASE
+#define RT_SIGNAL_LEASE (SIGRTMIN+1)
+#endif
+
+static int got_break;
+
+/*
+ * Signal handler.
+ */
+
+static void got_rt_break(int sig)
+{
+	got_break = 1;
+}
+
+static int got_alarm;
+
+/*
+ * Signal handler.
+ */
+
+static void got_alarm_fn(int sig)
+{
+	got_alarm = 1;
+}
+
+/*
+ * Child process function.
+ */
+
+static int do_child_process(int pipefd, const char *name)
+{
+	int ret = 0;
+	int fd = -1;
+	char c = 0;
+	struct sigaction act;
+	sigset_t set;
+	sigset_t empty_set;
+
+	/* Block RT_SIGNAL_LEASE and SIGALRM. */
+	sigemptyset(&set);
+	sigemptyset(&empty_set);
+	sigaddset(&set, RT_SIGNAL_LEASE);
+	sigaddset(&set, SIGALRM);
+	ret = sigprocmask(SIG_SETMASK, &set, NULL);
+	if (ret == -1) {
+		return 11;
+	}
+
+	/* Set up a signal handler for RT_SIGNAL_LEASE. */
+	ZERO_STRUCT(act);
+	act.sa_handler = got_rt_break;
+	ret = sigaction(RT_SIGNAL_LEASE, &act, NULL);
+	if (ret == -1) {
+		return 1;
+	}
+	/* Set up a signal handler for SIGALRM. */
+	ZERO_STRUCT(act);
+	act.sa_handler = got_alarm_fn;
+	ret = sigaction(SIGALRM, &act, NULL);
+	if (ret == -1) {
+		return 1;
+	}
+	/* Open the passed in file and get a kernel oplock. */
+	fd = open(name, O_RDWR, 0666);
+	if (fd == -1) {
+		return 2;
+	}
+
+	ret = fcntl(fd, F_SETSIG, RT_SIGNAL_LEASE);
+	if (ret == -1) {
+		close(fd);
+		return 3;
+	}
+
+	ret = fcntl(fd, F_SETLEASE, F_WRLCK);
+	if (ret == -1) {
+		close(fd);
+		return 4;
+	}
+
+	/* Tell the parent we're ready. */
+	ret = sys_write(pipefd, &c, 1);
+	if (ret != 1) {
+		close(fd);
+		return 5;
+	}
+
+	/* Ensure the pause doesn't hang forever. */
+	alarm(5);
+
+	/* Wait for RT_SIGNAL_LEASE or SIGALRM. */
+	ret = sigsuspend(&empty_set);
+	if (ret != -1 || errno != EINTR) {
+		close(fd);
+		return 6;
+	}
+
+	if (got_alarm == 1) {
+		close(fd);
+		return 10;
+	}
+
+	if (got_break != 1) {
+		close(fd);
+		return 7;
+	}
+
+	/* Cancel any pending alarm. */
+	alarm(0);
+
+	/* Force the server to wait for 3 seconds. */
+	sleep(3);
+
+	/* Remove our lease. */
+	ret = fcntl(fd, F_SETLEASE, F_UNLCK);
+	if (ret == -1) {
+		close(fd);
+		return 8;
+	}
+
+	ret = close(fd);
+	if (ret == -1) {
+		return 9;
+	}
+
+	/* All is well. */
+	return 0;
+}
+
+static bool wait_for_child_oplock(struct torture_context *tctx,
+				const char *localdir,
+				const char *fname)
+{
+	int fds[2];
+	int ret;
+	pid_t pid;
+	char *name = talloc_asprintf(tctx,
+				"%s/%s",
+				localdir,
+				fname);
+
+	torture_assert(tctx, name != NULL, "talloc failed");
+
+	ret = pipe(fds);
+	torture_assert(tctx, ret != -1, "pipe failed");
+
+	pid = fork();
+	torture_assert(tctx, pid != (pid_t)-1, "fork failed");
+
+	if (pid != (pid_t)0) {
+		char c;
+		/* Parent. */
+		TALLOC_FREE(name);
+		close(fds[1]);
+		ret = sys_read(fds[0], &c, 1);
+		torture_assert(tctx, ret == 1, "read failed");
+		return true;
+	}
+
+	/* Child process. */
+	close(fds[0]);
+	ret = do_child_process(fds[1], name);
+	_exit(ret);
+	/* Notreached. */
+}
+#else
+static bool wait_for_child_oplock(struct torture_context *tctx,
+				const char *localdir,
+				const char *fname)
+{
+	return false;
+}
+#endif
+
+static void child_sig_term_handler(struct tevent_context *ev,
+				struct tevent_signal *se,
+				int signum,
+				int count,
+				void *siginfo,
+				void *private_data)
+{
+	int *pstatus = (int *)private_data;
+	int status = 0;
+
+	wait(&status);
+	if (WIFEXITED(status)) {
+		*pstatus = WEXITSTATUS(status);
+	} else {
+		*pstatus = status;
+	}
+}
+
+/*
+ * Deal with a non-smbd process holding a kernel oplock.
+ */
+
+static bool test_smb2_kernel_oplocks8(struct torture_context *tctx,
+				      struct smb2_tree *tree)
+{
+	const char *fname = "test_kernel_oplock8.dat";
+	const char *fname1 = "tmp_test_kernel_oplock8.dat";
+	NTSTATUS status;
+	bool ret = true;
+	struct smb2_create io;
+	struct smb2_request *req = NULL;
+	struct smb2_handle h1 = {{0}};
+	struct smb2_handle h2 = {{0}};
+	const char *localdir = torture_setting_string(tctx, "localdir", NULL);
+	struct tevent_signal *se = NULL;
+	int child_exit_code = -1;
+	time_t start;
+	time_t end;
+
+#ifndef HAVE_KERNEL_OPLOCKS_LINUX
+	torture_skip(tctx, "Need kernel oplocks for test");
+#endif
+
+	if (localdir == NULL) {
+		torture_skip(tctx, "Need localdir for test");
+	}
+
+	smb2_util_unlink(tree, fname);
+	smb2_util_unlink(tree, fname1);
+	status = torture_smb2_testfile(tree, fname, &h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"Error creating testfile\n");
+	smb2_util_close(tree, h1);
+	ZERO_STRUCT(h1);
+
+	se = tevent_add_signal(tctx->ev,
+				tctx,
+				SIGCHLD,
+				0,
+				child_sig_term_handler,
+				&child_exit_code);
+	torture_assert(tctx, se != NULL, "tevent_add_signal failed\n");
+
+	/* Take the oplock locally in a sub-process. */
+	ret = wait_for_child_oplock(tctx, localdir, fname);
+	torture_assert_goto(tctx, ret, ret, done,
+		"Wait for child process failed.\n");
+
+	/*
+	 * Now try and open. This should block for 3 seconds.
+	 * while the child process is still alive.
+	 */
+
+	ZERO_STRUCT(io);
+	io.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.in.file_attributes   = FILE_ATTRIBUTE_NORMAL;
+	io.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.in.share_access =
+		NTCREATEX_SHARE_ACCESS_DELETE|
+		NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.in.create_options = 0;
+	io.in.fname = fname;
+
+	req = smb2_create_send(tree, &io);
+	torture_assert_goto(tctx, req != NULL,
+			    ret, done, "smb2_create_send");
+
+	/* Ensure while the open is blocked the smbd is
+	   still serving other requests. */
+	io.in.fname = fname1;
+	io.in.create_disposition = NTCREATEX_DISP_CREATE;
+
+	/* Time the start -> end of the request. */
+	start = time(NULL);
+	status = smb2_create(tree, tctx, &io);
+	end = time(NULL);
+
+	/* Should succeed. */
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+			"Error opening the second file\n");
+	h1 = io.out.file.handle;
+
+	/* in less than 2 seconds. Otherwise the server blocks. */
+	torture_assert_goto(tctx, end - start < 2,
+			    ret, done, "server was blocked !");
+
+	/* Pick up the return for the initial blocking open. */
+	status = smb2_create_recv(req, tctx, &io);
+
+	/* Which should also have succeeded. */
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+			"Error opening the file\n");
+	h2 = io.out.file.handle;
+
+	/* Wait for the exit code from the child. */
+	while (child_exit_code == -1) {
+		int rval = tevent_loop_once(tctx->ev);
+		torture_assert_goto(tctx, rval == 0, ret,
+				    done, "tevent_loop_once error\n");
+	}
+
+	torture_assert_int_equal_goto(tctx, child_exit_code, 0,
+				      ret, done, "Bad child exit code");
+
+done:
+	if (!smb2_util_handle_empty(h1)) {
+		smb2_util_close(tree, h1);
+	}
+	if (!smb2_util_handle_empty(h2)) {
+		smb2_util_close(tree, h2);
+	}
+	smb2_util_unlink(tree, fname);
+	smb2_util_unlink(tree, fname1);
+	return ret;
+}
+
+struct torture_suite *torture_smb2_kernel_oplocks_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite =
+	    torture_suite_create(ctx, "kernel-oplocks");
+
+	torture_suite_add_1smb2_test(suite, "kernel_oplocks1", test_smb2_kernel_oplocks1);
+	torture_suite_add_1smb2_test(suite, "kernel_oplocks2", test_smb2_kernel_oplocks2);
+	torture_suite_add_2smb2_test(suite, "kernel_oplocks3", test_smb2_kernel_oplocks3);
+	torture_suite_add_1smb2_test(suite, "kernel_oplocks4", test_smb2_kernel_oplocks4);
+	torture_suite_add_1smb2_test(suite, "kernel_oplocks5", test_smb2_kernel_oplocks5);
+	torture_suite_add_2smb2_test(suite, "kernel_oplocks6", test_smb2_kernel_oplocks6);
+	torture_suite_add_2smb2_test(suite, "kernel_oplocks7", test_smb2_kernel_oplocks7);
+	torture_suite_add_1smb2_test(suite, "kernel_oplocks8", test_smb2_kernel_oplocks8);
+
+	suite->description = talloc_strdup(suite, "SMB2-KERNEL-OPLOCK tests");
+
+	return suite;
+}
diff --git a/source4/torture/smb2/oplock_break_handler.c b/source4/torture/smb2/oplock_break_handler.c
new file mode 100644
index 0000000..c17d32a
--- /dev/null
+++ b/source4/torture/smb2/oplock_break_handler.c
@@ -0,0 +1,169 @@
+/*
+ * Unix SMB/CIFS implementation.
+ *
+ * test suite for SMB2 replay
+ *
+ * Copyright (C) Anubhav Rakshit 2014
+ * Copyright (C) Stefan Metzmacher 2014
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "torture/torture.h"
+#include "torture/smb2/proto.h"
+#include "../libcli/smb/smbXcli_base.h"
+#include "oplock_break_handler.h"
+#include "lib/events/events.h"
+
+struct break_info break_info;
+
+static void torture_oplock_ack_callback(struct smb2_request *req)
+{
+	NTSTATUS status;
+
+	status = smb2_break_recv(req, &break_info.br);
+	if (!NT_STATUS_IS_OK(status)) {
+		break_info.failures++;
+		break_info.failure_status = status;
+	}
+}
+
+/**
+ * A general oplock break notification handler.  This should be used when a
+ * test expects to break from batch or exclusive to a lower level.
+ */
+
+bool torture_oplock_ack_handler(struct smb2_transport *transport,
+				const struct smb2_handle *handle,
+				uint8_t level,
+				void *private_data)
+{
+	struct smb2_tree *tree = private_data;
+	const char *name;
+	struct smb2_request *req;
+
+	ZERO_STRUCT(break_info.br);
+
+	break_info.handle	= *handle;
+	break_info.level	= level;
+	break_info.count++;
+
+	switch (level) {
+	case SMB2_OPLOCK_LEVEL_II:
+		name = "level II";
+		break;
+	case SMB2_OPLOCK_LEVEL_NONE:
+		name = "none";
+		break;
+	default:
+		name = "unknown";
+		break_info.failures++;
+	}
+
+	break_info.br.in.file.handle	= *handle;
+	break_info.br.in.oplock_level	= level;
+	break_info.br.in.reserved	= 0;
+	break_info.br.in.reserved2	= 0;
+	break_info.received_transport = tree->session->transport;
+	SMB_ASSERT(tree->session->transport == transport);
+
+	if (break_info.oplock_skip_ack) {
+		torture_comment(break_info.tctx,
+				"transport[%p] skip acking to %s [0x%02X] in oplock handler\n",
+				transport, name, level);
+		return true;
+	}
+
+	torture_comment(break_info.tctx,
+			"transport[%p] Acking to %s [0x%02X] in oplock handler\n",
+			transport, name, level);
+
+	req = smb2_break_send(tree, &break_info.br);
+	req->async.fn = torture_oplock_ack_callback;
+	req->async.private_data = NULL;
+
+	return true;
+}
+
+/**
+ * A oplock break handler designed to ignore incoming break requests.
+ * This is used when incoming oplock break requests need to be ignored
+ */
+bool torture_oplock_ignore_handler(struct smb2_transport *transport,
+				   const struct smb2_handle *handle,
+				   uint8_t level, void *private_data)
+{
+	return true;
+}
+
+/*
+ * Timer handler function notifies the registering function that time is up
+ */
+static void timeout_cb(struct tevent_context *ev,
+		       struct tevent_timer *te,
+		       struct timeval current_time,
+		       void *private_data)
+{
+	bool *timesup = (bool *)private_data;
+	*timesup = true;
+}
+
+/*
+ * Wait a short period of time to receive a single oplock break request
+ */
+void torture_wait_for_oplock_break(struct torture_context *tctx)
+{
+	TALLOC_CTX *tmp_ctx = talloc_new(NULL);
+	struct tevent_timer *te = NULL;
+	struct timeval ne;
+	bool timesup = false;
+	int old_count = break_info.count;
+
+	/* Wait 1 second for an oplock break */
+	ne = tevent_timeval_current_ofs(0, 1000000);
+
+	te = tevent_add_timer(tctx->ev, tmp_ctx, ne, timeout_cb, &timesup);
+	if (te == NULL) {
+		torture_comment(tctx, "Failed to wait for an oplock break. "
+				      "test results may not be accurate.\n");
+		goto done;
+	}
+
+	torture_comment(tctx, "Waiting for a potential oplock break...\n");
+	while (!timesup && break_info.count < old_count + 1) {
+		if (tevent_loop_once(tctx->ev) != 0) {
+			torture_comment(tctx, "Failed to wait for an oplock "
+					      "break. test results may not be "
+					      "accurate\n.");
+			goto done;
+		}
+	}
+	if (timesup) {
+		torture_comment(tctx, "... waiting for an oplock break timed out\n");
+	} else {
+		torture_comment(tctx, "Got %u oplock breaks\n",
+				break_info.count - old_count);
+	}
+
+done:
+	/* We don't know if the timed event fired and was freed, we received
+	 * our oplock break, or some other event triggered the loop.  Thus,
+	 * we create a tmp_ctx to be able to safely free/remove the timed
+	 * event in all 3 cases.
+	 */
+	talloc_free(tmp_ctx);
+}
diff --git a/source4/torture/smb2/oplock_break_handler.h b/source4/torture/smb2/oplock_break_handler.h
new file mode 100644
index 0000000..c576782
--- /dev/null
+++ b/source4/torture/smb2/oplock_break_handler.h
@@ -0,0 +1,57 @@
+/*
+ * Unix SMB/CIFS implementation.
+ *
+ * test suite for SMB2 replay
+ *
+ * Copyright (C) Anubhav Rakshit 2014
+ * Copyright (C) Stefan Metzmacher 2014
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __OPLOCK_BREAK_HANDLER_H__
+#define __OPLOCK_BREAK_HANDLER_H__
+
+struct break_info {
+	struct torture_context *tctx;
+	bool oplock_skip_ack;
+	struct smb2_handle handle;
+	uint8_t level;
+	struct smb2_break br;
+	int count;
+	int failures;
+	NTSTATUS failure_status;
+	struct smb2_transport *received_transport;
+};
+
+extern struct break_info break_info;
+
+bool torture_oplock_ack_handler(struct smb2_transport *transport,
+				const struct smb2_handle *handle,
+				uint8_t level,
+				void *private_data);
+bool torture_oplock_ignore_handler(struct smb2_transport *transport,
+				const struct smb2_handle *handle,
+				uint8_t level,
+				void *private_data);
+void torture_wait_for_oplock_break(struct torture_context *tctx);
+
+static inline void torture_reset_break_info(struct torture_context *tctx,
+			      struct break_info *r)
+{
+	ZERO_STRUCTP(r);
+	r->tctx = tctx;
+}
+
+#endif /* __OPLOCK_BREAK_HANDLER_H__ */
diff --git a/source4/torture/smb2/read.c b/source4/torture/smb2/read.c
new file mode 100644
index 0000000..2bc0dc9
--- /dev/null
+++ b/source4/torture/smb2/read.c
@@ -0,0 +1,573 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   SMB2 read test suite
+
+   Copyright (C) Andrew Tridgell 2008
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include <tevent.h>
+
+#include "torture/torture.h"
+#include "torture/smb2/proto.h"
+#include "../libcli/smb/smbXcli_base.h"
+#include "librpc/gen_ndr/ndr_ioctl.h"
+
+
+#define CHECK_STATUS(_status, _expected) \
+	torture_assert_ntstatus_equal_goto(torture, _status, _expected, \
+		 ret, done, "Incorrect status")
+
+#define CHECK_VALUE(v, correct) \
+	torture_assert_int_equal_goto(torture, v, correct, \
+		 ret, done, "Incorrect value")
+
+#define FNAME "smb2_readtest.dat"
+#define DNAME "smb2_readtest.dir"
+
+static bool test_read_eof(struct torture_context *torture, struct smb2_tree *tree)
+{
+	bool ret = true;
+	NTSTATUS status;
+	struct smb2_handle h;
+	uint8_t buf[64*1024];
+	struct smb2_read rd;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+
+	ZERO_STRUCT(buf);
+
+	smb2_util_unlink(tree, FNAME);
+
+	status = torture_smb2_testfile(tree, FNAME, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(rd);
+	rd.in.file.handle = h;
+	rd.in.length      = 5;
+	rd.in.offset      = 0;
+	status = smb2_read(tree, tree, &rd);
+	CHECK_STATUS(status, NT_STATUS_END_OF_FILE);
+
+	status = smb2_util_write(tree, h, buf, 0, ARRAY_SIZE(buf));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(rd);
+	rd.in.file.handle = h;
+	rd.in.length = 10;
+	rd.in.offset = 0;
+	rd.in.min_count = 1;
+
+	status = smb2_read(tree, tmp_ctx, &rd);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(rd.out.data.length, 10);
+
+	rd.in.min_count = 0;
+	rd.in.length = 10;
+	rd.in.offset = sizeof(buf);
+	status = smb2_read(tree, tmp_ctx, &rd);
+	CHECK_STATUS(status, NT_STATUS_END_OF_FILE);
+
+	rd.in.min_count = 0;
+	rd.in.length = 0;
+	rd.in.offset = sizeof(buf);
+	status = smb2_read(tree, tmp_ctx, &rd);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(rd.out.data.length, 0);
+
+	rd.in.min_count = 1;
+	rd.in.length = 0;
+	rd.in.offset = sizeof(buf);
+	status = smb2_read(tree, tmp_ctx, &rd);
+	CHECK_STATUS(status, NT_STATUS_END_OF_FILE);
+
+	rd.in.min_count = 0;
+	rd.in.length = 2;
+	rd.in.offset = sizeof(buf) - 1;
+	status = smb2_read(tree, tmp_ctx, &rd);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(rd.out.data.length, 1);
+
+	rd.in.min_count = 2;
+	rd.in.length = 1;
+	rd.in.offset = sizeof(buf) - 1;
+	status = smb2_read(tree, tmp_ctx, &rd);
+	CHECK_STATUS(status, NT_STATUS_END_OF_FILE);
+
+	rd.in.min_count = 0x10000;
+	rd.in.length = 1;
+	rd.in.offset = 0;
+	status = smb2_read(tree, tmp_ctx, &rd);
+	CHECK_STATUS(status, NT_STATUS_END_OF_FILE);
+
+	rd.in.min_count = 0x10000 - 2;
+	rd.in.length = 1;
+	rd.in.offset = 0;
+	status = smb2_read(tree, tmp_ctx, &rd);
+	CHECK_STATUS(status, NT_STATUS_END_OF_FILE);
+
+	rd.in.min_count = 10;
+	rd.in.length = 5;
+	rd.in.offset = 0;
+	status = smb2_read(tree, tmp_ctx, &rd);
+	CHECK_STATUS(status, NT_STATUS_END_OF_FILE);
+
+done:
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+
+static bool test_read_position(struct torture_context *torture, struct smb2_tree *tree)
+{
+	bool ret = true;
+	NTSTATUS status;
+	struct smb2_handle h;
+	uint8_t buf[64*1024];
+	struct smb2_read rd;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	union smb_fileinfo info;
+
+	ZERO_STRUCT(buf);
+
+	smb2_util_unlink(tree, FNAME);
+
+	status = torture_smb2_testfile(tree, FNAME, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_util_write(tree, h, buf, 0, ARRAY_SIZE(buf));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(rd);
+	rd.in.file.handle = h;
+	rd.in.length = 10;
+	rd.in.offset = 0;
+	rd.in.min_count = 1;
+
+	status = smb2_read(tree, tmp_ctx, &rd);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(rd.out.data.length, 10);
+
+	info.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+	info.generic.in.file.handle = h;
+
+	status = smb2_getinfo_file(tree, tmp_ctx, &info);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	if (torture_setting_bool(torture, "windows", false)) {
+		CHECK_VALUE(info.all_info2.out.position, 0);
+	} else {
+		CHECK_VALUE(info.all_info2.out.position, 10);
+	}
+
+	
+done:
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+static bool test_read_dir(struct torture_context *torture, struct smb2_tree *tree)
+{
+	bool ret = true;
+	NTSTATUS status;
+	struct smb2_handle h;
+	struct smb2_read rd;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+
+	status = torture_smb2_testdir(tree, DNAME, &h);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf(__location__ " Unable to create test directory '%s' - %s\n", DNAME, nt_errstr(status));
+		return false;
+	}
+
+	ZERO_STRUCT(rd);
+	rd.in.file.handle = h;
+	rd.in.length = 10;
+	rd.in.offset = 0;
+	rd.in.min_count = 1;
+
+	status = smb2_read(tree, tmp_ctx, &rd);
+	CHECK_STATUS(status, NT_STATUS_INVALID_DEVICE_REQUEST);
+	
+	rd.in.min_count = 11;
+	status = smb2_read(tree, tmp_ctx, &rd);
+	CHECK_STATUS(status, NT_STATUS_INVALID_DEVICE_REQUEST);
+
+	rd.in.length = 0;
+	rd.in.min_count = 2592;
+	status = smb2_read(tree, tmp_ctx, &rd);
+	if (torture_setting_bool(torture, "windows", false)) {
+		CHECK_STATUS(status, NT_STATUS_END_OF_FILE);
+	} else {
+		CHECK_STATUS(status, NT_STATUS_INVALID_DEVICE_REQUEST);
+	}
+
+	rd.in.length = 0;
+	rd.in.min_count = 0;
+	rd.in.channel = 0;
+	status = smb2_read(tree, tmp_ctx, &rd);
+	if (torture_setting_bool(torture, "windows", false)) {
+		CHECK_STATUS(status, NT_STATUS_OK);
+	} else {
+		CHECK_STATUS(status, NT_STATUS_INVALID_DEVICE_REQUEST);
+	}
+	
+done:
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+static bool test_read_access(struct torture_context *torture,
+			     struct smb2_tree *tree)
+{
+	bool ret = true;
+	NTSTATUS status;
+	struct smb2_handle h;
+	uint8_t buf[64 * 1024];
+	struct smb2_read rd;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+
+	ZERO_STRUCT(buf);
+
+	/* create a file */
+	smb2_util_unlink(tree, FNAME);
+
+	status = torture_smb2_testfile(tree, FNAME, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_util_write(tree, h, buf, 0, ARRAY_SIZE(buf));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_util_close(tree, h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* open w/ READ access - success */
+	status = torture_smb2_testfile_access(
+	    tree, FNAME, &h, SEC_FILE_READ_ATTRIBUTE | SEC_FILE_READ_DATA);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(rd);
+	rd.in.file.handle = h;
+	rd.in.length = 5;
+	rd.in.offset = 0;
+	status = smb2_read(tree, tree, &rd);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_util_close(tree, h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* open w/ EXECUTE access - success */
+	status = torture_smb2_testfile_access(
+	    tree, FNAME, &h, SEC_FILE_READ_ATTRIBUTE | SEC_FILE_EXECUTE);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(rd);
+	rd.in.file.handle = h;
+	rd.in.length = 5;
+	rd.in.offset = 0;
+	status = smb2_read(tree, tree, &rd);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_util_close(tree, h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* open without READ or EXECUTE access - access denied */
+	status = torture_smb2_testfile_access(tree, FNAME, &h,
+					      SEC_FILE_READ_ATTRIBUTE);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(rd);
+	rd.in.file.handle = h;
+	rd.in.length = 5;
+	rd.in.offset = 0;
+	status = smb2_read(tree, tree, &rd);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	status = smb2_util_close(tree, h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+done:
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+/*
+   basic regression test for BUG 14607
+   https://bugzilla.samba.org/show_bug.cgi?id=14607
+*/
+static bool test_read_bug14607(struct torture_context *torture,
+				struct smb2_tree *tree)
+{
+	bool ret = true;
+	NTSTATUS status;
+	struct smb2_handle h;
+	uint8_t buf[64 * 1024];
+	struct smb2_read rd;
+	uint32_t timeout_msec;
+	DATA_BLOB out_input_buffer = data_blob_null;
+	DATA_BLOB out_output_buffer = data_blob_null;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	uint8_t *data = NULL;
+	uint32_t data_length = 0;
+
+	memset(buf, 0x1f, ARRAY_SIZE(buf));
+
+	/* create a file */
+	smb2_util_unlink(tree, FNAME);
+
+	status = torture_smb2_testfile(tree, FNAME, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_util_write(tree, h, buf, 0, ARRAY_SIZE(buf));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(rd);
+	rd.in.file.handle = h;
+	rd.in.length = ARRAY_SIZE(buf);
+	rd.in.offset = 0;
+	status = smb2_read(tree, tree, &rd);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(rd.out.data.length, ARRAY_SIZE(buf));
+	torture_assert_mem_equal_goto(torture, rd.out.data.data,
+				      buf, ARRAY_SIZE(buf),
+				      ret, done,
+				      "Invalid content smb2_read");
+
+	timeout_msec = tree->session->transport->options.request_timeout * 1000;
+
+	status = smb2cli_read(tree->session->transport->conn,
+			      timeout_msec,
+			      tree->session->smbXcli,
+			      tree->smbXcli,
+			      rd.in.length,
+			      rd.in.offset,
+			      h.data[0],
+			      h.data[1],
+			      rd.in.min_count,
+			      rd.in.remaining,
+			      tmp_ctx,
+			      &data, &data_length);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(data_length, ARRAY_SIZE(buf));
+	torture_assert_mem_equal_goto(torture, data,
+				      buf, ARRAY_SIZE(buf),
+				      ret, done,
+				      "Invalid content smb2cli_read");
+
+	status = smb2cli_ioctl(tree->session->transport->conn,
+			       timeout_msec,
+			       tree->session->smbXcli,
+			       tree->smbXcli,
+			       UINT64_MAX, /* in_fid_persistent */
+			       UINT64_MAX, /* in_fid_volatile */
+			       FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8,
+			       0, /* in_max_input_length */
+			       NULL, /* in_input_buffer */
+			       1, /* in_max_output_length */
+			       NULL, /* in_output_buffer */
+			       SMB2_IOCTL_FLAG_IS_FSCTL,
+			       tmp_ctx,
+			       &out_input_buffer,
+			       &out_output_buffer);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED) ||
+	    NT_STATUS_EQUAL(status, NT_STATUS_FILE_CLOSED) ||
+	    NT_STATUS_EQUAL(status, NT_STATUS_FS_DRIVER_REQUIRED) ||
+	    NT_STATUS_EQUAL(status, NT_STATUS_INVALID_DEVICE_REQUEST))
+	{
+		torture_comment(torture,
+				"FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8: %s\n",
+				nt_errstr(status));
+		torture_skip(torture, "server doesn't support FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8\n");
+	}
+	torture_assert_ntstatus_ok(torture, status, "FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8");
+
+	torture_assert_int_equal(torture, out_output_buffer.length, 0,
+				 "output length");
+
+	ZERO_STRUCT(rd);
+	rd.in.file.handle = h;
+	rd.in.length = ARRAY_SIZE(buf);
+	rd.in.offset = 0;
+	status = smb2_read(tree, tree, &rd);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(rd.out.data.length, ARRAY_SIZE(buf));
+	torture_assert_mem_equal_goto(torture, rd.out.data.data,
+				      buf, ARRAY_SIZE(buf),
+				      ret, done,
+				      "Invalid content after padding smb2_read");
+
+	status = smb2cli_read(tree->session->transport->conn,
+			      timeout_msec,
+			      tree->session->smbXcli,
+			      tree->smbXcli,
+			      rd.in.length,
+			      rd.in.offset,
+			      h.data[0],
+			      h.data[1],
+			      rd.in.min_count,
+			      rd.in.remaining,
+			      tmp_ctx,
+			      &data, &data_length);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(data_length, ARRAY_SIZE(buf));
+	torture_assert_mem_equal_goto(torture, data,
+				      buf, ARRAY_SIZE(buf),
+				      ret, done,
+				      "Invalid content after padding smb2cli_read");
+
+	status = smb2_util_close(tree, h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+done:
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+/* 
+   basic testing of SMB2 read
+*/
+struct torture_suite *torture_smb2_read_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "read");
+
+	torture_suite_add_1smb2_test(suite, "eof", test_read_eof);
+	torture_suite_add_1smb2_test(suite, "position", test_read_position);
+	torture_suite_add_1smb2_test(suite, "dir", test_read_dir);
+	torture_suite_add_1smb2_test(suite, "access", test_read_access);
+	torture_suite_add_1smb2_test(suite, "bug14607",
+				     test_read_bug14607);
+
+	suite->description = talloc_strdup(suite, "SMB2-READ tests");
+
+	return suite;
+}
+
+static bool test_aio_cancel(struct torture_context *tctx,
+			    struct smb2_tree *tree)
+{
+	struct smb2_handle h;
+	uint8_t buf[64 * 1024];
+	struct smb2_read r;
+	struct smb2_request *req = NULL;
+	int rc;
+	NTSTATUS status;
+	bool ret = true;
+
+	ZERO_STRUCT(buf);
+
+	smb2_util_unlink(tree, FNAME);
+
+	status = torture_smb2_testfile(tree, FNAME, &h);
+	torture_assert_ntstatus_ok_goto(
+		tctx,
+		status,
+		ret,
+		done,
+		"torture_smb2_testfile failed\n");
+
+	status = smb2_util_write(tree, h, buf, 0, ARRAY_SIZE(buf));
+	torture_assert_ntstatus_ok_goto(
+		tctx,
+		status,
+		ret,
+		done,
+		"smb2_util_write failed\n");
+
+	status = smb2_util_close(tree, h);
+	torture_assert_ntstatus_ok_goto(
+		tctx,
+		status,
+		ret,
+		done,
+		"smb2_util_close failed\n");
+
+	status = torture_smb2_testfile_access(
+		tree, FNAME, &h, SEC_RIGHTS_FILE_ALL);
+	torture_assert_ntstatus_ok_goto(
+		tctx,
+		status,
+		ret,
+		done,
+		"torture_smb2_testfile_access failed\n");
+
+	r = (struct smb2_read) {
+		.in.file.handle = h,
+		.in.length      = 1,
+		.in.offset      = 0,
+		.in.min_count   = 1,
+	};
+
+	req = smb2_read_send(tree, &r);
+	torture_assert_goto(
+		tctx,
+		req != NULL,
+		ret,
+		done,
+		"smb2_read_send failed\n");
+
+	while (!req->cancel.can_cancel) {
+		rc = tevent_loop_once(tctx->ev);
+		torture_assert_goto(
+			tctx,
+			rc == 0,
+			ret,
+			done,
+			"tevent_loop_once failed\n");
+	}
+
+	status = smb2_cancel(req);
+	torture_assert_ntstatus_ok_goto(
+		tctx,
+		status,
+		ret,
+		done,
+		"smb2_cancel failed\n");
+
+	status = smb2_read_recv(req, tree, &r);
+	torture_assert_ntstatus_ok_goto(
+		tctx,
+		status,
+		ret,
+		done,
+		"smb2_read_recv failed\n");
+
+	status = smb2_util_close(tree, h);
+	torture_assert_ntstatus_ok_goto(
+		tctx,
+		status,
+		ret,
+		done,
+		"smb2_util_close failed\n");
+
+done:
+	smb2_util_unlink(tree, FNAME);
+	return ret;
+}
+
+/*
+ * aio testing against share with VFS module "delay_inject"
+ */
+struct torture_suite *torture_smb2_aio_delay_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "aio_delay");
+
+	torture_suite_add_1smb2_test(suite, "aio_cancel", test_aio_cancel);
+
+	suite->description = talloc_strdup(suite, "SMB2 delayed aio tests");
+
+	return suite;
+}
diff --git a/source4/torture/smb2/read_write.c b/source4/torture/smb2/read_write.c
new file mode 100644
index 0000000..707a49b
--- /dev/null
+++ b/source4/torture/smb2/read_write.c
@@ -0,0 +1,361 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB read/write torture tester
+   Copyright (C) Andrew Tridgell 1997-2003
+   Copyright (C) Jelmer Vernooij 2006
+   Copyright (C) David Mulder 2019
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+#include "includes.h"
+#include "torture/smbtorture.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "torture/torture.h"
+#include "torture/util.h"
+#include "torture/smb2/proto.h"
+
+#define CHECK_STATUS(_status, _expected) \
+	torture_assert_ntstatus_equal_goto(torture, _status, _expected, \
+		 ret, done, "Incorrect status")
+
+#define CHECK_VALUE(v, correct) \
+	torture_assert_int_equal_goto(torture, v, correct, \
+		 ret, done, "Incorrect value")
+
+#define FNAME "smb2_writetest.dat"
+
+static bool run_smb2_readwritetest(struct torture_context *tctx,
+				   struct smb2_tree *t1, struct smb2_tree *t2)
+{
+	const char *lockfname = "torture2.lck";
+	struct smb2_create f1 = {0};
+	struct smb2_create f2 = {0};
+	struct smb2_handle h1 = {{0}};
+	struct smb2_handle h2 = {{0}};
+	int i;
+	uint8_t buf[131072];
+	bool correct = true;
+	NTSTATUS status;
+	int ret = 0;
+
+	ret = smb2_deltree(t1, lockfname);
+	torture_assert(tctx, ret != -1, "unlink failed");
+
+	f1.in.desired_access = SEC_FILE_ALL;
+	f1.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+			     NTCREATEX_SHARE_ACCESS_WRITE;
+	f1.in.create_disposition = FILE_CREATE;
+	f1.in.fname = lockfname;
+
+	status = smb2_create(t1, tctx, &f1);
+	torture_assert_ntstatus_ok_goto(tctx, status, correct, done,
+		talloc_asprintf(tctx, "first open read/write of %s failed (%s)",
+		lockfname, nt_errstr(status)));
+	h1 = f1.out.file.handle;
+
+	f2.in.desired_access = SEC_FILE_READ_DATA;
+	f2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+			     NTCREATEX_SHARE_ACCESS_WRITE;
+	f2.in.create_disposition = FILE_OPEN;
+	f2.in.fname = lockfname;
+
+	status = smb2_create(t2, tctx, &f2);
+	torture_assert_ntstatus_ok_goto(tctx, status, correct, done,
+		talloc_asprintf(tctx, "second open read-only of %s failed (%s)",
+		lockfname, nt_errstr(status)));
+	h2 = f2.out.file.handle;
+
+	torture_comment(tctx, "Checking data integrity over %d ops\n",
+			torture_numops);
+
+	for (i = 0; i < torture_numops; i++) {
+		struct smb2_write w = {0};
+		struct smb2_read r = {0};
+		size_t buf_size = ((unsigned int)random()%(sizeof(buf)-1))+ 1;
+
+		if (i % 10 == 0) {
+			if (torture_setting_bool(tctx, "progress", true)) {
+				torture_comment(tctx, "%d\r", i); fflush(stdout);
+			}
+		}
+
+		generate_random_buffer(buf, buf_size);
+
+		w.in.file.handle = h1;
+		w.in.offset = 0;
+		w.in.data.data = buf;
+		w.in.data.length = buf_size;
+
+		status = smb2_write(t1, &w);
+		if (!NT_STATUS_IS_OK(status) || w.out.nwritten != buf_size) {
+			torture_comment(tctx, "write failed (%s)\n",
+					nt_errstr(status));
+			torture_result(tctx, TORTURE_FAIL,
+				       "wrote %d, expected %d\n",
+				       (int)w.out.nwritten, (int)buf_size);
+			correct = false;
+			goto done;
+		}
+
+		r.in.file.handle = h2;
+		r.in.offset = 0;
+		r.in.length = buf_size;
+		status = smb2_read(t2, tctx, &r);
+		if (!NT_STATUS_IS_OK(status) || r.out.data.length != buf_size) {
+			torture_comment(tctx, "read failed (%s)\n",
+					nt_errstr(status));
+			torture_result(tctx, TORTURE_FAIL,
+				       "read %d, expected %d\n",
+				       (int)r.out.data.length, (int)buf_size);
+			correct = false;
+			goto done;
+		}
+
+		torture_assert_mem_equal_goto(tctx, r.out.data.data, buf,
+			buf_size, correct, done, "read/write compare failed\n");
+	}
+
+	status = smb2_util_close(t2, h2);
+	torture_assert_ntstatus_ok_goto(tctx, status, correct, done,
+		talloc_asprintf(tctx, "close failed (%s)", nt_errstr(status)));
+	ZERO_STRUCT(h2);
+
+	status = smb2_util_close(t1, h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, correct, done,
+		talloc_asprintf(tctx, "close failed (%s)", nt_errstr(status)));
+	ZERO_STRUCT(h1);
+
+done:
+	if (!smb2_util_handle_empty(h2)) {
+		smb2_util_close(t2, h2);
+	}
+	if (!smb2_util_handle_empty(h1)) {
+		smb2_util_close(t1, h1);
+	}
+
+	status = smb2_util_unlink(t1, lockfname);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "unlink failed (%s)", nt_errstr(status));
+	}
+
+	return correct;
+}
+
+
+static bool run_smb2_wrap_readwritetest(struct torture_context *tctx,
+					struct smb2_tree *tree1,
+					struct smb2_tree *tree2)
+{
+	return run_smb2_readwritetest(tctx, tree1, tree1);
+}
+
+static bool test_rw_invalid(struct torture_context *torture, struct smb2_tree *tree)
+{
+	bool ret = true;
+	NTSTATUS status;
+	struct smb2_handle h;
+	uint8_t buf[64*1024];
+	struct smb2_read rd;
+	struct smb2_write w = {0};
+	union smb_setfileinfo sfinfo;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+
+	ZERO_STRUCT(buf);
+
+	smb2_util_unlink(tree, FNAME);
+
+	status = torture_smb2_testfile(tree, FNAME, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* set delete-on-close */
+	ZERO_STRUCT(sfinfo);
+	sfinfo.generic.level = RAW_SFILEINFO_DISPOSITION_INFORMATION;
+	sfinfo.disposition_info.in.delete_on_close = 1;
+	sfinfo.generic.in.file.handle = h;
+	status = smb2_setinfo_file(tree, &sfinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_util_write(tree, h, buf, 0, ARRAY_SIZE(buf));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(rd);
+	rd.in.file.handle = h;
+	rd.in.length = 10;
+	rd.in.offset = 0;
+	rd.in.min_count = 1;
+
+	status = smb2_read(tree, tmp_ctx, &rd);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(rd.out.data.length, 10);
+
+	rd.in.min_count = 0;
+	rd.in.length = 10;
+	rd.in.offset = sizeof(buf);
+	status = smb2_read(tree, tmp_ctx, &rd);
+	CHECK_STATUS(status, NT_STATUS_END_OF_FILE);
+
+	rd.in.min_count = 0;
+	rd.in.length = 0;
+	rd.in.offset = sizeof(buf);
+	status = smb2_read(tree, tmp_ctx, &rd);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(rd.out.data.length, 0);
+
+	rd.in.min_count = 0;
+	rd.in.length = 1;
+	rd.in.offset = INT64_MAX - 1;
+	status = smb2_read(tree, tmp_ctx, &rd);
+	CHECK_STATUS(status, NT_STATUS_END_OF_FILE);
+
+	rd.in.min_count = 0;
+	rd.in.length = 0;
+	rd.in.offset = INT64_MAX;
+	status = smb2_read(tree, tmp_ctx, &rd);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(rd.out.data.length, 0);
+
+	rd.in.min_count = 0;
+	rd.in.length = 1;
+	rd.in.offset = INT64_MAX;
+	status = smb2_read(tree, tmp_ctx, &rd);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	rd.in.min_count = 0;
+	rd.in.length = 0;
+	rd.in.offset = (uint64_t)INT64_MAX + 1;
+	status = smb2_read(tree, tmp_ctx, &rd);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	rd.in.min_count = 0;
+	rd.in.length = 0;
+	rd.in.offset = (uint64_t)INT64_MIN;
+	status = smb2_read(tree, tmp_ctx, &rd);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	rd.in.min_count = 0;
+	rd.in.length = 0;
+	rd.in.offset = (uint64_t)(int64_t)-1;
+	status = smb2_read(tree, tmp_ctx, &rd);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	rd.in.min_count = 0;
+	rd.in.length = 0;
+	rd.in.offset = (uint64_t)(int64_t)-2;
+	status = smb2_read(tree, tmp_ctx, &rd);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	rd.in.min_count = 0;
+	rd.in.length = 0;
+	rd.in.offset = (uint64_t)(int64_t)-3;
+	status = smb2_read(tree, tmp_ctx, &rd);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	w.in.file.handle = h;
+	w.in.offset = (int64_t)-1;
+	w.in.data.data = buf;
+	w.in.data.length = ARRAY_SIZE(buf);
+
+	status = smb2_write(tree, &w);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	w.in.file.handle = h;
+	w.in.offset = (int64_t)-2;
+	w.in.data.data = buf;
+	w.in.data.length = ARRAY_SIZE(buf);
+
+	status = smb2_write(tree, &w);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	w.in.file.handle = h;
+	w.in.offset = INT64_MIN;
+	w.in.data.data = buf;
+	w.in.data.length = 1;
+
+	status = smb2_write(tree, &w);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	w.in.file.handle = h;
+	w.in.offset = INT64_MIN;
+	w.in.data.data = buf;
+	w.in.data.length = 0;
+	status = smb2_write(tree, &w);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	w.in.file.handle = h;
+	w.in.offset = INT64_MAX;
+	w.in.data.data = buf;
+	w.in.data.length = 0;
+	status = smb2_write(tree, &w);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(w.out.nwritten, 0);
+
+	w.in.file.handle = h;
+	w.in.offset = INT64_MAX;
+	w.in.data.data = buf;
+	w.in.data.length = 1;
+	status = smb2_write(tree, &w);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	w.in.file.handle = h;
+	w.in.offset = (uint64_t)INT64_MAX + 1;
+	w.in.data.data = buf;
+	w.in.data.length = 0;
+	status = smb2_write(tree, &w);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	w.in.file.handle = h;
+	w.in.offset = 0xfffffff0000; /* MAXFILESIZE */
+	w.in.data.data = buf;
+	w.in.data.length = 1;
+	status = smb2_write(tree, &w);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	w.in.file.handle = h;
+	w.in.offset = 0xfffffff0000 - 1; /* MAXFILESIZE - 1 */
+	w.in.data.data = buf;
+	w.in.data.length = 1;
+	status = smb2_write(tree, &w);
+	if (TARGET_IS_SAMBA3(torture) || TARGET_IS_SAMBA4(torture)) {
+		CHECK_STATUS(status, NT_STATUS_OK);
+		CHECK_VALUE(w.out.nwritten, 1);
+	} else {
+		CHECK_STATUS(status, NT_STATUS_DISK_FULL);
+	}
+
+	w.in.file.handle = h;
+	w.in.offset = 0xfffffff0000; /* MAXFILESIZE */
+	w.in.data.data = buf;
+	w.in.data.length = 0;
+	status = smb2_write(tree, &w);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VALUE(w.out.nwritten, 0);
+
+done:
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+struct torture_suite *torture_smb2_readwrite_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "rw");
+
+	torture_suite_add_2smb2_test(suite, "rw1", run_smb2_readwritetest);
+	torture_suite_add_2smb2_test(suite, "rw2", run_smb2_wrap_readwritetest);
+	torture_suite_add_1smb2_test(suite, "invalid", test_rw_invalid);
+
+	suite->description = talloc_strdup(suite, "SMB2 Samba4 Read/Write");
+
+	return suite;
+}
diff --git a/source4/torture/smb2/rename.c b/source4/torture/smb2/rename.c
new file mode 100644
index 0000000..12636c4
--- /dev/null
+++ b/source4/torture/smb2/rename.c
@@ -0,0 +1,1751 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   SMB2 rename test suite
+
+   Copyright (C) Christian Ambach 2012
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include <tevent.h>
+#include "lib/util/tevent_ntstatus.h"
+
+#include "torture/torture.h"
+#include "torture/util.h"
+#include "torture/smb2/proto.h"
+
+#include "librpc/gen_ndr/security.h"
+
+#define CHECK_VAL(v, correct) \
+	do { \
+		if ((v) != (correct)) { \
+			torture_result(torture, \
+				TORTURE_FAIL, \
+				"(%s): wrong value for %s got " \
+				"0x%llx - should be 0x%llx\n", \
+				__location__, #v, \
+				(unsigned long long)v, \
+				(unsigned long long)correct); \
+			ret = false; \
+			goto done; \
+	}} while (0)
+
+#define CHECK_CREATED(__io, __created, __attribute)                     \
+	do {                                                            \
+		CHECK_VAL((__io)->out.create_action, NTCREATEX_ACTION_ ## __created); \
+		CHECK_VAL((__io)->out.size, 0);                         \
+		CHECK_VAL((__io)->out.file_attr, (__attribute));        \
+		CHECK_VAL((__io)->out.reserved2, 0);                    \
+	} while(0)
+
+#define CHECK_STATUS(status, correct) do { \
+	if (!NT_STATUS_EQUAL(status, correct)) { \
+		torture_result(torture, TORTURE_FAIL, \
+		       "(%s) Incorrect status %s - should be %s\n", \
+		       __location__, nt_errstr(status), nt_errstr(correct)); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+#define BASEDIR "test_rename"
+
+/*
+ * basic testing of rename: open file with DELETE access
+ * this should pass
+ */
+
+static bool torture_smb2_rename_simple(struct torture_context *torture,
+		struct smb2_tree *tree1)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_open io;
+	union smb_close cl;
+	union smb_setfileinfo sinfo;
+	union smb_fileinfo fi;
+	struct smb2_handle h1;
+
+	ZERO_STRUCT(h1);
+
+	smb2_deltree(tree1, BASEDIR);
+	smb2_util_rmdir(tree1, BASEDIR);
+
+	torture_comment(torture, "Creating base directory\n");
+
+	smb2_util_mkdir(tree1, BASEDIR);
+
+
+	torture_comment(torture, "Creating test file\n");
+
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_FILE_ALL|SEC_STD_DELETE;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE | NTCREATEX_SHARE_ACCESS_DELETE;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR "\\file.txt";
+
+	status = smb2_create(tree1, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+
+	torture_comment(torture, "Renaming test file\n");
+
+	ZERO_STRUCT(sinfo);
+	sinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sinfo.rename_information.in.file.handle = io.smb2.out.file.handle;
+	sinfo.rename_information.in.overwrite = 0;
+	sinfo.rename_information.in.root_fid = 0;
+	sinfo.rename_information.in.new_name =
+		BASEDIR "\\newname.txt";
+	status = smb2_setinfo_file(tree1, &sinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(torture, "Checking for new filename\n");
+
+	ZERO_STRUCT(fi);
+	fi.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+	fi.generic.in.file.handle = h1;
+	status = smb2_getinfo_file(tree1, torture, &fi);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+
+	torture_comment(torture, "Closing test file\n");
+
+	ZERO_STRUCT(cl.smb2);
+	cl.smb2.level = RAW_CLOSE_SMB2;
+	cl.smb2.in.file.handle = h1;
+	status = smb2_close(tree1, &(cl.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(h1);
+
+done:
+
+	torture_comment(torture, "Cleaning up\n");
+
+	if (h1.data[0] || h1.data[1]) {
+		ZERO_STRUCT(cl.smb2);
+		cl.smb2.level = RAW_CLOSE_SMB2;
+		cl.smb2.in.file.handle = h1;
+		status = smb2_close(tree1, &(cl.smb2));
+	}
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+/*
+ * basic testing of rename, this time do not request DELETE access
+ * for the file, this should fail
+ */
+
+static bool torture_smb2_rename_simple2(struct torture_context *torture,
+		struct smb2_tree *tree1)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_open io;
+	union smb_close cl;
+	union smb_setfileinfo sinfo;
+	struct smb2_handle h1;
+
+	ZERO_STRUCT(h1);
+
+	smb2_deltree(tree1, BASEDIR);
+	smb2_util_rmdir(tree1, BASEDIR);
+
+	torture_comment(torture, "Creating base directory\n");
+
+	smb2_util_mkdir(tree1, BASEDIR);
+
+
+	torture_comment(torture, "Creating test file\n");
+
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_FILE_ALL;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE | NTCREATEX_SHARE_ACCESS_DELETE;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR "\\file.txt";
+
+	status = smb2_create(tree1, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+
+	torture_comment(torture, "Renaming test file\n");
+
+	ZERO_STRUCT(sinfo);
+	sinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sinfo.rename_information.in.file.handle = io.smb2.out.file.handle;
+	sinfo.rename_information.in.overwrite = 0;
+	sinfo.rename_information.in.root_fid = 0;
+	sinfo.rename_information.in.new_name =
+		BASEDIR "\\newname.txt";
+	status = smb2_setinfo_file(tree1, &sinfo);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	torture_comment(torture, "Closing test file\n");
+
+	ZERO_STRUCT(cl.smb2);
+	cl.smb2.level = RAW_CLOSE_SMB2;
+	cl.smb2.in.file.handle = h1;
+	status = smb2_close(tree1, &(cl.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(h1);
+
+done:
+
+	torture_comment(torture, "Cleaning up\n");
+
+	if (h1.data[0] || h1.data[1]) {
+		ZERO_STRUCT(cl.smb2);
+		cl.smb2.level = RAW_CLOSE_SMB2;
+		cl.smb2.in.file.handle = h1;
+		status = smb2_close(tree1, &(cl.smb2));
+	}
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+
+/*
+ * testing of rename with no sharing allowed on file
+ * this should work
+ */
+
+static bool torture_smb2_rename_no_sharemode(struct torture_context *torture,
+		struct smb2_tree *tree1)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_open io;
+	union smb_close cl;
+	union smb_setfileinfo sinfo;
+	union smb_fileinfo fi;
+	struct smb2_handle h1;
+
+	ZERO_STRUCT(h1);
+
+	smb2_deltree(tree1, BASEDIR);
+	smb2_util_rmdir(tree1, BASEDIR);
+
+	torture_comment(torture, "Creating base directory\n");
+
+	smb2_util_mkdir(tree1, BASEDIR);
+
+
+	torture_comment(torture, "Creating test file\n");
+
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = 0x0017019f;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = 0;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR "\\file.txt";
+
+	status = smb2_create(tree1, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+
+	torture_comment(torture, "Renaming test file\n");
+
+	ZERO_STRUCT(sinfo);
+	sinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sinfo.rename_information.in.file.handle = io.smb2.out.file.handle;
+	sinfo.rename_information.in.overwrite = 0;
+	sinfo.rename_information.in.root_fid = 0;
+	sinfo.rename_information.in.new_name =
+		BASEDIR "\\newname.txt";
+	status = smb2_setinfo_file(tree1, &sinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(torture, "Checking for new filename\n");
+
+	ZERO_STRUCT(fi);
+	fi.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+	fi.generic.in.file.handle = h1;
+	status = smb2_getinfo_file(tree1, torture, &fi);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+
+	torture_comment(torture, "Closing test file\n");
+
+	ZERO_STRUCT(cl.smb2);
+	cl.smb2.level = RAW_CLOSE_SMB2;
+	cl.smb2.in.file.handle = h1;
+	status = smb2_close(tree1, &(cl.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(h1);
+
+done:
+
+	torture_comment(torture, "Cleaning up\n");
+
+	if (h1.data[0] || h1.data[1]) {
+		ZERO_STRUCT(cl.smb2);
+		cl.smb2.level = RAW_CLOSE_SMB2;
+		cl.smb2.in.file.handle = h1;
+		status = smb2_close(tree1, &(cl.smb2));
+	}
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+/*
+ * testing of rename when opening parent dir with delete access and delete
+ * sharing allowed
+ * should result in sharing violation
+ */
+
+static bool torture_smb2_rename_with_delete_access(struct torture_context *torture,
+		struct smb2_tree *tree1)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_open io;
+	union smb_close cl;
+	union smb_setfileinfo sinfo;
+	struct smb2_handle fh, dh;
+
+	ZERO_STRUCT(fh);
+	ZERO_STRUCT(dh);
+
+	smb2_deltree(tree1, BASEDIR);
+	smb2_util_rmdir(tree1, BASEDIR);
+
+	torture_comment(torture, "Creating base directory\n");
+
+	smb2_util_mkdir(tree1, BASEDIR);
+
+	torture_comment(torture, "Opening parent directory\n");
+
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_STD_SYNCHRONIZE | SEC_STD_WRITE_DAC |
+		SEC_STD_READ_CONTROL | SEC_STD_DELETE | SEC_FILE_WRITE_ATTRIBUTE |
+		SEC_FILE_READ_ATTRIBUTE | SEC_FILE_EXECUTE | SEC_FILE_WRITE_EA |
+		SEC_FILE_READ_EA | SEC_FILE_APPEND_DATA | SEC_FILE_READ_DATA |
+		SEC_FILE_WRITE_DATA;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE | NTCREATEX_SHARE_ACCESS_DELETE;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR;
+
+	status = smb2_create(tree1, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	dh = io.smb2.out.file.handle;
+
+
+	torture_comment(torture, "Creating test file\n");
+
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_STD_SYNCHRONIZE | SEC_STD_WRITE_DAC |
+		SEC_STD_READ_CONTROL | SEC_STD_DELETE | SEC_FILE_WRITE_ATTRIBUTE |
+		SEC_FILE_READ_ATTRIBUTE | SEC_FILE_WRITE_EA | SEC_FILE_READ_EA |
+		SEC_FILE_APPEND_DATA | SEC_FILE_READ_DATA | SEC_FILE_WRITE_DATA;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = 0;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR "\\file.txt";
+
+	status = smb2_create(tree1, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fh = io.smb2.out.file.handle;
+
+	torture_comment(torture, "Renaming test file\n");
+
+	ZERO_STRUCT(sinfo);
+	sinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sinfo.rename_information.in.file.handle = fh;
+	sinfo.rename_information.in.overwrite = 0;
+	sinfo.rename_information.in.root_fid = 0;
+	sinfo.rename_information.in.new_name =
+		BASEDIR "\\newname.txt";
+	status = smb2_setinfo_file(tree1, &sinfo);
+	CHECK_STATUS(status, NT_STATUS_SHARING_VIOLATION);
+
+	torture_comment(torture, "Closing test file\n");
+
+	ZERO_STRUCT(cl.smb2);
+	cl.smb2.level = RAW_CLOSE_SMB2;
+	cl.smb2.in.file.handle = fh;
+	status = smb2_close(tree1, &(cl.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(fh);
+
+	torture_comment(torture, "Closing directory\n");
+
+	ZERO_STRUCT(cl.smb2);
+	cl.smb2.level = RAW_CLOSE_SMB2;
+	cl.smb2.in.file.handle = dh;
+	status = smb2_close(tree1, &(cl.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(dh);
+
+
+done:
+
+	torture_comment(torture, "Cleaning up\n");
+
+	if (fh.data[0] || fh.data[1]) {
+		ZERO_STRUCT(cl.smb2);
+		cl.smb2.level = RAW_CLOSE_SMB2;
+		cl.smb2.in.file.handle = fh;
+		status = smb2_close(tree1, &(cl.smb2));
+	}
+	if (dh.data[0] || dh.data[1]) {
+		ZERO_STRUCT(cl.smb2);
+		cl.smb2.level = RAW_CLOSE_SMB2;
+		cl.smb2.in.file.handle = dh;
+		status = smb2_close(tree1, &(cl.smb2));
+	}
+
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+
+/*
+ * testing of rename with delete access on parent dir
+ * this is a variation of the test above: parent dir is opened
+ * without share_delete, so rename must fail
+ */
+
+static bool torture_smb2_rename_with_delete_access2(struct torture_context *torture,
+		struct smb2_tree *tree1)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_open io;
+	union smb_close cl;
+	union smb_setfileinfo sinfo;
+	struct smb2_handle fh, dh;
+
+	ZERO_STRUCT(fh);
+	ZERO_STRUCT(dh);
+
+	smb2_deltree(tree1, BASEDIR);
+	smb2_util_rmdir(tree1, BASEDIR);
+
+	torture_comment(torture, "Creating base directory\n");
+
+	smb2_util_mkdir(tree1, BASEDIR);
+
+	torture_comment(torture, "Opening parent directory\n");
+
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_STD_SYNCHRONIZE | SEC_STD_WRITE_DAC |
+		SEC_STD_READ_CONTROL | SEC_STD_DELETE | SEC_FILE_WRITE_ATTRIBUTE |
+		SEC_FILE_READ_ATTRIBUTE | SEC_FILE_EXECUTE | SEC_FILE_WRITE_EA |
+		SEC_FILE_READ_EA | SEC_FILE_APPEND_DATA | SEC_FILE_READ_DATA |
+		SEC_FILE_WRITE_DATA;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
+	io.smb2.in.share_access = 0;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR;
+
+	status = smb2_create(tree1, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	dh = io.smb2.out.file.handle;
+
+
+	torture_comment(torture, "Creating test file\n");
+
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_STD_SYNCHRONIZE | SEC_STD_WRITE_DAC |
+		SEC_STD_READ_CONTROL | SEC_STD_DELETE | SEC_FILE_WRITE_ATTRIBUTE |
+		SEC_FILE_READ_ATTRIBUTE | SEC_FILE_WRITE_EA | SEC_FILE_READ_EA |
+		SEC_FILE_APPEND_DATA | SEC_FILE_READ_DATA | SEC_FILE_WRITE_DATA;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = 0;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR "\\file.txt";
+
+	status = smb2_create(tree1, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fh = io.smb2.out.file.handle;
+
+	torture_comment(torture, "Renaming test file\n");
+
+	ZERO_STRUCT(sinfo);
+	sinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sinfo.rename_information.in.file.handle = fh;
+	sinfo.rename_information.in.overwrite = 0;
+	sinfo.rename_information.in.root_fid = 0;
+	sinfo.rename_information.in.new_name =
+		BASEDIR "\\newname.txt";
+	status = smb2_setinfo_file(tree1, &sinfo);
+	CHECK_STATUS(status, NT_STATUS_SHARING_VIOLATION);
+
+	torture_comment(torture, "Closing test file\n");
+
+	ZERO_STRUCT(cl.smb2);
+	cl.smb2.level = RAW_CLOSE_SMB2;
+	cl.smb2.in.file.handle = fh;
+	status = smb2_close(tree1, &(cl.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(fh);
+
+	torture_comment(torture, "Closing directory\n");
+
+	ZERO_STRUCT(cl.smb2);
+	cl.smb2.level = RAW_CLOSE_SMB2;
+	cl.smb2.in.file.handle = dh;
+	status = smb2_close(tree1, &(cl.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(dh);
+
+
+done:
+
+	torture_comment(torture, "Cleaning up\n");
+
+	if (fh.data[0] || fh.data[1]) {
+		ZERO_STRUCT(cl.smb2);
+		cl.smb2.level = RAW_CLOSE_SMB2;
+		cl.smb2.in.file.handle = fh;
+		status = smb2_close(tree1, &(cl.smb2));
+	}
+	if (dh.data[0] || dh.data[1]) {
+		ZERO_STRUCT(cl.smb2);
+		cl.smb2.level = RAW_CLOSE_SMB2;
+		cl.smb2.in.file.handle = dh;
+		status = smb2_close(tree1, &(cl.smb2));
+	}
+
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+/*
+ * testing of rename when opening parent dir with no delete access and delete
+ * sharing allowed
+ * this should pass
+ */
+
+static bool torture_smb2_rename_no_delete_access(struct torture_context *torture,
+		struct smb2_tree *tree1)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_open io;
+	union smb_close cl;
+	union smb_setfileinfo sinfo;
+	union smb_fileinfo fi;
+	struct smb2_handle fh, dh;
+
+	ZERO_STRUCT(fh);
+	ZERO_STRUCT(dh);
+
+	smb2_deltree(tree1, BASEDIR);
+	smb2_util_rmdir(tree1, BASEDIR);
+
+	torture_comment(torture, "Creating base directory\n");
+
+	smb2_util_mkdir(tree1, BASEDIR);
+
+	torture_comment(torture, "Opening parent directory\n");
+
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_STD_SYNCHRONIZE | SEC_STD_WRITE_DAC |
+		SEC_STD_READ_CONTROL | SEC_FILE_WRITE_ATTRIBUTE |
+		SEC_FILE_READ_ATTRIBUTE | SEC_FILE_EXECUTE | SEC_FILE_WRITE_EA |
+		SEC_FILE_READ_EA | SEC_FILE_APPEND_DATA | SEC_FILE_READ_DATA |
+		SEC_FILE_WRITE_DATA;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE | NTCREATEX_SHARE_ACCESS_DELETE;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR;
+
+	status = smb2_create(tree1, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	dh = io.smb2.out.file.handle;
+
+
+	torture_comment(torture, "Creating test file\n");
+
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_STD_SYNCHRONIZE | SEC_STD_WRITE_DAC |
+		SEC_STD_READ_CONTROL | SEC_STD_DELETE | SEC_FILE_WRITE_ATTRIBUTE |
+		SEC_FILE_READ_ATTRIBUTE | SEC_FILE_WRITE_EA | SEC_FILE_READ_EA |
+		SEC_FILE_APPEND_DATA | SEC_FILE_READ_DATA | SEC_FILE_WRITE_DATA;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = 0;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR "\\file.txt";
+
+	status = smb2_create(tree1, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fh = io.smb2.out.file.handle;
+
+	torture_comment(torture, "Renaming test file\n");
+
+	ZERO_STRUCT(sinfo);
+	sinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sinfo.rename_information.in.file.handle = fh;
+	sinfo.rename_information.in.overwrite = 0;
+	sinfo.rename_information.in.root_fid = 0;
+	sinfo.rename_information.in.new_name =
+		BASEDIR "\\newname.txt";
+	status = smb2_setinfo_file(tree1, &sinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(torture, "Checking for new filename\n");
+
+	ZERO_STRUCT(fi);
+	fi.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+	fi.generic.in.file.handle = fh;
+	status = smb2_getinfo_file(tree1, torture, &fi);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+
+	torture_comment(torture, "Closing test file\n");
+
+	ZERO_STRUCT(cl.smb2);
+	cl.smb2.level = RAW_CLOSE_SMB2;
+	cl.smb2.in.file.handle = fh;
+	status = smb2_close(tree1, &(cl.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(fh);
+
+	torture_comment(torture, "Closing directory\n");
+
+	ZERO_STRUCT(cl.smb2);
+	cl.smb2.level = RAW_CLOSE_SMB2;
+	cl.smb2.in.file.handle = dh;
+	status = smb2_close(tree1, &(cl.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(dh);
+
+
+done:
+
+	torture_comment(torture, "Cleaning up\n");
+
+	if (fh.data[0] || fh.data[1]) {
+		ZERO_STRUCT(cl.smb2);
+		cl.smb2.level = RAW_CLOSE_SMB2;
+		cl.smb2.in.file.handle = fh;
+		status = smb2_close(tree1, &(cl.smb2));
+	}
+	if (dh.data[0] || dh.data[1]) {
+		ZERO_STRUCT(cl.smb2);
+		cl.smb2.level = RAW_CLOSE_SMB2;
+		cl.smb2.in.file.handle = dh;
+		status = smb2_close(tree1, &(cl.smb2));
+	}
+
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+
+/*
+ * testing of rename with no delete access on parent dir
+ * this is the negative case of the test above: parent dir is opened
+ * without share_delete, so rename must fail
+ */
+
+static bool torture_smb2_rename_no_delete_access2(struct torture_context *torture,
+		struct smb2_tree *tree1)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_open io;
+	union smb_close cl;
+	union smb_setfileinfo sinfo;
+	struct smb2_handle fh, dh;
+
+	ZERO_STRUCT(fh);
+	ZERO_STRUCT(dh);
+
+	smb2_deltree(tree1, BASEDIR);
+	smb2_util_rmdir(tree1, BASEDIR);
+
+	torture_comment(torture, "Creating base directory\n");
+
+	smb2_util_mkdir(tree1, BASEDIR);
+
+	torture_comment(torture, "Opening parent directory\n");
+
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_STD_SYNCHRONIZE | SEC_STD_WRITE_DAC |
+		SEC_STD_READ_CONTROL | SEC_FILE_WRITE_ATTRIBUTE |
+		SEC_FILE_READ_ATTRIBUTE | SEC_FILE_EXECUTE | SEC_FILE_WRITE_EA |
+		SEC_FILE_READ_EA | SEC_FILE_APPEND_DATA | SEC_FILE_READ_DATA |
+		SEC_FILE_WRITE_DATA;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
+	io.smb2.in.share_access = 0;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR;
+
+	status = smb2_create(tree1, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	dh = io.smb2.out.file.handle;
+
+
+	torture_comment(torture, "Creating test file\n");
+
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_STD_SYNCHRONIZE | SEC_STD_WRITE_DAC |
+		SEC_STD_READ_CONTROL | SEC_STD_DELETE | SEC_FILE_WRITE_ATTRIBUTE |
+		SEC_FILE_READ_ATTRIBUTE | SEC_FILE_WRITE_EA | SEC_FILE_READ_EA |
+		SEC_FILE_APPEND_DATA | SEC_FILE_READ_DATA | SEC_FILE_WRITE_DATA;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = 0;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR "\\file.txt";
+
+	status = smb2_create(tree1, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fh = io.smb2.out.file.handle;
+
+	torture_comment(torture, "Renaming test file\n");
+
+	ZERO_STRUCT(sinfo);
+	sinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sinfo.rename_information.in.file.handle = fh;
+	sinfo.rename_information.in.overwrite = 0;
+	sinfo.rename_information.in.root_fid = 0;
+	sinfo.rename_information.in.new_name =
+		BASEDIR "\\newname.txt";
+	status = smb2_setinfo_file(tree1, &sinfo);
+	CHECK_STATUS(status, NT_STATUS_SHARING_VIOLATION);
+
+	torture_comment(torture, "Closing test file\n");
+
+	ZERO_STRUCT(cl.smb2);
+	cl.smb2.level = RAW_CLOSE_SMB2;
+	cl.smb2.in.file.handle = fh;
+	status = smb2_close(tree1, &(cl.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(fh);
+
+	torture_comment(torture, "Closing directory\n");
+
+	ZERO_STRUCT(cl.smb2);
+	cl.smb2.level = RAW_CLOSE_SMB2;
+	cl.smb2.in.file.handle = dh;
+	status = smb2_close(tree1, &(cl.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(dh);
+
+
+done:
+
+	torture_comment(torture, "Cleaning up\n");
+
+	if (fh.data[0] || fh.data[1]) {
+		ZERO_STRUCT(cl.smb2);
+		cl.smb2.level = RAW_CLOSE_SMB2;
+		cl.smb2.in.file.handle = fh;
+		status = smb2_close(tree1, &(cl.smb2));
+	}
+	if (dh.data[0] || dh.data[1]) {
+		ZERO_STRUCT(cl.smb2);
+		cl.smb2.level = RAW_CLOSE_SMB2;
+		cl.smb2.in.file.handle = dh;
+		status = smb2_close(tree1, &(cl.smb2));
+	}
+
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+/*
+ * this is a replay of how Word 2010 saves a file
+ * this should pass
+ */
+
+static bool torture_smb2_rename_msword(struct torture_context *torture,
+		struct smb2_tree *tree1)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_open io;
+	union smb_close cl;
+	union smb_setfileinfo sinfo;
+	union smb_fileinfo fi;
+	struct smb2_handle fh, dh;
+
+	ZERO_STRUCT(fh);
+	ZERO_STRUCT(dh);
+
+	smb2_deltree(tree1, BASEDIR);
+	smb2_util_rmdir(tree1, BASEDIR);
+
+	torture_comment(torture, "Creating base directory\n");
+
+	smb2_util_mkdir(tree1, BASEDIR);
+
+	torture_comment(torture, "Creating test file\n");
+
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = 0x0017019f;
+	io.smb2.in.create_options = 0x60;
+	io.smb2.in.file_attributes = 0;
+	io.smb2.in.share_access = 0;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR "\\file.txt";
+
+	status = smb2_create(tree1, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fh = io.smb2.out.file.handle;
+
+	torture_comment(torture, "Opening parent directory\n");
+
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = 0x00100080;
+	io.smb2.in.create_options = 0x00800021;
+	io.smb2.in.file_attributes = 0;
+	io.smb2.in.share_access = 0;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR;
+
+	status = smb2_create(tree1, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	dh = io.smb2.out.file.handle;
+
+	torture_comment(torture, "Renaming test file\n");
+
+	ZERO_STRUCT(sinfo);
+	sinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sinfo.rename_information.in.file.handle = fh;
+	sinfo.rename_information.in.overwrite = 0;
+	sinfo.rename_information.in.root_fid = 0;
+	sinfo.rename_information.in.new_name =
+		BASEDIR "\\newname.txt";
+	status = smb2_setinfo_file(tree1, &sinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(torture, "Checking for new filename\n");
+
+	ZERO_STRUCT(fi);
+	fi.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+	fi.generic.in.file.handle = fh;
+	status = smb2_getinfo_file(tree1, torture, &fi);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+
+	torture_comment(torture, "Closing test file\n");
+
+	ZERO_STRUCT(cl.smb2);
+	cl.smb2.level = RAW_CLOSE_SMB2;
+	cl.smb2.in.file.handle = fh;
+	status = smb2_close(tree1, &(cl.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(fh);
+
+	torture_comment(torture, "Closing directory\n");
+
+	ZERO_STRUCT(cl.smb2);
+	cl.smb2.level = RAW_CLOSE_SMB2;
+	cl.smb2.in.file.handle = dh;
+	status = smb2_close(tree1, &(cl.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(dh);
+
+
+done:
+
+	torture_comment(torture, "Cleaning up\n");
+
+	if (fh.data[0] || fh.data[1]) {
+		ZERO_STRUCT(cl.smb2);
+		cl.smb2.level = RAW_CLOSE_SMB2;
+		cl.smb2.in.file.handle = fh;
+		status = smb2_close(tree1, &(cl.smb2));
+	}
+	if (dh.data[0] || dh.data[1]) {
+		ZERO_STRUCT(cl.smb2);
+		cl.smb2.level = RAW_CLOSE_SMB2;
+		cl.smb2.in.file.handle = dh;
+		status = smb2_close(tree1, &(cl.smb2));
+	}
+
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+static bool torture_smb2_rename_dir_openfile(struct torture_context *torture,
+					     struct smb2_tree *tree1)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_open io;
+	union smb_close cl;
+	union smb_setfileinfo sinfo;
+	struct smb2_handle d1, h1;
+
+	ZERO_STRUCT(d1);
+	ZERO_STRUCT(h1);
+
+	smb2_deltree(tree1, BASEDIR);
+	smb2_util_rmdir(tree1, BASEDIR);
+
+	torture_comment(torture, "Creating base directory\n");
+
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = 0x0017019f;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
+	io.smb2.in.share_access = 0;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR;
+
+	status = smb2_create(tree1, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	d1 = io.smb2.out.file.handle;
+
+	torture_comment(torture, "Creating test file\n");
+
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = 0x0017019f;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = 0;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR "\\file.txt";
+
+	status = smb2_create(tree1, torture, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+
+	torture_comment(torture, "Renaming directory\n");
+
+	ZERO_STRUCT(sinfo);
+	sinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sinfo.rename_information.in.file.handle = d1;
+	sinfo.rename_information.in.overwrite = 0;
+	sinfo.rename_information.in.root_fid = 0;
+	sinfo.rename_information.in.new_name =
+		BASEDIR "-new";
+	status = smb2_setinfo_file(tree1, &sinfo);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	torture_comment(torture, "Closing directory\n");
+
+	ZERO_STRUCT(cl.smb2);
+	cl.smb2.level = RAW_CLOSE_SMB2;
+	cl.smb2.in.file.handle = d1;
+	status = smb2_close(tree1, &(cl.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	ZERO_STRUCT(d1);
+
+	torture_comment(torture, "Closing test file\n");
+
+	cl.smb2.in.file.handle = h1;
+	status = smb2_close(tree1, &(cl.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	ZERO_STRUCT(h1);
+
+done:
+
+	torture_comment(torture, "Cleaning up\n");
+
+	if (h1.data[0] || h1.data[1]) {
+		ZERO_STRUCT(cl.smb2);
+		cl.smb2.level = RAW_CLOSE_SMB2;
+		cl.smb2.in.file.handle = h1;
+		status = smb2_close(tree1, &(cl.smb2));
+	}
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+struct rename_one_dir_cycle_state {
+	struct tevent_context *ev;
+	struct smb2_tree *tree;
+	struct smb2_handle file;
+	const char *base_name;
+	char *new_name;
+	unsigned *rename_counter;
+
+	unsigned current;
+	unsigned max;
+	union smb_setfileinfo sinfo;
+};
+
+static void rename_one_dir_cycle_done(struct smb2_request *subreq);
+
+static struct tevent_req *rename_one_dir_cycle_send(TALLOC_CTX *mem_ctx,
+						    struct tevent_context *ev,
+						    struct smb2_tree *tree,
+						    struct smb2_handle file,
+						    unsigned max_renames,
+						    const char *base_name,
+						    unsigned *rename_counter)
+{
+	struct tevent_req *req;
+	struct rename_one_dir_cycle_state *state;
+	struct smb2_request *subreq;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct rename_one_dir_cycle_state);
+	if (req == NULL) {
+		return NULL;
+	}
+	state->ev = ev;
+	state->tree = tree;
+	state->file = file;
+	state->base_name = base_name;
+	state->rename_counter = rename_counter;
+	state->current = 0;
+	state->max = max_renames;
+
+	ZERO_STRUCT(state->sinfo);
+	state->sinfo.rename_information.level =
+		RAW_SFILEINFO_RENAME_INFORMATION;
+	state->sinfo.rename_information.in.file.handle = state->file;
+	state->sinfo.rename_information.in.overwrite = 0;
+	state->sinfo.rename_information.in.root_fid = 0;
+
+	state->new_name = talloc_asprintf(
+		state, "%s-%u", state->base_name, state->current);
+	if (tevent_req_nomem(state->new_name, req)) {
+		return tevent_req_post(req, ev);
+	}
+	state->sinfo.rename_information.in.new_name = state->new_name;
+
+	subreq = smb2_setinfo_file_send(state->tree, &state->sinfo);
+	if (tevent_req_nomem(subreq, req)) {
+		return tevent_req_post(req, ev);
+	}
+	subreq->async.fn = rename_one_dir_cycle_done;
+	subreq->async.private_data = req;
+	return req;
+}
+
+static void rename_one_dir_cycle_done(struct smb2_request *subreq)
+{
+	struct tevent_req *req = talloc_get_type_abort(
+		subreq->async.private_data, struct tevent_req);
+	struct rename_one_dir_cycle_state *state = tevent_req_data(
+		req, struct rename_one_dir_cycle_state);
+	NTSTATUS status;
+
+	status = smb2_setinfo_recv(subreq);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+	TALLOC_FREE(state->new_name);
+
+	*state->rename_counter += 1;
+
+	state->current += 1;
+	if (state->current >= state->max) {
+		tevent_req_done(req);
+		return;
+	}
+
+	ZERO_STRUCT(state->sinfo);
+	state->sinfo.rename_information.level =
+		RAW_SFILEINFO_RENAME_INFORMATION;
+	state->sinfo.rename_information.in.file.handle = state->file;
+	state->sinfo.rename_information.in.overwrite = 0;
+	state->sinfo.rename_information.in.root_fid = 0;
+
+	state->new_name = talloc_asprintf(
+		state, "%s-%u", state->base_name, state->current);
+	if (tevent_req_nomem(state->new_name, req)) {
+		return;
+	}
+	state->sinfo.rename_information.in.new_name = state->new_name;
+
+	subreq = smb2_setinfo_file_send(state->tree, &state->sinfo);
+	if (tevent_req_nomem(subreq, req)) {
+		return;
+	}
+	subreq->async.fn = rename_one_dir_cycle_done;
+	subreq->async.private_data = req;
+}
+
+static NTSTATUS rename_one_dir_cycle_recv(struct tevent_req *req)
+{
+	return tevent_req_simple_recv_ntstatus(req);
+}
+
+struct rename_dir_bench_state {
+	struct tevent_context *ev;
+	struct smb2_tree *tree;
+	const char *base_name;
+	unsigned max_renames;
+	unsigned *rename_counter;
+
+	struct smb2_create io;
+	union smb_setfileinfo sinfo;
+	struct smb2_close cl;
+
+	struct smb2_handle file;
+};
+
+static void rename_dir_bench_opened(struct smb2_request *subreq);
+static void rename_dir_bench_renamed(struct tevent_req *subreq);
+static void rename_dir_bench_set_doc(struct smb2_request *subreq);
+static void rename_dir_bench_closed(struct smb2_request *subreq);
+
+static struct tevent_req *rename_dir_bench_send(TALLOC_CTX *mem_ctx,
+						struct tevent_context *ev,
+						struct smb2_tree *tree,
+						const char *base_name,
+						unsigned max_renames,
+						unsigned *rename_counter)
+{
+	struct tevent_req *req;
+	struct rename_dir_bench_state *state;
+	struct smb2_request *subreq;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct rename_dir_bench_state);
+	if (req == NULL) {
+		return NULL;
+	}
+	state->ev = ev;
+	state->tree = tree;
+	state->base_name = base_name;
+	state->max_renames = max_renames;
+	state->rename_counter = rename_counter;
+
+	ZERO_STRUCT(state->io);
+	state->io.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED;
+	state->io.in.share_access =
+		NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	state->io.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	state->io.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
+	state->io.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	state->io.in.fname = state->base_name;
+
+	subreq = smb2_create_send(state->tree, &state->io);
+	if (tevent_req_nomem(subreq, req)) {
+		return tevent_req_post(req, ev);
+	}
+	subreq->async.fn = rename_dir_bench_opened;
+	subreq->async.private_data = req;
+	return req;
+}
+
+static void rename_dir_bench_opened(struct smb2_request *subreq)
+{
+	struct tevent_req *req = talloc_get_type_abort(
+		subreq->async.private_data, struct tevent_req);
+	struct rename_dir_bench_state *state = tevent_req_data(
+		req, struct rename_dir_bench_state);
+	struct smb2_create *io;
+	struct tevent_req *subreq2;
+	NTSTATUS status;
+
+	io = talloc(state, struct smb2_create);
+	if (tevent_req_nomem(io, req)) {
+		return;
+	}
+
+	status = smb2_create_recv(subreq, io, io);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+	state->file = io->out.file.handle;
+	TALLOC_FREE(io);
+
+	subreq2 = rename_one_dir_cycle_send(
+		state, state->ev, state->tree, state->file,
+		state->max_renames, state->base_name,
+		state->rename_counter);
+	if (tevent_req_nomem(subreq2, req)) {
+		return;
+	}
+	tevent_req_set_callback(subreq2, rename_dir_bench_renamed, req);
+}
+
+static void rename_dir_bench_renamed(struct tevent_req *subreq)
+{
+	struct tevent_req *req = tevent_req_callback_data(
+		subreq, struct tevent_req);
+	struct rename_dir_bench_state *state = tevent_req_data(
+		req, struct rename_dir_bench_state);
+	struct smb2_request *subreq2;
+	NTSTATUS status;
+
+	status = rename_one_dir_cycle_recv(subreq);
+	TALLOC_FREE(subreq);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	ZERO_STRUCT(state->sinfo);
+	state->sinfo.disposition_info.level =
+		RAW_SFILEINFO_DISPOSITION_INFORMATION;
+	state->sinfo.disposition_info.in.file.handle = state->file;
+	state->sinfo.disposition_info.in.delete_on_close = true;
+
+	subreq2 = smb2_setinfo_file_send(state->tree, &state->sinfo);
+	if (tevent_req_nomem(subreq2, req)) {
+		return;
+	}
+	subreq2->async.fn = rename_dir_bench_set_doc;
+	subreq2->async.private_data = req;
+}
+
+static void rename_dir_bench_set_doc(struct smb2_request *subreq)
+{
+	struct tevent_req *req = talloc_get_type_abort(
+		subreq->async.private_data, struct tevent_req);
+	struct rename_dir_bench_state *state = tevent_req_data(
+		req, struct rename_dir_bench_state);
+	NTSTATUS status;
+
+	status = smb2_setinfo_recv(subreq);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	ZERO_STRUCT(state->cl);
+	state->cl.in.file.handle = state->file;
+
+	subreq = smb2_close_send(state->tree, &state->cl);
+	if (tevent_req_nomem(subreq, req)) {
+		return;
+	}
+	subreq->async.fn = rename_dir_bench_closed;
+	subreq->async.private_data = req;
+}
+
+static void rename_dir_bench_closed(struct smb2_request *subreq)
+{
+	struct tevent_req *req = talloc_get_type_abort(
+		subreq->async.private_data, struct tevent_req);
+	struct smb2_close cl;
+	NTSTATUS status;
+
+	status = smb2_close_recv(subreq, &cl);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+	tevent_req_done(req);
+}
+
+static NTSTATUS rename_dir_bench_recv(struct tevent_req *req)
+{
+	return tevent_req_simple_recv_ntstatus(req);
+}
+
+struct rename_dirs_bench_state {
+	unsigned num_reqs;
+	unsigned num_done;
+};
+
+static void rename_dirs_bench_done(struct tevent_req *subreq);
+
+static struct tevent_req *rename_dirs_bench_send(TALLOC_CTX *mem_ctx,
+						 struct tevent_context *ev,
+						 struct smb2_tree *tree,
+						 const char *base_name,
+						 unsigned num_parallel,
+						 unsigned max_renames,
+						 unsigned *rename_counter)
+{
+	struct tevent_req *req;
+	struct rename_dirs_bench_state *state;
+	unsigned i;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct rename_dirs_bench_state);
+	if (req == NULL) {
+		return NULL;
+	}
+	state->num_reqs = num_parallel;
+	state->num_done = 0;
+
+	for (i=0; i<num_parallel; i++) {
+		struct tevent_req *subreq;
+		char *sub_base;
+
+		sub_base = talloc_asprintf(state, "%s-%u", base_name, i);
+		if (tevent_req_nomem(sub_base, req)) {
+			return tevent_req_post(req, ev);
+		}
+
+		subreq = rename_dir_bench_send(state, ev, tree, sub_base,
+					       max_renames, rename_counter);
+		if (tevent_req_nomem(subreq, req)) {
+			return tevent_req_post(req, ev);
+		}
+		tevent_req_set_callback(subreq, rename_dirs_bench_done, req);
+	}
+	return req;
+}
+
+static void rename_dirs_bench_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req = tevent_req_callback_data(
+		subreq, struct tevent_req);
+	struct rename_dirs_bench_state *state = tevent_req_data(
+		req, struct rename_dirs_bench_state);
+	NTSTATUS status;
+
+	status = rename_dir_bench_recv(subreq);
+	TALLOC_FREE(subreq);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	state->num_done += 1;
+	if (state->num_done >= state->num_reqs) {
+		tevent_req_done(req);
+	}
+}
+
+static NTSTATUS rename_dirs_bench_recv(struct tevent_req *req)
+{
+	return tevent_req_simple_recv_ntstatus(req);
+}
+
+static bool torture_smb2_rename_dir_bench(struct torture_context *tctx,
+					  struct smb2_tree *tree)
+{
+	struct tevent_req *req;
+	NTSTATUS status;
+	unsigned counter = 0;
+	bool ret;
+
+	req = rename_dirs_bench_send(tctx, tctx->ev, tree, "dir", 3, 10,
+				     &counter);
+	torture_assert(tctx, req != NULL, "rename_dirs_bench_send failed");
+
+	ret = tevent_req_poll(req, tctx->ev);
+	torture_assert(tctx, ret, "tevent_req_poll failed");
+
+	status = rename_dirs_bench_recv(req);
+	torture_comment(tctx, "rename_dirs_bench returned %s\n",
+			nt_errstr(status));
+	TALLOC_FREE(req);
+	torture_assert_ntstatus_ok(tctx, status, "bench failed");
+	return true;
+}
+
+/*
+ * This test basically verifies that modify and change timestamps are preserved
+ * after file rename with outstanding open file handles.
+ */
+
+static bool torture_smb2_rename_simple_modtime(
+			struct torture_context *torture,
+			struct smb2_tree *tree1)
+{
+	struct smb2_create c1, c2;
+	union smb_fileinfo gi;
+	union smb_setfileinfo si;
+	struct smb2_handle h1 = {{0}};
+	struct smb2_handle h2 = {{0}};
+	NTSTATUS status;
+	bool ret = true;
+
+	smb2_deltree(tree1, BASEDIR);
+	smb2_util_mkdir(tree1, BASEDIR);
+
+	torture_comment(torture, "Creating test file: file1.txt\n");
+
+	c1 = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_ALL|SEC_STD_DELETE,
+		.in.create_options = NTCREATEX_OPTIONS_NON_DIRECTORY_FILE,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.create_disposition = NTCREATEX_DISP_CREATE,
+		.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS,
+		.in.fname = BASEDIR "\\file1.txt",
+	};
+
+	status = smb2_create(tree1, torture, &c1);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb2_create failed\n");
+	h1 = c1.out.file.handle;
+
+	torture_comment(torture, "Waitig for 5 secs..\n");
+	sleep(5);
+
+	torture_comment(torture, "Creating test file: file2.txt\n");
+
+	c2 = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_ALL|SEC_STD_DELETE,
+		.in.create_options = NTCREATEX_OPTIONS_NON_DIRECTORY_FILE,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.create_disposition = NTCREATEX_DISP_CREATE,
+		.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS,
+		.in.fname = BASEDIR "\\file2.txt",
+	};
+
+	status = smb2_create(tree1, torture, &c2);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb2_create failed\n");
+	h2 = c2.out.file.handle;
+
+	torture_comment(torture, "Renaming file1.txt --> tmp1.txt\n");
+
+	si = (union smb_setfileinfo) {
+		.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION,
+		.rename_information.in.file.handle = h1,
+		.rename_information.in.new_name =
+			BASEDIR "\\tmp1.txt",
+	};
+
+	status = smb2_setinfo_file(tree1, &si);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb2_setinfo_file failed\n");
+
+	torture_comment(torture, "GetInfo of tmp1.txt\n");
+
+	gi = (union smb_fileinfo) {
+		.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION,
+		.generic.in.file.handle = h1,
+	};
+
+	status = smb2_getinfo_file(tree1, torture, &gi);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb2_getinfo_file failed\n");
+
+	torture_comment(torture, "Check if timestamps are good after rename(file1.txt --> tmp1.txt).\n");
+
+	torture_assert_nttime_equal(
+		torture, c1.out.write_time, gi.all_info.out.write_time,
+		"Bad timestamp\n");
+	torture_assert_nttime_equal(
+		torture, c1.out.change_time, gi.all_info.out.change_time,
+		"Bad timestamp\n");
+
+	torture_comment(torture, "Renaming file2.txt --> file1.txt\n");
+
+	si = (union smb_setfileinfo) {
+		.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION,
+		.rename_information.in.file.handle = h2,
+		.rename_information.in.new_name =
+			BASEDIR "\\file1.txt",
+	};
+	status = smb2_setinfo_file(tree1, &si);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb2_setinfo_file failed\n");
+
+	torture_comment(torture, "GetInfo of file1.txt\n");
+
+	gi = (union smb_fileinfo) {
+		.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION,
+		.generic.in.file.handle = h2,
+	};
+
+	status = smb2_getinfo_file(tree1, torture, &gi);
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb2_getinfo_file failed\n");
+
+	torture_comment(torture, "Check if timestamps are good after rename(file2.txt --> file1.txt).\n");
+
+	torture_assert_nttime_equal(
+		torture, c2.out.write_time, gi.all_info.out.write_time,
+		"Bad timestamp\n");
+	torture_assert_nttime_equal(
+		torture, c2.out.change_time, gi.all_info.out.change_time,
+		"Bad timestamp\n");
+
+done:
+	if (!smb2_util_handle_empty(h1)) {
+		smb2_util_close(tree1, h1);
+	}
+	if (!smb2_util_handle_empty(h2)) {
+		smb2_util_close(tree1, h2);
+	}
+	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+static bool test_smb2_close_full_information(struct torture_context *torture,
+					struct smb2_tree *tree1,
+					struct smb2_tree *tree2)
+{
+	union smb_close cl;
+	struct smb2_create io = {0};
+	struct smb2_handle h1 = {{0}};
+	struct smb2_handle h2 = {{0}};
+	struct smb2_handle h3 = {{0}};
+	union smb_setfileinfo sinfo;
+	NTSTATUS status;
+	const char *fname_src = "request.dat";
+	const char *fname_dst = "renamed.dat";
+	bool ret = true;
+
+	/* Start with a tidy share. */
+	smb2_util_unlink(tree1, fname_src);
+	smb2_util_unlink(tree1, fname_dst);
+
+	/* Create the test file, and leave it open. */
+	io.in.fname = fname_src;
+	io.in.desired_access = SEC_FILE_READ_DATA | SEC_FILE_READ_ATTRIBUTE;
+	io.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE |
+				NTCREATEX_SHARE_ACCESS_DELETE;
+	status = smb2_create(tree1, tree1, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.out.file.handle;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+
+	/* Open the test file on the second connection. */
+	ZERO_STRUCT(io);
+	io.in.fname = fname_src;
+	io.in.desired_access = SEC_FILE_READ_DATA | SEC_FILE_READ_ATTRIBUTE;
+	io.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE |
+				NTCREATEX_SHARE_ACCESS_DELETE;
+	status = smb2_create(tree2, tree2, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io.out.file.handle;
+
+	/* Now open for rename on the first connection. */
+	ZERO_STRUCT(io);
+	io.in.fname = fname_src;
+	io.in.desired_access = SEC_STD_DELETE | SEC_FILE_READ_ATTRIBUTE;
+	io.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE |
+				NTCREATEX_SHARE_ACCESS_DELETE;
+	status = smb2_create(tree1, tree1, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h3 = io.out.file.handle;
+
+	/* Do the rename. */
+	ZERO_STRUCT(sinfo);
+	sinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sinfo.rename_information.in.file.handle = h3;
+	sinfo.rename_information.in.new_name = fname_dst;
+	status = smb2_setinfo_file(tree1, &sinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* And close h3. */
+	ZERO_STRUCT(cl.smb2);
+	cl.smb2.level = RAW_CLOSE_SMB2;
+	cl.smb2.in.file.handle = h3;
+	status = smb2_close(tree1, &cl.smb2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	ZERO_STRUCT(h3);
+
+	/*
+	 * Close h1 with SMB2_CLOSE_FLAGS_FULL_INFORMATION.
+	 * Ensure we get data.
+	 */
+	ZERO_STRUCT(cl.smb2);
+	cl.smb2.level = RAW_CLOSE_SMB2;
+	cl.smb2.in.file.handle = h1;
+	cl.smb2.in.flags = SMB2_CLOSE_FLAGS_FULL_INFORMATION;
+	status = smb2_close(tree1, &cl.smb2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	ZERO_STRUCT(h1);
+	CHECK_VAL(cl.smb2.out.file_attr, 0x20);
+
+	/*
+	 * Wait 3 seconds for name change to propagate
+	 * to the other connection.
+	 */
+	sleep(3);
+
+	/*
+	 * Close h2 with SMB2_CLOSE_FLAGS_FULL_INFORMATION.
+	 * This is on connection2.
+	 * Ensure we get data.
+	 */
+	ZERO_STRUCT(cl.smb2);
+	cl.smb2.level = RAW_CLOSE_SMB2;
+	cl.smb2.in.file.handle = h2;
+	cl.smb2.in.flags = SMB2_CLOSE_FLAGS_FULL_INFORMATION;
+	status = smb2_close(tree2, &cl.smb2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	ZERO_STRUCT(h2);
+	CHECK_VAL(cl.smb2.out.file_attr, 0x20);
+
+  done:
+
+	if (h1.data[0] != 0 || h1.data[1] != 0) {
+		smb2_util_close(tree1, h1);
+	}
+	if (h2.data[0] != 0 || h2.data[1] != 0) {
+		smb2_util_close(tree2, h2);
+	}
+	if (h3.data[0] != 0 || h3.data[1] != 0) {
+		smb2_util_close(tree1, h3);
+	}
+
+	smb2_util_unlink(tree1, fname_src);
+	smb2_util_unlink(tree1, fname_dst);
+
+	return ret;
+}
+
+/*
+   basic testing of SMB2 rename
+ */
+struct torture_suite *torture_smb2_rename_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite =
+		torture_suite_create(ctx, "rename");
+
+	torture_suite_add_1smb2_test(suite, "simple",
+		torture_smb2_rename_simple);
+
+	torture_suite_add_1smb2_test(suite, "simple_modtime",
+		torture_smb2_rename_simple_modtime);
+
+	torture_suite_add_1smb2_test(suite, "simple_nodelete",
+		torture_smb2_rename_simple2);
+
+	torture_suite_add_1smb2_test(suite, "no_sharing",
+		torture_smb2_rename_no_sharemode);
+
+	torture_suite_add_1smb2_test(suite,
+		"share_delete_and_delete_access",
+		torture_smb2_rename_with_delete_access);
+
+	torture_suite_add_1smb2_test(suite,
+		"no_share_delete_but_delete_access",
+		torture_smb2_rename_with_delete_access2);
+
+	torture_suite_add_1smb2_test(suite,
+		"share_delete_no_delete_access",
+		torture_smb2_rename_no_delete_access);
+
+	torture_suite_add_1smb2_test(suite,
+		"no_share_delete_no_delete_access",
+		torture_smb2_rename_no_delete_access2);
+
+	torture_suite_add_1smb2_test(suite,
+		"msword",
+		torture_smb2_rename_msword);
+
+	torture_suite_add_1smb2_test(
+		suite, "rename_dir_openfile",
+		torture_smb2_rename_dir_openfile);
+
+	torture_suite_add_1smb2_test(suite,
+		"rename_dir_bench",
+		torture_smb2_rename_dir_bench);
+
+	torture_suite_add_2smb2_test(suite,
+		"close-full-information",
+		test_smb2_close_full_information);
+
+	suite->description = talloc_strdup(suite, "smb2.rename tests");
+
+	return suite;
+}
diff --git a/source4/torture/smb2/replay.c b/source4/torture/smb2/replay.c
new file mode 100644
index 0000000..d84ced8
--- /dev/null
+++ b/source4/torture/smb2/replay.c
@@ -0,0 +1,5515 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   test suite for SMB2 replay
+
+   Copyright (C) Anubhav Rakshit 2014
+   Copyright (C) Stefan Metzmacher 2014
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "torture/torture.h"
+#include "torture/smb2/proto.h"
+#include "../libcli/smb/smbXcli_base.h"
+#include "lib/cmdline/cmdline.h"
+#include "auth/credentials/credentials.h"
+#include "libcli/security/security.h"
+#include "libcli/resolve/resolve.h"
+#include "lib/param/param.h"
+#include "lib/events/events.h"
+#include "oplock_break_handler.h"
+#include "lease_break_handler.h"
+
+#define CHECK_VAL(v, correct) do { \
+	if ((v) != (correct)) { \
+		torture_result(tctx, TORTURE_FAIL, "(%s): wrong value for %s got 0x%x - should be 0x%x\n", \
+				__location__, #v, (int)v, (int)correct); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+#define CHECK_STATUS(status, correct) do { \
+	if (!NT_STATUS_EQUAL(status, correct)) { \
+		torture_result(tctx, TORTURE_FAIL, __location__": Incorrect status %s - should be %s", \
+		       nt_errstr(status), nt_errstr(correct)); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+#define CHECK_CREATED(__io, __created, __attribute)			\
+	do {								\
+		CHECK_VAL((__io)->out.create_action, NTCREATEX_ACTION_ ## __created); \
+		CHECK_VAL((__io)->out.size, 0);				\
+		CHECK_VAL((__io)->out.file_attr, (__attribute));	\
+		CHECK_VAL((__io)->out.reserved2, 0);			\
+	} while(0)
+
+#define CHECK_HANDLE(__h1, __h2)					\
+	do {								\
+		CHECK_VAL((__h1)->data[0], (__h2)->data[0]);		\
+		CHECK_VAL((__h1)->data[1], (__h2)->data[1]);		\
+	} while(0)
+
+#define __IO_OUT_VAL(__io1, __io2, __m) \
+	CHECK_VAL((__io1)->out.__m, (__io2)->out.__m)
+
+#define CHECK_CREATE_OUT(__io1, __io2)				\
+	do {							\
+		CHECK_HANDLE(&(__io1)->out.file.handle,		\
+			     &(__io2)->out.file.handle);	\
+		__IO_OUT_VAL(__io1, __io2, oplock_level);	\
+		__IO_OUT_VAL(__io1, __io2, create_action);	\
+		__IO_OUT_VAL(__io1, __io2, create_time);	\
+		__IO_OUT_VAL(__io1, __io2, access_time);	\
+		__IO_OUT_VAL(__io1, __io2, write_time);		\
+		__IO_OUT_VAL(__io1, __io2, change_time);	\
+		__IO_OUT_VAL(__io1, __io2, alloc_size);		\
+		__IO_OUT_VAL(__io1, __io2, size);		\
+		__IO_OUT_VAL(__io1, __io2, file_attr);		\
+		__IO_OUT_VAL(__io1, __io2, durable_open);	\
+		__IO_OUT_VAL(__io1, __io2, durable_open_v2);	\
+		__IO_OUT_VAL(__io1, __io2, persistent_open);	\
+		__IO_OUT_VAL(__io1, __io2, timeout);		\
+		__IO_OUT_VAL(__io1, __io2, blobs.num_blobs);	\
+		if ((__io1)->out.oplock_level == SMB2_OPLOCK_LEVEL_LEASE) { \
+			__IO_OUT_VAL(__io1, __io2, lease_response.lease_state);\
+			__IO_OUT_VAL(__io1, __io2, lease_response.lease_key.data[0]);\
+			__IO_OUT_VAL(__io1, __io2, lease_response.lease_key.data[1]);\
+		} \
+	} while(0)
+
+#define WAIT_FOR_ASYNC_RESPONSE(__tctx, __req) do { \
+	torture_comment((__tctx), "Waiting for async response: %s\n", #__req); \
+	while (!(__req)->cancel.can_cancel && (__req)->state <= SMB2_REQUEST_RECV) { \
+		if (tevent_loop_once((__tctx)->ev) != 0) { \
+			break; \
+		} \
+	} \
+} while(0)
+
+#define BASEDIR "replaytestdir"
+
+/**
+ * Test what happens when SMB2_FLAGS_REPLAY_OPERATION is enabled for various
+ * commands. We want to verify if the server returns an error code or not.
+ */
+static bool test_replay_commands(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	bool ret = true;
+	NTSTATUS status;
+	struct smb2_handle h;
+	uint8_t buf[200];
+	struct smb2_read rd;
+	union smb_setfileinfo sfinfo;
+	union smb_fileinfo qfinfo;
+	union smb_ioctl ioctl;
+	struct smb2_lock lck;
+	struct smb2_lock_element el[2];
+	struct smb2_flush f;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	const char *fname = BASEDIR "\\replay_commands.dat";
+	struct smb2_transport *transport = tree->session->transport;
+
+	if (smbXcli_conn_protocol(transport->conn) < PROTOCOL_SMB3_00) {
+		torture_skip(tctx, "SMB 3.X Dialect family required for "
+				   "Replay tests\n");
+	}
+
+	torture_reset_break_info(tctx, &break_info);
+	tree->session->transport->oplock.handler = torture_oplock_ack_handler;
+	tree->session->transport->oplock.private_data = tree;
+
+	status = torture_smb2_testdir(tree, BASEDIR, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, h);
+
+	smb2cli_session_start_replay(tree->session->smbXcli);
+
+	torture_comment(tctx, "Try Commands with Replay Flags Enabled\n");
+
+	torture_comment(tctx, "Trying create\n");
+	status = torture_smb2_testfile(tree, fname, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(break_info.count, 0);
+	/*
+	 * Wireshark shows that the response has SMB2_FLAGS_REPLAY_OPERATION
+	 * flags set. The server should ignore this flag.
+	 */
+
+	torture_comment(tctx, "Trying write\n");
+	status = smb2_util_write(tree, h, buf, 0, ARRAY_SIZE(buf));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	f = (struct smb2_flush) {
+		.in.file.handle = h
+	};
+	torture_comment(tctx, "Trying flush\n");
+	status = smb2_flush(tree, &f);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	rd = (struct smb2_read) {
+		.in.file.handle = h,
+		.in.length = 10,
+		.in.offset = 0,
+		.in.min_count = 1
+	};
+	torture_comment(tctx, "Trying read\n");
+	status = smb2_read(tree, tmp_ctx, &rd);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(rd.out.data.length, 10);
+
+	sfinfo.generic.level = RAW_SFILEINFO_POSITION_INFORMATION;
+	sfinfo.position_information.in.file.handle = h;
+	sfinfo.position_information.in.position = 0x1000;
+	torture_comment(tctx, "Trying setinfo\n");
+	status = smb2_setinfo_file(tree, &sfinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	qfinfo = (union smb_fileinfo) {
+		.generic.level = RAW_FILEINFO_POSITION_INFORMATION,
+		.generic.in.file.handle = h
+	};
+	torture_comment(tctx, "Trying getinfo\n");
+	status = smb2_getinfo_file(tree, tmp_ctx, &qfinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(qfinfo.position_information.out.position, 0x1000);
+
+	ioctl = (union smb_ioctl) {
+		.smb2.level = RAW_IOCTL_SMB2,
+		.smb2.in.file.handle = h,
+		.smb2.in.function = FSCTL_CREATE_OR_GET_OBJECT_ID,
+		.smb2.in.max_output_response = 64,
+		.smb2.in.flags = SMB2_IOCTL_FLAG_IS_FSCTL
+	};
+	torture_comment(tctx, "Trying ioctl\n");
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	lck = (struct smb2_lock) {
+		.in.locks = el,
+		.in.lock_count = 0x0001,
+		.in.lock_sequence = 0x00000000,
+		.in.file.handle	= h
+	};
+	el[0].reserved		= 0x00000000;
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+		SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+
+	torture_comment(tctx, "Trying lock\n");
+	el[0].offset		= 0x0000000000000000;
+	el[0].length		= 0x0000000000000100;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	lck.in.file.handle	= h;
+	el[0].flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	CHECK_VAL(break_info.count, 0);
+done:
+	smb2cli_session_stop_replay(tree->session->smbXcli);
+	smb2_util_close(tree, h);
+	smb2_deltree(tree, BASEDIR);
+
+	talloc_free(tmp_ctx);
+
+	return ret;
+}
+
+/**
+ * Test replay detection without create GUID on single channel.
+ * Regular creates can not be replayed.
+ * The return code is unaffected of the REPLAY_OPERATION flag.
+ */
+static bool test_replay_regular(struct torture_context *tctx,
+				struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_create io;
+	uint32_t perms = 0;
+	bool ret = true;
+	const char *fname = BASEDIR "\\replay_regular.dat";
+	struct smb2_transport *transport = tree->session->transport;
+
+	if (smbXcli_conn_protocol(transport->conn) < PROTOCOL_SMB3_00) {
+		torture_skip(tctx, "SMB 3.X Dialect family required for "
+				   "replay tests\n");
+	}
+
+	torture_reset_break_info(tctx, &break_info);
+	tree->session->transport->oplock.handler = torture_oplock_ack_handler;
+	tree->session->transport->oplock.private_data = tree;
+
+	smb2_util_unlink(tree, fname);
+	status = torture_smb2_testdir(tree, BASEDIR, &_h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, _h);
+	CHECK_VAL(break_info.count, 0);
+
+	torture_comment(tctx, "No replay detection for regular create\n");
+
+	perms = SEC_STD_SYNCHRONIZE | SEC_STD_READ_CONTROL | SEC_STD_DELETE |
+		SEC_DIR_WRITE_ATTRIBUTE | SEC_DIR_READ_ATTRIBUTE |
+		SEC_DIR_WRITE_EA | SEC_FILE_APPEND_DATA |
+		SEC_FILE_WRITE_DATA;
+
+	io = (struct smb2_create) {
+		.in.desired_access  = perms,
+		.in.file_attributes = 0,
+		.in.create_disposition = NTCREATEX_DISP_CREATE,
+		.in.share_access    = NTCREATEX_SHARE_ACCESS_DELETE,
+		.in.create_options  = 0x0,
+		.in.fname   = fname
+	};
+
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(break_info.count, 0);
+	_h = io.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+
+	smb2cli_session_start_replay(tree->session->smbXcli);
+	status = smb2_create(tree, tctx, &io);
+	smb2cli_session_stop_replay(tree->session->smbXcli);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_COLLISION);
+	CHECK_VAL(break_info.count, 0);
+
+	smb2_util_close(tree, *h);
+	h = NULL;
+	smb2_util_unlink(tree, fname);
+
+	/*
+	 * Same experiment with different create disposition.
+	 */
+	io.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(break_info.count, 0);
+	_h = io.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+
+	smb2cli_session_start_replay(tree->session->smbXcli);
+	status = smb2_create(tree, tctx, &io);
+	smb2cli_session_stop_replay(tree->session->smbXcli);
+	CHECK_STATUS(status, NT_STATUS_SHARING_VIOLATION);
+	CHECK_VAL(break_info.count, 0);
+
+	smb2_util_close(tree, *h);
+	h = NULL;
+	smb2_util_unlink(tree, fname);
+
+	/*
+	 * Now with more generous share mode.
+	 */
+	io.in.share_access = smb2_util_share_access("RWD");
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(break_info.count, 0);
+	_h = io.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+
+	smb2cli_session_start_replay(tree->session->smbXcli);
+	status = smb2_create(tree, tctx, &io);
+	smb2cli_session_stop_replay(tree->session->smbXcli);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(break_info.count, 0);
+
+done:
+	if (h != NULL) {
+		smb2_util_close(tree, *h);
+	}
+	smb2_deltree(tree, BASEDIR);
+
+	talloc_free(tree);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * Test Durability V2 Create Replay Detection on Single Channel.
+ */
+static bool test_replay_dhv2_oplock1(struct torture_context *tctx,
+				     struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_create io, ref1;
+	struct GUID create_guid = GUID_random();
+	bool ret = true;
+	const char *fname = BASEDIR "\\replay_dhv2_oplock1.dat";
+	struct smb2_transport *transport = tree->session->transport;
+	uint32_t share_capabilities;
+	bool share_is_so;
+
+	if (smbXcli_conn_protocol(transport->conn) < PROTOCOL_SMB3_00) {
+		torture_skip(tctx, "SMB 3.X Dialect family required for "
+				   "replay tests\n");
+	}
+
+	share_capabilities = smb2cli_tcon_capabilities(tree->smbXcli);
+	share_is_so = share_capabilities & SMB2_SHARE_CAP_SCALEOUT;
+
+	torture_reset_break_info(tctx, &break_info);
+	tree->session->transport->oplock.handler = torture_oplock_ack_handler;
+	tree->session->transport->oplock.private_data = tree;
+
+	torture_comment(tctx, "Replay of DurableHandleReqV2 on Single "
+			      "Channel\n");
+	smb2_util_unlink(tree, fname);
+	status = torture_smb2_testdir(tree, BASEDIR, &_h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, _h);
+	CHECK_VAL(break_info.count, 0);
+
+	smb2_oplock_create_share(&io, fname,
+			smb2_util_share_access(""),
+			smb2_util_oplock_level("b"));
+	io.in.durable_open = false;
+	io.in.durable_open_v2 = true;
+	io.in.persistent_open = false;
+	io.in.create_guid = create_guid;
+	io.in.timeout = UINT32_MAX;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	ref1 = io;
+	_h = io.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.durable_open, false);
+	if (share_is_so) {
+		CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("s"));
+		CHECK_VAL(io.out.durable_open_v2, false);
+		CHECK_VAL(io.out.timeout, 0);
+	} else {
+		CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+		CHECK_VAL(io.out.durable_open_v2, true);
+		CHECK_VAL(io.out.timeout, 300*1000);
+	}
+
+	/*
+	 * Replay Durable V2 Create on single channel
+	 */
+	smb2cli_session_start_replay(tree->session->smbXcli);
+	status = smb2_create(tree, mem_ctx, &io);
+	smb2cli_session_stop_replay(tree->session->smbXcli);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATE_OUT(&io, &ref1);
+	CHECK_VAL(break_info.count, 0);
+
+done:
+	if (h != NULL) {
+		smb2_util_close(tree, *h);
+	}
+	smb2_deltree(tree, BASEDIR);
+
+	talloc_free(tree);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * Test Durability V2 Create Replay Detection on Single Channel.
+ * Hand in a different oplock level in the replay.
+ * Server responds with the handed in oplock level and
+ * corresponding durable status, but does not change the
+ * oplock level or durable status of the opened file.
+ */
+static bool test_replay_dhv2_oplock2(struct torture_context *tctx,
+				      struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_create io, ref1, ref2;
+	struct GUID create_guid = GUID_random();
+	bool ret = true;
+	const char *fname = BASEDIR "\\replay_dhv2_oplock2.dat";
+	struct smb2_transport *transport = tree->session->transport;
+	uint32_t share_capabilities;
+	bool share_is_so;
+
+	if (smbXcli_conn_protocol(transport->conn) < PROTOCOL_SMB3_00) {
+		torture_skip(tctx, "SMB 3.X Dialect family required for "
+				   "replay tests\n");
+	}
+
+	share_capabilities = smb2cli_tcon_capabilities(tree->smbXcli);
+	share_is_so = share_capabilities & SMB2_SHARE_CAP_SCALEOUT;
+
+	torture_reset_break_info(tctx, &break_info);
+	tree->session->transport->oplock.handler = torture_oplock_ack_handler;
+	tree->session->transport->oplock.private_data = tree;
+
+	torture_comment(tctx, "Replay of DurableHandleReqV2 on Single "
+			      "Channel\n");
+	smb2_util_unlink(tree, fname);
+	status = torture_smb2_testdir(tree, BASEDIR, &_h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, _h);
+	CHECK_VAL(break_info.count, 0);
+
+	smb2_oplock_create_share(&io, fname,
+			smb2_util_share_access(""),
+			smb2_util_oplock_level("b"));
+	io.in.durable_open = false;
+	io.in.durable_open_v2 = true;
+	io.in.persistent_open = false;
+	io.in.create_guid = create_guid;
+	io.in.timeout = UINT32_MAX;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	ref1 = io;
+	_h = io.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.durable_open, false);
+	if (share_is_so) {
+		CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("s"));
+		CHECK_VAL(io.out.durable_open_v2, false);
+		CHECK_VAL(io.out.timeout, 0);
+	} else {
+		CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+		CHECK_VAL(io.out.durable_open_v2, true);
+		CHECK_VAL(io.out.timeout, 300*1000);
+	}
+
+	/*
+	 * Replay durable v2 create on single channel:
+	 *
+	 * Replay the create with a different oplock (none).
+	 * The server replies with the requested oplock level
+	 * and also only replies with durable handle based
+	 * on whether it could have been granted based on
+	 * the requested oplock type.
+	 */
+	smb2_oplock_create_share(&io, fname,
+			smb2_util_share_access(""),
+			smb2_util_oplock_level(""));
+	io.in.durable_open = false;
+	io.in.durable_open_v2 = true;
+	io.in.persistent_open = false;
+	io.in.create_guid = create_guid;
+	io.in.timeout = UINT32_MAX;
+
+	/*
+	 * Adapt the response to the expected values
+	 */
+	ref2 = ref1;
+	ref2.out.oplock_level = smb2_util_oplock_level("");
+	ref2.out.durable_open_v2 = false;
+	ref2.out.timeout = 0;
+	ref2.out.blobs.num_blobs = 0;
+
+	smb2cli_session_start_replay(tree->session->smbXcli);
+	status = smb2_create(tree, mem_ctx, &io);
+	smb2cli_session_stop_replay(tree->session->smbXcli);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATE_OUT(&io, &ref2);
+	CHECK_VAL(break_info.count, 0);
+
+	/*
+	 * Prove that the open file still has a batch oplock
+	 * by breaking it with another open.
+	 */
+	smb2_oplock_create_share(&io, fname,
+			smb2_util_share_access(""),
+			smb2_util_oplock_level("b"));
+	io.in.durable_open = false;
+	io.in.durable_open_v2 = true;
+	io.in.persistent_open = false;
+	io.in.create_guid = GUID_random();
+	io.in.timeout = UINT32_MAX;
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_SHARING_VIOLATION);
+
+	if (!share_is_so) {
+		CHECK_VAL(break_info.count, 1);
+		CHECK_HANDLE(&break_info.handle, &ref1.out.file.handle);
+		CHECK_VAL(break_info.level, smb2_util_oplock_level("s"));
+		torture_reset_break_info(tctx, &break_info);
+	}
+
+done:
+	if (h != NULL) {
+		smb2_util_close(tree, *h);
+	}
+	smb2_deltree(tree, BASEDIR);
+
+	talloc_free(tree);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * Test Durability V2 Create Replay Detection on Single Channel.
+ * Replay with a different share mode. The share mode of
+ * the opened file is not changed by this.
+ */
+static bool test_replay_dhv2_oplock3(struct torture_context *tctx,
+				     struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_create io, ref1;
+	struct GUID create_guid = GUID_random();
+	bool ret = true;
+	const char *fname = BASEDIR "\\replay_dhv2_oplock3.dat";
+	struct smb2_transport *transport = tree->session->transport;
+	uint32_t share_capabilities;
+	bool share_is_so;
+
+	if (smbXcli_conn_protocol(transport->conn) < PROTOCOL_SMB3_00) {
+		torture_skip(tctx, "SMB 3.X Dialect family required for "
+				   "replay tests\n");
+	}
+
+	share_capabilities = smb2cli_tcon_capabilities(tree->smbXcli);
+	share_is_so = share_capabilities & SMB2_SHARE_CAP_SCALEOUT;
+
+	torture_reset_break_info(tctx, &break_info);
+	tree->session->transport->oplock.handler = torture_oplock_ack_handler;
+	tree->session->transport->oplock.private_data = tree;
+
+	torture_comment(tctx, "Replay of DurableHandleReqV2 on Single "
+			      "Channel\n");
+	smb2_util_unlink(tree, fname);
+	status = torture_smb2_testdir(tree, BASEDIR, &_h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, _h);
+	CHECK_VAL(break_info.count, 0);
+
+	smb2_oplock_create_share(&io, fname,
+			smb2_util_share_access(""),
+			smb2_util_oplock_level("b"));
+	io.in.durable_open = false;
+	io.in.durable_open_v2 = true;
+	io.in.persistent_open = false;
+	io.in.create_guid = create_guid;
+	io.in.timeout = UINT32_MAX;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	ref1 = io;
+	_h = io.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.durable_open, false);
+	if (share_is_so) {
+		CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("s"));
+		CHECK_VAL(io.out.durable_open_v2, false);
+		CHECK_VAL(io.out.timeout, 0);
+	} else {
+		CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+		CHECK_VAL(io.out.durable_open_v2, true);
+		CHECK_VAL(io.out.timeout, 300*1000);
+	}
+
+	/*
+	 * Replay durable v2 create on single channel:
+	 *
+	 * Replay the create with a different share mode.
+	 * The server replies with the requested share
+	 * mode instead of that which is associated to
+	 * the handle.
+	 */
+	smb2_oplock_create_share(&io, fname,
+			smb2_util_share_access("RWD"),
+			smb2_util_oplock_level("b"));
+	io.in.durable_open = false;
+	io.in.durable_open_v2 = true;
+	io.in.persistent_open = false;
+	io.in.create_guid = create_guid;
+	io.in.timeout = UINT32_MAX;
+
+	smb2cli_session_start_replay(tree->session->smbXcli);
+	status = smb2_create(tree, mem_ctx, &io);
+	smb2cli_session_stop_replay(tree->session->smbXcli);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATE_OUT(&io, &ref1);
+	CHECK_VAL(break_info.count, 0);
+
+	/*
+	 * In order to prove that the different share mode in the
+	 * replayed create had no effect on the open file handle,
+	 * show that a new create yields NT_STATUS_SHARING_VIOLATION.
+	 */
+	smb2_oplock_create_share(&io, fname,
+			smb2_util_share_access(""),
+			smb2_util_oplock_level("b"));
+	io.in.durable_open = false;
+	io.in.durable_open_v2 = true;
+	io.in.persistent_open = false;
+	io.in.create_guid = GUID_random();
+	io.in.timeout = UINT32_MAX;
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_SHARING_VIOLATION);
+
+	if (!share_is_so) {
+		CHECK_VAL(break_info.count, 1);
+		CHECK_HANDLE(&break_info.handle, &ref1.out.file.handle);
+		CHECK_VAL(break_info.level, smb2_util_oplock_level("s"));
+		torture_reset_break_info(tctx, &break_info);
+	}
+
+done:
+	if (h != NULL) {
+		smb2_util_close(tree, *h);
+	}
+	smb2_deltree(tree, BASEDIR);
+
+	talloc_free(tree);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * Test Durability V2 Create Replay Detection on Single Channel.
+ * Create with an oplock, and replay with a lease.
+ */
+static bool test_replay_dhv2_oplock_lease(struct torture_context *tctx,
+					  struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_create io;
+	struct GUID create_guid = GUID_random();
+	bool ret = true;
+	const char *fname = BASEDIR "\\replay_dhv2_oplock1.dat";
+	struct smb2_transport *transport = tree->session->transport;
+	uint32_t share_capabilities;
+	bool share_is_so;
+	uint32_t server_capabilities;
+	struct smb2_lease ls;
+	uint64_t lease_key;
+
+	if (smbXcli_conn_protocol(transport->conn) < PROTOCOL_SMB3_00) {
+		torture_skip(tctx, "SMB 3.X Dialect family required for "
+				   "replay tests\n");
+	}
+
+	server_capabilities = smb2cli_conn_server_capabilities(transport->conn);
+	if (!(server_capabilities & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	share_capabilities = smb2cli_tcon_capabilities(tree->smbXcli);
+	share_is_so = share_capabilities & SMB2_SHARE_CAP_SCALEOUT;
+
+	torture_reset_break_info(tctx, &break_info);
+	tree->session->transport->oplock.handler = torture_oplock_ack_handler;
+	tree->session->transport->oplock.private_data = tree;
+
+	torture_comment(tctx, "Replay of DurableHandleReqV2 on Single "
+			      "Channel\n");
+	smb2_util_unlink(tree, fname);
+	status = torture_smb2_testdir(tree, BASEDIR, &_h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, _h);
+	CHECK_VAL(break_info.count, 0);
+
+	smb2_oplock_create_share(&io, fname,
+			smb2_util_share_access(""),
+			smb2_util_oplock_level("b"));
+	io.in.durable_open = false;
+	io.in.durable_open_v2 = true;
+	io.in.persistent_open = false;
+	io.in.create_guid = create_guid;
+	io.in.timeout = UINT32_MAX;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h = io.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.durable_open, false);
+	if (share_is_so) {
+		CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("s"));
+		CHECK_VAL(io.out.durable_open_v2, false);
+		CHECK_VAL(io.out.timeout, 0);
+	} else {
+		CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+		CHECK_VAL(io.out.durable_open_v2, true);
+		CHECK_VAL(io.out.timeout, 300*1000);
+	}
+
+	/*
+	 * Replay Durable V2 Create on single channel
+	 * but replay it with a lease instead of an oplock.
+	 */
+	lease_key = random();
+	smb2_lease_create(&io, &ls, false /* dir */, fname,
+			lease_key, smb2_util_lease_state("RH"));
+	io.in.durable_open = false;
+	io.in.durable_open_v2 = true;
+	io.in.persistent_open = false;
+	io.in.create_guid = create_guid;
+	io.in.timeout = UINT32_MAX;
+
+	smb2cli_session_start_replay(tree->session->smbXcli);
+	status = smb2_create(tree, mem_ctx, &io);
+	smb2cli_session_stop_replay(tree->session->smbXcli);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+done:
+	if (h != NULL) {
+		smb2_util_close(tree, *h);
+	}
+	smb2_deltree(tree, BASEDIR);
+
+	talloc_free(tree);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+
+/**
+ * Test durability v2 create replay detection on single channel.
+ * Variant with leases instead of oplocks:
+ * - open a file with a rh lease
+ * - upgrade to a rwh lease with a second create
+ * - replay the first create.
+ *   ==> it gets back the upgraded lease level
+ */
+static bool test_replay_dhv2_lease1(struct torture_context *tctx,
+				    struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_handle _h1;
+	struct smb2_handle *h1 = NULL;
+	struct smb2_handle _h2;
+	struct smb2_handle *h2 = NULL;
+	struct smb2_create io1, io2, ref1;
+	struct GUID create_guid = GUID_random();
+	bool ret = true;
+	const char *fname = BASEDIR "\\replay2_lease1.dat";
+	struct smb2_transport *transport = tree->session->transport;
+	uint32_t share_capabilities;
+	bool share_is_so;
+	uint32_t server_capabilities;
+	struct smb2_lease ls1, ls2;
+	uint64_t lease_key;
+
+	if (smbXcli_conn_protocol(transport->conn) < PROTOCOL_SMB3_00) {
+		torture_skip(tctx, "SMB 3.X Dialect family required for "
+				   "replay tests\n");
+	}
+
+	server_capabilities = smb2cli_conn_server_capabilities(transport->conn);
+	if (!(server_capabilities & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	share_capabilities = smb2cli_tcon_capabilities(tree->smbXcli);
+	share_is_so = share_capabilities & SMB2_SHARE_CAP_SCALEOUT;
+
+	torture_reset_break_info(tctx, &break_info);
+	tree->session->transport->oplock.handler = torture_oplock_ack_handler;
+	tree->session->transport->oplock.private_data = tree;
+
+	torture_comment(tctx, "Replay of DurableHandleReqV2 with Lease "
+			      "on Single Channel\n");
+	smb2_util_unlink(tree, fname);
+	status = torture_smb2_testdir(tree, BASEDIR, &_h1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, _h1);
+	CHECK_VAL(break_info.count, 0);
+
+	lease_key = random();
+
+	smb2_lease_create(&io1, &ls1, false /* dir */, fname,
+			lease_key, smb2_util_lease_state("RH"));
+	io1.in.durable_open = false;
+	io1.in.durable_open_v2 = true;
+	io1.in.persistent_open = false;
+	io1.in.create_guid = create_guid;
+	io1.in.timeout = UINT32_MAX;
+
+	status = smb2_create(tree, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	ref1 = io1;
+	_h1 = io1.out.file.handle;
+	h1 = &_h1;
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io1.out.durable_open, false);
+	CHECK_VAL(io1.out.oplock_level, SMB2_OPLOCK_LEVEL_LEASE);
+	CHECK_VAL(io1.out.lease_response.lease_key.data[0], lease_key);
+	CHECK_VAL(io1.out.lease_response.lease_key.data[1], ~lease_key);
+	if (share_is_so) {
+		CHECK_VAL(io1.out.lease_response.lease_state,
+			  smb2_util_lease_state("R"));
+		CHECK_VAL(io1.out.durable_open_v2, false);
+		CHECK_VAL(io1.out.timeout, 0);
+	} else {
+		CHECK_VAL(io1.out.lease_response.lease_state,
+			  smb2_util_lease_state("RH"));
+		CHECK_VAL(io1.out.durable_open_v2, true);
+		CHECK_VAL(io1.out.timeout, 300*1000);
+	}
+
+	/*
+	 * Upgrade the lease to RWH
+	 */
+	smb2_lease_create(&io2, &ls2, false /* dir */, fname,
+			lease_key, smb2_util_lease_state("RHW"));
+	io2.in.durable_open = false;
+	io2.in.durable_open_v2 = true;
+	io2.in.persistent_open = false;
+	io2.in.create_guid = GUID_random(); /* new guid... */
+	io2.in.timeout = UINT32_MAX;
+
+	status = smb2_create(tree, mem_ctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h2 = io2.out.file.handle;
+	h2 = &_h2;
+
+	/*
+	 * Replay Durable V2 Create on single channel.
+	 * We get the io from open #1 but with the
+	 * upgraded lease.
+	 */
+
+	/* adapt expected lease in response */
+	if (!share_is_so) {
+		ref1.out.lease_response.lease_state =
+			smb2_util_lease_state("RHW");
+	}
+
+	smb2cli_session_start_replay(tree->session->smbXcli);
+	status = smb2_create(tree, mem_ctx, &io1);
+	smb2cli_session_stop_replay(tree->session->smbXcli);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATE_OUT(&io1, &ref1);
+	CHECK_VAL(break_info.count, 0);
+
+done:
+	smb2cli_session_stop_replay(tree->session->smbXcli);
+
+	if (h1 != NULL) {
+		smb2_util_close(tree, *h1);
+	}
+	if (h2 != NULL) {
+		smb2_util_close(tree, *h2);
+	}
+	smb2_deltree(tree, BASEDIR);
+
+	talloc_free(tree);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * Test durability v2 create replay detection on single channel.
+ * Variant with leases instead of oplocks, where the
+ * replay does not specify the original lease level but
+ * just a "R" lease. This still gives the upgraded lease
+ * level in the reply.
+ * - open a file with a rh lease
+ * - upgrade to a rwh lease with a second create
+ * - replay the first create.
+ *   ==> it gets back the upgraded lease level
+ */
+static bool test_replay_dhv2_lease2(struct torture_context *tctx,
+				    struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_handle _h1;
+	struct smb2_handle *h1 = NULL;
+	struct smb2_handle _h2;
+	struct smb2_handle *h2 = NULL;
+	struct smb2_create io1, io2, ref1;
+	struct GUID create_guid = GUID_random();
+	bool ret = true;
+	const char *fname = BASEDIR "\\replay2_lease2.dat";
+	struct smb2_transport *transport = tree->session->transport;
+	uint32_t share_capabilities;
+	bool share_is_so;
+	uint32_t server_capabilities;
+	struct smb2_lease ls1, ls2;
+	uint64_t lease_key;
+
+	if (smbXcli_conn_protocol(transport->conn) < PROTOCOL_SMB3_00) {
+		torture_skip(tctx, "SMB 3.X Dialect family required for "
+				   "replay tests\n");
+	}
+
+	server_capabilities = smb2cli_conn_server_capabilities(transport->conn);
+	if (!(server_capabilities & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	share_capabilities = smb2cli_tcon_capabilities(tree->smbXcli);
+	share_is_so = share_capabilities & SMB2_SHARE_CAP_SCALEOUT;
+
+	torture_reset_break_info(tctx, &break_info);
+	tree->session->transport->oplock.handler = torture_oplock_ack_handler;
+	tree->session->transport->oplock.private_data = tree;
+
+	torture_comment(tctx, "Replay of DurableHandleReqV2 with Lease "
+			      "on Single Channel\n");
+	smb2_util_unlink(tree, fname);
+	status = torture_smb2_testdir(tree, BASEDIR, &_h1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, _h1);
+	CHECK_VAL(break_info.count, 0);
+
+	lease_key = random();
+
+	smb2_lease_create(&io1, &ls1, false /* dir */, fname,
+			lease_key, smb2_util_lease_state("RH"));
+	io1.in.durable_open = false;
+	io1.in.durable_open_v2 = true;
+	io1.in.persistent_open = false;
+	io1.in.create_guid = create_guid;
+	io1.in.timeout = UINT32_MAX;
+
+	status = smb2_create(tree, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io1.out.durable_open, false);
+	CHECK_VAL(io1.out.oplock_level, SMB2_OPLOCK_LEVEL_LEASE);
+	CHECK_VAL(io1.out.lease_response.lease_key.data[0], lease_key);
+	CHECK_VAL(io1.out.lease_response.lease_key.data[1], ~lease_key);
+	if (share_is_so) {
+		CHECK_VAL(io1.out.lease_response.lease_state,
+			  smb2_util_lease_state("R"));
+		CHECK_VAL(io1.out.durable_open_v2, false);
+		CHECK_VAL(io1.out.timeout, 0);
+	} else {
+		CHECK_VAL(io1.out.lease_response.lease_state,
+			  smb2_util_lease_state("RH"));
+		CHECK_VAL(io1.out.durable_open_v2, true);
+		CHECK_VAL(io1.out.timeout, 300*1000);
+	}
+	ref1 = io1;
+	_h1 = io1.out.file.handle;
+	h1 = &_h1;
+
+	/*
+	 * Upgrade the lease to RWH
+	 */
+	smb2_lease_create(&io2, &ls2, false /* dir */, fname,
+			lease_key, smb2_util_lease_state("RHW"));
+	io2.in.durable_open = false;
+	io2.in.durable_open_v2 = true;
+	io2.in.persistent_open = false;
+	io2.in.create_guid = GUID_random(); /* new guid... */
+	io2.in.timeout = UINT32_MAX;
+
+	status = smb2_create(tree, mem_ctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h2 = io2.out.file.handle;
+	h2 = &_h2;
+
+	/*
+	 * Replay Durable V2 Create on single channel.
+	 * Changing the requested lease level to "R"
+	 * does not change the response:
+	 * We get the reply from open #1 but with the
+	 * upgraded lease.
+	 */
+
+	/* adapt the expected response */
+	if (!share_is_so) {
+		ref1.out.lease_response.lease_state =
+					smb2_util_lease_state("RHW");
+	}
+
+	smb2_lease_create(&io1, &ls1, false /* dir */, fname,
+			lease_key, smb2_util_lease_state("R"));
+	io1.in.durable_open = false;
+	io1.in.durable_open_v2 = true;
+	io1.in.persistent_open = false;
+	io1.in.create_guid = create_guid;
+	io1.in.timeout = UINT32_MAX;
+
+	smb2cli_session_start_replay(tree->session->smbXcli);
+	status = smb2_create(tree, mem_ctx, &io1);
+	smb2cli_session_stop_replay(tree->session->smbXcli);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATE_OUT(&io1, &ref1);
+	CHECK_VAL(break_info.count, 0);
+
+done:
+	smb2cli_session_stop_replay(tree->session->smbXcli);
+
+	if (h1 != NULL) {
+		smb2_util_close(tree, *h1);
+	}
+	if (h2 != NULL) {
+		smb2_util_close(tree, *h2);
+	}
+	smb2_deltree(tree, BASEDIR);
+
+	talloc_free(tree);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * Test durability v2 create replay detection on single channel.
+ * create with a lease, and replay with a different lease key
+ */
+static bool test_replay_dhv2_lease3(struct torture_context *tctx,
+				    struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_handle _h1;
+	struct smb2_handle *h1 = NULL;
+	struct smb2_handle _h2;
+	struct smb2_handle *h2 = NULL;
+	struct smb2_create io1, io2;
+	struct GUID create_guid = GUID_random();
+	bool ret = true;
+	const char *fname = BASEDIR "\\replay2_lease2.dat";
+	struct smb2_transport *transport = tree->session->transport;
+	uint32_t share_capabilities;
+	bool share_is_so;
+	uint32_t server_capabilities;
+	struct smb2_lease ls1, ls2;
+	uint64_t lease_key;
+
+	if (smbXcli_conn_protocol(transport->conn) < PROTOCOL_SMB3_00) {
+		torture_skip(tctx, "SMB 3.X Dialect family required for "
+				   "replay tests\n");
+	}
+
+	server_capabilities = smb2cli_conn_server_capabilities(transport->conn);
+	if (!(server_capabilities & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	share_capabilities = smb2cli_tcon_capabilities(tree->smbXcli);
+	share_is_so = share_capabilities & SMB2_SHARE_CAP_SCALEOUT;
+
+	torture_reset_break_info(tctx, &break_info);
+	tree->session->transport->oplock.handler = torture_oplock_ack_handler;
+	tree->session->transport->oplock.private_data = tree;
+
+	torture_comment(tctx, "Replay of DurableHandleReqV2 with Lease "
+			      "on Single Channel\n");
+	smb2_util_unlink(tree, fname);
+	status = torture_smb2_testdir(tree, BASEDIR, &_h1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, _h1);
+	CHECK_VAL(break_info.count, 0);
+
+	lease_key = random();
+
+	smb2_lease_create(&io1, &ls1, false /* dir */, fname,
+			lease_key, smb2_util_lease_state("RH"));
+	io1.in.durable_open = false;
+	io1.in.durable_open_v2 = true;
+	io1.in.persistent_open = false;
+	io1.in.create_guid = create_guid;
+	io1.in.timeout = UINT32_MAX;
+
+	status = smb2_create(tree, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io1.out.durable_open, false);
+	CHECK_VAL(io1.out.oplock_level, SMB2_OPLOCK_LEVEL_LEASE);
+	CHECK_VAL(io1.out.lease_response.lease_key.data[0], lease_key);
+	CHECK_VAL(io1.out.lease_response.lease_key.data[1], ~lease_key);
+	if (share_is_so) {
+		CHECK_VAL(io1.out.lease_response.lease_state,
+			  smb2_util_lease_state("R"));
+		CHECK_VAL(io1.out.durable_open_v2, false);
+		CHECK_VAL(io1.out.timeout, 0);
+	} else {
+		CHECK_VAL(io1.out.lease_response.lease_state,
+			  smb2_util_lease_state("RH"));
+		CHECK_VAL(io1.out.durable_open_v2, true);
+		CHECK_VAL(io1.out.timeout, 300*1000);
+	}
+	_h1 = io1.out.file.handle;
+	h1 = &_h1;
+
+	/*
+	 * Upgrade the lease to RWH
+	 */
+	smb2_lease_create(&io2, &ls2, false /* dir */, fname,
+			lease_key, smb2_util_lease_state("RHW"));
+	io2.in.durable_open = false;
+	io2.in.durable_open_v2 = true;
+	io2.in.persistent_open = false;
+	io2.in.create_guid = GUID_random(); /* new guid... */
+	io2.in.timeout = UINT32_MAX;
+
+	status = smb2_create(tree, mem_ctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h2 = io2.out.file.handle;
+	h2 = &_h2;
+
+	/*
+	 * Replay Durable V2 Create on single channel.
+	 * use a different lease key.
+	 */
+
+	smb2_lease_create(&io1, &ls1, false /* dir */, fname,
+			random() /* lease key */,
+			smb2_util_lease_state("RH"));
+	io1.in.durable_open = false;
+	io1.in.durable_open_v2 = true;
+	io1.in.persistent_open = false;
+	io1.in.create_guid = create_guid;
+	io1.in.timeout = UINT32_MAX;
+
+	smb2cli_session_start_replay(tree->session->smbXcli);
+	status = smb2_create(tree, mem_ctx, &io1);
+	smb2cli_session_stop_replay(tree->session->smbXcli);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+done:
+	smb2cli_session_stop_replay(tree->session->smbXcli);
+
+	if (h1 != NULL) {
+		smb2_util_close(tree, *h1);
+	}
+	if (h2 != NULL) {
+		smb2_util_close(tree, *h2);
+	}
+	smb2_deltree(tree, BASEDIR);
+
+	talloc_free(tree);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * Test durability v2 create replay detection on single channel.
+ * Do the original create with a lease, and do the replay
+ * with an oplock.
+ */
+static bool test_replay_dhv2_lease_oplock(struct torture_context *tctx,
+					  struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_handle _h1;
+	struct smb2_handle *h1 = NULL;
+	struct smb2_handle _h2;
+	struct smb2_handle *h2 = NULL;
+	struct smb2_create io1, io2, ref1;
+	struct GUID create_guid = GUID_random();
+	bool ret = true;
+	const char *fname = BASEDIR "\\replay2_lease1.dat";
+	struct smb2_transport *transport = tree->session->transport;
+	uint32_t share_capabilities;
+	bool share_is_so;
+	uint32_t server_capabilities;
+	struct smb2_lease ls1, ls2;
+	uint64_t lease_key;
+
+	if (smbXcli_conn_protocol(transport->conn) < PROTOCOL_SMB3_00) {
+		torture_skip(tctx, "SMB 3.X Dialect family required for "
+				   "replay tests\n");
+	}
+
+	server_capabilities = smb2cli_conn_server_capabilities(transport->conn);
+	if (!(server_capabilities & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	share_capabilities = smb2cli_tcon_capabilities(tree->smbXcli);
+	share_is_so = share_capabilities & SMB2_SHARE_CAP_SCALEOUT;
+
+	torture_reset_break_info(tctx, &break_info);
+	tree->session->transport->oplock.handler = torture_oplock_ack_handler;
+	tree->session->transport->oplock.private_data = tree;
+
+	torture_comment(tctx, "Replay of DurableHandleReqV2 with Lease "
+			      "on Single Channel\n");
+	smb2_util_unlink(tree, fname);
+	status = torture_smb2_testdir(tree, BASEDIR, &_h1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, _h1);
+	CHECK_VAL(break_info.count, 0);
+
+	lease_key = random();
+
+	smb2_lease_create(&io1, &ls1, false /* dir */, fname,
+			lease_key, smb2_util_lease_state("RH"));
+	io1.in.durable_open = false;
+	io1.in.durable_open_v2 = true;
+	io1.in.persistent_open = false;
+	io1.in.create_guid = create_guid;
+	io1.in.timeout = UINT32_MAX;
+
+	status = smb2_create(tree, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	ref1 = io1;
+	_h1 = io1.out.file.handle;
+	h1 = &_h1;
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io1.out.durable_open, false);
+	CHECK_VAL(io1.out.oplock_level, SMB2_OPLOCK_LEVEL_LEASE);
+	CHECK_VAL(io1.out.lease_response.lease_key.data[0], lease_key);
+	CHECK_VAL(io1.out.lease_response.lease_key.data[1], ~lease_key);
+	if (share_is_so) {
+		CHECK_VAL(io1.out.lease_response.lease_state,
+			  smb2_util_lease_state("R"));
+		CHECK_VAL(io1.out.durable_open_v2, false);
+		CHECK_VAL(io1.out.timeout, 0);
+	} else {
+		CHECK_VAL(io1.out.lease_response.lease_state,
+			  smb2_util_lease_state("RH"));
+		CHECK_VAL(io1.out.durable_open_v2, true);
+		CHECK_VAL(io1.out.timeout, 300*1000);
+	}
+
+	/*
+	 * Upgrade the lease to RWH
+	 */
+	smb2_lease_create(&io2, &ls2, false /* dir */, fname,
+			lease_key, smb2_util_lease_state("RHW"));
+	io2.in.durable_open = false;
+	io2.in.durable_open_v2 = true;
+	io2.in.persistent_open = false;
+	io2.in.create_guid = GUID_random(); /* new guid... */
+	io2.in.timeout = UINT32_MAX;
+
+	status = smb2_create(tree, mem_ctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h2 = io2.out.file.handle;
+	h2 = &_h2;
+
+	/*
+	 * Replay Durable V2 Create on single channel.
+	 * We get the io from open #1 but with the
+	 * upgraded lease.
+	 */
+
+	smb2_oplock_create_share(&io2, fname,
+			smb2_util_share_access(""),
+			smb2_util_oplock_level("b"));
+	io2.in.durable_open = false;
+	io2.in.durable_open_v2 = true;
+	io2.in.persistent_open = false;
+	io2.in.create_guid = create_guid;
+	io2.in.timeout = UINT32_MAX;
+
+	/* adapt expected lease in response */
+	if (!share_is_so) {
+		ref1.out.lease_response.lease_state =
+			smb2_util_lease_state("RHW");
+	}
+
+	smb2cli_session_start_replay(tree->session->smbXcli);
+	status = smb2_create(tree, mem_ctx, &io1);
+	smb2cli_session_stop_replay(tree->session->smbXcli);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATE_OUT(&io1, &ref1);
+	CHECK_VAL(break_info.count, 0);
+
+done:
+	smb2cli_session_stop_replay(tree->session->smbXcli);
+
+	if (h1 != NULL) {
+		smb2_util_close(tree, *h1);
+	}
+	if (h2 != NULL) {
+		smb2_util_close(tree, *h2);
+	}
+	smb2_deltree(tree, BASEDIR);
+
+	talloc_free(tree);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * This tests replay with a pending open on a single
+ * channel. It tests the case where the client2 open
+ * is deferred because it conflicts with a HANDLE lease,
+ * which is broken because the operation should otherwise
+ * return NT_STATUS_SHARING_VIOLATION.
+ *
+ * With a durablev2 request containing a create_guid:
+ * - client2_level = NONE:
+ *   but without asking for an oplock nor a lease.
+ * - client2_level = BATCH:
+ *   and asking for a batch oplock.
+ * - client2_level = LEASE
+ *   and asking for an RWH lease.
+ *
+ * While another client holds a batch oplock or
+ * RWH lease. (client1_level => LEASE or BATCH).
+ *
+ * There are two modes of this test one, with releaseing
+ * the oplock/lease of client1 via close or ack.
+ * (release_op SMB2_OP_CLOSE/SMB2_OP_BREAK).
+ *
+ * Windows doesn't detect replays in this case and
+ * always result in NT_STATUS_SHARING_VIOLATION.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ */
+static bool _test_dhv2_pending1_vs_violation(struct torture_context *tctx,
+					     const char *testname,
+					     struct smb2_tree *tree1,
+					     uint8_t client1_level,
+					     uint8_t release_op,
+					     struct smb2_tree *tree2,
+					     uint8_t client2_level,
+					     NTSTATUS orig21_reject_status,
+					     NTSTATUS replay22_reject_status,
+					     NTSTATUS replay23_reject_status)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_handle _h1;
+	struct smb2_handle *h1 = NULL;
+	struct smb2_handle *h2f = NULL;
+	struct smb2_handle _h21;
+	struct smb2_handle *h21 = NULL;
+	struct smb2_handle _h23;
+	struct smb2_handle *h23 = NULL;
+	struct smb2_handle _h24;
+	struct smb2_handle *h24 = NULL;
+	struct smb2_create io1, io21, io22, io23, io24;
+	struct GUID create_guid1 = GUID_random();
+	struct GUID create_guid2 = GUID_random();
+	struct smb2_request *req21 = NULL;
+	struct smb2_request *req22 = NULL;
+	bool ret = true;
+	char fname[256];
+	struct smb2_transport *transport1 = tree1->session->transport;
+	uint32_t server_capabilities;
+	uint32_t share_capabilities;
+	struct smb2_lease ls1;
+	uint64_t lease_key1;
+	uint16_t lease_epoch1 = 0;
+	struct smb2_break op_ack1;
+	struct smb2_lease_break_ack lb_ack1;
+	struct smb2_lease ls2;
+	uint64_t lease_key2;
+	uint16_t lease_epoch2 = 0;
+	bool share_is_so;
+	struct smb2_transport *transport2 = tree2->session->transport;
+	int request_timeout2 = transport2->options.request_timeout;
+	struct smb2_session *session2 = tree2->session;
+	const char *hold_name = NULL;
+
+	switch (client1_level) {
+	case SMB2_OPLOCK_LEVEL_LEASE:
+		hold_name = "RWH Lease";
+		break;
+	case SMB2_OPLOCK_LEVEL_BATCH:
+		hold_name = "BATCH Oplock";
+		break;
+	default:
+		smb_panic(__location__);
+		break;
+	}
+
+	if (smbXcli_conn_protocol(transport1->conn) < PROTOCOL_SMB3_00) {
+		torture_skip(tctx, "SMB 3.X Dialect family required for "
+				   "replay tests\n");
+	}
+
+	server_capabilities = smb2cli_conn_server_capabilities(transport1->conn);
+	if (!(server_capabilities & SMB2_CAP_LEASING)) {
+		if (client1_level == SMB2_OPLOCK_LEVEL_LEASE ||
+		    client2_level == SMB2_OPLOCK_LEVEL_LEASE) {
+			torture_skip(tctx, "leases are not supported");
+		}
+	}
+
+	share_capabilities = smb2cli_tcon_capabilities(tree1->smbXcli);
+	share_is_so = share_capabilities & SMB2_SHARE_CAP_SCALEOUT;
+	if (share_is_so) {
+		torture_skip(tctx, talloc_asprintf(tctx,
+			     "%s not supported on SCALEOUT share",
+			     hold_name));
+	}
+
+	/* Add some random component to the file name. */
+	snprintf(fname, sizeof(fname), "%s\\%s_%s.dat",
+		 BASEDIR, testname, generate_random_str(tctx, 8));
+
+	torture_reset_break_info(tctx, &break_info);
+	break_info.oplock_skip_ack = true;
+	ZERO_STRUCT(op_ack1);
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	lease_break_info.lease_skip_ack = true;
+	ZERO_STRUCT(lb_ack1);
+	transport1->oplock.handler = torture_oplock_ack_handler;
+	transport1->oplock.private_data = tree1;
+	transport1->lease.handler = torture_lease_handler;
+	transport1->lease.private_data = tree1;
+	smb2_keepalive(transport1);
+	transport2->oplock.handler = torture_oplock_ack_handler;
+	transport2->oplock.private_data = tree2;
+	transport2->lease.handler = torture_lease_handler;
+	transport2->lease.private_data = tree2;
+	smb2_keepalive(transport2);
+
+	smb2_util_unlink(tree1, fname);
+	status = torture_smb2_testdir(tree1, BASEDIR, &_h1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree1, _h1);
+	CHECK_VAL(break_info.count, 0);
+
+	lease_key1 = random();
+	if (client1_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		smb2_lease_v2_create(&io1, &ls1, false /* dir */, fname,
+			lease_key1, NULL, smb2_util_lease_state("RWH"), lease_epoch1++);
+	} else {
+		smb2_oplock_create(&io1, fname, SMB2_OPLOCK_LEVEL_BATCH);
+	}
+	io1.in.share_access = 0;
+	io1.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io1.in.durable_open = false;
+	io1.in.durable_open_v2 = true;
+	io1.in.persistent_open = false;
+	io1.in.create_guid = create_guid1;
+	io1.in.timeout = UINT32_MAX;
+
+	status = smb2_create(tree1, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h1 = io1.out.file.handle;
+	h1 = &_h1;
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io1.out.durable_open, false);
+	if (client1_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		CHECK_VAL(io1.out.oplock_level, SMB2_OPLOCK_LEVEL_LEASE);
+		CHECK_VAL(io1.out.lease_response_v2.lease_key.data[0], lease_key1);
+		CHECK_VAL(io1.out.lease_response_v2.lease_key.data[1], ~lease_key1);
+		CHECK_VAL(io1.out.lease_response_v2.lease_epoch, lease_epoch1);
+		CHECK_VAL(io1.out.lease_response_v2.lease_state,
+			  smb2_util_lease_state("RWH"));
+	} else {
+		CHECK_VAL(io1.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+	}
+	CHECK_VAL(io1.out.durable_open_v2, true);
+	CHECK_VAL(io1.out.timeout, 300*1000);
+
+	lease_key2 = random();
+	if (client2_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		smb2_lease_v2_create(&io21, &ls2, false /* dir */, fname,
+			lease_key2, NULL, smb2_util_lease_state("RWH"), lease_epoch2++);
+	} else {
+		smb2_oplock_create(&io21, fname, client2_level);
+	}
+	io21.in.share_access = 0;
+	io21.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io21.in.desired_access = SEC_RIGHTS_FILE_READ;
+	io21.in.durable_open = false;
+	io21.in.durable_open_v2 = true;
+	io21.in.persistent_open = false;
+	io21.in.create_guid = create_guid2;
+	io21.in.timeout = UINT32_MAX;
+	io24 = io23 = io22 = io21;
+
+	req21 = smb2_create_send(tree2, &io21);
+	torture_assert(tctx, req21 != NULL, "req21");
+
+	if (client1_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		const struct smb2_lease_break *lb =
+			&lease_break_info.lease_break;
+		const struct smb2_lease *l = &lb->current_lease;
+		const struct smb2_lease_key *k = &l->lease_key;
+
+		torture_wait_for_lease_break(tctx);
+		CHECK_VAL(break_info.count, 0);
+		CHECK_VAL(lease_break_info.count, 1);
+
+		torture_assert(tctx,
+			lease_break_info.lease_transport == transport1,
+			"expect lease break on transport1\n");
+		CHECK_VAL(k->data[0], lease_key1);
+		CHECK_VAL(k->data[1], ~lease_key1);
+		/*
+		 * With share none the handle lease
+		 * is broken.
+		 */
+		CHECK_VAL(lb->new_lease_state,
+			  smb2_util_lease_state("RW"));
+		CHECK_VAL(lb->break_flags,
+			  SMB2_NOTIFY_BREAK_LEASE_FLAG_ACK_REQUIRED);
+		CHECK_VAL(lb->new_epoch, lease_epoch1+1);
+		lease_epoch1 += 1;
+
+		lb_ack1.in.lease.lease_key = lb->current_lease.lease_key;
+		lb_ack1.in.lease.lease_state = lb->new_lease_state;
+	} else {
+		torture_wait_for_oplock_break(tctx);
+		CHECK_VAL(break_info.count, 1);
+		CHECK_VAL(lease_break_info.count, 0);
+
+		torture_assert(tctx,
+			break_info.received_transport == transport1,
+			"expect oplock break on transport1\n");
+		CHECK_VAL(break_info.handle.data[0], _h1.data[0]);
+		CHECK_VAL(break_info.handle.data[1], _h1.data[1]);
+		CHECK_VAL(break_info.level, SMB2_OPLOCK_LEVEL_II);
+
+		op_ack1.in = break_info.br.in;
+	}
+
+	torture_reset_break_info(tctx, &break_info);
+	break_info.oplock_skip_ack = true;
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	lease_break_info.lease_skip_ack = true;
+
+	WAIT_FOR_ASYNC_RESPONSE(tctx, req21);
+
+	if (client1_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		torture_wait_for_lease_break(tctx);
+	} else {
+		torture_wait_for_oplock_break(tctx);
+	}
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(lease_break_info.count, 0);
+
+	if (NT_STATUS_EQUAL(replay22_reject_status, NT_STATUS_SHARING_VIOLATION)) {
+		/*
+		 * The server is broken and doesn't
+		 * detect a replay, so we start an async
+		 * request and send a lease break ack
+		 * after 5 seconds in order to avoid
+		 * the 35 second delay.
+		 */
+		torture_comment(tctx, "Starting ASYNC Replay req22 expecting %s\n",
+				nt_errstr(replay22_reject_status));
+		smb2cli_session_start_replay(session2->smbXcli);
+		transport2->options.request_timeout = 15;
+		req22 = smb2_create_send(tree2, &io22);
+		torture_assert(tctx, req22 != NULL, "req22");
+		transport2->options.request_timeout = request_timeout2;
+		smb2cli_session_stop_replay(session2->smbXcli);
+
+		WAIT_FOR_ASYNC_RESPONSE(tctx, req22);
+	} else {
+		torture_comment(tctx, "SYNC Replay io22 expecting %s\n",
+				nt_errstr(replay22_reject_status));
+		smb2cli_session_start_replay(session2->smbXcli);
+		transport2->options.request_timeout = 5;
+		status = smb2_create(tree2, tctx, &io22);
+		CHECK_STATUS(status, replay22_reject_status);
+		transport2->options.request_timeout = request_timeout2;
+		smb2cli_session_stop_replay(session2->smbXcli);
+	}
+
+	/*
+	 * We don't expect any action for 35 seconds
+	 *
+	 * But we sleep just 5 seconds before we
+	 * ack the break.
+	 */
+	if (client1_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		torture_wait_for_lease_break(tctx);
+		torture_wait_for_lease_break(tctx);
+		torture_wait_for_lease_break(tctx);
+		torture_wait_for_lease_break(tctx);
+		torture_wait_for_lease_break(tctx);
+		CHECK_VAL(break_info.count, 0);
+		CHECK_VAL(lease_break_info.count, 0);
+
+		if (release_op == SMB2_OP_CLOSE) {
+			torture_comment(tctx, "Closing h1\n");
+			smb2_util_close(tree1, _h1);
+			h1 = NULL;
+		} else {
+			torture_comment(tctx, "Acking lease_key1\n");
+			status = smb2_lease_break_ack(tree1, &lb_ack1);
+			CHECK_STATUS(status, NT_STATUS_OK);
+			CHECK_VAL(lb_ack1.out.lease.lease_flags, 0);
+			CHECK_VAL(lb_ack1.out.lease.lease_state, lb_ack1.in.lease.lease_state);
+			CHECK_VAL(lb_ack1.out.lease.lease_key.data[0], lease_key1);
+			CHECK_VAL(lb_ack1.out.lease.lease_key.data[1], ~lease_key1);
+			CHECK_VAL(lb_ack1.out.lease.lease_duration, 0);
+		}
+	} else {
+		torture_wait_for_oplock_break(tctx);
+		torture_wait_for_oplock_break(tctx);
+		torture_wait_for_oplock_break(tctx);
+		torture_wait_for_oplock_break(tctx);
+		torture_wait_for_oplock_break(tctx);
+		CHECK_VAL(break_info.count, 0);
+		CHECK_VAL(lease_break_info.count, 0);
+
+		if (release_op == SMB2_OP_CLOSE) {
+			torture_comment(tctx, "Closing h1\n");
+			smb2_util_close(tree1, _h1);
+			h1 = NULL;
+		} else {
+			torture_comment(tctx, "Acking break h1\n");
+			status = smb2_break(tree1, &op_ack1);
+			CHECK_STATUS(status, NT_STATUS_OK);
+			CHECK_VAL(op_ack1.out.oplock_level, op_ack1.in.oplock_level);
+		}
+	}
+
+	torture_comment(tctx, "Checking req21 expecting %s\n",
+			nt_errstr(orig21_reject_status));
+	status = smb2_create_recv(req21, tctx, &io21);
+	CHECK_STATUS(status, orig21_reject_status);
+	if (NT_STATUS_IS_OK(orig21_reject_status)) {
+		_h21 = io21.out.file.handle;
+		h21 = &_h21;
+		if (h2f == NULL) {
+			h2f = h21;
+		}
+		CHECK_VAL(h21->data[0], h2f->data[0]);
+		CHECK_VAL(h21->data[1], h2f->data[1]);
+		CHECK_CREATED(&io21, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+		CHECK_VAL(io21.out.oplock_level, client2_level);
+		CHECK_VAL(io21.out.durable_open, false);
+		if (client2_level == SMB2_OPLOCK_LEVEL_LEASE) {
+			CHECK_VAL(io21.out.lease_response_v2.lease_key.data[0], lease_key2);
+			CHECK_VAL(io21.out.lease_response_v2.lease_key.data[1], ~lease_key2);
+			CHECK_VAL(io21.out.lease_response_v2.lease_epoch, lease_epoch2);
+			CHECK_VAL(io21.out.lease_response_v2.lease_state,
+				  smb2_util_lease_state("RHW"));
+			CHECK_VAL(io21.out.durable_open_v2, true);
+			CHECK_VAL(io21.out.timeout, 300*1000);
+		} else if (client2_level == SMB2_OPLOCK_LEVEL_BATCH) {
+			CHECK_VAL(io21.out.durable_open_v2, true);
+			CHECK_VAL(io21.out.timeout, 300*1000);
+		} else {
+			CHECK_VAL(io21.out.durable_open_v2, false);
+		}
+	}
+
+	if (NT_STATUS_EQUAL(replay22_reject_status, NT_STATUS_SHARING_VIOLATION)) {
+		torture_comment(tctx, "Checking req22 expecting %s\n",
+				nt_errstr(replay22_reject_status));
+		status = smb2_create_recv(req22, tctx, &io22);
+		CHECK_STATUS(status, replay22_reject_status);
+	}
+
+	torture_comment(tctx, "SYNC Replay io23 expecting %s\n",
+			nt_errstr(replay23_reject_status));
+	smb2cli_session_start_replay(session2->smbXcli);
+	transport2->options.request_timeout = 5;
+	status = smb2_create(tree2, tctx, &io23);
+	transport2->options.request_timeout = request_timeout2;
+	CHECK_STATUS(status, replay23_reject_status);
+	smb2cli_session_stop_replay(session2->smbXcli);
+	if (NT_STATUS_IS_OK(replay23_reject_status)) {
+		_h23 = io23.out.file.handle;
+		h23 = &_h23;
+		if (h2f == NULL) {
+			h2f = h23;
+		}
+		CHECK_VAL(h23->data[0], h2f->data[0]);
+		CHECK_VAL(h23->data[1], h2f->data[1]);
+		CHECK_CREATED(&io23, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+		CHECK_VAL(io23.out.oplock_level, client2_level);
+		CHECK_VAL(io23.out.durable_open, false);
+		if (client2_level == SMB2_OPLOCK_LEVEL_LEASE) {
+			CHECK_VAL(io23.out.lease_response_v2.lease_key.data[0], lease_key2);
+			CHECK_VAL(io23.out.lease_response_v2.lease_key.data[1], ~lease_key2);
+			CHECK_VAL(io23.out.lease_response_v2.lease_epoch, lease_epoch2);
+			CHECK_VAL(io23.out.lease_response_v2.lease_state,
+				  smb2_util_lease_state("RHW"));
+			CHECK_VAL(io23.out.durable_open_v2, true);
+			CHECK_VAL(io23.out.timeout, 300*1000);
+		} else if (client2_level == SMB2_OPLOCK_LEVEL_BATCH) {
+			CHECK_VAL(io23.out.durable_open_v2, true);
+			CHECK_VAL(io23.out.timeout, 300*1000);
+		} else {
+			CHECK_VAL(io23.out.durable_open_v2, false);
+		}
+	}
+
+	if (client1_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		torture_wait_for_lease_break(tctx);
+	} else {
+		torture_wait_for_oplock_break(tctx);
+	}
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(lease_break_info.count, 0);
+
+	if (client1_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		torture_wait_for_lease_break(tctx);
+	} else {
+		torture_wait_for_oplock_break(tctx);
+	}
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(lease_break_info.count, 0);
+
+	if (h1 != NULL) {
+		torture_comment(tctx, "Closing h1\n");
+		smb2_util_close(tree1, _h1);
+		h1 = NULL;
+	}
+
+	if (client1_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		torture_wait_for_lease_break(tctx);
+	} else {
+		torture_wait_for_oplock_break(tctx);
+	}
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(lease_break_info.count, 0);
+
+	torture_comment(tctx, "SYNC Replay io24 expecting %s\n",
+			nt_errstr(NT_STATUS_OK));
+	smb2cli_session_start_replay(session2->smbXcli);
+	transport2->options.request_timeout = 5;
+	status = smb2_create(tree2, tctx, &io24);
+	transport2->options.request_timeout = request_timeout2;
+	smb2cli_session_stop_replay(session2->smbXcli);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h24 = io24.out.file.handle;
+	h24 = &_h24;
+	if (h2f == NULL) {
+		h2f = h24;
+	}
+	CHECK_VAL(h24->data[0], h2f->data[0]);
+	CHECK_VAL(h24->data[1], h2f->data[1]);
+	CHECK_CREATED(&io24, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io24.out.oplock_level, client2_level);
+	CHECK_VAL(io24.out.durable_open, false);
+	if (client2_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		CHECK_VAL(io24.out.lease_response_v2.lease_key.data[0], lease_key2);
+		CHECK_VAL(io24.out.lease_response_v2.lease_key.data[1], ~lease_key2);
+		CHECK_VAL(io24.out.lease_response_v2.lease_epoch, lease_epoch2);
+		CHECK_VAL(io24.out.lease_response_v2.lease_state,
+			  smb2_util_lease_state("RHW"));
+		CHECK_VAL(io24.out.durable_open_v2, true);
+		CHECK_VAL(io24.out.timeout, 300*1000);
+	} else if (client2_level == SMB2_OPLOCK_LEVEL_BATCH) {
+		CHECK_VAL(io24.out.durable_open_v2, true);
+		CHECK_VAL(io24.out.timeout, 300*1000);
+	} else {
+		CHECK_VAL(io24.out.durable_open_v2, false);
+	}
+
+	if (client1_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		torture_wait_for_lease_break(tctx);
+	} else {
+		torture_wait_for_oplock_break(tctx);
+	}
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(lease_break_info.count, 0);
+	status = smb2_util_close(tree2, *h24);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h24 = NULL;
+
+	if (client1_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		torture_wait_for_lease_break(tctx);
+	} else {
+		torture_wait_for_oplock_break(tctx);
+	}
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(lease_break_info.count, 0);
+
+done:
+
+	smbXcli_conn_disconnect(transport2->conn, NT_STATUS_LOCAL_DISCONNECT);
+
+	if (h1 != NULL) {
+		smb2_util_close(tree1, *h1);
+	}
+
+	smb2_deltree(tree1, BASEDIR);
+
+	TALLOC_FREE(tree1);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/*
+ * This tests replay with a pending open on a single
+ * channel. It tests the case where the client2 open
+ * is deferred because it conflicts with a HANDLE lease,
+ * which is broken because the operation should otherwise
+ * return NT_STATUS_SHARING_VIOLATION.
+ *
+ * With a durablev2 request containing a create_guid,
+ * but without asking for an oplock nor a lease.
+ *
+ * While another client holds an RWH lease,
+ * which is released by a close.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the sane reject status of
+ * NT_STATUS_FILE_NOT_AVAILABLE.
+ *
+ * It won't pass against Windows as it returns
+ * NT_STATUS_SHARING_VIOLATION to the replay (after
+ * 35 seconds), and this tests reports NT_STATUS_IO_TIMEOUT,
+ * as it expects a NT_STATUS_FILE_NOT_AVAILABLE within 5 seconds.
+ * see test_dhv2_pending1n_vs_violation_lease_close_windows().
+ */
+static bool test_dhv2_pending1n_vs_violation_lease_close_sane(struct torture_context *tctx,
+							      struct smb2_tree *tree1,
+							      struct smb2_tree *tree2)
+{
+	return _test_dhv2_pending1_vs_violation(tctx, __func__,
+						tree1,
+						SMB2_OPLOCK_LEVEL_LEASE,
+						SMB2_OP_CLOSE,
+						tree2,
+						SMB2_OPLOCK_LEVEL_NONE,
+						NT_STATUS_OK,
+						NT_STATUS_FILE_NOT_AVAILABLE,
+						NT_STATUS_OK);
+}
+
+/*
+ * This tests replay with a pending open on a single
+ * channel. It tests the case where the client2 open
+ * is deferred because it conflicts with a HANDLE lease,
+ * which is broken because the operation should otherwise
+ * return NT_STATUS_SHARING_VIOLATION.
+ *
+ * With a durablev2 request containing a create_guid,
+ * but without asking for an oplock nor a lease.
+ *
+ * While another client holds an RWH lease,
+ * which is released by a close.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the strange behavior of ignoring the
+ * replay, which is returned done by Windows Servers.
+ *
+ * It won't pass against Samba as it returns
+ * NT_STATUS_FILE_NOT_AVAILABLE
+ * see test_dhv2_pending1n_vs_violation_lease_close_sane().
+ */
+static bool test_dhv2_pending1n_vs_violation_lease_close_windows(struct torture_context *tctx,
+								 struct smb2_tree *tree1,
+								 struct smb2_tree *tree2)
+{
+	return _test_dhv2_pending1_vs_violation(tctx, __func__,
+						tree1,
+						SMB2_OPLOCK_LEVEL_LEASE,
+						SMB2_OP_CLOSE,
+						tree2,
+						SMB2_OPLOCK_LEVEL_NONE,
+						NT_STATUS_OK,
+						NT_STATUS_SHARING_VIOLATION,
+						NT_STATUS_OK);
+}
+
+/*
+ * This tests replay with a pending open on a single
+ * channel. It tests the case where the client2 open
+ * is deferred because it conflicts with a HANDLE lease,
+ * which is broken because the operation should otherwise
+ * return NT_STATUS_SHARING_VIOLATION.
+ *
+ * With a durablev2 request containing a create_guid,
+ * but without asking for an oplock nor a lease.
+ *
+ * While another client holds an RWH lease,
+ * which is released by a lease break ack.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the sane reject status of
+ * NT_STATUS_FILE_NOT_AVAILABLE.
+ *
+ * It won't pass against Windows as it returns
+ * NT_STATUS_SHARING_VIOLATION to the replay (after
+ * 35 seconds), and this tests reports NT_STATUS_IO_TIMEOUT,
+ * as it expects a NT_STATUS_FILE_NOT_AVAILABLE within 5 seconds.
+ * see test_dhv2_pending1n_vs_violation_lease_ack_windows().
+ */
+static bool test_dhv2_pending1n_vs_violation_lease_ack_sane(struct torture_context *tctx,
+							    struct smb2_tree *tree1,
+							    struct smb2_tree *tree2)
+{
+	return _test_dhv2_pending1_vs_violation(tctx, __func__,
+						tree1,
+						SMB2_OPLOCK_LEVEL_LEASE,
+						SMB2_OP_BREAK,
+						tree2,
+						SMB2_OPLOCK_LEVEL_NONE,
+						NT_STATUS_SHARING_VIOLATION,
+						NT_STATUS_FILE_NOT_AVAILABLE,
+						NT_STATUS_SHARING_VIOLATION);
+}
+
+/*
+ * This tests replay with a pending open on a single
+ * channel. It tests the case where the client2 open
+ * is deferred because it conflicts with a HANDLE lease,
+ * which is broken because the operation should otherwise
+ * return NT_STATUS_SHARING_VIOLATION.
+ *
+ * With a durablev2 request containing a create_guid,
+ * but without asking for an oplock nor a lease.
+ *
+ * While another client holds an RWH lease,
+ * which is released by a close.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the strange behavior of ignoring the
+ * replay, which is returned done by Windows Servers.
+ *
+ * It won't pass against Samba as it returns
+ * NT_STATUS_FILE_NOT_AVAILABLE
+ * see test_dhv2_pending1n_vs_violation_lease_ack_sane().
+ */
+static bool test_dhv2_pending1n_vs_violation_lease_ack_windows(struct torture_context *tctx,
+							       struct smb2_tree *tree1,
+							       struct smb2_tree *tree2)
+{
+	return _test_dhv2_pending1_vs_violation(tctx, __func__,
+						tree1,
+						SMB2_OPLOCK_LEVEL_LEASE,
+						SMB2_OP_BREAK,
+						tree2,
+						SMB2_OPLOCK_LEVEL_NONE,
+						NT_STATUS_SHARING_VIOLATION,
+						NT_STATUS_SHARING_VIOLATION,
+						NT_STATUS_SHARING_VIOLATION);
+}
+
+/**
+ * This tests replay with a pending open on a single
+ * channel.
+ *
+ * With a durablev2 request containing a create_guid and
+ * a share_access of READ/WRITE/DELETE:
+ * - client2_level = NONE:
+ *   but without asking for an oplock nor a lease.
+ * - client2_level = BATCH:
+ *   and asking for a batch oplock.
+ * - client2_level = LEASE
+ *   and asking for an RWH lease.
+ *
+ * While another client holds a batch oplock or
+ * RWH lease. (client1_level => LEASE or BATCH).
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ */
+static bool _test_dhv2_pending1_vs_hold(struct torture_context *tctx,
+					const char *testname,
+					uint8_t client1_level,
+					uint8_t client2_level,
+					NTSTATUS reject_status,
+					struct smb2_tree *tree1,
+					struct smb2_tree *tree2)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_handle _h1;
+	struct smb2_handle *h1 = NULL;
+	struct smb2_handle _h21;
+	struct smb2_handle *h21 = NULL;
+	struct smb2_handle _h24;
+	struct smb2_handle *h24 = NULL;
+	struct smb2_create io1, io21, io22, io23, io24;
+	struct GUID create_guid1 = GUID_random();
+	struct GUID create_guid2 = GUID_random();
+	struct smb2_request *req21 = NULL;
+	bool ret = true;
+	char fname[256];
+	struct smb2_transport *transport1 = tree1->session->transport;
+	uint32_t server_capabilities;
+	uint32_t share_capabilities;
+	struct smb2_lease ls1;
+	uint64_t lease_key1;
+	uint16_t lease_epoch1 = 0;
+	struct smb2_lease ls2;
+	uint64_t lease_key2;
+	uint16_t lease_epoch2 = 0;
+	bool share_is_so;
+	struct smb2_transport *transport2 = tree2->session->transport;
+	int request_timeout2 = transport2->options.request_timeout;
+	struct smb2_session *session2 = tree2->session;
+	const char *hold_name = NULL;
+
+	switch (client1_level) {
+	case SMB2_OPLOCK_LEVEL_LEASE:
+		hold_name = "RWH Lease";
+		break;
+	case SMB2_OPLOCK_LEVEL_BATCH:
+		hold_name = "BATCH Oplock";
+		break;
+	default:
+		smb_panic(__location__);
+		break;
+	}
+
+	if (smbXcli_conn_protocol(transport1->conn) < PROTOCOL_SMB3_00) {
+		torture_skip(tctx, "SMB 3.X Dialect family required for "
+				   "replay tests\n");
+	}
+
+	server_capabilities = smb2cli_conn_server_capabilities(transport1->conn);
+	if (!(server_capabilities & SMB2_CAP_LEASING)) {
+		if (client1_level == SMB2_OPLOCK_LEVEL_LEASE ||
+		    client2_level == SMB2_OPLOCK_LEVEL_LEASE) {
+			torture_skip(tctx, "leases are not supported");
+		}
+	}
+
+	share_capabilities = smb2cli_tcon_capabilities(tree1->smbXcli);
+	share_is_so = share_capabilities & SMB2_SHARE_CAP_SCALEOUT;
+	if (share_is_so) {
+		torture_skip(tctx, talloc_asprintf(tctx,
+			     "%s not supported on SCALEOUT share",
+			     hold_name));
+	}
+
+	/* Add some random component to the file name. */
+	snprintf(fname, sizeof(fname), "%s\\%s_%s.dat",
+		 BASEDIR, testname, generate_random_str(tctx, 8));
+
+	torture_reset_break_info(tctx, &break_info);
+	break_info.oplock_skip_ack = true;
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	lease_break_info.lease_skip_ack = true;
+	transport1->oplock.handler = torture_oplock_ack_handler;
+	transport1->oplock.private_data = tree1;
+	transport1->lease.handler = torture_lease_handler;
+	transport1->lease.private_data = tree1;
+	smb2_keepalive(transport1);
+	transport2->oplock.handler = torture_oplock_ack_handler;
+	transport2->oplock.private_data = tree2;
+	transport2->lease.handler = torture_lease_handler;
+	transport2->lease.private_data = tree2;
+	smb2_keepalive(transport2);
+
+	smb2_util_unlink(tree1, fname);
+	status = torture_smb2_testdir(tree1, BASEDIR, &_h1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree1, _h1);
+	CHECK_VAL(break_info.count, 0);
+
+	lease_key1 = random();
+	if (client1_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		smb2_lease_v2_create(&io1, &ls1, false /* dir */, fname,
+			lease_key1, NULL, smb2_util_lease_state("RWH"), lease_epoch1++);
+	} else {
+		smb2_oplock_create(&io1, fname, SMB2_OPLOCK_LEVEL_BATCH);
+	}
+	io1.in.share_access = smb2_util_share_access("RWD");
+	io1.in.durable_open = false;
+	io1.in.durable_open_v2 = true;
+	io1.in.persistent_open = false;
+	io1.in.create_guid = create_guid1;
+	io1.in.timeout = UINT32_MAX;
+
+	status = smb2_create(tree1, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h1 = io1.out.file.handle;
+	h1 = &_h1;
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io1.out.durable_open, false);
+	if (client1_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		CHECK_VAL(io1.out.oplock_level, SMB2_OPLOCK_LEVEL_LEASE);
+		CHECK_VAL(io1.out.lease_response_v2.lease_key.data[0], lease_key1);
+		CHECK_VAL(io1.out.lease_response_v2.lease_key.data[1], ~lease_key1);
+		CHECK_VAL(io1.out.lease_response_v2.lease_epoch, lease_epoch1);
+		CHECK_VAL(io1.out.lease_response_v2.lease_state,
+			  smb2_util_lease_state("RHW"));
+	} else {
+		CHECK_VAL(io1.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+	}
+	CHECK_VAL(io1.out.durable_open_v2, true);
+	CHECK_VAL(io1.out.timeout, 300*1000);
+
+	lease_key2 = random();
+	if (client2_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		smb2_lease_v2_create(&io21, &ls2, false /* dir */, fname,
+			lease_key2, NULL, smb2_util_lease_state("RWH"), lease_epoch2++);
+	} else {
+		smb2_oplock_create(&io21, fname, client2_level);
+	}
+	io21.in.share_access = smb2_util_share_access("RWD");
+	io21.in.durable_open = false;
+	io21.in.durable_open_v2 = true;
+	io21.in.persistent_open = false;
+	io21.in.create_guid = create_guid2;
+	io21.in.timeout = UINT32_MAX;
+	io24 = io23 = io22 = io21;
+
+	req21 = smb2_create_send(tree2, &io21);
+	torture_assert(tctx, req21 != NULL, "req21");
+
+	if (client1_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		const struct smb2_lease_break *lb =
+			&lease_break_info.lease_break;
+		const struct smb2_lease *l = &lb->current_lease;
+		const struct smb2_lease_key *k = &l->lease_key;
+
+		torture_wait_for_lease_break(tctx);
+		CHECK_VAL(break_info.count, 0);
+		CHECK_VAL(lease_break_info.count, 1);
+
+		torture_assert(tctx,
+			lease_break_info.lease_transport == transport1,
+			"expect lease break on transport1\n");
+		CHECK_VAL(k->data[0], lease_key1);
+		CHECK_VAL(k->data[1], ~lease_key1);
+		CHECK_VAL(lb->new_lease_state,
+			  smb2_util_lease_state("RH"));
+		CHECK_VAL(lb->break_flags,
+			  SMB2_NOTIFY_BREAK_LEASE_FLAG_ACK_REQUIRED);
+		CHECK_VAL(lb->new_epoch, lease_epoch1+1);
+		lease_epoch1 += 1;
+	} else {
+		torture_wait_for_oplock_break(tctx);
+		CHECK_VAL(break_info.count, 1);
+		CHECK_VAL(lease_break_info.count, 0);
+
+		torture_assert(tctx,
+			break_info.received_transport == transport1,
+			"expect oplock break on transport1\n");
+		CHECK_VAL(break_info.handle.data[0], _h1.data[0]);
+		CHECK_VAL(break_info.handle.data[1], _h1.data[1]);
+		CHECK_VAL(break_info.level, SMB2_OPLOCK_LEVEL_II);
+	}
+
+	torture_reset_break_info(tctx, &break_info);
+	break_info.oplock_skip_ack = true;
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	lease_break_info.lease_skip_ack = true;
+
+	WAIT_FOR_ASYNC_RESPONSE(tctx, req21);
+
+	if (client1_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		torture_wait_for_lease_break(tctx);
+	} else {
+		torture_wait_for_oplock_break(tctx);
+	}
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(lease_break_info.count, 0);
+
+	smb2cli_session_start_replay(session2->smbXcli);
+	transport2->options.request_timeout = 5;
+	status = smb2_create(tree2, tctx, &io22);
+	transport2->options.request_timeout = request_timeout2;
+	CHECK_STATUS(status, reject_status);
+	smb2cli_session_stop_replay(session2->smbXcli);
+
+	if (client1_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		torture_wait_for_lease_break(tctx);
+	} else {
+		torture_wait_for_oplock_break(tctx);
+	}
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(lease_break_info.count, 0);
+
+	smb2cli_session_start_replay(session2->smbXcli);
+	transport2->options.request_timeout = 5;
+	status = smb2_create(tree2, tctx, &io23);
+	transport2->options.request_timeout = request_timeout2;
+	CHECK_STATUS(status, reject_status);
+	smb2cli_session_stop_replay(session2->smbXcli);
+
+	if (client1_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		torture_wait_for_lease_break(tctx);
+	} else {
+		torture_wait_for_oplock_break(tctx);
+	}
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(lease_break_info.count, 0);
+
+	smb2_util_close(tree1, _h1);
+	h1 = NULL;
+
+	status = smb2_create_recv(req21, tctx, &io21);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h21 = io21.out.file.handle;
+	h21 = &_h21;
+	CHECK_CREATED(&io21, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io21.out.oplock_level, client2_level);
+	CHECK_VAL(io21.out.durable_open, false);
+	if (client2_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		CHECK_VAL(io21.out.lease_response_v2.lease_key.data[0], lease_key2);
+		CHECK_VAL(io21.out.lease_response_v2.lease_key.data[1], ~lease_key2);
+		CHECK_VAL(io21.out.lease_response_v2.lease_epoch, lease_epoch2);
+		CHECK_VAL(io21.out.lease_response_v2.lease_state,
+			  smb2_util_lease_state("RHW"));
+		CHECK_VAL(io21.out.durable_open_v2, true);
+		CHECK_VAL(io21.out.timeout, 300*1000);
+	} else if (client2_level == SMB2_OPLOCK_LEVEL_BATCH) {
+		CHECK_VAL(io21.out.durable_open_v2, true);
+		CHECK_VAL(io21.out.timeout, 300*1000);
+	} else {
+		CHECK_VAL(io21.out.durable_open_v2, false);
+	}
+
+	if (client1_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		torture_wait_for_lease_break(tctx);
+	} else {
+		torture_wait_for_oplock_break(tctx);
+	}
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(lease_break_info.count, 0);
+
+	smb2cli_session_start_replay(session2->smbXcli);
+	status = smb2_create(tree2, tctx, &io24);
+	smb2cli_session_stop_replay(session2->smbXcli);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h24 = io24.out.file.handle;
+	h24 = &_h24;
+	CHECK_CREATED(&io24, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(h24->data[0], h21->data[0]);
+	CHECK_VAL(h24->data[1], h21->data[1]);
+	CHECK_VAL(io24.out.oplock_level, client2_level);
+	CHECK_VAL(io24.out.durable_open, false);
+	if (client2_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		CHECK_VAL(io24.out.lease_response_v2.lease_key.data[0], lease_key2);
+		CHECK_VAL(io24.out.lease_response_v2.lease_key.data[1], ~lease_key2);
+		CHECK_VAL(io24.out.lease_response_v2.lease_epoch, lease_epoch2);
+		CHECK_VAL(io24.out.lease_response_v2.lease_state,
+			  smb2_util_lease_state("RHW"));
+		CHECK_VAL(io24.out.durable_open_v2, true);
+		CHECK_VAL(io24.out.timeout, 300*1000);
+	} else if (client2_level == SMB2_OPLOCK_LEVEL_BATCH) {
+		CHECK_VAL(io24.out.durable_open_v2, true);
+		CHECK_VAL(io24.out.timeout, 300*1000);
+	} else {
+		CHECK_VAL(io24.out.durable_open_v2, false);
+	}
+
+	if (client1_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		torture_wait_for_lease_break(tctx);
+	} else {
+		torture_wait_for_oplock_break(tctx);
+	}
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(lease_break_info.count, 0);
+	status = smb2_util_close(tree2, *h24);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h24 = NULL;
+
+	if (client1_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		torture_wait_for_lease_break(tctx);
+	} else {
+		torture_wait_for_oplock_break(tctx);
+	}
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(lease_break_info.count, 0);
+
+done:
+
+	smbXcli_conn_disconnect(transport2->conn, NT_STATUS_LOCAL_DISCONNECT);
+
+	if (h1 != NULL) {
+		smb2_util_close(tree1, *h1);
+	}
+
+	smb2_deltree(tree1, BASEDIR);
+
+	TALLOC_FREE(tree1);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * This tests replay with a pending open on a single
+ * channel.
+ *
+ * With a durablev2 request containing a create_guid,
+ * a share_access of READ/WRITE/DELETE,
+ * but without asking for an oplock nor a lease.
+ *
+ * While another client holds a batch oplock.
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the sane reject status of
+ * NT_STATUS_FILE_NOT_AVAILABLE.
+ *
+ * It won't pass against Windows as it returns
+ * NT_STATUS_ACCESS_DENIED see
+ * test_dhv2_pending1n_vs_oplock_windows().
+ */
+static bool test_dhv2_pending1n_vs_oplock_sane(struct torture_context *tctx,
+					       struct smb2_tree *tree1,
+					       struct smb2_tree *tree2)
+{
+	return _test_dhv2_pending1_vs_hold(tctx, __func__,
+					   SMB2_OPLOCK_LEVEL_BATCH,
+					   SMB2_OPLOCK_LEVEL_NONE,
+					   NT_STATUS_FILE_NOT_AVAILABLE,
+					   tree1, tree2);
+}
+
+/**
+ * This tests replay with a pending open on a single
+ * channel.
+ *
+ * With a durablev2 request containing a create_guid,
+ * a share_access of READ/WRITE/DELETE,
+ * but without asking for an oplock nor a lease.
+ *
+ * While another client holds a batch oplock.
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the strange reject status of
+ * NT_STATUS_ACCESS_DENIED, which is returned
+ * by Windows Servers.
+ *
+ * It won't pass against Samba as it returns
+ * NT_STATUS_FILE_NOT_AVAILABLE. see
+ * test_dhv2_pending1n_vs_oplock_sane.
+ */
+static bool test_dhv2_pending1n_vs_oplock_windows(struct torture_context *tctx,
+						  struct smb2_tree *tree1,
+						  struct smb2_tree *tree2)
+{
+	return _test_dhv2_pending1_vs_hold(tctx, __func__,
+					   SMB2_OPLOCK_LEVEL_BATCH,
+					   SMB2_OPLOCK_LEVEL_NONE,
+					   NT_STATUS_ACCESS_DENIED,
+					   tree1, tree2);
+}
+
+/**
+ * This tests replay with a pending open on a single
+ * channel.
+ *
+ * With a durablev2 request containing a create_guid,
+ * a share_access of READ/WRITE/DELETE,
+ * but without asking for an oplock nor a lease.
+ *
+ * While another client holds an RWH lease.
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the sane reject status of
+ * NT_STATUS_FILE_NOT_AVAILABLE.
+ *
+ * It won't pass against Windows as it returns
+ * NT_STATUS_ACCESS_DENIED see
+ * test_dhv2_pending1n_vs_lease_windows().
+ */
+static bool test_dhv2_pending1n_vs_lease_sane(struct torture_context *tctx,
+					      struct smb2_tree *tree1,
+					      struct smb2_tree *tree2)
+{
+	return _test_dhv2_pending1_vs_hold(tctx, __func__,
+					   SMB2_OPLOCK_LEVEL_LEASE,
+					   SMB2_OPLOCK_LEVEL_NONE,
+					   NT_STATUS_FILE_NOT_AVAILABLE,
+					   tree1, tree2);
+}
+
+/**
+ * This tests replay with a pending open on a single
+ * channel.
+ *
+ * With a durablev2 request containing a create_guid,
+ * a share_access of READ/WRITE/DELETE,
+ * but without asking for an oplock nor a lease.
+ *
+ * While another client holds an RWH lease.
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the strange reject status of
+ * NT_STATUS_ACCESS_DENIED, which is returned
+ * by Windows Servers.
+ *
+ * It won't pass against Samba as it returns
+ * NT_STATUS_FILE_NOT_AVAILABLE. see
+ * test_dhv2_pending1n_vs_lease_sane.
+ */
+static bool test_dhv2_pending1n_vs_lease_windows(struct torture_context *tctx,
+						 struct smb2_tree *tree1,
+						 struct smb2_tree *tree2)
+{
+	return _test_dhv2_pending1_vs_hold(tctx, __func__,
+					   SMB2_OPLOCK_LEVEL_LEASE,
+					   SMB2_OPLOCK_LEVEL_NONE,
+					   NT_STATUS_ACCESS_DENIED,
+					   tree1, tree2);
+}
+
+/**
+ * This tests replay with a pending open on a single
+ * channel.
+ *
+ * With a durablev2 request containing a create_guid,
+ * a share_access of READ/WRITE/DELETE,
+ * and asking for a v2 lease.
+ *
+ * While another client holds a batch oplock.
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the sane reject status of
+ * NT_STATUS_FILE_NOT_AVAILABLE.
+ *
+ * It won't pass against Windows as it returns
+ * NT_STATUS_ACCESS_DENIED see
+ * test_dhv2_pending1l_vs_oplock_windows().
+ */
+static bool test_dhv2_pending1l_vs_oplock_sane(struct torture_context *tctx,
+					       struct smb2_tree *tree1,
+					       struct smb2_tree *tree2)
+{
+	return _test_dhv2_pending1_vs_hold(tctx, __func__,
+					   SMB2_OPLOCK_LEVEL_BATCH,
+					   SMB2_OPLOCK_LEVEL_LEASE,
+					   NT_STATUS_FILE_NOT_AVAILABLE,
+					   tree1, tree2);
+}
+
+/**
+ * This tests replay with a pending open on a single
+ * channel.
+ *
+ * With a durablev2 request containing a create_guid,
+ * a share_access of READ/WRITE/DELETE,
+ * and asking for a v2 lease.
+ *
+ * While another client holds a batch oplock.
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the strange reject status of
+ * NT_STATUS_ACCESS_DENIED, which is returned
+ * by Windows Servers.
+ *
+ * It won't pass against Samba as it returns
+ * NT_STATUS_FILE_NOT_AVAILABLE. see
+ * test_dhv2_pending1l_vs_oplock_sane.
+ */
+static bool test_dhv2_pending1l_vs_oplock_windows(struct torture_context *tctx,
+						  struct smb2_tree *tree1,
+						  struct smb2_tree *tree2)
+{
+	return _test_dhv2_pending1_vs_hold(tctx, __func__,
+					   SMB2_OPLOCK_LEVEL_BATCH,
+					   SMB2_OPLOCK_LEVEL_LEASE,
+					   NT_STATUS_ACCESS_DENIED,
+					   tree1, tree2);
+}
+
+/**
+ * This tests replay with a pending open on a single
+ * channel.
+ *
+ * With a durablev2 request containing a create_guid,
+ * a share_access of READ/WRITE/DELETE,
+ * and asking for a v2 lease.
+ *
+ * While another client holds an RWH lease.
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the sane reject status of
+ * NT_STATUS_FILE_NOT_AVAILABLE.
+ *
+ * It won't pass against Windows as it returns
+ * NT_STATUS_ACCESS_DENIED see
+ * test_dhv2_pending1l_vs_lease_windows().
+ */
+static bool test_dhv2_pending1l_vs_lease_sane(struct torture_context *tctx,
+					      struct smb2_tree *tree1,
+					      struct smb2_tree *tree2)
+{
+	return _test_dhv2_pending1_vs_hold(tctx, __func__,
+					   SMB2_OPLOCK_LEVEL_LEASE,
+					   SMB2_OPLOCK_LEVEL_LEASE,
+					   NT_STATUS_FILE_NOT_AVAILABLE,
+					   tree1, tree2);
+}
+
+/**
+ * This tests replay with a pending open on a single
+ * channel.
+ *
+ * With a durablev2 request containing a create_guid,
+ * a share_access of READ/WRITE/DELETE,
+ * and asking for a v2 lease.
+ *
+ * While another client holds an RWH lease.
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the strange reject status of
+ * NT_STATUS_ACCESS_DENIED, which is returned
+ * by Windows Servers.
+ *
+ * It won't pass against Samba as it returns
+ * NT_STATUS_FILE_NOT_AVAILABLE. see
+ * test_dhv2_pending1l_vs_lease_sane.
+ */
+static bool test_dhv2_pending1l_vs_lease_windows(struct torture_context *tctx,
+						 struct smb2_tree *tree1,
+						 struct smb2_tree *tree2)
+{
+	return _test_dhv2_pending1_vs_hold(tctx, __func__,
+					   SMB2_OPLOCK_LEVEL_LEASE,
+					   SMB2_OPLOCK_LEVEL_LEASE,
+					   NT_STATUS_ACCESS_DENIED,
+					   tree1, tree2);
+}
+
+/**
+ * This tests replay with a pending open on a single
+ * channel.
+ *
+ * With a durablev2 request containing a create_guid,
+ * a share_access of READ/WRITE/DELETE,
+ * and asking for a batch oplock.
+ *
+ * While another client holds a batch oplock.
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the sane reject status of
+ * NT_STATUS_FILE_NOT_AVAILABLE.
+ *
+ * It won't pass against Windows as it returns
+ * NT_STATUS_ACCESS_DENIED see
+ * test_dhv2_pending1o_vs_oplock_windows().
+ */
+static bool test_dhv2_pending1o_vs_oplock_sane(struct torture_context *tctx,
+					      struct smb2_tree *tree1,
+					      struct smb2_tree *tree2)
+{
+	return _test_dhv2_pending1_vs_hold(tctx, __func__,
+					   SMB2_OPLOCK_LEVEL_BATCH,
+					   SMB2_OPLOCK_LEVEL_BATCH,
+					   NT_STATUS_FILE_NOT_AVAILABLE,
+					   tree1, tree2);
+}
+
+/**
+ * This tests replay with a pending open on a single
+ * channel.
+ *
+ * With a durablev2 request containing a create_guid,
+ * a share_access of READ/WRITE/DELETE,
+ * and asking for a batch oplock.
+ *
+ * While another client holds a batch oplock.
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the strange reject status of
+ * NT_STATUS_ACCESS_DENIED, which is returned
+ * by Windows Servers.
+ *
+ * It won't pass against Samba as it returns
+ * NT_STATUS_FILE_NOT_AVAILABLE. see
+ * test_dhv2_pending1o_vs_oplock_sane.
+ */
+static bool test_dhv2_pending1o_vs_oplock_windows(struct torture_context *tctx,
+						  struct smb2_tree *tree1,
+						  struct smb2_tree *tree2)
+{
+	return _test_dhv2_pending1_vs_hold(tctx, __func__,
+					   SMB2_OPLOCK_LEVEL_BATCH,
+					   SMB2_OPLOCK_LEVEL_BATCH,
+					   NT_STATUS_ACCESS_DENIED,
+					   tree1, tree2);
+}
+
+/**
+ * This tests replay with a pending open on a single
+ * channel.
+ *
+ * With a durablev2 request containing a create_guid,
+ * a share_access of READ/WRITE/DELETE,
+ * and asking for a batch oplock.
+ *
+ * While another client holds an RWH lease.
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the sane reject status of
+ * NT_STATUS_FILE_NOT_AVAILABLE.
+ *
+ * It won't pass against Windows as it returns
+ * NT_STATUS_ACCESS_DENIED see
+ * test_dhv2_pending1o_vs_lease_windows().
+ */
+static bool test_dhv2_pending1o_vs_lease_sane(struct torture_context *tctx,
+					      struct smb2_tree *tree1,
+					      struct smb2_tree *tree2_1)
+{
+	return _test_dhv2_pending1_vs_hold(tctx, __func__,
+					   SMB2_OPLOCK_LEVEL_LEASE,
+					   SMB2_OPLOCK_LEVEL_BATCH,
+					   NT_STATUS_FILE_NOT_AVAILABLE,
+					   tree1, tree2_1);
+}
+
+/**
+ * This tests replay with a pending open on a single
+ * channel.
+ *
+ * With a durablev2 request containing a create_guid,
+ * a share_access of READ/WRITE/DELETE,
+ * and asking for a batch oplock.
+ *
+ * While another client holds an RWH lease.
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the strange reject status of
+ * NT_STATUS_ACCESS_DENIED, which is returned
+ * by Windows Servers.
+ *
+ * It won't pass against Samba as it returns
+ * NT_STATUS_FILE_NOT_AVAILABLE. see
+ * test_dhv2_pending1o_vs_lease_sane.
+ */
+static bool test_dhv2_pending1o_vs_lease_windows(struct torture_context *tctx,
+						 struct smb2_tree *tree1,
+						 struct smb2_tree *tree2)
+{
+	return _test_dhv2_pending1_vs_hold(tctx, __func__,
+					   SMB2_OPLOCK_LEVEL_LEASE,
+					   SMB2_OPLOCK_LEVEL_BATCH,
+					   NT_STATUS_ACCESS_DENIED,
+					   tree1, tree2);
+}
+
+/**
+ * This tests replay with a pending open with 4 channels
+ * and closed transports on the client and server side.
+ *
+ * With a durablev2 request containing a create_guid and
+ * a share_access of READ/WRITE/DELETE:
+ * - client2_level = NONE:
+ *   but without asking for an oplock nor a lease.
+ * - client2_level = BATCH:
+ *   and asking for a batch oplock.
+ * - client2_level = LEASE
+ *   and asking for an RWH lease.
+ *
+ * While another client holds a batch oplock or
+ * RWH lease. (client1_level => LEASE or BATCH).
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ */
+static bool _test_dhv2_pending2_vs_hold(struct torture_context *tctx,
+					const char *testname,
+					uint8_t client1_level,
+					uint8_t client2_level,
+					NTSTATUS reject_status,
+					struct smb2_tree *tree1,
+					struct smb2_tree *tree2_1)
+{
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *share = torture_setting_string(tctx, "share", NULL);
+	struct cli_credentials *credentials = samba_cmdline_get_creds();
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_handle _h1;
+	struct smb2_handle *h1 = NULL;
+	struct smb2_handle _h24;
+	struct smb2_handle *h24 = NULL;
+	struct smb2_create io1, io21, io22, io23, io24;
+	struct GUID create_guid1 = GUID_random();
+	struct GUID create_guid2 = GUID_random();
+	struct smb2_request *req21 = NULL;
+	bool ret = true;
+	char fname[256];
+	struct smb2_transport *transport1 = tree1->session->transport;
+	uint32_t server_capabilities;
+	uint32_t share_capabilities;
+	struct smb2_lease ls1;
+	uint64_t lease_key1;
+	uint16_t lease_epoch1 = 0;
+	struct smb2_lease ls2;
+	uint64_t lease_key2;
+	uint16_t lease_epoch2 = 0;
+	bool share_is_so;
+	struct smb2_transport *transport2_1 = tree2_1->session->transport;
+	int request_timeout2 = transport2_1->options.request_timeout;
+	struct smbcli_options options2x;
+	struct smb2_tree *tree2_2 = NULL;
+	struct smb2_tree *tree2_3 = NULL;
+	struct smb2_tree *tree2_4 = NULL;
+	struct smb2_transport *transport2_2 = NULL;
+	struct smb2_transport *transport2_3 = NULL;
+	struct smb2_transport *transport2_4 = NULL;
+	struct smb2_session *session2_1 = tree2_1->session;
+	struct smb2_session *session2_2 = NULL;
+	struct smb2_session *session2_3 = NULL;
+	struct smb2_session *session2_4 = NULL;
+	uint16_t csn2 = 1;
+	const char *hold_name = NULL;
+
+	switch (client1_level) {
+	case SMB2_OPLOCK_LEVEL_LEASE:
+		hold_name = "RWH Lease";
+		break;
+	case SMB2_OPLOCK_LEVEL_BATCH:
+		hold_name = "BATCH Oplock";
+		break;
+	default:
+		smb_panic(__location__);
+		break;
+	}
+
+	if (smbXcli_conn_protocol(transport1->conn) < PROTOCOL_SMB3_00) {
+		torture_skip(tctx, "SMB 3.X Dialect family required for "
+				   "replay tests\n");
+	}
+
+	server_capabilities = smb2cli_conn_server_capabilities(transport1->conn);
+	if (!(server_capabilities & SMB2_CAP_MULTI_CHANNEL)) {
+		torture_skip(tctx, "MULTI_CHANNEL are not supported");
+	}
+	if (!(server_capabilities & SMB2_CAP_LEASING)) {
+		if (client1_level == SMB2_OPLOCK_LEVEL_LEASE ||
+		    client2_level == SMB2_OPLOCK_LEVEL_LEASE) {
+			torture_skip(tctx, "leases are not supported");
+		}
+	}
+
+	share_capabilities = smb2cli_tcon_capabilities(tree1->smbXcli);
+	share_is_so = share_capabilities & SMB2_SHARE_CAP_SCALEOUT;
+	if (share_is_so) {
+		torture_skip(tctx, talloc_asprintf(tctx,
+			     "%s not supported on SCALEOUT share",
+			     hold_name));
+	}
+
+	/* Add some random component to the file name. */
+	snprintf(fname, sizeof(fname), "%s\\%s_%s.dat",
+		 BASEDIR, testname, generate_random_str(tctx, 8));
+
+	options2x = transport2_1->options;
+	options2x.only_negprot = true;
+
+	status = smb2_connect(tctx,
+			      host,
+			      lpcfg_smb_ports(tctx->lp_ctx),
+			      share,
+			      lpcfg_resolve_context(tctx->lp_ctx),
+			      credentials,
+			      &tree2_2,
+			      tctx->ev,
+			      &options2x,
+			      lpcfg_socket_options(tctx->lp_ctx),
+			      lpcfg_gensec_settings(tctx, tctx->lp_ctx)
+			      );
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_connect failed");
+	transport2_2 = tree2_2->session->transport;
+
+	session2_2 = smb2_session_channel(transport2_2,
+					  lpcfg_gensec_settings(tctx, tctx->lp_ctx),
+					  tctx,
+					  session2_1);
+	torture_assert(tctx, session2_2 != NULL, "smb2_session_channel failed");
+
+	status = smb2_session_setup_spnego(session2_2,
+					   credentials,
+					   0 /* previous_session_id */);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_session_setup_spnego failed");
+	tree2_2->smbXcli = tree2_1->smbXcli;
+	tree2_2->session = session2_2;
+
+	status = smb2_connect(tctx,
+			      host,
+			      lpcfg_smb_ports(tctx->lp_ctx),
+			      share,
+			      lpcfg_resolve_context(tctx->lp_ctx),
+			      credentials,
+			      &tree2_3,
+			      tctx->ev,
+			      &options2x,
+			      lpcfg_socket_options(tctx->lp_ctx),
+			      lpcfg_gensec_settings(tctx, tctx->lp_ctx)
+			      );
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_connect failed");
+	transport2_3 = tree2_3->session->transport;
+
+	session2_3 = smb2_session_channel(transport2_3,
+					  lpcfg_gensec_settings(tctx, tctx->lp_ctx),
+					  tctx,
+					  session2_1);
+	torture_assert(tctx, session2_3 != NULL, "smb2_session_channel failed");
+
+	status = smb2_session_setup_spnego(session2_3,
+					   credentials,
+					   0 /* previous_session_id */);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_session_setup_spnego failed");
+	tree2_3->smbXcli = tree2_1->smbXcli;
+	tree2_3->session = session2_3;
+
+	status = smb2_connect(tctx,
+			      host,
+			      lpcfg_smb_ports(tctx->lp_ctx),
+			      share,
+			      lpcfg_resolve_context(tctx->lp_ctx),
+			      credentials,
+			      &tree2_4,
+			      tctx->ev,
+			      &options2x,
+			      lpcfg_socket_options(tctx->lp_ctx),
+			      lpcfg_gensec_settings(tctx, tctx->lp_ctx)
+			      );
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_connect failed");
+	transport2_4 = tree2_4->session->transport;
+
+	session2_4 = smb2_session_channel(transport2_4,
+					  lpcfg_gensec_settings(tctx, tctx->lp_ctx),
+					  tctx,
+					  session2_1);
+	torture_assert(tctx, session2_4 != NULL, "smb2_session_channel failed");
+
+	status = smb2_session_setup_spnego(session2_4,
+					   credentials,
+					   0 /* previous_session_id */);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_session_setup_spnego failed");
+	tree2_4->smbXcli = tree2_1->smbXcli;
+	tree2_4->session = session2_4;
+
+	smb2cli_session_reset_channel_sequence(session2_2->smbXcli, csn2++);
+
+	torture_reset_break_info(tctx, &break_info);
+	break_info.oplock_skip_ack = true;
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	lease_break_info.lease_skip_ack = true;
+	transport1->oplock.handler = torture_oplock_ack_handler;
+	transport1->oplock.private_data = tree1;
+	transport1->lease.handler = torture_lease_handler;
+	transport1->lease.private_data = tree1;
+	smb2_keepalive(transport1);
+	transport2_1->oplock.handler = torture_oplock_ack_handler;
+	transport2_1->oplock.private_data = tree2_1;
+	transport2_1->lease.handler = torture_lease_handler;
+	transport2_1->lease.private_data = tree2_1;
+	smb2_keepalive(transport2_1);
+	transport2_2->oplock.handler = torture_oplock_ack_handler;
+	transport2_2->oplock.private_data = tree2_2;
+	transport2_2->lease.handler = torture_lease_handler;
+	transport2_2->lease.private_data = tree2_2;
+	smb2_keepalive(transport2_2);
+	transport2_3->oplock.handler = torture_oplock_ack_handler;
+	transport2_3->oplock.private_data = tree2_3;
+	transport2_3->lease.handler = torture_lease_handler;
+	transport2_3->lease.private_data = tree2_3;
+	smb2_keepalive(transport2_3);
+	transport2_4->oplock.handler = torture_oplock_ack_handler;
+	transport2_4->oplock.private_data = tree2_4;
+	transport2_4->lease.handler = torture_lease_handler;
+	transport2_4->lease.private_data = tree2_4;
+	smb2_keepalive(transport2_4);
+
+	smb2_util_unlink(tree1, fname);
+	status = torture_smb2_testdir(tree1, BASEDIR, &_h1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree1, _h1);
+	CHECK_VAL(break_info.count, 0);
+
+	lease_key1 = random();
+	if (client1_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		smb2_lease_v2_create(&io1, &ls1, false /* dir */, fname,
+			lease_key1, NULL, smb2_util_lease_state("RWH"), lease_epoch1++);
+	} else {
+		smb2_oplock_create(&io1, fname, SMB2_OPLOCK_LEVEL_BATCH);
+	}
+	io1.in.durable_open = false;
+	io1.in.durable_open_v2 = true;
+	io1.in.persistent_open = false;
+	io1.in.create_guid = create_guid1;
+	io1.in.timeout = UINT32_MAX;
+
+	status = smb2_create(tree1, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h1 = io1.out.file.handle;
+	h1 = &_h1;
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io1.out.durable_open, false);
+	if (client1_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		CHECK_VAL(io1.out.oplock_level, SMB2_OPLOCK_LEVEL_LEASE);
+		CHECK_VAL(io1.out.lease_response_v2.lease_key.data[0], lease_key1);
+		CHECK_VAL(io1.out.lease_response_v2.lease_key.data[1], ~lease_key1);
+		CHECK_VAL(io1.out.lease_response_v2.lease_epoch, lease_epoch1);
+		CHECK_VAL(io1.out.lease_response_v2.lease_state,
+			  smb2_util_lease_state("RHW"));
+	} else {
+		CHECK_VAL(io1.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+	}
+	CHECK_VAL(io1.out.durable_open_v2, true);
+	CHECK_VAL(io1.out.timeout, 300*1000);
+
+	lease_key2 = random();
+	if (client2_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		smb2_lease_v2_create(&io21, &ls2, false /* dir */, fname,
+			lease_key2, NULL, smb2_util_lease_state("RWH"), lease_epoch2++);
+	} else {
+		smb2_oplock_create(&io21, fname, client2_level);
+	}
+	io21.in.durable_open = false;
+	io21.in.durable_open_v2 = true;
+	io21.in.persistent_open = false;
+	io21.in.create_guid = create_guid2;
+	io21.in.timeout = UINT32_MAX;
+	io24 = io23 = io22 = io21;
+
+	req21 = smb2_create_send(tree2_1, &io21);
+	torture_assert(tctx, req21 != NULL, "req21");
+
+	if (client1_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		const struct smb2_lease_break *lb =
+			&lease_break_info.lease_break;
+		const struct smb2_lease *l = &lb->current_lease;
+		const struct smb2_lease_key *k = &l->lease_key;
+
+		torture_wait_for_lease_break(tctx);
+		CHECK_VAL(break_info.count, 0);
+		CHECK_VAL(lease_break_info.count, 1);
+
+		torture_assert(tctx,
+			lease_break_info.lease_transport == transport1,
+			"expect lease break on transport1\n");
+		CHECK_VAL(k->data[0], lease_key1);
+		CHECK_VAL(k->data[1], ~lease_key1);
+		CHECK_VAL(lb->new_lease_state,
+			  smb2_util_lease_state("RH"));
+		CHECK_VAL(lb->break_flags,
+			  SMB2_NOTIFY_BREAK_LEASE_FLAG_ACK_REQUIRED);
+		CHECK_VAL(lb->new_epoch, lease_epoch1+1);
+		lease_epoch1 += 1;
+	} else {
+		torture_wait_for_oplock_break(tctx);
+		CHECK_VAL(break_info.count, 1);
+		CHECK_VAL(lease_break_info.count, 0);
+
+		torture_assert(tctx,
+			break_info.received_transport == transport1,
+			"expect oplock break on transport1\n");
+		CHECK_VAL(break_info.handle.data[0], _h1.data[0]);
+		CHECK_VAL(break_info.handle.data[1], _h1.data[1]);
+		CHECK_VAL(break_info.level, SMB2_OPLOCK_LEVEL_II);
+	}
+
+	torture_reset_break_info(tctx, &break_info);
+	break_info.oplock_skip_ack = true;
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	lease_break_info.lease_skip_ack = true;
+
+	WAIT_FOR_ASYNC_RESPONSE(tctx, req21);
+
+	if (client1_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		torture_wait_for_lease_break(tctx);
+	} else {
+		torture_wait_for_oplock_break(tctx);
+	}
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(lease_break_info.count, 0);
+
+	smbXcli_conn_disconnect(transport2_1->conn, NT_STATUS_LOCAL_DISCONNECT);
+	smb2cli_session_reset_channel_sequence(session2_1->smbXcli, csn2++);
+
+	smb2cli_session_start_replay(session2_2->smbXcli);
+	transport2_2->options.request_timeout = 5;
+	status = smb2_create(tree2_2, tctx, &io22);
+	transport2_2->options.request_timeout = request_timeout2;
+	CHECK_STATUS(status, reject_status);
+	smb2cli_session_stop_replay(session2_2->smbXcli);
+
+	if (client1_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		torture_wait_for_lease_break(tctx);
+	} else {
+		torture_wait_for_oplock_break(tctx);
+	}
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(lease_break_info.count, 0);
+
+	smbXcli_conn_disconnect(transport2_2->conn, NT_STATUS_LOCAL_DISCONNECT);
+	smb2cli_session_reset_channel_sequence(session2_2->smbXcli, csn2++);
+
+	smb2cli_session_start_replay(session2_3->smbXcli);
+	transport2_3->options.request_timeout = 5;
+	status = smb2_create(tree2_3, tctx, &io23);
+	transport2_3->options.request_timeout = request_timeout2;
+	CHECK_STATUS(status, reject_status);
+	smb2cli_session_stop_replay(session2_3->smbXcli);
+
+	if (client1_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		torture_wait_for_lease_break(tctx);
+	} else {
+		torture_wait_for_oplock_break(tctx);
+	}
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(lease_break_info.count, 0);
+
+	smb2_util_close(tree1, _h1);
+	h1 = NULL;
+
+	status = smb2_create_recv(req21, tctx, &io21);
+	CHECK_STATUS(status, NT_STATUS_LOCAL_DISCONNECT);
+
+	if (client1_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		torture_wait_for_lease_break(tctx);
+	} else {
+		torture_wait_for_oplock_break(tctx);
+	}
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(lease_break_info.count, 0);
+
+	smbXcli_conn_disconnect(transport2_3->conn, NT_STATUS_LOCAL_DISCONNECT);
+	smb2cli_session_reset_channel_sequence(session2_3->smbXcli, csn2++);
+
+	smb2cli_session_start_replay(session2_4->smbXcli);
+	status = smb2_create(tree2_4, tctx, &io24);
+	smb2cli_session_stop_replay(session2_4->smbXcli);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h24 = io24.out.file.handle;
+	h24 = &_h24;
+	CHECK_CREATED(&io24, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io24.out.oplock_level, client2_level);
+	CHECK_VAL(io24.out.durable_open, false);
+	if (client2_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		CHECK_VAL(io24.out.lease_response_v2.lease_key.data[0], lease_key2);
+		CHECK_VAL(io24.out.lease_response_v2.lease_key.data[1], ~lease_key2);
+		CHECK_VAL(io24.out.lease_response_v2.lease_epoch, lease_epoch2);
+		CHECK_VAL(io24.out.lease_response_v2.lease_state,
+			  smb2_util_lease_state("RHW"));
+		CHECK_VAL(io24.out.durable_open_v2, true);
+		CHECK_VAL(io24.out.timeout, 300*1000);
+	} else if (client2_level == SMB2_OPLOCK_LEVEL_BATCH) {
+		CHECK_VAL(io24.out.durable_open_v2, true);
+		CHECK_VAL(io24.out.timeout, 300*1000);
+	} else {
+		CHECK_VAL(io24.out.durable_open_v2, false);
+	}
+
+	if (client1_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		torture_wait_for_lease_break(tctx);
+	} else {
+		torture_wait_for_oplock_break(tctx);
+	}
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(lease_break_info.count, 0);
+	status = smb2_util_close(tree2_4, *h24);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h24 = NULL;
+
+	if (client1_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		torture_wait_for_lease_break(tctx);
+	} else {
+		torture_wait_for_oplock_break(tctx);
+	}
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(lease_break_info.count, 0);
+
+done:
+
+	smbXcli_conn_disconnect(transport2_1->conn, NT_STATUS_LOCAL_DISCONNECT);
+	smbXcli_conn_disconnect(transport2_2->conn, NT_STATUS_LOCAL_DISCONNECT);
+	smbXcli_conn_disconnect(transport2_3->conn, NT_STATUS_LOCAL_DISCONNECT);
+	smbXcli_conn_disconnect(transport2_4->conn, NT_STATUS_LOCAL_DISCONNECT);
+
+	if (h1 != NULL) {
+		smb2_util_close(tree1, *h1);
+	}
+
+	smb2_deltree(tree1, BASEDIR);
+
+	TALLOC_FREE(tree1);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * This tests replay with a pending open with 4 channels
+ * and closed transports on the client and server side.
+ *
+ * With a durablev2 request containing a create_guid,
+ * a share_access of READ/WRITE/DELETE,
+ * but without asking for an oplock nor a lease.
+ *
+ * While another client holds an RWH lease.
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the sane reject status of
+ * NT_STATUS_FILE_NOT_AVAILABLE.
+ *
+ * It won't pass against Windows as it returns
+ * NT_STATUS_ACCESS_DENIED see
+ * test_dhv2_pending2n_vs_lease_windows().
+ */
+static bool test_dhv2_pending2n_vs_lease_sane(struct torture_context *tctx,
+					      struct smb2_tree *tree1,
+					      struct smb2_tree *tree2_1)
+{
+	return _test_dhv2_pending2_vs_hold(tctx, __func__,
+					   SMB2_OPLOCK_LEVEL_LEASE,
+					   SMB2_OPLOCK_LEVEL_NONE,
+					   NT_STATUS_FILE_NOT_AVAILABLE,
+					   tree1, tree2_1);
+}
+
+/**
+ * This tests replay with a pending open with 4 channels
+ * and closed transports on the client and server side.
+ *
+ * With a durablev2 request containing a create_guid,
+ * a share_access of READ/WRITE/DELETE,
+ * but without asking for an oplock nor a lease.
+ *
+ * While another client holds an RWH lease.
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the strange reject status of
+ * NT_STATUS_ACCESS_DENIED, which is returned
+ * by Windows Servers.
+ *
+ * It won't pass against Samba as it returns
+ * NT_STATUS_FILE_NOT_AVAILABLE. see
+ * test_dhv2_pending2n_vs_lease_sane().
+ */
+static bool test_dhv2_pending2n_vs_lease_windows(struct torture_context *tctx,
+						 struct smb2_tree *tree1,
+						 struct smb2_tree *tree2_1)
+{
+	return _test_dhv2_pending2_vs_hold(tctx, __func__,
+					   SMB2_OPLOCK_LEVEL_LEASE,
+					   SMB2_OPLOCK_LEVEL_NONE,
+					   NT_STATUS_ACCESS_DENIED,
+					   tree1, tree2_1);
+}
+
+/**
+ * This tests replay with a pending open with 4 channels
+ * and closed transports on the client and server side.
+ *
+ * With a durablev2 request containing a create_guid,
+ * a share_access of READ/WRITE/DELETE,
+ * but without asking for an oplock nor a lease.
+ *
+ * While another client holds a batch oplock.
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the sane reject status of
+ * NT_STATUS_FILE_NOT_AVAILABLE.
+ *
+ * It won't pass against Windows as it returns
+ * NT_STATUS_ACCESS_DENIED see
+ * test_dhv2_pending2n_vs_oplock_windows().
+ */
+static bool test_dhv2_pending2n_vs_oplock_sane(struct torture_context *tctx,
+					       struct smb2_tree *tree1,
+					       struct smb2_tree *tree2_1)
+{
+	return _test_dhv2_pending2_vs_hold(tctx, __func__,
+					   SMB2_OPLOCK_LEVEL_BATCH,
+					   SMB2_OPLOCK_LEVEL_NONE,
+					   NT_STATUS_FILE_NOT_AVAILABLE,
+					   tree1, tree2_1);
+}
+
+/**
+ * This tests replay with a pending open with 4 channels
+ * and closed transports on the client and server side.
+ *
+ * With a durablev2 request containing a create_guid,
+ * a share_access of READ/WRITE/DELETE,
+ * but without asking for an oplock nor a lease.
+ *
+ * While another client holds a batch oplock.
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the strange reject status of
+ * NT_STATUS_ACCESS_DENIED, which is returned
+ * by Windows Servers.
+ *
+ * It won't pass against Samba as it returns
+ * NT_STATUS_FILE_NOT_AVAILABLE. see
+ * test_dhv2_pending2n_vs_oplock_sane().
+ */
+static bool test_dhv2_pending2n_vs_oplock_windows(struct torture_context *tctx,
+						  struct smb2_tree *tree1,
+						  struct smb2_tree *tree2_1)
+{
+	return _test_dhv2_pending2_vs_hold(tctx, __func__,
+					   SMB2_OPLOCK_LEVEL_BATCH,
+					   SMB2_OPLOCK_LEVEL_NONE,
+					   NT_STATUS_ACCESS_DENIED,
+					   tree1, tree2_1);
+}
+
+/**
+ * This tests replay with a pending open with 4 channels
+ * and closed transports on the client and server side.
+ *
+ * With a durablev2 request containing a create_guid,
+ * a share_access of READ/WRITE/DELETE,
+ * and asking for a v2 lease.
+ *
+ * While another client holds a batch oplock.
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the sane reject status of
+ * NT_STATUS_FILE_NOT_AVAILABLE.
+ *
+ * It won't pass against Windows as it returns
+ * NT_STATUS_ACCESS_DENIED see
+ * test_dhv2_pending2l_vs_oplock_windows().
+ */
+static bool test_dhv2_pending2l_vs_oplock_sane(struct torture_context *tctx,
+					       struct smb2_tree *tree1,
+					       struct smb2_tree *tree2_1)
+{
+	return _test_dhv2_pending2_vs_hold(tctx, __func__,
+					   SMB2_OPLOCK_LEVEL_BATCH,
+					   SMB2_OPLOCK_LEVEL_LEASE,
+					   NT_STATUS_FILE_NOT_AVAILABLE,
+					   tree1, tree2_1);
+}
+
+/**
+ * This tests replay with a pending open with 4 channels
+ * and closed transports on the client and server side.
+ *
+ * With a durablev2 request containing a create_guid,
+ * a share_access of READ/WRITE/DELETE,
+ * and asking for a v2 lease.
+ *
+ * While another client holds a batch oplock.
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the strange reject status of
+ * NT_STATUS_ACCESS_DENIED, which is returned
+ * by Windows Servers.
+ *
+ * It won't pass against Samba as it returns
+ * NT_STATUS_FILE_NOT_AVAILABLE. see
+ * test_dhv2_pending2l_vs_oplock_sane().
+ */
+static bool test_dhv2_pending2l_vs_oplock_windows(struct torture_context *tctx,
+						  struct smb2_tree *tree1,
+						  struct smb2_tree *tree2_1)
+{
+	return _test_dhv2_pending2_vs_hold(tctx, __func__,
+					   SMB2_OPLOCK_LEVEL_BATCH,
+					   SMB2_OPLOCK_LEVEL_LEASE,
+					   NT_STATUS_ACCESS_DENIED,
+					   tree1, tree2_1);
+}
+
+/**
+ * This tests replay with a pending open with 4 channels
+ * and closed transports on the client and server side.
+ *
+ * With a durablev2 request containing a create_guid,
+ * a share_access of READ/WRITE/DELETE,
+ * and asking for a v2 lease.
+ *
+ * While another client holds an RWH lease.
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the sane reject status of
+ * NT_STATUS_FILE_NOT_AVAILABLE.
+ *
+ * It won't pass against Windows as it returns
+ * NT_STATUS_ACCESS_DENIED see
+ * test_dhv2_pending2l_vs_oplock_windows().
+ */
+static bool test_dhv2_pending2l_vs_lease_sane(struct torture_context *tctx,
+					      struct smb2_tree *tree1,
+					      struct smb2_tree *tree2_1)
+{
+	return _test_dhv2_pending2_vs_hold(tctx, __func__,
+					   SMB2_OPLOCK_LEVEL_LEASE,
+					   SMB2_OPLOCK_LEVEL_LEASE,
+					   NT_STATUS_FILE_NOT_AVAILABLE,
+					   tree1, tree2_1);
+}
+
+/**
+ * This tests replay with a pending open with 4 channels
+ * and closed transports on the client and server side.
+ *
+ * With a durablev2 request containing a create_guid,
+ * a share_access of READ/WRITE/DELETE,
+ * and asking for a v2 lease.
+ *
+ * While another client holds an RWH lease.
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the strange reject status of
+ * NT_STATUS_ACCESS_DENIED, which is returned
+ * by Windows Servers.
+ *
+ * It won't pass against Samba as it returns
+ * NT_STATUS_FILE_NOT_AVAILABLE. see
+ * test_dhv2_pending2l_vs_oplock_sane().
+ */
+static bool test_dhv2_pending2l_vs_lease_windows(struct torture_context *tctx,
+						 struct smb2_tree *tree1,
+						 struct smb2_tree *tree2_1)
+{
+	return _test_dhv2_pending2_vs_hold(tctx, __func__,
+					   SMB2_OPLOCK_LEVEL_LEASE,
+					   SMB2_OPLOCK_LEVEL_LEASE,
+					   NT_STATUS_ACCESS_DENIED,
+					   tree1, tree2_1);
+}
+
+/**
+ * This tests replay with a pending open with 4 channels
+ * and closed transports on the client and server side.
+ *
+ * With a durablev2 request containing a create_guid,
+ * a share_access of READ/WRITE/DELETE,
+ * and asking for a batch oplock
+ *
+ * While another client holds a batch oplock.
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the sane reject status of
+ * NT_STATUS_FILE_NOT_AVAILABLE.
+ *
+ * It won't pass against Windows as it returns
+ * NT_STATUS_ACCESS_DENIED see
+ * test_dhv2_pending2o_vs_oplock_windows().
+ */
+static bool test_dhv2_pending2o_vs_oplock_sane(struct torture_context *tctx,
+					       struct smb2_tree *tree1,
+					       struct smb2_tree *tree2_1)
+{
+	return _test_dhv2_pending2_vs_hold(tctx, __func__,
+					   SMB2_OPLOCK_LEVEL_BATCH,
+					   SMB2_OPLOCK_LEVEL_BATCH,
+					   NT_STATUS_FILE_NOT_AVAILABLE,
+					   tree1, tree2_1);
+}
+
+/**
+ * This tests replay with a pending open with 4 channels
+ * and closed transports on the client and server side.
+ *
+ * With a durablev2 request containing a create_guid,
+ * a share_access of READ/WRITE/DELETE,
+ * and asking for a batch oplock.
+ *
+ * While another client holds a batch oplock.
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the strange reject status of
+ * NT_STATUS_ACCESS_DENIED, which is returned
+ * by Windows Servers.
+ *
+ * It won't pass against Samba as it returns
+ * NT_STATUS_FILE_NOT_AVAILABLE. see
+ * test_dhv2_pending2o_vs_oplock_sane().
+ */
+static bool test_dhv2_pending2o_vs_oplock_windows(struct torture_context *tctx,
+						  struct smb2_tree *tree1,
+						  struct smb2_tree *tree2_1)
+{
+	return _test_dhv2_pending2_vs_hold(tctx, __func__,
+					   SMB2_OPLOCK_LEVEL_BATCH,
+					   SMB2_OPLOCK_LEVEL_BATCH,
+					   NT_STATUS_ACCESS_DENIED,
+					   tree1, tree2_1);
+}
+
+/**
+ * This tests replay with a pending open with 4 channels
+ * and closed transports on the client and server side.
+ *
+ * With a durablev2 request containing a create_guid,
+ * a share_access of READ/WRITE/DELETE,
+ * and asking for a batch oplock
+ *
+ * While another client holds an RWH lease.
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the sane reject status of
+ * NT_STATUS_FILE_NOT_AVAILABLE.
+ *
+ * It won't pass against Windows as it returns
+ * NT_STATUS_ACCESS_DENIED see
+ * test_dhv2_pending2o_vs_lease_windows().
+ */
+static bool test_dhv2_pending2o_vs_lease_sane(struct torture_context *tctx,
+					      struct smb2_tree *tree1,
+					      struct smb2_tree *tree2_1)
+{
+	return _test_dhv2_pending2_vs_hold(tctx, __func__,
+					   SMB2_OPLOCK_LEVEL_LEASE,
+					   SMB2_OPLOCK_LEVEL_BATCH,
+					   NT_STATUS_FILE_NOT_AVAILABLE,
+					   tree1, tree2_1);
+}
+
+/**
+ * This tests replay with a pending open with 4 channels
+ * and closed transports on the client and server side.
+ *
+ * With a durablev2 request containing a create_guid,
+ * a share_access of READ/WRITE/DELETE,
+ * and asking for a batch oplock.
+ *
+ * While another client holds an RWH lease.
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the strange reject status of
+ * NT_STATUS_ACCESS_DENIED, which is returned
+ * by Windows Servers.
+ *
+ * It won't pass against Samba as it returns
+ * NT_STATUS_FILE_NOT_AVAILABLE. see
+ * test_dhv2_pending2o_vs_lease_sane().
+ */
+static bool test_dhv2_pending2o_vs_lease_windows(struct torture_context *tctx,
+						 struct smb2_tree *tree1,
+						 struct smb2_tree *tree2_1)
+{
+	return _test_dhv2_pending2_vs_hold(tctx, __func__,
+					   SMB2_OPLOCK_LEVEL_LEASE,
+					   SMB2_OPLOCK_LEVEL_BATCH,
+					   NT_STATUS_ACCESS_DENIED,
+					   tree1, tree2_1);
+}
+
+/**
+ * This tests replay with a pending open with 4 channels
+ * and blocked transports on the client side.
+ *
+ * With a durablev2 request containing a create_guid and
+ * a share_access of READ/WRITE/DELETE:
+ * - client2_level = NONE:
+ *   but without asking for an oplock nor a lease.
+ * - client2_level = BATCH:
+ *   and asking for a batch oplock.
+ * - client2_level = LEASE
+ *   and asking for an RWH lease.
+ *
+ * While another client holds a batch oplock or
+ * RWH lease. (client1_level => LEASE or BATCH).
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ */
+static bool _test_dhv2_pending3_vs_hold(struct torture_context *tctx,
+					const char *testname,
+					uint8_t client1_level,
+					uint8_t client2_level,
+					NTSTATUS reject_status,
+					struct smb2_tree *tree1,
+					struct smb2_tree *tree2_1)
+{
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *share = torture_setting_string(tctx, "share", NULL);
+	struct cli_credentials *credentials = samba_cmdline_get_creds();
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_handle _h1;
+	struct smb2_handle *h1 = NULL;
+	struct smb2_handle _h21;
+	struct smb2_handle *h21 = NULL;
+	struct smb2_handle _h24;
+	struct smb2_handle *h24 = NULL;
+	struct smb2_create io1, io21, io22, io23, io24;
+	struct GUID create_guid1 = GUID_random();
+	struct GUID create_guid2 = GUID_random();
+	struct smb2_request *req21 = NULL;
+	bool ret = true;
+	char fname[256];
+	struct smb2_transport *transport1 = tree1->session->transport;
+	uint32_t server_capabilities;
+	uint32_t share_capabilities;
+	struct smb2_lease ls1;
+	uint64_t lease_key1;
+	uint16_t lease_epoch1 = 0;
+	struct smb2_lease ls2;
+	uint64_t lease_key2;
+	uint16_t lease_epoch2 = 0;
+	bool share_is_so;
+	struct smb2_transport *transport2_1 = tree2_1->session->transport;
+	int request_timeout2 = transport2_1->options.request_timeout;
+	struct smbcli_options options2x;
+	struct smb2_tree *tree2_2 = NULL;
+	struct smb2_tree *tree2_3 = NULL;
+	struct smb2_tree *tree2_4 = NULL;
+	struct smb2_transport *transport2_2 = NULL;
+	struct smb2_transport *transport2_3 = NULL;
+	struct smb2_transport *transport2_4 = NULL;
+	struct smb2_session *session2_1 = tree2_1->session;
+	struct smb2_session *session2_2 = NULL;
+	struct smb2_session *session2_3 = NULL;
+	struct smb2_session *session2_4 = NULL;
+	bool block_setup = false;
+	bool blocked2_1 = false;
+	bool blocked2_2 = false;
+	bool blocked2_3 = false;
+	uint16_t csn2 = 1;
+	const char *hold_name = NULL;
+
+	switch (client1_level) {
+	case SMB2_OPLOCK_LEVEL_LEASE:
+		hold_name = "RWH Lease";
+		break;
+	case SMB2_OPLOCK_LEVEL_BATCH:
+		hold_name = "BATCH Oplock";
+		break;
+	default:
+		smb_panic(__location__);
+		break;
+	}
+
+	if (smbXcli_conn_protocol(transport1->conn) < PROTOCOL_SMB3_00) {
+		torture_skip(tctx, "SMB 3.X Dialect family required for "
+				   "replay tests\n");
+	}
+
+	server_capabilities = smb2cli_conn_server_capabilities(transport1->conn);
+	if (!(server_capabilities & SMB2_CAP_MULTI_CHANNEL)) {
+		torture_skip(tctx, "MULTI_CHANNEL are not supported");
+	}
+	if (!(server_capabilities & SMB2_CAP_LEASING)) {
+		if (client1_level == SMB2_OPLOCK_LEVEL_LEASE ||
+		    client2_level == SMB2_OPLOCK_LEVEL_LEASE) {
+			torture_skip(tctx, "leases are not supported");
+		}
+	}
+
+	share_capabilities = smb2cli_tcon_capabilities(tree1->smbXcli);
+	share_is_so = share_capabilities & SMB2_SHARE_CAP_SCALEOUT;
+	if (share_is_so) {
+		torture_skip(tctx, talloc_asprintf(tctx,
+			     "%s not supported on SCALEOUT share",
+			     hold_name));
+	}
+
+	/* Add some random component to the file name. */
+	snprintf(fname, sizeof(fname), "%s\\%s_%s.dat",
+		 BASEDIR, testname, generate_random_str(tctx, 8));
+
+	options2x = transport2_1->options;
+	options2x.only_negprot = true;
+
+	status = smb2_connect(tctx,
+			      host,
+			      lpcfg_smb_ports(tctx->lp_ctx),
+			      share,
+			      lpcfg_resolve_context(tctx->lp_ctx),
+			      credentials,
+			      &tree2_2,
+			      tctx->ev,
+			      &options2x,
+			      lpcfg_socket_options(tctx->lp_ctx),
+			      lpcfg_gensec_settings(tctx, tctx->lp_ctx)
+			      );
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_connect failed");
+	transport2_2 = tree2_2->session->transport;
+
+	session2_2 = smb2_session_channel(transport2_2,
+					  lpcfg_gensec_settings(tctx, tctx->lp_ctx),
+					  tctx,
+					  session2_1);
+	torture_assert(tctx, session2_2 != NULL, "smb2_session_channel failed");
+
+	status = smb2_session_setup_spnego(session2_2,
+					   credentials,
+					   0 /* previous_session_id */);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_session_setup_spnego failed");
+	tree2_2->smbXcli = tree2_1->smbXcli;
+	tree2_2->session = session2_2;
+
+	status = smb2_connect(tctx,
+			      host,
+			      lpcfg_smb_ports(tctx->lp_ctx),
+			      share,
+			      lpcfg_resolve_context(tctx->lp_ctx),
+			      credentials,
+			      &tree2_3,
+			      tctx->ev,
+			      &options2x,
+			      lpcfg_socket_options(tctx->lp_ctx),
+			      lpcfg_gensec_settings(tctx, tctx->lp_ctx)
+			      );
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_connect failed");
+	transport2_3 = tree2_3->session->transport;
+
+	session2_3 = smb2_session_channel(transport2_3,
+					  lpcfg_gensec_settings(tctx, tctx->lp_ctx),
+					  tctx,
+					  session2_1);
+	torture_assert(tctx, session2_3 != NULL, "smb2_session_channel failed");
+
+	status = smb2_session_setup_spnego(session2_3,
+					   credentials,
+					   0 /* previous_session_id */);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_session_setup_spnego failed");
+	tree2_3->smbXcli = tree2_1->smbXcli;
+	tree2_3->session = session2_3;
+
+	status = smb2_connect(tctx,
+			      host,
+			      lpcfg_smb_ports(tctx->lp_ctx),
+			      share,
+			      lpcfg_resolve_context(tctx->lp_ctx),
+			      credentials,
+			      &tree2_4,
+			      tctx->ev,
+			      &options2x,
+			      lpcfg_socket_options(tctx->lp_ctx),
+			      lpcfg_gensec_settings(tctx, tctx->lp_ctx)
+			      );
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_connect failed");
+	transport2_4 = tree2_4->session->transport;
+
+	session2_4 = smb2_session_channel(transport2_4,
+					  lpcfg_gensec_settings(tctx, tctx->lp_ctx),
+					  tctx,
+					  session2_1);
+	torture_assert(tctx, session2_4 != NULL, "smb2_session_channel failed");
+
+	status = smb2_session_setup_spnego(session2_4,
+					   credentials,
+					   0 /* previous_session_id */);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_session_setup_spnego failed");
+	tree2_4->smbXcli = tree2_1->smbXcli;
+	tree2_4->session = session2_4;
+
+	smb2cli_session_reset_channel_sequence(session2_2->smbXcli, csn2++);
+
+	torture_reset_break_info(tctx, &break_info);
+	break_info.oplock_skip_ack = true;
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	lease_break_info.lease_skip_ack = true;
+	transport1->oplock.handler = torture_oplock_ack_handler;
+	transport1->oplock.private_data = tree1;
+	transport1->lease.handler = torture_lease_handler;
+	transport1->lease.private_data = tree1;
+	smb2_keepalive(transport1);
+	transport2_1->oplock.handler = torture_oplock_ack_handler;
+	transport2_1->oplock.private_data = tree2_1;
+	transport2_1->lease.handler = torture_lease_handler;
+	transport2_1->lease.private_data = tree2_1;
+	smb2_keepalive(transport2_1);
+	transport2_2->oplock.handler = torture_oplock_ack_handler;
+	transport2_2->oplock.private_data = tree2_2;
+	transport2_2->lease.handler = torture_lease_handler;
+	transport2_2->lease.private_data = tree2_2;
+	smb2_keepalive(transport2_2);
+	transport2_3->oplock.handler = torture_oplock_ack_handler;
+	transport2_3->oplock.private_data = tree2_3;
+	transport2_3->lease.handler = torture_lease_handler;
+	transport2_3->lease.private_data = tree2_3;
+	smb2_keepalive(transport2_3);
+	transport2_4->oplock.handler = torture_oplock_ack_handler;
+	transport2_4->oplock.private_data = tree2_4;
+	transport2_4->lease.handler = torture_lease_handler;
+	transport2_4->lease.private_data = tree2_4;
+	smb2_keepalive(transport2_4);
+
+	smb2_util_unlink(tree1, fname);
+	status = torture_smb2_testdir(tree1, BASEDIR, &_h1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree1, _h1);
+	CHECK_VAL(break_info.count, 0);
+
+	lease_key1 = random();
+	if (client1_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		smb2_lease_v2_create(&io1, &ls1, false /* dir */, fname,
+			lease_key1, NULL, smb2_util_lease_state("RWH"), lease_epoch1++);
+	} else {
+		smb2_oplock_create(&io1, fname, SMB2_OPLOCK_LEVEL_BATCH);
+	}
+	io1.in.durable_open = false;
+	io1.in.durable_open_v2 = true;
+	io1.in.persistent_open = false;
+	io1.in.create_guid = create_guid1;
+	io1.in.timeout = UINT32_MAX;
+
+	status = smb2_create(tree1, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h1 = io1.out.file.handle;
+	h1 = &_h1;
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io1.out.durable_open, false);
+	if (client1_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		CHECK_VAL(io1.out.oplock_level, SMB2_OPLOCK_LEVEL_LEASE);
+		CHECK_VAL(io1.out.lease_response_v2.lease_key.data[0], lease_key1);
+		CHECK_VAL(io1.out.lease_response_v2.lease_key.data[1], ~lease_key1);
+		CHECK_VAL(io1.out.lease_response_v2.lease_epoch, lease_epoch1);
+		CHECK_VAL(io1.out.lease_response_v2.lease_state,
+			  smb2_util_lease_state("RHW"));
+	} else {
+		CHECK_VAL(io1.out.oplock_level, SMB2_OPLOCK_LEVEL_BATCH);
+	}
+	CHECK_VAL(io1.out.durable_open_v2, true);
+	CHECK_VAL(io1.out.timeout, 300*1000);
+
+	lease_key2 = random();
+	if (client2_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		smb2_lease_v2_create(&io21, &ls2, false /* dir */, fname,
+			lease_key2, NULL, smb2_util_lease_state("RWH"), lease_epoch2++);
+	} else {
+		smb2_oplock_create(&io21, fname, client2_level);
+	}
+	io21.in.durable_open = false;
+	io21.in.durable_open_v2 = true;
+	io21.in.persistent_open = false;
+	io21.in.create_guid = create_guid2;
+	io21.in.timeout = UINT32_MAX;
+	io24 = io23 = io22 = io21;
+
+	req21 = smb2_create_send(tree2_1, &io21);
+	torture_assert(tctx, req21 != NULL, "req21");
+
+	if (client1_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		const struct smb2_lease_break *lb =
+			&lease_break_info.lease_break;
+		const struct smb2_lease *l = &lb->current_lease;
+		const struct smb2_lease_key *k = &l->lease_key;
+
+		torture_wait_for_lease_break(tctx);
+		CHECK_VAL(break_info.count, 0);
+		CHECK_VAL(lease_break_info.count, 1);
+
+		torture_assert(tctx,
+			lease_break_info.lease_transport == transport1,
+			"expect lease break on transport1\n");
+		CHECK_VAL(k->data[0], lease_key1);
+		CHECK_VAL(k->data[1], ~lease_key1);
+		CHECK_VAL(lb->new_lease_state,
+			  smb2_util_lease_state("RH"));
+		CHECK_VAL(lb->break_flags,
+			  SMB2_NOTIFY_BREAK_LEASE_FLAG_ACK_REQUIRED);
+		CHECK_VAL(lb->new_epoch, lease_epoch1+1);
+		lease_epoch1 += 1;
+	} else {
+		torture_wait_for_oplock_break(tctx);
+		CHECK_VAL(break_info.count, 1);
+		CHECK_VAL(lease_break_info.count, 0);
+
+		torture_assert(tctx,
+			break_info.received_transport == transport1,
+			"expect oplock break on transport1\n");
+		CHECK_VAL(break_info.handle.data[0], _h1.data[0]);
+		CHECK_VAL(break_info.handle.data[1], _h1.data[1]);
+		CHECK_VAL(break_info.level, SMB2_OPLOCK_LEVEL_II);
+	}
+
+	torture_reset_break_info(tctx, &break_info);
+	break_info.oplock_skip_ack = true;
+	torture_reset_lease_break_info(tctx, &lease_break_info);
+	lease_break_info.lease_skip_ack = true;
+
+	WAIT_FOR_ASYNC_RESPONSE(tctx, req21);
+
+	if (client1_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		torture_wait_for_lease_break(tctx);
+	} else {
+		torture_wait_for_oplock_break(tctx);
+	}
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(lease_break_info.count, 0);
+
+	block_setup = test_setup_blocked_transports(tctx);
+	torture_assert(tctx, block_setup, "test_setup_blocked_transports");
+
+	blocked2_1 = _test_block_smb2_transport(tctx, transport2_1, "transport2_1");
+	torture_assert_goto(tctx, blocked2_1, ret, done, "we could not block tcp transport");
+	smb2cli_session_reset_channel_sequence(session2_1->smbXcli, csn2++);
+
+	smb2cli_session_start_replay(session2_2->smbXcli);
+	transport2_2->options.request_timeout = 5;
+	status = smb2_create(tree2_2, tctx, &io22);
+	transport2_2->options.request_timeout = request_timeout2;
+	CHECK_STATUS(status, reject_status);
+	smb2cli_session_stop_replay(session2_2->smbXcli);
+
+	if (client1_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		torture_wait_for_lease_break(tctx);
+	} else {
+		torture_wait_for_oplock_break(tctx);
+	}
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(lease_break_info.count, 0);
+
+	blocked2_2 = _test_block_smb2_transport(tctx, transport2_2, "transport2_2");
+	torture_assert_goto(tctx, blocked2_2, ret, done, "we could not block tcp transport");
+	smb2cli_session_reset_channel_sequence(session2_2->smbXcli, csn2++);
+
+	smb2cli_session_start_replay(session2_3->smbXcli);
+	transport2_3->options.request_timeout = 5;
+	status = smb2_create(tree2_3, tctx, &io23);
+	transport2_3->options.request_timeout = request_timeout2;
+	CHECK_STATUS(status, reject_status);
+	smb2cli_session_stop_replay(session2_3->smbXcli);
+
+	if (client1_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		torture_wait_for_lease_break(tctx);
+	} else {
+		torture_wait_for_oplock_break(tctx);
+	}
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(lease_break_info.count, 0);
+
+	smb2_util_close(tree1, _h1);
+	h1 = NULL;
+
+	status = smb2_create_recv(req21, tctx, &io21);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h21 = io21.out.file.handle;
+	h21 = &_h21;
+	CHECK_CREATED(&io21, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io21.out.oplock_level, client2_level);
+	CHECK_VAL(io21.out.durable_open, false);
+	if (client2_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		CHECK_VAL(io21.out.lease_response_v2.lease_key.data[0], lease_key2);
+		CHECK_VAL(io21.out.lease_response_v2.lease_key.data[1], ~lease_key2);
+		CHECK_VAL(io21.out.lease_response_v2.lease_epoch, lease_epoch2);
+		CHECK_VAL(io21.out.lease_response_v2.lease_state,
+			  smb2_util_lease_state("RHW"));
+		CHECK_VAL(io21.out.durable_open_v2, true);
+		CHECK_VAL(io21.out.timeout, 300*1000);
+	} else if (client2_level == SMB2_OPLOCK_LEVEL_BATCH) {
+		CHECK_VAL(io21.out.durable_open_v2, true);
+		CHECK_VAL(io21.out.timeout, 300*1000);
+	} else {
+		CHECK_VAL(io21.out.durable_open_v2, false);
+	}
+
+	if (client1_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		torture_wait_for_lease_break(tctx);
+	} else {
+		torture_wait_for_oplock_break(tctx);
+	}
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(lease_break_info.count, 0);
+
+	blocked2_3 = _test_block_smb2_transport(tctx, transport2_3, "transport2_3");
+	torture_assert_goto(tctx, blocked2_3, ret, done, "we could not block tcp transport");
+	smb2cli_session_reset_channel_sequence(session2_3->smbXcli, csn2++);
+
+	smb2cli_session_start_replay(session2_4->smbXcli);
+	status = smb2_create(tree2_4, tctx, &io24);
+	smb2cli_session_stop_replay(session2_4->smbXcli);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h24 = io24.out.file.handle;
+	h24 = &_h24;
+	CHECK_CREATED(&io24, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(h24->data[0], h21->data[0]);
+	CHECK_VAL(h24->data[1], h21->data[1]);
+	if (client2_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		CHECK_VAL(io24.out.lease_response_v2.lease_key.data[0], lease_key2);
+		CHECK_VAL(io24.out.lease_response_v2.lease_key.data[1], ~lease_key2);
+		CHECK_VAL(io24.out.lease_response_v2.lease_epoch, lease_epoch2);
+		CHECK_VAL(io24.out.lease_response_v2.lease_state,
+			  smb2_util_lease_state("RHW"));
+		CHECK_VAL(io24.out.durable_open_v2, true);
+		CHECK_VAL(io24.out.timeout, 300*1000);
+	} else if (client2_level == SMB2_OPLOCK_LEVEL_BATCH) {
+		CHECK_VAL(io24.out.durable_open_v2, true);
+		CHECK_VAL(io24.out.timeout, 300*1000);
+	} else {
+		CHECK_VAL(io24.out.durable_open_v2, false);
+	}
+
+	if (client1_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		torture_wait_for_lease_break(tctx);
+	} else {
+		torture_wait_for_oplock_break(tctx);
+	}
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(lease_break_info.count, 0);
+	status = smb2_util_close(tree2_4, *h24);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h24 = NULL;
+
+	if (client1_level == SMB2_OPLOCK_LEVEL_LEASE) {
+		torture_wait_for_lease_break(tctx);
+	} else {
+		torture_wait_for_oplock_break(tctx);
+	}
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(lease_break_info.count, 0);
+
+done:
+
+	if (blocked2_3) {
+		_test_unblock_smb2_transport(tctx, transport2_3, "transport2_3");
+	}
+	if (blocked2_2) {
+		_test_unblock_smb2_transport(tctx, transport2_2, "transport2_2");
+	}
+	if (blocked2_1) {
+		_test_unblock_smb2_transport(tctx, transport2_1, "transport2_1");
+	}
+	if (block_setup) {
+		test_cleanup_blocked_transports(tctx);
+	}
+
+	smbXcli_conn_disconnect(transport2_1->conn, NT_STATUS_LOCAL_DISCONNECT);
+	smbXcli_conn_disconnect(transport2_2->conn, NT_STATUS_LOCAL_DISCONNECT);
+	smbXcli_conn_disconnect(transport2_3->conn, NT_STATUS_LOCAL_DISCONNECT);
+	smbXcli_conn_disconnect(transport2_4->conn, NT_STATUS_LOCAL_DISCONNECT);
+
+	if (h1 != NULL) {
+		smb2_util_close(tree1, *h1);
+	}
+
+	smb2_deltree(tree1, BASEDIR);
+
+	TALLOC_FREE(tree1);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * This tests replay with a pending open with 4 channels
+ * and blocked transports on the client side.
+ *
+ * With a durablev2 request containing a create_guid,
+ * a share_access of READ/WRITE/DELETE,
+ * but without asking for an oplock nor a lease.
+ *
+ * While another client holds an RWH lease.
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the sane reject status of
+ * NT_STATUS_FILE_NOT_AVAILABLE.
+ *
+ * It won't pass against Windows as it returns
+ * NT_STATUS_ACCESS_DENIED see
+ * test_dhv2_pending3n_vs_lease_windows().
+ */
+static bool test_dhv2_pending3n_vs_lease_sane(struct torture_context *tctx,
+					      struct smb2_tree *tree1,
+					      struct smb2_tree *tree2_1)
+{
+	return _test_dhv2_pending3_vs_hold(tctx, __func__,
+					   SMB2_OPLOCK_LEVEL_LEASE,
+					   SMB2_OPLOCK_LEVEL_NONE,
+					   NT_STATUS_FILE_NOT_AVAILABLE,
+					   tree1, tree2_1);
+}
+
+/**
+ * This tests replay with a pending open with 4 channels
+ * and blocked transports on the client side.
+ *
+ * With a durablev2 request containing a create_guid,
+ * a share_access of READ/WRITE/DELETE,
+ * but without asking for an oplock nor a lease.
+ *
+ * While another client holds an RWH lease.
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the strange reject status of
+ * NT_STATUS_ACCESS_DENIED, which is returned
+ * by Windows Servers.
+ *
+ * It won't pass against Samba as it returns
+ * NT_STATUS_FILE_NOT_AVAILABLE. see
+ * test_dhv2_pending3n_vs_lease_sane.
+ */
+static bool test_dhv2_pending3n_vs_lease_windows(struct torture_context *tctx,
+						 struct smb2_tree *tree1,
+						 struct smb2_tree *tree2_1)
+{
+	return _test_dhv2_pending3_vs_hold(tctx, __func__,
+					   SMB2_OPLOCK_LEVEL_LEASE,
+					   SMB2_OPLOCK_LEVEL_NONE,
+					   NT_STATUS_ACCESS_DENIED,
+					   tree1, tree2_1);
+}
+
+/**
+ * This tests replay with a pending open with 4 channels
+ * and blocked transports on the client side.
+ *
+ * With a durablev2 request containing a create_guid,
+ * a share_access of READ/WRITE/DELETE,
+ * but without asking for an oplock nor a lease.
+ *
+ * While another client holds a batch oplock.
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the sane reject status of
+ * NT_STATUS_FILE_NOT_AVAILABLE.
+ *
+ * It won't pass against Windows as it returns
+ * NT_STATUS_ACCESS_DENIED see
+ * test_dhv2_pending3n_vs_oplock_windows().
+ */
+static bool test_dhv2_pending3n_vs_oplock_sane(struct torture_context *tctx,
+					       struct smb2_tree *tree1,
+					       struct smb2_tree *tree2_1)
+{
+	return _test_dhv2_pending3_vs_hold(tctx, __func__,
+					   SMB2_OPLOCK_LEVEL_BATCH,
+					   SMB2_OPLOCK_LEVEL_NONE,
+					   NT_STATUS_FILE_NOT_AVAILABLE,
+					   tree1, tree2_1);
+}
+
+/**
+ * This tests replay with a pending open with 4 channels
+ * and blocked transports on the client side.
+ *
+ * With a durablev2 request containing a create_guid,
+ * a share_access of READ/WRITE/DELETE,
+ * but without asking for an oplock nor a lease.
+ *
+ * While another client holds a batch oplock.
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the strange reject status of
+ * NT_STATUS_ACCESS_DENIED, which is returned
+ * by Windows Servers.
+ *
+ * It won't pass against Samba as it returns
+ * NT_STATUS_FILE_NOT_AVAILABLE. see
+ * test_dhv2_pending3n_vs_oplock_sane.
+ */
+static bool test_dhv2_pending3n_vs_oplock_windows(struct torture_context *tctx,
+						  struct smb2_tree *tree1,
+						  struct smb2_tree *tree2_1)
+{
+	return _test_dhv2_pending3_vs_hold(tctx, __func__,
+					   SMB2_OPLOCK_LEVEL_BATCH,
+					   SMB2_OPLOCK_LEVEL_NONE,
+					   NT_STATUS_ACCESS_DENIED,
+					   tree1, tree2_1);
+}
+
+/**
+ * This tests replay with a pending open with 4 channels
+ * and blocked transports on the client side.
+ *
+ * With a durablev2 request containing a create_guid,
+ * a share_access of READ/WRITE/DELETE,
+ * and asking for a v2 lease.
+ *
+ * While another client holds a batch oplock.
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the sane reject status of
+ * NT_STATUS_FILE_NOT_AVAILABLE.
+ *
+ * It won't pass against Windows as it returns
+ * NT_STATUS_ACCESS_DENIED see
+ * test_dhv2_pending3l_vs_oplock_windows().
+ */
+static bool test_dhv2_pending3l_vs_oplock_sane(struct torture_context *tctx,
+					       struct smb2_tree *tree1,
+					       struct smb2_tree *tree2_1)
+{
+	return _test_dhv2_pending3_vs_hold(tctx, __func__,
+					   SMB2_OPLOCK_LEVEL_BATCH,
+					   SMB2_OPLOCK_LEVEL_LEASE,
+					   NT_STATUS_FILE_NOT_AVAILABLE,
+					   tree1, tree2_1);
+}
+
+/**
+ * This tests replay with a pending open with 4 channels
+ * and blocked transports on the client side.
+ *
+ * With a durablev2 request containing a create_guid,
+ * a share_access of READ/WRITE/DELETE,
+ * and asking for a v2 lease.
+ *
+ * While another client holds a batch oplock.
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the strange reject status of
+ * NT_STATUS_ACCESS_DENIED, which is returned
+ * by Windows Servers.
+ *
+ * It won't pass against Samba as it returns
+ * NT_STATUS_FILE_NOT_AVAILABLE. see
+ * test_dhv2_pending3l_vs_oplock_sane.
+ */
+static bool test_dhv2_pending3l_vs_oplock_windows(struct torture_context *tctx,
+						  struct smb2_tree *tree1,
+						  struct smb2_tree *tree2_1)
+{
+	return _test_dhv2_pending3_vs_hold(tctx, __func__,
+					   SMB2_OPLOCK_LEVEL_BATCH,
+					   SMB2_OPLOCK_LEVEL_LEASE,
+					   NT_STATUS_ACCESS_DENIED,
+					   tree1, tree2_1);
+}
+
+/**
+ * This tests replay with a pending open with 4 channels
+ * and blocked transports on the client side.
+ *
+ * With a durablev2 request containing a create_guid,
+ * a share_access of READ/WRITE/DELETE,
+ * and asking for a v2 lease.
+ *
+ * While another client holds an RWH lease.
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the sane reject status of
+ * NT_STATUS_FILE_NOT_AVAILABLE.
+ *
+ * It won't pass against Windows as it returns
+ * NT_STATUS_ACCESS_DENIED see
+ * test_dhv2_pending3l_vs_lease_windows().
+ */
+static bool test_dhv2_pending3l_vs_lease_sane(struct torture_context *tctx,
+					      struct smb2_tree *tree1,
+					      struct smb2_tree *tree2_1)
+{
+	return _test_dhv2_pending3_vs_hold(tctx, __func__,
+					   SMB2_OPLOCK_LEVEL_LEASE,
+					   SMB2_OPLOCK_LEVEL_LEASE,
+					   NT_STATUS_FILE_NOT_AVAILABLE,
+					   tree1, tree2_1);
+}
+
+/**
+ * This tests replay with a pending open with 4 channels
+ * and blocked transports on the client side.
+ *
+ * With a durablev2 request containing a create_guid,
+ * a share_access of READ/WRITE/DELETE,
+ * and asking for a v2 lease.
+ *
+ * While another client holds an RWH lease.
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the strange reject status of
+ * NT_STATUS_ACCESS_DENIED, which is returned
+ * by Windows Servers.
+ *
+ * It won't pass against Samba as it returns
+ * NT_STATUS_FILE_NOT_AVAILABLE. see
+ * test_dhv2_pending3l_vs_lease_sane().
+ */
+static bool test_dhv2_pending3l_vs_lease_windows(struct torture_context *tctx,
+						 struct smb2_tree *tree1,
+						 struct smb2_tree *tree2_1)
+{
+	return _test_dhv2_pending3_vs_hold(tctx, __func__,
+					   SMB2_OPLOCK_LEVEL_LEASE,
+					   SMB2_OPLOCK_LEVEL_LEASE,
+					   NT_STATUS_ACCESS_DENIED,
+					   tree1, tree2_1);
+}
+
+/**
+ * This tests replay with a pending open with 4 channels
+ * and blocked transports on the client side.
+ *
+ * With a durablev2 request containing a create_guid,
+ * a share_access of READ/WRITE/DELETE,
+ * and asking for a batch oplock.
+ *
+ * While another client holds a batch oplock.
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the sane reject status of
+ * NT_STATUS_FILE_NOT_AVAILABLE.
+ *
+ * It won't pass against Windows as it returns
+ * NT_STATUS_ACCESS_DENIED see
+ * test_dhv2_pending3o_vs_oplock_windows().
+ */
+static bool test_dhv2_pending3o_vs_oplock_sane(struct torture_context *tctx,
+					       struct smb2_tree *tree1,
+					       struct smb2_tree *tree2_1)
+{
+	return _test_dhv2_pending3_vs_hold(tctx, __func__,
+					   SMB2_OPLOCK_LEVEL_BATCH,
+					   SMB2_OPLOCK_LEVEL_BATCH,
+					   NT_STATUS_FILE_NOT_AVAILABLE,
+					   tree1, tree2_1);
+}
+
+/**
+ * This tests replay with a pending open with 4 channels
+ * and blocked transports on the client side.
+ *
+ * With a durablev2 request containing a create_guid,
+ * a share_access of READ/WRITE/DELETE,
+ * and asking for a batch oplock.
+ *
+ * While another client holds a batch oplock.
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the strange reject status of
+ * NT_STATUS_ACCESS_DENIED, which is returned
+ * by Windows Servers.
+ *
+ * It won't pass against Samba as it returns
+ * NT_STATUS_FILE_NOT_AVAILABLE. see
+ * test_dhv2_pending3o_vs_oplock_sane().
+ */
+static bool test_dhv2_pending3o_vs_oplock_windows(struct torture_context *tctx,
+						  struct smb2_tree *tree1,
+						  struct smb2_tree *tree2_1)
+{
+	return _test_dhv2_pending3_vs_hold(tctx, __func__,
+					   SMB2_OPLOCK_LEVEL_BATCH,
+					   SMB2_OPLOCK_LEVEL_BATCH,
+					   NT_STATUS_ACCESS_DENIED,
+					   tree1, tree2_1);
+}
+
+/**
+ * This tests replay with a pending open with 4 channels
+ * and blocked transports on the client side.
+ *
+ * With a durablev2 request containing a create_guid,
+ * a share_access of READ/WRITE/DELETE,
+ * and asking for a batch oplock.
+ *
+ * While another client holds an RWH lease.
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the sane reject status of
+ * NT_STATUS_FILE_NOT_AVAILABLE.
+ *
+ * It won't pass against Windows as it returns
+ * NT_STATUS_ACCESS_DENIED see
+ * test_dhv2_pending3o_vs_lease_windows().
+ */
+static bool test_dhv2_pending3o_vs_lease_sane(struct torture_context *tctx,
+					      struct smb2_tree *tree1,
+					      struct smb2_tree *tree2_1)
+{
+	return _test_dhv2_pending3_vs_hold(tctx, __func__,
+					   SMB2_OPLOCK_LEVEL_LEASE,
+					   SMB2_OPLOCK_LEVEL_BATCH,
+					   NT_STATUS_FILE_NOT_AVAILABLE,
+					   tree1, tree2_1);
+}
+
+/**
+ * This tests replay with a pending open with 4 channels
+ * and blocked transports on the client side.
+ *
+ * With a durablev2 request containing a create_guid,
+ * a share_access of READ/WRITE/DELETE,
+ * and asking for a batch oplock.
+ *
+ * While another client holds an RWH lease.
+ * And allows share_access of READ/WRITE/DELETE.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14449
+ *
+ * This expects the strange reject status of
+ * NT_STATUS_ACCESS_DENIED, which is returned
+ * by Windows Servers.
+ *
+ * It won't pass against Samba as it returns
+ * NT_STATUS_FILE_NOT_AVAILABLE. see
+ * test_dhv2_pending3o_vs_lease_sane().
+ */
+static bool test_dhv2_pending3o_vs_lease_windows(struct torture_context *tctx,
+						 struct smb2_tree *tree1,
+						 struct smb2_tree *tree2_1)
+{
+	return _test_dhv2_pending3_vs_hold(tctx, __func__,
+					   SMB2_OPLOCK_LEVEL_LEASE,
+					   SMB2_OPLOCK_LEVEL_BATCH,
+					   NT_STATUS_ACCESS_DENIED,
+					   tree1, tree2_1);
+}
+
+static bool test_channel_sequence_table(struct torture_context *tctx,
+					struct smb2_tree *tree,
+					bool do_replay,
+					uint16_t opcode)
+{
+	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_handle handle;
+	struct smb2_handle *phandle = NULL;
+	struct smb2_create io;
+	struct GUID create_guid = GUID_random();
+	bool ret = true;
+	const char *fname = BASEDIR "\\channel_sequence.dat";
+	uint16_t csn = 0;
+	uint16_t limit = UINT16_MAX - 0x7fff;
+	int i;
+	struct {
+		uint16_t csn;
+		bool csn_rand_low;
+		bool csn_rand_high;
+		NTSTATUS expected_status;
+	} tests[] = {
+		{
+			.csn			= 0,
+			.expected_status	= NT_STATUS_OK,
+		},{
+			.csn			= 0x7fff + 1,
+			.expected_status	= NT_STATUS_FILE_NOT_AVAILABLE,
+		},{
+			.csn			= 0x7fff + 2,
+			.expected_status	= NT_STATUS_FILE_NOT_AVAILABLE,
+		},{
+			.csn			= -1,
+			.csn_rand_high		= true,
+			.expected_status	= NT_STATUS_FILE_NOT_AVAILABLE,
+		},{
+			.csn			= 0xffff,
+			.expected_status	= NT_STATUS_FILE_NOT_AVAILABLE,
+		},{
+			.csn			= 0x7fff,
+			.expected_status	= NT_STATUS_OK,
+		},{
+			.csn			= 0x7ffe,
+			.expected_status	= NT_STATUS_FILE_NOT_AVAILABLE,
+		},{
+			.csn			= 0,
+			.expected_status	= NT_STATUS_FILE_NOT_AVAILABLE,
+		},{
+			.csn			= -1,
+			.csn_rand_low		= true,
+			.expected_status	= NT_STATUS_FILE_NOT_AVAILABLE,
+		},{
+			.csn			= 0x7fff + 1,
+			.expected_status	= NT_STATUS_OK,
+		},{
+			.csn			= 0xffff,
+			.expected_status	= NT_STATUS_OK,
+		},{
+			.csn			= 0,
+			.expected_status	= NT_STATUS_OK,
+		},{
+			.csn			= 1,
+			.expected_status	= NT_STATUS_OK,
+		},{
+			.csn			= 0,
+			.expected_status	= NT_STATUS_FILE_NOT_AVAILABLE,
+		},{
+			.csn			= 1,
+			.expected_status	= NT_STATUS_OK,
+		},{
+			.csn			= 0xffff,
+			.expected_status	= NT_STATUS_FILE_NOT_AVAILABLE,
+		}
+	};
+
+	smb2cli_session_reset_channel_sequence(tree->session->smbXcli, 0);
+
+	csn = smb2cli_session_current_channel_sequence(tree->session->smbXcli);
+	torture_comment(tctx, "Testing create with channel sequence number: 0x%04x\n", csn);
+
+	smb2_oplock_create_share(&io, fname,
+			smb2_util_share_access("RWD"),
+			smb2_util_oplock_level("b"));
+	io.in.durable_open = false;
+	io.in.durable_open_v2 = true;
+	io.in.create_guid = create_guid;
+	io.in.timeout = UINT32_MAX;
+
+	torture_assert_ntstatus_ok_goto(tctx,
+		smb2_create(tree, mem_ctx, &io),
+		ret, done, "failed to call smb2_create");
+
+	handle = io.out.file.handle;
+	phandle = &handle;
+
+	for (i=0; i <ARRAY_SIZE(tests); i++) {
+
+		const char *opstr = "";
+		union smb_fileinfo qfinfo;
+
+		csn = tests[i].csn;
+
+		if (tests[i].csn_rand_low) {
+			csn = rand() % limit;
+		} else if (tests[i].csn_rand_high) {
+			csn = rand() % limit + 0x7fff;
+		}
+
+		switch (opcode) {
+		case SMB2_OP_WRITE:
+			opstr = "write";
+			break;
+		case SMB2_OP_IOCTL:
+			opstr = "ioctl";
+			break;
+		case SMB2_OP_SETINFO:
+			opstr = "setinfo";
+			break;
+		default:
+			break;
+		}
+
+		smb2cli_session_reset_channel_sequence(tree->session->smbXcli, csn);
+		csn = smb2cli_session_current_channel_sequence(tree->session->smbXcli);
+
+		torture_comment(tctx, "Testing %s (replay: %s) with CSN 0x%04x, expecting: %s\n",
+			opstr, do_replay ? "true" : "false", csn,
+			nt_errstr(tests[i].expected_status));
+
+		if (do_replay) {
+			smb2cli_session_start_replay(tree->session->smbXcli);
+		}
+
+		switch (opcode) {
+		case SMB2_OP_WRITE: {
+			DATA_BLOB blob = data_blob_talloc(tctx, NULL, 255);
+
+			generate_random_buffer(blob.data, blob.length);
+
+			status = smb2_util_write(tree, handle, blob.data, 0, blob.length);
+			if (NT_STATUS_IS_OK(status)) {
+				struct smb2_read rd;
+
+				rd = (struct smb2_read) {
+					.in.file.handle = handle,
+					.in.length = blob.length,
+					.in.offset = 0
+				};
+
+				torture_assert_ntstatus_ok_goto(tctx,
+					smb2_read(tree, tree, &rd),
+					ret, done, "failed to read after write");
+
+				torture_assert_data_blob_equal(tctx,
+					rd.out.data, blob,
+					"read/write mismatch");
+			}
+			break;
+		}
+		case SMB2_OP_IOCTL: {
+			union smb_ioctl ioctl;
+			ioctl = (union smb_ioctl) {
+				.smb2.level = RAW_IOCTL_SMB2,
+				.smb2.in.file.handle = handle,
+				.smb2.in.function = FSCTL_CREATE_OR_GET_OBJECT_ID,
+				.smb2.in.max_output_response = 64,
+				.smb2.in.flags = SMB2_IOCTL_FLAG_IS_FSCTL
+			};
+			status = smb2_ioctl(tree, mem_ctx, &ioctl.smb2);
+			break;
+		}
+		case SMB2_OP_SETINFO: {
+			union smb_setfileinfo sfinfo;
+			ZERO_STRUCT(sfinfo);
+			sfinfo.generic.level = RAW_SFILEINFO_POSITION_INFORMATION;
+			sfinfo.generic.in.file.handle = handle;
+			sfinfo.position_information.in.position = 0x1000;
+			status = smb2_setinfo_file(tree, &sfinfo);
+			break;
+		}
+		default:
+			break;
+		}
+
+		qfinfo = (union smb_fileinfo) {
+			.generic.level = RAW_FILEINFO_POSITION_INFORMATION,
+			.generic.in.file.handle = handle
+		};
+
+		torture_assert_ntstatus_ok_goto(tctx,
+			smb2_getinfo_file(tree, mem_ctx, &qfinfo),
+			ret, done, "failed to read after write");
+
+		if (do_replay) {
+			smb2cli_session_stop_replay(tree->session->smbXcli);
+		}
+
+		torture_assert_ntstatus_equal_goto(tctx,
+			status, tests[i].expected_status,
+			ret, done, "got unexpected failure code");
+
+	}
+done:
+	if (phandle != NULL) {
+		smb2_util_close(tree, *phandle);
+	}
+
+	smb2_util_unlink(tree, fname);
+
+	return ret;
+}
+
+static bool test_channel_sequence(struct torture_context *tctx,
+				  struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	bool ret = true;
+	const char *fname = BASEDIR "\\channel_sequence.dat";
+	struct smb2_transport *transport1 = tree->session->transport;
+	struct smb2_handle handle;
+	uint16_t opcodes[] = { SMB2_OP_WRITE, SMB2_OP_IOCTL, SMB2_OP_SETINFO };
+	int i;
+
+	if (smbXcli_conn_protocol(transport1->conn) < PROTOCOL_SMB3_00) {
+		torture_skip(tctx, "SMB 3.X Dialect family required for "
+				   "Replay tests\n");
+	}
+
+	torture_comment(tctx, "Testing channel sequence numbers\n");
+
+	smbXcli_conn_set_force_channel_sequence(transport1->conn, true);
+
+	torture_assert_ntstatus_ok_goto(tctx,
+		torture_smb2_testdir(tree, BASEDIR, &handle),
+		ret, done, "failed to setup test directory");
+
+	smb2_util_close(tree, handle);
+	smb2_util_unlink(tree, fname);
+
+	for (i=0; i <ARRAY_SIZE(opcodes); i++) {
+		torture_assert(tctx,
+			test_channel_sequence_table(tctx, tree, false, opcodes[i]),
+			"failed to test CSN without replay flag");
+		torture_assert(tctx,
+			test_channel_sequence_table(tctx, tree, true, opcodes[i]),
+			"failed to test CSN with replay flag");
+	}
+
+done:
+
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, BASEDIR);
+
+	talloc_free(tree);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * Test Durability V2 Create Replay Detection on Multi Channel
+ */
+static bool test_replay3(struct torture_context *tctx, struct smb2_tree *tree1)
+{
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *share = torture_setting_string(tctx, "share", NULL);
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_create io;
+	struct GUID create_guid = GUID_random();
+	bool ret = true;
+	const char *fname = BASEDIR "\\replay3.dat";
+	struct smb2_tree *tree2 = NULL;
+	struct smb2_transport *transport1 = tree1->session->transport;
+	struct smb2_transport *transport2 = NULL;
+	struct smb2_session *session1_1 = tree1->session;
+	struct smb2_session *session1_2 = NULL;
+	uint32_t share_capabilities;
+	bool share_is_so;
+	uint32_t server_capabilities;
+
+	if (smbXcli_conn_protocol(transport1->conn) < PROTOCOL_SMB3_00) {
+		torture_skip(tctx, "SMB 3.X Dialect family required for "
+				   "Replay tests\n");
+	}
+
+	server_capabilities = smb2cli_conn_server_capabilities(
+					tree1->session->transport->conn);
+	if (!(server_capabilities & SMB2_CAP_MULTI_CHANNEL)) {
+		torture_skip(tctx,
+			     "Server does not support multi-channel.");
+	}
+
+	share_capabilities = smb2cli_tcon_capabilities(tree1->smbXcli);
+	share_is_so = share_capabilities & SMB2_SHARE_CAP_SCALEOUT;
+
+	torture_reset_break_info(tctx, &break_info);
+	transport1->oplock.handler = torture_oplock_ack_handler;
+	transport1->oplock.private_data = tree1;
+
+	torture_comment(tctx, "Replay of DurableHandleReqV2 on Multi "
+			      "Channel\n");
+	status = torture_smb2_testdir(tree1, BASEDIR, &_h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree1, _h);
+	smb2_util_unlink(tree1, fname);
+	CHECK_VAL(break_info.count, 0);
+
+	/*
+	 * use the 1st channel, 1st session
+	 */
+	smb2_oplock_create_share(&io, fname,
+			smb2_util_share_access(""),
+			smb2_util_oplock_level("b"));
+	io.in.durable_open = false;
+	io.in.durable_open_v2 = true;
+	io.in.persistent_open = false;
+	io.in.create_guid = create_guid;
+	io.in.timeout = UINT32_MAX;
+
+	tree1->session = session1_1;
+	status = smb2_create(tree1, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h = io.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	if (share_is_so) {
+		CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("s"));
+		CHECK_VAL(io.out.durable_open_v2, false);
+		CHECK_VAL(io.out.timeout, 0);
+	} else {
+		CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+		CHECK_VAL(io.out.durable_open_v2, true);
+		CHECK_VAL(io.out.timeout, 300*1000);
+	}
+	CHECK_VAL(io.out.durable_open, false);
+	CHECK_VAL(break_info.count, 0);
+
+	status = smb2_connect(tctx,
+			host,
+			lpcfg_smb_ports(tctx->lp_ctx),
+			share,
+			lpcfg_resolve_context(tctx->lp_ctx),
+			samba_cmdline_get_creds(),
+			&tree2,
+			tctx->ev,
+			&transport1->options,
+			lpcfg_socket_options(tctx->lp_ctx),
+			lpcfg_gensec_settings(tctx, tctx->lp_ctx)
+			);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+			"smb2_connect failed");
+	transport2 = tree2->session->transport;
+
+	transport2->oplock.handler = torture_oplock_ack_handler;
+	transport2->oplock.private_data = tree2;
+
+	/*
+	 * Now bind the 1st session to 2nd transport channel
+	 */
+	session1_2 = smb2_session_channel(transport2,
+			lpcfg_gensec_settings(tctx, tctx->lp_ctx),
+			tree2, session1_1);
+	torture_assert(tctx, session1_2 != NULL, "smb2_session_channel failed");
+
+	status = smb2_session_setup_spnego(session1_2,
+			samba_cmdline_get_creds(),
+			0 /* previous_session_id */);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * use the 2nd channel, 1st session
+	 */
+	tree1->session = session1_2;
+	smb2cli_session_start_replay(tree1->session->smbXcli);
+	status = smb2_create(tree1, mem_ctx, &io);
+	smb2cli_session_stop_replay(tree1->session->smbXcli);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h = io.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	if (share_is_so) {
+		CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("s"));
+		CHECK_VAL(io.out.durable_open_v2, false);
+		CHECK_VAL(io.out.timeout, 0);
+	} else {
+		CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+		CHECK_VAL(io.out.durable_open_v2, true);
+		CHECK_VAL(io.out.timeout, 300*1000);
+	}
+	CHECK_VAL(io.out.durable_open, false);
+	CHECK_VAL(break_info.count, 0);
+
+	tree1->session = session1_1;
+	smb2_util_close(tree1, *h);
+	h = NULL;
+
+done:
+	talloc_free(tree2);
+	tree1->session = session1_1;
+
+	if (h != NULL) {
+		smb2_util_close(tree1, *h);
+	}
+
+	smb2_util_unlink(tree1, fname);
+	smb2_deltree(tree1, BASEDIR);
+
+	talloc_free(tree1);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * Test Multichannel IO Ordering using ChannelSequence/Channel Epoch number
+ */
+static bool test_replay4(struct torture_context *tctx, struct smb2_tree *tree1)
+{
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *share = torture_setting_string(tctx, "share", NULL);
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_handle _h1;
+	struct smb2_handle *h1 = NULL;
+	struct smb2_create io;
+	struct GUID create_guid = GUID_random();
+	uint8_t buf[64];
+	struct smb2_read rd;
+	union smb_setfileinfo sfinfo;
+	bool ret = true;
+	const char *fname = BASEDIR "\\replay4.dat";
+	struct smb2_tree *tree2 = NULL;
+	struct smb2_transport *transport1 = tree1->session->transport;
+	struct smb2_transport *transport2 = NULL;
+	struct smb2_session *session1_1 = tree1->session;
+	struct smb2_session *session1_2 = NULL;
+	uint16_t curr_cs;
+	uint32_t share_capabilities;
+	bool share_is_so;
+	uint32_t server_capabilities;
+
+	if (smbXcli_conn_protocol(transport1->conn) < PROTOCOL_SMB3_00) {
+		torture_skip(tctx, "SMB 3.X Dialect family required for "
+				   "Replay tests\n");
+	}
+
+	server_capabilities = smb2cli_conn_server_capabilities(
+					tree1->session->transport->conn);
+	if (!(server_capabilities & SMB2_CAP_MULTI_CHANNEL)) {
+		torture_skip(tctx,
+			     "Server does not support multi-channel.");
+	}
+
+	share_capabilities = smb2cli_tcon_capabilities(tree1->smbXcli);
+	share_is_so = share_capabilities & SMB2_SHARE_CAP_SCALEOUT;
+
+	torture_reset_break_info(tctx, &break_info);
+	transport1->oplock.handler = torture_oplock_ack_handler;
+	transport1->oplock.private_data = tree1;
+
+	torture_comment(tctx, "IO Ordering for Multi Channel\n");
+	status = torture_smb2_testdir(tree1, BASEDIR, &_h1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree1, _h1);
+	smb2_util_unlink(tree1, fname);
+	CHECK_VAL(break_info.count, 0);
+
+	/*
+	 * use the 1st channel, 1st session
+	 */
+
+	smb2_oplock_create_share(&io, fname,
+			smb2_util_share_access(""),
+			smb2_util_oplock_level("b"));
+	io.in.durable_open = false;
+	io.in.durable_open_v2 = true;
+	io.in.persistent_open = false;
+	io.in.create_guid = create_guid;
+	io.in.timeout = UINT32_MAX;
+
+	tree1->session = session1_1;
+	status = smb2_create(tree1, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h1 = io.out.file.handle;
+	h1 = &_h1;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	if (share_is_so) {
+		CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("s"));
+		CHECK_VAL(io.out.durable_open_v2, false);
+		CHECK_VAL(io.out.timeout, 0);
+	} else {
+		CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+		CHECK_VAL(io.out.durable_open_v2, true);
+		CHECK_VAL(io.out.timeout, 300*1000);
+	}
+	CHECK_VAL(io.out.durable_open, false);
+	CHECK_VAL(break_info.count, 0);
+
+	status = smb2_util_write(tree1, *h1, buf, 0, ARRAY_SIZE(buf));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * Increment ChannelSequence so that server thinks that there's a
+	 * Channel Failure
+	 */
+	smb2cli_session_increment_channel_sequence(tree1->session->smbXcli);
+
+	/*
+	 * Perform a Read with incremented ChannelSequence
+	 */
+	rd = (struct smb2_read) {
+		.in.file.handle = *h1,
+		.in.length = sizeof(buf),
+		.in.offset = 0
+	};
+	status = smb2_read(tree1, tree1, &rd);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * Performing a Write with Stale ChannelSequence is not allowed by
+	 * server
+	 */
+	curr_cs = smb2cli_session_reset_channel_sequence(
+						tree1->session->smbXcli, 0);
+	status = smb2_util_write(tree1, *h1, buf, 0, ARRAY_SIZE(buf));
+	CHECK_STATUS(status, NT_STATUS_FILE_NOT_AVAILABLE);
+
+	/*
+	 * Performing a Write Replay with Stale ChannelSequence is not allowed
+	 * by server
+	 */
+	smb2cli_session_start_replay(tree1->session->smbXcli);
+	smb2cli_session_reset_channel_sequence(tree1->session->smbXcli, 0);
+	status = smb2_util_write(tree1, *h1, buf, 0, ARRAY_SIZE(buf));
+	smb2cli_session_stop_replay(tree1->session->smbXcli);
+	CHECK_STATUS(status, NT_STATUS_FILE_NOT_AVAILABLE);
+
+	/*
+	 * Performing a SetInfo with stale ChannelSequence is not allowed by
+	 * server
+	 */
+	ZERO_STRUCT(sfinfo);
+	sfinfo.generic.level = RAW_SFILEINFO_POSITION_INFORMATION;
+	sfinfo.generic.in.file.handle = *h1;
+	sfinfo.position_information.in.position = 0x1000;
+	status = smb2_setinfo_file(tree1, &sfinfo);
+	CHECK_STATUS(status, NT_STATUS_FILE_NOT_AVAILABLE);
+
+	/*
+	 * Performing a Read with stale ChannelSequence is allowed
+	 */
+	rd = (struct smb2_read) {
+		.in.file.handle = *h1,
+		.in.length = ARRAY_SIZE(buf),
+		.in.offset = 0
+	};
+	status = smb2_read(tree1, tree1, &rd);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_connect(tctx,
+			host,
+			lpcfg_smb_ports(tctx->lp_ctx),
+			share,
+			lpcfg_resolve_context(tctx->lp_ctx),
+			samba_cmdline_get_creds(),
+			&tree2,
+			tctx->ev,
+			&transport1->options,
+			lpcfg_socket_options(tctx->lp_ctx),
+			lpcfg_gensec_settings(tctx, tctx->lp_ctx)
+			);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+			"smb2_connect failed");
+	transport2 = tree2->session->transport;
+
+	transport2->oplock.handler = torture_oplock_ack_handler;
+	transport2->oplock.private_data = tree2;
+
+	/*
+	 * Now bind the 1st session to 2nd transport channel
+	 */
+	session1_2 = smb2_session_channel(transport2,
+			lpcfg_gensec_settings(tctx, tctx->lp_ctx),
+			tree2, session1_1);
+	torture_assert(tctx, session1_2 != NULL, "smb2_session_channel failed");
+
+	status = smb2_session_setup_spnego(session1_2,
+			samba_cmdline_get_creds(),
+			0 /* previous_session_id */);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * use the 2nd channel, 1st session
+	 */
+	tree1->session = session1_2;
+
+	/*
+	 * Write Replay with Correct ChannelSequence is allowed by the server
+	 */
+	smb2cli_session_start_replay(tree1->session->smbXcli);
+	smb2cli_session_reset_channel_sequence(tree1->session->smbXcli,
+					       curr_cs);
+	status = smb2_util_write(tree1, *h1, buf, 0, ARRAY_SIZE(buf));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2cli_session_stop_replay(tree1->session->smbXcli);
+
+	/*
+	 * See what happens if we change the Buffer and perform a Write Replay.
+	 * This is to show that Write Replay does not really care about the data
+	 */
+	memset(buf, 'r', ARRAY_SIZE(buf));
+	smb2cli_session_start_replay(tree1->session->smbXcli);
+	status = smb2_util_write(tree1, *h1, buf, 0, ARRAY_SIZE(buf));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2cli_session_stop_replay(tree1->session->smbXcli);
+
+	/*
+	 * Read back from File to verify what was written
+	 */
+	rd = (struct smb2_read) {
+		.in.file.handle = *h1,
+		.in.length = ARRAY_SIZE(buf),
+		.in.offset = 0
+	};
+	status = smb2_read(tree1, tree1, &rd);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	if ((rd.out.data.length != ARRAY_SIZE(buf)) ||
+			memcmp(rd.out.data.data, buf, ARRAY_SIZE(buf))) {
+		torture_comment(tctx, "Write Replay Data Mismatch\n");
+	}
+
+	tree1->session = session1_1;
+	smb2_util_close(tree1, *h1);
+	h1 = NULL;
+
+	if (share_is_so) {
+		CHECK_VAL(break_info.count, 1);
+	} else {
+		CHECK_VAL(break_info.count, 0);
+	}
+done:
+	talloc_free(tree2);
+	tree1->session = session1_1;
+
+	if (h1 != NULL) {
+		smb2_util_close(tree1, *h1);
+	}
+
+	smb2_util_unlink(tree1, fname);
+	smb2_deltree(tree1, BASEDIR);
+
+	talloc_free(tree1);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * Test Durability V2 Persistent Create Replay on a Single Channel
+ */
+static bool test_replay5(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_create io;
+	struct GUID create_guid = GUID_random();
+	bool ret = true;
+	uint32_t share_capabilities;
+	bool share_is_ca;
+	bool share_is_so;
+	uint32_t server_capabilities;
+	const char *fname = BASEDIR "\\replay5.dat";
+	struct smb2_transport *transport = tree->session->transport;
+	struct smbcli_options options = tree->session->transport->options;
+	uint8_t expect_oplock = smb2_util_oplock_level("b");
+	NTSTATUS expect_status = NT_STATUS_DUPLICATE_OBJECTID;
+
+	if (smbXcli_conn_protocol(transport->conn) < PROTOCOL_SMB3_00) {
+		torture_skip(tctx, "SMB 3.X Dialect family required for "
+				"Replay tests\n");
+	}
+
+	server_capabilities = smb2cli_conn_server_capabilities(
+					tree->session->transport->conn);
+	if (!(server_capabilities & SMB2_CAP_PERSISTENT_HANDLES)) {
+		torture_skip(tctx,
+			     "Server does not support persistent handles.");
+	}
+
+	share_capabilities = smb2cli_tcon_capabilities(tree->smbXcli);
+
+	share_is_ca = share_capabilities & SMB2_SHARE_CAP_CONTINUOUS_AVAILABILITY;
+	if (!share_is_ca) {
+		torture_skip(tctx, "Share is not continuously available.");
+	}
+
+	share_is_so = share_capabilities & SMB2_SHARE_CAP_SCALEOUT;
+	if (share_is_so) {
+		expect_oplock = smb2_util_oplock_level("s");
+		expect_status = NT_STATUS_FILE_NOT_AVAILABLE;
+	}
+
+	torture_reset_break_info(tctx, &break_info);
+	transport->oplock.handler = torture_oplock_ack_handler;
+	transport->oplock.private_data = tree;
+
+	torture_comment(tctx, "Replay of Persistent DurableHandleReqV2 on Single "
+			"Channel\n");
+	status = torture_smb2_testdir(tree, BASEDIR, &_h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, _h);
+	smb2_util_unlink(tree, fname);
+	CHECK_VAL(break_info.count, 0);
+
+	smb2_oplock_create_share(&io, fname,
+			smb2_util_share_access("RWD"),
+			smb2_util_oplock_level("b"));
+	io.in.durable_open = false;
+	io.in.durable_open_v2 = true;
+	io.in.persistent_open = true;
+	io.in.create_guid = create_guid;
+	io.in.timeout = UINT32_MAX;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h = io.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.oplock_level, expect_oplock);
+	CHECK_VAL(io.out.durable_open, false);
+	CHECK_VAL(io.out.durable_open_v2, true);
+	CHECK_VAL(io.out.persistent_open, true);
+	CHECK_VAL(io.out.timeout, 300*1000);
+	CHECK_VAL(break_info.count, 0);
+
+	/* disconnect, leaving the durable open */
+	TALLOC_FREE(tree);
+
+	if (!torture_smb2_connection_ext(tctx, 0, &options, &tree)) {
+		torture_warning(tctx, "couldn't reconnect, bailing\n");
+		ret = false;
+		goto done;
+	}
+
+	/* a re-open of a persistent handle causes an error */
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, expect_status);
+
+	/* SMB2_FLAGS_REPLAY_OPERATION must be set to open the Persistent Handle */
+	smb2cli_session_start_replay(tree->session->smbXcli);
+	smb2cli_session_increment_channel_sequence(tree->session->smbXcli);
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.durable_open, false);
+	CHECK_VAL(io.out.persistent_open, true);
+	CHECK_VAL(io.out.oplock_level, expect_oplock);
+	_h = io.out.file.handle;
+	h = &_h;
+
+	smb2_util_close(tree, *h);
+	h = NULL;
+done:
+	if (h != NULL) {
+		smb2_util_close(tree, *h);
+	}
+
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, BASEDIR);
+
+	talloc_free(tree);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+
+/**
+ * Test Error Codes when a DurableHandleReqV2 with matching CreateGuid is
+ * re-sent with or without SMB2_FLAGS_REPLAY_OPERATION
+ */
+static bool test_replay6(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_handle _h;
+	struct smb2_handle *h = NULL;
+	struct smb2_create io, ref1;
+	union smb_fileinfo qfinfo;
+	struct GUID create_guid = GUID_random();
+	bool ret = true;
+	const char *fname = BASEDIR "\\replay6.dat";
+	struct smb2_transport *transport = tree->session->transport;
+
+	if (smbXcli_conn_protocol(transport->conn) < PROTOCOL_SMB3_00) {
+		torture_skip(tctx, "SMB 3.X Dialect family required for "
+				   "replay tests\n");
+	}
+
+	torture_reset_break_info(tctx, &break_info);
+	tree->session->transport->oplock.handler = torture_oplock_ack_handler;
+	tree->session->transport->oplock.private_data = tree;
+
+	torture_comment(tctx, "Error Codes for DurableHandleReqV2 Replay\n");
+	smb2_util_unlink(tree, fname);
+	status = torture_smb2_testdir(tree, BASEDIR, &_h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, _h);
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	torture_reset_break_info(tctx, &break_info);
+
+	smb2_oplock_create_share(&io, fname,
+			smb2_util_share_access("RWD"),
+			smb2_util_oplock_level("b"));
+	io.in.durable_open = false;
+	io.in.durable_open_v2 = true;
+	io.in.persistent_open = false;
+	io.in.create_guid = create_guid;
+	io.in.timeout = UINT32_MAX;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	ref1 = io;
+	_h = io.out.file.handle;
+	h = &_h;
+	CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
+	CHECK_VAL(io.out.durable_open, false);
+	CHECK_VAL(io.out.durable_open_v2, true);
+
+	io.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
+	io.in.create_disposition = NTCREATEX_DISP_OPEN;
+	smb2cli_session_start_replay(tree->session->smbXcli);
+	status = smb2_create(tree, mem_ctx, &io);
+	smb2cli_session_stop_replay(tree->session->smbXcli);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_CREATE_OUT(&io, &ref1);
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	torture_reset_break_info(tctx, &break_info);
+
+	qfinfo = (union smb_fileinfo) {
+		.generic.level = RAW_FILEINFO_POSITION_INFORMATION,
+		.generic.in.file.handle = *h
+	};
+	torture_comment(tctx, "Trying getinfo\n");
+	status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(qfinfo.position_information.out.position, 0);
+
+	smb2cli_session_start_replay(tree->session->smbXcli);
+	status = smb2_create(tree, mem_ctx, &io);
+	smb2cli_session_stop_replay(tree->session->smbXcli);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	torture_assert_u64_not_equal_goto(tctx,
+		io.out.file.handle.data[0],
+		ref1.out.file.handle.data[0],
+		ret, done, "data 0");
+	torture_assert_u64_not_equal_goto(tctx,
+		io.out.file.handle.data[1],
+		ref1.out.file.handle.data[1],
+		ret, done, "data 1");
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 1);
+	CHECK_VAL(break_info.level, smb2_util_oplock_level("s"));
+	torture_reset_break_info(tctx, &break_info);
+
+	/*
+	 * Resend the matching Durable V2 Create without
+	 * SMB2_FLAGS_REPLAY_OPERATION. This triggers an oplock break and still
+	 * gets NT_STATUS_DUPLICATE_OBJECTID
+	 */
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_DUPLICATE_OBJECTID);
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	torture_reset_break_info(tctx, &break_info);
+
+	/*
+	 * According to MS-SMB2 3.3.5.9.10 if Durable V2 Create is replayed and
+	 * FileAttributes or CreateDisposition do not match the earlier Create
+	 * request the Server fails request with
+	 * NT_STATUS_INVALID_PARAMETER. But through this test we see that server
+	 * does not really care about changed FileAttributes or
+	 * CreateDisposition.
+	 */
+	io.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
+	io.in.create_disposition = NTCREATEX_DISP_OPEN;
+	smb2cli_session_start_replay(tree->session->smbXcli);
+	status = smb2_create(tree, mem_ctx, &io);
+	smb2cli_session_stop_replay(tree->session->smbXcli);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	torture_assert_u64_not_equal_goto(tctx,
+		io.out.file.handle.data[0],
+		ref1.out.file.handle.data[0],
+		ret, done, "data 0");
+	torture_assert_u64_not_equal_goto(tctx,
+		io.out.file.handle.data[1],
+		ref1.out.file.handle.data[1],
+		ret, done, "data 1");
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+
+done:
+	if (h != NULL) {
+		smb2_util_close(tree, *h);
+	}
+
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, BASEDIR);
+
+	talloc_free(tree);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+static bool test_replay7(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_transport *transport = tree->session->transport;
+	NTSTATUS status;
+	struct smb2_handle _dh;
+	struct smb2_handle *dh = NULL;
+	struct smb2_notify notify;
+	struct smb2_request *req;
+	union smb_fileinfo qfinfo;
+	bool ret = false;
+
+	if (smbXcli_conn_protocol(transport->conn) < PROTOCOL_SMB3_00) {
+		torture_skip(tctx, "SMB 3.X Dialect family required for "
+				   "replay tests\n");
+	}
+
+	torture_comment(tctx, "Notify across increment/decrement of csn\n");
+
+	smbXcli_conn_set_force_channel_sequence(transport->conn, true);
+
+	status = torture_smb2_testdir(tree, BASEDIR, &_dh);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	dh = &_dh;
+
+	notify.in.recursive		= 0x0000;
+	notify.in.buffer_size	= 0xffff;
+	notify.in.file.handle	= _dh;
+	notify.in.completion_filter	= FILE_NOTIFY_CHANGE_FILE_NAME;
+	notify.in.unknown		= 0x00000000;
+
+	/*
+	 * This posts a long-running request with csn==0 to "dh". Now
+	 * op->request_count==1 in smb2_server.c.
+	 */
+	smb2cli_session_reset_channel_sequence(tree->session->smbXcli, 0);
+	req = smb2_notify_send(tree, &notify);
+
+	qfinfo = (union smb_fileinfo) {
+		.generic.level = RAW_FILEINFO_POSITION_INFORMATION,
+		.generic.in.file.handle = _dh
+	};
+
+	/*
+	 * This sequence of 2 dummy requests moves
+	 * op->request_count==1 to op->pre_request_count. The numbers
+	 * used avoid int16 overflow.
+	 */
+
+	smb2cli_session_reset_channel_sequence(tree->session->smbXcli, 30000);
+	status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	smb2cli_session_reset_channel_sequence(tree->session->smbXcli, 60000);
+	status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * This final request turns the op->global->channel_sequence
+	 * to the same as we had when sending the notify above. The
+	 * notify's request count has in the meantime moved to
+	 * op->pre_request_count.
+	 */
+
+	smb2cli_session_reset_channel_sequence(tree->session->smbXcli, 0);
+	status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * At this point op->request_count==0.
+	 *
+	 * The next cancel makes us reply to the notify. Because the
+	 * csn we currently use is the same as we used when sending
+	 * the notify, smbd thinks it must decrement op->request_count
+	 * and not op->pre_request_count.
+	 */
+
+	status = smb2_cancel(req);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_notify_recv(req, mem_ctx, &notify);
+	CHECK_STATUS(status, NT_STATUS_CANCELLED);
+
+	ret = true;
+
+done:
+	if (dh != NULL) {
+		smb2_util_close(tree, _dh);
+	}
+	smb2_deltree(tree, BASEDIR);
+	talloc_free(tree);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+struct torture_suite *torture_smb2_replay_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite =
+		torture_suite_create(ctx, "replay");
+
+	torture_suite_add_1smb2_test(suite, "replay-commands", test_replay_commands);
+	torture_suite_add_1smb2_test(suite, "replay-regular", test_replay_regular);
+	torture_suite_add_1smb2_test(suite, "replay-dhv2-oplock1", test_replay_dhv2_oplock1);
+	torture_suite_add_1smb2_test(suite, "replay-dhv2-oplock2", test_replay_dhv2_oplock2);
+	torture_suite_add_1smb2_test(suite, "replay-dhv2-oplock3", test_replay_dhv2_oplock3);
+	torture_suite_add_1smb2_test(suite, "replay-dhv2-oplock-lease", test_replay_dhv2_oplock_lease);
+	torture_suite_add_1smb2_test(suite, "replay-dhv2-lease1",  test_replay_dhv2_lease1);
+	torture_suite_add_1smb2_test(suite, "replay-dhv2-lease2",  test_replay_dhv2_lease2);
+	torture_suite_add_1smb2_test(suite, "replay-dhv2-lease3",  test_replay_dhv2_lease3);
+	torture_suite_add_1smb2_test(suite, "replay-dhv2-lease-oplock",  test_replay_dhv2_lease_oplock);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending1n-vs-violation-lease-close-sane", test_dhv2_pending1n_vs_violation_lease_close_sane);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending1n-vs-violation-lease-ack-sane", test_dhv2_pending1n_vs_violation_lease_ack_sane);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending1n-vs-violation-lease-close-windows", test_dhv2_pending1n_vs_violation_lease_close_windows);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending1n-vs-violation-lease-ack-windows", test_dhv2_pending1n_vs_violation_lease_ack_windows);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending1n-vs-oplock-sane", test_dhv2_pending1n_vs_oplock_sane);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending1n-vs-oplock-windows", test_dhv2_pending1n_vs_oplock_windows);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending1n-vs-lease-sane", test_dhv2_pending1n_vs_lease_sane);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending1n-vs-lease-windows",  test_dhv2_pending1n_vs_lease_windows);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending1l-vs-oplock-sane", test_dhv2_pending1l_vs_oplock_sane);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending1l-vs-oplock-windows", test_dhv2_pending1l_vs_oplock_windows);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending1l-vs-lease-sane", test_dhv2_pending1l_vs_lease_sane);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending1l-vs-lease-windows", test_dhv2_pending1l_vs_lease_windows);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending1o-vs-oplock-sane", test_dhv2_pending1o_vs_oplock_sane);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending1o-vs-oplock-windows", test_dhv2_pending1o_vs_oplock_windows);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending1o-vs-lease-sane", test_dhv2_pending1o_vs_lease_sane);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending1o-vs-lease-windows", test_dhv2_pending1o_vs_lease_windows);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending2n-vs-oplock-sane", test_dhv2_pending2n_vs_oplock_sane);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending2n-vs-oplock-windows", test_dhv2_pending2n_vs_oplock_windows);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending2n-vs-lease-sane", test_dhv2_pending2n_vs_lease_sane);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending2n-vs-lease-windows", test_dhv2_pending2n_vs_lease_windows);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending2l-vs-oplock-sane", test_dhv2_pending2l_vs_oplock_sane);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending2l-vs-oplock-windows", test_dhv2_pending2l_vs_oplock_windows);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending2l-vs-lease-sane", test_dhv2_pending2l_vs_lease_sane);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending2l-vs-lease-windows", test_dhv2_pending2l_vs_lease_windows);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending2o-vs-oplock-sane", test_dhv2_pending2o_vs_oplock_sane);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending2o-vs-oplock-windows", test_dhv2_pending2o_vs_oplock_windows);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending2o-vs-lease-sane", test_dhv2_pending2o_vs_lease_sane);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending2o-vs-lease-windows", test_dhv2_pending2o_vs_lease_windows);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending3n-vs-oplock-sane", test_dhv2_pending3n_vs_oplock_sane);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending3n-vs-oplock-windows", test_dhv2_pending3n_vs_oplock_windows);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending3n-vs-lease-sane", test_dhv2_pending3n_vs_lease_sane);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending3n-vs-lease-windows", test_dhv2_pending3n_vs_lease_windows);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending3l-vs-oplock-sane",  test_dhv2_pending3l_vs_oplock_sane);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending3l-vs-oplock-windows",  test_dhv2_pending3l_vs_oplock_windows);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending3l-vs-lease-sane",  test_dhv2_pending3l_vs_lease_sane);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending3l-vs-lease-windows",  test_dhv2_pending3l_vs_lease_windows);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending3o-vs-oplock-sane",  test_dhv2_pending3o_vs_oplock_sane);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending3o-vs-oplock-windows",  test_dhv2_pending3o_vs_oplock_windows);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending3o-vs-lease-sane",  test_dhv2_pending3o_vs_lease_sane);
+	torture_suite_add_2smb2_test(suite, "dhv2-pending3o-vs-lease-windows",  test_dhv2_pending3o_vs_lease_windows);
+	torture_suite_add_1smb2_test(suite, "channel-sequence", test_channel_sequence);
+	torture_suite_add_1smb2_test(suite, "replay3", test_replay3);
+	torture_suite_add_1smb2_test(suite, "replay4", test_replay4);
+	torture_suite_add_1smb2_test(suite, "replay5", test_replay5);
+	torture_suite_add_1smb2_test(suite, "replay6", test_replay6);
+	torture_suite_add_1smb2_test(suite, "replay7", test_replay7);
+
+	suite->description = talloc_strdup(suite, "SMB2 REPLAY tests");
+
+	return suite;
+}
diff --git a/source4/torture/smb2/samba3misc.c b/source4/torture/smb2/samba3misc.c
new file mode 100644
index 0000000..6696c06
--- /dev/null
+++ b/source4/torture/smb2/samba3misc.c
@@ -0,0 +1,189 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Test some misc Samba3 code paths
+
+   Copyright (C) Volker Lendecke 2006
+   Copyright (C) Stefan Metzmacher 2019
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/time.h"
+#include "system/filesys.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "../libcli/smb/smbXcli_base.h"
+#include "torture/torture.h"
+#include "torture/smb2/proto.h"
+#include "torture/util.h"
+#include "lib/events/events.h"
+#include "param/param.h"
+
+#define CHECK_STATUS(status, correct) do { \
+	const char *_cmt = "(" __location__ ")"; \
+	torture_assert_ntstatus_equal_goto(tctx,status,correct, \
+					   ret,done,_cmt); \
+	} while (0)
+
+#define BASEDIR "samba3misc.smb2"
+
+#define WAIT_FOR_ASYNC_RESPONSE(req) \
+	while (!req->cancel.can_cancel && req->state <= SMB2_REQUEST_RECV) { \
+		if (tevent_loop_once(tctx->ev) != 0) { \
+			break; \
+		} \
+	}
+
+static void torture_smb2_tree_disconnect_timer(struct tevent_context *ev,
+					       struct tevent_timer *te,
+					       struct timeval now,
+					       void *private_data)
+{
+	struct smb2_tree *tree =
+		talloc_get_type_abort(private_data,
+		struct smb2_tree);
+
+	smbXcli_conn_disconnect(tree->session->transport->conn,
+				NT_STATUS_CTX_CLIENT_QUERY_TIMEOUT);
+}
+
+/*
+ * Check that Samba3 correctly deals with conflicting local posix byte range
+ * locks on an underlying file via "normal" SMB2 (without posix extensions).
+ *
+ * Note: This test depends on "posix locking = yes".
+ * Note: To run this test, use "--option=torture:localdir=<LOCALDIR>"
+ */
+static bool torture_samba3_localposixlock1(struct torture_context *tctx,
+					   struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	bool ret = true;
+	int rc;
+	const char *fname = "posixtimedlock.dat";
+	const char *fpath;
+	const char *localdir;
+	const char *localname;
+	struct smb2_handle h = {{0}};
+	struct smb2_lock lck = {0};
+	struct smb2_lock_element el[1] = {{0}};
+	struct smb2_request *req = NULL;
+	int fd = -1;
+	struct flock posix_lock;
+	struct tevent_timer *te;
+
+	status = torture_smb2_testdir(tree, BASEDIR, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, h);
+
+	status = torture_smb2_testfile(tree, fname, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	fpath = talloc_asprintf(tctx, "%s\\%s", BASEDIR, fname);
+	torture_assert(tctx, fpath != NULL, "fpath\n");
+
+	status = torture_smb2_testfile(tree, fpath, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	localdir = torture_setting_string(tctx, "localdir", NULL);
+	torture_assert(tctx, localdir != NULL,
+		       "--option=torture:localdir=<LOCALDIR> required\n");
+
+	localname = talloc_asprintf(tctx, "%s/%s/%s",
+				    localdir, BASEDIR, fname);
+	torture_assert(tctx, localname != NULL, "localname\n");
+
+	/*
+	 * Lock a byte range from posix
+	 */
+
+	torture_comment(tctx, "  local open(%s)\n", localname);
+	fd = open(localname, O_RDWR);
+	if (fd == -1) {
+		torture_warning(tctx, "open(%s) failed: %s\n",
+				localname, strerror(errno));
+		torture_assert(tctx, fd != -1, "open localname\n");
+	}
+
+	posix_lock.l_type = F_WRLCK;
+	posix_lock.l_whence = SEEK_SET;
+	posix_lock.l_start = 0;
+	posix_lock.l_len = 1;
+
+	torture_comment(tctx, "  local fcntl\n");
+	rc = fcntl(fd, F_SETLK, &posix_lock);
+	if (rc == -1) {
+		torture_warning(tctx, "fcntl failed: %s\n", strerror(errno));
+		torture_assert_goto(tctx, rc != -1, ret, done,
+				    "fcntl lock\n");
+	}
+
+	el[0].offset		= 0;
+	el[0].length		= 1;
+	el[0].reserved		= 0x00000000;
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	lck.in.locks		= el;
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x00000000;
+	lck.in.file.handle	= h;
+
+	torture_comment(tctx, "  remote non-blocking lock\n");
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+	torture_comment(tctx, "  remote async blocking lock\n");
+	el[0].flags		= SMB2_LOCK_FLAG_EXCLUSIVE;
+	req = smb2_lock_send(tree, &lck);
+	torture_assert_goto(tctx, req != NULL, ret, done, "smb2_lock_send()\n");
+
+	te = tevent_add_timer(tctx->ev,
+			      tctx, timeval_current_ofs(5, 0),
+			      torture_smb2_tree_disconnect_timer,
+			      tree);
+	torture_assert_goto(tctx, te != NULL, ret, done, "tevent_add_timer\n");
+
+	torture_comment(tctx, "  remote wait for STATUS_PENDING\n");
+	WAIT_FOR_ASYNC_RESPONSE(req);
+
+	torture_comment(tctx, "  local close file\n");
+	close(fd);
+	fd = -1;
+
+	torture_comment(tctx, "  remote lock should now succeed\n");
+	status = smb2_lock_recv(req, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+done:
+	if (fd != -1) {
+		close(fd);
+	}
+	smb2_util_close(tree, h);
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+struct torture_suite *torture_smb2_samba3misc_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "samba3misc");
+
+	torture_suite_add_1smb2_test(suite, "localposixlock1",
+				     torture_samba3_localposixlock1);
+
+	suite->description = talloc_strdup(suite, "SMB2 Samba3 MISC");
+
+	return suite;
+}
diff --git a/source4/torture/smb2/scan.c b/source4/torture/smb2/scan.c
new file mode 100644
index 0000000..086cc75
--- /dev/null
+++ b/source4/torture/smb2/scan.c
@@ -0,0 +1,265 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   SMB2 opcode scanner
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "lib/cmdline/cmdline.h"
+#include "torture/torture.h"
+#include "param/param.h"
+#include "libcli/resolve/resolve.h"
+
+#include "torture/smb2/proto.h"
+
+/* 
+   scan for valid SMB2 getinfo levels
+*/
+static bool torture_smb2_getinfo_scan(struct torture_context *tctx)
+{
+	struct smb2_tree *tree;
+	NTSTATUS status;
+	struct smb2_getinfo io;
+	struct smb2_handle fhandle, dhandle;
+	int c, i;
+
+	static const char *FNAME  = "scan-getinfo.dat";
+	static const char *FNAME2 = "scan-getinfo.dat:2ndstream";
+	static const char *DNAME  = "scan-getinfo.dir";
+	static const char *DNAME2 = "scan-getinfo.dir:2ndstream";
+
+	if (!torture_smb2_connection(tctx, &tree)) {
+		return false;
+	}
+
+	status = torture_setup_complex_file(tctx, tree, FNAME);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "Failed to setup complex file '%s': %s\n",
+		       FNAME, nt_errstr(status));
+		return false;
+	}
+	torture_setup_complex_file(tctx, tree, FNAME2);
+
+	status = torture_setup_complex_dir(tctx, tree, DNAME);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "Failed to setup complex dir '%s': %s\n",
+		       DNAME, nt_errstr(status));
+		smb2_util_unlink(tree, FNAME);
+		return false;
+	}
+	torture_setup_complex_file(tctx, tree, DNAME2);
+
+	torture_smb2_testfile(tree, FNAME, &fhandle);
+	torture_smb2_testdir(tree, DNAME, &dhandle);
+
+
+	ZERO_STRUCT(io);
+	io.in.output_buffer_length = 0xFFFF;
+
+	for (c=1;c<5;c++) {
+		for (i=0;i<0x100;i++) {
+			io.in.info_type = c;
+			io.in.info_class = i;
+
+			io.in.file.handle = fhandle;
+			status = smb2_getinfo(tree, tctx, &io);
+			if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_INFO_CLASS)) {
+				torture_comment(tctx, "file level 0x%02x:%02x %u is %ld bytes - %s\n",
+				       io.in.info_type, io.in.info_class, 
+				       (unsigned)io.in.info_class, 
+				       (long)io.out.blob.length, nt_errstr(status));
+				dump_data(1, io.out.blob.data, io.out.blob.length);
+			}
+
+			io.in.file.handle = dhandle;
+			status = smb2_getinfo(tree, tctx, &io);
+			if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_INFO_CLASS)) {
+				torture_comment(tctx, "dir  level 0x%02x:%02x %u is %ld bytes - %s\n",
+				       io.in.info_type, io.in.info_class,
+				       (unsigned)io.in.info_class, 
+				       (long)io.out.blob.length, nt_errstr(status));
+				dump_data(1, io.out.blob.data, io.out.blob.length);
+			}
+		}
+	}
+
+	smb2_util_unlink(tree, FNAME);
+	smb2_util_rmdir(tree, DNAME);
+	return true;
+}
+
+/* 
+   scan for valid SMB2 setinfo levels
+*/
+static bool torture_smb2_setinfo_scan(struct torture_context *tctx)
+{
+	static const char *FNAME  = "scan-setinfo.dat";
+	static const char *FNAME2 = "scan-setinfo.dat:2ndstream";
+
+	struct smb2_tree *tree;
+	NTSTATUS status;
+	struct smb2_setinfo io;
+	struct smb2_handle handle;
+	int c, i;
+
+	if (!torture_smb2_connection(tctx, &tree)) {
+		return false;
+	}
+
+	status = torture_setup_complex_file(tctx, tree, FNAME);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "Failed to setup complex file '%s': %s\n",
+		       FNAME, nt_errstr(status));
+		return false;
+	}
+	torture_setup_complex_file(tctx, tree, FNAME2);
+
+	torture_smb2_testfile(tree, FNAME, &handle);
+
+	ZERO_STRUCT(io);
+	io.in.blob = data_blob_talloc_zero(tctx, 1024);
+
+	for (c=1;c<5;c++) {
+		for (i=0;i<0x100;i++) {
+			io.in.level = (i<<8) | c;
+			io.in.file.handle = handle;
+			status = smb2_setinfo(tree, &io);
+			if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_INFO_CLASS)) {
+				torture_comment(tctx, "file level 0x%04x - %s\n",
+				       io.in.level, nt_errstr(status));
+			}
+		}
+	}
+
+	smb2_util_unlink(tree, FNAME);
+	return true;
+}
+
+
+/* 
+   scan for valid SMB2 scan levels
+*/
+static bool torture_smb2_find_scan(struct torture_context *tctx)
+{
+	struct smb2_tree *tree;
+	NTSTATUS status;
+	struct smb2_find io;
+	struct smb2_handle handle;
+	int i;
+
+	if (!torture_smb2_connection(tctx, &tree)) {
+		return false;
+	}
+
+	torture_assert_ntstatus_ok(tctx,
+		smb2_util_roothandle(tree, &handle),
+		"Failed to open roothandle");
+
+	ZERO_STRUCT(io);
+	io.in.file.handle	= handle;
+	io.in.pattern		= "*";
+	io.in.continue_flags	= SMB2_CONTINUE_FLAG_RESTART;
+	io.in.max_response_size	= 0x10000;
+
+	for (i=1;i<0x100;i++) {
+		io.in.level = i;
+
+		io.in.file.handle = handle;
+		status = smb2_find(tree, tctx, &io);
+		if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_INFO_CLASS) &&
+		    !NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER) &&
+		    !NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
+			torture_comment(tctx, "find level 0x%04x is %ld bytes - %s\n",
+			       io.in.level, (long)io.out.blob.length, nt_errstr(status));
+			dump_data(1, io.out.blob.data, io.out.blob.length);
+		}
+	}
+
+	return true;
+}
+
+/* 
+   scan for valid SMB2 opcodes
+*/
+static bool torture_smb2_scan(struct torture_context *tctx)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_tree *tree;
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *share = torture_setting_string(tctx, "share", NULL);
+	NTSTATUS status;
+	int opcode;
+	struct smb2_request *req;
+	struct smbcli_options options;
+
+	lpcfg_smbcli_options(tctx->lp_ctx, &options);
+
+	status = smb2_connect(mem_ctx, host,
+			      lpcfg_smb_ports(tctx->lp_ctx),
+			      share,
+			      lpcfg_resolve_context(tctx->lp_ctx),
+			      samba_cmdline_get_creds(),
+			      &tree, tctx->ev, &options,
+			      lpcfg_socket_options(tctx->lp_ctx),
+			      lpcfg_gensec_settings(tctx, tctx->lp_ctx));
+	torture_assert_ntstatus_ok(tctx, status, "Connection failed");
+
+	tree->session->transport->options.request_timeout = 3;
+
+	for (opcode=0;opcode<1000;opcode++) {
+		req = smb2_request_init_tree(tree, opcode, 2, false, 0);
+		SSVAL(req->out.body, 0, 0);
+		smb2_transport_send(req);
+		if (!smb2_request_receive(req)) {
+			talloc_free(tree);
+			status = smb2_connect(mem_ctx, host,
+					      lpcfg_smb_ports(tctx->lp_ctx),
+					      share,
+					      lpcfg_resolve_context(tctx->lp_ctx),
+					      samba_cmdline_get_creds(),
+					      &tree, tctx->ev, &options,
+					      lpcfg_socket_options(tctx->lp_ctx),
+					      lpcfg_gensec_settings(mem_ctx, tctx->lp_ctx));
+			torture_assert_ntstatus_ok(tctx, status, "Connection failed");
+			tree->session->transport->options.request_timeout = 3;
+		} else {
+			status = smb2_request_destroy(req);
+			torture_comment(tctx, "active opcode %4d gave status %s\n", opcode, nt_errstr(status));
+		}
+	}
+
+	talloc_free(mem_ctx);
+
+	return true;
+}
+
+struct torture_suite *torture_smb2_scan_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "scan");
+
+	torture_suite_add_simple_test(suite, "scan", torture_smb2_scan);
+	torture_suite_add_simple_test(suite, "getinfo", torture_smb2_getinfo_scan);
+	torture_suite_add_simple_test(suite, "setinfo", torture_smb2_setinfo_scan);
+	torture_suite_add_simple_test(suite, "find", torture_smb2_find_scan);
+
+	suite->description = talloc_strdup(suite, "scan target (not a test)");
+
+	return suite;
+}
diff --git a/source4/torture/smb2/secleak.c b/source4/torture/smb2/secleak.c
new file mode 100644
index 0000000..ca709ed
--- /dev/null
+++ b/source4/torture/smb2/secleak.c
@@ -0,0 +1,91 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   find security related memory leaks
+
+   Copyright (C) Andrew Tridgell 2004
+   Copyright (C) David Mulder 2020
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "libcli/libcli.h"
+#include "torture/util.h"
+#include "system/time.h"
+#include "libcli/smb_composite/smb_composite.h"
+#include "auth/credentials/credentials.h"
+#include "param/param.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "torture/smb2/proto.h"
+#include "../libcli/smb/smbXcli_base.h"
+
+static bool try_failed_login(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	struct cli_credentials *credentials = NULL;
+	uint32_t sessid = 0;
+	struct smb2_session *session = NULL;
+	bool result = true;
+
+	session = smb2_session_init(tree->session->transport,
+				    lpcfg_gensec_settings(tctx, tctx->lp_ctx),
+				    tctx);
+	torture_assert(tctx, session, "Session initialization failed");
+
+	sessid = smb2cli_session_current_id(tree->session->smbXcli);
+	credentials = cli_credentials_init(session);
+	torture_assert_goto(tctx, credentials, result, done,
+			    "Credential allocation failed");
+
+	cli_credentials_set_conf(credentials, tctx->lp_ctx);
+	cli_credentials_set_domain(credentials, "INVALID-DOMAIN", CRED_SPECIFIED);
+	cli_credentials_set_username(credentials, "INVALID-USERNAME", CRED_SPECIFIED);
+	cli_credentials_set_password(credentials, "INVALID-PASSWORD", CRED_SPECIFIED);
+
+	status = smb2_session_setup_spnego(session, credentials, sessid);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+		NT_STATUS_LOGON_FAILURE, result, done,
+		"Allowed session setup with invalid credentials?!\n");
+
+done:
+	/* smb2_session_init() steals the transport, and if we don't steal it
+	 * back before freeing session, then we segfault on the next iteration
+	 * because the transport pointer in the tree is now invalid.
+	 */
+	tree->session->transport = talloc_steal(tree->session, session->transport);
+	talloc_free(session);
+
+	return result;
+}
+
+bool torture_smb2_sec_leak(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	time_t t1 = time_mono(NULL);
+	int timelimit = torture_setting_int(tctx, "timelimit", 20);
+	bool result;
+
+	while (time_mono(NULL) < t1+timelimit) {
+		result = try_failed_login(tctx, tree);
+		torture_assert(tctx, result,
+			       "Invalid credentials should have failed");
+
+		talloc_report(NULL, stdout);
+	}
+
+	return true;
+}
diff --git a/source4/torture/smb2/sessid.c b/source4/torture/smb2/sessid.c
new file mode 100644
index 0000000..bdcec05
--- /dev/null
+++ b/source4/torture/smb2/sessid.c
@@ -0,0 +1,100 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB torture tester
+   Copyright (C) Andrew Tridgell 1997-2003
+   Copyright (C) Jelmer Vernooij 2006
+   Copyright (C) David Mulder 2020
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/smbtorture.h"
+#include "libcli/libcli.h"
+#include "libcli/raw/raw_proto.h"
+#include "system/filesys.h"
+#include "system/time.h"
+#include "libcli/resolve/resolve.h"
+#include "lib/events/events.h"
+#include "param/param.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "torture/smb2/proto.h"
+#include "libcli/smb/smbXcli_base.h"
+
+
+static void smb2cli_session_set_id(struct smbXcli_session *session,
+				   uint64_t session_id)
+{
+	smb2cli_session_set_id_and_flags(session, session_id,
+					 smb2cli_session_get_flags(session));
+}
+
+/**
+  Try with a wrong session id and check error message.
+ */
+
+bool run_sessidtest(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	const char *fname = "sessid.tst";
+	struct smb2_handle fnum;
+	struct smb2_create io = {0};
+	uint32_t session_id;
+	union smb_fileinfo finfo;
+
+	NTSTATUS status;
+
+	smb2_util_unlink(tree, fname);
+
+	io.in.fname = fname;
+	io.in.desired_access = SEC_FILE_READ_DATA | SEC_FILE_WRITE_DATA;
+	io.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+	io.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+			     NTCREATEX_SHARE_ACCESS_WRITE |
+			     NTCREATEX_SHARE_ACCESS_DELETE;
+	status = smb2_create(tree, tree, &io);
+	if (NT_STATUS_IS_ERR(status)) {
+		torture_result(tctx, TORTURE_FAIL, "open of %s failed (%s)\n",
+			       fname, nt_errstr(status));
+		return false;
+	}
+	fnum = io.out.file.handle;
+
+	session_id = smb2cli_session_current_id(tree->session->smbXcli);
+	smb2cli_session_set_id(tree->session->smbXcli, session_id+1234);
+
+	torture_comment(tctx, "Testing qfileinfo with wrong sessid\n");
+
+	finfo.all_info2.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+	finfo.all_info2.in.file.handle = fnum;
+	status = smb2_getinfo_file(tree, tctx, &finfo);
+	if (NT_STATUS_IS_OK(status)) {
+		torture_fail(tctx, "smb2_getinfo_file passed with wrong sessid");
+	}
+
+	torture_assert_ntstatus_equal(tctx, status,
+				      NT_STATUS_USER_SESSION_DELETED,
+				      "smb2_getinfo_file should have returned "
+				      "NT_STATUS_USER_SESSION_DELETED");
+
+	smb2cli_session_set_id(tree->session->smbXcli, session_id);
+
+	status = smb2_util_close(tree, fnum);
+	torture_assert_ntstatus_ok(tctx, status,
+		talloc_asprintf(tctx, "close failed (%s)", nt_errstr(status)));
+
+	smb2_util_unlink(tree, fname);
+
+	return true;
+}
diff --git a/source4/torture/smb2/session.c b/source4/torture/smb2/session.c
new file mode 100644
index 0000000..823304f
--- /dev/null
+++ b/source4/torture/smb2/session.c
@@ -0,0 +1,5670 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   test suite for SMB2 session setups
+
+   Copyright (C) Michael Adam 2012
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "torture/torture.h"
+#include "torture/util.h"
+#include "torture/smb2/proto.h"
+#include "../libcli/smb/smbXcli_base.h"
+#include "lib/cmdline/cmdline.h"
+#include "auth/credentials/credentials.h"
+#include "auth/credentials/credentials_krb5.h"
+#include "libcli/security/security.h"
+#include "libcli/resolve/resolve.h"
+#include "lib/param/param.h"
+#include "lib/util/tevent_ntstatus.h"
+
+/* Ticket lifetime we want to request in seconds */
+#define KRB5_TICKET_LIFETIME 5
+/* Allowed clock skew in seconds */
+#define KRB5_CLOCKSKEW 5
+/* Time till ticket fully expired in seconds */
+#define KRB5_TICKET_EXPIRETIME KRB5_TICKET_LIFETIME + KRB5_CLOCKSKEW
+
+#define texpand(x) #x
+#define GENSEC_GSSAPI_REQUESTED_LIFETIME(x) \
+	"gensec_gssapi:requested_life_time=" texpand(x)
+
+#define CHECK_CREATED(tctx, __io, __created, __attribute)			\
+	do {									\
+		torture_assert_int_equal(tctx, (__io)->out.create_action,	\
+						NTCREATEX_ACTION_ ## __created,	\
+						"out.create_action incorrect");	\
+		torture_assert_int_equal(tctx, (__io)->out.size, 0,		\
+						"out.size incorrect");		\
+		torture_assert_int_equal(tctx, (__io)->out.file_attr,		\
+						(__attribute),			\
+						"out.file_attr incorrect");	\
+		torture_assert_int_equal(tctx, (__io)->out.reserved2, 0,	\
+				"out.reserverd2 incorrect");			\
+	} while(0)
+
+#define WAIT_FOR_ASYNC_RESPONSE(req) \
+	while (!req->cancel.can_cancel && req->state <= SMB2_REQUEST_RECV) { \
+		if (tevent_loop_once(tctx->ev) != 0) { \
+			break; \
+		} \
+	}
+
+static void sleep_remaining(struct torture_context *tctx,
+			    const struct timeval *endtime)
+{
+	struct timeval current = tevent_timeval_current();
+	double remaining_secs = timeval_elapsed2(&current, endtime);
+
+	remaining_secs = remaining_secs < 1.0 ? 1.0 : remaining_secs;
+	torture_comment(
+		tctx,
+		"sleep for %2.f second(s) that the krb5 ticket expires",
+		remaining_secs);
+	smb_msleep((int)(remaining_secs * 1000));
+}
+
+/**
+ * basic test for doing a session reconnect
+ */
+bool test_session_reconnect1(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	struct smb2_handle _h1;
+	struct smb2_handle *h1 = NULL;
+	struct smb2_handle _h2;
+	struct smb2_handle *h2 = NULL;
+	struct smb2_create io1, io2;
+	uint64_t previous_session_id;
+	bool ret = true;
+	struct smb2_tree *tree2 = NULL;
+	union smb_fileinfo qfinfo;
+
+	/* Add some random component to the file name. */
+	snprintf(fname, sizeof(fname), "session_reconnect_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_oplock_create_share(&io1, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+
+	status = smb2_create(tree, mem_ctx, &io1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed");
+	_h1 = io1.out.file.handle;
+	h1 = &_h1;
+	CHECK_CREATED(tctx, &io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	torture_assert_int_equal(tctx, io1.out.oplock_level,
+					smb2_util_oplock_level("b"),
+					"oplock_level incorrect");
+
+	/* disconnect, reconnect and then do durable reopen */
+	previous_session_id = smb2cli_session_current_id(tree->session->smbXcli);
+
+	torture_assert_goto(tctx, torture_smb2_connection_ext(tctx, previous_session_id,
+			    &tree->session->transport->options, &tree2),
+			    ret, done,
+			    "session reconnect failed\n");
+
+	/* try to access the file via the old handle */
+
+	ZERO_STRUCT(qfinfo);
+	qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
+	qfinfo.generic.in.file.handle = _h1;
+	status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+					   NT_STATUS_USER_SESSION_DELETED,
+					   ret, done, "smb2_getinfo_file "
+					   "returned unexpected status");
+	h1 = NULL;
+
+	smb2_oplock_create_share(&io2, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+
+	status = smb2_create(tree2, mem_ctx, &io2);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed");
+
+	CHECK_CREATED(tctx, &io2, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	torture_assert_int_equal(tctx, io1.out.oplock_level,
+					smb2_util_oplock_level("b"),
+					"oplock_level incorrect");
+	_h2 = io2.out.file.handle;
+	h2 = &_h2;
+
+done:
+	if (h1 != NULL) {
+		smb2_util_close(tree, *h1);
+	}
+	if (h2 != NULL) {
+		smb2_util_close(tree2, *h2);
+	}
+
+	if (tree2 != NULL) {
+		smb2_util_unlink(tree2, fname);
+	}
+	smb2_util_unlink(tree, fname);
+
+	talloc_free(tree);
+	talloc_free(tree2);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * basic test for doing a session reconnect on one connection
+ */
+bool test_session_reconnect2(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	struct smb2_handle _h1;
+	struct smb2_handle *h1 = NULL;
+	struct smb2_create io1;
+	uint64_t previous_session_id;
+	bool ret = true;
+	struct smb2_session *session2 = NULL;
+	union smb_fileinfo qfinfo;
+
+	/* Add some random component to the file name. */
+	snprintf(fname, sizeof(fname), "session_reconnect_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_oplock_create_share(&io1, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+	io1.in.create_options |= NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
+
+	status = smb2_create(tree, mem_ctx, &io1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed");
+	_h1 = io1.out.file.handle;
+	h1 = &_h1;
+	CHECK_CREATED(tctx, &io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	torture_assert_int_equal(tctx, io1.out.oplock_level,
+					smb2_util_oplock_level("b"),
+					"oplock_level incorrect");
+
+	/* disconnect, reconnect and then do durable reopen */
+	previous_session_id = smb2cli_session_current_id(tree->session->smbXcli);
+
+	torture_assert(tctx, torture_smb2_session_setup(tctx, tree->session->transport,
+				previous_session_id, tctx, &session2),
+				"session reconnect (on the same connection) failed");
+
+	/* try to access the file via the old handle */
+
+	ZERO_STRUCT(qfinfo);
+	qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
+	qfinfo.generic.in.file.handle = _h1;
+	status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+					   NT_STATUS_USER_SESSION_DELETED,
+					   ret, done, "smb2_getinfo_file "
+					   "returned unexpected status");
+	h1 = NULL;
+
+done:
+	if (h1 != NULL) {
+		smb2_util_close(tree, *h1);
+	}
+
+	talloc_free(tree);
+	talloc_free(session2);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+bool test_session_reauth1(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	struct smb2_handle _h1;
+	struct smb2_handle *h1 = NULL;
+	struct smb2_create io1;
+	bool ret = true;
+	union smb_fileinfo qfinfo;
+
+	/* Add some random component to the file name. */
+	snprintf(fname, sizeof(fname), "session_reauth1_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_oplock_create_share(&io1, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+
+	status = smb2_create(tree, mem_ctx, &io1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed");
+	_h1 = io1.out.file.handle;
+	h1 = &_h1;
+	CHECK_CREATED(tctx, &io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	torture_assert_int_equal(tctx, io1.out.oplock_level,
+					smb2_util_oplock_level("b"),
+					"oplock_level incorrect");
+
+	status = smb2_session_setup_spnego(tree->session,
+					   samba_cmdline_get_creds(),
+					   0 /* previous_session_id */);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_session_setup_spnego failed");
+
+	/* try to access the file via the old handle */
+
+	ZERO_STRUCT(qfinfo);
+	qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
+	qfinfo.generic.in.file.handle = _h1;
+	status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed");
+
+	status = smb2_session_setup_spnego(tree->session,
+					   samba_cmdline_get_creds(),
+					   0 /* previous_session_id */);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_session_setup_spnego failed");
+
+	/* try to access the file via the old handle */
+
+	ZERO_STRUCT(qfinfo);
+	qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
+	qfinfo.generic.in.file.handle = _h1;
+	status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed");
+
+done:
+	if (h1 != NULL) {
+		smb2_util_close(tree, *h1);
+	}
+
+	smb2_util_unlink(tree, fname);
+
+	talloc_free(tree);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+bool test_session_reauth2(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	struct smb2_handle _h1;
+	struct smb2_handle *h1 = NULL;
+	struct smb2_create io1;
+	bool ret = true;
+	union smb_fileinfo qfinfo;
+	struct cli_credentials *anon_creds = NULL;
+
+	/* Add some random component to the file name. */
+	snprintf(fname, sizeof(fname), "session_reauth2_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_oplock_create_share(&io1, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+
+	status = smb2_create(tree, mem_ctx, &io1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed");
+	_h1 = io1.out.file.handle;
+	h1 = &_h1;
+	CHECK_CREATED(tctx, &io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	torture_assert_int_equal(tctx, io1.out.oplock_level,
+					smb2_util_oplock_level("b"),
+					"oplock_level incorrect");
+
+	/* re-authenticate as anonymous */
+
+	anon_creds = cli_credentials_init_anon(mem_ctx);
+	torture_assert(tctx, (anon_creds != NULL), "talloc error");
+
+	status = smb2_session_setup_spnego(tree->session,
+					   anon_creds,
+					   0 /* previous_session_id */);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_session_setup_spnego failed");
+
+	/* try to access the file via the old handle */
+
+	ZERO_STRUCT(qfinfo);
+	qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
+	qfinfo.generic.in.file.handle = _h1;
+	status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed");
+
+	/* re-authenticate as original user again */
+
+	status = smb2_session_setup_spnego(tree->session,
+					   samba_cmdline_get_creds(),
+					   0 /* previous_session_id */);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_session_setup_spnego failed");
+
+	/* try to access the file via the old handle */
+
+	ZERO_STRUCT(qfinfo);
+	qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
+	qfinfo.generic.in.file.handle = _h1;
+	status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed");
+
+done:
+	if (h1 != NULL) {
+		smb2_util_close(tree, *h1);
+	}
+
+	smb2_util_unlink(tree, fname);
+
+	talloc_free(tree);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * test getting security descriptor after reauth
+ */
+bool test_session_reauth3(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	struct smb2_handle _h1;
+	struct smb2_handle *h1 = NULL;
+	struct smb2_create io1;
+	bool ret = true;
+	union smb_fileinfo qfinfo;
+	struct cli_credentials *anon_creds = NULL;
+	uint32_t secinfo_flags = SECINFO_OWNER
+				| SECINFO_GROUP
+				| SECINFO_DACL
+				| SECINFO_PROTECTED_DACL
+				| SECINFO_UNPROTECTED_DACL;
+
+	/* Add some random component to the file name. */
+	snprintf(fname, sizeof(fname), "session_reauth3_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_oplock_create_share(&io1, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+
+	status = smb2_create(tree, mem_ctx, &io1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed");
+	_h1 = io1.out.file.handle;
+	h1 = &_h1;
+	CHECK_CREATED(tctx, &io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	torture_assert_int_equal(tctx, io1.out.oplock_level,
+					smb2_util_oplock_level("b"),
+					"oplock_level incorrect");
+
+	/* get the security descriptor */
+
+	ZERO_STRUCT(qfinfo);
+
+	qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	qfinfo.query_secdesc.in.file.handle = _h1;
+	qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
+
+	status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed");
+
+	/* re-authenticate as anonymous */
+
+	anon_creds = cli_credentials_init_anon(mem_ctx);
+	torture_assert(tctx, (anon_creds != NULL), "talloc error");
+
+	status = smb2_session_setup_spnego(tree->session,
+					   anon_creds,
+					   0 /* previous_session_id */);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_session_setup_spnego failed");
+
+	/* try to access the file via the old handle */
+
+	ZERO_STRUCT(qfinfo);
+
+	qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	qfinfo.query_secdesc.in.file.handle = _h1;
+	qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
+
+	status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed");
+
+	/* re-authenticate as original user again */
+
+	status = smb2_session_setup_spnego(tree->session,
+					   samba_cmdline_get_creds(),
+					   0 /* previous_session_id */);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_session_setup_spnego failed");
+
+	/* try to access the file via the old handle */
+
+	ZERO_STRUCT(qfinfo);
+
+	qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	qfinfo.query_secdesc.in.file.handle = _h1;
+	qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
+
+	status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed");
+
+done:
+	if (h1 != NULL) {
+		smb2_util_close(tree, *h1);
+	}
+
+	smb2_util_unlink(tree, fname);
+
+	talloc_free(tree);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * test setting security descriptor after reauth.
+ */
+bool test_session_reauth4(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	struct smb2_handle _h1;
+	struct smb2_handle *h1 = NULL;
+	struct smb2_create io1;
+	bool ret = true;
+	union smb_fileinfo qfinfo;
+	union smb_setfileinfo sfinfo;
+	struct cli_credentials *anon_creds = NULL;
+	uint32_t secinfo_flags = SECINFO_OWNER
+				| SECINFO_GROUP
+				| SECINFO_DACL
+				| SECINFO_PROTECTED_DACL
+				| SECINFO_UNPROTECTED_DACL;
+	struct security_descriptor *sd1;
+	struct security_ace ace;
+	struct dom_sid *extra_sid;
+
+	/* Add some random component to the file name. */
+	snprintf(fname, sizeof(fname), "session_reauth4_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_oplock_create_share(&io1, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+
+	status = smb2_create(tree, mem_ctx, &io1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed");
+	_h1 = io1.out.file.handle;
+	h1 = &_h1;
+	CHECK_CREATED(tctx, &io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	torture_assert_int_equal(tctx, io1.out.oplock_level,
+					smb2_util_oplock_level("b"),
+					"oplock_level incorrect");
+
+	/* get the security descriptor */
+
+	ZERO_STRUCT(qfinfo);
+
+	qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	qfinfo.query_secdesc.in.file.handle = _h1;
+	qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
+
+	status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed");
+
+	sd1 = qfinfo.query_secdesc.out.sd;
+
+	/* re-authenticate as anonymous */
+
+	anon_creds = cli_credentials_init_anon(mem_ctx);
+	torture_assert(tctx, (anon_creds != NULL), "talloc error");
+
+	status = smb2_session_setup_spnego(tree->session,
+					   anon_creds,
+					   0 /* previous_session_id */);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_session_setup_spnego failed");
+
+	/* give full access on the file to anonymous */
+
+	extra_sid = dom_sid_parse_talloc(tctx, SID_NT_ANONYMOUS);
+
+	ZERO_STRUCT(ace);
+	ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
+	ace.flags = 0;
+	ace.access_mask = SEC_STD_ALL | SEC_FILE_ALL;
+	ace.trustee = *extra_sid;
+
+	status = security_descriptor_dacl_add(sd1, &ace);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"security_descriptor_dacl_add failed");
+
+	ZERO_STRUCT(sfinfo);
+	sfinfo.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+	sfinfo.set_secdesc.in.file.handle = _h1;
+	sfinfo.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+	sfinfo.set_secdesc.in.sd = sd1;
+
+	status = smb2_setinfo_file(tree, &sfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_setinfo_file failed");
+
+	/* re-authenticate as original user again */
+
+	status = smb2_session_setup_spnego(tree->session,
+					   samba_cmdline_get_creds(),
+					   0 /* previous_session_id */);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_session_setup_spnego failed");
+
+	/* re-get the security descriptor */
+
+	ZERO_STRUCT(qfinfo);
+
+	qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	qfinfo.query_secdesc.in.file.handle = _h1;
+	qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
+
+	status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed");
+
+	ret = true;
+
+done:
+	if (h1 != NULL) {
+		smb2_util_close(tree, *h1);
+	}
+
+	smb2_util_unlink(tree, fname);
+
+	talloc_free(tree);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * test renaming after reauth.
+ * compare security descriptors before and after rename/reauth
+ */
+bool test_session_reauth5(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char dname[128];
+	char fname[256];
+	char fname2[256];
+	struct smb2_handle _dh1;
+	struct smb2_handle *dh1 = NULL;
+	struct smb2_handle _h1;
+	struct smb2_handle *h1 = NULL;
+	struct smb2_create io1;
+	bool ret = true;
+	bool ok;
+	union smb_fileinfo qfinfo;
+	union smb_setfileinfo sfinfo;
+	struct cli_credentials *anon_creds = NULL;
+	uint32_t secinfo_flags = SECINFO_OWNER
+				| SECINFO_GROUP
+				| SECINFO_DACL
+				| SECINFO_PROTECTED_DACL
+				| SECINFO_UNPROTECTED_DACL;
+	struct security_descriptor *f_sd1;
+	struct security_descriptor *d_sd1 = NULL;
+	struct security_ace ace;
+	struct dom_sid *extra_sid;
+
+	/* Add some random component to the file name. */
+	snprintf(dname, sizeof(dname), "session_reauth5_%s.d",
+		 generate_random_str(tctx, 8));
+	snprintf(fname, sizeof(fname), "%s\\file.dat", dname);
+
+	ok = smb2_util_setup_dir(tctx, tree, dname);
+	torture_assert(tctx, ok, "smb2_util_setup_dir not ok");
+
+	status = torture_smb2_testdir(tree, dname, &_dh1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testdir failed");
+	dh1 = &_dh1;
+
+	smb2_oplock_create_share(&io1, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+
+	status = smb2_create(tree, mem_ctx, &io1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed");
+	_h1 = io1.out.file.handle;
+	h1 = &_h1;
+	CHECK_CREATED(tctx, &io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	torture_assert_int_equal(tctx, io1.out.oplock_level,
+					smb2_util_oplock_level("b"),
+					"oplock_level incorrect");
+
+	/* get the security descriptor */
+
+	ZERO_STRUCT(qfinfo);
+
+	qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	qfinfo.query_secdesc.in.file.handle = _h1;
+	qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
+
+	status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed");
+
+	f_sd1 = qfinfo.query_secdesc.out.sd;
+
+	/* re-authenticate as anonymous */
+
+	anon_creds = cli_credentials_init_anon(mem_ctx);
+	torture_assert(tctx, (anon_creds != NULL), "talloc error");
+
+	status = smb2_session_setup_spnego(tree->session,
+					   anon_creds,
+					   0 /* previous_session_id */);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_session_setup_spnego failed");
+
+	/* try to rename the file: fails */
+
+	snprintf(fname2, sizeof(fname2), "%s\\file2.dat", dname);
+
+	status = smb2_util_unlink(tree, fname2);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_unlink failed");
+
+
+	ZERO_STRUCT(sfinfo);
+	sfinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sfinfo.rename_information.in.file.handle = _h1;
+	sfinfo.rename_information.in.overwrite = true;
+	sfinfo.rename_information.in.new_name = fname2;
+
+	status = smb2_setinfo_file(tree, &sfinfo);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+					   NT_STATUS_ACCESS_DENIED,
+					   ret, done, "smb2_setinfo_file "
+					   "returned unexpected status");
+
+	/* re-authenticate as original user again */
+
+	status = smb2_session_setup_spnego(tree->session,
+					   samba_cmdline_get_creds(),
+					   0 /* previous_session_id */);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_session_setup_spnego failed");
+
+	/* give full access on the file to anonymous */
+
+	extra_sid = dom_sid_parse_talloc(tctx, SID_NT_ANONYMOUS);
+
+	ZERO_STRUCT(ace);
+	ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
+	ace.flags = 0;
+	ace.access_mask = SEC_RIGHTS_FILE_ALL;
+	ace.trustee = *extra_sid;
+
+	status = security_descriptor_dacl_add(f_sd1, &ace);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"security_descriptor_dacl_add failed");
+
+	ZERO_STRUCT(sfinfo);
+	sfinfo.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+	sfinfo.set_secdesc.in.file.handle = _h1;
+	sfinfo.set_secdesc.in.secinfo_flags = secinfo_flags;
+	sfinfo.set_secdesc.in.sd = f_sd1;
+
+	status = smb2_setinfo_file(tree, &sfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_setinfo_file failed");
+
+	/* re-get the security descriptor */
+
+	ZERO_STRUCT(qfinfo);
+
+	qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	qfinfo.query_secdesc.in.file.handle = _h1;
+	qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
+
+	status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed");
+
+	/* re-authenticate as anonymous - again */
+
+	anon_creds = cli_credentials_init_anon(mem_ctx);
+	torture_assert(tctx, (anon_creds != NULL), "talloc error");
+
+	status = smb2_session_setup_spnego(tree->session,
+					   anon_creds,
+					   0 /* previous_session_id */);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_session_setup_spnego failed");
+
+	/* try to rename the file: fails */
+
+	ZERO_STRUCT(sfinfo);
+	sfinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sfinfo.rename_information.in.file.handle = _h1;
+	sfinfo.rename_information.in.overwrite = true;
+	sfinfo.rename_information.in.new_name = fname2;
+
+	status = smb2_setinfo_file(tree, &sfinfo);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+					   NT_STATUS_ACCESS_DENIED,
+					   ret, done, "smb2_setinfo_file "
+					   "returned unexpected status");
+
+	/* give full access on the parent dir to anonymous */
+
+	ZERO_STRUCT(qfinfo);
+
+	qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	qfinfo.query_secdesc.in.file.handle = _dh1;
+	qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
+
+	status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed");
+
+	d_sd1 = qfinfo.query_secdesc.out.sd;
+
+	ZERO_STRUCT(ace);
+	ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
+	ace.flags = 0;
+	ace.access_mask = SEC_RIGHTS_FILE_ALL;
+	ace.trustee = *extra_sid;
+
+	status = security_descriptor_dacl_add(d_sd1, &ace);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"security_descriptor_dacl_add failed");
+
+	ZERO_STRUCT(sfinfo);
+	sfinfo.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+	sfinfo.set_secdesc.in.file.handle = _dh1;
+	sfinfo.set_secdesc.in.secinfo_flags = secinfo_flags;
+	sfinfo.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+	sfinfo.set_secdesc.in.sd = d_sd1;
+
+	status = smb2_setinfo_file(tree, &sfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_setinfo_file failed");
+
+	ZERO_STRUCT(qfinfo);
+
+	qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	qfinfo.query_secdesc.in.file.handle = _dh1;
+	qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
+
+	status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed");
+
+	status = smb2_util_close(tree, _dh1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_close failed");
+	dh1 = NULL;
+
+	/* try to rename the file: still fails */
+
+	ZERO_STRUCT(sfinfo);
+	sfinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sfinfo.rename_information.in.file.handle = _h1;
+	sfinfo.rename_information.in.overwrite = true;
+	sfinfo.rename_information.in.new_name = fname2;
+
+	status = smb2_setinfo_file(tree, &sfinfo);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+					NT_STATUS_ACCESS_DENIED,
+					ret, done, "smb2_setinfo_file "
+					"returned unexpected status");
+
+	/* re-authenticate as original user - again */
+
+	status = smb2_session_setup_spnego(tree->session,
+					   samba_cmdline_get_creds(),
+					   0 /* previous_session_id */);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_session_setup_spnego failed");
+
+	/* rename the file - for verification that it works */
+
+	ZERO_STRUCT(sfinfo);
+	sfinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sfinfo.rename_information.in.file.handle = _h1;
+	sfinfo.rename_information.in.overwrite = true;
+	sfinfo.rename_information.in.new_name = fname2;
+
+	status = smb2_setinfo_file(tree, &sfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_setinfo_file failed");
+
+	/* closs the file, check it is gone and reopen under the new name */
+
+	status = smb2_util_close(tree, _h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_close failed");
+	ZERO_STRUCT(io1);
+
+	smb2_generic_create_share(&io1,
+				  NULL /* lease */, false /* dir */,
+				  fname,
+				  NTCREATEX_DISP_OPEN,
+				  smb2_util_share_access(""),
+				  smb2_util_oplock_level("b"),
+				  0 /* leasekey */, 0 /* leasestate */);
+
+	status = smb2_create(tree, mem_ctx, &io1);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+					NT_STATUS_OBJECT_NAME_NOT_FOUND,
+					ret, done, "smb2_create "
+					"returned unexpected status");
+
+	ZERO_STRUCT(io1);
+
+	smb2_generic_create_share(&io1,
+				  NULL /* lease */, false /* dir */,
+				  fname2,
+				  NTCREATEX_DISP_OPEN,
+				  smb2_util_share_access(""),
+				  smb2_util_oplock_level("b"),
+				  0 /* leasekey */, 0 /* leasestate */);
+
+	status = smb2_create(tree, mem_ctx, &io1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed");
+	_h1 = io1.out.file.handle;
+	h1 = &_h1;
+	CHECK_CREATED(tctx, &io1, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	torture_assert_int_equal(tctx, io1.out.oplock_level,
+					smb2_util_oplock_level("b"),
+					"oplock_level incorrect");
+
+	/* try to access the file via the old handle */
+
+	ZERO_STRUCT(qfinfo);
+
+	qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	qfinfo.query_secdesc.in.file.handle = _h1;
+	qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
+
+	status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed");
+
+done:
+	if (dh1 != NULL) {
+		smb2_util_close(tree, *dh1);
+	}
+	if (h1 != NULL) {
+		smb2_util_close(tree, *h1);
+	}
+
+	smb2_deltree(tree, dname);
+
+	talloc_free(tree);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/**
+ * do reauth with wrong credentials,
+ * hence triggering the error path in reauth.
+ * The invalid reauth deletes the session.
+ */
+bool test_session_reauth6(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	struct smb2_handle _h1;
+	struct smb2_handle *h1 = NULL;
+	struct smb2_create io1;
+	bool ret = true;
+	char *corrupted_password;
+	struct cli_credentials *broken_creds;
+	bool ok;
+	bool encrypted;
+	NTSTATUS expected;
+	enum credentials_use_kerberos krb_state;
+
+	krb_state = cli_credentials_get_kerberos_state(
+			samba_cmdline_get_creds());
+	if (krb_state == CRED_USE_KERBEROS_REQUIRED) {
+		torture_skip(tctx,
+			     "Can't test failing session setup with kerberos.");
+	}
+
+	encrypted = smb2cli_tcon_is_encryption_on(tree->smbXcli);
+
+	/* Add some random component to the file name. */
+	snprintf(fname, sizeof(fname), "session_reauth1_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_oplock_create_share(&io1, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+	io1.in.create_options |= NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
+
+	status = smb2_create(tree, mem_ctx, &io1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed");
+	_h1 = io1.out.file.handle;
+	h1 = &_h1;
+	CHECK_CREATED(tctx, &io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	torture_assert_int_equal(tctx, io1.out.oplock_level,
+					smb2_util_oplock_level("b"),
+					"oplock_level incorrect");
+
+	/*
+	 * reauthentication with invalid credentials:
+	 */
+
+	broken_creds = cli_credentials_shallow_copy(mem_ctx,
+					    samba_cmdline_get_creds());
+	torture_assert(tctx, (broken_creds != NULL), "talloc error");
+
+	corrupted_password = talloc_asprintf(mem_ctx, "%s%s",
+				cli_credentials_get_password(broken_creds),
+				"corrupt");
+	torture_assert(tctx, (corrupted_password != NULL), "talloc error");
+
+	ok = cli_credentials_set_password(broken_creds, corrupted_password,
+					  CRED_SPECIFIED);
+	torture_assert(tctx, ok, "cli_credentials_set_password not ok");
+
+	status = smb2_session_setup_spnego(tree->session,
+					   broken_creds,
+					   0 /* previous_session_id */);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+					NT_STATUS_LOGON_FAILURE, ret, done,
+					"smb2_session_setup_spnego "
+					"returned unexpected status");
+
+	torture_comment(tctx, "did failed reauth\n");
+	/*
+	 * now verify that the invalid session reauth has closed our session
+	 */
+
+	if (encrypted) {
+		expected = NT_STATUS_CONNECTION_DISCONNECTED;
+	} else {
+		expected = NT_STATUS_USER_SESSION_DELETED;
+	}
+
+	smb2_oplock_create_share(&io1, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+
+	status = smb2_create(tree, mem_ctx, &io1);
+	torture_assert_ntstatus_equal_goto(tctx, status, expected,
+					ret, done, "smb2_create "
+					"returned unexpected status");
+
+done:
+	if (h1 != NULL) {
+		smb2_util_close(tree, *h1);
+	}
+
+	smb2_util_unlink(tree, fname);
+
+	talloc_free(tree);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+
+static bool test_session_expire1i(struct torture_context *tctx,
+				  bool force_signing,
+				  bool force_encryption)
+{
+	NTSTATUS status;
+	bool ret = false;
+	struct smbcli_options options;
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *share = torture_setting_string(tctx, "share", NULL);
+	struct cli_credentials *credentials = samba_cmdline_get_creds();
+	struct smb2_tree *tree = NULL;
+	enum credentials_use_kerberos use_kerberos;
+	char fname[256];
+	struct smb2_handle _h1;
+	struct smb2_handle *h1 = NULL;
+	struct smb2_create io1;
+	union smb_fileinfo qfinfo;
+	size_t i;
+	struct timeval endtime;
+	bool ticket_expired = false;
+
+	use_kerberos = cli_credentials_get_kerberos_state(credentials);
+	if (use_kerberos != CRED_USE_KERBEROS_REQUIRED) {
+		torture_warning(tctx,
+				"smb2.session.expire1 requires "
+				"--use-kerberos=required!");
+		torture_skip(tctx,
+			     "smb2.session.expire1 requires "
+			     "--use-kerberos=required!");
+	}
+
+	torture_assert_int_equal(tctx,
+				 use_kerberos,
+				 CRED_USE_KERBEROS_REQUIRED,
+				 "please use --use-kerberos=required");
+
+	cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED);
+
+	lpcfg_set_option(
+		tctx->lp_ctx,
+		GENSEC_GSSAPI_REQUESTED_LIFETIME(KRB5_TICKET_LIFETIME));
+
+	lpcfg_smbcli_options(tctx->lp_ctx, &options);
+	if (force_signing) {
+		options.signing = SMB_SIGNING_REQUIRED;
+	}
+
+	status = smb2_connect(tctx,
+			      host,
+			      lpcfg_smb_ports(tctx->lp_ctx),
+			      share,
+			      lpcfg_resolve_context(tctx->lp_ctx),
+			      credentials,
+			      &tree,
+			      tctx->ev,
+			      &options,
+			      lpcfg_socket_options(tctx->lp_ctx),
+			      lpcfg_gensec_settings(tctx, tctx->lp_ctx)
+			      );
+	/*
+	 * We request a ticket lifetime of KRB5_TICKET_LIFETIME seconds.
+	 * Give the server at least KRB5_TICKET_LIFETIME + KRB5_CLOCKSKEW + a
+	 * few more milliseconds for this to kick in.
+	 */
+	endtime = timeval_current_ofs(KRB5_TICKET_EXPIRETIME, 500 * 1000);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_connect failed");
+
+	if (force_encryption) {
+		status = smb2cli_session_encryption_on(tree->session->smbXcli);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2cli_session_encryption_on failed");
+	}
+
+	/* Add some random component to the file name. */
+	snprintf(fname, sizeof(fname), "session_expire1_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_oplock_create_share(&io1, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+	io1.in.create_options |= NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
+
+	status = smb2_create(tree, tctx, &io1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed");
+	_h1 = io1.out.file.handle;
+	h1 = &_h1;
+	CHECK_CREATED(tctx, &io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	torture_assert_int_equal(tctx, io1.out.oplock_level,
+					smb2_util_oplock_level("b"),
+					"oplock_level incorrect");
+
+	/* get the security descriptor */
+
+	ZERO_STRUCT(qfinfo);
+
+	qfinfo.access_information.level = RAW_FILEINFO_ACCESS_INFORMATION;
+	qfinfo.access_information.in.file.handle = _h1;
+
+	for (i=0; i < 2; i++) {
+		torture_comment(tctx, "%s: query info => OK\n",
+				current_timestring(tctx, true));
+
+		ZERO_STRUCT(qfinfo.access_information.out);
+		status = smb2_getinfo_file(tree, tctx, &qfinfo);
+		torture_comment(tctx, "%s: %s:%s: after smb2_getinfo_file() => %s\n",
+			current_timestring(tctx, true),
+			__location__, __func__,
+			nt_errstr(status));
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"smb2_getinfo_file failed");
+
+		sleep_remaining(tctx, &endtime);
+
+		torture_comment(tctx, "%s: query info => EXPIRED\n",
+				current_timestring(tctx, true));
+		ZERO_STRUCT(qfinfo.access_information.out);
+		status = smb2_getinfo_file(tree, tctx, &qfinfo);
+		torture_comment(tctx, "%s: %s:%s: after smb2_getinfo_file() => %s\n",
+			current_timestring(tctx, true),
+			__location__, __func__,
+			nt_errstr(status));
+		torture_assert_ntstatus_equal_goto(tctx, status,
+					NT_STATUS_NETWORK_SESSION_EXPIRED,
+					ret, done, "smb2_getinfo_file "
+					"returned unexpected status");
+
+		/*
+		 * the krb5 library may not handle expired creds
+		 * well, lets start with an empty ccache.
+		 */
+		cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED);
+
+		if (!force_encryption) {
+			smb2cli_session_require_signed_response(
+				tree->session->smbXcli, true);
+		}
+
+		torture_comment(tctx, "%s: reauth => OK\n",
+				current_timestring(tctx, true));
+		status = smb2_session_setup_spnego(tree->session,
+						   credentials,
+						   0 /* previous_session_id */);
+		/*
+		 * We request a ticket lifetime of KRB5_TICKET_LIFETIME seconds.
+		 * Give the server at least KRB5_TICKET_LIFETIME +
+		 * KRB5_CLOCKSKEW + a few more milliseconds for this to kick in.
+		 */
+		endtime = timeval_current_ofs(KRB5_TICKET_EXPIRETIME,
+					      500 * 1000);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_session_setup_spnego failed");
+
+		smb2cli_session_require_signed_response(
+			tree->session->smbXcli, false);
+	}
+
+	ticket_expired = timeval_expired(&endtime);
+	if (ticket_expired) {
+		struct timeval current = timeval_current();
+		double remaining_secs = timeval_elapsed2(&current, &endtime);
+		remaining_secs = remaining_secs < 0.0 ? remaining_secs * -1.0
+						      : remaining_secs;
+		torture_warning(
+			tctx,
+			"The ticket already expired %.2f seconds ago. "
+			"You might want to increase KRB5_TICKET_LIFETIME.",
+			remaining_secs);
+	}
+	torture_assert(tctx,
+		       ticket_expired == false,
+		       "The kerberos ticket already expired");
+	ZERO_STRUCT(qfinfo.access_information.out);
+	torture_comment(tctx, "%s: %s:%s: before smb2_getinfo_file()\n",
+			current_timestring(tctx, true),
+			__location__, __func__);
+	status = smb2_getinfo_file(tree, tctx, &qfinfo);
+	torture_comment(tctx, "%s: %s:%s: after smb2_getinfo_file() => %s\n",
+			current_timestring(tctx, true),
+			__location__, __func__,
+			nt_errstr(status));
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed");
+
+	ret = true;
+done:
+	cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED);
+
+	if (h1 != NULL) {
+		smb2_util_close(tree, *h1);
+	}
+
+	talloc_free(tree);
+	lpcfg_set_option(tctx->lp_ctx, GENSEC_GSSAPI_REQUESTED_LIFETIME(0));
+	return ret;
+}
+
+static bool test_session_expire1n(struct torture_context *tctx)
+{
+	return test_session_expire1i(tctx,
+				     false,   /* force_signing */
+				     false); /* force_encryption */
+}
+
+static bool test_session_expire1s(struct torture_context *tctx)
+{
+	return test_session_expire1i(tctx,
+				     true,   /* force_signing */
+				     false); /* force_encryption */
+}
+
+static bool test_session_expire1e(struct torture_context *tctx)
+{
+	return test_session_expire1i(tctx,
+				     true,   /* force_signing */
+				     true); /* force_encryption */
+}
+
+static bool test_session_expire2i(struct torture_context *tctx,
+				  bool force_encryption)
+{
+	NTSTATUS status;
+	bool ret = false;
+	struct smbcli_options options;
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *share = torture_setting_string(tctx, "share", NULL);
+	struct cli_credentials *credentials = samba_cmdline_get_creds();
+	struct smb2_tree *tree = NULL;
+	const char *unc = NULL;
+	struct smb2_tree *tree2 = NULL;
+	struct tevent_req *subreq = NULL;
+	uint32_t timeout_msec;
+	enum credentials_use_kerberos use_kerberos;
+	uint32_t caps;
+	char fname[256];
+	struct smb2_handle dh;
+	struct smb2_handle dh2;
+	struct smb2_handle _h1;
+	struct smb2_handle *h1 = NULL;
+	struct smb2_create io1;
+	union smb_fileinfo qfinfo;
+	union smb_setfileinfo sfinfo;
+	struct smb2_flush flsh;
+	struct smb2_read rd;
+	const uint8_t wd = 0;
+	struct smb2_lock lck;
+	struct smb2_lock_element el;
+	struct smb2_ioctl ctl;
+	struct smb2_break oack;
+	struct smb2_lease_break_ack lack;
+	struct smb2_find fnd;
+	union smb_search_data *d = NULL;
+	unsigned int count;
+	struct smb2_request *req = NULL;
+	struct smb2_notify ntf1;
+	struct smb2_notify ntf2;
+	struct timeval endtime;
+
+	use_kerberos = cli_credentials_get_kerberos_state(credentials);
+	if (use_kerberos != CRED_USE_KERBEROS_REQUIRED) {
+		torture_warning(tctx,
+				"smb2.session.expire1 requires "
+				"--use-kerberos=required!");
+		torture_skip(tctx,
+			     "smb2.session.expire1 requires "
+			     "--use-kerberos=required!");
+	}
+
+	torture_assert_int_equal(tctx,
+				 use_kerberos,
+				 CRED_USE_KERBEROS_REQUIRED,
+				 "please use --use-kerberos=required");
+
+	cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED);
+
+	lpcfg_set_option(
+		tctx->lp_ctx,
+		GENSEC_GSSAPI_REQUESTED_LIFETIME(KRB5_TICKET_LIFETIME));
+
+	lpcfg_smbcli_options(tctx->lp_ctx, &options);
+	options.signing = SMB_SIGNING_REQUIRED;
+
+	unc = talloc_asprintf(tctx, "\\\\%s\\%s", host, share);
+	torture_assert(tctx, unc != NULL, "talloc_asprintf");
+
+	status = smb2_connect(tctx,
+			      host,
+			      lpcfg_smb_ports(tctx->lp_ctx),
+			      share,
+			      lpcfg_resolve_context(tctx->lp_ctx),
+			      credentials,
+			      &tree,
+			      tctx->ev,
+			      &options,
+			      lpcfg_socket_options(tctx->lp_ctx),
+			      lpcfg_gensec_settings(tctx, tctx->lp_ctx)
+			      );
+	/*
+	 * We request a ticket lifetime of KRB5_TICKET_LIFETIME seconds.
+	 * Give the server at least KRB5_TICKET_LIFETIME + KRB5_CLOCKSKEW + a
+	 * few more milliseconds for this to kick in.
+	 */
+	endtime = timeval_current_ofs(KRB5_TICKET_EXPIRETIME, 500 * 1000);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_connect failed");
+
+	if (force_encryption) {
+		status = smb2cli_session_encryption_on(tree->session->smbXcli);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2cli_session_encryption_on failed");
+	}
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+
+	/* Add some random component to the file name. */
+	snprintf(fname, sizeof(fname), "session_expire2_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	status = smb2_util_roothandle(tree, &dh);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_roothandle failed");
+
+	smb2_oplock_create_share(&io1, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+	io1.in.create_options |= NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
+
+	status = smb2_create(tree, tctx, &io1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed");
+	_h1 = io1.out.file.handle;
+	h1 = &_h1;
+	CHECK_CREATED(tctx, &io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	torture_assert_int_equal(tctx, io1.out.oplock_level,
+					smb2_util_oplock_level("b"),
+					"oplock_level incorrect");
+
+	/* get the security descriptor */
+
+	ZERO_STRUCT(qfinfo);
+
+	qfinfo.access_information.level = RAW_FILEINFO_ACCESS_INFORMATION;
+	qfinfo.access_information.in.file.handle = _h1;
+
+	torture_comment(tctx, "query info => OK\n");
+
+	ZERO_STRUCT(qfinfo.access_information.out);
+	status = smb2_getinfo_file(tree, tctx, &qfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed");
+
+	torture_comment(tctx, "lock => OK\n");
+	ZERO_STRUCT(lck);
+	lck.in.locks		= &el;
+	lck.in.lock_count	= 0x0001;
+	lck.in.lock_sequence	= 0x00000000;
+	lck.in.file.handle	= *h1;
+	ZERO_STRUCT(el);
+	el.flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	el.offset		= 0x0000000000000000;
+	el.length		= 0x0000000000000001;
+	status = smb2_lock(tree, &lck);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_lock lock failed");
+
+	torture_comment(tctx, "1st notify => PENDING\n");
+	ZERO_STRUCT(ntf1);
+	ntf1.in.file.handle	= dh;
+	ntf1.in.recursive	= 0x0000;
+	ntf1.in.buffer_size	= 128;
+	ntf1.in.completion_filter= FILE_NOTIFY_CHANGE_ATTRIBUTES;
+	ntf1.in.unknown		= 0x00000000;
+	req = smb2_notify_send(tree, &ntf1);
+
+	while (!req->cancel.can_cancel && req->state <= SMB2_REQUEST_RECV) {
+		if (tevent_loop_once(tctx->ev) != 0) {
+			break;
+		}
+	}
+
+	torture_assert_goto(tctx, req->state <= SMB2_REQUEST_RECV, ret, done,
+			    "smb2_notify finished");
+
+	sleep_remaining(tctx, &endtime);
+
+	torture_comment(tctx, "query info => EXPIRED\n");
+	ZERO_STRUCT(qfinfo.access_information.out);
+	status = smb2_getinfo_file(tree, tctx, &qfinfo);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+				NT_STATUS_NETWORK_SESSION_EXPIRED,
+				ret, done, "smb2_getinfo_file "
+				"returned unexpected status");
+
+
+	torture_comment(tctx, "set info => EXPIRED\n");
+	ZERO_STRUCT(sfinfo);
+	sfinfo.end_of_file_info.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
+	sfinfo.end_of_file_info.in.file.handle = *h1;
+	sfinfo.end_of_file_info.in.size = 1;
+	status = smb2_setinfo_file(tree, &sfinfo);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+				NT_STATUS_NETWORK_SESSION_EXPIRED,
+				ret, done, "smb2_setinfo_file "
+				"returned unexpected status");
+
+	torture_comment(tctx, "flush => EXPIRED\n");
+	ZERO_STRUCT(flsh);
+	flsh.in.file.handle = *h1;
+	status = smb2_flush(tree, &flsh);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+				NT_STATUS_NETWORK_SESSION_EXPIRED,
+				ret, done, "smb2_flush "
+				"returned unexpected status");
+
+	torture_comment(tctx, "read => EXPIRED\n");
+	ZERO_STRUCT(rd);
+	rd.in.file.handle = *h1;
+	rd.in.length      = 5;
+	rd.in.offset      = 0;
+	status = smb2_read(tree, tctx, &rd);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+				NT_STATUS_NETWORK_SESSION_EXPIRED,
+				ret, done, "smb2_read "
+				"returned unexpected status");
+
+	torture_comment(tctx, "write => EXPIRED\n");
+	status = smb2_util_write(tree, *h1, &wd, 0, 1);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+				NT_STATUS_NETWORK_SESSION_EXPIRED,
+				ret, done, "smb2_util_write "
+				"returned unexpected status");
+
+	torture_comment(tctx, "ioctl => EXPIRED\n");
+	ZERO_STRUCT(ctl);
+	ctl.in.file.handle = *h1;
+	ctl.in.function = FSCTL_SRV_ENUM_SNAPS;
+	ctl.in.max_output_response = 16;
+	ctl.in.flags = SMB2_IOCTL_FLAG_IS_FSCTL;
+	status = smb2_ioctl(tree, tctx, &ctl);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+				NT_STATUS_NETWORK_SESSION_EXPIRED,
+				ret, done, "smb2_ioctl "
+				"returned unexpected status");
+
+	torture_comment(tctx, "oplock ack => EXPIRED\n");
+	ZERO_STRUCT(oack);
+	oack.in.file.handle = *h1;
+	status = smb2_break(tree, &oack);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+				NT_STATUS_NETWORK_SESSION_EXPIRED,
+				ret, done, "smb2_break "
+				"returned unexpected status");
+
+	if (caps & SMB2_CAP_LEASING) {
+		torture_comment(tctx, "lease ack => EXPIRED\n");
+		ZERO_STRUCT(lack);
+		lack.in.lease.lease_version = 1;
+		lack.in.lease.lease_key.data[0] = 1;
+		lack.in.lease.lease_key.data[1] = 2;
+		status = smb2_lease_break_ack(tree, &lack);
+		torture_assert_ntstatus_equal_goto(tctx, status,
+					NT_STATUS_NETWORK_SESSION_EXPIRED,
+					ret, done, "smb2_break "
+					"returned unexpected status");
+	}
+
+	torture_comment(tctx, "query directory => EXPIRED\n");
+	ZERO_STRUCT(fnd);
+	fnd.in.file.handle	= dh;
+	fnd.in.pattern		= "*";
+	fnd.in.continue_flags	= SMB2_CONTINUE_FLAG_SINGLE;
+	fnd.in.max_response_size= 0x100;
+	fnd.in.level		= SMB2_FIND_BOTH_DIRECTORY_INFO;
+	status = smb2_find_level(tree, tree, &fnd, &count, &d);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+				NT_STATUS_NETWORK_SESSION_EXPIRED,
+				ret, done, "smb2_find_level "
+				"returned unexpected status");
+
+	torture_comment(tctx, "1st notify => CANCEL\n");
+	smb2_cancel(req);
+
+	torture_comment(tctx, "2nd notify => EXPIRED\n");
+	ZERO_STRUCT(ntf2);
+	ntf2.in.file.handle	= dh;
+	ntf2.in.recursive	= 0x0000;
+	ntf2.in.buffer_size	= 128;
+	ntf2.in.completion_filter= FILE_NOTIFY_CHANGE_ATTRIBUTES;
+	ntf2.in.unknown		= 0x00000000;
+	status = smb2_notify(tree, tctx, &ntf2);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+				NT_STATUS_NETWORK_SESSION_EXPIRED,
+				ret, done, "smb2_notify "
+				"returned unexpected status");
+
+	torture_assert_goto(tctx, req->state > SMB2_REQUEST_RECV, ret, done,
+			    "smb2_notify (1st) not finished");
+
+	status = smb2_notify_recv(req, tctx, &ntf1);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+				NT_STATUS_CANCELLED,
+				ret, done, "smb2_notify cancelled"
+				"returned unexpected status");
+
+	torture_comment(tctx, "tcon => EXPIRED\n");
+	tree2 = smb2_tree_init(tree->session, tctx, false);
+	torture_assert(tctx, tree2 != NULL, "smb2_tree_init");
+	timeout_msec = tree->session->transport->options.request_timeout * 1000;
+	subreq = smb2cli_tcon_send(tree2, tctx->ev,
+				   tree2->session->transport->conn,
+				   timeout_msec,
+				   tree2->session->smbXcli,
+				   tree2->smbXcli,
+				   0, /* flags */
+				   unc);
+	torture_assert(tctx, subreq != NULL, "smb2cli_tcon_send");
+	torture_assert(tctx,
+		       tevent_req_poll_ntstatus(subreq, tctx->ev, &status),
+		       "tevent_req_poll_ntstatus");
+	status = smb2cli_tcon_recv(subreq);
+	TALLOC_FREE(subreq);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+				NT_STATUS_NETWORK_SESSION_EXPIRED,
+				ret, done, "smb2cli_tcon"
+				"returned unexpected status");
+
+	torture_comment(tctx, "create => EXPIRED\n");
+	status = smb2_util_roothandle(tree, &dh2);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+				NT_STATUS_NETWORK_SESSION_EXPIRED,
+				ret, done, "smb2_util_roothandle"
+				"returned unexpected status");
+
+	torture_comment(tctx, "tdis => EXPIRED\n");
+	status = smb2_tdis(tree);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+				NT_STATUS_NETWORK_SESSION_EXPIRED,
+				ret, done, "smb2cli_tdis"
+				"returned unexpected status");
+
+	/*
+	 * (Un)Lock, Close and Logoff are still possible
+	 */
+
+	torture_comment(tctx, "1st unlock => OK\n");
+	el.flags		= SMB2_LOCK_FLAG_UNLOCK;
+	status = smb2_lock(tree, &lck);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_lock unlock failed");
+
+	torture_comment(tctx, "2nd unlock => RANGE_NOT_LOCKED\n");
+	status = smb2_lock(tree, &lck);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+				NT_STATUS_RANGE_NOT_LOCKED,
+				ret, done, "smb2_lock 2nd unlock"
+				"returned unexpected status");
+
+	torture_comment(tctx, "lock => EXPIRED\n");
+	el.flags		= SMB2_LOCK_FLAG_EXCLUSIVE |
+				  SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
+	status = smb2_lock(tree, &lck);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+				NT_STATUS_NETWORK_SESSION_EXPIRED,
+				ret, done, "smb2_util_roothandle"
+				"returned unexpected status");
+
+	torture_comment(tctx, "close => OK\n");
+	status = smb2_util_close(tree, *h1);
+	h1 = NULL;
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_close failed");
+
+	torture_comment(tctx, "echo without session => OK\n");
+	status = smb2_keepalive(tree->session->transport);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_keepalive without session failed");
+
+	torture_comment(tctx, "echo with session => OK\n");
+	req = smb2_keepalive_send(tree->session->transport, tree->session);
+	status = smb2_keepalive_recv(req);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_keepalive with session failed");
+
+	torture_comment(tctx, "logoff => OK\n");
+	status = smb2_logoff(tree->session);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_logoff failed");
+
+	ret = true;
+done:
+	cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED);
+
+	if (h1 != NULL) {
+		smb2_util_close(tree, *h1);
+	}
+
+	talloc_free(tree);
+	lpcfg_set_option(tctx->lp_ctx, GENSEC_GSSAPI_REQUESTED_LIFETIME(0));
+	return ret;
+}
+
+static bool test_session_expire2s(struct torture_context *tctx)
+{
+	return test_session_expire2i(tctx,
+				     false); /* force_encryption */
+}
+
+static bool test_session_expire2e(struct torture_context *tctx)
+{
+	return test_session_expire2i(tctx,
+				     true); /* force_encryption */
+}
+
+static bool test_session_expire_disconnect(struct torture_context *tctx)
+{
+	NTSTATUS status;
+	bool ret = false;
+	struct smbcli_options options;
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *share = torture_setting_string(tctx, "share", NULL);
+	struct cli_credentials *credentials = samba_cmdline_get_creds();
+	struct smb2_tree *tree = NULL;
+	enum credentials_use_kerberos use_kerberos;
+	char fname[256];
+	struct smb2_handle _h1;
+	struct smb2_handle *h1 = NULL;
+	struct smb2_create io1;
+	union smb_fileinfo qfinfo;
+	bool connected;
+	struct timeval endtime;
+
+	use_kerberos = cli_credentials_get_kerberos_state(credentials);
+	if (use_kerberos != CRED_USE_KERBEROS_REQUIRED) {
+		torture_warning(tctx,
+				"smb2.session.expire1 requires "
+				"--use-kerberos=required!");
+		torture_skip(tctx,
+			     "smb2.session.expire1 requires "
+			     "--use-kerberos=required!");
+	}
+
+	cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED);
+
+	lpcfg_set_option(
+		tctx->lp_ctx,
+		GENSEC_GSSAPI_REQUESTED_LIFETIME(KRB5_TICKET_LIFETIME));
+	lpcfg_smbcli_options(tctx->lp_ctx, &options);
+	options.signing = SMB_SIGNING_REQUIRED;
+
+	status = smb2_connect(tctx,
+			      host,
+			      lpcfg_smb_ports(tctx->lp_ctx),
+			      share,
+			      lpcfg_resolve_context(tctx->lp_ctx),
+			      credentials,
+			      &tree,
+			      tctx->ev,
+			      &options,
+			      lpcfg_socket_options(tctx->lp_ctx),
+			      lpcfg_gensec_settings(tctx, tctx->lp_ctx)
+			      );
+	/*
+	 * We request a ticket lifetime of KRB5_TICKET_LIFETIME seconds.
+	 * Give the server at least KRB5_TICKET_LIFETIME + KRB5_CLOCKSKEW + a
+	 * few more milliseconds for this to kick in.
+	 */
+	endtime = timeval_current_ofs(KRB5_TICKET_EXPIRETIME, 500 * 1000);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_connect failed");
+
+	smbXcli_session_set_disconnect_expired(tree->session->smbXcli);
+
+	/* Add some random component to the file name. */
+	snprintf(fname, sizeof(fname), "session_expire1_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_oplock_create_share(&io1, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+	io1.in.create_options |= NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
+
+	status = smb2_create(tree, tctx, &io1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed");
+	_h1 = io1.out.file.handle;
+	h1 = &_h1;
+	CHECK_CREATED(tctx, &io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	torture_assert_int_equal(tctx, io1.out.oplock_level,
+					smb2_util_oplock_level("b"),
+					"oplock_level incorrect");
+
+	/* get the security descriptor */
+
+	ZERO_STRUCT(qfinfo);
+
+	qfinfo.access_information.level = RAW_FILEINFO_ACCESS_INFORMATION;
+	qfinfo.access_information.in.file.handle = _h1;
+
+	torture_comment(tctx, "query info => OK\n");
+
+	ZERO_STRUCT(qfinfo.access_information.out);
+	status = smb2_getinfo_file(tree, tctx, &qfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed");
+
+	sleep_remaining(tctx, &endtime);
+
+	torture_comment(tctx, "query info => EXPIRED\n");
+	ZERO_STRUCT(qfinfo.access_information.out);
+	status = smb2_getinfo_file(tree, tctx, &qfinfo);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+					   NT_STATUS_NETWORK_SESSION_EXPIRED,
+					   ret, done, "smb2_getinfo_file "
+					   "returned unexpected status");
+
+	connected = smbXcli_conn_is_connected(tree->session->transport->conn);
+	torture_assert_goto(tctx, !connected, ret, done, "connected\n");
+
+	ret = true;
+done:
+	cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED);
+
+	if (h1 != NULL) {
+		smb2_util_close(tree, *h1);
+	}
+
+	talloc_free(tree);
+	lpcfg_set_option(tctx->lp_ctx, GENSEC_GSSAPI_REQUESTED_LIFETIME(0));
+	return ret;
+}
+
+bool test_session_bind1(struct torture_context *tctx, struct smb2_tree *tree1)
+{
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *share = torture_setting_string(tctx, "share", NULL);
+	struct cli_credentials *credentials = samba_cmdline_get_creds();
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	struct smb2_handle _h1;
+	struct smb2_handle *h1 = NULL;
+	struct smb2_create io1;
+	union smb_fileinfo qfinfo;
+	bool ret = false;
+	struct smb2_tree *tree2 = NULL;
+	struct smb2_transport *transport1 = tree1->session->transport;
+	struct smbcli_options options2;
+	struct smb2_transport *transport2 = NULL;
+	struct smb2_session *session1_1 = tree1->session;
+	struct smb2_session *session1_2 = NULL;
+	struct smb2_session *session2_1 = NULL;
+	struct smb2_session *session2_2 = NULL;
+	uint32_t caps;
+
+	caps = smb2cli_conn_server_capabilities(transport1->conn);
+	if (!(caps & SMB2_CAP_MULTI_CHANNEL)) {
+		torture_skip(tctx, "server doesn't support SMB2_CAP_MULTI_CHANNEL\n");
+	}
+
+	/*
+	 * We always want signing for this test!
+	 */
+	smb2cli_tcon_should_sign(tree1->smbXcli, true);
+	options2 = transport1->options;
+	options2.signing = SMB_SIGNING_REQUIRED;
+
+	/* Add some random component to the file name. */
+	snprintf(fname, sizeof(fname), "session_bind1_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree1, fname);
+
+	smb2_oplock_create_share(&io1, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+
+	status = smb2_create(tree1, mem_ctx, &io1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed");
+	_h1 = io1.out.file.handle;
+	h1 = &_h1;
+	CHECK_CREATED(tctx, &io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	torture_assert_int_equal(tctx, io1.out.oplock_level,
+					smb2_util_oplock_level("b"),
+					"oplock_level incorrect");
+
+	status = smb2_connect(tctx,
+			      host,
+			      lpcfg_smb_ports(tctx->lp_ctx),
+			      share,
+			      lpcfg_resolve_context(tctx->lp_ctx),
+			      credentials,
+			      &tree2,
+			      tctx->ev,
+			      &options2,
+			      lpcfg_socket_options(tctx->lp_ctx),
+			      lpcfg_gensec_settings(tctx, tctx->lp_ctx)
+			      );
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_connect failed");
+	session2_2 = tree2->session;
+	transport2 = tree2->session->transport;
+
+	/*
+	 * Now bind the 2nd transport connection to the 1st session
+	 */
+	session1_2 = smb2_session_channel(transport2,
+					  lpcfg_gensec_settings(tctx, tctx->lp_ctx),
+					  tree2,
+					  session1_1);
+	torture_assert(tctx, session1_2 != NULL, "smb2_session_channel failed");
+
+	status = smb2_session_setup_spnego(session1_2,
+					   samba_cmdline_get_creds(),
+					   0 /* previous_session_id */);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_session_setup_spnego failed");
+
+	/* use the 1st connection, 1st session */
+	ZERO_STRUCT(qfinfo);
+	qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
+	qfinfo.generic.in.file.handle = _h1;
+	tree1->session = session1_1;
+	status = smb2_getinfo_file(tree1, mem_ctx, &qfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed");
+
+	/* use the 2nd connection, 1st session */
+	ZERO_STRUCT(qfinfo);
+	qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
+	qfinfo.generic.in.file.handle = _h1;
+	tree1->session = session1_2;
+	status = smb2_getinfo_file(tree1, mem_ctx, &qfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed");
+
+	tree1->session = session1_1;
+	status = smb2_util_close(tree1, *h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_close failed");
+	h1 = NULL;
+
+	/*
+	 * Now bind the 1st transport connection to the 2nd session
+	 */
+	session2_1 = smb2_session_channel(transport1,
+					  lpcfg_gensec_settings(tctx, tctx->lp_ctx),
+					  tree1,
+					  session2_2);
+	torture_assert(tctx, session2_1 != NULL, "smb2_session_channel failed");
+
+	status = smb2_session_setup_spnego(session2_1,
+					   samba_cmdline_get_creds(),
+					   0 /* previous_session_id */);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_session_setup_spnego failed");
+
+	tree2->session = session2_1;
+	status = smb2_util_unlink(tree2, fname);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_unlink failed");
+	ret = true;
+done:
+	talloc_free(tree2);
+	tree1->session = session1_1;
+
+	if (h1 != NULL) {
+		smb2_util_close(tree1, *h1);
+	}
+
+	smb2_util_unlink(tree1, fname);
+
+	talloc_free(tree1);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+static bool test_session_bind2(struct torture_context *tctx, struct smb2_tree *tree1)
+{
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *share = torture_setting_string(tctx, "share", NULL);
+	struct cli_credentials *credentials = samba_cmdline_get_creds();
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname1[256];
+	char fname2[256];
+	struct smb2_handle _h1f1;
+	struct smb2_handle *h1f1 = NULL;
+	struct smb2_handle _h1f2;
+	struct smb2_handle *h1f2 = NULL;
+	struct smb2_handle _h2f2;
+	struct smb2_handle *h2f2 = NULL;
+	struct smb2_create io1f1;
+	struct smb2_create io1f2;
+	struct smb2_create io2f1;
+	struct smb2_create io2f2;
+	union smb_fileinfo qfinfo;
+	bool ret = false;
+	struct smb2_transport *transport1 = tree1->session->transport;
+	struct smbcli_options options2;
+	struct smb2_tree *tree2 = NULL;
+	struct smb2_transport *transport2 = NULL;
+	struct smbcli_options options3;
+	struct smb2_tree *tree3 = NULL;
+	struct smb2_transport *transport3 = NULL;
+	struct smb2_session *session1_1 = tree1->session;
+	struct smb2_session *session1_2 = NULL;
+	struct smb2_session *session1_3 = NULL;
+	struct smb2_session *session2_1 = NULL;
+	struct smb2_session *session2_2 = NULL;
+	struct smb2_session *session2_3 = NULL;
+	uint32_t caps;
+
+	caps = smb2cli_conn_server_capabilities(transport1->conn);
+	if (!(caps & SMB2_CAP_MULTI_CHANNEL)) {
+		torture_skip(tctx, "server doesn't support SMB2_CAP_MULTI_CHANNEL\n");
+	}
+
+	/*
+	 * We always want signing for this test!
+	 */
+	smb2cli_tcon_should_sign(tree1->smbXcli, true);
+	options2 = transport1->options;
+	options2.signing = SMB_SIGNING_REQUIRED;
+
+	/* Add some random component to the file name. */
+	snprintf(fname1, sizeof(fname1), "session_bind2_1_%s.dat",
+		 generate_random_str(tctx, 8));
+	snprintf(fname2, sizeof(fname2), "session_bind2_2_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree1, fname1);
+	smb2_util_unlink(tree1, fname2);
+
+	smb2_oplock_create_share(&io1f1, fname1,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level(""));
+	smb2_oplock_create_share(&io1f2, fname2,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level(""));
+
+	status = smb2_create(tree1, mem_ctx, &io1f1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed");
+	_h1f1 = io1f1.out.file.handle;
+	h1f1 = &_h1f1;
+	CHECK_CREATED(tctx, &io1f1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	torture_assert_int_equal(tctx, io1f1.out.oplock_level,
+					smb2_util_oplock_level(""),
+					"oplock_level incorrect");
+
+	status = smb2_connect(tctx,
+			      host,
+			      lpcfg_smb_ports(tctx->lp_ctx),
+			      share,
+			      lpcfg_resolve_context(tctx->lp_ctx),
+			      credentials,
+			      &tree2,
+			      tctx->ev,
+			      &options2,
+			      lpcfg_socket_options(tctx->lp_ctx),
+			      lpcfg_gensec_settings(tctx, tctx->lp_ctx)
+			      );
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_connect failed");
+	session2_2 = tree2->session;
+	transport2 = tree2->session->transport;
+	smb2cli_tcon_should_sign(tree2->smbXcli, true);
+
+	smb2_oplock_create_share(&io2f1, fname1,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level(""));
+	smb2_oplock_create_share(&io2f2, fname2,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level(""));
+
+	status = smb2_create(tree2, mem_ctx, &io2f2);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed");
+	_h2f2 = io2f2.out.file.handle;
+	h2f2 = &_h2f2;
+	CHECK_CREATED(tctx, &io2f2, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	torture_assert_int_equal(tctx, io2f2.out.oplock_level,
+					smb2_util_oplock_level(""),
+					"oplock_level incorrect");
+
+	options3 = transport1->options;
+	options3.signing = SMB_SIGNING_REQUIRED;
+	options3.only_negprot = true;
+
+	status = smb2_connect(tctx,
+			      host,
+			      lpcfg_smb_ports(tctx->lp_ctx),
+			      share,
+			      lpcfg_resolve_context(tctx->lp_ctx),
+			      credentials,
+			      &tree3,
+			      tctx->ev,
+			      &options3,
+			      lpcfg_socket_options(tctx->lp_ctx),
+			      lpcfg_gensec_settings(tctx, tctx->lp_ctx)
+			      );
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_connect failed");
+	transport3 = tree3->session->transport;
+
+	/*
+	 * Create a fake session for the 2nd transport connection to the 1st session
+	 */
+	session1_2 = smb2_session_channel(transport2,
+					  lpcfg_gensec_settings(tctx, tctx->lp_ctx),
+					  tree1,
+					  session1_1);
+	torture_assert(tctx, session1_2 != NULL, "smb2_session_channel failed");
+
+	/*
+	 * Now bind the 3rd transport connection to the 1st session
+	 */
+	session1_3 = smb2_session_channel(transport3,
+					  lpcfg_gensec_settings(tctx, tctx->lp_ctx),
+					  tree1,
+					  session1_1);
+	torture_assert(tctx, session1_3 != NULL, "smb2_session_channel failed");
+
+	status = smb2_session_setup_spnego(session1_3,
+					   credentials,
+					   0 /* previous_session_id */);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_session_setup_spnego failed");
+
+	/*
+	 * Create a fake session for the 1st transport connection to the 2nd session
+	 */
+	session2_1 = smb2_session_channel(transport1,
+					  lpcfg_gensec_settings(tctx, tctx->lp_ctx),
+					  tree2,
+					  session2_2);
+	torture_assert(tctx, session2_1 != NULL, "smb2_session_channel failed");
+
+	/*
+	 * Now bind the 3rd transport connection to the 2nd session
+	 */
+	session2_3 = smb2_session_channel(transport3,
+					  lpcfg_gensec_settings(tctx, tctx->lp_ctx),
+					  tree2,
+					  session2_2);
+	torture_assert(tctx, session2_3 != NULL, "smb2_session_channel failed");
+
+	status = smb2_session_setup_spnego(session2_3,
+					   credentials,
+					   0 /* previous_session_id */);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_session_setup_spnego failed");
+
+	ZERO_STRUCT(qfinfo);
+	qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
+	qfinfo.generic.in.file.handle = _h1f1;
+	tree1->session = session1_1;
+	status = smb2_getinfo_file(tree1, mem_ctx, &qfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed");
+	tree1->session = session1_2;
+	status = smb2_getinfo_file(tree1, mem_ctx, &qfinfo);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_USER_SESSION_DELETED, ret, done,
+					"smb2_getinfo_file failed");
+	tree1->session = session1_3;
+	status = smb2_getinfo_file(tree1, mem_ctx, &qfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed");
+
+	ZERO_STRUCT(qfinfo);
+	qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
+	qfinfo.generic.in.file.handle = _h2f2;
+	tree2->session = session2_1;
+	status = smb2_getinfo_file(tree2, mem_ctx, &qfinfo);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_USER_SESSION_DELETED, ret, done,
+					"smb2_getinfo_file failed");
+	tree2->session = session2_2;
+	status = smb2_getinfo_file(tree2, mem_ctx, &qfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed");
+	tree2->session = session2_3;
+	status = smb2_getinfo_file(tree2, mem_ctx, &qfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed");
+
+	tree1->session = session1_1;
+	status = smb2_create(tree1, mem_ctx, &io1f2);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_SHARING_VIOLATION, ret, done,
+					"smb2_create failed");
+	tree1->session = session1_2;
+	status = smb2_create(tree1, mem_ctx, &io1f2);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_USER_SESSION_DELETED, ret, done,
+					"smb2_create failed");
+	tree1->session = session1_3;
+	status = smb2_create(tree1, mem_ctx, &io1f2);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_SHARING_VIOLATION, ret, done,
+					"smb2_create failed");
+
+	tree2->session = session2_1;
+	status = smb2_create(tree2, mem_ctx, &io2f1);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_USER_SESSION_DELETED, ret, done,
+					"smb2_create failed");
+	tree2->session = session2_2;
+	status = smb2_create(tree2, mem_ctx, &io2f1);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_SHARING_VIOLATION, ret, done,
+					"smb2_create failed");
+	tree2->session = session2_3;
+	status = smb2_create(tree2, mem_ctx, &io2f1);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_SHARING_VIOLATION, ret, done,
+					"smb2_create failed");
+
+	smbXcli_conn_disconnect(transport3->conn, NT_STATUS_LOCAL_DISCONNECT);
+	smb_msleep(500);
+
+	tree1->session = session1_1;
+	status = smb2_create(tree1, mem_ctx, &io1f2);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_SHARING_VIOLATION, ret, done,
+					"smb2_create failed");
+	tree1->session = session1_2;
+	status = smb2_create(tree1, mem_ctx, &io1f2);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_USER_SESSION_DELETED, ret, done,
+					"smb2_create failed");
+
+	tree2->session = session2_1;
+	status = smb2_create(tree2, mem_ctx, &io2f1);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_USER_SESSION_DELETED, ret, done,
+					"smb2_create failed");
+	tree2->session = session2_2;
+	status = smb2_create(tree2, mem_ctx, &io2f1);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_SHARING_VIOLATION, ret, done,
+					"smb2_create failed");
+
+	smbXcli_conn_disconnect(transport2->conn, NT_STATUS_LOCAL_DISCONNECT);
+	smb_msleep(500);
+	h2f2 = NULL;
+
+	tree1->session = session1_1;
+	status = smb2_create(tree1, mem_ctx, &io1f2);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed");
+	_h1f2 = io1f2.out.file.handle;
+	h1f2 = &_h1f2;
+	CHECK_CREATED(tctx, &io1f2, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	torture_assert_int_equal(tctx, io1f2.out.oplock_level,
+					smb2_util_oplock_level(""),
+					"oplock_level incorrect");
+
+	tree1->session = session1_1;
+	status = smb2_util_close(tree1, *h1f1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_close failed");
+	h1f1 = NULL;
+
+	ret = true;
+done:
+
+	smbXcli_conn_disconnect(transport3->conn, NT_STATUS_LOCAL_DISCONNECT);
+	smbXcli_conn_disconnect(transport2->conn, NT_STATUS_LOCAL_DISCONNECT);
+
+	tree1->session = session1_1;
+	tree2->session = session2_2;
+
+	if (h1f1 != NULL) {
+		smb2_util_close(tree1, *h1f1);
+	}
+	if (h1f2 != NULL) {
+		smb2_util_close(tree1, *h1f2);
+	}
+	if (h2f2 != NULL) {
+		smb2_util_close(tree2, *h2f2);
+	}
+
+	smb2_util_unlink(tree1, fname1);
+	smb2_util_unlink(tree1, fname2);
+
+	talloc_free(tree1);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+static bool test_session_bind_auth_mismatch(struct torture_context *tctx,
+					    struct smb2_tree *tree1,
+					    const char *testname,
+					    struct cli_credentials *creds1,
+					    struct cli_credentials *creds2,
+					    bool creds2_require_ok)
+{
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *share = torture_setting_string(tctx, "share", NULL);
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	struct smb2_handle _h1;
+	struct smb2_handle *h1 = NULL;
+	struct smb2_create io1;
+	union smb_fileinfo qfinfo;
+	bool ret = false;
+	struct smb2_tree *tree2 = NULL;
+	struct smb2_transport *transport1 = tree1->session->transport;
+	struct smbcli_options options2;
+	struct smb2_transport *transport2 = NULL;
+	struct smb2_session *session1_1 = tree1->session;
+	struct smb2_session *session1_2 = NULL;
+	struct smb2_session *session2_1 = NULL;
+	struct smb2_session *session2_2 = NULL;
+	struct smb2_session *session3_1 = NULL;
+	uint32_t caps;
+	bool encrypted;
+	bool creds2_got_ok = false;
+
+	encrypted = smb2cli_tcon_is_encryption_on(tree1->smbXcli);
+
+	caps = smb2cli_conn_server_capabilities(transport1->conn);
+	if (!(caps & SMB2_CAP_MULTI_CHANNEL)) {
+		torture_skip(tctx, "server doesn't support SMB2_CAP_MULTI_CHANNEL\n");
+	}
+
+	/*
+	 * We always want signing for this test!
+	 */
+	smb2cli_tcon_should_sign(tree1->smbXcli, true);
+	options2 = transport1->options;
+	options2.signing = SMB_SIGNING_REQUIRED;
+
+	/* Add some random component to the file name. */
+	snprintf(fname, sizeof(fname), "%s_%s.dat", testname,
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree1, fname);
+
+	smb2_oplock_create_share(&io1, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+
+	status = smb2_create(tree1, mem_ctx, &io1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed");
+	_h1 = io1.out.file.handle;
+	h1 = &_h1;
+	CHECK_CREATED(tctx, &io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	torture_assert_int_equal(tctx, io1.out.oplock_level,
+					smb2_util_oplock_level("b"),
+					"oplock_level incorrect");
+
+	status = smb2_connect(tctx,
+			      host,
+			      lpcfg_smb_ports(tctx->lp_ctx),
+			      share,
+			      lpcfg_resolve_context(tctx->lp_ctx),
+			      creds1,
+			      &tree2,
+			      tctx->ev,
+			      &options2,
+			      lpcfg_socket_options(tctx->lp_ctx),
+			      lpcfg_gensec_settings(tctx, tctx->lp_ctx)
+			      );
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_connect failed");
+	session2_2 = tree2->session;
+	transport2 = tree2->session->transport;
+
+	/*
+	 * Now bind the 2nd transport connection to the 1st session
+	 */
+	session1_2 = smb2_session_channel(transport2,
+					  lpcfg_gensec_settings(tctx, tctx->lp_ctx),
+					  tree2,
+					  session1_1);
+	torture_assert(tctx, session1_2 != NULL, "smb2_session_channel failed");
+
+	status = smb2_session_setup_spnego(session1_2,
+					   creds1,
+					   0 /* previous_session_id */);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_session_setup_spnego failed");
+
+	/* use the 1st connection, 1st session */
+	ZERO_STRUCT(qfinfo);
+	qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
+	qfinfo.generic.in.file.handle = _h1;
+	tree1->session = session1_1;
+	status = smb2_getinfo_file(tree1, mem_ctx, &qfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed");
+
+	/* use the 2nd connection, 1st session */
+	ZERO_STRUCT(qfinfo);
+	qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
+	qfinfo.generic.in.file.handle = _h1;
+	tree1->session = session1_2;
+	status = smb2_getinfo_file(tree1, mem_ctx, &qfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed");
+
+	tree1->session = session1_1;
+	status = smb2_util_close(tree1, *h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_close failed");
+	h1 = NULL;
+
+	/*
+	 * Create a 3rd session in order to check if the invalid (creds2)
+	 * are mapped to guest.
+	 */
+	session3_1 = smb2_session_init(transport1,
+				       lpcfg_gensec_settings(tctx, tctx->lp_ctx),
+				       tctx);
+	torture_assert(tctx, session3_1 != NULL, "smb2_session_channel failed");
+
+	status = smb2_session_setup_spnego(session3_1,
+					   creds2,
+					   0 /* previous_session_id */);
+	if (creds2_require_ok) {
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_session_setup_spnego worked");
+		creds2_got_ok = true;
+	} else if (NT_STATUS_IS_OK(status)) {
+		bool authentiated = smbXcli_session_is_authenticated(session3_1->smbXcli);
+		torture_assert(tctx, !authentiated, "Invalid credentials allowed!");
+		creds2_got_ok = true;
+	} else {
+		torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_LOGON_FAILURE, ret, done,
+					"smb2_session_setup_spnego worked");
+	}
+
+	/*
+	 * Now bind the 1st transport connection to the 2nd session
+	 */
+	session2_1 = smb2_session_channel(transport1,
+					  lpcfg_gensec_settings(tctx, tctx->lp_ctx),
+					  tree1,
+					  session2_2);
+	torture_assert(tctx, session2_1 != NULL, "smb2_session_channel failed");
+
+	tree2->session = session2_1;
+	status = smb2_util_unlink(tree2, fname);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_USER_SESSION_DELETED, ret, done,
+					"smb2_util_unlink worked on invalid channel");
+
+	status = smb2_session_setup_spnego(session2_1,
+					   creds2,
+					   0 /* previous_session_id */);
+	if (creds2_got_ok) {
+		/*
+		 * attaching with a different user (guest or anonymous) results
+		 * in ACCESS_DENIED.
+		 */
+		torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_ACCESS_DENIED, ret, done,
+					"smb2_session_setup_spnego worked");
+	} else {
+		torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_LOGON_FAILURE, ret, done,
+					"smb2_session_setup_spnego worked");
+	}
+
+	tree2->session = session2_1;
+	status = smb2_util_unlink(tree2, fname);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_USER_SESSION_DELETED, ret, done,
+					"smb2_util_unlink worked on invalid channel");
+
+	tree2->session = session2_2;
+	status = smb2_util_unlink(tree2, fname);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_unlink failed");
+	status = smb2_util_unlink(tree2, fname);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND, ret, done,
+					"smb2_util_unlink worked");
+	if (creds2_got_ok) {
+		/*
+		 * We got ACCESS_DENIED on the session bind
+		 * with a different user, now check that
+		 * the correct user can actually bind on
+		 * the same connection.
+		 */
+		TALLOC_FREE(session2_1);
+		session2_1 = smb2_session_channel(transport1,
+						  lpcfg_gensec_settings(tctx, tctx->lp_ctx),
+						  tree1,
+						  session2_2);
+		torture_assert(tctx, session2_1 != NULL, "smb2_session_channel failed");
+
+		status = smb2_session_setup_spnego(session2_1,
+						   creds1,
+						   0 /* previous_session_id */);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_session_setup_spnego failed");
+		tree2->session = session2_1;
+		status = smb2_util_unlink(tree2, fname);
+		torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND, ret, done,
+						"smb2_util_unlink worked");
+		tree2->session = session2_2;
+	}
+
+	tree1->session = session1_1;
+	status = smb2_util_unlink(tree1, fname);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND, ret, done,
+					"smb2_util_unlink worked");
+
+	tree1->session = session1_2;
+	status = smb2_util_unlink(tree1, fname);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND, ret, done,
+					"smb2_util_unlink worked");
+
+	if (creds2_got_ok) {
+		/*
+		 * With valid credentials, there's no point to test a failing
+		 * reauth.
+		 */
+		ret = true;
+		goto done;
+	}
+
+	/*
+	 * Do a failing reauth the 2nd channel
+	 */
+	status = smb2_session_setup_spnego(session1_2,
+					   creds2,
+					   0 /* previous_session_id */);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_LOGON_FAILURE, ret, done,
+					"smb2_session_setup_spnego worked");
+
+	tree1->session = session1_1;
+	status = smb2_util_unlink(tree1, fname);
+	if (encrypted) {
+		torture_assert_goto(tctx, !smbXcli_conn_is_connected(transport1->conn), ret, done,
+						"smb2_util_unlink worked");
+	} else {
+		torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_USER_SESSION_DELETED, ret, done,
+						"smb2_util_unlink worked");
+	}
+
+	tree1->session = session1_2;
+	status = smb2_util_unlink(tree1, fname);
+	if (encrypted) {
+		torture_assert_goto(tctx, !smbXcli_conn_is_connected(transport2->conn), ret, done,
+						"smb2_util_unlink worked");
+	} else {
+		torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_USER_SESSION_DELETED, ret, done,
+						"smb2_util_unlink worked");
+	}
+
+	status = smb2_util_unlink(tree2, fname);
+	if (encrypted) {
+		torture_assert_goto(tctx, !smbXcli_conn_is_connected(transport1->conn), ret, done,
+						"smb2_util_unlink worked");
+		torture_assert_goto(tctx, !smbXcli_conn_is_connected(transport2->conn), ret, done,
+						"smb2_util_unlink worked");
+	} else {
+		torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND, ret, done,
+						"smb2_util_unlink worked");
+	}
+
+	ret = true;
+done:
+	talloc_free(tree2);
+	tree1->session = session1_1;
+
+	if (h1 != NULL) {
+		smb2_util_close(tree1, *h1);
+	}
+
+	smb2_util_unlink(tree1, fname);
+
+	talloc_free(tree1);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+static bool test_session_bind_invalid_auth(struct torture_context *tctx, struct smb2_tree *tree1)
+{
+	struct cli_credentials *credentials = samba_cmdline_get_creds();
+	struct cli_credentials *invalid_credentials = NULL;
+	bool ret = false;
+
+	invalid_credentials = cli_credentials_init(tctx);
+	torture_assert(tctx, (invalid_credentials != NULL), "talloc error");
+	cli_credentials_set_username(invalid_credentials, "__none__invalid__none__", CRED_SPECIFIED);
+	cli_credentials_set_domain(invalid_credentials, "__none__invalid__none__", CRED_SPECIFIED);
+	cli_credentials_set_password(invalid_credentials, "__none__invalid__none__", CRED_SPECIFIED);
+	cli_credentials_set_realm(invalid_credentials, NULL, CRED_SPECIFIED);
+	cli_credentials_set_workstation(invalid_credentials, "", CRED_UNINITIALISED);
+
+	ret = test_session_bind_auth_mismatch(tctx, tree1, __func__,
+					      credentials,
+					      invalid_credentials,
+					      false);
+	return ret;
+}
+
+static bool test_session_bind_different_user(struct torture_context *tctx, struct smb2_tree *tree1)
+{
+	struct cli_credentials *credentials1 = samba_cmdline_get_creds();
+	struct cli_credentials *credentials2 = torture_user2_credentials(tctx, tctx);
+	char *u1 = cli_credentials_get_unparsed_name(credentials1, tctx);
+	char *u2 = cli_credentials_get_unparsed_name(credentials2, tctx);
+	bool ret = false;
+	bool bval;
+
+	torture_assert(tctx, (credentials2 != NULL), "talloc error");
+	bval = cli_credentials_is_anonymous(credentials2);
+	if (bval) {
+		torture_skip(tctx, "valid user2 credentials are required");
+	}
+	bval = strequal(u1, u2);
+	if (bval) {
+		torture_skip(tctx, "different user2 credentials are required");
+	}
+
+	ret = test_session_bind_auth_mismatch(tctx, tree1, __func__,
+					      credentials1,
+					      credentials2,
+					      true);
+	return ret;
+}
+
+static bool test_session_bind_negative_smbXtoX(struct torture_context *tctx,
+					       const char *testname,
+					       struct cli_credentials *credentials,
+					       const struct smbcli_options *options1,
+					       const struct smbcli_options *options2,
+					       NTSTATUS bind_reject_status)
+{
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *share = torture_setting_string(tctx, "share", NULL);
+	NTSTATUS status;
+	bool ret = false;
+	struct smb2_tree *tree1 = NULL;
+	struct smb2_session *session1_1 = NULL;
+	char fname[256];
+	struct smb2_handle _h1;
+	struct smb2_handle *h1 = NULL;
+	struct smb2_create io1;
+	union smb_fileinfo qfinfo1;
+	struct smb2_tree *tree2_0 = NULL;
+	struct smb2_transport *transport2 = NULL;
+	struct smb2_session *session1_2 = NULL;
+	uint64_t session1_id = 0;
+	uint16_t session1_flags = 0;
+	NTSTATUS deleted_status = NT_STATUS_USER_SESSION_DELETED;
+
+	status = smb2_connect(tctx,
+			      host,
+			      lpcfg_smb_ports(tctx->lp_ctx),
+			      share,
+			      lpcfg_resolve_context(tctx->lp_ctx),
+			      credentials,
+			      &tree1,
+			      tctx->ev,
+			      options1,
+			      lpcfg_socket_options(tctx->lp_ctx),
+			      lpcfg_gensec_settings(tctx, tctx->lp_ctx)
+			      );
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_connect options1 failed");
+	session1_1 = tree1->session;
+	session1_id = smb2cli_session_current_id(session1_1->smbXcli);
+	session1_flags = smb2cli_session_get_flags(session1_1->smbXcli);
+
+	/* Add some random component to the file name. */
+	snprintf(fname, sizeof(fname), "%s_%s.dat",
+		 testname, generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree1, fname);
+
+	smb2_oplock_create_share(&io1, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+
+	io1.in.create_options |= NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
+	status = smb2_create(tree1, tctx, &io1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed");
+	_h1 = io1.out.file.handle;
+	h1 = &_h1;
+	CHECK_CREATED(tctx, &io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	torture_assert_int_equal(tctx, io1.out.oplock_level,
+					smb2_util_oplock_level("b"),
+					"oplock_level incorrect");
+
+	status = smb2_connect(tctx,
+			      host,
+			      lpcfg_smb_ports(tctx->lp_ctx),
+			      share,
+			      lpcfg_resolve_context(tctx->lp_ctx),
+			      credentials,
+			      &tree2_0,
+			      tctx->ev,
+			      options2,
+			      lpcfg_socket_options(tctx->lp_ctx),
+			      lpcfg_gensec_settings(tctx, tctx->lp_ctx)
+			      );
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_connect options2 failed");
+	transport2 = tree2_0->session->transport;
+
+	/*
+	 * Now bind the 2nd transport connection to the 1st session
+	 */
+	session1_2 = smb2_session_channel(transport2,
+					  lpcfg_gensec_settings(tctx, tctx->lp_ctx),
+					  tree2_0,
+					  session1_1);
+	torture_assert(tctx, session1_2 != NULL, "smb2_session_channel failed");
+
+	status = smb2_session_setup_spnego(session1_2,
+					   credentials,
+					   0 /* previous_session_id */);
+	torture_assert_ntstatus_equal_goto(tctx, status, bind_reject_status, ret, done,
+					   "smb2_session_setup_spnego failed");
+	if (NT_STATUS_IS_OK(bind_reject_status)) {
+		ZERO_STRUCT(qfinfo1);
+		qfinfo1.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
+		qfinfo1.generic.in.file.handle = _h1;
+		tree1->session = session1_2;
+		status = smb2_getinfo_file(tree1, tctx, &qfinfo1);
+		tree1->session = session1_1;
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed");
+	}
+	TALLOC_FREE(session1_2);
+
+	/* Check the initial session is still alive */
+	ZERO_STRUCT(qfinfo1);
+	qfinfo1.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
+	qfinfo1.generic.in.file.handle = _h1;
+	status = smb2_getinfo_file(tree1, tctx, &qfinfo1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed");
+
+	if (NT_STATUS_IS_OK(bind_reject_status)) {
+		deleted_status = NT_STATUS_ACCESS_DENIED;
+		bind_reject_status = NT_STATUS_ACCESS_DENIED;
+	}
+
+	/*
+	 * I guess this is not part of MultipleChannel_Negative_SMB2002,
+	 * but we should also check the status without
+	 * SMB2_SESSION_FLAG_BINDING.
+	 */
+	session1_2 = smb2_session_channel(transport2,
+					  lpcfg_gensec_settings(tctx, tctx->lp_ctx),
+					  tree2_0,
+					  session1_1);
+	torture_assert(tctx, session1_2 != NULL, "smb2_session_channel failed");
+	session1_2->needs_bind = false;
+
+	status = smb2_session_setup_spnego(session1_2,
+					   credentials,
+					   0 /* previous_session_id */);
+	torture_assert_ntstatus_equal_goto(tctx, status, deleted_status, ret, done,
+					   "smb2_session_setup_spnego failed");
+	TALLOC_FREE(session1_2);
+
+	/*
+	 * ... and we should also check the status without any existing
+	 * session keys.
+	 */
+	session1_2 = smb2_session_init(transport2,
+				       lpcfg_gensec_settings(tctx, tctx->lp_ctx),
+				       tree2_0);
+	torture_assert(tctx, session1_2 != NULL, "smb2_session_channel failed");
+	talloc_steal(tree2_0->session, transport2);
+	smb2cli_session_set_id_and_flags(session1_2->smbXcli,
+					 session1_id, session1_flags);
+
+	status = smb2_session_setup_spnego(session1_2,
+					   credentials,
+					   0 /* previous_session_id */);
+	torture_assert_ntstatus_equal_goto(tctx, status, deleted_status, ret, done,
+					   "smb2_session_setup_spnego failed");
+	TALLOC_FREE(session1_2);
+
+	/* Check the initial session is still alive */
+	ZERO_STRUCT(qfinfo1);
+	qfinfo1.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
+	qfinfo1.generic.in.file.handle = _h1;
+	status = smb2_getinfo_file(tree1, tctx, &qfinfo1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed");
+
+	/*
+	 * Now bind the 2nd transport connection to the 1st session (again)
+	 */
+	session1_2 = smb2_session_channel(transport2,
+					  lpcfg_gensec_settings(tctx, tctx->lp_ctx),
+					  tree2_0,
+					  session1_1);
+	torture_assert(tctx, session1_2 != NULL, "smb2_session_channel failed");
+
+	status = smb2_session_setup_spnego(session1_2,
+					   credentials,
+					   0 /* previous_session_id */);
+	torture_assert_ntstatus_equal_goto(tctx, status, bind_reject_status, ret, done,
+					   "smb2_session_setup_spnego failed");
+	TALLOC_FREE(session1_2);
+
+	/* Check the initial session is still alive */
+	ZERO_STRUCT(qfinfo1);
+	qfinfo1.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
+	qfinfo1.generic.in.file.handle = _h1;
+	status = smb2_getinfo_file(tree1, tctx, &qfinfo1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed");
+
+	ret = true;
+done:
+	talloc_free(tree2_0);
+	if (h1 != NULL) {
+		smb2_util_close(tree1, *h1);
+	}
+	talloc_free(tree1);
+
+	return ret;
+}
+
+/*
+ * This is similar to the MultipleChannel_Negative_SMB2002 test
+ * from the Windows Protocol Test Suite.
+ *
+ * It demonstrates that the server needs to do lookup
+ * in the global session table in order to get the signing
+ * and error code of invalid session setups correct.
+ *
+ * See: https://bugzilla.samba.org/show_bug.cgi?id=14512
+ *
+ * Note you can ignore tree0...
+ */
+static bool test_session_bind_negative_smb202(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials = samba_cmdline_get_creds();
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+	bool encrypted;
+
+	encrypted = smb2cli_tcon_is_encryption_on(tree0->smbXcli);
+	if (encrypted) {
+		torture_skip(tctx,
+			     "Can't test SMB 2.02 if encryption is required");
+	}
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_zero();
+	options1.max_protocol = PROTOCOL_SMB2_02;
+
+	options2 = options1;
+	options2.only_negprot = true;
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_REQUEST_NOT_ACCEPTED);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb210s(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials = samba_cmdline_get_creds();
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+	bool encrypted;
+
+	encrypted = smb2cli_tcon_is_encryption_on(tree0->smbXcli);
+	if (encrypted) {
+		torture_skip(tctx,
+			     "Can't test SMB 2.10 if encryption is required");
+	}
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.max_protocol = PROTOCOL_SMB2_10;
+
+	/* same client guid */
+	options2 = options1;
+	options2.only_negprot = true;
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_REQUEST_NOT_ACCEPTED);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb210d(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials = samba_cmdline_get_creds();
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+	bool encrypted;
+
+	encrypted = smb2cli_tcon_is_encryption_on(tree0->smbXcli);
+	if (encrypted) {
+		torture_skip(tctx,
+			     "Can't test SMB 2.10 if encryption is required");
+	}
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.max_protocol = PROTOCOL_SMB2_10;
+
+	/* different client guid */
+	options2 = options1;
+	options2.client_guid = GUID_random();
+	options2.only_negprot = true;
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_REQUEST_NOT_ACCEPTED);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb2to3s(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials = samba_cmdline_get_creds();
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+	bool encrypted;
+
+	encrypted = smb2cli_tcon_is_encryption_on(tree0->smbXcli);
+	if (encrypted) {
+		torture_skip(tctx,
+			     "Can't test SMB 2.10 if encryption is required");
+	}
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_00) {
+		torture_skip(tctx,
+			     "Can't test without SMB3 support");
+	}
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB2_02;
+	options1.max_protocol = PROTOCOL_SMB2_10;
+
+	/* same client guid */
+	options2 = options1;
+	options2.only_negprot = true;
+	options2.min_protocol = PROTOCOL_SMB3_00;
+	options2.max_protocol = PROTOCOL_SMB3_11;
+	options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_CMAC,
+		},
+	};
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_INVALID_PARAMETER);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb2to3d(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials = samba_cmdline_get_creds();
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+	bool encrypted;
+
+	encrypted = smb2cli_tcon_is_encryption_on(tree0->smbXcli);
+	if (encrypted) {
+		torture_skip(tctx,
+			     "Can't test SMB 2.10 if encryption is required");
+	}
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_00) {
+		torture_skip(tctx,
+			     "Can't test without SMB3 support");
+	}
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB2_02;
+	options1.max_protocol = PROTOCOL_SMB2_10;
+
+	/* different client guid */
+	options2 = options1;
+	options2.client_guid = GUID_random();
+	options2.only_negprot = true;
+	options2.min_protocol = PROTOCOL_SMB3_00;
+	options2.max_protocol = PROTOCOL_SMB3_11;
+	options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_CMAC,
+		},
+	};
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_INVALID_PARAMETER);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb3to2s(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials = samba_cmdline_get_creds();
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+	bool encrypted;
+
+	encrypted = smb2cli_tcon_is_encryption_on(tree0->smbXcli);
+	if (encrypted) {
+		torture_skip(tctx,
+			     "Can't test SMB 2.10 if encryption is required");
+	}
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_00) {
+		torture_skip(tctx,
+			     "Can't test without SMB3 support");
+	}
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_00;
+	options1.max_protocol = PROTOCOL_SMB3_11;
+	options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_CMAC,
+		},
+	};
+
+	/* same client guid */
+	options2 = options1;
+	options2.only_negprot = true;
+	options2.min_protocol = PROTOCOL_SMB2_02;
+	options2.max_protocol = PROTOCOL_SMB2_10;
+	options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_HMAC_SHA256,
+		},
+	};
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_REQUEST_NOT_ACCEPTED);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb3to2d(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials = samba_cmdline_get_creds();
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+	bool encrypted;
+
+	encrypted = smb2cli_tcon_is_encryption_on(tree0->smbXcli);
+	if (encrypted) {
+		torture_skip(tctx,
+			     "Can't test SMB 2.10 if encryption is required");
+	}
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_00) {
+		torture_skip(tctx,
+			     "Can't test without SMB3 support");
+	}
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_00;
+	options1.max_protocol = PROTOCOL_SMB3_11;
+	options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_CMAC,
+		},
+	};
+
+	/* different client guid */
+	options2 = options1;
+	options2.client_guid = GUID_random();
+	options2.only_negprot = true;
+	options2.min_protocol = PROTOCOL_SMB2_02;
+	options2.max_protocol = PROTOCOL_SMB2_10;
+	options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_HMAC_SHA256,
+		},
+	};
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_REQUEST_NOT_ACCEPTED);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb3to3s(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials = samba_cmdline_get_creds();
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_02;
+	options1.max_protocol = PROTOCOL_SMB3_02;
+
+	/* same client guid */
+	options2 = options1;
+	options2.only_negprot = true;
+	options2.min_protocol = PROTOCOL_SMB3_11;
+	options2.max_protocol = PROTOCOL_SMB3_11;
+	options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_CMAC,
+		},
+	};
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_INVALID_PARAMETER);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb3to3d(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials = samba_cmdline_get_creds();
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_02;
+	options1.max_protocol = PROTOCOL_SMB3_02;
+
+	/* different client guid */
+	options2 = options1;
+	options2.client_guid = GUID_random();
+	options2.only_negprot = true;
+	options2.min_protocol = PROTOCOL_SMB3_11;
+	options2.max_protocol = PROTOCOL_SMB3_11;
+	options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_CMAC,
+		},
+	};
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_INVALID_PARAMETER);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb3encGtoCs(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials0 = samba_cmdline_get_creds();
+	struct cli_credentials *credentials = NULL;
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+	bool ok;
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	credentials = cli_credentials_shallow_copy(tctx, credentials0);
+	torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
+	ok = cli_credentials_set_smb_encryption(credentials,
+						SMB_ENCRYPTION_REQUIRED,
+						CRED_SPECIFIED);
+	torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_11;
+	options1.max_protocol = PROTOCOL_SMB3_11;
+	options1.signing = SMB_SIGNING_REQUIRED;
+	options1.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_ENCRYPTION_AES128_GCM,
+		},
+	};
+
+	/* same client guid */
+	options2 = options1;
+	options2.only_negprot = true;
+	options2.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_ENCRYPTION_AES128_CCM,
+		},
+	};
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_INVALID_PARAMETER);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb3encGtoCd(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials0 = samba_cmdline_get_creds();
+	struct cli_credentials *credentials = NULL;
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+	bool ok;
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	credentials = cli_credentials_shallow_copy(tctx, credentials0);
+	torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
+	ok = cli_credentials_set_smb_encryption(credentials,
+						SMB_ENCRYPTION_REQUIRED,
+						CRED_SPECIFIED);
+	torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_11;
+	options1.max_protocol = PROTOCOL_SMB3_11;
+	options1.signing = SMB_SIGNING_REQUIRED;
+	options1.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_ENCRYPTION_AES128_GCM,
+		},
+	};
+
+	/* different client guid */
+	options2 = options1;
+	options2.client_guid = GUID_random();
+	options2.only_negprot = true;
+	options2.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_ENCRYPTION_AES128_CCM,
+		},
+	};
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_INVALID_PARAMETER);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb3signCtoHs(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials0 = samba_cmdline_get_creds();
+	struct cli_credentials *credentials = NULL;
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+	bool ok;
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 signing negotiation support");
+	}
+
+	credentials = cli_credentials_shallow_copy(tctx, credentials0);
+	torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
+	ok = cli_credentials_set_smb_encryption(credentials,
+						SMB_ENCRYPTION_REQUIRED,
+						CRED_SPECIFIED);
+	torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_11;
+	options1.max_protocol = PROTOCOL_SMB3_11;
+	options1.signing = SMB_SIGNING_REQUIRED;
+	options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_CMAC,
+		},
+	};
+
+	/* same client guid */
+	options2 = options1;
+	options2.only_negprot = true;
+	options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_HMAC_SHA256,
+		},
+	};
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_OK);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb3signCtoHd(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials0 = samba_cmdline_get_creds();
+	struct cli_credentials *credentials = NULL;
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+	bool ok;
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 signing negotiation support");
+	}
+
+	credentials = cli_credentials_shallow_copy(tctx, credentials0);
+	torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
+	ok = cli_credentials_set_smb_encryption(credentials,
+						SMB_ENCRYPTION_REQUIRED,
+						CRED_SPECIFIED);
+	torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_11;
+	options1.max_protocol = PROTOCOL_SMB3_11;
+	options1.signing = SMB_SIGNING_REQUIRED;
+	options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_CMAC,
+		},
+	};
+
+	/* different client guid */
+	options2 = options1;
+	options2.client_guid = GUID_random();
+	options2.only_negprot = true;
+	options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_HMAC_SHA256,
+		},
+	};
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_OK);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb3signHtoCs(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials0 = samba_cmdline_get_creds();
+	struct cli_credentials *credentials = NULL;
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+	bool ok;
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 signing negotiation support");
+	}
+
+	credentials = cli_credentials_shallow_copy(tctx, credentials0);
+	torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
+	ok = cli_credentials_set_smb_encryption(credentials,
+						SMB_ENCRYPTION_REQUIRED,
+						CRED_SPECIFIED);
+	torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_11;
+	options1.max_protocol = PROTOCOL_SMB3_11;
+	options1.signing = SMB_SIGNING_REQUIRED;
+	options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_HMAC_SHA256,
+		},
+	};
+
+	/* same client guid */
+	options2 = options1;
+	options2.only_negprot = true;
+	options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_CMAC,
+		},
+	};
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_OK);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb3signHtoCd(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials0 = samba_cmdline_get_creds();
+	struct cli_credentials *credentials = NULL;
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+	bool ok;
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 signing negotiation support");
+	}
+
+	credentials = cli_credentials_shallow_copy(tctx, credentials0);
+	torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
+	ok = cli_credentials_set_smb_encryption(credentials,
+						SMB_ENCRYPTION_REQUIRED,
+						CRED_SPECIFIED);
+	torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_11;
+	options1.max_protocol = PROTOCOL_SMB3_11;
+	options1.signing = SMB_SIGNING_REQUIRED;
+	options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_HMAC_SHA256,
+		},
+	};
+
+	/* different client guid */
+	options2 = options1;
+	options2.client_guid = GUID_random();
+	options2.only_negprot = true;
+	options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_CMAC,
+		},
+	};
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_OK);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb3signHtoGs(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials0 = samba_cmdline_get_creds();
+	struct cli_credentials *credentials = NULL;
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+	bool ok;
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 signing negotiation support");
+	}
+
+	credentials = cli_credentials_shallow_copy(tctx, credentials0);
+	torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
+	ok = cli_credentials_set_smb_encryption(credentials,
+						SMB_ENCRYPTION_REQUIRED,
+						CRED_SPECIFIED);
+	torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_11;
+	options1.max_protocol = PROTOCOL_SMB3_11;
+	options1.signing = SMB_SIGNING_REQUIRED;
+	options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_HMAC_SHA256,
+		},
+	};
+
+	/* same client guid */
+	options2 = options1;
+	options2.only_negprot = true;
+	options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_GMAC,
+		},
+	};
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_NOT_SUPPORTED);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb3signHtoGd(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials0 = samba_cmdline_get_creds();
+	struct cli_credentials *credentials = NULL;
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+	bool ok;
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 signing negotiation support");
+	}
+
+	credentials = cli_credentials_shallow_copy(tctx, credentials0);
+	torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
+	ok = cli_credentials_set_smb_encryption(credentials,
+						SMB_ENCRYPTION_REQUIRED,
+						CRED_SPECIFIED);
+	torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_11;
+	options1.max_protocol = PROTOCOL_SMB3_11;
+	options1.signing = SMB_SIGNING_REQUIRED;
+	options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_HMAC_SHA256,
+		},
+	};
+
+	/* different client guid */
+	options2 = options1;
+	options2.client_guid = GUID_random();
+	options2.only_negprot = true;
+	options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_GMAC,
+		},
+	};
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_NOT_SUPPORTED);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb3signCtoGs(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials0 = samba_cmdline_get_creds();
+	struct cli_credentials *credentials = NULL;
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+	bool ok;
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 signing negotiation support");
+	}
+
+	credentials = cli_credentials_shallow_copy(tctx, credentials0);
+	torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
+	ok = cli_credentials_set_smb_encryption(credentials,
+						SMB_ENCRYPTION_REQUIRED,
+						CRED_SPECIFIED);
+	torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_11;
+	options1.max_protocol = PROTOCOL_SMB3_11;
+	options1.signing = SMB_SIGNING_REQUIRED;
+	options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_CMAC,
+		},
+	};
+
+	/* same client guid */
+	options2 = options1;
+	options2.only_negprot = true;
+	options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_GMAC,
+		},
+	};
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_NOT_SUPPORTED);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb3signCtoGd(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials0 = samba_cmdline_get_creds();
+	struct cli_credentials *credentials = NULL;
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+	bool ok;
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 signing negotiation support");
+	}
+
+	credentials = cli_credentials_shallow_copy(tctx, credentials0);
+	torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
+	ok = cli_credentials_set_smb_encryption(credentials,
+						SMB_ENCRYPTION_REQUIRED,
+						CRED_SPECIFIED);
+	torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_11;
+	options1.max_protocol = PROTOCOL_SMB3_11;
+	options1.signing = SMB_SIGNING_REQUIRED;
+	options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_CMAC,
+		},
+	};
+
+	/* different client guid */
+	options2 = options1;
+	options2.client_guid = GUID_random();
+	options2.only_negprot = true;
+	options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_GMAC,
+		},
+	};
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_NOT_SUPPORTED);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb3signGtoCs(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials0 = samba_cmdline_get_creds();
+	struct cli_credentials *credentials = NULL;
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+	bool ok;
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 signing negotiation support");
+	}
+
+	credentials = cli_credentials_shallow_copy(tctx, credentials0);
+	torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
+	ok = cli_credentials_set_smb_encryption(credentials,
+						SMB_ENCRYPTION_REQUIRED,
+						CRED_SPECIFIED);
+	torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_11;
+	options1.max_protocol = PROTOCOL_SMB3_11;
+	options1.signing = SMB_SIGNING_REQUIRED;
+	options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_GMAC,
+		},
+	};
+
+	/* same client guid */
+	options2 = options1;
+	options2.only_negprot = true;
+	options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_CMAC,
+		},
+	};
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_REQUEST_OUT_OF_SEQUENCE);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb3signGtoCd(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials0 = samba_cmdline_get_creds();
+	struct cli_credentials *credentials = NULL;
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+	bool ok;
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 signing negotiation support");
+	}
+
+	credentials = cli_credentials_shallow_copy(tctx, credentials0);
+	torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
+	ok = cli_credentials_set_smb_encryption(credentials,
+						SMB_ENCRYPTION_REQUIRED,
+						CRED_SPECIFIED);
+	torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_11;
+	options1.max_protocol = PROTOCOL_SMB3_11;
+	options1.signing = SMB_SIGNING_REQUIRED;
+	options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_GMAC,
+		},
+	};
+
+	/* different client guid */
+	options2 = options1;
+	options2.client_guid = GUID_random();
+	options2.only_negprot = true;
+	options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_CMAC,
+		},
+	};
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_REQUEST_OUT_OF_SEQUENCE);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb3signGtoHs(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials0 = samba_cmdline_get_creds();
+	struct cli_credentials *credentials = NULL;
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+	bool ok;
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 signing negotiation support");
+	}
+
+	credentials = cli_credentials_shallow_copy(tctx, credentials0);
+	torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
+	ok = cli_credentials_set_smb_encryption(credentials,
+						SMB_ENCRYPTION_REQUIRED,
+						CRED_SPECIFIED);
+	torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_11;
+	options1.max_protocol = PROTOCOL_SMB3_11;
+	options1.signing = SMB_SIGNING_REQUIRED;
+	options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_GMAC,
+		},
+	};
+
+	/* same client guid */
+	options2 = options1;
+	options2.only_negprot = true;
+	options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_HMAC_SHA256,
+		},
+	};
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_REQUEST_OUT_OF_SEQUENCE);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb3signGtoHd(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials0 = samba_cmdline_get_creds();
+	struct cli_credentials *credentials = NULL;
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+	bool ok;
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 signing negotiation support");
+	}
+
+	credentials = cli_credentials_shallow_copy(tctx, credentials0);
+	torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
+	ok = cli_credentials_set_smb_encryption(credentials,
+						SMB_ENCRYPTION_REQUIRED,
+						CRED_SPECIFIED);
+	torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_11;
+	options1.max_protocol = PROTOCOL_SMB3_11;
+	options1.signing = SMB_SIGNING_REQUIRED;
+	options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_GMAC,
+		},
+	};
+
+	/* different client guid */
+	options2 = options1;
+	options2.client_guid = GUID_random();
+	options2.only_negprot = true;
+	options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_HMAC_SHA256,
+		},
+	};
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_REQUEST_OUT_OF_SEQUENCE);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb3sneGtoCs(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials0 = samba_cmdline_get_creds();
+	struct cli_credentials *credentials = NULL;
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+	bool ok;
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 signing negotiation support");
+	}
+
+	credentials = cli_credentials_shallow_copy(tctx, credentials0);
+	torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
+	ok = cli_credentials_set_smb_encryption(credentials,
+						SMB_ENCRYPTION_REQUIRED,
+						CRED_SPECIFIED);
+	torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_11;
+	options1.max_protocol = PROTOCOL_SMB3_11;
+	options1.signing = SMB_SIGNING_REQUIRED;
+	options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_GMAC,
+		},
+	};
+	options1.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_ENCRYPTION_AES128_GCM,
+		},
+	};
+
+	/* same client guid */
+	options2 = options1;
+	options2.only_negprot = true;
+	options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_CMAC,
+		},
+	};
+	options2.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_ENCRYPTION_AES128_CCM,
+		},
+	};
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_REQUEST_OUT_OF_SEQUENCE);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb3sneGtoCd(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials0 = samba_cmdline_get_creds();
+	struct cli_credentials *credentials = NULL;
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+	bool ok;
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 signing negotiation support");
+	}
+
+	credentials = cli_credentials_shallow_copy(tctx, credentials0);
+	torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
+	ok = cli_credentials_set_smb_encryption(credentials,
+						SMB_ENCRYPTION_REQUIRED,
+						CRED_SPECIFIED);
+	torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_11;
+	options1.max_protocol = PROTOCOL_SMB3_11;
+	options1.signing = SMB_SIGNING_REQUIRED;
+	options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_GMAC,
+		},
+	};
+	options1.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_ENCRYPTION_AES128_GCM,
+		},
+	};
+
+	/* different client guid */
+	options2 = options1;
+	options2.client_guid = GUID_random();
+	options2.only_negprot = true;
+	options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_CMAC,
+		},
+	};
+	options2.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_ENCRYPTION_AES128_CCM,
+		},
+	};
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_REQUEST_OUT_OF_SEQUENCE);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb3sneGtoHs(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials0 = samba_cmdline_get_creds();
+	struct cli_credentials *credentials = NULL;
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+	bool ok;
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 signing negotiation support");
+	}
+
+	credentials = cli_credentials_shallow_copy(tctx, credentials0);
+	torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
+	ok = cli_credentials_set_smb_encryption(credentials,
+						SMB_ENCRYPTION_REQUIRED,
+						CRED_SPECIFIED);
+	torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_11;
+	options1.max_protocol = PROTOCOL_SMB3_11;
+	options1.signing = SMB_SIGNING_REQUIRED;
+	options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_GMAC,
+		},
+	};
+	options1.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_ENCRYPTION_AES128_GCM,
+		},
+	};
+
+	/* same client guid */
+	options2 = options1;
+	options2.only_negprot = true;
+	options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_HMAC_SHA256,
+		},
+	};
+	options2.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_ENCRYPTION_AES128_CCM,
+		},
+	};
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_REQUEST_OUT_OF_SEQUENCE);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb3sneGtoHd(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials0 = samba_cmdline_get_creds();
+	struct cli_credentials *credentials = NULL;
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+	bool ok;
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 signing negotiation support");
+	}
+
+	credentials = cli_credentials_shallow_copy(tctx, credentials0);
+	torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
+	ok = cli_credentials_set_smb_encryption(credentials,
+						SMB_ENCRYPTION_REQUIRED,
+						CRED_SPECIFIED);
+	torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_11;
+	options1.max_protocol = PROTOCOL_SMB3_11;
+	options1.signing = SMB_SIGNING_REQUIRED;
+	options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_GMAC,
+		},
+	};
+	options1.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_ENCRYPTION_AES128_GCM,
+		},
+	};
+
+	/* different client guid */
+	options2 = options1;
+	options2.client_guid = GUID_random();
+	options2.only_negprot = true;
+	options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_HMAC_SHA256,
+		},
+	};
+	options2.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_ENCRYPTION_AES128_CCM,
+		},
+	};
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_REQUEST_OUT_OF_SEQUENCE);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb3sneCtoGs(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials0 = samba_cmdline_get_creds();
+	struct cli_credentials *credentials = NULL;
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+	bool ok;
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 signing negotiation support");
+	}
+
+	credentials = cli_credentials_shallow_copy(tctx, credentials0);
+	torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
+	ok = cli_credentials_set_smb_encryption(credentials,
+						SMB_ENCRYPTION_REQUIRED,
+						CRED_SPECIFIED);
+	torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_11;
+	options1.max_protocol = PROTOCOL_SMB3_11;
+	options1.signing = SMB_SIGNING_REQUIRED;
+	options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_CMAC,
+		},
+	};
+	options1.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_ENCRYPTION_AES128_CCM,
+		},
+	};
+
+	/* same client guid */
+	options2 = options1;
+	options2.only_negprot = true;
+	options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_GMAC,
+		},
+	};
+	options2.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_ENCRYPTION_AES128_GCM,
+		},
+	};
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_NOT_SUPPORTED);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb3sneCtoGd(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials0 = samba_cmdline_get_creds();
+	struct cli_credentials *credentials = NULL;
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+	bool ok;
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 signing negotiation support");
+	}
+
+	credentials = cli_credentials_shallow_copy(tctx, credentials0);
+	torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
+	ok = cli_credentials_set_smb_encryption(credentials,
+						SMB_ENCRYPTION_REQUIRED,
+						CRED_SPECIFIED);
+	torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_11;
+	options1.max_protocol = PROTOCOL_SMB3_11;
+	options1.signing = SMB_SIGNING_REQUIRED;
+	options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_CMAC,
+		},
+	};
+	options1.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_ENCRYPTION_AES128_CCM,
+		},
+	};
+
+	/* different client guid */
+	options2 = options1;
+	options2.client_guid = GUID_random();
+	options2.only_negprot = true;
+	options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_GMAC,
+		},
+	};
+	options2.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_ENCRYPTION_AES128_GCM,
+		},
+	};
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_NOT_SUPPORTED);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb3sneHtoGs(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials0 = samba_cmdline_get_creds();
+	struct cli_credentials *credentials = NULL;
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+	bool ok;
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 signing negotiation support");
+	}
+
+	credentials = cli_credentials_shallow_copy(tctx, credentials0);
+	torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
+	ok = cli_credentials_set_smb_encryption(credentials,
+						SMB_ENCRYPTION_REQUIRED,
+						CRED_SPECIFIED);
+	torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_11;
+	options1.max_protocol = PROTOCOL_SMB3_11;
+	options1.signing = SMB_SIGNING_REQUIRED;
+	options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_HMAC_SHA256,
+		},
+	};
+	options1.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_ENCRYPTION_AES128_CCM,
+		},
+	};
+
+	/* same client guid */
+	options2 = options1;
+	options2.only_negprot = true;
+	options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_GMAC,
+		},
+	};
+	options2.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_ENCRYPTION_AES128_GCM,
+		},
+	};
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_NOT_SUPPORTED);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb3sneHtoGd(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials0 = samba_cmdline_get_creds();
+	struct cli_credentials *credentials = NULL;
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+	bool ok;
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 signing negotiation support");
+	}
+
+	credentials = cli_credentials_shallow_copy(tctx, credentials0);
+	torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
+	ok = cli_credentials_set_smb_encryption(credentials,
+						SMB_ENCRYPTION_REQUIRED,
+						CRED_SPECIFIED);
+	torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_11;
+	options1.max_protocol = PROTOCOL_SMB3_11;
+	options1.signing = SMB_SIGNING_REQUIRED;
+	options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_HMAC_SHA256,
+		},
+	};
+	options1.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_ENCRYPTION_AES128_CCM,
+		},
+	};
+
+	/* different client guid */
+	options2 = options1;
+	options2.client_guid = GUID_random();
+	options2.only_negprot = true;
+	options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_GMAC,
+		},
+	};
+	options2.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_ENCRYPTION_AES128_GCM,
+		},
+	};
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_NOT_SUPPORTED);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb3signC30toGs(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials0 = samba_cmdline_get_creds();
+	struct cli_credentials *credentials = NULL;
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+	bool ok;
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 signing negotiation support");
+	}
+
+	credentials = cli_credentials_shallow_copy(tctx, credentials0);
+	torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
+	ok = cli_credentials_set_smb_encryption(credentials,
+						SMB_ENCRYPTION_REQUIRED,
+						CRED_SPECIFIED);
+	torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_00;
+	options1.max_protocol = PROTOCOL_SMB3_02;
+	options1.signing = SMB_SIGNING_REQUIRED;
+
+	/* same client guid */
+	options2 = options1;
+	options2.only_negprot = true;
+	options2.min_protocol = PROTOCOL_SMB3_11;
+	options2.max_protocol = PROTOCOL_SMB3_11;
+	options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_GMAC,
+		},
+	};
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_NOT_SUPPORTED);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb3signC30toGd(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials0 = samba_cmdline_get_creds();
+	struct cli_credentials *credentials = NULL;
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+	bool ok;
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 signing negotiation support");
+	}
+
+	credentials = cli_credentials_shallow_copy(tctx, credentials0);
+	torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
+	ok = cli_credentials_set_smb_encryption(credentials,
+						SMB_ENCRYPTION_REQUIRED,
+						CRED_SPECIFIED);
+	torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_00;
+	options1.max_protocol = PROTOCOL_SMB3_02;
+	options1.signing = SMB_SIGNING_REQUIRED;
+
+	/* different client guid */
+	options2 = options1;
+	options2.client_guid = GUID_random();
+	options2.only_negprot = true;
+	options2.min_protocol = PROTOCOL_SMB3_11;
+	options2.max_protocol = PROTOCOL_SMB3_11;
+	options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_GMAC,
+		},
+	};
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_NOT_SUPPORTED);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb3signH2XtoGs(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials0 = samba_cmdline_get_creds();
+	struct cli_credentials *credentials = NULL;
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+	bool ok;
+	bool encrypted;
+
+	encrypted = smb2cli_tcon_is_encryption_on(tree0->smbXcli);
+	if (encrypted) {
+		torture_skip(tctx,
+			     "Can't test SMB 2.10 if encryption is required");
+	}
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 signing negotiation support");
+	}
+
+	credentials = cli_credentials_shallow_copy(tctx, credentials0);
+	torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
+	ok = cli_credentials_set_smb_encryption(credentials,
+						SMB_ENCRYPTION_OFF,
+						CRED_SPECIFIED);
+	torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB2_02;
+	options1.max_protocol = PROTOCOL_SMB2_10;
+	options1.signing = SMB_SIGNING_REQUIRED;
+
+	/* same client guid */
+	options2 = options1;
+	options2.only_negprot = true;
+	options2.min_protocol = PROTOCOL_SMB3_11;
+	options2.max_protocol = PROTOCOL_SMB3_11;
+	options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_GMAC,
+		},
+	};
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_NOT_SUPPORTED);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb3signH2XtoGd(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials0 = samba_cmdline_get_creds();
+	struct cli_credentials *credentials = NULL;
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+	bool ok;
+	bool encrypted;
+
+	encrypted = smb2cli_tcon_is_encryption_on(tree0->smbXcli);
+	if (encrypted) {
+		torture_skip(tctx,
+			     "Can't test SMB 2.10 if encryption is required");
+	}
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 signing negotiation support");
+	}
+
+	credentials = cli_credentials_shallow_copy(tctx, credentials0);
+	torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
+	ok = cli_credentials_set_smb_encryption(credentials,
+						SMB_ENCRYPTION_OFF,
+						CRED_SPECIFIED);
+	torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB2_02;
+	options1.max_protocol = PROTOCOL_SMB2_10;
+	options1.signing = SMB_SIGNING_REQUIRED;
+
+	/* different client guid */
+	options2 = options1;
+	options2.client_guid = GUID_random();
+	options2.only_negprot = true;
+	options2.min_protocol = PROTOCOL_SMB3_11;
+	options2.max_protocol = PROTOCOL_SMB3_11;
+	options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_GMAC,
+		},
+	};
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_NOT_SUPPORTED);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb3signGtoC30s(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials0 = samba_cmdline_get_creds();
+	struct cli_credentials *credentials = NULL;
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+	bool ok;
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 signing negotiation support");
+	}
+
+	credentials = cli_credentials_shallow_copy(tctx, credentials0);
+	torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
+	ok = cli_credentials_set_smb_encryption(credentials,
+						SMB_ENCRYPTION_REQUIRED,
+						CRED_SPECIFIED);
+	torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_11;
+	options1.max_protocol = PROTOCOL_SMB3_11;
+	options1.signing = SMB_SIGNING_REQUIRED;
+	options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_GMAC,
+		},
+	};
+
+	/* same client guid */
+	options2 = options1;
+	options2.only_negprot = true;
+	options2.min_protocol = PROTOCOL_SMB3_00;
+	options2.max_protocol = PROTOCOL_SMB3_02;
+	options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_CMAC,
+		},
+	};
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_REQUEST_OUT_OF_SEQUENCE);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb3signGtoC30d(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials0 = samba_cmdline_get_creds();
+	struct cli_credentials *credentials = NULL;
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+	bool ok;
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 signing negotiation support");
+	}
+
+	credentials = cli_credentials_shallow_copy(tctx, credentials0);
+	torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
+	ok = cli_credentials_set_smb_encryption(credentials,
+						SMB_ENCRYPTION_REQUIRED,
+						CRED_SPECIFIED);
+	torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_11;
+	options1.max_protocol = PROTOCOL_SMB3_11;
+	options1.signing = SMB_SIGNING_REQUIRED;
+	options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_GMAC,
+		},
+	};
+
+	/* different client guid */
+	options2 = options1;
+	options2.client_guid = GUID_random();
+	options2.only_negprot = true;
+	options2.min_protocol = PROTOCOL_SMB3_00;
+	options2.max_protocol = PROTOCOL_SMB3_02;
+	options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_CMAC,
+		},
+	};
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_REQUEST_OUT_OF_SEQUENCE);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb3signGtoH2Xs(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials0 = samba_cmdline_get_creds();
+	struct cli_credentials *credentials = NULL;
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+	bool ok;
+	bool encrypted;
+
+	encrypted = smb2cli_tcon_is_encryption_on(tree0->smbXcli);
+	if (encrypted) {
+		torture_skip(tctx,
+			     "Can't test SMB 2.10 if encryption is required");
+	}
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 signing negotiation support");
+	}
+
+	credentials = cli_credentials_shallow_copy(tctx, credentials0);
+	torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
+	ok = cli_credentials_set_smb_encryption(credentials,
+						SMB_ENCRYPTION_REQUIRED,
+						CRED_SPECIFIED);
+	torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_11;
+	options1.max_protocol = PROTOCOL_SMB3_11;
+	options1.signing = SMB_SIGNING_REQUIRED;
+	options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_GMAC,
+		},
+	};
+
+	/* same client guid */
+	options2 = options1;
+	options2.only_negprot = true;
+	options2.min_protocol = PROTOCOL_SMB2_02;
+	options2.max_protocol = PROTOCOL_SMB2_10;
+	options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_HMAC_SHA256,
+		},
+	};
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_REQUEST_OUT_OF_SEQUENCE);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_bind_negative_smb3signGtoH2Xd(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials0 = samba_cmdline_get_creds();
+	struct cli_credentials *credentials = NULL;
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	struct smbcli_options options2;
+	bool ok;
+	bool encrypted;
+
+	encrypted = smb2cli_tcon_is_encryption_on(tree0->smbXcli);
+	if (encrypted) {
+		torture_skip(tctx,
+			     "Can't test SMB 2.10 if encryption is required");
+	}
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 signing negotiation support");
+	}
+
+	credentials = cli_credentials_shallow_copy(tctx, credentials0);
+	torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
+	ok = cli_credentials_set_smb_encryption(credentials,
+						SMB_ENCRYPTION_REQUIRED,
+						CRED_SPECIFIED);
+	torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_11;
+	options1.max_protocol = PROTOCOL_SMB3_11;
+	options1.signing = SMB_SIGNING_REQUIRED;
+	options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_GMAC,
+		},
+	};
+
+	/* different client guid */
+	options2 = options1;
+	options2.client_guid = GUID_random();
+	options2.only_negprot = true;
+	options2.min_protocol = PROTOCOL_SMB2_02;
+	options2.max_protocol = PROTOCOL_SMB2_10;
+	options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_HMAC_SHA256,
+		},
+	};
+
+	ret = test_session_bind_negative_smbXtoX(tctx, __func__,
+						 credentials,
+						 &options1, &options2,
+						 NT_STATUS_REQUEST_OUT_OF_SEQUENCE);
+	talloc_free(tree0);
+	return ret;
+}
+
+static bool test_session_two_logoff(struct torture_context *tctx,
+				    struct smb2_tree *tree1)
+{
+	NTSTATUS status;
+	bool ret = true;
+	struct smbcli_options transport2_options;
+	struct smb2_tree *tree2 = NULL;
+	struct smb2_session *session2 = NULL;
+	struct smb2_session *session1 = tree1->session;
+	struct smb2_transport *transport1 = tree1->session->transport;
+	struct smb2_transport *transport2;
+	bool ok;
+
+	/* Connect 2nd connection */
+	torture_comment(tctx, "connect tree2 with the same client_guid\n");
+	transport2_options = transport1->options;
+	ok = torture_smb2_connection_ext(tctx, 0, &transport2_options, &tree2);
+	torture_assert(tctx, ok, "couldn't connect tree2\n");
+	transport2 = tree2->session->transport;
+	session2 = tree2->session;
+
+	torture_comment(tctx, "session2: logoff\n");
+	status = smb2_logoff(session2);
+	torture_assert_ntstatus_ok(tctx, status, "session2: logoff");
+	torture_comment(tctx, "transport2: keepalive\n");
+	status = smb2_keepalive(transport2);
+	torture_assert_ntstatus_ok(tctx, status, "transport2: keepalive");
+	torture_comment(tctx, "transport2: disconnect\n");
+	TALLOC_FREE(tree2);
+
+	torture_comment(tctx, "session1: logoff\n");
+	status = smb2_logoff(session1);
+	torture_assert_ntstatus_ok(tctx, status, "session1: logoff");
+	torture_comment(tctx, "transport1: keepalive\n");
+	status = smb2_keepalive(transport1);
+	torture_assert_ntstatus_ok(tctx, status, "transport1: keepalive");
+	torture_comment(tctx, "transport1: disconnect\n");
+	TALLOC_FREE(tree1);
+
+	return ret;
+}
+
+static bool test_session_sign_enc(struct torture_context *tctx,
+				  const char *testname,
+				  struct cli_credentials *credentials1,
+				  const struct smbcli_options *options1)
+{
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *share = torture_setting_string(tctx, "share", NULL);
+	NTSTATUS status;
+	bool ret = false;
+	struct smb2_tree *tree1 = NULL;
+	char fname[256];
+	struct smb2_handle rh = {{0}};
+	struct smb2_handle _h1;
+	struct smb2_handle *h1 = NULL;
+	struct smb2_create io1;
+	union smb_fileinfo qfinfo1;
+	union smb_notify notify;
+	struct smb2_request *req = NULL;
+
+	status = smb2_connect(tctx,
+			      host,
+			      lpcfg_smb_ports(tctx->lp_ctx),
+			      share,
+			      lpcfg_resolve_context(tctx->lp_ctx),
+			      credentials1,
+			      &tree1,
+			      tctx->ev,
+			      options1,
+			      lpcfg_socket_options(tctx->lp_ctx),
+			      lpcfg_gensec_settings(tctx, tctx->lp_ctx)
+			      );
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_connect options1 failed");
+
+	status = smb2_util_roothandle(tree1, &rh);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_roothandle failed");
+
+	/* Add some random component to the file name. */
+	snprintf(fname, sizeof(fname), "%s_%s.dat",
+		 testname, generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree1, fname);
+
+	smb2_oplock_create_share(&io1, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+
+	io1.in.create_options |= NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
+	status = smb2_create(tree1, tctx, &io1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed");
+	_h1 = io1.out.file.handle;
+	h1 = &_h1;
+	CHECK_CREATED(tctx, &io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	torture_assert_int_equal(tctx, io1.out.oplock_level,
+					smb2_util_oplock_level("b"),
+					"oplock_level incorrect");
+
+	/* Check the initial session is still alive */
+	ZERO_STRUCT(qfinfo1);
+	qfinfo1.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
+	qfinfo1.generic.in.file.handle = _h1;
+	status = smb2_getinfo_file(tree1, tctx, &qfinfo1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed");
+
+	/* ask for a change notify,
+	   on file or directory name changes */
+	ZERO_STRUCT(notify);
+	notify.smb2.level = RAW_NOTIFY_SMB2;
+	notify.smb2.in.buffer_size = 1000;
+	notify.smb2.in.completion_filter = FILE_NOTIFY_CHANGE_NAME;
+	notify.smb2.in.file.handle = rh;
+	notify.smb2.in.recursive = true;
+
+	req = smb2_notify_send(tree1, &(notify.smb2));
+	WAIT_FOR_ASYNC_RESPONSE(req);
+
+	status = smb2_cancel(req);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_cancel failed");
+
+	status = smb2_notify_recv(req, tctx, &(notify.smb2));
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_CANCELLED,
+					   ret, done,
+					   "smb2_notify_recv failed");
+
+	/* Check the initial session is still alive */
+	ZERO_STRUCT(qfinfo1);
+	qfinfo1.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
+	qfinfo1.generic.in.file.handle = _h1;
+	status = smb2_getinfo_file(tree1, tctx, &qfinfo1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed");
+
+	ret = true;
+done:
+	if (h1 != NULL) {
+		smb2_util_close(tree1, *h1);
+	}
+	TALLOC_FREE(tree1);
+
+	return ret;
+}
+
+static bool test_session_signing_hmac_sha_256(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials = samba_cmdline_get_creds();
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	bool encrypted;
+
+	encrypted = smb2cli_tcon_is_encryption_on(tree0->smbXcli);
+	if (encrypted) {
+		torture_skip(tctx,
+			     "Can't test signing only if encryption is required");
+	}
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 signing negotiation support");
+	}
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_11;
+	options1.max_protocol = PROTOCOL_SMB3_11;
+	options1.signing = SMB_SIGNING_REQUIRED;
+	options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_HMAC_SHA256,
+		},
+	};
+
+	ret = test_session_sign_enc(tctx,
+				    __func__,
+				    credentials,
+				    &options1);
+	TALLOC_FREE(tree0);
+	return ret;
+}
+
+static bool test_session_signing_aes_128_cmac(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials = samba_cmdline_get_creds();
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	bool encrypted;
+
+	encrypted = smb2cli_tcon_is_encryption_on(tree0->smbXcli);
+	if (encrypted) {
+		torture_skip(tctx,
+			     "Can't test signing only if encryption is required");
+	}
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 signing negotiation support");
+	}
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_11;
+	options1.max_protocol = PROTOCOL_SMB3_11;
+	options1.signing = SMB_SIGNING_REQUIRED;
+	options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_CMAC,
+		},
+	};
+
+	ret = test_session_sign_enc(tctx,
+				    __func__,
+				    credentials,
+				    &options1);
+	TALLOC_FREE(tree0);
+	return ret;
+}
+
+static bool test_session_signing_aes_128_gmac(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials = samba_cmdline_get_creds();
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	bool encrypted;
+
+	encrypted = smb2cli_tcon_is_encryption_on(tree0->smbXcli);
+	if (encrypted) {
+		torture_skip(tctx,
+			     "Can't test signing only if encryption is required");
+	}
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 signing negotiation support");
+	}
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_11;
+	options1.max_protocol = PROTOCOL_SMB3_11;
+	options1.signing = SMB_SIGNING_REQUIRED;
+	options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_SIGNING_AES128_GMAC,
+		},
+	};
+
+	ret = test_session_sign_enc(tctx,
+				    __func__,
+				    credentials,
+				    &options1);
+	TALLOC_FREE(tree0);
+	return ret;
+}
+
+static bool test_session_encryption_aes_128_ccm(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials0 = samba_cmdline_get_creds();
+	struct cli_credentials *credentials = NULL;
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	bool ok;
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 signing negotiation support");
+	}
+
+	credentials = cli_credentials_shallow_copy(tctx, credentials0);
+	torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
+	ok = cli_credentials_set_smb_encryption(credentials,
+						SMB_ENCRYPTION_REQUIRED,
+						CRED_SPECIFIED);
+	torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_11;
+	options1.max_protocol = PROTOCOL_SMB3_11;
+	options1.signing = SMB_SIGNING_REQUIRED;
+	options1.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_ENCRYPTION_AES128_CCM,
+		},
+	};
+
+	ret = test_session_sign_enc(tctx,
+				    __func__,
+				    credentials,
+				    &options1);
+	TALLOC_FREE(tree0);
+	return ret;
+}
+
+static bool test_session_encryption_aes_128_gcm(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials0 = samba_cmdline_get_creds();
+	struct cli_credentials *credentials = NULL;
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	bool ok;
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 signing negotiation support");
+	}
+
+	credentials = cli_credentials_shallow_copy(tctx, credentials0);
+	torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
+	ok = cli_credentials_set_smb_encryption(credentials,
+						SMB_ENCRYPTION_REQUIRED,
+						CRED_SPECIFIED);
+	torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_11;
+	options1.max_protocol = PROTOCOL_SMB3_11;
+	options1.signing = SMB_SIGNING_REQUIRED;
+	options1.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_ENCRYPTION_AES128_GCM,
+		},
+	};
+
+	ret = test_session_sign_enc(tctx,
+				    __func__,
+				    credentials,
+				    &options1);
+	TALLOC_FREE(tree0);
+	return ret;
+}
+
+static bool test_session_encryption_aes_256_ccm(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials0 = samba_cmdline_get_creds();
+	struct cli_credentials *credentials = NULL;
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	bool ok;
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 signing negotiation support");
+	}
+
+	credentials = cli_credentials_shallow_copy(tctx, credentials0);
+	torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
+	ok = cli_credentials_set_smb_encryption(credentials,
+						SMB_ENCRYPTION_REQUIRED,
+						CRED_SPECIFIED);
+	torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_11;
+	options1.max_protocol = PROTOCOL_SMB3_11;
+	options1.signing = SMB_SIGNING_REQUIRED;
+	options1.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_ENCRYPTION_AES256_CCM,
+		},
+	};
+
+	ret = test_session_sign_enc(tctx,
+				    __func__,
+				    credentials,
+				    &options1);
+	TALLOC_FREE(tree0);
+	return ret;
+}
+
+static bool test_session_encryption_aes_256_gcm(struct torture_context *tctx, struct smb2_tree *tree0)
+{
+	struct cli_credentials *credentials0 = samba_cmdline_get_creds();
+	struct cli_credentials *credentials = NULL;
+	bool ret = false;
+	struct smb2_transport *transport0 = tree0->session->transport;
+	struct smbcli_options options1;
+	bool ok;
+
+	if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 support");
+	}
+
+	if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
+		torture_skip(tctx,
+			     "Can't test without SMB 3.1.1 signing negotiation support");
+	}
+
+	credentials = cli_credentials_shallow_copy(tctx, credentials0);
+	torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
+	ok = cli_credentials_set_smb_encryption(credentials,
+						SMB_ENCRYPTION_REQUIRED,
+						CRED_SPECIFIED);
+	torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
+
+	options1 = transport0->options;
+	options1.client_guid = GUID_random();
+	options1.min_protocol = PROTOCOL_SMB3_11;
+	options1.max_protocol = PROTOCOL_SMB3_11;
+	options1.signing = SMB_SIGNING_REQUIRED;
+	options1.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
+		.num_algos = 1,
+		.algos = {
+			SMB2_ENCRYPTION_AES256_GCM,
+		},
+	};
+
+	ret = test_session_sign_enc(tctx,
+				    __func__,
+				    credentials,
+				    &options1);
+	TALLOC_FREE(tree0);
+	return ret;
+}
+
+static bool test_session_ntlmssp_bug14932(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	struct cli_credentials *ntlm_creds =
+		cli_credentials_shallow_copy(tctx, samba_cmdline_get_creds());
+	NTSTATUS status;
+	bool ret = true;
+	/*
+	 * This is a NTLMv2_RESPONSE with the strange
+	 * NTLMv2_CLIENT_CHALLENGE used by the net diag
+	 * tool.
+	 *
+	 * As we expect an error anyway we fill the
+	 * Response part with 0xab...
+	 */
+	static const char *netapp_magic =
+		"\xab\xab\xab\xab\xab\xab\xab\xab"
+		"\xab\xab\xab\xab\xab\xab\xab\xab"
+		"\x01\x01\x00\x00\x00\x00\x00\x00"
+		"\x3f\x3f\x3f\x3f\x3f\x3f\x3f\x3f"
+		"\xb8\x82\x3a\xf1\xb3\xdd\x08\x15"
+		"\x00\x00\x00\x00\x11\xa2\x08\x81"
+		"\x50\x38\x22\x78\x2b\x94\x47\xfe"
+		"\x54\x94\x7b\xff\x17\x27\x5a\xb4"
+		"\xf4\x18\xba\xdc\x2c\x38\xfd\x5b"
+		"\xfb\x0e\xc1\x85\x1e\xcc\x92\xbb"
+		"\x9b\xb1\xc4\xd5\x53\x14\xff\x8c"
+		"\x76\x49\xf5\x45\x90\x19\xa2";
+	DATA_BLOB lm_response = data_blob_talloc_zero(tctx, 24);
+	DATA_BLOB lm_session_key = data_blob_talloc_zero(tctx, 16);
+	DATA_BLOB nt_response = data_blob_const(netapp_magic, 95);
+	DATA_BLOB nt_session_key = data_blob_talloc_zero(tctx, 16);
+
+	cli_credentials_set_kerberos_state(ntlm_creds,
+					   CRED_USE_KERBEROS_DISABLED,
+					   CRED_SPECIFIED);
+	cli_credentials_set_ntlm_response(ntlm_creds,
+					  &lm_response,
+					  &lm_session_key,
+					  &nt_response,
+					  &nt_session_key,
+					  CRED_SPECIFIED);
+	status = smb2_session_setup_spnego(tree->session,
+					   ntlm_creds,
+					   0 /* previous_session_id */);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_INVALID_PARAMETER,
+				      "smb2_session_setup_spnego failed");
+
+	return ret;
+}
+
+struct torture_suite *torture_smb2_session_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite =
+	    torture_suite_create(ctx, "session");
+
+	torture_suite_add_1smb2_test(suite, "reconnect1", test_session_reconnect1);
+	torture_suite_add_1smb2_test(suite, "reconnect2", test_session_reconnect2);
+	torture_suite_add_1smb2_test(suite, "reauth1", test_session_reauth1);
+	torture_suite_add_1smb2_test(suite, "reauth2", test_session_reauth2);
+	torture_suite_add_1smb2_test(suite, "reauth3", test_session_reauth3);
+	torture_suite_add_1smb2_test(suite, "reauth4", test_session_reauth4);
+	torture_suite_add_1smb2_test(suite, "reauth5", test_session_reauth5);
+	torture_suite_add_1smb2_test(suite, "reauth6", test_session_reauth6);
+	torture_suite_add_simple_test(suite, "expire1n", test_session_expire1n);
+	torture_suite_add_simple_test(suite, "expire1s", test_session_expire1s);
+	torture_suite_add_simple_test(suite, "expire1e", test_session_expire1e);
+	torture_suite_add_simple_test(suite, "expire2s", test_session_expire2s);
+	torture_suite_add_simple_test(suite, "expire2e", test_session_expire2e);
+	torture_suite_add_simple_test(suite, "expire_disconnect",
+				      test_session_expire_disconnect);
+	torture_suite_add_1smb2_test(suite, "bind1", test_session_bind1);
+	torture_suite_add_1smb2_test(suite, "bind2", test_session_bind2);
+	torture_suite_add_1smb2_test(suite, "bind_invalid_auth", test_session_bind_invalid_auth);
+	torture_suite_add_1smb2_test(suite, "bind_different_user", test_session_bind_different_user);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb202", test_session_bind_negative_smb202);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb210s", test_session_bind_negative_smb210s);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb210d", test_session_bind_negative_smb210d);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb2to3s", test_session_bind_negative_smb2to3s);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb2to3d", test_session_bind_negative_smb2to3d);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb3to2s", test_session_bind_negative_smb3to2s);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb3to2d", test_session_bind_negative_smb3to2d);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb3to3s", test_session_bind_negative_smb3to3s);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb3to3d", test_session_bind_negative_smb3to3d);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb3encGtoCs", test_session_bind_negative_smb3encGtoCs);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb3encGtoCd", test_session_bind_negative_smb3encGtoCd);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb3signCtoHs", test_session_bind_negative_smb3signCtoHs);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb3signCtoHd", test_session_bind_negative_smb3signCtoHd);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb3signCtoGs", test_session_bind_negative_smb3signCtoGs);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb3signCtoGd", test_session_bind_negative_smb3signCtoGd);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb3signHtoCs", test_session_bind_negative_smb3signHtoCs);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb3signHtoCd", test_session_bind_negative_smb3signHtoCd);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb3signHtoGs", test_session_bind_negative_smb3signHtoGs);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb3signHtoGd", test_session_bind_negative_smb3signHtoGd);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb3signGtoCs", test_session_bind_negative_smb3signGtoCs);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb3signGtoCd", test_session_bind_negative_smb3signGtoCd);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb3signGtoHs", test_session_bind_negative_smb3signGtoHs);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb3signGtoHd", test_session_bind_negative_smb3signGtoHd);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb3sneGtoCs", test_session_bind_negative_smb3sneGtoCs);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb3sneGtoCd", test_session_bind_negative_smb3sneGtoCd);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb3sneGtoHs", test_session_bind_negative_smb3sneGtoHs);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb3sneGtoHd", test_session_bind_negative_smb3sneGtoHd);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb3sneCtoGs", test_session_bind_negative_smb3sneCtoGs);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb3sneCtoGd", test_session_bind_negative_smb3sneCtoGd);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb3sneHtoGs", test_session_bind_negative_smb3sneHtoGs);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb3sneHtoGd", test_session_bind_negative_smb3sneHtoGd);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb3signC30toGs", test_session_bind_negative_smb3signC30toGs);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb3signC30toGd", test_session_bind_negative_smb3signC30toGd);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb3signH2XtoGs", test_session_bind_negative_smb3signH2XtoGs);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb3signH2XtoGd", test_session_bind_negative_smb3signH2XtoGd);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb3signGtoC30s", test_session_bind_negative_smb3signGtoC30s);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb3signGtoC30d", test_session_bind_negative_smb3signGtoC30d);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb3signGtoH2Xs", test_session_bind_negative_smb3signGtoH2Xs);
+	torture_suite_add_1smb2_test(suite, "bind_negative_smb3signGtoH2Xd", test_session_bind_negative_smb3signGtoH2Xd);
+	torture_suite_add_1smb2_test(suite, "two_logoff", test_session_two_logoff);
+	torture_suite_add_1smb2_test(suite, "signing-hmac-sha-256", test_session_signing_hmac_sha_256);
+	torture_suite_add_1smb2_test(suite, "signing-aes-128-cmac", test_session_signing_aes_128_cmac);
+	torture_suite_add_1smb2_test(suite, "signing-aes-128-gmac", test_session_signing_aes_128_gmac);
+	torture_suite_add_1smb2_test(suite, "encryption-aes-128-ccm", test_session_encryption_aes_128_ccm);
+	torture_suite_add_1smb2_test(suite, "encryption-aes-128-gcm", test_session_encryption_aes_128_gcm);
+	torture_suite_add_1smb2_test(suite, "encryption-aes-256-ccm", test_session_encryption_aes_256_ccm);
+	torture_suite_add_1smb2_test(suite, "encryption-aes-256-gcm", test_session_encryption_aes_256_gcm);
+	torture_suite_add_1smb2_test(suite, "ntlmssp_bug14932", test_session_ntlmssp_bug14932);
+
+	suite->description = talloc_strdup(suite, "SMB2-SESSION tests");
+
+	return suite;
+}
+
+static bool test_session_require_sign_bug15397(struct torture_context *tctx,
+					       struct smb2_tree *_tree)
+{
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *share = torture_setting_string(tctx, "share", NULL);
+	struct cli_credentials *_creds = samba_cmdline_get_creds();
+	struct cli_credentials *creds = NULL;
+	struct smbcli_options options;
+	struct smb2_tree *tree = NULL;
+	uint8_t security_mode;
+	NTSTATUS status;
+	bool ok = true;
+
+	/*
+	 * Setup our own connection so we can control the signing flags
+	 */
+
+	creds = cli_credentials_shallow_copy(tctx, _creds);
+	torture_assert(tctx, creds != NULL, "cli_credentials_shallow_copy");
+
+	options = _tree->session->transport->options;
+	options.client_guid = GUID_random();
+	options.signing = SMB_SIGNING_IF_REQUIRED;
+
+	status = smb2_connect(tctx,
+			      host,
+			      lpcfg_smb_ports(tctx->lp_ctx),
+			      share,
+			      lpcfg_resolve_context(tctx->lp_ctx),
+			      creds,
+			      &tree,
+			      tctx->ev,
+			      &options,
+			      lpcfg_socket_options(tctx->lp_ctx),
+			      lpcfg_gensec_settings(tctx, tctx->lp_ctx));
+	torture_assert_ntstatus_ok_goto(tctx, status, ok, done,
+					"smb2_connect failed");
+
+	security_mode = smb2cli_session_security_mode(tree->session->smbXcli);
+
+	torture_assert_int_equal_goto(
+		tctx,
+		security_mode,
+		SMB2_NEGOTIATE_SIGNING_REQUIRED | SMB2_NEGOTIATE_SIGNING_ENABLED,
+		ok,
+		done,
+		"Signing not required");
+
+done:
+	return ok;
+}
+
+struct torture_suite *torture_smb2_session_req_sign_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite =
+	    torture_suite_create(ctx, "session-require-signing");
+
+	torture_suite_add_1smb2_test(suite, "bug15397",
+				     test_session_require_sign_bug15397);
+
+	suite->description = talloc_strdup(suite, "SMB2-SESSION require signing tests");
+	return suite;
+}
diff --git a/source4/torture/smb2/setinfo.c b/source4/torture/smb2/setinfo.c
new file mode 100644
index 0000000..3b01b05
--- /dev/null
+++ b/source4/torture/smb2/setinfo.c
@@ -0,0 +1,410 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   SMB2 setinfo individual test suite
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/time.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+
+#include "torture/torture.h"
+#include "torture/smb2/proto.h"
+
+#include "libcli/security/security.h"
+#include "librpc/gen_ndr/ndr_security.h"
+
+static bool find_returned_ea(union smb_fileinfo *finfo2,
+				const char *eaname,
+				const char *eavalue)
+{
+	unsigned int i;
+	unsigned int num_eas = finfo2->all_eas.out.num_eas;
+	struct ea_struct *eas = finfo2->all_eas.out.eas;
+
+	for (i = 0; i < num_eas; i++) {
+		if (eas[i].name.s == NULL) {
+			continue;
+		}
+		/* Windows capitalizes returned EA names. */
+		if (strcasecmp_m(eas[i].name.s, eaname)) {
+			continue;
+		}
+		if (eavalue == NULL && eas[i].value.length == 0) {
+			/* Null value, found it ! */
+			return true;
+		}
+		if (eas[i].value.length == strlen(eavalue) &&
+				memcmp(eas[i].value.data,
+					eavalue,
+					strlen(eavalue)) == 0) {
+			return true;
+		}
+	}
+	return false;
+}
+
+#define BASEDIR ""
+
+#define FAIL_UNLESS(__cond)					\
+	do {							\
+		if (__cond) {} else {				\
+			torture_result(tctx, TORTURE_FAIL, "%s) condition violated: %s\n",	\
+			       __location__, #__cond);		\
+			ret = false; goto done;			\
+		}						\
+	} while(0)
+
+/* basic testing of all SMB2 setinfo calls 
+   for each call we test that it succeeds, and where possible test 
+   for consistency between the calls. 
+*/
+bool torture_smb2_setinfo(struct torture_context *tctx)
+{
+	struct smb2_tree *tree;
+	bool ret = true;
+	struct smb2_handle handle;
+	char *fname;
+	union smb_fileinfo finfo2;
+	union smb_setfileinfo sfinfo;
+	struct security_ace ace;
+	struct security_descriptor *sd;
+	struct dom_sid *test_sid;
+	NTSTATUS status, status2=NT_STATUS_OK;
+	const char *call_name;
+	time_t basetime = (time(NULL) - 86400) & ~1;
+	int n = time(NULL) % 100;
+	struct ea_struct ea;
+	
+	ZERO_STRUCT(handle);
+	
+	fname = talloc_asprintf(tctx, BASEDIR "fnum_test_%d.txt", n);
+
+	if (!torture_smb2_connection(tctx, &tree)) {
+		return false;
+	}
+
+#define RECREATE_FILE(fname) do { \
+	smb2_util_close(tree, handle); \
+	status = smb2_create_complex_file(tctx, tree, fname, &handle); \
+	if (!NT_STATUS_IS_OK(status)) { \
+		torture_result(tctx, TORTURE_FAIL, "(%s) ERROR: open of %s failed (%s)\n", \
+		       __location__, fname, nt_errstr(status)); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+#define RECREATE_BOTH do { \
+		RECREATE_FILE(fname); \
+	} while (0)
+
+	RECREATE_BOTH;
+	
+#define CHECK_CALL(call, rightstatus) do { \
+	call_name = #call; \
+	sfinfo.generic.level = RAW_SFILEINFO_ ## call; \
+	sfinfo.generic.in.file.handle = handle; \
+	status = smb2_setinfo_file(tree, &sfinfo); \
+	if (!NT_STATUS_EQUAL(status, rightstatus)) { \
+		torture_result(tctx, TORTURE_FAIL, "(%s) %s - %s (should be %s)\n", __location__, #call, \
+			nt_errstr(status), nt_errstr(rightstatus)); \
+		ret = false; \
+		goto done; \
+	} \
+	} while (0)
+
+#define CHECK1(call) \
+	do { if (NT_STATUS_IS_OK(status)) { \
+		finfo2.generic.level = RAW_FILEINFO_ ## call; \
+		finfo2.generic.in.file.handle = handle; \
+		status2 = smb2_getinfo_file(tree, tctx, &finfo2); \
+		if (!NT_STATUS_IS_OK(status2)) { \
+			torture_result(tctx, TORTURE_FAIL, "(%s) %s - %s\n", __location__, #call, nt_errstr(status2)); \
+		ret = false; \
+		goto done; \
+		} \
+	}} while (0)
+
+#define CHECK_VALUE(call, stype, field, value) do { \
+ 	CHECK1(call); \
+	if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(status2) && finfo2.stype.out.field != value) { \
+		torture_result(tctx, TORTURE_FAIL, "(%s) %s - %s/%s should be 0x%x - 0x%x\n", __location__, \
+		       call_name, #stype, #field, \
+		       (unsigned int)value, (unsigned int)finfo2.stype.out.field); \
+		torture_smb2_all_info(tctx, tree, handle); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+#define CHECK_TIME(call, stype, field, value) do { \
+ 	CHECK1(call); \
+	if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(status2) && nt_time_to_unix(finfo2.stype.out.field) != value) { \
+		torture_result(tctx, TORTURE_FAIL, "(%s) %s - %s/%s should be 0x%x - 0x%x\n", __location__, \
+		        call_name, #stype, #field, \
+		        (unsigned int)value, \
+			(unsigned int)nt_time_to_unix(finfo2.stype.out.field)); \
+		torture_warning(tctx, "\t%s", timestring(tctx, value)); \
+		torture_warning(tctx, "\t%s\n", nt_time_string(tctx, finfo2.stype.out.field)); \
+		torture_smb2_all_info(tctx, tree, handle); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+#define CHECK_STATUS(status, correct) do { \
+	if (!NT_STATUS_EQUAL(status, correct)) { \
+		torture_result(tctx, TORTURE_FAIL, "(%s) Incorrect status %s - should be %s\n", \
+		       __location__, nt_errstr(status), nt_errstr(correct)); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+	torture_smb2_all_info(tctx, tree, handle);
+	
+	torture_comment(tctx, "Test basic_information level\n");
+	basetime += 86400;
+	unix_to_nt_time(&sfinfo.basic_info.in.create_time, basetime + 100);
+	unix_to_nt_time(&sfinfo.basic_info.in.access_time, basetime + 200);
+	unix_to_nt_time(&sfinfo.basic_info.in.write_time,  basetime + 300);
+	unix_to_nt_time(&sfinfo.basic_info.in.change_time, basetime + 400);
+	sfinfo.basic_info.in.attrib = FILE_ATTRIBUTE_READONLY;
+	CHECK_CALL(BASIC_INFORMATION, NT_STATUS_OK);
+	CHECK_TIME(SMB2_ALL_INFORMATION, all_info2, create_time, basetime + 100);
+	CHECK_TIME(SMB2_ALL_INFORMATION, all_info2, access_time, basetime + 200);
+	CHECK_TIME(SMB2_ALL_INFORMATION, all_info2, write_time,  basetime + 300);
+	CHECK_TIME(SMB2_ALL_INFORMATION, all_info2, change_time, basetime + 400);
+	CHECK_VALUE(SMB2_ALL_INFORMATION, all_info2, attrib,     FILE_ATTRIBUTE_READONLY);
+
+	torture_comment(tctx, "a zero time means don't change\n");
+	unix_to_nt_time(&sfinfo.basic_info.in.create_time, 0);
+	unix_to_nt_time(&sfinfo.basic_info.in.access_time, 0);
+	unix_to_nt_time(&sfinfo.basic_info.in.write_time,  0);
+	unix_to_nt_time(&sfinfo.basic_info.in.change_time, 0);
+	sfinfo.basic_info.in.attrib = FILE_ATTRIBUTE_NORMAL;
+	CHECK_CALL(BASIC_INFORMATION, NT_STATUS_OK);
+	CHECK_TIME(SMB2_ALL_INFORMATION, all_info2, create_time, basetime + 100);
+	CHECK_TIME(SMB2_ALL_INFORMATION, all_info2, access_time, basetime + 200);
+	CHECK_TIME(SMB2_ALL_INFORMATION, all_info2, write_time,  basetime + 300);
+	CHECK_TIME(SMB2_ALL_INFORMATION, all_info2, change_time, basetime + 400);
+	CHECK_VALUE(SMB2_ALL_INFORMATION, all_info2, attrib,     FILE_ATTRIBUTE_NORMAL);
+
+	torture_comment(tctx, "change the attribute\n");
+	sfinfo.basic_info.in.attrib = FILE_ATTRIBUTE_HIDDEN;
+	CHECK_CALL(BASIC_INFORMATION, NT_STATUS_OK);
+	CHECK_VALUE(SMB2_ALL_INFORMATION, all_info2, attrib, FILE_ATTRIBUTE_HIDDEN);
+
+	torture_comment(tctx, "zero attrib means don't change\n");
+	sfinfo.basic_info.in.attrib = 0;
+	CHECK_CALL(BASIC_INFORMATION, NT_STATUS_OK);
+	CHECK_VALUE(SMB2_ALL_INFORMATION, all_info2, attrib, FILE_ATTRIBUTE_HIDDEN);
+
+	torture_comment(tctx, "can't change a file to a directory\n");
+	sfinfo.basic_info.in.attrib = FILE_ATTRIBUTE_DIRECTORY;
+	CHECK_CALL(BASIC_INFORMATION, NT_STATUS_INVALID_PARAMETER);
+
+	torture_comment(tctx, "restore attribute\n");
+	sfinfo.basic_info.in.attrib = FILE_ATTRIBUTE_NORMAL;
+	CHECK_CALL(BASIC_INFORMATION, NT_STATUS_OK);
+	CHECK_VALUE(SMB2_ALL_INFORMATION, all_info2, attrib, FILE_ATTRIBUTE_NORMAL);
+
+	torture_comment(tctx, "Test disposition_information level\n");
+	sfinfo.disposition_info.in.delete_on_close = 1;
+	CHECK_CALL(DISPOSITION_INFORMATION, NT_STATUS_OK);
+	CHECK_VALUE(SMB2_ALL_INFORMATION, all_info2, delete_pending, 1);
+	CHECK_VALUE(SMB2_ALL_INFORMATION, all_info2, nlink, 0);
+
+	sfinfo.disposition_info.in.delete_on_close = 0;
+	CHECK_CALL(DISPOSITION_INFORMATION, NT_STATUS_OK);
+	CHECK_VALUE(SMB2_ALL_INFORMATION, all_info2, delete_pending, 0);
+	CHECK_VALUE(SMB2_ALL_INFORMATION, all_info2, nlink, 1);
+
+	torture_comment(tctx, "Test allocation_information level\n");
+	sfinfo.allocation_info.in.alloc_size = 0;
+	CHECK_CALL(ALLOCATION_INFORMATION, NT_STATUS_OK);
+	CHECK_VALUE(SMB2_ALL_INFORMATION, all_info2, size, 0);
+	CHECK_VALUE(SMB2_ALL_INFORMATION, all_info2, alloc_size, 0);
+
+	sfinfo.allocation_info.in.alloc_size = 4096;
+	CHECK_CALL(ALLOCATION_INFORMATION, NT_STATUS_OK);
+	CHECK_VALUE(SMB2_ALL_INFORMATION, all_info2, alloc_size, 4096);
+	CHECK_VALUE(SMB2_ALL_INFORMATION, all_info2, size, 0);
+
+	torture_comment(tctx, "Test end_of_file_info level\n");
+	sfinfo.end_of_file_info.in.size = 37;
+	CHECK_CALL(END_OF_FILE_INFORMATION, NT_STATUS_OK);
+	CHECK_VALUE(SMB2_ALL_INFORMATION, all_info2, size, 37);
+
+	sfinfo.end_of_file_info.in.size = 7;
+	CHECK_CALL(END_OF_FILE_INFORMATION, NT_STATUS_OK);
+	CHECK_VALUE(SMB2_ALL_INFORMATION, all_info2, size, 7);
+
+	torture_comment(tctx, "Test position_information level\n");
+	sfinfo.position_information.in.position = 123456;
+	CHECK_CALL(POSITION_INFORMATION, NT_STATUS_OK);
+	CHECK_VALUE(POSITION_INFORMATION, position_information, position, 123456);
+	CHECK_VALUE(SMB2_ALL_INFORMATION, all_info2, position, 123456);
+
+	torture_comment(tctx, "Test mode_information level\n");
+	sfinfo.mode_information.in.mode = 2;
+	CHECK_CALL(MODE_INFORMATION, NT_STATUS_OK);
+	CHECK_VALUE(MODE_INFORMATION, mode_information, mode, 2);
+	CHECK_VALUE(SMB2_ALL_INFORMATION, all_info2, mode, 2);
+
+	sfinfo.mode_information.in.mode = 1;
+	CHECK_CALL(MODE_INFORMATION, NT_STATUS_INVALID_PARAMETER);
+
+	sfinfo.mode_information.in.mode = 0;
+	CHECK_CALL(MODE_INFORMATION, NT_STATUS_OK);
+	CHECK_VALUE(MODE_INFORMATION, mode_information, mode, 0);
+
+	torture_comment(tctx, "Test sec_desc level\n");
+	ZERO_STRUCT(finfo2);
+	finfo2.query_secdesc.in.secinfo_flags =
+		SECINFO_OWNER |
+		SECINFO_GROUP |
+		SECINFO_DACL;
+ 	CHECK1(SEC_DESC);
+	sd = finfo2.query_secdesc.out.sd;
+
+	test_sid = dom_sid_parse_talloc(tctx, SID_NT_AUTHENTICATED_USERS);
+	ZERO_STRUCT(ace);
+	ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
+	ace.flags = 0;
+	ace.access_mask = SEC_STD_ALL;
+	ace.trustee = *test_sid;
+	status = security_descriptor_dacl_add(sd, &ace);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "add a new ACE to the DACL\n");
+
+	sfinfo.set_secdesc.in.secinfo_flags = finfo2.query_secdesc.in.secinfo_flags;
+	sfinfo.set_secdesc.in.sd = sd;
+	CHECK_CALL(SEC_DESC, NT_STATUS_OK);
+	FAIL_UNLESS(smb2_util_verify_sd(tctx, tree, handle, sd));
+
+	torture_comment(tctx, "remove it again\n");
+
+	status = security_descriptor_dacl_del(sd, test_sid);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	sfinfo.set_secdesc.in.secinfo_flags = finfo2.query_secdesc.in.secinfo_flags;
+	sfinfo.set_secdesc.in.sd = sd;
+	CHECK_CALL(SEC_DESC, NT_STATUS_OK);
+	FAIL_UNLESS(smb2_util_verify_sd(tctx, tree, handle, sd));
+
+	torture_comment(tctx, "Check zero length EA's behavior\n");
+
+	/* Set a new EA. */
+	sfinfo.full_ea_information.in.eas.num_eas = 1;
+	ea.flags = 0;
+	ea.name.private_length = 6;
+	ea.name.s = "NewEA";
+	ea.value = data_blob_string_const("testme");
+	sfinfo.full_ea_information.in.eas.eas = &ea;
+	CHECK_CALL(FULL_EA_INFORMATION, NT_STATUS_OK);
+
+	/* Does it still exist ? */
+	finfo2.generic.level = RAW_FILEINFO_SMB2_ALL_EAS;
+	finfo2.generic.in.file.handle = handle;
+	finfo2.all_eas.in.continue_flags = 1;
+	status2 = smb2_getinfo_file(tree, tctx, &finfo2);
+	if (!NT_STATUS_IS_OK(status2)) {
+		torture_result(tctx, TORTURE_FAIL, "(%s) %s - %s\n", __location__,
+			"SMB2_ALL_EAS", nt_errstr(status2));
+		ret = false;
+		goto done;
+	}
+
+	/* Note on Windows EA name is returned capitalized. */
+	if (!find_returned_ea(&finfo2, "NewEA", "testme")) {
+		torture_result(tctx, TORTURE_FAIL, "(%s) Missing EA 'NewEA'\n", __location__);
+		ret = false;
+	}
+
+	/* Now zero it out (should delete it) */
+	sfinfo.full_ea_information.in.eas.num_eas = 1;
+	ea.flags = 0;
+	ea.name.private_length = 6;
+	ea.name.s = "NewEA";
+	ea.value = data_blob_null;
+	sfinfo.full_ea_information.in.eas.eas = &ea;
+	CHECK_CALL(FULL_EA_INFORMATION, NT_STATUS_OK);
+
+	/* Does it still exist ? */
+	finfo2.generic.level = RAW_FILEINFO_SMB2_ALL_EAS;
+	finfo2.generic.in.file.handle = handle;
+	finfo2.all_eas.in.continue_flags = 1;
+	status2 = smb2_getinfo_file(tree, tctx, &finfo2);
+	if (!NT_STATUS_IS_OK(status2)) {
+		torture_result(tctx, TORTURE_FAIL, "(%s) %s - %s\n", __location__,
+			"SMB2_ALL_EAS", nt_errstr(status2));
+		ret = false;
+		goto done;
+	}
+
+	if (find_returned_ea(&finfo2, "NewEA", NULL)) {
+		torture_result(tctx, TORTURE_FAIL, "(%s) EA 'NewEA' should be deleted\n", __location__);
+		ret = false;
+	}
+
+	/* Set a zero length EA. */
+	sfinfo.full_ea_information.in.eas.num_eas = 1;
+	ea.flags = 0;
+	ea.name.private_length = 6;
+	ea.name.s = "ZeroEA";
+	ea.value = data_blob_null;
+	sfinfo.full_ea_information.in.eas.eas = &ea;
+	CHECK_CALL(FULL_EA_INFORMATION, NT_STATUS_OK);
+
+	/* Does it still exist ? */
+	finfo2.generic.level = RAW_FILEINFO_SMB2_ALL_EAS;
+	finfo2.generic.in.file.handle = handle;
+	finfo2.all_eas.in.continue_flags = 1;
+	status2 = smb2_getinfo_file(tree, tctx, &finfo2);
+	if (!NT_STATUS_IS_OK(status2)) {
+		torture_result(tctx, TORTURE_FAIL, "(%s) %s - %s\n", __location__,
+			"SMB2_ALL_EAS", nt_errstr(status2));
+		ret = false;
+		goto done;
+	}
+
+	/* Over SMB2 ZeroEA should not exist. */
+	if (!find_returned_ea(&finfo2, "EAONE", "VALUE1")) {
+		torture_result(tctx, TORTURE_FAIL, "(%s) Missing EA 'EAONE'\n", __location__);
+		ret = false;
+	}
+	if (!find_returned_ea(&finfo2, "SECONDEA", "ValueTwo")) {
+		torture_result(tctx, TORTURE_FAIL, "(%s) Missing EA 'SECONDEA'\n", __location__);
+		ret = false;
+	}
+	if (find_returned_ea(&finfo2, "ZeroEA", NULL)) {
+		torture_result(tctx, TORTURE_FAIL, "(%s) Found null EA 'ZeroEA'\n", __location__);
+		ret = false;
+	}
+
+done:
+	status = smb2_util_close(tree, handle);
+	if (NT_STATUS_IS_ERR(status)) {
+		torture_warning(tctx, "Failed to delete %s - %s\n", fname, nt_errstr(status));
+	}
+	smb2_util_unlink(tree, fname);
+
+	return ret;
+}
+
+
diff --git a/source4/torture/smb2/sharemode.c b/source4/torture/smb2/sharemode.c
new file mode 100644
index 0000000..97381b5
--- /dev/null
+++ b/source4/torture/smb2/sharemode.c
@@ -0,0 +1,755 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   test suite for SMB2 sharemodes
+
+   Copyright (C) Christof Schmitt 2017
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "libcli/security/security.h"
+#include "torture/torture.h"
+#include "torture/smb2/proto.h"
+#include "lib/util/smb_strtox.h"
+#include <tevent.h>
+
+#define BASEDIRHOLD "sharemode_hold_test"
+
+struct hold_sharemode_info {
+	const char *sharemode;
+	const char *filename;
+	struct smb2_handle handle;
+} hold_sharemode_table[] = {
+	{
+		.sharemode = "",
+		.filename  = BASEDIRHOLD "\\N",
+	},
+	{
+		.sharemode = "R",
+		.filename  = BASEDIRHOLD "\\R",
+	},
+	{
+		.sharemode = "W",
+		.filename  = BASEDIRHOLD "\\W",
+	},
+	{
+		.sharemode = "D",
+		.filename  = BASEDIRHOLD "\\D",
+	},
+	{
+		.sharemode = "RW",
+		.filename  = BASEDIRHOLD "\\RW",
+	},
+	{
+		.sharemode = "RD",
+		.filename  = BASEDIRHOLD "\\RD",
+	},
+	{
+		.sharemode = "WD",
+		.filename  = BASEDIRHOLD "\\WD",
+	},
+	{
+		.sharemode = "RWD",
+		.filename  = BASEDIRHOLD "\\RWD",
+	},
+};
+
+static void signal_handler(struct tevent_context *ev,
+			   struct tevent_signal *se,
+			   int signum,
+			   int count,
+			   void *siginfo,
+			   void *private_data)
+{
+	struct torture_context *tctx = private_data;
+
+	torture_comment(tctx, "Received signal %d\n", signum);
+}
+
+/*
+ * Used for manual testing of sharemodes - especially interaction with
+ * other filesystems (such as NFS and local access). The scenario is
+ * that this test holds files open and then concurrent access to the same
+ * files outside of Samba can be tested.
+ */
+bool torture_smb2_hold_sharemode(struct torture_context *tctx)
+{
+	struct tevent_context *ev = tctx->ev;
+	struct smb2_tree *tree = NULL;
+	struct smb2_handle dir_handle;
+	struct tevent_signal *s;
+	NTSTATUS status;
+	bool ret = true;
+	int i;
+
+	if (!torture_smb2_connection(tctx, &tree)) {
+		torture_comment(tctx, "Initializing smb2 connection failed.\n");
+		return false;
+	}
+
+	s = tevent_add_signal(ev, tctx, SIGINT, 0, signal_handler, tctx);
+	torture_assert_not_null_goto(tctx, s, ret, done,
+				     "Error registering signal handler.");
+
+	torture_comment(tctx, "Setting up open files with sharemodes in %s\n",
+			BASEDIRHOLD);
+
+	status = torture_smb2_testdir(tree, BASEDIRHOLD, &dir_handle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"Error creating directory.");
+
+	for (i = 0; i < ARRAY_SIZE(hold_sharemode_table); i++) {
+		struct hold_sharemode_info *info = &hold_sharemode_table[i];
+		struct smb2_create create = { 0 };
+
+		create.in.desired_access = SEC_RIGHTS_FILE_ALL;
+		create.in.alloc_size = 0;
+		create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+		create.in.share_access =
+			smb2_util_share_access(info->sharemode);
+		create.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+		create.in.create_options = 0;
+		create.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+		create.in.security_flags = 0;
+		create.in.fname = info->filename;
+		create.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+		create.in.oplock_level = SMB2_OPLOCK_LEVEL_NONE;
+
+		torture_comment(tctx, "opening %s\n", info->filename);
+
+		status = smb2_create(tree, tctx, &create);
+
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"CREATE file failed\n");
+
+		info->handle = create.out.file.handle;
+	}
+
+	torture_comment(tctx, "Waiting for SIGINT (ctrl-c)\n");
+	tevent_loop_wait(ev);
+
+	torture_comment(tctx, "Closing and deleting files\n");
+
+	for (i = 0; i < ARRAY_SIZE(hold_sharemode_table); i++) {
+		struct hold_sharemode_info *info = &hold_sharemode_table[i];
+
+		union smb_setfileinfo sfinfo = { };
+
+		sfinfo.disposition_info.in.delete_on_close = 1;
+		sfinfo.generic.level = RAW_SFILEINFO_DISPOSITION_INFORMATION;
+		sfinfo.generic.in.file.handle = info->handle;
+		status = smb2_setinfo_file(tree, &sfinfo);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"SETINFO failed\n");
+
+		status = smb2_util_close(tree, info->handle);
+		if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+			torture_comment(tctx, "File %s not found, could have "
+					"been deleted outside of SMB\n",
+					info->filename);
+			continue;
+		}
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"CLOSE failed\n");
+}
+
+done:
+	smb2_deltree(tree, BASEDIRHOLD);
+	return ret;
+}
+
+/*
+ * Used for manual testing of sharemodes, especially interaction with
+ * file systems that can enforce sharemodes. The scenario here is that
+ * a file is already open outside of Samba with a sharemode and this
+ * can be used to test accessing the same file from Samba.
+ */
+bool torture_smb2_check_sharemode(struct torture_context *tctx)
+{
+	const char *sharemode_string, *access_string, *filename, *operation;
+	uint32_t sharemode, access;
+	struct smb2_tree *tree;
+	struct smb2_create create = { 0 };
+	NTSTATUS status;
+	bool ret = true;
+	int error = 0;
+
+	sharemode_string = torture_setting_string(tctx, "sharemode", "RWD");
+	sharemode = smb2_util_share_access(sharemode_string);
+
+	access_string = torture_setting_string(tctx, "access", "0xf01ff");
+	access = smb_strtoul(access_string, NULL, 0, &error, SMB_STR_STANDARD);
+	if (error != 0) {
+		torture_comment(tctx, "Initializing access failed.\n");
+		return false;
+	}
+
+	filename = torture_setting_string(tctx, "filename", "testfile");
+	operation = torture_setting_string(tctx, "operation", "WD");
+
+	if (!torture_smb2_connection(tctx, &tree)) {
+		torture_comment(tctx, "Initializing smb2 connection failed.\n");
+		return false;
+	}
+
+	create.in.desired_access = access;
+	create.in.alloc_size = 0;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.share_access = sharemode;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	create.in.create_options = 0;
+	create.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	create.in.security_flags = 0;
+	create.in.fname = filename;
+	create.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+	create.in.oplock_level = SMB2_OPLOCK_LEVEL_NONE;
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"CREATE failed\n");
+
+	if (strchr(operation, 'R')) {
+		struct smb2_read read = { 0 };
+
+		read.in.file.handle = create.out.file.handle;
+		read.in.offset = 0;
+		read.in.length = 1;
+
+		status = smb2_read(tree, tctx, &read);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"READ failed\n");
+	}
+
+	if (strchr(operation, 'W')) {
+		char buf[1];
+		status = smb2_util_write(tree, create.out.file.handle,
+					 &buf, 0, sizeof(buf));
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"WRITE failed\n");
+	}
+
+	if (strchr(operation, 'D')) {
+		union smb_setfileinfo sfinfo = { };
+
+		sfinfo.disposition_info.in.delete_on_close = 1;
+		sfinfo.generic.level = RAW_SFILEINFO_DISPOSITION_INFORMATION;
+		sfinfo.generic.in.file.handle = create.out.file.handle;
+
+		status = smb2_setinfo_file(tree, &sfinfo);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"SETINFO failed\n");
+
+		status = smb2_util_close(tree, create.out.file.handle);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"CLOSE failed\n");
+	}
+
+done:
+	return ret;
+}
+
+struct sharemode_info {
+	const char *sharemode;
+	uint32_t access_mask;
+	bool expect_ok;
+} sharemode_table[] = {
+
+	/*
+	 * Basic tests, check each permission bit against every
+	 * possible sharemode combination.
+	 */
+
+	{ "R",	 SEC_FILE_READ_DATA,		true,	},
+	{ "R",	 SEC_FILE_WRITE_DATA,		false,	},
+	{ "R",	 SEC_FILE_APPEND_DATA,		false,	},
+	{ "R",	 SEC_FILE_READ_EA,		true,	},
+	{ "R",	 SEC_FILE_WRITE_EA,		true,	},
+	{ "R",	 SEC_FILE_EXECUTE,		true,	},
+	{ "R",	 SEC_FILE_READ_ATTRIBUTE,	true,	},
+	{ "R",	 SEC_FILE_WRITE_ATTRIBUTE,	true,	},
+	{ "R",	 SEC_STD_DELETE,		false,	},
+	{ "R",	 SEC_STD_READ_CONTROL,		true,	},
+	{ "R",	 SEC_STD_WRITE_DAC,		true,	},
+	{ "R",	 SEC_STD_WRITE_OWNER,		true,	},
+	{ "R",	 SEC_STD_SYNCHRONIZE,		true,	},
+
+	{ "W",	 SEC_FILE_READ_DATA,		false	},
+	{ "W",	 SEC_FILE_WRITE_DATA,		true,	},
+	{ "W",	 SEC_FILE_APPEND_DATA,		true,	},
+	{ "W",	 SEC_FILE_READ_EA,		true,	},
+	{ "W",	 SEC_FILE_WRITE_EA,		true,	},
+	{ "W",	 SEC_FILE_EXECUTE,		false,	},
+	{ "W",	 SEC_FILE_READ_ATTRIBUTE,	true,	},
+	{ "W",	 SEC_FILE_WRITE_ATTRIBUTE,	true,	},
+	{ "W",	 SEC_STD_DELETE,		false,	},
+	{ "W",	 SEC_STD_READ_CONTROL,		true,	},
+	{ "W",	 SEC_STD_WRITE_DAC,		true,	},
+	{ "W",	 SEC_STD_WRITE_OWNER,		true,	},
+	{ "W",	 SEC_STD_SYNCHRONIZE,		true,	},
+
+	{ "D",	 SEC_FILE_READ_DATA,		false	},
+	{ "D",	 SEC_FILE_WRITE_DATA,		false	},
+	{ "D",	 SEC_FILE_APPEND_DATA,		false	},
+	{ "D",	 SEC_FILE_READ_EA,		true,	},
+	{ "D",	 SEC_FILE_WRITE_EA,		true,	},
+	{ "D",	 SEC_FILE_EXECUTE,		false,	},
+	{ "D",	 SEC_FILE_READ_ATTRIBUTE,	true,	},
+	{ "D",	 SEC_FILE_WRITE_ATTRIBUTE,	true,	},
+	{ "D",	 SEC_STD_DELETE,		true,	},
+	{ "D",	 SEC_STD_READ_CONTROL,		true,	},
+	{ "D",	 SEC_STD_WRITE_DAC,		true,	},
+	{ "D",	 SEC_STD_WRITE_OWNER,		true,	},
+	{ "D",	 SEC_STD_SYNCHRONIZE,		true,	},
+
+	{ "RW",  SEC_FILE_READ_DATA,		true,	},
+	{ "RW",  SEC_FILE_WRITE_DATA,		true,	},
+	{ "RW",  SEC_FILE_APPEND_DATA,		true,	},
+	{ "RW",  SEC_FILE_READ_EA,		true,	},
+	{ "RW",  SEC_FILE_WRITE_EA,		true,	},
+	{ "RW",  SEC_FILE_EXECUTE,		true,	},
+	{ "RW",  SEC_FILE_READ_ATTRIBUTE,	true,	},
+	{ "RW",  SEC_FILE_WRITE_ATTRIBUTE,	true,	},
+	{ "RW",  SEC_STD_DELETE,		false,	},
+	{ "RW",  SEC_STD_READ_CONTROL,		true,	},
+	{ "RW",  SEC_STD_WRITE_DAC,		true,	},
+	{ "RW",  SEC_STD_WRITE_OWNER,		true,	},
+	{ "RW",  SEC_STD_SYNCHRONIZE,		true,	},
+
+	{ "RD",  SEC_FILE_READ_DATA,		true,	},
+	{ "RD",  SEC_FILE_WRITE_DATA,		false,	},
+	{ "RD",  SEC_FILE_APPEND_DATA,		false,	},
+	{ "RD",  SEC_FILE_READ_EA,		true,	},
+	{ "RD",  SEC_FILE_WRITE_EA,		true,	},
+	{ "RD",  SEC_FILE_EXECUTE,		true,	},
+	{ "RD",  SEC_FILE_READ_ATTRIBUTE,	true,	},
+	{ "RD",  SEC_FILE_WRITE_ATTRIBUTE,	true,	},
+	{ "RD",  SEC_STD_DELETE,		true,	},
+	{ "RD",  SEC_STD_READ_CONTROL,		true,	},
+	{ "RD",  SEC_STD_WRITE_DAC,		true,	},
+	{ "RD",  SEC_STD_WRITE_OWNER,		true,	},
+	{ "RD",  SEC_STD_SYNCHRONIZE,		true,	},
+
+	{ "WD",  SEC_FILE_READ_DATA,		false	},
+	{ "WD",  SEC_FILE_WRITE_DATA,		true,	},
+	{ "WD",  SEC_FILE_APPEND_DATA,		true,	},
+	{ "WD",  SEC_FILE_READ_EA,		true	},
+	{ "WD",  SEC_FILE_WRITE_EA,		true,	},
+	{ "WD",  SEC_FILE_EXECUTE,		false	},
+	{ "WD",  SEC_FILE_READ_ATTRIBUTE,	true,	},
+	{ "WD",  SEC_FILE_WRITE_ATTRIBUTE,	true,	},
+	{ "WD",  SEC_STD_DELETE,		true,	},
+	{ "WD",  SEC_STD_READ_CONTROL,		true,	},
+	{ "WD",  SEC_STD_WRITE_DAC,		true,	},
+	{ "WD",  SEC_STD_WRITE_OWNER,		true,	},
+	{ "WD",  SEC_STD_SYNCHRONIZE,		true,	},
+
+	{ "RWD",  SEC_FILE_READ_DATA,		true	},
+	{ "RWD",  SEC_FILE_WRITE_DATA,		true,	},
+	{ "RWD",  SEC_FILE_APPEND_DATA,	true,	},
+	{ "RWD",  SEC_FILE_READ_EA,		true	},
+	{ "RWD",  SEC_FILE_WRITE_EA,		true,	},
+	{ "RWD",  SEC_FILE_EXECUTE,		true,	},
+	{ "RWD",  SEC_FILE_READ_ATTRIBUTE,	true,	},
+	{ "RWD",  SEC_FILE_WRITE_ATTRIBUTE,	true,	},
+	{ "RWD",  SEC_STD_DELETE,		true,	},
+	{ "RWD",  SEC_STD_READ_CONTROL,	true,	},
+	{ "RWD",  SEC_STD_WRITE_DAC,		true,	},
+	{ "RWD",  SEC_STD_WRITE_OWNER,		true,	},
+	{ "RWD",  SEC_STD_SYNCHRONIZE,		 true,  },
+
+	/*
+	 * Some more interesting cases. Always request READ or WRITE
+	 * access, as that will trigger the opening of a file
+	 * description in Samba. This especially useful for file
+	 * systems that enforce share modes on open file descriptors.
+	 */
+
+	{ "R",	 SEC_FILE_READ_DATA,				true,	},
+	{ "R",	 SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA,	false,	},
+	{ "R",	 SEC_FILE_READ_DATA|SEC_FILE_APPEND_DATA,	false,	},
+	{ "R",	 SEC_FILE_READ_DATA|SEC_FILE_READ_EA,		true,	},
+	{ "R",	 SEC_FILE_READ_DATA|SEC_FILE_WRITE_EA,		true,	},
+	{ "R",	 SEC_FILE_READ_DATA|SEC_FILE_EXECUTE,		true,	},
+	{ "R",	 SEC_FILE_READ_DATA|SEC_FILE_READ_ATTRIBUTE,	true,	},
+	{ "R",	 SEC_FILE_READ_DATA|SEC_FILE_WRITE_ATTRIBUTE,	true,	},
+	{ "R",	 SEC_FILE_READ_DATA|SEC_STD_DELETE,		false,	},
+	{ "R",	 SEC_FILE_READ_DATA|SEC_STD_READ_CONTROL,	true,	},
+	{ "R",	 SEC_FILE_READ_DATA|SEC_STD_WRITE_DAC,		true,	},
+	{ "R",	 SEC_FILE_READ_DATA|SEC_STD_WRITE_OWNER,	true,	},
+	{ "R",	 SEC_FILE_READ_DATA|SEC_STD_SYNCHRONIZE,	true,	},
+
+	{ "W",	 SEC_FILE_WRITE_DATA|SEC_FILE_READ_DATA,	false,	},
+	{ "W",	 SEC_FILE_WRITE_DATA,				true,	},
+	{ "W",	 SEC_FILE_WRITE_DATA|SEC_FILE_APPEND_DATA,	true,	},
+	{ "W",	 SEC_FILE_WRITE_DATA|SEC_FILE_READ_EA,		true,	},
+	{ "W",	 SEC_FILE_WRITE_DATA|SEC_FILE_WRITE_EA,	true,	},
+	{ "W",	 SEC_FILE_WRITE_DATA|SEC_FILE_EXECUTE,		false,	},
+	{ "W",	 SEC_FILE_WRITE_DATA|SEC_FILE_READ_ATTRIBUTE,	true,	},
+	{ "W",	 SEC_FILE_WRITE_DATA|SEC_FILE_WRITE_ATTRIBUTE,	true,	},
+	{ "W",	 SEC_FILE_WRITE_DATA|SEC_STD_DELETE,		false,	},
+	{ "W",	 SEC_FILE_WRITE_DATA|SEC_STD_READ_CONTROL,	true,	},
+	{ "W",	 SEC_FILE_WRITE_DATA|SEC_STD_WRITE_DAC,	true,	},
+	{ "W",	 SEC_FILE_WRITE_DATA|SEC_STD_WRITE_OWNER,	true,	},
+	{ "W",	 SEC_FILE_WRITE_DATA|SEC_STD_SYNCHRONIZE,	true,	},
+
+	{ "RW",  SEC_FILE_READ_DATA,				true,	},
+	{ "RW",  SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA,	true,	},
+	{ "RW",  SEC_FILE_READ_DATA|SEC_FILE_APPEND_DATA,	true,	},
+	{ "RW",  SEC_FILE_READ_DATA|SEC_FILE_READ_EA,		true,	},
+	{ "RW",  SEC_FILE_READ_DATA|SEC_FILE_WRITE_EA,		true,	},
+	{ "RW",  SEC_FILE_READ_DATA|SEC_FILE_EXECUTE,		true,	},
+	{ "RW",  SEC_FILE_READ_DATA|SEC_FILE_READ_ATTRIBUTE,	true,	},
+	{ "RW",  SEC_FILE_READ_DATA|SEC_FILE_WRITE_ATTRIBUTE,	true,	},
+	{ "RW",  SEC_FILE_READ_DATA|SEC_STD_DELETE,		false,	},
+	{ "RW",  SEC_FILE_READ_DATA|SEC_STD_READ_CONTROL,	true,	},
+	{ "RW",  SEC_FILE_READ_DATA|SEC_STD_WRITE_DAC,		true,	},
+	{ "RW",  SEC_FILE_READ_DATA|SEC_STD_WRITE_OWNER,	true,	},
+	{ "RW",  SEC_FILE_READ_DATA|SEC_STD_SYNCHRONIZE,	true,	},
+
+	{ "RD",  SEC_FILE_READ_DATA,				true,	},
+	{ "RD",  SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA,	false,	},
+	{ "RD",  SEC_FILE_READ_DATA|SEC_FILE_APPEND_DATA,	false,	},
+	{ "RD",  SEC_FILE_READ_DATA|SEC_FILE_READ_EA,		true	},
+	{ "RD",  SEC_FILE_READ_DATA|SEC_FILE_WRITE_EA,		true,	},
+	{ "RD",  SEC_FILE_READ_DATA|SEC_FILE_EXECUTE,		true,	},
+	{ "RD",  SEC_FILE_READ_DATA|SEC_FILE_READ_ATTRIBUTE,	true,	},
+	{ "RD",  SEC_FILE_READ_DATA|SEC_FILE_WRITE_ATTRIBUTE,	true,	},
+	{ "RD",  SEC_FILE_READ_DATA|SEC_STD_DELETE,		true,	},
+	{ "RD",  SEC_FILE_READ_DATA|SEC_STD_READ_CONTROL,	true,	},
+	{ "RD",  SEC_FILE_READ_DATA|SEC_STD_WRITE_DAC,		true,	},
+	{ "RD",  SEC_FILE_READ_DATA|SEC_STD_WRITE_OWNER,	true,	},
+	{ "RD",  SEC_FILE_READ_DATA|SEC_STD_SYNCHRONIZE,	true,	},
+
+	{ "WD",  SEC_FILE_WRITE_DATA|SEC_FILE_READ_DATA,	false	},
+	{ "WD",  SEC_FILE_WRITE_DATA,				true,	},
+	{ "WD",  SEC_FILE_WRITE_DATA|SEC_FILE_APPEND_DATA,	true,	},
+	{ "WD",  SEC_FILE_WRITE_DATA|SEC_FILE_READ_EA,		true	},
+	{ "WD",  SEC_FILE_WRITE_DATA|SEC_FILE_WRITE_EA,	true,	},
+	{ "WD",  SEC_FILE_WRITE_DATA|SEC_FILE_EXECUTE,		false	},
+	{ "WD",  SEC_FILE_WRITE_DATA|SEC_FILE_READ_ATTRIBUTE,	true,	},
+	{ "WD",  SEC_FILE_WRITE_DATA|SEC_FILE_WRITE_ATTRIBUTE,	true,	},
+	{ "WD",  SEC_FILE_WRITE_DATA|SEC_STD_DELETE,		true,	},
+	{ "WD",  SEC_FILE_WRITE_DATA|SEC_STD_READ_CONTROL,	true,	},
+	{ "WD",  SEC_FILE_WRITE_DATA|SEC_STD_WRITE_DAC,	true,	},
+	{ "WD",  SEC_FILE_WRITE_DATA|SEC_STD_WRITE_OWNER,	true,	},
+	{ "WD",  SEC_FILE_WRITE_DATA|SEC_STD_SYNCHRONIZE,	true,	},
+
+	{ "RWD", SEC_FILE_READ_DATA,				true	},
+	{ "RWD", SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA,	true,	},
+	{ "RWD", SEC_FILE_READ_DATA|SEC_FILE_APPEND_DATA,	true,	},
+	{ "RWD", SEC_FILE_READ_DATA|SEC_FILE_READ_EA,		true,	},
+	{ "RWD", SEC_FILE_READ_DATA|SEC_FILE_WRITE_EA,		true,	},
+	{ "RWD", SEC_FILE_READ_DATA|SEC_FILE_EXECUTE,		true,	},
+	{ "RWD", SEC_FILE_READ_DATA|SEC_FILE_READ_ATTRIBUTE,	true,	},
+	{ "RWD", SEC_FILE_READ_DATA|SEC_FILE_WRITE_ATTRIBUTE,	true,	},
+	{ "RWD", SEC_FILE_READ_DATA|SEC_STD_DELETE,		true,	},
+	{ "RWD", SEC_FILE_READ_DATA|SEC_STD_READ_CONTROL,	true,	},
+	{ "RWD", SEC_FILE_READ_DATA|SEC_STD_WRITE_DAC,		true,	},
+	{ "RWD", SEC_FILE_READ_DATA|SEC_STD_WRITE_OWNER,	true,	},
+	{ "RWD", SEC_FILE_READ_DATA|SEC_STD_SYNCHRONIZE,	true,	},
+};
+
+/*
+ * Test conflicting sharemodes through SMB2: First open takes a
+ * sharemode, second open with potentially conflicting access.
+ */
+static bool test_smb2_sharemode_access(struct torture_context *tctx,
+				       struct smb2_tree *tree1,
+				       struct smb2_tree *tree2)
+{
+	const char *fname = "test_sharemode";
+	NTSTATUS status;
+	bool ret = true;
+	int i;
+
+	for (i = 0; i < ARRAY_SIZE(sharemode_table); i++) {
+		struct sharemode_info *info = &sharemode_table[i];
+		struct smb2_create create1 = { 0 }, create2 = { 0 };
+		NTSTATUS expected_status;
+
+		torture_comment(tctx, "index %3d, sharemode %3s, "
+				"access mask 0x%06x\n",
+				i, info->sharemode, info->access_mask);
+
+		create1.in.desired_access = SEC_RIGHTS_FILE_ALL;
+		create1.in.alloc_size = 0;
+		create1.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+		create1.in.share_access =
+			smb2_util_share_access(info->sharemode);
+		create1.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+		create1.in.create_options = 0;
+		create1.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+		create1.in.fname = fname;
+		create1.in.security_flags = 0;
+		create1.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+		create1.in.oplock_level = SMB2_OPLOCK_LEVEL_NONE;
+
+		status = smb2_create(tree1, tctx, &create1);
+
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"CREATE file failed\n");
+
+		create2.in.desired_access = info->access_mask;
+		create2.in.alloc_size = 0;
+		create2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+		create2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+			NTCREATEX_SHARE_ACCESS_WRITE |
+			NTCREATEX_SHARE_ACCESS_DELETE;
+		create2.in.create_disposition = NTCREATEX_DISP_OPEN;
+		create2.in.create_options = 0;
+		create2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+		create2.in.fname = fname;
+		create2.in.security_flags = 0;
+		create2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+		create2.in.oplock_level = SMB2_OPLOCK_LEVEL_NONE;
+
+		status = smb2_create(tree2, tctx, &create2);
+		expected_status = info->expect_ok ?
+			NT_STATUS_OK : NT_STATUS_SHARING_VIOLATION;
+		torture_assert_ntstatus_equal_goto(tctx, status,
+						   expected_status, ret,
+						   done, "Unexpected status on "
+						   "second create.\n");
+
+		status = smb2_util_close(tree1, create1.out.file.handle);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"Failed to close "
+						"first handle.\n");
+
+		if (info->expect_ok) {
+			status = smb2_util_close(tree2, create2.out.file.handle);
+			torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+							"Failed to close  "
+							"second handle.\n");
+		}
+	}
+
+done:
+	smb2_util_unlink(tree1, fname);
+	return ret;
+}
+
+/*
+ * Test conflicting sharemodes through SMB2: First open file with
+ * different access masks, second open requests potentially conflicting
+ * sharemode.
+ */
+static bool test_smb2_access_sharemode(struct torture_context *tctx,
+				       struct smb2_tree *tree1,
+				       struct smb2_tree *tree2)
+{
+	const char *fname = "test_sharemode";
+	NTSTATUS status;
+	bool ret = true;
+	int i;
+
+	for (i = 0; i < ARRAY_SIZE(sharemode_table); i++) {
+		struct sharemode_info *info = &sharemode_table[i];
+		struct smb2_create create1 = { 0 }, create2 = { 0 };
+		NTSTATUS expected_status;
+
+		torture_comment(tctx, "index %3d, access mask 0x%06x, "
+				"sharemode %3s\n",
+				i, info->access_mask, info->sharemode);
+
+		create1.in.desired_access = info->access_mask;
+		create1.in.alloc_size = 0;
+		create1.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+		create1.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+			NTCREATEX_SHARE_ACCESS_WRITE |
+			NTCREATEX_SHARE_ACCESS_DELETE;
+		create1.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+		create1.in.create_options = 0;
+		create1.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+		create1.in.fname = fname;
+		create1.in.security_flags = 0;
+		create1.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+		create1.in.oplock_level = SMB2_OPLOCK_LEVEL_NONE;
+
+		status = smb2_create(tree1, tctx, &create1);
+
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"CREATE file failed\n");
+
+		create2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+		create2.in.alloc_size = 0;
+		create2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+		create2.in.share_access =
+			smb2_util_share_access(info->sharemode);
+		create2.in.create_disposition = NTCREATEX_DISP_OPEN;
+		create2.in.create_options = 0;
+		create2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+		create2.in.fname = fname;
+		create2.in.security_flags = 0;
+		create2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+		create2.in.oplock_level = SMB2_OPLOCK_LEVEL_NONE;
+
+		status = smb2_create(tree2, tctx, &create2);
+
+		expected_status = info->expect_ok ?
+			NT_STATUS_OK : NT_STATUS_SHARING_VIOLATION;
+		torture_assert_ntstatus_equal_goto(tctx, status,
+						   expected_status, ret,
+						   done, "Unexpected status on "
+						   "second create.\n");
+
+		status = smb2_util_close(tree1, create1.out.file.handle);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"Failed to close "
+						"first handle.\n");
+
+		if (info->expect_ok) {
+			status = smb2_util_close(tree2, create2.out.file.handle);
+			torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+							"Failed to close "
+							"second handle.\n");
+		}
+	}
+
+done:
+	smb2_util_unlink(tree1, fname);
+	return ret;
+}
+
+/*
+ * Test initial stat open with share nothing doesn't trigger SHARING_VIOLTION
+ * errors.
+ */
+static bool test_smb2_bug14375(struct torture_context *tctx,
+			       struct smb2_tree *tree)
+{
+	const char *fname = "test_bug14375";
+	struct smb2_create cr1;
+	struct smb2_create cr2;
+	struct smb2_create cr3;
+	NTSTATUS status;
+	bool ret = true;
+
+	smb2_util_unlink(tree, fname);
+
+	cr1 = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_READ_ATTRIBUTE,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_NONE,
+		.in.create_disposition = NTCREATEX_DISP_CREATE,
+		.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS,
+		.in.fname = fname,
+	};
+
+	status = smb2_create(tree, tctx, &cr1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"CREATE file failed\n");
+
+	cr2 = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_READ_DATA,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS,
+		.in.fname = fname,
+	};
+
+	status = smb2_create(tree, tctx, &cr2);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"CREATE file failed\n");
+
+	cr3 = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_READ_DATA,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS,
+		.in.fname = fname,
+	};
+
+	status = smb2_create(tree, tctx, &cr3);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"CREATE file failed\n");
+
+	status = smb2_util_close(tree, cr1.out.file.handle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"CLOSE file failed\n");
+	status = smb2_util_close(tree, cr2.out.file.handle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"CLOSE file failed\n");
+	status = smb2_util_close(tree, cr3.out.file.handle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"CLOSE file failed\n");
+
+	cr1 = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_READ_DATA,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS,
+		.in.fname = fname,
+	};
+
+	status = smb2_create(tree, tctx, &cr1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"CREATE file failed\n");
+
+	cr2 = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_READ_ATTRIBUTE,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_NONE,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS,
+		.in.fname = fname,
+	};
+
+	status = smb2_create(tree, tctx, &cr2);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"CREATE file failed\n");
+
+	cr3 = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_READ_DATA,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS,
+		.in.fname = fname,
+	};
+
+	status = smb2_create(tree, tctx, &cr3);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"CREATE file failed\n");
+
+done:
+	smb2_util_close(tree, cr1.out.file.handle);
+	smb2_util_close(tree, cr2.out.file.handle);
+	smb2_util_close(tree, cr3.out.file.handle);
+	smb2_util_unlink(tree, fname);
+	return ret;
+}
+
+struct torture_suite *torture_smb2_sharemode_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "sharemode");
+
+	torture_suite_add_2smb2_test(suite, "sharemode-access",
+				     test_smb2_sharemode_access);
+	torture_suite_add_2smb2_test(suite, "access-sharemode",
+				     test_smb2_access_sharemode);
+	torture_suite_add_1smb2_test(suite, "bug14375",
+				     test_smb2_bug14375);
+
+	suite->description = talloc_strdup(suite, "SMB2-SHAREMODE tests");
+
+	return suite;
+}
diff --git a/source4/torture/smb2/smb2.c b/source4/torture/smb2/smb2.c
new file mode 100644
index 0000000..5b6477e
--- /dev/null
+++ b/source4/torture/smb2/smb2.c
@@ -0,0 +1,230 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB torture tester
+   Copyright (C) Jelmer Vernooij 2006
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+
+#include "torture/smbtorture.h"
+#include "torture/smb2/proto.h"
+#include "../lib/util/dlinklist.h"
+
+static bool wrap_simple_1smb2_test(struct torture_context *torture_ctx,
+				   struct torture_tcase *tcase,
+				   struct torture_test *test)
+{
+	bool (*fn) (struct torture_context *, struct smb2_tree *);
+	bool ret;
+	struct smb2_tree *tree1;
+	TALLOC_CTX *mem_ctx = talloc_new(torture_ctx);
+
+	if (!torture_smb2_connection(torture_ctx, &tree1)) {
+		torture_fail(torture_ctx,
+			    "Establishing SMB2 connection failed\n");
+		return false;
+	}
+
+	/*
+	 * This is a trick:
+	 * The test might close the connection. If we steal the tree context
+	 * before that and free the parent instead of tree directly, we avoid
+	 * a double free error.
+	 */
+	talloc_steal(mem_ctx, tree1);
+
+	fn = test->fn;
+
+	ret = fn(torture_ctx, tree1);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+struct torture_test *torture_suite_add_1smb2_test(struct torture_suite *suite,
+						  const char *name,
+						  bool (*run)(struct torture_context *,
+							      struct smb2_tree *))
+{
+	struct torture_test *test;
+	struct torture_tcase *tcase;
+
+	tcase = torture_suite_add_tcase(suite, name);
+
+	test = talloc(tcase, struct torture_test);
+
+	test->name = talloc_strdup(test, name);
+	test->description = NULL;
+	test->run = wrap_simple_1smb2_test;
+	test->fn = run;
+	test->dangerous = false;
+
+	DLIST_ADD_END(tcase->tests, test);
+
+	return test;
+}
+
+
+static bool wrap_simple_2smb2_test(struct torture_context *torture_ctx,
+				   struct torture_tcase *tcase,
+				   struct torture_test *test)
+{
+	bool (*fn) (struct torture_context *, struct smb2_tree *, struct smb2_tree *);
+	bool ret = false;
+
+	struct smb2_tree *tree1;
+	struct smb2_tree *tree2;
+	TALLOC_CTX *mem_ctx = talloc_new(torture_ctx);
+
+	if (!torture_smb2_connection(torture_ctx, &tree1)) {
+		torture_fail(torture_ctx,
+		    "Establishing SMB2 connection failed\n");
+		goto done;
+	}
+
+	talloc_steal(mem_ctx, tree1);
+
+	if (!torture_smb2_connection(torture_ctx, &tree2)) {
+		torture_fail(torture_ctx,
+		    "Establishing SMB2 connection failed\n");
+		goto done;
+	}
+
+	talloc_steal(mem_ctx, tree2);
+
+	fn = test->fn;
+
+	ret = fn(torture_ctx, tree1, tree2);
+
+done:
+	/* the test may already have closed some of the connections */
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+
+struct torture_test *torture_suite_add_2smb2_test(struct torture_suite *suite,
+						  const char *name,
+						  bool (*run)(struct torture_context *,
+							      struct smb2_tree *,
+							      struct smb2_tree *))
+{
+	struct torture_test *test;
+	struct torture_tcase *tcase;
+
+	tcase = torture_suite_add_tcase(suite, name);
+
+	test = talloc(tcase, struct torture_test);
+
+	test->name = talloc_strdup(test, name);
+	test->description = NULL;
+	test->run = wrap_simple_2smb2_test;
+	test->fn = run;
+	test->dangerous = false;
+
+	DLIST_ADD_END(tcase->tests, test);
+
+	return test;
+}
+
+NTSTATUS torture_smb2_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "smb2");
+	torture_suite_add_simple_test(suite, "connect", torture_smb2_connect);
+	torture_suite_add_suite(suite, torture_smb2_scan_init(suite));
+	torture_suite_add_suite(suite, torture_smb2_getinfo_init(suite));
+	torture_suite_add_simple_test(suite, "setinfo", torture_smb2_setinfo);
+	torture_suite_add_suite(suite, torture_smb2_lock_init(suite));
+	torture_suite_add_suite(suite, torture_smb2_read_init(suite));
+	torture_suite_add_suite(suite, torture_smb2_aio_delay_init(suite));
+	torture_suite_add_suite(suite, torture_smb2_bench_init(suite));
+	torture_suite_add_suite(suite, torture_smb2_create_init(suite));
+	torture_suite_add_suite(suite, torture_smb2_twrp_init(suite));
+	torture_suite_add_suite(suite, torture_smb2_fileid_init(suite));
+	torture_suite_add_suite(suite, torture_smb2_acls_init(suite));
+	torture_suite_add_suite(suite, torture_smb2_acls_non_canonical_init(suite));
+	torture_suite_add_suite(suite, torture_smb2_notify_init(suite));
+	torture_suite_add_suite(suite, torture_smb2_notify_inotify_init(suite));
+	torture_suite_add_suite(suite,
+		torture_smb2_notify_disabled_init(suite));
+	torture_suite_add_suite(suite, torture_smb2_durable_open_init(suite));
+	torture_suite_add_suite(suite,
+		torture_smb2_durable_open_disconnect_init(suite));
+	torture_suite_add_suite(suite,
+		torture_smb2_durable_v2_open_init(suite));
+	torture_suite_add_suite(suite,
+		torture_smb2_durable_v2_delay_init(suite));
+	torture_suite_add_suite(suite, torture_smb2_dir_init(suite));
+	torture_suite_add_suite(suite, torture_smb2_lease_init(suite));
+	torture_suite_add_suite(suite, torture_smb2_compound_init(suite));
+	torture_suite_add_suite(suite, torture_smb2_compound_find_init(suite));
+	torture_suite_add_suite(suite, torture_smb2_compound_async_init(suite));
+	torture_suite_add_suite(suite, torture_smb2_oplocks_init(suite));
+	torture_suite_add_suite(suite, torture_smb2_kernel_oplocks_init(suite));
+	torture_suite_add_suite(suite, torture_smb2_streams_init(suite));
+	torture_suite_add_suite(suite, torture_smb2_ioctl_init(suite));
+	torture_suite_add_simple_test(suite, "set-sparse-ioctl",
+				      test_ioctl_set_sparse);
+	torture_suite_add_simple_test(suite, "zero-data-ioctl",
+				      test_ioctl_zero_data);
+	torture_suite_add_simple_test(suite, "ioctl-on-stream",
+				      test_ioctl_alternate_data_stream);
+	torture_suite_add_suite(suite, torture_smb2_rename_init(suite));
+	torture_suite_add_suite(suite, torture_smb2_sharemode_init(suite));
+	torture_suite_add_1smb2_test(suite, "hold-oplock", test_smb2_hold_oplock);
+	torture_suite_add_suite(suite, torture_smb2_session_init(suite));
+	torture_suite_add_suite(suite, torture_smb2_session_req_sign_init(suite));
+	torture_suite_add_suite(suite, torture_smb2_replay_init(suite));
+	torture_suite_add_simple_test(suite, "dosmode", torture_smb2_dosmode);
+	torture_suite_add_simple_test(suite, "async_dosmode", torture_smb2_async_dosmode);
+	torture_suite_add_simple_test(suite, "maxfid", torture_smb2_maxfid);
+	torture_suite_add_simple_test(suite, "hold-sharemode",
+				      torture_smb2_hold_sharemode);
+	torture_suite_add_simple_test(suite, "check-sharemode",
+				      torture_smb2_check_sharemode);
+	torture_suite_add_suite(suite, torture_smb2_crediting_init(suite));
+
+	torture_suite_add_suite(suite, torture_smb2_doc_init(suite));
+	torture_suite_add_suite(suite, torture_smb2_multichannel_init(suite));
+	torture_suite_add_suite(suite, torture_smb2_samba3misc_init(suite));
+	torture_suite_add_suite(suite, torture_smb2_timestamps_init(suite));
+	torture_suite_add_suite(suite, torture_smb2_timestamp_resolution_init(suite));
+	torture_suite_add_1smb2_test(suite, "openattr", torture_smb2_openattrtest);
+	torture_suite_add_1smb2_test(suite, "winattr", torture_smb2_winattrtest);
+	torture_suite_add_1smb2_test(suite, "winattr2", torture_smb2_winattr2);
+	torture_suite_add_1smb2_test(suite, "sdread", torture_smb2_sdreadtest);
+	torture_suite_add_suite(suite, torture_smb2_readwrite_init(suite));
+	torture_suite_add_suite(suite, torture_smb2_max_allowed(suite));
+	torture_suite_add_1smb2_test(suite, "tcon", run_tcon_test);
+	torture_suite_add_1smb2_test(suite, "mkdir", torture_smb2_mkdir);
+	torture_suite_add_suite(suite, torture_smb2_name_mangling_init(suite));
+
+	torture_suite_add_suite(suite, torture_smb2_charset(suite));
+	torture_suite_add_1smb2_test(suite, "secleak", torture_smb2_sec_leak);
+	torture_suite_add_1smb2_test(suite, "session-id", run_sessidtest);
+	torture_suite_add_suite(suite, torture_smb2_deny_init(suite));
+	torture_suite_add_suite(suite, torture_smb2_ea(suite));
+	torture_suite_add_suite(suite, torture_smb2_create_no_streams_init(suite));
+
+	suite->description = talloc_strdup(suite, "SMB2-specific tests");
+
+	torture_register_suite(ctx, suite);
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/torture/smb2/streams.c b/source4/torture/smb2/streams.c
new file mode 100644
index 0000000..f18048f
--- /dev/null
+++ b/source4/torture/smb2/streams.c
@@ -0,0 +1,2424 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   test alternate data streams
+
+   Copyright (C) Andrew Tridgell 2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+
+#include "smb_constants.h"
+#include "torture/torture.h"
+#include "torture/smb2/proto.h"
+
+#include "system/filesys.h"
+#include "system/locale.h"
+#include "lib/util/tsort.h"
+
+#define DNAME "teststreams"
+
+#define CHECK_STATUS(status, correct) do { \
+	if (!NT_STATUS_EQUAL(status, correct)) { \
+		torture_result(tctx, TORTURE_FAIL, \
+		    "(%s) Incorrect status %s - should be %s\n", \
+		    __location__, nt_errstr(status), nt_errstr(correct)); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+#define CHECK_VALUE(v, correct) do { \
+	if ((v) != (correct)) { \
+		torture_result(tctx, TORTURE_FAIL, \
+		    "(%s) Incorrect value %s=%d - should be %d\n", \
+		    __location__, #v, (int)v, (int)correct); \
+		ret = false; \
+	}} while (0)
+
+#define CHECK_NTTIME(v, correct) do { \
+	if ((v) != (correct)) { \
+		torture_result(tctx, TORTURE_FAIL, \
+		    "(%s) Incorrect value %s=%llu - should be %llu\n", \
+		    __location__, #v, (unsigned long long)v, \
+		    (unsigned long long)correct); \
+		ret = false; \
+	}} while (0)
+
+#define CHECK_STR(v, correct) do { \
+	bool ok; \
+	if ((v) && !(correct)) { \
+		ok = false; \
+	} else if (!(v) && (correct)) { \
+		ok = false; \
+	} else if (!(v) && !(correct)) { \
+		ok = true; \
+	} else if (strcmp((v), (correct)) == 0) { \
+		ok = true; \
+	} else { \
+		ok = false; \
+	} \
+	if (!ok) { \
+		torture_result(tctx, TORTURE_FAIL, \
+			       "(%s) Incorrect value %s='%s' - "	\
+			       "should be '%s'\n",			\
+			       __location__, #v, (v)?(v):"NULL",	\
+			       (correct)?(correct):"NULL");		\
+		ret = false;						\
+	}} while (0)
+
+
+static int qsort_string(char * const *s1, char * const *s2)
+{
+	return strcmp(*s1, *s2);
+}
+
+static int qsort_stream(const struct stream_struct * s1, const struct stream_struct *s2)
+{
+	return strcmp(s1->stream_name.s, s2->stream_name.s);
+}
+
+static bool check_stream(struct torture_context *tctx,
+			 struct smb2_tree *tree,
+			 const char *location,
+			 TALLOC_CTX *mem_ctx,
+			 const char *fname,
+			 const char *sname,
+			 const char *value)
+{
+	struct smb2_handle handle;
+	struct smb2_create create;
+	struct smb2_read r;
+	NTSTATUS status;
+	const char *full_name;
+
+	full_name = talloc_asprintf(mem_ctx, "%s:%s", fname, sname);
+
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.fname = full_name;
+
+	status = smb2_create(tree, mem_ctx, &create);
+	if (!NT_STATUS_IS_OK(status)) {
+		if (value == NULL) {
+			return true;
+		} else {
+			torture_comment(tctx, "Unable to open stream %s\n",
+			    full_name);
+			return false;
+		}
+	}
+
+	handle = create.out.file.handle;
+	if (value == NULL) {
+		return true;
+	}
+
+
+	ZERO_STRUCT(r);
+	r.in.file.handle = handle;
+	r.in.length      = strlen(value)+11;
+	r.in.offset      = 0;
+
+	status = smb2_read(tree, tree, &r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "(%s) Failed to read %lu bytes from "
+		    "stream '%s'\n", location, (long)strlen(value), full_name);
+		return false;
+	}
+
+	if (memcmp(r.out.data.data, value, strlen(value)) != 0) {
+		torture_comment(tctx, "(%s) Bad data in stream\n", location);
+		return false;
+	}
+
+	smb2_util_close(tree, handle);
+	return true;
+}
+
+static bool check_stream_list(struct smb2_tree *tree,
+			      struct torture_context *tctx,
+			      const char *fname,
+			      unsigned int num_exp,
+			      const char **exp,
+			      struct smb2_handle h)
+{
+	union smb_fileinfo finfo;
+	NTSTATUS status;
+	unsigned int i;
+	TALLOC_CTX *tmp_ctx = talloc_new(tctx);
+	char **exp_sort;
+	struct stream_struct *stream_sort;
+	bool ret = false;
+
+	finfo.generic.level = RAW_FILEINFO_STREAM_INFORMATION;
+	finfo.generic.in.file.handle = h;
+
+	status = smb2_getinfo_file(tree, tctx, &finfo);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "(%s) smb_raw_pathinfo failed: %s\n",
+		    __location__, nt_errstr(status));
+		goto fail;
+	}
+
+	if (finfo.stream_info.out.num_streams != num_exp) {
+		torture_comment(tctx, "(%s) expected %d streams, got %d\n",
+		    __location__, num_exp, finfo.stream_info.out.num_streams);
+		goto fail;
+	}
+
+	if (num_exp == 0) {
+		ret = true;
+		goto fail;
+	}
+
+	exp_sort = talloc_memdup(tmp_ctx, exp, num_exp * sizeof(*exp));
+
+	if (exp_sort == NULL) {
+		goto fail;
+	}
+
+	TYPESAFE_QSORT(exp_sort, num_exp, qsort_string);
+
+	stream_sort = talloc_memdup(tmp_ctx, finfo.stream_info.out.streams,
+				    finfo.stream_info.out.num_streams *
+				    sizeof(*stream_sort));
+
+	if (stream_sort == NULL) {
+		goto fail;
+	}
+
+	TYPESAFE_QSORT(stream_sort, finfo.stream_info.out.num_streams, qsort_stream);
+
+	for (i=0; i<num_exp; i++) {
+		if (strcmp(exp_sort[i], stream_sort[i].stream_name.s) != 0) {
+			torture_comment(tctx,
+			    "(%s) expected stream name %s, got %s\n",
+			    __location__, exp_sort[i],
+			    stream_sort[i].stream_name.s);
+			goto fail;
+		}
+	}
+
+	ret = true;
+ fail:
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+
+static bool test_stream_dir(struct torture_context *tctx,
+			    struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	NTSTATUS status;
+	union smb_open io;
+	const char *fname = DNAME "\\stream.txt";
+	const char *sname1;
+	bool ret = true;
+	const char *basedir_data;
+	struct smb2_handle h;
+
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, DNAME);
+
+	status = torture_smb2_testdir(tree, DNAME, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	basedir_data = talloc_asprintf(mem_ctx, "%s::$DATA", DNAME);
+	sname1 = talloc_asprintf(mem_ctx, "%s:%s", fname, "Stream One");
+	torture_comment(tctx, "%s\n", sname1);
+
+	torture_comment(tctx, "(%s) opening non-existent directory stream\n",
+	    __location__);
+	ZERO_STRUCT(io.smb2);
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.smb2.in.desired_access = SEC_FILE_WRITE_DATA;
+	io.smb2.in.file_attributes   = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.share_access = 0;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = sname1;
+	io.smb2.in.create_flags = 0;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_NOT_A_DIRECTORY);
+
+	torture_comment(tctx, "(%s) opening basedir  stream\n", __location__);
+	ZERO_STRUCT(io.smb2);
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_FILE_WRITE_DATA;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
+	io.smb2.in.share_access = 0;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = basedir_data;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_NOT_A_DIRECTORY);
+
+	torture_comment(tctx, "(%s) opening basedir ::$DATA stream\n",
+	    __location__);
+	ZERO_STRUCT(io.smb2);
+	io.smb2.in.create_flags = 0x10;
+	io.smb2.in.desired_access = SEC_FILE_WRITE_DATA;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.file_attributes = 0;
+	io.smb2.in.share_access = 0;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = basedir_data;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_FILE_IS_A_DIRECTORY);
+
+	torture_comment(tctx, "(%s) list the streams on the basedir\n",
+	    __location__);
+	ret &= check_stream_list(tree, mem_ctx, DNAME, 0, NULL, h);
+done:
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, DNAME);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+static bool test_stream_io(struct torture_context *tctx,
+			   struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	NTSTATUS status;
+	union smb_open io;
+	const char *fname = DNAME "\\stream.txt";
+	const char *sname1, *sname2;
+	bool ret = true;
+	struct smb2_handle h, h2;
+
+	const char *one[] = { "::$DATA" };
+	const char *two[] = { "::$DATA", ":Second Stream:$DATA" };
+	const char *three[] = { "::$DATA", ":Stream One:$DATA",
+				":Second Stream:$DATA" };
+
+	ZERO_STRUCT(h);
+	ZERO_STRUCT(h2);
+
+	sname1 = talloc_asprintf(mem_ctx, "%s:%s", fname, "Stream One");
+	sname2 = talloc_asprintf(mem_ctx, "%s:%s:$DaTa", fname,
+				 "Second Stream");
+
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, DNAME);
+
+	status = torture_smb2_testdir(tree, DNAME, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "(%s) creating a stream on a non-existent file\n",
+		__location__);
+
+	ZERO_STRUCT(io.smb2);
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_FILE_WRITE_DATA;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = 0;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = sname1;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io.smb2.out.file.handle;
+
+	ret &= check_stream(tctx, tree, __location__, mem_ctx, fname,
+			    "Stream One", NULL);
+
+	torture_comment(tctx, "(%s) check that open of base file is allowed\n", __location__);
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.smb2.in.fname = fname;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, io.smb2.out.file.handle);
+
+	torture_comment(tctx, "(%s) writing to stream\n", __location__);
+	status = smb2_util_write(tree, h2, "test data", 0, 9);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	smb2_util_close(tree, h2);
+
+	ret &= check_stream(tctx, tree, __location__, mem_ctx, fname,
+			    "Stream One", "test data");
+
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.smb2.in.fname = sname1;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io.smb2.out.file.handle;
+
+	torture_comment(tctx, "(%s) modifying stream\n", __location__);
+	status = smb2_util_write(tree, h2, "MORE DATA ", 5, 10);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	smb2_util_close(tree, h2);
+
+	ret &= check_stream(tctx, tree, __location__, mem_ctx, fname,
+			    "Stream One:$FOO", NULL);
+
+	torture_comment(tctx, "(%s) creating a stream2 on a existing file\n",
+	    __location__);
+	io.smb2.in.fname = sname2;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io.smb2.out.file.handle;
+
+	torture_comment(tctx, "(%s) modifying stream\n", __location__);
+	status= smb2_util_write(tree, h2, "SECOND STREAM", 0, 13);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, h2);
+
+	ret &= check_stream(tctx, tree, __location__, mem_ctx, fname,
+			     "Stream One", "test MORE DATA ");
+
+	ret &= check_stream(tctx, tree, __location__, mem_ctx, fname,
+			    "Stream One:$DATA", "test MORE DATA ");
+
+	ret &= check_stream(tctx, tree, __location__, mem_ctx, fname,
+			    "Stream One:", NULL);
+
+	if (!ret) {
+		torture_result(tctx, TORTURE_FAIL,
+		    "check_stream(\"Stream One:*\") failed\n");
+		goto done;
+	}
+
+	ret &= check_stream(tctx, tree, __location__, mem_ctx, fname,
+			    "Second Stream", "SECOND STREAM");
+
+	ret &= check_stream(tctx, tree, __location__, mem_ctx, fname,
+			    "SECOND STREAM:$DATA", "SECOND STREAM");
+	ret &= check_stream(tctx, tree, __location__, mem_ctx, fname,
+			    "Second Stream:$DATA", "SECOND STREAM");
+
+	ret &= check_stream(tctx, tree, __location__, mem_ctx, fname,
+			    "Second Stream:", NULL);
+
+	ret &= check_stream(tctx, tree, __location__, mem_ctx, fname,
+			    "Second Stream:$FOO", NULL);
+
+	if (!ret) {
+		torture_result(tctx, TORTURE_FAIL,
+		    "check_stream(\"Second Stream:*\") failed\n");
+		goto done;
+	}
+
+	io.smb2.in.fname = sname2;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io.smb2.out.file.handle;
+	check_stream_list(tree, tctx, fname, 3, three, h2);
+
+	smb2_util_close(tree, h2);
+
+	torture_comment(tctx, "(%s) deleting stream\n", __location__);
+	status = smb2_util_unlink(tree, sname1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	io.smb2.in.fname = sname2;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io.smb2.out.file.handle;
+	check_stream_list(tree, tctx, fname, 2, two, h2);
+	smb2_util_close(tree, h2);
+
+	torture_comment(tctx, "(%s) delete a stream via delete-on-close\n",
+	    __location__);
+	io.smb2.in.fname = sname2;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_DELETE;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io.smb2.out.file.handle;
+
+	smb2_util_close(tree, h2);
+	status = smb2_util_unlink(tree, sname2);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	io.smb2.in.fname = fname;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	h2 = io.smb2.out.file.handle;
+	check_stream_list(tree,tctx, fname, 1, one, h2);
+	smb2_util_close(tree, h2);
+
+	if (!torture_setting_bool(tctx, "samba4", false)) {
+		io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+		io.smb2.in.fname = sname1;
+		status = smb2_create(tree, mem_ctx, &(io.smb2));
+		CHECK_STATUS(status, NT_STATUS_OK);
+		smb2_util_close(tree, io.ntcreatex.out.file.handle);
+		io.smb2.in.fname = sname2;
+		status = smb2_create(tree, mem_ctx, &(io.smb2));
+		CHECK_STATUS(status, NT_STATUS_OK);
+		smb2_util_close(tree, io.ntcreatex.out.file.handle);
+		torture_comment(tctx, "(%s) deleting file\n", __location__);
+		status = smb2_util_unlink(tree, fname);
+		CHECK_STATUS(status, NT_STATUS_OK);
+	}
+
+
+done:
+	smb2_util_close(tree, h2);
+	smb2_deltree(tree, DNAME);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+static bool test_zero_byte_stream(struct torture_context *tctx,
+				  struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	NTSTATUS status;
+	union smb_open io;
+	const char *fname = DNAME "\\stream.txt";
+	const char *sname;
+	bool ret = true;
+	struct smb2_handle h, bh;
+	const char *streams[] = { "::$DATA", ":foo:$DATA" };
+
+	sname = talloc_asprintf(mem_ctx, "%s:%s", fname, "foo");
+
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, DNAME);
+
+	status = torture_smb2_testdir(tree, DNAME, &h);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "testdir");
+	smb2_util_close(tree, h);
+
+	torture_comment(tctx, "(%s) Check 0 byte named stream\n",
+	    __location__);
+
+	/* Create basefile */
+	ZERO_STRUCT(io);
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.fname = fname;
+	io.smb2.in.desired_access = SEC_FILE_READ_ATTRIBUTE |
+		SEC_FILE_WRITE_ATTRIBUTE |
+		SEC_FILE_READ_DATA |
+		SEC_FILE_WRITE_DATA;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "create");
+	smb2_util_close(tree, io.smb2.out.file.handle);
+
+	/* Create named stream and close it */
+	ZERO_STRUCT(io);
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.fname = sname;
+	io.smb2.in.desired_access = SEC_FILE_READ_ATTRIBUTE |
+		SEC_FILE_WRITE_ATTRIBUTE |
+		SEC_FILE_READ_DATA |
+		SEC_FILE_WRITE_DATA;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "create");
+	smb2_util_close(tree, io.smb2.out.file.handle);
+
+	/*
+	 * Check stream list, the 0 byte stream MUST be returned by
+	 * the server.
+	 */
+	ZERO_STRUCT(io);
+	io.smb2.in.fname = fname;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.smb2.in.desired_access = SEC_FILE_READ_ATTRIBUTE |
+		SEC_FILE_WRITE_ATTRIBUTE |
+		SEC_FILE_READ_DATA |
+		SEC_FILE_WRITE_DATA;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	bh = io.smb2.out.file.handle;
+
+	ret = check_stream_list(tree,tctx, fname, 2, streams, bh);
+	torture_assert_goto(tctx, ret == true, ret, done, "smb2_create");
+	smb2_util_close(tree, bh);
+
+done:
+	smb2_deltree(tree, DNAME);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/*
+  test stream sharemodes
+*/
+static bool test_stream_sharemodes(struct torture_context *tctx,
+				   struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	NTSTATUS status;
+	union smb_open io;
+	const char *fname = DNAME "\\stream_share.txt";
+	const char *sname1, *sname2;
+	bool ret = true;
+	struct smb2_handle h, h1, h2;
+
+	ZERO_STRUCT(h);
+	ZERO_STRUCT(h1);
+	ZERO_STRUCT(h2);
+
+	sname1 = talloc_asprintf(mem_ctx, "%s:%s", fname, "Stream One");
+	sname2 = talloc_asprintf(mem_ctx, "%s:%s:$DaTa", fname,
+				 "Second Stream");
+
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, DNAME);
+
+	status = torture_smb2_testdir(tree, DNAME, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "(%s) Testing stream share mode conflicts\n",
+	    __location__);
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_FILE_WRITE_DATA;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = 0;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = sname1;
+
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+
+	/*
+	 * A different stream does not give a sharing violation
+	 */
+
+	io.smb2.in.fname = sname2;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io.smb2.out.file.handle;
+
+	/*
+	 * ... whereas the same stream does with unchanged access/share_access
+	 * flags
+	 */
+
+	io.smb2.in.fname = sname1;
+	io.smb2.in.create_disposition = 0;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_SHARING_VIOLATION);
+
+	io.smb2.in.fname = sname2;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_SHARING_VIOLATION);
+
+done:
+	smb2_util_close(tree, h1);
+	smb2_util_close(tree, h2);
+	status = smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, DNAME);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/*
+ *  Test FILE_SHARE_DELETE on streams
+ *
+ * A stream opened with !FILE_SHARE_DELETE prevents the main file to be opened
+ * with SEC_STD_DELETE.
+ *
+ * The main file opened with !FILE_SHARE_DELETE does *not* prevent a stream to
+ * be opened with SEC_STD_DELETE.
+ *
+ * A stream held open with FILE_SHARE_DELETE allows the file to be
+ * deleted. After the main file is deleted, access to the open file descriptor
+ * still works, but all name-based access to both the main file as well as the
+ * stream is denied with DELETE pending.
+ *
+ * This means, an open of the main file with SEC_STD_DELETE should walk all
+ * streams and also open them with SEC_STD_DELETE. If any of these opens gives
+ * SHARING_VIOLATION, the main open fails.
+ *
+ * Closing the main file after delete_on_close has been set does not really
+ * unlink it but leaves the corresponding share mode entry with
+ * delete_on_close being set around until all streams are closed.
+ *
+ * Opening a stream must also look at the main file's share mode entry, look
+ * at the delete_on_close bit and potentially return DELETE_PENDING.
+ */
+
+static bool test_stream_delete(struct torture_context *tctx,
+			       struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	NTSTATUS status;
+	union smb_open io;
+	const char *fname = DNAME "\\stream_delete.txt";
+	const char *sname1;
+	bool ret = true;
+	struct smb2_handle h = {{0}};
+	struct smb2_handle h1 = {{0}};
+	struct smb2_read r;
+
+	if (torture_setting_bool(tctx, "samba4", false)) {
+		torture_comment(tctx, "Skipping test as samba4 is enabled\n");
+		goto done;
+	}
+
+	ZERO_STRUCT(h);
+	ZERO_STRUCT(h1);
+
+	sname1 = talloc_asprintf(mem_ctx, "%s:%s", fname, "Stream One");
+
+	/* clean slate .. */
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, fname);
+	smb2_deltree(tree, DNAME);
+
+	status = torture_smb2_testdir(tree, DNAME, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "(%s) opening non-existent file stream\n",
+	    __location__);
+	ZERO_STRUCT(io.smb2);
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = 0;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = sname1;
+
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+
+	status = smb2_util_write(tree, h1, "test data", 0, 9);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * One stream opened without FILE_SHARE_DELETE prevents the main file
+	 * to be deleted or even opened with DELETE access
+	 */
+
+	status = smb2_util_unlink(tree, fname);
+	CHECK_STATUS(status, NT_STATUS_SHARING_VIOLATION);
+
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.smb2.in.fname = fname;
+	io.smb2.in.desired_access = SEC_STD_DELETE;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_SHARING_VIOLATION);
+
+	smb2_util_close(tree, h1);
+
+	/*
+	 * ... but unlink works if a stream is opened with FILE_SHARE_DELETE
+	 */
+
+	io.smb2.in.fname = sname1;
+	io.smb2.in.desired_access = SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_DELETE |
+			NTCREATEX_SHARE_ACCESS_READ |
+			NTCREATEX_SHARE_ACCESS_WRITE;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+
+	status = smb2_util_unlink(tree, fname);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * file access still works on the stream while the main file is closed
+	 */
+	ZERO_STRUCT(r);
+	r.in.file.handle = h1;
+	r.in.length      = 9;
+	r.in.offset      = 0;
+
+	status = smb2_read(tree, tree, &r);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * name-based access to both the main file and the stream does not
+	 * work anymore but gives DELETE_PENDING
+	 */
+
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.fname = fname;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_DELETE_PENDING);
+
+	/*
+	 * older S3 doesn't do this
+	 */
+
+	io.smb2.in.fname = sname1;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_DELETE_PENDING);
+
+	smb2_util_close(tree, h1);
+	ZERO_STRUCT(h1);
+
+	/*
+	 * After closing the stream the file is really gone.
+	 */
+
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.smb2.in.fname = fname;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+done:
+	if (!smb2_util_handle_empty(h1)) {
+		smb2_util_close(tree, h1);
+	}
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, DNAME);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/*
+  test stream names
+*/
+static bool test_stream_names(struct torture_context *tctx,
+			      struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	NTSTATUS status;
+	union smb_open io;
+	union smb_fileinfo finfo;
+	union smb_fileinfo stinfo;
+	union smb_setfileinfo sinfo;
+	const char *fname = DNAME "\\stream_names.txt";
+	const char *sname1, *sname1b, *sname1c, *sname1d;
+	const char *sname2, *snamew, *snamew2;
+	const char *snamer1;
+	bool ret = true;
+	struct smb2_handle h, h1, h2, h3;
+	int i;
+	const char *four[4] = {
+		"::$DATA",
+		":\x05Stream\n One:$DATA",
+		":MStream Two:$DATA",
+		":?Stream*:$DATA"
+	};
+	const char *five1[5] = {
+		"::$DATA",
+		":\x05Stream\n One:$DATA",
+		":BeforeRename:$DATA",
+		":MStream Two:$DATA",
+		":?Stream*:$DATA"
+	};
+	const char *five2[5] = {
+		"::$DATA",
+		":\x05Stream\n One:$DATA",
+		":AfterRename:$DATA",
+		":MStream Two:$DATA",
+		":?Stream*:$DATA"
+	};
+
+	ZERO_STRUCT(h);
+	ZERO_STRUCT(h1);
+	ZERO_STRUCT(h2);
+	ZERO_STRUCT(h3);
+
+	sname1 = talloc_asprintf(mem_ctx, "%s:%s", fname, "\x05Stream\n One");
+	sname1b = talloc_asprintf(mem_ctx, "%s:", sname1);
+	sname1c = talloc_asprintf(mem_ctx, "%s:$FOO", sname1);
+	sname1d = talloc_asprintf(mem_ctx, "%s:?D*a", sname1);
+	sname2 = talloc_asprintf(mem_ctx, "%s:%s:$DaTa", fname, "MStream Two");
+	snamew = talloc_asprintf(mem_ctx, "%s:%s:$DATA", fname, "?Stream*");
+	snamew2 = talloc_asprintf(mem_ctx, "%s\\stream*:%s:$DATA", DNAME,
+				  "?Stream*");
+	snamer1 = talloc_asprintf(mem_ctx, "%s:%s:$DATA", fname,
+				  "BeforeRename");
+
+	/* clean slate ...*/
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, fname);
+	smb2_deltree(tree, DNAME);
+
+	status = torture_smb2_testdir(tree, DNAME, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "(%s) testing stream names\n", __location__);
+	ZERO_STRUCT(io.smb2);
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_FILE_WRITE_DATA;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = 0;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = sname1;
+
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+
+	/*
+	 * A different stream does not give a sharing violation
+	 */
+
+	io.smb2.in.fname = sname2;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io.smb2.out.file.handle;
+
+	/*
+	 * ... whereas the same stream does with unchanged access/share_access
+	 * flags
+	 */
+
+	io.smb2.in.fname = sname1;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_SUPERSEDE;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_SHARING_VIOLATION);
+
+	io.smb2.in.fname = sname1b;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_INVALID);
+
+	io.smb2.in.fname = sname1c;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
+		/* w2k returns INVALID_PARAMETER */
+		CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+	} else {
+		CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_INVALID);
+	}
+
+	io.smb2.in.fname = sname1d;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
+		/* w2k returns INVALID_PARAMETER */
+		CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+	} else {
+		CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_INVALID);
+	}
+
+	io.smb2.in.fname = sname2;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_SHARING_VIOLATION);
+
+	io.smb2.in.fname = snamew;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h3 = io.smb2.out.file.handle;
+
+	io.smb2.in.fname = snamew2;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_INVALID);
+
+	io.smb2.in.fname = fname;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	ret &= check_stream_list(tree, tctx, fname, 4, four,
+				 io.smb2.out.file.handle);
+	CHECK_VALUE(ret, true);
+	smb2_util_close(tree, h1);
+	smb2_util_close(tree, h2);
+	smb2_util_close(tree, h3);
+
+	if (torture_setting_bool(tctx, "samba4", true)) {
+		goto done;
+	}
+
+	finfo.generic.level = RAW_FILEINFO_ALL_INFORMATION;
+	finfo.generic.in.file.handle = io.smb2.out.file.handle;
+	status = smb2_getinfo_file(tree, mem_ctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	ret &= check_stream_list(tree, tctx, fname, 4, four,
+				 io.smb2.out.file.handle);
+
+	CHECK_VALUE(ret, true);
+	for (i=0; i < 4; i++) {
+		NTTIME write_time;
+		uint64_t stream_size;
+		char *path = talloc_asprintf(tctx, "%s%s",
+					     fname, four[i]);
+
+		char *rpath = talloc_strdup(path, path);
+		char *p = strrchr(rpath, ':');
+		/* eat :$DATA */
+		*p = 0;
+		p--;
+		if (*p == ':') {
+			/* eat ::$DATA */
+			*p = 0;
+		}
+		torture_comment(tctx, "(%s): i[%u][%s]\n",
+		    __location__, i,path);
+		io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+		io.smb2.in.desired_access = SEC_FILE_READ_ATTRIBUTE |
+				SEC_FILE_WRITE_ATTRIBUTE |
+				SEC_RIGHTS_FILE_ALL;
+		io.smb2.in.fname = path;
+		status = smb2_create(tree, mem_ctx, &(io.smb2));
+		CHECK_STATUS(status, NT_STATUS_OK);
+		h1 = io.smb2.out.file.handle;
+
+		finfo.generic.level = RAW_FILEINFO_ALL_INFORMATION;
+		finfo.generic.in.file.path = fname;
+		status = smb2_getinfo_file(tree, mem_ctx, &finfo);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		stinfo.generic.level = RAW_FILEINFO_ALL_INFORMATION;
+		stinfo.generic.in.file.handle = h1;
+		status = smb2_getinfo_file(tree, mem_ctx, &stinfo);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		if (!torture_setting_bool(tctx, "samba3", false)) {
+			CHECK_NTTIME(stinfo.all_info.out.create_time,
+				     finfo.all_info.out.create_time);
+			CHECK_NTTIME(stinfo.all_info.out.access_time,
+				     finfo.all_info.out.access_time);
+			CHECK_NTTIME(stinfo.all_info.out.write_time,
+				     finfo.all_info.out.write_time);
+			CHECK_NTTIME(stinfo.all_info.out.change_time,
+				     finfo.all_info.out.change_time);
+		}
+		CHECK_VALUE(stinfo.all_info.out.attrib,
+			    finfo.all_info.out.attrib);
+		CHECK_VALUE(stinfo.all_info.out.size,
+			    finfo.all_info.out.size);
+		CHECK_VALUE(stinfo.all_info.out.delete_pending,
+			    finfo.all_info.out.delete_pending);
+		CHECK_VALUE(stinfo.all_info.out.directory,
+			    finfo.all_info.out.directory);
+		CHECK_VALUE(stinfo.all_info.out.ea_size,
+			    finfo.all_info.out.ea_size);
+
+		stinfo.generic.level = RAW_FILEINFO_NAME_INFORMATION;
+		stinfo.generic.in.file.handle = h1;
+		status = smb2_getinfo_file(tree, mem_ctx, &stinfo);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		if (!torture_setting_bool(tctx, "samba3", false)) {
+			CHECK_STR(rpath, stinfo.name_info.out.fname.s);
+		}
+
+		write_time = finfo.all_info.out.write_time;
+		write_time += i*1000000;
+		write_time /= 1000000;
+		write_time *= 1000000;
+
+		ZERO_STRUCT(sinfo);
+		sinfo.basic_info.level = RAW_SFILEINFO_BASIC_INFORMATION;
+		sinfo.basic_info.in.file.handle = h1;
+		sinfo.basic_info.in.write_time = write_time;
+		sinfo.basic_info.in.attrib = stinfo.all_info.out.attrib;
+		status = smb2_setinfo_file(tree, &sinfo);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		stream_size = i*8192;
+
+		ZERO_STRUCT(sinfo);
+		sinfo.end_of_file_info.level =
+			RAW_SFILEINFO_END_OF_FILE_INFORMATION;
+		sinfo.end_of_file_info.in.file.handle = h1;
+		sinfo.end_of_file_info.in.size = stream_size;
+		status = smb2_setinfo_file(tree, &sinfo);
+		CHECK_STATUS(status, NT_STATUS_OK);
+
+		stinfo.generic.level = RAW_FILEINFO_ALL_INFORMATION;
+		stinfo.generic.in.file.handle = h1;
+		status = smb2_getinfo_file(tree, mem_ctx, &stinfo);
+		CHECK_STATUS(status, NT_STATUS_OK);
+		if (!torture_setting_bool(tctx, "samba3", false)) {
+			CHECK_NTTIME(stinfo.all_info.out.write_time,
+				     write_time);
+			CHECK_VALUE(stinfo.all_info.out.attrib,
+				    finfo.all_info.out.attrib);
+		}
+		CHECK_VALUE(stinfo.all_info.out.size,
+			    stream_size);
+		CHECK_VALUE(stinfo.all_info.out.delete_pending,
+			    finfo.all_info.out.delete_pending);
+		CHECK_VALUE(stinfo.all_info.out.directory,
+			    finfo.all_info.out.directory);
+		CHECK_VALUE(stinfo.all_info.out.ea_size,
+			    finfo.all_info.out.ea_size);
+
+		io.smb2.in.fname = fname;
+		io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+		status = smb2_create(tree, mem_ctx, &(io.smb2));
+		CHECK_STATUS(status, NT_STATUS_OK);
+		ret &= check_stream_list(tree, tctx, fname, 4, four,
+					 io.smb2.out.file.handle);
+
+		smb2_util_close(tree, h1);
+		talloc_free(path);
+	}
+
+	torture_comment(tctx, "(%s): testing stream renames\n", __location__);
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.desired_access = SEC_FILE_READ_ATTRIBUTE |
+				SEC_FILE_WRITE_ATTRIBUTE |
+				SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.fname = snamer1;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+	ret &= check_stream_list(tree,tctx, fname, 5, five1,
+				 io.smb2.out.file.handle);
+
+	ZERO_STRUCT(sinfo);
+	sinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sinfo.rename_information.in.file.handle = h1;
+	sinfo.rename_information.in.overwrite = true;
+	sinfo.rename_information.in.root_fid = 0;
+	sinfo.rename_information.in.new_name = ":AfterRename:$DATA";
+	status = smb2_setinfo_file(tree, &sinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ret &= check_stream_list(tree,tctx, fname, 5, five2,
+				 io.smb2.out.file.handle);
+
+	CHECK_VALUE(ret, true);
+	ZERO_STRUCT(sinfo);
+	sinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sinfo.rename_information.in.file.handle = h1;
+	sinfo.rename_information.in.overwrite = false;
+	sinfo.rename_information.in.root_fid = 0;
+	sinfo.rename_information.in.new_name = ":MStream Two:$DATA";
+	status = smb2_setinfo_file(tree, &sinfo);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_COLLISION);
+
+	ret &= check_stream_list(tree,tctx, fname, 5, five2,
+				 io.smb2.out.file.handle);
+
+	ZERO_STRUCT(sinfo);
+	sinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sinfo.rename_information.in.file.handle = h1;
+	sinfo.rename_information.in.overwrite = true;
+	sinfo.rename_information.in.root_fid = 0;
+	sinfo.rename_information.in.new_name = ":MStream Two:$DATA";
+	status = smb2_setinfo_file(tree, &sinfo);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	ret &= check_stream_list(tree,tctx, fname, 5, five2,
+				 io.smb2.out.file.handle);
+
+	CHECK_VALUE(ret, true);
+	/* TODO: we need to test more rename combinations */
+
+done:
+	smb2_util_close(tree, h1);
+	status = smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, DNAME);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/*
+  test stream names
+*/
+static bool test_stream_names2(struct torture_context *tctx,
+			       struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	NTSTATUS status;
+	union smb_open io;
+	const char *fname = DNAME "\\stream_names2.txt";
+	bool ret = true;
+	struct smb2_handle h = {{0}};
+	struct smb2_handle h1 = {{0}};
+	uint8_t i;
+
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, DNAME);
+
+	status = torture_smb2_testdir(tree, DNAME, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "(%s) testing stream names\n", __location__);
+	ZERO_STRUCT(io.smb2);
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_FILE_WRITE_DATA;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = 0;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+
+	for (i=0x01; i < 0x7F; i++) {
+		char *path = talloc_asprintf(mem_ctx, "%s:Stream%c0x%02X:$DATA",
+					     fname, i, i);
+		NTSTATUS expected;
+
+		switch (i) {
+		case '/':/*0x2F*/
+		case ':':/*0x3A*/
+		case '\\':/*0x5C*/
+			expected = NT_STATUS_OBJECT_NAME_INVALID;
+			break;
+		default:
+			expected = NT_STATUS_OBJECT_NAME_NOT_FOUND;
+			break;
+		}
+
+
+		io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+		io.smb2.in.fname = path;
+		status = smb2_create(tree, mem_ctx, &(io.smb2));
+		if (!NT_STATUS_EQUAL(status, expected)) {
+			torture_comment(tctx,
+			    "(%s) %s:Stream%c0x%02X:$DATA%s => expected[%s]\n",
+			    __location__, fname, isprint(i)?(char)i:' ', i,
+			    isprint(i)?"":" (not printable)",
+			    nt_errstr(expected));
+		}
+		CHECK_STATUS(status, expected);
+
+		talloc_free(path);
+	}
+
+done:
+	smb2_util_close(tree, h1);
+	status = smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, DNAME);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/*
+  test case insensitive stream names
+*/
+static bool test_stream_names3(struct torture_context *tctx,
+			       struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	NTSTATUS status;
+	union smb_fsinfo info;
+	const char *fname = DNAME "\\stream_names3.txt";
+	const char *sname = NULL;
+	const char *snamel = NULL;
+	const char *snameu = NULL;
+	const char *sdname = NULL;
+	const char *sdnamel = NULL;
+	const char *sdnameu = NULL;
+	bool ret = true;
+	struct smb2_handle h = {{0}};
+	struct smb2_handle hf = {{0}};
+	struct smb2_handle hs = {{0}};
+	struct smb2_handle hsl = {{0}};
+	struct smb2_handle hsu = {{0}};
+	struct smb2_handle hsd = {{0}};
+	struct smb2_handle hsdl = {{0}};
+	struct smb2_handle hsdu = {{0}};
+	const char *streams[] = { "::$DATA", ":StreamName:$DATA", };
+
+	smb2_deltree(tree, DNAME);
+	status = torture_smb2_testdir(tree, DNAME, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(info);
+	info.generic.level = RAW_QFS_ATTRIBUTE_INFORMATION;
+	info.generic.handle = h;
+	status = smb2_getinfo_fs(tree, tree, &info);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	if (!(info.attribute_info.out.fs_attr & FILE_CASE_SENSITIVE_SEARCH)) {
+		torture_skip(tctx, "No FILE_CASE_SENSITIVE_SEARCH supported");
+	}
+
+	/*
+	 * We create the following file:
+	 *
+	 *   teststreams\\stream_names3.txt
+	 *
+	 * and add a stream named 'StreamName'
+	 *
+	 * Then we try to open the stream using the following names:
+	 *
+	 * teststreams\\stream_names3.txt:StreamName
+	 * teststreams\\stream_names3.txt:streamname
+	 * teststreams\\stream_names3.txt:STREAMNAME
+	 * teststreams\\stream_names3.txt:StreamName:$dAtA
+	 * teststreams\\stream_names3.txt:streamname:$data
+	 * teststreams\\stream_names3.txt:STREAMNAME:$DATA
+	 */
+	sname = talloc_asprintf(tctx, "%s:StreamName", fname);
+	torture_assert_not_null(tctx, sname, __location__);
+	snamel = strlower_talloc(tctx, sname);
+	torture_assert_not_null(tctx, snamel, __location__);
+	snameu = strupper_talloc(tctx, sname);
+	torture_assert_not_null(tctx, snameu, __location__);
+
+	sdname = talloc_asprintf(tctx, "%s:$dAtA", sname);
+	torture_assert_not_null(tctx, sdname, __location__);
+	sdnamel = strlower_talloc(tctx, sdname);
+	torture_assert_not_null(tctx, sdnamel, __location__);
+	sdnameu = strupper_talloc(tctx, sdname);
+	torture_assert_not_null(tctx, sdnameu, __location__);
+
+	torture_comment(tctx, "(%s) testing case insensitive stream names\n",
+			__location__);
+	status = torture_smb2_testfile(tree, fname, &hf);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = torture_smb2_testfile(tree, sname, &hs);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, hs);
+
+	torture_assert(tctx,
+		       check_stream_list(tree, tctx, fname,
+					 ARRAY_SIZE(streams),
+					 streams,
+					 hf),
+		       "streams");
+
+	status = torture_smb2_open(tree, sname, SEC_RIGHTS_FILE_ALL, &hs);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = torture_smb2_open(tree, snamel, SEC_RIGHTS_FILE_ALL, &hsl);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = torture_smb2_open(tree, snameu, SEC_RIGHTS_FILE_ALL, &hsu);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = torture_smb2_open(tree, sdname, SEC_RIGHTS_FILE_ALL, &hsd);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = torture_smb2_open(tree, sdnamel, SEC_RIGHTS_FILE_ALL, &hsdl);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = torture_smb2_open(tree, sdnameu, SEC_RIGHTS_FILE_ALL, &hsdu);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+done:
+	smb2_util_close(tree, hsdu);
+	smb2_util_close(tree, hsdl);
+	smb2_util_close(tree, hsd);
+	smb2_util_close(tree, hsu);
+	smb2_util_close(tree, hsl);
+	smb2_util_close(tree, hs);
+	smb2_util_close(tree, hf);
+	smb2_util_close(tree, h);
+	status = smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, DNAME);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+#define CHECK_CALL_HANDLE(call, rightstatus) do { \
+	sfinfo.generic.level = RAW_SFILEINFO_ ## call; \
+	sfinfo.generic.in.file.handle = h1; \
+	status = smb2_setinfo_file(tree, &sfinfo); \
+	if (!NT_STATUS_EQUAL(status, rightstatus)) { \
+		torture_result(tctx, TORTURE_FAIL,			\
+			       "(%s) %s - %s (should be %s)\n",		\
+			       __location__, #call,			\
+			       nt_errstr(status), nt_errstr(rightstatus)); \
+		ret = false;						\
+	} \
+	finfo1.generic.level = RAW_FILEINFO_ALL_INFORMATION; \
+	finfo1.generic.in.file.handle = h1; \
+	status2 = smb2_getinfo_file(tree, tctx, &finfo1); \
+	if (!NT_STATUS_IS_OK(status2)) { \
+		torture_result(tctx, TORTURE_FAIL,	     \
+			       "(%s) %s pathinfo - %s\n",    \
+			       __location__, #call, nt_errstr(status)); \
+		ret = false; \
+	}} while (0)
+
+/*
+  test stream renames
+*/
+static bool test_stream_rename(struct torture_context *tctx,
+			       struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	NTSTATUS status, status2;
+	union smb_open io;
+	const char *fname = DNAME "\\stream_rename.txt";
+	const char *sname1, *sname2;
+	union smb_fileinfo finfo1;
+	union smb_setfileinfo sfinfo;
+	bool ret = true;
+	struct smb2_handle h = {{0}};
+	struct smb2_handle h1 = {{0}};
+
+	sname1 = talloc_asprintf(mem_ctx, "%s:%s", fname, "Stream One");
+	sname2 = talloc_asprintf(mem_ctx, "%s:%s:$DaTa", fname,
+				 "Second Stream");
+
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, DNAME);
+
+	status = torture_smb2_testdir(tree, DNAME, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	torture_comment(tctx, "(%s) testing stream renames\n", __location__);
+	ZERO_STRUCT(io.smb2);
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_FILE_READ_ATTRIBUTE |
+				      SEC_FILE_WRITE_ATTRIBUTE |
+				    SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+			NTCREATEX_SHARE_ACCESS_WRITE |
+			NTCREATEX_SHARE_ACCESS_DELETE;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = sname1;
+
+	/* Create two streams. */
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+	smb2_util_close(tree, h1);
+
+	io.smb2.in.fname = sname2;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+
+	smb2_util_close(tree, h1);
+
+	/*
+	 * Open the second stream.
+	 */
+
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+
+	/*
+	 * Now rename the second stream onto the first.
+	 */
+
+	ZERO_STRUCT(sfinfo);
+
+	sfinfo.rename_information.in.overwrite = 1;
+	sfinfo.rename_information.in.root_fid  = 0;
+	sfinfo.rename_information.in.new_name  = ":Stream One";
+	CHECK_CALL_HANDLE(RENAME_INFORMATION, NT_STATUS_OK);
+done:
+	smb2_util_close(tree, h1);
+	status = smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, DNAME);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+static bool test_stream_rename2(struct torture_context *tctx,
+				struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	NTSTATUS status;
+	union smb_open io;
+	const char *fname1 = DNAME "\\stream_rename2.txt";
+	const char *fname2 = DNAME "\\stream2_rename2.txt";
+	const char *stream_name1 = ":Stream One:$DATA";
+	const char *stream_name2 = ":Stream Two:$DATA";
+	const char *stream_name_default = "::$DATA";
+	const char *sname1;
+	const char *sname2;
+	bool ret = true;
+	struct smb2_handle h, h1;
+	union smb_setfileinfo sinfo;
+
+	ZERO_STRUCT(h);
+	ZERO_STRUCT(h1);
+
+	sname1 = talloc_asprintf(mem_ctx, "%s:%s", fname1, "Stream One");
+	sname2 = talloc_asprintf(mem_ctx, "%s:%s", fname1, "Stream Two");
+
+	smb2_util_unlink(tree, fname1);
+	smb2_util_unlink(tree, fname2);
+	smb2_deltree(tree, DNAME);
+
+	status = torture_smb2_testdir(tree, DNAME, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(io.smb2);
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_FILE_READ_DATA |
+				SEC_FILE_WRITE_DATA |
+				SEC_STD_DELETE |
+				SEC_FILE_APPEND_DATA |
+				SEC_STD_READ_CONTROL;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				NTCREATEX_SHARE_ACCESS_WRITE |
+				NTCREATEX_SHARE_ACCESS_DELETE;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = sname1;
+
+	/* Open/create new stream. */
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	smb2_util_close(tree, io.smb2.out.file.handle);
+
+	/*
+	 * Reopen the stream for SMB2 renames.
+	 */
+	io.smb2.in.fname = sname1;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+
+	/*
+	 * Check SMB2 rename of a stream using :<stream>.
+	 */
+	torture_comment(tctx, "(%s) Checking SMB2 rename of a stream using "
+			":<stream>\n", __location__);
+	ZERO_STRUCT(sinfo);
+	sinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION_SMB2;
+	sinfo.rename_information.in.file.handle = h1;
+	sinfo.rename_information.in.overwrite = 1;
+	sinfo.rename_information.in.root_fid = 0;
+	sinfo.rename_information.in.new_name = stream_name1;
+	status = smb2_setinfo_file(tree, &sinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * Check SMB2 rename of an overwriting stream using :<stream>.
+	 */
+	torture_comment(tctx, "(%s) Checking SMB2 rename of an overwriting "
+			"stream using :<stream>\n", __location__);
+
+	/* Create second stream. */
+	io.smb2.in.fname = sname2;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, io.smb2.out.file.handle);
+
+	/* Rename the first stream onto the second. */
+	sinfo.rename_information.in.file.handle = h1;
+	sinfo.rename_information.in.new_name = stream_name2;
+	status = smb2_setinfo_file(tree, &sinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	smb2_util_close(tree, h1);
+
+	/*
+	 * Reopen the stream with the new name.
+	 */
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.smb2.in.fname = sname2;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+
+	/*
+	 * Check SMB2 rename of a stream using <base>:<stream>.
+	 */
+	torture_comment(tctx, "(%s) Checking SMB2 rename of a stream using "
+			"<base>:<stream>\n", __location__);
+	sinfo.rename_information.in.file.handle = h1;
+	sinfo.rename_information.in.new_name = sname1;
+	status = smb2_setinfo_file(tree, &sinfo);
+	CHECK_STATUS(status, NT_STATUS_SHARING_VIOLATION);
+
+	if (!torture_setting_bool(tctx, "samba4", false)) {
+		/*
+		 * Check SMB2 rename to the default stream using :<stream>.
+		 */
+		torture_comment(tctx, "(%s) Checking SMB2 rename to default stream "
+				"using :<stream>\n", __location__);
+		sinfo.rename_information.in.file.handle = h1;
+		sinfo.rename_information.in.new_name = stream_name_default;
+		status = smb2_setinfo_file(tree, &sinfo);
+		CHECK_STATUS(status, NT_STATUS_OK);
+	}
+
+	smb2_util_close(tree, h1);
+
+ done:
+	smb2_util_close(tree, h1);
+	status = smb2_util_unlink(tree, fname1);
+	status = smb2_util_unlink(tree, fname2);
+	smb2_deltree(tree, DNAME);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+static bool create_file_with_stream(struct torture_context *tctx,
+				    struct smb2_tree *tree,
+				    TALLOC_CTX *mem_ctx,
+				    const char *base_fname,
+				    const char *stream)
+{
+	NTSTATUS status;
+	bool ret = true;
+	union smb_open io;
+
+	/* Create a file with a stream */
+	ZERO_STRUCT(io.smb2);
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_FILE_READ_DATA |
+				SEC_FILE_WRITE_DATA |
+				SEC_FILE_APPEND_DATA |
+				SEC_STD_READ_CONTROL;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = 0;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = stream;
+
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+ done:
+	smb2_util_close(tree, io.smb2.out.file.handle);
+	return ret;
+}
+
+
+/* Test how streams interact with create dispositions */
+static bool test_stream_create_disposition(struct torture_context *tctx,
+					   struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	NTSTATUS status;
+	union smb_open io;
+	const char *fname = DNAME "\\stream_create_disp.txt";
+	const char *stream = "Stream One:$DATA";
+	const char *fname_stream;
+	const char *default_stream_name = "::$DATA";
+	const char *stream_list[2];
+	bool ret = true;
+	struct smb2_handle h = {{0}};
+	struct smb2_handle h1 = {{0}};
+
+	/* clean slate .. */
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, fname);
+	smb2_deltree(tree, DNAME);
+
+	status = torture_smb2_testdir(tree, DNAME, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	fname_stream = talloc_asprintf(mem_ctx, "%s:%s", fname, stream);
+
+	stream_list[0] = talloc_asprintf(mem_ctx, ":%s", stream);
+	stream_list[1] = default_stream_name;
+
+	if (!create_file_with_stream(tctx, tree, mem_ctx, fname,
+				     fname_stream)) {
+		goto done;
+	}
+
+	/* Open the base file with OPEN */
+	ZERO_STRUCT(io.smb2);
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_FILE_READ_DATA |
+				SEC_FILE_WRITE_DATA |
+				SEC_FILE_APPEND_DATA |
+				SEC_STD_READ_CONTROL;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = 0;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	/*
+	 * check create open: sanity check
+	 */
+	torture_comment(tctx, "(%s) Checking create disp: open\n",
+			__location__);
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	if (!check_stream_list(tree, tctx, fname, 2, stream_list,
+			       io.smb2.out.file.handle)) {
+		goto done;
+	}
+	smb2_util_close(tree, io.smb2.out.file.handle);
+
+	/*
+	 * check create overwrite
+	 */
+	torture_comment(tctx, "(%s) Checking create disp: overwrite\n",
+			__location__);
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OVERWRITE;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	if (!check_stream_list(tree, tctx, fname, 1, &default_stream_name,
+			       io.smb2.out.file.handle)) {
+		goto done;
+	}
+	smb2_util_close(tree, io.smb2.out.file.handle);
+
+	/*
+	 * check create overwrite_if
+	 */
+	torture_comment(tctx, "(%s) Checking create disp: overwrite_if\n",
+			__location__);
+	smb2_util_unlink(tree, fname);
+	if (!create_file_with_stream(tctx, tree, mem_ctx, fname, fname_stream))
+		goto done;
+
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	if (!check_stream_list(tree, tctx, fname, 1, &default_stream_name,
+			       io.smb2.out.file.handle)) {
+		goto done;
+	}
+	smb2_util_close(tree, io.smb2.out.file.handle);
+
+	/*
+	 * check create supersede
+	 */
+	torture_comment(tctx, "(%s) Checking create disp: supersede\n",
+			__location__);
+	smb2_util_unlink(tree, fname);
+	if (!create_file_with_stream(tctx, tree, mem_ctx, fname,
+				     fname_stream)) {
+		goto done;
+	}
+
+	io.smb2.in.create_disposition = NTCREATEX_DISP_SUPERSEDE;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	if (!check_stream_list(tree, tctx, fname, 1, &default_stream_name,
+			       io.smb2.out.file.handle)) {
+		goto done;
+	}
+	smb2_util_close(tree, io.smb2.out.file.handle);
+
+	/*
+	 * check create overwrite_if on a stream.
+	 */
+	torture_comment(tctx, "(%s) Checking create disp: overwrite_if on "
+			"stream\n", __location__);
+	smb2_util_unlink(tree, fname);
+	if (!create_file_with_stream(tctx, tree, mem_ctx, fname,
+				     fname_stream)) {
+		goto done;
+	}
+
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+	io.smb2.in.fname = fname_stream;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	if (!check_stream_list(tree, tctx, fname, 2, stream_list,
+			       io.smb2.out.file.handle)) {
+		goto done;
+	}
+	smb2_util_close(tree, io.smb2.out.file.handle);
+ done:
+	smb2_util_close(tree, h1);
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, DNAME);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+static bool open_stream(struct smb2_tree *tree,
+			struct torture_context *mem_ctx,
+			const char *fname,
+			struct smb2_handle *h_out)
+{
+	NTSTATUS status;
+	union smb_open io;
+
+	ZERO_STRUCT(io.smb2);
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = SEC_FILE_READ_DATA |
+				SEC_FILE_WRITE_DATA |
+				SEC_FILE_APPEND_DATA |
+				SEC_STD_READ_CONTROL |
+				SEC_FILE_WRITE_ATTRIBUTE;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.file_attributes = 0;
+	io.smb2.in.share_access = 0;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+	*h_out = io.smb2.out.file.handle;
+	return true;
+}
+
+
+/* Test the effect of setting attributes on a stream. */
+static bool test_stream_attributes1(struct torture_context *tctx,
+				    struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	bool ret = true;
+	NTSTATUS status;
+	union smb_open io;
+	const char *fname = DNAME "\\stream_attr.txt";
+	const char *stream = "Stream One:$DATA";
+	const char *fname_stream;
+	struct smb2_handle h, h1;
+	union smb_fileinfo finfo;
+	union smb_setfileinfo sfinfo;
+	time_t basetime = (time(NULL) - 86400) & ~1;
+
+	ZERO_STRUCT(h);
+	ZERO_STRUCT(h1);
+
+	torture_comment(tctx, "(%s) testing attribute setting on stream\n",
+			__location__);
+
+	/* clean slate .. */
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, fname);
+	smb2_deltree(tree, DNAME);
+
+	status = torture_smb2_testdir(tree, DNAME, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	fname_stream = talloc_asprintf(mem_ctx, "%s:%s", fname, stream);
+
+	/* Create a file with a stream with attribute FILE_ATTRIBUTE_ARCHIVE. */
+	ret = create_file_with_stream(tctx, tree, mem_ctx, fname,
+				      fname_stream);
+	if (!ret) {
+		goto done;
+	}
+
+	ZERO_STRUCT(io.smb2);
+	io.smb2.in.fname = fname;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+				 NTCREATEX_SHARE_ACCESS_WRITE |
+				 NTCREATEX_SHARE_ACCESS_DELETE;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(finfo);
+	finfo.generic.level = RAW_FILEINFO_BASIC_INFORMATION;
+	finfo.generic.in.file.handle = io.smb2.out.file.handle;
+	status = smb2_getinfo_file(tree, mem_ctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	if (finfo.basic_info.out.attrib != FILE_ATTRIBUTE_ARCHIVE) {
+		torture_comment(tctx, "(%s) Incorrect attrib %x - should be "
+		    "%x\n", __location__,
+		    (unsigned int)finfo.basic_info.out.attrib,
+		    (unsigned int)FILE_ATTRIBUTE_ARCHIVE);
+		ret = false;
+		goto done;
+	}
+
+	smb2_util_close(tree, io.smb2.out.file.handle);
+	/* Now open the stream name. */
+
+	if (!open_stream(tree, tctx, fname_stream, &h1)) {
+		goto done;
+	}
+
+	/* Change the time on the stream. */
+	ZERO_STRUCT(sfinfo);
+	unix_to_nt_time(&sfinfo.basic_info.in.write_time, basetime);
+	sfinfo.generic.level = RAW_SFILEINFO_BASIC_INFORMATION;
+	sfinfo.generic.in.file.handle = h1;
+	status = smb2_setinfo_file(tree, &sfinfo);
+	if (!NT_STATUS_EQUAL(status, NT_STATUS_OK)) {
+		torture_comment(tctx, "(%s) %s - %s (should be %s)\n",
+		    __location__, "SETATTR",
+		    nt_errstr(status), nt_errstr(NT_STATUS_OK));
+		ret = false;
+		goto done;
+	}
+
+	smb2_util_close(tree, h1);
+
+	ZERO_STRUCT(io.smb2);
+	io.smb2.in.fname = fname;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+
+	ZERO_STRUCT(finfo);
+	finfo.generic.level = RAW_FILEINFO_BASIC_INFORMATION;
+	finfo.generic.in.file.handle = h1;
+	status = smb2_getinfo_file(tree, mem_ctx, &finfo);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "(%s) %s pathinfo - %s\n",
+		    __location__, "SETATTRE", nt_errstr(status));
+		ret = false;
+		goto done;
+	}
+
+	if (nt_time_to_unix(finfo.basic_info.out.write_time) != basetime) {
+		torture_comment(tctx, "(%s) time incorrect.\n", __location__);
+		ret = false;
+		goto done;
+	}
+	smb2_util_close(tree, h1);
+
+	if (!open_stream(tree, tctx, fname_stream, &h1)) {
+		goto done;
+	}
+
+	/* Changing attributes on stream */
+	ZERO_STRUCT(sfinfo);
+	sfinfo.basic_info.in.attrib = FILE_ATTRIBUTE_READONLY;
+
+	sfinfo.generic.level = RAW_SFILEINFO_BASIC_INFORMATION;
+	sfinfo.generic.in.file.handle = h1;
+	status = smb2_setinfo_file(tree, &sfinfo);
+	if (!NT_STATUS_EQUAL(status, NT_STATUS_OK)) {
+		torture_comment(tctx, "(%s) %s - %s (should be %s)\n",
+			__location__, "SETATTR",
+			nt_errstr(status), nt_errstr(NT_STATUS_OK));
+		ret = false;
+		goto done;
+	}
+
+	smb2_util_close(tree, h1);
+
+	ZERO_STRUCT(io.smb2);
+	io.smb2.in.fname = fname;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.smb2.in.desired_access = SEC_FILE_READ_DATA;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1 = io.smb2.out.file.handle;
+
+	ZERO_STRUCT(finfo);
+	finfo.generic.level = RAW_FILEINFO_BASIC_INFORMATION;
+	finfo.generic.in.file.handle = h1;
+	status = smb2_getinfo_file(tree, mem_ctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+done:
+	smb2_util_close(tree, h1);
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, DNAME);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+static bool check_metadata(struct torture_context *tctx,
+			   struct smb2_tree *tree,
+			   const char *path,
+			   struct smb2_handle _h,
+			   NTTIME expected_btime,
+			   uint32_t expected_attribs)
+{
+	struct smb2_handle h = _h;
+	union smb_fileinfo getinfo;
+	NTSTATUS status;
+	bool ret = true;
+
+	if (smb2_util_handle_empty(h)) {
+		struct smb2_create c;
+
+		c = (struct smb2_create) {
+			.in.desired_access = SEC_FILE_ALL,
+			.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+			.in.file_attributes = FILE_ATTRIBUTE_HIDDEN,
+			.in.create_disposition = NTCREATEX_DISP_OPEN,
+			.in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION,
+			.in.fname = path,
+		};
+		status = smb2_create(tree, tctx, &c);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"smb2_create failed\n");
+
+		h = c.out.file.handle;
+	}
+
+	getinfo = (union smb_fileinfo) {
+		.generic.level = SMB_QFILEINFO_BASIC_INFORMATION,
+		.generic.in.file.handle = h,
+	};
+
+	status = smb2_getinfo_file(tree, tctx, &getinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed\n");
+
+	torture_assert_u64_equal_goto(tctx,
+				      expected_btime,
+				      getinfo.basic_info.out.create_time,
+				      ret, done,
+				      "btime was updated\n");
+
+	torture_assert_u32_equal_goto(tctx,
+				      expected_attribs,
+				      getinfo.basic_info.out.attrib,
+				      ret, done,
+				      "btime was updated\n");
+
+done:
+	if (smb2_util_handle_empty(_h)) {
+		smb2_util_close(tree, h);
+	}
+
+	return ret;
+}
+
+static bool test_stream_attributes2(struct torture_context *tctx,
+				    struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	struct smb2_create c1;
+	struct smb2_handle h1 = {{0}};
+	const char *fname = DNAME "\\test_stream_btime";
+	const char *sname = DNAME "\\test_stream_btime:stream";
+	union smb_fileinfo getinfo;
+	union smb_setfileinfo setinfo;
+	const char *data = "test data";
+	struct timespec ts;
+	NTTIME btime;
+	uint32_t attrib = FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_ARCHIVE;
+	bool ret;
+
+	smb2_deltree(tree, DNAME);
+
+	status = torture_smb2_testdir(tree, DNAME, &h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testdir failed\n");
+	smb2_util_close(tree, h1);
+
+	torture_comment(tctx, "Let's dance!\n");
+
+	/*
+	 * Step 1: create file and get creation date
+	 */
+
+	c1 = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_ALL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.file_attributes = FILE_ATTRIBUTE_HIDDEN,
+		.in.create_disposition = NTCREATEX_DISP_CREATE,
+		.in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION,
+		.in.fname = fname,
+	};
+	status = smb2_create(tree, tctx, &c1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	h1 = c1.out.file.handle;
+
+	getinfo = (union smb_fileinfo) {
+		.generic.level = SMB_QFILEINFO_BASIC_INFORMATION,
+		.generic.in.file.handle = h1,
+	};
+	status = smb2_getinfo_file(tree, tctx, &getinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed\n");
+
+	btime = getinfo.basic_info.out.create_time;
+
+	status = smb2_util_close(tree, h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_close failed\n");
+	ZERO_STRUCT(h1);
+
+	/*
+	 * Step X: write to file, assert btime was not updated
+	 */
+
+	c1 = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_ALL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.file_attributes = attrib,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION,
+		.in.fname = fname,
+	};
+	status = smb2_create(tree, tctx, &c1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	h1 = c1.out.file.handle;
+
+	status = smb2_util_write(tree, h1, data, 0, strlen(data));
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_write failed\n");
+
+	ret = check_metadata(tctx, tree, NULL, h1, btime, attrib);
+	torture_assert_goto(tctx, ret, ret, done, "Bad metadata\n");
+
+	status = smb2_util_close(tree, h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_close failed\n");
+	ZERO_STRUCT(h1);
+
+	ret = check_metadata(tctx, tree, fname, (struct smb2_handle){{0}},
+			     btime, attrib);
+	torture_assert_goto(tctx, ret, ret, done, "Bad metadata\n");
+
+	/*
+	 * Step X: create stream, assert creation date is the same
+	 * as the one on the basefile
+	 */
+
+	c1 = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_ALL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.file_attributes = attrib,
+		.in.create_disposition = NTCREATEX_DISP_CREATE,
+		.in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION,
+		.in.fname = sname,
+	};
+	status = smb2_create(tree, tctx, &c1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	h1 = c1.out.file.handle;
+
+	status = smb2_util_close(tree, h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_close failed\n");
+	ZERO_STRUCT(h1);
+
+	ret = check_metadata(tctx, tree, sname, (struct smb2_handle){{0}},
+			     btime, attrib);
+	torture_assert_goto(tctx, ret, ret, done, "Bad metadata\n");
+
+	/*
+	 * Step X: set btime on stream, verify basefile has the same btime.
+	 */
+
+	c1 = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_ALL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.file_attributes = attrib,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION,
+		.in.fname = sname,
+	};
+	status = smb2_create(tree, tctx, &c1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	h1 = c1.out.file.handle;
+
+	setinfo = (union smb_setfileinfo) {
+		.basic_info.level = RAW_SFILEINFO_BASIC_INFORMATION,
+		.basic_info.in.file.handle = h1,
+	};
+	clock_gettime_mono(&ts);
+	btime = setinfo.basic_info.in.create_time = full_timespec_to_nt_time(&ts);
+
+	status = smb2_setinfo_file(tree, &setinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_setinfo_file failed\n");
+
+	ret = check_metadata(tctx, tree, NULL, h1, btime, attrib);
+	torture_assert_goto(tctx, ret, ret, done, "Bad time on stream\n");
+
+	status = smb2_util_close(tree, h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_close failed\n");
+	ZERO_STRUCT(h1);
+
+	ret = check_metadata(tctx, tree, fname, (struct smb2_handle){{0}},
+			     btime, attrib);
+	torture_assert_goto(tctx, ret, ret, done, "Bad time on basefile\n");
+
+	ret = check_metadata(tctx, tree, sname, (struct smb2_handle){{0}},
+			     btime, attrib);
+	torture_assert_goto(tctx, ret, ret, done, "Bad time on stream\n");
+
+	/*
+	 * Step X: write to stream, assert btime was not updated
+	 */
+
+	c1 = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_ALL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.file_attributes = attrib,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION,
+		.in.fname = sname,
+	};
+	status = smb2_create(tree, tctx, &c1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	h1 = c1.out.file.handle;
+
+	status = smb2_util_write(tree, h1, data, 0, strlen(data));
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_write failed\n");
+
+	ret = check_metadata(tctx, tree, NULL, h1, btime, attrib);
+	torture_assert_goto(tctx, ret, ret, done, "Bad metadata\n");
+
+	status = smb2_util_close(tree, h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_close failed\n");
+	ZERO_STRUCT(h1);
+
+	ret = check_metadata(tctx, tree, fname, (struct smb2_handle){{0}},
+			     btime, attrib);
+	torture_assert_goto(tctx, ret, ret, done, "Bad metadata\n");
+
+	ret = check_metadata(tctx, tree, sname, (struct smb2_handle){{0}},
+			     btime, attrib);
+	torture_assert_goto(tctx, ret, ret, done, "Bad metadata\n");
+
+	/*
+	 * Step X: modify attributes via stream, verify it's "also" set on the
+	 * basefile.
+	 */
+
+	c1 = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_ALL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.file_attributes = attrib,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION,
+		.in.fname = sname,
+	};
+	status = smb2_create(tree, tctx, &c1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	h1 = c1.out.file.handle;
+
+	attrib = FILE_ATTRIBUTE_NORMAL;
+
+	setinfo = (union smb_setfileinfo) {
+		.basic_info.level = RAW_SFILEINFO_BASIC_INFORMATION,
+		.basic_info.in.file.handle = h1,
+		.basic_info.in.attrib = attrib,
+	};
+
+	status = smb2_setinfo_file(tree, &setinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_setinfo_file failed\n");
+
+	status = smb2_util_close(tree, h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_close failed\n");
+	ZERO_STRUCT(h1);
+
+	ret = check_metadata(tctx, tree, fname, (struct smb2_handle){{0}},
+			     btime, attrib);
+	torture_assert_goto(tctx, ret, ret, done, "Bad metadata\n");
+
+	ret = check_metadata(tctx, tree, sname, (struct smb2_handle){{0}},
+			     btime, attrib);
+	torture_assert_goto(tctx, ret, ret, done, "Bad metadata\n");
+
+	/*
+	 * Step X: modify attributes via basefile, verify it's "also" set on the
+	 * stream.
+	 */
+
+	c1 = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_ALL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.file_attributes = attrib,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION,
+		.in.fname = fname,
+	};
+	status = smb2_create(tree, tctx, &c1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	h1 = c1.out.file.handle;
+
+	attrib = FILE_ATTRIBUTE_HIDDEN;
+
+	setinfo = (union smb_setfileinfo) {
+		.basic_info.level = RAW_SFILEINFO_BASIC_INFORMATION,
+		.basic_info.in.file.handle = h1,
+		.basic_info.in.attrib = attrib,
+	};
+
+	status = smb2_setinfo_file(tree, &setinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_setinfo_file failed\n");
+
+	status = smb2_util_close(tree, h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_close failed\n");
+	ZERO_STRUCT(h1);
+
+	ret = check_metadata(tctx, tree, fname, (struct smb2_handle){{0}},
+			     btime, attrib);
+	torture_assert_goto(tctx, ret, ret, done, "Bad metadata\n");
+
+	ret = check_metadata(tctx, tree, sname, (struct smb2_handle){{0}},
+			     btime, attrib);
+	torture_assert_goto(tctx, ret, ret, done, "Bad metadata\n");
+
+done:
+	if (!smb2_util_handle_empty(h1)) {
+		smb2_util_close(tree, h1);
+	}
+
+	smb2_deltree(tree, DNAME);
+
+	return ret;
+}
+
+static bool test_basefile_rename_with_open_stream(struct torture_context *tctx,
+						  struct smb2_tree *tree)
+{
+	bool ret = true;
+	NTSTATUS status;
+	struct smb2_tree *tree2 = NULL;
+	struct smb2_create create, create2;
+	struct smb2_handle h1 = {{0}}, h2 = {{0}};
+	const char *fname = "test_rename_openfile";
+	const char *sname = "test_rename_openfile:foo";
+	const char *fname_renamed = "test_rename_openfile_renamed";
+	union smb_setfileinfo sinfo;
+	const char *data = "test data";
+
+	ret = torture_smb2_connection(tctx, &tree2);
+	torture_assert_goto(tctx, ret == true, ret, done,
+			    "torture_smb2_connection failed\n");
+
+	torture_comment(tctx, "Creating file with stream\n");
+
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_FILE_ALL;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	create.in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION;
+	create.in.fname = sname;
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+
+	h1 = create.out.file.handle;
+
+	torture_comment(tctx, "Writing to stream\n");
+
+	status = smb2_util_write(tree, h1, data, 0, strlen(data));
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_write failed\n");
+
+	torture_comment(tctx, "Renaming base file\n");
+
+	ZERO_STRUCT(create2);
+	create2.in.desired_access = SEC_FILE_ALL;
+	create2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create2.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+	create2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create2.in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION;
+	create2.in.fname = fname;
+
+	status = smb2_create(tree2, tctx, &create2);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+
+	h2 = create2.out.file.handle;
+
+	ZERO_STRUCT(sinfo);
+	sinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sinfo.rename_information.in.file.handle = h2;
+	sinfo.rename_information.in.new_name = fname_renamed;
+
+	status = smb2_setinfo_file(tree2, &sinfo);
+	torture_assert_ntstatus_equal_goto(
+		tctx, status, NT_STATUS_ACCESS_DENIED, ret, done,
+		"smb2_setinfo_file didn't return NT_STATUS_ACCESS_DENIED\n");
+
+	smb2_util_close(tree2, h2);
+
+done:
+	if (!smb2_util_handle_empty(h1)) {
+		smb2_util_close(tree, h1);
+	}
+	if (!smb2_util_handle_empty(h2)) {
+		smb2_util_close(tree2, h2);
+	}
+	smb2_util_unlink(tree, fname);
+	smb2_util_unlink(tree, fname_renamed);
+
+	return ret;
+}
+
+/*
+   basic testing of streams calls SMB2
+*/
+struct torture_suite *torture_smb2_streams_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite =
+		torture_suite_create(ctx, "streams");
+
+	torture_suite_add_1smb2_test(suite, "dir", test_stream_dir);
+	torture_suite_add_1smb2_test(suite, "io", test_stream_io);
+	torture_suite_add_1smb2_test(suite, "sharemodes", test_stream_sharemodes);
+	torture_suite_add_1smb2_test(suite, "names", test_stream_names);
+	torture_suite_add_1smb2_test(suite, "names2", test_stream_names2);
+	torture_suite_add_1smb2_test(suite, "names3", test_stream_names3);
+	torture_suite_add_1smb2_test(suite, "rename", test_stream_rename);
+	torture_suite_add_1smb2_test(suite, "rename2", test_stream_rename2);
+	torture_suite_add_1smb2_test(suite, "create-disposition", test_stream_create_disposition);
+	torture_suite_add_1smb2_test(suite, "attributes1", test_stream_attributes1);
+	torture_suite_add_1smb2_test(suite, "attributes2", test_stream_attributes2);
+	torture_suite_add_1smb2_test(suite, "delete", test_stream_delete);
+	torture_suite_add_1smb2_test(suite, "zero-byte", test_zero_byte_stream);
+	torture_suite_add_1smb2_test(suite, "basefile-rename-with-open-stream",
+					test_basefile_rename_with_open_stream);
+
+	suite->description = talloc_strdup(suite, "SMB2-STREAM tests");
+	return suite;
+}
diff --git a/source4/torture/smb2/tcon.c b/source4/torture/smb2/tcon.c
new file mode 100644
index 0000000..1e658af
--- /dev/null
+++ b/source4/torture/smb2/tcon.c
@@ -0,0 +1,146 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB torture tester
+   Copyright (C) Andrew Tridgell 1997-2003
+   Copyright (C) Jelmer Vernooij 2006
+   Copyright (C) David Mulder 2020
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "torture/smbtorture.h"
+#include "torture/smb2/proto.h"
+#include "libcli/smb/smbXcli_base.h"
+#include "torture/util.h"
+#include "system/filesys.h"
+#include "system/time.h"
+#include "libcli/resolve/resolve.h"
+#include "lib/events/events.h"
+#include "param/param.h"
+
+static void smb2cli_session_set_id(struct smbXcli_session *session,
+				   uint64_t session_id)
+{
+	smb2cli_session_set_id_and_flags(session, session_id,
+					 smb2cli_session_get_flags(session));
+}
+
+/**
+  this checks to see if a secondary tconx can use open files from an
+  earlier tconx
+ */
+bool run_tcon_test(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	const char *fname = "tcontest.tmp";
+	struct smb2_handle fnum1;
+	uint32_t cnum1, cnum2, cnum3;
+	uint64_t sessid1, sessid2;
+	uint8_t buf[4];
+	bool ret = true;
+	struct smb2_tree *tree1 = NULL;
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	struct smb2_create io = {0};
+	NTSTATUS status;
+	bool ok;
+
+	if (smb2_deltree(tree, fname) == -1) {
+		torture_comment(tctx, "unlink of %s failed\n", fname);
+	}
+
+	io.in.fname = fname;
+	io.in.desired_access = SEC_FILE_READ_DATA | SEC_FILE_WRITE_DATA;
+	io.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+			     NTCREATEX_SHARE_ACCESS_WRITE |
+			     NTCREATEX_SHARE_ACCESS_DELETE;
+	status = smb2_create(tree, tree, &io);
+	if (NT_STATUS_IS_ERR(status)) {
+		torture_result(tctx, TORTURE_FAIL, "open of %s failed (%s)\n", fname, nt_errstr(status));
+		return false;
+	}
+	fnum1 = io.out.file.handle;
+
+	cnum1 = smb2cli_tcon_current_id(tree->smbXcli);
+	sessid1 = smb2cli_session_current_id(tree->session->smbXcli);
+
+	memset(buf, 0, 4); /* init buf so valgrind won't complain */
+	status = smb2_util_write(tree, fnum1, buf, 130, 4);
+	if (NT_STATUS_IS_ERR(status)) {
+		torture_result(tctx, TORTURE_FAIL, "initial write failed (%s)\n", nt_errstr(status));
+		return false;
+	}
+
+	ok = torture_smb2_tree_connect(tctx, tree->session, tctx, &tree1);
+	if (!ok) {
+		torture_result(tctx, TORTURE_FAIL, "%s refused 2nd tree connect\n", host);
+		return false;
+	}
+
+	cnum2 = smb2cli_tcon_current_id(tree1->smbXcli);
+	cnum3 = MAX(cnum1, cnum2) + 1; /* any invalid number */
+	sessid2 = smb2cli_session_current_id(tree1->session->smbXcli) + 1;
+
+	/* try a write with the wrong tid */
+	smb2cli_tcon_set_id(tree1->smbXcli, cnum2);
+
+	status = smb2_util_write(tree1, fnum1, buf, 130, 4);
+	if (NT_STATUS_IS_OK(status)) {
+		torture_result(tctx, TORTURE_FAIL, "* server allows write with wrong TID\n");
+		ret = false;
+	} else {
+		torture_comment(tctx, "server fails write with wrong TID : %s\n", nt_errstr(status));
+	}
+
+
+	/* try a write with an invalid tid */
+	smb2cli_tcon_set_id(tree1->smbXcli, cnum3);
+
+	status = smb2_util_write(tree1, fnum1, buf, 130, 4);
+	if (NT_STATUS_IS_OK(status)) {
+		torture_result(tctx, TORTURE_FAIL, "* server allows write with invalid TID\n");
+		ret = false;
+	} else {
+		torture_comment(tctx, "server fails write with invalid TID : %s\n", nt_errstr(status));
+	}
+
+	/* try a write with an invalid session id */
+	smb2cli_session_set_id(tree1->session->smbXcli, sessid2);
+	smb2cli_tcon_set_id(tree1->smbXcli, cnum1);
+
+	status = smb2_util_write(tree1, fnum1, buf, 130, 4);
+	if (NT_STATUS_IS_OK(status)) {
+		torture_result(tctx, TORTURE_FAIL, "* server allows write with invalid VUID\n");
+		ret = false;
+	} else {
+		torture_comment(tctx, "server fails write with invalid VUID : %s\n", nt_errstr(status));
+	}
+
+	smb2cli_session_set_id(tree1->session->smbXcli, sessid1);
+	smb2cli_tcon_set_id(tree1->smbXcli, cnum1);
+
+	status = smb2_util_close(tree1, fnum1);
+	if (NT_STATUS_IS_ERR(status)) {
+		torture_result(tctx, TORTURE_FAIL, "close failed (%s)\n", nt_errstr(status));
+		return false;
+	}
+
+	smb2cli_tcon_set_id(tree1->smbXcli, cnum2);
+
+	smb2_util_unlink(tree1, fname);
+
+	return ret;
+}
diff --git a/source4/torture/smb2/timestamps.c b/source4/torture/smb2/timestamps.c
new file mode 100644
index 0000000..3d6d3d1
--- /dev/null
+++ b/source4/torture/smb2/timestamps.c
@@ -0,0 +1,1344 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   test timestamps
+
+   Copyright (C) Ralph Boehme 2019
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "torture/torture.h"
+#include "torture/util.h"
+#include "torture/smb2/proto.h"
+
+#define BASEDIR "smb2-timestamps"
+#define FNAME "testfile.dat"
+
+static bool test_close_no_attrib(struct torture_context *tctx,
+				 struct smb2_tree *tree)
+{
+	const char *filename = BASEDIR "/" FNAME;
+	struct smb2_create cr;
+	struct smb2_handle handle = {{0}};
+	struct smb2_handle testdirh = {{0}};
+	struct smb2_close c;
+	NTSTATUS status;
+	bool ret = true;
+
+	smb2_deltree(tree, BASEDIR);
+
+	status = torture_smb2_testdir(tree, BASEDIR, &testdirh);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testdir failed\n");
+	smb2_util_close(tree, testdirh);
+
+	cr = (struct smb2_create) {
+		.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.create_disposition = NTCREATEX_DISP_OPEN_IF,
+		.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS,
+		.in.fname = filename,
+	};
+
+	status = smb2_create(tree, tctx, &cr);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	handle = cr.out.file.handle;
+
+	c = (struct smb2_close) {
+		.in.file.handle = handle,
+	};
+
+	status = smb2_close(tree, &c);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"close failed\n");
+	ZERO_STRUCT(handle);
+
+	torture_assert_u64_equal_goto(tctx, c.out.create_time, NTTIME_OMIT,
+				      ret, done, "Unexpected create time\n");
+	torture_assert_u64_equal_goto(tctx, c.out.access_time, NTTIME_OMIT,
+				      ret, done, "Unexpected access time\n");
+	torture_assert_u64_equal_goto(tctx, c.out.write_time, NTTIME_OMIT,
+				      ret, done, "Unexpected write time\n");
+	torture_assert_u64_equal_goto(tctx, c.out.change_time, NTTIME_OMIT,
+				      ret, done, "Unexpected change time\n");
+	torture_assert_u64_equal_goto(tctx, c.out.size, 0,
+				      ret, done, "Unexpected size\n");
+	torture_assert_u64_equal_goto(tctx, c.out.file_attr, 0,
+				      ret, done, "Unexpected attributes\n");
+
+done:
+	if (!smb2_util_handle_empty(handle)) {
+		smb2_util_close(tree, handle);
+	}
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+static bool test_time_t(struct torture_context *tctx,
+			struct smb2_tree *tree,
+			const char *fname,
+			time_t t)
+{
+	char *filename = NULL;
+	struct smb2_create cr;
+	struct smb2_handle handle = {{0}};
+	struct smb2_handle testdirh = {{0}};
+	struct timespec ts = { .tv_sec = t };
+	uint64_t nttime;
+	union smb_fileinfo gi;
+	union smb_setfileinfo si;
+	struct smb2_find find;
+	unsigned int count;
+	union smb_search_data *d;
+	NTSTATUS status;
+	bool ret = true;
+
+	smb2_deltree(tree, BASEDIR);
+
+	status = torture_smb2_testdir(tree, BASEDIR, &testdirh);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testdir failed\n");
+
+	filename = talloc_asprintf(tctx, "%s\\%s", BASEDIR, fname);
+	torture_assert_not_null_goto(tctx, filename, ret, done,
+				     "talloc_asprintf failed\n");
+
+	cr = (struct smb2_create) {
+		.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.create_disposition = NTCREATEX_DISP_OPEN_IF,
+		.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS,
+		.in.fname = filename,
+	};
+
+	status = smb2_create(tree, tctx, &cr);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	handle = cr.out.file.handle;
+
+	si = (union smb_setfileinfo) {
+		.basic_info.level = RAW_SFILEINFO_BASIC_INFORMATION,
+		.basic_info.in.file.handle = handle,
+	};
+
+	nttime = full_timespec_to_nt_time(&ts);
+	si.basic_info.in.create_time = nttime;
+	si.basic_info.in.write_time = nttime;
+	si.basic_info.in.change_time = nttime;
+
+	status = smb2_setinfo_file(tree, &si);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_setinfo_file failed\n");
+
+	gi = (union smb_fileinfo) {
+		.generic.level = SMB_QFILEINFO_BASIC_INFORMATION,
+		.generic.in.file.handle = handle,
+	};
+
+	status = smb2_getinfo_file(tree, tctx, &gi);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed\n");
+
+	torture_comment(tctx, "Got: create: %s, write: %s, change: %s\n",
+			nt_time_string(tctx, gi.basic_info.out.create_time),
+			nt_time_string(tctx, gi.basic_info.out.write_time),
+			nt_time_string(tctx, gi.basic_info.out.change_time));
+
+	torture_assert_u64_equal_goto(tctx,
+				      nttime,
+				      gi.basic_info.out.create_time,
+				      ret, done,
+				      "Wrong create time\n");
+	torture_assert_u64_equal_goto(tctx,
+				      nttime,
+				      gi.basic_info.out.write_time,
+				      ret, done,
+				      "Wrong write time\n");
+	torture_assert_u64_equal_goto(tctx,
+				      nttime,
+				      gi.basic_info.out.change_time,
+				      ret, done,
+				      "Wrong change time\n");
+
+	find = (struct smb2_find) {
+		.in.file.handle = testdirh,
+		.in.pattern = fname,
+		.in.max_response_size = 0x1000,
+		.in.level = SMB2_FIND_ID_BOTH_DIRECTORY_INFO,
+	};
+
+	status = smb2_find_level(tree, tree, &find, &count, &d);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_find_level failed\n");
+
+	torture_assert_u64_equal_goto(tctx,
+				      nttime,
+				      d[0].id_both_directory_info.create_time,
+				      ret, done,
+				      "Wrong create time\n");
+	torture_assert_u64_equal_goto(tctx,
+				      nttime,
+				      d[0].id_both_directory_info.write_time,
+				      ret, done,
+				      "Wrong write time\n");
+	torture_assert_u64_equal_goto(tctx,
+				      nttime,
+				      d[0].id_both_directory_info.change_time,
+				      ret, done,
+				      "Wrong change time\n");
+
+	status = smb2_util_close(tree, handle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_close failed\n");
+	ZERO_STRUCT(handle);
+
+	cr = (struct smb2_create) {
+		.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS,
+		.in.fname = filename,
+	};
+
+	status = smb2_create(tree, tctx, &cr);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	handle = cr.out.file.handle;
+
+	gi = (union smb_fileinfo) {
+		.generic.level = SMB_QFILEINFO_BASIC_INFORMATION,
+		.generic.in.file.handle = handle,
+	};
+
+	status = smb2_getinfo_file(tree, tctx, &gi);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed\n");
+
+	torture_comment(tctx, "Got: create: %s, write: %s, change: %s\n",
+			nt_time_string(tctx, gi.basic_info.out.create_time),
+			nt_time_string(tctx, gi.basic_info.out.write_time),
+			nt_time_string(tctx, gi.basic_info.out.change_time));
+
+	torture_assert_u64_equal_goto(tctx,
+				      nttime,
+				      gi.basic_info.out.create_time,
+				      ret, done,
+				      "Wrong create time\n");
+	torture_assert_u64_equal_goto(tctx,
+				      nttime,
+				      gi.basic_info.out.write_time,
+				      ret, done,
+				      "Wrong write time\n");
+	torture_assert_u64_equal_goto(tctx,
+				      nttime,
+				      gi.basic_info.out.change_time,
+				      ret, done,
+				      "Wrong change time\n");
+
+	find = (struct smb2_find) {
+		.in.continue_flags = SMB2_CONTINUE_FLAG_RESTART,
+		.in.file.handle = testdirh,
+		.in.pattern = fname,
+		.in.max_response_size = 0x1000,
+		.in.level = SMB2_FIND_ID_BOTH_DIRECTORY_INFO,
+	};
+
+	status = smb2_find_level(tree, tree, &find, &count, &d);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_find_level failed\n");
+
+	torture_assert_u64_equal_goto(tctx,
+				      nttime,
+				      d[0].id_both_directory_info.create_time,
+				      ret, done,
+				      "Wrong create time\n");
+	torture_assert_u64_equal_goto(tctx,
+				      nttime,
+				      d[0].id_both_directory_info.write_time,
+				      ret, done,
+				      "Wrong write time\n");
+	torture_assert_u64_equal_goto(tctx,
+				      nttime,
+				      d[0].id_both_directory_info.change_time,
+				      ret, done,
+				      "Wrong change time\n");
+
+	status = smb2_util_close(tree, handle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_close failed\n");
+	ZERO_STRUCT(handle);
+
+done:
+	if (!smb2_util_handle_empty(handle)) {
+		smb2_util_close(tree, handle);
+	}
+	if (!smb2_util_handle_empty(testdirh)) {
+		smb2_util_close(tree, testdirh);
+	}
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+static bool test_time_t_15032385535(struct torture_context *tctx,
+				    struct smb2_tree *tree)
+{
+	return test_time_t(tctx, tree, "test_time_t_15032385535.txt",
+			   15032385535 /* >> INT32_MAX, limit on ext */);
+}
+
+static bool test_time_t_10000000000(struct torture_context *tctx,
+				    struct smb2_tree *tree)
+{
+	return test_time_t(tctx, tree, "test_time_t_10000000000.txt",
+			   10000000000 /* >> INT32_MAX */);
+}
+
+static bool test_time_t_4294967295(struct torture_context *tctx,
+				   struct smb2_tree *tree)
+{
+	return test_time_t(tctx, tree, "test_time_t_4294967295.txt",
+			   4294967295 /* INT32_MAX */);
+}
+
+static bool test_time_t_1(struct torture_context *tctx,
+			  struct smb2_tree *tree)
+{
+	return test_time_t(tctx, tree, "test_time_t_1.txt", 1);
+}
+
+static bool test_time_t_0(struct torture_context *tctx,
+			  struct smb2_tree *tree)
+{
+	return test_time_t(tctx, tree, "test_time_t_0.txt", 0);
+}
+
+static bool test_time_t_minus_1(struct torture_context *tctx,
+				struct smb2_tree *tree)
+{
+	return test_time_t(tctx, tree, "test_time_t_-1.txt", -1);
+}
+
+static bool test_time_t_minus_2(struct torture_context *tctx,
+				struct smb2_tree *tree)
+{
+	return test_time_t(tctx, tree, "test_time_t_-2.txt", -2);
+}
+
+static bool test_time_t_1968(struct torture_context *tctx,
+			     struct smb2_tree *tree)
+{
+	return test_time_t(tctx, tree, "test_time_t_1968.txt",
+			   -63158400 /* 1968 */);
+}
+
+static bool test_freeze_thaw(struct torture_context *tctx,
+			     struct smb2_tree *tree)
+{
+	const char *filename = BASEDIR "\\test_freeze_thaw";
+	struct smb2_create cr;
+	struct smb2_handle handle = {{0}};
+	struct smb2_handle testdirh = {{0}};
+	struct timespec ts = { .tv_sec = time(NULL) };
+	uint64_t nttime;
+	union smb_fileinfo gi;
+	union smb_setfileinfo si;
+	NTSTATUS status;
+	bool ret = true;
+
+	smb2_deltree(tree, BASEDIR);
+
+	status = torture_smb2_testdir(tree, BASEDIR, &testdirh);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testdir failed\n");
+
+	cr = (struct smb2_create) {
+		.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.create_disposition = NTCREATEX_DISP_OPEN_IF,
+		.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS,
+		.in.fname = filename,
+	};
+
+	status = smb2_create(tree, tctx, &cr);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	handle = cr.out.file.handle;
+
+	si = (union smb_setfileinfo) {
+		.basic_info.level = RAW_SFILEINFO_BASIC_INFORMATION,
+		.basic_info.in.file.handle = handle,
+	};
+
+	/*
+	 * Step 1:
+	 * First set timestamps of testfile to current time
+	 */
+
+	nttime = full_timespec_to_nt_time(&ts);
+	si.basic_info.in.create_time = nttime;
+	si.basic_info.in.write_time = nttime;
+	si.basic_info.in.change_time = nttime;
+
+	status = smb2_setinfo_file(tree, &si);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_setinfo_file failed\n");
+
+	gi = (union smb_fileinfo) {
+		.generic.level = SMB_QFILEINFO_BASIC_INFORMATION,
+		.generic.in.file.handle = handle,
+	};
+
+	/*
+	 * Step 2:
+	 * Verify timestamps are indeed set to the value in "nttime".
+	 */
+
+	status = smb2_getinfo_file(tree, tctx, &gi);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed\n");
+
+	torture_comment(tctx, "Got: create: %s, write: %s, change: %s\n",
+			nt_time_string(tctx, gi.basic_info.out.create_time),
+			nt_time_string(tctx, gi.basic_info.out.write_time),
+			nt_time_string(tctx, gi.basic_info.out.change_time));
+
+	torture_assert_u64_equal_goto(tctx,
+				      nttime,
+				      gi.basic_info.out.create_time,
+				      ret, done,
+				      "Wrong create time\n");
+	torture_assert_u64_equal_goto(tctx,
+				      nttime,
+				      gi.basic_info.out.write_time,
+				      ret, done,
+				      "Wrong write time\n");
+	torture_assert_u64_equal_goto(tctx,
+				      nttime,
+				      gi.basic_info.out.change_time,
+				      ret, done,
+				      "Wrong change time\n");
+
+	/*
+	 * Step 3:
+	 * First set timestamps with NTTIME_FREEZE, must not change any
+	 * timestamp value.
+	 */
+
+	si.basic_info.in.create_time = NTTIME_FREEZE;
+	si.basic_info.in.write_time = NTTIME_FREEZE;
+	si.basic_info.in.change_time = NTTIME_FREEZE;
+
+	status = smb2_setinfo_file(tree, &si);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_setinfo_file failed\n");
+
+	gi = (union smb_fileinfo) {
+		.generic.level = SMB_QFILEINFO_BASIC_INFORMATION,
+		.generic.in.file.handle = handle,
+	};
+
+	/*
+	 * Step 4:
+	 * Verify timestamps are unmodified from step 2.
+	 */
+
+	gi = (union smb_fileinfo) {
+		.generic.level = SMB_QFILEINFO_BASIC_INFORMATION,
+		.generic.in.file.handle = handle,
+	};
+
+	status = smb2_getinfo_file(tree, tctx, &gi);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed\n");
+
+	torture_comment(tctx, "Got: create: %s, write: %s, change: %s\n",
+			nt_time_string(tctx, gi.basic_info.out.create_time),
+			nt_time_string(tctx, gi.basic_info.out.write_time),
+			nt_time_string(tctx, gi.basic_info.out.change_time));
+
+	torture_assert_u64_equal_goto(tctx,
+				      nttime,
+				      gi.basic_info.out.create_time,
+				      ret, done,
+				      "Wrong create time\n");
+	torture_assert_u64_equal_goto(tctx,
+				      nttime,
+				      gi.basic_info.out.write_time,
+				      ret, done,
+				      "Wrong write time\n");
+	torture_assert_u64_equal_goto(tctx,
+				      nttime,
+				      gi.basic_info.out.change_time,
+				      ret, done,
+				      "Wrong change time\n");
+
+	/*
+	 * Step 5:
+	 * First set timestamps with NTTIME_THAW, must not change any timestamp
+	 * value.
+	 */
+
+	si.basic_info.in.create_time = NTTIME_THAW;
+	si.basic_info.in.write_time = NTTIME_THAW;
+	si.basic_info.in.change_time = NTTIME_THAW;
+
+	status = smb2_setinfo_file(tree, &si);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_setinfo_file failed\n");
+
+	gi = (union smb_fileinfo) {
+		.generic.level = SMB_QFILEINFO_BASIC_INFORMATION,
+		.generic.in.file.handle = handle,
+	};
+
+	/*
+	 * Step 6:
+	 * Verify timestamps are unmodified from step 2.
+	 */
+
+	gi = (union smb_fileinfo) {
+		.generic.level = SMB_QFILEINFO_BASIC_INFORMATION,
+		.generic.in.file.handle = handle,
+	};
+
+	status = smb2_getinfo_file(tree, tctx, &gi);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed\n");
+
+	torture_comment(tctx, "Got: create: %s, write: %s, change: %s\n",
+			nt_time_string(tctx, gi.basic_info.out.create_time),
+			nt_time_string(tctx, gi.basic_info.out.write_time),
+			nt_time_string(tctx, gi.basic_info.out.change_time));
+
+	torture_assert_u64_equal_goto(tctx,
+				      nttime,
+				      gi.basic_info.out.create_time,
+				      ret, done,
+				      "Wrong create time\n");
+	torture_assert_u64_equal_goto(tctx,
+				      nttime,
+				      gi.basic_info.out.write_time,
+				      ret, done,
+				      "Wrong write time\n");
+	torture_assert_u64_equal_goto(tctx,
+				      nttime,
+				      gi.basic_info.out.change_time,
+				      ret, done,
+				      "Wrong change time\n");
+
+done:
+	if (!smb2_util_handle_empty(handle)) {
+		smb2_util_close(tree, handle);
+	}
+	if (!smb2_util_handle_empty(testdirh)) {
+		smb2_util_close(tree, testdirh);
+	}
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+static bool test_delayed_write_vs_seteof(struct torture_context *tctx,
+					 struct smb2_tree *tree)
+{
+	struct smb2_create cr;
+	struct smb2_handle h1 = {{0}};
+	struct smb2_handle h2 = {{0}};
+	NTTIME create_time;
+	NTTIME set_time;
+	union smb_fileinfo finfo;
+	union smb_setfileinfo setinfo;
+	struct smb2_close c;
+	NTSTATUS status;
+	bool ret = true;
+
+	smb2_deltree(tree, BASEDIR);
+	status = torture_smb2_testdir(tree, BASEDIR, &h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"create failed\n");
+	status = smb2_util_close(tree, h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"close failed\n");
+
+	torture_comment(tctx, "Open file-handle 1\n");
+
+	cr = (struct smb2_create) {
+		.in.desired_access     = SEC_FLAG_MAXIMUM_ALLOWED,
+		.in.create_disposition = NTCREATEX_DISP_OPEN_IF,
+		.in.share_access       = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.fname              = BASEDIR "\\" FNAME,
+	};
+	status = smb2_create(tree, tctx, &cr);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"create failed\n");
+	h1 = cr.out.file.handle;
+	create_time = cr.out.create_time;
+	sleep(1);
+
+	torture_comment(tctx, "Write to file-handle 1\n");
+
+	status = smb2_util_write(tree, h1, "s", 0, 1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"write failed\n");
+
+	torture_comment(tctx, "Check writetime hasn't been updated\n");
+
+	finfo = (union smb_fileinfo) {
+		.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION,
+		.generic.in.file.handle = h1,
+	};
+	status = smb2_getinfo_file(tree, tree, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"getinfo failed\n");
+
+	torture_assert_nttime_equal(tctx,
+				    finfo.all_info.out.write_time,
+				    create_time,
+				    "Writetime != set_time (wrong!)\n");
+
+	torture_comment(tctx, "Setinfo EOF on file-handle 1,"
+			" should flush pending writetime update\n");
+
+	setinfo = (union smb_setfileinfo) {
+		.generic.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION,
+	};
+	setinfo.end_of_file_info.in.file.handle = h1;
+	setinfo.end_of_file_info.in.size = 1; /* same size! */
+
+	status = smb2_setinfo_file(tree, &setinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"close failed\n");
+
+	torture_comment(tctx, "Check writetime has been updated "
+			"by the setinfo EOF\n");
+
+	finfo = (union smb_fileinfo) {
+		.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION,
+		.generic.in.file.handle = h1,
+	};
+	status = smb2_getinfo_file(tree, tree, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"getinfo failed\n");
+	if (!(finfo.all_info.out.write_time > create_time)) {
+		ret = false;
+		torture_fail_goto(tctx, done, "setinfo EOF hasn't updated writetime\n");
+	}
+
+	torture_comment(tctx, "Open file-handle 2\n");
+
+	cr = (struct smb2_create) {
+		.in.desired_access     = SEC_FILE_WRITE_ATTRIBUTE,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.share_access       = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.fname              = BASEDIR "\\" FNAME,
+	};
+	status = smb2_create(tree, tctx, &cr);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"create failed\n");
+	h2 = cr.out.file.handle;
+
+	torture_comment(tctx, "Set write time on file-handle 2\n");
+
+	setinfo = (union smb_setfileinfo) {
+		.generic.level = SMB_QFILEINFO_BASIC_INFORMATION,
+	};
+	setinfo.generic.in.file.handle = h2;
+	unix_to_nt_time(&set_time, time(NULL) + 86400);
+	setinfo.basic_info.in.write_time = set_time;
+
+	status = smb2_setinfo_file(tree, &setinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"close failed\n");
+
+	status = smb2_util_close(tree, h2);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"close failed\n");
+	ZERO_STRUCT(h2);
+
+	torture_comment(tctx, "Close file-handle 1, write-time should not be updated\n");
+
+	c = (struct smb2_close) {
+		.in.file.handle = h1,
+		.in.flags = SMB2_CLOSE_FLAGS_FULL_INFORMATION,
+	};
+
+	status = smb2_close(tree, &c);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"close failed\n");
+	ZERO_STRUCT(h1);
+
+	torture_assert_nttime_equal(tctx,
+				    c.out.write_time,
+				    set_time,
+				    "Writetime != set_time (wrong!)\n");
+
+done:
+	if (!smb2_util_handle_empty(h1)) {
+		smb2_util_close(tree, h1);
+	}
+	if (!smb2_util_handle_empty(h2)) {
+		smb2_util_close(tree, h2);
+	}
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+static bool test_delayed_write_vs_flush(struct torture_context *tctx,
+					struct smb2_tree *tree)
+{
+	struct smb2_create cr;
+	struct smb2_handle h1 = {{0}};
+	union smb_fileinfo finfo;
+	struct smb2_flush f;
+	struct smb2_close c;
+	NTTIME create_time;
+	NTTIME flush_time;
+	NTSTATUS status;
+	bool ret = true;
+
+	smb2_deltree(tree, BASEDIR);
+	status = torture_smb2_testdir(tree, BASEDIR, &h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"create failed\n");
+	status = smb2_util_close(tree, h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"close failed\n");
+
+	torture_comment(tctx, "Open file-handle 1\n");
+
+	cr = (struct smb2_create) {
+		.in.desired_access     = SEC_FLAG_MAXIMUM_ALLOWED,
+		.in.create_disposition = NTCREATEX_DISP_OPEN_IF,
+		.in.share_access       = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.fname              = BASEDIR "\\" FNAME,
+	};
+	status = smb2_create(tree, tctx, &cr);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"create failed\n");
+	h1 = cr.out.file.handle;
+	create_time = cr.out.create_time;
+	sleep(1);
+
+	torture_comment(tctx, "Write to file-handle 1\n");
+
+	status = smb2_util_write(tree, h1, "s", 0, 1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"write failed\n");
+
+	torture_comment(tctx, "Check writetime hasn't been updated\n");
+
+	finfo = (union smb_fileinfo) {
+		.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION,
+		.generic.in.file.handle = h1,
+	};
+	status = smb2_getinfo_file(tree, tree, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"getinfo failed\n");
+
+	torture_assert_nttime_equal(tctx,
+				    finfo.all_info.out.write_time,
+				    create_time,
+				    "Writetime != create_time (wrong!)\n");
+
+	torture_comment(tctx, "Flush file, "
+			"should flush pending writetime update\n");
+
+	f = (struct smb2_flush) {
+		.in.file.handle = h1,
+	};
+
+	status = smb2_flush(tree, &f);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"flush failed\n");
+
+	torture_comment(tctx, "Check writetime has been updated "
+			"by the setinfo EOF\n");
+
+	finfo = (union smb_fileinfo) {
+		.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION,
+		.generic.in.file.handle = h1,
+	};
+	status = smb2_getinfo_file(tree, tree, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"getinfo failed\n");
+
+	flush_time = finfo.all_info.out.write_time;
+	if (!(flush_time > create_time)) {
+		ret = false;
+		torture_fail_goto(tctx, done, "flush hasn't updated writetime\n");
+	}
+
+	torture_comment(tctx, "Close file-handle 1, write-time should not be updated\n");
+
+	c = (struct smb2_close) {
+		.in.file.handle = h1,
+		.in.flags = SMB2_CLOSE_FLAGS_FULL_INFORMATION,
+	};
+
+	status = smb2_close(tree, &c);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"close failed\n");
+	ZERO_STRUCT(h1);
+
+	torture_assert_nttime_equal(tctx,
+				    c.out.write_time,
+				    flush_time,
+				    "writetime != flushtime (wrong!)\n");
+
+done:
+	if (!smb2_util_handle_empty(h1)) {
+		smb2_util_close(tree, h1);
+	}
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+static bool test_delayed_write_vs_setbasic_do(struct torture_context *tctx,
+					      struct smb2_tree *tree,
+					      union smb_setfileinfo *setinfo,
+					      bool expect_update)
+{
+	char *path = NULL;
+	struct smb2_create cr;
+	struct smb2_handle h1 = {{0}};
+	NTTIME create_time;
+	union smb_fileinfo finfo;
+	NTSTATUS status;
+	bool ret = true;
+
+	torture_comment(tctx, "Create testfile\n");
+
+	path = talloc_asprintf(tree, BASEDIR "\\" FNAME ".%" PRIu32,
+			       generate_random());
+	torture_assert_not_null_goto(tctx, path, ret, done, "OOM\n");
+
+	cr = (struct smb2_create) {
+		.in.desired_access     = SEC_FLAG_MAXIMUM_ALLOWED,
+		.in.create_disposition = NTCREATEX_DISP_CREATE,
+		.in.share_access       = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.fname              = path,
+	};
+	status = smb2_create(tree, tctx, &cr);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"create failed\n");
+	h1 = cr.out.file.handle;
+	create_time = cr.out.create_time;
+
+	torture_comment(tctx, "Write to file\n");
+
+	status = smb2_util_write(tree, h1, "s", 0, 1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"write failed\n");
+
+	torture_comment(tctx, "Get timestamps\n");
+
+	finfo = (union smb_fileinfo) {
+		.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION,
+		.generic.in.file.handle = h1,
+	};
+	status = smb2_getinfo_file(tree, tree, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"getinfo failed\n");
+
+	torture_assert_nttime_equal(tctx,
+				    finfo.all_info.out.write_time,
+				    create_time,
+				    "Writetime != create_time (wrong!)\n");
+
+	torture_comment(tctx, "Set timestamps\n");
+
+	setinfo->end_of_file_info.in.file.handle = h1;
+	status = smb2_setinfo_file(tree, setinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"close failed\n");
+
+	torture_comment(tctx, "Check timestamps\n");
+
+	finfo = (union smb_fileinfo) {
+		.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION,
+		.generic.in.file.handle = h1,
+	};
+	status = smb2_getinfo_file(tree, tree, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"getinfo failed\n");
+
+	if (expect_update) {
+		if (!(finfo.all_info.out.write_time > create_time)) {
+			ret = false;
+			torture_fail_goto(tctx, done, "setinfo basicinfo "
+					  "hasn't updated writetime\n");
+		}
+	} else {
+		if (finfo.all_info.out.write_time != create_time) {
+			ret = false;
+			torture_fail_goto(tctx, done, "setinfo basicinfo "
+					  "hasn't updated writetime\n");
+		}
+	}
+
+	status = smb2_util_close(tree, h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"close failed\n");
+	ZERO_STRUCT(h1);
+
+	status = smb2_util_unlink(tree, path);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"close failed\n");
+
+done:
+	TALLOC_FREE(path);
+	if (!smb2_util_handle_empty(h1)) {
+		smb2_util_close(tree, h1);
+	}
+	return ret;
+}
+
+static bool test_delayed_write_vs_setbasic(struct torture_context *tctx,
+					   struct smb2_tree *tree)
+{
+	struct smb2_handle h1 = {{0}};
+	union smb_setfileinfo setinfo;
+	time_t t = time(NULL) - 86400;
+	NTSTATUS status;
+	bool ret = true;
+
+	smb2_deltree(tree, BASEDIR);
+	status = torture_smb2_testdir(tree, BASEDIR, &h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"create failed\n");
+	status = smb2_util_close(tree, h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"close failed\n");
+
+	/*
+	 * Yes, this is correct, tested against Windows 2016: even if all
+	 * timestamp fields are 0, a pending write time is flushed.
+	 */
+	torture_comment(tctx, "Test: setting all-0 timestamps flushes?\n");
+
+	setinfo = (union smb_setfileinfo) {
+		.generic.level = RAW_SFILEINFO_BASIC_INFORMATION,
+	};
+	ret = test_delayed_write_vs_setbasic_do(tctx, tree, &setinfo, true);
+	if (ret != true) {
+		goto done;
+	}
+
+	torture_comment(tctx, "Test: setting create_time flushes?\n");
+	unix_to_nt_time(&setinfo.basic_info.in.create_time, t);
+	ret = test_delayed_write_vs_setbasic_do(tctx, tree, &setinfo, true);
+	if (ret != true) {
+		goto done;
+	}
+
+	torture_comment(tctx, "Test: setting access_time flushes?\n");
+	unix_to_nt_time(&setinfo.basic_info.in.access_time, t);
+	ret = test_delayed_write_vs_setbasic_do(tctx, tree, &setinfo, true);
+	if (ret != true) {
+		goto done;
+	}
+
+	torture_comment(tctx, "Test: setting change_time flushes?\n");
+	unix_to_nt_time(&setinfo.basic_info.in.change_time, t);
+	ret = test_delayed_write_vs_setbasic_do(tctx, tree, &setinfo, true);
+	if (ret != true) {
+		goto done;
+	}
+
+done:
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+static bool test_delayed_1write(struct torture_context *tctx,
+				struct smb2_tree *tree)
+{
+	struct smb2_create cr;
+	struct smb2_handle h1 = {{0}};
+	union smb_fileinfo finfo;
+	struct smb2_close c;
+	NTTIME create_time;
+	NTTIME write_time;
+	NTTIME close_time;
+	NTSTATUS status;
+	bool ret = true;
+
+	smb2_deltree(tree, BASEDIR);
+	status = torture_smb2_testdir(tree, BASEDIR, &h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"create failed\n");
+	status = smb2_util_close(tree, h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"close failed\n");
+
+	torture_comment(tctx, "Open file-handle 1\n");
+
+	cr = (struct smb2_create) {
+		.in.desired_access     = SEC_FLAG_MAXIMUM_ALLOWED,
+		.in.create_disposition = NTCREATEX_DISP_OPEN_IF,
+		.in.share_access       = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.fname              = BASEDIR "\\" FNAME,
+	};
+	status = smb2_create(tree, tctx, &cr);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"create failed\n");
+	h1 = cr.out.file.handle;
+	create_time = cr.out.create_time;
+	sleep(1);
+
+	torture_comment(tctx, "Write to file-handle 1\n");
+
+	status = smb2_util_write(tree, h1, "s", 0, 1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"write failed\n");
+	sleep(3);
+
+	torture_comment(tctx, "Check writetime has been updated\n");
+
+	finfo = (union smb_fileinfo) {
+		.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION,
+		.generic.in.file.handle = h1,
+	};
+	status = smb2_getinfo_file(tree, tree, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"getinfo failed\n");
+	write_time = finfo.all_info.out.write_time;
+
+	if (!(write_time > create_time)) {
+		ret = false;
+		torture_fail_goto(tctx, done,
+				  "Write-time not updated (wrong!)\n");
+	}
+
+	torture_comment(tctx, "Close file-handle 1\n");
+	sleep(1);
+
+	c = (struct smb2_close) {
+		.in.file.handle = h1,
+		.in.flags = SMB2_CLOSE_FLAGS_FULL_INFORMATION,
+	};
+
+	status = smb2_close(tree, &c);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"close failed\n");
+	ZERO_STRUCT(h1);
+	close_time = c.out.write_time;
+
+	torture_assert_nttime_equal(tctx, close_time, write_time,
+				    "Writetime != close_time (wrong!)\n");
+
+done:
+	if (!smb2_util_handle_empty(h1)) {
+		smb2_util_close(tree, h1);
+	}
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+static bool test_delayed_2write(struct torture_context *tctx,
+				struct smb2_tree *tree)
+{
+	struct smb2_create cr;
+	struct smb2_handle h1 = {{0}};
+	union smb_fileinfo finfo;
+	struct smb2_close c;
+	NTTIME create_time;
+	NTTIME write_time;
+	NTTIME write_time2;
+	NTTIME close_time;
+	NTSTATUS status;
+	bool ret = true;
+
+	smb2_deltree(tree, BASEDIR);
+	status = torture_smb2_testdir(tree, BASEDIR, &h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"create failed\n");
+	status = smb2_util_close(tree, h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"close failed\n");
+
+	torture_comment(tctx, "Open file\n");
+
+	cr = (struct smb2_create) {
+		.in.desired_access     = SEC_FLAG_MAXIMUM_ALLOWED,
+		.in.create_disposition = NTCREATEX_DISP_OPEN_IF,
+		.in.share_access       = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.fname              = BASEDIR "\\" FNAME,
+	};
+	status = smb2_create(tree, tctx, &cr);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"create failed\n");
+	h1 = cr.out.file.handle;
+	create_time = cr.out.create_time;
+	sleep(1);
+
+	torture_comment(tctx, "Write to file\n");
+
+	status = smb2_util_write(tree, h1, "s", 0, 1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"write failed\n");
+	sleep(3);
+
+	torture_comment(tctx, "Check writetime has been updated\n");
+
+	finfo = (union smb_fileinfo) {
+		.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION,
+		.generic.in.file.handle = h1,
+	};
+	status = smb2_getinfo_file(tree, tree, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"getinfo failed\n");
+	write_time = finfo.all_info.out.write_time;
+
+	if (!(write_time > create_time)) {
+		ret = false;
+		torture_fail_goto(tctx, done,
+				  "Write-time not updated (wrong!)\n");
+	}
+
+	torture_comment(tctx, "Write a second time\n");
+
+	status = smb2_util_write(tree, h1, "s", 0, 1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"write failed\n");
+	sleep(3);
+
+	torture_comment(tctx, "Check writetime has NOT been updated\n");
+
+	finfo = (union smb_fileinfo) {
+		.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION,
+		.generic.in.file.handle = h1,
+	};
+	status = smb2_getinfo_file(tree, tree, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"getinfo failed\n");
+	write_time2 = finfo.all_info.out.write_time;
+
+	torture_assert_nttime_equal(tctx, write_time2, write_time,
+				    "second write updated write-time (wrong!)\n");
+
+	torture_comment(tctx, "Close file-handle 1\n");
+	sleep(2);
+
+	torture_comment(tctx, "Check writetime has been updated\n");
+
+	c = (struct smb2_close) {
+		.in.file.handle = h1,
+		.in.flags = SMB2_CLOSE_FLAGS_FULL_INFORMATION,
+	};
+
+	status = smb2_close(tree, &c);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"close failed\n");
+	ZERO_STRUCT(h1);
+	close_time = c.out.write_time;
+
+	if (!(close_time > write_time)) {
+		ret = false;
+		torture_fail_goto(tctx, done,
+				  "Write-time not updated (wrong!)\n");
+	}
+
+done:
+	if (!smb2_util_handle_empty(h1)) {
+		smb2_util_close(tree, h1);
+	}
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+/*
+   basic testing of SMB2 timestamps
+*/
+struct torture_suite *torture_smb2_timestamps_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "timestamps");
+
+	torture_suite_add_1smb2_test(suite, "test_close_not_attrib", test_close_no_attrib);
+	torture_suite_add_1smb2_test(suite, "time_t_15032385535", test_time_t_15032385535);
+	torture_suite_add_1smb2_test(suite, "time_t_10000000000", test_time_t_10000000000);
+	torture_suite_add_1smb2_test(suite, "time_t_4294967295", test_time_t_4294967295);
+	torture_suite_add_1smb2_test(suite, "time_t_1", test_time_t_1);
+	torture_suite_add_1smb2_test(suite, "time_t_0", test_time_t_0);
+	torture_suite_add_1smb2_test(suite, "time_t_-1", test_time_t_minus_1);
+	torture_suite_add_1smb2_test(suite, "time_t_-2", test_time_t_minus_2);
+	torture_suite_add_1smb2_test(suite, "time_t_1968", test_time_t_1968);
+	torture_suite_add_1smb2_test(suite, "freeze-thaw", test_freeze_thaw);
+
+	/*
+	 * Testing of delayed write-time updates
+	 */
+	torture_suite_add_1smb2_test(suite, "delayed-write-vs-seteof", test_delayed_write_vs_seteof);
+	torture_suite_add_1smb2_test(suite, "delayed-write-vs-flush", test_delayed_write_vs_flush);
+	torture_suite_add_1smb2_test(suite, "delayed-write-vs-setbasic", test_delayed_write_vs_setbasic);
+	torture_suite_add_1smb2_test(suite, "delayed-1write", test_delayed_1write);
+	torture_suite_add_1smb2_test(suite, "delayed-2write", test_delayed_2write);
+
+	suite->description = talloc_strdup(suite, "SMB2 timestamp tests");
+
+	return suite;
+}
+
+/*
+ * This test shows that Windows has a timestamp resolution of ~15ms. When so
+ * when a smaller amount of time than that has passed it's not necessarily
+ * detectable on a Windows 2019 and newer who implement immediate timestamp
+ * updates.
+ *
+ * Note that this test relies on a low latency SMB connection. Even with a low
+ * latency connection of eg 1m there's a chance of 1/15 that the first part of
+ * the test expecting no timestamp change fails as the writetime is updated.
+ *
+ * Due to this timing dependency this test is skipped in Samba CI, but it is
+ * preserved here for future SMB2 timestamps behaviour archealogists.
+ *
+ * See also: https://lists.samba.org/archive/cifs-protocol/2019-December/003358.html
+ */
+static bool test_timestamp_resolution1(struct torture_context *tctx,
+				       struct smb2_tree *tree)
+{
+	union smb_fileinfo finfo1;
+	const char *fname = BASEDIR "\\" FNAME;
+	struct smb2_create cr;
+	struct smb2_handle h = {{0}};
+	struct smb2_close cl;
+	NTSTATUS status;
+	bool ret = true;
+
+	smb2_deltree(tree, BASEDIR);
+	status = torture_smb2_testdir(tree, BASEDIR, &h);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"create failed\n");
+	status = smb2_util_close(tree, h );
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"close failed\n");
+
+	torture_comment(tctx, "Write without delay, expect no "
+			"write-time change\n");
+
+	smb2_generic_create(&cr, NULL, false, fname,
+			    NTCREATEX_DISP_CREATE,
+			    smb2_util_oplock_level(""), 0, 0);
+	status = smb2_create(tree, tree, &cr);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"create failed\n");
+	h = cr.out.file.handle;
+
+	finfo1 = (union smb_fileinfo) {
+		.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION,
+		.generic.in.file.handle = h,
+	};
+	status = smb2_getinfo_file(tree, tree, &finfo1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"getinfo failed\n");
+
+	status = smb2_util_write(tree, h, "123456789", 0, 9);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"write failed\n");
+
+	cl = (struct smb2_close) {
+		.in.file.handle = h,
+		.in.flags = SMB2_CLOSE_FLAGS_FULL_INFORMATION,
+	};
+
+	status = smb2_close(tree, &cl);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"close failed\n");
+	ZERO_STRUCT(h);
+
+	torture_comment(tctx, "Initial: %s\nClose: %s\n",
+			nt_time_string(tctx, finfo1.basic_info.out.write_time),
+			nt_time_string(tctx, cl.out.write_time));
+
+	torture_assert_u64_equal_goto(tctx,
+				      finfo1.basic_info.out.write_time,
+				      cl.out.write_time,
+				      ret, done,
+				      "Write time changed (wrong!)\n");
+
+	torture_comment(tctx, "Write with 20 ms delay, expect "
+			"write-time change\n");
+
+	smb2_generic_create(&cr, NULL, false, fname,
+			    NTCREATEX_DISP_OPEN,
+			    smb2_util_oplock_level(""), 0, 0);
+	status = smb2_create(tree, tree, &cr);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"create failed\n");
+	h = cr.out.file.handle;
+
+	finfo1 = (union smb_fileinfo) {
+		.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION,
+		.generic.in.file.handle = h,
+	};
+	status = smb2_getinfo_file(tree, tree, &finfo1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"getinfo failed\n");
+
+	smb_msleep(20);
+
+	status = smb2_util_write(tree, h, "123456789", 0, 9);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"write failed\n");
+
+	cl = (struct smb2_close) {
+		.in.file.handle = h,
+		.in.flags = SMB2_CLOSE_FLAGS_FULL_INFORMATION,
+	};
+
+	status = smb2_close(tree, &cl);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"close failed\n");
+	ZERO_STRUCT(h);
+
+	torture_comment(tctx, "Initial: %s\nClose: %s\n",
+			nt_time_string(tctx, finfo1.basic_info.out.write_time),
+			nt_time_string(tctx, cl.out.write_time));
+
+	torture_assert_u64_not_equal_goto(
+		tctx,
+		finfo1.basic_info.out.write_time,
+		cl.out.write_time,
+		ret, done,
+		"Write time did not change (wrong!)\n");
+
+done:
+	if (!smb2_util_handle_empty(h)) {
+		smb2_util_close(tree, h);
+	}
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+/*
+   basic testing of SMB2 timestamps
+*/
+struct torture_suite *torture_smb2_timestamp_resolution_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "timestamp_resolution");
+
+	torture_suite_add_1smb2_test(suite, "resolution1", test_timestamp_resolution1);
+
+	suite->description = talloc_strdup(suite, "SMB2 timestamp tests");
+
+	return suite;
+}
diff --git a/source4/torture/smb2/util.c b/source4/torture/smb2/util.c
new file mode 100644
index 0000000..233f589
--- /dev/null
+++ b/source4/torture/smb2/util.c
@@ -0,0 +1,1045 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   helper functions for SMB2 test suite
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/security/security_descriptor.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "../libcli/smb/smbXcli_base.h"
+#include "lib/cmdline/cmdline.h"
+#include "system/time.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "param/param.h"
+#include "libcli/resolve/resolve.h"
+#include "lib/util/tevent_ntstatus.h"
+
+#include "torture/torture.h"
+#include "torture/smb2/proto.h"
+#include "source4/torture/util.h"
+#include "libcli/security/dom_sid.h"
+#include "librpc/gen_ndr/lsa.h"
+#include "libcli/util/clilsa.h"
+
+
+/*
+  write to a file on SMB2
+*/
+NTSTATUS smb2_util_write(struct smb2_tree *tree,
+			 struct smb2_handle handle, 
+			 const void *buf, off_t offset, size_t size)
+{
+	struct smb2_write w;
+
+	ZERO_STRUCT(w);
+	w.in.file.handle = handle;
+	w.in.offset      = offset;
+	w.in.data        = data_blob_const(buf, size);
+
+	return smb2_write(tree, &w);
+}
+
+/*
+  create a complex file/dir using the SMB2 protocol
+*/
+static NTSTATUS smb2_create_complex(struct torture_context *tctx,
+				    struct smb2_tree *tree,
+				    const char *fname,
+				    struct smb2_handle *handle,
+				    bool dir)
+{
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	char buf[7] = "abc";
+	struct smb2_create io;
+	union smb_setfileinfo setfile;
+	union smb_fileinfo fileinfo;
+	time_t t = (time(NULL) & ~1);
+	NTSTATUS status;
+
+	smb2_util_unlink(tree, fname);
+	ZERO_STRUCT(io);
+	io.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.in.file_attributes   = FILE_ATTRIBUTE_NORMAL;
+	io.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+	io.in.share_access = 
+		NTCREATEX_SHARE_ACCESS_DELETE|
+		NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.in.create_options = 0;
+	io.in.fname = fname;
+	if (dir) {
+		io.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+		io.in.share_access &= ~NTCREATEX_SHARE_ACCESS_DELETE;
+		io.in.file_attributes   = FILE_ATTRIBUTE_DIRECTORY;
+		io.in.create_disposition = NTCREATEX_DISP_CREATE;
+	}
+
+	/* it seems vista is now fussier about alignment? */
+	if (strchr(fname, ':') == NULL) {
+		/* setup some EAs */
+		io.in.eas.num_eas = 2;
+		io.in.eas.eas = talloc_array(tmp_ctx, struct ea_struct, 2);
+		io.in.eas.eas[0].flags = 0;
+		io.in.eas.eas[0].name.s = "EAONE";
+		io.in.eas.eas[0].value = data_blob_talloc(tmp_ctx, "VALUE1", 6);
+		io.in.eas.eas[1].flags = 0;
+		io.in.eas.eas[1].name.s = "SECONDEA";
+		io.in.eas.eas[1].value = data_blob_talloc(tmp_ctx, "ValueTwo", 8);
+	}
+
+	status = smb2_create(tree, tmp_ctx, &io);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_EAS_NOT_SUPPORTED)) {
+		torture_comment(
+			tctx, "EAs not supported, creating: %s\n", fname);
+		io.in.eas.num_eas = 0;
+		status = smb2_create(tree, tmp_ctx, &io);
+	}
+
+	talloc_free(tmp_ctx);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	*handle = io.out.file.handle;
+
+	if (!dir) {
+		status = smb2_util_write(tree, *handle, buf, 0, sizeof(buf));
+		NT_STATUS_NOT_OK_RETURN(status);
+	}
+
+	/* make sure all the timestamps aren't the same, and are also 
+	   in different DST zones*/
+	setfile.generic.level = RAW_SFILEINFO_BASIC_INFORMATION;
+	setfile.generic.in.file.handle = *handle;
+
+	unix_to_nt_time(&setfile.basic_info.in.create_time, t + 9*30*24*60*60);
+	unix_to_nt_time(&setfile.basic_info.in.access_time, t + 6*30*24*60*60);
+	unix_to_nt_time(&setfile.basic_info.in.write_time,  t + 3*30*24*60*60);
+	unix_to_nt_time(&setfile.basic_info.in.change_time, t + 1*30*24*60*60);
+	setfile.basic_info.in.attrib      = FILE_ATTRIBUTE_NORMAL;
+
+	status = smb2_setinfo_file(tree, &setfile);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "Failed to setup file times - %s\n", nt_errstr(status));
+		return status;
+	}
+
+	/* make sure all the timestamps aren't the same */
+	fileinfo.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+	fileinfo.generic.in.file.handle = *handle;
+
+	status = smb2_getinfo_file(tree, tree, &fileinfo);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "Failed to query file times - %s\n", nt_errstr(status));
+		return status;
+		
+	}
+
+#define CHECK_TIME(field) do {\
+	if (setfile.basic_info.in.field != fileinfo.all_info2.out.field) { \
+		torture_comment(tctx, "(%s) " #field " not setup correctly: %s(%llu) => %s(%llu)\n", \
+			__location__, \
+			nt_time_string(tree, setfile.basic_info.in.field), \
+			(unsigned long long)setfile.basic_info.in.field, \
+			nt_time_string(tree, fileinfo.basic_info.out.field), \
+			(unsigned long long)fileinfo.basic_info.out.field); \
+		status = NT_STATUS_INVALID_PARAMETER; \
+	} \
+} while (0)
+
+	CHECK_TIME(create_time);
+	CHECK_TIME(access_time);
+	CHECK_TIME(write_time);
+	CHECK_TIME(change_time);
+
+	return status;
+}
+
+/*
+  create a complex file using the SMB2 protocol
+*/
+NTSTATUS smb2_create_complex_file(struct torture_context *tctx,
+				  struct smb2_tree *tree, const char *fname,
+				  struct smb2_handle *handle)
+{
+	return smb2_create_complex(tctx, tree, fname, handle, false);
+}
+
+/*
+  create a complex dir using the SMB2 protocol
+*/
+NTSTATUS smb2_create_complex_dir(struct torture_context *tctx,
+				 struct smb2_tree *tree, const char *fname,
+				 struct smb2_handle *handle)
+{
+	return smb2_create_complex(tctx, tree, fname, handle, true);
+}
+
+/*
+  show lots of information about a file
+*/
+void torture_smb2_all_info(struct torture_context *tctx,
+			   struct smb2_tree *tree, struct smb2_handle handle)
+{
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	union smb_fileinfo io;
+
+	io.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+	io.generic.in.file.handle = handle;
+
+	status = smb2_getinfo_file(tree, tmp_ctx, &io);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("getinfo failed - %s\n", nt_errstr(status)));
+		talloc_free(tmp_ctx);
+		return;
+	}
+
+	torture_comment(tctx, "all_info for '%s'\n", io.all_info2.out.fname.s);
+	torture_comment(tctx, "\tcreate_time:    %s\n", nt_time_string(tmp_ctx, io.all_info2.out.create_time));
+	torture_comment(tctx, "\taccess_time:    %s\n", nt_time_string(tmp_ctx, io.all_info2.out.access_time));
+	torture_comment(tctx, "\twrite_time:     %s\n", nt_time_string(tmp_ctx, io.all_info2.out.write_time));
+	torture_comment(tctx, "\tchange_time:    %s\n", nt_time_string(tmp_ctx, io.all_info2.out.change_time));
+	torture_comment(tctx, "\tattrib:         0x%x\n", io.all_info2.out.attrib);
+	torture_comment(tctx, "\tunknown1:       0x%x\n", io.all_info2.out.unknown1);
+	torture_comment(tctx, "\talloc_size:     %llu\n", (long long)io.all_info2.out.alloc_size);
+	torture_comment(tctx, "\tsize:           %llu\n", (long long)io.all_info2.out.size);
+	torture_comment(tctx, "\tnlink:          %u\n", io.all_info2.out.nlink);
+	torture_comment(tctx, "\tdelete_pending: %u\n", io.all_info2.out.delete_pending);
+	torture_comment(tctx, "\tdirectory:      %u\n", io.all_info2.out.directory);
+	torture_comment(tctx, "\tfile_id:        %llu\n", (long long)io.all_info2.out.file_id);
+	torture_comment(tctx, "\tea_size:        %u\n", io.all_info2.out.ea_size);
+	torture_comment(tctx, "\taccess_mask:    0x%08x\n", io.all_info2.out.access_mask);
+	torture_comment(tctx, "\tposition:       0x%llx\n", (long long)io.all_info2.out.position);
+	torture_comment(tctx, "\tmode:           0x%llx\n", (long long)io.all_info2.out.mode);
+
+	/* short name, if any */
+	io.generic.level = RAW_FILEINFO_ALT_NAME_INFORMATION;
+	status = smb2_getinfo_file(tree, tmp_ctx, &io);
+	if (NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "\tshort name:     '%s'\n", io.alt_name_info.out.fname.s);
+	}
+
+	/* the EAs, if any */
+	io.generic.level = RAW_FILEINFO_SMB2_ALL_EAS;
+	status = smb2_getinfo_file(tree, tmp_ctx, &io);
+	if (NT_STATUS_IS_OK(status)) {
+		int i;
+		for (i=0;i<io.all_eas.out.num_eas;i++) {
+			torture_comment(tctx, "\tEA[%d] flags=%d len=%d '%s'\n", i,
+				 io.all_eas.out.eas[i].flags,
+				 (int)io.all_eas.out.eas[i].value.length,
+				 io.all_eas.out.eas[i].name.s);
+		}
+	}
+
+	/* streams, if available */
+	io.generic.level = RAW_FILEINFO_STREAM_INFORMATION;
+	status = smb2_getinfo_file(tree, tmp_ctx, &io);
+	if (NT_STATUS_IS_OK(status)) {
+		int i;
+		for (i=0;i<io.stream_info.out.num_streams;i++) {
+			torture_comment(tctx, "\tstream %d:\n", i);
+			torture_comment(tctx, "\t\tsize       %ld\n",
+				 (long)io.stream_info.out.streams[i].size);
+			torture_comment(tctx, "\t\talloc size %ld\n",
+				 (long)io.stream_info.out.streams[i].alloc_size);
+			torture_comment(tctx, "\t\tname       %s\n", io.stream_info.out.streams[i].stream_name.s);
+		}
+	}	
+
+	if (DEBUGLVL(1)) {
+		/* the security descriptor */
+		io.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+		io.query_secdesc.in.secinfo_flags = 
+			SECINFO_OWNER|SECINFO_GROUP|
+			SECINFO_DACL;
+		status = smb2_getinfo_file(tree, tmp_ctx, &io);
+		if (NT_STATUS_IS_OK(status)) {
+			NDR_PRINT_DEBUG(security_descriptor, io.query_secdesc.out.sd);
+		}
+	}
+
+	talloc_free(tmp_ctx);	
+}
+
+/*
+  get granted access of a file handle
+*/
+NTSTATUS torture_smb2_get_allinfo_access(struct smb2_tree *tree,
+					 struct smb2_handle handle,
+					 uint32_t *granted_access)
+{
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	union smb_fileinfo io;
+
+	io.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+	io.generic.in.file.handle = handle;
+
+	status = smb2_getinfo_file(tree, tmp_ctx, &io);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("getinfo failed - %s\n", nt_errstr(status)));
+		goto out;
+	}
+
+	*granted_access = io.all_info2.out.access_mask;
+
+out:
+	talloc_free(tmp_ctx);
+	return status;
+}
+
+/**
+ * open a smb2 tree connect
+ */
+bool torture_smb2_tree_connect(struct torture_context *tctx,
+			       struct smb2_session *session,
+			       TALLOC_CTX *mem_ctx,
+			       struct smb2_tree **_tree)
+{
+	NTSTATUS status;
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *share = torture_setting_string(tctx, "share", NULL);
+	const char *unc;
+	struct smb2_tree *tree;
+	struct tevent_req *subreq;
+	uint32_t timeout_msec;
+
+	unc = talloc_asprintf(tctx, "\\\\%s\\%s", host, share);
+	torture_assert(tctx, unc != NULL, "talloc_asprintf");
+
+	tree = smb2_tree_init(session, mem_ctx, false);
+	torture_assert(tctx, tree != NULL, "smb2_tree_init");
+
+	timeout_msec = session->transport->options.request_timeout * 1000;
+
+	subreq = smb2cli_tcon_send(tree, tctx->ev,
+				   session->transport->conn,
+				   timeout_msec,
+				   session->smbXcli,
+				   tree->smbXcli,
+				   0, /* flags */
+				   unc);
+	torture_assert(tctx, subreq != NULL, "smb2cli_tcon_send");
+
+	torture_assert(tctx,
+		       tevent_req_poll_ntstatus(subreq, tctx->ev, &status),
+		       "tevent_req_poll_ntstatus");
+
+	status = smb2cli_tcon_recv(subreq);
+	TALLOC_FREE(subreq);
+	torture_assert_ntstatus_ok(tctx, status, "smb2cli_tcon_recv");
+
+	*_tree = tree;
+
+	return true;
+}
+
+/**
+ * do a smb2 session setup (without a tree connect)
+ */
+bool torture_smb2_session_setup(struct torture_context *tctx,
+				struct smb2_transport *transport,
+				uint64_t previous_session_id,
+				TALLOC_CTX *mem_ctx,
+				struct smb2_session **_session)
+{
+	NTSTATUS status;
+	struct smb2_session *session;
+
+	session = smb2_session_init(transport,
+				    lpcfg_gensec_settings(tctx, tctx->lp_ctx),
+				    mem_ctx);
+
+	if (session == NULL) {
+		return false;
+	}
+
+	status = smb2_session_setup_spnego(session,
+					   samba_cmdline_get_creds(),
+					   previous_session_id);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "session setup failed: %s\n", nt_errstr(status));
+		talloc_free(session);
+		return false;
+	}
+
+	*_session = session;
+
+	return true;
+}
+
+/*
+  open a smb2 connection
+*/
+bool torture_smb2_connection_ext(struct torture_context *tctx,
+				 uint64_t previous_session_id,
+				 const struct smbcli_options *options,
+				 struct smb2_tree **tree)
+{
+	NTSTATUS status;
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *share = torture_setting_string(tctx, "share", NULL);
+	const char *p = torture_setting_string(tctx, "unclist", NULL);
+	TALLOC_CTX *mem_ctx = NULL;
+	bool ok;
+
+	if (p != NULL) {
+		char *host2 = NULL;
+		char *share2 = NULL;
+
+		mem_ctx = talloc_new(tctx);
+		if (mem_ctx == NULL) {
+			return false;
+		}
+
+		ok = torture_get_conn_index(tctx->conn_index++, mem_ctx, tctx,
+					    &host2, &share2);
+		if (!ok) {
+			TALLOC_FREE(mem_ctx);
+			return false;
+		}
+
+		host = host2;
+		share = share2;
+	}
+
+	status = smb2_connect_ext(tctx,
+				  host,
+				  lpcfg_smb_ports(tctx->lp_ctx),
+				  share,
+				  lpcfg_resolve_context(tctx->lp_ctx),
+				  samba_cmdline_get_creds(),
+				  NULL, /* existing_conn */
+				  previous_session_id,
+				  tree,
+				  tctx->ev,
+				  options,
+				  lpcfg_socket_options(tctx->lp_ctx),
+				  lpcfg_gensec_settings(tctx, tctx->lp_ctx)
+				  );
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "Failed to connect to SMB2 share \\\\%s\\%s - %s\n",
+		       host, share, nt_errstr(status));
+		TALLOC_FREE(mem_ctx);
+		return false;
+	}
+
+	TALLOC_FREE(mem_ctx);
+	return true;
+}
+
+bool torture_smb2_connection(struct torture_context *tctx, struct smb2_tree **tree)
+{
+	bool ret;
+	struct smbcli_options options;
+
+	lpcfg_smbcli_options(tctx->lp_ctx, &options);
+
+	ret = torture_smb2_connection_ext(tctx, 0, &options, tree);
+
+	return ret;
+}
+
+/**
+ * SMB2 connect with share from soption
+ **/
+bool torture_smb2_con_share(struct torture_context *tctx,
+			    const char *share,
+			    struct smb2_tree **tree)
+{
+	struct smbcli_options options;
+	NTSTATUS status;
+	const char *host = torture_setting_string(tctx, "host", NULL);
+
+	lpcfg_smbcli_options(tctx->lp_ctx, &options);
+
+	status = smb2_connect(tctx,
+			      host,
+			      lpcfg_smb_ports(tctx->lp_ctx),
+			      share,
+			      lpcfg_resolve_context(tctx->lp_ctx),
+			      samba_cmdline_get_creds(),
+			      tree,
+			      tctx->ev,
+			      &options,
+			      lpcfg_socket_options(tctx->lp_ctx),
+			      lpcfg_gensec_settings(tctx, tctx->lp_ctx)
+			      );
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "Failed to connect to SMB2 share \\\\%s\\%s - %s\n",
+		       host, share, nt_errstr(status));
+		return false;
+	}
+	return true;
+}
+
+/**
+ * SMB2 connect with share from soption
+ **/
+bool torture_smb2_con_sopt(struct torture_context *tctx,
+			   const char *soption,
+			   struct smb2_tree **tree)
+{
+	const char *share = torture_setting_string(tctx, soption, NULL);
+
+	if (share == NULL) {
+		torture_comment(tctx, "No share for option %s\n", soption);
+		return false;
+	}
+
+	return torture_smb2_con_share(tctx, share, tree);
+}
+
+/*
+  create and return a handle to a test file
+  with a specific access mask
+*/
+NTSTATUS torture_smb2_testfile_access(struct smb2_tree *tree, const char *fname,
+				      struct smb2_handle *handle,
+				      uint32_t desired_access)
+{
+	struct smb2_create io;
+	NTSTATUS status;
+
+	ZERO_STRUCT(io);
+	io.in.oplock_level = 0;
+	io.in.desired_access = desired_access;
+	io.in.file_attributes   = FILE_ATTRIBUTE_NORMAL;
+	io.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.in.share_access = 
+		NTCREATEX_SHARE_ACCESS_DELETE|
+		NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.in.create_options = 0;
+	io.in.fname = fname;
+
+	status = smb2_create(tree, tree, &io);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	*handle = io.out.file.handle;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  create and return a handle to a test file
+*/
+NTSTATUS torture_smb2_testfile(struct smb2_tree *tree, const char *fname,
+			       struct smb2_handle *handle)
+{
+	return torture_smb2_testfile_access(tree, fname, handle,
+					    SEC_RIGHTS_FILE_ALL);
+}
+
+/*
+  create and return a handle to a test file
+  with a specific access mask
+*/
+NTSTATUS torture_smb2_open(struct smb2_tree *tree,
+			   const char *fname,
+			   uint32_t desired_access,
+			   struct smb2_handle *handle)
+{
+	struct smb2_create io;
+	NTSTATUS status;
+
+	io = (struct smb2_create) {
+		.in.fname = fname,
+		.in.desired_access = desired_access,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+	};
+
+	status = smb2_create(tree, tree, &io);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	*handle = io.out.file.handle;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  create and return a handle to a test directory
+  with specific desired access
+*/
+NTSTATUS torture_smb2_testdir_access(struct smb2_tree *tree, const char *fname,
+				     struct smb2_handle *handle,
+				     uint32_t desired_access)
+{
+	struct smb2_create io;
+	NTSTATUS status;
+
+	ZERO_STRUCT(io);
+	io.in.oplock_level = 0;
+	io.in.desired_access = desired_access;
+	io.in.file_attributes   = FILE_ATTRIBUTE_DIRECTORY;
+	io.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.in.share_access = NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE;
+	io.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.in.fname = fname;
+
+	status = smb2_create(tree, tree, &io);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	*handle = io.out.file.handle;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  create and return a handle to a test directory
+*/
+NTSTATUS torture_smb2_testdir(struct smb2_tree *tree, const char *fname,
+			      struct smb2_handle *handle)
+{
+	return torture_smb2_testdir_access(tree, fname, handle,
+					   SEC_RIGHTS_DIR_ALL);
+}
+
+/*
+  create a simple file using the SMB2 protocol
+*/
+NTSTATUS smb2_create_simple_file(struct torture_context *tctx,
+				 struct smb2_tree *tree, const char *fname,
+				 struct smb2_handle *handle)
+{
+	char buf[7] = "abc";
+	NTSTATUS status;
+
+	smb2_util_unlink(tree, fname);
+	status = torture_smb2_testfile_access(tree,
+					      fname, handle,
+					      SEC_FLAG_MAXIMUM_ALLOWED);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	status = smb2_util_write(tree, *handle, buf, 0, sizeof(buf));
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	return NT_STATUS_OK;
+}
+
+/*
+  create a simple file using SMB2.
+*/
+NTSTATUS torture_setup_simple_file(struct torture_context *tctx,
+				   struct smb2_tree *tree, const char *fname)
+{
+	struct smb2_handle handle;
+	NTSTATUS status = smb2_create_simple_file(tctx, tree, fname, &handle);
+	NT_STATUS_NOT_OK_RETURN(status);
+	return smb2_util_close(tree, handle);
+}
+
+/*
+  create a complex file using SMB2, to make it easier to
+  find fields in SMB2 getinfo levels
+*/
+NTSTATUS torture_setup_complex_file(struct torture_context *tctx,
+				    struct smb2_tree *tree, const char *fname)
+{
+	struct smb2_handle handle;
+	NTSTATUS status = smb2_create_complex_file(tctx, tree, fname, &handle);
+	NT_STATUS_NOT_OK_RETURN(status);
+	return smb2_util_close(tree, handle);
+}
+
+
+/*
+  create a complex dir using SMB2, to make it easier to
+  find fields in SMB2 getinfo levels
+*/
+NTSTATUS torture_setup_complex_dir(struct torture_context *tctx,
+				   struct smb2_tree *tree, const char *fname)
+{
+	struct smb2_handle handle;
+	NTSTATUS status = smb2_create_complex_dir(tctx, tree, fname, &handle);
+	NT_STATUS_NOT_OK_RETURN(status);
+	return smb2_util_close(tree, handle);
+}
+
+
+/*
+  return a handle to the root of the share
+*/
+NTSTATUS smb2_util_roothandle(struct smb2_tree *tree, struct smb2_handle *handle)
+{
+	struct smb2_create io;
+	NTSTATUS status;
+
+	ZERO_STRUCT(io);
+	io.in.oplock_level = 0;
+	io.in.desired_access = SEC_STD_SYNCHRONIZE | SEC_DIR_READ_ATTRIBUTE | SEC_DIR_LIST;
+	io.in.file_attributes   = 0;
+	io.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.in.share_access = NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE;
+	io.in.create_options = NTCREATEX_OPTIONS_ASYNC_ALERT;
+	io.in.fname = "";
+
+	status = smb2_create(tree, tree, &io);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	*handle = io.out.file.handle;
+
+	return NT_STATUS_OK;
+}
+
+/* Comparable to torture_setup_dir, but for SMB2. */
+bool smb2_util_setup_dir(struct torture_context *tctx, struct smb2_tree *tree,
+    const char *dname)
+{
+	NTSTATUS status;
+
+	/* XXX: smb_raw_exit equivalent?
+	smb_raw_exit(cli->session); */
+	if (smb2_deltree(tree, dname) == -1) {
+		torture_result(tctx, TORTURE_ERROR, "Unable to deltree when setting up %s.\n", dname);
+		return false;
+	}
+
+	status = smb2_util_mkdir(tree, dname);
+	if (NT_STATUS_IS_ERR(status)) {
+		torture_result(tctx, TORTURE_ERROR, "Unable to mkdir when setting up %s - %s\n", dname,
+		    nt_errstr(status));
+		return false;
+	}
+
+	return true;
+}
+
+#define CHECK_STATUS(status, correct) do { \
+	if (!NT_STATUS_EQUAL(status, correct)) { \
+		torture_result(tctx, TORTURE_FAIL, "(%s) Incorrect status %s - should be %s\n", \
+		       __location__, nt_errstr(status), nt_errstr(correct)); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+/*
+ * Helper function to verify a security descriptor, by querying
+ * and comparing against the passed in sd.
+ */
+bool smb2_util_verify_sd(TALLOC_CTX *tctx, struct smb2_tree *tree,
+    struct smb2_handle handle, struct security_descriptor *sd)
+{
+	NTSTATUS status;
+	bool ret = true;
+	union smb_fileinfo q = {};
+
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.handle = handle;
+	q.query_secdesc.in.secinfo_flags =
+	    SECINFO_OWNER |
+	    SECINFO_GROUP |
+	    SECINFO_DACL;
+	status = smb2_getinfo_file(tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	if (!security_acl_equal(
+	    q.query_secdesc.out.sd->dacl, sd->dacl)) {
+		torture_warning(tctx, "%s: security descriptors don't match!\n",
+		    __location__);
+		torture_warning(tctx, "got:\n");
+		NDR_PRINT_DEBUG(security_descriptor,
+		    q.query_secdesc.out.sd);
+		torture_warning(tctx, "expected:\n");
+		NDR_PRINT_DEBUG(security_descriptor, sd);
+		ret = false;
+	}
+
+ done:
+	return ret;
+}
+
+/*
+ * Helper function to verify attributes, by querying
+ * and comparing against the passed in attrib.
+ */
+bool smb2_util_verify_attrib(TALLOC_CTX *tctx, struct smb2_tree *tree,
+    struct smb2_handle handle, uint32_t attrib)
+{
+	NTSTATUS status;
+	bool ret = true;
+	union smb_fileinfo q = {};
+
+	q.standard.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+	q.standard.in.file.handle = handle;
+	status = smb2_getinfo_file(tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	q.all_info2.out.attrib &= ~(FILE_ATTRIBUTE_ARCHIVE | FILE_ATTRIBUTE_NONINDEXED);
+
+	if (q.all_info2.out.attrib != attrib) {
+		torture_warning(tctx, "%s: attributes don't match! "
+		    "got %x, expected %x\n", __location__,
+		    (uint32_t)q.standard.out.attrib,
+		    (uint32_t)attrib);
+		ret = false;
+	}
+
+ done:
+	return ret;
+}
+
+
+uint32_t smb2_util_lease_state(const char *ls)
+{
+	uint32_t val = 0;
+	int i;
+
+	for (i = 0; i < strlen(ls); i++) {
+		switch (ls[i]) {
+		case 'R':
+			val |= SMB2_LEASE_READ;
+			break;
+		case 'H':
+			val |= SMB2_LEASE_HANDLE;
+			break;
+		case 'W':
+			val |= SMB2_LEASE_WRITE;
+			break;
+		}
+	}
+
+	return val;
+}
+
+char *smb2_util_lease_state_string(TALLOC_CTX *mem_ctx, uint32_t ls)
+{
+	return talloc_asprintf(mem_ctx, "0x%0x (%s%s%s)",
+			       (unsigned)ls,
+			       ls & SMB2_LEASE_READ ? "R": "",
+			       ls & SMB2_LEASE_HANDLE ? "H": "",
+			       ls & SMB2_LEASE_WRITE ? "W": "");
+}
+
+uint32_t smb2_util_share_access(const char *sharemode)
+{
+	uint32_t val = NTCREATEX_SHARE_ACCESS_NONE; /* 0 */
+	int i;
+
+	for (i = 0; i < strlen(sharemode); i++) {
+		switch(sharemode[i]) {
+		case 'R':
+			val |= NTCREATEX_SHARE_ACCESS_READ;
+			break;
+		case 'W':
+			val |= NTCREATEX_SHARE_ACCESS_WRITE;
+			break;
+		case 'D':
+			val |= NTCREATEX_SHARE_ACCESS_DELETE;
+			break;
+		}
+	}
+
+	return val;
+}
+
+uint8_t smb2_util_oplock_level(const char *op)
+{
+	uint8_t val = SMB2_OPLOCK_LEVEL_NONE;
+	int i;
+
+	for (i = 0; i < strlen(op); i++) {
+		switch (op[i]) {
+		case 's':
+			return SMB2_OPLOCK_LEVEL_II;
+		case 'x':
+			return SMB2_OPLOCK_LEVEL_EXCLUSIVE;
+		case 'b':
+			return SMB2_OPLOCK_LEVEL_BATCH;
+		default:
+			continue;
+		}
+	}
+
+	return val;
+}
+
+/**
+ * Helper functions to fill a smb2_create struct for several
+ * open scenarios.
+ */
+void smb2_generic_create_share(struct smb2_create *io, struct smb2_lease *ls,
+			       bool dir, const char *name, uint32_t disposition,
+			       uint32_t share_access,
+			       uint8_t oplock, uint64_t leasekey,
+			       uint32_t leasestate)
+{
+	ZERO_STRUCT(*io);
+	io->in.security_flags		= 0x00;
+	io->in.oplock_level		= oplock;
+	io->in.impersonation_level	= NTCREATEX_IMPERSONATION_IMPERSONATION;
+	io->in.create_flags		= 0x00000000;
+	io->in.reserved			= 0x00000000;
+	io->in.desired_access		= SEC_RIGHTS_FILE_ALL;
+	io->in.file_attributes		= FILE_ATTRIBUTE_NORMAL;
+	io->in.share_access		= share_access;
+	io->in.create_disposition	= disposition;
+	io->in.create_options		= NTCREATEX_OPTIONS_SEQUENTIAL_ONLY |
+					  NTCREATEX_OPTIONS_ASYNC_ALERT	|
+					  NTCREATEX_OPTIONS_NON_DIRECTORY_FILE |
+					  0x00200000;
+	io->in.fname			= name;
+
+	if (dir) {
+		io->in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+		io->in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
+		io->in.create_disposition = NTCREATEX_DISP_CREATE;
+	}
+
+	if (ls) {
+		ZERO_STRUCTPN(ls);
+		ls->lease_key.data[0] = leasekey;
+		ls->lease_key.data[1] = ~leasekey;
+		ls->lease_state = leasestate;
+		io->in.lease_request = ls;
+	}
+}
+
+void smb2_generic_create(struct smb2_create *io, struct smb2_lease *ls,
+			 bool dir, const char *name, uint32_t disposition,
+			 uint8_t oplock, uint64_t leasekey,
+			 uint32_t leasestate)
+{
+	smb2_generic_create_share(io, ls, dir, name, disposition,
+				  smb2_util_share_access("RWD"),
+				  oplock,
+				  leasekey, leasestate);
+}
+
+void smb2_lease_create_share(struct smb2_create *io, struct smb2_lease *ls,
+			     bool dir, const char *name, uint32_t share_access,
+			     uint64_t leasekey, uint32_t leasestate)
+{
+	smb2_generic_create_share(io, ls, dir, name, NTCREATEX_DISP_OPEN_IF,
+				  share_access, SMB2_OPLOCK_LEVEL_LEASE,
+				  leasekey, leasestate);
+}
+
+void smb2_lease_create(struct smb2_create *io, struct smb2_lease *ls,
+		       bool dir, const char *name, uint64_t leasekey,
+		       uint32_t leasestate)
+{
+	smb2_lease_create_share(io, ls, dir, name,
+				smb2_util_share_access("RWD"),
+				leasekey, leasestate);
+}
+
+void smb2_lease_v2_create_share(struct smb2_create *io,
+				struct smb2_lease *ls,
+				bool dir,
+				const char *name,
+				uint32_t share_access,
+				uint64_t leasekey,
+				const uint64_t *parentleasekey,
+				uint32_t leasestate,
+				uint16_t lease_epoch)
+{
+	smb2_generic_create_share(io, NULL, dir, name, NTCREATEX_DISP_OPEN_IF,
+				  share_access, SMB2_OPLOCK_LEVEL_LEASE, 0, 0);
+
+	if (ls) {
+		ZERO_STRUCT(*ls);
+		ls->lease_key.data[0] = leasekey;
+		ls->lease_key.data[1] = ~leasekey;
+		ls->lease_state = leasestate;
+		if (parentleasekey != NULL) {
+			ls->lease_flags |= SMB2_LEASE_FLAG_PARENT_LEASE_KEY_SET;
+			ls->parent_lease_key.data[0] = *parentleasekey;
+			ls->parent_lease_key.data[1] = ~(*parentleasekey);
+		}
+		ls->lease_epoch = lease_epoch;
+		io->in.lease_request_v2 = ls;
+	}
+}
+
+void smb2_lease_v2_create(struct smb2_create *io,
+			  struct smb2_lease *ls,
+			  bool dir,
+			  const char *name,
+			  uint64_t leasekey,
+			  const uint64_t *parentleasekey,
+			  uint32_t leasestate,
+			  uint16_t lease_epoch)
+{
+	smb2_lease_v2_create_share(io, ls, dir, name,
+				   smb2_util_share_access("RWD"),
+				   leasekey, parentleasekey,
+				   leasestate, lease_epoch);
+}
+
+
+void smb2_oplock_create_share(struct smb2_create *io, const char *name,
+			      uint32_t share_access, uint8_t oplock)
+{
+	smb2_generic_create_share(io, NULL, false, name, NTCREATEX_DISP_OPEN_IF,
+				  share_access, oplock, 0, 0);
+}
+void smb2_oplock_create(struct smb2_create *io, const char *name, uint8_t oplock)
+{
+	smb2_oplock_create_share(io, name, smb2_util_share_access("RWD"),
+				 oplock);
+}
+
+/*
+   a wrapper around smblsa_sid_check_privilege, that tries to take
+   account of the fact that the lsa privileges calls don't expand
+   group memberships, using an explicit check for administrator. There
+   must be a better way ...
+ */
+NTSTATUS torture_smb2_check_privilege(struct smb2_tree *tree,
+				     const char *sid_str,
+				     const char *privilege)
+{
+	struct dom_sid *sid = NULL;
+	TALLOC_CTX *tmp_ctx = NULL;
+	uint32_t rid;
+	NTSTATUS status;
+
+	tmp_ctx = talloc_new(tree);
+	if (tmp_ctx == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	sid = dom_sid_parse_talloc(tmp_ctx, sid_str);
+	if (sid == NULL) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_INVALID_SID;
+	}
+
+	status = dom_sid_split_rid(tmp_ctx, sid, NULL, &rid);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(tmp_ctx);
+		return status;
+	}
+
+	if (rid == DOMAIN_RID_ADMINISTRATOR) {
+		/* assume the administrator has them all */
+		TALLOC_FREE(tmp_ctx);
+		return NT_STATUS_OK;
+	}
+
+	talloc_free(tmp_ctx);
+
+	return smb2lsa_sid_check_privilege(tree, sid_str, privilege);
+}
diff --git a/source4/torture/smb2/wscript_build b/source4/torture/smb2/wscript_build
new file mode 100644
index 0000000..533639c
--- /dev/null
+++ b/source4/torture/smb2/wscript_build
@@ -0,0 +1,59 @@
+#!/usr/bin/env python
+
+bld.SAMBA_MODULE('TORTURE_SMB2',
+	source='''
+        acls.c
+        attr.c
+        block.c
+        bench.c
+        charset.c
+        compound.c
+        connect.c
+        create.c
+        credits.c
+        delete-on-close.c
+        deny.c
+        dir.c
+        dosmode.c
+        durable_open.c
+        durable_v2_open.c
+        ea.c
+        getinfo.c
+        ioctl.c
+        lease.c
+        lease_break_handler.c
+        lock.c
+        max_allowed.c
+        mangle.c
+        maxfid.c
+        maxwrite.c
+        mkdir.c
+        multichannel.c
+        oplock_break_handler.c
+        notify.c
+        notify_disabled.c
+        oplock.c
+        read.c
+        read_write.c
+        rename.c
+        replay.c
+        scan.c
+        secleak.c
+        session.c
+        sessid.c
+        setinfo.c
+        sharemode.c
+        smb2.c
+        streams.c
+        samba3misc.c
+        tcon.c
+        timestamps.c
+        util.c
+        ''',
+	subsystem='smbtorture',
+	deps='LIBCLI_SMB2 torture NDR_IOCTL CMDLINE_S4',
+	internal_module=True,
+	autoproto='proto.h',
+	init_function='torture_smb2_init'
+	)
+
diff --git a/source4/torture/smbtorture.c b/source4/torture/smbtorture.c
new file mode 100644
index 0000000..d9e90ea
--- /dev/null
+++ b/source4/torture/smbtorture.c
@@ -0,0 +1,770 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB torture tester
+   Copyright (C) Andrew Tridgell 1997-2003
+   Copyright (C) Jelmer Vernooij 2006-2008
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/cmdline/cmdline.h"
+#include "system/time.h"
+#include "system/wait.h"
+#include "system/filesys.h"
+#include "system/readline.h"
+#include "../libcli/smbreadline/smbreadline.h"
+#include "libcli/libcli.h"
+#include "lib/events/events.h"
+
+#include "torture/smbtorture.h"
+#include "librpc/rpc/dcerpc.h"
+#include "auth/gensec/gensec.h"
+#include "param/param.h"
+#include "lib/util/samba_modules.h"
+
+#ifdef HAVE_READLINE_HISTORY_H
+#include <readline/history.h>
+#endif
+
+static int use_fullname;
+
+static char *prefix_name(TALLOC_CTX *mem_ctx, const char *prefix, const char *name)
+{
+	if (prefix == NULL)
+		return talloc_strdup(mem_ctx, name);
+	else
+		return talloc_asprintf(mem_ctx, "%s.%s", prefix, name);
+}
+
+static void print_test_list(const struct torture_suite *suite, const char *prefix, const char *expr)
+{
+	struct torture_suite *o;
+	struct torture_tcase *t;
+	struct torture_test *p;
+
+	for (o = suite->children; o; o = o->next) {
+		char *name = prefix_name(NULL, prefix, o->name);
+		print_test_list(o, name, expr);
+		talloc_free(name);
+	}
+
+	for (t = suite->testcases; t; t = t->next) {
+		for (p = t->tests; p; p = p->next) {
+			char *name = talloc_asprintf(NULL, "%s.%s.%s", prefix, t->name, p->name);
+			if (strncmp(name, expr, strlen(expr)) == 0) {
+				printf("%s\n", name);
+			}
+			talloc_free(name);
+		}
+	}
+}
+
+static bool run_matching(struct torture_context *torture,
+						 const char *prefix, 
+						 const char *expr,
+						 const char **restricted,
+						 struct torture_suite *suite,
+						 bool *matched)
+{
+	bool ret = true;
+	struct torture_suite *o;
+	struct torture_tcase *t;
+	struct torture_test *p;
+
+	for (o = suite->children; o; o = o->next) {
+		char *name = NULL;
+		name = prefix_name(torture, prefix, o->name);
+		if (gen_fnmatch(expr, name) == 0) {
+			*matched = true;
+			reload_charcnv(torture->lp_ctx);
+			if (use_fullname == 1) {
+				torture_subunit_prefix_reset(torture, prefix);
+			}
+			ret &= torture_run_suite_restricted(torture, o, restricted);
+			if (use_fullname == 1) {
+				torture_subunit_prefix_reset(torture, NULL);
+			}
+			/*
+			 * torture_run_suite_restricted() already implements
+			 * recursion, so we're done with this child suite.
+			 */
+			continue;
+		}
+		ret &= run_matching(torture, name, expr, restricted, o, matched);
+	}
+
+	for (t = suite->testcases; t; t = t->next) {
+		char *tname = prefix_name(torture, prefix, t->name);
+		if (gen_fnmatch(expr, tname) == 0) {
+			*matched = true;
+			reload_charcnv(torture->lp_ctx);
+			if (use_fullname == 1) {
+				torture_subunit_prefix_reset(torture, prefix);
+			}
+			ret &= torture_run_tcase_restricted(torture, t, restricted);
+			if (use_fullname == 1) {
+				torture_subunit_prefix_reset(torture, NULL);
+			}
+			/*
+			 * torture_run_tcase_restricted() already implements
+			 * recursion, so we're done for this tcase.
+			 */
+			continue;
+		}
+		for (p = t->tests; p; p = p->next) {
+			char *pname = prefix_name(torture, tname, p->name);
+			if (gen_fnmatch(expr, pname) == 0) {
+				*matched = true;
+				reload_charcnv(torture->lp_ctx);
+				if (use_fullname == 1) {
+					torture_subunit_prefix_reset(torture,
+								     tname);
+				}
+				ret &= torture_run_test_restricted(torture, t, p, restricted);
+				if (use_fullname == 1) {
+					torture_subunit_prefix_reset(torture,
+								     NULL);
+				}
+			}
+		}
+	}
+
+	return ret;
+}
+
+#define MAX_COLS 80 /* FIXME: Determine this at run-time */
+
+/****************************************************************************
+run a specified test or "ALL"
+****************************************************************************/
+bool torture_run_named_tests(struct torture_context *torture, const char *name,
+			    const char **restricted)
+{
+	bool ret = true;
+	bool matched = false;
+	struct torture_suite *o;
+
+	torture_ui_report_time(torture);
+
+	if (strequal(name, "ALL")) {
+		if (restricted != NULL) {
+			printf("--load-list and ALL are incompatible\n");
+			return false;
+		}
+		for (o = torture_root->children; o; o = o->next) {
+			ret &= torture_run_suite(torture, o);
+		}
+		return ret;
+	}
+
+	ret = run_matching(torture, NULL, name, restricted, torture_root, &matched);
+
+	if (!matched) {
+		printf("Unknown torture operation '%s'\n", name);
+		return false;
+	}
+
+	return ret;
+}
+
+bool torture_parse_target(TALLOC_CTX *ctx,
+				struct loadparm_context *lp_ctx,
+				const char *target)
+{
+	char *host = NULL, *share = NULL;
+	struct dcerpc_binding *binding_struct;
+	NTSTATUS status;
+
+	/* see if its a RPC transport specifier */
+	if (!smbcli_parse_unc(target, NULL, &host, &share)) {
+		const char *h;
+
+		status = dcerpc_parse_binding(ctx, target, &binding_struct);
+		if (NT_STATUS_IS_ERR(status)) {
+			d_printf("Invalid option: %s is not a valid torture target (share or binding string)\n\n", target);
+			return false;
+		}
+
+		h = dcerpc_binding_get_string_option(binding_struct, "host");
+		host = discard_const_p(char, h);
+		if (host != NULL) {
+			lpcfg_set_cmdline(lp_ctx, "torture:host", host);
+		}
+
+		if (lpcfg_parm_string(lp_ctx, NULL, "torture", "share") == NULL)
+			lpcfg_set_cmdline(lp_ctx, "torture:share", "IPC$");
+		lpcfg_set_cmdline(lp_ctx, "torture:binding", target);
+	} else {
+		lpcfg_set_cmdline(lp_ctx, "torture:host", host);
+		lpcfg_set_cmdline(lp_ctx, "torture:share", share);
+		lpcfg_set_cmdline(lp_ctx, "torture:binding", host);
+	}
+
+	return true;
+}
+
+static void parse_dns(struct loadparm_context *lp_ctx, const char *dns)
+{
+	char *userdn, *basedn, *secret;
+	char *p, *d;
+
+	/* retrieve the userdn */
+	p = strchr_m(dns, '#');
+	if (!p) {
+		lpcfg_set_cmdline(lp_ctx, "torture:ldap_userdn", "");
+		lpcfg_set_cmdline(lp_ctx, "torture:ldap_basedn", "");
+		lpcfg_set_cmdline(lp_ctx, "torture:ldap_secret", "");
+		return;
+	}
+	userdn = strndup(dns, p - dns);
+	lpcfg_set_cmdline(lp_ctx, "torture:ldap_userdn", userdn);
+
+	/* retrieve the basedn */
+	d = p + 1;
+	p = strchr_m(d, '#');
+	if (!p) {
+		lpcfg_set_cmdline(lp_ctx, "torture:ldap_basedn", "");
+		lpcfg_set_cmdline(lp_ctx, "torture:ldap_secret", "");
+		return;
+	}
+	basedn = strndup(d, p - d);
+	lpcfg_set_cmdline(lp_ctx, "torture:ldap_basedn", basedn);
+
+	/* retrieve the secret */
+	p = p + 1;
+	if (!p) {
+		lpcfg_set_cmdline(lp_ctx, "torture:ldap_secret", "");
+		return;
+	}
+	secret = strdup(p);
+	lpcfg_set_cmdline(lp_ctx, "torture:ldap_secret", secret);
+
+	printf ("%s - %s - %s\n", userdn, basedn, secret);
+
+}
+
+/* Print the full test list, formatted into separate labelled test
+ * groups.
+ */
+static void print_structured_testsuite_list(void)
+{
+	struct torture_suite *o;
+	struct torture_suite *s;
+	struct torture_tcase *t;
+	int i;
+
+	if (torture_root == NULL) {
+	    printf("NO TESTS LOADED\n");
+	    return;
+	}
+
+	for (o = torture_root->children; o; o = o->next) {
+		printf("\n%s (%s):\n  ", o->description, o->name);
+
+		i = 0;
+		for (s = o->children; s; s = s->next) {
+			if (i + strlen(o->name) + strlen(s->name) >= (MAX_COLS - 3)) {
+				printf("\n  ");
+				i = 0;
+			}
+			i+=printf("%s.%s ", o->name, s->name);
+		}
+
+		for (t = o->testcases; t; t = t->next) {
+			if (i + strlen(o->name) + strlen(t->name) >= (MAX_COLS - 3)) {
+				printf("\n  ");
+				i = 0;
+			}
+			i+=printf("%s.%s ", o->name, t->name);
+		}
+
+		if (i) printf("\n");
+	}
+
+	printf("\nThe default test is ALL.\n");
+}
+
+static void print_testsuite_list(void)
+{
+	struct torture_suite *o;
+	struct torture_suite *s;
+	struct torture_tcase *t;
+
+	if (torture_root == NULL)
+		return;
+
+	for (o = torture_root->children; o; o = o->next) {
+		for (s = o->children; s; s = s->next) {
+			printf("%s.%s\n", o->name, s->name);
+		}
+
+		for (t = o->testcases; t; t = t->next) {
+			printf("%s.%s\n", o->name, t->name);
+		}
+	}
+}
+
+void torture_print_testsuites(bool structured)
+{
+	if (structured) {
+		print_structured_testsuite_list();
+	} else {
+		print_testsuite_list();
+	}
+}
+
+static void usage(poptContext pc)
+{
+	poptPrintUsage(pc, stdout, 0);
+	printf("\n");
+
+	printf("The binding format is:\n\n");
+
+	printf("  TRANSPORT:host[flags]\n\n");
+
+	printf("  where TRANSPORT is either ncacn_np for SMB, ncacn_ip_tcp for RPC/TCP\n");
+	printf("  or ncalrpc for local connections.\n\n");
+
+	printf("  'host' is an IP or hostname or netbios name. If the binding string\n");
+	printf("  identifies the server side of an endpoint, 'host' may be an empty\n");
+	printf("  string.\n\n");
+
+	printf("  'flags' can include a SMB pipe name if using the ncacn_np transport or\n");
+	printf("  a TCP port number if using the ncacn_ip_tcp transport, otherwise they\n");
+	printf("  will be auto-determined.\n\n");
+
+	printf("  other recognised flags are:\n\n");
+
+	printf("    sign : enable ntlmssp signing\n");
+	printf("    seal : enable ntlmssp sealing\n");
+	printf("    connect : enable rpc connect level auth (auth, but no sign or seal)\n");
+	printf("    validate: enable the NDR validator\n");
+	printf("    print: enable debugging of the packets\n");
+	printf("    bigendian: use bigendian RPC\n");
+	printf("    padcheck: check reply data for non-zero pad bytes\n\n");
+
+	printf("  For example, these all connect to the samr pipe:\n\n");
+
+	printf("    ncacn_np:myserver\n");
+	printf("    ncacn_np:myserver[samr]\n");
+	printf("    ncacn_np:myserver[\\pipe\\samr]\n");
+	printf("    ncacn_np:myserver[/pipe/samr]\n");
+	printf("    ncacn_np:myserver[samr,sign,print]\n");
+	printf("    ncacn_np:myserver[\\pipe\\samr,sign,seal,bigendian]\n");
+	printf("    ncacn_np:myserver[/pipe/samr,seal,validate]\n");
+	printf("    ncacn_np:\n");
+	printf("    ncacn_np:[/pipe/samr]\n\n");
+
+	printf("    ncacn_ip_tcp:myserver\n");
+	printf("    ncacn_ip_tcp:myserver[1024]\n");
+	printf("    ncacn_ip_tcp:myserver[1024,sign,seal]\n\n");
+
+	printf("    ncalrpc:\n\n");
+
+	printf("The UNC format is:\n\n");
+
+	printf("  //server/share\n\n");
+
+	printf("Tests are:");
+
+	print_structured_testsuite_list();
+
+}
+
+_NORETURN_ static void max_runtime_handler(int sig)
+{
+	DEBUG(0,("maximum runtime exceeded for smbtorture - terminating\n"));
+	exit(1);
+}
+
+/****************************************************************************
+  main program
+****************************************************************************/
+int main(int argc, const char *argv[])
+{
+	int opt, i;
+	bool correct = true;
+	int max_runtime=0;
+	int argc_new;
+	struct torture_context *torture;
+	struct torture_results *results;
+	const struct torture_ui_ops *ui_ops;
+	char **argv_new;
+	poptContext pc;
+	static const char *target = "other";
+	NTSTATUS status;
+	int shell = false;
+	static const char *ui_ops_name = "subunit";
+	const char *basedir = NULL;
+	char *outputdir;
+	const char *extra_module = NULL;
+	static int list_tests = 0, list_testsuites = 0;
+	int num_extra_users = 0;
+	const char **restricted = NULL;
+	int num_restricted = -1;
+	const char *load_list = NULL;
+	enum {OPT_LOADFILE=1000,OPT_UNCLIST,OPT_TIMELIMIT,OPT_DNS, OPT_LIST,
+	      OPT_DANGEROUS,OPT_SMB_PORTS,OPT_ASYNC,OPT_NUMPROGS,
+	      OPT_EXTRA_USER,};
+	TALLOC_CTX *mem_ctx = NULL;
+	struct loadparm_context *lp_ctx = NULL;
+	bool ok;
+
+	struct poptOption long_options[] = {
+		POPT_AUTOHELP
+		{"fullname",	0, POPT_ARG_NONE, &use_fullname, 0,
+		 "use full name for the test", NULL },
+		{"format", 0, POPT_ARG_STRING, &ui_ops_name, 0, "Output format (one of: simple, subunit)", NULL },
+		{"smb-ports",	'p', POPT_ARG_STRING, NULL,     OPT_SMB_PORTS,	"SMB ports", 	NULL},
+		{"basedir",	  0, POPT_ARG_STRING, &basedir, 0, "base directory", "BASEDIR" },
+		{"seed",	  0, POPT_ARG_INT,  &torture_seed, 	0,	"Seed to use for randomizer", 	NULL},
+		{"num-progs",	  0, POPT_ARG_INT,  NULL, 	OPT_NUMPROGS,	"num progs",	NULL},
+		{"num-ops",	  0, POPT_ARG_INT,  &torture_numops, 	0, 	"num ops",	NULL},
+		{"entries",	  0, POPT_ARG_INT,  &torture_entries, 	0,	"entries",	NULL},
+		{"loadfile",	  0, POPT_ARG_STRING,	NULL, 	OPT_LOADFILE,	"NBench load file to use", 	NULL},
+		{"list-suites", 	  0, POPT_ARG_NONE, &list_testsuites, 0, "List available testsuites and exit", NULL },
+		{"list", 	  0, POPT_ARG_NONE, &list_tests, 0, "List available tests in specified suites and exit", NULL },
+		{"unclist",	  0, POPT_ARG_STRING,	NULL, 	OPT_UNCLIST,	"unclist", 	NULL},
+		{"timelimit",	't', POPT_ARG_INT,	NULL, 	OPT_TIMELIMIT,	"Set time limit (in seconds)", 	NULL},
+		{"failures",	'f', POPT_ARG_INT,  &torture_failures, 	0,	"failures", 	NULL},
+		{"parse-dns",	'D', POPT_ARG_STRING,	NULL, 	OPT_DNS,	"parse-dns", 	NULL},
+		{"dangerous",	'X', POPT_ARG_NONE,	NULL,   OPT_DANGEROUS,
+		 "run dangerous tests (eg. wiping out password database)", NULL},
+		{"load-module",  0,  POPT_ARG_STRING, &extra_module,     0, "load tests from DSO file",    "SOFILE"},
+                {"shell",               0, POPT_ARG_NONE, &shell, true, "Run shell", NULL},
+		{"target", 		'T', POPT_ARG_STRING, &target, 0, "samba3|samba4|other", NULL},
+		{"async",       'a', POPT_ARG_NONE,     NULL,   OPT_ASYNC,
+		 "run async tests", NULL},
+		{"num-async",    0, POPT_ARG_INT,  &torture_numasync,  0,
+		 "number of simultaneous async requests", NULL},
+		{"maximum-runtime", 0, POPT_ARG_INT, &max_runtime, 0, 
+		 "set maximum time for smbtorture to live", "seconds"},
+		{"extra-user",   0, POPT_ARG_STRING, NULL, OPT_EXTRA_USER,
+		 "extra user credentials", NULL},
+		{"load-list", 0, POPT_ARG_STRING, &load_list, 0,
+	     "load a test id list from a text file", NULL},
+		POPT_COMMON_SAMBA
+		POPT_COMMON_CONNECTION
+		POPT_COMMON_CREDENTIALS
+		POPT_COMMON_VERSION
+		POPT_LEGACY_S4
+		POPT_TABLEEND
+	};
+
+	setlinebuf(stdout);
+
+	mem_ctx = talloc_named_const(NULL, 0, "torture_ctx");
+	if (mem_ctx == NULL) {
+		printf("Unable to allocate torture_ctx\n");
+		exit(1);
+	}
+
+	printf("smbtorture %s\n", samba_version_string());
+
+	/* we are never interested in SIGPIPE */
+	BlockSignals(true, SIGPIPE);
+
+	ok = samba_cmdline_init(mem_ctx,
+				SAMBA_CMDLINE_CONFIG_CLIENT,
+				false /* require_smbconf */);
+	if (!ok) {
+		DBG_ERR("Unable to init cmdline parser\n");
+		TALLOC_FREE(mem_ctx);
+		exit(1);
+	}
+
+	pc = samba_popt_get_context(getprogname(),
+				    argc,
+				    argv,
+				    long_options,
+				    POPT_CONTEXT_KEEP_FIRST);
+	if (pc == NULL) {
+		DBG_ERR("Failed cmdline parser\n");
+		TALLOC_FREE(mem_ctx);
+		exit(1);
+	}
+
+	poptSetOtherOptionHelp(pc, "<binding>|<unc> TEST1 TEST2 ...");
+
+	lp_ctx = samba_cmdline_get_lp_ctx();
+
+	while((opt = poptGetNextOpt(pc)) != -1) {
+		switch (opt) {
+		case OPT_LOADFILE:
+			lpcfg_set_cmdline(lp_ctx, "torture:loadfile", poptGetOptArg(pc));
+			break;
+		case OPT_UNCLIST:
+			lpcfg_set_cmdline(lp_ctx, "torture:unclist", poptGetOptArg(pc));
+			break;
+		case OPT_TIMELIMIT:
+			lpcfg_set_cmdline(lp_ctx, "torture:timelimit", poptGetOptArg(pc));
+			break;
+		case OPT_NUMPROGS:
+			lpcfg_set_cmdline(lp_ctx, "torture:nprocs", poptGetOptArg(pc));
+			break;
+		case OPT_DNS:
+			parse_dns(lp_ctx, poptGetOptArg(pc));
+			break;
+		case OPT_DANGEROUS:
+			lpcfg_set_cmdline(lp_ctx, "torture:dangerous", "Yes");
+			break;
+		case OPT_ASYNC:
+			lpcfg_set_cmdline(lp_ctx, "torture:async", "Yes");
+			break;
+		case OPT_SMB_PORTS:
+			lpcfg_set_cmdline(lp_ctx, "smb ports", poptGetOptArg(pc));
+			break;
+		case OPT_EXTRA_USER:
+			{
+				char *option = talloc_asprintf(mem_ctx,
+						"torture:extra_user%u",
+						++num_extra_users);
+				const char *value = poptGetOptArg(pc);
+				if (option == NULL) {
+					printf("talloc fail\n");
+					talloc_free(mem_ctx);
+					exit(1);
+				}
+				lpcfg_set_cmdline(lp_ctx, option, value);
+				talloc_free(option);
+			}
+			break;
+		default:
+			if (opt < 0) {
+				printf("Invalid command line option %s (%d)\n",
+				       poptBadOption(pc, 0),
+				       opt);
+				talloc_free(mem_ctx);
+				exit(1);
+			}
+		}
+	}
+
+	if (load_list != NULL) {
+		char **r;
+		r = file_lines_load(load_list, &num_restricted, 0, mem_ctx);
+		restricted = discard_const_p(const char *, r);
+		if (restricted == NULL) {
+			printf("Unable to read load list file '%s'\n", load_list);
+			talloc_free(mem_ctx);
+			exit(1);
+		}
+	}
+
+	if (strcmp(target, "samba3") == 0) {
+		lpcfg_set_cmdline(lp_ctx, "torture:samba3", "true");
+		lpcfg_set_cmdline(lp_ctx, "torture:resume_key_support", "false");
+	} else if (strcmp(target, "samba4") == 0) {
+		lpcfg_set_cmdline(lp_ctx, "torture:samba4", "true");
+	} else if (strcmp(target, "samba4-ntvfs") == 0) {
+		lpcfg_set_cmdline(lp_ctx, "torture:samba4", "true");
+		lpcfg_set_cmdline(lp_ctx, "torture:samba4-ntvfs", "true");
+	} else if (strcmp(target, "winxp") == 0) {
+		lpcfg_set_cmdline(lp_ctx, "torture:winxp", "true");
+	} else if (strcmp(target, "w2k3") == 0) {
+		lpcfg_set_cmdline(lp_ctx, "torture:w2k3", "true");
+	} else if (strcmp(target, "w2k8") == 0) {
+		lpcfg_set_cmdline(lp_ctx, "torture:w2k8", "true");
+		lpcfg_set_cmdline(lp_ctx,
+		    "torture:invalid_lock_range_support", "false");
+	} else if (strcmp(target, "w2k12") == 0) {
+		lpcfg_set_cmdline(lp_ctx, "torture:w2k12", "true");
+	} else if (strcmp(target, "win7") == 0) {
+		lpcfg_set_cmdline(lp_ctx, "torture:win7", "true");
+		lpcfg_set_cmdline(lp_ctx, "torture:resume_key_support", "false");
+		lpcfg_set_cmdline(lp_ctx, "torture:rewind_support", "false");
+
+		/* RAW-SEARCH for fails for inexplicable reasons against win7 */
+		lpcfg_set_cmdline(lp_ctx, "torture:search_ea_support", "false");
+
+		lpcfg_set_cmdline(lp_ctx, "torture:hide_on_access_denied",
+		    "true");
+	} else if (strcmp(target, "onefs") == 0) {
+		lpcfg_set_cmdline(lp_ctx, "torture:onefs", "true");
+		lpcfg_set_cmdline(lp_ctx, "torture:openx_deny_dos_support",
+		    "false");
+		lpcfg_set_cmdline(lp_ctx, "torture:range_not_locked_on_file_close", "false");
+		lpcfg_set_cmdline(lp_ctx, "torture:sacl_support", "false");
+		lpcfg_set_cmdline(lp_ctx, "torture:ea_support", "false");
+		lpcfg_set_cmdline(lp_ctx, "torture:smbexit_pdu_support",
+		    "false");
+		lpcfg_set_cmdline(lp_ctx, "torture:smblock_pdu_support",
+		    "false");
+		lpcfg_set_cmdline(lp_ctx, "torture:2_step_break_to_none",
+		    "true");
+		lpcfg_set_cmdline(lp_ctx, "torture:deny_dos_support", "false");
+		lpcfg_set_cmdline(lp_ctx, "torture:deny_fcb_support", "false");
+		lpcfg_set_cmdline(lp_ctx, "torture:read_support", "false");
+		lpcfg_set_cmdline(lp_ctx, "torture:writeclose_support", "false");
+		lpcfg_set_cmdline(lp_ctx, "torture:resume_key_support", "false");
+		lpcfg_set_cmdline(lp_ctx, "torture:rewind_support", "false");
+		lpcfg_set_cmdline(lp_ctx, "torture:raw_search_search", "false");
+		lpcfg_set_cmdline(lp_ctx, "torture:search_ea_size", "false");
+	}
+
+	if (max_runtime) {
+		/* this will only work if nobody else uses alarm(),
+		   which means it won't work for some tests, but we
+		   can't use the event context method we use for smbd
+		   as so many tests create their own event
+		   context. This will at least catch most cases. */
+		signal(SIGALRM, max_runtime_handler);
+		alarm(max_runtime);
+	}
+
+	if (extra_module != NULL) {
+		init_module_fn fn = load_module(poptGetOptArg(pc), false, NULL);
+
+		if (fn == NULL) 
+			d_printf("Unable to load module from %s\n", poptGetOptArg(pc));
+		else {
+			status = fn(mem_ctx);
+			if (NT_STATUS_IS_ERR(status)) {
+				d_printf("Error initializing module %s: %s\n", 
+					poptGetOptArg(pc), nt_errstr(status));
+			}
+		}
+	} else { 
+		torture_init(mem_ctx);
+	}
+
+	if (list_testsuites) {
+		print_testsuite_list();
+		poptFreeContext(pc);
+		talloc_free(mem_ctx);
+		return 0;
+	}
+
+	argv_new = discard_const_p(char *, poptGetArgs(pc));
+
+	argc_new = argc;
+	for (i=0; i<argc; i++) {
+		if (argv_new[i] == NULL) {
+			argc_new = i;
+			break;
+		}
+	}
+
+	if (list_tests) {
+		if (argc_new == 1) {
+			print_test_list(torture_root, NULL, "");
+		} else {
+			for (i=1;i<argc_new;i++) {
+				print_test_list(torture_root, NULL, argv_new[i]);
+			}
+		}
+		poptFreeContext(pc);
+		talloc_free(mem_ctx);
+		return 0;
+	}
+
+	if (torture_seed == 0) {
+		torture_seed = time(NULL);
+	} 
+	printf("Using seed %d\n", torture_seed);
+	srandom(torture_seed);
+
+	if (!strcmp(ui_ops_name, "simple")) {
+		ui_ops = &torture_simple_ui_ops;
+	} else if (!strcmp(ui_ops_name, "subunit")) {
+		ui_ops = &torture_subunit_ui_ops;
+	} else {
+		printf("Unknown output format '%s'\n", ui_ops_name);
+		talloc_free(mem_ctx);
+		exit(1);
+	}
+
+	results = torture_results_init(mem_ctx, ui_ops);
+
+	torture = torture_context_init(s4_event_context_init(mem_ctx),
+	                               results);
+	if (basedir != NULL) {
+		if (basedir[0] != '/') {
+			fprintf(stderr, "Please specify an absolute path to --basedir\n");
+			poptFreeContext(pc);
+			talloc_free(mem_ctx);
+			return 1;
+		}
+		outputdir = talloc_asprintf(torture, "%s/smbtortureXXXXXX", basedir);
+	} else {
+		char *pwd = talloc_size(torture, PATH_MAX);
+		if (!getcwd(pwd, PATH_MAX)) {
+			fprintf(stderr, "Unable to determine current working directory\n");
+			poptFreeContext(pc);
+			talloc_free(mem_ctx);
+			return 1;
+		}
+		outputdir = talloc_asprintf(torture, "%s/smbtortureXXXXXX", pwd);
+	}
+	if (!outputdir) {
+		fprintf(stderr, "Could not allocate per-run output dir\n");
+		poptFreeContext(pc);
+		talloc_free(mem_ctx);
+		return 1;
+	}
+	torture->outputdir = mkdtemp(outputdir);
+	if (!torture->outputdir) {
+		perror("Failed to make temp output dir");
+		poptFreeContext(pc);
+		talloc_free(mem_ctx);
+		return 1;
+	}
+
+	torture->lp_ctx = lp_ctx;
+
+	gensec_init();
+
+	if (shell) {
+		/* In shell mode, just ignore any remaining test names. */
+		torture_shell(torture);
+	} else {
+
+		/* At this point, we should just have a target string,
+		 * followed by a series of test names. Unless we are in
+		 * shell mode, in which case we don't need anything more.
+		 */
+
+		if (argc_new < 3) {
+			printf("You must specify a test to run, or 'ALL'\n");
+			usage(pc);
+			torture->results->returncode = 1;
+		} else if (!torture_parse_target(torture,
+					lp_ctx, argv_new[1])) {
+			/* Take the target name or binding. */
+			usage(pc);
+			torture->results->returncode = 1;
+		} else {
+			for (i=2;i<argc_new;i++) {
+				if (!torture_run_named_tests(torture, argv_new[i],
+					    (const char **)restricted)) {
+					correct = false;
+				}
+			}
+		}
+	}
+
+	/* Now delete the temp dir we created */
+	torture_deltree_outputdir(torture);
+
+	if (torture->results->returncode && correct) {
+		poptFreeContext(pc);
+		talloc_free(mem_ctx);
+		return(0);
+	} else {
+		poptFreeContext(pc);
+		talloc_free(mem_ctx);
+		return(1);
+	}
+}
diff --git a/source4/torture/smbtorture.h b/source4/torture/smbtorture.h
new file mode 100644
index 0000000..3a72e29
--- /dev/null
+++ b/source4/torture/smbtorture.h
@@ -0,0 +1,146 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB torture tester
+   Copyright (C) Andrew Tridgell 1997-2003
+   Copyright (C) Jelmer Vernooij 2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __SMBTORTURE_H__
+#define __SMBTORTURE_H__
+
+#include "../lib/torture/torture.h"
+
+struct smbcli_state;
+
+extern struct torture_suite *torture_root;
+
+extern int torture_entries;
+extern int torture_seed;
+extern int torture_numops;
+extern int torture_failures;
+extern int torture_numasync;
+
+struct torture_test;
+int torture_init(TALLOC_CTX *);
+bool torture_register_suite(TALLOC_CTX *, struct torture_suite *suite);
+void torture_shell(struct torture_context *tctx);
+void torture_print_testsuites(bool structured);
+bool torture_run_named_tests(struct torture_context *torture, const char *name,
+			    const char **restricted);
+bool torture_parse_target(TALLOC_CTX *ctx,
+			struct loadparm_context *lp_ctx,
+			const char *target);
+
+/* Server Functionality Support */
+
+/* Not all SMB server implementations support every aspect of the protocol.
+ * To allow smbtorture to provide useful data when run against these servers we
+ * define support parameters here, that will cause some tests to be skipped or
+ * the correctness checking of some tests to be conditional.
+ *
+ * The idea is that different server implementations can be specified on the
+ * command line such as "--target=win7" which will define the list of server
+ * parameters that are not supported.  This is mostly a black list of
+ * unsupported features with the default expectation being that all features are
+ * supported.
+ *
+ * Because we use parametric options we do not need to define these parameters
+ * anywhere, we just define the meaning of each here.*/
+
+/* torture:invalid_lock_range_support
+ *
+ * This parameter specifies whether the server will return
+ * STATUS_INVALID_LOCK_RANGE in response to a LockingAndX request where the
+ * combined offset and range overflow the 63-bit boundary.  On Windows servers
+ * before Win7, this request would return STATUS_OK, but the actual lock
+ * behavior was undefined. */
+
+/* torture:openx_deny_dos_support
+ *
+ * This parameter specifies whether the server supports the DENY_DOS open mode
+ * of the SMBOpenX PDU. */
+
+/* torture:range_not_locked_on_file_close
+ *
+ * When a byte range lock is pending, and the file which is being locked is
+ * closed, Windows servers return the error NT_STATUS_RANGE_NOT_LOCKED. This
+ * is strange, as this error is meant to be returned only for unlock requests.
+ * When true, torture will expect the Windows behavior, otherwise it will
+ * expect the more logical NT_STATUS_LOCK_NOT_GRANTED.
+ */
+
+/* torture:sacl_support
+ *
+ * This parameter specifies whether the server supports the setting and
+ * retrieval of System Access Control Lists.  This includes whether the server
+ * supports the use of the SEC_FLAG_SYSTEM_SECURITY bit in the open access
+ * mask.*/
+
+/* torture:smbexit_pdu_support
+ *
+ * This parameter specifies whether the server supports the SMBExit (0x11) PDU. */
+
+/* torture:smblock_pdu_support
+ *
+ * This parameter specifies whether the server supports the SMBLock (0x0C) PDU. */
+
+/* torture:2_step_break_to_none
+ *
+ * If true this parameter tests servers that break from level 1 to none in two
+ * steps rather than 1.
+ */
+
+/* torture:resume_key_support
+ *
+ * Server supports resuming search via key.
+ */
+
+/* torture:rewind_support
+ *
+ * Server supports rewinding during search.
+ */
+
+/* torture:ea_support
+ *
+ * Server supports OS/2 style EAs.
+ */
+
+/* torture:search_ea_support
+ *
+ * Server supports RAW_SEARCH_DATA_EA_LIST - Torture currently
+ * does not interact correctly with win7, this flag disables
+ * the appropriate test.
+ */
+
+/* torture:hide_on_acess_denied
+ *
+ * Some servers (win7) choose to hide files when certain access has been
+ * denied.  When true, torture will expect NT_STATUS_OBJECT_NAME_NOT_FOUND
+ * rather than NT_STATUS_ACCESS_DENIED when trying to open one of these files.
+ */
+
+/* torture:raw_search_search
+ *
+ * Server supports RAW_SEARCH_SEARCH level.
+ */
+
+/* torture:search_ea_size
+ *
+ * Server supports RAW_SEARCH_DATA_EA_SIZE - This flag disables
+ * the appropriate test.
+ */
+
+#endif /* __SMBTORTURE_H__ */
diff --git a/source4/torture/tests/test_gentest.sh b/source4/torture/tests/test_gentest.sh
new file mode 100755
index 0000000..ad88bd4
--- /dev/null
+++ b/source4/torture/tests/test_gentest.sh
@@ -0,0 +1,35 @@
+#!/bin/sh
+# Blackbox tests for gentest
+# Copyright (C) 2008 Andrew Tridgell
+# based on test_smbclient.sh
+
+if [ $# -lt 4 ]; then
+	cat <<EOF
+Usage: test_gentest.sh SERVER USERNAME PASSWORD DOMAIN PREFIX
+EOF
+	exit 1
+fi
+
+SERVER=$1
+USERNAME=$2
+PASSWORD=$3
+DOMAIN=$4
+PREFIX=$5
+shift 5
+failed=0
+
+samba4bindir="$BINDIR"
+gentest="$samba4bindir/gentest"
+
+. $(dirname $0)/../../../testprogs/blackbox/subunit.sh
+
+cat <<EOF >$PREFIX/gentest.ignore
+all_info.out.fname
+internal_information.out.file_id
+EOF
+
+testit "gentest" $VALGRIND $gentest //$SERVER/test1 //$SERVER/test2 --seed=1 --seedsfile=$PREFIX/gentest_seeds.dat --num-ops=100 --ignore=$PREFIX/gentest.ignore -W "$DOMAIN" --user1="$USERNAME%$PASSWORD" --user2="$USERNAME%$PASSWORD" "$@" || failed=$(expr $failed + 1)
+
+rm -f $PREFIX/gentest.ignore
+
+exit $failed
diff --git a/source4/torture/tests/test_locktest.sh b/source4/torture/tests/test_locktest.sh
new file mode 100755
index 0000000..2342d7a
--- /dev/null
+++ b/source4/torture/tests/test_locktest.sh
@@ -0,0 +1,28 @@
+#!/bin/sh
+# Blackbox tests for locktest
+# Copyright (C) 2008 Andrew Tridgell
+# based on test_smbclient.sh
+
+if [ $# -lt 5 ]; then
+	cat <<EOF
+Usage: test_locktest.sh SERVER USERNAME PASSWORD DOMAIN PREFIX
+EOF
+	exit 1
+fi
+
+SERVER=$1
+USERNAME=$2
+PASSWORD=$3
+DOMAIN=$4
+PREFIX=$5
+shift 5
+failed=0
+
+samba4bindir="$BINDIR"
+locktest="$samba4bindir/locktest"
+
+. $(dirname $0)/../../../testprogs/blackbox/subunit.sh
+
+testit "locktest" $VALGRIND $locktest //$SERVER/test1 //$SERVER/test2 --num-ops=100 -W "$DOMAIN" --user1="$DOMAIN\\$USERNAME%$PASSWORD" "$@" || failed=$(expr $failed + 1)
+
+exit $failed
diff --git a/source4/torture/tests/test_masktest.sh b/source4/torture/tests/test_masktest.sh
new file mode 100755
index 0000000..81adf8a
--- /dev/null
+++ b/source4/torture/tests/test_masktest.sh
@@ -0,0 +1,28 @@
+#!/bin/sh
+# Blackbox tests for masktest
+# Copyright (C) 2008 Andrew Tridgell
+# based on test_smbclient.sh
+
+if [ $# -lt 5 ]; then
+	cat <<EOF
+Usage: test_masktest.sh SERVER USERNAME PASSWORD DOMAIN PREFIX
+EOF
+	exit 1
+fi
+
+SERVER=$1
+USERNAME=$2
+PASSWORD=$3
+DOMAIN=$4
+PREFIX=$5
+shift 5
+failed=0
+
+samba4bindir="$BINDIR"
+masktest="$samba4bindir/masktest"
+
+. $(dirname $0)/../../../testprogs/blackbox/subunit.sh
+
+testit "masktest" $VALGRIND $masktest //$SERVER/tmp --num-ops=200 --dieonerror -W "$DOMAIN" -U"$USERNAME%$PASSWORD" "$@" || failed=$(expr $failed + 1)
+
+exit $failed
diff --git a/source4/torture/torture.c b/source4/torture/torture.c
new file mode 100644
index 0000000..c21c494
--- /dev/null
+++ b/source4/torture/torture.c
@@ -0,0 +1,59 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB torture tester
+   Copyright (C) Andrew Tridgell 1997-2003
+   Copyright (C) Jelmer Vernooij 2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/time.h"
+#include "param/param.h"
+#include "torture/smbtorture.h"
+#include "lib/util/samba_modules.h"
+
+_PUBLIC_ int torture_numops=10;
+_PUBLIC_ int torture_entries=1000;
+_PUBLIC_ int torture_failures=1;
+_PUBLIC_ int torture_seed=0;
+_PUBLIC_ int torture_numasync=100;
+
+struct torture_suite *torture_root = NULL;
+
+bool torture_register_suite(TALLOC_CTX *mem_ctx, struct torture_suite *suite)
+{
+	if (!suite)
+		return true;
+
+	if (torture_root == NULL)
+		torture_root = talloc_zero(mem_ctx, struct torture_suite);
+
+	return torture_suite_add_suite(torture_root, suite);
+}
+
+_PUBLIC_ int torture_init(TALLOC_CTX *mem_ctx)
+{
+#define _MODULE_PROTO(init) extern NTSTATUS init(TALLOC_CTX *);
+	STATIC_smbtorture_MODULES_PROTO;
+	init_module_fn static_init[] = { STATIC_smbtorture_MODULES };
+	init_module_fn *shared_init = load_samba_modules(mem_ctx, "smbtorture");
+
+	run_init_functions(mem_ctx, static_init);
+	run_init_functions(mem_ctx, shared_init);
+
+	talloc_free(shared_init);
+
+	return 0;
+}
diff --git a/source4/torture/unix/unix.c b/source4/torture/unix/unix.c
new file mode 100644
index 0000000..8ee3d8d
--- /dev/null
+++ b/source4/torture/unix/unix.c
@@ -0,0 +1,40 @@
+/*
+   UNIX Extensions test registration.
+
+   Copyright (C) 2007 James Peach
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/smbtorture.h"
+#include "torture/unix/proto.h"
+
+NTSTATUS torture_unix_init(TALLOC_CTX *ctx)
+{
+        struct torture_suite *suite =
+                torture_suite_create(ctx, "unix");
+
+        suite->description =
+                talloc_strdup(suite, "CIFS UNIX extensions tests");
+
+	torture_suite_add_simple_test(suite,
+                        "whoami", torture_unix_whoami);
+	torture_suite_add_simple_test(suite,
+			"info2", unix_torture_unix_info2);
+
+        return (torture_register_suite(ctx, suite)) ? NT_STATUS_OK
+                                        : NT_STATUS_UNSUCCESSFUL;
+
+}
diff --git a/source4/torture/unix/unix_info2.c b/source4/torture/unix/unix_info2.c
new file mode 100644
index 0000000..cf3ea37
--- /dev/null
+++ b/source4/torture/unix/unix_info2.c
@@ -0,0 +1,503 @@
+/*
+   Test the SMB_QUERY_FILE_UNIX_INFO2 Unix extension.
+
+   Copyright (C) 2007 James Peach
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/libcli.h"
+#include "libcli/raw/raw_proto.h"
+#include "torture/util.h"
+#include "torture/unix/proto.h"
+#include "lib/cmdline/cmdline.h"
+#include "libcli/resolve/resolve.h"
+#include "param/param.h"
+
+struct unix_info2 {
+	uint64_t end_of_file;
+	uint64_t num_bytes;
+	NTTIME status_change_time;
+	NTTIME access_time;
+	NTTIME change_time;
+	uint64_t uid;
+	uint64_t gid;
+	uint32_t file_type;
+	uint64_t dev_major;
+	uint64_t dev_minor;
+	uint64_t unique_id;
+	uint64_t permissions;
+	uint64_t nlink;
+	NTTIME create_time;
+	uint32_t file_flags;
+	uint32_t flags_mask;
+};
+
+static struct smbcli_state *connect_to_server(struct torture_context *tctx)
+{
+	NTSTATUS status;
+	struct smbcli_state *cli;
+
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *share = torture_setting_string(tctx, "share", NULL);
+	struct smbcli_options options;
+	struct smbcli_session_options session_options;
+	struct smb_trans2 tp;
+	uint16_t setup;
+	uint8_t data[12];
+	uint8_t params[4];
+
+	lpcfg_smbcli_options(tctx->lp_ctx, &options);
+	lpcfg_smbcli_session_options(tctx->lp_ctx, &session_options);
+
+	status = smbcli_full_connection(tctx, &cli, host, 
+					lpcfg_smb_ports(tctx->lp_ctx),
+					share, NULL, lpcfg_socket_options(tctx->lp_ctx),
+					samba_cmdline_get_creds(),
+					lpcfg_resolve_context(tctx->lp_ctx),
+					tctx->ev, &options, &session_options,
+					lpcfg_gensec_settings(tctx, tctx->lp_ctx));
+
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "failed to connect to //%s/%s: %s\n",
+			       host, share, nt_errstr(status));
+		torture_result(tctx, TORTURE_FAIL, "Failed to connect to server");
+		return NULL;
+	}
+
+	/* Setup POSIX on the server. */
+	SSVAL(data, 0, CIFS_UNIX_MAJOR_VERSION);
+	SSVAL(data, 2, CIFS_UNIX_MINOR_VERSION);
+	SBVAL(data,4,((uint64_t)(
+		CIFS_UNIX_POSIX_ACLS_CAP|
+		CIFS_UNIX_POSIX_PATHNAMES_CAP|
+		CIFS_UNIX_FCNTL_LOCKS_CAP|
+		CIFS_UNIX_EXTATTR_CAP|
+		CIFS_UNIX_POSIX_PATH_OPERATIONS_CAP)));
+	setup = TRANSACT2_SETFSINFO;
+	tp.in.max_setup = 0;
+	tp.in.flags = 0;
+	tp.in.timeout = 0;
+	tp.in.setup_count = 1;
+	tp.in.max_param = 0;
+	tp.in.max_data = 0;
+	tp.in.setup = &setup;
+	tp.in.trans_name = NULL;
+	SSVAL(params, 0, 0);
+	SSVAL(params, 2, SMB_SET_CIFS_UNIX_INFO);
+	tp.in.params = data_blob_talloc(tctx, params, 4);
+	tp.in.data = data_blob_talloc(tctx, data, 12);
+
+	status = smb_raw_trans2(cli->tree, tctx, &tp);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OK,
+		"doing SMB_SET_CIFS_UNIX_INFO");
+
+	return cli;
+}
+
+static bool check_unix_info2(struct torture_context *torture,
+			struct unix_info2 *info2)
+{
+	printf("\tcreate_time=0x%016llu flags=0x%08x mask=0x%08x\n",
+			(unsigned long long)info2->create_time,
+			info2->file_flags, info2->flags_mask);
+
+	if (info2->file_flags == 0) {
+		return true;
+	}
+
+	/* If we have any file_flags set, they must be within the range
+	 * defined by flags_mask.
+	 */
+	if ((info2->flags_mask & info2->file_flags) == 0) {
+		torture_result(torture, TORTURE_FAIL,
+			__location__": UNIX_INFO2 flags field 0x%08x, "
+			"does not match mask 0x%08x\n",
+			info2->file_flags, info2->flags_mask);
+	}
+
+	return true;
+}
+
+static NTSTATUS set_path_info2(void *mem_ctx,
+				struct smbcli_state *cli,
+				const char *fname,
+				struct unix_info2 *info2)
+{
+	union smb_setfileinfo sfinfo;
+
+	ZERO_STRUCT(sfinfo.basic_info.in);
+	sfinfo.generic.level = RAW_SFILEINFO_UNIX_INFO2;
+	sfinfo.generic.in.file.path = fname;
+
+	sfinfo.unix_info2.in.end_of_file = info2->end_of_file;
+	sfinfo.unix_info2.in.num_bytes = info2->num_bytes;
+	sfinfo.unix_info2.in.status_change_time = info2->status_change_time;
+	sfinfo.unix_info2.in.access_time = info2->access_time;
+	sfinfo.unix_info2.in.change_time = info2->change_time;
+	sfinfo.unix_info2.in.uid = info2->uid;
+	sfinfo.unix_info2.in.gid = info2->gid;
+	sfinfo.unix_info2.in.file_type = info2->file_type;
+	sfinfo.unix_info2.in.dev_major = info2->dev_major;
+	sfinfo.unix_info2.in.dev_minor = info2->dev_minor;
+	sfinfo.unix_info2.in.unique_id = info2->unique_id;
+	sfinfo.unix_info2.in.permissions = info2->permissions;
+	sfinfo.unix_info2.in.nlink = info2->nlink;
+	sfinfo.unix_info2.in.create_time = info2->create_time;
+	sfinfo.unix_info2.in.file_flags = info2->file_flags;
+	sfinfo.unix_info2.in.flags_mask = info2->flags_mask;
+
+	return smb_raw_setpathinfo(cli->tree, &sfinfo);
+}
+
+static bool query_file_path_info2(void *mem_ctx,
+			struct torture_context *torture,
+			struct smbcli_state *cli,
+			int fnum,
+			const char *fname,
+			struct unix_info2 *info2)
+{
+	NTSTATUS result;
+	union smb_fileinfo finfo;
+
+	finfo.generic.level = RAW_FILEINFO_UNIX_INFO2;
+
+	if (fname) {
+		finfo.generic.in.file.path = fname;
+		result = smb_raw_pathinfo(cli->tree, mem_ctx, &finfo);
+	} else {
+		finfo.generic.in.file.fnum = fnum;
+		result = smb_raw_fileinfo(cli->tree, mem_ctx, &finfo);
+	}
+
+	torture_assert_ntstatus_equal(torture, result, NT_STATUS_OK,
+			smbcli_errstr(cli->tree));
+
+	info2->end_of_file = finfo.unix_info2.out.end_of_file;
+	info2->num_bytes = finfo.unix_info2.out.num_bytes;
+	info2->status_change_time = finfo.unix_info2.out.status_change_time;
+	info2->access_time = finfo.unix_info2.out.access_time;
+	info2->change_time = finfo.unix_info2.out.change_time;
+	info2->uid = finfo.unix_info2.out.uid;
+	info2->gid = finfo.unix_info2.out.gid;
+	info2->file_type = finfo.unix_info2.out.file_type;
+	info2->dev_major = finfo.unix_info2.out.dev_major;
+	info2->dev_minor = finfo.unix_info2.out.dev_minor;
+	info2->unique_id = finfo.unix_info2.out.unique_id;
+	info2->permissions = finfo.unix_info2.out.permissions;
+	info2->nlink = finfo.unix_info2.out.nlink;
+	info2->create_time = finfo.unix_info2.out.create_time;
+	info2->file_flags = finfo.unix_info2.out.file_flags;
+	info2->flags_mask = finfo.unix_info2.out.flags_mask;
+
+	if (!check_unix_info2(torture, info2)) {
+		return false;
+	}
+
+	return true;
+}
+
+static bool query_file_info2(void *mem_ctx,
+			struct torture_context *torture,
+			struct smbcli_state *cli,
+			int fnum,
+			struct unix_info2 *info2)
+{
+	return query_file_path_info2(mem_ctx, torture, cli, 
+			fnum, NULL, info2);
+}
+
+static bool query_path_info2(void *mem_ctx,
+			struct torture_context *torture,
+			struct smbcli_state *cli,
+			const char *fname,
+			struct unix_info2 *info2)
+{
+	return query_file_path_info2(mem_ctx, torture, cli, 
+			-1, fname, info2);
+}
+
+static bool search_callback(void *private_data, const union smb_search_data *fdata)
+{
+	struct unix_info2 *info2 = (struct unix_info2 *)private_data;
+
+	info2->end_of_file = fdata->unix_info2.end_of_file;
+	info2->num_bytes = fdata->unix_info2.num_bytes;
+	info2->status_change_time = fdata->unix_info2.status_change_time;
+	info2->access_time = fdata->unix_info2.access_time;
+	info2->change_time = fdata->unix_info2.change_time;
+	info2->uid = fdata->unix_info2.uid;
+	info2->gid = fdata->unix_info2.gid;
+	info2->file_type = fdata->unix_info2.file_type;
+	info2->dev_major = fdata->unix_info2.dev_major;
+	info2->dev_minor = fdata->unix_info2.dev_minor;
+	info2->unique_id = fdata->unix_info2.unique_id;
+	info2->permissions = fdata->unix_info2.permissions;
+	info2->nlink = fdata->unix_info2.nlink;
+	info2->create_time = fdata->unix_info2.create_time;
+	info2->file_flags = fdata->unix_info2.file_flags;
+	info2->flags_mask = fdata->unix_info2.flags_mask;
+
+	return true;
+}
+
+static bool find_single_info2(void *mem_ctx,
+			struct torture_context *torture,
+			struct smbcli_state *cli,
+			const char *fname,
+			struct unix_info2 *info2)
+{
+	union smb_search_first search;
+	NTSTATUS status;
+
+	/* Set up a new search for a single item, not using resume keys. */
+	ZERO_STRUCT(search);
+	search.t2ffirst.level = RAW_SEARCH_TRANS2;
+	search.t2ffirst.data_level = SMB_FIND_UNIX_INFO2;
+	search.t2ffirst.in.max_count = 1;
+	search.t2ffirst.in.flags = FLAG_TRANS2_FIND_CLOSE;
+	search.t2ffirst.in.pattern = fname;
+
+	status = smb_raw_search_first(cli->tree, mem_ctx,
+				      &search, info2, search_callback);
+	torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,
+			smbcli_errstr(cli->tree));
+
+	torture_assert_int_equal(torture, search.t2ffirst.out.count, 1,
+			"expected exactly one result");
+	/*
+	 * In smbd directory listings using POSIX extensions
+	 * always treat the search pathname as a wildcard,
+	 * so don't expect end_of_search to be set here. Wildcard
+	 * searches always need a findnext to end the search.
+	 */
+	torture_assert_int_equal(torture, search.t2ffirst.out.end_of_search, 0,
+			"expected end_of_search to be false");
+
+	return check_unix_info2(torture, info2);
+}
+
+#define ASSERT_FLAGS_MATCH(info2, expected) \
+	if ((info2)->file_flags != (1 << i)) { \
+		torture_result(torture, TORTURE_FAIL, \
+			__location__": INFO2 flags field was 0x%08x, "\
+				"expected 0x%08x\n",\
+				(info2)->file_flags, expected); \
+	}
+
+static void set_no_metadata_change(struct unix_info2 *info2)
+{
+	info2->uid = SMB_UID_NO_CHANGE;
+	info2->gid = SMB_GID_NO_CHANGE;
+	info2->permissions = SMB_MODE_NO_CHANGE;
+
+	info2->end_of_file =
+		((uint64_t)SMB_SIZE_NO_CHANGE_HI << 32) | SMB_SIZE_NO_CHANGE_LO;
+
+	info2->status_change_time =
+		info2->access_time =
+		info2->change_time =
+		info2->create_time =
+		((uint64_t)SMB_SIZE_NO_CHANGE_HI << 32) | SMB_SIZE_NO_CHANGE_LO;
+}
+
+static bool verify_setinfo_flags(void *mem_ctx,
+			struct torture_context *torture,
+			struct smbcli_state *cli,
+			const char *fname)
+{
+	struct unix_info2 info2;
+	uint32_t smb_fmask;
+	int i;
+
+	bool ret = true;
+	NTSTATUS status;
+
+	if (!query_path_info2(mem_ctx, torture, cli, fname, &info2)) {
+		return false;
+	}
+
+	smb_fmask = info2.flags_mask;
+
+	/* For each possible flag, ask to set exactly 1 flag, making sure
+	 * that flag is in our requested mask.
+	 */
+	for (i = 0; i < 32; ++i) {
+		info2.file_flags = ((uint32_t)1 << i);
+		info2.flags_mask = smb_fmask | info2.file_flags;
+
+		set_no_metadata_change(&info2);
+		status = set_path_info2(mem_ctx, cli, fname, &info2);
+
+		if (info2.file_flags & smb_fmask) {
+			torture_assert_ntstatus_equal(torture,
+					status, NT_STATUS_OK,
+					"setting valid UNIX_INFO2 flag");
+
+			if (!query_path_info2(mem_ctx, torture, cli,
+						fname, &info2)) {
+				return false;
+			}
+
+			ASSERT_FLAGS_MATCH(&info2, 1 << i);
+
+
+		} else {
+			/* We tried to set a flag the server doesn't
+			 * understand.
+			 */
+			torture_assert_ntstatus_equal(torture,
+					status, NT_STATUS_INVALID_PARAMETER,
+					"setting invalid UNIX_INFO2 flag");
+		}
+	}
+
+	/* Make sure that a zero flags field does nothing. */
+	set_no_metadata_change(&info2);
+	info2.file_flags = 0xFFFFFFFF;
+	info2.flags_mask = 0;
+	status = set_path_info2(mem_ctx, cli, fname, &info2);
+	torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,
+			"setting empty flags mask");
+
+	return ret;
+
+}
+
+static int create_file(struct smbcli_state *cli, const char * fname)
+{
+
+	return smbcli_nt_create_full(cli->tree, fname, 0,
+		SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, FILE_ATTRIBUTE_NORMAL,
+		NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OPEN_IF,
+		0, 0);
+}
+
+static bool match_info2(struct torture_context *torture,
+		const struct unix_info2 *pinfo,
+		const struct unix_info2 *finfo)
+{
+	printf("checking results match\n");
+
+	torture_assert_u64_equal(torture, finfo->end_of_file, 0,
+			"end_of_file should be 0");
+	torture_assert_u64_equal(torture, finfo->num_bytes, 0,
+			"num_bytes should be 0");
+
+	torture_assert_u64_equal(torture, finfo->end_of_file,
+			pinfo->end_of_file, "end_of_file mismatch");
+	torture_assert_u64_equal(torture, finfo->num_bytes, pinfo->num_bytes,
+			"num_bytes mismatch");
+
+	/* Don't match access_time. */
+
+	torture_assert_u64_equal(torture, finfo->status_change_time,
+			pinfo->status_change_time,
+			"status_change_time mismatch");
+	torture_assert_u64_equal(torture, finfo->change_time,
+			pinfo->change_time, "change_time mismatch");
+
+	torture_assert_u64_equal(torture, finfo->uid, pinfo->uid,
+			"UID mismatch");
+	torture_assert_u64_equal(torture, finfo->gid, pinfo->gid,
+			"GID mismatch");
+	torture_assert_int_equal(torture, finfo->file_type, pinfo->file_type,
+			"file_type mismatch");
+	torture_assert_u64_equal(torture, finfo->dev_major, pinfo->dev_major,
+			"dev_major mismatch");
+	torture_assert_u64_equal(torture, finfo->dev_minor, pinfo->dev_minor,
+			"dev_minor mismatch");
+	torture_assert_u64_equal(torture, finfo->unique_id, pinfo->unique_id,
+			"unique_id mismatch");
+	torture_assert_u64_equal(torture, finfo->permissions,
+			pinfo->permissions, "permissions mismatch");
+	torture_assert_u64_equal(torture, finfo->nlink, pinfo->nlink,
+			"nlink mismatch");
+	torture_assert_u64_equal(torture, finfo->create_time, pinfo->create_time,
+			"create_time mismatch");
+
+	return true;
+}
+
+
+#define FILENAME "\\smb_unix_info2.txt"
+
+bool unix_torture_unix_info2(struct torture_context *torture)
+{
+	void *mem_ctx;
+	struct smbcli_state *cli;
+	int fnum;
+
+	struct unix_info2 pinfo, finfo;
+
+	mem_ctx = talloc_init("smb_query_unix_info2");
+	torture_assert(torture, mem_ctx != NULL, "out of memory");
+
+	if (!(cli = connect_to_server(torture))) {
+		talloc_free(mem_ctx);
+		return false;
+	}
+
+	smbcli_unlink(cli->tree, FILENAME);
+
+	fnum = create_file(cli, FILENAME);
+	torture_assert(torture, fnum != -1, smbcli_errstr(cli->tree));
+
+	printf("checking SMB_QFILEINFO_UNIX_INFO2 for QueryFileInfo\n");
+	if (!query_file_info2(mem_ctx, torture, cli, fnum, &finfo)) {
+		goto fail;
+	}
+
+	printf("checking SMB_QFILEINFO_UNIX_INFO2 for QueryPathInfo\n");
+	if (!query_path_info2(mem_ctx, torture, cli, FILENAME, &pinfo)) {
+		goto fail;
+	}
+
+	if (!match_info2(torture, &pinfo, &finfo)) {
+		goto fail;
+	}
+
+	printf("checking SMB_FIND_UNIX_INFO2 for FindFirst\n");
+	if (!find_single_info2(mem_ctx, torture, cli, FILENAME, &pinfo)) {
+		goto fail;
+	}
+
+	if (!match_info2(torture, &pinfo, &finfo)) {
+		goto fail;
+	}
+
+	/* XXX: should repeat this test with SetFileInfo. */
+	printf("checking SMB_SFILEINFO_UNIX_INFO2 for SetPathInfo\n");
+	if (!verify_setinfo_flags(mem_ctx, torture, cli, FILENAME)) {
+		goto fail;
+	}
+
+	smbcli_close(cli->tree, fnum);
+	smbcli_unlink(cli->tree, FILENAME);
+	torture_close_connection(cli);
+	talloc_free(mem_ctx);
+	return true;
+
+fail:
+
+	smbcli_close(cli->tree, fnum);
+	smbcli_unlink(cli->tree, FILENAME);
+	torture_close_connection(cli);
+	talloc_free(mem_ctx);
+	return false;
+
+}
+
+/* vim: set sts=8 sw=8 : */
diff --git a/source4/torture/unix/whoami.c b/source4/torture/unix/whoami.c
new file mode 100644
index 0000000..28b1f87
--- /dev/null
+++ b/source4/torture/unix/whoami.c
@@ -0,0 +1,433 @@
+/*
+   Test the SMB_WHOAMI Unix extension.
+
+   Copyright (C) 2007 James Peach
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/libcli.h"
+#include "libcli/raw/raw_proto.h"
+#include "torture/torture.h"
+#include "torture/unix/proto.h"
+#include "lib/cmdline/cmdline.h"
+#include "auth/credentials/credentials.h"
+#include "param/param.h"
+#include "libcli/resolve/resolve.h"
+#include <ldb.h>
+#include "lib/util/util_ldb.h"
+#include "ldb_wrap.h"
+#include "dsdb/samdb/samdb.h"
+#include "../libcli/security/security.h"
+
+#undef strcasecmp
+
+/* Size (in bytes) of the required fields in the SMBwhoami response. */
+#define WHOAMI_REQUIRED_SIZE	40
+
+/*
+   SMBWhoami - Query the user mapping performed by the server for the
+   connected tree. This is a subcommand of the TRANS2_QFSINFO.
+
+   Returns:
+       4 bytes unsigned -      mapping flags (smb_whoami_flags)
+       4 bytes unsigned -      flags mask
+
+       8 bytes unsigned -      primary UID
+       8 bytes unsigned -      primary GID
+       4 bytes unsigned -      number of supplementary GIDs
+       4 bytes unsigned -      number of SIDs
+       4 bytes unsigned -      SID list byte count
+       4 bytes -               pad / reserved (must be zero)
+
+       8 bytes unsigned[] -    list of GIDs (may be empty)
+       struct dom_sid[] -             list of SIDs (may be empty)
+*/
+
+struct smb_whoami
+{
+	uint32_t	mapping_flags;
+	uint32_t	mapping_mask;
+	uint64_t	server_uid;
+	uint64_t	server_gid;
+	uint32_t	num_gids;
+	uint32_t	num_sids;
+	uint32_t	num_sid_bytes;
+	uint32_t	reserved; /* Must be zero */
+	uint64_t *	gid_list;
+	struct dom_sid ** sid_list;
+};
+
+static struct smbcli_state *connect_to_server(struct torture_context *tctx,
+		struct cli_credentials *creds)
+{
+	NTSTATUS status;
+	struct smbcli_state *cli;
+
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *share = torture_setting_string(tctx, "share", NULL);
+	struct smbcli_options options;
+	struct smbcli_session_options session_options;
+
+	lpcfg_smbcli_options(tctx->lp_ctx, &options);
+	lpcfg_smbcli_session_options(tctx->lp_ctx, &session_options);
+
+	status = smbcli_full_connection(tctx, &cli, host, 
+					lpcfg_smb_ports(tctx->lp_ctx),
+					share, NULL, lpcfg_socket_options(tctx->lp_ctx),
+					creds, lpcfg_resolve_context(tctx->lp_ctx),
+					tctx->ev, &options, &session_options,
+					lpcfg_gensec_settings(tctx, tctx->lp_ctx));
+
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx,
+				"FATAL: Failed to connect to //%s/%s "
+				"with %s - %s\n",
+				host,
+				share,
+				cli_credentials_get_username(creds),
+				nt_errstr(status));
+		return NULL;
+	}
+
+	return cli;
+}
+
+static bool whoami_sid_parse(void *mem_ctx,
+		struct torture_context *torture,
+		DATA_BLOB *data, size_t *offset,
+		struct dom_sid **psid)
+{
+	size_t remain = data->length - *offset;
+	int i;
+
+	*psid = talloc_zero(mem_ctx, struct dom_sid);
+	torture_assert(torture, *psid != NULL, "out of memory");
+
+	torture_assert(torture, remain >= 8,
+			"invalid SID format");
+
+        (*psid)->sid_rev_num = CVAL(data->data, *offset);
+        (*psid)->num_auths = CVAL(data->data, *offset + 1);
+        memcpy((*psid)->id_auth, data->data + *offset + 2, 6);
+
+	(*offset) += 8;
+	remain = data->length - *offset;
+
+	torture_assert(torture, remain >= ((*psid)->num_auths * 4),
+			"invalid sub_auth byte count");
+	torture_assert(torture, (*psid)->num_auths >= 0,
+			"invalid sub_auth value");
+	torture_assert(torture, (*psid)->num_auths <= 15,
+			"invalid sub_auth value");
+
+        for (i = 0; i < (*psid)->num_auths; i++) {
+                (*psid)->sub_auths[i] = IVAL(data->data, *offset);
+		(*offset) += 4;
+	}
+
+	return true;
+}
+
+static bool smb_raw_query_posix_whoami(void *mem_ctx,
+				struct torture_context *torture,
+				struct smbcli_state *cli,
+				struct smb_whoami *whoami,
+				unsigned max_data)
+{
+	struct smb_trans2 tp;
+	NTSTATUS status;
+	size_t offset;
+	int i;
+
+	uint16_t setup = TRANSACT2_QFSINFO;
+	uint16_t info_level;
+
+	ZERO_STRUCTP(whoami);
+
+	tp.in.max_setup = 0;
+	tp.in.flags = 0;
+	tp.in.timeout = 0;
+	tp.in.setup_count = 1;
+	tp.in.max_param = 10;
+	tp.in.max_data = (uint16_t)max_data;
+	tp.in.setup = &setup;
+	tp.in.trans_name = NULL;
+	SSVAL(&info_level, 0, SMB_QFS_POSIX_WHOAMI);
+	tp.in.params = data_blob_talloc(mem_ctx, &info_level, 2);
+	tp.in.data = data_blob_talloc(mem_ctx, NULL, 0);
+
+	status = smb_raw_trans2(cli->tree, mem_ctx, &tp);
+	torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,
+			"doing SMB_QFS_POSIX_WHOAMI");
+
+	/* Make sure we got back all the required fields. */
+	torture_assert(torture, tp.out.params.length == 0,
+			"trans2 params should be empty");
+	torture_assert(torture, tp.out.data.length >= WHOAMI_REQUIRED_SIZE,
+			"checking for required response fields");
+
+	whoami->mapping_flags = IVAL(tp.out.data.data, 0);
+	whoami->mapping_mask = IVAL(tp.out.data.data, 4);
+	whoami->server_uid = BVAL(tp.out.data.data, 8);
+	whoami->server_gid = BVAL(tp.out.data.data, 16);
+	whoami->num_gids = IVAL(tp.out.data.data, 24);
+	whoami->num_sids = IVAL(tp.out.data.data, 28);
+	whoami->num_sid_bytes = IVAL(tp.out.data.data, 32);
+	whoami->reserved = IVAL(tp.out.data.data, 36);
+
+	/* The GID list and SID list are optional, depending on the count
+	 * and length fields.
+	 */
+	if (whoami->num_sids != 0) {
+		torture_assert(torture, whoami->num_sid_bytes != 0,
+				"SID count does not match byte count");
+	}
+
+	printf("\tmapping_flags=0x%08x mapping_mask=0x%08x\n",
+			whoami->mapping_flags, whoami->mapping_mask);
+	printf("\tserver UID=%llu GID=%llu\n",
+	       (unsigned long long)whoami->server_uid, (unsigned long long)whoami->server_gid);
+	printf("\t%u GIDs, %u SIDs, %u SID bytes\n",
+			whoami->num_gids, whoami->num_sids,
+			whoami->num_sid_bytes);
+
+	offset = WHOAMI_REQUIRED_SIZE;
+
+	torture_assert_int_equal(torture, whoami->reserved, 0,
+			"invalid reserved field");
+
+	if (tp.out.data.length == offset) {
+		/* No SIDs or GIDs returned */
+		torture_assert_int_equal(torture, whoami->num_gids, 0,
+				"invalid GID count");
+		torture_assert_int_equal(torture, whoami->num_sids, 0,
+				"invalid SID count");
+		torture_assert_int_equal(torture, whoami->num_sid_bytes, 0,
+				"invalid SID byte count");
+		return true;
+	}
+
+	if (whoami->num_gids != 0) {
+		int remain = tp.out.data.length - offset;
+		int gid_bytes = whoami->num_gids * 8;
+
+		if (whoami->num_sids == 0) {
+			torture_assert_int_equal(torture, remain, gid_bytes,
+					"GID count does not match data length");
+		} else {
+			torture_assert(torture, remain > gid_bytes,
+						"invalid GID count");
+		}
+
+		whoami->gid_list = talloc_array(mem_ctx, uint64_t, whoami->num_gids);
+		torture_assert(torture, whoami->gid_list != NULL, "out of memory");
+
+		torture_comment(torture, "\tGIDs:\n");
+		
+		for (i = 0; i < whoami->num_gids; ++i) {
+			whoami->gid_list[i] = BVAL(tp.out.data.data, offset);
+			offset += 8;
+			torture_comment(torture, "\t\t%u\n", (unsigned int)whoami->gid_list[i]);
+		}
+	}
+
+	/* Check if there should be data left for the SID list. */
+	if (tp.out.data.length == offset) {
+		torture_assert_int_equal(torture, whoami->num_sids, 0,
+				"invalid SID count");
+		return true;
+	}
+
+	/* All the remaining bytes must be the SID list. */
+	torture_assert_int_equal(torture,
+		whoami->num_sid_bytes, (tp.out.data.length - offset),
+		"invalid SID byte count");
+
+	if (whoami->num_sids != 0) {
+
+		whoami->sid_list = talloc_array(mem_ctx, struct dom_sid *,
+				whoami->num_sids);
+		torture_assert(torture, whoami->sid_list != NULL,
+				"out of memory");
+
+		torture_comment(torture, "\tSIDs:\n");
+
+		for (i = 0; i < whoami->num_sids; ++i) {
+			if (!whoami_sid_parse(mem_ctx, torture,
+					&tp.out.data, &offset,
+					&whoami->sid_list[i])) {
+				return false;
+			}
+
+			torture_comment(torture, "\t\t%s\n",
+					dom_sid_string(torture, whoami->sid_list[i]));
+		}
+	}
+
+	/* We should be at the end of the response now. */
+	torture_assert_int_equal(torture, tp.out.data.length, offset,
+			"trailing garbage bytes");
+
+	return true;
+}
+
+static bool test_against_ldap(struct torture_context *torture, struct ldb_context *ldb, bool is_dc, 
+			      struct smb_whoami *whoami)
+{
+	struct ldb_message *msg;
+	struct ldb_message_element *el;
+
+	const char *attrs[] = { "tokenGroups", NULL };
+	int i;
+
+	torture_assert_int_equal(torture, dsdb_search_one(ldb, torture, &msg, NULL, LDB_SCOPE_BASE, attrs, 0, NULL), LDB_SUCCESS, "searching for tokenGroups");
+	el = ldb_msg_find_element(msg, "tokenGroups");
+	torture_assert(torture, el, "obtaining tokenGroups");
+	torture_assert(torture, el->num_values > 0, "Number of SIDs from LDAP needs to be more than 0");
+	torture_assert(torture, whoami->num_sids > 0, "Number of SIDs from LDAP needs to be more than 0");
+	
+	if (is_dc) {
+		torture_assert_int_equal(torture, el->num_values, whoami->num_sids, "Number of SIDs from LDAP and number of SIDs from CIFS does not match!");
+		
+		for (i = 0; i < el->num_values; i++) {
+			struct dom_sid *sid = talloc(torture, struct dom_sid);
+			ssize_t ret;
+			torture_assert(torture, sid != NULL, "talloc failed");
+
+			ret = sid_parse(el->values[i].data,
+					el->values[i].length, sid);
+			torture_assert(torture,
+				       ret != -1,
+				       "sid parse failed");
+			torture_assert_str_equal(torture, dom_sid_string(sid, sid), dom_sid_string(sid, whoami->sid_list[i]), "SID from LDAP and SID from CIFS does not match!");
+			talloc_free(sid);
+		}
+	} else {
+		unsigned int num_domain_sids_dc = 0, num_domain_sids_member = 0;
+		struct dom_sid *user_sid = talloc(torture, struct dom_sid);
+		struct dom_sid *dom_sid = talloc(torture, struct dom_sid);
+		struct dom_sid *dc_sids = talloc_array(torture, struct dom_sid, el->num_values);
+		struct dom_sid *member_sids = talloc_array(torture, struct dom_sid, whoami->num_sids);
+		ssize_t ret;
+		torture_assert(torture, user_sid != NULL, "talloc failed");
+		ret = sid_parse(el->values[0].data,
+				el->values[0].length,
+				user_sid);
+		torture_assert(torture,
+			       ret != -1,
+			       "sid parse failed");
+		torture_assert_ntstatus_equal(torture, dom_sid_split_rid(torture, user_sid, &dom_sid, NULL), NT_STATUS_OK, "failed to split domain SID from user SID");
+		for (i = 0; i < el->num_values; i++) {
+			struct dom_sid *sid = talloc(dc_sids, struct dom_sid);
+			torture_assert(torture, sid != NULL, "talloc failed");
+
+			ret = sid_parse(el->values[i].data,
+					el->values[i].length,
+					sid);
+			torture_assert(torture,
+				       ret != -1,
+				       "sid parse failed");
+			if (dom_sid_in_domain(dom_sid, sid)) {
+				dc_sids[num_domain_sids_dc] = *sid;
+				num_domain_sids_dc++;
+			}
+			talloc_free(sid);
+		}
+
+		for (i = 0; i < whoami->num_sids; i++) {
+			if (dom_sid_in_domain(dom_sid, whoami->sid_list[i])) {
+				member_sids[num_domain_sids_member] = *whoami->sid_list[i];
+				num_domain_sids_member++;
+			}
+		}
+
+		torture_assert_int_equal(torture, num_domain_sids_dc, num_domain_sids_member, "Number of Domain SIDs from LDAP DC and number of SIDs from CIFS member does not match!");
+		for (i = 0; i < num_domain_sids_dc; i++) {
+			torture_assert_str_equal(torture, dom_sid_string(dc_sids, &dc_sids[i]), dom_sid_string(member_sids, &member_sids[i]), "Domain SID from LDAP DC and SID from CIFS member server does not match!");
+		}
+		talloc_free(dc_sids);
+		talloc_free(member_sids);
+	}
+	return true;
+}
+
+bool torture_unix_whoami(struct torture_context *torture)
+{
+	struct smbcli_state *cli;
+	struct smb_whoami whoami;
+	bool ret = false;
+	struct ldb_context *ldb;
+	const char *addc, *host;
+
+	cli = connect_to_server(torture, samba_cmdline_get_creds());
+	torture_assert(torture, cli, "connecting to server with authenticated credentials");
+
+	/* Test basic authenticated mapping. */
+	torture_assert_goto(torture, smb_raw_query_posix_whoami(torture, torture,
+						       cli, &whoami, 0xFFFF), ret, fail,
+			    "calling SMB_QFS_POSIX_WHOAMI on an authenticated connection");
+
+	/* Check that our anonymous login mapped us to guest on the server, but
+	 * only if the server supports this.
+	 */
+	if (whoami.mapping_mask & SMB_WHOAMI_GUEST) {
+		bool guest = whoami.mapping_flags & SMB_WHOAMI_GUEST;
+		torture_comment(torture, "checking whether we were logged in as guest... %s\n",
+			guest ? "YES" : "NO");
+		torture_assert(torture,
+			cli_credentials_is_anonymous(
+				samba_cmdline_get_creds()) == guest,
+			       "login did not credentials map to guest");
+	} else {
+		torture_comment(torture, "server does not support SMB_WHOAMI_GUEST flag\n");
+	}
+
+	addc = torture_setting_string(torture, "addc", NULL);
+	host = torture_setting_string(torture, "host", NULL);
+	
+ 	if (addc) {
+		ldb = ldb_wrap_connect(torture, torture->ev, torture->lp_ctx, talloc_asprintf(torture, "ldap://%s", addc),
+				       NULL, samba_cmdline_get_creds(), 0);
+		torture_assert(torture, ldb, "ldb connect failed");
+
+		/* We skip this testing if we could not contact the LDAP server */
+		if (!test_against_ldap(torture, ldb, strcasecmp(addc, host) == 0, &whoami)) {
+			goto fail;
+		}
+	}
+
+	/* Test that the server drops the UID and GID list. */
+	torture_assert_goto(torture, smb_raw_query_posix_whoami(torture, torture,
+						  cli, &whoami, 0x40), ret, fail,
+		       "calling SMB_QFS_POSIX_WHOAMI with a small buffer\n");
+
+	torture_assert_int_equal(torture, whoami.num_gids, 0,
+			"invalid GID count");
+	torture_assert_int_equal(torture, whoami.num_sids, 0,
+			"invalid SID count");
+	torture_assert_int_equal(torture, whoami.num_sid_bytes, 0,
+			"invalid SID bytes count");
+
+	smbcli_tdis(cli);
+
+	return true;
+fail:
+
+	smbcli_tdis(cli);
+	return ret;
+}
+
+/* vim: set sts=8 sw=8 : */
diff --git a/source4/torture/util.h b/source4/torture/util.h
new file mode 100644
index 0000000..385ee15
--- /dev/null
+++ b/source4/torture/util.h
@@ -0,0 +1,121 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2008
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _TORTURE_UTIL_H_
+#define _TORTURE_UTIL_H_
+
+#include "lib/torture/torture.h"
+
+struct smbcli_state;
+struct smbcli_tree;
+struct cli_credentials;
+
+/**
+ * Useful target macros for handling server bugs in torture tests.
+ */
+#define TARGET_IS_WINXP(_tctx) (torture_setting_bool(_tctx, "winxp", false))
+#define TARGET_IS_W2K3(_tctx) (torture_setting_bool(_tctx, "w2k3", false))
+#define TARGET_IS_W2K8(_tctx) (torture_setting_bool(_tctx, "w2k8", false))
+#define TARGET_IS_W2K12(_tctx) (torture_setting_bool(_tctx, "w2k12", false))
+#define TARGET_IS_WIN7(_tctx) (torture_setting_bool(_tctx, "win7", false))
+#define TARGET_IS_SAMBA3(_tctx) (torture_setting_bool(_tctx, "samba3", false))
+#define TARGET_IS_SAMBA4(_tctx) (torture_setting_bool(_tctx, "samba4", false))
+
+/**
+  setup a directory ready for a test
+*/
+_PUBLIC_ bool torture_setup_dir(struct smbcli_state *cli, const char *dname);
+NTSTATUS create_directory_handle(struct smbcli_tree *tree, const char *dname, int *fnum);
+
+/**
+  sometimes we need a fairly complex file to work with, so we can test
+  all possible attributes. 
+*/
+_PUBLIC_ int create_complex_file(struct smbcli_state *cli, TALLOC_CTX *mem_ctx, const char *fname);
+int create_complex_dir(struct smbcli_state *cli, TALLOC_CTX *mem_ctx, const char *dname);
+
+/**
+  check that a wire string matches the flags specified 
+  not 100% accurate, but close enough for testing
+*/
+bool wire_bad_flags(struct smb_wire_string *str, int flags, 
+		    struct smbcli_transport *transport);
+void dump_all_info(TALLOC_CTX *mem_ctx, union smb_fileinfo *finfo);
+void torture_all_info(struct smbcli_tree *tree, const char *fname);
+bool torture_set_file_attribute(struct smbcli_tree *tree, const char *fname, uint16_t attrib);
+NTSTATUS torture_set_sparse(struct smbcli_tree *tree, int fnum);
+NTSTATUS torture_check_ea(struct smbcli_state *cli, 
+			  const char *fname, const char *eaname, const char *value);
+_PUBLIC_ bool torture_open_connection_share(TALLOC_CTX *mem_ctx,
+				   struct smbcli_state **c, 
+				   struct torture_context *tctx,
+				   const char *hostname, 
+				   const char *sharename,
+				   struct tevent_context *ev);
+_PUBLIC_ bool torture_get_conn_index(int conn_index,
+				     TALLOC_CTX *mem_ctx,
+				     struct torture_context *tctx,
+				     char **host, char **share);
+_PUBLIC_ bool torture_open_connection_ev(struct smbcli_state **c,
+					 int conn_index,
+					 struct torture_context *tctx,
+					 struct tevent_context *ev);
+_PUBLIC_ bool torture_open_connection(struct smbcli_state **c, struct torture_context *tctx, int conn_index);
+_PUBLIC_ bool torture_close_connection(struct smbcli_state *c);
+_PUBLIC_ bool check_error(const char *location, struct smbcli_state *c, 
+		 uint8_t eclass, uint32_t ecode, NTSTATUS nterr);
+double torture_create_procs(struct torture_context *tctx, 
+							bool (*fn)(struct torture_context *, struct smbcli_state *, int), bool *result);
+_PUBLIC_ struct torture_test *torture_suite_add_smb_multi_test(
+									struct torture_suite *suite,
+									const char *name,
+									bool (*run) (struct torture_context *,
+												 struct smbcli_state *,
+												int i));
+_PUBLIC_ struct torture_test *torture_suite_add_2smb_test(
+									struct torture_suite *suite,
+									const char *name,
+									bool (*run) (struct torture_context *,
+												struct smbcli_state *,
+												struct smbcli_state *));
+_PUBLIC_ struct torture_test *torture_suite_add_1smb_test(
+				struct torture_suite *suite,
+				const char *name,
+				bool (*run) (struct torture_context *, struct smbcli_state *));
+NTSTATUS torture_second_tcon(TALLOC_CTX *mem_ctx,
+			     struct smbcli_session *session,
+			     const char *sharename,
+			     struct smbcli_tree **res);
+
+
+NTSTATUS torture_check_privilege(struct smbcli_state *cli, 
+				 const char *sid_str,
+				 const char *privilege);
+
+/*
+ * Use this to pass a 2nd user:
+ *
+ * --option='torture:user2name=user2'
+ * --option='torture:user2domain=domain2'
+ * --option='torture:user2password=password2'
+ */
+struct cli_credentials *torture_user2_credentials(struct torture_context *tctx,
+						  TALLOC_CTX *mem_ctx);
+
+#endif /* _TORTURE_UTIL_H_ */
diff --git a/source4/torture/util_smb.c b/source4/torture/util_smb.c
new file mode 100644
index 0000000..6924164
--- /dev/null
+++ b/source4/torture/util_smb.c
@@ -0,0 +1,1020 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB torture tester utility functions
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) Jelmer Vernooij 2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/cmdline/cmdline.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
+#include "../libcli/smb/smb_constants.h"
+#include "libcli/libcli.h"
+#include "system/filesys.h"
+#include "system/shmem.h"
+#include "system/wait.h"
+#include "system/time.h"
+#include "torture/torture.h"
+#include "../lib/util/dlinklist.h"
+#include "libcli/resolve/resolve.h"
+#include "param/param.h"
+#include "libcli/security/security.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/util/clilsa.h"
+#include "torture/util.h"
+#include "libcli/smb/smbXcli_base.h"
+#include "auth/credentials/credentials.h"
+#include "auth/credentials/credentials_krb5.h"
+
+/**
+  setup a directory ready for a test
+*/
+_PUBLIC_ bool torture_setup_dir(struct smbcli_state *cli, const char *dname)
+{
+	smb_raw_exit(cli->session);
+	if (smbcli_deltree(cli->tree, dname) == -1 ||
+	    NT_STATUS_IS_ERR(smbcli_mkdir(cli->tree, dname))) {
+		printf("Unable to setup %s - %s\n", dname, smbcli_errstr(cli->tree));
+		return false;
+	}
+	return true;
+}
+
+/*
+  create a directory, returning a handle to it
+*/
+NTSTATUS create_directory_handle(struct smbcli_tree *tree, const char *dname, int *fnum)
+{
+	NTSTATUS status;
+	union smb_open io;
+	TALLOC_CTX *mem_ctx;
+
+	mem_ctx = talloc_named_const(tree, 0, "create_directory_handle");
+
+	io.generic.level = RAW_OPEN_NTCREATEX;
+	io.ntcreatex.in.root_fid.fnum = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE | NTCREATEX_SHARE_ACCESS_DELETE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = dname;
+
+	status = smb_raw_open(tree, mem_ctx, &io);
+	talloc_free(mem_ctx);
+
+	if (NT_STATUS_IS_OK(status)) {
+		*fnum = io.ntcreatex.out.file.fnum;
+	}
+
+	return status;
+}
+
+
+/**
+  sometimes we need a fairly complex file to work with, so we can test
+  all possible attributes. 
+*/
+_PUBLIC_ int create_complex_file(struct smbcli_state *cli, TALLOC_CTX *mem_ctx, const char *fname)
+{
+	int fnum;
+	char buf[7] = "abc";
+	union smb_setfileinfo setfile;
+	union smb_fileinfo fileinfo;
+	time_t t = (time(NULL) & ~1);
+	NTSTATUS status;
+
+	smbcli_unlink(cli->tree, fname);
+	fnum = smbcli_nt_create_full(cli->tree, fname, 0, 
+				     SEC_RIGHTS_FILE_ALL,
+				     FILE_ATTRIBUTE_NORMAL,
+				     NTCREATEX_SHARE_ACCESS_DELETE|
+				     NTCREATEX_SHARE_ACCESS_READ|
+				     NTCREATEX_SHARE_ACCESS_WRITE, 
+				     NTCREATEX_DISP_OVERWRITE_IF,
+				     0, 0);
+	if (fnum == -1) return -1;
+
+	smbcli_write(cli->tree, fnum, 0, buf, 0, sizeof(buf));
+
+	if (strchr(fname, ':') == NULL) {
+		/* setup some EAs */
+		setfile.generic.level = RAW_SFILEINFO_EA_SET;
+		setfile.generic.in.file.fnum = fnum;
+		setfile.ea_set.in.num_eas = 2;	
+		setfile.ea_set.in.eas = talloc_array(mem_ctx, struct ea_struct, 2);
+		setfile.ea_set.in.eas[0].flags = 0;
+		setfile.ea_set.in.eas[0].name.s = "EAONE";
+		setfile.ea_set.in.eas[0].value = data_blob_talloc(mem_ctx, "VALUE1", 6);
+		setfile.ea_set.in.eas[1].flags = 0;
+		setfile.ea_set.in.eas[1].name.s = "SECONDEA";
+		setfile.ea_set.in.eas[1].value = data_blob_talloc(mem_ctx, "ValueTwo", 8);
+		status = smb_raw_setfileinfo(cli->tree, &setfile);
+		if (!NT_STATUS_IS_OK(status)) {
+			printf("Failed to setup EAs\n");
+		}
+	}
+
+	/* make sure all the timestamps aren't the same */
+	ZERO_STRUCT(setfile);
+	setfile.generic.level = RAW_SFILEINFO_BASIC_INFO;
+	setfile.generic.in.file.fnum = fnum;
+
+	unix_to_nt_time(&setfile.basic_info.in.create_time,
+	    t + 9*30*24*60*60);
+	unix_to_nt_time(&setfile.basic_info.in.access_time,
+	    t + 6*30*24*60*60);
+	unix_to_nt_time(&setfile.basic_info.in.write_time,
+	    t + 3*30*24*60*60);
+
+	status = smb_raw_setfileinfo(cli->tree, &setfile);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("Failed to setup file times - %s\n", nt_errstr(status));
+	}
+
+	/* make sure all the timestamps aren't the same */
+	fileinfo.generic.level = RAW_FILEINFO_BASIC_INFO;
+	fileinfo.generic.in.file.fnum = fnum;
+
+	status = smb_raw_fileinfo(cli->tree, mem_ctx, &fileinfo);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("Failed to query file times - %s\n", nt_errstr(status));
+	}
+
+	if (setfile.basic_info.in.create_time != fileinfo.basic_info.out.create_time) {
+		printf("create_time not setup correctly\n");
+	}
+	if (setfile.basic_info.in.access_time != fileinfo.basic_info.out.access_time) {
+		printf("access_time not setup correctly\n");
+	}
+	if (setfile.basic_info.in.write_time != fileinfo.basic_info.out.write_time) {
+		printf("write_time not setup correctly\n");
+	}
+
+	return fnum;
+}
+
+
+/*
+  sometimes we need a fairly complex directory to work with, so we can test
+  all possible attributes. 
+*/
+int create_complex_dir(struct smbcli_state *cli, TALLOC_CTX *mem_ctx, const char *dname)
+{
+	int fnum;
+	union smb_setfileinfo setfile;
+	union smb_fileinfo fileinfo;
+	time_t t = (time(NULL) & ~1);
+	NTSTATUS status;
+
+	smbcli_deltree(cli->tree, dname);
+	fnum = smbcli_nt_create_full(cli->tree, dname, 0, 
+				     SEC_RIGHTS_DIR_ALL,
+				     FILE_ATTRIBUTE_DIRECTORY,
+				     NTCREATEX_SHARE_ACCESS_READ|
+				     NTCREATEX_SHARE_ACCESS_WRITE, 
+				     NTCREATEX_DISP_OPEN_IF,
+				     NTCREATEX_OPTIONS_DIRECTORY, 0);
+	if (fnum == -1) return -1;
+
+	if (strchr(dname, ':') == NULL) {
+		/* setup some EAs */
+		setfile.generic.level = RAW_SFILEINFO_EA_SET;
+		setfile.generic.in.file.fnum = fnum;
+		setfile.ea_set.in.num_eas = 2;	
+		setfile.ea_set.in.eas = talloc_array(mem_ctx, struct ea_struct, 2);
+		setfile.ea_set.in.eas[0].flags = 0;
+		setfile.ea_set.in.eas[0].name.s = "EAONE";
+		setfile.ea_set.in.eas[0].value = data_blob_talloc(mem_ctx, "VALUE1", 6);
+		setfile.ea_set.in.eas[1].flags = 0;
+		setfile.ea_set.in.eas[1].name.s = "SECONDEA";
+		setfile.ea_set.in.eas[1].value = data_blob_talloc(mem_ctx, "ValueTwo", 8);
+		status = smb_raw_setfileinfo(cli->tree, &setfile);
+		if (!NT_STATUS_IS_OK(status)) {
+			printf("Failed to setup EAs\n");
+		}
+	}
+
+	/* make sure all the timestamps aren't the same */
+	ZERO_STRUCT(setfile);
+	setfile.generic.level = RAW_SFILEINFO_BASIC_INFO;
+	setfile.generic.in.file.fnum = fnum;
+
+	unix_to_nt_time(&setfile.basic_info.in.create_time,
+	    t + 9*30*24*60*60);
+	unix_to_nt_time(&setfile.basic_info.in.access_time,
+	    t + 6*30*24*60*60);
+	unix_to_nt_time(&setfile.basic_info.in.write_time,
+	    t + 3*30*24*60*60);
+
+	status = smb_raw_setfileinfo(cli->tree, &setfile);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("Failed to setup file times - %s\n", nt_errstr(status));
+	}
+
+	/* make sure all the timestamps aren't the same */
+	fileinfo.generic.level = RAW_FILEINFO_BASIC_INFO;
+	fileinfo.generic.in.file.fnum = fnum;
+
+	status = smb_raw_fileinfo(cli->tree, mem_ctx, &fileinfo);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("Failed to query file times - %s\n", nt_errstr(status));
+	}
+
+	if (setfile.basic_info.in.create_time != fileinfo.basic_info.out.create_time) {
+		printf("create_time not setup correctly\n");
+	}
+	if (setfile.basic_info.in.access_time != fileinfo.basic_info.out.access_time) {
+		printf("access_time not setup correctly\n");
+	}
+	if (setfile.basic_info.in.write_time != fileinfo.basic_info.out.write_time) {
+		printf("write_time not setup correctly\n");
+	}
+
+	return fnum;
+}
+
+/**
+  check that a wire string matches the flags specified 
+  not 100% accurate, but close enough for testing
+*/
+bool wire_bad_flags(struct smb_wire_string *str, int flags, 
+		    struct smbcli_transport *transport)
+{
+	bool server_unicode;
+	int len;
+	if (!str || !str->s) return true;
+	len = strlen(str->s);
+	if (flags & STR_TERMINATE) len++;
+
+	server_unicode = (transport->negotiate.capabilities&CAP_UNICODE)?true:false;
+	if (getenv("CLI_FORCE_ASCII") || !transport->options.unicode) {
+		server_unicode = false;
+	}
+
+	if ((flags & STR_UNICODE) || server_unicode) {
+		len *= 2;
+	} else if (flags & STR_TERMINATE_ASCII) {
+		len++;
+	}
+	if (str->private_length != len) {
+		printf("Expected wire_length %d but got %d for '%s'\n", 
+		       len, str->private_length, str->s);
+		return true;
+	}
+	return false;
+}
+
+/*
+  dump a all_info QFILEINFO structure
+*/
+void dump_all_info(TALLOC_CTX *mem_ctx, union smb_fileinfo *finfo)
+{
+	d_printf("\tcreate_time:    %s\n", nt_time_string(mem_ctx, finfo->all_info.out.create_time));
+	d_printf("\taccess_time:    %s\n", nt_time_string(mem_ctx, finfo->all_info.out.access_time));
+	d_printf("\twrite_time:     %s\n", nt_time_string(mem_ctx, finfo->all_info.out.write_time));
+	d_printf("\tchange_time:    %s\n", nt_time_string(mem_ctx, finfo->all_info.out.change_time));
+	d_printf("\tattrib:         0x%x\n", finfo->all_info.out.attrib);
+	d_printf("\talloc_size:     %llu\n", (long long)finfo->all_info.out.alloc_size);
+	d_printf("\tsize:           %llu\n", (long long)finfo->all_info.out.size);
+	d_printf("\tnlink:          %u\n", finfo->all_info.out.nlink);
+	d_printf("\tdelete_pending: %u\n", finfo->all_info.out.delete_pending);
+	d_printf("\tdirectory:      %u\n", finfo->all_info.out.directory);
+	d_printf("\tea_size:        %u\n", finfo->all_info.out.ea_size);
+	d_printf("\tfname:          '%s'\n", finfo->all_info.out.fname.s);
+}
+
+/*
+  dump file info by name
+*/
+void torture_all_info(struct smbcli_tree *tree, const char *fname)
+{
+	TALLOC_CTX *mem_ctx = talloc_named(tree, 0, "%s", fname);
+	union smb_fileinfo finfo;
+	NTSTATUS status;
+
+	finfo.generic.level = RAW_FILEINFO_ALL_INFO;
+	finfo.generic.in.file.path = fname;
+	status = smb_raw_pathinfo(tree, mem_ctx, &finfo);
+	if (!NT_STATUS_IS_OK(status)) {
+		d_printf("%s - %s\n", fname, nt_errstr(status));
+		return;
+	}
+
+	d_printf("%s:\n", fname);
+	dump_all_info(mem_ctx, &finfo);
+	talloc_free(mem_ctx);
+}
+
+
+/*
+  set a attribute on a file
+*/
+bool torture_set_file_attribute(struct smbcli_tree *tree, const char *fname, uint16_t attrib)
+{
+	union smb_setfileinfo sfinfo;
+	NTSTATUS status;
+
+	ZERO_STRUCT(sfinfo.basic_info.in);
+	sfinfo.basic_info.level = RAW_SFILEINFO_BASIC_INFORMATION;
+	sfinfo.basic_info.in.file.path = fname;
+	sfinfo.basic_info.in.attrib = attrib;
+	status = smb_raw_setpathinfo(tree, &sfinfo);
+	return NT_STATUS_IS_OK(status);
+}
+
+
+/*
+  set a file descriptor as sparse
+*/
+NTSTATUS torture_set_sparse(struct smbcli_tree *tree, int fnum)
+{
+	union smb_ioctl nt;
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx;
+
+	mem_ctx = talloc_named_const(tree, 0, "torture_set_sparse");
+	if (!mem_ctx) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	nt.ntioctl.level = RAW_IOCTL_NTIOCTL;
+	nt.ntioctl.in.function = FSCTL_SET_SPARSE;
+	nt.ntioctl.in.file.fnum = fnum;
+	nt.ntioctl.in.fsctl = true;
+	nt.ntioctl.in.filter = 0;
+	nt.ntioctl.in.max_data = 0;
+	nt.ntioctl.in.blob = data_blob(NULL, 0);
+
+	status = smb_raw_ioctl(tree, mem_ctx, &nt);
+
+	talloc_free(mem_ctx);
+
+	return status;
+}
+
+/*
+  check that an EA has the right value 
+*/
+NTSTATUS torture_check_ea(struct smbcli_state *cli, 
+			  const char *fname, const char *eaname, const char *value)
+{
+	union smb_fileinfo info;
+	NTSTATUS status;
+	struct ea_name ea;
+	TALLOC_CTX *mem_ctx = talloc_new(cli);
+
+	info.ea_list.level = RAW_FILEINFO_EA_LIST;
+	info.ea_list.in.file.path = fname;
+	info.ea_list.in.num_names = 1;
+	info.ea_list.in.ea_names = &ea;
+
+	ea.name.s = eaname;
+
+	status = smb_raw_pathinfo(cli->tree, mem_ctx, &info);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(mem_ctx);
+		return status;
+	}
+
+	if (info.ea_list.out.num_eas != 1) {
+		printf("Expected 1 ea in ea_list\n");
+		talloc_free(mem_ctx);
+		return NT_STATUS_EA_CORRUPT_ERROR;
+	}
+
+	if (strcasecmp_m(eaname, info.ea_list.out.eas[0].name.s) != 0) {
+		printf("Expected ea '%s' not '%s' in ea_list\n",
+		       eaname, info.ea_list.out.eas[0].name.s);
+		talloc_free(mem_ctx);
+		return NT_STATUS_EA_CORRUPT_ERROR;
+	}
+
+	if (value == NULL) {
+		if (info.ea_list.out.eas[0].value.length != 0) {
+			printf("Expected zero length ea for %s\n", eaname);
+			talloc_free(mem_ctx);
+			return NT_STATUS_EA_CORRUPT_ERROR;
+		}
+		talloc_free(mem_ctx);
+		return NT_STATUS_OK;
+	}
+
+	if (strlen(value) == info.ea_list.out.eas[0].value.length &&
+	    memcmp(value, info.ea_list.out.eas[0].value.data,
+		   info.ea_list.out.eas[0].value.length) == 0) {
+		talloc_free(mem_ctx);
+		return NT_STATUS_OK;
+	}
+
+	printf("Expected value '%s' not '%*.*s' for ea %s\n",
+	       value, 
+	       (int)info.ea_list.out.eas[0].value.length,
+	       (int)info.ea_list.out.eas[0].value.length,
+	       info.ea_list.out.eas[0].value.data,
+	       eaname);
+
+	talloc_free(mem_ctx);
+
+	return NT_STATUS_EA_CORRUPT_ERROR;
+}
+
+_PUBLIC_ bool torture_open_connection_share(TALLOC_CTX *mem_ctx,
+				   struct smbcli_state **c, 
+				   struct torture_context *tctx,
+				   const char *hostname, 
+				   const char *sharename,
+				   struct tevent_context *ev)
+{
+	NTSTATUS status;
+
+	struct smbcli_options options;
+	struct smbcli_session_options session_options;
+
+	lpcfg_smbcli_options(tctx->lp_ctx, &options);
+	lpcfg_smbcli_session_options(tctx->lp_ctx, &session_options);
+
+	options.use_oplocks = torture_setting_bool(tctx, "use_oplocks", true);
+	options.use_level2_oplocks = torture_setting_bool(tctx, "use_level2_oplocks", true);
+
+	status = smbcli_full_connection(mem_ctx, c, hostname, 
+					lpcfg_smb_ports(tctx->lp_ctx),
+					sharename, NULL,
+					lpcfg_socket_options(tctx->lp_ctx),
+					samba_cmdline_get_creds(),
+					lpcfg_resolve_context(tctx->lp_ctx),
+					ev, &options, &session_options,
+					lpcfg_gensec_settings(tctx, tctx->lp_ctx));
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("Failed to open connection - %s\n", nt_errstr(status));
+		return false;
+	}
+
+	return true;
+}
+
+_PUBLIC_ bool torture_get_conn_index(int conn_index,
+				     TALLOC_CTX *mem_ctx,
+				     struct torture_context *tctx,
+				     char **host, char **share)
+{
+	char **unc_list = NULL;
+	int num_unc_names = 0;
+	const char *p;
+
+	(*host) = talloc_strdup(mem_ctx, torture_setting_string(tctx, "host", NULL));
+	(*share) = talloc_strdup(mem_ctx, torture_setting_string(tctx, "share", NULL));
+	
+	p = torture_setting_string(tctx, "unclist", NULL);
+	if (!p) {
+		return true;
+	}
+
+	unc_list = file_lines_load(p, &num_unc_names, 0, NULL);
+	if (!unc_list || num_unc_names <= 0) {
+		DEBUG(0,("Failed to load unc names list from '%s'\n", p));
+		return false;
+	}
+
+	p = unc_list[conn_index % num_unc_names];
+	if (p[0] != '/' && p[0] != '\\') {
+		/* allow UNC lists of hosts */
+		(*host) = talloc_strdup(mem_ctx, p);
+	} else if (!smbcli_parse_unc(p, mem_ctx, host, share)) {
+		DEBUG(0, ("Failed to parse UNC name %s\n",
+			  unc_list[conn_index % num_unc_names]));
+		return false;
+	}
+
+	talloc_free(unc_list);
+	return true;
+}
+
+
+
+_PUBLIC_ bool torture_open_connection_ev(struct smbcli_state **c,
+					 int conn_index,
+					 struct torture_context *tctx,
+					 struct tevent_context *ev)
+{
+	char *host, *share;
+	bool ret;
+
+	if (!torture_get_conn_index(conn_index, ev, tctx, &host, &share)) {
+		return false;
+	}
+
+	ret = torture_open_connection_share(NULL, c, tctx, host, share, ev);
+	talloc_free(host);
+	talloc_free(share);
+
+	return ret;
+}
+
+_PUBLIC_ bool torture_open_connection(struct smbcli_state **c, struct torture_context *tctx, int conn_index)
+{
+	return torture_open_connection_ev(c, conn_index, tctx, tctx->ev);
+}
+
+
+
+_PUBLIC_ bool torture_close_connection(struct smbcli_state *c)
+{
+	bool ret = true;
+	if (!c) return true;
+	if (NT_STATUS_IS_ERR(smbcli_tdis(c))) {
+		printf("tdis failed (%s)\n", smbcli_errstr(c->tree));
+		ret = false;
+	}
+	talloc_free(c);
+	return ret;
+}
+
+
+/* check if the server produced the expected error code */
+_PUBLIC_ bool check_error(const char *location, struct smbcli_state *c, 
+		 uint8_t eclass, uint32_t ecode, NTSTATUS nterr)
+{
+	NTSTATUS status;
+	
+	status = smbcli_nt_error(c->tree);
+	if (NT_STATUS_IS_DOS(status)) {
+		int classnum, num;
+		classnum = NT_STATUS_DOS_CLASS(status);
+		num = NT_STATUS_DOS_CODE(status);
+                if (eclass != classnum || ecode != num) {
+                        printf("unexpected error code %s\n", nt_errstr(status));
+                        printf(" expected %s or %s (at %s)\n", 
+			       nt_errstr(NT_STATUS_DOS(eclass, ecode)), 
+                               nt_errstr(nterr), location);
+                        return false;
+                }
+        } else {
+                if (!NT_STATUS_EQUAL(nterr, status)) {
+                        printf("unexpected error code %s\n", nt_errstr(status));
+                        printf(" expected %s (at %s)\n", nt_errstr(nterr), location);
+                        return false;
+                }
+        }
+
+	return true;
+}
+
+static struct smbcli_state *current_cli;
+static int procnum; /* records process count number when forking */
+
+static void sigcont(int sig)
+{
+}
+
+struct child_status {
+	pid_t pid;
+	bool start;
+	enum torture_result result;
+	char reason[1024];
+};
+
+double torture_create_procs(struct torture_context *tctx,
+	bool (*fn)(struct torture_context *, struct smbcli_state *, int),
+	bool *result)
+{
+	int status;
+	size_t i;
+	struct child_status *child_status;
+	size_t synccount;
+	size_t tries = 8;
+	size_t torture_nprocs = torture_setting_int(tctx, "nprocs", 4);
+	double start_time_limit = 10 + (torture_nprocs * 1.5);
+	struct timeval tv;
+
+	*result = true;
+
+	synccount = 0;
+
+	signal(SIGCONT, sigcont);
+
+	child_status = (struct child_status *)anonymous_shared_allocate(
+				sizeof(struct child_status)*torture_nprocs);
+	if (child_status == NULL) {
+		printf("Failed to setup shared memory\n");
+		return -1;
+	}
+
+	for (i = 0; i < torture_nprocs; i++) {
+		ZERO_STRUCT(child_status[i]);
+	}
+
+	tv = timeval_current();
+
+	for (i=0;i<torture_nprocs;i++) {
+		procnum = i;
+		if (fork() == 0) {
+			char *myname;
+			bool ok;
+
+			pid_t mypid = getpid();
+			srandom(((int)mypid) ^ ((int)time(NULL)));
+
+			if (asprintf(&myname, "CLIENT%zu", i) == -1) {
+				printf("asprintf failed\n");
+				return -1;
+			}
+			lpcfg_set_cmdline(tctx->lp_ctx, "netbios name", myname);
+			free(myname);
+
+
+			while (1) {
+				if (torture_open_connection(&current_cli, tctx, i)) {
+					break;
+				}
+				if (tries-- == 0) {
+					printf("pid %d failed to start\n", (int)getpid());
+					_exit(1);
+				}
+				smb_msleep(100);	
+			}
+
+			child_status[i].pid = getpid();
+
+			pause();
+
+			if (!child_status[i].start) {
+				child_status[i].result = TORTURE_ERROR;
+				printf("Child %zu failed to start!\n", i);
+				_exit(1);
+			}
+
+			ok = fn(tctx, current_cli, i);
+			if (!ok) {
+				if (tctx->last_result == TORTURE_OK) {
+					torture_result(tctx, TORTURE_ERROR,
+						"unknown error: missing "
+						"torture_result call?\n");
+				}
+
+				child_status[i].result = tctx->last_result;
+
+				if (strlen(tctx->last_reason) > 1023) {
+					/* note: reason already contains \n */
+					torture_comment(tctx,
+						"child %zu (pid %u) failed: %s",
+						i,
+						(unsigned)child_status[i].pid,
+						tctx->last_reason);
+				}
+
+				snprintf(child_status[i].reason,
+					 1024, "child %zu (pid %u) failed: %s",
+					 i, (unsigned)child_status[i].pid,
+					 tctx->last_reason);
+				/* ensure proper "\n\0" termination: */
+				if (child_status[i].reason[1022] != '\0') {
+					child_status[i].reason[1022] = '\n';
+					child_status[i].reason[1023] = '\0';
+				}
+			}
+			_exit(0);
+		}
+	}
+
+	do {
+		synccount = 0;
+		for (i=0;i<torture_nprocs;i++) {
+			if (child_status[i].pid != 0) {
+				synccount++;
+			}
+		}
+		if (synccount == torture_nprocs) {
+			break;
+		}
+		smb_msleep(100);
+	} while (timeval_elapsed(&tv) < start_time_limit);
+
+	if (synccount != torture_nprocs) {
+		printf("FAILED TO START %zu CLIENTS (started %zu)\n", torture_nprocs, synccount);
+
+		/* cleanup child processes */
+		for (i = 0; i < torture_nprocs; i++) {
+			if (child_status[i].pid != 0) {
+				kill(child_status[i].pid, SIGTERM);
+			}
+		}
+
+		*result = false;
+		return timeval_elapsed(&tv);
+	}
+
+	printf("Starting %zu clients\n", torture_nprocs);
+
+	/* start the client load */
+	tv = timeval_current();
+	for (i=0;i<torture_nprocs;i++) {
+		child_status[i].start = true;
+	}
+
+	printf("%zu clients started\n", torture_nprocs);
+
+	kill(0, SIGCONT);
+
+	for (i=0;i<torture_nprocs;i++) {
+		int ret;
+		while ((ret=waitpid(0, &status, 0)) == -1 && errno == EINTR) /* noop */ ;
+		if (ret == -1 || WEXITSTATUS(status) != 0) {
+			*result = false;
+		}
+	}
+
+	printf("\n");
+
+	for (i=0;i<torture_nprocs;i++) {
+		if (child_status[i].result != TORTURE_OK) {
+			*result = false;
+			torture_result(tctx, child_status[i].result,
+				       "%s", child_status[i].reason);
+		}
+	}
+
+	return timeval_elapsed(&tv);
+}
+
+static bool wrap_smb_multi_test(struct torture_context *torture,
+								struct torture_tcase *tcase,
+								struct torture_test *test)
+{
+	bool (*fn)(struct torture_context *, struct smbcli_state *, int ) = test->fn;
+	bool result;
+
+	torture_create_procs(torture, fn, &result);
+
+	return result;
+}
+
+_PUBLIC_ struct torture_test *torture_suite_add_smb_multi_test(
+									struct torture_suite *suite,
+									const char *name,
+									bool (*run) (struct torture_context *,
+												 struct smbcli_state *,
+												int i))
+{
+	struct torture_test *test; 
+	struct torture_tcase *tcase;
+	
+	tcase = torture_suite_add_tcase(suite, name);
+
+	test = talloc(tcase, struct torture_test);
+
+	test->name = talloc_strdup(test, name);
+	test->description = NULL;
+	test->run = wrap_smb_multi_test;
+	test->fn = run;
+	test->dangerous = false;
+
+	DLIST_ADD_END(tcase->tests, test);
+
+	return test;
+
+}
+
+static bool wrap_simple_2smb_test(struct torture_context *torture_ctx,
+									struct torture_tcase *tcase,
+									struct torture_test *test)
+{
+	bool (*fn) (struct torture_context *, struct smbcli_state *,
+				struct smbcli_state *);
+	bool ret = true;
+
+	struct smbcli_state *cli1 = NULL, *cli2 = NULL;
+
+	torture_assert_goto(torture_ctx, torture_open_connection(&cli1, torture_ctx, 0), ret, fail, "Failed to open connection");
+	torture_assert_goto(torture_ctx, torture_open_connection(&cli2, torture_ctx, 1), ret, fail, "Failed to open connection");
+
+	fn = test->fn;
+
+	ret = fn(torture_ctx, cli1, cli2);
+fail:
+	talloc_free(cli1);
+	talloc_free(cli2);
+
+	return ret;
+}
+
+
+
+_PUBLIC_ struct torture_test *torture_suite_add_2smb_test(
+									struct torture_suite *suite,
+									const char *name,
+									bool (*run) (struct torture_context *,
+												struct smbcli_state *,
+												struct smbcli_state *))
+{
+	struct torture_test *test; 
+	struct torture_tcase *tcase;
+	
+	tcase = torture_suite_add_tcase(suite, name);
+
+	test = talloc(tcase, struct torture_test);
+
+	test->name = talloc_strdup(test, name);
+	test->description = NULL;
+	test->run = wrap_simple_2smb_test;
+	test->fn = run;
+	test->dangerous = false;
+
+	DLIST_ADD_END(tcase->tests, test);
+
+	return test;
+
+}
+
+static bool wrap_simple_1smb_test(struct torture_context *torture_ctx,
+									struct torture_tcase *tcase,
+									struct torture_test *test)
+{
+	bool (*fn) (struct torture_context *, struct smbcli_state *);
+	bool ret = true;
+
+	struct smbcli_state *cli1 = NULL;
+
+	torture_assert_goto(torture_ctx, torture_open_connection(&cli1, torture_ctx, 0), ret, fail, "Failed to open connection");
+
+	fn = test->fn;
+
+	ret = fn(torture_ctx, cli1);
+fail:
+	talloc_free(cli1);
+
+	return ret;
+}
+
+_PUBLIC_ struct torture_test *torture_suite_add_1smb_test(
+				struct torture_suite *suite,
+				const char *name,
+				bool (*run) (struct torture_context *, struct smbcli_state *))
+{
+	struct torture_test *test; 
+	struct torture_tcase *tcase;
+	
+	tcase = torture_suite_add_tcase(suite, name);
+
+	test = talloc(tcase, struct torture_test);
+
+	test->name = talloc_strdup(test, name);
+	test->description = NULL;
+	test->run = wrap_simple_1smb_test;
+	test->fn = run;
+	test->dangerous = false;
+
+	DLIST_ADD_END(tcase->tests, test);
+
+	return test;
+}
+
+
+NTSTATUS torture_second_tcon(TALLOC_CTX *mem_ctx,
+			     struct smbcli_session *session,
+			     const char *sharename,
+			     struct smbcli_tree **res)
+{
+	union smb_tcon tcon;
+	struct smbcli_tree *result;
+	TALLOC_CTX *tmp_ctx;
+	NTSTATUS status;
+
+	if ((tmp_ctx = talloc_new(mem_ctx)) == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	result = smbcli_tree_init(session, tmp_ctx, false);
+	if (result == NULL) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	tcon.generic.level = RAW_TCON_TCONX;
+	tcon.tconx.in.flags = TCONX_FLAG_EXTENDED_RESPONSE;
+	tcon.tconx.in.flags |= TCONX_FLAG_EXTENDED_SIGNATURES;
+
+	/* Ignore share mode security here */
+	tcon.tconx.in.password = data_blob(NULL, 0);
+	tcon.tconx.in.path = sharename;
+	tcon.tconx.in.device = "?????";
+
+	status = smb_raw_tcon(result, tmp_ctx, &tcon);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(tmp_ctx);
+		return status;
+	}
+
+	result->tid = tcon.tconx.out.tid;
+
+	if (tcon.tconx.out.options & SMB_EXTENDED_SIGNATURES) {
+		smb1cli_session_protect_session_key(result->session->smbXcli);
+	}
+
+	*res = talloc_steal(mem_ctx, result);
+	talloc_free(tmp_ctx);
+	return NT_STATUS_OK;
+}
+
+/* 
+   a wrapper around smblsa_sid_check_privilege, that tries to take
+   account of the fact that the lsa privileges calls don't expand
+   group memberships, using an explicit check for administrator. There
+   must be a better way ...
+ */
+NTSTATUS torture_check_privilege(struct smbcli_state *cli, 
+				 const char *sid_str,
+				 const char *privilege)
+{
+	struct dom_sid *sid;
+	TALLOC_CTX *tmp_ctx = talloc_new(cli);
+	uint32_t rid;
+	NTSTATUS status;
+
+	sid = dom_sid_parse_talloc(tmp_ctx, sid_str);
+	if (sid == NULL) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_INVALID_SID;
+	}
+
+	status = dom_sid_split_rid(tmp_ctx, sid, NULL, &rid);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(tmp_ctx);
+		return status;
+	}
+
+	if (rid == DOMAIN_RID_ADMINISTRATOR) {
+		/* assume the administrator has them all */
+		return NT_STATUS_OK;
+	}
+
+	talloc_free(tmp_ctx);
+
+	return smblsa_sid_check_privilege(cli, sid_str, privilege);
+}
+
+/*
+ * Use this to pass a 2nd user:
+ *
+ * --option='torture:user2name=user2'
+ * --option='torture:user2domain=domain2'
+ * --option='torture:user2password=password2'
+ */
+struct cli_credentials *torture_user2_credentials(struct torture_context *tctx,
+						  TALLOC_CTX *mem_ctx)
+{
+	struct cli_credentials *credentials1 = samba_cmdline_get_creds();
+	const char *user1domain = cli_credentials_get_domain(credentials1);
+	const char *user2name = torture_setting_string(tctx, "user2name", NULL);
+	const char *user2domain = torture_setting_string(tctx, "user2domain", user1domain);
+	const char *user2password = torture_setting_string(tctx, "user2password", NULL);
+	struct cli_credentials *credentials2 = NULL;
+
+	credentials2 = cli_credentials_shallow_copy(mem_ctx, credentials1);
+	if (credentials2 == NULL) {
+		torture_comment(tctx,
+				"%s: cli_credentials_shallow_copy() failed\n",
+				__func__);
+		return NULL;
+	}
+	if (user2name != NULL) {
+		torture_comment(tctx,
+				"Using "
+				"'torture:user2name'='%s' "
+				"'torture:user2domain'='%s' "
+				"'torture:user2password'='REDACTED'",
+				user2name,
+				user2domain);
+		cli_credentials_set_username(credentials2, user2name, CRED_SPECIFIED);
+		cli_credentials_set_domain(credentials2, user2domain, CRED_SPECIFIED);
+		cli_credentials_set_password(credentials2, user2password, CRED_SPECIFIED);
+	} else {
+		torture_comment(tctx,
+				"Fallback to anonymous for "
+				"'torture:user2name'=NULL "
+				"'torture:user2domain'='%s' "
+				"'torture:user2password'='REDACTED'",
+				user2domain);
+		cli_credentials_set_anonymous(credentials2);
+	}
+
+	return credentials2;
+}
diff --git a/source4/torture/vfs/acl_xattr.c b/source4/torture/vfs/acl_xattr.c
new file mode 100644
index 0000000..1deb2b3
--- /dev/null
+++ b/source4/torture/vfs/acl_xattr.c
@@ -0,0 +1,281 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Ralph Boehme 2016
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/cmdline/cmdline.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "libcli/smb/smbXcli_base.h"
+#include "torture/torture.h"
+#include "torture/vfs/proto.h"
+#include "libcli/resolve/resolve.h"
+#include "torture/util.h"
+#include "torture/smb2/proto.h"
+#include "libcli/security/security.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "lib/param/param.h"
+
+#define BASEDIR "smb2-testsd"
+
+#define CHECK_SECURITY_DESCRIPTOR(_sd1, _sd2) do { \
+	if (!security_descriptor_equal(_sd1, _sd2)) { \
+		torture_warning(tctx, "security descriptors don't match!\n"); \
+		torture_warning(tctx, "got:\n"); \
+		NDR_PRINT_DEBUG(security_descriptor, _sd1); \
+		torture_warning(tctx, "expected:\n"); \
+		NDR_PRINT_DEBUG(security_descriptor, _sd2); \
+		torture_result(tctx, TORTURE_FAIL, \
+			       "%s: security descriptors don't match!\n", \
+			       __location__); \
+		ret = false; \
+	} \
+} while (0)
+
+static bool test_default_acl_posix(struct torture_context *tctx,
+				   struct smb2_tree *tree_unused)
+{
+	struct smb2_tree *tree = NULL;
+	NTSTATUS status;
+	bool ok;
+	bool ret = true;
+	const char *dname = BASEDIR "\\testdir";
+	const char *fname = BASEDIR "\\testdir\\testfile";
+	struct smb2_handle fhandle = {{0}};
+	struct smb2_handle dhandle = {{0}};
+	union smb_fileinfo q;
+	union smb_setfileinfo set;
+	struct security_descriptor *sd = NULL;
+	struct security_descriptor *exp_sd = NULL;
+	char *owner_sid = NULL;
+	char *group_sid = NULL;
+
+	ok = torture_smb2_con_share(tctx, "acl_xattr_ign_sysacl_posix", &tree);
+	torture_assert_goto(tctx, ok == true, ret, done,
+			    "Unable to connect to 'acl_xattr_ign_sysacl_posix'\n");
+
+	ok = smb2_util_setup_dir(tctx, tree, BASEDIR);
+	torture_assert_goto(tctx, ok == true, ret, done, "Unable to setup testdir\n");
+
+	ZERO_STRUCT(dhandle);
+	status = torture_smb2_testdir(tree, dname, &dhandle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "torture_smb2_testdir\n");
+
+	torture_comment(tctx, "Get the original sd\n");
+
+	ZERO_STRUCT(q);
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.handle = dhandle;
+	q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER | SECINFO_GROUP;
+	status = smb2_getinfo_file(tree, tctx, &q);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_getinfo_file\n");
+
+	sd = q.query_secdesc.out.sd;
+	owner_sid = dom_sid_string(tctx, sd->owner_sid);
+	group_sid = dom_sid_string(tctx, sd->group_sid);
+	torture_comment(tctx, "owner [%s] group [%s]\n", owner_sid, group_sid);
+
+	torture_comment(tctx, "Set ACL with no inheritable ACE\n");
+
+	sd = security_descriptor_dacl_create(tctx,
+					     0, NULL, NULL,
+					     owner_sid,
+					     SEC_ACE_TYPE_ACCESS_ALLOWED,
+					     SEC_RIGHTS_DIR_ALL,
+					     0,
+					     NULL);
+
+	ZERO_STRUCT(set);
+	set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+	set.set_secdesc.in.file.handle = dhandle;
+	set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+	set.set_secdesc.in.sd = sd;
+	status = smb2_setinfo_file(tree, &set);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_setinfo_file\n");
+
+	TALLOC_FREE(sd);
+	smb2_util_close(tree, dhandle);
+
+	torture_comment(tctx, "Create file\n");
+
+	ZERO_STRUCT(fhandle);
+	status = torture_smb2_testfile(tree, fname, &fhandle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_create_complex_file\n");
+
+	torture_comment(tctx, "Query file SD\n");
+
+	ZERO_STRUCT(q);
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.handle = fhandle;
+	q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER | SECINFO_GROUP;
+	status = smb2_getinfo_file(tree, tctx, &q);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_getinfo_file\n");
+	sd = q.query_secdesc.out.sd;
+
+	smb2_util_close(tree, fhandle);
+	ZERO_STRUCT(fhandle);
+
+	torture_comment(tctx, "Checking actual file SD against expected SD\n");
+
+	exp_sd = security_descriptor_dacl_create(
+		tctx, 0, owner_sid, group_sid,
+		owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_RIGHTS_FILE_ALL, 0,
+		group_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, FILE_GENERIC_READ|FILE_GENERIC_WRITE|FILE_GENERIC_EXECUTE, 0,
+		SID_WORLD, SEC_ACE_TYPE_ACCESS_ALLOWED, FILE_GENERIC_READ|FILE_GENERIC_WRITE|FILE_GENERIC_EXECUTE, 0,
+		SID_NT_SYSTEM, SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_RIGHTS_FILE_ALL, 0,
+		NULL);
+
+	CHECK_SECURITY_DESCRIPTOR(sd, exp_sd);
+
+done:
+	if (!smb2_util_handle_empty(fhandle)) {
+		smb2_util_close(tree, fhandle);
+	}
+	if (!smb2_util_handle_empty(dhandle)) {
+		smb2_util_close(tree, dhandle);
+	}
+	if (tree != NULL) {
+		smb2_deltree(tree, BASEDIR);
+		smb2_tdis(tree);
+	}
+
+	return ret;
+}
+
+static bool test_default_acl_win(struct torture_context *tctx,
+				   struct smb2_tree *tree_unused)
+{
+	struct smb2_tree *tree = NULL;
+	NTSTATUS status;
+	bool ok;
+	bool ret = true;
+	const char *dname = BASEDIR "\\testdir";
+	const char *fname = BASEDIR "\\testdir\\testfile";
+	struct smb2_handle fhandle = {{0}};
+	struct smb2_handle dhandle = {{0}};
+	union smb_fileinfo q;
+	union smb_setfileinfo set;
+	struct security_descriptor *sd = NULL;
+	struct security_descriptor *exp_sd = NULL;
+	char *owner_sid = NULL;
+	char *group_sid = NULL;
+
+	ok = torture_smb2_con_share(tctx, "acl_xattr_ign_sysacl_windows", &tree);
+	torture_assert_goto(tctx, ok == true, ret, done,
+			    "Unable to connect to 'acl_xattr_ign_sysacl_windows'\n");
+
+	ok = smb2_util_setup_dir(tctx, tree, BASEDIR);
+	torture_assert_goto(tctx, ok == true, ret, done, "Unable to setup testdir\n");
+
+	ZERO_STRUCT(dhandle);
+	status = torture_smb2_testdir(tree, dname, &dhandle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "torture_smb2_testdir\n");
+
+	torture_comment(tctx, "Get the original sd\n");
+
+	ZERO_STRUCT(q);
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.handle = dhandle;
+	q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER | SECINFO_GROUP;
+	status = smb2_getinfo_file(tree, tctx, &q);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_getinfo_file\n");
+
+	sd = q.query_secdesc.out.sd;
+	owner_sid = dom_sid_string(tctx, sd->owner_sid);
+	group_sid = dom_sid_string(tctx, sd->group_sid);
+	torture_comment(tctx, "owner [%s] group [%s]\n", owner_sid, group_sid);
+
+	torture_comment(tctx, "Set ACL with no inheritable ACE\n");
+
+	sd = security_descriptor_dacl_create(tctx,
+					     0, NULL, NULL,
+					     owner_sid,
+					     SEC_ACE_TYPE_ACCESS_ALLOWED,
+					     SEC_RIGHTS_DIR_ALL,
+					     0,
+					     NULL);
+
+	ZERO_STRUCT(set);
+	set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+	set.set_secdesc.in.file.handle = dhandle;
+	set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+	set.set_secdesc.in.sd = sd;
+	status = smb2_setinfo_file(tree, &set);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_setinfo_file\n");
+
+	TALLOC_FREE(sd);
+	smb2_util_close(tree, dhandle);
+
+	torture_comment(tctx, "Create file\n");
+
+	ZERO_STRUCT(fhandle);
+	status = torture_smb2_testfile(tree, fname, &fhandle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_create_complex_file\n");
+
+	torture_comment(tctx, "Query file SD\n");
+
+	ZERO_STRUCT(q);
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.handle = fhandle;
+	q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER | SECINFO_GROUP;
+	status = smb2_getinfo_file(tree, tctx, &q);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_getinfo_file\n");
+	sd = q.query_secdesc.out.sd;
+
+	smb2_util_close(tree, fhandle);
+	ZERO_STRUCT(fhandle);
+
+	torture_comment(tctx, "Checking actual file SD against expected SD\n");
+
+	exp_sd = security_descriptor_dacl_create(
+		tctx, 0, owner_sid, group_sid,
+		owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_RIGHTS_FILE_ALL, 0,
+		SID_NT_SYSTEM, SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_RIGHTS_FILE_ALL, 0,
+		NULL);
+
+	CHECK_SECURITY_DESCRIPTOR(sd, exp_sd);
+
+done:
+	if (!smb2_util_handle_empty(fhandle)) {
+		smb2_util_close(tree, fhandle);
+	}
+	if (!smb2_util_handle_empty(dhandle)) {
+		smb2_util_close(tree, dhandle);
+	}
+	if (tree != NULL) {
+		smb2_deltree(tree, BASEDIR);
+		smb2_tdis(tree);
+	}
+
+	return ret;
+}
+
+/*
+   basic testing of vfs_acl_xattr
+*/
+struct torture_suite *torture_acl_xattr(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "acl_xattr");
+
+	torture_suite_add_1smb2_test(suite, "default-acl-style-posix", test_default_acl_posix);
+	torture_suite_add_1smb2_test(suite, "default-acl-style-windows", test_default_acl_win);
+
+	suite->description = talloc_strdup(suite, "vfs_acl_xattr tests");
+
+	return suite;
+}
diff --git a/source4/torture/vfs/fruit.c b/source4/torture/vfs/fruit.c
new file mode 100644
index 0000000..b9cab0c
--- /dev/null
+++ b/source4/torture/vfs/fruit.c
@@ -0,0 +1,8839 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   vfs_fruit tests
+
+   Copyright (C) Ralph Boehme 2014
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "libcli/libcli.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "libcli/smb/smb2_create_ctx.h"
+#include "lib/cmdline/cmdline.h"
+#include "param/param.h"
+#include "libcli/resolve/resolve.h"
+#include "MacExtensions.h"
+#include "lib/util/tsort.h"
+
+#include "torture/torture.h"
+#include "torture/util.h"
+#include "torture/smb2/proto.h"
+#include "torture/vfs/proto.h"
+#include "librpc/gen_ndr/ndr_ioctl.h"
+#include "libcli/security/dom_sid.h"
+#include "../librpc/gen_ndr/ndr_security.h"
+#include "libcli/security/secace.h"
+#include "libcli/security/security_descriptor.h"
+
+#define BASEDIR "vfs_fruit_dir"
+#define FNAME_CC_SRC "testfsctl.dat"
+#define FNAME_CC_DST "testfsctl2.dat"
+
+#define CHECK_STATUS(status, correct) do { \
+	if (!NT_STATUS_EQUAL(status, correct)) { \
+		torture_result(tctx, TORTURE_FAIL, \
+		    "(%s) Incorrect status %s - should be %s\n", \
+		    __location__, nt_errstr(status), nt_errstr(correct)); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+#define CHECK_VALUE(v, correct) do { \
+	if ((v) != (correct)) { \
+		torture_result(tctx, TORTURE_FAIL, \
+			       "(%s) Incorrect value %s=%u - should be %u\n", \
+			       __location__, #v, (unsigned)v, (unsigned)correct); \
+		ret = false; \
+		goto done; \
+	}} while (0)
+
+static bool check_stream_list(struct smb2_tree *tree,
+			      struct torture_context *tctx,
+			      const char *fname,
+			      int num_exp,
+			      const char **exp,
+			      bool is_dir);
+
+static int qsort_string(char * const *s1, char * const *s2)
+{
+	return strcmp(*s1, *s2);
+}
+
+static int qsort_stream(const struct stream_struct * s1, const struct stream_struct *s2)
+{
+	return strcmp(s1->stream_name.s, s2->stream_name.s);
+}
+
+/*
+ * REVIEW:
+ * This is hokey, but what else can we do?
+ */
+#if defined(HAVE_ATTROPEN) || defined(FREEBSD)
+#define AFPINFO_EA_NETATALK "org.netatalk.Metadata"
+#define AFPRESOURCE_EA_NETATALK "org.netatalk.ResourceFork"
+#else
+#define AFPINFO_EA_NETATALK "user.org.netatalk.Metadata"
+#define AFPRESOURCE_EA_NETATALK "user.org.netatalk.ResourceFork"
+#endif
+
+/*
+The metadata xattr char buf below contains the following attributes:
+
+-------------------------------------------------------------------------------
+Entry ID   : 00000008 : File Dates Info
+Offset     : 00000162 : 354
+Length     : 00000010 : 16
+
+-DATE------:          : (GMT)                    : (Local)
+create     : 1B442169 : Mon Jun 30 13:23:53 2014 : Mon Jun 30 15:23:53 2014
+modify     : 1B442169 : Mon Jun 30 13:23:53 2014 : Mon Jun 30 15:23:53 2014
+backup     : 80000000 : Unknown or Initial
+access     : 1B442169 : Mon Jun 30 13:23:53 2014 : Mon Jun 30 15:23:53 2014
+
+-RAW DUMP--:  0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F : (ASCII)
+00000000   : 1B 44 21 69 1B 44 21 69 80 00 00 00 1B 44 21 69 : .D!i.D!i.....D!i
+
+-------------------------------------------------------------------------------
+Entry ID   : 00000009 : Finder Info
+Offset     : 0000007A : 122
+Length     : 00000020 : 32
+
+-FInfo-----:
+Type       : 42415252 : BARR
+Creator    : 464F4F4F : FOOO
+isAlias    : 0
+Invisible  : 1
+hasBundle  : 0
+nameLocked : 0
+Stationery : 0
+CustomIcon : 0
+Reserved   : 0
+Inited     : 0
+NoINITS    : 0
+Shared     : 0
+SwitchLaunc: 0
+Hidden Ext : 0
+color      : 000      : none
+isOnDesk   : 0
+Location v : 0000     : 0
+Location h : 0000     : 0
+Fldr       : 0000     : ..
+
+-FXInfo----:
+Rsvd|IconID: 0000     : 0
+Rsvd       : 0000     : ..
+Rsvd       : 0000     : ..
+Rsvd       : 0000     : ..
+AreInvalid : 0
+unknown bit: 0
+unknown bit: 0
+unknown bit: 0
+unknown bit: 0
+unknown bit: 0
+unknown bit: 0
+CustomBadge: 0
+ObjctIsBusy: 0
+unknown bit: 0
+unknown bit: 0
+unknown bit: 0
+unknown bit: 0
+RoutingInfo: 0
+unknown bit: 0
+unknown bit: 0
+Rsvd|commnt: 0000     : 0
+PutAway    : 00000000 : 0
+
+-RAW DUMP--:  0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F : (ASCII)
+00000000   : 42 41 52 52 46 4F 4F 4F 40 00 00 00 00 00 00 00 : BARRFOOO@.......
+00000010   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+
+-------------------------------------------------------------------------------
+Entry ID   : 0000000E : AFP File Info
+Offset     : 00000172 : 370
+Length     : 00000004 : 4
+
+-RAW DUMP--:  0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F : (ASCII)
+00000000   : 00 00 01 A1                                     : ....
+ */
+
+char metadata_xattr[] = {
+	0x00, 0x05, 0x16, 0x07, 0x00, 0x02, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x08, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00,
+	0x00, 0x9a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x08, 0x00, 0x00, 0x01, 0x62, 0x00, 0x00,
+	0x00, 0x10, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00,
+	0x00, 0x7a, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00,
+	0x00, 0x0e, 0x00, 0x00, 0x01, 0x72, 0x00, 0x00,
+	0x00, 0x04, 0x80, 0x44, 0x45, 0x56, 0x00, 0x00,
+	0x01, 0x76, 0x00, 0x00, 0x00, 0x08, 0x80, 0x49,
+	0x4e, 0x4f, 0x00, 0x00, 0x01, 0x7e, 0x00, 0x00,
+	0x00, 0x08, 0x80, 0x53, 0x59, 0x4e, 0x00, 0x00,
+	0x01, 0x86, 0x00, 0x00, 0x00, 0x08, 0x80, 0x53,
+	0x56, 0x7e, 0x00, 0x00, 0x01, 0x8e, 0x00, 0x00,
+	0x00, 0x04, 0x42, 0x41, 0x52, 0x52, 0x46, 0x4f,
+	0x4f, 0x4f, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x1b, 0x44, 0x21, 0x69, 0x1b, 0x44,
+	0x21, 0x69, 0x80, 0x00, 0x00, 0x00, 0x1b, 0x44,
+	0x21, 0x69, 0x00, 0x00, 0x01, 0xa1, 0x00, 0xfd,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc1, 0x20,
+	0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0xf1, 0xe3,
+	0x86, 0x53, 0x00, 0x00, 0x00, 0x00, 0x3b, 0x01,
+	0x00, 0x00
+};
+
+/*
+The buf below contains the following AppleDouble encoded data:
+
+-------------------------------------------------------------------------------
+MagicNumber: 00051607                                        : AppleDouble
+Version    : 00020000                                        : Version 2
+Filler     : 4D 61 63 20 4F 53 20 58 20 20 20 20 20 20 20 20 : Mac OS X
+Num. of ent: 0002                                            : 2
+
+-------------------------------------------------------------------------------
+Entry ID   : 00000009 : Finder Info
+Offset     : 00000032 : 50
+Length     : 00000EB0 : 3760
+
+-FInfo-----:
+Type       : 54455354 : TEST
+Creator    : 534C4F57 : SLOW
+isAlias    : 0
+Invisible  : 0
+hasBundle  : 0
+nameLocked : 0
+Stationery : 0
+CustomIcon : 0
+Reserved   : 0
+Inited     : 0
+NoINITS    : 0
+Shared     : 0
+SwitchLaunc: 0
+Hidden Ext : 0
+color      : 100      : blue
+isOnDesk   : 0
+Location v : 0000     : 0
+Location h : 0000     : 0
+Fldr       : 0000     : ..
+
+-FXInfo----:
+Rsvd|IconID: 0000     : 0
+Rsvd       : 0000     : ..
+Rsvd       : 0000     : ..
+Rsvd       : 0000     : ..
+AreInvalid : 0
+unknown bit: 0
+unknown bit: 0
+unknown bit: 0
+unknown bit: 0
+unknown bit: 0
+unknown bit: 0
+CustomBadge: 0
+ObjctIsBusy: 0
+unknown bit: 0
+unknown bit: 0
+unknown bit: 0
+unknown bit: 0
+RoutingInfo: 0
+unknown bit: 0
+unknown bit: 0
+Rsvd|commnt: 0000     : 0
+PutAway    : 00000000 : 0
+
+-EA--------:
+pad        : 0000     : ..
+magic      : 41545452 : ATTR
+debug_tag  : 53D4580C : 1406425100
+total_size : 00000EE2 : 3810
+data_start : 000000BC : 188
+data_length: 0000005E : 94
+reserved[0]: 00000000 : ....
+reserved[1]: 00000000 : ....
+reserved[2]: 00000000 : ....
+flags      : 0000     : ..
+num_attrs  : 0002     : 2
+-EA ENTRY--:
+offset     : 000000BC : 188
+length     : 0000005B : 91
+flags      : 0000     : ..
+namelen    : 24       : 36
+-EA NAME---:  0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F : (ASCII)
+00000000   : 63 6F 6D 2E 61 70 70 6C 65 2E 6D 65 74 61 64 61 : com.apple.metada
+00000010   : 74 61 3A 5F 6B 4D 44 49 74 65 6D 55 73 65 72 54 : ta:_kMDItemUserT
+00000020   : 61 67 73 00                                     : ags.
+-EA VALUE--:  0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F : (ASCII)
+00000000   : 62 70 6C 69 73 74 30 30 A5 01 02 03 04 05 54 74 : bplist00......Tt
+00000010   : 65 73 74 66 00 47 00 72 00 FC 00 6E 00 0A 00 32 : estf.G.r...n...2
+00000020   : 56 4C 69 6C 61 0A 33 56 47 65 6C 62 0A 35 56 42 : VLila.3VGelb.5VB
+00000030   : 6C 61 75 0A 34 08 0E 13 20 27 2E 00 00 00 00 00 : lau.4... '......
+00000040   : 00 01 01 00 00 00 00 00 00 00 06 00 00 00 00 00 : ................
+00000050   : 00 00 00 00 00 00 00 00 00 00 35                : ..........5
+-EA ENTRY--:
+offset     : 00000117 : 279
+length     : 00000003 : 3
+flags      : 0000     : ..
+namelen    : 08       : 8
+-EA NAME---:  0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F : (ASCII)
+00000000   : 66 6F 6F 3A 62 61 72 00                         : foo:bar.
+-EA VALUE--:  0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F : (ASCII)
+00000000   : 62 61 7A                                        : baz
+
+-RAW DUMP--:  0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F : (ASCII)
+00000000   : 54 45 53 54 53 4C 4F 57 00 08 00 00 00 00 00 00 : TESTSLOW........
+00000010   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000020   : 00 00 41 54 54 52 53 D4 58 0C 00 00 0E E2 00 00 : ..ATTRS.X.......
+00000030   : 00 BC 00 00 00 5E 00 00 00 00 00 00 00 00 00 00 : .....^..........
+00000040   : 00 00 00 00 00 02 00 00 00 BC 00 00 00 5B 00 00 : .............[..
+00000050   : 24 63 6F 6D 2E 61 70 70 6C 65 2E 6D 65 74 61 64 : $com.apple.metad
+00000060   : 61 74 61 3A 5F 6B 4D 44 49 74 65 6D 55 73 65 72 : ata:_kMDItemUser
+00000070   : 54 61 67 73 00 00 00 00 01 17 00 00 00 03 00 00 : Tags............
+00000080   : 08 66 6F 6F 3A 62 61 72 00 66 62 70 6C 69 73 74 : .foo:bar.fbplist
+00000090   : 30 30 A5 01 02 03 04 05 54 74 65 73 74 66 00 47 : 00......Ttestf.G
+000000A0   : 00 72 00 FC 00 6E 00 0A 00 32 56 4C 69 6C 61 0A : .r...n...2VLila.
+000000B0   : 33 56 47 65 6C 62 0A 35 56 42 6C 61 75 0A 34 08 : 3VGelb.5VBlau.4.
+000000C0   : 0E 13 20 27 2E 00 00 00 00 00 00 01 01 00 00 00 : .. '............
+000000D0   : 00 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 : ................
+000000E0   : 00 00 00 00 35 62 61 7A 00 00 00 00 00 00 00 00 : ....5baz........
+000000F0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+... all zeroes ...
+00000EA0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+
+-------------------------------------------------------------------------------
+Entry ID   : 00000002 : Resource Fork
+Offset     : 00000EE2 : 3810
+Length     : 0000011E : 286
+
+-RAW DUMP--:  0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F : (ASCII)
+00000000   : 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 1E : ................
+00000010   : 54 68 69 73 20 72 65 73 6F 75 72 63 65 20 66 6F : This resource fo
+00000020   : 72 6B 20 69 6E 74 65 6E 74 69 6F 6E 61 6C 6C 79 : rk intentionally
+00000030   : 20 6C 65 66 74 20 62 6C 61 6E 6B 20 20 20 00 00 :  left blank   ..
+00000040   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000050   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000060   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000070   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000080   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000090   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000000A0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000000B0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000000C0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000000D0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000000E0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000000F0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000100   : 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 1E : ................
+00000110   : 00 00 00 00 00 00 00 00 00 1C 00 1E FF FF       : ..............
+
+It was created with:
+$ hexdump -ve '"\t" 7/1 "0x%02x, " 1/1 " 0x%02x," "\n"'
+*/
+static char osx_adouble_w_xattr[] = {
+	0x00, 0x05, 0x16, 0x07, 0x00, 0x02, 0x00, 0x00,
+	0x4d, 0x61, 0x63, 0x20, 0x4f, 0x53, 0x20, 0x58,
+	0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+	0x00, 0x02, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00,
+	0x00, 0x32, 0x00, 0x00, 0x0e, 0xb0, 0x00, 0x00,
+	0x00, 0x02, 0x00, 0x00, 0x0e, 0xe2, 0x00, 0x00,
+	0x01, 0x1e, 0x54, 0x45, 0x53, 0x54, 0x53, 0x4c,
+	0x4f, 0x57, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x41, 0x54, 0x54, 0x52,
+	0x53, 0xd4, 0x58, 0x0c, 0x00, 0x00, 0x0e, 0xe2,
+	0x00, 0x00, 0x00, 0xbc, 0x00, 0x00, 0x00, 0x5e,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
+	0x00, 0x00, 0x00, 0xbc, 0x00, 0x00, 0x00, 0x5b,
+	0x00, 0x00, 0x24, 0x63, 0x6f, 0x6d, 0x2e, 0x61,
+	0x70, 0x70, 0x6c, 0x65, 0x2e, 0x6d, 0x65, 0x74,
+	0x61, 0x64, 0x61, 0x74, 0x61, 0x3a, 0x5f, 0x6b,
+	0x4d, 0x44, 0x49, 0x74, 0x65, 0x6d, 0x55, 0x73,
+	0x65, 0x72, 0x54, 0x61, 0x67, 0x73, 0x00, 0x00,
+	0x00, 0x00, 0x01, 0x17, 0x00, 0x00, 0x00, 0x03,
+	0x00, 0x00, 0x08, 0x66, 0x6f, 0x6f, 0x3a, 0x62,
+	0x61, 0x72, 0x00, 0x66, 0x62, 0x70, 0x6c, 0x69,
+	0x73, 0x74, 0x30, 0x30, 0xa5, 0x01, 0x02, 0x03,
+	0x04, 0x05, 0x54, 0x74, 0x65, 0x73, 0x74, 0x66,
+	0x00, 0x47, 0x00, 0x72, 0x00, 0xfc, 0x00, 0x6e,
+	0x00, 0x0a, 0x00, 0x32, 0x56, 0x4c, 0x69, 0x6c,
+	0x61, 0x0a, 0x33, 0x56, 0x47, 0x65, 0x6c, 0x62,
+	0x0a, 0x35, 0x56, 0x42, 0x6c, 0x61, 0x75, 0x0a,
+	0x34, 0x08, 0x0e, 0x13, 0x20, 0x27, 0x2e, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x35, 0x62,
+	0x61, 0x7a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x1e, 0x54, 0x68, 0x69, 0x73, 0x20, 0x72,
+	0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x20,
+	0x66, 0x6f, 0x72, 0x6b, 0x20, 0x69, 0x6e, 0x74,
+	0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c,
+	0x6c, 0x79, 0x20, 0x6c, 0x65, 0x66, 0x74, 0x20,
+	0x62, 0x6c, 0x61, 0x6e, 0x6b, 0x20, 0x20, 0x20,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x1e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x1c, 0x00, 0x1e, 0xff, 0xff
+};
+
+/*
+ * The buf below contains the following AppleDouble encoded data:
+ *
+ * -------------------------------------------------------------------------------
+ * MagicNumber: 00051607                                        : AppleDouble
+ * Version    : 00020000                                        : Version 2
+ * Filler     : 4D 61 63 20 4F 53 20 58 20 20 20 20 20 20 20 20 : Mac OS X
+ * Num. of ent: 0002                                            : 2
+ *
+ * -------------------------------------------------------------------------------
+ * Entry ID   : 00000002 : Resource Fork
+ * Offset     : 00000052 : 82
+ * Length     : 0000011E : 286
+ *
+ * -RAW DUMP--:  0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F : (ASCII)
+ * 00000000   : 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 1E : ................
+ * 00000010   : F0 F1 F2 F3 F5 F5 F6 F7 F8 F9 FA FB FC FD FE FF : ................
+ * 00000020   : 72 6B 20 69 6E 74 65 6E 74 69 6F 6E 61 6C 6C 79 : rk intentionally
+ * 00000030   : 20 6C 65 66 74 20 62 6C 61 6E 6B 20 20 20 00 00 :  left blank   ..
+ * 00000040   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+ * 00000050   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+ * 00000060   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+ * 00000070   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+ * 00000080   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+ * 00000090   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+ * 000000A0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+ * 000000B0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+ * 000000C0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+ * 000000D0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+ * 000000E0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+ * 000000F0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+ * 00000100   : 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 1E : ................
+ * 00000110   : 00 00 00 00 00 00 00 00 00 1C 00 1E FF FF       : ..............
+ *
+ * Entry ID   : 00000009 : Finder Info
+ * Offset     : 00000032 : 50
+ * Length     : 00000020 : 32
+ *
+ * -NOTE------: cannot detect whether FInfo or DInfo. assume FInfo.
+ *
+ * -FInfo-----:
+ * Type       : 57415645 : WAVE
+ * Creator    : 5054756C : PTul
+ * isAlias    : 0
+ * Invisible  : 0
+ * hasBundle  : 0
+ * nameLocked : 0
+ * Stationery : 0
+ * CustomIcon : 0
+ * Reserved   : 0
+ * Inited     : 0
+ * NoINITS    : 0
+ * Shared     : 0
+ * SwitchLaunc: 0
+ * Hidden Ext : 0
+ * color      : 000      : none
+ * isOnDesk   : 0
+ * Location v : 0000     : 0
+ * Location h : 0000     : 0
+ * Fldr       : 0000     : ..
+ *
+ * -FXInfo----:
+ * Rsvd|IconID: 0000     : 0
+ * Rsvd       : 0000     : ..
+ * Rsvd       : 0000     : ..
+ * Rsvd       : 0000     : ..
+ * AreInvalid : 0
+ * unknown bit: 0
+ * unknown bit: 0
+ * unknown bit: 0
+ * unknown bit: 0
+ * unknown bit: 0
+ * unknown bit: 0
+ * CustomBadge: 0
+ * ObjctIsBusy: 0
+ * unknown bit: 0
+ * unknown bit: 0
+ * unknown bit: 0
+ * unknown bit: 0
+ * RoutingInfo: 0
+ * unknown bit: 0
+ * unknown bit: 0
+ * Rsvd|commnt: 0000     : 0
+ * PutAway    : 00000000 : 0
+ *
+ * -RAW DUMP--:  0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F : (ASCII)
+ * 00000000   : 57 41 56 45 50 54 75 6C 00 00 00 00 00 00 00 00 : WAVEPTul........
+ * 00000010   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+ *  *
+ * It was created with:
+ * $ hexdump -ve '"\t" 7/1 "0x%02x, " 1/1 " 0x%02x," "\n"'
+ */
+static char osx_adouble_without_xattr[] = {
+	0x00, 0x05, 0x16, 0x07, 0x00, 0x02, 0x00, 0x00,
+	0x4d, 0x61, 0x63, 0x20, 0x4f, 0x53, 0x20, 0x58,
+	0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+	0x00, 0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00,
+	0x00, 0x52, 0x00, 0x00, 0x01, 0x1e, 0x00, 0x00,
+	0x00, 0x09, 0x00, 0x00, 0x00, 0x32, 0x00, 0x00,
+	0x00, 0x20, 0x57, 0x41, 0x56, 0x45, 0x50, 0x54,
+	0x75, 0x6c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x1e, 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5,
+	0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd,
+	0xfe, 0xff, 0x72, 0x6b, 0x20, 0x69, 0x6e, 0x74,
+	0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c,
+	0x6c, 0x79, 0x20, 0x6c, 0x65, 0x66, 0x74, 0x20,
+	0x62, 0x6c, 0x61, 0x6e, 0x6b, 0x20, 0x20, 0x20,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x1e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x1c, 0x00, 0x1e, 0xff, 0xff
+};
+
+/*
+The buf below contains the following AppleDouble encoded data:
+
+-------------------------------------------------------------------------------
+MagicNumber: 00051607                                        : AppleDouble
+Version    : 00020000                                        : Version 2
+Filler     : 4D 61 63 20 4F 53 20 58 20 20 20 20 20 20 20 20 : Mac OS X
+Num. of ent: 0002                                            : 2
+
+-------------------------------------------------------------------------------
+Entry ID   : 00000009 : Finder Info
+Offset     : 00000032 : 50
+Length     : 00000EB0 : 3760
+
+-FInfo-----:
+Type       : 54455354 : TEST
+Creator    : 534C4F57 : SLOW
+isAlias    : 0
+Invisible  : 0
+hasBundle  : 0
+nameLocked : 0
+Stationery : 0
+CustomIcon : 0
+Reserved   : 0
+Inited     : 0
+NoINITS    : 0
+Shared     : 0
+SwitchLaunc: 0
+Hidden Ext : 0
+color      : 100      : blue
+isOnDesk   : 0
+Location v : 0000     : 0
+Location h : 0000     : 0
+Fldr       : 0000     : ..
+
+-FXInfo----:
+Rsvd|IconID: 0000     : 0
+Rsvd       : 0000     : ..
+Rsvd       : 0000     : ..
+Rsvd       : 0000     : ..
+AreInvalid : 0
+unknown bit: 0
+unknown bit: 0
+unknown bit: 0
+unknown bit: 0
+unknown bit: 0
+unknown bit: 0
+CustomBadge: 0
+ObjctIsBusy: 0
+unknown bit: 0
+unknown bit: 0
+unknown bit: 0
+unknown bit: 0
+RoutingInfo: 0
+unknown bit: 0
+unknown bit: 0
+Rsvd|commnt: 0000     : 0
+PutAway    : 00000000 : 0
+
+-EA--------:
+pad        : 0000     : ..
+magic      : 41545452 : ATTR
+debug_tag  : 53D4580C : 1406425100
+total_size : 00000EE2 : 3810
+data_start : 000000BC : 188
+data_length: 0000005E : 94
+reserved[0]: 00000000 : ....
+reserved[1]: 00000000 : ....
+reserved[2]: 00000000 : ....
+flags      : 0000     : ..
+num_attrs  : 0002     : 2
+-EA ENTRY--:
+offset     : 000000BC : 188
+length     : 0000005B : 91
+flags      : 0000     : ..
+namelen    : 24       : 36
+-EA NAME---:  0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F : (ASCII)
+00000000   : 63 6F 6D 2E 61 70 70 6C 65 2E 6D 65 74 61 64 61 : com.apple.metada
+00000010   : 74 61 3A 5F 6B 4D 44 49 74 65 6D 55 73 65 72 54 : ta:_kMDItemUserT
+00000020   : 61 67 73 00                                     : ags.
+-EA VALUE--:  0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F : (ASCII)
+00000000   : 62 70 6C 69 73 74 30 30 A5 01 02 03 04 05 54 74 : bplist00......Tt
+00000010   : 65 73 74 66 00 47 00 72 00 FC 00 6E 00 0A 00 32 : estf.G.r...n...2
+00000020   : 56 4C 69 6C 61 0A 33 56 47 65 6C 62 0A 35 56 42 : VLila.3VGelb.5VB
+00000030   : 6C 61 75 0A 34 08 0E 13 20 27 2E 00 00 00 00 00 : lau.4... '......
+00000040   : 00 01 01 00 00 00 00 00 00 00 06 00 00 00 00 00 : ................
+00000050   : 00 00 00 00 00 00 00 00 00 00 35                : ..........5
+-EA ENTRY--:
+offset     : 00000117 : 279
+length     : 00000003 : 3
+flags      : 0000     : ..
+namelen    : 08       : 8
+-EA NAME---:  0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F : (ASCII)
+00000000   : 66 6F 6F 3A 62 61 72 00                         : foo:bar.
+-EA VALUE--:  0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F : (ASCII)
+00000000   : 62 61 7A                                        : baz
+
+-RAW DUMP--:  0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F : (ASCII)
+00000000   : 54 45 53 54 53 4C 4F 57 00 08 00 00 00 00 00 00 : TESTSLOW........
+00000010   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000020   : 00 00 41 54 54 52 53 D4 58 0C 00 00 0E E2 00 00 : ..ATTRS.X.......
+00000030   : 00 BC 00 00 00 5E 00 00 00 00 00 00 00 00 00 00 : .....^..........
+00000040   : 00 00 00 00 00 02 00 00 00 BC 00 00 00 5B 00 00 : .............[..
+00000050   : 24 63 6F 6D 2E 61 70 70 6C 65 2E 6D 65 74 61 64 : $com.apple.metad
+00000060   : 61 74 61 3A 5F 6B 4D 44 49 74 65 6D 55 73 65 72 : ata:_kMDItemUser
+00000070   : 54 61 67 73 00 00 00 00 01 17 00 00 00 03 00 00 : Tags............
+00000080   : 08 66 6F 6F 3A 62 61 72 00 66 62 70 6C 69 73 74 : .foo:bar.fbplist
+00000090   : 30 30 A5 01 02 03 04 05 54 74 65 73 74 66 00 47 : 00......Ttestf.G
+000000A0   : 00 72 00 FC 00 6E 00 0A 00 32 56 4C 69 6C 61 0A : .r...n...2VLila.
+000000B0   : 33 56 47 65 6C 62 0A 35 56 42 6C 61 75 0A 34 08 : 3VGelb.5VBlau.4.
+000000C0   : 0E 13 20 27 2E 00 00 00 00 00 00 01 01 00 00 00 : .. '............
+000000D0   : 00 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 : ................
+000000E0   : 00 00 00 00 35 62 61 7A 00 00 00 00 00 00 00 00 : ....5baz........
+000000F0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+... all zeroes ...
+00000EA0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+
+-------------------------------------------------------------------------------
+Entry ID   : 00000002 : Resource Fork
+Offset     : 00000EE2 : 3810
+Length     : 0000011E : 286
+
+-RAW DUMP--:  0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F : (ASCII)
+00000000   : 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 1E : ................
+00000010   : F0 F1 F2 F3 F4 F5 F6 F7 F8 F9 FA FB FC FD FE FF : This resource fo
+00000020   : 72 6B 20 69 6E 74 65 6E 74 69 6F 6E 61 6C 6C 79 : rk intentionally
+00000030   : 20 6C 65 66 74 20 62 6C 61 6E 6B 20 20 20 00 00 :  left blank   ..
+00000040   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000050   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000060   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000070   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000080   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000090   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000000A0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000000B0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000000C0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000000D0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000000E0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000000F0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000100   : 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 1E : ................
+00000110   : 00 00 00 00 00 00 00 00 00 1C 00 1E FF FF       : ..............
+
+It was created with:
+$ hexdump -ve '"\t" 7/1 "0x%02x, " 1/1 " 0x%02x," "\n"'
+*/
+static char osx_adouble_non_empty_rfork_w_xattr[] = {
+	0x00, 0x05, 0x16, 0x07, 0x00, 0x02, 0x00, 0x00,
+	0x4d, 0x61, 0x63, 0x20, 0x4f, 0x53, 0x20, 0x58,
+	0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+	0x00, 0x02, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00,
+	0x00, 0x32, 0x00, 0x00, 0x0e, 0xb0, 0x00, 0x00,
+	0x00, 0x02, 0x00, 0x00, 0x0e, 0xe2, 0x00, 0x00,
+	0x01, 0x1e, 0x54, 0x45, 0x53, 0x54, 0x53, 0x4c,
+	0x4f, 0x57, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x41, 0x54, 0x54, 0x52,
+	0x53, 0xd4, 0x58, 0x0c, 0x00, 0x00, 0x0e, 0xe2,
+	0x00, 0x00, 0x00, 0xbc, 0x00, 0x00, 0x00, 0x5e,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
+	0x00, 0x00, 0x00, 0xbc, 0x00, 0x00, 0x00, 0x5b,
+	0x00, 0x00, 0x24, 0x63, 0x6f, 0x6d, 0x2e, 0x61,
+	0x70, 0x70, 0x6c, 0x65, 0x2e, 0x6d, 0x65, 0x74,
+	0x61, 0x64, 0x61, 0x74, 0x61, 0x3a, 0x5f, 0x6b,
+	0x4d, 0x44, 0x49, 0x74, 0x65, 0x6d, 0x55, 0x73,
+	0x65, 0x72, 0x54, 0x61, 0x67, 0x73, 0x00, 0x00,
+	0x00, 0x00, 0x01, 0x17, 0x00, 0x00, 0x00, 0x03,
+	0x00, 0x00, 0x08, 0x66, 0x6f, 0x6f, 0x3a, 0x62,
+	0x61, 0x72, 0x00, 0x66, 0x62, 0x70, 0x6c, 0x69,
+	0x73, 0x74, 0x30, 0x30, 0xa5, 0x01, 0x02, 0x03,
+	0x04, 0x05, 0x54, 0x74, 0x65, 0x73, 0x74, 0x66,
+	0x00, 0x47, 0x00, 0x72, 0x00, 0xfc, 0x00, 0x6e,
+	0x00, 0x0a, 0x00, 0x32, 0x56, 0x4c, 0x69, 0x6c,
+	0x61, 0x0a, 0x33, 0x56, 0x47, 0x65, 0x6c, 0x62,
+	0x0a, 0x35, 0x56, 0x42, 0x6c, 0x61, 0x75, 0x0a,
+	0x34, 0x08, 0x0e, 0x13, 0x20, 0x27, 0x2e, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x35, 0x62,
+	0x61, 0x7a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x1e, 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5,
+	0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd,
+	0xfe, 0xff, 0x72, 0x6b, 0x20, 0x69, 0x6e, 0x74,
+	0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c,
+	0x6c, 0x79, 0x20, 0x6c, 0x65, 0x66, 0x74, 0x20,
+	0x62, 0x6c, 0x61, 0x6e, 0x6b, 0x20, 0x20, 0x20,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x1e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x1c, 0x00, 0x1e, 0xff, 0xff
+};
+
+/**
+ * talloc and intialize an AfpInfo
+ **/
+static AfpInfo *torture_afpinfo_new(TALLOC_CTX *mem_ctx)
+{
+	AfpInfo *info;
+
+	info = talloc_zero(mem_ctx, AfpInfo);
+	if (info == NULL) {
+		return NULL;
+	}
+
+	info->afpi_Signature = AFP_Signature;
+	info->afpi_Version = AFP_Version;
+	info->afpi_BackupTime = AFP_BackupTime;
+
+	return info;
+}
+
+/**
+ * Pack AfpInfo into a talloced buffer
+ **/
+static char *torture_afpinfo_pack(TALLOC_CTX *mem_ctx,
+				  AfpInfo *info)
+{
+	char *buf;
+
+	buf = talloc_zero_array(mem_ctx, char, AFP_INFO_SIZE);
+	if (buf == NULL) {
+		return NULL;
+	}
+
+	RSIVAL(buf, 0, info->afpi_Signature);
+	RSIVAL(buf, 4, info->afpi_Version);
+	RSIVAL(buf, 12, info->afpi_BackupTime);
+	memcpy(buf + 16, info->afpi_FinderInfo, sizeof(info->afpi_FinderInfo));
+
+	return buf;
+}
+
+/**
+ * Unpack AfpInfo
+ **/
+#if 0
+static void torture_afpinfo_unpack(AfpInfo *info, char *data)
+{
+	info->afpi_Signature = RIVAL(data, 0);
+	info->afpi_Version = RIVAL(data, 4);
+	info->afpi_BackupTime = RIVAL(data, 12);
+	memcpy(info->afpi_FinderInfo, (const char *)data + 16,
+	       sizeof(info->afpi_FinderInfo));
+}
+#endif
+
+static bool torture_write_afpinfo(struct smb2_tree *tree,
+				  struct torture_context *tctx,
+				  TALLOC_CTX *mem_ctx,
+				  const char *fname,
+				  AfpInfo *info)
+{
+	struct smb2_handle handle;
+	struct smb2_create io;
+	NTSTATUS status;
+	const char *full_name;
+	char *infobuf;
+	bool ret = true;
+
+	full_name = talloc_asprintf(mem_ctx, "%s%s", fname, AFPINFO_STREAM_NAME);
+	if (full_name == NULL) {
+	    torture_comment(tctx, "talloc_asprintf error\n");
+	    return false;
+	}
+	ZERO_STRUCT(io);
+	io.in.desired_access = SEC_FILE_WRITE_DATA;
+	io.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+	io.in.create_options = 0;
+	io.in.fname = full_name;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	handle = io.out.file.handle;
+
+	infobuf = torture_afpinfo_pack(mem_ctx, info);
+	if (infobuf == NULL) {
+		return false;
+	}
+
+	status = smb2_util_write(tree, handle, infobuf, 0, AFP_INFO_SIZE);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	smb2_util_close(tree, handle);
+
+done:
+	return ret;
+}
+
+/**
+ * Read 'count' bytes at 'offset' from stream 'fname:sname' and
+ * compare against buffer 'value'
+ **/
+static bool check_stream(struct smb2_tree *tree,
+			 const char *location,
+			 struct torture_context *tctx,
+			 TALLOC_CTX *mem_ctx,
+			 const char *fname,
+			 const char *sname,
+			 off_t read_offset,
+			 size_t read_count,
+			 off_t comp_offset,
+			 size_t comp_count,
+			 const char *value)
+{
+	struct smb2_handle handle;
+	struct smb2_create create;
+	struct smb2_read r;
+	NTSTATUS status;
+	char *full_name;
+	bool ret = true;
+
+	full_name = talloc_asprintf(mem_ctx, "%s%s", fname, sname);
+	if (full_name == NULL) {
+	    torture_comment(tctx, "talloc_asprintf error\n");
+	    return false;
+	}
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_FILE_READ_DATA;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.fname = full_name;
+
+	torture_comment(tctx, "Open stream %s\n", full_name);
+
+	status = smb2_create(tree, mem_ctx, &create);
+	if (!NT_STATUS_IS_OK(status)) {
+		if (value == NULL) {
+			TALLOC_FREE(full_name);
+			return true;
+		}
+		torture_comment(tctx, "Unable to open stream %s: %s\n",
+			full_name, nt_errstr(status));
+		TALLOC_FREE(full_name);
+		return false;
+	}
+
+	handle = create.out.file.handle;
+	if (value == NULL) {
+		TALLOC_FREE(full_name);
+		smb2_util_close(tree, handle);
+		return true;
+	}
+
+	ZERO_STRUCT(r);
+	r.in.file.handle = handle;
+	r.in.length      = read_count;
+	r.in.offset      = read_offset;
+
+	status = smb2_read(tree, tree, &r);
+
+	torture_assert_ntstatus_ok_goto(
+		tctx, status, ret, done,
+		talloc_asprintf(tctx, "(%s) Failed to read %lu bytes from stream '%s'\n",
+				location, (long)strlen(value), full_name));
+
+	torture_assert_goto(tctx, r.out.data.length == read_count, ret, done,
+			    talloc_asprintf(tctx, "smb2_read returned %jd bytes, expected %jd\n",
+					    (intmax_t)r.out.data.length, (intmax_t)read_count));
+
+	torture_assert_goto(
+		tctx, memcmp(r.out.data.data + comp_offset, value, comp_count) == 0,
+		ret, done,
+		talloc_asprintf(tctx, "(%s) Bad data in stream\n", location));
+
+done:
+	TALLOC_FREE(full_name);
+	smb2_util_close(tree, handle);
+	return ret;
+}
+
+/**
+ * Read 'count' bytes at 'offset' from stream 'fname:sname' and
+ * compare against buffer 'value'
+ **/
+static ssize_t read_stream(struct smb2_tree *tree,
+			   const char *location,
+			   struct torture_context *tctx,
+			   TALLOC_CTX *mem_ctx,
+			   const char *fname,
+			   const char *sname,
+			   off_t read_offset,
+			   size_t read_count)
+{
+	struct smb2_handle handle;
+	struct smb2_create create;
+	struct smb2_read r;
+	NTSTATUS status;
+	const char *full_name;
+	bool ret = true;
+
+	full_name = talloc_asprintf(mem_ctx, "%s%s", fname, sname);
+	if (full_name == NULL) {
+	    torture_comment(tctx, "talloc_asprintf error\n");
+	    return -1;
+	}
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_FILE_READ_DATA;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.fname = full_name;
+
+	torture_comment(tctx, "Open stream %s\n", full_name);
+
+	status = smb2_create(tree, mem_ctx, &create);
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "Unable to open stream %s: %s\n",
+				full_name, nt_errstr(status));
+		return -1;
+	}
+
+	handle = create.out.file.handle;
+
+	ZERO_STRUCT(r);
+	r.in.file.handle = handle;
+	r.in.length      = read_count;
+	r.in.offset      = read_offset;
+
+	status = smb2_read(tree, tree, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		CHECK_STATUS(status, NT_STATUS_END_OF_FILE);
+	}
+
+	smb2_util_close(tree, handle);
+
+done:
+	if (ret == false) {
+		return -1;
+	}
+	return r.out.data.length;
+}
+
+/**
+ * Read 'count' bytes at 'offset' from stream 'fname:sname' and
+ * compare against buffer 'value'
+ **/
+static bool write_stream(struct smb2_tree *tree,
+			 const char *location,
+			 struct torture_context *tctx,
+			 TALLOC_CTX *mem_ctx,
+			 const char *fname,
+			 const char *sname,
+			 off_t offset,
+			 size_t size,
+			 const char *value)
+{
+	struct smb2_handle handle;
+	struct smb2_create create;
+	NTSTATUS status;
+	const char *full_name;
+
+	full_name = talloc_asprintf(mem_ctx, "%s%s", fname, sname ? sname : "");
+	if (full_name == NULL) {
+	    torture_comment(tctx, "talloc_asprintf error\n");
+	    return false;
+	}
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_FILE_WRITE_DATA;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	create.in.fname = full_name;
+
+	status = smb2_create(tree, mem_ctx, &create);
+	if (!NT_STATUS_IS_OK(status)) {
+		if (value == NULL) {
+			return true;
+		} else {
+			torture_comment(tctx, "Unable to open stream %s: %s\n",
+			    full_name, nt_errstr(status));
+			return false;
+		}
+	}
+
+	handle = create.out.file.handle;
+	if (value == NULL) {
+		return true;
+	}
+
+	status = smb2_util_write(tree, handle, value, offset, size);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "(%s) Failed to write %lu bytes to "
+		    "stream '%s'\n", location, (long)size, full_name);
+		return false;
+	}
+
+	smb2_util_close(tree, handle);
+	return true;
+}
+
+static bool torture_setup_local_xattr(struct torture_context *tctx,
+				      const char *path_option,
+				      const char *name,
+				      const char *xattr,
+				      const char *metadata,
+				      size_t size)
+{
+	int ret = true;
+	int result;
+	const char *spath;
+	char *path;
+
+	spath = torture_setting_string(tctx, path_option, NULL);
+	if (spath == NULL) {
+		printf("No sharepath for option %s\n", path_option);
+		return false;
+	}
+
+	path = talloc_asprintf(tctx, "%s/%s", spath, name);
+
+	result = setxattr(path, xattr, metadata, size, 0);
+	if (result != 0) {
+		ret = false;
+	}
+
+	TALLOC_FREE(path);
+
+	return ret;
+}
+
+/**
+ * Create a file or directory
+ **/
+static bool torture_setup_file(TALLOC_CTX *mem_ctx, struct smb2_tree *tree,
+			       const char *name, bool dir)
+{
+	struct smb2_create io;
+	NTSTATUS status;
+
+	smb2_util_unlink(tree, name);
+	ZERO_STRUCT(io);
+	io.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.in.file_attributes   = FILE_ATTRIBUTE_NORMAL;
+	io.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+	io.in.share_access =
+		NTCREATEX_SHARE_ACCESS_DELETE|
+		NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.in.create_options = 0;
+	io.in.fname = name;
+	if (dir) {
+		io.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+		io.in.share_access &= ~NTCREATEX_SHARE_ACCESS_DELETE;
+		io.in.file_attributes   = FILE_ATTRIBUTE_DIRECTORY;
+		io.in.create_disposition = NTCREATEX_DISP_CREATE;
+	}
+
+	status = smb2_create(tree, mem_ctx, &io);
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+
+	status = smb2_util_close(tree, io.out.file.handle);
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+
+	return true;
+}
+
+static bool enable_aapl(struct torture_context *tctx,
+			struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	NTSTATUS status;
+	bool ret = true;
+	struct smb2_create io;
+	DATA_BLOB data;
+	struct smb2_create_blob *aapl = NULL;
+	uint32_t aapl_server_caps;
+	uint32_t expected_scaps = (SMB2_CRTCTX_AAPL_UNIX_BASED |
+				   SMB2_CRTCTX_AAPL_SUPPORTS_READ_DIR_ATTR |
+				   SMB2_CRTCTX_AAPL_SUPPORTS_NFS_ACE |
+				   SMB2_CRTCTX_AAPL_SUPPORTS_OSX_COPYFILE);
+	bool is_osx_server = torture_setting_bool(tctx, "osx", false);
+
+	ZERO_STRUCT(io);
+	io.in.desired_access     = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.in.file_attributes    = FILE_ATTRIBUTE_DIRECTORY;
+	io.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.in.share_access = (NTCREATEX_SHARE_ACCESS_DELETE |
+			      NTCREATEX_SHARE_ACCESS_READ |
+			      NTCREATEX_SHARE_ACCESS_WRITE);
+	io.in.fname = "";
+
+	/*
+	 * Issuing an SMB2/CREATE with a suitably formed AAPL context,
+	 * controls behaviour of Apple's SMB2 extensions for the whole
+	 * session!
+	 */
+
+	data = data_blob_talloc(mem_ctx, NULL, 3 * sizeof(uint64_t));
+	SBVAL(data.data, 0, SMB2_CRTCTX_AAPL_SERVER_QUERY);
+	SBVAL(data.data, 8, (SMB2_CRTCTX_AAPL_SERVER_CAPS |
+			     SMB2_CRTCTX_AAPL_VOLUME_CAPS |
+			     SMB2_CRTCTX_AAPL_MODEL_INFO));
+	SBVAL(data.data, 16, (SMB2_CRTCTX_AAPL_SUPPORTS_READ_DIR_ATTR |
+			      SMB2_CRTCTX_AAPL_UNIX_BASED |
+			      SMB2_CRTCTX_AAPL_SUPPORTS_NFS_ACE));
+
+	status = smb2_create_blob_add(tctx, &io.in.blobs, "AAPL", data);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_create_blob_add");
+
+	status = smb2_create(tree, tctx, &io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_create");
+
+	status = smb2_util_close(tree, io.out.file.handle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_util_close");
+
+	/*
+	 * Now check returned AAPL context
+	 */
+	torture_comment(tctx, "Comparing returned AAPL capabilities\n");
+
+	aapl = smb2_create_blob_find(&io.out.blobs,
+				     SMB2_CREATE_TAG_AAPL);
+	torture_assert_goto(tctx, aapl != NULL, ret, done, "missing AAPL context");
+
+	if (!is_osx_server) {
+		size_t expected_aapl_ctx_size;
+
+		expected_aapl_ctx_size = strlen("MacSamba") * 2 + 40;
+
+		torture_assert_goto(
+			tctx, aapl->data.length == expected_aapl_ctx_size,
+			ret, done, "bad AAPL size");
+	}
+
+	aapl_server_caps = BVAL(aapl->data.data, 16);
+	torture_assert_goto(tctx, aapl_server_caps == expected_scaps,
+			    ret, done, "bad AAPL caps");
+
+done:
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool test_read_netatalk_metadata(struct torture_context *tctx,
+					struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	const char *fname = BASEDIR "\\torture_read_metadata";
+	NTSTATUS status;
+	struct smb2_handle testdirh;
+	bool ret = true;
+	ssize_t len;
+	const char *localdir = NULL;
+
+	torture_comment(tctx, "Checking metadata access\n");
+
+	localdir = torture_setting_string(tctx, "localdir", NULL);
+	if (localdir == NULL) {
+		torture_skip(tctx, "Need localdir for test");
+	}
+
+	smb2_util_unlink(tree, fname);
+
+	status = torture_smb2_testdir(tree, BASEDIR, &testdirh);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, testdirh);
+
+	ret = torture_setup_file(mem_ctx, tree, fname, false);
+	if (ret == false) {
+		goto done;
+	}
+
+	ret = torture_setup_local_xattr(tctx, "localdir",
+					BASEDIR "/torture_read_metadata",
+					AFPINFO_EA_NETATALK,
+					metadata_xattr, sizeof(metadata_xattr));
+	if (ret == false) {
+		goto done;
+	}
+
+	ret = check_stream(tree, __location__, tctx, mem_ctx, fname, AFPINFO_STREAM,
+			   0, 60, 0, 4, "AFP");
+	torture_assert_goto(tctx, ret == true, ret, done, "check_stream failed");
+
+	ret = check_stream(tree, __location__, tctx, mem_ctx, fname, AFPINFO_STREAM,
+			   0, 60, 16, 8, "BARRFOOO");
+	torture_assert_goto(tctx, ret == true, ret, done, "check_stream failed");
+
+	ret = check_stream(tree, __location__, tctx, mem_ctx, fname, AFPINFO_STREAM,
+			   16, 8, 0, 3, "AFP");
+	torture_assert_goto(tctx, ret == true, ret, done, "check_stream failed");
+
+	/* Check reading offset and read size > sizeof(AFPINFO_STREAM) */
+
+	len = read_stream(tree, __location__, tctx, mem_ctx, fname,
+			  AFPINFO_STREAM, 0, 61);
+	CHECK_VALUE(len, 60);
+
+	len = read_stream(tree, __location__, tctx, mem_ctx, fname,
+			  AFPINFO_STREAM, 59, 2);
+	CHECK_VALUE(len, 2);
+
+	len = read_stream(tree, __location__, tctx, mem_ctx, fname,
+			  AFPINFO_STREAM, 60, 1);
+	CHECK_VALUE(len, 1);
+
+	len = read_stream(tree, __location__, tctx, mem_ctx, fname,
+			  AFPINFO_STREAM, 61, 1);
+	CHECK_VALUE(len, 0);
+
+done:
+	smb2_deltree(tree, BASEDIR);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool test_read_afpinfo(struct torture_context *tctx,
+			      struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	const char *fname = BASEDIR "\\torture_read_metadata";
+	NTSTATUS status;
+	struct smb2_handle testdirh;
+	bool ret = true;
+	ssize_t len;
+	AfpInfo *info;
+	const char *type_creator = "SMB,OLE!";
+
+	torture_comment(tctx, "Checking metadata access\n");
+
+	smb2_util_unlink(tree, fname);
+
+	status = torture_smb2_testdir(tree, BASEDIR, &testdirh);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "torture_smb2_testdir failed");
+	smb2_util_close(tree, testdirh);
+
+	ret = torture_setup_file(mem_ctx, tree, fname, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "torture_setup_file failed");
+
+	info = torture_afpinfo_new(mem_ctx);
+	torture_assert_goto(tctx, info != NULL, ret, done, "torture_afpinfo_new failed");
+
+	memcpy(info->afpi_FinderInfo, type_creator, 8);
+	ret = torture_write_afpinfo(tree, tctx, mem_ctx, fname, info);
+	torture_assert_goto(tctx, ret == true, ret, done, "torture_write_afpinfo failed");
+
+	ret = check_stream(tree, __location__, tctx, mem_ctx, fname, AFPINFO_STREAM,
+			   0, 60, 0, 4, "AFP");
+	torture_assert_goto(tctx, ret == true, ret, done, "check_stream failed");
+
+	ret = check_stream(tree, __location__, tctx, mem_ctx, fname, AFPINFO_STREAM,
+			   0, 60, 16, 8, type_creator);
+	torture_assert_goto(tctx, ret == true, ret, done, "check_stream failed");
+
+	/*
+	 * OS X ignores offset <= 60 and treats the as
+	 * offset=0. Reading from offsets > 60 returns EOF=0.
+	 */
+
+	ret = check_stream(tree, __location__, tctx, mem_ctx, fname, AFPINFO_STREAM,
+			   16, 8, 0, 8, "AFP\0\0\0\001\0");
+	torture_assert_goto(tctx, ret == true, ret, done, "check_stream failed");
+
+	len = read_stream(tree, __location__, tctx, mem_ctx, fname,
+			  AFPINFO_STREAM, 0, 61);
+	torture_assert_goto(tctx, len == 60, ret, done, "read_stream failed");
+
+	len = read_stream(tree, __location__, tctx, mem_ctx, fname,
+			  AFPINFO_STREAM, 59, 2);
+	torture_assert_goto(tctx, len == 2, ret, done, "read_stream failed");
+
+	ret = check_stream(tree, __location__, tctx, mem_ctx, fname, AFPINFO_STREAM,
+			   59, 2, 0, 2, "AF");
+	torture_assert_goto(tctx, ret == true, ret, done, "check_stream failed");
+
+	len = read_stream(tree, __location__, tctx, mem_ctx, fname,
+			  AFPINFO_STREAM, 60, 1);
+	torture_assert_goto(tctx, len == 1, ret, done, "read_stream failed");
+
+	ret = check_stream(tree, __location__, tctx, mem_ctx, fname, AFPINFO_STREAM,
+			   60, 1, 0, 1, "A");
+	torture_assert_goto(tctx, ret == true, ret, done, "check_stream failed");
+
+	len = read_stream(tree, __location__, tctx, mem_ctx, fname,
+			  AFPINFO_STREAM, 61, 1);
+	torture_assert_goto(tctx, len == 0, ret, done, "read_stream failed");
+
+done:
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, BASEDIR);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool test_write_atalk_metadata(struct torture_context *tctx,
+				      struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	const char *fname = BASEDIR "\\torture_write_metadata";
+	const char *type_creator = "SMB,OLE!";
+	NTSTATUS status;
+	struct smb2_handle testdirh;
+	bool ret = true;
+	AfpInfo *info;
+
+	smb2_deltree(tree, BASEDIR);
+	status = torture_smb2_testdir(tree, BASEDIR, &testdirh);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, testdirh);
+
+	ret = torture_setup_file(mem_ctx, tree, fname, false);
+	if (ret == false) {
+		goto done;
+	}
+
+	info = torture_afpinfo_new(mem_ctx);
+	if (info == NULL) {
+		goto done;
+	}
+
+	memcpy(info->afpi_FinderInfo, type_creator, 8);
+	ret = torture_write_afpinfo(tree, tctx, mem_ctx, fname, info);
+	ret &= check_stream(tree, __location__, tctx, mem_ctx, fname, AFPINFO_STREAM,
+			    0, 60, 16, 8, type_creator);
+
+done:
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, BASEDIR);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool test_write_atalk_rfork_io(struct torture_context *tctx,
+				      struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	const char *fname = BASEDIR "\\torture_write_rfork_io";
+	const char *rfork = BASEDIR "\\torture_write_rfork_io" AFPRESOURCE_STREAM_NAME;
+	const char *rfork_content = "1234567890";
+	NTSTATUS status;
+	struct smb2_handle testdirh;
+	bool ret = true;
+
+	union smb_open io;
+	struct smb2_handle filehandle;
+	union smb_fileinfo finfo;
+	union smb_setfileinfo sinfo;
+
+	smb2_util_unlink(tree, fname);
+
+	status = torture_smb2_testdir(tree, BASEDIR, &testdirh);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, testdirh);
+
+	ret = torture_setup_file(mem_ctx, tree, fname, false);
+	if (ret == false) {
+		goto done;
+	}
+
+	torture_comment(tctx, "(%s) writing to resource fork\n",
+	    __location__);
+
+	ret &= write_stream(tree, __location__, tctx, mem_ctx,
+			    fname, AFPRESOURCE_STREAM_NAME,
+			    10, 10, rfork_content);
+
+	ret &= check_stream(tree, __location__, tctx, mem_ctx,
+			    fname, AFPRESOURCE_STREAM_NAME,
+			    0, 20, 10, 10, rfork_content);
+
+	/* Check size after write */
+
+	ZERO_STRUCT(io);
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.smb2.in.desired_access = SEC_FILE_READ_ATTRIBUTE |
+		SEC_FILE_WRITE_ATTRIBUTE;
+	io.smb2.in.fname = rfork;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	filehandle = io.smb2.out.file.handle;
+
+	torture_comment(tctx, "(%s) check resource fork size after write\n",
+	    __location__);
+
+	ZERO_STRUCT(finfo);
+	finfo.generic.level = RAW_FILEINFO_ALL_INFORMATION;
+	finfo.generic.in.file.handle = filehandle;
+	status = smb2_getinfo_file(tree, mem_ctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	if (finfo.all_info.out.size != 20) {
+		torture_result(tctx, TORTURE_FAIL,
+			       "(%s) Incorrect resource fork size\n",
+			       __location__);
+		ret = false;
+		smb2_util_close(tree, filehandle);
+		goto done;
+	}
+	smb2_util_close(tree, filehandle);
+
+	/* Write at large offset */
+
+	torture_comment(tctx, "(%s) writing to resource fork at large offset\n",
+			__location__);
+
+	ret &= write_stream(tree, __location__, tctx, mem_ctx,
+			    fname, AFPRESOURCE_STREAM_NAME,
+			    (off_t)64*1024*1024, 10, rfork_content);
+
+	/* Check size after write */
+
+	ZERO_STRUCT(io);
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.smb2.in.desired_access = SEC_FILE_READ_ATTRIBUTE |
+		SEC_FILE_WRITE_ATTRIBUTE;
+	io.smb2.in.fname = rfork;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	filehandle = io.smb2.out.file.handle;
+
+	torture_comment(tctx, "(%s) check resource fork size after write\n",
+	    __location__);
+
+	ZERO_STRUCT(finfo);
+	finfo.generic.level = RAW_FILEINFO_ALL_INFORMATION;
+	finfo.generic.in.file.handle = filehandle;
+	status = smb2_getinfo_file(tree, mem_ctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	if (finfo.all_info.out.size != 64*1024*1024 + 10) {
+		torture_result(tctx, TORTURE_FAIL,
+			       "(%s) Incorrect resource fork size\n",
+			       __location__);
+		ret = false;
+		smb2_util_close(tree, filehandle);
+		goto done;
+	}
+	smb2_util_close(tree, filehandle);
+
+	ret &= check_stream(tree, __location__, tctx, mem_ctx,
+			    fname, AFPRESOURCE_STREAM_NAME,
+			    (off_t)64*1024*1024, 10, 0, 10, rfork_content);
+
+	/* Truncate back to size of 1 byte */
+
+	torture_comment(tctx, "(%s) truncate resource fork and check size\n",
+			__location__);
+
+	ZERO_STRUCT(io);
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.smb2.in.desired_access = SEC_FILE_ALL;
+	io.smb2.in.fname = rfork;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	filehandle = io.smb2.out.file.handle;
+
+	ZERO_STRUCT(sinfo);
+	sinfo.end_of_file_info.level =
+		RAW_SFILEINFO_END_OF_FILE_INFORMATION;
+	sinfo.end_of_file_info.in.file.handle = filehandle;
+	sinfo.end_of_file_info.in.size = 1;
+	status = smb2_setinfo_file(tree, &sinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	smb2_util_close(tree, filehandle);
+
+	/* Now check size */
+	ZERO_STRUCT(io);
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.smb2.in.desired_access = SEC_FILE_READ_ATTRIBUTE |
+		SEC_FILE_WRITE_ATTRIBUTE;
+	io.smb2.in.fname = rfork;
+	status = smb2_create(tree, mem_ctx, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_OK);
+	filehandle = io.smb2.out.file.handle;
+
+	ZERO_STRUCT(finfo);
+	finfo.generic.level = RAW_FILEINFO_ALL_INFORMATION;
+	finfo.generic.in.file.handle = filehandle;
+	status = smb2_getinfo_file(tree, mem_ctx, &finfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	if (finfo.all_info.out.size != 1) {
+		torture_result(tctx, TORTURE_FAIL,
+			       "(%s) Incorrect resource fork size\n",
+			       __location__);
+		ret = false;
+		smb2_util_close(tree, filehandle);
+		goto done;
+	}
+	smb2_util_close(tree, filehandle);
+
+done:
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, BASEDIR);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool test_rfork_truncate(struct torture_context *tctx,
+				struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	const char *fname = BASEDIR "\\torture_rfork_truncate";
+	const char *rfork = BASEDIR "\\torture_rfork_truncate" AFPRESOURCE_STREAM;
+	const char *rfork_content = "1234567890";
+	NTSTATUS status;
+	struct smb2_handle testdirh;
+	bool ret = true;
+	struct smb2_create create;
+	struct smb2_handle fh1, fh2, fh3;
+	union smb_setfileinfo sinfo;
+
+	ret = enable_aapl(tctx, tree);
+	torture_assert_goto(tctx, ret == true, ret, done, "enable_aapl failed");
+
+	smb2_util_unlink(tree, fname);
+
+	status = torture_smb2_testdir(tree, BASEDIR, &testdirh);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "torture_smb2_testdir");
+	smb2_util_close(tree, testdirh);
+
+	ret = torture_setup_file(mem_ctx, tree, fname, false);
+	if (ret == false) {
+		goto done;
+	}
+
+	ret &= write_stream(tree, __location__, tctx, mem_ctx,
+			    fname, AFPRESOURCE_STREAM,
+			    10, 10, rfork_content);
+
+	/* Truncate back to size 0, further access MUST return ENOENT */
+
+	torture_comment(tctx, "(%s) truncate resource fork to size 0\n",
+			__location__);
+
+	ZERO_STRUCT(create);
+	create.in.create_disposition  = NTCREATEX_DISP_OPEN;
+	create.in.desired_access      = SEC_STD_READ_CONTROL | SEC_FILE_ALL;
+	create.in.file_attributes     = FILE_ATTRIBUTE_NORMAL;
+	create.in.fname               = fname;
+	create.in.share_access        = NTCREATEX_SHARE_ACCESS_DELETE |
+		NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	status = smb2_create(tree, mem_ctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_create");
+	fh1 = create.out.file.handle;
+
+	ZERO_STRUCT(create);
+	create.in.create_disposition  = NTCREATEX_DISP_OPEN_IF;
+	create.in.desired_access      = SEC_STD_READ_CONTROL | SEC_FILE_ALL;
+	create.in.file_attributes     = FILE_ATTRIBUTE_NORMAL;
+	create.in.fname               = rfork;
+	create.in.share_access        = NTCREATEX_SHARE_ACCESS_DELETE |
+		NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	status = smb2_create(tree, mem_ctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_create");
+	fh2 = create.out.file.handle;
+
+	ZERO_STRUCT(sinfo);
+	sinfo.end_of_file_info.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
+	sinfo.end_of_file_info.in.file.handle = fh2;
+	sinfo.end_of_file_info.in.size = 0;
+	status = smb2_setinfo_file(tree, &sinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_setinfo_file");
+
+	/*
+	 * Now check size, we should get OBJECT_NAME_NOT_FOUND (!)
+	 */
+	ZERO_STRUCT(create);
+	create.in.create_disposition  = NTCREATEX_DISP_OPEN;
+	create.in.desired_access      = SEC_FILE_ALL;
+	create.in.file_attributes     = FILE_ATTRIBUTE_NORMAL;
+	create.in.fname               = rfork;
+	create.in.share_access        = NTCREATEX_SHARE_ACCESS_DELETE |
+		NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	status = smb2_create(tree, mem_ctx, &create);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND, ret, done, "smb2_create");
+
+	/*
+	 * Do another open on the rfork and write to the new handle. A
+	 * naive server might unlink the AppleDouble resource fork
+	 * file when its truncated to 0 bytes above, so in case both
+	 * open handles share the same underlying fd, the unlink would
+	 * cause the below write to be lost.
+	 */
+	ZERO_STRUCT(create);
+	create.in.create_disposition  = NTCREATEX_DISP_OPEN_IF;
+	create.in.desired_access      = SEC_STD_READ_CONTROL | SEC_FILE_ALL;
+	create.in.file_attributes     = FILE_ATTRIBUTE_NORMAL;
+	create.in.fname               = rfork;
+	create.in.share_access        = NTCREATEX_SHARE_ACCESS_DELETE |
+		NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	status = smb2_create(tree, mem_ctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_create");
+	fh3 = create.out.file.handle;
+
+	status = smb2_util_write(tree, fh3, "foo", 0, 3);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_util_write");
+
+	smb2_util_close(tree, fh3);
+	smb2_util_close(tree, fh2);
+	smb2_util_close(tree, fh1);
+
+	ret = check_stream(tree, __location__, tctx, mem_ctx, fname, AFPRESOURCE_STREAM,
+			   0, 3, 0, 3, "foo");
+	torture_assert_goto(tctx, ret == true, ret, done, "check_stream");
+
+done:
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, BASEDIR);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool test_rfork_create(struct torture_context *tctx,
+			      struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	const char *fname = BASEDIR "\\torture_rfork_create";
+	const char *rfork = BASEDIR "\\torture_rfork_create" AFPRESOURCE_STREAM;
+	NTSTATUS status;
+	struct smb2_handle testdirh;
+	bool ret = true;
+	struct smb2_create create;
+	struct smb2_handle fh1;
+	const char *streams[] = {
+		"::$DATA"
+	};
+	union smb_fileinfo finfo;
+
+	ret = enable_aapl(tctx, tree);
+	torture_assert_goto(tctx, ret == true, ret, done, "enable_aapl failed");
+
+	smb2_util_unlink(tree, fname);
+
+	status = torture_smb2_testdir(tree, BASEDIR, &testdirh);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "torture_smb2_testdir");
+	smb2_util_close(tree, testdirh);
+
+	ret = torture_setup_file(mem_ctx, tree, fname, false);
+	if (ret == false) {
+		goto done;
+	}
+
+	torture_comment(tctx, "(%s) open rfork, should return ENOENT\n",
+			__location__);
+
+	ZERO_STRUCT(create);
+	create.in.create_disposition  = NTCREATEX_DISP_OPEN;
+	create.in.desired_access      = SEC_STD_READ_CONTROL | SEC_FILE_ALL;
+	create.in.file_attributes     = FILE_ATTRIBUTE_NORMAL;
+	create.in.fname               = rfork;
+	create.in.share_access        = NTCREATEX_SHARE_ACCESS_DELETE |
+		NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	status = smb2_create(tree, mem_ctx, &create);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND, ret, done, "smb2_create");
+
+	torture_comment(tctx, "(%s) create resource fork\n", __location__);
+
+	ZERO_STRUCT(create);
+	create.in.create_disposition  = NTCREATEX_DISP_OPEN_IF;
+	create.in.desired_access      = SEC_STD_READ_CONTROL | SEC_FILE_ALL;
+	create.in.file_attributes     = FILE_ATTRIBUTE_NORMAL;
+	create.in.fname               = rfork;
+	create.in.share_access        = NTCREATEX_SHARE_ACCESS_DELETE |
+		NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	status = smb2_create(tree, mem_ctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_create");
+	fh1 = create.out.file.handle;
+
+	torture_comment(tctx, "(%s) getinfo on create handle\n",
+			__location__);
+
+	ZERO_STRUCT(finfo);
+	finfo.generic.level = RAW_FILEINFO_ALL_INFORMATION;
+	finfo.generic.in.file.handle = fh1;
+	status = smb2_getinfo_file(tree, mem_ctx, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_getinfo_file");
+	if (finfo.all_info.out.size != 0) {
+		torture_result(tctx, TORTURE_FAIL,
+			       "(%s) Incorrect resource fork size\n",
+			       __location__);
+		ret = false;
+		smb2_util_close(tree, fh1);
+		goto done;
+	}
+
+	torture_comment(tctx, "(%s) open rfork, should still return ENOENT\n",
+			__location__);
+
+	ZERO_STRUCT(create);
+	create.in.create_disposition  = NTCREATEX_DISP_OPEN;
+	create.in.desired_access      = SEC_STD_READ_CONTROL | SEC_FILE_ALL;
+	create.in.file_attributes     = FILE_ATTRIBUTE_NORMAL;
+	create.in.fname               = rfork;
+	create.in.share_access        = NTCREATEX_SHARE_ACCESS_DELETE |
+		NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	status = smb2_create(tree, mem_ctx, &create);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND, ret, done, "smb2_create");
+
+	ret = check_stream_list(tree, tctx, fname, 1, streams, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "check_stream_list");
+
+	torture_comment(tctx, "(%s) close empty created rfork, open should return ENOENT\n",
+			__location__);
+
+	ZERO_STRUCT(create);
+	create.in.create_disposition  = NTCREATEX_DISP_OPEN;
+	create.in.desired_access      = SEC_STD_READ_CONTROL | SEC_FILE_ALL;
+	create.in.file_attributes     = FILE_ATTRIBUTE_NORMAL;
+	create.in.fname               = rfork;
+	create.in.share_access        = NTCREATEX_SHARE_ACCESS_DELETE |
+		NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	status = smb2_create(tree, mem_ctx, &create);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND, ret, done, "smb2_create");
+
+done:
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, BASEDIR);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+/*
+ * BUG: https://bugzilla.samba.org/show_bug.cgi?id=15182
+ */
+
+static bool test_rfork_fsync(struct torture_context *tctx,
+			      struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	const char *fname = BASEDIR "\\torture_rfork_fsync";
+	const char *rfork = BASEDIR "\\torture_rfork_fsync" AFPRESOURCE_STREAM;
+	NTSTATUS status;
+	struct smb2_handle testdirh;
+	bool ret = true;
+	struct smb2_create create;
+	struct smb2_handle fh1;
+	struct smb2_flush f;
+
+	ZERO_STRUCT(fh1);
+
+	ret = enable_aapl(tctx, tree);
+	torture_assert_goto(tctx, ret == true, ret, done, "enable_aapl failed");
+
+	smb2_util_unlink(tree, fname);
+
+	status = torture_smb2_testdir(tree, BASEDIR, &testdirh);
+	torture_assert_ntstatus_ok_goto(tctx,
+					status,
+					ret,
+					done,
+					"torture_smb2_testdir");
+	smb2_util_close(tree, testdirh);
+
+	ret = torture_setup_file(mem_ctx, tree, fname, false);
+	if (ret == false) {
+		goto done;
+	}
+
+	torture_comment(tctx, "(%s) create resource fork %s\n",
+		__location__,
+		rfork);
+
+	ZERO_STRUCT(create);
+	create.in.create_disposition  = NTCREATEX_DISP_OPEN_IF;
+	create.in.desired_access      = SEC_STD_READ_CONTROL | SEC_FILE_ALL;
+	create.in.file_attributes     = FILE_ATTRIBUTE_NORMAL;
+	create.in.fname               = rfork;
+	create.in.share_access        = NTCREATEX_SHARE_ACCESS_DELETE |
+		NTCREATEX_SHARE_ACCESS_READ |
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	status = smb2_create(tree, mem_ctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_create");
+	fh1 = create.out.file.handle;
+
+	torture_comment(tctx, "(%s) Write 10 bytes to resource fork %s\n",
+		__location__,
+		rfork);
+
+	status = smb2_util_write(tree, fh1, "1234567890", 0, 10);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_write failed\n");
+
+	torture_comment(tctx, "(%s) fsync on resource fork %s\n",
+		__location__,
+		rfork);
+
+	f.in.file.handle = fh1;
+	status = smb2_flush(tree, &f);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_flush failed\n");
+
+done:
+
+	smb2_util_close(tree, fh1);
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, BASEDIR);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool test_rfork_create_ro(struct torture_context *tctx,
+				 struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	const char *fname = BASEDIR "\\torture_rfork_create";
+	const char *rfork = BASEDIR "\\torture_rfork_create" AFPRESOURCE_STREAM;
+	NTSTATUS status;
+	struct smb2_handle testdirh;
+	bool ret = true;
+	struct smb2_create create;
+
+	smb2_util_unlink(tree, fname);
+	status = torture_smb2_testdir(tree, BASEDIR, &testdirh);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+		"torture_smb2_testdir\n");
+	smb2_util_close(tree, testdirh);
+
+	ret = torture_setup_file(mem_ctx, tree, fname, false);
+	if (ret == false) {
+		goto done;
+	}
+
+	torture_comment(tctx, "(%s) Try opening read-only with "
+			"open_if create disposition, should work\n",
+			__location__);
+
+	ZERO_STRUCT(create);
+	create.in.fname = rfork;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	create.in.desired_access = SEC_FILE_READ_DATA | SEC_STD_READ_CONTROL;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.share_access = FILE_SHARE_READ | FILE_SHARE_DELETE;
+	status = smb2_create(tree, mem_ctx, &(create));
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+		"smb2_create failed\n");
+
+	smb2_util_close(tree, create.out.file.handle);
+
+done:
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, BASEDIR);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool test_adouble_conversion(struct torture_context *tctx,
+				    struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	const char *fname = BASEDIR "\\test_adouble_conversion";
+	const char *adname = BASEDIR "/._test_adouble_conversion";
+	NTSTATUS status;
+	struct smb2_handle testdirh;
+	bool ret = true;
+	const char data[] = {
+		0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+		0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
+	};
+	size_t datalen = sizeof(data);
+	const char *streams[] = {
+		"::$DATA",
+		AFPINFO_STREAM,
+		AFPRESOURCE_STREAM,
+		":com.apple.metadata" "\xef\x80\xa2" "_kMDItemUserTags:$DATA",
+		":foo" "\xef\x80\xa2" "bar:$DATA", /* "foo:bar:$DATA" */
+	};
+	bool is_osx = torture_setting_bool(tctx, "osx", false);
+
+	if (is_osx) {
+		torture_skip(tctx, "Test only works with Samba\n");
+	}
+
+	smb2_deltree(tree, BASEDIR);
+
+	status = torture_smb2_testdir(tree, BASEDIR, &testdirh);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, testdirh);
+
+	ret = torture_setup_file(tctx, tree, fname, false);
+	torture_assert_goto(tctx, ret == true, ret, done,
+			    "torture_setup_file failed\n");
+
+	ret = torture_setup_file(tctx, tree, adname, false);
+	torture_assert_goto(tctx, ret == true, ret, done,
+			    "torture_setup_file failed\n");
+
+	ret = write_stream(tree, __location__, tctx, mem_ctx,
+			   adname, NULL,
+			   0,
+			   sizeof(osx_adouble_non_empty_rfork_w_xattr),
+			   osx_adouble_non_empty_rfork_w_xattr);
+	torture_assert_goto(tctx, ret == true, ret, done,
+			    "write_stream failed\n");
+
+	torture_comment(tctx, "(%s) test OS X AppleDouble conversion\n",
+	    __location__);
+
+	ret = check_stream(tree, __location__, tctx, mem_ctx,
+			   fname, AFPRESOURCE_STREAM,
+			   16, datalen, 0, datalen, data);
+	torture_assert_goto(tctx, ret == true, ret, done,
+			    "check AFPRESOURCE_STREAM failed\n");
+
+	ret = check_stream(tree, __location__, tctx, mem_ctx,
+			   fname, AFPINFO_STREAM,
+			   0, 60, 16, 8, "TESTSLOW");
+	torture_assert_goto(tctx, ret == true, ret, done,
+			    "check AFPINFO_STREAM failed\n");
+
+	ret = check_stream(tree, __location__, tctx, mem_ctx, fname,
+			   ":foo" "\xef\x80\xa2" "bar:$DATA", /* "foo:bar:$DATA" */
+			   0, 3, 0, 3, "baz");
+	torture_assert_goto(tctx, ret == true, ret, done,
+			    "check foo:bar stream failed\n");
+
+	ret = check_stream_list(tree, tctx, fname, 5, streams, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "check_stream_list");
+
+done:
+	smb2_deltree(tree, BASEDIR);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+/*
+ * Test conversion of AppleDouble file without embedded xattr data
+ */
+static bool test_adouble_conversion_wo_xattr(struct torture_context *tctx,
+					     struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	const char *fname = BASEDIR "\\test_adouble_conversion";
+	const char *adname = BASEDIR "/._test_adouble_conversion";
+	NTSTATUS status;
+	struct smb2_handle testdirh;
+	bool ret = true;
+	const char *streams[] = {
+		"::$DATA",
+		AFPINFO_STREAM,
+		AFPRESOURCE_STREAM
+	};
+	struct smb2_create create;
+	struct smb2_find find;
+	unsigned int count;
+	union smb_search_data *d;
+	const char data[] = {
+		0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+		0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
+	};
+	size_t datalen = sizeof(data);
+	bool is_osx = torture_setting_bool(tctx, "osx", false);
+
+	if (is_osx) {
+		torture_skip(tctx, "Test only works with Samba\n");
+	}
+
+	smb2_deltree(tree, BASEDIR);
+
+	status = torture_smb2_testdir(tree, BASEDIR, &testdirh);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testdir failed\n");
+	smb2_util_close(tree, testdirh);
+
+	ret = torture_setup_file(tctx, tree, fname, false);
+	torture_assert_goto(tctx, ret == true, ret, done,
+			    "torture_setup_file failed\n");
+
+	ret = torture_setup_file(tctx, tree, adname, false);
+	torture_assert_goto(tctx, ret == true, ret, done,
+			    "torture_setup_file failed\n");
+
+	ret = write_stream(tree, __location__, tctx, mem_ctx,
+			   adname, NULL, 0,
+			   sizeof(osx_adouble_without_xattr),
+			   osx_adouble_without_xattr);
+	torture_assert_goto(tctx, ret == true, ret, done,
+			    "write_stream failed\n");
+
+	ret = enable_aapl(tctx, tree);
+	torture_assert_goto(tctx, ret == true, ret, done, "enable_aapl failed");
+
+	/*
+	 * Issue a smb2_find(), this triggers the server-side conversion
+	 */
+
+	create = (struct smb2_create) {
+		.in.desired_access = SEC_RIGHTS_DIR_READ,
+		.in.create_options = NTCREATEX_OPTIONS_DIRECTORY,
+		.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_READ,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS,
+		.in.fname = BASEDIR,
+	};
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+
+	find = (struct smb2_find) {
+		.in.file.handle = create.out.file.handle,
+		.in.pattern = "*",
+		.in.max_response_size = 0x1000,
+		.in.level = SMB2_FIND_ID_BOTH_DIRECTORY_INFO,
+	};
+
+	status = smb2_find_level(tree, tree, &find, &count, &d);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_find_level failed\n");
+
+	status = smb2_util_close(tree, create.out.file.handle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_close failed");
+
+	/*
+	 * Check number of streams
+	 */
+
+	ret = check_stream_list(tree, tctx, fname, 3, streams, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "check_stream_list");
+
+
+	/*
+	 * Check Resourcefork data can be read.
+	 */
+
+	ret = check_stream(tree, __location__, tctx, mem_ctx,
+			   fname, AFPRESOURCE_STREAM,
+			   16, datalen, 0, datalen, data);
+	torture_assert_goto(tctx, ret == true, ret, done,
+			    "check AFPRESOURCE_STREAM failed\n");
+
+	/*
+	 * Check FinderInfo data has been migrated to stream.
+	 */
+
+	ret = check_stream(tree, __location__, tctx, mem_ctx,
+			   fname, AFPINFO_STREAM,
+			   0, 60, 16, 8, "WAVEPTul");
+	torture_assert_goto(tctx, ret == true, ret, done,
+			    "check AFPINFO_STREAM failed\n");
+
+done:
+	smb2_deltree(tree, BASEDIR);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool test_aapl(struct torture_context *tctx,
+		      struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	const char *fname = BASEDIR "\\test_aapl";
+	NTSTATUS status;
+	struct smb2_handle testdirh;
+	bool ret = true;
+	struct smb2_create io;
+	DATA_BLOB data;
+	struct smb2_create_blob *aapl = NULL;
+	AfpInfo *info;
+	const char *type_creator = "SMB,OLE!";
+	char type_creator_buf[9];
+	uint32_t aapl_cmd;
+	uint32_t aapl_reply_bitmap;
+	uint32_t aapl_server_caps;
+	uint32_t aapl_vol_caps;
+	uint32_t expected_vol_caps = 0;
+	char *model;
+	struct smb2_find f;
+	unsigned int count;
+	union smb_search_data *d;
+	uint64_t rfork_len;
+	bool is_osx_server = torture_setting_bool(tctx, "osx", false);
+
+	smb2_deltree(tree, BASEDIR);
+
+	status = torture_smb2_testdir(tree, BASEDIR, &testdirh);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, testdirh);
+
+	ZERO_STRUCT(io);
+	io.in.desired_access     = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.in.file_attributes    = FILE_ATTRIBUTE_NORMAL;
+	io.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+	io.in.share_access = (NTCREATEX_SHARE_ACCESS_DELETE |
+			      NTCREATEX_SHARE_ACCESS_READ |
+			      NTCREATEX_SHARE_ACCESS_WRITE);
+	io.in.fname = fname;
+
+	/*
+	 * Issuing an SMB2/CREATE with a suitably formed AAPL context,
+	 * controls behaviour of Apple's SMB2 extensions for the whole
+	 * session!
+	 */
+
+	data = data_blob_talloc(mem_ctx, NULL, 3 * sizeof(uint64_t));
+	SBVAL(data.data, 0, SMB2_CRTCTX_AAPL_SERVER_QUERY);
+	SBVAL(data.data, 8, (SMB2_CRTCTX_AAPL_SERVER_CAPS |
+			     SMB2_CRTCTX_AAPL_VOLUME_CAPS |
+			     SMB2_CRTCTX_AAPL_MODEL_INFO));
+	SBVAL(data.data, 16, (SMB2_CRTCTX_AAPL_SUPPORTS_READ_DIR_ATTR |
+			      SMB2_CRTCTX_AAPL_UNIX_BASED |
+			      SMB2_CRTCTX_AAPL_SUPPORTS_NFS_ACE));
+
+	torture_comment(tctx, "Testing SMB2 create context AAPL\n");
+	status = smb2_create_blob_add(tctx, &io.in.blobs, "AAPL", data);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_util_close(tree, io.out.file.handle);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/*
+	 * Now check returned AAPL context
+	 */
+	torture_comment(tctx, "Comparing returned AAPL capabilities\n");
+
+	aapl = smb2_create_blob_find(&io.out.blobs,
+				     SMB2_CREATE_TAG_AAPL);
+
+	if (aapl == NULL) {
+		torture_result(tctx, TORTURE_FAIL,
+			       "(%s) unexpectedly no AAPL capabilities were returned.",
+			       __location__);
+		ret = false;
+		goto done;
+	}
+
+	if (!is_osx_server) {
+		size_t expected_aapl_ctx_size;
+		bool size_ok;
+
+		/*
+		 * uint32_t CommandCode = kAAPL_SERVER_QUERY
+		 * uint32_t Reserved = 0;
+		 * uint64_t ReplyBitmap = kAAPL_SERVER_CAPS |
+		 *                        kAAPL_VOLUME_CAPS |
+		 *                        kAAPL_MODEL_INFO;
+		 * uint64_t ServerCaps = kAAPL_SUPPORTS_READDIR_ATTR |
+		 *                       kAAPL_SUPPORTS_OSX_COPYFILE;
+		 * uint64_t VolumeCaps = kAAPL_SUPPORT_RESOLVE_ID |
+		 *                       kAAPL_CASE_SENSITIVE;
+		 * uint32_t Pad2 = 0;
+		 * uint32_t ModelStringLen = 10;
+		 * ucs2_t ModelString[5] = "MacSamba";
+		 */
+		expected_aapl_ctx_size = strlen("MacSamba") * 2 + 40;
+
+		size_ok = aapl->data.length == expected_aapl_ctx_size;
+		torture_assert_goto(tctx, size_ok, ret, done, "bad AAPL size");
+	}
+
+	aapl_cmd = IVAL(aapl->data.data, 0);
+	if (aapl_cmd != SMB2_CRTCTX_AAPL_SERVER_QUERY) {
+		torture_result(tctx, TORTURE_FAIL,
+			       "(%s) unexpected cmd: %d",
+			       __location__, (int)aapl_cmd);
+		ret = false;
+		goto done;
+	}
+
+	aapl_reply_bitmap = BVAL(aapl->data.data, 8);
+	if (aapl_reply_bitmap != (SMB2_CRTCTX_AAPL_SERVER_CAPS |
+				  SMB2_CRTCTX_AAPL_VOLUME_CAPS |
+				  SMB2_CRTCTX_AAPL_MODEL_INFO)) {
+		torture_result(tctx, TORTURE_FAIL,
+			       "(%s) unexpected reply_bitmap: %d",
+			       __location__, (int)aapl_reply_bitmap);
+		ret = false;
+		goto done;
+	}
+
+	aapl_server_caps = BVAL(aapl->data.data, 16);
+	if (aapl_server_caps != (SMB2_CRTCTX_AAPL_UNIX_BASED |
+				 SMB2_CRTCTX_AAPL_SUPPORTS_READ_DIR_ATTR |
+				 SMB2_CRTCTX_AAPL_SUPPORTS_NFS_ACE |
+				 SMB2_CRTCTX_AAPL_SUPPORTS_OSX_COPYFILE)) {
+		torture_result(tctx, TORTURE_FAIL,
+			       "(%s) unexpected server_caps: %d",
+			       __location__, (int)aapl_server_caps);
+		ret = false;
+		goto done;
+	}
+
+	if (is_osx_server) {
+		expected_vol_caps = 5;
+	}
+	aapl_vol_caps = BVAL(aapl->data.data, 24);
+	if (aapl_vol_caps != expected_vol_caps) {
+		/* this will fail on a case insensitive fs ... */
+		torture_result(tctx, TORTURE_FAIL,
+				"(%s) unexpected vol_caps: %d",
+				__location__, (int)aapl_vol_caps);
+	}
+
+	ret = convert_string_talloc(mem_ctx,
+				    CH_UTF16LE, CH_UNIX,
+				    aapl->data.data + 40, 10,
+				    &model, NULL);
+	if (ret == false) {
+		torture_result(tctx, TORTURE_FAIL,
+			       "(%s) convert_string_talloc() failed",
+			       __location__);
+		goto done;
+	}
+	torture_comment(tctx, "Got server model: \"%s\"\n", model);
+
+	/*
+	 * Now that Requested AAPL extensions are enabled, setup some
+	 * Mac files with metadata and resource fork
+	 */
+	ret = torture_setup_file(mem_ctx, tree, fname, false);
+	if (ret == false) {
+		torture_result(tctx, TORTURE_FAIL,
+			       "(%s) torture_setup_file() failed",
+			       __location__);
+		goto done;
+	}
+
+	info = torture_afpinfo_new(mem_ctx);
+	if (info == NULL) {
+		torture_result(tctx, TORTURE_FAIL,
+			       "(%s) torture_afpinfo_new() failed",
+			       __location__);
+		ret = false;
+		goto done;
+	}
+
+	memcpy(info->afpi_FinderInfo, type_creator, 8);
+	ret = torture_write_afpinfo(tree, tctx, mem_ctx, fname, info);
+	if (ret == false) {
+		torture_result(tctx, TORTURE_FAIL,
+			       "(%s) torture_write_afpinfo() failed",
+			       __location__);
+		goto done;
+	}
+
+	ret = write_stream(tree, __location__, tctx, mem_ctx,
+			   fname, AFPRESOURCE_STREAM_NAME,
+			   0, 3, "foo");
+	if (ret == false) {
+		torture_result(tctx, TORTURE_FAIL,
+			       "(%s) write_stream() failed",
+			       __location__);
+		goto done;
+	}
+
+	/*
+	 * Ok, file is prepared, now call smb2/find
+	 */
+
+	ZERO_STRUCT(io);
+	io.in.desired_access = SEC_RIGHTS_DIR_READ;
+	io.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
+	io.in.share_access = (NTCREATEX_SHARE_ACCESS_READ |
+			      NTCREATEX_SHARE_ACCESS_WRITE |
+			      NTCREATEX_SHARE_ACCESS_DELETE);
+	io.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.in.fname = BASEDIR;
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(f);
+	f.in.file.handle	= io.out.file.handle;
+	f.in.pattern		= "test_aapl";
+	f.in.continue_flags	= SMB2_CONTINUE_FLAG_SINGLE;
+	f.in.max_response_size	= 0x1000;
+	f.in.level              = SMB2_FIND_ID_BOTH_DIRECTORY_INFO;
+
+	status = smb2_find_level(tree, tree, &f, &count, &d);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_util_close(tree, io.out.file.handle);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	if (strcmp(d[0].id_both_directory_info.name.s, "test_aapl") != 0) {
+		torture_result(tctx, TORTURE_FAIL,
+			       "(%s) write_stream() failed",
+			       __location__);
+		ret = false;
+		goto done;
+	}
+
+	if (d[0].id_both_directory_info.short_name.private_length != 24) {
+		torture_result(tctx, TORTURE_FAIL,
+			       "(%s) bad short_name length %" PRIu32 ", expected 24",
+			       __location__, d[0].id_both_directory_info.short_name.private_length);
+		ret = false;
+		goto done;
+	}
+
+	torture_comment(tctx, "short_name buffer:\n");
+	dump_data(0, d[0].id_both_directory_info.short_name_buf, 24);
+
+	/*
+	 * Extract data as specified by the AAPL extension:
+	 * - ea_size contains max_access
+	 * - short_name contains resource fork length + FinderInfo
+	 * - reserved2 contains the unix mode
+	 */
+	torture_comment(tctx, "mac_access: %" PRIx32 "\n",
+			d[0].id_both_directory_info.ea_size);
+
+	rfork_len = BVAL(d[0].id_both_directory_info.short_name_buf, 0);
+	if (rfork_len != 3) {
+		torture_result(tctx, TORTURE_FAIL,
+			       "(%s) expected resource fork length 3, got: %" PRIu64,
+			       __location__, rfork_len);
+		ret = false;
+		goto done;
+	}
+
+	memcpy(type_creator_buf, d[0].id_both_directory_info.short_name_buf + 8, 8);
+	type_creator_buf[8] = 0;
+	if (strcmp(type_creator, type_creator_buf) != 0) {
+		torture_result(tctx, TORTURE_FAIL,
+			       "(%s) expected type/creator \"%s\" , got: %s",
+			       __location__, type_creator, type_creator_buf);
+		ret = false;
+		goto done;
+	}
+
+done:
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, BASEDIR);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static uint64_t patt_hash(uint64_t off)
+{
+	return off;
+}
+
+static bool write_pattern(struct torture_context *torture,
+			  struct smb2_tree *tree, TALLOC_CTX *mem_ctx,
+			  struct smb2_handle h, uint64_t off, uint64_t len,
+			  uint64_t patt_off)
+{
+	NTSTATUS status;
+	uint64_t i;
+	uint8_t *buf;
+	uint64_t io_sz = MIN(1024 * 64, len);
+
+	if (len == 0) {
+		return true;
+	}
+
+	torture_assert(torture, (len % 8) == 0, "invalid write len");
+
+	buf = talloc_zero_size(mem_ctx, io_sz);
+	torture_assert(torture, (buf != NULL), "no memory for file data buf");
+
+	while (len > 0) {
+		for (i = 0; i <= io_sz - 8; i += 8) {
+			SBVAL(buf, i, patt_hash(patt_off));
+			patt_off += 8;
+		}
+
+		status = smb2_util_write(tree, h,
+					 buf, off, io_sz);
+		torture_assert_ntstatus_ok(torture, status, "file write");
+
+		len -= io_sz;
+		off += io_sz;
+	}
+
+	talloc_free(buf);
+
+	return true;
+}
+
+static bool check_pattern(struct torture_context *torture,
+			  struct smb2_tree *tree, TALLOC_CTX *mem_ctx,
+			  struct smb2_handle h, uint64_t off, uint64_t len,
+			  uint64_t patt_off)
+{
+	if (len == 0) {
+		return true;
+	}
+
+	torture_assert(torture, (len % 8) == 0, "invalid read len");
+
+	while (len > 0) {
+		uint64_t i;
+		struct smb2_read r;
+		NTSTATUS status;
+		uint64_t io_sz = MIN(1024 * 64, len);
+
+		ZERO_STRUCT(r);
+		r.in.file.handle = h;
+		r.in.length      = io_sz;
+		r.in.offset      = off;
+		status = smb2_read(tree, mem_ctx, &r);
+		torture_assert_ntstatus_ok(torture, status, "read");
+
+		torture_assert_u64_equal(torture, r.out.data.length, io_sz,
+					 "read data len mismatch");
+
+		for (i = 0; i <= io_sz - 8; i += 8, patt_off += 8) {
+			uint64_t data = BVAL(r.out.data.data, i);
+			torture_assert_u64_equal(torture, data, patt_hash(patt_off),
+						 talloc_asprintf(torture, "read data "
+								 "pattern bad at %llu\n",
+								 (unsigned long long)off + i));
+		}
+		talloc_free(r.out.data.data);
+		len -= io_sz;
+		off += io_sz;
+	}
+
+	return true;
+}
+
+static bool test_setup_open(struct torture_context *torture,
+			    struct smb2_tree *tree, TALLOC_CTX *mem_ctx,
+			    const char *fname,
+			    struct smb2_handle *fh,
+			    uint32_t desired_access,
+			    uint32_t file_attributes)
+{
+	struct smb2_create io;
+	NTSTATUS status;
+
+	ZERO_STRUCT(io);
+	io.in.desired_access = desired_access;
+	io.in.file_attributes = file_attributes;
+	io.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.in.share_access =
+		NTCREATEX_SHARE_ACCESS_DELETE|
+		NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	if (file_attributes & FILE_ATTRIBUTE_DIRECTORY) {
+		io.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	}
+	io.in.fname = fname;
+
+	status = smb2_create(tree, mem_ctx, &io);
+	torture_assert_ntstatus_ok(torture, status, "file create");
+
+	*fh = io.out.file.handle;
+
+	return true;
+}
+
+static bool test_setup_create_fill(struct torture_context *torture,
+				   struct smb2_tree *tree, TALLOC_CTX *mem_ctx,
+				   const char *fname,
+				   struct smb2_handle *fh,
+				   uint64_t size,
+				   uint32_t desired_access,
+				   uint32_t file_attributes)
+{
+	bool ok;
+
+	ok = test_setup_open(torture, tree, mem_ctx,
+			     fname,
+			     fh,
+			     desired_access,
+			     file_attributes);
+	torture_assert(torture, ok, "file open");
+
+	if (size > 0) {
+		ok = write_pattern(torture, tree, mem_ctx, *fh, 0, size, 0);
+		torture_assert(torture, ok, "write pattern");
+	}
+	return true;
+}
+
+static bool test_setup_copy_chunk(struct torture_context *torture,
+				  struct smb2_tree *tree, TALLOC_CTX *mem_ctx,
+				  uint32_t nchunks,
+				  const char *src_name,
+				  struct smb2_handle *src_h,
+				  uint64_t src_size,
+				  uint32_t src_desired_access,
+				  const char *dst_name,
+				  struct smb2_handle *dest_h,
+				  uint64_t dest_size,
+				  uint32_t dest_desired_access,
+				  struct srv_copychunk_copy *cc_copy,
+				  union smb_ioctl *io)
+{
+	struct req_resume_key_rsp res_key;
+	bool ok;
+	NTSTATUS status;
+	enum ndr_err_code ndr_ret;
+
+	ok = test_setup_create_fill(torture, tree, mem_ctx, src_name,
+				    src_h, src_size, src_desired_access,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "src file create fill");
+
+	ok = test_setup_create_fill(torture, tree, mem_ctx, dst_name,
+				    dest_h, dest_size, dest_desired_access,
+				    FILE_ATTRIBUTE_NORMAL);
+	torture_assert(torture, ok, "dest file create fill");
+
+	ZERO_STRUCTPN(io);
+	io->smb2.level = RAW_IOCTL_SMB2;
+	io->smb2.in.file.handle = *src_h;
+	io->smb2.in.function = FSCTL_SRV_REQUEST_RESUME_KEY;
+	/* Allow for Key + ContextLength + Context */
+	io->smb2.in.max_output_response = 32;
+	io->smb2.in.flags = SMB2_IOCTL_FLAG_IS_FSCTL;
+
+	status = smb2_ioctl(tree, mem_ctx, &io->smb2);
+	torture_assert_ntstatus_ok(torture, status,
+				   "FSCTL_SRV_REQUEST_RESUME_KEY");
+
+	ndr_ret = ndr_pull_struct_blob(&io->smb2.out.out, mem_ctx, &res_key,
+			(ndr_pull_flags_fn_t)ndr_pull_req_resume_key_rsp);
+
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_pull_req_resume_key_rsp");
+
+	ZERO_STRUCTPN(io);
+	io->smb2.level = RAW_IOCTL_SMB2;
+	io->smb2.in.file.handle = *dest_h;
+	io->smb2.in.function = FSCTL_SRV_COPYCHUNK;
+	io->smb2.in.max_output_response = sizeof(struct srv_copychunk_rsp);
+	io->smb2.in.flags = SMB2_IOCTL_FLAG_IS_FSCTL;
+
+	ZERO_STRUCTPN(cc_copy);
+	memcpy(cc_copy->source_key, res_key.resume_key, ARRAY_SIZE(cc_copy->source_key));
+	cc_copy->chunk_count = nchunks;
+	cc_copy->chunks = talloc_zero_array(mem_ctx, struct srv_copychunk, nchunks);
+	torture_assert(torture, (cc_copy->chunks != NULL), "no memory for chunks");
+
+	return true;
+}
+
+
+static bool check_copy_chunk_rsp(struct torture_context *torture,
+				 struct srv_copychunk_rsp *cc_rsp,
+				 uint32_t ex_chunks_written,
+				 uint32_t ex_chunk_bytes_written,
+				 uint32_t ex_total_bytes_written)
+{
+	torture_assert_int_equal(torture, cc_rsp->chunks_written,
+				 ex_chunks_written, "num chunks");
+	torture_assert_int_equal(torture, cc_rsp->chunk_bytes_written,
+				 ex_chunk_bytes_written, "chunk bytes written");
+	torture_assert_int_equal(torture, cc_rsp->total_bytes_written,
+				 ex_total_bytes_written, "chunk total bytes");
+	return true;
+}
+
+static bool neg_aapl_copyfile(struct torture_context *tctx,
+			      struct smb2_tree *tree,
+			      uint64_t flags)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	const char *fname = "aapl";
+	NTSTATUS status;
+	struct smb2_create io;
+	DATA_BLOB data;
+	struct smb2_create_blob *aapl = NULL;
+	uint32_t aapl_cmd;
+	uint32_t aapl_reply_bitmap;
+	uint32_t aapl_server_caps;
+	bool ret = true;
+
+	ZERO_STRUCT(io);
+	io.in.desired_access     = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.in.file_attributes    = FILE_ATTRIBUTE_NORMAL;
+	io.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+	io.in.share_access = (NTCREATEX_SHARE_ACCESS_DELETE |
+			      NTCREATEX_SHARE_ACCESS_READ |
+			      NTCREATEX_SHARE_ACCESS_WRITE);
+	io.in.fname = fname;
+
+	data = data_blob_talloc(mem_ctx, NULL, 3 * sizeof(uint64_t));
+	SBVAL(data.data, 0, SMB2_CRTCTX_AAPL_SERVER_QUERY);
+	SBVAL(data.data, 8, (SMB2_CRTCTX_AAPL_SERVER_CAPS));
+	SBVAL(data.data, 16, flags);
+
+	status = smb2_create_blob_add(tctx, &io.in.blobs, "AAPL", data);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_create(tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	aapl = smb2_create_blob_find(&io.out.blobs,
+				     SMB2_CREATE_TAG_AAPL);
+	if (aapl == NULL) {
+		ret = false;
+		goto done;
+
+	}
+	if (aapl->data.length < 24) {
+		ret = false;
+		goto done;
+	}
+
+	aapl_cmd = IVAL(aapl->data.data, 0);
+	if (aapl_cmd != SMB2_CRTCTX_AAPL_SERVER_QUERY) {
+		torture_result(tctx, TORTURE_FAIL,
+			       "(%s) unexpected cmd: %d",
+			       __location__, (int)aapl_cmd);
+		ret = false;
+		goto done;
+	}
+
+	aapl_reply_bitmap = BVAL(aapl->data.data, 8);
+	if (!(aapl_reply_bitmap & SMB2_CRTCTX_AAPL_SERVER_CAPS)) {
+		torture_result(tctx, TORTURE_FAIL,
+			       "(%s) unexpected reply_bitmap: %d",
+			       __location__, (int)aapl_reply_bitmap);
+		ret = false;
+		goto done;
+	}
+
+	aapl_server_caps = BVAL(aapl->data.data, 16);
+	if (!(aapl_server_caps & flags)) {
+		torture_result(tctx, TORTURE_FAIL,
+			       "(%s) unexpected server_caps: %d",
+			       __location__, (int)aapl_server_caps);
+		ret = false;
+		goto done;
+	}
+
+done:
+	status = smb2_util_close(tree, io.out.file.handle);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	smb2_util_unlink(tree, "aapl");
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool test_copyfile(struct torture_context *torture,
+			  struct smb2_tree *tree)
+{
+	struct smb2_handle src_h;
+	struct smb2_handle dest_h;
+	NTSTATUS status;
+	union smb_ioctl io;
+	TALLOC_CTX *tmp_ctx = talloc_new(tree);
+	struct srv_copychunk_copy cc_copy;
+	struct srv_copychunk_rsp cc_rsp;
+	enum ndr_err_code ndr_ret;
+	bool ok;
+	const char *sname = ":foo" "\xef\x80\xa2" "bar:$DATA";
+
+	/*
+	 * First test a copy_chunk with a 0 chunk count without having
+	 * enabled this via AAPL. The request must not fail and the
+	 * copied length in the response must be 0. This is verified
+	 * against Windows 2008r2.
+	 */
+
+	ok = test_setup_copy_chunk(torture, tree, tmp_ctx,
+				   0, /* 0 chunks, copyfile semantics */
+				   FNAME_CC_SRC,
+				   &src_h, 4096, /* fill 4096 byte src file */
+				   SEC_FILE_READ_DATA | SEC_FILE_WRITE_DATA,
+				   FNAME_CC_DST,
+				   &dest_h, 0,	/* 0 byte dest file */
+				   SEC_FILE_READ_DATA | SEC_FILE_WRITE_DATA,
+				   &cc_copy,
+				   &io);
+	if (!ok) {
+		torture_fail_goto(torture, done, "setup copy chunk error");
+	}
+
+	ndr_ret = ndr_push_struct_blob(&io.smb2.in.out, tmp_ctx,
+				       &cc_copy,
+			(ndr_push_flags_fn_t)ndr_push_srv_copychunk_copy);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_push_srv_copychunk_copy");
+
+	status = smb2_ioctl(tree, tmp_ctx, &io.smb2);
+	torture_assert_ntstatus_ok_goto(torture, status, ok, done, "FSCTL_SRV_COPYCHUNK");
+
+	ndr_ret = ndr_pull_struct_blob(&io.smb2.out.out, tmp_ctx,
+				       &cc_rsp,
+			(ndr_pull_flags_fn_t)ndr_pull_srv_copychunk_rsp);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_pull_srv_copychunk_rsp");
+
+	ok = check_copy_chunk_rsp(torture, &cc_rsp,
+				  0,	/* chunks written */
+				  0,	/* chunk bytes unsuccessfully written */
+				  0); /* total bytes written */
+	if (!ok) {
+		torture_fail_goto(torture, done, "bad copy chunk response data");
+	}
+
+	/*
+	 * Now enable AAPL copyfile and test again, the file and the
+	 * stream must be copied by the server.
+	 */
+	ok = neg_aapl_copyfile(torture, tree,
+			       SMB2_CRTCTX_AAPL_SUPPORTS_OSX_COPYFILE);
+	if (!ok) {
+		torture_skip_goto(torture, done, "missing AAPL copyfile");
+		goto done;
+	}
+
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+	smb2_util_unlink(tree, FNAME_CC_SRC);
+	smb2_util_unlink(tree, FNAME_CC_DST);
+
+	ok = torture_setup_file(tmp_ctx, tree, FNAME_CC_SRC, false);
+	if (!ok) {
+		torture_fail(torture, "setup file error");
+	}
+	ok = write_stream(tree, __location__, torture, tmp_ctx,
+			    FNAME_CC_SRC, AFPRESOURCE_STREAM,
+			    10, 10, "1234567890");
+	if (!ok) {
+		torture_fail(torture, "setup stream error");
+	}
+
+	ok = write_stream(tree, __location__, torture, tmp_ctx,
+			    FNAME_CC_SRC, sname,
+			    10, 10, "abcdefghij");
+	torture_assert_goto(torture, ok == true, ok, done, "write_stream failed\n");
+
+	ok = test_setup_copy_chunk(torture, tree, tmp_ctx,
+				   0, /* 0 chunks, copyfile semantics */
+				   FNAME_CC_SRC,
+				   &src_h, 4096, /* fill 4096 byte src file */
+				   SEC_FILE_READ_DATA | SEC_FILE_WRITE_DATA,
+				   FNAME_CC_DST,
+				   &dest_h, 0,	/* 0 byte dest file */
+				   SEC_FILE_READ_DATA | SEC_FILE_WRITE_DATA,
+				   &cc_copy,
+				   &io);
+	if (!ok) {
+		torture_fail_goto(torture, done, "setup copy chunk error");
+	}
+
+	ndr_ret = ndr_push_struct_blob(&io.smb2.in.out, tmp_ctx,
+				       &cc_copy,
+			(ndr_push_flags_fn_t)ndr_push_srv_copychunk_copy);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_push_srv_copychunk_copy");
+
+	status = smb2_ioctl(tree, tmp_ctx, &io.smb2);
+	torture_assert_ntstatus_ok_goto(torture, status, ok, done, "FSCTL_SRV_COPYCHUNK");
+
+	ndr_ret = ndr_pull_struct_blob(&io.smb2.out.out, tmp_ctx,
+				       &cc_rsp,
+			(ndr_pull_flags_fn_t)ndr_pull_srv_copychunk_rsp);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_pull_srv_copychunk_rsp");
+
+	ok = check_copy_chunk_rsp(torture, &cc_rsp,
+				  0,	/* chunks written */
+				  0,	/* chunk bytes unsuccessfully written */
+				  4096); /* total bytes written */
+	if (!ok) {
+		torture_fail_goto(torture, done, "bad copy chunk response data");
+	}
+
+	ok = test_setup_open(torture, tree, tmp_ctx, FNAME_CC_DST, &dest_h,
+			     SEC_FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL);
+	if (!ok) {
+		torture_fail_goto(torture, done,"open failed");
+	}
+	ok = check_pattern(torture, tree, tmp_ctx, dest_h, 0, 4096, 0);
+	if (!ok) {
+		torture_fail_goto(torture, done, "inconsistent file data");
+	}
+
+	ok = check_stream(tree, __location__, torture, tmp_ctx,
+			    FNAME_CC_DST, AFPRESOURCE_STREAM,
+			    0, 20, 10, 10, "1234567890");
+	if (!ok) {
+		torture_fail_goto(torture, done, "inconsistent stream data");
+	}
+
+	ok = check_stream(tree, __location__, torture, tmp_ctx,
+			    FNAME_CC_DST, sname,
+			    0, 20, 10, 10, "abcdefghij");
+	torture_assert_goto(torture, ok == true, ok, done, "check_stream failed\n");
+
+done:
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+	smb2_util_unlink(tree, FNAME_CC_SRC);
+	smb2_util_unlink(tree, FNAME_CC_DST);
+	talloc_free(tmp_ctx);
+	return true;
+}
+
+static bool check_stream_list(struct smb2_tree *tree,
+			      struct torture_context *tctx,
+			      const char *fname,
+			      int num_exp,
+			      const char **exp,
+			      bool is_dir)
+{
+	bool ret = true;
+	union smb_fileinfo finfo;
+	NTSTATUS status;
+	int i;
+	TALLOC_CTX *tmp_ctx = talloc_new(tctx);
+	char **exp_sort;
+	struct stream_struct *stream_sort;
+	struct smb2_create create;
+	struct smb2_handle h;
+
+	ZERO_STRUCT(h);
+	torture_assert_goto(tctx, tmp_ctx != NULL, ret, done, "talloc_new failed");
+
+	ZERO_STRUCT(create);
+	create.in.fname = fname;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.desired_access = SEC_FILE_ALL;
+	create.in.create_options = is_dir ? NTCREATEX_OPTIONS_DIRECTORY : 0;
+	create.in.file_attributes = is_dir ? FILE_ATTRIBUTE_DIRECTORY : FILE_ATTRIBUTE_NORMAL;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+	status = smb2_create(tree, tmp_ctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_create");
+	h = create.out.file.handle;
+
+	finfo.generic.level = RAW_FILEINFO_STREAM_INFORMATION;
+	finfo.generic.in.file.handle = h;
+
+	status = smb2_getinfo_file(tree, tctx, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "get stream info");
+
+	smb2_util_close(tree, h);
+
+	torture_assert_int_equal_goto(tctx, finfo.stream_info.out.num_streams, num_exp,
+				      ret, done, "stream count");
+
+	if (num_exp == 0) {
+		TALLOC_FREE(tmp_ctx);
+		goto done;
+	}
+
+	exp_sort = talloc_memdup(tmp_ctx, exp, num_exp * sizeof(*exp));
+	torture_assert_goto(tctx, exp_sort != NULL, ret, done, __location__);
+
+	TYPESAFE_QSORT(exp_sort, num_exp, qsort_string);
+
+	stream_sort = talloc_memdup(tmp_ctx, finfo.stream_info.out.streams,
+				    finfo.stream_info.out.num_streams *
+				    sizeof(*stream_sort));
+	torture_assert_goto(tctx, stream_sort != NULL, ret, done, __location__);
+
+	TYPESAFE_QSORT(stream_sort, finfo.stream_info.out.num_streams, qsort_stream);
+
+	for (i=0; i<num_exp; i++) {
+		torture_comment(tctx, "i[%d] exp[%s] got[%s]\n",
+				i, exp_sort[i], stream_sort[i].stream_name.s);
+		torture_assert_str_equal_goto(tctx, stream_sort[i].stream_name.s, exp_sort[i],
+					      ret, done, "stream name");
+	}
+
+done:
+	TALLOC_FREE(tmp_ctx);
+	return ret;
+}
+
+static bool check_stream_list_handle(struct smb2_tree *tree,
+				     struct torture_context *tctx,
+				     struct smb2_handle h,
+				     int num_exp,
+				     const char **exp,
+				     bool is_dir)
+{
+	bool ret = true;
+	union smb_fileinfo finfo;
+	NTSTATUS status;
+	int i;
+	TALLOC_CTX *tmp_ctx = talloc_new(tctx);
+	char **exp_sort;
+	struct stream_struct *stream_sort;
+
+	torture_assert_goto(tctx, tmp_ctx != NULL, ret, done,
+			    "talloc_new failed\n");
+
+	finfo = (union smb_fileinfo) {
+		.stream_info.level = RAW_FILEINFO_STREAM_INFORMATION,
+		.stream_info.in.file.handle = h,
+	};
+
+	status = smb2_getinfo_file(tree, tctx, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"get stream info\n");
+
+	torture_assert_int_equal_goto(tctx, finfo.stream_info.out.num_streams,
+				      num_exp, ret, done, "stream count\n");
+
+	if (num_exp == 0) {
+		TALLOC_FREE(tmp_ctx);
+		goto done;
+	}
+
+	exp_sort = talloc_memdup(tmp_ctx, exp, num_exp * sizeof(*exp));
+	torture_assert_goto(tctx, exp_sort != NULL, ret, done, __location__);
+
+	TYPESAFE_QSORT(exp_sort, num_exp, qsort_string);
+
+	stream_sort = talloc_memdup(tmp_ctx, finfo.stream_info.out.streams,
+				    finfo.stream_info.out.num_streams *
+				    sizeof(*stream_sort));
+	torture_assert_goto(tctx, stream_sort != NULL, ret, done, __location__);
+
+	TYPESAFE_QSORT(stream_sort, finfo.stream_info.out.num_streams, qsort_stream);
+
+	for (i=0; i<num_exp; i++) {
+		torture_comment(tctx, "i[%d] exp[%s] got[%s]\n",
+				i, exp_sort[i], stream_sort[i].stream_name.s);
+		torture_assert_str_equal_goto(tctx, stream_sort[i].stream_name.s,
+					      exp_sort[i], ret, done,
+					      "stream name\n");
+	}
+
+done:
+	TALLOC_FREE(tmp_ctx);
+	return ret;
+}
+
+/*
+  test stream names
+*/
+static bool test_stream_names(struct torture_context *tctx,
+			      struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	NTSTATUS status;
+	struct smb2_create create;
+	struct smb2_handle h;
+	const char *fname = BASEDIR "\\stream_names.txt";
+	const char *sname1;
+	bool ret;
+	/* UTF8 private use are starts at 0xef 0x80 0x80 (0xf000) */
+	const char *streams[] = {
+		":foo" "\xef\x80\xa2" "bar:$DATA", /* "foo:bar:$DATA" */
+		"::$DATA"
+	};
+
+	sname1 = talloc_asprintf(mem_ctx, "%s%s", fname, streams[0]);
+
+	/* clean slate ...*/
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, fname);
+	smb2_deltree(tree, BASEDIR);
+
+	status = torture_smb2_testdir(tree, BASEDIR, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, h);
+
+	ret = torture_setup_file(mem_ctx, tree, fname, false);
+	torture_assert_goto(tctx, ret, ret, done, "torture_setup_file");
+
+	torture_comment(tctx, "(%s) testing stream names\n", __location__);
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_FILE_WRITE_DATA;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.share_access =
+		NTCREATEX_SHARE_ACCESS_DELETE|
+		NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	create.in.create_disposition = NTCREATEX_DISP_CREATE;
+	create.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	create.in.fname = sname1;
+
+	status = smb2_create(tree, mem_ctx, &create);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_util_write(tree, create.out.file.handle, "foo", 0, 3);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_write failed\n");
+
+	smb2_util_close(tree, create.out.file.handle);
+
+	ret = check_stream_list(tree, tctx, fname, 2, streams, false);
+	CHECK_VALUE(ret, true);
+
+done:
+	status = smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, BASEDIR);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+/* Renaming a directory with open file, should work for OS X AAPL clients */
+static bool test_rename_dir_openfile(struct torture_context *torture,
+				     struct smb2_tree *tree)
+{
+	bool ret = true;
+	NTSTATUS status;
+	union smb_open io;
+	union smb_close cl;
+	union smb_setfileinfo sinfo;
+	struct smb2_handle d1, h1;
+	const char *renamedir = BASEDIR "-new";
+	bool server_is_osx = torture_setting_bool(torture, "osx", false);
+
+	smb2_deltree(tree, BASEDIR);
+	smb2_util_rmdir(tree, BASEDIR);
+	smb2_deltree(tree, renamedir);
+
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = 0x0017019f;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
+	io.smb2.in.share_access = 0;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR;
+
+	status = smb2_create(tree, torture, &(io.smb2));
+	torture_assert_ntstatus_ok(torture, status, "smb2_create dir");
+	d1 = io.smb2.out.file.handle;
+
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.create_flags = 0;
+	io.smb2.in.desired_access = 0x0017019f;
+	io.smb2.in.create_options = NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = 0;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR "\\file.txt";
+
+	status = smb2_create(tree, torture, &(io.smb2));
+	torture_assert_ntstatus_ok(torture, status, "smb2_create file");
+	h1 = io.smb2.out.file.handle;
+
+	if (!server_is_osx) {
+		torture_comment(torture, "Renaming directory without AAPL, must fail\n");
+
+		ZERO_STRUCT(sinfo);
+		sinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+		sinfo.rename_information.in.file.handle = d1;
+		sinfo.rename_information.in.overwrite = 0;
+		sinfo.rename_information.in.root_fid = 0;
+		sinfo.rename_information.in.new_name = renamedir;
+		status = smb2_setinfo_file(tree, &sinfo);
+
+		torture_assert_ntstatus_equal(torture, status,
+					      NT_STATUS_ACCESS_DENIED,
+					      "smb2_setinfo_file");
+	}
+
+	status = smb2_util_close(tree, d1);
+	torture_assert_ntstatus_ok(torture, status, "smb2_util_close\n");
+	ZERO_STRUCT(d1);
+
+	torture_comment(torture, "Enabling AAPL\n");
+
+	ret = enable_aapl(torture, tree);
+	torture_assert(torture, ret == true, "enable_aapl failed");
+
+	torture_comment(torture, "Renaming directory with AAPL\n");
+
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = 0x0017019f;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
+	io.smb2.in.share_access = 0;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = BASEDIR;
+
+	status = smb2_create(tree, torture, &(io.smb2));
+	torture_assert_ntstatus_ok(torture, status, "smb2_create dir");
+	d1 = io.smb2.out.file.handle;
+
+	ZERO_STRUCT(sinfo);
+	sinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sinfo.rename_information.in.file.handle = d1;
+	sinfo.rename_information.in.overwrite = 0;
+	sinfo.rename_information.in.root_fid = 0;
+	sinfo.rename_information.in.new_name = renamedir;
+
+	status = smb2_setinfo_file(tree, &sinfo);
+	torture_assert_ntstatus_ok(torture, status, "smb2_setinfo_file");
+
+	ZERO_STRUCT(cl.smb2);
+	cl.smb2.level = RAW_CLOSE_SMB2;
+	cl.smb2.in.file.handle = d1;
+	status = smb2_close(tree, &(cl.smb2));
+	torture_assert_ntstatus_ok(torture, status, "smb2_close");
+	ZERO_STRUCT(d1);
+
+	cl.smb2.in.file.handle = h1;
+	status = smb2_close(tree, &(cl.smb2));
+	torture_assert_ntstatus_ok(torture, status, "smb2_close");
+	ZERO_STRUCT(h1);
+
+	torture_comment(torture, "Cleaning up\n");
+
+	if (h1.data[0] || h1.data[1]) {
+		ZERO_STRUCT(cl.smb2);
+		cl.smb2.level = RAW_CLOSE_SMB2;
+		cl.smb2.in.file.handle = h1;
+		status = smb2_close(tree, &(cl.smb2));
+	}
+
+	smb2_util_unlink(tree, BASEDIR "\\file.txt");
+	smb2_util_unlink(tree, BASEDIR "-new\\file.txt");
+	smb2_deltree(tree, renamedir);
+	smb2_deltree(tree, BASEDIR);
+	return ret;
+}
+
+static bool test_afpinfo_enoent(struct torture_context *tctx,
+				struct smb2_tree *tree)
+{
+	bool ret = true;
+	NTSTATUS status;
+	struct smb2_create create;
+	struct smb2_handle h1;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	const char *fname = BASEDIR "\\file";
+	const char *sname = BASEDIR "\\file" AFPINFO_STREAM_NAME;
+
+	torture_comment(tctx, "Opening file without AFP_AfpInfo\n");
+
+	smb2_deltree(tree, BASEDIR);
+	status = torture_smb2_testdir(tree, BASEDIR, &h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "torture_smb2_testdir");
+	smb2_util_close(tree, h1);
+	ret = torture_setup_file(mem_ctx, tree, fname, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "torture_setup_file");
+
+	torture_comment(tctx, "Opening not existing AFP_AfpInfo\n");
+
+	ZERO_STRUCT(create);
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.desired_access = SEC_FILE_READ_ATTRIBUTE; /* stat open */
+	create.in.fname = sname;
+
+	status = smb2_create(tree, mem_ctx, &create);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+					   ret, done, "Got unexpected AFP_AfpInfo stream");
+
+done:
+	smb2_util_unlink(tree, fname);
+	smb2_util_rmdir(tree, BASEDIR);
+	return ret;
+}
+
+static bool test_create_delete_on_close(struct torture_context *tctx,
+					struct smb2_tree *tree)
+{
+	bool ret = true;
+	NTSTATUS status;
+	struct smb2_create create;
+	struct smb2_handle h1;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	const char *fname = BASEDIR "\\file";
+	const char *sname = BASEDIR "\\file" AFPINFO_STREAM_NAME;
+	const char *type_creator = "SMB,OLE!";
+	AfpInfo *info = NULL;
+	const char *streams_basic[] = {
+		"::$DATA"
+	};
+	const char *streams_afpinfo[] = {
+		"::$DATA",
+		AFPINFO_STREAM
+	};
+
+	torture_assert_goto(tctx, mem_ctx != NULL, ret, done, "talloc_new");
+
+	torture_comment(tctx, "Checking whether create with delete-on-close work with AFP_AfpInfo\n");
+
+	smb2_deltree(tree, BASEDIR);
+	status = torture_smb2_testdir(tree, BASEDIR, &h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "torture_smb2_testdir");
+	smb2_util_close(tree, h1);
+	ret = torture_setup_file(mem_ctx, tree, fname, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "torture_setup_file");
+
+	torture_comment(tctx, "Opening not existing AFP_AfpInfo\n");
+
+	ZERO_STRUCT(create);
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.desired_access = SEC_FILE_READ_ATTRIBUTE; /* stat open */
+	create.in.fname = sname;
+
+	status = smb2_create(tree, mem_ctx, &create);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+					   ret, done, "Got unexpected AFP_AfpInfo stream");
+
+	ZERO_STRUCT(create);
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.desired_access = SEC_FILE_ALL;
+	create.in.fname = sname;
+
+	status = smb2_create(tree, mem_ctx, &create);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+					   ret, done, "Got unexpected AFP_AfpInfo stream");
+
+	ret = check_stream_list(tree, tctx, fname, 1, streams_basic, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "Bad streams");
+
+	torture_comment(tctx, "Deleting AFP_AfpInfo via create with delete-on-close\n");
+
+	info = torture_afpinfo_new(mem_ctx);
+	torture_assert_goto(tctx, info != NULL, ret, done, "torture_afpinfo_new failed");
+
+	memcpy(info->afpi_FinderInfo, type_creator, 8);
+	ret = torture_write_afpinfo(tree, tctx, mem_ctx, fname, info);
+	torture_assert_goto(tctx, ret == true, ret, done, "torture_write_afpinfo failed");
+
+	ret = check_stream(tree, __location__, tctx, mem_ctx, fname, AFPINFO_STREAM,
+			   0, 60, 16, 8, type_creator);
+	torture_assert_goto(tctx, ret == true, ret, done, "Bad type/creator in AFP_AfpInfo");
+
+	ret = check_stream_list(tree, tctx, fname, 2, streams_afpinfo, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "Bad streams");
+
+	ZERO_STRUCT(create);
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.create_options = NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
+	create.in.desired_access = SEC_FILE_READ_ATTRIBUTE | SEC_STD_SYNCHRONIZE | SEC_STD_DELETE;
+	create.in.impersonation_level = NTCREATEX_IMPERSONATION_IMPERSONATION;
+	create.in.fname = sname;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+
+	status = smb2_create(tree, mem_ctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_create failed");
+
+	h1 = create.out.file.handle;
+	smb2_util_close(tree, h1);
+
+	ZERO_STRUCT(create);
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.desired_access = SEC_FILE_READ_ATTRIBUTE;
+	create.in.fname = sname;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	status = smb2_create(tree, mem_ctx, &create);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+					   ret, done, "Got unexpected AFP_AfpInfo stream");
+
+	ret = check_stream_list(tree, tctx, fname, 1, streams_basic, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "Bad streams");
+
+done:
+	smb2_util_unlink(tree, fname);
+	smb2_util_rmdir(tree, BASEDIR);
+	return ret;
+}
+
+static bool test_setinfo_delete_on_close(struct torture_context *tctx,
+					 struct smb2_tree *tree)
+{
+	bool ret = true;
+	NTSTATUS status;
+	struct smb2_create create;
+	union smb_setfileinfo sfinfo;
+	struct smb2_handle h1;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	const char *fname = BASEDIR "\\file";
+	const char *sname = BASEDIR "\\file" AFPINFO_STREAM_NAME;
+	const char *type_creator = "SMB,OLE!";
+	AfpInfo *info = NULL;
+	const char *streams[] = {
+		AFPINFO_STREAM,
+		"::$DATA"
+	};
+	const char *streams_basic[] = {
+		"::$DATA"
+	};
+
+	torture_assert_goto(tctx, mem_ctx != NULL, ret, done, "talloc_new");
+
+	torture_comment(tctx, "Deleting AFP_AfpInfo via setinfo with delete-on-close\n");
+
+	smb2_deltree(tree, BASEDIR);
+	status = torture_smb2_testdir(tree, BASEDIR, &h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "torture_smb2_testdir");
+	smb2_util_close(tree, h1);
+	ret = torture_setup_file(mem_ctx, tree, fname, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "torture_setup_file");
+
+	info = torture_afpinfo_new(mem_ctx);
+	torture_assert_goto(tctx, info != NULL, ret, done, "torture_afpinfo_new failed");
+	memcpy(info->afpi_FinderInfo, type_creator, 8);
+	ret = torture_write_afpinfo(tree, tctx, mem_ctx, fname, info);
+	torture_assert_goto(tctx, ret == true, ret, done, "torture_write_afpinfo failed");
+
+	ZERO_STRUCT(create);
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.desired_access = SEC_FILE_READ_ATTRIBUTE | SEC_STD_SYNCHRONIZE | SEC_STD_DELETE;
+	create.in.fname = sname;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.impersonation_level = NTCREATEX_IMPERSONATION_IMPERSONATION;
+
+	status = smb2_create(tree, mem_ctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_create failed");
+
+	h1 = create.out.file.handle;
+
+	/* Delete stream via setinfo delete-on-close */
+	ZERO_STRUCT(sfinfo);
+	sfinfo.disposition_info.in.delete_on_close = 1;
+	sfinfo.generic.level = RAW_SFILEINFO_DISPOSITION_INFORMATION;
+	sfinfo.generic.in.file.handle = h1;
+	status = smb2_setinfo_file(tree, &sfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "set delete-on-close failed");
+
+	ret = check_stream_list(tree, tctx, fname, 2, streams, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "Bad streams");
+
+	ZERO_STRUCT(create);
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.desired_access = SEC_FILE_ALL;
+	create.in.fname = sname;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.impersonation_level = NTCREATEX_IMPERSONATION_IMPERSONATION;
+	status = smb2_create(tree, mem_ctx, &create);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_DELETE_PENDING,
+					   ret, done, "Got unexpected AFP_AfpInfo stream");
+
+	smb2_util_close(tree, h1);
+
+	ret = check_stream_list(tree, tctx, fname, 1, streams_basic, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "Bad streams");
+
+	ZERO_STRUCT(create);
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.desired_access = SEC_FILE_ALL;
+	create.in.fname = sname;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.impersonation_level = NTCREATEX_IMPERSONATION_IMPERSONATION;
+	status = smb2_create(tree, mem_ctx, &create);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+					   ret, done, "Got unexpected AFP_AfpInfo stream");
+
+done:
+	smb2_util_unlink(tree, fname);
+	smb2_util_rmdir(tree, BASEDIR);
+	return ret;
+}
+
+static bool test_setinfo_eof(struct torture_context *tctx,
+			     struct smb2_tree *tree)
+{
+	bool ret = true;
+	NTSTATUS status;
+	struct smb2_create create;
+	union smb_setfileinfo sfinfo;
+	struct smb2_handle h1;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	const char *fname = BASEDIR "\\file";
+	const char *sname = BASEDIR "\\file" AFPINFO_STREAM_NAME;
+	const char *type_creator = "SMB,OLE!";
+	AfpInfo *info = NULL;
+	const char *streams_afpinfo[] = {
+		"::$DATA",
+		AFPINFO_STREAM
+	};
+
+	torture_assert_goto(tctx, mem_ctx != NULL, ret, done, "talloc_new");
+
+	torture_comment(tctx, "Set AFP_AfpInfo EOF to 61, 1 and 0\n");
+
+	smb2_deltree(tree, BASEDIR);
+	status = torture_smb2_testdir(tree, BASEDIR, &h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "torture_smb2_testdir");
+	smb2_util_close(tree, h1);
+	ret = torture_setup_file(mem_ctx, tree, fname, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "torture_setup_file");
+
+	info = torture_afpinfo_new(mem_ctx);
+	torture_assert_goto(tctx, info != NULL, ret, done, "torture_afpinfo_new failed");
+	memcpy(info->afpi_FinderInfo, type_creator, 8);
+	ret = torture_write_afpinfo(tree, tctx, mem_ctx, fname, info);
+	torture_assert_goto(tctx, ret == true, ret, done, "torture_write_afpinfo failed");
+
+	ZERO_STRUCT(create);
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.desired_access = SEC_FILE_ALL;
+	create.in.fname = sname;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.impersonation_level = NTCREATEX_IMPERSONATION_IMPERSONATION;
+
+	status = smb2_create(tree, mem_ctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_create failed");
+
+	h1 = create.out.file.handle;
+
+	torture_comment(tctx, "Set AFP_AfpInfo EOF to 61\n");
+
+	/* Test setinfo end-of-file info */
+	ZERO_STRUCT(sfinfo);
+	sfinfo.generic.in.file.handle = h1;
+	sfinfo.generic.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
+	sfinfo.position_information.in.position = 61;
+	status = smb2_setinfo_file(tree, &sfinfo);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_ALLOTTED_SPACE_EXCEEDED,
+					   ret, done, "set eof 61 failed");
+
+	torture_comment(tctx, "Set AFP_AfpInfo EOF to 1\n");
+
+	/* Truncation returns success, but has no effect */
+	ZERO_STRUCT(sfinfo);
+	sfinfo.generic.in.file.handle = h1;
+	sfinfo.generic.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
+	sfinfo.position_information.in.position = 1;
+	status = smb2_setinfo_file(tree, &sfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status,
+					ret, done, "set eof 1 failed");
+	smb2_util_close(tree, h1);
+
+	ret = check_stream_list(tree, tctx, fname, 2, streams_afpinfo, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "Bad streams");
+
+	ret = check_stream(tree, __location__, tctx, mem_ctx, fname, AFPINFO_STREAM,
+			   0, 60, 16, 8, type_creator);
+	torture_assert_goto(tctx, ret == true, ret, done, "FinderInfo changed");
+
+	ZERO_STRUCT(create);
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.desired_access = SEC_FILE_ALL;
+	create.in.fname = sname;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.impersonation_level = NTCREATEX_IMPERSONATION_IMPERSONATION;
+
+	status = smb2_create(tree, mem_ctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_create failed");
+
+	h1 = create.out.file.handle;
+
+	/*
+	 * Delete stream via setinfo end-of-file info to 0, should
+	 * return success but stream MUST NOT deleted
+	 */
+	ZERO_STRUCT(sfinfo);
+	sfinfo.generic.in.file.handle = h1;
+	sfinfo.generic.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
+	sfinfo.position_information.in.position = 0;
+	status = smb2_setinfo_file(tree, &sfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "set eof 0 failed");
+
+	smb2_util_close(tree, h1);
+
+	ret = check_stream_list(tree, tctx, fname, 2, streams_afpinfo, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "Bad streams");
+
+	ret = check_stream(tree, __location__, tctx, mem_ctx, fname, AFPINFO_STREAM,
+			   0, 60, 16, 8, type_creator);
+	torture_assert_goto(tctx, ret == true, ret, done, "FinderInfo changed");
+
+done:
+	smb2_util_unlink(tree, fname);
+	smb2_util_rmdir(tree, BASEDIR);
+	return ret;
+}
+
+static bool test_afpinfo_all0(struct torture_context *tctx,
+			      struct smb2_tree *tree)
+{
+	bool ret = true;
+	NTSTATUS status;
+	struct smb2_create create;
+	struct smb2_handle h1 = {{0}};
+	struct smb2_handle baseh = {{0}};
+	union smb_setfileinfo setfinfo;
+	union smb_fileinfo getfinfo;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	const char *fname = BASEDIR "\\file";
+	const char *sname = BASEDIR "\\file" AFPINFO_STREAM;
+	const char *type_creator = "SMB,OLE!";
+	AfpInfo *info = NULL;
+	char *infobuf = NULL;
+	const char *streams_basic[] = {
+		"::$DATA"
+	};
+	const char *streams_afpinfo[] = {
+		"::$DATA",
+		AFPINFO_STREAM
+	};
+
+	torture_assert_goto(tctx, mem_ctx != NULL, ret, done, "talloc_new");
+
+	torture_comment(tctx, "Write all 0 to AFP_AfpInfo and see what happens\n");
+
+	smb2_deltree(tree, BASEDIR);
+	status = torture_smb2_testdir(tree, BASEDIR, &h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "torture_smb2_testdir");
+	smb2_util_close(tree, h1);
+	ret = torture_setup_file(mem_ctx, tree, fname, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "torture_setup_file");
+
+	info = torture_afpinfo_new(mem_ctx);
+	torture_assert_goto(tctx, info != NULL, ret, done, "torture_afpinfo_new failed");
+	memcpy(info->afpi_FinderInfo, type_creator, 8);
+	ret = torture_write_afpinfo(tree, tctx, mem_ctx, fname, info);
+	torture_assert_goto(tctx, ret == true, ret, done, "torture_write_afpinfo failed");
+
+	ret = check_stream_list(tree, tctx, fname, 2, streams_afpinfo, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "Bad streams");
+
+	/* Write all 0 to AFP_AfpInfo */
+	memset(info->afpi_FinderInfo, 0, AFP_FinderSize);
+	infobuf = torture_afpinfo_pack(mem_ctx, info);
+	torture_assert_not_null_goto(tctx, infobuf, ret, done,
+				     "torture_afpinfo_pack failed\n");
+
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_FILE_ALL;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+	create.in.fname = fname;
+
+	status = smb2_create(tree, mem_ctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	baseh = create.out.file.handle;
+
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_FILE_ALL;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+	create.in.fname = sname;
+
+	status = smb2_create(tree, mem_ctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	h1 = create.out.file.handle;
+
+	status = smb2_util_write(tree, h1, infobuf, 0, AFP_INFO_SIZE);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_write failed\n");
+
+	/*
+	 * Get stream information on open handle, must return only default
+	 * stream, the AFP_AfpInfo stream must not be returned.
+	 */
+
+	ZERO_STRUCT(getfinfo);
+	getfinfo.generic.level = RAW_FILEINFO_STREAM_INFORMATION;
+	getfinfo.generic.in.file.handle = baseh;
+
+	status = smb2_getinfo_file(tree, tctx, &getfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"get stream info\n");
+
+	torture_assert_int_equal_goto(tctx, getfinfo.stream_info.out.num_streams,
+				      1, ret, done, "stream count");
+
+	smb2_util_close(tree, baseh);
+	ZERO_STRUCT(baseh);
+
+	/*
+	 * Try to set some file-basic-info (time) on the stream. This catches
+	 * naive implementation mistakes that simply deleted the backing store
+	 * from the filesystem in the zero-out step.
+	 */
+
+	ZERO_STRUCT(setfinfo);
+	unix_to_nt_time(&setfinfo.basic_info.in.write_time, time(NULL));
+	setfinfo.basic_info.in.attrib = 0x20;
+	setfinfo.generic.level = RAW_SFILEINFO_BASIC_INFORMATION;
+	setfinfo.generic.in.file.handle = h1;
+
+	status = smb2_setinfo_file(tree, &setfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed\n");
+
+	ret = check_stream_list(tree, tctx, fname, 1, streams_basic, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "check_stream_list");
+
+	smb2_util_close(tree, h1);
+	ZERO_STRUCT(h1);
+
+	ret = check_stream_list(tree, tctx, fname, 1, streams_basic, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "Bad streams");
+
+done:
+	if (!smb2_util_handle_empty(h1)) {
+		smb2_util_close(tree, h1);
+	}
+	if (!smb2_util_handle_empty(baseh)) {
+		smb2_util_close(tree, baseh);
+	}
+	smb2_util_unlink(tree, fname);
+	smb2_util_rmdir(tree, BASEDIR);
+	return ret;
+}
+
+static bool test_create_delete_on_close_resource(struct torture_context *tctx,
+						 struct smb2_tree *tree)
+{
+	bool ret = true;
+	NTSTATUS status;
+	struct smb2_create create;
+	struct smb2_handle h1;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	const char *fname = BASEDIR "\\file";
+	const char *sname = BASEDIR "\\file" AFPRESOURCE_STREAM_NAME;
+	const char *streams_basic[] = {
+		"::$DATA"
+	};
+	const char *streams_afpresource[] = {
+		"::$DATA",
+		AFPRESOURCE_STREAM
+	};
+
+	torture_assert_goto(tctx, mem_ctx != NULL, ret, done, "talloc_new");
+
+	torture_comment(tctx, "Checking whether create with delete-on-close is ignored for AFP_AfpResource\n");
+
+	smb2_deltree(tree, BASEDIR);
+	status = torture_smb2_testdir(tree, BASEDIR, &h1);
+	torture_assert_ntstatus_ok(tctx, status, "torture_smb2_testdir");
+	smb2_util_close(tree, h1);
+	ret = torture_setup_file(mem_ctx, tree, fname, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "torture_setup_file");
+
+	torture_comment(tctx, "Opening not existing AFP_AfpResource\n");
+
+	ZERO_STRUCT(create);
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.desired_access = SEC_FILE_READ_ATTRIBUTE; /* stat open */
+	create.in.fname = sname;
+
+	status = smb2_create(tree, mem_ctx, &create);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+					   ret, done, "Got unexpected AFP_AfpResource stream");
+
+	ZERO_STRUCT(create);
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.desired_access = SEC_FILE_ALL;
+	create.in.fname = sname;
+
+	status = smb2_create(tree, mem_ctx, &create);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+					   ret, done, "Got unexpected AFP_AfpResource stream");
+
+	ret = check_stream_list(tree, tctx, fname, 1, streams_basic, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "Bad streams");
+
+	torture_comment(tctx, "Trying to delete AFP_AfpResource via create with delete-on-close\n");
+
+	ret = write_stream(tree, __location__, tctx, mem_ctx,
+			   fname, AFPRESOURCE_STREAM_NAME,
+			   0, 10, "1234567890");
+	torture_assert_goto(tctx, ret == true, ret, done, "Writing to AFP_AfpResource failed");
+
+	ret = check_stream(tree, __location__, tctx, mem_ctx, fname, AFPRESOURCE_STREAM_NAME,
+			   0, 10, 0, 10, "1234567890");
+	torture_assert_goto(tctx, ret == true, ret, done, "Bad content from AFP_AfpResource");
+
+	ret = check_stream_list(tree, tctx, fname, 2, streams_afpresource, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "Bad streams");
+
+	ZERO_STRUCT(create);
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.create_options = NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
+	create.in.desired_access = SEC_FILE_READ_ATTRIBUTE | SEC_STD_SYNCHRONIZE | SEC_STD_DELETE;
+	create.in.impersonation_level = NTCREATEX_IMPERSONATION_IMPERSONATION;
+	create.in.fname = sname;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+
+	status = smb2_create(tree, mem_ctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_create failed");
+
+	h1 = create.out.file.handle;
+	smb2_util_close(tree, h1);
+
+	ret = check_stream_list(tree, tctx, fname, 2, streams_afpresource, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "Bad streams");
+
+	ret = check_stream(tree, __location__, tctx, mem_ctx, fname, AFPRESOURCE_STREAM_NAME,
+			   0, 10, 0, 10, "1234567890");
+	torture_assert_goto(tctx, ret == true, ret, done, "Bad content from AFP_AfpResource");
+
+done:
+	smb2_util_unlink(tree, fname);
+	smb2_util_rmdir(tree, BASEDIR);
+	return ret;
+}
+
+static bool test_setinfo_delete_on_close_resource(struct torture_context *tctx,
+						  struct smb2_tree *tree)
+{
+	bool ret = true;
+	NTSTATUS status;
+	struct smb2_create create;
+	union smb_setfileinfo sfinfo;
+	struct smb2_handle h1;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	const char *fname = BASEDIR "\\file";
+	const char *sname = BASEDIR "\\file" AFPRESOURCE_STREAM_NAME;
+	const char *streams_afpresource[] = {
+		"::$DATA",
+		AFPRESOURCE_STREAM
+	};
+
+	torture_assert_goto(tctx, mem_ctx != NULL, ret, done, "talloc_new");
+
+	torture_comment(tctx, "Trying to delete AFP_AfpResource via setinfo with delete-on-close\n");
+
+	smb2_deltree(tree, BASEDIR);
+	status = torture_smb2_testdir(tree, BASEDIR, &h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "torture_smb2_testdir");
+	smb2_util_close(tree, h1);
+	ret = torture_setup_file(mem_ctx, tree, fname, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "torture_setup_file");
+
+	ret = write_stream(tree, __location__, tctx, mem_ctx,
+			   fname, AFPRESOURCE_STREAM_NAME,
+			   10, 10, "1234567890");
+	torture_assert_goto(tctx, ret == true, ret, done, "Writing to AFP_AfpResource failed");
+
+	ZERO_STRUCT(create);
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.desired_access = SEC_FILE_READ_ATTRIBUTE | SEC_STD_SYNCHRONIZE | SEC_STD_DELETE;
+	create.in.fname = sname;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.impersonation_level = NTCREATEX_IMPERSONATION_IMPERSONATION;
+
+	status = smb2_create(tree, mem_ctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_create failed");
+
+	h1 = create.out.file.handle;
+
+	/* Try to delete stream via setinfo delete-on-close */
+	ZERO_STRUCT(sfinfo);
+	sfinfo.disposition_info.in.delete_on_close = 1;
+	sfinfo.generic.level = RAW_SFILEINFO_DISPOSITION_INFORMATION;
+	sfinfo.generic.in.file.handle = h1;
+	status = smb2_setinfo_file(tree, &sfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "set delete-on-close failed");
+
+	smb2_util_close(tree, h1);
+
+	ret = check_stream_list(tree, tctx, fname, 2, streams_afpresource, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "Bad streams");
+
+	ZERO_STRUCT(create);
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.desired_access = SEC_FILE_ALL;
+	create.in.fname = sname;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.impersonation_level = NTCREATEX_IMPERSONATION_IMPERSONATION;
+	status = smb2_create(tree, mem_ctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"Got unexpected AFP_AfpResource stream");
+
+done:
+	smb2_util_unlink(tree, fname);
+	smb2_util_rmdir(tree, BASEDIR);
+	return ret;
+}
+
+static bool test_setinfo_eof_resource(struct torture_context *tctx,
+				      struct smb2_tree *tree)
+{
+	bool ret = true;
+	NTSTATUS status;
+	struct smb2_create create;
+	union smb_setfileinfo sfinfo;
+	union smb_fileinfo finfo;
+	struct smb2_handle h1;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	const char *fname = BASEDIR "\\file";
+	const char *sname = BASEDIR "\\file" AFPRESOURCE_STREAM_NAME;
+	const char *streams_basic[] = {
+		"::$DATA"
+	};
+
+	torture_assert_goto(tctx, mem_ctx != NULL, ret, done, "talloc_new");
+
+	ret = enable_aapl(tctx, tree);
+	torture_assert_goto(tctx, ret == true, ret, done, "enable_aapl failed");
+
+	torture_comment(tctx, "Set AFP_AfpResource EOF to 1 and 0\n");
+
+	smb2_deltree(tree, BASEDIR);
+	status = torture_smb2_testdir(tree, BASEDIR, &h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "torture_smb2_testdir");
+	smb2_util_close(tree, h1);
+	ret = torture_setup_file(mem_ctx, tree, fname, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "torture_setup_file");
+
+	ret = write_stream(tree, __location__, tctx, mem_ctx,
+			   fname, AFPRESOURCE_STREAM_NAME,
+			   10, 10, "1234567890");
+	torture_assert_goto(tctx, ret == true, ret, done, "Writing to AFP_AfpResource failed");
+
+	ZERO_STRUCT(create);
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.desired_access = SEC_FILE_ALL;
+	create.in.fname = sname;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.impersonation_level = NTCREATEX_IMPERSONATION_IMPERSONATION;
+
+	status = smb2_create(tree, mem_ctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_create failed");
+
+	h1 = create.out.file.handle;
+
+	torture_comment(tctx, "Set AFP_AfpResource EOF to 1\n");
+
+	/* Test setinfo end-of-file info */
+	ZERO_STRUCT(sfinfo);
+	sfinfo.generic.in.file.handle = h1;
+	sfinfo.generic.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
+	sfinfo.position_information.in.position = 1;
+	status = smb2_setinfo_file(tree, &sfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status,
+					ret, done, "set eof 1 failed");
+
+ 	smb2_util_close(tree, h1);
+
+	/* Check size == 1 */
+	ZERO_STRUCT(create);
+	create.in.fname = sname;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.desired_access = SEC_FILE_ALL;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.impersonation_level = NTCREATEX_IMPERSONATION_IMPERSONATION;
+	status = smb2_create(tree, mem_ctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_create failed");
+
+	h1 = create.out.file.handle;
+
+	ZERO_STRUCT(finfo);
+	finfo.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+	finfo.generic.in.file.handle = h1;
+	status = smb2_getinfo_file(tree, mem_ctx, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_getinfo_file failed");
+
+	smb2_util_close(tree, h1);
+
+	torture_assert_goto(tctx, finfo.all_info.out.size == 1, ret, done, "size != 1");
+
+	ZERO_STRUCT(create);
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.desired_access = SEC_FILE_ALL;
+	create.in.fname = sname;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.impersonation_level = NTCREATEX_IMPERSONATION_IMPERSONATION;
+
+	status = smb2_create(tree, mem_ctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_create failed");
+
+	h1 = create.out.file.handle;
+
+	/*
+	 * Delete stream via setinfo end-of-file info to 0, this
+	 * should delete the stream.
+	 */
+	ZERO_STRUCT(sfinfo);
+	sfinfo.generic.in.file.handle = h1;
+	sfinfo.generic.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
+	sfinfo.position_information.in.position = 0;
+	status = smb2_setinfo_file(tree, &sfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "set eof 0 failed");
+
+	smb2_util_close(tree, h1);
+
+	ret = check_stream_list(tree, tctx, fname, 1, streams_basic, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "Bad streams");
+
+	ZERO_STRUCT(create);
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.desired_access = SEC_FILE_ALL;
+	create.in.fname = sname;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.impersonation_level = NTCREATEX_IMPERSONATION_IMPERSONATION;
+
+	status = smb2_create(tree, mem_ctx, &create);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+					   ret, done, "smb2_create failed");
+
+done:
+	smb2_util_unlink(tree, fname);
+	smb2_util_rmdir(tree, BASEDIR);
+	return ret;
+}
+
+/*
+ * This tests that right after creating the AFP_AfpInfo stream,
+ * reading from the stream returns an empty, default metadata blob of
+ * 60 bytes.
+ *
+ * NOTE: against OS X SMB server this only works if the read request
+ * is compounded with the create that created the stream, is fails
+ * otherwise. We don't care...
+ */
+static bool test_null_afpinfo(struct torture_context *tctx,
+			      struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	const char *fname = "test_null_afpinfo";
+	const char *sname = "test_null_afpinfo" AFPINFO_STREAM_NAME;
+	NTSTATUS status;
+	bool ret = true;
+	struct smb2_request *req[3];
+	struct smb2_handle handle;
+	struct smb2_create create;
+	struct smb2_read read;
+	AfpInfo *afpinfo = NULL;
+	char *afpinfo_buf = NULL;
+	const char *type_creator = "SMB,OLE!";
+	struct smb2_handle handle2;
+	struct smb2_read r;
+
+	torture_comment(tctx, "Checking create of AfpInfo stream\n");
+
+	smb2_util_unlink(tree, fname);
+
+	ret = torture_setup_file(mem_ctx, tree, fname, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "torture_setup_file failed");
+
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA;
+	create.in.share_access = FILE_SHARE_READ | FILE_SHARE_DELETE;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+	create.in.fname = sname;
+
+	smb2_transport_compound_start(tree->session->transport, 2);
+
+	req[0] = smb2_create_send(tree, &create);
+
+	handle.data[0] = UINT64_MAX;
+	handle.data[1] = UINT64_MAX;
+
+	smb2_transport_compound_set_related(tree->session->transport, true);
+
+	ZERO_STRUCT(read);
+	read.in.file.handle = handle;
+	read.in.length = AFP_INFO_SIZE;
+	req[1] = smb2_read_send(tree, &read);
+
+	status = smb2_create_recv(req[0], tree, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_create_recv failed");
+
+	handle = create.out.file.handle;
+
+	status = smb2_read_recv(req[1], tree, &read);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_read_recv failed");
+
+	status = torture_smb2_testfile_access(tree, sname, &handle2,
+					      SEC_FILE_READ_DATA);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testfile failed\n");
+	r = (struct smb2_read) {
+		.in.file.handle = handle2,
+		.in.length      = AFP_INFO_SIZE,
+	};
+
+	status = smb2_read(tree, tree, &r);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testfile failed\n");
+	smb2_util_close(tree, handle2);
+
+	afpinfo = torture_afpinfo_new(mem_ctx);
+	torture_assert_goto(tctx, afpinfo != NULL, ret, done, "torture_afpinfo_new failed");
+
+	memcpy(afpinfo->afpi_FinderInfo, type_creator, 8);
+
+	afpinfo_buf = torture_afpinfo_pack(tctx, afpinfo);
+	torture_assert_goto(tctx, afpinfo_buf != NULL, ret, done, "torture_afpinfo_new failed");
+
+	status = smb2_util_write(tree, handle, afpinfo_buf, 0, AFP_INFO_SIZE);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_util_write failed");
+
+	smb2_util_close(tree, handle);
+
+	ret = check_stream(tree, __location__, tctx, mem_ctx, fname, AFPINFO_STREAM,
+			   0, 60, 16, 8, type_creator);
+	torture_assert_goto(tctx, ret == true, ret, done, "check_stream failed");
+
+done:
+	smb2_util_unlink(tree, fname);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool test_delete_file_with_rfork(struct torture_context *tctx,
+					struct smb2_tree *tree)
+{
+	const char *fname = "torture_write_rfork_io";
+	const char *rfork_content = "1234567890";
+	NTSTATUS status;
+	bool ret = true;
+
+	smb2_util_unlink(tree, fname);
+
+	torture_comment(tctx, "Test deleting file with resource fork\n");
+
+	ret = torture_setup_file(tctx, tree, fname, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "torture_setup_file failed\n");
+
+	ret = write_stream(tree, __location__, tctx, tctx,
+			   fname, AFPRESOURCE_STREAM_NAME,
+			   10, 10, rfork_content);
+	torture_assert_goto(tctx, ret == true, ret, done, "write_stream failed\n");
+
+	ret = check_stream(tree, __location__, tctx, tctx,
+			   fname, AFPRESOURCE_STREAM_NAME,
+			   0, 20, 10, 10, rfork_content);
+	torture_assert_goto(tctx, ret == true, ret, done, "check_stream failed\n");
+
+	status = smb2_util_unlink(tree, fname);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "check_stream failed\n");
+
+done:
+	return ret;
+}
+
+static bool test_rename_and_read_rsrc(struct torture_context *tctx,
+				      struct smb2_tree *tree)
+{
+	bool ret = true;
+	NTSTATUS status;
+	struct smb2_create create, create2;
+	struct smb2_handle h1, h2;
+	const char *fname = "test_rename_openfile";
+	const char *sname = "test_rename_openfile" AFPRESOURCE_STREAM_NAME;
+	const char *fname_renamed = "test_rename_openfile_renamed";
+	const char *data = "1234567890";
+	union smb_setfileinfo sinfo;
+	bool server_is_macos = torture_setting_bool(tctx, "osx", false);
+	NTSTATUS expected_status;
+
+	ret = enable_aapl(tctx, tree);
+	torture_assert_goto(tctx, ret == true, ret, done, "enable_aapl failed");
+
+	torture_comment(tctx, "Create file with resource fork\n");
+
+	ret = torture_setup_file(tctx, tree, fname, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "torture_setup_file");
+
+	ret = write_stream(tree, __location__, tctx, tctx,
+			   fname, AFPRESOURCE_STREAM_NAME, 0, 10, data);
+	torture_assert_goto(tctx, ret == true, ret, done, "write_stream failed");
+
+	torture_comment(tctx, "Open resource fork\n");
+
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_FILE_ALL;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION;
+	create.in.fname = sname;
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_create failed");
+
+	h1 = create.out.file.handle;
+
+	torture_comment(tctx, "Rename base file\n");
+
+	ZERO_STRUCT(create2);
+	create2.in.desired_access = SEC_FILE_ALL;
+	create2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create2.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+	create2.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create2.in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION;
+	create2.in.fname = fname;
+
+	status = smb2_create(tree, tctx, &create2);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_create failed");
+
+	h2 = create2.out.file.handle;
+
+	ZERO_STRUCT(sinfo);
+	sinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sinfo.rename_information.in.file.handle = h2;
+	sinfo.rename_information.in.overwrite = 0;
+	sinfo.rename_information.in.root_fid = 0;
+	sinfo.rename_information.in.new_name = fname_renamed;
+
+	if (server_is_macos) {
+		expected_status = NT_STATUS_SHARING_VIOLATION;
+	} else {
+		expected_status = NT_STATUS_ACCESS_DENIED;
+	}
+
+	status = smb2_setinfo_file(tree, &sinfo);
+	torture_assert_ntstatus_equal_goto(
+		tctx, status, expected_status, ret, done,
+		"smb2_setinfo_file failed");
+
+	smb2_util_close(tree, h2);
+
+	status = smb2_util_write(tree, h1, "foo", 0, 3);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"write failed\n");
+
+	smb2_util_close(tree, h1);
+
+done:
+	smb2_util_unlink(tree, fname);
+	smb2_util_unlink(tree, fname_renamed);
+
+	return ret;
+}
+
+static bool test_readdir_attr_illegal_ntfs(struct torture_context *tctx,
+					   struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	const char *name = "test" "\xef\x80\xa2" "aapl"; /* "test:aapl" */
+	const char *fname = BASEDIR "\\test" "\xef\x80\xa2" "aapl"; /* "test:aapl" */
+	NTSTATUS status;
+	struct smb2_handle testdirh;
+	bool ret = true;
+	struct smb2_create io;
+	AfpInfo *info;
+	const char *type_creator = "SMB,OLE!";
+	struct smb2_find f;
+	unsigned int count;
+	union smb_search_data *d;
+	uint64_t rfork_len;
+	unsigned int i;
+
+	smb2_deltree(tree, BASEDIR);
+
+	status = torture_smb2_testdir(tree, BASEDIR, &testdirh);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "torture_smb2_testdir failed");
+	smb2_util_close(tree, testdirh);
+
+	torture_comment(tctx, "Enabling AAPL\n");
+
+	ret = enable_aapl(tctx, tree);
+	torture_assert_goto(tctx, ret == true, ret, done, "enable_aapl failed");
+
+	/*
+	 * Now that Requested AAPL extensions are enabled, setup some
+	 * Mac files with metadata and resource fork
+	 */
+
+	torture_comment(tctx, "Preparing file\n");
+
+	ret = torture_setup_file(mem_ctx, tree, fname, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "torture_setup_file failed");
+
+	info = torture_afpinfo_new(mem_ctx);
+	torture_assert_not_null_goto(tctx, info, ret, done, "torture_afpinfo_new failed");
+
+	memcpy(info->afpi_FinderInfo, type_creator, 8);
+	ret = torture_write_afpinfo(tree, tctx, mem_ctx, fname, info);
+	torture_assert_goto(tctx, ret == true, ret, done, "torture_write_afpinfo failed");
+
+	ret = write_stream(tree, __location__, tctx, mem_ctx,
+			   fname, AFPRESOURCE_STREAM_NAME,
+			   0, 3, "foo");
+	torture_assert_goto(tctx, ret == true, ret, done, "write_stream failed");
+
+	/*
+	 * Ok, file is prepared, now call smb2/find
+	 */
+
+	torture_comment(tctx, "Issue find\n");
+
+	ZERO_STRUCT(io);
+	io.in.desired_access = SEC_RIGHTS_DIR_READ;
+	io.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+	io.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
+	io.in.share_access = (NTCREATEX_SHARE_ACCESS_READ |
+			      NTCREATEX_SHARE_ACCESS_WRITE |
+			      NTCREATEX_SHARE_ACCESS_DELETE);
+	io.in.create_disposition = NTCREATEX_DISP_OPEN;
+	io.in.fname = BASEDIR;
+	status = smb2_create(tree, tctx, &io);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_create failed");
+
+	ZERO_STRUCT(f);
+	f.in.file.handle	= io.out.file.handle;
+	f.in.pattern		= "*";
+	f.in.max_response_size	= 0x1000;
+	f.in.level              = SMB2_FIND_ID_BOTH_DIRECTORY_INFO;
+
+	status = smb2_find_level(tree, tree, &f, &count, &d);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_find_level failed");
+
+	status = smb2_util_close(tree, io.out.file.handle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_util_close failed");
+
+	torture_comment(tctx, "Checking find response with enriched macOS metadata\n");
+
+	for (i = 0; i < count; i++) {
+		const char *found = d[i].id_both_directory_info.name.s;
+
+		if (!strcmp(found, ".") || !strcmp(found, ".."))
+			continue;
+		if (strncmp(found, "._", 2) == 0) {
+			continue;
+		}
+		break;
+	}
+
+	torture_assert_str_equal_goto(tctx,
+				      d[i].id_both_directory_info.name.s, name,
+				      ret, done, "bad name");
+
+	rfork_len = BVAL(d[i].id_both_directory_info.short_name_buf, 0);
+	torture_assert_int_equal_goto(tctx, rfork_len, 3, ret, done, "bad resource fork length");
+
+	torture_assert_mem_equal_goto(tctx, type_creator,
+				      d[i].id_both_directory_info.short_name_buf + 8,
+				      8, ret, done, "Bad FinderInfo");
+done:
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, BASEDIR);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool test_invalid_afpinfo(struct torture_context *tctx,
+				 struct smb2_tree *tree1,
+				 struct smb2_tree *tree2)
+{
+	const char *fname = "filtest_invalid_afpinfo";
+	const char *sname = "filtest_invalid_afpinfo" AFPINFO_STREAM_NAME;
+	struct smb2_create create;
+	const char *streams_basic[] = {
+		"::$DATA"
+	};
+	const char *streams_afpinfo[] = {
+		"::$DATA",
+		AFPINFO_STREAM
+	};
+	NTSTATUS status;
+	bool ret = true;
+
+	if (tree2 == NULL) {
+		torture_skip_goto(tctx, done, "need second share without fruit\n");
+	}
+
+	torture_comment(tctx, "Testing invalid AFP_AfpInfo stream\n");
+
+	ret = torture_setup_file(tctx, tree2, fname, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "torture_setup_file");
+
+	ret = write_stream(tree2, __location__, tctx, tctx,
+			   fname, AFPINFO_STREAM_NAME,
+			   0, 3, "foo");
+	torture_assert_goto(tctx, ret == true, ret, done, "write_stream failed");
+
+	ret = check_stream_list(tree2, tctx, fname, 2, streams_afpinfo, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "Bad streams");
+
+	torture_comment(tctx, "Listing streams, bad AFPINFO stream must not be present\n");
+
+	ret = check_stream_list(tree1, tctx, fname, 1, streams_basic, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "Bad streams");
+
+	torture_comment(tctx, "Try to open AFPINFO stream, must fail\n");
+
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_FILE_ALL;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION;
+	create.in.fname = sname;
+
+	status = smb2_create(tree1, tctx, &create);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+					   ret, done, "Stream still around?");
+
+done:
+	smb2_util_unlink(tree1, fname);
+	return ret;
+}
+
+static bool test_writing_afpinfo(struct torture_context *tctx,
+				 struct smb2_tree *tree)
+{
+	const char *fname = "filtest_invalid_afpinfo";
+	const char *sname = "filtest_invalid_afpinfo" AFPINFO_STREAM;
+	const char *streams_afpinfo[] = {
+		"::$DATA",
+		AFPINFO_STREAM
+	};
+	bool ret = true;
+	static AfpInfo *afpi = NULL;
+	char *buf = NULL;
+	char *afpi_buf = NULL;
+	char *zero_buf = NULL;
+	bool broken_osx = torture_setting_bool(tctx, "broken_osx_45759458", false);
+	off_t min_offset_for_2streams = 16;
+	int i;
+	NTSTATUS status;
+	struct test_sizes {
+		off_t offset;
+		size_t size;
+		bool expected_result;
+	} test_sizes[] = {
+		{ 0, 1, false},
+		{ 0, 2, false},
+		{ 0, 3, true},
+		{ 0, 4, true},
+		{ 0, 14, true},
+		{ 0, 15, true},
+		{ 0, 16, true},
+		{ 0, 24, true},
+		{ 0, 34, true},
+		{ 0, 44, true},
+		{ 0, 54, true},
+		{ 0, 55, true},
+		{ 0, 56, true},
+		{ 0, 57, true},
+		{ 0, 58, true},
+		{ 0, 59, true},
+		{ 0, 60, true},
+		{ 0, 61, true},
+		{ 0, 64, true},
+		{ 0, 1024, true},
+		{ 0, 10064, true},
+
+		{ 1, 1, false},
+		{ 1, 2, false},
+		{ 1, 3, false},
+		{ 1, 4, false},
+		{ 1, 14, false},
+		{ 1, 15, false},
+		{ 1, 16, false},
+		{ 1, 24, false},
+		{ 1, 34, false},
+		{ 1, 44, false},
+		{ 1, 54, false},
+		{ 1, 55, false},
+		{ 1, 56, false},
+		{ 1, 57, false},
+		{ 1, 58, false},
+		{ 1, 59, false},
+		{ 1, 60, true},
+		{ 1, 61, true},
+		{ 1, 1024, true},
+		{ 1, 10064, true},
+
+		{ 30, 1, false},
+		{ 30, 2, false},
+		{ 30, 3, false},
+		{ 30, 4, false},
+		{ 30, 14, false},
+		{ 30, 15, false},
+		{ 30, 16, false},
+		{ 30, 24, false},
+		{ 30, 34, false},
+		{ 30, 44, false},
+		{ 30, 54, false},
+		{ 30, 55, false},
+		{ 30, 56, false},
+		{ 30, 57, false},
+		{ 30, 58, false},
+		{ 30, 59, false},
+		{ 30, 60, true},
+		{ 30, 61, true},
+		{ 30, 1024, true},
+		{ 30, 10064, true},
+
+		{ 58, 1, false},
+		{ 58, 2, false},
+		{ 58, 3, false},
+		{ 58, 4, false},
+		{ 58, 14, false},
+		{ 58, 15, false},
+		{ 58, 16, false},
+		{ 58, 24, false},
+		{ 58, 34, false},
+		{ 58, 44, false},
+		{ 58, 54, false},
+		{ 58, 55, false},
+		{ 58, 56, false},
+		{ 58, 57, false},
+		{ 58, 58, false},
+		{ 58, 59, false},
+		{ 58, 60, true},
+		{ 58, 61, true},
+		{ 58, 1024, true},
+		{ 58, 10064, true},
+
+		{ 59, 1, false},
+		{ 59, 2, false},
+		{ 59, 3, false},
+		{ 59, 4, false},
+		{ 59, 14, false},
+		{ 59, 15, false},
+		{ 59, 16, false},
+		{ 59, 24, false},
+		{ 59, 34, false},
+		{ 59, 44, false},
+		{ 59, 54, false},
+		{ 59, 55, false},
+		{ 59, 56, false},
+		{ 59, 57, false},
+		{ 59, 58, false},
+		{ 59, 59, false},
+		{ 59, 60, true},
+		{ 59, 61, true},
+		{ 59, 1024, true},
+		{ 59, 10064, true},
+
+		{ 60, 1, false},
+		{ 60, 2, false},
+		{ 60, 3, false},
+		{ 60, 4, false},
+		{ 60, 14, false},
+		{ 60, 15, false},
+		{ 60, 16, false},
+		{ 60, 24, false},
+		{ 60, 34, false},
+		{ 60, 44, false},
+		{ 60, 54, false},
+		{ 60, 55, false},
+		{ 60, 56, false},
+		{ 60, 57, false},
+		{ 60, 58, false},
+		{ 60, 59, false},
+		{ 60, 60, true},
+		{ 60, 61, true},
+		{ 60, 1024, true},
+		{ 60, 10064, true},
+
+		{ 61, 1, false},
+		{ 61, 2, false},
+		{ 61, 3, false},
+		{ 61, 4, false},
+		{ 61, 14, false},
+		{ 61, 15, false},
+		{ 61, 16, false},
+		{ 61, 24, false},
+		{ 61, 34, false},
+		{ 61, 44, false},
+		{ 61, 54, false},
+		{ 61, 55, false},
+		{ 61, 56, false},
+		{ 61, 57, false},
+		{ 61, 58, false},
+		{ 61, 59, false},
+		{ 61, 60, true},
+		{ 61, 61, true},
+		{ 61, 1024, true},
+		{ 61, 10064, true},
+
+		{ 10000, 1, false},
+		{ 10000, 2, false},
+		{ 10000, 3, false},
+		{ 10000, 4, false},
+		{ 10000, 14, false},
+		{ 10000, 15, false},
+		{ 10000, 16, false},
+		{ 10000, 24, false},
+		{ 10000, 34, false},
+		{ 10000, 44, false},
+		{ 10000, 54, false},
+		{ 10000, 55, false},
+		{ 10000, 56, false},
+		{ 10000, 57, false},
+		{ 10000, 58, false},
+		{ 10000, 59, false},
+		{ 10000, 60, true},
+		{ 10000, 61, true},
+		{ 10000, 1024, true},
+		{ 10000, 10064, true},
+
+		{ -1, 0, false},
+	};
+
+	afpi = torture_afpinfo_new(tctx);
+	torture_assert_not_null_goto(tctx, afpi, ret, done,
+				     "torture_afpinfo_new failed\n");
+
+	memcpy(afpi->afpi_FinderInfo, "FOO BAR ", 8);
+
+	buf = torture_afpinfo_pack(afpi, afpi);
+	torture_assert_not_null_goto(tctx, buf, ret, done,
+				     "torture_afpinfo_pack failed\n");
+
+	afpi_buf = talloc_zero_array(tctx, char, 10064);
+	torture_assert_not_null_goto(tctx, afpi_buf, ret, done,
+				     "talloc_zero_array failed\n");
+	memcpy(afpi_buf, buf, 60);
+
+	zero_buf = talloc_zero_array(tctx, char, 10064);
+	torture_assert_not_null_goto(tctx, zero_buf, ret, done,
+				     "talloc_zero_array failed\n");
+
+	ret = torture_setup_file(tctx, tree, fname, false);
+	torture_assert_goto(tctx, ret == true, ret, done,
+			    "torture_setup_file\n");
+
+	for (i = 0; test_sizes[i].offset != -1; i++) {
+		struct smb2_handle h;
+		struct smb2_create c;
+		int expected_num_streams;
+		size_t fi_check_size;
+
+		torture_comment(tctx,
+				"Test %d: offset=%jd size=%zu result=%s\n",
+				i,
+				(intmax_t)test_sizes[i].offset,
+				test_sizes[i].size,
+				test_sizes[i].expected_result ? "true":"false");
+
+
+		c = (struct smb2_create) {
+			.in.desired_access = SEC_FILE_WRITE_DATA,
+			.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+			.in.create_disposition = NTCREATEX_DISP_OPEN_IF,
+			.in.fname = sname,
+		};
+
+		status = smb2_create(tree, tree, &c);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"smb2_create\n");
+		h = c.out.file.handle;
+
+		status = smb2_util_write(tree,
+					 h,
+					 zero_buf,
+					 test_sizes[i].offset,
+					 test_sizes[i].size);
+		torture_assert_ntstatus_equal_goto(
+			tctx, status, NT_STATUS_INVALID_PARAMETER,
+			ret, done, "smb2_util_write\n");
+
+		status = smb2_util_write(tree,
+					 h,
+					 afpi_buf,
+					 test_sizes[i].offset,
+					 test_sizes[i].size);
+		smb2_util_close(tree, h);
+		if (test_sizes[i].expected_result == true) {
+			torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+							"smb2_util_write\n");
+		} else {
+			torture_assert_ntstatus_equal_goto(
+				tctx, status, NT_STATUS_INVALID_PARAMETER,
+				ret, done, "smb2_util_write\n");
+		}
+
+		if (broken_osx) {
+			/*
+			 * Currently macOS has a bug (Radar #45759458) where it
+			 * writes more bytes then requested from uninitialized
+			 * memory to the filesystem. That means it will likely
+			 * write data to FinderInfo so the stream is not empty
+			 * and thus listed when the number of streams is
+			 * queried.
+			 */
+			min_offset_for_2streams = 2;
+		}
+
+		if ((test_sizes[i].expected_result == true) &&
+		    (test_sizes[i].size > min_offset_for_2streams))
+		{
+			expected_num_streams = 2;
+		} else {
+			expected_num_streams = 1;
+		}
+
+		ret = check_stream_list(tree, tctx, fname,
+					expected_num_streams,
+					streams_afpinfo, false);
+		torture_assert_goto(tctx, ret == true, ret, done,
+				    "Bad streams\n");
+
+		if (test_sizes[i].expected_result == false) {
+			continue;
+		}
+
+		if (test_sizes[i].size <= 16) {
+			/*
+			 * FinderInfo with the "FOO BAR " string we wrote above
+			 * would start at offset 16. Check whether this test
+			 * wrote 1 byte or more.
+			 */
+			goto next;
+		}
+
+		fi_check_size = test_sizes[i].size - 16;
+		fi_check_size = MIN(fi_check_size, 8);
+
+		ret = check_stream(tree, __location__,
+				   tctx, tctx,
+				   fname, AFPINFO_STREAM,
+				   0, 60, 16, fi_check_size, "FOO BAR ");
+		torture_assert_goto(tctx, ret == true, ret, done,
+				    "Bad streams\n");
+
+next:
+		status = smb2_util_unlink(tree, sname);
+		if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+			bool missing_ok;
+
+			missing_ok = test_sizes[i].expected_result == false;
+			missing_ok |= test_sizes[i].size <= 16;
+
+			torture_assert_goto(tctx, missing_ok,
+					    ret, done, "smb2_util_unlink\n");
+		}
+	}
+
+done:
+	smb2_util_unlink(tree, fname);
+	return ret;
+}
+
+static bool test_zero_file_id(struct torture_context *tctx,
+			      struct smb2_tree *tree)
+{
+	const char *fname = "filtest_file_id";
+	struct smb2_create create = {0};
+	NTSTATUS status;
+	bool ret = true;
+	uint8_t zero_file_id[8] = {0};
+
+	torture_comment(tctx, "Testing zero file id\n");
+
+	ret = torture_setup_file(tctx, tree, fname, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "torture_setup_file");
+
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_FILE_READ_ATTRIBUTE;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.fname = fname;
+	create.in.query_on_disk_id = true;
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OK, ret,
+					   done,
+					   "test file could not be opened");
+	torture_assert_mem_not_equal_goto(tctx, create.out.on_disk_id,
+					  zero_file_id, 8, ret, done,
+					  "unexpected zero file id");
+
+	smb2_util_close(tree, create.out.file.handle);
+
+	ret = enable_aapl(tctx, tree);
+	torture_assert(tctx, ret == true, "enable_aapl failed");
+
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_FILE_READ_ATTRIBUTE;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.fname = fname;
+	create.in.query_on_disk_id = true;
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_equal_goto(
+	    tctx, status, NT_STATUS_OK, ret, done,
+	    "test file could not be opened with AAPL");
+	torture_assert_mem_equal_goto(tctx, create.out.on_disk_id, zero_file_id,
+				      8, ret, done, "non-zero file id");
+
+	smb2_util_close(tree, create.out.file.handle);
+
+done:
+	smb2_util_unlink(tree, fname);
+	return ret;
+}
+
+static bool copy_one_stream(struct torture_context *torture,
+			    struct smb2_tree *tree,
+			    TALLOC_CTX *tmp_ctx,
+			    const char *src_sname,
+			    const char *dst_sname)
+{
+	struct smb2_handle src_h = {{0}};
+	struct smb2_handle dest_h = {{0}};
+	NTSTATUS status;
+	union smb_ioctl io;
+	struct srv_copychunk_copy cc_copy;
+	struct srv_copychunk_rsp cc_rsp;
+	enum ndr_err_code ndr_ret;
+	bool ok = false;
+
+	ok = test_setup_copy_chunk(torture, tree, tmp_ctx,
+				   1, /* 1 chunk */
+				   src_sname,
+				   &src_h, 256, /* fill 256 byte src file */
+				   SEC_FILE_READ_DATA | SEC_FILE_WRITE_DATA,
+				   dst_sname,
+				   &dest_h, 0,	/* 0 byte dest file */
+				   SEC_FILE_READ_DATA | SEC_FILE_WRITE_DATA,
+				   &cc_copy,
+				   &io);
+	torture_assert_goto(torture, ok == true, ok, done,
+			    "setup copy chunk error\n");
+
+	/* copy all src file data (via a single chunk desc) */
+	cc_copy.chunks[0].source_off = 0;
+	cc_copy.chunks[0].target_off = 0;
+	cc_copy.chunks[0].length = 256;
+
+	ndr_ret = ndr_push_struct_blob(
+		&io.smb2.in.out, tmp_ctx, &cc_copy,
+		(ndr_push_flags_fn_t)ndr_push_srv_copychunk_copy);
+
+	torture_assert_ndr_success_goto(torture, ndr_ret, ok, done,
+				   "ndr_push_srv_copychunk_copy\n");
+
+	status = smb2_ioctl(tree, tmp_ctx, &io.smb2);
+	torture_assert_ntstatus_ok_goto(torture, status, ok, done,
+					"FSCTL_SRV_COPYCHUNK\n");
+
+	ndr_ret = ndr_pull_struct_blob(
+		&io.smb2.out.out, tmp_ctx, &cc_rsp,
+		(ndr_pull_flags_fn_t)ndr_pull_srv_copychunk_rsp);
+
+	torture_assert_ndr_success_goto(torture, ndr_ret, ok, done,
+				   "ndr_pull_srv_copychunk_rsp\n");
+
+	ok = check_copy_chunk_rsp(torture, &cc_rsp,
+				  1,	/* chunks written */
+				  0,	/* chunk bytes unsuccessfully written */
+				  256); /* total bytes written */
+	torture_assert_goto(torture, ok == true, ok, done,
+			    "bad copy chunk response data\n");
+
+	ok = check_pattern(torture, tree, tmp_ctx, dest_h, 0, 256, 0);
+	if (!ok) {
+		torture_fail(torture, "inconsistent file data\n");
+	}
+
+done:
+	if (!smb2_util_handle_empty(src_h)) {
+		smb2_util_close(tree, src_h);
+	}
+	if (!smb2_util_handle_empty(dest_h)) {
+		smb2_util_close(tree, dest_h);
+	}
+
+	return ok;
+}
+
+static bool copy_finderinfo_stream(struct torture_context *torture,
+				   struct smb2_tree *tree,
+				   TALLOC_CTX *tmp_ctx,
+				   const char *src_name,
+				   const char *dst_name)
+{
+	struct smb2_handle src_h = {{0}};
+	struct smb2_handle dest_h = {{0}};
+	NTSTATUS status;
+	union smb_ioctl io;
+	struct srv_copychunk_copy cc_copy;
+	struct srv_copychunk_rsp cc_rsp;
+	enum ndr_err_code ndr_ret;
+	const char *type_creator = "SMB,OLE!";
+	AfpInfo *info = NULL;
+	const char *src_name_afpinfo = NULL;
+	const char *dst_name_afpinfo = NULL;
+	bool ok = false;
+
+	src_name_afpinfo = talloc_asprintf(tmp_ctx, "%s%s", src_name,
+					   AFPINFO_STREAM);
+	torture_assert_not_null_goto(torture, src_name_afpinfo, ok, done,
+				     "talloc_asprintf failed\n");
+
+	dst_name_afpinfo = talloc_asprintf(tmp_ctx, "%s%s", dst_name,
+					   AFPINFO_STREAM);
+	torture_assert_not_null_goto(torture, dst_name_afpinfo, ok, done,
+				     "talloc_asprintf failed\n");
+
+	info = torture_afpinfo_new(tmp_ctx);
+	torture_assert_not_null_goto(torture, info, ok, done,
+				     "torture_afpinfo_new failed\n");
+
+	memcpy(info->afpi_FinderInfo, type_creator, 8);
+	ok = torture_write_afpinfo(tree, torture, tmp_ctx, src_name, info);
+	torture_assert_goto(torture, ok == true, ok, done,
+			    "torture_write_afpinfo failed\n");
+
+	ok = test_setup_copy_chunk(torture, tree, tmp_ctx,
+				   1, /* 1 chunk */
+				   src_name_afpinfo,
+				   &src_h, 0,
+				   SEC_FILE_READ_DATA | SEC_FILE_WRITE_DATA,
+				   dst_name_afpinfo,
+				   &dest_h, 0,
+				   SEC_FILE_READ_DATA | SEC_FILE_WRITE_DATA,
+				   &cc_copy,
+				   &io);
+	torture_assert_goto(torture, ok == true, ok, done,
+			    "setup copy chunk error\n");
+
+	/* copy all src file data (via a single chunk desc) */
+	cc_copy.chunks[0].source_off = 0;
+	cc_copy.chunks[0].target_off = 0;
+	cc_copy.chunks[0].length = 60;
+
+	ndr_ret = ndr_push_struct_blob(
+		&io.smb2.in.out, tmp_ctx, &cc_copy,
+		(ndr_push_flags_fn_t)ndr_push_srv_copychunk_copy);
+
+	torture_assert_ndr_success_goto(torture, ndr_ret, ok, done,
+				   "ndr_push_srv_copychunk_copy\n");
+
+	status = smb2_ioctl(tree, tmp_ctx, &io.smb2);
+	torture_assert_ntstatus_ok_goto(torture, status, ok, done,
+					"FSCTL_SRV_COPYCHUNK\n");
+
+	ndr_ret = ndr_pull_struct_blob(
+		&io.smb2.out.out, tmp_ctx, &cc_rsp,
+		(ndr_pull_flags_fn_t)ndr_pull_srv_copychunk_rsp);
+
+	torture_assert_ndr_success_goto(torture, ndr_ret, ok, done,
+				   "ndr_pull_srv_copychunk_rsp\n");
+
+	smb2_util_close(tree, src_h);
+	ZERO_STRUCT(src_h);
+	smb2_util_close(tree, dest_h);
+	ZERO_STRUCT(dest_h);
+
+	ok = check_copy_chunk_rsp(torture, &cc_rsp,
+				  1,	/* chunks written */
+				  0,	/* chunk bytes unsuccessfully written */
+				  60); /* total bytes written */
+	torture_assert_goto(torture, ok == true, ok, done,
+			    "bad copy chunk response data\n");
+
+	ok = check_stream(tree, __location__, torture, tmp_ctx,
+			  dst_name, AFPINFO_STREAM,
+			  0, 60, 16, 8, type_creator);
+	torture_assert_goto(torture, ok == true, ok, done, "check_stream failed\n");
+
+done:
+	if (!smb2_util_handle_empty(src_h)) {
+		smb2_util_close(tree, src_h);
+	}
+	if (!smb2_util_handle_empty(dest_h)) {
+		smb2_util_close(tree, dest_h);
+	}
+
+	return ok;
+}
+
+static bool test_copy_chunk_streams(struct torture_context *torture,
+				    struct smb2_tree *tree)
+{
+	const char *src_name = "src";
+	const char *dst_name = "dst";
+	struct names {
+		const char *src_sname;
+		const char *dst_sname;
+	} names[] = {
+		{ "src:foo", "dst:foo" },
+		{ "src" AFPRESOURCE_STREAM, "dst" AFPRESOURCE_STREAM }
+	};
+	size_t i;
+	TALLOC_CTX *tmp_ctx = NULL;
+	bool ok = false;
+
+	tmp_ctx = talloc_new(tree);
+	torture_assert_not_null_goto(torture, tmp_ctx, ok, done,
+				     "torture_setup_file\n");
+
+	smb2_util_unlink(tree, src_name);
+	smb2_util_unlink(tree, dst_name);
+
+	ok = torture_setup_file(torture, tree, src_name, false);
+	torture_assert_goto(torture, ok == true, ok, done, "torture_setup_file\n");
+	ok = torture_setup_file(torture, tree, dst_name, false);
+	torture_assert_goto(torture, ok == true, ok, done, "torture_setup_file\n");
+
+	for (i = 0; i < ARRAY_SIZE(names); i++) {
+		ok = copy_one_stream(torture, tree, tmp_ctx,
+				     names[i].src_sname,
+				     names[i].dst_sname);
+		torture_assert_goto(torture, ok == true, ok, done,
+				    "copy_one_stream failed\n");
+	}
+
+	ok = copy_finderinfo_stream(torture, tree, tmp_ctx,
+				    src_name, dst_name);
+	torture_assert_goto(torture, ok == true, ok, done,
+			    "copy_finderinfo_stream failed\n");
+
+done:
+	smb2_util_unlink(tree, src_name);
+	smb2_util_unlink(tree, dst_name);
+	talloc_free(tmp_ctx);
+	return ok;
+}
+
+/*
+ * Ensure this security descriptor has exactly one mode, uid
+ * and gid.
+ */
+
+static NTSTATUS check_nfs_sd(const struct security_descriptor *psd)
+{
+	uint32_t i;
+	bool got_one_mode = false;
+	bool got_one_uid = false;
+	bool got_one_gid = false;
+
+	if (psd->dacl == NULL) {
+		return NT_STATUS_INVALID_SECURITY_DESCR;
+	}
+
+	for (i = 0; i < psd->dacl->num_aces; i++) {
+		if (dom_sid_compare_domain(&global_sid_Unix_NFS_Mode,
+					   &psd->dacl->aces[i].trustee) == 0) {
+			if (got_one_mode == true) {
+				/* Can't have more than one. */
+				return NT_STATUS_INVALID_SECURITY_DESCR;
+			}
+			got_one_mode = true;
+		}
+	}
+	for (i = 0; i < psd->dacl->num_aces; i++) {
+		if (dom_sid_compare_domain(&global_sid_Unix_NFS_Users,
+					   &psd->dacl->aces[i].trustee) == 0) {
+			if (got_one_uid == true) {
+				/* Can't have more than one. */
+				return NT_STATUS_INVALID_SECURITY_DESCR;
+			}
+			got_one_uid = true;
+		}
+	}
+	for (i = 0; i < psd->dacl->num_aces; i++) {
+		if (dom_sid_compare_domain(&global_sid_Unix_NFS_Groups,
+					   &psd->dacl->aces[i].trustee) == 0) {
+			if (got_one_gid == true) {
+				/* Can't have more than one. */
+				return NT_STATUS_INVALID_SECURITY_DESCR;
+			}
+			got_one_gid = true;
+		}
+	}
+	/* Must have at least one of each. */
+	if (got_one_mode == false ||
+			got_one_uid == false ||
+			got_one_gid == false) {
+		return NT_STATUS_INVALID_SECURITY_DESCR;
+	}
+	return NT_STATUS_OK;
+}
+
+static bool test_nfs_aces(struct torture_context *tctx,
+			  struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct security_ace ace;
+	struct dom_sid sid;
+	const char *fname = BASEDIR "\\nfs_aces.txt";
+	struct smb2_handle h = {{0}};
+	union smb_fileinfo finfo2;
+	union smb_setfileinfo set;
+	struct security_descriptor *psd = NULL;
+	NTSTATUS status;
+	bool ret = true;
+	bool is_osx = torture_setting_bool(tctx, "osx", false);
+
+	if (is_osx) {
+		torture_skip(tctx, "Test only works with Samba\n");
+	}
+
+	ret = enable_aapl(tctx, tree);
+	torture_assert(tctx, ret == true, "enable_aapl failed");
+
+	/* clean slate ...*/
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, fname);
+	smb2_deltree(tree, BASEDIR);
+
+	status = torture_smb2_testdir(tree, BASEDIR, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, h);
+
+	/* Create a test file. */
+	status = torture_smb2_testfile_access(tree,
+				fname,
+				&h,
+				SEC_STD_READ_CONTROL |
+				SEC_STD_WRITE_DAC |
+				SEC_RIGHTS_FILE_ALL);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Get the ACL. */
+	finfo2.query_secdesc.in.secinfo_flags =
+		SECINFO_OWNER |
+		SECINFO_GROUP |
+		SECINFO_DACL;
+	finfo2.generic.level = RAW_FILEINFO_SEC_DESC;
+	finfo2.generic.in.file.handle = h;
+	status = smb2_getinfo_file(tree, tctx, &finfo2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	psd = finfo2.query_secdesc.out.sd;
+
+	/* Ensure we have only single mode/uid/gid NFS entries. */
+	status = check_nfs_sd(psd);
+	if (!NT_STATUS_IS_OK(status)) {
+		NDR_PRINT_DEBUG(
+			security_descriptor,
+			discard_const_p(struct security_descriptor, psd));
+	}
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Add a couple of extra NFS uids and gids. */
+	sid_compose(&sid, &global_sid_Unix_NFS_Users, 27);
+	init_sec_ace(&ace, &sid, SEC_ACE_TYPE_ACCESS_DENIED, 0, 0);
+	status = security_descriptor_dacl_add(psd, &ace);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = security_descriptor_dacl_add(psd, &ace);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	sid_compose(&sid, &global_sid_Unix_NFS_Groups, 300);
+	init_sec_ace(&ace, &sid, SEC_ACE_TYPE_ACCESS_DENIED, 0, 0);
+	status = security_descriptor_dacl_add(psd, &ace);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = security_descriptor_dacl_add(psd, &ace);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Now set on the file handle. */
+	set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+	set.set_secdesc.in.file.handle = h;
+	set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+	set.set_secdesc.in.sd = psd;
+	status = smb2_setinfo_file(tree, &set);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* Get the ACL again. */
+	finfo2.query_secdesc.in.secinfo_flags =
+		SECINFO_OWNER |
+		SECINFO_GROUP |
+		SECINFO_DACL;
+	finfo2.generic.level = RAW_FILEINFO_SEC_DESC;
+	finfo2.generic.in.file.handle = h;
+	status = smb2_getinfo_file(tree, tctx, &finfo2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	psd = finfo2.query_secdesc.out.sd;
+
+	/* Ensure we have only single mode/uid/gid NFS entries. */
+	status = check_nfs_sd(psd);
+	if (!NT_STATUS_IS_OK(status)) {
+		NDR_PRINT_DEBUG(
+			security_descriptor,
+			discard_const_p(struct security_descriptor, psd));
+	}
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+done:
+	if (!smb2_util_handle_empty(h)) {
+		smb2_util_close(tree, h);
+	}
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, fname);
+	smb2_deltree(tree, BASEDIR);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+static bool test_setinfo_stream_eof(struct torture_context *tctx,
+				    struct smb2_tree *tree)
+{
+	bool ret = true;
+	NTSTATUS status;
+	struct smb2_create create;
+	union smb_setfileinfo sfinfo;
+	union smb_fileinfo finfo;
+	struct smb2_handle h1;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	const char *fname = BASEDIR "\\file";
+	const char *sname = BASEDIR "\\file:foo";
+
+	torture_assert_goto(tctx, mem_ctx != NULL, ret, done,
+			    "talloc_new failed\n");
+
+	ret = enable_aapl(tctx, tree);
+	torture_assert(tctx, ret == true, "enable_aapl failed");
+
+	torture_comment(tctx, "Test setting EOF on a stream\n");
+
+	smb2_deltree(tree, BASEDIR);
+	status = torture_smb2_testdir(tree, BASEDIR, &h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testdir\n");
+	smb2_util_close(tree, h1);
+
+	status = torture_smb2_testfile(tree, fname, &h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testfile failed\n");
+	smb2_util_close(tree, h1);
+
+	status = torture_smb2_testfile_access(tree, sname, &h1,
+					      SEC_FILE_WRITE_DATA);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testfile failed\n");
+
+	status = smb2_util_write(tree, h1, "1234567890", 0, 10);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_write failed\n");
+	smb2_util_close(tree, h1);
+
+	/*
+	 * Test setting EOF to 21
+	 */
+
+	torture_comment(tctx, "Setting stream EOF to 21\n");
+
+	status = torture_smb2_testfile_access(tree, sname, &h1,
+					      SEC_FILE_WRITE_DATA);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testfile failed\n");
+
+	ZERO_STRUCT(sfinfo);
+	sfinfo.generic.in.file.handle = h1;
+	sfinfo.generic.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
+	sfinfo.position_information.in.position = 21;
+	status = smb2_setinfo_file(tree, &sfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status,
+					ret, done, "set EOF 21 failed\n");
+
+	smb2_util_close(tree, h1);
+
+	status = torture_smb2_testfile_access(tree, sname, &h1,
+					      SEC_FILE_WRITE_DATA);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testfile failed\n");
+
+	ZERO_STRUCT(finfo);
+	finfo.generic.level = RAW_FILEINFO_STANDARD_INFORMATION;
+	finfo.generic.in.file.handle = h1;
+	status = smb2_getinfo_file(tree, mem_ctx, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed");
+
+	smb2_util_close(tree, h1);
+
+	torture_assert_goto(tctx, finfo.standard_info.out.size == 21,
+			    ret, done, "size != 21\n");
+
+	/*
+	 * Test setting EOF to 0
+	 */
+
+	torture_comment(tctx, "Setting stream EOF to 0\n");
+
+	status = torture_smb2_testfile_access(tree, sname, &h1,
+					      SEC_FILE_WRITE_DATA);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testfile failed\n");
+
+	ZERO_STRUCT(sfinfo);
+	sfinfo.generic.in.file.handle = h1;
+	sfinfo.generic.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
+	sfinfo.position_information.in.position = 0;
+	status = smb2_setinfo_file(tree, &sfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"set eof 0 failed\n");
+
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_FILE_READ_ATTRIBUTE;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.fname = sname;
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_equal_goto(
+		tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND, ret, done,
+		"Unexpected status\n");
+
+	smb2_util_close(tree, h1);
+
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_FILE_READ_ATTRIBUTE;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.fname = sname;
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_equal_goto(
+		tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND, ret, done,
+		"Unexpected status\n");
+
+	status = torture_smb2_testfile_access(tree, sname, &h1,
+					      SEC_FILE_WRITE_DATA);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testfile failed\n");
+
+	ZERO_STRUCT(finfo);
+	finfo.generic.level = RAW_FILEINFO_STANDARD_INFORMATION;
+	finfo.generic.in.file.handle = h1;
+	status = smb2_getinfo_file(tree, mem_ctx, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed\n");
+
+	smb2_util_close(tree, h1);
+
+	torture_assert_goto(tctx, finfo.standard_info.out.size == 0,
+			    ret, done, "size != 0\n");
+
+	/*
+	 * Test setinfo end-of-file info to 1
+	 */
+
+	torture_comment(tctx, "Setting stream EOF to 1\n");
+
+	status = torture_smb2_testfile_access(tree, sname, &h1,
+					      SEC_FILE_WRITE_DATA);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testfile failed\n");
+
+	ZERO_STRUCT(sfinfo);
+	sfinfo.generic.in.file.handle = h1;
+	sfinfo.generic.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
+	sfinfo.position_information.in.position = 1;
+	status = smb2_setinfo_file(tree, &sfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"set EOF 1 failed\n");
+
+	smb2_util_close(tree, h1);
+
+	status = torture_smb2_testfile_access(tree, sname, &h1,
+					      SEC_FILE_WRITE_DATA);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testfile failed\n");
+
+	ZERO_STRUCT(finfo);
+	finfo.generic.level = RAW_FILEINFO_STANDARD_INFORMATION;
+	finfo.generic.in.file.handle = h1;
+	status = smb2_getinfo_file(tree, mem_ctx, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_getinfo_file failed\n");
+
+	smb2_util_close(tree, h1);
+
+	torture_assert_goto(tctx, finfo.standard_info.out.size == 1,
+			    ret, done, "size != 1\n");
+
+	/*
+	 * Test setting EOF to 0 with AAPL enabled, should delete stream
+	 */
+
+	torture_comment(tctx, "Enabling AAPL extensions\n");
+
+	ret = enable_aapl(tctx, tree);
+	torture_assert(tctx, ret == true, "enable_aapl failed\n");
+
+	torture_comment(tctx, "Setting stream EOF to 0\n");
+	status = torture_smb2_testfile_access(tree, sname, &h1,
+					      SEC_FILE_WRITE_DATA);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testfile failed\n");
+
+	ZERO_STRUCT(sfinfo);
+	sfinfo.generic.in.file.handle = h1;
+	sfinfo.generic.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
+	sfinfo.position_information.in.position = 0;
+	status = smb2_setinfo_file(tree, &sfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"set eof 0 failed\n");
+
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_FILE_READ_ATTRIBUTE;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.fname = sname;
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_equal_goto(
+		tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND, ret, done,
+		"Unexpected status\n");
+
+	smb2_util_close(tree, h1);
+
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_FILE_READ_ATTRIBUTE;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.fname = sname;
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_equal_goto(
+		tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND, ret, done,
+		"Unexpected status\n");
+
+	torture_comment(
+		tctx, "Setting main file EOF to 1 to force 0-truncate\n");
+
+	status = torture_smb2_testfile_access(
+		tree,
+		fname,
+		&h1,
+		SEC_FILE_WRITE_DATA);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testfile failed\n");
+
+	ZERO_STRUCT(sfinfo);
+	sfinfo.generic.in.file.handle = h1;
+	sfinfo.generic.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
+	sfinfo.position_information.in.position = 1;
+	status = smb2_setinfo_file(tree, &sfinfo);
+        torture_assert_ntstatus_ok_goto(
+		tctx,
+		status,
+		ret,
+		done,
+		"set eof 1 failed\n");
+
+	sfinfo.position_information.in.position = 0;
+	status = smb2_setinfo_file(tree, &sfinfo);
+        torture_assert_ntstatus_ok_goto(
+		tctx,
+		status,
+		ret,
+		done,
+		"set eof 0 failed\n");
+
+        smb2_util_close(tree, h1);
+
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_FILE_READ_ATTRIBUTE;
+	create.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
+	create.in.fname = fname;
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testfile failed\n");
+	smb2_util_close(tree, h1);
+
+	torture_comment(tctx, "Writing to stream after setting EOF to 0\n");
+	status = torture_smb2_testfile_access(tree, sname, &h1,
+					      SEC_FILE_WRITE_DATA);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testfile failed\n");
+
+	status = smb2_util_write(tree, h1, "1234567890", 0, 10);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_write failed\n");
+
+	ZERO_STRUCT(sfinfo);
+	sfinfo.generic.in.file.handle = h1;
+	sfinfo.generic.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
+	sfinfo.position_information.in.position = 0;
+	status = smb2_setinfo_file(tree, &sfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"set eof 0 failed\n");
+
+	status = smb2_util_write(tree, h1, "1234567890", 0, 10);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_write failed\n");
+
+	smb2_util_close(tree, h1);
+
+done:
+	smb2_util_unlink(tree, fname);
+	smb2_util_rmdir(tree, BASEDIR);
+	return ret;
+}
+
+#define MAX_STREAMS 16
+
+struct tcase {
+	const char *name;
+	uint32_t access;
+	const char *write_data;
+	size_t write_size;
+	struct tcase_results {
+		size_t size;
+		NTSTATUS initial_status;
+		NTSTATUS final_status;
+		int num_streams_open_handle;
+		const char *streams_open_handle[MAX_STREAMS];
+		int num_streams_closed_handle;
+		const char *streams_closed_handle[MAX_STREAMS];
+	} create, write, overwrite, eof, doc;
+};
+
+typedef enum {T_CREATE, T_WRITE, T_OVERWRITE, T_EOF, T_DOC} subtcase_t;
+
+static bool test_empty_stream_do_checks(
+	struct torture_context *tctx,
+	struct smb2_tree *tree,
+	struct smb2_tree *tree2,
+	struct tcase *tcase,
+	TALLOC_CTX *mem_ctx,
+	struct smb2_handle baseh,
+	struct smb2_handle streamh,
+	subtcase_t subcase)
+{
+	bool ret = false;
+	NTSTATUS status;
+	struct smb2_handle h1;
+	union smb_fileinfo finfo;
+	struct tcase_results *tcase_results = NULL;
+
+	switch (subcase) {
+	case T_CREATE:
+		tcase_results = &tcase->create;
+		break;
+	case T_OVERWRITE:
+		tcase_results = &tcase->overwrite;
+		break;
+	case T_WRITE:
+		tcase_results = &tcase->write;
+		break;
+	case T_EOF:
+		tcase_results = &tcase->eof;
+		break;
+	case T_DOC:
+		tcase_results = &tcase->doc;
+		break;
+	}
+
+	finfo = (union smb_fileinfo) {
+		.generic.level = RAW_FILEINFO_STANDARD_INFORMATION,
+		.generic.in.file.handle = streamh,
+	};
+
+	/*
+	 * Test: check size, same client
+	 */
+
+	status = smb2_getinfo_file(tree, mem_ctx, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testfile failed\n");
+
+	torture_assert_int_equal_goto(tctx, finfo.standard_info.out.size,
+				      tcase_results->size,
+				      ret, done, "Wrong size\n");
+
+	/*
+	 * Test: open, same client
+	 */
+
+	status = torture_smb2_open(tree, tcase->name,
+				   SEC_FILE_READ_ATTRIBUTE, &h1);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+					   tcase_results->initial_status,
+					   ret, done,
+					   "smb2_create failed\n");
+	if (NT_STATUS_IS_OK(status)) {
+		status = smb2_util_close(tree, h1);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"smb2_util_close failed\n");
+	}
+
+	/*
+	 * Test: check streams, same client
+	 */
+
+	ret = check_stream_list_handle(tree, tctx, baseh,
+				       tcase_results->num_streams_open_handle,
+				       tcase_results->streams_open_handle,
+				       false);
+	torture_assert_goto(tctx, ret == true, ret, done, "Bad streams");
+
+	/*
+	 * Test: open, different client
+	 */
+
+	status = torture_smb2_open(tree2, tcase->name,
+				   SEC_FILE_READ_ATTRIBUTE, &h1);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+					   tcase_results->initial_status,
+					   ret, done,
+					   "smb2_create failed\n");
+	if (NT_STATUS_IS_OK(status)) {
+		finfo = (union smb_fileinfo) {
+			.generic.level = RAW_FILEINFO_STANDARD_INFORMATION,
+			.generic.in.file.handle = h1,
+		};
+
+		/*
+		 * Test: check size, different client
+		 */
+
+		status = smb2_getinfo_file(tree2, mem_ctx, &finfo);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"smb2_getinfo_file failed\n");
+
+		torture_assert_int_equal_goto(tctx, finfo.standard_info.out.size,
+					      tcase_results->size,
+					      ret, done, "Wrong size\n");
+
+		/*
+		 * Test: check streams, different client
+		 */
+
+		ret = check_stream_list(tree2, tctx, BASEDIR "\\file",
+					tcase_results->num_streams_open_handle,
+					tcase_results->streams_open_handle,
+					false);
+		torture_assert_goto(tctx, ret == true, ret, done, "Bad streams");
+
+		status = smb2_util_close(tree2, h1);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"smb2_util_close failed\n");
+	}
+
+	status = smb2_util_close(tree, streamh);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_close failed\n");
+
+	/*
+	 * Test: open after close, same client
+	 */
+
+	status = torture_smb2_open(tree, tcase->name,
+				   SEC_FILE_READ_DATA, &h1);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+					   tcase_results->final_status,
+					   ret, done,
+					   "smb2_create failed\n");
+	if (NT_STATUS_IS_OK(status)) {
+		status = smb2_util_close(tree, h1);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"smb2_util_close failed\n");
+	}
+
+	/*
+	 * Test: open after close, different client
+	 */
+
+	status = torture_smb2_open(tree2, tcase->name,
+				   SEC_FILE_READ_DATA, &h1);
+	torture_assert_ntstatus_equal_goto(tctx, status,
+					   tcase_results->final_status,
+					   ret, done,
+					   "smb2_create failed\n");
+	if (NT_STATUS_IS_OK(status)) {
+		status = smb2_util_close(tree2, h1);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"smb2_util_close failed\n");
+	}
+
+	/*
+	 * Test: check streams after close, same client
+	 */
+
+	ret = check_stream_list_handle(tree, tctx, baseh,
+				       tcase_results->num_streams_closed_handle,
+				       tcase_results->streams_closed_handle,
+				       false);
+	torture_assert_goto(tctx, ret == true, ret, done, "Bad streams");
+
+	ret = true;
+
+done:
+	smb2_util_close(tree, streamh);
+	smb2_util_close(tree, baseh);
+	return ret;
+}
+
+static bool test_empty_stream_do_one(
+	struct torture_context *tctx,
+	struct smb2_tree *tree,
+	struct smb2_tree *tree2,
+	struct tcase *tcase)
+{
+	bool ret = false;
+	NTSTATUS status;
+	struct smb2_handle baseh = {{0}};
+	struct smb2_handle streamh;
+	struct smb2_create create;
+	union smb_setfileinfo sfinfo;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+
+	torture_comment(tctx, "Testing stream [%s]\n", tcase->name);
+
+	torture_assert_goto(tctx, mem_ctx != NULL, ret, done, "talloc_new\n");
+
+	/*
+	 * Subtest: create
+	 */
+	torture_comment(tctx, "Subtest: T_CREATE\n");
+
+	status = smb2_util_unlink(tree, BASEDIR "\\file");
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_unlink failed\n");
+
+	status = torture_smb2_testfile_access(tree, BASEDIR "\\file",
+					      &baseh, SEC_FILE_ALL);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testfile_access failed\n");
+
+	status = torture_smb2_testfile_access(tree, tcase->name, &streamh,
+					      tcase->access);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testfile_access failed\n");
+
+	ret = test_empty_stream_do_checks(tctx, tree, tree2, tcase,
+					  mem_ctx, baseh, streamh, T_CREATE);
+	torture_assert_goto(tctx, ret, ret, done, "test failed\n");
+
+	if (!(tcase->access & SEC_FILE_WRITE_DATA)) {
+		/*
+		 * All subsequent tests require write access
+		 */
+		ret = true;
+		goto done;
+	}
+
+	/*
+	 * Subtest: create and write
+	 */
+	torture_comment(tctx, "Subtest: T_WRITE\n");
+
+	status = smb2_util_unlink(tree, BASEDIR "\\file");
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_unlink failed\n");
+
+	status = torture_smb2_testfile_access(tree, BASEDIR "\\file",
+					      &baseh, SEC_FILE_ALL);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testfile_access failed\n");
+
+	status = torture_smb2_testfile_access(tree, tcase->name, &streamh,
+					      tcase->access);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testfile_access failed\n");
+
+	status = smb2_util_write(tree, streamh, tcase->write_data, 0,
+				 tcase->write_size);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_open failed\n");
+
+	ret = test_empty_stream_do_checks(tctx, tree, tree2, tcase,
+					  mem_ctx, baseh, streamh, T_WRITE);
+	torture_assert_goto(tctx, ret, ret, done, "test failed\n");
+
+	/*
+	 * Subtest: overwrite
+	 */
+	torture_comment(tctx, "Subtest: T_OVERWRITE\n");
+
+	status = smb2_util_unlink(tree, BASEDIR "\\file");
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_unlink failed\n");
+
+	status = torture_smb2_testfile_access(tree, BASEDIR "\\file",
+					      &baseh, SEC_FILE_ALL);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testfile_access failed\n");
+
+	create = (struct smb2_create) {
+		.in.desired_access = SEC_FILE_ALL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF,
+		.in.fname = tcase->name,
+	};
+
+	status = smb2_create(tree, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testfile failed\n");
+	streamh = create.out.file.handle;
+
+	ret = test_empty_stream_do_checks(tctx, tree, tree2, tcase,
+					  mem_ctx, baseh, streamh, T_OVERWRITE);
+	torture_assert_goto(tctx, ret, ret, done, "test failed\n");
+
+	/*
+	 * Subtest: setinfo EOF 0
+	 */
+	torture_comment(tctx, "Subtest: T_EOF\n");
+
+	status = smb2_util_unlink(tree, BASEDIR "\\file");
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_unlink failed\n");
+
+	status = torture_smb2_testfile_access(tree, BASEDIR "\\file",
+					      &baseh, SEC_FILE_ALL);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testfile_access failed\n");
+
+	status = torture_smb2_testfile_access(tree, tcase->name, &streamh,
+					      tcase->access);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testfile_access failed\n");
+
+	status = smb2_util_write(tree, streamh, tcase->write_data, 0,
+				 tcase->write_size);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_open failed\n");
+
+	sfinfo = (union smb_setfileinfo) {
+		.end_of_file_info.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION,
+		.end_of_file_info.in.file.handle = streamh,
+		.end_of_file_info.in.size = 0,
+	};
+	status = smb2_setinfo_file(tree, &sfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"set eof 0 failed\n");
+
+	ret = test_empty_stream_do_checks(tctx, tree, tree2, tcase,
+					  mem_ctx, baseh, streamh, T_EOF);
+	torture_assert_goto(tctx, ret, ret, done, "test failed\n");
+
+	/*
+	 * Subtest: delete-on-close
+	 */
+	torture_comment(tctx, "Subtest: T_DOC\n");
+
+	status = smb2_util_unlink(tree, BASEDIR "\\file");
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_unlink failed\n");
+
+	status = torture_smb2_testfile_access(tree, BASEDIR "\\file",
+					      &baseh, SEC_FILE_ALL);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testfile_access failed\n");
+
+	status = torture_smb2_testfile_access(tree, tcase->name, &streamh,
+					      tcase->access);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testfile_access failed\n");
+
+	status = smb2_util_write(tree, streamh, tcase->write_data, 0,
+				 tcase->write_size);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_open failed\n");
+
+	sfinfo = (union smb_setfileinfo) {
+		.disposition_info.level = RAW_SFILEINFO_DISPOSITION_INFORMATION,
+		.disposition_info.in.file.handle = streamh,
+		.disposition_info.in.delete_on_close = true,
+	};
+	status = smb2_setinfo_file(tree, &sfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"set eof 0 failed\n");
+
+	ret = test_empty_stream_do_checks(tctx, tree, tree2, tcase,
+					  mem_ctx, baseh, streamh,
+					  T_DOC);
+	torture_assert_goto(tctx, ret, ret, done, "test failed\n");
+
+	ret = true;
+
+done:
+	smb2_util_close(tree, baseh);
+	TALLOC_FREE(mem_ctx);
+	return ret;
+}
+
+static bool test_empty_stream(struct torture_context *tctx,
+			      struct smb2_tree *tree)
+{
+	struct smb2_tree *tree2 = NULL;
+	struct tcase *tcase = NULL;
+	const char *fname = BASEDIR "\\file";
+	struct smb2_handle h1;
+	bool ret = true;
+	NTSTATUS status;
+	AfpInfo ai = (AfpInfo) {
+		.afpi_Signature = AFP_Signature,
+		.afpi_Version = AFP_Version,
+		.afpi_BackupTime = AFP_BackupTime,
+		.afpi_FinderInfo = "FOO BAR ",
+	};
+	char *ai_blob = torture_afpinfo_pack(tctx, &ai);
+	struct tcase tcase_afpinfo_ro = (struct tcase) {
+		.name = BASEDIR "\\file" AFPINFO_STREAM,
+		.access = SEC_FILE_READ_DATA|SEC_FILE_READ_ATTRIBUTE,
+		.create = {
+			.size = 60,
+			.initial_status = NT_STATUS_OBJECT_NAME_NOT_FOUND,
+			.final_status = NT_STATUS_OBJECT_NAME_NOT_FOUND,
+			.num_streams_open_handle = 1,
+			.num_streams_closed_handle = 1,
+			.streams_open_handle = {"::$DATA"},
+			.streams_closed_handle = {"::$DATA"},
+		},
+	};
+	struct tcase tcase_afpinfo_rw = (struct tcase) {
+		.name = BASEDIR "\\file" AFPINFO_STREAM,
+		.access = SEC_FILE_READ_DATA|SEC_FILE_READ_ATTRIBUTE|SEC_FILE_WRITE_DATA|SEC_STD_DELETE,
+		.write_data = ai_blob,
+		.write_size = AFP_INFO_SIZE,
+		.create = {
+			.size = 60,
+			.initial_status = NT_STATUS_OBJECT_NAME_NOT_FOUND,
+			.final_status = NT_STATUS_OBJECT_NAME_NOT_FOUND,
+			.num_streams_open_handle = 1,
+			.num_streams_closed_handle = 1,
+			.streams_open_handle = {"::$DATA"},
+			.streams_closed_handle = {"::$DATA"},
+		},
+		.write = {
+			.size = 60,
+			.initial_status = NT_STATUS_OK,
+			.final_status = NT_STATUS_OK,
+			.num_streams_open_handle = 2,
+			.num_streams_closed_handle = 2,
+			.streams_open_handle = {"::$DATA", AFPINFO_STREAM},
+			.streams_closed_handle = {"::$DATA", AFPINFO_STREAM},
+		},
+		.overwrite = {
+			.size = 60,
+			.initial_status = NT_STATUS_OBJECT_NAME_NOT_FOUND,
+			.final_status = NT_STATUS_OBJECT_NAME_NOT_FOUND,
+			.num_streams_open_handle = 1,
+			.num_streams_closed_handle = 1,
+			.streams_open_handle = {"::$DATA"},
+			.streams_closed_handle = {"::$DATA"},
+		},
+		.eof = {
+			.size = 60,
+			.initial_status = NT_STATUS_OK,
+			.final_status = NT_STATUS_OK,
+			.num_streams_open_handle = 2,
+			.num_streams_closed_handle = 2,
+			.streams_open_handle = {"::$DATA", AFPINFO_STREAM},
+			.streams_closed_handle = {"::$DATA", AFPINFO_STREAM},
+		},
+		.doc = {
+			.size = 60,
+			.initial_status = NT_STATUS_DELETE_PENDING,
+			.final_status = NT_STATUS_OBJECT_NAME_NOT_FOUND,
+			.num_streams_open_handle = 2,
+			.num_streams_closed_handle = 1,
+			.streams_open_handle = {"::$DATA", AFPINFO_STREAM},
+			.streams_closed_handle = {"::$DATA"},
+		},
+	};
+
+	struct tcase tcase_afpresource_ro = (struct tcase) {
+		.name = BASEDIR "\\file" AFPRESOURCE_STREAM,
+		.access = SEC_FILE_READ_DATA|SEC_FILE_READ_ATTRIBUTE,
+		.create = {
+			.size = 0,
+			.initial_status = NT_STATUS_OBJECT_NAME_NOT_FOUND,
+			.final_status = NT_STATUS_OBJECT_NAME_NOT_FOUND,
+			.num_streams_open_handle = 1,
+			.num_streams_closed_handle = 1,
+			.streams_open_handle = {"::$DATA"},
+			.streams_closed_handle = {"::$DATA"},
+		},
+	};
+	struct tcase tcase_afpresource_rw = (struct tcase) {
+		.name = BASEDIR "\\file" AFPRESOURCE_STREAM,
+		.access = SEC_FILE_READ_DATA|SEC_FILE_READ_ATTRIBUTE|SEC_FILE_WRITE_DATA|SEC_STD_DELETE,
+		.write_data = "foo",
+		.write_size = 3,
+		.create = {
+			.size = 0,
+			.initial_status = NT_STATUS_OBJECT_NAME_NOT_FOUND,
+			.final_status = NT_STATUS_OBJECT_NAME_NOT_FOUND,
+			.num_streams_open_handle = 1,
+			.num_streams_closed_handle = 1,
+			.streams_open_handle = {"::$DATA"},
+			.streams_closed_handle = {"::$DATA"},
+		},
+		.write = {
+			.size = 3,
+			.initial_status = NT_STATUS_OK,
+			.final_status = NT_STATUS_OK,
+			.num_streams_open_handle = 2,
+			.num_streams_closed_handle = 2,
+			.streams_open_handle = {"::$DATA", AFPRESOURCE_STREAM},
+			.streams_closed_handle = {"::$DATA", AFPRESOURCE_STREAM},
+		},
+		.overwrite = {
+			.size = 0,
+			.initial_status = NT_STATUS_OBJECT_NAME_NOT_FOUND,
+			.final_status = NT_STATUS_OBJECT_NAME_NOT_FOUND,
+			.num_streams_open_handle = 1,
+			.num_streams_closed_handle = 1,
+			.streams_open_handle = {"::$DATA"},
+			.streams_closed_handle = {"::$DATA"},
+		},
+		.eof = {
+			.size = 0,
+			.initial_status = NT_STATUS_OBJECT_NAME_NOT_FOUND,
+			.final_status = NT_STATUS_OBJECT_NAME_NOT_FOUND,
+			.num_streams_open_handle = 1,
+			.num_streams_closed_handle = 1,
+			.streams_open_handle = {"::$DATA"},
+			.streams_closed_handle = {"::$DATA"},
+		},
+		.doc = {
+			.size = 3,
+			.initial_status = NT_STATUS_DELETE_PENDING,
+			.final_status = NT_STATUS_OK,
+			.num_streams_open_handle = 2,
+			.num_streams_closed_handle = 2,
+			.streams_open_handle = {"::$DATA", AFPRESOURCE_STREAM},
+			.streams_closed_handle = {"::$DATA", AFPRESOURCE_STREAM},
+		},
+	};
+
+	struct tcase tcase_foo_ro = (struct tcase) {
+		.name = BASEDIR "\\file:foo",
+		.access = SEC_FILE_READ_DATA|SEC_FILE_READ_ATTRIBUTE,
+		.write_data = "foo",
+		.write_size = 3,
+		.create = {
+			.size = 0,
+			.initial_status = NT_STATUS_OBJECT_NAME_NOT_FOUND,
+			.final_status = NT_STATUS_OBJECT_NAME_NOT_FOUND,
+			.num_streams_open_handle = 1,
+			.num_streams_closed_handle = 1,
+			.streams_open_handle = {"::$DATA"},
+			.streams_closed_handle = {"::$DATA"},
+		},
+	};
+
+	struct tcase tcase_foo_rw = (struct tcase) {
+		.name = BASEDIR "\\file:foo",
+		.access = SEC_FILE_READ_DATA|SEC_FILE_READ_ATTRIBUTE|SEC_FILE_WRITE_DATA|SEC_STD_DELETE,
+		.write_data = "foo",
+		.write_size = 3,
+		.create = {
+			.size = 0,
+			.initial_status = NT_STATUS_OBJECT_NAME_NOT_FOUND,
+			.final_status = NT_STATUS_OBJECT_NAME_NOT_FOUND,
+			.num_streams_open_handle = 1,
+			.num_streams_closed_handle = 1,
+			.streams_open_handle = {"::$DATA"},
+			.streams_closed_handle = {"::$DATA"},
+		},
+		.write = {
+			.size = 3,
+			.initial_status = NT_STATUS_OK,
+			.final_status = NT_STATUS_OK,
+			.num_streams_open_handle = 2,
+			.num_streams_closed_handle = 2,
+			.streams_open_handle = {"::$DATA", ":foo:$DATA"},
+			.streams_closed_handle = {"::$DATA", ":foo:$DATA"},
+		},
+		.overwrite = {
+			.size = 0,
+			.initial_status = NT_STATUS_OBJECT_NAME_NOT_FOUND,
+			.final_status = NT_STATUS_OBJECT_NAME_NOT_FOUND,
+			.num_streams_open_handle = 1,
+			.num_streams_closed_handle = 1,
+			.streams_open_handle = {"::$DATA"},
+			.streams_closed_handle = {"::$DATA"},
+		},
+		.eof = {
+			.size = 0,
+			.initial_status = NT_STATUS_OBJECT_NAME_NOT_FOUND,
+			.final_status = NT_STATUS_OBJECT_NAME_NOT_FOUND,
+			.num_streams_open_handle = 1,
+			.num_streams_closed_handle = 1,
+			.streams_open_handle = {"::$DATA"},
+			.streams_closed_handle = {"::$DATA"},
+		},
+		.doc = {
+			.size = 3,
+			.initial_status = NT_STATUS_DELETE_PENDING,
+			.final_status = NT_STATUS_OBJECT_NAME_NOT_FOUND,
+			.num_streams_open_handle = 2,
+			.num_streams_closed_handle = 1,
+			.streams_open_handle = {"::$DATA", ":foo:$DATA"},
+			.streams_closed_handle = {"::$DATA"},
+		},
+	};
+
+	struct tcase tcases[] = {
+		tcase_afpinfo_ro,
+		tcase_afpinfo_rw,
+		tcase_afpresource_ro,
+		tcase_afpresource_rw,
+		tcase_foo_ro,
+		tcase_foo_rw,
+		{0}
+	};
+
+	ret = torture_smb2_connection(tctx, &tree2);
+	torture_assert_goto(tctx, ret == true, ret, done,
+			    "torture_smb2_connection failed\n");
+
+	ret = enable_aapl(tctx, tree);
+	torture_assert(tctx, ret == true, "enable_aapl failed\n");
+
+	ret = enable_aapl(tctx, tree2);
+	torture_assert(tctx, ret == true, "enable_aapl failed\n");
+
+	smb2_deltree(tree, BASEDIR);
+
+	status = torture_smb2_testdir(tree, BASEDIR, &h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testdir\n");
+	smb2_util_close(tree, h1);
+
+	for (tcase = &tcases[0]; tcase->name != NULL; tcase++) {
+		ret = torture_setup_file(tctx, tree, fname, false);
+		torture_assert_goto(tctx, ret == true, ret, done,
+				    "torture_setup_file failed\n");
+
+		ret = test_empty_stream_do_one(tctx, tree, tree2, tcase);
+		torture_assert_goto(tctx, ret == true, ret, done,
+				    "subtest failed\n");
+
+		status = smb2_util_unlink(tree, fname);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"smb2_util_unlink failed\n");
+	}
+
+done:
+	smb2_deltree(tree, BASEDIR);
+	TALLOC_FREE(tree2);
+	return ret;
+}
+
+/*
+-------------------------------------------------------------------------------
+MagicNumber: 00051607                                        : AppleDouble
+Version    : 00020000                                        : Version 2
+Filler     : 4D 61 63 20 4F 53 20 58 20 20 20 20 20 20 20 20 : Mac OS X
+Num. of ent: 0002                                            : 2
+
+-------------------------------------------------------------------------------
+Entry ID   : 00000009 : Finder Info
+Offset     : 00000032 : 50
+Length     : 00000EB0 : 3760
+
+-DInfo-----:
+Rect top   : 0000     : 0
+Rect left  : 0000     : 0
+Rect bottom: 0000     : 0
+Rect right : 0000     : 0
+isAlias    : 0
+Invisible  : 0
+hasBundle  : 0
+nameLocked : 0
+Stationery : 0
+CustomIcon : 0
+Reserved   : 0
+Inited     : 1
+NoINITS    : 0
+Shared     : 0
+SwitchLaunc: 0
+Hidden Ext : 0
+color      : 000      : none
+isOnDesk   : 0
+Location v : 0000     : 0
+Location h : 0000     : 0
+View       : 0000     : ..
+
+-DXInfo----:
+Scroll v   : 0000     : 0
+Scroll h   : 0000     : 0
+Rsvd|OpnChn: 00000000 : 0
+AreInvalid : 0
+unknown bit: 0
+unknown bit: 0
+unknown bit: 0
+unknown bit: 0
+unknown bit: 0
+unknown bit: 0
+CustomBadge: 0
+ObjctIsBusy: 0
+unknown bit: 0
+unknown bit: 0
+unknown bit: 0
+unknown bit: 0
+RoutingInfo: 0
+unknown bit: 0
+unknown bit: 0
+Comment    : 0000     : ..
+PutAway    : 00000000 : 0
+
+-EA--------:
+pad        : 0000     : ..
+magic      : 41545452 : ATTR
+debug_tag  : 0081714C : 8483148
+total_size : 00000EE2 : 3810
+data_start : 00000098 : 152
+data_length: 00000039 : 57
+reserved[0]: 00000000 : ....
+reserved[1]: 00000000 : ....
+reserved[2]: 00000000 : ....
+flags      : 0000     : ..
+num_attrs  : 0001     : 1
+-EA ENTRY--:
+offset     : 00000098 : 152
+length     : 00000039 : 57
+flags      : 0000     : ..
+namelen    : 15       : 21
+-EA NAME---:  0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F : (ASCII)
+00000000   : 63 6F 6D 2E 61 70 70 6C 65 2E 71 75 61 72 61 6E : com.apple.quaran
+00000010   : 74 69 6E 65 00                                  : tine.
+-EA VALUE--:  0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F : (ASCII)
+00000000   : 30 30 38 31 3B 36 32 65 61 33 37 66 64 3B 43 68 : 0081;62ea37fd;Ch
+00000010   : 72 6F 6D 65 3B 42 35 39 46 42 39 45 44 2D 35 41 : rome;B59FB9ED-5A
+00000020   : 32 39 2D 34 45 35 42 2D 38 35 36 43 2D 37 45 44 : 29-4E5B-856C-7ED
+00000030   : 30 45 46 45 41 37 30 41 43                      : 0EFEA70AC
+
+-RAW DUMP--:  0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F : (ASCII)
+00000000   : 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 : ................
+00000010   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000020   : 00 00 41 54 54 52 00 81 71 4C 00 00 0E E2 00 00 : ..ATTR..qL......
+00000030   : 00 98 00 00 00 39 00 00 00 00 00 00 00 00 00 00 : .....9..........
+00000040   : 00 00 00 00 00 01 00 00 00 98 00 00 00 39 00 00 : .............9..
+00000050   : 15 63 6F 6D 2E 61 70 70 6C 65 2E 71 75 61 72 61 : .com.apple.quara
+00000060   : 6E 74 69 6E 65 00 30 30 38 31 3B 36 32 65 61 33 : ntine.0081;62ea3
+00000070   : 37 66 64 3B 43 68 72 6F 6D 65 3B 42 35 39 46 42 : 7fd;Chrome;B59FB
+00000080   : 39 45 44 2D 35 41 32 39 2D 34 45 35 42 2D 38 35 : 9ED-5A29-4E5B-85
+00000090   : 36 43 2D 37 45 44 30 45 46 45 41 37 30 41 43 00 : 6C-7ED0EFEA70AC.
+000000A0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000000B0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000000C0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000000D0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000000E0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000000F0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000100   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000110   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000120   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000130   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000140   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000150   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000160   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000170   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000180   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000190   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000001A0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000001B0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000001C0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000001D0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000001E0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000001F0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000200   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000210   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000220   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000230   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000240   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000250   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000260   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000270   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000280   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000290   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000002A0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000002B0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000002C0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000002D0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000002E0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000002F0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000300   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000310   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000320   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000330   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000340   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000350   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000360   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000370   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000380   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000390   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000003A0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000003B0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000003C0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000003D0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000003E0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000003F0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000400   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000410   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000420   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000430   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000440   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000450   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000460   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000470   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000480   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000490   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000004A0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000004B0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000004C0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000004D0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000004E0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000004F0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000500   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000510   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000520   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000530   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000540   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000550   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000560   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000570   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000580   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000590   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000005A0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000005B0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000005C0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000005D0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000005E0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000005F0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000600   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000610   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000620   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000630   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000640   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000650   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000660   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000670   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000680   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000690   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000006A0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000006B0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000006C0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000006D0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000006E0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000006F0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000700   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000710   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000720   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000730   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000740   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000750   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000760   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000770   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000780   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000790   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000007A0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000007B0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000007C0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000007D0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000007E0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000007F0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000800   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000810   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000820   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000830   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000840   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000850   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000860   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000870   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000880   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000890   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000008A0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000008B0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000008C0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000008D0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000008E0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000008F0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000900   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000910   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000920   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000930   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000940   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000950   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000960   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000970   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000980   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000990   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000009A0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000009B0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000009C0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000009D0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000009E0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000009F0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000A00   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000A10   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000A20   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000A30   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000A40   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000A50   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000A60   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000A70   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000A80   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000A90   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000AA0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000AB0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000AC0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000AD0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000AE0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000AF0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000B00   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000B10   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000B20   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000B30   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000B40   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000B50   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000B60   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000B70   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000B80   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000B90   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000BA0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000BB0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000BC0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000BD0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000BE0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000BF0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000C00   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000C10   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000C20   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000C30   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000C40   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000C50   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000C60   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000C70   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000C80   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000C90   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000CA0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000CB0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000CC0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000CD0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000CE0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000CF0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000D00   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000D10   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000D20   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000D30   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000D40   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000D50   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000D60   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000D70   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000D80   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000D90   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000DA0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000DB0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000DC0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000DD0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000DE0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000DF0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000E00   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000E10   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000E20   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000E30   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000E40   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000E50   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000E60   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000E70   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000E80   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000E90   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000EA0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+
+-------------------------------------------------------------------------------
+Entry ID   : 00000002 : Resource Fork
+Offset     : 00000EE2 : 3810
+Length     : 0000011E : 286
+
+-RAW DUMP--:  0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F : (ASCII)
+00000000   : 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 1E : ................
+00000010   : 54 68 69 73 20 72 65 73 6F 75 72 63 65 20 66 6F : This resource fo
+00000020   : 72 6B 20 69 6E 74 65 6E 74 69 6F 6E 61 6C 6C 79 : rk intentionally
+00000030   : 20 6C 65 66 74 20 62 6C 61 6E 6B 20 20 20 00 00 :  left blank   ..
+00000040   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000050   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000060   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000070   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000080   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000090   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000000A0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000000B0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000000C0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000000D0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000000E0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000000F0   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000100   : 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 1E : ................
+00000110   : 00 00 00 00 00 00 00 00 00 1C 00 1E FF FF       : ..............
+*/
+
+static char osx_adouble_dir_w_xattr[] = {
+	0x00, 0x05, 0x16, 0x07, 0x00, 0x02, 0x00, 0x00,
+	0x4d, 0x61, 0x63, 0x20, 0x4f, 0x53, 0x20, 0x58,
+	0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+	0x00, 0x02, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00,
+	0x00, 0x32, 0x00, 0x00, 0x0e, 0xb0, 0x00, 0x00,
+	0x00, 0x02, 0x00, 0x00, 0x0e, 0xe2, 0x00, 0x00,
+	0x01, 0x1e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x41, 0x54, 0x54, 0x52,
+	0x00, 0x81, 0x71, 0x4c, 0x00, 0x00, 0x0e, 0xe2,
+	0x00, 0x00, 0x00, 0x98, 0x00, 0x00, 0x00, 0x39,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+	0x00, 0x00, 0x00, 0x98, 0x00, 0x00, 0x00, 0x39,
+	0x00, 0x00, 0x15, 0x63, 0x6f, 0x6d, 0x2e, 0x61,
+	0x70, 0x70, 0x6c, 0x65, 0x2e, 0x71, 0x75, 0x61,
+	0x72, 0x61, 0x6e, 0x74, 0x69, 0x6e, 0x65, 0x00,
+	0x30, 0x30, 0x38, 0x31, 0x3b, 0x36, 0x32, 0x65,
+	0x61, 0x33, 0x37, 0x66, 0x64, 0x3b, 0x43, 0x68,
+	0x72, 0x6f, 0x6d, 0x65, 0x3b, 0x42, 0x35, 0x39,
+	0x46, 0x42, 0x39, 0x45, 0x44, 0x2d, 0x35, 0x41,
+	0x32, 0x39, 0x2d, 0x34, 0x45, 0x35, 0x42, 0x2d,
+	0x38, 0x35, 0x36, 0x43, 0x2d, 0x37, 0x45, 0x44,
+	0x30, 0x45, 0x46, 0x45, 0x41, 0x37, 0x30, 0x41,
+	0x43, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x1e, 0x54, 0x68, 0x69, 0x73, 0x20, 0x72,
+	0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x20,
+	0x66, 0x6f, 0x72, 0x6b, 0x20, 0x69, 0x6e, 0x74,
+	0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c,
+	0x6c, 0x79, 0x20, 0x6c, 0x65, 0x66, 0x74, 0x20,
+	0x62, 0x6c, 0x61, 0x6e, 0x6b, 0x20, 0x20, 0x20,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x1e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x1c, 0x00, 0x1e, 0xff, 0xff
+};
+
+static bool test_delete_trigger_convert_sharing_violation(
+	struct torture_context *tctx,
+	struct smb2_tree *tree1)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	const char *dirname = BASEDIR "\\dir";
+	const char *adname = BASEDIR "\\._dir";
+	struct smb2_handle testdirh;
+	struct smb2_create create;
+	AfpInfo *info = NULL;
+	bool ret = true;
+	NTSTATUS status;
+
+	smb2_deltree(tree1, BASEDIR);
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &testdirh);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testdir failed\n");
+	smb2_util_close(tree1, testdirh);
+
+	status = torture_smb2_testdir(tree1, dirname, &testdirh);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testdir failed\n");
+	smb2_util_close(tree1, testdirh);
+
+	ret = torture_setup_file(tctx, tree1, adname, false);
+	torture_assert_goto(tctx, ret == true, ret, done,
+			    "torture_setup_file failed\n");
+
+	ret = write_stream(tree1, __location__, tctx, mem_ctx,
+			   adname, NULL, 0,
+			   sizeof(osx_adouble_dir_w_xattr),
+			   osx_adouble_dir_w_xattr);
+	torture_assert_goto(tctx, ret == true, ret, done,
+			    "write_stream failed\n");
+
+	/*
+	 * 1) Create a non-empty AFP_AfpInfo stream
+	 */
+
+	info = torture_afpinfo_new(mem_ctx);
+	torture_assert_goto(tctx, info != NULL, ret, done, "torture_afpinfo_new failed");
+
+	/* Set "Inited" flag (any other would do too) */
+	info->afpi_FinderInfo[8] = 0x01;
+
+	ret = torture_write_afpinfo(tree1, tctx, mem_ctx, dirname, info);
+	torture_assert_goto(tctx, ret == true, ret, done, "torture_write_afpinfo failed");
+
+	ret = write_stream(tree1, __location__, tctx, mem_ctx,
+			   adname, NULL, 0,
+			   sizeof(osx_adouble_dir_w_xattr),
+			   osx_adouble_dir_w_xattr);
+	torture_assert_goto(tctx, ret == true, ret, done,
+			    "write_stream failed\n");
+
+	/*
+	 * 2) Create a second stream
+	 */
+
+	ret = write_stream(tree1, __location__, tctx, mem_ctx,
+			   dirname, ":org.samba.boom", 0,
+			   strlen("boom"),
+			   "boom");
+	torture_assert_goto(tctx, ret == true, ret, done,
+			    "write_stream failed\n");
+
+	create = (struct smb2_create) {
+		.in.desired_access = SEC_STD_DELETE,
+		.in.create_options = NTCREATEX_OPTIONS_DIRECTORY,
+		.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_READ,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS,
+		.in.fname = dirname,
+	};
+
+	status = smb2_create(tree1, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+
+	status = smb2_util_close(tree1, create.out.file.handle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_close failed");
+
+done:
+	smb2_deltree(tree1, BASEDIR);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+/*
+ * Note: This test depends on "vfs objects = catia fruit streams_xattr".  For
+ * some tests torture must be run on the host it tests and takes an additional
+ * argument with the local path to the share:
+ * "--option=torture:localdir=<SHAREPATH>".
+ *
+ * When running against an OS X SMB server add "--option=torture:osx=true"
+ */
+struct torture_suite *torture_vfs_fruit(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(
+		ctx, "fruit");
+
+	suite->description = talloc_strdup(suite, "vfs_fruit tests");
+
+	torture_suite_add_1smb2_test(suite, "copyfile", test_copyfile);
+	torture_suite_add_1smb2_test(suite, "read metadata", test_read_afpinfo);
+	torture_suite_add_1smb2_test(suite, "write metadata", test_write_atalk_metadata);
+	torture_suite_add_1smb2_test(suite, "resource fork IO", test_write_atalk_rfork_io);
+	torture_suite_add_1smb2_test(suite, "SMB2/CREATE context AAPL", test_aapl);
+	torture_suite_add_1smb2_test(suite, "stream names", test_stream_names);
+	torture_suite_add_1smb2_test(suite, "truncate resource fork to 0 bytes", test_rfork_truncate);
+	torture_suite_add_1smb2_test(suite, "opening and creating resource fork", test_rfork_create);
+	torture_suite_add_1smb2_test(suite, "fsync_resource_fork", test_rfork_fsync);
+	torture_suite_add_1smb2_test(suite, "rename_dir_openfile", test_rename_dir_openfile);
+	torture_suite_add_1smb2_test(suite, "File without AFP_AfpInfo", test_afpinfo_enoent);
+	torture_suite_add_1smb2_test(suite, "create delete-on-close AFP_AfpInfo", test_create_delete_on_close);
+	torture_suite_add_1smb2_test(suite, "setinfo delete-on-close AFP_AfpInfo", test_setinfo_delete_on_close);
+	torture_suite_add_1smb2_test(suite, "setinfo eof AFP_AfpInfo", test_setinfo_eof);
+	torture_suite_add_1smb2_test(suite, "delete AFP_AfpInfo by writing all 0", test_afpinfo_all0);
+	torture_suite_add_1smb2_test(suite, "create delete-on-close AFP_AfpResource", test_create_delete_on_close_resource);
+	torture_suite_add_1smb2_test(suite, "setinfo delete-on-close AFP_AfpResource", test_setinfo_delete_on_close_resource);
+	torture_suite_add_1smb2_test(suite, "setinfo eof AFP_AfpResource", test_setinfo_eof_resource);
+	torture_suite_add_1smb2_test(suite, "setinfo eof stream", test_setinfo_stream_eof);
+	torture_suite_add_1smb2_test(suite, "null afpinfo", test_null_afpinfo);
+	torture_suite_add_1smb2_test(suite, "delete", test_delete_file_with_rfork);
+	torture_suite_add_1smb2_test(suite, "read open rsrc after rename", test_rename_and_read_rsrc);
+	torture_suite_add_1smb2_test(suite, "readdir_attr with names with illegal ntfs characters", test_readdir_attr_illegal_ntfs);
+	torture_suite_add_2ns_smb2_test(suite, "invalid AFP_AfpInfo", test_invalid_afpinfo);
+	torture_suite_add_1smb2_test(suite, "creating rsrc with read-only access", test_rfork_create_ro);
+	torture_suite_add_1smb2_test(suite, "copy-chunk streams", test_copy_chunk_streams);
+	torture_suite_add_1smb2_test(suite, "OS X AppleDouble file conversion", test_adouble_conversion);
+	torture_suite_add_1smb2_test(suite, "NFS ACE entries", test_nfs_aces);
+	torture_suite_add_1smb2_test(suite, "OS X AppleDouble file conversion without embedded xattr", test_adouble_conversion_wo_xattr);
+	torture_suite_add_1smb2_test(suite, "empty_stream", test_empty_stream);
+	torture_suite_add_1smb2_test(suite, "writing_afpinfo", test_writing_afpinfo);
+	torture_suite_add_1smb2_test(suite, "delete_trigger_convert_sharing_violation", test_delete_trigger_convert_sharing_violation);
+
+	return suite;
+}
+
+static bool test_stream_names_local(struct torture_context *tctx,
+				    struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	NTSTATUS status;
+	struct smb2_create create;
+	struct smb2_handle h;
+	const char *fname = BASEDIR "\\stream_names.txt";
+	const char *sname1;
+	bool ret;
+	/* UTF8 private use are starts at 0xef 0x80 0x80 (0xf000) */
+	const char *streams[] = {
+		":foo" "\xef\x80\xa2" "bar:$DATA", /* "foo:bar:$DATA" */
+		":bar" "\xef\x80\xa2" "baz:$DATA", /* "bar:baz:$DATA" */
+		"::$DATA"
+	};
+	const char *localdir = NULL;
+
+	localdir = torture_setting_string(tctx, "localdir", NULL);
+	if (localdir == NULL) {
+		torture_skip(tctx, "Need localdir for test");
+	}
+
+	sname1 = talloc_asprintf(mem_ctx, "%s%s", fname, streams[0]);
+
+	/* clean slate ...*/
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, fname);
+	smb2_deltree(tree, BASEDIR);
+
+	status = torture_smb2_testdir(tree, BASEDIR, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, h);
+
+	torture_comment(tctx, "(%s) testing stream names\n", __location__);
+	ZERO_STRUCT(create);
+	create.in.desired_access = SEC_FILE_WRITE_DATA;
+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	create.in.share_access =
+		NTCREATEX_SHARE_ACCESS_DELETE|
+		NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	create.in.create_disposition = NTCREATEX_DISP_CREATE;
+	create.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+	create.in.fname = sname1;
+
+	status = smb2_create(tree, mem_ctx, &create);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	status = smb2_util_write(tree, create.out.file.handle, "foo", 0, 3);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_write failed\n");
+
+	smb2_util_close(tree, create.out.file.handle);
+
+	ret = torture_setup_local_xattr(tctx, "localdir", BASEDIR "/stream_names.txt",
+					"user.DosStream.bar:baz:$DATA",
+					"data", strlen("data"));
+	CHECK_VALUE(ret, true);
+
+	ret = check_stream_list(tree, tctx, fname, 3, streams, false);
+	CHECK_VALUE(ret, true);
+
+done:
+	status = smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, BASEDIR);
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
+static bool test_fruit_locking_conflict(struct torture_context *tctx,
+					struct smb2_tree *tree,
+					struct smb2_tree *tree2)
+{
+	TALLOC_CTX *mem_ctx;
+	struct smb2_create create;
+	struct smb2_handle h;
+	struct smb2_lock lck;
+	struct smb2_lock_element el;
+	const char *fname = BASEDIR "\\locking_conflict.txt";
+	NTSTATUS status;
+	bool ret = false;
+
+	mem_ctx = talloc_new(tctx);
+	torture_assert_not_null(tctx, mem_ctx, "talloc_new failed");
+
+	/* clean slate ...*/
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, fname);
+	smb2_deltree(tree, BASEDIR);
+
+	status = torture_smb2_testdir(tree, BASEDIR, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	smb2_util_close(tree, h);
+
+	create = (struct smb2_create) {
+		.in.desired_access = SEC_RIGHTS_FILE_READ,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.share_access =
+		NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE,
+		.in.create_disposition = NTCREATEX_DISP_CREATE,
+		.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS,
+		.in.fname = fname,
+	};
+
+	status = smb2_create(tree, mem_ctx, &create);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h = create.out.file.handle;
+
+	/* Add AD_FILELOCK_RSRC_DENY_WR lock. */
+	el = (struct smb2_lock_element) {
+		.offset = 0xfffffffffffffffc,
+		.length = 1,
+		.flags = SMB2_LOCK_FLAG_EXCLUSIVE,
+	};
+	lck = (struct smb2_lock) {
+		.in.lock_count = 1,
+		.in.file.handle = h,
+		.in.locks = &el,
+	};
+
+	/*
+	 * Lock up to and including:
+	 * AD_FILELOCK_OPEN_WR
+	 * AD_FILELOCK_OPEN_RD
+	 * This is designed to cause a NetAtalk
+	 * locking conflict on the next open,
+	 * even though the share modes are
+	 * compatible.
+	 */
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	el = (struct smb2_lock_element) {
+		.offset = 0,
+		.length = 0x7ffffffffffffff7,
+		.flags = SMB2_LOCK_FLAG_EXCLUSIVE,
+	};
+	status = smb2_lock(tree, &lck);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	create = (struct smb2_create) {
+		.in.desired_access =
+		SEC_RIGHTS_FILE_READ|SEC_RIGHTS_FILE_WRITE,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_READ,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS,
+		.in.fname = fname,
+	};
+
+	/*
+	 * Open on the second tree - ensure we are
+	 * emulating trying to access with a NetATalk
+	 * process with an existing open/deny mode.
+	 */
+	status = smb2_create(tree2, mem_ctx, &create);
+	CHECK_STATUS(status, NT_STATUS_SHARING_VIOLATION);
+
+	{
+		struct smb2_close cl = {
+			.level = RAW_CLOSE_SMB2,
+			.in.file.handle = h,
+		};
+		smb2_close(tree, &cl);
+	}
+
+	ret = true;
+done:
+	return ret;
+}
+
+struct torture_suite *torture_vfs_fruit_netatalk(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(
+		ctx, "fruit_netatalk");
+
+	suite->description = talloc_strdup(suite, "vfs_fruit tests for Netatalk interop that require fruit:metadata=netatalk");
+
+	torture_suite_add_1smb2_test(suite, "read netatalk metadata", test_read_netatalk_metadata);
+	torture_suite_add_1smb2_test(suite, "stream names with locally created xattr", test_stream_names_local);
+	torture_suite_add_2smb2_test(
+		suite, "locking conflict", test_fruit_locking_conflict);
+
+	return suite;
+}
+
+struct torture_suite *torture_vfs_fruit_file_id(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite =
+	    torture_suite_create(ctx, "fruit_file_id");
+
+	suite->description =
+	    talloc_strdup(suite, "vfs_fruit tests for on-disk file ID that "
+				 "require fruit:zero_file_id=yes");
+
+	torture_suite_add_1smb2_test(suite, "zero file id if AAPL negotiated",
+				     test_zero_file_id);
+
+	return suite;
+}
+
+static bool test_timemachine_volsize(struct torture_context *tctx,
+				     struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_handle h = {{0}};
+	union smb_fsinfo fsinfo;
+	NTSTATUS status;
+	bool ok = true;
+	const char *info_plist =
+		"<dict>\n"
+		"        <key>band-size</key>\n"
+		"        <integer>8192</integer>\n"
+		"</dict>\n";
+
+	smb2_deltree(tree, "test.sparsebundle");
+
+	ok = enable_aapl(tctx, tree);
+	torture_assert_goto(tctx, ok, ok, done, "enable_aapl failed");
+
+	status = smb2_util_mkdir(tree, "test.sparsebundle");
+	torture_assert_ntstatus_ok_goto(tctx, status, ok, done,
+					"smb2_util_mkdir\n");
+
+	ok = write_stream(tree, __location__, tctx, mem_ctx,
+			  "test.sparsebundle/Info.plist", NULL,
+			   0, strlen(info_plist), info_plist);
+	torture_assert_goto(tctx, ok, ok, done, "write_stream failed\n");
+
+	status = smb2_util_mkdir(tree, "test.sparsebundle/bands");
+	torture_assert_ntstatus_ok_goto(tctx, status, ok, done,
+					"smb2_util_mkdir\n");
+
+	ok = torture_setup_file(tctx, tree, "test.sparsebundle/bands/1", false);
+	torture_assert_goto(tctx, ok, ok, done, "torture_setup_file failed\n");
+
+	ok = torture_setup_file(tctx, tree, "test.sparsebundle/bands/2", false);
+	torture_assert_goto(tctx, ok, ok, done, "torture_setup_file failed\n");
+
+	status = smb2_util_roothandle(tree, &h);
+	torture_assert_ntstatus_ok(tctx, status, "Unable to create root handle");
+
+	ZERO_STRUCT(fsinfo);
+	fsinfo.generic.level = RAW_QFS_SIZE_INFORMATION;
+	fsinfo.generic.handle = h;
+
+	status = smb2_getinfo_fs(tree, tree, &fsinfo);
+	torture_assert_ntstatus_ok(tctx, status, "smb2_getinfo_fs failed");
+
+	torture_comment(tctx, "sectors_per_unit: %" PRIu32"\n"
+			"bytes_per_sector: %" PRIu32"\n"
+			"total_alloc_units: %" PRIu64"\n"
+			"avail_alloc_units: %" PRIu64"\n",
+			fsinfo.size_info.out.sectors_per_unit,
+			fsinfo.size_info.out.bytes_per_sector,
+			fsinfo.size_info.out.total_alloc_units,
+			fsinfo.size_info.out.avail_alloc_units);
+
+	/*
+	 * Let me explain the numbers:
+	 *
+	 * - the share is set to "fruit:time machine max size = 32K"
+	 * - we've faked a bandsize of 8 K in the Info.plist file
+	 * - we've created two bands files
+	 * - one allocation unit is made of two sectors with 512 B each
+	 * => we've consumed 16 allocation units, there should be 16 free
+	 */
+
+	torture_assert_goto(tctx, fsinfo.size_info.out.sectors_per_unit == 2,
+			    ok, done, "Bad sectors_per_unit");
+
+	torture_assert_goto(tctx, fsinfo.size_info.out.bytes_per_sector == 512,
+			    ok, done, "Bad bytes_per_sector");
+
+	torture_assert_goto(tctx, fsinfo.size_info.out.total_alloc_units == 32,
+			    ok, done, "Bad total_alloc_units");
+
+	torture_assert_goto(tctx, fsinfo.size_info.out.avail_alloc_units == 16,
+			    ok, done, "Bad avail_alloc_units");
+
+done:
+	if (!smb2_util_handle_empty(h)) {
+		smb2_util_close(tree, h);
+	}
+	smb2_deltree(tree, "test.sparsebundle");
+	talloc_free(mem_ctx);
+	return ok;
+}
+
+struct torture_suite *torture_vfs_fruit_timemachine(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(
+		ctx, "fruit_timemachine");
+
+	suite->description = talloc_strdup(
+		suite, "vfs_fruit tests for TimeMachine");
+
+	torture_suite_add_1smb2_test(suite, "Timemachine-volsize",
+				     test_timemachine_volsize);
+
+	return suite;
+}
+
+static bool test_convert_xattr_and_empty_rfork_then_delete(
+	struct torture_context *tctx,
+	struct smb2_tree *tree1,
+	struct smb2_tree *tree2)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	const char *fname = BASEDIR "\\test_adouble_conversion";
+	const char *adname = BASEDIR "/._test_adouble_conversion";
+	const char *rfork = BASEDIR "\\test_adouble_conversion" AFPRESOURCE_STREAM_NAME;
+	NTSTATUS status;
+	struct smb2_handle testdirh;
+	bool ret = true;
+	const char *streams[] = {
+		"::$DATA",
+		AFPINFO_STREAM,
+		":com.apple.metadata" "\xef\x80\xa2" "_kMDItemUserTags:$DATA",
+		":foo" "\xef\x80\xa2" "bar:$DATA", /* "foo:bar:$DATA" */
+	};
+	struct smb2_create create;
+	struct smb2_find find;
+	unsigned int count;
+	union smb_search_data *d;
+	bool delete_empty_adfiles;
+	int expected_num_files;
+
+	delete_empty_adfiles = torture_setting_bool(tctx,
+						    "delete_empty_adfiles",
+						    false);
+
+	smb2_deltree(tree1, BASEDIR);
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &testdirh);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testdir failed\n");
+	smb2_util_close(tree1, testdirh);
+
+	ret = torture_setup_file(tctx, tree1, fname, false);
+	torture_assert_goto(tctx, ret == true, ret, done,
+			    "torture_setup_file failed\n");
+
+	ret = torture_setup_file(tctx, tree1, adname, false);
+	torture_assert_goto(tctx, ret == true, ret, done,
+			    "torture_setup_file failed\n");
+
+	ret = write_stream(tree1, __location__, tctx, mem_ctx,
+			   adname, NULL,
+			   0, sizeof(osx_adouble_w_xattr), osx_adouble_w_xattr);
+	torture_assert_goto(tctx, ret == true, ret, done,
+			    "write_stream failed\n");
+
+	ret = enable_aapl(tctx, tree2);
+	torture_assert_goto(tctx, ret == true, ret, done, "enable_aapl failed");
+
+	/*
+	 * Issue a smb2_find(), this triggers the server-side conversion
+	 */
+
+	create = (struct smb2_create) {
+		.in.desired_access = SEC_RIGHTS_DIR_READ,
+		.in.create_options = NTCREATEX_OPTIONS_DIRECTORY,
+		.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_READ,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS,
+		.in.fname = BASEDIR,
+	};
+
+	status = smb2_create(tree2, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+
+	find = (struct smb2_find) {
+		.in.file.handle = create.out.file.handle,
+		.in.pattern = "*",
+		.in.max_response_size = 0x1000,
+		.in.level = SMB2_FIND_ID_BOTH_DIRECTORY_INFO,
+	};
+
+	status = smb2_find_level(tree2, tree2, &find, &count, &d);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_find_level failed\n");
+
+	status = smb2_util_close(tree2, create.out.file.handle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_close failed");
+
+	/*
+	 * Check number of streams
+	 */
+
+	ret = check_stream_list(tree2, tctx, fname, 4, streams, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "check_stream_list");
+
+	/*
+	 * Check Resource Fork is gone
+	 */
+
+	create = (struct smb2_create) {
+		.in.desired_access = SEC_RIGHTS_FILE_READ|SEC_RIGHTS_FILE_WRITE,
+		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_READ,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS,
+		.in.fname = rfork,
+	};
+
+	status = smb2_create(tree2, mem_ctx, &create);
+	torture_assert_ntstatus_equal_goto(
+		tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+		ret, done, "Bad smb2_create return\n");
+
+	/*
+	 * Check xattr data has been migrated from the AppleDouble file to
+	 * streams.
+	 */
+
+	ret = check_stream(tree2, __location__, tctx, mem_ctx,
+			   fname, AFPINFO_STREAM,
+			   0, 60, 16, 8, "TESTSLOW");
+	torture_assert_goto(tctx, ret == true, ret, done,
+			    "check AFPINFO_STREAM failed\n");
+
+	ret = check_stream(tree2, __location__, tctx, mem_ctx,
+			   fname, ":foo" "\xef\x80\xa2" "bar", /* foo:bar */
+			   0, 3, 0, 3, "baz");
+	torture_assert_goto(tctx, ret == true, ret, done,
+			    "check foo stream failed\n");
+
+	/*
+	 * Now check number of files. If delete_empty_adfiles is set, the
+	 * AppleDouble files should have been deleted.
+	 */
+
+	create = (struct smb2_create) {
+		.in.desired_access = SEC_RIGHTS_DIR_READ,
+		.in.create_options = NTCREATEX_OPTIONS_DIRECTORY,
+		.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY,
+		.in.share_access = NTCREATEX_SHARE_ACCESS_READ,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS,
+		.in.fname = BASEDIR,
+	};
+
+	status = smb2_create(tree2, tctx, &create);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+
+	find = (struct smb2_find) {
+		.in.file.handle = create.out.file.handle,
+		.in.pattern = "*",
+		.in.max_response_size = 0x1000,
+		.in.level = SMB2_FIND_ID_BOTH_DIRECTORY_INFO,
+	};
+
+	status = smb2_find_level(tree2, tree2, &find, &count, &d);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_find_level failed\n");
+
+	status = smb2_util_close(tree2, create.out.file.handle);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_util_close failed");
+
+	if (delete_empty_adfiles) {
+		expected_num_files = 3;
+	} else {
+		expected_num_files = 4;
+	}
+	torture_assert_int_equal_goto(tctx, count, expected_num_files, ret, done,
+				      "Wrong number of files\n");
+
+done:
+	smb2_deltree(tree1, BASEDIR);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
+struct torture_suite *torture_vfs_fruit_conversion(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(
+		ctx, "fruit_conversion");
+
+	suite->description = talloc_strdup(
+		suite, "vfs_fruit conversion tests");
+
+	torture_suite_add_2ns_smb2_test(
+		suite, "convert_xattr_and_empty_rfork_then_delete",
+		test_convert_xattr_and_empty_rfork_then_delete);
+
+	return suite;
+}
+
+/*
+ * The buf below contains the following AppleDouble encoded data:
+ *
+ * -----------------------------------------------------------------------------
+ * MagicNumber: 00051607                                        : AppleDouble
+ * Version    : 00020000                                        : Version 2
+ * Filler     : 4D 61 63 20 4F 53 20 58 20 20 20 20 20 20 20 20 : Mac OS X
+ * Num. of ent: 0002                                            : 2
+ *
+ * -----------------------------------------------------------------------------
+ * Entry ID   : 00000002 : Resource Fork
+ * Offset     : 0000009A : 154
+ * Length     : 00000004 : 4
+ *
+ * -RAW DUMP--:  0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F : (ASCII)
+ * 00000000   : 62 61 72 00                                     : bar.
+ *
+ * -----------------------------------------------------------------------------
+ * Entry ID   : 00000009 : Finder Info
+ * Offset     : 00000032 : 50
+ * Length     : 00000068 : 104
+ *
+ * -FInfo-----:
+ * Type       : 464F4F20 : FOO
+ * Creator    : 42415220 : BAR
+ * isAlias    : 0
+ * Invisible  : 0
+ * hasBundle  : 0
+ * nameLocked : 0
+ * Stationery : 0
+ * CustomIcon : 0
+ * Reserved   : 0
+ * Inited     : 0
+ * NoINITS    : 0
+ * Shared     : 0
+ * SwitchLaunc: 0
+ * Hidden Ext : 0
+ * color      : 000      : none
+ * isOnDesk   : 0
+ * Location v : 0000     : 0
+ * Location h : 0000     : 0
+ * Fldr       : 0000     : ..
+ *
+ * -FXInfo----:
+ * Rsvd|IconID: 0000     : 0
+ * Rsvd       : 0000     : ..
+ * Rsvd       : 0000     : ..
+ * Rsvd       : 0000     : ..
+ * AreInvalid : 0
+ * unknown bit: 0
+ * unknown bit: 0
+ * unknown bit: 0
+ * unknown bit: 0
+ * unknown bit: 0
+ * unknown bit: 0
+ * CustomBadge: 0
+ * ObjctIsBusy: 0
+ * unknown bit: 0
+ * unknown bit: 0
+ * unknown bit: 0
+ * unknown bit: 0
+ * RoutingInfo: 0
+ * unknown bit: 0
+ * unknown bit: 0
+ * Rsvd|commnt: 0000     : 0
+ * PutAway    : 00000000 : 0
+ *
+ * -EA--------:
+ * pad        : 0000     :
+ * magic      : 41545452 : ATTR
+ * debug_tag  : 00000000 : 0
+ * total_size : 0000009A : 154
+ * data_start : 00000096 : 150
+ * data_length: 00000004 : 4
+ * reserved[0]: 00000000 : ....
+ * reserved[1]: 00000000 : ....
+ * reserved[2]: 00000000 : ....
+ * flags      : 0000     : ..
+ * num_attrs  : 0001     : 1
+ * -EA ENTRY--:
+ * offset     : 00000096 : 150
+ * length     : 00000004 : 4
+ * flags      : 0000     : ..
+ * namelen    : 13       : 19
+ * -EA NAME---:  0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F : (ASCII)
+ * 00000000   : 6F 72 67 2E 73 61 6D 62 61 EF 80 A2 77 6F 6F 68 : org.samba...wooh
+ * 00000010   : 6F 6F 00                                        : oo.
+ * -EA VALUE--:  0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F : (ASCII)
+ * 00000000   : 62 61 72 00                                     : bar.
+ *
+ * -RAW DUMP--:  0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F : (ASCII)
+ * 00000000   : 46 4F 4F 20 42 41 52 20 00 00 00 00 00 00 00 00 : FOO BAR ........
+ * 00000010   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+ * 00000020   : 00 00 41 54 54 52 00 00 00 00 00 00 00 9A 00 00 : baATTR..........
+ * 00000030   : 00 96 00 00 00 04 00 00 00 00 00 00 00 00 00 00 : ................
+ * 00000040   : 00 00 00 00 00 01 00 00 00 96 00 00 00 04 00 00 : ................
+ * 00000050   : 13 6F 72 67 2E 73 61 6D 62 61 EF 80 A2 77 6F 6F : .org.samba...woo
+ * 00000060   : 68 6F 6F 00 62 61 72 00                         : hoo.bar.
+ *
+ * It was created with:
+ *
+ * $ hexdump -ve '"\t" 7/1 "0x%02x, " 1/1 " 0x%02x," "\n"'
+ */
+static char unconvert_adfile_data[] = {
+	0x00, 0x05, 0x16, 0x07, 0x00, 0x02, 0x00, 0x00,
+	0x4d, 0x61, 0x63, 0x20, 0x4f, 0x53, 0x20, 0x58,
+	0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+	0x00, 0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00,
+	0x00, 0x98, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00,
+	0x00, 0x09, 0x00, 0x00, 0x00, 0x32, 0x00, 0x00,
+	0x00, 0x66, 0x46, 0x4f, 0x4f, 0x20, 0x42, 0x41,
+	0x52, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x41, 0x54, 0x54, 0x52,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x98,
+	0x00, 0x00, 0x00, 0x94, 0x00, 0x00, 0x00, 0x04,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+	0x00, 0x00, 0x00, 0x94, 0x00, 0x00, 0x00, 0x04,
+	0x00, 0x00, 0x11, 0x6f, 0x72, 0x67, 0x2e, 0x73,
+	0x61, 0x6d, 0x62, 0x61, 0x3a, 0x77, 0x6f, 0x6f,
+	0x68, 0x6f, 0x6f, 0x00, 0x62, 0x61, 0x72, 0x00,
+	0x62, 0x61, 0x72, 0x00
+};
+
+static bool test_unconvert(struct torture_context *tctx,
+			   struct smb2_tree *tree1,
+			   struct smb2_tree *tree2)
+{
+	const char *fname = BASEDIR "\\unconvert";
+	const char *adname = BASEDIR "\\._unconvert";
+	const char *net = NULL;
+	const char *share = NULL;
+	AfpInfo *afpi = NULL;
+	char *cmd = NULL;
+	struct smb2_handle h1;
+	union smb_fileinfo finfo;
+	size_t adsize;
+	NTSTATUS status;
+	int result;
+	bool ret = true;
+
+	torture_assert_not_null_goto(tctx, tree2, ret, done,
+				     "Need a second share without fruit\n");
+
+	net = torture_setting_string(tctx, "net", NULL);
+	torture_assert_not_null_goto(tctx, net, ret, done,
+				     "Need path to 'net'");
+
+	share = torture_setting_string(tctx, "sharename", NULL);
+	torture_assert_not_null_goto(tctx, share, ret, done,
+				     "Need sharename");
+
+	torture_comment(tctx, "Testing unconvert\n");
+
+	smb2_deltree(tree1, BASEDIR);
+
+	status = torture_smb2_testdir(tree1, BASEDIR, &h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testdir\n");
+	smb2_util_close(tree1, h1);
+
+	ret = torture_setup_file(tctx, tree1, fname, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "torture_setup_file");
+
+	afpi = torture_afpinfo_new(tctx);
+	torture_assert_not_null_goto(tctx, afpi, ret, done,
+				     "torture_afpinfo_new failed\n");
+
+	memcpy(afpi->afpi_FinderInfo, "FOO BAR ", 8);
+
+	ret = torture_write_afpinfo(tree1, tctx, tctx, fname, afpi);
+	torture_assert_goto(tctx, ret == true, ret, done,
+			    "torture_write_afpinfo failed\n");
+
+	ret = write_stream(tree1, __location__, tctx, tctx,
+			   fname,
+			   /*
+			    * \xef\x80\xa2 is ':' mapped to Unicoe private range
+			    */
+			   ":org.samba" "\xef\x80\xa2" "woohoo",
+			   0, 4, "bar");
+	torture_assert_goto(tctx, ret == true, ret, done,
+			    "write_stream failed\n");
+
+	ret = write_stream(tree1, __location__, tctx, tctx,
+			   fname, AFPRESOURCE_STREAM_NAME,
+			   0, 4, "bar");
+	torture_assert_goto(tctx, ret == true, ret, done,
+			    "write_stream failed\n");
+
+	cmd = talloc_asprintf(tctx,
+			      "%s --recursive vfs stream2adouble %s %s/",
+			      net,
+			      share,
+			      BASEDIR);
+	torture_assert_not_null_goto(tctx, cmd, ret, done,
+				     "talloc_asprintf failed\n");
+
+	torture_comment(tctx, "cmd: %s\n", cmd);
+
+	result = system(cmd);
+	torture_assert_int_equal_goto(tctx, result, 0, ret, done,
+			    "command failed\n");
+
+	status = torture_smb2_testfile(tree2, adname, &h1);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testfile failed\n");
+
+	finfo = (union smb_fileinfo) {
+		.generic.level = RAW_FILEINFO_ALL_INFORMATION,
+		.generic.in.file.handle = h1,
+	};
+
+	status = smb2_getinfo_file(tree2, tctx, &finfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"torture_smb2_testdir\n");
+	smb2_util_close(tree2, h1);
+
+	adsize = finfo.all_info.out.size;
+	torture_assert_int_equal_goto(tctx, adsize,
+				      sizeof(unconvert_adfile_data),
+				      ret, done, "wrong size\n");
+
+	ret = check_stream(tree2, __location__, tctx, tctx,
+			   adname, "", 0, adsize, 0, adsize,
+			   unconvert_adfile_data);
+	torture_assert_goto(tctx, ret == true, ret, done,
+			    "check_stream failed\n");
+
+done:
+//	smb2_deltree(tree1, BASEDIR);
+	return ret;
+}
+
+struct torture_suite *torture_vfs_fruit_unfruit(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(
+		ctx, "unfruit");
+
+	suite->description = talloc_strdup(
+		suite, "test converting back to AppleDouble");
+
+	torture_suite_add_2ns_smb2_test(suite,
+					"unconvert",
+					test_unconvert);
+
+	return suite;
+}
+
+/*
+ * Write an invalid AFP_AfpInfo stream header
+ */
+bool test_fruit_validate_afpinfo(struct torture_context *tctx,
+				 struct smb2_tree *tree)
+{
+	bool expect_invalid_param = torture_setting_bool(tctx, "validate_afpinfo", true);
+	const char *fname = "test_fruit_validate_afpinfo";
+	const char *sname = "test_fruit_validate_afpinfo" AFPINFO_STREAM_NAME;
+	struct smb2_handle handle;
+	AfpInfo *afpinfo = NULL;
+	char *afpinfo_buf = NULL;
+	uint8_t valbuf[8];
+	NTSTATUS status;
+	bool ret = true;
+
+	torture_comment(tctx, "Checking create of AfpInfo stream\n");
+
+	smb2_util_unlink(tree, fname);
+
+	ret = torture_setup_file(tctx, tree, fname, false);
+	torture_assert_goto(tctx, ret == true, ret, done, "torture_setup_file failed");
+
+	afpinfo = torture_afpinfo_new(tctx);
+	torture_assert_not_null_goto(tctx, afpinfo, ret, done,
+				     "torture_afpinfo_new failed\n");
+
+	memcpy(afpinfo->afpi_FinderInfo, "FOO BAR ", 8);
+
+	ret = torture_write_afpinfo(tree, tctx, tctx, fname, afpinfo);
+	torture_assert_goto(tctx, ret == true, ret, done,
+			    "torture_write_afpinfo failed\n");
+
+	afpinfo_buf = talloc_zero_size(tctx, 60);
+	torture_assert_goto(tctx, afpinfo_buf != NULL, ret, done,
+			    "torture_afpinfo_new failed");
+	memcpy(afpinfo_buf + 16, "FOO ", 4);
+
+	status = torture_smb2_testfile_access(
+		tree, sname, &handle, SEC_FILE_ALL);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+
+	status = smb2_util_write(tree, handle, afpinfo_buf, 0, AFP_INFO_SIZE);
+	if (expect_invalid_param) {
+		torture_assert_ntstatus_equal_goto(
+			tctx, status, NT_STATUS_INVALID_PARAMETER, ret, done,
+			"write didn't fail as expected\n");
+	} else {
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"smb2_util_write failed");
+	}
+
+	smb2_util_close(tree, handle);
+
+	/*
+	 * Verify the server fixed the header
+	 */
+	PUSH_BE_U32(valbuf, 0, AFP_Signature);
+	PUSH_BE_U32(valbuf + 4, 0, AFP_Version);
+	ret = check_stream(tree, __location__, tctx, tctx, fname,
+			   AFPINFO_STREAM, 0, 60, 0, 8, (char *)valbuf);
+	torture_assert_goto(tctx, ret == true, ret, done, "check_stream failed");
+
+done:
+	smb2_util_unlink(tree, fname);
+	return ret;
+}
diff --git a/source4/torture/vfs/vfs.c b/source4/torture/vfs/vfs.c
new file mode 100644
index 0000000..3d402ee
--- /dev/null
+++ b/source4/torture/vfs/vfs.c
@@ -0,0 +1,123 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Ralph Boehme 2014
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "libcli/libcli.h"
+#include "../lib/util/dlinklist.h"
+
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "lib/cmdline/cmdline.h"
+#include "param/param.h"
+#include "libcli/resolve/resolve.h"
+
+#include "torture/util.h"
+#include "torture/smbtorture.h"
+#include "torture/vfs/proto.h"
+#include "torture/smb2/proto.h"
+
+static bool wrap_2ns_smb2_test(struct torture_context *torture_ctx,
+			       struct torture_tcase *tcase,
+			       struct torture_test *test)
+{
+	bool (*fn) (struct torture_context *, struct smb2_tree *, struct smb2_tree *);
+	bool ok;
+
+	struct smb2_tree *tree1 = NULL;
+	struct smb2_tree *tree2 = NULL;
+	TALLOC_CTX *mem_ctx = talloc_new(torture_ctx);
+
+	if (!torture_smb2_connection(torture_ctx, &tree1)) {
+		torture_fail(torture_ctx,
+			    "Establishing SMB2 connection failed\n");
+		return false;
+	}
+
+	/*
+	 * This is a trick:
+	 * The test might close the connection. If we steal the tree context
+	 * before that and free the parent instead of tree directly, we avoid
+	 * a double free error.
+	 */
+	talloc_steal(mem_ctx, tree1);
+
+	ok = torture_smb2_con_sopt(torture_ctx, "share2", &tree2);
+	if (ok) {
+		talloc_steal(mem_ctx, tree2);
+	}
+
+	fn = test->fn;
+
+	ok = fn(torture_ctx, tree1, tree2);
+
+	/* the test may already have closed some of the connections */
+	talloc_free(mem_ctx);
+
+	return ok;
+}
+
+/*
+ * Run a test with 2 connected trees, the default share and another
+ * taken from option strings "torture:share2"
+ */
+struct torture_test *torture_suite_add_2ns_smb2_test(struct torture_suite *suite,
+						     const char *name,
+						     bool (*run)(struct torture_context *,
+								 struct smb2_tree *,
+								 struct smb2_tree *))
+{
+	struct torture_test *test;
+	struct torture_tcase *tcase;
+
+	tcase = torture_suite_add_tcase(suite, name);
+
+	test = talloc(tcase, struct torture_test);
+
+	test->name = talloc_strdup(test, name);
+	test->description = NULL;
+	test->run = wrap_2ns_smb2_test;
+	test->fn = run;
+	test->dangerous = false;
+
+	DLIST_ADD_END(tcase->tests, test);
+
+	return test;
+}
+
+NTSTATUS torture_vfs_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(
+		ctx, "vfs");
+
+	suite->description = talloc_strdup(suite, "VFS modules tests");
+
+	torture_suite_add_suite(suite, torture_vfs_fruit(suite));
+	torture_suite_add_suite(suite, torture_vfs_fruit_netatalk(suite));
+	torture_suite_add_suite(suite, torture_acl_xattr(suite));
+	torture_suite_add_suite(suite, torture_vfs_fruit_file_id(suite));
+	torture_suite_add_suite(suite, torture_vfs_fruit_timemachine(suite));
+	torture_suite_add_suite(suite, torture_vfs_fruit_conversion(suite));
+	torture_suite_add_suite(suite, torture_vfs_fruit_unfruit(suite));
+	torture_suite_add_1smb2_test(suite, "fruit_validate_afpinfo", test_fruit_validate_afpinfo);
+
+	torture_register_suite(ctx, suite);
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/torture/winbind/struct_based.c b/source4/torture/winbind/struct_based.c
new file mode 100644
index 0000000..1c8751e
--- /dev/null
+++ b/source4/torture/winbind/struct_based.c
@@ -0,0 +1,1190 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB torture tester - winbind struct based protocol
+   Copyright (C) Stefan Metzmacher 2007
+   Copyright (C) Michael Adam 2007
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/torture.h"
+#include "nsswitch/libwbclient/wbclient.h"
+#include "nsswitch/winbind_nss_config.h"
+#include "nsswitch/winbind_struct_protocol.h"
+#include "nsswitch/libwbclient/wbclient_internal.h"
+#include "libcli/security/security.h"
+#include "librpc/gen_ndr/netlogon.h"
+#include "param/param.h"
+#include "../libcli/auth/pam_errors.h"
+#include "torture/winbind/proto.h"
+#include "lib/util/string_wrappers.h"
+
+#define DO_STRUCT_REQ_REP_EXT(op,req,rep,expected,strict,warnaction,cmt) do { \
+	const char *__cmt = (cmt); \
+	wbcErr __wbc_status = WBC_ERR_UNKNOWN_FAILURE; \
+	NSS_STATUS __got, __expected = (expected); \
+	__wbc_status = wbcRequestResponse(NULL, op, req, rep); \
+	switch (__wbc_status) { \
+	case WBC_ERR_SUCCESS: \
+		__got = NSS_STATUS_SUCCESS; \
+		break; \
+	case WBC_ERR_WINBIND_NOT_AVAILABLE: \
+		__got = NSS_STATUS_UNAVAIL; \
+		break; \
+	case WBC_ERR_DOMAIN_NOT_FOUND: \
+		__got = NSS_STATUS_NOTFOUND; \
+		break; \
+	default: \
+		torture_result(torture, TORTURE_FAIL, \
+				__location__ ": " __STRING(op) \
+				" returned unmapped %s, expected nss %d%s%s", \
+				wbcErrorString(__wbc_status), __expected, \
+				(__cmt) ? ": " : "", \
+				(__cmt) ? (__cmt) : ""); \
+		return false; \
+	} \
+	if (__got != __expected) { \
+		if (strict) { \
+			torture_result(torture, TORTURE_FAIL, \
+				__location__ ": " __STRING(op) \
+				" returned %s, got %d , expected %d%s%s", \
+				wbcErrorString(__wbc_status), __got, __expected, \
+				(__cmt) ? ": " : "", \
+				(__cmt) ? (__cmt) : ""); \
+			return false; \
+		} else { \
+			torture_warning(torture, \
+				__location__ ": " __STRING(op) \
+				" returned %s, got %d , expected %d%s%s", \
+				wbcErrorString(__wbc_status), __got, __expected, \
+				(__cmt) ? ": " : "", \
+				(__cmt) ? (__cmt) : ""); \
+			warnaction; \
+		} \
+	} \
+} while(0)
+
+#undef _STRUCT_NOOP
+#define _STRUCT_NOOP do {} while(0);
+#define DO_STRUCT_REQ_REP(op,req,rep) do { \
+	DO_STRUCT_REQ_REP_EXT(op,req,rep,NSS_STATUS_SUCCESS,true, _STRUCT_NOOP, NULL); \
+} while (0)
+
+static bool torture_winbind_struct_interface_version(struct torture_context *torture)
+{
+	struct winbindd_request req;
+	struct winbindd_response rep;
+
+	ZERO_STRUCT(req);
+	ZERO_STRUCT(rep);
+
+	torture_comment(torture, "Running WINBINDD_INTERFACE_VERSION (struct based)\n");
+
+	DO_STRUCT_REQ_REP(WINBINDD_INTERFACE_VERSION, &req, &rep);
+
+	torture_assert_int_equal(torture,
+				 rep.data.interface_version,
+				 WINBIND_INTERFACE_VERSION,
+				 "winbind server and client doesn't match");
+
+	return true;
+}
+
+static bool torture_winbind_struct_ping(struct torture_context *torture)
+{
+	struct timeval tv = timeval_current();
+	int timelimit = torture_setting_int(torture, "timelimit", 5);
+	uint32_t total = 0;
+
+	torture_comment(torture,
+			"Running WINBINDD_PING (struct based) for %d seconds\n",
+			timelimit);
+
+	while (timeval_elapsed(&tv) < timelimit) {
+		DO_STRUCT_REQ_REP(WINBINDD_PING, NULL, NULL);
+		total++;
+	}
+
+	torture_comment(torture,
+			"%u (%.1f/s) WINBINDD_PING (struct based)\n",
+			total, total / timeval_elapsed(&tv));
+
+	return true;
+}
+
+
+static char winbind_separator(struct torture_context *torture)
+{
+	struct winbindd_response rep;
+
+	ZERO_STRUCT(rep);
+
+	DO_STRUCT_REQ_REP(WINBINDD_INFO, NULL, &rep);
+
+	return rep.data.info.winbind_separator;
+}
+
+static bool torture_winbind_struct_info(struct torture_context *torture)
+{
+	struct winbindd_response rep;
+	const char *separator;
+
+	ZERO_STRUCT(rep);
+
+	torture_comment(torture, "Running WINBINDD_INFO (struct based)\n");
+
+	DO_STRUCT_REQ_REP(WINBINDD_INFO, NULL, &rep);
+
+	separator = torture_setting_string(torture,
+					   "winbindd_separator",
+					   lpcfg_winbind_separator(torture->lp_ctx));
+
+	torture_assert_int_equal(torture,
+				 rep.data.info.winbind_separator,
+				 *separator,
+				 "winbind separator doesn't match");
+
+	torture_comment(torture, "Samba Version '%s'\n",
+			rep.data.info.samba_version);
+
+	return true;
+}
+
+static bool torture_winbind_struct_priv_pipe_dir(struct torture_context *torture)
+{
+	struct winbindd_response rep;
+	const char *got_dir;
+
+	ZERO_STRUCT(rep);
+
+	torture_comment(torture, "Running WINBINDD_PRIV_PIPE_DIR (struct based)\n");
+
+	DO_STRUCT_REQ_REP(WINBINDD_PRIV_PIPE_DIR, NULL, &rep);
+
+	got_dir = (const char *)rep.extra_data.data;
+
+	torture_assert(torture, got_dir, "NULL WINBINDD_PRIV_PIPE_DIR\n");
+
+	SAFE_FREE(rep.extra_data.data);
+	return true;
+}
+
+static bool torture_winbind_struct_netbios_name(struct torture_context *torture)
+{
+	struct winbindd_response rep;
+	const char *expected;
+
+	ZERO_STRUCT(rep);
+
+	torture_comment(torture, "Running WINBINDD_NETBIOS_NAME (struct based)\n");
+
+	DO_STRUCT_REQ_REP(WINBINDD_NETBIOS_NAME, NULL, &rep);
+
+	expected = torture_setting_string(torture,
+					  "winbindd_netbios_name",
+					  lpcfg_netbios_name(torture->lp_ctx));
+	expected = strupper_talloc(torture, expected);
+
+	torture_assert_str_equal(torture,
+				 rep.data.netbios_name, expected,
+				 "winbindd's netbios name doesn't match");
+
+	return true;
+}
+
+static bool get_winbind_domain(struct torture_context *torture, char **domain)
+{
+	struct winbindd_response rep;
+
+	ZERO_STRUCT(rep);
+
+	DO_STRUCT_REQ_REP(WINBINDD_DOMAIN_NAME, NULL, &rep);
+
+	*domain = talloc_strdup(torture, rep.data.domain_name);
+	torture_assert(torture, domain, "talloc error");
+
+	return true;
+}
+
+static bool torture_winbind_struct_domain_name(struct torture_context *torture)
+{
+	const char *expected;
+	char *domain;
+
+	torture_comment(torture, "Running WINBINDD_DOMAIN_NAME (struct based)\n");
+
+	expected = torture_setting_string(torture,
+					  "winbindd_netbios_domain",
+					  lpcfg_workgroup(torture->lp_ctx));
+
+	get_winbind_domain(torture, &domain);
+
+	torture_assert_str_equal(torture, domain, expected,
+				 "winbindd's netbios domain doesn't match");
+
+	return true;
+}
+
+static bool torture_winbind_struct_check_machacc(struct torture_context *torture)
+{
+	bool ok;
+	bool strict = torture_setting_bool(torture, "strict mode", false);
+	struct winbindd_response rep;
+
+	ZERO_STRUCT(rep);
+
+	torture_comment(torture, "Running WINBINDD_CHECK_MACHACC (struct based)\n");
+
+	ok = true;
+	DO_STRUCT_REQ_REP_EXT(WINBINDD_CHECK_MACHACC, NULL, &rep,
+			      NSS_STATUS_SUCCESS, strict, ok = false,
+			      "WINBINDD_CHECK_MACHACC");
+
+	if (!ok) {
+		torture_assert(torture,
+			       strlen(rep.data.auth.nt_status_string)>0,
+			       "Failed with empty nt_status_string");
+
+		torture_warning(torture,"%s:%s:%s:%d\n",
+				nt_errstr(NT_STATUS(rep.data.auth.nt_status)),
+				rep.data.auth.nt_status_string,
+				rep.data.auth.error_string,
+				rep.data.auth.pam_error);
+		return true;
+	}
+
+	torture_assert_ntstatus_ok(torture,
+				   NT_STATUS(rep.data.auth.nt_status),
+				   "WINBINDD_CHECK_MACHACC ok: nt_status");
+
+	torture_assert_str_equal(torture,
+				 rep.data.auth.nt_status_string,
+				 nt_errstr(NT_STATUS_OK),
+				 "WINBINDD_CHECK_MACHACC ok:nt_status_string");
+
+	torture_assert_str_equal(torture,
+				 rep.data.auth.error_string,
+				 get_friendly_nt_error_msg(NT_STATUS_OK),
+				 "WINBINDD_CHECK_MACHACC ok: error_string");
+
+	torture_assert_int_equal(torture,
+				 rep.data.auth.pam_error,
+				 nt_status_to_pam(NT_STATUS_OK),
+				 "WINBINDD_CHECK_MACHACC ok: pam_error");
+
+	return true;
+}
+
+struct torture_trust_domain {
+	const char *netbios_name;
+	const char *dns_name;
+	struct dom_sid *sid;
+};
+
+static bool get_trusted_domains(struct torture_context *torture,
+				struct torture_trust_domain **_d)
+{
+	struct winbindd_request req;
+	struct winbindd_response rep;
+	struct torture_trust_domain *d = NULL;
+	uint32_t dcount = 0;
+	char line[256];
+	const char *extra_data;
+
+	ZERO_STRUCT(req);
+	ZERO_STRUCT(rep);
+
+	DO_STRUCT_REQ_REP(WINBINDD_LIST_TRUSTDOM, &req, &rep);
+
+	extra_data = (char *)rep.extra_data.data;
+	torture_assert(torture, extra_data != NULL,
+		       "Trust list was NULL: the list of trusted domain "
+		       "should be returned, with at least 2 entries "
+		       "(BUILTIN, and the local domain)");
+
+	while (next_token(&extra_data, line, "\n", sizeof(line))) {
+		char *p, *lp;
+
+		d = talloc_realloc(torture, d,
+				   struct torture_trust_domain,
+				   dcount + 2);
+		ZERO_STRUCT(d[dcount+1]);
+
+		lp = line;
+		p = strchr(lp, '\\');
+		torture_assert(torture, p, "missing 1st '\\' in line");
+		*p = 0;
+		d[dcount].netbios_name = talloc_strdup(d, lp);
+		torture_assert(torture, strlen(d[dcount].netbios_name) > 0,
+			       "empty netbios_name");
+
+		lp = p+1;
+		p = strchr(lp, '\\');
+		torture_assert(torture, p, "missing 2nd '\\' in line");
+		*p = 0;
+		d[dcount].dns_name = talloc_strdup(d, lp);
+		/* it's ok to have an empty dns_name */
+
+		lp = p+1;
+		d[dcount].sid = dom_sid_parse_talloc(d, lp);
+		torture_assert(torture, d[dcount].sid,
+			       "failed to parse sid");
+
+		dcount++;
+	}
+	SAFE_FREE(rep.extra_data.data);
+
+	torture_assert(torture, dcount >= 2,
+		       "The list of trusted domain should contain 2 entries "
+		       "(BUILTIN, and the local domain)");
+
+	*_d = d;
+	return true;
+}
+
+static bool torture_winbind_struct_list_trustdom(struct torture_context *torture)
+{
+	struct winbindd_request req;
+	struct winbindd_response rep;
+	char *list1;
+	char *list2;
+	bool ok;
+	struct torture_trust_domain *listd = NULL;
+	uint32_t i;
+
+	torture_comment(torture, "Running WINBINDD_LIST_TRUSTDOM (struct based)\n");
+
+	ZERO_STRUCT(req);
+	ZERO_STRUCT(rep);
+
+	req.data.list_all_domains = false;
+
+	DO_STRUCT_REQ_REP(WINBINDD_LIST_TRUSTDOM, &req, &rep);
+
+	list1 = (char *)rep.extra_data.data;
+
+	torture_comment(torture, "%s\n", list1);
+
+	ZERO_STRUCT(req);
+	ZERO_STRUCT(rep);
+
+	req.data.list_all_domains = true;
+
+	DO_STRUCT_REQ_REP(WINBINDD_LIST_TRUSTDOM, &req, &rep);
+
+	list2 = (char *)rep.extra_data.data;
+
+	/*
+	 * The list_all_domains parameter should be ignored
+	 */
+	torture_assert_str_equal(torture, list2, list1, "list_all_domains not ignored");
+
+	SAFE_FREE(list1);
+	SAFE_FREE(list2);
+
+	ok = get_trusted_domains(torture, &listd);
+	torture_assert(torture, ok, "failed to get trust list");
+
+	for (i=0; listd && listd[i].netbios_name; i++) {
+		if (i == 0) {
+			struct dom_sid *builtin_sid;
+
+			builtin_sid = dom_sid_parse_talloc(torture, SID_BUILTIN);
+
+			torture_assert_str_equal(torture,
+						 listd[i].netbios_name,
+						 NAME_BUILTIN,
+						 "first domain should be 'BUILTIN'");
+
+			torture_assert_str_equal(torture,
+						 listd[i].dns_name,
+						 "",
+						 "BUILTIN domain should not have a dns name");
+
+			ok = dom_sid_equal(builtin_sid,
+					   listd[i].sid);
+			torture_assert(torture, ok, "BUILTIN domain should have S-1-5-32");
+
+			continue;
+		}
+
+		/*
+		 * TODO: verify the content of the 2nd and 3rd (in member server mode)
+		 *       domain entries
+		 */
+	}
+
+	return true;
+}
+
+static bool torture_winbind_struct_domain_info(struct torture_context *torture)
+{
+	bool ok;
+	struct torture_trust_domain *listd = NULL;
+	uint32_t i;
+
+	torture_comment(torture, "Running WINBINDD_DOMAIN_INFO (struct based)\n");
+
+	ok = get_trusted_domains(torture, &listd);
+	torture_assert(torture, ok, "failed to get trust list");
+
+	for (i=0; listd && listd[i].netbios_name; i++) {
+		torture_comment(torture, "LIST[%u] '%s' => '%s' [%s]\n",
+				(unsigned)i,
+				listd[i].netbios_name,
+				listd[i].dns_name,
+				dom_sid_string(torture, listd[i].sid));
+	}
+
+	for (i=0; listd && listd[i].netbios_name; i++) {
+		struct winbindd_request req;
+		struct winbindd_response rep;
+		struct dom_sid *sid;
+		char *flagstr = talloc_strdup(torture," ");
+
+		ZERO_STRUCT(req);
+		ZERO_STRUCT(rep);
+
+		fstrcpy(req.domain_name, listd[i].netbios_name);
+
+		DO_STRUCT_REQ_REP(WINBINDD_DOMAIN_INFO, &req, &rep);
+
+		if (rep.data.domain_info.primary) {
+			flagstr = talloc_strdup_append(flagstr, "PR ");
+		}
+
+		if (rep.data.domain_info.active_directory) {
+			torture_assert(torture,
+				       strlen(rep.data.domain_info.alt_name)>0,
+				       "Active Directory without DNS name");
+			flagstr = talloc_strdup_append(flagstr, "AD ");
+		}
+
+		if (rep.data.domain_info.native_mode) {
+			torture_assert(torture,
+				       rep.data.domain_info.active_directory,
+				       "Native-Mode, but no Active Directory");
+			flagstr = talloc_strdup_append(flagstr, "NA ");
+		}
+
+		torture_comment(torture, "DOMAIN[%u] '%s' => '%s' [%s] [%s]\n",
+				(unsigned)i,
+				rep.data.domain_info.name,
+				rep.data.domain_info.alt_name,
+				flagstr,
+				rep.data.domain_info.sid);
+
+		sid = dom_sid_parse_talloc(torture, rep.data.domain_info.sid);
+		torture_assert(torture, sid, "Failed to parse SID");
+
+		ok = dom_sid_equal(listd[i].sid, sid);
+		torture_assert(torture, ok, talloc_asprintf(torture, "SID's doesn't match [%s] != [%s]",
+			       dom_sid_string(torture, listd[i].sid),
+			       dom_sid_string(torture, sid)));
+
+		torture_assert_str_equal(torture,
+					 rep.data.domain_info.name,
+					 listd[i].netbios_name,
+					 "Netbios domain name doesn't match");
+
+		torture_assert_str_equal(torture,
+					 rep.data.domain_info.alt_name,
+					 listd[i].dns_name,
+					 "DNS domain name doesn't match");
+	}
+
+	return true;
+}
+
+static bool torture_winbind_struct_getdcname(struct torture_context *torture)
+{
+	bool ok;
+	bool strict = torture_setting_bool(torture, "strict mode", false);
+	const char *domain_name = torture_setting_string(torture,
+					"winbindd_netbios_domain",
+					lpcfg_workgroup(torture->lp_ctx));
+	struct torture_trust_domain *listd = NULL;
+	uint32_t i, count = 0;
+
+	torture_comment(torture, "Running WINBINDD_GETDCNAME (struct based)\n");
+
+	ok = get_trusted_domains(torture, &listd);
+	torture_assert(torture, ok, "failed to get trust list");
+
+	for (i=0; listd && listd[i].netbios_name; i++) {
+		struct winbindd_request req;
+		struct winbindd_response rep;
+
+		/* getdcname is not expected to work on "BUILTIN" or our own
+		 * domain */
+		if (strequal(listd[i].netbios_name, "BUILTIN") ||
+		    strequal(listd[i].netbios_name, domain_name)) {
+			continue;
+		}
+
+		ZERO_STRUCT(req);
+		ZERO_STRUCT(rep);
+
+		fstrcpy(req.domain_name, listd[i].netbios_name);
+
+		ok = true;
+		DO_STRUCT_REQ_REP_EXT(WINBINDD_GETDCNAME, &req, &rep,
+				      NSS_STATUS_SUCCESS,
+				      (i <2 || strict), ok = false,
+				      talloc_asprintf(torture, "DOMAIN '%s'",
+				      		      req.domain_name));
+		if (!ok) continue;
+
+		/* TODO: check rep.data.dc_name; */
+		torture_comment(torture, "DOMAIN '%s' => DCNAME '%s'\n",
+				req.domain_name, rep.data.dc_name);
+		count++;
+	}
+
+	if (strict) {
+		torture_assert(torture, count > 0,
+			       "WiNBINDD_GETDCNAME was not tested");
+	}
+	return true;
+}
+
+static bool torture_winbind_struct_dsgetdcname(struct torture_context *torture)
+{
+	bool ok;
+	bool strict = torture_setting_bool(torture, "strict mode", false);
+	struct torture_trust_domain *listd = NULL;
+	uint32_t i;
+	uint32_t count = 0;
+
+	torture_comment(torture, "Running WINBINDD_DSGETDCNAME (struct based)\n");
+
+	ok = get_trusted_domains(torture, &listd);
+	torture_assert(torture, ok, "failed to get trust list");
+
+	for (i=0; listd && listd[i].netbios_name; i++) {
+		struct winbindd_request req;
+		struct winbindd_response rep;
+
+		ZERO_STRUCT(req);
+		ZERO_STRUCT(rep);
+
+		if (strlen(listd[i].dns_name) == 0) continue;
+
+		/*
+		 * TODO: remove this and let winbindd give no dns name
+		 *       for NT4 domains
+		 */
+		if (strcmp(listd[i].dns_name, listd[i].netbios_name) == 0) {
+			continue;
+		}
+
+		fstrcpy(req.domain_name, listd[i].dns_name);
+
+		/* TODO: test more flag combinations */
+		req.flags = DS_DIRECTORY_SERVICE_REQUIRED;
+
+		ok = true;
+		DO_STRUCT_REQ_REP_EXT(WINBINDD_DSGETDCNAME, &req, &rep,
+				      NSS_STATUS_SUCCESS,
+				      strict, ok = false,
+				      talloc_asprintf(torture, "DOMAIN '%s'",
+						      req.domain_name));
+		if (!ok) continue;
+
+		/* TODO: check rep.data.dc_name; */
+		torture_comment(torture, "DOMAIN '%s' => DCNAME '%s'\n",
+				req.domain_name, rep.data.dc_name);
+
+		count++;
+	}
+
+	if (count == 0) {
+		torture_warning(torture, "WINBINDD_DSGETDCNAME"
+				" was not tested with %d non-AD domains",
+				i);
+	}
+
+	if (strict) {
+		torture_assert(torture, count > 0,
+			       "WiNBINDD_DSGETDCNAME was not tested");
+	}
+
+	return true;
+}
+
+static bool get_user_list(struct torture_context *torture, char ***users)
+{
+	struct winbindd_request req;
+	struct winbindd_response rep;
+	char **u = NULL;
+	uint32_t count;
+	char name[256];
+	const char *extra_data;
+
+	ZERO_STRUCT(req);
+	ZERO_STRUCT(rep);
+
+	DO_STRUCT_REQ_REP(WINBINDD_LIST_USERS, &req, &rep);
+
+	extra_data = (char *)rep.extra_data.data;
+	torture_assert(torture, extra_data, "NULL extra data");
+
+	for(count = 0;
+	    next_token(&extra_data, name, ",", sizeof(name));
+	    count++)
+	{
+		u = talloc_realloc(torture, u, char *, count + 2);
+		u[count+1] = NULL;
+		u[count] = talloc_strdup(u, name);
+	}
+
+	SAFE_FREE(rep.extra_data.data);
+
+	*users = u;
+	return true;
+}
+
+static bool torture_winbind_struct_list_users(struct torture_context *torture)
+{
+	char **users;
+	uint32_t count;
+	bool ok;
+
+	torture_comment(torture, "Running WINBINDD_LIST_USERS (struct based)\n");
+
+	ok = get_user_list(torture, &users);
+	torture_assert(torture, ok, "failed to get user list");
+
+	for (count = 0; users[count]; count++) { }
+
+	torture_comment(torture, "got %d users\n", count);
+
+	return true;
+}
+
+static bool get_group_list(struct torture_context *torture,
+			   unsigned int *num_entries,
+			   char ***groups)
+{
+	struct winbindd_request req;
+	struct winbindd_response rep;
+	char **g = NULL;
+	uint32_t count;
+	char name[256];
+	const char *extra_data;
+
+	ZERO_STRUCT(req);
+	ZERO_STRUCT(rep);
+
+	DO_STRUCT_REQ_REP(WINBINDD_LIST_GROUPS, &req, &rep);
+	extra_data = (char *)rep.extra_data.data;
+
+	*num_entries = rep.data.num_entries;
+
+	if (*num_entries == 0) {
+		torture_assert(torture, extra_data == NULL,
+			       "extra data is null for >0 reported entries\n");
+		*groups = NULL;
+		return true;
+	}
+
+	torture_assert(torture, extra_data, "NULL extra data");
+
+	for(count = 0;
+	    next_token(&extra_data, name, ",", sizeof(name));
+	    count++)
+	{
+		g = talloc_realloc(torture, g, char *, count + 2);
+		g[count+1] = NULL;
+		g[count] = talloc_strdup(g, name);
+	}
+
+	SAFE_FREE(rep.extra_data.data);
+
+	torture_assert_int_equal(torture, *num_entries, count,
+				 "Wrong number of group entries reported.");
+
+	*groups = g;
+	return true;
+}
+
+static bool torture_winbind_struct_list_groups(struct torture_context *torture)
+{
+	char **groups;
+	uint32_t count;
+	bool ok;
+
+	torture_comment(torture, "Running WINBINDD_LIST_GROUPS (struct based)\n");
+
+	ok = get_group_list(torture, &count, &groups);
+	torture_assert(torture, ok, "failed to get group list");
+
+	torture_comment(torture, "got %d groups\n", count);
+
+	return true;
+}
+
+struct torture_domain_sequence {
+	const char *netbios_name;
+	uint32_t seq;
+};
+
+static bool get_sequence_numbers(struct torture_context *torture,
+				 struct torture_domain_sequence **seqs)
+{
+	struct winbindd_request req;
+	struct winbindd_response rep;
+	const char *extra_data;
+	char line[256];
+	uint32_t count = 0;
+	struct torture_domain_sequence *s = NULL;
+
+	ZERO_STRUCT(req);
+	ZERO_STRUCT(rep);
+
+	DO_STRUCT_REQ_REP(WINBINDD_SHOW_SEQUENCE, &req, &rep);
+
+	extra_data = (char *)rep.extra_data.data;
+	torture_assert(torture, extra_data, "NULL sequence list");
+
+	while (next_token(&extra_data, line, "\n", sizeof(line))) {
+		char *p, *lp;
+		uint32_t seq;
+
+		s = talloc_realloc(torture, s, struct torture_domain_sequence,
+				   count + 2);
+		ZERO_STRUCT(s[count+1]);
+
+		lp = line;
+		p = strchr(lp, ' ');
+		torture_assert(torture, p, "invalid line format");
+		*p = 0;
+		s[count].netbios_name = talloc_strdup(s, lp);
+
+		lp = p+1;
+		torture_assert(torture, strncmp(lp, ": ", 2) == 0,
+			       "invalid line format");
+		lp += 2;
+		if (strcmp(lp, "DISCONNECTED") == 0) {
+			seq = (uint32_t)-1;
+		} else {
+			seq = (uint32_t)strtol(lp, &p, 10);
+			torture_assert(torture, (*p == '\0'),
+				       "invalid line format");
+			torture_assert(torture, (seq != (uint32_t)-1),
+				       "sequence number -1 encountered");
+		}
+		s[count].seq = seq;
+
+		count++;
+	}
+	SAFE_FREE(rep.extra_data.data);
+
+	torture_assert(torture, count >= 2, "The list of domain sequence "
+		       "numbers should contain 2 entries");
+
+	*seqs = s;
+	return true;
+}
+
+static bool torture_winbind_struct_show_sequence(struct torture_context *torture)
+{
+	bool ok;
+	uint32_t i;
+	struct torture_trust_domain *domlist = NULL;
+	struct torture_domain_sequence *s = NULL;
+
+	torture_comment(torture, "Running WINBINDD_SHOW_SEQUENCE (struct based)\n");
+
+	ok = get_sequence_numbers(torture, &s);
+	torture_assert(torture, ok, "failed to get list of sequence numbers");
+
+	ok = get_trusted_domains(torture, &domlist);
+	torture_assert(torture, ok, "failed to get trust list");
+
+	for (i=0; domlist[i].netbios_name; i++) {
+		struct winbindd_request req;
+		struct winbindd_response rep;
+		uint32_t seq;
+
+		torture_assert(torture, s[i].netbios_name,
+			       "more domains received in second run");
+		torture_assert_str_equal(torture, domlist[i].netbios_name,
+					 s[i].netbios_name,
+					 "inconsistent order of domain lists");
+
+		ZERO_STRUCT(req);
+		ZERO_STRUCT(rep);
+		fstrcpy(req.domain_name, domlist[i].netbios_name);
+
+		ok = true;
+		DO_STRUCT_REQ_REP_EXT(WINBINDD_SHOW_SEQUENCE, &req, &rep,
+				      NSS_STATUS_SUCCESS,
+				      false, ok = false,
+				      "WINBINDD_SHOW_SEQUENCE");
+		if (ok == false) {
+			torture_warning(torture,
+					"WINBINDD_SHOW_SEQUENCE on "
+					"domain %s failed\n",
+					req.domain_name);
+
+			/*
+			 * Only fail for the first two domain that we
+			 * check specially below, otherwise we fail on
+			 * trusts generated by the LSA torture test
+			 * that do not really exist.
+			 */
+			if (i > 1) {
+				/*
+				 * Do not confirm the sequence numbers
+				 * below
+				 */
+				return true;
+			}
+
+			torture_comment(torture,
+					"Full trust list for "
+					"WINBINDD_SHOW_SEQUENCE "
+					"test was:\n");
+			for (i=0; domlist[i].netbios_name; i++) {
+				torture_comment(torture,
+						"%s\n",
+						domlist[i].netbios_name);
+			}
+
+			return false;
+		}
+
+		seq = rep.data.sequence_number;
+
+		if (i == 0) {
+			torture_assert(torture, (seq != (uint32_t)-1),
+				       "BUILTIN domain disconnected");
+		} else if (i == 1) {
+			torture_assert(torture, (seq != (uint32_t)-1),
+				       "local domain disconnected");
+		}
+
+
+		if (seq == (uint32_t)-1) {
+			torture_comment(torture, " * %s : DISCONNECTED\n",
+					req.domain_name);
+		} else {
+			torture_comment(torture, " * %s : %d\n",
+					req.domain_name, seq);
+		}
+		torture_assert(torture, (seq >= s[i].seq),
+			       "illegal sequence number encountered");
+	}
+
+	return true;
+}
+
+static bool torture_winbind_struct_setpwent(struct torture_context *torture)
+{
+	struct winbindd_request req;
+	struct winbindd_response rep;
+
+	torture_comment(torture, "Running WINBINDD_SETPWENT (struct based)\n");
+
+	ZERO_STRUCT(req);
+	ZERO_STRUCT(rep);
+
+	DO_STRUCT_REQ_REP(WINBINDD_SETPWENT, &req, &rep);
+
+	return true;
+}
+
+static bool torture_winbind_struct_getpwent(struct torture_context *torture)
+{
+	struct winbindd_request req;
+	struct winbindd_response rep;
+	struct winbindd_pw *pwent;
+
+	torture_comment(torture, "Running WINBINDD_GETPWENT (struct based)\n");
+
+	torture_comment(torture, " - Running WINBINDD_SETPWENT first\n");
+	ZERO_STRUCT(req);
+	ZERO_STRUCT(rep);
+	DO_STRUCT_REQ_REP(WINBINDD_SETPWENT, &req, &rep);
+
+	torture_comment(torture, " - Running WINBINDD_GETPWENT now\n");
+	ZERO_STRUCT(req);
+	ZERO_STRUCT(rep);
+	req.data.num_entries = 1;
+	if (torture_setting_bool(torture, "samba3", false)) {
+		DO_STRUCT_REQ_REP_EXT(WINBINDD_GETPWENT, &req, &rep,
+				      NSS_STATUS_SUCCESS, false, _STRUCT_NOOP,
+				      NULL);
+	} else {
+		DO_STRUCT_REQ_REP(WINBINDD_GETPWENT, &req, &rep);
+	}
+	pwent = (struct winbindd_pw *)rep.extra_data.data;
+	if (!torture_setting_bool(torture, "samba3", false)) {
+		torture_assert(torture, (pwent != NULL), "NULL pwent");
+	}
+	if (pwent) {
+		torture_comment(torture, "name: %s, uid: %d, gid: %d, shell: %s\n",
+				pwent->pw_name, pwent->pw_uid, pwent->pw_gid,
+				pwent->pw_shell);
+	}
+
+	return true;
+}
+
+static bool torture_winbind_struct_endpwent(struct torture_context *torture)
+{
+	struct winbindd_request req;
+	struct winbindd_response rep;
+
+	torture_comment(torture, "Running WINBINDD_ENDPWENT (struct based)\n");
+
+	ZERO_STRUCT(req);
+	ZERO_STRUCT(rep);
+
+	DO_STRUCT_REQ_REP(WINBINDD_ENDPWENT, &req, &rep);
+
+	return true;
+}
+
+/* Copy of parse_domain_user from winbindd_util.c.  Parse a string of the
+   form DOMAIN/user into a domain and a user */
+
+static bool parse_domain_user(struct torture_context *torture,
+			      const char *domuser, fstring domain,
+			      fstring user)
+{
+	char *p = strchr(domuser, winbind_separator(torture));
+	char *dom = NULL;
+
+	if (!p) {
+		/* Maybe it was a UPN? */
+		if ((p = strchr(domuser, '@')) != NULL) {
+			fstrcpy(domain, "");
+			fstrcpy(user, domuser);
+			return true;
+		}
+
+		fstrcpy(user, domuser);
+		get_winbind_domain(torture, &dom);
+		fstrcpy(domain, dom);
+		return true;
+	}
+
+	fstrcpy(user, p+1);
+	fstrcpy(domain, domuser);
+	domain[PTR_DIFF(p, domuser)] = 0;
+
+	return true;
+}
+
+static bool lookup_name_sid_list(struct torture_context *torture, char **list)
+{
+	uint32_t count;
+
+	for (count = 0; list[count]; count++) {
+		struct winbindd_request req;
+		struct winbindd_response rep;
+		char *sid;
+		char *name;
+		const char *domain_name = torture_setting_string(torture,
+						"winbindd_domain_without_prefix",
+						NULL);
+
+		ZERO_STRUCT(req);
+		ZERO_STRUCT(rep);
+
+		parse_domain_user(torture, list[count], req.data.name.dom_name,
+				  req.data.name.name);
+
+		DO_STRUCT_REQ_REP(WINBINDD_LOOKUPNAME, &req, &rep);
+
+		sid = talloc_strdup(torture, rep.data.sid.sid);
+
+		ZERO_STRUCT(req);
+		ZERO_STRUCT(rep);
+
+		fstrcpy(req.data.sid, sid);
+
+		DO_STRUCT_REQ_REP(WINBINDD_LOOKUPSID, &req, &rep);
+
+		if (domain_name != NULL &&
+		    strequal(rep.data.name.dom_name, domain_name))
+		{
+			name = talloc_asprintf(torture, "%s",
+					       rep.data.name.name);
+		} else {
+			name = talloc_asprintf(torture, "%s%c%s",
+					       rep.data.name.dom_name,
+					       winbind_separator(torture),
+					       rep.data.name.name);
+		}
+
+		torture_assert_casestr_equal(torture, list[count], name,
+					 "LOOKUP_SID after LOOKUP_NAME != id");
+
+#if 0
+		torture_comment(torture, " %s -> %s -> %s\n", list[count],
+				sid, name);
+#endif
+
+		talloc_free(sid);
+		talloc_free(name);
+	}
+
+	return true;
+}
+
+static bool name_is_in_list(const char *name, char **list)
+{
+	uint32_t count;
+
+	for (count = 0; list && list[count]; count++) {
+		if (strequal(name, list[count])) {
+			return true;
+		}
+	}
+	return false;
+}
+
+static bool torture_winbind_struct_lookup_name_sid(struct torture_context *torture)
+{
+	struct winbindd_request req;
+	struct winbindd_response rep;
+	const char *invalid_sid = "S-0-0-7";
+	char *domain = NULL;
+	const char *invalid_user = "no one";
+	char *invalid_name;
+	bool strict = torture_setting_bool(torture, "strict mode", false);
+	char **users;
+	char **groups;
+	uint32_t count, num_groups;
+	bool ok;
+
+	torture_comment(torture, "Running WINBINDD_LOOKUP_NAME_SID (struct based)\n");
+
+	ok = get_user_list(torture, &users);
+	torture_assert(torture, ok, "failed to retrieve list of users");
+	lookup_name_sid_list(torture, users);
+
+	ok = get_group_list(torture, &num_groups, &groups);
+	torture_assert(torture, ok, "failed to retrieve list of groups");
+	if (num_groups > 0) {
+		lookup_name_sid_list(torture, groups);
+	}
+
+	ZERO_STRUCT(req);
+	ZERO_STRUCT(rep);
+
+	fstrcpy(req.data.sid, invalid_sid);
+
+	ok = true;
+	DO_STRUCT_REQ_REP_EXT(WINBINDD_LOOKUPSID, &req, &rep,
+			      NSS_STATUS_NOTFOUND,
+			      strict,
+			      ok=false,
+			      talloc_asprintf(torture,
+					      "invalid sid %s was resolved",
+					      invalid_sid));
+
+	ZERO_STRUCT(req);
+	ZERO_STRUCT(rep);
+
+	/* try to find an invalid name... */
+
+	count = 0;
+	get_winbind_domain(torture, &domain);
+	do {
+		count++;
+		invalid_name = talloc_asprintf(torture, "%s/%s%u",
+					       domain,
+					       invalid_user, count);
+	} while(name_is_in_list(invalid_name, users) ||
+		name_is_in_list(invalid_name, groups));
+
+	fstrcpy(req.data.name.dom_name, domain);
+	fstrcpy(req.data.name.name,
+		talloc_asprintf(torture, "%s%u", invalid_user,
+				count));
+
+	ok = true;
+	DO_STRUCT_REQ_REP_EXT(WINBINDD_LOOKUPNAME, &req, &rep,
+			      NSS_STATUS_NOTFOUND,
+			      strict,
+			      ok=false,
+			      talloc_asprintf(torture,
+					      "invalid name %s was resolved",
+					      invalid_name));
+
+	talloc_free(users);
+	talloc_free(groups);
+
+	return true;
+}
+
+static bool torture_winbind_struct_lookup_sids_invalid(
+	struct torture_context *torture)
+{
+	struct winbindd_request req = {0};
+	struct winbindd_response rep = {0};
+	bool strict = torture_setting_bool(torture, "strict mode", false);
+	bool ok;
+
+	torture_comment(torture,
+			"Running WINBINDD_LOOKUP_SIDS (struct based)\n");
+
+	ok = true;
+	DO_STRUCT_REQ_REP_EXT(WINBINDD_LOOKUPSIDS, &req, &rep,
+			      NSS_STATUS_NOTFOUND,
+			      strict,
+			      ok=false,
+			      talloc_asprintf(
+				      torture,
+				      "invalid lookupsids succeeded"));
+
+	return ok;
+}
+
+struct torture_suite *torture_winbind_struct_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "struct");
+
+	torture_suite_add_simple_test(suite, "interface_version", torture_winbind_struct_interface_version);
+	torture_suite_add_simple_test(suite, "ping", torture_winbind_struct_ping);
+	torture_suite_add_simple_test(suite, "info", torture_winbind_struct_info);
+	torture_suite_add_simple_test(suite, "priv_pipe_dir", torture_winbind_struct_priv_pipe_dir);
+	torture_suite_add_simple_test(suite, "netbios_name", torture_winbind_struct_netbios_name);
+	torture_suite_add_simple_test(suite, "domain_name", torture_winbind_struct_domain_name);
+	torture_suite_add_simple_test(suite, "check_machacc", torture_winbind_struct_check_machacc);
+	torture_suite_add_simple_test(suite, "list_trustdom", torture_winbind_struct_list_trustdom);
+	torture_suite_add_simple_test(suite, "domain_info", torture_winbind_struct_domain_info);
+	torture_suite_add_simple_test(suite, "getdcname", torture_winbind_struct_getdcname);
+	torture_suite_add_simple_test(suite, "dsgetdcname", torture_winbind_struct_dsgetdcname);
+	torture_suite_add_simple_test(suite, "list_users", torture_winbind_struct_list_users);
+	torture_suite_add_simple_test(suite, "list_groups", torture_winbind_struct_list_groups);
+	torture_suite_add_simple_test(suite, "show_sequence", torture_winbind_struct_show_sequence);
+	torture_suite_add_simple_test(suite, "setpwent", torture_winbind_struct_setpwent);
+	torture_suite_add_simple_test(suite, "getpwent", torture_winbind_struct_getpwent);
+	torture_suite_add_simple_test(suite, "endpwent", torture_winbind_struct_endpwent);
+	torture_suite_add_simple_test(suite, "lookup_name_sid", torture_winbind_struct_lookup_name_sid);
+	torture_suite_add_simple_test(
+		suite,
+		"lookup_sids_invalid",
+		torture_winbind_struct_lookup_sids_invalid);
+
+	suite->description = talloc_strdup(suite, "WINBIND - struct based protocol tests");
+
+	return suite;
+}
diff --git a/source4/torture/winbind/winbind.c b/source4/torture/winbind/winbind.c
new file mode 100644
index 0000000..4acfd38
--- /dev/null
+++ b/source4/torture/winbind/winbind.c
@@ -0,0 +1,335 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB torture tester
+   Copyright (C) Stefan Metzmacher 2007
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2012
+   Copyright (C) Christof Schmit <christof.schmitt@us.ibm.com> 2012
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/smbtorture.h"
+#include "torture/winbind/proto.h"
+#include "auth/auth.h"
+#include "auth/auth_sam_reply.h"
+#include "auth/gensec/gensec.h"
+#include "system/kerberos.h"
+#include "auth/kerberos/kerberos.h"
+#include "auth/credentials/credentials.h"
+#include "param/param.h"
+#include "lib/cmdline/cmdline.h"
+#include "auth/kerberos/pac_utils.h"
+#include "wbclient.h"
+
+struct pac_data {
+	DATA_BLOB pac_blob;
+};
+
+/* A helper function which avoids touching the local databases to
+ * generate the session info, as we just want to verify the PAC
+ * details, not the full local token */
+static NTSTATUS test_generate_session_info_pac(struct auth4_context *auth_ctx,
+					       TALLOC_CTX *mem_ctx,
+					       struct smb_krb5_context *smb_krb5_context,
+					       DATA_BLOB *pac_blob,
+					       const char *principal_name,
+					       const struct tsocket_address *remote_address,
+					       uint32_t session_info_flags,
+					       struct auth_session_info **session_info)
+{
+	NTSTATUS nt_status;
+	struct auth_user_info_dc *user_info_dc;
+	TALLOC_CTX *tmp_ctx;
+	struct pac_data *pac_data;
+
+	if (pac_blob == NULL) {
+		DBG_ERR("pac_blob missing\n");
+		return NT_STATUS_NO_IMPERSONATION_TOKEN;
+	}
+
+	tmp_ctx = talloc_named(mem_ctx, 0, "gensec_gssapi_session_info context");
+	NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
+
+	auth_ctx->private_data = pac_data = talloc_zero(auth_ctx, struct pac_data); 
+
+	pac_data->pac_blob = *pac_blob;
+
+	talloc_steal(pac_data, pac_data->pac_blob.data);
+	nt_status = kerberos_pac_blob_to_user_info_dc(tmp_ctx,
+						      *pac_blob,
+						      smb_krb5_context->krb5_context,
+						      &user_info_dc,
+						      NULL, NULL);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(tmp_ctx);
+		return nt_status;
+	}
+
+	if (!(user_info_dc->info->user_flags & NETLOGON_GUEST)) {
+		session_info_flags |= AUTH_SESSION_INFO_AUTHENTICATED;
+	}
+
+	session_info_flags |= AUTH_SESSION_INFO_SIMPLE_PRIVILEGES;
+	nt_status = auth_generate_session_info(mem_ctx,
+					       NULL,
+					       NULL,
+					       user_info_dc, session_info_flags,
+					       session_info);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(tmp_ctx);
+		return nt_status;
+	}
+
+	talloc_free(tmp_ctx);
+	return nt_status;
+}
+
+static bool torture_decode_compare_pac(struct torture_context *tctx,
+				       DATA_BLOB pac)
+{
+	struct wbcAuthUserParams params;
+	struct wbcAuthUserInfo *info;
+	struct wbcAuthErrorInfo *error;
+	struct PAC_LOGON_INFO *logon_info;
+	struct netr_SamInfo3 *info3;
+	struct netr_SamBaseInfo *base;
+	struct PAC_DOMAIN_GROUP_MEMBERSHIP *resource_groups = NULL;
+	wbcErr wbc_err;
+	NTSTATUS status;
+	int sid_idx, i;
+	char sid_str[50];
+
+	/* Let winbind decode the PAC */
+	memset(&params, 0, sizeof(params));
+	params.level = WBC_AUTH_USER_LEVEL_PAC;
+	params.password.pac.data = pac.data;
+	params.password.pac.length = pac.length;
+
+	wbc_err = wbcAuthenticateUserEx(&params, &info, &error);
+	torture_assert(tctx, WBC_ERROR_IS_OK(wbc_err), wbcErrorString(wbc_err));
+
+	/* Decode the PAC internally */
+	status = kerberos_pac_logon_info(tctx, pac, NULL, NULL, NULL, NULL, 0,
+					 &logon_info);
+	torture_assert(tctx, NT_STATUS_IS_OK(status), "pac_logon_info");
+	info3 = &logon_info->info3;
+	base = &info3->base;
+	resource_groups = &logon_info->resource_groups;
+
+	/* Compare the decoded data from winbind and from internal call */
+	torture_assert(tctx, info->user_flags == base->user_flags, "user_flags");
+	torture_assert_str_equal(tctx, info->account_name, base->account_name.string, "account_name");
+	torture_assert_str_equal(tctx, info->full_name, base->full_name.string, "full_name");
+	torture_assert_str_equal(tctx, info->domain_name, base->logon_domain.string, "domain_name");
+	torture_assert(tctx, info->acct_flags == base->acct_flags, "acct_flags");
+	torture_assert(tctx, info->logon_count == base->logon_count, "logon_count");
+	torture_assert(tctx, info->bad_password_count == base->bad_password_count, "bad_password_count");
+	torture_assert(tctx, info->logon_time == nt_time_to_unix(base->logon_time), "logon_time");
+	torture_assert(tctx, info->logoff_time == nt_time_to_unix(base->logoff_time), "logoff_time");
+	torture_assert(tctx, info->kickoff_time == nt_time_to_unix(base->kickoff_time), "kickoff_time");
+	torture_assert(tctx, info->pass_last_set_time == nt_time_to_unix(base->last_password_change), "last_password_change");
+	torture_assert(tctx, info->pass_can_change_time == nt_time_to_unix(base->allow_password_change), "allow_password_change");
+	torture_assert(tctx, info->pass_must_change_time == nt_time_to_unix(base->force_password_change), "force_password_change");
+	torture_assert(tctx, info->num_sids == 2 + base->groups.count + info3->sidcount + resource_groups->groups.count, "num_sids");
+
+	sid_idx = 0;
+	wbcSidToStringBuf(&info->sids[sid_idx].sid, sid_str, sizeof(sid_str));
+	torture_assert(tctx,
+		       dom_sid_equal(dom_sid_parse_talloc(tctx, sid_str),
+				     dom_sid_add_rid(tctx, base->domain_sid, base->rid)),
+		       sid_str);
+
+	sid_idx++;
+	wbcSidToStringBuf(&info->sids[sid_idx].sid, sid_str, sizeof(sid_str));
+	torture_assert(tctx,
+		       dom_sid_equal(dom_sid_parse_talloc(tctx, sid_str),
+				     dom_sid_add_rid(tctx, base->domain_sid, base->primary_gid)),
+		       sid_str);
+
+	for(i = 0; i < base->groups.count; i++ ) {
+		sid_idx++;
+		wbcSidToStringBuf(&info->sids[sid_idx].sid,
+				  sid_str, sizeof(sid_str));
+		torture_assert_sid_equal(tctx,
+					 dom_sid_parse_talloc(tctx, sid_str),
+					 dom_sid_add_rid(tctx, base->domain_sid,
+							 base->groups.rids[i].rid),
+					 "base SID mismatch");
+	}
+
+	for(i = 0; i < info3->sidcount; i++) {
+		sid_idx++;
+		wbcSidToStringBuf(&info->sids[sid_idx].sid,
+				  sid_str, sizeof(sid_str));
+		torture_assert_sid_equal(tctx,
+					 dom_sid_parse_talloc(tctx, sid_str),
+					 info3->sids[i].sid,
+					 "extra SID mismatch");
+	}
+
+	for (i = 0; i < resource_groups->groups.count; i++) {
+		sid_idx++;
+		wbcSidToStringBuf(&info->sids[sid_idx].sid,
+				  sid_str, sizeof(sid_str));
+		torture_assert_sid_equal(tctx,
+					 dom_sid_parse_talloc(tctx, sid_str),
+					 dom_sid_add_rid(tctx, resource_groups->domain_sid,
+							 resource_groups->groups.rids[i].rid),
+					 "resource SID mismatch");
+	}
+
+	sid_idx++;
+	torture_assert_int_equal(tctx, sid_idx, info->num_sids, "some SIDs still unaccounted for");
+
+	return true;
+}
+
+static bool torture_winbind_pac(struct torture_context *tctx,
+				const char *sasl_mech,
+				const char *mech)
+{
+	NTSTATUS status;
+
+	struct gensec_security *gensec_client_context;
+	struct gensec_security *gensec_server_context;
+	struct cli_credentials *machine_credentials;
+
+	DATA_BLOB client_to_server, server_to_client;	
+
+	struct auth4_context *auth_context;
+	struct auth_session_info *session_info;
+	struct pac_data *pac_data;
+
+	TALLOC_CTX *tmp_ctx = talloc_new(tctx);
+	torture_assert(tctx, tmp_ctx != NULL, "talloc_new() failed");
+
+	machine_credentials = cli_credentials_init_server(tmp_ctx,
+							  tctx->lp_ctx);
+	torture_assert(tctx, machine_credentials != NULL, "cli_credentials_init() failed");
+
+	auth_context = talloc_zero(tmp_ctx, struct auth4_context);
+	torture_assert(tctx, auth_context != NULL, "talloc_new() failed");
+
+	auth_context->generate_session_info_pac = test_generate_session_info_pac;
+
+	status = gensec_client_start(tctx, &gensec_client_context,
+				     lpcfg_gensec_settings(tctx, tctx->lp_ctx));
+	torture_assert_ntstatus_ok(tctx, status, "gensec_client_start (client) failed");
+
+	status = gensec_set_target_hostname(gensec_client_context, cli_credentials_get_workstation(machine_credentials));
+	torture_assert_ntstatus_ok(tctx, status, "gensec_set_target_hostname (client) failed");
+
+	status = gensec_set_credentials(gensec_client_context,
+			samba_cmdline_get_creds());
+	torture_assert_ntstatus_ok(tctx, status, "gensec_set_credentials (client) failed");
+
+	if (sasl_mech) {
+		status = gensec_start_mech_by_sasl_name(gensec_client_context, sasl_mech);
+		torture_assert_ntstatus_ok(tctx, status, "gensec_start_mech_by_sasl_name (client) failed");
+	} else {
+		status = gensec_start_mech_by_name(gensec_client_context, mech);
+		torture_assert_ntstatus_ok(tctx, status, "gensec_start_mech_by_name (client) failed");
+	}
+
+
+	status = gensec_server_start(tctx,
+				     lpcfg_gensec_settings(tctx, tctx->lp_ctx),
+				     auth_context, &gensec_server_context);
+	torture_assert_ntstatus_ok(tctx, status, "gensec_server_start (server) failed");
+
+	status = gensec_set_credentials(gensec_server_context, machine_credentials);
+	torture_assert_ntstatus_ok(tctx, status, "gensec_set_credentials (server) failed");
+
+	if (sasl_mech) {
+		status = gensec_start_mech_by_sasl_name(gensec_server_context, sasl_mech);
+		torture_assert_ntstatus_ok(tctx, status, "gensec_start_mech_by_sasl_name (server) failed");
+	} else {
+		status = gensec_start_mech_by_name(gensec_server_context, mech);
+		torture_assert_ntstatus_ok(tctx, status, "gensec_start_mech_by_name (server) failed");
+	}
+
+	server_to_client = data_blob(NULL, 0);
+	
+	do {
+		/* Do a client-server update dance */
+		status = gensec_update(gensec_client_context, tmp_ctx, server_to_client, &client_to_server);
+		if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {;
+			torture_assert_ntstatus_ok(tctx, status, "gensec_update (client) failed");
+		}
+
+		status = gensec_update(gensec_server_context, tmp_ctx, client_to_server, &server_to_client);
+		if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {;
+			torture_assert_ntstatus_ok(tctx, status, "gensec_update (server) failed");
+		}
+
+		if (NT_STATUS_IS_OK(status)) {
+			break;
+		}
+	} while (1);
+
+	/* Extract the PAC using Samba's code */
+
+	status = gensec_session_info(gensec_server_context, gensec_server_context, &session_info);
+	torture_assert_ntstatus_ok(tctx, status, "gensec_session_info failed");
+
+	pac_data = talloc_get_type(auth_context->private_data, struct pac_data);
+
+	torture_assert(tctx, pac_data != NULL, "gensec_update failed to fill in pac_data in auth_context");
+	torture_assert(tctx, pac_data->pac_blob.data != NULL, "pac_blob not present");
+	torture_decode_compare_pac(tctx, pac_data->pac_blob);
+
+	return true;
+}
+
+static bool torture_winbind_pac_gssapi(struct torture_context *tctx)
+{
+	return torture_winbind_pac(tctx, "GSSAPI", NULL);
+}	
+
+static bool torture_winbind_pac_gss_spnego(struct torture_context *tctx)
+{
+	return torture_winbind_pac(tctx, "GSS-SPNEGO", NULL);
+}	
+
+static bool torture_winbind_pac_krb5(struct torture_context *tctx)
+{
+	return torture_winbind_pac(tctx, NULL, "krb5");
+}	
+
+NTSTATUS torture_winbind_init(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "winbind");
+	struct torture_suite *pac_suite;
+	torture_suite_add_suite(suite, torture_winbind_struct_init(suite));
+	torture_suite_add_suite(suite, torture_wbclient(suite));
+
+	pac_suite = torture_suite_create(ctx, "pac");
+	torture_suite_add_simple_test(pac_suite,
+				      "GSSAPI", torture_winbind_pac_gssapi);
+	torture_suite_add_simple_test(pac_suite,
+				      "GSS-SPNEGO", torture_winbind_pac_gss_spnego);
+	torture_suite_add_simple_test(pac_suite,
+				      "krb5", torture_winbind_pac_krb5);
+
+	pac_suite->description = talloc_strdup(suite, "Winbind Kerberos PAC tests");
+
+	torture_suite_add_suite(suite, pac_suite);
+
+	suite->description = talloc_strdup(suite, "WINBIND tests");
+
+	torture_register_suite(ctx, suite);
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/torture/winbind/wscript_build b/source4/torture/winbind/wscript_build
new file mode 100644
index 0000000..07b0b2b
--- /dev/null
+++ b/source4/torture/winbind/wscript_build
@@ -0,0 +1,10 @@
+#!/usr/bin/env python
+
+bld.SAMBA_MODULE('TORTURE_WINBIND',
+	source='winbind.c struct_based.c ../../../nsswitch/libwbclient/tests/wbclient.c',
+	autoproto='proto.h',
+	subsystem='smbtorture',
+	init_function='torture_winbind_init',
+	deps='popt wbclient torture PAM_ERRORS winbindd-lib',
+	internal_module=True
+	)
diff --git a/source4/torture/wscript_build b/source4/torture/wscript_build
new file mode 100644
index 0000000..1ddce71
--- /dev/null
+++ b/source4/torture/wscript_build
@@ -0,0 +1,361 @@
+#!/usr/bin/env python
+
+provision = bld.pyembed_libname('PROVISION')
+samba_net = bld.pyembed_libname('samba-net')
+
+bld.SAMBA_SUBSYSTEM('TORTURE_UTIL',
+	source='util_smb.c',
+	public_deps='torture',
+	deps='smbclient-raw CMDLINE_S4 CREDENTIALS_KRB5'
+	)
+
+
+bld.SAMBA_MODULE('TORTURE_BASIC',
+	source='basic/base.c basic/misc.c basic/scanner.c basic/utable.c basic/charset.c basic/mangle_test.c basic/denytest.c basic/aliases.c basic/locking.c basic/secleak.c basic/rename.c basic/dir.c basic/delete.c basic/unlink.c basic/disconnect.c basic/delaywrite.c basic/attr.c basic/properties.c',
+	subsystem='smbtorture',
+	deps='LIBCLI_SMB TORTURE_UTIL smbclient-raw TORTURE_RAW',
+	internal_module=True,
+	autoproto='basic/proto.h',
+	init_function='torture_base_init',
+	enabled=bld.PYTHON_BUILD_IS_ENABLED()
+	)
+
+
+bld.SAMBA_MODULE('TORTURE_RAW',
+	source='raw/qfsinfo.c raw/qfileinfo.c raw/setfileinfo.c raw/search.c raw/close.c raw/open.c raw/mkdir.c raw/oplock.c raw/notify.c raw/mux.c raw/ioctl.c raw/chkpath.c raw/unlink.c raw/read.c raw/context.c raw/session.c raw/write.c raw/lock.c raw/pingpong.c raw/lockbench.c raw/lookuprate.c raw/tconrate.c raw/openbench.c raw/rename.c raw/eas.c raw/streams.c raw/acls.c raw/seek.c raw/samba3hide.c raw/samba3misc.c raw/composite.c raw/raw.c raw/offline.c',
+	autoproto='raw/proto.h',
+	subsystem='smbtorture',
+	init_function='torture_raw_init',
+	deps='LIBCLI_SMB LIBCLI_LSA LIBCLI_SMB_COMPOSITE TORTURE_UTIL',
+	internal_module=True,
+	enabled=bld.PYTHON_BUILD_IS_ENABLED()
+	)
+
+bld.RECURSE('smb2')
+bld.RECURSE('winbind')
+bld.RECURSE('libnetapi')
+bld.RECURSE('libsmbclient')
+bld.RECURSE('gpo')
+
+ntvfs_specific = dict(source='', deps='')
+
+# Yes, the spoolss_notify test uses the NTVFS file server to run the SMB server expected
+# to handle the RPC callback!
+if bld.CONFIG_SET('WITH_NTVFS_FILESERVER'):
+	ntvfs_specific['source'] += ' rpc/spoolss_notify.c'
+	ntvfs_specific['deps'] += ' SMB_SERVER dcerpc_server ntvfs'
+
+bld.SAMBA_SUBSYSTEM('TORTURE_NDR',
+        source='''ndr/ndr.c
+                  ndr/dcerpc.c
+                  ndr/winreg.c
+                  ndr/atsvc.c
+                  ndr/lsa.c
+                  ndr/epmap.c
+                  ndr/dfs.c
+                  ndr/netlogon.c
+                  ndr/drsuapi.c
+                  ndr/spoolss.c
+                  ndr/ntprinting.c
+                  ndr/samr.c
+                  ndr/dfsblob.c
+                  ndr/drsblobs.c
+                  ndr/dnsp.c
+                  ndr/nbt.c
+                  ndr/ntlmssp.c
+                  ndr/string.c
+                  ndr/backupkey.c
+                  ndr/witness.c
+                  ndr/clusapi.c
+                  ndr/negoex.c
+                  ndr/krb5pac.c
+                  ndr/winspool.c
+                  ndr/cabinet.c
+                  ndr/charset.c
+                  ndr/svcctl.c
+                  ndr/odj.c
+		  ''',
+	autoproto='ndr/proto.h',
+	deps='torture krb5samba',
+	enabled=bld.PYTHON_BUILD_IS_ENABLED()
+	)
+
+bld.SAMBA_SUBSYSTEM('IREMOTEWINSPOOL_COMMON',
+                    source='rpc/iremotewinspool_common.c',
+                    deps='talloc',
+                    enabled=bld.PYTHON_BUILD_IS_ENABLED())
+
+bld.SAMBA_MODULE('torture_rpc',
+                 source='''
+                        rpc/join.c
+                        rpc/lsa.c
+                        rpc/forest_trust.c
+                        rpc/lsa_lookup.c
+                        rpc/session_key.c
+                        rpc/echo.c
+                        rpc/dfs.c
+                        rpc/drsuapi.c
+                        rpc/drsuapi_w2k8.c
+                        rpc/drsuapi_cracknames.c
+                        rpc/dsgetinfo.c
+                        rpc/spoolss.c
+                        rpc/spoolss_win.c
+                        rpc/spoolss_access.c
+                        rpc/unixinfo.c
+                        rpc/samr.c
+                        rpc/samr_accessmask.c
+                        rpc/samr_handletype.c
+                        rpc/samr_priv.c
+                        rpc/wkssvc.c
+                        rpc/srvsvc.c
+                        rpc/svcctl.c
+                        rpc/atsvc.c
+                        rpc/eventlog.c
+                        rpc/epmapper.c
+                        rpc/winreg.c
+                        rpc/initshutdown.c
+                        rpc/mgmt.c
+                        rpc/scanner.c
+                        rpc/countcalls.c
+                        rpc/testjoin.c
+                        rpc/schannel.c
+                        rpc/netlogon.c
+                        rpc/netlogon_crypto.c
+                        rpc/remote_pac.c
+                        rpc/samlogon.c
+                        rpc/samsync.c
+                        rpc/dssetup.c
+                        rpc/alter_context.c
+                        rpc/bench.c
+                        rpc/samba3rpc.c
+                        rpc/rpc.c
+                        rpc/async_bind.c
+                        rpc/handles.c
+                        rpc/frsapi.c
+                        rpc/object_uuid.c
+                        rpc/ntsvcs.c
+                        rpc/browser.c
+                        rpc/bind.c
+                        rpc/fsrvp.c
+                        rpc/clusapi.c
+                        rpc/witness.c
+                        rpc/iremotewinspool.c
+                        rpc/iremotewinspool_driver.c
+                        rpc/mdssvc.c
+                        rpc/backupkey.c''' + ntvfs_specific['source'],
+                 autoproto='rpc/proto.h',
+                 subsystem='smbtorture',
+                 init_function='torture_rpc_init',
+                 deps='''
+                      ndr-table
+                      RPC_NDR_UNIXINFO
+                      dcerpc-samr
+                      RPC_NDR_WINREG
+                      RPC_NDR_INITSHUTDOWN
+                      RPC_NDR_EVENTLOG
+                      RPC_NDR_ECHO
+                      RPC_NDR_SVCCTL
+                      RPC_NDR_NETLOGON
+                      RPC_NDR_ATSVC
+                      RPC_NDR_DRSUAPI
+                      RPC_NDR_LSA
+                      RPC_NDR_EPMAPPER
+                      RPC_NDR_DFS
+                      RPC_NDR_FRSAPI
+                      RPC_NDR_SPOOLSS
+                      RPC_NDR_SRVSVC
+                      RPC_NDR_WKSSVC
+                      RPC_NDR_DSSETUP
+                      RPC_NDR_NTSVCS
+                      %s
+                      LIBCLI_AUTH
+                      popt
+                      CMDLINE_S4
+                      TORTURE_LDAP
+                      TORTURE_UTIL
+                      TORTURE_RAP
+                      service
+                      process_model
+                      RPC_NDR_BROWSER
+                      LIBCLI_DRSUAPI
+                      TORTURE_DFS
+                      RPC_NDR_FSRVP
+                      RPC_NDR_CLUSAPI
+                      RPC_NDR_WITNESS
+                      RPC_NDR_BACKUPKEY
+                      RPC_NDR_WINSPOOL
+                      IREMOTEWINSPOOL_COMMON
+                      printer_driver
+                      RPC_NDR_MDSSVC
+                      mdssvc
+                      ''' % samba_net + ntvfs_specific['deps'],
+                 internal_module=True,
+                 enabled=bld.PYTHON_BUILD_IS_ENABLED())
+
+bld.RECURSE('drs')
+bld.RECURSE('dns')
+
+bld.SAMBA_MODULE('TORTURE_RAP',
+	source='rap/rap.c rap/rpc.c rap/printing.c rap/sam.c',
+	autoproto='rap/proto.h',
+	subsystem='smbtorture',
+	init_function='torture_rap_init',
+	deps='TORTURE_UTIL LIBCLI_SMB NDR_RAP LIBCLI_RAP',
+	internal_module=True,
+	enabled=bld.PYTHON_BUILD_IS_ENABLED()
+	)
+
+bld.SAMBA_MODULE('TORTURE_DFS',
+	source='dfs/domaindfs.c dfs/common.c',
+	autoproto='dfs/proto.h',
+	subsystem='smbtorture',
+	init_function='torture_dfs_init',
+	deps='TORTURE_UTIL LIBCLI_SMB',
+	internal_module=True
+	)
+
+
+bld.SAMBA_MODULE('TORTURE_AUTH',
+	source='auth/ntlmssp.c auth/pac.c auth/smbencrypt.c',
+	autoproto='auth/proto.h',
+	subsystem='smbtorture',
+	deps='LIBCLI_SMB gensec auth4 authkrb5 smbpasswdparser torture com_err gensec_ntlmssp CMDLINE_S4',
+	internal_module=True
+	)
+
+bld.RECURSE('local')
+bld.RECURSE('krb5')
+
+bld.SAMBA_MODULE('TORTURE_NBENCH',
+	source='nbench/nbio.c nbench/nbench.c',
+	autoproto='nbench/proto.h',
+	subsystem='smbtorture',
+	init_function='torture_nbench_init',
+	deps='TORTURE_UTIL',
+	internal_module=True
+	)
+
+
+bld.SAMBA_MODULE('TORTURE_UNIX',
+	source='unix/unix.c unix/whoami.c unix/unix_info2.c',
+	autoproto='unix/proto.h',
+	subsystem='smbtorture',
+	init_function='torture_unix_init',
+	deps='TORTURE_UTIL',
+	internal_module=True
+	)
+
+
+bld.SAMBA_MODULE('TORTURE_LDAP',
+	source='''
+            ldap/common.c
+            ldap/basic.c
+            ldap/schema.c
+            ldap/uptodatevector.c
+            ldap/cldap.c
+            ldap/netlogon.c
+            ldap/cldapbench.c
+            ldap/ldap_sort.c
+            ldap/nested_search.c
+            ldap/session_expiry.c
+            ''',
+	subsystem='smbtorture',
+	deps='cli-ldap cli_cldap samdb torture ldbsamba CMDLINE_S4',
+	internal_module=True,
+	autoproto='ldap/proto.h',
+	init_function='torture_ldap_init'
+	)
+
+
+bld.SAMBA_MODULE('TORTURE_NBT',
+	source='nbt/query.c nbt/register.c nbt/wins.c nbt/winsbench.c nbt/winsreplication.c nbt/dgram.c nbt/nbt.c',
+	autoproto='nbt/proto.h',
+	subsystem='smbtorture',
+	init_function='torture_nbt_init',
+	deps='LIBCLI_SMB cli-nbt LIBCLI_DGRAM LIBCLI_WREPL torture_rpc',
+	internal_module=True,
+	enabled=bld.PYTHON_BUILD_IS_ENABLED()
+	)
+
+
+bld.SAMBA_MODULE('TORTURE_NET',
+	source='libnet/libnet.c libnet/utils.c libnet/userinfo.c libnet/userman.c libnet/groupinfo.c libnet/groupman.c libnet/domain.c libnet/libnet_lookup.c libnet/libnet_user.c libnet/libnet_group.c libnet/libnet_share.c libnet/libnet_rpc.c libnet/libnet_domain.c libnet/libnet_BecomeDC.c',
+	autoproto='libnet/proto.h',
+	subsystem='smbtorture',
+	init_function='torture_net_init',
+	deps='%s torture_rpc %s' % (provision, samba_net),
+	internal_module=True,
+	enabled=bld.PYTHON_BUILD_IS_ENABLED()
+	)
+
+
+bld.SAMBA_MODULE('TORTURE_NTP',
+	source='ntp/ntp_signd.c',
+	autoproto='ntp/proto.h',
+	subsystem='smbtorture',
+	init_function='torture_ntp_init',
+	deps='torture_rpc',
+	internal_module=True,
+	enabled=bld.PYTHON_BUILD_IS_ENABLED()
+	)
+
+bld.SAMBA_MODULE('TORTURE_VFS',
+	source='vfs/vfs.c vfs/fruit.c vfs/acl_xattr.c',
+	subsystem='smbtorture',
+	deps='LIBCLI_SMB TORTURE_UTIL smbclient-raw TORTURE_RAW',
+	internal_module=True,
+	autoproto='vfs/proto.h',
+	init_function='torture_vfs_init'
+	)
+
+TORTURE_MODULES = 'TORTURE_BASIC TORTURE_RAW torture_rpc TORTURE_RAP TORTURE_AUTH TORTURE_NBENCH TORTURE_UNIX TORTURE_LDAP TORTURE_NBT TORTURE_NET TORTURE_NTP torture_registry TORTURE_VFS'
+
+bld.SAMBA_SUBSYSTEM('torturemain',
+                    source='smbtorture.c torture.c shell.c',
+                    subsystem_name='smbtorture',
+                    deps='torture dcerpc LIBCLI_SMB SMBREADLINE ' + TORTURE_MODULES,
+                    enabled=bld.PYTHON_BUILD_IS_ENABLED()
+                    )
+
+bld.SAMBA_BINARY('smbtorture',
+                 source=[],
+                 manpages='man/smbtorture.1',
+                 private_headers='smbtorture.h',
+                 deps='torturemain torture popt CMDLINE_S4 dcerpc LIBCLI_SMB SMBREADLINE ' + TORTURE_MODULES,
+                 pyembed=True,
+                 enabled=bld.PYTHON_BUILD_IS_ENABLED()
+                 )
+
+bld.SAMBA_BINARY('gentest',
+	source='gentest.c',
+	manpages='man/gentest.1',
+	deps='samba-hostconfig samba-util popt CMDLINE_S4 LIBCLI_SMB smbclient-raw param_options'
+	)
+
+
+bld.SAMBA_BINARY('masktest',
+	source='masktest.c',
+	manpages='man/masktest.1',
+	deps='samba-hostconfig samba-util popt CMDLINE_S4 LIBCLI_SMB param_options'
+	)
+
+
+bld.SAMBA_BINARY('locktest',
+	source='locktest.c',
+	# COV_TARGET='test',
+	#ldflags='--coverage',
+	#cflags='--coverage',
+	# GCOV='1',
+	manpages='man/locktest.1',
+	deps='popt CMDLINE_S4 samba-util LIBCLI_SMB samba-hostconfig param_options',
+	)
+
+bld.SAMBA_MODULE('TORTURE_DSDB',
+	source="../../source4/dsdb/common/tests/dsdb.c",
+	autoproto='dsdb_proto.h',
+	subsystem='smbtorture',
+	init_function='torture_dsdb_init',
+	deps="TORTURE_UTIL samba-util",
+	internal_module=True,
+	enabled=bld.PYTHON_BUILD_IS_ENABLED()
+	)
diff --git a/source4/utils/oLschema2ldif/lib.c b/source4/utils/oLschema2ldif/lib.c
new file mode 100644
index 0000000..aefe8f9
--- /dev/null
+++ b/source4/utils/oLschema2ldif/lib.c
@@ -0,0 +1,621 @@
+/*
+   ldb database library
+
+   Copyright (C) Simo Sorce 2005
+
+     ** NOTE! The following LGPL license applies to the ldb
+     ** library. This does NOT imply that all of Samba is released
+     ** under the LGPL
+
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 3 of the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with this library; if not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: ldb
+ *
+ *  Component: oLschema2ldif
+ *
+ *  Description: utility to convert an OpenLDAP schema into AD LDIF
+ *
+ *  Author: Simo Sorce
+ */
+
+#include "includes.h"
+#include "./lib.h"
+#include "ldb.h"
+#include "../librpc/gen_ndr/ndr_misc.h"
+
+#undef strcasecmp
+
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+
+#define SCHEMA_UNKNOWN 0
+#define SCHEMA_NAME 1
+#define SCHEMA_SUP 2
+#define SCHEMA_STRUCTURAL 3
+#define SCHEMA_ABSTRACT 4
+#define SCHEMA_AUXILIARY 5
+#define SCHEMA_MUST 6
+#define SCHEMA_MAY 7
+#define SCHEMA_SINGLE_VALUE 8
+#define SCHEMA_EQUALITY 9
+#define SCHEMA_ORDERING 10
+#define SCHEMA_SUBSTR 11
+#define SCHEMA_SYNTAX 12
+#define SCHEMA_DESC 13
+
+struct schema_token {
+	int type;
+	char *value;
+};
+
+static int check_braces(const char *string)
+{
+	size_t b;
+	char *c;
+
+	b = 0;
+	if ((c = strchr(string, '(')) == NULL) {
+		return -1;
+	}
+	b++;
+	c++;
+	while (b) {
+		c = strpbrk(c, "()");
+		if (c == NULL) return 1;
+		if (*c == '(') b++;
+		if (*c == ')') {
+			b--;
+			if (*(c - 1) != ' ' && c && (*(c + 1) == '\0')) {
+				return 2;
+			}
+		}
+		c++;
+	}
+	return 0;
+}
+
+static char *skip_spaces(char *string) {
+	return (string + strspn(string, " \t\n"));
+}
+
+static int add_multi_string(struct ldb_message *msg, const char *attr, char *values)
+{
+	char *c;
+	char *s;
+	int n;
+
+	c = skip_spaces(values);
+	while (*c) {
+		n = strcspn(c, " \t$");
+		s = talloc_strndup(msg, c, n);
+		if (ldb_msg_add_string(msg, attr, s) != 0) {
+			return -1;
+		}
+		c += n;
+		c += strspn(c, " \t$");
+	}
+
+	return 0;
+}
+
+#define MSG_ADD_STRING(a, v) do { if (ldb_msg_add_string(msg, a, v) != 0) goto failed; } while(0)
+#define MSG_ADD_M_STRING(a, v) do { if (add_multi_string(msg, a, v) != 0) goto failed; } while(0)
+
+static char *get_def_value(TALLOC_CTX *ctx, char **string)
+{
+	char *c = *string;
+	char *value;
+	int n;
+
+	if (*c == '\'') {
+		c++;
+		n = strcspn(c, "\'");
+		value = talloc_strndup(ctx, c, n);
+		c += n;
+		if (*c != '\0') {
+			c++; /* skip closing \' */
+		}
+	} else {
+		n = strcspn(c, " \t\n");
+		value = talloc_strndup(ctx, c, n);
+		c += n;
+	}
+	*string = c;
+
+	return value;
+}
+
+static struct schema_token *get_next_schema_token(TALLOC_CTX *ctx, char **string)
+{
+	char *c = skip_spaces(*string);
+	char *type;
+	struct schema_token *token;
+	int n;
+
+	token = talloc(ctx, struct schema_token);
+
+	n = strcspn(c, " \t\n");
+	type = talloc_strndup(token, c, n);
+	c += n;
+	c = skip_spaces(c);
+
+	if (strcasecmp("NAME", type) == 0) {
+		talloc_free(type);
+		token->type = SCHEMA_NAME;
+		/* we do not support aliases so we get only the first name given and skip others */
+		if (*c == '(') {
+			char *s = strchr(c, ')');
+			if (s == NULL) return NULL;
+			s = skip_spaces(s);
+			*string = s;
+
+			c++;
+			c = skip_spaces(c);
+		}
+
+		token->value = get_def_value(ctx, &c);
+
+		if (*string < c) { /* single name */
+			c = skip_spaces(c);
+			*string = c;
+		}
+		return token;
+	}
+	if (strcasecmp("SUP", type) == 0) {
+		talloc_free(type);
+		token->type = SCHEMA_SUP;
+
+		if (*c == '(') {
+			c++;
+			n = strcspn(c, ")");
+			token->value = talloc_strndup(ctx, c, n);
+			c += n;
+			if (*c == '\0') {
+				talloc_free(token->value);
+				return NULL;
+			}
+			c++;
+		} else {
+			token->value = get_def_value(ctx, &c);
+		}
+
+		c = skip_spaces(c);
+		*string = c;
+		return token;
+	}
+
+	if (strcasecmp("STRUCTURAL", type) == 0) {
+		talloc_free(type);
+		token->type = SCHEMA_STRUCTURAL;
+		*string = c;
+		return token;
+	}
+
+	if (strcasecmp("ABSTRACT", type) == 0) {
+		talloc_free(type);
+		token->type = SCHEMA_ABSTRACT;
+		*string = c;
+		return token;
+	}
+
+	if (strcasecmp("AUXILIARY", type) == 0) {
+		talloc_free(type);
+		token->type = SCHEMA_AUXILIARY;
+		*string = c;
+		return token;
+	}
+
+	if (strcasecmp("MUST", type) == 0) {
+		talloc_free(type);
+		token->type = SCHEMA_MUST;
+
+		if (*c == '(') {
+			c++;
+			n = strcspn(c, ")");
+			token->value = talloc_strndup(ctx, c, n);
+			c += n;
+			if (*c == '\0') {
+				talloc_free(token->value);
+				return NULL;
+			}
+			c++;
+		} else {
+			token->value = get_def_value(ctx, &c);
+		}
+
+		c = skip_spaces(c);
+		*string = c;
+		return token;
+	}
+
+	if (strcasecmp("MAY", type) == 0) {
+		talloc_free(type);
+		token->type = SCHEMA_MAY;
+
+		if (*c == '(') {
+			c++;
+			n = strcspn(c, ")");
+			token->value = talloc_strndup(ctx, c, n);
+			c += n;
+			if (*c == '\0') {
+				talloc_free(token->value);
+				return NULL;
+			}
+			c++;
+		} else {
+			token->value = get_def_value(ctx, &c);
+		}
+
+		c = skip_spaces(c);
+		*string = c;
+		return token;
+	}
+
+	if (strcasecmp("SINGLE-VALUE", type) == 0) {
+		talloc_free(type);
+		token->type = SCHEMA_SINGLE_VALUE;
+		*string = c;
+		return token;
+	}
+
+	if (strcasecmp("EQUALITY", type) == 0) {
+		talloc_free(type);
+		token->type = SCHEMA_EQUALITY;
+
+		token->value = get_def_value(ctx, &c);
+
+		c = skip_spaces(c);
+		*string = c;
+		return token;
+	}
+
+	if (strcasecmp("ORDERING", type) == 0) {
+		talloc_free(type);
+		token->type = SCHEMA_ORDERING;
+
+		token->value = get_def_value(ctx, &c);
+
+		c = skip_spaces(c);
+		*string = c;
+		return token;
+	}
+
+	if (strcasecmp("SUBSTR", type) == 0) {
+		talloc_free(type);
+		token->type = SCHEMA_SUBSTR;
+
+		token->value = get_def_value(ctx, &c);
+
+		c = skip_spaces(c);
+		*string = c;
+		return token;
+	}
+
+	if (strcasecmp("SYNTAX", type) == 0) {
+		talloc_free(type);
+		token->type = SCHEMA_SYNTAX;
+
+		token->value = get_def_value(ctx, &c);
+
+		c = skip_spaces(c);
+		*string = c;
+		return token;
+	}
+
+	if (strcasecmp("DESC", type) == 0) {
+		talloc_free(type);
+		token->type = SCHEMA_DESC;
+
+		token->value = get_def_value(ctx, &c);
+
+		c = skip_spaces(c);
+		*string = c;
+		return token;
+	}
+
+	token->type = SCHEMA_UNKNOWN;
+	token->value = type;
+	if (*c == ')') {
+		*string = c;
+		return token;
+	}
+	if (*c == '\'') {
+		c = strchr(++c, '\'');
+		if (c == NULL || *c == '\0') {
+			return NULL;
+		}
+		c++;
+	} else {
+		c += strcspn(c, " \t\n");
+	}
+	c = skip_spaces(c);
+	*string = c;
+
+	return token;
+}
+
+static struct ldb_message *process_entry(TALLOC_CTX *mem_ctx, struct conv_options *opt, const char *entry)
+{
+	TALLOC_CTX *ctx;
+	struct ldb_message *msg;
+	struct schema_token *token;
+        char *c, *s;
+        int n;
+
+	uint8_t digest[gnutls_hash_get_len(GNUTLS_DIG_SHA256)];
+	int rc;
+
+	struct GUID guid;
+
+	bool isAttribute = false;
+	bool single_valued = false;
+
+	ctx = talloc_new(mem_ctx);
+	if (ctx == NULL) {
+		return NULL;
+	}
+	msg = ldb_msg_new(ctx);
+	if (msg == NULL) {
+		goto failed;
+	}
+
+	ldb_msg_add_string(msg, "objectClass", "top");
+
+	c = talloc_strdup(ctx, entry);
+	if (!c) return NULL;
+
+	c = skip_spaces(c);
+
+	switch (*c) {
+	case 'a':
+		if (strncmp(c, "attributetype", 13) == 0) {
+			c += 13;
+			MSG_ADD_STRING("objectClass", "attributeSchema");
+			isAttribute = true;
+			break;
+		}
+		goto failed;
+	case 'o':
+		if (strncmp(c, "objectclass", 11) == 0) {
+			c += 11;
+			MSG_ADD_STRING("objectClass", "classSchema");
+			break;
+		}
+		goto failed;
+	default:
+		goto failed;
+	}
+
+	c = strchr(c, '(');
+	if (c == NULL) goto failed;
+	c++;
+
+	c = skip_spaces(c);
+
+	/* get attributeID */
+	n = strcspn(c, " \t");
+	s = talloc_strndup(msg, c, n);
+	if (isAttribute) {
+		MSG_ADD_STRING("attributeID", s);
+	} else {
+		MSG_ADD_STRING("governsID", s);
+	}
+
+	rc = gnutls_hash_fast(GNUTLS_DIG_SHA256,
+			      s,
+			      strlen(s),
+			      digest);
+	if (rc < 0) {
+		goto failed;
+	}
+
+	memcpy(&guid, digest, sizeof(struct GUID));
+
+	if (dsdb_msg_add_guid(msg, &guid, "schemaIdGuid") != 0) {
+		goto failed;
+	}
+
+	c += n;
+	c = skip_spaces(c);
+
+	while (*c != ')') {
+		token = get_next_schema_token(msg, &c);
+		if (!token) goto failed;
+
+		switch (token->type) {
+		case SCHEMA_NAME:
+			MSG_ADD_STRING("cn", token->value);
+			MSG_ADD_STRING("name", token->value);
+			MSG_ADD_STRING("lDAPDisplayName", token->value);
+			msg->dn = ldb_dn_copy(msg, opt->basedn);
+			ldb_dn_add_child_fmt(msg->dn, "CN=%s,CN=Schema,CN=Configuration", token->value);
+			break;
+
+		case SCHEMA_SUP:
+			MSG_ADD_M_STRING("subClassOf", token->value);
+			break;
+
+		case SCHEMA_STRUCTURAL:
+			MSG_ADD_STRING("objectClassCategory", "1");
+			break;
+
+		case SCHEMA_ABSTRACT:
+			MSG_ADD_STRING("objectClassCategory", "2");
+			break;
+
+		case SCHEMA_AUXILIARY:
+			MSG_ADD_STRING("objectClassCategory", "3");
+			break;
+
+		case SCHEMA_MUST:
+			MSG_ADD_M_STRING("mustContain", token->value);
+			break;
+
+		case SCHEMA_MAY:
+			MSG_ADD_M_STRING("mayContain", token->value);
+			break;
+
+		case SCHEMA_SINGLE_VALUE:
+        		single_valued = true;
+			break;
+
+		case SCHEMA_EQUALITY:
+			/* TODO */
+			break;
+
+		case SCHEMA_ORDERING:
+			/* TODO */
+			break;
+
+		case SCHEMA_SUBSTR:
+			/* TODO */
+			break;
+
+		case SCHEMA_SYNTAX:
+		{
+			char *syntax_oid;
+			const struct dsdb_syntax *map;
+			char *oMSyntax;
+
+			n = strcspn(token->value, "{");
+			syntax_oid = talloc_strndup(ctx, token->value, n);
+
+			map = find_syntax_map_by_standard_oid(syntax_oid);
+			if (!map) {
+				break;
+			}
+
+			MSG_ADD_STRING("attributeSyntax", map->attributeSyntax_oid);
+
+			oMSyntax = talloc_asprintf(msg, "%d", map->oMSyntax);
+			MSG_ADD_STRING("oMSyntax", oMSyntax);
+
+			break;
+		}
+		case SCHEMA_DESC:
+			MSG_ADD_STRING("description", token->value);
+			break;
+
+		default:
+			fprintf(stderr, "Unknown Definition: %s\n", token->value);
+			goto failed;
+		}
+	}
+
+	if (isAttribute) {
+		MSG_ADD_STRING("isSingleValued", single_valued ? "TRUE" : "FALSE");
+	} else {
+		if (msg->dn == NULL) {
+			goto failed;
+		}
+		MSG_ADD_STRING("defaultObjectCategory", ldb_dn_get_linearized(msg->dn));
+	}
+
+	talloc_steal(mem_ctx, msg);
+	talloc_free(ctx);
+	return msg;
+
+failed:
+	talloc_free(ctx);
+	return NULL;
+}
+
+struct schema_conv process_file(TALLOC_CTX *mem_ctx, struct conv_options *opt)
+{
+	struct schema_conv ret;
+	char *entry;
+	int c, t, line;
+	struct ldb_ldif ldif;
+	FILE *in = opt->in;
+	FILE *out = opt->out;
+
+	ldif.changetype = LDB_CHANGETYPE_NONE;
+
+	ret.count = 0;
+	ret.failures = 0;
+	line = 0;
+
+	while ((c = fgetc(in)) != EOF) {
+		line++;
+		/* fprintf(stderr, "Parsing line %d\n", line); */
+		if (c == '#') {
+			do {
+				c = fgetc(in);
+			} while (c != EOF && c != '\n');
+			continue;
+		}
+		if (c == '\n') {
+			continue;
+		}
+
+		t = 0;
+		entry = talloc_array(mem_ctx, char, 1024);
+		if (entry == NULL) exit(-1);
+
+		do {
+			if (c == '\n') {
+				int ret2 = 0;
+				entry[t] = '\0';
+				ret2 = check_braces(entry);
+				if (ret2 == 0) {
+					ret.count++;
+					ldif.msg = process_entry(mem_ctx, opt, entry);
+					if (ldif.msg == NULL) {
+						ret.failures++;
+						fprintf(stderr, "No valid msg from entry \n[%s]\n at line %d\n", entry, line);
+						break;
+					}
+					ldb_ldif_write_file(opt->ldb_ctx, out, &ldif);
+					break;
+				}
+				if (ret2 == 2) {
+					fprintf(stderr, "Invalid entry %s, closing braces need to be preceded by a space\n", entry);
+					ret.failures++;
+					break;
+				}
+				line++;
+			} else {
+				entry[t] = c;
+				t++;
+			}
+			if ((t % 1023) == 0) {
+				entry = talloc_realloc(mem_ctx, entry, char, t + 1024);
+				if (entry == NULL) exit(-1);
+			}
+		} while ((c = fgetc(in)) != EOF);
+
+		if (c != '\n') {
+			entry[t] = '\0';
+			if (check_braces(entry) == 0) {
+				ret.count++;
+				ldif.msg = process_entry(mem_ctx, opt, entry);
+				if (ldif.msg == NULL) {
+					ret.failures++;
+					fprintf(stderr, "No valid msg from entry \n[%s]\n at line %d\n", entry, line);
+					break;
+				}
+				ldb_ldif_write_file(opt->ldb_ctx, out, &ldif);
+			} else {
+				fprintf(stderr, "malformed entry on line %d\n", line);
+				ret.failures++;
+			}
+		}
+
+		if (c == EOF) break;
+	}
+
+	return ret;
+}
diff --git a/source4/utils/oLschema2ldif/lib.h b/source4/utils/oLschema2ldif/lib.h
new file mode 100644
index 0000000..f271b4b
--- /dev/null
+++ b/source4/utils/oLschema2ldif/lib.h
@@ -0,0 +1,45 @@
+/*
+   ldb database library
+
+   Copyright (C) Simo Sorce 2005
+
+     ** NOTE! The following LGPL license applies to the ldb
+     ** library. This does NOT imply that all of Samba is released
+     ** under the LGPL
+
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 3 of the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with this library; if not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _OLSCHEMA2LDIF_LIB_H
+#define _OLSCHEMA2LDIF_LIB_H
+
+#include "includes.h"
+#include "ldb.h"
+#include "dsdb/samdb/samdb.h"
+
+struct schema_conv {
+	int count;
+	int failures;
+};
+
+struct conv_options {
+	struct ldb_context *ldb_ctx;
+	struct ldb_dn *basedn;
+	FILE *in;
+	FILE *out;
+};
+
+struct schema_conv process_file(TALLOC_CTX *mem_ctx, struct conv_options *opt);
+
+#endif /* _OLSCHEMA2LDIF_LIB_H */
diff --git a/source4/utils/oLschema2ldif/main.c b/source4/utils/oLschema2ldif/main.c
new file mode 100644
index 0000000..c312298
--- /dev/null
+++ b/source4/utils/oLschema2ldif/main.c
@@ -0,0 +1,140 @@
+/*
+   ldb database library
+
+   Copyright (C) Simo Sorce 2005
+
+     ** NOTE! The following LGPL license applies to the ldb
+     ** library. This does NOT imply that all of Samba is released
+     ** under the LGPL
+
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 3 of the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with this library; if not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ *  Name: ldb
+ *
+ *  Component: oLschema2ldif
+ *
+ *  Description: utility to convert an OpenLDAP schema into AD LDIF
+ *
+ *  Author: Simo Sorce
+ */
+
+#include "includes.h"
+#include "./lib.h"
+#include "lib/cmdline/cmdline.h"
+
+static struct options {
+	const char *basedn;
+	const char *input;
+	const char *output;
+} options;
+
+static void usage(void)
+{
+	printf("Usage: oLschema2ldif [OPTIONS]\n");
+	printf("\nConvert OpenLDAP schema to AD-like LDIF format\n\n");
+	printf("Converts records from an openLdap formatted schema to an ldif schema\n\n");
+	exit(1);
+}
+
+
+ int main(int argc, const char **argv)
+{
+	TALLOC_CTX *ctx;
+	struct schema_conv ret;
+	poptContext pc;
+	struct conv_options copt;
+	int opt;
+
+	struct poptOption popt_options[] = {
+		POPT_AUTOHELP
+		{ "basedn",    'b', POPT_ARG_STRING, &options.basedn, 0, "base DN", "DN" },
+		{ "input", 'I', POPT_ARG_STRING, &options.input, 0,
+		  "inputfile of OpenLDAP style schema otherwise STDIN", "inputfile"},
+		{ "output", 'O', POPT_ARG_STRING, &options.output, 0,
+		  "outputfile otherwise STDOUT", "outputfile"},
+		POPT_COMMON_VERSION
+		POPT_TABLEEND
+	};
+
+	ctx = talloc_new(NULL);
+	if (ctx == NULL) {
+		exit(ENOMEM);
+	}
+
+	setenv("LDB_URL", "NONE", 1);
+
+	pc = samba_popt_get_context(getprogname(),
+				    argc,
+				    argv,
+				    popt_options,
+				    POPT_CONTEXT_KEEP_FIRST);
+	if (pc == NULL) {
+		DBG_ERR("Failed to setup popt context!\n");
+		TALLOC_FREE(ctx);
+		exit(1);
+	}
+
+	while((opt = poptGetNextOpt(pc)) != -1) {
+		fprintf(stderr, "Invalid option %s: %s\n",
+			poptBadOption(pc, 0), poptStrerror(opt));
+		usage();
+	}
+
+	if (options.basedn == NULL) {
+		printf("Base DN not specified\n");
+		usage();
+		exit(1);
+	}
+
+	copt.in = stdin;
+	copt.out = stdout;
+	copt.ldb_ctx = ldb_init(ctx, NULL);
+
+	copt.basedn = ldb_dn_new(ctx, copt.ldb_ctx, options.basedn);
+	if (!ldb_dn_validate(copt.basedn)) {
+		printf("Malformed Base DN\n");
+		usage();
+		exit(1);
+	}
+
+	if (options.input) {
+		copt.in = fopen(options.input, "r");
+		if (!copt.in) {
+			perror(options.input);
+			usage();
+			exit(1);
+		}
+	}
+	if (options.output) {
+		copt.out = fopen(options.output, "w");
+		if (!copt.out) {
+			perror(options.output);
+			usage();
+			exit(1);
+		}
+	}
+
+	ret = process_file(ctx, &copt);
+
+	fclose(copt.in);
+	fclose(copt.out);
+
+	printf("Converted %d records with %d failures\n", ret.count, ret.failures);
+
+	poptFreeContext(pc);
+
+	return 0;
+}
diff --git a/source4/utils/oLschema2ldif/oLschema2ldif.1.xml b/source4/utils/oLschema2ldif/oLschema2ldif.1.xml
new file mode 100644
index 0000000..3d323b7
--- /dev/null
+++ b/source4/utils/oLschema2ldif/oLschema2ldif.1.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<refentry id="oLschema2ldif.1">
+
+<refmeta>
+	<refentrytitle>oLschema2ldif</refentrytitle>
+	<manvolnum>1</manvolnum>
+	<refmiscinfo class="source">Samba</refmiscinfo>
+	<refmiscinfo class="manual">System Administration tools</refmiscinfo>
+	<refmiscinfo class="version">4.0</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+	<refname>oLschema2ldif</refname>
+	<refpurpose>Converts LDAP schema's to LDB-compatible LDIF</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<cmdsynopsis>
+		<command>oLschema2ldif</command>
+		<arg choice="opt">-I INPUT-FILE</arg>
+		<arg choice="opt">-O OUTPUT-FILE</arg>
+	</cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+
+	<para>oLschema2ldif is a simple tool that converts standard OpenLDAP schema files to a LDIF format that is understood by LDB.</para>
+</refsect1>
+
+
+<refsect1>
+	<title>OPTIONS</title>
+
+	<variablelist>
+		<varlistentry>
+		<term>-I input-file</term>
+		<listitem><para>OpenLDAP schema to read. If none are specified, 
+the schema file will be read from standard input.
+		</para></listitem>
+		</varlistentry>
+
+	<varlistentry>
+		<term>-O output-file</term>
+		<listitem><para>File to write ldif version of schema to.
+		</para></listitem>
+	</varlistentry>
+	</variablelist>
+</refsect1>
+
+<refsect1>
+	<title>VERSION</title>
+
+	<para>This man page is correct for version 4.0 of the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+	<title>SEE ALSO</title>
+
+	<para>ldb(7), ldbmodify, ldbdel, ldif(5)</para>
+
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+
+	<para> ldb was written by 
+		 <ulink url="https://www.samba.org/~tridge/">Andrew Tridgell</ulink>.
+		oLschema2ldif was written by <ulink url="mailto:idra@samba.org">Simo Sorce</ulink>.
+	</para>
+
+	<para>
+If you wish to report a problem or make a suggestion then please see
+the <ulink url="http://ldb.samba.org/"/> web site for
+current contact and maintainer information.
+	</para>
+
+</refsect1>
+
+</refentry>
diff --git a/source4/utils/oLschema2ldif/test.c b/source4/utils/oLschema2ldif/test.c
new file mode 100644
index 0000000..3834ea4
--- /dev/null
+++ b/source4/utils/oLschema2ldif/test.c
@@ -0,0 +1,207 @@
+/*
+ * Unix SMB/CIFS implementation.
+ *
+ * Copyright (C) 2019      Michael Hanselmann <public@hansmi.ch>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <setjmp.h>
+#include <cmocka.h>
+
+#include "includes.h"
+#include "./lib.h"
+
+struct test_ctx {
+};
+
+static int setup_context(void **state)
+{
+	struct test_ctx *test_ctx;
+
+	test_ctx = talloc_zero(NULL, struct test_ctx);
+	assert_non_null(test_ctx);
+
+	*state = test_ctx;
+
+	return 0;
+}
+
+static int teardown_context(void **state)
+{
+	struct test_ctx *test_ctx =
+		talloc_get_type_abort(*state, struct test_ctx);
+
+	talloc_free(test_ctx);
+
+	return 0;
+}
+
+static struct schema_conv process_data_blob(void **state, DATA_BLOB input)
+{
+	struct test_ctx *test_ctx =
+		talloc_get_type_abort(*state, struct test_ctx);
+	struct conv_options opt;
+	struct schema_conv ret;
+
+	assert_non_null(test_ctx);
+	assert_non_null(input.data);
+
+	opt.in = fmemopen(input.data, input.length, "r");
+	opt.out = fopen("/dev/null", "w");
+	opt.ldb_ctx = ldb_init(test_ctx, NULL);
+
+	assert_non_null(opt.in);
+	assert_non_null(opt.out);
+	assert_non_null(opt.ldb_ctx);
+
+	opt.basedn = ldb_dn_new(test_ctx, opt.ldb_ctx, "");
+
+	assert_non_null(opt.basedn);
+
+	ret = process_file(test_ctx, &opt);
+
+	fclose(opt.in);
+	fclose(opt.out);
+
+	return ret;
+}
+
+static void test_unknown_syntax_oid(void **state)
+{
+	struct schema_conv ret;
+
+	ret = process_data_blob(state, data_blob_string_const(
+		"attributetype ( 999.555.999.555.999\n"
+		"NAME 'mailLocalAddress'\n"
+		"DESC 'RFC822 email address of this recipient'\n"
+		"EQUALITY caseIgnoreIA5Match\n"
+		"SYNTAX 999.555.999.555.999{256} )\n"
+	));
+
+	assert_int_equal(ret.count, 1);
+	assert_int_equal(ret.failures, 1);
+}
+
+static void test_unterminated_token_value(void **state)
+{
+	struct schema_conv ret;
+
+	ret = process_data_blob(state, data_blob_string_const(
+		"attributetype ( 2.16.840.1.113730.3.1.47\n"
+		"\tNAME 'mailRoutingAX 1.3.6.1.4.1.1466.115.121.1.26{256}\n"
+		"\tSI GLE-VALUE )\n"
+	));
+
+	assert_int_equal(ret.count, 1);
+	assert_int_equal(ret.failures, 1);
+}
+
+static void test_unterminated_must_value(void **state)
+{
+	struct schema_conv ret;
+
+	ret = process_data_blob(state, data_blob_string_const(
+		"attributetype ( 1\n"
+		"\tSYNTAX 1./)# MUST ( foobar $\n"
+	));
+
+	assert_int_equal(ret.count, 1);
+	assert_int_equal(ret.failures, 1);
+}
+
+static void test_unterminated_may_value(void **state)
+{
+	struct schema_conv ret;
+
+	ret = process_data_blob(state, data_blob_string_const(
+		"attributetype ( 1\n"
+		"\tSYNTAX 1.3.6.1.4.1.1466.115.121.1./)# MAY ( javaClassNames $\n"
+	));
+
+	assert_int_equal(ret.count, 1);
+	assert_int_equal(ret.failures, 1);
+}
+
+static void test_unterminated_sup_value(void **state)
+{
+	struct schema_conv ret;
+
+	ret = process_data_blob(state, data_blob_string_const(
+		"attributetype ( 1\n"
+		"\tSYNTAX 1./)# SUP ( foobar $\n"
+	));
+
+	assert_int_equal(ret.count, 1);
+	assert_int_equal(ret.failures, 1);
+}
+
+static void test_unknown_token(void **state)
+{
+	struct schema_conv ret;
+
+	ret = process_data_blob(state, data_blob_string_const(
+		"attributetype ( 1\n"
+		"\tFOOBAR 123\n"
+		" )\n"
+	));
+
+	assert_int_equal(ret.count, 1);
+	assert_int_equal(ret.failures, 1);
+}
+
+static void test_missing_name(void **state)
+{
+	struct schema_conv ret;
+
+	ret = process_data_blob(state, data_blob_string_const(
+		"objectclass ( 1.3.6.3.6.1.4.1.1466.115.121.1.26{256} )"
+	));
+
+	assert_int_equal(ret.count, 1);
+	assert_int_equal(ret.failures, 1);
+}
+
+int main(void) {
+	const struct CMUnitTest tests[] = {
+		cmocka_unit_test_setup_teardown(test_unknown_syntax_oid,
+						setup_context,
+						teardown_context),
+		cmocka_unit_test_setup_teardown(test_unterminated_token_value,
+						setup_context,
+						teardown_context),
+		cmocka_unit_test_setup_teardown(test_unterminated_must_value,
+						setup_context,
+						teardown_context),
+		cmocka_unit_test_setup_teardown(test_unterminated_may_value,
+						setup_context,
+						teardown_context),
+		cmocka_unit_test_setup_teardown(test_unterminated_sup_value,
+						setup_context,
+						teardown_context),
+		cmocka_unit_test_setup_teardown(test_unknown_token,
+						setup_context,
+						teardown_context),
+		cmocka_unit_test_setup_teardown(test_missing_name,
+						setup_context,
+						teardown_context),
+	};
+
+	cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
+
+	return cmocka_run_group_tests(tests, NULL, NULL);
+}
diff --git a/source4/utils/oLschema2ldif/wscript_build b/source4/utils/oLschema2ldif/wscript_build
new file mode 100644
index 0000000..bb39bae
--- /dev/null
+++ b/source4/utils/oLschema2ldif/wscript_build
@@ -0,0 +1,20 @@
+#!/usr/bin/env python
+
+bld.SAMBA_SUBSYSTEM('oLschema2ldif-lib',
+	source='lib.c',
+	deps='samdb',
+	)
+
+bld.SAMBA_BINARY('oLschema2ldif',
+	source='main.c',
+	manpages='oLschema2ldif.1',
+	deps='oLschema2ldif-lib cmdline',
+	)
+
+bld.SAMBA_BINARY('test_oLschema2ldif',
+	source='test.c',
+	deps='cmocka oLschema2ldif-lib',
+	local_include=False,
+	enabled=bld.CONFIG_SET('HAVE_FMEMOPEN'),
+	install=False,
+	)
diff --git a/source4/utils/tests/test_nmblookup.sh b/source4/utils/tests/test_nmblookup.sh
new file mode 100755
index 0000000..db2686e
--- /dev/null
+++ b/source4/utils/tests/test_nmblookup.sh
@@ -0,0 +1,38 @@
+#!/bin/sh
+# Blackbox tests for nmblookup
+
+NETBIOSNAME=$1
+NETBIOSALIAS=$2
+SERVER=$3
+SERVER_IP=$4
+nmblookup=$5
+shift 5
+TORTURE_OPTIONS=$*
+
+failed=0
+
+testit()
+{
+	name="$1"
+	shift
+	cmdline="$*"
+	echo "test: $name"
+	$cmdline
+	status=$?
+	if [ x$status = x0 ]; then
+		echo "success: $name"
+	else
+		echo "failure: $name"
+		failed=$(expr $failed + 1)
+	fi
+	return $status
+}
+
+testit "nmblookup -U \$SERVER_IP \$SERVER" $nmblookup $TORTURE_OPTIONS -U $SERVER_IP $SERVER
+testit "nmblookup -U \$SERVER_IP \$NETBIOSNAME" $nmblookup $TORTURE_OPTIONS -U $SERVER_IP $NETBIOSNAME
+testit "nmblookup -U \$SERVER_IP \$NETBIOSALIAS" $nmblookup $TORTURE_OPTIONS -U $SERVER_IP $NETBIOSALIAS
+testit "nmblookup \$SERVER" $nmblookup $TORTURE_OPTIONS $SERVER
+testit "nmblookup \$NETBIOSNAME" $nmblookup $TORTURE_OPTIONS $NETBIOSNAME
+testit "nmblookup \$NETBIOSALIAS" $nmblookup $TORTURE_OPTIONS $NETBIOSALIAS
+
+exit $failed
diff --git a/source4/utils/tests/test_samba_tool.sh b/source4/utils/tests/test_samba_tool.sh
new file mode 100755
index 0000000..3b1507e
--- /dev/null
+++ b/source4/utils/tests/test_samba_tool.sh
@@ -0,0 +1,46 @@
+#!/bin/sh
+# Blackbox tests for samba-tool
+
+SERVER=$1
+SERVER_IP=$2
+USERNAME=$3
+PASSWORD=$4
+DOMAIN=$5
+smbclient=$6
+shift 6
+
+failed=0
+
+samba4bindir="$BINDIR"
+samba_tool="$samba4bindir/samba-tool"
+
+testit()
+{
+	name="$1"
+	shift
+	cmdline="$*"
+	echo "test: $name"
+	$cmdline
+	status=$?
+	if [ x$status = x0 ]; then
+		echo "success: $name"
+	else
+		echo "failure: $name"
+		failed=$(expr $failed + 1)
+	fi
+	return $status
+}
+
+testit "Test login with --machine-pass without kerberos" $VALGRIND $smbclient -c 'ls' $CONFIGURATION //$SERVER/tmp --machine-pass
+
+testit "Test login with --machine-pass and kerberos" $VALGRIND $smbclient -c 'ls' $CONFIGURATION //$SERVER/tmp --machine-pass -k
+
+testit "time" $VALGRIND $PYTHON $samba_tool time $SERVER $CONFIGURATION -W "$DOMAIN" -U"$USERNAME%$PASSWORD" "$@"
+
+testit "domain level.show" $VALGRIND $PYTHON $samba_tool domain level show
+
+testit "domain info" $VALGRIND $PYTHON $samba_tool domain info $SERVER_IP
+
+testit "fsmo show" $VALGRIND $PYTHON $samba_tool fsmo show
+
+exit $failed
diff --git a/source4/utils/tests/test_smbclient.sh b/source4/utils/tests/test_smbclient.sh
new file mode 100755
index 0000000..9b3e8dc
--- /dev/null
+++ b/source4/utils/tests/test_smbclient.sh
@@ -0,0 +1,35 @@
+#!/bin/sh
+# Blackbox tests for smbclient
+
+SERVER=$1
+SERVER_IP=$2
+USERNAME=$3
+PASSWORD=$4
+DOMAIN=$5
+smbclient=$6
+shift 6
+
+failed=0
+
+testit()
+{
+	name="$1"
+	shift
+	cmdline="$*"
+	echo "test: $name"
+	$cmdline
+	status=$?
+	if [ x$status = x0 ]; then
+		echo "success: $name"
+	else
+		echo "failure: $name"
+		failed=$(expr $failed + 1)
+	fi
+	return $status
+}
+
+testit "Test login with --machine-pass without kerberos" $VALGRIND $smbclient -c 'ls' $CONFIGURATION //$SERVER/tmp --machine-pass --use-kerberos=disabled
+
+testit "Test login with --machine-pass and kerberos" $VALGRIND $smbclient -c 'ls' $CONFIGURATION //$SERVER/tmp --machine-pass --use-kerberos=required
+
+exit $failed
diff --git a/source4/winbind/idmap.c b/source4/winbind/idmap.c
new file mode 100644
index 0000000..c6375f8
--- /dev/null
+++ b/source4/winbind/idmap.c
@@ -0,0 +1,860 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Map SIDs to unixids and back
+
+   Copyright (C) Kai Blin 2008
+   Copyright (C) Andrew Bartlett 2012
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "auth/auth.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "lib/util_unixsids.h"
+#include <ldb.h>
+#include "ldb_wrap.h"
+#include "param/param.h"
+#include "winbind/idmap.h"
+#include "libcli/security/security.h"
+#include "libcli/ldap/ldap_ndr.h"
+#include "dsdb/samdb/samdb.h"
+#include "../libds/common/flags.h"
+
+/**
+ * Get uid/gid bounds from idmap database
+ *
+ * \param idmap_ctx idmap context to use
+ * \param low lower uid/gid bound is stored here
+ * \param high upper uid/gid bound is stored here
+ * \return 0 on success, nonzero on failure
+ */
+static int idmap_get_bounds(struct idmap_context *idmap_ctx, uint32_t *low,
+		uint32_t *high)
+{
+	int ret = -1;
+	struct ldb_context *ldb = idmap_ctx->ldb_ctx;
+	struct ldb_dn *dn;
+	struct ldb_result *res = NULL;
+	TALLOC_CTX *tmp_ctx = talloc_new(idmap_ctx);
+	uint32_t lower_bound = (uint32_t) -1;
+	uint32_t upper_bound = (uint32_t) -1;
+
+	dn = ldb_dn_new(tmp_ctx, ldb, "CN=CONFIG");
+	if (dn == NULL) goto failed;
+
+	ret = ldb_search(ldb, tmp_ctx, &res, dn, LDB_SCOPE_BASE, NULL, NULL);
+	if (ret != LDB_SUCCESS) goto failed;
+
+	if (res->count != 1) {
+		ret = -1;
+		goto failed;
+	}
+
+	lower_bound = ldb_msg_find_attr_as_uint(res->msgs[0], "lowerBound", -1);
+	if (lower_bound != (uint32_t) -1) {
+		ret = LDB_SUCCESS;
+	} else {
+		ret = -1;
+		goto failed;
+	}
+
+	upper_bound = ldb_msg_find_attr_as_uint(res->msgs[0], "upperBound", -1);
+	if (upper_bound != (uint32_t) -1) {
+		ret = LDB_SUCCESS;
+	} else {
+		ret = -1;
+	}
+
+failed:
+	talloc_free(tmp_ctx);
+	*low  = lower_bound;
+	*high = upper_bound;
+	return ret;
+}
+
+/**
+ * Add a dom_sid structure to a ldb_message
+ * \param idmap_ctx idmap context to use
+ * \param mem_ctx talloc context to use
+ * \param ldb_message ldb message to add dom_sid to
+ * \param attr_name name of the attribute to store the dom_sid in
+ * \param sid dom_sid to store
+ * \return 0 on success, an ldb error code on failure.
+ */
+static int idmap_msg_add_dom_sid(struct idmap_context *idmap_ctx,
+		TALLOC_CTX *mem_ctx, struct ldb_message *msg,
+		const char *attr_name, const struct dom_sid *sid)
+{
+	struct ldb_val val;
+	enum ndr_err_code ndr_err;
+
+	ndr_err = ndr_push_struct_blob(&val, mem_ctx, sid,
+				       (ndr_push_flags_fn_t)ndr_push_dom_sid);
+
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return -1;
+	}
+
+	return ldb_msg_add_value(msg, attr_name, &val, NULL);
+}
+
+/**
+ * Get a dom_sid structure from a ldb message.
+ *
+ * \param mem_ctx talloc context to allocate dom_sid memory in
+ * \param msg ldb_message to get dom_sid from
+ * \param attr_name key that has the dom_sid as data
+ * \return dom_sid structure on success, NULL on failure
+ */
+static struct dom_sid *idmap_msg_get_dom_sid(TALLOC_CTX *mem_ctx,
+		struct ldb_message *msg, const char *attr_name)
+{
+	struct dom_sid *sid;
+	const struct ldb_val *val;
+	enum ndr_err_code ndr_err;
+
+	val = ldb_msg_find_ldb_val(msg, attr_name);
+	if (val == NULL) {
+		return NULL;
+	}
+
+	sid = talloc(mem_ctx, struct dom_sid);
+	if (sid == NULL) {
+		return NULL;
+	}
+
+	ndr_err = ndr_pull_struct_blob(val, sid, sid,
+				       (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(sid);
+		return NULL;
+	}
+
+	return sid;
+}
+
+/**
+ * Initialize idmap context
+ *
+ * talloc_free to close.
+ *
+ * \param mem_ctx talloc context to use.
+ * \return allocated idmap_context on success, NULL on error
+ */
+struct idmap_context *idmap_init(TALLOC_CTX *mem_ctx,
+				 struct tevent_context *ev_ctx,
+				 struct loadparm_context *lp_ctx)
+{
+	struct idmap_context *idmap_ctx;
+
+	idmap_ctx = talloc(mem_ctx, struct idmap_context);
+	if (idmap_ctx == NULL) {
+		return NULL;
+	}
+
+	idmap_ctx->lp_ctx = lp_ctx;
+
+	idmap_ctx->ldb_ctx = ldb_wrap_connect(idmap_ctx, ev_ctx, lp_ctx,
+					      "idmap.ldb",
+					      system_session(lp_ctx),
+					      NULL, 0);
+	if (idmap_ctx->ldb_ctx == NULL) {
+		goto fail;
+	}
+
+	idmap_ctx->samdb = samdb_connect(idmap_ctx,
+					 ev_ctx,
+					 lp_ctx,
+					 system_session(lp_ctx),
+					 NULL,
+					 0);
+	if (idmap_ctx->samdb == NULL) {
+		DEBUG(0, ("Failed to load sam.ldb in idmap_init\n"));
+		goto fail;
+	}
+
+	return idmap_ctx;
+fail:
+	TALLOC_FREE(idmap_ctx);
+	return NULL;
+}
+
+/**
+ * Convert an unixid to the corresponding SID
+ *
+ * \param idmap_ctx idmap context to use
+ * \param mem_ctx talloc context the memory for the struct dom_sid is allocated
+ * from.
+ * \param unixid pointer to a unixid struct to convert
+ * \param sid pointer that will take the struct dom_sid pointer if the mapping
+ * succeeds.
+ * \return NT_STATUS_OK on success, NT_STATUS_NONE_MAPPED if mapping not
+ * possible or some other NTSTATUS that is more descriptive on failure.
+ */
+
+static NTSTATUS idmap_xid_to_sid(struct idmap_context *idmap_ctx,
+				 TALLOC_CTX *mem_ctx,
+				 struct unixid *unixid,
+				 struct dom_sid **sid)
+{
+	int ret;
+	NTSTATUS status;
+	struct ldb_context *ldb = idmap_ctx->ldb_ctx;
+	struct ldb_result *res = NULL;
+	struct ldb_message *msg;
+	const struct dom_sid *unix_sid;
+	struct dom_sid *new_sid;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	const char *id_type;
+
+	const char *sam_attrs[] = {"objectSid", NULL};
+	
+	/* 
+	 * First check against our local DB, to see if this user has a
+	 * mapping there.  This means that the Samba4 AD DC behaves
+	 * much like a winbindd member server running idmap_ad
+	 */
+	
+	switch (unixid->type) {
+		case ID_TYPE_UID:
+			if (lpcfg_parm_bool(idmap_ctx->lp_ctx, NULL, "idmap_ldb", "use rfc2307", false)) {
+				ret = dsdb_search_one(idmap_ctx->samdb, tmp_ctx, &msg,
+						      ldb_get_default_basedn(idmap_ctx->samdb),
+						      LDB_SCOPE_SUBTREE,
+						      sam_attrs, 0,
+						      "(&(|(sAMaccountType=%u)(sAMaccountType=%u)(sAMaccountType=%u))"
+						      "(uidNumber=%u)(objectSid=*))",
+						      ATYPE_ACCOUNT, ATYPE_WORKSTATION_TRUST, ATYPE_INTERDOMAIN_TRUST, unixid->id);
+			} else {
+				/* If we are not to use the rfc2307 attributes, we just emulate a non-match */
+				ret = LDB_ERR_NO_SUCH_OBJECT;
+			}
+
+			if (ret == LDB_ERR_CONSTRAINT_VIOLATION) {
+				DEBUG(1, ("Search for uidNumber=%lu gave duplicate results, failing to map to a SID!\n",
+					  (unsigned long)unixid->id));
+				status = NT_STATUS_NONE_MAPPED;
+				goto failed;
+			} else if (ret == LDB_SUCCESS) {
+				*sid = samdb_result_dom_sid(mem_ctx, msg, "objectSid");
+				if (*sid == NULL) {
+					DEBUG(1, ("Search for uidNumber=%lu did not return an objectSid!\n",
+						  (unsigned long)unixid->id));
+					status = NT_STATUS_NONE_MAPPED;
+					goto failed;
+				}
+				talloc_free(tmp_ctx);
+				return NT_STATUS_OK;
+			} else if (ret != LDB_ERR_NO_SUCH_OBJECT) {
+				DEBUG(1, ("Search for uidNumber=%lu gave '%s', failing to map to a SID!\n",
+					  (unsigned long)unixid->id, ldb_errstring(idmap_ctx->samdb)));
+				status = NT_STATUS_NONE_MAPPED;
+				goto failed;
+			}
+
+			id_type = "ID_TYPE_UID";
+			break;
+		case ID_TYPE_GID:
+			if (lpcfg_parm_bool(idmap_ctx->lp_ctx, NULL, "idmap_ldb", "use rfc2307", false)) {
+				ret = dsdb_search_one(idmap_ctx->samdb, tmp_ctx, &msg,
+						      ldb_get_default_basedn(idmap_ctx->samdb),
+						      LDB_SCOPE_SUBTREE,
+						      sam_attrs, 0,
+						      "(&(|(sAMaccountType=%u)(sAMaccountType=%u))(gidNumber=%u))",
+						      ATYPE_SECURITY_GLOBAL_GROUP, ATYPE_SECURITY_LOCAL_GROUP,
+						      unixid->id);
+			} else {
+				/* If we are not to use the rfc2307 attributes, we just emulate a non-match */
+				ret = LDB_ERR_NO_SUCH_OBJECT;
+			}
+			if (ret == LDB_ERR_CONSTRAINT_VIOLATION) {
+				DEBUG(1, ("Search for gidNumber=%lu gave duplicate results, failing to map to a SID!\n",
+					  (unsigned long)unixid->id));
+				status = NT_STATUS_NONE_MAPPED;
+				goto failed;
+			} else if (ret == LDB_SUCCESS) {
+				*sid = samdb_result_dom_sid(mem_ctx, msg, "objectSid");
+				if (*sid == NULL) {
+					DEBUG(1, ("Search for gidNumber=%lu did not return an objectSid!\n",
+						  (unsigned long)unixid->id));
+					status = NT_STATUS_NONE_MAPPED;
+					goto failed;
+				}
+				talloc_free(tmp_ctx);
+				return NT_STATUS_OK;
+			} else if (ret != LDB_ERR_NO_SUCH_OBJECT) {
+				DEBUG(1, ("Search for gidNumber=%lu gave '%s', failing to map to a SID!\n",
+					  (unsigned long)unixid->id, ldb_errstring(idmap_ctx->samdb)));
+				status = NT_STATUS_NONE_MAPPED;
+				goto failed;
+			}
+
+			id_type = "ID_TYPE_GID";
+			break;
+		default:
+			DEBUG(1, ("unixid->type must be type gid or uid (got %u) for lookup with id %lu\n",
+				  (unsigned)unixid->type, (unsigned long)unixid->id));
+			status = NT_STATUS_NONE_MAPPED;
+			goto failed;
+	}
+
+	ret = ldb_search(ldb, tmp_ctx, &res, NULL, LDB_SCOPE_SUBTREE,
+				 NULL, "(&(|(type=ID_TYPE_BOTH)(type=%s))"
+				 "(xidNumber=%u))", id_type, unixid->id);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(1, ("Search failed: %s\n", ldb_errstring(ldb)));
+		status = NT_STATUS_NONE_MAPPED;
+		goto failed;
+	}
+
+	if (res->count == 1) {
+		const char *type = ldb_msg_find_attr_as_string(res->msgs[0],
+							       "type", NULL);
+
+		*sid = idmap_msg_get_dom_sid(mem_ctx, res->msgs[0],
+					     "objectSid");
+		if (*sid == NULL) {
+			DEBUG(1, ("Failed to get sid from db: %u\n", ret));
+			status = NT_STATUS_NONE_MAPPED;
+			goto failed;
+		}
+
+		if (type == NULL) {
+			DEBUG(1, ("Invalid type for mapping entry.\n"));
+			talloc_free(tmp_ctx);
+			return NT_STATUS_NONE_MAPPED;
+		}
+
+		if (strcmp(type, "ID_TYPE_BOTH") == 0) {
+			unixid->type = ID_TYPE_BOTH;
+		} else if (strcmp(type, "ID_TYPE_UID") == 0) {
+			unixid->type = ID_TYPE_UID;
+		} else {
+			unixid->type = ID_TYPE_GID;
+		}
+
+		talloc_free(tmp_ctx);
+		return NT_STATUS_OK;
+	}
+
+	DEBUG(6, ("xid not found in idmap db, create S-1-22- SID.\n"));
+
+	/* For local users/groups , we just create a rid = uid/gid */
+	if (unixid->type == ID_TYPE_UID) {
+		unix_sid = &global_sid_Unix_Users;
+	} else {
+		unix_sid = &global_sid_Unix_Groups;
+	}
+
+	new_sid = dom_sid_add_rid(mem_ctx, unix_sid, unixid->id);
+	if (new_sid == NULL) {
+		status = NT_STATUS_NO_MEMORY;
+		goto failed;
+	}
+
+	*sid = new_sid;
+	talloc_free(tmp_ctx);
+	return NT_STATUS_OK;
+
+failed:
+	talloc_free(tmp_ctx);
+	return status;
+}
+
+
+/**
+ * Map a SID to an unixid struct.
+ *
+ * If no mapping exists, a new mapping will be created.
+ *
+ * \param idmap_ctx idmap context to use
+ * \param mem_ctx talloc context to use
+ * \param sid SID to map to an unixid struct
+ * \param unixid pointer to a unixid struct
+ * \return NT_STATUS_OK on success, NT_STATUS_INVALID_SID if the sid is not from
+ * a trusted domain and idmap trusted only = true, NT_STATUS_NONE_MAPPED if the
+ * mapping failed.
+ */
+static NTSTATUS idmap_sid_to_xid(struct idmap_context *idmap_ctx,
+				 TALLOC_CTX *mem_ctx,
+				 const struct dom_sid *sid,
+				 struct unixid *unixid)
+{
+	int ret;
+	NTSTATUS status;
+	struct ldb_context *ldb = idmap_ctx->ldb_ctx;
+	struct ldb_dn *dn;
+	struct ldb_message *hwm_msg, *map_msg, *sam_msg;
+	struct ldb_result *res = NULL;
+	int trans = -1;
+	uint32_t low, high, hwm, new_xid;
+	struct dom_sid_buf sid_string;
+	char *unixid_string, *hwm_string;
+	bool hwm_entry_exists;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	const char *sam_attrs[] = {"uidNumber", "gidNumber", "samAccountType", NULL};
+
+	if (sid_check_is_in_unix_users(sid)) {
+		uint32_t rid;
+		DEBUG(6, ("This is a local unix uid, just calculate that.\n"));
+		status = dom_sid_split_rid(tmp_ctx, sid, NULL, &rid);
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(tmp_ctx);
+			return status;
+		}
+
+		unixid->id = rid;
+		unixid->type = ID_TYPE_UID;
+
+		talloc_free(tmp_ctx);
+		return NT_STATUS_OK;
+	}
+
+	if (sid_check_is_in_unix_groups(sid)) {
+		uint32_t rid;
+		DEBUG(6, ("This is a local unix gid, just calculate that.\n"));
+		status = dom_sid_split_rid(tmp_ctx, sid, NULL, &rid);
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(tmp_ctx);
+			return status;
+		}
+
+		unixid->id = rid;
+		unixid->type = ID_TYPE_GID;
+
+		talloc_free(tmp_ctx);
+		return NT_STATUS_OK;
+	}
+
+	/* 
+	 * First check against our local DB, to see if this user has a
+	 * mapping there.  This means that the Samba4 AD DC behaves
+	 * much like a winbindd member server running idmap_ad
+	 */
+	
+	if (lpcfg_parm_bool(idmap_ctx->lp_ctx, NULL, "idmap_ldb", "use rfc2307", false)) {
+		struct dom_sid_buf buf;
+		ret = dsdb_search_one(idmap_ctx->samdb, tmp_ctx, &sam_msg,
+				      ldb_get_default_basedn(idmap_ctx->samdb),
+				      LDB_SCOPE_SUBTREE, sam_attrs, 0,
+				      "(&(objectSid=%s)"
+				      "(|(sAMaccountType=%u)(sAMaccountType=%u)(sAMaccountType=%u)"
+				      "(sAMaccountType=%u)(sAMaccountType=%u))"
+				      "(|(uidNumber=*)(gidNumber=*)))",
+				      dom_sid_str_buf(sid, &buf),
+				      ATYPE_ACCOUNT, ATYPE_WORKSTATION_TRUST, ATYPE_INTERDOMAIN_TRUST,
+				      ATYPE_SECURITY_GLOBAL_GROUP, ATYPE_SECURITY_LOCAL_GROUP);
+	} else {
+		/* If we are not to use the rfc2307 attributes, we just emulate a non-match */
+		ret = LDB_ERR_NO_SUCH_OBJECT;
+	}
+
+	if (ret == LDB_ERR_CONSTRAINT_VIOLATION) {
+		struct dom_sid_buf buf;
+		DEBUG(1, ("Search for objectSid=%s gave duplicate results, failing to map to a unix ID!\n",
+			  dom_sid_str_buf(sid, &buf)));
+		status = NT_STATUS_NONE_MAPPED;
+		goto failed;
+	} else if (ret == LDB_SUCCESS) {
+		uint32_t account_type = ldb_msg_find_attr_as_uint(sam_msg, "sAMaccountType", 0);
+		if ((account_type == ATYPE_ACCOUNT) ||
+		    (account_type == ATYPE_WORKSTATION_TRUST ) ||
+		    (account_type == ATYPE_INTERDOMAIN_TRUST ))
+		{
+			const struct ldb_val *v = ldb_msg_find_ldb_val(sam_msg, "uidNumber");
+			if (v) {
+				unixid->type = ID_TYPE_UID;
+				unixid->id = ldb_msg_find_attr_as_uint(sam_msg, "uidNumber", -1);
+				talloc_free(tmp_ctx);
+				return NT_STATUS_OK;
+			}
+
+		} else if ((account_type == ATYPE_SECURITY_GLOBAL_GROUP) ||
+			   (account_type == ATYPE_SECURITY_LOCAL_GROUP))
+		{
+			const struct ldb_val *v = ldb_msg_find_ldb_val(sam_msg, "gidNumber");
+			if (v) {
+				unixid->type = ID_TYPE_GID;
+				unixid->id = ldb_msg_find_attr_as_uint(sam_msg, "gidNumber", -1);
+				talloc_free(tmp_ctx);
+				return NT_STATUS_OK;
+			}
+		}
+	} else if (ret != LDB_ERR_NO_SUCH_OBJECT) {
+		struct dom_sid_buf buf;
+		DEBUG(1, ("Search for objectSid=%s gave '%s', failing to map to a SID!\n",
+			  dom_sid_str_buf(sid, &buf),
+			  ldb_errstring(idmap_ctx->samdb)));
+
+		status = NT_STATUS_NONE_MAPPED;
+		goto failed;
+	}
+
+	ret = ldb_search(ldb, tmp_ctx, &res, NULL, LDB_SCOPE_SUBTREE,
+				 NULL, "(&(objectClass=sidMap)(objectSid=%s))",
+				 ldap_encode_ndr_dom_sid(tmp_ctx, sid));
+	if (ret != LDB_SUCCESS) {
+		DEBUG(1, ("Search failed: %s\n", ldb_errstring(ldb)));
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NONE_MAPPED;
+	}
+
+	if (res->count == 1) {
+		const char *type = ldb_msg_find_attr_as_string(res->msgs[0],
+							       "type", NULL);
+		new_xid = ldb_msg_find_attr_as_uint(res->msgs[0], "xidNumber",
+						    -1);
+		if (new_xid == (uint32_t) -1) {
+			DEBUG(1, ("Invalid xid mapping.\n"));
+			talloc_free(tmp_ctx);
+			return NT_STATUS_NONE_MAPPED;
+		}
+
+		if (type == NULL) {
+			DEBUG(1, ("Invalid type for mapping entry.\n"));
+			talloc_free(tmp_ctx);
+			return NT_STATUS_NONE_MAPPED;
+		}
+
+		unixid->id = new_xid;
+
+		if (strcmp(type, "ID_TYPE_BOTH") == 0) {
+			unixid->type = ID_TYPE_BOTH;
+		} else if (strcmp(type, "ID_TYPE_UID") == 0) {
+			unixid->type = ID_TYPE_UID;
+		} else {
+			unixid->type = ID_TYPE_GID;
+		}
+
+		talloc_free(tmp_ctx);
+		return NT_STATUS_OK;
+	}
+
+	DEBUG(6, ("No existing mapping found, attempting to create one.\n"));
+
+	trans = ldb_transaction_start(ldb);
+	if (trans != LDB_SUCCESS) {
+		status = NT_STATUS_NONE_MAPPED;
+		goto failed;
+	}
+
+	/* Redo the search to make sure no one changed the mapping while we
+	 * weren't looking */
+	ret = ldb_search(ldb, tmp_ctx, &res, NULL, LDB_SCOPE_SUBTREE,
+				 NULL, "(&(objectClass=sidMap)(objectSid=%s))",
+				 ldap_encode_ndr_dom_sid(tmp_ctx, sid));
+	if (ret != LDB_SUCCESS) {
+		DEBUG(1, ("Search failed: %s\n", ldb_errstring(ldb)));
+		status = NT_STATUS_NONE_MAPPED;
+		goto failed;
+	}
+
+	if (res->count > 0) {
+		DEBUG(1, ("Database changed while trying to add a sidmap.\n"));
+		status = NT_STATUS_RETRY;
+		goto failed;
+	}
+
+	ret = idmap_get_bounds(idmap_ctx, &low, &high);
+	if (ret != LDB_SUCCESS) {
+		status = NT_STATUS_NONE_MAPPED;
+		goto failed;
+	}
+
+	dn = ldb_dn_new(tmp_ctx, ldb, "CN=CONFIG");
+	if (dn == NULL) {
+		status = NT_STATUS_NO_MEMORY;
+		goto failed;
+	}
+
+	ret = ldb_search(ldb, tmp_ctx, &res, dn, LDB_SCOPE_BASE, NULL, NULL);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(1, ("Search failed: %s\n", ldb_errstring(ldb)));
+		status = NT_STATUS_NONE_MAPPED;
+		goto failed;
+	}
+
+	if (res->count != 1) {
+		DEBUG(1, ("No CN=CONFIG record, idmap database is broken.\n"));
+		status = NT_STATUS_NONE_MAPPED;
+		goto failed;
+	}
+
+	hwm = ldb_msg_find_attr_as_uint(res->msgs[0], "xidNumber", -1);
+	if (hwm == (uint32_t)-1) {
+		hwm = low;
+		hwm_entry_exists = false;
+	} else {
+		hwm_entry_exists = true;
+	}
+
+	if (hwm > high) {
+		DEBUG(1, ("Out of xids to allocate.\n"));
+		status = NT_STATUS_NONE_MAPPED;
+		goto failed;
+	}
+
+	hwm_msg = ldb_msg_new(tmp_ctx);
+	if (hwm_msg == NULL) {
+		DEBUG(1, ("Out of memory when creating ldb_message\n"));
+		status = NT_STATUS_NO_MEMORY;
+		goto failed;
+	}
+
+	hwm_msg->dn = dn;
+
+	new_xid = hwm;
+	hwm++;
+
+	hwm_string = talloc_asprintf(tmp_ctx, "%u", hwm);
+	if (hwm_string == NULL) {
+		status = NT_STATUS_NO_MEMORY;
+		goto failed;
+	}
+
+	dom_sid_str_buf(sid, &sid_string);
+
+	unixid_string = talloc_asprintf(tmp_ctx, "%u", new_xid);
+	if (unixid_string == NULL) {
+		status = NT_STATUS_NO_MEMORY;
+		goto failed;
+	}
+
+	if (hwm_entry_exists) {
+		struct ldb_message_element *els;
+		struct ldb_val *vals;
+
+		/* We're modifying the entry, not just adding a new one. */
+		els = talloc_array(tmp_ctx, struct ldb_message_element, 2);
+		if (els == NULL) {
+			status = NT_STATUS_NO_MEMORY;
+			goto failed;
+		}
+
+		vals = talloc_array(tmp_ctx, struct ldb_val, 2);
+		if (vals == NULL) {
+			status = NT_STATUS_NO_MEMORY;
+			goto failed;
+		}
+
+		hwm_msg->num_elements = 2;
+		hwm_msg->elements = els;
+
+		els[0].num_values = 1;
+		els[0].values = &vals[0];
+		els[0].flags = LDB_FLAG_MOD_DELETE;
+		els[0].name = talloc_strdup(tmp_ctx, "xidNumber");
+		if (els[0].name == NULL) {
+			status = NT_STATUS_NO_MEMORY;
+			goto failed;
+		}
+
+		els[1].num_values = 1;
+		els[1].values = &vals[1];
+		els[1].flags = LDB_FLAG_MOD_ADD;
+		els[1].name = els[0].name;
+
+		vals[0].data = (uint8_t *)unixid_string;
+		vals[0].length = strlen(unixid_string);
+		vals[1].data = (uint8_t *)hwm_string;
+		vals[1].length = strlen(hwm_string);
+	} else {
+		ret = ldb_msg_append_string(hwm_msg, "xidNumber", hwm_string,
+					    LDB_FLAG_MOD_ADD);
+		if (ret != LDB_SUCCESS)
+		{
+			status = NT_STATUS_NONE_MAPPED;
+			goto failed;
+		}
+	}
+
+	ret = ldb_modify(ldb, hwm_msg);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(1, ("Updating the xid high water mark failed: %s\n",
+			  ldb_errstring(ldb)));
+		status = NT_STATUS_NONE_MAPPED;
+		goto failed;
+	}
+
+	map_msg = ldb_msg_new(tmp_ctx);
+	if (map_msg == NULL) {
+		status = NT_STATUS_NO_MEMORY;
+		goto failed;
+	}
+
+	map_msg->dn = ldb_dn_new_fmt(tmp_ctx, ldb, "CN=%s", sid_string.buf);
+	if (map_msg->dn == NULL) {
+		status = NT_STATUS_NO_MEMORY;
+		goto failed;
+	}
+
+	ret = ldb_msg_add_string(map_msg, "xidNumber", unixid_string);
+	if (ret != LDB_SUCCESS) {
+		status = NT_STATUS_NONE_MAPPED;
+		goto failed;
+	}
+
+	ret = idmap_msg_add_dom_sid(idmap_ctx, tmp_ctx, map_msg, "objectSid",
+			sid);
+	if (ret != LDB_SUCCESS) {
+		status = NT_STATUS_NONE_MAPPED;
+		goto failed;
+	}
+
+	ret = ldb_msg_add_string(map_msg, "objectClass", "sidMap");
+	if (ret != LDB_SUCCESS) {
+		status = NT_STATUS_NONE_MAPPED;
+		goto failed;
+	}
+
+	ret = ldb_msg_add_string(map_msg, "type", "ID_TYPE_BOTH");
+	if (ret != LDB_SUCCESS) {
+		status = NT_STATUS_NONE_MAPPED;
+		goto failed;
+	}
+
+	ret = ldb_msg_add_string(map_msg, "cn", sid_string.buf);
+	if (ret != LDB_SUCCESS) {
+		status = NT_STATUS_NONE_MAPPED;
+		goto failed;
+	}
+
+	ret = ldb_add(ldb, map_msg);
+	if (ret != LDB_SUCCESS) {
+		DEBUG(1, ("Adding a sidmap failed: %s\n", ldb_errstring(ldb)));
+		status = NT_STATUS_NONE_MAPPED;
+		goto failed;
+	}
+
+	trans = ldb_transaction_commit(ldb);
+	if (trans != LDB_SUCCESS) {
+		DEBUG(1, ("Transaction failed: %s\n", ldb_errstring(ldb)));
+		status = NT_STATUS_NONE_MAPPED;
+		goto failed;
+	}
+
+	unixid->id = new_xid;
+	unixid->type = ID_TYPE_BOTH;
+	talloc_free(tmp_ctx);
+	return NT_STATUS_OK;
+
+failed:
+	if (trans == LDB_SUCCESS) ldb_transaction_cancel(ldb);
+	talloc_free(tmp_ctx);
+	return status;
+}
+
+/**
+ * Convert an array of unixids to the corresponding array of SIDs
+ *
+ * \param idmap_ctx idmap context to use
+ * \param mem_ctx talloc context the memory for the dom_sids is allocated
+ * from.
+ * \param count length of id_mapping array.
+ * \param id array of id_mappings.
+ * \return NT_STATUS_OK on success, NT_STATUS_NONE_MAPPED if mapping is not
+ * possible at all, NT_STATUS_SOME_UNMAPPED if some mappings worked and some
+ * did not.
+ */
+
+NTSTATUS idmap_xids_to_sids(struct idmap_context *idmap_ctx,
+			    TALLOC_CTX *mem_ctx,
+			    struct id_map **id)
+{
+	unsigned int i, error_count = 0;
+	NTSTATUS status;
+
+	for (i = 0; id && id[i]; i++) {
+		status = idmap_xid_to_sid(idmap_ctx, mem_ctx,
+						&id[i]->xid, &id[i]->sid);
+		if (NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
+			status = idmap_xid_to_sid(idmap_ctx, mem_ctx,
+							&id[i]->xid,
+							&id[i]->sid);
+		}
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(1, ("idmapping xid_to_sid failed for id[%d]=%lu: %s\n",
+				  i, (unsigned long)id[i]->xid.id, nt_errstr(status)));
+			error_count++;
+			id[i]->status = ID_UNMAPPED;
+		} else {
+			id[i]->status = ID_MAPPED;
+		}
+	}
+
+	if (error_count == i) {
+		/* Mapping did not work at all. */
+		return NT_STATUS_NONE_MAPPED;
+	} else if (error_count > 0) {
+		/* Some mappings worked, some did not. */
+		return STATUS_SOME_UNMAPPED;
+	} else {
+		return NT_STATUS_OK;
+	}
+}
+
+/**
+ * Convert an array of SIDs to the corresponding array of unixids
+ *
+ * \param idmap_ctx idmap context to use
+ * \param mem_ctx talloc context the memory for the unixids is allocated
+ * from.
+ * \param count length of id_mapping array.
+ * \param id array of id_mappings.
+ * \return NT_STATUS_OK on success, NT_STATUS_NONE_MAPPED if mapping is not
+ * possible at all, NT_STATUS_SOME_UNMAPPED if some mappings worked and some
+ * did not.
+ */
+
+NTSTATUS idmap_sids_to_xids(struct idmap_context *idmap_ctx,
+			    TALLOC_CTX *mem_ctx,
+			    struct id_map **id)
+{
+	unsigned int i, error_count = 0;
+	NTSTATUS status;
+
+	for (i = 0; id && id[i]; i++) {
+		status = idmap_sid_to_xid(idmap_ctx, mem_ctx,
+					  id[i]->sid, &id[i]->xid);
+		if (NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
+			status = idmap_sid_to_xid(idmap_ctx, mem_ctx,
+						  id[i]->sid,
+						  &id[i]->xid);
+		}
+		if (!NT_STATUS_IS_OK(status)) {
+			struct dom_sid_buf buf;
+			DEBUG(1, ("idmapping sid_to_xid failed for id[%d]=%s: %s\n",
+				  i,
+				  dom_sid_str_buf(id[i]->sid, &buf),
+				  nt_errstr(status)));
+			error_count++;
+			id[i]->status = ID_UNMAPPED;
+		} else {
+			id[i]->status = ID_MAPPED;
+		}
+	}
+
+	if (error_count == i) {
+		/* Mapping did not work at all. */
+		return NT_STATUS_NONE_MAPPED;
+	} else if (error_count > 0) {
+		/* Some mappings worked, some did not. */
+		return STATUS_SOME_UNMAPPED;
+	} else {
+		return NT_STATUS_OK;
+	}
+}
+
diff --git a/source4/winbind/idmap.h b/source4/winbind/idmap.h
new file mode 100644
index 0000000..04770c3
--- /dev/null
+++ b/source4/winbind/idmap.h
@@ -0,0 +1,38 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Map SIDs to uids/gids and back
+
+   Copyright (C) Kai Blin 2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _WINBIND_IDMAP_H_
+#define _WINBIND_IDMAP_H_
+
+#include "librpc/gen_ndr/idmap.h"
+
+struct idmap_context {
+	struct loadparm_context *lp_ctx;
+	struct ldb_context *ldb_ctx;
+	struct ldb_context *samdb;
+};
+
+struct tevent_context;
+
+#include "winbind/idmap_proto.h"
+
+#endif
+
diff --git a/source4/winbind/winbindd.c b/source4/winbind/winbindd.c
new file mode 100644
index 0000000..7b6e3d9
--- /dev/null
+++ b/source4/winbind/winbindd.c
@@ -0,0 +1,119 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   run s3 winbindd server within Samba4
+
+   Copyright (C) Andrew Tridgell	2011
+   Copyright (C) Andrew Bartlett	2014
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "talloc.h"
+#include "tevent.h"
+#include "system/filesys.h"
+#include "lib/param/param.h"
+#include "source4/samba/service.h"
+#include "source4/samba/process_model.h"
+#include "dynconfig.h"
+#include "nsswitch/winbind_client.h"
+
+/*
+  called if winbindd exits
+ */
+static void winbindd_done(struct tevent_req *subreq)
+{
+	struct task_server *task =
+		tevent_req_callback_data(subreq,
+		struct task_server);
+	int sys_errno;
+	int ret;
+
+	ret = samba_runcmd_recv(subreq, &sys_errno);
+	if (ret != 0) {
+		DEBUG(0,("winbindd daemon died with exit status %d\n", sys_errno));
+	} else {
+		DEBUG(0,("winbindd daemon exited normally\n"));
+	}
+	task_server_terminate(task, "winbindd child process exited", true);
+}
+
+
+/*
+  startup a copy of winbindd as a child daemon
+*/
+static NTSTATUS winbindd_task_init(struct task_server *task)
+{
+	struct tevent_req *subreq;
+	const char *winbindd_path;
+	const char *winbindd_cmd[2] = { NULL, NULL };
+	const char *config_file = "";
+
+	task_server_set_title(task, "task[winbindd_parent]");
+
+	winbindd_path = talloc_asprintf(task, "%s/winbindd", dyn_SBINDIR);
+	if (winbindd_path == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	winbindd_cmd[0] = winbindd_path;
+
+	if (!is_default_dyn_CONFIGFILE()) {
+		config_file = talloc_asprintf(task,
+					      "--configfile=%s",
+					      get_dyn_CONFIGFILE());
+		if (config_file == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
+	/* start it as a child process */
+	subreq = samba_runcmd_send(task, task->event_ctx, timeval_zero(), 1, 0,
+				winbindd_cmd,
+				"-D",
+				"--option=server role check:inhibit=yes",
+				"--foreground",
+				config_file,
+				debug_get_output_is_stdout()?"--debug-stdout":NULL,
+				NULL);
+	if (subreq == NULL) {
+		DEBUG(0, ("Failed to start winbindd as child daemon\n"));
+		task_server_terminate(task, "Failed to startup winbindd task", true);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	tevent_req_set_callback(subreq, winbindd_done, task);
+
+	DEBUG(5,("Started winbindd as a child daemon\n"));
+	return NT_STATUS_OK;
+}
+
+/* called at winbindd startup - register ourselves as a server service */
+NTSTATUS server_service_winbindd_init(TALLOC_CTX *);
+
+NTSTATUS server_service_winbindd_init(TALLOC_CTX *ctx)
+{
+	static const struct service_details details = {
+		.inhibit_fork_on_accept = true,
+		.inhibit_pre_fork = true,
+		.task_init = winbindd_task_init,
+		.post_fork = NULL
+	};
+
+	NTSTATUS status = register_server_service(ctx, "winbindd", &details);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+	return register_server_service(ctx, "winbind", &details);
+}
diff --git a/source4/winbind/wscript_build b/source4/winbind/wscript_build
new file mode 100644
index 0000000..be10cb5
--- /dev/null
+++ b/source4/winbind/wscript_build
@@ -0,0 +1,18 @@
+#!/usr/bin/env python
+
+
+bld.SAMBA_MODULE('service_winbindd',
+	source='winbindd.c',
+	subsystem='service',
+	init_function='server_service_winbindd_init',
+	deps='process_model UTIL_RUNCMD',
+	internal_module=False,
+	)
+
+
+bld.SAMBA_SUBSYSTEM('IDMAP',
+	source='idmap.c',
+	autoproto='idmap_proto.h',
+	public_deps='samdb-common ldbsamba'
+	)
+
diff --git a/source4/wrepl_server/wrepl_apply_records.c b/source4/wrepl_server/wrepl_apply_records.c
new file mode 100644
index 0000000..9e7bab3
--- /dev/null
+++ b/source4/wrepl_server/wrepl_apply_records.c
@@ -0,0 +1,1503 @@
+/* 
+   Unix SMB/CIFS implementation.
+   
+   WINS Replication server
+   
+   Copyright (C) Stefan Metzmacher	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <tevent.h>
+#include "samba/service_task.h"
+#include "lib/messaging/irpc.h"
+#include "librpc/gen_ndr/ndr_irpc_c.h"
+#include "librpc/gen_ndr/ndr_winsrepl.h"
+#include "wrepl_server/wrepl_server.h"
+#include "nbt_server/wins/winsdb.h"
+#include "libcli/wrepl/winsrepl.h"
+#include "system/time.h"
+#include "librpc/gen_ndr/ndr_nbt.h"
+#include "param/param.h"
+
+enum _R_ACTION {
+	R_INVALID,
+	R_DO_REPLACE,
+	R_NOT_REPLACE,
+	R_DO_PROPAGATE,
+	R_DO_CHALLENGE,
+	R_DO_RELEASE_DEMAND,
+	R_DO_SGROUP_MERGE
+};
+
+static const char *_R_ACTION_enum_string(enum _R_ACTION action)
+{
+	switch (action) {
+	case R_INVALID:			return "INVALID";
+	case R_DO_REPLACE:		return "REPLACE";
+	case R_NOT_REPLACE:		return "NOT_REPLACE";
+	case R_DO_PROPAGATE:		return "PROPAGATE";
+	case R_DO_CHALLENGE:		return "CHALLEGNE";
+	case R_DO_RELEASE_DEMAND:	return "RELEASE_DEMAND";
+	case R_DO_SGROUP_MERGE:		return "SGROUP_MERGE";
+	}
+
+	return "enum _R_ACTION unknown";
+}
+
+#define R_IS_ACTIVE(r) ((r)->state == WREPL_STATE_ACTIVE)
+#if 0 /* unused */
+#define R_IS_RELEASED(r) ((r)->state == WREPL_STATE_RELEASED)
+#endif
+#define R_IS_TOMBSTONE(r) ((r)->state == WREPL_STATE_TOMBSTONE)
+
+#define R_IS_UNIQUE(r) ((r)->type == WREPL_TYPE_UNIQUE)
+#define R_IS_GROUP(r) ((r)->type == WREPL_TYPE_GROUP)
+#define R_IS_SGROUP(r) ((r)->type == WREPL_TYPE_SGROUP)
+#if 0 /* unused */
+#define R_IS_MHOMED(r) ((r)->type == WREPL_TYPE_MHOMED)
+#endif
+
+/* blindly overwrite records from the same owner in all cases */
+static enum _R_ACTION replace_same_owner(struct winsdb_record *r1, struct wrepl_name *r2)
+{
+	/* REPLACE */
+	return R_DO_REPLACE;
+}
+
+static bool r_1_is_subset_of_2_address_list(struct winsdb_record *r1, struct wrepl_name *r2, bool check_owners)
+{
+	uint32_t i,j;
+	size_t len = winsdb_addr_list_length(r1->addresses);
+
+	for (i=0; i < len; i++) {
+		bool found = false;
+		for (j=0; j < r2->num_addresses; j++) {
+			if (strcmp(r1->addresses[i]->address, r2->addresses[j].address) != 0) {
+				continue;
+			}
+
+			if (check_owners && strcmp(r1->addresses[i]->wins_owner, r2->addresses[j].owner) != 0) {
+				return false;
+			}
+			found = true;
+			break;
+		}
+		if (!found) return false;
+	}
+
+	return true;
+}
+
+static bool r_1_is_superset_of_2_address_list(struct winsdb_record *r1, struct wrepl_name *r2, bool check_owners)
+{
+	uint32_t i,j;
+	size_t len = winsdb_addr_list_length(r1->addresses);
+
+	for (i=0; i < r2->num_addresses; i++) {
+		bool found = false;
+		for (j=0; j < len; j++) {
+			if (strcmp(r2->addresses[i].address, r1->addresses[j]->address) != 0) {
+				continue;
+			}
+
+			if (check_owners && strcmp(r2->addresses[i].owner, r1->addresses[j]->wins_owner) != 0) {
+				return false;
+			}
+			found = true;
+			break;
+		}
+		if (!found) return false;
+	}
+
+	return true;
+}
+
+static bool r_1_is_same_as_2_address_list(struct winsdb_record *r1, struct wrepl_name *r2, bool check_owners)
+{
+	size_t len = winsdb_addr_list_length(r1->addresses);
+
+	if (len != r2->num_addresses) {
+		return false;
+	}
+
+	return r_1_is_superset_of_2_address_list(r1, r2, check_owners);
+}
+
+static bool r_contains_addrs_from_owner(struct winsdb_record *r1, const char *owner)
+{
+	uint32_t i;
+	size_t len = winsdb_addr_list_length(r1->addresses);
+
+	for (i=0; i < len; i++) {
+		if (strcmp(r1->addresses[i]->wins_owner, owner) == 0) {
+			return true;
+		}
+	}
+
+	return false;
+}
+
+/*
+UNIQUE,ACTIVE vs. UNIQUE,ACTIVE with different ip(s) => REPLACE
+UNIQUE,ACTIVE vs. UNIQUE,TOMBSTONE with different ip(s) => NOT REPLACE
+UNIQUE,RELEASED vs. UNIQUE,ACTIVE with different ip(s) => REPLACE
+UNIQUE,RELEASED vs. UNIQUE,TOMBSTONE with different ip(s) => REPLACE
+UNIQUE,TOMBSTONE vs. UNIQUE,ACTIVE with different ip(s) => REPLACE
+UNIQUE,TOMBSTONE vs. UNIQUE,TOMBSTONE with different ip(s) => REPLACE
+UNIQUE,ACTIVE vs. GROUP,ACTIVE with different ip(s) => REPLACE
+UNIQUE,ACTIVE vs. GROUP,TOMBSTONE with same ip(s) => NOT REPLACE
+UNIQUE,RELEASED vs. GROUP,ACTIVE with different ip(s) => REPLACE
+UNIQUE,RELEASED vs. GROUP,TOMBSTONE with different ip(s) => REPLACE
+UNIQUE,TOMBSTONE vs. GROUP,ACTIVE with different ip(s) => REPLACE
+UNIQUE,TOMBSTONE vs. GROUP,TOMBSTONE with different ip(s) => REPLACE
+UNIQUE,ACTIVE vs. SGROUP,ACTIVE with same ip(s) => NOT REPLACE
+UNIQUE,ACTIVE vs. SGROUP,TOMBSTONE with same ip(s) => NOT REPLACE
+UNIQUE,RELEASED vs. SGROUP,ACTIVE with different ip(s) => REPLACE
+UNIQUE,RELEASED vs. SGROUP,TOMBSTONE with different ip(s) => REPLACE
+UNIQUE,TOMBSTONE vs. SGROUP,ACTIVE with different ip(s) => REPLACE
+UNIQUE,TOMBSTONE vs. SGROUP,TOMBSTONE with different ip(s) => REPLACE
+UNIQUE,ACTIVE vs. MHOMED,ACTIVE with different ip(s) => REPLACE
+UNIQUE,ACTIVE vs. MHOMED,TOMBSTONE with same ip(s) => NOT REPLACE
+UNIQUE,RELEASED vs. MHOMED,ACTIVE with different ip(s) => REPLACE
+UNIQUE,RELEASED vs. MHOMED,TOMBSTONE with different ip(s) => REPLACE
+UNIQUE,TOMBSTONE vs. MHOMED,ACTIVE with different ip(s) => REPLACE
+UNIQUE,TOMBSTONE vs. MHOMED,TOMBSTONE with different ip(s) => REPLACE
+*/
+static enum _R_ACTION replace_unique_replica_vs_X_replica(struct winsdb_record *r1, struct wrepl_name *r2)
+{
+	if (!R_IS_ACTIVE(r1)) {
+		/* REPLACE */
+		return R_DO_REPLACE;
+	}
+
+	if (!R_IS_SGROUP(r2) && R_IS_ACTIVE(r2)) {
+		/* REPLACE */
+		return R_DO_REPLACE;
+	}
+
+	/* NOT REPLACE */
+	return R_NOT_REPLACE;
+}
+
+/*
+GROUP,ACTIVE vs. UNIQUE,ACTIVE with same ip(s) => NOT REPLACE
+GROUP,ACTIVE vs. UNIQUE,TOMBSTONE with same ip(s) => NOT REPLACE
+GROUP,RELEASED vs. UNIQUE,ACTIVE with same ip(s) => NOT REPLACE
+GROUP,RELEASED vs. UNIQUE,TOMBSTONE with same ip(s) => NOT REPLACE
+GROUP,TOMBSTONE vs. UNIQUE,ACTIVE with same ip(s) => NOT REPLACE
+GROUP,TOMBSTONE vs. UNIQUE,TOMBSTONE with same ip(s) => NOT REPLACE
+GROUP,ACTIVE vs. GROUP,ACTIVE with same ip(s) => NOT REPLACE
+GROUP,ACTIVE vs. GROUP,TOMBSTONE with same ip(s) => NOT REPLACE
+GROUP,RELEASED vs. GROUP,ACTIVE with different ip(s) => REPLACE
+GROUP,RELEASED vs. GROUP,TOMBSTONE with different ip(s) => REPLACE
+GROUP,TOMBSTONE vs. GROUP,ACTIVE with different ip(s) => REPLACE
+GROUP,TOMBSTONE vs. GROUP,TOMBSTONE with different ip(s) => REPLACE
+GROUP,ACTIVE vs. SGROUP,ACTIVE with same ip(s) => NOT REPLACE
+GROUP,ACTIVE vs. SGROUP,TOMBSTONE with same ip(s) => NOT REPLACE
+GROUP,RELEASED vs. SGROUP,ACTIVE with different ip(s) => REPLACE
+GROUP,RELEASED vs. SGROUP,TOMBSTONE with same ip(s) => NOT REPLACE
+GROUP,TOMBSTONE vs. SGROUP,ACTIVE with different ip(s) => REPLACE
+GROUP,TOMBSTONE vs. SGROUP,TOMBSTONE with different ip(s) => REPLACE
+GROUP,ACTIVE vs. MHOMED,ACTIVE with same ip(s) => NOT REPLACE
+GROUP,ACTIVE vs. MHOMED,TOMBSTONE with same ip(s) => NOT REPLACE
+GROUP,RELEASED vs. MHOMED,ACTIVE with same ip(s) => NOT REPLACE
+GROUP,RELEASED vs. MHOMED,TOMBSTONE with same ip(s) => NOT REPLACE
+GROUP,TOMBSTONE vs. MHOMED,ACTIVE with different ip(s) => REPLACE
+GROUP,TOMBSTONE vs. MHOMED,TOMBSTONE with different ip(s) => REPLACE
+*/
+static enum _R_ACTION replace_group_replica_vs_X_replica(struct winsdb_record *r1, struct wrepl_name *r2)
+{
+	if (!R_IS_ACTIVE(r1) && R_IS_GROUP(r2)) {
+		/* REPLACE */
+		return R_DO_REPLACE;
+	}
+
+	if (R_IS_TOMBSTONE(r1) && !R_IS_UNIQUE(r2)) {
+		/* REPLACE */
+		return R_DO_REPLACE;
+	}
+
+	/* NOT REPLACE */
+	return R_NOT_REPLACE;
+}
+
+/*
+SGROUP,ACTIVE vs. UNIQUE,ACTIVE with same ip(s) => NOT REPLACE
+SGROUP,ACTIVE vs. UNIQUE,TOMBSTONE with same ip(s) => NOT REPLACE
+SGROUP,RELEASED vs. UNIQUE,ACTIVE with different ip(s) => REPLACE
+SGROUP,RELEASED vs. UNIQUE,TOMBSTONE with different ip(s) => REPLACE
+SGROUP,TOMBSTONE vs. UNIQUE,ACTIVE with different ip(s) => REPLACE
+SGROUP,TOMBSTONE vs. UNIQUE,TOMBSTONE with different ip(s) => REPLACE
+SGROUP,ACTIVE vs. GROUP,ACTIVE with same ip(s) => NOT REPLACE
+SGROUP,ACTIVE vs. GROUP,TOMBSTONE with same ip(s) => NOT REPLACE
+SGROUP,RELEASED vs. GROUP,ACTIVE with different ip(s) => REPLACE
+SGROUP,RELEASED vs. GROUP,TOMBSTONE with different ip(s) => REPLACE
+SGROUP,TOMBSTONE vs. GROUP,ACTIVE with different ip(s) => REPLACE
+SGROUP,TOMBSTONE vs. GROUP,TOMBSTONE with different ip(s) => REPLACE
+SGROUP,RELEASED vs. SGROUP,ACTIVE with different ip(s) => REPLACE
+SGROUP,RELEASED vs. SGROUP,TOMBSTONE with different ip(s) => REPLACE
+SGROUP,TOMBSTONE vs. SGROUP,ACTIVE with different ip(s) => REPLACE
+SGROUP,TOMBSTONE vs. SGROUP,TOMBSTONE with different ip(s) => REPLACE
+SGROUP,ACTIVE vs. MHOMED,ACTIVE with same ip(s) => NOT REPLACE
+SGROUP,ACTIVE vs. MHOMED,TOMBSTONE with same ip(s) => NOT REPLACE
+SGROUP,RELEASED vs. MHOMED,ACTIVE with different ip(s) => REPLACE
+SGROUP,RELEASED vs. MHOMED,TOMBSTONE with different ip(s) => REPLACE
+SGROUP,TOMBSTONE vs. MHOMED,ACTIVE with different ip(s) => REPLACE
+SGROUP,TOMBSTONE vs. MHOMED,TOMBSTONE with different ip(s) => REPLACE
+
+SGROUP,ACTIVE vs. SGROUP,ACTIVE A:A_3_4 vs. B:A_3_4 => NOT REPLACE
+SGROUP,ACTIVE vs. SGROUP,ACTIVE A:A_3_4 vs. B:NULL => NOT REPLACE
+SGROUP,ACTIVE vs. SGROUP,ACTIVE A:A_3_4_X_3_4 vs. B:A_3_4 => NOT REPLACE
+SGROUP,ACTIVE vs. SGROUP,ACTIVE A:B_3_4 vs. B:A_3_4 => REPLACE
+SGROUP,ACTIVE vs. SGROUP,ACTIVE A:A_3_4 vs. B:A_3_4_OWNER_B => REPLACE
+SGROUP,ACTIVE vs. SGROUP,ACTIVE A:A_3_4_OWNER_B vs. B:A_3_4 => REPLACE
+
+SGROUP,ACTIVE vs. SGROUP,ACTIVE A:A_3_4 vs. B:B_3_4 => C:A_3_4_B_3_4 => SGROUP_MERGE
+SGROUP,ACTIVE vs. SGROUP,ACTIVE A:B_3_4_X_3_4 vs. B:A_3_4 => B:A_3_4_X_3_4 => SGROUP_MERGE
+SGROUP,ACTIVE vs. SGROUP,ACTIVE A:X_3_4 vs. B:A_3_4 => C:A_3_4_X_3_4 => SGROUP_MERGE
+SGROUP,ACTIVE vs. SGROUP,ACTIVE A:A_3_4_X_3_4 vs. B:A_3_4_OWNER_B => B:A_3_4_OWNER_B_X_3_4 => SGROUP_MERGE
+SGROUP,ACTIVE vs. SGROUP,ACTIVE A:B_3_4_X_3_4 vs. B:B_3_4_X_1_2 => C:B_3_4_X_1_2_3_4 => SGROUP_MERGE
+SGROUP,ACTIVE vs. SGROUP,ACTIVE A:B_3_4_X_3_4 vs. B:NULL => B:X_3_4 => SGROUP_MERGE
+
+ 
+this is a bit strange, incoming tombstone replicas always replace old replicas:
+
+SGROUP,ACTIVE vs. SGROUP,TOMBSTONE A:B_3_4_X_3_4 vs. B:NULL => B:NULL => REPLACE
+SGROUP,ACTIVE vs. SGROUP,TOMBSTONE A:B_3_4_X_3_4 vs. B:A_3_4 => B:A_3_4 => REPLACE
+SGROUP,ACTIVE vs. SGROUP,TOMBSTONE A:B_3_4_X_3_4 vs. B:B_3_4 => B:B_3_4 => REPLACE
+SGROUP,ACTIVE vs. SGROUP,TOMBSTONE A:B_3_4_X_3_4 vs. B:B_3_4_X_3_4 => B:B_3_4_X_3_4 => REPLACE
+*/
+static enum _R_ACTION replace_sgroup_replica_vs_X_replica(struct winsdb_record *r1, struct wrepl_name *r2)
+{
+	if (!R_IS_ACTIVE(r1)) {
+		/* REPLACE */
+		return R_DO_REPLACE;
+	}
+
+	if (!R_IS_SGROUP(r2)) {
+		/* NOT REPLACE */
+		return R_NOT_REPLACE;
+	}
+
+	/*
+	 * this is strange, but correct
+	 * the incoming tombstone replace the current active
+	 * record
+	 */
+	if (!R_IS_ACTIVE(r2)) {
+		/* REPLACE */
+		return R_DO_REPLACE;
+	}
+
+	if (r2->num_addresses == 0) {
+		if (r_contains_addrs_from_owner(r1, r2->owner)) {
+			/* not handled here: MERGE */
+			return R_DO_SGROUP_MERGE;
+		}
+
+		/* NOT REPLACE */
+		return R_NOT_REPLACE;
+	}
+
+	if (r_1_is_superset_of_2_address_list(r1, r2, true)) {
+		/* NOT REPLACE */
+		return R_NOT_REPLACE;
+	}
+
+	if (r_1_is_same_as_2_address_list(r1, r2, false)) {
+		/* REPLACE */
+		return R_DO_REPLACE;
+	}
+
+	/* not handled here: MERGE */
+	return R_DO_SGROUP_MERGE;
+}
+
+/*
+MHOMED,ACTIVE vs. UNIQUE,ACTIVE with different ip(s) => REPLACE
+MHOMED,ACTIVE vs. UNIQUE,TOMBSTONE with same ip(s) => NOT REPLACE
+MHOMED,RELEASED vs. UNIQUE,ACTIVE with different ip(s) => REPLACE
+MHOMED,RELEASED vs. UNIQUE,TOMBSTONE with different ip(s) => REPLACE
+MHOMED,TOMBSTONE vs. UNIQUE,ACTIVE with different ip(s) => REPLACE
+MHOMED,TOMBSTONE vs. UNIQUE,TOMBSTONE with different ip(s) => REPLACE
+MHOMED,ACTIVE vs. GROUP,ACTIVE with different ip(s) => REPLACE
+MHOMED,ACTIVE vs. GROUP,TOMBSTONE with same ip(s) => NOT REPLACE
+MHOMED,RELEASED vs. GROUP,ACTIVE with different ip(s) => REPLACE
+MHOMED,RELEASED vs. GROUP,TOMBSTONE with different ip(s) => REPLACE
+MHOMED,TOMBSTONE vs. GROUP,ACTIVE with different ip(s) => REPLACE
+MHOMED,TOMBSTONE vs. GROUP,TOMBSTONE with different ip(s) => REPLACE
+MHOMED,ACTIVE vs. SGROUP,ACTIVE with same ip(s) => NOT REPLACE
+MHOMED,ACTIVE vs. SGROUP,TOMBSTONE with same ip(s) => NOT REPLACE
+MHOMED,RELEASED vs. SGROUP,ACTIVE with different ip(s) => REPLACE
+MHOMED,RELEASED vs. SGROUP,TOMBSTONE with different ip(s) => REPLACE
+MHOMED,TOMBSTONE vs. SGROUP,ACTIVE with different ip(s) => REPLACE
+MHOMED,TOMBSTONE vs. SGROUP,TOMBSTONE with different ip(s) => REPLACE
+MHOMED,ACTIVE vs. MHOMED,ACTIVE with different ip(s) => REPLACE
+MHOMED,ACTIVE vs. MHOMED,TOMBSTONE with same ip(s) => NOT REPLACE
+MHOMED,RELEASED vs. MHOMED,ACTIVE with different ip(s) => REPLACE
+MHOMED,RELEASED vs. MHOMED,TOMBSTONE with different ip(s) => REPLACE
+MHOMED,TOMBSTONE vs. MHOMED,ACTIVE with different ip(s) => REPLACE
+MHOMED,TOMBSTONE vs. MHOMED,TOMBSTONE with different ip(s) => REPLACE
+*/
+static enum _R_ACTION replace_mhomed_replica_vs_X_replica(struct winsdb_record *r1, struct wrepl_name *r2)
+{
+	if (!R_IS_ACTIVE(r1)) {
+		/* REPLACE */
+		return R_DO_REPLACE;
+	}
+
+	if (!R_IS_SGROUP(r2) && R_IS_ACTIVE(r2)) {
+		/* REPLACE */
+		return R_DO_REPLACE;
+	}
+
+	/* NOT REPLACE */
+	return R_NOT_REPLACE;
+}
+
+/*
+active:
+_UA_UA_SI_U<00> => REPLACE
+_UA_UA_DI_P<00> => NOT REPLACE
+_UA_UA_DI_O<00> => NOT REPLACE
+_UA_UA_DI_N<00> => REPLACE
+_UA_UT_SI_U<00> => NOT REPLACE
+_UA_UT_DI_U<00> => NOT REPLACE
+_UA_GA_SI_R<00> => REPLACE
+_UA_GA_DI_R<00> => REPLACE
+_UA_GT_SI_U<00> => NOT REPLACE
+_UA_GT_DI_U<00> => NOT REPLACE
+_UA_SA_SI_R<00> => REPLACE
+_UA_SA_DI_R<00> => REPLACE
+_UA_ST_SI_U<00> => NOT REPLACE
+_UA_ST_DI_U<00> => NOT REPLACE
+_UA_MA_SI_U<00> => REPLACE
+_UA_MA_SP_U<00> => REPLACE
+_UA_MA_DI_P<00> => NOT REPLACE
+_UA_MA_DI_O<00> => NOT REPLACE
+_UA_MA_DI_N<00> => REPLACE
+_UA_MT_SI_U<00> => NOT REPLACE
+_UA_MT_DI_U<00> => NOT REPLACE
+Test Replica vs. owned active: some more UNIQUE,MHOMED combinations
+_UA_UA_DI_A<00> => MHOMED_MERGE
+_UA_MA_DI_A<00> => MHOMED_MERGE
+
+released:
+_UR_UA_SI<00> => REPLACE
+_UR_UA_DI<00> => REPLACE
+_UR_UT_SI<00> => REPLACE
+_UR_UT_DI<00> => REPLACE
+_UR_GA_SI<00> => REPLACE
+_UR_GA_DI<00> => REPLACE
+_UR_GT_SI<00> => REPLACE
+_UR_GT_DI<00> => REPLACE
+_UR_SA_SI<00> => REPLACE
+_UR_SA_DI<00> => REPLACE
+_UR_ST_SI<00> => REPLACE
+_UR_ST_DI<00> => REPLACE
+_UR_MA_SI<00> => REPLACE
+_UR_MA_DI<00> => REPLACE
+_UR_MT_SI<00> => REPLACE
+_UR_MT_DI<00> => REPLACE
+*/
+static enum _R_ACTION replace_unique_owned_vs_X_replica(struct winsdb_record *r1, struct wrepl_name *r2)
+{
+	if (!R_IS_ACTIVE(r1)) {
+		/* REPLACE */
+		return R_DO_REPLACE;
+	}
+
+	if (!R_IS_ACTIVE(r2)) {
+		/* NOT REPLACE, and PROPAGATE */
+		return R_DO_PROPAGATE;
+	}
+
+	if (R_IS_GROUP(r2) || R_IS_SGROUP(r2)) {
+		/* REPLACE and send a release demand to the old name owner */
+		return R_DO_RELEASE_DEMAND;
+	}
+
+	/* 
+	 * here we only have unique,active,owned vs.
+	 * is unique,active,replica or mhomed,active,replica
+	 */
+
+	if (r_1_is_subset_of_2_address_list(r1, r2, false)) {
+		/* 
+		 * if r1 has a subset(or same) of the addresses of r2
+		 * <=>
+		 * if r2 has a superset(or same) of the addresses of r1
+		 *
+		 * then replace the record
+		 */
+		return R_DO_REPLACE;
+	}
+
+	/*
+	 * in any other case, we need to do
+	 * a name request to the old name holder
+	 * to see if it's still there...
+	 */
+	return R_DO_CHALLENGE;
+}
+
+/*
+active:
+_GA_UA_SI_U<00> => NOT REPLACE
+_GA_UA_DI_U<00> => NOT REPLACE
+_GA_UT_SI_U<00> => NOT REPLACE
+_GA_UT_DI_U<00> => NOT REPLACE
+_GA_GA_SI_U<00> => REPLACE
+_GA_GA_DI_U<00> => REPLACE
+_GA_GT_SI_U<00> => NOT REPLACE
+_GA_GT_DI_U<00> => NOT REPLACE
+_GA_SA_SI_U<00> => NOT REPLACE
+_GA_SA_DI_U<00> => NOT REPLACE
+_GA_ST_SI_U<00> => NOT REPLACE
+_GA_ST_DI_U<00> => NOT REPLACE
+_GA_MA_SI_U<00> => NOT REPLACE
+_GA_MA_DI_U<00> => NOT REPLACE
+_GA_MT_SI_U<00> => NOT REPLACE
+_GA_MT_DI_U<00> => NOT REPLACE
+
+released:
+_GR_UA_SI<00> => NOT REPLACE
+_GR_UA_DI<00> => NOT REPLACE
+_GR_UT_SI<00> => NOT REPLACE
+_GR_UT_DI<00> => NOT REPLACE
+_GR_GA_SI<00> => REPLACE
+_GR_GA_DI<00> => REPLACE
+_GR_GT_SI<00> => REPLACE
+_GR_GT_DI<00> => REPLACE
+_GR_SA_SI<00> => NOT REPLACE
+_GR_SA_DI<00> => NOT REPLACE
+_GR_ST_SI<00> => NOT REPLACE
+_GR_ST_DI<00> => NOT REPLACE
+_GR_MA_SI<00> => NOT REPLACE
+_GR_MA_DI<00> => NOT REPLACE
+_GR_MT_SI<00> => NOT REPLACE
+_GR_MT_DI<00> => NOT REPLACE
+*/
+static enum _R_ACTION replace_group_owned_vs_X_replica(struct winsdb_record *r1, struct wrepl_name *r2)
+{
+	if (R_IS_GROUP(r1) && R_IS_GROUP(r2)) {
+		if (!R_IS_ACTIVE(r1) || R_IS_ACTIVE(r2)) {
+			/* REPLACE */
+			return R_DO_REPLACE;
+		}
+	}
+
+	/* NOT REPLACE, but PROPAGATE */
+	return R_DO_PROPAGATE;
+}
+
+/*
+active (not sgroup vs. sgroup yet!):
+_SA_UA_SI_U<1c> => NOT REPLACE
+_SA_UA_DI_U<1c> => NOT REPLACE
+_SA_UT_SI_U<1c> => NOT REPLACE
+_SA_UT_DI_U<1c> => NOT REPLACE
+_SA_GA_SI_U<1c> => NOT REPLACE
+_SA_GA_DI_U<1c> => NOT REPLACE
+_SA_GT_SI_U<1c> => NOT REPLACE
+_SA_GT_DI_U<1c> => NOT REPLACE
+_SA_MA_SI_U<1c> => NOT REPLACE
+_SA_MA_DI_U<1c> => NOT REPLACE
+_SA_MT_SI_U<1c> => NOT REPLACE
+_SA_MT_DI_U<1c> => NOT REPLACE
+
+Test Replica vs. owned active: SGROUP vs. SGROUP tests
+_SA_SA_DI_U<1c> => SGROUP_MERGE
+_SA_SA_SI_U<1c> => SGROUP_MERGE
+_SA_SA_SP_U<1c> => SGROUP_MERGE
+_SA_SA_SB_U<1c> => SGROUP_MERGE
+_SA_ST_DI_U<1c> => NOT REPLACE
+_SA_ST_SI_U<1c> => NOT REPLACE
+_SA_ST_SP_U<1c> => NOT REPLACE
+_SA_ST_SB_U<1c> => NOT REPLACE
+
+SGROUP,ACTIVE vs. SGROUP,* is not handled here!
+
+released:
+_SR_UA_SI<1c> => REPLACE
+_SR_UA_DI<1c> => REPLACE
+_SR_UT_SI<1c> => REPLACE
+_SR_UT_DI<1c> => REPLACE
+_SR_GA_SI<1c> => REPLACE
+_SR_GA_DI<1c> => REPLACE
+_SR_GT_SI<1c> => REPLACE
+_SR_GT_DI<1c> => REPLACE
+_SR_SA_SI<1c> => REPLACE
+_SR_SA_DI<1c> => REPLACE
+_SR_ST_SI<1c> => REPLACE
+_SR_ST_DI<1c> => REPLACE
+_SR_MA_SI<1c> => REPLACE
+_SR_MA_DI<1c> => REPLACE
+_SR_MT_SI<1c> => REPLACE
+_SR_MT_DI<1c> => REPLACE
+*/
+static enum _R_ACTION replace_sgroup_owned_vs_X_replica(struct winsdb_record *r1, struct wrepl_name *r2)
+{
+	if (!R_IS_ACTIVE(r1)) {
+		/* REPLACE */
+		return R_DO_REPLACE;
+	}
+
+	if (!R_IS_SGROUP(r2) || !R_IS_ACTIVE(r2)) {
+		/* NOT REPLACE, but PROPAGATE */
+		return R_DO_PROPAGATE;
+	}
+
+	if (r_1_is_same_as_2_address_list(r1, r2, true)) {
+		/*
+		 * as we're the old owner and the addresses and their
+		 * owners are identical
+		 */
+		return R_NOT_REPLACE;
+	}
+
+	/* not handled here: MERGE */
+	return R_DO_SGROUP_MERGE;
+}
+
+/*
+active:
+_MA_UA_SI_U<00> => REPLACE
+_MA_UA_DI_P<00> => NOT REPLACE
+_MA_UA_DI_O<00> => NOT REPLACE
+_MA_UA_DI_N<00> => REPLACE
+_MA_UT_SI_U<00> => NOT REPLACE
+_MA_UT_DI_U<00> => NOT REPLACE
+_MA_GA_SI_R<00> => REPLACE
+_MA_GA_DI_R<00> => REPLACE
+_MA_GT_SI_U<00> => NOT REPLACE
+_MA_GT_DI_U<00> => NOT REPLACE
+_MA_SA_SI_R<00> => REPLACE
+_MA_SA_DI_R<00> => REPLACE
+_MA_ST_SI_U<00> => NOT REPLACE
+_MA_ST_DI_U<00> => NOT REPLACE
+_MA_MA_SI_U<00> => REPLACE
+_MA_MA_SP_U<00> => REPLACE
+_MA_MA_DI_P<00> => NOT REPLACE
+_MA_MA_DI_O<00> => NOT REPLACE
+_MA_MA_DI_N<00> => REPLACE
+_MA_MT_SI_U<00> => NOT REPLACE
+_MA_MT_DI_U<00> => NOT REPLACE
+Test Replica vs. owned active: some more MHOMED combinations
+_MA_MA_SP_U<00> => REPLACE
+_MA_MA_SM_U<00> => REPLACE
+_MA_MA_SB_P<00> => MHOMED_MERGE
+_MA_MA_SB_A<00> => MHOMED_MERGE
+_MA_MA_SB_PRA<00> => NOT REPLACE
+_MA_MA_SB_O<00> => NOT REPLACE
+_MA_MA_SB_N<00> => REPLACE
+Test Replica vs. owned active: some more UNIQUE,MHOMED combinations
+_MA_UA_SB_P<00> => MHOMED_MERGE
+
+released:
+_MR_UA_SI<00> => REPLACE
+_MR_UA_DI<00> => REPLACE
+_MR_UT_SI<00> => REPLACE
+_MR_UT_DI<00> => REPLACE
+_MR_GA_SI<00> => REPLACE
+_MR_GA_DI<00> => REPLACE
+_MR_GT_SI<00> => REPLACE
+_MR_GT_DI<00> => REPLACE
+_MR_SA_SI<00> => REPLACE
+_MR_SA_DI<00> => REPLACE
+_MR_ST_SI<00> => REPLACE
+_MR_ST_DI<00> => REPLACE
+_MR_MA_SI<00> => REPLACE
+_MR_MA_DI<00> => REPLACE
+_MR_MT_SI<00> => REPLACE
+_MR_MT_DI<00> => REPLACE
+*/
+static enum _R_ACTION replace_mhomed_owned_vs_X_replica(struct winsdb_record *r1, struct wrepl_name *r2)
+{
+	if (!R_IS_ACTIVE(r1)) {
+		/* REPLACE */
+		return R_DO_REPLACE;
+	}
+
+	if (!R_IS_ACTIVE(r2)) {
+		/* NOT REPLACE, but PROPAGATE */
+		return R_DO_PROPAGATE;
+	}
+
+	if (R_IS_GROUP(r2) || R_IS_SGROUP(r2)) {
+		/* REPLACE and send a release demand to the old name owner */
+		return R_DO_RELEASE_DEMAND;
+	}
+
+	/* 
+	 * here we only have mhomed,active,owned vs.
+	 * is unique,active,replica or mhomed,active,replica
+	 */
+
+	if (r_1_is_subset_of_2_address_list(r1, r2, false)) {
+		/* 
+		 * if r1 has a subset(or same) of the addresses of r2
+		 * <=>
+		 * if r2 has a superset(or same) of the addresses of r1
+		 *
+		 * then replace the record
+		 */
+		return R_DO_REPLACE;
+	}
+
+	/*
+	 * in any other case, we need to do
+	 * a name request to the old name holder
+	 * to see if it's still there...
+	 */
+	return R_DO_CHALLENGE;
+}
+
+static NTSTATUS r_do_add(struct wreplsrv_partner *partner,
+			 TALLOC_CTX *mem_ctx,
+			 struct wrepl_wins_owner *owner,
+			 struct wrepl_name *replica)
+{
+	struct winsdb_record *rec;
+	uint32_t i;
+	uint8_t ret;
+
+	rec = talloc(mem_ctx, struct winsdb_record);
+	NT_STATUS_HAVE_NO_MEMORY(rec);
+
+	rec->name	= &replica->name;
+	rec->type	= replica->type;
+	rec->state	= replica->state;
+	rec->node	= replica->node;
+	rec->is_static	= replica->is_static;
+	rec->expire_time= time(NULL) + partner->service->config.verify_interval;
+	rec->version	= replica->version_id;
+	rec->wins_owner	= replica->owner;
+	rec->addresses	= winsdb_addr_list_make(rec);
+	NT_STATUS_HAVE_NO_MEMORY(rec->addresses);
+	rec->registered_by = NULL;
+
+	for (i=0; i < replica->num_addresses; i++) {
+		/* TODO: find out if rec->expire_time is correct here */
+		rec->addresses = winsdb_addr_list_add(partner->service->wins_db,
+						      rec, rec->addresses,
+						      replica->addresses[i].address,
+						      replica->addresses[i].owner,
+						      rec->expire_time,
+						      false);
+		NT_STATUS_HAVE_NO_MEMORY(rec->addresses);
+	}
+
+	ret = winsdb_add(partner->service->wins_db, rec, 0);
+	if (ret != NBT_RCODE_OK) {
+		DEBUG(0,("Failed to add record %s: %u\n",
+			nbt_name_string(mem_ctx, &replica->name), ret));
+		return NT_STATUS_FOOBAR;
+	}
+
+	DEBUG(4,("added record %s\n",
+		nbt_name_string(mem_ctx, &replica->name)));
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS r_do_replace(struct wreplsrv_partner *partner,
+			     TALLOC_CTX *mem_ctx,
+			     struct winsdb_record *rec,
+			     struct wrepl_wins_owner *owner,
+			     struct wrepl_name *replica)
+{
+	uint32_t i;
+	uint8_t ret;
+
+	rec->name	= &replica->name;
+	rec->type	= replica->type;
+	rec->state	= replica->state;
+	rec->node	= replica->node;
+	rec->is_static	= replica->is_static;
+	rec->expire_time= time(NULL) + partner->service->config.verify_interval;
+	rec->version	= replica->version_id;
+	rec->wins_owner	= replica->owner;
+	rec->addresses	= winsdb_addr_list_make(rec);
+	NT_STATUS_HAVE_NO_MEMORY(rec->addresses);
+	rec->registered_by = NULL;
+
+	for (i=0; i < replica->num_addresses; i++) {
+		/* TODO: find out if rec->expire_time is correct here */
+		rec->addresses = winsdb_addr_list_add(partner->service->wins_db,
+						      rec, rec->addresses,
+						      replica->addresses[i].address,
+						      replica->addresses[i].owner,
+						      rec->expire_time,
+						      false);
+		NT_STATUS_HAVE_NO_MEMORY(rec->addresses);
+	}
+
+	ret = winsdb_modify(partner->service->wins_db, rec, 0);
+	if (ret != NBT_RCODE_OK) {
+		DEBUG(0,("Failed to replace record %s: %u\n",
+			nbt_name_string(mem_ctx, &replica->name), ret));
+		return NT_STATUS_FOOBAR;
+	}
+
+	DEBUG(4,("replaced record %s\n",
+		nbt_name_string(mem_ctx, &replica->name)));
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS r_not_replace(struct wreplsrv_partner *partner,
+			      TALLOC_CTX *mem_ctx,
+			      struct winsdb_record *rec,
+			      struct wrepl_wins_owner *owner,
+			      struct wrepl_name *replica)
+{
+	DEBUG(4,("not replace record %s\n",
+		 nbt_name_string(mem_ctx, &replica->name)));
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS r_do_propagate(struct wreplsrv_partner *partner,
+			       TALLOC_CTX *mem_ctx,
+			       struct winsdb_record *rec,
+			       struct wrepl_wins_owner *owner,
+			       struct wrepl_name *replica)
+{
+	uint8_t ret;
+	uint32_t modify_flags;
+
+	/*
+	 * allocate a new version id for the record to that it'll be replicated
+	 */
+	modify_flags	= WINSDB_FLAG_ALLOC_VERSION | WINSDB_FLAG_TAKE_OWNERSHIP;
+
+	ret = winsdb_modify(partner->service->wins_db, rec, modify_flags);
+	if (ret != NBT_RCODE_OK) {
+		DEBUG(0,("Failed to replace record %s: %u\n",
+			nbt_name_string(mem_ctx, &replica->name), ret));
+		return NT_STATUS_FOOBAR;
+	}
+
+	DEBUG(4,("propagated record %s\n",
+		 nbt_name_string(mem_ctx, &replica->name)));
+
+	return NT_STATUS_OK;
+}
+
+/* 
+Test Replica vs. owned active: some more MHOMED combinations
+_MA_MA_SP_U<00>: C:MHOMED vs. B:ALL => B:ALL => REPLACE
+_MA_MA_SM_U<00>: C:MHOMED vs. B:MHOMED => B:MHOMED => REPLACE
+_MA_MA_SB_P<00>: C:MHOMED vs. B:BEST (C:MHOMED) => B:MHOMED => MHOMED_MERGE
+_MA_MA_SB_A<00>: C:MHOMED vs. B:BEST (C:ALL) => B:MHOMED => MHOMED_MERGE
+_MA_MA_SB_PRA<00>: C:MHOMED vs. B:BEST (C:BEST) => C:MHOMED => NOT REPLACE
+_MA_MA_SB_O<00>: C:MHOMED vs. B:BEST (B:B_3_4) =>C:MHOMED => NOT REPLACE
+_MA_MA_SB_N<00>: C:MHOMED vs. B:BEST (NEGATIVE) => B:BEST => REPLACE
+Test Replica vs. owned active: some more UNIQUE,MHOMED combinations
+_MA_UA_SB_P<00>: C:MHOMED vs. B:UNIQUE,BEST (C:MHOMED) => B:MHOMED => MHOMED_MERGE
+_UA_UA_DI_PRA<00>: C:BEST vs. B:BEST2 (C:BEST2,LR:BEST2) => C:BEST => NOT REPLACE
+_UA_UA_DI_A<00>: C:BEST vs. B:BEST2 (C:ALL) => B:MHOMED => MHOMED_MERGE
+_UA_MA_DI_A<00>: C:BEST vs. B:BEST2 (C:ALL) => B:MHOMED => MHOMED_MERGE
+*/
+static NTSTATUS r_do_mhomed_merge(struct wreplsrv_partner *partner,
+				  TALLOC_CTX *mem_ctx,
+				  struct winsdb_record *rec,
+				  struct wrepl_wins_owner *owner,
+				  struct wrepl_name *replica)
+{
+	struct winsdb_record *merge;
+	uint32_t i,j;
+	uint8_t ret;
+	size_t len;
+
+	merge = talloc(mem_ctx, struct winsdb_record);
+	NT_STATUS_HAVE_NO_MEMORY(merge);
+
+	merge->name		= &replica->name;
+	merge->type		= WREPL_TYPE_MHOMED;
+	merge->state		= replica->state;
+	merge->node		= replica->node;
+	merge->is_static	= replica->is_static;
+	merge->expire_time	= time(NULL) + partner->service->config.verify_interval;
+	merge->version		= replica->version_id;
+	merge->wins_owner	= replica->owner;
+	merge->addresses	= winsdb_addr_list_make(merge);
+	NT_STATUS_HAVE_NO_MEMORY(merge->addresses);
+	merge->registered_by = NULL;
+
+	for (i=0; i < replica->num_addresses; i++) {
+		merge->addresses = winsdb_addr_list_add(partner->service->wins_db,
+							merge, merge->addresses,
+							replica->addresses[i].address,
+							replica->addresses[i].owner,
+							merge->expire_time,
+							false);
+		NT_STATUS_HAVE_NO_MEMORY(merge->addresses);
+	}
+
+	len = winsdb_addr_list_length(rec->addresses);
+
+	for (i=0; i < len; i++) {
+		bool found = false;
+		for (j=0; j < replica->num_addresses; j++) {
+			if (strcmp(replica->addresses[j].address, rec->addresses[i]->address) == 0) {
+				found = true;
+				break;
+			}
+		}
+		if (found) continue;
+
+		merge->addresses = winsdb_addr_list_add(partner->service->wins_db,
+							merge, merge->addresses,
+							rec->addresses[i]->address,
+							rec->addresses[i]->wins_owner,
+							rec->addresses[i]->expire_time,
+							false);
+		NT_STATUS_HAVE_NO_MEMORY(merge->addresses);
+	}
+
+	ret = winsdb_modify(partner->service->wins_db, merge, 0);
+	if (ret != NBT_RCODE_OK) {
+		DEBUG(0,("Failed to modify mhomed merge record %s: %u\n",
+			nbt_name_string(mem_ctx, &replica->name), ret));
+		return NT_STATUS_FOOBAR;
+	}
+
+	DEBUG(4,("mhomed merge record %s\n",
+		nbt_name_string(mem_ctx, &replica->name)));
+
+	return NT_STATUS_OK;
+}
+
+struct r_do_challenge_state {
+	struct dcerpc_binding_handle *irpc_handle;
+	struct wreplsrv_partner *partner;
+	struct winsdb_record *rec;
+	struct wrepl_wins_owner owner;
+	struct wrepl_name replica;
+	struct nbtd_proxy_wins_challenge r;
+	struct nbtd_proxy_wins_release_demand dr;
+};
+
+static void r_do_late_release_demand_handler(struct tevent_req *subreq)
+{
+	NTSTATUS status;
+	struct r_do_challenge_state *state =
+		tevent_req_callback_data(subreq,
+		struct r_do_challenge_state);
+
+	status = dcerpc_nbtd_proxy_wins_release_demand_r_recv(subreq, state);
+	TALLOC_FREE(subreq);
+
+	/* don't care about the result */
+	(void)status;
+	talloc_free(state);
+}
+
+static NTSTATUS r_do_late_release_demand(struct r_do_challenge_state *state)
+{
+	struct tevent_req *subreq;
+	uint32_t i;
+
+	DEBUG(4,("late release demand record %s\n",
+		 nbt_name_string(state, &state->replica.name)));
+
+	state->dr.in.name	= state->replica.name;
+	state->dr.in.num_addrs	= state->r.out.num_addrs;
+	state->dr.in.addrs	= talloc_array(state,
+					       struct nbtd_proxy_wins_addr,
+					       state->dr.in.num_addrs);
+	NT_STATUS_HAVE_NO_MEMORY(state->dr.in.addrs);
+	/* TODO: fix pidl to handle inline ipv4address arrays */
+	for (i=0; i < state->dr.in.num_addrs; i++) {
+		state->dr.in.addrs[i].addr = state->r.out.addrs[i].addr;
+	}
+
+	subreq = dcerpc_nbtd_proxy_wins_release_demand_r_send(state,
+			state->partner->service->task->event_ctx,
+			state->irpc_handle,
+			&state->dr);
+	NT_STATUS_HAVE_NO_MEMORY(subreq);
+
+	tevent_req_set_callback(subreq, r_do_late_release_demand_handler, state);
+
+	return NT_STATUS_OK;
+}
+
+/* 
+Test Replica vs. owned active: some more MHOMED combinations
+_MA_MA_SP_U<00>: C:MHOMED vs. B:ALL => B:ALL => REPLACE
+_MA_MA_SM_U<00>: C:MHOMED vs. B:MHOMED => B:MHOMED => REPLACE
+_MA_MA_SB_P<00>: C:MHOMED vs. B:BEST (C:MHOMED) => B:MHOMED => MHOMED_MERGE
+_MA_MA_SB_A<00>: C:MHOMED vs. B:BEST (C:ALL) => B:MHOMED => MHOMED_MERGE
+_MA_MA_SB_PRA<00>: C:MHOMED vs. B:BEST (C:BEST) => C:MHOMED => NOT REPLACE
+_MA_MA_SB_O<00>: C:MHOMED vs. B:BEST (B:B_3_4) =>C:MHOMED => NOT REPLACE
+_MA_MA_SB_N<00>: C:MHOMED vs. B:BEST (NEGATIVE) => B:BEST => REPLACE
+Test Replica vs. owned active: some more UNIQUE,MHOMED combinations
+_MA_UA_SB_P<00>: C:MHOMED vs. B:UNIQUE,BEST (C:MHOMED) => B:MHOMED => MHOMED_MERGE
+_UA_UA_DI_PRA<00>: C:BEST vs. B:BEST2 (C:BEST2,LR:BEST2) => C:BEST => NOT REPLACE
+_UA_UA_DI_A<00>: C:BEST vs. B:BEST2 (C:ALL) => B:MHOMED => MHOMED_MERGE
+_UA_MA_DI_A<00>: C:BEST vs. B:BEST2 (C:ALL) => B:MHOMED => MHOMED_MERGE
+*/
+static void r_do_challenge_handler(struct tevent_req *subreq)
+{
+	NTSTATUS status;
+	struct r_do_challenge_state *state =
+		tevent_req_callback_data(subreq,
+		struct r_do_challenge_state);
+	bool old_is_subset = false;
+	bool new_is_subset = false;
+	bool found = false;
+	uint32_t i,j;
+	uint32_t num_rec_addrs;
+
+	status = dcerpc_nbtd_proxy_wins_challenge_r_recv(subreq, state);
+	TALLOC_FREE(subreq);
+
+	DEBUG(4,("r_do_challenge_handler: %s: %s\n", 
+		 nbt_name_string(state, &state->replica.name), nt_errstr(status)));
+
+	if (NT_STATUS_EQUAL(NT_STATUS_IO_TIMEOUT, status) ||
+	    NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_NOT_FOUND, status)) {
+		r_do_replace(state->partner, state, state->rec, &state->owner, &state->replica);
+		talloc_free(state);
+		return;
+	}
+
+	for (i=0; i < state->replica.num_addresses; i++) {
+		found = false;
+		new_is_subset = true;
+		for (j=0; j < state->r.out.num_addrs; j++) {
+			if (strcmp(state->replica.addresses[i].address, state->r.out.addrs[j].addr) == 0) {
+				found = true;
+				break;
+			}
+		}
+		if (found) continue;
+
+		new_is_subset = false;
+		break;
+	}
+
+	if (!new_is_subset) {
+		r_not_replace(state->partner, state, state->rec, &state->owner, &state->replica);
+		talloc_free(state);
+		return;
+	}
+
+	num_rec_addrs = winsdb_addr_list_length(state->rec->addresses);
+	for (i=0; i < num_rec_addrs; i++) {
+		found = false;
+		old_is_subset = true;
+		for (j=0; j < state->r.out.num_addrs; j++) {
+			if (strcmp(state->rec->addresses[i]->address, state->r.out.addrs[j].addr) == 0) {
+				found = true;
+				break;
+			}
+		}
+		if (found) continue;
+
+		old_is_subset = false;
+		break;
+	}
+
+	if (!old_is_subset) {
+		status = r_do_late_release_demand(state);
+		/* 
+		 * only free state on error, because we pass it down,
+		 * and r_do_late_release_demand() will free it
+		 */
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(state);
+		}
+		return;
+	}
+
+	r_do_mhomed_merge(state->partner, state, state->rec, &state->owner, &state->replica);
+	talloc_free(state);
+}
+
+static NTSTATUS r_do_challenge(struct wreplsrv_partner *partner,
+			       TALLOC_CTX *mem_ctx,
+			       struct winsdb_record *rec,
+			       struct wrepl_wins_owner *owner,
+			       struct wrepl_name *replica)
+{
+	struct r_do_challenge_state *state;
+	struct tevent_req *subreq;
+	const char **addrs;
+	uint32_t i;
+
+	DEBUG(4,("challenge record %s\n",
+		 nbt_name_string(mem_ctx, &replica->name)));
+
+	state = talloc_zero(mem_ctx, struct r_do_challenge_state);
+	NT_STATUS_HAVE_NO_MEMORY(state);
+	state->partner	= partner;
+	state->rec	= talloc_steal(state, rec);
+	state->owner	= *owner;
+	state->replica	= *replica;
+	/* some stuff to have valid memory pointers in the async complete function */
+	state->replica.name = *state->rec->name;
+	talloc_steal(state, replica->owner);
+	talloc_steal(state, replica->addresses);
+
+	state->irpc_handle = irpc_binding_handle_by_name(state,
+							 partner->service->task->msg_ctx,
+							 "nbt_server",
+							 &ndr_table_irpc);
+	if (state->irpc_handle == NULL) {
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	state->r.in.name	= *rec->name;
+	state->r.in.num_addrs	= winsdb_addr_list_length(rec->addresses);
+	state->r.in.addrs	= talloc_array(state, struct nbtd_proxy_wins_addr, state->r.in.num_addrs);
+	NT_STATUS_HAVE_NO_MEMORY(state->r.in.addrs);
+	/* TODO: fix pidl to handle inline ipv4address arrays */
+	addrs			= winsdb_addr_string_list(state->r.in.addrs, rec->addresses);
+	NT_STATUS_HAVE_NO_MEMORY(addrs);
+	for (i=0; i < state->r.in.num_addrs; i++) {
+		state->r.in.addrs[i].addr = addrs[i];
+	}
+
+	subreq = dcerpc_nbtd_proxy_wins_challenge_r_send(state,
+			state->partner->service->task->event_ctx,
+			state->irpc_handle,
+			&state->r);
+	NT_STATUS_HAVE_NO_MEMORY(subreq);
+
+	tevent_req_set_callback(subreq, r_do_challenge_handler, state);
+
+	talloc_steal(partner, state);
+	return NT_STATUS_OK;
+}
+
+struct r_do_release_demand_state {
+	struct nbtd_proxy_wins_release_demand r;
+};
+
+static void r_do_release_demand_handler(struct tevent_req *subreq)
+{
+	NTSTATUS status;
+	struct r_do_release_demand_state *state =
+		tevent_req_callback_data(subreq,
+		struct r_do_release_demand_state);
+
+	status = dcerpc_nbtd_proxy_wins_release_demand_r_recv(subreq, state);
+	TALLOC_FREE(subreq);
+
+	/* don't care about the result */
+	(void)status;
+	talloc_free(state);
+}
+
+static NTSTATUS r_do_release_demand(struct wreplsrv_partner *partner,
+				    TALLOC_CTX *mem_ctx,
+				    struct winsdb_record *rec,
+				    struct wrepl_wins_owner *owner,
+				    struct wrepl_name *replica)
+{
+	NTSTATUS status;
+	struct dcerpc_binding_handle *irpc_handle;
+	const char **addrs;
+	struct winsdb_addr **addresses;
+	struct r_do_release_demand_state *state;
+	struct tevent_req *subreq;
+	uint32_t i;
+
+	/*
+	 * we need to get a reference to the old addresses,
+	 * as we need to send a release demand to them after replacing the record
+	 * and r_do_replace() will modify rec->addresses
+	 */
+	addresses = rec->addresses;
+
+	status = r_do_replace(partner, mem_ctx, rec, owner, replica);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	DEBUG(4,("release demand record %s\n",
+		 nbt_name_string(mem_ctx, &replica->name)));
+
+	state = talloc_zero(mem_ctx, struct r_do_release_demand_state);
+	NT_STATUS_HAVE_NO_MEMORY(state);
+
+	irpc_handle = irpc_binding_handle_by_name(state,
+						  partner->service->task->msg_ctx,
+						  "nbt_server",
+						  &ndr_table_irpc);
+	if (irpc_handle == NULL) {
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	state->r.in.name	= *rec->name;
+	state->r.in.num_addrs	= winsdb_addr_list_length(addresses);
+	state->r.in.addrs	= talloc_array(state, struct nbtd_proxy_wins_addr,
+					       state->r.in.num_addrs);
+	NT_STATUS_HAVE_NO_MEMORY(state->r.in.addrs);
+	/* TODO: fix pidl to handle inline ipv4address arrays */
+	addrs			= winsdb_addr_string_list(state->r.in.addrs, addresses);
+	NT_STATUS_HAVE_NO_MEMORY(addrs);
+	for (i=0; i < state->r.in.num_addrs; i++) {
+		state->r.in.addrs[i].addr = addrs[i];
+	}
+
+	subreq = dcerpc_nbtd_proxy_wins_release_demand_r_send(state,
+			partner->service->task->event_ctx,
+			irpc_handle,
+			&state->r);
+	NT_STATUS_HAVE_NO_MEMORY(subreq);
+
+	tevent_req_set_callback(subreq, r_do_release_demand_handler, state);
+
+	talloc_steal(partner, state);
+	return NT_STATUS_OK;
+}
+
+/*
+SGROUP,ACTIVE vs. SGROUP,ACTIVE A:A_3_4 vs. B:A_3_4 => NOT REPLACE
+SGROUP,ACTIVE vs. SGROUP,ACTIVE A:A_3_4 vs. B:NULL => NOT REPLACE
+SGROUP,ACTIVE vs. SGROUP,ACTIVE A:A_3_4_X_3_4 vs. B:A_3_4 => NOT REPLACE
+SGROUP,ACTIVE vs. SGROUP,ACTIVE A:B_3_4 vs. B:A_3_4 => REPLACE
+SGROUP,ACTIVE vs. SGROUP,ACTIVE A:A_3_4 vs. B:A_3_4_OWNER_B => REPLACE
+SGROUP,ACTIVE vs. SGROUP,ACTIVE A:A_3_4_OWNER_B vs. B:A_3_4 => REPLACE
+
+SGROUP,ACTIVE vs. SGROUP,ACTIVE A:A_3_4 vs. B:B_3_4 => C:A_3_4_B_3_4 => SGROUP_MERGE
+SGROUP,ACTIVE vs. SGROUP,ACTIVE A:B_3_4_X_3_4 vs. B:A_3_4 => B:A_3_4_X_3_4 => SGROUP_MERGE
+SGROUP,ACTIVE vs. SGROUP,ACTIVE A:X_3_4 vs. B:A_3_4 => C:A_3_4_X_3_4 => SGROUP_MERGE
+SGROUP,ACTIVE vs. SGROUP,ACTIVE A:A_3_4_X_3_4 vs. B:A_3_4_OWNER_B => B:A_3_4_OWNER_B_X_3_4 => SGROUP_MERGE
+SGROUP,ACTIVE vs. SGROUP,ACTIVE A:B_3_4_X_3_4 vs. B:B_3_4_X_1_2 => C:B_3_4_X_1_2_3_4 => SGROUP_MERGE
+SGROUP,ACTIVE vs. SGROUP,ACTIVE A:B_3_4_X_3_4 vs. B:NULL => B:X_3_4 => SGROUP_MERGE
+
+Test Replica vs. owned active: SGROUP vs. SGROUP tests
+_SA_SA_DI_U<1c> => SGROUP_MERGE
+_SA_SA_SI_U<1c> => SGROUP_MERGE
+_SA_SA_SP_U<1c> => SGROUP_MERGE
+_SA_SA_SB_U<1c> => SGROUP_MERGE
+*/
+static NTSTATUS r_do_sgroup_merge(struct wreplsrv_partner *partner,
+				  TALLOC_CTX *mem_ctx,
+				  struct winsdb_record *rec,
+				  struct wrepl_wins_owner *owner,
+				  struct wrepl_name *replica)
+{
+	struct winsdb_record *merge;
+	uint32_t modify_flags = 0;
+	uint32_t i,j;
+	uint8_t ret;
+	size_t len;
+	bool changed_old_addrs = false;
+	bool skip_replica_owned_by_us = false;
+	bool become_owner = true;
+	bool propagate = lpcfg_parm_bool(partner->service->task->lp_ctx, NULL, "wreplsrv", "propagate name releases", false);
+	const char *local_owner = partner->service->wins_db->local_owner;
+
+	merge = talloc(mem_ctx, struct winsdb_record);
+	NT_STATUS_HAVE_NO_MEMORY(merge);
+
+	merge->name		= &replica->name;
+	merge->type		= replica->type;
+	merge->state		= replica->state;
+	merge->node		= replica->node;
+	merge->is_static	= replica->is_static;
+	merge->expire_time	= time(NULL) + partner->service->config.verify_interval;
+	merge->version		= replica->version_id;
+	merge->wins_owner	= replica->owner;
+	merge->addresses	= winsdb_addr_list_make(merge);
+	NT_STATUS_HAVE_NO_MEMORY(merge->addresses);
+	merge->registered_by = NULL;
+
+	len = winsdb_addr_list_length(rec->addresses);
+
+	for (i=0; i < len; i++) {
+		bool found = false;
+
+		for (j=0; j < replica->num_addresses; j++) {
+			if (strcmp(rec->addresses[i]->address, replica->addresses[j].address) != 0) {
+				continue;
+			}
+
+			found = true;
+
+			if (strcmp(rec->addresses[i]->wins_owner, replica->addresses[j].owner) != 0) {
+				changed_old_addrs = true;
+				break;
+			}
+			break;
+		}
+
+		/* 
+		 * if the address isn't in the replica and is owned by replicas owner,
+		 * it won't be added to the merged record
+		 */
+		if (!found && strcmp(rec->addresses[i]->wins_owner, owner->address) == 0) {
+			changed_old_addrs = true;
+			continue;
+		}
+
+		/*
+		 * add the address to the merge result, with the old owner and expire_time,
+		 * the owner and expire_time will be overwritten later if the address is
+		 * in the replica too
+		 */
+		merge->addresses = winsdb_addr_list_add(partner->service->wins_db,
+							merge, merge->addresses,
+							rec->addresses[i]->address,
+							rec->addresses[i]->wins_owner,
+							rec->addresses[i]->expire_time,
+							false);
+		NT_STATUS_HAVE_NO_MEMORY(merge->addresses);
+	}
+
+	for (i=0; i < replica->num_addresses; i++) {
+		if (propagate &&
+		    strcmp(replica->addresses[i].owner, local_owner) == 0) {
+			const struct winsdb_addr *a;
+
+			/*
+			 * NOTE: this is different to the windows behavior
+			 *       and off by default, but it better propagated
+			 *       name releases
+			 */
+			a = winsdb_addr_list_check(merge->addresses,
+						   replica->addresses[i].address);
+			if (!a) {
+				/* don't add addresses owned by us */
+				skip_replica_owned_by_us = true;
+			}
+			continue;
+		}
+		merge->addresses = winsdb_addr_list_add(partner->service->wins_db,
+							merge, merge->addresses,
+							replica->addresses[i].address,
+							replica->addresses[i].owner,
+							merge->expire_time,
+							false);
+		NT_STATUS_HAVE_NO_MEMORY(merge->addresses);
+	}
+
+	/* we the old addresses change changed we don't become the owner */
+	if (changed_old_addrs) {
+		become_owner = false;
+	}
+
+	/*
+	 * when we notice another server believes an address
+	 * is owned by us and that's not the case
+	 * we propagate the result
+	 */
+	if (skip_replica_owned_by_us) {
+		become_owner = true;
+	}
+
+	/* if we're the owner of the old record, we'll be the owner of the new one too */
+	if (strcmp(rec->wins_owner, local_owner)==0) {
+		become_owner = true;
+	}
+
+	/*
+	 * if the result has no addresses we take the ownership
+	 */
+	len = winsdb_addr_list_length(merge->addresses);
+	if (len == 0) {
+		become_owner = true;
+	}
+
+	/* 
+	 * if addresses of the old record will be changed the replica owner
+	 * will be owner of the merge result, otherwise we take the ownership
+	 */
+	if (become_owner) {
+		time_t lh = 0;
+
+		modify_flags = WINSDB_FLAG_ALLOC_VERSION | WINSDB_FLAG_TAKE_OWNERSHIP;
+
+		/*
+		 * if we're the owner, the expire time becomes the highest
+		 * expire time of owned addresses
+		 */
+		len = winsdb_addr_list_length(merge->addresses);
+
+		for (i=0; i < len; i++) {
+			if (strcmp(merge->addresses[i]->wins_owner, local_owner)==0) {
+				lh = MAX(lh, merge->addresses[i]->expire_time);
+			}
+		}
+
+		if (lh != 0) {
+			merge->expire_time = lh;
+		}
+	}
+
+	ret = winsdb_modify(partner->service->wins_db, merge, modify_flags);
+	if (ret != NBT_RCODE_OK) {
+		DEBUG(0,("Failed to modify sgroup merge record %s: %u\n",
+			nbt_name_string(mem_ctx, &replica->name), ret));
+		return NT_STATUS_FOOBAR;
+	}
+
+	DEBUG(4,("sgroup merge record %s\n",
+		nbt_name_string(mem_ctx, &replica->name)));
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS wreplsrv_apply_one_record(struct wreplsrv_partner *partner,
+					  TALLOC_CTX *mem_ctx,
+					  struct wrepl_wins_owner *owner,
+					  struct wrepl_name *replica)
+{
+	NTSTATUS status;
+	struct winsdb_record *rec = NULL;
+	enum _R_ACTION action = R_INVALID;
+	bool same_owner = false;
+	bool replica_vs_replica = false;
+	bool local_vs_replica = false;
+
+	if (replica->name.scope) {
+		TALLOC_CTX *parent;
+		const char *scope;
+
+		/*
+		 * Windows 2008 truncates the scope to 237 bytes,
+		 * so we do...
+		 */
+		parent = talloc_parent(replica->name.scope);
+		scope = talloc_strndup(parent, replica->name.scope, 237);
+		NT_STATUS_HAVE_NO_MEMORY(scope);
+		replica->name.scope = scope;
+	}
+
+	status = winsdb_lookup(partner->service->wins_db,
+			       &replica->name, mem_ctx, &rec);
+	if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_NOT_FOUND, status)) {
+		return r_do_add(partner, mem_ctx, owner, replica);
+	}
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	if (strcmp(rec->wins_owner, partner->service->wins_db->local_owner)==0) {
+		local_vs_replica = true;
+	} else if (strcmp(rec->wins_owner, owner->address)==0) {
+		same_owner = true;
+	} else {
+		replica_vs_replica = true;
+	}
+
+	if (rec->is_static && !same_owner) {
+		action = R_NOT_REPLACE;
+
+		/*
+		 * if we own the local record, then propagate it back to
+		 * the other wins servers.
+		 * to prevent ping-pong with other servers, we don't do this
+		 * if the replica is static too.
+		 *
+		 * It seems that w2k3 doesn't do this, but I thing that's a bug
+		 * and doing propagation helps to have consistent data on all servers
+		 */
+		if (local_vs_replica && !replica->is_static) {
+			action = R_DO_PROPAGATE;
+		}
+	} else if (replica->is_static && !rec->is_static && !same_owner) {
+		action = R_DO_REPLACE;
+	} else if (same_owner) {
+		action = replace_same_owner(rec, replica);
+	} else if (replica_vs_replica) {
+		switch (rec->type) {
+		case WREPL_TYPE_UNIQUE:
+			action = replace_unique_replica_vs_X_replica(rec, replica);
+			break;
+		case WREPL_TYPE_GROUP:
+			action = replace_group_replica_vs_X_replica(rec, replica);
+			break;
+		case WREPL_TYPE_SGROUP:
+			action = replace_sgroup_replica_vs_X_replica(rec, replica);
+			break;
+		case WREPL_TYPE_MHOMED:
+			action = replace_mhomed_replica_vs_X_replica(rec, replica);
+			break;
+		}
+	} else if (local_vs_replica) {
+		switch (rec->type) {
+		case WREPL_TYPE_UNIQUE:
+			action = replace_unique_owned_vs_X_replica(rec, replica);
+			break;
+		case WREPL_TYPE_GROUP:
+			action = replace_group_owned_vs_X_replica(rec, replica);
+			break;
+		case WREPL_TYPE_SGROUP:
+			action = replace_sgroup_owned_vs_X_replica(rec, replica);
+			break;
+		case WREPL_TYPE_MHOMED:
+			action = replace_mhomed_owned_vs_X_replica(rec, replica);
+			break;
+		}
+	}
+
+	DEBUG(4,("apply record %s: %s\n",
+		 nbt_name_string(mem_ctx, &replica->name), _R_ACTION_enum_string(action)));
+
+	switch (action) {
+	case R_INVALID: break;
+	case R_DO_REPLACE:
+		return r_do_replace(partner, mem_ctx, rec, owner, replica);
+	case R_NOT_REPLACE:
+		return r_not_replace(partner, mem_ctx, rec, owner, replica);
+	case R_DO_PROPAGATE:
+		return r_do_propagate(partner, mem_ctx, rec, owner, replica);
+	case R_DO_CHALLENGE:
+		return r_do_challenge(partner, mem_ctx, rec, owner, replica);
+	case R_DO_RELEASE_DEMAND:
+		return r_do_release_demand(partner, mem_ctx, rec, owner, replica);
+	case R_DO_SGROUP_MERGE:
+		return r_do_sgroup_merge(partner, mem_ctx, rec, owner, replica);
+	}
+
+	return NT_STATUS_INTERNAL_ERROR;
+}
+
+NTSTATUS wreplsrv_apply_records(struct wreplsrv_partner *partner,
+				struct wrepl_wins_owner *owner,
+				uint32_t num_names, struct wrepl_name *names)
+{
+	NTSTATUS status;
+	uint32_t i;
+
+	DEBUG(4,("apply records count[%u]:owner[%s]:min[%llu]:max[%llu]:partner[%s]\n",
+		num_names, owner->address,
+		(long long)owner->min_version, 
+		(long long)owner->max_version,
+		partner->address));
+
+	for (i=0; i < num_names; i++) {
+		TALLOC_CTX *tmp_mem = talloc_new(partner);
+		NT_STATUS_HAVE_NO_MEMORY(tmp_mem);
+
+		status = wreplsrv_apply_one_record(partner, tmp_mem,
+						   owner, &names[i]);
+		talloc_free(tmp_mem);
+		NT_STATUS_NOT_OK_RETURN(status);
+	}
+
+	status = wreplsrv_add_table(partner->service,
+				    partner->service,
+				    &partner->service->table,
+				    owner->address,
+				    owner->max_version);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/wrepl_server/wrepl_in_call.c b/source4/wrepl_server/wrepl_in_call.c
new file mode 100644
index 0000000..7c7d2a2
--- /dev/null
+++ b/source4/wrepl_server/wrepl_in_call.c
@@ -0,0 +1,589 @@
+/* 
+   Unix SMB/CIFS implementation.
+   
+   WINS Replication server
+   
+   Copyright (C) Stefan Metzmacher	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include "lib/tsocket/tsocket.h"
+#include "samba/service_task.h"
+#include "samba/service_stream.h"
+#include "libcli/wrepl/winsrepl.h"
+#include "wrepl_server/wrepl_server.h"
+#include "libcli/composite/composite.h"
+#include "nbt_server/wins/winsdb.h"
+#include <ldb.h>
+#include <ldb_errors.h>
+#include "system/time.h"
+#include "lib/util/tsort.h"
+#include "param/param.h"
+
+static NTSTATUS wreplsrv_in_start_association(struct wreplsrv_in_call *call)
+{
+	struct wrepl_start *start	= &call->req_packet.message.start;
+	struct wrepl_start *start_reply	= &call->rep_packet.message.start_reply;
+
+	if (call->req_packet.opcode & WREPL_OPCODE_BITS) {
+		/*
+		 *if the assoc_ctx doesn't match ignore the packet
+		 */
+		if ((call->req_packet.assoc_ctx != call->wreplconn->assoc_ctx.our_ctx)
+		   && (call->req_packet.assoc_ctx != 0)) {
+			return ERROR_INVALID_PARAMETER;
+		}
+	} else {
+		call->wreplconn->assoc_ctx.our_ctx = WREPLSRV_INVALID_ASSOC_CTX;
+		return NT_STATUS_OK;
+	}
+
+/*
+ * it seems that we don't know all details about the start_association
+ * to support replication with NT4 (it sends 1.1 instead of 5.2)
+ * we ignore the version numbers until we know all details
+ */
+#if 0
+	if (start->minor_version != 2 || start->major_version != 5) {
+		/* w2k terminate the connection if the versions doesn't match */
+		return NT_STATUS_UNKNOWN_REVISION;
+	}
+#endif
+
+	call->wreplconn->assoc_ctx.stopped	= false;
+	call->wreplconn->assoc_ctx.our_ctx	= WREPLSRV_VALID_ASSOC_CTX;
+	call->wreplconn->assoc_ctx.peer_ctx	= start->assoc_ctx;
+
+	call->rep_packet.mess_type		= WREPL_START_ASSOCIATION_REPLY;
+	start_reply->assoc_ctx			= call->wreplconn->assoc_ctx.our_ctx;
+	start_reply->minor_version		= 2;
+	start_reply->major_version		= 5;
+
+	/*
+	 * nt4 uses 41 bytes for the start_association call
+	 * so do it the same and as we don't know the meanings of these bytes
+	 * we just send zeros and nt4, w2k and w2k3 seems to be happy with this
+	 *
+	 * if we don't do this nt4 uses an old version of the wins replication protocol
+	 * and that would break nt4 <-> samba replication
+	 */
+	call->rep_packet.padding		= data_blob_talloc(call, NULL, 21);
+	NT_STATUS_HAVE_NO_MEMORY(call->rep_packet.padding.data);
+
+	memset(call->rep_packet.padding.data, 0, call->rep_packet.padding.length);
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS wreplsrv_in_stop_assoc_ctx(struct wreplsrv_in_call *call)
+{
+	struct wrepl_stop *stop_out		= &call->rep_packet.message.stop;
+
+	call->wreplconn->assoc_ctx.stopped	= true;
+
+	call->rep_packet.mess_type		= WREPL_STOP_ASSOCIATION;
+	stop_out->reason			= 4;
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS wreplsrv_in_stop_association(struct wreplsrv_in_call *call)
+{
+	/*
+	 * w2k only check the assoc_ctx if the opcode has the 0x00007800 bits are set
+	 */
+	if (call->req_packet.opcode & WREPL_OPCODE_BITS) {
+		/*
+		 *if the assoc_ctx doesn't match ignore the packet
+		 */
+		if (call->req_packet.assoc_ctx != call->wreplconn->assoc_ctx.our_ctx) {
+			return ERROR_INVALID_PARAMETER;
+		}
+		/* when the opcode bits are set the connection should be directly terminated */
+		return NT_STATUS_CONNECTION_RESET;
+	}
+
+	if (call->wreplconn->assoc_ctx.stopped) {
+		/* this causes the connection to be directly terminated */
+		return NT_STATUS_CONNECTION_RESET;
+	}
+
+	/* this will cause to not receive packets anymore and terminate the connection if the reply is send */
+	call->terminate_after_send = true;
+	return wreplsrv_in_stop_assoc_ctx(call);
+}
+
+static NTSTATUS wreplsrv_in_table_query(struct wreplsrv_in_call *call)
+{
+	struct wreplsrv_service *service = call->wreplconn->service;
+	struct wrepl_replication *repl_out = &call->rep_packet.message.replication;
+	struct wrepl_table *table_out = &call->rep_packet.message.replication.info.table;
+
+	repl_out->command = WREPL_REPL_TABLE_REPLY;
+
+	return wreplsrv_fill_wrepl_table(service, call, table_out,
+					 service->wins_db->local_owner, true);
+}
+
+static int wreplsrv_in_sort_wins_name(struct wrepl_wins_name *n1,
+				      struct wrepl_wins_name *n2)
+{
+	if (n1->id < n2->id) return -1;
+	if (n1->id > n2->id) return 1;
+	return 0;
+}
+
+static NTSTATUS wreplsrv_record2wins_name(TALLOC_CTX *mem_ctx,
+					  struct wrepl_wins_name *name,
+					  struct winsdb_record *rec)
+{
+	uint32_t num_ips, i;
+	struct wrepl_ip *ips;
+
+	name->name		= rec->name;
+	talloc_steal(mem_ctx, rec->name);
+
+	name->id		= rec->version;
+	name->unknown		= "255.255.255.255";
+
+	name->flags		= WREPL_NAME_FLAGS(rec->type, rec->state, rec->node, rec->is_static);
+
+	switch (name->flags & 2) {
+	case 0:
+		name->addresses.ip			= rec->addresses[0]->address;
+		talloc_steal(mem_ctx, rec->addresses[0]->address);
+		break;
+	case 2:
+		num_ips	= winsdb_addr_list_length(rec->addresses);
+		ips	= talloc_array(mem_ctx, struct wrepl_ip, num_ips);
+		NT_STATUS_HAVE_NO_MEMORY(ips);
+
+		for (i = 0; i < num_ips; i++) {
+			ips[i].owner	= rec->addresses[i]->wins_owner;
+			talloc_steal(ips, rec->addresses[i]->wins_owner);
+			ips[i].ip	= rec->addresses[i]->address;
+			talloc_steal(ips, rec->addresses[i]->address);
+		}
+
+		name->addresses.addresses.num_ips	= num_ips;
+		name->addresses.addresses.ips		= ips;
+		break;
+	}
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS wreplsrv_in_send_request(struct wreplsrv_in_call *call)
+{
+	struct wreplsrv_service *service = call->wreplconn->service;
+	struct wrepl_wins_owner *owner_in = &call->req_packet.message.replication.info.owner;
+	struct wrepl_replication *repl_out = &call->rep_packet.message.replication;
+	struct wrepl_send_reply *reply_out = &call->rep_packet.message.replication.info.reply;
+	struct wreplsrv_owner *owner;
+	const char *owner_filter;
+	const char *filter;
+	struct ldb_result *res = NULL;
+	int ret;
+	struct wrepl_wins_name *names;
+	struct winsdb_record *rec;
+	NTSTATUS status;
+	unsigned int i, j;
+	time_t now = time(NULL);
+
+	owner = wreplsrv_find_owner(service, service->table, owner_in->address);
+
+	repl_out->command	= WREPL_REPL_SEND_REPLY;
+	reply_out->num_names	= 0;
+	reply_out->names	= NULL;
+
+	/*
+	 * if we didn't know this owner, must be a bug in the partners client code...
+	 * return an empty list.
+	 */
+	if (!owner) {
+		DEBUG(2,("WINSREPL:reply [0] records unknown owner[%s] to partner[%s]\n",
+			owner_in->address, call->wreplconn->partner->address));
+		return NT_STATUS_OK;
+	}
+
+	/*
+	 * the client sends a max_version of 0, interpret it as
+	 * (uint64_t)-1
+	 */
+	if (owner_in->max_version == 0) {
+		owner_in->max_version = (uint64_t)-1;
+	}
+
+	/*
+	 * if the partner ask for nothing, or give invalid ranges,
+	 * return an empty list.
+	 */
+	if (owner_in->min_version > owner_in->max_version) {
+		DEBUG(2,("WINSREPL:reply [0] records owner[%s] min[%llu] max[%llu] to partner[%s]\n",
+			owner_in->address, 
+			(long long)owner_in->min_version, 
+			(long long)owner_in->max_version,
+			call->wreplconn->partner->address));
+		return NT_STATUS_OK;
+	}
+
+	/*
+	 * if the partner has already all records for nothing, or give invalid ranges,
+	 * return an empty list.
+	 */
+	if (owner_in->min_version > owner->owner.max_version) {
+		DEBUG(2,("WINSREPL:reply [0] records owner[%s] min[%llu] max[%llu] to partner[%s]\n",
+			owner_in->address, 
+			(long long)owner_in->min_version, 
+			(long long)owner_in->max_version,
+			call->wreplconn->partner->address));
+		return NT_STATUS_OK;
+	}
+
+	owner_filter = wreplsrv_owner_filter(service, call, owner->owner.address);
+	NT_STATUS_HAVE_NO_MEMORY(owner_filter);
+	filter = talloc_asprintf(call,
+				 "(&%s(objectClass=winsRecord)"
+				 "(|(recordState=%u)(recordState=%u))"
+				 "(versionID>=%llu)(versionID<=%llu))",
+				 owner_filter,
+				 WREPL_STATE_ACTIVE, WREPL_STATE_TOMBSTONE,
+				 (long long)owner_in->min_version, 
+				 (long long)owner_in->max_version);
+	NT_STATUS_HAVE_NO_MEMORY(filter);
+	ret = ldb_search(service->wins_db->ldb, call, &res, NULL, LDB_SCOPE_SUBTREE, NULL, "%s", filter);
+	if (ret != LDB_SUCCESS) return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	DEBUG(10,("WINSREPL: filter '%s' count %d\n", filter, res->count));
+
+	if (res->count == 0) {
+		DEBUG(2,("WINSREPL:reply [%u] records owner[%s] min[%llu] max[%llu] to partner[%s]\n",
+			res->count, owner_in->address, 
+			(long long)owner_in->min_version, 
+			(long long)owner_in->max_version,
+			call->wreplconn->partner->address));
+		return NT_STATUS_OK;
+	}
+
+	names = talloc_array(call, struct wrepl_wins_name, res->count);
+	NT_STATUS_HAVE_NO_MEMORY(names);
+
+	for (i=0, j=0; i < res->count; i++) {
+		status = winsdb_record(service->wins_db, res->msgs[i], call, now, &rec);
+		NT_STATUS_NOT_OK_RETURN(status);
+
+		/*
+		 * it's possible that winsdb_record() made the record RELEASED
+		 * because it's expired, but in the database it's still stored
+		 * as ACTIVE...
+		 *
+		 * make sure we really only replicate ACTIVE and TOMBSTONE records
+		 */
+		if (rec->state == WREPL_STATE_ACTIVE || rec->state == WREPL_STATE_TOMBSTONE) {
+			status = wreplsrv_record2wins_name(names, &names[j], rec);
+			NT_STATUS_NOT_OK_RETURN(status);
+			j++;
+		}
+
+		talloc_free(rec);
+		talloc_free(res->msgs[i]);
+	}
+
+	/* sort the names before we send them */
+	TYPESAFE_QSORT(names, j, wreplsrv_in_sort_wins_name);
+
+	DEBUG(2,("WINSREPL:reply [%u] records owner[%s] min[%llu] max[%llu] to partner[%s]\n",
+		j, owner_in->address, 
+		(long long)owner_in->min_version, 
+		(long long)owner_in->max_version,
+		call->wreplconn->partner->address));
+
+	reply_out->num_names	= j;
+	reply_out->names	= names;
+
+	return NT_STATUS_OK;
+}
+
+struct wreplsrv_in_update_state {
+	struct wreplsrv_in_connection *wrepl_in;
+	struct wreplsrv_out_connection *wrepl_out;
+	struct composite_context *creq;
+	struct wreplsrv_pull_cycle_io cycle_io;
+};
+
+static void wreplsrv_in_update_handler(struct composite_context *creq)
+{
+	struct wreplsrv_in_update_state *update_state = talloc_get_type(creq->async.private_data,
+							struct wreplsrv_in_update_state);
+	NTSTATUS status;
+
+	status = wreplsrv_pull_cycle_recv(creq);
+
+	talloc_free(update_state->wrepl_out);
+
+	wreplsrv_terminate_in_connection(update_state->wrepl_in, nt_errstr(status));
+}
+
+static NTSTATUS wreplsrv_in_update(struct wreplsrv_in_call *call)
+{
+	struct wreplsrv_in_connection *wrepl_in = call->wreplconn;
+	struct wreplsrv_out_connection *wrepl_out;
+	struct wrepl_table *update_in = &call->req_packet.message.replication.info.table;
+	struct wreplsrv_in_update_state *update_state;
+	NTSTATUS status;
+
+	DEBUG(2,("WREPL_REPL_UPDATE: partner[%s] initiator[%s] num_owners[%u]\n",
+		call->wreplconn->partner->address,
+		update_in->initiator, update_in->partner_count));
+
+	update_state = talloc(wrepl_in, struct wreplsrv_in_update_state);
+	NT_STATUS_HAVE_NO_MEMORY(update_state);
+
+	wrepl_out = talloc(update_state, struct wreplsrv_out_connection);
+	NT_STATUS_HAVE_NO_MEMORY(wrepl_out);
+	wrepl_out->service		= wrepl_in->service;
+	wrepl_out->partner		= wrepl_in->partner;
+	wrepl_out->assoc_ctx.our_ctx	= wrepl_in->assoc_ctx.our_ctx;
+	wrepl_out->assoc_ctx.peer_ctx	= wrepl_in->assoc_ctx.peer_ctx;
+	wrepl_out->sock			= wrepl_socket_init(wrepl_out,
+							    wrepl_in->conn->event.ctx);
+							    
+	if (wrepl_out->sock == NULL) {
+		TALLOC_FREE(update_state);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	TALLOC_FREE(wrepl_in->send_queue);
+
+	status = wrepl_socket_donate_stream(wrepl_out->sock, &wrepl_in->tstream);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(update_state);
+		return status;
+	}
+
+	update_state->wrepl_in			= wrepl_in;
+	update_state->wrepl_out			= wrepl_out;
+	update_state->cycle_io.in.partner	= wrepl_out->partner;
+	update_state->cycle_io.in.num_owners	= update_in->partner_count;
+	update_state->cycle_io.in.owners	= update_in->partners;
+	talloc_steal(update_state, update_in->partners);
+	update_state->cycle_io.in.wreplconn	= wrepl_out;
+	update_state->creq = wreplsrv_pull_cycle_send(update_state, &update_state->cycle_io);
+	if (!update_state->creq) {
+		talloc_free(update_state);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	update_state->creq->async.fn		= wreplsrv_in_update_handler;
+	update_state->creq->async.private_data	= update_state;
+
+	return ERROR_INVALID_PARAMETER;
+}
+
+static NTSTATUS wreplsrv_in_update2(struct wreplsrv_in_call *call)
+{
+	return wreplsrv_in_update(call);
+}
+
+static NTSTATUS wreplsrv_in_inform(struct wreplsrv_in_call *call)
+{
+	struct wrepl_table *inform_in = &call->req_packet.message.replication.info.table;
+
+	DEBUG(2,("WREPL_REPL_INFORM: partner[%s] initiator[%s] num_owners[%u]\n",
+		call->wreplconn->partner->address,
+		inform_in->initiator, inform_in->partner_count));
+
+	wreplsrv_out_partner_pull(call->wreplconn->partner, inform_in);
+
+	/* we don't reply to WREPL_REPL_INFORM messages */
+	return ERROR_INVALID_PARAMETER;
+}
+
+static NTSTATUS wreplsrv_in_inform2(struct wreplsrv_in_call *call)
+{
+	return wreplsrv_in_inform(call);
+}
+
+static NTSTATUS wreplsrv_in_replication(struct wreplsrv_in_call *call)
+{
+	struct wrepl_replication *repl_in = &call->req_packet.message.replication;
+	NTSTATUS status;
+
+	/*
+	 * w2k only check the assoc_ctx if the opcode has the 0x00007800 bits are set
+	 */
+	if (call->req_packet.opcode & WREPL_OPCODE_BITS) {
+		/*
+		 *if the assoc_ctx doesn't match ignore the packet
+		 */
+		if (call->req_packet.assoc_ctx != call->wreplconn->assoc_ctx.our_ctx) {
+			return ERROR_INVALID_PARAMETER;
+		}
+	}
+
+	if (!call->wreplconn->partner) {
+		struct tsocket_address *peer_addr = call->wreplconn->conn->remote_address;
+		char *peer_ip;
+
+		if (!tsocket_address_is_inet(peer_addr, "ipv4")) {
+			DEBUG(0,("wreplsrv_in_replication: non ipv4 peer addr '%s'\n",
+				tsocket_address_string(peer_addr, call)));
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+
+		peer_ip = tsocket_address_inet_addr_string(peer_addr, call);
+		if (peer_ip == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		call->wreplconn->partner = wreplsrv_find_partner(call->wreplconn->service, peer_ip);
+		if (!call->wreplconn->partner) {
+			DEBUG(1,("Failing WINS replication from non-partner %s\n", peer_ip));
+			return wreplsrv_in_stop_assoc_ctx(call);
+		}
+	}
+
+	switch (repl_in->command) {
+		case WREPL_REPL_TABLE_QUERY:
+			if (!(call->wreplconn->partner->type & WINSREPL_PARTNER_PUSH)) {
+				DEBUG(0,("Failing WINS replication TABLE_QUERY from non-push-partner %s\n",
+					 call->wreplconn->partner->address));
+				return wreplsrv_in_stop_assoc_ctx(call);
+			}
+			status = wreplsrv_in_table_query(call);
+			break;
+
+		case WREPL_REPL_TABLE_REPLY:
+			return ERROR_INVALID_PARAMETER;
+
+		case WREPL_REPL_SEND_REQUEST:
+			if (!(call->wreplconn->partner->type & WINSREPL_PARTNER_PUSH)) {
+				DEBUG(0,("Failing WINS replication SEND_REQUESET from non-push-partner %s\n",
+					 call->wreplconn->partner->address));
+				return wreplsrv_in_stop_assoc_ctx(call);
+			}
+			status = wreplsrv_in_send_request(call);
+			break;
+
+		case WREPL_REPL_SEND_REPLY:
+			return ERROR_INVALID_PARAMETER;
+	
+		case WREPL_REPL_UPDATE:
+			if (!(call->wreplconn->partner->type & WINSREPL_PARTNER_PULL)) {
+				DEBUG(0,("Failing WINS replication UPDATE from non-pull-partner %s\n",
+					 call->wreplconn->partner->address));
+				return wreplsrv_in_stop_assoc_ctx(call);
+			}
+			status = wreplsrv_in_update(call);
+			break;
+
+		case WREPL_REPL_UPDATE2:
+			if (!(call->wreplconn->partner->type & WINSREPL_PARTNER_PULL)) {
+				DEBUG(0,("Failing WINS replication UPDATE2 from non-pull-partner %s\n",
+					 call->wreplconn->partner->address));
+				return wreplsrv_in_stop_assoc_ctx(call);
+			}
+			status = wreplsrv_in_update2(call);
+			break;
+
+		case WREPL_REPL_INFORM:
+			if (!(call->wreplconn->partner->type & WINSREPL_PARTNER_PULL)) {
+				DEBUG(0,("Failing WINS replication INFORM from non-pull-partner %s\n",
+					 call->wreplconn->partner->address));
+				return wreplsrv_in_stop_assoc_ctx(call);
+			}
+			status = wreplsrv_in_inform(call);
+			break;
+
+		case WREPL_REPL_INFORM2:
+			if (!(call->wreplconn->partner->type & WINSREPL_PARTNER_PULL)) {
+				DEBUG(0,("Failing WINS replication INFORM2 from non-pull-partner %s\n",
+					 call->wreplconn->partner->address));
+				return wreplsrv_in_stop_assoc_ctx(call);
+			}
+			status = wreplsrv_in_inform2(call);
+			break;
+
+		default:
+			return ERROR_INVALID_PARAMETER;
+	}
+
+	if (NT_STATUS_IS_OK(status)) {
+		call->rep_packet.mess_type = WREPL_REPLICATION;
+	}
+
+	return status;
+}
+
+static NTSTATUS wreplsrv_in_invalid_assoc_ctx(struct wreplsrv_in_call *call)
+{
+	struct wrepl_start *start	= &call->rep_packet.message.start;
+
+	call->rep_packet.opcode		= 0x00008583;
+	call->rep_packet.assoc_ctx	= 0;
+	call->rep_packet.mess_type	= WREPL_START_ASSOCIATION;
+
+	start->assoc_ctx		= 0x0000000a;
+	start->minor_version		= 0x0001;
+	start->major_version		= 0x0000;
+
+	call->rep_packet.padding	= data_blob_talloc(call, NULL, 4);
+	memset(call->rep_packet.padding.data, '\0', call->rep_packet.padding.length);
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS wreplsrv_in_call(struct wreplsrv_in_call *call)
+{
+	NTSTATUS status;
+
+	if (!(call->req_packet.opcode & WREPL_OPCODE_BITS)
+	    && (call->wreplconn->assoc_ctx.our_ctx == WREPLSRV_INVALID_ASSOC_CTX)) {
+		return wreplsrv_in_invalid_assoc_ctx(call);
+	}
+
+	switch (call->req_packet.mess_type) {
+		case WREPL_START_ASSOCIATION:
+			status = wreplsrv_in_start_association(call);
+			break;
+		case WREPL_START_ASSOCIATION_REPLY:
+			/* this is not valid here, so we ignore it */
+			return ERROR_INVALID_PARAMETER;
+
+		case WREPL_STOP_ASSOCIATION:
+			status = wreplsrv_in_stop_association(call);
+			break;
+
+		case WREPL_REPLICATION:
+			status = wreplsrv_in_replication(call);
+			break;
+		default:
+			/* everythingelse is also not valid here, so we ignore it */
+			return ERROR_INVALID_PARAMETER;
+	}
+
+	if (call->wreplconn->assoc_ctx.our_ctx == WREPLSRV_INVALID_ASSOC_CTX) {
+		return wreplsrv_in_invalid_assoc_ctx(call);
+	}
+
+	if (NT_STATUS_IS_OK(status)) {
+		/* let the backend to set some of the opcode bits, but always add the standards */
+		call->rep_packet.opcode		|= WREPL_OPCODE_BITS;
+		call->rep_packet.assoc_ctx	= call->wreplconn->assoc_ctx.peer_ctx;
+	}
+
+	return status;
+}
diff --git a/source4/wrepl_server/wrepl_in_connection.c b/source4/wrepl_server/wrepl_in_connection.c
new file mode 100644
index 0000000..571d65d
--- /dev/null
+++ b/source4/wrepl_server/wrepl_in_connection.c
@@ -0,0 +1,476 @@
+/* 
+   Unix SMB/CIFS implementation.
+   
+   WINS Replication server
+   
+   Copyright (C) Stefan Metzmacher	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/socket/socket.h"
+#include "lib/stream/packet.h"
+#include "samba/service_task.h"
+#include "samba/service_stream.h"
+#include "samba/service.h"
+#include "lib/messaging/irpc.h"
+#include "librpc/gen_ndr/ndr_winsrepl.h"
+#include "wrepl_server/wrepl_server.h"
+#include "samba/process_model.h"
+#include "system/network.h"
+#include "lib/socket/netif.h"
+#include "lib/tsocket/tsocket.h"
+#include "libcli/util/tstream.h"
+#include "param/param.h"
+
+void wreplsrv_terminate_in_connection(struct wreplsrv_in_connection *wreplconn, const char *reason)
+{
+	stream_terminate_connection(wreplconn->conn, reason);
+}
+
+/*
+  receive some data on a WREPL connection
+*/
+static NTSTATUS wreplsrv_process(struct wreplsrv_in_connection *wrepl_conn,
+				 struct wreplsrv_in_call **_call)
+{
+	struct wrepl_wrap packet_out_wrap;
+	NTSTATUS status;
+	enum ndr_err_code ndr_err;
+	struct wreplsrv_in_call *call = *_call;
+
+	ndr_err = ndr_pull_struct_blob(&call->in, call,
+				       &call->req_packet,
+				       (ndr_pull_flags_fn_t)ndr_pull_wrepl_packet);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+
+	if (DEBUGLVL(10)) {
+		DEBUG(10,("Received WINS-Replication packet of length %u\n",
+			  (unsigned int) call->in.length + 4));
+		NDR_PRINT_DEBUG(wrepl_packet, &call->req_packet);
+	}
+
+	status = wreplsrv_in_call(call);
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+	if (!NT_STATUS_IS_OK(status)) {
+		/* w2k just ignores invalid packets, so we do */
+		DEBUG(10,("Received WINS-Replication packet was invalid, we just ignore it\n"));
+		TALLOC_FREE(call);
+		*_call = NULL;
+		return NT_STATUS_OK;
+	}
+
+	/* and now encode the reply */
+	packet_out_wrap.packet = call->rep_packet;
+	ndr_err = ndr_push_struct_blob(&call->out, call,
+				       &packet_out_wrap,
+				       (ndr_push_flags_fn_t) ndr_push_wrepl_wrap);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+
+	if (DEBUGLVL(10)) {
+		DEBUG(10,("Sending WINS-Replication packet of length %u\n",
+			 (unsigned int) call->out.length));
+		NDR_PRINT_DEBUG(wrepl_packet, &call->rep_packet);
+	}
+
+	return NT_STATUS_OK;
+}
+
+static void wreplsrv_call_loop(struct tevent_req *subreq);
+
+/*
+  called when we get a new connection
+*/
+static void wreplsrv_accept(struct stream_connection *conn)
+{
+	struct wreplsrv_service *service = talloc_get_type(conn->private_data, struct wreplsrv_service);
+	struct wreplsrv_in_connection *wrepl_conn;
+	struct tsocket_address *peer_addr;
+	char *peer_ip;
+	struct tevent_req *subreq;
+	int rc;
+
+	wrepl_conn = talloc_zero(conn, struct wreplsrv_in_connection);
+	if (wrepl_conn == NULL) {
+		stream_terminate_connection(conn,
+					    "wreplsrv_accept: out of memory");
+		return;
+	}
+
+	wrepl_conn->send_queue = tevent_queue_create(conn, "wrepl_accept");
+	if (wrepl_conn->send_queue == NULL) {
+		stream_terminate_connection(conn,
+					    "wrepl_accept: out of memory");
+		return;
+	}
+
+	TALLOC_FREE(conn->event.fde);
+
+	rc = tstream_bsd_existing_socket(wrepl_conn,
+					 socket_get_fd(conn->socket),
+					 &wrepl_conn->tstream);
+	if (rc < 0) {
+		stream_terminate_connection(conn,
+					    "wrepl_accept: out of memory");
+		return;
+	}
+	socket_set_flags(conn->socket, SOCKET_FLAG_NOCLOSE);
+	/* as server we want to fail early */
+	tstream_bsd_fail_readv_first_error(wrepl_conn->tstream, true);
+
+	wrepl_conn->conn = conn;
+	wrepl_conn->service = service;
+
+	peer_addr = conn->remote_address;
+
+	if (!tsocket_address_is_inet(peer_addr, "ipv4")) {
+		DEBUG(0,("wreplsrv_accept: non ipv4 peer addr '%s'\n",
+			tsocket_address_string(peer_addr, wrepl_conn)));
+		wreplsrv_terminate_in_connection(wrepl_conn, "wreplsrv_accept: "
+				"invalid peer IP");
+		return;
+	}
+
+	peer_ip = tsocket_address_inet_addr_string(peer_addr, wrepl_conn);
+	if (peer_ip == NULL) {
+		wreplsrv_terminate_in_connection(wrepl_conn, "wreplsrv_accept: "
+				"could not convert peer IP into a string");
+		return;
+	}
+
+	wrepl_conn->partner = wreplsrv_find_partner(service, peer_ip);
+	irpc_add_name(conn->msg_ctx, "wreplsrv_connection");
+
+	/*
+	 * The wrepl pdu's has the length as 4 byte (initial_read_size),
+	 * tstream_full_request_u32 provides the pdu length then.
+	 */
+	subreq = tstream_read_pdu_blob_send(wrepl_conn,
+					    wrepl_conn->conn->event.ctx,
+					    wrepl_conn->tstream,
+					    4, /* initial_read_size */
+					    tstream_full_request_u32,
+					    wrepl_conn);
+	if (subreq == NULL) {
+		wreplsrv_terminate_in_connection(wrepl_conn, "wrepl_accept: "
+				"no memory for tstream_read_pdu_blob_send");
+		return;
+	}
+	tevent_req_set_callback(subreq, wreplsrv_call_loop, wrepl_conn);
+}
+
+static void wreplsrv_call_writev_done(struct tevent_req *subreq);
+
+static void wreplsrv_call_loop(struct tevent_req *subreq)
+{
+	struct wreplsrv_in_connection *wrepl_conn = tevent_req_callback_data(subreq,
+				      struct wreplsrv_in_connection);
+	struct wreplsrv_in_call *call;
+	NTSTATUS status;
+
+	call = talloc_zero(wrepl_conn, struct wreplsrv_in_call);
+	if (call == NULL) {
+		wreplsrv_terminate_in_connection(wrepl_conn, "wreplsrv_call_loop: "
+				"no memory for wrepl_samba3_call");
+		return;
+	}
+	call->wreplconn = wrepl_conn;
+
+	status = tstream_read_pdu_blob_recv(subreq,
+					    call,
+					    &call->in);
+	TALLOC_FREE(subreq);
+	if (!NT_STATUS_IS_OK(status)) {
+		const char *reason;
+
+		reason = talloc_asprintf(call, "wreplsrv_call_loop: "
+					 "tstream_read_pdu_blob_recv() - %s",
+					 nt_errstr(status));
+		if (!reason) {
+			reason = nt_errstr(status);
+		}
+
+		wreplsrv_terminate_in_connection(wrepl_conn, reason);
+		return;
+	}
+
+	DEBUG(10,("Received wrepl packet of length %lu from %s\n",
+		 (long) call->in.length,
+		 tsocket_address_string(wrepl_conn->conn->remote_address, call)));
+
+	/* skip length header */
+	call->in.data += 4;
+	call->in.length -= 4;
+
+	status = wreplsrv_process(wrepl_conn, &call);
+	if (!NT_STATUS_IS_OK(status)) {
+		const char *reason;
+
+		reason = talloc_asprintf(call, "wreplsrv_call_loop: "
+					 "tstream_read_pdu_blob_recv() - %s",
+					 nt_errstr(status));
+		if (reason == NULL) {
+			reason = nt_errstr(status);
+		}
+
+		wreplsrv_terminate_in_connection(wrepl_conn, reason);
+		return;
+	}
+
+	/* We handed over the connection so we're done here */
+	if (wrepl_conn->tstream == NULL) {
+	    return;
+	}
+
+	/* Invalid WINS-Replication packet, we just ignore it */
+	if (call == NULL) {
+		goto noreply;
+	}
+
+	call->out_iov[0].iov_base = (char *) call->out.data;
+	call->out_iov[0].iov_len = call->out.length;
+
+	subreq = tstream_writev_queue_send(call,
+					   wrepl_conn->conn->event.ctx,
+					   wrepl_conn->tstream,
+					   wrepl_conn->send_queue,
+					   call->out_iov, 1);
+	if (subreq == NULL) {
+		wreplsrv_terminate_in_connection(wrepl_conn, "wreplsrv_call_loop: "
+				"no memory for tstream_writev_queue_send");
+		return;
+	}
+	tevent_req_set_callback(subreq, wreplsrv_call_writev_done, call);
+
+noreply:
+	/*
+	 * The wrepl pdu's has the length as 4 byte (initial_read_size),
+	 *  provides the pdu length then.
+	 */
+	subreq = tstream_read_pdu_blob_send(wrepl_conn,
+					    wrepl_conn->conn->event.ctx,
+					    wrepl_conn->tstream,
+					    4, /* initial_read_size */
+					    tstream_full_request_u32,
+					    wrepl_conn);
+	if (subreq == NULL) {
+		wreplsrv_terminate_in_connection(wrepl_conn, "wreplsrv_call_loop: "
+				"no memory for tstream_read_pdu_blob_send");
+		return;
+	}
+	tevent_req_set_callback(subreq, wreplsrv_call_loop, wrepl_conn);
+}
+
+static void wreplsrv_call_writev_done(struct tevent_req *subreq)
+{
+	struct wreplsrv_in_call *call = tevent_req_callback_data(subreq,
+			struct wreplsrv_in_call);
+	int sys_errno;
+	int rc;
+
+	rc = tstream_writev_queue_recv(subreq, &sys_errno);
+	TALLOC_FREE(subreq);
+	if (rc == -1) {
+		const char *reason;
+
+		reason = talloc_asprintf(call, "wreplsrv_call_writev_done: "
+					 "tstream_writev_queue_recv() - %d:%s",
+					 sys_errno, strerror(sys_errno));
+		if (reason == NULL) {
+			reason = "wreplsrv_call_writev_done: "
+				 "tstream_writev_queue_recv() failed";
+		}
+
+		wreplsrv_terminate_in_connection(call->wreplconn, reason);
+		return;
+	}
+
+	if (call->terminate_after_send) {
+		wreplsrv_terminate_in_connection(call->wreplconn,
+				"wreplsrv_in_connection: terminate_after_send");
+		return;
+	}
+
+	talloc_free(call);
+}
+
+/*
+  called on a tcp recv
+*/
+static void wreplsrv_recv(struct stream_connection *conn, uint16_t flags)
+{
+	struct wreplsrv_in_connection *wrepl_conn = talloc_get_type(conn->private_data,
+							struct wreplsrv_in_connection);
+	/* this should never be triggered! */
+	DEBUG(0,("Terminating connection - '%s'\n", "wrepl_recv: called"));
+	wreplsrv_terminate_in_connection(wrepl_conn, "wrepl_recv: called");
+}
+
+/*
+  called when we can write to a connection
+*/
+static void wreplsrv_send(struct stream_connection *conn, uint16_t flags)
+{
+	struct wreplsrv_in_connection *wrepl_conn = talloc_get_type(conn->private_data,
+							struct wreplsrv_in_connection);
+	/* this should never be triggered! */
+	DEBUG(0,("Terminating connection - '%s'\n", "wrepl_send: called"));
+	wreplsrv_terminate_in_connection(wrepl_conn, "wrepl_send: called");
+}
+
+static const struct stream_server_ops wreplsrv_stream_ops = {
+	.name			= "wreplsrv",
+	.accept_connection	= wreplsrv_accept,
+	.recv_handler		= wreplsrv_recv,
+	.send_handler		= wreplsrv_send,
+};
+
+/*
+  called when we get a new connection
+*/
+NTSTATUS wreplsrv_in_connection_merge(struct wreplsrv_partner *partner,
+				      uint32_t peer_assoc_ctx,
+				      struct tstream_context **stream,
+				      struct wreplsrv_in_connection **_wrepl_in,
+				      void* process_context)
+{
+	struct wreplsrv_service *service = partner->service;
+	struct wreplsrv_in_connection *wrepl_in;
+	struct stream_connection *conn;
+	struct tevent_req *subreq;
+	NTSTATUS status;
+
+	wrepl_in = talloc_zero(partner, struct wreplsrv_in_connection);
+	NT_STATUS_HAVE_NO_MEMORY(wrepl_in);
+
+	wrepl_in->service	= service;
+	wrepl_in->partner	= partner;
+	wrepl_in->tstream	= talloc_move(wrepl_in, stream);
+	wrepl_in->assoc_ctx.peer_ctx = peer_assoc_ctx;
+
+	status = stream_new_connection_merge(service->task->event_ctx,
+					     service->task->lp_ctx,
+					     service->task->model_ops,
+					     &wreplsrv_stream_ops,
+					     service->task->msg_ctx,
+					     wrepl_in,
+					     &conn,
+					     process_context);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	/*
+	 * make the wreplsrv_in_connection structure a child of the
+	 * stream_connection, to match the hierarchy of wreplsrv_accept
+	 */
+	wrepl_in->conn		= conn;
+	talloc_steal(conn, wrepl_in);
+
+	wrepl_in->send_queue = tevent_queue_create(wrepl_in, "wreplsrv_in_connection_merge");
+	if (wrepl_in->send_queue == NULL) {
+		stream_terminate_connection(conn,
+					    "wreplsrv_in_connection_merge: out of memory");
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* we're now a server and want to fail early */
+	tstream_bsd_fail_readv_first_error(wrepl_in->tstream, true);
+
+	/*
+	 * The wrepl pdu's has the length as 4 byte (initial_read_size),
+	 * tstream_full_request_u32 provides the pdu length then.
+	 */
+	subreq = tstream_read_pdu_blob_send(wrepl_in,
+					    wrepl_in->conn->event.ctx,
+					    wrepl_in->tstream,
+					    4, /* initial_read_size */
+					    tstream_full_request_u32,
+					    wrepl_in);
+	if (subreq == NULL) {
+		wreplsrv_terminate_in_connection(wrepl_in, "wreplsrv_in_connection_merge: "
+				"no memory for tstream_read_pdu_blob_send");
+		return NT_STATUS_NO_MEMORY;
+	}
+	tevent_req_set_callback(subreq, wreplsrv_call_loop, wrepl_in);
+
+	*_wrepl_in = wrepl_in;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  startup the wrepl port 42 server sockets
+*/
+NTSTATUS wreplsrv_setup_sockets(struct wreplsrv_service *service, struct loadparm_context *lp_ctx)
+{
+	NTSTATUS status;
+	struct task_server *task = service->task;
+	const char *address;
+	uint16_t port = WINS_REPLICATION_PORT;
+
+	if (lpcfg_interfaces(lp_ctx) && lpcfg_bind_interfaces_only(lp_ctx)) {
+		int num_interfaces;
+		int i;
+		struct interface *ifaces;
+
+		load_interface_list(task, lp_ctx, &ifaces);
+
+		num_interfaces = iface_list_count(ifaces);
+
+		/* We have been given an interfaces line, and been 
+		   told to only bind to those interfaces. Create a
+		   socket per interface and bind to only these.
+		*/
+		for(i = 0; i < num_interfaces; i++) {
+			if (!iface_list_n_is_v4(ifaces, i)) {
+				continue;
+			}
+			address = iface_list_n_ip(ifaces, i);
+			status = stream_setup_socket(
+					task, task->event_ctx,
+					task->lp_ctx,
+					task->model_ops,
+					&wreplsrv_stream_ops,
+					"ipv4", address, &port,
+					lpcfg_socket_options(task->lp_ctx),
+					service, task->process_context);
+			if (!NT_STATUS_IS_OK(status)) {
+				DEBUG(0,("stream_setup_socket(address=%s,port=%u) failed - %s\n",
+					 address, port, nt_errstr(status)));
+				return status;
+			}
+		}
+	} else {
+		address = "0.0.0.0";
+		status = stream_setup_socket(task, task->event_ctx,
+					     task->lp_ctx, task->model_ops,
+					     &wreplsrv_stream_ops,
+					     "ipv4", address, &port,
+					     lpcfg_socket_options(task->lp_ctx),
+					     service, task->process_context);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0,("stream_setup_socket(address=%s,port=%u) failed - %s\n",
+				 address, port, nt_errstr(status)));
+			return status;
+		}
+	}
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/wrepl_server/wrepl_out_helpers.c b/source4/wrepl_server/wrepl_out_helpers.c
new file mode 100644
index 0000000..98e8b63
--- /dev/null
+++ b/source4/wrepl_server/wrepl_out_helpers.c
@@ -0,0 +1,1146 @@
+/* 
+   Unix SMB/CIFS implementation.
+   
+   WINS Replication server
+   
+   Copyright (C) Stefan Metzmacher	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include "lib/socket/socket.h"
+#include "samba/service_task.h"
+#include "samba/service_stream.h"
+#include "librpc/gen_ndr/winsrepl.h"
+#include "wrepl_server/wrepl_server.h"
+#include "nbt_server/wins/winsdb.h"
+#include "libcli/composite/composite.h"
+#include "libcli/wrepl/winsrepl.h"
+#include "libcli/resolve/resolve.h"
+#include "param/param.h"
+
+enum wreplsrv_out_connect_stage {
+	WREPLSRV_OUT_CONNECT_STAGE_WAIT_SOCKET,
+	WREPLSRV_OUT_CONNECT_STAGE_WAIT_ASSOC_CTX,
+	WREPLSRV_OUT_CONNECT_STAGE_DONE
+};
+
+struct wreplsrv_out_connect_state {
+	enum wreplsrv_out_connect_stage stage;
+	struct composite_context *c;
+	struct wrepl_associate assoc_io;
+	enum winsrepl_partner_type type;
+	struct wreplsrv_out_connection *wreplconn;
+	struct tevent_req *subreq;
+};
+
+static void wreplsrv_out_connect_handler_treq(struct tevent_req *subreq);
+
+static NTSTATUS wreplsrv_out_connect_wait_socket(struct wreplsrv_out_connect_state *state)
+{
+	NTSTATUS status;
+
+	status = wrepl_connect_recv(state->subreq);
+	TALLOC_FREE(state->subreq);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	state->subreq = wrepl_associate_send(state,
+					     state->wreplconn->service->task->event_ctx,
+					     state->wreplconn->sock, &state->assoc_io);
+	NT_STATUS_HAVE_NO_MEMORY(state->subreq);
+
+	tevent_req_set_callback(state->subreq,
+				wreplsrv_out_connect_handler_treq,
+				state);
+
+	state->stage = WREPLSRV_OUT_CONNECT_STAGE_WAIT_ASSOC_CTX;
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS wreplsrv_out_connect_wait_assoc_ctx(struct wreplsrv_out_connect_state *state)
+{
+	NTSTATUS status;
+
+	status = wrepl_associate_recv(state->subreq, &state->assoc_io);
+	TALLOC_FREE(state->subreq);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	state->wreplconn->assoc_ctx.peer_ctx = state->assoc_io.out.assoc_ctx;
+	state->wreplconn->assoc_ctx.peer_major = state->assoc_io.out.major_version;
+
+	if (state->type == WINSREPL_PARTNER_PUSH) {
+		if (state->wreplconn->assoc_ctx.peer_major >= 5) {
+			state->wreplconn->partner->push.wreplconn = state->wreplconn;
+			talloc_steal(state->wreplconn->partner, state->wreplconn);
+		} else {
+			state->type = WINSREPL_PARTNER_NONE;
+		}
+	} else if (state->type == WINSREPL_PARTNER_PULL) {
+		state->wreplconn->partner->pull.wreplconn = state->wreplconn;
+		talloc_steal(state->wreplconn->partner, state->wreplconn);
+	}
+
+	state->stage = WREPLSRV_OUT_CONNECT_STAGE_DONE;
+
+	return NT_STATUS_OK;
+}
+
+static void wreplsrv_out_connect_handler(struct wreplsrv_out_connect_state *state)
+{
+	struct composite_context *c = state->c;
+
+	switch (state->stage) {
+	case WREPLSRV_OUT_CONNECT_STAGE_WAIT_SOCKET:
+		c->status = wreplsrv_out_connect_wait_socket(state);
+		break;
+	case WREPLSRV_OUT_CONNECT_STAGE_WAIT_ASSOC_CTX:
+		c->status = wreplsrv_out_connect_wait_assoc_ctx(state);
+		c->state  = COMPOSITE_STATE_DONE;
+		break;
+	case WREPLSRV_OUT_CONNECT_STAGE_DONE:
+		c->status = NT_STATUS_INTERNAL_ERROR;
+	}
+
+	if (!NT_STATUS_IS_OK(c->status)) {
+		c->state = COMPOSITE_STATE_ERROR;
+	}
+
+	if (c->state >= COMPOSITE_STATE_DONE && c->async.fn) {
+		c->async.fn(c);
+	}
+}
+
+static void wreplsrv_out_connect_handler_treq(struct tevent_req *subreq)
+{
+	struct wreplsrv_out_connect_state *state = tevent_req_callback_data(subreq,
+						   struct wreplsrv_out_connect_state);
+	wreplsrv_out_connect_handler(state);
+	return;
+}
+
+static struct composite_context *wreplsrv_out_connect_send(struct wreplsrv_partner *partner,
+							   enum winsrepl_partner_type type,
+							   struct wreplsrv_out_connection *wreplconn)
+{
+	struct composite_context *c = NULL;
+	struct wreplsrv_service *service = partner->service;
+	struct wreplsrv_out_connect_state *state = NULL;
+	struct wreplsrv_out_connection **wreplconnp = &wreplconn;
+	bool cached_connection = false;
+
+	c = talloc_zero(partner, struct composite_context);
+	if (!c) goto failed;
+
+	state = talloc_zero(c, struct wreplsrv_out_connect_state);
+	if (!state) goto failed;
+	state->c	= c;
+	state->type	= type;
+
+	c->state	= COMPOSITE_STATE_IN_PROGRESS;
+	c->event_ctx	= service->task->event_ctx;
+	c->private_data	= state;
+
+	if (type == WINSREPL_PARTNER_PUSH) {
+		cached_connection	= true;
+		wreplconn		= partner->push.wreplconn;
+		wreplconnp		= &partner->push.wreplconn;
+	} else if (type == WINSREPL_PARTNER_PULL) {
+		cached_connection	= true;
+		wreplconn		= partner->pull.wreplconn;
+		wreplconnp		= &partner->pull.wreplconn;
+	}
+
+	/* we have a connection already, so use it */
+	if (wreplconn) {
+		if (wrepl_socket_is_connected(wreplconn->sock)) {
+			state->stage	= WREPLSRV_OUT_CONNECT_STAGE_DONE;
+			state->wreplconn= wreplconn;
+			composite_done(c);
+			return c;
+		} else if (!cached_connection) {
+			state->stage	= WREPLSRV_OUT_CONNECT_STAGE_DONE;
+			state->wreplconn= NULL;
+			composite_done(c);
+			return c;
+		} else {
+			talloc_free(wreplconn);
+			*wreplconnp = NULL;
+		}
+	}
+
+	wreplconn = talloc_zero(state, struct wreplsrv_out_connection);
+	if (!wreplconn) goto failed;
+
+	wreplconn->service	= service;
+	wreplconn->partner	= partner;
+	wreplconn->sock		= wrepl_socket_init(wreplconn, service->task->event_ctx);
+	if (!wreplconn->sock) goto failed;
+
+	state->stage	= WREPLSRV_OUT_CONNECT_STAGE_WAIT_SOCKET;
+	state->wreplconn= wreplconn;
+	state->subreq	= wrepl_connect_send(state,
+					     service->task->event_ctx,
+					     wreplconn->sock,
+					     partner->our_address?partner->our_address:wrepl_best_ip(service->task->lp_ctx, partner->address),
+					     partner->address);
+	if (!state->subreq) goto failed;
+
+	tevent_req_set_callback(state->subreq,
+				wreplsrv_out_connect_handler_treq,
+				state);
+
+	return c;
+failed:
+	talloc_free(c);
+	return NULL;
+}
+
+static NTSTATUS wreplsrv_out_connect_recv(struct composite_context *c, TALLOC_CTX *mem_ctx,
+					  struct wreplsrv_out_connection **wreplconn)
+{
+	NTSTATUS status;
+
+	status = composite_wait(c);
+
+	if (NT_STATUS_IS_OK(status)) {
+		struct wreplsrv_out_connect_state *state = talloc_get_type(c->private_data,
+							   struct wreplsrv_out_connect_state);
+		if (state->wreplconn) {
+			*wreplconn = talloc_reference(mem_ctx, state->wreplconn);
+			if (!*wreplconn) status = NT_STATUS_NO_MEMORY;
+		} else {
+			status = NT_STATUS_CONNECTION_DISCONNECTED;
+		}
+	}
+
+	talloc_free(c);
+	return status;
+	
+}
+
+struct wreplsrv_pull_table_io {
+	struct {
+		struct wreplsrv_partner *partner;
+		uint32_t num_owners;
+		struct wrepl_wins_owner *owners;
+	} in;
+	struct {
+		uint32_t num_owners;
+		struct wrepl_wins_owner *owners;
+	} out;
+};
+
+enum wreplsrv_pull_table_stage {
+	WREPLSRV_PULL_TABLE_STAGE_WAIT_CONNECTION,
+	WREPLSRV_PULL_TABLE_STAGE_WAIT_TABLE_REPLY,
+	WREPLSRV_PULL_TABLE_STAGE_DONE
+};
+
+struct wreplsrv_pull_table_state {
+	enum wreplsrv_pull_table_stage stage;
+	struct composite_context *c;
+	struct wrepl_pull_table table_io;
+	struct wreplsrv_pull_table_io *io;
+	struct composite_context *creq;
+	struct wreplsrv_out_connection *wreplconn;
+	struct tevent_req *subreq;
+};
+
+static void wreplsrv_pull_table_handler_treq(struct tevent_req *subreq);
+
+static NTSTATUS wreplsrv_pull_table_wait_connection(struct wreplsrv_pull_table_state *state)
+{
+	NTSTATUS status;
+
+	status = wreplsrv_out_connect_recv(state->creq, state, &state->wreplconn);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	state->table_io.in.assoc_ctx = state->wreplconn->assoc_ctx.peer_ctx;
+	state->subreq = wrepl_pull_table_send(state,
+					      state->wreplconn->service->task->event_ctx,
+					      state->wreplconn->sock, &state->table_io);
+	NT_STATUS_HAVE_NO_MEMORY(state->subreq);
+
+	tevent_req_set_callback(state->subreq,
+				wreplsrv_pull_table_handler_treq,
+				state);
+
+	state->stage = WREPLSRV_PULL_TABLE_STAGE_WAIT_TABLE_REPLY;
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS wreplsrv_pull_table_wait_table_reply(struct wreplsrv_pull_table_state *state)
+{
+	NTSTATUS status;
+
+	status = wrepl_pull_table_recv(state->subreq, state, &state->table_io);
+	TALLOC_FREE(state->subreq);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	state->stage = WREPLSRV_PULL_TABLE_STAGE_DONE;
+
+	return NT_STATUS_OK;
+}
+
+static void wreplsrv_pull_table_handler(struct wreplsrv_pull_table_state *state)
+{
+	struct composite_context *c = state->c;
+
+	switch (state->stage) {
+	case WREPLSRV_PULL_TABLE_STAGE_WAIT_CONNECTION:
+		c->status = wreplsrv_pull_table_wait_connection(state);
+		break;
+	case WREPLSRV_PULL_TABLE_STAGE_WAIT_TABLE_REPLY:
+		c->status = wreplsrv_pull_table_wait_table_reply(state);
+		c->state  = COMPOSITE_STATE_DONE;
+		break;
+	case WREPLSRV_PULL_TABLE_STAGE_DONE:
+		c->status = NT_STATUS_INTERNAL_ERROR;
+	}
+
+	if (!NT_STATUS_IS_OK(c->status)) {
+		c->state = COMPOSITE_STATE_ERROR;
+	}
+
+	if (c->state >= COMPOSITE_STATE_DONE && c->async.fn) {
+		c->async.fn(c);
+	}
+}
+
+static void wreplsrv_pull_table_handler_creq(struct composite_context *creq)
+{
+	struct wreplsrv_pull_table_state *state = talloc_get_type(creq->async.private_data,
+						  struct wreplsrv_pull_table_state);
+	wreplsrv_pull_table_handler(state);
+	return;
+}
+
+static void wreplsrv_pull_table_handler_treq(struct tevent_req *subreq)
+{
+	struct wreplsrv_pull_table_state *state = tevent_req_callback_data(subreq,
+						  struct wreplsrv_pull_table_state);
+	wreplsrv_pull_table_handler(state);
+	return;
+}
+
+static struct composite_context *wreplsrv_pull_table_send(TALLOC_CTX *mem_ctx, struct wreplsrv_pull_table_io *io)
+{
+	struct composite_context *c = NULL;
+	struct wreplsrv_service *service = io->in.partner->service;
+	struct wreplsrv_pull_table_state *state = NULL;
+
+	c = talloc_zero(mem_ctx, struct composite_context);
+	if (!c) goto failed;
+
+	state = talloc_zero(c, struct wreplsrv_pull_table_state);
+	if (!state) goto failed;
+	state->c	= c;
+	state->io	= io;
+
+	c->state	= COMPOSITE_STATE_IN_PROGRESS;
+	c->event_ctx	= service->task->event_ctx;
+	c->private_data	= state;
+
+	if (io->in.num_owners) {
+		struct wrepl_wins_owner *partners;
+		uint32_t i;
+
+		partners = talloc_array(state,
+					struct wrepl_wins_owner,
+					io->in.num_owners);
+		if (composite_nomem(partners, c)) goto failed;
+
+		for (i=0; i < io->in.num_owners; i++) {
+			partners[i] = io->in.owners[i];
+			partners[i].address = talloc_strdup(partners,
+						io->in.owners[i].address);
+			if (composite_nomem(partners[i].address, c)) goto failed;
+		}
+
+		state->table_io.out.num_partners	= io->in.num_owners;
+		state->table_io.out.partners		= partners;
+		state->stage				= WREPLSRV_PULL_TABLE_STAGE_DONE;
+		composite_done(c);
+		return c;
+	}
+
+	state->stage    = WREPLSRV_PULL_TABLE_STAGE_WAIT_CONNECTION;
+	state->creq	= wreplsrv_out_connect_send(io->in.partner, WINSREPL_PARTNER_PULL, NULL);
+	if (!state->creq) goto failed;
+
+	state->creq->async.fn		= wreplsrv_pull_table_handler_creq;
+	state->creq->async.private_data	= state;
+
+	return c;
+failed:
+	talloc_free(c);
+	return NULL;
+}
+
+static NTSTATUS wreplsrv_pull_table_recv(struct composite_context *c, TALLOC_CTX *mem_ctx,
+					 struct wreplsrv_pull_table_io *io)
+{
+	NTSTATUS status;
+
+	status = composite_wait(c);
+
+	if (NT_STATUS_IS_OK(status)) {
+		struct wreplsrv_pull_table_state *state = talloc_get_type(c->private_data,
+							  struct wreplsrv_pull_table_state);
+		io->out.num_owners	= state->table_io.out.num_partners;
+		io->out.owners		= talloc_move(mem_ctx, &state->table_io.out.partners);
+	}
+
+	talloc_free(c);
+	return status;	
+}
+
+struct wreplsrv_pull_names_io {
+	struct {
+		struct wreplsrv_partner *partner;
+		struct wreplsrv_out_connection *wreplconn;
+		struct wrepl_wins_owner owner;
+	} in;
+	struct {
+		uint32_t num_names;
+		struct wrepl_name *names;
+	} out;
+};
+
+enum wreplsrv_pull_names_stage {
+	WREPLSRV_PULL_NAMES_STAGE_WAIT_CONNECTION,
+	WREPLSRV_PULL_NAMES_STAGE_WAIT_SEND_REPLY,
+	WREPLSRV_PULL_NAMES_STAGE_DONE
+};
+
+struct wreplsrv_pull_names_state {
+	enum wreplsrv_pull_names_stage stage;
+	struct composite_context *c;
+	struct wrepl_pull_names pull_io;
+	struct wreplsrv_pull_names_io *io;
+	struct composite_context *creq;
+	struct wreplsrv_out_connection *wreplconn;
+	struct tevent_req *subreq;
+};
+
+static void wreplsrv_pull_names_handler_treq(struct tevent_req *subreq);
+
+static NTSTATUS wreplsrv_pull_names_wait_connection(struct wreplsrv_pull_names_state *state)
+{
+	NTSTATUS status;
+
+	status = wreplsrv_out_connect_recv(state->creq, state, &state->wreplconn);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	state->pull_io.in.assoc_ctx	= state->wreplconn->assoc_ctx.peer_ctx;
+	state->pull_io.in.partner	= state->io->in.owner;
+	state->subreq = wrepl_pull_names_send(state,
+					      state->wreplconn->service->task->event_ctx,
+					      state->wreplconn->sock,
+					      &state->pull_io);
+	NT_STATUS_HAVE_NO_MEMORY(state->subreq);
+
+	tevent_req_set_callback(state->subreq,
+				wreplsrv_pull_names_handler_treq,
+				state);
+
+	state->stage = WREPLSRV_PULL_NAMES_STAGE_WAIT_SEND_REPLY;
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS wreplsrv_pull_names_wait_send_reply(struct wreplsrv_pull_names_state *state)
+{
+	NTSTATUS status;
+
+	status = wrepl_pull_names_recv(state->subreq, state, &state->pull_io);
+	TALLOC_FREE(state->subreq);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	state->stage = WREPLSRV_PULL_NAMES_STAGE_DONE;
+
+	return NT_STATUS_OK;
+}
+
+static void wreplsrv_pull_names_handler(struct wreplsrv_pull_names_state *state)
+{
+	struct composite_context *c = state->c;
+
+	switch (state->stage) {
+	case WREPLSRV_PULL_NAMES_STAGE_WAIT_CONNECTION:
+		c->status = wreplsrv_pull_names_wait_connection(state);
+		break;
+	case WREPLSRV_PULL_NAMES_STAGE_WAIT_SEND_REPLY:
+		c->status = wreplsrv_pull_names_wait_send_reply(state);
+		c->state  = COMPOSITE_STATE_DONE;
+		break;
+	case WREPLSRV_PULL_NAMES_STAGE_DONE:
+		c->status = NT_STATUS_INTERNAL_ERROR;
+	}
+
+	if (!NT_STATUS_IS_OK(c->status)) {
+		c->state = COMPOSITE_STATE_ERROR;
+	}
+
+	if (c->state >= COMPOSITE_STATE_DONE && c->async.fn) {
+		c->async.fn(c);
+	}
+}
+
+static void wreplsrv_pull_names_handler_creq(struct composite_context *creq)
+{
+	struct wreplsrv_pull_names_state *state = talloc_get_type(creq->async.private_data,
+						  struct wreplsrv_pull_names_state);
+	wreplsrv_pull_names_handler(state);
+	return;
+}
+
+static void wreplsrv_pull_names_handler_treq(struct tevent_req *subreq)
+{
+	struct wreplsrv_pull_names_state *state = tevent_req_callback_data(subreq,
+						  struct wreplsrv_pull_names_state);
+	wreplsrv_pull_names_handler(state);
+	return;
+}
+
+static struct composite_context *wreplsrv_pull_names_send(TALLOC_CTX *mem_ctx, struct wreplsrv_pull_names_io *io)
+{
+	struct composite_context *c = NULL;
+	struct wreplsrv_service *service = io->in.partner->service;
+	struct wreplsrv_pull_names_state *state = NULL;
+	enum winsrepl_partner_type partner_type = WINSREPL_PARTNER_PULL;
+
+	if (io->in.wreplconn) partner_type = WINSREPL_PARTNER_NONE;
+
+	c = talloc_zero(mem_ctx, struct composite_context);
+	if (!c) goto failed;
+
+	state = talloc_zero(c, struct wreplsrv_pull_names_state);
+	if (!state) goto failed;
+	state->c	= c;
+	state->io	= io;
+
+	c->state	= COMPOSITE_STATE_IN_PROGRESS;
+	c->event_ctx	= service->task->event_ctx;
+	c->private_data	= state;
+
+	state->stage	= WREPLSRV_PULL_NAMES_STAGE_WAIT_CONNECTION;
+	state->creq	= wreplsrv_out_connect_send(io->in.partner, partner_type, io->in.wreplconn);
+	if (!state->creq) goto failed;
+
+	state->creq->async.fn		= wreplsrv_pull_names_handler_creq;
+	state->creq->async.private_data	= state;
+
+	return c;
+failed:
+	talloc_free(c);
+	return NULL;
+}
+
+static NTSTATUS wreplsrv_pull_names_recv(struct composite_context *c, TALLOC_CTX *mem_ctx,
+					 struct wreplsrv_pull_names_io *io)
+{
+	NTSTATUS status;
+
+	status = composite_wait(c);
+
+	if (NT_STATUS_IS_OK(status)) {
+		struct wreplsrv_pull_names_state *state = talloc_get_type(c->private_data,
+							  struct wreplsrv_pull_names_state);
+		io->out.num_names	= state->pull_io.out.num_names;
+		io->out.names		= talloc_move(mem_ctx, &state->pull_io.out.names);
+	}
+
+	talloc_free(c);
+	return status;
+	
+}
+
+enum wreplsrv_pull_cycle_stage {
+	WREPLSRV_PULL_CYCLE_STAGE_WAIT_TABLE_REPLY,
+	WREPLSRV_PULL_CYCLE_STAGE_WAIT_SEND_REPLIES,
+	WREPLSRV_PULL_CYCLE_STAGE_WAIT_STOP_ASSOC,
+	WREPLSRV_PULL_CYCLE_STAGE_DONE
+};
+
+struct wreplsrv_pull_cycle_state {
+	enum wreplsrv_pull_cycle_stage stage;
+	struct composite_context *c;
+	struct wreplsrv_pull_cycle_io *io;
+	struct wreplsrv_pull_table_io table_io;
+	uint32_t current;
+	struct wreplsrv_pull_names_io names_io;
+	struct composite_context *creq;
+	struct wrepl_associate_stop assoc_stop_io;
+	struct tevent_req *subreq;
+};
+
+static void wreplsrv_pull_cycle_handler_creq(struct composite_context *creq);
+static void wreplsrv_pull_cycle_handler_treq(struct tevent_req *subreq);
+
+static NTSTATUS wreplsrv_pull_cycle_next_owner_do_work(struct wreplsrv_pull_cycle_state *state)
+{
+	struct wreplsrv_owner *current_owner=NULL;
+	struct wreplsrv_owner *local_owner;
+	uint32_t i;
+	uint64_t old_max_version = 0;
+	bool do_pull = false;
+
+	for (i=state->current; i < state->table_io.out.num_owners; i++) {
+		current_owner = wreplsrv_find_owner(state->io->in.partner->service,
+						    state->io->in.partner->pull.table,
+						    state->table_io.out.owners[i].address);
+
+		local_owner = wreplsrv_find_owner(state->io->in.partner->service,
+						  state->io->in.partner->service->table,
+						  state->table_io.out.owners[i].address);
+		/*
+		 * this means we are ourself the current owner,
+		 * and we don't want replicate ourself
+		 */
+		if (!current_owner) continue;
+
+		/*
+		 * this means we don't have any records of this owner
+		 * so fetch them
+		 */
+		if (!local_owner) {
+			do_pull		= true;
+			
+			break;
+		}
+
+		/*
+		 * this means the remote partner has some new records of this owner
+		 * fetch them
+		 */
+		if (current_owner->owner.max_version > local_owner->owner.max_version) {
+			do_pull		= true;
+			old_max_version	= local_owner->owner.max_version;
+			break;
+		}
+	}
+	state->current = i;
+
+	if (do_pull) {
+		state->names_io.in.partner		= state->io->in.partner;
+		state->names_io.in.wreplconn		= state->io->in.wreplconn;
+		state->names_io.in.owner		= current_owner->owner;
+		state->names_io.in.owner.min_version	= old_max_version + 1;
+		state->creq = wreplsrv_pull_names_send(state, &state->names_io);
+		NT_STATUS_HAVE_NO_MEMORY(state->creq);
+
+		state->creq->async.fn		= wreplsrv_pull_cycle_handler_creq;
+		state->creq->async.private_data	= state;
+
+		return STATUS_MORE_ENTRIES;
+	}
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS wreplsrv_pull_cycle_next_owner_wrapper(struct wreplsrv_pull_cycle_state *state)
+{
+	NTSTATUS status;
+
+	status = wreplsrv_pull_cycle_next_owner_do_work(state);
+	if (NT_STATUS_IS_OK(status)) {
+		state->stage = WREPLSRV_PULL_CYCLE_STAGE_DONE;
+	} else if (NT_STATUS_EQUAL(STATUS_MORE_ENTRIES, status)) {
+		state->stage = WREPLSRV_PULL_CYCLE_STAGE_WAIT_SEND_REPLIES;
+		status = NT_STATUS_OK;
+	}
+
+	if (state->stage == WREPLSRV_PULL_CYCLE_STAGE_DONE && state->io->in.wreplconn) {
+		state->assoc_stop_io.in.assoc_ctx	= state->io->in.wreplconn->assoc_ctx.peer_ctx;
+		state->assoc_stop_io.in.reason		= 0;
+		state->subreq = wrepl_associate_stop_send(state,
+							  state->io->in.wreplconn->service->task->event_ctx,
+							  state->io->in.wreplconn->sock,
+							  &state->assoc_stop_io);
+		NT_STATUS_HAVE_NO_MEMORY(state->subreq);
+
+		tevent_req_set_callback(state->subreq,
+					wreplsrv_pull_cycle_handler_treq,
+					state);
+
+		state->stage = WREPLSRV_PULL_CYCLE_STAGE_WAIT_STOP_ASSOC;
+	}
+
+	return status;
+}
+
+static NTSTATUS wreplsrv_pull_cycle_wait_table_reply(struct wreplsrv_pull_cycle_state *state)
+{
+	NTSTATUS status;
+	uint32_t i;
+
+	status = wreplsrv_pull_table_recv(state->creq, state, &state->table_io);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	/* update partner table */
+	for (i=0; i < state->table_io.out.num_owners; i++) {
+		status = wreplsrv_add_table(state->io->in.partner->service,
+					    state->io->in.partner, 
+					    &state->io->in.partner->pull.table,
+					    state->table_io.out.owners[i].address,
+					    state->table_io.out.owners[i].max_version);
+		NT_STATUS_NOT_OK_RETURN(status);
+	}
+
+	status = wreplsrv_pull_cycle_next_owner_wrapper(state);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	return status;
+}
+
+static NTSTATUS wreplsrv_pull_cycle_apply_records(struct wreplsrv_pull_cycle_state *state)
+{
+	NTSTATUS status;
+
+	status = wreplsrv_apply_records(state->io->in.partner,
+					&state->names_io.in.owner,
+					state->names_io.out.num_names,
+					state->names_io.out.names);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	talloc_free(state->names_io.out.names);
+	ZERO_STRUCT(state->names_io);
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS wreplsrv_pull_cycle_wait_send_replies(struct wreplsrv_pull_cycle_state *state)
+{
+	NTSTATUS status;
+
+	status = wreplsrv_pull_names_recv(state->creq, state, &state->names_io);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	/*
+	 * TODO: this should maybe an async call,
+	 *       because we may need some network access
+	 *       for conflict resolving
+	 */
+	status = wreplsrv_pull_cycle_apply_records(state);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	status = wreplsrv_pull_cycle_next_owner_wrapper(state);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	return status;
+}
+
+static NTSTATUS wreplsrv_pull_cycle_wait_stop_assoc(struct wreplsrv_pull_cycle_state *state)
+{
+	NTSTATUS status;
+
+	status = wrepl_associate_stop_recv(state->subreq, &state->assoc_stop_io);
+	TALLOC_FREE(state->subreq);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	state->stage = WREPLSRV_PULL_CYCLE_STAGE_DONE;
+
+	return status;
+}
+
+static void wreplsrv_pull_cycle_handler(struct wreplsrv_pull_cycle_state *state)
+{
+	struct composite_context *c = state->c;
+
+	switch (state->stage) {
+	case WREPLSRV_PULL_CYCLE_STAGE_WAIT_TABLE_REPLY:
+		c->status = wreplsrv_pull_cycle_wait_table_reply(state);
+		break;
+	case WREPLSRV_PULL_CYCLE_STAGE_WAIT_SEND_REPLIES:
+		c->status = wreplsrv_pull_cycle_wait_send_replies(state);
+		break;
+	case WREPLSRV_PULL_CYCLE_STAGE_WAIT_STOP_ASSOC:
+		c->status = wreplsrv_pull_cycle_wait_stop_assoc(state);
+		break;
+	case WREPLSRV_PULL_CYCLE_STAGE_DONE:
+		c->status = NT_STATUS_INTERNAL_ERROR;
+	}
+
+	if (state->stage == WREPLSRV_PULL_CYCLE_STAGE_DONE) {
+		c->state  = COMPOSITE_STATE_DONE;
+	}
+
+	if (!NT_STATUS_IS_OK(c->status)) {
+		c->state = COMPOSITE_STATE_ERROR;
+	}
+
+	if (c->state >= COMPOSITE_STATE_DONE && c->async.fn) {
+		c->async.fn(c);
+	}
+}
+
+static void wreplsrv_pull_cycle_handler_creq(struct composite_context *creq)
+{
+	struct wreplsrv_pull_cycle_state *state = talloc_get_type(creq->async.private_data,
+						  struct wreplsrv_pull_cycle_state);
+	wreplsrv_pull_cycle_handler(state);
+	return;
+}
+
+static void wreplsrv_pull_cycle_handler_treq(struct tevent_req *subreq)
+{
+	struct wreplsrv_pull_cycle_state *state = tevent_req_callback_data(subreq,
+						  struct wreplsrv_pull_cycle_state);
+	wreplsrv_pull_cycle_handler(state);
+	return;
+}
+
+struct composite_context *wreplsrv_pull_cycle_send(TALLOC_CTX *mem_ctx, struct wreplsrv_pull_cycle_io *io)
+{
+	struct composite_context *c = NULL;
+	struct wreplsrv_service *service = io->in.partner->service;
+	struct wreplsrv_pull_cycle_state *state = NULL;
+
+	c = talloc_zero(mem_ctx, struct composite_context);
+	if (!c) goto failed;
+
+	state = talloc_zero(c, struct wreplsrv_pull_cycle_state);
+	if (!state) goto failed;
+	state->c	= c;
+	state->io	= io;
+
+	c->state	= COMPOSITE_STATE_IN_PROGRESS;
+	c->event_ctx	= service->task->event_ctx;
+	c->private_data	= state;
+
+	state->stage	= WREPLSRV_PULL_CYCLE_STAGE_WAIT_TABLE_REPLY;
+	state->table_io.in.partner	= io->in.partner;
+	state->table_io.in.num_owners	= io->in.num_owners;
+	state->table_io.in.owners	= io->in.owners;
+	state->creq = wreplsrv_pull_table_send(state, &state->table_io);
+	if (!state->creq) goto failed;
+
+	state->creq->async.fn		= wreplsrv_pull_cycle_handler_creq;
+	state->creq->async.private_data	= state;
+
+	return c;
+failed:
+	talloc_free(c);
+	return NULL;
+}
+
+NTSTATUS wreplsrv_pull_cycle_recv(struct composite_context *c)
+{
+	NTSTATUS status;
+
+	status = composite_wait(c);
+
+	talloc_free(c);
+	return status;
+}
+
+enum wreplsrv_push_notify_stage {
+	WREPLSRV_PUSH_NOTIFY_STAGE_WAIT_CONNECT,
+	WREPLSRV_PUSH_NOTIFY_STAGE_WAIT_UPDATE,
+	WREPLSRV_PUSH_NOTIFY_STAGE_WAIT_INFORM,
+	WREPLSRV_PUSH_NOTIFY_STAGE_DONE
+};
+
+struct wreplsrv_push_notify_state {
+	enum wreplsrv_push_notify_stage stage;
+	struct composite_context *c;
+	struct wreplsrv_push_notify_io *io;
+	enum wrepl_replication_cmd command;
+	bool full_table;
+	struct wrepl_send_ctrl ctrl;
+	struct wrepl_packet req_packet;
+	struct wrepl_packet *rep_packet;
+	struct composite_context *creq;
+	struct wreplsrv_out_connection *wreplconn;
+	struct tevent_req *subreq;
+};
+
+static void wreplsrv_push_notify_handler_creq(struct composite_context *creq);
+static void wreplsrv_push_notify_handler_treq(struct tevent_req *subreq);
+
+static NTSTATUS wreplsrv_push_notify_update(struct wreplsrv_push_notify_state *state)
+{
+	struct wreplsrv_service *service = state->io->in.partner->service;
+	struct wrepl_packet *req = &state->req_packet;
+	struct wrepl_replication *repl_out = &state->req_packet.message.replication;
+	struct wrepl_table *table_out = &state->req_packet.message.replication.info.table;
+	NTSTATUS status;
+
+	/* prepare the outgoing request */
+	req->opcode	= WREPL_OPCODE_BITS;
+	req->assoc_ctx	= state->wreplconn->assoc_ctx.peer_ctx;
+	req->mess_type	= WREPL_REPLICATION;
+
+	repl_out->command = state->command;
+
+	status = wreplsrv_fill_wrepl_table(service, state, table_out,
+					   service->wins_db->local_owner, state->full_table);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	/* queue the request */
+	state->subreq = wrepl_request_send(state,
+					   state->wreplconn->service->task->event_ctx,
+					   state->wreplconn->sock, req, NULL);
+	NT_STATUS_HAVE_NO_MEMORY(state->subreq);
+
+	tevent_req_set_callback(state->subreq,
+				wreplsrv_push_notify_handler_treq,
+				state);
+
+	state->stage = WREPLSRV_PUSH_NOTIFY_STAGE_WAIT_UPDATE;
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS wreplsrv_push_notify_inform(struct wreplsrv_push_notify_state *state)
+{
+	struct wreplsrv_service *service = state->io->in.partner->service;
+	struct wrepl_packet *req = &state->req_packet;
+	struct wrepl_replication *repl_out = &state->req_packet.message.replication;
+	struct wrepl_table *table_out = &state->req_packet.message.replication.info.table;
+	NTSTATUS status;
+
+	req->opcode	= WREPL_OPCODE_BITS;
+	req->assoc_ctx	= state->wreplconn->assoc_ctx.peer_ctx;
+	req->mess_type	= WREPL_REPLICATION;
+
+	repl_out->command = state->command;
+
+	status = wreplsrv_fill_wrepl_table(service, state, table_out,
+					   service->wins_db->local_owner, state->full_table);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	/* we won't get a reply to a inform message */
+	state->ctrl.send_only		= true;
+
+	state->subreq = wrepl_request_send(state,
+					   state->wreplconn->service->task->event_ctx,
+					   state->wreplconn->sock, req, &state->ctrl);
+	NT_STATUS_HAVE_NO_MEMORY(state->subreq);
+
+	tevent_req_set_callback(state->subreq,
+				wreplsrv_push_notify_handler_treq,
+				state);
+
+	state->stage = WREPLSRV_PUSH_NOTIFY_STAGE_WAIT_INFORM;
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS wreplsrv_push_notify_wait_connect(struct wreplsrv_push_notify_state *state)
+{
+	NTSTATUS status;
+
+	status = wreplsrv_out_connect_recv(state->creq, state, &state->wreplconn);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	/* is the peer doesn't support inform fallback to update */
+	switch (state->command) {
+	case WREPL_REPL_INFORM:
+		if (state->wreplconn->assoc_ctx.peer_major < 5) {
+			state->command = WREPL_REPL_UPDATE;
+		}
+		break;
+	case WREPL_REPL_INFORM2:
+		if (state->wreplconn->assoc_ctx.peer_major < 5) {
+			state->command = WREPL_REPL_UPDATE2;
+		}
+		break;
+	default:
+		break;
+	}
+
+	switch (state->command) {
+	case WREPL_REPL_UPDATE:
+		state->full_table = true;
+		return wreplsrv_push_notify_update(state);
+	case WREPL_REPL_UPDATE2:
+		state->full_table = false;
+		return wreplsrv_push_notify_update(state);
+	case WREPL_REPL_INFORM:
+		state->full_table = true;
+		return wreplsrv_push_notify_inform(state);
+	case WREPL_REPL_INFORM2:
+		state->full_table = false;
+		return wreplsrv_push_notify_inform(state);
+	default:
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+}
+
+static NTSTATUS wreplsrv_push_notify_wait_update(struct wreplsrv_push_notify_state *state)
+{
+	struct wreplsrv_in_connection *wrepl_in;
+	struct tstream_context *stream;
+	void *process_context = NULL;
+	NTSTATUS status;
+
+	status = wrepl_request_recv(state->subreq, state, NULL);
+	TALLOC_FREE(state->subreq);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	/*
+	 * now we need to convert the wrepl_socket (client connection)
+	 * into a wreplsrv_in_connection (server connection), because
+	 * we'll act as a server on this connection after the WREPL_REPL_UPDATE*
+	 * message is received by the peer.
+	 */
+
+	status = wrepl_socket_split_stream(state->wreplconn->sock, state, &stream);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	/*
+	 * now create a wreplsrv_in_connection,
+	 * on which we act as server
+	 *
+	 * NOTE: stream will be stolen by
+	 *       wreplsrv_in_connection_merge()
+	 */
+	process_context = state->io->in.partner->service->task->process_context;
+	status = wreplsrv_in_connection_merge(state->io->in.partner,
+					      state->wreplconn->assoc_ctx.peer_ctx,
+					      &stream,
+					      &wrepl_in, process_context);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	/* now we can free the wreplsrv_out_connection */
+	TALLOC_FREE(state->wreplconn);
+
+	state->stage = WREPLSRV_PUSH_NOTIFY_STAGE_DONE;
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS wreplsrv_push_notify_wait_inform(struct wreplsrv_push_notify_state *state)
+{
+	NTSTATUS status;
+
+	status = wrepl_request_recv(state->subreq, state, NULL);
+	TALLOC_FREE(state->subreq);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	state->stage = WREPLSRV_PUSH_NOTIFY_STAGE_DONE;
+	return status;
+}
+
+static void wreplsrv_push_notify_handler(struct wreplsrv_push_notify_state *state)
+{
+	struct composite_context *c = state->c;
+
+	switch (state->stage) {
+	case WREPLSRV_PUSH_NOTIFY_STAGE_WAIT_CONNECT:
+		c->status = wreplsrv_push_notify_wait_connect(state);
+		break;
+	case WREPLSRV_PUSH_NOTIFY_STAGE_WAIT_UPDATE:
+		c->status = wreplsrv_push_notify_wait_update(state);
+		break;
+	case WREPLSRV_PUSH_NOTIFY_STAGE_WAIT_INFORM:
+		c->status = wreplsrv_push_notify_wait_inform(state);
+		break;
+	case WREPLSRV_PUSH_NOTIFY_STAGE_DONE:
+		c->status = NT_STATUS_INTERNAL_ERROR;
+	}
+
+	if (state->stage == WREPLSRV_PUSH_NOTIFY_STAGE_DONE) {
+		c->state  = COMPOSITE_STATE_DONE;
+	}
+
+	if (!NT_STATUS_IS_OK(c->status)) {
+		c->state = COMPOSITE_STATE_ERROR;
+	}
+
+	if (c->state >= COMPOSITE_STATE_DONE && c->async.fn) {
+		c->async.fn(c);
+	}
+}
+
+static void wreplsrv_push_notify_handler_creq(struct composite_context *creq)
+{
+	struct wreplsrv_push_notify_state *state = talloc_get_type(creq->async.private_data,
+						   struct wreplsrv_push_notify_state);
+	wreplsrv_push_notify_handler(state);
+	return;
+}
+
+static void wreplsrv_push_notify_handler_treq(struct tevent_req *subreq)
+{
+	struct wreplsrv_push_notify_state *state = tevent_req_callback_data(subreq,
+						   struct wreplsrv_push_notify_state);
+	wreplsrv_push_notify_handler(state);
+	return;
+}
+
+struct composite_context *wreplsrv_push_notify_send(TALLOC_CTX *mem_ctx, struct wreplsrv_push_notify_io *io)
+{
+	struct composite_context *c = NULL;
+	struct wreplsrv_service *service = io->in.partner->service;
+	struct wreplsrv_push_notify_state *state = NULL;
+	enum winsrepl_partner_type partner_type;
+
+	c = talloc_zero(mem_ctx, struct composite_context);
+	if (!c) goto failed;
+
+	state = talloc_zero(c, struct wreplsrv_push_notify_state);
+	if (!state) goto failed;
+	state->c	= c;
+	state->io	= io;
+
+	if (io->in.inform) {
+		/* we can cache the connection in partner->push->wreplconn */
+		partner_type = WINSREPL_PARTNER_PUSH;
+		if (io->in.propagate) {
+			state->command	= WREPL_REPL_INFORM2;
+		} else {
+			state->command	= WREPL_REPL_INFORM;
+		}
+	} else {
+		/* we can NOT cache the connection */
+		partner_type = WINSREPL_PARTNER_NONE;
+		if (io->in.propagate) {
+			state->command	= WREPL_REPL_UPDATE2;
+		} else {
+			state->command	= WREPL_REPL_UPDATE;
+		}	
+	}
+
+	c->state	= COMPOSITE_STATE_IN_PROGRESS;
+	c->event_ctx	= service->task->event_ctx;
+	c->private_data	= state;
+
+	state->stage	= WREPLSRV_PUSH_NOTIFY_STAGE_WAIT_CONNECT;
+	state->creq	= wreplsrv_out_connect_send(io->in.partner, partner_type, NULL);
+	if (!state->creq) goto failed;
+
+	state->creq->async.fn		= wreplsrv_push_notify_handler_creq;
+	state->creq->async.private_data	= state;
+
+	return c;
+failed:
+	talloc_free(c);
+	return NULL;
+}
+
+NTSTATUS wreplsrv_push_notify_recv(struct composite_context *c)
+{
+	NTSTATUS status;
+
+	status = composite_wait(c);
+
+	talloc_free(c);
+	return status;
+}
diff --git a/source4/wrepl_server/wrepl_out_helpers.h b/source4/wrepl_server/wrepl_out_helpers.h
new file mode 100644
index 0000000..92bbe56
--- /dev/null
+++ b/source4/wrepl_server/wrepl_out_helpers.h
@@ -0,0 +1,37 @@
+/* 
+   Unix SMB/CIFS implementation.
+   
+   WINS Replication server
+   
+   Copyright (C) Stefan Metzmacher	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+struct wreplsrv_pull_cycle_io {
+	struct {
+		struct wreplsrv_partner *partner;
+		uint32_t num_owners;
+		struct wrepl_wins_owner *owners;
+		struct wreplsrv_out_connection *wreplconn;
+	} in;
+};
+
+struct wreplsrv_push_notify_io {
+	struct {
+		struct wreplsrv_partner *partner;
+		bool inform;
+		bool propagate;
+	} in;
+};
diff --git a/source4/wrepl_server/wrepl_out_pull.c b/source4/wrepl_server/wrepl_out_pull.c
new file mode 100644
index 0000000..557c553
--- /dev/null
+++ b/source4/wrepl_server/wrepl_out_pull.c
@@ -0,0 +1,142 @@
+/* 
+   Unix SMB/CIFS implementation.
+   
+   WINS Replication server
+   
+   Copyright (C) Stefan Metzmacher	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/winsrepl.h"
+#include "wrepl_server/wrepl_server.h"
+#include "libcli/composite/composite.h"
+
+static void wreplsrv_out_pull_reschedule(struct wreplsrv_partner *partner, uint32_t interval)
+{
+	NTSTATUS status;
+
+	partner->pull.next_run = timeval_current_ofs(interval, 0);
+	status = wreplsrv_periodic_schedule(partner->service, interval);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("wreplsrv_periodic_schedule() failed\n"));
+	}
+}
+
+static void wreplsrv_pull_handler_creq(struct composite_context *creq)
+{
+	struct wreplsrv_partner *partner = talloc_get_type(creq->async.private_data, struct wreplsrv_partner);
+	struct wreplsrv_pull_cycle_io *old_cycle_io;
+	struct wrepl_table inform_in;
+
+	partner->pull.last_status = wreplsrv_pull_cycle_recv(partner->pull.creq);
+	partner->pull.creq = NULL;
+
+	old_cycle_io = partner->pull.cycle_io;
+	partner->pull.cycle_io = NULL;
+
+	if (NT_STATUS_IS_OK(partner->pull.last_status)) {
+		partner->pull.error_count = 0;
+		DEBUG(1,("wreplsrv_pull_cycle(%s): %s\n",
+			 partner->address, nt_errstr(partner->pull.last_status)));
+		goto done;
+	}
+
+	partner->pull.error_count++;
+
+	if (partner->pull.error_count > 1) {
+		uint32_t retry_interval;
+
+		retry_interval = partner->pull.error_count * partner->pull.retry_interval;
+		retry_interval = MIN(retry_interval, partner->pull.interval);
+
+		DEBUG(0,("wreplsrv_pull_cycle(%s): %s: error_count: %u: reschedule(%u)\n",
+			 partner->address, nt_errstr(partner->pull.last_status),
+			 partner->pull.error_count, retry_interval));
+
+		wreplsrv_out_pull_reschedule(partner, retry_interval);
+		goto done;
+	}
+
+	DEBUG(0,("wreplsrv_pull_cycle(%s): %s: error_count:%u retry\n",
+		 partner->address, nt_errstr(partner->pull.last_status),
+		 partner->pull.error_count));
+	inform_in.partner_count = old_cycle_io->in.num_owners;
+	inform_in.partners	= old_cycle_io->in.owners;
+	wreplsrv_out_partner_pull(partner, &inform_in);
+done:
+	talloc_free(old_cycle_io);
+}
+
+void wreplsrv_out_partner_pull(struct wreplsrv_partner *partner, struct wrepl_table *inform_in)
+{
+	/* there's already a pull in progress, so we're done */
+	if (partner->pull.creq) return;
+
+	partner->pull.cycle_io = talloc(partner, struct wreplsrv_pull_cycle_io);
+	if (!partner->pull.cycle_io) {
+		goto nomem;
+	}
+
+	partner->pull.cycle_io->in.partner	= partner;
+	partner->pull.cycle_io->in.wreplconn	= NULL;
+	if (inform_in) {
+		partner->pull.cycle_io->in.num_owners	= inform_in->partner_count;
+		partner->pull.cycle_io->in.owners	= inform_in->partners;
+		talloc_steal(partner->pull.cycle_io, inform_in->partners);
+	} else {
+		partner->pull.cycle_io->in.num_owners	= 0;
+		partner->pull.cycle_io->in.owners	= NULL;
+	}
+	partner->pull.creq = wreplsrv_pull_cycle_send(partner->pull.cycle_io, partner->pull.cycle_io);
+	if (!partner->pull.creq) {
+		DEBUG(1,("wreplsrv_pull_cycle_send(%s) failed\n",
+			 partner->address));
+		goto nomem;
+	}
+
+	partner->pull.creq->async.fn		= wreplsrv_pull_handler_creq;
+	partner->pull.creq->async.private_data	= partner;
+
+	return;
+nomem:
+	talloc_free(partner->pull.cycle_io);
+	partner->pull.cycle_io = NULL;
+	DEBUG(0,("wreplsrv_out_partner_pull(%s): no memory? (ignoring)\n",
+		partner->address));
+	return;
+}
+
+NTSTATUS wreplsrv_out_pull_run(struct wreplsrv_service *service)
+{
+	struct wreplsrv_partner *partner;
+
+	for (partner = service->partners; partner; partner = partner->next) {
+		/* if it's not a pull partner, go to the next partner */
+		if (!(partner->type & WINSREPL_PARTNER_PULL)) continue;
+
+		/* if pulling is disabled for the partner, go to the next one */
+		if (partner->pull.interval == 0) continue;
+
+		/* if the next timer isn't reached, go to the next partner */
+		if (!timeval_expired(&partner->pull.next_run)) continue;
+
+		wreplsrv_out_pull_reschedule(partner, partner->pull.interval);
+
+		wreplsrv_out_partner_pull(partner, NULL);
+	}
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/wrepl_server/wrepl_out_push.c b/source4/wrepl_server/wrepl_out_push.c
new file mode 100644
index 0000000..8f0c409
--- /dev/null
+++ b/source4/wrepl_server/wrepl_out_push.c
@@ -0,0 +1,144 @@
+/* 
+   Unix SMB/CIFS implementation.
+   
+   WINS Replication server
+   
+   Copyright (C) Stefan Metzmacher	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/winsrepl.h"
+#include "wrepl_server/wrepl_server.h"
+#include "libcli/composite/composite.h"
+#include "nbt_server/wins/winsdb.h"
+
+static void wreplsrv_out_partner_push(struct wreplsrv_partner *partner, bool propagate);
+
+static void wreplsrv_push_handler_creq(struct composite_context *creq)
+{
+	struct wreplsrv_partner *partner = talloc_get_type(creq->async.private_data, struct wreplsrv_partner);
+	struct wreplsrv_push_notify_io *old_notify_io;
+
+	partner->push.last_status = wreplsrv_push_notify_recv(partner->push.creq);
+	partner->push.creq = NULL;
+
+	old_notify_io = partner->push.notify_io;
+	partner->push.notify_io = NULL;
+
+	if (NT_STATUS_IS_OK(partner->push.last_status)) {
+		partner->push.error_count = 0;
+		DEBUG(2,("wreplsrv_push_notify(%s): %s\n",
+			 partner->address, nt_errstr(partner->push.last_status)));
+		goto done;
+	}
+
+	partner->push.error_count++;
+
+	if (partner->push.error_count > 1) {
+		DEBUG(1,("wreplsrv_push_notify(%s): %s: error_count: %u: giving up\n",
+			 partner->address, nt_errstr(partner->push.last_status),
+			 partner->push.error_count));
+		goto done;
+	}
+
+	DEBUG(1,("wreplsrv_push_notify(%s): %s: error_count: %u: retry\n",
+		 partner->address, nt_errstr(partner->push.last_status),
+		 partner->push.error_count));
+	wreplsrv_out_partner_push(partner, old_notify_io->in.propagate);
+done:
+	talloc_free(old_notify_io);
+}
+
+static void wreplsrv_out_partner_push(struct wreplsrv_partner *partner, bool propagate)
+{
+	/* a push for this partner is currently in progress, so we're done */
+	if (partner->push.creq) return;
+
+	/* now prepare the push notify */
+	partner->push.notify_io = talloc(partner, struct wreplsrv_push_notify_io);
+	if (!partner->push.notify_io) {
+		goto nomem;
+	}
+
+	partner->push.notify_io->in.partner	= partner;
+	partner->push.notify_io->in.inform	= partner->push.use_inform;
+	partner->push.notify_io->in.propagate	= propagate;
+	partner->push.creq = wreplsrv_push_notify_send(partner->push.notify_io, partner->push.notify_io);
+	if (!partner->push.creq) {
+		DEBUG(1,("wreplsrv_push_notify_send(%s) failed nomem?\n",
+			 partner->address));
+		goto nomem;
+	}
+
+	partner->push.creq->async.fn		= wreplsrv_push_handler_creq;
+	partner->push.creq->async.private_data	= partner;
+
+	return;
+nomem:
+	talloc_free(partner->push.notify_io);
+	partner->push.notify_io = NULL;
+	DEBUG(1,("wreplsrv_out_partner_push(%s,%u) failed nomem? (ignoring)\n",
+		 partner->address, propagate));
+	return;
+}
+
+static uint32_t wreplsrv_calc_change_count(struct wreplsrv_partner *partner, uint64_t maxVersionID)
+{
+	uint64_t tmp_diff = UINT32_MAX;
+
+	/* catch an overflow */
+	if (partner->push.maxVersionID > maxVersionID) {
+		goto done;
+	}
+
+	tmp_diff = maxVersionID - partner->push.maxVersionID;
+
+	if (tmp_diff > UINT32_MAX) {
+		tmp_diff = UINT32_MAX;
+		goto done;
+	}
+
+done:
+	partner->push.maxVersionID = maxVersionID;
+	return (uint32_t)(tmp_diff & UINT32_MAX);
+}
+
+NTSTATUS wreplsrv_out_push_run(struct wreplsrv_service *service)
+{
+	struct wreplsrv_partner *partner;
+	uint64_t seqnumber;
+	uint32_t change_count;
+
+	seqnumber = winsdb_get_maxVersion(service->wins_db);
+
+	for (partner = service->partners; partner; partner = partner->next) {
+		/* if it's not a push partner, go to the next partner */
+		if (!(partner->type & WINSREPL_PARTNER_PUSH)) continue;
+
+		/* if push notifies are disabled for this partner, go to the next partner */
+		if (partner->push.change_count == 0) continue;
+
+		/* get the actual change count for the partner */
+		change_count = wreplsrv_calc_change_count(partner, seqnumber);
+
+		/* if the configured change count isn't reached, go to the next partner */
+		if (change_count < partner->push.change_count) continue;
+
+		wreplsrv_out_partner_push(partner, false);
+	}
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/wrepl_server/wrepl_periodic.c b/source4/wrepl_server/wrepl_periodic.c
new file mode 100644
index 0000000..8cbf6fb
--- /dev/null
+++ b/source4/wrepl_server/wrepl_periodic.c
@@ -0,0 +1,118 @@
+/* 
+   Unix SMB/CIFS implementation.
+   
+   WINS Replication server
+   
+   Copyright (C) Stefan Metzmacher	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include "samba/service_task.h"
+#include "samba/service.h"
+#include "librpc/gen_ndr/winsrepl.h"
+#include "wrepl_server/wrepl_server.h"
+
+static NTSTATUS wreplsrv_periodic_run(struct wreplsrv_service *service)
+{
+	NTSTATUS status;
+
+	status = wreplsrv_load_partners(service);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	status = wreplsrv_scavenging_run(service);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	status = wreplsrv_out_pull_run(service);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	status = wreplsrv_out_push_run(service);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	return NT_STATUS_OK;
+}
+
+static void wreplsrv_periodic_handler_te(struct tevent_context *ev, struct tevent_timer *te,
+					 struct timeval t, void *ptr)
+{
+	struct wreplsrv_service *service = talloc_get_type(ptr, struct wreplsrv_service);
+	NTSTATUS status;
+
+	service->periodic.te = NULL;
+
+	status = wreplsrv_periodic_schedule(service, service->config.periodic_interval);
+	if (!NT_STATUS_IS_OK(status)) {
+		task_server_terminate(service->task, nt_errstr(status), false);
+		return;
+	}
+
+	status = wreplsrv_periodic_run(service);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("wresrv_periodic_run() failed: %s\n", nt_errstr(status)));
+	}
+}
+
+NTSTATUS wreplsrv_periodic_schedule(struct wreplsrv_service *service, uint32_t next_interval)
+{
+	TALLOC_CTX *tmp_mem;
+	struct tevent_timer *new_te;
+	struct timeval next_time;
+
+	/* prevent looping */
+	if (next_interval == 0) next_interval = 1;
+
+	next_time = timeval_current_ofs(next_interval, 5000);
+
+	if (service->periodic.te) {
+		/*
+		 * if the timestamp of the new event is higher,
+		 * as current next we don't need to reschedule
+		 */
+		if (timeval_compare(&next_time, &service->periodic.next_event) > 0) {
+			return NT_STATUS_OK;
+		}
+	}
+
+	/* reset the next scheduled timestamp */
+	service->periodic.next_event = next_time;
+
+	new_te = tevent_add_timer(service->task->event_ctx, service,
+			         service->periodic.next_event,
+			         wreplsrv_periodic_handler_te, service);
+	NT_STATUS_HAVE_NO_MEMORY(new_te);
+
+	tmp_mem = talloc_new(service);
+	DEBUG(6,("wreplsrv_periodic_schedule(%u) %sscheduled for: %s\n",
+		next_interval,
+		(service->periodic.te?"re":""),
+		nt_time_string(tmp_mem, timeval_to_nttime(&next_time))));
+	talloc_free(tmp_mem);
+
+	talloc_free(service->periodic.te);
+	service->periodic.te = new_te;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS wreplsrv_setup_periodic(struct wreplsrv_service *service)
+{
+	NTSTATUS status;
+
+	status = wreplsrv_periodic_schedule(service, 0);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/wrepl_server/wrepl_scavenging.c b/source4/wrepl_server/wrepl_scavenging.c
new file mode 100644
index 0000000..05a0218
--- /dev/null
+++ b/source4/wrepl_server/wrepl_scavenging.c
@@ -0,0 +1,570 @@
+/* 
+   Unix SMB/CIFS implementation.
+   
+   WINS Replication server
+   
+   Copyright (C) Stefan Metzmacher	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_winsrepl.h"
+#include "wrepl_server/wrepl_server.h"
+#include "nbt_server/wins/winsdb.h"
+#include <ldb.h>
+#include <ldb_errors.h>
+#include "system/time.h"
+#include "samba/service_task.h"
+#include "lib/messaging/irpc.h"
+#include "librpc/gen_ndr/ndr_irpc_c.h"
+#include "librpc/gen_ndr/ndr_nbt.h"
+#include "param/param.h"
+
+const char *wreplsrv_owner_filter(struct wreplsrv_service *service,
+				  TALLOC_CTX *mem_ctx,
+				  const char *wins_owner)
+{
+	if (strcmp(wins_owner, service->wins_db->local_owner) == 0) {
+		return talloc_asprintf(mem_ctx, "(|(winsOwner=%s)(winsOwner=0.0.0.0))",
+				       wins_owner);
+	}
+
+	return talloc_asprintf(mem_ctx, "(&(winsOwner=%s)(!(winsOwner=0.0.0.0)))",
+			       wins_owner);
+}
+
+static NTSTATUS wreplsrv_scavenging_owned_records(struct wreplsrv_service *service, TALLOC_CTX *tmp_mem)
+{
+	NTSTATUS status;
+	struct winsdb_record *rec = NULL;
+	struct ldb_result *res = NULL;
+	const char *owner_filter;
+	const char *filter;
+	unsigned int i;
+	int ret;
+	time_t now = time(NULL);
+	const char *now_timestr;
+	const char *action;
+	const char *old_state=NULL;
+	const char *new_state=NULL;
+	uint32_t modify_flags;
+	bool modify_record;
+	bool delete_record;
+	bool delete_tombstones;
+	struct timeval tombstone_extra_time;
+	const char *local_owner = service->wins_db->local_owner;
+	bool propagate = lpcfg_parm_bool(service->task->lp_ctx, NULL, "wreplsrv", "propagate name releases", false);
+
+	now_timestr = ldb_timestring(tmp_mem, now);
+	NT_STATUS_HAVE_NO_MEMORY(now_timestr);
+	owner_filter = wreplsrv_owner_filter(service, tmp_mem, local_owner);
+	NT_STATUS_HAVE_NO_MEMORY(owner_filter);
+	filter = talloc_asprintf(tmp_mem,
+				 "(&%s(objectClass=winsRecord)"
+				 "(expireTime<=%s))",
+				 owner_filter, now_timestr);
+	NT_STATUS_HAVE_NO_MEMORY(filter);
+	ret = ldb_search(service->wins_db->ldb, tmp_mem, &res, NULL, LDB_SCOPE_SUBTREE, NULL, "%s", filter);
+	if (ret != LDB_SUCCESS) return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	DEBUG(10,("WINS scavenging: filter '%s' count %d\n", filter, res->count));
+
+	tombstone_extra_time = timeval_add(&service->startup_time,
+					   service->config.tombstone_extra_timeout,
+					   0);
+	delete_tombstones = timeval_expired(&tombstone_extra_time);
+
+	for (i=0; i < res->count; i++) {
+		bool has_replicas = false;
+
+		/*
+		 * we pass '0' as 'now' here,
+		 * because we want to get the raw timestamps which are in the DB
+		 */
+		status = winsdb_record(service->wins_db, res->msgs[i], tmp_mem, 0, &rec);
+		NT_STATUS_NOT_OK_RETURN(status);
+		talloc_free(res->msgs[i]);
+
+		modify_flags	= 0;
+		modify_record	= false;
+		delete_record	= false;
+
+		switch (rec->state) {
+		case WREPL_STATE_ACTIVE:
+			old_state	= "active";
+			if (rec->is_static) {
+				/*
+				 *we store it again, so that it won't appear
+				 * in the scavenging the next time
+				 */
+				old_state	= "active(static)";
+				new_state	= "active(static)";
+				modify_flags	= 0;
+				modify_record	= true;
+				break;
+			}
+			if (rec->type != WREPL_TYPE_SGROUP || !propagate) {
+				new_state	= "released";
+				rec->state	= WREPL_STATE_RELEASED;
+				rec->expire_time= service->config.tombstone_interval + now;
+				modify_flags	= 0;
+				modify_record	= true;
+				break;
+			}
+			/* check if there's any replica address */
+			for (i=0;rec->addresses[i];i++) {
+				if (strcmp(rec->addresses[i]->wins_owner, local_owner) != 0) {
+					has_replicas = true;
+					rec->addresses[i]->expire_time= service->config.renew_interval + now;
+				}
+			}
+			if (has_replicas) {
+				/* if it has replica addresses propagate them */
+				new_state	= "active(propagated)";
+				rec->state	= WREPL_STATE_ACTIVE;
+				rec->expire_time= service->config.renew_interval + now;
+				modify_flags	= WINSDB_FLAG_ALLOC_VERSION | WINSDB_FLAG_TAKE_OWNERSHIP;
+				modify_record	= true;
+				break;
+			}
+			/*
+			 * if it doesn't have replica addresses, make it a tombstone,
+			 * so that the released owned addresses are propagated
+			 */
+			new_state	= "tombstone";
+			rec->state	= WREPL_STATE_TOMBSTONE;
+			rec->expire_time= time(NULL) +
+					  service->config.tombstone_interval +
+					  service->config.tombstone_timeout;
+			modify_flags	= WINSDB_FLAG_ALLOC_VERSION | WINSDB_FLAG_TAKE_OWNERSHIP;
+			modify_record	= true;
+			break;
+
+		case WREPL_STATE_RELEASED:
+			old_state	= "released";
+			new_state	= "tombstone";
+			rec->state	= WREPL_STATE_TOMBSTONE;
+			rec->expire_time= service->config.tombstone_timeout + now;
+			modify_flags	= WINSDB_FLAG_ALLOC_VERSION | WINSDB_FLAG_TAKE_OWNERSHIP;
+			modify_record	= true;
+			break;
+
+		case WREPL_STATE_TOMBSTONE:
+			old_state	= "tombstone";
+			new_state	= "tombstone";
+			if (!delete_tombstones) break;
+			new_state	= "deleted";
+			delete_record = true;
+			break;
+
+		case WREPL_STATE_RESERVED:
+			DEBUG(0,("%s: corrupted record: %s\n",
+				__location__, nbt_name_string(rec, rec->name)));
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+
+		if (modify_record) {
+			action = "modify";
+			ret = winsdb_modify(service->wins_db, rec, modify_flags);
+		} else if (delete_record) {
+			action = "delete";
+			ret = winsdb_delete(service->wins_db, rec);
+		} else {
+			action = "skip";
+			ret = NBT_RCODE_OK;
+		}
+
+		if (ret != NBT_RCODE_OK) {
+			DEBUG(2,("WINS scavenging: failed to %s name %s (owned:%s -> owned:%s): error:%u\n",
+				action, nbt_name_string(rec, rec->name), old_state, new_state, ret));
+		} else {
+			DEBUG(4,("WINS scavenging: %s name: %s (owned:%s -> owned:%s)\n",
+				action, nbt_name_string(rec, rec->name), old_state, new_state));
+		}
+
+		talloc_free(rec);
+	}
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS wreplsrv_scavenging_replica_non_active_records(struct wreplsrv_service *service, TALLOC_CTX *tmp_mem)
+{
+	NTSTATUS status;
+	struct winsdb_record *rec = NULL;
+	struct ldb_result *res = NULL;
+	const char *owner_filter;
+	const char *filter;
+	unsigned int i;
+	int ret;
+	time_t now = time(NULL);
+	const char *now_timestr;
+	const char *action;
+	const char *old_state=NULL;
+	const char *new_state=NULL;
+	uint32_t modify_flags;
+	bool modify_record;
+	bool delete_record;
+	bool delete_tombstones;
+	struct timeval tombstone_extra_time;
+
+	now_timestr = ldb_timestring(tmp_mem, now);
+	NT_STATUS_HAVE_NO_MEMORY(now_timestr);
+	owner_filter = wreplsrv_owner_filter(service, tmp_mem,
+					     service->wins_db->local_owner);
+	NT_STATUS_HAVE_NO_MEMORY(owner_filter);
+	filter = talloc_asprintf(tmp_mem,
+				 "(&(!%s)(objectClass=winsRecord)"
+				 "(!(recordState=%u))(expireTime<=%s))",
+				 owner_filter, WREPL_STATE_ACTIVE, now_timestr);
+	NT_STATUS_HAVE_NO_MEMORY(filter);
+	ret = ldb_search(service->wins_db->ldb, tmp_mem, &res, NULL, LDB_SCOPE_SUBTREE, NULL, "%s", filter);
+	if (ret != LDB_SUCCESS) return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	DEBUG(10,("WINS scavenging: filter '%s' count %d\n", filter, res->count));
+
+	tombstone_extra_time = timeval_add(&service->startup_time,
+					   service->config.tombstone_extra_timeout,
+					   0);
+	delete_tombstones = timeval_expired(&tombstone_extra_time);
+
+	for (i=0; i < res->count; i++) {
+		/*
+		 * we pass '0' as 'now' here,
+		 * because we want to get the raw timestamps which are in the DB
+		 */
+		status = winsdb_record(service->wins_db, res->msgs[i], tmp_mem, 0, &rec);
+		NT_STATUS_NOT_OK_RETURN(status);
+		talloc_free(res->msgs[i]);
+
+		modify_flags	= 0;
+		modify_record	= false;
+		delete_record	= false;
+
+		switch (rec->state) {
+		case WREPL_STATE_ACTIVE:
+			DEBUG(0,("%s: corrupted record: %s\n",
+				__location__, nbt_name_string(rec, rec->name)));
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+
+		case WREPL_STATE_RELEASED:
+			old_state	= "released";
+			new_state	= "tombstone";
+			rec->state	= WREPL_STATE_TOMBSTONE;
+			rec->expire_time= service->config.tombstone_timeout + now;
+			modify_flags	= 0;
+			modify_record	= true;
+			break;
+
+		case WREPL_STATE_TOMBSTONE:
+			old_state	= "tombstone";
+			new_state	= "tombstone";
+			if (!delete_tombstones) break;
+			new_state	= "deleted";
+			delete_record = true;
+			break;
+
+		case WREPL_STATE_RESERVED:
+			DEBUG(0,("%s: corrupted record: %s\n",
+				__location__, nbt_name_string(rec, rec->name)));
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+
+		if (modify_record) {
+			action = "modify";
+			ret = winsdb_modify(service->wins_db, rec, modify_flags);
+		} else if (delete_record) {
+			action = "delete";
+			ret = winsdb_delete(service->wins_db, rec);
+		} else {
+			action = "skip";
+			ret = NBT_RCODE_OK;
+		}
+
+		if (ret != NBT_RCODE_OK) {
+			DEBUG(2,("WINS scavenging: failed to %s name %s (replica:%s -> replica:%s): error:%u\n",
+				action, nbt_name_string(rec, rec->name), old_state, new_state, ret));
+		} else {
+			DEBUG(4,("WINS scavenging: %s name: %s (replica:%s -> replica:%s)\n",
+				action, nbt_name_string(rec, rec->name), old_state, new_state));
+		}
+
+		talloc_free(rec);
+	}
+
+	return NT_STATUS_OK;
+}
+
+struct verify_state {
+	struct imessaging_context *msg_ctx;
+	struct wreplsrv_service *service;
+	struct winsdb_record *rec;
+	struct nbtd_proxy_wins_challenge r;
+};
+
+static void verify_handler(struct tevent_req *subreq)
+{
+	struct verify_state *s =
+		tevent_req_callback_data(subreq,
+		struct verify_state);
+	struct winsdb_record *rec = s->rec;
+	const char *action;
+	const char *old_state = "active";
+	const char *new_state = "active";
+	const char *new_owner = "replica";
+	uint32_t modify_flags = 0;
+	bool modify_record = false;
+	bool delete_record = false;
+	bool different = false;
+	int ret;
+	NTSTATUS status;
+	uint32_t i, j;
+
+	/*
+	 * - if the name isn't present anymore remove our record
+	 * - if the name is found and not a normal group check if the addresses match,
+	 *   - if they don't match remove the record
+	 *   - if they match do nothing
+	 * - if an error happens do nothing
+	 */
+	status = dcerpc_nbtd_proxy_wins_challenge_r_recv(subreq, s);
+	TALLOC_FREE(subreq);
+	if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_NOT_FOUND, status)) {
+		delete_record = true;
+		new_state = "deleted";
+	} else if (NT_STATUS_IS_OK(status) && rec->type != WREPL_TYPE_GROUP) {
+		for (i=0; i < s->r.out.num_addrs; i++) {
+			bool found = false;
+			for (j=0; rec->addresses[j]; j++) {
+				if (strcmp(s->r.out.addrs[i].addr, rec->addresses[j]->address) == 0) {
+					found = true;
+					break;
+				}
+			}
+			if (!found) {
+				different = true;
+				break;
+			}
+		}
+	} else if (NT_STATUS_IS_OK(status) && rec->type == WREPL_TYPE_GROUP) {
+		if (s->r.out.num_addrs != 1 || strcmp(s->r.out.addrs[0].addr, "255.255.255.255") != 0) {
+			different = true;
+		}
+	}
+
+	if (different) {
+		/*
+		 * if the reply from the owning wins server has different addresses
+		 * then take the ownership of the record and make it a tombstone
+		 * this will then hopefully replicated to the original owner of the record
+		 * which will then propagate it's own record, so that the current record will
+		 * be replicated to to us
+		 */
+		DEBUG(2,("WINS scavenging: replica %s verify got different addresses from winsserver: %s: tombstoning record\n",
+			nbt_name_string(rec, rec->name), rec->wins_owner));
+
+		rec->state	= WREPL_STATE_TOMBSTONE;
+		rec->expire_time= time(NULL) + s->service->config.tombstone_timeout;
+		for (i=0; rec->addresses[i]; i++) {
+			rec->addresses[i]->expire_time = rec->expire_time;
+		}
+		modify_record	= true;
+		modify_flags	= WINSDB_FLAG_ALLOC_VERSION | WINSDB_FLAG_TAKE_OWNERSHIP;
+		new_state	= "tombstone";
+		new_owner	= "owned";
+	} else if (NT_STATUS_IS_OK(status)) {
+		/* if the addresses are the same, just update the timestamps */
+		rec->expire_time = time(NULL) + s->service->config.verify_interval;
+		for (i=0; rec->addresses[i]; i++) {
+			rec->addresses[i]->expire_time = rec->expire_time;
+		}
+		modify_record	= true;
+		modify_flags	= 0;
+		new_state	= "active";
+	}
+
+	if (modify_record) {
+		action = "modify";
+		ret = winsdb_modify(s->service->wins_db, rec, modify_flags);
+	} else if (delete_record) {
+		action = "delete";
+		ret = winsdb_delete(s->service->wins_db, rec);
+	} else {
+		action = "skip";
+		ret = NBT_RCODE_OK;
+	}
+
+	if (ret != NBT_RCODE_OK) {
+		DEBUG(2,("WINS scavenging: failed to %s name %s (replica:%s -> %s:%s): error:%u\n",
+			action, nbt_name_string(rec, rec->name), old_state, new_owner, new_state, ret));
+	} else {
+		DEBUG(4,("WINS scavenging: %s name: %s (replica:%s -> %s:%s): %s: %s\n",
+			action, nbt_name_string(rec, rec->name), old_state, new_owner, new_state,
+			rec->wins_owner, nt_errstr(status)));
+	}
+
+	talloc_free(s);
+}
+
+static NTSTATUS wreplsrv_scavenging_replica_active_records(struct wreplsrv_service *service, TALLOC_CTX *tmp_mem)
+{
+	NTSTATUS status;
+	struct winsdb_record *rec = NULL;
+	struct ldb_result *res = NULL;
+	const char *owner_filter;
+	const char *filter;
+	unsigned int i;
+	int ret;
+	time_t now = time(NULL);
+	const char *now_timestr;
+	struct tevent_req *subreq;
+	struct verify_state *s;
+	struct dcerpc_binding_handle *irpc_handle;
+
+	now_timestr = ldb_timestring(tmp_mem, now);
+	NT_STATUS_HAVE_NO_MEMORY(now_timestr);
+	owner_filter = wreplsrv_owner_filter(service, tmp_mem,
+					     service->wins_db->local_owner);
+	NT_STATUS_HAVE_NO_MEMORY(owner_filter);
+	filter = talloc_asprintf(tmp_mem,
+				 "(&(!%s)(objectClass=winsRecord)"
+				 "(recordState=%u)(expireTime<=%s))",
+				 owner_filter, WREPL_STATE_ACTIVE, now_timestr);
+	NT_STATUS_HAVE_NO_MEMORY(filter);
+	ret = ldb_search(service->wins_db->ldb, tmp_mem, &res, NULL, LDB_SCOPE_SUBTREE, NULL, "%s", filter);
+	if (ret != LDB_SUCCESS) return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	DEBUG(10,("WINS scavenging: filter '%s' count %d\n", filter, res->count));
+
+	for (i=0; i < res->count; i++) {
+		/*
+		 * we pass '0' as 'now' here,
+		 * because we want to get the raw timestamps which are in the DB
+		 */
+		status = winsdb_record(service->wins_db, res->msgs[i], tmp_mem, 0, &rec);
+		NT_STATUS_NOT_OK_RETURN(status);
+		talloc_free(res->msgs[i]);
+
+		if (rec->state != WREPL_STATE_ACTIVE) {
+			DEBUG(0,("%s: corrupted record: %s\n",
+				__location__, nbt_name_string(rec, rec->name)));
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+
+		/* 
+		 * ask the owning wins server if the record still exists,
+		 * if not delete the record
+		 *
+		 * TODO: NOTE: this is a simpliefied version, to verify that
+		 *             a record still exist, I assume that w2k3 uses
+		 *             DCERPC calls or some WINSREPL packets for this,
+		 *             but we use a wins name query
+		 */
+		DEBUG(2,("ask wins server '%s' if '%s' with version_id:%llu still exists\n",
+			 rec->wins_owner, nbt_name_string(rec, rec->name), 
+			 (unsigned long long)rec->version));
+
+		s = talloc_zero(tmp_mem, struct verify_state);
+		NT_STATUS_HAVE_NO_MEMORY(s);
+		s->msg_ctx	= service->task->msg_ctx;
+		s->service	= service;
+		s->rec		= talloc_steal(s, rec);
+
+		s->r.in.name		= *rec->name;
+		s->r.in.num_addrs	= 1;
+		s->r.in.addrs		= talloc_array(s, struct nbtd_proxy_wins_addr, s->r.in.num_addrs);
+		NT_STATUS_HAVE_NO_MEMORY(s->r.in.addrs);
+		/* TODO: fix pidl to handle inline ipv4address arrays */
+		s->r.in.addrs[0].addr	= rec->wins_owner;
+
+		irpc_handle = irpc_binding_handle_by_name(s,
+							  service->task->msg_ctx,
+							  "nbt_server",
+							  &ndr_table_irpc);
+		if (irpc_handle == NULL) {
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+
+		subreq = dcerpc_nbtd_proxy_wins_challenge_r_send(s,
+								 service->task->event_ctx,
+								 irpc_handle,
+								 &s->r);
+		NT_STATUS_HAVE_NO_MEMORY(subreq);
+
+		tevent_req_set_callback(subreq, verify_handler, s);
+
+		talloc_steal(service, s);
+	}
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS wreplsrv_scavenging_run(struct wreplsrv_service *service)
+{
+	NTSTATUS status;
+	TALLOC_CTX *tmp_mem;
+	bool skip_first_run = false;
+
+	if (!timeval_expired(&service->scavenging.next_run)) {
+		return NT_STATUS_OK;
+	}
+
+	if (timeval_is_zero(&service->scavenging.next_run)) {
+		skip_first_run = true;
+	}
+
+	service->scavenging.next_run = timeval_current_ofs(service->config.scavenging_interval, 0);
+	status = wreplsrv_periodic_schedule(service, service->config.scavenging_interval);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	/*
+	 * if it's the first time this functions is called (startup)
+	 * the next_run is zero, in this case we should not do scavenging
+	 */
+	if (skip_first_run) {
+		return NT_STATUS_OK;
+	}
+
+	if (service->scavenging.processing) {
+		return NT_STATUS_OK;
+	}
+
+	DEBUG(2,("wreplsrv_scavenging_run(): start\n"));
+
+	tmp_mem = talloc_new(service);
+	NT_STATUS_HAVE_NO_MEMORY(tmp_mem);
+	service->scavenging.processing = true;
+	status = wreplsrv_scavenging_owned_records(service,tmp_mem);
+	service->scavenging.processing = false;
+	talloc_free(tmp_mem);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	tmp_mem = talloc_new(service);	
+	NT_STATUS_HAVE_NO_MEMORY(tmp_mem);
+	service->scavenging.processing = true;
+	status = wreplsrv_scavenging_replica_non_active_records(service, tmp_mem);
+	service->scavenging.processing = false;
+	talloc_free(tmp_mem);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	tmp_mem = talloc_new(service);
+	NT_STATUS_HAVE_NO_MEMORY(tmp_mem);
+	service->scavenging.processing = true;
+	status = wreplsrv_scavenging_replica_active_records(service, tmp_mem);
+	service->scavenging.processing = false;
+	talloc_free(tmp_mem);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	DEBUG(2,("wreplsrv_scavenging_run(): end\n"));
+
+	return NT_STATUS_OK;
+}
diff --git a/source4/wrepl_server/wrepl_server.c b/source4/wrepl_server/wrepl_server.c
new file mode 100644
index 0000000..c97b816
--- /dev/null
+++ b/source4/wrepl_server/wrepl_server.c
@@ -0,0 +1,558 @@
+/* 
+   Unix SMB/CIFS implementation.
+   
+   WINS Replication server
+   
+   Copyright (C) Stefan Metzmacher	2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "../lib/util/dlinklist.h"
+#include "samba/service_task.h"
+#include "samba/service.h"
+#include "lib/messaging/irpc.h"
+#include "librpc/gen_ndr/winsrepl.h"
+#include "wrepl_server/wrepl_server.h"
+#include "nbt_server/wins/winsdb.h"
+#include <ldb.h>
+#include <ldb_errors.h>
+#include "auth/auth.h"
+#include "ldb_wrap.h"
+#include "param/param.h"
+#include "lib/socket/netif.h"
+
+static struct ldb_context *wins_config_db_connect(TALLOC_CTX *mem_ctx, 
+						  struct tevent_context *ev_ctx,
+						  struct loadparm_context *lp_ctx)
+{
+	return ldb_wrap_connect(mem_ctx, ev_ctx, lp_ctx, lpcfg_private_path(mem_ctx,
+			        lp_ctx, "wins_config.ldb"),
+				system_session(lp_ctx), NULL, 0);
+}
+
+static uint64_t wins_config_db_get_seqnumber(struct ldb_context *ldb)
+{
+	int ret;
+	struct ldb_dn *dn;
+	struct ldb_result *res = NULL;
+	TALLOC_CTX *tmp_ctx = talloc_new(ldb);
+	uint64_t seqnumber = 0;
+
+	dn = ldb_dn_new(tmp_ctx, ldb, "@BASEINFO");
+	if (!dn) goto failed;
+
+	/* find the record in the WINS database */
+	ret = ldb_search(ldb, tmp_ctx, &res, dn, LDB_SCOPE_BASE, NULL, NULL);
+	if (ret != LDB_SUCCESS) goto failed;
+	if (res->count > 1) goto failed;
+
+	if (res->count == 1) {
+		seqnumber = ldb_msg_find_attr_as_uint64(res->msgs[0], "sequenceNumber", 0);
+	}
+
+failed:
+	talloc_free(tmp_ctx);
+	return seqnumber;
+}
+
+/*
+  open winsdb
+*/
+static NTSTATUS wreplsrv_open_winsdb(struct wreplsrv_service *service, 
+				     struct loadparm_context *lp_ctx)
+{
+	const char *owner = lpcfg_parm_string(lp_ctx, NULL, "winsdb", "local_owner");
+
+	if (owner == NULL) {
+		struct interface *ifaces;
+		load_interface_list(service, lp_ctx, &ifaces);
+		owner = iface_list_first_v4(ifaces);
+	}
+
+	service->wins_db     = winsdb_connect(service, service->task->event_ctx, lp_ctx, owner, WINSDB_HANDLE_CALLER_WREPL);
+	if (!service->wins_db) {
+		return NT_STATUS_INTERNAL_DB_ERROR;
+	}
+
+	service->config.ldb = wins_config_db_connect(service, service->task->event_ctx, lp_ctx);
+	if (!service->config.ldb) {
+		return NT_STATUS_INTERNAL_DB_ERROR;
+	}
+
+	/* the default renew interval is 6 days */
+	service->config.renew_interval	  = lpcfg_parm_int(lp_ctx, NULL,"wreplsrv","renew_interval", 6*24*60*60);
+
+	/* the default tombstone (extinction) interval is 6 days */
+	service->config.tombstone_interval= lpcfg_parm_int(lp_ctx, NULL,"wreplsrv","tombstone_interval", 6*24*60*60);
+
+	/* the default tombstone (extinction) timeout is 1 day */
+	service->config.tombstone_timeout = lpcfg_parm_int(lp_ctx, NULL,"wreplsrv","tombstone_timeout", 1*24*60*60);
+
+	/* the default tombstone extra timeout is 3 days */
+	service->config.tombstone_extra_timeout = lpcfg_parm_int(lp_ctx, NULL,"wreplsrv","tombstone_extra_timeout", 3*24*60*60);
+
+	/* the default verify interval is 24 days */
+	service->config.verify_interval   = lpcfg_parm_int(lp_ctx, NULL,"wreplsrv","verify_interval", 24*24*60*60);
+
+	/* the default scavenging interval is 'renew_interval/2' */
+	service->config.scavenging_interval=lpcfg_parm_int(lp_ctx, NULL,"wreplsrv","scavenging_interval",
+							service->config.renew_interval/2);
+
+	/* the maximum interval to the next periodic processing event */
+	service->config.periodic_interval = lpcfg_parm_int(lp_ctx, NULL,"wreplsrv","periodic_interval", 15);
+
+	return NT_STATUS_OK;
+}
+
+struct wreplsrv_partner *wreplsrv_find_partner(struct wreplsrv_service *service, const char *peer_addr)
+{
+	struct wreplsrv_partner *cur;
+
+	for (cur = service->partners; cur; cur = cur->next) {
+		if (strcmp(cur->address, peer_addr) == 0) {
+			return cur;
+		}
+	}
+
+	return NULL;
+}
+
+static uint32_t wreplsrv_find_attr_as_uint32(const struct ldb_message *msg,
+					     const char *attr_name,
+					     uint32_t default_value)
+{
+	const struct ldb_val *v = ldb_msg_find_ldb_val(msg, attr_name);
+	char buf[sizeof("-2147483648")] = {};
+	char *end = NULL;
+	uint32_t ret;
+	int base = 10;
+
+	if (!v || !v->data) {
+		return default_value;
+	}
+
+	if (v->length >= sizeof(buf)) {
+		return default_value;
+	}
+
+	memcpy(buf, v->data, v->length);
+	if (buf[0] == '0' && (buf[1] == 'x' || buf[1] == 'X')) {
+		base = 16;
+	}
+
+	errno = 0;
+	ret = strtoll(buf, &end, base);
+	if (errno == ERANGE || errno == EINVAL) {
+		errno = 0;
+		ret = strtoull(buf, &end, base);
+		if (errno == ERANGE || errno == EINVAL) {
+			return default_value;
+		}
+	}
+	if (end && end[0] != '\0') {
+		return default_value;
+	}
+	return ret;
+}
+
+/*
+  load our replication partners
+*/
+NTSTATUS wreplsrv_load_partners(struct wreplsrv_service *service)
+{
+	struct wreplsrv_partner *partner;
+	struct ldb_result *res = NULL;
+	int ret;
+	TALLOC_CTX *tmp_ctx;
+	unsigned int i;
+	uint64_t new_seqnumber;
+
+	new_seqnumber = wins_config_db_get_seqnumber(service->config.ldb);
+
+	/* if it's not the first run and nothing changed we're done */
+	if (service->config.seqnumber != 0 && service->config.seqnumber == new_seqnumber) {
+		return NT_STATUS_OK;
+	}
+
+	tmp_ctx = talloc_new(service);
+	NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
+
+	service->config.seqnumber = new_seqnumber;
+
+	/* find the record in the WINS database */
+	ret = ldb_search(service->config.ldb, tmp_ctx, &res,
+			 ldb_dn_new(tmp_ctx, service->config.ldb, "CN=PARTNERS"),
+			 LDB_SCOPE_SUBTREE, NULL, "(objectClass=wreplPartner)");
+	if (ret != LDB_SUCCESS) goto failed;
+
+	/* first disable all existing partners */
+	for (partner=service->partners; partner; partner = partner->next) {
+		partner->type = WINSREPL_PARTNER_NONE;
+	}
+
+	for (i=0; i < res->count; i++) {
+		const char *address;
+
+		address	= ldb_msg_find_attr_as_string(res->msgs[i], "address", NULL);
+		if (!address) {
+			goto failed;
+		}
+
+		partner = wreplsrv_find_partner(service, address);
+		if (partner) {
+			if (partner->name != partner->address) {
+				talloc_free(discard_const(partner->name));
+			}
+			partner->name = NULL;
+			talloc_free(discard_const(partner->our_address));
+			partner->our_address = NULL;
+
+			/* force rescheduling of pulling */
+			partner->pull.next_run = timeval_zero();
+		} else {
+			partner = talloc_zero(service, struct wreplsrv_partner);
+			if (partner == NULL) goto failed;
+
+			partner->service = service;
+			partner->address = address;
+			talloc_steal(partner, partner->address);
+
+			DLIST_ADD_END(service->partners, partner);
+		}
+
+		partner->name			= ldb_msg_find_attr_as_string(res->msgs[i], "name", partner->address);
+		talloc_steal(partner, partner->name);
+		partner->our_address		= ldb_msg_find_attr_as_string(res->msgs[i], "ourAddress", NULL);
+		talloc_steal(partner, partner->our_address);
+
+		partner->type			= wreplsrv_find_attr_as_uint32(res->msgs[i], "type", WINSREPL_PARTNER_BOTH);
+		partner->pull.interval		= ldb_msg_find_attr_as_uint(res->msgs[i], "pullInterval",
+								    WINSREPL_DEFAULT_PULL_INTERVAL);
+		partner->pull.retry_interval	= ldb_msg_find_attr_as_uint(res->msgs[i], "pullRetryInterval",
+								    WINSREPL_DEFAULT_PULL_RETRY_INTERVAL);
+		partner->push.change_count	= ldb_msg_find_attr_as_uint(res->msgs[i], "pushChangeCount",
+								    WINSREPL_DEFAULT_PUSH_CHANGE_COUNT);
+		partner->push.use_inform	= ldb_msg_find_attr_as_uint(res->msgs[i], "pushUseInform", true);
+
+		DEBUG(3,("wreplsrv_load_partners: found partner: %s type: 0x%X\n",
+			partner->address, partner->type));
+	}
+
+	DEBUG(2,("wreplsrv_load_partners: %u partners found: wins_config_db seqnumber %llu\n",
+		res->count, (unsigned long long)service->config.seqnumber));
+
+	talloc_free(tmp_ctx);
+	return NT_STATUS_OK;
+failed:
+	talloc_free(tmp_ctx);
+	return NT_STATUS_FOOBAR;
+}
+
+NTSTATUS wreplsrv_fill_wrepl_table(struct wreplsrv_service *service,
+				   TALLOC_CTX *mem_ctx,
+				   struct wrepl_table *table_out,
+				   const char *initiator,
+				   bool full_table)
+{
+	struct wreplsrv_owner *cur;
+	uint32_t i = 0;
+
+	table_out->partner_count	= 0;
+	table_out->partners		= NULL;
+	table_out->initiator		= initiator;
+
+	for (cur = service->table; cur; cur = cur->next) {
+		if (full_table) {
+			table_out->partner_count++;
+			continue;
+		}
+
+		if (strcmp(initiator, cur->owner.address) != 0) continue;
+
+		table_out->partner_count++;
+		break;
+	}
+
+	table_out->partners = talloc_array(mem_ctx, struct wrepl_wins_owner, table_out->partner_count);
+	NT_STATUS_HAVE_NO_MEMORY(table_out->partners);
+
+	for (cur = service->table; cur && i < table_out->partner_count; cur = cur->next) {
+		/*
+		 * if it's our local entry
+		 * update the max version
+		 */
+		if (cur == service->owner) {
+			cur->owner.max_version = winsdb_get_maxVersion(service->wins_db);
+		}
+
+		if (full_table) {
+			table_out->partners[i] = cur->owner;
+			i++;
+			continue;
+		}
+
+		if (strcmp(initiator, cur->owner.address) != 0) continue;
+
+		table_out->partners[i] = cur->owner;
+		i++;
+		break;
+	}
+
+	return NT_STATUS_OK;
+}
+
+struct wreplsrv_owner *wreplsrv_find_owner(struct wreplsrv_service *service,
+					   struct wreplsrv_owner *table,
+					   const char *wins_owner)
+{
+	struct wreplsrv_owner *cur;
+
+	for (cur = table; cur; cur = cur->next) {
+		if (strcmp(cur->owner.address, wins_owner) == 0) {
+			/*
+			 * if it's our local entry
+			 * update the max version
+			 */
+			if (cur == service->owner) {
+				cur->owner.max_version = winsdb_get_maxVersion(service->wins_db);
+			}
+			return cur;
+		}
+	}
+
+	return NULL;
+}
+
+/*
+ update the wins_owner_table max_version, if the given version is the highest version
+ if no entry for the wins_owner exists yet, create one
+*/
+NTSTATUS wreplsrv_add_table(struct wreplsrv_service *service,
+			    TALLOC_CTX *mem_ctx, struct wreplsrv_owner **_table,
+			    const char *wins_owner, uint64_t version)
+{
+	struct wreplsrv_owner *table = *_table;
+	struct wreplsrv_owner *cur;
+
+	if (!wins_owner || strcmp(wins_owner, "0.0.0.0") == 0) {
+		wins_owner = service->wins_db->local_owner;
+	}
+
+	cur = wreplsrv_find_owner(service, table, wins_owner);
+
+	/* if it doesn't exists yet, create one */
+	if (!cur) {
+		cur = talloc_zero(mem_ctx, struct wreplsrv_owner);
+		NT_STATUS_HAVE_NO_MEMORY(cur);
+
+		cur->owner.address	= talloc_strdup(cur, wins_owner);
+		NT_STATUS_HAVE_NO_MEMORY(cur->owner.address);
+		cur->owner.min_version	= 0;
+		cur->owner.max_version	= 0;
+		cur->owner.type		= 1; /* don't know why this is always 1 */
+
+		cur->partner		= wreplsrv_find_partner(service, wins_owner);
+
+		DLIST_ADD_END(table, cur);
+		*_table = table;
+	}
+
+	/* the min_version is always 0 here, and won't be updated */
+
+	/* if the given version is higher than the current max_version, update */
+	if (cur->owner.max_version < version) {
+		cur->owner.max_version = version;
+		/* if it's for our local db, we need to update the wins.ldb too */
+		if (cur == service->owner) {
+			uint64_t ret;
+			ret = winsdb_set_maxVersion(service->wins_db, cur->owner.max_version);
+			if (ret != cur->owner.max_version) {
+				DEBUG(0,("winsdb_set_maxVersion(%llu) failed: %llu\n",
+					 (unsigned long long)cur->owner.max_version, 
+					 (unsigned long long)ret));
+				return NT_STATUS_INTERNAL_DB_CORRUPTION;
+			}
+		}
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  load the partner table
+*/
+static NTSTATUS wreplsrv_load_table(struct wreplsrv_service *service)
+{
+	struct ldb_result *res = NULL;
+	int ret;
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(service);
+	struct ldb_context *ldb = service->wins_db->ldb;
+	unsigned int i;
+	struct wreplsrv_owner *local_owner;
+	const char *wins_owner;
+	uint64_t version;
+	const char * const attrs[] = {
+		"winsOwner",
+		"versionID",
+		NULL
+	};
+
+	/*
+	 * make sure we have our local entry in the list,
+	 * but we set service->owner when we're done
+	 * to avoid to many calls to wreplsrv_local_max_version()
+	 */
+	status = wreplsrv_add_table(service,
+				    service, &service->table,
+				    service->wins_db->local_owner, 0);
+	if (!NT_STATUS_IS_OK(status)) goto failed;
+	local_owner = wreplsrv_find_owner(service, service->table, service->wins_db->local_owner);
+	if (!local_owner) {
+		status = NT_STATUS_INTERNAL_ERROR;
+		goto failed;
+	}
+
+	/* find the record in the WINS database */
+	ret = ldb_search(ldb, tmp_ctx, &res, NULL, LDB_SCOPE_SUBTREE,
+			 attrs, "(objectClass=winsRecord)");
+	status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+	if (ret != LDB_SUCCESS) goto failed;
+
+	for (i=0; i < res->count; i++) {
+		wins_owner     = ldb_msg_find_attr_as_string(res->msgs[i], "winsOwner", NULL);
+		version        = ldb_msg_find_attr_as_uint64(res->msgs[i], "versionID", 0);
+
+		status = wreplsrv_add_table(service,
+					    service, &service->table,
+					    wins_owner, version);
+		if (!NT_STATUS_IS_OK(status)) goto failed;
+		talloc_free(res->msgs[i]);
+	}
+
+	/*
+	 * this makes sure we call wreplsrv_local_max_version() before returning in
+	 * wreplsrv_find_owner()
+	 */
+	service->owner = local_owner;
+
+	/*
+	 * this makes sure the maxVersion in the database is updated,
+	 * with the highest version we found, if this is higher than the current stored one
+	 */
+	status = wreplsrv_add_table(service,
+				    service, &service->table,
+				    service->wins_db->local_owner, local_owner->owner.max_version);
+	if (!NT_STATUS_IS_OK(status)) goto failed;
+
+	talloc_free(tmp_ctx);
+	return NT_STATUS_OK;
+failed:
+	talloc_free(tmp_ctx);
+	return status;
+}
+
+/*
+  setup our replication partners
+*/
+static NTSTATUS wreplsrv_setup_partners(struct wreplsrv_service *service)
+{
+	NTSTATUS status;
+
+	status = wreplsrv_load_partners(service);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	status = wreplsrv_load_table(service);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	return NT_STATUS_OK;
+}
+
+/*
+  startup the wrepl task
+*/
+static NTSTATUS wreplsrv_task_init(struct task_server *task)
+{
+	NTSTATUS status;
+	struct wreplsrv_service *service;
+
+	if (!lpcfg_we_are_a_wins_server(task->lp_ctx)) {
+		return NT_STATUS_INVALID_DOMAIN_ROLE;
+	}
+
+	task_server_set_title(task, "task[wreplsrv]");
+
+	service = talloc_zero(task, struct wreplsrv_service);
+	if (!service) {
+		task_server_terminate(task, "wreplsrv_task_init: out of memory", true);
+		return NT_STATUS_NO_MEMORY;
+	}
+	service->task		= task;
+	service->startup_time	= timeval_current();
+	task->private_data	= service;
+
+	/*
+	 * setup up all partners, and open the winsdb
+	 */
+	status = wreplsrv_open_winsdb(service, task->lp_ctx);
+	if (!NT_STATUS_IS_OK(status)) {
+		task_server_terminate(task, "wreplsrv_task_init: wreplsrv_open_winsdb() failed", true);
+		return status;
+	}
+
+	/*
+	 * setup timed events for each partner we want to pull from
+	 */
+	status = wreplsrv_setup_partners(service);
+	if (!NT_STATUS_IS_OK(status)) {
+		task_server_terminate(task, "wreplsrv_task_init: wreplsrv_setup_partners() failed", true);
+		return status;
+	}
+
+	/* 
+	 * setup listen sockets, so we can answer requests from our partners,
+	 * which pull from us
+	 */
+	status = wreplsrv_setup_sockets(service, task->lp_ctx);
+	if (!NT_STATUS_IS_OK(status)) {
+		task_server_terminate(task, "wreplsrv_task_init: wreplsrv_setup_sockets() failed", true);
+		return status;
+	}
+
+	status = wreplsrv_setup_periodic(service);
+	if (!NT_STATUS_IS_OK(status)) {
+		task_server_terminate(task, "wreplsrv_task_init: wreplsrv_setup_periodic() failed", true);
+		return status;
+	}
+
+	irpc_add_name(task->msg_ctx, "wrepl_server");
+
+	return NT_STATUS_OK;
+}
+
+/*
+  register ourselves as a available server
+*/
+NTSTATUS server_service_wrepl_init(TALLOC_CTX *ctx)
+{
+	static const struct service_details details = {
+		.inhibit_fork_on_accept = true,
+		.inhibit_pre_fork = true,
+		.task_init = wreplsrv_task_init,
+		.post_fork = NULL
+	};
+	return register_server_service(ctx, "wrepl", &details);
+}
diff --git a/source4/wrepl_server/wrepl_server.h b/source4/wrepl_server/wrepl_server.h
new file mode 100644
index 0000000..b3a7498
--- /dev/null
+++ b/source4/wrepl_server/wrepl_server.h
@@ -0,0 +1,321 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   WINS Replication server
+
+   Copyright (C) Stefan Metzmacher	2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "system/network.h"
+
+struct wreplsrv_service;
+struct wreplsrv_in_connection;
+struct wreplsrv_out_connection;
+struct wreplsrv_partner;
+
+#define WREPLSRV_VALID_ASSOC_CTX	0x12345678
+#define WREPLSRV_INVALID_ASSOC_CTX	0x0000000a
+
+/*
+  state of an incoming wrepl call
+*/
+struct wreplsrv_in_call {
+	struct wreplsrv_in_connection *wreplconn;
+	struct wrepl_packet req_packet;
+	struct wrepl_packet rep_packet;
+	bool terminate_after_send;
+
+	DATA_BLOB in;
+	DATA_BLOB out;
+	struct iovec out_iov[1];
+};
+
+/*
+  state of an incoming wrepl connection
+*/
+struct wreplsrv_in_connection {
+	struct wreplsrv_in_connection *prev,*next;
+	struct stream_connection *conn;
+	struct tstream_context *tstream;
+	struct tevent_queue *send_queue;
+
+	/* our global service context */
+	struct wreplsrv_service *service;
+
+	/*
+	 * the partner that connects us,
+	 * can be NULL, when we got a connection
+	 * from an unknown address
+	 */
+	struct wreplsrv_partner *partner;
+
+	/* keep track of the assoc_ctx's */
+	struct {
+		bool stopped;
+		uint32_t our_ctx;
+		uint32_t peer_ctx;
+	} assoc_ctx;
+};
+
+/*
+  state of an outgoing wrepl connection
+*/
+struct wreplsrv_out_connection {
+	/* our global service context */
+	struct wreplsrv_service *service;
+
+	/*
+	 * the partner we connect
+	 */
+	struct wreplsrv_partner *partner;
+
+	/* keep track of the assoc_ctx's */
+	struct {
+		uint32_t our_ctx;
+		uint32_t peer_ctx;
+		uint16_t peer_major;
+	} assoc_ctx;
+
+	/*
+	 * the client socket to the partner,
+	 * NULL if not yet connected
+	 */
+	struct wrepl_socket *sock;
+};
+
+enum winsrepl_partner_type {
+	WINSREPL_PARTNER_NONE = 0x0,
+	WINSREPL_PARTNER_PULL = 0x1,
+	WINSREPL_PARTNER_PUSH = 0x2,
+	WINSREPL_PARTNER_BOTH = (WINSREPL_PARTNER_PULL | WINSREPL_PARTNER_PUSH)
+};
+
+#define WINSREPL_DEFAULT_PULL_INTERVAL (30*60)
+#define WINSREPL_DEFAULT_PULL_RETRY_INTERVAL (30)
+
+#define WINSREPL_DEFAULT_PUSH_CHANGE_COUNT (0)
+
+/*
+ this represents one of our configured partners
+*/
+struct wreplsrv_partner {
+	struct wreplsrv_partner *prev,*next;
+
+	/* our global service context */
+	struct wreplsrv_service *service;
+
+	/* the netbios name of the partner, mostly just for debugging */
+	const char *name;
+
+	/* the ip-address of the partner */
+	const char *address;
+
+	/*
+	 * as wins partners identified by ip-address, we need to use a specific source-ip
+	 *  when we want to connect to the partner
+	 */
+	const char *our_address;
+
+	/* the type of the partner, pull, push or both */
+	enum winsrepl_partner_type type;
+
+	/* pull specific options */
+	struct {
+		/* the interval between 2 pull replications to the partner */
+		uint32_t interval;
+
+		/* the retry_interval if a pull cycle failed to the partner */
+		uint32_t retry_interval;
+
+		/* the error count till the last success */
+		uint32_t error_count;
+
+		/* the status of the last pull cycle */
+		NTSTATUS last_status;
+
+		/* the timestamp of the next pull try */
+		struct timeval next_run;
+
+		/* this is a list of each wins_owner the partner knows about */
+		struct wreplsrv_owner *table;
+
+		/* the outgoing connection to the partner */
+		struct wreplsrv_out_connection *wreplconn;
+
+		/* the current pending pull cycle request */
+		struct composite_context *creq;
+
+		/* the pull cycle io params */
+		struct wreplsrv_pull_cycle_io *cycle_io;
+
+		/* the current timed_event to the next pull cycle */
+		struct tevent_timer *te;
+	} pull;
+
+	/* push specific options */
+	struct {
+		/* change count till push notification */
+		uint32_t change_count;
+
+		/* the last wins db maxVersion have reported to the partner */
+		uint64_t maxVersionID;
+
+		/* we should use WREPL_REPL_INFORM* messages to this partner */
+		bool use_inform;
+
+		/* the error count till the last success */
+		uint32_t error_count;
+
+		/* the status of the last push cycle */
+		NTSTATUS last_status;
+
+		/* the outgoing connection to the partner */
+		struct wreplsrv_out_connection *wreplconn;
+
+		/* the current push notification */
+		struct composite_context *creq;
+
+		/* the pull cycle io params */
+		struct wreplsrv_push_notify_io *notify_io;
+	} push;
+};
+
+struct wreplsrv_owner {
+	struct wreplsrv_owner *prev,*next;
+
+	/* this hold the owner_id (address), min_version, max_version and partner_type */
+	struct wrepl_wins_owner owner;
+
+	/* can be NULL if this owner isn't a configure partner */
+	struct wreplsrv_partner *partner;
+};
+
+/*
+  state of the whole wrepl service
+*/
+struct wreplsrv_service {
+	/* the whole wrepl service is in one task */
+	struct task_server *task;
+
+	/* the time the service was started */
+	struct timeval startup_time;
+
+	/* the winsdb handle */
+	struct winsdb_handle *wins_db;
+
+	/* some configuration */
+	struct {
+		/* the wins config db handle */
+		struct ldb_context *ldb;
+
+		/* the last wins config db seqnumber we know about */
+		uint64_t seqnumber;
+
+		/*
+		 * the interval (in secs) till an active record will be marked as RELEASED
+		 */
+		uint32_t renew_interval;
+
+		/*
+		 * the interval (in secs) a record remains in RELEASED state,
+		 * before it will be marked as TOMBSTONE
+		 * (also known as extinction interval)
+		 */
+		uint32_t tombstone_interval;
+
+		/*
+		 * the interval (in secs) a record remains in TOMBSTONE state,
+		 * before it will be removed from the database.
+		 * See also 'tombstone_extra_timeout'.
+		 * (also known as extinction timeout)
+		 */
+		uint32_t tombstone_timeout;
+
+		/*
+		 * the interval (in secs) a record remains in TOMBSTONE state,
+		 * even after 'tombstone_timeout' passes the current timestamp.
+		 * this is the minimum uptime of the wrepl service, before
+		 * we start delete tombstones. This is to prevent deletion of
+		 * tombstones, without replicating them.
+		 */
+		uint32_t tombstone_extra_timeout;
+
+		/*
+		 * the interval (in secs) till a replica record will be verified
+		 * with the owning wins server
+		 */
+		uint32_t verify_interval;
+
+		/*
+		 * the interval (in secs) till a do a database cleanup
+		 */
+		uint32_t scavenging_interval;
+
+		/*
+		 * the interval (in secs) to the next periodic processing
+		 * (this is the maximum interval)
+		 */
+		uint32_t periodic_interval;
+	} config;
+
+	/* all incoming connections */
+	struct wreplsrv_in_connection *in_connections;
+
+	/* all partners (pull and push) */
+	struct wreplsrv_partner *partners;
+
+	/*
+	 * this is our local wins_owner entry, this is also in the table list
+	 * but we need a pointer to it, because we need to update it on each
+	 * query to wreplsrv_find_owner(), as the local records can be added
+	 * to the wins.ldb from external tools and the winsserver
+	 */
+	struct wreplsrv_owner *owner;
+
+	/* this is a list of each wins_owner we know about in our database */
+	struct wreplsrv_owner *table;
+
+	/* some stuff for periodic processing */
+	struct {
+		/*
+		 * the timestamp for the next event,
+		 * this is the timestamp passed to event_add_timed()
+		 */
+		struct timeval next_event;
+
+		/* here we have a reference to the timed event the schedules the periodic stuff */
+		struct tevent_timer *te;
+	} periodic;
+
+	/* some stuff for scavenging processing */
+	struct {
+		/*
+		 * the timestamp for the next scavenging run,
+		 * this is the timestamp passed to event_add_timed()
+		 */
+		struct timeval next_run;
+
+		/*
+		 * are we currently inside a scavenging run
+		 */
+		bool processing;
+	} scavenging;
+};
+
+struct socket_context;
+struct wrepl_name;
+#include "wrepl_server/wrepl_out_helpers.h"
+#include "wrepl_server/wrepl_server_proto.h"
diff --git a/source4/wrepl_server/wscript_build b/source4/wrepl_server/wscript_build
new file mode 100644
index 0000000..79b1a8c
--- /dev/null
+++ b/source4/wrepl_server/wscript_build
@@ -0,0 +1,11 @@
+#!/usr/bin/env python
+
+bld.SAMBA_MODULE('service_wrepl',
+	source='wrepl_server.c wrepl_in_connection.c wrepl_in_call.c wrepl_apply_records.c wrepl_periodic.c wrepl_scavenging.c wrepl_out_pull.c wrepl_out_push.c wrepl_out_helpers.c',
+	autoproto='wrepl_server_proto.h',
+	subsystem='service',
+	init_function='server_service_wrepl_init',
+	internal_module=False,
+	deps='LIBCLI_WREPL WINSDB process_model RPC_NDR_IRPC'
+	)
+
diff --git a/source4/wscript_build b/source4/wscript_build
new file mode 100644
index 0000000..d204441
--- /dev/null
+++ b/source4/wscript_build
@@ -0,0 +1,13 @@
+#!/usr/bin/env python
+
+bld.SAMBA_BINARY('client/smbclient'  + bld.env.suffix4,
+	source='client/client.c',
+	deps='samba-hostconfig SMBREADLINE samba-util LIBCLI_SMB RPC_NDR_SRVSVC LIBCLI_LSA CMDLINE_S4 smbclient-raw dcerpc',
+	install=False
+	)
+
+
+bld.SAMBA_BINARY('client/cifsdd',
+	source='client/cifsdd.c client/cifsddio.c',
+	deps='samba-hostconfig LIBCLI_SMB popt CMDLINE_S4 param_options'
+	)
-- 
cgit v1.2.3